You can specify if you want to use Kerberos or NTLM authentication. If you choose Kerberos, the tool will create a sacrificial token and use [Rubeus](https://github.com/GhostPack/Rubeus) to import/ask for the ticket. If NTLM is specified, it tool willcreatethreadsand use [SharpKatz](https://github.com/b4rtik/SharpKatz) torunSetThreadTokenifanNTLMhashisspecified,andifapasswordisspecified,itwillgowithordinaryc# impersonation.
11
+
You can specify if you want to use Kerberos or NTLM authentication. If you choose Kerberos, the tool will create a sacrificial token and use [Rubeus](https://github.com/GhostPack/Rubeus) to import/ask for the ticket. If NTLM is specified, the tool will use [SharpKatz](https://github.com/b4rtik/SharpKatz) `SetThreadToken`or`LogonUser` impersonation.
Can be used to scan for admin accessand accessible Smb shares.
74
+
Can be used to scan for admin access, accessible Smb shares,Smbversionandrelaysigning.
46
75
47
-
Modules;
48
76
````
49
77
/m:shares (Scan enumerated shares for access)
50
78
````
skipped 2 lines
53
81
54
82
The beast. It has built-in Amsi bypass, JEA language breakout, JEA function analysis. Can be used for code execution, scaning for PsRemote access, vulnerable JEA endpoints, and data exfiltration.
55
83
56
-
Modules;
57
-
58
84
````
59
85
/m:exec /a:whoami (Invoke-Command)
60
86
/m:exec /a:C:\beacon.exe /system (Invoke-Command as System)
skipped 8 lines
69
95
70
96
Currently supports domain password spraying and to create a TGT for the current user that can be used with the `/ticket` parameter to get the current context.
71
97
98
+
### Ldap
99
+
100
+
Download necessary data before pw spraying
101
+
102
+
```
103
+
/m:spraydata (Download user and password policy)
104
+
```
105
+
106
+
107
+
72
108
### Example usage
73
109
74
110
For easy or mass in-memory execution of C# assemblies