Closed Viss closed 10 years ago
That is a very good idea. I noticed a small issue with ntlmv2 hashes in my last pen test so I need to work on that part of the code anyway. I think I can get that added pretty easily. On Oct 15, 2014 10:10 PM, "Viss" notifications@github.com wrote:
It would be SUPER AMAZING to have an option to log all the captured hashes to a file automatically, so they could be handed over to a cracking program right away - I had to tee the output of the cmdline (node snarf.js 2>&1 | tee log.txt) so that I could keep the hashes.
— Reply to this email directly or view it on GitHub https://github.com/purpleteam/snarf/issues/5.
that would rule! also, what would be really epic, would be to have an auto-pwner, that would, for example, attempt to run something using wincmd or smbclient in the background..
You know, in case you just want to shell everything you see :D
OK, I have added this feature. Snarf will now open a file named "snarf.pot" in append mode and write out any hashes it finds. I also fixed a bug in identifying the server hash (I noticed this in a recent assessment, where the server challenge would be "undefined"). This should really help hash collecting.
Your second idea is an excellent one. We have had a back-burner idea to add for awhile that we've been calling "pouncers". You could define a local file with JavaScript functions that are called at different points in the middler's lifecycle. We want to provide a little handy API for doing things like calling external tools (like winexe in an xterm? smbclient with commands? creat/start services?).
Hopefully coming soon!
It would be SUPER AMAZING to have an option to log all the captured hashes to a file automatically, so they could be handed over to a cracking program right away - I had to tee the output of the cmdline (node snarf.js 2>&1 | tee log.txt) so that I could keep the hashes.