knowsmore: A swiss army knife tool for pentesting Microsoft Active Directory

by ddos ·

Knows More

KnowsMore is a swiss army knife tool for pentesting Microsoft Active Directory (NTLM Hashes, BloodHound, NTDS and DCSync).

pentesting Microsoft Active Directory

Main features

  •  Import NTLM Hashes from .ntds output txt file (generated by CrackMapExec or secretsdump.py)
  •  Import NTLM Hashes from NTDS.dit and SYSTEM
  •  Import Cracked NTLM hashes from hashcat output file
  •  Import BloodHound ZIP or JSON file
  •  BloodHound importer (import JSON to Neo4J without BloodHound UI)
  •  Analyse the quality of password (length , lower case, upper case, digit, special and latin)
  •  Analyse similarity of password with company and user name
  •  Search for users, passwords and hashes
  •  Export all cracked credentials direct to BloodHound Neo4j Database as ‘owned object’
  •  Other amazing features…

Execution Flow

There is no an obligation order to import data, but to get better correlation data we suggest the following execution flow:

  1. Create database file
  2. Import BloodHound files
    1. Domains
    2. GPOs
    3. OUs
    4. Groups
    5. Computers
    6. Users
  3. Import NTDS file
  4. Import cracked hashes

Install & Use

Tags: Microsoft Active Directory