Use bootkit to bypass Windows logon Password

Source: Internet
Author: User

Link: http://www.52pojie.cn/thread-181746-1-1.html

This post was last edited by wowocock at, January 5 ,.


A few days ago, I tried to log on to a Windows system on the Virtual Machine and found that I couldn't remember the password. So I searched for the information and wrote a tool to solve the problem.

In fact, Windows login verification is to verify the password function through msv1_0.dll in Winlogon. Msv1_0! Msvppasswordvalidate, which is called internally Rtlcomparememory, The user password hash retrieved from Sam is 16 bytes in length compared with the password hash entered by the user. Therefore, if this parameter is patched, true is returned. Then, you can log on to Windows directly through password verification. Generally, we can write a driver, and patch this verification function. However, in fact, when a problem occurs, we may not be able to log on to Windows or install our driver. However, by using bootkit, we can use a USB flash drive to start a winpe, then install our bootkit in winpe to the hard disk MBR, and then start the system. Foreigners have previously written a simple example, but only supports xp. However, in the age when bootkit technology is already poor, it has been extended to support Vista and win7.
32-bit, also easy. However, Windows requires a lot of trouble, because patch guard processing is required. Although it also provides support, it may not work in some systems, currently, only some systems of win7 64 and win2008 R2 have been tested. The support is not as good as 32-bit systems, and 32-bit systems are basically supported except Win8 systems.

Currently only support 32bit XP, 2003, Vista, win7!

Maybe support 64bit win7!

Syntax:

Pwdignore/dump

Pwdignore/restoredump

Pwdignore/XP

Pwdignore/win7

Pwdignore/win7x64


First, use/dump to generate the MBR. binfile in the current directory for restoring the original MBR. Use/restoredump to restore the MBR.

If the target login system is 32-bit 2000, XP, 2003,/XP is used to write the XP series bootkit

If the target login system is 32-bit Vista win7,/win7 is used to write the bootkit of the win7 series.

If the target login system is a 64-bit win7 2008 R2,/win7x64 is used to write the bootkit of the win7 64-bit series.

Do not use other systems. Otherwise, the system may fail to be started. Of course, you can use/restoredump to recover MBR in winpe at any time.

If there are other vulnerabilities in a non-winpe environment, writing data to the MBR may be blocked. Click allow. If there is no prompt for writing, it indicates that you need to update your anti-bot service. We recommend that you use 360 security guard. The defense effect is good.



pwdignore.zip

39.48 kb, download times: 309, download points: mycoin-1 CB

Pwdignore_new.zip

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.