Download HD Download MP4 Download XviD Download WMV

Malware Analysis Sandbox

CWSandbox is an automated malware analysis sandbox. It works by running suspected malware samples in a simulated Windows OS. So as opposed to trying to break into the malware code to see what it does, we simply run it in a live environment. That way we can monitor all the network traffic that the malware generates. All of the processes that are created, the DLLs that are loaded, any changes to the Windows registry and even what it’s doing to the file system.

This is achieved by using a technique called API hooking. That basically means that when the malware calls the Windows application programmers’ interface to say something like “connect to this IP address” or “modify this file” it’s actually going to CWSandbox’s monitoring software, which logs the action and goes ahead and makes the change.

It’s kind of like an operating system man-in-the-middle. For malware.
So once a suspected malware sample is run through the tool you get a computer generated report of what the executable is actually doing. And this can be fed into anti-virus and intrusion detection systems to monitor for similar behavior.

PC Remote Control over Twitter

While there is no denying the power of running your own SSH, VNC server at home for remote access, wouldn’t it be nice if you could simply text message your computer something simple like “Hey, what’s your external IP address” or “Send me a screenshot” or “Go download this file”

And if Robin Wood has taught us anything with KreiosC2 – commanding your computer, or even a large botnet for that matter, over social networks is quite possible.

But now it’s time for something a lot more user friendly. This week Snubs investigates TweetMyPC

Download HD Download MP4 Download XviD Download WMV

DHCP Exhaustion and DNS Man-in-the-Middle Attacks

Rather than your typical ARP based Man-In-The-Middle attack, Robin wood brings us two metasploit modules for both denial of service attacking a DHCP server and deploying a rogue DHCP server of your own with a DNS MiTM to boot. Check out the Metasploit DNS and DHCP Exhaustion – BETA at Digininja.org.

The JasagerInterceptor – a Pineapple Monkey mashup

This week we take a look within the community and highlight some of the awesome work done by Beakmyn. In an answer to Deathray’s thread on a Jasager with a network tap like the Interceptor, he brings you just such project. Behold the JasagerInterceptor. I’ve seen it with my own eyes at Shmoocon and I must say it’s a nifty bit of kit.

Download HD Download MP4 Download XviD Download WMV

A Great Week for Hacking

• Our pal Mubix, while sad about the demise of MDD, is excited about Fastdump Community Edition
• Decaf defeats Microsoft’s Cofee
• People, this is why encryption is important. Predator drones hacked.
• Darren is excited about Wordpress 2.9’s oEmbed Feature
• It was only a matter of time^H^H^H^Hseconds before the Nook was rooted
• Shannon is eager for some free in-flight WiFi.

Build wordpress, joomla, droopal themes without code

While it’s no Geocities page creator, Shannon reviews (and mostly likes) last week’s CMS theme generator recommendation Artisteer. Shannon reviews it’s basic operation and gripes about the trial limitations. Worth $50? Maybe if you’re looking to build a dozen Wordpress themes. Just looking for a one-off? You’re probably better off with a free, or even paid theme.

Droid tethering without root access

While we’re likely mere moments away from WiFi Droid Tethering [Edit: Well would you look at that], Darren has just the trick for tethering the Droid with Ubuntu without root access. Ok, actually root on Ubuntu is required but not on the droid. Easy enough Eh?

Mad props to Shannon VanWagner for putting together a simple 15-step process for tethering via USB with Ubuntu and the Droid.

And mad props again to bigmack83 for turning these 15 steps into a basic shell script. Actually a wizard would be more apt, as this script guides you through the process of installing packages, creating rules, setting up your droid and finally connecting.

You’ll need a debian based Linux like Ubuntu (but I’m fairly certain you’ll be able to adapt for the apt-less), the tether script and the Android SDK.

Read on for details from the author

Download HD Download MP4 Download XviD Download WMV

Hacking the Motorola Droid: Root Access!

As expected the Motorola Droid has been rooted. That is to say there’s a hack that’ll unlock SU, or super user privileges on the phone. The hack is essentially su bundled in an unsigned update that can be run from the SD card. The unlocking process, which has changed since introduction, is outlined at this AllDroid.org forum thread.

At time of writing the process is to download this zip, rename it to update.zip and copy it to the root of your Droid’s SD card. Shutdown the Droid and start it by holding Power and X. Once greeted by an exclamation point on your screen hold the camera and volume+ buttons. From the menu choose the update.zip with the D-Pad, and once updated choose reboot.

Keep in mind that when it comes to unlocking moving targets like this it’s best to check with droid forums beforehand.

A Linux Doom Source Port

It was only a matter of time before we put Doom on The Zipit Z2. The recently unlocked linux-based wireless device is a prime candidate for fragging, what with it’s QVGA color display, WiFi and all. After unlocking, installing Doom is simply a matter or launching Fluxbox with startx and downloading PrBoom, a cross-platform Doom Source Port, with apt-get install prboom. The trick in launching PrBoom from /usr/games/ is to add the -width 320 -height 240 parameters. While PrBoom comes included with Freedoom, a free and open source Doom compatible IWAD, you may provide your own doom or Doom2-iwad parameter.

It is also worth noting that PrBoom comes with it’s own tcp game server for deathmatch. If anyone wants to try a little Zipit Z2 deathmatching hit us up. Or if you’re looking for some Doom goodness on the PC check out my favorite port, Skulltag.

Boot Chromium OS from USB

While still early in it’s development stages, Google’s upcoming Chrome OS is a neat OS to play with — especially on a netbook. While the Virtual Machine images floating around are nice for a glimpse, if you really want to immerse yourself in the Chrome OS experience it’s best to boot it from the metal. This can be achieved by “burning” this Chromium OS image to 3GB or greater USB or SD media. Here’s a torrent.

If you’re familiar with dd it’s simply a matter of downloading the torrent, unzipping and imaging the included chrome_os.img to your media. For example, dd if=’chrome_os.img’ of=/dev/sdb where /dev/sdb is the path of your removable media.

If you’re in Windows you’ll be delighted to find that the linked zip contains a copy of WinDD, as well as writing instructions. More information can be found at this makeuseof.com article. Important tidbits include the fact that the default user and password are chronos / password and that a terminal can be accessed by CTRL+ALT+T. Oh, and the xrandr command is available if your desired resolution isn’t detected automatically. The syntax is typically xrandr -s 1024×768 or similar.

Moxie Marlinspike’s SSLStrip, released at Blackhat/DEFCON this year, is a tool that transparently hijacks HTTP traffic and redirects HTTPS links to look-alike HTTP links. While this description barely scratches the surface, Darren’s segment takes a closer look including a pracitcal demonstration of a man-in-the-middle attack using arpspoof and a little luck with remote-exploit’s BackTrack 4 penetration testing distribution.

Continuing on with our VPN series I find it important to highlight the weaknesses in the protocols we have talked about thus far. In my last segment I highlighted a tool that allows an attacker to easily hijack an SSL session using a man-in-the-middle attack. Couple this with Adito (aka OpenVPN-ALS), my favorite open-source SSL VPN server, and you can see the problem.

But what about the basic Microsoft VPN we setup a few weeks back? The VPN servers that we setup on Windows XP and Server 2003 used either active directory or local windows accounts to authenticate users.

And looking back at our discussions on pwdump, rainbow tables and the like you’ll remember the inherent weaknesses in Windows account credentials.

There are two ways Windows stores a user’s account credentials, or password. LAN Manager hashes which are comprised of watered-down weaksauce and NTLM which are succeptable to time-memory tradeoff attacks.

The default VPN server implemented in Windows XP and Server 2003’s Routing and Remote Access service uses Point-To-Point-Tunneling-Protocol. This is convenient because the Windows clients have supported Microsoft PPTP VPN connections natively since 2000, and in Windows 95/98 with Dual Up Networking version 1.3.

The modern authentication protocol of Microsoft’s PPTP is MS-CHAPv2. This Challenge Handshake Authentication Protocol suffers from inherent weaknesses.

As far back at 1999 these weaknesses have been widely known. If you’re interested in reading more on the cryptanalysis of MS-CHAPv2 there’s a nifty paper written by Bruce Schneier and L0pht that I’ll link in the show notes.

And while other options exist such as Radius, this is still the default option for PPTP authentication in Windows environments.

Joshua Wright, author of coWPAtty (See our segment here), released in 2004 a proof of concept tool to demonstrate weaknesses in LEAP and PPTP protocols.

This tool, ASLEAP, was updated in 2007 to include an option to just crack MS-CHAP v2. Either by examining a packet capture that includes a MS-CHAP handshake ASLEAP or specifying an MS-CHAP challenge and response ASLEAP is able to deduce the username and last two bytes of the NT hash. Using this information, and a dictionary file, ASLEAP is able to brute-force the hash.

It’s also a prime candidate for some hacking. In this segment we’ll unlock the device and install Debian, X, and Pidgin. The Z2 also has potential for emulators, video streaming and more.

Rather than repeat what has already been well documented we’ll link to these helpful Zipit Z2 hacking resources:

• Hunter David’s blog – A bunch of well documented ZipIt hacks, many with videos
• The Zipit Wireless Yahoo Group
• Quantum Lime’s step by step Zipit Z2 Debian guide