Credentials Theft/ Win

Credentials Theft

• In an Active Directory environment, we can use a tool such as Snaffler to crawl network share drives for interesting file extensions such as .kdbx, .vmdk, .vdhx, .ppk, etc

• We can search the file system or share drive(s) manually using the following commands from this cheatsheet.

• DB Browser for SQLite open sqllite files for inspection.

• tool such as SharpChrome to retrieve cookies and saved logins from Google Chrome.

• MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). MailSniper.

• LaZagne tool (Credentials recovery project).

• SessionGopher to extract saved PuTTY, WinSCP, FileZilla, SuperPuTTY, and RDP credentials.

• tool net-creds to sniff passwords and hashes from a live interface or a pcap file.

• Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

• Inveigh, or InveighZero .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers.