search

DanMcInerney / icebreaker

Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
MIT License
1.18k stars 170 forks source link

Allow user to specify added username/password #6

Open rewardone opened 6 years ago

rewardone commented 6 years ago

Just an enhancement/extra thing to work on for the future. It would be nice to be able to specify the added username and password if exploitation is successful. It will be useful in larger scope engagements where 'icebreaker' will not be quite as stealthy and the password can follow domain password complexity requirements.

Also reduce the possibility that third parties can potentially access internet facing devices that have had the icebreaker account added with the hardcoded credentials.

*Edit for grammar

DanMcInerney commented 6 years ago

Good idea. I'll add this in the near future.