• Advertise
  • SS7 Hacking
Saturday, January 28, 2023
No Result
View All Result
I Need Hack - Hacking Tutorials, News, Tips
  • Home
  • Exploits

    Razer Synapse 3.7.0731.072516 Local Privilege Escalation

    Micro Focus GroupWise Session ID Disclosure

    PHPJabbers Car Rental Script 3.0 SQL Injection

    Secure Web Gateway 10.2.11 Cross Site Scripting

    Inout Jobs Portal 2.2.2 Cross Site Scripting

    Inout Jobs Portal 2.2.2 SQL Injection

    Inout Music 5.1.1 SQL Injection

    Cacti 1.2.22 Command injection

    Inout Search Engine 10.1.3 Cross Site scripting

    Trending Tags

    • sms exploit
    • ss7 software
    • simswap software
    • jpg exploit
    • kali linux
  • Hacking News

    TROJANPUZZLE Attack Forces AI Assistants to Suggest Rogue Coding

    Multiple Vulnerabilities Found In Samsung Galaxy App Store App

    Researchers Find Class Pollution-A Prototype Pollution Variant That Affects Python

    Be on the lookout for this AnyDesk Phishing campaign that delivers Vidar info stealer

    Brave Browser turns your device into a proxy for others via “Snowflake” Feature

    This tool, “telerwaf”, protects go apps from web-based attacks

    Microsoft Patch Tuesday, January 20,23 with 98 Bug Fixes

    Multiple bug fixes released by Qualcomm and Lenovo

    Fortinet Patched Multiple Vulnerabilities In FortiADC And FortiTester

  • Hacking Tools
    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

    Monitor Docker containers metrics and other events

    Management of vulnerability with Wazuh Open Source XDR

    Seven Tips for Building a Banking App That is User-Friendly

    Trending Tags

    • hacking tools
    • hacking software
    • hacking tips
    • ss7 attacks
    • simswap software
    • sms exploit
  • Hacking Tutorials
    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

    Monitor Docker containers metrics and other events

    CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

    CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

    Management of vulnerability with Wazuh Open Source XDR

  • Kali Linux

    The Terminal Application Cypherhound contains 260+ Neo4j Cyphers for BloodHound DataSets

    Subparse: Modular Malware Analysis Artifact Collection And Correlation Framework

    AzureHound : Azure Data Exporter For BloodHound

    Xerror is an automated penetration testing tool with GUI

    Mongoaudit is an audit and pentesting tool for MongoDB databases

    ADFSRelay – Proof of Concept Utilities Developed For Researching NTLM Relaying Attacks Targeting ADFS

    Azure Sentinel protects Kubernetes deployments

    Reconator Automated Recon For Pentesting and Bug Bounty

    Kali Linux (is!) Everywhere

    Trending Tags

    • kali linux
    • kali tools
    • hacking tools kali
    • kali hacking
    • pentesting
  • Security
    PlugX Malware Sneaks Onto Windows PCs Through USB Devices

    PlugX Malware Sneaks Onto Windows PCs Through USB Devices

    Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

    Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

    Hackers Abuse Legitimate Remote Monitoring Tools to Steal Banking Data

    Hackers Abuse Legitimate Remote Monitoring Tools to Steal Banking Data

    Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized

    Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized

    New Python Malware Targeting Windows Devices

    New Python Malware Targeting Windows Devices

    Blank Image Attack: Blank Images Used to Evade Anti-Malware Checks

    Blank Image Attack: Blank Images Used to Evade Anti-Malware Checks

    Ticketmaster: Taylor Swift ticket sales disrupted by bot-driven attack

    Ticketmaster: Taylor Swift ticket sales disrupted by bot-driven attack

    U.S. Sues Google for Dominance Over Digital Advertising Technologies

    U.S. Sues Google for Dominance Over Digital Advertising Technologies

    New Wave of Cyberattacks Targeting MS Exchange Servers

    New Wave of Cyberattacks Targeting MS Exchange Servers

  • Advertise
  • Home
  • Exploits

    Razer Synapse 3.7.0731.072516 Local Privilege Escalation

    Micro Focus GroupWise Session ID Disclosure

    PHPJabbers Car Rental Script 3.0 SQL Injection

    Secure Web Gateway 10.2.11 Cross Site Scripting

    Inout Jobs Portal 2.2.2 Cross Site Scripting

    Inout Jobs Portal 2.2.2 SQL Injection

    Inout Music 5.1.1 SQL Injection

    Cacti 1.2.22 Command injection

    Inout Search Engine 10.1.3 Cross Site scripting

    Trending Tags

    • sms exploit
    • ss7 software
    • simswap software
    • jpg exploit
    • kali linux
  • Hacking News

