KellyKeeton dot Com v3.0 reverse engineering life


Not To Scare But Make Aware

I have a upcomming presentation in bellevue.This is my ever evolving hacking and low hanging fruit presentation, there is a fairammount of new content its a 30 min talk to brush over the top 10 things. I wish Iwas DefCon Cool but untill then…

Look I even Have a Bio register here anduse nca2008KK for a code

Filed under: Security No Comments

Unlock Windows with no Password

So lets pose a problem, you have a computer with encrypted HDD and you cant reboot the PC. Or a comptuer has something worth getting in memory (encryption key) and you want it. But the computer is locked. well you can now hack this.

winlockpwn -tool to connect to windows with firewire and inject a dll hack into memory to bypasspasswords on the "windows lock screen" and allow you access to windows with no passwordwhen locked.

if your not a linux power user, or just want to cheat here is a setupquide and if you use backtrack here is a postabout it.

So a lot of people say it works, I agree that it will - it uses dll hacking for passwords,you can dothis with the computer powered off orjust hack it

so what did I get, nothing...

i get this error

IOError: [Errno 22] Invalid argument

from, line 693: "If a node doesn't feel like fulfilling a request, itwill raise an IOError."

now if you unplug the fw and plug it back in repeatedly running the script it willstart scanning memory only to end with a device busy

seems that the "money time" is when the device is detected as a "Hard Drive" you startscanning the memory at that point. then the ipod comes in and all work ends

same issue on two computers

but who's to say Im just odd.


I got it to work, who knows if I was sleepy or a reboot fixed it. But when I poweredup. Started from "step 5" and followed steps exactly.

Dell630 fully patched on the domain and it worked! I had full access as advertised.

something I noticed was that this morning businfo has 1 on the node 0 and not 0 forall the data it spits out on what will and wont work.


April Update

updates crunched into one post as its been slow month for security and nerdy things...

new versions of fgdump for your slurp tool are out

along with another neat tool for pass the hash type of information gathering

a guy rolled his own version of the usb2ram tool that will dump WDE drive keys

also anyone seen that USAirforce commercial about blowing up satellites? great securityawareness video haha.

almost everything is done, we got the wine most recently, just need to set it in motion!

I offically off IT support again, now just do Security Consulting!

other news I also passed my test for General HAM you can now call me K7MHI

Filed under: Security, Social No Comments

Decrypt BitLocker FileVault and TrueCrypt Whole disk Encryption!!!

I was just in the conference trying to swipethe memory from a laptop someone left there. Problem is that I had to remove the keyboard,then I broke my little screwdriver and when I did all this I realized I forgot mycan of air. Then it was too late my memory had gone muy loco


This isn’t a "holy crap my shit is 3137h4xor pwnd" but a "wow that’s a cool hack" sort of like Xbox running Linux oran oscilloscope that can print vector graphics from pong. This would be a cool Spytrick or uber 31337 bad guy. But if you wanted to get around it. You just use encryptedfile mounts. I woudl imagine that the protection on the temporary mounts is protectedor you just time out unmount the encrypted mount.


A elementary way to do this is the old keylogger.Works every time. I bet you arnt checking your docking station keyboard everymorning? (thankyou centas for the use of the building custodial jumpsuit for accessto your office)


I think the big thing here is dont let badguys finger your ram!


Did you see all the things that will causeproblems....


I do want a copy of the RAM2USB boot applicationthey have, as that would be handy in uses other then just hacking "secret keys"


or be totally insane and checkthis out


become ninja 31337 h4x0r with practice

Here is a cooltool (OWASP WegGoat) that will test you on your hacker skills, from 31337to nub3 you can see where you rank, I got to the last 4 modules and I didn’thave the skillz to continue (mostly the time to keep going)

I strongly recommend that if your interested in security / web security that you checkout this project and run around the site to get learned. BTW a lot of my browser plug-inswill help you pass the quizzes.

Other things to hack, wargames, de-icedistro


Browser Plug-In’s

I wanted to make a list of browser plug-ins that I use and find quite importantto security and daily ops work.

First, for IE (I accidently upgraded to 7.0 and didn't feel like un-installing thebehemoth)

  • Bayden Systems' TamperIE offersHTTPS form-tampering
    • sort of a mac-daddy tamper application to change your post data on the fly, must have.
  • Microsoft's IEDeveloper Toolbar
    • Change values on the fly also get header info and more right away
  • Microsoft's IEPowertoys for WebDevs
    • was cool but appears the highlight and show source dont work with IE7, however stillworks for DOM data so I keep it.

Now the giant list for FireFox (where all the 31337 users are)

  • AdBlockPlus
    • This is like going from dial up to DSL, the internet all the sudden becomes “sweet”
  • BlogJet
    • This is also in my IE, its my blogger application
  • DOM Inspector
    • handy for webdev and de-construction
  • DownloadThemAll
    • I dont like to click and this is a price-less tool for saving clicks.
  • GoogleBrowserSynch
    • I dont like how big google is and I dont like the idea of google watching what I browse,this was just an interesting tool since I am on lots of computers, I just dont havethe guts to sign-in yet.
  • GoogleToolBar
    • this is a must, duh.
  • HttpHeaders
    • handy for webdev and de-construction
  • ModifyHeaders
    • handy for webdev and de-construction, and user-agent mods
  • NoScript
    • The only “security” leo laporte knows with out steve giving him a script. Handy forhacking things.
  • RefControl
    • spoof the referrer to the server.
  • PDF Download
    • sometime I like to download pdf’s sometimes I like to view them live, this lets mechoose.
  • Tamper Data
    • same as TemperIE but for zilla
  • ULRParms
    • Different type of TamperData type plugin
  • User Agent Switcher
  • WebDev
    • This tools is mostly a must for anyone, you can quickly shut on and off and mod partsof sites.

Update June2008:
some good hack tools


wamu sucks

So I have a wamu credit card, I have nothing good to say about wamu when I activatedthe card, I actually yelled at them that I didnt want to buy any insurance or frauddetection service. It was worse then a girl scout that needs to make a quota. So thenI went to close out the card (I used it for a 0% loan) I didnt want to call, so Iset up an account online. I had to make my password. But check out the HORRIBLE passwordrequirements. Not only do they limit to alpha 8 character, but they also give youexample passwords! haha



Filed under: Security No Comments

Virtual Server Hardening

So this topic of virtual servers is starting to catch on a bit more, I still thinkit will go the waysideof bluetooth and only people that drink the Intel kool-aid will adopt it, butthats just me, dont get me wrong I feel there is a place for virtual machines in thedata center, the technology and use just isn't impressing me today. Thereal point of this post is to bring together some of the tips about virtual serversecurity, I say virtual server and not vmware becausethey arnt the only players in the market, example is Virtuozzo whoI was just talking with a friend about. I was listening to a pauldotcompodcast the other day (which if your interested you need to go listen to)

Anywhoo I have compiled a list of some of the top things to disable or change to hardenyour virtual environment. The following documents go into further detail but I wantedto explain out a few ideas. The first is disabling unused hardware, examples are FDD,CDROM, USB, and most important the NIC. Obviously you can understand the media notonly will it free up resources (other tips are shut down screensavers and the K-Desktop)but they just arnt needed typically in a virtual environment. The NIC is one thatmost people overlook (depending on setup and how you have things configured this canbe incorrect tip), they will have a virtual host with the ability to link to yourLAN. now this is particularly and issue if the threat of jumping out of a virtualever comes to light as a virus. If you have a host on a protected network and yourvm’s are on a DMZ for example, then once the virtual is hacked your protectednetwork is at risk, the amount of times that you should have to touch the host isminimal so keep the KVM attached and disable the protocalls and ip address on thehost.

Next topic that ties in with the first is to keep similar security devices on thesame host, and put that host in the proper subnet for the security of the virtuals.Meaning, dont put your web server on the same host as your financial server, and dontput your web server on the same as a tool server that is located in your ring 0/1LAN. If its a DMZ server and you would have put it there physically, then put it therephys-virtually (thats physically and virtually in one word) so say this with me onceagain, put like security servers in the proper realm with the proper vrituals sharinga host.

Now to get a little specific to vendors, example is VMware. With VMware you have coolthings like drag-and-drop file copy, cut and paste etc. In a server virtual machineyou want to shut these enhancements off.

Patch! VMware, Microsoft each have patches for the softwares they produce, updateand patch your software. vmware has no nice patch management notification like MicorosoftUpdateso Patch your softwares, also patch your hosts and virtuals for OS and APP patches.

VMWare has actually publisheda paper for security with the ESX Server, this has important tips for logs, users,and resource provisioning to prevent denial of service issues.

Also CI Security is supposed to release hardeningguides, however they also publish good standards for the OS in the virtual so checkthem out, along with that is the Microsoft published 2000 hardeningand 2003 hardeningguides.

Another interesting summary from guys at Petri,specifically because they have screenshots

Filed under: Security No Comments

CrossSite Request Forgery

A “new” security threat that I thought was rather interesting. using crosssite forgery, the idea is that if you have two browsers open, one is your bankthe other is a hack-site. The hack site can use this idea to piggy back on your cookieand session to do things with your bank with out you knowing, How? well it would justsend http post data (or get) in the back end of the browser. So whats this mean whydo you care? If this takes off its nasty till’ people fix the sites you use.To not fall victim to this just dent flip browsers while your browsing, if you areon a site that you feel needs to be secure close out myspace.

Also the tool that I use for google hackingpay-sites, is the mozilla RefControl,which is the underlying idea with this hack

Filed under: Internet, Security No Comments

fgdump new version

I havent had time to post up about this, but there is a newversion of fgdump, this will dump the protected storage if possible, local LMtable and cachedump of any system you have admin rights to. This tool is the ifto-factotool for collecting data for pen-test stuff. The special thing about this tool isthat it will sneek past most AV tools so you dont need to kill them to audit. I alsorecommend downloading the source and compile on your own to even further protect againstAV messing this up.

Filed under: Security, Software No Comments