Metasploit mailing list archives

Fake Gina

From: egryan1 at gmail.com (ryan underwood)
Date: Mon, 26 Mar 2007 17:06:44 -0400

Is their an artical or something that explains this trick, cause this is the
first time I have heard of using the gina.dll file for capturing usernames
and passwords

On 3/26/07, Nicolas RUFF <nicolas.ruff at gmail.com> wrote:

Just a quick comment.  IIRC, using a fake GINA will prevent fast user
switching.  If you're going for covertness, it's probably not the way to
go :)


Fast User Switching does not work when joined to a domain. This is the
most common scenario for pentesters, I think.

One possible solution to avoid a reboot would be to hook exported
function of MSGINA.DLL (or whatever GINA in place) that are called back
on cleartext password manipulation (log in, unlock workstation).

BTW, having a DLL hooking framework in Metasploit would allow other
great things (such as SSL sniffing :) Some of the Meterpreter code could
be reused maybe.

My .02,
- Nicolas RUFF

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070326/147e3c95/attachment.htm>

Current thread:

Fake Gina Jerome Athias (Mar 25)
- Fake Gina H D Moore (Mar 25)
  - Fake Gina Jerome Athias (Mar 25)
    - Fake Gina mmiller at hick.org (Mar 25)
    - Fake Gina Nicolas RUFF (Mar 26)
    - Fake Gina ryan underwood (Mar 26)
    - Fake Gina Nicob (Mar 26)
    - Fake Gina mmiller at hick.org (Mar 26)
- <Possible follow-ups>
- Fake Gina 0x90 at hushmail.com (Mar 25)