autobloody is a tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound. Description This tool automates the AD privesc between two AD objects, the source (the one we own) and the target (the one we want) if a privesc path exists in BloodHound database. The automation is composed of two steps: FindingRead More
This tool fetches resources from different cloud/saas applications focusing on permissions in order to identify privilege escalation paths and dangerous permissions in the cloud/saas configurations. Note that PurplePanda searches both privileges escalation paths within a platform and across platforms. The name comes from the animal Red Panda. This panda eats peas, just like Purple Panda,Read More
This PoC was ported in pure PowerShell: https://github.com/DarkCoderSc/power-brute-logon Win Brute Logon (Proof Of Concept) Release date: 2020-05-14 Target: Windows XP to Latest Windows 10 Version (1909) Weakness location : LogonUserA, LogonUserW, CreateProcessWithLogonA, CreateProcessWithLogonW Usage Wordlist File WinBruteLogon.exe -u <username> -w <wordlist_file> Stdin Wordlist type <wordlist_file> | WinBruteLogon.exe -u <username> – ChangeLog 2020/05/23 Now support stdinRead More
BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combining pathgen.py and autobloody.py. This framework supports NTLM (with password or NTLM hashes) and Kerberos authentication and binds to LDAP/LDAPS/SAMR services of a domain controller to obtain AD privesc. It is designed to be used transparently withRead More
[*] Multithreaded C# .NET Assembly Local Administrative Privilege Enumeration Arguments domain controller to query (if not ran on a domain-joined host) /domain – specify domain name (if not ran on a domain-joined host) /edr – check host for EDR (requires smb, rpc, or winrm) /logons – return logged on users on a host (requires smb,Read More
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground. IAM Vulnerable uses the Terraform binary and your AWS credentials to deploy over 250 IAM resources into your selected AWS account. Within minutes, you can start learning how to identify and exploit vulnerable IAM configurations that allow for privilege escalation. RecommendedRead More
Basic Tutorial Here you will find privilege escalation tools for Windows and Linux/Unix* and MacOS. These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily. Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz WinPEAS – WindowsRead More
Concealed Position is a local privilege escalation attack against Windows using the concept of “Bring Your Own Vulnerability”. Specifically, Concealed Position (CP) uses the as designed package point and print logic in Windows that allows a low privilege user to stage and install printer drivers. CP specifically installs drivers with known vulnerabilities which are thenRead More
rootend is a python *nix Enumerator & Auto Privilege Escalation tool. For a full list of our tools, please visit our website https://www.twelvesec.com/ Written by: nickvourd (twitter) maldevel (twitter) servo Usage Enumeration & Automation Privilege Escalation tool. rootend is an open source tool licensed under GPLv3. Affected systems: *nix. Written by: @nickvourd of @twelvesec. SpecialRead More
A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More… Use Or Build Automation Modules To Speed Up Your Cyber Security Life Setup git clone https://github.com/Skiller9090/Lucifer.gitcd Luciferpip install -r requirements.txtpython main.py –help If you want the cutting edge changes add -b dev to the end of git cloneRead More
