A collection of tools demonstrated at our recent talk, Adversaries Have It Easy, brought to you by Neil Lines & Andy Gill at Lares Labs.
The tooling is written in PS and C# using .net 6 for CS binaries. None are provided pre-compiled but instructions on how to do so can be found in the blog post:
https://labs.lares.com/offensive-sysadmin/
To pull down all of the tools simply issue:
git clone --recurse-submodules -j8 git://github.com/LaresLLC/OffensiveSysAdmin.git
Each module has its own readme and can run independently of the suite.
The table below details what each tool does, and the subsections detail how to use each.
| Name | Language | Description |
|---|---|---|
| DomainScrape | PS | Hunt for keywords in documents across domain shares. |
| Invoke-Ghost | PS | Only scrapes metadata from office documents from an entire directory, a stealthy way to grab usernames. |
| ScrapingKit | PS & C# | Scraping Kit comprises several tools for scraping services for keywords, useful for initial enumeration of Domain Controllers or if you have popped a user's desktop, their outlook client. |
| SharpCred | C# | Automates the harvesting of domain user accounts / password stuffing/domain groups, which can be used from domain or nondomain joined hosts. |
| SharpShares | C# | Takes no input, executes, and gives you a list of shares the domain user can access. |
| SlinkyCat | PS | A collection of AD Audit functions for easy identification of misconfigurations within active directories, users, groups, permissions, and mishandling data within objects |
Read this blog post for more detailed information over on Lares Labs