What's My Pass?

Password Exploitation Class Videos

admin — Tue, 31 Aug 2010 02:47:46 +0000

The Password Exploitation Class was put on as a charity event for the Matthew Shoemaker Memorial Fund . The speakers were Dakykilla, Purehate_ and Irongeek.

Lots of password finding and crack topics were covered. Hashcat, OCLHashcat, Cain, SAMDump2, Nir’s Password Recovery Tools, Password Renew, Backtrack 4 R1, UBCD4Win and much more.

Part 1: Topics include: Why exploit local passwords?, Scenario:Imaged Systems, Grabbing local passwords, Hash Examples, Great Resources, Platforms Used: Ubuntu, Backtrack, UBCD4Win, Windows Profile, Windows System Trifecta, Anti-Virus Pains, Getting an account/changing an account password, hash insertion, Sala’s Password Renew, Keyloggers, Boot CD demos, SAMDump2, Browser Passwords, IE, Firefox Etc., PSPV, PasswordFox, IE Passview, ChromePass, RDP and VNC password grabbing, Instant Messaging, Stupid Web Apps rant, AOA: Any Old Asterisks (stuff hidden by Asterisks), Network Shares stored passwords, Outlook PST password cracking and hash collision example, Wireless profile passwords, WirelessKeyView, Sniffing them off the wire with Wireshard and Cain.
Download Class 1

Part 2: The best single video out there for showing Hashcat and OCLHashcat. Lots of info about using Hashcat/OCLHashcat, its advantages, and the power of a video card to boost cracking speed.
Download Class 2

Part 3: Windows LM and NTLM hash cracking, Time Memory Tradeoffs, SAM Cracking Prevention, Linux/Unix passwd and shadow files, Parts of a *nix hash, Windows Cached Domain Credentials, Problems with Windows 7, Cracking Creds Countered, Finding where Unknown Apps store passwords, System Process Monitoring, RegFromApp, ProcessActivityView, Procmon (Process Monitor), finding the hash type, Other Weird Vectors, Inverse Bruteforce, Look in the logs for passwords, upcoming events.
Download Class 3

Compilation of wordlist downloads

admin — Tue, 31 Aug 2010 02:13:14 +0000

Props to hashcrack.blogspot.com for compiling the most comprehensive wordlist downloads on the web. Copying links here just in case blogspot ever blows up. Additionally head over to skullsecurity.org they have some specialized wordlists from various sources including the hacked RockYou database and a skim of Facebook names/usernames for a total of 14,488,929 distinct passwords to be exact, collected from 32,943,045 users.

HashKiller
InsidePro
APassCracker
Openwall
ftp.ox.ac.uk
GDataOnline
Cerias.Purdue
Outpost9
VulnerabilityAssessment
PacketStormSecurity
ai.uga.edu-moby
cotse1
cotse2
VXChaos
Wikipedia-wordlist-Sraveau
CrackLib-words
SkullSecurity
Rapidshare-Wordlist.rar
Packetstorm_dic_john_1337
Megaupload-birthdates.rar
Megaupload-default-001.rar
Megaupload-BIG-WPA-LIST-1.rar
Megaupload-BIG-WPA-LIST-2.rar
Megaupload-BIG-WPA-LIST-3.rar
WPA-PSK-WORDLIST-40-MB-rar
WPA-PSK-WORDLIST-2-107-MB-rar
Article7
Rapidshare-Bender-ILLIST
Milw0rm
Rohitab
DualisaNoob
Naxxatoe-dict-total-new-unsorted
DiabloHorn-wordlists-sorted
Bright-Shadows
MIT.edu/~ecprice
NeutronSite
ArtofHacking
CS.Princeton
Spacebar
textfiles-suzybatari2
labs.mininova-wordmatch
BellSouthpwp
Doz.org.uk
ics.uci.edu/~kay
inf.unideb.hu/~jeszy
openDS
sslmit.unibo.it/~dsmiraglio
informatik.uni-leipzig-vn_words.zip
cis.hut.fi
Wordlist.sf.cz
john.cs.olemiss.edu/~sbs
Void.Cyberpunk
CoyoteCult
aima.eecs.berkeley.edu
andre.facadecomputer
aurora.rg.iupui.edu/~schadow
cs.bilkent.edu.tr/~ccelik
broncgeeks.billings.k12.mt.us/vlong
IHTeam
Leetupload-Word Lists
Offensive-Security WPA Rainbow Tables Password List
depositfiles/1z1ipsqi3
MD5Decrypter/Passwords
depositfiles/qdcs7nv7x
ftp.fu-berlin.de
Rapidshare.com/Wordlist.rar
Rapidshare.com/Password.zip
Megaupload/V0X4Y9NE
Megaupload/0UAUNNGT
Megaupload/1UA8QMCN
md5.Hamaney/happybirthdaytoeq.txt
sites.Google.com/ReusableSec
Megaupload.com/SNK18CU0
Hotfile.com/Wordlists-20031009-iso.zip
Rapidshare.com/Wordlist_do_h4tinho.zip
Rapidshare.com/pass50.rar
sweon.net/wordlists
Skullsecurity.org/fbdata.torrent

Leetupload.com/WordLists
Passwords: to0l-base, zmetex, mrdel2000

Rapidshare.com/BIG_PASSWORD_LIST.rar
Pass:bodyslamer@warezshares.com

Rapidshare.com/dictionaries-vince213333.part01.rar
Rapidshare.com/dictionaries-vince213333.part02.rar
Rapidshare.com/dictionaries-vince213333.part03.rar

Rapidshare.com/Wordlist_Compilation.part1.rar
Rapidshare.com/Wordlist_Compilation.part2.rar
Rapidshare.com/Wordlist_Compilation.part3.rar
Rapidshare.com/Wordlist_Compilation.part4.rar

Rapidshare.com-word.lst.s.u.john.s.u.200.part01.rar
Rapidshare.com-word.lst.s.u.john.s.u.200.part02.rar
Rapidshare.com-word.lst.s.u.john.s.u.200.part03.rar

Rapidshare-Purehates_word_list.part1.rar
Rapidshare-Purehates_word_list.part2.rar
Rapidshare-Purehates_word_list.part3.rar
Rapidshare-Purehates_word_list.part4.rar
Rapidshare-Purehates_word_list.part5.rar

Rapidshare-_Xploitz_-_Master_Password_Collection.part1.rar
Rapidshare-_Xploitz_-_Master_Password_Collection.part2.rar
Rapidshare-_Xploitz_-_Master_Password_Collection.part3.rar
Rapidshare-_Xploitz_-_Master_Password_Collection.part4.rar
Rapidshare-_Xploitz_-_Master_Password_Collection.part5.rarr
Rapidshare-_Xploitz_-_Master_Password_Collection.part6.rarr
Rapidshare-_Xploitz_-_Master_Password_Collection.part7.rar
Pass: http://forums.remote-exploit.org/

Rapidshare-_Xploitz_-_PASSWORD_DVD.part01.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part02.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part03.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part04.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part05.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part06.rar
Rapidshare-_Xploitz_-_PASSWORD_DVD.part07.rar
Pass: http://forums.remote-exploit.org/

Gand0phtCrack

admin — Mon, 23 Aug 2010 13:56:36 +0000

Change your password with sticky keys

admin — Wed, 18 Aug 2010 22:56:36 +0000

Forgot the administrator password? There are many ways to access a Windows installation if you forgot the administrator password. Today I’ll show you another procedure to reset the Windows password by replacing the Sticky Keys application. This program allows you to use the function keys SHIFT, CTRL, ALT, or the Windows key by typing one key after the other instead of pressing them simultaneously with the second key. The main advantage of this password reset method is that you don’t need third-party software; another plus is that it is easy to carry out because no Registry hack is required, as when you offline enable the built-in administrator.

Please note that resetting the password from an account other than the corresponding user account always means that the user loses the credentials stored in the Windows Vault, stored Internet Explorer passwords, and files that you encrypted with the Encrypting File System (EFS). Of course, if you have a backup of these credentials, you can restore them; likewise, if you have exported the private EFS key, you can import it again after you have reset the password.

Like with all other solutions that allow you to reset the Windows password without having an account on the corresponding computer, you have to boot from a second operating system and access the Windows installation while it is offline.

You can do this with a bootable Windows PE USB stick or by using Windows RE. You can start Windows RE by booting the Windows Vista or Windows 7 setup DVD and then selecting “Repair” instead of “Install Windows.”

By the way, you can’t use the Windows XP boot CD for this purpose because its Recovery Console will ask for a password for the offline installation. However, you can use a Vista or Windows 7 DVD to reset a forgotten Windows administrator password on Windows XP.

This works because Windows RE, which is based on Vista or Windows 7, will let you launch a command prompt with access to an offline installation without requiring a password.

To reset a forgotten administrator password, follow these steps:

Boot from Windows PE or Windows RE and access the command prompt.
Find the drive letter of the partition where Windows is installed. In Vista and Windows XP, it is usually C:, in Windows 7, it is D: in most cases because the first partition contains Startup Repair. To find the drive letter, type C: (or D:, respectively) and search for the Windows folder. Note that Windows PE (RE) usually resides on X:.
Type the following command (replace “c:” with the correct drive letter if Windows is not located on C:):
copy c:\windows\system32\sethc.exe c:\
This creates a copy of sethc.exe to restore later.
Type this command to replace sethc.exe with cmd.exe:
copy /y c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
Reboot your computer and start the Windows installation where you forgot the administrator password.
After you see the logon screen, press the SHIFT key five times.
You should see a command prompt where you can enter the following command to reset the Windows password (see screenshot above):
net user you_user_name new_password
If you don’t know your user name, just type net user to list the available user names.
You can now log on with the new password.

I recommend that you replace sethc.exe with the copy you stored in the root folder of your system drive in step 3. For this, you have to boot up again with Windows PE or RE because you can’t replace system files while the Windows installation is online.

Via: 4sysops.com

iPhone Password Cracker

admin — Fri, 06 Aug 2010 14:45:16 +0000

Russian password cracking software vendor ElcomSoft has recently released a tool which purportedly recovers the passwords stored on the latest iPhone’s without having to modify any data on the phone at all. The “iPhone Password Breaker” software works by recovering the password used to encrypt the keychain which the device uses to store the passwords for email accounts, websites, and software on the phone.

The software, which is aimed at Forensic Investigators, extracts the password from the keychain once it has been backed up to a computer. ElcomSoft has a variety of similar software that works with other file formats and platforms, such as ZIP and RAR file password crackers, Excel and Word, and a number of others. In the words of ElcomSoft:

ElcomSoft is world’s first to unlock access to iPhone keychains. Prior to the release of the updated iPhone Password Breaker, the keychains were considered impossible to obtain. The ability to recover stored passwords without altering the phone’s content offers valuable court evidence to investigators and forensic authorities.

On previous versions of the iPhones, the keychains remained encrypted with a hardware-specific device key which was unique to each iPhone, even when exported to an external backup, however, since the release of iOS 4, this is no longer necessarily the case, as they can now be stored in backups that are encrypted only with the backup’s master password. If this password is known, it is possible to gain access to these encrypted keychains. If an unencrypted backup is made, though, the keychains are still protected with the phones hardware key, and therefore, to gain access to the keychains, a password-protected backup must first be made (seems counter-intuitive doesn’t it?).

The ElcomSoft iPhone Password Breaker also employs GPU Password Cracking technology to significantly increase the speed of recovery. A trial can be obtained at http://iphone.elcomsoft.com

WPA Cracking in the cloud

admin — Wed, 28 Jul 2010 13:57:50 +0000

WPA Cracker is a WiFi security compromiser in the cloud, running on a high-performance cluster. Send them a dump of captured network traffic and $35, and they will try 136 million passwords in 40 minutes, tops (for $17, they’ll run the same attack at half speed) — the same crack would take five days on a “contemporary desktop PC.” They also have an extended, 284 million word dictionary that you can run for $55 in 40 minutes. They’ll also use the same process to crack the passwords on encrypted ZIP archives.

Crack Me If You Can – DEFCON 2010

admin — Fri, 18 Jun 2010 17:53:40 +0000

At Defcon 2010 on Thursday, at a specified time, KoreLogic will release a file containing 53,000 password hashes. The file will contain passwords of varying types (such as SHA, SSHA, MD5, DES, Lanman, NTLM, etc.) and will range from being “easy” to extremely difficult to crack. The password file is not simply 53,000 randomly generated passwords which would favor the person or group with the most GPU/CPU bruteforcing horsepower. Instead, the password file contains passwords based on what we believe are challenging patterns. Passwords will be of varying lengths, patterns, and complexity. Creative password cracking techniques, rules, dictionaries, and tools will be needed. The teams who are smart about the methods they use (i.e., teams who can crack more, with less work) will most likely be the most successful.

KoreLogic will be giving away the following prizes for first, second, and third place:

First Place: $600 (or equivalent item)
Second Place: $300 (or equivalent item)
Third Place: $100 (or equivalent item)

More Info: http://www.korelogic.com/defcon_2010-contest.html

Kon Boot Kontest

admin — Mon, 31 May 2010 22:11:16 +0000

Well we finally had enough time away from the lab to get around to the Kontest for the free Kon Boot license. The contest will be to write an article for our site on a password tool of your choice, it has to be a tool we haven’t covered already (but not an obscure tool that is only useful to a handful of people and no Nirsoft tools :p ). It can be a recovery tool, cracker, exploit etc… it doesnt have to be a long article, just as long as your covering the basics of how to use the tool and maybe some examples. The contest will end next Monday so get those articles in to . 10 lucky winners will receive the licenses shortly afterwards

BIOS Password Recovery

admin — Mon, 31 May 2010 02:41:16 +0000

WhatsMyPass now introducing BIOS Password Recovery Services!!!
We can recover Dell (2A7B, 595B, A95B or D35B service tag), Sony VAIO PCG & VGN models, Samsung,Fujitsu-Siemens, Hewlett-Packard, Compaq, Phoenix BIOS. You will receive the password within a few hours, sometimes almost instantly. The price is only $10 per password recovered, if we can’t recover it, you get your money back.

For more info and a list of supported computer models visit here:
BIOS Password Recovery Service

In order to serve you better when purchasing this service, if possible please enter the challenge/response hash with order. If you don’t know how to get the challenge hash, please email us first.

Kon Boot 1.1

Dev Team — Mon, 10 May 2010 09:08:13 +0000

We reviewed Kon Boot 1.0 last year HERE which was a great breakthrough program that allowed you to boot into a Windows machine and bypass the logon screen without entering a password. To accomplish this, Kon Boot hooks the bios on the fly subverting the Windows kernel authentication temporarily and allowing you access. Since this is a temporary process the computer is back to normal when you reboot. This allowed you to access the computer without having to take the time to reset the password or crack it, and it left the computer untouched. Now, a year later, Kon Boot v1.1 has been released with new features, such as booting from floppy,CD, or usb, privilege escalation support which allows you to gain SYSTEM privileges from ANY account on the system. For example, you can boot from Kon Boot and log in as Guest and run ‘Net User’ command to add a new user,reset admin passwords etc as SYSTEM

It also has a bunch of new bug fixes/updates.

- Added 64-bit environment support
- Added USB support tools (grldr, klmemusb)
- Added debugging code to make it easier to track down various compatibility problems
- Fixed bug in Windows 7 support failures
- Removed Linux support
- Many performance improvements to source code
- Improved BIOS support by reducing code size significantly

Unfortunately it is no longer free. But for a meager price of $15.99 for a personal license, it gives you free updates and support for a period of 6 months. You can still use it without restrictions after that period.
They also offer a commercial license, for $75.99 with 1 year of support and updates, allowing you to use on business environment.
To purchase Kon Boot v1. 1,visit their website http://www.kryptoslogic.com

We are also giving away 10 personal licenses this week to some lucky readers!!! More details to come!!!