Skip to content
/ RunAs-Stealer Public

RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging

License

MIT license
169 stars 30 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DarkSpaceSecurity/RunAs-Stealer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
runAsDebug
runAsDebug
 
 
runAsHook
runAsHook
 
 
runAsKeylogger
runAsKeylogger
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

RunAs-Stealer

RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging

Usage

The stealers are running in a while loop (the injector also in Hooking case) in the background, to kill them use Task Manager.

The stolen credentials are written to C:\Users\<Username>\Desktop\desktop.ini ADS log stream.

To get the credentials type the cmd command:

more < "C:\Users\<Username>\Desktop\desktop.ini:log"

To remove the stored credentials type the powershell command:

Remove-Item -Path "C:\Users\d1rk\Desktop\desktop.ini" -Stream "log"

N.B: Refer to the Demo down below for each use case

Hooking Demo

runAsHookDemo.mp4

Remote Debugging Demo

runAsDebugDemo.mp4

Smart Keylogging Demo

runasKeylogDemo.mp4

About

RunAs Utility Credential Stealer implementing 3 techniques : Hooking CreateProcessWithLogonW, Smart Keylogging, Remote Debugging

Topics

malware hacking pentesting malware-analysis malware-research hacking-tool malware-development blueteam redteam purpleteam pentesting-tools

Resources

Readme

License

MIT license
Activity

Stars

169 stars

Watchers

4 watching

Forks

30 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages