Irongeek.com

Welcome to Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and tutorials I will be posting them here. If you would like to republish one of the articles from this site on your webpage or print journal please e-mail me. Enjoy the site and write us if you have any good ideas for articles or links. Adrian

News/Change Log:

07/04/2008	Web Bug Article Updated With PHP/MySQL Source Code I've updated my very old article on web bugs/web beacons to straighten out some bad formatting and to add an example of a web bug that uses PHP and MySQL. For those that don't know, Web Bugs are images (Gifs, Jpegs, PNGs, etc.) that companies and organizations put into web pages, e-mails and other HTML supporting documents to track information about the viewer. These images are sometime know by other names such as tracking bugs, pixel tags, web beacons or clear gifs. What ever the name, their function is largely the same.
07/04/2008	Dreamhost Review Updated It came to my attention that my Dreamhost review was a bit dated and had wrong information based on changes that Dreamhost has made over the last year. I've updated it to reflect some of Dreamhost's new polices, my experiences and how the discount codes differ from when I last updated it (1/31/2007). I've also have five limited discount codes to give away that grant the following: 2TB disk and 20TB bandwidth, gives $150 off a 5-year signup or $200 off a 10-year signup. Contact me if you want one of my five one time use codes.
06/26/2008	New Video:Setting up a Tarpit (Teergrube) to slow worms and network scanners using LaBrea (The "Sticky" Honeypot and IDS) A network Tarpit, sometimes know by the German word Teergrube, is a service or set of hosts that deliberately try to slow malicious network connections down to a crawl. The idea is to put up unused hosts or services on the network that respond to an attacker, but do things to waste their time and greatly slow their scanning (or spreading in the case of Worms). For this video I’ll be using a package called LaBrea by Tom Liston and tarpitting unused IP addresses on my home LAN. Also, DecaffeinatID Intrusion Detection System ver. 0.07 is out.
06/24/2008	Ironkey at the Kentuckiana ISSA meeting on June 27th 2008 Steve Tonkovich from Ironkey will be giving a talk at the ISSA-Kentuckiana Chapter Meeting on Friday June 27, from 11:30 am to 1:00 pm. Ironkey’s discussion will be on securing mobile data. The meeting will be held at their new location: Innovative Productivity / McConnell Technology Hopefully I can convince Steve to give me a demo unit of the Ironkey thumb drive to test for a review on my website. As a side note, DecaffeinatID ver. 0.06 is out.
06/23/2008	DecaffeinatID Updated to ver. 0.05 Several major improvements have been implemented. The various monitoring functions are now set off via a timer. This allows the event loop to be looser, the GUI more responsive and DecaffeinatID to be less of a hog on the CPU. This caused a change in the way that the sleep parameter in the INI file is interpreted. Now the sleep parameter specifies the amount of time in milliseconds between each monitor function (ARP cache, Firewall and Event Log). For example, with the new default of "sleep=1000", DecaffeinatID waits about one second between each monitor function, so to go through one cycle takes about three second  with the default setting (I've taken it down to "sleep=100" without major problems). The only downside to this is that some alerts may be skipped if several happen at nearly the same time, but since DecaffeinatID's main function is just to alert you of network shenanigans this is a worthwhile compromise (when DecaffeinatID warns you about something, you really should check your logs for more details anyway). I've also fixed a problem with ARP cache parsing that was caused by the word "invalid" in the output of the "arp -a" command.
06/22/2008	New Video:Compiling and Configuring DHCPD from Source Devil2005 has created a video on compiling and configuring dhcpd from source. He’s using the Fedora 9 distro of Linux for the video, but the lessons learned should be applicable to other distros. For that matter, even if you are not interested in installing dhcp in this way it’s still a good lesson on how to download and compile various applications from source.
06/21/2008	Doktor Kaboom's Smoke Ring Cannon Even though this is not computer security related, it was such a cool display I had to share it with my hacker buddies. I guess you could call it hardware hacking of sorts, with cool science principles. Make sure you re-watch the first few seconds a couple of times to get the full effect. I saw Doktor Kaboom's Smoke Ring Cannon at this years Kentucky Renaissance Faire. Now it's time to make one of these things for myself. Check out Doktor Kaboom's site at: http://www.doktorkaboom.com/
06/20/2008	DecaffeinatID: Simple IDS/ ARPWatch For Windows Updated Jabzor was the first major contributor to the project. He did some major rewriting, making a better GUI, making my code prettier/easier to maintain and laying out the INI file better. I made further changes to Jabzor's GUI and made the ARP Watching function a little more efficient (Still needs much work).
06/19/2008	DecaffeinatID: A Very Simple IDS / Log Watching App / ARPWatch For Windows DecaffeinatID started because I wanted a simple ARP Watch like application for Windows. In a short matter of time, feature creep set in. DecaffeinatID is a simple little app that acts as an Intrusion Detection System (more of a log watcher really) to notify the user whenever fellow users at their local WiFi hotspot/ LAN are up to the kind of "reindeer games" that often happen at coffee shops and hacker cons.
06/11/2008	PEBKAC Attack Script: Finding passwords in event logs Ever wanted to quickly search a Windows Event Log to find passwords users inadvertently typed into the user name field? Well, this script should make it easy to do such audits. Read the rest of the article for details. Also, if you are interested in using BackTrack for pen-testing, check out my friend Lee Baird's collection of videos and documentation on BackTrack and other hacking topics.
06/09/2008	New Video:Using Data Execution Prevention (DEP) in Windows XP and Vista: Fighting back against buffer overflows and memory corruption  I’ve recently become interested in measures that modern CPUs can take to prevent various types of memory corruption attacks. One such feature is the NX bit (as AMD calls it, XD is Intel’s term), which allows for memory pages to me marked as not executable. Microsoft Windows started using this ability with XP SP2 as part of their Data Execution Prevention (DEP) feature. Unfortunately, to get most out of DEP you have to configure it. This video will show how to configure DEP protection in Windows XP and Vista.
06/07/2008	New Video: DNS Spoofing with Ettercap In my previous two videos I showed how to use Ettercap plugins for various pen-testing and security evaluation functions. In this video I’ll show how to use the Ettercap plugin dns_spoof to set up DNS spoofing on the local area network.
06/04/2008	A Review of "Building Secure Products and Solutions" This is a little article I wrote for the Operations Management class I'm in. Most Irongeek readers may not be interested in it, but I wrote it so I might as well post it.
05/29/2008	New Video: More Useful Ettercap Plugins For Pen-testing In my previous video I showed how to use Ettercap plugins to find sniffers on the network. In this video I’ll show three more useful Ettercap plugins: find_ip, gw_discover and isolate.
05/26/2008	How To Cyber Stalk Potential Employers Article Updated I updated the "Social Networking Sites" section with information about RapLeaf. I also updated the "Mail Headers" section with information on the *nix command line whois and Nirsoft's Windows tools IPNetInfo and WhoIsThisDomain.
05/24/2008	Fed Watch I was curious to see what government agencies might me using my site for training. I also wanted to learn PHP + MySQL a little better, so I wrote this project. It takes my logs and shows all of the hosts names ending in .mil or .gov, and what pages they visited. I obfuscated the first part of the host names, and the last two octets of the IPs so as to not "drop their docs" so to speak.
05/20/2008	Detecting Sniffers Video Updated PurpleJesus from Binrev informed me that my last video was having weird audio issues with some versions of the Flash plugin. I did some Flash-VooDoo and it seems to be ok now. Let me know if there are any problems.
05/20/2008	New Video:Finding Promiscuous Sniffers and ARP Poisoners on your Network with Ettercap Most of you are familiar with using Ettercap for attacking systems, but what about using it to find attackers? This tutorial will cover using Ettercap to find people sniffing on your network. The plug-ins we will be using are search_promisc, arp_cop and scan_poisoner.
05/19/2008	BackTrack Beta 3 Man Pages I've decide to covert the man pages that come with the BackTrack Beta 3 Live CD to HTML and post them to my site. I've just done the ones in /usr/local/man, so expect a few bad links. This will make it easier for me to link to the man pages from my other videos and articles. Tools include in the list are: aircrack-ng, airdecap-ng, airdriver-ng, aireplay-ng, airmon-ng, airodump-ng, airolib-ng, airpwn, airsev-ng, airsnort, airtun-ng, amap, ascii-xfr, atftp, bison, bsqldb, buddy-ng, cabextract, catdoc, catppt, datacopy, dcfldd, decrypt, defncopy, dhcpdump, dmitry, dos2unix, dupemap, easside-ng, etherape, flex, foremost, freebcp, gencases, getattach.pl, hexedit, httpcapture, ike-scan, ivstools, kstats, mac2unix, macchanger, magicrescue, magicsort, makeivs-ng, mboxgrep, minicom, nemesis-arp, nemesis-dns, nemesis-ethernet, nemesis-icmp, nemesis-igmp, nemesis-ip, nemesis-ospf, nemesis-rip, nemesis-tcp, nemesis-udp, nemesis, netcat, nmap, nmapfe, obexftp, obexftpd, p0f, packetforge-ng, psk-crack, rain, runscript, scrollkeeper-config, scrollkeeper-gen-seriesid, sipsak, socat, tcptraceroute, truecrypt, tsql, unicornscan, vomit, wesside-ng, wordview, xls2csv, xminicom, xnmap, gdbm, etter.conf, scrollkeeper.conf, sudoers, scrollkeeper,  80211debug, 80211stats, arpspoof, atftpd, athchans, athctrl, athdebug, athkey, athstats, ath_info, dnsspoof, dnstracer, dsniff, ettercap, ettercap_curses, ettercap_plugins, etterfilter, etterlog, filesnarf, fping, fragroute, fragtest, hping2, hping3, in.tftpd, macof, mailsnarf, msgsnarf, netdiscover, packit, scrollkeeper-preinstall, scrollkeeper-rebuilddb, scrollkeeper-update, sing, sshmitm, sshow, sudo, sudoedit, tcpick, tcpick_italian, tcpkill, tcpnice, tinyproxy, urlsnarf, visudo, webmitm, webspy, wlanconfig Enjoy.
05/14/2008	Physical Security, Locking Picking,  and more: Bloomington Fraternal Order Of LockSport Normally I cover electronic security, but as we all know if someone has physical access to your box they OWN your box. One reason to look into high security locks and lock bypassing is to increase the physical security of your assets my knowing what works and what doesn't. My friend DOSMan gave a presentation recently at Notacon 5 called Lock Picking in the New Frontier - From Mechanical to Electrical Locks you should check out if you are interested in physical security. Also check out the Bloomington FOOL organization if you are interested in Locksport in general.
05/10/2008	New Video: A Brief Intro To Cryptographic Hashes/MD5 A cryptographic hash function takes an input and returns a fixed size string that corresponds to it, called a hash. Cryptographic hashes have a lot of uses, some of which are: detecting data changes, storing or generating passwords, making unique keys in databases and ensuring message integrity. This video will mostly cover detecting file changes, but I hope it gets your mind going in the right direction for how hashes can be used. Specifically covered will be tools for creating MD5 hashes in Windows and Linux.
05/04/2008	Irongeek In Print: Books that mention Irongeek.com I did some looking around and it seems my site is mentioned in a few books. I've decided so start this page to keep track of book references to Irongeek.com. If I'm missing any please let me know, I found these first few via Google Books.
04/30/2008	I've updated my A Quick Intro To Sniffers article to fix a stupid error I made where I mistyped 801.11 instead of 802.11.
04/24/2008	New Video:Text to Speech to MP3 with the freeware program DSpeech This video is on Dspeech, a freeware tool that uses Microsoft's SAPI (Speech Application Programming Interface) to convert text to spoken word. What's special about it is it lets you make an MP3 of the text, so you can listen to it on your computer, in you car or on your MP3 player. It's great for listening to study notes. As an unrelated side note, a friend of mine want's me to mention his humor page on celebrities, politics and gadgets. Hope you enjoy it.
04/18/2008	IGiGLE: Irongeek's WiGLE WiFi Database to Google Earth Client for Wardrive Mapping Updated IGiGLE is a little app I wrote that lets you directly import data from the online WiGLE WiFi Wardrive database into a KML file, then view it in Google Earth.  I've made sure it works with the newest version of Google Earth 4.3, and recompiled it with the newest stable version of Autoit. If you want more details on how to use it, check out my video Wardrive Mapping With IGiGLE And WiGLE.
04/10/2008	Getting Ubuntu Linux to connect to a PPTP Cisco VPN 3000 Concentrator Just a quick notes page to help others that have the same problems I did. By the way, I plan to be at Conglomeration April 18th-20th. While it's not a Hacker/Security con, it's still a fun little Sci-Fi/Fantasy convention with plenty of geeky types running around. Let me know if you're a reader of Irongeek.com and plan to be there.
04/06/2008	Irongeek's Infosec Wargame Servers Explained I updated my post to explain that it was an April 1st joke, and link off to real ways to test your computer security skills. By the way, did anyone decode the QR Code I posted?
04/01/2008	Irongeek's Infosec Wargame Servers I'd like to announce the launch of my own wargame servers for testing out your computer security skills. The host names are: hackme1.irongeek.com hackme2.irongeek.com dosme1.irongeek.com Try out Nmap, Nessus, Metasploit and other tools on these boxes. Please let me know your findings. Thanks to my hosting provider Dreamhost. If you want to know more about Dreamhost check out my review (and coupon codes), they have been pretty good to me.
03/18/2008	New Video:Hardware Keyloggers In Action 2: The KeyLlama 2GB USB Keylogger This video will demonstrate one of the KeyLlama brand of hardware keyloggers in action, specifically the 2GB USB model. I know some of you are getting sick of me talking about hardware keyloggers, so I plan on this being my last entry on them for awhile.
03/14/2008	I've updated the Irongeek Campuses page with a few new schools, please contact me if your university uses my materials for teaching information security. Also, I've started to help out the The Mitzvah Group with their charity work. Check out and join their Myspace page, especially if you live in the Southern Indiana/Louisville Kentucky area.
03/05/2008	Ghost 11 Plugin for Bart's PE Builder (BartPE) I took the on Ghost 8 plugin and modified it a bit to work with Ghost 11.
03/04/2008	Hardware Key Logging Part 3: A Review Of The KeyLlama USB and PS/2 Keyloggers This article is about the KeyLlama brand of hardware keylogger, specifically the 2MB PS/2 model and the 2GB USB model.
02/20/2008	Update:I made a small note at the top of my recent "Encrypting The Windows System Partition With Truecrypt 5.0" video. I used Photorec to do some file carving to see how secure Truecrypt's Windows system partition encryption was. Photorec was only able to recover two files, one ASP/TXT file and one PCX, but on closer examination both were false positives. They just contained seemingly random data, which Photorec mistook as real file headers. Truecrypt seems to do a very good job of securing the data on your system drive. As a side note, if anyone else is using LinkedIn please feel free to add me and give me a recommendation for the work I've done on this site. Who knows, it may help me find a good career opportunity in my area.
02/11/2008	New Video: Encrypting The Windows System Partition With Truecrypt 5.0 Truecrypt 5.0 adds many new features, most importantly Windows system partition encryption. To put it in slightly inaccurate layman's terms, this means encrypting your entire C: drive. Even if you already write your sensitive data to an encrypted space, files are sometimes squirreled away in unencrypted temp space or in the page file where they may be recovered. Using Truecrypt to encrypt your Windows XP system partition will help eliminate this problem.
02/05/2008	New Video:Hardware Keyloggers In Action 1: The KeyLlama 2MB PS/2 Keylogger This video will demonstrate one of the KeyLlama brand of hardware keyloggers in action, specifically the 2MB PS/2 model. I hope this video will give the viewer a better grasp of how these hardware keyloggers work.
01/28/2008	New Video:Encrypting VoIP Traffic With Zfone To Protect Against Wiretapping Some people worry about the easy with which their voice communications may be spied upon. Laws like CALEA have made this simpler in some ways, and with roaming wiretaps even those not under direct investigation may lose their privacy. Phil Zimmermann , creator of PGP, has come up with a project called Zfone which aims to do for VoIP what PGP did for email. Thanks to DOSMan for his help with this video.
01/16/2008	Hacking and Pen-Testing With The Nokia 770/800/810 Notes Updated I've updated my notes with a little more info on the n810 and links to new repositories (thanks to Andrew Lemay.)
01/14/2008	New Video:Using GPG/PGP/FireGPG to Encrypt and Sign Email from Gmail This tutorial will show how to use GPG and the FireGPG plug-in to encrypt and decrypt messages in Gmail. GPG is an open source implementation of OpenPGP (Pretty Good Privacy) , a public-key-encryption system. With public key encryption you don’t have to give away the secret key that decrypts data for people to be able to send you messages. All senders need is the public key which can only be used to encrypt, this way the secret key never has to be sent across unsecured channels.
01/12/2008	Nuclear War Survival Myths I did not write this article, and while it's not about computer security it is about security. My interest in this subject was renewed after watching the TV series Jericho (watch it so it stays on the air). I thought this article was interesting enough to warrant mirroring, and it seems to jive pretty well with what I have read from other authors such as Duncan Long and Cresson H. Kearny on the subject. Please don't think I'm a paranoid, tin-foil-hat wearing freak, but I am a child of the 80's and a fan of post-apocalyptic fiction. Don't worry, my video on PGP/GPG is on its way.
01/07/2008	Personal Privacy Programs Hi all. I've decided it's time to start focusing on software that helps users maintain their privacy. I've already done videos on DBAN, Eraser, CCleaner, TrueCRYPT and Tor. I hope to have one on PGP/GPG/FireGPG up soon. What other must have privacy software do you recommend I cover? Let me know via my contact page, to which I've recently added my OpenPGP key.
	More.........