A cross-platform tool to find reused key credentials on multiple objects in Active Directory.
- Connect to LDAP server and retrieve msDS-KeyCredentialLink data
- Parse msDS-KeyCredentialLink data from a file
- Export found RSA keys to PEM files
- Identify and report reused key credentials in Active Directory
$ ./FindReusedKeyCredentials -h
FindReusedKeyCredentials - by Remi GASCOU (Podalirius) @ TheManticoreProject - v1.0.0
Usage: FindReusedKeyCredentials [--quiet] [--debug] [--export-dir <string>] [--export] --domain <string> --username <string> [--password <string>] [--hashes <string>] [--dc-ip <string>] [--ldap-port <tcp port>] [--use-ldaps]
-d, --debug Debug mode. (default: false)
-ed, --export-dir <string> Export the RSA keys to this folder. (default: "./keys/")
-e, --export Export the found RSA keys. (default: false)
Authentication:
-d, --domain <string> Active Directory domain to authenticate to.
-u, --username <string> User to authenticate as.
-p, --password <string> Password to authenticate with. (default: "")
-H, --hashes <string> NT/LM hashes, format is LMhash:NThash. (default: "")
LDAP Connection Settings:
-dc, --dc-ip <string> IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted, it will use the domain part (FQDN) specified in the identity parameter. (default: "")
-lp, --ldap-port <tcp port> Port number to connect to LDAP server. (default: 389)
-L, --use-ldaps Use LDAPS instead of LDAP. (default: false)
./FindReusedKeyCredentials --domain "LAB.local" --username "Administrator" --password "Admin123!" --dc-ip "192.168.56.101"
./FindReusedKeyCredentials --domain "LAB.local" --username "Administrator" --password "Admin123!" --dc-ip "192.168.56.101" --debug
./FindReusedKeyCredentials --domain "LAB.local" --username "Administrator" --password "Admin123!" --dc-ip "192.168.56.101" --export-keys
openssl rsa -pubin -in ./keys/0001.pem -text -noout
Pull requests are welcome. Feel free to open an issue if you want to add other features.
