Addition of computer creation and DNS entry features

README.md

@@ -20,12 +20,19 @@ The blog detailing the original research largely from an engineering perspective
 @_logangoins
 github.com/jlevere  
 
-usage: soapy [-h] [--debug] [--ts] [-H nthash] [--users] [--computers] [--groups] [--constrained]
-             [--unconstrained] [--spns] [--asreproastable] [--admins] [--rbcds] [-q query] [-f attr,attr,...]
-             [-dn distinguishedname] [-p] [--rbcd source] [--spn value] [--asrep] [--account account] [--remove]
+usage: soapy [-h] [--debug] [--ts] [-H nthash] [--users] [--computers]
+             [--groups] [--constrained] [--unconstrained] [--spns]
+             [--asreproastable] [--admins] [--rbcds] [-q query]
+             [-f attr,attr,...] [-dn distinguishedname] [-p] [--rbcd source]
+             [--spn value] [--asrep] [--account account] [--remove]
+             [--addcomputer [MACHINE]] [--computer-pass pass] [--ou ou]
+             [--delete-computer MACHINE] [--disable-account MACHINE]
+             [--dns-add FQDN] [--dns-modify FQDN] [--dns-remove FQDN]
+             [--dns-tombstone FQDN] [--dns-resurrect FQDN] [--dns-ip IP]
+             [--ldapdelete] [--allow-multiple] [--ttl TTL] [--tcp]
              connection
 
-Perform AD reconnaisance and post-exploitation through ADWS from Linux
+Perform AD reconnaissance and post-exploitation through ADWS from Linux
 
 positional arguments:
   connection            domain/username[:password]@<targetName or address>
@@ -34,34 +41,58 @@ options:
   -h, --help            show this help message and exit
   --debug               Turn DEBUG output ON
   --ts                  Adds timestamp to every logging output.
-  -H, --hash nthash     Use an NT hash for authentication
+  -H nthash, --hash nthash
+                        Use an NT hash for authentication
 
 Enumeration:
   --users               Enumerate user objects
   --computers           Enumerate computer objects
   --groups              Enumerate group objects
-  --constrained         Enumerate objects with the msDS-AllowedToDelegateTo attribute set
-  --unconstrained       Enumerate objects with the TRUSTED_FOR_DELEGATION flag set
-  --spns                Enumerate accounts with the servicePrincipalName attribute set
-  --asreproastable      Enumerate accounts with the DONT_REQ_PREAUTH flag set
+  --constrained         Enumerate objects with msds-allowedtodelegateto
+  --unconstrained       Enumerate objects with TRUSTED_FOR_DELEGATION
+  --spns                Enumerate accounts with servicePrincipalName set
+  --asreproastable      Enumerate accounts with DONT_REQ_PREAUTH set
   --admins              Enumerate high privilege accounts
-  --rbcds               Enumerate accounts with msDs-AllowedToActOnBehalfOfOtherIdentity set
-  -q, --query query     Raw query to execute on the target
-  -f, --filter attr,attr,...
-                        Attributes to select from the objects returned, in a comma seperated list
-  -dn, --distinguishedname distinguishedname
-                        The root objects distinguishedName for the query
+  --rbcds               Enumerate accounts with msDs-
+                        AllowedToActOnBehalfOfOtherIdentity set
+  -q query, --query query
+                        Raw query to execute on the target
+  -f attr,attr,..., --filter attr,attr,...
+                        Attributes to select, comma separated
+  -dn distinguishedname, --distinguishedname distinguishedname
+                        The root object's distinguishedName for the query
   -p, --parse           Parse attributes to human readable format
 
 Writing:
-  --rbcd source         Operation to write or remove RBCD. Also used to pass in the source computer account used
-                        for the attack.
-  --spn value           Operation to write the servicePrincipalName attribute value, writes by default unless "
-                        --remove" is specified
-  --asrep               Operation to write the DONT_REQ_PREAUTH (0x400000) userAccountControl flag on a target
-                        object
-  --account account     Account to preform an operation on
-  --remove              Operarion to remove an attribute value based off an operation
+  --rbcd source         Write/remove RBCD (source computer)
+  --spn value           Write servicePrincipalName value (use --remove to
+                        delete)
+  --asrep               Write DONT_REQ_PREAUTH flag (asrep roastable)
+  --account account     Account to perform operations on
+  --remove              Remove attribute value based on operation
+  --addcomputer [MACHINE]
+                        Create a computer account in AD (optional MACHINE
+                        name)
+  --computer-pass pass  Password for the new computer account (optional).
+  --ou ou               DN of the OU where to create the computer (optional).
+  --delete-computer MACHINE
+                        Delete an existing computer account
+  --disable-account MACHINE
+                        Disable a computer account (set AccountDisabled)
+  --dns-add FQDN        Add A record (FQDN). Requires --dns-ip
+  --dns-modify FQDN     Modify/replace A record (FQDN). Requires --dns-ip
+  --dns-remove FQDN     Remove A record (FQDN). Requires --dns-ip unless
+                        --ldapdelete
+  --dns-tombstone FQDN  Tombstone a dnsNode (replace with TS record + set
+                        dNSTombstoned=true)
+  --dns-resurrect FQDN  Resurrect a tombstoned dnsNode
+  --dns-ip IP           IP used with dns add/modify/remove
+  --ldapdelete          Use delete on dnsNode object (when used with --dns-
+                        remove)
+  --allow-multiple      Allow multiple A records when adding
+  --ttl TTL             TTL for new A record (default 180)
+  --tcp                 Use DNS over TCP when fetching SOA serial
+
 ```
 
 # Installation