[framework] Fake Gina
mmiller at hick.org
mmiller at hick.org
Mon Mar 26 16:27:14 CDT 2007
On Mon, Mar 26, 2007 at 10:31:07PM +0200, Nicolas RUFF wrote:
> > Just a quick comment. IIRC, using a fake GINA will prevent fast user
> > switching. If you're going for covertness, it's probably not the way to
> > go :)
>
> Fast User Switching does not work when joined to a domain. This is the
> most common scenario for pentesters, I think.
>
> One possible solution to avoid a reboot would be to hook exported
> function of MSGINA.DLL (or whatever GINA in place) that are called back
> on cleartext password manipulation (log in, unlock workstation).
>
> BTW, having a DLL hooking framework in Metasploit would allow other
> great things (such as SSL sniffing :) Some of the Meterpreter code could
> be reused maybe.
Well, you can use meterpreter to do hooking in already running
processes. It supports allocating/reading/writing memory. Only thing
that would be needed to do it right would be a disassembler. The Nasm
wrapper in Rex could potentially be used for that.
More information about the framework
mailing list