What's My Pass? » Microsoft Windows

Hashcat v0.30

Dev Team — Mon, 28 Dec 2009 04:19:47 +0000

A new multi-platform password cracking tool hashcat was just released publicly.
Tested on XP, Win7, Gentoo, Debian

The main features of hashcat are:

* It is free.
* Native binaries for Linux and Windows.
* Multi-threaded.

* Supports the following hashes:

* MD5
* md5($pass.$salt)
* md5($salt.$pass)
* md5(md5($pass))
* md5(md5(md5($pass)))
* md5(md5($pass).$salt)
* md5(md5($salt).$pass)
* md5($salt.md5($pass))
* md5($salt.$pass.$salt)
* md5(md5($salt).md5($pass))
* md5(md5($pass).md5($salt))
* md5($salt.md5($salt.$pass))
* md5($salt.md5($pass.$salt))
* md5($username.0.$pass)
* md5(strtoupper(md5($pass)))
* SHA1
* sha1($pass.$salt)
* sha1($salt.$pass)
* sha1(sha1($pass))
* sha1(sha1(sha1($pass)))
* MySQL
* MySQL4.1/MySQL5
* MD5(Wordpress)
* MD5(phpBB3)
* MD5(Unix)
* SHA-1(Base64)
* SSHA-1(Base64)

* Supports the following attacks:

* Straight-Words Attack
* Combination-Words Attack
* Toggle-Case Attack
* Brute-Force Attack

* All Attack-Modes except Brute-Force can be extended by Hybrid-Attack rules.
* Hybrid-Attack engine is mostly compatible with JTR / PasswordsPro.
* Possible to resume or limit session.

It also has some special features:

* Automatically recognizes already recovered hashes from outfile at startup.
* Automatically generate random rules for Hybrid-Attack.
* Load hashlist that include more than 3 million hashes of any supported type at once.
* Load saltlist from external file and then use them in a Brute-Force Attack variant.
* Able to work in an distributed environment.

There are some more things you should know:

* You can specify multiple wordlists and also multiple directories of wordlists.
* Number of threads can be configured.
* Threads run on lowest priority.

Get It Here: hashcat

How to View Your Windows 7 Homegroup Password

admin — Thu, 03 Dec 2009 19:42:56 +0000

If you have forgot your Windows 7 homegroup password, then this will show you how to view or print it to see what it is again. You must have this password to be able to join a computer to your homegroup.

HomeGroup makes it easy to share pictures, music, documents, videos, and printers with other people on your home network. You would have had to created a homegroup first before you will have a password to use to join other computer to your homegroup.

1. Open the Control Panel (all items view), and click on the Network and Sharing Center icon.
2. Click on the Choose homegroup and sharing options link.
3. Click on the View or print homegroup password link.
4. Write down this password down, or click on Print this page to print the passoword. When done, close this window.

NOTE: The password is case sensitive, so it will need to be typed exactly as it appears here when used to join a computer to the homegroup.

How to own a Windows Domain

Dev Team — Sun, 25 Oct 2009 17:34:05 +0000

Security tube has a nice video on how to gain domain admin access from a workstation using some simple tools

http://securitytube.net/How-to-own-a-Windows-Domain-video.aspx

GetKey 3.0

Dev Team — Sun, 13 Sep 2009 02:57:43 +0000

GetKey 3.0 easily recovers Windows and Microsoft Office Product Keys. It also can recover the keys from a slaved/offline drive or run from a WindowsPE CD,such as BartsPE or Hiren’s BootDisk! It even decodes what type of Windows is installed on the offline drive by decoding the Microsoft Product Code and Channel ID, so if you have you’re a tech working on a dead system you can grab the right Windows CD to install. GetKey is written in pure assembly language, it’s fully portable and is only 14kb in size .

Software Requirements

Processor: Pentium class or equivalent processor
RAM: 64MB RAM recommended
Hard Disk: 14kb free hard disk space
Supported Operating System: Windows 98/ME/NT/2000/2003/XP/Vista/Win7 *32bit only!

We are offering this for only Only $4.99!! All proceeds go to supporting this site!

Logon Windows7 Automatically

Dev Team — Mon, 27 Jul 2009 01:51:11 +0000

Windows 7 Auto Login/Logon was disabled by default. To log on Windows 7 automatically, you can easily configure it even though you are not a computer expert. Continue for the steps:

1) Click “Windows” or “Start” button, on the Search dialog box, type “netplwiz“, and then press Enter (or Return, or whatever you call it.)

2) Highlight the User Name that you want to use to log on the system automatically, then uncheck “User must enter user name and password to use this computer“, which is checked by default in Windows 7. And then, click “Apply“.

3) In “Automatically Log On” Windows, enter your password twice so Windows 7 would remember it for next logon.

4) Click “OK” to exit the settings.

Reboot your Windows 7 machine and auto login in Windows 7 should be activated, without asking the annoying password every time. Please keep in mind that by disabling the password feature also decreases the security level for your Windows 7 system. Only do this if you do not share a computer with other users.

SAM and Syskey

Dev Team — Sun, 12 Jul 2009 18:59:17 +0000

Many people wonder how their password is obtained from the SAM in Windows. Push The Red Button has an excellent in-depth article on how your password is encrypted and decrypted into a LanMan hash and a NT hash and stored in the SAM.

Spunlock BIOS Cracking Services

Dev Team — Wed, 29 Apr 2009 22:44:38 +0000

Over this past week I had a job come in the shop of a Sony Vaio laptop that had a bad motherboard. I had searched on Ebay for a cheap buy and settled on someone who had the same motherboard for about $100 less than anyone else. When I received the motherboard I promptly installed it , upon powering it up I was faced with a password prompt. Dammit! The motherboard had a BIOS password that wasn’t mentioned in the auction. Now being that I know most known methods for bypassing BIOS passwords, Sony has no known method of removing the password. I talked to a few friends and was forwarded to http://spunlock.com .

I was a bit weary at first about paying for a service , but the customer needed their laptop back that day to go on a trip. So getting the customer’s O.K. I purchased the BIOS cracking service.In order to get the correct challenge response BIOS code for most laptops you needs to enter the password incorrectly 3 times, after the third time , the BIOs should spit back a challenge code, this is what they need in order to crack the code.

After sending the payment and challenge code,much to my amazement 1 1/2 hours later I was opening an email with my code to remove the BIOS password. I punched it in and I was now watching Windows starting up. Spunlock has BIOS cracking support for many laptop brands like Dell,Fujitsu,Sony (of course) and more. So for you Techs and others who got burned on ebay, or people who simply forgot their password , give them a shot, you have nothing to lose, Don’t forget to mention whatsmypass.com in your email to them

ACER:SOME
ADVENT:SOME
ASUS:SOME
COMPAQ:SOME
DELL:ALL + 2A7B
E-SYSTEM:SOME
FUJITSU SIEMENS:ALL
HP:SOME
PACKARD BELL:SOME
PHILLIPS:SOME
SAMSUNG:SOME
SONY VAIO:ALL
TOSHIBA:SOME

Vbootkit 2.0

Dev Team — Sat, 25 Apr 2009 15:03:09 +0000

Like Kon-boot we talked about in our last post VBootkit 2.0 is an updated code from 2007 that hasnt hit the internet yet , but is pretty much the same idea, modify the bootmgr and you essentially can modify the security checks on the fly to let you do anything you wanted on the system as any user without knowing the password. Read more from there authors site ::HERE::

VBootkit 2.0 is a follow-up to earlier work that Kumar and Kumar have done on vulnerabilities contained in the Windows boot process. In 2007, Kumar and Kumar demonstrated an earlier version of VBootkit for Windows Vista at the Black Hat Europe conference.

The latest version of VBootkit includes the ability to remotely control the victim’s computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user’s password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected.

Bypass Windows Logon Password

Dev Team — Thu, 23 Apr 2009 22:22:29 +0000

Accessing a Windows computer without knowing the password is fairly simple with this free tool called Kon-Boot .There are alternatives like Ophcrack etc, but those rely on grabbing the SAM hashes and cracking those. What sets Kon-Boot apart is that is modifies the kernel on-the-fly while booting (everything is done virtually – without any interferences with physical system changes) and allows you to log into any account without entering a password. All you have to do is insert a boot (cd or floppy) disk burned with Kon-boot software(110kb) in to the computer and boot up.

Kon-boot which was initially started as a small project for Linux (mainly Ubuntu),where it allows to log into a Linux system as ‘root’ user without typing the correct password or to elevate privileges from current user to root. Now it was moved to windows platform where it enables Windows users to login to any password protected machine profile without any knowledge of the password.
This program works with the following versions of Windows: XP (SP1, SP2, SP3), Vista (Business, Ultimate), 2000, Server 2003 and 2008, and Windows 7. Kon-Boot also allows you to boot Linux (distributions: Ubuntu, Gentoo, Debian and Fedora) without a password as well.

http://www.piotrbania.com/all/kon-boot/

GetKey 1.0

Dev Team — Fri, 27 Mar 2009 17:30:12 +0000

Added GetKey 1.0 to the freeware section, it retrieves your Product Key (cd key) used to install Windows. For Windows 95, 98, ME, 2000, XP, Vista, Server 2003, Server 2008