Sony’s PlayStation Network Hacked — Credit Card Data Likely Compromised

Posted on April 26, 2011 by Mark Marshall in Main | 1 Comment

Sony’s PlayStation Network (PSN) online gaming network has been compromised in what Sony is calling an “illegal and unauthorized intrusion”. Some 77 million users subscribe to this service and it sounds like they’ve all had their information stolen. Information about PSN subscribers that Sony has confirmed to have been compromised includes: Name Address Country Email address PSN password and login name What Sony has not released yet (and this is the big one) is whether credit card numbers and expiration dates have … →

Get a Meterpreter Shell Using SMB Credentials

Posted on March 15, 2011 by Mark Marshall in Main | 1 Comment

The Meterpreter shell in Metasploit is a fantastic way to interact with a compromised box. It runs entirely in memory and leaves no trace of itself after you disconnect, allowing you to pillage and plunder cleanly without leaving any tracks. I find myself using it fairly frequently against Windows machines that I’ve already gotten credentials for via some other means. In those cases it doesn’t make sense to use an actual exploit to get a Meterpreter shell going. Use the … →

Managing Windows User Accounts via the Commandline

Posted on March 3, 2011 by Mark Marshall in Main | Leave a comment

Just hacked a box on a penetration test but can’t get a Meterpreter shell on it for some reason? Add yourself a new account quickly with these easy commands. Works on all current versions of Windows (assuming you’ve got an admin-level account). Add local account of goat with password of T@styHay! net user /add goat T@styHay! Now add the goat account to the local administrators group net localgroup administrators /add goat View members of the local administrators group and make … →

Disable Storage of the LM Hash

Posted on February 1, 2011 by Mark Marshall in Main | Leave a comment

The LM hash is a horrifying relic left over from the dark ages of Windows 95. Also known as the LanMan, or LAN Manager hash, it is enabled by default on all Windows client and server versions up to Windows Server 2008 where it was finally turned off by default (thank you Microsoft). So what’s wrong with the LM hash? Lets look at exactly how the LM hash is computed, via Wikipedia: The user’s ASCII password is converted to uppercase. … →

Use an SSH Tunnel to Safely Browse the Internet While on the Go

Posted on January 13, 2011 by Mark Marshall in Main | Leave a comment

It’s a common scenario: you’re on the road – in an airport, at a hotel, at a coffee shop, at a hacker con – any number of locations and you need access to the Internet. There is generally WiFi at all of these locations. Some charge, some are free, but nearly all of them are insecure. Most people are at least somewhat aware of the insecurities of using a public wireless network to do sensitive things like online banking, checking … →

Creating an Acceptable Domain-Wide Password Policy

Posted on December 29, 2010 by Mark Marshall in Main | 1 Comment

Have a fresh Microsoft Windows 2003 or 2008 domain just deployed and don’t know where to start? Inherited a potentially questionable domain and looking for some basic things to check? Already know what you’re doing and want a sanity-check? Here are the recommended Password Policy settings to configure to try and creep towards that impossible balance of usability and security. All of these settings should be configured at the Default Domain Controllers OU level. Minimum Password Length This is an … →

L0phtCrack is back!

Posted on December 21, 2010 by Mark Marshall in Main | Leave a comment

L0phtCrack was one of the original and greatest hacking and auditing tools of the 90′s, essentially creating the modern LM/NTLM password auditing landscape. L0pht Heavy Industries – the creators of the tool – were instrumental in raising awareness of both the ease of cracking passwords as well the obviousness of how poorly people choose passwords. →

Gawker Hacked – Database Exposed

Posted on December 14, 2010 by Mark Marshall in Main | Leave a comment

Hackers have gotten a hold of the database containing usernames and passwords of roughly 1.4 million users who have posted a comment to the Gawker website or any of its popular affiliates, including lifehacker.com, gizmodo.com, jalopnik.com, jezebel.com, kotaku.com, deadspin.com and others. They are not keeping this database to themselves either. They’ve uploaded the entire thing to the public torrent tracker thepiratebay.org, including their rough analysis of the database, plaintext credentials for a number of Gawker employees, 200,000 decrypted passwords they’ve … →

» Mark Marshall