wh0amitz/SharpRODC wh0amitz/SharpRODC

  • Stars
    star
    110
  • Rank 315,219 (Top 7 %)
  • Language
    C#
  • Created 10 months ago
  • Updated 10 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
wh0amitz/SharpRODC
github

wh0amitz

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

To audit the security of read-only domain controllers

SharpRODC

To audit the security of read-only domain controllers, I created the SharpRODC project, a simple .NET tool for RODC-related misconfiguration. For more details on attacking RODC please read my blog: Revisiting a Abuse of Read-Only Domain Controllers (RODCs)

The tool enumerates the following from Active Directory:

  • DACL of the RODC object
  • RODC's Krbtgt account
  • DACL of the "Allowed RODC Password Replication Group" object
  • DACL of the "Denied RODC Password Replication Group" object
  • "managedBy" attribute value of RODC object
  • DACL of the user or group to whom RODC administrative rights are delegated
  • "msDS-RevealOnDemandGroup" attribute value of the RODC object
  • "msDS-NeverRevealGroup" attribute value of the RODC object
  • "msDS-RevealedList attribute" value of the RODC object
  • RODC-related DACL on the domain partition object

More Repositories

1

KRBUACBypass

UAC Bypass By Abusing Kerberos Tickets
C#
461
star
2

SharpADWS

Active Directory reconnaissance and exploitation for Red Teams via the Active Directory Web Services (ADWS).
C#
440
star
3

PetitPotato

Local privilege escalation via PetitPotam (Abusing impersonate privileges).
C
403
star
4

S4UTomato

Escalate Service Account To LocalSystem via Kerberos
C#
386
star
5

BypassCredGuard

Credential Guard Bypass Via Patching Wdigest Memory
C++
303
star
6

CTFCON2023-POC

C#
18
star
7

Sharp-WMIEvent

The script realizes intranet lateral movement and permission persistence through WMI event subscription.
PowerShell
14
star
8

wh0amitz.github.io

HTML
6
star
9

wh0amitz

3
star