20160523

Password Storage in Firefox

I got to thinking about password storage in Firefox recently, and wanted to figure out if they are easy to recover.  A quick search led me to to Password Fox.  I tried it out, and recovered the password pretty quickly (under a minute, maybe under 10 seconds).

 I started with a decent string generator, and got this for a password:
Next, i made up an account and stored the password.  Finally, using Password Fox I recovered the password, as seen here:
The passwords are stored in a javascript object notation (json) file.  I added a few line breaks for easy reading, but it is this:

I went back in and set a master password, and the same trick did not work.  So, I recommend using this 'master password' if you're going to let Firefox store your passwords (but don't forget it).

This is all covered fairly well on Mozilla's support forum.
Posted by at No comments:

20160516

Add a user and hide from logon screen

This tip on how to add a user without adding them to the logon screen got me wanting to try that out on Windows 10.  So, I went in there.

 Here is the list of users initially with the net users command:
I can add bob with net user bob pass /add
This adds bob, and bob is now on the home screen (you can note my anonymizing edits):
We can take a look at the registry with reg query "HKLM\software\microsoft\windows nt\currentversion\winlogon"
Next, we can add bob to the registered 'special accounts' that do not appear on the logon screen with reg add "hklm\software\microsoft\windows nt\currentversion\winlogon\specialaccounts\userlist" /v bob /t REG_DWORD /d 0 /f
Then, taking a look at the logon screen, there is no sign of bob:
And that's that.  Thanks to Jose Quinones for the initial how-to.
Posted by at No comments:

20160501

A note about ARP

As you can see here, it is the nature of things that an Address Resolution Protocol (ARP) packet with an 'is-at' payload would have a destination MAC that is the same as the MAC it is describing in the packet.

 We can see an example in this Wireshark capture:

That packet puts an entry in to the ARP cache like so:


 To see what happens when we mix up the addresses, we can use scapy, the packet manipulation program.  We can do this (at the scapy prompt):
To send this:

 With only the Sender MAC inside the ARP protocol payload, we get this cache update:

 So, as you can see, by changing the ARP payload, we can change which MAC is put in the cache.  Also, the scapy payload was not sent in response to an ARP request, and the cache had not aged off.  But, the cache was updated.  With some tuning this technique could be used to accomplish ARP poisoning, and a man-in-the-middle attack.
Posted by at No comments:
Subscribe to: Posts (Atom)