Tales from the Certified Hacker: You'll need physical access to hack Windows and OS X passwords in 13 seconds!

13 Oct 2016

There are scary stories floating around on the Internet about a seemingly simple hack in order to gain passwords from Windows and OS X machines.  The process is not as simple as some sites would have us believe, and the concept has been around for many years.  First, and most importantly, the hacker requires physical access to the PC.  Next, the PC needs to be turned on and logged into.

I used to demonstrate in class a device called a U3, it's a special type of ESB drive which surfaced around eleven years ago.  It was unique in that it had two configured drives; one being a normal USB flash drive partition, and the other being an emulated CD-ROM. In the days of Windows XP, a CD-ROM would autorun when inserted into a PC.  The U3 took advantage of this configuration by auto-executing a file called LaunchPad (LaunchU3.exe).

I'd use the U3 to extract password hash tables and passwords from target machines as a demonstration to students that physical access to a machine allows hackers to access pretty much anything on a machine.

The U3 no longer works as designed, since Microsoft turned off the CD-ROM autorun feature with a patch for Windows XP and Vista in 2011 to make them more secure, although the U3 can still be launched manually. 

The modern version of the U3 would be the USB Armory and the Hak5 LAN Turtle. Both devices present themselves to the PC as Ethernet dongles, appearing to the PC as USB Ethernet devices, and are accepted on face value as such. As stated earlier, the whole process is not possible unless the hacker has physical access to the PC, so home computer users can rest easy.  That is, unless you share your residence with a hacker!

References:

Are you protected by a Certified Ethical Hacker?

Terry Griffin

Want to learn more about how to protect your IT information and privacy?  Attend the EC-Council Certified Ethical Hacker course at DDLS