Exploitation Tools

ADCSKiller – An ADCS Exploitation Automation Tool

ADCSKiller is a Python-based tool designed to automate the process of discovering and exploiting Active Directory Certificate Services (ADCS) vulnerabilities.

It leverages the features of Certipy and Coercer to simplify the process of attacking ADCS infrastructure.

Please note that the ADCSKiller is currently in its first draft and will undergo further refinements and additions in future updates.

Features

  • Enumerate Domain Administrators via LDAP
  • Enumerate domain controllers via LDAP
  • Enumerate Certificate Authorities via Certipy
  • Exploitation of ESC1
  • Exploitation of ESC8

Installation

Since this tool relies on Certipy and Coercer, both tools have to be installed first.

git clone https://github.com/ly4k/Certipy && cd Certipy && python3 setup.py install
git clone https://github.com/p0dalirius/Coercer && cd Coercer && pip install -r requirements.txt && python3 setup.py install
git clone https://github.com/grimlockx/ADCSKiller/ && cd ADCSKiller && pip install -r requirements.txt

Usage

Usage: adcskiller.py [-h] -d DOMAIN -u USERNAME -p PASSWORD -t TARGET -l LEVEL -L LHOST

Options:
-h, --help Show this help message and exit.
-d DOMAIN, --domain DOMAIN
                        Target domain name. Use FQDN
-u USERNAME, --username USERNAME
                        Username.
-p PASSWORD, --password PASSWORD
                        Password.
-dc-ip TARGET, --target TARGET
                        IP Address of the domain controller.
-L LHOST, --lhost LHOST
                         FQDN of the listener machine - An ADIDNS is probably required

Todos

  • Tests, Tests, Tests
  • Enumerate the principals which are allowed to dcsync
  • Use dirkjanm’s gettgtpkinit.py to receive a ticket instead of Certipy auth
  • Support DC Certificate Authorities
  • ESC2–ESC7
  • ESC9 or ESC11?
  • Automated add an ADIDNS entry if required
  • Support DCSync functionality

Credits

Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a Comment
Share
Published by
Tamil S
Tags: Active Directory ExploitationADCS VulnerabilitiesAutomation Tools
1 year ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

2 weeks ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

4 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

4 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

4 weeks ago