Hak5 - Technolust since 2005 » Pineapple

WiFi Pineapple: your first connection

Darren Kitchen — Wed, 04 May 2011 22:48:45 +0000

So you’ve built, borrowed or bought a WiFi Pineapple and you’re new to OpenWRT and Jasager. Hopefully this guide will familiarize you with the many aspects of the the WiFi Pineapple. If you have specific questions please leave a comment or email feedback@hak5.org and we’ll try to keep this page updated.

This article will guide you through connecting to the WiFi Pineapple for the first time. For more in-depth how-to’s involving command line control, modules, using the white and black listing functions, sharing Internet access and more please consult the Jasager board on the Hak5 forums and keep an eye on the WiFi Pineapple category of the Hak5.org blog for future articles on these topics.

First and foremost

The WiFi Pineapple is a customized version of OpenWRT running the latest Jasager software by Robin Wood. Since OpenWRT is a Linux based wireless networking operating system you’ll want to be familiar with basic Linux and networking fundamentals.

Tools you’ll find handy

Right out of the box most everything can be configured with just about any web browser, but you’ll likely also want a tool or two to get a shell and transfer files. If you’re using Linux or Mac you already have the ssh and scp commands at your disposal. If you’re on Windows we recommend using the PuTTY and WinSCP GUI tools or the command-line equivelent Plink.

Battery Powering the Pineapple

The WiFi Pineapple requires 5V and 2A of DC power. If you’re looking to go mobile leave the wall-wart at home. Four AA rechargeable batteries work well at powering this puppy. It’s important to get AA batteries with a high mAh rating. We recommend no less than 2400, so pick up a few meant for digital cameras for best results. If your standard alkalines aren’t doing the trick it’s probably due to a low mAh rating. Check the packaging. Of course we recommend rechargeables over the landfill populating variety.

Connecting for the first time

There are many ways to connect to and configure a WiFi Pineapple. Here are a few:

Via Ethernet

Power up and connect an Ethernet cable between your computer and the router’s. In its stock configuration the WiFi Pineapple is configured with the static IPv4 address of 192.168.1.1. It is also setup to hand out IP addresses in the 192.168.1.0/24 range via DHCP. If your machine is configured to obtain an IP address automatically you should get something like 192.168.1.100 from it momentarily.

Configuring your interface to obtain an IP address from the WiFi Pineapple’s DHCP server

In case your computer is not already setup to obtain an IP address on the Ethernet interface from a DHCP server, here are quick instructions for some common operating systems.

Windows XP

Open Network Connections from the Control Panel. Right-click on the Local Area Connection and choose Properties. From the dialog select Internet Protocol TCP/IP and click Properties. From the General tab choose Obtain an IP address automatically and Obtain DNS server address automatically. Click OK twice.

Windows 7

Click Choose Network Status and Tasks from the Control Panel. Click Change adapter settings. Right click the Local Area Connection and choose Properties. Select Internet Protocol Version 4 and click Properties. Select Obtain and IP address automatically and Obtain DNS server address automatically, then click OK twice.

Linux / Mac

Open a terminal and issue ifconfig eth0 where eth0 is the Ethernet interface connected to the WiFi Pineapple. Check the inet addr reported. If it is not a 192.168.1.x address you’ll want to manually ask for an address from the DHCP server on the pineapple. Depending on your distribution the command to do this may be “dhclient eth0″ or “dhcpcd eth0″.

Via Wireless

By default the SSID of the WiFi Pineapple is either “Pineapple” or “OpenWRT” without encryption. Connect to it as you would to any ordinary wireless access point. The pineapple will assign you an IP address via DHCP. If for some reason your Wireless interface has not been configured to obtain an address automatically please consult the above instructions substituting your wireless interface for the Ethernet interface.

Via Serial

WiFi Pineapples bought or built on Fon 2100 or Accton MR3201A hardware sport shell access through a serial interface. For information on this access method please consult these fine documents:

Accessing the Jasager Interface

Once connected via Ethernet or wireless you can point your web browser at the Jasager management interface. Here you can configure the interface, karma, mac address filtering, ssid white/black listing and execute commands on connected clients.

By default the Jasager interface can be found at http://192.168.1.1:1471. It’s important to note the :1471 bit as that specifies the non-standard port number of this http interface. Any modern web browser will work, be it Firefox, Chrome, Safari, Opera or Internet Explorer. I’ve even successfully used it with the text-only browser Lynx! You’ll need to login. By default the username is root and password is “pineapplesareyummy” (sans quotes).

Status / Main Controls

The options in this section allow you to control the wireless card and karma features. The SSID list is a list of SSIDs that the interface will either accept (whitelist mode) or ignore (blacklist mode). One thing to watch out for is that changing from blacklist to whitelist mode, and vise-versa does not reset the SSID list.

Connected Clients

The list of connected clients comes from a merger of wlanconfig output, information in the log file and the ARP cache. A blank IP address may mean the client hasn’t got an IP address or hasn’t used it for a while so it has slipped from the ARP table.
The dropdown list of commands allows you to add the clients SSID to the watch list and kick the MAC address. Kicking is not blocking a MAC, just temporarily disconnecting it, most clients will attempt to reconnect within seconds of being kicked. Kicking can be useful if you blacklist a SSID and need to remove any currently associated clients. I have an idea that this list will grow with useful commands such as blocking MAC addresses and initiating things such as nmap scans. Watch out for new features in version 2.

Log

All activity is logged to /karma/log/status.log which gets dumped out to the log window.

Hak5 911 – Circumvent Windows Login Security with a USB boot-drive, Phishing with a Pineapple and anonymous torrenting!

Jason — Wed, 04 May 2011 19:00:30 +0000

This time on the show we’re Breaking into Windows boxes with no skillz necessary using Konboot for USB, Spear-Phishing with a WiFi Pineapple, Sudo with pipes in Linux and downloading torrents anonymously

Download HD Download MP4 Download WMV

Hacker Headlines

Remember how Skype had a gaping security hole last week where third party apps could steal your data? They fixed it! And now if you own an Android 2.1 device, you can get Skype 3G calling without a Verizon Wireless sanctioned app. Pretty cool! Good job Skype!

If you’re a PS3 gamer with a credit card tied to your PlayStation Network account, now might be a good time to check your bank statements. After day long outages of PlayStation Network and Qriocity, Sony is reporting that account information including name, address, email, birthdate, login, password and handles have been obtained by an unauthorized person. Sony isn’t ruling out the possibility that credit cards data was taken and is advising users to check their credit, keep an eye out for suspicious activity and follow up with the FTCs Identity Theft site. Sony has gone as far as to have provided the names and contact information of effected parties to the three major U.S. credit bureaus so that users may place a “fraud alert” on their files for free.

If you have an Xperia unbranded Play, Arc, Neo, or Pro, you can now try out custom ROM’s and mods. Sony Ericsson released theAndroid bootloader unlocking site, so you can tinker to your hearts desire on those machines. But modders be aware! If it goes wrong, your warranty will too…

While Google has announced encryption support in the third version of its yet to be open sourced Android operating system, many are looking to the Guardian Project for features like full-disk encryption, secure instant messanging and anonymous web browsing. The project aims to create apps and open-source firmware for those looking to protect their communications.

Use that old CD ROM laser to create a laser triggered water bomb trap! Great for pranks and giggles!

Crack the Code Challenge

Did you have what it took to compete in our Crack The Code Challenge, brought to you by GoToAssist Express? These Hak5 viewers did last Sunday. Mad props go to Mr-Protocol and Hack_sipop215 who made it to the first of three timed checkpoints.

A big thanks go out to all that participated, joined the live stream and chat, and of course GoToAssist Express for sponsoring our Hak5 Lab Network. Stay tuned for info on the next, even bigger Crack the Code Challenge.

And be sure to tune in next week as we’ll have a detailed walk through on how the challenge was completed.

Phishing with a WiFi Pineapple

Following up on last weeks auto-rickrolling WiFi Pinepaple I decided to take it a step further with a little phishing expedition in Berkeley. See the entire step-by-step at hak5.org/hack/pineapple-phishing.

Trivia!

Last weeks trivia: What is the name of the virus, considered the first known use of polymorphic code?

The Answer was: 1260

This week’s question is: The UK version of this device represents 10 Pence with a 1000 Hz tone. What is the device?

Answer at hak5.org/trivia to win some sweet swag.

Circumvent Windows Security with Konboot for USB

“Konboot from a USB

I did a segment on Konboot back on episode 518, but I wanted to recap it and show you how to boot Konboot from a USB instead. If you haven’t checked it out already, Konboot is a tool that lets you change the contents of a Windows or Linux kernel while booting, enabling you to bypass the root user password while logging in. It was originally created for the user to boot in case they forgot their own password, so you shouldn’t use this for malicious purposes. Konboot was made for CD and floppy, so you have to follow these simple steps to get it working from a USB. These steps only work for 32 bit machines, so if you have a 64 bit machine, hold tight and I’ll show you how to do that afterwards.

32 bit:

First, download UNetbootin and install the program. Then, download the Konboot Floppy image from the Konboot website and extract the zip file (password is kon-boot) so you can get the FD0-konboot-v1.1-2in1.img file. You’ll also have to extract the floppy image file folder as well. Plug in your USB flash drive. It doesn’t have to be very big, I’m just using a little 1 GB flashdrive.

Run UNetbootin on your computer, select Diskimage, click the drop down menu to select floppy and browse for the .img konboot file. Under type, choose USB drive and under Drive, choose your USB drive letter. Double and triple check this so you don’t overwrite your main harddrive! Now click ok and wait for the Konboot floppy image to install onto your USB drive.

Now that you have the USB ready, reboot your computer with the USB plugged in, choose to boot from USB first, and you should see a UNetbootin screen pop up.

Select Default, which is your USB and you should see the Kryptos Logic boot screen, which is KonBoot.

Press any key and you’ll see some Konboot ASCII art and it starts to boot into Windows. You may run into a problem with an infinite loop, and if you do, follow IronGeek’s tutorial for fixing this problem. He was able to modify the syslinux.cfg file to fix this problem.

Go over to IronGeek’s blog and download his .zip file. Extract it, and save the two files onto the root of your USB stick.

Restart your computer and boot from your USB drive again, this time starting with the 1st KonBoot and click through until you get back to the syslinux screen again.

This time choose “”2nd try boot as hd1″”, then try hd2, and hd3 until one of the boots lets you through to Windows.

64-bit

If you have a 64 bit machine, you won’t be able to use these steps above. The only way I could get it to work on my Windows 7 64 bit laptop was to download the new version of Katana from Hack From A Cave.

Download the Katana RAR file and extract everything to the root of your USB stick. This is 4 gigs so you’ll need a bigger drive. Mine is 8 GB.

Click Start, type CMD, right click and choose Run As Administrator. Type in your USB drive, mine is D:, then enter. Type dir to view files, then type bootinst.bat and press enter. Follow the on screen steps.

Now you’re ready to boot! Restart your computer and boot off the USB. Katana should open. Choose Konboot and log onto Windows.

Now you can get back onto your computer if you forgot your password!

Email me at feedback@hak5.org with questions or comments!

HakTip

This HakTip was sent in from Matt who recently saw me opening a root shell when I was unable to run

sudo echo 1 > /proc/sys/net/ipv4/ip_forward

He wanted to let me know that there is a way to use echo to write to files that need root permissions without getting a root shell by running:

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

running tee this way will act like a > and if you want to use tee to act like >> then just use tee -a.

Also, Matt votes for vi over nano ”

Emails

Hey guys and gal, Been sharing your segments on proxmox and I am very curious besides the fact that its free, how does it compare to the big boys like vmware ? Also is it good enough for production use say in a small business of 25 users? One lasts question have you heard of ulteo? If so what do you think of using it with proxmox?

Christian Writes: Love all your shows,very interesting stuff. I had a question regarding torrents and proxies. I am using “”"”utorrent”"”" and would like to mask my real IP. I know there are a couple of paying services out there which would let me use utorrent and not show my real ip address and also encrypt my connection. I was looking at a service like www.btguard.com, I was also looking at open vpn. What are your best suggestions,ideas or recommended services for what I want to do?

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple andhoodie. Finally if you’d like to suggest a topic for ask a question feel free to hit up feedback@hak5.org.

Hak5 910 – OpenWRT and WiFi Pineapple mods, Gmail 2-step verification, zScreen screencaptures, Image burning and MD5 hashes

Darren Kitchen — Wed, 27 Apr 2011 07:15:55 +0000

This time on the show, the Gmail 2-step verification, the easiest screen shot utility in the world, Image burning, MD5 integrity verification and the auto-rickrolling pineapple of doom!

Download HD Download MP4 Download WMV

Hacker Headlines

Sony and George Hotz have called a truce. Settling outside court famed PS3 hacker GeoHot agreed not to be “engaging in any unauthorized access to any SONY PRODUCT under the law” etc… Following the settlement Hotz donated $10k to the Electronic Frontier Foundation, money left over from his donated legal defense fund.

Skype made a boo-boo. Android Police found this little vulnerability in the Skype app for Android, where it seems that the SQLite3 databases where all your chat logs and info is stored was never protected. Skype forgot to encrypt the databases. That means a rogue app could potentially steal data out of your Skype app and send it back to the bad guy. Android Police created this app called Skypwned just to show how the breached can effect you. Oops!

Revealed at the Where 2.0 conference this week, security researchers published details on how iPhones and 3G iPads have been periodically logging your location. Since iOS 4.0 the file consolidated.db has been storing timestamps with latitude-longitude coordinates. The researchers published an open source tool, dubbed iPhone Tracker, which maps your devices stored locations.

Looks like Skype isn’t the only one with trouble brewing. WordPress.com’s servers were hacked pretty deep, root-access level deep. They say a bunch of customer’s source codes were accessible, so they’re having the vulnerable site change their passwords and API’s. The breach was on Automattic.com’s servers to be exact, the software company behind the WordPress platform. Obviously, a lot of information was viewable, but hopefully all the customer’s have already fixed any problems on their sites.

Mad Scientists Photonicinduction bring happyness to the world with a video demonstrating how to erase the data off a CD by spinning between it between two high voltage transformers.

HakTip: zScreen

Want to capture print screens and share them, but don’t want to go through the hassle of saving, uploading, and all that jazz? Try zScreen.

zScreen will automatically capture screenshots, text, or files from your computer clipboard and upload them to a destination of your choice, as well as have the link to it automatically copied to your computer when it’s completed.

Simply download zScreen from code.google.com and install. Once installed, choose your destination for images, files, and text, and the type of URL shortener you would like to use. Under destinations, you can authenticate and authorize zScreen to upload to your FTP, ImageShack, Flickr, even Twitter page, and tons of others. For myself, I’m going to upload to my Flickr page. zScreen uses OAuth, so all it requires is your username, not your password. It’ll authenticate through your Flickr site. You can even choose settings such as what window you want the print screen to copy, you can add a watermark, and tons of other options. Once you’ve gotten your settings squared away, hit your favorite HotKey and watch as your image gets uploaded to your account automatically.

So I hit PrtSc, and my full size image gets uploaded to my Flickr just like that. After it’s uploaded I can easily copy the image link from my clipboard. The link is also saved in zScreen.

It’s a great time saver, and perfect for easily taking notes on your screen and sharing them with others. Thanks to Patrick F for sending this in to us. Do you have a time saver or something cool to share? Email tips@hak5.org and we’ll share them.

OpenWRT / WiFi Pineapple mod: Auto-Rickroll

“John Bebo’s Auto-Rickroll payload for the WiFi Pineapple is an excellent example of using Dnsmasq to forward targets to a hosted site. While this site could be malicious, perhaps hosing the Browser Exploitation Framework, Bebo’s payload is a safe and simple prank. Any web site a victim attempts to browse to brings them to a WiFi Pineapple hosted page containing Rick Astley ASCII Art and looping audio. It uses a similar technique employed by Captive Portals – something we’ll explore in more detail soon – except a lot more annoying.

Thanks to great documentation from Bebo and Hak5 forum member Psychosis setting up your own Auto-rickrolling WiFi Pineapple is super simple. In fact, this will work on just about any OpenWRT based wireless access point – but we’ll be focusing on the WiFi Pineapple specifically for its Jasager abilities.

Follow the step-by-step article with pictures and video at hak5.org/hack/auto-rickrolling-wifi-pineapple

scp * pineapple
mv *. /etc/config
mv * /www/
touch /etc/dnsmasq.conf
echo address=/#/192.168.1.1 > /etc/dnsmasq.conf
vi /etc/init.d/jasager
add to start()
wlanconfig ath0 create wlandev wifi0 wlanmode master 2>&1 > /dev/null
iwpriv ath0 karma 1
brctl addif br-lan ath0
ifconfig eth0 up
#comment out iptables
reboot

Trivia

Our last trivia question was: What is the name of this prominent computer club that was founded in Berlin in 1981? And the answer was: Chaos Computer Club

This week’s trivia question is: What is the name of this virus, considered the first known use of polymorphic code?

Answer at hak5.org/trivia for a chance to win some swag!

2 Step Verification in Gmail

Although I know all of you out there protect your online accounts like crazy, there is always a way to get more protection. Maybe you don’t like using an encryption program or you use the same password for all of your sites. Although this is really bad, I think all of us have done that once or twice in the past. So perhaps you want to try something new.

I just discovered Gmail 2 Step Verification process for my google mail account. I’ve been a little paranoid lately with all the cyber attacks going on, so I decided to up my security, especially because my email is the one site I really don’t want hacked.

2 Step Verification can help prevent unauthorized access that someone might have with just a stolen password. Now, when I sign in to gmail, I’ll not only need my password, but also a code that generates on my phone.

You might be thinking, ‘Well, what if your phone gets stolen?’. I set up a passcode on my phone, a series of random numbers that only I remember, and I set it so if I try brute forcing the passcode, after 10 wrong codes, it’ll wipe my phone.

Back to Gmail. When setting this up, first you’ll need your phone. If you won’t have a secure phone nearby when you sign in to Gmail, perhaps this isn’t the tool for you.

Click on “”Set Up 2 Step Verification”" and choose your phone. Androids, Blackberries, and Iphones have a special Google Authenticator app that will generate your random codes.

The first time you open the app, it’ll ask you to scan a QR code with your phone’s camera. This QR code generates your first series of random digits, and it ties you, the phone holder, to your gmail account. If you don’t have a usable camera or can’t read the QR code, choose to create a time-based key instead, and type your secret key into your phone.

Click next after taking your photo and verify your generated code. Gmail will then ask you to set up a backup in case your phone is lost or stolen. Next you will need a printer or a safe place to save your backup codes. I had a printer installed so I printed my backup codes. Each of these codes will let you sign in once to your gmail.

After printed, click next and choose a backup phone. This can be a home phone, a spouses phone, etc. Type in the phone number and you can then test it if you want. I set up my personal number to my home phone, and when I tested it, it called me and left me a message with a new generated code. When you hit next, confirm your account, and turn on 2 Step Verification.

When you first log in, you’ll type in your account name, password, then your verification code off your phone. You can also choose if you want the code remembered for 30 days or if you want it to ask you for a new code every time you log in.

You’ll notice after you turn on 2 Step Verification that all your devices tied to your gmail account are logged out. Things like gmail for iphone, the mail app, etc, don’t have a place to type in a verification code. To help your security, you’ll need to set up application specific passwords. To do this, under the 2 Step Verification main page, choose application specific passwords.

Choose a name of your device, for example, mine will be “”Shannon’s Iphone”". Click next and you’ll see a series of letters and numbers that you’ll have to type in to your Iphone. So I type in my username, and under the password box I type in this generated password and click next. I only have to do this one time, ever. So I won’t need to memorize this code.

But what happens if someone gets ahold of Shannon’s Iphone? Luckily, under the code, you can see my Iphone. If I choose ‘Revoke’, all access to my mail will be logged out on my Iphone until I authorize it again.

If at any time I need new printed codes, or I need to change my phones, I can go under account settings, 2 Step Verification and edit anything I need. I can even turn off 2 Step Verification if needed.

I LOVE 2 Step Verification. It makes me feel a lot more secure about my mail and personal information. Questions? Comments? Have another program for me? Email feedback@hak5.org.

Emails: CD Burning and nomnomfish

Max S writes: I have been watching your show since season 6. Since then you mentioned a program named Konboot few times.
I was curious and tried getting it. But I have a problem, I successfully download it, and extract it using winrar but when I burn it to a blank CD it doesn’t work.
Am I missing something or does konboot not function anymore?

Shannon recommends verifying the integrity of the download using a tool like Fast Sum or MD5SUM and burning with a tool like IMG Burn

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

Episode 724 – Bypassing NSFW filters and Android Packet Sniffing

Jason — Fri, 30 Jul 2010 02:14:32 +0000

This week Shannon is bypassing NSFW filters while Darren goes sniffing for packets in all the wrong places.

Download HD Download MP4 Download XviD Download WMV

Darren takes Android WiFi Tether and Shark for a spin and ends up learning an important geography lesson.

Shannon is demonstrating a few techniques to detecting NSFW links and bypassing potential work filters with a few web tools, including: LongURL.com, PDFmyURL.com, Aviary.com and Variably Safe For Work.

—

You’re Invited to Hak5’s Birthday!

Join us to celebrate 5 years of technolust at the Hotsy Totsy Club – an Albany institution since 1939! Come for drinks, pool, shuffleboard and a live performance from nerdcore sensation, Eighty of Dual Core! 21+. No cover. Street parking. 7 blocks from El Cerrito BART. WiFi. Taco’s Autlense Taco Truck parked in lot. Need we say more?

Saturday, August 14th at 7:00 PM
Hotsy Totsy Club
601 San Pablo Ave.
Albany, CA 94706

RSVP now via Facebook – can’t wait to celebrate the grand years of old school hacking with you!

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

Episode 706 – Deauth Detection and Cloud Data Backups

Darren Kitchen — Wed, 24 Mar 2010 16:08:24 +0000

Back in studio with Shannon this week. Darren has answers to your WiFi deauthorization attack questions and a demo of a nifty deuth watching script. Shannon’s all about free and open source alternatives to online backup services like Backupify. Can these tools keep your cloud data secure?

Download HD Download MP4 Download XviD Download WMV

Deauthorization Attacks explained (with demo)

This week we’re answering viewer questions regarding last week’s wireless deauthorization attacks.

How does Deauth work if a client connected to an AP using encryption?
-Mark B

The answer lies in the fact that 802.11b/a/n/g management frames, special packets used to establish and maintain communications, are all sent unencrypted. These include:

Authentication
Association request
Association response
Reassociation request
Reassociation response
Beacon
Probe request
Probe response

And finally our favorite…

Deauthentication

I was wondering how do I prevent the de authorize attacks and man-in-the-middle attacks on my laptop or computer
-Test Account

Short of rewriting your wireless radio’s firmware to ignore deauthorization packets I’m at a loss when it comes to preventing the attack. If you know of a way please get in touch. That said, deauth attacks are quite simple to detect.

Viewer Tinman2k wrote in with a simple python script that uses airmon-ng and scappy to scan for associations, authentications and deauthentications.

You’ll need to begin by placing your card into monitor mode. For example: airmon-ng wlan0 start. Then pass your monitor interface to readAuthDeauth.py

#!/usr/bin/env python

######################################################
#	authWatch.py v. 0.1 (Quick, Dirty and Loud) - by TinMan
#	Place card in monitor mode and set the channel.
#	If you want channel hopping, run airodump-ng in
#	another terminal. Will add channel hopping
# 	in the next version.
######################################################
#
#	Usage: python authWatch.py 
#	

import sys
from scapy import *

interface = sys.argv[1]

def sniffReq(p):
     if p.haslayer(Dot11Deauth):
# Look for a deauth packet and print the AP BSSID, Client BSSID and the reason for the deauth.
           print p.sprintf("Deauth Found from AP [%Dot11.addr2%] Client [%Dot11.addr1%], Reason [%Dot11Deauth.reason%]")
# Look for an association request packet and print the Station BSSID, Client BSSID, AP info.
     if p.haslayer(Dot11AssoReq):
           print p.sprintf("Association request from Station [%Dot11.addr1%], Client [%Dot11.addr2%], AP [%Dot11Elt.info%]")
# Look for an authentication packet and print the Client and AP BSSID
		   if p.haslayer(Dot11Auth):
	   print p.sprintf("Authentication Request from [%Dot11.addr1%] to AP [%Dot11.addr2%]")
 	   print p.sprintf("------------------------------------------------------------------------------------------")
sniff(iface=interface,prn=sniffReq)

Backing up your Cloud Data

One of these day the monkeys will rise up and conquer the net as we know it. That’s why having good backups of your online data is important. So rather than getting screwed when gmail, google docs, flickr, delicious, twitter and wordpress go down, let’s use free and open source software to make proper backups.

Online services like Backupify make it easy to backup your cloud data — but it’s just from one cloud to another (Amazon S3). If you’d like a local copy of your data check out these programs

Episode 705 – Airport WiFi Challenge and your Ultra Software Picks

Darren Kitchen — Wed, 17 Mar 2010 11:07:11 +0000

While meeting up with family in Florida this week Darren takes on a WiFi Challenge using the airport friendly Pineapple Mark II and Airdrop-ng. Plus, Shannon has a follow-up to the Ultra Software including your picks.

Download HD Download MP4 Download XviD Download WMV

Airport WiFi Challenge – Jasager and Deauths

Once again my travels take me to a wonderful and target rich environment — the airport.

And while I typically don’t take on challenges, this one tickled my technolust. I was asked how many clients I could harness with a WiFi Pineapple during a typical hour long layover at the airport. I figured this was a great opportunity to test out Airdrop-ng.

Your Ultra Software Picks

In a follow-up from episode 703, Shannon counts down your Ultra software picks, including:

Episode 626 — Shmoocon 2010

Jason — Tue, 09 Feb 2010 16:18:41 +0000

We head out to DC for Shmoocon, our favorite hacker conference on the east coast, to talk to some of the brightest minds in security. We talk to Tom Eston about social media security, TheX1le about his new tool airdrop-ng, Jason Scott about preserving our digital heritage, Chris Paget about man-in-the-middle attacks against GSM networks, and much more.

Download HD Download MP4 Download XviD Download WMV

Airdrop-ng

Self taught packet junkie TheX1le shares with us his new tool for wireless de-authentication and deassociation. Airdrop-ng facilitates client control with versatile rule based control.

Cloning, Spoofing, Man-in-the-middle sniffing, and decrypting GSM

Chris Paget of h4rdw4re shares with us the in’s and out’s of GSM hacking. Armed with a USRP and his open-source software, Paget pretends to be your GSM tower, and a lot more.

Jason Scott – Defender of Digital Heritage
Textfiles.com very own Jason Scott joins us to talk about preserving our digital heritage with Archive Team and why it’s important to keep Geocities, Netscape Now buttons, and *gasp* Hamster Dance.

Social Media Security

Tom Eston shares with us the delicious dangers of social networks while in the hands of web-application exploiting hackers. No worries, he’s got you covered at socialmediasecurity.com

Episode 412 — Session Hijacking and Virtualizing Servers

Darren Kitchen — Wed, 19 Nov 2008 17:03:52 +0000

Session Hijacking with a Pineapple, Hamster and Ferret and cell phone? A free and easy way to virtualize physical servers! And is WPA Broken? Ikea clusters, screencasting, and canvas technolust.
[ MP4 | XviD | WMV ]

Watch

Show Notes

Is WPA Broken? Interesting stuff coming out of PacSec this year. Ars has a great writeup about it our check out Martin Beck and Erik Tews’ paper Practical attacks against WEP and WPA (PDF). There is a proof of concept tool available from the Aircrack-NG folks. Take a look at Tkiptun-ng. At time of writing the tool is not fully functional. Something to keep an eye on.

Steve P. writes to us about the Helmer beowulf cluster. This 6xCore2Quad is sure to make any geek smile. Kitty approved too! While stuffing a personal cluster into an Ikea cabinet is novel in and of itself the mad scientist behind it has thought some insane cluster designs including the 50 tflop Helmer 2 and the 4 pflop Helmer 3. All I can say is I want one. Thanks for the links Steve.

Darren enjoys a Bondages’ No Problem while Matt and Shannon stick with the margaritas.

More importantly Darren talks about Session Hijacking and demos a tool from Errata Security called Hamster and Ferret that, in conjunction with the latest 2.0 build of Jasager, an ICS’d EVDO connection and Tftpd32 we’re able to “sidejack” with our little man-in-the-middle setup. Lesson learned? Be suspicious of any wifi. Check for signatures of trusted networks and tunnel your traffic. We’ll come back to this topic with a more indepth segment on Jasager detection and traffic encryption soon.

A note on trivia. Please answer trivia questions on the Hak5 forums from now on. We would love to continue doing dual winners but with growing prize costs we cannot. Also, if you’re interested in volunteering to help with trivia code challenges lend a hand in the Dev5 board.

Matt shows us how to convert a physical server into a virtual server locally using the free VMware converter tool and talks about some of the concerns you must consider when preparing to virtualize. If you have virtualization questions hit up Matt and we’ll cover ‘em on future segments. Matt at Hak5 d0t org.

Alex W. writes with a question about screen recording. We highly recommend the open source Camstudio as well as FRAPS and Techsmith’s Camtasia Studio (warning: sticker shock may occur at techsmith.com). Paul (our “camera guy”) suggests checking out the new screen capturing functionality of the latest verison of VLC, especially if you’re on the Linux or Mac side.

As always we’d love to hear your feedback. Your questions, comments or concerns can be directed to HakHouse.com. It’s a crazy interactive project we’re working on. Just wait ’till we get the web-enabled robots up in there.

Trust your Technolust

Episode 408 — Dissect TCP/IP, Dos Box, Alice, Day-Con, and Fon Batteries

Darren Kitchen — Wed, 22 Oct 2008 16:26:25 +0000

Chris Gerling breaks down IP and TCP headers with Wireshark and building blocks. Shannon Morse shows us DosBox, a free IBM PC DOS emulator. Christine Bourquin talks about Alice, a teaching programming language for beginners. Darren Kitchen summarises his experience at Day-Con and answers some questions about Fon batteries. [ MP4 | XviD | WMV ]

Watch

Show Notes

Chris Gerling dives into the structure of IP and TCP headers in part two of his three part series on packet sniffing. He covers everything from source ports to checksums and everything inbetween offering insight into TCP packets in plain English. Then in part three he covers basic Wireshark usage and advanced techniques. Read more on packet sniffing on his blog at ChrisGerling.com

Shannon Morse shares with us DosBox, the free and open source IBM PC emulator that allows you to break out those old floppies and play your DOS games once again. While we wait for DNF, anyone for a Duke Nukem 3D deathmatch?

Christine Bourquin demos Alice, an innovative 3D programming language that makes it easy to teach programming using a simple drag-and-drop interface. Perfect for the next generation of computer scientists.

Darren Kitchen brings us his review of Day-Con with photos courtesy of the security twits. He also talks about Jasager batteries both big and small.

And on a production note: We’ve switched over from a standard-def composite based video mixing solution to a high-def HDMI based system. We’re not ready to release the full 720p quite yet as we’re ironing out (read: developing on the fly) the post production process but in the mean time we’ve got damn good looking 480p and we’re looking for your feedback. Thanks a million to everyone who has donated and helped make this happen!

Episode 407 — Toorcon 2008: Robin Wood, Dan Griffin, and Jacob Appelbaum

Darren Kitchen — Wed, 15 Oct 2008 16:03:11 +0000

Darren and Shannon head to San Diego for Toorcon and meet up with Robin Wood, Dan Griffin, and Jacob Appelbaum to talk about Jasager, Sharepoint Hacking, and the Cold Boot Attack. Plus Darren’s travel tips and “name that aircraft”. [ MP4 | XviD | WMV ]

Watch

Show Notes

Robin Wood describes the development and future of Jasager

Dan Griffin talks to us about his latest research into hacking sharepoint.

Jacob Appelbaum talks to us about the Cold Boot Attack

Interview with David Hulton (h1kari) and George Spillman (Geo) can be found at hak5.org.

Special thanks to Dual Core for providing music for this episode.

Supplemental Interview

Episode 401 — Wi-Fi Pineapples

Darren Kitchen — Mon, 08 Sep 2008 02:51:08 +0000

In this season premiere episode of Hak5 Mubix joins us to talk about what’s new in Maltego, an open source forensics and intelligence gathering tool. Shannon rocks out with Audio surf, and Darren heads downtown to the coffee shop to own a wireless network with a pineapple. Grab some hax0rflakes ’cause the bricks are gone and we’re back!
[ MP4 | XviD | WMV ]

Production Note

Video issues will be resolved by 403. We’re using new equipment and didn’t catch a nasty bug in our system until after the second shoot

Watch

Show Notes

Wi-Fi Pineapple

Why target individuals on a wireless network when you could have them come to you. Darren talks about the Jasager project, a small portable honey pot with a hunger for clients based on the La Fonera router. http://www.fon.com. Download Jasager.

Maltego

Mubix heads down to show us some fun new features in the open source forensics and intelligence gathering tool Maltego. Download at http://www.paterva.com or find in the latest version of BackTrack at http://www.remote-exploit.org. Read more in Mubix’s Maltego article at room362.

Audio-Surf

Shannon reviews the IGF award winning music game by Invisible Handlebar. Audio-Surf is like the result of F-Zero and Guitar Hero hooking up with the ability to import your own music. Single, 2-player and co-op modes make this highly addictive game one of our favorites. Available through steam at www.audio-surf.com

LAN Party

We’ll be hosting our first LAN Party this season all day Saturday, September 20th at game.hak5.org. Join in for some Counter-Strike: Source action. We’ll be shooting two episodes back to back that day so feel free to hit up the setcam at http://hak5.org and watch as we fumble lines and try not to team-kill.