PCredz: extracts Credit card numbers, NTLM, Kerberos, HTTP Basic, etc from a pcap file/from a live interface

by do son · Published December 24, 2018 · Updated December 24, 2018

PCredz

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

PCredz

Features

Extract from a pcap file or from a live interface:
- Credit card numbers
- POP
- SMTP
- IMAP
- SNMP community string
- FTP
- HTTP
- NTLMv1/v2 (DCE-RPC,SMBv1/2,LDAP, MSSQL, HTTP, etc)
- Kerberos (AS-REQ Pre-Auth etype 23) hashes.
All hashes are displayed in a hashcat format (use -m 7500 for Kerberos, -m 5500 for NTLMv1, -m 5600 for NTLMv2).
Log all credentials to a file (CredentialDump-Session.log).

Install

Linux

On a Debian based OS bash:

apt-get install python-libpcap
git clone https://github.com/lgandx/PCredz.git

On Kali, you will need to:

apt-get remove python-pypcap && apt-get install python-libpcap
git clone https://github.com/lgandx/PCredz.git

OSX and other distributions

wget http://downloads.sourceforge.net/project/pylibpcap/pylibpcap/0.6.4/pylibpcap-0.6.4.tar.gz
tar xvf pylibpcap-0.6.4.tar.gz
cd pylibpcap-0.6.4
python setup.py install
git clone https://github.com/lgandx/PCredz.git

Usage

  -h, --help          show this help message and exit

  -f capture.pcap     Pcap file to parse

  -d /home/pnt/pcap/  Pcap directory to parse recursivly

  -i eth0             interface for live capture

  -v                  More verbose.

# extract credentials from a pcap file

./Pcredz -f file-to-parse.pcap



# extract credentials from all pcap files in a folder

./Pcredz -d /tmp/pcap-directory-to-parse/



# extract credentials from a live packet capture on a network interface

./Pcredz -i eth0

Source: https://github.com/lgandx/