(for Windows NT 4.0 / 2000)
FakeGINA intercepts the communication between Winlogon and the normal GINA, and while doing this it captures all successful logins (domain, username, password) and writes them to a text file.
Download the zip file and extract the DLL. Copy it to the system32 directory (on most systems c:\winnt\system32). Next start regedt32 and go to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon". Look for a value called "GinaDLL". If this value exists and contains something else than "msgina" or "msgina.dll", please do not continue the installation process. If the value doesn't exist, create "GinaDLL" as a "REG_SZ" and set it to "fakegina.dll". If it does exist and is "msgina" or "msgina.dll", then change it to "fakegina.dll". The next time the system is rebooted, FakeGINA will start to capture passwords into the text file "passlist.txt", which will be located in the system32 directory.
A malfunctioning GINA has the potential to make it impossible to start a Windows NT/2000 system. Please be aware of this and use FakeGINA at your own risk!
Q: I already have to be an Administrator to install FakeGINA, so what is it useful for?
A: FakeGINA shows at least one very important thing - one should never use the same password on more than one system. If one system is compromised, the attacker might use something like FakeGINA to capture all the passwords, and then use them against other systems.
Q: Why does my antivirus program say there is a virus in FakeGINA?
A: Probably because some antivirus programs call all hacking tools, backdoors and trojans "viruses". There is no functionality in FakeGINA except from what is described here and it is definately not a virus.
Q: Is it possible to change the name of the output file?
A: There is no custom tool for it, but with a hex editor you can do it (at least to a file name length similar to the default one).
Q: I have a question that is not covered here. Where can I get help?
A: Send me
your question. I can't promise that I will have time to answer, but I'll do my best.