This time on the show, the WiFi Pineapple gets a major revamp with Man-in-the-Middle tools and spiffy new web interface. Plus the best tools for EXT3 partition data recovery, Credit Card validation and simple Windows checksum tools. All that and more this time on Hak5!

Download HD Download MP4

Most wireless devices including laptops, tablets and smartphones have network software that automatically connects to access points they remember. This convenient feature is what gets you online without effort when you turn on your computer at home, the office, coffee shops or airports you frequent.

Simply put, when your computer turns on, the wireless radio sends out probe requests. These requests say “Is such-and-such wireless network around?” The WiFi Pineapple Mark III, powered by Jasager — German for “The Yes Man” — replies to these requests to say “Sure, I’m such-and-such wireless access point – let’s get you online!”

And with the newly improved Pineapple Mark III web interface, gathering interesting packets, spoofing DNS, watching web traffic and more is just a click away.

The new WiFi Pineapple Mark III features a completely redesigned web interface built for ease of use – no need to open a terminal for most operations. With a BBS meets WiFi Router inspired design, the Mark III puts Karma, URL Snarf, DNS Spoof, ngrep, deauth via Aircrack-NG and much more at the click of the link. Internet Connection Sharing has also been greatly simplified with the Mark III acting as DHCP server for connecting clients. Phishing attacks are also built-in with the DNS Spoofing capabilities — all configurable from the PHP-driven web interface.

Check out WiFiPineapple.com for the source, guides and more. We’re stoked about this project and can’t wait to see what you come up with!

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Domain.com is owning the competition with cheap domain names and no hassle service. Our Hak5 fans our making Domain.com one of the fastest growing domain registrars in the world.
If you’re setting up a website to show off pictures of your cat, brag about your n00b owning skills, or do something more business related, Domain.com is the best place to buy a domain name for your new idea. Domain.com’s easy checkout process makes it simple to find your domain name and set up your website without the hassle. Domain.com’s Domain Discovery System quickly shows you available names, making it easy to select the domain extension that’s right for you. Find a sweet dot COM or get a dot CO and save a character. Already have a domain somewhere else? It’s cool, transfer it to Domain.com for only $7.61 and get an extra year free. The guys at Domain.com are huge fans of Hak5 and want to hook up other Hak5 fans. Use coupon code HAK5 and get 15% off your next domain purchase or transfer. That’s only $6.47 for domain transfers. Don’t forget, when you think domain names, think Domain.com.

There are two things IT professionals and their clients have in common –
They want the job done right and they want it done fast!
That’s why I highly recommend GoToAssist Express, by Citrix to anyone in IT
It’s the fastest, most reliable support tool – and the only service I trust!
GoToAssist Express puts clients at ease with its simple, secure remote support…And it puts you in a position to do what YOU do best – Access, diagnose and resolve the problem! GoToAssist Express makes the support experience so fast -You can service more clients and increase revenue…while actually improving your customer service reputation! Plus, with the Unattended Support feature you can support clients’ computers even when they’re away…And with unlimited use – you can support all you want for one flat fee! When it comes to remote support tools, I think GoToAssist Express is the best – so fast and reliable! Don’t wait – start using GoToAssist Express today! Visit GoToAssist.com/hak5

Only suckers pay full price. If you love alternative apparel brands like Kidrobot, Hurley, and Stussy but hate wasting all your cash on them, listen up! You can score these premium brands at UP TO 80% OFF every day.
There’s a new invite-only shopping club just for guys called JackThreads, serving up street, skate, and surfwear brands at prices that will melt your brain.
There’s a wait-list to join, but if you head to jackthreads.com/hak5 you’ll get instant access to all the killer hook-ups. GO NOW
Oh, and did we mention that it’s free to join? Hit up jackthreads.com/hak5 and you’ll instantly start saving without having to leave the house.”

So you’ve built, borrowed or bought a WiFi Pineapple and you’re new to OpenWRT and Jasager. Hopefully this guide will familiarize you with the many aspects of the the WiFi Pineapple. If you have specific questions please leave a comment or email feedback@hak5.org and we’ll try to keep this page updated.

This article will guide you through connecting to the WiFi Pineapple for the first time. For more in-depth how-to’s involving command line control, modules, using the white and black listing functions, sharing Internet access and more please consult the Jasager board on the Hak5 forums and keep an eye on the WiFi Pineapple category of the Hak5.org blog for future articles on these topics.

First and foremost

The WiFi Pineapple is a customized version of OpenWRT running the latest Jasager software by Robin Wood. Since OpenWRT is a Linux based wireless networking operating system you’ll want to be familiar with basic Linux and networking fundamentals.

Tools you’ll find handy

Right out of the box most everything can be configured with just about any web browser, but you’ll likely also want a tool or two to get a shell and transfer files. If you’re using Linux or Mac you already have the ssh and scp commands at your disposal. If you’re on Windows we recommend using the PuTTY and WinSCP GUI tools or the command-line equivelent Plink.

Battery Powering the Pineapple

The WiFi Pineapple requires 5V and 2A of DC power. If you’re looking to go mobile leave the wall-wart at home. Four AA rechargeable batteries work well at powering this puppy. It’s important to get AA batteries with a high mAh rating. We recommend no less than 2400, so pick up a few meant for digital cameras for best results. If your standard alkalines aren’t doing the trick it’s probably due to a low mAh rating. Check the packaging. Of course we recommend rechargeables over the landfill populating variety.

Connecting for the first time

There are many ways to connect to and configure a WiFi Pineapple. Here are a few:

Via Ethernet

Power up and connect an Ethernet cable between your computer and the router’s. In its stock configuration the WiFi Pineapple is configured with the static IPv4 address of 192.168.1.1. It is also setup to hand out IP addresses in the 192.168.1.0/24 range via DHCP. If your machine is configured to obtain an IP address automatically you should get something like 192.168.1.100 from it momentarily.

Configuring your interface to obtain an IP address from the WiFi Pineapple’s DHCP server

In case your computer is not already setup to obtain an IP address on the Ethernet interface from a DHCP server, here are quick instructions for some common operating systems.

Windows XP

Open Network Connections from the Control Panel. Right-click on the Local Area Connection and choose Properties. From the dialog select Internet Protocol TCP/IP and click Properties. From the General tab choose Obtain an IP address automatically and Obtain DNS server address automatically. Click OK twice.

Windows 7

Click Choose Network Status and Tasks from the Control Panel. Click Change adapter settings. Right click the Local Area Connection and choose Properties. Select Internet Protocol Version 4 and click Properties. Select Obtain and IP address automatically and Obtain DNS server address automatically, then click OK twice.

Linux / Mac

Open a terminal and issue ifconfig eth0 where eth0 is the Ethernet interface connected to the WiFi Pineapple. Check the inet addr reported. If it is not a 192.168.1.x address you’ll want to manually ask for an address from the DHCP server on the pineapple. Depending on your distribution the command to do this may be “dhclient eth0″ or “dhcpcd eth0″.

Via Wireless

By default the SSID of the WiFi Pineapple is either “Pineapple” or “OpenWRT” without encryption. Connect to it as you would to any ordinary wireless access point. The pineapple will assign you an IP address via DHCP. If for some reason your Wireless interface has not been configured to obtain an address automatically please consult the above instructions substituting your wireless interface for the Ethernet interface.

Via Serial

WiFi Pineapples bought or built on Fon 2100 or Accton MR3201A hardware sport shell access through a serial interface. For information on this access method please consult these fine documents:

• Fon Serial Cable at digininja.org
• LaFonera Hardware Serial-Cable-Port on dd-wrt.com

Accessing the Jasager Interface

Once connected via Ethernet or wireless you can point your web browser at the Jasager management interface. Here you can configure the interface, karma, mac address filtering, ssid white/black listing and execute commands on connected clients.

By default the Jasager interface can be found at http://192.168.1.1:1471. It’s important to note the :1471 bit as that specifies the non-standard port number of this http interface. Any modern web browser will work, be it Firefox, Chrome, Safari, Opera or Internet Explorer. I’ve even successfully used it with the text-only browser Lynx! You’ll need to login. By default the username is root and password is “pineapplesareyummy” (sans quotes).

Status / Main Controls

The options in this section allow you to control the wireless card and karma features. The SSID list is a list of SSIDs that the interface will either accept (whitelist mode) or ignore (blacklist mode). One thing to watch out for is that changing from blacklist to whitelist mode, and vise-versa does not reset the SSID list.

Connected Clients

The list of connected clients comes from a merger of wlanconfig output, information in the log file and the ARP cache. A blank IP address may mean the client hasn’t got an IP address or hasn’t used it for a while so it has slipped from the ARP table.
The dropdown list of commands allows you to add the clients SSID to the watch list and kick the MAC address. Kicking is not blocking a MAC, just temporarily disconnecting it, most clients will attempt to reconnect within seconds of being kicked. Kicking can be useful if you blacklist a SSID and need to remove any currently associated clients. I have an idea that this list will grow with useful commands such as blocking MAC addresses and initiating things such as nmap scans. Watch out for new features in version 2.

Log

All activity is logged to /karma/log/status.log which gets dumped out to the log window.

This time on the show we’re Breaking into Windows boxes with no skillz necessary using Konboot for USB, Spear-Phishing with a WiFi Pineapple, Sudo with pipes in Linux and downloading torrents anonymously

Download HD Download MP4 Download WMV

Hacker Headlines

This time on the show, the Gmail 2-step verification, the easiest screen shot utility in the world, Image burning, MD5 integrity verification and the auto-rickrolling pineapple of doom!

Download HD Download MP4 Download WMV

Hacker Headlines

Sony and George Hotz have called a truce. Settling outside court famed PS3 hacker GeoHot agreed not to be “engaging in any unauthorized access to any SONY PRODUCT under the law” etc… Following the settlement Hotz donated $10k to the Electronic Frontier Foundation, money left over from his donated legal defense fund.

Skype made a boo-boo. Android Police found this little vulnerability in the Skype app for Android, where it seems that the SQLite3 databases where all your chat logs and info is stored was never protected. Skype forgot to encrypt the databases. That means a rogue app could potentially steal data out of your Skype app and send it back to the bad guy. Android Police created this app called Skypwned just to show how the breached can effect you. Oops!

Revealed at the Where 2.0 conference this week, security researchers published details on how iPhones and 3G iPads have been periodically logging your location. Since iOS 4.0 the file consolidated.db has been storing timestamps with latitude-longitude coordinates. The researchers published an open source tool, dubbed iPhone Tracker, which maps your devices stored locations.

Looks like Skype isn’t the only one with trouble brewing. WordPress.com’s servers were hacked pretty deep, root-access level deep. They say a bunch of customer’s source codes were accessible, so they’re having the vulnerable site change their passwords and API’s. The breach was on Automattic.com’s servers to be exact, the software company behind the WordPress platform. Obviously, a lot of information was viewable, but hopefully all the customer’s have already fixed any problems on their sites.

Mad Scientists Photonicinduction bring happyness to the world with a video demonstrating how to erase the data off a CD by spinning between it between two high voltage transformers.

HakTip: zScreen

Want to capture print screens and share them, but don’t want to go through the hassle of saving, uploading, and all that jazz? Try zScreen.

zScreen will automatically capture screenshots, text, or files from your computer clipboard and upload them to a destination of your choice, as well as have the link to it automatically copied to your computer when it’s completed.

Simply download zScreen from code.google.com and install. Once installed, choose your destination for images, files, and text, and the type of URL shortener you would like to use. Under destinations, you can authenticate and authorize zScreen to upload to your FTP, ImageShack, Flickr, even Twitter page, and tons of others. For myself, I’m going to upload to my Flickr page. zScreen uses OAuth, so all it requires is your username, not your password. It’ll authenticate through your Flickr site. You can even choose settings such as what window you want the print screen to copy, you can add a watermark, and tons of other options. Once you’ve gotten your settings squared away, hit your favorite HotKey and watch as your image gets uploaded to your account automatically.

So I hit PrtSc, and my full size image gets uploaded to my Flickr just like that. After it’s uploaded I can easily copy the image link from my clipboard. The link is also saved in zScreen.

It’s a great time saver, and perfect for easily taking notes on your screen and sharing them with others. Thanks to Patrick F for sending this in to us. Do you have a time saver or something cool to share? Email tips@hak5.org and we’ll share them.

OpenWRT / WiFi Pineapple mod: Auto-Rickroll

“John Bebo’s Auto-Rickroll payload for the WiFi Pineapple is an excellent example of using Dnsmasq to forward targets to a hosted site. While this site could be malicious, perhaps hosing the Browser Exploitation Framework, Bebo’s payload is a safe and simple prank. Any web site a victim attempts to browse to brings them to a WiFi Pineapple hosted page containing Rick Astley ASCII Art and looping audio. It uses a similar technique employed by Captive Portals – something we’ll explore in more detail soon – except a lot more annoying.

Thanks to great documentation from Bebo and Hak5 forum member Psychosis setting up your own Auto-rickrolling WiFi Pineapple is super simple. In fact, this will work on just about any OpenWRT based wireless access point – but we’ll be focusing on the WiFi Pineapple specifically for its Jasager abilities.

Follow the step-by-step article with pictures and video at hak5.org/hack/auto-rickrolling-wifi-pineapple

scp * pineapple
mv *. /etc/config
mv * /www/
touch /etc/dnsmasq.conf
echo address=/#/192.168.1.1 > /etc/dnsmasq.conf
vi /etc/init.d/jasager
add to start()
wlanconfig ath0 create wlandev wifi0 wlanmode master 2>&1 > /dev/null
iwpriv ath0 karma 1
brctl addif br-lan ath0
ifconfig eth0 up
#comment out iptables
reboot

Trivia

Our last trivia question was: What is the name of this prominent computer club that was founded in Berlin in 1981? And the answer was: Chaos Computer Club

This week’s trivia question is: What is the name of this virus, considered the first known use of polymorphic code?

Answer at hak5.org/trivia for a chance to win some swag!

2 Step Verification in Gmail

Although I know all of you out there protect your online accounts like crazy, there is always a way to get more protection. Maybe you don’t like using an encryption program or you use the same password for all of your sites. Although this is really bad, I think all of us have done that once or twice in the past. So perhaps you want to try something new.

I just discovered Gmail 2 Step Verification process for my google mail account. I’ve been a little paranoid lately with all the cyber attacks going on, so I decided to up my security, especially because my email is the one site I really don’t want hacked.

2 Step Verification can help prevent unauthorized access that someone might have with just a stolen password. Now, when I sign in to gmail, I’ll not only need my password, but also a code that generates on my phone.

You might be thinking, ‘Well, what if your phone gets stolen?’. I set up a passcode on my phone, a series of random numbers that only I remember, and I set it so if I try brute forcing the passcode, after 10 wrong codes, it’ll wipe my phone.

Back to Gmail. When setting this up, first you’ll need your phone. If you won’t have a secure phone nearby when you sign in to Gmail, perhaps this isn’t the tool for you.

Click on “”Set Up 2 Step Verification”" and choose your phone. Androids, Blackberries, and Iphones have a special Google Authenticator app that will generate your random codes.

The first time you open the app, it’ll ask you to scan a QR code with your phone’s camera. This QR code generates your first series of random digits, and it ties you, the phone holder, to your gmail account. If you don’t have a usable camera or can’t read the QR code, choose to create a time-based key instead, and type your secret key into your phone.

Click next after taking your photo and verify your generated code. Gmail will then ask you to set up a backup in case your phone is lost or stolen. Next you will need a printer or a safe place to save your backup codes. I had a printer installed so I printed my backup codes. Each of these codes will let you sign in once to your gmail.

After printed, click next and choose a backup phone. This can be a home phone, a spouses phone, etc. Type in the phone number and you can then test it if you want. I set up my personal number to my home phone, and when I tested it, it called me and left me a message with a new generated code. When you hit next, confirm your account, and turn on 2 Step Verification.

When you first log in, you’ll type in your account name, password, then your verification code off your phone. You can also choose if you want the code remembered for 30 days or if you want it to ask you for a new code every time you log in.

You’ll notice after you turn on 2 Step Verification that all your devices tied to your gmail account are logged out. Things like gmail for iphone, the mail app, etc, don’t have a place to type in a verification code. To help your security, you’ll need to set up application specific passwords. To do this, under the 2 Step Verification main page, choose application specific passwords.

Choose a name of your device, for example, mine will be “”Shannon’s Iphone”". Click next and you’ll see a series of letters and numbers that you’ll have to type in to your Iphone. So I type in my username, and under the password box I type in this generated password and click next. I only have to do this one time, ever. So I won’t need to memorize this code.

But what happens if someone gets ahold of Shannon’s Iphone? Luckily, under the code, you can see my Iphone. If I choose ‘Revoke’, all access to my mail will be logged out on my Iphone until I authorize it again.

If at any time I need new printed codes, or I need to change my phones, I can go under account settings, 2 Step Verification and edit anything I need. I can even turn off 2 Step Verification if needed.

I LOVE 2 Step Verification. It makes me feel a lot more secure about my mail and personal information. Questions? Comments? Have another program for me? Email feedback@hak5.org.

Emails: CD Burning and nomnomfish

Max S writes: I have been watching your show since season 6. Since then you mentioned a program named Konboot few times.
I was curious and tried getting it. But I have a problem, I successfully download it, and extract it using winrar but when I burn it to a blank CD it doesn’t work.
Am I missing something or does konboot not function anymore?

Shannon recommends verifying the integrity of the download using a tool like Fast Sum or MD5SUM and burning with a tool like IMG Burn

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

John Bebo’s Auto-Rickroll payload for the WiFi Pineapple is an excellent example of using Dnsmasq to forward targets to a hosted site. While this site could be malicious, perhaps hosing the Browser Exploitation Framework, Bebo’s payload is a safe and simple prank. Any web site a victim attempts to browse to brings them to a WiFi Pineapple hosted page containing Rick Astley ASCII Art and looping audio. It uses a similar technique employed by Captive Portals – something we’ll explore in more detail soon – except a lot more annoying.

Thanks to great documentation from Bebo and Hak5 forum member Psychosis setting up your own Auto-rickrolling WiFi Pineapple is super simple. In fact, this will work on just about any OpenWRT based wireless access point – but we’ll be focusing on the WiFi Pineapple specifically for its Jasager abilities.

This article will focus on setting up the Auto-Rickroll payload in Windows so the every handy PuTTY and WinSCP tools will be used. If you’re on Mac or Linux you already have SSH and SCP. We’ll also be taking a beginners approach, so if you’re a guru you can simply download the payload and take a look at the commands at the end of the article.

Demonstration

First begin by download this package containing all of the configuration and www files. Extract the contents to a temporary directory. You should notice index.html as well as NGGUP.mp3 and NGGUP.wav – these are the www files. You’ll also notice extension-less files dhcp, network and wireless. These are the configuration files.

Next connect your WiFi Pineapple to a computer via an Ethernet cable. In its default configuration the WiFi Pineapple has the IP address of 192.168.1.1 and will assign your computer an IP address in that range using DHCP.

To test your connection to the WiFi Pineapple open a shell and issue the ipconfig command. You should have a 192.168.1.x IP address with your default gateway set as 192.168.1.1. Depending on your configuration you may need to disconnect from any wireless or other networks you are currently connected to. Issuing ping 192.168.1.1 should result in four replies.

Now that you’re directly connected to the WiFi Pineapple open WinSCP. Enter 192.168.1.1 as the host name. Leave 22 as the port number. Enter root for the user name and your password. By default the WiFi Pineapple has a password of “pineapples are yummy”. Select SCP from File protocol and click Login. You may receive two errors regarding group lookup, which are safe to disregard.

Now that you’re logged into the WiFi Pineapple with WinSCP you can begin transferring files. In the left-pane navigate to the temporary directory to which you extracted the files in the first step. The right pane will be /root on the WiFi Pineapple by default. Select the 6 extracted files on the left and drag them to the right.

Click Copy to confirm the command and wait for the procedure to complete.

Now that the files have been copied we’re ready to put them in the appropriate places on the device.

Open PuTTY and enter 192.168.1.1 in the host name field. Port 22 should be entered by default. Click Open to connect. The first time doing this you will be asked to save the key. Click yes if prompted.

When prompted login as root. Again, the default password is “pineapplesareyummy” (sans quotes). Issuing the “ls” command will display the files we copied over in the previous step.

Move the index.html and NGGUP files to /www with the command “mv index.html NGGUP.* /www/” Issuing the “ls” command again will show that only the configuration files remain.

Before moving the configuration files to their appropriate location we’ll want to backup the existing files – just in case we ever want to go back to the default. Navigate to the config directory with the “cd /etc/config” command. Again “ls” will display all of the files in this directory.

Rename network, dhcp and wireless to network.bak, dhcp.bak and wireless.bak respectively using the mv command. For example, “mv dhcp dhcp.bak”

Now you’re ready to move the auto-rickrolling configuration files to /etc/config. Since you’re already in that directory use the command “mv ~/* .” (notice the space between * and .). This command says to move (mv) everything (*) from the home directory (~/ – in our case /root since we’re logged in as root) to the current working directory (.).

Again issuing “ls” will show that the configuration files have moved.

Next we’ll need to modify the dnsmasq config file. By default it does not exist in /etc/ so to create a new one we’ll need to issue the command “touch /etc/dnsmasq.conf”

Once the file has been created we’ll need to add one line to it. We could use a text editor such as vi but I find it easier to simply echo the line into the file. Issue “echo “address=/#/192.168.1.1” > /etc/dnsmasq.conf” (mind the quotes around address=/#/192.168.1.1). The echo command prints whatever is written within the quotes. By default it is written to the screen, but since we used a greater-than sign we specified that the output of the echo command go into the file – in our case /etc/dnsmasq.conf. Alternatively if we were echoing multiple lines into the file we would use two consecurive greater-than signs, which append to the end of a file.

To verify that the configuration has been written issue “cat /etc/dnsmasq.conf”, which will return what we wrote in the previous step, sans quotes. The /#/ part of the command is a wildcard, meaning any address your target attempts to browse to will forward to, in this case, 192.168.1.1.

Now we’ll also need to modify the /etc/init.d/jasager configuration file so that is begins karma immediately upon powering on. This is the only step specific to the WiFi Pineapple and can be considered optional. I like the idea of karma coming up on its own with this configuration – it really automates the whole attack. Since the WiFi Pineapple doesn’t need Internet access (it’s forwarding everything to an internally hosted page) it’s just a matter of plugging in the battery pack and turning it on.

We’ll need to add a block of commands to a function, so a proper text editor is in order. For this issue “vi /etc/init.d/jasager”

Cursor down to the iptables command and press “i” to insert. Now prepend a # to the command to comment it out. Next, after the tail command and before the function closes enter the following string of commands exactly as outlined here. Save and close the file by pressing the escape key followed by : (colon), x (x) and enter.

Finally our configuration changes are complete and it is time to reboot, so either pull the plug on the pineapple or issue the “reboot” command. When everything comes back up either stay connected via ethernet or connect via WiFi to the newly renamed SSID of “ricknet” (or any other Jasager-ized SSID). Browse to any website and enjoy the rickroll action.

Quick steps

#scp * to your pineapple
mv *. /etc/config
mv * /www/
touch /etc/dnsmasq.conf
echo “address=/#/192.168.1.1″ > /etc/dnsmasq.conf
vi /etc/init.d/jasager
#add to start()
wlanconfig ath0 create wlandev wifi0 wlanmode master 2>&1 > /dev/null
iwpriv ath0 karma 1
brctl addif br-lan ath0
ifconfig eth0 up
#comment out iptables command
reboot

This week Shannon is bypassing NSFW filters while Darren goes sniffing for packets in all the wrong places.

Download HD Download MP4 Download XviD Download WMV

Darren takes Android WiFi Tether and Shark for a spin and ends up learning an important geography lesson.

Shannon is demonstrating a few techniques to detecting NSFW links and bypassing potential work filters with a few web tools, including: LongURL.com, PDFmyURL.com, Aviary.com and Variably Safe For Work.

—

You’re Invited to Hak5’s Birthday!

Join us to celebrate 5 years of technolust at the Hotsy Totsy Club – an Albany institution since 1939! Come for drinks, pool, shuffleboard and a live performance from nerdcore sensation, Eighty of Dual Core! 21+. No cover. Street parking. 7 blocks from El Cerrito BART. WiFi. Taco’s Autlense Taco Truck parked in lot. Need we say more?

