linWinPwn is a bash script that automates a number of Active Directory Enumeration and Vulnerability checks. The script leverages and is dependent of a number of tools including: impacket, bloodhound, crackmapexec, ldapdomaindump, lsassy, smbmap, kerbrute, adidnsdump.
Git clone the repository and make the script executable
git clone https://github.com/lefayjey/linWinPwn
cd linWinPwn; chmod +x linWinPwn.sh
Install requirements on Kali machines using the install.sh
script
chmod +x install.sh
sudo ./install.sh
On non-Kali machines, run the install_nonkali.sh
script instead
chmod +x install_nonkali.sh
sudo ./install_nonkali.sh
If you’re having DNS issues or time sync errors, run the configure.sh
script with -d
for DNS update and -n
for NTP sync
WARNING: The script will update /etc/resolv.conf
chmod +x configure.sh
sudo ./configure.sh -t -d -n
The linWinPwn script contains 4 modules that can be used either separately or simultaneously.
Default (fastest): ad_enum,kerberos (Optional: run OPSEC safe checks only by using -O
)
./linWinPwn.sh -d -u -p -t -o
User modules: ad_enum,kerberos,scan_shares,vuln_checks,mssql_enum
./linWinPwn.sh -M user -d -u -p -t -o
All modules: ad_enum,kerberos,scan_shares,vuln_checks,mssql_enum,pwd_dump
./linWinPwn.sh -M all -d -u -p -t -o
Module ad_enum: Active Directory Enumeration
./linWinPwn.sh -M ad_enum -d -u -p -t -o
For each of the cases described, the linWinPwn script performs different checks as shown below.
Case 1: Unauthenticated
./linWinPwn.sh -M user -t
Case 2: Standard Account (using password, NTLM hash or Kerberos ticket)
./linWinPwn.sh -M user -d -u -p -t
Case 3: Administrator Account (using password, NTLM hash or Kerberos ticket)
-S
-S
./linWinPwn.sh -M all -d -u -p -t -S
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…