This guy can steal your password from your locked pc

[spellmanuk]

first off sorry if someone posted this the other week i must have missed it but holy $h!t this is scary and I believe its not just windows but macOS and Linux aswell he provides a tutorial on how to do it as well you just need a USB Armory and some basic knowledge of coding as he's already done the heavy listing. Is anyone else scared of this getting into the wrong hands.

 

https://room362.com/post/2016/snagging-creds-from-locked-machines/

[PRTI]

This is such a old trick, don't really see why this was posted in Tech News...

[spellmanuk]

Just now, keNNySOC said:

This is such a old trick, don't really see why this was posted in Tech News...

id never seen it before thought it was new worthy if a mod wants to move it to general discussion thats fine by me  

[PRTI]

Just now, peej said:

id never seen it before thought it was new worthy if a mod wants to move it to general discussion thats fine by me  

USB Stealing data has been for a long time..

[spellmanuk]

Just now, keNNySOC said:

USB Stealing data has been for a long time..

yeah i know but ive never seen it done from a locked pc?

[PRTI]

2 minutes ago, peej said:

yeah i know but ive never seen it done from a locked pc?

I seen, it just sends hashes and you decode them...

[spellmanuk]

Just now, keNNySOC said:

I seen, it just sends hashes and you decode them...

look at mr fancy pants over here 

[PRTI]

1 minute ago, peej said:

look at mr fancy pants over here 

Why thank you for naming me Mr and Fancy.

[spellmanuk]

Just now, keNNySOC said:

Why thank you for naming me Mr and Fancy.

no problem any time 

[Acolyte_of_PC]

Unless a drive is encrypted, you can pull out the Hard drive stick it in a new device and pull the data off regardless if it has a password or not. What he is doing here does not require as many steps, and as long as you have access to the laptop for a couple minutes could get some data off it. Don't leave your stuff unattended at a coffee shop/library! Also look up MAC OS terminal password reset, you can literal gain access to a MAC OS within a minute if you know how. 

[spellmanuk]

5 minutes ago, Acolyte_of_PC said:

Unless a drive is encrypted, you can pull out the Hard drive stick it in a new device and pull the data off regardless if it has a password or not. What he is doing here does not require as many steps, and as long as you have access to the laptop for a couple minutes could get some data off it. Don't leave your stuff unattended at a coffee shop/library! Also look up MAC OS terminal password reset, you can literal gain access to a MAC OS within a minute if you know how. 

 

 

pulling a hard drive out isnt exactly the most stealthy way of doing it though if someone comes back to their 3 year old pc with a fresh copy of windows on it i think there going to know somthing is up 

[tiberiusmoon5]

HAH jokes on him i dont have a password to steal

[BuckGup]

This has been around for a loooong time. You don't think secure companies lock USB use and so on? This would never work in practical use

[LucidMew]

wow, when I read the topic, I thought it would be how if you log into windows (8/8.1/10) using a microsoft account, then during the Network Broadcast Authentication Request, your email address and weakly hashed password gets broadcasted out and can easily be cracked and log you in in under a minute.

start at 35:19 if the timestamp doesn't work. it's only like 11 minutes long and the first couple are just background information that he goes over too fast to be of much help.

 

[Coaxialgamer]

But my rig will always be hack-proof :

 

[FPSwithaWacomTablet]

4 hours ago, Coaxialgamer said:

But my rig will always be hack-proof :

 

Use a saw

[tlink]

On 22-9-2016 at 10:59 PM, Acolyte_of_PC said:

Unless a drive is encrypted, you can pull out the Hard drive stick it in a new device and pull the data off regardless if it has a password or not. What he is doing here does not require as many steps, and as long as you have access to the laptop for a couple minutes could get some data off it. Don't leave your stuff unattended at a coffee shop/library! Also look up MAC OS terminal password reset, you can literal gain access to a MAC OS within a minute if you know how. 

not even to speak about how thunderbolt and fire wire give you direct access to the full RAM. code injection and extraction is incredibly easy trough those ports. there is literally no safe guard to prevent this behaciour.

 

https://en.wikipedia.org/wiki/DMA_attack

 

Quote

DMA is included in a number of connections, because it lets a connected device (such as a camcorder, network card, storage device or other useful accessory or internal PC card) transfer data between itself and the computer at the maximum speed possible, by using direct hardware access to read or write directly to main memory without any operating system supervision or interaction. The legitimate uses of such devices have led to wide adoption of DMA accessories and connections, but an attacker can equally use the same facility to create an accessory that will connect using the same port, and can then potentially gain direct access to part or all of the physical memory address space of the computer, bypassing all OS security mechanisms and any lock screen, to read all that the computer is doing, steal data or cryptographic keys, install or run spyware and other exploits, or modify the system to allowbackdoors or other malware.

 

[Fetzie]

It isn't like we haven't been able to trick the login screen into giving you a command prompt since Windows XP (to be fair, you didn't even need that, just type "administrator" as a username, leave password blank and hit enter 3 times was usually enough for Windows XP to let you in...)

 

If you don't know why that's shitty, look up what the command "net user" can do (as an example).

[TetraSky]

But, what if you don't allow USB devices to "auto run", would this still work?

I personally disabled autorun in the group policy and it seems to prevent things that I know for a fact would "autorun" otherwise.
http://www.howtogeek.com/236241/how-to-enable-disable-and-customize-autoplay-in-windows-10/

[Fetzie]

8 minutes ago, TetraSky said:

But, what if you don't allow USB devices to "auto run", would this still work?

I personally disabled autorun in the group policy and it seems to prevent things that I know for a fact would "autorun" otherwise.
http://www.howtogeek.com/236241/how-to-enable-disable-and-customize-autoplay-in-windows-10/

The USB device identifies as a network adapter, not a removable storage drive. USB storage drives don't mount if inserted while the computer is locked, but network adapters are activated (a use-case would be a WiFi dongle which plugs into a USB port).

[VerticalDiscussions]

Physical breaching has always been the most malicious way to interact with the victims computer :/, its not surprising someone is able to do this. We definetly need to keep an eye on our personal data, if we value it, at work or especially in public areas.

[spellmanuk]

3 hours ago, TetraSky said:

But, what if you don't allow USB devices to "auto run", would this still work?

I personally disabled autorun in the group policy and it seems to prevent things that I know for a fact would "autorun" otherwise.
http://www.howtogeek.com/236241/how-to-enable-disable-and-customize-autoplay-in-windows-10/

That I don't know actually perhaps that might be a way to protect against it although from what I understand is that it has its own micro processor on board that basically almost brute forces its self though. 

[drok]

i get badusb vibes from this.

[KuJoe]

People should be using 2FA (Two Factor Authentication) anywhere and everywhere. It's too easy to bypass common authentication methods for every OS out there these days.

 

And as I said in the other thread about this, once somebody has physical access to your machine security goes out the window.

[vorticalbox]

20 hours ago, KuJoe said:

People should be using 2FA (Two Factor Authentication) anywhere and everywhere. It's too easy to bypass common authentication methods for every OS out there these days.

 

And as I said in the other thread about this, once somebody has physical access to your machine security goes out the window.

true but it is so inconvenient.