Skip to content

IlanKalendarov/PyHook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits

Demo

Demo

 
 

hooks

hooks

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

PyHook.py

PyHook.py

 
 

README.md

README.md

 
 

__init__.py

__init__.py

 
 

requirments.txt

requirments.txt

 
 

Repository files navigation

PyHook

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials.

PyHook Uses frida to inject it's dependencies into the target process

Supported Processes

Process API Call Description Progress
mstsc CredUnPackAuthenticationBufferW Hooks CredUnPackAuthenticationBufferW from mstsc and outputs username and password DONE
runas CreateProcessWithLogonW Hooks CreateProcessWithLogonW from runas and outputs username, password and a domain name. DONE
PowerShell CreateProcessWithLogonW Hooks CreateProcessWithLogonW from PowerShell and outputs username, password and a domain name (e.g - Start-Process cmd -Credential X). DONE
cmd RtlInitUnicodeStringEx Hooks RtlInitUnicodeStringEx from cmd and outputs data from specific filters (e.g - "-p", "password" etc). DONE
MobaXterm CharUpperBuffA Hooks CharUpperBuffA from MobaXterm and outputs credentials for RDP and SSH logins. DONE
explorer (UAC Prompt) CredUnPackAuthenticationBufferW Hooks CredUnPackAuthenticationBufferW from explorer and outputs username, password and a domain name. DONE

Demo

Link to my blog post covering this topic: https://ilankalendarov.github.io/posts/offensive-hooking

About

PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

172 stars

Watchers

4 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages