Jump to content











Photo
- - - - -

PEPassPass

password logon windows disable bypass passpass

  • Please log in to reply
1 reply to this topic

#1 boulcat

boulcat

    Member

  • Advanced user
  • 51 posts
  •  
    Belgium

Posted 03 December 2014 - 08:05 PM

Posted Image

File Name: PEPassPass
File Submitter: boulcat
File Submitted: 18 Sep 2014
File Category: Security

PEPassPass is developed from Holmes.Sherlock's PassPass (Bypass the Password) :thumbup:
PassPass is a nifty Grub4DOS (BIOS) batch script to disable/re-enable Windows logon password validation.

PEPassPass is an AutoIt executable to disable/re-enable Windows logon password validation, too.
It is intended to be run from either Windows PE or from a second NT installation, if any, to patch the first one.
A possible use case is systems equipped with UEFI where Grub4DOS may fail to boot.
For such systems, one needs to boot either Grub4DOS, hence PassPass in Legacy/BIOS compatible mode, or Windows PE/second NT installation to boot PEPassPass from.

In short, an addition to the original PassPass, really much faster if Grub4Dos is available.
1.boot to grub4dos, 2.patch the file, 3.continue booting your patched Windows OS.
PEPassPass is able to patch Windows XP/Vista/7/8/8.1 for both 32-bit and 64-bit versions.


Technical Details:
The script tries to locate all existing Windows installations and corresponding Windows editions as well.
Thereafter, after changing permissions, it replaces the CMP instruction responsible for password verification with a 'benign' sequence of bytes.
For reverting back the changes, the process is just the opposite.
The whole idea is derived from WindowsGate and Astr0baby's tutorial

Usage:
PEPassPass.exe : displays the GUI, Select the OS drive and use buttons, Backup, Restore, Patch or UnPatch.
PEPassPass.exe /Source : Extract the embedded source in same folder.

Test:
1.Download latest version and include in your WinPE, BIOS and/or UEFI.
2.Backup /<Windows directory>/system32/msv1_0.dll of a target installation protected by password at logon.
Backup file: /<Windows directory>/system32/msv1_0.dll.bak
3.Patch it. The Backup file: /<Windows directory>/system32/msv1_0.dll.bak is created if not exist,
Backup not done.
4.Test whether the patch is working by being able to log on with arbitrary password or without password.
5.Unpatch it.
6.Test whether unpatch is working by being not able to log in with all but only with the correct password.

AutoIt Version: 3.8.1
Author: boulcat
Credit: Holmes.Sherlock for Original PassPass (Bypass the Password), a nifty Grub4DOS batch script to disable/re-enable Windows logon password validation.

Credit for PassPass:

Wonko the sane - For ideas, code snippets, information. The script embeds his DLL version detection script.

Ectomorph a.k.a. Damian Bakowski - For his 'unannounced' patch for 32-bit version of msv1_0.dll.

Astr0baby - For his reversing tutorial.

Steve Si – For including support for PassPass in his wonderful tool Easy2Boot.


License:
This program is distributed as freeware in the hope that it will be usefull but without any warrenty expressed or implied.
You are free to modify this script but I would appreciate if you shared your changes with me and include the source code in the program, as it is done.
Take credit for your fixes, improvements but thanks to don't take credit for work you did not do.

v1.1.0 - 18/09/2014 - Browse all the folders from the drive and search if System32\msv1_0.dll exist to get the "Windows" folder. Use the values of the combo rather than looking again at OSVersion and OSArch.

v1.0.3 - 17/09/2014 - Add Permissions on msv1_0.dll and exclude the X: drive reserved for WinPE.

v1.0.2 - 16/09/2014 - Test OSArch 32 or 64 bit from winlogon.exe

v1.0.0 - 16/09/2014 - Initial Release

Click here to download this file
  • TheHive likes this

#2 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4197 posts

Posted 05 December 2014 - 10:12 AM

:ph34r:







Also tagged with one or more of these keywords: password, logon, windows, disable, bypass, passpass

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users