Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths.
It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path.
Features of Aclpwn.Py Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.Py currently has the following features:
- Direct integration with BloodHound and the Neo4j graph database (fast pathfinding)
- Supports any reversible ACL based attack chain (no support for resetting user passwords right now)
- Advanced pathfinding (Dijkstra) to find the most efficient paths
- Support for exploitation with NTLM hashes (pass-the-hash)
- Saves restore state, easy rollback of changes
- Can be run via a SOCKS tunnel
- Written in Python (2.7 and 3.5+), so OS independent
Installation of Aclpwn.py ACL Based Privilege Escalation
Aclpwn.py is compatible with both Python 2.7 and 3.5+. It requires the
ldap3 libraries. You can install aclpwn.py via pip:
pip install aclpwn. For Python 3, you will need the
python36 branch of impacket since the master branch (and versions published on PyPI) are Python 2 only at this point.
This tool does not exploit any vulnerabilities, but relies on misconfigured (often because of delegated privileges) or insecure default ACLs. To solve these issues, it is important to identify potentially dangerous ACLs in your Active Directory environment with BloodHound. For detection, Windows Event Logs can be used.
You can download Aclpwn.py here:
Or read more here.
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands and you have a vulnerable environment.
Features of Vulhub Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub contains many frameworks, databases, applications, programming languages and more such as:
And many, many more.
To use Vulhub Pre-Built Vulnerable Docker Environments For Learning To Hack
Install the docker/docker-compose on Ubuntu 20.04:
# Install pip
curl -s https://bootstrap.pypa.io/get-pip.py | python3
# Install the latest version docker
curl -s https://get.docker.com/ | sh
# Run docker service
systemctl start docker
# Install docker compose
pip install docker-compose
It is recommended to use a VPS of at least 1GB memory to build a vulnerability environment. The
your-ip mentioned in the documentation refers to the IP address of your VPS. If you are using a virtual machine, it refers to your virtual machine IP, not the IP inside the docker container.
You can download Vulhub by:
# Download project
wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip
# Enter the directory of vulnerability/environment
# Compile environment
# Run environment
docker-compose up -d
Or read more here.
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution. LibInjection is a new open-source C library that detects SQLi using lexical analysis. With little upfront knowledge of what SQLi is, the algorithm has been trained on tens of thousands of real SQLi attacks and hundreds of millions of user inputs taken from a Top 50 website for high precision and accuracy.
In addition, the algorithm categorizes SQLi attacks and provides templates for new attacks or new fuzzing algorithms.
LibInjection currently supports:
- C and C++
- Java (external port)
LibInjection is available for integration into applications, web application firewalls, or porting to other programming languages.
You can download LibInjection here:
Or read more here.
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based operating systems.
Features of Grype Vulnerability Scanner For Container Images & Filesystems
Scan the contents of a container image or filesystem to find known vulnerabilities and find vulnerabilities for major operating system packages in:
- CentOS / Red Hat
Find vulnerabilities for language-specific packages:
- Ruby (Bundler)
- Java (JARs, etc)
- Python (Egg/Wheel)
- Python pip/requirements.txt/setup.py listings
Supports Docker and OCI image formats
Using Grype Vulnerability Scanner For Container Images & Filesystems
To scan for vulnerabilities in an image:
Grype can scan a variety of sources beyond those found in Docker.
# scan a container image archive (from the result of `docker image save ...`, `podman save ...`, or `skopeo copy` commands)
# scan a directory
The output format for Grype is configurable as well:
grype <image> -o <format>
Where the formats available are:
- json: Use this to get as much information out of Grype as possible!
- cyclonedx: An XML report conforming to the CycloneDX 1.2 specification.
- table: A columnar summary (default).
You can download Grype here:
Or read more here.
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs. This will help you to decrease the time to uncover suspicious activity and the tool will make good use of the windows […]
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally – this includes code, commits, wiki pages and more. GitLab Watchman searches GitLab for internally shared projects and looks at: Code Commits Wiki pages Issues Merge requests Milestones For the following data: GCP keys and […]