search

tokyoneon / CredPhish

CredPhish is a PowerShell script designed to invoke legitimate credential prompts and exfiltrate passwords over DNS.
https://www.blackhillsinfosec.com/how-to-phish-for-user-passwords-with-powershell/
280 stars 45 forks source link
amsi antivirus-evasion backdoor bypass-antivirus c2 dns dns-server exfiltration information-security kali kali-linux kali-scripts offensive-security penetration-testing reverse-shell shell social-engineering

readme

CredPhish is a PowerShell script designed to invoke credential prompts and exfiltrate passwords. It relies on CredentialPicker to collect user passwords, Resolve-DnsName for DNS exfiltration, and Windows Defender's ConfigSecurityPolicy.exe to perform arbitrary GET requests.

For a walkthrough, see the Black Hills Infosec publication.