Closed jsdhasfedssad closed 2 years ago
You can already exploit those edges manually using bloodyAD. You can write SPNs using the 'setAttribute' function.
I could however add AddSelf
and later AddKeyCredentialLink
in autobloody. I will let this issue opened to remember.
The problem for AddKeyCredentialLink
as you experienced, is that you need a Windows 2016 functional level and a DC with a certificate for pkinit and Sharphound doesn't check those conditions.
Thanks. Could you write an example on how to write an SPN? Also, are you saying that "AddSelf" will not work using bloodyAD.py or that it already can be used using the "addObjectToGroup" function in bloodyAD.py?
I think something like this should work:
python bloodyAD.py -u john.doe -d bloody -p Password512! --host 192.168.10.2 setAttribute 'computer1$' servicePrincipalName ["HTTP/www.contoso.com","TERMSRV/FRONTRM.contoso.com"]
Be aware that it will not keep the old values so if you want to keep it use getObjectAttributes
first and note the SPN value
Can I use a URL with this...appears to be a great tool
Could you be more explicit? I don't understand your question.
Hi,
Bloodhound 4.1 was released yesterday. With that came three new edges. "AddKeyCredentialLink", "AddSelf" and "WriteSPN". See the slidedeck for more info.
You already support "AddKeyCredentialLink" (shadow credentials) but does your tool work when only the edge "AddKeyCredentialLink" and not "GenericWrite" or "GenericAll" is available? The same goes for "WriteSPN". At least you used to be able to write SPNs.
Will you support the new edges?