heartburn-dev / PKI-EscalateLinks

Quick and dirty PowerShell script to abuse the overly permissive capabilities of the SYSTEM user in a child domain on the Public Key Services and Enrollment Services ADCS containers to obtain Enterprise Administrator from Domain Administrator. Works by enabling a user to perform ESC1 (Enrolee supplying the SAN).

☆29

Alternatives and similar repositories for PKI-Escalate

Users that are interested in PKI-Escalate are comparing it to the libraries listed below

Sorting:

whokilleddb / SOAPHound
SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…
☆33Updated last year
myexploit / living_off_the_land
☆44Updated last year
skelsec / adiskreader-secretsdump
Extract registry and NTDS secrets from local or remote disk images
☆44Updated 9 months ago
4ndr34z / prenum
☆29Updated 2 years ago
LuemmelSec / CVE-2023-29357
☆53Updated 2 years ago
OtterHacker / ShareFouine
☆52Updated last year
maliciousgroup / GOADvSphere
A vSphere deployment of GOADv2 BETA Testing (v0.1)
☆26Updated 2 years ago
Helixo32 / GetSystem-LCI
GetSystem-LCI is a PowerShell script to escalate privileges from Administrator to NT AUTHORITY\SYSTEM by abusing LanguageComponentsInstal…
☆35Updated last year
nullenc0de / trust-validator
Validates priv escalation of AD trusts
☆48Updated 8 months ago
OffsecDeer / TargetedTimeroast
Tamper Active Directory user attributes to collect their hashes with MS-SNTP
☆41Updated 11 months ago
outflanknl / Training-MSOfficeOffensiveTradecraft
Info related to the Outflank training: Microsoft Office Offensive Tradecraft
☆50Updated last year
Mr-Un1k0d3r / MsGraphFunzy
Scripts to interact with Microsoft Graph APIs
☆44Updated last year
nettitude / SharpConflux
☆65Updated last year
dmcxblue / Red-Team-Guide
A small red team course
☆40Updated 2 years ago
mlcsec / SharpGraphView
Microsoft Graph API post-exploitation toolkit
☆95Updated last year
LaresLLC / OffensiveSysAdmin
A collection of tools Neil and Andy have been working on released in one place and interlinked with previous tools
☆88Updated 2 years ago
nickvourd / Rocabella
Sniffing files generator
☆59Updated 9 months ago
The-Viper-One / Invoke-PassTheCert
Pure PowerShell port of PassTheCert tool to authenticate to an LDAP/S server with a certificate through Schannel
☆52Updated 8 months ago
Leo4j / PowerDACL
A tool to abuse weak permissions of Active Directory Discretionary Access Control Lists (DACLs) and Access Control Entries (ACEs)
☆61Updated 5 months ago
OtterHacker / Cerbere
☆49Updated 2 years ago
eversinc33 / CredGuess
Generate password spraying lists based on the pwdLastSet-attribute of users.
☆55Updated 2 years ago
0xe7 / RoastInTheMiddle
☆74Updated 6 months ago
LuemmelSec / PMP-Decrypter
☆41Updated 2 years ago
LaresLLC / SuperSharpShares
SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your a…
☆75Updated last year
n0tspam / RunspaceLoader
Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe
☆13Updated 2 years ago
decoder-it / Troopers24
☆43Updated last year
myexploit / Hunt
☆20Updated last month
rvrsh3ll / FindIngressEmail
Find Inbound Email Domains
☆35Updated 2 years ago
Hubbl3 / ThreatCheck
Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
☆12Updated last year
zblurx / BloodHoundCustomQueries
My BloodHound custom queries
☆26Updated 2 years ago