First off, this is dead simple and shouldn’t work, but it does. Also, there is no possible way that I’m the first one that has identified this, but here it is (trust me, I tested it so many ways to confirm it because I couldn’t believe it was true)
TL;DR USB Ethernet + DHCP + Responder == Creds
Thesis: If I plug in a device that masquerades as a USB Ethernet adapter and has a computer on the other end, can I capture credentials from a system, even when locked out (yes, logged in, just locked).
This is a Security Bloggers Network syndicated blog post authored by Room362. Read the original post at: Room362