Amnesiac
  • Welcome
  • Intended Usage
  • Get-Started
    • Quick Start
  • Main Menu
    • Available Commands
    • Main Menu Structure
    • [0] Scan Network for Admin Access
    • [1] Single-Listener (single target)
    • [2] Global-Listener (multiple targets)
    • [3] Scan Network for Listening Targets
    • Bookmarks
    • Payload Types
    • Payload Delivery
    • Serving Scripts
    • Sessions Display
    • Targets
    • Terminate Sessions
  • Sessions
    • Core Commands
      • Download
      • Exit
      • GListener
      • GLSet
      • Help
      • Kill
      • OneIsNone
      • Scramble
      • Sync
      • Toggle
      • Upload
    • System Commands
      • AV
      • Net
      • Process
      • Services
      • Sessions
      • Software
      • Startup
    • User Activity
      • ClearLogs
      • Clipboard
      • History and ClearHistory
      • Keylog and KeylogRead
      • ScreenShot and Screen4K
    • Scripts Loading
      • Mimi
      • Patch and PatchNet
      • PInject
      • PowerView
      • Rubeus
      • TLS
    • Local Actions
      • Ask4Creds
      • AutoMimi
      • CredMan
      • Dpapi
      • GetSystem
      • HashGrab
      • Hive
      • Kerb
      • Migrate
      • Monitor
    • Domain Actions
      • DCSync
      • CredValidate
      • Impersonation
      • LocalAdminAccess
      • PassSpray
      • Remoting
      • SessionHunter
  • Beware
    • Encryption
    • Non-Domain-Joined systems
    • SessionID 0
    • Timeouts
Powered by GitBook
On this page
  1. Sessions
  2. Local Actions

Ask4Creds

Prompt User for Credentials

Last updated 1 year ago

is a tool designed for prompting users for their credentials. It provides a GUI that allows users to enter their login credentials, which are then validated against a specified domain. This tool is especially valuable for scenarios where collecting user credentials is essential.

Usage

To run Ask4Creds, simply type Ask4Creds from the active session associated to the user you want to ask credentials for. This will launch the GUI prompt for credential input.

Ask4Creds attempts to validate the entered credentials up to five times. After each unsuccessful attempt, the user is prompted again, allowing for multiple input attempts.

To ensure efficient use of the tool, a timer is set to automatically close the credential input form after a specified timeout period (default is 25 seconds). This prevents the form from lingering indefinitely.

Effective Credentials Collection

The effectiveness of Ask4Creds depends on the parent process from which it is initiated. When you launch Ask4Creds, it becomes a sub-process of the selected parent process, inheriting certain characteristics and permissions from its parent.

Ask4Creds needs to run within the same process as the user for whom the prompt is intended. The "explorer" process, for instance, is an integral part of the Windows user interface and actively interacts with user inputs, including keyboard inputs. Therefore, launching Ask4Creds from that process ensures that the prompt is displayed to the user and can collect their credentials.

Conversely, if you initiate Ask4Creds from a parent process that doesn't handle user keystrokes or is meant to have no user interface, Ask4Creds may not be able to prompt the user for credentials and will receive no keyboard input to log. In such cases, no credentials would be gathered, rendering the operation ineffective.

In essence, selecting the right parent process for Ask4Creds is crucial to ensure that it operates in an environment where it can successfully prompt users to submit credentials and log the input provided using the prompt.

Ask4Creds