HackDig : Dig high-quality web security articles for hackers

Mysterious hack allows attackers stealing Windows login credentials without user interaction

2017-10-28 09:30

Microsoft fixed a vulnerability that could allow hackers to steal Windows login credentials without any user interaction.

Microsoft fixed a serious vulnerability that could allow attackers to steal Windows NTLM password hashes without any user interaction.

The tech giant patched the issues only for recent versions Windows (Windows 10 and Server 2016), to trigger the flaw the attacker just needs to do is to place a specially crafted Shell Command File (SCF file) inside publicly accessible Windows folders.

Once the attacker has placed the file in the folder, it executes due to the security issue, gathers the machine NTLM password hash, and sends it back to the attacker’s server.

Then the attacker can easily crack the NTLM password hash to access the victim’s computer. The hack was reported to Microsoft in May by the Columbian security researcher Juan Diego.

“It is a known issue that Microsoft NTLM architecture has some failures, hash stealing is not something new, it is one of the first things a pentester tries when attacking a Microsoft environment. But, most of these techniques require user intervention or traffic interception to fulfill the attack.” wrote Juan Diego.

“These new attacks require no user interaction, everything is done from the attacker’s side, but of course, there are some conditions that need to be met to be successful with this attack.”

Older Windows versions remain vulnerable because the registry modifications are not compatible with older versions of the Windows Firewall.

Accordingly to Microsoft, all Windows versions since 3.11 till Windows 10, Desktop and server are vulnerable to this kind of attack.” explained Diego.

“Honestly, I have only tested on Windows 7 and Windows 10, then I passed the ball to Microsoft <p><hr/></p>
     <p>Source: <a  href=lmth.kcah-slaitnederc-nigol-swodniw/gnikcah/17846/sserpdrow/oc.sriaffaytiruces

“Mysterious hack allows attackers stealing Windows login credentials without user interaction”0 Comments

Submit A Comment



Blog :

Verification Code: