Skip to content
/ LogonScriptsScanner Public

Tool designed to detect Logon Scripts that could lead to Lateral Windows Movement

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gunzf0x/LogonScriptsScanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
images
images
 
 
LogonScriptScanner.sh
LogonScriptScanner.sh
 
 
README.md
README.md
 
 

Repository files navigation

LogonScriptsScanner

A simple tool to analyze NETLOGON share and check if it can be abused to move laterally on Windows machines.

Pre-requisites

  1. We need a valid user of an Active Directory domain and its credentials (password in plain text).
  2. This tools needs 4 other tools to work:
  • bloodyAD
  • rpcclient
  • smbcacls
  • smbclient

To install bloodyAD just execute in a terminal:

❯ sudo apt update -y
❯ sudo apt-get install libkrb5-dev -y
❯ pip3 install bloodyAD

or, under your own risk,

❯ pip3 install bloodyAD --break-system-packages

To install rpcclient, smbcacls and smbclient execute in a terminal:

sudo apt update -y && sudo apt install smbclient -y

Usage

Use the credentials of a valid user in the domain to extract info about potential Logon Scripts that could lead to lateral movement:

❯ ./LogonScriptScanner.sh <USER> <PASSWORD> <DOMAIN> <IP>

For example:

❯ ./LogonScriptScanner.sh julio 'SecurePassJul!08' inlanefreight.local 10.129.71.7

Example 1

Example 2

Disclaimer

Use this tool for ethical purposes only (:

About

Tool designed to detect Logon Scripts that could lead to Lateral Windows Movement

Topics

windows bash active-directory penetration-testing pentesting bash-script ethical-hacking red-team pentesting-tools pentesting-tool ethical-hacking-tools logon-script windows-lateral-movement

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages