Hulu and the BBC iPlayer everywhere with a little VPN action to bypass Geo IP filters. We’ll be setting up Network Manager in BackTrack5. Plus, Linux inside of Windows, graphing trace-routes in terminal and a whole lot more this time on Hak5!

Download HD Download MP4 Download WMV

VPN in BackTrack 5 with Network Manager

BackTrack 5 is rocking my world as of late. I’ve been running the gnome 32bit version as my primary os on one of my laptops since release and I so far it has been fantastic out of the box.

That is until I wanted to easily connect to a PPTP VPN. While BackTrack5 includes Wicd — the Wireless (and wired) Interface Connection Daemon I’m more familiar with Network Manager, which includes a VPN client. Two birds, one stone!

In this segment I setup Network Manager in BackTrack 5.

apt-get install network-manager-gnome

cp /etc/network/interfaces{,.backup}

echo “”auto lo”" > /etc/network/interfaces

echo “”iface lo inet loopback”" >> /etc/network/interfaces

service network-manager start

nm-applet&

reboot

Run Linux apps in Windows with AndLinux

If you want to run Ubuntu seamlessly inside a Windows box, perhaps you’ll be interested in this tool called andLinux. AndLinux is a complete Ubuntu system that runs in Windows (all except 64-bit 7) and uses a program called coLinux as it’s core. CoLinux is a port of the Linux kernel to Windows. It’s kind of like running linux in a VM, except with coLinux, andLinux merges itself with Windows and the Linux kernel instead of running through an emulated PC. andLinux is for fun and development and it can run almost any Linux applications without having to do any modifications.
So, with andLinux you get a fully functional Linux system, with no desktop interface. It gives you a second panel or start menu where you can load Linux apps. The apps can be run simultaneously with Windows apps and you can cut and paste text between them.

AndLinux comes in a couple of different versions- KDE version (which is a full version) or XFCE (minimal). When you go through the andLinux installation on Windows, there are a few important steps to keep in mind.
Choosing your start up type: I chose run andLinux automatically as a NT service because it is the most convenient choice. You don’t have to do any kind of configurations if you choose this option.
You’ll be asked to create a username and password for andLinux login.
For Windows file access, I chose COFS as it gives you easier configuration compared to Samba. Samba will, though, let you share files with special characters.
Also, if Windows starts freakin because it’s not Microsoft certified, just click continue anyway.

Once the installation has finished, just restart your computer and unblock any windows firewall settings that may occur from the installation. To start using andLinux, first run the NT console. This will open a command prompt that’ll ask you for your username and password. You can then close that window and start using any of the programs and applications that are available in the boot menu. It’s kind of like downloading all the Linux programs straight into Windows without using a Linux OS.

So I’m just going to try some of these programs out, and they all seem to work just fine. So andLinux looks to be a very handy way to use Linux applications indeed! If you like it, tell me so! feedback@hak5.org.

Nibble: MTR isn’t your fathers traceroute

MTR isn’t your father’s Traceroute. It’s the ultimate command line tool for finding out where those tasty little packets are getting lost. From bash issue mtr –report-wide –curses and your destination of choice.

mtr –report-wide –curses 8.8.8.8

MTR will bring up a curses terminal interface with a constantly updating report on hops and pings, complete with hostname, best and average latency, and percentage of packets lost at each link.

Thanks to Brian for sending this in and scoring some complimentary hak5 swag. Submit your 4-bits at hak5.org/nibble

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

If you’re an IT or software consultant, you’re always looking to compete with the big guys. Problem is you may be a one man show! You need a remote support tool – and the best is Go To Assist Express. The faster you can connect to a customer, the faster you can move on to the next challenge! Reduce your travel time and increase revenue by handling more support requests. Brought to you by Citrix, you KNOW Go To Assist Express is easy and secure. Try GoToAssist Express FREE for 30 Days. For this special offer visit GoToAssist.com/Hak5.

If you want to build a video site or if your website has a play button, I recommend getting a dot TV domain. A dot TV website lets you showcase your original content and create a unique site, not just another YouTube channel.
Just go to domain.com and search for the perfect dot TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%.
If you need to host your dot TV website, don’t forget about Domain.com’s web hosting plans. They’re less than six bucks a month and have everything you need to build, maintain, and promote your site.
Remember – when you think domain names, think domain.com.
Got a great idea? It all starts with a great domain. domain.com

Audible.com is the leading provider of downloadable digital audiobooks and spoken word entertainment. Audible has over 75,000 titles to choose from, to be downloaded to your iPod/MP3 player and played back anywhere, anytime. Choose from books in every genre, science fiction, thrillers, drama, comedy, business, history and more. Go to audiblepodcast.com/ hak5 to get a FREE audiobook-download of your choice when you sign up today. Again go to Audiblepodcast.com/hak5 for your Free Audiobook!

This time on the show, Mubix joins us to add persistance to our penetration testing with a little Metasploit, Microsoft, and IP version 6

Download HD Download MP4 Download XviD Download WMV

As Mubix, aka Rob Fuller explains: Bind shells went to the wayside with the dawn of firewalls and NAT, but IPv6 was nice enough to bring them back. With the help of some built in tools from good old Redmond and our trusty Meterpreter, we can now connect to our shell any time we please. Based on his Revenge of the Bind Shell presentation we dive into the tools and techniques required to traverse firewalls and maintain persistence.

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic for ask a question feel free to hit up feedback@hak5.org.

This demonstration Mubix joins us to add persistance to our penetration testing with a little Metasploit, Microsoft, and IP version 6.

Bind shells went to the wayside with the dawn of firewalls and NAT, but IPv6 was nice enough to bring them back. With the help of some built in tools from good old Redmond and our trusty Meterpreter, we can now connect to our shell any time we please. Based on his Revenge of the Bind Shell presentation we dive into the tools and techniques required to traverse firewalls and maintain persistence.

This week Shannon is bypassing NSFW filters while Darren goes sniffing for packets in all the wrong places.

Download HD Download MP4 Download XviD Download WMV

Darren takes Android WiFi Tether and Shark for a spin and ends up learning an important geography lesson.

Shannon is demonstrating a few techniques to detecting NSFW links and bypassing potential work filters with a few web tools, including: LongURL.com, PDFmyURL.com, Aviary.com and Variably Safe For Work.

—

You’re Invited to Hak5’s Birthday!

Join us to celebrate 5 years of technolust at the Hotsy Totsy Club – an Albany institution since 1939! Come for drinks, pool, shuffleboard and a live performance from nerdcore sensation, Eighty of Dual Core! 21+. No cover. Street parking. 7 blocks from El Cerrito BART. WiFi. Taco’s Autlense Taco Truck parked in lot. Need we say more?

Saturday, August 14th at 7:00 PM
Hotsy Totsy Club
601 San Pablo Ave.
Albany, CA 94706

RSVP now via Facebook – can’t wait to celebrate the grand years of old school hacking with you!

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

This week Darren is joined in San Francisco by his wonderful co-host Shannon! I know, right? We’re talking about open source software that will save the day if your laptop is ever stolen, following up on your password tips, and finishing up the homebrew router build with Untangle!

Download HD Download MP4 Download XviD Download WMV

Your Password Tips

Shannon and Darren share your password generation tips and tricks:

Ankaku writes: Here is the modified version of my gmail password.
ub012531oa932010ot980245xs601359gc201845ac296987. 48 chars. I’ve been using this format since a school I went to used it. It’s actually pretty easy to remember, and anything can be used ex. initials + section of ip address, phone number etc.

Teemu writes: another simple tool to create secure passwords fast is the apg (Automated Password Generator), compileable on most Unix-ish systems I suppose.

For instance:

#!/bin/sh
/sw/bin/apg -a 1 -m 64 -c cl_seed

Would spew out 6 passwords with 64 random characters.
Project home page: http://www.adel.nursat.kz/apg/

Nathan writes: The technique I find most useful in creating my passwords, aside from the ones you guys mentioned in the last episode, is to follow a spatial pattern on the keyboard itself. (i.e. qwerty, asdf, qweasdzxc; *I know those are terrible passwords, but example of spatial pattern) If you mix this technique with a passphrase that has been 1337speaked, you have a fairly long and seemingly random password string. However, spatial patterns offer the distinct advantage of usually being fairly easy to type quickly, making the physical breach of your password security a bit more of a challenge.

Eugene writes: http://howsecureismypassword.net/ — It’s based on a jQuery JavaScript library that estimates how long it would take an average computer to brute force a password. It even checks it against a list of 500 commonly used passwords (like pass, password, etc), and points out if you’re using a common password. It’s pretty nifty, and interesting how much extra time it would take to brute force by just adding an extra character to the end might make.

Extofer writes:I use a similar schema as Shannon regarding changing the password a bit depending on the site. But I also use a phrase, much like Darren mentioned too… I top it off by replacing certain letters with numbers. and of course, special characters. For instance…

say I take a phrase like: code monkey

replace o = 0 and e = 3 like

c00d3m0nkey

that alone could be hard to hack… it’s 11 alpha numeric characters. Now I tack in special characters and unique identifiers for each site like for Facebook, i will tack uppercase FB, gmail, maybe GM or GE, Hotmail, HM, etc…. you can also distinguish by color of the site or the initials of their mascot, etc.

c00d3m0nkeyFB

finally, tack in at least 2 special chatacter, you can put them perhaps one at the beginning, and one at the end, or on in the middle and one at the end…. which ever.

c00d3*m0nkeyFB+
c00d3+m0nkeyFB>

Jaryth writes: One of the passwords I’ve always been tempted to use, but never really ended up using… ‘http://www.google.com/?’

But you say “thats a URL not a password?” but you see… its both . Every single password checker I’ve run it though says its secure, its easy to remember, and even if someone DID have a key-logger on a machine, they’d think you where just typing in a URL.

So… if you wana mess with people, set your password to the URL of the site. Even if someone manages to crack it, they will ASUME that the user is stupid and typed their password into the wrong box .

pcdoctor writes:For years I have used RoboForm 5.7.6 which was the last free one to support 30 passwords per group and unlimited groups. It will not create
new passcards in ie7 or 8. It will work in those browsers if the passcard is created in IE6 ahead of time…

So, anywho, I had to find a replacement and this is my story…

I tried KeePass, but got a virus popup when I loaded the browser plugin,
so that was the end of that.

I like lastpass.com, but no matter how well written and secure it is,
the fact that it runs code in the browser and gets the data and updates
from the web is a big red flag to me.

So, I wanted to use Password Safe which was originally designed by Bruce
Schneier, but it was clunky and a big step down in functionality from
roboform (but it was safe)

So, I Hak ed it. Well, kinda. Here’s how to make it work great:

Download it at http://sourceforge.net/projects/passwordsafe/files/

or follow the links from here http://www.schneier.com/passsafe.html

Install it and click the add new icon, enter the url, usrename, password
Then click the additional tab and uncheck use default and change that to Run
Command put this in the Run Command box “${appdir}passsafe.exe” $url $u $p then I used http://www.autohotkey.com/ to compile a script I called passsafe.exe that I put in Password Safes install folder

The script is as follows

Run, "iexplore.exe" %1%
KeyWait, LButton, D
KeyWait, LButton, U
Sleep, 100
SendInput, %2%{TAB}%3%{ENTER}

now when I double click something in the safe, it feeds $url $u $p to my
program which uses iexplore (or any browser you want) to go to the url
then it waits for you to click in the username box (and highlight an
existing username if need be) and then it types username, TAB, password, ENTER

you can write custom scripts for websites that need other combinations
(like newegg).

I even wrote a script that runs from my hosts quick launch to fill in my
Password Safe password in my virtual machine.

and that’s my story and I’m sticking to it

Lyle writes: One great technique for long passwords is to pick a book from your bookshelf. Then go to a predetermined page [42, 69, 100]. Something you will remember. The first line of text on the page is your password. Need to change your password? Change the page number or change the book.

Patrick writes: Darren and Snubs were talking about passwords. I haven’t upgraded to the 2.x series yet, but for websites I use http://supergenpass.com It is just a little Javascript you save as a bookmark (or bookmarklet), it asks you for a “Master Password”, and it takes that, combines it with the domain name, and through some hash comes up with a totally random password. It’s pretty portable in that as long as you can add a bookmark to the browser you’re using, you can use SuperGenPass. There is an online “mobile” version, but I’ve never used it — don’t want my “Master Password” sent over the internet.

Adam writes: My suggestion for passwords is to use an application to centrally store the password in a secure database (of course then using a complex password for that database). This way, every password for every site can be unique + crazy complex so I don’t have to worry that if one site is hacked they will get access to the rest of my stuff. The program I use is Password Safe: http://passwordsafe.sourceforge.net/ It is free, open source, and (originally) written by a very reputable source, Bruce Schneier. Once the password is entered, the app offers some neat features, including: Easy copy/paste of usernames and passwords. The ability to paste in fields that don’t support the clipboard (like KVMs) using (I think) a virtual HID device. Built in password generator. All the data is stored in a single encrypted file, making it easy to copy to a second computer.

—

Domain.com

I like Domain.com’s Deluxe web hosting plan that’s only $8.75/mo. One click install of all the popular open source programs like WordPress, Joomla, and Drupal, and more! Unlimited traffic

Free website builder with unlimited pages, Easy and affordable to get your sites online with Domain.com.

Domain.com offers blistering fast DNS and hosting infrastructure, the lowest prices on the web AND the highest quality. Thanks to Hak5 fans, Domain.com is one of the fastest growing domain and hosting companies in the world. Got a great idea? It all starts with a great domain. Domain.com! Don’t forget to use coupon code HAK5 at checkout to get 15% off your order.

—

Snubs Report: Stolen Laptop Recovery

Say you’re hanging out in the city one day and you leave your computer at the table while you go grab your coffee. There is always the small chance that, if you leave your laptop unattended, someone could up and swipe it. Usually when this happens you can go to local authorities and hopefully they’ll find the thief. But to make matters a lot better for you, you can use a program like Prey, which will track all sorts of valuable information and even take a picture of the thief, hopefully helping you and authorities find your computer.

There are tons of features in Prey:

• Uses Wifi hotspots or GPS embedded in the device to accurately pinpoint where the laptop is.
• If Wifi isn’t in use, Prey will try to auto connect to an open hotspot to send you info.
• Prey is written in Bash and very lightweight. It’s also Portable!
• You can edit Prey as you like, adding or removing specific tasks, because each task uses a different module.
• Prey will list running programs and any files that were modified, as well as take a picture of the person if you have an integrated webcam.
• Messages can be sent to the device to be read on the screen, and even heard by anyone nearby.
• Last but not least, Prey is open source and FREE for up to three devices, and will run on any laptop.

First, download Prey onto the computer that you wish to track. Click on download and go thru the installation wizard. The download takes barely any time at all and at the end, if you havent configured the tool, it will prompt you to do so.

First thing I need to choose is setting up my reporting method. You have two options- you can either use a control panel interface, or a standalone interface. The difference is, the control panel can be accessed thru the prey website, and is quick and powerful- everything get sent directly to you as the reports come in. The standalone version will send you updates in your email, but to activate Prey to start reporting you need to activate and delete a URL and setup your mail server settings by hand.
Choose the control panel version. You need to create a new user account so type in your name, email address, and password. Change the name and device type. Click Create.

You’ll need to activate your email address, so log into your email, click the link and log in then add devices. Go back to the install and click OK and it tells you congrats now your devices are being tracked!
Now add a device by clicking the orange button. Fill in the name and it generates all your information about the device. Click create and it’s created. It gives you a device key and you can click on the name to configure all your settings. All of these choices are pretty self explanatory and if you don’t know what you’re choosing, hover over the exclamation point and it’ll explain the setting for you.

Now, if your computer gets stolen, log into prey project.com and change the status to missing. Now, updates will be recorded on your prey project page for you to view every 20 minutes (or however many minutes you choose).
I <3 it do you? Email me at feedback@hak5.org.

—
GoToAssist Express
Anyone expecting a long wait for your technical expertise is in for a BIG surprise. With Go To Assist Express brought to you by Citrix, you can provide immediate support by easily viewing and controlling your customers’ computers online! Provide instant remote one-to-one support to clients located ANYWHERE in the world. Handle more requests in less time. Assist up to 8 customers at once. Support both Mac and PC users! Try GoToAssist Express FREE for 30 days! For this special offer, you must visit GoToAssist.com/Hak5 for a FREE trial.

—

Homebrew Router Part 2

You’ll remember from episode 718 that we built a homebrew router based on a mini-itx motherboard running an Intel Atom. This week we’re replacing Smoothwall with Untangle, a free, full featured open source router.

We also cover the basics of QoS in the context of a home network. Getting in fights with your roommates about bandwidth hogging or online game performance? Take a look at Untangle’s easy to manage built in features. Not to mention the app store. Yes, of course it has an app store.

I’m looking for your feedback on these home LAN and IT segments to be sure to hit me up at feedback@hak5.org

—

Netflix
Netflix delivers movies directly to your home saving you time, money and hassle. As a Netflix unlimited member you get DVDs by mail in about 1 business day. Plus, you can instantly watch thousands of TV episodes and movies streamed directly to your PC, Mac or right to your TV via a Netflix ready device like the Xbox 360, PS3, and Nintendo Wii console. Watch as many movies as you want! Shipping is FREE and there are never any late fees or no due dates. Keep the movies as long as you like. DVDs by mail – Plus, instantly right to your TV.
Get unlimited movies 2 ways for only $8.99 a month. As a new member and a Hak5 viewer, you can get a FREE Trial membership. Go to www.netflix.com/Hak5 and sign up NOW! . . Be sure to use this URL so that they know we sent you!

—

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

]]> http://Hak5.org/episodes/episode-720/feed 22 http://Hak5.org/episodes/episode-718 http://Hak5.org/episodes/episode-718#comments Wed, 16 Jun 2010 18:32:35 +0000 Jason http://www.hak5.org/?p=2025 ]]>



Make your home network scream with a high performance router and firewall. Darren builds a custom network appliance using cheap parts, free and open source software and more power tools than he’s typically allowed to touch. Plus, need an online backup solution? Fancy 50 gigs in the cloud for free? Shannon’s got the hookup.

Download HD Download MP4 Download XviD Download WMV

Chuck that plastic router

Sure you could go out to your local big box store and pickup a cheap plastic box that claims to route packets for you and your dozen Internet loving devices, but unless you fancy your multi-core gaming rig being limited by a network-toy with a smart phone processor it’s time to step it up a notch. This week we’re breaking out the mini-itx boards and, wait, someone let Darren touch the power tools?

—

Trivia

While Tux the penguin may be the official Linux mascot, Larry the Cow is the unofficial mascot of which Linux distribution?

Enter for your chance to win a super sweet new Hak5 sticker pack set by submitting your answer at hak5.org/trivia

—

Domain.com

I like Domain.com’s Deluxe web hosting plan that’s only $8.75/mo. One click install of all the popular open source programs like WordPress, Joomla, and Drupal, and more! Unlimited traffic

Free website builder with unlimited pages, Easy and affordable to get your sites online with Domain.com. Domain.com offers blistering fast DNS and hosting infrastructure, the lowest prices on the web AND the highest quality. Thanks to Hak5 fans, Domain.com is one of the fastest growing domain and hosting companies in the world. Got a great idea? It all starts with a great domain. Domain.com! Don’t forget to use coupon code HAK5 at checkout to get 15% off your order.

—

Building a cheap acrylix mini-itx case

Why pay for a fancy mini-itx case when you can easily build one out of scrap parts for next to nothing? In this segment Darren breaks out the power tools to find out just how skillful he can be. Be forewarned that Darren makes no claims at being handy. Please send all hate mail to aardwolf+ignore@gmail.com

—

Innovative Online Storage

Props to JPG for sending this in!

Lets face it, local backups only get you so far. And unless you’re shipping hard drives to grandma’s place every other week a true offsite backup solution is, unfortunately, not commonplace. Of course there are services like dropbox and sugarsync, but with a paltry 2 gigs with the free accounts it beacons back to the 2 meg days of Geocities. And don’t get me started about Geocities Thankfully there is a service that, if you’re willing to contribute to, will offer you up to 50 gigs of cloud storage.

Wuala is a service by Lacie that let’s you store a gig of data up in the cloud. Of course like any other similar service you won’t be backing up operating system or program files, this is just for the priceless material. Photos, documents, and. Um. Maybe music.. Anyway, what sets Wuala apart from the rest is the ability to trade gigabytes of local storage on your own personal hard drive for storage in the cloud.

Some of Wuala’s features include:
Ad free
private, shared and public modes
personal folders and groups
secure file storage
Pro users get version control

If you’re not keen on sharing your precious hard drive with others there is a paid version of the service that starts at $25/year for 10 GB and ramps up to $1000/year for a terabyte. Personally if you’ve got that much stuff that needs a home on the web you might be better off with Amazon’s S3 storage solution — as long as you don’t need to upload and download it frequently.

Wuala is available for Windows, Mac, and oh yes, Linux. Thanks to Go To Assist Express I can easily walk you through the simple Windows setup on one of our Hak5 cloud labs boxes. Downloading Wuala is very easy, you just follow the steps that pop up and tada! You’re done. I would suggest checking out the included tutorial for a very quick look at how to use Wuala in a nutshell.

