Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations. Then it will download all DPAPI blob of all users from all computers and uses Domain backup keys to decrypt them.
License: GNU General Public License v3.0
Traceback (most recent call last):
File "/usr/bin/hekatomb", line 33, in
sys.exit(load_entry_point('hekatomb==1.5', 'console_scripts', 'hekatomb')())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/bin/hekatomb", line 25, in importlib_load_entry_point
return next(matches).load()
^^^^^^^^^^^^^^^^^^^^
when i run it it give me error like
File "/usr/lib/python3.11/importlib/metadata/init.py", line 202, in load
module = import_module(match.group('module'))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/importlib/init.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1206, in _gcd_import
File "", line 1178, in _find_and_load
File "", line 1128, in _find_and_load_unlocked
File "", line 241, in _call_with_frames_removed
File "", line 1206, in _gcd_import
File "", line 1178, in _find_and_load
File "", line 1142, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'src'
when i installed it it give me
********************************************************************************
Usage of dash-separated 'description-file' will not be supported in future
versions. Please use the underscore name 'description_file' instead.
By 2023-Sep-26, you need to update your project and remove deprecated calls
or your builds will no longer be supported.
See https://setuptools.pypa.io/en/latest/userguide/declarative_config.html for details.
********************************************************************************
Could you please tag the source? This allows distributions to get the complete source from GitHub if they want.
Makes it also easier to track changes.
Thanks
I think there should be a specific message for when the target is not reachable, different from an "invalid credentials" message
From Kali in workgroup
Testing admin rights...
Admin access granted.
Testing LDAP connection...
Error : Could not connect to ldap with SSL encryption. Trying without SSL encryption...
LDAP connection successfull without encryption.
[+] Retrieving user objects in LDAP directory...
Converting ObjectSID in string SID...
Found about 348 users in LDAP directory.
[+] Retrieving computer objects in LDAP directory...
Found about 121 computers in LDAP directory.
[+] Creating structure folders to store blob and mkf...
[+] Scanning computers list on SMB port ...
It seems that 0 computers are online ...
[+] Connnecting to all computers and try to get dpapi blobs and masteles ...
ZeroDivisionError: float division by zero
OS: Latest Kali
finds ports open with debugmax option, shows successful connection, lists numbers of computers and errors out with:
TypeError: '<' not supported between instances of 'list' and 'int'
Je t'emprunte ton repo pour mon exam de SecOff.
J'espère que tu m'en voudra pas :p
Pour les autres le mdp que vous cherchez est le suivant : Thisisanotherstrongpassword
Keur sur toi Proc <3
Bonjour Proc,
ci-dessous un retour et une limite de ton outil.
Dans un domaine avec des milliers d'utilisateurs, on obtient le message d'erreur suivant :
Testing admin rights...
Admin access granted.
Testing LDAP connection...
LDAP connection successfull without encryption.
Retrieving user objects in LDAP directory...
Error : Could not extract users from ldap.
impacket.ldap.ldap.LDAPSearchError: Error in searchRequest -> sizeLimitExceeded:
Retrieving computer objects in LDAP directory...
Error : Could not extract computers from ldap.
OSError: [Errno 9] Bad file descriptor
Creating structure folders to store blob and mkf...
Connnecting to all computers to test user creds existence...
No MKF have been decrypted.
Blobs will not be decrypted.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.