Credential audits are a key part of any pentest. They enable you to identify weak passwords, commonly used passwords, and top base passwords so you can try to use them to compromise additional targets.
During a credentials audit, you collect sensitive data from your targets and store them in your project. From the Pro Console, you can add, delete, and export credential data. The following sections will show you how to manage credential data within a project.
To see a list of all available options for the creds command, type
creds help into your console.
Metasploit allows you to add certain credentials you collect during a pen test to your project. You can add the following credential types:
- User - The username.
- NTLM Hash - The Windows NTLM authentication hash.
- Password - The plain text password.
- Postgres - The MD5 hash of a Postgres database.
- SSH key - The collected SSH key. It must be a file path.
- Hash - A non-replayable hash
- JTR - A John the Ripper hash. https://www.openwall.com/john/
- REALM - A collection of usernames and passwords allowed access to a certain part of a web application.
Add credentials to a project
To add a credential, the enter a command using the following template:
creds <cred-type> <arguments>
For example to add a NTLM hash with a user:
creds add user:admin ntlm:E2FC15074BF7751DD408E6B105741864:A1074A69B1BDE45403AB680504BBDD1
To add a NTLM hash without a user:
creds add ntlm:E2FC15074BF7751DD408E6B105741864:A1074A69B1BDE45403AB680504BBDD1A
Other Credential Commands
creds -h- View all credential options. Includes examples on filtering, deleting, and adding credentials.
creds- Returns a list of all credentials in a project.
creds -p <filter>- Filter by passwords that match this text.
creds -t ntlm- Returns all creds matching NTLM.