While performing a Pen test for a client me and @NightRang3r needed to catch domain user name
and password, there are several ways to gain users passwords and it really
depends on a lot of factors on how to get it in my case we didn’t had time to
wait for the user to enter his credentials and get it using a key logger so I
and @NightRang3r created a fake windows domain login window to tried to force
and trick the user to enter his password.
of course it worked like a charm ;)
There are several tools and techniques such as “Mimikatz”
but they require you to have administrative/system privileges, you don’t need
special privileges to execute “Windows Domain Credentials Phishing Tool”.
* Special Thanks to @NightRang3r For helping in all the
stages of developing the tool.
* Please note, this tool require .NET framework on target
system.
* This tool should not be used to perform illegal
Windows Domain Credentials Phishing Tool from NightRanger on Vimeo.
activities.
Windows Domain Credentials Phishing Tool from NightRanger on Vimeo.
activities.
Download link: https://sourceforge.net/projects/wdcpt/
1 תגובות:
nice one!
הוסף רשומת תגובה