autoDANE: Automatic Domain Admin & Network Exploitation – Penetration Testing

autoDANE is a tool to automate the process of mapping and compromising internal networks. It is available at Given the prevalence of Microsoft Active Directory domains as the primary means of managing large corporate networks globally; one of the first goals of any internal penetration test is to get Domain Administrator (DA) level access. In demonstration of how common a goal and practise this is, a plethora of tools and techniques exists to assist with this process, from the initial “in” through to to elevation of privilege and eventually extracting and cracking all domain credentials.

However, the overall process followed is still manual and time consuming. Even where tools exist, the orchestration from one to the next is manual. The time required both detracts from potentially more dangerous attacks that may be specific to the organisation under assessment, as well as limits those who know of their organisation’s vulnerabilities to those with offensive security skills or willing to pay for an assessment. Observing this, we decided to construct a framework for automating such activities. This framework orchestrates the industries currently favoured tools to get DA on internal networks.

The goal for the project is to get Domain Admin rights as quickly as possible, so that analysts can start an internal assessment as a privileged user, rather than finishing as one. This will allow analysts to spend time on engagements emulating real life hacking scenarios, such as going after business critical applications, while still comprehensively assessing the internal network. Combining the software vulnerabilities, as well as a realistic idea of how people with malicious or criminal intent might reach them, will provide organisations the information they need to actually improve their defensive posture.

For Arsenal, several updates have been made and will be released:

Detailed scope definition and proportionality limits

Support for adding hosts/ranges during runtime

Domain pivot tables – a list of which credentials worked where and which users are in which groups

Detailed filtering and full-text searching across tool-run logs

One click RDP to hosts with confirmed credentials

SQL Server discovery

Basic password cracking when hashes are pulled


git clone
cd autoDANE



Source: Github

The post autoDANE: Automatic Domain Admin & Network Exploitation appeared first on Penetration Testing.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s