Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/cravaterouge/bloodyad
BloodyAD is an Active Directory Privilege Escalation Framework
https://github.com/cravaterouge/bloodyad
Last synced: about 1 month ago
JSON representation
BloodyAD is an Active Directory Privilege Escalation Framework
- Host: GitHub
- URL: https://github.com/cravaterouge/bloodyad
- Owner: CravateRouge
- License: mit
- Created: 2021-10-11T15:07:26.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2024-09-24T11:49:10.000Z (about 2 months ago)
- Last Synced: 2024-10-02T00:40:16.131Z (about 1 month ago)
- Language: Python
- Size: 521 KB
- Stars: 1,190
- Watchers: 13
- Forks: 114
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
README
> :warning: autobloody has been moved to its own [repo](https://github.com/CravateRouge/autobloody)
# ![bloodyAD logo](https://repository-images.githubusercontent.com/415977068/9b2fed72-35fb-4faa-a8d3-b120cd3c396f) bloodyAD
`bloodyAD` is an Active Directory privilege escalation swiss army knife
## Description
This tool can perform specific LDAP calls to a domain controller in order to perform AD privesc.
`bloodyAD` supports authentication using cleartext passwords, pass-the-hash, pass-the-ticket or certificates and binds to LDAP services of a domain controller to perform AD privesc.
Exchange of sensitive information without LDAPS is supported.
It is also designed to be used transparently with a SOCKS proxy.
Simple usage:
```ps1
bloodyAD --host 172.16.1.15 -d bloody.local -u jane.doe -p :70016778cb0524c799ac25b439bd6a31 set password john.doe 'Password123!'
```See the [wiki](https://github.com/CravateRouge/bloodyAD/wiki) for more.
## Support
Like this project? Donations are greatly appreciated :relaxed: [![](https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&color=%23fe8e86)](https://github.com/sponsors/CravateRouge)Need personalized support? send me an [email](mailto:[email protected]) for trainings or custom features.
## Acknowledgements
- Thanks to [@skelsec](https://github.com/skelsec) for his amazing libraries especially [MSLDAP](https://github.com/skelsec/msldap) which is now the engine on which bloodyAD is running.
- Thanks to [impacket](https://github.com/fortra/impacket) contributors. [Structures](https://github.com/fortra/impacket/blob/master/impacket/structure.py) and several [LDAP attacks](https://github.com/fortra/impacket/blob/master/impacket/examples/ntlmrelayx/attacks/ldapattack.py) are based on their work.
- Thanks to [@PowerShellMafia](https://github.com/PowerShellMafia) team ([PowerView.ps1](https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1)) and their work on AD which inspired this tool.
- Thanks to [@dirkjanm](https://github.com/dirkjanm) ([adidnsdump.py](https://github.com/dirkjanm/adidnsdump)) and ([@Kevin-Robertson](https://github.com/Kevin-Robertson))([Invoke-DNSUpdate.ps1](https://github.com/Kevin-Robertson/Powermad/blob/master/Invoke-DNSUpdate.ps1)) for their work on AD DNS which inspired DNS functionnalities.
- Thanks to [@p0dalirius](https://github.com/p0dalirius/) and his [pydsinternals](https://github.com/p0dalirius/pydsinternals) module which helped to build the shadow credential attack