Aced
Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator.
Additionally, the logging features of pyldapsearch have been integrated with Aced to log the targeted principal's LDAP attributes locally which can then be parsed by pyldapsearch's companion tool BOFHound to ingest the collected data into BloodHound.
https://github.com/garrettfoster13/aced
#ad
#tools
@NetPentesters
Aced is a tool to parse and resolve a single targeted Active Directory principal's DACL. Aced will identify interesting inbound access allowed privileges against the targeted account, resolve the SIDS of the inbound permissions, and present that data to the operator.
Additionally, the logging features of pyldapsearch have been integrated with Aced to log the targeted principal's LDAP attributes locally which can then be parsed by pyldapsearch's companion tool BOFHound to ingest the collected data into BloodHound.
https://github.com/garrettfoster13/aced
#ad
#tools
@NetPentesters
MikroTik Cloud Hosted Router Universal Unpatchable Jailbreak
Universal "unpatchable" jailbreak for all MikroTik RouterOS versions:
1. Download Cloud Router VM image, boot it in your favourite hypervisor
2. Suspend / save to disk
3. Replace /nova/bin/login with /bin/sh in the saved memory image
4. Restore the running VM from the memory image
https://github.com/pedrib/PoC/blob/master/tools/mikrotik_jailbreak.py
#mikrotik
@NetPentesters
Universal "unpatchable" jailbreak for all MikroTik RouterOS versions:
1. Download Cloud Router VM image, boot it in your favourite hypervisor
2. Suspend / save to disk
3. Replace /nova/bin/login with /bin/sh in the saved memory image
4. Restore the running VM from the memory image
https://github.com/pedrib/PoC/blob/master/tools/mikrotik_jailbreak.py
#mikrotik
@NetPentesters
GitHub
PoC/tools/mikrotik_jailbreak.py at master · pedrib/PoC
Advisories, proof of concept files and exploits that have been made public by @pedrib. - pedrib/PoC
CVE-2022-26937
Windows Network File System Crash PoC
https://github.com/omair2084/CVE-2022-26937
#cve
@NetPentesters
Windows Network File System Crash PoC
https://github.com/omair2084/CVE-2022-26937
#cve
@NetPentesters
GitHub
GitHub - omair2084/CVE-2022-26937: Windows Network File System Crash PoC
Windows Network File System Crash PoC. Contribute to omair2084/CVE-2022-26937 development by creating an account on GitHub.
This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently, it supports RBCD, Constrained, Constrained w/Protocol Transition, and Unconstrained Delegation checks.
Despite the name, I decided to add in a couple more features since the bulk of the code was already there. So now there is a get-spns command as well which can look for ASREP accounts or Kerberoastable SPNs.
https://github.com/IcebreakerSecurity/DelegationBOF
#tools
@NetPentesters
Despite the name, I decided to add in a couple more features since the bulk of the code was already there. So now there is a get-spns command as well which can look for ASREP accounts or Kerberoastable SPNs.
https://github.com/IcebreakerSecurity/DelegationBOF
#tools
@NetPentesters
GitHub
GitHub - Crypt0s/DelegationBOF
Contribute to Crypt0s/DelegationBOF development by creating an account on GitHub.
Forwarded from PFK Git [ international ]
#pentest #bugbounty #recon
A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more
https://github.com/edoardottt/awesome-hacker-search-engines
@DK_HBB2
A list of search engines useful during Penetration testing, vulnerability assessments, red team operations, bug bounty and more
https://github.com/edoardottt/awesome-hacker-search-engines
@DK_HBB2
GitHub
GitHub - edoardottt/awesome-hacker-search-engines: A curated list of awesome search engines useful during Penetration testing,…
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more - edoardottt/awesome-hacker-search-engines
Garud
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
https://github.com/R0X4R/Garud
@NetPentesters
An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
https://github.com/R0X4R/Garud
@NetPentesters
GitHub
GitHub - R0X4R/Garud: An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more…
An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically. -...
Finding all things on-prem Microsoft for password spraying and enumeration.
The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below:
https://github.com/puzzlepeaches/msprobe
@NetPentesters
The tool will used a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem Microsoft solutions. Screenshots of the tool in action are below:
https://github.com/puzzlepeaches/msprobe
@NetPentesters
GitHub
GitHub - puzzlepeaches/msprobe: Finding all things on-prem Microsoft for password spraying and enumeration.
Finding all things on-prem Microsoft for password spraying and enumeration. - puzzlepeaches/msprobe
Handy #BloodHound Cypher Queries
https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md
https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
https://gist.github.com/jeffmcjunkin/7b4a67bb7dd0cfbfbd83768f3aa6eb12
https://gist.github.com/seajaysec/c7f0995b5a6a2d30515accde8513f77d
@NetPentesters
https://github.com/mgeeky/Penetration-Testing-Tools/blob/master/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md
https://hausec.com/2019/09/09/bloodhound-cypher-cheatsheet/
https://gist.github.com/jeffmcjunkin/7b4a67bb7dd0cfbfbd83768f3aa6eb12
https://gist.github.com/seajaysec/c7f0995b5a6a2d30515accde8513f77d
@NetPentesters
GitHub
Penetration-Testing-Tools/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md at master · mgeeky/Penetration-Testing-Tools
A collection of more than 170+ tools, noscripts, cheatsheets and other loots that I've developed over years for Red Teaming/Pentesting/IT Security audits purposes. - mgeeky/Penetration-Testing-Tools
This PoC copy user specified dll to
https://github.com/Wh04m1001/IDiagnosticProfileUAC
@NetPentesters
C:\Windows\System32\wow64log.dll and trigger MicrosoftEdgeUpdate service by creating instance of Microsoft Edge Update Legacy On Demand COM object (A6B716CB-028B-404D-B72C-50E153DD68DA) which run in SYSTEM context and will load wow64log.dllhttps://github.com/Wh04m1001/IDiagnosticProfileUAC
@NetPentesters
GitHub
GitHub - Wh04m1001/IDiagnosticProfileUAC
Contribute to Wh04m1001/IDiagnosticProfileUAC development by creating an account on GitHub.
#AD #lab #vagrant
[ GOAD ]
pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
@NetPentesters
[ GOAD ]
pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environement ready to use to practice usual attack techniques.
https://github.com/Orange-Cyberdefense/GOAD
@NetPentesters
GitHub
GitHub - Orange-Cyberdefense/GOAD: game of active directory
game of active directory. Contribute to Orange-Cyberdefense/GOAD development by creating an account on GitHub.
Ad hoc collection of Red Teaming & Active Directory tooling. Use at your own risk.
https://github.com/expl0itabl3/Toolies
#redteam
#AD
@NetPentesters
https://github.com/expl0itabl3/Toolies
#redteam
#AD
@NetPentesters
GitHub
GitHub - expl0itabl3/Toolies: Ad hoc collection of Red Teaming & Active Directory tooling.
Ad hoc collection of Red Teaming & Active Directory tooling. - expl0itabl3/Toolies
ADFSRelay
This repository includes two utilities NTLMParse and #ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message.
Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service.
This utility can be leveraged to perform NTLM relaying attacks targeting ADFS. We have also released a blog post discussing ADFS relaying attacks in more detail [1].
https://github.com/praetorian-inc/ADFSRelay
Relaying to #ADFS Attacks
https://www.praetorian.com/blog/relaying-to-adfs-attacks
@NetPentesters
This repository includes two utilities NTLMParse and #ADFSRelay. NTLMParse is a utility for decoding base64-encoded NTLM messages and printing information about the underlying properties and fields within the message.
Examining these NTLM messages is helpful when researching the behavior of a particular NTLM implementation. ADFSRelay is a proof of concept utility developed while researching the feasibility of NTLM relaying attacks targeting the ADFS service.
This utility can be leveraged to perform NTLM relaying attacks targeting ADFS. We have also released a blog post discussing ADFS relaying attacks in more detail [1].
https://github.com/praetorian-inc/ADFSRelay
Relaying to #ADFS Attacks
https://www.praetorian.com/blog/relaying-to-adfs-attacks
@NetPentesters
RouterSpace | HackTheBox Walkthrough
This is a writeup for the retired machine RouterSpace from Hack The Box
Link: https://app.hackthebox.com/machines/444
#HTB #RouterSpace #writeups
@NetPentesters
This is a writeup for the retired machine RouterSpace from Hack The Box
Link: https://app.hackthebox.com/machines/444
#HTB #RouterSpace #writeups
@NetPentesters
Medium
RouterSpace | HackTheBox Walkthrough
This is a writeup for the retired machine RouterSpace from Hack The Box
ChopHound
Some noscripts for dealing with any challenges that might arise when importing (large) JSON datasets into BloodHound.
https://github.com/bitsadmin/chophound
Blog post:
https://blog.bitsadmin.com/blog/dealing-with-large-bloodhound-datasets
#ad #bloodhound #cypher
@NetPentesters
Some noscripts for dealing with any challenges that might arise when importing (large) JSON datasets into BloodHound.
https://github.com/bitsadmin/chophound
Blog post:
https://blog.bitsadmin.com/blog/dealing-with-large-bloodhound-datasets
#ad #bloodhound #cypher
@NetPentesters
GitHub
GitHub - bitsadmin/chophound: Some noscripts to support with importing large datasets into BloodHound
Some noscripts to support with importing large datasets into BloodHound - bitsadmin/chophound
AADInternals
AADInternals toolkit - PowerShell module containing tools for administering and hacking Azure AD / Office 365
https://github.com/Gerenios/AADInternals
Research:
http://o365blog.com/aadinternals
#ad #powershell #Azure
@NetPentesters
AADInternals toolkit - PowerShell module containing tools for administering and hacking Azure AD / Office 365
https://github.com/Gerenios/AADInternals
Research:
http://o365blog.com/aadinternals
#ad #powershell #Azure
@NetPentesters
GitHub
GitHub - Gerenios/AADInternals: AADInternals PowerShell module for administering Azure AD and Office 365
AADInternals PowerShell module for administering Azure AD and Office 365 - Gerenios/AADInternals
SharpWSUS
Today, we’re releasing a new tool called SharpWSUS. This is a continuation of existing WSUS attack tooling such as WSUSPendu and Thunder_Woosus. It brings their complete functionality to .NET, in a way that can be reliably and flexibly used through command and control (C2) channels, including through PoshC2.
https://github.com/nettitude/SharpWSUS
Research:
https://labs.nettitude.com/blog/introducing-sharpwsus/
#wsus
@NetPentesters
Today, we’re releasing a new tool called SharpWSUS. This is a continuation of existing WSUS attack tooling such as WSUSPendu and Thunder_Woosus. It brings their complete functionality to .NET, in a way that can be reliably and flexibly used through command and control (C2) channels, including through PoshC2.
https://github.com/nettitude/SharpWSUS
Research:
https://labs.nettitude.com/blog/introducing-sharpwsus/
#wsus
@NetPentesters
GitHub
GitHub - nettitude/SharpWSUS
Contribute to nettitude/SharpWSUS development by creating an account on GitHub.
Active Directory Penetration Testing Checklist
https://gbhackers.com/active-directory-penetration-testing-checklist/
#AD
#checklist
#pentest
@NetPentesters
https://gbhackers.com/active-directory-penetration-testing-checklist/
#AD
#checklist
#pentest
@NetPentesters
GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Active Directory Penetration Testing Checklist - 2023
Active directory penetration testing this article can be helpful for penetration testers and security experts who want to secure their network
pinecone
WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box.
https://github.com/pinecone-wifi/pinecone
#wlan
#tools
@NetPentesters
WLAN networks auditing tool, suitable for red team usage. It is extensible via modules, and it is designed to be run in Debian-based operating systems. Pinecone is specially oriented to be used with a Raspberry Pi, as a portable wireless auditing box.
https://github.com/pinecone-wifi/pinecone
#wlan
#tools
@NetPentesters
GitHub
GitHub - pinecone-wifi/pinecone: A WLAN red team framework.
A WLAN red team framework. Contribute to pinecone-wifi/pinecone development by creating an account on GitHub.
Rubeus
Rubeus is a C# toolkit for Kerberos interaction and abuses. Kerberos, as we all know, is a ticket-based network authentication protocol and is used in Active Directories.
Unfortunately, due to human error, oftentimes AD is not configured properly keeping security in mind. Rubeus can exploit vulnerabilities arising out of these misconfigurations and perform functions such as crafting keys and granting access using forged certificates. The article serves as a guide on using Rubeus in various scenarios.
https://github.com/GhostPack/Rubeus
Research:
https://www.hackingarticles.in/a-detailed-guide-on-rubeus/
@NetPentesters
Rubeus is a C# toolkit for Kerberos interaction and abuses. Kerberos, as we all know, is a ticket-based network authentication protocol and is used in Active Directories.
Unfortunately, due to human error, oftentimes AD is not configured properly keeping security in mind. Rubeus can exploit vulnerabilities arising out of these misconfigurations and perform functions such as crafting keys and granting access using forged certificates. The article serves as a guide on using Rubeus in various scenarios.
https://github.com/GhostPack/Rubeus
Research:
https://www.hackingarticles.in/a-detailed-guide-on-rubeus/
@NetPentesters
GitHub
GitHub - GhostPack/Rubeus: Trying to tame the three-headed dog.
Trying to tame the three-headed dog. Contribute to GhostPack/Rubeus development by creating an account on GitHub.