Unsecured Credentials

MITRE ATT&CK, Credential Access, Technique T1552

Finding Credentials with MANSPIDER

# MANSPIDER installation:
sudo apt install tesseract tesseract-data-eng antiword pip install pipx pipx install man-spider

# Regex search for the following variables:
manspider.py $ip -d $domain -u $user -p $password -f passw user admin account network login logon cred

# Regex search in XLSX files:
manspider.py $target -d $domain -u $user -p $password -c password -e xlsx

# Perform a search by passing the hash of a user:
manspider.py $target -d $domain -u $user -H $hash -f passw user admin account network login logon cred

Hunting with SMBeagle

# Hunt for shares and scan the domain SMBEagle fast mode
./SMBeagle.exe -c out.csv -f

References

Last updated