TrackSomebody.com

october27thgroup.com pentesting, pci, red team

illmob.org

Kon-Boot Updated for macOS Sierra

September 27th, 2016 by admin in Apple, Privilege Escalation

kon

Kon-Boot has updated to support macOS Sierra systems, allowing you to login into the system without knowing the previous passwords/user names. By virtually modifying the EFI bios and then modifying parts of the kernel. The changes are only made in virtual memory and they disappear after reboot. Kon-Boot allows you to either login into selected account without knowing the password (bypass mode) or it will create new “root” account for you (new-account mode) from which you will be able to change other users passwords as needed.

You can purchase the license here: http://thelead82.com/products-mac.html

Or get the 2in1 version which allows you to bypass Windows XP through 10 passwords as well: http://thelead82.com/products-2in1.html

As a RepairTechnician or Penetration Tester this product is well worth the money for the time you save.

Cracking OpenBSD FDE

August 31st, 2016 by admin in Password Info, Privilege Escalation

Filippo lost his OpenBSD Full Disk Encryption password and is taking the time to figure out a way to extract and bruteforce the password, it’s currently a work in progress but a great way to learn.

Source: https://blog.filippo.io/so-i-lost-my-openbsd-fde-password/

GitHub: https://github.com/FiloSottile/openbsd-fde-crack

Linksys EA6100 Wireless Router Authentication Bypass

December 4th, 2015 by admin in Privilege Escalation

linksys
Multiple CGI scripts in the web-based administrative interface of the Linksys EA6100 – EA6300 Wireless Router allow unauthenticated access to the high-level administrative functions of the device. This vulnerability can be leveraged by an unauthenticated attacker to obtain the router’s administrative password and subsequently arbitrarily configure the device.
More info: https://www.korelogic.com/Resources/Advisories/KL-001-2015-006.txt

Kon-Boot 2.5 released with Windows 10 support

October 12th, 2015 by admin in Apple, Privilege Escalation, windows


Kon-Boot is an application which bypasses the authentication process of Windows and Mac based operating systems. This Kon-Boot version works with both 64-bit and 32-bit Microsoft Windows up to version 10 and Mac OSX Mavericks. Works from a Cd, floppy, or USB. Also supports UEFI based systems.

It also includes special feature which gives you a command prompt with system level privileges at the login screen. Easy to use and excellent for tech repairs, data recovery and security audits. They offer personal and professional licences and well worth the cost. Buy your copy today!

Android 5.x Lockscreen Long Password Bypass

September 16th, 2015 by admin in Android, Privilege Escalation

If you’ve got an Android 5 smartphone with anything but the very latest version of Lollipop on it, it’s best to use a PIN or pattern to secure your lock-screen.

“By manipulating a sufficiently large string in the password field when the camera app is active, an attacker is able to destabilize the lockscreen, causing it to crash to the home screen,” University of Texas researchers said. They published their findings at http://sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/

Below is a demonstration of the attack:

ATT U-Verse VAP2500 vulns

November 25th, 2014 by admin in Privilege Escalation, Wireless


ATT U-Verse service includes the VAP2500 video access point as part of the installation,. From their guide “The VAP2500 enables you to transmit multiple standard- and high-definition video streams throughout your home wirelessly. You can enjoy a full range of video services and applications without having to run wires, lay cables, or drill holes. The U-verse Wireless Access Point operates only with authorized U-verse Wireless
Receiver(s).”
Apparently it’s full of holes too:

1. Readable plain-text file, admin.conf, which holds the username and md5 encrypted passwords
(defaults are: ATTadmin : 1b12957d189cde9cda68e1587c6cfbdd MD5 : 2500!VaP
super : 71a5ea180dcd392aabe93f11237ba8a9 MD5 : M0torola!
)

2. They use the md5 hash of the username as a cookie for authentication

3. gui suppports command injection

More info: http://goto.fail

similar report: http://www.dslreports.com

Offline NT Password & Registry Editor

March 25th, 2014 by admin in cracking, Privilege Escalation, windows

Offline NT Password & Registry Editor, finally got an update last month after a 4 yr hiatus. The new version of this awesome bootdisk includes support for Win8.1 and a working ‘promote user to admin’ feature among other fixes and driver updates.

2 new commandline functions are:
samusrgrp: a command line tool to add users to groups or remove users from groups. Users and groups must be local (cannot be domain / AD). It can also list the groups with their members in several forms, the output can be used in scripts of course. Listing groups will also list domain users that are members of the group (if any), but it will not be able to look up the name, so it will be listed as a SID only.

sampasswd: Password reset from command line (scriptable) Or list users in SAM file in a few different formats.

More information on these new tools ::here::
The bootdisk can be ran from a floppy,CD, or USB and can be Download from http://pogostick.net/~pnh/ntpasswd/

Top 100 Adobe Passwords

November 24th, 2013 by admin in cracking, News, Privilege Escalation


As you may already know Adobe was breached weeks back. This Breach affected roughly 152989508 users. Adobe encrypted the passwords with 3DES in ECB mode, the passwords in this leak are were all encrypted with the same key. Without that key, we cannot crack a single password. Since the key used to encrypt the passwords isn’t known (yet), researchers have been using a guessing technique of the user’s password hint. That’s right, Whilst Adobe encrypted their passwords (even though done poorly), password hints had absolutely no security whatsoever. Matching this information with what we know about the ciphertext thanks to ECB mode, we are able to determine a number of passwords with a reasonable degree of certainty. This list below was compiled by Jeremi Gosney. (more…)

Kon-Boot v2.3 released

November 19th, 2013 by admin in Apple, Privilege Escalation, windows

The best password bypass program out there has been updated. A few bug fixes and support for Windows 8.1. A must have for any computer technician. I use the product almost daily @ my shop. Whenever a customer drops off a Windows computer and doesn’t know their wife’s/kid’s/gf’s password, or I’m doing on-site work and Mary the secretary is on her lunch break and I need to update her locked computer, this is my goto program. It’s better than a password reset because along with that you also destroy other saved passwords for internet explorer, google products, etc that all use the CryptProtectData function along with your logon password to encrypt data.

Watch the video to see how easy it is to use.

And best of all is the price: $15 for personal license & $75 for Commercial license. The time it saves is definitely worth it 10x over.
More information can be found ::HERE::

p.s they also have an Apple Mac version too.

Capturing Windows Logon Credentials

November 3rd, 2013 by admin in cracking, Privilege Escalation, windows


Microsoft GINA technology which stands for Graphical Identification ‘N Authentication is responsible for graphically handling logon requests when events such as CTRL-ALT-DEL are received. Tyler Wrightson finally released his modified GINA stub that silently logs usernames and domains for XP and Win2k. You can dpwnload it ::here::. More information about how GINA works can be found in his excellent blog post.

This will not work for Vista and later Operating Systems, as they have switched to the Credential Provider model. Microsoft claims the reasoning behind this is to make it easier for developers to meet the demands for next generation authentication technologies (like biometrics, two factor and single sign on). Have no fear he also released a version for Vista/7 ::here::. More information can be found in his blog post.

Next Article »