Crypt0s/DelegationBOF

Stars
135
Rank 267,784 (Top 6 %)
Language
C++
License
MIT License
Created over 2 years ago
Updated over 2 years ago

Crypt0s/DelegationBOF

Crypt0s

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

DelegationBOF

This tool uses LDAP to check a domain for known abusable Kerberos delegation settings. Currently, it supports RBCD, Constrained, Constrained w/Protocol Transition, and Unconstrained Delegation checks.

Despite the name, I decided to add in a couple more features since the bulk of the code was already there. So now there is a get-spns command as well which can look for ASREP accounts or Kerberoastable SPNs.

Instructions

Clone, run make, add the .cna to your CS client.

Delegation Accounts

run help get-delegation

Syntax: get-delegation [Type] [optional: FQDN]

Type options : RBCD, Constrained, ConstrainedProto, Unconstrained, All

If no domain is provided, the local domain is used.

Kerberoastable Accounts

run help get-spns

Syntax: get-spns [Type] [optional: FQDN]

Type options : spns, ASREP, All

If no domain is provided, the local domain is used.

Potential issues

In order to make the output not terrible I'm using Cobalt Strike's built in BeaconFormatAlloc fuction. This requires a preset buffer, which I set to 2048. If you are testing in a large domain I would suggest increasing this before running.

FakeDns

A regular-expression based python MITM DNS server with support for DNS Rebinding attacks

Ekko_CFG_Bypass

A PoC for adding NtContinue to CFG allowed list in order to make Ekko work in a CFG protected process

smb-scan

Python-based SMB Share scanner -- scans a bunch of computers, outputs the path and the file permissions for the account

Ramen

Python-based network file scanner

AirReader

A Python-Based script designed to output stable and screen-scrapable lists of wireless networks

airview

A python web application compliment to py80211 which allows you to visualize the airwaves around you with your web browser.

bingraph

Utility(ies?) for helping to manage the relationships between sets of binaries and their libraries

PiWAT

QuickTestNet

Throw up a quick WiFi Access Point from your Linux OS to do further testing of a target device

The-Heap

The Inventory System For Hackerspaces

SimplePhish

Easy-to-modify Python webserver capable of being used for phishing campaigns

MailStats

A collection of scripts that allow a user to download an IMAP folder and perform statistical analysis on the resulting set of emails.

pySimpleBrute

Simple Python password brute forcer for use against web services

zigbit900

Collection of important documents, files, documentation for Zigbit AT86RF212B sub-ghz Zigbee chip

signage

Display useful information on an LED Signboard

fskjs

A javascript widget which turns ASCII into a image of its Frequency Shift Keying representation

Draconic

A toy attempt at parsing XML acting as markup for Dungeons and Dragons campaigns

PipeBender

Web Sockets Proxy tool written in node - allows you to see and inject content into websockets

Cachefiller

Fills the cache of a webbrowser. Could be useful in a number of ways, was an early attempt to knock out temp HSTS entries in browsers

Telekino

Deploys a Raspberry Pi CM4 image for use as a remote network access device in enterprise network security testing engagements