-
-
Notifications
You must be signed in to change notification settings - Fork 71
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 0691f5a
Showing
46 changed files
with
26,068 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# These are supported funding model platforms | ||
|
||
github: p0dalirius | ||
patreon: Podalirius |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
# Byte-compiled / optimized / DLL files | ||
__pycache__/ | ||
*.py[cod] | ||
*$py.class | ||
|
||
# C extensions | ||
*.so | ||
|
||
# Distribution / packaging | ||
.Python | ||
build/ | ||
develop-eggs/ | ||
dist/ | ||
downloads/ | ||
eggs/ | ||
.eggs/ | ||
.idea/ | ||
lib64/ | ||
parts/ | ||
sdist/ | ||
var/ | ||
wheels/ | ||
pip-wheel-metadata/ | ||
share/python-wheels/ | ||
*.egg-info/ | ||
.installed.cfg | ||
*.egg | ||
MANIFEST | ||
|
||
# PyInstaller | ||
# Usually these files are written by a python script from a template | ||
# before PyInstaller builds the exe, so as to inject date/other infos into it. | ||
*.manifest | ||
*.spec | ||
|
||
# Installer logs | ||
pip-log.txt | ||
pip-delete-this-directory.txt | ||
|
||
# Unit test / coverage reports | ||
htmlcov/ | ||
.tox/ | ||
.nox/ | ||
.coverage | ||
.coverage.* | ||
.cache | ||
nosetests.xml | ||
coverage.xml | ||
*.cover | ||
*.py,cover | ||
.hypothesis/ | ||
.pytest_cache/ | ||
|
||
# Translations | ||
*.mo | ||
*.pot | ||
|
||
# Django stuff: | ||
*.log | ||
local_settings.py | ||
db.sqlite3 | ||
db.sqlite3-journal | ||
|
||
# Flask stuff: | ||
instance/ | ||
.webassets-cache | ||
|
||
# Scrapy stuff: | ||
.scrapy | ||
|
||
# Sphinx documentation | ||
docs/_build/ | ||
|
||
# PyBuilder | ||
target/ | ||
|
||
# Jupyter Notebook | ||
.ipynb_checkpoints | ||
|
||
# IPython | ||
profile_default/ | ||
ipython_config.py | ||
|
||
# pyenv | ||
.python-version | ||
|
||
# pipenv | ||
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. | ||
# However, in case of collaboration, if having platform-specific dependencies or dependencies | ||
# having no cross-platform support, pipenv may install dependencies that don't work, or not | ||
# install all needed dependencies. | ||
#Pipfile.lock | ||
|
||
# PEP 582; used by e.g. github.com/David-OConnor/pyflow | ||
__pypackages__/ | ||
|
||
# Celery stuff | ||
celerybeat-schedule | ||
celerybeat.pid | ||
|
||
# SageMath parsed files | ||
*.sage.py | ||
|
||
# Environments | ||
.env | ||
.venv | ||
env/ | ||
venv/ | ||
ENV/ | ||
env.bak/ | ||
venv.bak/ | ||
|
||
# Spyder project settings | ||
.spyderproject | ||
.spyproject | ||
|
||
# Rope project settings | ||
.ropeproject | ||
|
||
# mkdocs documentation | ||
/site | ||
|
||
# mypy | ||
.mypy_cache/ | ||
.dmypy.json | ||
dmypy.json | ||
|
||
# Pyre type checker | ||
.pyre/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
# LDAP Monitor | ||
|
||
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! | ||
|
||
With this tool you can quickly see if your attack worked and if it changed LDAP attributes of the target object. | ||
|
||
![](./python/imgs/example.png) | ||
|
||
## Features | ||
|
||
| Feature | [Python (.py)](./python/) | [CSharp (.exe)](./csharp/) | [Powershell (.ps1)](./powershell/) | | ||
|---------|--------|--------|------------| | ||
| LDAPS support | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | ||
| Random delay in seconds between queries | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | ||
| Custom delay in seconds between queries | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | ||
| Save output to logfile | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | ||
| Colored or not colored output with `--no-colors` | :heavy_check_mark: | :x: | :x: | | ||
| Custom page size for paged queries | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | ||
| Authenticate with user and password | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | | ||
| Authenticate as current shell user | :x: | :heavy_check_mark: | :heavy_check_mark: | | ||
| Authenticate with LM:NT hashes | :heavy_check_mark: | :x: | :x: | | ||
| Authenticate with kerberos tickets | :heavy_check_mark: | :x: | :x: | | ||
|
||
## Typical usecases | ||
|
||
Here is a few usecases where this tool can be useful: | ||
|
||
- Detect account lockout in real time | ||
![](./.github/lockout.png) | ||
|
||
- Check if your privilege escalation worked (with ntlmrelay's `--escalate-user` option) | ||
![](./.github/) | ||
|
||
- Detect when users are logging in to know when to start a network poisoning. | ||
![](./.github/user_login.png) | ||
|
||
## Cross platform ! | ||
|
||
### [In Python (.py)](./python/) | ||
|
||
![](./python/imgs/example.png) | ||
|
||
### [In CSharp (.exe)](./csharp/) | ||
|
||
![](./csharp/imgs/example.png) | ||
|
||
### [In Powershell (.ps1)](./powershell/) | ||
|
||
![](./powershell/imgs/example.png) | ||
|
||
## Demonstration | ||
|
||
https://user-images.githubusercontent.com/79218792/136900209-d2156d4c-d83d-4227-b51e-999ec99b2314.mp4 | ||
|
||
## Limitations | ||
|
||
LDAP paged queries returns **pageSize** results per page, and it takes approximately 1 second to query a page. Therefore your monitoring refresh rate is **(number of LDAP objects // pageSize)** seconds. On most domain controllers **pageSize = 5000**. | ||
|
||
|
||
## Contributing | ||
|
||
Pull requests are welcome. Feel free to open an issue if you want to add other features. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
# Sharp LDAP Monitor | ||
|
||
Monitor creation, deletion and changes to LDAP objects live during your pentest or system administration! | ||
|
||
With this script you can quickly see if your attack worked and if it changed LDAP attributes of the target object. You can also directly see if you're locking accounts! | ||
|
||
![](./imgs/example.png) | ||
|
||
## Features | ||
|
||
- [x] LDAPS support. | ||
- [x] Random delay in seconds between queries. | ||
- [x] Custom delay in seconds between queries. | ||
- [x] Save output to logfile. | ||
- [x] Custom page size for paged queries. | ||
- [x] Multiple authentication methods: | ||
- with user and password. | ||
- as current shell user | ||
|
||
## Limitations | ||
|
||
LDAP paged queries returns **pageSize** results per page, and it takes approximately 1 second to query a page. Therefore your monitoring refresh rate is **(number of LDAP objects // pageSize)** seconds. On most domain controllers **pageSize = 5000**. | ||
|
||
## Usage | ||
|
||
``` | ||
$ ./ldapmonitor.py -h | ||
usage: ldapmonitor.py [-h] [--use-ldaps] [--debug] [--no-colors] [-l LOGFILE] [-r] [-t TIME_DELAY] [--dc-ip ip address] [-d DOMAIN] [-u USER] | ||
[--no-pass | -p PASSWORD | -H [LMHASH:]NTHASH | --aes-key hex key] [-k] | ||
Monitor LDAP changes live! | ||
optional arguments: | ||
-h, --help show this help message and exit | ||
--use-ldaps Use LDAPS instead of LDAP | ||
--debug Debug mode. | ||
--no-colors No colors mode. | ||
-l LOGFILE, --logfile LOGFILE | ||
Log file to save output to. | ||
-r, --randomize-delay | ||
Randomize delay between two queries, between 1 and 5 seconds. | ||
-t TIME_DELAY, --time-delay TIME_DELAY | ||
Delay between two queries in seconds (default: 1). | ||
authentication & connection: | ||
--dc-ip ip address IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted it will use the domain part (FQDN) | ||
specified in the identity parameter | ||
-d DOMAIN, --domain DOMAIN | ||
(FQDN) domain to authenticate to | ||
-u USER, --user USER user to authenticate with | ||
--no-pass don't ask for password (useful for -k) | ||
-p PASSWORD, --password PASSWORD | ||
password to authenticate with | ||
-H [LMHASH:]NTHASH, --hashes [LMHASH:]NTHASH | ||
NT/LM hashes, format is LMhash:NThash | ||
--aes-key hex key AES key to use for Kerberos Authentication (128 or 256 bits) | ||
-k, --kerberos Use Kerberos authentication. Grabs credentials from .ccache file (KRB5CCNAME) based on target parameters. If valid credentials | ||
cannot be found, it will use the ones specified in the command line | ||
``` | ||
|
||
## Quick start | ||
|
||
- Authenticate with a password: | ||
|
||
``` | ||
./ldapmonitor.py -u 'Administrator' -d 'LAB.local' -p 'Admin123!' --dc-ip 192.168.2.1 | ||
``` | ||
- Authenticate with LM:NT hashes: | ||
``` | ||
./ldapmonitor.py -u 'Administrator' -d 'LAB.local' --dc-ip 192.168.2.1 -H aad3b435b51404eeaad3b435b51404ee:520126a03f5d5a8d836f1c4f34ede7ce | ||
``` | ||
## Demonstration | ||
https://user-images.githubusercontent.com/79218792/136900209-d2156d4c-d83d-4227-b51e-999ec99b2314.mp4 | ||
## Contributing | ||
Pull requests are welcome. Feel free to open an issue if you want to add other features. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
|
||
Microsoft Visual Studio Solution File, Format Version 12.00 | ||
# Visual Studio Version 16 | ||
VisualStudioVersion = 16.0.31729.503 | ||
MinimumVisualStudioVersion = 10.0.40219.1 | ||
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharpLDAPmonitor", "SharpLDAPmonitor\SharpLDAPmonitor.csproj", "{D7F5CCAB-BAC1-4EC1-9F29-0A821FC8CD01}" | ||
EndProject | ||
Global | ||
GlobalSection(SolutionConfigurationPlatforms) = preSolution | ||
Debug|Any CPU = Debug|Any CPU | ||
Release|Any CPU = Release|Any CPU | ||
EndGlobalSection | ||
GlobalSection(ProjectConfigurationPlatforms) = postSolution | ||
{D7F5CCAB-BAC1-4EC1-9F29-0A821FC8CD01}.Debug|Any CPU.ActiveCfg = Debug|Any CPU | ||
{D7F5CCAB-BAC1-4EC1-9F29-0A821FC8CD01}.Debug|Any CPU.Build.0 = Debug|Any CPU | ||
{D7F5CCAB-BAC1-4EC1-9F29-0A821FC8CD01}.Release|Any CPU.ActiveCfg = Release|Any CPU | ||
{D7F5CCAB-BAC1-4EC1-9F29-0A821FC8CD01}.Release|Any CPU.Build.0 = Release|Any CPU | ||
EndGlobalSection | ||
GlobalSection(SolutionProperties) = preSolution | ||
HideSolutionNode = FALSE | ||
EndGlobalSection | ||
GlobalSection(ExtensibilityGlobals) = postSolution | ||
SolutionGuid = {AE84ADC5-94E0-41BC-8E6B-49882F4234B4} | ||
EndGlobalSection | ||
EndGlobal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
<?xml version="1.0" encoding="utf-8" ?> | ||
<configuration> | ||
<startup> | ||
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /> | ||
</startup> | ||
</configuration> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Linq; | ||
using System.Text; | ||
using System.Threading.Tasks; | ||
using System.Diagnostics; | ||
|
||
namespace SharpLDAPMonitor | ||
{ | ||
public static class ArgumentParser | ||
{ | ||
public static ArgumentParserResult Parse(IEnumerable<string> args) | ||
{ | ||
var arguments = new Dictionary<string, string>(); | ||
try | ||
{ | ||
foreach (var argument in args) | ||
{ | ||
var idx = argument.IndexOf(':'); | ||
if (idx > 0) | ||
arguments[argument.Substring(0, idx)] = argument.Substring(idx + 1); | ||
else | ||
arguments[argument] = string.Empty; | ||
} | ||
|
||
return ArgumentParserResult.Success(arguments); | ||
} | ||
catch (System.Exception ex) | ||
{ | ||
Debug.WriteLine(ex.Message); | ||
return ArgumentParserResult.Failure(); | ||
} | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Linq; | ||
using System.Text; | ||
using System.Threading.Tasks; | ||
|
||
namespace SharpLDAPMonitor | ||
{ | ||
public class ArgumentParserResult | ||
{ | ||
public bool ParsedOk { get; } | ||
public Dictionary<string, string> Arguments { get; } | ||
|
||
private ArgumentParserResult(bool parsedOk, Dictionary<string, string> arguments) | ||
{ | ||
ParsedOk = parsedOk; | ||
Arguments = arguments; | ||
} | ||
|
||
public static ArgumentParserResult Success(Dictionary<string, string> arguments) | ||
=> new ArgumentParserResult(true, arguments); | ||
|
||
public static ArgumentParserResult Failure() | ||
=> new ArgumentParserResult(false, null); | ||
|
||
} | ||
} |
3 changes: 3 additions & 0 deletions
3
csharp/SharpLDAPmonitor/ArgumentParserResult.cs:Zone.Identifier:$DATA
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
[ZoneTransfer] | ||
ZoneId=3 | ||
ReferrerUrl=C:\Users\dev\Downloads\SharpLAPS-main.zip |
Oops, something went wrong.