Over this past week I had a job come in the shop of a Sony Vaio laptop that had a bad motherboard. I had searched on Ebay for a cheap buy and settled on someone who had the same motherboard for about $100 less than anyone else. When I received the motherboard I promptly installed it , upon powering it up I was faced with a password prompt. Dammit! The motherboard had a BIOS password that wasn’t mentioned in the auction. Now being that I know most known methods for bypassing BIOS passwords, Sony has no known method of removing the password. I talked to a few friends and was forwarded to http://spunlock.com .

I was a bit weary at first about paying for a service , but the customer needed their laptop back that day to go on a trip. So getting the customer’s O.K. I purchased the BIOS cracking service.In order to get the correct challenge response BIOS code for most laptops you needs to enter the password incorrectly 3 times, after the third time , the BIOs should spit back a challenge code, this is what they need in order to crack the code.

After sending the payment and challenge code,much to my amazement 1 1/2 hours later I was opening an email with my code to remove the BIOS password. I punched it in and I was now watching Windows starting up. Spunlock has BIOS cracking support for many laptop brands like Dell,Fujitsu,Sony (of course) and more. So for you Techs and others who got burned on ebay, or people who simply forgot their password , give them a shot, you have nothing to lose, Don’t forget to mention whatsmypass.com in your email to them 🙂

ACER:SOME
ADVENT:SOME
ASUS:SOME
COMPAQ:SOME
DELL:ALL + 2A7B
E-SYSTEM:SOME
FUJITSU SIEMENS:ALL
HP:SOME
PACKARD BELL:SOME
PHILLIPS:SOME
SAMSUNG:SOME
SONY VAIO:ALL
TOSHIBA:SOME

One effective way of assessing password strength is to try and crack them, and as most of you probably know, dictionary attack is the simplest yet formidable technique for cracking passwords. Sébastien Raveau generated a quick & dirty wordlist from Wikipedia in a dozen of languages. It helped quickly crack countless passwords, a lot of which bruteforcing would never get to. The wordlist download can be found at his blog

A free Oracle password cracker written completely in PL/SQL. It is not the intention to replace the fast C based crackers such as woraauthbf but instead to suppliment it and to promote the need to check for weak passwords in customer databases but allow the customer to have a safe and easy method to do it that doesn’t involve downloading binaries, oracle clients, ssl dlls and more.
More info can be found at the author site.
http://www.petefinnigan.com/oracle_password_cracker.htm

Enforcing password security with a multiple-user system can be a hassle — users all too often use inadequate passwords. john-the-ripper (also available via most distros) is a password-cracking tool that enables the identification of vulnerable passwords before someone with nefarious intentions finds the weakness.
(more…)

There are several ways to obtain password hashes, depending on their location and existing access. Password hashes can be obtained from SAM file or its backup, directly from local or remote computer registry, from registry or Active Directory on local or remote computer by means of DLL injection, from a network sniffer. The SAM file located in the %SystemRoot%\system32\config directory or %SystemRoot%\repair directory. It is also possible to recover the password itself from memory.

Here’s a few free tools to help you recover lost/unknown Windows passwords, most come with the source code included. (more…)