Active Directory - PSSession
Here you will find some commands to explore Active Directory with PSSession
Commands linked to pssession with powershell.
Commands to get other boxes, commands to transfer files…
Hope you enjoy.
Summary
- Active Directory - PSSession
- Summary
- Initial Consideration
- Checking Connection
- Enter the Session
- Conclusion
- Commands Used
Initial Consideration
Well, now let’s use PSSession to enter other sections and with that explore machine too!
But what is PSSESION?
Specifies a Windows PowerShell session (PSSession) to be used for the interactive session. This parameter takes a session object.
In other words, a new section, like an ‘ssh’.
Checking Connection
We must check which machines have administrator access with the current user, as only on them will we be able to perform PPSession The command to test connectivity is this
$computers=( Get-WmiObject -Namespace root\directory\ldap -Class ds_computer | select -ExpandProperty ds_cn)
foreach ($computer in $computers) { (Get-WmiObject Win32_ComputerSystem -ComputerName $computer ).Name }
Enter the Session
Well, now that we know we have connectivity, let’s test the connection and enter the section!
Invoke-Command -Scriptblock {ipconfig} -ComputerName box_with_acess
We created a new section with New-PSSession
$sess = New-PSSession -ComputerName box_with_access
Here it is! Now we just enter the section
Enter-PSSession -Session $sess
Note: With -File Path we can insert scripts directly inside the section For example:
Invoke-Command -FilePath "C:\Users\script.ps1" -session $sess
Conclusion
We now check the usefulness of PSSession in an offensive environment, every machine we get administrator access will be able to remote psession!
Commands Used
$computers=( Get-WmiObject -Namespace root\directory\ldap -Class ds_computer | select -ExpandProperty ds_cn)
foreach ($computer in $computers) { (Get-WmiObject Win32_ComputerSystem -ComputerName $computer ).Name }
Invoke-Command –Scriptblock {ipconfig} -ComputerName máquina_com_acesso
$sess = New-PSSession -ComputerName máquina_com_acesso
Enter-PSSession -Session $sess
Invoke-Command -FilePath "C:\Users\script.ps1" -session $sess