Saturday, 26 November 2011


Boot to Win RE
Click Command Prompt option..then type the following command:
CD Windows\system32
ren cmd.exe cmd.old
ren magnify.exe cmd.exe
ren cmd.old magnify.exe
Then Restart your computer
Click on the Easy of the Access centre on the left side bottom à Choose Magnify option à then.. Command prompt opens up
Type: net user administrator /active:yes
Restart the computer
Login on the administrator account and then using User Account page remove the password for the other account.
Search for Magnify.exe in start search and then click on it
Command prompt opens up!
Type: net user administrator /active:no
Restart the computer again!
This will disable the administrator account.
Boot to winRE
Type the following:
CD Windows\system32
ren magnify.exe cmd.old
ren cmd.exe magnify.exe
ren cmd.old cmd.exe
Restart the computer and then the system logs on to the User account without asking for the password provided there is only one user account.


Things are eventually moving into the clouds. So are cracking services too. An example is the WPA Cracker as a SaaS service. Now, we have another alternative – MOSCRACK a multifarious on-demand systems cracker.

Moscrack is a Perl application designed to facilitate cracking WPA keys on a cluster of computers. This is accomplished with Mosix clustering software and/or simple ssh connectivity. Cluster nodes can run any Unix variant (including Cygwin). This means that you can run Moscrack even on Windows operating systems! Currently it has only been used with Mosix (clustering software) and SSH nodes. It works by reading a word list from STDIN or a file, breaking it into chunks and passing those chunks off to separate processes that run in parallel. The parallel processes can then execute on different nodes in your cluster. All results are checked (to a degree) and recorded on your master node. Logging, error handling, etc… are all handled for you. Moscrack is designed to be run for long periods of time (days/weeks/etc.). It’s current feature list states:

* Based on Aircrack-NG
* CUDA is untested but may be possible
* Easily supports a large number of nodes
* Designed to run for long periods of time
* Doesn’t exit on errors/failures when possible
* Supports mixed OS/protocol configurations
* Effectively handles mixed fast and slow nodes
* Effectively handles mixed fast and slow links
* Forked design
* Architecture independent
* Uses standard protocols and utilities
* Supports Mosix
* Supports all popular operating systems as processing nodes
* Node prioritization based on speed
* Online configuration of nodes list
* Failed/bad node throttling
* Reprocessing of data on error
* Automatic performance tuning
* Does not require an agent on nodes
* Very verbose, doesn’t hide anything
* Logs key to file if found
* Logs output from nodes on error
* Includes a friendly status viewer (mosctop)
* Includes an optional basic X11 GUI

Moscrack contains an experimental GUI that hasn’t been used/tested very much. It has been tested on the following operating systems:

* Ubuntu Linux 10.10 x86 64bit & 32bit
* CentOS Linux 5.5 x86 32bit
* FreeBSD 8.1 x86 64bit
* Windows Vista Business 64bit w/Cygwin 1.7.7-1
* Mac OS X 10.5.6 (iPC OSx86)
* Solaris Express 11 x64
* iPhone 3g iOS 3.2.1 (Jailbroken)

Oh yes! You read it perfectly alright! It DOES work on an iPhone! Okay, it also needs a bit of a setup overhead. Details of the same can be read here. Since it supports a distributed nature, things could be difficult to handle. That’s why, Moscrack also includes a separate tool for monitoring it’s activity. It’s called – Moscrack Monitoring Tool, that displays data in a fashion similar to Unix “top”, thus the name “mosctop“. It also needs a few Perl libraries, that can be found in the read me document.

Download moscrack from here: Download


Cain & abel is a password recovery tool for Microsoft Operating Systems.It allows easy recovery of various kind of passwords by sniffing the network,carcking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks,recording VoIP Conversations,decoding scrambled passwords,recovering wireless network keys,revealing passwords boxes,uncovering cached passwords and analyzing routing protocols.


  • Proxy support for Cain’s Certificate Collector.
  • The ability to specify custo, proxy authentication credentials for Certificate Collector.
  • Proxy HTTPS Man-in-the-Middle Sniffer (TCP port 8080).
  • HTTP,APR-HTTPS and APR-ProxyHTTPS sniffer filters are now separated.
  • OpenSSL library upgrade to version 0.9.8q
  • winpcap library upgarde to version 4.1.2  
Download from here: Download


  • (5/10) – Searches several databases. Seems to have a large amount of data. My tests have proven this service as quite reliable. Fast.
  • (5/10) – meta-search, works well
  • (4/10)
  • (4/10) – distributed approach. Usable via web and IRC. Free open slots are rare.
  • (4/10) – Contains 171,392,210 unique entries in the database. You can insert new phrases to the database.
  • (4/10) – Currently serving around 810,000 hashes.
  • (4/10)
  • (4/10)
  • (4/10) – Surprised to see an .edu top level domain among this list, aren’t you? This MD5 hash database is operated by the Internet Storm Center.
  • (4/10) – Simple but sufficient interface.
  • (4/10) – Same as Uses a combined technique. Register to increase priority.
  • (4/10) – contains over 500 million hashes (12 GB). The site itself is in French. Enter the MD5 hash to be cracked in the form field labeled “HASH MD5:” and click Déchiffrer
  • (4/10) – Currently serving around 55,000,000 hashes. Fast.
  • (4/10)
  • (3/10) – Reputedly the biggest hash database (4 TB) online. During my tests i could have bought five so called payment-records additionally to the mentioned three findings. So i guess their database is really good.
  • (2/10) – uses a mixed approach (rainbow tables, dictionary attacks etc.)
  • – Currently serving around 170,000 hashes.
  • Strange interface. Long queue.
  • – Bruteforce approach. Seems to have a high success rate but only few free slots available. Register and pay to increase priority.
  • – contains over 750 million hashes. Warning: previously unknown words will be entered into their database and will be “recoverable” for everyone later.
  • – does not use a very own database but a Google Custom Search Engine (CSE). The CSE indexed other websites so it acts as a meta-search engine. But my tests were not very successful.
  • – small service. Around 300,000 hashes in the database.
  • RainbowCrack – rainbow table implementation that supports multiple codecs like LM, NTLM and MD5
  • Cain & Abel – in my opion the most advanced password cracker for Windows available to the public