6

CredNinja – Test Credential Validity of Dumped Credentials or Hashes

 2 years ago
source link: https://www.darknet.org.uk/2022/01/credninja-test-credential-validity-of-dumped-credentials-or-hashes/?amp%3Butm_medium=social&%3Butm_campaign=darknetfeed
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

CredNinja – Test Credential Validity of Dumped Credentials or Hashes

Last updated: January 5, 2022 | 2,109 views

CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.

CredNinja - Test Credential Validity of Dumped Credentials or Hashes

At the core of it, you provide it with a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (the author suggests scanning for port 445 first, or you can use “–scan”). It will tell you if the credentials you dumped are valid on the domain, and if you have local administrator access to a host.

Usage of CredNinja to Test Credential Validity of Dumped Credentials or Hashes

   .d8888b.                       888 888b    888 d8b           d8b          
  d88P  Y88b                      888 8888b   888 Y8P           Y8P          
  888    888                      888 88888b  888                            
  888        888d888 .d88b.   .d88888 888Y88b 888 888 88888b.  8888  8888b.  
  888        888P"  d8P  Y8b d88" 888 888 Y88b888 888 888 "88b "888     "88b
  888    888 888    88888888 888  888 888  Y88888 888 888  888  888 .d888888
  Y88b  d88P 888    Y8b.     Y88b 888 888   Y8888 888 888  888  888 888  888
   "Y8888P"  888     "Y8888   "Y88888 888    Y888 888 888  888  888 "Y888888
                                                             888P"          
                    v2.3 (Built 1/26/2018) - Chris King (@raikiasec)
                         For help: ./CredNinja.py -h
usage: CredNinja.py -a accounts_to_test.txt -s systems_to_test.txt
                    [-t THREADS] [--ntlm] [--valid] [--invalid] [-o OUTPUT]
                    [-p PASSDELIMITER] [--delay SECONDS %JITTER]
                    [--timeout TIMEOUT] [--stripe] [--scan]
                    [--scan-timeout SCAN_TIMEOUT] [-h] [--no-color] [--os]
                    [--domain] [--users] [--users-time USERS_TIME]
Quickly check the validity of multiple user credentials across multiple
servers and be notified if that user has local administrator rights on each
server.
Required Arguments:
  -a accounts_to_test.txt, --accounts accounts_to_test.txt
                        A word or file of user credentials to test. Usernames
                        are accepted in the form of "DOMAIN\USERNAME:PASSWORD"
  -s systems_to_test.txt, --servers systems_to_test.txt
                        A word or file of servers to test against. This can
be a single system, a filename containing a list of
systems, a gnmap file, or IP addresses in cidr notation.
Each credential will be tested against each of these
                        servers by attempting to browse C$ via SMB
Optional Arguments:
  -t THREADS, --threads THREADS
                        Number of threads to use. Defaults to 10
  --ntlm                Treat the passwords as NTLM hashes and attempt to
                        pass-the-hash!
  --valid               Only print valid/local admin credentials
  --invalid             Only print invalid credentials
  -o OUTPUT, --output OUTPUT
                        Print results to a file
  -p PASSDELIMITER, --passdelimiter PASSDELIMITER
                        Change the delimiter between the account username and
                        password. Defaults to ":"
  --delay SECONDS %JITTER
                        Delay each request per thread by specified seconds
                        with jitter (example: --delay 20 10, 20 second delay
                        with 10% jitter)
  --timeout TIMEOUT     Amount of seconds wait for data before timing out.
                        Default is 15 seconds
  --stripe              Only test one credential on one host to avoid spamming
                        a single system with multiple login attempts (used to
                        check validity of credentials). This will randomly
                        select hosts from the provided host file.
  --scan                Perform a quick check to see port 445 is available on
                        the host before queueing it up to be processed
  --scan-timeout SCAN_TIMEOUT
                        Sets the timeout for the scan specified by --scan
                        argument. Default of 2 seconds
  -h, --help            Get help about this script's usage
  --no-color            Turns off output color. Written file is always
                        colorless
Additional Information Retrieval:
  --os                  Display the OS of the system if available (no extra
                        request is being sent)
  --domain              Display the primary domain of the system if available
                        (no extra request is being sent)
  --users               List the users that have logged in to the system in
                        the last 6 months (requires LOCAL ADMIN). Returns
                        usernames with the number of days since their home
                        directory was changed. This sends one extra request to
                        each host
  --users-time USERS_TIME
                        Modifies --users to search for users that have logged
                        in within the last supplied amount of days (default
                        100 days)

The tool really shines on large networks where it can parse a large amount of hosts quite quickly.

It is intended to be run on Kali Linux

You can download CredNinja here:

CredNinja-master.zip

Or read more here.

Posted in: Hacking Tools

Latest Posts:

CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool

January 24, 2022 - 15 Shares

CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.

January 5, 2022 - 20 Shares

assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.

December 30, 2021 - 16 Shares

Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.

August 31, 2021 - 291 Shares

Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

July 7, 2021 - 205 Shares

Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.

May 27, 2021 - 323 Shares
Comments are closed.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK