<a href="http://3.bp.blogspot.com/-w1TWIH0VmMU/YTVKoFtzVYI/AAAAAAAAt1U/Rc1XoXgIzw0KwG4SRi4foI0Aq9_Lm0x_wCK4BGAYYCw/s1600/PyHook_1_Demo-754513.gif" style="text-align: center;"><img alt="" border="0" height="328" id="BLOGGER_PHOTO_ID_7004586848034182530" src="http://3.bp.blogspot.com/-w1TWIH0VmMU/YTVKoFtzVYI/AAAAAAAAt1U/Rc1XoXgIzw0KwG4SRi4foI0Aq9_Lm0x_wCK4BGAYYCw/w640-h328/PyHook_1_Demo-754513.gif" width="640" /></a> PyHook is the python implementation of my <a href="https://github.com/IlanKalendarov/SharpHook" rel="nofollow" target="_blank" title="SharpHook">SharpHook</a> project, It uses various API hooks in order to give us the desired credentials. PyHook Uses <a href="https://www.kitploit.com/search/label/Frida" target="_blank" title="frida">frida</a> to inject it's dependencies into the target process<a name='more'></a> Supported Processes <table> <tr> <th>Process</th> <th>API Call</th> <th>Description</th> <th>Progress</th> </tr> <tr> <td>mstsc</td> <td><code>CredUnPackAuthenticationBufferW</code></td> <td>This will hook into mstsc and should give you <a href="https://www.kitploit.com/search/label/Username" target="_blank" title="Username">Username</a> and Password</td> <td>DONE</td> </tr> <tr> <td>runas</td> <td><code>CreateProcessWithLogonW</code></td> <td>This will hook into runas and should give you Username, Password and the domain name</td> <td>DONE</td> </tr> <tr> <td>cmd</td> <td><code>RtlInitUnicodeStringEx</code></td> <td>This should hook into cmd and then would be able to filter keywords like: PsExec,password etc..</td> <td>DONE</td> </tr> <tr> <td>MobaXterm</td> <td><code>CharUpperBuffA</code></td> <td>This will hook into <a href="https://www.kitploit.com/search/label/MobaXterm" target="_blank" title="MobaXterm">MobaXterm</a> and should give you <a href="https://www.kitploit.com/search/label/Credentials" target="_blank" title="credentials">credentials</a> for SSH and RDP logins</td> <td>DONE</td> </tr> <tr> <td>explorer (UAC Prompt)</td> <td><code>CredUnPackAuthenticationBufferW</code></td> <td>This will hook into explorer and should give you Username, Password and the Domain name from the UAC Prompt</td> <td>DONE</td> </tr> </table> Link my blog post covering this topic: <a href="https://ilankalendarov.github.io/posts/offensive-hooking" rel="nofollow" target="_blank" title="https://ilankalendarov.github.io/posts/offensive-hooking">https://ilankalendarov.github.io/posts/offensive-hooking</a> <div style="text-align: center;"><a class="kiploit-download" href="https://github.com/IlanKalendarov/PyHook" rel="nofollow" target="_blank" title="Download PyHook">Download PyHook</a></div>

Tag

#PyHook