This time on the show Kevin Mitnick is in the house to answer questions from us and you! Then preventing file clobbering with mistyped wakkas and keeping big brother from eavesdropping on you! Plus, a missle whistle? All that and more this time on Hak5!

Download HD Download MP4

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

This time on the show, Raphael Mudge chats about Armitage — the GUI front-end to Metasploit. Plus, Nerdcore sensation Dual Core is making the lives of forensics investigators much more difficult. Plus PPTP VPNs, SSID broadcasting and what the F* is an Octothrope? All that and more, this time on Hak5.

Download HD Download MP4

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Domain.com is owning the competition with cheap domain names and no hassle service. Our Hak5 fans our making Domain.com one of the fastest growing domain registrars in the world.
If you’re setting up a website to show off pictures of your cat, brag about your n00b owning skills, or do something more business related, Domain.com is the best place to buy a domain name for your new idea. Domain.com’s easy checkout process makes it simple to find your domain name and set up your website without the hassle. Domain.com’s Domain Discovery System quickly shows you available names, making it easy to select the domain extension that’s right for you. Find a sweet dot COM or get a dot CO and save a character. Already have a domain somewhere else? It’s cool, transfer it to Domain.com for only $7.61 and get an extra year free. The guys at Domain.com are huge fans of Hak5 and want to hook up other Hak5 fans. Use coupon code HAK5 and get 15% off your next domain purchase or transfer. That’s only $6.47 for domain transfers. Don’t forget, when you think domain names, think Domain.com.

“Being in IT and not using the right tools to get the best results for your clients is like a surgeon not using the best, most reliable medical equipment…
How can you expect your clients to work with you? That’s why I use GoToAssist Express by Citrix – the BEST remote support tool…
It’s the only one I trust and rely on to get the job done right! GoToAssist Express is designed with speed and usability in mind and makes it easy to get in, diagnose and resolve the problem – fast!
In fact, GoToAssist users report an average 40% increase in productivity. That’s like getting 7 days’ worth of work out of your 5 day week! And with Unlimited Use you can support all you want for one flat fee!
I’ve used remote support tools for years…GoToAssist Express is the best – so fast and reliable! Start using GoToAssist Express today, you’ll see why it’s the leader in remote support! Right now – Hak5 viewers can try it FREE for 30 Days Visit GoToAssist.com/hak5

Join modding wizard Ben Heck and friends as they build and modify a host of amazing community-inspired creations. Be sure to watch new episodes of The Ben Heck Show every two weeks right here at Revision3.com/TBHS In the latest episode of The Ben Heck Show, Ben assembles his crack squad of paranormal investigators for a very special Halloween episode. Stay Tuned at element14.com/tbhs to find out how you can enter to win Ben’s latest builds from his show.

This time on the show I’m reviewing my top five Security Extensions for my favorite browser, Google Chrome.

Download HD Download MP4 Download WMV

5. PasswordFail. This extension for Chrome warns you to back away whenever you start to log into a site that sends your password as clear text. A lot of sites don’t encrypt or hash your text and just send your password to a database completely open and ready for hackers or curious folk. PasswordFail will call these sites OUT on their crappy security and hopefully help you from losing sensitive data.

4. KB SSL Enforcer. Some sites offer HTTPS or Secure Sockets Layer logins. This extension will force those sites to automatically go to HTTPS instead of HTTP so you have more security and encryption in case you forget to check.

3. View Thru. A lot of times on twitter and whatnot, people post tiny.url’s or bit.ly’s and I have no clue what they are. But, I’m a curious cat, and I always click the link anyways even though I don’t know what kind of site I’m going to stumble onto. View Thru pops up a little blurb that shows you the page you’re about to visit when you hover on a tiny URL address. When testing this on my twitter feed, not only does it work, but it’s also not annoyingly overdramatic.

2. LastPass. LastPass gives you an easy way to fill out forms (with autofill) and remember passwords. Passwords are stored locally, so even the LastPass team cant access your passwords. Using lastpass gives you a vault where only a master password will unlock your data. For more info on LastPass, check out HakTip number 20.

1. Web of Trust (or WOT). This small extension gives you a small icon in the top right corner of your browser that shines either Red, Yellow, or Green. Red means bad and green means good. The cool thing about Web of Trust is all the sites ratings are submitted by user feedback, not a virus detector or a corporate affiliation. You can add your own feedback by left clicking on the icon, and choosing the color you think the site deserves. Hak5 gets green all the way!

Ok, so I want to hear your feedback. What Chrome extensions for security and / or privacy are your favorite? Let me know what you think or what extensions to check out by emailing me — tips@hak5.org or send me a note in the comments below.

And be sure to check out our sister show, Hak5 for more great stuff just like this.

This time on the show , breaking into command prompts using Microsoft Paint! Navigate Windows like a power user with Launchy. FTP from anywhere, manually control wireless connections in BackTrack Linux and a whole lot more this time on Hak5!

Download HD Download MP4 Download WMV

Breaking into command prompts using Microsoft Paint!

Let’s face it, a lot of public Windows machines aren’t locked down properly. This trick, sent in by 0perator, goes to show how trivial it can be to obtain a shell using the notorious MsPaint tool. Begin by opening Paint and starting a new image with the dimensions of 1 px tall and 6 px wide. Then from left to right paint one pixel at a time with these custom RGB values:

• 10,0,0
• 13,10,13
• 100,109,99
• 120,101,46
• 0,0,101
• 0,0,0

Now save the image as a 24-bit bmp file. Rename the extension .bat, open and enjoy the shell.

To see what’s really going on here open the file in a hex editor. My favorite on Windows is HxD Hex Editor. It’s freeware. Of course it’s worth mentioning that any machine secured properly with group policies isn’t going to be susceptible to this attack, but you’d be surprised how many aren’t.

Navigate Windows like a pro with Launchy

A lot of power users- like Darren- don’t really use the start menu or well… their mouse. They just want to be able to put in a couple of keystrokes and immediately get to the program they need to use.

There’s this nice, simple utility called Launchy that does just what Darren needs. Launchy is a free cross-platform utility designed to help you forget about your start menu, the icons on your desktop, and even your file manager. It indexes the programs in your start menu and can launch your documents, project files, folders, and bookmarks with just a few keystrokes!

Launchy can be found at launchy.net, where you can download, donate, and check out skins and how-tos, The skins on their website kind of remind me of the days of Winamp skins, so I’m just sticking to the simple black one.

The download is available for Windows up to 7, Mac, Linux, as well as a portable version.

After downloading Launchy, open the main window and type in a program name or something you want to find, and press enter. It should automatically open that program within a few seconds. If you find that doesn’t work, click on the settings button and choose the catalog tab. Click the plus button and add your program files folder.

A few keystrokes to know: Alt + Space opens and closes the Launchy window. Typing something in then hitting tab with start a command line entry. For example, type in chrome, then hit tab, then type in the hak5 website.

You can look at your history of searches by press down when the window is blank. Press shift + delete to delete a highlighted program in that list.

To add functionality for other file types other than programs, go to the Catalog tab under settings, choose your destination or create a new one, then click + to add a different file type, type in *.mp3 or *.jpg…, and choose rescan Catalog.

Along with the healthy does of easy GUI is a handful of plugins for your mere enjoyment. The Launchy website features many plugins to make the utility easier to use and more useful- including a built in calculator, a website browser, and a program killer for background programs.

I think this is a tool for those users who need something to help them speed up their daily processes just a bit by giving them that freedom to not have to use the mouse. Also, the portable version would be really handy for IT support who don’t necessarily know where programs are on each computer they work on. Booting up this tool and searching for a program is as easy as making sweet tea. Mmmm. Delicious.

FTP from anywhere, manually control wireless connections in BackTrack Linux

Alex submitted this tip at hak5.org/nibble. He writes

Need to access a file on an FTP server, but you’re on a machine where you can’t install programs, or you don’t have your all singing all dancing flash drive full of portables? Well by using the full address with the “”FTP://”" at the beginning you can access it using Firefox, Chrome, IE and even the Windows File explorer!

Thanks! I’d also like to add that the syntax for FTP URLs goes ftp://username:password@localhost:21/directory

Props to Alex for submitting this and getting some free Hak5 swag! Submit your 4-bit tips at hak5.org/nibble

Mark writes:

love your show
how to disable tcp-ip, dhcp and other stuff in BT and other linux distro
that you don’t accidentally connect to ap

Check out the config files in /etc/network, specifically /etc/network/interfaces

Also don’t use network manager or Wicd, instead connect manually from the terminal. For example in my case for a WPA network I’ll first scan, then create a passphrase file, then connect:

iwlist wlan0 scan | grep 'ESSID\|Encryption\|WPA'
wpa_passphrase ssid password
wpa_supplicant -B -Dwext -i wlan0 -c ssid"

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

There are two things IT professionals and their clients have in common, they want the job done right and they want it done fast. That’s why I highly recommend Go To Assist Express by Citrix to anyone in I.T. It puts clients at ease with its simple and secure remote support and puts you in position to do what you do best – Access, Diagnose and Resolve. Try Go To Assist Express FREE for 30 days. Visit GoToAssist.com/hak5 to see how you can deliver LIVE tech support to anyone, anywhere with Go To Assist Express. That’s GoToAssist.com/hak5 for a FREE trial.

If you want to build a video site or if your website has a play button, I recommend getting a dot TV domain. A dot TV website lets you showcase your original content and create a unique site, not just another YouTube channel.
Just go to Domain.com and search for the perfect dot TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%.
If you need to host your dot TV website, don’t forget about Domain.com’s web hosting plans. They’re less than six bucks a month and have everything you need to build, maintain, and promote your site.
Remember – when you think domain names, think Domain.com. Got a great idea? It all starts with a great domain. Domain.com

Computer disasters eventually happen to everyone – (your computer crashes, gets infected with a virus, you drop it, theft, fire, etc.) but if you get Carbonite Online Backup before your disaster then NO NEED TO WORRY because your files will be backed up – automatically and safely offsite – and it’s really easy to get them back. Plus, you get anytime, anywhere access to your backed up files from any computer – or on your smartphone or iPad with a free Carbonite app! With Carbonite, unlimited backup for your PC or Mac is just $59 a year. That’s less than $5 a month. But when you use the offer code “hak5” to start your Free 15-day Trial you’ll get Two Months Free if you decide to buy. All the details are at Carbonite.com and remember to use the offer code “hak5” to get Two Months Free with purchase.

Hak5 is packed and ready for Def Con 2011! This year, Darren, Paul, and I will be in Las Vegas all weekend- from Wednesday night through Sunday- compiling a delightful Hak5 episode for you to enjoy. We hope to get some good coverage and photos, so show off your Hak5 tshirt! If you see us, make sure to stop by and say hello!

This Def Con also marks Hak5′s first on location vendor table. Make sure to stop by the vendor area and pick up some swag! We will have Wifi Pineapple V 2′s, Ubertooth One’s, Ninja Star’s, and some other odds and ends. We’ll be accepting cash and credit card.

Since the store is going to be on site at Def Con, shipments will be delayed for this week until Monday, August 8th.

DEF CON is one of the oldest continuous running hacker conventions around, and also one of the largest. DEF CON is generally in the last week of July or first week of August in Las Vegas. DEF CON 19 will be held August 4 – August 7 at the Rio Hotel & Casino in Las Vegas. Many people arrive a day early, and many stay a day later.

Shannon Morse is a co-host of Hak5 on Revision3 and she is on the audio podcast Bite Club Show. You can also find her guest hosting various other internet shows now and then. When not geeking out with work, Shannon enjoys video games, anime, manga, traveling, building computers, and spending time with family and friends. Find more info about Shannon here.

Today we’ll be setting up an environment which will allow us to easily disect a beacon frame, as well as the other three types of management frames; probes, authentication and association. As you know we’ve covered the 3 types of wireless frames; management, control and data. Last week we went over one of the 4 types of management frames — the beacon.

Download HD Download MP4 Download WMV

To recap the demo we began by bringing up our NIC ifconfig wlan0 up and starting a monitor mode interface airmon-ng start wlan0 11 then using the MDK3 tool we can create beacon frames indicating our SSID of choice mdk3 mon0 b -c 11 -n haktip.

Now if we bring up an additional wireless interface ifconfig wlan5 up we can scan for nearby access points iwlist wlan5 scan | grep ESSID and see those beacon frames in action.

This week we’re going to be using airbase-ng and wireshark to put together a nice little wireless packet sniffing environment so that we can better understand management frames.

Airbase-ng is a script that comes bundled with the aircrack-ng suite of tools. Like many of the aircrack tools it is serves multiple purposes. This versatile little tool is mainly aimed at wireless client or stations rather than access points or base stations. It can be used in a wire array of wireless phishing attacks allowing one to obtain WPA handshakes or WEP keys. It can also cause all sorts of mayhem to access points and clients nearby so use with caution.

In todays example we’ll be using the most simple function, and that is mimicing a wireless access point.

You can find the full syntax of the tool by issuing airbase-ng –help. The only paramaters we’ll be specifying in our example will be the channel and ESSID. airbase-ng -c 11 -e haktip mon0

The first thing we see when using airbase-ng in this mode is the report “Created tap interface at0″

Everytime airbase-ng is started a tap interface is created. It isn’t brought up by default but simply issuing ifconfig ath0 up will bring it to life. The neat part about this interface is that even with WEP encryption enabled this tap interface will always show incoming packets after decryption. You can also send packets to this interface and they’ll go out encrypted, if the “-w” option is set.

The next thing listed is airbase-ng setting the MTU, or Maximum Transmission Unit, to 1500. This basically says the maximum size an IP packet can be before it gets split up into multiple packets. For ethernet v2 this is the highest setting possible. You may see MTUs of up to 9000 but only with Jumbo Frames on a gigabit lan.

Finally airbase-ng reports that the access point has been brought up using the BSSID of the NIC. If we want we can specify a different BSSID with the “-a” option or simply use macchanger beforehand.

Ok so we have our fake AP with the SSID “haktip” running so let’s copy the BSSID into our clipboard and startup wireshark&

We’ll select the mon0 interface to listen to and start. Now that we have a few packets lets stop sniffing and apply a filter.

To add a filter to Wireshark come up here to the filter bar and enter the expression. In this case I only want to see frames to or from the BSSID of our haktip access point so enter wlan.addr == BSSID and I’m only interested in beacon frames, so I’ll add && wlan.fc.type_subtype == 0×08

If we open the first frame we can see that it is in fact the type 0×08, or “Beacon”. The destination is Broadcast so it’s being sent out for everyone to hear. We have our source address and a sequence number. Wireshark also knows it’s a wireless management frame, so if we expand that we’ll see capability information under fixed and tagged paramaters. This beacon is saying, among other things, that it cannot support WEP, OFDM modulation isn’t allowed. Under tagged paramaters we’ll notice that the SSID is set to haktip, the support data rates are 1, 2, 5.5 and 11 Mb/s as well as rates 6, 9, 12, 18, 24, 36, 48 and 54 indicating that it’s an 802.11g network, and finally that the channel is set to 1.

And as always we value your feedback and suggestions. If you have a tip to share with me, email tips@hak5.org or leave a comment.

And be sure to check out our sister show, Hak5 for more great stuff just like this.

Midphase has been providing simple, smart and reliable webhosting since 2003. It features unlimited Disk Space & Bandwidth with an exclusive discount (6 months free) for Hak5 viewers. MidPhase provides 24×7 Premium Support via Phone, Live Chat, & Email, as well as a FREE Website builder & simple installs of WordPress, Drupal & Joomla. Also get $100 worth of Search Engine Credits from Google & Yahoo. Visit midphase.com/hak5 to get 6 FREE MONTHS web hosting through this exclusive Penn Point offer. Get your site transferred free (when you mention QuickSwitch).

This time on the show Shannon is comparison shopping! Which is better? KeePass or LastPass?

Download HD Download MP4 Download WMV

Your passwords are crucial to protect, so I love checking out software and tools that can help. Sadly, my memory only goes so far!

The first on my list is LastPass. With this program, your Master Password is the only password you’ll ever need to type in, only when you’re first logging into LastPass. Since your Master Password is encrypted on your machine and only you have access to it to unlock data, it’ll protect you from theft. By using your LastPass account, available at lastpass.com, you can synchronize across a bunch of different browsers and computers. They also have a service for $1/month for your mobile devices. You can securely store notes, automatically fill out forms, import/export already existing passwords, generate hack-proof ones for new sites, and you can try out a portable USB version that is compatible with Firefox and Chrome Portable apps.

To use it, first download the version for your OS. You’ll need to create a Master Password when creating the new account, so make sure this is a very secure one. LastPass doesn’t keep a backup or copy of the master password, so they don’t know what it is. You can let LastPass find unsecure data on your computer, import those items, and It’ll let you delete them as well. Restart your browser and click on the little lastpass star in the corner. Login. Then start browsing the internets as usual and LastPass will remember your passwords as you enter them.

When you first go to a website you’ll have to enter your username and password like usual. Then, a bar shows up at the top asking you to save the password in LastPass. Choose Save Site, and you are redirected to a LastPass form. Here, keep the URL, enter a Name (J!nx), group (Shopping), your Username and Password, and any notes. Then, if you want it to Auto Login, Prompt for PW, etc, just click the boxes and click Save. Now, when you log out and go back to that main page- you’ll see your changes take effect. I chose auto login, so it logs me in and I don’t even have to do anything.

Click on the Red star and it’ll show you a drop down of your preferences, Vault, and other stuff like auto filling forms and whatnot. If you choose your Vault, you can double click on the groups and click on a site to go to it and log in.

Now, if you’re out and about and need to access your Vault from a public computer, you can log into LastPass via their website. Worried about keyloggers? Use the virtual keyboard to enter your password with your mouse.
LastPass is pretty cool when it comes to remembering your passwords, but what about KeePass?

KeePass is a powerful free and open source security tool designed to keep your passwords- and usernames- secure. Everything is encrypted inside a database, kind of like LastPass’s vault, that you can access with a master key password.

KeePass features drag and drop, clipboard copy, a password generator, auto-locking, auto-typing, import and exports of your database, and more. It encrypts everything in AES 256 or Twofish. Did I mention it’s free? Like LastPass, KeePass also can organize your entries into categories.

It’s available in Classic or Professional Editions, with the main difference being the supported OS’s. Professional supports Windows, Mac, and Linux.

After you download the program, first save your new database to begin working on it. You’ll need to create a master key, but you can also access your database with a Windows login or by inserting a key disk. Next you can create a description, name and color, and choose what to protect. Click ok and right click on the sample list. From here, you can add, edit, and delete websites and usernames or passwords.

To use a password or username, click copy username, password, or site by right clicking. This’ll copy it to the clipboard for 12 seconds before wiping it clean. You can also move the new entries into the tabbed categories to the left by dragging and dropping.

Although I do like the fuctionality of LastPass way more than KeyPass, specially it’s ease of use, KeePass is still open source, completely free, and has a portable version as well as it’s mobile version.

I want to hear your feedback. Which one is your favorite? I like both of them for different reasons. Let me know what you think or what program you use by emailing me tips@hak5.org or send me a note in the comments below.

And be sure to check out our sister show, Hak5 for more great stuff just like this.

Today we’re following up our discussion on 802.11 frames with an investigation of beacons and a practical example using BackTrack Linux and a technique known as raw frame injection.

Download HD Download MP4 Download WMV

As you recall from last time, the beacon frame is one of the four types of management frames. The other three being association, authentication and probes, which we’ll be getting into shortly.

Now the beacon frame is a special kind of management frame as it contains information about the network. This brings us to the terms:

Beacon frames or simple beacons are transmitted periodically by base stations or access points to announce the presence of wireless networks. The beacon frame is made up of several parts, including:

Whether the station is acting in ad-hoc or infrastructure mode (also known as managed mode)

The SSID or network name. We’ll be getting more into service sets of 802.11 networks but for now the SSID is a 32 character, typically human-readable string that uniquely identifies the network.

The Timestamp
The timestamp is quite simply a unit of time by which all associating stations synchronize to. It’s like that scene in the movie where all the spies synchronize their watches, except that it happens by hex in the blink of an eye.

And capability information such as

Channel Information

Supported data rates

Typically access points are setup the broadcast their beacons every 10 seconds. This can add quite a bit of overhead so for improved performance on networks where not a lot of clients are connecting and disconnecting, like a home network, this setting is often changed to be much higher.

MDK3 is a tool that exploits weaknesses in 802.11 protocols. It was created by ASPj with the help of the aircrack-ng team and libraries. MDK3 can be found at Pedro Larig’s homepage and is built in to the latest version of BackTrack from backtrack-linux.org

Today we’re using MDK3 in our practical example of transmitting and analyzing beacon frames.

To achieve this we’ll first we’ll need a card capable of raw frame injection. In order to test whether our card has this capability we’ll use the aireplay tool which is part of the aircrack-ng suite.

Aireplay-ng is a tool for injecting wireless frames and can accomplish 10 basic WiFi attacks, including deauthentication, fake authentication, fragmentation and more. We’ll be getting more in depth with the the aireplay-ng tool soon, but for today we’ll be using mode 9, also known as test mode.

