πŸ‰
Gurpreet06
  • πŸ‘€Introduction
    • ☠️About me
    • ☎️Contact
  • πŸ‘ΎOffsensive Security
    • ⛓️OSEP
    • πŸ‰OSCP
    • ♾️OSWP
  • 🐞Zero-Point Security
    • βš”οΈCRTO
    • ⛓️CRTL
  • πŸ§™β€β™€οΈAltered Security
    • πŸ•·οΈCRTP
    • ⛓️CRTE
  • πŸ’§Sektor7
    • πŸ”Red Team Operator
  • πŸ“•eLearnSecurity
    • ⛓️eCPPTv2
    • πŸ““eJPT
  • 🧊Mikrotik
    • πŸ–₯️MTCNA
  • ☒️Antivirus Bypass
    • β›ˆοΈCrowdStrike Falcon
    • β›ˆοΈBit Defender Premium Antivirus
    • β›ˆοΈSophos Intercept X Antivirus
    • β›ˆοΈSophos Home Premium Antivirus
    • β›ˆοΈKaspersky Plus Protection
    • β›ˆοΈHarmony Checkpoint Security
    • β›ˆοΈWatchGuard Advanced EPDR
    • β›ˆοΈTrend Micro Maximum Security
    • β›ˆοΈESET Security Premium Antivirus
    • β›ˆοΈMalwarebytes Premium Antivirus
    • β›ˆοΈNorton 360
    • β›ˆοΈAVIRA Prime Antivirus
    • β›ˆοΈMcAfee Total Protection
    • β›ˆοΈQuick Heal Total Protection
  • πŸ‘¨β€πŸ’»PROJECTS
    • πŸ•΅οΈInfoSniper (Bypassing Antivirus)
    • 🦈PowerSSH
    • πŸ•΅οΈPyExec
    • β˜ƒοΈPyWMI
    • πŸ“­ShareHunter
    • πŸŒ†ShadowDesk
    • πŸ›‚C2Serv
    • ⛷️StealthInjector
    • πŸ¦‚StealthInvoke
    • πŸ—οΈAMSI Patcher (Bypassing Antivirus)
    • πŸ§–β€β™‚οΈRDP-Stealer
    • πŸ“ΈTakeScreenShot
    • πŸ”‘SharpKeyLogger
    • πŸ‘ΏHellCat (EDR-Escaper)
    • 🎫ETW Patcher (Bypassing Antivirus)
    • πŸ€–PRPT (Bypassing Antivirus)
    • 🌐What Internet Knows About You (OSINT)
    • πŸ”PowerShell SSL Reverse Shell
    • πŸ“ΆWiFi - Crack
    • ⚠️ICMP Data Exfiltration
Powered by GitBook
On this page
  • Features
  • Usage
  • POC
  1. PROJECTS

RDP-Stealer

RDP-Stealer is C++ malware that targets Remote Desktop Protocol (RDP) processes. It acts as a keystroke logger, capturing credentials provided by users in RDP and sending back encrypted data to a C2 server.

Features

  • Basic Sandbox Evasion

  • Executes without a visible window (in the background).

  • Captures keystrokes in RDP processes using the context of mstsc.exe and CredentialUIBroker.exe.

  • Encrypts the captured data using XOR and BASE64.

  • Sends data to a C2 server.

Usage

  1. Create a recvData folder in the directory.

  2. Before running the RDPStealer.exe on the victim machine, first run the server.php.

php -S 0.0.0.0:8000

  1. Run the RDPStealer.exe on the victim machine and enjoy :).

.\RDPStealer.exe

Note ⚠️

  • It is better to use an HTTPS server instead of an HTTP server.

POC

PreviousAMSI Patcher (Bypassing Antivirus)NextTakeScreenShot

Last updated 1 year ago

πŸ‘¨β€πŸ’»
πŸ§–β€β™‚οΈ