NetworkPasswordDecryptor is the free tool to instantly recover the network passwords stored in the ‘Credential Store’ of Windows. Not only Windows uses it to store network authentication passwords, but also other applications such as Outlook, Windows Live Messenger, Remote Destktop, Gmail Notifier etc uses it for storing their login passwords.

NetworkPasswordDecryptor can recover following passwords on all versions of Windows starting from XP to Windows 7.

• All network authentication passwords.
• Basic/Digest authentication passwords stored by Internet Explorer
• Google login password stored by GMail Notifier
• Remote Desktop stored passwords.
• Exchange server login passwords stored by Outlook.
• Login passwords of Windows Live Messenger

To understand how NetworkPasswordDecryptor decrypts these network passwords,  refer to following research article

‘Exposing the Secret of Decrypting Network  Passwords’

This research article presents the crypto techniques required to decode and decrypt all such network based passwords from Windows ‘Credential Store’.

.

Here comes the Google’s turn to offer bounty for hackers finding bugs in Chrome. As per the latest post “Encouraging More Chromium Security Research” on its official blog of Chrome,  Google has decided to follow the practice of Microsoft and other organizations to reward the security researchers.

For every Security vulnerability found in Chrome,  Google will be offering cash reward of $500 and  if that bug turns out to be critical then it can go upto $1337 (magic number ).  Even more, Google is willing to offer permanent position for security researcher in its Mountain View office at CA.

This is wise step from Google to get the attention of security researchers and make them work for its products.

However I wonder when third party organizations such as iDefense, Tipping Point offering bigger bounties for hackers why some one will settle for mere $500 …!

Windows uses registry to store every user and policy configuration on the system. One can directly tweak anything in the registry to alter any of the  system settings. However not all registry keys are visible when viewed through default registry editor (regedit.exe).  Especially some of the security and core system related keys are hidden from user. Even administrator cannot see these special keys.

Here are some of the such hidden registry keys

HKEY_LOCAL_MACHINE\SECURITY

HKEY_LOCAL_MACHINE\SAM

SECURITY registry key stores all the system policy and LSA secrets related information.  SAM registry key has details for user accounts along with LM/NTLM password hashes for each user.

There are many ways we can view these hidden registry keys. We can use psexec.exe tool (part of pstools package from sysinternals) to launch the regedit.exe as system account as shown below.

psexec.exe -s -i regedit.exe

Here is the screenshot showing the hidden SAM accounts through registry editor running under system account.

Another way to view these hidden keys is through IceSword, the antirootkit tool.  This beautiful tool comes with powerful registry editor using which all these hidden registry keys can be discovered easily.

Here is the screenshot below which shows Security registry key through IceSword.

.

Some times back I have written article on using Rainbow crack to recover windows passwords. This article explains how one can crack any windows user passwords in seconds instead of regular brute force approach.

In short, Rainbow crack involves comparing the password hash with precomputed hash tables called rainbow tables to find the matching plain text password.  As it involves just look up process instead of on the fly brute force cracking, it takes very very less time to crack the password.

To recover the password, you just need to retrieve the password hash as explained in this article and submit it to online rainbow cracking service.

There are lot of websites which offer free online rainbow cracking services.Here are few good ones…..

http://cracker.offensive-security.com/index.php (best one)
http://lmcrack.com/
http://cracker.offensive-security.com/index.php
http://plain-text.info/add/
http://hashcrack.com/index.php
http://www.milw0rm.com/cracker/insert.php

Now you don’t have to wait for days together with half hope to get back your lost password

.

“Man without tools is animal and with tools he is everything”. Till today the quote applies to every field man has set his footprints in. Man has created tools for everything to make every small job easier & quicker.

Now we have tool for Social Engineering too. This new tool is called Social-Engineering Toolkit (in short SET) which aims to automate the social engineering attacks through mass email & web attacks. Within few steps attacker will be able to launch smart attacks with high chance of success. SET works on top of Metasploit, a popular penetration testing framework, using its exploit payloads and launch pad.

To demonstrate its effectiveness, Nishant has created this video which shows how easy it is to launch such social engineering attack with high returns

In this video, attacker sends the emails to victims using SET tool which contains vulnerable PDF attachment and tiny URL pointing to malicious link. So once victim opens up this PDF document, it automatically connects back to attacker’s machine giving full access to the victim’s system. If victim is lazy enough to open PDF document (as he is human being too ), he will be curious to open malicious URL which is obscured by tiny URL leading to successful attack.

At the end of the day, there is always a Zero Day because of Human Stupidity…!

.

Here is the another good book in the field of penetration testing. Unlike other books which aims only at the technical aspects of Penetration testing, this one explains every step involved in the making of a Professional Pentester.

Rather than just teaching how to use the existing tools,  it does more splendid job of showcasing the life cycle of pentester which starts with learning,  experimenting with own lab setup, live pen-testing and finally presenting the results in informative manner.

Below is the ‘Table of Contents’ …

Part I – Setting Up

Chapter 1: Introduction
Chapter 2: Ethics and Hacking
Chapter 3: Hacking as a Career
Chapter 4: Setting up Your Lab
Chapter 5: Creating and Using PenTest Targets in Your Lab
Chapter 6: Methodologies
Chapter 7: PenTest Metrics
Chapter 8: Management of a PenTest

PartII – Running a PenTest

Chapter 9: Information Gathering
Chapter 10: Vulnerability Identification
Chapter 11: Vulnerability Verification
Chapter 12: Compromising a System and Privilege Escalation
Chapter 13: Maintaining Access
Chapter 14: Covering Your Tracks

Part III – Wrapping Everything Up

Chapter 15: Reporting Results
Chapter 16: Archiving Data
Chapter 17: Cleaning Up Your Lab
Chapter 18: Planning for Your Next PenTest

First part of the book focuses on learning aspects such as gathering knowledge, setting up lab and in-house practicing.  Second part covers more of technical aspects from successful exploitation to covering the tracks and third part finishes with presentation of pentesting results.

This book is aimed at everyone from beginner to advanced practitioners in the field of penetration testing. It also comes with very useful DVD which contains live illustrations and real time simulations of hacker scenarios which makes learning process more faster.

In short,  this is a must read book for anyone seriously willing to pursue his/her career as Pentester

.

ProcNetMonitor, the tool for monitoring process network ports is supported for Windows 7 now.  Newer version comes with enhanced user interface along with minor bug fixes.

In short, ProcNetMonitor makes it easy to quickly analyze network activity of all running processes. It has advanced color based auto analysis system to make it easy to distinguish network oriented processes from others with just one glance at the list. Also its ‘Port Finder’ feature allows for fast port lookup among running processes.

For more information and to download the latest version, please visit the ProcNetMonitor page.

.

Operation Aurora – The well targeted attack under which top companies including Google got hacked through the zero day vulnerability. Google has released separate statement recently illustrating nature of the attack vectors and motives of the attacker.

In this attack which believed to be originated from China, the zero day (not publicly known) vulnerability in Internet Explorer was used. The attacker sent the social engineered emails to couple of individuals in the company prompting them to open malicious website. Once the user has visited the malicious content, it opened reverse TCP connection to the attacker’s machine leading to complete take over of the victim’s system. Attacker then used this connection to further compromise the corporate boundaries and gather confidential data. Similar attack was against other corporate leading to breach of confidential information.

On Friday, Microsoft has released separate advisory confirming this zero day vulnerability in Internet Explorer. Though there is no patch against it, there are couple of factors such as DEP, IE Protected mode, restricted mode which mitigates this attack to certain extent.

Here is the video demonstration created by Nishant showing this zero day attack even on the fully patched machine with Norton 2010 protection

With no protection and availability of ready to launch exploit code on Metasploit, there will be more successful attacks on the cards.

With employees at Google coming under such a social engineered attack,  only God can save the common people

.

ProcHeapViewer, the fastest tool to scan and enumerate process heaps now ships for Windows 7.  The new version also comes with enhanced user interface with cool look & feel.

For more information and download, please visit the ProcHeapViewer page here.

.

M$ has announced its first critical security vulnerability of the year 2010 in its Tuesday patch release. This is the vulnerability in the OpenType font engine embedded in the client applications which can lead to remote code execution leading to complete control of the system.

As per the bulletin, the attack can be simulated by opening the malicious content with specially crafted opentype font using applications such as IE or any of the office applications.

This vulnerability also exists in the latest operating system, Windows 7 too. It is marked as critical for Windows 2000 and set as low priority for other Operating systems.

Interestingly this critical security vulnerability was reported by Google, the Microsoft’s No.1 enemy

.