AS2Go.json
|
{
"Scripts": [ { "Script": [ { "Name": "Name", "Value": "AS2Go" }, { "Name": "Version", "Value": "2026.02.20.762" }, { "Name": "Author", "Value": "me@mrhozi.com" } ] } ], "DefaultParameter": [ { "Setting": [ { "Name": "UseCase", "Value": "Attack scenario to GO" }, { "Name": "DemoTitle", "Value": "Attack scenario to GO - along the kill-chain" }, { "Name": "mydc", "Value": "CH01-DC19-02" }, { "Name": "myViPC", "Value": "CH01-MS22-01" }, { "Name": "fqdn", "Value": "WS19-CHILD01.WS19-ROOT.CORP" }, { "Name": "DomainSID", "Value": "S-1-5-21-18515944-1610616278-1029250612" }, { "Name": "mySAW", "Value": "CH01-MS22-01" }, { "Name": "myAppServer", "Value": "ROOT-DC19-01" }, { "Name": "BDUsersOU", "Value": "OU=AS2Go,DC=WS19-CHILD01,DC=WS19-ROOT,DC=CORP" }, { "Name": "MySearchBase", "Value": "DC=WS19-CHILD01,DC=WS19-ROOT,DC=CORP" }, { "Name": "OfflineDITFile", "Value": "\\\\CH01-DC19-01.WS19-CHILD01.WS19-ROOT.CORP\\AD-Backup" }, { "Name": "globalHelpDesk", "Value": "SG-AS2Go-Helpdesk" }, { "Name": "Honeytoken", "Value": "CN=fake,OU=T0 Accounts,OU=Tier 0 Assets,OU=AS2Go,DC=WS19-CHILD01,DC=WS19-ROOT,DC=CORP" }, { "Name": "pthntml", "Value": "[value can be set during the attack]" }, { "Name": "krbtgtntml", "Value": "[value can be set during the attack]" }, { "Name": "ticketsDir", "Value": "C:\\temp\\tickets" }, { "Name": "ticketsPath", "Value": "c$\\temp\\tickets" }, { "Name": "time2reboot", "Value": "20" }, { "Name": "OpenSSL", "Value": "c:\\Program Files\\OpenSSL-Win64\\start.bat" }, { "Name": "EnterpriseCA", "Value": "ROOT-DC22-01.WS22-ROOT.CORP\\WS22-ROOT-ROOT-DC22-01-CA" }, { "Name": "BadCA", "Value": "AS2GoBadCert" }, { "Name": "SP01", "Value": "xxx" }, { "Name": "SP02", "Value": "xxx" }, { "Name": "SP03", "Value": "xxx" }, { "Name": "SP04", "Value": "xxx" }, { "Name": "SP05", "Value": "xxx" }, { "Name": "SP06", "Value": "xxx" }, { "Name": "SP07", "Value": "[Can be set during the attack]" }, { "Name": "Tools", "Value": "C:\\temp\\AS2Go-Malware" }, { "Name": "LastStart", "Value": "2026-02-24 12:35:38" }, { "Name": "LastFinished", "Value": "2023-03-30 15:15:55" }, { "Name": "LastDuration", "Value": "00:14:38 [h]" }, { "Name": "LastVictim", "Value": "adsa" }, { "Name": "LastBDUser", "Value": "BD-20260318.111136" }, { "Name": "LastUPNSuffix", "Value": "@mrhozi.com" }, { "Name": "LastStage", "Value": "Brute Force Or Pw Spray" }, { "Name": "LastPW", "Value": "!AS2Go-2026-is-Very-cool!" }, { "Name": "LastNumofDemoUsers", "Value": "10" }, { "Name": "PreviousBase", "Value": "OU=AS2Go,DC=WS19-CHILD01,DC=WS19-ROOT,DC=CORP" }, { "Name": "BreakGlassAccount", "Value": "CN=MyRootBGA,OU=Tier 0,OU=Sensitive Accounts,DC=WS19-ROOT,DC=CORP" }, { "Name": "RandomAccountOperators", "Value": "10" }, { "Name": "LastIdentifier", "Value": "168128893223735" }, { "Name": "LastGTUser", "Value": "FU-20230414.182600" }, { "Name": "LastPriviledgeEscaltion", "Value": "AS2GoBadCert" }, { "Name": "PriviledgeGroupRIDs", "Value": "'17281', '17282', '17283', '2118', '1115',551" } ] } ] } |