Marine Shot During Craigslist Transaction

A US Marine was shot three times during a robbery attempt at a Craigslist transaction. Lt. Col. Karl Trenker stood in for his fiance when a business transaction went very bad.

It was supposed to end like thousands of other Craigslist sales, except the buyers had other things in mind. When Lt. Col. Trenker presented a gold chain to one of the prospective buyers, he took off with it. Col. Trenker, having none of that, took after him and ended up getting shot three times.

His military experience helped him stay calm and survive, as he actually plugged the bullet holes with his fingers to slow blood flow until help arrived. The thieves were apprehended shortly thereafter.

Lt. Col. Trenker’s fiance was originally going to go to the meeting by herself, thank God that he would not let her go, and went in her place. The Trenker’s are meeting with the CEO of Craigslist to talk about how to make transactions safer in the future.

Please be very careful out there when dealing with unknown people that you meet online. Never go alone, meet in a public place and have a cell phone with you at all times.

Crazy Fast Password Recovery with Hashcat

I have been playing with Hashcat a little bit today and I am just stunned on how fast it is. Hashcat is an all purpose password cracker that can run off of your GPU or your CPU. The GPU version, OCLHashcat-plus is touted as the world’s fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker.

Hashcat is a multi-threaded cracker, so if your CPU can run several threads, it will use them. But the real speed comes into play when using the horsepower of a GPU. If your GPU can run hundreds of threads, all of this power is used to break passwords.

But just how fast is it?

I took just a simple password: “fred” and fed the NTLM password hash into Hashcat. I used just the slower CPU version and the Bruteforce option. The password was recovered as soon as I hit run:

It was so fast, the estimated and elapsed time didn’t even register.

You can also use password dictionaries to use as a guideline for Hashcat. For the next test, I downloaded the “RockYou.txt” password list. This is a list of actual passwords that have been sanitized (usernames removed). I pulled 4 random plain text passwords from RockYou and converted them to Windows NTLM passwords:

elizabeth1 – 6afd63afaebf74211010f02ba62a1b3e
francis123 – 43fccfa6bae3d14b26427c26d00410ef
duodinamico – 27c0555ea55ecfcdba01c022681dda3f
luphu4ever – 9439b142f202437a55f7c52f6fcf82d3

I placed the 4 password hashes into a file called hashes.txt, added in the RockYou plain text password list and fed them into Hashcat:

Hashcat recovered all five passwords in about the same amount of time it took to create the display screen, a second, maybe 2:

Remember that these are the NTLM hashes, not Window’s simpler LM hashes.

Add in the GPU version, advanced rules, attack methods, and Hybrid Masks and you really have a powerful tool to recover almost any password.

Malware Analysis: How to Decode JavaScript Obfuscation

When performing malware analysis one of the techniques the bad guys uses to hide their code is obfuscation. What this means is that the program is hidden or obscured to make malware analysis much more difficult. You didn’t think they would make it easy on you did they?  🙂

I found a good intro to javascript malware analysis and video on the HIR Information Report website. It shows you one method (the Tom Liston Method) on how to take obfuscated code that looks like this:

And decode it so you get the original Javascript, like this:

Excellent article, check it out!

China’s Floating Casino dons Advanced Radar and Defensive Weapons

China’s new Aircraft Carrier, the “Varyag”, was caught in this US Satellite photo while performing sea trials in the Yellow Sea.

According to U.S. Naval War College professor Andrew Erickson, the Aircraft Carrier carries advanced radar and defensive weapons:

“… it already possesses a Dragon Eye phased-array radar, a new point-defense missile system, and a new close-in weapon system. The Dragon Eye can reportedly track up to a hundred targets while engaging fifty simultaneously, detect targets out to sixty-five nautical miles (120 kilometers), and track targets out to 48.6 nautical miles (ninety kilometers).”

The Varyag, originally an unfinished Soviet Union warship was purchased by a Chinese company from the Ukraine, and is China’s first aircraft carrier.

And herein lies the problem, it is not supposed to be an aircraft carrier, but a floating casino!

To get permission to buy the ship from the Ukraine, China had to agree not to use it for their military:

“Not surprisingly, the Ukrainians demanded – and the Chinese acceded to – a clause in the contract stating that the ship wouldn’t be used for military purposes.”

China originally agreed that it would be converted to a civilian floating casino. But after they began refurbishing it, the story changed. It would only be used for training purposes they claimed. Now, it is equipped with their latest radar and weapon systems.

Most likely it will be used as a template for China’s future Aircraft Carriers. And you can rest assured that they will not be sporting roulette tables either.