This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 34%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
I am working on the Custom Windows Credential provider
I want to create a Passwordless Windows Credential Provider
So far I achieve this goal by saving the combination of
Into a hashed txt file in my pc. it will be saved somewhere in local PC (eg: C:\Temp\MyCredsDatabase.dat)
Then I authenticate those combination using KERB_INTERACTIVE_UNLOCK_LOGON like this
HRESULT CMyCredential::GetSerialization(
CREDENTIAL_PROVIDER_GET_SERIALIZATION_RESPONSE* pcpgsr,
CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs,
PWSTR* ppwszOptionalStatusText,
CREDENTIAL_PROVIDER_STATUS_ICON* pcpsiOptionalStatusIcon
)
{
...
KERB_INTERACTIVE_UNLOCK_LOGON kiul;
hr = KerbInteractiveUnlockLogonInit((PWSTR)wdomain.c_str(), (PWSTR)wusername.c_str(), (PWSTR)pwd.c_str(), _cpus, &kiul);
...
}
-------------------- QUESTION ------------------
I know this will be a security Leak if I implement this,
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXY%3C/text%3E%3C/svg%3E)
As the attached document said, To implement new security protocols that are integrated with the Windows Server and Windows operating systems, use the custom security package API and the Local Security Authority (LSA) functions. And There is a Google Custom Provider for Windows(GCPW) which implement custom authentication.
Thank you for your reply. Which mean, I am able to achieve my 1st question.
I know this is a stupid request but, what about the 2nd question, do you have any sample code to achieve that?
I haven't found the open repository about GCPW yet
After searching on Google about gcpw source code, the first item seems to be the source code. It seems Microsoft Custom Credentials Provider Samples don‘t involve custom security package.
Thank you, that's a helpful answer. I appreciate it
But sadly, I am looking for the Custom Security Package / Authentication Package sample code which is hard to find ._.
Google Custom Provider for Windows(GCPW) which let user login windows using Google account should be a custom security package sample.
Also, There is a custom Windows Security Package sample which even can extract plaintexts passwords.
Ah mimikatz. I've been there before
Thank you for explicitly answer my question
Tbh, since Windows defender consider it as malware, I have no interest to develop my custom mimikatz
But if that's one of the sample project about Windows Security Package, maybe I'll read that first
Hi there,
By default, Windows credentials are validated against the Security Accounts Manager (SAM) database on the local computer, or against Active Directory on a domain-joined computer, through the Winlogon service.
Credentials are collected through user input on the logon user interface or programmatically via the application programming interface (API) to be presented to the authenticating target.
I suppose you can use other tools like Google admin center to associate a user's existing Windows profile with their Google Account or any other tools that might do this.
--If the reply is helpful, please Upvote and Accept it as an answer--