Generate 10 Digit Phone Numbers using Crunch in Backtrack

Phone numbers are some of the most commonly used passwords for WEP/WPA encrypted wireless networks. Several ISP’s use them as default passwords for their routers for easy to remember access.  By creating a list of every possible phone number combination with a specific area code, generally your own area code, it will give you quick access to most wireless networks using a dictionary attack. Using crunch built into Backtrack 5R2, you can quickly generate every possible number combination beginning with a specified area code.

Applications > BackTrack > Privilege Escalation > Password Attacks > Offline Attacks > crunch

Use the following command

./crunch 10 10 -t 123%%%%%%% -o /root/123.txt

Explanation of command.  10 refers to the number of characters. The -t command allows you to specify a pattern where only the @’%^ characters will change, in this case the %. The 123 is where the area code will go followed by 7 % characters. The -o is for output and can be saved anywhere. Make sure to save it as a .txt file. This will only take a few seconds and will say 100% when finished. Now you can load these in Gerix and bruteforce WPA.

Note: Most cities have multiple area codes. To combine multiple files into one just do a ‘cat 123.txt 456.txt 789.txt >> all.txt’


Reset Windows Password with Encrypted Drive

This is a quick how-to for resetting your Windows password, while still knowing your disk encryption password via TrueCrypt.

Most, if not all, password reset options for windows, will not work if your hard drive is encrypted with Bitlocker/TrueCrypt.

You will need a USB flash drive or CD-R, and Hiren’s BootCD. Get it here

Once your USB drive is bootable with Hiren’s, boot up from the flash drive and select Mini XP from the Hiren’s boot menu.

  • In the bottom right in the taskbar, there is an icon called “Hiren’s BootCD Program Launcher”, Click it.
  • Go to the Security / Encryption > TrueCrypt menu
  • Click Select Device, and click your hard drive. It should be the C: drive.
  • Select a drive letter, and click Mount.
  • Click Mount Options
  • Check the box that reads “Mount partition using system encryption without pre-boot authentication”
  • Enter drive encryption password.
  • Your hard drive will now be mounted as a new drive letter (temporarily)
  • Go back to the Program Launcher, Passwords / Keys > Windows Login > NTPWEdit (Reset Xp/Vista/7 User Password)
  • The NTPWedit will open with a default path to SAM file of C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • Change drive letter from C to whichever drive letter you selected to mount to, and click (Re)open.
  • Your user names will be listed.
  • Click your username, and Change Password.
  • Set the new password, and Save Changes and Exit.

Reboot and login with the new password.