Hak5 - Technolust since 2005 » SSH

Hak5 1014 – Ad Block and SSH Tunnel with Privoxy, Pogoplug Mobile, Process Forking and Grub2

Jason — Wed, 23 Nov 2011 20:16:17 +0000

This time on the show, Python + Privoxy = no more banner ads the your router level! Eighty of Dual Core reports. Plus, a cloud syncing NAS without the hassles of building and maintaining a BSD box or messing with Rsync to EC2! Not that you couldn’t, just, this one’s dead simple.

Download HD Download MP4

Int0x80′s Privoxy Segment

Pogoplug Mobile Review

“There has been a huge move from local data collection to storing stuff in a cloud or network share. The Pogoplug Mobile was recently released and has the power of both. It’s a perfect little tool for people who want to be able to access files from anywhere and upload files on the go- hence the name. To get this guy started, you just plug him into your router and stick some sort of external drive into it whether it be SD card, an external hard drive, or a flashdrive, and you just leave him there sitting on your computer desk.
After that, (and after you’ve activated your Pogoplug Mobile and created a new account) you can access and store files on the ‘black box’ from your phone, tablet, or PC.

The Pogoplug guys have even created really streamlined apps for your iPhone, iPad, and Android device. These apps are mostly just for streaming files, so there aren’t a lot of advanced capabilities like on your PC.
Now, back to the Pogoplug Mobile. The device is about $80, and has USB 2.0 and an SD card slot so you have infinite storage expansion. Since it is 2.0, the fastest files can be transferred is at 30MB/s, and it has a Gigabit ethernet connection.

From your computer – go to my.pogoplug.com and login to see files that have been uploaded to the pogoplug cloud or to pogoplug mobile device (my SD card is 16gigs). With your device activation, you also get 5 free gigs of cloud storage.
The online interface is really easy to use and understand, with files sorted by type at the top or device on the side.

When you first start it up, it’ll take a while to sync all of your files from the device to your PC, and we do have a very fast connection here at the studio. I did find that my phone seemed to sync the files a lot faster than when I checked the myPogoPlug page on my PC. I also discovered after messing around with it, that if you play an mp3 from the phone or the PC browser interface, it’ll continue to play in the background while you do other things, including browsing other files on PogoPlug.

From the app on your mobile device, you can automatically upload photos and videos, but for iPhone users you have to turn on location services for this.
Overall, I found that the Pogoplug is not only really easy to setup and use, but also perfect for anyone who is on the go all the time and wants access to their files ASAP (with maybe a little time for buffering).

I did want to mention that apparently there are some hacks for the PogoPlug Mobile, specifically this model (pogo-v4-a1-01) like getting Archlinux on it and possibly Ubuntu. If you know about these, or just want to give your take on the Pogoplug Mobile, you can email me at feedback@hak5.org or leave a comment below.”

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

HakTip – Multiple Screen Sessions

paul — Mon, 28 Feb 2011 20:41:48 +0000

My favorite shortcut after invoking the “screen” command is CTRL+a followed by “S”, which splits the screen horizontally in two. Use CTRL+a then Tab to switch between the views. Debian users get the added sexyness of vertical split by hitting CTRL+a then Pipe.

What little gems are rocking your world? Hit us up, we’ll share ‘em with the world. tips@hak5.org

Hak5 901 – Multiplexing screens, Nexpose at RSA, Packet Sniffers and File Automation

Darren Kitchen — Fri, 25 Feb 2011 01:18:51 +0000

Season 9 Premieres with the return of Shannon “Snubs” Morse and Paul “the camera guy” Tobias. We kick around the hacker headlines, get the low-down on Nexpose from Rapid7 at RSA, automate file mangement in windows, multiplex some screen sessions, capture packets from the command line and a lot more.

Download HD Download MP4 Download WMV

Hacker Headlines

Kinect hackers rejoice! Microsoft confirms that a Kinect SDK is coming for PC and Mac this spring, allowing developers to deal with the motion and voice sensor at a higher level than the informal Kinect hacks. The SDK will be free for personal use with a commercial version expected to follow.

Sony is threatening to permanently disconnect jail broken PlayStation 3 consoles from the PlayStation Network. Jeff Rubenstein, Sony’s Social-Media Manager wrote in his blog “To avoid this, customers must immediately cease use and remove all circumvention devices and delete all unauthorized or pirated software from their PlayStation 3 systems”

Donations have closed for the legal defense fund of George Hotz, notable iPhone jailbreaker and PS3 hacker. Sony has tied the hacker up in San Francisco federal since January court facing unspecified damages on DMCA violations. Hotz writes on his blog “I have enough to cover my legal fees for the time being.” and “For now, the best you can do is spread the word”

The latest VirtualBox 4.0.4 update adds support for Ubuntu 11.04 alpha guests. The Ubuntu Alpha, code named Natty Narwhal, introduces Unity as the default desktop session. Gnome can still be accessed as a “Ubuntu Classic Session”

Urban SQL Injection — full of win.

