CTRL ALT & DEL in win NT/2K/XP
Results 1 to 6 of 6

Thread: CTRL ALT & DEL in win NT/2K/XP

  1. #1
    Junior Member
    Join Date
    Oct 2001
    Posts
    8

    CTRL ALT & DEL in win NT/2K/XP

    I have recently being writing a Visual basic program that requires that I prevent the event CTRL ALT DEL being envoked. Win 9x and ME I can prevent it but not in NT/2K/XP. I need to be able to catch the event use it but if anyone knows any VB code for even simply stopping it in these operating system please let me know although I assume if you can do it in one you can do it in them all. If you even have C/C++/Java code that can do it please pass it on to me.

    P.S Does anyone know any brute force admin password auditors other than L0pthcrack for WIN NT/2K/XP??

  2. #2
    Senior Member The Old Man's Avatar
    Join Date
    Aug 2001
    Posts
    364
    Hmmm, can't help you with an external blocking code. The ctr-alt-delete in NT/2k is meant for machines in a physically unsecure location to keep you from unknowingly opening an imposter window designed to capture your user name and password. That feature can be disabled from within the W2K Control Panel/Users&Passwords/Advanced. However, if the machine is part of a domain it cannot be disabled. If the machine is not connected to the network, or if it is just a piece of a workgroup, the ctl-alt-delete screen can be disabled. BTW, if you do disable *all* ctl-alt-del combination in NT it will probably disable the popup window that allows you to check the running programs and close them individually. Anything on this subject more technical is beyond my limited realm...

  3. #3
    Ol' Man's always right...
    Btw why do you need something else than L0Phtcrack to brute force?

  4. #4
    Member
    Join Date
    Aug 2001
    Posts
    69
    For the L0pht question;
    1. "John The Ripper" (Multi Platform)-> Cracks only the LanMan hashes, notify that JTR is case insensitive in cracking the hashes, so you may try to find the correct case mode yourself.
    2. Alec Muffet's "Crack 5" (UNIX platform), you will need the NT extensions with that prog.
    3. Paul Ashton's "LSA Secrets" might be helpful if you have local access.
    Try, Fail but Do iT at last!
    ASA The ZeroTimeR
    The Turkish IT Documentation Project

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    100
    I don't know how it should be possible to disable ctrl+alt+del but you can disable other win2000 system keys a.k. CTRL+ESC,ALT +TAB ,ALT+ESC with lowlevelkeyboard Hook procedure. normaly this should work with strg+alt+del but it doesn't ...

    ' in module
    Private Const WH_KEYBOARD_LL = 13 ' LowLevel

    Private Const VK_CONTROL = &H11
    Private Const VK_DELETE = &H2E
    Private Const VK_ESCAPE = &H1B
    Private Const VK_LCONTROL = &HA2
    Private Const VK_LEFT = &H25
    Private Const VK_LSHIFT = &HA0
    Private Const VK_LWIN = &H5B
    Private Const VK_RCONTROL = &HA3
    Private Const VK_RSHIFT = &HA1
    Private Const VK_RWIN = &H5C
    Private Const VK_SHIFT = &H10 'Left and right SHIFT keys
    Private Const VK_TAB = &H9
    Private Const VK_MENU = &H12 'ALT key
    Private Const VK_CANCEL = &H3
    Private Type KBDLLHOOKSTRUCT
    vkCode As Long ' virtual key code
    scanCode As Long ' scan code
    flags As Long ' flags
    time As Long ' time stamp for thismessage
    dwExtraInfo As Long ' extra info from
    ' the driver or keybd_event
    End Type
    Private Const LLKHF_ALTDOWN = 32
    Private Const HC_ACTION = 0
    Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer
    Private Declare Function GetKeyState Lib "user32" (ByVal nVirtKey As Long) As Integer
    Private Declare Function CallNextHookEx Lib "user32" (ByVal hHook As Long, ByVal ncode As Long, ByVal wParam As Long, lParam As Any) As Long
    Private Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" (ByVal idHook As Long, ByVal lpfn As Long, ByVal hmod As Long, ByVal dwThreadId As Long) As Long
    Private Declare Function UnhookWindowsHookEx Lib "user32" (ByVal hHook As Long) As Long
    Private Declare Sub CopyStructFromPtr Lib "kernel32" Alias "RtlMoveMemory" (struct As Any, ByVal ptr As Long, ByVal cb As Long)

    Private hHook As Long
    Private CTRLDown As Boolean
    Private pkbhs As KBDLLHOOKSTRUCT

    ' wParam - Specifies the identifier of the
    ' keyboard message.
    ' This parameter can be one of the
    ' following messages:
    ' WM_KEYDOWN,WM_KEYUP,WM_SYSKEYDOWN,
    ' or WM_SYSKEYUP.
    ' lParam - pointer to KBDLLHOOKSTRUCT structure

    Private Function LowLevelKeyboardProc(ByVal idHook As Integer, ByVal wParam As Long, ByVal lParam As Long) As Long
    CTRLDown = False
    CopyStructFromPtr pkbhs, lParam, Len(pkbhs)
    Select Case idHook
    Case HC_ACTION
    If (GetAsyncKeyState(VK_CONTROL) And &HF0000000) Then CTRLDown = True
    ' Disable CTRL + ESC :
    If (pkbhs.vkCode = VK_ESCAPE And CTRLDown) Then
    LowLevelKeyboardProc = 1
    Exit Function
    End If
    ' Disable ATL+TAB
    If (pkbhs.vkCode = VK_TAB And (pkbhs.flags And LLKHF_ALTDOWN)) Then
    LowLevelKeyboardProc = 1
    Exit Function
    End If
    'Disable ALT+ESC
    If (pkbhs.vkCode = VK_ESCAPE And (pkbhs.flags And LLKHF_ALTDOWN)) Then
    LowLevelKeyboardProc = 1
    Exit Function
    End If
    ' Disable the WINDOWS key
    If (pkbhs.vkCode = VK_LWIN Or pkbhs.vkCode = VK_RWIN) Then
    LowLevelKeyboardProc = 1
    Exit Function
    End If
    If (pkbhs.vkCode = VK_CANCEL) Then ' disable ctrl + break
    LowLevelKeyboardProc = 1
    Exit Function
    End If
    'call the next hook
    LowLevelKeyboardProc = CallNextHookEx(hHook, idHook, wParam, ByVal lParam)
    Case Else
    'call the next hook
    LowLevelKeyboardProc = CallNextHookEx(hHook, idHook, wParam, ByVal lParam)
    End Select
    End Function

    Public Sub HookKeyboard()
    hHook = SetWindowsHookEx(WH_KEYBOARD_LL, _
    AddressOf LowLevelKeyboardProc, _
    App.hInstance, 0&)
    End Sub
    Public Sub UnHookKeyboard()
    'remove the windows-hook
    UnhookWindowsHookEx hHook
    End Sub



    'In a form:
    Private Sub Form_Load()
    HookKeyboard
    End Sub

    Private Sub Form_Unload(Cancel As Integer)
    UnHookKeyboard
    End Sub

    mfg meister
    ------------------------------------------------------------------------------------------------------------------------
    "Knowledge is the real power"
    \"Knowledge is the Real Power\"

  6. #6
    Junior Member
    Join Date
    Oct 2001
    Posts
    8
    Thanks very much, thats great!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides