A bug was found that allows you to bypass the lockscreen on the latest version of Ubuntu. Seems all you need to do is hold down the Enter key until the screen freezes and the lock screen crashes. After that the computer is fully unlocked. It has been patched so make sure you upgrade.
3 Tricks to bypass an Android lockscreen
It can be extremely frustrating when you’ve forgotten the pattern you use to lock your smartphone, and even more so if someone has managed to prank you by changing it. Luckily, there’s an easy fix if you know the username and password for the Gmail account you used to set up the lock.
If you’ve somehow forgotten your Gmail info, it’s a bit trickier to bypass the lock screen. As a last resort, there’s always resetting your phone to factory settings, but no one wants that hassle. So, here are a couple of ways to avoid starting from scratch, if you can.
(more…)
Cracking WPA/WPA2 with Reaver
The WiFi Protected Setup (WPS) protocol is vulnerable to a brute force attack that allows an attacker to recover an access point’s WPS pin, and subsequently the WPA/WPA2 passphrase, in just a matter of hours, using the open source tool called Reaver. Think your 32 character alpha-numeric password is uncrackable? If your wireless router is using WPS then your router may be spit back your password in plain-text to the attacker in less than 10 hrs. WPS allows users to enter an 8 digit PIN to connect to a secured network without having to enter a passphrase. When a user supplies the correct PIN the access point essentially gives the user the WPA/WPA2 PSK that is needed to connect to the network. Reaver will determine an access point’s PIN and then extract the PSK and give it to the attacker. When we tested Reaver in our labs we were able to recovery the WPA password in 1.5hrs and the longest run was 7.5hrs
The new threat
Programmable embedded devices have the capability of being detected as a HID device , just like a keyboard or mouse. So if you have physical access and a minute alone you can compromise a system with something the size of your thumb. The possibilities are endless, HTTP/FTP download, injecting binaries into debug or Powershell etc.. Also this device is cross platform which means Windows,Linux,UNIX and Apple are all vulnerable.
Here’s an example project we made for a Windows7 box that adds a new Admin user to the system and hides that user from the logon screen. the whole process takes about 16 seconds , with most of the time taken by the device being detected as a keyboard and the driver installed. The device costs about $20 and can be found here
MAPDAV
MAPDAV is designed to use what is known about a user or users (ex, username, first name, middle name, last name, etc) on a unix/linux system from a /etc/passwd file and tries to come up with probable combinations that could be the user’s password. An administrator could run the output through a cracker and see if their user’s passwords are anything easy to guess.
For example, if we had a passwd file entery such as:
chrisa:x:107:102:Chris Anderson:/home/chrisa:/usr/bin/bash
We could have MAPDAV derrive some possible passwords, such as chrisa, chrisanderson, andersonchris, canderson, ChrisAnderson, Anderson Chris, CHRIS, plus any other combinations you entered. It has quite a few other features you can use to modify the output to have arbitrary characters, be in reverse, and other useful things.
Out of a sample of 30192 users, MAPDAV 1.0p8 cracked 4.7% of the passwords on the default settings, 1.2% of which were NOT the same user/pass. This combind with a good conventional wordlist could give good crack results.
More info: http://mapdav.sourceforge.net
Unix crypt(3) Rainbow Tables
Darth Null had a nice writeup on how to make crypt(3) rainbow tables. After being told that the salt made it impossible to generate Rainbow Tables, unless you went through the trouble to create 4096 different tables (one for each salt) the reason cited was the presence of the two-character salt at the beginning of the hash. He went out and devised a solution couple of nights later, it was able to actually read, write, and process crypt(3) hashes in their native form (as opposed to a flat hexadecimal dump of the hash). He wanted to submit it for schmoocon but didnt get accepted , so rather than sit on the information, he decided to release it on his blog.
- Instead of generating 4096 tables of 1-8 character passwords, just create 1 table of 3-10 character passwords, and use the 1st two characters of the plaintext passwords as the salt. (That part will make more sense if you read the paper.)
- It’s still kind of slow: 9x slower than LM hashes, for example. But CPUs are much faster than they were in 2003, when people first started building tables for LM hashes.
- It also takes a lot of storage. But storage, likewise, is much cheaper than it was seven years ago.
The whitepaper can be found here:
How to Crack a Wi-Fi Network’s WEP Password with BackTrack
Lifehacker.com had an article the other day that pretty much held your hand on steps to crack a WEP password using BackTrack3. Check it out ::HERE::
10 ways of resetting a lost linux root password
via: handlewithlinux.com
A good password has the problem of being difficult to remember. And sometimes you might need to get in to a system where the root password is long forgotten (or left with the system administrator before you).
Luckily there are ways of getting access to systems without having the password. This is of course in a sense also a security risk. That’s why you should always be aware that having unattended physical access to a computer system means the same as having root access to the operating system. Unless the information on a system is encrypted, it’s only as save as the room it’s in.
The method to use to reset the password if you lost the root (or only) password depends on the configuration of your system. But it mostly comes down to two separate tasks:
– get write access to the root partition
– change the password/circumvent control
Here are some things you can try from easy to more complicated. (more…)
Weak Passwords on Extensions = Hacked SIP/PBX
An unknown organization is systematically checking for open SIP ports and then trying common extension usernames and passwords. If they find weak passwords, they are then into the PBX and can make thousands of calls in a matter of minutes. Protect yourself. Some were Asterisk and some were SIP-based VoIP PBX. Itappears that the hack has nothing to do with any sort of Asterisk vulnerability, but with insecure passwords set for extensions.
Src: junctionnetworks.com