A new vulnerability discovered by Rob Fuller, a security engineer at R5 Industries, which make it easy to hack PC and Mac locked computers. You need only a USB-mounted computer and it will take only 30 seconds. Both PC and Mac computer affected by this new vulnerability.
With the help of flash-sized minicomputer into locked PC, you can get the username and password hash. Computer security protocols called NT LAN Manager (NTLM) are responsible these hashes leak. Rob Fuller created a script to the attack minicomputers, which disguising them as USB Ethernet devices.
Rob Fuller explains,
What is happening in the video, is the USB Armory is being plugged into a locked (but logged in) system. It boots up via the USB power, and starts up a DHCP server, and Responder. While it’s doing this, the victim is recognizing it as a Ethernet adapter. The victim then makes route decisions and starts sending the traffic it was already creating to the Armory instead of the “real” network connection. Responder does its job and responds to all kinds of services asking for authentication, and since most OSs treat their local network as “trusted” it sees the authentication request and automatically authenticates. Seeing that the database of Responder has been modified the Armory shuts down (LED goes solid).
For more details check out here.
