Darren shows off some nifty tricks for Netcat and a targeted brute force attack dictionary generator. Matt continues his series on Virtualization with redundancy and Shannon pimps the blog with her WordPress plugin picks. Plus the results of our Monkey Contest, the Code Challenge and this weeks easter egg hunt ;)

Download HD Download MP4 Download XviD Download WMV

Show Notes

Common User Password Profiler

The Common User Password Profiler from Remote-Exploit is a password/passphrase generator specifically targeted as an individual user. Feed it some info like names, birth dates, spouce, children and pets and it will generate individually, or along with an existing dictionary, thousands of potential passwords. Just add water, feed to your favorite brute forcer and enjoy.

From personal experience I can vouch that, while simple sounding, this would have a HIGH success rate on some of my _former_ (L)users. Administrators take note and enforce BOFH password requirements ;)

netcat – “The Swiss-army knife for TCP/IP”

When it comes to sending and receiving TCP and UDP any which way from the console nothing is more versatile or easy to use than netcat.

With a few simple commands you can use netcat to initiate chat, file transfer or even shell access in either direction between a “server” and a “client”.

The tool can be set to listen or broadcast on any port and tied together with some shell-fu almost anything is possible.

Some listener favorites include cloning hard drives over a network with dd and netcat, tailing a log across the network, port scanning, IP redirecting, or even spoofing user-agents and referrers. Internet Explorer 22 anyone?

Digininja points to this great netcat cheat sheet (PDF 128K).

What kind of crazy stuff have you done with netcat? Feedback@hak5.org

Shannon’s WordPress Plugin Picks


This plugin allows you to automatically post your new posts on the twitter website. This is good because the iPod and iPhone for example have a large amount of twitter clients to pick from. Your blog posts will arrive to people while they are walking the streets.


Socialite allows your WordPress posts to publish to Twitter, Facebook, and MySpace. Each social networking site can be enabled or disabled for publishing, and each is configured separately with their own options. Support for Short URL services such as zz.gd and Tinyurl.com is also supported.


Automatically add links to your favorite social bookmarking sites on your posts, pages and in your RSS feed. You can choose from 99 different social bookmarking sites!


MobilePress is a WordPress plugin that will render your WordPress blog on mobile handsets, with the ability to use customized themes. The plugin also allows specific themes for specific devices / mobile browsers, such as iPhone, Opera Mini, Windows CE Mobile and other generic handset browsers.

Resize at Upload Plus

The plugin will automatically resize an image upon upload, depending on the maximum width and height that you define. Gone are the days when you, or your client, will ruin a site’s layout by uploading a huge file with 25 megapixels. Be advised: there is no backup, no copy of the originally uploaded image.

WP-Cache 2.0

WP-Cache is an extremely efficient WordPress page caching system to make your site much faster and responsive. It works by caching Worpress pages and storing them in a static file for serving future requests directly from the file rather than loading and compiling the whole PHP code and then building the page from the database. WP-Cache allows to serve hundred of times more pages per second, and to reduce the response time from several tenths of seconds to less than a millisecond.

WordPress Backup

Backup the upload directory (images), current theme directory, and plugins directory to a zip file. Zip files optionally sent to email.

WP Security Scan

Scans your WordPress installation for security vulnerabilities and suggests corrective actions.

WP Ban

It will display a custom ban message when the banned IP, IP range, host name or referer url trys to visit you blog. You can also exclude certain IPs from being banned. There will be statistics recordered on how many times they attemp to visit your blog. It allows wildcard matching too.


Count every viewer and every article view for each blog entry, no matter how and where it is read: pixelstats tracks views of each blog post or page, not only on a single article page but also on each other page where the complete article is shown, i.e. the blog front page, category pages, search result page, archive pages and even RSS fee

Thanks for watching, subscribing, and most of all supporting the show. Custom commissioned WiFi Pineapples running Jasager are still available.

Leave a Reply

Your email address will not be published. Required fields are marked *



  • goarilla 5 years ago

    omg backtrack is now debian based

    it used to be slackware :(

    just like SuSE

    i’m sorry but it seems they just
    want it to go the easy route here
    and take all those repositories with them eg
    install backtrack and get all the debian
    apt-get goodness

    OK then

    but don’t come questioning me when you return into
    circular dependency hell

  • fuckdoom 5 years ago

    Ssh already supports reverse tunneling .
    You can’t really do that with NC in a NAT environment.
    Matt did a good job on the vmware.

    I don’t know too many tricks with nc anymore. I haven’t use it in a while, but you can
    send tor traffic with netcat. In case you are curious what are happening. There are many fake
    tor servers around the net.

    Instead of vmotion, have you though about integrating Bewoulf with OpenVZ or Xen?
    I never tried it, but I thought about it. I need buy some hardware for home, so I can try it.
    Most companies are grounded to Vmware for their virtualization.

    matt:2 darren:0

  • CyberSaint 5 years ago

    Hi Guys,

    As far as I can recall Microsoft licensing is based per CPU, does this mean I can install one copy of, let’s say – Windows XP Pro over and over on the VM? Or would I need a fresh license per installation?

    Awesome show!

  • @CyberSaint, Windows XP does not have the same virtual licensing considerations that Server 2003 / 2008 have.

    With Server 200X you can install 5 virtual machines with a single license.

    @fuckdoom, OpenVZ and free versions of Xen do not have the live migration, automatic load balancing, nor the High Availability monitoring.

    Most companies use VMware because it’s a tried and true production ready virtualization platform.

  • fuckdoom 5 years ago

    Hey Matt. I know that, but if you implemented SAN, you can load balance all the processes with Bewoulf with 5 to 10 old PCs. There is a possibility of making your own load balancing. High Availability monitoring is something some people can live without. If all the processes are spread out throughout the network that will give you some load balancing. It also doesn’t require any live migration, because every machines will assume they are one machine.

  • char_guerilla 5 years ago

    @Matt – I like the career advice! Get a lot of emails about ‘shortcuts’ to success, I take it? ‘How can I learn hacking/IT security/coding/network administration… in three weeks?’

  • sep332 5 years ago

    Posting here because webmaster@hak5.org doesn’t work:
    On you rhomepage, the link to download HD version of latest ep starts with “ttp://” instead of “http://”. This only happens on the main page http://hak5.org/, not on http://www.hak5.org/episodes/episode-511 .

  • Darren…always talking about the size of his dictionary…

  • Great show!

  • #1 backtrack was slax now ubuntu I am pissed

    #2 more wordpress

    #3 more shell-fu please

  • dennis 5 years ago

    everything is nooBuntu based nowadays! What were they thinking changing the best pentesting distro from trusty slackware to noob friendly ubuntu after 3 releases?

    Ah well, thats unrelated to Hak5 :) Great show again! Looking forward to the DIY virtualisation segment, as I’ve just set up my virtual servers and i’ll be waiting to see the mistakes I have made (if any ::whistle::)

    Keep up the great shows!

  • dennis 5 years ago

    Oh yeah, two things I forgot:

    1. Can someone make the damn videos stop auto-buffering as soon as the page is loaded?! Its *VERY* annoying especially as I am bandwidth limited at certain hours of the day (V.Media, UK) Quit stealing my megabytes plz!!!111one122

    2. Darren – what was the purpose of the ‘touch tinafey’ command in your netcat segment (@12:01)? from my memory, touch updates a timestamp on a file access time – so it seemed of little or no use in this case. Maybe i’m missing something obvious, but the echo and redirect works fine to create a file with contents. /shrug

  • @dennis

    Unless I’m mistaken it doesn’t start buffering until you press play.

    Touch creates the file if it doesn’t already exist. Also it’s fun to type in that context. :p

  • bloodrunsblack 5 years ago

    what do you mean “boo” debian?
    debian is awesome, and i can say that, because i actually used other linux distros that were not debian based. the fact that you try to use slackware as your argument isnt great as well, because if im not mistaken slackware has a pretty “easy route” packaging system as well

  • bloodrunsblack 5 years ago

    oh, and if im not mistaken as well, debian and debian based distros are just as stable as slackware and slackware based distros. point is I think the switch the developers of back track took to make BT4B and upcoming BT4F debian based was a mature decision. Also, the fact that many people like debian based distros has nothing to do with noobness, because people like me are out there who are also fluent with many other flavors of linux. just so happens i got lazy with distro hopping. hell as we speak im using gentoo on my laptop, and have ubuntu 9.04 on my desktop, and on my old laptop i have pardus installed. along with what I stated, i have also tried a ton more distros in my day. be it said, i havent used windows in about 4-6 years now.

    backtrack didn’t go ubuntu based it went debian based lol

  • Michaels 5 years ago

    Whats up with the top 10 for pimp’n out wp? Pretty lamo

  • dennis 5 years ago


    Yeah it does start buffering on both the main page and this contents page. (without going near the play button)

    I am currently looking at my firewall activity bars bobbing up and down, and my ethernet switch lights going crazy, and my firefox status bar “Transferring data from bitcast-a.bitgravity.com…”

    It’s buffering without me asking it to for sure.

  • dennis 5 years ago

    oops, by “contents” I meant “comments” :P

    anyway, I must close this page, its eating all my bandwidth!

  • dennis 5 years ago



    it is ubuntu based, not “genuine” debian – ‘cat /etc/apt/sources.list’

  • @dennis

    I have confirmed this behavior with wireshark. The flash player does in fact prebuffer before any sort of interaction. I have sent a note to Revision3’s tech team and hopefully we can have this sorted soon.

    Sorry for the inconvenience!

  • fuckdoom 5 years ago

    hey dennis..
    just install no script or disable javascript…
    the player seems like javascript based. it will prevent from starting.

  • I found the Pimp my WordPress section very useful. As WordPress becomes a nice easy way to maintain certain types of sites, I like to learn about useful plugins that I may have not stumbled across yet. So, I actually vote for more WordPress segments!

  • I go out of town and fall behind and doh… http://phpreferencebook.com gets bottom 3rd’d as phpreferebook.com

    Doh! Well, the winner will still get a copy of the book, so that’s good. Hopefully others will grab the free PDF or a copy themselves when the winner is announced from the website.

  • Bah, delete above and this, commented as I was catching up. Glad the code challenge went so well, two copies are going out! Grats!

  • eduardo 5 years ago

    where can i download a free netcat i love this!!!!

  • eduardo 5 years ago

    send me an email if you know how this is my email mexico_mexican@hotmail.com thanks:)

  • eduardo 5 years ago

    can any body email me some more cool freeware i can use to hack :)

  • @eduardo

    Here is 101 hack for you. Hack Google like this:

    Type in name of software your interested in, and add download to it.

    Example “Netcat Download”

    It will hack you right into the download links of interest.

    J/k Seriously thou Google is your friend.

  • so lame!!!!