Comments on: Episode 513 – Extract Windows Executables from Packet Captures, PHP Gmail Badges, Winning the Easter Egg Hunt, and special guest Eighty of DualCore http://www.hak5.org/episodes/episode-513 Sat, 20 Mar 2010 21:00:24 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Usedtire http://www.hak5.org/episodes/episode-513/comment-page-1#comment-36137 Usedtire Fri, 12 Jun 2009 11:50:34 +0000 http://www.hak5.org/?p=1118#comment-36137 The best you could find was DualCore? That guy programs everything in Visual Basic. ;) Now being serious DualCore's music is awesome and int eighty knows his stuff. He needs to be on the show moer often. Great episode. I learned a lot. Now I just need to get int eighty to explain it all to me. The best you could find was DualCore? That guy programs everything in Visual Basic. ;)

Now being serious DualCore’s music is awesome and int eighty knows his stuff. He needs to be on the show moer often. Great episode. I learned a lot. Now I just need to get int eighty to explain it all to me.

]]> By: Ross http://www.hak5.org/episodes/episode-513/comment-page-1#comment-35415 Ross Tue, 19 May 2009 00:21:25 +0000 http://www.hak5.org/?p=1118#comment-35415 Shannon,

Theres a brand new hack for the wii that lets you put the homebrew channel on wii menu 4.0! Heres the link for it: http://wiibrew.org/wiki/BaNNeRBoMB. I’ve tested it, and it works, so definitely check it out

]]> By: Erik http://www.hak5.org/episodes/episode-513/comment-page-1#comment-35403 Erik Mon, 18 May 2009 06:28:48 +0000 http://www.hak5.org/?p=1118#comment-35403 Darren, Nice... Let me know if you've got some questions about NetworkMiner for the show! Darren,

Nice… Let me know if you’ve got some questions about NetworkMiner for the show!

]]> By: Darren http://www.hak5.org/episodes/episode-513/comment-page-1#comment-35391 Darren Sun, 17 May 2009 16:37:01 +0000 http://www.hak5.org/?p=1118#comment-35391 Erik, It's funny you mention this. Stick around for next week's show. NetworkMiner, as well as a similar fuller featured application, is shown. Erik,

It’s funny you mention this. Stick around for next week’s show. NetworkMiner, as well as a similar fuller featured application, is shown.

]]> By: Erik http://www.hak5.org/episodes/episode-513/comment-page-1#comment-35388 Erik Sun, 17 May 2009 13:55:13 +0000 http://www.hak5.org/?p=1118#comment-35388 A tool that is better at extracting files from pcaps is <a href="http://networkminer.sourceforge.net/" title="Network Miner" rel="nofollow">NetworkMiner</a>. NetworkMiner can extract files of all formats, not just jpeg and exe. The secret is that NetworkMiner does deep packet inspection rather than file carving (like tcpxtract). This also makes it possible to extract files from HTTP sessions that use chunked or compressed transferes. Another cool thing with NetworkMiner is also that it can be used to sniff the traffic, so no need to sniff with one app and analyze with anoter anymore. Check it out on sourceforge: http://networkminer.sourceforge.net/ A tool that is better at extracting files from pcaps is NetworkMiner. NetworkMiner can extract files of all formats, not just jpeg and exe. The secret is that NetworkMiner does deep packet inspection rather than file carving (like tcpxtract). This also makes it possible to extract files from HTTP sessions that use chunked or compressed transferes.

Another cool thing with NetworkMiner is also that it can be used to sniff the traffic, so no need to sniff with one app and analyze with anoter anymore.

Check it out on sourceforge:
http://networkminer.sourceforge.net/

]]> By: Darren http://www.hak5.org/episodes/episode-513/comment-page-1#comment-35330 Darren Fri, 15 May 2009 15:54:33 +0000 http://www.hak5.org/?p=1118#comment-35330 IDA is a disassembler. http://www.hex-rays.com/idapro/ IDA is a disassembler.
http://www.hex-rays.com/idapro/

]]> By: choekstr http://www.hak5.org/episodes/episode-513/comment-page-1#comment-35328 choekstr Fri, 15 May 2009 14:53:37 +0000 http://www.hak5.org/?p=1118#comment-35328 Anyone know what tool int80 is talking about when he references "ida" (sp?) sandbox program? I did some google searches but didn't come up with much. I currently use sandboxie but find it a bit obtrusive to the system and I have had a malware infected keygen break out of it and don't trust it anymore. An alternative sandbox would be nice to try out. Thanks for any insight, choekstr Anyone know what tool int80 is talking about when he references “ida” (sp?) sandbox program? I did some google searches but didn’t come up with much. I currently use sandboxie but find it a bit obtrusive to the system and I have had a malware infected keygen break out of it and don’t trust it anymore. An alternative sandbox would be nice to try out.

Thanks for any insight,
choekstr

]]> By: Patrick http://www.hak5.org/episodes/episode-513/comment-page-1#comment-35313 Patrick Thu, 14 May 2009 23:19:22 +0000 http://www.hak5.org/?p=1118#comment-35313 If you're going to be using debug to dump an EXE payload, wouldn't you be sending it via ASCII in assembly? Then it converts the assembly lang to an exe and it wouldn't have the binary header you're referring to. That's why it's called a "bypass", correct? There's where the 64kb limit comes in -- you're limited to 64kb of plaintext (albeit asm) code. This is just from old memory -- been a while for me. If you’re going to be using debug to dump an EXE payload, wouldn’t you be sending it via ASCII in assembly? Then it converts the assembly lang to an exe and it wouldn’t have the binary header you’re referring to. That’s why it’s called a “bypass”, correct? There’s where the 64kb limit comes in — you’re limited to 64kb of plaintext (albeit asm) code. This is just from old memory — been a while for me.

]]> By: ioyou http://www.hak5.org/episodes/episode-513/comment-page-1#comment-35309 ioyou Thu, 14 May 2009 22:19:19 +0000 http://www.hak5.org/?p=1118#comment-35309 @Shikata I would have never thought that they would watch it during class. Although i have lived in Germany and gone to school there, the only time people watch porn is usually during lunch or after school while nobody is around. That is what happened at my school since it has a 1gb uplink and everyone in the school who bought a laptop could access the network. But the sys admins got smart and decided to implement to implement new cisco switches which scan the packages. so now they have resorted to ssh tunneling to get passed the packaged scanning lol German students get resourceful lol. @Snubs You must show us how you can take so long lol @Shikata
I would have never thought that they would watch it during class. Although i have lived in Germany and gone to school there, the only time people watch porn is usually during lunch or after school while nobody is around.
That is what happened at my school since it has a 1gb uplink and everyone in the school who bought a laptop could access the network.

But the sys admins got smart and decided to implement to implement new cisco switches which scan the packages.

so now they have resorted to ssh tunneling to get passed the packaged scanning lol

German students get resourceful lol.

@Snubs
You must show us how you can take so long lol

]]> By: Shikata http://www.hak5.org/episodes/episode-513/comment-page-1#comment-35307 Shikata Thu, 14 May 2009 21:26:06 +0000 http://www.hak5.org/?p=1118#comment-35307 @ioyou I work at an institution (that is not an invite to trace my IP guys) and everyone thinks it's their "RIGHT" to view what they want on the education network. It gets bad when they start doing it in class and it gets broadcasted to our electronic classrooms that are conferenced in 200+ miles away. @Snubs I was giving you the benefit of the doubt to explain yourself, but if you're just going to blame on the noobs I would like you to time yourself the next time you put your seat belt on. 0-2s - You're ok 3-5s - You're getting old 6-10s - Drunk/Noob 11-15s - You're high and can't figure it out. 15+ - You are autistic and/or have ADHD (or your name is Shannon) Please give us the results. I also welcome anyone to adjust my descriptions to your liking. @ioyou
I work at an institution (that is not an invite to trace my IP guys) and everyone thinks it’s their “RIGHT” to view what they want on the education network. It gets bad when they start doing it in class and it gets broadcasted to our electronic classrooms that are conferenced in 200+ miles away.

@Snubs
I was giving you the benefit of the doubt to explain yourself, but if you’re just going to blame on the noobs I would like you to time yourself the next time you put your seat belt on.

0-2s – You’re ok
3-5s – You’re getting old
6-10s – Drunk/Noob
11-15s – You’re high and can’t figure it out.
15+ – You are autistic and/or have ADHD (or your name is Shannon)

Please give us the results. I also welcome anyone to adjust my descriptions to your liking.

]]> By: ioyou http://www.hak5.org/episodes/episode-513/comment-page-1#comment-35305 ioyou Thu, 14 May 2009 20:26:10 +0000 http://www.hak5.org/?p=1118#comment-35305 @Shikata Nice choice on monitoring your intranet. I can't believe that someone decided to watch erotic videos during lol @[3w`Sparky] Ya that's a good idea with the levels. although i got pretty far. I had all the clues just didn't know that the password for the zip was the code of the last one. @Shikata
Nice choice on monitoring your intranet.
I can’t believe that someone decided to watch erotic videos during lol

@[3w`Sparky]
Ya that’s a good idea with the levels. although i got pretty far. I had all the clues just didn’t know that the password for the zip was the code of the last one.

]]>