White Paper On   “Cracking Windows 8 Password & its           Counter Measures”                             Presented By: ...
Contact: mohitreload@gmail.com                           Table of ContentCHAPTER No.                      Title           ...
Contact: mohitreload@gmail.com                             1. Introduction toWindows 8 is an operating system produced by ...
Contact: mohitreload@gmail.com                        2. Backdoor creation in Windows 82.1 Define:BackdoorCreating a backd...
Contact: mohitreload@gmail.com                             3. Step by step processGo to my computers.open c drive.Goto win...
Contact: mohitreload@gmail.comRight click in sethc. Click in properties     6 Project by – Mohit Rawat
Contact: mohitreload@gmail.comPress security tab in it.Then click in advance tab.     7 Project by – Mohit Rawat
Contact: mohitreload@gmail.comThen click on change in the front of owner     8 Project by – Mohit Rawat
Contact: mohitreload@gmail.comThen click on advance tab   Then click in find now option. Click on administrators     9 Pro...
Contact: mohitreload@gmail.comClick on apply and then click on ok.Allow full control to this. Press ok .    10 Project by ...
Contact: mohitreload@gmail.com   Find cmd.exe in system32   copy it    11 Project by – Mohit Rawat
Contact: mohitreload@gmail.comPaste it into desktop. Rename it to sethcCopy it and paste it into system 32 folder    12 Pr...
Contact: mohitreload@gmail.comClick in replace the file in the destinition folder    13 Project by – Mohit Rawat
Contact: mohitreload@gmail.comRestart the computer and open login windowPress sift key five time And you will get command ...
Contact: mohitreload@gmail.com                     4. What can be done after getting cmd?4.1 We can write commands to see ...
Contact: mohitreload@gmail.comWe can reset password from here or we can add a new user from their byclicking addBy click o...
Contact: mohitreload@gmail.com   Press ok and we get a new user for windows 8             5. There are certain problem wit...
Contact: mohitreload@gmail.com                                                          Onpress right click on that tray w...
Contact: mohitreload@gmail.comOn clicking on destrop we get a path to other folder present on systemWe can visit anywhere ...
Contact: mohitreload@gmail.com                7. Dump Windows 8 Password in Plain TextThis technique can be used in Window...
Contact: mohitreload@gmail.com7.2 Then follow the commandsmimkatz#privilege::debug    21 Project by – Mohit Rawat
Contact: mohitreload@gmail.commimkatz#inject::process lsass.exe sekurlsa.dllmimkatz#@gel/tLogonPasswords    22 Project by ...
Contact: mohitreload@gmail.com                                  8.   Security MeasuresWindows 8 is vurnable to text passwo...
Contact: mohitreload@gmail.comClick on Users    24 Project by – Mohit Rawat
Contact: mohitreload@gmail.comClick on create on a picture password.It will ask for current text password . Enter the pass...
Contact: mohitreload@gmail.com    select picture to set picture passwordChose picture and click on open.Click on use this ...
Contact: mohitreload@gmail.comOn log window use picture password and press ok   And you see the welcome screen.    27 Proj...
Contact: mohitreload@gmail.comTips: As Picture password is a new concept. It is quite difficult to hack. So Useit and be s...
Contact: mohitreload@gmail.com                                 9. Conclusion      At the time of comparison between window...
Contact: mohitreload@gmail.com                                 10.   Referenceshttp://en.wikipedia.org/wiki/Windows_8http:...
Upcoming SlideShare
Loading in …5
×

Win 8 password cracking

2,331 views

Published on

Windows 8 just launched. Its best ever gift to all Security Aspirants to know about its back drops and advantages.
For any query contact: nutan.appin@gmail.com

3 Comments
1 Like
Statistics
Notes
No Downloads
Views
Total views
2,331
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
79
Comments
3
Likes
1
Embeds 0
No embeds

No notes for slide

Win 8 password cracking

  1. 1. White Paper On “Cracking Windows 8 Password & its Counter Measures” Presented By: Mohit Rawat Under Guidance of: Nutan Kumar Panda1|Page
  2. 2. Contact: mohitreload@gmail.com Table of ContentCHAPTER No. Title Page No1. Introduction of Windows 8 32. Backdoor creation in Windows 8 43. Step by step process 54. What can be done after getting cmd? 155. There is certain problem with above steps. 176. Alternate Way 177. Dump Windows 8 Password in Plain Text 198. Security Measures 239. Conclusion 2910. References 30 2 Project by – Mohit Rawat
  3. 3. Contact: mohitreload@gmail.com 1. Introduction toWindows 8 is an operating system produced by Microsoft for use on personal computers,including home and business desktops, laptops, tablets, and home theater PCs.Development of this operating system started before the release of its predecessor in 2009. Itsexistence was first announced in January 2011 at Consumer Electronics Show. During itsdevelopment and test phases, Microsoft released three pre-release versions: DeveloperPreview (September 13, 2011), Consumer Preview (February 29, 2012), and Release Preview(May 31, 2012). On August 1, 2012, Windows 8 graduated from the development stage andwas released to manufacturing. Windows 8 is slated for general availability on October 26,2012.Windows 8 introduces significant changes to the operating systems graphical user interfaceand platform, such as a new interface design incorporating a new design language used byother Microsoft products, a new Start screen to replace the Start menu used by previousversions of Windows, a new online store that can be used to obtain new applications, alongwith a new platform for apps that can provide what developers described as a "fast and fluid"experience with emphasis on touchscreen input. Additional security features were also addedto the operating system, such as a built-in antivirus program and a secure boot feature onsystems with UEFIfirmware. Secure boot requires the operating system to be digitally signedto protect malware from infecting the boot process. The implementation of this feature hassparked controversy among supporters of free software. Windows 8 also introduces anedition of the operating system designed to run on devices that utilize the ARM architecture,known as Windows RT.This project is tested on Windows 8 Consumer Preview and the best thing about this project is this isdone before official release of Windows 8. And the official stable version will release on 26th October2012. 3 Project by – Mohit Rawat
  4. 4. Contact: mohitreload@gmail.com 2. Backdoor creation in Windows 82.1 Define:BackdoorCreating a backdoor is a technique to maintain Un-authorized access to a system. This is an old andevergreen technique.2.2 From where backdoor will generate?As we know there are certain processes that start with windows startup and runs with the loginscreen. We will target one of such process and perform this attack.2.3 What is that process?That process is “sethc.exe”. It is the process associated with the service “Sticky key”.2.4 What to do with sethc.exe?When we press 5 time shift button this service runs on a windows system by the process sethc.exe.That means if we press 5 time shift button the sub routine calls the sethc.exe process and though itstarts Sticky Key. If we will change any other service which can provide us admin level privileges toread, write or edit then we can access the system quite easily.2.5 What are the services than can be used for backdoor?You can use anything you want that you think will be helpful to you.2.6 Any suggestions for the same?You can use cmd.exe, explorer.exe, etc…2.7 What you are going to use?I am going to use cmd.exe to create backdoor. As it will allow me to use windows in cli mode. 4 Project by – Mohit Rawat
  5. 5. Contact: mohitreload@gmail.com 3. Step by step processGo to my computers.open c drive.Goto windows. Then goto system32Find sethc in system32 5 Project by – Mohit Rawat
  6. 6. Contact: mohitreload@gmail.comRight click in sethc. Click in properties 6 Project by – Mohit Rawat
  7. 7. Contact: mohitreload@gmail.comPress security tab in it.Then click in advance tab. 7 Project by – Mohit Rawat
  8. 8. Contact: mohitreload@gmail.comThen click on change in the front of owner 8 Project by – Mohit Rawat
  9. 9. Contact: mohitreload@gmail.comThen click on advance tab Then click in find now option. Click on administrators 9 Project by – Mohit Rawat
  10. 10. Contact: mohitreload@gmail.comClick on apply and then click on ok.Allow full control to this. Press ok . 10 Project by – Mohit Rawat
  11. 11. Contact: mohitreload@gmail.com Find cmd.exe in system32 copy it 11 Project by – Mohit Rawat
  12. 12. Contact: mohitreload@gmail.comPaste it into desktop. Rename it to sethcCopy it and paste it into system 32 folder 12 Project by – Mohit Rawat
  13. 13. Contact: mohitreload@gmail.comClick in replace the file in the destinition folder 13 Project by – Mohit Rawat
  14. 14. Contact: mohitreload@gmail.comRestart the computer and open login windowPress sift key five time And you will get command prompt. 14 Project by – Mohit Rawat
  15. 15. Contact: mohitreload@gmail.com 4. What can be done after getting cmd?4.1 We can write commands to see the user name?>net userIt will show all the available user names4.2 Than we can change passwords of a user name.Let’s change the password of Administrator>net user administrator hackedHere hacked will be the new password for administrator4.3 To create a new username>net user devil hacker/addThis will create a new user name devil with password hacker but it will be a limited privilegedaccount4.4 To make the new user administrator>net localgroup administrators devil/addHere devil will get the administration privilege4.5 If you don’t want commands you can also do it in GUI>control userpasswords2 15 Project by – Mohit Rawat
  16. 16. Contact: mohitreload@gmail.comWe can reset password from here or we can add a new user from their byclicking addBy click on new user we can add a new user in windows 8 16 Project by – Mohit Rawat
  17. 17. Contact: mohitreload@gmail.com Press ok and we get a new user for windows 8 5. There are certain problem with above steps. 1. If we change the password of Administrator, user can guess that someonehacked his system. 2. If we create a new user than also user can suspect something fishy. 3. So is there a way without changing the passwords or creating a new account we can still able to enter into a system? 6. The Alternate WayBy press shift key five tymes we get a cmd and by enter explorer.exe we get a tray at the bottomof the window 17 Project by – Mohit Rawat
  18. 18. Contact: mohitreload@gmail.com Onpress right click on that tray we get properties option 18 Project by – Mohit Rawat
  19. 19. Contact: mohitreload@gmail.comOn clicking on destrop we get a path to other folder present on systemWe can visit anywhere from their.we can also open IE from here Yes This is the way hackers use to enter into someone’s system without his or her permission. You can be a victim also. Tips: Always check your sticky key whether it is opening something different or the normal screen. If some other thing opens than simply format your system. 19 Project by – Mohit Rawat
  20. 20. Contact: mohitreload@gmail.com 7. Dump Windows 8 Password in Plain TextThis technique can be used in Windows xp, vista, 7 and also in 8. We use a software called mimikatzfor this.7.1 Download mimkatzhttp://blog.gentilkiwi.com/downloads/mimikatz_trunk.zipopen up the mimikatz.exe in the mimikatz folder with your type of OS. As I am having windows 32bit I am opening mimikatz.exe from win32 folder.Run as administrator the mimikatz.exeThen you might get something like mimkatz# 20 Project by – Mohit Rawat
  21. 21. Contact: mohitreload@gmail.com7.2 Then follow the commandsmimkatz#privilege::debug 21 Project by – Mohit Rawat
  22. 22. Contact: mohitreload@gmail.commimkatz#inject::process lsass.exe sekurlsa.dllmimkatz#@gel/tLogonPasswords 22 Project by – Mohit Rawat
  23. 23. Contact: mohitreload@gmail.com 8. Security MeasuresWindows 8 is vurnable to text passwords by using backdoor and by using softwares like mimkatz soto overcome this we use picture passwords. Procedure to set picture password is given below.Go to Left bottom corner of the desktop and than settingsGoto settings, then goto more PC setting 23 Project by – Mohit Rawat
  24. 24. Contact: mohitreload@gmail.comClick on Users 24 Project by – Mohit Rawat
  25. 25. Contact: mohitreload@gmail.comClick on create on a picture password.It will ask for current text password . Enter the password and press ok 25 Project by – Mohit Rawat
  26. 26. Contact: mohitreload@gmail.com select picture to set picture passwordChose picture and click on open.Click on use this picture. After selecting picture set picture password 26 Project by – Mohit Rawat
  27. 27. Contact: mohitreload@gmail.comOn log window use picture password and press ok And you see the welcome screen. 27 Project by – Mohit Rawat
  28. 28. Contact: mohitreload@gmail.comTips: As Picture password is a new concept. It is quite difficult to hack. So Useit and be secured. ************* 28 Project by – Mohit Rawat
  29. 29. Contact: mohitreload@gmail.com 9. Conclusion At the time of comparison between windows & linux OS, we assume that windows is less secure than linux OS .Upcoming latest OS of Windows 8 is one of them it has several vulnerabilities such as we get password of windows 8 in plain text by using software’s like mimikatz. This project is dedicated to password associated vulnerabilities and how to fix them. 29 Project by – Mohit Rawat
  30. 30. Contact: mohitreload@gmail.com 10. Referenceshttp://en.wikipedia.org/wiki/Windows_8http://windows.microsoft.com/en-US/windows-8/release-previewhttp://blog.gentilkiwi.com/downloads/mimikatz_trunk.zip 30 Project by – Mohit Rawat

×