    TROJANPUZZLE Attack Forces AI Assistants to Suggest Rogue Coding

    Multiple Vulnerabilities Found In Samsung Galaxy App Store App

    Researchers Find Class Pollution-A Prototype Pollution Variant That Affects Python

    Be on the lookout for this AnyDesk Phishing campaign that delivers Vidar info stealer

    Brave Browser turns your device into a proxy for others via “Snowflake” Feature

    This tool, “telerwaf”, protects go apps from web-based attacks

    Microsoft Patch Tuesday, January 20,23 with 98 Bug Fixes

    Multiple bug fixes released by Qualcomm and Lenovo

    Fortinet Patched Multiple Vulnerabilities In FortiADC And FortiTester

  • Hacking Tools
    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

    Monitor Docker containers metrics and other events

    Management of vulnerability with Wazuh Open Source XDR

    Seven Tips for Building a Banking App That is User-Friendly

    Trending Tags

    • hacking tools
    • hacking software
    • hacking tips
    • ss7 attacks
    • simswap software
    • sms exploit
  • Hacking Tutorials
    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Authentication Flood | Wireless Network Attacks [FREE COURSE CONTENT]

    Here are some tips for students to help protect their data privacy

    Client-Side Exploitation [FREE COURSE VIDEO]

    What Common Security Problems Are Cloud-Based Networks?

    Penetration testing OWASP Top 10 Vulnerabilities [FREE COURSE CONTENT]

    OSINT Fundamentals [FREE COURSE CONTENT]

    Monitor Docker containers metrics and other events

    CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

    CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability

    Management of vulnerability with Wazuh Open Source XDR

  • Kali Linux

    The Terminal Application Cypherhound contains 260+ Neo4j Cyphers for BloodHound DataSets

    Subparse: Modular Malware Analysis Artifact Collection And Correlation Framework

    AzureHound : Azure Data Exporter For BloodHound

    Xerror is an automated penetration testing tool with GUI

    Mongoaudit is an audit and pentesting tool for MongoDB databases

    ADFSRelay – Proof of Concept Utilities Developed For Researching NTLM Relaying Attacks Targeting ADFS

    Azure Sentinel protects Kubernetes deployments

    Reconator Automated Recon For Pentesting and Bug Bounty

    Kali Linux (is!) Everywhere

    Trending Tags

    • kali linux
    • kali tools
    • hacking tools kali
    • kali hacking
    • pentesting
  • Security
    PlugX Malware Sneaks Onto Windows PCs Through USB Devices

    PlugX Malware Sneaks Onto Windows PCs Through USB Devices

    Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

    Yandex Denies Hack – Source Code Leaked on Popular Hacking Forum

    Hackers Abuse Legitimate Remote Monitoring Tools to Steal Banking Data

    Hackers Abuse Legitimate Remote Monitoring Tools to Steal Banking Data

    Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized

    Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized

    New Python Malware Targeting Windows Devices

    New Python Malware Targeting Windows Devices

    Blank Image Attack: Blank Images Used to Evade Anti-Malware Checks

    Blank Image Attack: Blank Images Used to Evade Anti-Malware Checks

    Ticketmaster: Taylor Swift ticket sales disrupted by bot-driven attack

    Ticketmaster: Taylor Swift ticket sales disrupted by bot-driven attack

    U.S. Sues Google for Dominance Over Digital Advertising Technologies

    U.S. Sues Google for Dominance Over Digital Advertising Technologies

    New Wave of Cyberattacks Targeting MS Exchange Servers

    New Wave of Cyberattacks Targeting MS Exchange Servers

  • Advertise
No Result
View All Result
I Need Hack - Hacking Tutorials, News, Tips
SS7 SMS Intercept SS7 SMS Intercept SS7 SMS Intercept
Home Kali Linux

Autobloody: A Tool to Automatically Explore Active Directory Privilege Escalation Routes (Shown by BloodHound)

by Ineedhack
January 3, 2023
in Kali Linux
0
80
SHARES
499
VIEWS
Share on FacebookShare on Twitter
Kripkey Spy Phone Kripkey Spy Phone Kripkey Spy Phone

Autobloodyis an application that automatically exploits Active Directory privilege escalation pathways shown by BloodHound.

