Episode 621 – MiTM Javascript Keylogger, Social Engineering Toolkit and more

This week Darren is joined by Rob Ruller, aka Mubix for a little fun with Man-in-the-middle javascript keylogger using the Middler, and pwning with the Social Engineering Toolkit. Plus using Spotify in the US without a proxy, Mac Address spoofing in Linux or Windows, Virtual Appliances for VirtualBox, and much more! Take an hour lunch and prepare to feed your technolust!

Download HD Download MP4 Download XviD Download WMV

Cross Platform Encryption

Mahmoud, as well as many others, wrote in to ask about the cross-platform compatability of the encryption set setup on Hak5 episode 620 using cryptsetup.

The short answer is, no, it’s just for Linux. If you’re looking for something both open source and cross platform look no further than Truecrypt

Spotify in the United States without a proxy

Following up on last week’s question about IP spoofing so users in the US can try out Spotify, we’ve got just the trick without a proxy. Ok, well sorta. If you happen to have a beta invite and a friend, perhapse on IRC, in an allowed country it’s just a matter of having them sign up for you. The only limitation is that you’ll need to have your account signed into from your “home country” every 14 days. On the other hand if you decide to spring for the €9,99/mo premium account you, supposedly, don’t have such limitations. Thanks to Jouni in Finland for hooking me up. I’ll be sad when its game over in two weeks. Or will it?

Virtual Appliances for VirtualBox

If you’re a fan of VirtualBox then you’ll love VirtualBoxImages.com. They’ve got pre-packaged VirtualBox VDI’s ready for your enjoyment.

Javascript Keylogger via Man-in-the-Middle Attack

When it comes to man-in-the-middle attacks just about anything is possible. In this segment Darren explores InGuardians tool the Middler. Using a plugin architecture for manipulating (among others) http traffic, we attempt to get the infamous javascript onKeyPress keylogger going. Without much success in that department Darren goes on to demonstrate iframe injection and ponders ways to make the borked plugin behave.

Social Engineering Toolkit

Hacking isn’t just about remote code execution. Well, I mean, that’s fun and all but rather than exploiting the server, how about exploiting the Human OS. In this segment Mubix demonstrates David Kennedy (aka Rel1k)’s tool, The Social Engineering Toolkit. Despite some challenges with clients that werent setup with Java, Mubix successfully demonstrates meterpreter in conjunction with a cloned site.

Mac Address Spoofing

@Bluesmanchukk writes in to ask about Mac Address Spoofing. Darren and Rob discuss their favorite tools for the job: ifconfig (Linux), GNU MAC Changer (Linux), MadMACs (Windows), Mac Randomizer (Linux).

Multi-Player Notepad

Stoned33 wrote in to ask for our picks for simple online collaboration. Aside from the obvious Google Wave, Rob recommends the recently Google-Acquired yet still operating Etherpad. This real-time document editor is like multi-player notepad on crack. Give it a shot.


  • rami_info

    Hi hak5 crew

    I’ve asked for compressing the HD video files for both: hak5 & haktip shows
    to allow lowbandwidth people as me to get download faster and very good HD file inspite of the low ones (flv or phone).

    Thnx a lot and best wishes for next hak5 shows.

  • rami_info

    Hi again

    Is the BLUESTORK WIFI USB DONGLE 802.11g enough to make some WPA/WEP/PSK wireless crack (client/clientless) ?

    Do I need to buy the ALPHA and how can I mod my own bluestork to support advanced wifi hak as the pineapple does?

    Thx a lot, love the show.

    Best wishes , special thnx to Sir DARREN Kitchen & Miss SHANON Morse

    Good luck for more fun with hak5 😉

  • rami_info

    The episode Hak5 1106 “How To Setup Two Factor Authentication in Backtrack Linux” was awesome but difficult to get it in one show, I mean that I was able to use udev and tricks around but it was difficult when trying to mess up with the encryption: I got some fear to lose my data so I couldn’t take any hasard to encrypt my volume with 2 levels.

    Thnx after all so much to INT0x80

    Keep alive with hak5 with the ifconfig eth0 UP

    Good luck

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>