Skip to main content

snaffler.exe

snaffler absolutely rules and finding good SMB share treasures!

Spawn a "runas" box

You'll want to spawn a "runas" command window under the context of your test Active Directory account. Syntax for that is here.

General domain-wide snaffling

snaffler.exe -s -d domain.com -c THE.DC.IP.ADDRESS -o snaffy.log -m folder-to-dump-files-to
caution

I've found that sometimes snaffler gets processor-heavy and kicks me out of my remote session to the Windows VM. So I sometimes like to limit the threads with -x. The Snaffler FAQ says Don't set it to below 4 or s*** will break so I like to do -x 4. I've played with 7 because it's my favorite number but even that tends to cause issues.

Targeted snaff of a specific machine share

snaffler -s -d domain.com -c IP-OF-DOMAIN-CONTROLLER -o snaffspecific.log -n SOME-SYSTEM -m folder-to-dump-files-to