May 22nd, 2015 by admin in Life, News

Adult Friend Finder, the no-strings sex solicitation service that’s familiar to anyone who’s ever visited a porn site, was apparently just the victim of an enormous data breach, exposing millions of people who clicked banner ads hoping to get laid.

The person behind the leak, who goes by ROR[RG], claims he hacked Adult Friend Finder because they owed a friend of his money:

ADULTFRIENDFINDER.COM > this is for owing my guy $247,938.28 BITCH!!!!!!!!!!!

You have been ROOTED ;D

Cuz Itz Pay yo DUEZ or we COMIN 4 U!!!!!!

shout outz to Hell for the bandwidth:

Word to the wise, don’t use your work email address for kinky sex sites. .gov accounts anyone?

PixieWPS – router WPS passwords in seconds

May 4th, 2015 by admin in cracking, Wireless

Pixiewps is a tool used for offline brute forcing of WPS pins. It dramatically speeds up the WPS brute force attack time from what was taking up to 12 hours to a a few seconds by exploiting the low or non-existing entropy of some wireless access points. It’s based on the pixie dust attack, discovered by Dominique Bongard (slides and video). Notes on how to install it are in the video below, if you are using Kali Linux then just apt-get update && apt-get upgrade.

Break open any Master Combo Lock in 8 tries or less

April 28th, 2015 by admin in Life

Crack open any Master combination lock in 8 combinations or less! This online tool and new technique will allow you to learn the combination of any Master combo lock with only eight attempts.

Statistics Will Crack Your Password

April 28th, 2015 by admin in Password Info

Security firm Praetorian analyzed 34 million passwords that were jacked from the LinkedIn, eHarmony and Rockyou breaches, and found that 50% of all the passwords followed 13 basic structures. Over 20 million passwords in the sample have a structure within the top 13 masks. This lack of entropy makes it possible to use statistical analysis to make cracking faster and more effective. Part of the problem is with the websites themselves, as they just require one upper case letter or number. The result is that many sites falsely mark passwords as “strong” that could be cracked in a matter of minutes.


NetSPI’s Top Cracked Passwords for 2014

March 2nd, 2015 by admin in cracking

NetSPI collected 90,977 domain hashes during their penetration tests this year. Of the collected hashes, 27,785 were duplicates, leaving 63,192 unique hashes. Of the total 90,977 hashes, we were able to crack 77,802 (85.52%). Out of those hashes they calculated the top 10 passwords used.

Here’s nine of the top passwords that we used for guessing during online brute-force attacks:

  • Password1 – 1,446
  • Spring2014 – 219
  • Spring14 – 135
  • Summer2014 – 474
  • Summer14 – 221
  • Fall2014 – 150
  • Autumn14 – 15*
  • Winter2014 – 87
  • Winter14 – 63

*Fall14 is too short for most complexity requirements

Researcher releases 10 million username and password combinations

February 10th, 2015 by admin in cracking, Life

Security researcher Mark Burnett has released 10,000,000 username/password combos he’s downloaded from well-publicized hacks.


You can quickly check here: (limited to first 25 results)

ATT U-Verse VAP2500 vulns

November 25th, 2014 by admin in Privilege Escalation, Wireless

ATT U-Verse service includes the VAP2500 video access point as part of the installation,. From their guide “The VAP2500 enables you to transmit multiple standard- and high-definition video streams throughout your home wirelessly. You can enjoy a full range of video services and applications without having to run wires, lay cables, or drill holes. The U-verse Wireless Access Point operates only with authorized U-verse Wireless
Apparently it’s full of holes too:

1. Readable plain-text file, admin.conf, which holds the username and md5 encrypted passwords
(defaults are: ATTadmin : 1b12957d189cde9cda68e1587c6cfbdd MD5 : 2500!VaP
super : 71a5ea180dcd392aabe93f11237ba8a9 MD5 : M0torola!

2. They use the md5 hash of the username as a cookie for authentication

3. gui suppports command injection

More info:

similar report:

GPU Cracking PDFs in 4 hours

November 9th, 2014 by admin in cracking

The hashcat guys have been working on code for oclHashcat guaranteed to crack PDFs within 4 hours. This is for PDF versions 1.1 – 1.3, which uses RC4-40,(v5 and 6 implement 128 bit RC4, v7 128 bit AES and X and later 256 bit AES).

  • Guaranteed to crack every password protected PDF of format v1.1 – v1.3 regardless of the password used
  • All existing documents at once as there’s no more salt involved after the key is computed
  • In less than 4 hours (single GPU)

More info: hashcat forums

Older similar code for john the ripper using cpu which would take about 2 days


October 15th, 2014 by admin in Password Info, Uncategorized

DPAPIck is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API). The tool was updated to support Windows versions all the way to 8.1.

list of recoverable secrets are :

  • EFS certificates
  • MSN Messenger credentials
  • Internet Explorer form passwords
  • Outlook passwords
  • Google Talk credentials
  • Google Chrome form passwords
  • Wireless network keys (WEP key and WPA-PMK)
  • Skype credentials



September 21st, 2014 by admin in Uncategorized

Chainbreaker can extract encrypted user credentials in OS X Keychain and decrypt it using one of the Master Key, user password and SystemKey. More detailed information on this ::here::


Next Article »