יום שישי, 4 באפריל 2014

windows-domain-credentials-phishing-tool

While performing a Pen test for a client me and @NightRang3r needed to catch domain user name and password, there are several ways to gain users passwords and it really depends on a lot of factors on how to get it in my case we didn’t had time to wait for the user to enter his credentials and get it using a key logger so I and @NightRang3r created a fake windows domain login window to tried to force and trick the user to enter his password.
of course it worked like a charm ;)

There are several tools and techniques such as “Mimikatz” but they require you to have administrative/system privileges, you don’t need special privileges to execute “Windows Domain Credentials Phishing Tool”.

* Special Thanks to @NightRang3r For helping in all the stages of developing the tool.



* Please note, this tool require .NET framework on target system.

* This tool should not be used to perform illegal
Windows Domain Credentials Phishing Tool from NightRanger on Vimeo.
activities.