Invoke-sAMSpoofing

CVE-2021-42287/CVE-2021-42278 exploits in powershell

Table of content

• Overview
• Menu
• Screenshots
• References

Overview

A simple script to attack AD with CVE-2021-42287/CVE-2021-42278 exploits automatically.

Menu

• Invoke-sAMSpooofing
• Invoke-GoldenTicket
• Invoke-GoldenTips
• RemoveMachineAccount
• Invoke-Rubeus
• ADSIHound
• Invoke-DCSync

Screenshots

• Invoke-sAMSpooofing
  

• Invoke-GoldenTicket (Just krbtgt hashes needed)

  Golden ticket also injected into memory and generate to file.
  

• Invoke-GoldenTips
  

• RemoveMachineAccount (Need domain admins privileges, also you can do this after create golden ticket.)
  

• Invoke-Rubeus
  

References

• 3gstudent: Retrieves all users ntlm hashes from AD
• eXploit.ph: cve-2021-42287-cve-2021-42278-weaponisation
• PowerSharpPack
• Powermad
• Rubeus