Metasploit mailing list archives

Fake Gina

From: jerome.athias at free.fr (Jerome Athias)
Date: Sun, 25 Mar 2007 20:41:16 +0200

actualy i use this:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"="mscad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SAS_S"=dword:00000001

and i wait a reboot
i didn't go further on it but maybe we can find a way to have it working 
on the fly
i will test it

H D Moore wrote :

This sounds like a good idea. Whats the process for loading the new Gina? 
Can you load it at runtime, or do you need to update the registry entry 
and reboot? If you load it at runtime, how is this injected? Can you 
share your implementation?

-HD

Current thread:

Fake Gina Jerome Athias (Mar 25)
- Fake Gina H D Moore (Mar 25)
  - Fake Gina Jerome Athias (Mar 25)
    - Fake Gina mmiller at hick.org (Mar 25)
    - Fake Gina Nicolas RUFF (Mar 26)
    - Fake Gina ryan underwood (Mar 26)
    - Fake Gina Nicob (Mar 26)
    - Fake Gina mmiller at hick.org (Mar 26)
- <Possible follow-ups>
- Fake Gina 0x90 at hushmail.com (Mar 25)