In organization networks, it is common to find passwords in random files (logs, config files, personal documents, Office documents, ...). Other credential dumping techniques (SAM & LSA, NTDS.dit, some web browsers, ...) could be considered as sub-techniques of credential dumping from files. This recipe focuses on the techniques that allow to gather password and sensitive information from generic and random files other than the ones involved in the sub-techniques mentioned before.
manspider.py --threads 50 $IP_RANGE/$MASK -d $DOMAIN -u $USER -p $PASSWORD --content "set sqlplus" "password ="
Manually, shares can be mounted and grepped for interesting information.
From Windows systems, the following commands should help find interesting information across local files and network shares.
findstr /snip password *.xml *.ini *.txt
findstr /snip password *
Find-InterestingFile -LastAccessTime (Get-Date).AddDays(-7)
Find-InterestingFile -Include "private,confidential"
Find-InterestingFile -Path "\\$SERVER\$Share" -OfficeDocs
# Snaffle all the computers in the domain
./Snaffler.exe -d domain.local -c <DC> -s
# Snaffle specific computers
./Snaffler.exe -n computer1,computer2 -s
# Snaffle a specific directory
./Snaffler.exe -i C:\ -s