Hak5 - Technolust since 2005 » backtrack

Hak5 1016 – Virtualized USB booting with QEMU, Steganalysis with Scalpel, x11vnc, screen for windows

Jason — Fri, 09 Dec 2011 02:50:40 +0000

This time on the show, carving hidden files with scalpel, booting USB drives in Linux from QEMU and VNC tips for BackTrack and Android. All that and more this time on Hak5!

Download HD Download MP4

Int0x80′s Scalpel Segment

Booting USB drives from within Linux with Qemu

Earlier in the season I talked about using the plop bootloader to boot USB thumbdrives from Virtual Box in Windows. Well, today thanks to an email from Rob we’ll be doing something similar in Linux.
Rob wrote:

Hey Guys and Gal,
I saw the *fix* for Virtualbox booting a USB drive with plop and loved it. Plop is how I boot USB on my Macbook Pro. Nice tip, but here’s another way to test your USB keys, fire up a terminal and launch ‘ sudo qemu -hda /dev/sdx ‘ where x is the drive letter of your USB drive under Linux. Qemu will launch a VM with the key as a hard drive. Hope someone gets some use out of this.

Thanks Rob!
We’ll begin by opening a terminal. The shortcut since I’m using Gnome is CONTROL+ALT+T.

Now if you don’t already have qemu installed you can get it by entering “”sudo apt-get install qemu”". I’ve already done this so it will just say it’s already installed.

So now that QEMU is installed we’ll need to figure out what device our thumbdrive is. One way to figure this out is to enter “”ls /dev/sd*”" before and after plugging in your flash drive and seeing what changed. So I’ll type “”ls /dev/sd*”" and hit enter and I can see I have “”sda”" and “”sdb”" and if I plug my thumbdrive in now, wait a moment for it to pop up, and now enter “”ls /dev/sd*”" again I’ll see that “”sdc”" shows up.
Another way to figure this out is to enter “”dmesg”" and look for the attached device.

Ok so with all that figured out we’re ready to finally boot off our thumb drive. Just type “”sudo qemu -hda /dev/sdc”" and hit enter.
And there you go, your thumb drive is booting from within Linux using QEMU. Here I can see Puppy Linux is starting up. Yay! Now I have Linux running inside of Linux! That’s almost as fun as dividing by zero! That’s so meta… ha! So do you have comments or questions? Email me at feedback@hak5.org or drop a line in the comments section.

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Hak5 1015 – Recovery & Forensics with Scalpel, Cloud storage with PogoPlug and 1000mw WiFi in the US?

Jason — Thu, 01 Dec 2011 10:39:11 +0000

This time on the show, Eighty of Dual Core returns for a little file recovery mojo using Scalpel. Then Jed Putterman of Pogoplug joins us to talk cloud storage. Plus can bash scripts monitor your CPU temperature? Radiating Paul-the-Camera-Guy’s brain with a 16dBi Yagi antenna and transmitting WiFi over 500mw in the US, can it be done? All that and more this time on Hak5!

Download HD Download MP4

Int0x80′s Privoxy Segment

Nibble
Rocco wrote: In case you need to monitor your CPU temperature, you can write a short script:

while sleep 1 ; do acpi -t ; done

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Hak5 1004 – See-through AR glasses, Hirens BootCD and 4G Modems in Linux

Jason — Wed, 14 Sep 2011 19:22:33 +0000

Are we one step closer to becoming cyborgs? We’re looking at the latest in Augmented Reality Glasses. The ultimate tool for analyzing, recovering and fixing a borked box. 4G USB modems and Linux, can they play nice together? And who’s multicast datagram IP flow is making nets glow? We’ll find out! All that and more this time on Hak5!

Download HD Download MP4

The latest in Augmented Reality eyewear with Vuzix

Clark Dever of Vuzix joins us to show off their latest in augmented reality eyewear technology, including the first production see-through AR display — the STAR 1200. Find out more about their eyewear and software development kits at vuzix.com

Hiren’s BootCD to fix your PC

On the hunt for another bootable CD with lots of fun tools? Here’s one that’s always been a favorite for many. Hiren’s BootCD (HBCD) is a free bootable CD that contains a load of useful tools you can make use of in a variety of situations like analyzing, recovering and fixing your computer even if the primary operating system can not be booted. It features tools that are helpful to partition, backup, recover, and work with the BIOS/CMOS. The website says that this is for people who have problems accessing the downloadable programs that can help them fix their computer. If you have Hiren’s BootCD, you don’t have to download all those programs. You can repair issues like hard drive crashes, viruses, password recovery, and data recovery.

On the website, I started following these crazy directions where you had to download the USB Disk Storage Format program, Grub4DOS, and the newest version of the Hiren’s BootCD. After getting like halfway through, I had a duh moment and figured out since there’s an ISO in the BootCD folder, I’m just going to use UNetBootin and install the ISO onto my USB drive. So I formatted my drive into FAT, and installed the ISO on it.
Now it’s time to boot up and see if it works!

In regards to the install, I guess if you have issues trying to just stick the ISO on the flash drive you can try the How-To on Hiren’s website. They also say:
“”If you are getting GRLDR error, or if usb booting is halting with a blinking dos window, or if you are faced with similar situations, try using syslinux to boot grub4dos. To do that, download syslinux.zip, extract its contents, run ‘RunMe.bat’ inside of the extracted folder and follow its steps.”"

Although this Bootable CD is super cool and easy to use, I do have to mention that some of the tools found on here are not free to use. You have to have a license to legally use them, so you may not want to use it.

That said, I really like Hiren’s bootCD. It’s combination of tools and programs for any kind of recovery is very useful and I’ve been a fan of it for many years. Although Hiren’s is an older tool, it is updated and fixed periodically, with new versions being released all the time.
Do you like Hiren’s BootCD? Email me your take on it at feedback@hak5.org.

4G Modems and Linux playing nice together! *shocking*

Darren demonstrates the crafty hackery necessary to get a modern 4G USB modem to be recognized and initialized in Linux. Darren uses USB-ModeSwitch and Sakis3G for an all-in-one PPP connection manager to a 4G network.

It’s like 56k WinModems all over again!

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

No matter what your project is Domain.com has what you need to register, host and promote your next big idea…even if it’s ffffggggggggggggggghjk.com. Domain.com is owning the competition with cheap domain names and hassle-free service. Their easy checkout process and domain discovery system makes it easy to select the domain that’s right for you and setup your website without hassle. Domain.com will even transfer your domain from another registrar and hook you up with another year of service for under $6.50 when you use coupon code HAK5 at checkout. That’s right, our code HAK5 will score you 15% off. Don’t forget, when you think domain names, think Domain.com

If you love alternative apparel brands like Kidrobot, Hurley, and Stussy but hate wasting all your cash on them, listen up! You can score these premium brands at UP TO 80% OFF every day at JackThreads — the invite-only shopping club just for guys. They’re serving up street, skate and surfwear brands at brain-melting prices. Get instant access to their deals for free and bypass the normal wait-list to join when you head over to JackThreads.com/hak5. Start saving instantly without leaving the house.

With Netflix, the world’s largest subscription stream service, you can instantly watch thousands of TV episodes and movies on your Microsoft Xbox 360, Sony PS3, Nintendo Wii and computer for one low monthly price. No late fees. No due dates. For a limited time Hak5 viewers can get a FREE 30 day trial membership at netflix.com/hak5. Sign up now and be sure to use this URL so they know we sent you.

Hak5 922 – Bypass GeoIP filters, VPN in BackTrack 5, AndLinux, Prettier Traceroutes

Jason — Thu, 21 Jul 2011 01:11:58 +0000

Hulu and the BBC iPlayer everywhere with a little VPN action to bypass Geo IP filters. We’ll be setting up Network Manager in BackTrack5. Plus, Linux inside of Windows, graphing trace-routes in terminal and a whole lot more this time on Hak5!

Download HD Download MP4 Download WMV

VPN in BackTrack 5 with Network Manager

BackTrack 5 is rocking my world as of late. I’ve been running the gnome 32bit version as my primary os on one of my laptops since release and I so far it has been fantastic out of the box.

That is until I wanted to easily connect to a PPTP VPN. While BackTrack5 includes Wicd — the Wireless (and wired) Interface Connection Daemon I’m more familiar with Network Manager, which includes a VPN client. Two birds, one stone!

In this segment I setup Network Manager in BackTrack 5.

apt-get install network-manager-gnome
cp /etc/network/interfaces{,.backup}
echo “”auto lo”" > /etc/network/interfaces
echo “”iface lo inet loopback”" >> /etc/network/interfaces
service network-manager start
nm-applet&
reboot

Run Linux apps in Windows with AndLinux

If you want to run Ubuntu seamlessly inside a Windows box, perhaps you’ll be interested in this tool called andLinux. AndLinux is a complete Ubuntu system that runs in Windows (all except 64-bit 7) and uses a program called coLinux as it’s core. CoLinux is a port of the Linux kernel to Windows. It’s kind of like running linux in a VM, except with coLinux, andLinux merges itself with Windows and the Linux kernel instead of running through an emulated PC. andLinux is for fun and development and it can run almost any Linux applications without having to do any modifications.
So, with andLinux you get a fully functional Linux system, with no desktop interface. It gives you a second panel or start menu where you can load Linux apps. The apps can be run simultaneously with Windows apps and you can cut and paste text between them.

AndLinux comes in a couple of different versions- KDE version (which is a full version) or XFCE (minimal). When you go through the andLinux installation on Windows, there are a few important steps to keep in mind.
Choosing your start up type: I chose run andLinux automatically as a NT service because it is the most convenient choice. You don’t have to do any kind of configurations if you choose this option.
You’ll be asked to create a username and password for andLinux login.
For Windows file access, I chose COFS as it gives you easier configuration compared to Samba. Samba will, though, let you share files with special characters.
Also, if Windows starts freakin because it’s not Microsoft certified, just click continue anyway.

Once the installation has finished, just restart your computer and unblock any windows firewall settings that may occur from the installation. To start using andLinux, first run the NT console. This will open a command prompt that’ll ask you for your username and password. You can then close that window and start using any of the programs and applications that are available in the boot menu. It’s kind of like downloading all the Linux programs straight into Windows without using a Linux OS.

So I’m just going to try some of these programs out, and they all seem to work just fine. So andLinux looks to be a very handy way to use Linux applications indeed! If you like it, tell me so! feedback@hak5.org.

Nibble: MTR isn’t your fathers traceroute

MTR isn’t your father’s Traceroute. It’s the ultimate command line tool for finding out where those tasty little packets are getting lost. From bash issue mtr –report-wide –curses and your destination of choice.

mtr –report-wide –curses 8.8.8.8

MTR will bring up a curses terminal interface with a constantly updating report on hops and pings, complete with hostname, best and average latency, and percentage of packets lost at each link.

Thanks to Brian for sending this in and scoring some complimentary hak5 swag. Submit your 4-bits at hak5.org/nibble

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

If you’re an IT or software consultant, you’re always looking to compete with the big guys. Problem is you may be a one man show! You need a remote support tool – and the best is Go To Assist Express. The faster you can connect to a customer, the faster you can move on to the next challenge! Reduce your travel time and increase revenue by handling more support requests. Brought to you by Citrix, you KNOW Go To Assist Express is easy and secure. Try GoToAssist Express FREE for 30 Days. For this special offer visit GoToAssist.com/Hak5.

If you want to build a video site or if your website has a play button, I recommend getting a dot TV domain. A dot TV website lets you showcase your original content and create a unique site, not just another YouTube channel.
Just go to domain.com and search for the perfect dot TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%.
If you need to host your dot TV website, don’t forget about Domain.com’s web hosting plans. They’re less than six bucks a month and have everything you need to build, maintain, and promote your site.
Remember – when you think domain names, think domain.com.
Got a great idea? It all starts with a great domain. domain.com

Audible.com is the leading provider of downloadable digital audiobooks and spoken word entertainment. Audible has over 75,000 titles to choose from, to be downloaded to your iPod/MP3 player and played back anywhere, anytime. Choose from books in every genre, science fiction, thrillers, drama, comedy, business, history and more. Go to audiblepodcast.com/ hak5 to get a FREE audiobook-download of your choice when you sign up today. Again go to Audiblepodcast.com/hak5 for your Free Audiobook!

Hak5 921 – Capture and analyze bluetooth packets, Boot Virtual Machines from USB and more

Jason — Wed, 13 Jul 2011 20:58:35 +0000

This time on the show, capturing and analyzing Bluetooth packets with the Ubertooth One, Kismet and Wireshark, Booting VirtualBox VMs from physical USB drives, bypassing Geo IP location restrictions, and tons more.

Download HD Download MP4 Download WMV

Capturing and analyzing bluetooth packets with Kismet and Wireshark

Following up with our Ubertooth One setup guide form last week, we’ll be configuring Kismet and Wireshark to process Bluetooth packets.

Again If you’re not familiar, the Ubertooth One is an open source bluetooth testing tool made by Mike Ossmann in response to the lack of good bluetooth testing devices, or the ridiculously high price tags in excess of $10,000 for commercial monitoring equipment.

So in the same sense that we have inexpensive WiFi adapters that can go into monitor or promiscuous mode, we now have the Ubertooth One.

And of course props to HarvestGardener on the BackTrack Linux forums for putting a lot of this together. Most of the Ubertooth development was done on Mac OSX but getting it going in Linux isn’t too difficult, thankfully.

wget http://www.kismetwireless.net/code/kismet-2011-03-R2.tar.gz
tar xvf kismet-2011-03-R2.tar.gz -C /usr/src/
mv /usr/src/kismet-2011-03-R2/ /usr/src/kismet
cd /usr/src/kismet
./configure

cd
cd ubertooth-r238/host/kismet/plugin-ubertooth
make && make install

vi /usr/local/etc/kismet.conf #add pcapbtbb to logtypes=

Fire up Kismet. Set your source as ubertooth and start the ubertooth plugin from Kismet > Plugins

Ok, now for the less than fun part. From here we can capture bluetooth packets but we’ll probably want something more visual to analyze them. The gold standard for packet analysis is Wireshark for IP and thankfully libbtbb can comes with source so we can use it to build a wireshark plugin.

….or, if we’re running the 32-bit version of BackTrack 5 we can download a precompiled version from HarvestGardener on the BT forums.

Just put the btbb files in /usr/local/lib/wireshark/plugins/1.4.6 and you’re off to the races

Booting VirtualBox VMs from physical USB drives

Today I am following up an episode of HakTip, Virtual Machines 101 with VirtualBox. Today we’ll be mashing up two of my new favorite tools — multiboot USB drives and Virtual machines.

A while back on HakTip we played with VirtualBox and a Linux Distro. I was able to get Ubuntu running on my Windows laptop with no problems.

And a few weeks ago on Hak5 I demonstrated how to build a Multiboot USB drive with XBoot. I love these Mutliboot USB drives as they save you money and space on your keychain, allowing you to “”burn”" multiple ISOS — you’re favorite boot CDs like Ophcrack, Clonezille or Puppy Linux — all from one drive. Check out Hak5 episode 920 for info on that.

Of course when you’re making these Multiboot USB drives there’s some trial and error in the process. And let’s be honest, rebooting is a total drag. If only we could boot a Virtual Machine off a USB drive. Well, you can’t. Not directly anyhow. But what we can do is turn a USB drive into a file — a VMDK which as we learned last week are Virtual Machine Hard Disks.

Download and install VirtualBox (version 4.0.6) if you haven’t already and hit he key combo WINDOWS KEY + R to bring up the Run dialog. Type in “”diskmgmt.msc”" and hit enter. This will pull up your Disk Management tool. This tool is built in to Windows and is generally used to format, partition, and delete parts of your hard drives, but you can also see and mess around with your USB drives as well.”
“

If you scroll down you can find your USB stick. Mine is this drive that I recently made into a YUMI multibootable drive on an episode of HakTip.

Open the command prompt by again holding WINDOWS KEY and hitting R, then type “”cmd”" (and start as an admin) and hit enter. Type in “”cd %programfiles%\oracle\virtualbox”" and press enter.

Then, type “”VBoxManage internalcommands createrawvmdk -filename %USERPROFILE%\.VirtualBox\usb.vmdk -rawdisk \\.\PhysicalDrive#”" (replace # with your USB disk number – mine is 2) and press enter.

Now that you’ve done the hard part, start up VirtualBox (as an admin) and create a new Virtual Machine. When prompted for a Virtual Hard Disk, check use existing hard disk and select usb.vmdk.

Once you have finished creating your New Virtual Machine, you’re ready to try it out!

I’ve got VirtualBox open and I’m about to try booting off my USB drive in a VirtualMachine. So I press Start and after waiting a few moments it should boot my flashdrive.

It works! I have booted my multiboot USB in VirtualBox as a vmdk. Awesome! This is a great way to get around having to restart your computer every time you want to test a USB bootable drive.”

Nibble: String commands in Bash with semi-colon

Semi colons aren’t just for C++ compile errors, ya know? In bash they can be used to string together a set of commands. For example if you wanted to start downloading an archive with wget and then extract it when the download completes you would put wget file.tar.gz ; tar zxvf file.tar.gz on the same line. Sometimes if I know a background process, like a render job, is going to take an hour to complete and I want to upload the resulting file afterwards I’ll string together sleep 3600 ; upload.sh videofile.mov. The sleep command will simply wait for the specified amount of seconds, in this case 3600 is an hour.

Want some free Hak5 swag? Submit your 4-bit tips at hak5.org/nibble

Feedback and Q&A

Mark writes: In my world, the cellular industry, we call those spaces “guard bands”. love the show keep up the good work

Thanks for the clarification Mark

Anonymous writes: I was thinking, is there a way to set up DBAN on your notebook to run on a timer? Say if you don’t login within x hours, it will run and wipe everything. Can it be done with any other nuke program?

The only thing I could think of short of rewriting the BIOS is to have a script (assuming you’re running Linux) parse /var/log/auth.log and determine whether or not to use a secure delete utility on a volume of choice. Others in IRC have pointed out that one could hide a USB drive tapped into a port inside a laptop but I’m not quite sure how you would go about automating the wipe proceedure.

I’m very interested in hearing everyone’s thoughts on this so leave your ideas in the comments below.

Delmar1992 says:
I am a German national. German sports are now available online. But, my computer knows it is in America. Is there a way of tricking the server and the computer into thinking I’m in Germany so that i can watch it? This also goes for watching Hulu in Germany. Is there a program, or a hack I need? Any suggestions are more than welcome.

A VPN or otherwise tunneling service is what you’re after. We’ve talked in great lengths about setting these up in our 7th season. If you have a friend overseas who is willing to share their Internet connection and setup a server you might be able to VPN or SSH Tunnel that way. Otherwise there are plenty of commercial services that offer just this. One of our friends is a fan of Witopia. We’ve just started playing with it here at Hak5 so we’ll give you our full review in the weeks to come.

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

T-Mobile’s great selection of tablets, laptop sticks and their new Mobile Hotspot gives you the freedom to stay connected with high-speed Internet on the go. Affordable high-speed Internet when and where you want, without overages. Mobile Broadband data plans start at $29.99 per month and current T-Mobile voice customers save an extra 20%! The G-Slate with Google® is T-Mobile’s first 4G Android tablet, and allows you to take your HD entertainment anywhere. Stay connected at blazing-fast speeds, when and where you want—no Wi-Fi needed. Immerse yourself in the entertainment you love—download apps, play games, stream video, and check your favorite websites. T-Mobile provides mobile broadband service that allows on-the-go, wireless, high-speed Internet through your choice of portable devices.

With more than 23 million members, Netflix is the world’s largest subscription service instantly streaming TV episodes and movies over the Internet. For one low monthly price, Netflix unlimited members can instantly watch TV episodes & movies streaming to their TVs and computers. With Netflix you can cancel anytime. Netflix unlimited members can instantly watch thousands of titles on a vast array of devices streaming TV episodes and movies like Microsoft’s Xbox 360, Sony’s PS3 game console and the Nintendo Wii console. Find movies you love – easily! As a Netflix unlimited member you can instantly watch as many movies as you want anytime you want for one low monthly price! You can cancel anytime. Get your FREE Trial membership. Go to netflix.com/hak5 and sign up NOW. Be sure to use this URL so that they know we sent you!”

Hak5 920 – Ubertooth One Primer, Multiboot USBs, Airodump Tips and Network Scanning

Darren Kitchen — Thu, 07 Jul 2011 01:23:37 +0000

This time on the show, an Ubertooth One Primer – Setup with BackTrack 5. Booting multiple ISOs from a single USB drive, we’ve got plenty of options. And answers to your questions on A+ certs, programming languages, network scanning and more.

Download HD Download MP4 Download WMV

Ubertooth One Primer – Setup with BackTrack 5

We’ve been asked numerous times to do a segment on getting started with the Ubertooth One, and while it’s specific to this hardware in nature the techniques involved are similar to that of many other tools.

If you’re not familiar, the Ubertooth One is an open source bluetooth testing tool made by Mike Ossmann in response to the lack of good bluetooth testing devices, or the ridiculously high price tags in excess of $10,000 for commercial monitoring equipment.

So in the same sense that we have inexpensive WiFi adapters that can go into monitor or promiscuous mode, we now have the Ubertooth One.

Now props to HarvestGardener on the BackTrack Linux forums for putting a lot of this together. Most of the Ubertooth development was done on Mac OSX but getting it going in Linux isn’t too difficult, thankfully.

So today I aim to setup dependencies and compile Ubertooth Tools in Backtrack 5 linux host machine. Currently does not work in VM — Libusb issues.

The first dependency you’ll need is pyside. It’s a PySide adds Qt bindings to Python, letting it use the cross-platform UI framework for some graphical goodness. You can download it manually from PySide.org or simply install it with apt. Unfortunately it isn’t in the default BackTrack 5 repository so you’ll need to add a personal package archive or PPA.

apt-get install python-software-properties
add-apt-repository ppa:pyside
apt-get update
apt-get install libnl-dev libusb-1.0-0-dev pyside-tools

Next we’ll need the PyUSB extension which provides USB access to Python.

wget http://downloads.sourceforge.net/project/pyusb/PyUSB%201.0/1.0.0-alpha-1/pyusb-1.0.0-a1.tar.gz
tar xvf pyusb-1.0.0-a1.tar.gz
cd pyusb-1.0.0-a1
python setup.py install

We’ll also need bluetooth baseband libraries so we can process raw bluetooth data. Thankfully libbtbb does the trick:

wget http://downloads.sourceforge.net/project/libbtbb/libbtbb.0.5.tgz
tar xvf libbtb.0.5.tgz
cd libbtbb
make
make install

Ok so we’re finally to the part where we actually get to the Ubertooth code. As of recording the latest version of Ubertooth software is release 238.

wget http://downloads.sourceforge.net/project/ubertooth/ubertooth-r238.tar.gz
tar xvf ubertooth-r238.tar.gz

This archive contains the latest firmware for both the Ubertooth One and Ubertooth Zero, the KiCad files if you’re so inclined to make your own Ubertooth, documentation and host software including a few bluetooth tools, kismet plugins and a fun little spectrum analyzer.

Since Bluetooth operates in the same 2.4 GHz ISM band as WiFi, we can actually use the Ubertooth One as a basic spectrum analyzer and see all of the WiFi signals for a given area.

python specan_ui.py

Alright, that’s a lot of info so we’re going to stop right here and pick up next time with compiling Kismet from source with the Ubertooth Plugin, capturing our first Bluetooth packets, installing the Wireshark plugin and finally analyzing the good stuff. If you haven’t already checked it out you can find the Ubertooth One at HakShop.com along with the documentation and source files if you’re crafty with the soldering iron and eager to build your own.

Boot multiple ISOs from one USB with these free tools

Having several tools on several USB’s or CD’s can be a pain in the butt, especially when you’re looking for a specific one but don’t remember which USB you put it on. To save us from this trouble, there are many applications available online that let you create one multibootable USB drive. Thus, you can store all your tools on one USB drive instead of ten. We’ve reviewed YUMI, UNetBootin, Darren’s done his MultiPass, and I’ve checked out Katana. This week, I’m checking out a couple of your user picks, XBoot, and Sardu.

The first one is XBoot. Its a light weight utility for creating multiboot USB’s OR CD’s. To use it, download the zip file from their website. Open the application and plug in your USB flashdrive. Now, you’ll need to have some ISO’s already downloaded on to your computer or you can go to File–>Download and choose some of your favorite utilities and linux distros.
Once they are done installing, drag the ISO’s into the box under the Create Multiboot USB/ISO tab. For mine, I chose Ophcrack, Clonezilla, and Puppy Linux. On the side, you can see the total size of the files added, you can remove files, look up the MD5 hash checksum in case you’re wondering if it’s the actual tool, and at the bottom you can choose to create your ISO Live CD or USB bootable flash drive. I’m choosing my FlashDrive. Double check the Selected USB drive to make sure it’s not your operating system drive. Then, this is cool, you can choose your Bootloader. I’ll stick with the recommended Syslinux, but you can also choose Grub4dos or not install one at all.
Then, when you click next, it’ll start copying all your ISO’s to your thumbdrive and create the bootloader. This may take several minutes, so just kick back and relax.

Once the USB is created, you’ll have the option to run it on QEMU to test it. You can also edit the flashdrive, by clicking the tab that says Edit Multiboot USB.

The second one is Sardu. Sardu is a program I found that was apparently made by Vikings using hieroglyphics. You simply plug in your flashdrive, click on your choices for Antivirus, Utilities, Linux Distros, and/or Windows CD’s, and choose make bootable USB. Clicking on the different utilities and linux distros will download them from their websites. You can also click ISO at the top and choose Make ISO, then click on an ISO folder to choose it for your flashdrive. I downloaded all of mine into my downloads folder, so I just navigate to the downloads folder and click OK. When done, click the cute little USB button and wait for it to finish creating the bootable USB. Once done, you can boot off your flashdrive using SuperGrubDisk. The tabs at the top enable you to check the Hash, create and defrag your USB.

Now I’m going to restart my computer and boot into Syslinux for XBoot and Grub for Sardu and try them out!
Looks like it works, and works well. The three ISO’s that I chose boot properly, and I can add more if I want!”"

So of these two, I have to say Sardu for Vikings took a bit more time for me to figure out how to get my ISO’s onto the USB and make it bootable. Turns out, I was just thinking too hard when trying to add my ISO folders! Xboot was pretty natural to figure out and it was easier to use. Xboot was my definetly my favorite.

So after googling for other multiboot creators, I found all the ones I could, but are there other ones? Do you use a tool that could make my life easier? Email me at feedback@hak5.org

Bash and Airodump-ng tips

Whether you’re trying to copy a PID from TOP or a BSSID from airodump-ng, when your terminal is constantly refreshing the task is cumbersome at best. So calm that screen with the shortcut CTRL+s. To resume simply hit CTRL+q. And specific to airodump-ng not only can you pause the screen with ‘space bar’, but there are all sorts of handy keystrokes like ‘tab’ – which lets you to scroll up and down the list of stations, ‘s’ which changes the sorting column, and my favorite, ‘m’ which marks connection groups with a colors.

Thanks to Sitwon and Bethany for sending these in and getting some complimentary hak5 swag. Submit your 4-bits at hak5.org/nibble

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

HakTip 3 – Packet Sniffing 101: Promiscuous Mode

Darren Kitchen — Tue, 31 May 2011 19:20:19 +0000

We’re getting promiscuous, with wireless cards! As part of our foundation series of HakTips Darren covers the fundamentals of wireless packet sniffing with a practical approach in BackTrack Linux using the Aircrack-ng suite.

Download HD Download MP4 Download WMV

Let’s think about network traffic as a cocktail party. Picture Alice and Bob on the love seat chatting it up while Charlie is deep in conversation with Dave at the bar. Meanwhile, Eve is nearby sipping a Hendrix Martini listening in on everyone’s conversations.

You see, in order for Alice to send a message to Bob she has to address it to him by his network interfaces MAC address — or Media Access Control Address. This address is unique every network interface on the planet. Bob’s is going to be different from Charlie’s, Dave’s or anyone else.

On a hub based network, Alice’s message is heard by all. But by default when Charlie or Dave hear a message addressed to a mac address other their own, their network interface will drop the frame completely.

This is where promiscuous mode comes into play. If Eve’s network interface is in promiscuous mode she doesn’t drop frames not addressed to her. This is great for packet sniffing, say if Eve was a network administrator attempting to debug a faulty network. Likewise, if Eve had malicious intent the same applies to eavesdropping.

Now promiscuous mode assumes a hub based network. Switches thwart this by only sending messages to their intended recipients instead of everyone.

Which brings us to Monitor mode. Monitor mode, or RFMON for Radio Frequency Monitor, is one of six modes that wireless network interfaces can assume. Similar to Promiscuous mode, Monitor mode allows the wireless network interface to “sniff packets” not intended for it.

Unline promiscuous mode however, an interface in monitor mode can sniff packets from access points it isn’t even associated with. Again this is great for, say, an administrator troubleshooting a network, or on the darker side for malicious purposes such as eavesdropping and cracking encrypted networks.

What program or command is giving you warm fuzzies? Hit me up — tips@hak5.org

And be sure to check out our sister show, Hak5 for more great stuff just like this.

Hak5 913 – BackTrack 5 VM with Wireless and Linux on a Dingoo Digital

Jason — Wed, 18 May 2011 21:25:02 +0000

This time on an exciting brand-new-studio edition of Hak5 we’re getting hands on with the latest version of BackTrack-Linux, configuring virtual machines and wireless. Shannon’s flashing the firmware on a Dingoo Digital A320 and installing a custom distro of Linux and so much more.

Download HD Download MP4 Download WMV

Hacker Headlines

Oh Skype… They have another security problem. Skype on Mac OS X has a bit of a flaw. You can send a Skype message to another user and potentially get remote access to that other computer. Gordon Maddern, a security researcher, found the flaw and told Skype about it more than a month ago, but there was no fix until after the news started spreading that there was an issue. Skype has released a small term patch, but no full fix has been released, nor has users been notified to update.

Just days before Google I/O begins, French security firm Vupen demonstrates a zero-day vulnerability in Google Chrome allowing remote execution. The exploit, which hasn’t been released to the public, bypasses Chrome’s praised Sandbox as well as Address Space Layout Randomization and Data Execution Prevention. Google, busy introducing the Chromebook, has not verified VUPEN’s claims and says that if necessary an update will be pushed to users automatically.

The death of Osama Bin Laden has spurred several scams throughout the interwebz. Malware has shown up on certain websites, a Facebook scam popped up, and even the blog of the guy who accidentially live twittered the event has been compromised. Scammers are smart and they know what you’re looking for. People want to see the ‘Osama death video’, which doesn’t exist. So for anyone out there who was considering clicking that video on Facebook and sharing it with your friends, DON’T, and while you’re at it, delete it from your profile if someone else posted it.

Symantic security researchers are reporting that a flaw in the way application authentication works on Facebook, nearly 100,000 apps may have complete access to your account. Facebook now uses OAUTH 2.0 for authentication, however older authentication schemes are still in use. The firm advises users to change their passwords immediately — which essentually thwarts the access token bug.

Hot off the heals of Ubuntu’s 11.04 “Natty Narwhal” release — which has been getting mixed reviews due to the new Unity window manager, Backtrack Linux releases the much awaited version 5. In addition to native 64-bit and ARM processor support the security distribution now comes in both KDE and Gnome flavors. Are you excited? Have you checked it out? It’s available via torrents, has a stealth mode, comes with Metasploit, and sounds just plain awesome!

Kerby’s oldschool app of the week
Oregon Trail

Hacking the Dingoo Digital A320

This week I’m introducing this fun little device called the Dingoo Digital.

The Dingoo Digital A320 is a gaming handheld for open game development. It has modest hardware specs: 400MHz CPU, 32MB of RAM, 4GB internal storage, a miniSD reader, a 2.8″” LCD screen with a 320×240 resolution, and your normal jacks. The cool part is the software. You can playback several video and audio file types, there is a built in FM tuner for radio, you can record voice, and the SDK is available for free. My favorite part is it’s customization features and ability to play ROMs. Because who doesn’t like video games?

The device comes preinstalled with several arcade games like Centipede, Mine Sweeper, and has built in Emulators for your convenience as well. But if you want more with your new toy, what is better than installing Linux on it?

Enter Dingux, the Linux Distro for the Dingoo. You can get Dingux on the dingoo-scene website as well as really easy steps to follow if you want to check it out.

First off, you’ll need to download a couple of files. Booboo’s dual boot installer zip file for Windows, and the local-10 or local zip file. Charge your Dingoo so it doesn’t die during the reflashing process. We don’t want a bricked Dingoo!

Once your files are downloaded, unzip the Dual Boot file into a new folder wherever you want on your PC.

Turn on the Dingoo and go to the ‘System Setup’ menu, ‘About’, and press A. Press up-right-down-up-right-down and an easter egg diagnostics screen pops up. On the screen it should say ILI9331 or ILI9325 at the end of one of the lines. Mine says 9331. This is an LCD model and pertains to the flashing procedure.

Now, reset the Dingoo by holding B and pressing in the power button. The screen will stay dark so don’t panic!

Plug the Dingoo Digital into your PC. Choose cancel if any ‘new hardware found’ screens pop up. When your PC asks for a driver location choose your newly created Dual Boot folder. The driver should successfully install and you’re ready to flash your Dingoo!

Unplug the Dingoo, press the reset button, and let it boot into the normal firmware. You won’t need to hit the on button during this reset.

Hold the B button down and press POWER AGAIN. Plug the Dingoo back into your PC.

Open cmd, and go to the Dual Boot File directory. cd shannon\downloads\Dingoo Dual Boot and execute the usbtool-win file. We’re going to upload a file to a specified address, so we’ll type usbtool-win 1 hwinit.bin 0×80000000. This should start the flashing. Then type usbtool-win 1 zImage_dual_boot_installer_ILI9331 0×80600000 and press enter. A screen will appear on the Dingoo saying Dual Boot Flasher and press start to coninue.

Follow the on screen instructions. If done correctly, it’ll say Success at the end. You should see a Dingux startup screen when your Dingoo restarts. There is another step to getting Dingux to startup, so right now it’ll just boot to the original firmware.

Reset your Dingoo and plug it into the PC. Your PC should find it in a few seconds.

Next, plug in your mini SD card and format it to FAT32. Unzip everything from the second file you downloaded, local-10.zip, to the root of your mini SD card.

After unzipped, go to the mini SD card and rename your LCD screen file to zImage. So, mine is ‘zImage-20090707-ILI9331′, and I’ll change the name to ‘zImage’. Delete the other LCD image file if you want to.

Then, you’re done! Unplug and reset the Dingoo while holding down the Select key. It should boot into Dingux and launch the Dmenu. You should see a new menu on your screen.

Now that you have Dingux installed, go online and find some handy ROMs!

There is a ton of stuff you can do with this gaming device. The growing online community has tons of homebrew video games to try out, theme packs, and ROM’s available. I’ve linked a bunch of the websites in our shownotes. I’m thinking next week I’m going to try to stick Doom on here, because, why not? It’s DOOM!

Email me at feedback@hak5.org with questions and comments.

HakTip: BackTrack 5 first-boot

Darren is excited to be playing with the new BackTrack 5 linux. BackTrack is a fantastic distribution for security auditing. Version 5 is available in 32 and 64 bit flavors as well as ARM processor support and now comes in either Gnome or KDE.

Darren demonstrates how to setup either a USB drive to boot directly off, or a Virtualbox VM. Darren goes on to show off ethernet configuration and setting up a wireless adapter over USB.

Emails

Nick writes in:

http://hackertyper.net/
set type speed to 1 for a more realistic look.

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

Hak5 906 – Cookies beware, we’re Session Hijacking! Blackbuntu vs BackTrack, Kompozer and a 28 foot multi-touch bar!

Jason — Wed, 30 Mar 2011 19:32:09 +0000

This time on the show, Cookies beware! It’s Session Hijacking time. Darren reports from Automate 2011 with a 28 foot multi-touch bar. Plus, websites made easy with Kompozer, a Backtrack vs Blackbuntu review and a whole lot more.

Download HD Download MP4 Download WMV

Hacker Headlines

SSL provider Comodo was hacked allowing attackers to obtain secure certificates for Google, Yahoo, Skype and others. comodo is claiming that the sophisticated attack against its European partner must have been “state-driven.” Comodo’s own incident reportpoints out IP addresses from Iran responsible for the attack. While simply obtaining these certificates, which have since been disabled, wouldn’t make those sites vulnerable — it would allow passwords and emails to be snooped using man-in-the-middle attacks to impersonate the legitimate sites. That would be pretty trivial to do if, say, you were Iran, which controls the nations telecommunications infrastructure.

The RSA’s SecurID systems has been hacked! The SecurID is a tool that authenticates by having you key in a password but also a series of random numbers. A few days ago the tool sent out an email to it’s users saying it was a victim of a hack that extracted certain data from the RSA’s system. Data that was directly related to their SecurID two-factor authentication tools. The RSA says it isn’t that bad, but make sure you beef up security at your company, i.e. make stronger passwords. Like that’s really going to get people to change their passwords.

Say you wanted to write your own Stuxnet like worm to attack SCADA systems? Well your job just got a lot easier. Security researcher Luigi Auriemma released proof of concept code for 34 vulnerabilities affecting SCADA systems from Siemens, Iconics, 7-Technologies and DATAC. The code, released on the bugtraq mailing list, doesn’t affect the backend systems, merely the operator platforms, however they would allow attackers to potentially crash systems, retrieve sensitive data or dig deeper into the network.

Check out those sweet Nintendo 3DS’s at your local retailer! Demo units have been available to play in stores, but they won’t let you check out the menu or the specs underneath the games that autoplay on the devices. Luckily, there is now a nice little hack to let you get into the main menu and see what lies beneath inside these awesome new toys. Check the link and give it a try.

Is your government or ISP messing with your data? In the wake of the Internet blackouts of Egypt and Libya, Google is announcing awards of at least a million dollars to Georgia Tech researchers working on tools for web users, as well as smartphones and tablets, which detect whether ISPs are adhering to service level agreements and if data is meing tampered with.

–

HakTip: Session hijacking with Firesheep

This week’s Hak Tip comes to us from Gary. Websites always make you login with a username and password, but when you’re on their page all cozy and logged in, you’re browsing insecurely on a regular old HTTP site. HTTP session hacking (called sidejacking) happens when an attacker gets the users cookie which you were transmitted when you first logged in, and they can use it to do anything you would normally do. The only way to really protect yourself from this is through SSL or HTTPS like what you see on your banking websites.

Firesheep, by Eric Butler, demonstrates how vunerable your login is. It’s a man in the middle attack firefox extension that anyone has the ability to use.

