Kali Linux

PyHook : An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials.

PyHook Uses frida to inject it’s dependencies into the target process

Supported Processes

ProcessAPI CallDescriptionProgress
mstscCredUnPackAuthenticationBufferWHooks CredUnPackAuthenticationBufferW from mstsc and outputs username and passwordDONE
runasCreateProcessWithLogonWHooks CreateProcessWithLogonW from runas and outputs username, password and a domain name.DONE
PowerShellCreateProcessWithLogonWHooks CreateProcessWithLogonW from PowerShell and outputs username, password and a domain name (e.g – Start-Process cmd -Credential X).DONE
cmdRtlInitUnicodeStringExHooks RtlInitUnicodeStringEx from cmd and outputs data from specific filters (e.g – “-p”, “password” etc).DONE
MobaXtermCharUpperBuffAHooks CharUpperBuffA from MobaXterm and outputs credentials for RDP and SSH logins.DONE
explorer (UAC Prompt)CredUnPackAuthenticationBufferWHooks CredUnPackAuthenticationBufferW from explorer and outputs username, password and a domain name.DONE

Demo

R K

Recent Posts

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

14 hours ago

MODeflattener – Miasm’s OLLVM Deflattener

MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…

14 hours ago

My Awesome List : Tools And Their Functions

"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…

14 hours ago

Chrome Browser Exploitation, Part 3 : Analyzing And Exploiting CVE-2018-17463

CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…

14 hours ago

Chrome Browser Exploitation, Part 1 : Introduction To V8 And JavaScript Internals

The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…

15 hours ago

Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…

17 hours ago