https://github.com/IlanKalendarov/SharpHook

SharpHook is an offensive API hooking tool designed to catch various credentials within the API call.
https://github.com/IlanKalendarov/SharpHook

Last synced: 3 months ago
JSON representation

SharpHook is an offensive API hooking tool designed to catch various credentials within the API call.

• Host: GitHub
• URL: https://github.com/IlanKalendarov/SharpHook
• Owner: IlanKalendarov
• License: bsd-3-clause
• Created: 2021-05-26T14:39:29.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2021-07-01T07:54:44.000Z (over 3 years ago)
• Last Synced: 2024-05-08T01:30:56.323Z (6 months ago)
• Language: C#
• Homepage:
• Size: 6.52 MB
• Stars: 311
• Watchers: 10
• Forks: 43
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - IlanKalendarov/SharpHook - SharpHook is an offensive API hooking tool designed to catch various credentials within the API call. (C# #)

README

        
# SharpHook 

SharpHook is inspired by the [SharpRDPThief project](https://github.com/passthehashbrowns/SharpRDPThief), It uses various API hooks in order to give us the desired credentials. 

In the background it uses the [EasyHook](http://easyhook.github.io/) project, Once the desired process is up and running SharpHook will automatically inject its dependencies into the target process and then, It will send us the credentials through EasyHook's IPC server.

# Supported Processes

|        Process        |             API Call              |                         Description                          |                           Progress                           |

| :-------------------: | :-------------------------------: | :----------------------------------------------------------: | :----------------------------------------------------------: |

|         mstsc         | `CredUnPackAuthenticationBufferW` | This will hook into mstsc and should give you Username, Password and the remote ip |                             DONE                             |

|         runas         |     `CreateProcessWithLogonW`     | This will hook into runas and should give you Username, Password and the domain name |                             DONE                             |

|      powershell       |     `CreateProcessWithLogonW`     | This will hook into powershell and should give you output for commands for when the user enters a different credentials. For example - `Start-Process cmd -Credential X`  |                             DONE                             |

|          cmd          |     `RtlInitUnicodeStringEx`      | This should hook into cmd and then would be able to filter keywords like: PsExec,password etc.. |              In Progress - Crashes cmd idk why               |

|       MobaXterm       |         `CharUpperBuffA`          | This will hook into MobaXterm and should give you credentials for SSH and RDP logins | In Progress - Problems with this being a 32bit process and [Fody](https://github.com/Fody/Costura) not working. **As a workaround you can compile the project as x86 and it'll work just fine** |

| explorer (UAC Prompt) | `CredUnPackAuthenticationBufferW` | This will hook into explorer and should give you Username, Password and the Domain name from the UAC Prompt | In Progress - UAC says access denied probably integrity levels problems |

# Demo

![](https://github.com/IlanKalendarov/SharpHook/blob/main/Images/Helpscreen.PNG)

![](https://github.com/IlanKalendarov/SharpHook/blob/main/Images/Demo.gif)

# Contribution

Please feel free to contribute as I'm having some issues with some processes. You can find me on [Twitter](https://twitter.com/IKalendarov) or open a Pull Request.