The first "hack" I've ever did was in my middle school, one of my friend forgot to erase his password from facebook log in, and I literally just swap the password into text using inspect element and got his full password 😆
I started with Social Engineering in grade 8 back in the early 2000s when MSN was popular. Slowly get the answers to peoples secret questions to reset their passwords. The last day of school I had access to my entire classes MSN accounts. Good times.
lol in Highschool I installed a keylogger on my own phone and convinced shitload of students to login into their fb accounts to show them some bs cool feature fb have on my phone which I completely made up
@@scorit-zq4yx i beat you both. try ICQ on dial up built in search in ICQ and targetted gay predators, and also stole ISP dial info so tracing me would bounce all over pwn you both
I am more curious about how you would interact with this and an account that uses Windows Hello sign-in, or Pin Sign in. I must say it is interesting to see the password logins be ... taken apart, but I am almost more upset that there is some pathological avoidance of pushing against MS Logins with pins/Windows Hello auth.
...John, you provide so many links to really useful resources. I have built out most of the projects from videos you have created...and started running out of space, my 42u rack server is busting, I just keep on adding to it... 😂😂
Microsoft does seem to not care about this sort of thing very much - they consider local administrator to be sufficiently powerful that abuse of other users or of SYSTEM to be always possible. (This was generally Raymond Chen's attitude for a while.)
@@davidyoder5890 In most desktop linux configurations the root account is locked by default and you have to use a live usb/dvd/cd environment to chroot and unlock the root account or edit your boot entry on startup in grub to use /usr/bin/bash. You have sudo which can do super user things, up to a limit though set by the distribution that packages sudo for you(unless you can do sudo su - root) and it depends again how your system is configured. You can remove your own sudo privileges meaning your system is very locked down however this also means you can't do even basic things such as installing new software unless you use something like flatpak or distrobox in userspace.
@@davidyoder5890 Because you don't operate in root. In Linux (and afaik MacOS) you always use a "local" account, and you only elevate yourself for an operation (macos has its system, on linux it's sudo or doas for commandline, and polkit for gui), *with authrntication needed* in contrast to Windows "yes or no" prompt that MS itself has said it's not a security feature (in some blogs of theirs). On linux, if you used the root user all the time, bad things would happen, and it is very discouraged.
John great video as always! Quick question; will this work also on Microsoft accounts? since winlogon process handles the authentication in both cases?
Windows is just a security nightmare from the looks of this. First I find out about Recall the biggest security risk that NO ONE asked for and now this.
I want to try this just to find out if it still works when the user is already logged in but locked. Also, how does it work if the user mistypes the password on the first try?
People will say OMG so insecure, Windows sucks. you could easily do the same thing with a backdoored .so file in linux probably libpam or the like. With full administrator access you can really do anything you like on the computer.
My first "hack" that I did it using the net user command to change my password in cmd while not logging in lol. It was on Windows 7, I forgot how I managed to open the cmd, but I did.
*_If you don't trust her then save yourself the trouble and just break up. It seems like you are looking for bad behavior from her to justify your own bad behavior._*
Wow, what an amazing thumbnail! It makes you look like the handsome red headed man that you really are. Be careful about accepting too many date requests online because you may run out of time to make videos!!! I have the thought that you are much more intelligent than you are leading people to believe! Nevertheless I am really amazed! Is this just a fluke?? Best regards.
The title should be "stealing windows passwords" Linux doesn't have these issues unless you somehow get root, and you'd need a 0 day or social engineering attack for that
The first "hack" I've ever did was in my middle school, one of my friend forgot to erase his password from facebook log in, and I literally just swap the password into text using inspect element and got his full password 😆
Corson Hardwick?
@@fightme5543Corsair Vengeance ® RGB 32gb
I started with Social Engineering in grade 8 back in the early 2000s when MSN was popular. Slowly get the answers to peoples secret questions to reset their passwords. The last day of school I had access to my entire classes MSN accounts. Good times.
lol in Highschool I installed a keylogger on my own phone and convinced shitload of students to login into their fb accounts to show them some bs cool feature fb have on my phone which I completely made up
@@scorit-zq4yx i beat you both. try ICQ on dial up built in search in ICQ and targetted gay predators, and also stole ISP dial info so tracing me would bounce all over
pwn you both
Hi john can you also add the link of the blog post that you refer. It'll be very helpful ❤
Very important question: What KEYBOARD do you use?
I am more curious about how you would interact with this and an account that uses Windows Hello sign-in, or Pin Sign in.
I must say it is interesting to see the password logins be ... taken apart, but I am almost more upset that there is some pathological avoidance of pushing against MS Logins with pins/Windows Hello auth.
This is really an insightful and heart warming contribution.
...John, you provide so many links to really useful resources. I have built out most of the projects from videos you have created...and started running out of space, my 42u rack server is busting, I just keep on adding to it... 😂😂
I am not very technical, but enjoy your videos and enthusiasm. 😊
Microsoft does seem to not care about this sort of thing very much - they consider local administrator to be sufficiently powerful that abuse of other users or of SYSTEM to be always possible. (This was generally Raymond Chen's attitude for a while.)
How is this any different than the root user in Linux or MacOS?
@@davidyoder5890 In most desktop linux configurations the root account is locked by default and you have to use a live usb/dvd/cd environment to chroot and unlock the root account or edit your boot entry on startup in grub to use /usr/bin/bash. You have sudo which can do super user things, up to a limit though set by the distribution that packages sudo for you(unless you can do sudo su - root) and it depends again how your system is configured. You can remove your own sudo privileges meaning your system is very locked down however this also means you can't do even basic things such as installing new software unless you use something like flatpak or distrobox in userspace.
@@davidyoder5890The difference is that administrator accounts are supposed to be (and if you configure sudo correctly, are) one level below root
@@davidyoder5890 Tbh, Linux has Mandatory Access Control, which can restrict root processes
@@davidyoder5890 Because you don't operate in root. In Linux (and afaik MacOS) you always use a "local" account, and you only elevate yourself for an operation (macos has its system, on linux it's sudo or doas for commandline, and polkit for gui), *with authrntication needed* in contrast to Windows "yes or no" prompt that MS itself has said it's not a security feature (in some blogs of theirs).
On linux, if you used the root user all the time, bad things would happen, and it is very discouraged.
John great video as always! Quick question; will this work also on Microsoft accounts? since winlogon process handles the authentication in both cases?
Windows is just a security nightmare from the looks of this. First I find out about Recall the biggest security risk that NO ONE asked for and now this.
Wait till you learn about ligma
@@deanvangreunen6457 oh no
A couple security softwares do monitor login process and would make this technique null and void. But I gave you a thumbs up anyways.
I want to try this just to find out if it still works when the user is already logged in but locked. Also, how does it work if the user mistypes the password on the first try?
JOHN WHY ARE YOU YELLING
It's for the blind people at the front of the room. 😂
He's FBI agent is a little "slow"
He's talking load so an Indian hacker can hear him cause he's mic is bugged by Indian government 😂
why are you watch this video?
you: Any Comment
great video john!
People will say OMG so insecure, Windows sucks. you could easily do the same thing with a backdoored .so file in linux probably libpam or the like.
With full administrator access you can really do anything you like on the computer.
Hey if the method is hot, it's always worth making a video on it. :)
Wont any xdr report any lsass acccess or calls?
I just need the password so i can save the important files and remove the bloatware/using a modified iso
been trying to remember dudes last name for like 2 years lmao thanks
My first "hack" that I did it using the net user command to change my password in cmd while not logging in lol. It was on Windows 7, I forgot how I managed to open the cmd, but I did.
Jai Shree Radhe Radhe 🙏🙏
Jai Shree Radhe Radhe 🙏🙏😍😍😍🇳🇵♥️👌👍💐🙏
Very informative sir .... 😊
His Video is 21 Minuten long... and 13 Minutes up. 3 minutes after its up, you commenting this 🤔
@@hollywoodhank591❤😂😂⁰
Soooo basically, you need to already have the keys to the kingdom in order to get the keys to the kingdom.
This is more of a pentest thing. Wouldnt be practical in a real blackhat scenario
@@snowysysadmin59 I think you can go from local admin to domain admin with this technique
Hey I followed along your video from 4 years ago with the Rick and Morty ctf. I had a few questions toward the very end. Is there away we can connect?
Thanks for another informative cyber security video for Windows 10/Windows 11 PC users.
Hi John 🎉
The legend with the golden hair.
Brilliant 🤩
thanks for more than enough info to add securities to my computer
does it work with login on domain users?
like if i wanna grub domain admins2 password but only have domain admin1 and local admin1
@@mirozo it s working fine, enjoy !!!
linux can do this too, just put a PAM into PAM...
Yesss! I'm gonna ask my g.f. to login to my laptop and then I'll be able to discover secrets she'd been keeping.
Maybe don’t say it here? Lol 😂
@@kaiosama1237 She didn't know my alias on TH-cam.
You mean you'll get your girlfriend's secret passwords when she uses the browser? You think.
*_If you don't trust her then save yourself the trouble and just break up. It seems like you are looking for bad behavior from her to justify your own bad behavior._*
big fan bro
Wow, what an amazing thumbnail! It makes you look like the handsome red headed man that you really are. Be careful about accepting too many date requests online because you may run out of time to make videos!!! I have the thought that you are much more intelligent than you are leading people to believe! Nevertheless I am really amazed! Is this just a fluke?? Best regards.
COOL!
Hey bro can you give me help to recover my account Gmail pleaseeee
Stop filming your hands/keyboard while talking. I hope the pin you logged in with isn't used anywhere else.
You’re a 🤡.
🤦🏻
smartest windows user
I just use the same typing montage every time i’m typing a password. i’m actually typing “I heart butt cheese” in the clip
most intelligent windows user
good
nice sir
Use middle finger on keyboard 😅
hi
Hahahahahjajahajajajajjajaja linux permissins are the best
--comment
Sir can you hack clash of clans account? I can't access my account even though I have my Gmail but need a unlock code please help
I need your help it's urgent sos
scam
😮😮
The title should be "stealing windows passwords" Linux doesn't have these issues unless you somehow get root, and you'd need a 0 day or social engineering attack for that
Yeah it does, it's called PAM Backdoor
Far as I know, you can trivially steal passwords in Linux if you are using X11
first lol