Skip to main content

30. How to exploit a host compromised via phishing? The context is that only one domain user was discovered, but no password could be captured, although a domain does exist.

  1. Simulate Windows system authentication scenarios, such as Outlook login, User Account Control (UAC) elevation, or lock screen unlocking, and use forged interfaces to deceive the user.
    • FakeLogonScreen
    • Invoke-CredentialPhisher
    • Edge Kiosk
  2. Credsleaker allows an attacker to use Windows Security to create a highly convincing credential prompt, validate it against the domain controller, and then exfiltrate it via an HTTP request. This script displays a PowerShell credential box, masquerading as a legitimate Windows security prompt. For it to operate continuously, a web server is required to receive all necessary files and store the user credentials, as well as PowerShell’s presence to send the HTTP requests to the server.