How To Steal Login Credentials From A Locked Windows/Mac OS X

How To Steal Login Credentials From A Locked Windows/Mac OS X

If we plug in a device that masks as a USB Ethernet adapter and has a computer on the other end, can we capture credentials from a system, even when locked out (yes, logged in, just locked)?

A Security expert has discovered a unique attack method that can be used to steal the login credentials of a locked computer (but, logged-in). Moreover, this technique (which works on both Windows as well as Mac OS X systems) requires only $50 worth of hardware and takes less than 30 seconds to carry out.

Steal Login Credentials From A Locked WindowsMac OS X (2)

Steal Login Credentials From A Locked Windows/Mac OS X

In his blog post, Rob Fuller, a principal security engineer at R5 Industries, who is better known by his hacker handle mubix, demonstrated and explained how to exploit a USB SoC-based device to turn it into a credential-sniffer that works even on a locked computer or laptop.

The hack works by plugging a flash-sized minicomputer into an unattended computer that’s logged in but currently locked. In about 20 seconds, the USB device will obtain the username and password hash used to log into the computer.

The technique works using both the Hak5 Turtle and USB Armory, both of which are USB-mounted computers that run Linux. Fuller modified the firmware code of USB dongle in such a way that when it is plugged into an Ethernet adapter, the plug-and-play USB device installs and acts itself as the network gateway, DNS server, and Web Proxy Autodiscovery Protocol (WPAD) server for the victim’s machine.

How does the Attack Work?

You might be wondering: Why does this technique work? That is because USB is Plug-and-Play.




Your location is:

Your current IP address is: 2001:4455:2f7:b700:f880:7bad:b46b:1768

You can stream and download anonymously through your PC, Mac, Android, and iPhone through IP Vanish.

Get 3-Months Free, 30-Day Money Back Guarantee

“Most PCs automatically install Plug-and-Play USB devices. This means that even if a system is locked out, the device [dongle] still gets installed,” Fuller explains in his blog post. “Now, I believe there are restrictions on what types of devices are allowed to install at a locked out state on newer operating systems (Win10/El Capitan), but Ethernet/LAN is definitely on the white list.”

Steal Login Credentials From A Locked WindowsMac OS X (1)

The modified plug-and-play USB Ethernet adapter includes a piece of software, i.e. Responder, which spoofs the network to intercept hashed credentials and then stored them in an SQLite database. The hashed credentials collected by the network exploitation tool can later be easily brute-forced to get clear text passwords.

“The average time for freshly inserting into a locked workstation and obtaining the credentials is about 13 seconds, all depends on the system,” Fuller says.

Here’s a video of Fuller’s Attack in action:

What you see in the video is the Windows 10 lock screen. When the LED goes solid white the Armory has fully shut down because of the watch script, creds achieved!

Fuller successfully tested his attack on Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1, Windows 10 (Enterprise and Home), and OS X El Capitan / Mavericks. He’s also planning to test it against several Linux distros.

For more detailed explanation, you can read his blog post here.



Five Helpful Ways to Help You Make More Money With Your Blog

Can I make money from my blog?  What are the different ways that I can use to make money from my blog? How much money …

Successful Web Security
Tech Tips

13-Step Guide to Creating A Successful Web Security Plan for Your Server and Data

Putting a website security plan in place is necessary for the safety of your website. Without such a plan, you can never ensure the security …

search engine optimization

Top 10 Local SEO Myths to Forget in 2021

Search is a focal point for business owners and consumers alike. There are multiple ways to drive website traffic today. Top 10 Local SEO Myths …


4 Budget-Friendly Strategies to Engage Your Remote Employees

Businesses have changed radically in the last five years with the evolution of digital, cloud, and online capabilities. 4 Budget-Friendly Strategies to Engage Your Remote …

success tree
B2B Technology

How To Write A Marketing Plan in 2021

The marketing schools are getting smarter and smarter. They know that an M.B.A., or even an engineering degree, will not give you the skills you …

credit card
B2B Technology

10 Benefits of Accepting Credit Cards on Your Ecommerce Website

When a business decides to sell online, they probably think of PayPal’s handy payment button. It’s good for receiving money from customers and is compatible …