Credentials Theft/ Win
Credentials Theft
In an Active Directory environment, we can use a tool such as Snaffler to crawl network share drives for interesting file extensions such as
.kdbx
,.vmdk
,.vdhx
,.ppk
, etcWe can search the file system or share drive(s) manually using the following commands from this cheatsheet.
DB Browser for SQLite open sqllite files for inspection.
tool such as SharpChrome to retrieve cookies and saved logins from Google Chrome.
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). MailSniper.
LaZagne tool (Credentials recovery project).
SessionGopher to extract saved PuTTY, WinSCP, FileZilla, SuperPuTTY, and RDP credentials.
tool net-creds to sniff passwords and hashes from a live interface or a pcap file.
Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.
Inveigh, or InveighZero .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers.
Last updated