Locked Windows Target

[NThack]

Dear All;

I just by one new USB Rubber Ducky and starting with payloads.

I need to know if USB Rubber Ducky can work in a loacked windows target machine ? which means that the machine is powered on but the user is not log in yet.

Indeed, the idea is to think if it can be used for lost laptop assesement scenario.

Best regards.

[dark_pyrro]

You can do with the Ducky whatever you can do with a keyboard on a lock screen with no user yet logged in. The Ducky doesn't provide you with some magical key to the kingdom that lets you circumvent all security in an operating system if that was what you were referring to. I guess you have to elaborate on that "lost laptop assesement scenario" to fully understand what you want to achieve.

[NThack]

As you know, in Ethical hacking the scaneio lost laptop consists of an assement of security mechanisms to avoid the leackage of confidential data or access using this laptop.

In this sceanrio the ethical hacker get a laptop in black box without login, pwd, user and so on. he will try to get access and escalte priveliage to get pwd and so on.

Many techniques are used in Kali to get haches and decrypt PWD using powershell or cmd command but you are in the system.

So the question, is it possible to do the same without login ?

 

 

 

[dark_pyrro]

As said, what can you do with a keyboard in such a situation? The same capabilities goes for the Ducky.

The Ducky would for sure not be my first choice of method in such a scenario.