Sign in to follow this  
Followers 0
benzrf

Simple Script to add security

14 posts in this topic

#1 ·  Posted (edited)

This is NOT my first script, so feel free to flame me(lol). This is not supposed to be anything particularly elaborate, just a program that asks you for a second password after your computer starts up and shuts down the computer if you get it wrong, as well as adding the attempt into a log. I know, why bother if you already have a password?, but think about it this way: Hacking a computer pretty much just entails booting it up from a CD, DVD, or flash drive, and then using John the Ripper or something similar to crack the hash. However, getting a password out of a compiled EXE means sifting through binary or hex(doesn't it?), and there are definitely more people out there who know how to do the former than the latter.

CODE
$passq = InputBox("Type in the password you want.", "Type the password below.")

$program = '$passq = InputBox("Login", "Type your password.", "", "*", -1, -1, -1, 10)' & @CRLF & '$passq2 = InputBox("Login", "Confirm your password.", "", "*", -1, -1, -1, 10)' & @CRLF & '$passq = StringLower($passq)' & @CRLF & '$passq2 = StringLower($passq2)' & @CRLF & 'If $passq <> $passq2 Then' & @CRLF & ' $passq = InputBox("Login", "The two passwords do not match.", "", "*", -1, -1, -1, 10)' & @CRLF & ' $passq = StringLower($passq)' & @CRLF & 'EndIf' & @CRLF & 'If $passq <> StringLower("' & $passq & '") Then' & @CRLF & ' BlockInput(1)' & @CRLF & ' $fileq = FileOpen("C:\logfile", 1)' & @CRLF & ' BlockInput(1)' & @CRLF & ' FileWriteLine($fileq, @HOUR & ":" & @MIN & ", " & @MDAY & "/" & @MON & "/" & @YEAR & ". Attempted password:" & $passq)' & @CRLF & ' BlockInput(1)' & @CRLF & ' FileClose($fileq)' & @CRLF & ' BlockInput(1)' & @CRLF & ' Shutdown(29)' & @CRLF & 'EndIf'

$filehandleq = FileOpen(@ScriptDir & "\securityscript.au3", 2)

FileWrite($filehandleq, $program)

FileClose($filehandleq)

$runpathq = RegRead("HKEY_CLASSES_ROOT\AutoIt3Script\Shell\Compile\Command", "")

$runpathq = StringLeft($runpathq, StringLen($runpathq) - 3)

$runpathq = $runpathq & @ScriptDir & "\" & "securityscript.au3" & '"'

RunWait($runpathq)

RegWrite("HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run", "SecurityScript", "REG_SZ", @ScriptDir & "\securityscript.exe")

Exit

By the way, the reason I put several BlockInputs is that if the intruder presses Ctrl-Alt-Del, they just might be able to halt the program. So I repeat it several times to reset it just in case they manage to.

Lastly, to set this to run every time someone logs in, start up RegEdit and go to:

HKEY_LOCAL_MACHINE(HKEY_CURRENT_USER if you want it to be when you log in only)/SOFTWARE/Microsoft/Windows/CurrentVersion/Run

and add a new REG_SZ value containing the script's path.

UPDATE: The script I have included now creates and compiles the "real" script, as well as adding the necessary registry key and puts your desired password into the script for you.

Edited by benzrf

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

lol not bad. :D It's also a good way to obtain the intruder's passwords in some cases. Some of my friends are dumb enough to try their own passwords on my computer. :D

By the way, if you want to make this write to the registry automatically, you can use RegWrite(

Anyway, I'll use this (and give you credit of course) in one of my upcoming projects. Nice work. :o

Edited by DJKMan

My work in AutoIt (Not many yet):

Parse Large Text Files To 2D Array Quickly [With Chunk Size]

 

My artificial intelligence project coded entirely in AutoIt. Meet Alice Assistant: http://facebook.com/ProjectAliceAI

 

Share this post


Link to post
Share on other sites

awesome work, ill use this in my password storer, of course you will get full credit ^_^


Intermediate AutoIt/Autohotkey User

Share this post


Link to post
Share on other sites

wrong

$passq = InputBox("Login", "Type your password.", "*", -1, -1, -1, -1, 10)

right

$passq = InputBox("Login", "Type your password.", "", "*", -1, -1, -1, 10)

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

I didn't add the RegWrite function because you might accidentally run it and forget your password, or something similar. Just a bit of safety. By the way, thanks for the correction, HAL9000!

I honestly didn't think anyone would really like it! After all, anyone with the idea could script it in two or three minutes...

Lastly, if you didn't realize by now, the reason I had it record the attempted password is in case it would help you guess who tried to get in.

Edited by benzrf

Share this post


Link to post
Share on other sites

bomp(is that allowed?)

Share this post


Link to post
Share on other sites

bomp(is that allowed?)

Why, just to promote this script?

Don't think you want a serious opinion about this scrip.

Anyways, Since when does BlockInput(1) block Ctrl+Alt+Del?

Remarks

If BlockInput is enabled, the Alt keypress cannot be sent!

The table below shows how BlockInput behavior depends on the Windows version; however, pressing Ctrl+Alt+Del on any platform will re-enable input due to a Windows API feature.


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

OK, sorry. Anyway, yes, Ctrl-Alt-Del doesn't get blocked, yes. What I said was that, in the event that they pressed Ctrl+Alt+Del, it wouldn't help them because the script would automatically re-block their keystrokes.

Share this post


Link to post
Share on other sites

kk, a couple of things to make it better...

open up taskmgr.exe on startup, but set its state to hidden, that way the cant get to it, even if they do press ctrl alt delete.

For cApiTaLs sensitive in pass replace:

If $passq <> "Put your password here" Then

with

If Not $passq == "Put your password here" Then

Possibly a confirm pass? I misstyped mine trying it out lol....

make a setup file, that writes to the registry, and asks user to create a pass.

in the script, enter the pass encrypted, and decrypt it at every run for more security.

possibly a bypass in case of forgetting, but something random such as a hotkey that you need to press ctrl+alt+shift+4+2+a+u+t+o+i+t to enable...

very nice idea though!!

Share this post


Link to post
Share on other sites

kk, a couple of things to make it better...

open up taskmgr.exe on startup, but set its state to hidden, that way the cant get to it, even if they do press ctrl alt delete.

For cApiTaLs sensitive in pass replace:

If $passq <> "Put your password here" Then

with

If Not $passq == "Put your password here" Then
Are you sure?

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

the case bit?

The helpfile says so anyway...

== Tests if two values are equal (case sensitive if used with strings)

or taskmgr?

thats true to, just tried. It still shows in the notif tray though. It doesn't open a new one either!! (probably not the most approppriate things for the forums...sorry, will edit out if you want...)

Edited by mdiesel

Share this post


Link to post
Share on other sites

woops...

we're both right if you take away the not...

$1 = "AaAa"
$2 = "AaAa"
If ($1 == $2) Then MsgBox (48, "Jos", "Jos is right.")
If $1 == $2 Then MsgBox (48, "MDiesel", "MDiesel is right.")

but you're right when you add it.

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

Thanks for the tip! I'll update my first post.

Edited by benzrf

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0