whitehat

So, is anyone going to do anything about this or are we just going to keep taking it up the ***?

OK, which Hak 5 fan is in a black EFF t-shirt @ the Hacker Dojo right now? I just saw you there, whoever you are. Small world.

OK, I absolutely love my hak5 shop antennas. I have all of them; in fact I have two of the bigger Yagi's that used to be in stock. However, I want to step it up a notch. I want the absolute strongest antenna I can buy (under $100) for my car and/or to put outside my window in my apartment. A lot of you hak5 ninjas probably understand the physics / engineering of the situation a lot better than I do. I know I want to maximize the gain (dbi). I've been looking on ebay and I see one that claims to be 48dbi* and then over at Radio Labs I see a nice looking grid antenna that "only" claims to be 23dbi**, but I feel more confident in their honesty. Do you guys remember the mini "satellite dish" style antenna that hak5 used to carry? Some people advertise that as 48dbi on eBay. Total BS. Any thoughts? Should I just find the physically largest antenna that I can wire into the Alfa adapter? Is power an issue? This is making my head hurt LOL I don't suppose I could just use the actual car radio antenna if I find some want to convert its connector type and plug it into a wireless network adapter like the Alpha or a MiFi device? One final complication --> I also ordered an 802.11ac router and adapter by Netgear (the Asus kind is better, I know, but it was too expensive). * http://www.ebay.com/itm/High-Power-Signal-King-2000mW-48DBI-USB-Wireless-Adaptor-SignalKing-999WN-Wifi-/261209311001?pt=Other_Tablet_eReader_Accessories&hash=item3cd149c719 ** http://www.radiolabs.com/products/antennas/2.4gig/2.4grid.php

I'm not gonna tell you that google is your friend ;) but without knowing what katana is i just googled it and it brought up a thread from this forum on BT5 + Katana But you know that Kali is the newer version/replacement for BackTrack, right? So you should try to install Kali.

I wonder where they got that figure tho? I may have missed the detail, but I know that Sun said Mitnick caused them 10's of millions of $ of lost $ just by looking at the source code for Solaris then a couple of years later their company economists decided that it was a more profitable move for them to make it open source. If I were that guy I would've hired an economist to do a study and testify on the real damage caused, which could be a much much smaller #. I totally agree with you tho about the $ versus the prison time. Prison time for hacking is total f-ing BS but if faced with the choice then I agree -- I'd always prefer to pay any amount of $ rather than doing time.

OK, I think I answered my own question with a little more research. The Fonera 2.0N is a "WIP" for dd-wrt. I can get some 600mbps routers for less money though. It can't be used as a router level VPN out of the box to my knowledge but once dd-wrt is working then it should be no problem, of course. My only concern is that someone is going to abuse the hotspot and get me in trouble. Yes, I'm sure the terms of service and/or any lawyer could exonerate me, but I don't think I'd want to go thru the steps that happen before I have the chance to exonerate myself. So that's my main concern with the Fon, but d*mn, it's just such an awesome router and the idea is brilliant IMHO. I guess the 300mbps limitation will be a dealbreaker tho. Now that I know I can get 2x the speed for less money I can't bring myself to buy it.

ditto. also which network adapter do you mean? wlan1 just an arbitrary designation from your OS. the default is wlan0, but since you have another internal adapter it's wlan1. if you took it out and put it in another port it would be wlan2

w00t!! newbi3 in da house. over 9k internets to you, sir

OpenStack (http://openstack.org/ ) seems to be the hot topic among the older IT wizards at my work. Idk much about it, but I wanna start experimenting. Apparently to get started with OpenStack you're supposed to either hook up with a participating public cloud, which it says is easy, or download their developer version. I downloaded the Dev version but haven't played with it b/c you usually have to learn to walk before you run and I barely even understand what this technology is about, except very generally. I guess it helps you manage a cloud and create new nodes, but that's the extent of my knowledge. I checked out the public cloud thingies they mentioned, but they seemed to fall into three categories Paid ones Ones that are in beta but when I signed up didn't actually give me a beta copy of anything, just an email saying "thanks, we'll let you know when it's time" Ones that are in French and who I'm not sure if I wanna sink too much time into because the translation of their support pages with Google Translate was not very good and so, I'm just kind of dazed and confused right now. Is anyone here into this? Has anyone gotten further with it than I have? How does Puppet Enterprise figure into all of this? Is OpenStack a competitor/alternative to Puppet, or could they be used together? What about Hadoop and MPI? If you know the answer to any of this then I think you're a genius and I highly, highly respect you.

that is a lot for hacking! Kevin Mitnick got 5 years which was one of the harshest sentences ever and that involved: years and years of more hacking getting not only tons of source code, but also hacking the cell phone system and traditional phone systems so many times that it's impossible for anyone to count even him laundering faxes running from the Feds for a long time, then lying to them when they came for him hacking (more) cops/feds etc if I were the judge I would've given Kevin 18 months and would've only really had him serve 6 months of it and I would give this LulzSec guy 8 months, but let him get have it be a suspended sentence if he uses his skills to help out the government in fighting terrorism / foreign military hackers or just have him go around to schools and teach kids to hack without being black hats. The British have been handing out suspended sentences to their LulzSec hackers, why does the American government have to be so lame? Way to discourage the younger generation from staying 1337, Uncle Sam. Keep it up and we'll have a nice law abiding generation of lamers who get us pwned by China's digital Red Army. I'm already learning Mandarin to get ready.

Hi Guys, One of the many things I've learned from the hak5 community is that Fon's are pretty awesome, as is dd-wrt. It's time for me to get a new router because my ancient refurbished TimeCapsule doesn't do a router level VPN and I'm retiring my last Macbook which means I won't have a computer that's compatible with the Airport Utility (it doesn't play well with Linux and I reject Windows). Btw if anyone really wants my TimeCapsule and has something to trade then you can PM me. I'm not as savvy with this type of stuff as a lot of you guys are tho, so I wanted to check that I won't be disappointed if I go with the $79.99 Fonera 2.0. I would get the NetGear R6300 based on speed, but the price is too high. This $80 is the most I can spend and if the router isn't a Fon then let's say my max price is $50 (b/c the Fon can earn $ for you). Would someone kindly tell me if I'd be correct to think that the Fon 2.0n will be the most 1337 in my price range and will cover me on the following criteria (?): dd-wrt compatible --> I know the older version is... http://www.dd-wrt.com/wiki/index.php/LaFonera_%28en%29#Flashing_of_a_LaFonera and would i be able to use it without losing the Fon's capability of selling your WiFi? can be used for a router-level VPN is something I can show to other hackers/nerds/IT/CS-folks with pride is fast as possible in my price rangeit's 300mbs for 802.1 n i know that 802.1 ac has started coming out, but i think those are all $164+ used on eBay and $219+ new Thank you very much!

I think it's brilliant (!) and hope you include sufficient support for some Pi-like poor man alternatives (I know Pi is supposed to be cheap, but when you see it in stock for a cheap price lemme know...) also maybe an irc-commanded or behind/thru-firewall remix would be awesome

DigiP: Both of my bosses really liked an event logger I found through Planet Open Source. I let them know how I found it (without being specific about which forum). I owe you! telot: Right on, thanks for the encouragement --> I will try to come back in a couple weeks with an opensauce 'terpreter script then :)

Thanks. I think I tried that pretty much exactly yesterday though and it didn't work for me. The problem is that while my firewall will allow the SSH tunnel itself it will NOT allow browser traffic going over the connection. I'm not precisely sure how that's possible, but I believe it's because normally I put the corporate proxy in PuTTY where we are specifying the dynamic proxy, then I connect to SSH with my settings in "Session" (within PuTTY). But if I specify a dynamic proxy instead of the corporate proxy in PuTTY it apparently still lets me SSH but putting my own proxy into Chrome just gives me that error above. Maybe I'm getting confused. I can add censored screenshots to this later. I think I may have had an idea though. In order to get a curl command past the firewall I had to apply the corporate proxy to the command shell using Ruby. Maybe I can use Ruby to do the same thing with Chrome and then do everything else the way you and Darren said to do it... maybe im just confused tho idk

Darren made at least one segment about firewall avoidance. Basically he set up a dyanmic SOCKS5 proxy and then put the proxy in the browser, or at least that was my take away. Using putty on a Windows host what do you do if you specify a dynamic proxy on port 111222 (or whatever port), connect via SSH as root with no problem, but get this error: Error 130 (net::ERR_PROXY_CONNECTION_FAILED): Proxy servre connection failed ? Normally this network is such that you're on a local LAN that has no internet access. You have to connect to a special organizational proxy to reach the internet (and that proxy is the one with the offensive firewall). I assume that this is the problem (?). Any ideas? Thanks in advance

aaaaaaaaaaah ha! That's hella useful information, thank you. That was just what I needed to hear. If anyone knows a metasploit way for fun and for the dual purpose of learning metasploit then please lemme know. For now though I'm going to pursue doing it your way. Moreover, that website in general just looks like an amazing resource and you're right -- there seems to be lots of relevant info there. I'm tempted to say that I will provide the source if I'm successful, but I suppose I can't in this case. Maybe I'll make a separate open-source version afterwards if I'm successful. Anyway, thanks again. Btw despite my prior statements it would be kinda funny to hack the vendor, but that was just not related to this more important quest. My contact with the vendor (one very junior, very assholic person) did ask for a hacking and I have d0xed him a bit, but if I ever get this logger made then let's come back to hacking him.

hehehehehe oh, dude i like the way you think. that would be fun as heck, but i'm really not trying to hack the vendor or anyone (also, they are on the other side of the country). I'm trying to make my own version of the vendor's software (which is a DLL) so that we don't have to hire them anymore. I'm just trying to write a piece of software that captures in a log file the events on a user's computer, such as what programs they launch, when they open or close a window, and that type of thing. It's not for hacking (seriously). We just need the data on those type of events so that we can do research based on the statistics. The people who have the DLL installed on their computers are volunteers. I know I probably say something like that even when I actually am hacking someone, but in this case it's literally true LOL. Eventually all employees in the company will have some version of this logger on their computer. The only reason I'm asking this question in the context of a "keylogger" and metasploit is that it seemed to me that what a keylogger does is highly similar to what the vendor's DLL does. In fact, I know I've seen some of the same types of events recorded when I've key logged in the past, but I've used so many different keyloggers since I was a kid that I have no idea which one it was. Even if I did remember, I will want to customize this one myself anyway. I just kind of need some help getting started though, because I don't know how to call the information on those types of events. I almost suggested logging screenshots to my boss too, but then I remembered that I can't exactly do statistics on screenshots. The problem is that you and I both have our brains stuck in hacker mode lol

OMG I am soooo jealous OP, but thanks for the hacker porn!!!!! Want to sell me one for a secondhand price loaded with Kali? If so PM me an offer. Btw I heard that the first production run of Rasberry Pi had a lot of glitches -- are they worked out now and what generation/version are you on?

Hey DigiP Thanks for the response, but as much as I *love* both those hardware keyloggers and Acehackware, these traditional keyloggers aren't going to be the tool for this job. It's my fault for not writing a more clear original post and I will go clean it up in a bit. This one is not a hack at all, it's literally my main job for this company right now. But the reason hardware or other normal key loggers don't work is that we don't want keystrokes per se and we do want a bunch of stuff that the keylogger would miss. What we want are "events". Events = stuff like which window you used, how long you used it, what your workflow was, what applications you run at the same time, etc, etc. Also the bodies and headers of emails in Outlook. The vendor is not local thank Mitnick. I can show you their website in a PM if you want... i hate them sooo much. Anyway, what we want is basically the info on (almost) everything EXCEPT keystrokes. It's going to be used for statistical analysis and the keystrokes wouldn't help me in that regard, at least given the (confidential) research question I'm having to answer. Incidentally, I'm not saying that *I* own and use hardware keyloggers... but let's say that a little birdie told me that those things have been working less and less frequently over the past 2 - 4 years. They don't work on iMacs and they also don't work on any docking station I can find. Not much good for laptops either. This is an unrelated concern tho lol

Thanks. Yea it did get mangled, sorry. Naturally they block hak5 so I had to type quick and secretly on my iPad lol

Is this possible? I know that metasploit has the ability to write custom keyloggers but I don't know much about it and I've gotta update my boss later today. Basically, there's some vendor we pay a ton of money to write and utilize a runtime DLL, which captures events like when a window opens/closes, gains focus or loses focus, etc. Turns outt he vendor is a evil, obstructive, insulting, and generally useless company that causes us non-stop problems. I said that it's probably possible to accomplish the same thing we a custom written keylogger from Metasploit. Hopefully it is possible and if so, then hopefully we can output the data to SQL Server for statistical analysis and storage. If anyone knows how to do any part of that then please let me know. I don't have to actually do all this today, I just have to say if it's possible and if so then kind of show how it would work. I'll try to actually accomplish it though. If anyone can help you'll be my hero!!!! UPDATE: Sorry for the garbled message. Stupid iPad.

I just logged in to see what you guys thought of Kali :) It's so ironic --> I finally found an actual business reason to need Backtrack (or at least metasploit) but it was blocked by the evil company firewall and it takes like a week to given have them consider unblocking it.... but no one thought to block Kali :) !! I like the updates except for the name. They should've just called it BT6 in my humble opinion, but it's just a name I guess. I love that WiCD has fiiiiiiiiiiiiiiiiiiiinally been replaced by NetworkManager!!! It never made sense for an Wireless Pen Testing platform to lack a half decent network adapter (they were on crack the day they picked WiCD). You can even use a VPN without learning a long workaround from Darren! On a related note, I need to open a thread on how to do a special keylogger with the version of Metasploit found in Kali... help me out bros!

That's a new one for me. Interesting! Maybe You could take all the IP's on your own network to prevent intruders?

LOL! Thanks very much for the info! sorry for the late reply The facebook one I really primarily just use to boost the "likes" of my girlfriend's fan page. She's noob enough to get a thrill out of it. Oh, and for the record, when I picked the screen name (and it was a quick decision) I just figured it would be a little bit ironic/funny but also basically true, as it happens. Not because I don't love all things blackhat -- I do, and I do like to learn about blackhat stuff just like any student of a digital systems security program would -- but I am way too scared and risk averse to actually try to make money in a blackhat way or get famous hacking public icons. It pays too good and it's too enjoyable just to avoid it. I'll admit it gets tempting sometimes tho. YT Cracker and his whole crew like cam0, Pad, and the DG seem to make plenty of cash doing SEO... but then they have had plenty of legal trouble too. So that's the reason to be a whitehat I guess lol

Thank you in advance for voting. I'll check back periodically.