This time on the show, Shannon demonstrates a novel password management technique. Darren’s explains Time Memory Trade-off and Rainbow Tables. Jason gets started programming for Windows Azure and it’s Linux in your web browser time! A PC Emulator in Javascript.

Download HD Download MP4 Download WMV

A novel approach to password management

I have about a million websites that I have to log onto day-to-day. Seriously. And with all the hype about website infiltration and stolen data, it makes me worry a bit about my own usernames and passwords. I have recently upgraded my Google Mail account to use 2-step verification, which I explained a few weeks ago in a Snubs Report, but what about my facebook? Twitter? My online banking?

These sites all say things like, ‘Password must be so-and-so characters long with at least one letter and number’, but some aren’t so secure. How will I know what sites will have a data breach? I don’t. So I use somewhat different passwords for all sites. But honestly, if someone had the balls and the time to figure out my pattern, they could probably do it. But I don’t want to download a password protection program to use on my home computer because I use several different computers and may not have access to the software or my saved encrypted passwords when I’m using a public PC.

Well, there are other options out there if you don’t want to use more software, you could use something a little less technical.

This is PasswordCard from passwordcard.org. It’s a card the size of a credit card that I can stick in my wallet and carry with me. What makes this unique is the series of random digits and letters that are included on it. The rows are different colors and the columns have a different symbol at the top. You can use this card to think up a very strong and tough password and use the colors and symbols to remember it.

Better yet, each code card is randomly generated and there are Android and iPhone apps.

So here is an example of how to use this tool:

First off, go to the website and print out your unique card. I have a laser black and white printer, but if you have a color printer I’d suggest printing in color to give you more options for remembering passwords.

You can then cut out your card and laminate it if needed. Keep the rest of the page, because it has your unique card number on it. More on that in just a bit.

Then you can choose your password. Choose a symbol and a color or row number and use the letters and numbers that are seen in that row or column.

All you have to do after that is go to your website and change your password. If you lost your PasswordCard, you can go back to the website, type in your unique card number and hit print, or pull it up on your mobile phone.
So for example, I printed out my card and I’m going to choose something I would remember. I’ll go with the music note, and number 7. So my password would be HAg8kgntQUG.

This tool is super simple to use and completely free. The website can be visited safely via HTTPS and the algorithm used to create the codes is available in case the website goes down and you need to reprint your card.

If you don’t feel safe printing a card, just download the free app off the Android Marketplace or the Apple App Store. This app will let you generate a random card or pull up your own card. It’ll also let you generate your own personal PasswordCard based on a series of random hexidecimal digits. For example, I can hit enter number, and type in a number that I have memorized. That number will always pull up my card for me to use.

If you’re worried that someone can get ahold of your unique card number, not to worry! They still wouldn’t have your actual passwords because those were created from the numbers and letters found on the card, and they could be thousands of different password combinations.

I think this is a pretty cool idea, and it’s easy enough that I could probably show my mom how to use this. So, enough of using crappy passwords!

This is just one of the tools available out there for password generation. Do you have one? Email it to me: feedback@hak5.org. Now for the haktip.”

Start programming in Windows Azure

Jason. begins a three-part mini-series on programming for Windows Azure. In this part Jason demonstrates how to get started. In coming parts Jason will develop an cloud-based application that maps Kismet KML data to a Bing map.

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Darren’s Hacking WPA-PSK keys using the recently updated Cowpatty and some damn fine lookup tables. Connecting ESXi to iSCSI targets — Matt breaks it down with FreeNAS. And Shannon completely bypasses local Windows logins with a Kernel modifyin’ boot cd? w00t!

Download HD Download MP4 Download XviD Download WMV

Cracking WPA Keys with Cowpatty

A lot has changed since I last talked about WPA Cracking on Hak5. Specifically Joshua Wright, author of CowPatty has released a new version that dramatically changes the way one thinks about cracking WPA and WPA2 TKIP keys.

The most notable new feature in Cowpatty 4.5 is the “-2″ option, which only requires the first two frames of the 4-way handshake to start attacking.

By removing the need for the third and fourth frames of the handshake, an attacker is now more likely to successfully crack WPA keys when channel hopping. Furthermore, the lack of the third and fourth frame opens up a world of possabilities when it comes to trapping targets with rogue access points, or “honey pots”.

An example scenario illustrated on Wright’s blog details how an attacker may pose as a victim’s corporate wireless access point. Since it doesn’t matter if the target associates with the honey pot, anything from hostap to a spare WPA supporting access point with a bogus key will due.

Of course this has our friend Robin Wood pondering a Jasager plugin. Pineapples anyone?

As for carrying out the attack it’s pretty straight forward. I BackTrack as my hacking OS of choice coupled with an eee PC or Acer Aspire One. When it comes to Wireless I’m a big fan of the ALFA AWUS036H 500mW USB Wireless Adapter.

Other tools needed to carry out the attack include WPA tables like these SSID specific Cowpatty WPA Tables from Offensive Security and the Aircrack-ng suite.

The commands are pretty straight forward and well highlighted in the episode. There are a number of ways to go about this so if you’ve got another method you’d like to share with me, questions about this, or suggestions for future topics drop me a line. darren[at]hak5=dot=org.

Excerpt Darren Kitchen‘s blog

Bypass Windows Local Logins

Kon-Boot

Kon-Boot is an prototype piece of software which allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as ‘root’ user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as silly project of mine, which was born from my never-ending memory problems Secondly it was mainly created for Ubuntu, later i have made few add-ons to cover some other linux distributions. Finally, please consider this is my first linux project so far Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.

So basically, Kon-Boot enables you to log into any Windows or Linux password protected computer without knowing the password or anything about it.

The tech behind it? Kon-Boot basically latches onto parts of the memory and starts patching parts of the kernel (the Brain!), mainly the parts that have to do with the log-on auth and security. These patches let you logon without a password. Then, the bootkit does it so quickly that it leaves no footprints behind after you leave.

DUDE!

To do this:

Go to the website above and download Kon-Boot, open the zip file, and burn the .iso to a disc. I use ImgBurner because it is fast, easy, and FREE.

Shut down the computer you intend to get on to. When booting up, if it isn’t already set to boot from CD (or flashdrive, or whatever Kon-Boot is on), go into the BIOS and set it. You should see the Kon-Boot splash screen for a few seconds, then the username/password screen will appear with the main username already set if they have it saved. If not you need to know the username ahead of time. Press enter or type in some random characters (it doesn’t really matter) and press enter. You’re in!

Now party, snoop around, and get that file you wanted. Get your flashdrive or CD out, then shut the computer back off like usual.

Protecting yourself:

Password protect your BIOS!

True Crypt your entire harddrive!

Excerpt Shannon Morse‘s blog

The gang gathers at a dive in Hoboken, NJ during their trip to NYC for the live diggnation and discuss wireless packet injection with airpwn, advancements in WPA-PSK attacks and of course, virtualization.

Download HD Download MP4 Download XviD Download WMV

In an effort to thwart hangovers the gang drops by DC’s Taven in Hoboken to geek out about Wifi and Virtualization over shots and cold ones.

Darren is excited about the recent improvements to both Airpwn and Cowpatty.

Edit: Mubix points out these awesome WPA Tables from Offensive-Security (You know ‘em as the BackTrack guys).

Best WPA Tables out there for us with CoWPAtty. (And another little + is they posted the password list they used to generate the tables, which is also an AWESOME password list for cracking all kinds of passwords.

Matt answers some viewers questions and encourages more for an upcoming special.

Shannon has all the deets on this week’s contest and LAN party.

In this first episode of ’09 Dave Randolph joins us to geek out about all things video. Darren whips up a Password Cracking Cocktail and shows off a wicked fast MD5 brute force tool that harnesses the power of your Nvidia graphics card. Shannon saves the day by recovering her sisters Windows password with Ophcrack Live. And Evil Server gets his evil on while we were away on holiday.

MP4 XviD WMV

Watch

Show Notes

MD5 Brute Forcing with your graphics card

Since Nvidia released the CUDA API for Windows, Mac and Linux a number of advances have taken place in the world of brute forcing. In this episode I feature a tool by Svarychevski Michail Aleksandrovich that claims to be the world’s fastest MD5 cracker — BarsWF

Using the brute forcer with a couple Nvidia 8 series or newer graphics cards you’re able to achieve unprecidented speeds. I’ve seen claims of nearly 4 billion hashes per second with quad SLI.

CUDA has also spurred other developments, such as this NTLM brute forcer for Linux.

In my segment I go into the very basics of password cracking theory and MD5 hashes with some simple scenarios. My aim is to provide a fundamental understanding of the concepts. If you’re interested in reading more I suggest starting here.

–Darren Kitchen

Windows Password Recovery with Ophcrack Live USB

Recovering Windows Passwords coulnd’t be easier with Ophcrack Live on USB. Whether it’s your sister’s forgotten XP account or [insert other legit reason] a little USB booting and Rainbow Table loving’s got you covered.

Preparing an Ophcrack USB key is as simple as formatting your drive for FAT32 with the HP USB format tool. Downloading and launching USBOphcrack.exe and running the included batch file. The program will download a small set of rainbow tables and prepare your USB drive.

For even higher password recovering accuracy I recommend finding a larger set of Ophcrack compatible rainbow tables. Or if you’re feeling adventerous why not try out the Hak5 community rainbow tables — a whopping 120GB of NTLM goodness.

–Shannon Morse

Be sure to follow one of us on Twitter if you’ll be at CES this week. We’ll be there finding all the best hackable gadgets!

In this truncated episode of Hak5 we dive into the homebrew broadcast console, our little hack behind the scenes that makes the live show tick. And unfortunately due to a jam packed schedule this month between the holidays and buying our first house thats all we had time for. Still thanks for sticking with us as we move to into the new home/studio, we’re excited to be rebuilding the set and going live more frequently. And big props and congratulations to the Community Rainbow Tables team for a job well done. See the page for more details on getting your very own 120 gig LM hash set. Be sure to stay tuned to hak5.org this month as I’m sure some fun move-in clips may surface.

Sponsors

Get awesome web hosting from the pros at Dreamhost and receive $25 off your order when you enter coupon code HAK5! Plans start at $7.95/mo including 500 GB storage, 5 TB bandwidth, and one-click installs of popular software like WordPress, phpBB, and MediaWiki.

Keep your personal information away from spammers, hackers and your crazy ex-evilserver. Private Domain Registration from GoDaddy.com protects your privacy by keeping your address, phone number and more out of the public database. Get an additional 10% on your order when you enter coupon code HAK.