Year in Review – Top Cyber Arms Posts for 2011

Happy New Year everyone!

I just wanted to thank everyone for another successful year here at CyberArms. Over the year, we talked about some of the hottest news in security and learned some new techniques through the latest hands-on tutorials. I figured what better way to celebrate our year together than to list the top ten articles from 2011, chosen by you, our visitors!

The following articles are the most popular for last year, ranked by page views:

Backtrack 4: Penetration Testing with Social Engineering Toolkit
Backtrack 4 has included a program that you do not hear much about in the main stream security media. But, it is a penetration testers dream. Under the penetration menu is a program called the Social Engineering Toolkit (SET). If social engineering attacks for penetration testers could be made any simpler, I do not know how.

Backtrack 4: How to use Metasploit Training Class
This, by far, is some of the best training videos I have seen on Metasploit. It is a taped security conference from the ISSA Kentuckiana Chapter and is billed by Adrian Crenshaw as being “more Metasploit than you can stand!”

How to Spy on Another Person’s Browser: Man-in-the-Middle Attacks
Today, I want to look at the “Remote Browser Attack” feature of Ettercap. This basically allows you to remotely spy on a target PC and a copy of the website they are visiting will be displayed on your computer.

Cracking 14 Character Complex Passwords in 5 Seconds
Sounds like we need to put this to the test. Most hackers will crack passwords by decoding the password hash dumps from a compromised computer. So,  I pulled several 14 character complex passwords hashes from a compromised Windows XP SP3 test machine, to see how they would stand up to Objectif’s free online XP hash cracker. The results were stunning.

Cracking WPA Protected Wi-Fi in 6 Minutes using the Cloud
Well, according to recent reports, security researcher Thomas Roth says with his brute force program he was able to break into a WPA-PSK protected network in about 20 minutes. And with recent updates to the program, the same password would take about 6 minutes!

NTLM Passwords: Can’t Crack it? Just Pass it!
Let me explain, if you can retrieve the LM or NT hashes from a computer, you do not need to crack them. There is really no need. Sometimes you can simply take the hash as-is and use it as a token to access the system. This technique is called “Pass the Hash”.

What to do When a Website Won’t let you Leave
Usually it is a “Do you really want to leave?” or “Click here to install our anti-virus program”. Here is the bad news. Clicking on the “accept”, “ok” or even the “no” or “cancel” button could be a security issue. It may install something that you don’t want. Also, clicking the red “X” on the popup window to close it may not work, or it may be the same as clicking “accept”. Yeah, I know, hackers and spammers are evil.

How to Log into Windows without the Password
So I booted into Ubuntu, went to the Windows System 32 directory, renamed utilman.exe to utilman.old, copied to utilman.exe and rebooted.  At the Windows log in prompt I hit the “Windows”+”U” key and open pops a system level command prompt. From here you can type any windows command, add users, etc.

GPU Crackers make Seven Character Passwords Inadequate
“Right now we can confidently say that a seven-character password is hopelessly inadequate – and as GPU power continues to go up every year, the threat will increase.”

Memory Forensics: How to Pull Passwords from a Memory Dump
We now have a list of where several key items are located in the memory dump. Next, we will extract the password hashes from the memory dump. To do this we need to know the starting memory locations for the system and sam keys. We look in the dump above and copy down the numbers in the first column that correspond to the SAM and SYSTEM locations. Then output the password hashes into a text file called hashs.txt.


2011 was a great year for both CyberArms and me personally. I had an amazing opportunity last year to be a technical editor for Vivek Ramachandran’s “Backtrack 5 Wireless Penetration Testing Beginner’s Guide”. Vivek is a great teacher, if you are interested in Wireless security at all, check out his book, or his website

I have also recently become an article reviewer and soon to be article contributor for the uber popular IT security magazine “Hakin9“. Hakin9 is one of the most popular computer security magazines in the world. I have followed the magazine for a while now, so it is an honor to be a part of the process.

If you have a business opportunity that you think I might be interested in, please feel free to contact me at cyberarms(at) I love the security field, research and writing and am always looking for new opportunities.

Thanks so much, and I wish you and your families a blessed and prosperous new year!