Copy the properties and groups of a user or computer from neo4j (bloodhound) to create an identical golden ticket.

These details have not been verified by PyPI

Project links

Project description

GoldenCopy

You encounter limitations with your golden tickets (DACLs, detection)? GoldenCopy retrieves all the information (ID, groups, etc) of a specific user in a neo4j database (bloodhound) and prepares the mimikatz/ticketer command to impersonate his permissions.

Installation

GoldenCopy works with python >= 3.6

Using pip

python3 -m pip install GoldenCopy

PyPi repository: https://pypi.org/project/GoldenCopy/

From source

git clone https://github.com/Dramelac/GoldenCopy.git
cd GoldenCopy
python3 setup.py install

Examples

Impersonating 'john@domain.local' using default localhost neo4j (neo4j/exegol4thewin) database:

goldencopy john@domain.local

Impersonating 'DC1' computer using default database connection:

goldencopy 'DC1$'

Custom neo4j DB:

goldencopy -b neo4j.server.local -u neo4juser -p neo4jpass john@domain.local

Adding stealth mode:

goldencopy -b bolt://neo4j.server.local:7687 -u neo4juser -p neo4jpass -s john@domain.local

Using specific tools:

goldencopy -t mimikatz john@domain.local

goldencopy -t ticketer john@domain.local

Usages

usage: goldencopy.py [-h] [-v] [-b BOLT] [-u USERNAME] [-p PASSWORD]
                     [-t {mimikatz,ticketer,all}] [-s] [-k KRBTGT] [-g GROUPS]
                     [--sid SID] [-c CUSTOM]
                     target_user

GoldenCopy - Copy the properties and groups of a user from neo4j to create an
identical golden ticket

positional arguments:
  target_user           Target user to copy (format: <username>[@<domain>])

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Enable verbose logging

Neo4j connection configuration:
  -b BOLT, --bolt BOLT  Neo4j bolt connexion (default: bolt://127.0.0.1:7687)
  -u USERNAME, --username USERNAME
                        Neo4j username (default : neo4j)
  -p PASSWORD, --password PASSWORD
                        Neo4j password (default : exegol4thewin)

Ticket configuration:
  -t {mimikatz,ticketer,all}, --tools {mimikatz,ticketer,all}
                        Ticket creation tools (default : all)
  -s, --stealth         Stealth mode (default : disable)
  -k KRBTGT, --krbtgt KRBTGT
                        KRBTGT RC4,AES Key

Advanced ticket configuration:
  -g GROUPS, --groups GROUPS
                        Manually add extra group ids (can be separated by
                        commas)
  --sid SID             Manually add extra sids (SID history) (can be
                        separated by commas)
  -c CUSTOM, --custom CUSTOM
                        Custom options

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

This version

1.6

May 6, 2024

1.3.4

Sep 6, 2022

1.3.3

Aug 30, 2022

1.3 yanked

Aug 23, 2022

1.2 yanked

Aug 23, 2022

1.1

Feb 25, 2022

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

goldencopy-1.6.tar.gz (19.0 kB view details)

Uploaded May 6, 2024 Source

File details

Details for the file goldencopy-1.6.tar.gz.

File metadata

Download URL: goldencopy-1.6.tar.gz
Upload date: May 6, 2024
Size: 19.0 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/5.0.0 CPython/3.12.3

File hashes

Hashes for goldencopy-1.6.tar.gz
Algorithm	Hash digest
SHA256	`33113256a4e514b52e98e8e250e9cb614db42afdb285bd3b1ba9307d8256969b`
MD5	`9641ddab79aa531829041b5f65c295dd`
BLAKE2b-256	`c6f29307ed8f33b1765b66fbd634243511eb58457a7c3427e39230a7abcd5231`