Credtester is a command-line tool that allows you to test the validity of username and password for multiple Microsoft services.
Credtester is built for use in offensive security reporting. The tool has the following features:
Example output from the tool and its usage is shown below:
If authentication is successful, the plaintext password used will be replaced with
[REDACTED]. If authentication fails, the entered plaintext password will be displayed
Credtester supports all major operating systems and can be installed for the PyPi using the following command:
pip3 install credtester
Alternatively, you can install the tool from source and use it with Poetry. This is ideal for development:
git clone https://github.com/Summertime2022/credtester.git cd credtester poetry shell && poetry install
Credtester supports the following protocols:
Once installed all modules will be executed in a format similar to what is shown below:
credtester smb acme.com/user:firstname.lastname@example.org
If you don't want to specify the password in your command, simply execute something similar to the following:
credtester ldap email@example.com
After hitting enter, you will be prompted to enter a password.
Users can also now calculate the entropy of the input password and display the results in the output table. The library password-strength is used to accomplish this. The flag
-cs can be added to any command to check and display the password strength of passwords input that allowed for successful authentication.
ct --help Usage: ct [OPTIONS] COMMAND [ARGS]... Never blur screenshots again! Options: --help Show this message and exit. Commands: ews Test credentials against an EWS service. ldap Test credentials against an LDAP service. mss Test credentials against multiple Microsoft services. ntlm Test credentials against an NTLM endpoint. smb Test credentials against an SMB service.
Some notes on each module are below:
The EWS module can be used to test for successful authentication while targeting Microsoft Exchange and Office365. If testing Exchange, the table displayed will be different dependent on if the user has a mailbox:
If you are targeting O365, note that you will need to specify the target as:
The LDAP module can be used to test credentials while targeting Microsoft directory services. If LDAP (plaintext) authentication is unsuccessful due to connection restrictions, the tool will fall back and attempt to authenticate via LDAPS (encrypted)
This module is based on the tool msspray. When using this module, the credentials entered will be attempted against a sizeable list of Microsoft cloud authentication endpoints.
This module can and will account for authentication errors such as:
If any of the attempts made to authenticate are even partially successful, the password will be obscured from output.
This module allows you to specify a specific directory on a webserver and authenticate using NTLM over HTTP. The help menu for this module is shown below:
Usage: ct ntlm [OPTIONS] TARGET Test credentials against an NTLM endpoint. Options: -p, --path TEXT Path of the NTLM endpoint if required. -h, --help Show this message and exit.
--path option shown above. If a path is not specified, the root of the webserver is used.
This module simply allows you to test credentials against an SMB service. Nothing else to note here.
Some planned features coming in the next release: