Last active
December 14, 2021 15:51
-
-
Save timothyleung/2927d6e5006b628f1aca22b89e917f6c to your computer and use it in GitHub Desktop.
Windows Command for Pentesting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Parsing %PATH% variable in Windows | |
for %a in ("%path:;=";"%") do @echo %~a | |
# Apply accesschk.exe to each PATH in %PATH% and check our access permission to that folder | |
for %a in ("%path:;=";"%") do accesschk.exe -dqv "%~a" | |
# Check all scheduled tasks | |
schtasks /query | |
schtasks /query /fo LIST /v | |
schtasks /query /fo LIST /v | findstr "Task To Run:" > ttr.txt | |
# Using the AD module to query the DC | |
Get-ADUser <account_name_to_check_for> -credential <valid_username> -server <server_ip> -Properties MemberOf| Select-Object MemberOf | |
# List the Computer that using the policy "{31B2F340-016D-11D2-945F-00C04FB984F9}" | |
Get-NetOU -GUID "{31B2F340-016D-11D2-945F-00C04FB984F9}" | %{ Get-NetComputer -ADSPath $_ } | |
# Make sure you import their customized PowerView | |
Import-Module PowerView | |
Import-Module bloodhound.ps1 | |
Get-BloodHoundData | Export-BloodHoundCSV # after this you can just import all the csv to neo4j | |
# Windows Pentesting idea | |
Information Gathering | |
- Bloodhound to map out the whole network (Might take really long) | |
- Use PowerSploit/PowerView to gather information (DC, User groups, domain) | |
- Network map? .. no idea yet | |
- nmap scan | |
- Get-NetGroup | |
- Get-NetGroupMember |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment