为了方便使用和管理,不用再重新找工具,故而将以下几款工具做个总和。 该项目下所有工具,脚本,都是在github和网上找的。
- Certify:Certify 是一个 C# 工具,用于枚举和滥用 Active Directory 证书服务 (AD CS) 中的错误配置。
- Certipy:Certipy 是一Python工具,用于枚举和滥用 Active Directory 证书服务 (AD CS) 的攻击性工具
- impacket:Impacket 是用于处理网络协议的 Python 类的集合,在域环境中常用
- mimikatz:从内存中提取明文密码、哈希值、PIN 码和 kerberos 票证。mimikatz还可以执行哈希传递、票证传递或构建金票
- PassThrCert:域控不支持 PKINIT时,使用LDAPS对ADCS证书进行利用
- PetitPotam:强制 Windows 主机通过 MS-EFSRPC EfsRpcOpenFileRaw 或其他功能向其他计算机进行身份验证
- PKINITtools:该存储库包含一些用于使用 PKINIT 和证书的实用程序
- Procdump:微软官方工具,在域中可用于转储lsass
- Rubeus:Rubeus 是一个用于原始 Kerberos 交互和滥用的 C# 工具集
For the sake of convenience and management, I have compiled several tools below to eliminate the need to search for tools repeatedly. All tools and scripts under this project are sourced from GitHub and the internet.
- Certify: Certify is a C# tool designed to enumerate and exploit misconfigurations in Active Directory Certificate Services (AD CS).
- Certipy: Certipy is a Python tool that serves as an offensive tool for enumerating and exploiting Active Directory Certificate Services (AD CS).
- Impacket: Impacket is a collection of Python classes for working with network protocols, commonly used in domain environments.
- Mimikatz: Mimikatz can extract plaintext passwords, hash values, PIN codes, and Kerberos tickets from memory. It can also perform pass-the-hash, pass-the-ticket, or build Golden tickets.
- PassThrCert: When PKINIT is not supported by the domain controller, PassTheCert leverages LDAPS to attack ADCS certificates.
- PetitPotam: PetitPotam forces Windows hosts to authenticate to other computers using MS-EFSRPC EfsRpcOpenFileRaw or other features.
- PKINITtools: This repository contains utilities for working with PKINIT and certificates. Check PKINITtools for more information.
- Procdump: An official tool from Microsoft, Procdump can be used to dump lsass in a domain environment.
- Rubeus: Rubeus is a C# toolset for raw Kerberos interactions and abuse.