In a DEFCON talk someone mentioned that they could plug a USB drive into a compu

Question

In a DEFCON talk someone mentioned that they could plug a USB drive into a computer for 5 seconds and have hashes of locally stored passwords. I am interested in how this could be done, so does anyone know of an open-source bit of software that I could load onto a typical USB drive and have it do this? Please note that the scenario doesn't involve a stupid user opening up any suspicious exe's and giving them admin rights.

Specifications: Should be open source, work with any flash drive, and work on Windows.

I understand that this probably looks like I just want to be malicious without writing my own code, but I can only say that I really have no desire to steal Windows logon passwords.

Explanation / Answer

You can use samdump2:

You'll have to launch it though autorun.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.