Sunday, February 21, 2010

Windows Vista + 7 Targets for Screen Unlock Script

The screen_unlock script for metasploit now supports Windows Vista and 7 (might not work with every version though).
The basic method used for Vista and 7 is still the same, yet there was one problem: Vista and 7 use ASLR, so fixed addresses for the code patch do not work.
The meterpreter API has a nice solution to this problem - it is possible to find out the base address of a specific process module.

The updated target section in the script contains relative offsets which are combined with the base address of msv1_0.dll in the lsass.exe process to locate the exact positions for checking the signature and applying the patch.

The script now also supports multiple targets for one OS - every matching target gets tested until a working one is found.

1 comment:

  1. Although the windows vista services got ended by the end of 2011 only, I still have windows vista installed on my old laptop. Your article saved my time. I am using windows 10 right now but it lacks the feel that it was for windows vista. The most frustrating thing that I need to handle with windows 10 is the error issues. Like the quickbooks error 1603 windows 10. I wish, we could have those vista days now..