Icebreaker – Tool to get Active Directory credentials


Microsoft Active Directory is becoming a hot topic on all hacking conferences globally. Each session may include several open source tools to demonstrate how to attack the domain admin account and the same session ends up with the way to protect against those attacks. If you are looking to pentest Active Directory you can check Icebreaker.

Icebreaker is a tool that allow security tester to sequentially automates 5 internal network attacks against Active Directory to deliver plaintext credentials. This tool will automatically perform attacks sequentially until the fifth attack in parallel:

  • Reverse bruteforce – Automatically acquires a list of usernames and tests each one with two of the most common AD passwords
  • Upload to network shares – Capture users’ passwords with malicious file uploads to available network shares
  • Poison broadcast network protocols  – Uses common network protocols to trick users’ computers into sending you passwords
  • Man-in-the-middle SMB connections – Performs remote command execution against AD computers in order to gather passwords
  • Poison IPv6 DNS – Exploits DNS to trick AD computers into sending their users’ passwords
icebreaker - Tool to get Active Directory credentials

icebreaker – Tool to get Active Directory credentials

The brute-force using this tool will be conducted with a large number of usernames collected with the SMB null attack and a small number of passwords this to avoid account lockout or generating alerts during the attack.

If you find that the active directory account lockout policy is not enforced in this case there is a  1million AD password text file that you can run. Generally you can just use one of the attack scenario against your target or run all of them and see how the domain configuration will look like.

You can read more and download this tool over here: