[Hak5 Darknet?]

Could be. I would try it, but for some reason I can't connect to Teredo.

[Hak5 Darknet?]

I just tried it on Darren's public IP (from the Meterpreter session) with no luck. 1337 is filtered there too. And I know it's still his IP because Untangle is listening on port 443.

[Bash Script Improvement]

I'd rather keep it in bash to keep it portable.

[Hak5 Darknet?]

Neither EEF5204D6A or RSS5204Q6N seem to be the network id. At least, if waste is listening on twitterphishr.com:1337 it doesn't seem to be THAT network id. But then again, I'm pretty sure I'm still missing something.

Haven't seen the latest episode yet. I'm excited to see how IPv6 and/or metasploit might tie in.

Wow, I didnt think of twitterphishr.

1337 is filtered on twitterphishr.com and on beta.hak6.org, and is closed on the other IP that hosts hak5.org and hak6.org

[Bash Script Improvement]

Hey all,

I'm trying to convert a Squid3 log to mimic my Netgear WGR614v8 on stock firmware. So far what I have is as follows. (It may have a typo, I retyped it here instead of copying from a different machine)

FILE=/var/log/squid3/access/log

exec 0<$FILE
while read line; do
    TIME=`echo $line | gawk '{ print strftime("%c", $1) }'`
    IP=`echo $line | awk '{ print $3 }'`
    DOMAIN=`echo $line | awk '{ print $7 }' | cut -d '/' -f 3 | sed 's/^www\.//'`
    echo [Site allowed: ${DOMAIN}] from source ${IP}, $TIME
done

Is there a more efficient way to do this?

[Hak5 Darknet?]

Maybe EEF5204D6A is the WASTE network ID?

[Hak5 Darknet?]

@38:33

104 116 116 112 58 47 47 119 119 119 46 103 111 111 103 108 101 46 99 111 109 47 115 101 97 114 99 104 63 113 61 119 97 115 116 101

That translates to http://www.google.com/search?q=waste

[Hak5 Darknet?]

The thing that makes me think EEF5204D6A isn't representative of a network address is that it's 5 bytes.

[I'm A Bit Confused...]

I thought the Hakhouse was sold because he couldn't bring it with him.

[Hak5 Darknet?]

Tried ROT13'ing WASTE and Darknet and trying it on hak5.org and a bunch of subdomains with no luck.

[Hak5 Darknet?]

That makes more sense then. ROT13 of EEF5204D6A is RRS5204Q6N. I wonder what significance that has.

[Hak5 Darknet?]

EEF5204D6A is RRS5204Q6A (ROT13).

Edit: Turns out the last letter isn't changed then. :S

[Hak5 Darknet?]

Clever thinking, but then why isn't the 5204Q6A shifted?

[New School Network Administrator]

Assuming the school disallows games on the school network:

If you can, subnet the network into computer rooms and block all the common gaming ports. Grab the core executables for all the common games at the school and deny them with group policy.

[What Should I Do With 3 Usb Microphones?]

Start a podcast?

[New School Network Administrator]

Can you redirect teachers profiles completely (including their desktop) to a shared network drive?

[[Version 1] Weird Characters After Sending]

You would need to modify the code that translates the characters into keycodes for the german keyboard layout.

[Hak5 Darknet?]

psychosis@helios:~] $ dig east.corp.hak5.org

; <<>> DiG 9.6.0-APPLE-P2 <<>> east.corp.hak5.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12803
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.zdnetasia.com.        IN    AAAA

;; ANSWER SECTION:
www.zdnetasia.com.    300    IN    CNAME    zdnetasia.com.

;; AUTHORITY SECTION:
zdnetasia.com.        300    IN    SOA    ns.cnet.com. hostmaster.cnet.com. 2010101400 21600 1800 2419200 300

;; Query time: 172 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Mon Oct 18 14:26:49 2010
;; MSG SIZE  rcvd: 104

[psychosis@helios:~] $

I wonder if some packets here had some fun adventures, I can't replicate that dig again

Ignore that, some guy was running a MITM on the Uni WiFi (probably through a rogue DHCP server), and some packets appear to have gotten lost. The 192.168.0.1 from that dig gave it away, it's usually a public IP.

[Hak5 Darknet?]

psychosis@helios:~] $ dig east.corp.hak5.org

; <<>> DiG 9.6.0-APPLE-P2 <<>> east.corp.hak5.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12803
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.zdnetasia.com.        IN    AAAA

;; ANSWER SECTION:
www.zdnetasia.com.    300    IN    CNAME    zdnetasia.com.

;; AUTHORITY SECTION:
zdnetasia.com.        300    IN    SOA    ns.cnet.com. hostmaster.cnet.com. 2010101400 21600 1800 2419200 300

;; Query time: 172 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Mon Oct 18 14:26:49 2010
;; MSG SIZE  rcvd: 104

[psychosis@helios:~] $

I wonder if some packets here had some fun adventures, I can't replicate that dig again

[Hak5 Darknet?]

Another hint to WASTE in the TXT record of darknet.hak6.org, although I personally couldn't get the zone transfer to work on my machine.

Edit: NVM, Darren secured it later in the episode.

[Hak5 Darknet?]

Looks like *.corp.hak5.org is using a different DNS server than *.hak5.org

[Changing File Headers]

When I need to do this, I just send whatever file it is in a password-protected archive with the filenames encrypted, and include the password in the email.

[Android Tablet]

The reason I want it is because I hate Apple products and was looking for an alternative to the Ipod Touch. Which I think this is a great one. It's basically a smart phone without the phone factor, but it does skype via android app.

Touch device + Desktop OS is just asking for trouble. It looks a bit big for an iPod alternative to me, and from what I've heard from 3 different Android users, the Android music player apps are utter garbage.

[Does This Site Have Pfh ?]

You can either reflash it, or check your default gateway settings (or nmap -sP) and try get in to it from the LAN side.

[Where This Weeks Episode?]

http://twitter.com/hak5darren/status/27577670412

http://twitter.com/hak5darren/status/27568689077