Saturday, August 14th at 7:00 PM
Hotsy Totsy Club
601 San Pablo Ave.
Albany, CA 94706

RSVP now via Facebook – can’t wait to celebrate the grand years of old school hacking with you!

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

Back in studio with Shannon this week. Darren has answers to your WiFi deauthorization attack questions and a demo of a nifty deuth watching script. Shannon’s all about free and open source alternatives to online backup services like Backupify. Can these tools keep your cloud data secure?

Download HD Download MP4 Download XviD Download WMV

Deauthorization Attacks explained (with demo)

This week we’re answering viewer questions regarding last week’s wireless deauthorization attacks.

How does Deauth work if a client connected to an AP using encryption?
-Mark B

The answer lies in the fact that 802.11b/a/n/g management frames, special packets used to establish and maintain communications, are all sent unencrypted. These include:

• Authentication
• Association request
• Association response
• Reassociation request
• Reassociation response
• Beacon
• Probe request
• Probe response

And finally our favorite…

• Deauthentication

I was wondering how do I prevent the de authorize attacks and man-in-the-middle attacks on my laptop or computer
-Test Account

Short of rewriting your wireless radio’s firmware to ignore deauthorization packets I’m at a loss when it comes to preventing the attack. If you know of a way please get in touch. That said, deauth attacks are quite simple to detect.

Viewer Tinman2k wrote in with a simple python script that uses airmon-ng and scappy to scan for associations, authentications and deauthentications.

You’ll need to begin by placing your card into monitor mode. For example: airmon-ng wlan0 start. Then pass your monitor interface to readAuthDeauth.py

#!/usr/bin/env python

######################################################
#	authWatch.py v. 0.1 (Quick, Dirty and Loud) - by TinMan
#	Place card in monitor mode and set the channel.
#	If you want channel hopping, run airodump-ng in
#	another terminal. Will add channel hopping
# 	in the next version.
######################################################
#
#	Usage: python authWatch.py 
#	

import sys
from scapy import *

interface = sys.argv[1]

def sniffReq(p):
     if p.haslayer(Dot11Deauth):
# Look for a deauth packet and print the AP BSSID, Client BSSID and the reason for the deauth.
           print p.sprintf("Deauth Found from AP [%Dot11.addr2%] Client [%Dot11.addr1%], Reason [%Dot11Deauth.reason%]")
# Look for an association request packet and print the Station BSSID, Client BSSID, AP info.
     if p.haslayer(Dot11AssoReq):
           print p.sprintf("Association request from Station [%Dot11.addr1%], Client [%Dot11.addr2%], AP [%Dot11Elt.info%]")
# Look for an authentication packet and print the Client and AP BSSID
		   if p.haslayer(Dot11Auth):
	   print p.sprintf("Authentication Request from [%Dot11.addr1%] to AP [%Dot11.addr2%]")
 	   print p.sprintf("------------------------------------------------------------------------------------------")
sniff(iface=interface,prn=sniffReq)

Backing up your Cloud Data

One of these day the monkeys will rise up and conquer the net as we know it. That’s why having good backups of your online data is important. So rather than getting screwed when gmail, google docs, flickr, delicious, twitter and wordpress go down, let’s use free and open source software to make proper backups.

Online services like Backupify make it easy to backup your cloud data — but it’s just from one cloud to another (Amazon S3). If you’d like a local copy of your data check out these programs

• FlickrEdit
• Gmail-Backup
• GDocBackup
• Google Doc Backup
• Backing up Delicious with wget
• Tweetake
• TweetBackup
• Johann Burkard’s Open Source Twitter Backup tool
]]> http://Hak5.org/episodes/episode-706/feed 27 http://Hak5.org/episodes/episode-705 http://Hak5.org/episodes/episode-705#comments Wed, 17 Mar 2010 11:07:11 +0000 Darren Kitchen http://www.hak5.org/?p=1753 ]]>



While meeting up with family in Florida this week Darren takes on a WiFi Challenge using the airport friendly Pineapple Mark II and Airdrop-ng. Plus, Shannon has a follow-up to the Ultra Software including your picks.

Download HD Download MP4 Download XviD Download WMV

Airport WiFi Challenge – Jasager and Deauths

Once again my travels take me to a wonderful and target rich environment — the airport.

And while I typically don’t take on challenges, this one tickled my technolust. I was asked how many clients I could harness with a WiFi Pineapple during a typical hour long layover at the airport. I figured this was a great opportunity to test out Airdrop-ng.

Your Ultra Software Picks

In a follow-up from episode 703, Shannon counts down your Ultra software picks, including:

• Total Commander
• JkDefrag
• Ultimate Boot CD
• Super Anti-Spyware
• Process Explorer
]]> http://Hak5.org/episodes/episode-705/feed 41 http://Hak5.org/episodes/episode-626 http://Hak5.org/episodes/episode-626#comments Tue, 09 Feb 2010 16:18:41 +0000 Jason http://www.hak5.org/?p=1975



We head out to DC for Shmoocon, our favorite hacker conference on the east coast, to talk to some of the brightest minds in security. We talk to Tom Eston about social media security, TheX1le about his new tool airdrop-ng, Jason Scott about preserving our digital heritage, Chris Paget about man-in-the-middle attacks against GSM networks, and much more.

Download HD Download MP4 Download XviD Download WMV




Airdrop-ng

Self taught packet junkie TheX1le shares with us his new tool for wireless de-authentication and deassociation. Airdrop-ng facilitates client control with versatile rule based control.

Cloning, Spoofing, Man-in-the-middle sniffing, and decrypting GSM

Chris Paget of h4rdw4re shares with us the in’s and out’s of GSM hacking. Armed with a USRP and his open-source software, Paget pretends to be your GSM tower, and a lot more.

Jason Scott – Defender of Digital Heritage
Textfiles.com very own Jason Scott joins us to talk about preserving our digital heritage with Archive Team and why it’s important to keep Geocities, Netscape Now buttons, and *gasp* Hamster Dance.

Social Media Security

Tom Eston shares with us the delicious dangers of social networks while in the hands of web-application exploiting hackers. No worries, he’s got you covered at socialmediasecurity.com

]]> http://Hak5.org/episodes/episode-626/feed 0 http://Hak5.org/hack/strip-out-ssl-security-with-a-man-in-the-middle-attack http://Hak5.org/hack/strip-out-ssl-security-with-a-man-in-the-middle-attack#comments Mon, 14 Dec 2009 08:09:08 +0000 Darren Kitchen http://www.hak5.org/?p=1633



Darren demonstrates a little man-in-the-middle attack using SSLStrip, an epic tool for removing that pesky encryption from your victims browsing session. Go from secure site to clear-text passwords in one simple step.

Moxie Marlinspike‘s SSLStrip, released at Blackhat/DEFCON this year, is a tool that transparently hijacks HTTP traffic and redirects HTTPS links to look-alike HTTP links. While this description barely scratches the surface, Darren’s segment takes a closer look including a pracitcal demonstration of a man-in-the-middle attack using arpspoof and a little luck with remote-exploit’s BackTrack 4 penetration testing distribution.

]]> http://Hak5.org/hack/strip-out-ssl-security-with-a-man-in-the-middle-attack/feed 14 http://Hak5.org/episodes/episode-610 http://Hak5.org/episodes/episode-610#comments Wed, 21 Oct 2009 11:49:03 +0000 Darren Kitchen http://www.hak5.org/?p=1428 ]]>



This time on the show Darren’s having a little man-in-the-middle fun with a demonstration os SSLStrip, an epic tool for removing that pesky encryption from your victims browsing session.

Download HD Download MP4 Download XviD Download WMV

Moxie Marlinspike‘s SSLStrip, released at Blackhat/DEFCON this year, is a tool that transparently hijacks HTTP traffic and redirects HTTPS links to look-alike HTTP links. While this description barely scratches the surface, Darren’s segment takes a closer look including a pracitcal demonstration of a man-in-the-middle attack using arpspoof and a little luck with remote-exploit’s BackTrack 4 penetration testing distribution.

]]> http://Hak5.org/episodes/episode-610/feed 38