PCredz – Tool to Extract Secret Data From pcap or Traffic

PCredz is a tool that will allow penetration tester to sniff and extract sensitive information from packet capture or live interface. This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

PCredz - Tool to Extract Secret Data From pcap or Captured Traffic
PCredz – Tool to Extract Secret Data From pcap or Captured Traffic

Current supported features and information to be displayed from a pcap file or from a live interface are:

  • Credit card numbers
  • POP
  • SMTP
  • IMAP
  • SNMP community string
  • FTP
  • HTTP
  • NTLMv1 / v2 (DCE-RPC , SMBv1/2 ,LDAP , MSSQL , HTTP , etc)
  • Kerberos ( AS-REQ Pre-Auth etype 23) hashes.
  • All hashes are displayed in a hashcat format (use -m 7500 for kerberos, -m 5500 for NTLMv1, -m 5600 for NTLMv2).
  • Log all credentials to a file (Credential Dump – Session.log).

Sensitive information should never be transmitted or stored without encryption and using one of the above protocols will make all information at risk. While we have several tools that make similar functionality such as Net-Creds user may get better results by running several programs together and compare the output/finding collected from each one.

You can read more and download this tool over here: https://github.com/lgandx/PCredz

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments