Closed WebBreacher closed 10 years ago
These cmdlets require Active Directory Module for Windows Powershell to be installed/enabled, which is not default configuration. Should we still include them anyways?
I guess the question is, are there "default" installs with this module installed or does one have to install it specifically? Is this something everyone does (prolly not).?
Just reread the post and they have made an edit to include this:
"Edit: @obscuresec pointed out that you must also have the “Active Directory Module for Windows Powershell” installed/enabled to utilize the following cmdlets. You can find this module in the “Remote Server Administration Tools”, which is a separate download from Microsoft. The module is enabled through the “Programs and Features” Control Panel item."
As to how common in enterprises, I am not sure.
I think we could add it as an option. If someone DOES find a system with it installed, it'd work. Just like all our other attacks and stuff, if Powershell or Python is not installed on a system then you cannot use those commands but we provide them. Thoughts?
Hmm. True. However, I am a big fan of pentesting with what works "out of the bag" so to speak, but that is just a personal preference. Perhaps we can get some more input from others. @mubix ?
Input is welcome. I look at it like this: if a system doesn't have python installed you won't use it. If you find nc or pwdump on a system, maybe you will. We in the pwnwiki are giving people choices for how they exploit systems. Some stuff won't work in some places. Not like we are asking people to buy a product or something. Just saying, "if you find a system that has this stuff installed, you can do more stuff" and since it is Microsoft app, it could be installed.
Yea thats true. I am good either way. If we go with throwing it in there, I will be glad to do so.
Lets incorporate this info but also look at how to install the module (I believe it's just dropping the .psm1 file in the right folder) so that someone could do this from any box.
https://www.trustedsec.com/uncategorized/powershell-reconnaissance/