ActiveReign – A Community Enumeration And Assault Toolset

Background
Some time again I used to be challenged to jot down a discovery ^(https://www.kitploit.com/search/label/Discovery) device with Python3 that would automate the method of discovering delicate knowledge ^(https://www.kitploit.com/search/label/Sensitive%20Information) on community record stocks. After writing all of the device with pysmb, and including options reminiscent of the power to open and scan docx an xlsx information, I slowly began including capability from the superior Impacket ^(https://github.com/SecureAuthCorp/impacket) library; simply easy options I sought after to look in an inside penetration checking out ^(https://www.kitploit.com/search/label/Penetration%20Testing) device. The extra I added, the extra it gave the impression of a Python3 rewrite of CrackMapExec ^(https://github.com/byt3bl33d3r/CrackMapExec) made from scratch.
If you’re doing an instantaneous comparability, CME ^(https://github.com/byt3bl33d3r/CrackMapExec) is a terrific device that has far more options than lately enforce right here. On the other hand, I added a couple of changes that can turn out to be useful all over an evaluation.
wiki ^(https://github.com/m8r0wn/ActiveReign/wiki)

Operational Modes

  • db – Question or insert values in to the ActiveReign database
  • enum – Device enumeration ^(https://www.kitploit.com/search/label/Enumeration) & module execution
  • shell – Spawn an emulated shell on a goal gadget
  • spray – Area password spraying and brute pressure
  • question – Carry out LDAP queries at the area

Key Options

  • Mechanically extract area knowledge by the use of LDAP and incorporate into community enumeration.
  • Carry out Area password spraying the usage of LDAP to take away customers as regards to lockout thresholds.
  • Native and far flung command execution, to be used on more than one beginning issues right through the community.
  • Emulated interactive shell on track gadget
  • Information discovery in a position to scanning ^(https://www.kitploit.com/search/label/Scanning) xlsx and docx information.
  • Quite a lot of modules so as to add and lengthen functions.

Acknowledgments
There have been many supposed and accidental members that made this challenge conceivable. If I’m lacking any, I make an apology, it used to be by no means intentional. Be at liberty to touch me and we will be sure they get the credit score they deserve ASAP!

  • @byt3bl33d3r ^(https://github.com/byt3bl33d3r)CrackMapExec ^(https://github.com/byt3bl33d3r/CrackMapExec)
  • @SecureAuthCorp ^(https://github.com/SecureAuthCorp)Impacket ^(https://github.com/SecureAuthCorp/impacket)
  • @the-useless-one ^(https://github.com/the-useless-one)pywerview ^(https://github.com/the-useless-one/pywerview)
  • @dirkjanm ^(https://github.com/dirkjanm)ldapdomaindump ^(https://github.com/dirkjanm/ldapdomaindump)

Ultimate Ideas
Scripting this device and checking out on quite a lot of networks/programs has taught me that execution means issues, and relies on the configuration of the gadget. If a selected module or function does now not paintings, decide whether it is if truth be told this system, goal gadget, configuration, and even community placement earlier than growing a subject matter.
To assist this investigation procedure, I’ve created a test_execution module to run towards a gadget with identified admin privileges. This may occasionally cycle thru all all execution strategies and supply a standing report back to decide the most productive means to make use of:

$ activereign enum -u administrator -p password --local-auth -M test_execution 192.168.3.20
[*] Lockout Tracker The use of default lockout threshold: 3
[*] Enum Authentication administrator (Password: p****) (Hash: False)
[+] WIN-T460 192.168.3.20 ENUM Home windows 7 Final 7601 Provider Pack 1 (Area: ) (Signing: False) (SMBv1: True) (Adm!n)
[*] WIN-T460 192.168.3.20 TEST_EXECUTION Execution Means: WMIEXEC Fileless: SUCCESS Far flung (Defualt): SUCCESS
[*] WIN-T460 192.168.3.20 TEST_EXECUTION Execution Means: SMBEXEC Fileless: SUCCESS Far flung (Defualt): SUCCESS
Obtain ActiveReign ^(https://github.com/m8r0wn/ActiveReign)