用标准向量枚举Active Directory
ActiveDirectoryEnum的Python项目详细描述
ADE-ActiveDirectoryEnum
python -m ade
usage: ade [-h] [--dc DC] [-o OUT_FILE] [-u USER] [-s] [-smb] [-kp] [-bh] [-spn] [-sysvol] [--all] [--no-creds] [--dry-run]
[--exploit EXPLOIT]
___ __ _ ____ _ __ ______
/ | _____/ /_(_) _____ / __ \(_)_______ _____/ /_____ _______ __/ ____/___ __ ______ ___
/ /| |/ ___/ __/ / | / / _ \/ / / / / ___/ _ \/ ___/ __/ __ \/ ___/ / / / __/ / __ \/ / / / __ `__ \
/ ___ / /__/ /_/ /| |/ / __/ /_/ / / / / __/ /__/ /_/ /_/ / / / /_/ / /___/ / / / /_/ / / / / / /
/_/ |_\___/\__/_/ |___/\___/_____/_/_/ \___/\___/\__/\____/_/ \__, /_____/_/ /_/\__,_/_/ /_/ /_/
/____/
/*----------------------------------------------------------------------------------------------------------*/
optional arguments:
-h, --help show this help message and exit
--dc DC Hostname of the Domain Controller
-o OUT_FILE, --out-file OUT_FILE
Path to output file. If no path, CWD is assumed (default: None)
-u USER, --user USER Username of the domain user to query with. The username has to be domain name as `user@domain.org`
-s, --secure Try to estalish connection through LDAPS
-smb, --smb Force enumeration of SMB shares on all computer objects fetched
-kp, --kerberos_preauth
Attempt to gather users that does not require Kerberos preauthentication
-bh, --bloodhound Output data in the format expected by BloodHound
-spn Attempt to get all SPNs and perform Kerberoasting
-sysvol Search sysvol for GPOs with cpassword and decrypt it
--all Run all checks
--no-creds Start without credentials
--dry-run Don't execute a test but run as if. Used for testing params etc.
--exploit EXPLOIT Show path to PoC exploit code
新的嵌入开发可产生如下结果:
^{pr2}$要查询PoC代码的漏洞利用do:
$ python -m ade --exploit cve-2020-1472
Exploit for: cve-2020-1472 can be found at: https://github.com/dirkjanm/CVE-2020-1472
安装
通过pip3运行安装:
pip3 install ActiveDirectoryEnum
python -m ade
如果运行BlackArch,ActiveDirectoryEnum可以通过pacman
获得,如下所示:
pacman -S activedirectoryenum
包含的攻击/向量
- [十] 指责
- [十] 煤焦烧成
- [十] 将广告作为猎犬JSON文件转储
- [十] 在SYSVOL中搜索gpo中的cpassword并解密
- [十] 不带凭据运行,并尝试在运行期间收集以进行进一步枚举
- [十] 利用漏洞的示例包括:
- CVE-2020-1472
协作
虽然这个项目是为了满足我的需要而开发的,任何合作都是值得赞赏的。请根据协议要求免费修改项目。 我只要求:
- 将等效命名标准作为基础项目
- 保持等价合成
- 测试您的代码
- 包含错误处理
- 记录该特性-既要在代码中,也要为潜在的Wiki页面编写
感谢与致谢
感谢以下作品的创作者:
Impacket
@githubBloodHound
@githubBloodHound.py
@githubCVE-2020-1472
作者:Tom Tervoort of Secura
如果没有以上这些,这个包装是不可能的。在
许可证
- 项目
标签: