TrackSomebody.com

october27thgroup.com pentesting, pci, red team

illmob.org

Kon-Boot

May 27th, 2019 by admin in Uncategorized

Kon-Boot is a tool that allows accessing target computer without knowing the user’s password. Unlike other solutions Kon-Boot does not reset or modify user’s password and all changes are reverted back to previous state after system restart. It has been on the market since 2009 and the free version was downloaded more than 5,000,000 times.

Kon-Boot is currently the only solution worldwide we are aware of that can bypass Windows 10 online passwords! and works with both Microsoft Windows and Apple OSX macOS operating systems. Kon-Boot has been successfully used by military personnel, law enforcement, IT corporations and professionals, forensics experts, private customers.

The latest versions allow you to run PowerShell scripts on Win8/10 machines with UEFI, allowing to automate information gathering quickly for forensic teams. Along with the Sticky Keys escalation feature, which allows user to spawn a console window with system rights before the user is logged in by pressing shift key 5 times, allows for quick access to system resources without worrying about user level access.

Supported operating systems:

Microsoft Windows systems:
   Microsoft Windows XP (from SP2)
   Microsoft Windows Vista Home Basic 32Bit/64Bit
   Microsoft Windows Vista Home Premium 32Bit/64Bit
   Microsoft Windows Vista Business 32Bit/64Bit
   Microsoft Windows Vista Enterprise 32Bit/64Bi
   Microsoft Windows Server 2003 Standard 32Bit/64Bit
   Microsoft Windows Server 2003 Datacenter 32Bit/64Bit
   Microsoft Windows Server 2003 Enterprise 32Bit/64Bit
   Microsoft Windows Server 2003 Web Edition 32Bit/64Bit
   Microsoft Windows Server 2008 Standard 32Bit/64Bit
   Microsoft Windows Server 2008 Datacenter 32Bit/64Bit
   Microsoft Windows Server 2008 Enterprise 32Bit/64Bit
   Microsoft Windows 7 Home Premium 32Bit/64Bit
   Microsoft Windows 7 Professional 32Bit/64Bit
   Microsoft Windows 7 Ultimate 32Bit/64Bit
   Microsoft Windows 8 and 8.1 all versions (32Bit/64Bit)
   Microsoft Windows 10 all versions (32Bit/64Bit)

Apple OSX / macOS systems:
   Apple OSX 10.7
   Apple OSX 10.8
   Apple OSX 10.9
   Apple OSX 10.10
   Apple OSX 10. 11
   Apple macOS Sierra (10.12)
   Apple macOS High Sierra (10.13)
   Apple macoS Mojave (10.14)

Links:
https://kon-boot.com
http://thelead82.com
https://www.piotrbania.com/all/kon-boot/

 

Tutorials: https://kon-boot.com/docs/
Twitter: https://twitter.com/thelead82

Punishment for most companies

October 2nd, 2017 by admin in Life

Breaking all the Password Managers?

August 13th, 2017 by admin in cracking, Life, News, Password Info

“Elcomsoft Distributed Password Recovery 3.40 now supports four major password manager apps including 1Password, KeePass, LastPass and Dashlane. The tool allows experts attacking a single master password and gaining access to the content of the encrypted vault, exposing any passwords, authentication credentials and other sensitive information (identity documents, credit card data etc.)”

The debate is on going about the legitimacy of the article many saying ElmcomSoft is spreading FUD and cheesy marketing. Open source project, Hashcat, has supported cracking of all the those password managers listed except Dashlane for a while now. The length of time to crack said password managers, if you are using a long enough password or passphrase, would make cracking not feasible. Especially a program such KeePass, the key transformation iteration count would greatly effect the speed of brute force attack.

In the comments of their article one of the developers of 1Password had this to say:

It would still take a number of months/days/years to crack most password managers, the use of password managers can increase overall security by relieving users from having to memorize a number of passwords. So keep on using yours as long as you have a good password/passphrase, keep your computer updated, and dont click shit, you shouldn’t be too worried anytime soon.

Retroactive password policy

April 25th, 2017 by admin in Life, Uncategorized

Sorry your old password isn’t strong enough to change.

source:@PWTooStrong

Weak Password

April 11th, 2017 by admin in Linux

Password Cracking speedup using Ordered Markov Chains

February 25th, 2017 by admin in cracking

Based off this paper resulted in increased cracking accuracy by 22.5% from John the ripper’s Markov and incremental model created a tool that wass flexible enough to perform n-gram and markov chains based password generation using a cracked password list. It works because a large number of users use some part of their email or username or any other detail in their password and if we can first check passwords that start with n grams containing usernames portions, user emails portions etc, then we can intuitively speed up the accuracy and the experiments proved this intuition right. Another reason for increased accuracy was using a training word list from the same category as that of website i.e adult/relationship websites. These two factors were the main cause of the increase in accuracy.

source: http://fsecurify.com/using-ordered-markov-chains-and-user-information-to-speed-up-password-cracking/

data: https://github.com/faizann24/Using-Ordered-Markov-Chains-and-User-Information-to-Speed-up-Password-Cracking

Jesus Saves

January 7th, 2017 by admin in Life

Except when he’s your password…

An analysis of passwords found in the 2009 breach of Rockyou — 32 million accounts — finds a large number of Biblical references (“jesus”,” “heaven”, “faith”, etc), including a number of Bible verse references (“john316”).

Another too-popular choice is “jesus,” or variants like “jesus777” and “jesus143.” Collectively, more than 21,000 people in the breach used the Son of God’s name as a password, making it the 30th most common password overall, a bit behind “tigger” (No. 22) and ahead of “football” (No. 45).

Source: christianitytoday.com

Updated DELL BIOS Recovery

October 29th, 2016 by admin in BIOS

We now can generate master BIOS passwords for  1D3B, 1F66, 6FF1 type DELL computers, Please visit our bios password recovery service page for DELL and other brand BIOS recovery options.

Kon-Boot Updated for macOS Sierra

September 27th, 2016 by admin in Apple, Privilege Escalation

kon

Kon-Boot has updated to support macOS Sierra systems, allowing you to login into the system without knowing the previous passwords/user names. By virtually modifying the EFI bios and then modifying parts of the kernel. The changes are only made in virtual memory and they disappear after reboot. Kon-Boot allows you to either login into selected account without knowing the password (bypass mode) or it will create new “root” account for you (new-account mode) from which you will be able to change other users passwords as needed.

You can purchase the license here: http://thelead82.com/products-mac.html

Or get the 2in1 version which allows you to bypass Windows XP through 10 passwords as well: http://thelead82.com/products-2in1.html

As a RepairTechnician or Penetration Tester this product is well worth the money for the time you save.

Cracking OpenBSD FDE

August 31st, 2016 by admin in Password Info, Privilege Escalation

Filippo lost his OpenBSD Full Disk Encryption password and is taking the time to figure out a way to extract and bruteforce the password, it’s currently a work in progress but a great way to learn.

Source: https://blog.filippo.io/so-i-lost-my-openbsd-fde-password/

GitHub: https://github.com/FiloSottile/openbsd-fde-crack

Next Article »