😎
Intruder
  • About Shantanu Khandelwal
  • Reporting
    • Excel Sheet to Word Report by PowerShell
    • Ghostwriter - Add report type
  • Red Team
    • HTTPS C2 Done Right NGINX
    • Domain Front
      • Firebase Domain Front - Hiding C2 as App traffic
    • GoLang
      • Red Team: How to embed Golang tools in C#
      • Red Team: Using SharpChisel to exfil internal network
      • Converting your GO bins to Shellcode and Using them in C#
    • ShellCode Injection
      • magic_mz_x86 and magic_mz_x64
      • Process Hollowing DInvoke
      • Shellcode Formatter
      • DLL Sideloading
      • InMemory Shellcode Encryption and Decryption using SystemFunction033
    • PowerShell
      • Enable Restricted Admin using powershell and use mimikatz for RDP
      • Powershell Custom Runspace
      • Using Reflection for AMSI Bypass
    • Database
      • Extract MSSQL Link Password
      • MSSQL Link Crawl - OpenQuery Quotes Calculator
    • DLL Sideloading
      • DLL Koppeling
      • DLL Sideloading not by DLLMain
    • Walking with Docker
      • Self-Hosting Havoc C2 / or any other C2 in Docker
    • Breach Attack Simulation - Starting With OpenBAS
  • Dealing with the Errors
    • Setting Up OPENVAS in KALI 2020.3
    • Page
      • Page 1
  • Phishing
    • Connecting GoPhish with Office365
    • SharpLoginPrompt - Success and a Curious Case
    • Gophish MODs
    • Long Live DMARC - Email Spoof issues
    • Error Solves (Random)
      • Rust OPENSSL install issues
  • Mobile Application Testing
    • How to Download APK from Huawei App Store
  • Talks I Like
  • Talks Worth Checking Out
  • Web Application Penetration Testing
    • Parsing Certificate Transparency Logs
Powered by GitBook
On this page
  • History of Login Prompts?
  • So Why SharpLoginPrompt ?
  • Introducing SharpLoginPrompt
  • Download SharpLoginPrompt
  • Next Steps in Credential Phishing
  • Credits

Was this helpful?

  1. Phishing

SharpLoginPrompt - Success and a Curious Case

A tale of why SharpLoginPrompt Always Works and a recent curious case

PreviousConnecting GoPhish with Office365NextGophish MODs

Last updated 4 years ago

Was this helpful?

So recently my team was performing a Red Team assessment. Its common in our team to innovate and use each other's tools. This drives the appreciation and growth inside the team. I developed SharpLoginPrompt long time ago to, but in this recent case it was not working as expected and this lead to a new update in SharpLoginPrompt.

History of Login Prompts?

In January 2015 Matt Nelson () wrote a blog post about using PromptForCredential for displaying the Credential prompt. The thing worked wonders through the days where Powershell was being used for offensive purposes. Once Microsoft added lots of logging capabilities, we saw a sharp rise in the use of C# and Matt Hand (@matterpreter) wrote CredPhiser and pushed it inside his OffensiveCSharp tool list.

So Why SharpLoginPrompt ?

Both Invoke-LoginPrompt from @enigma0x3 and CredPhisher have one basic problem. The problem is whenever we try to Phish someone with Login Prompts the first instinct of the victim user is to hide it or put in background while they continue their work till the end of day. Now while, this is a very good feature, as a Red Teamer, we dont have all day to wait for the victim to put in their credentials. So the way out was only to make it persist on the screen until the user fills out the right credentials.

Introducing SharpLoginPrompt

SharpLoginPrompt is a code adapted from both CredPhisher and Invoke-LoginPrompt but with a Twist. The Twist is that the prompt never dies or go behind the any application until the correct credentials are provided. Following is a gif for the demonstration.

This allowed us to gather the credentials from the user as quickly as we want without waiting all day.

Next Steps in Credential Phishing

Credits

As always my coworkers and my family. Special Thanks to Jonathan Cheung and Vincent Yiu

You can download the binary from or you can compile yourself using the

My organization has a lot of talented and distinguished people from the industry and one of them is Arris. Arris has already taken this forward more more step in his project.

Download SharpLoginPrompt
here
source code
fakelogonscreen
@enigma0x3
SharpLoginPrompt Always on TOP