Recover Master Password

Posted: July 19, 2011 in Uncategorized
1

  • You can instantly recover all these sign-on passwords using tools such as FirePassword (command line) or FirePasswordViewer (GUI).
  • Firefox provides additional protection option called ‘master password’ to prevent malicious users from discovering these sign-on passwords. Master password as such is not stored any where directly but it’s one way hash and other relevant information is stored in the key3.db file within the profile directory.
  • In case you have lost your master password, then you can recover it using FireMaster tool.

FirePasswordViewer Tutorial

1.   About FirePasswordViewer

FirePasswordViewer is the GUI version of popular FirePassword tool to recover login passwords stored by Firefox. Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format.

Also FirePasswordViewer can be used to recover sign-on passwords from different profile (for other users on the same system) as well as from the different operating system (such as Linux, Mac etc). This greatly helps forensic investigators who can copy the Firefox profile data from the target system to different machine and recover the passwords offline without affecting the target environment.

FirePasswordViewer is fully portable tool which works on wider range of platforms starting from Windows XP to latest operating system, Windows 7.

2.   Features of FirePasswordViewer
  •  Instantly decrypt and recover stored encrypted passwords from ‘Firefox Sign-on Secret Store’ for all versions of Firefox.
  • Supports recovery of passwords from local system as well as remote system. User can specify Firefox profile location from the remote system to recover the passwords.
  • It can recover passwords from Firefox secret store even when it is protected with master password. In such case user have to enter the correct master password to successfully decrypt the sign-on passwords.
  • Sort feature to arrange the displayed password list by username, password or website which makes it easy to search through 100’s of entries.
  • Save the recovered Firefox password list to HTML file for transferring to other system or for future use.
About Firefox Password Manager
  • Firefox has a built-in password manager tool which stores username and passwords for all the visited websites. These credentials are stored in the encrypted form in the Firefox profile’s database files such as key3.db and signons.txt.
  • The key3.db file contains master password related information such as encrypted password check string, salt, algorithm and version information etc.
  • Signons.txt file contains the actual sign-on information à

Reject Host list : List of websites for which user don’t want Firefox to remember the credentials.

Normal Host List : Each host URL is followed by username and password.

About Firefox Password Manager
  • You can instantly recover all these sign-on passwords using tools such as FirePassword (command line) or FirePasswordViewer (GUI).
  • Firefox provides additional protection option called ‘master password’ to prevent malicious users from discovering these sign-on passwords. Master password as such is not stored any where directly but it’s one way hash and other relevant information is stored in the key3.db file within the profile directory.
  • In case you have lost your master password, then you can recover it using FireMaster tool.
Using FirePasswordViewer
  • FirePasswordViewer is the standalone application and it does not require any installation. You can just run it by double clicking on the executable file.


Here are the brief usage details.

  • On running, FirePasswordViewer automatically populates the Firefox profile location if it is already installed. Otherwise you can enter the profile location manually.
  • If you have set the master password for your Firefox, then you need to specify the same in the master password box.
  • Once the profile location is specified, you can click on ‘Start Recovery’ button and FirePasswordViewer will instantly recover all passwords from Firefox sign-on store.
  • By default passwords are not shown for security reasons as it is sensitive data. However you can click on ‘Show Password’ button to view these passwords.
  • Finally you can save all recovered password list to HTML file by clicking on ‘Save as HTML’ button.

You can also use FirePasswordViewer to recover passwords from different system either Windows or Linux. In that case you can copy Firefox profile data from remote system to local machine and then specify that path in the profile location field for recovering the passwords.

FireMaster Tutorial

About FireMaster
  • FireMaster is the first ever built tool to recover the lost master password of Firefox. Master password is used by Firefox to protect the stored sign-on information for all visited websites. If the master password is forgotten, then there is no way to recover the master password and user will lose all the sign-on information stored in it.
  • However user can now use FireMaster to get back all their stored credentials. FireMaster uses combination of techniques such as dictionary, hybrid and brute force to recover the master password from the Firefox key database file.
  • Now it also supports pattern based password recovery mechanism which significantly reduces the time taken to recover the password.

Current version comes with ‘Setup Wizard’ for Installation & Un-installation of FireMaster on your local system.

Firefox Password Manager and Master Password
  • Firefox comes with built-in password manager tool which remembers username and passwords for all the websites you visit. This sign-on information is stored in the encrypted form in Firefox database files residing in user’s profile directory.
  • However any body can just launch the password manager from the Firefox browser and view the credentials. Also one can just copy these database files to different machine and view it offline using the tools such as FirePassword.
  • Hence to protect from such threats, Firefox uses master password to provide enhanced security. By default Firefox does not set the master password. However once you have set the master password, you need to provide it every time to view sign-on credentials. So if you have lost the master password, then you have lost all the stored credentials as well.
Internals of FireMaster

Once you have lost master password, there is no way to recover it as it is not stored at all. Whenever user enters the master password, Firefox uses it to decrypt the encrypted data associated with the known string.

If the decrypted data matches this known string then the entered password is correct. FireMaster uses the similar technique to check for the master password, but in more optimized way. The entire operation goes like this.

  • FireMaster generates passwords on the fly through various methods.
  • Then it computes the hash of the password using known algorithm.
  • Next this password hash is used to decrypt the encrypted data for known plain text (i.e. “password-check”).
  • Now if the decrypted string matches with the known plain text (i.e. “password-check”) then the generated password is the master password.

Firefox stores the details about encrypted string, salt, algorithm and version information in key database file key3.db in the user’s profile directory. You can just copy this key3.db file to different directory and specify the corresponding path to FireMaster. You can also copy this key3.db to any other high end machine for faster recovery operation.

FireMaster supports following password generation methods –>

1) Dictionary Method

In this mode, FireMaster uses dictionary file having each word on separate line to perform the operation. You can find lot of online dictionary with different sizes and pass it on to Firemaster. This method is more quicker and can find out common passwords.

2) Hybrid Method

This is advanced dictionary method, in which each word in the dictionary file is prefixed or suffixed with generated word from known character list. This can find out password like pass123, 12test, test34 etc. From the specified character list (such as 123), all combinations of strings are generated and appended or prefixed to the dictionary word based on user settings.

3) Brute Force Method

In this method, all possible combinations of words from given character list is generated and then subjected to cracking process. This may take long time depending upon the number of characters and position count specified.

How to use FireMaster ?

First you need to copy the key3.db file to temporary directory. Later you have to specify this directory path for FireMaster as a last argument.

Here is the general usage information

Firemaster [-q]

[-d -f <dict_file>]

[-h -f <dict_file> -n <length> -g “charlist” [ -s | -p ] ]

[-b -m <length> -l <length> -c “charlist” -p “pattern” ]

<Firefox_Profile_Path>

Dictionary Crack Options:

-d      Perform dictionary crack

-f      Dictionary file with words on each line

Hybrid Crack Options:

-h      Perform hybrid crack operation using dictionary passwords.

Hybrid crack can find passwords like pass123, 123pass etc

-f      Dictionary file with words on each line

-g      Group of characters used for generating the strings

-n      Maximum length of strings to be generated using above character list

These strings are added to the dictionary word to form the password

-s      Suffix the generated characters to the dictionary word(pass123)

-p      Prefix the generated characters to the dictionary word(123pass)

Brute Force Crack Options:

-b      Perform brute force crack

-c      Character list used for brute force cracking process

-m     [Optional] Specify the minimum length of password

-l       Specify the maximum length of password

-p      [Optional] Specify the pattern for the password

Sample Usage Information

// Dictionary Crack

FireMaster.exe -d -f c:\dictfile.txt Firefox_Profile_Path

// Hybrid Crack

FireMaster.exe -h -f c:\dictfile.txt -n 3 -g “123” -s Firefox_Profile_Path

// Brute Force Crack

FireMaster.exe -q -b -m 3 -c “abyz126” -l 10 -p “pa??f??123” Firefox_Profile_Path

Here Firefox_Profile_Path refers to the directory where key3.db file is present. This points to the Firefox profile directory (Ex: C:\Documents and Settings\<user>\Application Data\Mozilla\Firefox\Profiles\<prof name>) on your machine.

However you can also copy key3.db file from any other machine such as Linux system to your local windows machine and specify that path during recovering operation.

Quiet mode ( -q option ) will disable printing each password while recovery is in progress. This makes it much faster especially for brute force operation. However during brute force operation if the password count exceeds 50000 passwords then it automatically enters the quiet mode.

Hybrid method tries normal dictionary password as well as password created by appending/prefixing the generated strings to the dictionary word. For example if the dictionary word is “test” and you have specified character set as ‘123’ (-c 123 -s) then the new passwords will be test1, test12, test123, test32 etc.

Character list (-g for hybrid and -c for brute force) specifies the characters to be used for generating passwords. If you don’t specify then the default character list is used. For brute force -m indicates the minimum length of password to be generated.

This can reduce the generated passwords and hence the time considerably when large number of character set is specified. Similarly -l (small ‘L’) specifies the maximum length of password to be generated. For example, if you specify -m 6 and -l 8 then only passwords which are of length at least 6 and above but below 8 will be generated.

