Author Topic: bypass winxp screensaver...  (Read 821 times)

hUNT3R

  • Newbie
  • *
  • Posts: 10
  • Kudos: 0
bypass winxp screensaver...
« on: 20 April 2003, 18:29 »
Guyes, after the birth of 'winxp' bypassing the screensaver password was thought to be nearly impossible right... IF _IMPOSSIBLE_ NOT FOR YOU... next to impossible for me...

winnt had a bug... if we enter a CD in CD-rom and if it autorun's ... then it would autometically kick off the screen saver... there was another few funny trick ... to bypass the screensaver also... but after the birth of winxp i don't remember seeing any such bugs or exploits/tricks to bypass the screen saver...

so time of research again...
-> THE SAME OLD autorun cd trick...
In winxp i have seen when screensaver saver password is on or the admin. have locked the desktop when you try to access a monitor... it prompts for "user-name" and "password", but there is a facality in windows....

in power option property > power schemes

there is facility ...

Turn of monitor : After .... mins

So even when screen saver is on .... if the "turn off monitor" timeout is 15 mins... then the the monitor will swith to off mode... that will autometically kick off the screensaver out and _BINGO_ you get the desktop access...

!!!A THING THAT COULD BE EXPLOITED!!! isn't it...

but, what if the turn off monitor : after 5 hours /or/ never turn off monitor
---------------------------------------------------------------------------------

ooo boor... but i thing there are few trick's that could be used to bypass/kickoff the thing...

imazin a CD that is configured to autorun <hope the computer also supports autorun>

create a simple program that, does the following modification...

HKEY_CURRENT_USER\Control Panel\Desktop
<string value>
ScreenSaverIsSecure =0 insted of 1

it means, enabe password protectection to screen saver or disaple password protection....

haha...., as winxp support's programs/batch-jobs/sedule tasks to run on background even when desktop is locked ... these thing's are easy to exploit...

< so now how do you hit refresh??? to the registry...> haha, wait again for seconds before the password prompt box pops up... and again the screen saver pops up after a minute... for the next time when again screen saver is on ... it will be easyly pissed off without a password! >

<is anybody is thinking of writing a script that enables or disables guest account or < del /y > or changing some other useful values of regstry...just using this CD trick... the _MASTER OF THE PC_ will never know what was wrong with his PC after 15 minutes of his return...

If anybody is thinking i am stupid cauz, the activity may be logged... then go read the ....

http://www.blackcode.com/forums/viewtopic.php?t=5380
http://www.blackcode.com/forums/viewtopic.php?t=5758
http://www.blackcode.com/forums/viewtopic.php?t=5353

and think DESTRUCTIVE

ooooo ya, Turn of monitor time out could be changed to to,

Turn of monitor : After 5 minutes <or less >

go figure out yourself how... <is anybody thinking of creating a program in c++ or visual basic to do that....? >

chear up...
| .o