This time on the show, Mubix joins us to add persistance to our penetration testing with a little Metasploit, Microsoft, and IP version 6

Download HD Download MP4 Download XviD Download WMV

As Mubix, aka Rob Fuller explains: Bind shells went to the wayside with the dawn of firewalls and NAT, but IPv6 was nice enough to bring them back. With the help of some built in tools from good old Redmond and our trusty Meterpreter, we can now connect to our shell any time we please. Based on his Revenge of the Bind Shell presentation we dive into the tools and techniques required to traverse firewalls and maintain persistence.

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic for ask a question feel free to hit up feedback@hak5.org.

Getting to know your neighbors — Darren takes a trip around your network with nmap, THE open source network security scanner. Want to obscure your OS fingerprint? Make a Windows Box show up as a printer? Shannon’s got just the thing. And Matt takes a first look at the Napera N24 smart network switch / security appliance. All that and more on this Hak5 Season 5 Premiere!

Download HD Download MP4 Download XviD Download WMV

Watch

Show Notes

Taking a trip around your network with Nmap

This week I talk about network scanning with the difinitive open source security scanner Nmap.

Scanning ones own network is ideal whether simply to know your neighbors or keep inventory of your assets. As a black hat it can be the first step in enumerating a target environment and looking for weaknesses.

In order to perform our scan we’ll simply need a copy of Nmap. It’s available for Windows, Mac, and just about every flavor of Linux, BSD and more. If you’re on a debian based system like Ubuntu a simple apt-get install nmap should do you good. If you’re looking for a security distribution with nmap (and a ton of other great tools) built in can’t speak highly enough of BackTrack. Version 4 beta was just recently released.

The underlying workings of Nmap are better explained in this guide but suffice it to say it takes advantage of TCP’s 3-way-handshake and other fancy raw packet tricks to find hosts and open ports. In this segment I set out to introduce the concept and get you started with a few basic examples. If you’re interested I recommend Nmap Network Scanning and the official man pages as further reading.

The segment details some commands and their usage in a searching for open MS terminal servers scenario. I highly encourage you to provide feedback either by way of email (darren AT hak5 d0t org) or on our forums. I enjoy doing segments like these but if you have any corrections (more than one way to skin a cat), suggestions for future topics or hacks of your own please let me know.

–Darren Kitchen

Obscure your OS Fingerprint

OSfuscate 0.3 by Irongeek is used to camaflouge or obscure your Windows OS. With this tool, it’ll show up like another OS of your choice, nothing at all, or even a printer. OSFuscate could be used if you are on a hostile network and need some sort of cloak while going along in your daily routine. It is important to note that this is not a fool proof method for hiding yourself on a network and should not be relied upon for security. however, as a layer of obscurity in addition to your regular security practices you may want to consider it.

It’s a simple process to set up OSFuscate on your machine. Go to Start->Run->Regedit. Back up your Parameters folder, found under System->CurrentControlSet->Services->Tcpip->Parameters. You can do this by simply right clicking on the folder, and choosing export. This is basically just to keep yourself form messing up your OS in the process and having no way to return it to normal. You’ll notice on Irongeek’s website that certain Parameter Registry keys will be subtly changed. You could do this by hand, but OSFuscate makes this task super simple. Open OSFuscate, and choose an OS that you want to pretend to be. Restart your computer and the differences should be in place! Now if someone running NMap snoops your computer, they’ll see some other OS other than what you actually have.

You can find more information at Irongeek’s Website. And as always, you can email me with any comments or suggestions.

as it really helps us out.

–Shannon Morse

Matt’s full review of the Napera N24 can be found on his blog at MattLestock.com.

Thanks for tuning into our season premiere episode. We’re very excited about all of the exciting new projects coming up in Season 5. We appreciate and encourage your feedback — especially on this episode’s fresh format, pace, and presentation. We strive to make this show better and better for you every week so let us know how we’re doing!

And a big thanks to those who’ve contributed to the success of Hak5. Your donations are greatly appreciated!

Matt shows us how to turn anything into a service and provide a web frontend to manage them windows server, great for game server administration. Chris Gerling wraps up his three part series on Packet Sniffing with Wireshark techniques for packet filtering. Darren harnesses the CPU power of the HakHouse for good or evil to demonstrate cluster computing. Plus details on our Hak5 Halloween LAN Party!
[ MP4 | XviD | WMV ]

Watch

Show Notes

Matt Lestock turns any windows application into a service using instsrv and srvany and demonstrates how we use this technique, coupled with Panel Daemon to delegate game server administration at the Hak5 playground.

Chris Gerling shows us some packet filtering techniques using the network analyzer Wireshark. He covers capture filters, display filters, colors and statistics. Read more on packet sniffing on his blog at ChrisGerling.com

Darren Kitchen talks about parallel computing. He touches on grid computing and massively parallel processors though he mainly focuses on clustering. Darren demonstrates simple windows password cracking techniques using an openMosix based image and discusses the theory behind setup. Darren has a lot of further reading for you to check out on his blog and would like to hear your feedback about building the Hak5 beowulf cluster!

And on a production note: We’ve switched over from a standard-def composite based video mixing solution to a high-def HDMI based system. Unfortunately until we get a Mac Pro and switch to Final Cut Pro for editing we’re unable to release a 720p version of Hak5. But we’re well on our way to bringing you guys truly high def technolust thanks to everyone who has continued to support this cause. Thanks!

Chris Gerling breaks down IP and TCP headers with Wireshark and building blocks. Shannon Morse shows us DosBox, a free IBM PC DOS emulator. Christine Bourquin talks about Alice, a teaching programming language for beginners. Darren Kitchen summarises his experience at Day-Con and answers some questions about Fon batteries. [ MP4 | XviD | WMV ]

Watch

Show Notes

Chris Gerling dives into the structure of IP and TCP headers in part two of his three part series on packet sniffing. He covers everything from source ports to checksums and everything inbetween offering insight into TCP packets in plain English. Then in part three he covers basic Wireshark usage and advanced techniques. Read more on packet sniffing on his blog at ChrisGerling.com

Shannon Morse shares with us DosBox, the free and open source IBM PC emulator that allows you to break out those old floppies and play your DOS games once again. While we wait for DNF, anyone for a Duke Nukem 3D deathmatch?

Christine Bourquin demos Alice, an innovative 3D programming language that makes it easy to teach programming using a simple drag-and-drop interface. Perfect for the next generation of computer scientists.

Darren Kitchen brings us his review of Day-Con with photos courtesy of the security twits. He also talks about Jasager batteries both big and small.

And on a production note: We’ve switched over from a standard-def composite based video mixing solution to a high-def HDMI based system. We’re not ready to release the full 720p quite yet as we’re ironing out (read: developing on the fly) the post production process but in the mean time we’ve got damn good looking 480p and we’re looking for your feedback. Thanks a million to everyone who has donated and helped make this happen!