ActiveReign

ActiveReign, code name AR3, is a network enumeration and attack toolset designed for use on Windows Active Directory environments. It makes use of built-in Windows components to make enumerating large environments easier, all while keeping stealth in mind.

AR3 relies on the famous Impacket library and builds on the brilliant concepts found in CrackMapExec. Throughout building this tool there have been many intended and unintended contributors.

AR3 operational modes:

• enum – Users can enumerate the target system(s) using provided credentials, or an SMB null session if no credentials are provided. By default, only OS information will be displayed. However further information can be extracted using built-in functionality and additional modules, controlled by the command line arguments.One of the most difficult parts of dropping into a new network is mapping the environment. To help this transition, AR3 uses LDAP queries to extract target systems from Active Directory. This is often a great starting point and can help determine the IP rages used by the organization.
• spray – whether for an initial set of credentials, or privilege escalation, AR3 can perform password spraying against systems using local or domain authentication through various methods. Additionally, target users can be extracted from Active Directory using LDAP queries and compared against the domain’s threshold to prevent lockouts.
• shell – Uses the user-defined, or default, execution method to spawn an emulated shell on the target system. Keeps track of the working directory for easy navigation.
• query – This allows users to enumerate a domain, users, hosts, and trusts through specialized LDAP queries. Users also have the ability to execute custom queries and extract custom attributes.
• db – Using the AR3 db, users can interact with the stored data to view domain, host, and user information previously enumerated. Domain lockout thresholds and user credentials can also be added/updated for integration into enumeration activities.

Key Features

• Automatically extract domain information via LDAP and incorporate into network enumeration.
• Perform Domain password spraying using LDAP to remove users close to lockout thresholds.
• Local and remote command execution, for use on multiple starting points throughout the network.
• Emulated interactive shell on a target system
• Data discovery is capable of scanning xlsx and docx files.
• Various modules to add and extend capabilities.

Changelog v1.0.5.2

• Removed SSH
• Improved Enum accuracy
• ProcDump module added
• Bug fixes

Install

git clone https://github.com/m8r0wn/ActiveReign.git
cd ActiveReign
python3 setup.py install

Tutorial

Copyright (C) 2019 m8r0wn 

Source: https://github.com/m8r0wn/

Share on Facebook

Post on X

Save