search

pwnwiki / pwnwiki.github.io

PwnWiki - The notes section of the pentesters mind.
http://pwnwiki.io
MIT License
554 stars 269 forks source link

Add blog post content to powershell recon #64

Closed WebBreacher closed 10 years ago

WebBreacher commented 10 years ago

https://www.trustedsec.com/uncategorized/powershell-reconnaissance/

jakxx commented 10 years ago

These cmdlets require Active Directory Module for Windows Powershell to be installed/enabled, which is not default configuration. Should we still include them anyways?

WebBreacher commented 10 years ago

I guess the question is, are there "default" installs with this module installed or does one have to install it specifically? Is this something everyone does (prolly not).?

jakxx commented 10 years ago

Just reread the post and they have made an edit to include this:

"Edit: @obscuresec pointed out that you must also have the “Active Directory Module for Windows Powershell” installed/enabled to utilize the following cmdlets. You can find this module in the “Remote Server Administration Tools”, which is a separate download from Microsoft. The module is enabled through the “Programs and Features” Control Panel item."

As to how common in enterprises, I am not sure.

WebBreacher commented 10 years ago

I think we could add it as an option. If someone DOES find a system with it installed, it'd work. Just like all our other attacks and stuff, if Powershell or Python is not installed on a system then you cannot use those commands but we provide them. Thoughts?

jakxx commented 10 years ago

Hmm. True. However, I am a big fan of pentesting with what works "out of the bag" so to speak, but that is just a personal preference. Perhaps we can get some more input from others. @mubix ?

WebBreacher commented 10 years ago

Input is welcome. I look at it like this: if a system doesn't have python installed you won't use it. If you find nc or pwdump on a system, maybe you will. We in the pwnwiki are giving people choices for how they exploit systems. Some stuff won't work in some places. Not like we are asking people to buy a product or something. Just saying, "if you find a system that has this stuff installed, you can do more stuff" and since it is Microsoft app, it could be installed.

jakxx commented 10 years ago

Yea thats true. I am good either way. If we go with throwing it in there, I will be glad to do so.

mubix commented 10 years ago

Lets incorporate this info but also look at how to install the module (I believe it's just dropping the .psm1 file in the right folder) so that someone could do this from any box.

jakxx commented 10 years ago

see PR69