Is there anyway to bypass SAM database for windows to Login?

Ramon 26 Reputation points
2021-12-06T02:56:55.14+00:00

I am working on the Custom Windows Credential provider

I want to create a Passwordless Windows Credential Provider

So far I achieve this goal by saving the combination of

  1. Username
  2. Domain
  3. Password

Into a hashed txt file in my pc. it will be saved somewhere in local PC (eg: C:\Temp\MyCredsDatabase.dat)

Then I authenticate those combination using KERB_INTERACTIVE_UNLOCK_LOGON like this

HRESULT CMyCredential::GetSerialization(
CREDENTIAL_PROVIDER_GET_SERIALIZATION_RESPONSE* pcpgsr,
CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs,
PWSTR* ppwszOptionalStatusText,
CREDENTIAL_PROVIDER_STATUS_ICON* pcpsiOptionalStatusIcon
)
{
...
KERB_INTERACTIVE_UNLOCK_LOGON kiul;

hr = KerbInteractiveUnlockLogonInit((PWSTR)wdomain.c_str(), (PWSTR)wusername.c_str(), (PWSTR)pwd.c_str(), _cpus, &kiul);
...
}

-------------------- QUESTION ------------------
I know this will be a security Leak if I implement this,

  1. But is it possible for the my Custom Credential Provider to Authenticate based on my custom Database instead of SAM database?
    https://stackoverflow.com/questions/6289032/custom-windows-authentication-package?rq=1
  2. I already post the similar question in shttps://stackoverflow.com/questions/70150814/is-it-possible-to-bypass-the-password-to-login-to-window. One of user stated that I have to implement Custom SSP or AP https://msdn.microsoft.com/en-us/library/windows/desktop/aa375200(v=vs.85).aspx. But I haven't find any exact example how to implement that. Is Custom SSP / AP is the answer that I am looking for?
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,352 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,694 questions
{count} votes

Accepted answer
  1. Xiaopo Yang - MSFT 10,706 Reputation points Microsoft Vendor
    2021-12-07T03:26:25.543+00:00

    Google Custom Provider for Windows(GCPW) which let user login windows using Google account should be a custom security package sample.
    Also, There is a custom Windows Security Package sample which even can extract plaintexts passwords.


1 additional answer

Sort by: Most helpful
  1. Limitless Technology 39,181 Reputation points
    2021-12-09T08:47:00.81+00:00

    Hi there,

    By default, Windows credentials are validated against the Security Accounts Manager (SAM) database on the local computer, or against Active Directory on a domain-joined computer, through the Winlogon service.

    Credentials are collected through user input on the logon user interface or programmatically via the application programming interface (API) to be presented to the authenticating target.

    I suppose you can use other tools like Google admin center to associate a user's existing Windows profile with their Google Account or any other tools that might do this.


    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments