Need to secure your usb drive?


TrackSomebody.com

Sempai.inFo - 411

illmob.org

NetSPI’s Top Cracked Passwords for 2014

March 2nd, 2015 by admin in cracking

2014-barGraph
NetSPI collected 90,977 domain hashes during their penetration tests this year. Of the collected hashes, 27,785 were duplicates, leaving 63,192 unique hashes. Of the total 90,977 hashes, we were able to crack 77,802 (85.52%). Out of those hashes they calculated the top 10 passwords used.

Here’s nine of the top passwords that we used for guessing during online brute-force attacks:

  • Password1 – 1,446
  • Spring2014 – 219
  • Spring14 – 135
  • Summer2014 – 474
  • Summer14 – 221
  • Fall2014 – 150
  • Autumn14 – 15*
  • Winter2014 – 87
  • Winter14 – 63

*Fall14 is too short for most complexity requirements
Source: https://blog.netspi.com/netspis-top-cracked-passwords-for-2014/

Researcher releases 10 million username and password combinations

February 10th, 2015 by admin in cracking, Life

Security researcher Mark Burnett has released 10,000,000 username/password combos he’s downloaded from well-publicized hacks. https://xato.net/passwords/ten-million-passwords/

 

You can quickly check here: https://rehmann.co/projects/10mil/ (limited to first 25 results)

ATT U-Verse VAP2500 vulns

November 25th, 2014 by admin in Privilege Escalation, Wireless


ATT U-Verse service includes the VAP2500 video access point as part of the installation,. From their guide “The VAP2500 enables you to transmit multiple standard- and high-definition video streams throughout your home wirelessly. You can enjoy a full range of video services and applications without having to run wires, lay cables, or drill holes. The U-verse Wireless Access Point operates only with authorized U-verse Wireless
Receiver(s).”
Apparently it’s full of holes too:

1. Readable plain-text file, admin.conf, which holds the username and md5 encrypted passwords
(defaults are: ATTadmin : 1b12957d189cde9cda68e1587c6cfbdd MD5 : 2500!VaP
super : 71a5ea180dcd392aabe93f11237ba8a9 MD5 : M0torola!
)

2. They use the md5 hash of the username as a cookie for authentication

3. gui suppports command injection

More info: http://goto.fail

similar report: http://www.dslreports.com

GPU Cracking PDFs in 4 hours

November 9th, 2014 by admin in cracking

The hashcat guys have been working on code for oclHashcat guaranteed to crack PDFs within 4 hours. This is for PDF versions 1.1 – 1.3, which uses RC4-40,(v5 and 6 implement 128 bit RC4, v7 128 bit AES and X and later 256 bit AES).

  • Guaranteed to crack every password protected PDF of format v1.1 – v1.3 regardless of the password used
  • All existing documents at once as there’s no more salt involved after the key is computed
  • In less than 4 hours (single GPU)

More info: hashcat forums

Older similar code for john the ripper using cpu https://github.com/kholia/RC4-40-brute-pdf which would take about 2 days

DPAPIck

October 15th, 2014 by admin in Password Info, Uncategorized

DPAPIck is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API). The tool was updated to support Windows versions all the way to 8.1.

list of recoverable secrets are :

  • EFS certificates
  • MSN Messenger credentials
  • Internet Explorer form passwords
  • Outlook passwords
  • Google Talk credentials
  • Google Chrome form passwords
  • Wireless network keys (WEP key and WPA-PMK)
  • Skype credentials

Src: dpapick.com

Chainbreaker

September 21st, 2014 by admin in Uncategorized

Chainbreaker can extract encrypted user credentials in OS X Keychain and decrypt it using one of the Master Key, user password and SystemKey. More detailed information on this ::here::

src: http://forensic.n0fate.com/?page_id=1180

Bypass iPhone lockscreen with Siri

September 21st, 2014 by admin in Uncategorized

Jose Rodriguez was playing around with an iPhone with iOS 8, and quickly discovered what he saw as a bug: Apple’s voice-activated assistant Siri acting like the worst bouncer ever. In iOS 8, he could activate Siri from the homescreen and she would let him circumvent the lockscreen to post to a person’s Facebook page or look at their notes and call history. No passcode necessary. He posted a demonstration on YouTube.

Unlock systems infected by CryptoLocker.

August 6th, 2014 by admin in cracking, News


Researchers have struck back at the operators of the CryptoLocker ransom trojan that has held hundreds of thousands of hard drives hostage, the researchers managed to recover the private encryption keys that CryptoLocker uses to lock victims’ personal computer files until they pay a $300 ransom. Thanks to the security experts, an online portal has been created where victims can get the key for free.

To use the free service, victims must upload one of the files encrypted by CryptoLocker along with the e-mail address where they want the secret key delivered. They will then email you a master decryption key along with a download link to their recovery program that can be used together with the master decryption key to repair all encrypted files on your system.

https://www.decryptcryptolocker.com/

HP Probook/Elitebook BIOS Password Reset [Utility]

July 25th, 2014 by admin in BIOS


There are now 2 versions of the tool created by Mazzif. The Original Windows based system what creates a key based on your input, or the new DOS based tool that gets all parameters automatically. See this [ Post ] for information on the newest release. The windows based solution offers a bit better support for more models, while the DOS tool-set is just easier to use.

[SUPPORTED MODELS]
HP 6550B, HP 2530P, HP 6930P, HP 8530W, HP 8460P, HP 6460B, HP 2230S ,HP 6455B, HP 2730P, HP 8530P, HP 2740P, HP 4310S, HP s4510, HP 6535B, HP 6730B, HP 6735B, HP 8730W, HP 2560P, HP 8560P, HP 8440P, HP 8540W, HP 8560W
If your model is not listed you may experiment with the ‘Make All’ or SHOTGUN.
(more…)

PasswordsCon14

July 22nd, 2014 by admin in News

A hacker conference that’s all about passwords, PIN codes, and digital authentication. Coming August 5 & 6 https://passwordscon.org/

Next Article »