Search the Community
Showing results for tags 'credentials'.
-
A tool to spray Shadow Credentials across an entire domain in hopes of abusing long-forgotten GenericWrite/GenericAll DACLs over other objects in the domain. Why this tool In a lot of engagements, I see (in BloodHound) that the group “Everyone” / “Authenticated Users” / “Domain Users” or some other wide group, which contains almost all the users in the domain, has some GenericWrite/GenericAll DACLs over other objects in the domain. [hide][Hidden Content]]
-
- shadowspray:
- spray
-
(and 2 more)
Tagged with:
-
Masky is a python library providing an alternative way to remotely dump domain users’ credentials thanks to an ADCS. A command line tool has been built on top of this library in order to easily gather PFX, NT hashes, and TGT on a larger scope. This tool does not exploit any new vulnerability and does not work by dumping the LSASS process memory. Indeed, it only takes advantage of legitimate Windows and Active Directory features (token impersonation, certificate authentication via Kerberos & NT hashes retrieval via PKINIT). A blog post was published to detail the implemented technics and how Masky works. [hide][Hidden Content]]
-
SharpHook is inspired by the SharpRDPThief project, It uses various API hooks in order to give us the desired credentials. In the background it uses the EasyHook project, Once the desired process is up and running SharpHook will automatically inject its dependencies into the target process and then, It will send us the credentials through EasyHook’s IPC server. [hide][Hidden Content]]
-
- 1
-
- sharphook:
- uses
-
(and 5 more)
Tagged with:
-
Credential Digger is a GitHub scanning tool that identifies hardcoded credentials (Passwords, API Keys, Secret Keys, Tokens, personal information, etc), filtering the false positive data through machine learning models. It supports Python 3.6 and works only with LINUX systems. Architecture Credential Digger finds credentials hardcoded in a repository. The tool is composed of: Postgres database Python client User interface [hide][Hidden Content]]
-
- 2
-
- credential
- digger:
-
(and 3 more)
Tagged with:
-
Exploits Zyxel NWA/NAP/WAC Hardcoded Credentials
1337day-Exploits posted a topic in Updated Exploits
An FTP service runs on the Zyxel wireless access point that contains the configuration file for the WiFi network. This FTP server can be accessed with hard-coded credentials that are embedded in the firmware of the AP. When the WiFi network is bound to another VLAN, an attacker can cross the network by fetching the credentials from the FTP server. View the full article-
- zyxel
- nwa/nap/wac
-
(and 2 more)
Tagged with:
-
ProGrade/Lierda Grill Temperature version 1.00_50006 suffers from having hard-coded credentials that allow for denial of service and information disclosure attacks. View the full article
-
- prograde/lierda
- grill
-
(and 4 more)
Tagged with:
-
Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials. It was developed to raise awareness and educate about the importance of properly configured RDP connections in the context of pentests, workshops or talks. The author is Adrian Vollmer (SySS GmbH). Disclaimer Use at your own risk. Do not use without full consent of everyone involved. For educational purposes only. [HIDE][Hidden Content]]
-
A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in a hard-coded, in the exposure of a privileged user. An attacker can activate snmpd without any configuration changes to trigger this vulnerability. View the full article
-
Siglent Technologies SDS 1202X-E Digital Oscilloscope version 5.1.3.13 suffers from multiple security vulnerabilities including hardcoded backdoor accounts, missing authentication, and more. View the full article
-
- siglent
- technologies
-
(and 7 more)
Tagged with:
-
FLIR AX8 thermal sensor camera devices version 1.32.16 utilize hard-coded credentials within its Linux distribution image. These sets of credentials (SSH) are never exposed to the end-user and cannot be changed through any normal operation of the camera. Attacker could exploit this vulnerability by logging in using the default credentials for the web panel or gain shell access. View the full article