NetExec
NetExec copied to clipboard
Pennyw0rth
Add Shadow credentials module !
Description
This PR introduces the shadow-creds module, which leverages modification of the LDAP attribute msDS-CredentialLink on a target user in order to retrieve its authentication PFX certificate.
The module is based on pywhisker by ShutdownRepo (Aka Charlie le king) and comes with options for customizing the PFX password and output directory.
Options
Common errors (examples)
- TARGET is required
- No permissions to modify msDS-KeyCredentialLink on the target (INSUFF_ACCESS_RIGHTS)
- Invalid account in LDAP
Valid examples
- With valid permissions
- Authentication with exported PFX works
- NT_HASH authentication supported
- Custom PFX password
- Custom Outdir
Type of change
Insert an "x" inside the brackets for relevant items (do not delete options)
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [ ] Deprecation of feature or functionality
- [x] This change requires a documentation update
- [x] This requires a new third party (pywhisker)
Setup guide for the review
- MacOS
- Linux
Checklist:
Insert an "x" inside the brackets for completed and relevant items (do not delete options)
- [x] I have ran Ruff against my changes (via poetry:
poetry run python -m ruff check . --preview, use--fixto automatically fix what it can) - [x] I have added or updated the
tests/e2e_commands.txtfile if necessary (new modules or features are required to be added to the e2e tests) - [ ] New and existing e2e tests pass locally with my changes
- [ ] If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [ ] I have made corresponding changes to the documentation (WIP...)
