According to Elcomsoft, a weakness in the way BlackBerry has implemented the apparently secure 256-bit AES encryption in its PC and Mac backup program BlackBerry Desktop Software makes it possible to carry out a successful password recovery attack on the backup archive with relative ease. Using systems running an Intel Core i7 CPU, they were able to break the 7-character unlock codes required to decrypt the files created by RIM’s BlackBerry Desktop software in about 30 minutes.
More: blog.crackpassword.com

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behavior based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack’s features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap’s and many more.

Ncrack can now crack the Remote Desktop Protocol on all Windows versions from XP and above, with the introduction of the RDP module. Users are advised to read http://seclists.org/nmap-dev/2010/q3/450 for cracking Windows XP machines since they can’t handle many concurrent RDP connections.

Download and more info: http://nmap.org/ncrack/

We are now offering BIOS password recovery for HP/Compaq Mini netbooks.
How it works: Enter 3 incorrect passwords, after the third attempt you will be given a 10 character error code (ex: CNU92347K21)

This is the code you need to send along with your laptop model. If you have any questions please emails us before sending payment.

Props to hashcrack.blogspot.com for compiling the most comprehensive wordlist downloads on the web. Copying links here just in case blogspot ever blows up. Additionally head over to skullsecurity.org they have some specialized wordlists from various sources including the hacked RockYou database and a skim of Facebook names/usernames for a total of 14,488,929 distinct passwords to be exact, collected from 32,943,045 users.
(more…)

Russian password cracking software vendor ElcomSoft has recently released a tool which purportedly recovers the passwords stored on the latest iPhone’s without having to modify any data on the phone at all. The “iPhone Password Breaker” software works by recovering the password used to encrypt the keychain which the device uses to store the passwords for email accounts, websites, and software on the phone.

The software, which is aimed at Forensic Investigators, extracts the password from the keychain once it has been backed up to a computer. ElcomSoft has a variety of similar software that works with other file formats and platforms, such as ZIP and RAR file password crackers, Excel and Word, and a number of others. In the words of ElcomSoft:

ElcomSoft is world’s first to  unlock access to iPhone keychains. Prior to the release of the updated iPhone Password Breaker, the keychains were considered impossible to obtain. The ability to recover stored passwords without altering the phone’s content offers valuable court evidence to investigators and forensic authorities.

On previous versions of the iPhones, the keychains remained encrypted with a hardware-specific device key which was unique to each iPhone, even when exported to an external backup, however, since the release of iOS 4, this is no longer necessarily the case, as they can now be stored in backups that are encrypted only with the backup’s master password. If this password is known, it is possible to gain access to these encrypted keychains. If an unencrypted backup is made, though, the keychains are still protected with the phones hardware key, and therefore, to gain access to the keychains, a password-protected backup must first be made (seems counter-intuitive doesn’t it?).

The ElcomSoft iPhone Password Breaker also employs GPU Password Cracking technology to significantly increase the speed of recovery. A trial can be obtained at http://iphone.elcomsoft.com

WPA Cracker is a WiFi security compromiser in the cloud, running on a high-performance cluster. Send them a dump of captured network traffic and $35, and they will try 136 million passwords in 40 minutes, tops (for $17, they’ll run the same attack at half speed) — the same crack would take five days on a “contemporary desktop PC.” They also have an extended, 284 million word dictionary that you can run for $55 in 40 minutes. They’ll also use the same process to crack the passwords on encrypted ZIP archives.

At Defcon 2010 on Thursday, at a specified time, KoreLogic will release a file containing 53,000 password hashes. The file will contain passwords of varying types (such as SHA, SSHA, MD5, DES, Lanman, NTLM, etc.) and will range from being “easy” to extremely difficult to crack. The password file is not simply 53,000 randomly generated passwords which would favor the person or group with the most GPU/CPU bruteforcing horsepower. Instead, the password file contains passwords based on what we believe are challenging patterns. Passwords will be of varying lengths, patterns, and complexity. Creative password cracking techniques, rules, dictionaries, and tools will be needed. The teams who are smart about the methods they use (i.e., teams who can crack more, with less work) will most likely be the most successful.

KoreLogic will be giving away the following prizes for first, second, and third place:

• First Place: $600 (or equivalent item)
• Second Place: $300 (or equivalent item)
• Third Place: $100 (or equivalent item)

More Info: http://www.korelogic.com/defcon_2010-contest.html

WhatsMyPass now introducing BIOS Password Recovery Services!!!
We can recover Dell (2A7B, 595B, A95B or D35B service tag), Sony VAIO PCG & VGN models, Samsung,Fujitsu-Siemens, Hewlett-Packard, Compaq, Phoenix BIOS. You will receive the password within a few hours, sometimes almost instantly. The price is only $10 per password recovered, if we can’t recover it, you get your money back.

For more info and a list of supported computer models visit here:
BIOS Password Recovery Service

Enter Challenge Hash and click “Pay Now”:

We reviewed Kon Boot 1.0 last year HERE which was a great breakthrough program that allowed you to boot into a Windows machine and bypass the logon screen without entering a password. To accomplish this, Kon Boot hooks the bios on the fly subverting the Windows kernel authentication temporarily and allowing you access. Since this is a temporary process the computer is back to normal when you reboot. This allowed you to access the computer without having to take the time to reset the password or crack it, and it left the computer untouched. Now, a year later, Kon Boot v1.1 has been released with new features, such as booting from floppy,CD, or usb, privilege escalation support which allows you to gain SYSTEM privileges from ANY account on the system. For example, you can boot from Kon Boot and log in as Guest and run ‘Net User’ command to add a new user,reset admin passwords etc as SYSTEM

It also has a bunch of new bug fixes/updates.

1. - Added 64-bit environment support
2. - Added USB support tools (grldr, klmemusb)
3. - Added debugging code to make it easier to track down various compatibility problems
4. - Fixed bug in Windows 7 support failures
5. - Removed Linux support
6. - Many performance improvements to source code
7. - Improved BIOS support by reducing code size significantly

Unfortunately it is no longer free. But for a meager price of $15.99 for a personal license, it gives you free updates and support for a period of 6 months. You can still use it without restrictions after that period.
They also offer a commercial license, for $75.99 with 1 year of support and updates, allowing you to use on business environment.
To purchase Kon Boot v1. 1,visit their website http://www.kryptoslogic.com

We are also giving away 10 personal licenses this week to some lucky readers!!! More details to come!!!