MalSCCM – Tool To Abuse Local Or Remote SCCM Servers To Deploy Malicious Applications

This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To use this tool your current process must have admin rights over the SCCM server. Typically deployments of SCCM will either have the management server and the primary server on the same host, in which caseRead More

LDAP shell – AD ACL Abuse

This repository contains a small tool inherited from ldap_shell ( Installation These tools are only compatible with Python 3.5+. Clone the repository from GitHub, install the dependencies and you should be good to go: git clone ldap_shellpython3 install Usage Connection options ldap_shell domain.local/user:passwordldap_shell domain.local/user:password -dc-ip domain.local/user -hashes aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404e1export KRB5CCNAME=/home/user/ticket.ccacheldap_shell -k -no-pass domain.local/userRead More

Certipy – Python Implementation For Active Directory Certificate Abuse

[*] Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Based on the C# variant Certify from @harmj0y and @tifkin_. Installation $ python3 install Remember to add the Python scripts directory to your path. Usage $ certipy -husage: certipy [-h] [-debug] [-target-ip ip address] [-nameserver nameserver]Read More

targetedKerberoast – Kerberoast With ACL Abuse Capabilities

targetedKerberoast is a Python script that can, like many others (e.g., print “kerberoast” hashes for user accounts that have a SPN set. This tool brings the following additional feature: for each user without SPNs, it tries to set one (abuse of a write permission on the servicePrincipalName attribute), print the “kerberoast” hash, and deleteRead More

WSuspicious – A Tool To Abuse Insecure WSUS Connections For Privilege Escalations

This is a proof of concept program to escalate privileges on a Windows host by abusing WSUS. Details in this blog post: It was inspired from the WSuspect proxy project: Acknowledgements Privilege escalation module written by Maxime Nadeau from GoSecure Huge thanks to: Julien Pineault from GoSecure and Mathieu Novis from ā€ˇSecureOps forRead More