Skip to content

Gr1mmie/Coeus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits

.github

.github

 
 

Commands

Commands

 
 

Models

Models

 
 

Properties

Properties

 
 

Utils

Utils

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

App.config

App.config

 
 

Coeus.csproj

Coeus.csproj

 
 

Coeus.sln

Coeus.sln

 
 

Coeus.yar

Coeus.yar

 
 

LICENSE

LICENSE

 
 

Program.cs

Program.cs

 
 

README.md

README.md

 
 

Repository files navigation

Coeus

Coeus is an ADSI based Situational Awareness toolkit for domain environments with modularity in mind. Allows for the enumeration of users/groups/computers as well as some common misconfigurations including roasting (AS-REP, kerber) and delegation (Constrained, Unconstrained, RCBD) attacks.

Catch my talk featuring Coeus here! (add link pls)

Slides!

Usage

Coeus is an interactive console app, meaning executing the binary drops users into a prompt. Use commands to view all available commands like so:

image

To get help for any command, use the help util:

image

Features

  • Enumerate users, groups (and group memberships), and computers on a domain
  • Returns information on the domain and forest including domain
  • Returns information on the RootDSE
  • Searches for accounts with descriptions
  • Returns "interesting accounts" (based ona string array in Models/Data.cs)
  • Query object properties
  • Return domain password policies
  • Returns machine accounts with SPNs assigned and their respective SPNs
  • Searches for potentially AS-REP/Kerberoastable accounts
  • Searcher for machines potentially vulnerable to delegation attacks (constrained, unconstrained, resource based, coming soon)
  • Query GPOs
  • Query object ACL

Compile Instructions

Open .sln in Visual Studio and build

To-Do

  • Give option to set/change SearchScope
  • Users
    • no passwd req'd
  • ObjPropery
    • parse SID/GUID
  • LAPSSweep
  • RoastHunter
    • if machine w/ SPN is found, attempt to determine enc type (msDS-SupportedEncryptionTypes) and return that
    • use Coeus to locate potentially kerberoastable machines and fetch neccesary info to pass to SnipeRoast AtlasUtil
  • ACL Enum
  • GPO Enum
    • fetch all
    • all properties
    • specific properties
    • return names
    • correctly return byte[] entries (objGUID)
  • DCSync
    • search for DS-Replication-Get-Changes, DS-Replication-Get-Changes-All, DS-Replication-Get-Changes-In-Filtered-Set
  • Misc
    • create method to convert and return SID/GIUD entries in extensions
  • Authenticate
    • Allow for operator to authenticate into a domain as to not drop Coeus to disk

Disclaimer

I am not responsible for actions taken by users of Coeus. Coeus was released solely for educational and ethical purposes.

About

ADSI based SA tool

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published

Languages