Saturday, June 7, 2014

More on PCredz..

Pcredz was designed to dump useful information on the fly, from a pcap file or from a pcap directory.
Unlike tools like, for example Breachprobe, Pcredz is highly effective and fast just to meet your pentest needs.

What Pcredz does right now from a live interface or pcap file: 
  • Identify Card Holder Data (CHD) on any port.
  • Dump NTLMv1/v2 (DCE-RPC,SMBv1/2,LDAP,MSSQL,HTTP,etc) hashes on any protocol and port.
  • Dump Kerberos (AS-REQ Pre-Auth etype 23) hashes (TCP/UDP 88).
  • Dump HTTP Basic (any port).
  • Dump POP credentials.
  • Dump SMTP credentials.
  • Dump IMAP credentials.
  • Dump SNMP community strings.
  • Dump FTP credentials.
All hashes are displayed in hashcat format (use -m 7500 for kerberos, -m 5500 for NTLMv1, -m 5600 for NTLMv2).
All credentials are logged to a file (CredentialDump-Session.log).

Pcredz was designed to be highly efficient, specifically with ARP poisoning attacks.
More details and download link:
Github: https://github.com/lgandx/PCredz/