Darren finishes off the photo frame case mod with a little cable beautification and accent lighting. Shannon’s getting into programming without touching a line of code using the Illumination Software Creator from Radical Breeze. Plus getting crafty with packets and the hping utility, open-source dropbox alternative based on OpenSSH and Rsync, and multi-threaded steganography bruter-forcers!
Last week we reported on nearly 60 nasty trojans hitting the Android marketplace. Google responded by delisting the publisher and used their app remote kill switch on the over quarter-million affected users. Google also released a security tool to clean up the mess. Well, said security tool has been found on an unregulated third-party Chinese marketplace injected some delicious botnet code. This one sports the ability to send text messages from the zombie’d phone.
A ‘group of hackers’ has figured out a way to scam Microsoft’s XBox Live Points by producing working character strings like the ones you get on the back of the points cards. They released the scheme on a website that would generate the codes for you! Microsoft lost about 1.2 million dollars in points, but they have since blocked the site… though, they don’t have a way of knowing who did it and they’ll probably have to redo the entire algorithm.
Just when you thought your Linux box was safe, a router-rooting bit of malware has been discovered. Once run the malware, posing as an ELF file, brute forces network routers. If successful the malware even sets up an IRC backdoor on the system. This router-rooter comes months after the Chuck Norris botnet circulated, attacking routers with default passwords.
If you visited George Hotz’s website between January 2009 and now, Sony may know about it. In a decision last Thursday, Magistrate Joseph Spero granted Sony a subpoena of PS3 jailbreaker George Hotz’s web provider for logs. Sony also won subpoenas for data on Youtube and Google. GeoHot’s provider, Bluehost, has been asked to turn over server logs, IP address logs, and just about anything pertaining to geohot.com/jailbreak.zip
Whats more fun than Gary’s Mod? How about using the Kinect to play Gary’s Mod! John B used OpenNI to gather skeletal coordinate data from the Kinect and pass it through to Gary’s Mod so he can do all the physics fun while get an exercise. How about some Gary’s Mod music videos next? With baby kittens?
Crack the Code Challenge
Did you have what it took to compete in our Crack The Code Challenge, brought to you by GoToAssist Express? These fine Hak5 viewers did last Sunday. Mad props go to Paul, Sork, Richard, Raging Cake, Jenkins, John and Joey, as well as our returning champions Netshroud, Leo and Tristian.
A big thanks go out to all that participated, joined the live stream and chat, and of course GoToAssist Express for sponsoring our Hak5 Lab Network. We had an overwhelming reception with more participants than virtual machines, however we’ll be increasing our capacity this week as well as getting the Thunder Kitten Assault Force involved. Stay tuned for info on the next, even bigger Crack the Code Challenge.
And be sure to tune in next week as we’ll have a detailed walk through on how the challenge was completed.
Illumination Software Creator
I would love to have the ability to make my own software applications without having to know any kind of coding language. But it seems like even to do something as simple as a Hello World script you still have to know at least a few lines of script.
Well… not anymore! With Illumination Software Creator, from Radical Breeze, you can write software apps without the code, by using a unique easy interface.
Windows- Needs Python
Works on Windows, Linus, Ubuntu, Mac, Android, and Flex
Follow directions on the Requirements page at RadicalBreeze.com. For Windows, I have to download a few python installers before it’ll work. Then go to the download page and click on your desired OS. Run through the quick download and open the Software Creator.
Simply drag and drop boxes for what you want your application to do. Then connect the boxes by the ribbons to make a full application.
I’m gonna do a really simple one. It’s going to have a popup window that says Hak5 Rules!
First, click on new project and add your boxes. I want to set some text in a message box that will pop up.
So I add the set text box and add a variable that I can re-use for several commands. The variable is called Hak5 Rules, text, and the default text is Hak5 Rules!
Under Set Text I add the Hak5 Rules to the custom text line, then for the message box I add the Variable for Hak5 Rules.
After you make your application, click run to make sure it works. Ok, I need to add the variable to the Set Text box, and now I can click Run, save it, and in a few seconds, there we have a text box that says Hak5 Rules
At first it’s a little tough to get used to if you’ve never designed an app or used code. Once you get the hang of it it’s really easy.
Email me what you think at email@example.com.
HakTip: Crafting packets with HPING
We’ve been talking about screen, and packet sniffers, but today I’m putting ‘em together with a new tool to craft our own packets.
Hping3 is a TCP/IP packet assembler. It’s modeled after the unix ping command — but it can do so much more. It’ll craft TCP, UDP, ICMP or even RAW-IP packets.
So here in the top screen I have tcpdump running on eth0. If I issue a ping 220.127.116.11 I’ll see that traffic.
Now let’s say I want to not just ping the server, but figure out if there’s an HTTP daemon running. For this we’ll do what’s called a half-open SYN connection.
hping -c 1 -I eth0 -s 1234 -p 80 -S 18.104.22.168
In the top screen I can see my traffic. In the bottom I get the output from hping and I can see that we sent a SYN packet and received a SYN+ACK. Since we’re not completing the three-way-handshake we never complete the connection, thus leaving it as a half-open SYN connection.
Just as an example I’m going to run the command again but this time let’s change it to port 81.
hping -c 1 -I eth0 -s 1234 -p 80 -S 22.214.171.124
And in this instance there isn’t a daemon running to answer the SYN, thus we see 1 packet sent, 0 received.
Now this is just scratching the surface of what’s possible with a traffic generator like hping and a debug setup like tcpdump coupled with screen. And of course I’m looking forward hearing about your favorite packet assemblers.
So what tips are rocking your world? Send ‘em by firstname.lastname@example.org
cables and lighting
In this segment Darren covers the beautification aspects of the case mod, tackling the tricky bits of cable management and accent lighting with cold cathodes. Darren reviews some of the recent case mod feedback and looks forward to hearing your ideas for future mods. Send ‘em by email@example.com
Last week’s trivia question was:
In WarGames, this character gives his name to the first computer game Lightman finds. The answer is Stephen Falken.
This week’s trivia question is:
This composer of Blade Runner was an inspiration to the recently released OST by Daft Punk of Tron Legacy?
Answer at hak5.org/trivia for your chance to win some hak5 swag!
Emails: Cluster Specs, Dropbox Alternatives and Brute Force scripts
PLEASE tell us all the parts you use for the cluster nodes in episode 823. Please??? Love the show.”
“You guys should work on metatagging your episodes based on what is covered and then have a search function for that… I am having all sorts of issues finding a few older episode I remember on Android… as I just a working one I want to play with it now -initialhit”
We are! In fact Paul is even cataloging our archive of segments. You may have noticed the code, game, geek, hack and IT categories on hak5.org. Stay tuned as we get all of our content cataloged over the coming weeks.
“After the last CCC I realised that you could brute force stegfiles a
Lot faster if you created multiple concurrent threads to do the work.
So, I wrote my own script to do just that. It’s definitely faster than
cypherround’s script, though not as pretty. I don’t have a website or
blog, so I pastebinned it http://pastebin.com/nLSbbF17.
Oh, and I’m really looking forward to the next CCC! –Nevermore”
Wicked! Thanks Nevermore
Tim writes: “Hey guys, I have a question about a possible dropbox alternative.
I have been using dropbox for about a year now for my paranormal research group. It has worked great for sharing casefile paperwork, evidence collections, etc.
I would invest in the pro versions to hold more space, but due to a security concern, each member of our organization has their own account and each person depending on
their position in the company gets access to certain folders, if I got pro for each person I would end up spending thousands of dollars a year (we have 20 members)
My question is could there be a better way of sharing files and synchronizing file versions instantly between users. I tried Microsuck Skydrive but I am also using some linux
machines which counts that out.”
The short answer is rsync. The longer answer will be a future segment, but
here are some links to get you started:
http://philcryer.github.com/lipsync/, https://github.com/philcryer/lipsync#readme, http://fak3r.com/geek/howto-build-your-own-open-source-dropbox-clone/, http://code.google.com/p/s3fs/wiki/FuseOverAmazon, and http://www.tarsnap.com/.
Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up firstname.lastname@example.org.