Apple iOS 7.2 – Sim Lock Screen Display Bypass Vulnerability

October 15th, 2013 by admin in Apple, Privilege Escalation

A restricted screen bypass via design glitch is detected in the official Apple iOS v7.0.1 for Mobile Devices (iPad|iPhone).
The security vulnerability allows local attackers to bypass the display screen of the restricted sim locked mode.

The bypass vulnerability is located in the iOS v7.0.1/7.0.2 when the `sim locked` mode of an iphone mobile is activated.
Local attackers can redirect the sim locked display to the regular default mode by using a restricted calculator function in
combination with the shutdown and unlock button. As result the local attacker is able to glitch > jump into the regular locked
phone mode with calender + hyperlinks, camera and control center. The regular sim locked display is at the end usable like in
the regular mode without sim locked label in the screen.

The local sim lock screen display bypass vulnerability can be exploited by local attackers with physical device access and without
user interaction. Successful exploitation results in the bypass of the sim lock mode to the regular lock mode. In a earlier test (7.x)
we combined the earlier discovered issues to first unlock the sim display (locked sim card) and bypass the pass code to fully compromise.

HTC One Lockscreen Bypass

October 14th, 2013 by admin in Android, Privilege Escalation

You can bypass the HTC One lockscreen by swiping up from the bottom center of the screen during restart. You have a less than 500ms window in which to swipe up before the lock pattern is enforced.

iOS 6.1 Lockscreen Bypass

February 14th, 2013 by admin in Apple, News, Privilege Escalation

The flaw is relatively easy to exploit and this lets you bypass the security code and use the full Phone app. From there you have access to the address book, and the pictures app by trying to change a contacts picture.

Apple promised to fix the iOS 6.1 iOS Exchange bug in a forthcoming software update so perhaps they’ll fix this annoying glitch as well.

Steps to follow:
First part:
-Go to emergency call, push down the power button and tap cancel.
-Dial 112 and tap green and inmediately red.
-Go to lock screen.
Ok…ready for second part:
-Go to passcode screen.
-Keep pushing down the power button …1…2…3…seconds and before showing the slider “turn off”…tap the emergency call button and …voilá!
-Then without releasing the power button press the home button and ready…

Comprehensive list of Password dumping tools for windows

February 5th, 2013 by admin in cracking, News, Password Info, Privilege Escalation

Bernardo Damele compiled a list of password dumping tool into a google spreadsheet:

Retrieve plain-text OSX keychain passwords from root

September 8th, 2012 by admin in Apple, Privilege Escalation

In OS X, your keychain contains your saved passwords. This includes all your email accounts in Mail, passwords stored in Safari, and credentials for accessing known Wi-Fi networks. Because it contains valuable secrets, the keychain is encrypted. It can only be opened with your login password.

But there’s a twist. When you log in to OS X, the operating system automatically unlocks your keychain for your convenience. This means that you don’t have to enter your login password every time you want to use your stored passwords.

Proof of concept code here:

Kon-Boot for Mac

September 3rd, 2012 by admin in Apple, Privilege Escalation

Kon-Boot fo Apple Mac OSX systems allows the user to login into the system without knowing the previous passwords and user names. Kon-Boot will create a new “root” account (user:kon-boot pass: kon-boot)


Kon-Boot 2.1 is out

September 3rd, 2012 by admin in Apple, Privilege Escalation, windows

What’s new in version V2.1?
– Windows 8 support (only standard BIOS, no EFI support)
– Sticky keys feature (allows user to spawn a console window with system admin rights before the user is logged in)


CMOS De-Animator

July 2nd, 2012 by admin in BIOS, Privilege Escalation, windows

Sometimes when you can’t enter the BIOS because there is a password, but you can still boot into windows, you can try to use CMOS De-Animator to clear the BIOS settings. Works on both 32 and 64 bit. In the event that it doesn’t work try to use our BIOS password recovery service. CMOS De-Animator can be downloaded from the author’s website ::HERE::

Quarks PwDump

May 22nd, 2012 by admin in cracking, Password Info, Privilege Escalation

Quarks PwDump is new open source tool to dump various types of Windows credentials:

It currently extracts :

  • Local accounts NT/LM hashes + history
  • Domain accounts NT/LM hashes + history
  • Cached domain password
  • Bitlocker recovery information (recovery passwords & key packages)

The tool is currently dedicated to work live on operating systems without injecting in any process, limiting the risk of undermining their integrity or stability. it requires administrator’s privileges and is still in beta test. more info

Windows Credentials Editor (WCE) 1.3 x64 released

March 14th, 2012 by admin in cracking, Password Info, Privilege Escalation, windows

Windows Credentials Editor (WCE) allows to list logon sessions and add, change, list and delete associated credentials (ex.: LM/NT hashes and Kerberos tickets). This can be used, for example, to perform pass-the-hash on Windows, obtain NT/LM hashes from memory (from interactive logons, services, remote desktop connections, etc.) which can be used to perform further attacks, obtain Kerberos tickets and reuse them in other Windows or Unix systems. Also dumps passwords in plain-text without the need to crack the hashes. Supports Windows XP, 2003, Vista, 7 and 2008.

Current Version: WCE v1.3beta (32-bit) (download) – WCE v1.3beta (64-bit) (download)

Frequently Asked Questions (FAQ) available here.

« Previous ArticleNext Article »