ADEnum.py是一种渗透测试工具,可以通过 LDAP 协议发现错误配置,并利用 Kerberos 的其中一些弱点。
█████╗ ██████╗ ███████╗███╗ ██╗██╗ ██╗███╗ ███╗██╔══██╗██╔══██╗ ██╔════╝████╗ ██║██║ ██║████╗ ████║███████║██║ ██║ █████╗ ██╔██╗ ██║██║ ██║██╔████╔██║██╔══██║██║ ██║ ██╔══╝ ██║╚██╗██║██║ ██║██║╚██╔╝██║██║ ██║██████╔╝ ███████╗██║ ╚████║╚██████╔╝██║ ╚═╝ ██║╚═╝ ╚═╝╚═════╝ ╚══════╝╚═╝ ╚═══╝ ╚═════╝ ╚═╝ ╚═╝usage: ADenum.py -d [domain] -u [username] -p [password]Pentest tool that detect misconfig in AD with LDAPoptions:-h, --help show this help message and exit-d [domain] The name of domain (e.g. "test.local")-u [username] The user name-p [password] The user password-ip [ipAddress] The IP address of the server (e.g. "1.1.1.1")-j Enable hash cracking (john)-jp [path] John binary path-w [wordList] The path of the wordlist to be used john (Default: /usr/share/seclists/Passwords/Leaked-Databases/rockyou.txt-v, --version Show program's version number and exit-s Use LDAP with SSL-c, --NPUsersCheck Check with GetNPUsers.py for ASREP Roastable
Requirement
Impacket (https://github.com/SecureAuthCorp/impacket)
John (https://github.com/openwall/john)
Python 3
If you are using debian or ubuntu:
$ sudo apt-get install libsasl2-dev python-dev libldap2-dev libssl-devkali
$ sudo apt-get install libsasl2-dev python2-dev libldap2-dev libssl-devpip3
$ pip3 install -r requirements.txt特性和功能
LDAP
枚举域管理员用户
枚举域控制器
枚举密码未过期的域用户
使用旧密码枚举域用户
具有有趣描述的枚举域用户
没有默认加密的枚举域用户
枚举具有保护特权域帐户的域用户
枚举没有默认对象属性的域用户
项目地址:https://github.com/SecuProject/ADenum
文章来源: http://mp.weixin.qq.com/s?__biz=MzAxMjYyMzkwOA==&mid=2247497213&idx=2&sn=fab24ac482674cd0cce9d2cfb5e2fde0&chksm=9badbcb6acda35a0a6bb5470c80ee0b4d763250becc6dac25bb9952c553734e1f7f77ff36f31#rd
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh