Header Ads

Authentication Attacks on Windows OS

12:57 PM

Introduction

What is the Windows OS?

Every one is very well familiar with Windows Operating System. As it is widely used Operating System this time. This Operating system was developed by Microsoft Corporation for Personal Computers(PCs). This Operating system is very convenient for users and very user-friendly as it is a GUI(Graphical User Interface) based operating system.
As it has a greater audience as users and very large organizations are also using Windows as an Operating System. So, this grabs the attention of attackers towards this Operating system!!
I will discuss some authentication attacks on Windows that are used by hackers to hack you!! and later we will discuss some security measures you can take for securing yourself from these attacks. 

Authentication Attacks on windows:

1. Windows OS Login Bypass -


Image result for os login bypass


 Passwords can be reset or bypassed on any operating system very easily. If you've forgotten your password, there are many ways to reset and bypass passwords. This makes an evil-doors for attackers to hack you and get access to your system. And it's way easier you think !!
I will show you how you can do this!! (This is only for educational purpose, don't try on anyone's computer)
There are two methods for Windows(7,8,10):
  1. Online method
  2. Offline method
 1st method Online method:
   Online means you found someone's computer logged in and how you can change or reset the password. (This method works in Ultimate versions)
 step 1: Right Click on My computer and click on manage.
 step 2: In the left side pane expand "Local Users and Groups" and click on "Users"
 step 3: Choose the User and Right click on it and click on "Set Password"
 step 4: In the Dialog Box, Click On "Proceed"
 step 5: Enter New password and confirm it and click OK!!
 step 6: Volaaaaaaaaaaa!! Password has been set.
2nd method Offline method:
  Offline means you are not logged in the PC and you want to change or reset the password.
**Requirements: Two Softwares:
     1. Rufus.exe
            2.   Hiren's boot CD

step 1: Make bootable pen-drive through rufus for Hiren's Boot CD.
step 2: Power-off your PC and from Boot menu setup do boot from pen-drive
step 3: A live windows 10 will boot up (Hiren's boot CD)
step 4: After booting Up! Go to start menu and search for NTpassword and open it
step 5: In NTpassword, Click on the user you want to change the password
step 6: Type the new password and confirm it
step 7: click save changes and restart PC (remove the pen-drive)
step 8: Boot your existing window
step 9: This time the password will be changed

2. Privilege escalation in Windows 7,8,10

 Privilege escalation is an important process that allows an attacker to gain higher level permissions. 
Image result for privilege escalation
    
  You can visit this link for further investigation: 

3. Eternal Blue Vulnerability

Image result for eternalblue
    
You have listened about WannaCry attack? This was the vulnerability that attackers allow to hack the Windows Operating System. This exploit was first developed by NSA (National Security Agency). But it was leaked by The Shadow Brokers hacker group and was used as a part of WannaCry Ransomware Attack.
This Vulnerability was in the SMB(Server Message Block) protocol of Microsoft's Implementation in Windows. The vulnerability is denoted by CVE-2017-0144 in the Common Vulnerability and Exposures catalog. This vulnerability exists because the SMBv1 server in various versions of Windows allows the attacker to execute arbitrary code remotely on the target computer.
It was later patched by Microsoft but millions of computer system are still vulnerable from this vulnerability.

You can visit this link for further Investigation:

4. RAT(Remote Access Trojan) attack
Image result for remote access trojan
   
RAT is one of the most dangerous Trojan, as it comprises features of all Trojans in one. Trojan is a malware that tricks people through their true intent. RAT allows the attacker to gain almost unlimited access to the target computer. Access like ScreenCapture, shell access, File access, etc.
RAT uses the reverse connection to connect to the target computer allows it to be Undetectable. We can use DarkComet to make our own RAT. DarkComet is a RAT developed by Jean-Pierre Lesueur. DarkComet allows a user to control the system with a Graphical User Interface (GUI).
You can visit this link for further Investigation:


These are some common attacks on windows operating system that attackers use to gain access to a window machine.

Post a Comment

No comments

Subscribe to: Post Comments ( Atom )
Powered by Blogger.