Fake Windows logon screen to steal passwords
FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk.
It can either be executed by simply running the .exe file, or using for example Cobalt Strike's execute-assembly
command.
Binaries available from the Releases page.
%LOCALAPPDATA%\Microsoft\user.db
Folders:
Authored by Arris Huijgen (@bitsadmin - https://github.com/bitsadmin/)