Aced is a tool to parse and resolve a single targeted Active Directory principal’s DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator. Additionally, the logging features of pyldapsearch have been integrated with Aced to log theRead More
Quietly enumerate an Active Directory Domain via LDAP parsing users, admins, groups, etc. Created by Nick Swink from Layer 8 Security. Installation Using pipenv (recommended method) sudo python3 -m pip install –user pipenvgit clone https://github.com/layer8secure/SilentHound.gitcd silenthoundpipenv install This will create an isolated virtual environment with dependencies needed for the project. To use the project youRead More
Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific users in the domain can be compromised, for example the CEO. SharpSniper is a simple tool to find the IP address of these users so that you can target their box. It requires that youRead More
ADReaper is a tool written in Golang which enumerate a Active Directory environment with LDAP queries within few seconds. Installation You can download precompiled executable binaries for Windows/Linux from latest releases Install from source To build from source, clone the repo and build it with GO $ git clone https://github.com/AidenPearce369/ADReaper$ cd ADReaper/$ go build UsageRead More
linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump. Setup Git clone the repository and make the script executable git clone https://github.com/lefayjey/linWinPwncd linWinPwn; chmod +x linWinPwn.sh Install LinuxRead More
The goal is simple To share my modest knowledge about hacking Windows systems. This is commonly refered to as red team exercises. This book however, is also very concerned with the blue team; the defenders. That is, helping those who are working as defenders, analysts and security experts to build secure Active Directory environments andRead More
Check the Spanish Version Dome is a fast and reliable python script that makes active and/or passive scan to obtain subdomains and search for open ports. This tool is recommended for bug bounty hunters and pentester in their reconnaissance phase. the more surface area exposed the faster a rock with break down If you wantRead More
Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments Based almost entirely on wonderful blog posts “Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory” by Elad Shamir and “A Case Study in Wagging the Dog: Computer Takeover” by harmj0y. Read these two blog posts if you actually want toRead More
BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combining pathgen.py and autobloody.py. This framework supports NTLM (with password or NTLM hashes) and Kerberos authentication and binds to LDAP/LDAPS/SAMR services of a domain controller to obtain AD privesc. It is designed to be used transparently withRead More
[*] Certipy is a Python tool to enumerate and abuse misconfigurations in Active Directory Certificate Services (AD CS). Based on the C# variant Certify from @harmj0y and @tifkin_. Installation $ python3 setup.py install Remember to add the Python scripts directory to your path. Usage $ certipy -husage: certipy [-h] [-debug] [-target-ip ip address] [-nameserver nameserver]Read More
