Pen Testing Active Directory Environments e b o o k contents



Download 3,04 Mb.
Pdf ko'rish
bet9/20
Sana23.12.2022
Hajmi3,04 Mb.
#895103
1   ...   5   6   7   8   9   10   11   12   ...   20
Bog'liq
AD pentesting

PowerShell Empire.
It describes itself as having the ability “to run PowerShell agents without needing powershell.exe, rapidly deployable post-
exploitation modules ranging from key loggers to Mimikatz… all wrapped up in a usability-focused framework”.
Amen, and it lives up to its billing. This is powerful stuff and I attained beautiful remote PowerShell access to the
Acme environment.
If you want to play around with Empire for yourself, you can 
download it from GitHub here.
With a little bit of struggle
(and two aspirins later), I installed it on an Ubuntu Linux server in my AWS environment.
In terms of its remote PowerShell powers, it allows you to create a Listener, which lives at one end of the connection.

PowerShell Empire:
Multiple agents each with its own shell connection. Shellcode runs on the target computer. Awesome power.
17
And then you grab some shell code to run on the victim’s machine. Ultimately, it launches an Agent, which is what you interact 
with in Empire.

PowerShell connection back to Salsa!
18
Effectively, we’re implementing the PowerShell version of the reverse shell that I previously (partially) accomplished with ncat.
You can have many agents running at a time and interact concurrently with each PowerShell session on the target machines.
This is very powerful, and I’m only scratching the surface. Let’s take a breath.
In the next section, we’ll go into more detail for this Empire-based reverse PowerShell technique, and demonstrate how you 
can use it to hop around the Acme domain using crackmapexec to inject the shellcode for the next hop.
And we’ll get back into exploiting the information in Active Directory groups and in particular use the relationships in it to guide 
which users to chase down. It’s referred to as derived or derivative admins.
I’ll leave you with this interesting observation made by (I believe) Will Schroeder: pen testers think in terms of graphs, IT people 
think in lists.

19

Download 3,04 Mb.

Do'stlaringiz bilan baham:
1   ...   5   6   7   8   9   10   11   12   ...   20



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish