Security researcher Rob Fuller published a simple way to steal login credentials (passwords) from locked Windows and OS X computers.
Attack requires:
Access to computer goal
Ένας συνδεδεμένος φορητός υπολογιστής που έχετε τροποποιήσει για να υποδυθεί έναν προσαρμογέα USB Ethernet
and
a computer with software that will crack the hashes that will be intercepted.
The actual attack can be done in less than half a minute, as you will see in the video below.
"Why; Because USB is Plug-and-Play. This means that even if one system it's locked, the device still works,” Fuller says.
"Right now, I think there are restrictions on the types of devices you can install on a locked computer with newer operating systems (Win10 / El Capitan), but Ethernet / LAN devices definitely work."
In his blog, tells how to set up a USB Armory or a Hak5 Turtle - two cheap ($ 155 and $ 49.99 respectively) USB-mounted Linux computers to use in attack.
Basically, they must be equipped with Responder, an open source software that simulates an authentication server. The operating system "recognizes" the server, and trusts it by default, as if it were on the local network. This responds to the authentication request with the login credentials (passwords) recorded in a database.
To complete the attack, you must break the hashes of the stolen credentials. Different operating systems use different hashes, but all can be broken or downgraded to a form that can be used in attacks "Pass the hash."
Attack has been tested on various operating systems and OS versions. It works in Windows 98 SE, 2000 SP4, XP SP3, 7 SP1, and 10, as well as OS X El Capitan / Mavericks. It's not currently tested on Linux.
Watch the video and think the next time you lock your PC and think it's safe.