acltoolkit ACL Toolkit is an ACL abuse swiss-knife. Install git clone https://github.com/zblurx/acltoolkit.git cd acltoolkit pip install . Use Commands get-objectacl The get-objectacl will take a sAMAccountName, a name, a DN, or an objectSid as...
Crassus Windows privilege escalation discovery tool Why “Crassus”? Accenture made a tool called Spartacus, which finds DLL hijacking opportunities on Windows. Using Spartacus as a starting point, we created Crassus to extend Windows privilege escalation...
Inline-Execute-PE Inline-Execute-PE is a suite of Beacon Object Files (BOF’s) and an accompanying Aggressor script for CobaltStrike that enables Operators to load unmanaged Windows executables into Beacon memory and execute them, retrieving the output...
WindowSpy WindowSpy is a Cobalt Strike Beacon Object File meant for targeted user surveillance. The goal of this project was to trigger surveillance capabilities only on certain targets, e.g. browser login pages, confidential documents,...
Exploitation / Maintaining Access / Post Exploitation
by do son · Published January 17, 2023 · Last modified January 18, 2023
Striker C2 Striker is a simple Command and Control (C2) program. Features A) Agents Native agents for Linux and windows hosts. Self-contained, minimal python agent should you ever need it. HTTP(s) channels. Asynchronous task execution. Support for...
PowerMeUp This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be...
KeeFarce Reborn A standalone DLL that exports databases in cleartext once injected in the KeePass process. Yet another KeePass extraction tool, why? A few years ago, @denandz released KeeFarce, the first offensive tool designed to extract KeePass...
EvilTree A standalone python3 remake of the classic “tree” command with the additional feature of searching for user-provided keywords/regex in files, highlighting those that contain matches. Created for two main reasons: While searching for...
Cohab_Processes This Aggressor script is intended to help internal Red Teams identify suspicious or foreign processes (“Cohabitation”) running in their environments. Red Teams may assemble a list of “known” processes (either independently or in...
ScreenshotBOF An alternative screenshot capability for Cobalt Strike that uses WinAPI and does not perform a fork & run. The screenshot was downloaded in memory. Why did I make this? Cobalt Strike uses a...
ADReaper ADReaper is a tool written in Golang which enumerates an Active Directory environment with LDAP queries within a few seconds. Use To query the properties of the Domain Controller of the domain, .\ADReaper.exe -dc...
autobloody autobloody is a tool to automatically exploit Active Directory privilege escalation paths shown by BloodHound combining pathgen.py and autobloody.py. This tool automates the AD privesc between two AD objects, the source (the one we own) and...
PXEThief PXEThief is a set of tooling that implements attack paths discussed at the DEF CON 30 talk Pulling Passwords out of Configuration Manager against the Operating System Deployment functionality in Microsoft Endpoint Configuration Manager...
cypherhound A Python3 terminal application that contains 260+ Neo4j cyphers for BloodHound data sets. Why? BloodHound is a staple tool for every red teamer. However, there are some negative side effects based on its design. I will cover...
DragonCastle A PoC that combines AutodialDLL lateral movement technique and SSP to scrape NTLM hashes from the LSASS process. Description Upload a DLL to the target machine. Then it enables the remote registry to...
