Add shadow spray action #6
Conversation
There was a problem hiding this comment.
Awesome addition! I have some change request though, in my opinion the for loop should take place after the KCL blob is created. That way, all users will be sprayed with the exact same key pair and the user won't have to keep track of what key belongs to what victim.
Also, line 417 could be changed to something like
logger.success(f"Updated the msDS-KeyCredentialLink attribute of the target objects: {",".join(targets)}")What do you think?
|
That's a good point! I've fixed that the following way: in the beginning of the spray we create a single certificate with a randomly chosen target from the list to be the owner of the certificate (its Regarding the changes for line 417 - I still think we should keep pywhisker printing successful attempts line by line 'cause it's more like the spraying style I guess (like we're used to see it with kerbrute, for example). Moreover, in large environments it may take time for the spray to complete and we shall not see the results until it finishes. Here's how it looks like line by line ⏬
But it's up to you to decide! |
|
Agreed 100%, merging, thank you @snovvcrash ! |
Hey @ShutdownRepo, @p0dalirius!
I was already going to sleep when decided to scroll Twitter a bit and... I couldn't deny myself this PR after reading about ShadowSpray.
It's very quick and dirty and all it implements is a
forloop and lack of info messages but I guess it could be helpful anyways c:P. S. Credits to @Dec0ne for the idea of Shadow Credentials spraying!