Thursday, November 11, 2010

Dir 300 unauthorised password change

Hey guys,
Sorry haven't posted a single thing in ages but I'm close to finishing my senior year and kinda busy. Anyways, i just have to post this, as me myself am using the dir300. This exploit was posted to bugtrack and I thought I'd share.


Rename the above file to .php and execute

Thursday, July 22, 2010

/dev/urandom saves my day

Hi guys,
It has been a long time since I have last posted something on my blog, I have been very busy with my senior year and have not been able to post anything due to upcoming exams that happen almost every other week, but I have still be reading and researching on security stuff.
Anyway, I have been recently researching on password recovering and for those who don't know I have created a collection of password recovery related scripts in perl on google code feel free to checkout the svn.
I have been downloading ophcrack vista live cd on my friends internet that is fast. Well we reached 99.8% and the power went off, withit the internet and others.Well I mounted the .iso on /mnt and performed md5 checksum on the files. I showed several IO errors because the image was not complete and the table3.index did not match the checksum. Damn it, so I decided to eliminate the IO error by using dd to add some bytes to the .iso so that the memory of the iso will match the memory of the image. I performed the checksums again, this time without any IO errors and WOW the table3.index showed OK! I tried doing the same again just to see if it were the random bits that completed the checksum or just the memory space, but couldn't get the checksum right again.
Well that shows that i was just lucky that time. But I still did finish the download on my VERY slow internet that is at most 3KB/s and all the checksums fell into place.

Tuesday, February 9, 2010

End CD Age?

Some time ago, I read about the end of CD's coming soon. Well, i didn't actually belive that, but yesterday I had to agree with that. I had downloaded a Fedora 12 Live CD and DAMN... I didn't have any empty CD lying around. Well waht the hell should i do? Run to the shop and buy a CD-R ? Well not exactly I had another Idea. I took my 1GB flash disk and did

# dd_rescue /dev/sdb /home/kalgecin/FLASH.img
# dd_rescue Fedora-Live.iso /dev/sdb

Booted my laptop from the flash disk (by the way the bootup time was way faster) and installed the Fedora (againg increadably fast). The did

#dd_rescue /home/kalgecin/FLASH.img /dev/sdb

and BOOM! I have my data on my flash back, I have the Fedora installed!. For the DVD version lovers, you can do the same with an 8GB Flash (Or 4GB if it's less than that cos Full DVD is 4.6GB).
Happy Fun :)

Monday, December 21, 2009

Also on Opera!

For those with opera accounts, I'm also on opera as kalgecin and bloging there also. Feel free to add me as a friend

Tuesday, December 15, 2009

The power of[.rb]

I've generated 5GB of rainbowtables with and set to work. Visited and downloaded their uncracked hashes(over 100K!) opened msfconsole loaded crack plugin and started to lookup the hashes. After 6 minutes, it looked up all the 100K hashes and cracked about 23% !!
One of the powers of the framework is the ability to create rainbow tables from the wordlist, no other rainbow table cracker  does this (correct me if i'm wrong) and the lookup of a hash is instant! almost no delay!
enjoy your holidays ;)

Friday, December 11, 2009


Hi guys,
as promised, i've added something new to the project. I've added a Metasploit plugin! just copy the crack.rb file into your metasploit plugin folder and load it! you can use your existing tables folder with the metasploit plugin

# sudo mount --bind /path/to/ /metasploit/data/crack.rb/tables

This will bind your existing tables to the metasploit directory!
The plugin is in the svn repository

Wednesday, December 9, 2009

Finally Holidays !

Finally that i have holidays and the stress of exams is off, i'll continue to develop and maybe metascanner .
P.S. 81MB of rainbowtables contains over 6 Million passwords!! beat that. Lookup is instant!