How to hack Windows password using a fake login in C#

In this article we are going to discuss how to develop a simple C# application that pretend to be a Windows login form (fake login) and asks password to a user in Windows 10.

This represents a very efficient techinque used for stealing sensible information and, if perfected, it can also deceive experienced users.

The Windows Login Dialog

The first thing we need in order to reach our goal is to reproduce as much as possible a Windows login dialog like the following:

I recomend you using the Ookii library, which is a class library for .Net applications providing several common dialogs: one of those dialogs is the CredentialDialog that is what we need!

Let’s download the archive file at this link and import the Ookii.Dialogs.dll in our project.

Check the User Credential

Ok, we have the login form. Now we must be capable to check if inserted credentials are valid. In order to do that, follow this article in which I explained how to do it and prepare the project.

Basically we just have to import 2 assemblies:

System.Security.Principal;
System.DirectoryServices.AccountManagement;

And then we are ready to go!

The Solution

At this point we can start importing the necessary assemblies

Copy to Clipboard

Now in the Main section, let’s prepare some usefull variables.
At the beginning we get the username and the domain name:

Copy to Clipboard

Create a fake login dialog using the Ookii library and pass it some inputs, in this example we are pretending to be a Microsoft Outlook login window:

Copy to Clipboard

The last thing to do is to show our dialog and check the inserted credentials every time the user clicks OK. If the credentials are correct, we print them on the screen, otherwise we keep on asking a valid one.

Keep in mind that this is just an example, a malicious application would store and transmit those credentials to the attacker!

Copy to Clipboard

bool flag = false;
string strUsername = "";
string strPassword = "";

while (!flag) {
                if (crDiag.ShowDialog() == DialogResult.OK)
                {
                    strUsername = crDiag.UserName;
                    strPassword = crDiag.Password;
                    try
                    {
                        using (PrincipalContext principalContext 
                      = new PrincipalContext(ContextType.Machine))
                        {
                            flag = principalContext.ValidateCredentials(domain_username, strPassword);
                        }
                    }
                    catch (PrincipalServerDownException e)
                    {
                        Console.WriteLine(e.ToString());
                    }
                }
                if (flag)
                {
                    Console.WriteLine(strUsername);
                    Console.WriteLine(strPassword);
                    Console.ReadKey();
                }
            }

Once prepared, run the project.

You should see a fake login form: if you put an invalid password the login form will show up again. If the password is correct, you’ll see the plain text password written on the console window.

Conclusions

Well, we have seen a very simple and, at the same time, effective way to steal a Windows password.

This techinique can be used in order to create malicious applications that can be installed on a machine in order to gather sensible data.

The Windows Login Dialog

Check the User Credential

The Solution

Conclusions

Share This Post, Choose Your Platform!

Related Posts

Java – How Session Hijacking Works – part 3

Java – How Session Hijacking Works – part 2

Java – How Session Hijacking Works – part 1

Leave A Comment Cancel reply