fr33project

DOWNLOAD

MWNTLC: Modifying Windows NT Logon Credential - Hernán Ochoa
This is the tool that has been made with the paper indications, because i do not have any
Windows 2000 around, I will park the proyect till i can continue it, the tool is incomplete but
the library insertion in the LSASS memory is working nicely (is similar to the method used in
piathook, but CreateRemoteThread + JMP TO DLL is used instead).

ZwCreateToken from System: Tool ported to C, based in the example named at
Windows NT - 2K Native API Reference.pdf of how to obtain the SYSTEM privileges from the users space using the NATIVE API ZwCreateToken.

P.D.: The msv1_0.dll at Windows 2000 has MsvValidateTarget at the EXPORT DIRECTORY
and also in W2K3 has LsaApMsInitialize (possible future reversing of the library.) from the new one of Windows 2003 the ordinals are a greater number.

P.D.(2): I have not been able to test any of both tools so I will not check that are working.