johnny's blog

Based on "Auditing Cached credentials with cachedump" from Eoin Miller and Adair Collins at Shmoocon, 2007.

Under certain conditions, Windows domain credentials (usernames and passwords) are cached (stored) in a local machine's registry. Windows consults these credentials when a user logs into a network-disconnected domain member machine. If an attacker grabs and cracks a domain admin password from a workstation, he owns the entire domain!

Domain admin credentials are cached on a machine if an admin logs into it, uses "Run As" from it or accesses it with Remote Desktop. Caching also occurs when admins share laptops.

You can use tools like fgdump (http://swamp.foofus.net/fizzgig/fgdump) or Cain and Abel (http://www.oxid.it) to dump the credentials from a local or remote machine (stored in HKLM\SECURITY\Cache\NL[1-10]), assuming you have local admin privileges. Use John the Ripper (http://www.openwall.com/john) or Cain to crack the passwords.

Adam Laurie floored me with his “Satellite Hacking” talk at Blackhat USA 2009. I respect Adam’s work, humor and presentation skills. His approach thrilled me and reminded me of what hacking is all about: creativity and curiosity culminating in technologically cool stuff. Using $900 worth of gear, Adam hacked together a system that graphed (in 3D) feed signals found in a frequency range and horizon position. Instead of scanning through text data, he simply picked out the small (interesting) blips amongst the broad (commercial) smears. In his LIVE demo, he grabbed a UDP stream from a mysterious satellite over Africa with his UK-based dish and routed it to his machine in DC. Also, in an unrelated ($50) demo, he injected data into a US RFID-chipped passport’s signal stream, making the bearer none other than Osama bin Laden. Wicked, Adam!

I’m so greedy with my time. If I take time to read a paper or watch I talk only to find out it's regurgitated content, I get irritated. When a new technology comes along, I skim the details searching for the point. I want the essence--to know if and how it applies to me.

Twitter fans gets this. You get 140 characters which is a lot if you’re careful.

So I’m trying "blink" posts of 140 words or less. If I can’t make the point in that space then I don't get it, and if I don't get it, how can I help you get it?

Welcome to my blog space at Ciphent. It’s good to have you here.

And see? It is possible. This post is 133 words long.

-Johnny