[802.11n Pkt Injection?]

I use a netgear wnda3100 with the ar9170usb driver. It supports monitor mode and packet injection. Tested using Ubuntu 10.04 and aircrack-ng/kismet. Plus it is dual-band wireless n with a max throughput of 300Mbps. $25 recertified at newegg. I would assume that it will work under bt, since it is a Ubuntu-based distro.

To get kismet working, edit the source to:

source=ath5k_ag,wlan1,wifi

Can anyone suggest a good, low-cost wireless-N card that will support injection.

My netbook's wireless card is an 802.11n card, but it has a RaLink chipset (rt3090), which supports neither monitor mode or injection, and the driver does not come with linux (well, ubuntu and BT4 at least).

Ideally, I am looking for something compact and light. I looked at the alfa's and they seem really bulky.

Cheers guys

[How do you plan an apps gui]

You should look into UML. This is a standard in not only creating your GUI, but designing your classes, functions, and sub procedures. UML includes many different types of diagrams including: Class diagrams, Component diagrams, Deployement diagrams, Object diagrams, and Package diagrams. I'm sure there are others, but basically UML is a structure and modeling standard that many application developers use. The elements include: actors, business processes, logical components, activities, programming language statments, and database schemas.

Modeling is very important, especially for larger applications where there are many developers and anaylists. It is also nice for smaller applications and for documentation purposes as well.

[Episode 5x24]

USB Image Tool

This is a pretty cool utility that is able to backup/restore USB devices in device mode, so that you can make backups/copies of your multiboot usb drive. You have to image your flash drive in device mode, or it will not make the backup bootable, and you will have to Grub it first. Here is the download site: http://www.alexpage.de/

HP USB Disk Storage Format Tool

This utility will format the USB drive in the FAT32 File System, so you don't have to use the Windows Disk Management Tool. Remember that PEtoUSB uses FAT16 and can only recognize partitions < 2 GB. I would just recommend making the drive FAT32 right away. This does the same exact thing as the Windows Disk Management Tool though. Here is the download site: HP USB Disk Storage Format Tool

Though I would share

[Episode 5x19]

That is not correct, ESXi will support 2 procs at X number of cores. It is running it on my desktop as we speak. 2 procs and all.

Here is what mine says from the config tab under the Licensed Features:

Product: ESXi 4 Single Server Licensed for 1 physical CPUs (1-6 cores per CPU)

License Key: xxxxx-xxxxx-xxxxx-xxxxx-xxxxx

Expires: Never

Product Features:

Up to 256 GB of memory

Up to 4-way virtual SMP

I have a 3 licenses and all of them are the same. It doesn't seem to matter what number I put in the "On how many CPU's do you plan to install ESXi?" textbox when registering for the license. I only get a one CPU license. What version of ESXi are you running?

[Episode 5x21]

Let us know how it works on your machine. Mine is higher than the recommended specs but I still had a few glitches with some widgets.

Here is the PlayXpert hardware analysis results for my system:

Processor - Intel® Core2 Quad CPU Q6600 @ 2.4GHz - 5.0 of 5.0

Memory (RAM) - Total physical memory: 8192MB - 5.0 of 5.0

Graphics Card - Nvidia Gefore 8800 gts - 640 MB Dedicated Video Memory, 320 bit - 4.8 of 5.0

Primary Hard Drive - 10K WD Raptor - 5.0 of 5.0

System Base Score - 4.8 of 5.0

My system is 64 bit, so I cannot get the widgets to overlay. I got it installed ok, it just won't overlay in game. Everything else worked as expected. Have to wait for a 64 bit version. I did download the sdk and am thinking about writing some type of widget for it. Maybe a services widget or a system reboot widget or something.

[Episode 5x21]

There is a lot of talk about encryption software eventually storing their decryption key in the CPU cache, instead of DRAM. The security benefit of using CPU cache as memory is that it is not vulnerable to cold-boot attacks because the CPU cache is always reset by the CPU during the initialization phase. Moving all cryptographic material from RAM to the CPU cache would therefore render cold-boot attacks ineffective against software-implemented full-disk encryption.

However, there is one major drawback to using the CPU cache as secure memory: it severely degrades the system performance. Solving the performance issue is thus a crucial aspect of the proof-of-concept implementation which is currently being worked on.

Hard Drive manufacturers are also coming out with built-in hardware encryption in the very near future.

Even though you may not be able to get the decryption key using the cold boot attack, you may be able to find other useful information from the ram dump.

[Episode 5x21]

Thing is, a bios capable of system guarded passwords prevents you from even booting until you've entered it. So if you can boot from your little boot cd to clear the cmos than you could boot up the tool to dump the ram. Otherwise, the only way around it is taking the computer apart to reset at the CMOS or PWD jumpers or removing the CMOS battery. By the time you've done all that it would take too much time to acquire without stealing the system.

Have you looked inside a BIOS of a Dell computer? It allows you two different passwords. One being admin to prevent tampering of BIOS settings and the other system. With the system password set, the splash screen appears, but you won't be able to enter the BIOS or boot from a device until the system password has been entered (unless the user set it up to bypass prompting for the password on reboot).

Sorry, I did know the of system password. Most bios manufacturers have this option. In my opinion, Bios passwords are worthless, especially since they don't even need to be cracked. In all my years with working with computers, I don't think that I have seen a business or personal computer have a bios password set. Network Admins usually don't mess with it and normal users don't even know what a bios is.

Anyway, both of these passwords are set in the BIOS and can be easily cleared within a matter of minutes by clearing the CMOS. More than likely if you are going to dump the info off to a flash disk, you will need a few minutes, depending how much data is in ram. If you have a Bios/System password set, resetting the BIOS password and resetting the bios info should take under 5 minutes (maybe longer for a laptop) and dumping the info off to a flash drive should take about 3 minutes per 4 Gigs of data at 25 MB/s (Average Flash disk transfer rate is between 20-30 MB/s). So you should be able to do this whole process under 10 minutes.

The only downfall to this is you reset the bios/system password and now the system is compromised and you don't even have the decryption key yet. Basically if you have the memory dump and leave, you may not gain access to the system again because they may have changed decryption password. In this scenario, you probably are better off just taking the damn computer (Which is basically what you said in your first post). However the cold boot attack works great with minimal footprint when no system password is set. If you have 8 Gigs of ram, it should theoretically take you 6 minutes (If the memory is completely full) to dump the goods to the flash drive.

[Episode 5x21]

My laptop won't even let you get to a boot screen, let alone the bios prompt without a password. You can't boot off usb or cd without the password either, so the only method at that point is to freeze, and then remove my memory to put it into another machine. Chances are, someone would steal the whole laptop before ever getting a memory dump of anything. While these attacks show proof of concept, I think in the real world, someone would just take the whole computer vs trying to just get the key, becuase what good is a key to take home with you when you no longer have the machine to use it on? You need to get both the key out of ram + steal the damn thing to get at that encrypted data, so either way, you would need to steal the whole computer, not just the memory. I'm more worried about someone walking off with my laptop than them having passwords to an encrypted drive or files.

Still, the idea of an easter egg hunt from sifting through some memory dumps would be both a learning experience and fun at the same time. I'm curious what could be found or if anyone could even find the hidden easter eggs in the dump.

What laptop do you have if I may ask? I do not know of any system that asks for for a decryption or system password before the bios screen appears. And if that is the case, I don't think that there is a workaround to dump the memory and is the most secure.

[Episode 5x21]

Great episode. I look forward to trying out PlayXPert. Even though I don't play many games, I will come in handy when I do.

[Episode 5x21]

Password or no password, F12 still applies unless you either:

a.) Set a system password that must be entered to even use the system as in the case of digips laptop

b.) Disable F12 in the BIOS and change the boot sequence with a password on the BIOS

If the attacker wants to take your RAM the password for your BIOS/System won't matter or if they're smart take the whole system.

As far as I know there's no scrubbing utilities at the BIOS level anyway. It would take longer to shut down your computer anyway so that would be a drawback to it.

Great episode guys :)

There are numerous bios cracking utilities that can be used to get around system passwords, and you can always clear the CMOS to default the bios. Here is a tutorial to clear the CMOS and get around bios passwords: How to get around the BIOS password.

My favorite tool is Hirens boot cd, which can do a lot of nifty things with the BIOS/CMOS. You can do some cracking/dumping/backup/restore/recovery and many other things.

But like you said, if you take out the RAM, you don't have to fool around with the current system. The only drawback to that is they don't have ram now and will possibly use a different TC password, since their system has been compromised. Also if you take their system, their new system/systems will likely have a different TC password as well (At least mine would).

A good hacker should always cover their footprints, so the optimal solution would be to dump the info off and analyze it later and somewhere else. The only footprint would be that their system would be restarted. Not too suspicious. The goal would be to retrieve the TC password to gain access to the computer without their knowledge. Once you have this information, you can keep getting into their system whenever you want.

[Episode 5x19]

@MrAlvin:

Well, i generally consider that list quite b*llsh*tty, as ESXi practically runs on everything you throw at it. I have it running at home on a simple Intel C2Q Q6600 on a Intel Q35 chipset. The only problem ESXi could have, is the storage drivers/network drivers. Just stick to 4-way 3ware controllers for your RAID needs, or generally any Intel chipset if you don't need RAID. For the network just use a 1GBit (onboard/PCI) Broadcom chip or a 1GBit Intel chip, works like a charm.

I haven't taken the trouble of figuring out what is officially supported and what is not, i'm sure something in my servers is not officially supported, but it works and it works reliably and that's what matters.

ESXi 3.5 was a bit more particular. I tried installing on a few machines and they all had different hardware incompatibilities. ESXi 4.0 made a lot of hardware compatibility enhancements. I was able to install 4.0 on the same machines that would not run 3.5 successfully. If you cannot get your hardware to work, look in the compatibility forums. There are many people that post their workaround to get it to work particular systems.

[Episode 5x19]

Ok here goes my ESXi build. Thank it easy on the newb :)

OK for fun I priced this out...8Cores, 16GB RAM, 3Ware RAID, 4TB.....GRAND TOTAL: 1694.82

Intel Core 2 Quad Q8200 2.33GHz 4MB L2 Cache LGA 775 95W Quad-Core Processor - Retail

http://www.newegg.com/Product/Product.aspx...N82E16819115055

X2 159.00...318.00

pqi TURBO 4GB (2 x 2GB) 240-Pin DDR2 SDRAM DDR2 533 (PC2 4200) Dual Channel Kit Desktop Memory Model PQI24200-4GDB

http://www.newegg.com/Product/Product.aspx...N82E16820141241

X4 46.99....187.96

HITACHI 0A38016 1TB 7200 RPM 16MB Cache SATA 3.0Gb/s 3.5" Internal Hard Drive - OEM

http://www.newegg.com/Product/Product.aspx...N82E16822145233

X4 79.99...319.96

3ware 9650SE-4LPML PCI Express Lanes: 4 SATA II Controller Card RAID Levels 0, 1, 5, 10, Single Disk, JBOD, KIT - Retail.... ALSO comes w/4GB flash FREE

http://www.newegg.com/Product/Product.aspx...N82E16816116042

339.00

Dell Precision 490 Workstation 2x XEON 5130 DUAL CORE... you can toss the 2 dual core's or keep them that will reduce the total cost 318.00, but you will have only 4cores.

http://cgi.ebay.com/Dell-Precision-490-Wor...93%3A1|294%3A50

529.90

GRAND TOTAL: 1694.82

ESXi only supports 1 physical CPU up to 6 cores I believe, so you would have to purchase an ESX license for your server build.

[Episode 5x20]

When I tried it on Domain PCs, I got a corrupted C:\Windows\System32\config\system error. Did you do anything special?

Then I'm screwed, and you're cruel.

Good.

1) There is no problem in creating a believable password. Even the sample password r!d!cu10u5 from an old episode is believable.

2) You could just put stuff in there which is sus that you wouldn't want anyone to find. When I used to keep a TC volume, I would put personal data in the hidden volume, and a couple of keygens and password-cracking utilities in there. I have never seen truecrypt warn about damaging the inner volume when mounting the outer one, apart from when you initially create the volume.

3) Back when I kept a TC volume, I had a completely dummy TC volume as well, just in case they knew about this and suspected I had a hidden volume.

I did not do anything special. To login to a domain computer, you have to be disconnected from the network, because KonBoot doesn't bypass LDAP authentication. I entered a valid network username and set the domain to the correct domain. You could encrypt the drive using TC while logged into the network computer offline. This is yet another reason to encrypt your drive in any environment.

[Episode 5x20]

Great show guys, Even though TC has been around for awhile. It is great to show off, because TC is truly an awesome piece of software. I would also like to note that you can encrypt the whole drive on OS install using the alternate Ubuntu installer. You can download the alternate here: Ubuntu Alternate Installer

KonBoot works great on any local account in the SAM Database. This is very useful when working on computers and the owner did not give you their password. I have also used Active Password Changer, which is a SAM Database modification program. It can be loaded using Hirens Boot CD (Awesome Boot CD).

I did some KonBoot testing within a Windows domain environment and thought I would share my results. Even if you know a domain username or not, you cannot login to the domain while you are connected to the network. This is because it uses LDAP authentication, instead of the bypassing the Local SAM Database (KonBoot does this by rewriting the kernal). If you disconnect from the network, enter a domain username, choose the domain, the system will allow you to login without supplying the password credential. However, once you connect to the network again, you are not able to perform any network tasks, until you supply valid domain credentials. I was able to login using the Domain Admin account locally though.

Hint: If you do not know a local admin user account, you can go into the SAM Database and retrieve it.

[Episode 5x19]

Careful with the nforce 3600 chipset. There have been issues with it not supporting the Shanghai processor. However, it seems that supermicro got it right. Asus's, however, has not and might not ever support the Shanghai chip.

Also, onboard RAID?

I would have gone with almost the same exact setup though. Heh... to bad for me :)

They support the CPU's now with the newest bios.

[Episode 5x19]

Enterprise ESXi configurations should be a well thought out, with equipment that meets the budget ($2k in our case.)

P.S. I'm getting a headache looking at your avatar 3Tek :) JK

[Episode 5x19]

There are 3 configurations here: A white box ESX server, a white box ESXi server, and an entry level SAN. Here are my white box servers < $2000. The entry level SAN is not less than $2000, but it is 6 times cheaper than an Equalogic SAN and with more total space.

ESXi Server

ASUS P5Q Premium LGA 775 Intel P45 ATX Intel Motherboard – Retail - $169.99

Note: 16GB DDR2 1200, 10x SATA 3Gb/s, Quad 10/100/1000 Mbps Nic (Quad Port is Great for Virtualization)

Intel Core 2 Quad Q9550 Yorkfield 2.83GHz 12MB L2 Cache LGA 775 95W Quad-Core Processor – Retail - $219.99

Note: Quad Core, Great Speed, Great Cache Size

SUPERMICRO CSE-833T-650B Black 3U Rackmount Server Case 650W Redundant Cooling, High Efficiency Power Supply 2 External 5.25" Drive Bays – Retail - $379.99

Note: 8 Hot Swappable HDD’s (Supermicro Rocks)

G.SKILL 4GB (2 x 2GB) 240-Pin DDR2 SDRAM DDR2 800 (PC2 6400) Dual Channel Kit Desktop Memory Model F2-6400CL5D-4GBPQ – Retail - $46.99 x2

Note: This memory rocks and fills up the board with a total of 8 GB’s

Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM 32MB Cache SATA 3.0Gb/s 3.5" Internal Hard Drive – OEM - $89.99 x 8

Note: 8 SATA drives fills up the hot-swappable bays.

areca ARC-1210 PCI-Express x8 SATA II Controller Card RAID 0/1/1E/3/5 JBOD - Retail - $299.99

Note: Great Raid Card but manufacturer is not well known. Total array size = 7 TB

ASUS EAH3450 SILENT/DI/512MD2 Radeon HD 3450 512MB 64-bit GDDR2 PCI Express 2.0 x16 HDCP Ready Low Profile Ready Video Card - Retail - $20.99

Note: HDMI and HDCP ready

LITE-ON Black 52X CD-R 32X CD-RW 52X CD-ROM ATAPI/E-IDE CD Burner – OEM - $16.99

Note: Nothing special here

$1921.84

Final Note: Quad 1Gb/s Nic, 8 GB memory, Quad Core with 12 MB L2 Cache, 8 Hot-Swappable drives in a Raid 5 configuration with 6.5 TB usable disk space. Great setup for ESXi server (Since license can only have one CPU – Up to 6 Cores). I would utilize the server datastore to install VM’s.

ESX Server - license not included

First off I would like to say that a server should have redundant nics and power supplies.

Athena Power RM-4U4064XR4 Black 4U Rackmount Server Case 400W Redundant 6 External 5.25" Drive Bays – Retail - $306.99

Note: redundant power supplies and able to install 2 AMS DS-3151SSBK Backplane Moduels, which provides 10 hot-swappable SATA bays.

AMS DS-3151SSBK Aluminum 3.5" Black SATA SATA Backplane Module - Retail - $124.99

Note: The Athena case will accept 2 of these modules for a total of 10 SATA HDD’s, would need to purchase an additional SATA controller, or a SATA Raid Controller

SUPERMICRO MBD-H8DME-2-O Dual 1207(F) NVIDIA nForce Professional 3600 Extended ATX Dual AMD Opteron Server Motherboard - Retail - $369.99

Note: going to use onboard Dual NICs, SATA controller and RAID. Easy to upgrade later. 128GB max memory, 2 PCI-E 8x, 4 PCI-X

AMD Shanghai 2.4GHz Socket F Quad-Core Server Processor – Retail - $189.99 x2

Seagate Barracuda 7200.12 ST31000528AS 1TB 7200 RPM 32MB Cache SATA 3.0Gb/s 3.5" Internal Hard Drive – OEM - $89.99 x5

Note: HDD’s fill up the backplane module, which are all hot-swappable. RAID5 total array size = 4TB

Crucial 8GB (2 x 4GB) 240-Pin DDR2 FB-DIMM ECC Fully Buffered DDR2 800 (PC2 6400) Dual Channel Kit Server Memory Model CT2KIT51272AF80E – Retail - $164.99 x 2

Note: 16 GB configuration, 12 Slots Open, upgradable to 128 GB

Total = $1,961.88

Final Note: Motherboard has a lot of room for expansion (128 GB Memory, another 5 disk SATA backplane module, PCI-E, PCI-X, both great for RAID Cards. Can also add 4 additional HDD’s using the internal 3.5” bays. Using a USB CD-Rom to install OS. Intended for ESX Server, since this has 2 Physical CPU’s. Case is a 4U with redundant 400W power supplies.

Entry-Level SAN

PROMISE VTM610I RAID Sub-Systems – Retail - $4369.99

Note: Great customer support, RAID 50 compliant, 32 Lun Support, dual 400W power supply, 16 hot-swappable hdd’s. Not as scalable as EMC, Equalogic, or NetApp. Equalogic is the cheapest of the 3 manufactures listed and lowest cost is around $40,000 for the SAN.

Seagate Barracuda 7200.11 ST31500341AS 1.5TB 7200 RPM 32MB Cache SATA 3.0Gb/s 3.5" Internal Hard Drive (bare drive) - OEM - $129.99 x 16 = $2079.84

Note: 21 TB total available free space in a RAID 50 configuration.

Total SAN: $6,449.83

Final Note: 21 TB iSCSI SAN for $6,449.83. Just Awesome.