Instead I’ll focus on how the Credential Provider Model works. I won’t go over how GINA handled the authentication process, although if i get enough requests I might detail that in another post. At this point I should probably thank my girlfriend for putting up with my obsessive programming and constant cursing. To get a credential provider to do exactly what I want took probably a good 40 hours. From what I remember creating a GINA stub dll to log Windows credentials took me probably 3 hours. Frankly in a way Credential Providers are a lot easier to work with, but in another (probably more accurate way) they’re a huge pain in the ass to create our nefarious dll. Microsoft claims the reasoning behind this is to make it easier for developers to meet the demands for next generation authentication technologies (like biometrics, two factor and single sign on).
Now to customize the logon experience you have to implement a Credential Provider, this is true for Windows Vista and newer (). Microsoft in their infinite wisdom decided to completely change the API and move away from GINA and the GINA model. In the past you could choose to write your own GINA dll from scratch, or you could simply ‘extend’ the functionality of other GINA modules by creating a GINA stub dll. GINA is the Graphical Identification and Authentication component of Windows and handles the logon screen that we’re all familiar with. I’ve had a custom GINA stub dll that’s worked great for a while that I wrote years ago, it works with Windows 2000, XP and 2003. The only thing that wasn’t working was the ability to log credentials typed in when a user first logs in to Windows. I started testing my rootkit on a windows 7 box and luckily most of it worked. Simply copy the dll to the system32 directory and run the included register.reg script to create the necessary registry settings. The credentials are logged to a file located at c:\cplog.txt. The quick lowdown: I wrote a DLL capable of logging the credentials entered at logon for Windows Vista, 7 and future versions which you can download at.
0 kommentar(er)
