A security researcher has found a simple and unique way to input login credentials for Windows Or OS X Hack. The attack is carried out using a USB Ethernet adapter that carries a software named Responder. When the device is plugged into a computer, it reads the login credentials and saves them into an SQLite database.
Rob Fuller, a security researcher and blogger, has demonstrated how to exploit a USB SoC-based device to crack the password of a locked laptop. Once the device is plugged into a modified Ethernet adapter, it works like a network gateway, a WPAD server, and a DNS server for the target machine.
Fuller has described the hack in his blog post where he tells how he was able to capture credentials from a system (logged in, just locked). He writes —
TL;DR USB Ethernet + DHCP + Responder == Creds
Why (and how) this computer hack works on locked devices?
Disclaimer: This article is just for educational purposes. Please test the attack on the systems you own and avoid indulging in any unethical practice.
This hack is possible because most computers install plug-and-play USB devices even if the system is locked. Fuller tested the hack with two USB Ethernet dongles– the USB Armory and the Hak5 Turtle.
“Now, I believe there are restrictions on what types of devices are allowed to install at a locked out state on newer operating systems (Win10/El Capitan), but Ethernet/LAN is definitely on the white list,” he writes.
While installing a new (and malicious) USB plug-and-play Ethernet adapter, the computer lends the credentials needed to install the device. Fuller’s modified hacking device contains code (a software named Responder) that reads these login credentials and saves them in a database.
{blog} Snagging creds from locked machines – https://t.co/zqYo142tVj
— Rob Fuller (@mubix) September 6, 2016
Fuller has tested his computer hack on a variety of operating systems, including the likes of Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1, Windows 10 (Home and Enterprise Edition), and OS X El Capitan/Mavericks. He hasn’t tested the hack on Linux (possibly it works).
Interestingly, this hack takes about 13 seconds, depending on a system. For details, you can read Fuller’s blog post.
He has even prepared a video showcasing the hack on a Windows 10 PC. Take a look: