Collection of PowerShell cmdlets for use on offensive domain controllers
This toolkit contains the following tools to help utilize a domain controller in penetration tests to the fullest:
Invoke-ReverseBastion: By far the most powerful tool of the bunch, this cmdlet automates the process of setting up a bastion forest in the attack domain and adding a target domain to it.Find-InterestingRemoteAcl: Uses the built-in AD cmdlets together with New-PSDrive and Get-Acl to remotely enumerate ACLs on one domain from another, all while using Microsoft-signed tools to avoid detectionGen-RDPFile: Uses a multi-line template to automate the process of establishing one-click access to a remote machineAdd-TargetDnsForwarder: Simplifies the proces of adding a conditional forwarder for resolving a remote domain without needing to manually edit configuration filesAdd-RemoteDnsWildcardRecord: Automates the process of adding a*record to a remote DCEnter-PlaintextWinRMSession: Wrapper aroundEnter-PSSessionthat reduces the number of steps necessary to connect from 3 to 1Invoke-PSADSession: Reflectively loads the Active Directory PowerShell module assembly into a WinRM session and enters it, bypassing the need to add it as an optional Windows feature on the target system. Because this module is Microsoft-signed, it's much easier to avoid detection with.- More to come