{"id":17995151,"url":"https://github.com/p0dalirius/accountshadowtakeover","last_synced_at":"2025-10-12T00:08:20.492Z","repository":{"id":45287476,"uuid":"418596684","full_name":"p0dalirius/AccountShadowTakeover","owner":"p0dalirius","description":"A python script to automatically add a KeyCredentialLink to newly created users, by quickly connecting to them with default credentials.","archived":false,"fork":false,"pushed_at":"2024-03-17T07:40:25.000Z","size":30,"stargazers_count":22,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-06-27T07:46:52.372Z","etag":null,"topics":["account","credentials","shadow","takeover","user"],"latest_commit_sha":null,"homepage":"https://podalirius.net/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/p0dalirius.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"p0dalirius","patreon":"Podalirius"}},"created_at":"2021-10-18T17:11:25.000Z","updated_at":"2025-06-23T08:30:20.000Z","dependencies_parsed_at":"2024-03-16T09:36:53.340Z","dependency_job_id":"df711721-91b1-41a0-81b4-a02ba033300b","html_url":"https://github.com/p0dalirius/AccountShadowTakeover","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/p0dalirius/AccountShadowTakeover","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FAccountShadowTakeover","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FAccountShadowTakeover/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FAccountShadowTakeover/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FAccountShadowTakeover/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/p0dalirius","download_url":"https://codeload.github.com/p0dalirius/AccountShadowTakeover/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/p0dalirius%2FAccountShadowTakeover/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279009475,"owners_count":26084609,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["account","credentials","shadow","takeover","user"],"created_at":"2024-10-29T20:18:03.732Z","updated_at":"2025-10-12T00:08:20.430Z","avatar_url":"https://github.com/p0dalirius.png","language":"Python","funding_links":["https://github.com/sponsors/p0dalirius","https://patreon.com/Podalirius"],"categories":[],"sub_categories":[],"readme":"![](./.github/banner.png)\n\n\u003cp align=\"center\"\u003e\n    A python script to automatically add a KeyCredentialLink to newly created users, by quickly connecting to them with default credentials.\n    \u003cbr\u003e\n    \u003cimg alt=\"GitHub release (latest by date)\" src=\"https://img.shields.io/github/v/release/p0dalirius/Hashes-Harvester\"\u003e\n    \u003ca href=\"https://twitter.com/intent/follow?screen_name=podalirius_\" title=\"Follow\"\u003e\u003cimg src=\"https://img.shields.io/twitter/follow/podalirius_?label=Podalirius\u0026style=social\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://www.youtube.com/c/Podalirius_?sub_confirmation=1\" title=\"Subscribe\"\u003e\u003cimg alt=\"YouTube Channel Subscribers\" src=\"https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social\"\u003e\u003c/a\u003e\n    \u003cbr\u003e\n\u003c/p\u003e\n\n\u003e [!WARNING]\n\u003e The idea is fun, but does not work for now. It will maybe work one day when a new technique to allow a user to write its own `msDS-KeyCredentialLink` attribute is found.\n\n## Features \n\n - [x] Automatically add a `msDS-KeyCredentialLink` to newly created users using default password.\n\n## Workflow\n\nRequirements :\n - Knowledge of the default password attrributed to new users in the domain.\n - PKINIT ?\n\n 1. Wait for a new User account to be created\n 2. Connect with the default password\n 3. Add `msDS-KeyCredentialLink` field to the account\n 4. Goto 1\n\n```\n[+]======================================================\n[+]    AccountShadowTakeover v1.0        @podalirius_    \n[+]======================================================\n\n[\u003e] Waiting for new user creations ...\n[+] User 'CN=takeuser20,CN=Users,DC=LAB,DC=local' was added.\n   [\u003e] Trying to add shadow credentials to 'takeuser20'\n     | Trying to authenticate with user 'LAB.local\\takeuser20' and password 'Corp2021!'\n     | Authentication successful!\n     | Generating certificate\n     | Certificate generated\n     | Generating KeyCredential\n     | KeyCredential generated with DeviceID: cdb617df-94cc-2319-cc4e-999001fbd978\n     | Updating the msDS-KeyCredentialLink attribute of takeuser20\n{'result': 50, 'description': 'insufficientAccessRights', 'dn': '', 'message': '00002098: SecErr: DSID-03150F94, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0\\n\\x00', 'referrals': None, 'type': 'modifyResponse'}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp0dalirius%2Faccountshadowtakeover","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fp0dalirius%2Faccountshadowtakeover","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fp0dalirius%2Faccountshadowtakeover/lists"}