pentesting, pci, red team


October 7th, 2011 by admin in Uncategorized

One of my friends is trying to raise money for his own D&D type board game on kickstarter so im trying to give a little plug 🙂

OS X Lion bugs allow changing local user passwords and viewing shadow files

September 20th, 2011 by admin in Apple, cracking, News, Privilege Escalation, Uncategorized

The latest version of OS X Lion allows any user to easily change the password of any local account, due to permissions oversights on Apple’s part. The news comes less than a month after another Lion vulnerability that let users bypass LDAP without a password gained notoriety.

Originally reported by Defence in Depth blogger Patrick Dunstan, the root of the newly discovered problem in Mac OS X 10.7 is tied to the user-specific shadow files used in modern OS X platforms. These files are essentially hash databases and contain, among other things, the user’s encrypted passwords. Ideally, they should be accessible only via high-privilege accounts.

According to Dunstan, Apple dropped the ball in terms of how Lion handles privilege. “Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Dunstan wrote. “This is accomplished by extracting the data straight from Directory Services.” Any user can accomplish this trick by simply invoking the directory services listing using the /Search/ path — for example, $ dscl localhost -read /Search/Users/bob (where “bob” is the username). This causes Lion OS X to spew out the contents of Bob’s shadow hash file, including data that can be used to crack Bob’s password with a simple script, such as a Python script written by Dunstan.

Source: Info World

I need a new ride

April 4th, 2011 by admin in Uncategorized

Ducati Diavel ignition starts with password only, with no key. The password is last 4 of VIN on all models.

The new threat

February 12th, 2011 by admin in Apple, cracking, Linux, Privilege Escalation, Uncategorized, windows

Programmable embedded devices have the capability of being detected as a HID device , just like a keyboard or mouse. So if you have physical access and a minute alone you can compromise a system with something the size of your thumb. The possibilities are endless, HTTP/FTP download, injecting binaries into debug or Powershell etc.. Also this device is cross platform which means Windows,Linux,UNIX and Apple are all vulnerable.

Here’s an example project we made for a Windows7 box that adds a new Admin user to the system and hides that user from the logon screen. the whole process takes about 16 seconds , with most of the time taken by the device being detected as a keyboard and the driver installed. The device costs about $20 and can be found here

Gawker Media Hacked

December 12th, 2010 by admin in News, Uncategorized

Outputted into a 500MB torrent file, currently residing on the popular torrent tracker ThePirateBay is a database dump of about a million or so commenters and staff passwords.

Inside the torrent file lies a file entitled Readme.txt. This file is potentially the most sensitive of them all, for it holds the usernames and passwords used by the entire Gawker staff, focusing particularly on Gawker’s founder Nick Denton.

The usernames and passwords to Denton’s Google Apps, Twitter, Campfire accounts are all listed; Denton uses the same password for them all.

Also some gaming sites ftp passwords were stolen too..
gawker gaming

Though all of the passwords were encrypted,simple ones may be vulnerable to a brute-force attack. You should change your Gawker password and on any other sites on which you’ve used the same passwords.

Passware Kit 10.3 decrypts BitLocker & TrueCrypt after hibernation

December 6th, 2010 by admin in Uncategorized

Passware Kit decrypts hard disks encrypted with BitLocker or TrueCrypt in a matter of minutes if the target computer is running. Now Passware Kit is capable of this instant decryption even for powered-off computers by analyzing a hibernation file (hiberfil.sys).

The software instantly extracts BitLocker and TrueCrypt encryption keys from a hiberfil.sys file, which is created automatically when a system hibernates. This means that if the target computer with a mounted BitLocker or TrueCrypt hard disk has hibernated at least once, Passware Kit will instantly decrypt the hard disk even if the target computer is no longer running.

Password Exploitation Class Videos

August 30th, 2010 by admin in Uncategorized

The Password Exploitation Class was put on as a charity event for the Matthew Shoemaker Memorial Fund . The speakers were Dakykilla, Purehate_ and Irongeek.

Lots of password finding and crack topics were covered. Hashcat, OCLHashcat, Cain, SAMDump2, Nir’s Password Recovery Tools, Password Renew, Backtrack 4 R1, UBCD4Win and much more.


August 23rd, 2010 by admin in Uncategorized


Stupid Joke

February 1st, 2010 by Dev Team in Uncategorized

During a recent password audit, it was found that a blonde was using the following password:


When asked why such a big password, she said (wait for it)….

… that it had to be at least 8 characters long.

Change iPhone’s Root Password After Jailbreaking It

November 8th, 2009 by Dev Team in Uncategorized

If you’re one of the many who are jailbreaking your iPhone to get options such as tethering, make sure you change the root access password once you do.
In addition to your possibly getting Rick-Rolled

Your jailbroken phone could possibly be held for ransom

If you’ve never changed the default device password, now’s the time. Here’s how:

The app to use on the iPhone is called MobileTerminal and it’s available for free in the Cydia store.

Once you have MobileTerminal installed, launch it and you should see a prompt saying this or similar:

iPhoneName: ~ Mobile$

  • At that prompt, type: passwd
  • You’ll be prompted for the ‘old’ (current) password for the mobile user.  Enter this as the old password: alpine
  • You’ll then be prompted to enter the new password – so just type in your desired new password.  Use good password principles if possible (long and stong).  You will not see characters appearing on the screen as you type – that’s normal, not a concern.
  • You’ll then be prompted to re-enter the new password.  Do that.
  • You should then be returned to the Mobile$ prompt that you started on when opening the MobileTerminal app.  There’s no success message to say the password was changed – but if you’re returned to the prompt and do not get an error, the change was successful.  And you’re done with change for the mobile account.
  • The second primary admin account for the iPhone is called root – so now you need to change that as well.
  • Type this to switch to the root user: login root
  • You’ll be prompted for the root user’s current password.  Enter this: alpine
  • Type this to start the password change routine again: passwd
  • Enter the old password for root (it is ‘alpine’, same as for the mobile user) and enter your desired new password twice, just as you did for the mobile account

« Previous ArticleNext Article »