Skip to content

dizconnectz/fakelogonscreen

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

FakeLogonScreen

FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then saved to disk.

It can either be executed by simply running the .exe file, or for example using Cobalt Strike's execute-assembly command.

Binaries available from the Releases page.

  • FakeLogonScreen.exe: Built against .NET Framework 4.5 which is installed by default in Windows 8, 8.1 and 10
  • FakeLogonScreen35.exe: Built against .NET Framework 3.5 which is installed by default in Windows 7

Features

  • Primary display shows a Windows 10 login screen while additional screens turn black
  • Validates entered password before closing the screen
  • Username and passwords entered are stored in %LOCALAPPDATA%\Microsoft\user.db
  • Blocks many shortkeys to prevent circumventing the screen

Screenshot

FakeLogonScreen demo in Cobalt Strike

Authored by Arris Huijgen (@bitsadmin - https://github.com/bitsadmin/)

About

Fake Windows logon screen to steal passwords

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C# 100.0%