View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007937||Kali Linux||[All Projects] Queued Tool Addition||public||2022-09-22 06:41||2022-12-08 11:28|
|Reporter||Processus Thief||Assigned To|
|Target Version||Fixed in Version|
|Summary||0007937: HEKATOMB - helps with post-exploitation on Active-Directory environment.|
|Description||HEKATOMB is a python tool that helps with post-exploitation on Active-Directory environment.|
The tool permits to connect to LDAP directory to retrieve all computers and users informations. then it will download all DPAPI blob of all users from all computers.
Finally, it will extract domain controller private key through RPC and uses it to decrypt all credentials.
If you want more info, here is the repo link :
The tool is already referenced on the the book.hacktricks.xyz GitHub repo of Carlos Polop and on the PayloadsAllTheThings GitHub repo of Swissky.
|Steps To Reproduce||For installation, just clone the repo and install requirements :|
git clone https://github.com/Processus-Thief/HEKATOMB
pip3 install -r requirements.txt
|Additional Information||If you have any questions you can ask me : firstname.lastname@example.org|
@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging
|@g0tm1k For packaging the tool, you can use the pip integration, it should help : https://pypi.org/project/hekatomb|
I see that Kali 2022.4 was just released and Hekatomb is not added in it, do I have to do something else ?
|2022-09-22 06:41||Processus Thief||New Issue|
|2022-09-30 13:55||g0tmi1k||Status||new => acknowledged|
|2022-09-30 13:55||g0tmi1k||Category||New Tool Requests => Queued Tool Addition|
|2022-09-30 13:55||g0tmi1k||Summary||Add HEKATOMB tool to Kali Linux => HEKATOMB - helps with post-exploitation on Active-Directory environment.|
|2022-09-30 13:56||g0tmi1k||Note Added: 0016862|
|2022-10-04 12:23||Processus Thief||Note Added: 0016911|
|2022-12-08 11:28||Processus Thief||Note Added: 0017226|