www.guidingtech.com
Open in
urlscan Pro
2606:4700:20::ac43:44d4
Public Scan
URL:
https://www.guidingtech.com/61991/cracking-windows-10-password-prevent/
Submission: On June 17 via manual from CZ — Scanned from DE
Submission: On June 17 via manual from CZ — Scanned from DE
Form analysis
4 forms found in the DOMGET https://www.guidingtech.com/
<form class="search-form" method="get" action="https://www.guidingtech.com/" role="search"><input class="search-form-input" type="search" name="s" id="searchform-1" placeholder="Search this website"><input class="search-form-submit" type="submit"
value="Search">
<meta content="https://www.guidingtech.com/?s={s}">
</form>
GET https://www.guidingtech.com/
<form class="search-form" method="get" action="https://www.guidingtech.com/" role="search"><input class="search-form-input" type="search" name="s" id="searchform-2" placeholder="Search this website"><input class="search-form-submit" type="submit"
value="Search">
<meta content="https://www.guidingtech.com/?s={s}">
</form>
POST https://guidingtech.us3.list-manage.com/subscribe/post?u=65645df0524c8dcf7f3141240&id=59670a6314
<form accept-charset="utf-8" action="https://guidingtech.us3.list-manage.com/subscribe/post?u=65645df0524c8dcf7f3141240&id=59670a6314" method="post">
<div class="col-grid nogap">
<input class="col-half col-2third-sm size-small pad-half push-1q bt-black" id="newsletter-email" name="EMAIL" type="email" placeholder="Your email address">
<button class="col-third gap-half-left nospace pad-1q button push-1q size-small title-four" type="submit">Subscribe</button>
</div>
<input style="position: absolute; left: -5000px;" tabindex="-1" name="b_65645df0524c8dcf7f3141240_59670a6314" type="text" value="">
</form>
POST https://guidingtech.us3.list-manage.com/subscribe/post?u=65645df0524c8dcf7f3141240&id=59670a6314
<form accept-charset="utf-8" action="https://guidingtech.us3.list-manage.com/subscribe/post?u=65645df0524c8dcf7f3141240&id=59670a6314" method="post">
<div class="col-grid nogap">
<input class="col-half col-2third-sm size-small pad-half push-1q bt-black" id="newsletter-email" name="EMAIL" type="email" placeholder="Your email address">
<button class="col-third gap-half-left nospace pad-1q button push-1q size-small title-four" type="submit">Subscribe</button>
</div>
<input style="position: absolute; left: -5000px;" tabindex="-1" name="b_65645df0524c8dcf7f3141240_59670a6314" type="text" value="">
</form>
Text Content
Guiding Tech -------------------------------------------------------------------------------- * Android * Windows * Internet and Social * iOS * Gadgets * Mac * Buying Guides -------------------------------------------------------------------------------- We explain and teach technology, solve tech problems and help you make gadget buying decisions. CRACKING WINDOWS 10 PASSWORD: METHODS AND PREVENTION Ajinkya Bhamburkar 31 December 2016 Digital Security is paramount today. Anything with an internet connection is vulnerable and can be compromised by someone sitting on a different continent. The latest DDOS attack on DNS servers is one example of many such wide scale attacks which are on increasing trend since last few years. Windows Account are secure is a myth my friend | shutterstock Your PC or Laptop is also not secure from such attacks. While you may reiterate that I have password protected it, but that’s not enough today, as we will see. THE HACKERS USB DRIVE In a recent video, Linus of LinusTechTips, famous among the tech & geek circles, demoed how this plain looking USB drive can unlock your Windows account easily within minutes. Available for $20 on Amazon, this drive, known as Password Reset Key(PRK), aimed for resetting your password in case you forget it, is just waiting to be misused. To the layman, it might seem that some revolutionary new technology is at work, but in reality it’s nothing more than some software trickery. But in this day & age, with Windows advanced so much with 10, how is this even be possible? To understand that we need to learn how Windows account security works. THE WEAK PART: WINDOWS ACCOUNT SECURITY From a very long time, Window’s way of storing user account password has been criticized. Windows stores all the user account passwords in a SAM(Security Account Manager) database file. For obvious reasons the passwords are not stored as plain text and the file is inaccessible when the OS running. Hashing, a one way function, is used to convert your password into a string of characters of fixed length so that in case someone grabs the SAM file(which is easier than you think), the passwords cannot be known. The hashing methods used by Windows are the reason of criticism. These methods are explained below. LM HASHING & NTLM HASHING LM hashing is a very old method of Windows 95-era and is not used today. In this method the password is converted into hash using the step-by-step method shown below. The (outdated) process The inherent process of breaking down your password in two 7-character strings, made LM hashing vulnerable to brute force attacks. This was improved by the NTLM method which used the more complex MD4 hashing technique. While this solved the earlier problem it was still not secure enough because of Rainbow Tables. RAINBOW TABLES Till now we learnt what hashing is and it’s one important property is that it’s one-way. Which means brute forcing a hash will not yield the original password back. So this is where rainbow tables come into picture. A Rainbow Table is a literal table which contains pre-generated hashes for all possible password combinations for a given hash function. This table from Nick Brown’s site shows how much Rainbow Tables have progressed. For example if a password has a rule that it can consist of 7 characters from 26 alphabets & 10 numbers 0-9 only, then through permutations we have 42072307200!! possible combinations for it. A rainbow table for this function will contain hashes & the corresponding password for every possible combination. But the downside of rainbow tables is that they get very big when the input size & password length increases. As shown above, a simple rainbow table for LM hashing function of Windows XP is 7.5 GB in size. Tables of modern hash functions which use alphabets, numbers & symbols can be of multi hundred gigabytes. So these are not easy to process and use for a normal user with a desktop PC. > There are online websites which offer pre-complied rainbow tables for the > Windows Hash function for a price as well as provide lookup tables to check a > hash. So someone who has a Windows SAM file can run a lookup for the hash in a pre-computed table and find the password(if it’s relatively simple). And this is possible because of one drawback of NTLM hashing method of not using salting. Sadly Windows doesn’t use Salting Salting is a technique of adding random string of characters to the password before hashing, so that each hash becomes unique, as shown above, defeating the purpose of Rainbow Tables. THE ATTACK: HOW IT IS EXECUTED In Windows 10, Microsoft is using NTLMv2 hashing technique, which while doesn’t use salting but fixes some other critical flaws and overall offers more security. But then also you are not cent percent protected, as I will show now how can you perform a similar attack on your own PC. RECOVERING YOUR HASHES First step is to get hashes of your password using any one of the several methods available. I am going to use the freely available Hash Suite 3.4 (formerly known as pwdump). The beauty of this program is that it can grab the hashes even when Windows is running, so you don’t have to mess around with bootable USB drives. Windows Defender may get nauseous while this is running, so turn it off momentarily. Step 1: Download the free version of Hash Suite from here and extract all the contents of the zip file to a folder. Step 2: Open the folder and launch the program by selecting Hash_Suite_64 for 64-bit OS or Hash_Suite_32 for 32-bit one. Step 3: To import hashes click on Import > Local Accounts as shown below. This will load the hashes of all the accounts present on the PC. CRACKING THE HASHES From here on, Hash Suite also provides option for cracking the hashes using dictionary & brute force attacks but those are available only in paid version. So instead we use one of the online services to crack our hashes. Crackstation & OnlineHashCrack are the two sites which I used for the purpose. These sites use combination of pre-calculated tables, dictionary attacks and brute force to crack your hashes. In my case Crackstation immediately conveyed that it can’t match the hash & OnlineHashCrack took five days time but still couldn’t crack it. Apart from them, there other offline programs such Cain & Abel, JohnTheRipper, OphCrack and more which grab the hashes even over network. But explaining how to use them will turn this article into a BlackHat conference piece. Note: You can verify whether the hashes extracted by HashSuite are of your account’s password by matching it with the hash generated for your password using any online hash generators. YOUR DEFENSE As we saw grabbing the hashes is so much simple that you don’t have to mess around with bootable drives or complex commands. And there are many other programs which are much more advanced in this regard. So in such case your best defense is password & encryption, which I have expanded in detail below. LONG PASSWORD Starting with the length, a long password is generally considered more secure. But how long is long enough? Researchers say that your password should be at least 12 characters long. But to be on the safer side, a 16+ character password is recommended. And please don’t set it as password12345678. It should be mix of lowercase, uppercase alphabets, numbers & symbols. USING ENCRYPTION Second line of defense is using encryption. In Windows the encryption key is associated with your