Discovering public passwords in Active Directory

Okay, so the story that motivated me for this article was that I found some password in public text fields during a pentest on a Active directory lab during my cybersecurity internship. I decided to automate this task because I didn’t find any tool to do it. (feel free to tell me if it exists already)

Passwords in disguise

So, this situation is pretty rare, but it can happen that forgetful administrators might have saved passwords in plaintext in AD public text fields, specifically in the description fields. This may be because they wanted it back quickly after a short period, or because they simply forgot about it.

Introducing the crumbs finder: Crumby

But what if we could automate this search? Sounds good, right? Enter Crumby, a simple tool that I’ve been fiddling with. Crumby, in a nutshell, scans through the AD environment, hunting down those rogue plaintext passwords and even sprays them against all user accounts for possible matches.

Now, before you start testing it, let me assure you that’s not a game changer at all ! Perhaps it exists and it’s as straightforward as it gets. But hey, even the simplest of tools can be potent when used right !

Using crumby

All the details can be found in the github repo : Crumby

Enjoy 👋