0x1 Posted October 30, 2018 Share Posted October 30, 2018 GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application. This is the hidden content, please Sign In or Sign Up GoFetch first loads a path of local admin users and computers generated by BloodHound and converts it to its own attack plan format. Once the attack plan is ready, GoFetch advances towards the destination according to plan step by step, by successively applying remote code execution techniques and compromising credentials with Mimikatz. Watch Invoke-GoFetch in action : GoFetch has two different versions: Chain reaction: Invoke-GoFetch (written in PowerShell to avoid Python installation prereq), implements a recursion that reads the full path, dumps the relevant credentials with Invoke-Mimikatz, and then copy and execute itself using Invoke-PsExec on the next relevant machine guided by the network path. One computer to rule them all: Video of this version demonstrated at BlackHat Europe 2016 : [/media] Python based code , using a technique where one centralized computer is doing the job of connecting to each computer in the path, in the right order, to steal credentials (using Mimikatz), and use them to connect to the next machine in the path. Logic : This is the hidden content, please Sign In or Sign Up Examples Usage to get the credentials along the path: This is the hidden content, please Sign In or Sign Up Usage to get the credentails along the path and execute additional payload on each: This is the hidden content, please Sign In or Sign Up Spurce & Download : This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts