Episode 424 – PHP Twitter Tamagotchi and ROFLcon
January 29th, 2009 -- Posted in Uncategorized | 1 Comment »
1337 g@m3r, n00b h@x0r
tech reviews, anime news, and teh life of snubs
Snubsie’s Flickr
@Snubs Twitter
Archive for January, 2009
Episode 423 – Securing Remote Desktop, Online Brute Forcing and Terminal Service Alternatives
January 22nd, 2009 -- Posted in Podcasts, technology | No Comments »
Darren’s back in the kitchen with an illustrated scenario of online brute forcing every systems administrators beloved remote desktop. He whips up some home made chicken noodle soup and tosses on the ol’ white hat for a talk about countermeasures and security best practices. Then Matt brings you a full featured and aggressively priced alternative to Microsoft’s own Terminal Service. Do I hear cheap thin clients around the corner?
Online Brute Force Countermeasures And Chicken Noodle Soup
Similar in function to SSH, Remote Desktop Protocol is one of the essential tools for administrating Microsoft Windows Servers. The natively encrypted services comes standard on Windows Server and even XP Pro and Vista. It is also serve as the example for a brief follow up to my previous segment on Offline Brute Forcing.
In my scenario I demonstrate how the tool TSGrinder can be used to perform dictionary attacks against RDP services with character substitution (or leet) options. This attack simply demonstrates a few weaknesses in Windows.
First of all by default the Administrator account cannot be locked out remotely. This behavior can be changed using the Passprop utility from the Windows 2000 resource kit. This tool will also allow you to enforce strong passwords. It is also recommended that the administrator account be renamed. There are a few tools for this as well. Though more obscurity than security I recommend changing the RDP listen port. I strongly recommend reviewing Microsoft’s password best practices and considering passphrases. PasswordMeter.com is a nice site that will rate your password on complexity. Finally I recommend enabling extensive auditing. There are a number of third party security applications made specifically for auditing that offer alerting options on events such as online brute force attempts. One application in particular, 2X SecureRDP offers advanced filtering based on IP and Mac addresses for RDP connections. I’m particularly interesting in hearing your feedback on Windows extensive auditing software so please drop me a line, darrenAThak5.0rg!
And my final recommendation on securing RDP is to limit its exposure by keeping TCP 3389 (or whatever port you’ve changed it to) closed. A little SSH tunneling or VPNing can go a long way to keeping unncessary serices away from the wild wild web. I’ve laid the foundation for this in a segment on 1×07 and will follow up with a more robust VPN segment soon. If you’ve got ideas again drop me a line.
Episode 422 – CES 2009 Wrap Up. A Bundle of Bling Sure to Tickle Your Technolust!
January 18th, 2009 -- Posted in Podcasts, technology | No Comments »eCoupled Technology – Fulton Innovation
Boxee (Alpha Invites for Hak5 fans
Episode 420 – CES Day 1: Magnetic Card Reader Encryption, LCD eyewear, USB over ethernet, 3D printing and more
January 14th, 2009 -- Posted in Podcasts, technology | No Comments »We show off some of the neatest toys found at CES 2009
QwicKey – Personal Online Security Device
Vuzix iWear 1440 Virtual Reality eyewear
nPower Personal Energy Charger
Super Talent Worlds “smallest” flash drive
Shapeways 3D printing
The “hunt + peck keyboard for one finger typist” – Complete with the LOL key. Really.
Audio Bone Ear Free Listening
Episode 421 – CES Day 2: Netbook Tablets, Ultra Portables, USB3, PVRs, and Scuba Gear?
January 14th, 2009 -- Posted in Uncategorized | No Comments »After scouring the show floor for the second day we reconvene at the NBC Universal stage to bring you guys some technolust. Netbooks, USB3, PVRs Oh My!
Hauppauge HD PVR
Nextar Z10 Micro Projector
Fresco Logic USB3 SSD
Asus eee T91 tablet netbook
Fujitsu LifeBook u820
Shuttle portable touchscreen
Liquid Image Scuba Series HD320
Contour Design Roller Mouse Pro and Contour Mouse
Episode 419 – GPU accelerated MD5 Brute Forcing, Easy Windows Password Recovery with Ophcrack live USB and Dave Randolph
January 14th, 2009 -- Posted in Podcasts, technology | No Comments »In this first episode of ‘09 Dave Randolph joins us to geek out about all things video. Darren whips up a Password Cracking Cocktail and shows off a wicked fast MD5 brute force tool that harnesses the power of your Nvidia graphics card. Shannon saves the day by recovering her sisters Windows password with Ophcrack Live. And Evil Server gets his evil on while we were away on holiday.
MD5 Brute Forcing with your graphics card
Since Nvidia released the CUDA API for Windows, Mac and Linux a number of advances have taken place in the world of brute forcing. In this episode I feature a tool by Svarychevski Michail Aleksandrovich that claims to be the world’s fastest MD5 cracker – BarsWF
Using the brute forcer with a couple Nvidia 8 series or newer graphics cards you’re able to achieve unprecidented speeds. I’ve seen claims of nearly 4 billion hashes per second with quad SLI.
CUDA has also spurred other developments, such as this NTLM brute forcer for Linux.
In my segment I go into the very basics of password cracking theory and MD5 hashes with some simple scenarios. My aim is to provide a fundamental understanding of the concepts. If you’re interested in reading more I suggest starting here.
–Darren Kitchen
Windows Password Recovery with Ophcrack Live USB
Recovering Windows Passwords coulnd’t be easier with Ophcrack Live on USB. Whether it’s your sister’s forgotten XP account or [insert other legit reason] a little USB booting and Rainbow Table loving’s got you covered.
Preparing an Ophcrack USB key is as simple as formatting your drive for FAT32 with the HP USB format tool. Downloading and launching USBOphcrack.exe and running the included batch file. The program will download a small set of rainbow tables and prepare your USB drive.
For even higher password recovering accuracy I recommend finding a larger set of Ophcrack compatible rainbow tables. Or if you’re feeling adventerous why not try out the Hak5 community rainbow tables — a whopping 120GB of NTLM goodness.
–Shannon Morse
Be sure to follow one of us on Twitter if you’ll be at CES this week. We’ll be there finding all the best hackable gadgets!
Episode 418 – Laser Range Finding and File Recovery
January 1st, 2009 -- Posted in Podcasts, technology | 1 Comment »Download it here!
In this new years eve episode Jason Appelbaum joins us to talk about Laser Range Finding using the USB Missile Launcher and some custom code. Chris Gerling is in the house doing file recovery the down and dirty way. Trust your Technolust and thanks for a great ‘08!
Laser Range Finding
Adding laser range finding to the web missile software would make is so the web user could determine if a target is in range of the missile launcher. The laser range finding software does work but it is a slightly changeling getting it work with current hardware because of the age of the software. It’s really more of a proof of concept than a real tool. The theory behind it, is that distance of the laser can be determined by counting the number of pixels from the center of the CCD to the point lasers reflects on the CDD, that count plus the distance between the laser and the camera gives us the side of the triangle. Then using some simple trigonometry you can find the base of the triangle which is the distance that the object is from the laser.
The problem is the size of the dot on the CCD is not taken into account, so this theory only works for objects in a certain range. That range depends on the distance between the laser and camera. The missile launcher has a short range so the new idea is using two cameras for the laser range finding, one for the missile launchers short range needs and one for long range playing with the cat. Then you can get the best of both worlds the new concept.
There is also a hardware solution
–Jason Appelbaum
File Recovery with the SIFT
In 418 I demonstrated some of the basics in recovering deleted files. Using a DD image taken from a usb drive which had files deleted from it first, I showed off a program called fls which shows you the inodes for each file on a system. Using these inode references, you can carve out in a filesystem exactly where a given file is supposed to reside in the unallocated space. Darren and I discuss some of the math behind this. In the next part I will be showing an easier method of doing this via foremost.
–Chris Gerling
Until next week we welcome your feedback and remind you to Trust your Technolust