Darren finishes off the photo frame case mod with a little cable beautification and accent lighting. Shannon’s getting into programming without touching a line of code using the Illumination Software Creator from Radical Breeze. Plus getting crafty with packets and the hping utility, open-source dropbox alternative based on OpenSSH and Rsync, and multi-threaded steganography bruter-forcers!

Download HD Download MP4 Download WMV

Hacker Headlines

Last week we reported on nearly 60 nasty trojans hitting the Android marketplace. Google responded by delisting the publisher and used their app remote kill switch on the over quarter-million affected users. Google also released a security tool to clean up the mess. Well, said security tool has been found on an unregulated third-party Chinese marketplace injected some delicious botnet code. This one sports the ability to send text messages from the zombie’d phone.

A ‘group of hackers’ has figured out a way to scam Microsoft’s XBox Live Points by producing working character strings like the ones you get on the back of the points cards. They released the scheme on a website that would generate the codes for you! Microsoft lost about 1.2 million dollars in points, but they have since blocked the site… though, they don’t have a way of knowing who did it and they’ll probably have to redo the entire algorithm.

Just when you thought your Linux box was safe, a router-rooting bit of malware has been discovered. Once run the malware, posing as an ELF file, brute forces network routers. If successful the malware even sets up an IRC backdoor on the system. This router-rooter comes months after the Chuck Norris botnet circulated, attacking routers with default passwords.

If you visited George Hotz’s website between January 2009 and now, Sony may know about it. In a decision last Thursday, Magistrate Joseph Spero granted Sony a subpoena of PS3 jailbreaker George Hotz’s web provider for logs. Sony also won subpoenas for data on Youtube and Google. GeoHot’s provider, Bluehost, has been asked to turn over server logs, IP address logs, and just about anything pertaining to geohot.com/jailbreak.zip

Whats more fun than Gary’s Mod? How about using the Kinect to play Gary’s Mod! John B used OpenNI to gather skeletal coordinate data from the Kinect and pass it through to Gary’s Mod so he can do all the physics fun while get an exercise. How about some Gary’s Mod music videos next? With baby kittens?

Crack the Code Challenge

Did you have what it took to compete in our Crack The Code Challenge, brought to you by GoToAssist Express? These fine Hak5 viewers did last Sunday. Mad props go to Paul, Sork, Richard, Raging Cake, Jenkins, John and Joey, as well as our returning champions Netshroud, Leo and Tristian.

A big thanks go out to all that participated, joined the live stream and chat, and of course GoToAssist Express for sponsoring our Hak5 Lab Network. We had an overwhelming reception with more participants than virtual machines, however we’ll be increasing our capacity this week as well as getting the Thunder Kitten Assault Force involved. Stay tuned for info on the next, even bigger Crack the Code Challenge.

And be sure to tune in next week as we’ll have a detailed walk through on how the challenge was completed.

Illumination Software Creator

I would love to have the ability to make my own software applications without having to know any kind of coding language. But it seems like even to do something as simple as a Hello World script you still have to know at least a few lines of script.
Well… not anymore! With Illumination Software Creator, from Radical Breeze, you can write software apps without the code, by using a unique easy interface.

Requirements:
Windows- Needs Python
Works on Windows, Linus, Ubuntu, Mac, Android, and Flex

Follow directions on the Requirements page at RadicalBreeze.com. For Windows, I have to download a few python installers before it’ll work. Then go to the download page and click on your desired OS. Run through the quick download and open the Software Creator.
Simply drag and drop boxes for what you want your application to do. Then connect the boxes by the ribbons to make a full application.
I’m gonna do a really simple one. It’s going to have a popup window that says Hak5 Rules!
First, click on new project and add your boxes. I want to set some text in a message box that will pop up.
So I add the set text box and add a variable that I can re-use for several commands. The variable is called Hak5 Rules, text, and the default text is Hak5 Rules!
Under Set Text I add the Hak5 Rules to the custom text line, then for the message box I add the Variable for Hak5 Rules.
After you make your application, click run to make sure it works. Ok, I need to add the variable to the Set Text box, and now I can click Run, save it, and in a few seconds, there we have a text box that says Hak5 Rules

At first it’s a little tough to get used to if you’ve never designed an app or used code. Once you get the hang of it it’s really easy.
Email me what you think at feedback@hak5.org.

HakTip: Crafting packets with HPING

We’ve been talking about screen, and packet sniffers, but today I’m putting ‘em together with a new tool to craft our own packets.

Hping3 is a TCP/IP packet assembler. It’s modeled after the unix ping command — but it can do so much more. It’ll craft TCP, UDP, ICMP or even RAW-IP packets.

So here in the top screen I have tcpdump running on eth0. If I issue a ping 66.11.227.169 I’ll see that traffic.

Now let’s say I want to not just ping the server, but figure out if there’s an HTTP daemon running. For this we’ll do what’s called a half-open SYN connection.

hping -c 1 -I eth0 -s 1234 -p 80 -S 66.11.227.169

In the top screen I can see my traffic. In the bottom I get the output from hping and I can see that we sent a SYN packet and received a SYN+ACK. Since we’re not completing the three-way-handshake we never complete the connection, thus leaving it as a half-open SYN connection.

Just as an example I’m going to run the command again but this time let’s change it to port 81.

hping -c 1 -I eth0 -s 1234 -p 80 -S 66.11.227.169

And in this instance there isn’t a daemon running to answer the SYN, thus we see 1 packet sent, 0 received.

Now this is just scratching the surface of what’s possible with a traffic generator like hping and a debug setup like tcpdump coupled with screen. And of course I’m looking forward hearing about your favorite packet assemblers.

So what tips are rocking your world? Send ‘em by tips@hak5.org

cables and lighting

In this segment Darren covers the beautification aspects of the case mod, tackling the tricky bits of cable management and accent lighting with cold cathodes. Darren reviews some of the recent case mod feedback and looks forward to hearing your ideas for future mods. Send ‘em by feedback@hak5.org

Trivia!

Last week’s trivia question was:
In WarGames, this character gives his name to the first computer game Lightman finds. The answer is Stephen Falken.

This week’s trivia question is:
This composer of Blade Runner was an inspiration to the recently released OST by Daft Punk of Tron Legacy?

Answer at hak5.org/trivia for your chance to win some hak5 swag!

Emails: Cluster Specs, Dropbox Alternatives and Brute Force scripts

“Jamie writes:
PLEASE tell us all the parts you use for the cluster nodes in episode 823. Please??? Love the show.”

The exact specs are ASUS P8 H67-M series motherboard, Core i5 2500K CPU, 2.5″ Scorpio Blue 250GB hard drive, and the least expensive 4GB of RAM you can find.

“You guys should work on metatagging your episodes based on what is covered and then have a search function for that… I am having all sorts of issues finding a few older episode I remember on Android… as I just a working one I want to play with it now :P -initialhit”

We are! In fact Paul is even cataloging our archive of segments. You may have noticed the code, game, geek, hack and IT categories on hak5.org. Stay tuned as we get all of our content cataloged over the coming weeks.

“After the last CCC I realised that you could brute force stegfiles a
Lot faster if you created multiple concurrent threads to do the work.
So, I wrote my own script to do just that. It’s definitely faster than
cypherround’s script, though not as pretty. I don’t have a website or
blog, so I pastebinned it http://pastebin.com/nLSbbF17.
Oh, and I’m really looking forward to the next CCC! –Nevermore”

Wicked! Thanks Nevermore :)

Tim writes: “Hey guys, I have a question about a possible dropbox alternative.

I have been using dropbox for about a year now for my paranormal research group. It has worked great for sharing casefile paperwork, evidence collections, etc.

I would invest in the pro versions to hold more space, but due to a security concern, each member of our organization has their own account and each person depending on
their position in the company gets access to certain folders, if I got pro for each person I would end up spending thousands of dollars a year (we have 20 members)

My question is could there be a better way of sharing files and synchronizing file versions instantly between users. I tried Microsuck Skydrive but I am also using some linux
machines which counts that out.”

The short answer is rsync. The longer answer will be a future segment, but
here are some links to get you started:

http://philcryer.github.com/lipsync/, https://github.com/philcryer/lipsync#readme, http://fak3r.com/geek/howto-build-your-own-open-source-dropbox-clone/, http://code.google.com/p/s3fs/wiki/FuseOverAmazon, and http://www.tarsnap.com/.

Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

12 Comments

  • Hey guys don’t think we Aussies didn’t notice the jar of Vegemite on the shelf…lol
    Nice episode :)

    • Tune in next week when we try it for the first time live! :)

      • It’s my understanding that vegemite is to be eaten in small amounts. I’m American and when I traveled to Australia they showed me that you’re supposed to spread it VERY thinly on toast for the best effect. Even then many people say it tastes like death. Keep a good beer nearby just in case!

        • chuxxsss 3 years ago

          I’m Australian and hate Vegemite. Saying that I did have English parent who gave me this dislike. Spread it thin is the best way to eat it if you must do so.

  • wurmt0ngue 3 years ago

    finally i got stuff to watch again

    ps, thank you

  • if you’ve ever woken up and wondered if you’re australian, taste vegemite and you’ll instantly know :)

  • NoobGuru 3 years ago

    love this case mod, found some nice ports that would look nicely on the pic frame

    ent port
    http://www.amazon.com/Category-Shielded-Deluxe-Panel-Coupler/dp/B000AAL6U8/ref=sr_1_19?ie=UTF8&qid=1300563838&sr=8-19

    power port
    http://www.mcmelectronics.com/product/23-470&green=21795080110&utm_campaign=MyBuys&utm_medium=Recommendation&utm_source=prod&utm_term=23-470

    I can’t wait til i have money to make my pic frame case, love your work been watching since season 2.

    Cheers

  • philux 3 years ago

    i normally give vegemite to poisoned cats to induce vomiting.

  • beakmyn 3 years ago

    It’s Apevia 250W ITX (Flex ATX) Power Supply
    Apevia:
    FRYS.com #: 6446822

    $39.99

    G programming isn’t unique. I’ve been using it for years in NI Labview.

    WFW 3.11. I just quoted a client to upgrade a running machine from WFW3.11 to XP.

  • BenScar 3 years ago

    Vegemite?! Has no one introduced you (Darren and crew) to Marmite?

  • great episode, the article on making apps with no code knowledge is cool.

  • Zaephor 3 years ago

    I’d been looking at DropBox alternatives too and found something I felt was a bit more promising with very similar features.
    For people with more extensive resources there’s also iFolder… which looks like a program for Mac at first, but it’s just the name Novell gave it. Basically you end up setting up an iFolder server(looks like they have an ISO based on OpenSUSE) and load the client on the end computers. Should act almost identically to Dropbox. I believe you can get the server software loaded into other Linux OS’s and could run it on like Ubuntu or something if you prefer. They have client side programs for Win/Lin/Mac so it is a major possibility.

    I haven’t yet had a chance to try it first hand, I’m currently designing a pair of VM servers for myself at home to cover my storage and other projects. I plan to get this loaded into one of them as a VM to sync music to my carPC automagically(60+GB). I’m looking easily 2 weeks away before I have any VM servers running yet so figure someone will beat me to trying these out.

    http://www.ifolder.com/