How secure is 10 vs this?

Page 2 of 2 FirstFirst 12

  1. Posts : 822
    Microsoft Windows 10 Pro 64-bit
       #11

    Just curious if anyone here actually read the article -- At no point was a Windows Machine touched the guy just managed to add another admin to his Kali Linux It's not actually a hack It is buy design or you could call it a feature if you get locked out of your box.

    I really don't understand why he had to add another sudo user to kali presumably he already knew the admin user since he must of made the kali live usb, Seems to be click bait

    1. hack windows 10
    2 kali linux
      My Computer


  2. Posts : 15,484
    Windows10
       #12

    Digital Life said:
    Just curious if anyone here actually read the article -- At no point was a Windows Machine touched the guy just managed to add another admin to his Kali Linux It's not actually a hack It is buy design or you could call it a feature if you get locked out of your box.

    I really don't understand why he had to add another sudo user to kali presumably he already knew the admin user since he must of made the kali live usb, Seems to be click bait

    1. hack windows 10
    2 kali linux
    Yep - I could not make head or tail of what that article was trying to do.

    If a person wants to keep windows secure:

    Use bitlocker, set bitlocker pin (only Pro), make sure booting from usb is not first in bios boot order and set bios password.

    OK, the most determined hacker may be able to find a way round the bios password, but on my laptop, you would have to take laptop apart in great detail.
      My Computer


  3. Posts : 1,764
    Windows 10 Pro (+ Windows 10 Home VMs for testing)
       #13

    Digital Life said:
    Just curious if anyone here actually read the article -- At no point was a Windows Machine touched the guy just managed to add another admin to his Kali Linux
    He didn't even add another admin. He just changed the Kali boot loader on the USB from read-only to read-write to let him write a new password to an existing graham1234 account on the Kali USB stick.

    I agree with you. Nothing he did "hacked a Locked Windows 10"... its USB port was just a means to boot a Kali USB stick from, nothing more.
      My Computer


  4. Posts : 2,271
    Linux:Debian, Kali-Linux... 2xWin8.1,1x7Pro, Retro:1x2003server.1xXPpro, 1xW2k,1x98SE,1x95,1x3.11
       #14

    Try3 said:
    I'm trying to explain to you that what you posted does not work.
    Booting from a USB does.

    Denis
    Your right, they have patched that access.. that worked in the past with win8 and first edition of win10
    Sadly you can still get admin access to a machine you don't have permission admin access to. But as that isn't in a tutorial in here i wont brake rule 6 of this forum
      My Computer


  5. Posts : 16,946
    Windows 10 Home x64 Version 22H2 Build 19045.4170
       #15

    Digital Life said:
    Just curious if anyone here actually read the article ...
    Yes, I did - see post #4.
    I thought it was complete rot.


    All the best,
    Denis
      My Computer


  6. Posts : 295
    Windows 10 Pro
       #16

    What is described in the article is the same exact thing (to an extent) that Offline NT Password and Registry Editor has been doing for years. I used it on my Bro's computer back then. It was Windows XP. Once in I created a hidden user account via the registry and how Windows worked back then is you'd use a key combination at the login screen to bring up a username/password input box. If memory serves you'd press and hold Shift and Control and tap Delete twice or something. Now once that new login prompt shows up you can access your invisible account that is not shown in the regular list of usernames when Windows XP booted.

    Of course it still arouses suspicion that the main account password no longer works since it was changed. That's where you crack the NTLM hash stored in the SAM (Security Account Manager) with something like Hashcat or John the Ripper which has a GUI frontend called Johnny.


    This is perhaps chief number one reason as to why I fully encrypt my computers... It can be a pain, and like all security it is cumbersome, but if I can do it why not, right? It's the nerd ethos... LOL Many others simply don't care... all those tax records and whatnot are free for the taking....
      My Computer


  7. Posts : 4
    W10 LTSC
       #17

    I realize I am digging up an older thread, but the way I have always done that if I wasn't just looking to navigate around on a flash drive was the sticky keys reset, Or at least that's what I think it's called.
    It was simple as booting on a usb (winpe preferrably), renaming sethc.exe to sethc.old under windows\system32 and copying cmd.exe to sethc.exe

    After rebooting the pc back to windows press the shift key 5 times, and in the command prompt type net user "username" "desiredpassword" without the quotes, then login as the user. The command prompt is ran as system at that point so you will have rights to do that, or run lusrmgr.msc (if running pro version of windows) at the login screen. If you run the dir command (to figure out the username) and get a bunch of jibberish about the command prompt not being executed from the proper location you can launch it within itself by entering cmd. It is kind of odd but I suspect it's because it was initiated from the wrong path. If you needed safe mode you could run msconfig and tick the safemode option since that relic is still present.

    I have had a few machines that were difficult or noticed a filesystem change and reverted it, but this usually doesn't occur until well after logging in. If pressing shift 5 times doesn't work then I resort to using utilman.exe I think it is. Should be the icon on the lower-right of the screen that is for accessibility If I recall correctly.

    None of this will work with Bitlocker set of course.
    As a separate heads up/thought. Did you all know that windows 10 was automatically encrypting the content on your drive if you setup with a microsoft account? The key is stored in your ms account you initially set it up with. I have a sneaking suspicion this is going to come back to bite many users if they have to recover data on their drives (not knowing they were encrypted in the first place) and have lost access to those accounts.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 12:28.
Find Us




Windows 10 Forums