It’ll be in six pairs like- 01:43:65:87:98:cb. 3 And find the MAC address of that phone. 2 Obtain someone else’s phone which you want to access. 1 First of all, completely uninstalls WhatsApp from your phone. 2 By Using Target’s Phone.The point is that we have finally laid our hands on something that can help us break into a major online authentication service, the Microsoft Account.Social Media Hacking a reputable social media account is bound to get you some sort of respect online, although that wouldn’t fall into the ethical hacking category. While the tool can reset Microsoft Account passwords to allow instant logins to otherwise locked accounts, this is not the point. But in order to attempt to hack someones computer, you have to get there ip or mac address.The recent update to one of our oldest tools, Elcomsoft System Recovery, brought long-overdue compatibility with Windows systems that sign in with online authentication via Microsoft Account.This isn’t exactly new, since the same thing could be done to local Windows accounts a decade ago. Running a GPU-assisted attack on the password (using Elcomsoft Distributed Password Recovery or similar tool) allows quickly enumerating the passwords with a combination of dictionary and brute-force attacks, in many cases resulting in the recovery of the original plain-text password. For that to happen, Elcomsoft System Recovery can export the locally cached hash to the user’s Microsoft Account password for offline recovery.It will prompt you to enter the Microsoft Account Email, Phone Number or Skype login ID. On Microsoft Support Page, click on ‘Skype’ and click on ‘Reset Password’ from quick links. This is one of those cases where a seemingly small change brings a plethora of new possibilities to digital forensics.Go to Microsoft Website and click on the ‘Support’ menu on the top of the page.
Even running a cold-boot attack is not feasible as tablets have soldered memory chips that do not allow for this type of attacks.However, Windows automatically creates BitLocker escrow keys, and automatically deposits them into the user’s Microsoft Account. Breaking into a system like that would be extremely hard. Full-disk encryption is activated automatically on devices equipped with TPM once the administrative user logs in with their Microsoft Account (yes, logging in with a Microsoft Account is a required pre-requisite for triggering automatic full-disk encryption on many tablets and ultrabooks). Importantly, Microsoft Account is used as a single sign-on solution for a number of Microsoft services such as Hotmail, OneDrive, Skype, and employed by many third-party service providers authenticating via Microsoft Account.So let’s see what all this means in practice.BitLocker encryption is secure. And can be used as Microsoft Account logins. Once a Windows 8, 8.1 or Windows 10 user uses their Microsoft Account credentials to sign into Windows, they automatically gain access to a range of cloud backup and synchronization options via Microsoft OneDrive.Logging in with Microsoft Account requires using email and password (as opposed to username and password used for local Windows accounts). A good mac cleaner appFinally, it is possible to configure OneDrive to replace the default Documents location, in which case ANY file or document saved to that location will be automatically backed into the user’s OneDrive account.OneDrive is extremely convenient. Moreover, since Office 2013, users are encouraged to save their files to the cloud. Microsoft OneDrive is pre-installed with those versions of Windows, and is automatically authenticated with Microsoft Account credentials once the user signs in.OneDrive automatically backs up any files (such as Office documents, pictures etc.) that are saved into its folder. Accessing OneDrive also gives access to synced information from other devices.OneDrive is accessible at OneDrive BackupsWhat we can do, however, is using Elcomsoft Phone Breaker to download certain types of data such as the user’s Contacts, Messages (SMS/text messages) and Notes. Android and iOS users can install OneDrive to enable automatic photo backup, while Windows Phone and Windows 10 Mobile have OneDrive pre-installed and pre-configured. Windows will automatically configure the desktop and sync everything stored in the user’s OneDrive account, including documents, settings etc.OneDrive is not limited to just Windows computers. Hack Skype Account Verification Request OnOnce the request is approved with an app, the new device is added to the list of trusted devices.Other platforms (Windows Phone 8 and 8.1, Windows 10 Mobile, iOS) can use either Microsoft Authenticator or Google Authenticator app for generating time-sensitive single-use codes. The user can verify their identity by either approving the online verification request on a trusted device (this requires running the Microsoft Account app on an Android device), or by entering a code generated by the offline Authenticator app.The verification request can be pushed to an authorized Microsoft Account app running on a trusted PC or mobile device (again, the app is only available for Android devices). Two-factor authentication can be used to protect access to Microsoft’s online services when such access is requested from a new device.Microsoft uses a hybrid approach to two-factor authentication. As such, one will need to have access to the secondary authentication factor in order to be able to authorize with Microsoft services.So what is this “secondary authentication factor” we’ve been talking about? Let’s first see how two-factor authentication works in Microsoft Accounts.Microsoft Account logins can be protected with two-factor authentication. Since forensic acquisition is normally performed on what’s considered to be a “new device”, the authentication system (if activated) will require verifying user’s identity with the second authentication factor. These attacks are straightforward and very well optimized, allowing to enumerate password combinations extremely quickly.In order to extract the user’s Microsoft Account password, you would need two tools: Elcomsoft System Recovery and Elcomsoft Distributed Password Recovery. If the first step does not reveal the original password, you will need to attack the password offline using one or more computers equipped with GPU units. During the first step, you will be extracting the password hash (and attempting a range of quick attacks to try some of the most common passwords). On another hand, this also allows extracting the cached hash file and running an offline attack to recover the original password.As you can see, recovering Microsoft Account passwords is a two-step process. On the one hand, this allows users to log in to their computer while using it offline.
0 Comments
Leave a Reply. |
AuthorCheri ArchivesCategories |