30. How to exploit a host compromised via phishing? The context is that only one domain user was discovered, but no password could be captured, although a domain does exist.
Simulate Windows system authentication scenarios, such as Outlook login, User Account Control (UAC) elevation, or lock screen unlocking, and use forged interfaces to deceive the user.
FakeLogonScreen
Invoke-CredentialPhisher
Edge Kiosk
Credsleaker allows an attacker to use Windows Security to create a highly convincing credential prompt, validate it against the domain controller, and then exfiltrate it via an HTTP request.
This script displays a PowerShell credential box, masquerading as a legitimate Windows security prompt. For it to operate continuously, a web server is required to receive all necessary files and store the user credentials, as well as PowerShell’s presence to send the HTTP requests to the server.