Now before we can use either aireplay-ng or MDK3 we’ll need to bring up a monitor interface for our card, or set our card in monitor mode. If you recall from a previous episode the easiest way to do this is with the command airmon-ng start and our interface.

airmon-ng start wlan2

Now that our card has been set to monitor mode and we have the interface mon0 we can proceed to test our NIC.

Issuing aireplay-ng -9 (or –test) and our wireless interface (which in our case is wlan2) we can test to see whether or not our radio can handle raw frame injection.

aireplay-ng -9 wlan2

Our test is complete and we can see that aireplay-ng reports “injection is working”

Now on to MDK3, which is capable of performing many modes of attack. Issuing mdk3 at the command prompt will display a brief description of them.

mdk3 | more

Today we’re focusing on the beacon flood mode. For more information on any mode issue mdk3 –help and the mode. So we’ll issue

mdk3 –help b

Alternatively we could issue mdk3 –fullhelp for information on all attack modes.

So now finally to craft our beacon flood we can see here that the options -f will read SSIDs from a text file, -g will show that they’re using the 802.11g protocol at 54 Mbps, -a will show them as having WPA enabled using AES encryption, and -c will let us specify a channel.

Thankfully I already have a text file full of SSIDs handy so let’s just issue

mdk3 mon0 b -f ssid.list -g -a -c 11

Now as you can see mdk3 is transmitting hundreds of beacons on channel 11 for the access points I’ve specified.

We can verify this using our other wireless interface by scanning for all nearby networks with the command:

iwlist wlan0 scan | grep ESSID

Now Similar to fuzzing, this sort of attack can sometimes break wifi scanners or network interface drivers. And with a specially crafted ssid list I’m sure you can come up with your own fun.

Mind you all of these BSSIDs or mac addresses are random and there’s no chance of anyong actually associating with these base stations. At least not now.

What programs or commands are rocking your world? What technologies are tickling your technolust? Hit me up — tips@hak5.org

And be sure to check out our sister show, Hak5 for more great stuff just like this.

Squarespace is a publishing system for anyone looking to build a blog, portfolio or any kind of website. Squarespace offers a uniquely flexible tool for just about anyone (no coding experience required) to build high end websites with that same functionality that you will find on some of the highest trafficked pages on the web. Squarespace also has amazing iPhone and iPad apps so you can easily update your blog and manage comments on the go. Go to www.squarespace.com to get a 2-week free trial and 10% off when you sign up in July. Just enter coupon code hak57.

Brute forcing Buckets on Amazon S3. Two computers, one mouse with Synergy, a Crack the Code Challenge walkthrough with archive and PDF cracking all a lot more, this time on Hak5.

Download HD Download MP4 Download WMV

Hacker Headlines

LulzSec has just opened up a Hack Request Line, enabling people to give them a ring and ask for them to hack certain sites. The group’s phone number is a 614 USA area code that they posted on their twitter feed. They say they have already sent DDOS attacks to eight of the sites callers have requested with more to follow. But, of course, this is all just for the Lulz.

Random Hacks of Kindness just occurred on June 4th and 5th. It’s a globally linked conference that brings together hackers from 18 cities around the world to discuss problems in the world that could have technological solutions. Seems like an awesome idea, and I wish I could have made it this year!

If you’ve ever had the inkling to flash an Arduino using a ZipIt Z2, now there’s a way! Check out the video from Hack A Day.

Crack the Code Challenge

Did you have what it took to compete in our Crack The Code Challenge, brought to you by GoToAssist Express? These Hak5 viewers did last Sunday. Mad props go to: JudaZuk, CanadianTaco, Bas, ThisDB, adrianke, Fredrik, Mike, Edmund, Adammw111 and Julian who were the first 10 to complete the challenge.

A big thanks go out to all that participated, joined the live stream and chat, and of course GoToAssist Express for sponsoring our Hak5 Lab Network. Stay tuned for info on the next, even bigger Crack the Code Challenge.

Brute Forcing Amazon S3 Buckets

Darren demonstrates Robin Wood‘s bucket finder tool, talks about brute force theory and goes over Robin’s recent analysis.

Two Computers one Mouse with Synerygy

The definition of Synergy is basically taking two or more things and making them function together to produce an outcome that is greater than just the things by themselves. The handy tool called Synergy does just that. Here at our Hak5 office, I use two different computers. I bring in my laptop for social networking, catching up with emails, and writing shownotes; and I also use another laptop to work on the HakShop, print labels, and fulfill orders. I have two mice, one for each machine, and if I had a dime for every time I grabbed the wrong mouse when I’m switching between the two laptops, I’d be a millionaire.

Enter Synergy, the free and open source software that lets you share your mouse and keyboard between several different computers, where each computer has it’s own display. You don’t need any hardware addons or special mods, all you need is a local area network- a connection to the internets shared by those differennt computers. But what if you have different operating systems on those machines? Luckily, Windoes, Mac, and Linux are all supported. Sharing the computers is as easy as just moving your mouse from one monitor to another, also enabling you to use multiple monitors for your single computers as normal, and you can copy and paste between the seperate machines.
Synergy was first created years ago but wasn’t being updated after 2006, so we have a merging of Synergy and Synergy+, now bringing us updates and new OS compatibility.

to download Synergy, go to synergy-foss.org and click the download tab, then choose your operating system for the main computer. Go through the install process like normal and open the program. On the main window, check server, which means you will share this computers keyboard and mouse. Now, click on Configure server. From here you can drag and drop your main computers monitor to a desired box in the grid. This gives you a nice structured view of where each of your computers will be in real time. So, since my main computer will be to the left of my second laptop, I’ll put my main computer here. In the next tab, you can enable hotkeys if wanted, and choose advanced settings. Also, keep in mind your ‘server’s’ name, mine is Snubs-PC. This will be the keyboard and mouse that you’ll want to connect your other computers to as clients.

Now I’m going to connect my second laptop to this main one’s keyboard and mouse, and hopefully all goes well!

I’ve installed Synergy on my second computer. To install it on a second computer, AKA a client, just follow the same steps as before. This time, when you open the program, you’ll need to check Client, and type in the name of your original main computer, for me it’s Snubs-PC. Go into edit–>settings and look up your laptops name, mine is Hakshop. Now on your server computer, choose Server Configuration, and drag a new monitor to the screen. Name this one Hakshop by double clicking on the monitor. Now that you have both computers set up, click start synergy on both of them. If all works fine and they are both connected via the same local area connection – ethernet or wireless – you should be able to move your mouse from one monitor to the other PC’s monitor.

Easy! And totally cool. I literally had a ‘Whoa’ moment when I had my laptop on the other side of the room and was able to use my mouse to control it.

If you like Synergy or have a program like this, email me at feedback@hak5.org.

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Join modding wizard Ben Heck and friends as they build and modify a host of amazing community-inspired creations. Be sure to watch the most recent episode of The Ben Heck Show where Ben builds an Arduino-powered, exterior-mounted camera system for an off-road vehicle. The setup enables the driver to control the cameras from inside the cabin to get a better view of obstacles while driving on rugged, off-road terrain. This show about building, modding and electronics culture is brought to you exclusively by element14. Be sure to visit element14.com/tbhs for a chance to win one of Ben’s latest builds!

I’m here to tell you about a tool that will help you save time and money and make you look like a hero to clients or colleagues GoToAssist Express – by Citrix. Lets you easily resolve computer issues in real time OR after hours. Even work while your customers are away from their computers, dramatically boosting your productivity. In fact, on average, Go To Assist Express users report a 40% increase in productivity – that’s like getting 2 extra work days back a week! Try GoToAssist Express FREE for 30 Days. For this special offer visit
GoToAssist.com/hak5.

.TV is the best domain name for websites with video. If you want to build a video site or if your website has a play button, I recommend getting a .TV domain. A .TV website lets you showcase your original content and create a unique site, not just another YouTube channel. Just go to Domain.com and search for the perfect .TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%. If you need to host your .TV website, don’t forget about Domain.com’s web hosting plans. They’re less than six bucks a month and have everything you need to build, maintain, and promote your site. Remember – when you think domain names, think Domain dot com. Got a great idea? It all starts with a great domain. Domain.com

This time on the show, we’re cracking the code: EXIF Data tools, Windows login hash cracking, Extracting passwords from Firefox and other browsers, what’s in that P-CAP file and special report form Maker Faire 2011. All that and more, this time on Hak5.

