Credentials Theft/ Win

Credentials Theft

  • In an Active Directory environment, we can use a tool such as Snaffler to crawl network share drives for interesting file extensions such as .kdbx, .vmdk, .vdhx, .ppk, etc

  • We can search the file system or share drive(s) manually using the following commands from this cheatsheet.

  • DB Browser for SQLite open sqllite files for inspection.

  • tool such as SharpChrome to retrieve cookies and saved logins from Google Chrome.

  • MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). MailSniper.

  • LaZagne tool (Credentials recovery project).

  • SessionGopher to extract saved PuTTY, WinSCP, FileZilla, SuperPuTTY, and RDP credentials.

  • tool net-creds to sniff passwords and hashes from a live interface or a pcap file.

  • Responder Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

  • Inveigh, or InveighZero .NET IPv4/IPv6 machine-in-the-middle tool for penetration testers.

PreviousObfuscationNextContent Management Systems (CMS)

Last updated