BestOfGeeks: Here is How to Hack Windows/Mac OS X Login Password (When Locked) 

Here is How to Hack Windows/Mac OS X Login Password (When Locked)


Noredine BAHRI
Noredine BAHRI
  • Technical Writer
  • Entrepreneur
  • Founder and CEO
  • Developer
  • Blogger and IT Analyst
2016-09-07 14:55:04

| Share
| Share
| Share
Here is How to Hack Windows/Mac OS X Login Password (When Locked)

A Security researcher has discovered a unique attack method that can be used to steal credentials from a locked computer (but, logged-in) and works on both Windows as well as Mac OS X systems.

In his blog post published today, security expert Rob Fuller demonstrated and explained how to exploit a USB SoC-based device to turn it into a credential-sniffer that works even on a locked computer or laptop.

Fuller modified the firmware code of USB dongle in such a way that when it is plugged into an Ethernet adapter, the plug-and-play USB device installs and acts itself as the network gateway, DNS server, and Web Proxy Auto-discovery Protocol (WPAD) server for the victim's machine.

The attack is possible because most PCs automatically install Plug-and-Play USB devices, meaning "even if a system is locked out, the device [dongle] still gets installed," Fuller explains in his blog post.

"Now, I believe there are restrictions on what types of devices are allowed to install at a locked out state on newer operating systems (Win10/El Capitan), but Ethernet/LAN is definitely on the white list."

Read also 

How does the Attack Work?


You might be wondering: Why your computer automatically share Windows credentials with any connected device?

That is because of the default behavior of Microsoft Window’s name resolution services, which can be abused to steal authentication credentials.

The modified plug-and-play USB Ethernet adapter includes a piece of software, i.e. Responder, which spoofs the network to intercept hashed credentials and then stored them in an SQLite database.

The hashed credentials collected by the network exploitation tool can later be easily brute-forced to get clear text passwords.

Apparently, to conduct this attack, attackers would require physical access to a target computer, so that they can plug in the evil USB Ethernet adapter. However, Fuller says the average time required for a successful attack is just 13 seconds.

You can watch the video demonstration below that shows Fuller's attack in action.

Fuller successfully tested his attack against Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1, Windows 10 Enterprise and Home (but not Windows 8), as well as OS X El Capitan and OS X Mavericks. He’s also planning to test it against several Linux distros.

Fuller tested the attack with two USB Ethernet dongles: the USB Armory and the Hak5 Turtle. For more detailed explanation, you can head on to his blog post.

Read Next  
Read Also        : 
Read More :      



Warning! Just an Image Can Hack Your Android Phone — Patch Now
Warning! Just an Image Can Hack Your Android Phone — Patch Now
Warning! Just an Image Can Hack Your Android Phone — Patch Now

.
First trailer Rampage : New Adventure For The Rock fights giant beasts
First trailer Rampage : New Adventure For The Rock fights giant beasts

Sit back, relax and watch the 30-foot wolf and 1,000-pound gorilla wreck Chicago as the 1986 arcade game comes to life.   (adsbygoog


First trailer Rampage : New Adventure For The Rock fights giant beasts
The 4 Best Eating Plans You Need in Place This Thanksgiving

In the week leading up to Thanksgiving, I talk to many patients about how to approach the big day in a way that balances their two competing prioritie


First trailer Rampage : New Adventure For The Rock fights giant beasts
USA Senators troll Facebook with fake ad campaign

Senators Mark Warner (Va.) and Amy Klobuchar (Minn.) created a Facebook page for a fictional political group — Americans for Disclosure Solution


First trailer Rampage : New Adventure For The Rock fights giant beasts
10 Picture Of The Newest Lamborghini Most Outrageous Super Extreme Idea

he newest, most outrageous, “super extreme” idea from Lamborghini is a box. Well, metaphorically. The Italian supercar giant unveiled a


First trailer Rampage : New Adventure For The Rock fights giant beasts
Apple tactics to let developers offer discounts on in-app subscriptions

Apple plans to give developers more freedom over the introductory pricing levels of in-app subscriptions. As referenced in the iOS 11.2 beta release n


First trailer Rampage : New Adventure For The Rock fights giant beasts
SAMSUNG Given $120 M To APPLE in slide-to-unlock patent battle

After many years of fighting in the courts, Apple has finally claimed victory over Samsung to the count of $120 million. The case revolved aro



© 2013-2017 best of geeks. All rights reserved.