https://github.com/jxroot/phishtrap
weaponizing Windows For Red Teamers !
https://github.com/jxroot/phishtrap
Last synced: about 1 year ago
JSON representation
weaponizing Windows For Red Teamers !
- Host: GitHub
- URL: https://github.com/jxroot/phishtrap
- Owner: jxroot
- License: gpl-3.0
- Created: 2025-04-09T16:41:07.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-04-20T16:52:07.000Z (about 1 year ago)
- Last Synced: 2025-05-07T20:16:49.449Z (about 1 year ago)
- Language: PowerShell
- Homepage:
- Size: 12.5 MB
- Stars: 4
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ⚔️ Weaponized Windows Server via RDP
> A creative red team technique using pure PowerShell and social engineering over RDP.



---
## 🧠 Idea Behind the Tool
This tool simulates a **real-world initial access scenario** via a weaponized Windows Server and an `.rdp` file. It's made for **Red Team operations**, adversary emulation, or lab experiments.
> **Goal:** Trick users into enabling drive sharing through RDP and silently plant a payload for post-exploitation.
---
## ⚙️ How It Works
1. **User connects** to a remote server using the provided `.rdp` file. or `server_ip`
2. A **custom server-side application** launches and forces the Windows environment into a **kiosk-style lockdown**:
- Disables all key combinations: `Alt+Tab`, `Ctrl+Alt+Del`, `Win key`, etc.
- Prevents user from interacting with the real desktop.
3. A **fake security prompt** is displayed:
- If **Drive Sharing** is already enabled, the tool moves to the next stage.
- If **not**, the user is shown a warning suggesting a "security feature" must be enabled, tricking them into turning on sharing.
4. When sharing is enabled, the tool:
- Gains access to the local user's system via `\\tsclient`
- Plants a **payload in the Startup folder** for persistence or further execution
---
> This Tools Now Just Like POC You need Custom for self use for example after everything ok delete reg key and escape from kiosk-style and show somethings...You KNOW🤣
---
> This Tools Use edge open in kiosk mode and full screen open html tempalte generate by powershell dynamic for check with combine key user cant escape or exit🔒
---
## ▶️ Demo Video & Wiki
- **Video Setup:** [Watch the video](https://www.youtube.com/watch?v=dahuidcxS2U)
- [Watch Demo video](res/demo-video.mp4)
- setup:
- `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon` for run first process and first time
- `use shell:startup` and `shell:commo` for deploy malware and re check fake security page every time user connect for recheck.
- `use sharpkeys tools` and `reg file` for disable keys and remove.
---
## 🛠️ Built With
- Pure **PowerShell** scripting (no external dependencies)
- Optional support for:
- `PS2EXE` for compiling to `.exe`
- `NirCmd`, `Resource Hacker`, or `Bat To Exe` for behavior masking
---
🔱 Next Update
- add more template and shell access
- Display a fake update message: Show a fake system update notification, asking the user to stay connected for a specified period (e.g., 20 minutes). This message aims to deceive the user into remaining connected longer.
- Transfer victim’s files: During this time, silently transfer files from the target system to the attacker’s server. If the user disconnects or exits the session prematurely, the timer will reset, forcing the user to stay connected longer for the attack to complete.
📧 Contact
## ⚠️ Legal & Ethical Disclaimer
🚨 This tool is developed strictly for educational and authorized security testing purposes only.
🔬 It is intended to help cybersecurity professionals, researchers, and enthusiasts understand post-exploitation, red teaming, and detection techniques in lab or controlled environments.
❌ Do NOT use this tool on any system or network without explicit permission. Unauthorized use may be illegal and unethical.
🛡 The author takes no responsibility for any misuse or damage caused by this project.
---
> Always hack responsibly. 💻🔐