Darik’s Boot and Nuke
A situation may arise when you want to completely wipe the data from a hard drive. You may be selling or giving someone your old drive, or perhaps you just want to dispose of one in the trash. Other times your Windows installation could be crawling with malware and you want to completely erase it. Maybe you suspect your drive will soon be forcibly confiscated. In these cases you should obviously be concerned about other individuals accessing your files, even the files that you have “deleted”. For times likes these, Ben Rothke makes the case for secure data destruction in his article ‘Why Information Must Be Destroyed’.
When you want to achieve total data destruction on a drive, a tool like Darik’s Boot and Nuke (DBAN) can save the day. Even though physical destruction is the safest bet, utilities like DBAN are the next best choice. According to Wikipedia, DBAN “is designed to securely erase a hard disk until data is permanently removed and no longer recoverable, which is achieved by overwriting the data with pseudorandom numbers generated by Mersenne twister or ISAAC”.
Version 2.2.6 was released in May 2010. DBAN software is available from SourceForge.
Reset Windows passwords with Offline NT Password & Registry Editor
The Offline NT Password & Registry Editor is a small Linux boot disk that you can use to change or delete Windows passwords outside of the Windows OS environment for local accounts. This can be useful if you forget your Windows password or the password belonging to the Administrator account. This utility can enable you to change or delete passwords, but it cannot tell you what the password for an account actually is. As such it is not appropriate to label Offline NT Password & Registry Editor as a ‘password recovery tool’; it’s a password editor, just like the name says.
It is compatible with Windows 3.x, Windows 95/98/ME, Windows NT, Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008.
Please note that the Offline NT Password & Registry Editor (‘Offline’) home page states: “If password is reset on users that have EFS encrypted files, and the system is XP or newer, all encrypted files for that user will be UNREADABLE and cannot be recovered unless you remember the old password again“.
Also note that Offline cannot be used to change or reset Active Directory passwords.
Offline’s versioning is done using release dates. The version used in this tutorial is 110511 (for 11 May 2011).
How to use it
First, download the installation ‘cd******.zip’ file from the website above and extract it locally. Burn the resulting .iso file to a CD-ROM. If you plan to boot to a USB drive, download the ‘usb********.zip’ file and extract its contents to the drive.
Second, insert the CD or USB drive into the computer and reboot it. Before the Windows OS loads (while the manufacturer’s screen is briefly displayed), hit the appropriate key (usually one of the twelve ‘F’ keys) to enter the boot device manager where you can specify a device to boot to (overriding the default device, which is almost always C:\ on the internal hard drive).
Your computer will load the contents of the Offline CD or USB drive. When it is finished you will be prompted as follows.
MTR and WinMTR
MTR (My traceroute; originally Matt’s traceroute) is a free and open source Linux utility that combines the functionality of both traceroute and ping, and as such is a more sophisticated tool (go here to brush up on your knowledge of these two commands). Not only does MTR reveal each hop between your host and a destination (as traceroute does), but it also sends a sequence of ICMP ECHO requests to each hop to determine the quality of the link (like ping). Simultaneously it displays running statistics about each hop. MTR supports both IPv4 and IPv6.
According to MTR’s Wikipedia page, WhatIsMyIP.cc uses MTR on the backend.
The simple command syntax for MTR is mtr [options] [target]. The range of options for MTR is described below.
Colasoft Ping Tool
The free Ping Tool from Colasoft is a graphical interface for the ping command. The Ping Tool issues continuous ping requests to the target you specify and then creates charts to graphically depict the response times.
At the time of writing the latest version available was 1.1, Build 265 (released in Feb. 2008). The autoupdate function (Help -> Check for Latest Version) found no newer version to download.
Colasoft Ping Tool v1.1, Build 265
SoftPerfect Network Scanner
SoftPerfect Network Scanner is one of the most popular free programs in Download.com’s Network Tools category. It offers many features and options for detecting and probing network hosts. It is a portable application (it does not need to be installed; you just double-click netscan.exe to launch it).
The SoftPerfect Network Scanner v5.3.1 main interface
Send spoofed emails with telnet
You can send spoofed emails (i.e., emails with a fake source address) if you can establish a telnet session with an email server. (Before continuing, go here if you need to brush up on your telnet knowledge).
If you don’t know the host name of an email server, you’ll have to find one using a utility like dig or nslookup.
For dig, the command to find email servers for a domain (e.g., hotmail.com) is:
dig @[DNS_server_name_or_IP] hotmail.com MX
The output of this command is as follows:
; <<>> DiG 9.3.2 <<>> @208.67.222.222 hotmail.com MX ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17095 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;hotmail.com. IN MX ;; ANSWER SECTION: hotmail.com. 3600 IN MX 5 mx3.hotmail.com. hotmail.com. 3600 IN MX 5 mx4.hotmail.com. hotmail.com. 3600 IN MX 5 mx1.hotmail.com. hotmail.com. 3600 IN MX 5 mx2.hotmail.com. ;; Query time: 157 msec ;; SERVER: 208.67.222.222#53(208.67.222.222) ;; WHEN: Sat Dec 31 19:28:50 2011 ;; MSG SIZE rcvd: 109
.
As you can see, the four email servers for the domain hotmail.com are mx1.hotmail.com, mx2, etc.
The HBGary Federal Hack
In February 2011, the loosely knit collective of hacktivists known as Anonymous successfully compromised the corporate network of HBGary Federal (HBG Fed), a company that provided information security services to the federal government of the United States. This attack brought down the HBG Fed website, compromised the Twitter and LinkedIn accounts of HBG Fed CEO Aaron Barr, and resulted in the public release of thousands of internal documents and emails.
VS.
Storm brewing – the prelude to the attack
The internal documents disseminated to the public by Anonymous reveal much about the nature of HBG Fed’s business operations before “the incident”. HBG Fed was engaged in several anti-hacker projects that were aimed at disrupting and discouraging Anonymous-style hacktivism. Based on their own internal files, here is a breakdown of HBG Fed’s efforts at fighting Anonymous, similarly motivated Internet activists, and individuals deemed to be antagonistic to their clients.
Read the rest of this entry »
Share this on:
Written by Doug Vitale
January 13, 2012 at 1:55 PM
Posted in Commentary
Tagged with anonymous, HB Gary, HBGary, HBGary Federal, hbgary hack