michaelpoznecki / zerologon
Scan for and exploit the zerologon vulnerability.
☆10Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for zerologon
- Secretsdump C# version only supporting local (live) operation☆47Updated last year
- Tooling for the OffSec Experienced Pentester (OSEP) and OffSec Exploit Developer (OSED) course☆11Updated 7 months ago
- Convert ldapdomaindump to Bloodhound☆76Updated 10 months ago
- SOAPHound is a custom-developed .NET data collector tool which can be used to enumerate Active Directory environments via the Active Dire…☆33Updated 5 months ago
- Generate password spraying lists based on the pwdLastSet-attribute of users.☆54Updated 11 months ago
- A python script to force authentication using MS-RPRN RemoteFindFirstPrinterChangeNotificationEx function (opnum 65).☆20Updated 2 years ago
- CVE-2023-20198 Exploit PoC☆38Updated 11 months ago
- Cobalt Strike BOFS☆16Updated 10 months ago
- ☆51Updated last year
- A script that greps composite key-like strings from a KeePassXC process dump, then uses a customized version of pykeepass library to unlo…☆30Updated 2 years ago
- Launches a limited shell using PowerShell Runspaces with an optional AMSI Bypass. Does not invoke Powershell.exe☆13Updated 11 months ago
- ☆42Updated 2 years ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆53Updated 2 years ago
- Open-Source Phishing Toolkit☆17Updated 3 years ago
- Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged p…☆49Updated 2 years ago
- The purpose of this repo is to share my research☆14Updated 11 months ago
- This repository presents a proof-of-concept of CVE-2023-22527☆13Updated 9 months ago
- Proof of Concept for Path Traversal in Apache Struts ("CVE-2023-50164")☆58Updated 10 months ago
- Contexter - A secondary context path traversal / server-side parameter pollution testing tool written in Python 3☆20Updated 2 months ago
- Template Nuclei SSTI☆28Updated last year
- Programmatically start WebClient from an unprivileged session to enable that juicy privesc.☆62Updated last year
- SuperSharpShares is a tool designed to automate enumerating domain shares, allowing for quick verification of accessible shares by your a…☆62Updated 6 months ago
- ☆12Updated 2 years ago
- A repository of tools developed while studying for OSEP. The contents here are not part of courseware but some tools, i wrote as an exten…☆0Updated 5 months ago
- A tool for performing light brute-forcing of HTTP servers to identify commonly accessible NTLM authentication endpoints.☆79Updated 11 months ago
- Nmapurls parses Nmap xml reports from either piped input or command line arg and outputs a list of http(s) URL's to be used in an automat…☆37Updated 8 months ago
- Quick and dirty PowerShell script to abuse the overly permissive capabilities of the SYSTEM user in a child domain on the Public Key Serv…☆25Updated last year