Download HD Download MP4 Download WMV

FirePassword

You know how you can store and save all you login credentials in Firefox, Chrome, as well as other browsers? Well, maybe that’s not such a great idea. There are several portable (yes, portable!) tools that can instantly recover login credentials stored by Firefox, Chrome and others. Broswers store your username and password for every website you visit as long as you give them consent in the settings. The credentials are saved by Firefox, Chrome and others in a sign-on database that is securely encrypted. Today I’m focusing on Firefox.

FirePassword, the tool in question today, can instantly decrypt and recover the data even if there’s a master password protecting it.
Not only this, but FirePassword can even recover sign-on passwords for other profiles (on the same system) and info from other OS’s like Linux and Mac. This can obviously be used for malicious intent, or can be used for the greater good of forensic investigators who need to transmit data from the target PC to another machine without disrupting the original target machine.

FirePassword portable works from XP-7, and loads DLLs from the firefox executable location automatically. DLLs aren’t packaged with the tool, and the newest version presents an easy to use color based display so you can clearly view password details.

Lets get started on cracking my Firefox passwords!

To install, follow the on screen instructions from securityxploded.com. They have nice detailed instructions on how to use the program so you shouldn’t have a problem.

Once installed, open your command prompt and change directory to your FirePassword.exe folder, probably in your program files.
Mine is c:\ Program Files (x86)\SecurityXploded\FirePassword\. Once there, type in FirePassword.exe and hit enter. You should see a screen kind of like the one on my monitor.

It will list every website, username, and password you have saved into FireFox.
It’ll also show you any OLD passwords that you never deleted out of the FireFox settings.

If you have a master password set on FireFox, you will need that password to be able to see your other passwords. For example, I will go into the FireFox options, choose Master Password and set it.

Over in my CMD, I’ll type FirePassword.exe -m kerby and click enter. Now it’ll give me my other passwords. If you do this wrong, you’ll get this error code.

You can also copy the Firefox profile files from different operating system such as Linux or Mac to the Windows system locally and then specify that path with FirePassword to recover data from the offline profiles.

It’s pretty surprising how easy this really is for anyone to discover. To protect yourself, do what I do and DON’T save your passwords in FireFox! Make your machine log off every time you close it or leave it idle for more than a minute. Anything, but really, just don’t save your passwords.

It’s also worth mentioning the WebBrowserPassView tool from NirSoft. It’s a password recovery tool for Internet Explorer, Firefox, Chrome and Opera.

Now, if you’ve got another tool for me to check out, email feedback@hak5.org

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

We’re getting promiscuous, with wireless cards! As part of our foundation series of HakTips Darren covers the fundamentals of wireless packet sniffing with a practical approach in BackTrack Linux using the Aircrack-ng suite.

Download HD Download MP4 Download WMV

Let’s think about network traffic as a cocktail party. Picture Alice and Bob on the love seat chatting it up while Charlie is deep in conversation with Dave at the bar. Meanwhile, Eve is nearby sipping a Hendrix Martini listening in on everyone’s conversations.

You see, in order for Alice to send a message to Bob she has to address it to him by his network interfaces MAC address — or Media Access Control Address. This address is unique every network interface on the planet. Bob’s is going to be different from Charlie’s, Dave’s or anyone else.

On a hub based network, Alice’s message is heard by all. But by default when Charlie or Dave hear a message addressed to a mac address other their own, their network interface will drop the frame completely.

This is where promiscuous mode comes into play. If Eve’s network interface is in promiscuous mode she doesn’t drop frames not addressed to her. This is great for packet sniffing, say if Eve was a network administrator attempting to debug a faulty network. Likewise, if Eve had malicious intent the same applies to eavesdropping.

Now promiscuous mode assumes a hub based network. Switches thwart this by only sending messages to their intended recipients instead of everyone.

Which brings us to Monitor mode. Monitor mode, or RFMON for Radio Frequency Monitor, is one of six modes that wireless network interfaces can assume. Similar to Promiscuous mode, Monitor mode allows the wireless network interface to “sniff packets” not intended for it.

Unline promiscuous mode however, an interface in monitor mode can sniff packets from access points it isn’t even associated with. Again this is great for, say, an administrator troubleshooting a network, or on the darker side for malicious purposes such as eavesdropping and cracking encrypted networks.

What program or command is giving you warm fuzzies? Hit me up — tips@hak5.org

And be sure to check out our sister show, Hak5 for more great stuff just like this.