ActiveReign – A Community Enumeration And Assault Toolset

Some time again I used to be challenged to jot down a discovery ^( device with Python3 that would automate the method of discovering delicate knowledge ^( on community record stocks. After writing all of the device with pysmb, and including options reminiscent of the power to open and scan docx an xlsx information, I slowly began including capability from the superior Impacket ^( library; simply easy options I sought after to look in an inside penetration checking out ^( device. The extra I added, the extra it gave the impression of a Python3 rewrite of CrackMapExec ^( made from scratch.
If you’re doing an instantaneous comparability, CME ^( is a terrific device that has far more options than lately enforce right here. On the other hand, I added a couple of changes that can turn out to be useful all over an evaluation.
wiki ^(

Operational Modes

  • db – Question or insert values in to the ActiveReign database
  • enum – Device enumeration ^( & module execution
  • shell – Spawn an emulated shell on a goal gadget
  • spray – Area password spraying and brute pressure
  • question – Carry out LDAP queries at the area

Key Options

  • Mechanically extract area knowledge by the use of LDAP and incorporate into community enumeration.
  • Carry out Area password spraying the usage of LDAP to take away customers as regards to lockout thresholds.
  • Native and far flung command execution, to be used on more than one beginning issues right through the community.
  • Emulated interactive shell on track gadget
  • Information discovery in a position to scanning ^( xlsx and docx information.
  • Quite a lot of modules so as to add and lengthen functions.

There have been many supposed and accidental members that made this challenge conceivable. If I’m lacking any, I make an apology, it used to be by no means intentional. Be at liberty to touch me and we will be sure they get the credit score they deserve ASAP!

  • @byt3bl33d3r ^( ^(
  • @SecureAuthCorp ^( ^(
  • @the-useless-one ^( ^(
  • @dirkjanm ^( ^(

Ultimate Ideas
Scripting this device and checking out on quite a lot of networks/programs has taught me that execution means issues, and relies on the configuration of the gadget. If a selected module or function does now not paintings, decide whether it is if truth be told this system, goal gadget, configuration, and even community placement earlier than growing a subject matter.
To assist this investigation procedure, I’ve created a test_execution module to run towards a gadget with identified admin privileges. This may occasionally cycle thru all all execution strategies and supply a standing report back to decide the most productive means to make use of:

$ activereign enum -u administrator -p password --local-auth -M test_execution
[*] Lockout Tracker The use of default lockout threshold: 3
[*] Enum Authentication administrator (Password: p****) (Hash: False)
[+] WIN-T460 ENUM Home windows 7 Final 7601 Provider Pack 1 (Area: ) (Signing: False) (SMBv1: True) (Adm!n)
[*] WIN-T460 TEST_EXECUTION Execution Means: WMIEXEC Fileless: SUCCESS Far flung (Defualt): SUCCESS
[*] WIN-T460 TEST_EXECUTION Execution Means: SMBEXEC Fileless: SUCCESS Far flung (Defualt): SUCCESS
Obtain ActiveReign ^(