monkey/docs/content/usage/use-cases/credential-leak.md

---
title: "Credentials Leak"
date: 2020-08-12T13:04:25+03:00
draft: false
description: "Assess the impact of a successful phishing attack, insider threat, or other form of credentials leak."
weight: 5
---

## Overview 

Numerous attack techniques (from phishing to dumpster diving) might result in a credential leak, 
which can be **extremely costly** as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).

The Infection Monkey can help you assess the impact of stolen credentials by automatically searching 
where bad actors can reuse these credentials in your network.

## Configuration

- **Exploits -> Credentials** After setting up the Monkey Island, add your users' **real** credentials 
(usernames and passwords) here. Don't worry; this sensitive data is not accessible, distributed or used in any way other than being sent to the Infection Monkey agents. You can easily eliminate it by resetting the configuration of your Monkey Island.
- **Internal -> Exploits -> SSH keypair list**  When enabled, the Infection Monkey automatically gathers SSH keys on the current system. 
For this to work, the Monkey Island or initial agent needs to access SSH key files.
To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Infection Monkey
(content of keys will not be displayed, it will appear as `<Object>`).

## Suggested run mode

Execute the Infection Monkey on a chosen machine in your network using the “Manual” run option. 
Run the Infection Monkey as a privileged user to make sure it gathers as many credentials from the system as possible.

![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")

## Assessing results

To assess the impact of leaked credentials see the Security report. Examine **Security report -> Stolen credentials** to confirm.
Split Scenarios into use-cases and extended each use-case 2020-08-13 21:34:35 +08:00			`---`
Updated scenario docs once more, removed IDS/IPS test scenario. 2020-10-23 22:46:23 +08:00			`title: "Credentials Leak"`
Split Scenarios into use-cases and extended each use-case 2020-08-13 21:34:35 +08:00			`date: 2020-08-12T13:04:25+03:00`
Changed draft=true to false and used chilrden shortcode instead of manually listing subpages 2020-08-26 16:51:38 +08:00			`draft: false`
Updated scenario / use case docs 2020-10-23 17:30:38 +08:00			`description: "Assess the impact of a successful phishing attack, insider threat, or other form of credentials leak."`
Updated scenario docs once more, removed IDS/IPS test scenario. 2020-10-23 22:46:23 +08:00			`weight: 5`
Split Scenarios into use-cases and extended each use-case 2020-08-13 21:34:35 +08:00			`---`

			`## Overview`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`Numerous attack techniques (from phishing to dumpster diving) might result in a credential leak,`
Split Scenarios into use-cases and extended each use-case 2020-08-13 21:34:35 +08:00			`which can be extremely costly as demonstrated in our report [IResponse to IEncrypt](https://www.guardicore.com/2019/04/iresponse-to-iencrypt/).`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`The Infection Monkey can help you assess the impact of stolen credentials by automatically searching`
			`where bad actors can reuse these credentials in your network.`
Split Scenarios into use-cases and extended each use-case 2020-08-13 21:34:35 +08:00
			`## Configuration`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`- Exploits -> Credentials After setting up the Monkey Island, add your users' real credentials`
			`(usernames and passwords) here. Don't worry; this sensitive data is not accessible, distributed or used in any way other than being sent to the Infection Monkey agents. You can easily eliminate it by resetting the configuration of your Monkey Island.`
			`- Internal -> Exploits -> SSH keypair list When enabled, the Infection Monkey automatically gathers SSH keys on the current system.`
			`For this to work, the Monkey Island or initial agent needs to access SSH key files.`
			`To make sure SSH keys were gathered successfully, refresh the page and check this configuration value after you run the Infection Monkey`
Split Scenarios into use-cases and extended each use-case 2020-08-13 21:34:35 +08:00			(content of keys will not be displayed, it will appear as `<Object>`).

Updated scenario / use case docs 2020-10-23 17:30:38 +08:00			`## Suggested run mode`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`Execute the Infection Monkey on a chosen machine in your network using the “Manual” run option.`
			`Run the Infection Monkey as a privileged user to make sure it gathers as many credentials from the system as possible.`
Split Scenarios into use-cases and extended each use-case 2020-08-13 21:34:35 +08:00
			`![Exploit password and user lists](/images/usage/scenarios/user-password-lists.png "Exploit password and user lists")`

			`## Assessing results`

Copyedits for usage sections (#965) Copy edits - round 2 2021-02-22 20:06:56 +08:00			`To assess the impact of leaked credentials see the Security report. Examine Security report -> Stolen credentials to confirm.`