Episode 512 – Break through the university firewall Internet Redirection, Hide data in photos with Steganography and answers to your Virtualization questions!

Want to bypass those nasty restrictions imposed by your corporate or university firewalls? Darren has just the trick with Internet Redirection. Ever wanted to hide secret data inside a photo? Shannon’s show us a neat steganography app. Plus Matt answers your virtualization questions!

Download HD Download MP4 Download XviD Download WMV

Show Notes

Internet Redirection

Corporate and university firewalls can be a particular PITA — especially if you’re a gamer. And while SSH tunneling (even over DNS)or VPN technologies are often preferred, it is quite possible to “bounce” your traffic off an Internet Redirection server. Like a fancy proxy, rinetd allows you to specify incoming and outgoing IP and port. It features basic client access rules based on IP and even supports logging. In my segment I demonstrate accepting traffic on port 80 and transmitting it to an IRC server on port 6667.

Granted this isn’t going to fool your more complex firewalls that actually inspect packets — but if you’re just looking to get traffic through an open port I highly recommend giving rinetd a try.



Download a copy of Steghide. Extract the zip.

You want to hide a file. First thing you need is a file to hide it in. Choose a file – whether that be a music file, jpeg, word document… whatever – and save it inside the steghide folder, which was extracted from the zip folder. Also, save your file that you want to hide inside that same folder as well.
Open up your command prompt and open the steghide folder directory. Open the steghide.exe file. The last few rows of type will tell you how to embed and extract your hidden file.

Type into the command prompt: ’steghide embed -cf file.jpg (this is your regular file) -ef hiddenfile.txt’ (this is the file you want to hide).
Choose a Passphrase and you’re done! You’ll notice the original photo or music file has changed it’s byte size now that you’ve embedded something inside it.

Type into the command prompt: ’steghide extract -sf file.jpg’ and enter the passphrase. Now, you’ll see the extracted hidden file appear inside the same folder.
Your done! Simple, eh?



  • Nescire

    Great show! rinetd, pineapple and a custom dns server, hm that sounds intresting to me.
    I hope Snubs will tell us some more about Stegnalysy, it fun to hide things, but it is more fun to find things (I loooove eastern).
    Btw. great idea for a contest, hide something via stegnographie on the hak5 page 😀
    Matt was just competent as always, it’s really fun to listen to you, even if I don’t want to virtualize anything 😀

  • Destro

    Hey just wanted to thank you for putting my photo in the show. I really appreciate it! Also that is the jpeg form so it is in different color, so I will try to post the original soon.

    thanks again and cheers,

  • Ghostscorpion

    Grate stuff

    on the hiding a file in a image you can do this in DOS.

    1. Get your .rar/.zip file and put it in the same directory as a jpeg picture (c:\hidden is a good place to put it)
    2. Open up a command prompt by clicking Start/Run and typing “cmd” and click ok.
    3. In the DOS window, type “cd c:\hidden” to navigate to the folder
    4. Type “copy /b input.jpg + input.rar ouput.jpg
    (where input jpeg is the picture you want to show, input.rar is the file you want to hide and output.jpg will be the name of the new combined file)


  • Crax

    One thing that I thought of when watching Darren’s segment was, why just not use SSH? If the company firewall just allows port 80/443 then just put your SSH server on port 80 and tunnel any other port through that connection. Then you don’t have to remember to start your server application when you leave for work 😉

  • fDOOM

    rinetd is just one way of doing it. most of time it will not work. many proxy and statesful firewall will block it. you are better off with ssh if you work for the mid to large size company.

    @bearded GUY!
    Don’t forget to go over AoE, HyperSCSI, and FCoE too! iscsi is cool, but others do other fancy stuff too. It seems like you know what you talking about so I will not bore with the definitions.

    bearded guy:3 darren:0

  • Darren

    @AnimeNinja, we’ve gone from a 45-60 minute monthly show with 3-4 segments to a weekly 30-40 minute show with 2-3 segments. You’re essentially getting 2.5 times the Hak5!

    Also if we did weekly hour long shows you or I would burn out quick. Not sure who first, but it would happen 🙁

  • AnimeNinja

    Darren I know 🙂

    Not use to the half hour episodes yet.

    It’s like waiting for a new stargate episode or something 🙂

  • Nath

    ADS is another fun way of hiding information inside of files, its limitation is you cant move the data of the drive thou,
    Great ep,

  • frankie_the_g

    Did matt list the model details of his SAN anywhere? I’m looking into a SAN for my environmrnt and would like to know more about what others are using? I’m also in need of SAN replication advice as I have multiple sites and want a backup copy.

  • Joscpe

    For steganography into images at least… You can extract any files into a rar archive, go into command prompt and type “Copy /b image.jpg + rar.rar newimage.jpg” and newimage.jpg will be the normal picture, but when you “Open With > WinRar”, there are your hidden files.

    It’s great if you use complex passwords and you store them in an Exel database within the rar and hide it in an image in your Windows directory. No one will expect it.

  • fDOOM

    OK. I will be serious now on. I no longer want to make Darren cry. He is doing a good job too.

    If you want show suggestions, how about going over Metasploit? I think some people want to know. If you feel the pen testing arena might be too complex for your audience, you can stick to the good old IT segments. The show doesn’t have to be about the IT security. If you think about it, going over antivirus, home firewalls, basic encryption tools aren’t really what most security admins focus on.
    Going over Checkpoint and various IDS tools, and designing a high level security network might be too much.

    I went through the forum. It seems like many IT people are here. Do multiple segments like Matt is doing. Pick one topic and go thoroughly over one subject at a time. You can go over basic Cisco 101 for some people. I already know Cisco, but it seems like many forum members are Windows admins. Cisco subject might be something they want to learn. Windows administration and Cisco network administration go hand in hand. You can also go over Linux and xBSDs network design, but it might not be geared towards your targeted audience. However, if you want to try various Linux segments (plenty of topics), you probably want to stick to Ubuntu LTS/Debian/CentOS/Redhat. However, something tells me none of you are UNIX specialists.

    I think most people seem to know a lot about the Windows administration here. If most people are just admins, they probably didn’t had an opportunity to design a complex Active Directory. Maybe, you can over Advanced Windows network design. You might also want to go over everyday routines that average sysadmins do such as remote installation, setting up a security patch server, setting a Windows cluster network, barebone disaster recovery, remote site recovery, and remote site hosting. Most admins are maintenance admins. If you want to peak their interests, focus on the design side. Since only few people in companies are allowed to do the design work. Also, multiple layer DNS design might keep them interested. In reality, people will be using Linux and xBSDs for a large scale DNS, but it can be done with Windows too.

    Learn to utilize your existing skills instead of getting stressed out about figuring out what to talk about. Bearded guy seems to have years of project management experience. Why don’t you talk about that? Topics can range from how to manage a team to other great project management tips.

    For Darren.
    If you designed this site by yourself, why don’t you explain how you did it? That way you can knock two stones at once? I’m sure there are many php newbies out there who are very curious what you are doing.

    I will come up with more suggestions as my time fits. I will browse your forums and trying to get the feel of people’s interest.

    Good shows guys.

  • tamara

    Great Episode! I loved the steganography segment.
    Congrats on the house Matt.
    Thanks again for the shout outs- you guys went over and above what I was expecting!
    I really appreciate it. I am tickled to see D-Monkey on the set. 😀

  • Ghostscorpion

    ” Joscpe says:
    May 8, 2009 at 11:25 pm
    For steganography into images at least… You can extract any files into a rar archive, go into command prompt and type “Copy /b image.jpg + rar.rar newimage.jpg” and newimage.jpg will be the normal picture, but when you “Open With > WinRar”, there are your hidden files.

    It’s great if you use complex passwords and you store them in an Exel database within the rar and hide it in an image in your Windows directory. No one will expect it.”

    that is what I posted on May 6, 2009 at 11:31 am

  • benjamin1254

    hey @Gabuzecs @snubs @darren steghide was done AGES ago if u dont remember a few episodes back with the user now known as Dankiswess… This was done back id say right around the time darren hurt his finger and we were just around the time real change started to happen to the hak5 team… dankiswess left matt stepped in… allie left… snubs stepped in… evil server is always mentioned but the heart isent there anymore to make him “part of the show”! users loved hak5 for its mix back in the day. I wish the original voice would come back and do some stuff for hak5 *cough*. Yeah I agree that hak5 went a bit dur dur dur but at the same time it mixes in low rank “haks” with some newer stuff as well. I at times thought to myself “hey hak5 users were once fans of the famouse TSS…” now i think that because of the time it takes to do thinks or to motivate the team effort is lost in these new mods/hacks. What is lacking here is the motivation to want to do hak5 like it use to be… but with a modern twist. I love hak5 and have been here since season 1 and will continue to help where i can and be a fan of hak5… just things need to change up! I would not want to be rude n give the team a f for failure because that they have not done… An E for effort is what is more needed in said situation because i can see they are doing what they can and they are at least trying. I also want to mention here that a big effort into fluid change overs needs to be done here. I mean it’s one thing when mods happen in one ep and then they are done with…. But as of late things have been getting really choppy! An example of this is when hak5 projects get started… it will start one episode and it will skip episodes instead of having a fluid checklist of things that need to be done and that need to be knocked out. The rover is an example of this IMO because we were shown its ability and use…. few episodes later still nothing… not even an update on *working* projects. That Would be nice… a working projects list on the front page of the hak5 website so things as a “team” can be knocked out of the park and so that way hak5 can become more interactive. I also understand in this that even if something isent *done* there still needs to be an episode of some sort…. i think dankiswess’ idea of a “episode board” needs to come back at some point and re-organise things. I think as a whole what im trying to say here is even with all this chaos of running a show and having to put out eps every week things should be more solid then they are… or at least as solid as they could be without having to jump around so much.” All in all I say i wish you all good luck and i appreciate everything you and the team do as a whole.

  • magiconion

    hhmm, not so sure about what Benjamin says.
    I quite like the randomness…
    It leaves a bit of self research and motivation to viewers to delve deeper into interesting stuff they like themselves 😉
    Keep up the yummy n00bilisious episodes 🙂

  • dan

    The show definitely got newbish in the past two seasons. I hope show doesn’t become like Tekzilla and become freeware of the week or good looking websites of the week. The show should go very hardcore security or go all the way to become IT friendly. I think Matt has the right direction. He is focusing on what he knows bes, which it shows a lot when you put the show together.

    This is only a suggestion. If Darren runs out of ideas, he can always discuss about how he build this site. I’m sure some people are curious.

  • Darren

    To those who are concerned, I’ve got a list of segment ideas a mile long. There’s no running out here. That said, I cover what interests me at the moment. The show is a fun outlet, not a job, and as such I just try to have fun with it.

    If you have some constructive criticism you’d like to share with us by all means do. Calling it newbish doesn’t really help any. If you think it was so great before and not now maybe you could write up what you thought worked then and what isn’t now.

    Always trying to make the show better.

    Also, don’t bash Tekzilla. I know it’s not for the advanced user crowd but it does a great job at catering to its audience. Pat and V do a spectacular job.

  • steve

    hi dudes imo tekzilla systm and hak5 are the best internet shows out there and all are there to help us, even though some people out there think some segments are “noob” u have to realise the show isnt just for u, personally im glad to have been introduced to this and the shows mentioned above they’re there to help us and entertain us.
    all the same can anyone tell me y i cant see d ep, its not loading and playing back as normal and ive tried f5’ing the page multiple times

  • pb33i2v9wq

    http://mbt.the-mall.com.tw/ – mbt鞋價格 像大多數偉大的想法,那是自私的結果。 MBT 作為唯一獲得眾多學術研究所對其功能性予以證明的品牌,繼續在大多數市場保持著領導地位。 簡單而有效的,MBT是人們適應一個很好的鍛煉,他們將幾乎沒有注意到每一天的完美方式。 顯然,這些靴子的不僅僅是行走進行。 完美走姿,mbt涼鞋幫你前行。 http://tomstw.pathood.org/ – 台灣toms專櫃

    http://fitfloptw.cabotalpost71.com/ – fitflop拖鞋 還有很多人穿MBT是為了更直接地原因——減肥!因為穿著MBT走路可有效鍛鍊關節周圍的小塊肌肉,增強肌肉力量,燃燒更多脂肪,走路時的愉悅體驗及鍛鍊益處可有效治療肥胖症。 價錢還滿亂的.不管先問問製造地是那裏.我目前不喜歡中國製商品,結果大都是中國製.連賣鞋子賣很大的[好**]也說他們的MBT產品是中國製的。 但鞋子不穿的大多數人直到最近,當合成材料使他們更加實惠。 http://mcmtw.com.tw/ – mcm包包台灣

    http://timberlandtw.verecondos.com/ – timberland 皮衣 否則這將是一個不匹配,它不會以相同的方式,因為它會在一個大小合適的工作。 唯一變為均勻,平整地面成不平坦的地形。 事實上,他們被認為是有史以來第一個生理鞋。 http://toms.kelfct.org/ – toms台灣哪裡買

    http://mcmtw.waumcph.org/ – mcm 價格
    http://tomstw.pathood.org/ – toms 官網 台灣
    http://fitflop.com.tw/ – fitflop taiwan

  • qv80g3c7vf

    michael kors 官網 基本的技術,使這種類型的鞋其神奇的色調權力可以是一個搖桿底部或一個人的行走步幅造成不穩定的平衡莢鞋底。 幾乎每一個主要的鞋類品牌已經跳上了爽膚鞋行列,所以風格從傳統的運動鞋和皮鞋靴子,涼鞋和拖鞋。 完美搭配牛仔褲和時尚完美的Tataga就像是偽裝成一個很酷的休閒鞋運動鞋。 科學研究表明。 MBT鞋有多種款式供男性和女性,包括運動鞋,靴子和涼鞋。 mcm包包

    new balance台灣 mbt瑞士健體鞋門市海藍色的MBT Baridi,mbt健走鞋改善姿勢及步資;調整和塑造身形;可幫助改善背部、臀部、雙腿和腳部問題;可幫助關節、肌肉、韌帶和幾件損傷痊癒;減少對膝蓋和骨關節的壓力,可帶動全身運動。 不追求分外奪眼,又能用簡單服飾把自己裝扮得很有味。 獲取最好的技術在那裡為自己的腳,也將有助紓緩你的脊椎和光碟,這一革命性的涼鞋。 toms 代購

    converse 後背包 而潮人最愛的高橋盾UC(Undercover)推出了迷幻線條主義的復古MBT健體鞋,白底上細細的深灰色條紋看起來文藝腔十足帶點神經質的不屑,還有一款上面有其經典“雙眼漢堡包”圖案設計的黑色MBT健體鞋,帶點小小的邪惡和幽默感。 鞋墊部分可以是真皮也可以是紡織布料。 ? 2010年春夏MBT鞋子時尚趨勢閃亮的飾品加上光亮的布料讓鞋子顯的尤其耀眼。 tiffany專櫃

    toms 鞋 台灣
    fitflop 門市

  • Carlota

    I do not even know the way I ended up right here, however I assumed this post was once good.

    I do not know who you’re however definitely you’re going to a well-known blogger for
    those who are not already. Cheers!

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>