search

bitsadmin / fakelogonscreen

Fake Windows logon screen to steal passwords
BSD 3-Clause "New" or "Revised" License
1.3k stars 232 forks source link

Can not find user.db and no output #3

Closed theLSA closed 4 years ago

theLSA commented 4 years ago

Hi, good project! But I encounter some problems.

win10: When I use FakeLogonScreenToFile.exe, I can not find user.db in %LOCALAPPDATA%\Microsoft\user.db, and console output is empty. When I use FakeLogonScreen.exe, console output is empty too. fakelogonscreen-problem-03

win7: When I use FakeLogonScreenToFile.exe, console output is empty, But I can find user.db in %LOCALAPPDATA%\Microsoft\user.db through search tool. (Can not find in windows file manager even allow show hide file) When I use FakeLogonScreen.exe, console output is empty. //donet35 have some problem fakelogonscreen-problem-01 fakelogonscreen-problem-02

bitsadmin commented 4 years ago

The user.db file is marked as both 'hidden' and 'system' so in addition to showing the hidden folders, you also need to uncheck Folder Options -> View tab -> 'Hide protected operating system files'.

Regarding the console output, this doesn't work in a regular console because the stdout of the FakeLogonScreen.exe application is not connected in cmd.exe. Instead you need to use for example a Metasploit or Cobalt Strike reverse shell. See some examples on YouTube: https://www.youtube.com/results?search_query=bitsadmin+fakelogonscreen.