All tools needed for AD Enumeration, Local Privilege Escalation (seImpersonate), Exploitation (Credential Harvesting) and Lateral Movement in one place.
- Invoke-ConPtyShell.ps1 - ConPtyShell is a Fully Interactive Reverse Shell for Windows systems.
- Powerup.ps1 - PowerUp aims to be a clearinghouse of common Windows privilege escalation vectors that rely on misconfigurations.
- PowerView.ps1 - PowerView is a PowerShell tool to gain network situational awareness on Windows domains.
- winPEASany.exe - These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily.
- Ghostpack Compiled Binaries - Compiled binaries for GhostPack authored by @harmj0y.
- Sharphound.exe-ps1 - Bloodhound ingestor (version 1.1.1 works with BloodHound version 4.3.1)
- QuickView.ps1 - QuickView is an automated enumeration tool inspired by winPEAS. (Useful in Windows Domains)
- GetCLSID.ps1 - This script extracts CLSIDs and AppIDs related to LocalService.
- Juicy Potato
- Rogue Potato
- GodPotato_Net4
- PrintSpoofer
- mimikatz.exe - Tool to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. (Includes invoke-mimikatz.ps1)
- Spray-Passwords.ps1 - Custom password spray tool for AD.
- kerbrute - A tool to quickly bruteforce and enumerate valid Active Directory accounts through Kerberos Pre-Authentication.
- Ghostpack Compiled Binaries - Compiled binaries for GhostPack authored by @harmj0y.
- PsLoggedon.exe - PsLoggedOn is an applet that displays both the locally logged on users and users logged on via resources for either the local computer, or a remote one.
- PSexec.exe - PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software.
- Chisel.exe - Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH.
- This directory contains various scripts and instructions that aids us in the preparation of Client Side attacks leveraging Windows Library files (using WebDAV, shortcut files).
- winlib_gen - winlib_gen is a tool I wrote in Bash and Python which automates the creation of a malicious Windows library file.
- Clone this repo
git clone git@github.com:gustanini/AD_Pentest_Bundle.git
- Move into repo
AD_Pentest_Bundle
- Start SMB Server with impacket
impacket-smbserver {ShareName} . -smb2support
- Copy full folder into target
xcopy \\YourIP\ShareName\* . /E