Monday, August 24, 2020

Goddi (Go Dump Domain Info) - Dumps Active Directory Domain Information



Based on work from Scott Sutherland (@_nullbind), Antti Rantasaari, Eric Gruber (@egru), Will Schroeder (@harmj0y), and the PowerView authors.

Install
Use the executables in the releases section. If you want to build it yourself, make sure that your go environment is setup according to the Go setup doc. The goddi package also uses the below package.
go get gopkg.in/ldap.v2

Windows
Tested on Windows 10 and 8.1 (go1.10 windows/amd64).

Linux
Tested on Kali Linux (go1.10 linux/amd64).
  • umount, mount, and cifs-utils need to be installed for mapping a share for GetGPP
apt-get update
apt-get install -y mount cifs-utils
  • make sure nothing is mounted at /mnt/goddi/
  • make sure to run with sudo

Run
When run, will default to using TLS (tls.Client method) over 636. On Linux, make sure to run with sudo.
  • username: Target user. Required parameter.
  • password: Target user's password. Required parameter.
  • domain: Full domain name. Required parameter.
  • dc: DC to target. Can be either an IP or full hostname. Required parameter.
  • startTLS: Use to StartTLS over 389.
  • unsafe: Use for a plaintext connection.
PS C:\Users\Administrator\Desktop> .\godditest-windows-amd64.exe -username=testuser -password="testpass!" -domain="test.local" -dc="dc.test.local" -unsafe
[i] Begin PLAINTEXT LDAP connection to 'dc.test.local'...
[i] PLAINTEXT LDAP connection to 'dc.test.local' successful...
[i] Begin BIND...
[i] BIND with 'testuser' successful...
[i] Begin dump domain info...
[i] Domain Trusts: 1 found
[i] Domain Controllers: 1 found
[i] Users: 12 found
        [*] Warning: keyword 'pass' found!
        [*] Warning: keyword 'fall' found!
[i] Domain Admins: 4 users found
[i] Enterprise Admins: 1 users found
[i] Forest Admins: 0 users found
[i] Locked Users: 0 found
[i] Disabled Users: 2 found
[i] Groups: 45 found
[i] Domain Sites: 1 found
[i] Domain Subnets: 0 found
[i] Domain Computers: 17 found
[i] Deligated Users: 0 found
[i] Users with passwords not set to expire: 6 found
[i] Machine Accounts with passwords older than 45 days: 18 found
[i] Domain OUs: 8 found
[i] Domain Account Policy found
[i] Domain GPOs: 7 found
[i] FSMO Roles: 3 found
[i] SPNs: 122 found
[i] LAPS passwords: 0 found
[i] GPP enumeration starting. This can take a bit...
[i] GPP passwords: 7 found
[i] CSVs written to 'csv' directory in C:\Users\Administrator\Desktop
[i] Execution took 1.4217256s...
[i] Exiting...

Functionality
StartTLS and TLS (tls.Client func) connections supported. Connections over TLS are default. All output goes to CSVs and are created in /csv/ in the current working directory. Dumps:
  • Domain users. Also searches Description for keywords and prints to a seperate csv ex. "Password" was found in the domain user description.
  • Users in priveleged user groups (DA, EA, FA).
  • Users with passwords not set to expire.
  • User accounts that have been locked or disabled.
  • Machine accounts with passwords older than 45 days.
  • Domain Computers.
  • Domain Controllers.
  • Sites and Subnets.
  • SPNs and includes csv flag if domain admin (a flag to note SPNs that are DAs in the SPN CSV output).
  • Trusted domain relationships.
  • Domain Groups.
  • Domain OUs.
  • Domain Account Policy.
  • Domain deligation users.
  • Domain GPOs.
  • Domain FSMO roles.
  • LAPS passwords.
  • GPP passwords. On Windows, defaults to mapping Q. If used, will try another mapping until success R, S, etc... On Linux, /mnt/goddi is used.


Related articles

  1. Pentest Tools For Mac
  2. Hack Tools 2019
  3. Hacking Tools Windows 10
  4. Tools For Hacker
  5. Free Pentest Tools For Windows
  6. New Hacker Tools
  7. Termux Hacking Tools 2019
  8. Hack Tools For Games
  9. Hack Tools Pc
  10. Pentest Tools For Windows
  11. Hacker Hardware Tools
  12. Hack App
  13. Pentest Tools Download
  14. Pentest Tools Windows
  15. Pentest Tools Bluekeep
  16. Pentest Tools Framework
  17. Hacking Tools For Windows
  18. Tools For Hacker
  19. Hacking Tools For Beginners
  20. Hackers Toolbox
  21. Nsa Hacker Tools
  22. Hack Rom Tools
  23. Pentest Tools Android
  24. Hacking Tools Windows
  25. Hacking Tools Download
  26. Hack Tools
  27. New Hack Tools
  28. Bluetooth Hacking Tools Kali
  29. Blackhat Hacker Tools
  30. Hacking Tools For Windows 7
  31. Pentest Tools Port Scanner
  32. Hacker Tools For Pc
  33. Pentest Tools For Android
  34. Hacking Tools Kit
  35. Best Pentesting Tools 2018
  36. Hacker Tools Free Download
  37. Hacking Apps
  38. Pentest Tools Open Source
  39. Hack Tools Online
  40. Hacker Tools For Pc
  41. Underground Hacker Sites
  42. Hacking Tools Software
  43. Pentest Tools Website
  44. New Hack Tools
  45. Hacking Tools Online
  46. Hack Tools
  47. Pentest Tools Android
  48. Hacker Tools Hardware
  49. Pentest Tools
  50. Hack Tools For Ubuntu
  51. Hacking Tools Github
  52. Hacking Tools For Games
  53. Hack And Tools
  54. Best Hacking Tools 2019
  55. Hacking Tools Github
  56. Hack Tools For Games
  57. Github Hacking Tools
  58. Pentest Tools Url Fuzzer
  59. Hacking Tools For Windows
  60. Hacker Security Tools
  61. Hacker Tools List
  62. Hacker Tools Software
  63. Pentest Reporting Tools
  64. Pentest Tools Free
  65. Best Hacking Tools 2019
  66. New Hack Tools
  67. Hack Tools 2019
  68. How To Install Pentest Tools In Ubuntu
  69. Hacking Tools Online
  70. Ethical Hacker Tools
  71. Hacking Apps
  72. Hacker Tools Github
  73. Black Hat Hacker Tools
  74. Best Hacking Tools 2019
  75. Blackhat Hacker Tools
  76. Hacker Tools
  77. Hacking Tools For Pc
  78. Hacking Tools For Kali Linux
  79. Nsa Hacker Tools
  80. Pentest Tools Website
  81. Termux Hacking Tools 2019
  82. Hacker Security Tools
  83. Termux Hacking Tools 2019
  84. Hacker Tools Online
  85. Hack Tools For Games
  86. Pentest Tools Url Fuzzer
  87. Pentest Tools For Ubuntu
  88. Free Pentest Tools For Windows
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)