" War. This week's episode of -- five is brought to you by no daddy. Netflix. And --"

" as welcome back to the kitchen. In a follow up on our brute forcing segment. From last time we -- here except until a little under the weather so I'm gonna bypass the whole. How assaulting with margaritas until and feel a bit better so in the meantime. Last -- we did offline brute forcing today we're gonna talk about. Online brute forcing some chicken noodle soup -- and homemade goodness but before we get into the ingredients. In some theory. To the biggest difference between online reports in offline obviously as you're connected to something right here you're hitting something that's -- years. And in most cases -- theoretically if somebody on the other end right. And and it's obviously much slower mean we should have GPU's. Where you can get like. You know how reasons and how isn't of the times per second. And we're gonna really be calculating our attempts and minutes. Now I before gets humid for that I must stress that I am taking the angle here. Of countermeasures. So while I am showing some online brute forcing. Demonstration. Really what I I don't want to highlight here are some of the ways you can use this to protect yourself. And this is really just it's an -- it's a good example. For many of there. Types of services that are susceptible to very similar things -- the practices kind of similar. So the cool thing is online brute force attacks you know here's the U justice administered on the other hand and not can be detected. It's just a matter are you looking. I look for the right bang and if you are an if you -- you do there's lots things we can do to actually reduce the effectiveness. Of the brute force attack so. And our demonstration we're going to be using terminal services -- a wonderful. Service and most windows servers -- even in windows XP and got enabled. It to -- little thing that lets us do remote access. Using remote desktop connection RDP. Get our our remote connection on and it's nice because it's pretty ubiquitous across the board on windows operating systems and makes systems administrator -- like actually usable. So anyway. Let's go ahead and get into the ingredients. Now for the hack are ingredients are really nothing more than and map to find our target. And -- grinder which is an online brute force attack her hand. Four. For Microsoft terminal services for remote desktop connection. Okay. As far as chicken noodle soup is concerned you know forget that stuff McCain and I'm feeling really sick -- homemade stuff and you're dead right so we've got a pound of boneless skinless chicken breasts right. We've got four of these cubes this is new to me for these kids bullion cubes correct me if I'm wrong that pronunciation but should be cool. Eight cups water already in there we get to we got -- two cups of eighty noodles. Then it's gonna yummy we've got can of chicken that. Chicken broth and HQ and of cream of chicken just nickel creamy -- right. And then we've got some chopped carrots. Some diced celery some diced mushrooms we're gonna throw some onions into the -- and a little bit. Of garlic and Hak5 shot last. That's what we're gonna do. So. Basically we're gonna put it altogether except for the noodles and would elect a boil or not. Quite boil it right under boiling like half hour with the chickens cooked it's gonna like silky and all that goodness and we're going to take the chicken now we're gonna chop it up. And then we're gonna pop back in with the noodles until they're really yummy. And -- service and hopefully analysts are feeling better -- it's gonna do that Eric your ego. Through this and there. You know you know and the chicken. You familiar with a brand. -- that's -- let's not forget -- onions. Are so whilst noses help me out here let me keep -- you guys the scenario. It's Joe are sysadmins and -- are sysadmins. He just set up when new windows server. And his boss like many bosses before him won him to be available off hours in case of any kind of emergency we're not gonna get into double overtime pay thing. Now to make his life a little easier Joe decided to open some ports in the office firewall to give him access to the remote desktop feature is a home. Well Joe is confident about his windows boxes security see he's got automatic updates turned on and he's picked a pretty good password. It's ridiculous. No I mean it's our exclamation point. CU 1 U five. Ridiculous within out of nowhere -- up -- server shell that fire up a map and look around for anything -- 3389. And they see -- server and then make RTS grinder and online terminal servers reporting tool and then these the dash -- option with the really big dictionary file. And the point edge of the server and then pineapple hasn't whiskey sour and then he passes out evil server doubled dirty work. And since the brute force attack takes place over an encrypted argued -- connection and he would be intrusion detection systems don't notice. At Cynthia's trying to disconnect sector but failed attempts nothing is written to the event log so -- O. Doesn't even know. We'll eventually able server gets in and pineapple maliciously these cases is windows wallpaper who with a rude comment about -- mom. Now without getting too detailed into an already pretty simple hack was just take up for what it is and start talking about countermeasures. Keep in mind I'm using windows terminal services here as an example and this could is this here really applies to just about anything. On line that you can brute force so. As far as the windows server is concerned there's a couple of little techniques that we can use here to reduce the effectiveness and the likelihood of this -- place. Now honor winners -- server the first thing that we're gonna want to do is coming here and -- renamed the administrator account. The administrator account by default has access to -- terminal services to you know about. Desktop and we're gonna want to. Change that you something else so I actually have a script here it's pretty simple visual basic Republican just go ahead. And call McMahon -- script and let's can do is renamed. The local administrator account from demonstrated to eighteen -- not because most hackers don't try to use that as the username that they log in from. I mean blab links in the show on this into the same exact thing with a domain administrator account just don't have domain server set up here. Vatican if you walk you through it but -- for that. The next thing that we want to do is we want to review our paths for best practices and of its links in the show notes that -- to bring up this great website. Called password meter dot com and we talked about in episode. Or season three episode nine. And it's a great site that's gonna help you. Test the strength of your password so again you know one more than fourteen characters just for the hold you know element steely. But you loss of one something with lots of numbers and letters characters might not. So. Next thing we need to do is enable complex passwords we can do that here with a little tool called. Pass prop a case so we're gonna run passed prop. And see what gives us now we've got. The if you just run past props without the us last question mark it's gonna let you know with -- administer -- can be simple the administrator account. May not be locked out. That's what we want to change so we're gonna do you pass prop. With slash complex. And that's going to force complex passwords and I'm gonna go back and do it with slash -- lock out. What that means is by default windows server -- does not lock out. It does this for most other users and this is set up your policies but the administrator account it's kind of like wild card here right. Both setting this allows the administrator account to be locked out if too many failed tests are done. Remotely it does not do anything for -- actual keyboard physical security is totally another. Topic that we could talk about there's fun things you can do with. USB. Brute forcing -- that emulates a keyboard not going to get into that now but. If you're not gonna need to worry if you enable this and you've he beef up your password a couple of times you still gonna have all the attempts you want physically -- keyboard. Okay so then. Well we're gonna do. And then this is something that -- you don't have to this is really a security through obscurity thing just like changing it to from administrator to Tina Fey is hot. Is security through obscurity we want to go here into the H key local machine. And under system current control set control and then terminal server you'll find windows. I'm -- the wind stations and RDP TCP. Voters and in there. There is a there is a 3389. And that's exactly what evil server pine Apple did was they just announced without -- and they found this server. This is not foolproof there is a program called. -- T yes. That will basically probe a the windows server to see it as terminal services running in descending with an properly. But. But it is gonna help you a little bit -- just obscure five that a bit. The next thing is to enable. Extensive auditing I have links to that in the show notes and this is the -- did not domain controller it's little bit more difficult to demonstrate if you guys basically. What we want to do is. Tell it to give us gives -- information in the event log on the field access attempts write certain thank you. Really. I -- he he did your own risk. Now thank you. It would denial of service come -- but. So. That's. The thing that that the that the topic for another night Andy right. So would be to be enabling -- extensive auditing is basically going to allow us two see. They'll log on the towns in our have been fewer. There are a couple of programs that are recommend that we'll have links in the show notes for so that you can actually see let you know when when these things have been happening -- an alert you. Like hey you know you're getting. You know thousands of attempts on here you're you have to -- year term of service whatever. Because if you see here I go ahead and I tried like more than five times and on the sixth time here. To try to log into -- through remote access that through the remote desktop what's gonna happen is in my event viewer under system. I'm in the C. And then I. 1012. And that is remote session from client exceeded the maximum. Failed log in attempts right and was first forcibly terminated. That is the only indication -- by default that somebody's trying to brute force your remote desktop here to determine -- services and that's. It by default so you want to enable the advanced logging features. And you might want to look into getting some programs -- alert you when something like that happen and then finally. The best thing that you could possibly do to limit your exposure to an online brute force attempt on remote access her and her -- that remote desktop. Is to not leave your remote desktop. Service open to the world. We've talked about in the past how to tunnel DNC traffic or something like SSH you can do the same thing with. Any particle any port so if you just leave one SSH server running. Our network you can get anything else you want. So that's a more advanced topic I'll have some links that'll help you on the show it to you need to start doing that right now. And let me know if you'd like to see something about that as they can whip up a ditch for SH tunneling. I hope that it was informative we're gonna check on the -- chicken here a little later on in the show and and -- and loved them up feeling good I. Take your eyes."

" Okay so this month we are playing battlefield two you and I gotta say the kids over at -- that square space dot com. Voted for this and I got raving reviews everybody wants to play it so. Enough it's not your -- maybe you should vote for something else. Anywhere playing on January 31 it's the FT dot Hak5 our again definitely join us and with the game. And I -- I have to thank our sponsor Netflix. I gotta say I'm definitely enjoying those Battlestar Galactica dvds thank you very much. With Netflix you can rent over 90000 titles online including lots of Blu-ray titles with free shipping both ways to hear -- They now have over forty shipping senators almost all delivery is happening just one business day. And Netflix plans start at 499. As a new member you can get -- no risk two week free time trial membership. Check it out at www. Netflix.com slash cat five and please guys. Don't forget the WWW. That's gonna take a laid out in I go in some of that sickness."

" I guess -- today show you some alternatives to windows terminals versus now. Yes may be asking yourself why on earth would you need an alternative to windows terminal server. Well turns a -- service licensing is expensive. You're going to be paying -- 85 to ninety dollars per license wore -- windows terminal server. And that starts to add up quite a bit after awhile. There are a lot of small companies and small businesses that would really. Get a lot of usefulness out of terminal services if they can actually just implement it in cost effective manner. So the benefits to running terminal services before we actually get into this segment are. You know software licensing. You have the by licensing for every single computer Richard install it on to because you're actually go installing it on a single machine. On the other is hardware you don't need a core two duo machine with you know four gigs of ram and two. You know run outlook can run you know you're counting software and it just so happens to be based on Java. So what we're gonna do is actually use thin clients to connect to a windows server. So that we can actually just give it to be terminal services. Login. And basically. You didn't utilize the server that your running on as the horse power and the brains behind in all your running applications and think back to if you -- it hurt if you don't work in an office. And at the last time that you work in an office. How many people run that same. Bunch of applications. You've got outlook for Erie canal or thunderbird you've got your web browsing and you've got your counting it may be some other research one day. Five or six applications during the course of today user would use 90% of the time. Basically you're you're you know. 1500 dollar Dell -- the -- whatever is going to waste when you're just using those. Applications and nothing else now can we can obviously understand you need a big -- machine -- but for everybody else all you need. Is it terminal services -- Now. I think small business server and stuff like that they all come with I think five terminal services -- Great what happens when you have 25 people that you want to actually use terminal server for. Well you -- to get the licensing installed a licensing and you work with you know -- licensing manager to actually make sure that."

" Blah blah blah blah blah."

" There's a much easier way and actually you don't even need windows 2000. Three X server to utilize terminal services. What we're gonna do is we're actually gonna use a windows XP box that we have just laying around the office. Actually use that as terminal server you ask how can we do that well. Very easy others application called XP a limited that's available in XP unlimited dot and -- Dot com dot and L. And basically what we can do is we can take any Vista. Any XP or even 2003. Machine and turn it into. A terminal server. So long as it is 32 bit he's working on 64 bit you know whole thing but. 32 -- for now which is cool. The really good thing about this is it's more cost effective. The licensing model. Is actually gonna allow you to. Have unlimited users. For about the same costs as it would cost you two license five users. Out with the Microsoft terminal server licensing. There's two versions of -- One of them is the enterprise version which allows you to authenticate over domain for your terminal server audience. And some other stuff load balancing which is currently working on and then there's also a classic version. Which will allow you to specify 510. Or unlimited license numbers. And this just uses local. Local built in. Username and group database so. What we're gonna deal is I'm actually very got an install. It's actually running on this machine right here. And we're actually gonna come over here to control panel and the demo version you're gonna get three launch its attack at one of those being a local login. Because -- locally so there's one active section. We come over here -- terminal services configuration change support for 3389 if you want to feel a little bit more secure through obscurity -- There is your option for do you want members to be a you know people with remote -- access to be required to be and that you know -- group which is probably a good ideas that you have some auditing. But you can go back to that. I group and say to yourself okay these are the people who have remote access into this terminal server. Or you can just do if they have a domain login you're good to go. Application. Now. If you've ever used terminal services before windows application. Limiting and you know can get a little here. This is is easy is it could possibly be you've got your list of users on a laughed and that list of groups. What we've done is we've gone ahead we've created a -- user because. Derek doesn't need a big machine there just needs terminal services. It's like me off right now but it's true. So what we've done is we've gone ahead we've limited daring to Firefox and notepad but two things -- Needs the most and only ever needs. What we can do is we can actually you know create as many custom applications as we want it would one lock users down. If not you can just him you know you can install the local admin you know all the advocates that you want and and it's just like another terminal server where. They have access to notes. So what we can do is go ahead and create a another application if we wanted to. And this time we can name it outline in what's missed -- change we'll call -- ten. Because it's not actually going to be there. And will call it. -- As not even if it's not here but. That's as easy as a good possibility we can. Verify. And are all the application that we just typed in. Isn't there. So what we actually gonna hand and we wanted to change. The application we hit verify first and application will make sure that the -- XP -- limited pictured that what you want to put in there is actually going to be there. Guess what it's not so we can just go ahead and promote it. Sort of verify an everything's okay we can save the settings. Now. The other cool thing about this is is it comes with -- its own built in web server. And maybe ask yourself why -- anyway it's there well sometimes. Firewall blocking you have the ability to change you know maybe somebody blocks 339 for some reason who the hell knows that. A lot of times. People don't want to. Open a client or don't know how to open a client while while why it's just easier to tell -- website. In this case we can go to the IP address of our machine. I'll show you on this other machine here we're gonna do is we're going to open Firefox. Actually excuse me I need because needs to execute the here when hell is your idea. There's not a big fan and explore so. -- So now we're gonna do is we're gonna go to -- IP address of the machine which is the XP and limited machine which is tend ten. I've typed correctly. Oh that 141. And should come I think. -- statements. Taken statement alone. My and my going to Booth how hot I cannot move back. So here's going to ask you about the BB script and apparently -- Acer has some BB script something turned off. But what you can do here is if it actually installed the ActiveX control. You can username password that you wouldn't do you hand out to your user groups and they can connect right from the web interface. You can also do -- settings for the different you know. Inside the web interface but we're gonna do is we're gonna show you an example of how to. What it looks like when you actually log in via. -- A lot of people don't know that you know terminal services. He is. One of those things that if you use it and hunger like I just use RDP well that's terminal services so what reviews -- And I think I remember his password. And Hillary go so here you can see that. We're actually running the demo version of XP -- limited attack. And under dearest profile we actually and set up to start is Firefox as well as notepad. But we chose to have notepad minimized and Firefox maximized on star. So here. We don't have any start menu we don't have you know all the crap on the desktop that maybe someone the other users have. What we've got is this little button up in the left hand corner which actually lists -- options. There has Firefox and Darren has not yet. -- can't get himself into trouble. Side breaking an otherwise 1500 dollar machine and stand he's isolated into this user -- on this machine -- And he can open multiple. Com -- a notepad if you really wanted to or can open multiple copies of Firefox if you really want it now. You can actually go ahead and enter like I said any application you really want you can also Nast menus one. If you have you know the Microsoft suite of applications you want to block that -- The other nice thing in the last thing -- talk about is terminal services on security on the server side. Basically what it's gonna do is it's actually show you much like windows terminal server you can actually go ahead and take a peek. It too crazy if you could probably spears and stuff -- here. User configuration and local computer configuration just like you would if you were gonna do. You know windows terminal services. You can lock down DNS clients. You know your security settings -- You know startup scripts. Basically anything that you could do security wise with terminal services you can do with XP -- it's completely completely compatible. Avenues and term this XP -- firm probably the last couple days. And it really reminded me of -- and I was worked for a company that actually deployed. Services correctly. So if you think that you have a need for terminal services you don't have money to save your boss. Boss -- we've got thirty people I think. One of them you know could get by on terminal services think about it if you're gonna be doing an upgrade for your systems or anything like that. It is nowadays with the advent. You know. Really inexpensive servers -- like I said we just turned XP into a a terminal server here and it would cost us war. You know a limited users. It would cost us 240 bucks. So how they recommend is check this out XP unlimited dot NL. And right now we're going to go ahead and take it over to Shannon for trivia."

" As well. Another trillion giveaway yeah right now we've kind of gone for. On the ultra obvious mean. CS happens I'm sorry but -- and we haven't -- and give away this week it's -- he -- volume one freak by Ed has scored. It's -- awesome awesome graphic novel and it's this documentary style. Background history of freaking and hacking with so you've probably noticed letters here in the air appearing now and if you Hak5 dot org slash trivia and you put in those little letters here. To point sometimes -- an answer that trivia question and hopefully you'll get it right. If you incident first 24 hours from when this apps episode Ayers you the chance to win this -- wait. Comment back and outside do want to thank our sponsor. Godaddy.com. Starting at less than five dollars a month. Web hosting from god Eddie dot com includes 99 point 9% of time 247 support and free access from -- any posting connection. The place to quickly and stuff. Over fifty free applications like word press Yuma Drupal Oscar hours and more. If you want to make an impact on -- GoDaddy has what you need dot com names as -- as the dollar and 99 plus world class instinct fast and easy website builders and much more. If you enter code hack why and that's it -- one you can get 10% off your entire quarter's. Try it out guys I love -- and it's the rest of the crew in it I think the guys -- finished."

" All right thanks again and now before we wrap up this -- a kind of a couple things get -- we actually had another web application security segment. With our friend Mubix but it turns out when you tether with your iPhone and three G and Skype and well and it will bring that you guys who can do properly in studio yet we -- some emails want to get you. But first we have to think whoever -- sponsors who is bringing you the technolust this week. HP."

" Yeah I was I kind of adjusted and surprise when it -- or you know because -- like I'll. We use that. Did episodes brought you by HP's media smart server power by Microsoft windows home server we have home server. In our house and we use it primarily because we've streamed stuff. Off all of our home server onto -- 360 yeah which is great for that it's great if you guys have a another media center in the house. One of the great great things about it is easy backups of you or. Apple. And windows machine to edit at this missile -- happen and this does the rest well for her Apple machines actually supports. -- think no it supports time machine room. So yeah since that time yet so -- over the network on the HP media smart server. And it's automatic."

" These easy it -- so windows server and and switch all the other clients to you know Mac and Microsoft will be happy. And if if the."

" I'm sure that would work as well. But some it's the automatically maximum protection guys -- insult decline carrier using you know time machine. The media functions of that are absolutely amazing and it's not -- or unlike you know. So many of the other appliances that are out there. This thing actually looks like he did it it it could sit in guys don't have a closet -- throw it into or something might feel a little guilty about putting such as we piece of hardware inside your network closet along with via the switch exactly. So but unfortunately. Ours is tucked away in that thing in the closet but anyway."

" So into it into a digital media experiences. Check out BHP. What is called the medias the media smart server powered by windows homes were there yeah I like. Okay. So. Bill -- us from. This is is follow up report nineteen -- to show us a really great Firefox extension that we can use. For us SSH -- users have been doing a lot of that for -- what is he had -- easily get -- media but there's an airport with some really -- like I can't believe we got an episode upload it back ten minutes ten minutes to upload an HD episode from the Las Vegas airport the only thing redeeming about LA yes. Was twenty negatives. Down and we were getting literally on one point three megabytes a second. Over forty consecutive streams. And -- ridiculous we're just we're stuck in that you all know is it's kind of like scavenger exit find it. Right it appeared there it's good at terminal eight when he. It. Or bring or bring the thou shall fail. They give you 500 Mel watt and the giant and -- to have like like a range thing me. As you walk it detects the -- agencies like. Clinton that's Tumblr like not create them. And -- Mac. Oh isolate you you're not Tumblr tuchman at some and we both went this way and then figured it out yes. Let's let's let's birth something's -- the forum. A into the -- maybe at the -- there's mark yet are so anyway bill writes us had to tell if this really nifty. An extension for Firefox it's you can find every here at Germany's Mozilla extensions -- monkey dot com and it is the -- and here's the."

" I Mexican a lot of people record and they Roxy on my. A month long after a post the how to."

" Yeah switch proxies Graham actually using your right here and she'll fire up the dispute tunnel. And then they can expand. And log in. And dammit I'm running my local proxy and right click down here and going to switch proxy. And proxies and use my local SSH tunnel and now only god and blow your mind that and it's good IP chicken. And I'm not gonna blur it because it's just the IP address of you know Hak5. Web server but -- and -- blown your mind. It's really easy to manage a bunch of different proxies profiles that are happening to into the tools in the settings and all that fun stuff. So thank you bill for writing and also sent an accurate number of what's when the cool accounts kids what does that mean this. But a little -- over at think geek that this deserved a little encouragement not a sponsor anything but I think this is really -- It's the phantom keystroke logger it comes to -- not longer it's published. Key stroke her version -- with this guy does is WSB. I got that you Poppins is it to when -- co workers machines right and it annuity USB. Mouse and keyboard doesn't taken drivers or anything like that when -- uses radio device right. Well you can say it's -- hold on balance -- we can set interval that it will actually a keystroke or do on our movement. As city you can -- is like the actor is in of the you know it's fun little thing beats in the -- my dad -- right we have I I don't know where we we should reluctant with the -- three kids but I always then again they TSA would it sounded and then that put him and I god. And trigger would've gotten another -- down. -- So that is the -- future and I said have a link here to the DSO deep deep thought advisor it's a little device that -- resources -- indecent video editing on it. Nifty little toy where it's USB -- not -- speeds of PGA pass through that goes in between your VGA. And your monitor and your your computer here at anything obvious yet so he actually did a demo of Goobuntu machine getting a DS that he. As far as your computers now in school is just it's."

" Being an uncle -- as well yeah. Ha fat version of this week. Luther computer real. I feel better but it's -- because you were sick. -- think you -- even though I'm not sick person who think that it's completely or partly yeah we're done all. They -- thank you guys joining us really -- We like -- good friend and next week we'll be here again big time thing right here again."

" Yeah."

" Both mentally."

" Yeah."

" Yeah you like that very good reviews and even. SploitCast."

" Who wants that your favorite your favorite item or bug -- I should."

" So --"

" War. This week's episode of -- five is brought to you by no daddy. Netflix. And --"

" as welcome back to the kitchen. In a follow up on our brute forcing segment. From last time we -- here except until a little under the weather so I'm gonna bypass the whole. How assaulting with margaritas until and feel a bit better so in the meantime. Last -- we did offline brute forcing today we're gonna talk about. Online brute forcing some chicken noodle soup -- and homemade goodness but before we get into the ingredients. In some theory. To the biggest difference between online reports in offline obviously as you're connected to something right here you're hitting something that's -- years. And in most cases -- theoretically if somebody on the other end right. And and it's obviously much slower mean we should have GPU's. Where you can get like. You know how reasons and how isn't of the times per second. And we're gonna really be calculating our attempts and minutes. Now I before gets humid for that I must stress that I am taking the angle here. Of countermeasures. So while I am showing some online brute forcing. Demonstration. Really what I I don't want to highlight here are some of the ways you can use this to protect yourself. And this is really just it's an -- it's a good example. For many of there. Types of services that are susceptible to very similar things -- the practices kind of similar. So the cool thing is online brute force attacks you know here's the U justice administered on the other hand and not can be detected. It's just a matter are you looking. I look for the right bang and if you are an if you -- you do there's lots things we can do to actually reduce the effectiveness. Of the brute force attack so. And our demonstration we're going to be using terminal services -- a wonderful. Service and most windows servers -- even in windows XP and got enabled. It to -- little thing that lets us do remote access. Using remote desktop connection RDP. Get our our remote connection on and it's nice because it's pretty ubiquitous across the board on windows operating systems and makes systems administrator -- like actually usable. So anyway. Let's go ahead and get into the ingredients. Now for the hack are ingredients are really nothing more than and map to find our target. And -- grinder which is an online brute force attack her hand. Four. For Microsoft terminal services for remote desktop connection. Okay. As far as chicken noodle soup is concerned you know forget that stuff McCain and I'm feeling really sick -- homemade stuff and you're dead right so we've got a pound of boneless skinless chicken breasts right. We've got four of these cubes this is new to me for these kids bullion cubes correct me if I'm wrong that pronunciation but should be cool. Eight cups water already in there we get to we got -- two cups of eighty noodles. Then it's gonna yummy we've got can of chicken that. Chicken broth and HQ and of cream of chicken just nickel creamy -- right. And then we've got some chopped carrots. Some diced celery some diced mushrooms we're gonna throw some onions into the -- and a little bit. Of garlic and Hak5 shot last. That's what we're gonna do. So. Basically we're gonna put it altogether except for the noodles and would elect a boil or not. Quite boil it right under boiling like half hour with the chickens cooked it's gonna like silky and all that goodness and we're going to take the chicken now we're gonna chop it up. And then we're gonna pop back in with the noodles until they're really yummy. And -- service and hopefully analysts are feeling better -- it's gonna do that Eric your ego. Through this and there. You know you know and the chicken. You familiar with a brand. -- that's -- let's not forget -- onions. Are so whilst noses help me out here let me keep -- you guys the scenario. It's Joe are sysadmins and -- are sysadmins. He just set up when new windows server. And his boss like many bosses before him won him to be available off hours in case of any kind of emergency we're not gonna get into double overtime pay thing. Now to make his life a little easier Joe decided to open some ports in the office firewall to give him access to the remote desktop feature is a home. Well Joe is confident about his windows boxes security see he's got automatic updates turned on and he's picked a pretty good password. It's ridiculous. No I mean it's our exclamation point. CU 1 U five. Ridiculous within out of nowhere -- up -- server shell that fire up a map and look around for anything -- 3389. And they see -- server and then make RTS grinder and online terminal servers reporting tool and then these the dash -- option with the really big dictionary file. And the point edge of the server and then pineapple hasn't whiskey sour and then he passes out evil server doubled dirty work. And since the brute force attack takes place over an encrypted argued -- connection and he would be intrusion detection systems don't notice. At Cynthia's trying to disconnect sector but failed attempts nothing is written to the event log so -- O. Doesn't even know. We'll eventually able server gets in and pineapple maliciously these cases is windows wallpaper who with a rude comment about -- mom. Now without getting too detailed into an already pretty simple hack was just take up for what it is and start talking about countermeasures. Keep in mind I'm using windows terminal services here as an example and this could is this here really applies to just about anything. On line that you can brute force so. As far as the windows server is concerned there's a couple of little techniques that we can use here to reduce the effectiveness and the likelihood of this -- place. Now honor winners -- server the first thing that we're gonna want to do is coming here and -- renamed the administrator account. The administrator account by default has access to -- terminal services to you know about. Desktop and we're gonna want to. Change that you something else so I actually have a script here it's pretty simple visual basic Republican just go ahead. And call McMahon -- script and let's can do is renamed. The local administrator account from demonstrated to eighteen -- not because most hackers don't try to use that as the username that they log in from. I mean blab links in the show on this into the same exact thing with a domain administrator account just don't have domain server set up here. Vatican if you walk you through it but -- for that. The next thing that we want to do is we want to review our paths for best practices and of its links in the show notes that -- to bring up this great website. Called password meter dot com and we talked about in episode. Or season three episode nine. And it's a great site that's gonna help you. Test the strength of your password so again you know one more than fourteen characters just for the hold you know element steely. But you loss of one something with lots of numbers and letters characters might not. So. Next thing we need to do is enable complex passwords we can do that here with a little tool called. Pass prop a case so we're gonna run passed prop. And see what gives us now we've got. The if you just run past props without the us last question mark it's gonna let you know with -- administer -- can be simple the administrator account. May not be locked out. That's what we want to change so we're gonna do you pass prop. With slash complex. And that's going to force complex passwords and I'm gonna go back and do it with slash -- lock out. What that means is by default windows server -- does not lock out. It does this for most other users and this is set up your policies but the administrator account it's kind of like wild card here right. Both setting this allows the administrator account to be locked out if too many failed tests are done. Remotely it does not do anything for -- actual keyboard physical security is totally another. Topic that we could talk about there's fun things you can do with. USB. Brute forcing -- that emulates a keyboard not going to get into that now but. If you're not gonna need to worry if you enable this and you've he beef up your password a couple of times you still gonna have all the attempts you want physically -- keyboard. Okay so then. Well we're gonna do. And then this is something that -- you don't have to this is really a security through obscurity thing just like changing it to from administrator to Tina Fey is hot. Is security through obscurity we want to go here into the H key local machine. And under system current control set control and then terminal server you'll find windows. I'm -- the wind stations and RDP TCP. Voters and in there. There is a there is a 3389. And that's exactly what evil server pine Apple did was they just announced without -- and they found this server. This is not foolproof there is a program called. -- T yes. That will basically probe a the windows server to see it as terminal services running in descending with an properly. But. But it is gonna help you a little bit -- just obscure five that a bit. The next thing is to enable. Extensive auditing I have links to that in the show notes and this is the -- did not domain controller it's little bit more difficult to demonstrate if you guys basically. What we want to do is. Tell it to give us gives -- information in the event log on the field access attempts write certain thank you. Really. I -- he he did your own risk. Now thank you. It would denial of service come -- but. So. That's. The thing that that the that the topic for another night Andy right. So would be to be enabling -- extensive auditing is basically going to allow us two see. They'll log on the towns in our have been fewer. There are a couple of programs that are recommend that we'll have links in the show notes for so that you can actually see let you know when when these things have been happening -- an alert you. Like hey you know you're getting. You know thousands of attempts on here you're you have to -- year term of service whatever. Because if you see here I go ahead and I tried like more than five times and on the sixth time here. To try to log into -- through remote access that through the remote desktop what's gonna happen is in my event viewer under system. I'm in the C. And then I. 1012. And that is remote session from client exceeded the maximum. Failed log in attempts right and was first forcibly terminated. That is the only indication -- by default that somebody's trying to brute force your remote desktop here to determine -- services and that's. It by default so you want to enable the advanced logging features. And you might want to look into getting some programs -- alert you when something like that happen and then finally. The best thing that you could possibly do to limit your exposure to an online brute force attempt on remote access her and her -- that remote desktop. Is to not leave your remote desktop. Service open to the world. We've talked about in the past how to tunnel DNC traffic or something like SSH you can do the same thing with. Any particle any port so if you just leave one SSH server running. Our network you can get anything else you want. So that's a more advanced topic I'll have some links that'll help you on the show it to you need to start doing that right now. And let me know if you'd like to see something about that as they can whip up a ditch for SH tunneling. I hope that it was informative we're gonna check on the -- chicken here a little later on in the show and and -- and loved them up feeling good I. Take your eyes."

" Okay so this month we are playing battlefield two you and I gotta say the kids over at -- that square space dot com. Voted for this and I got raving reviews everybody wants to play it so. Enough it's not your -- maybe you should vote for something else. Anywhere playing on January 31 it's the FT dot Hak5 our again definitely join us and with the game. And I -- I have to thank our sponsor Netflix. I gotta say I'm definitely enjoying those Battlestar Galactica dvds thank you very much. With Netflix you can rent over 90000 titles online including lots of Blu-ray titles with free shipping both ways to hear -- They now have over forty shipping senators almost all delivery is happening just one business day. And Netflix plans start at 499. As a new member you can get -- no risk two week free time trial membership. Check it out at www. Netflix.com slash cat five and please guys. Don't forget the WWW. That's gonna take a laid out in I go in some of that sickness."

" I guess -- today show you some alternatives to windows terminals versus now. Yes may be asking yourself why on earth would you need an alternative to windows terminal server. Well turns a -- service licensing is expensive. You're going to be paying -- 85 to ninety dollars per license wore -- windows terminal server. And that starts to add up quite a bit after awhile. There are a lot of small companies and small businesses that would really. Get a lot of usefulness out of terminal services if they can actually just implement it in cost effective manner. So the benefits to running terminal services before we actually get into this segment are. You know software licensing. You have the by licensing for every single computer Richard install it on to because you're actually go installing it on a single machine. On the other is hardware you don't need a core two duo machine with you know four gigs of ram and two. You know run outlook can run you know you're counting software and it just so happens to be based on Java. So what we're gonna do is actually use thin clients to connect to a windows server. So that we can actually just give it to be terminal services. Login. And basically. You didn't utilize the server that your running on as the horse power and the brains behind in all your running applications and think back to if you -- it hurt if you don't work in an office. And at the last time that you work in an office. How many people run that same. Bunch of applications. You've got outlook for Erie canal or thunderbird you've got your web browsing and you've got your counting it may be some other research one day. Five or six applications during the course of today user would use 90% of the time. Basically you're you're you know. 1500 dollar Dell -- the -- whatever is going to waste when you're just using those. Applications and nothing else now can we can obviously understand you need a big -- machine -- but for everybody else all you need. Is it terminal services -- Now. I think small business server and stuff like that they all come with I think five terminal services -- Great what happens when you have 25 people that you want to actually use terminal server for. Well you -- to get the licensing installed a licensing and you work with you know -- licensing manager to actually make sure that."

" Blah blah blah blah blah."

" There's a much easier way and actually you don't even need windows 2000. Three X server to utilize terminal services. What we're gonna do is we're actually gonna use a windows XP box that we have just laying around the office. Actually use that as terminal server you ask how can we do that well. Very easy others application called XP a limited that's available in XP unlimited dot and -- Dot com dot and L. And basically what we can do is we can take any Vista. Any XP or even 2003. Machine and turn it into. A terminal server. So long as it is 32 bit he's working on 64 bit you know whole thing but. 32 -- for now which is cool. The really good thing about this is it's more cost effective. The licensing model. Is actually gonna allow you to. Have unlimited users. For about the same costs as it would cost you two license five users. Out with the Microsoft terminal server licensing. There's two versions of -- One of them is the enterprise version which allows you to authenticate over domain for your terminal server audience. And some other stuff load balancing which is currently working on and then there's also a classic version. Which will allow you to specify 510. Or unlimited license numbers. And this just uses local. Local built in. Username and group database so. What we're gonna deal is I'm actually very got an install. It's actually running on this machine right here. And we're actually gonna come over here to control panel and the demo version you're gonna get three launch its attack at one of those being a local login. Because -- locally so there's one active section. We come over here -- terminal services configuration change support for 3389 if you want to feel a little bit more secure through obscurity -- There is your option for do you want members to be a you know people with remote -- access to be required to be and that you know -- group which is probably a good ideas that you have some auditing. But you can go back to that. I group and say to yourself okay these are the people who have remote access into this terminal server. Or you can just do if they have a domain login you're good to go. Application. Now. If you've ever used terminal services before windows application. Limiting and you know can get a little here. This is is easy is it could possibly be you've got your list of users on a laughed and that list of groups. What we've done is we've gone ahead we've created a -- user because. Derek doesn't need a big machine there just needs terminal services. It's like me off right now but it's true. So what we've done is we've gone ahead we've limited daring to Firefox and notepad but two things -- Needs the most and only ever needs. What we can do is we can actually you know create as many custom applications as we want it would one lock users down. If not you can just him you know you can install the local admin you know all the advocates that you want and and it's just like another terminal server where. They have access to notes. So what we can do is go ahead and create a another application if we wanted to. And this time we can name it outline in what's missed -- change we'll call -- ten. Because it's not actually going to be there. And will call it. -- As not even if it's not here but. That's as easy as a good possibility we can. Verify. And are all the application that we just typed in. Isn't there. So what we actually gonna hand and we wanted to change. The application we hit verify first and application will make sure that the -- XP -- limited pictured that what you want to put in there is actually going to be there. Guess what it's not so we can just go ahead and promote it. Sort of verify an everything's okay we can save the settings. Now. The other cool thing about this is is it comes with -- its own built in web server. And maybe ask yourself why -- anyway it's there well sometimes. Firewall blocking you have the ability to change you know maybe somebody blocks 339 for some reason who the hell knows that. A lot of times. People don't want to. Open a client or don't know how to open a client while while why it's just easier to tell -- website. In this case we can go to the IP address of our machine. I'll show you on this other machine here we're gonna do is we're going to open Firefox. Actually excuse me I need because needs to execute the here when hell is your idea. There's not a big fan and explore so. -- So now we're gonna do is we're gonna go to -- IP address of the machine which is the XP and limited machine which is tend ten. I've typed correctly. Oh that 141. And should come I think. -- statements. Taken statement alone. My and my going to Booth how hot I cannot move back. So here's going to ask you about the BB script and apparently -- Acer has some BB script something turned off. But what you can do here is if it actually installed the ActiveX control. You can username password that you wouldn't do you hand out to your user groups and they can connect right from the web interface. You can also do -- settings for the different you know. Inside the web interface but we're gonna do is we're gonna show you an example of how to. What it looks like when you actually log in via. -- A lot of people don't know that you know terminal services. He is. One of those things that if you use it and hunger like I just use RDP well that's terminal services so what reviews -- And I think I remember his password. And Hillary go so here you can see that. We're actually running the demo version of XP -- limited attack. And under dearest profile we actually and set up to start is Firefox as well as notepad. But we chose to have notepad minimized and Firefox maximized on star. So here. We don't have any start menu we don't have you know all the crap on the desktop that maybe someone the other users have. What we've got is this little button up in the left hand corner which actually lists -- options. There has Firefox and Darren has not yet. -- can't get himself into trouble. Side breaking an otherwise 1500 dollar machine and stand he's isolated into this user -- on this machine -- And he can open multiple. Com -- a notepad if you really wanted to or can open multiple copies of Firefox if you really want it now. You can actually go ahead and enter like I said any application you really want you can also Nast menus one. If you have you know the Microsoft suite of applications you want to block that -- The other nice thing in the last thing -- talk about is terminal services on security on the server side. Basically what it's gonna do is it's actually show you much like windows terminal server you can actually go ahead and take a peek. It too crazy if you could probably spears and stuff -- here. User configuration and local computer configuration just like you would if you were gonna do. You know windows terminal services. You can lock down DNS clients. You know your security settings -- You know startup scripts. Basically anything that you could do security wise with terminal services you can do with XP -- it's completely completely compatible. Avenues and term this XP -- firm probably the last couple days. And it really reminded me of -- and I was worked for a company that actually deployed. Services correctly. So if you think that you have a need for terminal services you don't have money to save your boss. Boss -- we've got thirty people I think. One of them you know could get by on terminal services think about it if you're gonna be doing an upgrade for your systems or anything like that. It is nowadays with the advent. You know. Really inexpensive servers -- like I said we just turned XP into a a terminal server here and it would cost us war. You know a limited users. It would cost us 240 bucks. So how they recommend is check this out XP unlimited dot NL. And right now we're going to go ahead and take it over to Shannon for trivia."

" As well. Another trillion giveaway yeah right now we've kind of gone for. On the ultra obvious mean. CS happens I'm sorry but -- and we haven't -- and give away this week it's -- he -- volume one freak by Ed has scored. It's -- awesome awesome graphic novel and it's this documentary style. Background history of freaking and hacking with so you've probably noticed letters here in the air appearing now and if you Hak5 dot org slash trivia and you put in those little letters here. To point sometimes -- an answer that trivia question and hopefully you'll get it right. If you incident first 24 hours from when this apps episode Ayers you the chance to win this -- wait. Comment back and outside do want to thank our sponsor. Godaddy.com. Starting at less than five dollars a month. Web hosting from god Eddie dot com includes 99 point 9% of time 247 support and free access from -- any posting connection. The place to quickly and stuff. Over fifty free applications like word press Yuma Drupal Oscar hours and more. If you want to make an impact on -- GoDaddy has what you need dot com names as -- as the dollar and 99 plus world class instinct fast and easy website builders and much more. If you enter code hack why and that's it -- one you can get 10% off your entire quarter's. Try it out guys I love -- and it's the rest of the crew in it I think the guys -- finished."

" All right thanks again and now before we wrap up this -- a kind of a couple things get -- we actually had another web application security segment. With our friend Mubix but it turns out when you tether with your iPhone and three G and Skype and well and it will bring that you guys who can do properly in studio yet we -- some emails want to get you. But first we have to think whoever -- sponsors who is bringing you the technolust this week. HP."

" Yeah I was I kind of adjusted and surprise when it -- or you know because -- like I'll. We use that. Did episodes brought you by HP's media smart server power by Microsoft windows home server we have home server. In our house and we use it primarily because we've streamed stuff. Off all of our home server onto -- 360 yeah which is great for that it's great if you guys have a another media center in the house. One of the great great things about it is easy backups of you or. Apple. And windows machine to edit at this missile -- happen and this does the rest well for her Apple machines actually supports. -- think no it supports time machine room. So yeah since that time yet so -- over the network on the HP media smart server. And it's automatic."

" These easy it -- so windows server and and switch all the other clients to you know Mac and Microsoft will be happy. And if if the."

" I'm sure that would work as well. But some it's the automatically maximum protection guys -- insult decline carrier using you know time machine. The media functions of that are absolutely amazing and it's not -- or unlike you know. So many of the other appliances that are out there. This thing actually looks like he did it it it could sit in guys don't have a closet -- throw it into or something might feel a little guilty about putting such as we piece of hardware inside your network closet along with via the switch exactly. So but unfortunately. Ours is tucked away in that thing in the closet but anyway."

" So into it into a digital media experiences. Check out BHP. What is called the medias the media smart server powered by windows homes were there yeah I like. Okay. So. Bill -- us from. This is is follow up report nineteen -- to show us a really great Firefox extension that we can use. For us SSH -- users have been doing a lot of that for -- what is he had -- easily get -- media but there's an airport with some really -- like I can't believe we got an episode upload it back ten minutes ten minutes to upload an HD episode from the Las Vegas airport the only thing redeeming about LA yes. Was twenty negatives. Down and we were getting literally on one point three megabytes a second. Over forty consecutive streams. And -- ridiculous we're just we're stuck in that you all know is it's kind of like scavenger exit find it. Right it appeared there it's good at terminal eight when he. It. Or bring or bring the thou shall fail. They give you 500 Mel watt and the giant and -- to have like like a range thing me. As you walk it detects the -- agencies like. Clinton that's Tumblr like not create them. And -- Mac. Oh isolate you you're not Tumblr tuchman at some and we both went this way and then figured it out yes. Let's let's let's birth something's -- the forum. A into the -- maybe at the -- there's mark yet are so anyway bill writes us had to tell if this really nifty. An extension for Firefox it's you can find every here at Germany's Mozilla extensions -- monkey dot com and it is the -- and here's the."

" I Mexican a lot of people record and they Roxy on my. A month long after a post the how to."

" Yeah switch proxies Graham actually using your right here and she'll fire up the dispute tunnel. And then they can expand. And log in. And dammit I'm running my local proxy and right click down here and going to switch proxy. And proxies and use my local SSH tunnel and now only god and blow your mind that and it's good IP chicken. And I'm not gonna blur it because it's just the IP address of you know Hak5. Web server but -- and -- blown your mind. It's really easy to manage a bunch of different proxies profiles that are happening to into the tools in the settings and all that fun stuff. So thank you bill for writing and also sent an accurate number of what's when the cool accounts kids what does that mean this. But a little -- over at think geek that this deserved a little encouragement not a sponsor anything but I think this is really -- It's the phantom keystroke logger it comes to -- not longer it's published. Key stroke her version -- with this guy does is WSB. I got that you Poppins is it to when -- co workers machines right and it annuity USB. Mouse and keyboard doesn't taken drivers or anything like that when -- uses radio device right. Well you can say it's -- hold on balance -- we can set interval that it will actually a keystroke or do on our movement. As city you can -- is like the actor is in of the you know it's fun little thing beats in the -- my dad -- right we have I I don't know where we we should reluctant with the -- three kids but I always then again they TSA would it sounded and then that put him and I god. And trigger would've gotten another -- down. -- So that is the -- future and I said have a link here to the DSO deep deep thought advisor it's a little device that -- resources -- indecent video editing on it. Nifty little toy where it's USB -- not -- speeds of PGA pass through that goes in between your VGA. And your monitor and your your computer here at anything obvious yet so he actually did a demo of Goobuntu machine getting a DS that he. As far as your computers now in school is just it's."

" Being an uncle -- as well yeah. Ha fat version of this week. Luther computer real. I feel better but it's -- because you were sick. -- think you -- even though I'm not sick person who think that it's completely or partly yeah we're done all. They -- thank you guys joining us really -- We like -- good friend and next week we'll be here again big time thing right here again."

" Yeah."

" Both mentally."

" Yeah."

" Yeah you like that very good reviews and even. SploitCast."

" Who wants that your favorite your favorite item or bug -- I should."

" So --"