Hacking Windows logon in 20 seconds

[Fetzie]

Given that you can still trick the login screen into running cmd, and run the net user command, this doesn't really surprise me.

[Eniqmatic]

6 minutes ago, Fetzie said:

Given that you can still trick the login screen into running cmd, and run the net user command, this doesn't really surprise me.

Indeed. Although that won't help with domain joined machines (unless people store stuff on their local drives), this attack allows you to gain the credentials of a domain administrator potentially.

[ScratchCat]

I think I will get a RPi Zero and try this at my school  

[tlink]

it won't install any device thats plugged in, it has a white list for certain devices. it wont install most drivers, but apparently Ethernet was on the list. 

[Curufinwe_wins]

7 hours ago, Eniqmatic said:

Because in my experience, non technical people struggle to remember anything remotely close to that. Some even struggle to remember a single word less than 8 characters long!

Your right, my pass is only 14 characters long. I couldn't remember two more..

 (Troll response, you are completely correct.)

[ScratchCat]

5 hours ago, KuJoe said:

 

 

With the correcthorsebatterystaple password, modern password crackers such as oclhashcat use dicitonaries which connect common words together making it easier to crack these passwords, its a good idea though, just needs some random symbols. Something like fx8350@4.8GHz would be better as its easy to remember and uses an "@" symbol which is rare and most importantly a full stop in the middle(who uses fullstops in thier password?).It also doesn't use commond words for most people.

[Prysin]

9 hours ago, Vode said:

How much time do you need for a 24 character password with brute force on NTLMv2?

 

It was a figure of speech. Good luck as in it's not gonna be feasable.

(rofl)

 

you can have a 128 character password with as random composition as possible with symbols and letters and numbers. If someone wants to crack it, there is NOTHING in this world that will stop them. It is a matter of TIME.

 

If someone wants to get into Fort Knox, they can do so. The likelihood is incredibly small due to the fact that said vault is guarded by a army of mercenaries that even have a couple of tanks. So sure, the likelihood is laughably small. But it can be done WITH TIME.

[ionbasa]

12 hours ago, KuJoe said:

Once you have physical access to a machine security goes out the window regardless of what OS you have.

Lets not forget that you can modify the Windows registry in 'offline mode' by just simply booting into recovery mode off a WIndows install media. From there you can easily make your own local admin account. There are a ton of insecurities with having physical access to a machine. 

 

The best bet is having a BIOS/UEFI bootup password. On newer machines you can disable certain I/O access during the bootup process and is only re-enabled once the OS kernel takes over. This prevents most bootup/startup vector attacks. But still leaves the OS vulnerable once it takes over. I also recommend disabling any external bootup options other than the main HDD/SSD. At the very least if a computer isn't able to boot from an external source and has an bootscreen password, it makes exploiting a step harder (unless of course the BIOS/UEFI is reflashed). It helps in cases where laptops are suspect to theft, but if you have smart cookie or a PC is an a forensics lab, then that won't stop anyone with the proper tools and knowhow. 

[Doobeedoo]

Yeah kinda not great how completely and always USB connection is trusted by OS and also using it as network workaround.

[Vode]

1 hour ago, Prysin said:

(rofl)

 

you can have a 128 character password with as random composition as possible with symbols and letters and numbers. If someone wants to crack it, there is NOTHING in this world that will stop them. It is a matter of TIME.

 

If someone wants to get into Fort Knox, they can do so. The likelihood is incredibly small due to the fact that said vault is guarded by a army of mercenaries that even have a couple of tanks. So sure, the likelihood is laughably small. But it can be done WITH TIME.

What if it takes 50 years? Or a million years. There sure are a few reasons that will stop them then. And ironically all related to TIME. Like lifespan of a PC, a human, earth or the universe. lel Even if it takes only one year chances are that the password, Windows install and PC won't even exist anymore once the password has been cracked. 

 

Bute seriously though the main thing that will stop them is that if you have a ridiculously strong password easier targets will be chosen by an attacker first.

 

I don't have to outrun the lion. Just the person I'm that's running with me. Muhaha 

 

Of course it's not guaranteed, nothing is. At a certain point the attacker will find another way to get the password if one method doesn't work, and there are plenty with the attacker actually sitting in the same room with your PC...

 

 

[Prysin]

6 minutes ago, Vode said:

What if it takes 50 years? Or a million years. There sure are a few reasons that will stop them then. And ironically all related to TIME. Like lifespan of a PC, a human, earth or the universe. lel Even if it takes only one year chances are that the password, Windows install and PC won't even exist anymore once the password has been cracked. 

 

Bute seriously though the main thing that will stop them is that if you have a ridiculously strong password easier targets will be chosen by an attacker first.

 

I don't have to outrun the lion. Just the person I'm that's running with me. Muhaha 

 

Of course it's not guaranteed, nothing is. At a certain point the attacker will find another way to get the password if one method doesn't work, and there are plenty with the attacker actually sitting in the same room with your PC...

 

 

well, in the end, it doesnt matter how badass your password is when the attacker is threatening to molest you with a cactus.

[Vode]

3 minutes ago, Prysin said:

well, in the end, it doesnt matter how badass your password is when the attacker is threatening to molest you with a cactus.

Nooo! Not the cactus! :((

 

LOL

[KuJoe]

I'm guessing the reason this is news is because of the speed in which the person gets access but it appears the speed is dependent on the password complexity. If I have local access to a machine I can gain access to a local admin account on any version of Microsoft Server regardless of password complexity (accessing an account with a 64 character password take just as long as one with a 2 character password) but it might take my 5 minutes (2 reboots) compared to the 20 seconds of the USB

[PCgamer324]

IIRC mubix used a lan turtle not USBarmory 

[dalekphalm]

12 hours ago, ScratchCat said:

I think I will get a RPi Zero and try this at my school  

Err be extremely careful with that. That would be considered hacking, and a federal crime in Canada and the US. And I mean "rape you in the ass Federal Prison" crime.

 

If you're gonna try this out "for fun", do it at home, on a network you own and control. Doing shit like this at school is just idiotic, and asking for you to get expelled and/or charged by the police.

[ScratchCat]

14 hours ago, dalekphalm said:

Err be extremely careful with that. That would be considered hacking, and a federal crime in Canada and the US. And I mean "rape you in the ass Federal Prison" crime.

 

If you're gonna try this out "for fun", do it at home, on a network you own and control. Doing shit like this at school is just idiotic, and asking for you to get expelled and/or charged by the police.

Its one of those things you say you can do but there is no point in doing. I probably couldn't work out how to do it anyway(never used linux)

[Tsuki]

10 hours ago, ScratchCat said:

Its one of those things you say you can do but there is no point in doing. I probably couldn't work out how to do it anyway(never used linux)

and honestly, why would you need somebodys windows login unless you plan on taking the computer?

and if youre going take it, just use NTPass to completely remove it. its just as easy

[ttam]

This isn't anything ground breaking.. I have a little 2gb Nvidia flash drive loaded with a paid software that will show me the windows credentials and it takes a whopping 2 seconds... And I can just see the password, change the password or just remove the password.

[laminutederire]

On Monday, September 12, 2016 at 10:38 AM, KuJoe said:

Agreed. The main problem is people want convenient security, security cannot be both secure and convenient. I wish more companies would implement 2FA and password alternatives but the majority of users aren't ready to part with their insecure usernames and passwords they are comfortable with.

That's maybe because we don't teach people how to make good and easy passwords.

Like you can learn a phrase with punctuation and a number, that gives you a long password with everything you need. For example:

HolyS#!tit'sthe1stpasswordIknow is easy to learn and way better than just a 4 figure pin number.

[ScratchCat]

14 hours ago, Tsuki said:

and honestly, why would you need somebodys windows login unless you plan on taking the computer?

and if youre going take it, just use NTPass to completely remove it. its just as easy

As a prank or joke.

[Master Disaster]

Just now, ScratchCat said:

As a prank or joke.

I used to login to pcs at our local pawn shop and remove the password. Assuming it was running XP home you could just reboot into safe mode then login with the unpassworded Administrator account. Don't think MS ever fixed that one. 

14 hours ago, Tsuki said:

and honestly, why would you need somebodys windows login unless you plan on taking the computer?

and if youre going take it, just use NTPass to completely remove it. its just as easy

Unless it's a member of a domain, and having someone's domain password is much more serious than just a dumb terminal password. 

[SpaceGhostC2C]

On 9/12/2016 at 5:34 PM, ScratchCat said:

With the correcthorsebatterystaple password, modern password crackers such as oclhashcat use dicitonaries which connect common words together making it easier to crack these passwords, its a good idea though, just needs some random symbols. Something like fx8350@4.8GHz would be better as its easy to remember and uses an "@" symbol which is rare and most importantly a full stop in the middle(who uses fullstops in thier password?).It also doesn't use commond words for most people.

The whole point of that comic is that "rare symbols" are irrelevant and the whole "mix numbers and letters" etc is wrong advice. Because the difficulty of cracking a password by brute force depends on the number of possible combinations, not in the combination you actually use. Other than that, it's time and luck.

 

Of course, you can use an algorithm that is more sophisticated than brute force (just like a human would try the name of your pet before going for random strings). The non-random ordering of the strings to be tried makes passwords harder or easier to crack, depending on how the specific algorithm orders them. Still, the password itself isn't safer or riskier, it will only be found earlier/later by certain algorithms. You can write an algorithm that will try "correcthorsebatterystaple" before " fx8350@4.8GHz". But you can also write an algorithm that does the opposite. The idea that "R@lling5tonez" is safer than "RollingStones" has no cryptographic basis, provided "R@lling5tonez" was a valid choice in both cases. It only may help with "manual" hacking, i.e., someone trying to guess if it really was your pet or maybe a l337 version of your hometown. A radonom string of characters is equally "strong", regardless of which specific characters it contains.