http://www.t0010.com

   

!"   

Binary Tree
# $% %
http://www.devhall.com

&&&&&&&&&&&&&&&&&&&&&&
JK :L  MN

  

T0010.COM
## "#$% *)( ' +,-  . ##
<
 ?
= :; 7  8#9 6
:  D"@ $   % @ 7
http://www.t0010.com
G=
--------------------------------------------------------------

aLTar3q
---------------------------------------------------------------

: %' 234
FH %H I J 9DE Adobe Reader 6 7 9:; < #* =>9D LU . %,  .L97 FOF% P7< Q .%QR S
: S  P7 X#* Z\[ F X = 6  V I
http://www.adobe.com/uk/products/acrobat/readstep2.html

 


http://www.t0010.com

 $ <U " : : K #X .. L

< 8G N    =_ ]  =[  %  =[ K a  

= 8# @"$ :  :  8#  acL   # [ #ig h ef
 6 7 Lg g  K8[# : K ;.K="$ :
$ ] 9#9$  = :Nc f 6% kJ   =  g kJ   ;in
L nL nL #8  8  p  [ :8 L$ 7 ;i# :
= ? [ r  K q%8 ih# ; K :L  6 :; qJ     6
8X K8[# 8% 7 L 8 K =?. K
nL :  ]"#  8 h# quL # qfX ti @"$ q 8#  D; 8## 7 Lg 6
 8%"$ q8% qia@ #; w? : ="i  XU .J Lc] #9$9
 8i [ ; ti : c; 6x_ :  tig M 6x# a "i
_ 6 6  8%   # 8 M[|  kJ "iLU q[8 K{
) quL "$ ] L 7ix cL :N ):
Ji"; : ~n :   # < N "G $ { K; q 8L[<8
"G  7#i i :; L t kJ    X a #ii 7t
"G 8i :N JK :L% 7#i :;i !"G

 


http://www.t0010.com

 I F' 
=i N @"$nr  "G @"$ _[| J # X 
9Kg _ #  #" 6G "$@ "i f ) L6
 ]% ] U "i :N  %  ... c ( .
; : kJ   8[NL J  @"$ 
8" "GJ K  :
 hg ; KG : a J JK "G K i rX 
"G ] J w"#"$ LL@ _[| J "#] %8 X% ;:
? ?  # #8 q  $ ; :  N : a# :
6 # _" ?  K< 8i  ; $   #. 6fg
J "$@ L 6 f   6 !L M #L;< 
 NG# K; L8NKJ "$ 6 a ;u K ; : K G
"" .
 ]"#J 8% 6 ? J" J   6L @"$ KN f ?q
" 8 :; BASIC e "$ ! D; L% q  # kJ "e K G #88
 ]"#  6 #  ATARI q"$ w"# KNJ ?K .
@"$ e" q? :; D; 8$ 6 8 i :%# ?K J 6q
% i " @"$ e 8 _ % _  p 6e "( Interpreter e
)g  8 "# #  qg ) L ?= "$] ?K J x N
" q kJ " ( e < 8 JN# p ?N K ! cX
J  $ :; i# ?  X;g :  K p x
e 8
=~ {) q; K )X f %< ? i 8 ] ;   ] N #
 p  "8#8 ? e !
 =i ?   Compilers or Interpreter "$@ $ 8=7
? .J f @ q"$ w"# |[M @"$  K @Ni :LLg
" 8[NL $. "  ; : kJ   "
8 "$@ Ni@ 8
 _N _[| J 8[# 8%= q {g N qfX { .$M

 


http://www.t0010.com

'  'O S_:Z

$ = @ X K 8  :  X Kg9 _[ G
"$X 9Kg _[J  "KL "$ G = : [ g @
; :" ] K ) q= x( .
"$@ {  _  p # ; :  Xg #  :$8
[ :8 <U @   q N  =i 6 q"$ :"N t!
K
N   K @"$. k
_$ 6  #   X K
 ?K G p
 # 6K# Backdoor :"XX K @ ?K kJ  p = :
 K :; "X =@ r NG Trojan Horses k K  #88
; K :; Port JN q8[# K $ #r w pX  9 i8
 # @"$; [ |G [8 8[= : { K =q"$ 6K
. qK
6L @"$ f L K  %  6 ="$ q@  =
N = <U ] GL h# LL qi 7; "  [9; q:
J L % ]=" ; h# ]"L _ $ ]=8   6
L _] ; : % = : KG  K#?= :!

x  L 7L p _? :; K X 9Kg _[G

 


http://www.t0010.com

=M w"N _" = 8N$  = w "

=i 8GL k  J
"  6L ] w#r $  8# U : "$ q" ]N <%@ K
  8  %  8%g . K"$ <"G :
" ti ? )r NG( = "X a qNh MM " q
ex i K_ X := p ! JK ]"e_= 8N$ = w r
;<  K" Backdoor "X L 8 kX K i ; q
;i qL  6% g  : [ ] %< = ] G kJ "i 
8 6K G 6 K"$  7 L :; 7KL  ;X =6e
!L
neL
)_ =
: , " $ ]"G# p # 8 U : M[| {
i =?K_ { % :; k8 =c 8  = #8h #L
" ? ;K : _ 6 ) 6L @"$g. ( f
 =c=  8 78 #  Firewallf 8 6 p
Zone Alarm
# ;N J ?K {n ;N J _K = :[i K8= t
XU _N  8#   8 K!

'  F\[ =-F

J  # 8% _8 7i #i; 7iGe= n; q  : @ $_

g N  8#8i 
Lg  7 # : = KNG< @
X  ; %   _%NJ a   K  % 
 Kx n  % ~ g %c; N a  #J
? _ G[ 6 { [ 6 .

,D F%\[ .. LE
< ="] i% =]  #n _ # $ K"G; KN D 
 )8[ L "  ( G "$@  J  K
] K  # { ;i h kJ   # r "K
neL e 8 ~ _; 6eL :; _ i% h]
neL e  e  = : K ;i% :] f 6 N#8
?n  U == w . q
;i kJ ef   g # 7iG : #  8 K MU
  6LXU # M  :=c= : VB  p q?N #8N _ K :
=" $ e =_ ; : ~N J 7 ] K N $ # $8 
8i %  # ]"= 6e# ef ;!q
6

 


http://www.t0010.com

_ bc)  ,Da F%\[

=cM  8 ;hLU   Ki 6i= :x8 ~ _ 6e   K#8 $   % kJxU8 =c 8 < = "$@
e X
.
8[L ; D; ]i% : ? = : ; K % ; D N< <   L @ 6?L = n; qih  =  q 
.h= n; :"X
7 8 N  ? = :[; K8 : % L  #8N ?n  U.

= = :;  7;aU e @"$ LL  kJaU; ( =iK  h#( = f ;; : e ;i% :] ] Kg x<
?<  6%  = 6%  p _ ?N q N "$ ) p@
6L f K [; 8 : p N#8 ; : : eL 77
X  ~i #8N 7?i N  tix #8N X# i8
K  K8[# :  : :; :   "X  XU
!! ): Ki%
  = @"$X ?  ]i% :; K8[= : =c  8]=     :; % e X  ;; D  :  9 #88
; :  pf %  ] 7= 8% K; _ 6.h#

= :; wf :i=
8 i%] g K { L % = 8 @= p 7 =c= ]i% :; "_ "G  8] =  6i % K
@"$   $  %    ti K ; : #8N.
n?L 7% X8  @ ]i% :; Logs< N  ?# 7#n?L X8  9N "i 8?# ] { q neL Ng GU
8 nx _ ; ]i% : 8N ]"= <N ;= n $h ;aL HTML ; <#L8 # 8% "  9 [] x
 kJK !!#
 = % JN= : = @"$ kJ GN ]N; ]N Ng?uL K
X   ]N$ ] J 8; 6h % i ; :J ?  %
" Ng [ #8 |G [8 xg Ng . %

 


http://www.t0010.com

'  F
 - e 
R !=-F
XSS $ <iL 6
i= 6  e  :niLU SQL Injection
% 6 $% ?" Session Hijacking
 N% 6 $ CRLF Injection
 $ Directory Traversal
 $ e  7$n? Parameters Manipulation
 ... N kJ :iL "uLg $ a _8 7i   N

 KM _ 6 ef  K"e# : K  8  :

=? K  =  <N 8  f kJ "G !X :; <c;

 J ?9     K#  %{  f "; L 7Kf

_ kJ "G K"$ #r= %]  % "$@  N]
6x= $ kJ "G   ;i  :Ni ?K :  $ Dh
cL n% $ kJ "G " K; N K@M :; Ng
?
.

 Cross Site Scripting

"#K"$ w XG xss  = CSS9 K $ x g i8
GX Cascading Style Sheet  :  ?K [8# ]= @"$ #
# 8N$8  X  ["  i tg ; : x
 $ pN# ]i% ] =_i% x 6M q#] K LX 6 c N$8
# G  K#[= = : ti %L   L 9 x7
! q %
= pN kJ _" ?8$ q ;nX8 ]G 9 ; : N L] K
X L HTML  :; Java Script % K"i?#  %#"= @"$ #
x _ ]i% < 9  M =] J # ! q "K
h# :; i e # : =] N$ w#r $ URL # a; 9
% q"i?= K @"$  9 " "$@ =] "$@ %g= 6_q#
6M J= ]"i w 9#9$  ef  : G K ~ # 8
#= NL 6%Hotmail  :< = "K  x8N # 8 
" ]"= h ef < = <= NG ! XSS

 


http://www.t0010.com

 SQL Injection
=< kJ 9#9$ ]"cL N  @    $ L KJ a
  8#8   :: nL SQL Injection 8 _= 8a 6  7#
= @N =  ="]   a X N   w#.

\ , > $#Session Hijacking

% ?" "$ :  " @"$ [8 Session J #
8[L ~N "$ % ?"9"= q # K   % ?"
Session ID =  8 K Brute Force $ = " 8Reverse %
8# 8% Engineering K J   7ix q_ 6LLcL.f
 i N   $ ?" ?" 8 Persistent : :
 #"" #i= K U= )  (9 ~K ;K : [8 :
i# q"$ ~N $ 8N$= :; q  <% X ! .
N :f : ?" e  non-Persistent : KN= :? :
{n [8 " :; G n N# $ =#i % " Session ID
"[8 % ?" qJ 8[# e ;i [8 J L#" K
nX K"# " @"$ q ~N J $ _N# % _ 6;e  :a
? nX  K8[= : %  : [8 <% ?"# qKi p8
 ti e Xg .
 ti ? 8  :#J  6_ %; :a  @i#_ k
;a   8#9 i "$ 6i? q"$ 6   8U $   ix q 8
= N _"  # K   =  8% ?";i q it
i "~ $ K"L# #r HTTP Request w @ ~N J # %
?" q # % q ?" q  :; q#8 J ; =JK; w  :Ni#
 ~ K ~N K  [8 . :
w ] J qN# x  N [8 [ q ) x L @"$ :N6
f ) !! ?  #8J ? # xss =[8 Ln "$@
?" ] #= w#r $ ; L< "~N #  % "
[8 L J K" %!

 


http://www.t0010.com

_ =)> bcV )F  I Z%.

 =_ % ?" q =8i 8%  8[L _ SSL;   L  "L "  @~]
? K % " K"$ :h# q <%;8= : c [8 K nX 8% K nX q"$  ni; @K = 8% q MM ~N   i#8
K8[#
8a ]~ G -? XSS

 CRLF Injection
 CRLF "G GX Carriage Return , Line Feed CR  9Lg:
13 LF  9 10 :LgJ 9 K8[# 8N# 8N$ @"$ Deh
Enter "9N @ . 8#8 L
~ 8[# N ; D GX LF 9 J N  ?K  X
" #eK" #  @G% ;X  q"in kJ $N  ef  =_q#
6M c  G 8 kJ _" = 8%  $ 7 qL  w J
= ?.q
J N  ?K # 8$ 7 h# ;| nX8 [8 ) = 
SQL Injection ) c= xss 8 [8
#n$ 6X8 ; \n\r:
nX8 )
; :g 8[" K # : 8[L kJ  "N9
@ ( 8#8 L
 | :; nf a J q# :; hi 8N 7?# = 8[L q
Enter J # 8N$ q"$ Deh @ \n\r  {  !  ;N$ :
a L  "[8 X  "_ CRLF 9!!

10

 


http://www.t0010.com

>F SH9#>%Directory Traversal

J N  ?K  ni; X "%<  qX  ?K "$@
rUn   [#  ur q x q 7i g w  # :
neL J N  ef ;8 K 8  J
N#  X q
8 X !
; J N  ?K  r # K  [  $ ?"8
?J " Root directory % @ ?"8 X = "i ?" 8 ?J ; : 
:N$a f  a G L :; ; N#8 i= :  6 # IIS
?" 8 ?J "$ % :
C:\Inetpub\wwwroot
J ?" 8 J =" q; 8  ]i%   ; : 9 NL ;D
 = G "  ; :J ?" 8 ?"8 $  8"X q
KN "$@ L 6 f ?" news 8 G ; :Lgi= 6]  $
" 6 _? "?"8 acL : f .K"$

g =[  6 N$ ]#8 ; ]= : J ?JK q _6

http://www.yoursite.com/news/show.aspx?view=file.html

11

 


http://www.t0010.com

Ni # $8L " file.html 8[" qa$ " # file.html
#  ;"?  : news 8; g  K %  $n; 7:
Ni JK q _:6
http://www.yoursite.com/news/show.aspx?view=../../../../../Windows/system.ini

  = 8 ... G_8 " !!  System.ini   w J

? @"$ 6#8i  # q " L K   KN @"$ 6#8i
" > System.ini
 = :Ni#~  ]i% :; 6 _ :; D;  6e  6 % ;:
 6 ; i% h] ! Lg  ] =[ 6 ~] #
_ ti 6e  @"$  w#r $ % _# ) 6
= pJ
N   ! ( =  K  [  ?" 8 ?J  ; : f
# 8% w  x @ L g  : =N J Format
"; c"!!q
J N  ?K # # 6#  7?# :# =[8 #
 6 _":
nX  - 1 _ c= K= : 8 ;; ]G nX8 e
 @ ~N c=  8 a = K N  q
nX  - 2 8$ ; J =" ) q =" q _ ]i% qh
) Da # kJ8$U  N # x" 7"r @ " X
?" 8 ?J "% q % | ; N] $ 8 #rw
  nX _ c = " X # ?" 8 ?J i%]
<iL ] ;JK :Ni# $8 ; i% h] { N
7?# =i8  N# ; "r q 7 " X  ?"8
 :  7"r _ i% h] =i 6#8 ] 8 $8
_   ; : N  8#9 1 % .#

12

 


http://www.t0010.com

 y% 7 =*4 Parameters Manipulation

 8 6 KM K "x @ ; K  ]"i= #r $ 6 e k
@ ~N J # q? <% ] w#r $ e  7$n  k @
Ni URL =e K% L % [  $N e  q
# K ;i L 6 [ c = :8G  ~N KN kJ L6
8$L K K; @"$  7 ~N . ]#8
8[# 8% h# K #r  7$n e # e "Session q
w#r $ Ni M   nX   q G :; HTTP Request
e ? # K8[= : # N #r ;i   e
?" qJ  $ #r w " HTTP Request 7  G q 
Ni! URLf @"$ XJ N  ?K   x # 7 :
=  KG 9  Kui e L" ?; 6 : %
M ... i"L @"$ 6K# K % L xN$ N .
kJLg  c K8[L 8< e ; :  p J %< ? q
  %n kJ  # "i K 8[L N ) x N _( q
 = ti % 6#8i  8U   : ]i% @"$ a   cN$:
 ] kJ . G
 %  [ _ # Yahoo Shopping #[8 #r 8
 iL # " i @ x 8Ni; ;8X "" i =N qui 
_ # iL " i "  : K=X ;  : _
 ;9" K~#
Hidden :[ 6 :  qN ;M : % HTML
 8 K M 6#8i KN HTML  6"% L i " i  : @

 8   % # " 7_ir 6 : @ x ;8 :

< ) i
 q%  ( 8 U  K! : _ J
"$ <= 8% 6 L[n "  %?N q # q w _
"" !! K"r :
?; 6 :g _" _< ; G;   8! :
"i ; : 8 _  i J % # qN KN  L?n
$;8 ;X K#8  = kJ ef Lf <"e  8 K
 D; <"eL !k8
 N :X  8$ :N <iL Xn kJ N [G =KN]
@ 8 X a :; 7# 8% 8K ; :  #  G 7X% c8
=8 =; qK  "= KN  f !! 8$ 7?# :N ;   " $6
   kJ ef 8$ 9#9$  NL :; ;c :J g _6
8 ):
13

 


http://www.t0010.com

; .c 3E Phishing Scam

$ :L i 2004 6LU Phishing Scam 8$ $ 2005 q
 7G ] J 6LU  r :8# @"$ ]"G= 6L  U:
"L K; :$8#   ;8K#  KN @ = 7 w Ni .
 e q""% " ; 6L @"$ D f K ih 6%M; K:
" i i #L  # 8  :L"< @ $8  8 
[. 8
=~ K kJ "  L" g @ L Kc"  N] L  ="N 7]
a  L = ]= #8  w#r $ N D ; :| L  J
# D @  :; w % % G L "#N 7]  
q nXX =] ) L [8 "   "i ;a :% %
g ! (.
J f @"$ 8 6LU K : ; : " i i #
J N   :; :# 6_ K~# 6L #  . ; "# :L ]
9#9$  ?  $ KM 6LU:
- 1 ]N 7"= 6LX =]  @"$ NL   "L K  ]N J
=.qi 6i
- 2 ]="i 6?= 7"= 6L _[ ]g G< 9 !
- 3 :$8= 6L %  K  8# U ) := ]N 7"= ( nf 6$
X " !
- 4L"= 6N 7] X "i  L =Kc :$8  Xn kJ
"i L "] =[ 8 =;]  M= ]#] ; ...:
 kJ "i ;i 8## ] w#8x K"rL =]):
- 5M Kc :$8= 6L _ 6eg ;?= : ni =]"= Kc :$8
 |G[ p ni ! i
N  8#8i  6L  K$[# 8% : {g |[M #f=
6w
 ]N 7"=  L 8 K G[M "i ] kJ "i =;K q
 K 6M c :#  L 8 K;i= % K K"L @  #<
N$  8#   q"L kJ   L N$  K 8# wf= n; qL] J
=    6K8 L 6] L  =~K ] c L" K Ni :
6K; bush@whitehouse.gov   
14

 


http://www.t0010.com

; .cHoax Email (##~%

J N    { 7#
6LX   p$9 qN  ! ]h
kJ = 6L $ #J= @"$   ;#  q  =6L
kJ e  L  $J = 7a ; : f _ kJ
 @"$ 6L N 8 :i 8  X J= h  L c "
jdbgmgr.exe  ;~ : _ 6e8N# "  :LL " ~N
 ;# 8K# i { K# |[M q"L # 8GL8K
" i !!
ir kJ _ i_ ; :L  % Hoax 6 L :e"  N #9"?U
)  #  KN 7x # K# 8K# " ! ( # 8 xN
8 [N  i kJ e  L  #~N ! ! "i ;i f
$  6L  q""h Xc q%  6L  q""h K~= : "$@  
J http://www.symantec.com/avcenter/hoax.html : D

" X
 nX kJ    < =" D h  $ @"$ K KM  6 ef
 K8[# : K @"$ {  =_ 7i a f ;$ q
N:
 < r ~i g  Lc" =N :<  Lc" $
#  ;K q [ :8 L 7 :"$ N #8i 8
_ 6 ef  = "i#  KN K"i w N"$ <G@ _
Sniffing "i w"i#  KN U$ Spoofing ?K w"i#  KN 
 [ DOS 8  "i "" e [ "i DXU 
?8$ ... :$ = kJK :%  a 
8M 7 =[KGG
8  c Ki   L 8K  Kr  7 f :
kJ  aN$ :8 h#$ # # !  K  

8#
N$ a 6_ qa { #;
: :  _< [# 8%  %
kJ    !:"L
= @N  8%;< ;r : a _L 6" ; : { 7
= ="i  # c  : :8#9L 8  @"$ "x "L" "
$J ? ?  "i.
 ~n w" ] : 9#9$ #   6N kJ   @ N8
 X %   MU  M D @ 8G    ; DU
J  !  N K kJ   "<   <% ?  8K J "$ q L
  :; Ni = 7   MU 8G a  
15