
Connecté avec un adaptateur Ethernet via USB sur un PC portable verrouillé, l’expert en sécurité Rob Fuller vous raconte comment récupérer les identifiants de la machine avec un tout petit équipement en vente libre et beaucoup de savoir-faire.
Snagging creds from locked machines | par Rob ‘mubix’ Fuller
First off, this is dead simple and shouldn’t work, but it does. Also, there is no possible way that I’m the first one that has identified this, but here it is (trust me, I tested it so many ways to confirm it because I couldn’t believe it was true)TL;DR USB Ethernet + DHCP + Responder == CredsThesis: If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out (yes, logged in, just locked)…
Source : Snagging creds from locked machines · Rob ‘mubix’ Fuller