1. Check details of lockout policy and password policy in windows 10

Access by command: secpol.msc

How to check details about lockout policy, password policy: 

+ Lockout policy:

Location: Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy.


 . Account lockout threshold: 0 => no limit on number of failed login (brute force ok)

+ Password policy:

Location: Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\PasswordPolicy

  . Minimum password length: 8 characters (tối thiểu 8 ký tự)

2. Hack admin password of Windows 10:

2.1 Cách 1 – Brute force attack locally:

+ View users of admin group: net localgroup “Administrators”  => list of users in admin group

+ tạo password list => brute force attack

2.2 Cách 2 – Enable built-in administrator account:

Enable built-in administrator account via Windows Recovery Environment (Windows RE) with following steps:

+ change administrator account by cmd command: net user username new-password  (chú ý: account từ 8 ký tự, bao gồm chữ, số , ký tự đặc biệt) => cần chạy cmd với quyền administrator.

+ Enable administrator account: net user administrator /active:yes

Note: Không login vào act thì windows sẽ không thực hiện setting up => không hiện trên list lựa chọn login ban đầu.

3. Windows credential managers: 

3.1 How to access:

+ Windows => run => Credential manager

+ By cmd: cmdkey /list

+ By following command: rundll32.exe keymgr.dll,KRShowKeyMgr

Note: password can be any length (not 8 characters as windows shows)

3.2 How to read: 

Read the crd file (backup file from credential manager) => using 3rd party tool: CredentialsFileView



Leave a Reply

Your email address will not be published. Required fields are marked *