Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/IlanKalendarov/SharpHook
SharpHook is an offensive API hooking tool designed to catch various credentials within the API call.
https://github.com/IlanKalendarov/SharpHook
Last synced: 21 days ago
JSON representation
SharpHook is an offensive API hooking tool designed to catch various credentials within the API call.
- Host: GitHub
- URL: https://github.com/IlanKalendarov/SharpHook
- Owner: IlanKalendarov
- License: bsd-3-clause
- Created: 2021-05-26T14:39:29.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-07-01T07:54:44.000Z (over 3 years ago)
- Last Synced: 2024-08-05T17:26:29.364Z (4 months ago)
- Language: C#
- Homepage:
- Size: 6.52 MB
- Stars: 311
- Watchers: 10
- Forks: 43
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - IlanKalendarov/SharpHook - SharpHook is an offensive API hooking tool designed to catch various credentials within the API call. (C# #)
README
# SharpHook
SharpHook is inspired by the [SharpRDPThief project](https://github.com/passthehashbrowns/SharpRDPThief), It uses various API hooks in order to give us the desired credentials.
In the background it uses the [EasyHook](http://easyhook.github.io/) project, Once the desired process is up and running SharpHook will automatically inject its dependencies into the target process and then, It will send us the credentials through EasyHook's IPC server.
# Supported Processes
| Process | API Call | Description | Progress |
| :-------------------: | :-------------------------------: | :----------------------------------------------------------: | :----------------------------------------------------------: |
| mstsc | `CredUnPackAuthenticationBufferW` | This will hook into mstsc and should give you Username, Password and the remote ip | DONE |
| runas | `CreateProcessWithLogonW` | This will hook into runas and should give you Username, Password and the domain name | DONE |
| powershell | `CreateProcessWithLogonW` | This will hook into powershell and should give you output for commands for when the user enters a different credentials. For example - `Start-Process cmd -Credential X` | DONE |
| cmd | `RtlInitUnicodeStringEx` | This should hook into cmd and then would be able to filter keywords like: PsExec,password etc.. | In Progress - Crashes cmd idk why |
| MobaXterm | `CharUpperBuffA` | This will hook into MobaXterm and should give you credentials for SSH and RDP logins | In Progress - Problems with this being a 32bit process and [Fody](https://github.com/Fody/Costura) not working. **As a workaround you can compile the project as x86 and it'll work just fine** |
| explorer (UAC Prompt) | `CredUnPackAuthenticationBufferW` | This will hook into explorer and should give you Username, Password and the Domain name from the UAC Prompt | In Progress - UAC says access denied probably integrity levels problems |# Demo
![](https://github.com/IlanKalendarov/SharpHook/blob/main/Images/Helpscreen.PNG)
![](https://github.com/IlanKalendarov/SharpHook/blob/main/Images/Demo.gif)# Contribution
Please feel free to contribute as I'm having some issues with some processes. You can find me on [Twitter](https://twitter.com/IKalendarov) or open a Pull Request.