| **** |
|
| Coerce a system to authenticate to a remote target |
CredCoerce |
| Enumeration |
|
| Check whether a user name is valid |
Kerb getasinfo |
| Check whether a user name is valid |
Kerb asreq |
| Enumerate policy accounts |
Lsa enumaccounts |
| Enumerate the accounts in the Security Accounts Manager database |
Sam enumusers |
| Enumerate the data streams of a file on an SMB server |
Smb2Client enumstreams |
| Enumerate the network interfaces and network addresses of an SMB server |
Smb2Client enumnics |
| Enumerate the open files on an SMB server |
Smb2Client enumopenfiles |
| Enumerate the privileges granted to an account |
Lsa getprivs |
| Enumerate the rights and privileges granted to an account |
Lsa getrights |
| Enumerate the sessions of users connected to an SMB server |
Smb2Client enumsessions |
| Enumerate the shares of an SMB server |
Smb2Client enumshares |
| Enumerate the system access rights granted to an account |
Lsa getsysaccess |
| Enumerate the volume snapshots on an SMB server |
Smb2Client enumsnapshots |
| Executes a WMI query |
Wmi query |
| Get a WMI object |
Wmi get |
| Invoke a method on a WMI class or object |
Wmi invoke |
| List the classes within a WMI namespace |
Wmi lsclass |
| List the methods of a WMI class or object |
Wmi lsmethod |
| List the namespaces within a WMI namespace |
Wmi lsns |
| List the properties of a WMI class or object |
Wmi lsprop |
| Query the status of a service |
Scm query |
| Query the triggers configured to start or stop a service |
Scm qtriggers |
| Translate an a SID to its account name and domain |
Lsa lookupsid |
| Translate an account name to its SID and domain name |
Lsa lookupname |
| Expanding Access |
|
| Change a password |
Kerb changepw |
| Create an LSA policy account |
Lsa createaccount |
| Get ticket hash for hash cracking |
Kerb tgsreq |
| Grant a privilege to an account |
Lsa addpriv |
| Request a ticket for a service |
Kerb tgsreq |
| Request a ticket-granting-ticket |
Kerb asreq |
| Set the password of another user account |
Kerb setpw |
| Set the system access rights for an account |
Lsa setsysaccess |
| Kerberos |
|
| Change a password |
Kerb changepw |
| Check the encryption types supported for a user account |
Kerb getasinfo |
| Check the encryption types supported for a user account |
Kerb asreq |
| Check whether a user account requires pre-authentication |
Kerb getasinfo |
| Check whether a user account requires pre-authentication |
Kerb asreq |
| Convert between a .ccache file and a .kirbi file |
Kerb select |
| Describe a Kerberos ticket |
Kerb select |
| Generate protocol key from password |
Kerb s2k |
| Get ticket hash for hash cracking |
Kerb tgsreq |
| Print the contents of a .ccache file |
Kerb select |
| Print the contents of a .kirbi file |
Kerb select |
| Query tickets within a .ccache file or .kirbi file |
Kerb select |
| Renew a ticket |
Kerb renew |
| Request a ticket for a service |
Kerb tgsreq |
| Request a ticket-granting-ticket |
Kerb asreq |
| Set the password of another user account |
Kerb setpw |
| Lateral Movement |
|
| Create a service |
Scm create |
| Execute a command line on a remote system |
Wmi exec |
| Invoke a method on a WMI class or object |
Wmi invoke |
| Start a service |
Scm start |
| LSA |
|
| Create an LSA policy account |
Lsa createaccount |
| Enumerate policy accounts |
Lsa enumaccounts |
| Enumerate the privileges granted to an account |
Lsa getprivs |
| Enumerate the rights and privileges granted to an account |
Lsa getrights |
| Enumerate the system access rights granted to an account |
Lsa getsysaccess |
| Grant a privilege to an account |
Lsa addpriv |
| Revoke a privilege from an account |
Lsa rmpriv |
| Set the system access rights for an account |
Lsa setsysaccess |
| Translate an a SID to its account name and domain |
Lsa lookupsid |
| Translate an account name to its SID and domain name |
Lsa lookupname |
| RPC |
|
| Enumerate dynamic RPC endpoints |
Epm lsep |
| SAM |
|
| Enumerate the accounts in the Security Accounts Manager database |
Sam enumusers |
| SCM |
|
| Create a service |
Scm create |
| Delete a service |
Scm delete |
| Query the status of a service |
Scm query |
| Query the triggers configured to start or stop a service |
Scm qtriggers |
| Start a service |
Scm start |
| Stop a service |
Scm stop |
| SMB |
|
| Create a directory junction or mount point on an SMB share |
Smb2Client mount |
| Create a directory on an SMB share |
Smb2Client mkdir |
| Create a file on an SMB share |
Smb2Client touch |
| Create a filesystem link on an SMB share |
Smb2Client mklink |
| Delete a directory on an SMB share |
Smb2Client rmdir |
| Delete a file in SMB share |
Smb2Client rm |
| Get a file from an SMB server |
Smb2Client get |
| List the contents of directory on an SMB share |
Smb2Client ls |
| Remove a directory junction or mount point within an SMB share |
Smb2Client umount |
| Timestomp a file on an SMB share |
Smb2Client touch |
| Update directory entry attributes and timestamps for a new or existing file on an SMB share |
Smb2Client touch |
| Upload a file to an SMB share |
Smb2Client put |
| Watch a file or directory on an SMB server for changes |
Smb2Client watch |
| WMI |
|
| Back up the WMI MOF repository |
Wmi backup |
| Delete a WMI object |
Wmi delete |
| Execute a command line on a remote system |
Wmi exec |
| Executes a WMI query |
Wmi query |
| Get a WMI object |
Wmi get |
| Invoke a method on a WMI class or object |
Wmi invoke |
| List the classes within a WMI namespace |
Wmi lsclass |
| List the methods of a WMI class or object |
Wmi lsmethod |
| List the namespaces within a WMI namespace |
Wmi lsns |
| List the properties of a WMI class or object |
Wmi lsprop |
| Restore the WMI MOF repository |
Wmi restore |