Shulou(Shulou.com)06/02 Report--

This article introduces how to break into other people's WINDOWS 10 without using a password. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

After a hacker has configured Metasploit on a remote dedicated server, created a resource script for automation, and created a simple payload, he or she can begin the process of remotely controlling someone's Windows 10 computer with a short physical access-even if the computer is turned off.

You can proceed with the rest of the attack by inserting two USB flash drives into the target computer that has been powered off, Windows Defender and other security software will be actively removed, and the payload will be saved in the correct location.

Step 1: start kali

Kali installs the usb and plugs it into the computer to start, and moments later, Kali (or any version of Linux you create) will prompt you for a user name and password. The default user name is "root" and the password is "toor" (backward "root").

Step 2: Mount the Windows volume

Mount the Windows volume by double-clicking the drive on the Kali desktop. This will make files and folders on the hard drive navigable. The Kali File Manager automatically pops up and displays the contents of the hard drive. In the following example, you can see that both the user and Program Files directories are fully accessible.

Step 3: insert the payload USB

Next, insert the payload USB into the target computer. The new device will appear on the desktop. Double-click the device you want to install and write down the volume name in the address bar of the File Manager. The volume name will be required in later steps.

Step 4: disable computer defenses

Disable Windows Defender

Windows Defender is an antivirus and malware removal component of the Windows operating system. It has many security features, including many real-time security agents that monitor multiple public areas of the operating system for changes that may be modified by an attacker.

USB and hard drives are automatically installed to the / media / username / directory. You can use the find command to find the directory that contains the Windows Defender file. Open a terminal and type the following command.

The report has six directories with "Windows Defender" in its name. You can delete all directories using the following command.

Disable Windows SmartScreen

SmartScreen is another layer of security for Microsoft development. It runs in the background as an Anti-malware Service executable process and scans applications and files against Microsoft malware databases. Even if the Windows Defender,SmartScreen is removed, it is possible to mark the payload as malicious and quarantine it.

To delete the SmartScreen, use the following command.

Disable third-party security software (antivirus)

Avast is generally considered one of the five best free antivirus software solutions available for various platforms, so for demonstration purposes, I installed their free antivirus software on the target computer.

Step 5: save the payload to the startup folder

Windows maintains the Startup folder, which is used to automatically start all programs contained in it when the user logs in to an account on the computer. This is designed for convenience and allows users to put legitimate application shortcuts (such as Web browsers, word processors, media players, etc.) and scripts in folders at any time.

The following cp command can be used to copy the Msfvenom payload saved on the payload USB to the all users startup folder.

Step 6: unmount the Windows volume

Information about removing antivirus software and inserting Msfvenom payloads. Before shutting down Kali, it is important to manually unmount the Windows volume. While testing this attack, I found that forcing the shutdown of Kali before unmounting a Windows volume sometimes prevents the volume from saving changes to the drive (that is, the Msfvenom payload was not properly saved to the volume after shutdown).

With the Windows volume properly unmounted, close the active USB, remove the USB flash drive, and remove it from the computer as if nothing had happened-the attack is complete.

Step 7: perform post-development exercises

When the target user powers on the target computer, the Msfvenom payload in the Startup folder automatically runs and establishes a connection to the attacker's server running Metasploit (as long as the computer is connected to the Internet, of course). The following figure is an example of establishing a new connection.

The infected computer attempts to connect to the Metasploit VPS every time it boots up. To see the available sessions, simply type the session in the msf terminal.

How to protect yourself from hard disk attacks

Enable BitLocker. The hard drive encryption provided by Microsoft will make the attacks demonstrated in this article difficult to perform. However, BitLocker encryption has been circumvented before, so it is not foolproof.

Use Veracrypt. Veracrypt is a cross-platform encryption software that supports full disk encryption. To learn more about Veracrypt, visit Lifehacker.

Do not use the Windows operating system. Windows OS is not designed as a secure operating system. By default, MacOS and Debian-based operating systems provide advanced hard disk encryption solutions. If you need to consider physical security, consider using another operating system.

On how to break into other people's WINDOWS 10 without using a password to share here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.