Just a wrapper, scans for a breach in Active Directory to gain access to your first shell.
Very useful for CTF's, this is a nice tool before BloodHound ingestor.
Could be use for internal audit with these options: --internal -i eth0
git clone https://github.com/moloch54/b4blood
sudo python3 b4blood/setup.py
Download NOT THE LATEST VERSION of Kerbrute for your computer (amd64 or 386 CPU):
https://github.com/ropnop/kerbrute/releases
Rename it to "kerbrute"
cd ~/Downloads
sudo cp kerbrute /usr/bin
sudo chmod +x /usr/bin/kerbrute
:warning: WARNING |
---|
rockyou.txt must be in /usr/share/wordlists/rockyou.txt |
xato-net-10-million-usernames must be in /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt |
:warning: WARNING2 |
---|
If Impacket is already installed, you need to specifie line 12 in /usr/bin/b4blood YOUR own path for impacket/examples: |
path_impacket="/opt/impacket/examples" |
USAGE:
First make a folder, a lot of logs will be written.
mkdir myfolder; cd myfolder
b4blood --ip 192.168.0.45
b4blood --ip 192.168.0.0/24
b4blood --ip 192.168.0.* -U users.txt -P passwd.txt
b4blood --internal -i eth0
Scans the DC, time sync for Kerberos
Scans for SMB vulns
Kerbrutes users/passwords, you can provide your own users list (-U my_userslist.txt) and/or your password list (-P passlist.txt)
Checks for AS-REP roasting and launches rockyou.txt against the hash
Dumps AD
Scans recursively SMB/NFS shares and dumps juicy files (could be long, --nsd to skip this part)
Scans for .xml GPP files in SYSVOL and extracts passwords
Scans for remote connections
Scans for Kerberoastable accounts
Add your new creds to all_creds.txt and relaunch b4blood