Description

The tool automates AD privesc between AD objects. This includes the source (the AD object we have) and target (the AD object we wish). If a BloodHound database has a privesc path, this tool will also do the same. Two steps make up the automation:

  • Utilizing bloodhound data, neo4j queries and bloodhound data to determine the best path to privesc.
  • Follow the directions provided by bloodyAD Package

Autobloody uses to authenticate. It supports cleartext passwords and pass-the–hash or pass-the–ticket authentication. Additionally, autobloody binds to the LDAP services provided by a domain controller in order to provide AD privesc.

Installation

To make kerberos work, first you need and libkrb5_dev on Linux.

Debian/Ubuntu/Kali @ Centos/RHEL at apt-get libkrb5_dev Fedora @ Fedora @ Fedora install krb5–devel Arch Linux Pacman -S. krb5

You can purchase a python bundle:

Pip Install Autobloody

You can also clone it:

git clone --depth 1 https://github.com/CravateRouge/autobloody pip install .

Dependencies

  • Neo4j python driver
  • Neo4j and the library
  • BloodHound
  • Python 3.
  • Gssapi, Linux or Winkerberos for Windows

It’s how to use it

BloodHound must import the first data (e.g. using SharpHound, BloodHound.py), and Neo4j should be up.

-ds, -dt values are case sensitive


Simple use:

autobloody --u John.doe--p "Password123!" --host 192.168.10.2 -dp '[email protected]' -ds '[email protected]' -dt 'BLOODY.LOCAL'


Full Help:

[bloodyAD]$ ./autobloody.py -h usage: autobloody.py [-h] [--dburi DBURI] [-du DBUSER] -dp DBPASSWORD -ds DBSOURCE -dt DBTARGET [-d DOMAIN] [-u USERNAME] [-p PASSWORD] [-k] [-c CERTIFICATE] [-s] --host HOST AD Privesc Automation options: -h, --help show this help message and exit --dburi DBURI The host neo4j is running on (default is "bolt://localhost:7687") -du DBUSER, --dbuser DBUSER Neo4j username to use (default is "neo4j") -dp DBPASSWORD, --dbpassword DBPASSWORD Neo4j password to use -ds DBSOURCE, --dbsource DBSOURCE Case sensitive label of the source node (name property in bloodhound) -dt DBTARGET, --dbtarget DBTARGET Case sensitive label of the target node (name property in bloodhound) -d DOMAIN, --domain DOMAIN Domain used for NTLM authentication -u USERNAME, --username USERNAME Username used for NTLM authentication -p PASSWORD, --password PASSWORD Cleartext password or LMHASH:NTHASH for NTLM authentication -k, --kerberos -c CERTIFICATE, --certificate CERTIFICATE Certificate authentication, e.g: "path/to/key:path/to/cert" -s, --secure Try to use LDAP over TLS aka LDAPS (default is LDAP) --host HOST Hostname or IP of the DC (ex: my.dc.local or 172.16.1.3)

It works

The Dijkstra algorithm is used to find the first privesc path. It has been integrated into Neo4j’s GDS library. Dijkstra’s algorithm solves the problem of finding the shortest path on a weighted diagram. BloodHound’s edges don’t have a weight by default, but they do have a type (e.g MemberOf or WriteOwner). Each edge is given a weight based on the type and node it has reached. (e.g user.group.domain).

After generating a path, autobloody will connect with the DC to execute it and remove what’s reversible.

There are limitations

The following BloodHound edges can be used for automatic exploitation at the moment:

  • MemberOf
  • ForceChangePassword
  • AddMembers
  • AddSelf
  • DCSync
  • GetChanges/GetChangesAll
  • GenericAll
  • WriteDacl
  • GenericWrite
  • WriteOwner
  • Owners
  • This contains
  • AllExtendedRights
Tags: android hackingfacebook hackshacking softwarehacking tipshacking toolshacking tools kalihacking tutorialskalikali hackingkali linuxkali linux tutorialskali toolssms intercept
Ineedhack

Ineedhack

Next Post

RedThief Hacker Group Targets Students in The U.K. To Steal Financial Data

Sim Swap Software Sim Swap Software Sim Swap Software

Recommended

XNU vm_map_copy_overwrite_unaligned Race Condition

2 weeks ago

This tool, “telerwaf”, protects go apps from web-based attacks

2 weeks ago

Popular News

    • Advertise
    • SS7 Hacking

    ©2017- 2022 Hacking Tutorials

    No Result
    View All Result
    • Home
    • Exploits
    • Hacking News
    • Hacking Tools
    • Hacking Tutorials
    • Kali Linux
    • Security
    • Advertise