Password Protected Screensaver

[simo923]

Hi guys, sorry, don;t want to become a post freak but i cant seem to find any reference to this in previous threads.

I was under the impression that the Switchblade would still run even if the password protected screensaver was up. From testing the ones i have put together it doesnt.

Anyone know if it is indeed possible. I suppose the limitations will be the same as not being able to attack a user that isnt logged on.

Cheers guys

[m0u53]

well im sure there is some way to do this the screensaver is a program right? well make your payload Taskkill /IM <scrnsvr name.exe>

that should do the trick i guess i could try it lol

[simo923]

Thing is the screensaver will already be running so the autorun will not happen. I have used Nircmd to kill the screensaver for future uses though.

[m0u53]

i though the autorun would kill the screensaver

maybe make a program that moves the mouse

i know you can do it with autoit

[Shaun]

The entire point of his first post was that it wasn't autorunning. What would moving the mouse do?

[AndyzBong]

The setting that controls whether a login should be performed when a workstation is unlocked or when a password-enabled screen saver is used is located in the registry value "ForceUnlockLogon"

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon

If you modify the data from a 0 to a 1 it will no longer require a login. I am not sure if you can change this registry data while the password-protected screen saver is running (as my go.cmd did not launch during a password-protected screen saver)  but thats a good first experiment.

Also, screen savers are considered operating system files and are "protected" from being deleted or overwritten. They are located in the WindowsSystem32 and WindowsSystem32dllcache folders. Like disabling the login, I am not sure if you would be able to delete these files while the screen saver is actively running.

You could also attempt the registry value that controls whether screen savers are actively enabled. This registry value is "ScreenSaveActive" and is located in HKEY_USERS.DEFAULTControl PanelDesktop

0 = disabled

1 = enabled

Hope this gets someone off to a creative way around this.

[AndyzBong]

So I finally got some time off from class and I noticed that no one has added anything to this discussion, so why not do some experimentation? All of the registry information/ideas that I mentioned above are useless, as the U3 will just not autorun while the XP system is running a password protected screensaver. My final suggestion would be importing a screensaver "grace period" registry file via go.cmd

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon]
"ScreenSaverGracePeriod"="120"

This way, if you are able to insert the switchblade before the screensaver kicks in; but are unable to access the mouse (which would deactivate the idle countdown) before the password-protected screensaver activates, you won't have to login. NOTE: You can enter any whole number between 0 and 2,147,483 (approximately 24 days). A value of zero indicates no password protection delay and there is no default entry.

[Deveant]

the issue is, when the reg key to lock the station is set, the station goes into a total lockdown, i have incounted this issue b4, but it was for Novell, and IBM laptops, once the saver turns on, the lan connection is ceased, as so is pretty much every other event on the PC exept the main parts of windows and the saver.

[natural_orange]

unless this in win 9x it won't wok.

when the screensaver is up your already locked out, so killing the screensaver would only bring up the unlock workstation or windows welcome screen