shellcode33 / credslayer Goto Github PK

We could interface NCM with Wireshark so that people can easily extract credentials and keep using their favorite network capture software

Hey,

I have installed CredSlayer fine - the documentation is really easy to follow, thanks for that.

I can get CredSlayer to listen on Wlan0 - but how can I test if it is working properly? I go to http sites on other clients, like my routers login page - but it does not capture that input? Should it?

Likewise, if I check Outlook on other clients, should it capture the hashes if using POP / IMAP?

I have used Responder before, which works to capture NTLM hashes on my Windows based machine - so wondering if it should be working similar?

Should I use CredSlayer with a wireless device in monitor mode, will that give a greater degree of success? Thanks

At the logger level ?

Hey there!

Major fan of the project and what you've done here, but I prefer raw data some of the time. With the validation of credentials, it still misses some data that could be useful to a security engineer or other pentester. What I'm asking for here, I'm perfectly willing to write and hand on over to you if you're willing.

TL;DR
--no-validation would disable validation and show all data
--validation would enable validation

Thanks!
Jack

Right now, if the Authorization header si sent coupled with an auth through POST/GET parameters, only the Authorization header will be logged

https://github.com/DanMcInerney/net-creds/blob/master/net-creds.py#L58

Since version 0.5 from pyshark, the layer attribute has been refactored (corresponding PR). This breaks CredSLayer :

>     from credslayer.core import manager
>   File "/nix/store/69wa5yn50jr3wsw8072zrbqpksxsl0x5-credslayer-0.1.2/lib/python3.10/site-packages/credslayer/core/manager.py", line 14, in <module>
>     from credslayer.parsers import parsers, ntlmssp
>   File "/nix/store/69wa5yn50jr3wsw8072zrbqpksxsl0x5-credslayer-0.1.2/lib/python3.10/site-packages/credslayer/parsers/__init__.py", line 17, in <module>
>     module = import_module("credslayer.parsers." + module_name)
>   File "/nix/store/fkcl1wzq3106qqgl84bhgk1lp56q6bzg-python3-3.10.7/lib/python3.10/importlib/__init__.py", line 126, in import_module
>     return _bootstrap._gcd_import(name[level:], package, level)
>   File "/nix/store/69wa5yn50jr3wsw8072zrbqpksxsl0x5-credslayer-0.1.2/lib/python3.10/site-packages/credslayer/parsers/ldap.py", line 2, in <module>
>     from pyshark.packet.layer import Layer
> ModuleNotFoundError: No module named 'pyshark.packet.layer'