Sunday, February 21, 2010

Windows Vista + 7 Targets for Screen Unlock Script

The screen_unlock script for metasploit now supports Windows Vista and 7 (might not work with every version though).
The basic method used for Vista and 7 is still the same, yet there was one problem: Vista and 7 use ASLR, so fixed addresses for the code patch do not work.
The meterpreter API has a nice solution to this problem - it is possible to find out the base address of a specific process module.

The updated target section in the script contains relative offsets which are combined with the base address of msv1_0.dll in the lsass.exe process to locate the exact positions for checking the signature and applying the patch.

The script now also supports multiple targets for one OS - every matching target gets tested until a working one is found.

No comments:

Post a Comment