To ensure the security of the files, users who use Windows are likely to use the "username" and "password" combination to log in. However, in the case of forgetting the password, the door of the windows system will say to the registrant "no", so that they can not enter. How to crack the Windows login password at this time? Here is a comprehensive introduction to the principle of Windows login password cracking and the specific operations and precautions, let us start one by one:
Windows login password cracking principle:
Windows authentication is generally in the lsass process, the default module is msv1_0.dll, and the key is in its export function LsaApLogonUserEx2,
This program intercepts the password by injecting code into the lsass process hook LsaApLogonUserEx2 . As long as there is an authentication process,
LsaApLogonUserEx2 will trigger, such as ipc$,runsa, 3389 remote desktop login.
The program handles different systems and can be intercepted on 2000, 2003, xp, vista,
in 2000, 2003, xp, through the upper 8 bits of UNICODE_STRING.Length Xor key, if the password is encoded, it is decoded by ntdll.RtlRunDecodeUnicodeString,
vista determines whether the password is encoded by AdvApi32.CredIsProtectedW, and the decoding uses AdvApi32.CredUnprotectW.
You can run your own debugger to hang lsass:)
Windows login password crack interface problem:
HRESULT WINAPI DllInstall( BOOL bInstall, LPCWSTR pszCmdLine);
This is a function prototype exported by this dll, please don't be confused by the name, this program is green.
This function does not do any self-starting installations, and does not modify the registry or system files. Just want to choose an interface that matches the regsvr32 call.
The first parameter is not used in this program,
Please specify a file path for the second parameter (note that it is UNICODE), the recorded data will be saved here (is Ansi's) ).
The file path can be like this C:\\x.log,
can also be like \\\\.\\pipe\\your_pipename,\\\\.\\mailslot\\yourslot
So you You can write the loader to call this dll, and let the dll send the data to your program through pipe or mailslot when the dll intercepts the password. The data is a string (Ansi)
Windows login password crack test:
You can not write your own loader to call, use regsvr32 as a loader to test: ( You may need to turn off some active defenses.
regsvr32 /n /i:c:\\xxx.log c:\\pluginWinPswLogger.dll
Normally regsvr32 pops up a prompt.
At this time, you can switch users or lock the computer, and then log in again. The password information is intercepted and saved to c:\\xxx.log.
However, as long as you understand the cracking principle of the login password in this tutorial, and prepare in advance, when you encounter the embarrassing event caused by forgetting the password again, you can use it to exercise & ldquo; Sesame Open Door ” The function goes smoothly into the operating system.
Tencent QQ supports online chat, video call, point-to-point breakpoint file transfe
Disk defragmentation is the use of system software or professional disk defragmentation software to
We all know that if you want to mute the computer, you can directly operate the vol
WinXP users can use the clipboard to view the application, but now many users want
How does WinXP turn off hardware acceleration? Turn off hardware acceleration method
What should I do if the printer cannot print a test page under XP?
How to solve the actionscript error in WinXP?
How to solve the broadband connection under WinXP 691 error code problem
What should I do if the WinXP system IE8 browser is automatically closed?
Windows system slows down several major reasons
WinXP only has a mouse-enabled solution after booting up.
How to change the WinXP suffix name? Modify the file suffix name method
Windows XP System Security Coup
How does WinXP install the camera driver? WinXP installation camera driver skills
WinXP solution for failing to shut down automatically due to improper operation
Bootcamp installed WinXP patch when the C disk space is insufficient?
What should I do if the Win10 input method icon is disabled?
Win8 system desktop folder becomes a desktop solution
Computer rookie protection computer has a high trick
Self-test system to prevent time modification
Win7 computer does not prompt the battery is automatically shut down, how to do it
Close Win 7 transparent effect method
Windows7 group policy setting skills to share
How to solve the win7 dual hard drive automatically shut down