Category Archives: hacks

Crack the Windows SAM file from a backup filesystem

The SAM file is locate in C:\Windows\System32\config and stores all Windows account password encrypted.

The problem is that you cannot copy or tamper the file while the file system is mounted.

This leaves us with at least 2 options: copy the SAM and SYTEM files from a Linux live CD or by having a copy of those files in a backup.

I have the backup and I copy the 2 files to my Kali Linux machine.

I recover the NTLM hashes by issuing the following command:

root@kali:~# /usr/bin/samdump2 /root/Desktop/SYSTEM /root/Desktop/SAM
user1:1000:aad3b435b51404eeaad3b435b51404ee:f9a14effe4a24ceb1cf0b2e8e9e7e9f9:::
root@kali:~#

The backup is from a Windows 7 version and that means that we are seeing NTLM v.2 hashes, which translates to the fact that only the last part of the hashes are useful.

So we need to convert to uppercase the bold part by using 2 BASH commands:

cristi@ubserver-nv:~/hashcat$ STRING=’f9a14effe4a24ceb1cf0b2e8e9e7e9f9
cristi@ubserver-nv:~/hashcat$ echo $STRING | awk ‘{print toupper($0)}’
F9A14EFFE4A24CEB1CF0B2E8E9E7E9F9
cristi@ubserver-nv:~/hashcat$

Copy the uppercase version to a text file and start hashcat:

crs@ubsv:~$ ./hashcat -m 1000 -a 3 ./ntlm.txt -w 3 –status

Good luck!

 

 

 

 

 

 

 

 

 

 

 

 

Posted in BASH, hacks, tutorial. Tagged with , , , , , .

Fix bricked Seagate ST31000340AS hard disk. BSY error

9 years ago I had this 1TB Seagate ST31000340AS hard disk that I was using as a primary drive for my OS and also the place to store all my photos, video clips and other important stuff.
At some point it simply failed to work. No strange sounds, no nothing. The BIOS would not recognize it, OS would not see it.

I left it like that for for 6-7 years, but in the last week I started informing myself about how to fix it.
I knew there wasn’t any mechanical issue with it and I was suspecting HDD firmware issues.

And my suspicion was right. There was a known glitch with multiple series of Seagate models, more specific – with their SD15 firmware.
Now the fun begins, because there is a solution to this issue.

  • The materials needed to fix:
    bricked Seagate HDD
  • Torx T6 screwdriver

  • USB to UART Prolific PL2303HX convertor cable (3$). link to Amazon. Also found as “PL2303HX USB to UART TTL Cable Module 4p 4 pin RS232 Converter”.

  • A postit or a piece of paper, folded  2-3 times or any other slim non electric conductive material.
  • Prolific PL2303HX drivers that actually work on Windows 10 (get them from here, not the manufacturer’s website).
  • (optional) External HDD rack or connect the HDD directly to your motherboard via SATA and Molex ATX power cable.

Before we start, please be aware that there is a slight possibility that you will lose your data or break your HDD if you are not careful.

If you have important data that you cannot afford to lose, please go to a data recovery company to fix your hard drive.

Start the fixing process:

  • power off your PC or your external USB hard disk rack.
  • Important: make sure that the SATA or USB cable is disconnected from your PC/external HDD rack.
  • Remove any jumpers from the HDD. If you have any.
  • Take the Torx T6 screw driver and remove all 6 screws and detach the HDD PCB. Remember that the long screws are always connected on the corners of the HDD.
  • Place the folded postit between the PCB and the contacts for the drive head.  Leave the drive motor contacts in place.  Tighten the three screws closest to the motor contacts.  Leave the other three screws loose or removed.

HDD drive head

  • Install the USB adapter’s drivers (from the link provided at the beginning of the post) and make sure that Windows sees it as COM port in Device manager and you don’t have any yellow errors on it. Reboot if necessary.
  • Connect the USB adapter to the PC.
  • Go to Device manager and right click>> properties and make the following settings on you new installed USB/COM adapter:
  • Choose 38400, 8, None, 1, None in the COM properties box.

You will need to connect 3 wires from the USB adapter to the HDD. The 4th is not used:

  • GREEN cable is RX on the USB cable -> connects to TX on HDD
  • WHITE cable is TX on the USB cable -> connects to RX on HDD
  • BLACK cable is the grounding -> connects to the ground pin on HDD
  • You should connect the TX pin of the hard drive to the RX pin of the adapter, and the hard drive’s RX pin to the adapter’s TX pin.  This is the theory. In the real life it worked backwards for me.
  • Connect the 3 pins like this:

These pins are located next to the hard drive’s SATA connector.

If you can’t fit the pins on the HDD, strip the plastic shielding from the pins.

  • After inserting the pins, power on the PC or the external USB rack. The SATA cable should be disconnected from the HDD. Same for the external rack.

RX, TX and ground pins connected to the hdd

(RX, TX and ground pins connected to the HDD)

  1. Download putty from their official site.
  2. Open putty and make these settings. Make sure you are using the correct COM port number. Mine was COM8, but it might be different for you. Go to device manager to check the actual port number.
    • Baud 38400 
    • Data Bits 8 
    • Stop Bits  1 
    • Parity none 
    • Flow Control  none

  • Hit save and open.
  • You should see a blank screen. Hit Ctrl+Z.
  • If you connected the pins correctly you should see a prompt like this:

 F3 T>

If not, you may have the TX & RX wires swapped.  Switch the green wire with the white one and try again

Go to Access Level 2 (type /2):

F3 T>/2   (hit enter)
F3 2>

Wait about 30 seconds, then spin down the motor:

F3 2>Z (enter)

  Spin Down Complete
    Elapsed Time 0.147 msecs
F3 2>

If you instead see a message similar to this:

LED: 000000CE  FAddr: 00280D4D

Then you entered the commands too quickly after supplying power to the drive.

Poweroff the HDD, wait 30 seconds, then begin again.
If everything went smooth until this point, carefully remove the red postit that you placed between the PCB and the drive head contacts.

Tighten the all screws.  Then start the motor:

F3 2>U (enter)

Spin Up Complete
    Elapsed Time 7.093 secs
F3 2>

Next go to Level 1 (type /1):

F3 2>/1  (hit enter)

And do a S.M.A.R.T. erase (create S.M.A.R.T. sector):

F3 1>N1 ( hit enter)

When the prompt comes back up, turn off power to the hard drive, wait a few seconds, then turn it back on.  Wait about 20 seconds, then finally do partition regeneration:

Note, the command bellow contains Zero, not o – as in order.

F3 T>m0,2,2,0,0,0,0,22 (hit enter)

After 15-30 seconds, you should see something like:

Max Wr Retries = 00, Max Rd Retries = 00, Max ECC T-Level = 14, Max Certify Rewrite Retries = 00C8

    User Partition Format 10% complete, Zone 00, Pass 00, LBA 00004339, ErrCode 00000080, Elapsed Time 0 mins 05 secs

    User Partition Format Successful – Elapsed Time 0 mins 05 secs

Do not turn off drive until you see this message.
Once seen, drive can be turned off.
Power down everything, place drive back into your computer, and confirm that it’s working.

Update the firmware to the latest version! Google is your friend.

 
You are welcome 🙂
 

Posted in hacks, hardware, How to. Tagged with , , , , , .

Download Tinder profile photos

Ever wondered if you can download Tinder profile photos of the members you just visited?

Fortunately this is actual possible, using a small hack, so swiping left will no longer be a problem.

The case:
– Android phone
– Tinder 4.0 for Android

Done lots of profile views, some likes, super-likes, etc
Now is the time to see how can the user profile pics be downloaded.

You will need to have root on your phone.
– Install Super SU (https://play.google.com/store/apps/details?id=eu.chainfire.supersu&hl=en). Warning this will void your phone’s warranty.

A SSH server for you mobile phone:
– SSHDroid (https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en)

Make sure that the phone and your laptop/PC are connected to the same WLAN SSID and have IPs in the same subclass, for example 192.168.1.x
Start SSHDroid and make sure that is connected to a wifi connection and has a valid IP. See the screenshot below!

SSHdroid connected to a WLAN

SSHdroid connected to a WLAN

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Download Winscp (https://winscp.net/eng/download.php)

– create a SCP session and enter the phone’s IP from the step above. The username should be root and the password admin
winscp

 

 

 

 

 

 

 

 

 

Once the SCP session is open, go to the /data/data/com.tinder/cache/picasso-cache folder and download all the files with the “.1” extension in that folder.  Hint: WinScp can sort by file extension or file size.
Go to the local folder on your PC (where you downloaded the files).
Hit the Windows+R keyboard combination, write cmd, hit OK.
Issue the following commands:
cd C:\Users\your_username\Documents\tinder // assuming that this is where you downloaded the files

and rename all files with the following command:
ren * *.jpg

If this doesn’t work, go to http://www.howtogeek.com/111859/how-to-batch-rename-files-in-windows-4-ways-to-rename-multiple-files/ and check out those tutorials.

In Linux you can rename those Tinder profile photos using:

mv * *.jpg

The result ? Lots of jpg files.

download tinder profile photos

 

 

 

 

 

 

 

That’s it. Go to that folder and you should see all Tinder profile pics of the users who’s profile you visited.

Cheers!

Posted in hacks. Tagged with , , , .