TrackSomebody.com

october27thgroup.com pentesting, pci, red team

illmob.org

Change your password with sticky keys

August 18th, 2010 by admin in Privilege Escalation, windows

Forgot the administrator password? There are many ways to access a Windows installation if you forgot the administrator password. Today I’ll show you another procedure to reset the Windows password by replacing the Sticky Keys application. This program allows you to use the function keys SHIFT, CTRL, ALT, or the Windows key by typing one key after the other instead of pressing them simultaneously with the second key. The main advantage of this password reset method is that you don’t need third-party software; another plus is that it is easy to carry out because no Registry hack is required, as when you offline enable the built-in administrator.

Please note that resetting the password from an account other than the corresponding user account always means that the user loses the credentials stored in the Windows Vault, stored Internet Explorer passwords, and files that you encrypted with the Encrypting File System (EFS). Of course, if you have a backup of these credentials, you can restore them; likewise, if you have exported the private EFS key, you can import it again after you have reset the password.

Like with all other solutions that allow you to reset the Windows password without having an account on the corresponding computer, you have to boot from a second operating system and access the Windows installation while it is offline.

You can do this with a bootable Windows PE USB stick or by using Windows RE. You can start Windows RE by booting the Windows Vista or Windows 7 setup DVD and then selecting “Repair” instead of “Install Windows.”

By the way, you can’t use the Windows XP boot CD for this purpose because its Recovery Console will ask for a password for the offline installation. However, you can use a Vista or Windows 7 DVD to reset a forgotten Windows administrator password on Windows XP.

This works because Windows RE, which is based on Vista or Windows 7, will let you launch a command prompt with access to an offline installation without requiring a password.
(more…)

GetKey 3.0

September 12th, 2009 by Dev Team in Our Tools, windows

GetKey 3.0 easily recovers Windows and Microsoft Office Product Keys. It also can recover the keys from a slaved/offline drive or run from a WindowsPE CD,such as BartsPE or Hiren’s BootDisk! It even decodes what type of Windows is installed on the offline drive by decoding the Microsoft Product Code and Channel ID, so if you have you’re a tech working on a dead system you can grab the right Windows CD to install. GetKey is written in pure assembly language, it’s fully portable and is only 14kb in size .

1
2

Software Requirements

  • Processor: Pentium class or equivalent processor
  • RAM: 64MB RAM recommended
  • Hard Disk: 14kb free hard disk space
  • Supported Operating System: Windows 98/ME/NT/2000/2003/XP/Vista/Win7 *32bit only!

We are offering this for only Only $4.99!! All proceeds go to supporting this site!





Pay Now with e-gold...

Recover Google Passwords via SMS

June 25th, 2009 by Dev Team in Uncategorized

Google just added an SMS option to its accounty recovery system, letting anyone who forgets their passwords, or finds it suspiciously locked, set up a mobile phone number to have a recovery password sent to. U.S.-only for now, but Google says it’s working to expand the option. Want to add your phone number to an existing account? Sign into account management, then head to Change Password Recovery Options.

via Google Operating System

Vbootkit 2.0 is now open-source

May 8th, 2009 by admin in Privilege Escalation

Vbootkit 2.0 has now been made open-source under GPL license.

Indian security researchers have released proof-of-concept code that can be used to take over a computer running Microsoft’s upcoming Windows 7 operating system, despite earlier promising not to make the code public for fear it could be misused.

VBootkit 2.0 was developed by researchers Vipin Kumar and Nitin Kumar and is now available for download under an open-source license.
Vbootkit 2.0 currently only works on Windows 7 ( x64 edition ).

Download Vbootkit 2.0 source code

Vbootkit 2.0 Attacking Windows 7 (x64) via Boot Sectors presentation

VIA: nvlabs.in

10 ways of resetting a lost linux root password

April 22nd, 2009 by Dev Team in Linux, Privilege Escalation

via: handlewithlinux.com

A good password has the problem of being difficult to remember. And sometimes you might need to get in to a system where the root password is long forgotten (or left with the system administrator before you).
Luckily there are ways of getting access to systems without having the password. This is of course in a sense also a security risk. That’s why you should always be aware that having unattended physical access to a computer system means the same as having root access to the operating system. Unless the information on a system is encrypted, it’s only as save as the room it’s in.

The method to use to reset the password if you lost the root (or only) password depends on the configuration of your system. But it mostly comes down to two separate tasks:

– get write access to the root partition

– change the password/circumvent control

Here are some things you can try from easy to more complicated. (more…)

Trillian Recover

March 27th, 2009 by Dev Team in Our Tools, Trillian

Trillian Password Recovery Software easily recovers and exposes all lost or forgotten AIM saved passwords. Easily retrieves password information instantly regardless of the password length and complexity with full support to all Trillian versions. Trillian Recover is written in pure assembly language.

More information on how the password is stored ::here::

Software Requirements

  • Processor: Pentium class or equivalent processor
  • RAM: 64MB RAM recommended
  • Hard Disk: 5kb free hard disk space
  • Supported Operating System: Windows 98/ ME/ NT/ 2000/ 2003/ XP/ Vista /Win7

Trial and registration

Evaluation version is available for FREE download. This unregistered (demo) software recovers only the first 3 characters in password (rest is shown as ‘*’).


Download Trillian Recover Demo

[downloadcounter(TrillianRecover)] downloads

In order to display full Password you should register for licensed Software.
Only $4.99!! All proceeds go to supporting this site!

