CredNinja
CredNinja copied to clipboard
Raikia
A multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter
Tested in a live domain environment and verified working
Using the C# assembly CredNinja, if you pass a password with a comma in it, the creds don't get parsed properly. [Offending code](https://github.com/Raikia/CredNinja/blob/master/CredNinjassembly/CredNinja/CredNinja/Program.cs#L523). ``` Command: CredNinja.exe --creds Domain\Username:Pass,word --hosts 127.0.0.1...
All input files should allow commented out lines to ignore the line
Sometimes you want to limit the number of hosts to scan (random selection out of host file is fine).
Prevent user account lockouts by tracking to see if it was valid previously. If it was valid, don't warn on "invalid creds". if it never was successful, prompt to continue.
If you timestamp NTUSER.DAT inside the user folder, its a lot more accurate than just the home folder itself. However, it would require more than just 1 additional request per...