CredPhish - A PowerShell Script Designed To Invoke Legitimate Credential Prompts And Exfiltrate Passwords Over DNS
CredPhish is a PowerShell script designed to invoke credential prompts and exfiltrate passwords. It relies on CredentialPicker to collect user passwords, Resolve-DnsName for DNS exfiltration, and Windows Defender's ConfigSecurityPolicy.exe to perform arbitrary GET requests.
For a walkthrough, see the Black Hills Infosec publication.
CredPhish - A PowerShell Script Designed To Invoke Legitimate Credential Prompts And Exfiltrate Passwords Over DNS
Reviewed by Zion3R
on
5:30 PM
Rating:
![CredPhish - A PowerShell Script Designed To Invoke Legitimate Credential Prompts And Exfiltrate Passwords Over DNS](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtl0LN7StHhipZ8X93Xfz9_y9hvWDvYPS8AFedZZ76yA1KgwN8QC3Kf9lYb1TLF0Z5WvzbXK5LL2DBVONGpC63ukoP6JfJpw9rAY0zn4ANCJggyrcu6Ngl6AO72Mc9vROyvr8bnXyGEYr6/s72-w640-c-h272/CredPhish_1_credphish-752010.gif)