pentesting, pci, red team

Password Exploitation Class Videos

August 30th, 2010 by admin in Uncategorized

The Password Exploitation Class was put on as a charity event for the Matthew Shoemaker Memorial Fund . The speakers were Dakykilla, Purehate_ and Irongeek.

Lots of password finding and crack topics were covered. Hashcat, OCLHashcat, Cain, SAMDump2, Nir’s Password Recovery Tools, Password Renew, Backtrack 4 R1, UBCD4Win and much more.

Kon Boot 1.1

May 10th, 2010 by Dev Team in cracking, Privilege Escalation, windows

Kon Boot 1.1
We reviewed Kon Boot 1.0 last year HERE which was a great breakthrough program that allowed you to boot into a Windows machine and bypass the logon screen without entering a password. To accomplish this, Kon Boot hooks the bios on the fly subverting the Windows kernel authentication temporarily and allowing you access. Since this is a temporary process the computer is back to normal when you reboot. This allowed you to access the computer without having to take the time to reset the password or crack it, and it left the computer untouched. Now, a year later, Kon Boot v1.1 has been released with new features, such as booting from floppy,CD, or usb, privilege escalation support which allows you to gain SYSTEM privileges from ANY account on the system. For example, you can boot from Kon Boot and log in as Guest and run ‘Net User’ command to add a new user,reset admin passwords etc as SYSTEM

It also has a bunch of new bug fixes/updates.

  1. – Added 64-bit environment support
  2. – Added USB support tools (grldr, klmemusb)
  3. – Added debugging code to make it easier to track down various compatibility problems
  4. – Fixed bug in Windows 7 support failures
  5. – Removed Linux support
  6. – Many performance improvements to source code
  7. – Improved BIOS support by reducing code size significantly

Unfortunately it is no longer free. But for a meager price of $15.99 for a personal license, it gives you free updates and support for a period of 6 months. You can still use it without restrictions after that period.
They also offer a commercial license, for $75.99 with 1 year of support and updates, allowing you to use on business environment.
To purchase Kon Boot v1. 1,visit their website

We are also giving away 10 personal licenses this week to some lucky readers!!! More details to come!!!

Password Cracking Guide

March 24th, 2010 by Dev Team in cracking, Password Info

This pdf document is for people who want to learn to the how and why of password cracking. There is a lot of information being presented and you should READ IT ALL BEFORE you attempted doing anything documented here. (more…)

Hashcat v0.30

December 27th, 2009 by Dev Team in cracking, Files

A new multi-platform password cracking tool hashcat was just released publicly.
Tested on XP, Win7, Gentoo, Debian

The main features of hashcat are:

* It is free.
* Native binaries for Linux and Windows.
* Multi-threaded.

Bypass Windows Logon Password

April 23rd, 2009 by Dev Team in Privilege Escalation, windows

Accessing a Windows computer without knowing the password is fairly simple with this free tool called Kon-Boot .There are alternatives like Ophcrack etc, but those rely on grabbing the SAM hashes and cracking those. What sets Kon-Boot apart is that is modifies the kernel on-the-fly while booting (everything is done virtually – without any interferences with physical system changes) and allows you to log into any account without entering a password. All you have to do is insert a boot (cd or floppy) disk burned with Kon-boot software(110kb) in to the computer and boot up.

10 ways of resetting a lost linux root password

April 22nd, 2009 by Dev Team in Linux, Privilege Escalation


A good password has the problem of being difficult to remember. And sometimes you might need to get in to a system where the root password is long forgotten (or left with the system administrator before you).
Luckily there are ways of getting access to systems without having the password. This is of course in a sense also a security risk. That’s why you should always be aware that having unattended physical access to a computer system means the same as having root access to the operating system. Unless the information on a system is encrypted, it’s only as save as the room it’s in.

The method to use to reset the password if you lost the root (or only) password depends on the configuration of your system. But it mostly comes down to two separate tasks:

– get write access to the root partition

– change the password/circumvent control

Here are some things you can try from easy to more complicated. (more…)

Oracle User Privilege Escalation

October 29th, 2008 by admin in Privilege Escalation

An Oracle DB user which has been granted CREATE ANY DIRECTORY can use that system privilege to grant themselves the SYSDBA system privilege by creating a DIRECTORY pointing to the password file location on the OS and then overwriting it with a previously prepared known binary password file using UTL_FILE.PUT_RAW from within the DB.

This paper will show how the issue can be exploited and most importantly how to secure against it. This is an original vulnerability affecting current versions of the DB and please note that Oracle Corp’s Security Department have already been informed in accordance with ethical procedures and have given their permission to publish.

Proof of concept code tested on 10.1, 10.2 and 11g on both Linux and Windows and is available below.

Here is the paper.

Here is the code.

