Just curious if anyone here actually read the article -- At no point was a Windows Machine touched the guy just managed to add another admin to his Kali Linux It's not actually a hack It is buy design or you could call it a feature if you get locked out of your box.
I really don't understand why he had to add another sudo user to kali presumably he already knew the admin user since he must of made the kali live usb, Seems to be click bait
1. hack windows 10
2 kali linux
Yep - I could not make head or tail of what that article was trying to do.
If a person wants to keep windows secure:
Use bitlocker, set bitlocker pin (only Pro), make sure booting from usb is not first in bios boot order and set bios password.
OK, the most determined hacker may be able to find a way round the bios password, but on my laptop, you would have to take laptop apart in great detail.
He didn't even add another admin. He just changed the Kali boot loader on the USB from read-only to read-write to let him write a new password to an existing graham1234 account on the Kali USB stick.
I agree with you. Nothing he did "hacked a Locked Windows 10"... its USB port was just a means to boot a Kali USB stick from, nothing more.
What is described in the article is the same exact thing (to an extent) that Offline NT Password and Registry Editor has been doing for years. I used it on my Bro's computer back then. It was Windows XP. Once in I created a hidden user account via the registry and how Windows worked back then is you'd use a key combination at the login screen to bring up a username/password input box. If memory serves you'd press and hold Shift and Control and tap Delete twice or something. Now once that new login prompt shows up you can access your invisible account that is not shown in the regular list of usernames when Windows XP booted.
Of course it still arouses suspicion that the main account password no longer works since it was changed. That's where you crack the NTLM hash stored in the SAM (Security Account Manager) with something like Hashcat or John the Ripper which has a GUI frontend called Johnny.
This is perhaps chief number one reason as to why I fully encrypt my computers... It can be a pain, and like all security it is cumbersome, but if I can do it why not, right? It's the nerd ethos... LOL Many others simply don't care... all those tax records and whatnot are free for the taking....
I realize I am digging up an older thread, but the way I have always done that if I wasn't just looking to navigate around on a flash drive was the sticky keys reset, Or at least that's what I think it's called.
It was simple as booting on a usb (winpe preferrably), renaming sethc.exe to sethc.old under windows\system32 and copying cmd.exe to sethc.exe
After rebooting the pc back to windows press the shift key 5 times, and in the command prompt type net user "username" "desiredpassword" without the quotes, then login as the user. The command prompt is ran as system at that point so you will have rights to do that, or run lusrmgr.msc (if running pro version of windows) at the login screen. If you run the dir command (to figure out the username) and get a bunch of jibberish about the command prompt not being executed from the proper location you can launch it within itself by entering cmd. It is kind of odd but I suspect it's because it was initiated from the wrong path. If you needed safe mode you could run msconfig and tick the safemode option since that relic is still present.
I have had a few machines that were difficult or noticed a filesystem change and reverted it, but this usually doesn't occur until well after logging in. If pressing shift 5 times doesn't work then I resort to using utilman.exe I think it is. Should be the icon on the lower-right of the screen that is for accessibility If I recall correctly.
None of this will work with Bitlocker set of course.
As a separate heads up/thought. Did you all know that windows 10 was automatically encrypting the content on your drive if you setup with a microsoft account? The key is stored in your ms account you initially set it up with. I have a sneaking suspicion this is going to come back to bite many users if they have to recover data on their drives (not knowing they were encrypted in the first place) and have lost access to those accounts.
Quote