Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/CravateRouge/bloodyAD

BloodyAD is an Active Directory Privilege Escalation Framework
https://github.com/CravateRouge/bloodyAD

Last synced: 3 months ago
JSON representation

BloodyAD is an Active Directory Privilege Escalation Framework

Host: GitHub
URL: https://github.com/CravateRouge/bloodyAD
Owner: CravateRouge
License: mit
Created: 2021-10-11T15:07:26.000Z (about 3 years ago)
Default Branch: main
Last Pushed: 2024-06-14T07:55:25.000Z (5 months ago)
Last Synced: 2024-06-14T09:06:19.718Z (5 months ago)
Language: Python
Size: 516 KB
Stars: 1,103
Watchers: 13
Forks: 109
Open Issues: 3
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - CravateRouge/bloodyAD - BloodyAD is an Active Directory Privilege Escalation Framework (Python)

README

        > :warning: autobloody has been moved to its own [repo](https://github.com/CravateRouge/autobloody)  

# ![bloodyAD logo](https://repository-images.githubusercontent.com/415977068/9b2fed72-35fb-4faa-a8d3-b120cd3c396f) bloodyAD

`bloodyAD` is an Active Directory privilege escalation swiss army knife

## Description

This tool can perform specific LDAP calls to a domain controller in order to perform AD privesc.

`bloodyAD` supports authentication using cleartext passwords, pass-the-hash, pass-the-ticket or certificates and binds to LDAP services of a domain controller to perform AD privesc.

Exchange of sensitive information without LDAPS is supported.

It is also designed to be used transparently with a SOCKS proxy.

Simple usage:

```ps1

bloodyAD --host 172.16.1.15 -d bloody.local -u jane.doe -p :70016778cb0524c799ac25b439bd6a31 set password john.doe 'Password123!'

```

See the [wiki](https://github.com/CravateRouge/bloodyAD/wiki) for more.

## Support

Like this project? Donations are greatly appreciated :relaxed: [![](https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&color=%23fe8e86)](https://github.com/sponsors/CravateRouge)

Need personalized support? send me an [email](mailto:[email protected]) for trainings or custom features.

## Acknowledgements

- Thanks to [@skelsec](https://github.com/skelsec) for his amazing libraries especially [MSLDAP](https://github.com/skelsec/msldap) which is now the engine on which bloodyAD is running.

- Thanks to [impacket](https://github.com/fortra/impacket) contributors. [Structures](https://github.com/fortra/impacket/blob/master/impacket/structure.py) and several [LDAP attacks](https://github.com/fortra/impacket/blob/master/impacket/examples/ntlmrelayx/attacks/ldapattack.py) are based on their work.

- Thanks to [@PowerShellMafia](https://github.com/PowerShellMafia) team ([PowerView.ps1](https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1)) and their work on AD which inspired this tool.

- Thanks to [@dirkjanm](https://github.com/dirkjanm) ([adidnsdump.py](https://github.com/dirkjanm/adidnsdump)) and ([@Kevin-Robertson](https://github.com/Kevin-Robertson))([Invoke-DNSUpdate.ps1](https://github.com/Kevin-Robertson/Powermad/blob/master/Invoke-DNSUpdate.ps1)) for their work on AD DNS which inspired DNS functionnalities.

- Thanks to [@p0dalirius](https://github.com/p0dalirius/) and his [pydsinternals](https://github.com/p0dalirius/pydsinternals) module which helped to build the shadow credential attack