SCCMHunter

SCCMHunter is a post-exploitation tool built to streamline identifying, profiling, and attacking SCCM-related assets in an Active Directory domain. It provides modules to perform discovery via Active Directory enumeration and remote host service profiling, identifying potential attack paths. For post-exploitation, SCCMHunter includes modules to extract various SCCM service account credentials through remote DPAPI abuse or by spoofing client enrollment, as well as a helper module to support hierarchy takeover. Finally, if a takeover is successful, the admin module is available for post-exploitation and lateral movement.