win 8 password cracking
Post on 15-Jan-2015
1.940 Views
Preview:
DESCRIPTION
TRANSCRIPT
1 | P a g e
White Paper On
“Cracking Windows 8 Password & its Counter Measures”
Presented By:
Mohit Rawat
Under Guidance of:
Nutan Kumar Panda
Contact: mohitreload@gmail.com
2 Project by – Mohit Rawat
Table of Content
CHAPTER No. Title Page No
1. Introduction of Windows 8 3
2. Backdoor creation in Windows 8 4
3. Step by step process 5
4. What can be done after getting cmd? 15
5. There is certain problem with above steps. 17
6. Alternate Way 17
7. Dump Windows 8 Password in Plain Text 19
8. Security Measures 23
9. Conclusion 29
10. References 30
Contact: mohitreload@gmail.com
3 Project by – Mohit Rawat
1. Introduction to
Windows 8 is an operating system produced by Microsoft for use on personal computers,
including home and business desktops, laptops, tablets, and home theater PCs.
Development of this operating system started before the release of its predecessor in 2009. Its
existence was first announced in January 2011 at Consumer Electronics Show. During its
development and test phases, Microsoft released three pre-release versions: Developer
Preview (September 13, 2011), Consumer Preview (February 29, 2012), and Release Preview
(May 31, 2012). On August 1, 2012, Windows 8 graduated from the development stage and
was released to manufacturing. Windows 8 is slated for general availability on October 26,
2012.
Windows 8 introduces significant changes to the operating system's graphical user interface
and platform, such as a new interface design incorporating a new design language used by
other Microsoft products, a new Start screen to replace the Start menu used by previous
versions of Windows, a new online store that can be used to obtain new applications, along
with a new platform for apps that can provide what developers described as a "fast and fluid"
experience with emphasis on touchscreen input. Additional security features were also added
to the operating system, such as a built-in antivirus program and a secure boot feature on
systems with UEFIfirmware. Secure boot requires the operating system to be digitally signed
to protect malware from infecting the boot process. The implementation of this feature has
sparked controversy among supporters of free software. Windows 8 also introduces an
edition of the operating system designed to run on devices that utilize the ARM architecture,
known as Windows RT.
This project is tested on Windows 8 Consumer Preview and the best thing about this project is this is
done before official release of Windows 8. And the official stable version will release on 26th October
2012.
Contact: mohitreload@gmail.com
4 Project by – Mohit Rawat
2. Backdoor creation in Windows 8
2.1 Define:Backdoor
Creating a backdoor is a technique to maintain Un-authorized access to a system. This is an old and
evergreen technique.
2.2 From where backdoor will generate?
As we know there are certain processes that start with windows startup and runs with the login
screen. We will target one of such process and perform this attack.
2.3 What is that process?
That process is “sethc.exe”. It is the process associated with the service “Sticky key”.
2.4 What to do with sethc.exe?
When we press 5 time shift button this service runs on a windows system by the process sethc.exe.
That means if we press 5 time shift button the sub routine calls the sethc.exe process and though it
starts Sticky Key. If we will change any other service which can provide us admin level privileges to
read, write or edit then we can access the system quite easily.
2.5 What are the services than can be used for backdoor?
You can use anything you want that you think will be helpful to you.
2.6 Any suggestions for the same?
You can use cmd.exe, explorer.exe, etc…
2.7 What you are going to use?
I am going to use cmd.exe to create backdoor. As it will allow me to use windows in cli mode.
Contact: mohitreload@gmail.com
5 Project by – Mohit Rawat
3. Step by step process
Go to my computers.open c drive.
Goto windows. Then goto system32
Find sethc in system32
Contact: mohitreload@gmail.com
6 Project by – Mohit Rawat
Right click in sethc. Click in properties
Contact: mohitreload@gmail.com
7 Project by – Mohit Rawat
Press security tab in it.
Then click in advance tab.
Contact: mohitreload@gmail.com
8 Project by – Mohit Rawat
Then click on change in the front of owner
Contact: mohitreload@gmail.com
9 Project by – Mohit Rawat
Then click on advance tab
Then click in find now option. Click on administrators
Contact: mohitreload@gmail.com
10 Project by – Mohit Rawat
Click on apply and then click on ok.
Allow full control to this. Press ok .
Contact: mohitreload@gmail.com
11 Project by – Mohit Rawat
Find cmd.exe in system32
copy it
Contact: mohitreload@gmail.com
12 Project by – Mohit Rawat
Paste it into desktop. Rename it to sethc
Copy it and paste it into system 32 folder
Contact: mohitreload@gmail.com
13 Project by – Mohit Rawat
Click in replace the file in the destinition folder
Contact: mohitreload@gmail.com
14 Project by – Mohit Rawat
Restart the computer and open login window
Press sift key five time And you will get command prompt.
Contact: mohitreload@gmail.com
15 Project by – Mohit Rawat
4. What can be done after getting cmd?
4.1 We can write commands to see the user name?
>net user
It will show all the available user names
4.2 Than we can change passwords of a user name.Let’s change the password of Administrator
>net user administrator hacked
Here hacked will be the new password for administrator
4.3 To create a new username
>net user devil hacker/add
This will create a new user name devil with password hacker but it will be a limited privileged
account
4.4 To make the new user administrator
>net localgroup administrators devil/add
Here devil will get the administration privilege
4.5 If you don’t want commands you can also do it in GUI
>control userpasswords2
Contact: mohitreload@gmail.com
16 Project by – Mohit Rawat
We can reset password from here or we can add a new user from their by
clicking add
By click on new user we can add a new user in windows 8
Contact: mohitreload@gmail.com
17 Project by – Mohit Rawat
Press ok and we get a new user for windows 8
5. There are certain problem with above steps. 1. If we change the password of Administrator, user can guess that
someonehacked his system.
2. If we create a new user than also user can suspect something fishy.
3. So is there a way without changing the passwords or creating a new
account we can still able to enter into a system?
6. The Alternate Way
By press shift key five tymes we get a cmd and by enter explorer.exe we get a tray at the bottom
of the window
Contact: mohitreload@gmail.com
18 Project by – Mohit Rawat
On
press right click on that tray we get properties option
Contact: mohitreload@gmail.com
19 Project by – Mohit Rawat
On clicking on destrop we get a path to other folder present on system
We can visit anywhere from their.we can also open IE from here
Yes This is the way hackers use to enter into someone’s system without his or her permission.
You can be a victim also.
Tips: Always check your sticky key whether it is opening something
different or the normal screen. If some other thing opens than simply
format your system.
Contact: mohitreload@gmail.com
20 Project by – Mohit Rawat
7. Dump Windows 8 Password in Plain Text
This technique can be used in Windows xp, vista, 7 and also in 8. We use a software called mimikatz
for this.
7.1 Download mimkatz
http://blog.gentilkiwi.com/downloads/mimikatz_trunk.zip
open up the mimikatz.exe in the mimikatz folder with your type of OS. As I am having windows 32
bit I am opening mimikatz.exe from win32 folder.
Run as administrator the mimikatz.exe
Then you might get something like mimkatz#
Contact: mohitreload@gmail.com
21 Project by – Mohit Rawat
7.2 Then follow the commands
mimkatz#privilege::debug
Contact: mohitreload@gmail.com
22 Project by – Mohit Rawat
mimkatz#inject::process lsass.exe sekurlsa.dll
mimkatz#@gel/tLogonPasswords
Contact: mohitreload@gmail.com
23 Project by – Mohit Rawat
8. Security Measures
Windows 8 is vurnable to text passwords by using backdoor and by using softwares like mimkatz so
to overcome this we use picture passwords. Procedure to set picture password is given below.
Go to Left bottom corner of the desktop and than settings
Goto settings, then goto more PC setting
Contact: mohitreload@gmail.com
24 Project by – Mohit Rawat
Click on Users
Contact: mohitreload@gmail.com
25 Project by – Mohit Rawat
Click on create on a picture password.
It will ask for current text password . Enter the password and press ok
Contact: mohitreload@gmail.com
26 Project by – Mohit Rawat
select picture to set picture password
Chose picture and click on open.
Click on use this picture. After selecting picture set picture password
Contact: mohitreload@gmail.com
27 Project by – Mohit Rawat
On log window use picture password and press ok
And you see the welcome screen.
Contact: mohitreload@gmail.com
28 Project by – Mohit Rawat
Tips: As Picture password is a new concept. It is quite difficult to hack. So Use
it and be secured.
*************
Contact: mohitreload@gmail.com
29 Project by – Mohit Rawat
9. Conclusion
At the time of comparison between windows & linux OS, we assume that windows is less secure than linux OS .Upcoming latest OS of Windows 8 is one of them it has several vulnerabilities such as we get password of windows 8 in plain text by using software’s like mimikatz. This project is dedicated to password associated vulnerabilities and how to fix them.
Contact: mohitreload@gmail.com
30 Project by – Mohit Rawat
10. References
http://en.wikipedia.org/wiki/Windows_8
http://windows.microsoft.com/en-US/windows-8/release-preview
http://blog.gentilkiwi.com/downloads/mimikatz_trunk.zip
top related