-
March 31st, 2002, 07:11 PM
#1
Junior Member
CTRL ALT & DEL in win NT/2K/XP
I have recently being writing a Visual basic program that requires that I prevent the event CTRL ALT DEL being envoked. Win 9x and ME I can prevent it but not in NT/2K/XP. I need to be able to catch the event use it but if anyone knows any VB code for even simply stopping it in these operating system please let me know although I assume if you can do it in one you can do it in them all. If you even have C/C++/Java code that can do it please pass it on to me.
P.S Does anyone know any brute force admin password auditors other than L0pthcrack for WIN NT/2K/XP??
-
March 31st, 2002, 07:46 PM
#2
Hmmm, can't help you with an external blocking code. The ctr-alt-delete in NT/2k is meant for machines in a physically unsecure location to keep you from unknowingly opening an imposter window designed to capture your user name and password. That feature can be disabled from within the W2K Control Panel/Users&Passwords/Advanced. However, if the machine is part of a domain it cannot be disabled. If the machine is not connected to the network, or if it is just a piece of a workgroup, the ctl-alt-delete screen can be disabled. BTW, if you do disable *all* ctl-alt-del combination in NT it will probably disable the popup window that allows you to check the running programs and close them individually. Anything on this subject more technical is beyond my limited realm...
-
March 31st, 2002, 08:55 PM
#3
Member
Ol' Man's always right...
Btw why do you need something else than L0Phtcrack to brute force?
-
March 31st, 2002, 09:33 PM
#4
Member
For the L0pht question;
1. "John The Ripper" (Multi Platform)-> Cracks only the LanMan hashes, notify that JTR is case insensitive in cracking the hashes, so you may try to find the correct case mode yourself.
2. Alec Muffet's "Crack 5" (UNIX platform), you will need the NT extensions with that prog.
3. Paul Ashton's "LSA Secrets" might be helpful if you have local access.
-
April 1st, 2002, 12:01 PM
#5
Senior Member
I don't know how it should be possible to disable ctrl+alt+del but you can disable other win2000 system keys a.k. CTRL+ESC,ALT +TAB ,ALT+ESC with lowlevelkeyboard Hook procedure. normaly this should work with strg+alt+del but it doesn't ...
' in module
Private Const WH_KEYBOARD_LL = 13 ' LowLevel
Private Const VK_CONTROL = &H11
Private Const VK_DELETE = &H2E
Private Const VK_ESCAPE = &H1B
Private Const VK_LCONTROL = &HA2
Private Const VK_LEFT = &H25
Private Const VK_LSHIFT = &HA0
Private Const VK_LWIN = &H5B
Private Const VK_RCONTROL = &HA3
Private Const VK_RSHIFT = &HA1
Private Const VK_RWIN = &H5C
Private Const VK_SHIFT = &H10 'Left and right SHIFT keys
Private Const VK_TAB = &H9
Private Const VK_MENU = &H12 'ALT key
Private Const VK_CANCEL = &H3
Private Type KBDLLHOOKSTRUCT
vkCode As Long ' virtual key code
scanCode As Long ' scan code
flags As Long ' flags
time As Long ' time stamp for thismessage
dwExtraInfo As Long ' extra info from
' the driver or keybd_event
End Type
Private Const LLKHF_ALTDOWN = 32
Private Const HC_ACTION = 0
Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer
Private Declare Function GetKeyState Lib "user32" (ByVal nVirtKey As Long) As Integer
Private Declare Function CallNextHookEx Lib "user32" (ByVal hHook As Long, ByVal ncode As Long, ByVal wParam As Long, lParam As Any) As Long
Private Declare Function SetWindowsHookEx Lib "user32" Alias "SetWindowsHookExA" (ByVal idHook As Long, ByVal lpfn As Long, ByVal hmod As Long, ByVal dwThreadId As Long) As Long
Private Declare Function UnhookWindowsHookEx Lib "user32" (ByVal hHook As Long) As Long
Private Declare Sub CopyStructFromPtr Lib "kernel32" Alias "RtlMoveMemory" (struct As Any, ByVal ptr As Long, ByVal cb As Long)
Private hHook As Long
Private CTRLDown As Boolean
Private pkbhs As KBDLLHOOKSTRUCT
' wParam - Specifies the identifier of the
' keyboard message.
' This parameter can be one of the
' following messages:
' WM_KEYDOWN,WM_KEYUP,WM_SYSKEYDOWN,
' or WM_SYSKEYUP.
' lParam - pointer to KBDLLHOOKSTRUCT structure
Private Function LowLevelKeyboardProc(ByVal idHook As Integer, ByVal wParam As Long, ByVal lParam As Long) As Long
CTRLDown = False
CopyStructFromPtr pkbhs, lParam, Len(pkbhs)
Select Case idHook
Case HC_ACTION
If (GetAsyncKeyState(VK_CONTROL) And &HF0000000) Then CTRLDown = True
' Disable CTRL + ESC :
If (pkbhs.vkCode = VK_ESCAPE And CTRLDown) Then
LowLevelKeyboardProc = 1
Exit Function
End If
' Disable ATL+TAB
If (pkbhs.vkCode = VK_TAB And (pkbhs.flags And LLKHF_ALTDOWN)) Then
LowLevelKeyboardProc = 1
Exit Function
End If
'Disable ALT+ESC
If (pkbhs.vkCode = VK_ESCAPE And (pkbhs.flags And LLKHF_ALTDOWN)) Then
LowLevelKeyboardProc = 1
Exit Function
End If
' Disable the WINDOWS key
If (pkbhs.vkCode = VK_LWIN Or pkbhs.vkCode = VK_RWIN) Then
LowLevelKeyboardProc = 1
Exit Function
End If
If (pkbhs.vkCode = VK_CANCEL) Then ' disable ctrl + break
LowLevelKeyboardProc = 1
Exit Function
End If
'call the next hook
LowLevelKeyboardProc = CallNextHookEx(hHook, idHook, wParam, ByVal lParam)
Case Else
'call the next hook
LowLevelKeyboardProc = CallNextHookEx(hHook, idHook, wParam, ByVal lParam)
End Select
End Function
Public Sub HookKeyboard()
hHook = SetWindowsHookEx(WH_KEYBOARD_LL, _
AddressOf LowLevelKeyboardProc, _
App.hInstance, 0&)
End Sub
Public Sub UnHookKeyboard()
'remove the windows-hook
UnhookWindowsHookEx hHook
End Sub
'In a form:
Private Sub Form_Load()
HookKeyboard
End Sub
Private Sub Form_Unload(Cancel As Integer)
UnHookKeyboard
End Sub
mfg meister
------------------------------------------------------------------------------------------------------------------------
"Knowledge is the real power"
\"Knowledge is the Real Power\"
-
April 8th, 2002, 12:47 PM
#6
Junior Member
Thanks very much, thats great!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|