Top 10 YouTube hacking videos

Hacking for fun, profit and to meet women. My favorite YouTube hacker videos range from the humorous to the downright frightening. Some of them demonstrate live hacks, while others demonstrate the use of hacker tools. I find that for learning, there is no better substitute for actually watching hackers in action (except for doing it yourself, which I am not advocating).

Hitler's PC gets hacked

I thought I'd kick things off with some humor, and this video had me ROFLMAO. It's a spoof of Hitler ranting after his Windows Me PC is hacked and he loses all his data, including his puppy pics. It is best watched in full screen mode.

Tiger Team videos

I am a huge fan of ex-Navy Seal Dick Marcinko, whose first book, Rogue Warrior, is the true story of how he started Seal Team Six and Red Cell, a group of hand-selected Navy Seals who were tasked with testing the security of U.S. military bases. In other words, they were a Tiger Team. Marcinko's books are a non-stop adrenaline rush! So you can imagine my excitement when I heard about a reality TV show called Tiger Team that features civilian security experts hired by businesses to test their security. The team is composed of Chris Nickerson, Luke McOmie and Ryan Jones -- names you probably know if you attend DefCon. The TV show only had two pilot episodes, but they are awesome! We need to get a grassroots effort started to insist they make more.

There is no embed code for this show that I can use in this blog, but you can view some videos on the Tiger Team site.

Hacking RFID touch-less credit cards

Credit cards with RFID chips -- such as the American Express Blue card -- are showing up in more wallets these days. I plan to write a full article on hacking RFID credit cards later this month, but to give you a small taste of the danger, check out this video. It shows how, with $8, you can create an RFID credit card scanner that you can use to steal card data from someone just by being near them. The decryption, not shown on the video, is easily done on the hacker's laptop due to the weak encryption method(s) used. This is not fake stuff.

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/vmajlKJlT3U&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/vmajlKJlT3U&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

Hacking virtual machines

There is one security researcher who knows more about virtual machine security than anyone else on the planet: Joanna Rutkowska. For several years now Rutkowska and her team have been hacking virtual machines, creating exploits, uncovering vulnerabilities and reporting most of their finding to the security community. Rutkowska is a frequent speaker at security conferences and I saw her last year at BlackHat where she gave three separate talks on VM security. It was awesome, knock-your-socks-off stuff -- the kind that makes the hair on the back of your neck stand up and causes involuntary outbursts of "OMG!" and "Oh sh*t!" Check out her interview from BlackHat '09.

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/zjwe5RvVrA0&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/zjwe5RvVrA0&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

MS08-068 exploit

This video shows how to exploit the Microsoft Windows SMB protocol to gain complete access to an XP box with Service Pack 3 installed. Microsoft announced this vulnerability in its November 2008 bulletin. Microsoft only listed it as "important" though and not "critical." Hmmm... I guess pwn'ing its boxes is not such a big deal to Microsoft anymore. Doh!

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/AEj1KVuXv2g&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/AEj1KVuXv2g&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

Texting a message to all the women in a bar

Max Cornelisse created quite an Internet buzz when he released his spectacular attack videos. He shows how he can perform a broadcast text to all the women in a bar, how he can hack digital highway traffic signs and how he can change train station screens with a Nokia N95 cell phone. The videos are awesome and leave you with that "Man, I wish I could do that" feeling.

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/nku1w-DQhHU&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/nku1w-DQhHU&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

Hacking WEP in 7 minutes with no clients

Typically when people talk about hacking WEP keys they talk about sniffing and collecting a bunch of encrypted data packets from the air and then using their weak initialization vectors (IV) to get the key. This hack usually involves capturing between 25,000 to 50,000 packets in order to get enough data to crack the key. But what if you don't have any clients connected to the AP you're trying to crack? This video shows you how to create your own traffic that you can use to gather IVs and crack the key. This is by no means a new attack, but it's a good video demo nonetheless and I still have customers that use WEP!

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/kcoKE-KDg8E&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/kcoKE-KDg8E&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

Hacking WPA/WPA2 PSK in 7 minute

The previous video was about hacking WEP. Now the target is a WPA or WPA2 pre-shared key network. The attack works exactly the same way for WPA2 as it does for WPA. In a nutshell, this is a brute-force dictionary attack against the key. It works by collecting packets, particularly the four-way handshake session establishment packets. Then you run those packets through an offline cracking tool like Aircrack-ng. The hack only works if your dictionary contains the exact passphrase used on the wireless. To defend against this, use a passphrase that is at least 20 characters and is random, and change the key periodically.

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/Ej52mNHs49A&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/Ej52mNHs49A&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

Extend your trial period

Ever wish you could extend that free trial period for shareware and evaluation software that is time-bombed? Well, your wait is over. This video shows a cool Windows utility/hack that allows you to run a program in the date and time you specify. Runasdate will not change your system time, but rather injects a new system time into the programs you specify. It works on any software that tries to use the local system time. For programs that keep time themselves or use external clocks, you're out of luck. Runasdate works on Windows 32bit programs only and is freeware.

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/Bva2ZWqBRXw&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/Bva2ZWqBRXw&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

EBay XSS hack attack

Over the years eBay has been a major target for hackers and there have been many different successful attacks against it. This video is one example of such an attack, a cross-site scripting attack. This attack type really started in earnest last year when eBay sellers started boycotting the site for changes it made to its policies.

<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/Ui0MOD9dYok&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/Ui0MOD9dYok&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>

What are your favorite hacking videos?

That rounds out my top hacking videos on YouTube. If you have any others you like, please post 'em.

The opinions and information presented here are my personal views and not those of my employer.
More from Jamey Heary: Credit Card Skimming: How thieves can steal your card info without you knowing it Cisco enters the crowded AV and DLP client marketCisco's new ASA code allows you to securely take your Cisco IP Phone with you anywhereCisco targets Symantec, McAfee with its new antivirus client Google's Chrome raises security concerns and tastes like chicken feet a>Go to Jamey’s Blog for more articles on security.

*

*

*

*

*

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.