Automatically login to a Windows or Mac PC without the password.
If you're reading this you are probably a penetration tester with an android device who needs access to a desktop PC you found in a random office during your physical penetration test. If so, you have come to the right blog, my friend.
Yes this can be accomplished with an ordinary flash drive, however, there are a few circumstances where this won't be possible... perhaps you were searched on your way into the building and your flash drives were confiscated, maybe you are trying to reduce the size of your penetration testing arsenal, or maybe you are just plain forgetful (tsk, tsk)... There's also more 'wow factor' when you're doing it on your phone! =)
The best part is - it won't change the password and shouldn't damage the computer in any way. The owner of the PC will likely have no idea what has happened - at least until you turn in your report and get to watch their jaws drop in awe and terror as they read it.
Enough of an intro, let’s get into it. You will need a Windows PC for the one-time setup. I did it in a Virtual Box Windows VM from my Mac OSX host without any issues. If you want to do it this way, install VirtualBox and download a free temporary Windows image from here: https://github.com/xdissent/ievms. Configuring VirtualBox to pass your USB devices through is an easy feat, however, it is out of scope for this post - Google it if you need help.
Initial Preparation:
Get your grubby little hands on a rooted Android device (I used a Nexus 5, but any other phone or tablet should work just as well)
Download DriveDroid from the Play store
Purchase (yes, it's not free unfortunately, but it's worth every dollar) a copy of KonBoot - get the hybrid version as it supports both Mac and Windows machines. You'll find it here: http://www.piotrbania.com/all/kon-boot/
Download and extract the .exe file
Setting up DriveDroid:
Go through the setup wizard unless you are confident that you don't need to do this
Create a blank image with 200mb size and no MBR Partition! This is very important
Save, refresh, and host it as a mass storage device
Connect to the Windows PC
Installation:
Launch the KonBoot executable
Select the correct USB drive
Run the installer by pressing the button that mentions USB with EFI support
Disconnect the Device
Stop DriveDroid’s hosting of the image
Start hosting the image again
Usage on a Mac:
Host the image on DriveDroid and connect to PC via USB cable
Press Option key on boot
Select "EFI" boot option
Follow the prompts
Press Enter key at password prompt
Press Continue
Usage on a Windows:
Host the image on DriveDroid and connect to PC via USB cable
Press the correct Function key to access the BIOS
Make sure USB boot is the first option in the boot order page
Continue to boot
Press Enter key at password prompt








