Categories: Kali Linux

WinPirate – Automated Sticky Keys Hack

We create a way to automate doing the window sticky keys hack from a bootable USB. Then, we automate getting as many saved passwords as possible, drop a listener, and delete all traces that we were there.. All without being detected by antivirus, we should add a mimikittenz option if the computer was found running and unlocked, otherwise we can just run it later remotely

How To Use Sticky Keys Hack

Requirements: a linux bootable USB, this repo on the USB (not in the OS, just put it in the root directory)

Also Read DVIA – Damn Vulnerable iOS Application

  • shutdown windows (make sure not hibernating by holding shift while pressing shut down)
  • hit F12 and select USB
  • sudo -i
  • fdisk -l (note: if you’re on Kali Linux, run parted -l)
  • mkdir /media/windows
  • mount /dev/WHATEVERTHEWINDOWSPARTITIONWASCALLED /media/windows -t ntfs
  • run Stickykeys.sh
  • restart and boot to Windows
  • hit Shift 5 times fast, a command prompt will appear
  • cd to the USB and run WinPirate.bat

If the computer isn’t locked: Then cd to the USB and run Run.bat (this will run WinPirate.bat silently in the background, it should be done in < 10 seconds

Current Issues

  • The chrome passwords grabber that I made is still a .py For it to work, I need to convert it to exe so it doesn’t require python to be installed on the system.
    You can run it with python chromepasswords.py -csv and it will decrypt the Chrome saved passwords database and export it as a CSV
  • The sticky keys automation doesn’t speed the process up as much as I previously thought, as evident by the lengthy “How to Use” section
  • I haven’t been able to write any tools that grab passwords for IE or Firefox

 

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

2 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago