Skip to content

Releases: The-Viper-One/PsMapExec

Minor Release Update (0.9.2)

18 Nov 08:03
@The-Viper-One The-Viper-One
v.0.9.2
660998f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Minor Release Update (0.9.2) Latest
Latest

Module Additions

Chromium

Extract and decrypt chromium v10 and v20 app-bound encryption blobs on remote systems. Supports, takeover of user logonsessions to decrypt for multiple users.

Documentation: https://github.com/The-Viper-One/PsMapExec/wiki/04-%E2%80%90-Modules#chromium

MultiRDP

Patch remote workstations to allow for multiple RDP connections. Useful for when you want to connect via RDP but a user is already logged in.

Documentation: https://github.com/The-Viper-One/PsMapExec/wiki/04-%E2%80%90-Modules#multirdp

Full Changelog: v0.9.1...v.0.9.2

Assets 3
Loading

Version 0.9.1 Release

31 Oct 06:56
@The-Viper-One The-Viper-One
v0.9.1
6da41e5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Version 0.9.1 Release

Minor release update

Additional Modules

Module Description
ComputerDNs Gets all Computer Distinguished Names from LDAP
UserDNs Gets all User Distinguished Names from LDAP
Firefox Searches all users profiles for Firefox passwords in unencrypted databases

Other

  • Small change to DNS resolution logic to improve collection speed of computer object
  • Some small logic to filter out computers which are not likely to be genuine computer objects
Loading

Version 0.9.0 Release

14 Oct 08:59
@The-Viper-One The-Viper-One
v0.9.0
e9cdfdf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Version 0.9.0 Release

Multiple Domain Support

PsMapExec now supports targeting for multiple domains.

Example

PsMapExec [Method] -Targets [Targets] -Domain "sevenkingdoms.local, north.sevenkingdoms.local" -Username "[email protected]" -Password "Password123"

Improved Non-Domain and Proxifier Supported

PsMapExec has been updated to now much better support working from non-domain joined systems and also, for when texting from a non-domain joined system over Proxifier / SSH tunnels.

Wiki Documentation:

Additional Modules

The following new modules have been added:

Module Description
Snipped Obtains images within each user's Pictures directory (Snipping Tool output)
EventCreds Parse Event Logs for command-line credentials
RDP Enable or disable RDP on the target system

Additional Modules (LDAP)

The following additional modules have been added for LDAP/LDAPS:

Module Description
GMSA Enumerate and extract GMSA credentials
ConstrainedDelegation Enumerate constrained delegation
UnconstrainedDelegation Enumerate unconstrained delegation
AdminCount Find users with AdminCount=1
ComputerSIDs Enumerate computer SIDs
UserDescriptions Enumerate user descriptions
UserLogonRestrictions Enumerate logon restrictions
UserPasswords Enumerate user password values
UserSIDs Enumerate user SIDs

Module Rework

The LogonPasswords module has been revised to display impersonation commands from parsed output.

Ticket Acquisition Changes

By default, if RC4 is not supported for the requested principal automatic fallback to AES256 will be attempted.

Password Spraying Changes

Accounts which have been successfully sprayed previously, will be redacted from future spraying attempts. This is to reduce the liklihood of account lockouts.

Method Additions

SMBv1 has been added which enumerates for SMBv1 on target systems.

Method Changes

Method Change
SessionHunter Deprecated
SMB Reports when the remote service could not be cleaned up after execution
RDP Runs on a foreach loop (slower than threading, improved stability)
MSSQL Rewritten from scratch (see below)

MSSQL

Rewritten from scratch with better support for command and module execution. Now supports impersonation enumeration and execution.

Option Description
-Impersonate enumerate Enumerate impersonation rights for the authenticating user
-Impersonate sa Impersonate the given account (combine with -Command or -Module for execution context)
Loading
0 Join discussion

Version 0.8.1 Release (SCCM and DPAPI)

26 Jun 08:30
@The-Viper-One The-Viper-One
v0.8.1
44f923c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Version 0.8.1 Release (SCCM and DPAPI)

This release includes completley rewritten code for the -Module SCCM. This has now been rewritten in Pure Powershell and should be more resillient against EDR. This code is a PowerShell port of some SharpSCCM functionality.

Additionally, the -Module DPAPI has now been implemented. This module is based on some core functionality from the SharpDPAPI project and will decrypt and display SYSTEM credentials and vault data.

The Wiki will be updated to reflect these changes as part of this release.

Loading

Version 0.8.0 Release

23 Jun 19:12
@The-Viper-One The-Viper-One
v0.8.0
9ee46f5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Version 0.8.0 Release

Update PsMapExec > Version 0.8.0

Loading