From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords just like these. To give you some insight into how predictable humans are, the following is a list of the 500 most common passwords. If you see your password on this list, please change it immediately. Keep in mind that every password listed here has been used by at least hundreds if not thousands of other people.

There are some interesting passwords on this list that show how people try to be clever, but even human cleverness is predictable. For example, look at these passwords that I found interesting:
(more…)

Generic SHA-1 Auditor (GSAuditor) is an application that allows you to brute force password hashes derived from SHA-1. NOTE: GSAuditor is an “experimental” tool.

Current version of GSAuditor supports the following algorithms:

* RAW-SHA-1($password) – Mac OS 10.3 ‘Panther’
* SHA-1(UNICODE($password).$salt) – MS SQL 2000/2005 (remember that 2000 uses uppercase password!)
* SHA-1($password.$salt) – ORACLE 11g (the salt is currently 10 bytes)
* SHA-1($username.$password) – PHP
* SHA-1($salt.$password) – Mac OS 10.4 ‘Tiger’
http://evilfingers.com/tools/GSAuditor.php

Many people ask about the location in the Registry or file system that applications store the passwords. Here is a list of password storage locations for popular applications compiled by Nir Sofer.
Be aware that even if you know the location of the saved password, it doesn’t mean that you can move it from one computer to another. many applications store the passwords in a way that prevent you from moving them to another computer or user profile. (more…)

Lightning Hash Cracker is a free MD5 recovery tool from Elcomsoft. It utilizes NVIDIA GPU acceleration to reverse hundreds of thousands of MD5 hashes at once as fast as a single one with almost no overhead. Process the entire list of passwords and obtain the first password in just minutes! Using one or many video cards, Lightning Hash Cracker is one of the fastest MD5 hash recovery tools. http://www.elcomsoft.com/lhc.html

Have you ever had a Master Lock but forgot the combination? We all know the soda can method where youcreate a ‘shim’ in order to bypass the locking mechanism. Here is an easy tutorial on how to find a lost code. Caution: The newer Master Locks may or may not work. It is much more difficult to distinguish the difference between the different sticky numbers in the newer models.
(more…)

We all know Norton can’t protect you , but also Norton is sometimes a pain in the ass to uninstall , sometimes it has files you cant remove etc. But even before you get to that point you’re prompted for an uninstall passowrd? wtf? sometimes you were the person who installed it sometimes you’re not either  way you don’t know the password. Here’s a simple way to bypass that problem.

The default password that should work for most of the Symantec uninstallation is “symantec“. Duh.

If the default password doesn’t work do this:
1) Go to Start -> Run and type regedit

2) Navigate to: 

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\

3) Double click on the value name “UseVPUninstallPassword” and change the value from 1 to 0

4) Close the registry and retry the uninstall.

If you forgot your Windows login password which contains your most valuable data with your all favorite setting and you fear about loosing all the data and settings? Then you don’t worry about this problem, if unfortunately you have this problem. Here is the best method to restore your Windows login password provided if you have the Windows installation CD.

1. Place your Windows XP CD in your cd-rom and start your computer (it’s assumed here that your XP CD is bootable – as it should be – and that you have your bios set to boot from CD)

2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”

3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.

4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now

5. The Licensing Agreement comes next – Press F8 to accept it.

6. The next screen is the Setup screen which gives you the option to do a Repair.

It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it”

Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.

7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.

8. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds”

9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will notice Installing Windows is highlighted.

10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.

11. At the prompt, type NUSRMGR.CPL and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel.

12. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can type control userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy).

13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact.

See how long it would take you brute-force your password using this handy php script:
http://www.hackosis.com/projects/bfcalc/bfcalc.php
The code is open source and can be downloaded from:
http://www.hackosis.com/wp-content/uploads/2007/11/bfcalc.zip

lm2ntcrack provides a simple way to crack instantly Microsoft Windows NT Hash (MD4) when the LM Password is known. lm2ntcrack is Free and Open Source software.
This software is entirely written in Perl, so its easily ported and installed.
(more…)