A hacker named Kirllos seems to have sold close to 700,000 accounts, and has a rare deal for anyone who wants to spam, steal or scam on Facebook: an unprecedented number of user accounts offered at rock-bottom prices. Kirllos’ Facebook prices are extremely cheap compared to what others are charging. In its most recent Internet Security Threat Report, Symantec found that e-mail usernames and passwords typically went for between $1 to $20 per account — Kirllos wants as little as $0.025 per Facebook account.

This is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API).
A non-exhaustive list of those recoverable secrets are :

* EFS certificates
* MSN Messenger credentials
* Internet Explorer form passwords
* Outlook passwords
* Google Talk credentials
* Google Chrome form passwords
* Wireless network keys (WEP key and WPA-PMK)
* Skype credentials

Of course you need to know the user’s current password, you can recover it from the SAM.
Download Here
You can also read an excellent article on the undocumented process of recovering DPAPI passwords here

Our Post Made pretty by Kate Bingaman Burt.

This pdf document is for people who want to learn to the how and why of password cracking. There is a lot of information being presented and you should READ IT ALL BEFORE you attempted doing anything documented here. (more…)

Ophcrack Password-cracking tool was optimised to work with SSDs have achieved speeds up to 100 times faster when compared to their old 8GB Rainbow Tables for XP hashes. After optimizing its rainbow tables of password hashes to make use of SSDs Swiss security firm Objectif Sécurité was able to crack 14-digit WinXP passwords with special characters in just 5.3 seconds. A free test can be found here.

When you try to start or restart your Windows XP-based computer,
you may receive one of the following error messages:

Windows XP could not start because the following file is
missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

Windows XP could not start because the following file is
missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE

Stop: c0000218 {Registry File Failure} The registry cannot load the hive (file): \SystemRoot\System32\Config\SOFTWARE or its log or alternate

System error: Lsass.exe
When trying to update a password the return status indicates that the value provided as the current password is not correct.

Sometimes this can be corrected using chkdsk /r /f from recovery console

other times you need to boot into the recovery console using the XP install CD
and use the directions here http://support.microsoft.com/kb/307545 which involves typing a
whole bunch of commands into the console and hope that you dont make any mistakes typing.
Alot of people either lost or don’t have the XP install CD and if you do it’s a pain in
the ass to type all of that.

So the alternative would be to either:
1. boot from WindowsPE type disk and backup/copy the registry hive files to the folders
or
2. slave the drive to another computer and backup/copy the registry hive files to the folders

which is also tedious because you have to copy hive files over,back up old hives, and rename the new hives
This is where HiverestoreXP comes in handy because it automates the process for you.
It’s dead simple to use.

Download HiveRestoreXP

485 downloads

It’s here ,it’s here!
Finished the third edition of our TechTools compilation and its ready for download

What is it? : TechTools is for techs and people who work on computers everyday,
and need updated programs to keep with them on their usb key.

Tech Tools uses Ketarin, which is an application downloader that
checks to see if an application has been updated and downloads it if so.
The genius in this tool is that we dont have to have you download all these
tools at one time from our website, you’re going to be downloading each file
individually from the app’s website. This helps with our bandwidth costs and
some authors of the applications, while freeware, wanted the only download of
their software to be at their own sites.

The result is a pretty menu with a crapload of tools for you to use on-site, and a very easy way to keep all of these tools up to date.

I’ve compiled a list of apps that meet this simple criteria:
1. portable (no crappy installing) although we included some installs for great apps
2. free (dont have to worry about distributing & licensing issues)
3. the app works with no issues
4. useful

Download TechTools 3.0

4757 downloads since 03-01-2010

Back in October we showed you a video on how to own a Windows domain by passing the hash from the local admin account to the domain server to add a new domain admin account. This newer version makes the task much easier using Backtrack4 and metasploit.

You know the lock-screen gesture protection used on Iphone/Android smartphones to prevent people from picking up your phone and having immediate access to all your personal information? Right, well, I hope you’re not relying on your phone’s swipe gesture protection to keep all your dirtiest secrets from falling into the wrong hands.
The next image is a good example of how easy it is to circumvent the Nexus One’s lock-screen gesture password.
(more…)

During a recent password audit, it was found that a blonde was using the following password:

“MickeyMinniePlutoHueyLouieDeweyDonaldGoofy”

When asked why such a big password, she said (wait for it)….

… that it had to be at least 8 characters long.