All posts by admin

Ok now that we have showed you how to bypass authentication on a Toshiba eStudio MFP device. The next obvious step is what data can be extracted. Well it turns out that the Toshiba eStudio multifunction printers also leaks data. If you examine the HTML source code of any of the configuration pages you will find the passwords in plan text. Yes that ******* in the password configuration setting field is not really hiding anything.

For Latest Advisory click here

This is old, but might be interesting to fellow security geeks. The idea here is to challenge concepts of what a password is and how it should be secure. In essence, using this system will allow you to keep your uber-secret in a public place such as twitter. There’s some other crufty code (firefox plugin) to go with this, but it’s really just for fun.


I reworked the site a bit yesterday. My goal is to migrate all of my old patches/content into it. You’ll find a couple of new pages (Passwords & Hashes, Challenge/Response Authentication) linked on the right sidebar. These pages should contain the latest Samba and other patches I’ve put together over the years.

I’ve also added a new wireless page which contains a patch to Hostapd that adds auto-probe response and PEAP/MSCHAPv2 logging fun.


After what feels like an eternity, Medusa 2.0 is now available for public download.

This release contains the most significant changes to the core of Medusa since its original release in 2005. We’ve moved to a “real” thread pool and modified how credential sets are selected. See the following for a more detailed list of changes:


I’ve updated my Samba modifications for the 3.3.7 release. The patch adds support to Samba utilities for passing-the-hash. For the uninformed, this allows you to leverage hashes gathered with such excellent tools as FgDump, without needing to ever crack the password. You can simply pass-the-hash and mount remote shares, create new accounts, etc. as the targeted account. Another bit of goodness here are some changes to the nmbd and smbd daemons. With this patch, nmbd will respond to all broadcast requests. Smbd will log any challenge/response handshakes. All sorts of fun can be had with this…  See the following pages for more information:

This is mildly entertaining for me.

The guys over at were doing a podcast and the subject of NTP servers came up. At the end of the podcast, Joel and Jeff discuss various methods of eliminating error messages related to the Windows time service. The conversation soon moved to the idea of using the pool of time servers. By default, Windows sends NTP traffic to, or somesuch. The pool consists of time servers, run by volunteer system administrators, scattered across the globe. If you don’t know about, I suggest you start here.

During the discussion, Jeff typed into his browser and was redirected to Gordo, you see, is a NTP (time) server participating in the server pool.

This all happened at the end of Episode 52 of the awesome Stack Overflow podcast:
[ Stack Overflow ep.52 – Gordo strikes @ 1:02:00 (mp3) ]

Of course, Gordo must respond to this:
[ Gordo’s Official Response ]

Stack Overflow knows how to closeout a show:
[ Stack Overflow ep.58 – starts around 1:00:00 (mp3) ]