How to Hack Windows Administrator Password

This hack will show you how to reset Windows administrator password (for Win 2000, XP, Vista and Win 7) at times when you forget it or when you want to gain access to a computer for which you do not know the password.

Most of us have experienced a situation where in we need to gain access to a computer which is password protected or at times we may forget the administrator password without which it becomes impossible to login to the computer. So here is an excellent hack using which you can reset the password or make the password empty (remove the password) so that you can gain administrator access to the computer. You can do this with a small tool called Offline NT Password & Registry Editor. This utility works offline, that means you need to shut down your computer and boot off your using a floppy disk, CD or USB device (such as pen drive). The tool has the following features.

• You do not need to know the old password to set a new one
• Will detect and offer to unlock locked or disabled out user accounts!
• There is also a registry editor and other registry utilities that works under linux/unix, and can be used for other things than password editing.

How it works?

Most Windows operating systems stores the login passwords and other encrypted passwords in a file called sam (Security Accounts Manager). This file can be usually found in \windows\system32\config. This file is a part of Windows registry and remains inaccessible as long as the OS is active. Hence it is necessary that you need to boot off your computer and access this sam file via boot. This tool intelligently gains access to this file and will reset/remove the password associated with administrator or any other account.

The download link for both CD and floppy drives along with the complete instructions is given below

Offline NT Password & Reg Editor Download

It is recommended that you download the CD version of the tool since floppy drive is outdated and doesn’t exist in today’s computer. Once you download you’ll get a bootable image which you need to burn it onto your CD. Now boot your computer from this CD and follow the screen instructions to reset the password.

Another simple way to reset non-administrator account passwords

Here is another simple way through which you can reset the password of any non-administrator accounts. The only requirement for this is that you need to have administrator privileges. Here is a step-by-step instruction to accomplish this task.

1. Open the command prompt (Start->Run->type cmd->Enter)

2. Now type net user and hit Enter

3. Now the system will show you a list of user accounts on the computer. Say for example you need to reset the password of the account by name John, then do as follows

4. Type net user John * and hit Enter. Now the system will ask you to enter the new password for the account. That’s it. Now you’ve successfully reset the password for John without knowing his old password.

So in this way you can reset the password of any Windows account at times when you forget it so that you need not re-install your OS for any reason. I hope this helps.

Pakistani National Response Center for Cyber Crimes Website Defaced

Pakistani National Response Center for Cyber Crimes Website Defaced - Hackers claim they downloaded the e-mail database too - Softpedia:

"The website of the Pakistani National Response Center for Cyber Crimes was defaced yesterday and hackers mocked the institution through a message on the first page. Furthermore, the attackers claim to have downloaded the database and emails stored on the server.

The National Response Center for Cyber Crimes (NR3C) is operated by the Federal Investigation Agency (FIA), Pakistan's equivalent of the FBI. The NR3C is similar to the FBI's Internet Crime Complain Center (IC3) as it provides a single point of contact for organizations to report matters related to cyber-crime. It also offers information security training to government, as well as private sector organizations.

The attack was claimed by someone associated with a hacking group called 'PAKbugs.' According to Web defacement archive Zone-H, during 2009, this group was responsible for similar attacks against 1,720 websites, some of them belonging to the Pakistani government.

'Your whole database and e-mails are leaked .... i was really excited to read, see what the [expletive] is private in here lOl,' part of the message left on the NR3C reads. 'I Guess, Federal Investigation Dept of Pakistan is in Wrong, Untalented Hands !!' the hacker says.

In a post on the pakbugs.com forum, a user named ZombiE_KsA, who identifies himself as one of the founders of the PAKbugs-Crew, has posted some screenshots to substantiate his claims. One of the pictures shows him logged into the cPanel Webmail administration interface on nr3c.gov.pk. Zone-H attributes a total of 168 defacements to ZombiE_KsA, out of which 62 are on high-profile websites.

'It seems that from an amateur penetration test a hacker has access at least to the full email database and possibly the backups, of a National Response Center for Cyber Crimes in a highly politically sensitive country. […] To say this hack has national security implications would not be overstating the matter,' writes Rik Ferguson, solutions architect at antivirus vendor Trend Micro.

It is worth pointing out that pakbugs.com was hacked too, back in September 2009. At the time, an unknown hacker made public a list containing the usernames, e-mail addresses and hashed passwords of all forum members. The PAKbugs forum is a well known cyber-crime hub where people exchange illegal information and programs."

Symantec Online Store Hacked

User passwords and product serial numbers potentially exposed

"A self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec. The flaw can be leveraged to extract a wealth of information from the database including customer and admin login credentials, product serial numbers, and possibly credit card information.

The flaw was found by a Romanian hacker going by the online handle of Unu, according to whom an insecure parameter of a script from the pcd.symantec.com website, allows for a blind SQL injection (SQLi) attack to be performed. In such an attack, the hacker obtains read and/or write permission to the underlying database of the vulnerable website.

During a regular SQLi attack, the result of a rogue SQL query is displayed inside the browser instead of the normal web page output. Meanwhile, in a blind SQL injection, the query executes, but the website continues to display normally, making it much more difficult to extract information.

The content of the pcd.symantec.com website is written in Japanese, but from what we could determine, it serves a product called Norton PC Doctor. Accessing most of the website's sections requires authentication, and in order to exploit the blind SQLi vulnerability, the hacker had to use a few specialized tools. The Web server appears to be running Windows Server 2000 as operating system, Microsoft IIS 6.0 with ASP support and Microsoft SQL Server 2002 as database back-end.

From the screen shots released by Unu there are many potentially interesting databases, but the one he chose to look at is called 'symantecstore.' One of the tables in this database is named 'PaymentInformationInfo' and contains columns such as BillingAddress, CardExpirationMonth, CardExpirationYear, CardNumber, CardType, CcIssueCode, CustomerEmail, CustomerFirstName, CustomerLastName or SecurityIndicator.

Database listing on Symantec PC Doctor server
Enlarge picture
Unu claims that his interest is only to point out security issues and not misuse any data. Therefore, according to him, he did not attempt to extract any information from this table. Instead, he focused on another one called TB_MEMBER, which contains 70,356 records.

For demonstration purposes, he extracted 6 of these entries at random, revealing customer names and login credentials with the passwords stored in plain text; a major security oversight. The hacker also notes that passwords for the accounts in a different table called TB_EMPLOYEE are also stored in a similar insecure way.

A third table Unu chose to investigate is called TB_ORDER and contains columns such as ProductName, ProductNumber, SaleAmount and SerialNumber. There are 122,152 entries in the SerialNumber column.

This is not the first time when Unu scrutinizes the security of websites belonging to antivirus vendors. His previous targets includes Kaspersky and Bitdefender. Some months back, he even disclosed a vulnerability affecting a different Symantec website. The AV company eventually played down its impact.

At the end of his most recent disclosure, Unu mentions his previous attack against Kaspersky's US online store website. 'There was fair play, they quickly secured vulnerable parameter, and even if at first they were very angry at me, finally understood that I did not extract, I saved nothing, I did not abused in any way by those data found. My goal was, what is still, to warn. To call attention [sic.],' the hacker writes on his blog.

Note: We have alerted Symantec about the potential security breach. We will update this article when/if more information becomes available.

Update: In an e-mail to Softpedia, Symantec has confirmed the existence of a vulnerabiliy in the pcd.symantec.com. Here is the full statement we received:

'A SQL injection vulnerability has been identified at pcd.symantec.com. The Web site facilitates customer support for users of Symantec's Norton-branded products in Japan and South Korea only. This incident does not affect Symantec customers anywhere else in the world.

'This incident impacts customer support in Japan and South Korea but does not affect the safety and usage of Symantec's Norton-branded consumer products. Symantec is currently in the process of updating the Web site with appropriate security measures and will bring it back online as soon as possible. Symantec is still investigating the incident has no further details to share at this time.'"

Source Softpedia

RBS WorldPay Hackers Indicted - After stealing over nine million dollars in a sophisticated attack - Softpedia

RBS WorldPay Hackers Indicted - After stealing over nine million dollars in a sophisticated attack - Softpedia: "The gang of fraudsters who stole $9 million after hacking into the RBS WorldPay payment processor last year have been indicted by a grand jury in Atlanta, the United States Department of Justice announces. Four hackers and six cashers were charged with various counts of wire fraud, computer fraud and aggravated identity theft.

Back in December 2008, close to the winter holidays, a major US-based payment processor called RBS WorldPay announced that its network and computer systems were breached by unknown attackers. The company, which is operated by the Royal Bank of Scotland Group, said at the time that only around 100 re-loadable payroll cards had been misused and subsequently disabled.

However, what the company failed to note is that some of the compromised cards were actually used to steal a whooping nine million dollars. Not only that, but the impressive sum was withdrawn over a 24-hour period from over 2,100 ATMs located in at least 280 different cities worldwide, making this attack one of the most organized and sophisticated of its kind ever to be instrumented.

The indictment reveals that the hackers intercepted and cracked encrypted data passing through the network, after which they artificially inflated the limits of the accounts chosen as targets. The payroll card details including PIN numbers were then distributed to people across the world, known as cashers, who manufactured copies of the cards and used them on ATMs.

These co-conspirators allegedly kept between 30 and 50 percent of the money, while the rest was sent back to Sergei Tsurikov, 25, of Tallinn, Estonia, Viktor Pleshchuk, 28, of St. Petersburg, Russia, Oleg Covelin, 28, of Chisinau, Moldova, and a yet unidentified individual known only as 'Hacker 3,' who are named as the leaders of the gang and the hackers responsible for the breach.

Four other residents of Tallin, Estonia, in the persons of Igor Grudijev, 31, Ronald Tsoi, 31, Evelin Tsoi, 20, and Mihhail Jevgenov, 33, were indicted in connection with this scheme for withdrawing cash using cloned cards. Two unnamed individuals were also arrested for playing a similar role in Hong Kong. However, given the scope of this operation, this is only the beginning of a very long list of co-conspirators.

'The charges brought against this highly sophisticated international hacking ring were possible only because of unprecedented international cooperation with our law enforcement partners,' noted Assistant Attorney General of the Criminal Division Lanny A. Breuer. FBI Atlanta Field Office Special Agent-in-Charge Greg Jones added that this success sends 'a clear message to cyber-criminals across the globe. Justice will not stop at international borders, but continue with the on-going cooperation between the FBI and other agencies.'

Tsurikov, Pleshchuk, Covelin and 'Hacker 3' were charged with conspiracy to commit wire fraud, wire fraud, conspiracy to commit computer fraud, computer fraud, access device fraud and aggravated identity theft. Each of them face a sentence of over 35 years in prison and fines up to $3.5 million dollars. Meanwhile, Grudijev, Tsois and Jevgenov, who were indicted for access device fraud, risk maximum sentences of 15 years in prison and fines of up to $250,000."

Major Security Hole Discovered on Facebook and MySpace - The oversight allowed account hijacking and theft of user data - Softpedia

Major Security Hole Discovered on Facebook and MySpace - The oversight allowed account hijacking and theft of user data - Softpedia: "A Web developer has documented a proof-of-concept attack that could have been used to hijack accounts and steal private information on Facebook and MySpace. The attack leveraged a serious security oversight in XML configuration files used to define the cross-domain access policy for Flash applications.

The discovery was made while 24-years-old Dutch Web developer Yvo Schaap tried to find a workaround to a problem he was having with one of his Facebook applications. “I found a solution to one of my function limitations. Surprisingly, when looked into more carefully my solution allowed full access and control to the Facebook user account that accessed my application,” he notes on his blog.

As the programmer goes on to explain, this is not actually a bug, but an insecure configuration issue in crossdomain.xml. This file can be used to tell a Flash application, loaded from a URL and executed locally on the client, if it is able to access a file served from its domain. For example, if the owner of domain A wants to let an application from domain B access its files, it can specify domain B in the crossdomain.xml on its server.

While the crossdomain.xml on facebook.com whitelisted only other domains and sub-domains associated with Facebooks, the similar file on connect.facebook.com contained an <allow-access-from domain=”*” /> directive. This meant that any Flash application, hosted on any domain, was allowed to access data on the connect.facebook.com sub-domain.

“This wouldn't be a big deal if the subdomain only hosts images, but unfortunately this domain hosts the whole Facebook property, including a facebook user session,” Mr. Schaap notes. The web developer goes on to point out that if a user has auto-login enabled and is served with the URL to a specially-crafted flash file, an attacker could obtain full control of their account.

MySpace also suffered from a similar crossdomain.xml misconfiguration, though not as obvious as in Facebook's case. In particular, the crossdomain.xml on myspace.com granted access to a farm.sproutbuilder.com sub-domain. Sprout Builder is a web application building platform, which amongst other types of media, allows its clients to upload and incorporate .swf (Flash) files into their projects. As it turns out, these files are hosted on farm.sproutbuilder.com, thus opening the opportunity to create MySpace self-propagating social networking worm.

Yvo Schaap contacted both companies in advance of making this public and they moved swiftly to address the security problems. However, if two of the biggest social networking platforms left such gaping security holes opened, it is reasonable to assume that many smaller websites also have them."

Source: http://news.softpedia.com/news/Major-Security-Hole-Discovered-on-Facebook-and-MySpace-126327.shtml

Two Men Accused of Hacking Their Former Employer's Computers - Failure to suspend credentials at fault again - Softpedia

Two Men Accused of Hacking Their Former Employer's Computers - Failure to suspend credentials at fault again - Softpedia: "Two former employees of an engine parts distributor have been indicted for accessing the company's computer systems repeatedly without authorization after they quit. According to the prosecutors, the men used still active credentials to access sensitive information for almost two years.

Scott R. Burgess, 45 of Jasper, Indiana, and Walter D. Puckett, 39 of Williamstown, Kentucky, were indicted on November 4 for computer intrusion, the United States Attorney's Office for the Southern District of Indiana announces. The pair used to work for Jasper-based Stens Corporation, a distributor of replacement parts for small engine outdoor power equipment.

After quitting their jobs at Stens in late 2004 and early 2005, respectively, Burgess and Puckett went on to work for a rival company. The authorities claim that until September 2006, the two illegally accessed private information stored on computers belonging to Stens Corporation on twelve separate occasions.

The intrusions allegedly had personal and commercial gain motivation and were instrumented through the use of old login credentials. It is also mentioned that Stens' IT staff noticed unusual behavior and disabled several passwords, however the perpetrators switched to using others.

According to Assistant U.S. Attorney Todd S. Shellenbarger, Burgess and Puckett face a maximum sentence of five years in prison and a fine of $250,000 each. The Federal Bureau of Investigation and the Indiana State Police have collaborated in the investigation.

Failure to disable the login credentials of dismissed individuals is a popular attack vector for data breach incidents. Security experts have warned that the risk of disgruntled employees hacking their way back in is even greater now due to the harsh economic environment.

Back in September, we reported that a former IT consultant pleaded guilty to accusations of damaging a critical system used to monitor underwater oil pipelines for leaks, because an oil-extraction company refused to offer him permanent employment. In August, a computer specialist was arrested and indicted for hacking into the network of a charity he used to work for and deleting donor records."

Source: http://news.softpedia.com/news/Two-Men-Accused-of-Hacking-Their-Former-Employer-s-Computers-126361.shtml