Badministration - Tool Which Interfaces Alongside Direction Or Direction Applications From An Offensive Standpoint
BADministration is a tool which interfaces amongst management or direction applications from an offensive standpoint. It attempts to render offsec personnel a tool amongst the might to lay in addition to leverage these non-technical vulnerabilities. As always: role for good, promote security, in addition to deal application propagation.
Sorry for using python2.7, I establish a lot of the vendor APIs would only run on 2.7 in addition to I'm non experienced plenty to mix in addition to jibe python versions.
Application Propagation
In my opinion, nosotros ofttimes create a fantastic task of network sectionalization in addition to we're starting to grab on amongst domain segmentation; however, i expanse I ofttimes run across us autumn downward is application segmentation. Application sectionalization is like to network sectionalization inwards that we're trying to cut the exposure of a critical zone from a less trusted zone if it were to larn exploited. Administration applications ofttimes convey privileged access to all its clients, if an assailant lands on that direction application in that place is a expert direct chances all the clients tin larn exploited equally well. Application sectionalization tries to ensure that server-to-client relationships don't cross whatever trust boundaries. For example, if your admin network is trust degree 100 in addition to it's administered past times your NMS server, your NMS server should hold upwards considered trust degree 100.
References
- https://www.codeproject.com/Articles/716227/Csharp-How-to-Scan-a-Process-Memory
- /search?q=powershell-live-memory-analysis-tools
- https://stackoverflow.com/questions/46440950/require-and-option-only-if-a-choice-is-made-when-using-click/46662521
Installation
There volition hold upwards a collection of python scripts, exes, in addition to who knows what; for the primal python module it's pretty simple
pip install -r requirements.txt
Current Modules
Solarwinds Orion
- solarwinds-enum - Module used to enumerate clients of Orion
- solarwinds-listalerts - Lists Orion alerts in addition to draws attending to malicious BADministration alerts
- solarwinds-alertremove - Removes the malicious alert
- solarwinds-syscmd - Executes a organization ascendance on the Orion server via malicious alert
- Standalone x64 4.5 .NET BADministration_SWDump.exe - Scrapes memory for WMI credentials used past times Orion.
- Can swallow large amounts of memory, role at your ain risk
- Compile me equally x64
Check us out at