Active Directory
Last updated
Was this helpful?
Last updated
Was this helpful?
: Create a vulnerable AD via this script.
Abusing ACLs/ACEs
Kerberoasting
AS-REP Roasting
Abuse DnsAdmins
Password in Object Description
User Objects With Default password (Changeme123!)
Password Spraying
DCSync
Silver Ticket
Golden Ticket
Pass-the-Hash
Pass-the-Ticket
SMB Signing Disabled
Kerbrute has three main commands:
bruteuser - Bruteforce a single user's password from a wordlist
bruteforce - Read username:password combos from a file or stdin and test them
passwordspray - Test a single password against a list of users
userenum - Enumerate valid domain usernames via Kerberos
ADHuntTool: official report for the AdHuntTool. C# Script used for Red Team. It can be used by Cobalt Strike execute-assembly or as a standalone executable.
: BloodHound is an application developed with one purpose: to find relationships within an Active Directory (AD) domain to discover attack paths.
: Maximizing BloodHound. Max is a good boy.
: Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.
: InveighZero is a C# LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. This version shares many features with the PowerShell version of .
: CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.
EXE version to use along with Windows machines (e.g., ).
: The script is a Python equivalent of 's allowing to quickly find uncommon shares in vast Windows Active Directory Domains.
: Kerberos accounts enumeration taking advantage of AS-REQ, I wrote this script to practice my understanding of Kerberos.
: A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication.
: Active Directory information dumper via LDAP.
: A tool written for cobalt-strike's execute-assembly
command that allows for more efficent querying of AD.
: Talon is a tool designed to perform automated password guessing attacks while remaining undetected. Talon can enumerate a list of users to identify which users are valid, using Kerberos. Talon can also perform a password guessing attack against the Kerberos and LDAPS (LDAP Secure) services. Talon can either use a single domain controller or multiple ones to perform these attacks, randomizing each attempt, between the domain controllers and services (LDAP or Kerberos).
: RemotePotato0 is an exploit that allows you to escalate your privileges from a generic User to Domain Admin.
: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.
: Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.