Wednesday, August 22, 2012

Thanks, and UtahSAINT Conference 2012


First off, I'd like to thank all those who have build on my proof of concept, Using twitter to build password cracking wordlist. Some of you have seriously taken it to the next level, and I applaud your efforts.

Including, but not limited to:
http://www.digininja.org/projects/twofi.php
http://blog.hacktalk.net/twitscrape/
http://www.damnsecure.org/?p=833
http://www.nathanv.com/2012/07/18/shell-script-use-twiter-and-bing-to-generate-wordlists/
Nicely done, effective hackers.

Now on to the main reason for this post.
I'll be presenting at the UtahSAINT Conference 2012, this upcoming Oct 9-12 in Saint George UT.
My topic will be "The 7 Habits of Highly Effective Hackers: Effective hacking techniques and countermeasures."

Other speakers include:
Kevin Young- whose unique passphrase cracking techniques helped his team take 2nd place at this year's "crack me if you can" contest at Defcon
Miles Johnson- Security Analyst at Utah State University (and my old mentor)
Special Agent Cheny Engtow- of the FBI
And many more...

If you're attending the conference or just in the area, swing by and say hello.
Until next time...

Wednesday, August 15, 2012

Passively Cable Tapping Cat5



When someone shows off a novel idea/solution they came up with, there are typically about a thousand people who rush in to say "You should have done it this way instead."  Then others who attempt to build on the idea, and make it easier and even cooler. In this post I will attempt the latter.

In the most recent edition of 2600, The Hacker Quarterly, there was a story entitled "BUILDING A CAT-5 CABLE  TAP" that details how to create a passive hardware cable tap using alligator clips. I love seeing stuff like this. The author came up with this idea, made it work, and posted it for all to share.

This past spring while in a server room with a friend/co-worker, we noticed a cable that ran through our cage that belonged to a different group within our company. We joked about cutting it, attaching a RJ45 end to each side, and sticking a hub on it. The conversation progressed to methods for doing this passively, without having to cut the wire. Soon we came to the same idea as the author, and decided we could use alligator clips.

Later on that week I was online reading about wall jacks and decided to give this a try. I picked up a cat5 end for 1.40 at home depot. I stripped a small length of the cat5 outer shielding, and punched the wires down into the wall jack. Make sure you use a tool bit that doesn't cut the wire on one side.







This worked great. The target machine didn't even drop a packet. Basically the exact same thing as using alligator clips, but much less stripping.

My hat is off to the author of the article. I hope you don't mind me expanding a little on your idea.