Ye should be fairley familiar wi' running WireShark ane kennin hou tae save the data ye're sniffing tae a .pcap file in order tae use this tool tae extrackit Credit caurd nummers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc.), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc. frae a pcap file or frae a live interface.
Aince ye run WireShark let it sneck the netwurk an save aw the data ye've sneckit intae a .pcap for later review. We can use the PCredz tool tae parse through the .pcap file that we saved when sneckin the netwurk loo'nin for any credit caurd data that may hae been sent o'er plain text an unencrypted. Please note that the encrypted data ye cautious ye'll no be able tae view, obly, so if, for whatev'er reason, the CC data went across the wire unencrypted ye'll be able tae grab it.
Fit a new Terminal an’ tap intae:
Code: Select all
git clone https://github.com/lgandx/PCredz.gitCode: Select all
sudo apt install libpcap-dev python3-pip -y && pip3 install Cython && pip3 install python-libpcapUsage
Extract credentials fae a pcap file:
Code: Select all
cd PCredzCode: Select all
python3 ./Pcredz -f file-to-parse.pcapExtract credentials fae a live packet caipcha on a netwirk interface (ye need root priveligies):
Code: Select all
cd PCredzCode: Select all
python3 ./Pcredz -i eth0 -v