Hak5 912 – Stealing Windows passwords. Shannon’s hacking with the Katana USB boot key, automated file renamers, Firefox security extensions & more
This timeÂ Hak5,Â Mubix joins us for more mischeviousÂ Metasploit fun. We’re stealing Windows logins with a crafty keylogger. Shannon’s hacking from a cave with theÂ Katana USB security suite. Plus, automating file renaming in Windows, Firefox security extensions and so much more.
Our favorite framework just got a major update.Â Metasploit 3.7.0 has been released and with it comes a major backend overhaul. You should notice a significant performance increase in handling multiple sessions as well as a nice little update to the SMB stack that’ll all you to perform pass-the-hash attacks against Windows Server 2008. Find out more about this and the 35-some new remote exploits at Rapid7.
Square has opted for encryption on their mobile credit card readers! Square, a successful company that enables just about anyone to be able to take payments through their iPhone, went through a bit of a tiff with Verifone, who recently said Square was basically sending out card skimmers to whoever wanted them. It sounds like Square deemed it necessary to update their hardware, and decided to make a new line of the Square credit card readers. It sounds like Square is becoming a real competitor to Verifone, and a legit one at that.
iOS 4.3.3 has arrived bringing changes to the way the controversial crowd sourced database cache, or “consolidated.db” file works. The update reduces size of the cache, no longer backs up the cache to iTunes, and deletes it when ios location services are turned off. Apple acknowledges that iPhones had been storing as much as a years worth of data even if location services were off, which they claimed as a bug. The database is still unencrypted.
This is some nice news to hear! Jeff Moss, the founder of the infamous hacker conference, Defcon in Las Vegas,Â has been named as ICANN (Internet Corporation for Assigned Names and Numbers)’s chief security officer. Rod Beckstrom, ICANN’s president and chief executive officer, said “I can think of no one with a greater understanding of the security threats facing Internet users and how best to defend against them than Jeff Moss. He has the in-depth insider’s knowledge that can only come from fighting in the trenches of the ongoing war against cyber-threats.”
With theÂ PlayStation Network is still down following a massive data breach, Sony has claimed before the U.S. House Committee on Energy and Commerce that a file named ‘Anonymous’ was found during the investigation. The file contained the words “we are legion”, Kazuo Hirai, chairman of the board of directors of Sony Computer Entertainment America explained. Anonymous, who had previously conducted a large-scale distributed denial of service attack on Sony during the GeoHot case, has denied involvement.
Kerby’s JPop Group of the week
HakTip: Bulk file renaming
We got an email from Chris G, aka Macrohard in the Hak5 forums, who said:
This was the free bulk naming software I was going to try out. I have a vendor that likes to send me a large assortment of files with a lousy .extension name, and I need to work on getting them to process for a document retention system.
Bulk Rename Utility is available atÂ bulkrenameutility.co.uk and it lets you rename several files with a click of your mouse. This free software comes in 32 or 64 bit for Windows.
After downloading and installing, choose a folder or a group of files that you want to change.
After highlighting your files, choose what you want to change. I chose to change the file name (Box 2), and change the case (Box 4) to upper case. Then, I added numbering to the end of each photo (Box 10). All of your changes can be seen under New Name in the file box at the top. Once finished, click Rename. You will get a warning telling you the files are about to be changed. Click ok after double checking and tada! All of your selected files have been fixed in seconds.
If you chose to do this during the install, you can also have a Windows Explorer Extension included when you right click a series of files.
This saves me TONS of time renaming all those photos from CES. Got a tip? We’ll share it! [email protected]
Keylogging Windows logins with Mubix
We have the pleasure of being joined byÂ Mubix, aka Rob Fuller, to demonstrate a crafty Metasploit script for keylogging Winlogon.exe.
Last weeks trivia: The UK version of this device represents 10 Pence with a 1000 Hz tone. What is the device? The Answer was: Red Box
This week’s question is: Serving the Pacific Northwest, Midwest and Rocky Mountains, this Regional Bell Operating Center has merged with neither Verizon or AT&T.
Answer atÂ hak5.wpengine.com/trivia to win some sweet swag.
The Katana USB Security Suite
Last week I demo’d the easy way to install Konboot and way back in Season 8 I had showed you Katana. Katana is a portable multi-boot security suite with all sorts of penetration testing and security applications built into one single flash drive. It has been updated a ton since way back when, so I wanted to do a quick follow up on this lovely piece of awesomesauce version 2.0.
First close down your anti virus software. It’ll freak out when you download Katana due to the tools available through the program. Download the torrent of Katana at hackfromacave.com. It’s a hefty 4 gigs big so have tons of room and an 8 gig flash drive for the install.
Extract the .rar to the root of your USB stick. Open the root of your flash drive, open the boot folder, and right click the ./bootinst.bat batch file and choose “”run as an Administrator””.
Now you have two things you can do. First, check out the Katana Toolkit on your windows machine. This application can run various tools such as KeePass and Unstopable Copier.
Second, you can boot up the Katana boot disc. Unplug your drive, and power down your computer. Plug the flash drive back in and boot from it.
If it works, and it should, you’ll see the screen I see here. Use your arrow keys to navigate up and down through the various tools. For my example, I’m going to boot into Ophcrack, a good tool for your forgetful sibling when they lost their Window’s password. It has built in rainbow tables and can figure out the password in a few seconds. So mine was ‘game’, which you just lost. Ophcrack was able to figure out my simple password with no problem, letting me back into my computer. You’ll notice in Katana you still will have the problem with 64 bit machines running Kon-Boot. If this is the case, first open the boot directory in the root of the Katana drive, then copy the files ‘vesamenu.c32’ and ‘chain.c32’ from this directory into the syslinux/kon-boot directory.
You’ll have to go through a process of choosing Kon-Boot, then boot 2nd HDD, then going back to the Katana main menu. Go back into Kon-Boot and select the next boot from HDD choice. This will enable Kon-Boot to finally work hopefully, but I was having issues with it not working correctly.
This is the general idea of how to get Kon-Boot to work as well on Iron Geek’s blog that I mentioned last week, so maybe you’ll have better luck on your machine!
I got an email from the creator, Ronin, giving me some recent tips and tricks with Katana such as:
- Using the Katana Tool Kit from a locked down Windows system
- Write blocking the Katana drive for cheap using an SD Card
- Using a live CD to avoid needing to access Password blocked BIOSs to modify the Boot Order for USB to Boot.
Katana is a very handy tool for anyone interested in learning more about security and penetration testing. It’s also a great application to have in case you ever need any of the tools available in the ToolKit. Several tools have been added since the initial release of Katana, so I definitely suggest you check out version 2.0. Check out more from Ronin at hackfromacave.com and Email me at [email protected] with your favorite security tools or bootkits.
Hey Hak5 guys! Regularly at work I use Firebug and HTTPFox FireFox add-ons; do you guys recommend any other “”must-have”” security testing Firefox addons? Loving the show; keep up the great work! 🙂
Hi Darren and Shannon, Kerby, the lovable cat and mascot and backbone of Hak5 is a bit of a mystery to the Hak5 viewers ( at least I think ), If you could spare a couple of Hak5 minutes, could we get Kerby’s story, Whom is Kerby’s master, his likes/dislikes etc.
Thanks. Kerby is short for Kerberos — the authentication protocol. If you go back toÂ season 1 you’ll see a bunch of cute Kerby moments. Thanks for writing in.
Hi Hak5, I’ve been meaning to ask this question before but it goes, what kind of upload speeds do you guys get in the Hak5 Studio? And to achieve them, what kind of hardware (eg, modem, load balancer) do you have? I run several virtual servers in my house and the maximum upload speed I can get is around 100 to 150KBps. What I can do to increase the upload speeds? Thank you in advance.
In the *current* studio we’re getting about 6-7 Mbps up. 20-25 down. A lot of that is attributed to the bangin’ router we have. Darren’s a big fan of bothÂ Smoothwall andÂ Untangle. Paul likesÂ M0n0wall andÂ pfsense.
Keep up with the latest on Hak5 by follow us onÂ Twitter orÂ Facebook.Â Subscribe and get your weekly technolust delivered automatically. Or show your support and grab some swag from theÂ HakShop – including the new airport friendlyÂ WiFi Pineapple andhoodie. Finally if you’d like to suggest a topic for ask a question feel free to hit upÂ [email protected].