Skip to content
/ getDA.sh Public

Identify common attack paths to get Domain Administrator

22 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

matterpreter/getDA.sh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
README.md
README.md
 
 
attacks.sh
attacks.sh
 
 
getDA.sh
getDA.sh
 
 

Repository files navigation

getDA.sh

Disclosure: this is just a meme. Please don't actually use this.

This script checks for a few common, easy to leverage vulnerabilites I find testers using to get Domain Administrator access when stealth doesn't matter. This was a joke that turned into a POC, so please don't use this for real. It is more of a fun automation project than something actually useful.

Currently supports:

  1. SMB relaying
  2. Kerberoasting
  3. Null session enumeration
  4. Cisco Smart Install
  5. MS17-010

I plan to add more to this as time goes on. The idea here is to provide something that you can easily throw on a Linux box inside a target network while you grab a coffee and it will spit back a few things to try.

Tools needed (it'll check just in case):

ALL AUTOPWN FEATURES ARE UNTESTED AND EXPERIMENTAL!

To Do:

  • MS17-010
  • Test MS17-010
  • Fix MS17-010 scan result parser
  • Complete null session tests
  • Implement SMB message signing checks as their own function
  • Automatic scope generation
  • Autopwn? :)

About

Identify common attack paths to get Domain Administrator

Resources

Readme
Activity

Stars

22 stars

Watchers

5 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages