This time on the show, capturing and analyzing Bluetooth packets with the Ubertooth One, Kismet and Wireshark, Booting VirtualBox VMs from physical USB drives, bypassing Geo IP location restrictions, and tons more.

Download HD Download MP4 Download WMV

Capturing and analyzing bluetooth packets with Kismet and Wireshark

Following up with our Ubertooth One setup guide form last week, we’ll be configuring Kismet and Wireshark to process Bluetooth packets.

Again If you’re not familiar, the Ubertooth One is an open source bluetooth testing tool made by Mike Ossmann in response to the lack of good bluetooth testing devices, or the ridiculously high price tags in excess of $10,000 for commercial monitoring equipment.

So in the same sense that we have inexpensive WiFi adapters that can go into monitor or promiscuous mode, we now have the Ubertooth One.

And of course props to HarvestGardener on the BackTrack Linux forums for putting a lot of this together. Most of the Ubertooth development was done on Mac OSX but getting it going in Linux isn’t too difficult, thankfully.

wget http://www.kismetwireless.net/code/kismet-2011-03-R2.tar.gz
tar xvf kismet-2011-03-R2.tar.gz -C /usr/src/
mv /usr/src/kismet-2011-03-R2/ /usr/src/kismet
cd /usr/src/kismet
./configure

cd
cd ubertooth-r238/host/kismet/plugin-ubertooth
make && make install

vi /usr/local/etc/kismet.conf #add pcapbtbb to logtypes=

Fire up Kismet. Set your source as ubertooth and start the ubertooth plugin from Kismet > Plugins

Ok, now for the less than fun part. From here we can capture bluetooth packets but we’ll probably want something more visual to analyze them. The gold standard for packet analysis is Wireshark for IP and thankfully libbtbb can comes with source so we can use it to build a wireshark plugin.

….or, if we’re running the 32-bit version of BackTrack 5 we can download a precompiled version from HarvestGardener on the BT forums.

Just put the btbb files in /usr/local/lib/wireshark/plugins/1.4.6 and you’re off to the races

Booting VirtualBox VMs from physical USB drives

Today I am following up an episode of HakTip, Virtual Machines 101 with VirtualBox. Today we’ll be mashing up two of my new favorite tools — multiboot USB drives and Virtual machines.

A while back on HakTip we played with VirtualBox and a Linux Distro. I was able to get Ubuntu running on my Windows laptop with no problems.

And a few weeks ago on Hak5 I demonstrated how to build a Multiboot USB drive with XBoot. I love these Mutliboot USB drives as they save you money and space on your keychain, allowing you to “”burn”" multiple ISOS — you’re favorite boot CDs like Ophcrack, Clonezille or Puppy Linux — all from one drive. Check out Hak5 episode 920 for info on that.

Of course when you’re making these Multiboot USB drives there’s some trial and error in the process. And let’s be honest, rebooting is a total drag. If only we could boot a Virtual Machine off a USB drive. Well, you can’t. Not directly anyhow. But what we can do is turn a USB drive into a file — a VMDK which as we learned last week are Virtual Machine Hard Disks.

Download and install VirtualBox (version 4.0.6) if you haven’t already and hit he key combo WINDOWS KEY + R to bring up the Run dialog. Type in “”diskmgmt.msc”" and hit enter. This will pull up your Disk Management tool. This tool is built in to Windows and is generally used to format, partition, and delete parts of your hard drives, but you can also see and mess around with your USB drives as well.”

If you scroll down you can find your USB stick. Mine is this drive that I recently made into a YUMI multibootable drive on an episode of HakTip.

Open the command prompt by again holding WINDOWS KEY and hitting R, then type “”cmd”" (and start as an admin) and hit enter. Type in “”cd %programfiles%\oracle\virtualbox”" and press enter.

Then, type “”VBoxManage internalcommands createrawvmdk -filename %USERPROFILE%\.VirtualBox\usb.vmdk -rawdisk \\.\PhysicalDrive#”" (replace # with your USB disk number – mine is 2) and press enter.

Now that you’ve done the hard part, start up VirtualBox (as an admin) and create a new Virtual Machine. When prompted for a Virtual Hard Disk, check use existing hard disk and select usb.vmdk.

Once you have finished creating your New Virtual Machine, you’re ready to try it out!

I’ve got VirtualBox open and I’m about to try booting off my USB drive in a VirtualMachine. So I press Start and after waiting a few moments it should boot my flashdrive.

It works! I have booted my multiboot USB in VirtualBox as a vmdk. Awesome! This is a great way to get around having to restart your computer every time you want to test a USB bootable drive.”

Nibble: String commands in Bash with semi-colon

Semi colons aren’t just for C++ compile errors, ya know? In bash they can be used to string together a set of commands. For example if you wanted to start downloading an archive with wget and then extract it when the download completes you would put wget file.tar.gz ; tar zxvf file.tar.gz on the same line. Sometimes if I know a background process, like a render job, is going to take an hour to complete and I want to upload the resulting file afterwards I’ll string together sleep 3600 ; upload.sh videofile.mov. The sleep command will simply wait for the specified amount of seconds, in this case 3600 is an hour.

Want some free Hak5 swag? Submit your 4-bit tips at hak5.org/nibble

Feedback and Q&A

Mark writes: In my world, the cellular industry, we call those spaces “guard bands”. love the show keep up the good work

Thanks for the clarification Mark

Anonymous writes: I was thinking, is there a way to set up DBAN on your notebook to run on a timer? Say if you don’t login within x hours, it will run and wipe everything. Can it be done with any other nuke program?

The only thing I could think of short of rewriting the BIOS is to have a script (assuming you’re running Linux) parse /var/log/auth.log and determine whether or not to use a secure delete utility on a volume of choice. Others in IRC have pointed out that one could hide a USB drive tapped into a port inside a laptop but I’m not quite sure how you would go about automating the wipe proceedure.

I’m very interested in hearing everyone’s thoughts on this so leave your ideas in the comments below.

Delmar1992 says:
I am a German national. German sports are now available online. But, my computer knows it is in America. Is there a way of tricking the server and the computer into thinking I’m in Germany so that i can watch it? This also goes for watching Hulu in Germany. Is there a program, or a hack I need? Any suggestions are more than welcome.

A VPN or otherwise tunneling service is what you’re after. We’ve talked in great lengths about setting these up in our 7th season. If you have a friend overseas who is willing to share their Internet connection and setup a server you might be able to VPN or SSH Tunnel that way. Otherwise there are plenty of commercial services that offer just this. One of our friends is a fan of Witopia. We’ve just started playing with it here at Hak5 so we’ll give you our full review in the weeks to come.

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

T-Mobile’s great selection of tablets, laptop sticks and their new Mobile Hotspot gives you the freedom to stay connected with high-speed Internet on the go. Affordable high-speed Internet when and where you want, without overages. Mobile Broadband data plans start at $29.99 per month and current T-Mobile voice customers save an extra 20%! The G-Slate with Google® is T-Mobile’s first 4G Android tablet, and allows you to take your HD entertainment anywhere. Stay connected at blazing-fast speeds, when and where you want—no Wi-Fi needed. Immerse yourself in the entertainment you love—download apps, play games, stream video, and check your favorite websites. T-Mobile provides mobile broadband service that allows on-the-go, wireless, high-speed Internet through your choice of portable devices.

If you want to build a video site or if your website has a play button, I recommend getting a dot TV domain. A dot TV website lets you showcase your original content and create a unique site, not just another YouTube channel.
Just go to domain.com and search for the perfect dot TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%.
If you need to host your dot TV website, don’t forget about Domain.com’s web hosting plans. They’re less than six bucks a month and have everything you need to build, maintain, and promote your site.
Remember – when you think domain names, think domain.com.
Got a great idea? It all starts with a great domain. domain.com

With more than 23 million members, Netflix is the world’s largest subscription service instantly streaming TV episodes and movies over the Internet. For one low monthly price, Netflix unlimited members can instantly watch TV episodes & movies streaming to their TVs and computers. With Netflix you can cancel anytime. Netflix unlimited members can instantly watch thousands of titles on a vast array of devices streaming TV episodes and movies like Microsoft’s Xbox 360, Sony’s PS3 game console and the Nintendo Wii console. Find movies you love – easily! As a Netflix unlimited member you can instantly watch as many movies as you want anytime you want for one low monthly price! You can cancel anytime. Get your FREE Trial membership. Go to netflix.com/hak5 and sign up NOW. Be sure to use this URL so that they know we sent you!”

Leave a Reply

Your email address will not be published. Required fields are marked *

*

18 Comments

  • Sc00bz 2 years ago

    With sed ‘s/blah/meh/’ s means substitute.

    Also it’s weird that you grep for “logtypes” then use sed to search for “pcapdump,…,alert”. You probably should of done “sed ‘s/\(logtypes=.*\)/\1,pcapbtbb/’” because you don’t know how many times “pcapdump,…,alert” appears in the file. g is not needed since you are only doing one edit per line.

  • drmaq 2 years ago

    Well if you have heard of Wiptopia then u might like strong vpn or hotspot shield.

  • cooltech 2 years ago

    That would be Boris Floricic, better known by his pseudonym Tron.

  • BuddhaChu 2 years ago

    Witopia starts @ $40 per YEAR, not per month.

  • rodrigograAa 2 years ago

    Season 7? Can anyone specify the episode?

    • TheFu 2 years ago

      I guess you’re asking about VPNs.

      They did 3 or 4 VPNs in a single episode. Some of them seem to have gone commercial (Adito), and the FLOSS version is using certificates that are too short that cert authorities will not give you a cert that short. I ran Adito for 3 yrs, but have switched to openvpn.

      On Linux, you probably just want OpenVPN. Sure, it isn’t trivial to setup, but it isn’t all that hard either.

      On Windows, the built-in PPTP service is probably good enough for home, but please do not use this in a commercial environment, use OpenVPN.

  • robinx99 2 years ago

    For a nuke of the system when nobody logs in you might be able to check ‘users |wc -w = 0′ and then you might be able to kill the system by filling the harddisk with zeros ‘dd if=/dev/zero of=/dev/sda’ or maybe the shred command is better not so sure there. But most likely the system crashes before the wipe is complete. If you have a seperate home partion a ‘dd if=/dev/zero of=/dev/sda3′ should work without a crash.

    So you might be able to put somthing like this in /etc/crontab

    1 * * * * root if ( test 0 = `users |wc -w` ) then sleep 15m; (if ( test 0 = `users |wc -w` ) then dd if=/dev/zero of=/dev/sda; fi) ;fi

    The comand should check every houre the number of loggd in users if a user is logged in nothing happens if no user is logged in it waits 15 minutes and it checks again if somone is logged in, if somone is logged in it ends, if still nobody is logged in it writes all zeros to the harddrive

    But actually I think a full disk encryption is a better protection for the data on a notebook in case you might loose it.

  • JBu92 2 years ago

    re: wipeage
    I’m sure dd if=/dev/zero of=/dev/sda has been mentioned already. However, if you’re that bloody paranoid about your data, there’s only one course of action- ENCRYPT ENCRYPT ENCRYPT. Go into your bios, password protect the bios, and the harddisk, and the bootup (so you have to supply a password even to boot, and the disk will be protected as well). Then go get TrueCrypt and make a hidden OS. Password protect the account on the “visible” OS, and on the “hidden” OS. This will make logging in a pain in the drain on a major scale, but it’ll get the job done. Not quite what you’re looking for, but it achieves the same purpose, in perhaps a better way- if someone really wanted your data, they wouldn’t just boot up and start going at your password, they’d remove the harddisk and attack it with another OS.

  • Daemon Ex Machina 2 years ago

    You actually don’t need to pipe your sed to grep to hide the output. Just do:

    sed -in 's/\(logtypes=.*\)/\1,pcapbtbb/p'

    (thanks Sc00bz for the shortened regexp!)
    The -n puts it into silent mode, and the /p forces it to print the changed lines despite the -n. Of course, don’t bother with the /p if you don’t want the grep-like functionality.

  • -Make a script to run these steps:
    -Wipe important files using shred (vpn config, ssh keys, etc)
    -Wipe everything else in /home and /root with shred
    -Zero the drive out or shred other files

    Trigger the script any way you like. The cron job from Robinx99 would do it nicely.

    The reason for shredding specific files in order is it will happen quickly and silently. An attacker is less likely to notice and try to interrupt it.

    I like the idea of running DBAN to wipe the PC, but anybody could interrupt that process. Anyway, if they want your PC and not your files then they already have it and could reinstall any OS they like.

  • cooltech 2 years ago

    What you might want to do is put a hardware tracker/gps for your laptop.

    You could use a pet tracking microchip and put it in to the laptop and register as your pet. Just an idea.

    Their would be another way is to solder a small gps chip to the hardware.
    ( i.e http://zedomax.com/blog/2006/12/26/diy-tool-epson-unveils-smallest-gps-chip-ever/ )

    Hope this helps anyone.

  • cooltech 2 years ago

    What you might want to do is put a hardware tracker/gps for your laptop.

    You could use a pet tracking microchip and put it in to the laptop and register as your pet. Just an idea.

    Their would be another way is to solder a small gps chip to the hardware.
    ( i.e http://zedomax.com/blog/2006/12/26/diy-tool-epson-unveils-smallest-gps-chip-ever/ ) I am surprised that no one thought of put hardware tracking into the laptops.But they might pretty soon start putting tracking hardware into laptops and other devices(besides phones, as they are already doing this without are consent.)

    Hope this helps anyone.

  • Torak 2 years ago

    For data self-destruction, I would recommend the program Eraser if Anonymous is using Windows. It won’t nuke the entire hard drive, but you can set it to run at scheduled intervals to delete files of your choice.

    It can be found at: http://eraser.heidi.ie/

    Good luck!

  • Jake Roberts 2 years ago

    On the subject of wiping: why not just encrypt the thing? If done properly it’s nearly impossible to break. Really sensitive files could be placed in a hidden Truecrypt volume, making them nearly impossible to find or open.

    This article illustrates the point.

    http://news.hitb.org/content/open-source-encryption-brazilian-bankers-hard-drive-baffles-police

  • Anonymous 2 years ago

    Shred is an awesome tool that will wipe out hard drives for linux. it just take a loooong time to clear out a normal sized drives. It can do multiple random passes on the drive and can be set to overwrite the randoms with 0s. a clean DoD wipe ^_^

  • TheFu 2 years ago

    Tab key for command/file completion. Watching that typing and the mistakes kills me.

  • I always test my usb thumb drives in a VM after I make them. In the episode you showed how to do it in vbox+windows, but if you use linux it’s even easier.

    You just need to install kvm (or qemu) and then run:

    kvm -hda /dev/sdb

    where /dev/sdb is your flash drive.

  • While usually I don’t feel compelled to comment on the commandline “sorcery” going on in the show even if it irks me at times, have to point out couple of things..
    When appending stuff around matched text in sed there’s no need to use capture groups (those pesky escaped parenthesis), instead do..

    $ echo ‘asd=ads’ | sed ‘s:^asd.*:&,jaa:’
    asd=ads,jaa

    Even though in this case it’s one off deal, generally the more specific regex can be made the better.. one little ^ and it won’t mess with stuff that’s commented out etc.. also, Darren, “g” means multiple times in same line/pattern space, no need for it here.

    I know rtfm’ing in the youtube age might not seem optimal use of time when you could look at a screencast, but remember kids: in unix world, you can usually trust the man. :)

    Otherwise, good show, it’s fun to watch something properly hosted with good variety that actually goes into technical details.. don’t really know of another show like this since thebroken finished, keep it up.