Professional Documents
Culture Documents
Obtaining User Credentials With PowerShell
Obtaining User Credentials With PowerShell
PowerShell
BY JAKO
01/18/2016 11:27 PM
In this article I will show you how to obtain victim's
credentials without cracking any hashes. There are a couple
of ways to perform this task (for example dumping the SAM
file and cracking the NTLM hashes), but here I will explain
how to do it using PowerShell and a bit of social engineering.
We are going to create a fake login popup.
Save the file as "evil" (or whatever you want) inside "/root/".
The performance is very simple, it launch a
username/password form, and when the user fill it and hit
enter, the credentials are printed to our screen. To execute
this code, we will run it encoded as powershell have
functionality to run code in Base64. Let's encode the payload,
open a terminal and type:
cat evil | iconv -t UTF-16LE | base64 -w0
cat evil | displays the file "evil" and pipe the output
to the next command.
iconv -t UTF-16LE | convert the text from the
previous command to UTF-16 and pipe the output to
the next command.
base64 -w0 encode the text from the previous
command to Base64 and print the result.
At the time we hit enter, the victim screen will look like this:
When the victim fills the form, the credentials are sent to our
screen as shown above, that's all, we have the victim's
username and password!
I hope you have enjoyed! Feel free to ask any question, thanks
for reading!
References
Using Metasploit Capture Modules from Hak5.
Want to start making money as a white hat hacker? Jump-
start your hacking career with our 2020 Premium Ethical
Hacking Certification Training Bundle from the new Null Byte
Shop and get over 60 hours of training from cybersecurity
professionals.