Soldering 101: Shannon builds a network tap. Perl and GraphViz for mapping twitter connections. Chrome tips and deauthing WiFi. All that and more this time on Hak5.

Download HD Download MP4 Download WMV

Perl and GraphViz for mapping twitter connections.

As you know I’m a huge fan of programming as a hobby. Picking up BASIC was one of the first major steps that led to me becoming the huge computer geek I am today. So when I saw an email from Hak5 fan Jason Cooper about his latest creation I just had to take a look.

Jason has developed a really nifty perl script that maps links between people on twitter. His first version outputs a file ready to be converted by GraphViz into a beautiful image.

I’ll demonstrate how to get started here in Linux, but this will work on any OS that supports Perl and GraphViz which is pretty much all the major platforms.

I’ve wget’d and unzip’d the twittermap code from HeckrothIndustries.co.uk

Running ./twitterMap we’re presented with the arguments. Running more on twitterMap reveals an explination of the options.

As a test I’m going to run twitterMap with –breadth-search –limit=3 –max-pages=3 –output-file=hak5darren1.map –twitterid=hak5darren

This is going to take a moment while the script combs through the last three pages of my tweets and follows back 3 levels deep through messages sent to and from the specified account.

Jason hopes to add the option to map followers in addition to messages and the option to produce word lists from tweets.

Once twitterMap finishes I’ll be left with the output file specified. If I less the output file I can see a list of twitter IDs and their relationships. The colors correspond to relationship. Red is the origin while blue represents neighbors, black third parties and orange IDs that haven’t been looked at.

Using GraphViz the output file can be converted into an image with the syntax “”fdp -o hak5darren1.png -Tpng hak5darren1.map”"

This may take a bit so while GraphViz is processing you may want to pop back over to Jason’s site and take a peek at some of his other creations – like sssDetect, which detects when you’ve been a victim of Moxie’s sslStrip tool, or a nifty catch game for the GP2X.

Once complete you’ll find a PNG file in your source directory and honestly, it looks fantastic.

This is a great example of the spring model image GraphViz is able to produce from a simple conversion file.

Thanks so much for sending this in Jason. I wasn’t even aware of GraphViz and playing with the code made my day.

So what are you hacking away at? Got any code to send my way? Hit me up — feedback@hak5.org, maybe we’ll have your program on the show.

Kerby’s I Can Haz Cheezburger Kitty of the week

halp! i not cheezburger!

Packet sniffing with a LAN Tap

Today we’re packet sniffing — and no it’s not a black hat man in the middle attack. If you’re a network administrator or anyone who has to troubleshoot network issues you should have a passive network tap in your toolkit.

A network tap is basically a piece of hardware that lets you see the data flowing across a network. In a lot of cases you can use a computer to monitor the traffic between two points on the network, say between your router and switch.

Suffice it to say, if the network between points A and B are of the physical ethernet cable variety, a “”network tap”" is the best way to take a look at the traffic. A tap has at least three ports: an A port, a B port, and a monitor port.

For example the A port could be connected to the switch providing Internet access and the B port could be connected to the computer you’d like to monitor. And the monitor port is just that- a port that lets you monitor what’s in between.

Network taps are commonly used for network intrusion detection systems, VoIP recording, network probes, and packet sniffing, along with several other uses. Taps are used in security applications because they are non-obtrusive, in most cases aren’t detectable on the network, and can deal with full-duplex connections.

In our case, this network tap will work indefinitely since it doesn’t even need power. Passive network taps are almost the same thing as a general network tap, except these do not need power, there is no built-in computer or moving parts, and it’s just a few wires and connectors that will move data from one point to another.

You can build a passive network tap for under 20 bucks from parts at your local hardware store. A while back our friend Mike Ossmann built a 5-in-1 network admin cable that could do all sorts of stuff like Serial Console, Cross-Over and part of that was a passive network tap in a sort of throwing star design. Since then the Throwing Star LAN Tap has born under the Great Scott Gadgets brand.

This little guy is a small, simple device for monitoring Ethernet communications. To the target network, the Throwing Star LAN Tap looks just like a section of cable, but the wires in the cable extend to the monitoring ports in addition to connecting one target port to the other. You can use the Star along with tcpdump or Wireshark to collect data.

Now the throwing-star comes as a kit so you’ll have to solder it together yourself, which is half the fun. The tap comes in 7 pieces, the printed circuit board, four modular connectors and two capacitors.
Normal gigabit signals travel in both directions and it’s impossible to build a completely passive tap. There are gigabit taps but they’re like 1000 bucks, so yeah – no thanks. To overcome this limitation though, the throwing star gracefully degrades the signal with these two supplied capacitors that force the connection down to 100 Mbits by adding a slight noise to the line. Unless you’re using a really really long cable this shouldn’t become an issue and in most cases the tapped device will just drop down to 100mbit without trouble.
You will also need a soldering iron, some electrical solder (i’m using rosin core solder with flux build in), and a pair of wire cutters. Insert the four connectors into the circuit board. Be careful that each of the leads extends through the circuit board before snapping the connector fully into place. Insert the two capacitors through the circuit board. Once the iron is hot, place just a bit of solder on the tip. This is called tinning, which prevents the tip from oxidizing. Oxidization is bad because the solder wont adhere to oxidized surfaces. Solder both the 8 leads on the connectors and the leads of each capacitor and clip off the excess with wire cutters. There are 36 solder points on this board, which should take just a few minutes once you get going… Ok, with the board soldered it’s time to start using it. For this part I’ve asked Darren to play the victim here and we’ll start tapping his connection.

Connect the computer to the network through the throwing star in line on ports J1 and J2. Connect another ethernet cord to J3 and/ or J4 and plug it into your computer that you’ll be sniffing packets on. One monitor port is send, the other is receive.

Next on your computer, set your ethernet adaptor to promiscious mode. To do so in Linux, type ifconfig eth0 promisc where eth0 is your ethernet adaptor. You can check that the adapter went into promiscuous mode by typing ifconfig eth0 and looking for PROMISC. Now fire up your fav packet sniffer, I’m going to use Wireshark because its built into BT5 already. Click applications> backtrack> information gathering> network analysis> net traffic analysis> wireshark. Then to start viewing traffic, click on eth0 or choose interfaces under capture and click start next to eth0. If all works you should start seeing packets being sniffed. If I want to filter say IRC, I’ll type IRC up in the filter box, click apply, and I should start seeing whatever Darren is sending.

To tap both transmit and and receive you’ll need a second ethernet adapter, like this little USB guy here. Either fire up a second instance of Wireshark or TCP Dump to tap eth0 and eth1 or bridge the connections together.

This is a must for any network geek so head over to ossmann.com for the plans on build your own, or pop by the hakshop to have one delivered right to your door.
”

Nibble: Chrome task manager

I love Chrome. You love Chrome. Well, maybe you love Opera — nothin’ wrong with that. But if a page is harshin’ on your Chrome vibe go ahead and kill it with this keyboard combo. SHIFT+ESC brings up Chrome’s built-in task manager, cluing you into all sorts of details about every tabs memory, CPU and network usage. Right-click to get even more nitty gritty, or just kill the tabs process. There’s even a “”stats for nerds”" link that’ll bring you to about:memory for more than you ever wanted to know about how that flash game’s robbing your resources. Sorry Adobe — just sayin’

You know the deal, hak5.org/nibble — keep ‘em under 8 bits.

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Join modding wizard Ben Heck and friends as they build and modify a host of amazing community-inspired creations. Be sure to watch the most recent episode of The Ben Heck Show where Ben builds an Arduino-powered, exterior-mounted camera system for an off-road vehicle. The setup enables the driver to control the cameras from inside the cabin to get a better view of obstacles while driving on rugged, off-road terrain. This show about building, modding and electronics culture is brought to you exclusively by element14. Be sure to visit element14.com/tbhs for a chance to win one of Ben’s latest builds!

I’m here to tell you about a tool that will help you save time and money and make you look like a hero to clients or colleagues GoToAssist Express – by Citrix. Lets you easily resolve computer issues in real time OR after hours. Even work while your customers are away from their computers, dramatically boosting your productivity. In fact, on average, Go To Assist Express users report a 40% increase in productivity – that’s like getting 2 extra work days back a week! Try GoToAssist Express FREE for 30 Days. For this special offer visit
GoToAssist.com/hak5.

.TV is the best domain name for websites with video. If you want to build a video site or if your website has a play button, I recommend getting a .TV domain. A .TV website lets you showcase your original content and create a unique site, not just another YouTube channel. Just go to Domain.com and search for the perfect .TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%. If you need to host your .TV website, don’t forget about Domain.com’s web hosting plans. They’re less than six bucks a month and have everything you need to build, maintain, and promote your site. Remember – when you think domain names, think Domain dot com. Got a great idea? It all starts with a great domain. Domain.com

This time on the show, Cookies beware! It’s Session Hijacking time. Darren reports from Automate 2011 with a 28 foot multi-touch bar. Plus, websites made easy with Kompozer, a Backtrack vs Blackbuntu review and a whole lot more.

Download HD Download MP4 Download WMV

Hacker Headlines

SSL provider Comodo was hacked allowing attackers to obtain secure certificates for Google, Yahoo, Skype and others. comodo is claiming that the sophisticated attack against its European partner must have been “state-driven.” Comodo’s own incident reportpoints out IP addresses from Iran responsible for the attack. While simply obtaining these certificates, which have since been disabled, wouldn’t make those sites vulnerable — it would allow passwords and emails to be snooped using man-in-the-middle attacks to impersonate the legitimate sites. That would be pretty trivial to do if, say, you were Iran, which controls the nations telecommunications infrastructure.

The RSA’s SecurID systems has been hacked! The SecurID is a tool that authenticates by having you key in a password but also a series of random numbers. A few days ago the tool sent out an email to it’s users saying it was a victim of a hack that extracted certain data from the RSA’s system. Data that was directly related to their SecurID two-factor authentication tools. The RSA says it isn’t that bad, but make sure you beef up security at your company, i.e. make stronger passwords. Like that’s really going to get people to change their passwords.

Say you wanted to write your own Stuxnet like worm to attack SCADA systems? Well your job just got a lot easier. Security researcher Luigi Auriemma released proof of concept code for 34 vulnerabilities affecting SCADA systems from Siemens, Iconics, 7-Technologies and DATAC. The code, released on the bugtraq mailing list, doesn’t affect the backend systems, merely the operator platforms, however they would allow attackers to potentially crash systems, retrieve sensitive data or dig deeper into the network.

Check out those sweet Nintendo 3DS’s at your local retailer! Demo units have been available to play in stores, but they won’t let you check out the menu or the specs underneath the games that autoplay on the devices. Luckily, there is now a nice little hack to let you get into the main menu and see what lies beneath inside these awesome new toys. Check the link and give it a try.

Is your government or ISP messing with your data? In the wake of the Internet blackouts of Egypt and Libya, Google is announcing awards of at least a million dollars to Georgia Tech researchers working on tools for web users, as well as smartphones and tablets, which detect whether ISPs are adhering to service level agreements and if data is meing tampered with.

–

HakTip: Session hijacking with Firesheep

This week’s Hak Tip comes to us from Gary. Websites always make you login with a username and password, but when you’re on their page all cozy and logged in, you’re browsing insecurely on a regular old HTTP site. HTTP session hacking (called sidejacking) happens when an attacker gets the users cookie which you were transmitted when you first logged in, and they can use it to do anything you would normally do. The only way to really protect yourself from this is through SSL or HTTPS like what you see on your banking websites.

Firesheep, by Eric Butler, demonstrates how vunerable your login is. It’s a man in the middle attack firefox extension that anyone has the ability to use.

To use Firesheep, first make sure to download winpcap. Then download the browser extension and open it using firefox by dragging it into your list of extensions and add-ons. You may need to restart Firefox. Go to View–>Sidebar–>Firesheep and enable it. Now, simply click start capturing and you’ll be able to see the username and photo of anyone on your network that logs into one of the specific sites that Firesheep uses. Click on the name or photo of anyone on the list, and you are now logged in as them, with the ability to do whatever you want as them on that site. Scary huh? Luckily Twitter and Facebook have caught on to this and have enabled the ability to use HTTPS secure logins on their sites. So if you haven’t updated your settings, do it now!

Got a tip you want to share? Email them to tips@hak5.org and we’ll show them off!

–

The 28 foot multi-touch bar!

Darren reports from the Automate 2011 conference in Chicago checking out the mtBar from Crunchy Logistics and Imaging Source. This 28 foot rear diffused illumination multi-touch bar surface sports unlimited tracking of fingers and objects at 120 FPS. Darren gets the juicy details from Niel Dufva, Aaron Bitler and Brandon Hill from Crunchy Logistics, as well as John Berryman from Imaging Source.

–

Trivia!

Last week’s question was: In Season 5 of X Files, Esther Nairn is the creator of what ‘narly’ entertainment software? The answer is: Autonomous Bots in Ninjitsu Princess. This weeks question is: In what episode of the X Files can the Lone Gunmen be seen attending DefCon in Vegas? Answer at hak5.org/trivia for your chance to grab up some swag!

–

Snubs Report: Kompozer

Shannon checks out the easy web authoring tool Kompozer. Here are some of her favorite features:

• Web authoring tool
• No HTML or coding needed
• FTP Site Manager- browseable side bar and tree view (kind of like Explorer’s folder pane)
• Color Picker- Easy to use color swap, just click with your mouse.
• Tabs- Can edit several docs at once
• CSS Editor- Easy to create stylesheets
• Styler- Toolbar lets you change style instantly
• Customize toolbars
• Forms- XUL-based UI to edit forms
• Cleaner- get rid of annoying
  ‘s- make valid documents
• XFN- Can add XHTML info saying you know and trust an external link
• Visible Marks- can view carriage returns and block borders.
• Table/ Cell resizing rulers- Adjust rows and columns easily
• Automated Spellchecker

–

Road Test: Corsair Force SSD

In the words of Mr Horse: “No sir, I don’t like it”

While the Corsair Force SSD has great performance numbers, a few major annoyances are harshing on my technolust.

No SSD should BSOD Windows on S3 resume. Nor should it report “No bootable device” upon cold boot.

Sorry Corsair, I gave it a fair chance for just about a month and even with the latest firmware this thing’s a dud.

–

Emails: Computer models and Blackbuntu vs Backtrack

Victor writes: I was wondering whats the computer that you usually have in the show cause it looks really good i think i might want to get one but i don’t know the model or manufacturer.

Darren and Shannon have both recently upgraded to the 11.6″ Acer Aspire TimelineX 1830T. Darren has the Intel Core i7 version while Shannon has opted for the i3.

Prior to these Shannon was using the 9″ Acer Aspire One and the 10″ Nokia Booklet 3G while Darren has had the 7″ ASUS eee PC 701, 9″ Acer Aspire One and 15″ ASUS N53J.

Juan writes: I was watching episode 903 and at the end you mention Blackbuntu. I have use Backtrack before but have never herd of Blackbuntu I start it to poking around the internet and found not only Blackbuntu but GnackTrack too both are sort of the same idea both are base on ubuntu both use gnome and both have the standard Backtrack program suit so I was think all tree of them make for a good head to head battle or just for a review

Darren has been playing with Blackbuntu for about a week now. Prior to that he’s been using BackTrack since 3.0, but never as a primary OS. Here are some of his initial observations:

• Blackbuntu is based on ubuntu 10.10 using Gnome as the window manager and contains a similar feature set to BackTrack.
• BackTrack is more established, while Blackbuntu is on version 0.2 it’s counterpart BackTrack is nearing beta of version 5.
• BackTrack is the basis for the Offensive Security courses and certifications, which teach all sorts of pentesting and wireless attacks in both live-in-person and online learning scenarios
• In comparison to BackTrack, Blackbuntu doesn’t have much of a community. You’re more likely to find tutorials and help for BackTrack
• That said, most of what you’d do with BackTrack will run very similarly on Blackbuntu.
• The biggest strong point Blackbuntu has in my book is the fact that it’s a highly customized version of Ubuntu with Gnome, which I’m already familiar with, and to me is better suited as a primary Linux OS.
• Then again I’ve run into stability issues with Blackbuntu that have me, for the time being, switching back to Backtrack 4r2
• I’ll reassess these in the near future when BackTrack 5 debuts, which will be both 32 and 64 bit compatible, running on Ubuntu 10.04 with official support for KDE, Gnome and Fluxbox

–

Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic for ask a question feel free to hit up feedback@hak5.org.

This week Shannon is bypassing NSFW filters while Darren goes sniffing for packets in all the wrong places.

Download HD Download MP4 Download XviD Download WMV

Darren takes Android WiFi Tether and Shark for a spin and ends up learning an important geography lesson.

Shannon is demonstrating a few techniques to detecting NSFW links and bypassing potential work filters with a few web tools, including: LongURL.com, PDFmyURL.com, Aviary.com and Variably Safe For Work.

—

You’re Invited to Hak5’s Birthday!

Join us to celebrate 5 years of technolust at the Hotsy Totsy Club – an Albany institution since 1939! Come for drinks, pool, shuffleboard and a live performance from nerdcore sensation, Eighty of Dual Core! 21+. No cover. Street parking. 7 blocks from El Cerrito BART. WiFi. Taco’s Autlense Taco Truck parked in lot. Need we say more?

Saturday, August 14th at 7:00 PM
Hotsy Totsy Club
601 San Pablo Ave.
Albany, CA 94706

RSVP now via Facebook – can’t wait to celebrate the grand years of old school hacking with you!

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

With a mixture of in-studio and on location in Dublin this week we’re talking to Robin Wood about DHCP Exhaustion and DNS Man-in-the-Middle attacks, talking Metasploit modules and a Pineapple Monkey half-breed.

Download HD Download MP4 Download XviD Download WMV

DHCP Exhaustion and DNS Man-in-the-Middle Attacks

Rather than your typical ARP based Man-In-The-Middle attack, Robin wood brings us two metasploit modules for both denial of service attacking a DHCP server and deploying a rogue DHCP server of your own with a DNS MiTM to boot. Check out the Metasploit DNS and DHCP Exhaustion – BETA at Digininja.org.

The JasagerInterceptor – a Pineapple Monkey mashup

This week we take a look within the community and highlight some of the awesome work done by Beakmyn. In an answer to Deathray’s thread on a Jasager with a network tap like the Interceptor, he brings you just such project. Behold the JasagerInterceptor. I’ve seen it with my own eyes at Shmoocon and I must say it’s a nifty bit of kit.

Darren demonstrates a little man-in-the-middle attack using SSLStrip, an epic tool for removing that pesky encryption from your victims browsing session. Go from secure site to clear-text passwords in one simple step.

Moxie Marlinspike‘s SSLStrip, released at Blackhat/DEFCON this year, is a tool that transparently hijacks HTTP traffic and redirects HTTPS links to look-alike HTTP links. While this description barely scratches the surface, Darren’s segment takes a closer look including a pracitcal demonstration of a man-in-the-middle attack using arpspoof and a little luck with remote-exploit’s BackTrack 4 penetration testing distribution.

Never again have your curious Google searching or social networking adventures be thwarted by your school or office firewall. Darren show off free and easy ways to bypass the filters using SSH or your own homegrown web proxy.

SSH Tunneling isn’t new to the show, we’ve done it before over DNS or in conjunction with VNC. Today we’re looking at two SSH tricks for tunneling just about any traffic.

First up, ssh -D. The -D option specified a local "e;Dynamic"e; application-level port forwarding. Any connection made to the specified port goes through the tunnel as a SOCKS4 or SOCKS5 proxy. Perfect for secure web browsing as demonstrated with Firefox in this segment.

Usage

ssh -D 8080 user@server

Second, ssh -L. The -L option enables port forwarding. Using this option tells the SSH client to listen to traffic on a specified port and forward it along through the tunnel. The server receives this data and points it to the specified destination, whether it be on the destination network or otherwise. In our example we use the -L option to securely connect to an open IRC server.

Usage

ssh user@server -L local-listen-port:destination-ip:destination-port

For more SSH-fu check out the ssh man page or Linux Journal’s interesting series on 101 uses of openssh.

Got a restrictive firewall blocking sites at school or work? Evade ‘em easily with your own private web proxy. Want to securely tunnel any port through an SSH session? Darren’s got just the trick. Wondering how to properly use Asleap to crack MS-CHAPv2 PPTP VPN handshakes & LM Hashes? Interested in trying out neat free enterprise applications but don’t feel like spending hours in a terminal? Try deploying a virtual appliance in minutes, the free and open source way.

Download HD Download MP4 Download XviD Download WMV

Port Tunneling and Socks5 Proxies with a Secure Shell (SSH)

SSH Tunneling isn’t new to the show, we’ve done it before over DNS or in conjunction with VNC. Today we’re looking at two SSH tricks for tunneling just about any traffic.

First up, ssh -D. The -D option specified a local "e;Dynamic"e; application-level port forwarding. Any connection made to the specified port goes through the tunnel as a SOCKS4 or SOCKS5 proxy. Perfect for secure web browsing as demonstrated with Firefox in this segment.

Usage

ssh -D 8080 user@server

Second, ssh -L. The -L option enables port forwarding. Using this option tells the SSH client to listen to traffic on a specified port and forward it along through the tunnel. The server receives this data and points it to the specified destination, whether it be on the destination network or otherwise. In our example we use the -L option to securely connect to an open IRC server.

Usage

ssh user@server -L local-listen-port:destination-ip:destination-port

For more SSH-fu check out the ssh man page or Linux Journal’s interesting series on 101 uses of openssh.

Bypassing site-blocking firewalls with your own private web proxy

The age old scheme for bypassing restrictive firewalls, like those that block sites at school or work, has been to use a web proxy. Of course this is followed up by the network administrator blocking all mainstream proxies. But what if you could run your own? Well, you can and it’s really freaking easy. In this segment Darren demonstrates PHProxy

Cracking MS-CHAPv2 PPTP VPN handshakes & LM Hashes Followup from 6×12

On episode 612 we demonstrated a tool, asleap, designed to crack MS-CHAPv2, the authentication protocol commonly found in Microsoft PPTP VPNs. The final demo was unsuccessful due to the encoding of the handshake and response sniffed by Wireshark. Viewer Sc00bz was kind enough to post a PHP script that accepts the challenge, response and username and provides you with the proper asleap command to run with the properly encoded byte sequences. Sc00bz has well documented the code, which lives now on this Hak5 forum thread. Thanks Sc00bz!

Deploying Virtual Appliances in minutes the open source way

A Virtual Appliance can be though of as a software image containing a supporting stack designed to run inside a virtual machine. A quick look at vmware’s virtual appliance directory shows that there are hundreds of applications that can be quickly and easily deployed. In this segment I take the Dimdim open source virtual appliance, designed for vmware, and deploy it with VirtualBox (just becasue I can).

This time on the show Darren’s having a little man-in-the-middle fun with a demonstration os SSLStrip, an epic tool for removing that pesky encryption from your victims browsing session.

Download HD Download MP4 Download XviD Download WMV

Moxie Marlinspike‘s SSLStrip, released at Blackhat/DEFCON this year, is a tool that transparently hijacks HTTP traffic and redirects HTTPS links to look-alike HTTP links. While this description barely scratches the surface, Darren’s segment takes a closer look including a pracitcal demonstration of a man-in-the-middle attack using arpspoof and a little luck with remote-exploit’s BackTrack 4 penetration testing distribution.

Mubix of Room362 comes down to the HakHouse to share his favorite tools for analyzing packet captures and network taps. Darren’s toying around with netcat and music streaming while Shannon’s got the skinny on the latest hacks for Wii Homebrew with system menu 4.0.

Download HD Download MP4 Download XviD Download WMV

Show Notes

While Matt’s busy moving into his new house Mubix of Room362 fills in with an awesome segment on analyzing data from packet captures or live network taps using Network Miner and Net Witness.

Darren’s taking Chad’s advice and using netcat with mpg123 to stream music from the console.

Plus Shannon has the skinny on unlocking your Wii and installing homebrew even if you’re running the new System Menu 4.0.

And don’t forget to check out our latest contest at Hak5.org/yourlan where the most creative network will win cozy Hak5 gear from our newly opened HakShop

In this episode Shannon hacks the Wii and shares her favorite homebrew with us. Matt connects 3CX to the PSTN and Darren sets up a network monkey client in Linux.

Download HD Download MP4 Download XviD Download WMV

Watch

Show Notes

Twilight Hack

Wii Homebrew

You need a few things:

• wii
• wii mote controller
• computer
• internet access
• small sd card formatted as FAT.
• Zelda Twilight Princess for Wii

The Wii Brew Wiki
Homebrew Channel

How to install the Wii Homebrew Channel on your Wii using the Twilight Hack.

Download the Twilight Hack. There are two versions, one for Wii system 3.3, and one for 3.4. I haven’t updated mine, so I’m still on 3.3.

Download the Homebrew Channel zip file.

Also, if you want, go ahead and download some apps from the HackMii website. I suggest the Homebrew Browser so you dont have to copy apps to the SD card every time you wanna download something new.

You’ll need a small SD card 2 gig or smaller. Make sure to format your SD card as FAT. Do to this, right click on the SD card, and choose format. Simple!

Put the SD card in your Wii, then turn it on. Go to the Wii Options–>Data management–>Save Data–>Wii section of the menu. Find your Zelda: Twilight Princess saved file, and copy it. If you havent played it yet, you might not have a saved file, so go ahead and play a bit. Put your SD card in your computer and copy the “Private” folder from the card to your comp, just in case you may need it in the future.

Move the homebrew executable that you extract from the zip file to your SD card root directory and save it as boot.dol or boot.elf.

Also, save the Twilight Hack Private folder from the extracted zip file to your SD card.

Now, check out your Twilight Princess game CD. It should have some hard to read serial numbers inscribed on the inner circle. Match this serial with the corresponding “Save slot”.

RVL-RZDE-0A-0 JPN/private/wii/title/rzde/data.binTwilightHack0RVL-RZDE-0A-0 USA/private/wii/title/rzde/data.binTwilightHack0RVL-RZDE-0A-2 USA/private/wii/title/rzde/data.binTwilightHack2

Region	Inner circle text	File	Save slot
Europe/Australia	RVL-RZDP-0A-0 JPN	/private/wii/title/rzdp/data.bin	Twilight Hack
Asia (JPN)	RVL-RZDJ-0A-0 JPN	/private/wii/title/rzdj/data.bin	Twilight Hack
America (USA)
America (USA)
America (USA)

Inside the private–>wii–>title folder are 3 folders with letters corresponding to the serials. Delete the two that don’t match your cd.

Put your SD card back in the Wii. Go to Wii Options–>Data management–>Save Data–>Wii and erase the Zelda save now. Open the SD card menu and choose Twilight Hack. Copy to the Wii.

Stick your game CD in your Wii and boot up Zelda! Choose the save slot that corresponds with your serial. Mine was TwilightHack0. Go ahead and skip the intro, it doesn’t hurt the hack. Once you see Link as a playable character, either walk backwards or talk to the guy in front of you. This will start up the hack install process, so just choose “Agree” to everything.

You’re done! Now you can play on the homebrew channel. Yay!

Get the homebrew browser so you can download apps straight from the channel instead of shuffling your SD card around.

To do that, simply stick the sd in your computer and create a folder called apps. Copy the homebrew browser folder and its contents over to the sd and back it goes to your wii!

If you have some cool homebrew for the Wii, tell me about it or ask me any questions at Snubs@hak5.org.

Don’t forget to submit your questions@hak5.org and feedback@hak5.org and thanks for your contributions.

The perfect primate for pen testers is none other than network monkey. Introducing Robin Wood’s Interceptor — on this episode we hack the Fon+ and turn it into a network tap and rogue wireless access point. Sniff the LAN from across the street or hack the network from the inside out! Learn how Network Monkey Pirates your Packets today!

Download HD Download MP4 Download XviD Download WMV

Watch

Show Notes

Our friend digininja is at it again. On this episode we feature Robin Wood‘s latest hack based on none other than the Fon+ wireless router.

Interceptor is a wireless wired network tap. Simply put you place it in line on an ethernet cable, then connect to it via a special wireless access point. Once connected and running the Interceptor scripts you’ll be able to sniff all of the traffic passing across the wire.

Interceptor doesn’t affect TTL and adds minimal latency to packets. It doesn’t associate to the target network so discovering an active Interceptor on your LAN isn’t trivial.

This tool is perfect for pen testers. The device inexpensive, based on the Fon+ router and using open source software. It is small enough to fit behind a network wall plate, inside a plush monkey, or even inside a network switch or other gear.

In this episode we demonstrate the usage, illustrate the installation and speak with the developer Robin Wood.

You can download the software and play with it yourself from digininja.org/interceptor and find support and discussion at the Hak5 Interceptor Forum.

Thanks for watching, subscribing, and most of all supporting the show. On a related note custom commissioned WiFi Pineapples running Jasager are now available.

We return next week with a regular format show. Don’t forget to submit your questions@hak5.org and feedback@hak5.org and trust your technolust!