module
Lansweeper Credential Collector
| Disclosed | Created |
|---|---|
| N/A | 2018-05-30 |
Disclosed
N/A
Created
2018-05-30
Description
Lansweeper stores the credentials it uses to scan the computers
in its Microsoft SQL database. The passwords are XTea-encrypted with a
68 character long key, in which the first 8 characters are stored with
the password in the database and the other 60 is static. Lansweeper, by
default, creates an MSSQL user "lansweeperuser" with the password is
"mysecretpassword0*", and stores its data in a database called
"lansweeperdb". This module will query the MSSQL database for the
credentials.
in its Microsoft SQL database. The passwords are XTea-encrypted with a
68 character long key, in which the first 8 characters are stored with
the password in the database and the other 60 is static. Lansweeper, by
default, creates an MSSQL user "lansweeperuser" with the password is
"mysecretpassword0*", and stores its data in a database called
"lansweeperdb". This module will query the MSSQL database for the
credentials.
Authors
sghctoma tamas.szakaly@praudit.hu
eq balazs.bucsay@praudit.hu
calderpwn calderon@websec.mx
eq balazs.bucsay@praudit.hu
calderpwn calderon@websec.mx
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.