jzman

Why cant you attach some storage (32mb would work; you just need enough to hold a word file or a ppt) to the controller board, and program the micro controller to first use the HID technique to exploit the computer and then once that process has been completed, reset the connection and then mask the device as a storage device by telling the computer that it is and offering the same protocol? Would be a really cool way to mask the device as an USB ThumbDrive, and when the exploit is running the operator(s) would just think that the drivers for the USB drive are installing; so none would be the wiser--and they would still get access to a corperate "Presentation" after all is said and done--i say that is a win win. You could just make 1000 of them, and hand them out at a conference, and as they plug the devices into new computers, your exploit user base would expand without you having to do anything? Would take alot of capital to implement in this scenario, but you get the idea.

Thanks guys. The HackME server will most likely be hosted on a Xen VPS that is not on my personal network. I have been told that you can break out of a OpenVZ VM easily since you share the kernel. I can put in place as many security measures that are possible, as long as it does not defeat the purpose of the hackme server. Some measures that i have in mind at the moment are stuff like banning abusers or making a bash script for streaming logs to another server or preventing people from deleting the logs. The server will only be up for 2 days out of a week, and every week there will be a new challenge with a fresh new install of Debain/Centos/Suse/etc each week. So in the case that someone does root the server and install a bot or a backdoor, they have a very limited timeframe to abuse the server. The outgoing connection of the VPS that i am thinking about buying only goes to 20mbps so that should prevent possible abusers from DoS'ing. If the hosting company finds out what i am doing with the server then i can just take it down. I am pretty sure that they will not find out, as long as the server is not repetitiously max'ing out on the servers resources then they probably will not care. Again thanks for the advice Guys.

Just recently i have stumbled upon the idea of setting up a hak5 hackme server. The idea is that every week there will be a new crack-me challenge. There will be an accompanying website that shows statistics and what are the new competitions with a way for users to give feedback effectively. One example of a competition would be to just exploit a very early version of apache. I want to set this up just for educational purposes only. I also want help people explore new tools and techniques for offensive security and to inspire them on what defensive security measures they should be taking with their servers/projects while they are having fun doing it. I do not want people to use this service for malicious purposes or to inspire people to crack into other people's networks/computers. If the service gets abused it can be taken down in a very prompt manner. The whole event would be community driven and It seems like a fun project that i can attempt and see how it plays out, but i want your opinion, should i even attempt to start this service, what are the pros/cons of this, what platform or security measures should i take? I would appreciate any advice, thanks.

You are correct. If you find the file please do not repost it. Some noobs can mis-use the file for their douchebag ways. --jzman

I did find the link and it shocked me... it amazes me how much this guy had no morals and was very 'selfish' and inconsiderate in what he did. The way he talks about hak5 makes me want to knock the F$%*&^@ $h1# out of him if i ever met him, and makes me think that he is one of the most ignorant, shallow SOB's out there. But i will say, it is important that people need to start getting better passwords/passphrases and change their hak5 pass atm if they currently have not, and any pass related to it... not because of the hacker using the passes (which he clearly stated that he might be back but i have absolute confidence in matt, mubix, and all of the other admins in play here) but because of some noob will find that file and use that file for not so swell intentions. Otherwise, people if you find the file please do not share it, and please do not be a douche with it, that will get you no where. Other than that that i think the lesson was learned, and not just to certain people but to me as well, and i probably could say everyone here. Cheers, hope everything goes well. P.S. Matt, mubix, vako thanks and stay positive :) --jzman

Sorry guys, i found another error as you switch modes, ill work on it.

Ok, i have patched it to work with windows vista and windows 7 without the window size error, if you have windows XP i advise you to use 0.2.4 instead of this new patch 0.2.4.1. Again if you have any problems please let me know, Thanks. The link for the new patch is : hakstalkers.com/mirc/haklive-beta-2-4-1.air

Ok, so the last air app was decent but then #hakhouse moved the irc and then the streams for a little while. I didn't have time to patch it or release version 0.3, but inspite of me finding time on my hands lately and not being tied up at work, i have started the air app project again. At the moment this is just a working app to get started on, this is version 0.2.4 and the version 3 app has a few bugs that me and a friend are going to try and work out and i hope that i can release it soon. For the time being, i will need to fix the windows vista window size error and the windows 7 windows size error in this app. Other than that if there are any improvements that i can make, please feel free to comment below. *UPDATE - Windows 7, Windows Vista Patch* : http://hakstalkers.com/mirc/haklive-beta-2-4-1.air Hak5live Air App 0.2.4 : http://hakstalkers.com/mirc/haklive-beta-2-4.air

pyrit looks nice, now we just need a clutster of i7 mobos with 3 GTX 295's each and a large SAN :)

I think darren should do a segment with the remote exploit link i posted, they say its 10 thousand times faster, and darren said with his acer aspire one he could only crack 11 keys per a second, so this is like 110,000 keys a second :D

If there was a CUDA app to generate WPA2-PSK keys from keywords, and someone had 4 2TB HD's in RAID1 (it would suck if you lost a week of generation and almost 3 weeks of mapping/indexing the keys in order), so 4TB total storage, use john the ripper to generate the keywords, and at 10MB per a sec of generation, you would be done within a week. And then you have to put the keys in order by the WPA key, which will take maybe 1 to 3 weeks. Then you would have to generate a Query map of the keys that you can load into ram, to make searching much faster. Then you probably could open a web site up with google ads and a limit on how many keys an IP address can crack a day/month, and offer a paid service to up the limit. Since so many people want to crack WPA keys and a majority of people use lousy passwords/SSID's your web site would get alot of visits/hits and you would be rich with AD money. Seems like this project idea could be worth the investment to someone. Seems like the hardest part would be the CUDA app and maybe the indexing/storage app, but almost any C++ programmer can learn CUDA real fast and the storage app isnt really hard either. UPDATE : Also http://www.scmagazineuk.com/WiFi-is-no-lon...article/119294/ -and- http://forums.remote-exploit.org/bt4beta-h...rack-4beta.html

Um, since they switched over to justin, i need mibbit and justin.tv i might just mod the old one and re-distribute it. I have a new one but i don't wanna release just yet.

Yes the links were dead, hakstalkers has just switched servers and i forgot to update the links, sorry about that. This is the old 2.1, im sorry i havent released any updates, i have been really busy with work, and with the hakstalekers and some other matters. During Spring break i get an extra 3.5 hours a day of freetime, and i will try my best to release the version 0.3 or the 0.9. We also might start on a hakstalekers Air App (more on that in the future). The new link is : http://hakstalkers.com/HSSB2p1.zip

Ustream API keys allows developers to access and use the ustream API, for projects like checking if a stream is up. The default keys have query limits, like you can only submit 5000 quieries a day, and a site such as hakstalkers.com need way more quieres if it wants to constantly show the active streams every 5 minutes. For example if you have 100 streams, and you want to check every 5 minutes thats 28,800 quieries a day to the API. So Hakstalkers.com and Darren, have been trying to get a better key, for the hakstalkers site.

And if the file is really big, and you don't have hosting, i can host it for you.

If the video your missing is at the beginning, i doubt anyone has recorded that, so if you cant find the missing parts, just post what you got. A little portion of something is always better than a nothing of something. Also thanks for recording last night.

Cheers darren, dont get too drunk :)

I personally like all the energy drinks, it depends what i will be doing afterwards or when i'm drinking it, or the reasons why i'm drinking a energy drink. If i'm about to got work, ill drink a 5 hour energy shot mixed with another drink, like Gatorade. Other wise, if i am just drinking it cause i wanna drink one, ill just pick one for the taste. And to me, they all have their own unique taste.

Here is another really cool software that uses the power of your nvidia GPU to cross encode you HD videos. I figured that Hak5 could use it to speed up the rendering of the HD episodes. link : http://tmpgenc.pegasys-inc.com/en/product/te4xp.html

I like Google chrome. I also use it a lot. I especially like developing for Google chrome (web dev). Is nice and fast, and it has some nice features, for example the developers menu. It has a good future. And somewhere, not in the far future, Google says they might make it into a OS.

On my windows 7 setup, im running avira and ad-aware. And yes i have test windows 7 on all 13 of my machines an i have noticed that even with aero on that it still runs faster than vista. On the low end machines it does crash when i try to do HD editing, but it reboots really fast. So even when it crashes (which is rare for me) it still isn't really a problem.

Ive had windows 7 for awhile now, and just last night i have installed it as my main OS. I have an XP partition, a Win7 partition, and a media partition (where is store all my music, movies, and downloads), i also have everything backed up onto my network (NAS). But so far i have been testing as many applications as possible and i have not had any problems. I have also noticed that it is much snappier/faster than XP. Its like vista was the beta to windows 7.

I love hak5 and i love the show. Ive been a viewer since 2006 and ive watched every episode. And yes lately i have noticed in season 4 the episodes have lost some sense of formality, its much more talk then segment, and isn't so "planned out" (i don't know the exact word) if i should say. To me informality is much more exciting. But like in the last episode (419), i saw alot more formality, like in season 3, and it still has personality and a nice viewer connection. I thought episode 419 was one of the best episodes of season 4. Even episode 420 had alot of formality, personality, and information (even though it was at CES), and i also really liked it. If you look at season 3 and then look at early season 4 you will notice a big differences, as in season 3 actually seems more pro and formal, less "bloopers" if i should say, but season 4 does have much more personality and seems like it has a better viewer connection. But still, i like all the episodes, and i think its really cool that these guys take time from their lives to make these episodes. Well that was my 2 cents of what i think about season 4.

In the new episode of hak5, you are shown how you can use your GPU to crack MD5's. If you want to test your computer to see how fast it can bruteforce MD5's goto www.geeks3d.com/?p=2333. With my current dual GTX 280 setup i can crack about 992 million MD5's per a second with a peak at 1.003 billion cracks per a second. Each GTX 280 runs at about 933.12 GFlops. The future coming GTX 295 runs at about 1788.48 GFLOPS, that is about the power of 30 Intel quad core core2 processors. So if you have a dual GTX 295 setup, or if you have an i7 system then you can probably use a tri GTX 295 setup, you can get performance up to 3.6 TFlops for a dual setup and about 5.4 Tflops for a tri setup. If you run the MD5 crack test you should get 1.8 billion MD5 cracks for a dual setup and about 2.7 billion MD5 cracks for the tri-set up. The only problem i see is that there isn't enought motherboard speed to convey all of those cracks to system memory, and with a 3Gbps SATA HD you will only be able to write maybe 12 million cracks per a second to the HD. But i do hope in June, when i get my next major paycheck that i can buy a new system (hopefully and i7 system) with dual GTX 295's, i wont be using the system for cracking passwords, i will most likely use it for other solutions. But there are already products out now that allow you to use the power of your graphics card. Like Adobe CS4 for example. Also for media encoding Have a look at the BadaBoom media converter. It uses NVIDIA CUDA to transcode H264 HD videos in realtime (~30fps) or faster (some sources say 60-70 fps). Also if your interested in robotics or 3D moddleing i suggest you have a look at StereoImaging and disparity maps with CUDA, this will allows you to create depth maps of a scene and will allow for you to gadge distances from objects in real time. There are many more projects out there that harness the power of your CPU. Google is your friend in this citation. links : http://www.mirrorservice.org/sites/downloa...ereoImaging.pdf http://www.gpureview.com/geforce-gtx-295-card-603.html http://www.badaboomit.com/ http://www.geeks3d.com/?p=2333 **sorry if this message might be a little inconvient, i had a previous rough day and didnt sleep that night**

Sorry ive been on break, ill try to work on it tomorrow :)