jzman

Why cant you attach some storage (32mb would work; you just need enough to hold a word file or a ppt) to the controller board, and program the micro controller to first use the HID technique to exploit the computer and then once that process has been completed, reset the connection and then mask the device as a storage device by telling the computer that it is and offering the same protocol? Would be a really cool way to mask the device as an USB ThumbDrive, and when the exploit is running the operator(s) would just think that the drivers for the USB drive are installing; so none would be the wiser--and they would still get access to a corperate "Presentation" after all is said and done--i say that is a win win. You could just make 1000 of them, and hand them out at a conference, and as they plug the devices into new computers, your exploit user base would expand without you having to do anything? Would take alot of capital to implement in this scenario, but you get the idea.

Thanks guys. The HackME server will most likely be hosted on a Xen VPS that is not on my personal network. I have been told that you can break out of a OpenVZ VM easily since you share the kernel. I can put in place as many security measures that are possible, as long as it does not defeat the purpose of the hackme server. Some measures that i have in mind at the moment are stuff like banning abusers or making a bash script for streaming logs to another server or preventing people from deleting the logs. The server will only be up for 2 days out of a week, and every week there will be a new challenge with a fresh new install of Debain/Centos/Suse/etc each week. So in the case that someone does root the server and install a bot or a backdoor, they have a very limited timeframe to abuse the server. The outgoing connection of the VPS that i am thinking about buying only goes to 20mbps so that should prevent possible abusers from DoS'ing. If the hosting company finds out what i am doing with the server then i can just take it down. I am pretty sure that they will not find out, as long as the server is not repetitiously max'ing out on the servers resources then they probably will not care. Again thanks for the advice Guys.

Just recently i have stumbled upon the idea of setting up a hak5 hackme server. The idea is that every week there will be a new crack-me challenge. There will be an accompanying website that shows statistics and what are the new competitions with a way for users to give feedback effectively. One example of a competition would be to just exploit a very early version of apache. I want to set this up just for educational purposes only. I also want help people explore new tools and techniques for offensive security and to inspire them on what defensive security measures they should be taking with their servers/projects while they are having fun doing it. I do not want people to use this service for malicious purposes or to inspire people to crack into other people's networks/computers. If the service gets abused it can be taken down in a very prompt manner. The whole event would be community driven and It seems like a fun project that i can attempt and see how it plays out, but i want your opinion, should i even attempt to start this service, what are the pros/cons of this, what platform or security measures should i take? I would appreciate any advice, thanks.

You are correct. If you find the file please do not repost it. Some noobs can mis-use the file for their douchebag ways. --jzman

I did find the link and it shocked me... it amazes me how much this guy had no morals and was very 'selfish' and inconsiderate in what he did. The way he talks about hak5 makes me want to knock the F$%*&^@ $h1# out of him if i ever met him, and makes me think that he is one of the most ignorant, shallow SOB's out there. But i will say, it is important that people need to start getting better passwords/passphrases and change their hak5 pass atm if they currently have not, and any pass related to it... not because of the hacker using the passes (which he clearly stated that he might be back but i have absolute confidence in matt, mubix, and all of the other admins in play here) but because of some noob will find that file and use that file for not so swell intentions. Otherwise, people if you find the file please do not share it, and please do not be a douche with it, that will get you no where. Other than that that i think the lesson was learned, and not just to certain people but to me as well, and i probably could say everyone here. Cheers, hope everything goes well. P.S. Matt, mubix, vako thanks and stay positive :) --jzman

Sorry guys, i found another error as you switch modes, ill work on it.

Ok, i have patched it to work with windows vista and windows 7 without the window size error, if you have windows XP i advise you to use 0.2.4 instead of this new patch 0.2.4.1. Again if you have any problems please let me know, Thanks. The link for the new patch is : hakstalkers.com/mirc/haklive-beta-2-4-1.air

Ok, so the last air app was decent but then #hakhouse moved the irc and then the streams for a little while. I didn't have time to patch it or release version 0.3, but inspite of me finding time on my hands lately and not being tied up at work, i have started the air app project again. At the moment this is just a working app to get started on, this is version 0.2.4 and the version 3 app has a few bugs that me and a friend are going to try and work out and i hope that i can release it soon. For the time being, i will need to fix the windows vista window size error and the windows 7 windows size error in this app. Other than that if there are any improvements that i can make, please feel free to comment below. *UPDATE - Windows 7, Windows Vista Patch* : http://hakstalkers.com/mirc/haklive-beta-2-4-1.air Hak5live Air App 0.2.4 : http://hakstalkers.com/mirc/haklive-beta-2-4.air

pyrit looks nice, now we just need a clutster of i7 mobos with 3 GTX 295's each and a large SAN :)

I think darren should do a segment with the remote exploit link i posted, they say its 10 thousand times faster, and darren said with his acer aspire one he could only crack 11 keys per a second, so this is like 110,000 keys a second :D

If there was a CUDA app to generate WPA2-PSK keys from keywords, and someone had 4 2TB HD's in RAID1 (it would suck if you lost a week of generation and almost 3 weeks of mapping/indexing the keys in order), so 4TB total storage, use john the ripper to generate the keywords, and at 10MB per a sec of generation, you would be done within a week. And then you have to put the keys in order by the WPA key, which will take maybe 1 to 3 weeks. Then you would have to generate a Query map of the keys that you can load into ram, to make searching much faster. Then you probably could open a web site up with google ads and a limit on how many keys an IP address can crack a day/month, and offer a paid service to up the limit. Since so many people want to crack WPA keys and a majority of people use lousy passwords/SSID's your web site would get alot of visits/hits and you would be rich with AD money. Seems like this project idea could be worth the investment to someone. Seems like the hardest part would be the CUDA app and maybe the indexing/storage app, but almost any C++ programmer can learn CUDA real fast and the storage app isnt really hard either. UPDATE : Also http://www.scmagazineuk.com/WiFi-is-no-lon...article/119294/ -and- http://forums.remote-exploit.org/bt4beta-h...rack-4beta.html

Um, since they switched over to justin, i need mibbit and justin.tv i might just mod the old one and re-distribute it. I have a new one but i don't wanna release just yet.

Yes the links were dead, hakstalkers has just switched servers and i forgot to update the links, sorry about that. This is the old 2.1, im sorry i havent released any updates, i have been really busy with work, and with the hakstalekers and some other matters. During Spring break i get an extra 3.5 hours a day of freetime, and i will try my best to release the version 0.3 or the 0.9. We also might start on a hakstalekers Air App (more on that in the future). The new link is : http://hakstalkers.com/HSSB2p1.zip

Ustream API keys allows developers to access and use the ustream API, for projects like checking if a stream is up. The default keys have query limits, like you can only submit 5000 quieries a day, and a site such as hakstalkers.com need way more quieres if it wants to constantly show the active streams every 5 minutes. For example if you have 100 streams, and you want to check every 5 minutes thats 28,800 quieries a day to the API. So Hakstalkers.com and Darren, have been trying to get a better key, for the hakstalkers site.

And if the file is really big, and you don't have hosting, i can host it for you.