Just an enhancement/extra thing to work on for the future. It would be nice to be able to specify the added username and password if exploitation is successful. It will be useful in larger scope engagements where 'icebreaker' will not be quite as stealthy and the password can follow domain password complexity requirements.
Also reduce the possibility that third parties can potentially access internet facing devices that have had the icebreaker account added with the hardcoded credentials.
Just an enhancement/extra thing to work on for the future. It would be nice to be able to specify the added username and password if exploitation is successful. It will be useful in larger scope engagements where 'icebreaker' will not be quite as stealthy and the password can follow domain password complexity requirements.
Also reduce the possibility that third parties can potentially access internet facing devices that have had the icebreaker account added with the hardcoded credentials.
*Edit for grammar