Metadata-Version: 2.4
Name: bloodyAD
Version: 2.4.0
Summary: AD Privesc Swiss Army Knife
Project-URL: Homepage, https://github.com/CravateRouge/bloodyAD
Project-URL: Bug Tracker, https://github.com/CravateRouge/bloodyAD/issues
Author-email: CravateRouge <baptiste@cravaterouge.com>
License-File: LICENSE
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Requires-Python: >=3.8
Requires-Dist: asn1crypto==1.5.1
Requires-Dist: badldap>=0.7.0
Requires-Dist: bhopengraph>=1.1.0
Requires-Dist: cryptography==44.0.2
Requires-Dist: kerbad>=0.5.6
Requires-Dist: winacl==0.1.9
Description-Content-Type: text/markdown

> :warning: autobloody has been moved to its own [repo](https://github.com/CravateRouge/autobloody)  

# ![bloodyAD logo](https://repository-images.githubusercontent.com/415977068/9b2fed72-35fb-4faa-a8d3-b120cd3c396f) bloodyAD

`bloodyAD` is an Active Directory privilege escalation swiss army knife

## Description

This tool can perform specific LDAP calls to a domain controller in order to perform AD privesc.

`bloodyAD` supports authentication using cleartext passwords, pass-the-hash, pass-the-ticket or certificates and binds to LDAP services of a domain controller to perform AD privesc.

Exchange of sensitive information without LDAPS is supported.

It is also designed to be used transparently with a SOCKS proxy.


Simple usage:

```ps1
bloodyAD --host 172.16.1.15 -d bloody.local -u jane.doe -p :70016778cb0524c799ac25b439bd6a31 set password john.doe 'Password123!'
```

See the [wiki](https://github.com/CravateRouge/bloodyAD/wiki) for more.

## Support
Like this project? Donations are greatly appreciated :relaxed: [![](https://img.shields.io/static/v1?label=Sponsor&message=%E2%9D%A4&logo=GitHub&color=%23fe8e86)](https://github.com/sponsors/CravateRouge)

Need personalized support? send us an [email](mailto:contact@cravaterouge.com) or check our website [cravaterouge.com](https://cravaterouge.com/?utm_source=bloodyad_readme) to see all our cybersecurity services.

## Acknowledgements
- Thanks to [@skelsec](https://github.com/skelsec) for his amazing libraries especially [MSLDAP](https://github.com/skelsec/msldap) which is now the engine on which bloodyAD is running.
- Thanks to [impacket](https://github.com/fortra/impacket) contributors. [Structures](https://github.com/fortra/impacket/blob/master/impacket/structure.py) and several [LDAP attacks](https://github.com/fortra/impacket/blob/master/impacket/examples/ntlmrelayx/attacks/ldapattack.py) are based on their work.
- Thanks to [@PowerShellMafia](https://github.com/PowerShellMafia) team ([PowerView.ps1](https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1)) and their work on AD which inspired this tool.
- Thanks to [@dirkjanm](https://github.com/dirkjanm) ([adidnsdump.py](https://github.com/dirkjanm/adidnsdump)) and ([@Kevin-Robertson](https://github.com/Kevin-Robertson))([Invoke-DNSUpdate.ps1](https://github.com/Kevin-Robertson/Powermad/blob/master/Invoke-DNSUpdate.ps1)) for their work on AD DNS which inspired DNS functionnalities.
- Thanks to [@p0dalirius](https://github.com/p0dalirius/) and his [pydsinternals](https://github.com/p0dalirius/pydsinternals) module which helped to build the shadow credential attack
