Ncrack can now crack the Remote Desktop Protocol on all Windows versions from XP and above, with the introduction of the RDP module. Users are advised to read http://seclists.org/nmap-dev/2010/q3/450 for cracking Windows XP machines since they can’t handle many concurrent RDP connections.

Download and more info: http://nmap.org/ncrack/

A backdoor vulnerability in a Time Warner cable modem and Wi-Fi router deployed to 65,000 customers would allow a hacker to remotely access the device’s administrative menu over the web, and potentially change the settings to intercept traffic, according to a blogger who discovered the issue.
David Chen, said he was trying to help a friend change the settings on his cable modem and discovered that Time Warner had hidden administrative functions from its customers with Javascript code. By disabling Javascript in his browser, he was able to see those functions, which included a tool to dump the router’s config file.

That file, it turned out, included the administrative login and password in cleartext. Chen investigated and found the same login and password could access the admin panels for every router in the SMC8014 series on Time Warner’s network , given that the routers also expose their web interfaces to the internet.

Src: chenosaurus.com

GPU-Accelerated Wi-Fi Password Recovery

The latest generation of ElcomSoft’s proprietary GPU acceleration
technology supports, for the first time, both ATI and NVIDIA hardware. The
technology offloads parts of computational-heavy processing onto the fast and
highly scalable processors featured in the latest ATI and NVIDIA boards. When
one or more compatible ATI or NVIDIA graphics cards are present, the
patent-pending GPU acceleration technology kicks in automatically.

This time, ElcomSoft has used the technology to accelerate the recovery
of WPA/WPA2 PSK passwords, allowing network administrators to perform timed
attacks on their wireless networks in order to determine how secure exactly
their networks are. Considering WPA/WPA2 strong security with the minimum
password length of 8 characters, Elcomsoft Wireless Security Auditor employs
the highest-performance dictionary-attack with advanced mutations to allow
carrying out a password audit within a limited timeframe.
For more information visit: http://ewsa.elcomsoft.com

The default password that should work for most of the Symantec uninstallation is “symantec“. Duh.

If the default password doesn’t work do this:
1) Go to Start -> Run and type regedit

2) Navigate to: 

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\

3) Double click on the value name “UseVPUninstallPassword” and change the value from 1 to 0

4) Close the registry and retry the uninstall.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.

To do this, Tews and his co-researcher Martin Beck found a way to break the Temporal Key Integrity Protocol (TKIP) key, used by WPA, in a relatively short amount of time: 12 to 15 minutes, according to Dragos Ruiu, the PacSec conference’s organizer.

They have not, however, managed to crack the encryption keys used to secure data that goes from the PC to the router in this particular attack

Security experts had known that TKIP could be cracked using what’s known as a dictionary attack. Using massive computational resources, the attacker essentially cracks the encryption by making an extremely large number of educated guesses as to what key is being used to secure the wireless data.

The work of Tews and Beck does not involve a dictionary attack, however.

To pull off their trick, the researchers first discovered a way to trick a WPA router into sending them large amounts of data. This makes cracking the key easier, but this technique is also combined with a “mathematical breakthrough,” that lets them crack WPA much more quickly than any previous attempt, Ruiu said.

Tews is planning to publish the cryptographic work in an academic journal in the coming months, Ruiu said. Some of the code used in the attack was quietly added to Beck’s Aircrack-ng Wi-Fi encryption hacking tool two weeks ago, he added.

WPA is widely used on today’s Wi-Fi networks and is considered a better alternative to the original WEP (Wired Equivalent Privacy) standard, which was developed in the late 1990s. Soon after the development of WEP, however, hackers found a way to break its encryption and it is now considered insecure by most security professionals. Store chain T.J. Maxx was in the process of upgrading from WEP to WPA encryption when it experienced one of the most widely publicized data breaches in U.S. history, in which hundreds of millions of credit card numbers were stolen over a two-year period.

A new wireless standard known as WPA2 is considered safe from the attack developed by Tews and Beck, but many WPA2 routers also support WPA.

“Everybody has been saying, ‘Go to WPA because WEP is broken,’” Ruiu said. “This is a break in WPA.”

If WPA is significantly compromised, it would be a big blow for enterprise customers who have been increasingly adopting it, said Sri Sundaralingam, vice president of product management with wireless network security vendor AirTight Networks. Although customers can adopt Wi-Fi technology such as WPA2 or virtual private network software that will protect them from this attack, there are still may devices that connect to the network using WPA, or even the thoroughly cracked WEP standard, he said.

Ruiu expects a lot more WPA research to follow this work. “Its just the starting point,” he said. “Erik and Martin have just opened the box on a whole new hacker playground.”

Open up System Preferences –> Network –> Airport –> Configure…:

Pick the network you need and click on the little “EDIT” button and a new window pops up with specific information on this network:

Click on the “Show Password” checkbox, and ….

The password is shown in hex but dont worry it’ll still work when you paste it into your new WIFI profile if you choose to create one.

I’d overestimated how much of an impact this could make on the security of a wireless network.  I thought Elcomsoft might have come up with a viable attack against WPA, but in reality, this is just a marketing gimmick.  No one’s going to devote 5+ years of computing power to hack a wireless network; first of all the information will probably be obsolete in that time frame, second, no one’s going to keep the same wireless network equipment and passwords for five years.  At least I hope they won’t.

There are any number of easier, quicker ways to break into a network than trying to brute force the WPA passphrase, everything from social engineering to just breaking in and stealing the servers.  Cracking the WPA will probably become easier as time goes by, but for now WPA is still a viable way to secure your wireless.  Unless you’re doing something stupid like using dictionary words in your passphrase.

Via: mckeay.net