Hacking SSH and Certificate Based Authentication - Hak5

SSH Feedback
After bantering about our upcoming travels to Waynesville, Missouri and Toronto, Ontario and a little griping about zipit segmentation faults, we get into your feedback on recent SSH segments.

Dzaztur recommends Gnome SSH Tunnel Manager. It's a sleek front-end for managing SSH tunnels, port redirects and more. Tunnel configuration is stored in a simple XML formal, great for portability, and the tunnels can be managed individually through one simple GUI. Thanks for the tip Dzaztur

Lozo points out that Mac OS-X has SSH built into the terminal, much like Linux. So true. We banter with Paul-the-camera-guy about the Mac OS-X kernel, which turns out is XNU -- an accronym for X is Not Unix. So there ya go!

Sp4m says if you're running Firefox over SSH you might want to look into remote DNS lookups. By default DNS lookups aren't done through the proxy. This can be resolved by typing about:config in the address bar, and enabling the network.proxy.socks_remote_dns setting. Thanks Sp4m.

And Finally Post_Break from IamTheKiller.net points us to Secret Socks -- a SSH Socks Proxy GUI front-end for Mac OS-X that he likes a ton more than SSHTunnel 1.6. [Edit: We made a mistake and called it Secure Socks in the segment]

And finally we go kitteh before moving on...

00:36

Play
Certificate Authentication for SSH
In this segment Darren explains why certificate authentcation is a bajillion times better than password authentcation and demonstrates the configuration using Ubuntu 9.10 and an Interceptor running OpenWRT Kamikaze. This forum thread details setting up authorized_keys with Dropbear -- the SSH daemon that comes standard on OpenWRT.

Next week we'll be breaking this down with a little Man-in-the-middle action. Until then send your feedback to darren@hak5.org

09:30

Play
Build a Free Linux Live USB Key in Minutes
When it comes to finding the right Linux distribution for you it's best to try a bunch out. And what better way then to make some bootable Live Linux USB keys? Shannon demonstrates Linux Live USB -- a Windows tool that makes it super simple to build a Linux USB key in minutes. It features automatic distribution downloading AND Persistence!

22:08

Play
Questions on Wordpress Theme Hacking
Ricky writes:

I just recently started using wordpress, and I am having alot of trouble trying to design a layout for it, I was wondering if you had any references or anything to help me learn how to do this, I understand HTML and only know a little of PHP. Any help would be greatly Appreciated.
Darren recommends setting up a local LAMP stack, that is to say the web server, database and scripting language to support a Wordpress install. The easiest way to get started is with either WAMP on Windows or XAMPP on just about any platform.

The Wordpress install is dead simple.

Mostly I use PHP.net as my go to resource, but we'll also be hooking you up with a copy of Mario Lurig's PHP Reference: Beginner to Intermediate PHP5. Hope that helps. :)

The Wordpress Codex is also an invaluable resource when you really get your hands dirty when theme code. Things like the loop and trim_excerpt are well detailed. Once you start learning the Wordpress functions you'll realize what a powerful content management platform it really is.

And finally we recommend Wordpress.org/Support for their forums. If you know of a better forum for Wordpress Theme Hacking please let us know!

Category:

Science & Technology

Tags:

• linux
• man
• in
• the
• middle
• mitm
• usb
• ssh
• zipit
• certificate
• rsa
• live
• keygen
• authentication
• persistence
• creator
• hack
• hacking
• hacker
• blackhat
• whitehat

License:

Standard YouTube License