Skip to main content

BPATTY[RELOADED] v1.3 release!

· 4 min read
Brian Johnson
Security Guy

Release notes for v1.3

  • baddns - added - for finding bad dns!
  • BloodHound - added - script for jq to dump out the description and 'whencreated' and sorts by newest at top...it also does unix conversion
  • certipy - added clarification on ESC8 with DC example, as well as correction on using curl to validate ESC8 vuln
  • coercer - added context on coercing an entire file full of vicim hosts. Fun!
  • dism - new! - handy for uninstalling the not-so-privacy-friendly Recall feature!
  • dnstool - added troubleshooting for the legacy error
  • get-adobject - added context for nabbing trust keys
  • gowitness - added syntax for running the binary version of gowitness
  • egress filtering - added info about go-out
  • exegol - new! - cool software "package" for pentesting
  • go-out - new! - for checking egress filtering
  • gowitness - added new docker download URLs and adjusted some command typos
  • hashcat - added context for cracking DCC2 hashes
  • netexec - added little script for taking list of machines running WebClient and sorting them
  • nmap-xml-to-csv - new! takes an nmap scan and converts to CSV
  • ntlmv1-multi - new! - for getting those hard-to-reach NTLMv1 hashes
  • pxethief - new! - helps enumerate/pwn SCCM environments!
  • pxethiefy - new! - helps enumerate/pwn SCCM environments!
  • Proxmox - added information about how to make backups of VMs and move them to another node in a cluster. Also added some info on troubleshooting the move of Linux VMs from one node to another and sometimes the VM not picking up on DHCP configs. And disk resizing! And adding RAM!
  • rubeus - added info on "describing" a ticket to see if credential guard was in place
  • secretsdump - added information on using a regular domain account to do the dump, and also cool references like the p0lardious article
  • sccmhunter - new! - finds/attacks SCCM
  • snaffler - added correction on how to snaffle just a specific system
  • snmpbulkwalk - new! - with info on POCing the SNMP "bulkwalk" vulnerability
  • snmpwalk - new! - walking SNMP is fun (?)
  • subsnipe - new! - for sniping subdomains
  • tar - added correct context for extracting a tar.gz file
  • testssl.sh - new! - awesome script for stuff
  • Uptimekuma - new! - this software is like UptimeRobot but...free!
  • wfuzz - new! - for fuzzing the stuff

Slow-baking in the oven for future releases

Tools

General cleanup

  • Go back into each tool page and provide the source download link!
  • Review all docs tagged with review
  • Under review: a BPATTY reader noted "I’d have to disagree with your comment in certipy.py on bpatty, about a 401 unauthorized means the endpoint has been hardened. A 401 is exactly what we want as the web app is blocking us as we didn’t provide creds to log on. Having the site accessible is good news. Having a 403 Forbidden on the other hand, is generally bad news and I’ve never had this work." - updated in certipy, thank you!

Software and misc guides