Jan 9, 2015

Howto: Reset Windows Server 2012 Password

1. Boot into Windows Server 2012 DVD

2. Choose Repair your computer -> Troubleshoot -> Command Line

3.  Replace utilman.exe with cmd.exe
> d:
> cd Windows/System32/
> ren Utilman.exe to Utilman.exe.old
> copy cmd.exe Utilman.exe

4. Close Command Line

5. Choose Continue

6. Reboot into Windows Server 2012

7. Press "Windows + U"

8. When Command Line Popup, use command to change password
> net user administrator your-new-password

9. Login and have a nice day :)

If you like my blog, Please Donate Me

Or Click The Banner For Support Me.

AIX For Penetration Testing

Link: http://t.co/OGOp3Pkeab


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: LINSET - FakeAP for hacking WPA/WPA2

How it works

  • Scan the networks.
  • Select network.
  • Capture handshake (can be used without handshake)
  • We choose one of several web interfaces tailored for me (thanks to the collaboration of the users)
  • Mounts one FakeAP imitating the original
  • A DHCP server is created on FakeAP
  • It creates a DNS server to redirect all requests to the Host
  • The web server with the selected interface is launched
  • The mechanism is launched to check the validity of the passwords that will be introduced
  • It deauthentificate all users of the network, hoping to connect to FakeAP and enter the password.
  • The attack will stop after the correct password checking
Source:: hack-tools.blackploit.com/2015/01/linset-wpawpa2-hack-without-brute-force.html

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Tools: SPARTA - Network Enumeration Tool

What is SPARTA?

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analysing results.


– Run nmap from SPARTA or import nmap XML output.
– Transparent staged nmap: get results quickly and achieve thorough coverage.
– Configurable context menu for each service. You can configure what to run on discovered services. Any tool that can be run from a terminal, can be run from SPARTA.
– You can run any script or tool on a service across all the hosts in scope, just with a click of the mouse.
– Define automated tasks for services (ie. Run nikto on every HTTP service, or sslscan on every ssl service).
– Default credentials check for most common services. Of course, this can also be configured to run automatically.
– Identify password reuse on the tested infrastructure. If any usernames/passwords are found by Hydra they are stored in internal wordlists which can then be used on other targets in the same network (breaking news: sysadmins reuse passwords).
– Ability to mark hosts that you have already worked on so that you don’t waste time looking at them again.
– Website screenshot taker so that you don’t waste time on less interesting web servers.

Source:: http://sparta.secforce.com/

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jan 7, 2015

Large Collection of Android Malware

Link:: http://www.androidsandbox.net/samples/01.2015/


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Videos: 31c3 congress videos

Link: http://mirror.us.oneandone.net/projects/media.ccc.de/congress/2014/h264-hd/?mc_cid=cccfc3e021&mc_eid=29cd22f889


If you like my blog, Please Donate Me
Or Click The Banner For Support Me.

Jan 4, 2015

Tools: iSpy - Reverse Engineering Framework for iOS

iSpy aims to be your one-stop-shop for reverse engineering and dynamic analysis of iOS applications. Features :
– Easy to use Web GUI
– Class dumps
– Instance tracking
– Automatic jailbreak-detection bypasses
– Automatic SSL certificate pinning bypasses
– Re-implemented objc_msgSend for logging and tracing function calls in realtime
– Cycript integration; access Cycript from your browser!
– Anti-anti-method swizzling
– Automatic detection of vulnerable function calls
– Easy to use soft-breakpoints

The current release is a developer preview; code is subject to change, and will be unstable. However, we appreciate code contributions, feature requests, and bug reports. We currently do not have binary releases, stay tuned!
Injecting iSpy :
1. Once iSpy is installed onto your device open the Settings application and you should see a new entry for iSpy. Enable the iSpy Global On/Off if it is disabled. From this panel you can also enable hooks for SSL Certificate Pinning, change web server settings, and optional features.
2. From here go to Select Target Apps and enable the switch for whichever applications you want to inject iSpy into.
3. Open any of the selected applications and you should see a Showtime overlay message in the upper right as the application loads, this indicates that iSpy was successfully injected into the process.
4. Open your browser and go to http://<iPad IP Address>:31337, note that the default port is 31337 but can be optionally changed in the iOS Settings. If iSpy fails to bind to the desired port it will increment the port number until it successfully finds an unbound port to use; you can see this activity in the Xcode console. We also recommend forwarding your TCP connections over USB using the iPhone Data Protection Suite’s tcprelay.sh script.
5. Have fun!

Prerequisites :
+ Xcode 5+ running on OSX 10.8+
+ Any jailbroken iOS device running: 32bit iOS 6, 7, or 8
Other versions may work but have not been tested

Source:: http://seclist.us/ispy-a-reverse-engineering-framework-for-ios.html

If you like my blog, Please Donate Me
Or Click The Banner For Support Me.