Download HD Download MP4

SSH Remote Forwarding: Relay local apache server through tunnel

# install apache server
darren@dk10$ sudo apt-get install apache2
# browse to http://localhost
# Relay port 8080 on remote host to 80 on local host
darren@dk10$ ssh -R 8080:localhost:80 aardwolf@relay.wifipineapple.com
# browse to http://relay.wifipineapple.com:8080

SSH Local Forward: Relay remote VNC server through tunnel

# install vnc client
darren@dk10$ sudo apt-get install vncviewer
# vnc to server without SSH (bad idea)
darren@dk10$ vncviewer rrs5204q6n.hak5.org:1
# setup SSH local forward
darren@dk10$ ssh -L 5901:localhost:5901 aardwolf@rrs5204q6n.hak5.org
# vnc to server through ssh tunnel
darren@dk10$ vncviewer localhost:1

Maintaining Persistent SSH tunnels in Linux

AutoSSH is a simple and effective utility for monitoring and maintaining persistent SSH connections, restarting the session as necessary. It can be downloaded from http://www.harding.motd.ca/autossh/ and is available for most *nix platforms. On Ubuntu:

# Install autossh
darren@dk10$ sudo apt-get install -y autossh
# The autossh -M option specifies which port to monitor the connection from
# The -N option is a regular openssh parameter which is passed from autossh to ssh, specifying that there is no remote command to execute.
# The & tells the shell, bash in our example, to run the command in the background.
darren@dk10$ autossh -M 20000 -N aardwolf@relay.wifipineapple.com &
# To find the process ID where autossh is running
darren@dk10$ pidof autossh
# And finally to stop autossh
darren@dk10$ kill `pidof autossh`

Maintaining Persistent SSH tunnels in Linux

• First of all we need to cover Plink. Short for Putty Link, the plink utility is the command-line equivalent to Putty on Windows. We'll be using this today along with another to in order to keep an SSH tunnel persistent.
• Here's an example of a plink SSH tunnel. We start by launching pageant and entering our passphrase. Now that our private key is in memory we can use plink to start an SSH tunnel from the command line.
• So open up CMD, navigate to where your plink utility is. For me that's by running "cd putty"
• Now run plink.exe -- you'll be greeted by a whole list of options for this command line utility.
• To start a simple Dynamic SOCKS proxy I'll enter:
• plink -D 8080 snubsie@peanut.hak5.org -agent
• The -D says make it a Dynamic SOCKS proxy on my local port 8080 and the -agent says to use pageant for the private key file.
• And there we go, a command to start our SOCKS proxy for all our tunneling enjoyment. Of course if the SSH connection is dropped we'll be all sad pants -- especially if we're using the tunnel to watch the BBC or something.
• And while autossh *is* available for Windows, sort of, it isn't exactly the easiest to setup. AutoSSH, the Linux program, can be run in Windows using Cygwin -- a Linux environment for Windows. If that suits your fancy, have at it. There's a decent tutorial for setting that up.
• That said I'm more interested in using native Windows programs. Thankfully a similar setup to autossh can be achieved using plink with the help of a little utility called MyEnTunnel.
• Short for My Encrypted Tunnel, MyEnTunnel is a windows utility that lives in the system tray, or can be run as an NT service in the background, that quietly watches Plink sessions and restarts them as necessary.
• MyEnTunnel is available from http://nemesis2.qx.net/pages/MyEnTunnel as freeware.

Download HD Download MP4

In this episode Darren and Shannon break down reverse shells via proxy. The network scenario is that of two devices on disparate networks who's firewalls won't allow inbound connections. Typically this is a NAT router that you haven't access to. Assuming both devices can create outbound connections, which is commonly the case, we'll configure an SSH server to act as a relay for our reverse shell.

In this scenario three hosts are involved. First is our WiFi Pineapple, which is the device we'll be getting the reverse shell from -- meaning we'll be able to login to a terminal on this machine. In our example it is connected to the Internet by way of a 3G/4G modem which our carrier firewalls. Using AutoSSH -- a tool to maintain a persistent SSH connection -- we establish a connection back to our second host, relay.hak5.org. In turn our third host, my laptop (hostname: dk10) connects to relay.hak5.org as well.

## browse to 172.16.42.1/ssh.php (WiFi Pineapple) and Generate Key
##SSH Into WiFi Pineapple
## Establish connection to relay adding key fingerprint to known_hosts on pineapple
root@pineapple# ssh user@relay.wifipineapple.com
## Refresh ssh.php showing known_hosts. Copy RSA key string from "rsa" to "root@pineapple"
## From new session on relay, paste RSA key into authorized_keys file
user@relay$ echo "" >> ~/.ssh/authorized_keys
## Logout of the relay
user@relay$ exit
## Demonstrate how without the -i option ssh on the pineapple will still prompt for password
root@pineapple# ssh user@relay.wifipineapple.com #this will prompt for passwd
## Demo how to properly SSH into a host with a dropbear RSA key
root@pineapple# ssh user@relay.wifipineapple.com -i /etc/dropbear/id_rsa
user@relay$
## Configure SSHD to allow TCP Forwarding **Necessary for Server Admin Only**
## Become root
user@relay$ sudo -i
## Add settings to sshd config file
root@papaya# echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config
root@papaya# echo "GatewayPorts yes" >> /etc/ssh/sshd_config
## Restart SSH Daemon
root@papaya# /etc/init.d/ssh restart
## Logout of root
root@papaya# exit
## Logout of relay completely
user@relay$ exit
## Update SSH Connection Command from 172.16.42.1/ssh.php to reflect username and host
## Enable SSH on boot and SSH keepalive, then click Connect
## From localhost (your laptop) SSH into the newly configured WiFi Pineapple via the relay
## Demonstrate technique one: SSH from SSH (not as sexy)
darren@dk10$ ssh user@relay.wifipineapple.com
user@relay$ ssh root@localhost -p 4255
## Logout of both pineapple and relay
root@pineapple# exit
user@relay$ exit
## Demonstrate technique two: Single SSH session
darren@dk10$ ssh root@relay.wifipineapple.com -p 4255

SSH and SOCKS5 Proxy Follow-up

MetalX1000 writes regarding SSHFS from the command line in Linux

OK, I love that you showed how to do it this way. But, for the Shannon's of the world who need a GUI, you can always just open Nautilus and in the location bar type ""sftp://user@server"" and then make a short cut to that in the left side bar of Nautilus.

Thanks for the tip MetalX1000. We demonstrated on the show one more technique. From Gnome2's "Places" menu click Connect to Server and select SSH.

Spectrakid writes regarding setting up an SSH Server on Linux and "apt-get install ssh"

I thought you needed the ""openssh-server"" package to set up a ssh server in Debian based systems........ssh is a metapackage that simply depends on openssh-server & openssh-client

There are about as many ways to skin a cat in Linux as there are dependency issues ;-)

wirerat1 writes regarding keeping connections alive

ClientAliveCountMax 0 does not do what he thinks it does.

True, it doesn't do what it claims to do.

From the MAN Page:

ClientAliveCountMax sets the number of client alive messages (see below) which may be sent without sshd receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If ClientAliveInterval (see below) is set to 15, and ClientAliveCountMax is left at the default, unresponsive ssh clients will be disconnected after approximately 45 seconds.

Meaning a ClientAliveCountMax 0 should continue sending Keep Alive messages over the SSH connection for every ClientAliveInterval forever, but in practice, it doesn't. I've started using 99999 as my value of choice, however I'm sure there's a better way.

Steven writes regarding Pageant and Putty

In Putty you don't need the pageant program to use the private key. Select your profile and hit load so that you can edit the profile. On the right go to SSH -> Auth. There you will find ""Private file for authentication"", hit browse and select your private key. Go back to Session. Select your profile and hit save. Next time you open a connection putty will automatically use the key. Note: The key will not be stored in memory so you'll need to enter the passphrase each time you connect to the server.

Download HD Download MP4

SSHFS on Linux

As Darren demonstrates in Linux the setup is quite simple. Begin by installing SSHFS. From ubuntu that's "sudo apt-get install sshfs". Once installed your user will need to be added to the fuse group, so issue "sudo gpasswd -a $USER fuse". The $USER is an environment variable which will be replaced with your username on execution. Issue "whoami" if you're not sure of your username.

Once SSHFS has been installed and your user added to the fuse group you're nearly ready to mount the remote file system. Begin by making a directory. This directly will act as the mount point for the remote file system. Issue "sudo mkdir ~/sshfs" to make an sshfs directory in your user's home.

Finally we're ready to mount the remote file system. If you've been following along thus far and have setup authentication key pairs for your SSH server the following should be pretty seamless. Issue "sshfs -o idmap=user username@host: ~/sshfs". Replace username and host as appropriate. The colon (:) after the host specifies the location on the remote server to mount. For example, if permissions allowed, /var/www/ could be mounted. Leaving the location as colon (:) defaults to the user's home directory. Now navigate to ~/sshfs on your local system and behold the remote file system!

