A Security researcher has discovered a unique assault method that tin travel used to bag credentials from a locked estimator (but, logged-in) in addition to industrial plant on both Windows every bit good every bit Mac OS X systems.
In his spider web log postal service published today, safety proficient Rob Fuller demonstrated in addition to explained how to exploit a USB SoC-based device to plow it into a credential-sniffer that industrial plant fifty-fifty on a locked estimator or laptop.
Fuller modified the firmware code of USB dongle inwards such a agency that when it is plugged into an Ethernet adapter, the plug-and-play USB device installs in addition to acts itself every bit the network gateway, DNS server, in addition to Web Proxy Auto-discovery Protocol (WPAD) server for the victim's machine.
The assault is possible because almost PCs automatically install Plug-and-Play USB devices, pregnant "even if a organisation is locked out, the device [dongle] notwithstanding gets installed," Fuller explains inwards his blog post.
You powerfulness travel wondering: Why your estimator automatically percentage Windows credentials alongside whatever connected device?
That is because of the default demeanour of Microsoft Window’s elevate resolution services, which tin travel abused to bag authentication credentials.
The modified plug-and-play USB Ethernet adapter includes a slice of software, i.e. Responder, which spoofs the network to intercept hashed credentials in addition to hence stored them inwards an SQLite database.
The hashed credentials collected yesteryear the network exploitation tool tin afterwards travel easily brute-forced to decease clear text passwords.
Apparently, to acquit this attack, attackers would take away physical access to a target computer, hence that they tin plug inwards the evil USB Ethernet adapter. However, Fuller says the average fourth dimension required for a successful assault is just thirteen seconds.
You tin sentinel the video demonstration below that shows Fuller's assault inwards action.
Fuller successfully tested his assault against Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows seven SP1, Windows 10 Enterprise in addition to Home (but non Windows 8), every bit good every bit OS X El Capitan in addition to OS X Mavericks. He’s also planning to exam it against several Linux distros.
Fuller tested the assault alongside 2 USB Ethernet dongles: the USB Armory in addition to the Hak5 Turtle. For to a greater extent than detailed explanation, y'all tin caput on to his blog post.
In his spider web log postal service published today, safety proficient Rob Fuller demonstrated in addition to explained how to exploit a USB SoC-based device to plow it into a credential-sniffer that industrial plant fifty-fifty on a locked estimator or laptop.
Fuller modified the firmware code of USB dongle inwards such a agency that when it is plugged into an Ethernet adapter, the plug-and-play USB device installs in addition to acts itself every bit the network gateway, DNS server, in addition to Web Proxy Auto-discovery Protocol (WPAD) server for the victim's machine.
The assault is possible because almost PCs automatically install Plug-and-Play USB devices, pregnant "even if a organisation is locked out, the device [dongle] notwithstanding gets installed," Fuller explains inwards his blog post.
"Now, I believe in that place are restrictions on what types of devices are allowed to install at a locked out nation on newer operating systems (Win10/El Capitan), but Ethernet/LAN is definitely on the white list."
How does the Attack Work?
You powerfulness travel wondering: Why your estimator automatically percentage Windows credentials alongside whatever connected device?
That is because of the default demeanour of Microsoft Window’s elevate resolution services, which tin travel abused to bag authentication credentials.
The modified plug-and-play USB Ethernet adapter includes a slice of software, i.e. Responder, which spoofs the network to intercept hashed credentials in addition to hence stored them inwards an SQLite database.
The hashed credentials collected yesteryear the network exploitation tool tin afterwards travel easily brute-forced to decease clear text passwords.
Apparently, to acquit this attack, attackers would take away physical access to a target computer, hence that they tin plug inwards the evil USB Ethernet adapter. However, Fuller says the average fourth dimension required for a successful assault is just thirteen seconds.
You tin sentinel the video demonstration below that shows Fuller's assault inwards action.
Fuller successfully tested his assault against Windows 98 SE, Windows 2000 SP4, Windows XP SP3, Windows seven SP1, Windows 10 Enterprise in addition to Home (but non Windows 8), every bit good every bit OS X El Capitan in addition to OS X Mavericks. He’s also planning to exam it against several Linux distros.
Fuller tested the assault alongside 2 USB Ethernet dongles: the USB Armory in addition to the Hak5 Turtle. For to a greater extent than detailed explanation, y'all tin caput on to his blog post.