modifyCertTemplate – ADCS Cert Template Modification And ACL Enumeration

This tool is designed to aid an operator in modifying ADCS certificate templates so that a created vulnerable state can be leveraged for privilege escalation (and then reset the template to its previous state afterwards). This is specifically designed for a scenario where WriteProperty rights over a template have been compromised, but the operator isRead More

LDAP shell – AD ACL Abuse

This repository contains a small tool inherited from ldap_shell ( Installation These tools are only compatible with Python 3.5+. Clone the repository from GitHub, install the dependencies and you should be good to go: git clone ldap_shellpython3 install Usage Connection options ldap_shell domain.local/user:passwordldap_shell domain.local/user:password -dc-ip domain.local/user -hashes aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404e1export KRB5CCNAME=/home/user/ticket.ccacheldap_shell -k -no-pass domain.local/userRead More

targetedKerberoast – Kerberoast With ACL Abuse Capabilities

targetedKerberoast is a Python script that can, like many others (e.g., print “kerberoast” hashes for user accounts that have a SPN set. This tool brings the following additional feature: for each user without SPNs, it tries to set one (abuse of a write permission on the servicePrincipalName attribute), print the “kerberoast” hash, and deleteRead More

adalanche – Active Directory ACL Visualizer and Explorer

Tags: API Documentation, Access, Active Directory, Analysis, Binary, LDAP, Linux, Max, Memory, Parameter, Reverse, Takeover, Windows, pwned, Adalanche adalanche – Active Directory ACL Visualizer – who’s really Domain Admin? Adalanche – Active Directory Acl Visualizer – Who’S Really Domain Admin? Adalanche – Active Directory ACL Visualizer – Who’S Really Domain Admin? I Can Haz DomainRead More

Aclpwn.Py – Active Directory ACL Exploitation With BloodHound is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path. is similar to the PowerShell based Invoke-Aclpwn, which you can read about in ourRead More