Download HD Download MP4 Download XviD Download WMV

Port Tunneling and Socks5 Proxies with a Secure Shell (SSH)

SSH Tunneling isn’t new to the show, we’ve done it before over DNS or in conjunction with VNC. Today we’re looking at two SSH tricks for tunneling just about any traffic.

First up, ssh -D. The -D option specified a local "e;Dynamic"e; application-level port forwarding. Any connection made to the specified port goes through the tunnel as a SOCKS4 or SOCKS5 proxy. Perfect for secure web browsing as demonstrated with Firefox in this segment.

Usage

ssh -D 8080 user@server

Second, ssh -L. The -L option enables port forwarding. Using this option tells the SSH client to listen to traffic on a specified port and forward it along through the tunnel. The server receives this data and points it to the specified destination, whether it be on the destination network or otherwise. In our example we use the -L option to securely connect to an open IRC server.

Usage

ssh user@server -L local-listen-port:destination-ip:destination-port

For more SSH-fu check out the ssh man page or Linux Journal’s interesting series on 101 uses of openssh.

Bypassing site-blocking firewalls with your own private web proxy

The age old scheme for bypassing restrictive firewalls, like those that block sites at school or work, has been to use a web proxy. Of course this is followed up by the network administrator blocking all mainstream proxies. But what if you could run your own? Well, you can and it’s really freaking easy. In this segment Darren demonstrates PHProxy

Cracking MS-CHAPv2 PPTP VPN handshakes & LM Hashes Followup from 6×12

On episode 612 we demonstrated a tool, asleap, designed to crack MS-CHAPv2, the authentication protocol commonly found in Microsoft PPTP VPNs. The final demo was unsuccessful due to the encoding of the handshake and response sniffed by Wireshark. Viewer Sc00bz was kind enough to post a PHP script that accepts the challenge, response and username and provides you with the proper asleap command to run with the properly encoded byte sequences. Sc00bz has well documented the code, which lives now on this Hak5 forum thread. Thanks Sc00bz!

Deploying Virtual Appliances in minutes the open source way

A Virtual Appliance can be though of as a software image containing a supporting stack designed to run inside a virtual machine. A quick look at vmware’s virtual appliance directory shows that there are hundreds of applications that can be quickly and easily deployed. In this segment I take the Dimdim open source virtual appliance, designed for vmware, and deploy it with VirtualBox (just becasue I can).

Download HD Download MP4 Download XviD Download WMV

While Shannon’s on vacation our friend Jenn Cutter from Open Alpha joins us to talk about the recent developments in PSP hacking and homebrew.

The PSP homebrew scene has grown more interesting over the past little while since the user base has been sectioned off into different camps based on the particular unit they purchased and whatever firmware they are using. Thanks to the efforts of Team Typhoon, ChickHEN (homebrew enabler) permits owners of all models to run the unofficial apps and games they’ve grown to love without touching the flash of the PSP, so there’s no worrying about turning it into a brick. No one likes expensive bricks. Keep in mind that ChickHEN is not a piracy tool so don’t expect to run any type of backups though it. Davee has the lowdown on the latest release which can be downloaded here. If you are curious or sceptical, feel free to check out video proof that it works on PSP 3000s.

–Jenn Cutter

Matt answers your questions about storage area networks and recommends QNAP. If you’re feeling hands on rolling your own is a great option too. Matt points out his favorite hardware like 3Ware RAID cards, Transcend IDE Flash Modules, and the Intel Storage Server SSR212MC2. Software wise it’s worth investigating Freenas, and SAN Melody.

Continuing on with Eighty’s segment on extracting windows executables from packet captures and Mubix’s segment on network tap analizers, Darren’s taking a look at the open source tool ngrep. If you’re familiar with grep you’ll be at home with this tool. Darren demonstrates using the tool to filter packets from a live capture using a Network Monkey. Alternatively it can be used with pcap files.

Don’t forget to check out our latest contest at Hak5.org/yourlan where the most creative network will win cozy Hak5 gear from our newly opened HakShop

Watch

Show Notes

Matt Lestock turns any windows application into a service using instsrv and srvany and demonstrates how we use this technique, coupled with Panel Daemon to delegate game server administration at the Hak5 playground.

Chris Gerling shows us some packet filtering techniques using the network analyzer Wireshark. He covers capture filters, display filters, colors and statistics. Read more on packet sniffing on his blog at ChrisGerling.com

Darren Kitchen talks about parallel computing. He touches on grid computing and massively parallel processors though he mainly focuses on clustering. Darren demonstrates simple windows password cracking techniques using an openMosix based image and discusses the theory behind setup. Darren has a lot of further reading for you to check out on his blog and would like to hear your feedback about building the Hak5 beowulf cluster!

And on a production note: We’ve switched over from a standard-def composite based video mixing solution to a high-def HDMI based system. Unfortunately until we get a Mac Pro and switch to Final Cut Pro for editing we’re unable to release a 720p version of Hak5. But we’re well on our way to bringing you guys truly high def technolust thanks to everyone who has continued to support this cause. Thanks!

Watch

Show Notes

Chris Gerling dives into the structure of IP and TCP headers in part two of his three part series on packet sniffing. He covers everything from source ports to checksums and everything inbetween offering insight into TCP packets in plain English. Then in part three he covers basic Wireshark usage and advanced techniques. Read more on packet sniffing on his blog at ChrisGerling.com

Shannon Morse shares with us DosBox, the free and open source IBM PC emulator that allows you to break out those old floppies and play your DOS games once again. While we wait for DNF, anyone for a Duke Nukem 3D deathmatch?

Christine Bourquin demos Alice, an innovative 3D programming language that makes it easy to teach programming using a simple drag-and-drop interface. Perfect for the next generation of computer scientists.

Darren Kitchen brings us his review of Day-Con with photos courtesy of the security twits. He also talks about Jasager batteries both big and small.

And on a production note: We’ve switched over from a standard-def composite based video mixing solution to a high-def HDMI based system. We’re not ready to release the full 720p quite yet as we’re ironing out (read: developing on the fly) the post production process but in the mean time we’ve got damn good looking 480p and we’re looking for your feedback. Thanks a million to everyone who has donated and helped make this happen!