You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems like the creds that land in the credential store come out of various modules like smb_login and other bruteforce-type modules, but the credentials that tend to be the most juicy are the ones we can get out of kiwi/mimikatz, and it would be super helpful if msf would record those, otherwise its the "hold page up for a while and hope you still have them in backscroll" game.
The text was updated successfully, but these errors were encountered:
msf6 > search Mimikatz
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 auxiliary/admin/kerberos/ms14_068_kerberos_checksum 2014-11-18 normal No MS14-068 Microsoft Kerberos Checksum Validation Vulnerability
1 post/windows/escalate/golden_ticket normal No Windows Escalate Golden Ticket
2 post/windows/gather/credentials/sso normal No Windows Single Sign On Credential Collector (Mimikatz)
3 post/windows/manage/wdigest_caching normal No Windows Post Manage WDigest Credential Caching
Detection of credentials from interactive meterpreter session responses sounds interesting, the existing post module may work as an interim option.
It seems like the creds that land in the credential store come out of various modules like smb_login and other bruteforce-type modules, but the credentials that tend to be the most juicy are the ones we can get out of kiwi/mimikatz, and it would be super helpful if msf would record those, otherwise its the "hold page up for a while and hope you still have them in backscroll" game.
The text was updated successfully, but these errors were encountered: