Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: CredHunter  (Read 3451 times)

0 Members and 1 Guest are viewing this topic.

sujitht

  • Guest
CredHunter
« on: September 28, 2017, 11:45:14 pm »
Sometimes when conducting internal assessments or even simulated attacks, you may want the ability to quickly identify weak credentials in your environment. We often faced this problem which led to the creation of a simple PowerShell script we named CredHunter. We decided to release this script to assist others who might have the same problem.

You should be aware that this script is not opsec safe and will trigger logon events on your target system/domain. We’ve outlined some of the tasks you can use CredHunter to perform below:

1) Find all domain users with password=username:


2) Find all domain accounts with weak passwords using a wildcard:


3) Find weak passwords on accounts with the LDAP AdminCount=1 flag set:


4) Supply a custom set of passwords on the command line:


If you want to leverage this script from a non-interactive command line implant such as CobaltStrike’s beacon, you can use the –DontPrompt flag.