Jackdaw - Tool To Collect All Information In Your Domain

April 6, 2020
(341 views)

Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each other and how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passwords/users.

Example commands of Jackdaw

Most of these commands are available already from the webapi, except for the database init.

DB init

jackdaw --sql sqlite:///<full path here>/test.db dbinit

Enumeration

Full enumeration with integrated sspi - windows only

jackdaw --sql sqlite:///test.db enum 'ldap+sspi://10.10.10.2' 'smb+sspi-ntlm://10.10.10.2'

Full enumeration with username and password - platform-independent

The password is Passw0rd!
jackdaw --sql sqlite:///test.db enum 'ldap://TEST\victim:[email protected]' 'smb+ntlm-password://TEST\victim:[email protected]'

LDAP-only enumeration with username and password - platform-independent

The password is Passw0rd!
jackdaw --sql sqlite:///test.db ldap 'ldap://TEST\victim:[email protected]'

Start an interactive web interface to plot graph and access additional features

jackdaw --sql sqlite:///<FULL PATH TO DB> nest

Open https://127.0.0.1:5000/ui for the API

....

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.