msvpwn (MIT-licensed, see
LICENSE) patches a DLL from Windows (
msv1_0.dll) to completely disable the password check: you'll be able to get in with every conceivable password.
msvpwn [-s] file
You need to supply the DLL as an argument. msvpwn will patch it if it is unpatched, and vice-versa.
If the -s option is supplied, msvpwn will only display the DLL's status (patched, unpatched).
To add more signatures, edit
src/config.h, there's an array of
PatchInfo structures to edit. See CONTRIBUTING.md
The only dependency is OpenSSL (some
make targets, detailed lower, also require ronn to generate a manpage, but I provide one so you won't need
ronn; it's for developers only), compiled with SHA256 support.
make make install
uninstall targets, and you can override the
Object files get stowed in
obj/, and the binary goes to
bin/ (I'll let you guess its name).
By the way, my fellow Archers can use the
PKGBUILD provided in
package/arch (it's git-based).
msvpwn is also bundled with BlackArch, a set of pentesting tools for ArchLinux (a LiveCD is available too).