gimmecredz: quickly dump all credz

by do son · December 31, 2018

Objective

This tool can help pentesters to quickly dump all credz from known location, such as .bash_history, config files, wordpress credentials, and so on… This is not a hacking tool, just a collection of well-known files with password in them. The password can be in clear, base64 or enciphered form. It’s up to the pentester to use them, decode them or change them. This tool can be launch by root or any users, it will autodetect file access and adapt accordingly.

Goals

this tool is in bash because bash is everywhere, and I wanted it to be the most compatible with all pwned systems without having to install any third party lib/shell/script language.
this tool should be easy to read/tweak and easy to add new password dumps
this tool should not be taken too seriously
this tool uses mainly bash with a little bit of grep (egrep), find and some other usual tools.
I don’t care if this tool fails softly on one or another files. I prefer a simple tool with little fails than an heavier tool bloated with failchecks and sanity verification.
this tool should work quick, for this reason I don’t want some hasardous find, such as: find / -type f -exec grep password {} \; find is limited with maxdepth 3 at most
this tool should be autodocumented. Read it.
this tool is not sponsored by the NSA and won’t send your credz to any thirdparty.

Usage

Easy usage:

wget https://raw.githubusercontent.com/0xmitsurugi/gimmecredz/master/gimmecredz.sh
chmod +x gimmecredz.sh
./gimmecredz.sh

Or, for the l33t:

$ curl https://raw.githubusercontent.com/0xmitsurugi/gimmecredz/master/gimmecredz.sh | bash

Check the start of the script. You can set vars. Currently, you can force to check root-owned files even if you are using (in hope of misconfiguration of the targets). You can also put a script in verbose where it shows everything, even failures.