However, the overall process followed is still manual and time consuming. Even where tools exist, the orchestration from one to the next is manual. The time required both detracts from potentially more dangerous attacks that may be specific to the organisation under assessment, as well as limits those who know of their organisation’s vulnerabilities to those with offensive security skills or willing to pay for an assessment. Observing this, we decided to construct a framework for automating such activities. This framework orchestrates the industries currently favoured tools to get DA on internal networks.
The goal for the project is to get Domain Admin rights as quickly as possible, so that analysts can start an internal assessment as a privileged user, rather than finishing as one. This will allow analysts to spend time on engagements emulating real life hacking scenarios, such as going after business critical applications, while still comprehensively assessing the internal network. Combining the software vulnerabilities, as well as a realistic idea of how people with malicious or criminal intent might reach them, will provide organisations the information they need to actually improve their defensive posture.
For Arsenal, several updates have been made and will be released:
Detailed scope definition and proportionality limits
Support for adding hosts/ranges during runtime
Domain pivot tables – a list of which credentials worked where and which users are in which groups
Detailed filtering and full-text searching across tool-run logs
One click RDP to hosts with confirmed credentials
SQL Server discovery
Basic password cracking when hashes are pulled
git clone http://ift.tt/2u2YVeX
The post autoDANE: Automatic Domain Admin & Network Exploitation appeared first on Penetration Testing.