Hak5 - Technolust since 2005 » vpn

Hak5 1012 – Virtual Acces Point Gui’s, Google Doc tools, and EXT partition file Recovery

Jason — Thu, 10 Nov 2011 18:00:13 +0000

This time on the show, GUIs for Virtual Access Points, we round up the
best Google Docs tools, recovering files from EXT partitions and VPN
routes. All that and more this time on Hak5.

Download HD Download MP4

Google Doc Addons

Google Docs has been around for a while now and it’s been my doc
sharing tool of choice. It’s pretty easy to get around Google Docs-
everything from sharing to editing- but there are some handy addons to
give you extra abilities.

First is Google Docs Notifier. This is a simple windows add-on that
notifies you of any unread edits to existing docs in Google Docs. You
download the program, log-in (and I should mention, if you use two
factor auth like I do, you’ll need to add this program to your app
specific passwords in the security settings in your Google account),
and it’ll show you all the Documents that have been updated since you
last logged into the program. It’ll be minimized to your taskbar, and
will show you a little popup bubble if anything is updated while the
program is open. Also, if you hover over the icon, it’ll give you a
bubble saying “”— Unread Documents”". Just double click on a
document to open it in the browser.

The next one is a tool called Nocs – basically a notepad for Google
Docs. From Nocs, you can open up any docs that are on your Google Docs
account, edit them, and save them. You can also create new files and
save them to your Google Docs as well or load documents from your PC.
Then, next time you open your docs on your browser, you’ll see the new
edits and files waiting in your list.

Next is Send To Google Docs. Send to Google Docs is a chrome extension
that will save any website as a PDF and port it over to your Google
Docs. This tool requires no extra authentication since it’s in Chrome,
and to use it just browse to a page you want to save, click the Send
To Google Docs icon, wait for it to convert, then it’ll give you the
option to look at the PDF and save it. I could think of a few really
good uses for this program already!

I’ll have links to each of these programs in the shownotes, but I also
want to hear your feedback on Google Doc tools. Email me your favs at
feedback@hak5.org or comment below.”

Nibble

Psyhomb writes:

how to exclude the grep command from grep instead of this cmd
ps aux | grep init | grep -v grep ;done
You can use this cmd (you can put any letter, in square braces)

ps aux | grep [i]nit ;done

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

No matter what your project is Domain.com has what you need to register, host and promote your next big idea…even if it’s ffffggggggggggggggghjk.com. Domain.com is owning the competition with cheap domain names and hassle-free service. Their easy checkout process and domain discovery system makes it easy to select the domain that’s right for you and setup your website without hassle. Domain.com will even transfer your domain from another registrar and hook you up with another year of service for under $6.50 when you use coupon code HAK5 at checkout. That’s right, our code HAK5 will score you 15% off. Don’t forget, when you think domain names, think Domain.com

There are two things IT professionals and their clients have in common. They want the job done right and they want it done fast! That‚Äôs why I highly recommend GoToAssist Express, by Citrix to anyone in IT. It‚Äôs the fastest, most reliable support tool and the only service I trust! Don‚Äôt wait – start using GoToAssist Express today! Hak5 viewers can try it FREE for 30 Days Visit GoToAssist.com/hak5.

Computer disasters eventually happen to everyone ‚Äì (your computer crashes, gets infected with a virus, you drop it, theft, fire, etc.) but if you get Carbonite Online Backup before your disaster then NO NEED TO WORRY because your files will be backed up ‚Äì automatically and safely offsite ‚Äì and it‚Äôs really easy to get them back. Plus, you get anytime, anywhere access to your backed up files from any computer ‚Äì or on your smartphone or iPad with a free Carbonite app! With Carbonite, unlimited backup for your PC or Mac is just $59 a year. That‚Äôs less than $5 a month. But when you use the offer code hak5 to start your Free 15-day Trial you‚Äôll get Two Months Free if you decide to
buy. All the details are at Carbonite.com and remember to use the offer code hak5
to get Two Months Free with purchase.

Hak5 1010 – Derbycon 2011: Raphael Mudge from Armitage, Nerdcore’s Dual Core and forensics, and Octothropes?

Jason — Wed, 26 Oct 2011 21:35:57 +0000

This time on the show, Raphael Mudge chats about Armitage — the GUI front-end to Metasploit. Plus, Nerdcore sensation Dual Core is making the lives of forensics investigators much more difficult. Plus PPTP VPNs, SSID broadcasting and what the F* is an Octothrope? All that and more, this time on Hak5.

Download HD Download MP4

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Domain.com is owning the competition with cheap domain names and no hassle service. Our Hak5 fans our making Domain.com one of the fastest growing domain registrars in the world.
If you’re setting up a website to show off pictures of your cat, brag about your n00b owning skills, or do something more business related, Domain.com is the best place to buy a domain name for your new idea. Domain.com’s easy checkout process makes it simple to find your domain name and set up your website without the hassle. Domain.com’s Domain Discovery System quickly shows you available names, making it easy to select the domain extension that’s right for you. Find a sweet dot COM or get a dot CO and save a character. Already have a domain somewhere else? It’s cool, transfer it to Domain.com for only $7.61 and get an extra year free. The guys at Domain.com are huge fans of Hak5 and want to hook up other Hak5 fans. Use coupon code HAK5 and get 15% off your next domain purchase or transfer. That’s only $6.47 for domain transfers. Don’t forget, when you think domain names, think Domain.com.

“Being in IT and not using the right tools to get the best results for your clients is like a surgeon not using the best, most reliable medical equipment…
How can you expect your clients to work with you? That’s why I use GoToAssist Express by Citrix – the BEST remote support tool…
It’s the only one I trust and rely on to get the job done right! GoToAssist Express is designed with speed and usability in mind and makes it easy to get in, diagnose and resolve the problem – fast!
In fact, GoToAssist users report an average 40% increase in productivity. That’s like getting 7 days’ worth of work out of your 5 day week! And with Unlimited Use you can support all you want for one flat fee!
I’ve used remote support tools for years…GoToAssist Express is the best – so fast and reliable! Start using GoToAssist Express today, you’ll see why it’s the leader in remote support! Right now – Hak5 viewers can try it FREE for 30 Days Visit GoToAssist.com/hak5

Join modding wizard Ben Heck and friends as they build and modify a host of amazing community-inspired creations. Be sure to watch new episodes of The Ben Heck Show every two weeks right here at Revision3.com/TBHS In the latest episode of The Ben Heck Show, Ben assembles his crack squad of paranormal investigators for a very special Halloween episode. Stay Tuned at element14.com/tbhs to find out how you can enter to win Ben’s latest builds from his show.

Hak5 922 – Bypass GeoIP filters, VPN in BackTrack 5, AndLinux, Prettier Traceroutes

Jason — Thu, 21 Jul 2011 01:11:58 +0000

Hulu and the BBC iPlayer everywhere with a little VPN action to bypass Geo IP filters. We’ll be setting up Network Manager in BackTrack5. Plus, Linux inside of Windows, graphing trace-routes in terminal and a whole lot more this time on Hak5!

Download HD Download MP4 Download WMV

VPN in BackTrack 5 with Network Manager

BackTrack 5 is rocking my world as of late. I’ve been running the gnome 32bit version as my primary os on one of my laptops since release and I so far it has been fantastic out of the box.

That is until I wanted to easily connect to a PPTP VPN. While BackTrack5 includes Wicd — the Wireless (and wired) Interface Connection Daemon I’m more familiar with Network Manager, which includes a VPN client. Two birds, one stone!

In this segment I setup Network Manager in BackTrack 5.

apt-get install network-manager-gnome
cp /etc/network/interfaces{,.backup}
echo “”auto lo”" > /etc/network/interfaces
echo “”iface lo inet loopback”" >> /etc/network/interfaces
service network-manager start
nm-applet&
reboot

Run Linux apps in Windows with AndLinux

If you want to run Ubuntu seamlessly inside a Windows box, perhaps you’ll be interested in this tool called andLinux. AndLinux is a complete Ubuntu system that runs in Windows (all except 64-bit 7) and uses a program called coLinux as it’s core. CoLinux is a port of the Linux kernel to Windows. It’s kind of like running linux in a VM, except with coLinux, andLinux merges itself with Windows and the Linux kernel instead of running through an emulated PC. andLinux is for fun and development and it can run almost any Linux applications without having to do any modifications.
So, with andLinux you get a fully functional Linux system, with no desktop interface. It gives you a second panel or start menu where you can load Linux apps. The apps can be run simultaneously with Windows apps and you can cut and paste text between them.

AndLinux comes in a couple of different versions- KDE version (which is a full version) or XFCE (minimal). When you go through the andLinux installation on Windows, there are a few important steps to keep in mind.
Choosing your start up type: I chose run andLinux automatically as a NT service because it is the most convenient choice. You don’t have to do any kind of configurations if you choose this option.
You’ll be asked to create a username and password for andLinux login.
For Windows file access, I chose COFS as it gives you easier configuration compared to Samba. Samba will, though, let you share files with special characters.
Also, if Windows starts freakin because it’s not Microsoft certified, just click continue anyway.

Once the installation has finished, just restart your computer and unblock any windows firewall settings that may occur from the installation. To start using andLinux, first run the NT console. This will open a command prompt that’ll ask you for your username and password. You can then close that window and start using any of the programs and applications that are available in the boot menu. It’s kind of like downloading all the Linux programs straight into Windows without using a Linux OS.

So I’m just going to try some of these programs out, and they all seem to work just fine. So andLinux looks to be a very handy way to use Linux applications indeed! If you like it, tell me so! feedback@hak5.org.

Nibble: MTR isn’t your fathers traceroute

MTR isn’t your father’s Traceroute. It’s the ultimate command line tool for finding out where those tasty little packets are getting lost. From bash issue mtr –report-wide –curses and your destination of choice.

mtr –report-wide –curses 8.8.8.8

MTR will bring up a curses terminal interface with a constantly updating report on hops and pings, complete with hostname, best and average latency, and percentage of packets lost at each link.

Thanks to Brian for sending this in and scoring some complimentary hak5 swag. Submit your 4-bits at hak5.org/nibble

If you’re into Hak5 you’ll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you’re a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let’s not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

If you’re an IT or software consultant, you’re always looking to compete with the big guys. Problem is you may be a one man show! You need a remote support tool – and the best is Go To Assist Express. The faster you can connect to a customer, the faster you can move on to the next challenge! Reduce your travel time and increase revenue by handling more support requests. Brought to you by Citrix, you KNOW Go To Assist Express is easy and secure. Try GoToAssist Express FREE for 30 Days. For this special offer visit GoToAssist.com/Hak5.

If you want to build a video site or if your website has a play button, I recommend getting a dot TV domain. A dot TV website lets you showcase your original content and create a unique site, not just another YouTube channel.
Just go to domain.com and search for the perfect dot TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%.
If you need to host your dot TV website, don’t forget about Domain.com’s web hosting plans. They’re less than six bucks a month and have everything you need to build, maintain, and promote your site.
Remember – when you think domain names, think domain.com.
Got a great idea? It all starts with a great domain. domain.com

Audible.com is the leading provider of downloadable digital audiobooks and spoken word entertainment. Audible has over 75,000 titles to choose from, to be downloaded to your iPod/MP3 player and played back anywhere, anytime. Choose from books in every genre, science fiction, thrillers, drama, comedy, business, history and more. Go to audiblepodcast.com/ hak5 to get a FREE audiobook-download of your choice when you sign up today. Again go to Audiblepodcast.com/hak5 for your Free Audiobook!

Setting up Qnext Communication System.

paul — Sun, 12 Sep 2010 23:15:27 +0000

Shannon is all about combining instant messaging, file sharing and remote access with Qnext.

Shannon shows how to setup Qnext and use it for all her online communication.

Episode 722 – Virtual Private Networks using your Google account and chipset woes

Jason — Wed, 14 Jul 2010 08:35:42 +0000

This week Shannon has a great Snubs Report on setting up a Virtual Private Network using your Google account, and Darren shares some lessons learned in Linux wireless chipset compatibility and motherboard selection in a segment that can only be dubbed “How I walked in for a USB dongle and left with an i7 rig”

Download HD Download MP4 Download XviD Download WMV

Linux wireless chipset compatibility, or, how I ended up with an i7

Darren shares some lessons learned in Linux wireless chipset compatibility, motherboard selection and why following up on forum threads is important.

Next week we’ll continue with water cooling and home built wireless access points

Domain.com

I like Domain.com’s Deluxe web hosting plan that’s only $8.75/mo. One click install of all the popular open source programs like WordPress, Joomla, and Drupal, and more! Unlimited traffic

Free website builder with unlimited pages, Easy and affordable to get your sites online with Domain.com. Domain.com offers blistering fast DNS and hosting infrastructure, the lowest prices on the web AND the highest quality. Thanks to Hak5 fans, Domain.com is one of the fastest growing domain and hosting companies in the world. Got a great idea? It all starts with a great domain. Domain.com! Don’t forget to use coupon code HAK5 at checkout to get 15% off your order.

Setting up a simple Virtual Private Network using Google

Gbridge is a free software-only solution available for all versions of Windows and uses your Google Account for authentication. It is an extension of Google’s gtalk service and lets you remotely control PCs, sync folders, share files, and chat securely and easily. You can share your desktop with your designated friend from anywhere in the world and automatically traverses firewalls and NATting routers without the need for configuration! Gbridge allows you to securely share and access files and let friends view photos instantly remotely with no download needed. Transfer and sync large files and folders to and from anywhere with no size restrictions, then use AutoSync to auto-schedule, auto-resume, and do incremental transfers as well as set up and auto-backup of your important folder to a local or remote PC.

I connected to a box on our Hak5 Cloud Lab with GoToAssist Express to show you how to easily connect Gbridge and start sharing files.

Click on the download link to go to the download page on Gbridge.com.
Start the download and click yes a couple of times.
A popup will say it needs to install the VPN driver so click ok, then wait for the install to finish. Click allow if Windows tells you any warnings about downloading and installing.
Click finished once it’s done installing.
Start Gbridge and it’ll ask you for your gmail info.

You can also create a new gmail account or google apps account if you dont want to use your regular one.
The first thing I see is my friends list. It automatically includes my chat friends, none of which are online right now.

If you have OpenDNS or some other DNS resolving service, it may keep Gbridge from functioning properly, so you will either need to configure your service with a VPN exception rule for gbridge.net or just raise the Gbridge virtual adapters binding order. (which can be changed back anytime you want.)
Now at the top, you can log off, Invite friends by typing their email or add friends from your list of contacts. You can also create new shares:
To do so, click on the volume you wish to share, then add any friends you want to share this folder with. I’m going to add Darren, then password the volume.
Darren is currently on my list of friends but not included in my list of friends that I share with, so I’m going to allow him, and there we go! My SecureShare is now created.
I can go into the SecureShares tab to make changes to my shared folders, and on my friends list, I can make changes to friends or chat with them.
To backup your folder onto the main machine or another machine, click the Add EasyBackup icon, choose the SecureShare, choose which machine to put the backup on, and let the backup begin.
To use desktop share, click on the icon, choose Configure, and change settings.
All in all, Gbridge is lightweight, easy, and free. All good in my book!

It won’t replace a proper PPTP or IPsec VPN but it will be up and running in minutes giving you the majority of what you need.
Email me what you think at feedback@hak5.org
Thanks to Go To Assist Express for this weeks Snubs Report.

GoToAssist Express
If you’re in technical support… I want to tell you about an easy way to save time… money – AND make you look like a HERO to clients and colleagues.
GoToAssist Express – bought to you by our friends at Citrix is an EASY and SECURE remote support solution! With GoToAssist Express, you can SEE and SOLVE the problem WITHOUT being there in person! GoToAssist Express is specifically designed for small businesses and professionals to support clients and the best part is that with GoToAssist you don’t have to pre-install software to on your customers’ machines so you can instantly start supporting them online. Try Go To Assist Express FREE for 30 days! For this special offer, you must visit gotoassist.com/Hak5. That’s gotoassist.com/Hak5 for a FREE trial.

Trivia

This 90′s era IDE and interpreter came with four pre-written
example programs, including
“Nibbles” and “Gorillas”

Be sure to submit your answer at Hak5.org/Trivia for your chance to win some awesome Hak5 swag.

United States Air Force
A Special thanks to the sponsor of today’s episode, The United States Air Force

If you want to know the latest on Hak5 be sure to follow us on Twitter or Facebook.

Also, now is also a great time to grab some swag from the HakShop – including the new airport friendly WiFi Pineapple with free world-wide shipping.

And finally if you’d like to suggest a topic for a future show feel free to hit up feedback@hak5.org

Episode 621 – MiTM Javascript Keylogger, Social Engineering Toolkit and more

Jason — Tue, 05 Jan 2010 15:24:41 +0000

This week Darren is joined by Rob Ruller, aka Mubix for a little fun with Man-in-the-middle javascript keylogger using the Middler, and pwning with the Social Engineering Toolkit. Plus using Spotify in the US without a proxy, Mac Address spoofing in Linux or Windows, Virtual Appliances for VirtualBox, and much more! Take an hour lunch and prepare to feed your technolust!

Download HD Download MP4 Download XviD Download WMV

Cross Platform Encryption

Mahmoud, as well as many others, wrote in to ask about the cross-platform compatability of the encryption set setup on Hak5 episode 620 using cryptsetup.

The short answer is, no, it’s just for Linux. If you’re looking for something both open source and cross platform look no further than Truecrypt

Spotify in the United States without a proxy

Following up on last week’s question about IP spoofing so users in the US can try out Spotify, we’ve got just the trick without a proxy. Ok, well sorta. If you happen to have a beta invite and a friend, perhapse on IRC, in an allowed country it’s just a matter of having them sign up for you. The only limitation is that you’ll need to have your account signed into from your “home country” every 14 days. On the other hand if you decide to spring for the €9,99/mo premium account you, supposedly, don’t have such limitations. Thanks to Jouni in Finland for hooking me up. I’ll be sad when its game over in two weeks. Or will it?

Virtual Appliances for VirtualBox

If you’re a fan of VirtualBox then you’ll love VirtualBoxImages.com. They’ve got pre-packaged VirtualBox VDI’s ready for your enjoyment.

Javascript Keylogger via Man-in-the-Middle Attack

When it comes to man-in-the-middle attacks just about anything is possible. In this segment Darren explores InGuardians tool the Middler. Using a plugin architecture for manipulating (among others) http traffic, we attempt to get the infamous javascript onKeyPress keylogger going. Without much success in that department Darren goes on to demonstrate iframe injection and ponders ways to make the borked plugin behave.

Social Engineering Toolkit

Hacking isn’t just about remote code execution. Well, I mean, that’s fun and all but rather than exploiting the server, how about exploiting the Human OS. In this segment Mubix demonstrates David Kennedy (aka Rel1k)’s tool, The Social Engineering Toolkit. Despite some challenges with clients that werent setup with Java, Mubix successfully demonstrates meterpreter in conjunction with a cloned site.

Mac Address Spoofing

@Bluesmanchukk writes in to ask about Mac Address Spoofing. Darren and Rob discuss their favorite tools for the job: ifconfig (Linux), GNU MAC Changer (Linux), MadMACs (Windows), Mac Randomizer (Linux).

Multi-Player Notepad

Stoned33 wrote in to ask for our picks for simple online collaboration. Aside from the obvious Google Wave, Rob recommends the recently Google-Acquired yet still operating Etherpad. This real-time document editor is like multi-player notepad on crack. Give it a shot.

Hacking PPTP VPNs with ASLEAP

Darren Kitchen — Mon, 14 Dec 2009 07:58:05 +0000

Darren demonstrates cracking Microsoft VPN tunnels using the MS-CHAPv2 authentication protocol using Joshua Wright’s tool ASLEAP and talks about the theory behind the attack.

Continuing on with our VPN series I find it important to highlight the weaknesses in the protocols we have talked about thus far. In my last segment I highlighted a tool that allows an attacker to easily hijack an SSL session using a man-in-the-middle attack. Couple this with Adito (aka OpenVPN-ALS), my favorite open-source SSL VPN server, and you can see the problem.

But what about the basic Microsoft VPN we setup a few weeks back? The VPN servers that we setup on Windows XP and Server 2003 used either active directory or local windows accounts to authenticate users.

And looking back at our discussions on pwdump, rainbow tables and the like you’ll remember the inherent weaknesses in Windows account credentials.

There are two ways Windows stores a user’s account credentials, or password. LAN Manager hashes which are comprised of watered-down weaksauce and NTLM which are succeptable to time-memory tradeoff attacks.

The default VPN server implemented in Windows XP and Server 2003′s Routing and Remote Access service uses Point-To-Point-Tunneling-Protocol. This is convenient because the Windows clients have supported Microsoft PPTP VPN connections natively since 2000, and in Windows 95/98 with Dual Up Networking version 1.3.

The modern authentication protocol of Microsoft’s PPTP is MS-CHAPv2. This Challenge Handshake Authentication Protocol suffers from inherent weaknesses.

As far back at 1999 these weaknesses have been widely known. If you’re interested in reading more on the cryptanalysis of MS-CHAPv2 there’s a nifty paper written by Bruce Schneier and L0pht that I’ll link in the show notes.

And while other options exist such as Radius, this is still the default option for PPTP authentication in Windows environments.

Joshua Wright, author of coWPAtty (See our segment here), released in 2004 a proof of concept tool to demonstrate weaknesses in LEAP and PPTP protocols.

This tool, ASLEAP, was updated in 2007 to include an option to just crack MS-CHAP v2. Either by examining a packet capture that includes a MS-CHAP handshake ASLEAP or specifying an MS-CHAP challenge and response ASLEAP is able to deduce the username and last two bytes of the NT hash. Using this information, and a dictionary file, ASLEAP is able to brute-force the hash.

Episode 614 – Firewall evasion, SSH and virtual appliances!

Darren Kitchen — Wed, 18 Nov 2009 14:49:32 +0000

Got a restrictive firewall blocking sites at school or work? Evade ‘em easily with your own private web proxy. Want to securely tunnel any port through an SSH session? Darren’s got just the trick. Wondering how to properly use Asleap to crack MS-CHAPv2 PPTP VPN handshakes & LM Hashes? Interested in trying out neat free enterprise applications but don’t feel like spending hours in a terminal? Try deploying a virtual appliance in minutes, the free and open source way.

Download HD Download MP4 Download XviD Download WMV

Port Tunneling and Socks5 Proxies with a Secure Shell (SSH)

SSH Tunneling isn’t new to the show, we’ve done it before over DNS or in conjunction with VNC. Today we’re looking at two SSH tricks for tunneling just about any traffic.

First up, ssh -D. The -D option specified a local "e;Dynamic"e; application-level port forwarding. Any connection made to the specified port goes through the tunnel as a SOCKS4 or SOCKS5 proxy. Perfect for secure web browsing as demonstrated with Firefox in this segment.

Usage

ssh -D 8080 user@server

Second, ssh -L. The -L option enables port forwarding. Using this option tells the SSH client to listen to traffic on a specified port and forward it along through the tunnel. The server receives this data and points it to the specified destination, whether it be on the destination network or otherwise. In our example we use the -L option to securely connect to an open IRC server.

Usage

ssh user@server -L local-listen-port:destination-ip:destination-port

For more SSH-fu check out the ssh man page or Linux Journal’s interesting series on 101 uses of openssh.

Bypassing site-blocking firewalls with your own private web proxy

The age old scheme for bypassing restrictive firewalls, like those that block sites at school or work, has been to use a web proxy. Of course this is followed up by the network administrator blocking all mainstream proxies. But what if you could run your own? Well, you can and it’s really freaking easy. In this segment Darren demonstrates PHProxy

Cracking MS-CHAPv2 PPTP VPN handshakes & LM Hashes Followup from 6×12

On episode 612 we demonstrated a tool, asleap, designed to crack MS-CHAPv2, the authentication protocol commonly found in Microsoft PPTP VPNs. The final demo was unsuccessful due to the encoding of the handshake and response sniffed by Wireshark. Viewer Sc00bz was kind enough to post a PHP script that accepts the challenge, response and username and provides you with the proper asleap command to run with the properly encoded byte sequences. Sc00bz has well documented the code, which lives now on this Hak5 forum thread. Thanks Sc00bz!

Deploying Virtual Appliances in minutes the open source way

A Virtual Appliance can be though of as a software image containing a supporting stack designed to run inside a virtual machine. A quick look at vmware’s virtual appliance directory shows that there are hundreds of applications that can be quickly and easily deployed. In this segment I take the Dimdim open source virtual appliance, designed for vmware, and deploy it with VirtualBox (just becasue I can).

Episode 612 – Hacking PPTP VPNs with ASLEAP

Darren Kitchen — Wed, 04 Nov 2009 16:52:17 +0000

Continuing with the VPN Series, Darren discusses the inherent weaknesses in Microsoft’s PPTP authentication protocol, MS-CHAPv2, and demos a Linux tool that exploits these weaknesses.

Download HD Download MP4 Download XviD Download WMV

Continuing on with our VPN series I find it important to highlight the weaknesses in the protocols we have talked about thus far. In my last segment I highlighted a tool that allows an attacker to easily hijack an SSL session using a man-in-the-middle attack. Couple this with Adito (aka OpenVPN-ALS), my favorite open-source SSL VPN server, and you can see the problem.

But what about the basic Microsoft VPN we setup a few weeks back? The VPN servers that we setup on Windows XP and Server 2003 used either active directory or local windows accounts to authenticate users.

And looking back at our discussions on pwdump, rainbow tables and the like you’ll remember the inherent weaknesses in Windows account credentials.

There are two ways Windows stores a user’s account credentials, or password. LAN Manager hashes which are comprised of watered-down weaksauce and NTLM which are succeptable to time-memory tradeoff attacks.

The default VPN server implemented in Windows XP and Server 2003′s Routing and Remote Access service uses Point-To-Point-Tunneling-Protocol. This is convenient because the Windows clients have supported Microsoft PPTP VPN connections natively since 2000, and in Windows 95/98 with Dual Up Networking version 1.3.

The modern authentication protocol of Microsoft’s PPTP is MS-CHAPv2. This Challenge Handshake Authentication Protocol suffers from inherent weaknesses.

As far back at 1999 these weaknesses have been widely known. If you’re interested in reading more on the cryptanalysis of MS-CHAPv2 there’s a nifty paper written by Bruce Schneier and L0pht that I’ll link in the show notes.

And while other options exist such as Radius, this is still the default option for PPTP authentication in Windows environments.

Joshua Wright, author of coWPAtty (See our segment here), released in 2004 a proof of concept tool to demonstrate weaknesses in LEAP and PPTP protocols.

This tool, ASLEAP, was updated in 2007 to include an option to just crack MS-CHAP v2. Either by examining a packet capture that includes a MS-CHAP handshake ASLEAP or specifying an MS-CHAP challenge and response ASLEAP is able to deduce the username and last two bytes of the NT hash. Using this information, and a dictionary file, ASLEAP is able to brute-force the hash.

PS: Check out Player2Rentals.com.

Episode 605 – Three VPN Servers and a Kindle Console

Darren Kitchen — Wed, 16 Sep 2009 12:38:50 +0000

This week Shannon taps into a hidden Kindle serial port using a inty bitsy ribbon cable, a USB to Serial TTL cable and some jumpers in an attempt to hack root and finds herself upon the bootloader and nearly at a bash prompt. Darren guides you through the installation of VPN servers on Windows XP, Windows Server and Linux so you can keep your traffic secure in an encrypted tunnel while on untrusted networks.

Download HD Download MP4 Download XviD Download WMV

Hacking into the Kindle Bootloader Part 1

This week, I’m introducing the bootloader Kindle 1st gen hack.

Equipment:
Kindle 1st Generation
A computah!
USB to Serial TTL Cable
20 pin 0.5 mm flat cable
1 pin Jumper cables

Programs:
Putty

Igor Skochinsky explains how to hack into the bootloader of the Kindle very nicely on his blog, Reverse Everything. He includes screenshots, photos, and descriptions of everything you need to know to do this hack.
Part 1
Part 2

If you have any questions, you can email me at snubs@hak5.org!

Windows VPN Servers

In this segment I demonstrate setting up a VPN server in Windows XP which is rather limited at 1 concurrent connection. I also demonstrate building a Routing and Remote Access VPN server in Windows Server 2003.

Open Source VPN Server

I’m a big fan of open source. I’m also an overwhelmed systems administrator that likes easy. And when it comes to VPNs in Linux, OpenVPN is the go to solution. That’s why I’m excited about OpenVPN Access Server — an set of installation and configuration tools that simplifies rapid deployment of a VPN solution.

In this segment I demonstrate setting up this nifty, lightweight and powerful server in a typical home user scenario. I also speak to the fact that it can integrate with Active Directory via LDAP or even a RADIUS server for authentication. The web based backend makes administration a breeze and the web frontend makes client setup even easier. All the clients have to do is login to a website and download a prepackaged and configured connection app for Windows, Mac or Linux.

This package makes it incredibly easy to deploy a VPN server. But it comes at a cost. OpenVPN-AS requires a license key for each concurrent connection. Two are provided for free and additional licenses are $10 ea. Still a far cry from a windows Client Access License!

In future segments we’ll be getting our hands dirty with OpenVPN standard as well as some other interesting VPN technologies so be sure to send your feedback, requests and flames to darren@hak5.org

Episode 604 – WiFi Network Scanners and Windows VPN services

Darren Kitchen — Wed, 09 Sep 2009 12:47:50 +0000

This week Matt reviews an open source WiFi network scanner for Windows while Darren convinces a Windows server into treating a VPN connection as a service.

Download HD Download MP4 Download XviD Download WMV

Merge folders with Winmerge

This open source Windows tool allows you to easily identify inconsistencies between two would-be identical directories and quickly make corrections, complete with keyboard shortcuts. Check out Winmerge

inSSIDer, an open source Windows WiFi Scanner

So in my never ending search for better and better utilities to make my life easier, I came across inSSIDer by metageek.

Which is basically a stripped down version of their Chanalyzer software.

Stripped down maybe, but extremely useful none the less? YES!

After performing a scan of my boss�s house who was plagued with signal drops and slow speeds, I came across the reason.

Interfering access points. His router was on channel 6, surrounded by half a dozen other access points.

So using the easy to read inSSIDer software I decided to put him on channel 11, where there were no other AP�s in range.

As soon as I made the switch, I had vastly improved signal strength, and no longer had drops walking through the house.

We�ll be running a review of the Wi-Spy products and metageek�s Chanalyzer in an upcoming episode.

LAN Party

This month’s LAN Party is Team Fortress 2 on Saturday, October 3rd, at game.hak5.org. Find all the LAN Party details at hak5lan.squarespace.com

Windows VPN connection as Service

One of the nice things about Windows Server is the built in VPN service — RRAS or Routing and Remote

Access. In this segment I demonstrate a way to connect one Windows Server to another utilizing a PPTP VPN

connection as a service. The built in VPN connection manager isn’t half bad.

A nifty feature is >the rasdial.exe program

which allows you to connect/disconnect a VPN profile from the command line. Pairing that with the AutoExNT service from the Windows Server

Resource Kit and you’ve got a VPN connection on boot, even before login.

Contest

This month’s contest is for the scatter brained and design concious desktop users. Share your desktop’s

over at Hak5.org/screenshot and be entered to

win leet Hak5 swag and Ashley Schwartau’s Hackers Are People Too DVD.