bloodyAD: Active Directory Privilege Escalation Framework
BloodyAD is an Active Directory Privilege Escalation Framework.
This tool can perform specific LDAP/SAMR calls to a domain controller in order to perform AD privesc. It supports authentication using passwords, NTLM hashes, or Kerberos.
How it works
bloodyAD communicates with a DC using mainly the LDAP protocol in order to get information or add/modify/delete AD objects. A password cannot be updated with LDAP, it must be a secure connection that is LDAPS or SAMR. A DC doesn’t have LDAPS activated by default because it must be configured (with a certificate) so SAMR is used in those cases.
The following are required:
- Python 3
git clone https://github.com/CravateRouge/bloodyAD.git
Copyright (C) 2021 CravateRouge