Home Active Directory - PSSession
Post
Cancel

Active Directory - PSSession

Active Directory - PSSession

Here you will find some commands to explore Active Directory with PSSession

Commands linked to pssession with powershell.

Commands to get other boxes, commands to transfer files…

Hope you enjoy.

Summary

Initial Consideration

Well, now let’s use PSSession to enter other sections and with that explore machine too!

But what is PSSESION?

Specifies a Windows PowerShell session (PSSession) to be used for the interactive session. This parameter takes a session object.

In other words, a new section, like an ‘ssh’.

Checking Connection

We must check which machines have administrator access with the current user, as only on them will we be able to perform PPSession The command to test connectivity is this

$computers=( Get-WmiObject -Namespace root\directory\ldap -Class ds_computer | select  -ExpandProperty ds_cn)
foreach ($computer in $computers) { (Get-WmiObject Win32_ComputerSystem -ComputerName $computer ).Name }

Enter the Session

Well, now that we know we have connectivity, let’s test the connection and enter the section!

Invoke-Command -Scriptblock {ipconfig} -ComputerName box_with_acess

We created a new section with New-PSSession

$sess = New-PSSession -ComputerName box_with_access

Here it is! Now we just enter the section

Enter-PSSession -Session $sess

Note: With -File Path we can insert scripts directly inside the section For example:

Invoke-Command -FilePath "C:\Users\script.ps1" -session $sess

Conclusion

We now check the usefulness of PSSession in an offensive environment, every machine we get administrator access will be able to remote psession!

Commands Used

$computers=( Get-WmiObject -Namespace root\directory\ldap -Class ds_computer | select  -ExpandProperty ds_cn)
foreach ($computer in $computers) { (Get-WmiObject Win32_ComputerSystem -ComputerName $computer ).Name }
Invoke-Command –Scriptblock {ipconfig} -ComputerName máquina_com_acesso
$sess = New-PSSession -ComputerName máquina_com_acesso
Enter-PSSession -Session $sess
Invoke-Command -FilePath "C:\Users\script.ps1" -session $sess
This post is licensed under CC BY 4.0 by the author.