Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fox-it/LDAPFragger

Last synced: 3 months ago
JSON representation

Host: GitHub
URL: https://github.com/fox-it/LDAPFragger
Owner: fox-it
License: mit
Created: 2020-03-19T08:32:38.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2020-03-19T10:13:44.000Z (over 4 years ago)
Last Synced: 2024-05-07T00:35:24.502Z (6 months ago)
Language: C#
Size: 73.2 KB
Stars: 183
Watchers: 11
Forks: 30
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - fox-it/LDAPFragger - (C# #)

README

        # LDAPFragger

LDAPFragger is a Command and Control tool that enables attackers to route Cobalt Strike beacon data over LDAP using user attributes.

For background information, read the release blog: http://blog.fox-it.com/2020/03/19/ldapfragger-command-and-control-over-ldap-attributes

## Dependencies and installation

* Compiled with `.NET 4.0`, but may work with older and newer .NET frameworks as well

## Usage

```

 _     _              __

| |   | |            / _|

| | __| | __ _ _ __ | |_ _ __ __ _  __ _  __ _  ___ _ __

| |/ _` |/ _` | '_ \|  _| '__/ _` |/ _` |/ _` |/ _ \ '__|

| | (_| | (_| | |_) | | | | | (_| | (_| | (_| |  __/ |

|_|\__,_|\__,_| .__/|_| |_|  \__,_|\__, |\__, |\___|_|

              | |                   __/ | __/ |

              |_|                  |___/ |___/

Fox-IT - Rindert Kramer

Usage:

     --cshost:  IP address or hostname of the Cobalt Strike instance

     --csport:  Port of the external C2 interface on the Cobalt Strike server

     -u:        Username to connect to Active Directory

     -p:        Password to connect to Active Directory

     -d:        FQDN of the Active Directory domain

     --ldaps:   Use LDAPS instead of LDAP

     -v:        Verbose output

     -h:        Display  this message

If no AD credentials are provided, integrated AD authentication will be used.

```

Example usage:

![](https://foxitsecurity.files.wordpress.com/2020/03/9.png?w=607) 

From network segment A, run

```

LDAPFragger --cshost  --csport 

LDAPFragger --cshost  --csport  -u  -p  -d 

```

From network segment B, run

```

LDAPFragger 

LDAPFragger -u  -p  -d 

```

LDAPS can be used with the `--LDAPS` flag, however, regular LDAP traffic is encrypted as well. Please do note that the default Cobalt Strike payload will get caught by most AVs.