search

Active Directory

Vulnerable-ADarrow-up-right: Create a vulnerable AD via this script.

hashtag
Supported Attacks

  • Abusing ACLs/ACEs

  • Kerberoasting

  • AS-REP Roasting

  • Abuse DnsAdmins

  • Password in Object Description

  • User Objects With Default password (Changeme123!)

  • Password Spraying

  • DCSync

  • Silver Ticket

  • Golden Ticket

  • Pass-the-Hash

  • Pass-the-Ticket

  • SMB Signing Disabled

# if you didn't install Active Directory yet , you can try 
Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\\Windows\\NTDS" -DomainMode "7" -DomainName "cs.org" -DomainNetbiosName "cs" -ForestMode "7" -InstallDns:$true -LogPath "C:\\Windows\\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\\Windows\\SYSVOL" -Force:$true
# if you already installed Active Directory, just run the script !
IEX((new-object net.webclient).downloadstring("https://raw.githubusercontent.com/wazehell/vulnerable-AD/master/vulnad.ps1"));
Invoke-VulnAD -UsersLimit 100 -DomainName "cs.org"
LogoGitHub - safebuffer/vulnerable-AD: Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local labGitHubchevron-right

bloodhoundarrow-up-right: BloodHound is an application developed with one purpose: to find relationships within an Active Directory (AD) domain to discover attack paths.

LogoMore BloodHound Cypher queriesphackt.comchevron-right
LogoBloodHound Cypher Cheatsheethausecchevron-right

Maxarrow-up-right: Maximizing BloodHound. Max is a good boy.

cypherotharrow-up-right: Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

InveighZeroarrow-up-right: InveighZero is a C# LLMNR/NBNS/mDNS/DNS/DHCPv6 spoofer and man-in-the-middle tool designed to assist penetration testers/red teamers that find themselves limited to a Windows system. This version shares many features with the PowerShell version of Inveigharrow-up-right.

CrackMapExecarrow-up-right: CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.

EXE version to use along with Windows machines (e.g., Commando-VMarrow-up-right).

LogoGitHub - maaaaz/CrackMapExecWin: The great CrackMapExec tool compiled for WindowsGitHubchevron-right

FindUncommonSharesarrow-up-right: The script FindUncommonShares.pyarrow-up-right is a Python equivalent of PowerViewarrow-up-right's Invoke-ShareFinder.ps1arrow-up-right allowing to quickly find uncommon shares in vast Windows Active Directory Domains.

KerberosUserEnumarrow-up-right: Kerberos accounts enumeration taking advantage of AS-REQ, I wrote this script to practice my understanding of Kerberos.

kerbrutearrow-up-right: A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication.

Kerbrute has three main commands:

  • bruteuser - Bruteforce a single user's password from a wordlist

  • bruteforce - Read username:password combos from a file or stdin and test them

  • passwordspray - Test a single password against a list of users

  • userenum - Enumerate valid domain usernames via Kerberos

ldapdomaindumparrow-up-right: Active Directory information dumper via LDAP.

ADSearcharrow-up-right: A tool written for cobalt-strike's execute-assembly command that allows for more efficent querying of AD.

LogoSharpCollection/NetFramework_4.7_x86/ADSearch.exe at master · Flangvik/SharpCollectionGitHubchevron-right

ADHuntTool: official report for the AdHuntTool. C# Script used for Red Team. It can be used by Cobalt Strike execute-assembly or as a standalone executable.

LogoGitHub - Mr-Un1k0d3r/ADHuntTool: official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)GitHubchevron-right

Talonarrow-up-right: Talon is a tool designed to perform automated password guessing attacks while remaining undetected. Talon can enumerate a list of users to identify which users are valid, using Kerberos. Talon can also perform a password guessing attack against the Kerberos and LDAPS (LDAP Secure) services. Talon can either use a single domain controller or multiple ones to perform these attacks, randomizing each attempt, between the domain controllers and services (LDAP or Kerberos).

RemotePotato0arrow-up-right: RemotePotato0 is an exploit that allows you to escalate your privileges from a generic User to Domain Admin.

Coercerarrow-up-right: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 9 methods.

LogoGitHub - p0dalirius/Coercer: A python script to automatically coerce a Windows server to authenticate on an arbitrary machine through 12 methods.GitHubchevron-right

SharpCollectionarrow-up-right: Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.

LogoGitHub - Flangvik/SharpCollection: Nightly builds of common C# offensive tools, fresh from their respective master branches built and released in a CDI fashion using Azure DevOps release pipelines.GitHubchevron-right
PreviousMiscNextBurpsuite with Kerberos Auth

Last updated