How To Steal Login Credentials From A Locked Windows/Mac OS X

How To Steal Login Credentials From A Locked Windows/Mac OS X

If we plug in a device that masks as a USB Ethernet adapter and has a computer on the other end, can we capture credentials from a system, even when locked out (yes, logged in, just locked)?

A Security expert has discovered a unique attack method that can be used to steal the login credentials of a locked computer (but, logged-in). Moreover, this technique (which works on both Windows as well as Mac OS X systems) requires only $50 worth of hardware and takes less than 30 seconds to carry out.

Steal Login Credentials From A Locked WindowsMac OS X (2)

Steal Login Credentials From A Locked Windows/Mac OS X

In his blog post, Rob Fuller, a principal security engineer at R5 Industries, who is better known by his hacker handle mubix, demonstrated and explained how to exploit a USB SoC-based device to turn it into a credential-sniffer that works even on a locked computer or laptop.

The hack works by plugging a flash-sized minicomputer into an unattended computer that’s logged in but currently locked. In about 20 seconds, the USB device will obtain the username and password hash used to log into the computer.

The technique works using both the Hak5 Turtle and USB Armory, both of which are USB-mounted computers that run Linux. Fuller modified the firmware code of USB dongle in such a way that when it is plugged into an Ethernet adapter, the plug-and-play USB device installs and acts itself as the network gateway, DNS server, and Web Proxy Autodiscovery Protocol (WPAD) server for the victim’s machine.

How does the Attack Work?

You might be wondering: Why does this technique work? That is because USB is Plug-and-Play.




Your location is: Princeton, NJ

Your current IP address is: 2001:4455:2f7:b700:f880:7bad:b46b:1768

You can stream and download anonymously through your PC, Mac, Android, and iPhone through IP Vanish.

Get 3-Months Free, 30-Day Money Back Guarantee

“Most PCs automatically install Plug-and-Play USB devices. This means that even if a system is locked out, the device [dongle] still gets installed,” Fuller explains in his blog post. “Now, I believe there are restrictions on what types of devices are allowed to install at a locked out state on newer operating systems (Win10/El Capitan), but Ethernet/LAN is definitely on the white list.”

Steal Login Credentials From A Locked WindowsMac OS X (1)

The modified plug-and-play USB Ethernet adapter includes a piece of software, i.e. Responder, which spoofs the network to intercept hashed credentials and then stored them in an SQLite database. The hashed credentials collected by the network exploitation tool can later be easily brute-forced to get clear text passwords.

“The average time for freshly inserting into a locked workstation and obtaining the credentials is about 13 seconds, all depends on the system,” Fuller says.

Here’s a video of Fuller’s Attack in action:

What you see in the video is the Windows 10 lock screen. When the LED goes solid white the Armory has fully shut down because of the watch script, creds achieved!

Fuller successfully tested his attack on Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1, Windows 10 (Enterprise and Home), and OS X El Capitan / Mavericks. He’s also planning to test it against several Linux distros.

For more detailed explanation, you can read his blog post here.


drilling machine

4 Questions to Ask Before Buying Haas CNC Machines

CNC machines are controlled by software that enables you to create bespoke designs easily. Computer Numerical Control machinery is incredibly versatile. Different machines can be …

survival game
eSports and eGaming

5 Essential Tips for Escape from Tarkov New Players

Escape from Tarkov or EFT combines roleplay and shooting with an enthralling story set in a fictional city called Tarkov in Russia. 5 Essential Tips …

paint brush

Why Is It Important to Fund the Arts

Arts bring us enjoyment, help express our creativity, and guide us in living our lives. Why Is It Important to Fund the Arts Yet even …

arcade games

How Technology Has Changed the Gaming Industry

Gaming is a hobby for billions of people around the world, with many choosing to use games to socialize, relax, and have fun. Its popularity …

scrabble tiles

 How Does Duplicate Content Affect SEO

SEO specialists define duplicate content as the content that appears on two different websites with unique URLs. So this is a kind of content that …

city view

The Evolution of Drones From Military to Hobby Commercial

Nowadays, drone applications can be found in almost every aspect of our lives. But before they became the worldwide phenom they are today, drones were …