lefayjey
commented
1 year ago Thanks a lot for your feedback. Well appreciated!
I've added Print nightmare, but won't be adding HiveNightmare and Lazagne since those should be executed locally on the Windows machine, and not remotely. For the collected passwords, most of the pwd_dump uses crackmapexec, so the passwords are already stored in it's database/log.
Regarding the Exchange exploits, that's also a great idea, but I'm not planning on integrating them at the moment. Please feel free to create a pull request with the Exchange checks if you'd like. But I'll close this issue for now.
Thanks !
**This is really a great project, it helped me a lot in the real world, if I am free I am very willing to help you improve and improve this project, here I would like to make a few small suggestions for continued progress.
The first point, you can continue to add more AD domain vulnerability detection in the vuln_checks module, such as HiveNightmare, Printspooler family (Nightmare and Demon) and Exchange server vulnerability detection, which is very important, because in reality Exchange is very high privilege, and easy to to attack and if the attack is successful very easy to threaten the domain controller, so I felt the need to add a check for Exchange vulnerability.(CVE-2018-8581, CVE-2020-0688, CVE-2020-16875, CVE-2021-34473, CVE-2021-26855/CVE-2021-27065, CVE-2022-41040/CVE-2022-41082)
The second point is that I think we can add an automated capture of all tour passwords in the pwd_dump module, which can be combined with LaZagne, which is a great tool, you know, in the actual infiltration of the tour passwords are likely to be a breakthrough!!! So I think it's feasible
Having said that, I hope very much that this tool will get better and better, and thank you very much for your open source spirit, keep moving!!!**