ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with GO $ git clone https://github.com/AidenPearce369/ADReaper$ cd ADReaper/$ go build UsageRead More
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump. Setup Git clone the repository and make the script executable git clone https://github.com/lefayjey/linWinPwncd linWinPwn; chmod +x linWinPwn.sh Install LinuxRead More
The goal is simple To share my modest knowledge about hacking Windows systems. This is commonly refered to as red team exercises. This book however, is also very concerned with the blue team; the defenders. That is, helping those who are working as defenders, analysts and security experts to build secure Active Directory environments andRead More
Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. This tool is recommended for bug bounty hunters and pentester in their reconnaissance phase. the more surface area exposed the faster a rock with break down If you wantRead More
Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments Based almost entirely on wonderful blog posts “Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory” by Elad Shamir and “A Case Study in Wagging the Dog: Computer Takeover” by harmj0y. Read these two blog posts if you actually want toRead More
BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combining pathgen.py and autobloody.py. This framework supports NTLM (with password or NTLM hashes) and Kerberos authentication and binds to LDAP/LDAPS/SAMR services of a domain controller to obtain AD privesc. It is designed to be used transparently withRead More
[*] Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Based on the C# variant Certify from @harmj0y and @tifkin_. Installation $ python3 setup.py install Remember to add the Python scripts directory to your path. Usage $ certipy -husage: certipy [-h] [-debug] [-target-ip ip address] [-nameserver nameserver]Read More
The purpose of this module is to automate the deployment of an Active Directory lab for practicing internal penetration testing. Credits to Joe Helle and his PowerShell for Pentesters course regarding the generation of the attack vectors. Instructions Preparation Optional but recommended: Move Module into PSModulePath # Display PSModulePath$env:PSModulePath.split(“;”)# Move module to pathMove-Item .ADLab “C:Windowssystem32WindowsPowerShellv1.0Modules”Read More
[*] Certify is a C# tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). @harmj0y and @tifkin_ are the primary authors of Certify and the the associated AD CS research (blog and whitepaper). Usage C:Tools>Certify.exe _____ _ _ __ / ____| | | (_)/ _| | | ___ _ __| |_Read More
SharpSpray is a Windows domain password spraying tool written in .NET C#. Introduction SharpSpray is a C# port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active directory services. Features Can operate from inside and outside a domain context. Exclude domain disabled accounts from the spraying.Read More
