First of all, we are going to show you a system that will allow you to carry out all this, but with the help of an external open source tool. In order to carry out this attack we will need to download , a PoC designed to exploit these weaknesses that we can download for free from GitHub. The script is open, so we can analyze it, if we want, to check that it is indeed a reliable file.
Being a brute force attack, it is necessary to pass a password list. We can go down from a list with the 10,000 most used keys to increase the probability of success. If the computer administrator has set a strong password, then things get a little more complicated, having to resort to brute force password generator tools.
We have to unzip both Win Brute Logon and the list of keys and save them in the same directory, which we must be able to access through CMD. For example, a simple one could be “pass” inside the C: root.
The first thing we must do is have access to the system. It does not matter what type of user we get, even if it is “guest” (the most restrictive). The process will always be the same from any of them. In order to open the command line window, we just have to type CMD in the Windows search box to start the process that we describe below.
Once we have access to that PC window, we will then execute the following command to see which users are created on the PC:
net user
We will choose the user for which we want to obtain the password, and we will execute the following command (changing
WinBruteLogon.exe -v -u
Now we only have to wait for the program to complete its tasks. At the end we will be able to see in the console a line like the following in which the password will be indicated:
Password for username= and domain= found =
Now we can log in with this password in the administrator account to have full control over the PC.
We remind you that, in Windows 10 and Windows 11, the user’s password is the same as the Microsoft account. Therefore, if someone gets hold of it, they could have access to our mail, OneDrive and all the information linked to our account. Therefore, it is very important to protect our Microsoft Account with additional functions such as double authentication.
With the Cain & Abel program
For these tasks that we are talking about related to the Windows password, we can also use a third-party software solution. This is a free application specially designed to crack the password of Windows-based computers, among other things. All we need in this case is to download the free application called l that has been designed for these specific tasks.
It must be taken into account that we are dealing with a program that takes advantage of the vulnerabilities of applications and systems such as Windows. All this in order to reveal the password boxes and analyze all kinds of protocols for the recovery of the keys.
Create a test user to crack
Before carrying out this attack on a conventional computer, it is advisable to learn to master the tool. To do this, what we can do is create a new user on our PC, with the level of privileges we want, using the net user tool as follows. To say that as in the previous case, here we will also have the possibility of executing all these commands by opening a CMD window.
Create administrator user:
- net user adminname /add
- net user admin name password
- net localgroup administrators darkcodersc /add
Create regular user:
- net user username /add
- net user username password
and we can also enable guest account on our PC:
- net user GuestUser /add
- net localgroup users GuestUser /delete
- net localgroup guests GuestUser /add
Now, we will log in at least once in the account that we want to crack (to complete its initial configuration) and that’s it. We close the session, enter with the user we want (even the one with the least permissions) and carry out the steps explained in the previous point to find out if the password is broken.
through safe mode
Windows safe mode is Microsoft’s solution to be able to fix any problem that the computer is presenting and that does not allow it to start correctly or any of the hardware components are interfering with the proper functioning of the computer. But, in addition, it is also an excellent method for sign in to a Windows account without the need to know the password and without leaving any traces. The only thing we have to do is, once we have started the computer in safe mode, access the command line and, then, enter the Users or User folder. Inside this folder are all the user accounts stored on the computer. To access directories from the command line, we use the “cd” command without the quotes, followed by the name of the directory.
And if we do not have access to the PC?
The previous method allows us to crack the password of any PC user, as long as we have a PC user account (even if it is the guest account). However, what if we don’t have access to any account? In that case, things get a little more complicated. If we cannot log in to the computer, then we will not be able to download or run any program on that instance of the operating system. And that leads us to resort to other somewhat more complex systems for this purpose. For example, .
This tool provides us with a Live system that we can load into RAM memory before Windows itself boots and, with it, we will be able to break the security of any Windows that has been installed on the computer. This program, for example, allows us from trying to find out the password of any PC user to forcibly deleting it in order to log in without having to enter the password. It even allows us to create an administrator account by hand to be able to enter the PC and be able to resort to other tools, such as Win Brute LogonWin Brute Logon, to find out the password of any user.
How to protect ourselves from these attacks
As we see, it is very easy to find out and break the security of any Windows user. Microsoft does not apply a series of extra security measures to its operating system to protect us from this. There are only two ways to prevent them from breaking your password and accessing your data: the first is by turning on BitLocker encryption, and the second is to set Windows to lock after a number of failed attempts.
Activate BitLocker
The “Pro” versions of Windows 10 and Windows 11 include a tool called BitLocker. The objective of this tool is to allow users to encrypt hard drives so that no one can access them, even from other computers or Live systems, without the corresponding access password.
We can encrypt any drive with this tool. For example, we can use it to protect any external flash drive where we carry important information, or the main hard drive of our operating system. If we choose this second option, when we turn off the computer, the system will ask us to enter a password to be able to re-enter the PC. And, without it, the hard drive will be locked. This way, tools that were running in Live mode from RAM will not be able to access the Windows disk and modify the data.
If the computer is on, and we have already unlocked the drive, then the data will be accessible. But by blocking the session with the shortcut Windows + L we will be safe. If we have the Home version of Windows 10 and Windows 11, we will not be able to activate this function.
Using third-party programs to encrypt drives
We have already told you before that the Pro editions of the most recent versions of Microsoft’s operating system have their own data encryption function. This allows us to add a secure layer to the contents of our drive quickly and easily. However, it is very possible that most of you have the Home edition of Windows, so by default you will not have this security functionality.
But with everything and with this, we will always have the possibility of using third-party external software solutions to achieve a similar objective to the one we achieved with BitLocker. And it is that there are developers who propose their own solutions of this type to be able to encrypt certain files, complete folders and even a disk drive in its entirety. There is a good amount of software with these characteristics, both commercial and free, that we can use today.
This will serve as a security and privacy method to protect content that we have stored on the computer in the event that someone hacks our Windows access password. If we do not want to carry out this encryption process for the entire disk drive in its entirety, we can always criticize those folders or independent files that we consider extremely private or sensitive, for whatever reason.
Among the most representative examples of the sector we find or with .
Set attempt limit
We can activate this manually through group policies, as long as we have Windows 10/11 Pro (group policies are not available in the Home version of Windows 10 and Windows 11). To do this, we will write in the search bar «gpedit.msc«, and we will move to the section «Computer Configuration> Windows Settings> Security Settings> Account Policies> Account lockout policy«.
Here we must look for the directive «Account lockout threshold«. In it we will have to change its value “0”, by default, to the maximum number of attempts before blocking it.
And we also need to configure the directive “Account lockout duration“, which will specify how long the account will be locked when it crashes.
Also, as we have seen, for this brute force attack to be successful, the password needs to be weak. Therefore, if our PC use a strong, robust and unique password, the chances of these types of attacks being successful are very low. Thus, if we create a password that mixes characters, numbers, and symbols, and also that is relatively long and generated by pseudo-random algorithms, no one will be able to get into our Windows account, at least using this technique.
There is no single method that allows us to find out what the password of a Windows user is, so all the applications that can help us to get it make use of dictionaries with the most used passwords, passwords that the application is responsible for testing. , one by one, hence…
Facebook Comments
Disqus