Skip to content

Version 0.9.0 Release

Choose a tag to compare

View all tags
@The-Viper-One The-Viper-One released this 14 Oct 08:59
· 6 commits to main since this release
v0.9.0
e9cdfdf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Multiple Domain Support

PsMapExec now supports targeting for multiple domains.

Example

PsMapExec [Method] -Targets [Targets] -Domain "sevenkingdoms.local, north.sevenkingdoms.local" -Username "Moe@sevenkingdoms.local" -Password "Password123"

Improved Non-Domain and Proxifier Supported

PsMapExec has been updated to now much better support working from non-domain joined systems and also, for when texting from a non-domain joined system over Proxifier / SSH tunnels.

Wiki Documentation:

Additional Modules

The following new modules have been added:

Module Description
Snipped Obtains images within each user's Pictures directory (Snipping Tool output)
EventCreds Parse Event Logs for command-line credentials
RDP Enable or disable RDP on the target system

Additional Modules (LDAP)

The following additional modules have been added for LDAP/LDAPS:

Module Description
GMSA Enumerate and extract GMSA credentials
ConstrainedDelegation Enumerate constrained delegation
UnconstrainedDelegation Enumerate unconstrained delegation
AdminCount Find users with AdminCount=1
ComputerSIDs Enumerate computer SIDs
UserDescriptions Enumerate user descriptions
UserLogonRestrictions Enumerate logon restrictions
UserPasswords Enumerate user password values
UserSIDs Enumerate user SIDs

Module Rework

The LogonPasswords module has been revised to display impersonation commands from parsed output.

Ticket Acquisition Changes

By default, if RC4 is not supported for the requested principal automatic fallback to AES256 will be attempted.

Password Spraying Changes

Accounts which have been successfully sprayed previously, will be redacted from future spraying attempts. This is to reduce the liklihood of account lockouts.

Method Additions

SMBv1 has been added which enumerates for SMBv1 on target systems.

Method Changes

Method Change
SessionHunter Deprecated
SMB Reports when the remote service could not be cleaned up after execution
RDP Runs on a foreach loop (slower than threading, improved stability)
MSSQL Rewritten from scratch (see below)

MSSQL

Rewritten from scratch with better support for command and module execution. Now supports impersonation enumeration and execution.

Option Description
-Impersonate enumerate Enumerate impersonation rights for the authenticating user
-Impersonate sa Impersonate the given account (combine with -Command or -Module for execution context)
Assets 3
Loading
0 Join discussion