Over this past week I had a job come in the shop of a Sony Vaio laptop that had a bad motherboard. I had searched on Ebay for a cheap buy and settled on someone who had the same motherboard for about $100 less than anyone else. When I received the motherboard I promptly installed it , upon powering it up I was faced with a password prompt. Dammit! The motherboard had a BIOS password that wasn’t mentioned in the auction. Now being that I know most known methods for bypassing BIOS passwords, Sony has no known method of removing the password. I talked to a few friends and was forwarded to http://spunlock.com .

I was a bit weary at first about paying for a service , but the customer needed their laptop back that day to go on a trip. So getting the customer’s O.K. I purchased the BIOS cracking service.In order to get the correct challenge response BIOS code for most laptops you needs to enter the password incorrectly 3 times, after the third time , the BIOs should spit back a challenge code, this is what they need in order to crack the code.

After sending the payment and challenge code,much to my amazement 1 1/2 hours later I was opening an email with my code to remove the BIOS password. I punched it in and I was now watching Windows starting up. Spunlock has BIOS cracking support for many laptop brands like Dell,Fujitsu,Sony (of course) and more. So for you Techs and others who got burned on ebay, or people who simply forgot their password , give them a shot, you have nothing to lose, Don’t forget to mention whatsmypass.com in your email to them

ACER:SOME
ADVENT:SOME
ASUS:SOME
COMPAQ:SOME
DELL:ALL + 2A7B
E-SYSTEM:SOME
FUJITSU SIEMENS:ALL
HP:SOME
PACKARD BELL:SOME
PHILLIPS:SOME
SAMSUNG:SOME
SONY VAIO:ALL
TOSHIBA:SOME

]]> http://www.whatsmypass.com/spunlock-bios-cracking-services/feed 6 http://www.whatsmypass.com/cracking-passwords-with-wikipedia-wiktionary-wikibooks-etc http://www.whatsmypass.com/cracking-passwords-with-wikipedia-wiktionary-wikibooks-etc#comments Fri, 27 Mar 2009 18:22:29 +0000 Dev Team http://www.whatsmypass.com/?p=550 One effective way of assessing password strength is to try and crack them, and as most of you probably know, dictionary attack is the simplest yet formidable technique for cracking passwords. Sébastien Raveau generated a quick & dirty wordlist from Wikipedia in a dozen of languages. It helped quickly crack countless passwords, a lot of which bruteforcing would never get to. The wordlist download can be found at his blog

The first step is to extract the username/password information from the relevant files, using the provided unshadow tool:

unshadow /etc/passwd /etc/shadow > /tmp/password.db

After that, john has three cracking modes:
# Dictionary mode, which tests passwords based on dictionary words. You can use the provided dictionary or provide your own, and there’s an option to enable “word mangling” rules.
# “Single crack” mode, which uses login names and various /etc/passwd values as password candidates, as well as applying word mangling rules.

Incremental mode, which tries all possible character combinations and will obviously take a very, very long time to run. You can change the parameters for this via the config file.

You can run one at a time (in which case, try “single crack” mode first), or run all of them consecutively with

john /tmp/password.db

To show results, use

john –show /tmp/password.db

unshadow will produce a password database only on systems that use /etc/passwd and /etc/shadow for login. For centralized systems, there’s a Kerberos5 module available, or the supplied unafs utility extracts Kerberos AFS passwords. There’s also a LDAP module.

Also remember that you can limit cracking attempts through measures such as locking out specific IP addresses after multiple failed ssh attempts or limiting the number of times a user can get a password wrong when logging on.

Here’s a few free tools to help you recover lost/unknown Windows passwords, most come with the source code included.

LCP 5.04 – user account passwords auditing and recovery in Windows NT/2000/XP/2003. Can get local or remote hashes and recovers by using
* dictionary attack;
* hybrid of dictionary and brute force attacks;
* brute force attack;

PWDump7 – A newer Windows password hash dumper using rootkit technology to inject and dump Windows password hashes. The resulting hashes can be then be cracked by a program such as John the Ripper(free),or SamInside(not free) or using Rainbow Tables

CachedPasswordDumper v1.3 – This program dumps the password to the screen from the account that is logged in at that time. Currently only Windows XP (up to SP1) and Windows 2003 Server (SP0) are supported. For WinNT/2K use Password Reminder

Alternatively you can boot from a Floppy or CD and use Offline NT Password & Registry Editor which allows you to reset your password to a blank password

CacheDump – The default behavior of Microsoft Windows domain members is to cache the last 10 different login credentials in the registry. Using a tool called CacheDump written by Arnaud Pilon you can dump the cached credentials to a file and this can be cracked with a plugin for john the ripper

PwDumpX 1.4 – is a tool that combines PWDump, Cachedump, and LSADump all in one tool. It allows a user with administrative privileges to
retrieve the domain password cache, password hashes and LSA secrets
from a Windows system