To upload a picture I simply click add files, choose my image, and open it. Once the image is uploaded, it’ll have a little green bullet next to the file. You can also drag and drop a folder or file into Wuala. To change the privacy settings of a folder, right click, go to properties, change the visibility by clicking change, and choose private, shared, or public. I’ll choose shared, then I’ll select ‘all’ friends. Since I dont’ have any yet, just picking this will include all my future friends. if you have friends already, it’ll list them in that popup. I save, and in a few seconds my folder will turn red, showing me it’s a ‘shared’ folder.

Wasn’t that easy, now your essential files are backed up to the cloud using industry standard encryption. I <3 online backups nearly as much as I <3 portable apps. Do you? What are you using? Email me at feedback@hak5.org with any of your thoughts!

—

GoToAssist Express
Their computer. Your brain. How do you get the two together without wasting time and money traveling? Use Go To Assist Express to view and control your customer’s computer ONLINE so you can fix the problem on the spot! Save time and money on travel. Satisfy customer quickly and efficiently. Then move on to other tasks! Try Go To Assist Express FREE for 30 days! For this special offer, you must visit GoToAssist.com/Hak5 for a FREE trial.

—

Installing Smoothwall

With our hardware built our focus shifts to setting up the software for our spiffy new router. There are quite a few free open source solutions to choose from, including m0n0wall, Smoothwall and pfsense. I’m a big fan of Smoothwall so in this segment I’ll be guiding you through the interactive installer.

—

Netflix

Netflix delivers movies directly to your home saving you time, money and hassle. As a Netflix unlimited member you get DVDs by mail in about 1 business day. Plus, you can instantly watch thousands of TV episodes and movies streamed directly to your PC, Mac or right to your TV via a Netflix ready device like the Xbox 360, PS3, and Nintendo Wii console. Watch as many movies as you want! Shipping is FREE and there are never any late fees or no due dates. Keep the movies as long as you like. DVDs by mail – Plus, instantly right to your TV. Get unlimited movies 2 ways for only $8.99 a month. As a new member and a Hak5 viewer, you can get a FREE Trial membership. Go to www.netflix.com/Hak5 and sign up NOW! . . Be sure to use this URL so that they know we sent you!

—

Rememebr we’re in LA for E3 this week. Darren Kitchen and Jenn Cutter will be bringing the Hak5 perspective from the show.

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

]]> http://Hak5.org/episodes/episode-718/feed 64 http://Hak5.org/episodes/episode-703 http://Hak5.org/episodes/episode-703#comments Wed, 03 Mar 2010 14:45:54 +0000 Darren Kitchen http://www.hak5.org/?p=1723 ]]>



Back from Britain and bouncing off the walls Darren pits three ancient Internet Explorers against each other to see which free application sandbox can save you from yourself. Shannon joins us from Missouri for her take on the top “ultra” Windows software, and Paul… Well, Paul’s tearing down the set.

Download HD Download MP4 Download XviD Download WMV

Rogue DHCP Server Detection

Following up with last week’s discussion on Rogue DHCP Servers I found it fitting to mention Tim Ashley’s Rogue DHCP Server Detector as found on the Hak5 forums.

Free Application Sandbox Challenge

In an effort to discover whether free application sandboxing solutions from Comodo and Sandboxie can save a (L)user from themselves, Darren takes three Internet Explorer 6 Virtual Machines around the Internets famous red light district in a set of challenges put forth by the fine folks at irc.hak5.org.

The Top “Ultra” Windows Warez

Perplexed by software titles claiming to be the most elite thing since ascii art Shannon set off to round up the top “Ultra” software for Windows and see there is any merit fo their titles. The round up includes:

• #5 Ultra Screensaver Maker
• #4 Pong Ultra
• #3 Ultra Network Analyzer
• #2 UltraVNC
• #1 Ultra Defrag
]]> http://Hak5.org/episodes/episode-703/feed 42 http://Hak5.org/hack/bypass-filters-with-your-own-web-proxy http://Hak5.org/hack/bypass-filters-with-your-own-web-proxy#comments Mon, 14 Dec 2009 07:41:45 +0000 Darren Kitchen http://www.hak5.org/?p=1620



The age old scheme for bypassing restrictive firewalls, like those that block sites at school or work, has been to use a web proxy. Of course this is followed up by the network administrator blocking all mainstream proxies. But what if you could run your own? Well, you can and it’s really freaking easy. In this segment Darren demonstrates PHProxy



]]> http://Hak5.org/hack/bypass-filters-with-your-own-web-proxy/feed 8 http://Hak5.org/episodes/episode-614 http://Hak5.org/episodes/episode-614#comments Wed, 18 Nov 2009 14:49:32 +0000 Darren Kitchen http://www.hak5.org/?p=1457 ]]>



Got a restrictive firewall blocking sites at school or work? Evade ‘em easily with your own private web proxy. Want to securely tunnel any port through an SSH session? Darren’s got just the trick. Wondering how to properly use Asleap to crack MS-CHAPv2 PPTP VPN handshakes & LM Hashes? Interested in trying out neat free enterprise applications but don’t feel like spending hours in a terminal? Try deploying a virtual appliance in minutes, the free and open source way.

Download HD Download MP4 Download XviD Download WMV

Port Tunneling and Socks5 Proxies with a Secure Shell (SSH)

SSH Tunneling isn’t new to the show, we’ve done it before over DNS or in conjunction with VNC. Today we’re looking at two SSH tricks for tunneling just about any traffic.

First up, ssh -D. The -D option specified a local "e;Dynamic"e; application-level port forwarding. Any connection made to the specified port goes through the tunnel as a SOCKS4 or SOCKS5 proxy. Perfect for secure web browsing as demonstrated with Firefox in this segment.

Usage

ssh -D 8080 user@server

Second, ssh -L. The -L option enables port forwarding. Using this option tells the SSH client to listen to traffic on a specified port and forward it along through the tunnel. The server receives this data and points it to the specified destination, whether it be on the destination network or otherwise. In our example we use the -L option to securely connect to an open IRC server.

Usage

ssh user@server -L local-listen-port:destination-ip:destination-port

For more SSH-fu check out the ssh man page or Linux Journal’s interesting series on 101 uses of openssh.

Bypassing site-blocking firewalls with your own private web proxy

The age old scheme for bypassing restrictive firewalls, like those that block sites at school or work, has been to use a web proxy. Of course this is followed up by the network administrator blocking all mainstream proxies. But what if you could run your own? Well, you can and it’s really freaking easy. In this segment Darren demonstrates PHProxy

Cracking MS-CHAPv2 PPTP VPN handshakes & LM Hashes Followup from 6×12

On episode 612 we demonstrated a tool, asleap, designed to crack MS-CHAPv2, the authentication protocol commonly found in Microsoft PPTP VPNs. The final demo was unsuccessful due to the encoding of the handshake and response sniffed by Wireshark. Viewer Sc00bz was kind enough to post a PHP script that accepts the challenge, response and username and provides you with the proper asleap command to run with the properly encoded byte sequences. Sc00bz has well documented the code, which lives now on this Hak5 forum thread. Thanks Sc00bz!

Deploying Virtual Appliances in minutes the open source way

A Virtual Appliance can be though of as a software image containing a supporting stack designed to run inside a virtual machine. A quick look at vmware’s virtual appliance directory shows that there are hundreds of applications that can be quickly and easily deployed. In this segment I take the Dimdim open source virtual appliance, designed for vmware, and deploy it with VirtualBox (just becasue I can).

]]> http://Hak5.org/episodes/episode-614/feed 38 http://Hak5.org/episodes/episode-512 http://Hak5.org/episodes/episode-512#comments Wed, 06 May 2009 05:27:57 +0000 Darren Kitchen http://www.hak5.org/?p=1110 ]]>



Want to bypass those nasty restrictions imposed by your corporate or university firewalls? Darren has just the trick with Internet Redirection. Ever wanted to hide secret data inside a photo? Shannon’s show us a neat steganography app. Plus Matt answers your virtualization questions!


Download HD Download MP4 Download XviD Download WMV

Show Notes

Internet Redirection

Corporate and university firewalls can be a particular PITA — especially if you’re a gamer. And while SSH tunneling (even over DNS)or VPN technologies are often preferred, it is quite possible to “bounce” your traffic off an Internet Redirection server. Like a fancy proxy, rinetd allows you to specify incoming and outgoing IP and port. It features basic client access rules based on IP and even supports logging. In my segment I demonstrate accepting traffic on port 80 and transmitting it to an IRC server on port 6667.

Granted this isn’t going to fool your more complex firewalls that actually inspect packets — but if you’re just looking to get traffic through an open port I highly recommend giving rinetd a try.

–Darren

Steghide

Download a copy of Steghide. Extract the zip.

