Description
This was released with screenshots & use-cases on the following blogs: Max Release, Updates & Primitives & DPAT
A new potential attack primitive was added to this tool during my research, see the add-spns
section for full details.
Usage
Installation
Ideally there shouldn’t be much to install, but I’ve included a requirements.txt file just in case. Tested on Kali Linux & Windows 10, all functionality should work for both linux and Windows operating systems.
pip3 install -r requirements.txt
Neo4j Creds
Neo4j credentials can be hardcoded at the beginning of the script OR they can be provided as CLI. If both areas are left blank, you will be prompted for the uname/password.
python3 max.py -u neo4j -p neo4j {module} {args}
python3 max.py {module} {args}
Neo4j Username: neo4j
Neo4j Password:
Quick Use
python3 max.py -h
python3 max.py {module} -h
python3 max.py mark-owned -f owned.txt
python3 max.py mark-owned -f owned.txt –add-note “Owned by repeated local admin”
python3 max.py get-info –users
python3 max.py get-info –users –enabled
USER01@DOMAIN.LOCAL
USER02@DOMAIN.LOCAL
…
python3 max.py get-info –group-members “domain controllers@domain.local”
python3 max.py get-info –adminto USER01@DOMAIN.LOCAL
python3 max.py get-info –owned –get-note
python3 max.py query -q “MATCH (n:User),(m:Group {name:’DOMAIN ADMINS@DOMAIN.LOCAL’}) MATCH (n)-[*1..]->(m) RETURN DISTINCT(n.name)”
python3 max.py del-edge CanRDP
python3 max.py add-spns -b
python3 max.py add-spns -i getuserspns-raw-output.txt
python3 max.py dpat -n ~/client/ntds.dit -p ~/.hashcat/hashcat.potfile -o ouputdir –html –sanitize
python3 max.py pet-max
Object Files & Specification
Objects in file, must contain FQDN within, capitalization does not matter. This also applies to whenever a CLI username/computer name is supplied.
user01@domain.local <- will be added / correct CLI input
group01@domain.local <- will be added / correct CLI input
computer01.domain.local <- will be added / correct CLI input
ComPutEr01.doMAIn.LOcaL <- will be added / correct CLI input
user02 <- will not be added / incorrect CLI input
computer02 <- will not be added / incorrect CLI input
Further Work
I hope to include an analyze
function to provide some sort functionality similar to PlumHound/Cypheroth. Lastly, thinking about creating a Powershell version for those running Neo4j on Windows, but I’m trash at Powershell so TBD.
Any other features and improvements welcome, find me @knavesec in the BloodHoundGang Slack channel and on Twitter.
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…