nanodump
handleKatz
--laps
to exec code on all machines even if laps is usedMS17-010
MachineAccountQuota.py
to retrieves the MachineAccountQuota domain-level attribute related to the current user @p0daliriusget-desc-users
Get the description of each users and search for password in the description @nodauf--groups
--users
--continue-on-success
--amsi-bypass
to bypass AMSI with your own custom codeEXCLUDE_EXTS EXCLUDE_DIR
on spider_plus module--pass-pol
for Maximum password age--amsi-bypass
to bypass AMSI with your own custom code --groups
--users
--continue-on-success
--pass-pol
for Maximum password agespider
optionEXT
and DIR
to EXCLUDE_EXTS
EXCLUDE_DIRon
spider_plus module--kerberoasting
--asreproasting
--admin-count
thanks to @ropnop talk--trusted-for-delegation
thanks to @ropnop talk--continue-on-success
to the SSH protocolNT_STATUS_LOGON_FAILURE
-H
--continue-on-success
cme smb <file> -u <file> -p <file>
--verbose
flag on --pass-poll
option-x
and -X
--put-file
and --get-file
have been added allowing to put or get remote file--no-bruteforce
has been added allowing you to spray credentials without bruteforceGPP_PASSWORD
and GPP_AUTOLOGIN
should be fixedwireless
has been added to CMEbh_owned
has been added by @Hackndo allowing to send credentials from CME to bloodhound to mark a computer as owned 🐩