[Tutorial] Net-Creds sniff passwords
by V1NC3NT - December 10, 2020 at 05:51 PM
#1
[Image: GH2op5P.gif]
Net-Creds: Sniff passwords and hashes from the interface or from the pcap file
This article introduces you to the Net-Creds utility. This utility carefully sniffs passwords and hashes from the interface or from the pcap file. Consolidates fragmented packets and does not rely on ports to identify a service.

What a sniff:Β 

- Visited URLs
- sent POST requests
- logins / passwords from HTTP forms
- logins / passwords for basic HTTP authentication
- HTTP searches
- FTP logins / passwords
- logins / passwords IRC
- POP logins / passwords
- IMAP logins / passwords
- Telnet logins / passwords
- SMTP logins / passwords
- [SNMP] (https://ru.wikipedia.org/wiki/SNMP) community string (general string)
- all supported protocols NTLMv1 / v2 like HTTP, SMB, LDAP, etc.
- [Kerberos] (https://ru.wikipedia.org/wiki/Kerberos)

> Homepage: https://github.com/DanMcInerney/net-creds

Installation on Linux:
git clone https://github.com/DanMcInerney/net-creds.git
cd net-creds/
./net-creds.py

Reference
[Image: 71b10f84cdee47ecf087b.png]

Using:
net-creds.py [-h] [-i INTERFACE] [-p PCAP] [-f FILTERIP] [-v]


Optional arguments:
-h, --help show this help message and exit
-i INTERFACE, --interface INTERFACE
Select interface
-p PCAP, --pcap PCAP Parse information from pcap file; -p <pcap_file_name>
-f FILTERIP, --filterip FILTERIP
Do not sniff packets from this IP address; -f
192.168.0.4
-v, --verbose Show full URLs and POST requests instead of
trim them at 100 characters


Net-Creds startup examples

[Image: a792d1af5a94e83eaba9e.png]

Automatically detect the sniffing interface

sudo python net-creds.py

Select eth0 as interface

sudo python net-creds.py -i eth0

Ignore packets to and from 192.168.0.2

sudo python net-creds.py -f 192.168.0.2

Read from pcap
python net-creds.py -p pcapfile


[Image: GH2op5P.gif]
Reply
#2
nice post very useful :)
Reply

 Users browsing this thread: 1 Guest(s)