path to domain admin

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/Pentesting
#Impacket #Smb #Python #Netbios #Msrpc

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarLint - Clean code begins in your IDE with SonarLint
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • PetitPotam

    PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions.

    With unconstrained delegation you may be able to use Petitpoatm (https://github.com/topotam/PetitPotam) to coerce the DC to connect, which would provide you the DC$ machine account. Then you could use that to perform a DCSync attack to get the krbtgt account hash to craft golden tickets. It's worth checking out.

  • impacket

    Impacket is a collection of Python classes for working with network protocols.

    Check out impacket's ntlmrelayx: https://github.com/SecureAuthCorp/impacket/blob/master/examples/ntlmrelayx.py

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts