cyberark / aclight Goto Github PK
View Code? Open in Web Editor NEWA script for advanced discovery of Privileged Accounts - includes Shadow Admins
License: BSD 3-Clause "New" or "Revised" License
aclight's People
Contributors
Stargazers
Watchers
Forkers
hechtov thecripple bertmueller18 xee5ch mubix y0d4a dipsec quikilr h1d3r tuian open-sec kylegw atimorin kurtdegreeff ahen0910 moriarty2016 awesome-security christofersimbar cerebralmischief pentestingtools darkquasar mlynchcogent huzzeytech johnjohnsp1 jack51706 zshell shantanu561993 darryllane hapazores sts0mrg0 grayhats tobey123 jymcheong ch4p34un0ir homjxi0e mehrdad-shokri m00zh33 moriata gavz minkione dmi3mis s3cur3th1ssh1t orf53975 ykankaya adrian207 opt9 vaginessa moddingg33k mainframeconsulting mmg1 sgachies java-chugger hbxc0re mickymellon topotam modulexcite r3dfruitrollup balaasif6789 filipesam attackgithub hayoade1 leomatias bantac malyshusness rahmiy pen-tools sasqwatch m4rm0k a-min3 coredamage flywithoutwings imulmul atropineal raystyle killvxk fengjixuchui tzf-omkey splunk-app-and-ta-development agnivesh lastchoice mabangde chineam ksagala jonz-secops nitinsukhija20 5l1v3r1 bcp-infosec-repo laashub-soa c0axx s1ckb0y1337 s0u1sb4n3 dannymas a11en4 epereda17 imendax 3453-315h a7t0fwa7 reposities polling-repo-continua invokethreatguyaclight's Issues
Receiving bellow error during execution (small domain)
“\� : The module '“' could not be loaded. For more information, run 'Import-Module “'.
At C:\Users\jxc11\Downloads\ACLight-master\ACLight-master\ACLight.ps1:250 char:57
-
$NameArray = $_.UpdatedIdentityReference -Split(“\\�) -
~~~~~~~~- CategoryInfo : ObjectNotFound: (“\�:String) [], CommandNotFoundException
- FullyQualifiedErrorId : CouldNotAutoLoadModule
Getting 'The syntax of the command is incorrect.'
Summary
When I execute the .bat file I get
C:\ACLight2>Execute-ACLight2.bat
The syntax of the command is incorrect.
C:\ACLight2><!DOCTYPE html>
The directory contents are
10/14/2021 11:25 AM 1,067,335 ACLight2.ps1
10/14/2021 11:25 AM 148,510 ACLight2.psd1
10/14/2021 11:25 AM 139,894 ACLight2.psm1
10/14/2021 11:25 AM 146,122 Execute-ACLight2.bat
10/14/2021 11:25 AM 152,299 LICENSE.htm
10/14/2021 11:25 AM 153,536 README.md
Steps to Reproduce
Execute-ACLight2.bat from a directory with the same contents.
Expected Results
The account scan should run.
Actual Results
C:\ACLight2>Execute-ACLight2.bat
The syntax of the command is incorrect.
C:\ACLight2><!DOCTYPE `html>`
Reproducible
- [ x] Always
- Sometimes
- Non-Reproducible
Version/Tag number
v 2
Environment setup
Windows on bare metal
Additional Information
Add any other context about the problem here.
Does not detect based on "Reset Password" privilege
Per example 2 on here: https://www.cyberark.com/threat-research-blog/shadow-admins-stealthy-accounts-fear/
The script should be able to detect when an account has the "Reset Password" permission for a domain admin account, but it does not. Small domain (1 DC, 8 computers, 5 users)
HELP!
Sir can you please share technet c2 server script for research purposes please,if it's possible.
Out of Memory
I have a large test lab of over 100,000 users. I ran this on a VM with 8 GB RAM and got the following:
Array dimensions exceeded supported range.
At line:578 char:17
+ $domainUserList += $domainUsers.name
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], OutOfMemoryException
+ FullyQualifiedErrorId : System.OutOfMemoryException`
This was after the CSV was created. and after the following output:
All the processes completed. Now, starting Accounts analysis..
So your tool never finishes as far I can tell. I have left it going for nearly 24 hours now.
search filter is invalid message
I had this warning message:
Scanning ACLs - Layer 4
WARNING: An error occurred while enumerating through a collection: The (&(name=)(distinguishedname=)(|(objectSid=S-1-5-21-915214332-934432599-2099212325-31100)(objectSid=S-1-5-21-915214332-93443259
9-2099212325-31990)(objectSid=))) search filter is invalid.
There were no previous layer warnings or errors.
Error message during "Accounts Analysis"
Get-NetGroupMember : Unable to find Group
At C:\Users\jxc11\Downloads\ACLight-master\ACLight-master\ACLight.ps1:635 char:54
- ... Recursive = Get-NetGroupMember -domain $Domain -Recurse -UseMatchingR ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
- FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-NetGroupMember
Server 2008 PowerShell v5.1 does not work
Summary
For your information:
- The winver is Windows Server 2008 R2 SP1, Ver6.1 (7601). And I've updated the .Net so the PowerShell version now is 5.1.
- The Server 08 is not in the Domain .
What I want to do is to execute the script on a machine that is not in the target domain . So I played a tricky way:
-
Configuring the dns of the server 08 to point to the target DC.
-
Using cmd and execute:
c:> runas /netonly /user:xxx.com\username powershell -
now I have a domain user powershell, then:
PS c:> import-module aclight2.psm1
PS c:> Start-ACLsAnalysis
Unfortunately, I got some error...
And the script was tested successfully on a Windows 10 which is in the domain.
Please check this, Thanks a lot.
Get-NetGroupMember : Unable to find Group
I received the below error
Get-NetGroupMember : Unable to find Group
At D:\Downloads\ACLight-master\ACLight.ps1:635 char:54
- ... Recursive = Get-NetGroupMember -domain $Domain -Recurse -UseMatchingR ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~- CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
- FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-NetGroupMember
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.