MS is still begging people to leave IE6, this site is kinda cool.
The hack on HBGary federal was one of two things.
1) Revenge, maybe they DID know who it was running the group and they were attacking the servers out of self preservation and just stumbled across the information that was released.
2) Protection of innocent people, they attacked HBGary Federal to stop the release or convince them to stop the release of incorrect names, and just stumbled across the information that was released.
I think a combination of the two is more of what really is going on, from all of the stories I have linked here and read it appears that he did have a few of the names right, and I have even seen the mention of a family member or girlfriend being named along with some people that are way off the mark.
So what really was the motivation of the attack? While the information that was released was great, it was an accident, if there was a good password policy going on this may not have happened and the site just would have been defaced. Or was it the intent from the begging to take them down and rootkit.com was just low hanging fruit along with all of the emails?
It does get the mind working.
Very interesting, this is going to be a difficult task to say the least.
I don’t want to re-write the link, but there are more then a few important points;
1) How do you know where the attack is coming from? (stuxnet)
2) What about the indiscriminate nature of these attacks? (Viruses and worms kinda just do their thing, even stuxnet that was targeting is infecting more machines then it targets. What if that happens to be a machine that does air traffic control and causes it to crash?).
How would you enforce this?
Would you allow for a physical response? or at what point would that be allowed?
Seems to me that it worked better then previously reported.
So with HBGary’s stash of 0-day attacks and custom rootkits where is the world going?
First there is specific laws in the US and other places that make the use of such software illegal, I am interested in the legality of this. I guess it like being part of the military, you can shoot people just not our people.
Also Germany specifically has laws against possession and development, so what about US agent carrying it?
It’s more then safe to say that HBGary was and is not the only private security firm doing this kind of work, they just got busted. Something else that is a concern is the lack of follow up by authorities into some of the activity’s that are mentioned in the released emails, spying, cyber attack etc.
The only information I can find is that someone filled a complaint against the bar for the lawyers involved with the spying and cyber attacks, and a statement that the hackers are being tracked down.
This is hardly an endorsement of what occurred, it was illegal, but what about the information that was brought up??
A little more information on the HBGary stuff,
If you have the time the emails are kicking around, could be fun.
Well done, why re-invent the wheel?
To start john with a list of passwords to try you can use;
john --wordlist=english.txt --pot=out --format=raw-MD5 u_password
The input english.txt is a dictionary file, and this is NOT pre-hashed. John will run through the list and hash the string then compare it to the ‘u_password’ file looking for a match then put the output to ‘out’.
Next is the incremental,
john -i --pot=out --format=raw-MD5 u_password
This will start running though all possible combination of characters hashing them and then looking for a match.
Now if you have installed john on windows and are confused as to why ‘raw-MD5′ won’t work, your right it won’t! You need to install a patch to get it working.
This will take a lot of time depending on the system you are running this on, but count on 8 letter passwords taking several days.
Rainbow tables are a very very quick and effective way to figure out a password, but they have a big problem, and I mean big. They are incredibly large, the more you pre-hash the bigger they get, they can be in the terabytes depending how many characters you are doing.
The other method is effective but trades the size of the pre-hashes to time. You can do an incremental brute force of the hashes.
Typically I would use some dictionaries, and a list of known passwords. You can get these from a variety of sources and I would recommend running more then one, they don’t take very long at all to run. Once I have run through the lists I will start up the brute force and let it run.