WPS Pixie Dust Attack

I have written about the flaw in the WPS system a few times. But a new WPS flaw has surfaced, which enables offline brute forcing of the WPS PIN, also called WPS Pixie Dust Attack. When the Registrar (the client computer) wants to connect to the Enrollee (the Access Point) they … Continue reading

Share Button

Mimikatz

Stored user credentials in Windows are normally not visible in plaintext for obvious reasons. But Windows stores the password in plaintext in the Local Security Authority Subsystem Service (LSASS) for some functions like HTTP Digest Authentication to work. So this French guy called Benjamin Delpy, create the application Mimikatz to … Continue reading

Share Button

Local File Inclusion & Remote Command Execution

Local File Inclusion (LFI) is an exploit, which involves gaining access to local system files of a web server, though a website. The vulnerability occurs when a website does not have proper validating on which files it can and cannot include. From an attackers point of view the gold of … Continue reading

Share Button

MS12-020 RDP Vulnerability PoC & Analysis

In March 2012 a security breach was released regarding a vulnerability in the Remote Desktop Protocol (RDP). The vulnerability related to almost all Windows platforms, and was later released under CVE-2012-0002 and MS12-020 In short, the vulnerability enables an attacker to send a sequence of specially crafted RDP packets, which … Continue reading

Share Button

ActivPasswordChanger

In a former tutorial, I showed how to hack Windows 7 Account Password without any tools at all. In that tutorial I mentioned that there also where tools available to do this. Since I just lost the password to one of my virtual machines, I decided to make a quick … Continue reading

Share Button

Defacing and Cookie Stealing with Cross-site scripting

In a cross-site scripting attack (XSS), the attacker inject scripts into input forms, search fields or site URLs, in order to make a website do different tasks when viewed by users. The object of this tutorial is to show the dangers of XSS attacks, why you should never trust user … Continue reading

Share Button

Hack TDC HomeBox in seconds

In one of my previous posts I explained a little bit about the flaw in the WPS system and how to exploit it. To summarize the flaw in the WPS enabled you to bruteforce the eight-digit pin code, and thereby get access to a otherwise secured wireless network. In the … Continue reading

Share Button

Hack Ubuntu Account Password

In the tutorial Hack Windows 7 Account Password, I showed that having a account password on a Windows computer does not mean that it is unbreakable. In this tutorial, we are going to have a look at how to do something similar on the Linux based system – Ubuntu, by … Continue reading

Share Button

Hack Windows 7 Account Password

The password protection in Windows is a good precaution against nosy individuals. But really it is not that safe. If someone really want to get access to a password protected Windows computer – they probably will. There are software out there to help you do this, but with the right … Continue reading

Share Button

Wardriving with WigleWifi

I was reading about the case where Google Street View cars recorded a lot of data flooding around the air while photographing for the Street view project. As far as I understand, they got in to trouble because the picked up some unencrypted personal data, like mails etc. However, the … Continue reading

Share Button