illmob.org

10 ways of resetting a lost linux root password

April 22nd, 2009 by Dev Team in Linux, Privilege Escalation

via: handlewithlinux.com

A good password has the problem of being difficult to remember. And sometimes you might need to get in to a system where the root password is long forgotten (or left with the system administrator before you).
Luckily there are ways of getting access to systems without having the password. This is of course in a sense also a security risk. That’s why you should always be aware that having unattended physical access to a computer system means the same as having root access to the operating system. Unless the information on a system is encrypted, it’s only as save as the room it’s in.

The method to use to reset the password if you lost the root (or only) password depends on the configuration of your system. But it mostly comes down to two separate tasks:

– get write access to the root partition

– change the password/circumvent control

Here are some things you can try from easy to more complicated. (more…)

Saved Password Locations

November 25th, 2008 by admin in Firefox, Password Info, Trillian, windows, Yahoo

Many people ask about the location in the Registry or file system that applications store the passwords. Here is a list of password storage locations for popular applications compiled by Nir Sofer.
Be aware that even if you know the location of the saved password, it doesn’t mean that you can move it from one computer to another. many applications store the passwords in a way that prevent you from moving them to another computer or user profile. (more…)

WPA Wi-Fi encryption is cracked

November 6th, 2008 by admin in News, Wireless

Security researchers say they’ve developed a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks.

The attack, described as the first practical attack on WPA, will be discussed at the PacSec conference in Tokyo next week. There, researcher Erik Tews will show how he was able to crack WPA encryption, in order to read data being sent from a router to a laptop computer. The attack could also be used to send bogus information to a client connected to the router.
(more…)

WIFI Cracking Using GPUs

October 10th, 2008 by admin in News, Password Info, Wireless

We all know cracking techniques through graphics cards speciifically CUDA based NVidia is on the rise. Now the programmers have set their sights on WIFI cracking. One group reportedly bored through WPA and WPA2 encryptions using a brute-force technique juiced with one of Nvidia’s latest graphics cards . The card supposedly made the “password recovery” process up to 10,000 percent faster than CPU-based cracking. (more…)

McAfee SafeBoot Device Encryption Plain Text Password Disclosure

September 25th, 2008 by admin in News, Password Info

The password checking routine of SafeBoot Device Encryption fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users.
(more…)

How Google Chrome Stores Passwords

September 15th, 2008 by Dev Team in Uncategorized

Every browser released in the last decade has some sort of password management system, and Google Chrome is no different. Sift through the Chrome source code, released under the open source project Chromium, and you’ll found out how they do it.

Let’s start at the top and work our way down. Any time a password is saved, you’re first prompted with the save password bar.
(more…)

Recovering Internet Explorer Passwords: Theory and Practice

July 6th, 2008 by Dev Team in News, Password Info, windows

Brief introduction on how Internet Explorer stores its passwords

(more…)

How To Crack WEP and WPA

June 29th, 2008 by Dev Team in Password Info, Wireless
What else are you gonna do next Friday night? Play Counter Strike?
What else are you gonna do next Friday night? Play Counter Strike?

(more…)

Trillian Passwords

March 27th, 2008 by Dev Team in News, Trillian

The trillian passwords are stored separately in .ini files (i.e. msn.ini,yahoo.ini aim.ini etc). These are stored in your trillian directory (usually c:\program files\trillian\) in the “users” folder.

Within the users folder, the ini files will either be in a folder called “default” or a folder named after your username.

c:\program files\trillian\users\default\msn.ini (more…)

Yahoo Messenger

March 27th, 2008 by Dev Team in Password Info, Yahoo

The old Yahoo Messenger, i think prior to 7.0 ,used to keep the encrypted password in the registry HKEY_CURRENT_USER\Software\Yahoo\Pager under a key called
“EOptions String” this can be decrypted by using Yahoo’s own dll located in the Yahoo Install directory “ycrwin32.dll” (more…)