To use Firesheep, first make sure to download winpcap. Then download the browser extension and open it using firefox by dragging it into your list of extensions and add-ons. You may need to restart Firefox. Go to View–>Sidebar–>Firesheep and enable it. Now, simply click start capturing and you’ll be able to see the username and photo of anyone on your network that logs into one of the specific sites that Firesheep uses. Click on the name or photo of anyone on the list, and you are now logged in as them, with the ability to do whatever you want as them on that site. Scary huh? Luckily Twitter and Facebook have caught on to this and have enabled the ability to use HTTPS secure logins on their sites. So if you haven’t updated your settings, do it now!

Got a tip you want to share? Email them to tips@hak5.org and we’ll show them off!

–

The 28 foot multi-touch bar!

Darren reports from the Automate 2011 conference in Chicago checking out the mtBar from Crunchy Logistics and Imaging Source. This 28 foot rear diffused illumination multi-touch bar surface sports unlimited tracking of fingers and objects at 120 FPS. Darren gets the juicy details from Niel Dufva, Aaron Bitler and Brandon Hill from Crunchy Logistics, as well as John Berryman from Imaging Source.

–

Trivia!

Last week’s question was: In Season 5 of X Files, Esther Nairn is the creator of what ‘narly’ entertainment software? The answer is: Autonomous Bots in Ninjitsu Princess. This weeks question is: In what episode of the X Files can the Lone Gunmen be seen attending DefCon in Vegas? Answer at hak5.org/trivia for your chance to grab up some swag!

–

Snubs Report: Kompozer

Shannon checks out the easy web authoring tool Kompozer. Here are some of her favorite features:

Web authoring tool
No HTML or coding needed
FTP Site Manager- browseable side bar and tree view (kind of like Explorer’s folder pane)
Color Picker- Easy to use color swap, just click with your mouse.
Tabs- Can edit several docs at once
CSS Editor- Easy to create stylesheets
Styler- Toolbar lets you change style instantly
Customize toolbars
Forms- XUL-based UI to edit forms
Cleaner- get rid of annoying
‘s- make valid documents
XFN- Can add XHTML info saying you know and trust an external link
Visible Marks- can view carriage returns and block borders.
Table/ Cell resizing rulers- Adjust rows and columns easily
Automated Spellchecker

–

Road Test: Corsair Force SSD

In the words of Mr Horse: “No sir, I don’t like it”

While the Corsair Force SSD has great performance numbers, a few major annoyances are harshing on my technolust.

No SSD should BSOD Windows on S3 resume. Nor should it report “No bootable device” upon cold boot.

Sorry Corsair, I gave it a fair chance for just about a month and even with the latest firmware this thing’s a dud.

–

Emails: Computer models and Blackbuntu vs Backtrack

Victor writes: I was wondering whats the computer that you usually have in the show cause it looks really good i think i might want to get one but i don’t know the model or manufacturer.

Darren and Shannon have both recently upgraded to the 11.6″ Acer Aspire TimelineX 1830T. Darren has the Intel Core i7 version while Shannon has opted for the i3.

Prior to these Shannon was using the 9″ Acer Aspire One and the 10″ Nokia Booklet 3G while Darren has had the 7″ ASUS eee PC 701, 9″ Acer Aspire One and 15″ ASUS N53J.

Juan writes: I was watching episode 903 and at the end you mention Blackbuntu. I have use Backtrack before but have never herd of Blackbuntu I start it to poking around the internet and found not only Blackbuntu but GnackTrack too both are sort of the same idea both are base on ubuntu both use gnome and both have the standard Backtrack program suit so I was think all tree of them make for a good head to head battle or just for a review

Darren has been playing with Blackbuntu for about a week now. Prior to that he’s been using BackTrack since 3.0, but never as a primary OS. Here are some of his initial observations:

Blackbuntu is based on ubuntu 10.10 using Gnome as the window manager and contains a similar feature set to BackTrack.
BackTrack is more established, while Blackbuntu is on version 0.2 it’s counterpart BackTrack is nearing beta of version 5.
BackTrack is the basis for the Offensive Security courses and certifications, which teach all sorts of pentesting and wireless attacks in both live-in-person and online learning scenarios
In comparison to BackTrack, Blackbuntu doesn’t have much of a community. You’re more likely to find tutorials and help for BackTrack
That said, most of what you’d do with BackTrack will run very similarly on Blackbuntu.
The biggest strong point Blackbuntu has in my book is the fact that it’s a highly customized version of Ubuntu with Gnome, which I’m already familiar with, and to me is better suited as a primary Linux OS.
Then again I’ve run into stability issues with Blackbuntu that have me, for the time being, switching back to Backtrack 4r2
I’ll reassess these in the near future when BackTrack 5 debuts, which will be both 32 and 64 bit compatible, running on Ubuntu 10.04 with official support for KDE, Gnome and Fluxbox

–

Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic for ask a question feel free to hit up feedback@hak5.org.

Episode 825 – Shmoocon 2011 – Part 2: Android Botnets, Hacking from a cave and IPv6

Jason — Wed, 09 Feb 2011 19:56:21 +0000

This time on the show Darren talks to Georgia Weidman, Director of Cyber Warfare at Reverse Space about her smartphone botnet project. Shannon learns about the latest in Katana and Joe Klein joins us once again to debunk IPv4 exhaustion myths and the next step for IPv6 adoption.

Download HD Download MP4 Download WMV

Episode 822 – Penetration Testing with Armitage for Metasploit

Darren Kitchen — Thu, 20 Jan 2011 20:36:33 +0000

Raphael Mudge of FastAndEasyHacking.com joins Rob Fuller, aka Mubix, to talk about his project Armitage; a cross-platform GUI front-end for Rapid7′s Metasploit. Mudge demonstrate setting up the software, scanning for targets, attacking hosts with client side attacks or remote exploits, and finally pivoting throughout the network using pass-the-hash techniques. Time to grab some paper, pencil and an unsuspecting virtual machine!

Download HD Download MP4 Download WMV