KeyCarbon USB Keylogger

October 8th, 2008 by admin in Apple, Linux, News, windows

I had a chance to review the Keycarbon USB Home Mini this week. I’ve been wanting to try one of these to see how they would compare to a PS/2 keyboard logger, PS/2 is still pretty popular as far as cheaper keyboards but the shift in technology is going more towards USB keyboards. I was pretty impressed by the quality of the keylogger and its simple installation.

Who would need a device like this?

  • Business owners needing to monitor employees
  • Parents needing to monitor children
  • People who might need backups of things they type (writers etc)
  • Private investigators, law enforcement, hackers, James Bond 🙂

Why would someone want a hardware keylogger as opposed to a software based one? Well this question has it’s pros and cons:

The pros are:

  • It’s dead simple to install , just unplug the keyboard,plug this device in , and plug the keyboard into the device ,that’s it!
  • No need for root/admin level permissions to install
  • It can be installed on any system that has a USB port (Windows,Mac,Linux etc)
  • Since it’s hardware-based it wont be detected by antivirus/malware programs ever
  • It picks up EVERYTHING typed, even bios password passwords and log-ons

The cons are:

  • Since it doesn’t interact with the operating system it can’t get the name of windows where the text was typed so it makes it a chore to scan the logs for the juicy information
  • Easy to prevent logging by just removing the logger form the computer (which most people won’t be aware of anyhow, who actually crawls behind their computer everyday?)
  • Recovery of logs might be more difficult because they are stored physically on the device and not sent to a remote location. But if you were able to install it in the first place , then recovering it shouldn’t that much harder.
  • If the person has a PS/2 keyboard you can’t use an adapter because the device needs power from the USB port to work

Recovering the logs from the device can be done on any computer even though they offer the software to recover the logs faster, it’s not needed which makes this device a good tool to have in your arsenal. To recover the logs alls you you need to do is open any text editor (notepad etc…) and type in the password (default password is phxlog) and the device goes into menu mode, where you have a few options to choose
you have open so it’s best to open notepad or wordpad or any *nix/MAC equivalent before typing this. This menu will give you various options for the device ,which are:

  1. Partial/Full Log download
  2. Erase logs (quick or thorough)
  3. Setting the default password (alphanumeric only,under 17 chars)
  4. Firmware upgrade
  5. Diagnostics
  6. Speed (that the logs are typed)

Once you choose read the logs it starts auto typing the logs onto whatever window is open has the main focus (which is why you need to open a text editor).  If you don’t like to wait for it to auto-type (you might have days of saved logs) you can get the software to download it in one swoop. The only problem with the software that as of now it’s only compatible with windows.

Detection of the Device:

Because the device doesnt install into the operating system its pretty much insvisible to the normal user. Only a trained computer expert would notice the device it because the only sign it’s there is that it is seen as a USB hub by the OS. It shows up as a “generic 4 port hub Vid_0451&Pid_2046” Vendor id of 0451 and a product id of 2046, which comes up as a generic Texas instruments device which wont raise many eyebrows. Because it’s a USB 1.1 hub it is possible that it may be discovered if someone plugs a USB 2.0 keyboard inline with it. (They might get a warning message telling them that their device can perform at a higher speed if they use a different port.) But the chances are slim of someone needing to replace their keyboard.

All in all this device is a stable tool to use, it logged with no problems at all with every keyboard/OS i used with it.  Although the price is a little high for most people, it’s well priceless for businesses who need to keep an eye on employees, or a parent who needs to monitor their children’s internet activity. I want to thank Keycarbon for giving me the opportunity to review and test this device. Check out their site for other devices they offer that I didn’t get to review , but are another great alternative to stealth hardware logging.

Bypass IPhone Voicemail Password

October 5th, 2008 by admin in Apple, News, Password Info

As you know AT&T is the only carrier for IPhones (unless its jailbroken). For many people jumping on the IPhone craze do not know that the convenience of listening to your voicemail from your Iphone (or any AT&T phone for that matter) is a huge hole. The AT&T voicemail system is configured by default not to ask for a password when you check your voicemail from the handset (it asks for your voicemail password if you call your number from another phone and press * when your voicemail answers). (more…)

OphCrack Live CD – Crack Windows Passwords

September 20th, 2008 by Dev Team in News, Password Info, windows
Ophcrack LiveCD is a free bootable Windows password cracking CD based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a Graphical User Interface and runs on multiple platforms.

» Runs on Windows, Linux/Unix, Mac OS X, …
» Cracks LM and NTLM hashes.
» Free tables available for Windows XP and Vista.
» Brute-force module for simple passwords.
» LiveCD available to simplify the cracking.
» Loads hashes from encrypted SAM recovered from a Windows partition, Vista included.

Next Article »