TrackSomebody.com

october27thgroup.com pentesting, pci, red team

illmob.org

Droid pattern lock bypass

January 12th, 2010 by Dev Team in Google

When your Droid is locked you are asked to input a pattern using onscreen dots before you can access your homescreen. This can be bypassed when the phone has an incoming call, all you have to do is press the “Back” button to get to the emails, contact lists, and other personal info. You have full access to all applications and data; for as long as the incoming call is in progress, and you do not select the “Home” icon. When the call ends, or you select the “Home” icon, the Droid asks you to enter the unlock pattern.

Google Phone Remote Access

November 6th, 2008 by admin in Google, News

This is easy, but you could potentially break everything with an errant rm -r. You need to grab PTerminal, a command line tool, from the Android marketplace. From there, you navigate to your system/bin folder (where the binaries are kept) and type telnetd to launch the telnet program which lets you login to the phone remotely.

Assuming your Wi-Fi is switched on, you can now type netstat to get your IP address. From there, you just grab a computer on the same network and telnet in. You now have root access to the entire file system. This is the dangerous part, the root user, or superuser, is the God of the computer and can do anything, so proceed with care.

Google Clear-Text passwords

October 6th, 2008 by admin in Google, News, Password Info, windows

Chrome stores saves passwords in CLEAR TEXT.

1 ] Go to any site that allows you to sign in ex. webmail.pair.com

2 ] Enter your fake username. Enter a false (incorrect) password

3 ] Allow Chrome to save password ( It will prompt below the address bar)

4 ] Close Chrome

5 ] Locate and change directory using the command prompt to the path below

%:\Documents and Settings\%user name%\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session ( Path might be different in Vista )

6 ] Note that the “Current Session” file needs to be present in your
“\Application Data\Google\Chrome\User Data\Default\” directory

7 ] Type this command in cmd : find “&secret” “Current Session”

8 ] You can see that its stored in clear text.
example:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\C
hrome\User Data\Default>find “&secret” “Current Session”

---------- CURRENT SESSION
login_username=FakeUser&secretkey=FakePass&x=18&y=8B

Need to secure your usb drive? Click Here!

Yahoo, Hotmail, Gmail all vulnerable to password-reset hack

September 22nd, 2008 by admin in Google, News, Password Info, Yahoo

How can you prevent a Palin webmail hack from happening to you? The short answer: you can’t.

Yahoo has no immediate plans to overhaul its e-mail security procedures after a hacker last week gained access to Sarah Palin’s private Yahoo Mail account, the company said Monday. Instead, it is reviewing security processes on an industry-wide basis.

Yahoo Mail isn’t the only Web-based mail service that could be duped into giving up someone else’s account password, the tactic that some have argued was used to break into Gov. Sarah Palin’s e-mail earlier this week.

Google Inc.’s Gmail, Microsoft Corp.’s Windows Live Hotmail and Yahoo Inc.’s Mail all rely on automated password-reset mechanisms that can be abused by anyone who knows the username associated with an account and an answer to a single security question, according to quick tests run by Computerworld.
(more…)