L0phtCrack was one of the original and greatest hacking and auditing tools of the 90's, essentially creating the modern LM/NTLM password auditing landscape. L0pht Heavy Industries - the creators of the tool - were instrumental in raising awareness of both the ease of cracking passwords as well the obviousness of how poorly people choose passwords.
It’s a common scenario: you’re on the road – in an airport, at a hotel, at a coffee shop, at a hacker con – any number of locations and you need access to the Internet. There is generally WiFi at all of these locations. Some charge, some are free, but nearly all of them are insecure. Most people are at least somewhat aware of the insecurities of using a public wireless network to do sensitive things like online banking, checking their email, playing Farmville on Facebook and other important things. The recent release of tools such as Firesheep has finally brought some real-world impact to what security geeks have been saying forever: don’t do important things on insecure wireless networks or you’re gonna get rocked.
So what do you do when you’re on the road and need to access critical web-based services? If your company has VPN access in place, then use that. Otherwise do what we do. Use a dynamic SSH tunnel to pipe all your traffic securely out of the wireless network and safely to its destination.
All you need in order to rig this up is SSH access to a Linux server somewhere on the interwebs and a few minutes to configure your browser.
First establish an SSH connection to your server using this string
ssh [email protected] -p 22 -D8080
Where user is the username of your account on the remote box, host is the hostname or IP address of your server, -p is the port it listens on (22/tcp by default) and -D8080 is the port you’re opening the dynamic tunnel on.
This opens up a local SOCKS proxy on your machine that you can then pass any program that supports SOCKS proxying through. In this case we’re gonna toss Firefox through it.
Now open up the proxy settings of your browser. In Firefox navigate to Edit>Preferences>Advanced>Network>Settings. From there check the ‘Manual proxy configurations’ radio button and enter ‘localhost’ for SOCKS Host and ‘8080’ for Port, like below
Now visit a site like ipgoat.com (my favorite IP checking site) to verify that your browser is actually being passed thru the tunnel. The IP should show up as the server you’ve connected thru, not the IP of the wireless network you’re connected to.
That’s it. If you’ve set things up properly you can now surf fairly securely without fear of being trivially hijacked by some random script kiddie with too much time on their hands.
A few additional things you can do to make it easier and safer:
Install the Multiproxy Switch add-on to make switching between tunneled and non-tunneled modes with a few clicks.
Tunnel your DNS queries thru the tunnel as well to prevent DNS hijacking attacks. To do this type ‘about:config’ into the browser bar of Firefox. Then type ‘dns’ into the filter bar and set the ‘network.proxy.socks_remote_dns’ value to true.
I use this technique all the time when on insecure, unfamiliar, or hostile networks. I’ve survived browsing the Internet from the Defcon network which is considered to be the Worlds Most Hostile Network (having a patched and locked down box is obviously required here as well).