ADHuntTool is a versatile tool written in C# primarily created for use in Red Team scenarios. This tool is specifically designed for analyzing and collecting information about Active Directory environments. It can be employed as a standalone executable or executed via Cobalt Strike using the execute-assembly command. ADHuntTool enables users to explore various facets of Active Directory to pinpoint potential vulnerabilities and weaknesses within the environment, making it a valuable asset for Red Team activities and security assessments.
Installation
Copy the files ADHuntTool.exe, ADHuntTool64.exe, ADHuntUser.exe, and ADHuntUser.cs to a directory of your choice.
How to Use
The tool provides various commands for conducting ActiveDirectory analysis. Examples of standard commands include:
- ADHuntTool.exe DumpLocalAdmin RingZer0 *optional*computername -produces local administrators inside the domain or on the designated PC.
- ADHuntTool.exe DumpAllUsers RingZer0 - provides data on every user inside the domain.
- ADHuntTool.exe DumpPasswordPolicy Ringzer0,DC=local - the password policy for the given domain is output.
- ADHuntUser.exe username mrun1k0d3r - looks for the given user in Active Directory event logs.
Additional Information
- The tool supports the use of the -verbose parameter for more detailed output.
- The repository likely contains a README.md file with more detailed documentation and usage instructions.
Note
When using commands like DumpCertificateTemplates and DumpPasswordPolicy, it is necessary to specify the full base path. For example, if the domain name is ringzer0.local, the domain should be specified as ringzer0,DC=local.
