This is a collection of small scripts and notes to help me during the early stages of a pentest.
- Steals Desktop and Documents Folder of a User
- Idea is to run this as a scheduled task in the permission context of the user
- Saved the Data to a SMB Share
- Could yield sensitive information like password-lists and at least a hash to crack.
- If you have the permissions (or found a user with READLAPSPassword Permission) you can exfil LAPS passwords
- Designed to run without AD-PowerShell Module
- Writes Passwords to a SMB Share
- basic: tested
- adv: untested as of yet
- Easy interface for scanning a network when nmap isn't available or to noisy
- Can resolve DNS Names
- Can Scan subnets
- Can Scan multiple ports at once
This script will create a folder on the current users Desktop called "LNKs". Within the folder three files will be created:
- !SMB-Auth.lnk
- !HTTP-Auth.lnk
- !WebDAV.searchConnector-ms
These files will enable at least the following attacks:
- NTLM Relay via SMB
- NTLM Relay via HTTP
- Capture Hashes for offline cracking
- Enables "WebDAV" on clients which have the WebDAV service installed but not already running
A script to "crack" passwords from a NeDi servers nedi.conf file.