StandIn icon indicating copy to clipboard operation
StandIn copied to clipboard

Published 20 hours ago verified publisher icon FuzzySecurity

Metadata

StandIn is a small .NET35/45 AD post-exploitation toolkit

Results 13 StandIn issues
Sort by recently updated
recently updated
newest added

Find SPN using Organizational Units

Hello, New methods to list the servicePrincipalName based on this article: https://m365internals.com/2021/11/08/kerberoast-with-opsec/. To use the method, the option `--opsec` must be used. It will look for specific OU name (default...

guervild avatar guervild

Fixed PR for Authorized Signature Modification

1 comment

@FuzzySecurity here's the fixed PR, feel free to delete the original monstrosity I posted Confirming authorized signatures are required: ``` C:\temp>StandIn.exe --adcs --filter HomelabTemplate [+] Search Base : LDAP://CN=Enrollment Services,CN=Public...

b1gbroth3r avatar b1gbroth3r

Updated --clientauth to use `mspki-certificate-application-policy` instead of `pKIExtendedKeyUsage`

Repalced `pKIExtendedKeyUsage` with `mspki-certificate-application-policy` for `--clientauth` as it seems like the latter is what actually provides Domain authentication, and allows for the impersonation. Only adding Client Authentication to the pKIExtendedKeyUsage...

funnybananas avatar funnybananas

Client Authentication added to wrong flag

1 comment

`--clientauth` should add the "Client Authentication" Application Policy to `mspki-certificate-application-policy` not to the `pKIExtendedKeyUsage` property. Only adding it to `pKIExtendedKeyUsage` still does not allow for Domain user impersonation. #14

funnybananas avatar funnybananas

standalone --sid argument broken, incorrect arg parsing?

``` PS C:\Windows\system32> C:\StandIn.exe --sid loki [!] Insufficient arguments provided.. ``` would it also not be beneficial when a machine account gets created to automatically resolve the SID as well...

jfmaes avatar jfmaes

List current domain sites

1 comment

Hey I just added a small feature to check sites in the current domain using the --site flag: ``` PS C:\Temp> .\StandIn.exe --site [?] Using DC : dc01.dojo.local |_ Domain...

guervild avatar guervild

GPO Add User Privilege Corrupts File

1 comment

Hello! Thanks for the great tool, I am using it in a lab environment and I noticed that the "Add User Privilege" functionality can corrupt the `\\domain.com\SysVol\domain.com\Policies\{GPO GUID}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf` file...

davidmckennirey avatar davidmckennirey

bug

Added Path parameter to specify search container

3 comment

I added a path parameter to specify the search container. This is useful when looking up object properties or permissions, such as when checking Certificate Template access permissions.

TheWover avatar TheWover

Modify or caveat use of GPO -> localadmin

Setting a local admin supersedes any other policies which may apply. Because of this, users will show as being removed from the local admin group. Need to find a solution...

FuzzySecurity avatar FuzzySecurity

bug
enhancement

Add removal option for GPO functions

FuzzySecurity avatar FuzzySecurity

enhancement

Metadata

631
Stars
118
Forks
Watchers

Owner

verified publisher icon FuzzySecurity

Metadata

StandIn is a small .NET35/45 AD post-exploitation toolkit

Back