Search for Remote passwords in Text|LogFiles Recursive
This Module allows attackers to Remote Search in 'Text|LogFiles' for password strings (pass, passwd, password) starting in User Input Directory recursive (sub-directorys are also scanned for creds).
[url] Credential Dumping - Mitre ATT&CK T1044
Remark
- The Module Used in this article requires the Client to be executed with Administrator Privs
- This article its written using 'new windows terminal', Skip '
step 1' if your not planning to use it.
- Instructions how to Install 'meterpeter' under new windows terminal can be review
<here>
Article Quick Jump List
- meterpeter - Config new terminal windows to use meterpeter
- meterpeter - Search for password strings in text|logfiles
1º - Press 'Settings' in new terminal console
2º - add the follow line to your 'profiles.json' file
- Instructions how to Install meterpeter under new terminal can be review here
-
Jump To Top
1º - Sellect meterpeter 'PostExploit' Module
2º - Sellect meterpeter 'ListPas' Module
This module will ask attacker to 'input the starting directory' were to start searching inside 'Text|Logs' files 'Recursive' for the strings: 'pass', 'passwd', 'password'.
3º - Press 'CTRL+F' in your keyboard to use the 'Search' Function.
This 'new windows terminal' keyboard shortcut allow us to fast identify strings in large files.
- Instructions how to Install meterpeter under new terminal can be review here
-
Jump To Top
- TODO: Add option to allow users to input a string to search