Week 10 In Review – 2014

Resources

• Forgot your Windows admin password? – ogostick.net
  This is a utility to reset the password of any user that has a valid local account on your Windows system. Finally! A very major release!
• TrustyCon Videos Available – makehacklearn.org
  You can find the playlist of all of the videos in Al Jigong Billings YouTube channel but He also included the videos embedded here.
• New Attacks on HTTPS Traffic Reveal Plenty About Your Web Surfing –threatpost.com
  A group of researchers from UC Berkeley, however this week published a paper, that explains new attacks that aid in the analysis of encrypted traffic to learn personal details about the user, right down to possible health issues, financial affairs and even sexual orientation.

Tools

• CSRFT – github.com
  CSRFT – Cross Site Request Forgeries (Exploitation) Toolkit. A lightweight CSRF Toolkit for easy Proof of concept.

Techniques

• SSL man-in-the-middle attacks on RDP – labs.portcullis.co.uk
  This post seeks to demonstrate why users learning to ignore those certificate warnings for SSL-based RDP connection could leave them open to Man-in-the-middle (MiTM) attacks. The MiTM attack demonstrated displays keystrokes sent during an RDP session. Portcullis Labs conclude with some advice on how to avoid being the victim of such an attack.
• Decrypting MSSQL Database Link Server Passwords – netspi.com
  Extracting cleartext credentials from critical systems is always fun. While MSSQL server hashes local SQL credentials in the database, linked server credentials are stored encrypted. And if MSSQL can decrypt them, so can you using the PowerShell script released along with this blog.

Other News

• Hackers hijack 300,000-plus wireless routers, make malicious changes – arstechnica.com
  Researchers said they have uncovered yet another mass compromise of home and small-office wireless routers, this one being used to make malicious configuration changes to more than 300,000 devices made by D-Link, Micronet, Tenda, TP-Link, and others.
  • London firm at centre of hack redirecting 300,000 routers -www.pcpro.co.uk
    A London-registered company appears to be at the centre of a massive attack that’s redirecting traffic from 300,000 routers, a Florida-based security firm Team Cymru has said.