Hacking

This is an untested theory, but I don’t see why it wouldn’t work. Anyone who wants to prove it either way is very welcome to comment on the matter below.

Ok. Say you have the following exerpt from an /etc/shadow file:

root:awac7eQv2CT0g:12685:0:10000::::

or billybob:$7$b1XHzqR5$RJxOyHRAix2rVmtXyHkLikmnod.z94P6vSL1h8ZeUdY/urvOvkvJjg2hn/J0r90YAdAA8HedGIPR2D7.zIzJS0:14438:0:99999:7:::
 

Both passwords in clear text are “uncrackable”. Here is where the trick comes into it. We use the weakness in LM hashes to crack the password (as long as it’s under 15 characters of course). We do this by slamming the password into our system, installing SAMBA, and telling it to use our UNIX users/pass combos for authenitcation. Then we use the LM cracking method of choice, and you get the clear text password.

Using one cracking method to crack other encryptions. Again, just a theory as I haven’t tested it, but I don’t see why this wont work. I would say it’s about time for you to start using 15+ character passwords if you haven’t already.

Merry Christmas!

 If you haven’t seen it yet, I posted about a Nerv-Labs Live DVD that included all kinds security distros in one bootable DVD. Which was also featured in Episode 0x415 of Hak5. Well, there were some things that it was kinda lacking, mainly Helix and Samurai.

• Backtrack 3
• Helix 2.0
• Samurai Linux
• DBAN
• DVL

DOWNLOAD IT HERE: http://thepiratebay.org/torrent/4527605/SUMO_Linux

Recently there has been a lot of people in my scope that have been wondering about what “hacker” or security related podcasts are out there. iTunes does a horrible job at categorizing anything past “Technology”. That is where Hacker Media.org comes in. Not only can you get the main feed of ALL the hacker/security related podcasts out there, you can get even deeper. Droops, the maintainer of said monster, makes it so you can pick and choose what kind of shows you want to see by having individualized feeds based on categories, and as shows come and go from those categories the feed changes with it. Like hardware hacking, phreaking, linux, or just a stubborn BSD junkie. The other thing is, each show might belong to multiple categories

Your search is over, check out http://www.hackermedia.org/ and drop one of the feeds into your pod cruncher of choice. Another awesome way to use this resource is dropping the feeds into Google Reader. Now you take the iPod out of the equation and you can keep up to date and play all of the shows you love directly from your browser.

EDIT: Switching something from “DRAFT” to “PUBLISH” is a really important step. Sorry guys.

Let me preface all of these tools with, the fact that some don’t come “portable”. To make them so, I have dropped the installer / setup file into Universal Extractor and then cleaned up the directory.

• PortSwigger’s Burp Suite - http://portswigger.net/suite/
  • This tool is essential to any web application security guru’s tool belt. If you haven’t used it already it is time to get schooled up on this wreaking ball.
• Network Miner - http://sourceforge.net/projects/networkminer/
  • Takes a live feed, or a pcap file and dumps files, frames, and runs p0f. It even allows you to do searches for keywords like “password”
• NZB-O-Matic Plus - http://www.bunnyhug.net/nomp/
  • I swear by this tool for downloading NZB files. Now other people us hellanzb on Linux. There is another one that was even more recommended for Linux but I can’t remember it at the moment. I’ll find it and post it to Mubix’s Links or if someone wants to comment on this post.
• Wootalyzer - http://www.wootalyzer.com/
  • Woot.com has one awesome deal each day that shows up like clock work at 1 AM EST, and always 5 dollars shipping. (Yes, even if it is a 60 inch plasma). And if you get as addicted to Woot as my family has, this application is a must.
• FastStone Capture - http://www.faststone.org/FSCaptureDetail.htm
  • Still hands down the best screen capture utility known to man. You can still find the Freeware version out there if you look around a bit. The built in editor, ruler and color picker just add to it’s awesomeness
• HFS (HTTP File Server) - http://www.rejetto.com/hfs/
  • Always at the top of my list, this tool has been my most valuable asset on my USB keys for a couple years now.
• Looking Glass - http://portal.erratasec.com/lg/
  • A tool by Errata Security, it’s designed for checking files on Vista to see which ‘advanced security’ features aren’t being used, such as ASLR, NX and unsafe functions (swprintf)
• MobaLiveCD - http://mobalivecd.mobatek.net/
  • Allows you to boot a LiveCD within your Windows environment using QEMU. Booting Back Track 3 works but the networking side is a bit flaky. Can’t wait to see where this project goes.
• Process Explorer - http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
  • If you haven’t switched out Task Manager with Process Explorer yet I think you have been living in a cave.... Well, get to it! In fact, put the whole Sysinternals Suite on your usb stick - http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
• GoPC - http://www.gopc.net/
  • I haven’t had to use this that much, but when I have it has come in really handy. Best way to describe it is a remote desktop that you don’t have to maintain. You can install the app on your USB stick and be ready to login at the drop of a hat. It uses port 22 to tunnel the connection automagically.
• sbd - http://www.cycom.se/dl/sbd
  • This awesome gem was the result of taking the Offensive Security 101 course. It’s a netcat clone that adds some nice encryption features to the mix as well as being less detected via VirusScans.
• SmartSniff - http://www.nirsoft.net/utils/smsniff.html
  • This tool is on the list along with all of the tools by nirsoft, because of it’s portability. I can fire up SmartSniff, look at the packets there, or dump them to a pcap file for inspection via WireShark or Network Miner later.
• -=Xploitz=- Master Password Collection - http://thepiratebay.org/torrent/4017231/-_Xploitz-_Master_Password_Collection
  • This is an awesome collection of password files, extract, combine, sort, uniq and you have about a gig worth of passwords to check against.
• Peer Guardian - http://phoenixlabs.org/pg2/
  • A must have for anyone torrenting files, legal or not. Plus the fact that you can make your own ACLs makes it an instant win. When I am in an airport I usually fire PG2 up with my ‘local’ ACL list and have it block everything but my gateway and DNS.
• Proxifier PE - http://www.proxifier.com/
  • One of the only tools that I would recommend spending money on. There really isn’t anything out there like it. You can instantly proxy any application you want, or all applications. Anyone up for some Hak5 LAN Parties, from work? Word of advice, bring headphones and don’t use voice chat.
• PS2DIS - http://www.geocities.com/SiliconValley/Station/8269/ps2dis/
  • Originally created for PlayStation 2 hacking, and yes, still hosted on GeoCities. It is a great way to start looking into HEX editing for free.
• Recuva - http://www.recuva.com/
  • I have used many different undelete programs and this is the one that made to to my main USB stick. Consistently found and was able to recover more deleted files than any other out there.
• WinShove - http://tombell.org.uk/blog/projects/8
  • Sweet little program by Tom Bell that takes away the painstaking annoyance of having to find the title bar to move a window around, by letting you use any part of the window.
• Universal Extractor - http://legroom.net/software/uniextract
  • Ever had a file that you couldn’t extract for one reason or another? Well this baby is the cure. It extracts almost everything, including most installers which leads to a lot of my installed apps becoming ‘portable’
• BareGrep and BareTail - http://www.baremetalsoft.com/
  • Grep and Tail for windows, free and portable. Need I say more?
• SIW - http://www.gtopala.com/
  • If you ever wanted to absolutely everything about the machine you are on, and be able to dump it to a file, the is the tool. But it doesn’t stop there. Check out the Tools menu option for the real hotness
• SoundCardPicker - http://www.phasequest.com/soundcardpicker.htm
  • This tool hasn’t been updated to even recognize the existence of XP, but it still works on XP. I don’t know about Vista. But I get real tired of going all the way into my sound settings and changing the Default Sound Card, every time I want an application to use a different one. This might be uniquely my problem, but then again, it may help some of you audiophiles out there.

Thats all for now folks. I will add more later as this is by far not a complete list and fix the USB Goodies page when I publish the torrent and updated list.

So there I was...

Today I was sitting at home watching Irongeek’s post of John Strand’s talk Defense In Depth is Dead, Long Live Defense In Depth. And I had one really evil thought:

Someone (such as Bob), could sit at an airport. We all do this it isn’t difficult. He could then turn on his laptop and connect it the airport wireless. Another task, difficult for some, but lets go with Bob being able to. Bob then, pulls out a Fon with Jasager on it. He then connects it to his newly started laptop running evilgrade. Bob’s setup for evilgrade installs and runs the USB Hacksaw payload. Now, every computer that is duped into connecting through Jasager automatically installs a payload that will copy and send all data from any inserted USB stick to... This post is already evil enough, so I will leave it up to you to figure it out. That is also why I haven’t included any in-post links.

For the cost of an airline ticket, Bob has possibly infected and/or circumvented your whole defense in depth strategy.

In closing. Don’t be like Bob. Bob is in jail.