PyHook

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials.

PyHook Uses frida to inject it's dependencies into the target process

Supported Processes

Process	API Call	Description	Progress
mstsc	`CredUnPackAuthenticationBufferW`	Hooks `CredUnPackAuthenticationBufferW` from mstsc and outputs username and password	DONE
runas	`CreateProcessWithLogonW`	Hooks `CreateProcessWithLogonW` from runas and outputs username, password and a domain name.	DONE
PowerShell	`CreateProcessWithLogonW`	Hooks `CreateProcessWithLogonW` from PowerShell and outputs username, password and a domain name (e.g - `Start-Process cmd -Credential X`).	DONE
cmd	`RtlInitUnicodeStringEx`	Hooks `RtlInitUnicodeStringEx` from cmd and outputs data from specific filters (e.g - "-p", "password" etc).	DONE
MobaXterm	`CharUpperBuffA`	Hooks `CharUpperBuffA` from MobaXterm and outputs credentials for RDP and SSH logins.	DONE
explorer (UAC Prompt)	`CredUnPackAuthenticationBufferW`	Hooks `CredUnPackAuthenticationBufferW` from explorer and outputs username, password and a domain name.	DONE

Name		Name	Last commit message	Last commit date
Latest commit History 33 Commits
Demo		Demo
hooks		hooks
.gitignore		.gitignore
LICENSE		LICENSE
PyHook.py		PyHook.py
README.md		README.md
__init__.py		__init__.py
requirments.txt		requirments.txt