You want to hide a file. First thing you need is a file to hide it in. Choose a file – whether that be a music file, jpeg, word document� whatever – and save it inside the steghide folder, which was extracted from the zip folder. Also, save your file that you want to hide inside that same folder as well.
Open up your command prompt and open the steghide folder directory. Open the steghide.exe file. The last few rows of type will tell you how to embed and extract your hidden file.

Embedding:
Type into the command prompt: �steghide embed -cf file.jpg (this is your regular file) -ef hiddenfile.txt� (this is the file you want to hide).
Choose a Passphrase and you�re done! You�ll notice the original photo or music file has changed it�s byte size now that you�ve embedded something inside it.

Extracting:
Type into the command prompt: �steghide extract -sf file.jpg� and enter the passphrase. Now, you�ll see the extracted hidden file appear inside the same folder.
Your done! Simple, eh?

–Shannon

]]> http://Hak5.org/episodes/episode-512/feed 25 http://Hak5.org/episodes/episode-501 http://Hak5.org/episodes/episode-501#comments Wed, 18 Feb 2009 21:51:13 +0000 Darren Kitchen http://www.hak5.org/?p=772 ]]>



Getting to know your neighbors — Darren takes a trip around your network with nmap, THE open source network security scanner. Want to obscure your OS fingerprint? Make a Windows Box show up as a printer? Shannon�s got just the thing. And Matt takes a first look at the Napera N24 smart network switch / security appliance. All that and more on this Hak5 Season 5 Premiere!

Download HD Download MP4 Download XviD Download WMV


Watch

Show Notes

Taking a trip around your network with Nmap

This week I talk about network scanning with the difinitive open source security scanner Nmap.

Scanning ones own network is ideal whether simply to know your neighbors or keep inventory of your assets. As a black hat it can be the first step in enumerating a target environment and looking for weaknesses.

In order to perform our scan we’ll simply need a copy of Nmap. It’s available for Windows, Mac, and just about every flavor of Linux, BSD and more. If you’re on a debian based system like Ubuntu a simple apt-get install nmap should do you good. If you’re looking for a security distribution with nmap (and a ton of other great tools) built in can’t speak highly enough of BackTrack. Version 4 beta was just recently released.

The underlying workings of Nmap are better explained in this guide but suffice it to say it takes advantage of TCP’s 3-way-handshake and other fancy raw packet tricks to find hosts and open ports. In this segment I set out to introduce the concept and get you started with a few basic examples. If you’re interested I recommend Nmap Network Scanning and the official man pages as further reading.

The segment details some commands and their usage in a searching for open MS terminal servers scenario. I highly encourage you to provide feedback either by way of email (darren AT hak5 d0t org) or on our forums. I enjoy doing segments like these but if you have any corrections (more than one way to skin a cat), suggestions for future topics or hacks of your own please let me know.

–Darren Kitchen

Obscure your OS Fingerprint

OSfuscate 0.3 by Irongeek is used to camaflouge or obscure your Windows OS. With this tool, it’ll show up like another OS of your choice, nothing at all, or even a printer. OSFuscate could be used if you are on a hostile network and need some sort of cloak while going along in your daily routine. It is important to note that this is not a fool proof method for hiding yourself on a network and should not be relied upon for security. however, as a layer of obscurity in addition to your regular security practices you may want to consider it.

It’s a simple process to set up OSFuscate on your machine. Go to Start->Run->Regedit. Back up your Parameters folder, found under System->CurrentControlSet->Services->Tcpip->Parameters. You can do this by simply right clicking on the folder, and choosing export. This is basically just to keep yourself form messing up your OS in the process and having no way to return it to normal. You’ll notice on Irongeek’s website that certain Parameter Registry keys will be subtly changed. You could do this by hand, but OSFuscate makes this task super simple. Open OSFuscate, and choose an OS that you want to pretend to be. Restart your computer and the differences should be in place! Now if someone running NMap snoops your computer, they’ll see some other OS other than what you actually have.

You can find more information at Irongeek’s Website. And as always, you can email me with any comments or suggestions.

as it really helps us out.

–Shannon Morse

Matt’s full review of the Napera N24 can be found on his blog at MattLestock.com.

Thanks for tuning into our season premiere episode. We’re very excited about all of the exciting new projects coming up in Season 5. We appreciate and encourage your feedback — especially on this episode’s fresh format, pace, and presentation. We strive to make this show better and better for you every week so let us know how we’re doing!

And a big thanks to those who’ve contributed to the success of Hak5. Your donations are greatly appreciated!

]]> http://Hak5.org/episodes/episode-501/feed 18