Metasploit Integration for Password Auditor

Integration includes a plugin that can be loaded into Metasploit to monitor the database for new hashes and automatically upload them for cracking.

Last week I introduced our new Password Auditor, an internal project I’m working on here at Praetorian. Today, I’m back with a followup screencast that demonstrates one of its major features — Metasploit integration! If you missed the previous screencast, I recommend watching it to get a sense of the tool’s basic functionality.

As you’ll see in the video below, the integration includes a new Metasploit plugin which automates the process between password hash discovery and password hash cracking. As Metasploit populates its database with newly captured password hashes, the plugin will automatically upload those hashes to our Password Auditor for cracking! Options are also available that allow manual hash uploading and the ability to wait for scheduling instructions before cracking.

Feel free to let us know if you have any additional comments or feedback. So far the feedback on our first blog post has been excellent — Thank you!

About the Authors

Editorial Team

Editorial Team

Catch the Latest

Catch our latest exploits, news, articles, and events.

Identifying SQL Injections in a GraphQL API

Read More

Introducing Goffloader: A Pure Go Implementation of an In-Memory COFFLoader and PE Loader

Read More

3CX Phone System Local Privilege Escalation Vulnerability

Read More

Ready to Discuss Your Next Continuous Threat Exposure Management Initiative?

Praetorian’s Offense Security Experts are Ready to Answer Your Questions

Get Started
0 Shares
Copy link
CopyCopied