[framework] Fake Gina
Nicolas RUFF
nicolas.ruff at gmail.com
Mon Mar 26 15:31:07 CDT 2007
> Just a quick comment. IIRC, using a fake GINA will prevent fast user
> switching. If you're going for covertness, it's probably not the way to
> go :)
Fast User Switching does not work when joined to a domain. This is the
most common scenario for pentesters, I think.
One possible solution to avoid a reboot would be to hook exported
function of MSGINA.DLL (or whatever GINA in place) that are called back
on cleartext password manipulation (log in, unlock workstation).
BTW, having a DLL hooking framework in Metasploit would allow other
great things (such as SSL sniffing :) Some of the Meterpreter code could
be reused maybe.
My .02,
- Nicolas RUFF
More information about the framework
mailing list