Crack the Code Challenge

Do you have what it takes to compete in the Crack The Code Challenge? Test your skills in our private lab network and bid for the title supreme leet hax0r. Winners will be featured on future episodes of Hak5!

Our next event will be this Sunday, February 27th at 3pm Pacific. Visit Hak5.org/challenge for all of the details. We’ll be live streaming at hak5.org/live throughout the day. We’d like to thank Citrix and GoToAssist Express for sponsoring the Crack the Code Challenge.

Rapid7′s Nexpose at RSA 2011

Darren meets with Chris Kirsch of Rapid7 to find out what’s new in Nexpose

Trivia!

Our last question was “In the Millennium Trilogy, what is the name of the hacker community?” and the answer is: “Hacker Republic”

Our new question is: “From March 5, 1975 to December 1986, this club of computer hoppyists would meet in the Silicon Valley Area.”

Participate at hak5.org/trivia

Hak5 finally goes HTTPS

Thanks to Domain.com our very own Hak5.org is finally sporting a shiny new SSL certificate. Darren recaps some of the nifty things you can do with one and recommends thawte SSL 123. Thanks Domain.com for hosting Hak5.org and sponsoring for over a year!

Automating Windows File Managment

Belvedere

What it does:
Automating file management and scripting on Windows: Belvedere.

Belvedere lets you organize any folders on your harddrive. You can create rules to move, copy, delete, rename, or open files based on name, extension, size, creation, date, and even more. So basically it’s a self-cleaner tool for Windows Only. There’s also a Mac cleaner called Hazel that you might want to check out if you are an Apple user.

It was created by Adam Pash back in ’08, and you can check out the source of this tool over at GitHub.

It’s a .exe so just install it from the download link. You can make Belvedere startup when Windows starts, but you’ll have to add it manually.

How you use it:
Belvedere is really easy to use, it’s just simple point and clicks. You create a folder, then name your rule from one of the choices, and build conditions with the drop down menus.

Belvedere gives me the ability to multitask and not worry so much about how clean my PC is.

Do you have another tool that works like Belve? Let me know at feedback@hak5.org.

HakTip: Multiplexing Screen Sessions

What’s more wicked than a screen session? Two screen sessions! As we’ve talked about recently the unix command Screen is a great way to maintain bash sessions from multiple SSH clients without losing your work. My favorite shortcut after invoking the “screen” command is CTRL+a followed by “S”, which splits the screen horizontally in two. Use CTRL+a then Tab to switch between the views. Debian users get the added sexyness of vertical split by hitting CTRL+a then Pipe.

What little gems are rocking your world? Hit us up, we’ll share ‘em with the world. tips@hak5.org

Email: Command Line Packet Sniffers

Hey, I’m in dire need of a command line linux packet sniffer. My servers are 3 hours away, and none have X11 installed. I used to use sniffit a long time ago, but it looks like they’ve added a GUI to it. Just wondering if you had any ideas off the top of your head.

Darren recommends TCPDUMP and NGREP

Have others to share? feedback@hak5.org

Sketching with the Harmony Project

Sparkleface writes in to share the Harmony Project — a nifty sketching program in HTML5. Check out the source code and more info

Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

Using Screen in Linux, it helps.

paul — Thu, 23 Dec 2010 05:42:40 +0000

While sharing a heartwarming story about how a little plastic minifig, Darren shows of how to use the screen command especially during SSH sessions.

The Linux screen command while available for most *nix platforms, screen is an invaluable resource for anyone managing multiple SSH sessions. In this segment Darren illustrates the screen command with a story of bits and bricks.

Episode 818 – Using Screen in Linux, Motion Detection Webcam Software, and QT Interface Design

Jason — Wed, 22 Dec 2010 22:30:12 +0000

This time on the show Darren shares a heartwarming story about how a little plastic minifig saved the day using the Linux screen command. Shannon demos her favorite webcam software’s motion detection features, and Jason introduces interface design using the QT SDK.

Download HD Download MP4 Download XviD Download WMV

The Linux screen command

Available for most *nix platforms, screen is an invaluable resource for anyone managing multiple SSH sessions. In this segment Darren illustrates the screen command with a story of bits and bricks.

Motion Detecting Webcam Software
Shannon demos her favorite webcam software for Windows, yawcam.

Yawcam is written my Magnus Lundvall and means, quite literally, Yet Another WebCAM software. It’s free, but you can make a donation if you so choose to. Availability is for Windows only. Yawcam stands out to me because of the built in extras.

Features:

Video streaming

Image snapshots

Built-in webserver

Motion detection

Ftp-upload

Text and image overlays

Password protection

Online announcements for communities

Scheduler for online time

Multi languages

Download the software at yawcam.com. In the main window you can enable or disable things that are visible to others. ‘File’ saves image files on local computer. ‘Ftp’ uploads to an ftp server. ‘Http’ can start a stream of webcam images. ‘Stream’ starts to stream video images, and ‘motion’ runs motion detection.

Under File menu, you can find all the same stuff. Images to Movie can convert images into a movie, so you can choose this to upload images into a video file that you can play in quicktime. Under View menu, you can view different tabs, etc. Stealth mode hides the windows and tray icons. In the settings menu choose your webcam or detect it. Go to settings to change language, camera, connections, etc. Connection detects your public ip and lets you know if you are set up to connect online. File Output takes a photo and saves to a local computer at given intervals. Ftp output uploads images to an ftp server at certain intervals. Http output lets you view images on a dedicated webpage. Stream lets you stream video online. Page Designer lets you edit what the page looks like. You can also edit the HTML template files if you want more functionality. In motion detection you can save images to a path, or an ftp server, and under email settings you can email an image to a selected email.

Interface Design with the QT SDK
Jason Appelbaum joins us to demonstrate interface design using Nokia’s QT SDK.

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up feedback@hak5.org.

Episode 807 – Run Linux apps in any OS – X11 over SSH, Multi-Cam editing and more

Darren Kitchen — Thu, 30 Sep 2010 01:19:58 +0000

Securely forwarding X11 over SSH so you can use Linux GUI tools in anywhere — even on Windows. Multi cam editing, SMS rescue texts, Android Terminals and clark kent glasses. All that and more this time on Hak5!

Download HD Download MP4 Download XviD Download WMV

X11 over SSH part 1: Linux to Linux

While SSH is great for getting a bash terminal on a remote Linux box, a few paramaters and an X11 server can take it to the next level by running X Window graphical applications over your secure tunnel.

In this segment Darren demos launching GUI apps from one Linux box to another using ssh -X

Trivia

Last Week: What software is used to hack into ENCOM’s computer system?

Answer: CLU

This Week:

“Gatekeeper” is the computer security software in what cliche hacker movie?

X11 over SSH part 2: Windows to Linux

As explained in Part 1, all you need do open GUI apps over SSH is an SSH client and an X11 server. If you’re on Windows this can be achieved with Xming and Putty. Darren demos using an XP VM.

Round Table: Premiere CS5 Multi-cam and Rescu.me

Darren and Shannon catch up this week with a little show and tell. Darren’s excited about multi-cam editing in Premiere while Shannon has been playing with rescu.me — a web service perfect for getting out of annoying conversations or even bad dates!

We answer Rodrigo’s question about Gunnar optics, and Kevin’s about SSH on Android. Darren recommends “Better Terminal Emulator” which can be found in the Android marketplace. Also, StoraH from Sweeden writes in to share his Firefox Boxee addon. Check it out!

Keep up with the latest on Hak5 by follow us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic for ask a question feel free to hit up feedback@hak5.org.

X11 over SSH part 2

paul — Thu, 30 Sep 2010 01:23:18 +0000

In this segment Darren continues to show how to securely forwarding X11 over SSH so you can use Linux GUI tools in anywhere — even on Windows.

As explained in Part 1, all you need do open GUI apps over SSH is an SSH client and an X11 server. If you’re on Windows this can be achieved with Xming and Putty. Darren demos using an XP VM.

X11 over SSH part 1

paul — Thu, 30 Sep 2010 01:01:24 +0000

In this segment Darren shows how to securely forwarding X11 over SSH so you can use Linux GUI tools in anywhere — even on Windows.

In this segment Darren demos launching GUI apps from one Linux box to another using ssh -X.

Episode 704 – Malware Analyzis Sandbox and PC Remote Control over Twitter

Darren Kitchen — Wed, 10 Mar 2010 23:05:06 +0000

Following up with last week’s desktop sandboxing challenge Darren’s taking a look at another kind of sandbox — one for malware analysis. Shannon thinks your VNC and SSH servers are pretty spiffy, but how about controlling your computer over twitter? Free text messaging to your PC anyone?

