What's My Pass?

Cracking WPA/WPA2 with Reaver

admin — Tue, 24 Jan 2012 15:57:02 +0000

The WiFi Protected Setup (WPS) protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours, using the open source tool called Reaver. Think your 32 character alpha-numeric password is uncrackable? If your wireless router is using WPS then your router may be spit back your password in plain-text to the attacker in less than 10 hrs. WPS allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. When a user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network. Reaver will determine an access point’s PIN and then extract the PSK and give it to the attacker. When we tested Reaver in our labs we were able to recovery the WPA password in 1.5hrs and the longest run was 7.5hrs

iPhone iOS 4.3.5 vulnerability

admin — Mon, 12 Dec 2011 15:16:49 +0000

iPhone iOS 4.3.5 vulnerability (pin/password bypass to make calls) from Sigtrap.

Turn on the phone.
Slide to unlock.
Press Emergency Call.
Enter a very long phone number.
Press and hold down the Power button.
Wait for one second.
Press the Call button.
The phone will show the “Slide to power off” screen.
Release the Power button.
Press Cancel.
Double press the Home button.
Press the Phone icon.
Make calls.

How secure is your password?

admin — Mon, 28 Nov 2011 18:04:00 +0000

Just head over to the service’s website and enter a password in the form. You do not necessarily have to enter a password that you use actively. You can alternatively enter a comparable password to find out how long it would take to hack your password with a brute force, or maybe a combined dictionary and brute force attack.

http://www.howsecureismypassword.net/

Bypass IPad 2 passcode with a smart cover

admin — Fri, 21 Oct 2011 04:13:55 +0000

Anyone with a Smart Cover can break into your “password-protected” iPad 2. This issue occurs in iOS 5, but we’re hearing uncorroborated reports of it also working in earlier versions of iOS 4.3.

What the flaw allows:

As you can see in the video above, a Smart Cover can essentially unlock an iPad 2. The person who unlocks your iPad 2 will not have complete access to your iPad, but will be able to gain entrance to whatever you locked your iPad 2 on. If your iPad 2 went to sleep in Mail, Safari, Messages, Contacts, or Maps, you can imagine the sorts of personal information that can be viewed on your iPad. If you left your iPad 2 on its Home screen, the person can view which applications you have on your device, control media from the multitasking bar, but not much else.

How to re-create it:

1) Lock a password protected iPad 2

2) Hold down power button until iPad 2 reaches turn off slider

3) Close Smart Cover

4) Open Smart Cover

5) Click cancel on the bottom of the screen

(src:9to5mac.com)

Hard Drive Master Passwords

admin — Sun, 16 Oct 2011 08:13:09 +0000

Here’s a small compilation of passwords. If you have any to add please email us. We also can crack DELL HDD passwords for $10 ::Here::

SEAGATE -> “Seagate” +25 spaces

MAXTOR
series N40P -> “Maxtor INIT SECURITY TEST STEP ” +1 or +2 spaces
series N40P -> “Maxtor INIT SECURITY TEST STEP F”
series 541DX -> “Maxtor” +24 spaces
series Athena (D541X model 2B) and diamondmax80 -> “Maxtor”

WESTERN DIGITAL -> “WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCWD”

FUJITSU -> 32 spaces

SAMSUNG -> “ttttttttttttttttttttttttttttttttt” (32 times t)

IBM
series DTTA -> “CED79IJUFNATIT” +18 spaces
series DJNA -> “VON89IJUFSUNAJ” +18 spaces
series DPTA -> “VON89IJUFSUNAJ” +18 spaces
series DTLA -> “RAM00IJUFOTSELET” +16 spaces
series DADA-26480 (6,4gb) -> “BEF89IJUF__AIDACA” +15 spaces

HITACHI series DK23AA, DK23BA and DK23CA -> 32 spaces

TOSHIBA -> 32 spaces

For xbox hdds try “XBOXSCENE” or “TEAMASSEMBLY” too

There is also some software available to reset the password called MHDD, another suggested program is ATAPWD. A Commercial tool from HDDLock claims to unlock drives and prices vary with drive size.

Password Reset CD

admin — Fri, 07 Oct 2011 14:46:02 +0000

Looks like pcloginnow.com is now offering their password reset CD for free on their site. Click the image to download it.

PCLoginNow is an easy-to-use tool to reset local administrator and other accounts passwords on Windows system. No need to reinstall the system. It resets Windows passwords and Windows security settings instantly. All version of Windows are completely supported.

Aim Recover

admin — Fri, 07 Oct 2011 14:42:46 +0000

Working on a newer version of our AIM password recovery tool. The newer versions of AIM 7.x changed the way they stored the saved passwords. More info to come soon

WarParty

admin — Fri, 07 Oct 2011 14:36:31 +0000

One of my friends is trying to raise money for his own D&D type board game on kickstarter so im trying to give a little plug
http://www.kickstarter.com/projects/1408460255/warparty?ref=live

OS X Lion bugs allow changing local user passwords and viewing shadow files

admin — Tue, 20 Sep 2011 13:55:16 +0000

The latest version of OS X Lion allows any user to easily change the password of any local account, due to permissions oversights on Apple’s part. The news comes less than a month after another Lion vulnerability that let users bypass LDAP without a password gained notoriety.

Originally reported by Defence in Depth blogger Patrick Dunstan, the root of the newly discovered problem in Mac OS X 10.7 is tied to the user-specific shadow files used in modern OS X platforms. These files are essentially hash databases and contain, among other things, the user’s encrypted passwords. Ideally, they should be accessible only via high-privilege accounts.

According to Dunstan, Apple dropped the ball in terms of how Lion handles privilege. “Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data,” Dunstan wrote. “This is accomplished by extracting the data straight from Directory Services.” Any user can accomplish this trick by simply invoking the directory services listing using the /Search/ path — for example, $ dscl localhost -read /Search/Users/bob (where “bob” is the username). This causes Lion OS X to spew out the contents of Bob’s shadow hash file, including data that can be used to crack Bob’s password with a simple script, such as a Python script written by Dunstan.

Source: Info World

Should I change My Password

admin — Mon, 05 Sep 2011 20:43:02 +0000

Recently, hackers hacked into the databases of various public and private organizations (Sony, MySpace, Gawker, PBS, etc) and released millions of user accounts along with associated emails and passwords. Since there are a number of different databases, it is not really viable to check them on your own and see if your account was also leaked.

Should I Change My Password is a useful website that was created to help you easily check if your account was among those released to the public by hackers. The site uses databases released by hackers to check and match your email against the records in those databases. Simply enter your email and click “Check it!”.

If your email is found among the records, you should immediately change your password to protect your account.

Features:

Checks if your password was compromised in recent hacker attacks (in 2011).
Uses a number of databases released by hackers to the public.
Your emails and passwords are not stored in their database.
List of compromised databases posted on the website. See “Sources” at the bottom.
Free, no registration needed. Simply enter your email address to search the records.

Check out ShouldIChangeMyPassword @ www.shouldichangemypassword.com (via Lifehacker)