Password Filters
[0] are a way for organizations and governments to enforce stricter
password requirements on Windows Accounts than those available by
default in Active Directory Group Policy. It is also fairly documented
on how to Install and Register Password Filters
[1]. Basically what it boils down to is updating a registry key here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Notification
Packages
with the name of a DLL (without the extension) that you place in Windows\System32\
For National CCDC
earlier this year (2013), I created an installer and "evil pass filter"
that basically installed itself as a password filter and any time any
passwords changed it would store the change to a log file locally to the
victim (in clear text) as well as issue an HTTP basic auth POST to a
server I own with the username and password.
The full code can be found below. I'll leave the compiling up to you but
basically its slamming the code in Visual Studio, telling it its a DLL,
and clicking build for the architecture you are targeting (Make sure to
use the Internet Open access settings that make the most sense for the
environment you are using this in [2]).
==> Read More
Thursday, October 10, 2013
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment