View Issue Details

IDProjectCategoryView StatusLast Update
0007937Kali LinuxQueued Tool Additionpublic2024-06-28 11:43
ReporterProcessus Thief Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status acknowledgedResolutionopen 
Product Version2022.3 
Summary0007937: HEKATOMB - helps with post-exploitation on Active-Directory environment.
Description

HEKATOMB is a python tool that helps with post-exploitation on Active-Directory environment.

The tool permits to connect to LDAP directory to retrieve all computers and users informations. then it will download all DPAPI blob of all users from all computers.
Finally, it will extract domain controller private key through RPC and uses it to decrypt all credentials.

If you want more info, here is the repo link :
https://github.com/Processus-Thief/HEKATOMB

The tool is already referenced on the the book.hacktricks.xyz GitHub repo of Carlos Polop and on the PayloadsAllTheThings GitHub repo of Swissky.

Steps To Reproduce

For installation, just clone the repo and install requirements :

git clone https://github.com/Processus-Thief/HEKATOMB
cd HEKATOMB
pip3 install -r requirements.txt

Additional Information

If you have any questions you can ask me : [email protected]

Activities

g0tmi1k

g0tmi1k

2022-09-30 13:56

administrator   ~0016862

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~ https://www.kali.org/docs/development/public-packaging

Processus Thief

Processus Thief

2022-10-04 12:23

reporter   ~0016911

@g0tm1k For packaging the tool, you can use the pip integration, it should help : https://pypi.org/project/hekatomb

Processus Thief

Processus Thief

2022-12-08 11:28

reporter   ~0017226

Hello
I see that Kali 2022.4 was just released and Hekatomb is not added in it, do I have to do something else ?
Thanks :)

g0tmi1k

g0tmi1k

2023-11-10 10:40

administrator   ~0018616

Hello @Processus Thief,

We can't use pip packages.
It needs to be Debian standard.

Processus Thief

Processus Thief

2023-12-07 13:45

reporter   ~0018693

Hello :)
Here is the debian package, I tested it on a fresh Kali rolling 2023.4 and it works

Arszilla

Arszilla

2024-06-28 11:08

reporter   ~0019490

That is not how you are suppose to prepare the package @Processus Thief. Please refer to:

I've drafted the packaging and it is available for peer review: https://gitlab.com/Arszilla/hekatomb

Processus Thief

Processus Thief

2024-06-28 11:37

reporter   ~0019491

Thanks @Arszilla :) It seems perfect for me, can you build it or do I have to build it myself ?

Arszilla

Arszilla

2024-06-28 11:42

reporter   ~0019492

Last edited: 2024-06-28 11:43

I've attached the binary built based on my packaging. It'd be nice if you can test it, as I had to downgrade pycryptodome to ^3.11 from ^3.15, as per my note in https://gitlab.com/Arszilla/hekatomb/-/blob/kali/master/debian/patches/fix_pycryptodome_version.patch?ref_type=heads

You can easily build it yourself if you clone the repo, checkout all 3 branches (upstream, pristine-tar, and kali/master) - then build it as per the docs.

Issue History

Date Modified Username Field Change
2022-09-22 06:41 Processus Thief New Issue
2022-09-30 13:55 g0tmi1k Status new => acknowledged
2022-09-30 13:55 g0tmi1k Category New Tool Requests => Queued Tool Addition
2022-09-30 13:55 g0tmi1k Summary Add HEKATOMB tool to Kali Linux => HEKATOMB - helps with post-exploitation on Active-Directory environment.
2022-09-30 13:56 g0tmi1k Note Added: 0016862
2022-10-04 12:23 Processus Thief Note Added: 0016911
2022-12-08 11:28 Processus Thief Note Added: 0017226
2023-11-10 10:40 g0tmi1k Note Added: 0018616
2023-12-07 13:45 Processus Thief Note Added: 0018693
2023-12-07 13:45 Processus Thief File Added: python3-hekatomb_1.5-1_all.deb
2024-06-28 11:08 Arszilla Note Added: 0019490
2024-06-28 11:37 Processus Thief Note Added: 0019491
2024-06-28 11:42 Arszilla Note Added: 0019492
2024-06-28 11:42 Arszilla File Added: hekatomb_20240524-0kali1_all.deb
2024-06-28 11:43 Arszilla Note Edited: 0019492