Meeting tonight starting at 6pm! See the Meeting Info page for more info.

You are currently browsing the archives for "Articles"

Password Cracking on UNIX

Posted by, maxwell on August 30, 2010 at 9:44 pm

Introduction

This article describes the basics of cracking user passwords stored in the /etc/passwd and /etc/shadow directories. The passwd directory stores information regarding groups, uids, usernames, and passwords, in the following format:

misty:x:501:501::/home/misty:/bin/bash

where x is the password. This article will use John the Ripper to crack user passwords and display them as plain text.

Note: The methods described in the following text were performed on Red Hat Enterprise Linux 5 Server Edition. Although that shouldn’t matter and this information should be accurate in any UNIX environment, if something is not working and you use Ubuntu, that may be the problem. However, if you are using Ubuntu, you have much more serious problems than we can solve here.

Installing John the Ripper

The first step is to download John the Ripper (http://www.openwall.com/john/g/john-1.7.6.tar.gz) and install it. To install extract everything to your home directory (or whatever directory you want, but I use /root/) and go into the src directory. Enter the command “make” and then enter the command “make clean generic”. Now go into the “run” directory and test out the program through the following commands:

cd ../run
./john --test

Running John the Ripper

Now that you have successfully installed john the ripper (if you haven’t, try using “john” instead of “./john”) it is time to use it to crack user passwords on your UNIX system. Type the following commands into your terminal to give the program the information it needs to begin brute forcing password hashes (by the way I highly recommend adding more words to the file password.lst in the run directory, since this is the wordlist we will be using to try and crack passwords with):

./john password.lst
./unshadow /etc/passwd /etc/shadow > /tmp/crack.password.db

check the file /tmp/crack.password.db and see where the x used to be, and the string now there instead of that x is the password. If it still isnt showing the password, use the following command:

./john /tmp/crack.password.db

Be warned that that process takes forever, but once it’s finally done, check ./john –show and you should be able to see each password that was cracked along with the corresponding username.

Congrats! You’ve just cracked the passwords of the users on your UNIX system!

Tags: ,

Articles, Cracking, Save our Site Contest | 1 Comment

The Joys of Rooting Your Android Phone Part 2

Posted by, HalfSight on August 1, 2010 at 1:44 pm

Recently I got a new Motorola Droid X. This article will be more information than actual hacking or modding. Google bought the Android OS in 2005 and it has had a rocky path to success. Often being compared with the iPhone, the Android operating system offers one main difference, openness. Programmed in Java and run on a Linux kernel, Android offers a lot to the phone community. Although Android’s success has been through openness, as other big manufacturers get their fingers in the jar we are seeing some things being locked down and controlled a bit more. The newest Moto Droid X is a prime example of corporate control. This phone has a locked bootloader will continue to be locked until the encrypted technology can be hacked through. On the original G1, Google’s flagship Android phone, you were able to change the bootloader to different versions with relative ease.This process puts you in danger if bricking your phone if you are inexperienced, so if you are thinking about flashing a new bootloader, do your research.

Continue reading “The Joys of Rooting Your Android Phone Part 2” »

Tags: , , , ,

Articles, Save our Site Contest | 1 Comment

The Joys of Rooting Your Android Phone

Posted by, HalfSight on July 26, 2010 at 5:59 pm

I get a lot of people asking me exactly why I root my phone. My general response to this inquiry is why don’t you root your phone? Once someone has achieved the initial root exploit, rooting is pretty easy. There are guides every where on the net for rooting your android phone. The most popular group for rooting are the teams over at XDA Developers (http://www.xda-developers.com/). There are many other rooting websites popping up all over the Internet, XDA is simply the largest and has the most content. You can also do a search for your phone model on Google and you will receive hits to www.theunlockr.com for many excellent guides on gaining root access. If you have a Moto Droid feel free to check out www.Droidforums.net for the latest guides to rooting your phone.

Continue reading “The Joys of Rooting Your Android Phone” »

Tags: , , , , ,

Articles, Save our Site Contest | No Comments

Kool Numberz: The Quickest Way to Cool!

Posted by, dual_parallel on July 24, 2010 at 6:41 pm

Fascinated by phreaking? Want to taste the excitement of telephonic exploration, but just don’t have the time? Well, this article is for you! With this simple method, you’ll fly through the phone lines, finding the coolest numbers before you can say “toll fraud!”

This article details the items you need to scan and how and where to scan to find the coolest numbers, quick. Let’s begin with the few free things you need to start impressing friends and family with cool numbers right away! Let’s go!

First, you need toll access. You likely have a cell phone or a VoIP line, and if you’re lucky you big spender you, you have a land line with toll access. You will be making “long distance” calls within the NANPA, most likely the US and Canada. Next you need internet access. Yes, you need to access the online to get the infos on the juiciest exchanges. You will need a text editor or word processor. Notepad++ on Windows or nano on Linux are examples. Mac is not supported for cool stuff.

Continue reading “Kool Numberz: The Quickest Way to Cool!” »

Tags: , , , ,

Articles, Save our Site Contest | 4 Comments

Citizen Journalism (A Media Hacking Primer)

Posted by, Terrordrone on July 24, 2010 at 11:19 am

Does Glenn Beck or Kieth Olberman speak for you? Me neither (if they do just stop reading now as this article may induce vomiting, head ache and uncontrollable rage.) Now I’m not here to put anyone down both of the above men and their brethren on cable news networks and local news are very good at their jobs. Unfortunately the main focus of the job is not reporting news, it’s selling a product. Commercial news sources are a business and businesses exist to turn a profit. Commercial news does this with sponsors be it television, radio, Internet or print. There in lies the problem the businesses can’t afford to upset the sponsors. So ideas such as ethics, integrity and honor fall aside for profit. Citizen journalism also known as “public”, “participatory”, “democratic”, “guerrilla” or “street journalism” has no sponsor, no editors, no corporate overlords to appease.

Citizen journalism is not a modern phenomena in fact we can trace it back to the earliest forms of communication. Throughout history powerful and often corrupt organizations have done everything within their power to spin public opinion to view facts and ideas to suit themselves. Most fortunate for us, people and groups stood up against churches, governments and the such in power to spread other truths and ideas. Benjamin Franklin had “Poor Richard’s Almanac” and Martin Luther had “95 Theses”. In the modern era technology has given us much better tools in our arsenal.

Continue reading “Citizen Journalism (A Media Hacking Primer)” »

Tags: , , , , ,

Articles, Save our Site Contest | No Comments

Basic Slackware Security

Posted by, dual_parallel on August 29, 2008 at 12:23 am

Welcome to

Slackware Linux began in April, 1993. For over ten years, Slackware Linux has focused on “simplicity and stability.” Everything just works in Slackware. Slackware is also considered one of the most secure GNU/Linux distributions. That being said, it does not mean that security can be ignored after a friendly Slackware installation.

This article is meant to be a crash course in Slackware security. It will detail some basic steps that should be taken before you consider Slackware to be fully installed. Again, these are basic steps – more services will require more configuration. And note that you’ll have to be root to perform the configuration tasks in this article. On to the install.

Preparing Your Hard Drive

The methods and reasons for creating multiple partitions are many and hotly debated. We will offer a secure partitioning scheme, while not sacrificing usability or making things overly complicated. In the end, having these four partitions will go a long way towards creating a more secure working environment.

/swap

Typically your swap partition is twice the amount of your computer’s RAM.

/boot

Your boot partition is where your kernel(s), and your boot loader will reside. The security advantage of having a small dedicated boot partition is that in the event your box is “0wned,” it affords the intruder a smaller space for backdoors. Also, it makes things like the size of System.map and vmlinuz easier to keep an eye on for size changes. Twenty to 50 MB is sufficient for a boot partition.

Continue reading “Basic Slackware Security” »

Tags: ,

Articles | No Comments

Viewing br.rm in Linux Mini – HOWTO

Posted by, Feend on August 28, 2008 at 11:53 pm

Like other listeners of rfa I too wanted to view the binary revolution unveiling video (www.oldskoolphreak.com/video/br.rm) but was horrified that I could not even after downloading the RealPlayer client (http://forms.real.com/real/player/unix/unix.html?src=052703realhome_1_1). After many hours of therapy I am now able to help those who may also be suffering from this condition.

Using Realplayer8 to view br.rm
1. Follow the RealPlayer link above
2. Fill in the information (false info is fine)
3. At the “Select OS” drop down menu choose Linux 2.x (libc6 i386)
4. Save to your desired directory (I used ~)
5. chmod u+x rp8_linux20_libc6_i386_cs2.bin
6. ./rp8_linux20_libc6_i386_cs2.bin
7. Return back to the RealPlayer link provided at the top of the mini-HOWTO
8. You will see a “Free RealVideo 9 codec upgrade package” link…follow it
9. Download rv9_libc6_i386_cs2.tgz
10. Rename rv9_libc6_i386_cs2.tgz to rv9_libc6_i386_cs2.tar
11. tar -xvf rv9_libc6_i386_cs2.tar
12. mv /rv9/codecs/rv40.so.6.0 /RealPlayer8/Codecs/
13. mv /rv9/codecs/drv4.so.6.0 /RealPlayer8/Codecs/
14.
15. Open br.rm
16. Enjoy

Continue reading “Viewing br.rm in Linux Mini – HOWTO” »

Tags: , ,

Articles | No Comments

Culture Jamming Resources

Posted by, Meme on August 28, 2008 at 11:36 pm

P R I N T B I B L I O G R A P H Y :


Culture Jam
How to reverse America’s suicidal consumer binge-and why we must
by Kalle Lasn

Obey the giant
Life in the image world
by Rick Poynor

Media Virus
Hidden agendas in popular culture
by Douglas Rushkroff

The system of objects
a cultural critique of the commodity in consumer society
by Jean Baudrillard

The medium is the MASSAGE
an inventory of effects
Marshall McLuhan, Quentin Fiore, Jerome Agel

The twilight of American culture
A prophetic examination of western decline
by Morris Berman

Continue reading “Culture Jamming Resources” »

Tags:

Articles | No Comments

Hardware Keylogging

Posted by, XlogicX on August 28, 2008 at 11:24 pm

A key logger is a device or piece of software or hardware that intercepts and stores strokes of a keyboard. I’ll be focusing on the hardware key loggers. Hardware key loggers do have their disadvantages, though. I felt the benefits definitely outweigh the weaknesses. There are a couple of hardware key loggers out in the market. I’ll discuss one of the more popular ones. I’ll also go over the theory of how they work and how one could be built (if you’re afraid of being “secured” by the “homeland”).

Disadvantages of Hardware Key Logging

Limited Storage: The storage space is one of the first notable limits. With software key logging, the limit is usually the size of the free disk space on the hard drive. The limit of the commercial logger I’ll go over is only 64K. It may sound bad in comparison to all of the huge hard drives out there, but if you think about how much text is required to take up 64K, it’s plenty enough to get accounts and passwords. Also, if you make your own logger, the limit is however much EEPROM (Electrically Erasable Programmable Read Only Memory) you wish to purchase and are able to address

Visible Detection: If the back of the computer is visible, the logger is pretty simple to see. It looks like an inch long PS/2 adapter. Though it doesn’t look suspicious, it is still visible. One thing I would do to overcome this disadvantage is get a PS/2 extender cable and connect the logger below the computer somewhere out of site.

Continue reading “Hardware Keylogging” »

Tags: , ,

Articles | No Comments

BarCode Tricks

Posted by, XlogicX on August 28, 2008 at 11:16 pm

There are a few ways to purchase a product with the price of another. Before I talk about that though, I’ll review the meaning of the bars and numbers on the bar code. After that, I’ll explain tricks like “inking” and the “sticker.”

Review: What bar-space combination will make a meaningful number? For UPC-A, there is about 23 different meaningful characters: 1 start guard, 1 center guard, 1 stop guard, 10 left hand data characters, and 10 right hand data characters. I specify right and left because the code is different on each side. Imagine the data characters as 7-bit binary words; where the 0 is a space, and a 1 is a line.

Notice that all left-hand characters start with a 0 and end with a 1. Also, the right hand side is just the compliment of the left-hand side; so if the bit were a 0 on the left for a certain character, it would be a 1 on the right for the same character. Another thing to notice is that there are two variable width spaces and lines per character, no more, no less.

Continue reading “BarCode Tricks” »

Tags: ,

Articles | No Comments
Next Offical Meeting Date: September 3, 2010 Time: 6:00 pm Click for more info