mailing list archives
From: nicolas.ruff at gmail.com (Nicolas RUFF)
Date: Mon, 26 Mar 2007 22:31:07 +0200
Just a quick comment. IIRC, using a fake GINA will prevent fast user
switching. If you're going for covertness, it's probably not the way to
Fast User Switching does not work when joined to a domain. This is the
most common scenario for pentesters, I think.
One possible solution to avoid a reboot would be to hook exported
function of MSGINA.DLL (or whatever GINA in place) that are called back
on cleartext password manipulation (log in, unlock workstation).
BTW, having a DLL hooking framework in Metasploit would allow other
great things (such as SSL sniffing :) Some of the Meterpreter code could
be reused maybe.
- Nicolas RUFF
- <Possible follow-ups>
- Fake Gina 0x90 at hushmail.com (Mar 25)