** Newer Version Released Click HERE**

AIM Recover

March 26th, 2009 by Dev Team in AIM, Files, Our Tools

AOL Instant Messenger Password Recovery Software easily recovers and exposes all lost or forgotten AIM saved passwords. Easily retrieves password information instantly regardless of the password length and complexity with full support to all AIM 6.x versions. AIM Recover is written in pure assembly language.

AIM 6.x (6.5 & beta 6.8) uses 2 algorithms to encrypt your AIM password. First the Blowfish algorithm is used to encrypt the AIM password using a 448 bit keyword.
The encrypted string is then encoded using base64 and stored in the registry at:
\\HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

Software Requirements

  • Processor: Pentium class or equivalent processor
  • RAM: 64MB RAM recommended
  • Hard Disk: 15kb free hard disk space
  • Supported Operating System: Windows 98/ ME/ NT/ 2000/ 2003/ XP/ Vista /Win7

Trial and registration

Evaluation version is available for FREE download. This unregistered (demo) software recovers only the first 3 characters in password (rest is shown as ‘*’).


Download Aim Recover Demo

[downloadcounter(AimRecover)] downloads

In order to display full Password you should register for licensed Software.
Only $4.99!! All proceeds go to supporting this site!

Pay Now with e-gold...

Recover wireless network keys from external drive

December 22nd, 2008 by admin in Uncategorized

The new version of WirelessKeyView from Nirsoft now allows you to recover your wireless network keys from external instance of Windows XP operating system (Vista is not supported yet). This feature can be useful if you have a dead system that cannot boot anymore.

View LSA Secrets On An External Drive

December 9th, 2008 by admin in Password Info, windows

The new version of LsaSecretsView from nirsoft allows you to extract the LSA secrets from an external instance of Windows operating system. This feature can be useful if you have a dead system that cannot boot anymore.
You can use this feature from the user-interface, by using the ‘Advanced Options’ in the File
menu, or from command-line, by using the /external parameter.
This feature was also added to LSASecretsDump, which is the console version of LsaSecretsView.

Be aware the currently this feature works for Windows 2000/XP/2003, but not for Windows Vista.

KeyCarbon USB Keylogger

October 8th, 2008 by admin in Apple, Linux, News, windows

I had a chance to review the Keycarbon USB Home Mini this week. I’ve been wanting to try one of these to see how they would compare to a PS/2 keyboard logger, PS/2 is still pretty popular as far as cheaper keyboards but the shift in technology is going more towards USB keyboards. I was pretty impressed by the quality of the keylogger and its simple installation.




Who would need a device like this?

  • Business owners needing to monitor employees
  • Parents needing to monitor children
  • People who might need backups of things they type (writers etc)
  • Private investigators, law enforcement, hackers, James Bond 🙂

Why would someone want a hardware keylogger as opposed to a software based one? Well this question has it’s pros and cons:

The pros are:

  • It’s dead simple to install , just unplug the keyboard,plug this device in , and plug the keyboard into the device ,that’s it!
  • No need for root/admin level permissions to install
  • It can be installed on any system that has a USB port (Windows,Mac,Linux etc)
  • Since it’s hardware-based it wont be detected by antivirus/malware programs ever
  • It picks up EVERYTHING typed, even bios password passwords and log-ons

The cons are:

  • Since it doesn’t interact with the operating system it can’t get the name of windows where the text was typed so it makes it a chore to scan the logs for the juicy information
  • Easy to prevent logging by just removing the logger form the computer (which most people won’t be aware of anyhow, who actually crawls behind their computer everyday?)
  • Recovery of logs might be more difficult because they are stored physically on the device and not sent to a remote location. But if you were able to install it in the first place , then recovering it shouldn’t that much harder.
  • If the person has a PS/2 keyboard you can’t use an adapter because the device needs power from the USB port to work

Recovering the logs from the device can be done on any computer even though they offer the software to recover the logs faster, it’s not needed which makes this device a good tool to have in your arsenal. To recover the logs alls you you need to do is open any text editor (notepad etc…) and type in the password (default password is phxlog) and the device goes into menu mode, where you have a few options to choose
you have open so it’s best to open notepad or wordpad or any *nix/MAC equivalent before typing this. This menu will give you various options for the device ,which are:

  1. Partial/Full Log download
  2. Erase logs (quick or thorough)
  3. Setting the default password (alphanumeric only,under 17 chars)
  4. Firmware upgrade
  5. Diagnostics
  6. Speed (that the logs are typed)

Once you choose read the logs it starts auto typing the logs onto whatever window is open has the main focus (which is why you need to open a text editor).  If you don’t like to wait for it to auto-type (you might have days of saved logs) you can get the software to download it in one swoop. The only problem with the software that as of now it’s only compatible with windows.

Detection of the Device:

Because the device doesnt install into the operating system its pretty much insvisible to the normal user. Only a trained computer expert would notice the device it because the only sign it’s there is that it is seen as a USB hub by the OS. It shows up as a “generic 4 port hub Vid_0451&Pid_2046” Vendor id of 0451 and a product id of 2046, which comes up as a generic Texas instruments device which wont raise many eyebrows. Because it’s a USB 1.1 hub it is possible that it may be discovered if someone plugs a USB 2.0 keyboard inline with it. (They might get a warning message telling them that their device can perform at a higher speed if they use a different port.) But the chances are slim of someone needing to replace their keyboard.

All in all this device is a stable tool to use, it logged with no problems at all with every keyboard/OS i used with it.  Although the price is a little high for most people, it’s well priceless for businesses who need to keep an eye on employees, or a parent who needs to monitor their children’s internet activity. I want to thank Keycarbon for giving me the opportunity to review and test this device. Check out their site for other devices they offer that I didn’t get to review , but are another great alternative to stealth hardware logging.

Next Article »