Web Application Security

PasswordDump2ELK – Dump password ELK

0
elasticsearch

Clean public password dump files and store in ELK.

Background

Cleans and reformats publicly leaked password dumps (LeakBase, Exploit.in, etc.) into an ELK stack. Project includes the sanitize script, as well as the logstash config file. It does not install ELK for you.

Passwords, passwords, passwords: end users and defenders hate them, attackers love them. Despite the recent focus on stronger authentication forms by defenders, passwords are still the predominant way to get access to systems. And due to the habit of end users reusing passwords, and the multitude of public leaks in the last few years, they serve as an important attack vector in the red teamer’s arsenal. Find accounts of target X in the many publicly available dumps, try these passwords or logical iterations of it (Summer2014! might very well be Winter2018! at a later moment) on a webmail or other externally accessible portals, and you may have got initial access to your target’s systems. Can’t find any accounts of your target in the dump? No worries, your intel and recon may give you private email addresses that very well may be sharing the password with the target’s counter parts.

Download PasswordDump2ELK

RedGhost – Linux post exploitation framework

Previous article

ToRat – Cross Platform Remote Administration tool

Next article

You may also like

Comments

Leave a reply

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir