Want to bypass those nasty restrictions imposed by your corporate or university firewalls? Darren has just the trick with Internet Redirection. Ever wanted to hide secret data inside a photo? Shannon’s show us a neat steganography app. Plus Matt answers your virtualization questions!

Download HD Download MP4 Download XviD Download WMV

Show Notes

Internet Redirection

Corporate and university firewalls can be a particular PITA — especially if you’re a gamer. And while SSH tunneling (even over DNS)or VPN technologies are often preferred, it is quite possible to “bounce” your traffic off an Internet Redirection server. Like a fancy proxy, rinetd allows you to specify incoming and outgoing IP and port. It features basic client access rules based on IP and even supports logging. In my segment I demonstrate accepting traffic on port 80 and transmitting it to an IRC server on port 6667.

Granted this isn’t going to fool your more complex firewalls that actually inspect packets — but if you’re just looking to get traffic through an open port I highly recommend giving rinetd a try.

Darren

Steghide

Download a copy of Steghide. Extract the zip.

You want to hide a file. First thing you need is a file to hide it in. Choose a file – whether that be a music file, jpeg, word document… whatever – and save it inside the steghide folder, which was extracted from the zip folder. Also, save your file that you want to hide inside that same folder as well.
Open up your command prompt and open the steghide folder directory. Open the steghide.exe file. The last few rows of type will tell you how to embed and extract your hidden file.

Embedding:
Type into the command prompt: ’steghide embed -cf file.jpg (this is your regular file) -ef hiddenfile.txt’ (this is the file you want to hide).
Choose a Passphrase and you’re done! You’ll notice the original photo or music file has changed it’s byte size now that you’ve embedded something inside it.

Extracting:
Type into the command prompt: ’steghide extract -sf file.jpg’ and enter the passphrase. Now, you’ll see the extracted hidden file appear inside the same folder.
Your done! Simple, eh?

Shannon

Leave a Reply

Your email address will not be published. Required fields are marked *

*

25 Comments

  • Nescire 5 years ago

    Great show! rinetd, pineapple and a custom dns server, hm that sounds intresting to me.
    I hope Snubs will tell us some more about Stegnalysy, it fun to hide things, but it is more fun to find things (I loooove eastern).
    Btw. great idea for a contest, hide something via stegnographie on the hak5 page :D
    Matt was just competent as always, it’s really fun to listen to you, even if I don’t want to virtualize anything :D

  • Great Show guys and snubs :)

    Loved the Internet Redirection segment :)

  • Destro 5 years ago

    Hey just wanted to thank you for putting my photo in the show. I really appreciate it! Also that is the jpeg form so it is in different color, so I will try to post the original soon.

    thanks again and cheers,
    Destro

  • Ghostscorpion 5 years ago

    Grate stuff

    on the hiding a file in a image you can do this in DOS.

    1. Get your .rar/.zip file and put it in the same directory as a jpeg picture (c:\hidden is a good place to put it)
    2. Open up a command prompt by clicking Start/Run and typing “cmd” and click ok.
    3. In the DOS window, type “cd c:\hidden” to navigate to the folder
    4. Type “copy /b input.jpg + input.rar ouput.jpg
    (where input jpeg is the picture you want to show, input.rar is the file you want to hide and output.jpg will be the name of the new combined file)

    Ghostscorpion

  • Gabuzecs 5 years ago

    My impression or hak5 has been dumned down a bit?

  • Crazy_steve 5 years ago

    There’s bunch of GUI programs that do the exact same thing on WIN for years…

  • One thing that I thought of when watching Darren’s segment was, why just not use SSH? If the company firewall just allows port 80/443 then just put your SSH server on port 80 and tunnel any other port through that connection. Then you don’t have to remember to start your server application when you leave for work ;)

  • fDOOM 5 years ago

    @crax
    rinetd is just one way of doing it. most of time it will not work. many proxy and statesful firewall will block it. you are better off with ssh if you work for the mid to large size company.

    @bearded GUY!
    Don’t forget to go over AoE, HyperSCSI, and FCoE too! iscsi is cool, but others do other fancy stuff too. It seems like you know what you talking about so I will not bore with the definitions.

    bearded guy:3 darren:0

  • Danoli3!1!11!!!! <333333333

    @Gabuzecs – Could you be specific? We like making the show better, not worse :)

  • AnimeNinja 5 years ago

    Snubs,

    The shows gotten smaller for me lol.

    -AnimeNinja

  • @AnimeNinja, we’ve gone from a 45-60 minute monthly show with 3-4 segments to a weekly 30-40 minute show with 2-3 segments. You’re essentially getting 2.5 times the Hak5!

    Also if we did weekly hour long shows you or I would burn out quick. Not sure who first, but it would happen :(

  • AnimeNinja 5 years ago

    Darren I know :)

    Not use to the half hour episodes yet.

    It’s like waiting for a new stargate episode or something :)

  • @AnimeNinja

    If it helps any we’ll start dressing Matt up as Tilk :)

  • ADS is another fun way of hiding information inside of files, its limitation is you cant move the data of the drive thou,
    Great ep,

  • frankie_the_g 5 years ago

    Did matt list the model details of his SAN anywhere? I’m looking into a SAN for my environmrnt and would like to know more about what others are using? I’m also in need of SAN replication advice as I have multiple sites and want a backup copy.

  • Joscpe 5 years ago

    For steganography into images at least… You can extract any files into a rar archive, go into command prompt and type “Copy /b image.jpg + rar.rar newimage.jpg” and newimage.jpg will be the normal picture, but when you “Open With > WinRar”, there are your hidden files.

    It’s great if you use complex passwords and you store them in an Exel database within the rar and hide it in an image in your Windows directory. No one will expect it.

  • fDOOM 5 years ago

    OK. I will be serious now on. I no longer want to make Darren cry. He is doing a good job too.

    If you want show suggestions, how about going over Metasploit? I think some people want to know. If you feel the pen testing arena might be too complex for your audience, you can stick to the good old IT segments. The show doesn’t have to be about the IT security. If you think about it, going over antivirus, home firewalls, basic encryption tools aren’t really what most security admins focus on.
    Going over Checkpoint and various IDS tools, and designing a high level security network might be too much.

    I went through the forum. It seems like many IT people are here. Do multiple segments like Matt is doing. Pick one topic and go thoroughly over one subject at a time. You can go over basic Cisco 101 for some people. I already know Cisco, but it seems like many forum members are Windows admins. Cisco subject might be something they want to learn. Windows administration and Cisco network administration go hand in hand. You can also go over Linux and xBSDs network design, but it might not be geared towards your targeted audience. However, if you want to try various Linux segments (plenty of topics), you probably want to stick to Ubuntu LTS/Debian/CentOS/Redhat. However, something tells me none of you are UNIX specialists.

    I think most people seem to know a lot about the Windows administration here. If most people are just admins, they probably didn’t had an opportunity to design a complex Active Directory. Maybe, you can over Advanced Windows network design. You might also want to go over everyday routines that average sysadmins do such as remote installation, setting up a security patch server, setting a Windows cluster network, barebone disaster recovery, remote site recovery, and remote site hosting. Most admins are maintenance admins. If you want to peak their interests, focus on the design side. Since only few people in companies are allowed to do the design work. Also, multiple layer DNS design might keep them interested. In reality, people will be using Linux and xBSDs for a large scale DNS, but it can be done with Windows too.

    Learn to utilize your existing skills instead of getting stressed out about figuring out what to talk about. Bearded guy seems to have years of project management experience. Why don’t you talk about that? Topics can range from how to manage a team to other great project management tips.

    For Darren.
    If you designed this site by yourself, why don’t you explain how you did it? That way you can knock two stones at once? I’m sure there are many php newbies out there who are very curious what you are doing.

    I will come up with more suggestions as my time fits. I will browse your forums and trying to get the feel of people’s interest.

    Good shows guys.

  • Great Episode! I loved the steganography segment.
    Congrats on the house Matt.
    Thanks again for the shout outs- you guys went over and above what I was expecting!
    I really appreciate it. I am tickled to see D-Monkey on the set. :D

  • Ghostscorpion 5 years ago

    ” Joscpe says:
    May 8, 2009 at 11:25 pm
    For steganography into images at least… You can extract any files into a rar archive, go into command prompt and type “Copy /b image.jpg + rar.rar newimage.jpg” and newimage.jpg will be the normal picture, but when you “Open With > WinRar”, there are your hidden files.

    It’s great if you use complex passwords and you store them in an Exel database within the rar and hide it in an image in your Windows directory. No one will expect it.”

    that is what I posted on May 6, 2009 at 11:31 am

  • benjamin1254 5 years ago

    hey @Gabuzecs @snubs @darren steghide was done AGES ago if u dont remember a few episodes back with the user now known as Dankiswess… This was done back id say right around the time darren hurt his finger and we were just around the time real change started to happen to the hak5 team… dankiswess left matt stepped in… allie left… snubs stepped in… evil server is always mentioned but the heart isent there anymore to make him “part of the show”! users loved hak5 for its mix back in the day. I wish the original voice would come back and do some stuff for hak5 *cough*. Yeah I agree that hak5 went a bit dur dur dur but at the same time it mixes in low rank “haks” with some newer stuff as well. I at times thought to myself “hey hak5 users were once fans of the famouse TSS…” now i think that because of the time it takes to do thinks or to motivate the team effort is lost in these new mods/hacks. What is lacking here is the motivation to want to do hak5 like it use to be… but with a modern twist. I love hak5 and have been here since season 1 and will continue to help where i can and be a fan of hak5… just things need to change up! I would not want to be rude n give the team a f for failure because that they have not done… An E for effort is what is more needed in said situation because i can see they are doing what they can and they are at least trying. I also want to mention here that a big effort into fluid change overs needs to be done here. I mean it’s one thing when mods happen in one ep and then they are done with…. But as of late things have been getting really choppy! An example of this is when hak5 projects get started… it will start one episode and it will skip episodes instead of having a fluid checklist of things that need to be done and that need to be knocked out. The rover is an example of this IMO because we were shown its ability and use…. few episodes later still nothing… not even an update on *working* projects. That Would be nice… a working projects list on the front page of the hak5 website so things as a “team” can be knocked out of the park and so that way hak5 can become more interactive. I also understand in this that even if something isent *done* there still needs to be an episode of some sort…. i think dankiswess’ idea of a “episode board” needs to come back at some point and re-organise things. I think as a whole what im trying to say here is even with all this chaos of running a show and having to put out eps every week things should be more solid then they are… or at least as solid as they could be without having to jump around so much.” All in all I say i wish you all good luck and i appreciate everything you and the team do as a whole.

  • magiconion 5 years ago

    hhmm, not so sure about what Benjamin says.
    I quite like the randomness…
    It leaves a bit of self research and motivation to viewers to delve deeper into interesting stuff they like themselves ;)
    Keep up the yummy n00bilisious episodes :)

  • The show definitely got newbish in the past two seasons. I hope show doesn’t become like Tekzilla and become freeware of the week or good looking websites of the week. The show should go very hardcore security or go all the way to become IT friendly. I think Matt has the right direction. He is focusing on what he knows bes, which it shows a lot when you put the show together.

    This is only a suggestion. If Darren runs out of ideas, he can always discuss about how he build this site. I’m sure some people are curious.

  • To those who are concerned, I’ve got a list of segment ideas a mile long. There’s no running out here. That said, I cover what interests me at the moment. The show is a fun outlet, not a job, and as such I just try to have fun with it.

    If you have some constructive criticism you’d like to share with us by all means do. Calling it newbish doesn’t really help any. If you think it was so great before and not now maybe you could write up what you thought worked then and what isn’t now.

    Always trying to make the show better.

    Also, don’t bash Tekzilla. I know it’s not for the advanced user crowd but it does a great job at catering to its audience. Pat and V do a spectacular job.

  • Kool its really sounds help full for those who are in restriction and some times behind security :)

  • steve 5 years ago

    hi dudes imo tekzilla systm and hak5 are the best internet shows out there and all are there to help us, even though some people out there think some segments are “noob” u have to realise the show isnt just for u, personally im glad to have been introduced to this and the shows mentioned above they’re there to help us and entertain us.
    all the same can anyone tell me y i cant see d ep, its not loading and playing back as normal and ive tried f5′ing the page multiple times
    –steve