Winlogon Password-logger /w Termsvc Supp. Xp/2003

Full Version: Winlogon Password-logger /w Termsvc Supp. Xp/2003

GovernmentSecurity.org > System Security > Windows Systems

Bombers

Feb 28 2005, 01:44 AM

Hi, im searching for a winlogon password-logger that runs as service or as a fake Gina-DLL
It must be compatible with Terminal Service... (Especially 2003 and XP)... I searched months for this without any good results (All loggers ive found don't log TermService or giving an error like this: You cannot initiate a Remote Desktop Connection because the Windows logon software on the remote computer has been replaced by incompatible software <fakeginadll>)

All Help Welcome!!
Thanks in advanced!

Anarchiste

Feb 28 2005, 09:17 AM

Hi!If you want your private Gina translate this PAPER
and make it

...I am working on, it is very interesting

Bombers

Feb 28 2005, 10:53 AM

Many thanks for your help but im not able to code these things my own ;/
maybe someone else know a good gina?

kooops

Feb 28 2005, 01:06 PM

You can use Vanquish rootkit, it will log the username and password

Ecko

Mar 2 2005, 08:45 PM

QUOTE(kooops @ Feb 28 2005, 01:06 PM)

You can use Vanquish rootkit, it will log the username and password

noton terminal server!

Bombers

Mar 3 2005, 08:33 AM

to bad it's all not working on XP/2003 TS ;/

Killaloop

Mar 3 2005, 09:40 AM

it has taken me 10 minutes to code a working gina.dll for nt4.0 upto 2k3 including xp sp2.
works with terminal service of course.
all the info you need can be found using google.
actually you don't even need to know C/C++ to build your own.

nolimit

Mar 3 2005, 03:21 PM

You'll have to code your own to get term. serv.
If you want to hook it, then have fun, b/c hxdef hasn't even hooked terminal services yet as it's a unique hook in smss.exe. for regular logins, you can hook LsaLogonUser(Heh but don't try IAT hooking, it's all intra-moduler calls).

Or you could make a gina skeleton like killaloop, however You'd have to disable WFP for XP - 2k3 to overwrite the real gina.

Bombers

Mar 3 2005, 04:28 PM

I searched google.. wich leaded me to this page

http://www.codeproject.com/useritems/GINA_SPY.asp

It's a ginadll that works with XP/2003 TS

the only problem is this is a kind of demo or something cause it only logs first 4 caracters of the username and password... i also checked the source of this thing but it to hard for me to modify it because i dont understand this language.. I think you also need to do this with a Gina Skeletion... But i can't program so this is a really irritating problem for me

Really need a binary file

kooops

Mar 8 2005, 01:07 AM

logoner

Logoner is first AC application. It hooks winlogon.exe process
and captures user/domain/password combination to logfile winlogon.log
in the system directory. Version 0.0.2 is early release that doesn't work with
Terminal Services. If you're interested in source code, look in AttoCode
section on Logoner's home site.
To decrypt logfile you need to use logdec which is included together
with its source code in this package.

BUT NOT WITH TS :/

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Winlogon Password-logger /w Termsvc Supp. Xp/2003 GovernmentSecurity.org > System Security > Windows Systems Bombers Feb 28 2005, 01:44 AM Hi, im searching for a winlogon password-logger that runs as service or as a fake Gina-DLL It must be compatible with Terminal Service... (Especially 2003 and XP)... I searched months for this without any good results (All loggers ive found don't log TermService or giving an error like this: You cannot initiate a Remote Desktop Connection because the Windows logon software on the remote computer has been replaced by incompatible software <fakeginadll>) All Help Welcome!! Thanks in advanced! Anarchiste Feb 28 2005, 09:17 AM Hi!If you want your private Gina translate this PAPER and make it ...I am working on, it is very interesting Bombers Feb 28 2005, 10:53 AM Many thanks for your help but im not able to code these things my own ;/ maybe someone else know a good gina? kooops Feb 28 2005, 01:06 PM You can use Vanquish rootkit, it will log the username and password Ecko Mar 2 2005, 08:45 PM QUOTE(kooops @ Feb 28 2005, 01:06 PM) You can use Vanquish rootkit, it will log the username and password noton terminal server! Bombers Mar 3 2005, 08:33 AM to bad it's all not working on XP/2003 TS ;/ Killaloop Mar 3 2005, 09:40 AM it has taken me 10 minutes to code a working gina.dll for nt4.0 upto 2k3 including xp sp2. works with terminal service of course. all the info you need can be found using google. actually you don't even need to know C/C++ to build your own. nolimit Mar 3 2005, 03:21 PM You'll have to code your own to get term. serv. If you want to hook it, then have fun, b/c hxdef hasn't even hooked terminal services yet as it's a unique hook in smss.exe. for regular logins, you can hook LsaLogonUser(Heh but don't try IAT hooking, it's all intra-moduler calls). Or you could make a gina skeleton like killaloop, however You'd have to disable WFP for XP - 2k3 to overwrite the real gina. Bombers Mar 3 2005, 04:28 PM I searched google.. wich leaded me to this page http://www.codeproject.com/useritems/GINA_SPY.asp It's a ginadll that works with XP/2003 TS the only problem is this is a kind of demo or something cause it only logs first 4 caracters of the username and password... i also checked the source of this thing but it to hard for me to modify it because i dont understand this language.. I think you also need to do this with a Gina Skeletion... But i can't program so this is a really irritating problem for me Really need a binary file kooops Mar 8 2005, 01:07 AM logoner Logoner is first AC application. It hooks winlogon.exe process and captures user/domain/password combination to logfile winlogon.log in the system directory. Version 0.0.2 is early release that doesn't work with Terminal Services. If you're interested in source code, look in AttoCode section on Logoner's home site. To decrypt logfile you need to use logdec which is included together with its source code in this package. BUT NOT WITH TS :/ This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.