1. Check details of lockout policy and password policy in windows 10
Access by command: secpol.msc
How to check details about lockout policy, password policy:
+ Lockout policy:
Location: Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy.
option:
. Account lockout threshold: 0 => no limit on number of failed login (brute force ok)
+ Password policy:
Location: Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\PasswordPolicy
. Minimum password length: 8 characters (tối thiểu 8 ký tự)
2. Hack admin password of Windows 10:
2.1 Cách 1 – Brute force attack locally:
+ View users of admin group: net localgroup “Administrators” => list of users in admin group
+ tạo password list => brute force attack
2.2 Cách 2 – Enable built-in administrator account:
Enable built-in administrator account via Windows Recovery Environment (Windows RE) with following steps:
+ change administrator account by cmd command: net user username new-password (chú ý: account từ 8 ký tự, bao gồm chữ, số , ký tự đặc biệt) => cần chạy cmd với quyền administrator.
+ Enable administrator account: net user administrator /active:yes
Note: Không login vào act thì windows sẽ không thực hiện setting up => không hiện trên list lựa chọn login ban đầu.
3. Windows credential managers:
3.1 How to access:
+ Windows => run => Credential manager
+ By cmd: cmdkey /list
+ By following command: rundll32.exe keymgr.dll,KRShowKeyMgr
Note: password can be any length (not 8 characters as windows shows)
3.2 How to read:
Read the crd file (backup file from credential manager) => using 3rd party tool: CredentialsFileView
3.3 Cách xuất password từ windows 10 pc cũ sang pc mới:
– Xuất password data: Settings => Credential manager => Windows credentials => chọn “Backup Credentials” => đặt tên & password rồi xuất file *.crd
– import password vào new pc: Settings => Credential manager => Windows credentials => chọn “Restore credentials”.