Hak5 911 – Circumvent Windows Login Security with a USB boot-drive, Phishing with a Pineapple and anonymous torrenting!
This time on the show we’re Breaking into Windows boxes with no skillz necessary using Konboot for USB, Spear-Phishing with a WiFi Pineapple, Sudo with pipes in Linux and downloading torrents anonymously
Remember how Skype had a gaping security hole last week where third party apps could steal your data?Â They fixed it! And now if you own an Android 2.1 device, you can get Skype 3G calling without a Verizon Wireless sanctioned app. Pretty cool! Good job Skype!
If you’re a PS3 gamer with a credit card tied to your PlayStation Network account, now might be a good time to check your bank statements. After day longÂ outages of PlayStation Network and Qriocity, Sony is reporting that account information including name, address, email, birthdate, login, password and handles have been obtained by an unauthorized person. Sony isn’t ruling out the possibility that credit cards data was taken and is advising users to check their credit, keep an eye out for suspicious activity and follow up with the FTCs Identity Theft site. Sony has gone as far as to have provided the names and contact information of effected parties to the three major U.S. credit bureaus so that users may place a “fraud alert” on their files for free.
If you have an Xperia unbranded Play, Arc, Neo, or Pro, you can now try out custom ROM’s and mods. Sony Ericsson released theAndroid bootloader unlocking site, so you can tinker to your hearts desire on those machines. But modders be aware! If it goes wrong, your warranty will too…
While Google has announced encryption support in the third version of its yet to be open sourced Android operating system, many are looking toÂ the Guardian Project for features like full-disk encryption, secure instant messanging and anonymous web browsing. The project aims to create apps and open-source firmware for those looking to protect their communications.
Use that old CD ROM laser to create aÂ laser triggered water bomb trap! Great for pranks and giggles!
Crack the Code Challenge
Did you have what it took to compete in our Crack The Code Challenge, brought to you by GoToAssist Express? These Hak5 viewers did last Sunday. Mad props go to Mr-Protocol and Hack_sipop215 who made it to the first of three timed checkpoints.
A big thanks go out to all that participated, joined the live stream and chat, and of course GoToAssist Express for sponsoring our Hak5 Lab Network. Stay tuned for info on the next, even bigger Crack the Code Challenge.
And be sure to tune in next week as we’ll have a detailed walk through on how the challenge was completed.
Phishing with a WiFi Pineapple
Following up on last weeksÂ auto-rickrolling WiFi Pinepaple I decided to take it a step further with a little phishing expedition in Berkeley. See the entire step-by-step atÂ hak5.wpengine.com/hack/pineapple-phishing.
Last weeks trivia: What is the name of the virus, considered the first known use of polymorphic code?
The Answer was: 1260
This week’s question is: The UK version of this device represents 10 Pence with a 1000 Hz tone. What is the device?
Answer atÂ hak5.wpengine.com/trivia to win some sweet swag.
Circumvent Windows Security with Konboot for USB
“Konboot from a USB
I did a segment on Konboot back onÂ episode 518, but I wanted to recap it and show you how to bootÂ Konboot from a USB instead. If you haven’t checked it out already, Konboot is a tool that lets you change the contents of a Windows or Linux kernel while booting, enabling you to bypass the root user password while logging in. It was originally created for the user to boot in case they forgot their own password, so you shouldn’t use this for malicious purposes. Konboot was made for CD and floppy, so you have to follow these simple steps to get it working from a USB. These steps only work for 32 bit machines, so if you have a 64 bit machine, hold tight and I’ll show you how to do that afterwards.
First, download UNetbootin and install the program. Then, download the Konboot Floppy image from the Konboot website and extract the zip file (password is kon-boot) so you can get the FD0-konboot-v1.1-2in1.img file. You’ll also have to extract the floppy image file folder as well. Plug in your USB flash drive. It doesn’t have to be very big, I’m just using a little 1 GB flashdrive.
RunÂ UNetbootin on your computer, select Diskimage, click the drop down menu to select floppy and browse for the .img konboot file. Under type, choose USB drive and under Drive, choose your USB drive letter. Double and triple check this so you don’t overwrite your main harddrive! Now click ok and wait for the Konboot floppy image to install onto your USB drive.
Now that you have the USB ready, reboot your computer with the USB plugged in, choose to boot from USB first, and you should see a UNetbootin screen pop up.
Select Default, which is your USB and you should see the Kryptos Logic boot screen, which is KonBoot.
Press any key and you’ll see some Konboot ASCII art and it starts to boot into Windows. You may run into a problem with an infinite loop, and if you do, follow IronGeek’s tutorial for fixing this problem. He was able to modify the syslinux.cfg file to fix this problem.
Go over toÂ IronGeek’s blog and download his .zip file. Extract it, and save the two files onto the root of your USB stick.
Restart your computer and boot from your USB drive again, this time starting with the 1st KonBoot and click through until you get back to the syslinux screen again.
This time choose “”2nd try boot as hd1″”, then try hd2, and hd3 until one of the boots lets you through to Windows.
If you have a 64 bit machine, you won’t be able to use these steps above. The only way I could get it to work on my Windows 7 64 bit laptop was to download the new version of Katana from Hack From A Cave.
Download the Katana RAR file and extract everything to the root of your USB stick. This is 4 gigs so you’ll need a bigger drive. Mine is 8 GB.
Click Start, type CMD, right click and choose Run As Administrator. Type in your USB drive, mine is D:, then enter. Type dir to view files, then type bootinst.bat and press enter. Follow the on screen steps.
Now you’re ready to boot! Restart your computer and boot off the USB. Katana should open. Choose Konboot and log onto Windows.
Now you can get back onto your computer if you forgot your password!
Email me atÂ [email protected] with questions or comments!
This HakTip was sent in from Matt who recently saw me opening a root shell when I was unable to run
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
He wanted to let me know that there is a way to use echo to write to files that need root permissions without getting a root shell by running:
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
runningÂ tee this way will act like a > and if you want to use tee to act like >> then just use tee -a.
Also, Matt votes for vi over nano :)”
Hey guys and gal, Been sharing your segments on proxmox and I am very curious besides the fact that its free, how does it compare to the big boys like vmware ? Also is it good enough for production use say in a small business of 25 users? One lasts question have you heard of ulteo? If so what do you think of using it with proxmox?
Christian Writes: Love all your shows,very interesting stuff. I had a question regarding torrents and proxies. I am using “”””utorrent”””” and would like to mask my real IP. I know there are a couple of paying services out there which would let me use utorrent and not show my real ip address and also encrypt my connection. I was looking at a service like www.btguard.com, I was also looking at open vpn. What are your best suggestions,ideas or recommended services for what I want to do?