Skip to content
/ adcshunter Public

Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.

78 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

danti1988/adcshunter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
README.md
README.md
 
 
adcshunter.py
adcshunter.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Utilises Impacket-RPCDump and attempts to identify ESC8 from an unauthenticated perspective via rpc named pipes. Once web enrollment has been identified, relay using responder/mitm6 ntlmrelayx/certipy. Input either subnet range, hostname or target file with a mixture.

pip install -r requirements.txt

image

About

Uses rpcdump to locate the ADCS server, and identify if ESC8 is vulnerable from unauthenticated perspective.

Resources

Readme
Activity

Stars

78 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages