Learning to Hack | TechSNAP 56

Posted on: May 3, 2012

Posted in: Featured, TechSNAP, Video

Comment on This Video

Share This Video

Embed This Video

Learning to Hack | TechSNAP 56

In Barnes and Noble attempt to censor a magazine article about hacking, that have propelled it into the spotlight. We’ve got the details on this great write up!

PLUS: Moving big files around the world, faster torrents, and Microsoft’s hotmail flaw.

All that and more, in this week’s TechSNAP!

Thanks to:

GoDaddy.com Use our codes TechSNAP10 to save 10% at checkout, or TechSNAP20 to save 20% on hosting!

Limited time offer:

New customers 25% off your entire order, code: 25MAY7
Expires: May 31, 2012

 

Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | Torrent File

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed
Support the Show:

Show Notes:

OpenSSL fixes land for most distros

Barnes and Noble pulls magazine for article on how to hack

  • Issue #154 of Linux Format magazine has been pulled off shelves at Barnes and Noble stores in the US after complaints about the cover article, ‘Learn To Hack’
  • The content of the article has been posted online
  • The article walks the user through using the BackTrack Linux, the Penetration Testing distribution in order to exploit a virtual machine, specifically the ‘Metaspoitable’ image, which was setup specifically to contain vulnerabilities for the user to test against and exploit
  • The tutorial then walks the user through exploiting a PHP vulnerability to get a shell, and then further exploiting the Debian SSH Key weakness to gain root access to the virtual machine
  • The tutorial then moves on from attacking servers to attacking desktop machine
  • If you have physical access to a machine, is it trivial to boot from a live cd/usb and access the files on the disks, however if the user has encrypted their home directory (a simple option in newer versions of Ubuntu), then you need to be a bit more devious
  • The tutorial walks through using the LiveCD to creating a reverse-tcp shell to allow you to access the system at a later time, once the user has mounted their encrypted /home partition, giving you access to the files
  • The tutorial goes on to explain using WireShark to capture unencrypted HTTP credentials and quite a bit more
  • Metasploit Testing Lab Setup Instructions
  • Metasploitable VM Image

Microsoft patches widely exploited 0-day flaw in hotmail password reset system

  • Researchers discovered a problem with the way hotmail handles password resets
  • When you reset a hotmail password, they provide you with a token that allows you to set a new password on the account, the issue is that their code did not properly check the token, and pretty much any non-null value allowed any user to reset any other users’ password
  • Microsoft was notified of the flaw on April 20th and responded with a fix within hours, but not before the flaw was widely exploited
  • It can be particularly difficult to recover your account from an attack like this if the attacker changed the secret answer questions, removing your further ability to reset the password
  • Flaw was discovered by Vulnerability-Lab.com

Feedback:

In this week’s feedback segment, we discuss how ScaleEngine handled the unique challenges of delivering large video files to a global audience in both the short and long term.

Round Up:

No tips yet.
Be the first to tip!

Like this episode? Tip with bitcoin!

16sS5VD8NMjmkAe98Toa98Gi2DQ9QtUmMt

If you enjoyed this episode, found value or information from it, please consider contributing using Bitcoin. Each episode gets its own unique Bitcoin address so by tipping you're not only making our continued efforts possible but telling us what you liked.

Powered by Bitcoin Tips
  • gecko333

    Hello,

    any chance to get it on:

    http://feeds.feedburner.com/techsnaplarge

    THX and greetings from Austria

  • gecko333

     Hmm the link may be a bit obfuscating, I mean iTunes Potcast “TechSNAP large Video”

  • gecko333

     THX works now … Have a nice day …

  • Gerald Hopf

    Allan, you talked about your troubles mounting a 2,5″ SSD into the 3,5″ Backplanes and mentioned a $15 part that allowed you to do this.

    I cannot find something in the show notes on what part you exactly used for this. I would really like to know since this is a somewhat common problem in other systems – not only in servers but for example also in some All-In-One Desktop PCs (iMac style PCs) and in some NAS Boxes.

    Or was it a part highly specific to that very rack you used?

  • http://thestrayworld.com/ Rewarp

    The torrent isn’t uploaded yet it seems.

  • http://twitter.com/fondueboy Chris

    So all the links are broken. Do you know that and when will this be fixed?

  • ChrisLAS

    Not sure when it will be fixed, but we are working on it! 

    Sorry about that, hopefully soon!
    -Chris

  • max360se

    It’s working :D

  • http://twitter.com/fondueboy Chris

    It is ok I love you guys and you do great work. I am always impressed at what you manage to do. You Inspire me and I hope to do something like you do some day to but in my own native language.
    /Chris

  • Boop

    Why not put the other shows on bittorrent too? 

  • Fredo

    If you guys are ever starved for war stories, you can find tons of stories on http://www.reddit.com/r/talesfromtechsupport/