PaulSpoerry.com

A rather silly “trick” ( and really that’s all it is, has been making headlines over the last few days. From what I can tell it was really brought to the forefront by Ina Fried from CNET who says:

“By creating a new folder in Windows 7 and renaming it with a certain text string at the end, users are able to have a single place to do everything from changing the look of the mouse pointer to making a new hard drive partition.”

So somebody decided to call this “God Mode” because to enable this “trick” you make a folder called GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} and double-click on it. What you end up with is… drum roll… the control panel; it’s just in a different view than you’d normally see.

First of all, the text ”GodMode” has nothing to do with making the trick work. You can call the folder “IFreakinRawk.{ED7BA470-8E54-465E-825C-99712043E01C}” and now you’ve discovered the magical “IFreakinRawk” feature hidden in Windows.

In reality all you have discovered is:

A documented feature of the shell. Folders can be easily made into ‘namespace junctions’. The whole thing is described on MSDN. Basically, any folder named <DisplayName>.<CLSID> will show up with just the <DisplayName> portion visible in Explorer, and navigating into the folder will take you to the namespace root defined by the <CLSID> portion of the name. This isn’t for USERS, it’s really more of a developer feature.

The second thing is that it’s really the “All Tasks” folder. This is a special shell folder which is used as the source of the “Control Panel” search results seen in the Start menu. This folder was not designed to be browsed to directly, as the normal Control Panel folder (accessible via Start -> Control Panel) contains all the same items but with a custom view designed to be easier to navigate. The “All Tasks” folder has no custom view, so you just see the standard Explorer list view and little else.

The existence of this folder and its CLSID are implementation details and should not be relied upon by anybody for any purpose.

The Evil Maid Attack is an attack type against whole system disk encryption in a form of a small bootable USB stick image that allows to perform the attack in an easy “plug-and-play” way. The whole infection process takes about 1 minute, and it’s well suited to be used by hotel maids.

The Invisible Things blog goes into great detail on how most whole disk encryption is vulnerable in a relatively simple way. The scenario we consider is when somebody left an encrypted laptop e.g. in a hotel room. Let’s assume the laptop uses full disk encryption like e.g. this provided by TrueCrypt or PGP Whole Disk Encryption. Many people believe, including some well known security experts, that it is advisable to fully power down your laptop when you use full disk encryption in order to prevent attacks via FireWire/PCMCIA or ”Coldboot” attacks.  So, let’s assume we have a reasonably paranoid user, that uses a full disk encryption on his or her laptop, and also powers it down every time they leave it alone in a hotel room, or somewhere else.

Now, this is where our Evil Maid stick comes into play. All the attacker needs to do is to sneak into the user’s hotel room and boot the laptop from the Evil Maid USB Stick. After some 1-2 minutes, the target laptop’s gets infected with Evil Maid Sniffer that will record the disk encryption passphrase when the user enters it next time. As any smart user might have guessed already, this part is ideally suited to be performed by hotel maids, or people pretending to be them.

So, after our victim gets back to the hotel room and powers up his or her laptop, the passphrase will be recorded and e.g. stored somewhere on the disk, or maybe transmitted over the network (not implemented in current version).

Now we can safely steal/confiscate the user’s laptop, as we know how to decrypt it. End of story.

Read the rest of this entry »

Image via Wikipedia

I never realized the it was even easier to replace a lost (or to hack a machine given you have physical access) a Linux machine. Jason Striegel posted this example over at Hackszine.com on how to reset a lost Ubuntu password. It’s surprisingly simple to reset, simply follow the steps outlined below. Here’s how to do it on a typical Ubuntu machine with the GRUB bootloader:

Boot Linux into single-user mode

1. Reboot the machine.
2. Press the ESC key while GRUB is loading to enter the menu.
3. If there is a ‘recovery mode’ option, select it and press ‘b’ to boot into single user mode.
4. Otherwise, the default boot configuration should be selected. Press ‘e’ to edit it.
5. Highlight the line that begins with ‘kernel’. Press ‘e’ again to edit this line.
6. At the end of the line, add an additional parameter: ’single’. Hit return to make the change and press ‘b’ to boot.

Change the admin password
The system should load into single user mode and you’ll be left at the command line automatically logged in as root. Type ‘passwd’ to change the root password or ‘passwd someuser’ to change the password for your “someuser” admin account.

Reboot

That’s it, just reboot into your normal configuration with the new root password.

Darknet has released it’s list for the Top 15 Security/Hacking Tools and Utilities. Many of these I’ve seen before and should be familiar to a lot of people, but there may be a few nuggets you haven’t seen before.

Topic include network scanning, wireless security, password cracking, etc. It’s really a great list so check’em out.

Read the rest of this entry »

Why hack Windows passwords when you can simply create yourself a new Administrator account?

In a previous post I showed how you can use an Ophcrack Live CD to crack Windows passwords in minutes. It works, I’ve done it before and it really works. The free, open source Ophcrack Live CD is a Windows account password cracking tool designed to help you recover lost Windows passwords. Quite a few people have sent me emails or chatted me via my website saying “I forgot my password”, or “my kid locked himself out of his pc”. I’m unsure if that’s really the case or if they were just looking for a way to crack Windows passwords. However, if that is really the case there is potentially a much faster way to resolve your issue… just create a new Administrator account!

To create a new Administrator account you’ll want to grab a copy of the Offensive Security’s BackTrack Live CD which can be found here.

What is BackTrack?

BackTrack is the result of the merging of two Innovative Penetration Testing live Linux distributions – Whax and Auditor. BackTrack has been dubbed as the best Security Live CD today, and has been rated 1st in its category, and 32nd overall in Insecure.org. Based on SLAX (Slackware), BackTrack provides user modularity. This means the distribution can be easily customised by the user to include personal scripts, additional tools, customized kernels, etc.

BackTrack Terminal Window

Here’s a quick and dirty way to make a new user account.

Boot into Backtrack and open a shell prompt:

• cd /mnt (change directory to mounted drives)

• ls (get the list of mounted drives)

• cd sda1 (sda1 is the main hard drive)

• cd Windows/ (change to the windows directory)

• cd System32/ (change to the system directory)

• mv Utilman.exe Utilman.old (backup original file)

• cp cmd.exe Utilman.exe (copy cmd.exe as utilman.exe)

• reboot

Once rebooted, at vista logon screen do the following:

• Press Windows key + U

• To invoke Utility Manager ( A.K.A. CMD.exe)

• Cmd.exe will spawn with ‘System’ privileges.

• c:\>net user S00perAdmin mypassword /add

• c:\>net localgroup administrators S00perAdmin /add

• Reboot and log in with your newly added Admin account

There ya go… now instead of needing to “crack” you “lost” password you can simply create a new Administrator account, login with that and then change the lost accounts password to what you want it to be.