Download HD Download MP4 Download XviD Download WMV

Rogue DHCP Server Detection

Following up with last week’s discussion on Rogue DHCP Servers I found it fitting to mention Tim Ashley’s Rogue DHCP Server Detector as found on the Hak5 forums.

Free Application Sandbox Challenge

In an effort to discover whether free application sandboxing solutions from Comodo and Sandboxie can save a (L)user from themselves, Darren takes three Internet Explorer 6 Virtual Machines around the Internets famous red light district in a set of challenges put forth by the fine folks at irc.hak5.org.

The Top “Ultra” Windows Warez

Perplexed by software titles claiming to be the most elite thing since ascii art Shannon set off to round up the top “Ultra” software for Windows and see there is any merit fo their titles. The round up includes:

• #5 Ultra Screensaver Maker
• #4 Pong Ultra
• #3 Ultra Network Analyzer
• #2 UltraVNC
• #1 Ultra Defrag

Download HD Download MP4 Download XviD Download WMV

Port Tunneling and Socks5 Proxies with a Secure Shell (SSH)

SSH Tunneling isn’t new to the show, we’ve done it before over DNS or in conjunction with VNC. Today we’re looking at two SSH tricks for tunneling just about any traffic.

First up, ssh -D. The -D option specified a local "e;Dynamic"e; application-level port forwarding. Any connection made to the specified port goes through the tunnel as a SOCKS4 or SOCKS5 proxy. Perfect for secure web browsing as demonstrated with Firefox in this segment.

Usage

ssh -D 8080 user@server

Second, ssh -L. The -L option enables port forwarding. Using this option tells the SSH client to listen to traffic on a specified port and forward it along through the tunnel. The server receives this data and points it to the specified destination, whether it be on the destination network or otherwise. In our example we use the -L option to securely connect to an open IRC server.

Usage

ssh user@server -L local-listen-port:destination-ip:destination-port

For more SSH-fu check out the ssh man page or Linux Journal’s interesting series on 101 uses of openssh.

Bypassing site-blocking firewalls with your own private web proxy

The age old scheme for bypassing restrictive firewalls, like those that block sites at school or work, has been to use a web proxy. Of course this is followed up by the network administrator blocking all mainstream proxies. But what if you could run your own? Well, you can and it’s really freaking easy. In this segment Darren demonstrates PHProxy

Cracking MS-CHAPv2 PPTP VPN handshakes & LM Hashes Followup from 6×12

On episode 612 we demonstrated a tool, asleap, designed to crack MS-CHAPv2, the authentication protocol commonly found in Microsoft PPTP VPNs. The final demo was unsuccessful due to the encoding of the handshake and response sniffed by Wireshark. Viewer Sc00bz was kind enough to post a PHP script that accepts the challenge, response and username and provides you with the proper asleap command to run with the properly encoded byte sequences. Sc00bz has well documented the code, which lives now on this Hak5 forum thread. Thanks Sc00bz!

Deploying Virtual Appliances in minutes the open source way

A Virtual Appliance can be though of as a software image containing a supporting stack designed to run inside a virtual machine. A quick look at vmware’s virtual appliance directory shows that there are hundreds of applications that can be quickly and easily deployed. In this segment I take the Dimdim open source virtual appliance, designed for vmware, and deploy it with VirtualBox (just becasue I can).

Download HD Download MP4 Download XviD Download WMV

Show Notes

Internet Redirection

Corporate and university firewalls can be a particular PITA — especially if you’re a gamer. And while SSH tunneling (even over DNS)or VPN technologies are often preferred, it is quite possible to “bounce” your traffic off an Internet Redirection server. Like a fancy proxy, rinetd allows you to specify incoming and outgoing IP and port. It features basic client access rules based on IP and even supports logging. In my segment I demonstrate accepting traffic on port 80 and transmitting it to an IRC server on port 6667.

Granted this isn’t going to fool your more complex firewalls that actually inspect packets — but if you’re just looking to get traffic through an open port I highly recommend giving rinetd a try.

–Darren

Steghide

Download a copy of Steghide. Extract the zip.

You want to hide a file. First thing you need is a file to hide it in. Choose a file – whether that be a music file, jpeg, word document… whatever – and save it inside the steghide folder, which was extracted from the zip folder. Also, save your file that you want to hide inside that same folder as well.
Open up your command prompt and open the steghide folder directory. Open the steghide.exe file. The last few rows of type will tell you how to embed and extract your hidden file.

Embedding:
Type into the command prompt: ’steghide embed -cf file.jpg (this is your regular file) -ef hiddenfile.txt’ (this is the file you want to hide).
Choose a Passphrase and you’re done! You’ll notice the original photo or music file has changed it’s byte size now that you’ve embedded something inside it.

Extracting:
Type into the command prompt: ’steghide extract -sf file.jpg’ and enter the passphrase. Now, you’ll see the extracted hidden file appear inside the same folder.
Your done! Simple, eh?

–Shannon

Download HD Download MP4 Download XviD Download WMV

Watch

Show Notes

Taking a trip around your network with Nmap

This week I talk about network scanning with the difinitive open source security scanner Nmap.

Scanning ones own network is ideal whether simply to know your neighbors or keep inventory of your assets. As a black hat it can be the first step in enumerating a target environment and looking for weaknesses.

In order to perform our scan we’ll simply need a copy of Nmap. It’s available for Windows, Mac, and just about every flavor of Linux, BSD and more. If you’re on a debian based system like Ubuntu a simple apt-get install nmap should do you good. If you’re looking for a security distribution with nmap (and a ton of other great tools) built in can’t speak highly enough of BackTrack. Version 4 beta was just recently released.

The underlying workings of Nmap are better explained in this guide but suffice it to say it takes advantage of TCP’s 3-way-handshake and other fancy raw packet tricks to find hosts and open ports. In this segment I set out to introduce the concept and get you started with a few basic examples. If you’re interested I recommend Nmap Network Scanning and the official man pages as further reading.

The segment details some commands and their usage in a searching for open MS terminal servers scenario. I highly encourage you to provide feedback either by way of email (darren AT hak5 d0t org) or on our forums. I enjoy doing segments like these but if you have any corrections (more than one way to skin a cat), suggestions for future topics or hacks of your own please let me know.

–Darren Kitchen

Obscure your OS Fingerprint

OSfuscate 0.3 by Irongeek is used to camaflouge or obscure your Windows OS. With this tool, it’ll show up like another OS of your choice, nothing at all, or even a printer. OSFuscate could be used if you are on a hostile network and need some sort of cloak while going along in your daily routine. It is important to note that this is not a fool proof method for hiding yourself on a network and should not be relied upon for security. however, as a layer of obscurity in addition to your regular security practices you may want to consider it.

It’s a simple process to set up OSFuscate on your machine. Go to Start->Run->Regedit. Back up your Parameters folder, found under System->CurrentControlSet->Services->Tcpip->Parameters. You can do this by simply right clicking on the folder, and choosing export. This is basically just to keep yourself form messing up your OS in the process and having no way to return it to normal. You’ll notice on Irongeek’s website that certain Parameter Registry keys will be subtly changed. You could do this by hand, but OSFuscate makes this task super simple. Open OSFuscate, and choose an OS that you want to pretend to be. Restart your computer and the differences should be in place! Now if someone running NMap snoops your computer, they’ll see some other OS other than what you actually have.

You can find more information at Irongeek’s Website. And as always, you can email me with any comments or suggestions.

as it really helps us out.

–Shannon Morse

Matt’s full review of the Napera N24 can be found on his blog at MattLestock.com.

Thanks for tuning into our season premiere episode. We’re very excited about all of the exciting new projects coming up in Season 5. We appreciate and encourage your feedback — especially on this episode’s fresh format, pace, and presentation. We strive to make this show better and better for you every week so let us know how we’re doing!

And a big thanks to those who’ve contributed to the success of Hak5. Your donations are greatly appreciated!

Watch

Production Note

With this episode and onwards we fixed the issue that was mudding up the sad standard-def video signals from our cameras. We’re still working on going HD and hope to be there by the end of the year. More details.

Show Notes

Chris Gerling shows us how to do a little reverse engineering with an educational tool called a CrackMe. These aptly named CrackMe files are great for practicing reverse engineering skills. Chris walks us through the steps involved in unlocking the Crackme’s code using .NET Reflector, some Python code, and a little a hex calculator. More detail in Chris’ blog post and more Crackmes at LearnSecurityOnline.com.

Matt demonstrates a killer app for anyone who manages firewalls. Firewall Builder creates, validates and deploys configurations to popular firewalls from your standard Linksys WRT54G using Sveasoft, to iptables, to Cisco using an intuitive graphical interface. Can we say access-list inside_access_out permit tcp any eq www host hak5.org eq www? Check out Matt’s full review at MattLestock.com

Remember the good ol’ days before the Internet? Ever access a BBS? How about 1200 baud bliss with an xmodem transfer of the latest leet ezine from across the country via a toll-free PBX or some magical tones? If not that’s cool too, we’ve got just the thing for you. How about a multiplayer text adventure, the predecessor to modern day MMORPGs? That’s right, the Hak5 BBS is up and running so telnet on over to bbs.hak5.org, port 23 of course, and check out the door games. We’re running an active game of Legend of the Red Dragon as well as dopewars, pimpwars, food fight, and more.

Darren cracks open the pineapple and demos Jasager. He even pronounces it correctly this episode. In our controlled environment we go into how the system works, the interface, setting it up, and the future of the project. We’ll be building one from scratch on 405, then stay tuned for an interview with developer Robin Wood from this years Toorcon in San Diego. You can read up on Jasager and get yourself a fresh tarball at Robin’s site.

Speaking of Toorcon, if you’re going and wanna meetup for a drink or say hi and grab some stickers be sure to follow one of us on Twitter. You can find us all at @hak5

Download

Download Xvid

Watch on Youtube

Watch on Stage6

Length: 32:30