While performing a Pen test for a client i needed to catch a domain user name and password, there are several ways to gain users passwords and it really depends on a lot of factors on how to get it in my case i didn’t had time to wait for the user to enter his credentials and get it using a key logger so I and @Roni_Bachar created a fake windows domain login window to tried to force and trick the user to enter his password.
There are several tools and techniques such as “Mimikatz” but they require you to have administrative/system privileges, you don’t need special privileges to execute “Windows Domain Credentials Phishing Tool”.
* Special Thanks to @Roni_Bachar For the idea and help in developing the tool.
* Please note, this tool require .NET framework on target system.
* This tool should not be used to perform illegal activities.
Demo
Windows Domain Credentials Phishing Tool
While performing a Pen test for a client i needed to catch a domain user name and password, there are several ways to gain users passwords and it really depends on a lot of factors on how to get it in my case i didn’t had time to wait for the user to enter his credentials and get it using a key logger so I and @Roni_Bachar created a fake windows domain login window to tried to force and trick the user to enter his password.
There are several tools and techniques such as “Mimikatz” but they require you to have administrative/system privileges, you don’t need special privileges to execute “Windows Domain Credentials Phishing Tool”.
* Special Thanks to @Roni_Bachar For the idea and help in developing the tool.
* Please note, this tool require .NET framework on target system.
* This tool should not be used to perform illegal activities.
Demo
Windows Domain Credentials Phishing Tool from NightRanger on Vimeo.
Download
The Windows Domain Credentials Phishing Tool can be downloaded from source forge:
ps:思路挺好,显示出window用户登录的钓鱼页面。只是,作者写的程序可能有问题,输入正确密码,认证登录框也没有消失。
转载请注明:jinglingshu的博客 » Windows Domain Credentials Phishing Tool