Unsecured Credentials

MITRE ATT&CK, Credential Access, Technique T1552

Finding Credentials with MANSPIDER

# MANSPIDER installation:
sudo apt install tesseract tesseract-data-eng antiword pip install pipx pipx install man-spider

# Regex search for the following variables:
manspider.py $ip -d $domain -u $user -p $password -f passw user admin account network login logon cred

# Regex search in XLSX files:
manspider.py $target -d $domain -u $user -p $password -c password -e xlsx

# Perform a search by passing the hash of a user:
manspider.py $target -d $domain -u $user -H $hash -f passw user admin account network login logon cred

GitHub - blacklanternsecurity/MANSPIDER: Spider entire networks for juicy files sitting on SMB shares. Search filenames or file content - regex supported!GitHub

Hunting with SMBeagle

# Hunt for shares and scan the domain SMBEagle fast mode
./SMBeagle.exe -c out.csv -f

GitHub - punk-security/smbeagle: SMBeagle - Fileshare auditing tool.GitHub

References

Sprocket Security | How to limit cleartext password storage and fix…Sprocket Security

PreviousKerberos Tickets NextWDigest

Last updated 1 year ago