monkey/docs/content/usage/use-cases/credential-leak.md

---
title: "Credentials Leak"
date: 2020-08-12T13:04:25+03:00
draft: false
description: "Assess the impact of a successful phishing attack, insider threat, or other form of credentials leak."
weight: 5
---

## Overview 

Numerous attack techniques(from phishing to dumpster diving) might result in a credential leak, 
which can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).

Infection Monkey can help assess the impact of stolen credentials by automatically searching 
where these credentials can be reused.

## Configuration

- **Exploits -> Credentials** After setting up the Island add the users’ **real** credentials 
(usernames and passwords) to the Monkey’s configuration (Don’t worry, this sensitive data is not accessible and is not
 distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Island’s configuration).
- **Internal -> Exploits -> SSH keypair list** Monkey automatically gathers SSH keys on the current system. 
For this to work, Monkey Island or initial Monkey needs to have access to SSH key files(grant permission or run Monkey as root).
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Monkey
(content of keys will not be displayed, it will appear as `<Object>`).

## Suggested run mode

Execute the Monkey on a chosen machine in your network using the “Manual” run option. 
Run the Monkey as a privileged user to make sure it gathers as many credentials from the system as possible.

![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")

## Assessing results

To assess the impact of leaked credentials see Security report. It's possible that credential leak resulted in even
more leaked credentials, for that look into **Security report -> Stolen credentials**.
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
+								---
-												Updated scenario docs once more, removed IDS/IPS test scenario.

											
										
										
											2020-10-23 22:46:23 +08:00
+								title: "Credentials Leak"
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
+								date: 2020-08-12T13:04:25+03:00
-												Changed draft=true to false and used chilrden shortcode instead of manually listing subpages

											
										
										
											2020-08-26 16:51:38 +08:00
+								draft: false
-												Updated scenario / use case docs

											
										
										
											2020-10-23 17:30:38 +08:00
+								description: "Assess the impact of a successful phishing attack, insider threat, or other form of credentials leak."
-												Updated scenario docs once more, removed IDS/IPS test scenario.

											
										
										
											2020-10-23 22:46:23 +08:00
+								weight: 5
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
+								---
 								## Overview
 								Numerous attack techniques(from phishing to dumpster diving) might result in a credential leak,
 								which can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).
 								Infection Monkey can help assess the impact of stolen credentials by automatically searching
 								where these credentials can be reused.
 								## Configuration
 								- **Exploits -> Credentials** After setting up the Island add the users’ **real** credentials
 								(usernames and passwords) to the Monkey’s configuration (Don’t worry, this sensitive data is not accessible and is not
 								 distributed or used in any way other than being sent to the monkeys, and can be easily eliminated by resetting the Monkey Island’s configuration).
 								- **Internal -> Exploits -> SSH keypair list** Monkey automatically gathers SSH keys on the current system.
 								For this to work, Monkey Island or initial Monkey needs to have access to SSH key files(grant permission or run Monkey as root).
 								To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Monkey
 								(content of keys will not be displayed, it will appear as `<Object>`).
-												Updated scenario / use case docs

											
										
										
											2020-10-23 17:30:38 +08:00
+								## Suggested run mode
-												Updated scenario docs once more, removed IDS/IPS test scenario.

											
										
										
											2020-10-23 22:46:23 +08:00
+								Execute the Monkey on a chosen machine in your network using the “Manual” run option.
 								Run the Monkey as a privileged user to make sure it gathers as many credentials from the system as possible.
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
 								![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")
 								## Assessing results
-												Updated scenario docs once more, removed IDS/IPS test scenario.

											
										
										
											2020-10-23 22:46:23 +08:00
+								To assess the impact of leaked credentials see Security report. It's possible that credential leak resulted in even
-												Split Scenarios into use-cases and extended each use-case

											
										
										
											2020-08-13 21:34:35 +08:00
+								more leaked credentials, for that look into **Security report -> Stolen credentials**.