Skip to content
/ RDP-THIEF Public

RDP THIEF - inject dll to remote desktop process (mstsc.exe) and steal user credentials.

License

GPL-3.0 license
13 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

proxytype/RDP-THIEF

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
Loader
Loader
 
 
Payload
Payload
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

RDP-THIEF

Inject dll to remote desktop process (mstsc.exe) and steal user credentials.

Requierments:

Microsoft Detours Library - https://github.com/microsoft/Detours

Compile:

  1. Unzip source code, open command line and enter to source directory
  2. SET DETOURS_TARGET_PROCESSOR=X64
  3. C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat
  4. NMAKE

Add detours.lib to Linker additional libraries.

Hooked Functions:

  • CredIsMarshaledCredentialW
  • CredReadW
  • CryptProtectMemory
    Microsoft try to hide it, The address to the function is dynamic, you need to find it yourself.

References:
https://github.com/0x09AL/RdpThief
https://www.mdsec.co.uk/2019/11/rdpthief-extracting-clear-text-credentials-from-remote-desktop-clients/

About

RDP THIEF - inject dll to remote desktop process (mstsc.exe) and steal user credentials.

Topics

windows vulnerability vulnerability-analysis vulnerability-research

Resources

Readme

License

GPL-3.0 license
Activity

Stars

13 stars

Watchers

2 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages