Credential Hunting

Key Terms to Search

Passwords
Passphrases
Keys

Username

User account

Creds

Users

Passkeys

Passphrases

configuration

dbcredential

dbpassword

pwd

Login

Credentials

Using Lazagne

LogoGitHub - AlessandroZ/LaZagne: Credentials recovery projectGitHub
C:\Users\bob\Desktop> start lazagne.exe all

Using findstr

C:\> findstr /SIM /C:"password" *.txt *.ini *.cfg *.config *.xml *.git *.ps1 *.yml

Here are some other places we should keep in mind when credential hunting:

  • Passwords in Group Policy in the SYSVOL share

  • Passwords in scripts in the SYSVOL share

  • Password in scripts on IT shares

  • Passwords in web.config files on dev machines and IT shares

  • unattend.xml

  • Passwords in the AD user or computer description fields

  • KeePass databases --> pull hash, crack and get loads of access.

  • Found on user systems and shares

  • Files such as pass.txt, passwords.docx, passwords.xlsx found on user systems, shares, Sharepoint

PreviousActive Directory and NTDS.ditNextLinux Local Password Attacks

Last updated