winlogonhijack-v0.3-src injects a dll into winlogon 联合开发网

Pudn.com > 下载中心 > 钩子与API截获 > winlogonhijack-v0.3-src

winlogonhijack-v0.3-src

所属分类：钩子与API截获
开发工具：Visual C++
文件大小：109KB
下载次数：144
上传日期：2004-07-12 09:24:58
上传者：管理员

说明： injects a dll into winlogon.exe and hooks msgina.WlxLoggedOutSAS, logging every login in plaintext.

文件列表:

winlogonhijack\HookDll\hook.c (6089, 2003-12-23)
winlogonhijack\HookDll\hook.h (1820, 2003-12-23)
winlogonhijack\HookDll\HookDll.dsp (4590, 2003-12-23)
winlogonhijack\HookDll\HookDll.plg (1228, 2003-12-23)
winlogonhijack\HookDll\LDE32.OBJ (2610, 2001-01-07)
winlogonhijack\HookDll\libeay32.lib (546826, 2003-04-17)
winlogonhijack\HookDll\log.c (2000, 2003-12-23)
winlogonhijack\HookDll\log.h (366, 2003-12-23)
winlogonhijack\HookDll\maindll.c (2330, 2003-12-23)
winlogonhijack\HookDll\maindll.h (936, 2003-12-23)
winlogonhijack\HookDll\openssl (0, 2003-12-23)
winlogonhijack\HookDll\wlxloggedoutsas.h (1267, 2003-12-23)
winlogonhijack\HookDll (0, 2003-12-23)
winlogonhijack\Injector\injector.c (6933, 2003-12-23)
winlogonhijack\Injector\Injector.dsp (4428, 2003-12-23)
winlogonhijack\Injector\injector.h (1420, 2003-12-23)
winlogonhijack\Injector\Injector.plg (252, 2003-12-23)
winlogonhijack\Injector\main.c (4645, 2003-12-23)
winlogonhijack\Injector (0, 2003-12-23)
winlogonhijack\Logdecode\libeay32.lib (546826, 2003-04-17)
winlogonhijack\Logdecode\Logdecode.dsp (4313, 2003-12-23)
winlogonhijack\Logdecode\Logdecode.plg (252, 2003-12-23)
winlogonhijack\Logdecode\main.c (1972, 2003-12-23)
winlogonhijack\Logdecode\openssl (0, 2003-12-23)
winlogonhijack\Logdecode (0, 2003-12-23)
winlogonhijack\winlogonhijack.dsw (948, 2003-12-23)
winlogonhijack\winlogonhijack.opt (60928, 2003-12-23)
winlogonhijack (0, 2003-12-23)
winlogonhijack\HookDll\openssl\rc4.h (3684, 2003-12-28)
winlogonhijack\HookDll\openssl\rc4.c (5370, 2003-12-28)
winlogonhijack\HookDll\openssl\opensslconf.h (3074, 2000-02-27)
winlogonhijack\Logdecode\openssl\rc4.h (3684, 2003-12-28)
winlogonhijack\Logdecode\openssl\rc4.c (5370, 2003-12-28)
winlogonhijack\Logdecode\openssl\opensslconf.h (3074, 2000-02-27)

WINLOGON Hijack v0.3 ---------------------- 1. What ? --------- This little tool intercepts winlogon logins by injecting a dll into the winlogon process and logs the username, password and domain to a file. 2. How to use ------------- Copy your dll to %systemroot% or %systemroot%\system32. run injector.exe like this: injector.exe dllname dllname can be just the filename (if it is in %systemroot% or system32) or it can be a path+filename. Once injected, the dll stays in the winlogon process until reboot. Logins get logged in %systemroot%\system32\mspwd.dll. 3. Changes ---------- Version 0.3: + Injector uses ntdll.LdrLoadDll instead of kernel32.LoadLibraryA. + User/password/domain log is encrypted with RC4. + Added a tool to decrypt the logfile. + Fixed the ***edup vc++ project (it created weird empty dirs). - Still no terminal services logins captured Version 0.2: + Injector now automatically injects all "winlogon.exe" processes + Code should be stabler on XP - No terminal services logins captured - No password changes captured Version 0.1: - Injector needs pid for injection + Using 'extended code overwrite method' for hooking as descriped in HF's (http://hxdef.czweb.org/) hookingen.txt using LDE-32 from z0mbie (http://z0mbie.host.sk) 4. Comments ----------- Tested in WIN2K(SP3&SP4), WINXP SP1 & WIN3K, but it should work on NT 3.51 & NT4 also. If ya tested it on one of theze OS, lemme know if worked (or not). Bugs and comment are also welcome. Have fun ;) JeFFOsZ@1337.be

近期下载者：

相关文件：

评论：我要评论

收藏者：