Shannon shows us how to perform arp cache poisoning attacks with ease. Jason joins us for a little cloud backup action using Perl and Amazon S3. Darren covers cracking the code: network enumeration and hash cracking, plus promiscous mode wifi cards, hacked Canon EOS firmware, and a whole lot more.
In a report by the University of Cali, San Diego and University of Washington, scientists have discovered ways to remotely take over your car. This hasn’t happened out in the wild just yet, but they bought a car and put it through a whole bunch of hacks. Cars now-a-days come with cellular connections and Bluetooth technology. So, a hacker could potentially remotely take over the locks, brakes, etc, or track the vehicles location.
Full Disk Encryption for both internal memory and Secure Digital cards are coming to Android by way of WhisperCore, an app from Whisper Systems. Mixie Marlinspike, co-founder and CTO of Whisper Systems demonstrated the beta of a 256bit AES encryption system on a Nexus S phone recently. WhisperCore is expected to roll out for other Android devices as a free-for-personal-use app with corporate pricing to follow. You may remember Marlinspike from such tools as sslstrip, googlesharing, and the cloud cracking service wpacracker.
Sn0wbreeze 2.3 just came out for all your Apple jailbreaking needs… or some of them at least. This tool will let you jailbreak your iphone, ipad, or ipod using iOS 4.3 on Windows, but it requires tethering. Redmond Pie, the creators of the jailbreak, say you can also use the PwnageTool if you don’t feel like using Windows.
Twitter finally jumped on the SSL bandwagon. Following in the footsteps of Facebook, and after the “OMGs my packets can be sniffed” awakening that was Firesheep, you can now use HTTPS to login to the social networking service. In fact there is even an option under account settings to always use HTTPS. Good on ya, Twitter, for making SSL an opt-in feature. In related news, SSLSTRIP still works.
Make your friends beleive you really are an Xmen! Or, close to one… The guys at the London Makerfaire 2011 , Hackerspace and Brightarcs used a Kinect to make Tesla coils react to your every move. And where did they get the idea? Oh, at the local pub of course. It’s called the Evil Genius Simulator. Win.
Road Test: Magic Lantern Firmware
When it comes to extending the life of your digital camera nothing does more than installing a custom rom. The Magic Lantern firmware for the t2i and the 5d Mark II has done just that for me. Even though the firmware is still in beta, after 4 monthes later it’s really proven to be a strong tool set. However it’s not for everyone, there are some downsides: sometimes the camera locksup when switch modes and requires it’s battery pulled, The menu is not perfect and can cause artifacts to remain on screen until restart. The tools that it brings to the tabel more than make up for it include audio meter, custom safe zone overlays, mic input levels and the ability to record the mic input the the on the left track while recording the on board mic the the right channel. All and I recommend, however if the idea of you camera freezing scares you it not quite ready for you just yet. However, it just came out of beta on the 13 of march and I can’t wait to try it out.
Cracking the Code: Network Enumeration and Hash Cracking
Last Week: This composer of Blade Runner was an inspiration to the recently released OST by Daft Punk of Tron Legacy? The answer was Vangelis. This weeks question is: In Season 5 of X Files, Esther Nairn is the creator of what ‘narly’ entertainment software? Answer at hak5.wpengine.com/trivia for your chance at some swag!
Cloud backsup with Perls and Amazon S3
In this segment Jason shows us how to setup perl scripts to automate backups to an Amazon S3 account.
- Install ruby
- sudo apt-get install ruby
- check if ruby is installed
- ruby -v
- now get the s3sync ruby scripts
- wget http://s3.amazonaws.com/ServEdge_pub/s3sync/s3sync.tar.gz
- tar xvzf s3sync.tar.gz
- rm s3sync.tar.gz
- cd s3sync
- Create Traget directory /s3backup
Edit the s3config.yml with Access Key ID, Secret Access Key
Once that’s done we are good to go to build out our script the dump the backup files in to the traget folder the trigger the sync.
Now we have our backup script working, let drop it into the cron folder and automate this. Now you have a bullet prof backup. We Have been using it for hak5.wpengine.com for sometime now and it’s saved us on more than one occasion. If you have any questions about this of any of the other segments you have seen on todays show email us and firstname.lastname@example.org
Segment Keywords (Comma separated): cloud backup, amazon s3, perl, perl script, s3 script, amazon s3 script, crontab, automate s3 backup, s3 backup script,
ARP Cache Poisoning Attacks on Windows
“We get asked a million times over if we’d demonstrate an ARP-Cache Poisoning Attack for Windows, and while we’ve covered this *WAY* back in Season 1, I figured it’s worth a refresher. Now, there are a million ways to do this in the command line with linux tools, but here in Windows we’ll be using a very simple tool called Cain & Abel. Once you’ve downloaded and installed it from www.oxid.it go ahead and fire up the sniffer by flicking the chip icon in the top left. The first time you do this you’ll be asked to select your interface. You can get back to this screen anytime by clicking Configure. I’ve selected this interface here with my IP address since it’s my wireless network card. Now I can scan the network for potential targets. Go to the sniffer tab, right-click, and select Scan Mac Addresses. I’ll stick with the default “”All hosts in my subnet”” and click OK. Now that I have a list of machines on the network I can go over the the APR tab and start the actual ARP Cache Poisoning Attack. Click the blue plus icon on the toolbar to bring up the routing dialog. Here I’ll select 10.13.37.1 on the left — that’s the router — and 10.13.37.124 on the right — that’s Darren’s machine. Click OK and the route will be loaded. Now, begin the poisoning attack by clicking the radiation icon in the top left. Immediately our poisoning attack begins. Now sit back, relax, and wait for your target to do some browsing. Once enough traffic has gone through your’ll notice Full-routing below.
So, what does all of this mean?
ARP Cache Poisoning attacks basically mean a technique used to attack a wired or wireless connection. The attacker can sniff data and send a spoofed ARP message to the LAN. So when they send that spoof message, they receive data that was intended for the router or the computer in question. It’s a man in the middle attack. Neither machine knows I exist in the middle. They just think they’re sending data like usual.
So, what tools are tickling your technolust? Send ’em by — email@example.com — and we’ll share ’em with the world.
Promiscous mode Wifi cards and Hak5 cameras
DT wrote in: Is there a cheap substitute for an airpcap maybe a firmware flash on a certian wifi card? or something to run software side to work with the wifi card? or virtual appliance?
Your best bet is looking at aircrack-ng compatible cards. Everything you ever wanted to know about wireless card capabilities can be found in the links there.
Daniel wrote: What type of cameras you use for your show. What model. Thanks in advance. Keep the great show.
We’re rocking a single Panasonic AG-HMC150 and two Panasoic HMC40s. To be fair when we started out we were using a trio of the Sony DCR-HC85s. What you shoot is way more important than what you shoot on.
Show Notes Outro (HTML):
Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop – including the new airport friendly WiFi Pineapple and hoodie. Finally if you’d like to suggest a topic
for ask a question feel free to hit up firstname.lastname@example.org.