Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/IlanKalendarov/PyHook

PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.
https://github.com/IlanKalendarov/PyHook

Last synced: 3 months ago
JSON representation

PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.

Host: GitHub
URL: https://github.com/IlanKalendarov/PyHook
Owner: IlanKalendarov
License: bsd-3-clause
Created: 2021-08-23T12:49:25.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2023-11-06T16:36:00.000Z (12 months ago)
Last Synced: 2024-06-27T13:36:27.762Z (4 months ago)
Language: Python
Size: 1.28 MB
Stars: 172
Watchers: 4
Forks: 17
Open Issues: 5
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - IlanKalendarov/PyHook - PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call. (Python)

README

        

# PyHook

PyHook is the python implementation of my [SharpHook](https://github.com/IlanKalendarov/SharpHook) project, It uses various API hooks in order to give us the desired credentials.

PyHook Uses frida to inject it's dependencies into the target process

# Supported Processes

| Process               | API Call                          | Description                                                  | Progress |

| --------------------- | --------------------------------- | ------------------------------------------------------------ | -------- |

| mstsc                 | `CredUnPackAuthenticationBufferW` | Hooks `CredUnPackAuthenticationBufferW` from mstsc and outputs username and password | DONE     |

| runas                 | `CreateProcessWithLogonW`         | Hooks `CreateProcessWithLogonW` from runas and outputs username, password and a domain name. | DONE     |

| PowerShell            | `CreateProcessWithLogonW`         | Hooks `CreateProcessWithLogonW` from PowerShell and outputs username, password and a domain name (e.g - `Start-Process cmd -Credential X`). | DONE     |

| cmd                   | `RtlInitUnicodeStringEx`          | Hooks `RtlInitUnicodeStringEx` from cmd and outputs data from specific filters (e.g - "-p", "password" etc). | DONE     |

| MobaXterm             | `CharUpperBuffA`                  | Hooks `CharUpperBuffA` from MobaXterm and outputs credentials for RDP and SSH logins. | DONE     |

| explorer (UAC Prompt) | `CredUnPackAuthenticationBufferW` | Hooks `CredUnPackAuthenticationBufferW` from explorer and outputs username, password and a domain name. | DONE     |

# Demo

![](https://github.com/IlanKalendarov/PyHook/blob/main/Demo/Demo.gif)

Link to my blog post covering this topic: https://ilankalendarov.github.io/posts/offensive-hooking