PetitPotam
GHunt
Our great sponsors
| PetitPotam | GHunt | |
|---|---|---|
| 6 | 12 | |
| 1,237 | 11,378 | |
| - | - | |
| 5.8 | 7.1 | |
| about 1 month ago | 23 days ago | |
| C | Python | |
| - | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
PetitPotam
-
path to domain admin
With unconstrained delegation you may be able to use Petitpoatm (https://github.com/topotam/PetitPotam) to coerce the DC to connect, which would provide you the DC$ machine account. Then you could use that to perform a DCSync attack to get the krbtgt account hash to craft golden tickets. It's worth checking out.
- Trying to understand Petitpotam but unable to run exploit correctly
-
Active Directory Certificate Services: Hardening Your Security
I expect an increasing number of attacks on Active Directory Certificate Services. In fact, a PetitPotam with ADCS NTLM Relaying attack has already come out since the SpecterOps paper was published, and SpecterOps is releasing ForgeCert, the Golden Ticket of Certificates, at BlackHat 2021. Therefore, itβs urgent to check for misconfigurations in your environment and remediate them promptly, and then to repeat the process on a regular basis.
-
NTLM Relay Attack PetitPotam: What We Know So Far
The actual weaponised petitepotam excutable has not been subject to such a filter: https://github.com/topotam/PetitPotam
Lionel Gilles, a French-based Offensive Computer Security researcher at Sogeti, an IT services company based in Paris, France (@topotam77 on Twitter), recently published a PoC tool called PetitPotam, which exploits the MS-EFSRPC (Encrypting File Services Remote Protocol).
- PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function
GHunt
- No. 2 is probably alive.
-
OSINT Tool to find someone's social media accounts using email address.
1 of all is not possible I think but you couls combine toutatis and GHunt, and maybe others
- Some information and advice about DDoS, from someone who was there during #opPayback
- List of resources
- So I resigned from Amazon on November 1st with proof of resignation submission and an email receipt to later find out that they never processed my resignation and terminated me on the 15 for "No call, No show" is tha even legal? To deny someone's resignation and then fire him?
-
How can I find a specific person's Google Maps contributions page?
For example you can do it with this : mxrch/GHunt: π΅οΈββοΈ Investigate Google emails and documents. (github.com)
-
[SL] What you need to know about the recent MangaDex data breach.
If you used a Gmail address to sign up to MangaDex this might also be a good opportunity to check your Gmail address with GHunt (https://github.com/mxrch/GHunt), Its a program written in Python that automatically extracts and displays info from any Gmail address.
- [Thread] Climate change "activist" Greta accidentally leaks propaganda toolkit - when tweeting in support of Indian farmers' protest. Reveals global plot to subvert democratic dialog in India
- [IMPORTANT] - Propaganda against India EXPOSED - I have taken screenshots of all the pages of documents I could access and highlighted important things for your convenience.
What are some alternatives?
sherlock - π Hunt down social media accounts by username across social networks
Profil3r - OSINT tool that allows you to find a person's accounts and emails + breached emails π΅οΈ
PoC-in-GitHub - π‘ PoC auto collect from GitHub. β οΈ Be careful Malware.
evilgrade - Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
soup - βοΈ Original open source call flooder using Twilio's API.
openvpn-install - OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
Osintgram - Osintgram is a OSINT tool on Instagram. It offers an interactive shell to perform analysis on Instagram account of any users by its nickname
pagodo - pagodo (Passive Google Dork) - Automate Google Hacking Database scraping and searching
CamPhish - Grab cam shots from target's phone front camera or PC webcam just sending a link.
Cameradar - Cameradar hacks its way into RTSP videosurveillance cameras
PetitPotam - PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.
PSPKIAudit - PowerShell toolkit for AD CS auditing based on the PSPKI toolkit.