SharpSCCM is a post-exploitation tool designed to leverage Microsoft Endpoint Configuration Manager (a.k.a. ConfigMgr, formerly SCCM) for lateral movement and credential gathering without requiring access to the SCCM administration console GUI.
SharpSCCM was initially created to execute user hunting and lateral movement functions ported from PowerSCCM (by @harmj0y, @jaredcatkinson, @enigma0x3, and @mattifestation) and now contains additional functionality to gather credentials and abuse newly discovered attack primitives for coercing NTLM authentication in SCCM sites where automatic site-wide client push installation is enabled.
Please visit the wiki for documentation detailing how to build and use SharpSCCM.
Chris Thompson is the primary author of this project. Duane Michael (@subat0mik) and Evan McBroom (@mcbroom_evan) are active contributors as well. Please feel free to reach out on Twitter (@_Mayyhem) with questions, ideas for improvements, etc., and on GitHub with issues and pull requests.
This tool was written as a proof of concept in a lab environment and has not been thoroughly tested. There are lots of unfinished bits, terrible error handling, and functions I may never complete. Please be careful and use at your own risk.
Intelligence analysts do not use OSINT only to collect information. They use it to turn…
OSINT reconnaissance is the first stage of ethical security research. Before testing anything, a security…
Yarn is a JavaScript package manager that works with npm. It makes it easy to install,…
Docker Compose is a command-line tool that lets you define and run multi-container Docker applications using a single…
The simplest approach is Ubuntu's multiverse repository. A single command installs both VirtualBox and the Extension…
If your team needs identical development environments across different operating systems, Vagrant is the tool that makes…