Copy the properties and groups of a user from neo4j (bloodhound) to create an identical golden ticket.
Project description
GoldenCopy
You encounter limitations with your golden tickets (DACLs, detection)? GoldenCopy retrieves all the information (ID, groups, etc) of a specific user in a neo4j database (bloodhound) and prepares the mimikatz/ticketer command to impersonate his permissions.
Installation
GoldenCopy works with python >= 3.6
Using pip
python3 -m pip install GoldenCopy
From source
git clone https://github.com/Dramelac/GoldenCopy.git
cd GoldenCopy
python3 setup.py install
Examples
- Impersonating 'john@domain.local' using default localhost neo4j (neo4j/exegol4thewin) database:
goldencopy.py john@domain.local
- Custom neo4j DB:
goldencopy.py -b neo4j.server.local -u neo4juser -p neo4jpass john@domain.local
- Adding stealth mode:
goldencopy.py -b bolt://neo4j.server.local:7687 -u neo4juser -p neo4jpass -s john@domain.local
- Using specific tools:
goldencopy.py -t mimikatz john@domain.local
goldencopy.py -t ticketer john@domain.local
Usages
usage: goldencopy.py [-h] [-v] [-b BOLT] [-u USERNAME] [-p PASSWORD]
[-t {mimikatz,ticketer,all}] [-s] [-k KRBTGT] [-g GROUPS]
[--sid SID] [-c CUSTOM]
target_user
GoldenCopy - Copy the properties and groups of a user from neo4j to create an
identical golden ticket
positional arguments:
target_user Target user to copy (format: <username>[@<domain>])
optional arguments:
-h, --help show this help message and exit
-v, --verbose Enable verbose logging
Neo4j connection configuration:
-b BOLT, --bolt BOLT Neo4j bolt connexion (default: bolt://127.0.0.1:7687)
-u USERNAME, --username USERNAME
Neo4j username (default : neo4j)
-p PASSWORD, --password PASSWORD
Neo4j password (default : exegol4thewin)
Ticket configuration:
-t {mimikatz,ticketer,all}, --tools {mimikatz,ticketer,all}
Ticket creation tools (default : all)
-s, --stealth Stealth mode (default : disable)
-k KRBTGT, --krbtgt KRBTGT
KRBTGT RC4,AES Key
Advanced ticket configuration:
-g GROUPS, --groups GROUPS
Manually add extra group ids (can be separated by
commas)
--sid SID Manually add extra sids (SID history) (can be
separated by commas)
-c CUSTOM, --custom CUSTOM
Custom options
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file GoldenCopy-1.1.tar.gz.
File metadata
- Download URL: GoldenCopy-1.1.tar.gz
- Upload date:
- Size: 18.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.26.0 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
62a646104feb7f80dae5e984efa047fa8214b52613b3376e5483fda2fd0e138c
|
|
| MD5 |
6500ed9f02f676af53e72fbfca808a4d
|
|
| BLAKE2b-256 |
ebb7727fd97e57659cc9000c5955054cb5d35e4c9b66ccb763f3fd6b17157148
|
File details
Details for the file GoldenCopy-1.1-py3-none-any.whl.
File metadata
- Download URL: GoldenCopy-1.1-py3-none-any.whl
- Upload date:
- Size: 17.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/32.0 requests/2.26.0 requests-toolbelt/0.9.1 urllib3/1.26.8 tqdm/4.62.3 importlib-metadata/4.11.1 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
84196652014c41740776757e7952b51f560341c970f46d215459e89b66e5e073
|
|
| MD5 |
68fb20594308164750230292108e7836
|
|
| BLAKE2b-256 |
a05760402f2a01e02c83a7d0f4d0de6fc64f20ac92c191b2805367a40e714b1f
|
