Press "Enter" to skip to content

Tag: powerview

Pass-the-Hash is Dead: Long Live Pass-the-Hash

[Edit 3/16/17] Many elements of this post, specifically the ones concerning KB2871997, are incorrect. I have an updated post titled “Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy” that contains the most up-to-date and accurate information.   [Edit 8/13/15] – Here is how the old version 1.9 cmdlets in this post translate to PowerView 2.0: Invoke-EnumerateLocalAdmins  ->  Invoke-EnumerateLocalAdmin Get-NetLocalGroups  ->  Get-NetLocalGroup -ListGroups You may have heard the word recently about how a recent Microsoft patch has put all of us pentesters out of a job. Pass-the-hash is dead, attackers can no longer spread laterally, and Microsoft has finally secured its authentication mechanisms. Oh wait: This is…

Veil-PowerView: A Usage Guide

[Edit 8/13/15] – Many of the cmdlets listed here have changed. Check out the PowerView 2.0 post to see the new updates. [Note: this topic was cross-posted on the Veil-Framework site] Veil-PowerView is a project that was originally prompted by a client who locked down their corporate machines by disabling all “net *” commands for normal users. While building pure Powershell replacements to easily bypass this protection, I began to explore what else could be done with Powershell from a domain and network situational awareness perspective. Being inspired by my boss @davidpmcguire, and drawing on existing work from @mubix, the offensive Powershell community (@obscuresec, @mattifestation, and DarkOperator), and the authors…