Download HD Download MP4 Download XviD Download WMV

Malware Analysis Sandbox

CWSandbox is an automated malware analysis sandbox. It works by running suspected malware samples in a simulated Windows OS. So as opposed to trying to break into the malware code to see what it does, we simply run it in a live environment. That way we can monitor all the network traffic that the malware generates. All of the processes that are created, the DLLs that are loaded, any changes to the Windows registry and even what it’s doing to the file system.

This is achieved by using a technique called API hooking. That basically means that when the malware calls the Windows application programmers’ interface to say something like “connect to this IP address” or “modify this file” it’s actually going to CWSandbox’s monitoring software, which logs the action and goes ahead and makes the change.

It’s kind of like an operating system man-in-the-middle. For malware.
So once a suspected malware sample is run through the tool you get a computer generated report of what the executable is actually doing. And this can be fed into anti-virus and intrusion detection systems to monitor for similar behavior.

PC Remote Control over Twitter

While there is no denying the power of running your own SSH, VNC server at home for remote access, wouldn’t it be nice if you could simply text message your computer something simple like “Hey, what’s your external IP address” or “Send me a screenshot” or “Go download this file”

And if Robin Wood has taught us anything with KreiosC2 – commanding your computer, or even a large botnet for that matter, over social networks is quite possible.

But now it’s time for something a lot more user friendly. This week Snubs investigates TweetMyPC

Episode 621 – MiTM Javascript Keylogger, Social Engineering Toolkit and more

Jason — Tue, 05 Jan 2010 15:24:41 +0000

This week Darren is joined by Rob Ruller, aka Mubix for a little fun with Man-in-the-middle javascript keylogger using the Middler, and pwning with the Social Engineering Toolkit. Plus using Spotify in the US without a proxy, Mac Address spoofing in Linux or Windows, Virtual Appliances for VirtualBox, and much more! Take an hour lunch and prepare to feed your technolust!

Download HD Download MP4 Download XviD Download WMV

Cross Platform Encryption

Mahmoud, as well as many others, wrote in to ask about the cross-platform compatability of the encryption set setup on Hak5 episode 620 using cryptsetup.

The short answer is, no, it’s just for Linux. If you’re looking for something both open source and cross platform look no further than Truecrypt

Spotify in the United States without a proxy

Following up on last week’s question about IP spoofing so users in the US can try out Spotify, we’ve got just the trick without a proxy. Ok, well sorta. If you happen to have a beta invite and a friend, perhapse on IRC, in an allowed country it’s just a matter of having them sign up for you. The only limitation is that you’ll need to have your account signed into from your “home country” every 14 days. On the other hand if you decide to spring for the €9,99/mo premium account you, supposedly, don’t have such limitations. Thanks to Jouni in Finland for hooking me up. I’ll be sad when its game over in two weeks. Or will it?

Virtual Appliances for VirtualBox

If you’re a fan of VirtualBox then you’ll love VirtualBoxImages.com. They’ve got pre-packaged VirtualBox VDI’s ready for your enjoyment.

Javascript Keylogger via Man-in-the-Middle Attack

When it comes to man-in-the-middle attacks just about anything is possible. In this segment Darren explores InGuardians tool the Middler. Using a plugin architecture for manipulating (among others) http traffic, we attempt to get the infamous javascript onKeyPress keylogger going. Without much success in that department Darren goes on to demonstrate iframe injection and ponders ways to make the borked plugin behave.

Social Engineering Toolkit

Hacking isn’t just about remote code execution. Well, I mean, that’s fun and all but rather than exploiting the server, how about exploiting the Human OS. In this segment Mubix demonstrates David Kennedy (aka Rel1k)’s tool, The Social Engineering Toolkit. Despite some challenges with clients that werent setup with Java, Mubix successfully demonstrates meterpreter in conjunction with a cloned site.

Mac Address Spoofing

@Bluesmanchukk writes in to ask about Mac Address Spoofing. Darren and Rob discuss their favorite tools for the job: ifconfig (Linux), GNU MAC Changer (Linux), MadMACs (Windows), Mac Randomizer (Linux).

Multi-Player Notepad

Stoned33 wrote in to ask for our picks for simple online collaboration. Aside from the obvious Google Wave, Rob recommends the recently Google-Acquired yet still operating Etherpad. This real-time document editor is like multi-player notepad on crack. Give it a shot.

SSH Tunneling cross-platform with Python and PHP

Darren Kitchen — Mon, 14 Dec 2009 07:04:31 +0000

Another great bit of feedback from the SSH Tunneling segment in episode 614 was from Jan-Marteen in The Netherlands. His Hak5 inspired cross-platform Python and PHP scripts, available from his blog johmanx.com allow you to easily configure and save SSH tunneling options. Awesome code Jan-Marteen, thanks for sending it in!