ADCollector is a lightweight tool that enumerates the Active Directory environment to identify possible attack vectors. It will give you a basic understanding of the configuration/deployment of the environment as a starting point.
Notes:
It is not an alternative to the powerful PowerView, it just automates enumeration to quickly identify juicy information without thinking too much at the early Recon stage.
Functions implemented in ADCollector are ideal for enumeration in a large Enterprise environment with lots of users/computers, without generating lots of traffic and taking a large amount of time.
It only focuses on extracting useful attributes/properties/ACLs from the most valuable targets instead of enumerating all available attributes from all the user/computer objects in the domain. You will definitely need PowerView to do more detailed enumeration later.
The aim of developing this tool is to help me learn more about Active Directory security in a different perspective as well as to figure out what’s behind the scenes of those PowerView functions. I just started learning .NET with C#, the code could be really terrible~
It uses S.DS namespace to retrieve domain/forest information from the domain controller(LDAP server). It also utilizes S.DS.P namespace for LDAP searching.
Enumeration
Also Read – EvilApp : Phishing Attack Using An Android Application
Usage
C:\Users> ADCollector.exe -h
Usage: ADCollector.exe -h
–Domain (Default: current domain)
Enumerate the specified domain
–Ldaps (Default: LDAP)
Use LDAP over SSL/TLS
–Spns (Default: no SPN scanning)
Enumerate SPNs
–Term (Default: ‘pass’)
Term to search in user description field
–Acls (Default: ‘Domain object’)
Interesting ACLs on an object
Example: .\ADCollector.exe –SPNs –Term key –ACLs ‘CN=Domain Admins,CN=Users,DC=lab,DC=local’
Changelog
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…