Now you can reduce the password cracking time significantly using pattern based password recovery mechanism. If you know that password is of certain length and also remember few characters then you can specify that pattern for brute force cracking. For example, assume that you have set the master password of length 12 and it begins with ‘fire’ and ends with ‘123’ then command will look like below

FireMaster.exe -b -c “abyz” -l 12 -p “fire?????123” c:\testpath

This will reduce the time to seconds which otherwise would have taken days or hours to crack that password. You can even crack the impossible looking passwords using the right pattern.

BlackBerry PlayBook

Posted: October 19, 2010 in BlackBerry PlayBook
0

RIM announced its widely rumored BlackBerry PlayBook at the BlackBerry Developer Conference. The BlackBerry PlayBook is a high-fiving, chest-bumping tablet with a name inspired by American football and a background in business.

This tablet was previously termed as the BlackPad, according to the rumors. This is the first tablet device to be announced with a dual-core CPU (1 GHz ARM Cortex A9). The tablet has got everyone speaking about it. The proper and attractive blend of features, technology and looks clearly define a nice standard for the device.

Top  Specifications  of  PlayBook
  • 7-inch screen (1,024×600 pixels), 5.1 inches tall, 7.6 inches wide, 0.4 inch (9.7mm) thick, 0.9 pounds, Colors Available are Black and Robin’s Egg Blue.
  • 3-megapixel front-facing HD camera, 5-megapixel rear-facing HD camera.
  • 1 GHz dual-core processor, 1GB RAM.
  • 1080p high-definition video playback, HTML5-capable browser, 802.11 a/b/g/n Wi-Fi.

  • Adobe Flash 10.1 support, Adobe AIR support, H.264, MPEG4, and WMV, HDMI video output, Micro USB, Micro HDMI, DLNA media streaming, Enterprise-strength e-mail security.
  • BlackBerry Tablet OS with support for symmetric multiprocessing, Open, flexible application platform with support for WebKit/HTML-5, Adobe Flash Player 10.1, Adobe Mobile AIR, Adobe Reader, POSIX, OpenGL, Java, RIM intends to also offer 3G and 4G models in the future.
  • PlayBook has “true” multitasking, RIM seems to be pointing at the fact that multitasking on the iPad is still limited in a lot of ways. Apps can’t fully run in the background on the iPad like on a full computer, they can simply perform select actions, like playback audio or finish a download in a given amount of time. The implication is that the PlayBook will let things run willy nilly in the background, more like a standard BlackBerry phone.
  • It’ll pair with a BlackBerry phone, so you can use the tablet to look at anything that’s on the phone, like email, calendars or BBM without syncing the two. And it connects with BlackBerry Enterprise Server out of the box.

  • It supports a whole bunch of standard platforms and technologies, like POSIX OS, SMP, Open GL, BlackBerry 6, WebKit, Java, Adobe Flash and AIR, along with RIM’s new BlackBerry WebWorks platform. Apps written for WebWorks will run on BlackBerry 6 or the PlayBook, while Java makes it easier for developers to port Java-based BlackBerry 6 apps. OpenGL means there’s serious potential for graphically intense games.
  • The Playbook will be able to handle some serious 3D Games thanks to it’s impressive hardware. The Playbook will be able to support 2D and 3D Gaming via Open GL. For those of you thinking that this is just a multimedia tablet device, think again as it has the potential to churn out some impressive games, as long as developers decide to support it.

RIM  says  it’s  coming  out  in  the  US  in  early  2011,  with  other places  getting  it  sometime  after  March.  The  spec-heavy  PlayBook  warrants  a  much  higher  price  than  the  iPad,  so don’t  be  too  surprised  when  RIM  slap  a  $1000-1300  price  tag on  their  new  device.


JooJoo tablet PC

Posted: October 12, 2010 in JooJoo tablet PC
0

JooJoo  –  Experience  The  Magic

The JooJoo is a beautifully crafted piece of hardware, and its minimalistic design would remind us of an aesthetically pleasing Apple product.  The front of the device is nothing but LCD, and the slightly recessed power button on the left edge is the only physical button on the entire thing.

The champagne-colored brushed aluminum backside of the tablet certainly gives everything a sophisticated look of 12.8 x 7.8-inch JooJoo,  A single USB port, a standard headphone jack, and a microphone jack live on the right edge. You can use the USB port to charge the device. The camera on the top of the screen is apparently meant for video conferencing.

It is light (about 2.4lbs) and fairly svelte (less than one inch thick), so it’s not hard to hold one-handed or carry around.

1. Screen and speakers
  • The JooJoo’s heart and soul is its 1366 x 768, capacitive 12-inch display, colors fade quickly when the screen is tilted to a 120-degree angle.

  • The sensitivity will be tweaked in an upcoming software update, along with the speed of rotation. Luckily the ambient light sensor is much more accountable, dimming the screen when not in use and raising the lights in dimly lit situations.
  • The two speakers on the back of the tablet sound like typical netbooks speakers – they’re loud enough for personal listening. When you need to input text, the JooJoo brings up an onscreen keyboard layout. It’s fairly roomy and easy to type.
2. Software  :  Browser  and more  browser
  • The Linux browser-based OS is centered around rectangular shortcuts like Twitter and Hulu which are divided into different categories, including News, Social, and Entertainment.
  • From anywhere on the device you can swipe down at the top of the screen to bring up a navigation bar, which includes browser controls, in addition to quick utility items like bookmark, volume, onscreen keyboard, and WiFi.

  • Speaking of swiping downwards, two-finger scrolling happens to be very smooth, but one finger scrolling isn’t supported. For instance, Facebook, Twitter, YouTube, and Hulu are all treaed as “apps.”
  • The browser itself is a WebKit browser (the same rendering engine that powers Apple’s Safari and Google Chrome, among others) so it had no trouble rendering Web pages, and it includes support for Microsoft Silverlight, Adobe Flash, and Java, so you won’t be short on Web applications here.
3.  Performance, Flash video and battery life
  • The JooJoo actually happens to be quite speedy thanks to its 1.6GHz Intel Atom N270 processor, 1GB of RAM and 4GB solid state drive. It only takes about 7 seconds to boot and toggling between the menus is snappy.
  • JooJoo has actually implemented a hack for YouTube where you can view a video in Flash or in “JooJoo” mode which is a straight playback of the MPEG video file every YouTube video harbors.
  • The JooJoo’s integrated three-cell battery repeatedly lasted 2.5 hours during our moderate use, which included surfing the Web and playing short videos. JooJoo claims you can get 5 hours if you avoid Flash entirely.
  • Probably the biggest changes come in video playback. The tablet now supports Flash video as well as H.264 HD video stored locally on USB thumb drive.

The  JooJoo  is  entirely  browser  based  and  has  a  price  tag  of $499  matching  the  price  of  the  16GB  iPad.

Nokia N8

Posted: October 9, 2010 in Nokia N8
0

Nokia  Step-Up  again  and  Introducing  New  Nokia N8.  It’s  not  the Technology.  It’s  what  YOU  do  with  it.

 

Check out its top 10 wow features –>

1. Available colours are  –> Silver white, Dark grey, Orange, Blue, Green, Black.

2. Nokia N8 comes with a 12 megapixel camera which has got Xenon Flash. With the all new 12 megapixel camera, the user can record HD Videos with 1280X720p resolution and that is one of the best part.

3. Nokia N8 offers different connectivity options to the user, it has got a bluetooth and it supports Wi-Fi as well. But, ‘USB on the go’ is best connectivity option, the user can connect any USB device with his Nokia N8, he can share files or play them directly via USB device.

4. This phone has got a 3.5′ capacitive AMOLED display. This provides a better output and offers a vivid display. The display offers nHD (640×360) resolution which adds an extra pleasure to your images and videos.

5. When it comes to touchscreen phones, glass plays an important role and it does make a difference. In the case of Nokia N8, the user will surely be satisfied with the screen. It comes with a hardened gorilla glass which is the hardest glass available till date.

6. One of Nokia’s strengths is services and applications developed around Ovi ecosystem. N8 comes with Ovi Store, Ovi Maps and Ovi Contacts integrated as well as Nokia Messaging Email, Nokia Messaging Chat and Nokia Messaging Social Networks.

7. Personalization with Widgets, Themes,  Shortcuts,  Icons,  Menu,  Ring tones  :  mp3,  AAC,  eAAC,  eAAC+,  WMA,  AMR-NB,  AMR-WB, Themes, wallpapers, changeable color themes.

8. Screen size  3.5″,  Resolution  16:9 nHD  (640 x 360 pixels)  OLED,  16.7 million colors,  Capacitive touch screen,  Orientation sensor (Accelerometer),  Proximity sensor,  AMOLED screen.

9. Bluetooth 3.0,  Micro USB connector and charging,  High-Speed USB 2.0 (micro USB connector),  USB On-the-Go,  3.5 mm AV connector,  GPRS/EDGE class B,  HSDPA Cat9,  WLAN IEEE802.11,  TCP/IP support, GSM/EDGE 850/900/1800/1900,  WCDMA 850/900/1700/1900/2100.

10. Use the touch UI to play games,  Dedicated graphics processor with OpenGL 2.0 enables 3D graphics,  Use the accelerometer to play games. HD quality 720p resolution, Shoot 16:9 videos in HD, Video capture in 720p 25 fps with codecs H.264, MPEG-4.

 

 

OlivePAD VT100

Posted: October 9, 2010 in OlivePAD VT100
0

Olive Telecoms introducing India’s first 3.5G Android (2.1 for now) tablet in the Olive Pad VT100. This 7-inch slate is said to boast an 800 x 480 resolution on a capacitive touchpanel.

 

Some  of  its  features  are –>

1. Not to mention Bluetooth, WiFi, an SD card slot, 512MB of internal memory (plus 512MB ROM), a 3.5mm audio jack, 3 megapixel camera, mini USB socket and a 3,240mAh battery.

2. There’s also a mysterious front facing camera for video calls, and sure enough, this thing actually supports voice, which may very well make it the largest smartphone to launch in 2010.

3. GSM,  WCDMA,  GPRS Class 12,  Chipset  Qualcomm MSM7227.

4. Screen Dimensions – 179.2*110*11.5,  7 inch TFT Capacitive Touch Screen, Memory Card Upto 32 GB,  3.5mm Audio Jack,  Charging through Mini USB, Li-Po Battery.

5. Talk time 1200mins,  Standby time 550h,  Dual Speakers,  WiFi 802.11 compass G-sensor.

6. Supportive Audio Formats – MIDI, MP3, AMR, AAC, AAC+,  Camera 3 MPxl Autofocus 4x Zoom,  Email MMS,  WAP,  PC-Sync,  GPS,  Stopwatch,  World clock,  calendar and many more……

Price is expected to be Rs.20000-25000 which puts in the same league as the iPad.

Gadgets N IT Security

Posted: October 7, 2010 in Gadgets N IT Security
3

This Section Contains the Reviews and updates of upcoming new gadgets. This section also contains the reviews about the future concept gadgets, that will stole uR mind and heart away.

Some interesting news on IT security and hacking world will also updated.  So Keep uR soul safe and do check out these gadgets.

VIRUS AND TROJAN CODES

Posted: September 17, 2010 in VIRUS AND TROJAN CODES
55

This Section contains the Virus Codes. Some of these codes are already familiar with you, But still very much harmful and educational too. Below mentioned some of the Platforms in which these virus are coded.
  • BATCH Programming.
  • C/C++
  • Python
  • Visual Basic.

The code here are used for Educational Purposes. Please don’t use them to harm others. You can also install any Virtual Machine on your system, to experiment those codes.

Read the rest of this entry »

WINDOWS REGISTRY TRICKS β

Posted: August 31, 2010 in WINDOWS REGISTRY TRICKS β
0

Back to Registry Hacks,  like Previous Registry Hacks i will again say plzzzzzzzzzzz back-up uR registries. To open Windows Registry,

  • Open RUN and type “regedit“, without quotes.
  • Top-Left, FILE  –>  Export, save its as any name u want.
  • To Import back registry, double click that *.Reg file.
  • The Windows Registry keys and values supports Camel-Case rule. It means like first alphabet of word must be in capital letters and no spaces is provided between two words. Ex –> FirstCut. But i have mentioned keys name already as how they should be named, so you should name them same as i name them.
Read the rest of this entry »

WINDOWS REGISTRY TRICKS φ

Posted: August 27, 2010 in WINDOWS REGISTRY TRICKS φ, WINDOWS REGISTRY TRICKS β
0

Before making any changes to Windows Registries Plzzzzzzz, Back-up uR registries. To do this —

  • Open “RUN” and type “regedit” without quotes.
  • Now at Top-Left, File –> Export, & then save as any name you want lik “ron”,  without quotes.
  • The Windows Registry keys and values supports Camel-Case rule. It means like first alphabet of word must be in capital letters and no spaces is provided between two words. Ex –> FirstCut. But i have mentioned keys name already as how they should be named, so you should name them same as i name them.
Read the rest of this entry »

ProGraMMinG KnowLedGe !n Hack!nG WorLd

Posted: August 27, 2010 in Uncategorized
1

Too Stay smartly in hacking and security world, U must have knowledge of some programming languages so that you can find Ur own exploits and understand the whole architecture such that, What is happening inside???

There are also languages from which you can easily build your own software tools and any other security tools. Build your own computer virus easily.

  • HTML/XHTML/HTML5
  • JAVASCRIPT
  • PHP
  • SQL
  • PYTHON
  • PERL
  • C/C++
  • SOCKET PROGRAMMING
  • TSR PROGRAMMING.