snovvcrash / KrbRelayUp
KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
☆11Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for KrbRelayUp
- Modified version of PEAS client for offensive operations☆38Updated last year
- A multithreaded, queued SSH key and/or password spraying tool.☆17Updated last year
- Port forwarding via MSRPC (445/tcp) [WIP]☆31Updated 3 years ago
- A script that greps composite key-like strings from a KeePassXC process dump, then uses a customized version of pykeepass library to unlo…☆30Updated 2 years ago
- Convert ldapdomaindump to Bloodhound☆77Updated 11 months ago
- ☆15Updated 2 years ago
- Perform Windows domain enumeration via LDAP☆36Updated 2 years ago
- Active Directory ACL exploitation with BloodHound☆12Updated 3 years ago
- OffensivePipeline allows to download, compile (without Visual Studio) and obfuscate C# tools for Red Team exercises.☆90Updated 2 years ago
- Similar to Petitpotam, the netdfs service is enabled in Windows Server and AD environments, and the abused RPC method allows privileged p…☆49Updated 2 years ago
- Matryoshka loader is a tool that red team operators can leverage to generate shellcode for Microsoft Office document phishing payloads.☆38Updated 3 years ago
- Finding SSL Blindspots for Red Teams☆30Updated 4 years ago
- This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, …☆16Updated 2 years ago
- ☆30Updated 4 years ago
- C# and Impacket implementation (here with Kerberos auth support) of PrintNightmare CVE-2021-1675/CVE-2021-34527☆29Updated 3 years ago
- Execute Mimikatz with different technique☆50Updated 3 years ago
- IOXIDResolver from AirBus Security/PingCastle☆45Updated 3 years ago
- Generate AES128/256 Kerberos keys for an AD account using a plaintext password and Python3☆47Updated 2 years ago
- Socks Proxy Server Plugin for Invoke-SocksProxy☆17Updated last week
- WhoAmI by asking the LDAP service on a domain controller.☆58Updated 2 years ago
- Cobalt Strike profile generator using Jenkins to automate the heavy lifting☆34Updated last year
- Ruby script that calls an almost interactive shell via WinRM (TCP/5985) on an Windows machine, relaying on a valid Kerberos ticket. (Very…☆16Updated 5 years ago
- ☆24Updated 3 years ago
- Secretsdump C# version only supporting local (live) operation☆47Updated last year
- Add SD for controlled computer object to a target object for RBCD using LDAP☆38Updated 3 years ago
- Create PDFs with HTML smuggling attachments that save on opening the document.☆27Updated last year
- This is a CS project that will encrypt shell code from msfvenom using AES☆22Updated 2 years ago
- A script that parses PowerView's output for GPO analysis. Integrated into bloodhound to find misconfigurations of URA, SMB signing etc☆12Updated 4 years ago
- HelpSystems Nanodump, but wrapped in powershell via Invoke-ReflectivePEInjection☆53Updated 2 years ago