Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
[new] mimilib now supports DHCP Callout, DNS Plugin, Coffee
- Loading branch information
1 parent
4c70f14
commit 22eaf29
Showing
14 changed files
with
2,458 additions
and
19 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
1,799
inc/cardmod.h
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
/* Benjamin DELPY `gentilkiwi` | ||
http://blog.gentilkiwi.com | ||
benjamin@gentilkiwi.com | ||
Licence : https://creativecommons.org/licenses/by/4.0/ | ||
*/ | ||
#include "kdhcp.h" | ||
|
||
HMODULE kdhcp_nextLibrary = NULL; | ||
LPDHCP_NEWPKT kdhcp_nextLibraryCalloutNewPkt = NULL; | ||
|
||
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved) | ||
{ | ||
if((ul_reason_for_call == DLL_PROCESS_DETACH) && kdhcp_nextLibrary) | ||
FreeLibrary(kdhcp_nextLibrary); | ||
return TRUE; | ||
} | ||
|
||
DWORD CALLBACK kdhcp_DhcpServerCalloutEntry(IN LPWSTR ChainDlls, IN DWORD CalloutVersion, IN OUT LPDHCP_CALLOUT_TABLE CalloutTbl) | ||
{ | ||
LPDHCP_ENTRY_POINT_FUNC nextEntry; | ||
RtlZeroMemory(CalloutTbl, sizeof(DHCP_CALLOUT_TABLE)); | ||
|
||
if(ChainDlls) | ||
if(kdhcp_nextLibrary = LoadLibrary(ChainDlls)) | ||
if(nextEntry = (LPDHCP_ENTRY_POINT_FUNC) GetProcAddress(kdhcp_nextLibrary, DHCP_CALLOUT_ENTRY_POINT)) | ||
nextEntry(ChainDlls + lstrlenW(ChainDlls) + 1, CalloutVersion, CalloutTbl); | ||
|
||
if(CalloutTbl->DhcpNewPktHook) | ||
kdhcp_nextLibraryCalloutNewPkt = CalloutTbl->DhcpNewPktHook; | ||
CalloutTbl->DhcpNewPktHook = kdhcp_DhcpNewPktHook; | ||
|
||
return ERROR_SUCCESS; | ||
} | ||
|
||
const BYTE macToBlack[][MAC_ADDRESS_SIZE] = { | ||
{0x00, 0x0c, 0x29, 0x00, 0x00, 0x00}, | ||
{0x00, 0x50, 0x56, 0x00, 0x00, 0x00} | ||
}; | ||
DWORD CALLBACK kdhcp_DhcpNewPktHook(IN OUT LPBYTE *Packet, IN OUT DWORD *PacketSize, IN DWORD IpAddress, IN LPVOID Reserved, IN OUT LPVOID *PktContext, OUT LPBOOL ProcessIt) | ||
{ | ||
DWORD status = ERROR_SUCCESS, m; | ||
*ProcessIt = TRUE; | ||
|
||
for(m = 0; m < ARRAYSIZE(macToBlack); m++) | ||
{ | ||
if(RtlEqualMemory(*Packet + MAC_SOURCE_ADDRESS_OFFSET, macToBlack[m], MAC_ADDRESS_SIZE / 2)) // just the start of the address | ||
{ | ||
*ProcessIt = FALSE; | ||
status = DHCP_DROP_INVALID; | ||
break; | ||
} | ||
} | ||
if(kdhcp_nextLibraryCalloutNewPkt && *ProcessIt) | ||
status = kdhcp_nextLibraryCalloutNewPkt(Packet, PacketSize, IpAddress, Reserved, PktContext, ProcessIt); | ||
return status; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
/* Benjamin DELPY `gentilkiwi` | ||
http://blog.gentilkiwi.com | ||
benjamin@gentilkiwi.com | ||
Licence : https://creativecommons.org/licenses/by/4.0/ | ||
*/ | ||
#include "utils.h" | ||
#include <dhcpssdk.h> | ||
|
||
#define MAC_ADDRESS_SIZE 6 | ||
#define MAC_SOURCE_ADDRESS_OFFSET 28 | ||
|
||
BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved); | ||
DWORD CALLBACK kdhcp_DhcpServerCalloutEntry(IN LPWSTR ChainDlls, IN DWORD CalloutVersion, IN OUT LPDHCP_CALLOUT_TABLE CalloutTbl); | ||
DWORD CALLBACK kdhcp_DhcpNewPktHook(IN OUT LPBYTE *Packet, IN OUT DWORD *PacketSize, IN DWORD IpAddress, IN LPVOID Reserved, IN OUT LPVOID *PktContext, OUT LPBOOL ProcessIt); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
/* Benjamin DELPY `gentilkiwi` | ||
http://blog.gentilkiwi.com | ||
benjamin@gentilkiwi.com | ||
Licence : https://creativecommons.org/licenses/by/4.0/ | ||
*/ | ||
#include "kdns.h" | ||
|
||
DWORD WINAPI kdns_DnsPluginInitialize(PLUGIN_ALLOCATOR_FUNCTION pDnsAllocateFunction, PLUGIN_FREE_FUNCTION pDnsFreeFunction) | ||
{ | ||
return ERROR_SUCCESS; | ||
} | ||
|
||
DWORD WINAPI kdns_DnsPluginCleanup() | ||
{ | ||
return ERROR_SUCCESS; | ||
} | ||
|
||
DWORD WINAPI kdns_DnsPluginQuery(PSTR pszQueryName, WORD wQueryType, PSTR pszRecordOwnerName, PDB_RECORD *ppDnsRecordListHead) | ||
{ | ||
FILE * kdns_logfile; | ||
#pragma warning(push) | ||
#pragma warning(disable:4996) | ||
if(kdns_logfile = _wfopen(L"kiwidns.log", L"a")) | ||
#pragma warning(pop) | ||
{ | ||
klog(kdns_logfile, L"%S (%hu)\n", pszQueryName, wQueryType); | ||
fclose(kdns_logfile); | ||
} | ||
return ERROR_SUCCESS; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
/* Benjamin DELPY `gentilkiwi` | ||
http://blog.gentilkiwi.com | ||
benjamin@gentilkiwi.com | ||
Licence : https://creativecommons.org/licenses/by/4.0/ | ||
*/ | ||
#pragma once | ||
#include "utils.h" | ||
|
||
#define PLUGIN_ALLOCATOR_FUNCTION PVOID | ||
#define PLUGIN_FREE_FUNCTION PVOID | ||
#define PDB_RECORD PVOID | ||
|
||
DWORD WINAPI kdns_DnsPluginInitialize(PLUGIN_ALLOCATOR_FUNCTION pDnsAllocateFunction, PLUGIN_FREE_FUNCTION pDnsFreeFunction); | ||
DWORD WINAPI kdns_DnsPluginCleanup(); | ||
DWORD WINAPI kdns_DnsPluginQuery(PSTR pszQueryName, WORD wQueryType, PSTR pszRecordOwnerName, PDB_RECORD *ppDnsRecordListHead); | ||
// DnsPluginQuery2 | ||
// DnsPluginQueryZoneScope | ||
// DnsPluginQueryServerScope | ||
// DnsPluginQueryCacheScope |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,20 @@ | ||
LIBRARY | ||
EXPORTS | ||
startW = kappfree_startW | ||
|
||
SpLsaModeInitialize = kssp_SpLsaModeInitialize | ||
|
||
InitializeChangeNotify = kfilt_InitializeChangeNotify | ||
PasswordChangeNotify = kfilt_PasswordChangeNotify | ||
|
||
WinDbgExtensionDllInit = WinDbgExtensionDllInit | ||
ExtensionApiVersion = ExtensionApiVersion | ||
|
||
mimikatz = mimikatz | ||
WinDbgExtensionDllInit = kdbg_WinDbgExtensionDllInit | ||
ExtensionApiVersion = kdbg_ExtensionApiVersion | ||
coffee = kdbg_coffee | ||
mimikatz = kdbg_mimikatz | ||
|
||
DnsPluginInitialize = kdns_DnsPluginInitialize | ||
DnsPluginCleanup = kdns_DnsPluginCleanup | ||
DnsPluginQuery = kdns_DnsPluginQuery | ||
|
||
DhcpServerCalloutEntry = kdhcp_DhcpServerCalloutEntry | ||
DhcpNewPktHook = kdhcp_DhcpNewPktHook |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters