begood

Ce caut aici ? Îmi caut jum?tatea.

are anti-anubis si antivirustotal. aveti grija cu el, posibil sa contina trojan, nu stau sa-l purec si pe asta.

Sa presupunem ca stim in ce ordine citeste sistemul nostru de operare fisierele, la bootup. Daca le-am ordina (fizic, pe hdd) in aceasta ordine, vom avea o viteza de boot-up mult mai mari decat daca defragmentam fisierele, iar ele sunt dispuse haotic pe disc. Prima problema ar fi urmatoarea : cum determini in ce ordine citeste sistemul de operare fisierele. Ceva idei ?

Si cum propui sa distribui programele ? Sa le introduc in imaginea virtuala sau sa le las afara ? Daca le introduc, atunci va fi mai mult de downloadat, iar majoritatea nu au nevoie de tot ce e acolo. Pe de alta parte, daca nu le introduc in imagine, veti avea batai de cap cu copierea fisierelor in sistem + dupa 5 ani (sa zicem) se vor pierde, daca nu le "contopesc" cumva. E cu doua taisuri...

Cateva greseli pe care le-am facut la prima versiune + niste dileme : - am setat ca hdd-ul sa aiba limita de 4GB (ma gandeam eu sa va intre pe un stick fat32), desi puteam sa-l fac de 100 GB si sa-l setez ca fiind "expanding hard disc" (.VDI), astfel ocupa doar cat am introdus in el, se mareste pe masura ce intra informatii. - are rost sa instalez atatea programe ? sau sa le introduc kiturile de instalare, iar userii sa-si instaleze dupa bunul plac ce doresc, sa stearga restul. - sa las kiturile "afara", iar sistemul de operare sa ramana atat, o chestie "mica" si usor de manevrat

Foloseste Freecap.

are you for real ?

http://rstcenter.com/forum/22664-securityxploded-free-tools.rst#post148047 citeste commentul.

Ah, sa inteleg ca nu va convine ca primiti ultimele stiri si tooluri din domeniu ? (majoritatea stirilor nu au o vechime de nici 1 zi) Bine fratilor, nu mai postez nimic daca nu va convine. De ce credeti ca va caut zilnic ultimele chestii noi si interesante sa le postez pe forum ? Ca sa-mi fac mie posturi ? Aia ma intereseaza pe mine ?

Sunt sigur ca majoritatea nu le-ati vizionat, sunt sigur ca stiti de ele, sunt sigur ca vi se par interesante. De asta va invit sa discutam pe marginea lor. Va faceti timp, azi fiind duminica de exemplu ati putea vedea cateva. Pentru cei care chiar n-au auzit de BlackHat pana acum : conferinta anuala, de anvergura, unde se fac prezentari pe diferite teme de securitate (de aici numele de blackhat). Stiu ca majoritatea titlurilor sunt mai mult sau mai putin inspirate, dar va garantez ca veti ramane uimiti la foarte multe multe dintre prezentari. Aveti aici prezentarile, video/pdf/ppt. Black Hat ® Technical Security Conference: DC 2010 // Archives Am uitat sa precizez ca s-a tinut si in Europa conferinta. http://www.blackhat.com/html/bh-eu-10/bh-eu-10-archives.html

ia de aici : Hash Generator

rad de peste jumate de ora ))

# Title: Safari 4.0.5 parent.close() Memory Corruption exploit (w/ASLR and DEP bypass) # EDB-ID: 12614 # CVE-ID: () # OSVDB-ID: () # Author: Alexey Sintsov # Published: 2010-05-15 # Verified: no # Download Exploit Code # Download N/A Download: http://www.exploit-db.com/sploits/safari_parent_close_sintsov.zip Unzip and run START.htm This exploit use JIT-SPRAY for DEP and ASLR bypass. jit-shellcode: system("notepad") 0day.html - use 0x09090101 address for CALL JITed shellcode. START.htm -> iff.htm -> if1.htm -> 0day.html | | | | JIT-SPRAY parent.close(); 0x09090101 - JITed * ESI=0x09090101 shellcode * CALL ESI By Alexey Sintsov from Digital Security Research Group [/"]www.dsecrg.com]

mi se rupe sufletu

ai stricat-o

The National Security Agency and the Central Security Service tested the five U.S. service academies during the 2009 Cyber Defense Exercise.Teams were tested on their ability to defend computer networks the students designed themselves. The winner took home the coveted CDX trophy. In an unclassified movie produced by the NSA, we caught a glimpse of BackTrack being used in the CyberDefence 2009 Wargames. ?

Dihydrogen Monoxide is a dangerous chemical that causes millions of dollars in damage each year. The Steve Spangler Science team decided to create these ads to spread the word. Check out our Dihydrogen Monoxide Containment Kit to help protect your family. Dangers of Dihydrogen Monoxide at Steve Spangler Science begood is an addict too. Take the big leap and call your doctor as soon as possible.

Sapte noi useri in 15 minute :> Asta da ! RST chiar e mare. http://img143.imageshack.us/img143/1724/guestsregistering.png

About StreamArmor StreamArmor is the sophisticated tool for discovering hidden alternate data streams (ADS) as well as clean them completely from the system. It's advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams. It comes with fast multi threaded ADS scanner which can recursively scan over entire system and quickly uncover all hidden streams. All such discovered streams are represented using specific color patten based on threat level which makes it easy for human eye to distinguish between suspicious and normal streams. It has built-in advanced file type detection mechanism which examines the content of file to accurately detect the file type of stream. This makes it great tool in forensic analysis in uncovering hidden documents/images/audio/video/database/archive files within the alternate data streams. StreamArmor is the standalone, portable application which does not require any installation. It can be copied to any place in the system and executed directly. What is Alternate Data Stream (ADS) ? Alternate Data Stream (ADS) is the lesser known feature of Windows NTFS file system which provides the ability to put data into existing files and folders without affecting their functionality and size. Any such stream associated with file/folder is not visible when viewed through conventional utilities such as Windows Explorer or DIR command or any other file browser tools. It is used legitimately by Windows and other applications to store additional information (for example summary information) for the file. Even 'Internet Explorer' adds the stream named 'Zone.Identifier' to every file downloaded from the internet. Due to this hidden nature of ADS, hackers have been exploiting this method to secretly store their Rootkit components on the compromised system without being detected. For example, the infamous Rootkit named 'Mailbot.AZ' aka 'Backdoor.Rustock.A' used to hide its driver file into system32 folder (C:\Windows\system32) as a stream '18467'. In short, ADS provides easy way to store the malicious content covertly as well as execute it directly without making even a bit of noise. Only sophisticated tools such as StreamArmor has the ability to discover and destroy these hidden malicious streams. For complete details on 'Alternate Data Streams' please refer to the following article 'Exploring Alternate Data Streams' Feature Highlights of StreamArmor Here are the highlights of prominent and unique features of StreamArmor which makes it stand apart from other existing tools in the market. Fast, multi threaded ADS scanner to quickly and recursively scan entire computer or drive or just a folder. 'Snapshot View' for quick identification of selected stream and faster manual analysis. Option to 'Ignore Known and Zero Streams' which automatically ignores all known streams (such as Zone.Identifier) and streams with zero size, thus greatly reducing time and effort involved in manual analysis. Advanced stream file type detection which analyzes internal content of file to detect the real file type rather than just going by the file extension. Here is the list of some of the major file type categories detected by StreamArmor Executable File Type (EXE, DLL, SYS, COM, MSI, CLASS) Archive File Type (ZIP, RAR, TAR, GZ, COM) Audio File Type (MP3, WAV, RA, RM, WMA, M3U) Video File Type (WMV, AVI, MPEG, MP4, SWF, DIVX, FLV, DAT, VOB, MOV) Database Type (MS ACCESS) Document Type (PDF, XML, DOC, RTF, All MS Office old & new formats) [*]Sophisticated 'Auto Threat Analysis' based on heuristic technology for identifying anomaly in the discovered streams based on the characteristics and patterns. [*]'Online Threat Verification' to check for presence of Virus or Rootkit in the suspicious stream using any of the following prominent online websites. VirusTotal (www.VirusTotal.com) ThreatExpert (www.ThreatExpert.com) MalwareHash (www.MalwareHash.com) [*]Representation of streams using color pattern based on threat level makes it easy and fast for human eye to distinguish between suspicious streams from normal ones. [*]Parallel analysis of discovered streams during the scanning process, allows user to start with analysis immediately without waiting for entire scanning operation to be completed. [*]View the entire content of selected stream using the configured third party application. In fact user can configure different applications for normal & executable stream file. [*]Save the selected stream file content to a disk, or USB drive or DVD for further analysis. [*]Delete the selected alternate data stream from its base file or folder. [*]Execute/Run the selected executable stream file for analyzing its malicious nature in virtual environments such as VMWare. [*]Dynamic performance tuning mechanism by adjusting the ADS scan thread count [only for advanced users]. [*]Sort feature to arrange the scanned streams based on its name/threat level/content type/size. [*]Export the entire list of discovered streams to a disk file in HTML format for offline analysis. StreamArmor Screenshots Here are the screenshots of StreamArmor showcasing its unique and unparalleled features... Screenshot 1: StreamArmor detecting Rootkits such as HackerDefender, Agent.X, Vanquish etc in addition to other hidden streams. Screenshot 2: StreamArmor showing all the discovered streams using specific color pattern based on their respective threat levels. Screenshot 3: StreamArmor displaying the snapshot view of the selected Rootkit stream file which clearly shows that its a executable file (starting with "MZ"). Screenshot 4 : Online threat verification of uncovered 'HackerDefender' Rootkit stream file using VirusTotal.com. Screenshot 5: Online threat verification of uncovered 'HackerDefender' Rootkit stream file using ThreatExpert.com. Screenshot 6 : 'Scan Settings' of StreamArmor showing the default configuration. Screenshot 7 : General configuration dialog of StreamArmor that allows user to fine tune various options as per the needs. Screenshot 8 : Exported stream scan report in HTML format by Stream Armor showing scan summary along with detailed threat report. Acknowledgement Thanks to Manojna, Raghuveer, EvilFingers for their valuable inputs in making of this tool. Version History Version 1.0: 27th Mar 2010 First public release of StreamArmor Download StreamArmor StreamArmor is developed by me for RootkitAnalytics. However due to legal bindings, I cannot host it on this website. Hence please follow the below link to download it from RootkitAnalytics. Download StreamArmor 1.0 from RootkitAnalytics.com

About SpyDLLRemover SpyDLLRemover is the standalone tool to effectively detect and delete spywares from the system. It comes with advanced spyware scanner which quickly discovers hidden Rootkit processes as well suspicious/injected DLLs within all running processes. It not only performs sophisticated auto analysis on process DLLs but also displays them with various threat levels, which greatly helps in quick identification of malicious DLLs. The DLL search feature helps in finding DLL within all running processes using partial or full name. One of the unique feature of SpyDLLRemover is its capability to free the DLL from remote process using advanced DLL injection method which can defeat any existing Rootkit tricks. It also uses sophisticated low level anti-rootkit techniques to uncover hidden userland Rootkit processes as well as to terminate them. SpyDLLRemover supports wide range of platforms starting from XP to latest operating system, Windows 7. Along with this, it introduces new 'Scan Settings' option to allow the user to fine tune the scanning operation. With this user can now customize the various scanning modes and methods according to their taste. It also presents other numerous features such as improved heuristic analysis, enhanced user interface with cool look & feel, inteli-refresh of 'process viewer' resulting in flicker free user experience and many more... Current version provides support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7. Features of SpyDLLRemover Here are some of the prominent and unique features of SpyDLLRemover which set it apart from any other tool of its kind. Advanced Spyware Scanner which efficiently discovers hidden Rootkit processes as well as suspicious/injected DLLs within all running processes in the system. Detection and removal of hidden userland Rootkit processes using sophisticated techniques such as - Direct NT System Call Implementation - Process ID Bruteforce Method (PIDB) as first used by BlackLight - CSRSS Process Handle Enumeration Method State of art technique for completely freeing the injected DLL from remote process based on advanced DLL injection method using low level implementation which defeats any blocking attempts by Rootkits. This is one of those unique features found only in SpyDLLRemover. Sophisticated DLL auto analysis which helps in separating out the legitimate modules/DLLs from the malicious ones. Such DLLs are displayed using different colors representing various threat levels for quicker and easier identification. Integrated online verification mechanism through ProcessLibrary.com to validate any suspicious DLLs. This makes it easy to differentiate between the spyware & legitimate DLLs. 'Scan Settings' option to fine tune the scanning operation based on user needs. Inteli-Refresh of 'Process Viewer' for flicker free user experience. 'DLL Tracer' feature to search for DLL within all running processes using partial or full name. Then user can choose to remove the DLL from single process or from all loaded processes with just one click. Sort the process/DLL in the list based on various parameters for easier and quicker analysis. Detailed report generation of Spyware scanning result as well as process/DLL list in standard HTML format for offline investigation. View the process/DLL properties for more information by just double clicking on the process/DLL entry in the list. Feature to show all running processes in the system which has loaded the selected DLL. Also user can click on "Remove DLL from ALL' button to quickly remove any such malicious DLL from all loaded processes. Termination of suspicious or hidden process based on low level implementation which makes it very effective against any Rootkit techniques. Support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7. Displays detailed information about all running processes on the system - Process name - Process Id - Session Id - Company Name - Product Name - Process Description - Memory Utilization - Process Binary Path - Process File Size - File Install Date Shows detailed information about each loaded DLLs within process to make it easier for manual analysis. - DLL Name - Company Name - Description - Comment about type of DLL (System, Hidden, Suspicious) - Load/reference count of DLL - Loading Type (static/dynamic) - DLL File Size - File Install Date - Base Address of DLL - Entry point of DLL - Full DLL File Path It is standalone tool which does not require any installation and can be executed directly. Enriched user interface along with more user friendly options makes it the cool tool. SpyDLLRemover in Action Here are the screenshots of SpyDLLRemover which demonstrates its effectiveness in detecting spywares and eliminating them with ease. Screenshot 1: SpyDLLRemover scanning the infected system for spywares and showing the malicious DLL injected by Vanquish Rootkit along with other suspicious DLLs. Screenshot 2: SpyDLLRemover's newly introduced 'Scan Settings' which provides flexibility to user to fine tune the scanning operation. Screenshot 3: SpyDLLRemover detecting the hidden modules/DLLs injected within cmd.exe process by Vanquish Rootkit. Screenshot 4 : SpyDLLRemover's 'DLL Tracer' feature showcasing the DLL search operation to trace the DLL within all running processes. Screenshot 5: Detailed report of Spyware Scanning Result in HTML format generated by SpyDLLRemover. Testimonials for SpyDLLRemover SpyDLLRemover has received some great testimonials from elite customers who have been using this tool widely in their IT administration. Here is the testimonial from Lucas Rodriguez, President of Chip Computer Stores, Inc If you are using SpyDLLRemover and impressed with it, we are happy to get one from you. You can refer to this blog article for writing one such testimonial. For more details, refer to our 'Testimonial Section' on RootkitAnalytics web page. Acknowledgement I am thank full to my brother Raghuveer for designing the highly creative banner for the SpyDLLRemover on a short note. My kind regards to EF for pushing me to finish it in style only to realize my potential. History Version 3.2: 8th Feb 2010 Support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7. Version 3.0: 30th Nov 2009 This version extends support for Microsoft's new operating system, Windows 7. Along with this, it introduces 'Scan Settings' option to allow the user to fine tune the scanning operation. Also it presents other new features such as improved heurestic analysis, enriched user interface, Intelli-Refresh of 'Process Viewer' etc. Version 2.5: 12th July 2009 Next major version of SpyDLLRemover with 'DLL Tracer' feature to quickly search for DLL within all running processes. It also includes the improved user interface and major bug fixes. Version 2.0.1: 30th May 2009 Released second version of SpyDLLRemover with enriched features such as Spyware Scanning of System, Improved DLL auto analysis, Enhanced GUI interface, HTML based report generation of spyware scanning result as well as process/DLL list, advanced technique for removal of injected DLL from all loaded processes, sorting the process/dll based on various parameters for easier and quicker identification. Version 1.0.1: 14th Mar 2009 First public release of SpyDLLRemover. Download SpyDLLRemover SpyDLLRemover is developed by me for RootkitAnalytics. However due to legal bindings, I cannot host it on this website. Hence please follow the below link to download it from RootkitAnalytics. Download SpyDLLRemover 3.2 from RootkitAnalytics.com

About AdvancedWinServiceManager 'Windows Service' is a program designed to perform specific service which is started automatically when Windows boots and runs as long as System is up and running. Services normally run with 'System' privilege thus enabling them to execute higher privilege operations which otherwise cannot be performed by normal processes. Due to these advantages, often malware applications use services to monitor and control the target system. In this direction, AdvancedWinServiceManager makes it easy to eliminate such malicious services by separating out third party services from Windows services. By default it shows only third party services along with more details such as Company Name, Description, Install Date, File Path etc at one place which helps in quickly differentiating between legitimate and malicious services. It comes with rich features such as detecting hidden rootkit services, exporting the service list to html based log file, displaying only third party services etc. All these unique things make it stand apart when compared to 'Windows Service Management Console'. Features of AdvancedWinServiceManager Here is the complete feature list of AdvancedWinServiceManager Detection of hidden Rootkit services It can detect the services hidden by malicious Rootkit applications using bypass hook method. Such hidden services will be shown in red color to differentiate it from normal services. Enhanced user interface with dynamic resize functionality. It comes with really cool GUI interface with catchy banner. Also it has dynamic resizing capability which makes it to adjust the screen according to the user needs. Arrange the services based on various parameters It comes with sorting functionality to arrange the services based on service name, description, status, user account, company name, binary path, file size etc. This helps in quick searching of the service. Easier detection of malicious service By default only third party services are displayed along with detailed information which makes it easy to differentiate between legitimate and malicious services. Export the services list to standard html format 'Export to File' option provides easy way to save the displayed service list to html based log file for offline analysis. Show services based on status and vendor. User can view the services based on its status. For example one can view only third party services or all running services. Smooth and quick management of services It provides option to start, stop, enable or disable services with just a click. Displays detailed information for each service For each service following information is shown, Service Name Description Company Name Service Status User account File version File Size Install Date Full Binary Path Screenshots of AdvancedWinServiceManager Screenshot 1: Showing only third party services Screenshot 2: Hidden Rootkit service from Hacker Defender being detected by AdvancedWinServiceManager Screenshot 3: Arranging all running services based on Company Name Screenshot 4: Exported service list in html format shown in Internet Explorer. Using AdvancedWinServiceManager This is very simple application which does not require any installation. Just copy the downloaded executable file to any folder and launch it. By default it will show only running third party services. You can click on check boxes at the bottom to show all third party services or show all services including built-in windows services. Once the particular service is selected, you can use the buttons to start/stop, enable/disable that service. Also the service list can be reloaded by clicking on the 'Refresh' button. History Version 2.0.1: 17th April 2009 Release of AdvancedWinServiceManager with rich features such as hidden Rootkit service detection, enhanced user interface, arranging the services, exporting the service list to log file etc. Version 1.2: 10th June 2008 User interface improvement, Vista UAC compatibility along with bug fixes. Version 1.0 : 30 Dec 2006 First public release of WinServiceManager Download AdvancedWinServiceManager FREE Download AdvancedWinServiceManager 2.0.1 License : Freeware Platform : Windows XP, 2003, Vista. Download

About NetworkPasswordDecryptor NetworkPasswordDecryptor is the free tool to instantly recover the network passwords stored in the 'Credential Store' of Windows. Windows 'Credential Store' provides the framework for storing various network authentication based passwords in secure encrypted format. Not only Windows uses it to store network authentication passwords, but also other applications such as Outlook, Windows Live Messenger, Remote Destktop, Gmail Notifier etc uses it for storing their login passwords. These network passwords are saved only when the user has selected 'Remember Password' option during login time. These network passwords are stored in encrypted format and even administrator cannot view these passwords. Also some type of passwords cannot be decrypted even by administrators as they require special privileges. In this context, NetworkPasswordDecryptor makes it easy to enumerate and decrypt all the stored network passwords from Credential Store. Features of NetworkPasswordDecryptor NetworkPasswordDecryptor can recover following passwords on all versions of Windows starting from XP to Windows 7. All network authentication passwords stored by Windows. Basic/Digest authentication passwords stored by Internet Explorer Google login password stored by GMail Notifier Remote Desktop stored passwords. Exchange server login passwords stored by Outlook. Login passwords of Windows Live Messenger NetworkPasswordDecryptor also allows you to delete any of the stored passwords from 'Credential Store'. This is useful if the password has changed or if the user has accidently saved the critical password. Also it provides option to save the decrypted network password list to TEXT or HTML format. Internals of NetworkPasswordDecryptor Windows 'Credential Store' support following different type of network secrets. Domain Password Generic Password Domain Visible Password / .NET Passport Certificates Each of these types have different level of access and follow different encryption mechanism. For example 'Generic Passwords' can be decrypted by corresponding users directly. However decryption of domain passwords require special privilege and can be decrypted only in the context of system process, LSASS.exe. This makes it easy for application to choose suitable type of encryption mechanism for storing their login passwords. Windows allows application to manage these network passwords using Credential Management API functions to store and retrieve the passwords. Except passwords of Domain type all other passwords can be retrieved using such functions. Decrypting domain type passwords require special technique of executing entire decryption operation in the core of LSASS process using undocumented functions. For more detailed technical information on decrypting these network passwords read the following research article, 'Exposing the Secret of Decrypting Network Passwords' Using NetworkPasswordDecryptor NetworkPasswordDecryptor is a standalone application and it does not require any installation. You can just copy the executable to any location on the system and run it directly. Launch the NetworkPasswordDecryptor.exe as current user or administrator. On launching, it will display current username and operating system version. Next click on 'Start Recovery' button and it will decrypt all the stored network passwords & display it in clear text as shown in the screenshot below. You can use 'Delete' button to remove any of the saved passwords from Credential Store. Finally you can save this decrypted passwords to TEXT or HTML file by clicking on 'Export to TEXT' or 'Export to HTML' button respectively. Note that you need to have administrator privileges to decrypt the network passwords of all types successfully. Otherwise only user specific passwords will be recovered. NetworkPasswordDecryptor in Action Here are the screenshots of NetworkPasswordDecryptor Screenshot 1: NetworkPasswordDecryptor showing all the decrypted network based passwords. Screenshot 2: Network account password list exported in HTML format by NetworkPasswordDecryptor . History Version 1.1 : 16th Feb 2010 Fixed the issue with retrieving Windows Live Messenger password on Windows 7 Home editon. Many thanks to Patrick.B for reporting and working towards the resolution. Version 1.0 : 6th Feb 2010 First public release of NetworkPasswordDecryptor. Supports recovery of all the network based passwords including network authentication, remote desktop, windows live messenger, Outlook & Gmail Notifier. Also it provides option to completely delete any of the saved passwords. In addition to this user can save the decrypted password list to TEXT or HTML file. Disclaimer NetworkPasswordDecryptor is the free tool and designed for good purpose to help users to recover the lost network account passwords. Like any other tool its use either good or bad, depends upon the user who uses it. However author is not responsible for any damage caused due to misuse of this tool. Download NetworkPasswordDecryptor FREE Download NetworkPasswordDecryptor 1.1 License : Freeware Platform : Windows XP, 2003, Vista, Win7 Download

About FireMaster FireMaster is the first ever built tool to recover the lost master password of Firefox. Master password is used by Firefox to protect the stored sign-on information for all visited websites. If the master password is forgotten, then there is no way to recover the master password and user will lose all the sign-on information stored in it. However user can now use FireMaster to get back all their stored credentials. FireMaster uses combination of techniques such as dictionary, hybrid and brute force to recover the master password from the Firefox key database file. Now it also supports patten based password recovery mechanism which significantly reduces the time taken to recover the password. Firefox Password Manager and Master Password Firefox comes with built-in password manager tool which remembers username and passwords for all the websites you visit. This sign-on information is stored in the encrypted form in Firefox database files residing in user's profile directory. However any body can just launch the password manager from the Firefox browser and view the credentials. Also one can just copy these database files to different machine and view it offline using the tools such as FirePassword. Hence to protect from such threats, Firefox uses master password to provide enhanced security. By default Firefox does not set the master password. However once you have set the master password, you need to provide it every time to view sign-on credentials. So if you have lost the master password, then you have lost all the stored credentials as well. So far there was no way to recover these credentials once you have lost the master password. Now the FireMaster can help you to recover the master password and get back all the sign-on information. Internals of FireMaster Once you have lost master password, there is no way to recover it as it is not stored at all. Whenever user enters the master password, Firefox uses it to decrypt the encrypted data associated with the known string. If the decrypted data matches this known string then the entered password is correct. FireMaster uses the similar technique to check for the master password, but in more optimized way. The entire operation goes like this. FireMaster generates passwords on the fly through various methods. Then it computes the hash of the password using known algorithm. Next this password hash is used to decrypt the encrypted data for known plain text (i.e. "password-check"). Now if the decrypted string matches with the known plain text (i.e. "password-check") then the generated password is the master password. Firefox stores the details about encrypted string, salt, algorithm and version information in key database file key3.db in the user's profile directory. You can just copy this key3.db file to different directory and specify the corresponding path to FireMaster. You can also copy this key3.db to any other high end machine for faster recovery operation. FireMaster supports following password generation methods 1) Dictionary Method In this mode, FireMaster uses dictionary file having each word on separate line to perform the operation. You can find lot of online dictionary with different sizes and pass it on to Firemaster. This method is more quicker and can find out common passwords. 2) Hybrid Method This is advanced dictionary method, in which each word in the dictionary file is prefixed or suffixed with generated word from known character list. This can find out password like pass123, 12test, test34 etc. From the specified character list (such as 123), all combinations of strings are generated and appended or prefixed to the dictionary word based on user settings. 3) Brute Force Method In this method, all possible combinations of words from given character list is generated and then subjected to cracking process. This may take long time depending upon the number of characters and position count specified. How to use FireMaster? First you need to copy the key3.db file to temporary directory. Later you have to specify this directory path for FireMaster as a last argument. Here is the general usage information Firemaster [-q] [-d -f <dict_file>] [-h -f <dict_file> -n <length> -g "charlist" [ -s | -p ] ] [-b -m <length> -l <length> -c "charlist" -p "pattern" ] <Firefox_Profile_Path> Dictionary Crack Options: -d Perform dictionary crack -f Dictionary file with words on each line Hybrid Crack Options: -h Perform hybrid crack operation using dictionary passwords. Hybrid crack can find passwords like pass123, 123pass etc -f Dictionary file with words on each line -g Group of characters used for generating the strings -n Maximum length of strings to be generated using above character list These strings are added to the dictionary word to form the password -s Suffix the generated characters to the dictionary word(pass123) -p Prefix the generated characters to the dictionary word(123pass) Brute Force Crack Options: -b Perform brute force crack -c Character list used for brute force cracking process -m [Optional] Specify the minimum length of password -l Specify the maximum length of password -p [Optional] Specify the pattern for the password Sample Usage Information // Dictionary Crack FireMaster.exe -d -f c:\dictfile.txt Firefox_Profile_Path // Hybrid Crack FireMaster.exe -h -f c:\dictfile.txt -n 3 -g "123" -s Firefox_Profile_Path // Brute Force Crack FireMaster.exe -q -b -m 3 -c "abyz126" -l 10 -p "pa??f??123" Firefox_Profile_Path Here Firefox_Profile_Path refers to the directory where key3.db file is present. This points to the Firefox profile directory (Ex: C:\Documents and Settings\<user>\Application Data\Mozilla\Firefox\Profiles\<prof name>) on your machine. However you can also copy key3.db file from any other machine such as Linux system to your local windows machine and specify that path during recovering operation. Quiet mode ( -q option ) will disable printing each password while recovery is in progress. This makes it much faster especially for brute force operation. However during brute force operation if the password count exceeds 50000 passwords then it automatically enters the quiet mode. Hybrid method tries normal dictionary password as well as password created by appending/prefixing the generated strings to the dictionary word. For example if the dictionary word is "test" and you have specified character set as '123' (-c 123 -s) then the new passwords will be test1, test12, test123, test32 etc. Character list (-g for hybrid and -c for brute force) specifies the characters to be used for generating passwords. If you don't specify then the default character list is used. For brute force -m indicates the minimum length of password to be generated. This can reduce the generated passwords and hence the time considerably when large number of character set is specified. Similarly -l (small 'L') specifies the maximum length of password to be generated. For example, if you specify -m 6 and -l 8 then only passwords which are of length at least 6 and above but below 8 will be generated. Now you can reduce the password cracking time significantly using pattern based password recovery mechanism. If you know that password is of certain length and also remember few characters then you can specify that pattern for brute force cracking. For example, assume that you have set the master password of length 12 and it begins with 'fire' and ends with '123' then command will look like below FireMaster.exe -b -c "abyz" -l 12 -p "fire?????123" c:\testpath This will reduce the time to seconds which otherwise would have taken days or hours to crack that password. You can even crack the impossible looking passwords using the right pattern. FireMaster in Action FireMaster and FireFox FireMaster is tested with latest Firefox version 3.5.6 and it can recover master password successfully from any Firefox, starting with version 1.0 or more. If the FireMaster failed to work with your Firefox version then please send me the key3.db and cert8.db (required for older versions) files which are present in your Firefox profile directory. Note that sign-on credentials are stored in the signons.txt file and key3.db just contains the master password related information. So even if some one knows your master password it will be useless unless he/she has access to signons.txt file. Disclaimer FireMaster is designed with good intention to recover the lost master password so that every one keep enjoying their experience with Firefox. Like any other tool its use either good or bad, depends upon the user who uses it. However author is not responsible for damages or impact caused due to misuse of FireMaster. Acknowledgement Thanks to the Mozilla-Firefox crew for making such an excellent, beautiful, free browser. Thanks to everyone who shared their experience with FireMaster through their valuable feedbacks and suggestions. History Version 4.0: 8th Jan 2010 Support for Windows 7. Error messages are now shown clearly in RED. Few bug fixes and security changes. Version 3.5: 22nd Aug 2009 Resolved the compatibility problem with latest Firefox version 3.5. Now FireMaster dynamically detects the Firefox version and recovers the master password accordingly. Version 3.1: 28th Sep 2008 Fixed the bug in recovering the master password for Iceweasel which is browser derived from Firefox. Version 3.0: 29th July 2008 Support for Firefox version 3.0, now you can recover the master password of latest version of Firefox. The differences in reading the Firefox key database file is resolved. Kudos to the Firefox crew for yet another beautiful version of Firefox...! Version 2.5: 22nd March 2008 Pattern based brute force password recovery method is implemented which reduces the time considerably when certain part of the password is already known. Also minimum length of password can be specified which improves the recovery time greatly. Usage is simplified by forcing one crack method at a time and providing better meaningful options. Fixed the bug in displaying statistics and now it displays the remaining time accurately based on the current speed which is computed dynamically. Thanks for your suggestions and feedbacks... Version 2.2: 8th July 2006 FireMaster source code is released under GPL v2. Version 2.1: 18th June 2006 Tested successfully with latest version 1.5.0.4 of Firefox. Statistics display during the operation is improved. Version 2.0: 25th Feb 2006 First public release of FireMaster SOURCE code. Now it works at amazing speed of 50k passwords per second on normal m/c. Firefox library dependency is removed completely. For brute force, speed and time is displayed during operation. Lots of optimizations and few bug fixes. Thanks to 'T Barton' for reporting the bug with 1.5 version. Version 1.5: 14th Jan 2006 Bug in parsing key3.db fixed. Displaying results during recovery operation. Speed is doubled compared to the original version. Version 1.0: 1st Jan 2006 First public release of FireMaster. Free Download FireMaster FREE Download FireMaster 4.0 (Tested successfully for Firefox version 3.5.6) License : Freeware Platform : Windows XP, 2003, Vista, Win7 Download Note: You need to download the Gecko SDK from Mozilla website, if you want to build the FireMaster from the source code.

About FirePassword FirePassword is FREE console based tool to instantly recover login passwords stored by Firefox. Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format. FirePassword can instantly decrypt and recover these secrets even if they are protected with master password. Also FirePassword can be used to recover sign-on passwords from different profile (for other users on the same system) as well as from the different operating system (such as Linux, Mac etc). This greatly helps forensic investigators who can copy the Firefox profile data from the target system to different machine and recover the passwords offline without affecting the target environment. Newer version dynamically loads the DLLs from installed location of Firefox automatically. Hence these DLLs are no longer packaged with FirePassword tool. Also this version presents the color based display to clearly view the password details. FirePassword is a standalone portable tool and works on wider range of platforms starting from Windows XP to latest operating system, Windows 7. Features of FirePassword Here are the highlights of top features of FirePassword which makes it stand apart from other similar tools including commercial ones. Instantly decrypt and recover stored encrypted passwords from 'Firefox Sign-on Secret Store' for all versions of Firefox. Supports recovery of passwords from local system as well as remote system. User can specify Firefox profile location from the remote system to recover the passwords. It can recover passwords from Firefox secret store even when it is protected with master password. In such case user have to enter the correct master password to successfully decrypt the sign-on passwords. Automatically discovers Firefox profile location based on installed version of Firefox. On successful recovery operation, username, password along with a corresponding login website is displayed. Does not require any installation as it is standalone portable tool and can be run directly on any system. About Firefox's Built-in Password Manager Firefox has a built-in password manager tool which stores username and passwords for all the visited websites. These credentials are stored in the encrypted form in the Firefox profile's database files such as key3.db and signons.txt. The key3.db file contains master password related information such as encrypted password check string, salt, algorithm and version information etc. Signons.txt file contains the actual sign-on information Reject Host list : List of websites for which user don't want Firefox to remember the credentials. Normal Host List : Each host URL is followed by username and password. Internals of FirePassword Firefox till version 3.5 stores the sign-on secrets in signons.txt file located in the Firefox profile directory. With version 3.5 onwards Firefox started storing the sign-on secrets in Sqlite database file named 'signons.sqlite'. The structure of sign-on information stored in the signons.txt file (signons2.txt for version 2 and signons3.txt for version 3) and signons.sqlite for version 3.5 onwards is described below... For Firefox < version 2.0 First comes the sign-on file header which is always "#2c" Next comes the reject host list in clear text, one per line and terminated with full stop. After that normal host list is stored in the following format Host URL Name (username or *password) Value (encrypted) .(full stop) For Firefox version 2.0 First comes the sign-on file header which is always "#2d" Next comes the reject host list in clear text, one per line and ends with full stop. After that normal host list is stored in the following format Host URL Name (username or *password) Value (encrypted) Subdomain URL .(full stop) For Firefox version 3.0 and below 3.5 First comes the sign-on file header which is always "#2e" Next comes the excluded host list in clear text, one per line and ends with full stop. After that saved host list is stored in the following format Host URL Name (username or *password) Value (encrypted) Subdomain URL --- (Dashed line denoting the end of host entry) .(full stop) For Firefox version 3.5 and above The new signons.sqlite database file has two tables moz_disabledHosts and moz_logins. The moz_disabledHosts table contains list of excluded websites which are exempted from storing passwords by user. The moz_logins table contains all the saved website passwords. Here is more detailed description of each tables... table - moz_disabledHosts id - index of each entry hostname - blacklisted website URL [*] table - moz_logins id - index of each entry hostname - base website URL httpRealm - formSubmitURL - Actual website URL for which secrets are saved. usernameField - name of username element of form field passwordField - name of password element of form field encryptedUsername - encrypted username encryptedPassword - encrypted password guid - unique GUID for each entry encType - value 1 indicates encrypted Here each Host entry can have multiple username/password pairs. Starting from Firefox version 2.0, sub domain URL is also included along with username/password entry. If it is the password field then it begins with '*'. This is the key in distinguishing between username and password entry. Now once the username and password values are extracted, next task is to decrypt them. Information required to decrypt these values is stored in key3.db file. If the master password is set, then you must provide the master password to proceed with decryption. If you have forgotten the master password, then you can use Firemaster tool to recover the master password. If the master password is set and if you have not provided it, then FirePassword will prompt you to enter the master password. Using FirePassword Here is the general usage information FirePassword.exe [-m "master password" ] <Firefox_Profile_Directory> Options: -m specify the master password FirePassword is the console tool, hence you need to run it from cmd prompt. Here are the brief usage instructions Launch the cmd prompt and move to folder where you have copied FirePassword.exe Next run it by typing 'FirePassword.exe'. It will automatically discover current Firefox profile and recover all the stored passwords. If you have protected Firefox with master password then you have to specify it using -m option like 'FirePassword.exe -m mypassword' to recover the passwords successfully. On successful recovery operation, FirePassword displays login website URL, username and password for all the stored websites. It also displays excluded website list as well. If you wants to save the password list to file then you can issue following command, 'FirePassword.exe > passlist.txt' You can also copy the Firefox profile files from different operating system such as Linux, Mac to the Windows system locally and then specify that path with the FirePassword to recover passwords from such offline profile. Screenshots of FirePassword Testing FirePassword FirePassword is successfully tested with Firefox version 1.0 to latest version 3.6.3 and should work with any Firefox greater than version 1.0 If you encounter any problem with FirePassword, then please drop a mail to me mentioning your Firefox version and any other details which will help in fixing the problem. Disclaimer FirePassword is designed for good purpose to help users to recover and view their sign-on secrets. Like any tool its use either good or bad, depends upon the user who uses it. However author is not responsible for damage caused due to misuse of this tool. Acknowledgement Thanks to the Mozilla-Firefox crew for making such an excellent and beautiful browser. Thanks to Stefano for informing and providing code to make the FirePassword to support Firefox version 2.0 History of FirePassword Version 3.6 : 12th May 2010 Dynamically loads Firefox DLLs from its installed location. Color based display to clearly view the password information. Version 3.5 : 27th Dec 2009 Support for Windows 7. The errors messages are now shown in RED color so that they are clearly seen. Version 3.1 : 21st Aug 2009 Support for recovering the passwords from Sqlite signon database file used by latest Firefox version 3.5. Version 2.6 : 9th Jan 2009 Fixed the application data folder problem with Vista. Also it contains some of the security related changes. Version 2.5 : 18th June 2008 Support for Firefox version 3.0 with its new signon file format. Other enhancements related to user friendliness and clear display. Version 2.0 : 3rd March 2007 Support for Firefox version 2.0. New signon format is explained below. Few minor bug fixes and formatting of the result display. Version 1.7 : 8th July 2006 Finally much awaited FirePassword source code is released under GPL v2. Master Password checking is improved and now its done at beginning itself. Removed the Gecko-SDK dependency completely. Tested successfully with latest Firefox version 1.5.0.4 Version 1.6 : 25th Feb 2006 Few bug fixes here and there. Thanks to Nemo for reporting the bug in base64 handling routine. Version 1.5 : 14th Jan 2006 Static library dependency removed. Now libraries are loaded dynamically. Support for wider range of Firefox versions. Automatically detects Firefox profile directory if not specified. Version 1.0 : 1st Jan 2006 First public release of FirePassword. Download FirePassword FREE Download FirePassword 3.6 For GUI version of FirePassword, check out new FirePasswordViewer. License : Freeware Platform : Windows XP, 2003, Vista, Win7 Download

About FirePasswordViewer FirePasswordViewer is the GUI version of popular FirePassword tool to recover login passwords stored by Firefox. Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format. FirePasswordViewer can instantly decrypt and recover these secrets even if they are protected with master password. Also FirePasswordViewer can be used to recover sign-on passwords from different profile (for other users on the same system) as well as from the different operating system (such as Linux, Mac etc). This greatly helps forensic investigators who can copy the Firefox profile data from the target system to different machine and recover the passwords offline without affecting the target environment. FirePasswordViewer is a standalone portable tool and works on wider range of platforms starting from Windows 2000 to latest operating system, Windows 7. Features of FirePasswordViewer Here are the highlights of top features of FirePasswordViewer which makes it stand apart from other similar tools including commercial ones. Instantly decrypt and recover stored encrypted passwords from 'Firefox Sign-on Secret Store' for all versions of Firefox. Supports recovery of passwords from local system as well as remote system. User can specify Firefox profile location from the remote system to recover the passwords. It can recover passwords from Firefox secret store even when it is protected with master password. In such case user have to enter the correct master password to successfully decrypt the sign-on passwords. Automatically discovers Firefox profile location based on installed version of Firefox. Passwords are not shown by default for security reasons as it is sensitive data. However user can toggle this behavior using 'Show Password' button. On successful recovery operation, username, password along with a corresponding login website is displayed. Sort feature to arrange the displayed password list by username, password or website which makes it easy to search through 100's of entries. User can save the recovered Firefox password list to HTML file for transferring to other system or for future use. Easy and faster to use with its enhanced user friendly interface. Does not require any installation as it is standalone portable tool and can be run directly on any system. About Firefox Password Manager Firefox has a built-in password manager tool which stores username and passwords for all the visited websites. These credentials are stored in the encrypted form in the Firefox profile's database files such as key3.db and signons.txt. The key3.db file contains master password related information such as encrypted password check string, salt, algorithm and version information etc. Signons.txt file contains the actual sign-on information Reject Host list : List of websites for which user don't want Firefox to remember the credentials. Normal Host List : Each host URL is followed by username and password. Internals of FirePasswordViewer Firefox till version 3.5 stores the sign-on secrets in signons.txt file located in the Firefox profile directory. With version 3.5 onwards Firefox started storing the sign-on secrets in Sqlite database file named 'signons.sqlite'. The structure of sign-on information stored in the signons.txt file (signons2.txt for version 2 and signons3.txt for version 3) and signons.sqlite for version 3.5 onwards is described below... For Firefox < version 2.0 First comes the sign-on file header which is always "#2c" Next comes the reject host list in clear text, one per line and terminated with full stop. After that normal host list is stored in the following format Host URL Name (username or *password) Value (encrypted) .(full stop) For Firefox version 2.0 First comes the sign-on file header which is always "#2d" Next comes the reject host list in clear text, one per line and ends with full stop. After that normal host list is stored in the following format Host URL Name (username or *password) Value (encrypted) Subdomain URL .(full stop) For Firefox version 3.0 and below 3.5 First comes the sign-on file header which is always "#2e" Next comes the excluded host list in clear text, one per line and ends with full stop. After that saved host list is stored in the following format Host URL Name (username or *password) Value (encrypted) Subdomain URL --- (Dashed line denoting the end of host entry) .(full stop) For Firefox version 3.5 and above The new signons.sqlite database file has two tables moz_disabledHosts and moz_logins. The moz_disabledHosts table contains list of excluded websites which are exempted from storing passwords by user. The moz_logins table contains all the saved website passwords. Here is more detailed description of each tables... table - moz_disabledHosts id - index of each entry hostname - blacklisted website URL [*] table - moz_logins id - index of each entry hostname - base website URL httpRealm - formSubmitURL - Actual website URL for which secrets are saved. usernameField - name of username element of form field passwordField - name of password element of form field encryptedUsername - encrypted username encryptedPassword - encrypted password guid - unique GUID for each entry encType - value 1 indicates encrypted Here each Host entry can have multiple username/password pairs. Starting from Firefox version 2.0, sub domain URL is also included along with username/password entry. If it is the password field then it begins with '*'. This is the key in distinguishing between username and password entry. Now once the username and password values are extracted, next task is to decrypt them. Information required to decrypt these values is stored in key3.db file. If the master password is set, then you must provide the master password to proceed with decryption. If you have forgotten the master password, then you can use Firemaster tool to recover the master password. If the master password is set and if you have not provided it, then FirePasswordViewer will prompt you to enter the master password. Using FirePasswordViewer FirePasswordViewer is the standalone application and it does not require any installation. You can just run it by double clicking on the executable file. Here are the brief usage details. On running, FirePasswordViewer automatically populates the Firefox profile location if it is already installed. Otherwise you can enter the profile location manually. If you have set the master password for your Firefox, then you need to specify the same in the master password box. Once the profile location is specified, you can click on 'Start Recovery' button and FirePasswordViewer will instantly recover all passwords from Firefox sign-on store. By default passwords are not shown for security reasons as it is sensitive data. However you can click on 'Show Password' button to view these passwords. Finally you can save all recovered password list to HTML file by clicking on 'Save as HTML' button. You can also use FirePasswordViewer to recover passwords from different system either Windows or Linux. In that case you can copy Firefox profile data from remote system to local machine and then specify that path in the profile location field for recovering the passwords. Screenshots of FirePasswordViewer Here are the screenshots which gives glance of FirePasswordViewer in action. Screenshot 1: FirePasswordViewer showing the recovered passwords from Firefox sign-on password store. Note that passwords are hidden by default for security reason. Screenshot 2: Showing the hidden passwords recovered by FirePasswordViewer on clicking 'Show Password' button. Screenshot 3: Recovered Firefox password list stored in HTML format by FirePasswordViewer Testing FirePasswordViewer FirePasswordViewer is successfully tested with Firefox version 1.0 to latest version 3.6.3 and should work with any Firefox greater than version 1.0 If you encounter any problem with FirePasswordViewer, then please drop a mail to me mentioning your Firefox version and any other details which will help in fixing the problem. Acknowledgement Thanks to the Mozilla-Firefox crew for making such an excellent and beautiful browser. History Version 2.0: 3 May 2010 New look & feel with sorted list control to display the recovered passwords, show/hide password button to show/hide the passwords. Version 1.5 : 2nd Dec 2009 This version comes with support for Windows 7. Also buttons now looks better with icons and new win7 banner. Version 1.2.2 : 21st Aug 2009 Support for recovering the passwords from Sqlite signon database file used by latest Firefox version 3.5. Version 1.0.1 : 10th June 2009 First public release of FirePasswordViewer which is the GUI version of popular FirePassword tool. Download FirePasswordViewer FirePasswordViewer 2.0 License : Freeware Platform : Windows XP, 2003, Vista, Win7 Download