PyHook is an offensive API hooking tool written in python designed to catch various credentials within the API call.

Overview

PyHook

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials.

PyHook Uses frida to inject it's dependencies into the target process

Supported Processes

Process API Call Description Progress
mstsc CredUnPackAuthenticationBufferW This will hook into mstsc and should give you Username and Password DONE
runas CreateProcessWithLogonW This will hook into runas and should give you Username, Password and the domain name DONE
cmd RtlInitUnicodeStringEx This should hook into cmd and then would be able to filter keywords like: PsExec,password etc.. DONE
MobaXterm CharUpperBuffA This will hook into MobaXterm and should give you credentials for SSH and RDP logins DONE
explorer (UAC Prompt) CredUnPackAuthenticationBufferW This will hook into explorer and should give you Username, Password and the Domain name from the UAC Prompt DONE

Demo

Link my blog post covering this topic: https://ilankalendarov.github.io/posts/offensive-hooking

You might also like...
This utility synchronises spelling dictionaries from various tools with each other.

This utility synchronises spelling dictionaries from various tools with each other. This way the words that have been trained on MS Office are also correctly checked in vim or Firefox. And vice versa of course.

Retrying is an Apache 2.0 licensed general-purpose retrying library, written in Python, to simplify the task of adding retry behavior to just about anything.

Retrying Retrying is an Apache 2.0 licensed general-purpose retrying library, written in Python, to simplify the task of adding retry behavior to just

Python type-checker written in Rust

pravda Python type-checker written in Rust Features Fully typed with annotations and checked with mypy, PEP561 compatible Add yours! Installation pip

A simple dork generator written in python that outputs dorks with the domain extensions you enter

Dork Gen A simple dork generator written in python that outputs dorks with the domain extensions you enter in a ".txt file". Usage The code is pretty

Shypan, a simple, easy to use, full-featured library written in Python.

Shypan, a simple, easy to use, full-featured library written in Python.

🌲 A simple BST (Binary Search Tree) generator written in python
🌲 A simple BST (Binary Search Tree) generator written in python

Tree-Traversals (BST) 🌲 A simple BST (Binary Search Tree) generator written in python Installation Use the package manager pip to install BST. Usage

A sys-botbase client for remote control automation of Nintendo Switch consoles. Based on SysBot.NET, written in python.

SysBot.py A sys-botbase client for remote control automation of Nintendo Switch consoles. Based on SysBot.NET, written in python. Setup: Download the

Python tool to check a web applications compliance with OWASP HTTP response headers best practices

Check Your Head A quick and easy way to check a web applications response headers!

Stubmaker is an easy-to-use tool for generating python stubs.

Stubmaker is an easy-to-use tool for generating python stubs. Requirements Stubmaker is to be run under Python 3.7.4+ No side effects during

Comments
  • Threads logging with names

    Threads logging with names

    This is current state of the logs:

    [+] Trying To Attach To Explorer
    [+] Found CMD Window
    [+] Trying To Attach To CMD
    [+] Attached cmd with pid 3876!
    [+] Found CMD Window
    [+] Trying To Attach To CMD
    [+] Attached To Explorer!
    [+] Attached cmd with pid 4764!
    ...
    

    This is a bit overwhelming, I think it would be much better to have the context of each thread like so:

    [ +     explorer-hook ] Trying To Attach To Explorer
    [ +          cmd-hook ] Found CMD Window
    [ +          cmd-hook ] Trying To Attach To CMD
    [ +          cmd-hook ] Attached cmd with pid 3876!
    [ +          cmd-hook ] Found CMD Window
    [ +          cmd-hook ] Trying To Attach To CMD
    [ +     explorer-hook ] Attached To Explorer!
    [ +          cmd-hook ] Attached cmd with pid 4764!
    ...
    

    And if you want to add a little extra pizazz, you can use colors to differentiate between the threads too 🀩

    The style of the logs doesn't really matter, it doesn't have to be like I described it, any indicator to which thread is logging would suffice.

    enhancement 
    opened by LXTreato 1
  • [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    This PR was automatically created by Snyk using the credentials of a real user.


    Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • requirments.txt

    Vulnerabilities that will be fixed

    By pinning:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- medium severity | 551/1000
    Why? Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
    SNYK-PYTHON-SETUPTOOLS-3180412 | setuptools:
    39.0.1 -> 65.5.1
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    πŸ›  Adjust project settings

    πŸ“š Read more about Snyk's upgrade and patch logic


    Learn how to fix vulnerabilities with free interactive lessons:

    πŸ¦‰ Regular Expression Denial of Service (ReDoS)

    opened by IlanKalendarov 0
  • [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    [Snyk] Security upgrade setuptools from 39.0.1 to 65.5.1

    Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

    Changes included in this PR

    • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
      • requirments.txt

    Vulnerabilities that will be fixed

    By pinning:

    Severity | Priority Score (*) | Issue | Upgrade | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------|:------------------------- low severity | 441/1000
    Why? Recently disclosed, Has a fix available, CVSS 3.1 | Regular Expression Denial of Service (ReDoS)
    SNYK-PYTHON-SETUPTOOLS-3113904 | setuptools:
    39.0.1 -> 65.5.1
    | No | No Known Exploit

    (*) Note that the real score may have changed since the PR was raised.

    Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

    Check the changes in this PR to ensure they won't cause issues with your project.


    Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

    For more information: 🧐 View latest project report

    πŸ›  Adjust project settings

    πŸ“š Read more about Snyk's upgrade and patch logic


    Learn how to fix vulnerabilities with free interactive lessons:

    πŸ¦‰ Regular Expression Denial of Service (ReDoS)

    opened by snyk-bot 0
  • Error for explorer.exe process

    Error for explorer.exe process

    Program works for rdp etc but returns an error when hooking explorer process {'type': 'error', 'description': 'Error: expected a pointer', 'stack': 'Error: expected a pointer\n at value (frida/runtime/core.js:316)\n at <eval> (/script1.js:21)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 316, 'columnNumber': 1} Tried debugging it for a bit but to no avail.

    opened by Sp00p64 7
Owner
Ilan Kalendarov
Ilan Kalendarov
Keval allows you to call arbitrary Windows kernel-mode functions from user mode, even (and primarily) on another machine.

Keval Keval allows you to call arbitrary Windows kernel-mode functions from user mode, even (and primarily) on another machine. The user mode portion

null 42 Dec 17, 2022
Python module and its web equivalent, to hide text within text by manipulating bits

cacherdutexte.github.io This project contains : Python modules (binary and decimal system 6) with a dedicated tkinter program to use it. A web version

null 2 Sep 4, 2022
A Python package implementing various colour checker detection algorithms and related utilities.

A Python package implementing various colour checker detection algorithms and related utilities.

colour-science 147 Dec 29, 2022
A work in progress box containing various Python utilities

python-wipbox A set of modern Python libraries under development to simplify the execution of reusable routines by different projects. Table of Conten

Deepnox 2 Jan 20, 2022
A tool written in python to generate basic repo files from github

A tool written in python to generate basic repo files from github

Riley 7 Dec 2, 2021
Daiho Tool is a Script Gathering for Windows/Linux systems written in Python.

Daiho is a Script Developed with Python3. It gathers a total of 22 Discord tools (including a RAT, a Raid Tool, a Nuker Tool, a Token Grabberr, etc). It has a pleasant and intuitive interface to facilitate the use of all with help and explanations for each of them.

AstraaDev 32 Jan 5, 2023
Minimal Windows system information tool written in Python

wfetch wfetch is a Minimal Windows system information tool written in Python (Only works on Windows) Installation First of all have python installed.

zJairO 3 Jan 24, 2022
Various importers for cointracker

cointracker_importers Various importers for cointracker To convert nexo .csv format to cointracker .csv format: Download nexo csv file. run python Nex

Stefanos Anastasiou 9 Oct 24, 2022
Color box that provides various colorsβ€˜ rgb decimal code.

colorbox Color box that provides various colorsβ€˜ rgb decimal code

null 1 Dec 7, 2021
ColorController is a Pythonic interface for managing colors by english-language name and various color values.

ColorController.py Table of Contents Encode color data in various formats. 1.1: Create a ColorController object using a familiar, english-language col

Tal Zaken 2 Feb 12, 2022