-
Notifications
You must be signed in to change notification settings - Fork 231
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Includes new features in the description - Includes new release structure
- Loading branch information
Showing
1 changed file
with
11 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,21 +1,26 @@ | ||
| # FakeLogonScreen | ||
| FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then saved to disk. | ||
| FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk. | ||
|
|
||
| It can either be executed by simply running the .exe file, or for example using Cobalt Strike's `execute-assembly` command. | ||
| It can either be executed by simply running the .exe file, or using for example Cobalt Strike's `execute-assembly` command. | ||
|
|
||
| Binaries available from the [Releases](https://github.com/bitsadmin/fakelogonscreen/releases) page. | ||
| - FakeLogonScreen.exe: Built against .NET Framework 4.5 which is installed by default in Windows 8, 8.1 and 10 | ||
| - FakeLogonScreen35.exe: Built against .NET Framework 3.5 which is installed by default in Windows 7 | ||
| - FakeLogonScreen.exe: Writes output to console which for example is compatible with Cobalt Strike | ||
| - FakeLogonScreenToFile.exe: Writes output to console and `%LOCALAPPDATA%\Microsoft\user.db` | ||
|
|
||
| Folders: | ||
| - / (root): Built against .NET Framework 4.5 which is installed by default in Windows 8, 8.1 and 10 | ||
| - DOTNET35: Built against .NET Framework 3.5 which is installed by default in Windows 7 | ||
|
|
||
| # Features | ||
| - Primary display shows a Windows 10 login screen while additional screens turn black | ||
| - If custom background is configured by the user, shows that background instead of the default one | ||
| - Validates entered password before closing the screen | ||
| - Username and passwords entered are outputted to console stored in `%LOCALAPPDATA%\Microsoft\user.db` | ||
| - Username and passwords entered are outputted to console or stored in a file | ||
| - Blocks many shortkeys to prevent circumventing the screen | ||
| - Minimizes all existing windows to avoid other windows staying on top | ||
|
|
||
| # Screenshot | ||
|  | ||
|
|
||
|
|
||
| **Authored by Arris Huijgen ([@bitsadmin](https://twitter.com/bitsadmin/) - https://github.com/bitsadmin/)** | ||
| **Authored by Arris Huijgen ([@bitsadmin](https://twitter.com/bitsadmin/) - https://github.com/bitsadmin/)** |