Skip to main content

Posts

Featured

Password hash leak via email attachment

Yesterday I saw a laptop running Windows 10. Nothing special but the user used his Microsoft account in Windows 10. I thought it would interesting to see how it works...Especially because Microsoft pushes users to use a Microsoft account instead of a local account  https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-to-do-away-with-windows-10-local-accounts/ Long story short: When a Microsoft account is used in Windows 10 it is possible to get the accounts password hash (and used email address) when a user clicks on a link inside an email or opens a html attachment. To get the users password hash I basically used the fact that Windows responds to SMB authentication requests using the user´s credentials. Doing it this way the user don´t has to provide credentials for each individual server. The downside is that any server can request authentication and Windows will respond. In enterprise environments mitigations like SMB signing or GPOs ( https://docs.microsoft.com/en-us/win

Latest Posts

UAC bypass via dll hijacking and mock directories

IOBit Malware Fighter - Arbitrary Code Execution as NT Authority\System

Arbitrary File Delete via wsreset.exe // Bypass Adaware Antivirus

Software in the middle - Abusing legitimate Software to run arbitrary code

GOG Galaxy - Escalation of Privileges incl. Code Execution