SharpHook : Tool Tath Uses Various API Hooks In Order To Give Us The Desired Credentials

SharpHook is inspired by the SharpRDPThief project, It uses various API hooks in order to give us the desired credentials.

In the background it uses the EasyHook project, Once the desired process is up and running SharpHook will automatically inject its dependencies into the target process and then, It will send us the credentials through EasyHook’s IPC server.

Supported Processes

ProcessAPI CallDescriptionProgress
mstscCredUnPackAuthenticationBufferWThis will hook into mstsc and should give you Username, Password and the remote ipDONE
runasCreateProcessWithLogonWThis will hook into runas and should give you Username, Password and the domain nameDONE
powershellCreateProcessWithLogonWThis will hook into powershell and should give you output for commands for when the user enters a different credentials. For example Start-Process cmd -Credential XDONE
cmdRtlInitUnicodeStringExThis should hook into cmd and then would be able to filter keywords like: PsExec,password etc..In Progress – Crashes cmd idk why
MobaXtermCharUpperBuffAThis will hook into MobaXterm and should give you credentials for SSH and RDP loginsIn Progress – Problems with this being a 32bit process and Fody not working. As a workaround you can compile the project as x86 and it’ll work just fine
explorer (UAC Prompt)CredUnPackAuthenticationBufferWThis will hook into explorer and should give you Username, Password and the Domain name from the UAC PromptIn Progress – UAC says access denied probably integrity levels problems
R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 weeks ago