No products in the cart.
Hacking a Locked Windows 10 Computer With Kali Linux by Graham Zemel, blog.grahamzemel.com TL;DR- A neat trick I learned to hack locked Windows computers and access files. No, it’s not clickbait, but a bit of prior cli knowledge is recommended. For a while now, Windows has deferred and disappointed hackers....
Author
Latest Articles
OfficialFebruary 22, 2023Windows Privilege Escalation: The Concepts of Hijacking Execution Flow
OfficialFebruary 22, 2023Building Intuition into Monitoring for OT/ICS Security
OfficialFebruary 22, 2023WiFi Pentesting with Airodump-ng
OfficialFebruary 21, 2023ETW vs Sysmon Against C2 Servers
Useless!!!!
It’s a simple write up that I thought of earlier tonight, as an idea.
How secure is windows 10 vs a method like this? Would it bypass login security?
There’s a much easier and simpler way to do the same thing… Do a clean install of windows 10, from boot with a USB, without formatting the drive. Once it’s finished, you’ll see a windows.old folder… Do with it what you will.
After you’re finished, windows leaves you a handy little option to restore the windows.old backup, this makes it as if you never did any of the above.
At no point in this tutorial was a windows account or OS partition ever touched.
Phase 1, we made boot parameter changes to the Kali live installation on the USB stick. Phase 2, we booted into a root shell having gained admin access of Kali. Phase 3, we list the contents of /etc/passwd. A file containing users on the Kali live OS (not the windows machine) p.s. password credentials don’t live here. They are most likely in /etc/shadow. Phase 4, we changed the password for an account on the Kali live OS, on the usb drive. Phase 5, we logged into Kali Live with the new password we set. This has nothing to do with… Read more »
I don’t see how a locked Windows 10 PC gets hacked?
You can bypass a kali login screen, yes, but windows??
So it seems like click-bait after all.
He wants to access the filesystem of the Windows 10 user, if you read the article he does so using a modded boot loader
Ok, help me understand this pls. From what I understand: We have a kali live USB? What for? Do we boot into it? Anyhow, we somehow end up in the bootloader. The boot options for kali (which is already installed?) are modified correct? Then we get a root shell on kali? Then, we change the password of the user graham1234 of kali? (Afaik, /etc/passwd does not exit on windows, maybe wsl? And the home partition of this user is /home/graham, which is clearly on the kali machine. ) Then, reboot and log into kali with the modified creds? We never… Read more »
Hey there! Just to answer a few questions –
Yes, we have a Kali Linux USB, and we are booting into it but not all the way. We stop the boot to modify our bootloader, and we use the modded Kali distro to access the actual machine itself.
After, we can access credentials stored on the hard drive (through our root permissions), and then if we reboot we can get a GUI with an unprotected filesystem.
The Windows 10 machine is the machine we’re working on, and we don’t need to mount it as we’re just retrieving files and/or credentials.
Hi Graham, Thanks for the clarification. But there are a few things that are still not clear to me. You boot into the the liveUSB, but then, then kali is on a different partition than the Windows OS? Maybe I need to try it myself to see how it works exactly. I know the infamous sticky keys method to bypass the windows login screen, but afaik it does not work on modern windows work-stations anymore. This method seems to be similar but different. Anyhow its an interesting method to bypass the kali login screen. Maybe you could add some more… Read more »
In the tutorial, though, you never accessed files or credentials stored on the windows machine hard disk. To access them, you 100% would have had to mount the drive. Even then, if bitlocker is on, you couldn’t read them.
The only things touched were /etc/passwd (located on the thumb drive) and the boot parameters of kali linux (bootloader on usb drive. The gui you booted was Kali live, not windows.
The password you changed was for a user account on Kali, not windows.
You can do similar account bypasses for windows, but this isn’t it.