[framework] Fake Gina
ryan underwood
egryan1 at gmail.com
Mon Mar 26 16:06:44 CDT 2007
Is their an artical or something that explains this trick, cause this is the
first time I have heard of using the gina.dll file for capturing usernames
and passwords
On 3/26/07, Nicolas RUFF <nicolas.ruff at gmail.com> wrote:
>
> > Just a quick comment. IIRC, using a fake GINA will prevent fast user
> > switching. If you're going for covertness, it's probably not the way to
> > go :)
>
> Fast User Switching does not work when joined to a domain. This is the
> most common scenario for pentesters, I think.
>
> One possible solution to avoid a reboot would be to hook exported
> function of MSGINA.DLL (or whatever GINA in place) that are called back
> on cleartext password manipulation (log in, unlock workstation).
>
> BTW, having a DLL hooking framework in Metasploit would allow other
> great things (such as SSL sniffing :) Some of the Meterpreter code could
> be reused maybe.
>
> My .02,
> - Nicolas RUFF
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20070326/147e3c95/attachment.htm
More information about the framework
mailing list