Home page logo
/

metasploit logo Metasploit mailing list archives

Fake Gina
From: mmiller at hick.org (mmiller at hick.org)
Date: Sun, 25 Mar 2007 12:23:24 -0700

On Sun, Mar 25, 2007 at 08:41:16PM +0200, Jerome Athias wrote:
actualy i use this:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"="mscad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SAS_S"=dword:00000001

and i wait a reboot
i didn't go further on it but maybe we can find a way to have it working 
on the fly
i will test it

Just a quick comment.  IIRC, using a fake GINA will prevent fast user
switching.  If you're going for covertness, it's probably not the way to
go :)  Then again, writing the GINA DLL to disk in the first place
wouldn't be too covert.  If you're not all that worried about
covertness, I could see how it'd be useful.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]