Winlockpwn

March 4, 2009
Tags:

I tried my hand at winlockpwn and was sucessful in bybassing a windows XP SP3 login screen. I was not able to get the exploit to work on a Vista SP1 machine, though. It seems the exploit has lost momentum. I wonder if anyone will update it for Windows 7. I used backtrack 3 live CD to get it to work. I was surprised to see that McAfee marked this as a virus.

10 Responses to “Winlockpwn”

  1. Hi there

    any news regarding winlockpwn using on XP SP3, win 7, win 7 SP1?

  2. XP SP3 should work. I have not tried it on win 7. Have you ever done it before? It is not most reliable exploit…

  3. we have a stable hack on XP SP2. Try out XP SP3 later.

    I have in mind that we have a hack on a Win as well, maybe with SP1. But this hack is not reliable and the used patterns are out of my mind – 🙁 “damn”, in particular the offset.

    I have detected:
    For XP (SP2) as well as Win7 it is important
    – order of connecting the firewire cable
    (first “iPod” second the target, but after running ipod.csr and starting winlockpwn within 5-7 seconds.

    I think for Win7 it is (only) a problem to get the correct patterns in particular the offset

  4. Win XP SP3 fully patched hacked :-), same timing conditions as above. Need help for WIN7 SP1 – searching for patterns

  5. @ACE Thanks for the help and info!

  6. some interesting and helpful additional info’s,

    XP SP3 works great bit XP SP3+ doesn’t work!

    XP SP3+ means XP SP3 with installed “Local Security Authority Subsystem Service” Microsoft KB 968389.

    XP SP3 with msv1_0.dll 5.1.2600.5512 – hacked
    XP SP3 msv1_0.dll 5.1.2600.5876 – no
    XP SP3 msv1_0.dll 5.1.2600.5834 – no

    Investigation what the “Local Security Authority Subsystem Service” will do and if this is a standard part of win7.

    Still searchin for winlockpwn settings Win7 SP1

  7. Win7 news:

    Win7 hacked – msv1_0.dll 6.1.7600.16385
    Win7 SP1 not – msv1_0.dll 6.1.7601.17514

    searching for winlockpwn settings Win7 SP1
    (msv1_0.dll 6.1.7601.17514)

  8. I’ve grouped some targets here, including my own for win 7 SP1:

    http://scratchpad.wikia.com/wiki/Winlockpwn

  9. Win7 SP1 done 🙂

  10. Any suggestions for getting it to work? Or links to helpful documentation?

Leave a Reply