Download HD Download MP4 Download XviD Download WMV

Airport WiFi Challenge – Jasager and Deauths

Once again my travels take me to a wonderful and target rich environment — the airport.

And while I typically don’t take on challenges, this one tickled my technolust. I was asked how many clients I could harness with a WiFi Pineapple during a typical hour long layover at the airport. I figured this was a great opportunity to test out Airdrop-ng.

Your Ultra Software Picks

In a follow-up from episode 703, Shannon counts down your Ultra software picks, including:

• Total Commander
• JkDefrag
• Ultimate Boot CD
• Super Anti-Spyware
• Process Explorer

Download HD Download MP4 Download XviD Download WMV

Malware Analysis Sandbox

CWSandbox is an automated malware analysis sandbox. It works by running suspected malware samples in a simulated Windows OS. So as opposed to trying to break into the malware code to see what it does, we simply run it in a live environment. That way we can monitor all the network traffic that the malware generates. All of the processes that are created, the DLLs that are loaded, any changes to the Windows registry and even what it’s doing to the file system.

This is achieved by using a technique called API hooking. That basically means that when the malware calls the Windows application programmers’ interface to say something like “connect to this IP address” or “modify this file” it’s actually going to CWSandbox’s monitoring software, which logs the action and goes ahead and makes the change.

It’s kind of like an operating system man-in-the-middle. For malware.
So once a suspected malware sample is run through the tool you get a computer generated report of what the executable is actually doing. And this can be fed into anti-virus and intrusion detection systems to monitor for similar behavior.

PC Remote Control over Twitter

While there is no denying the power of running your own SSH, VNC server at home for remote access, wouldn’t it be nice if you could simply text message your computer something simple like “Hey, what’s your external IP address” or “Send me a screenshot” or “Go download this file”

And if Robin Wood has taught us anything with KreiosC2 – commanding your computer, or even a large botnet for that matter, over social networks is quite possible.

But now it’s time for something a lot more user friendly. This week Snubs investigates TweetMyPC

Download HD Download MP4 Download XviD Download WMV

Rogue DHCP Server Detection

Following up with last week’s discussion on Rogue DHCP Servers I found it fitting to mention Tim Ashley’s Rogue DHCP Server Detector as found on the Hak5 forums.

Free Application Sandbox Challenge

In an effort to discover whether free application sandboxing solutions from Comodo and Sandboxie can save a (L)user from themselves, Darren takes three Internet Explorer 6 Virtual Machines around the Internets famous red light district in a set of challenges put forth by the fine folks at irc.hak5.org.

The Top “Ultra” Windows Warez

Perplexed by software titles claiming to be the most elite thing since ascii art Shannon set off to round up the top “Ultra” software for Windows and see there is any merit fo their titles. The round up includes:

• #5 Ultra Screensaver Maker
• #4 Pong Ultra
• #3 Ultra Network Analyzer
• #2 UltraVNC
• #1 Ultra Defrag

Download HD Download MP4 Download XviD Download WMV

DHCP Exhaustion and DNS Man-in-the-Middle Attacks

Rather than your typical ARP based Man-In-The-Middle attack, Robin wood brings us two metasploit modules for both denial of service attacking a DHCP server and deploying a rogue DHCP server of your own with a DNS MiTM to boot. Check out the Metasploit DNS and DHCP Exhaustion – BETA at Digininja.org.

The JasagerInterceptor – a Pineapple Monkey mashup

This week we take a look within the community and highlight some of the awesome work done by Beakmyn. In an answer to Deathray’s thread on a Jasager with a network tap like the Interceptor, he brings you just such project. Behold the JasagerInterceptor. I’ve seen it with my own eyes at Shmoocon and I must say it’s a nifty bit of kit.

Download HD Download MP4 Download XviD Download WMV

Botnet Command and Control with Kreios C2

Using social networks as its communications channel, Robin Wood’s Kreios C2 is far more sophisticated than the traditional IRC based approach for controlling hordes of zombie computers. Version 3 was recently released and demoed at the Shmoocon 2010 Social Zombies talk (32MB AVI).

Man-in-the-Middle Attack Detection

With Robin Wood, master of hardware based Man-in-the-Middle tools, in studio Darren decides to give the traditional ARP poisoning method some love. White-hat love that is. Your typical ARP Poisoning Man-in-the-Middle attack which can be easily performed using tools such as ettercap, arpspoof, or even Cain & Abel on Windows. Generally speaking the goal is to convince the victim, using spoofed ARP packets, that your MAC address is associated with the IP address of another machine on the network — typically the router or gateway.

Of course in the real world the MAC address of your router doesn’t happen to change very often, so if it does it’s a tell-tale sign that something weird is happening. In this segment we demo Irongeek’s ARPWatch-like tool for Windows, DecaffeinatID. On the Linux side check out arpwatch.

Download HD Download MP4 Download XviD Download WMV

Tethering TOS and IP Spoofing

Brice writes “Thanks for showing how to tether Droid with Ubuntu. I use them both quite often.
I was wondering if tethering the Droid is against the TOS/Verizon contract.”

Well Brice, technically it may be a violation of your carriers terms of service. I know at least with Verizon’s Wireless business accounts there is an additional fee, around $30/mo I believe, for tethering with a smartphone like a blackberry.

I can also say from personal experience having tethered since 2001 on both Sprint and Verizon, that as long as you stay under the 5-gig cap you should be ok. Programs like June Fabrics PDAnet allow one to tether on most platforms and, from what I hear from my telco buddies, the carrier can’t tell the difference between the traffic originating from the phone or your laptop. I haven’t heard any horror stories of penalties for using such application however I’d be curious to hear from our audience if such a thing has happened in the past.

Kuroha write “I want to use Spotify, the new music service, but I keep getting this error:
Unfortunately, due to licensing restrictions we are not yet available in your country. We understand that you are currently in United States. How do I spoof my IP so it looks like I’m in Finland?”

Kuroha, there is a misconception about IP Spoofing that’s simply summed up by saying this. The source address of your computer is part of the IP packet header. There are plenty of programs out there that will let you spoof this source port, including our favorite tool nmap. However, like a return address on postage, unless you’re in a position to listen to the replies to your spoofed packets (such as on a local network) you aren’t going to get anything useful back from the server.

What you’re more likely referrencing isn’t IP Spoofing as much as it is simply bouncing your traffic off a server in another country — typically done to anonymize Internet traffic or for secure tunneling on untrusted networks. The SSH tunneling with dynamic SOCKS proxies we’ve been talking about recently will do the trick. It’s just a matter of finding a cheap shell, VPS or other server that allows tunneling in the country of your choosing.

Don’t forget this month’s LAN Party is Left 4 Dead 2. We’ll be playing at game.hak5.org Saturday and Sunday, January 2nd and 3rd. Hope to see you there!

World of Goo Mods

Recently I’ve been playing a lot of World of Goo. It’s an amazingly simple and fun game. I’ve been playing on the Wii but soon after arriving in Toronto Jenn Cutter picked up the title for her tablet and has been dabbling with the mods.

If you’re interested in making your own levels, or downloading fan-created levels and other mods be sure to check out GooFans.com — they also have a great forum on modding.

This week’s trivia question is: “World of Goo developers shares the same open source physics engine as what 2007 first-person shooter?” Answer at hak5.org/trivia and be entered to win Pronobozo’s album Zero=One=Everything.

Easy Linux drive encryption with Cryptsetup

When it comes to Linux, I love super user friendly and powerful utilities. This is one such tool. Since the 2.6.4 kernel drive encryption has been built in, and this tool cryptsetup makes setting it up a breeze. Follow along in this tutorial as I keep my secret thumb drive free from prying eyes.

I’ve gotta give props to Peter Savage for sending this my way. Check out his SciFi fantasy novel Emblem Divide — it’s wicked good.

Wallpaper Contest: Best 2010 “New Years” Hak5 Wallpaper! Get creative and submit your wallpaper to Hak5.org/forums under the Community Images board.

Ultralight Notebooks

Chris writes: “I was wandering if you could suggest a laptop that is lightweight, long battery life, 13.3 inch screen, with Win 7. Budget of $1000″

Chris, I recently did just this research. I was looking for a notebook to edit the show on the go — which isn’t easy considering the heaft and hunger of those AVCHD video files. If you’ve been watching the show for a while you also know I’m the netbook boy. First with the 7″ eeePC, then the 9″ Aspire One, and more recently the 10″ Nokia Booklet 3g. The next step up to get a “real CPU” is 13.3″ — a sweet spot of performance and portability.

What I found was that ultra-light, ultra-long battery life is in. These sweet new Consumer-Ultra-Low-Voltage (culv) chips from Intel and AMD are sexy. I thought I would need a 35 watt Core i7, or at least a 25 watt 2.2GHz or faster Core2Duo to edit on the go — but I lucked out with the 10 watt 1.3ghz SU7300 Core2Duo chip from Intel.

The video editing performance of the ASUS UL-series notebook I ended up with is aided by hardware accellerated video processing in the GMA 4500 M HD. AVC, VC1 and h.264 decoding are offloaded to the graphics chip. In Windows 7 Home Premium I’m able to playback 17mbps AVCHD in WMP using only 20% CPU. Not bad at all.

So if you’re willing to live without an optical drive an ultralight notebook may be the best choice for you. The performance seems enough and the battery life is steller. I’ve seen prices in the $650 – 900 range so take a look at the ASUS UL, Acer Timeline, Dell Inspiron Z, Samsing X and Lenovo U series notebooks. Just be sure to get a Core 2 Duo — I’m not reading great things about the Core 2 Solo part. SU7xxx and SU9xxx seem to be where it’s at. For now. We’ll likely see a lot more of these slim buggers at CES.

I want to give a special thanks to our crew for being so supportive while I was in hospital. Shannon did a wonderful job of taking care of the hakshop and mailing out all the orders while I was away. Thanks Revision3 for understanding about the late episode, Sentara for their open wifi and hot nurses, and a big thanks to our loyal fans. All of well wishes on twitter, facebook and youtube, the forums and IRC brightened my day every day. And DigiPirate, thanks for the awesome USB Dalek Webcam. Exterminate!! Exterminate!!

Download HD Download MP4 Download XviD Download WMV

A Great Week for Hacking

• Our pal Mubix, while sad about the demise of MDD, is excited about Fastdump Community Edition
• Decaf defeats Microsoft’s Cofee
• People, this is why encryption is important. Predator drones hacked.
• Darren is excited about Wordpress 2.9’s oEmbed Feature
• It was only a matter of time^H^H^H^Hseconds before the Nook was rooted
• Shannon is eager for some free in-flight WiFi.

Build wordpress, joomla, droopal themes without code

While it’s no Geocities page creator, Shannon reviews (and mostly likes) last week’s CMS theme generator recommendation Artisteer. Shannon reviews it’s basic operation and gripes about the trial limitations. Worth $50? Maybe if you’re looking to build a dozen Wordpress themes. Just looking for a one-off? You’re probably better off with a free, or even paid theme.

Droid tethering without root access

While we’re likely mere moments away from WiFi Droid Tethering [Edit: Well would you look at that], Darren has just the trick for tethering the Droid with Ubuntu without root access. Ok, actually root on Ubuntu is required but not on the droid. Easy enough Eh?

Mad props to Shannon VanWagner for putting together a simple 15-step process for tethering via USB with Ubuntu and the Droid.

And mad props again to bigmack83 for turning these 15 steps into a basic shell script. Actually a wizard would be more apt, as this script guides you through the process of installing packages, creating rules, setting up your droid and finally connecting.

You’ll need a debian based Linux like Ubuntu (but I’m fairly certain you’ll be able to adapt for the apt-less), the tether script and the Android SDK.

Read on for details from the author

Download HD Download MP4 Download XviD Download WMV

Hacking the Motorola Droid: Root Access!

As expected the Motorola Droid has been rooted. That is to say there’s a hack that’ll unlock SU, or super user privileges on the phone. The hack is essentially su bundled in an unsigned update that can be run from the SD card. The unlocking process, which has changed since introduction, is outlined at this AllDroid.org forum thread.

At time of writing the process is to download this zip, rename it to update.zip and copy it to the root of your Droid’s SD card. Shutdown the Droid and start it by holding Power and X. Once greeted by an exclamation point on your screen hold the camera and volume+ buttons. From the menu choose the update.zip with the D-Pad, and once updated choose reboot.

Keep in mind that when it comes to unlocking moving targets like this it’s best to check with droid forums beforehand.

A Linux Doom Source Port

It was only a matter of time before we put Doom on The Zipit Z2. The recently unlocked linux-based wireless device is a prime candidate for fragging, what with it’s QVGA color display, WiFi and all. After unlocking, installing Doom is simply a matter or launching Fluxbox with startx and downloading PrBoom, a cross-platform Doom Source Port, with apt-get install prboom. The trick in launching PrBoom from /usr/games/ is to add the -width 320 -height 240 parameters. While PrBoom comes included with Freedoom, a free and open source Doom compatible IWAD, you may provide your own doom or Doom2-iwad parameter.

It is also worth noting that PrBoom comes with it’s own tcp game server for deathmatch. If anyone wants to try a little Zipit Z2 deathmatching hit us up. Or if you’re looking for some Doom goodness on the PC check out my favorite port, Skulltag.

Boot Chromium OS from USB

While still early in it’s development stages, Google’s upcoming Chrome OS is a neat OS to play with — especially on a netbook. While the Virtual Machine images floating around are nice for a glimpse, if you really want to immerse yourself in the Chrome OS experience it’s best to boot it from the metal. This can be achieved by “burning” this Chromium OS image to 3GB or greater USB or SD media. Here’s a torrent.

If you’re familiar with dd it’s simply a matter of downloading the torrent, unzipping and imaging the included chrome_os.img to your media. For example, dd if=’chrome_os.img’ of=/dev/sdb where /dev/sdb is the path of your removable media.

If you’re in Windows you’ll be delighted to find that the linked zip contains a copy of WinDD, as well as writing instructions. More information can be found at this makeuseof.com article. Important tidbits include the fact that the default user and password are chronos / password and that a terminal can be accessed by CTRL+ALT+T. Oh, and the xrandr command is available if your desired resolution isn’t detected automatically. The syntax is typically xrandr -s 1024×768 or similar.

Download HD Download MP4 Download XviD Download WMV

SSH Feedback

After bantering about our upcoming travels to Waynesville, Missouri and Toronto, Ontario and a little griping about zipit segmentation faults, we get into your feedback on recent SSH segments.

Dzaztur recommends Gnome SSH Tunnel Manager. It’s a sleek front-end for managing SSH tunnels, port redirects and more. Tunnel configuration is stored in a simple XML formal, great for portability, and the tunnels can be managed individually through one simple GUI. Thanks for the tip Dzaztur

Lozo points out that Mac OS-X has SSH built into the terminal, much like Linux. So true. We banter with Paul-the-camera-guy about the Mac OS-X kernel, which turns out is XNU — an accronym for X is Not Unix. So there ya go!

Sp4m says if you’re running Firefox over SSH you might want to look into remote DNS lookups. By default DNS lookups aren’t done through the proxy. This can be resolved by typing about:config in the address bar, and enabling the network.proxy.socks_remote_dns setting. Thanks Sp4m.

And Finally Post_Break from < a href="http://iamthekiller.net/" target="_blank">IamTheKiller.net points us to Secret Socks — a SSH Socks Proxy GUI front-end for Mac OS-X that he likes a ton more than SSHTunnel 1.6. [Edit: We made a mistake and called it Secure Socks in the segment]

And finally we go kitteh before moving on…

Certificate Authentication for SSH

In this segment Darren explains why certificate authentcation is a bajillion times better than password authentcation and demonstrates the configuration using Ubuntu 9.10 and an Interceptor running OpenWRT Kamikaze. This forum thread details setting up authorized_keys with Dropbear — the SSH daemon that comes standard on OpenWRT.

Next week we’ll be breaking this down with a little Man-in-the-middle action. Until then send your feedback to darren@hak5.org

Build a free Linux Live USB Key in minutes

when it comes to finding the right Linux distribution for you it’s best to try a bunch out. And what better way then to make some bootable Live Linux USB keys? Shannon demonstrates Linux Live USB — a Windows tool that makes it super simple to build a Linux USB key in minutes. It features automatic distribution downloading AND Persistence!

Questions on Wordpress Theme Hacking

Ricky writes:

I just recently started using wordpress, and I am having alot of trouble trying to design a layout for it, I was wondering if you had any references or anything to help me learn how to do this, I understand HTML and only know a little of PHP. Any help would be greatly Appreciated.

Darren recommends setting up a local LAMP stack, that is to say the web server, database and scripting language to support a Wordpress install. The easiest way to get started is with either WAMP on Windows or XAMPP on just about any platform.

The Wordpress install is dead simple.

Mostly I use PHP.net as my go to resource, but we’ll also be hooking you up with a copy of Mario Lurig’s PHP Reference: Beginner to Intermediate PHP5. Hope that helps.

The Wordpress Codex is also an invaluable resource when you really get your hands dirty when theme code. Things like the loop and trim_excerpt are well detailed. Once you start learning the Wordpress functions you’ll realize what a powerful content management platform it really is.

And finally we recommend Wordpress.org/Support for their forums. If you know of a better forum for Wordpress Theme Hacking please let us know!

Download HD Download MP4 Download XviD Download WMV

—
Title: Virtual Routers?
Time: 3:20
Keywords: virtual router, virtual machine, vm, virtualization, vmware, virtualbox, cisco, nexus, nexus switch, cisco nexus, nexus 1000v, nexus 1000

Joe Switch writes in to ask what the deal is with Virtual Routers and other such untangable networks. Matt has the answer. The way I understand it your more high end (read: expensive) Cisco and Juniper routers have virtual routers built in — much like you might have a virtual interface like eth0:1 in Linux — to manage VLANS, IP subnets and such.

Matt goes on to explain that in the vSphere product by VMware you can use the APIs to write, basically, a software based switch to compliment your existing deployments. Check out the Cisco Nexus 1000V. It’s a software implementation of a Cisco Nexus switch. I’d love to get my hands on it but at nearly $1000/year I’ll find something open source. Speaking of which, we’ve been meaning to play with a Cisco virtual network application but are in need of an ISO. If you’re privy to an open source alternative or can help out drop us a line.

Make your own Nintendo DS Games for free!

If it begins with a #include and ends in a semi-colon our friend Jason Appelbaum is all over it. This week he’s in studio covering a subject near and dear to our hearts — Nintendo DS Homebrew.

Let’s face it, the Nintendo DS is a happy little platform full of hacking potential. And with a well established homebrew community it’s the perfect device to start your next weekend project with. Jason takes you from Homebrew 101, including carts and roms, to getting the Dev tools and building your first Hello World app.

For more see JasonAppelbaum.com or email jason@hak5.org

Mac tunneling the free and easy way

Paul can’t hide behind the camera forever, and this week we’re pleased to have him break down the free and easy way to SSH Tunnel on a mac. After Hak5 viewer Lavi wrote in about SSHTunnel 1.6 Paul was happy to check out the program. Thanks for sending in your freeware picks!

SSH Tunneling the cross-platform way with Python and PHP

Another great bit of feedback from the SSH Tunneling segment in episode 614 was from Jan-Marten in The Netherlands. His Hak5 inspired cross-platform Python and PHP scripts, available from his blog johmanx.com allow you to easily configure and save SSH tunneling options. Awesome code Jan-Marteen, thanks for sending it in!

Of course if you have feedback for the show, code you’d like to send by, tips on legally acquiring a cisco IOS, freeware you want to let us know about, questions, or criticisms just write us: feedback@hak5.org

And don’t forget to check out the Hak5 Store for our holiday sale on all new Hak5 T-Shirts, hacked gadgets, pineapples, monkeys and more.

Download HD Download MP4 Download XviD Download WMV

First look at Google Chromium OS

Last week the news was a buzz about Google’s Chrome OS, and while we typically don’t cover tech news on the show I freaked out in my usual open source, cloud lovin’ Linux-y sorta way. So this week we’re taking a first look at Chromium OS — the FOSS project that Chrome is built on.

–Darren Kitchen

Google Voice SMS Scripting with Java and J-Bomb

Google voice is a powerful multi-use tool that could be used as a free SMS aggregator, that could be leveraged for anything you could come up that would fit into 140 charters, like a text based adventure game or a sms bbs. There are several different libraries that people have developed to take full advantage of Google voice’s features: Java Libary, PHP Libary, or for those who just want the raw unofficial API. The sky is the limit with this, the code that was showed is up on the forums, so head over there and get those idea up there.

–Jason Appelbaum

PS: Doesn’t J-Bomb sound like some sort of netbeans module?

Unlocking Linux on the Zipit Z2, a $50 hacktop

The Zipit Z2 is an inexpensive wireless handheld instant messaging device by Zipit Wireless. It sports WiFi, a color 320×240 display, backlit keyboard and similar CPU and memory to that of a last-gen smart phone.

It’s also a prime candidate for some hacking. In this segment we’ll unlock the device and install Debian, X, and Pidgin. The Z2 also has potential for emulators, video streaming and more.

Rather than repeat what has already been well documented we’ll link to these helpful Zipit Z2 hacking resources:

• Hunter David’s blog – A bunch of well documented ZipIt hacks, many with videos
• The Zipit Wireless Yahoo Group
• Quantum Lime’s step by step Zipit Z2 Debian guide