AD-Tools

PowerShell scripts to help with enumerating and abusing common misconfigurations. Inspired by HTB CAPE Path

Enumerate Foreign-ACLs

1. Requires PowerView
2. Provides syntax for next steps

Child to Parent Domain Elevation

1. Assumes mimikatz and powerview loaded into memory
2. Bi-directional trust

Enumerate Foreign Security Principals

1. PowerView

Enable SID and SAN (ESC7 > ESC16 > ESC6)

1. Enables SAN override (ESC7)
2. Disables SID security extension (ESC16)
3. Prepares the CA for SAN-based impersonation (ESC6)
4. Performs CA-level configuration abuse via ADCS COM
5. Request cert with certipy

certipy req -u user@tgest.local -p 'password' -ca test-DC1-CA -template User -upn administrator@test.local -sid admin_sid -dc-ip 10.0.0.0

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
ADCS		ADCS
Foreign-ACLs.ps1		Foreign-ACLs.ps1
README.md		README.md
domain-jump.ps1		domain-jump.ps1
fsp.ps1		fsp.ps1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

AD-Tools

Enumerate Foreign-ACLs

Child to Parent Domain Elevation

Enumerate Foreign Security Principals

Enable SID and SAN (ESC7 > ESC16 > ESC6)

About

Uh oh!

Releases

Packages

Languages

AlexLinov/AD-Tools

Folders and files

Latest commit

History

Repository files navigation

AD-Tools

Enumerate Foreign-ACLs

Child to Parent Domain Elevation

Enumerate Foreign Security Principals

Enable SID and SAN (ESC7 > ESC16 > ESC6)

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages