Category Archives: cracking

Wep encryption ban

With the immense amount of security updates forced onto our dear os’s each day, you’d really wonder why one of those updates hasn’t completely banned wep encryption keys for securing wifi networks. This is now 2014, the wep keys have been and can be broken so easily and faster than before (we’re talking 20 secs to a few minutes..) that they shouldn’t be allowed for further use. And yet today anyone can just walk the streets and easily find targets to sniff and crack:

$ airport en0 scan | grep WEP

wagamama 6c:f3:7f:56:71:d0 -85 36 N GB WEP
wBALHRT5 00:0b:86:e6:4a:22 -74 11 N GB WEP
wBALHRT5 00:0b:86:dc:1f:01 -78 13 N -- WEP
wBALHRT5 00:0b:86:dc:1f:11 -85 36 N GB WEP

Bypass wifi time limits

I’m currently sitting in terminal 5 of the heathrow airport finishing a blueberry muffin while waiting for my corresponding flight back home once again, as I want to reconnect to the digital world, I am greeted with a 30-minute limit of free wifi. It seems like it is becoming a global trend in coffee shops and other public places nowadays. Anyways here is the procedure to circumvent such limits by spoofing your mac address:

On a mac/linux:
ifconfig to find the status: active network interface. On the latest pros and airs, it should be en0. Note the mac address somewhere to revert back once the operation is complete.

sudo ifconfig en0 ether [new_mac]
sudo ifconfig en0 down
sudo ifconfig en0 up

On a win7/win8:
Seems like microsoft forces you to use one of those mac addresses:

X2-XX-XX-XX-XX-XX
X6-XX-XX-XX-XX-XX
XA-XX-XX-XX-XX-XX
XE-XX-XX-XX-XX-XX

You can change mac address by simply using a program like http://lizardsystems.com/downloads/changemac_setup.exe

How to crack windows passwords in 5 minutes

I’ve been meaning to write about this for a long time. Windows 7 at its core has a huge security flaw that can easily be exploited to log into any machine you have physical access to.

It all starts at the password-protected login screen (winlogon.exe). There you find 2 important information:
– The user names
– The accessibility shortcuts still work (try hitting leftalt+leftshift+printscr from the login screen)

To enable those, winlogon.exe executes another exe: sethc.exe (you may have already the sticky-keys dialog popup that it triggers)

The flaw comes from the fact that winlogon executes c:\windows\system32\sethc.exe no matter what the file actually is.
If you can replace that file with a command prompt, this means that you can access the prompt from the login screen.
this can easily be exploited to change the user’s password and bypass the login screen:

Anyways, here is the 5 minutes procedure:
1/ Reset the computer, hit F8 for boot options and select “Repair your computer”
2/ Start a Command Prompt
3/ Make a backup of sethc.exe:
move c:\windows\system32\sethc.exe c:\windows\system32\sethc.exe.bck
4/ Copy your cmd prompt:
copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe
5/ Restart computer
6/ At login screen, trigger the sticky keys helper (ie. sethc.exe) by hitting shift 5 times
7/ With the new prompt, change the password:
net user [username] [pasword]

Don’t forget to restore the original sethc.exe file once you are done.

The downside of this method is, of course, the fact that you need physical access to the machine.
Still, the flaw has been existing for so long you wonder how come it’s still not patched up…