Author Topic: Ethical Hacking - Password recovery  (Read 3528 times)

Offline I.L.W.

  • Dedicated Contributor
  • ******
  • Posts: 1004
  • Karma: 203
Ethical Hacking - Password recovery
« on: February 15, 2016, 09:08:54 PM »
This one goes out to the parents who might want to check in on their kids online activities. This method will reveal a saved password on a site that has already been visited.

"But it's already saved, I can just log in" you say...

Well, remember most people use the same password for multiple sites, so knowing what it is gives you access to passwords which were not saved.

DO NOT abuse this.


Click for larger image.

The lesson here: Don't log in on other people's computers, don't save passwords, and never let anyone touch your computer (especially loved ones... just like murder, you're more likely to be hacked by a family member than a stranger). And for the love of God... don't use the same password for multiple sites ;)

There are legitimate uses for this, but you can see how it might be abused by people. Hopefully understanding how this is done will help you prevent being hacked yourself.

This is rookie level stuff, you can find many tutorials on it already, so I'm not letting slip any great secrets here. Trust me, if you have kids over the age of eight, they already know how to do this. I'm just helping you keep up in the arms race. This only works if the password is saved on the computer. When websites get "hacked" (as you hear about in the media), that's usually XSS + SQL Injection which is much more advanced.

Offline kckndrgn

  • Survivalist Mentor
  • *****
  • Posts: 615
  • Karma: 23
    • Ryans Turnings
Re: Ethical Hacking - Password recovery
« Reply #1 on: February 16, 2016, 07:32:15 AM »
WOW, I did not know this!

I guess it only makes since that your browser has to store the data (even if encrypted/hashed) locally, then have it unencrypted to populate the password field like you had entered it.

Offline I.L.W.

  • Dedicated Contributor
  • ******
  • Posts: 1004
  • Karma: 203
Re: Ethical Hacking - Password recovery
« Reply #2 on: February 16, 2016, 06:43:52 PM »
Recovering Wifi Passwords

You just got a new smart phone and want to set it up on your wifi, but forgot the password. How do you find the password on windows computer? First we need to find the Network name (or SSID).

On the keyboard, press [Win]+[R]
Type in "CMD" and press [Enter]
In the command prompt, type in NETSH WLAN SHOW INTERFACE
In the resultant text, look for the SSID of your Network. Let's say it's called "My House Wifi"
Now type in: netsh wlan profiles "My House Wifi" key=clear (substituting "My House Wifi" with the name of your own network.

You will be presented with a list of everything you need to set up another wireless device. This will include the SSID, Encryption type (WEP, WPA etc), and the password for the network.

Use cases:
  • Your ISP locks out the router gateway interface so you can't access it to see what the correct settings are. Some disreputable providers actually try to charge you for each device connected to wifi...
  • Your company fires the IT guy, now you can't get into your own wifi network (this happens a lot, lol)
  • You want to find out what other networks the PC has accessed in the past.
  • You're supporting a relative who's not too tech savvy and doesn't know their own password.

*This is a "Recovery" tutorial, this method assumes you have saved the password on the computer, so you knew it at one point or have lawful access to the computer and the network being accessed. If you never knew the password (trying to steal the neighbor's wifi, lol)... I'm not helping with that, there are plenty of others online who will show you how :)

Offline I.L.W.

  • Dedicated Contributor
  • ******
  • Posts: 1004
  • Karma: 203
Re: Ethical Hacking - Password recovery
« Reply #3 on: February 16, 2016, 06:57:41 PM »
Bypass Windows Login Passwords:

Aunt Meara just passed away... To put her affairs in order, it would be helpful to have access to her computer. You can get into default account, but her documents were stored in her personal windows account which is password protected. How do you get in?

In Windows XP, Vista, 7, 8 and 10, there is an advanced user profile control which has no icons in the control panel.

Press [Win] + [R] on the keyboard.
In the Run dialogue, type in Control Userpasswords2

Press [Enter]

Select the account you need access to and choose "Reset Password".

* Warning, if you see files with green text in the file explorer, they have NTFS encryption. Resetting the passwords will destroy the key to access them. This is rare, nobody uses NTFS encryption anymore, but be aware there is that possibility.



Offline I.L.W.

  • Dedicated Contributor
  • ******
  • Posts: 1004
  • Karma: 203
Re: Ethical Hacking - Password recovery
« Reply #4 on: February 18, 2016, 05:49:14 PM »
Follow up: Recovering Wifi Passwords

I just dug out an old script I wrote (the coding is crap, I rushed it and did a lot of copy & paste from other functions, reusing a lot of variables... lol). This will give you your network info, including wireless password. Run it on a computer and you'll be able to pull the saved password for the wireless network from it in a few seconds.

On ethernet connections, it will also show you things like the router manufacturer (which is all you need to look up default passwords, which are unchanged in 99% of cases).

Save in notepad as "connection.hta" and double-click it to run.

For the aspiring "hackers" out there, you can see how instead of presenting this information, you could simply send it in an email to yourself. If you don't mind wading through this sloppy code, you can actually have a lot of fun with this.

A word of advice: Notice how I posted the code, not a link to an exe file. You can see what it's doing and choose to run it or not. Transparency is important. If this was a compiled executable, you would not want to run it on the word of some random guy in an internet forum ;)

Good use example:
Your mother calls up, and can't get her new iPad on the wifi... You have her go to http://join.me and start a remote connection session, copy the code here into notepad on her PC, save and run the file. In a few seconds, you know what settings are needed to walk her through setting up the device.

Bad use example:
Hide the interface, embed "Super Mario Brothers" as a flash game, write an "email me" hidden function, and email the "game" to your neighbor so you can start browsing their network or steal their internet connection. That's what people in the hacking world call "being a d*ck". Don't be a d*ck.

Code: [Select]
<head>
<title>Connection Test</title>
<hta:application id="wd"
applicationname="wd"
BORDERSTYLE="normal"
CAPTION="yes"
INNERBORDER="yes"
MAXIMIZEBUTTON="no"
MINIMIZEBUTTON="no"
NAVIGABLE="yes"
border="thin"
ICON=""
SCROLL="auto"
SCROLLFLAT="yes"
SELECTION="no"
SHOWINTASKBAR="yes"
SINGLEINSTANCE="no"
SYSMENU="yes"
WINDOWSTATE="normal">
</head>

<script language="VBScript">
Sub Window_onLoad
window.resizeTo 410,950
GetGateway()
GetIP()

GetUserAccounts()
End Sub
Sub GetGateway
Set objWMIService = GetObject("winmgmts:\\.\root\CIMV2")
Set colItems = objWMIService.ExecQuery("SELECT * FROM Win32_NetworkAdapterConfiguration Where IPEnabled = True")
For Each objItem In colItems
strDefaultIPGateway = Join(objItem.DefaultIPGateway, "")
strDNSHostName = Join(objItem.DNSServerSearchOrder, " / ")
myDNS = objItem.DNSServerSearchOrder
For i = LBound(objItem.IPAddress) to UBound(objItem.IPAddress)
If Not Instr(objItem.IPAddress(i), ":") > 0 Then
strLocalIP = objItem.IPAddress(i)
End If
Next
strmcAdd = objItem.MACAddress
Next
GatewayData.InnerHTML="<a target=_new href=" & strDefaultIPGateway & ">" & strDefaultIPGateway & "</a>"
DNSHostName.InnerHTML= strDNSHostName
LocalIP.InnerHTML=strLocalIP
MacAddress.InnerHTML= strmcAdd
GetMac(strDefaultIPGateway)
End Sub

Sub GetIP
Set objxmlHTTP = CreateObject("Microsoft.XMLHTTP")
Call objxmlHTTP.open("get", "http://ipinfo.io/ip", False)
objxmlHTTP.Send()
myIPAddress = objxmlHTTP.ResponseText
IP.innerHTML = myIPAddress
GetISP()
End Sub

Sub GetISP
Set objxmlHTTP = CreateObject("Microsoft.XMLHTTP")
Call objxmlHTTP.open("get", "http://ipinfo.io/" & myIPAddress & "/org", False)
objxmlHTTP.Send()
myISP = objxmlHTTP.ResponseText
ISP.innerHTML = myISP
GetLocation()
End Sub

Sub GetLocation
Set objxmlHTTP = CreateObject("Microsoft.XMLHTTP")
Call objxmlHTTP.open("get", "http://ipinfo.io/" & myIPAddress & "/region", False)
objxmlHTTP.Send()
myLocation = objxmlHTTP.ResponseText
slocation.innerHTML = myLocation
GetCity()
End Sub

Sub GetCity
Set objxmlHTTP = CreateObject("Microsoft.XMLHTTP")
Call objxmlHTTP.open("get", "http://ipinfo.io/" & myIPAddress & "/city", False)
objxmlHTTP.Send()
myCity = objxmlHTTP.ResponseText
CITY.innerHTML = myCity
End Sub
Sub GetUserAccounts
On Error Resume Next
UserList = ""
Const HKEY_LOCAL_MACHINE = &H80000002
Set objRegistry=GetObject("winmgmts:\\.\root\default:StdRegProv")
strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList"
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubkeys
For Each objSubkey In arrSubkeys
strValueName = "ProfileImagePath"
strSubPath = strKeyPath & "\" & objSubkey
objRegistry.GetExpandedStringValue HKEY_LOCAL_MACHINE,strSubPath,strValueName,strValue
UserList=UserList & "<tr>" & strValue & "</tr>"
Next
myUsers.innerHTML = "<table><td>"& UserList & "</td></table>"
End Sub
Sub GetMac(ip)
On error Resume Next
Set objShell = CreateObject("WScript.Shell")
WScript.Sleep(4000)
Set objExec = objShell.Exec("arp -a")
strPingResults = LCase(objExec.StdOut.ReadAll)
strARPList = Split(strPingResults)
n = UBound(strARPList,1)
For X = 0 To n
If strARPList(x) = ip Then
For y = 1 To 16
If strARPList(x+y) <> "" Then
Dim o
Set o = CreateObject("MSXML2.XMLHTTP")
o.open "GET", "http://api.macvendors.com/" & strARPList(x+y), False
o.send
RouterMan.InnerHTML= o.responseText
RMac.InnerHTML=strARPList(x+y)
Exit For
End If
Next
End If
Next
GetWireless()
End Sub

Sub GetWireless()
On error Resume Next
Set objShell = CreateObject("WScript.Shell")
WScript.Sleep(4000)
Set objExec = objShell.Exec("netsh wlan show profiles")
strPingResults = objExec.StdOut.ReadAll
strARPList = Split(strPingResults)
n = UBound(strARPList,1)
Dim z
z=""
For X = 0 To n
For y = 1 To 16
If strARPList(x+y) <> "" Then
z = strARPList(x+y)
wifi.InnerHTML=z
Exit For
End If
Next
Next
GetSignal(wifi.innerhtml)
End Sub

Sub GetSignal(ssid1)
On error Resume Next
Set objShell = CreateObject("WScript.Shell")
WScript.Sleep(4000)
Set objExec = objShell.Exec("netsh wlan show profiles " + ssid1 + " key=clear")
strPingResults = objExec.StdOut.ReadAll
strARPList = Split(strPingResults, vbcr, -1, 1)
n = UBound(strARPList,1)
For X = 0 To n
For y = 1 To 16
If strARPList(x+y) <> "" Then
if inStr(strARPList(x+y),"Authentication")Then
wifi2.innerhtml = wifi2.innerhtml + strARPList(x+y) + "<br>"
elseif inStr(strARPList(x+y),"Cipher")Then
wifi2.innerhtml = wifi2.innerhtml + strARPList(x+y) + "<br>"
elseif inStr(strARPList(x+y),"Key Index")Then
wifi2.innerhtml = wifi2.innerhtml + strARPList(x+y) + "<br>"
elseif inStr(strARPList(x+y),"Security key")Then
wifi2.innerhtml = wifi2.innerhtml + "<font color=brick><b>"+ strARPList(x+y) + "</b></font><br>"
elseif inStr(strARPList(x+y),"Network type")Then
wifi2.innerhtml = wifi2.innerhtml + strARPList(x+y) + "<br>"
End If
Exit For
End If
Next
Next
GetSignalStr()
End Sub

Sub GetSignalStr()
On error Resume Next
Set objShell = CreateObject("WScript.Shell")
WScript.Sleep(4000)
Set objExec = objShell.Exec("netsh wlan show interface")
strPingResults = objExec.StdOut.ReadAll
strARPList = Split(strPingResults, vbcr, -1, 1)
n = UBound(strARPList,1)
For X = 0 To n
For y = 1 To 16
If strARPList(x+y) <> "" Then
if inStr(strARPList(x+y),"Signal")Then
wifi2.innerhtml = + wifi2.innerhtml +"<font color=green><b>" + strARPList(x+y) + "</b></font><br>"
elseif inStr(strARPList(x+y),"Radio type")Then
wifi2.innerhtml = wifi2.innerhtml + strARPList(x+y) + "<br>"
elseif inStr(strARPList(x+y),"Description")Then
wifi2.innerhtml = wifi2.innerhtml + strARPList(x+y) + "<br>"
elseif inStr(strARPList(x+y),"Name")Then
wifi2.innerhtml = wifi2.innerhtml + strARPList(x+y) + "<br>"
elseif inStr(strARPList(x+y),"Network type")Then
wifi2.innerhtml = wifi2.innerhtml + strARPList(x+y) + "<br>"
elseif inStr(strARPList(x+y),"Channel")Then
wifi2.innerhtml = wifi2.innerhtml + strARPList(x+y) + "<br>"
End If
Exit For
End If
Next
Next
End Sub
</script>

<body>
<div id="sysInfo" style="padding-top:15px; padding-left:15px; position:absolute; Text-color:#FFFFFF; width:400px; top:0px; height: 400px; right:0px; background-color:#999999;">
<h3>Network Connectivity Information:</h3>
WAN IP Address: <Span ID="IP" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></Span><br>
Local IP Address: <span id="LocalIP" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></span><br>
Mac Address: <span id="MacAddress" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></span><br>
Gateway Address: <span id="GatewayData" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></span><br>
DNS Host Address: <span id="DNSHostName" style="text-align:left; background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></span><br>
Router Mac Address: <span id="RMac" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></span><br>
Router Manufacturer: <span id="RouterMan" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></span><br>
ISP: <Span ID="ISP" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></Span><br>
Region: <Span ID="slocation" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></Span><br>
City: <Span ID="CITY" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></Span><br>
Wireless Network: <Span ID="wifi" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></Span><br>
Wireless Signal: <Span ID="wifistr" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></Span><br>
Wireless Network Info:<blockquote><Span ID="wifi2" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></Span></blockquote><br>
Users: <Span ID="myUsers" style="background-color:#AAAAAA; padding-left:10px; padding-right:10px;"></Span><br>
</div>

</body>