This is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API).
A non-exhaustive list of those recoverable secrets are :

* EFS certificates
* MSN Messenger credentials
* Internet Explorer form passwords
* Outlook passwords
* Google Talk credentials
* Google Chrome form passwords
* Wireless network keys (WEP key and WPA-PMK)
* Skype credentials

Of course you need to know the user’s current password, you can recover it from the SAM.
Download Here
You can also read an excellent article on the undocumented process of recovering DPAPI passwords here

Follow-up to yesterdays post. A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.

Forty-two percent of the passwords used lowercase letters from “a to z”; only 6 percent mixed alpha-numeric and other characters.
(more…)

GetKey 3.0 easily recovers Windows and Microsoft Office Product Keys. It also can recover the keys from a slaved/offline drive or run from a WindowsPE CD,such as BartsPE or Hiren’s BootDisk! It even decodes what type of Windows is installed on the offline drive by decoding the Microsoft Product Code and Channel ID, so if you have you’re a tech working on a dead system you can grab the right Windows CD to install. GetKey is written in pure assembly language, it’s fully portable and is only 14kb in size .

Software Requirements

• Processor: Pentium class or equivalent processor
• RAM: 64MB RAM recommended
• Hard Disk: 14kb free hard disk space
• Supported Operating System: Windows 98/ME/NT/2000/2003/XP/Vista/Win7 *32bit only!

We are offering this for only Only $4.99!! All proceeds go to supporting this site!

Office Scanner scans the registry for Microsoft Office product keys
and also has the option to scan an offline registry hive for keys, so if you have a clients computer that needs a re-install it’ll help you get their key from the slaved drive. You have the option to save the keys to a text file.
It’s portable and is only 9kb , written in assembly language.

It’s a donation-ware tool for commercial users so feel free to help out 😀
You can donate by clicking the about button then the paypal logo , it should send you to the paypal website.

Download Office Scanner 1.0

[downloadcounter(OfficeScanner)] downloads

Vbootkit 2.0 has now been made open-source under GPL license.

Indian security researchers have released proof-of-concept code that can be used to take over a computer running Microsoft’s upcoming Windows 7 operating system, despite earlier promising not to make the code public for fear it could be misused.

VBootkit 2.0 was developed by researchers Vipin Kumar and Nitin Kumar and is now available for download under an open-source license.
Vbootkit 2.0 currently only works on Windows 7 ( x64 edition ).

Download Vbootkit 2.0 source code

Vbootkit 2.0 Attacking Windows 7 (x64) via Boot Sectors presentation

VIA: nvlabs.in

Tools Needed : MDD pyCrypto Volatility 1.3 Beta Volatility Plugin from Moyix ManTech Memory DD (MDD) (http://www.mantech.com/msma/MDD.asp) is released under GPL by Mantech International. MDD is capable of copying the complete contents of memory on the following Microsoft Operating Systems: Windows 2000, Windows XP, Windows 2003 Server, Windows 2008 Server. After downloading MDD from the Mantech site you need to run (more…)

Please take note that this handy tip is intended to recover/regain a forgotten Vista Administrator password. It is not intended to illegally hacking into a Vista system that’s not owning by users who refer this guide!! It is also intended to inform Vista users about the method by which anyone can access their private accounts by cracking passwords….Thus anyone can hack into administrator account and bypass guest user restrictions…. Lets start… Steps to hack Windows Vista Administrator account password: (more…)

Many people ask about the location in the Registry or file system that applications store the passwords. Here is a list of password storage locations for popular applications compiled by Nir Sofer.
Be aware that even if you know the location of the saved password, it doesn’t mean that you can move it from one computer to another. many applications store the passwords in a way that prevent you from moving them to another computer or user profile. (more…)

If you haven’t been auto-updated yet make sure you do. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit.
http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx

http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx