SharpHook : Tool Tath Uses Various API Hooks In Order To Give Us The Desired Credentials

SharpHook is inspired by the SharpRDPThief project, It uses various API hooks in order to give us the desired credentials.

In the background it uses the EasyHook project, Once the desired process is up and running SharpHook will automatically inject its dependencies into the target process and then, It will send us the credentials through EasyHook’s IPC server.

Supported Processes

Process	API Call	Description	Progress
mstsc	`CredUnPackAuthenticationBufferW`	This will hook into mstsc and should give you Username, Password and the remote ip	DONE
runas	`CreateProcessWithLogonW`	This will hook into runas and should give you Username, Password and the domain name	DONE
powershell	`CreateProcessWithLogonW`	This will hook into powershell and should give you output for commands for when the user enters a different credentials. For example – `Start-Process cmd -Credential X`	DONE
cmd	`RtlInitUnicodeStringEx`	This should hook into cmd and then would be able to filter keywords like: PsExec,password etc..	In Progress – Crashes cmd idk why
MobaXterm	`CharUpperBuffA`	This will hook into MobaXterm and should give you credentials for SSH and RDP logins	In Progress – Problems with this being a 32bit process and Fody not working. As a workaround you can compile the project as x86 and it’ll work just fine
explorer (UAC Prompt)	`CredUnPackAuthenticationBufferW`	This will hook into explorer and should give you Username, Password and the Domain name from the UAC Prompt	In Progress – UAC says access denied probably integrity levels problems

Related

PyHook : An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call

September 29, 2021

In "Kali Linux"

RdpStrike – Harnessing PIC And Hardware Breakpoints For Credential Extraction

June 17, 2024

In "Exploitation Tools"

Slurp : Evaluate The Security Of S3 Buckets

August 4, 2019

In "Kali Linux"

R K

Next BlobHunter : Find Exposed Data In Azure With This Public Blob Scanner »

Previous « CamRaptor : Tool That Exploits Several Vulnerabilities In Popular DVR Cameras To Obtain Network Camera Credentials

Share

Published by

R K

Tags: API HooksCredentialsSharpHook

5 years ago

Recent Posts

How To

Bash Scripting Best Practices Every Beginner Should Know

Introduction Bash scripting is a powerful way to automate Linux tasks, but writing a script…

13 hours ago

How To

How To Create A Self-Signed SSL Certificate Using Bash And OpenSSL

Introduction A self-signed SSL certificate is a certificate that is created and signed by the…

14 hours ago

How To

How To Debug Bash Scripts Using bash -x And set Commands

Introduction Debugging is an important part of Bash scripting. When a script does not work…

18 hours ago

How To

How To Use Cron Jobs With Bash Scripts For Automation

Introduction Cron jobs are used in Linux to run commands or Bash scripts automatically at…

19 hours ago

How To

How To Use Pipes In Bash Scripts For Command Chaining

Introduction Pipes are an important feature in Linux and Bash scripting. A pipe allows you…

20 hours ago

How To

How To Use grep, awk, And sed In Bash Scripts

Introduction The grep, awk, and sed commands are powerful text-processing tools in Linux. They are…

21 hours ago

L