Skip to main content
  1. Home
  2. Computing
  3. News

Here’s how to grab login credentials on Windows using a USB mini-computer

Kevin Parrish
By
USB credential stealing while screen is locked
A security engineer has discovered how to grab the login credentials of a logged-in but locked Windows computer by simply using a $50 USB mini-computer running Linux. Rob “mubix” Fuller even managed to grab login credentials from locked OS X “El Capitan” and “Mavericks” computers.

“First off, this is dead simple and shouldn’t work, but it does,” Fuller, one of the principal security engineers at R5 Industries, recently blogged. “Also, there is no possible way that I’m the first one that has identified this, but here it is (trust me, I tested it so many ways to confirm it because I couldn’t believe it was true).”

Recommended Videos

He began the experiment using a $155 USB Armory, a flash-drive sized computer with an 800MHz processor based on ARM Cortex-A8 core technology, 512MB of DDR3 system memory, a MicroSD card slot, and native support for Android, Debian, Ubuntu, and Arch Linux. However, he also ended up using a $50 Hak5 Turtle mini-computer with a built-in Ethernet port for wired networking. The USB Armory device can emulate Ethernet connectivity as well.

Related

The blog shows how he set up both devices. First, the Armory device needed Python installed, and then he set up its interface, its DHCP server, and other small details before he could insert the device into the computer’s USB port. The Hak5 Turtle unit was nearly ready right out of the box. Ultimately, both units were capable of grabbing login credentials in about 13 seconds, depending on the system. The Armory device even lit up an LED when it obtained the credentials.

According to Fuller, the Armory unit is more versatile, has more storage, and uses a faster processor. The Hak5 Turtle unit is less suspicious appearance-wise because of the built-in Ethernet port, but it doesn’t sport an LED indicating that credentials are captured. However, it’s capable of getting Shell access to the connected PC as well as login credentials.

In the tests, both devices used a software module called Responder, which allows the devices to become a network gateway, a DNS server, a WPAD server, and more. This software is defined as an LLMNR, NBT-NS and MDNS poisoner, meaning it enables the device to appear a PC on a local network and respond with false information to another machine on the network looking for a host address, such as a network printer. In turn, the device using Responder will say it’s actually the printer (which it’s not), thus the “victim” computer will send the login credentials to the device.

So why does this work? “Because USB is plug-and-play,” Fuller says. “This means that even if a system is locked out, the device still gets installed. Now, I believe there are restrictions on what types of devices are allowed to install at a locked out state on newer operating systems (Win10/El Capitan), but Ethernet/LAN is definitely on the white list.”

So far, Fuller has tested this “hack” on Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows 7 SP1, Windows 10 Enterprise, Windows 10 Home, OS X El Capitan, and OS X Mavericks. He has yet to test this method on a Linux machine, so stay tuned for that.

Editors' Recommendations

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
The next big update to Windows 10 just launched. Here’s how to install it
windows 10 may 2021 update how to install upate

Microsoft began rolling out the anticipated Windows 10 May 2021 Update that had been announced earlier this year. Starting on May 18, select people will be able to download the required files and upgrade their Windows 10 to the newest version — 21H1.

However, Microsoft announced that it is taking a different approach to releasing the new update this time around, and not all users will be able to get it right away. The company also shared an update on the state of Windows 10X, which is officially dead.

Read more
The next major Windows 10 update is about to launch. Here’s how to get it now
microsoft surface go pro 7 deals amazon best buy fathers day sale 2020 review feature 768x479 c

Microsoft is getting the next update for Windows 10 ready for release. One of the final Windows 10 May 2021 Update test builds is now out for Windows Insider beta testers, meaning the general public could get the release on their PCs in a little as a few weeks.

Although the overall experience could still be improved between now and a final public release, Windows Insiders in the Release Preview channel can choose to install this update now by downloading Windows 10 21H1 Build 19043.928. This build can also be downloaded as an ISO file for a clean installation on any new PC, with the caveat that the computer will be enrolled in the Insider Program.

Read more
How to use Windows Sandbox in Windows 10
Try sketchy applications without harming your computer using Windows Sandbox
how to use windows sandbox 20190730 124914

With the release of the Windows 10 May 2019 Update, several features were added to Windows 10. One of the more interesting was a new application known as Windows Sandbox.

Windows Sandbox is an integrated element and is primarily designed to allow you to run untrusted and sketchy apps separate from the rest of the operating system.

Read more