You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+17-2Lines changed: 17 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,9 +11,24 @@ Get-RBCD-Thread will query all Active Directory users, groups (minus privileged
11
11
## Usage
12
12
Compile in Visual Studio. This uses Parallel.ForEach to spead up searching through the DACL object, so .NET v4 is minimum required.
13
13
14
-
Tested in an environment with 20k+ uses, groups, and computers (over 60k total objects). Get-RBCD-Thread took ~60 seconds to complete. By comparison, my hacked together [PowerView](https://github.com/PowerShellMafia/PowerSploit/tree/dev) commands in this [gist](https://gist.github.com/FatRodzianko/e4cf3efc68a700dca7cedbfd5c05c99f) to perform a similar search ran for several hours and never completed.
14
+
### Options
15
+
-u|-username=, Username to authenticate as
16
+
17
+
-p|-password=, Password for the user
18
+
19
+
-d|-domain=, Fully qualified domain name to authenticate to
20
+
21
+
-s|-searchforest, Discover domains and forests through trust relationships. Enumerate all domains and forests
22
+
23
+
-o|-outputfile=, Output to a CSV file. Provided full path to file and file name.
15
24
16
-
Currently only works if you are authenticated to a domain, and only queries your current domain. I may add functionality later to allow for you to specify the domain to query and to pass your own domain credential.
25
+
-h|-?|-help, Show the help options
26
+
27
+
You can now specify the username, password, and domain to authenticate to. If u/p/d options are blank, Get-RBCD-Threaded will atempt to authenticate to the domain in your current user context.
28
+
29
+
-o will output to a CSV file. Provide the full file path and file name to save the output to.
30
+
31
+
Tested in an environment with 20k+ uses, groups, and computers (over 60k total objects). Get-RBCD-Thread took ~60 seconds to complete. By comparison, my hacked together [PowerView](https://github.com/PowerShellMafia/PowerSploit/tree/dev) commands in this [gist](https://gist.github.com/FatRodzianko/e4cf3efc68a700dca7cedbfd5c05c99f) to perform a similar search ran for several hours and never completed.
17
32
18
33
This tool will not perform the delegation attack for you. You'll need to read Elad Shamir's and harmj0y's blogs to figure out how to do that. This will only help you find possible targets for the RBCD attack.
0 commit comments