Rob Fuller, security researcher, published a simple way to steal passwords from locked Windows and OS X computers.
For the attack he needs:
Access to the target computer
A connected notebook that you have modified to impersonate a USB Ethernet adapter
and
a computer with software that will crack them hashes to be intercepted.
The actual attack can be done in less than half a minute, as you will see in the video below.
"Why; Because USB is Plug-and-Play. This means that even if a system is locked, the device it still works,” says Fuller.
"Right now, I think there are restrictions on the types of devices you can install on a locked computer with newer operating systems (Win10 / El Capitan), but Ethernet / LAN devices definitely work."
In his blog, tells how to set up a USB Armory or a Hak5 Turtle - two cheap ($ 155 and $ 49.99 respectively) USB-mounted Linux computers to use in attack.
Basically, they must be equipped with Responder, an open source software that simulates a control server ID cardς. Το λειτουργικό σύστημα «αναγνωρίζει» το διακομιστή, και τον εμπιστεύεται εξ ορισμού, σαν να είναι στο τοπικό network. It thus responds to the authentication request with the login credentials (passwords) recorded in a database.
To complete the attack, you must break the hashes of the stolen credentials. Different operating systems use different hashes, but all can be broken or downgraded to a form that can be used in attacks "Pass the hash."
Attack has been tested on various operating systems and OS versions. It works in Windows 98 SE, 2000 SP4, XP SP3, 7 SP1, and 10, as well as OS X El Capitan / Mavericks. It's not currently tested on Linux.
Watch the video and think the next time you lock your PC and think it's safe.
