SAERXCIT
SAERXCIT
As discussed on Slack, I'm opening an issue to keep track of this conversation on GitHub. ---- @SAERXCIT: Hi ! I've been working on adding a new edge to BloodHound,...
Hi ! This commit fixes 2 issues with the LDAP attack dumping ADCS info. 1) For some reason unknown to me, some ACEs can have neither a valid `ObjectType` nor...
Hi ! This PR completes the `--add-computer` ntlmrelayx attack to try to exploit [CVE-2021-34470](https://bugs.chromium.org/p/project-zero/issues/detail?id=2186) to add a computer even if restrictions are in place (machine account quota, `SeMachineAccountPrivilege`). More info...
Hi ! This PR adds the `--add-dns-record` as a ntlmrelayx LDAP attack, inspired by [Kevin Robertson](https://www.netspi.com/blog/technical/network-penetration-testing/exploiting-adidns/)'s [ADIDNS research](https://www.netspi.com/blog/technical/network-penetration-testing/adidns-revisited/), and his own implementation in [Inveigh](https://github.com/Kevin-Robertson/Inveigh). The idea is being able to...
Hi ! This PR adds to MSSQL the possibility to specify a port for each target, instead of using the same port for all taken from the `--port` argument. This...
Hi ! To exploit ESC3, alongside with a template having the Certificate Request Agent EKU, we also need a template that lets "a low privileged user to use the enrollment...
Hi! ### Problem NTDS.dit files can contain entries relative to principals belonging to other trusted domains (intra- or extra-forest). Naturally, foreign principals passwords are not stored in the local domain's...