Man-in-the-Middle Javascript Keylogger, Social Engineering Toolkit and a ton more- Hak5 Episode 621
Cross Platform Encryption
Mahmoud, as well as many others, wrote in to ask about the cross-platform compatability of the encryption set setup on Hak5 episode 620 using cryptsetup.
The short answer is, no, it’s just for Linux. If you’re looking for something both open source and cross platform look no further than Truecrypt
Spotify in the United States without a proxy
Following up on last week’s question about IP spoofing so users in the US can try out Spotify, we’ve got just the trick without a proxy. Ok, well sorta. If you happen to have a beta invite and a friend, perhapse on IRC, in an allowed country it’s just a matter of having them sign up for you. The only limitation is that you’ll need to have your account signed into from your “home country” every 14 days. On the other hand if you decide to spring for the €9,99/mo premium account you, supposedly, don’t have such limitations. Thanks to Jouni in Finland for hooking me up. I’ll be sad when its game over in two weeks. Or will it?
Virtual Appliances for VirtualBox
If you’re a fan of VirtualBox then you’ll love VirtualBoxImages.com. They’ve got pre-packaged VirtualBox VDI’s ready for your enjoyment.
Javascript Keylogger via Man-in-the-Middle Attack
When it comes to man-in-the-middle attacks just about anything is possible. In this segment Darren explores InGuardians tool the Middler. Using a plugin architecture for manipulating (among others) http traffic, we attempt to get the infamous javascript onKeyPress keylogger going. Without much success in that department Darren goes on to demonstrate iframe injection and ponders ways to make the borked plugin behave.
Social Engineering Toolkit
Hacking isn’t just about remote code execution. Well, I mean, that’s fun and all but rather than exploiting the server, how about exploiting the Human OS. In this segment Mubix demonstrates David Kennedy (aka Rel1k)’s tool, The Social Engineering Toolkit. Despite some challenges with clients that werent setup with Java, Mubix successfully demonstrates meterpreter in conjunction with a cloned site.
Mac Address Spoofing
@Bluesmanchukk writes in to ask about Mac Address Spoofing. Darren and Rob discuss their favorite tools for the job: ifconfig (Linux), GNU MAC Changer (Linux), MadMACs (Windows), Mac Randomizer (Linux).
Multi-Player Notepad
Stoned33 wrote in to ask for our picks for simple online collaboration. Aside from the obvious Google Wave, Rob recommends the recently Google-Acquired yet still operating Etherpad. This real-time document editor is like multi-player notepad on crack. Give it a shot.
January 31 2010 09:48 pm | Uncategorized