A suggestion: Instead of just dumping local password hashes or hashes from cached LDAP logins, why not "steal" the username and password straight from where it's input... WINLOGON / GINA. It is possible to create a custom version of MSGINA.DLL and tell Winlogon to use it [source].
I don't have enough programming knowledge / experience to code a replacement DLL for GINA myself, but perhaps someone else could?
The replacement for MSGINA.DLL could be "capture" the username and passwords of users who logon, write it to a text file, then use the method used by the USB Hacksaw to connect to gmail and send the usernames and passwords at certain intervals.
From what I've read, it would be possible to create a replacement for MSGINA.DLL, change the registry to point to the replacement (Avoiding the problem of Windows System File Protection), use the same method as the USB Hacksaw to run a service / program at logon which could periodically send the contents of the username and password file to the gmail account.
Obviously this would require administrator privileges, but I'm sure it's possible.
One other suggestion: A replacement screensaver which launches cmd.exe at the logon screen when a certain key combination is pressed? Again, just a simple screensaver, a small "backdoor" and a quick registry change.
--Psycho275
References for first suggestion:
http://msdn.microsoft.com/library/default....curity/gina.asp
http://msdn.microsoft.com/library/default....on_and_gina.asp
http://www.microsoft.com/technet/prodtechn...ity/msgina.mspx
http://msdn.microsoft.com/library/default....on_and_gina.asp
http://msdn.microsoft.com/msdnmag/issues/0...SecurityBriefs/
http://msdn2.microsoft.com/en-gb/library/aa375198.aspx
http://www.microsoft.com/technet/prodtechn...ity/msgina.mspx
http://en.wikipedia.org/wiki/GINA
http://en.wikipedia.org/wiki/Winlogon
