Jason Cooper

Quite high, but then it is for any email address :)

Given that they have all the hashes the chances that they will break a few of the passwords, even though they have a salt, is quite high. Better to change your password rather than run the risk that yours isn't broken. More importantly though it sounds like they owned the whole machine for a time. They could have been logging all the traffic and they will have the SSL keys for the server which they can use to can decrypt all the https entries they have logged for the site, which will contain a lot of passwords being sent in plaintext. It is a theoretical attack but can't be ruled out, so assume they have the password you used on this site.

I have been working on a memory dumper like the tool from Princeton demo'd on hak5 the other episode and I have reached the stage where I need others to help me test it. You can download the source from http://www.heckrothindustries.co.uk/downlo...memDump.tar.bz2. Selling points is that it seems to be quite fast at the minute and very small (it just consists of a bootblock). To compile you need fasm and gcc. Let me know how you get on with it and if you find any bugs or fix any then please let me know (As this sort of thing is quite difficult to test).

Just out of interest what is the IDE that you are using?

Doesn't the ftp protocol have multiple streams (one for the commands, i.e. port 21 and then another for the data). If you run a ssh tunnel for port 21 you would only be encrypting the commands and not the data being returned. You could run ssh as socks proxy and as long as your ide's ftp client supports socks proxies and your ftp server supports passive mode then you should be fine.

A while ago I had to fix someones laptop that was doing a similar thing, turned out that they had set their firewall to block the ports for DHCP (67). So something else to check.

As always in perl it is worth reading the documentation of the functions you are using the previous code will work fine but this is probably more efficient #!/usr/bin/perl use strict; use Socket; if($#ARGV<0) { die "usage: lookupHosts <HostFile>\n"} open FILE,"<$ARGV[0]" or die "unable to open: $ARGV[0]\n"; while(my $line=<FILE>) { $line=~s/[\s\r\n]*$//; print "$line\t". hostname($line) ."\n"; } sub hostname { my ($host)=@_; my $packed_ip = gethostbyname($host); my $ip_address; if ($packed_ip) {$ip_address = inet_ntoa($packed_ip)} return($ip_address); }

Here is some of my code merged with some I found on the internet to form a perl script to do the hostname lookups for you. #!/usr/bin/perl use strict; use Socket; if($#ARGV<0) { die "usage: lookupHosts <HostFile>\n"} open FILE,"<$ARGV[0]" or die "unable to open: $ARGV[0]\n"; while(my $line=<FILE>) { $line=~s/[\s\r\n]*$//; print "$line\t". hostname($line) ."\n"; } sub hostname { my (@bytes, @octets, $packedaddr, $raw_addr, $host_name, $ip ); if($_[0] =~ /[a-zA-Z]/g) { $raw_addr = (gethostbyname($_[0]))[4]; @octets = unpack("C4", $raw_addr); $host_name = join(".", @octets); } else { @bytes = split(/\./, $_[0]); $packedaddr = pack("C4",@bytes); $host_name = (gethostbyaddr($packedaddr, 2))[0]; } return($host_name); }

If your DNS is slow because of conficker then that explains why your script is taking so long to run as everything will be accessing the DNS to convert the domain name to an IP address. Perhaps look at using an alternative DNS to speed things up

use nslookup instead of ping as this will just resolve the ip address rather than trying to ping it.

Have you considered the ethernet over powerline option, or connecting your computer wirelessly to the router?

Try learning linux in a virtual machine initially (virtualbox should do the job well enough), that way you don't have to worry about messing up your existing OS and set up and you can try a number of distros before deciding which one you found the most intuitive for you. Also Kubuntu wasn't a mistake as you now understand the importance of backing your data up :) A good lesson to learn before you get to the night before you are due to hand in your coursework only to find that the drive it was on has died.

That's what I get as well. I assume they have taken the egg server down now the competition is over.

There is many ports of OpenSSH for windows but most of the ones I have found use cygwin (sshwindows uses a minimal cygwin set up but still uses cygwin). If you want to avoid cygwin completely then check out FreeSSHd.

Do you fit any physical security to the cases? A few years ago we had some lab machines that wouldn't work when the physical security was fitted because the screw that fitted it was slightly longer than the one it replaced and it was shorting something out in the case. I assume that you have checked that all the cards and connectors are fitted tightly (loose connections can be a pain as they work loose while you are moving the machine out to the lab but then sometimes they work their way back in enough to work as you move the machines back into your office for testing.)

I have installed debian on my eee pc and just starting to look at using Airbase-ng with it which should do the same as the fon. When I have chance to test it I will write up a quick post about it about how it went. I have seen some other posts about this sort of thing so it would be an idea to search this forum for them as they contain useful information.

Thanks, I will watch these on tube unless someone knows where I can download an xvid version so I could keep it with my other Hak5 Episodes.

I have been downloading the back episodes that I haven't seen and I have found that the links to season 1 episodes 1 to 5 don't work. Does anyone know of any active mirrors of these episodes?

Interestingly my parents use the phrase "hacked up" to refer to something that someone has made a mess of rather than created. It really can be confusing because they will say that so and so hacked up their spreadsheet, which makes me think that it has been created for them when in fact they mean it has been destroyed and needs to be restored from backups. Just goes to show how the language is evolving.

As beakmyn said it's not easy to do with netstumbler, kismet is better. You could also use a directional antenna with kismet and then try and triangulate the approximate location of the machine you are interested in. Simply stand in one location and point the antenna in one direction and note the direction and the signal strength, rotate the antenna by a little and record the direction and signal strength again. Repeat this until the antenna is pointing in its original direction again. Repeat this process at another location. Get a map of the location and using the signal strengths round the two locations you can narrow down the area that you will want to look in. Triangulation of signals is quite difficult to do in a built up environment as you will get interference from buildings and other obstacles (Sometimes they block the signal and other times they reflect it). Also you will need to know your antenna as well because most directional antennas have odd radiation patterns so the strong signal doesn't necesarily mean that you are point your antenna directly at it. So make sure you map the radiation pattern of your directional antenna before trying this, as it will help you interpret the information that you collect.

Good point, there is nothing stopping us using chains of acess points so that we don't have to connect from the same location, one chain heads up the street the other down, another heads somewhere else. Using directional antennas you could get a good distance without needing too many access points.

If we are setting up the pineapple as a permenant fixture then we would be running the risk of it being discovered without us knowing. What we would need is some way of checking if the pineapple had been disturbed while we were away (perhaps something that when it is disturbed cuts it power so we can check it's uptime as soon as we connect and drop the connection if it is not what we expect). Of course if the pineapple is running on batteries then we would also need to be able to retrieve it to replace them which would put us in danger if they have already located the pineapple.

Well they would have our encrypted packets so they would know where we had been going but not who as or with what passwords, and if we tunneled our connections through tor or something similar then they wouldn't even know where we had been going.

In my experience this isn't the case, they are usually heavier, slower, less disk space and poorer screens, but the cheap notebooks I have had in the past have survived my lugging them about and abusing them. Also the technology in them is usually older so problems in the manufacturing processes have been ironed out and the quality of the individual components is reasonable. It all depends on what you require, if you just want something to browse the web on that you can stick in a draw when not using it then a cheap notebook is more than up to the job, if you want a notebook that has a good large screen that is light to carry about then you will have to look to the more expensive notebooks.

One stomped pineapple is far better than getting into a fight myself. :)