SharpLoginPrompt - Success and a Curious Case
A tale of why SharpLoginPrompt Always Works and a recent curious case
So recently my team was performing a Red Team assessment. Its common in our team to innovate and use each other's tools. This drives the appreciation and growth inside the team. I developed SharpLoginPrompt long time ago to, but in this recent case it was not working as expected and this lead to a new update in SharpLoginPrompt.
In January 2015 Matt Nelson (@enigma0x3) wrote a blog post about using PromptForCredential for displaying the Credential prompt. The thing worked wonders through the days where Powershell was being used for offensive purposes. Once Microsoft added lots of logging capabilities, we saw a sharp rise in the use of C# and Matt Hand (@matterpreter) wrote CredPhiser and pushed it inside his OffensiveCSharp tool list.
Both Invoke-LoginPrompt from @enigma0x3 and CredPhisher have one basic problem. The problem is whenever we try to Phish someone with Login Prompts the first instinct of the victim user is to hide it or put in background while they continue their work till the end of day. Now while, this is a very good feature, as a Red Teamer, we dont have all day to wait for the victim to put in their credentials. So the way out was only to make it persist on the screen until the user fills out the right credentials.
SharpLoginPrompt is a code adapted from both CredPhisher and Invoke-LoginPrompt but with a Twist. The Twist is that the prompt never dies or go behind the any application until the correct credentials are provided. Following is a gif for the demonstration.
SharpLoginPrompt Always on TOP
This allowed us to gather the credentials from the user as quickly as we want without waiting all day.
As always my coworkers and my family. Special Thanks to Jonathan Cheung and Vincent Yiu