SSHFS on Windows

As Shannon demonstrates, ExpanDrive offers SSHFS for Windows. In addition ExpanDrive will mount virtual drives from Amazon S3 and even FTP. The software is $40 with a 30-day trial. It supports SSH public keys directly or with pageant.

Youtube Description (No HTML):

Continuing with SOCKS5, SSH, Public Key Pairs and fingerprints, Darren and Shannon use SSH to create a secure remotely mounted network filesystem with implementations in both Windows and Linux.

Using the SSHFS utility we're able to mount a remote filesystem. Since we already have a secure tunnel to our server over SSH, which we've been thus far using as a SOCKS5 proxy, we're now able to store files securely online with the same mechanism. Using FUSE, or File System in User Space, we're able to achieve this without the need to load kernel modules -- a process which would require superuser privileges.

If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out http://www.revision3.com/haktip

Whether you're a beginner or a pro, http://www.revision3.com/haktip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more.

And let's not forget to mention that you can follow us on http://www.twitter.com/hak5 and http://www.facebook.com/technolust, http://revision3.com/hak5/follow to the show and get all your Hak5 goodies, including the infamous wifi-pineapple over at http://hakshop.com . If you have any questions or suggestions please feel free to contact us at feedback@hak5.org. ]]> http://Hak5.org/episodes/hak5-1111/feed 9 http://Hak5.org/episodes/hak5-1110 http://Hak5.org/episodes/hak5-1110#comments Thu, 26 Apr 2012 22:09:10 +0000 Darren Kitchen http://Hak5.org/?p=4760 ]]>

Continuing with Proxies, SOCKS5 and SSH, Darren and Shannon cover SSH Public Key Fingerprints, then build a free Windows SSH Server and configure Key Pairs for a Linux client.

Download HD Download MP4

SSH Public Key Fingerprints and known_hosts

Typical SSH Servers user 128-bit MD5 hashes as Public Key Fingerprints. These are used to verify the authenticity of a server. These key fingerprints are short sequences of bytes used to authenticate a much longer public key. Like we discussed last week regarding key pairs for user authentication, SSH servers have key pairs for server authentication.

On a Linux OpenSSH server for example these key pairs will be found in /etc/ssh/*key*. The public keys will be world readable while the private keys can only be read by a superuser.

On a Linux client for example the key fingerprints of remembered servers are stored in ~/.ssh/known_hosts. Since SSH version 4 the username and hostnames associated with these servers are hashed.

To remotely verify the key fingerprint of an SSH server

ssh-keyscan -t rsa,dsa REMOTEHOSTNAME > /tmp/ssh_host_rsa_dsa_key.pub
ssh-keygen -l -f /tmp/ssh_host_rsa_dsa_key.pub

Alternatively, on the remote server the key fingerprints can be found by:

cd /etc/ssh
ls *key*
cat ssh_host_key # this is the private key
# permission will be denied if not superuser
cat ssh_host_key.pub # this is the public key
ssh-keygen -lf ssh_host_rsa_key.pub
# field 1 = bit length of key
# field 2 = fingerprint of key
# field 3 = name of key

Setting up a Windows SSH Server with Bitvise (+ A few other software recommendations)

Setting up the SSH Server Windows Using BitVise WinSSHd

• Download BitVise

• Creating a server on laptop or pc at home...
• Auto config router (UPnP) - BAD!! No Universal Plug-n-Play
• Open Port to Any Computer
• Uncheck 'Allow Any Logon', Click add.
• Enter Username - Run 'whoami' from CMD to find out your username.
• Want to add account for a friend? Do a virtual account.

SSH Servers for Windows

FreeSSHd - http://www.freesshd.com/

• Nice but lacks advanced security controls. The server starts
  sessions with security in the context of the service itself, meaning
  since it needs to be run as administrator or system those are the
  privileges available to the users.

• Not open source so it can't be vetted, improved upon by the community
• Hasn't been updated since 2009
• Difficult to get working on Windows 7
• Free and easy to setup

Bitvise WinSSHD - http://www.bitvise.com/winsshd

• Free for non-commercial / personal use

• License costs $100, unlocks Active Directory feature for enterprises
• Easy to install and update, nice GUI
• Supports Active Directory, Kerberos or it's own user database
• Works fine in Windows 7
• Supports AES 128 and 256 bit encryption
• Not open source so it can't be vetted, improved upon by the community
• Can be configured to use Power Shell instead of CMD as the default
  shell for users

• Supports OpenSSH public key files
• Configure account and group permissions per IP and DNS
• Automation API, logging

OpenSSH for Windows - SSHWindows.sf.net

• Free, open source implementation of OpenSSH with Cygwin

• Hasn't been updated since 2004
• Enough said

Copssh - https://www.itefix.no/i2/copssh

• Package of portable OpenSSH for Cygwin

• GUI for administartion

KpyM SSH Server - http://www.kpym.com/2/kpym/index.htm

• Free, open source

• Uses Windows identification (Windows user accounts)
• Automated install and setup
• Nag screen. Single license is $35

Setting up Key Pair Authentication in Linux with OpenSSH

On the remote host:

mkdir .ssh
chmod 700 .ssh
cd .ssh

On the local host:

ssh-keygen -t rsa
scp ~/.ssh/id_rsa.pub user@host:.ssh/authorized_keys2

Back on the remote host:

ls -la authorized_keys2
chmod 600 authorized_keys2
exit

On the local host:

ssh user@host

Bonus: Transfer SSH public keys from one machine to another

Now that we've done it the long way, let's take a moment to appreciate a convenient shortcut -- ssh-copy-id.

ssh-keygen; ssh-copy-id user@host; ssh user@host

Download HD Download MP4

Before getting into public key crypto we should first take a moment to gather a basic understanding of the SSH-2 protocol layers. In a nutshell the three layers of SSH-2 are:

The first is the Transport Layer. This layer is responsible for handling key exchanges, the servers authenticity (server authentication), compression, encryption and re-keying (typically after 1 GB of traffic or 1 Hour have elapsed). We'll get into more detail on this next week when we focus on key fingerprints.

Second is the User Authentication Layer, which handles client authentication, or authentication of the user trying to log-in. This process is client driven, meaning that the connecting client chooses which method they would like to authenticate with. Accepted methods vary by server but typically these include:

• Password Authentication - we used this last week by interactively typing in our password at the prompt when logging in

• Public Key - this is the method we'll be using today and going forward
• Keyboard Interactive - a process that can be used for one-time-passwords.
• GSSAPI (Generic Security Services Application Programming Interface) - this is actually a library used by commercial vendors, usually to implement single-sign-on services in enterprises and integrating with existing security services such as NTLM or Kerberos.

Finally there is the Connection Layer. This layer defines the channels, or asymmetric communications supported by SSH, including:

• Shell Channel for Shells, SFTP, SCP
• Direct-TCP/IP Channel for Client-to-Server forwards
• Forwarded-TCP/IP Channel for Server-to-Client forwards

Understanding Public Key Cryptography

Authentication via Asymmetric Key Cryptography (aka Public Key Crypto) is the method for generating a key pair -- both public and private (aka secret) -- and publishing one or the other in order to initiate secure communication. In our example we'll be protecting our private key on the client while publishing the public key on the SSH server. With this setup anything encrypted with the public key can be decrypted with our own private key. The oversimplification of this is that the key pairs are linked mathmatically allowing for encryption with the public key and decryption with the private key. The idea is that it's impractical to figure out the private key based on only knowledge of the public key. This is the basis for SSL, PGP, GPG, Bitcoin and many other protocols.

SSH-2 supports at least two methods for Public Key authentication

• RSA Key Pairs, which are named after creators Rivest, Shamir and Adleman and published in 1978 is an algorithm based on the difficulty of factoring large integers. Again the oversimplification is that the public key is based on the product of two large primes (along with an aux value) and the private key is derived from prime factors used to create the public key.

• DSA Key Pairs, or Digital Signature Algorithm, have been a Federal Information Processing Standard since 1993. Originally pantented by former NSA employee David Kravitz this technology is now freely available for anyone to use worldwide.

Setting up a Linux OpenSSH Server
On a Debian based Linux machine setting up ssh can be as simple as issuing "sudo apt-get install ssh". In this segment Darren goes over some of the configuration lines you would find useful to modify in /etc/ssh/sshd_config.

AllowTcpForwarding yes
GatewayPorts       yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys
AllowUsers bob alice
PermitRootLogin no
Protocol 2
Port 222
LoginGraceTime 1m
ListenAddress
ClientAliveInterval 60
ClientAliveCountMax 0

Be sure to restart the SSH deamon after editing the configuration. stop ssh;start ssh;service ssh restart;/etc/init.d/ssh restart #one of these should do it! :)

SSH Key Authentication On Windows with Putty for a Linux Server

This'll create key pair- an authorization to log on to server for authentication. Begin by downloading the Putty KeyGen tool. Click Generate and move mouse to generate key pair, and save both. Now open the server via Putty.

On the server go ahead and create a user if you haven't already done so. Typically this is achieved using the "adduser username" then "passwd username" commands.

Now, while logged in as your user, make a directory called .ssh in the your home. For example "mkdir ~/.ssh"

You'll want to change the mode to 700 so that only you have access to it. In the world of Unix there are 3 levels of permissions for files and directories. The Owner, Groups and World (everyone). The first 10 characters are the file's attributes. The first character represents what type of file it is. If it's a dash (-) it's a regular file. A (d) represents a directory, and there are a few others for special stuff like symbolic links. The next 9 characters specify the Read (r), Write (w) and Execute (x) permissions for the file's Owner, Groups and World (everyone). Change the mode of the directory with "chmod 700 .ssh/" The "chmod" command stands for Change Mode and allows you to easily modify a file or directory's permissions. Chmod will accept an octal representation of the modes. We're not going to get into them all but in this case 700 changes the file to be Readable, Writeable and Executable by the file's Owner, and nothing else for any Groups and the World.

Next change to the newly created directory with "cd .ssh" and create a file called authorized_keys2 with the public key on one line saved in file. Add ""ssh-rsa "" to the beginning.

Finally you'll want to again change the mode of the file so that only you can read and write to it. In this case the command would be "chmod 600 authorized_key2".

Now back on the Windows machine ppen pageant.exe and select 'add key'. Add the private key created in the initial setup. Pageant works as a passphrase keeper. With Pageant in memory and your private key loaded go ahead and test your connection. Just as before login with putty being sure to include "username@" before the hostname in the connection dialog.

You should now login without a password needed! Hooray! ]]> http://Hak5.org/episodes/hak5-1109/feed 8 http://Hak5.org/episodes/hak5-1108 http://Hak5.org/episodes/hak5-1108#comments Wed, 11 Apr 2012 20:07:11 +0000 Jason http://Hak5.org/?p=4717 ]]>

This time on Hak5: We begin a special series on proxies. Caching, filtering, security or anonymity -- whatever your reasons may be Darren and I are exploring the in's and out's of this great technology from the ground up. All that and more, this time on Hak5!

Download HD Download MP4

Basically a proxy is a technology that enables one to bounce their Internet traffic off, or tunnel Internet traffic through, a third party server. Typically this is a linux box running a daemon, but there are plenty of types of proxies, as well as reasons to use 'em. So why do we have proxies? Well, this won't cover everything, but here's a few examples:

Why would you want to proxy?

Security - keep your web traffic encrypted
For me it's all about security. Most proxies employ encryption, encapsulating each packet into a private tunnel so that would be eavesdroppers can't peer in on your surfing. I don't care if it's open wifi at the airport or a wired hotel LAN -- if it isn't my network I don't trust it.

Filtering

I hate it when network operators do this, and I'm sure you've encountered it. It turns out there's porn on the Internet. That, um, isn't what I've encountered -- I'm talking about when sysops use Proxies to filter content. Whether it's a DNS blacklist or content keywords, proxies can be used to shut down browsing to sites the operator deems inapproporiate. Whether that's porn or blogs criticizing a draconian government.

Bypassing Censorship

Likewise proxies are a great weapon against censorship. During the 2011 Egyptian Revolution, and following the January 25th protest, access to Twitter and Facebook from within the country were blocked.

Caching

Speed up web browsing with a caching proxy like Squid which is implemented in a lot of the more advanced open source routers we like, including Smoothwall and Untangle. The idea being that it holds copies of a web page or other resource in its cache, so if Darren visits Zombo.com in the morning then I go there in the afternoon I grab a local copy, thus saving bandwidth and speeding up the network.

Eavesdropping

Like a WiFi Honeypot or a Man-in-the-middle attack, a proxy can facilitate eavesdropping by routing traffic from a client, or victim in this case, through an eavesdropper's server. This enables the kind of packet sniffing mischeif you might imagine -- password snooping, URL snarfing, stealing of cookies and session hijacking, even altering content in transit. You know, the same kind of stuff your ISP could do - but doesn't... Or do they? Nah.... But SRSLY.

Private Networks

Traveling abroad and need access to resources on your office network? There's a proxy for that. Basically bridging two or more networks a proxy can enable access to stuff like printers, internal web servers, even private peer to peer networks or Darknets. Who doesn't like a little privacy with their file sharing?

