This time on the show Kevin Mitnick is in the house to answer questions from us and you! Then preventing file clobbering with mistyped wakkas and keeping big brother from eavesdropping on you! Plus, a missle whistle? All that and more this time on Hak5!

Download HD Download MP4

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

This time on the show, Raphael Mudge chats about Armitage — the GUI front-end to Metasploit. Plus, Nerdcore sensation Dual Core is making the lives of forensics investigators much more difficult. Plus PPTP VPNs, SSID broadcasting and what the F* is an Octothrope? All that and more, this time on Hak5.

Download HD Download MP4

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Domain.com is owning the competition with cheap domain names and no hassle service. Our Hak5 fans our making Domain.com one of the fastest growing domain registrars in the world.
If you’re setting up a website to show off pictures of your cat, brag about your n00b owning skills, or do something more business related, Domain.com is the best place to buy a domain name for your new idea. Domain.com’s easy checkout process makes it simple to find your domain name and set up your website without the hassle. Domain.com’s Domain Discovery System quickly shows you available names, making it easy to select the domain extension that’s right for you. Find a sweet dot COM or get a dot CO and save a character. Already have a domain somewhere else? It’s cool, transfer it to Domain.com for only $7.61 and get an extra year free. The guys at Domain.com are huge fans of Hak5 and want to hook up other Hak5 fans. Use coupon code HAK5 and get 15% off your next domain purchase or transfer. That’s only $6.47 for domain transfers. Don’t forget, when you think domain names, think Domain.com.

“Being in IT and not using the right tools to get the best results for your clients is like a surgeon not using the best, most reliable medical equipment…
How can you expect your clients to work with you? That’s why I use GoToAssist Express by Citrix – the BEST remote support tool…
It’s the only one I trust and rely on to get the job done right! GoToAssist Express is designed with speed and usability in mind and makes it easy to get in, diagnose and resolve the problem – fast!
In fact, GoToAssist users report an average 40% increase in productivity. That’s like getting 7 days’ worth of work out of your 5 day week! And with Unlimited Use you can support all you want for one flat fee!
I’ve used remote support tools for years…GoToAssist Express is the best – so fast and reliable! Start using GoToAssist Express today, you’ll see why it’s the leader in remote support! Right now – Hak5 viewers can try it FREE for 30 Days Visit GoToAssist.com/hak5

Join modding wizard Ben Heck and friends as they build and modify a host of amazing community-inspired creations. Be sure to watch new episodes of The Ben Heck Show every two weeks right here at Revision3.com/TBHS In the latest episode of The Ben Heck Show, Ben assembles his crack squad of paranormal investigators for a very special Halloween episode. Stay Tuned at element14.com/tbhs to find out how you can enter to win Ben’s latest builds from his show.

Hak5 is packed and ready for Def Con 2011! This year, Darren, Paul, and I will be in Las Vegas all weekend- from Wednesday night through Sunday- compiling a delightful Hak5 episode for you to enjoy. We hope to get some good coverage and photos, so show off your Hak5 tshirt! If you see us, make sure to stop by and say hello!

This Def Con also marks Hak5′s first on location vendor table. Make sure to stop by the vendor area and pick up some swag! We will have Wifi Pineapple V 2′s, Ubertooth One’s, Ninja Star’s, and some other odds and ends. We’ll be accepting cash and credit card.

Since the store is going to be on site at Def Con, shipments will be delayed for this week until Monday, August 8th.

DEF CON is one of the oldest continuous running hacker conventions around, and also one of the largest. DEF CON is generally in the last week of July or first week of August in Las Vegas. DEF CON 19 will be held August 4 – August 7 at the Rio Hotel & Casino in Las Vegas. Many people arrive a day early, and many stay a day later.

Shannon Morse is a co-host of Hak5 on Revision3 and she is on the audio podcast Bite Club Show. You can also find her guest hosting various other internet shows now and then. When not geeking out with work, Shannon enjoys video games, anime, manga, traveling, building computers, and spending time with family and friends. Find more info about Shannon here.

This time on an exciting brand-new-studio edition of Hak5 we’re getting hands on with the latest version of BackTrack-Linux, configuring virtual machines and wireless. Shannon’s flashing the firmware on a Dingoo Digital A320 and installing a custom distro of Linux and so much more.

Download HD Download MP4 Download WMV

Hacker Headlines

Oh Skype… They have another security problem. Skype on Mac OS X has a bit of a flaw. You can send a Skype message to another user and potentially get remote access to that other computer. Gordon Maddern, a security researcher, found the flaw and told Skype about it more than a month ago, but there was no fix until after the news started spreading that there was an issue. Skype has released a small term patch, but no full fix has been released, nor has users been notified to update.

Just days before Google I/O begins, French security firm Vupen demonstrates a zero-day vulnerability in Google Chrome allowing remote execution. The exploit, which hasn’t been released to the public, bypasses Chrome’s praised Sandbox as well as Address Space Layout Randomization and Data Execution Prevention. Google, busy introducing the Chromebook, has not verified VUPEN’s claims and says that if necessary an update will be pushed to users automatically.

The death of Osama Bin Laden has spurred several scams throughout the interwebz. Malware has shown up on certain websites, a Facebook scam popped up, and even the blog of the guy who accidentially live twittered the event has been compromised. Scammers are smart and they know what you’re looking for. People want to see the ‘Osama death video’, which doesn’t exist. So for anyone out there who was considering clicking that video on Facebook and sharing it with your friends, DON’T, and while you’re at it, delete it from your profile if someone else posted it.

Symantic security researchers are reporting that a flaw in the way application authentication works on Facebook, nearly 100,000 apps may have complete access to your account. Facebook now uses OAUTH 2.0 for authentication, however older authentication schemes are still in use. The firm advises users to change their passwords immediately — which essentually thwarts the access token bug.

Hot off the heals of Ubuntu’s 11.04 “Natty Narwhal” release — which has been getting mixed reviews due to the new Unity window manager, Backtrack Linux releases the much awaited version 5. In addition to native 64-bit and ARM processor support the security distribution now comes in both KDE and Gnome flavors. Are you excited? Have you checked it out? It’s available via torrents, has a stealth mode, comes with Metasploit, and sounds just plain awesome!

Kerby’s oldschool app of the week
Oregon Trail

Hacking the Dingoo Digital A320

This week I’m introducing this fun little device called the Dingoo Digital.

The Dingoo Digital A320 is a gaming handheld for open game development. It has modest hardware specs: 400MHz CPU, 32MB of RAM, 4GB internal storage, a miniSD reader, a 2.8″” LCD screen with a 320×240 resolution, and your normal jacks. The cool part is the software. You can playback several video and audio file types, there is a built in FM tuner for radio, you can record voice, and the SDK is available for free. My favorite part is it’s customization features and ability to play ROMs. Because who doesn’t like video games?

The device comes preinstalled with several arcade games like Centipede, Mine Sweeper, and has built in Emulators for your convenience as well. But if you want more with your new toy, what is better than installing Linux on it?

Enter Dingux, the Linux Distro for the Dingoo. You can get Dingux on the dingoo-scene website as well as really easy steps to follow if you want to check it out.

First off, you’ll need to download a couple of files. Booboo’s dual boot installer zip file for Windows, and the local-10 or local zip file. Charge your Dingoo so it doesn’t die during the reflashing process. We don’t want a bricked Dingoo!

Once your files are downloaded, unzip the Dual Boot file into a new folder wherever you want on your PC.

Turn on the Dingoo and go to the ‘System Setup’ menu, ‘About’, and press A. Press up-right-down-up-right-down and an easter egg diagnostics screen pops up. On the screen it should say ILI9331 or ILI9325 at the end of one of the lines. Mine says 9331. This is an LCD model and pertains to the flashing procedure.

Now, reset the Dingoo by holding B and pressing in the power button. The screen will stay dark so don’t panic!

Plug the Dingoo Digital into your PC. Choose cancel if any ‘new hardware found’ screens pop up. When your PC asks for a driver location choose your newly created Dual Boot folder. The driver should successfully install and you’re ready to flash your Dingoo!

Unplug the Dingoo, press the reset button, and let it boot into the normal firmware. You won’t need to hit the on button during this reset.

Hold the B button down and press POWER AGAIN. Plug the Dingoo back into your PC.

Open cmd, and go to the Dual Boot File directory. cd shannon\downloads\Dingoo Dual Boot and execute the usbtool-win file. We’re going to upload a file to a specified address, so we’ll type usbtool-win 1 hwinit.bin 0×80000000. This should start the flashing. Then type usbtool-win 1 zImage_dual_boot_installer_ILI9331 0×80600000 and press enter. A screen will appear on the Dingoo saying Dual Boot Flasher and press start to coninue.

Follow the on screen instructions. If done correctly, it’ll say Success at the end. You should see a Dingux startup screen when your Dingoo restarts. There is another step to getting Dingux to startup, so right now it’ll just boot to the original firmware.

Reset your Dingoo and plug it into the PC. Your PC should find it in a few seconds.

Next, plug in your mini SD card and format it to FAT32. Unzip everything from the second file you downloaded, local-10.zip, to the root of your mini SD card.

After unzipped, go to the mini SD card and rename your LCD screen file to zImage. So, mine is ‘zImage-20090707-ILI9331′, and I’ll change the name to ‘zImage’. Delete the other LCD image file if you want to.

Then, you’re done! Unplug and reset the Dingoo while holding down the Select key. It should boot into Dingux and launch the Dmenu. You should see a new menu on your screen.

Now that you have Dingux installed, go online and find some handy ROMs!

There is a ton of stuff you can do with this gaming device. The growing online community has tons of homebrew video games to try out, theme packs, and ROM’s available. I’ve linked a bunch of the websites in our shownotes. I’m thinking next week I’m going to try to stick Doom on here, because, why not? It’s DOOM!

Email me at feedback@hak5.org with questions and comments.

HakTip: BackTrack 5 first-boot

Darren is excited to be playing with the new BackTrack 5 linux. BackTrack is a fantastic distribution for security auditing. Version 5 is available in 32 and 64 bit flavors as well as ARM processor support and now comes in either Gnome or KDE.

Darren demonstrates how to setup either a USB drive to boot directly off, or a Virtualbox VM. Darren goes on to show off ethernet configuration and setting up a wireless adapter over USB.

Emails

Nick writes in:

http://hackertyper.net/
set type speed to 1 for a more realistic look.

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

This time on the show we’re Breaking into Windows boxes with no skillz necessary using Konboot for USB, Spear-Phishing with a WiFi Pineapple, Sudo with pipes in Linux and downloading torrents anonymously

Download HD Download MP4 Download WMV

Hacker Headlines

Season 9 continues with the results from last weekend’s Crack the Code Challenge as well as a walkthrough on how participants were able to complete the challenge using packet analysis, file reconstruction, stenagrophy and brute force. Plus encrypted USB drives with centralized management and more from the RSA 2011 conference.

Download HD Download MP4 Download WMV

Hacker Headlines

Bummed you didn’t get your hands on one of Google’s CR-48 Chrome notebooks? The alternative Instant-On OS Splashtop Linux is now available for download. Splashtop has been previously available as a pre-installed second OS on notebooks from Acer, ASUS, Dell and others. This 1.0 release makes the trim down Linux 2.6 and X11 based OS available to the public.

Samsung has made a ROM based on Android 2.3.2 Gingerbread for the i9000 that just leaked to the net. All of the changes haven’t yet been determined, and if you don’t have an i9000 model, you still have to wait for the update on your Galaxy S devices. I’m looking forward to seeing what the users can do with the ROM now that it’s available.

Sony isn’t taking recent PlayStation3 hacks lightly, as German hacker Graf Chokolo found out when authorities raided his house earlier in the week. In a post on his Hypervisor reverse engineering blog Chokolo wrote “Sony was today at my home with police and got all my stuff and accounts.” Hours later the “Hypervisor Bible” as Chokolo puts it was released. Links have been removed to comply with legal notices, but you know nothing is ever erased from the web.

The Nintendo 3DS has been out for a day in Japan… and it’s already been hacked. The Tech-On! Group has already gotten their hands on the 3DS and torn it apart to look at all the delicious insides, including the 3D display. Along with the hardware, Ayasuke2 on Youtube has already hacked the 3DS to run R4 Cards and play unauthorized Nintendo DS games.

Getting encased in carbonite isn’t exclusive to Han Solo anymore. Attendees at the Tangible, Embedded and Embodied Interactive Conference got to scan themselves in 3D with a hacked Microsoft Kinect and print the resulting STL file using a Stratasys 3D printer.

Crack the Code Challenge

Did you have what it took to compete in our Crack The Code Challenge, brought to you by GoToAssist Express? 6 Hak5 viewers did this Sunday. Mad props go to Netshroud for being the first to crack the code, as well as Jellyfish, Jon, Alex, Leo and Tristan.

A big thanks go out to all that participated, joined the live stream and chat, and of course GoToAssist Express for sponsoring our Hak5 Lab Network. We’ll have details on the next challenge on next weeks show so be sure to tune in.

Cracking the code: PCAP file recovery and stenography

Shannon demonstrates techniques for completing the Crack the Code Challenge using Network Miner and steghide.

HakTip: Command line packet captures using Tshark

Last week we were asked about command-line packet sniffers and I recommended tcpdump and ngrep for filtering. Steve Z was quick to point out TShark, the command-line counterpart to Wireshark. With rules and filtering built in, it is quickly becoming a favorite for my packet sniffing needs. For example, issuing:

tshark -R “!(udp.port==53) and udp and ip.addr==10.73.31.55″ -i eth0

will show me just UDP packets that aren’t on port 53 to or from the address specified.

What little gems are rocking your world? Hit us up, we’ll share ‘em on the show. tips@hak5.org

Encrypted USB drives with centralized management

Darren meets with Kingston and Blockmaster to talk about their new USB management security applications.

Email: USB Passthrough

Toby writes in:

Now that I’m adhering to the “Trust Your Technolust” way of life, I figure your my best chance for a quality fix… I have an issue that I would love to see how you would resolve. I work at a non-profit food producer that provides millions of servings to feeding programs world wide every year. Were running as much open source goodness as we possibly can so that we can direct as much revenue to the feeding programs as possible. I have a VM “When-doze” terminal server running a software package that requires a usb software key. I need a (cheap or free) way (hak or bypass) to overcome the lack of ability to have non-storage USB passthrough

Darren recommends USB Redirector, a product he learned about when researching Proxmox VE.

Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

Season 9 Premieres with the return of Shannon “Snubs” Morse and Paul “the camera guy” Tobias. We kick around the hacker headlines, get the low-down on Nexpose from Rapid7 at RSA, automate file mangement in windows, multiplex some screen sessions, capture packets from the command line and a lot more.

Download HD Download MP4 Download WMV

Hacker Headlines

Kinect hackers rejoice! Microsoft confirms that a Kinect SDK is coming for PC and Mac this spring, allowing developers to deal with the motion and voice sensor at a higher level than the informal Kinect hacks. The SDK will be free for personal use with a commercial version expected to follow.

Sony is threatening to permanently disconnect jail broken PlayStation 3 consoles from the PlayStation Network. Jeff Rubenstein, Sony’s Social-Media Manager wrote in his blog “To avoid this, customers must immediately cease use and remove all circumvention devices and delete all unauthorized or pirated software from their PlayStation 3 systems”

Donations have closed for the legal defense fund of George Hotz, notable iPhone jailbreaker and PS3 hacker. Sony has tied the hacker up in San Francisco federal since January court facing unspecified damages on DMCA violations. Hotz writes on his blog “I have enough to cover my legal fees for the time being.” and “For now, the best you can do is spread the word”

The latest VirtualBox 4.0.4 update adds support for Ubuntu 11.04 alpha guests. The Ubuntu Alpha, code named Natty Narwhal, introduces Unity as the default desktop session. Gnome can still be accessed as a “Ubuntu Classic Session”

Urban SQL Injection — full of win.

Crack the Code Challenge

Do you have what it takes to compete in the Crack The Code Challenge? Test your skills in our private lab network and bid for the title supreme leet hax0r. Winners will be featured on future episodes of Hak5!

Our next event will be this Sunday, February 27th at 3pm Pacific. Visit Hak5.org/challenge for all of the details. We’ll be live streaming at hak5.org/live throughout the day. We’d like to thank Citrix and GoToAssist Express for sponsoring the Crack the Code Challenge.

Rapid7′s Nexpose at RSA 2011

Darren meets with Chris Kirsch of Rapid7 to find out what’s new in Nexpose

Trivia!

Our last question was “In the Millennium Trilogy, what is the name of the hacker community?” and the answer is: “Hacker Republic”

Our new question is: “From March 5, 1975 to December 1986, this club of computer hoppyists would meet in the Silicon Valley Area.”

Participate at hak5.org/trivia

Hak5 finally goes HTTPS

Thanks to Domain.com our very own Hak5.org is finally sporting a shiny new SSL certificate. Darren recaps some of the nifty things you can do with one and recommends thawte SSL 123. Thanks Domain.com for hosting Hak5.org and sponsoring for over a year!

Automating Windows File Managment

Belvedere

What it does:
Automating file management and scripting on Windows: Belvedere.

Belvedere lets you organize any folders on your harddrive. You can create rules to move, copy, delete, rename, or open files based on name, extension, size, creation, date, and even more. So basically it’s a self-cleaner tool for Windows Only. There’s also a Mac cleaner called Hazel that you might want to check out if you are an Apple user.

It was created by Adam Pash back in ’08, and you can check out the source of this tool over at GitHub.

It’s a .exe so just install it from the download link. You can make Belvedere startup when Windows starts, but you’ll have to add it manually.

How you use it:
Belvedere is really easy to use, it’s just simple point and clicks. You create a folder, then name your rule from one of the choices, and build conditions with the drop down menus.

Belvedere gives me the ability to multitask and not worry so much about how clean my PC is.

Do you have another tool that works like Belve? Let me know at feedback@hak5.org.

HakTip: Multiplexing Screen Sessions

What’s more wicked than a screen session? Two screen sessions! As we’ve talked about recently the unix command Screen is a great way to maintain bash sessions from multiple SSH clients without losing your work. My favorite shortcut after invoking the “screen” command is CTRL+a followed by “S”, which splits the screen horizontally in two. Use CTRL+a then Tab to switch between the views. Debian users get the added sexyness of vertical split by hitting CTRL+a then Pipe.

What little gems are rocking your world? Hit us up, we’ll share ‘em with the world. tips@hak5.org

Email: Command Line Packet Sniffers

Hey, I’m in dire need of a command line linux packet sniffer. My servers are 3 hours away, and none have X11 installed. I used to use sniffit a long time ago, but it looks like they’ve added a GUI to it. Just wondering if you had any ideas off the top of your head.

Darren recommends TCPDUMP and NGREP

Have others to share? feedback@hak5.org

Sketching with the Harmony Project

Sparkleface writes in to share the Harmony Project — a nifty sketching program in HTML5. Check out the source code and more info

Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

This time on the show Darren talks to Georgia Weidman, Director of Cyber Warfare at Reverse Space about her smartphone botnet project. Shannon learns about the latest in Katana and Joe Klein joins us once again to debunk IPv4 exhaustion myths and the next step for IPv6 adoption.

Download HD Download MP4 Download WMV

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

This time on Hak5 we’re asking the question, can a three node Virtualization Cluster be built for under $1000? With the help of Proxmox, an open source virtualization environment, some cardboard boxes and a knife — we find out!

Download HD Download MP4 Download WMV

Hacker Challenge Recap
Darren reviews the recent Hacker Challenge and details improvements to this ongoing project.

Clustering with Proxmox
Darren demonstrates building virtualization clusters with proxmox. He also learns a very important lesson about the “any key” and pimps his cardboard case mod.

Virtio drivers and paravirtualization explained
Darren demos a live Proxmox cluster while building a Windows machine using the Virtio drivers.