PyHook – An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call

September 22, 2021

PyHook 1 Demo 754513

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials.

PyHook Uses frida to inject it’s dependencies into the target process

Supported Processes

Process API Call Description Progress
mstsc CredUnPackAuthenticationBufferW This will hook into mstsc and should give you Username and Password DONE
runas CreateProcessWithLogonW This will hook into runas and should give you Username, Password and the domain name DONE
cmd RtlInitUnicodeStringEx This should hook into cmd and then would be able to filter keywords like: PsExec,password etc.. DONE
MobaXterm CharUpperBuffA This will hook into MobaXterm and should give you credentials for SSH and RDP logins DONE
explorer (UAC Prompt) CredUnPackAuthenticationBufferW This will hook into explorer and should give you Username, Password and the Domain name from the UAC Prompt DONE

Link my blog post covering this topic: https://ilankalendarov.github.io/posts/offensive-hooking

Download PyHook

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Tags: , , , ,

You may have missed

BianLian

BianLian Ransomware Victim: Optometric Physicians of Middle Tennessee

April 26, 2024
ransomhouse 1

RansomHouse Ransomware Victim: Hirsh Industries

April 26, 2024
CISA Logo

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

April 26, 2024
CISA Logo

CISA: CISA and Partners Release Advisory on Akira Ransomware

April 26, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

April 26, 2024