# snaffler.exe [snaffler](https://github.com/SnaffCon/Snaffler) absolutely rules and finding good SMB share treasures! !!!warning I've been having Snaffler performance problems where no matter what I do, the processor and/or memory slowly max out. A few things that helped: * Make sure the snafflin' system has at least 16GB of RAM * See [this GitHub issue!](https://github.com/SnaffCon/Snaffler/issues/178). TLDR: turn off Windows Defender real-time protections (temporarily!) during snaffling. * Once you get Snaffler snafflin', go into *Task Manager > Details*, then right-click the `snaffler.exe` and choose **Set Affinity** and then only check *one* processor. Snaffler took forever but did NOT render my system unusable. !!! ## Spawn a "runas" box You'll want to spawn a "runas" command window under the context of your test Active Directory account. Syntax for that is [here](/cmd/Windows/runas). ## General domain-wide snaffling I like to set `-x 5` to limit the amount of threads running at once. !!!warning I haven't been able to confirm this for sure, but I *think* performance is also better if I leave out the `-s` flag in the command below !!! ``` snaffler.exe -s -d domain.com -c THE.DC.IP.ADDRESS -o snaffy.log -m DUMPFOLDER -x 5 ``` ## General domain-wide snaffling (with JSON output) Same command but specify something like `-o snaffy.json` and specify JSON type with the flag `-t JSON`: ``` snaffler.exe -s -d domain.com -c THE.DC.IP.ADDRESS -o snaffy.json -m DUMPFOLDER -t JSON -x 5 ``` ## Trageted snaff of a list of machines ``` snaffler.exe -s -d domain.com -c THE.DC.IP.ADDRESS -o snaffy.json -m DUMPFOLDER -t JSON -x 5 -n .\pclist.txt ``` ## Targeted snaff of a specific machine share ``` snaffler -s -d domain.com -c IP-OF-DOMAIN-CONTROLLER -o snaffspecific.log -n SOME-SYSTEM -m folder-to-dump-files-to ``` ## Extract passwords and save to `snaffpasswords.txt` ``` grep -Po 'Password="\K[^"]+' snaffpass.txt | grep -Ev '^\{?Password\}?$|^\.\+\($' > snaffpasswords.txt ``` ## Extract full lines containing `asplaintext` (case-insensitive) and save to snaffasplaintext.txt ``` grep -i 'asplaintext' snaffpass.txt > snaffasplaintext.txt ```