CQR Lib

Whisker

A C# utility called Whisker is intended to hijack ActiveDirectory user and machine accounts by changing the DS-KeyCredentialLink property. The target account now has "ShadowCredentials" in effect. The environment must have a Domain Controller running Windows Server 2016 or later for this tool to work properly, and the Domain Controller must have a server authentication certificate to permit PKINIT Kerberos authentication.

Whisker is a C# tool created for gaining control over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute. This manipulation effectively adds "ShadowCredentials" to the target account. It's crucial to note that the success of this tool depends on the specific environment having a Domain Controller running at least Windows Server 2016 and that the Domain Controller must be configured with a server authentication certificate to enable PKINIT Kerberos authentication. Whisker can be used for certain security assessments, but it should be used responsibly and with proper authorization.

Usage

Adding a new value to the msDS-KeyCredentialLink attribute:

Example:

Removing a value from the msDS-KeyCredentialLink attribute:

Example:

Clearing all values of the msDS-KeyCredentialLink attribute:

Example:

Warning: Clearing the msDS-KeyCredentialLink attribute ofaccounts configured for passwordless authentication will cause disruptions.

Listing all values of the msDS-KeyCredentialLink attribute:

Example:

‍

Whisker

Usage

Navigation

Services by CQR

Related Posts

OSINT Recon: what is open source inteligence

Explore Tools Categories

🔎

Osint

🎩

Brute-force

🥷

Active directory

📵

Wireless security

🌩️

Cloud Security

🧩

Network assessment

🕸️

Web vulnerability detection

📶

Wireless Attacks

📝

Information Gathering Tools

💫

Vulnerability Analysis

⚗️

Forensics Tools

👓

Sniffing & Spoofing

⚠️

Stress Testing