impacket icon indicating copy to clipboard operation
impacket copied to clipboard

Published 20 hours ago verified publisher icon fortra

add hekatomb.py to examples folder

Open ProcessusT opened this issue 2 years ago • 2 comments

Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.

It also automatically extract domain controller private key through RPC for decryption.

its strong point is that it uses the extracted from LDAP computers list instead of just a range of ip adresses. In that way you can't forget any unknown sub network.

More infos here : https://github.com/Processus-Thief/HEKATOMB

ProcessusT avatar Sep 17 '22 22:09 ProcessusT

Hi!

Don't forget to also add the new dependency in the setup.py file

:sunflower:

ThePirateWhoSmellsOfSunflowers avatar Sep 18 '22 09:09 ThePirateWhoSmellsOfSunflowers

Done ! :) Let me know if something else is needed ;)

ProcessusT avatar Sep 18 '22 11:09 ProcessusT

I put a little "UP" on this PR :)

ProcessusT avatar Jan 26 '23 13:01 ProcessusT