Last Modification

Description of the Tool:

Break the ice with that cute Active Directory environment over there. When you're cold and alone staring in at an Active Directory party but don't possess even a single AD credential to join the fun, this tool's for you.

Sequentially automates 5 internal network attacks against Active Directory to deliver you plaintext credentials.

  1. Reverse bruteforce: Automatically acquires a list of usernames and tests each one with two of the most common AD passwords (more than two attempts may trigger account lockout policies)

  2. Upload to network shares: Capture users' passwords with malicious file uploads to available network shares

  3. Poison broadcast network protocols: Uses common network protocols to trick users' computers into sending you passwords

  4. Man-in-the-middle SMB connections: Performs remote command execution against AD computers in order to gather passwords

  5. Poison IPv6 DNS: Exploits DNS to trick AD computers into sending their users' passwords to you

Project Details:

Details on the attacks used in the tool and how to use icebreaker can be found on Dan McInerney's Github Icebreaker project page

Presentations on the Tool:


* Demo of icebreaker begins at the 23:54 mark

Circle City Con 5.0 (2018)

* Demo of icebreaker begins at the 32:34 mark