Darren Kitchen

Digininja is right, since you're already in the middle it's just a matter of messing with the packets between jasager and your internet gateway. Mubix showed me a demo of an app the other day similar to airpwn in that it allows for writing filters and rules to futz with packets, but it was on an application basis, not an interface basis. I'm sure this exists, I just haven't gone looking for it yet. Will make a good segment when I figure it out. Depending on how complex it is it could be made into a jasager module. The example mubix showed me replaced all HTTP GET requests to HTTP GET /kitten.jpg so no matter where I browsed I was shown adorable kittens.

Yes it is and you can still submit your codes but winners have already been chosen.

I'd like to see Site Advisor benchmarked against common sense and a good bit of paranoia.

I'd pay twice that price for the 3.5" FDD along ;)

Not every other episode. And for a while there I was using BT3. But yes the AAO sports an Atheros wifi chip. The same one you'll find in the eee 701.

:)

tsgrinder or any other brute force won't help you. There are no user accounts associated with the telnet server so don't bother. Of course there is a user for the RDP server but it's not administrator and it's got a 50+ character password so unless you wanna come down to the hakhouse and MITM it you're barking up the wrong tree. Two people have already successfully submitted the codes from checkpoints 1-4. We've decided to give the first three winners awesome personalized hakpacks / Matt's DNA for nefarious cloning experiments. We shot the episode on Saturday night so you may have caught Shannon's helpful segment live. Otherwise the episode airs Tuesday night -- usually a little past 11:30 PM EST at revision3.com/hak5 (they put it online first and update the RSS feeds because bandwidth is cheaper overnight. I try to get it on hak5.org no later than noon on Wednesday)

Ooo, I should clarify -- you don't need to login. In fact, there isn't even a user account associated with that service so trying it pointless. Um. Not giving out hints here but if you get to checkpoint 1 it'll be apparent where to go next.

Just thought I'd create a thread about it so you don't miss it. I know you *always* download every episode the day it comes out but maybe you spilled fudge on your sneakers when you were watching and weren't paying attention when we announced our latest contest. Easter Egg Hunt for 511. If you remember the hunt in season 1 this is somewhat similar, except there isn't any URL guessing or videos to watch. There are four checkpoints. Each check point provides a verification code and a new clue. The first check point also provides a special URL from where you can submit your verification codes as you find them. I'm tracking the results from time to time and it's fun to see how far everyone has gotten. The first clue is this: RTT.HAK5.ORG In the episode I also said something to the effect of "Use what you've learned today and in past episodes to win the easter egg hunt". There's a pretty bad-ass prize waiting for the winner in addition to a deluxe personalized HakPack. Good luck and good hunting.

Nice find. I had my eye on those and the Meraki Mini http://meraki.com/products_services/hardware/indoor/ for a while but they hadn't dropped to a reasonable price. Another retailer that specialized in this Acton system-on-chip wireless board was Confero24 but their site seems to be down: http://www.confero24.com//down_for_maintenance.php It's a nice open alternative to the Fon. I'll have to get one for testing. It looks like it might be closer related to the 2202 (??). I forget the exact model but it's just like the 2100 but with a 7.5 v power supply. What's the voltage on that guy? Does it share the same DC power plug as the fon 2100?

This seems to be a reoccurring topic so I'll go ahead and post links to the resources you'll need to check out. The basic idea is that you can access redboot or a bash console from the serial port on the fon. The important bits to note here are that a RS-232 to TTL level converter is necessary. You can't simply plug a USB or serial cable into the fon -- the voltage difference will make for a pissed off pineapple. This adapter can come in board or cable form and can be easily hacked out of cell phone usb cables, build with simple electronics on a bread board, or purchased for under $10. The other important thing note here is that the Fon won't boot if the serial cable is plugged in. Just power on and plug the cable in a second or two later. Some good reads: http://www.digininja.org/fon_serial/ http://www.dd-wrt.com/wiki/index.php/LaFon...rial-Cable-Port http://microblog.routed.net/2007/02/14/how...evel-converter/ http://www.dd-wrt.com/phpBB2/viewtopic.php?p=63256#63256 http://www.google.com/products?q=serial+TT...r&scoring=p

Caption?

You could theoretically dump the log to an FTP. Interesting concept however it defeats the purpose of being passive. You'd have to assign Interceptor to the target network and FTP out -- likely setting off alarms on any IDS.

I think you're just hungry.

The show is released under a creative commons Non-Commercial, Share Alike, Attribution license. What that means is you're free to share it as long as you're not profiting off it. You can remix it as long as your derivative work is released under the same license, and you are required to attribute Hak5.org. That's all :) As far as our concern with numbers and all that jazz, basically we only get paid for an episode's first 4 week numbers. Yeah, I know, that kinda blows seeing as how the long tail works and all (50% views in 4 weeks, the rest over the course of months longer) -- but hey thats how the business works and I'm not complaining. I think torrents are really most effective when dealing with large files, such as season compilations like those hosted at TPB or kacomps. So in short, we do encourage 'em but we'd prefer not to see torrents of the episodes within the first 4 weeks of them airing.

Nothing to see here. Move along.

ZoomIt from sysinternals.

Interesting project. I tried something similar for the USB Chainsaw that was never released. My goal was to boot a computer from the CDFS partition on a U3 drive (It actually shows up as a CDROM in the BIOS so many older computers that don't support USB Booting would still be viable targets). The target PC would boot into a freedos shell, from which they would automatically mount the local drive (even if it was NTFS formatted, I had a freedos driver for NTFS read support). The Chainsaw would then copy the SAM to the USB partition. The next step was to pwdump it and run it against a set of rainbow tables on the drive. Basically Ophcrack USB Live before it existed. I gave up soon into the project when I couldn't get rcrack to work. I should have just released it as is. Anyway, there is something to be said about a USB device that you can boot off that will automatically (and hopefully invisibly) grab the sam. Also remember if you're on the target PC's HDD in your own OS you can replace the accessibility program with your own. There was a hack last year floating around this forum where, if you could replace the file (in use when windows boots) you could simply press WIN+U at the XP Welcome screen to launch your own payload, no need to login.

Nice. I need a few of those Revision3 stickers too... If only I had more room on my aspire one.

@lnxr0x that's awesome! @Seshan (and anyone else who has recently donated and wants temporary tattoos) Just email me and I'll have 'em your way in no time :)

I think they look even better with a specially crafted 2.75" x 2.75" white sticker with a kooky little pineapple. At least for the 2100's. We'll see what happens to the 2201 ;)

I carry all of these items http://www.flickr.com/photos/darrenkitchen/3275262763/ Canon Digital Rebel XSi Acer Aspire One Garmin Nuvi 270 Fon 2100 "Pineapple" Fon 2201 "Monkey" ALFA AWUS036H 9 dBi Antenna ES Moleskin Skilcraft pen USB A to USB mini B USB to Fon 2100 Power Fon 2201 Power Brick Misc. USB Switchblades/Hacksaws/Chainsaws/Knuckle Rings Dual USB A to USB mini B Cat 5

Thanks guys I really appreciate all the warm wishes here, on twitter, facebook and otherwise. Just to clarify once more today I celebrated my 26th birthday. I am finally the age I once said I was in 2005. You see, I didn't figure back then anyone would take a 22 year old seriously when I started the show. But alas I have caught up with my fictitious age and must from now on feel old. Hooray!

Dude the last episode of season 4, 426 -- Shmoocon 2009, airs on February 11th 2009. Otherwise known as my as my 26th birthday. For those who've been counting thats the age I said I was in season 1. I've finally caught up to my lied-about-age from 2005 (Ya know, because nobody would take a 22 year old seriously). And then the very next day, the 12th, is Chris' 26th birthday too. Ha! I'm a day older than him. w00t Hope you have a happy 21st. Tip one for Hak5 ;)

With every new season number comes the opportunity to compare it to the last. This constant can be expressed mathematically as ( n-1 > n ) Yet viewership, support, feedback, and most other quantifiable variables to the shows success are the complete inverse of the above formula. Still, the constant is expressed every so often, like this example: I personally like every season individually for what they are. Each has a unique and rich essence that's ever changing. I feel that my response is the most eloquent I can conjure and should be shared. To see the evolution in action go back and watch 4x01 vs. 4x25. Follow the series and you'll understand why we get comments like; More recently we've been getting comments like and And the fact of the matter is that after nearly 6 months laboring over the show's production with a new set, cast and network our endeavors have paid off. Production is pretty much in the can and has been for a while as apparent since the later part of this season. While there are still some odds and ends that would make things smoother (like a Mac Pro and Adobe Premiere, both of which we have on loan) but the bottom line is that production has become second nature. Our focus has been on quality content and since our first episode of 2009 it has really shown. As such episode 426 -- Shmoocon 2009 will be our last for season 4. February 18th marks the beginning of season 5. Along with a few minor production tweaks based on the valuable feedback from Revision3 VP of Programming and Production Ryan Vance and the feedback we've received from viewers about segments such as GPU accelerated MD5 cracking, Online Brute Force Attacks and Securing RDP, Using Ophcrack Live, Terminal Service Alternatives, PHP Tamagotchi, USB Device Tracking and pfSense we're absolutely thrilled about Season 5. Oh yeah, Evil Server is now taking questions (EvilServer@Hak5.org) and we're getting a monkey.