Download HD Download MP4 Download XviD Download WMV

Malware Analysis Sandbox

CWSandbox is an automated malware analysis sandbox. It works by running suspected malware samples in a simulated Windows OS. So as opposed to trying to break into the malware code to see what it does, we simply run it in a live environment. That way we can monitor all the network traffic that the malware generates. All of the processes that are created, the DLLs that are loaded, any changes to the Windows registry and even what it’s doing to the file system.

This is achieved by using a technique called API hooking. That basically means that when the malware calls the Windows application programmers’ interface to say something like “connect to this IP address” or “modify this file” it’s actually going to CWSandbox’s monitoring software, which logs the action and goes ahead and makes the change.

It’s kind of like an operating system man-in-the-middle. For malware.
So once a suspected malware sample is run through the tool you get a computer generated report of what the executable is actually doing. And this can be fed into anti-virus and intrusion detection systems to monitor for similar behavior.

PC Remote Control over Twitter

While there is no denying the power of running your own SSH, VNC server at home for remote access, wouldn’t it be nice if you could simply text message your computer something simple like “Hey, what’s your external IP address” or “Send me a screenshot” or “Go download this file”

And if Robin Wood has taught us anything with KreiosC2 – commanding your computer, or even a large botnet for that matter, over social networks is quite possible.

But now it’s time for something a lot more user friendly. This week Snubs investigates TweetMyPC

Download HD Download MP4 Download XviD Download WMV

—
Title: Virtual Routers?
Time: 3:20
Keywords: virtual router, virtual machine, vm, virtualization, vmware, virtualbox, cisco, nexus, nexus switch, cisco nexus, nexus 1000v, nexus 1000

Joe Switch writes in to ask what the deal is with Virtual Routers and other such untangable networks. Matt has the answer. The way I understand it your more high end (read: expensive) Cisco and Juniper routers have virtual routers built in — much like you might have a virtual interface like eth0:1 in Linux — to manage VLANS, IP subnets and such.

Matt goes on to explain that in the vSphere product by VMware you can use the APIs to write, basically, a software based switch to compliment your existing deployments. Check out the Cisco Nexus 1000V. It’s a software implementation of a Cisco Nexus switch. I’d love to get my hands on it but at nearly $1000/year I’ll find something open source. Speaking of which, we’ve been meaning to play with a Cisco virtual network application but are in need of an ISO. If you’re privy to an open source alternative or can help out drop us a line.

Make your own Nintendo DS Games for free!

If it begins with a #include and ends in a semi-colon our friend Jason Appelbaum is all over it. This week he’s in studio covering a subject near and dear to our hearts — Nintendo DS Homebrew.

Let’s face it, the Nintendo DS is a happy little platform full of hacking potential. And with a well established homebrew community it’s the perfect device to start your next weekend project with. Jason takes you from Homebrew 101, including carts and roms, to getting the Dev tools and building your first Hello World app.

For more see JasonAppelbaum.com or email jason@hak5.org

Mac tunneling the free and easy way

Paul can’t hide behind the camera forever, and this week we’re pleased to have him break down the free and easy way to SSH Tunnel on a mac. After Hak5 viewer Lavi wrote in about SSHTunnel 1.6 Paul was happy to check out the program. Thanks for sending in your freeware picks!

SSH Tunneling the cross-platform way with Python and PHP

Another great bit of feedback from the SSH Tunneling segment in episode 614 was from Jan-Marten in The Netherlands. His Hak5 inspired cross-platform Python and PHP scripts, available from his blog johmanx.com allow you to easily configure and save SSH tunneling options. Awesome code Jan-Marteen, thanks for sending it in!

Of course if you have feedback for the show, code you’d like to send by, tips on legally acquiring a cisco IOS, freeware you want to let us know about, questions, or criticisms just write us: feedback@hak5.org

And don’t forget to check out the Hak5 Store for our holiday sale on all new Hak5 T-Shirts, hacked gadgets, pineapples, monkeys and more.

Download HD Download MP4 Download XviD Download WMV

Port Tunneling and Socks5 Proxies with a Secure Shell (SSH)

SSH Tunneling isn’t new to the show, we’ve done it before over DNS or in conjunction with VNC. Today we’re looking at two SSH tricks for tunneling just about any traffic.

First up, ssh -D. The -D option specified a local "e;Dynamic"e; application-level port forwarding. Any connection made to the specified port goes through the tunnel as a SOCKS4 or SOCKS5 proxy. Perfect for secure web browsing as demonstrated with Firefox in this segment.

Usage

ssh -D 8080 user@server

Second, ssh -L. The -L option enables port forwarding. Using this option tells the SSH client to listen to traffic on a specified port and forward it along through the tunnel. The server receives this data and points it to the specified destination, whether it be on the destination network or otherwise. In our example we use the -L option to securely connect to an open IRC server.

Usage

ssh user@server -L local-listen-port:destination-ip:destination-port

For more SSH-fu check out the ssh man page or Linux Journal’s interesting series on 101 uses of openssh.

Bypassing site-blocking firewalls with your own private web proxy

The age old scheme for bypassing restrictive firewalls, like those that block sites at school or work, has been to use a web proxy. Of course this is followed up by the network administrator blocking all mainstream proxies. But what if you could run your own? Well, you can and it’s really freaking easy. In this segment Darren demonstrates PHProxy

Cracking MS-CHAPv2 PPTP VPN handshakes & LM Hashes Followup from 6×12

On episode 612 we demonstrated a tool, asleap, designed to crack MS-CHAPv2, the authentication protocol commonly found in Microsoft PPTP VPNs. The final demo was unsuccessful due to the encoding of the handshake and response sniffed by Wireshark. Viewer Sc00bz was kind enough to post a PHP script that accepts the challenge, response and username and provides you with the proper asleap command to run with the properly encoded byte sequences. Sc00bz has well documented the code, which lives now on this Hak5 forum thread. Thanks Sc00bz!

Deploying Virtual Appliances in minutes the open source way

A Virtual Appliance can be though of as a software image containing a supporting stack designed to run inside a virtual machine. A quick look at vmware’s virtual appliance directory shows that there are hundreds of applications that can be quickly and easily deployed. In this segment I take the Dimdim open source virtual appliance, designed for vmware, and deploy it with VirtualBox (just becasue I can).

Download HD Download MP4 Download XviD Download WMV

Watch

Show Notes

DNS Tunneling

The basic premise comes down to this: If you can connect to a wireless access point that has a captive portal running, constantly forwarding your web requests to a payment page, you can most likely bypass those restrictions if you can get name resolution.

Simply open a shell and ping your favorite website. It doesn’t matter if you get ICMP packets back, what you’re looking for is name resolution. If ping says “Pinging www.l.google.com [74.125.95.99]” or similar you should be all set to tunnel your traffic over DNS

In order to get going you’ll need a domain, or sub-domain, a set of Perl scripts called Ozyman, a server to run the ozyman and ssh daemons on, and a little luck

Full step by step instructions can be found at Mubix’s wonderful blog o goodness at Room362.com.

Linux Gaming

In this episode we had the pleasure of having Tyler McAdams of Linux DNA on the show to talk about gaming on Linux and mad performance optimizations with ICC. Tyler was happy to announce that LinuxDNA is now working with Dream Linux for the ASUS eee PC.

Thanks to those who’ve contributed to the success of Hak5. Your donations are greatly appreciated!

Watch

Show Notes

Chris Gerling joins us at the top of the show via skype from a SANS conference where he is currently getting schooled in forensics.

Matt is obsessed with Clicky Keyboards. I’m a fan of the Model M and the PC-XT’s 83 Key Keyboard.

Our next LAN Party game will be Quake 3 on Saturday, January 10 at q3.hak5.org. Check out all the details at our brand spankin’ new Hak5 LAN Site (with leetness by Squarespace)

Darren mentions Post_Break’s article on Mubix’s Room362 site about ways to detect nearby Jasagers.

Setup an SSH SOCKS proxy!

For episode 416 of HAK5, I showed how easy it really is to tunnel all kinds of traffic from HTTP, FTP, and more over a secure SSH Socks proxy.

Some of you may be thinking to yourself… “HOLY CRAP WHAT ARE THESE TERMS?!” And I’m here to assure you that it’s going to be OK! Really it is.

What you’ll need

• An SSH server to act as your proxy.
  Simple enough really! If you’re using windows I highly recommend freeSSHd. If you’re on a mac check out this page for instructions on how to enable remote logon. Linux users, you should know how to do this.
• An SSH client on the computer you’re using.
  Mac and *nix machines have SSH built right in at the command line. Windows users can do like I did in the episode and download plink (available here). There are other people out there that will recommend Cygwin, but for this purpose, it’s really overkill.

How proxies work

In a nutshell, what you’re doing with a proxy is setting up a middle-person (no not a pineapple, but close) between you and the internet. Using the proxy, your browser hands off web page requests to the proxy server, which handles the request and fetches the page for you from the internet. The web site actually thinks the request is coming from the proxy server, not your computer, which is a good way to obscure your originating IP address.

Additionally, the connection between your computer and the proxy happens over SSH, an encrypted protocol. This prevents wifi sniffers from seeing what you’re doing online.

Start your SSH tunnel

So you’ve got your ssh server setup at your house or workplace. Great! To connect to it we’re going to setup a local proxy server on your client that you’ll be browsing the internet from, which will then “tunnel” web traffic from your local machine to the remote server over SSH. The command to run on your linux / mac client in a terminal window is :

ssh -ND 9999 you@example.com

For Windows it’s as simple as browsing to the directory you saved plink to and running

plink.exe -N -D 9999 you@example.com

Of course, you’re going to replace the you with your username on your SSH server and example.com with your server domain name or IP address. What that command does is accept requests from your local machine on port 9999 and hands that request off to your server at example.com for processing.

When you execute either of those commands, you’ll be prompted for your password. After you authenticate, nothing will happen. The -N tells ssh not to open an interactive prompt, so it will just hang there, waiting. That’s exactly what you want.

Set Firefox to use SOCKS proxy

Once your proxy’s up and running, configure Firefox to use it. From Firefox’s Tools menu, choose Options, and from the Advanced section choose the Network tab. Next to “Configure how Firefox connects to the Internet” hit the “Settings” button and enter the SOCKS information, which is the server name (localhost) and the port you used (in the example above, 9999.)

Save those settings and hit up a web page. When it loads, visit http://www.ipchicken.com to see if it’s using your remote ssh server to tunnel traffic. If you are, GOLDEN!

If you feel there’s something I’ve missed, hit me up here (http://www.mattlestock.com)

PS: Remember that you’ll need to open your firewall a bit by cracking open port 9999 on your local machine and port 22 on your server for SSH.

–Matt

Congrats to VickiWong who correctly answered last week’s trivia. Answer: Stiletto as it is not a submarine launched ballistic missile like the other two. We would have accepted the fact that Polaris and Trident are US ICBMs while Stiletto is a USSR ICBM.

Update multiple blogs with Ping.fm and custom URLs

I don’t know about you guys but keeping up with all the latest blogs, social networks, and micro messaging services is a lot of work! And I don’t know how many times I’ve neglected my blog(s) because I was simply too lazy to login and update, login and update, login and update.

In my segment this week I’ll be showing you how to use ping.fm’s Custom URL feature to update blogs by email. Ping.fm is great for updating multiple status services like Twitter and Identica, but I’m just concerned with blogs.

I personally use three blogging services; Posterous, Tumblr, and Wordpress hosted on my own domain, DarrenKitchen.net.

The first two are easy to update with a Ping.fm Custom URL since they feature rich posting via email. Wordpress on the other hand is a bit lacking. Sure Wordpress has a built in post via email feature but it’s severely lacking. To alleviate this I recommend installing the Wordpress Postie plugin. This little guy is awesome, with features like roles, authorized addresses, photo and file upload, signature removal and custom CSS just to name a few.

Once installed and configured all we need to do is edit some the sample PHP code, upload it to our web server, rename the file to something obscure, and add the URL to Ping.fm as a custom URL.

Resources:

• http://www.ping.fm
• http://www.economysizegeek.com/wp-mail/
• http://groups.google.com/group/pingfm-developers/

–Darren

2009 Independent Games Festival Student Entries

The Independent Games Festival is an annual festival awarding students and independent developers $50,000 in prizes. This year, IGF will happen March 23-27 in San Francisco.

In my segment, I test out a few student entries that were free for download.

The first one was City Rain, which is sort of like Sim City in a way. You play the mayor of a new town, and have to make quick choices as to what kind and where new buildings will go. Buildings quickly fall out of the sky and you have to make your decisions quickly.

I also tried out Froggle. In Froggle, you play a, well… froggle. You’re incredibly long tongue is used to eat flies and fling yourself over cartoony environments. I really liked the shading and humor aspect of this game.

The third game was Blazar, which really brings me back to the old school arcade games! You control a ship which has the ability to destroy asteroids or bounce them away. Your goal is to grow a black hole from tiny to huge.

The last game I demo’ed was Glitch. Glitch is a first person shooter that exists in a large cube arena. The environment is constantly moving and the enemies are made out of little cubes themselves. This game was fun!!

The last game which I didn’t demo but mentioned was Akrasia. I liked Akrasia because of it’s educational touch. This is the description from the IGF website:

Akrasia is a single-player game that challenges game conventions and is intended to make the player think and reflect. It is based on the abstract concept of addiction, which is expressed metaphorically throughout the game.

The game is set in a maze that represents the mind. The maze has two states – a normal and a psychedelic state. To enter the game, the player collects a pill-shaped object and thus enters the game as “addict”. From “chasing the dragon” to working through “cold turkey”, this game models the essential dimensions of the addiction gestalt as identified by its creators.

–Shannon

Questions

We answer view question about password protecting applications and feature a program called Empathy

Until next week we welcome your feedback and remind you to Trust your Technolust

Watch

Show Notes

Shannon takes the spotlight and opens the show. Darren threatens to vote her off the hakhouse. We postponed the open sourcing of the missile launcher due to finals. Thanks Jason Appelbaum. Our friend Mubix has a great article on Multi-Boot Security Live CDs that makes last weeks pick, UNetbootin even more amazing.

Our next LAN Party will be Half-Life 2 Deathmatch on Saturday, December 13 at game.hak5.org. Prepare to get smack in the face with a flying toilet! Check out all the details at our brand spankin’ new Hak5 LAN Site (with leetness by Squarespace)

Public Key Encryption

In this segment we show you how to setup public key authentication between a windows and a linux host. There are many different software packages through which to accomplish this but we used openssh and putty.

Requirements:

Linux machine or VM running OpenSSH (most distros have it in their repository, or you can find it here: http://www.openssh.com/portable.html

Windows machine with putty software (download the whole package) http://www.openssh.com/portable.html

Installing openssh on linux is relatively straightforward. Refer to their site for details. Once that’s setup, we generated a key using the command “ssh-keygen” and specified the filenames. You can customize the keys you generate as you wish, but we went with the defaults. After entering a passphrase twice, you’ll have a public and private key file, with the public having the extension .pub. The private key file stays on the server but we copy the public key over to our windows machine and convert it into putty format using Putty Generator. After you have the key, you can either pass it with scp using scp -i (pscp in our example since we’re using putty’s scp executable), or you can use the putty ssh client in order to pass the key instead of just a password to authenticate to the server. This makes an easy two-factor authentication mechanism.

–Chris

Driver Backup

After installing a fresh copy of your Windows OS of choice, the biggest headache for most of us is the arduous task of trying to locate drivers for all of our different components. So this post is all about making your reinstall a little less troublesome.

Here’s a list of some of the better driver backup utilities!

DriverBackup2 is a lightweight driver-backup tool. The application is portable with a caveat: you’ll need administrative privileges for full use. You can opt to backup one or all of your drivers, the backed up files are dumped into a tree structure based on driver name. DriverBackup2 also allows you to restore and delete unnecessary drivers. If you ever hunted for obscure drivers online, when installing legacy or obscure hardware for instance, DriverBackup2 will save you the hassle of searching them out again.

Double Driver lists all the hardware drivers installed on your system and creates backups of both the actual drivers and lists of the driver names. While handy with any computer, Double Driver really shines if you have a computer that came with pre-installed drivers that are hard if not impossible to come by. With a few clicks you’ll have those archaic laptop drivers backed up and ready to put back to work after a fresh install.

DriverMax allows you to easily reinstall all your Windows drivers. No more searching for rare drivers on discs or on the web or inserting one installation CD after the other. Simply export all your drivers (or just the ones that work ok) to a folder or a compressed file. After reinstalling Windows all drivers can be back in place in less than 5 minutes.

DriverView is a helpful upgrade from looking through devices individually in the Device Manager, but the real value here is in the list generation. Create an HTML-formatted backup list for your future troubleshooting needs or export to text to show friends or forum members just what’s gone wrong. While it doesn’t actually backup drivers, if you’re still into doing things the old fashion way, DriverView is a great choice!

Now that we’ve got all of the corporate slogans and descriptions out of the way, my personal favorite is the first link we’ve talked about here. The interface is the least cluttered, and the process really couldn’t be any easier. For those of you who are looking to deploy driver backups in an automated fashion, there’s a built in commandline builder! Like I said, I’ve personally used it and really does make life alot easier after a reinstall.

So check it out and if you have any questions, remember: matt@hak5.org – Revision3 Forum or Hak5 Forum

–Matt

Congrats to Mesartwell who correctly answered last week’s trivia. Answer: “Tom is king” and “Jules sucks”. Grab yourself a copy of the Doom alphas

“Hackers Are People Too”

Ashley Schwartau joins us via skype to talk about her documentary Hackers Are People Too

–Darren

Music Organizers

I have thousands of songs on my computer and some of them are missing titles, artists, etc. So when I hop on iTunes to download my feed of podcasts (like Hak5!), I use TuneUp Media to clean up some of my music.

TuneUpMedia

TuneUp Media has the ability to find your songs basically by listening to them, and tell you the information for each one. You simply drag your song over to the clean up bar on the right, and TuneUp finds your songs info in a few seconds. It even gives you a choice of album art you can use.

I like TuneUp simply because I’m really organizational. There are a few bugs though… Firstly, once you download TuneUp, you don’t have the option to close it while in iTunes (unless this has changed recently). Second, there are two versions – free and not free. With the free version, you only have 500 songs to clean up. In the payed version- you can clean up as much as you want.

TagScanner

The second one is TagScanner. Tagscanner is good for someone who doesn’t like iTunes. In tagscanner, you can not only clean up the names and artists on your music, but you can also fix up the ID3 tags for each song, down to lyrics and album art. You can also export your music into a .txt or excel spreadsheet, which is pretty neat.

–Shannon

Questions

Skybar Baron writes I have a computer from my school and was wondering if there was a way to wipe everything but like Microsoft Office and the OS?

Darren recommends Sdelete.

Until next week we welcome your feedback and remind you to Trust your Technolust

Sponsors

Get awesome web hosting from the pros at Dreamhost and receive $25 off your order when you enter coupon code HAK5! Plans start at $7.95/mo including 500 GB storage, 5 TB bandwidth, and one-click installs of popular software like Wordpress, phpBB, and MediaWiki.

Keep your personal information away from spammers, hackers and your crazy ex-evilserver. Private Domain Registration from GoDaddy.com protects your privacy by keeping your address, phone number and more out of the public database. Get an additional 10% on your order when you enter coupon code HAK.