Windows Vista + 7 Targets for Screen Unlock Script

• 2010-02-21
• metasploit  

The screen_unlock script for metasploit now supports Windows Vista and 7 (might not work with every version though).

The basic method used for Vista and 7 is still the same, yet there was one problem: Vista and 7 use ASLR, so fixed addresses for the code patch do not work.

The meterpreter API has a nice solution to this problem - it is possible to find out the base address of a specific process module.

The updated target section in the script contains relative offsets which are combined with the base address of msv1_0.dll in the lsass.exe process to locate the exact positions for checking the signature and applying the patch.

The script now also supports multiple targets for one OS - every matching target gets tested until a working one is found.

Get the new version here: http://github.com/svent/misc/blob/master/metasploit/screen_unlock.rb