Windows Account Password, so even if someone resets the password like in Linus’s video, your stuff will not be accessible. You can use either the inbuilt encryption if you have Pro version of Windows or use any of the third party programs. USING SYSKEY & MICROSOFT ACCOUNT To prevent unauthorized access, the Windows SAM is stored in an encrypted format. And the encryption key is stored locally on the PC. SYSKEY is an in built Windows utility which allows you move that key to an external media(USB drive) or add one more layer of password before the login. You can learn more about how to set it up here. Additionally you can also switch to Microsoft account, as the PRK does not work on Microsoft account, as stated by Linus in the video . But I could not verify that as I did not have a PRK to test. But HashSuite was able to extract the Hashes of my Microsoft account’s password, so it is not that effective. OTHER MISCELLANEOUS MEASURES Apart from the above, you can also set a BIOS password which will add another layer of protection. Also if you don’t like encrypting your whole Windows drive you can set a separate partition which holds all your important stuff, so even if a hacker resets the password, you do not completely lose access to your files. Using any biometric method of login is one more way to thwart such attacks. Last but not the least, upgrading to Windows 10 is also one way even if it seems little bizarre. Even though it’s vulnerable, it has other security improvements like Windows Hello & Credential Guard. IN PANIC MODE? DON’T BE If you have read the whole post(brave you!) you might be panicky. But there’s one important thing we are over looking here, all this attacks require physical access to your PC. While these attacks are still possible over network, but executing them is not a cup of tea of someone who has learnt hacking from Hacker in a Week type videos. But one should be careful as we always have around some pissed off people (or colleagues) looking to do harm. And I again reiterate, the method shown here is only for informational purposes. Don’t go trying it on someone else’s PC or try sniffing a public network for hashes. Both the things can land you in trouble. So stay safe & do share your thoughts & doubts through comments. Last updated on 02 February, 2022 The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic. READ NEXT * How to Convert HEIC to JPG on Windows 10: The Best 7 Methods Image quality similar to a JPEG but at half the file size? Sounds too good to be true, right? Thanks to iOS 11’s adoption of… * How to Fix Firefox's Proxy Server Is Refusing Connections… Have you been hit with the dreadful 'The proxy server is refusing connections' error on your Firefox browser lately? This error is mostly seen on… * Should You Use Tracking Prevention in Microsoft Edge Several trackers follow your activities whenever you browse online. Lots of scripts load alongside websites that love nothing more than to follow you around and… * Firefox Lockbox vs Chrome Password Manager: Which Native… Firefox, a free and open-source browser by the Mozilla Foundation, recently released Lockbox, a password manager that will now save all your passwords safely in… * Top 7 Ways to Fix Outlook Keeps Asking For Password on… Microsoft Outlook app is one of the popular email clients available. Occasionally, the search function problems might crop up or the problem with the app… * How to Password Protect PDF File on Windows and Mac Work from home has enabled a new workflow for the majority of folks. No working directly with co-workers and take coffee breaks in the office.… * How to Set Minimum Password Length in Windows 10 and Why… Microsoft's bouquet of software and online services come with a minimum password length requirement. Some of them even require the inclusion of special characters. Windows… * What’s the Difference Between PIN and Password for Login in… We carry almost our entire digital life in laptops, and if security is compromised, anyone can access our both professional and personal life. While passwords… DID YOU KNOW Windows 10 is the last Windows since Microsoft is changing the approach of building and delivering OS. MORE IN WINDOWS * 6 BEST FREE DIGITAL PAINTING APPS FOR WINDOWS 10 * HOW TO ADD ADDITIONAL CLOCKS IN VISTA AND WINDOWS 7 JOIN THE NEWSLETTER Get Guiding Tech articles delivered to your inbox. Subscribe SHARE ON JOIN THE NEWSLETTER Subscribe WRITTEN BY AJINKYA BHAMBURKAR A geek, gamer, DIY enthusiast who loves to read about technology, computers and especially How-Things-Work!! * Android * Windows * Internet and Social * iOS * Gadgets * Mac * Buying Guides * #How-tos * #Comparisons * #Tips & Tricks * Facebook * Facebook (Hindi) * Instagram * Instagram (Hindi) * YouTube * YouTube (Hindi) * Twitter * Twitter (Hindi) Guiding Tech * About * Contact * Terms of Use * Privacy Policy Advertise © 2022 Guiding Tech. All Rights Reserved. Update Privacy Preferences