Location:
Search - lsass
Search list
Description: cmdbind利用远程线程和管道在LSASS.EXE中建立远程线程把
cmd.exe绑定到7597端口-cmdbind remote threads in the pipeline and establish remote email thread binds to put cmd.exe 7597 port
Platform: |
Size: 73637 |
Author: 陈东升 |
Hits:
Description: 该程序用于在用户登陆状态下获取用户的登陆密码。原理是windows 2003 将用户的密码存储在 lsass.exe 的指定偏移的内存中。通过对该进程内存的扫描即可获取系统密码。-the procedure for landing on a user's state of the user's password landing. The principle is windows 2003 to the password stored in the designated offset lsass.exe memory China. Through the process of memory can be obtained by scanning system password.
Platform: |
Size: 2899 |
Author: xpan |
Hits:
Description: samdump.c调用LsaQueryInformationPolicy()获取主机SID,未调用LsaFreeMemory()
释放内存,造成lsass.exe进程空间的内存泄漏。此外,需要引入advapi32.lib-samdump.c call LsaQueryInformationPolicy () access to mainframe SID, did not call LsaFreeMemory () to release memory, lsass.exe process space caused the memory leak. In addition, the need to introduce advapi32.lib
Platform: |
Size: 9046 |
Author: 立井伯 |
Hits:
Description: 这是最近写的磁碟机(Lsass&Smss)PE下的批处理清除程序,Kill.bat是杀毒程序,在WinPE下运行,(用前要用记事本把里面Kill.bat那个用户名改成你自己的)。Restore.reg是用于恢复安全模式注册表项的。
Platform: |
Size: 1094 |
Author: webdisk007 |
Hits:
Description: 本软件为lsass.exe和smss.exe病毒(暂定名)的专杀工具,基于恶意软件查杀助理辅助工具的查杀引擎,并专门针对该病毒作了强化,支持扫描rar格式和自解压格式,支持扫描被感染的应用程序与网页文件,能比较有效的查杀该病毒。
Platform: |
Size: 665371 |
Author: super |
Hits:
Description: cmdbind利用远程线程和管道在LSASS.EXE中建立远程线程把
cmd.exe绑定到7597端口-cmdbind remote threads in the pipeline and establish remote email thread binds to put cmd.exe 7597 port
Platform: |
Size: 73728 |
Author: 陈东升 |
Hits:
Description: 该程序用于在用户登陆状态下获取用户的登陆密码。原理是windows 2003 将用户的密码存储在 lsass.exe 的指定偏移的内存中。通过对该进程内存的扫描即可获取系统密码。-the procedure for landing on a user's state of the user's password landing. The principle is windows 2003 to the password stored in the designated offset lsass.exe memory China. Through the process of memory can be obtained by scanning system password.
Platform: |
Size: 3072 |
Author: xpan |
Hits:
Description: samdump.c调用LsaQueryInformationPolicy()获取主机SID,未调用LsaFreeMemory()
释放内存,造成lsass.exe进程空间的内存泄漏。此外,需要引入advapi32.lib-samdump.c call LsaQueryInformationPolicy () access to mainframe SID, did not call LsaFreeMemory () to release memory, lsass.exe process space caused the memory leak. In addition, the need to introduce advapi32.lib
Platform: |
Size: 9216 |
Author: 立井伯 |
Hits:
Description: 这是最近写的磁碟机(Lsass&Smss)PE下的批处理清除程序,Kill.bat是杀毒程序,在WinPE下运行,(用前要用记事本把里面Kill.bat那个用户名改成你自己的)。Restore.reg是用于恢复安全模式注册表项的。-This is a recent drive (Lsass
Platform: |
Size: 1024 |
Author: webdisk007 |
Hits:
Description: 本软件为lsass.exe和smss.exe病毒(暂定名)的专杀工具,基于恶意软件查杀助理辅助工具的查杀引擎,并专门针对该病毒作了强化,支持扫描rar格式和自解压格式,支持扫描被感染的应用程序与网页文件,能比较有效的查杀该病毒。-The software for lsass.exe and smss.exe virus (tentative name) of专杀工具, based on the malicious software killing Assistant aids killing the engine, and specifically for the virus were made to strengthen and support the scanning formats and self-extracting rar formats, support for scanning infected files and Web applications can be more effective killing of the virus.
Platform: |
Size: 665600 |
Author: super |
Hits:
Description: 3389任意登陆源码-3389
Platform: |
Size: 4096 |
Author: huang |
Hits:
Description: mimikatz:从Lsass进程中抓取Windows登陆明文密码 (源代码)-mimikatz: Lsass process grab the Windows login password in clear text (source code)
Platform: |
Size: 19456 |
Author: 觉得 |
Hits:
Description: 逆向sekurlsa.dll_实现读内存获得开机密码
不用注入,读lsass内存数据即可。以前说的失败什么的大多是注入方式时候安全软件
给拦截了。而读内存皆可。在我的Win 7,WinXP3,Win2K3(均 32位系统)均可正常显示。
只是不论注入还是读内存都要对lsass进程操作,需要一定权限。-The read memory reverse sekurlsa.dll_ achieve obtained boot password without injection, read lsass memory data. Previously said failure mostly is injected into the way when the security software to intercept. Read memory can. Win 7, WinXP3, Win2K3 (both 32-bit systems) can be displayed properly. Just either injected or read memory must lsass process operation requires a certain permission.
Platform: |
Size: 145408 |
Author: ljh |
Hits:
Description: Windows内核级调试器源码,可以直接获取本地用户登录密码,对XP, 2003. WIN7下管理员密码 都可以直接捕获。还有其他功能-mimikatz: Tool To Recover Cleartext Passwords From Lsass
Platform: |
Size: 563200 |
Author: 缘灭 |
Hits:
Description: 在本地开辟后门,监听TCP 5554端口,做为FTP服务器等待远程控制命令。病毒以FTP的形式提供文件传送。黑客可以通过这个端口偷窃用户机器的文件和其他信息。 病毒开辟128个扫描线程。以本地IP地址为基础,取随机IP地址,疯狂的试探连接445端口,试图利用Windows目录下的Lsass.exe中存在一个缓冲区溢出漏洞进行攻击,一旦攻击成功会导致对方机器感染此病毒并进行下一轮的传播,攻击失败也会造成对方机器的缓冲区溢出,导致对方机器程序非法操作,以及系统异常等。-Open the back door in the local, monitor TCP port 5554, as a FTP server for the remote control command. Virus provides file transfer in the form of FTP. Hackers can steal user machine through the port of documents and other information. Virus scan thread open 128. To the local IP address as the foundation, take a random IP address, crazy test connection port 445, try to use the Windows directory under the Lsass.exe in the presence of a buffer overflow attack, once the attack success will lead to other machines infected with the virus and spread the next round of attacks failed, also will cause the other machine buffer buffer overflow, led to the other machine program of illegal operations, as well as the system abnormality.
Platform: |
Size: 2048 |
Author: 张得帅 |
Hits:
Description: rx sourcecode, optix lsass scan
Platform: |
Size: 661504 |
Author: keklol |
Hits: