Jump to content

Bypass Windows Lockscreen?


Double Negative
 Share

Recommended Posts

Unfortunately yes, if you want to elevate privileges learn assembly language. The ducky is built for arbitrary execution of code, the code in question must do the actual privilege escalation (an exe or virus or payload). I would recommend "The Shellcoder's Handbook", and "Assembly Language for x86 Processors". It is hard to make code that actually does anything useful with the ducky without knowing some penetration testing skills. I myself need to come up with some time to read these two books I bought.

Edited by overwraith
Link to comment
Share on other sites

Think about your question in the context of what the ducky actually is, a keyboard. The ducky's only way to execute code is to use the built in scripting languages built into the computer, the languages admins use. You can only use scripting logic in order to do things like navigate to the Micro SD card and execute an exe which is there. Asking us to do it without things like powershell and batch, and vb is impossible! And an attempt to get past the Windows lock screen is down right magic. How do you get past the lock screen without some kind of hole in the dlls of the system or some buffer overflow? I don't think such a hole exists in the security, people would have found it by now. The USB rubber ducky's only method of attack is running automated scripts on already unlocked computers, dropping stuff there, or executing something with actual teeth. I am sorry if I sounded a little bit terse towards the beginning of this thread, but your question calls into question your intelligence even as you call into question mine. I have coded several payloads, some tools including the vid/pid swapper with some help, and payloads such as run exe from sd, and the duck slurp payload.

Were you calling into question my intelligence when you said this? "I always hope for good & intelligent people"

Edited by overwraith
Link to comment
Share on other sites

Sorry. The text sounded different than it probably should have in my head. I have also had a rough week/month/year/5year.

After looking on youtube, I am saying it might be possible. You should try, it looks like you'll need back track linux / kali on a cd rom/flash drive. I just didn't think something like that would be possible, it might have been patched by now. You would need at least one payload for the kali portion of the attack, and one for the actual reprogramming of the user password. The duck script would appear to be almost an afterthought if this payload were implemented. According to the youtube video it is just a bios tweak a couple of copies, shift shift shift... and a net user command. I don't think that it is possible to include the kali distro actually on the usb rubber ducky as a partition, you would need some extra media.

You can't include everything in one payload, you would have to split into multiple payloads via detour duck or something.

Edited by overwraith
Link to comment
Share on other sites

Edit is bottom right hand corner of the posted text, looks almost translucent until you mouse over it, to the left of multi-quote and quote. The video I watched essentially booted into back track and exchanged a couple of files, renaming them, then booted back into Windows, triggered sticky keys, and that popped open a command prompt.

Try it out without the ducky first, and when you have the procedure down you can translate to duck script, or you can post the procedure here, and people can help you code it to duck script. I don't have a machine right now that I can try this out on except my personal one, and I try not to do things like set passwords. I want it to boot up and not nag me for annoying things like passwords at home. Perhaps I should try to build a PC for testing this but it could take a while.

Edited by overwraith
Link to comment
Share on other sites

  • 2 weeks later...

I know this is a bit off, but it is possible to reset a password before login. I have used the "stick keys" bypass a lot go fix friend's forgotten password problems.

Basically you boot off a live cd replace sethc.exe with cmd.exe. hit shift 5 times and pop admin shell. from there you can create/reset a local admin password.

https://4sysops.com/archives/forgot-the-administrator-password-the-sticky-keys-trick/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...