Metasploit mailing list archives
Fake Gina
From: mmiller at hick.org (mmiller at hick.org)
Date: Sun, 25 Mar 2007 12:23:24 -0700
On Sun, Mar 25, 2007 at 08:41:16PM +0200, Jerome Athias wrote:
actualy i use this: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "GinaDLL"="mscad.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "SAS_S"=dword:00000001 and i wait a reboot i didn't go further on it but maybe we can find a way to have it working on the fly i will test it
Just a quick comment. IIRC, using a fake GINA will prevent fast user switching. If you're going for covertness, it's probably not the way to go :) Then again, writing the GINA DLL to disk in the first place wouldn't be too covert. If you're not all that worried about covertness, I could see how it'd be useful.
Current thread:
- Fake Gina Jerome Athias (Mar 25)
- <Possible follow-ups>
- Fake Gina 0x90 at hushmail.com (Mar 25)