![]() ![]() Once you run the script, you’ll see a CredentialDump-Session.log file in the PCredz directory. ![]() A word of caution, the PCredz script is actually Pcredz (lowercase c), menaing you’ll have to run.-i: use the specified interface to capture credentials in real time.-d: run PCredz on all pcap files in the specified directory.If you change into the PCredz directory, you’ll find only two files - the PCredz script and the README. Once I cloned the code to a place it was easily accessible (my desktop), I began running it against my pcap files. This is useful when conducting onsite assessments and you’re conducting a routine packet capture you could run PCredz right along side it. It’s versatile in that it can parse through a single pcap file, a whole directory containing multiple pcap files, or intercept from an interface in real time. It’s recursive parsing function makes it very easy to unleash the script on a directory of pcap. I used it on a variety of file sizes, the largest being ~50Mb and it had no issues. It worked relatively fast and I wasn’t stuck waiting forever for the scan to complete. It can detect a variety of credential types, including NTLMv1/v2 and Kerberos hashes, credit card numbers, POP, SMTP, IMAP, SNMP community strings, FTP, and HTTP credentials. You can also find lgandx on Twitter here script worked really well and I will be using it as much as I can in the future. Some Googling brought me to PCredz, a python script written by lgandx. Obviously, Wireshark was at the forefront of my mind, but I wanted something a bit more automated to do some basic analysis before diving in with Wireshark. I recently had to do some analysis on large packet capture files. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |