Capture & analyze bluetooth packets and Boot Virtual Machines from USB - and more!
This time on the show, capturing and analyzing Bluetooth packets with the Ubertooth One, Kismet and Wireshark, Booting VirtualBox VMs from physical USB drives, bypassing Geo IP location restrictions, and tons more.
If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!
Whether you're a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more.
And let's not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at firstname.lastname@example.org.
T-Mobile's great selection of tablets, laptop sticks and their new Mobile Hotspot gives you the freedom to stay connected with high-speed Internet on the go. Affordable high-speed Internet when and where you want, without overages. Mobile Broadband data plans start at $29.99 per month and current T-Mobile voice customers save an extra 20%! The G-Slate with Google is T-Mobile's first 4G Android tablet, and allows you to take your HD entertainment anywhere. Stay connected at blazing-fast speeds, when and where you want Wi-Fi needed. Immerse yourself in the entertainment you love with downloadable apps, play games, stream video, and check your favorite websites. T-Mobile provides mobile broadband service that allows on-the-go, wireless, high-speed Internet through your choice of portable devices.
If you want to build a video site or if your website has a play button, I recommend getting a dot TV domain. A dot TV website lets you showcase your original content and create a unique site, not just another YouTube channel. Just go to Domain.com and search for the perfect dot TV domain for your new idea. Then use coupon code Hak5 at checkout to save an extra 15%. If you need to host your dot TV website, don't forget about Domain.com's web hosting plans. They're less than six bucks a month and have everything you need to build, maintain, and promote your site. Remember - when you think domain names, think Domain.com.
With more than 23 million members, Netflix is the world's largest subscription service instantly streaming TV episodes and movies over the Internet. For one low monthly price, Netflix unlimited members can instantly watch TV episodes & movies streaming to their TVs and computers. With Netflix you can cancel anytime. Netflix unlimited members can instantly watch thousands of titles on a vast array of devices streaming TV episodes and movies like Microsoft's Xbox 360, Sony's PS3 and Nintendo's Wii console. Find movies you love - easily! As a Netflix unlimited member you can instantly watch as many movies as you want anytime you want for one low monthly price! You can cancel anytime. Get your FREE Trial membership. Go to netflix.com/hak5 and sign up NOW.
Put together by a band of IT ninjas, security professionals and hardcore gamers, Hak5 isn't your typical tech show. We take on hacking in the old-school sense, covering everything from network security, open source and forensics, to DIY modding and the homebrew scene. Then we wrap it all up with a healthy dose of cocktails and geek comedy. Damn the warranties, it's time to Trust your Technolust.
Want the most recent episode of this show always up to date on your website? Use this self-updating embed code!
Following up with our Ubertooth One setup guide form last week, we'll be configuring Kismet and Wireshark to process Bluetooth packets.
Again If you're not familiar, the Ubertooth One is an open source bluetooth testing tool made by Mike Ossmann in response to the lack of good bluetooth testing devices, or the ridiculously high price tags in excess of $10,000 for commercial monitoring equipment.
So in the same sense that we have inexpensive WiFi adapters that can go into monitor or promiscuous mode, we now have the Ubertooth One.
And of course props to HarvestGardener on the BackTrack Linux forums for putting a lot of this together. Most of the Ubertooth development was done on Mac OSX but getting it going in Linux isn't too difficult, thankfully.
wget http://www.kismetwireless.net/code/kismet-2011-03-R2.tar.gz tar xvf kismet-2011-03-R2.tar.gz -C /usr/src/ mv /usr/src/kismet-2011-03-R2/ /usr/src/kismet cd /usr/src/kismet ./configure cd cd ubertooth-r238/host/kismet/plugin-ubertooth make && make install vi /usr/local/etc/kismet.conf #add pcapbtbb to logtypes=
Fire up Kismet. Set your source as ubertooth and start the ubertooth plugin from Kismet > Plugins
Ok, now for the less than fun part. From here we can capture bluetooth packets but we'll probably want something more visual to analyze them. The gold standard for packet analysis is Wireshark for IP and thankfully libbtbb can comes with source so we can use it to build a wireshark plugin.
....or, if we're running the 32-bit version of BackTrack 5 we can download a precompiled version from HarvestGardener on the BT forums.
Just put the btbb files in /usr/local/lib/wireshark/plugins/1.4.6 and you're off to the races.
Today I am following up an episode of HakTip, Virtual Machines 101 with VirtualBox. Today we'll be mashing up two of my new favorite tools -- multi-boot USB drives and Virtual machines.
A while back on HakTip we played with VirtualBox and a Linux Distro. I was able to get Ubuntu running on my Windows laptop with no problems.
And a few weeks ago on Hak5 I demonstrated how to build a Multiboot USB drive with XBoot. I love these Mutliboot USB drives as they save you money and space on your keychain, allowing you to ""burn"" multiple ISOS -- you're favorite boot CDs like Ophcrack, Clonezille or Puppy Linux -- all from one drive. Check out Hak5 episode 920 for info on that.
Of course when you're making these Multiboot USB drives there's some trial and error in the process. And let's be honest, rebooting is a total drag. If only we could boot a Virtual Machine off a USB drive. Well, you can't. Not directly anyhow. But what we can do is turn a USB drive into a file -- a VMDK which as we learned last week are Virtual Machine Hard Disks.
Download and install VirtualBox (version 4.0.6) if you haven't already and hit he key combo WINDOWS KEY + R to bring up the Run dialog. Type in ""diskmgmt.msc"" and hit enter. This will pull up your Disk Management tool. This tool is built in to Windows and is generally used to format, partition, and delete parts of your hard drives, but you can also see and mess around with your USB drives as well."
If you scroll down you can find your USB stick. Mine is this drive that I recently made into a YUMI multibootable drive on an episode of HakTip.
Open the command prompt by again holding WINDOWS KEY and hitting R, then type ""cmd"" (and start as an admin) and hit enter. Type in ""cd %programfiles%\oracle\virtualbox"" and press enter.
Then, type ""VBoxManage internalcommands createrawvmdk -filename %USERPROFILE%\.VirtualBox\usb.vmdk -rawdisk \\.\PhysicalDrive#"" (replace # with your USB disk number - mine is 2) and press enter.
Now that you've done the hard part, start up VirtualBox (as an admin) and create a new Virtual Machine. When prompted for a Virtual Hard Disk, check use existing hard disk and select usb.vmdk.
Once you have finished creating your New Virtual Machine, you're ready to try it out!
I've got VirtualBox open and I'm about to try booting off my USB drive in a VirtualMachine. So I press Start and after waiting a few moments it should boot my flashdrive.
It works! I have booted my multi-boot USB in VirtualBox as a vmdk. Awesome! This is a great way to get around having to restart your computer every time you want to test a USB bootable drive."
Semi colons aren't just for C++ compile errors, ya know? In bash they can be used to string together a set of commands. For example if you wanted to start downloading an archive with wget and then extract it when the download completes you would put wget file.tar.gz ; tar zxvf file.tar.gz on the same line. Sometimes if I know a background process, like a render job, is going to take an hour to complete and I want to upload the resulting file afterwards I'll string together sleep 3600 ; upload.sh videofile.mov. The sleep command will simply wait for the specified amount of seconds, in this case 3600 is an hour.
Want some free Hak5 swag? Submit your 4-bit tips at hak5.org/nibble
Mark writes: In my world, the cellular industry, we call those spaces "guard bands". love the show keep up the good work
Thanks for the clarification Mark
Anonymous writes: I was thinking, is there a way to set up DBAN on your notebook to run on a timer? Say if you don't login within x hours, it will run and wipe everything. Can it be done with any other nuke program?
The only thing I could think of short of rewriting the BIOS is to have a script (assuming you're running Linux) parse /var/log/auth.log and determine whether or not to use a secure delete utility on a volume of choice. Others in IRC have pointed out that one could hide a USB drive tapped into a port inside a laptop but I'm not quite sure how you would go about automating the wipe procedure.
I'm very interested in hearing everyone's thoughts on this so leave your ideas in the comments below.
Delmar1992 says: I am a German national. German sports are now available online. But, my computer knows it is in America. Is there a way of tricking the server and the computer into thinking I'm in Germany so that i can watch it? This also goes for watching Hulu in Germany. Is there a program, or a hack I need? Any suggestions are more than welcome.
A VPN or otherwise tunneling service is what you're after. We've talked in great lengths about setting these up in our 7th season. If you have a friend overseas who is willing to share their Internet connection and setup a server you might be able to VPN or SSH Tunnel that way. Otherwise there are plenty of commercial services that offer just this. One of our friends is a fan of Witopia. We've just started playing with it here at Hak5 so we'll give you our full review in the weeks to come.