Hacking a Locked Windows 10 Computer With Kali Linux - Pentestmag

Hacking a Locked Windows 10 Computer With Kali Linux

(17,846 views)
Hacking a Locked Windows 10 Computer With Kali Linux by Graham Zemel, blog.grahamzemel.com TL;DR- A neat trick I learned to hack locked Windows computers and access files. No, it’s not clickbait, but a bit of prior cli knowledge is recommended. For a while now, Windows has deferred and disappointed hackers....

November 14, 2022
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

10 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Vali
Vali
7 months ago

Useless!!!!

Cloud
Cloud
1 year ago

It’s a simple write up that I thought of earlier tonight, as an idea.

How secure is windows 10 vs a method like this? Would it bypass login security?

There’s a much easier and simpler way to do the same thing… Do a clean install of windows 10, from boot with a USB, without formatting the drive. Once it’s finished, you’ll see a windows.old folder… Do with it what you will.

After you’re finished, windows leaves you a handy little option to restore the windows.old backup, this makes it as if you never did any of the above.

Lynx
Lynx
1 year ago

At no point in this tutorial was a windows account or OS partition ever touched.

Lynx
Lynx
1 year ago
Reply to  Lynx

Phase 1, we made boot parameter changes to the Kali live installation on the USB stick. Phase 2, we booted into a root shell having gained admin access of Kali. Phase 3, we list the contents of /etc/passwd. A file containing users on the Kali live OS (not the windows machine) p.s. password credentials don’t live here. They are most likely in /etc/shadow. Phase 4, we changed the password for an account on the Kali live OS, on the usb drive. Phase 5, we logged into Kali Live with the new password we set. This has nothing to do with… Read more »

punshLineLama
punshLineLama
1 year ago

I don’t see how a locked Windows 10 PC gets hacked?
You can bypass a kali login screen, yes, but windows??
So it seems like click-bait after all.

Justin
Justin
1 year ago
Reply to  punshLineLama

He wants to access the filesystem of the Windows 10 user, if you read the article he does so using a modded boot loader

punshLineLama
punshLineLama
1 year ago
Reply to  Justin

Ok, help me understand this pls. From what I understand: We have a kali live USB? What for? Do we boot into it? Anyhow, we somehow end up in the bootloader. The boot options for kali (which is already installed?) are modified correct? Then we get a root shell on kali? Then, we change the password of the user graham1234 of kali? (Afaik, /etc/passwd does not exit on windows, maybe wsl? And the home partition of this user is /home/graham, which is clearly on the kali machine. ) Then, reboot and log into kali with the modified creds? We never… Read more »

Last edited 1 year ago by punshLineLama
1 year ago
Reply to  punshLineLama

Hey there! Just to answer a few questions –
Yes, we have a Kali Linux USB, and we are booting into it but not all the way. We stop the boot to modify our bootloader, and we use the modded Kali distro to access the actual machine itself.

After, we can access credentials stored on the hard drive (through our root permissions), and then if we reboot we can get a GUI with an unprotected filesystem.

The Windows 10 machine is the machine we’re working on, and we don’t need to mount it as we’re just retrieving files and/or credentials.

punshLineLama
punshLineLama
1 year ago
Reply to  Graham

Hi Graham, Thanks for the clarification. But there are a few things that are still not clear to me. You boot into the the liveUSB, but then, then kali is on a different partition than the Windows OS? Maybe I need to try it myself to see how it works exactly. I know the infamous sticky keys method to bypass the windows login screen, but afaik it does not work on modern windows work-stations anymore. This method seems to be similar but different. Anyhow its an interesting method to bypass the kali login screen. Maybe you could add some more… Read more »

Lynx
Lynx
1 year ago
Reply to  Graham

In the tutorial, though, you never accessed files or credentials stored on the windows machine hard disk. To access them, you 100% would have had to mount the drive. Even then, if bitlocker is on, you couldn’t read them.

The only things touched were /etc/passwd (located on the thumb drive) and the boot parameters of kali linux (bootloader on usb drive. The gui you booted was Kali live, not windows.

The password you changed was for a user account on Kali, not windows.

You can do similar account bypasses for windows, but this isn’t it.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023