lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <42210a440706280840t14d10a96wd9def675cd0e17a@mail.gmail.com>
Date: Thu, 28 Jun 2007 11:40:51 -0400
From: "matthew wollenweber" <mwollenweber@...il.com>
To: rx8volution <rx8volution@...ackingyou.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Hacking into a Windows CE PDA?

It's pretty easy to attack Windows Mobile. There was a good presentation at
Shmoocon 07 regarding that topic. If you can grab the slides it would be a
good starting point.

If you get physical access the game is over. Generally the things mount
automagically as a hard drive. Even if they don't 9 times out of 10 the
password is only a 4 digit numeric deal.

If you really want to exploit the thing Ida supports Windows CE files.
Generally the programs are very badly written so if you start fuzzing you'll
find something quickly. They're a bit of overhead to all that. You need the
SDK, the virtual Windows mobile device, and a newer version of Ida. However,
it's been my experience that that most Mobile apps crash on their own. So, a
couple minutes fuzzing is generally all you need.


On 6/28/07, rx8volution <rx8volution@...ackingyou.com> wrote:
>
> Hello folks,
>
>     I have the occasion of needing to get an opinion on how 'difficult'
> it would be to hack into (bypassing the 10-guess password limit, and
> assuming complex passwords) a Windows 2003 Mobile Edition PDA.
>
>     Thoughts?
>
> Thanks.  //RX8volution.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
Matthew  Wollenweber
mwollenweber@...il.com | mjw@...erwart.com
www.cyberwart.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