Anonymity

Network Proxies can provide some level of anonymity by making it difficult to trace internet activity. The most notable examples include The Onion Router and I2P or the Invisible Internet Project. We're working up a special episode on these, but suffice it to say if you're a fan of freedom and privacy these are for you. Just, be aware that they aren't fool proof. In design these networks don't account for a global passive adversary, you know - like the NSA.

There are more proxy types and implementations than you can shake a stick at, but we’ll cover a few of the more popular ones and get into the practice soon.

Types of Proxies

Forwarding Proxies: Typically speaking a forwarding proxy is a private service setup for one or more users that forwards or relays Internet traffic. An example would be a SOCKS proxy setup on a Virtual Private Server that you maintain and only you have access to. Use of this proxy requires authentication and once connected some or all of your Internet traffic is routed through this host.

Open Proxies: which is similar to a forwarding proxy, except that authentication isn’t required. These open proxies or anonymous proxies are generally available to anyone on the Internet. Most HTTP or web based proxies don’t require a whole lot of skill or network configuration to use. For example visiting the open proxy darkbrowsing.com allows a user to pull up pages like twitter and facebook without actually going to those domains. As far as a network operator is concerned the user is only visiting the proxy, and the subsequent web pages are requested on the proxies behalf.

Reverse Proxies: one that facilitates connections between two networks, often making it possible to access an internal resources which is otherwise inaccessible from the Internet. A good example of this would be a WiFi Pineapple in the wild connecting back to my VPS in the cloud allowing me to proxy through the VPS and into my pineapple. We’ll get into this in practice soon.

The nice thing about your reverse proxy setup is that it’s able to overcome NAT.

NAT, or Network Address Translation, is a gateway (typically your home router) which assigns private IP addresses to each connected client, then allows all of those clients to access the Internet through a single public IP address. Since each machine on a NAT’ed network doesn’t actually have it’s own public IP address it makes it more difficult to run a server, like SSH. Typically port forwarding is necessary to allow incoming connections to get routed to the right machine inside the network. But outgoing traffic doesn’t have this limitation. Thus the reverse proxy is able to establish its connection without any special network configuration, a lovely technique we know as "NAT Traversal".

SOCKS Proxy: Our favorite implementation

SOCKS stands for SOCKet Secure and it’s an Internet protocol that allows you to route your network traffic through a proxy server.

• Originally developed by David Koblas, a sysadmin at MIPS in ‘92
• Later extended to version 4 by Ying-Da Lee at NEC
• And finally version 5 was approved by the Internet Engineering Task Force in ‘96
• Can be used with Secure SHell - a network protocol for secure communication to remote shells
• Operates at a lower level than HTTP proxying
• Able to be used for any TCP or UDP connection
• Two mainstream types of SOCKS proxies, SOCKS4 and 5
• SOCKS5 allows for use of IPv6, UDP and DNS lookups so it is preferred

Basic Client Setup in Linux

ssh -D 8080 user@host

The -D option, from the man pages

-D [bind_address:]port

Specifies a local dynamic application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine

.

Keep in mind this option requires superuser privileges so you may need to use sudo or similar root execution utility.

Warning: The basic client setup illustrated here uses password based authentication, which goes against security best practices. The next episode in this series will address this setup. Use of password based authentication is not advised.

Basic Client Setup in Windows

Begin by downloading putty, the gold standard in SSH on Windows.

Open putty, enter your host information, then expand SSH > Tunnels. Enter a port between 1025 and 65535, check Dynamic and enter localhost or 127.0.0.1 as the IP address. Click Add, then Open. An SSH session will open, typically prompting for username and password. Note: We will expand on this shortly with key based authentication.

If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you're a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let's not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Youtube Description (No HTML):

This time on Hak5: We begin a special series on proxies. Caching, filtering, security or anonymity -- whatever your reasons may be Darren and I are exploring the in's and out's of this great technology from the ground up. All that and more, this time on Hak5!

If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out http://www.revision3.com/haktip

Whether you're a beginner or a pro, http://www.revision3.com/haktip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let's not forget to mention that you can follow us on http://www.twitter.com/hak5 and http://www.facebook.com/technolust, http://revision3.com/hak5/subscribe to the show and get all your Hak5 goodies, including the infamous http://hakshop.com/collections/frontpage/products/wifi-pineapple over at http://hakshop.com . If you have any questions or suggestions please feel free to contact us at feedback@hak5.org. ]]> http://Hak5.org/episodes/hak5-1108/feed 21 http://Hak5.org/episodes/hak5-1014 http://Hak5.org/episodes/hak5-1014#comments Wed, 23 Nov 2011 20:16:17 +0000 Jason http://Hak5.org/?p=4302 ]]>

This time on the show, Python + Privoxy = no more banner ads the your router level! Eighty of Dual Core reports. Plus, a cloud syncing NAS without the hassles of building and maintaining a BSD box or messing with Rsync to EC2! Not that you couldn’t, just, this one’s dead simple.

Download HD Download MP4

Int0x80′s Privoxy Segment

• int0x80 on Github
• Privoxy
• DualCoreMusic.com
• @dualcoremusic

Pogoplug Mobile Review

“There has been a huge move from local data collection to storing stuff in a cloud or network share. The Pogoplug Mobile was recently released and has the power of both. It’s a perfect little tool for people who want to be able to access files from anywhere and upload files on the go- hence the name. To get this guy started, you just plug him into your router and stick some sort of external drive into it whether it be SD card, an external hard drive, or a flashdrive, and you just leave him there sitting on your computer desk.
After that, (and after you’ve activated your Pogoplug Mobile and created a new account) you can access and store files on the ‘black box’ from your phone, tablet, or PC.

The Pogoplug guys have even created really streamlined apps for your iPhone, iPad, and Android device. These apps are mostly just for streaming files, so there aren’t a lot of advanced capabilities like on your PC.
Now, back to the Pogoplug Mobile. The device is about $80, and has USB 2.0 and an SD card slot so you have infinite storage expansion. Since it is 2.0, the fastest files can be transferred is at 30MB/s, and it has a Gigabit ethernet connection.

From your computer – go to my.pogoplug.com and login to see files that have been uploaded to the pogoplug cloud or to pogoplug mobile device (my SD card is 16gigs). With your device activation, you also get 5 free gigs of cloud storage.
The online interface is really easy to use and understand, with files sorted by type at the top or device on the side.

When you first start it up, it’ll take a while to sync all of your files from the device to your PC, and we do have a very fast connection here at the studio. I did find that my phone seemed to sync the files a lot faster than when I checked the myPogoPlug page on my PC. I also discovered after messing around with it, that if you play an mp3 from the phone or the PC browser interface, it’ll continue to play in the background while you do other things, including browsing other files on PogoPlug.

From the app on your mobile device, you can automatically upload photos and videos, but for iPhone users you have to turn on location services for this.
Overall, I found that the Pogoplug is not only really easy to setup and use, but also perfect for anyone who is on the go all the time and wants access to their files ASAP (with maybe a little time for buffering).

I did want to mention that apparently there are some hacks for the PogoPlug Mobile, specifically this model (pogo-v4-a1-01) like getting Archlinux on it and possibly Ubuntu. If you know about these, or just want to give your take on the Pogoplug Mobile, you can email me at feedback@hak5.org or leave a comment below.”

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

What’s more wicked than a screen session? Two screen sessions! As we’ve talked about recently the unix command Screen is a great way to maintain bash sessions from multiple SSH clients without losing your work.

My favorite shortcut after invoking the “screen” command is CTRL+a followed by “S”, which splits the screen horizontally in two. Use CTRL+a then Tab to switch between the views. Debian users get the added sexyness of vertical split by hitting CTRL+a then Pipe.

What little gems are rocking your world? Hit us up, we’ll share ‘em with the world. tips@hak5.org

Season 9 Premieres with the return of Shannon “Snubs” Morse and Paul “the camera guy” Tobias. We kick around the hacker headlines, get the low-down on Nexpose from Rapid7 at RSA, automate file mangement in windows, multiplex some screen sessions, capture packets from the command line and a lot more.

Download HD Download MP4 Download WMV

Hacker Headlines

Kinect hackers rejoice! Microsoft confirms that a Kinect SDK is coming for PC and Mac this spring, allowing developers to deal with the motion and voice sensor at a higher level than the informal Kinect hacks. The SDK will be free for personal use with a commercial version expected to follow.

Sony is threatening to permanently disconnect jail broken PlayStation 3 consoles from the PlayStation Network. Jeff Rubenstein, Sony’s Social-Media Manager wrote in his blog “To avoid this, customers must immediately cease use and remove all circumvention devices and delete all unauthorized or pirated software from their PlayStation 3 systems”

Donations have closed for the legal defense fund of George Hotz, notable iPhone jailbreaker and PS3 hacker. Sony has tied the hacker up in San Francisco federal since January court facing unspecified damages on DMCA violations. Hotz writes on his blog “I have enough to cover my legal fees for the time being.” and “For now, the best you can do is spread the word”

The latest VirtualBox 4.0.4 update adds support for Ubuntu 11.04 alpha guests. The Ubuntu Alpha, code named Natty Narwhal, introduces Unity as the default desktop session. Gnome can still be accessed as a “Ubuntu Classic Session”

Urban SQL Injection — full of win.

Crack the Code Challenge

Do you have what it takes to compete in the Crack The Code Challenge? Test your skills in our private lab network and bid for the title supreme leet hax0r. Winners will be featured on future episodes of Hak5!

Our next event will be this Sunday, February 27th at 3pm Pacific. Visit Hak5.org/challenge for all of the details. We’ll be live streaming at hak5.org/live throughout the day. We’d like to thank Citrix and GoToAssist Express for sponsoring the Crack the Code Challenge.

Rapid7′s Nexpose at RSA 2011

Darren meets with Chris Kirsch of Rapid7 to find out what’s new in Nexpose

Trivia!

Our last question was “In the Millennium Trilogy, what is the name of the hacker community?” and the answer is: “Hacker Republic”

Our new question is: “From March 5, 1975 to December 1986, this club of computer hoppyists would meet in the Silicon Valley Area.”

Participate at hak5.org/trivia

Hak5 finally goes HTTPS

Thanks to Domain.com our very own Hak5.org is finally sporting a shiny new SSL certificate. Darren recaps some of the nifty things you can do with one and recommends thawte SSL 123. Thanks Domain.com for hosting Hak5.org and sponsoring for over a year!

Automating Windows File Managment

Belvedere

What it does:
Automating file management and scripting on Windows: Belvedere.

Belvedere lets you organize any folders on your harddrive. You can create rules to move, copy, delete, rename, or open files based on name, extension, size, creation, date, and even more. So basically it’s a self-cleaner tool for Windows Only. There’s also a Mac cleaner called Hazel that you might want to check out if you are an Apple user.

It was created by Adam Pash back in ’08, and you can check out the source of this tool over at GitHub.

It’s a .exe so just install it from the download link. You can make Belvedere startup when Windows starts, but you’ll have to add it manually.

How you use it:
Belvedere is really easy to use, it’s just simple point and clicks. You create a folder, then name your rule from one of the choices, and build conditions with the drop down menus.

Belvedere gives me the ability to multitask and not worry so much about how clean my PC is.

Do you have another tool that works like Belve? Let me know at feedback@hak5.org.

HakTip: Multiplexing Screen Sessions

What’s more wicked than a screen session? Two screen sessions! As we’ve talked about recently the unix command Screen is a great way to maintain bash sessions from multiple SSH clients without losing your work. My favorite shortcut after invoking the “screen” command is CTRL+a followed by “S”, which splits the screen horizontally in two. Use CTRL+a then Tab to switch between the views. Debian users get the added sexyness of vertical split by hitting CTRL+a then Pipe.

What little gems are rocking your world? Hit us up, we’ll share ‘em with the world. tips@hak5.org

Email: Command Line Packet Sniffers

Hey, I’m in dire need of a command line linux packet sniffer. My servers are 3 hours away, and none have X11 installed. I used to use sniffit a long time ago, but it looks like they’ve added a GUI to it. Just wondering if you had any ideas off the top of your head.

Darren recommends TCPDUMP and NGREP

Have others to share? feedback@hak5.org

Sketching with the Harmony Project

Sparkleface writes in to share the Harmony Project — a nifty sketching program in HTML5. Check out the source code and more info

Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

While sharing a heartwarming story about how a little plastic minifig, Darren shows of how to use the screen command especially during SSH sessions.

The Linux screen command while available for most *nix platforms, screen is an invaluable resource for anyone managing multiple SSH sessions. In this segment Darren illustrates the screen command with a story of bits and bricks.

This time on the show Darren shares a heartwarming story about how a little plastic minifig saved the day using the Linux screen command. Shannon demos her favorite webcam software’s motion detection features, and Jason introduces interface design using the QT SDK.

Download HD Download MP4 Download XviD Download WMV

The Linux screen command

Available for most *nix platforms, screen is an invaluable resource for anyone managing multiple SSH sessions. In this segment Darren illustrates the screen command with a story of bits and bricks.

Motion Detecting Webcam Software
Shannon demos her favorite webcam software for Windows, yawcam.

Yawcam is written my Magnus Lundvall and means, quite literally, Yet Another WebCAM software. It’s free, but you can make a donation if you so choose to. Availability is for Windows only. Yawcam stands out to me because of the built in extras.

Features: