Home page logo

metasploit logo Metasploit mailing list archives

Fake Gina
From: mmiller at hick.org (mmiller at hick.org)
Date: Mon, 26 Mar 2007 14:27:14 -0700

On Mon, Mar 26, 2007 at 10:31:07PM +0200, Nicolas RUFF wrote:
Just a quick comment.  IIRC, using a fake GINA will prevent fast user
switching.  If you're going for covertness, it's probably not the way to
go :)

Fast User Switching does not work when joined to a domain. This is the
most common scenario for pentesters, I think.

One possible solution to avoid a reboot would be to hook exported
function of MSGINA.DLL (or whatever GINA in place) that are called back
on cleartext password manipulation (log in, unlock workstation).

BTW, having a DLL hooking framework in Metasploit would allow other
great things (such as SSL sniffing :) Some of the Meterpreter code could
be reused maybe.

Well, you can use meterpreter to do hooking in already running
processes.  It supports allocating/reading/writing memory.  Only thing
that would be needed to do it right would be a disassembler.  The Nasm
wrapper in Rex could potentially be used for that.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]