Easily Find Domain Controllers – More Active Directory Kung-Fu

Following on from the previous Active Directory Kung-Fu post, I thought I would add a few more things that could be useful on a Pentest.

The tools used are not installed on a standard XP build and will have to be downloaded from Microsoft and installed.

First off get the 2 new tools, AdminPack and Group Policy Management.

http://www.microsoft.com/en-us/download/details.aspx?id=16770 – Admin Pack for XP

http://www.microsoft.com/en-us/download/details.aspx?id=21895 – Group Policy Management for XP

Extract and install the Admin Pack and install gpmc.msi

Once these 2 tools are installed you will find that there are new gui tools.

Continue reading

Metasploit POST Module – Interesting Documents Finder

I wrote this metasploit post module to search and download files from compromised hosts.

Initial credit to @3vilJohn whose module inspired this. http://johnbabio.wordpress.com

It searches open Metasploit SESSIONS for file types Word, Excel, Pdf and user specified types.

It can enumerate and search specified drives too using a bit of Railgun Kung-Fu from Mubix, aka http://www.room362.com

You can set the dump location for the downloaded files and even attempt to elevate privileges with a Get_System function, useful for when you’re in as a un priv user.

Here’s some screenshots of it in action,

Continue reading