Skip to main content

Copy the properties and groups of a user or computer from neo4j (bloodhound) to create an identical golden ticket.

Project description

GoldenCopy

You encounter limitations with your golden tickets (DACLs, detection)? GoldenCopy retrieves all the information (ID, groups, etc) of a specific user in a neo4j database (bloodhound) and prepares the mimikatz/ticketer command to impersonate his permissions.

Installation

GoldenCopy works with python >= 3.6

Using pip

python3 -m pip install GoldenCopy

PyPi repository: https://pypi.org/project/GoldenCopy/

From source

git clone https://github.com/Dramelac/GoldenCopy.git
cd GoldenCopy
python3 setup.py install

Examples

  • Impersonating 'john@domain.local' using default localhost neo4j (neo4j/exegol4thewin) database:
goldencopy john@domain.local
  • Impersonating 'DC1' computer using default database connection:
goldencopy 'DC1$'
  • Custom neo4j DB:
goldencopy -b neo4j.server.local -u neo4juser -p neo4jpass john@domain.local
  • Adding stealth mode:
goldencopy -b bolt://neo4j.server.local:7687 -u neo4juser -p neo4jpass -s john@domain.local
  • Using specific tools:
goldencopy -t mimikatz john@domain.local
goldencopy -t ticketer john@domain.local

Usages

usage: goldencopy.py [-h] [-v] [-b BOLT] [-u USERNAME] [-p PASSWORD]
                     [-t {mimikatz,ticketer,all}] [-s] [-k KRBTGT] [-g GROUPS]
                     [--sid SID] [-c CUSTOM]
                     target_user

GoldenCopy - Copy the properties and groups of a user from neo4j to create an
identical golden ticket

positional arguments:
  target_user           Target user to copy (format: <username>[@<domain>])

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbose         Enable verbose logging

Neo4j connection configuration:
  -b BOLT, --bolt BOLT  Neo4j bolt connexion (default: bolt://127.0.0.1:7687)
  -u USERNAME, --username USERNAME
                        Neo4j username (default : neo4j)
  -p PASSWORD, --password PASSWORD
                        Neo4j password (default : exegol4thewin)

Ticket configuration:
  -t {mimikatz,ticketer,all}, --tools {mimikatz,ticketer,all}
                        Ticket creation tools (default : all)
  -s, --stealth         Stealth mode (default : disable)
  -k KRBTGT, --krbtgt KRBTGT
                        KRBTGT RC4,AES Key

Advanced ticket configuration:
  -g GROUPS, --groups GROUPS
                        Manually add extra group ids (can be separated by
                        commas)
  --sid SID             Manually add extra sids (SID history) (can be
                        separated by commas)
  -c CUSTOM, --custom CUSTOM
                        Custom options

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

goldencopy-1.6.tar.gz (19.0 kB view details)

Uploaded Source

File details

Details for the file goldencopy-1.6.tar.gz.

File metadata

  • Download URL: goldencopy-1.6.tar.gz
  • Upload date:
  • Size: 19.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.0.0 CPython/3.12.3

File hashes

Hashes for goldencopy-1.6.tar.gz
Algorithm Hash digest
SHA256 33113256a4e514b52e98e8e250e9cb614db42afdb285bd3b1ba9307d8256969b
MD5 9641ddab79aa531829041b5f65c295dd
BLAKE2b-256 c6f29307ed8f33b1765b66fbd634243511eb58457a7c3427e39230a7abcd5231

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page