AutoLogon exploitation
Last updated
Last updated
The target need to have those values in the registry in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
AutoAdminLogon set to 1
DefaultDomainName with a valid domain set
DefaultUserName with a valid admin username
DefaultPassword with a valid admin pass
This basically means that the target when restarted will logon automatically without prompting for username and password.
You should have a shell with covenant or metasploit or netcat. We will use Covenant here.
In the shell we will type PowerShellImport, type enter and fetch PoweUp.ps1 (if you do not have it you can get it )
Click on execute
type powershell invoke-allchecks
in your shell
Once the command executed it will do all sorts of check and we should see something like this:
Check for it with Seatbelt WindowsAutoLogon