Version 0.9.0 Release

[The-Viper-One]

Multiple Domain Support

PsMapExec now supports targeting for multiple domains.

Example

PsMapExec [Method] -Targets [Targets] -Domain "sevenkingdoms.local, north.sevenkingdoms.local" -Username "[email protected]" -Password "Password123"

Improved Non-Domain and Proxifier Supported

PsMapExec has been updated to now much better support working from non-domain joined systems and also, for when texting from a non-domain joined system over Proxifier / SSH tunnels.

Wiki Documentation:

• Working Over Proxifier / SSH Tunnels
• Working from Non-Domain Machine

Additional Modules

The following new modules have been added:

Module	Description
Snipped	Obtains images within each user's Pictures directory (Snipping Tool output)
EventCreds	Parse Event Logs for command-line credentials
RDP	Enable or disable RDP on the target system

Additional Modules (LDAP)

The following additional modules have been added for LDAP/LDAPS:

Module	Description
GMSA	Enumerate and extract GMSA credentials
ConstrainedDelegation	Enumerate constrained delegation
UnconstrainedDelegation	Enumerate unconstrained delegation
AdminCount	Find users with AdminCount=1
ComputerSIDs	Enumerate computer SIDs
UserDescriptions	Enumerate user descriptions
UserLogonRestrictions	Enumerate logon restrictions
UserPasswords	Enumerate user password values
UserSIDs	Enumerate user SIDs

Module Rework

The LogonPasswords module has been revised to display impersonation commands from parsed output.

Ticket Acquisition Changes

By default, if RC4 is not supported for the requested principal automatic fallback to AES256 will be attempted.

Password Spraying Changes

Accounts which have been successfully sprayed previously, will be redacted from future spraying attempts. This is to reduce the liklihood of account lockouts.

Method Additions

SMBv1 has been added which enumerates for SMBv1 on target systems.

Method Changes

Method	Change
SessionHunter	Deprecated
SMB	Reports when the remote service could not be cleaned up after execution
RDP	Runs on a foreach loop (slower than threading, improved stability)
MSSQL	Rewritten from scratch (see below)

MSSQL

Rewritten from scratch with better support for command and module execution. Now supports impersonation enumeration and execution.

Option	Description
-Impersonate enumerate	Enumerate impersonation rights for the authenticating user
-Impersonate sa	Impersonate the given account (combine with -Command or -Module for execution context)

---

This discussion was created from the release Version 0.9.0 Release.