Active Directory Purple Teaming
2022-5-30 12:26:15 Author: reconshell.com(查看原文) 阅读量:41 收藏

This repository is aimed at sharing the cliff notes for performing Red Teaming of Active Directory System combined with Detection Engineering part of AD Attacks

Assumed Breach Methodology

ef

Insider Attack Simlation Model

c65

AD Red Teaming Ops

Domain Enumeration Commands

C:\Users\Windows-Machine> whoamii /priv C:\Users\Windows-Machine> $ADClass = [System.DirectorServices.ActiveDirectory.Domain] C:\Users\Windows-Machine> $ADClass::GetCurrentDomain()
C:\Users\Windows-Machine> cd C:\AD\PowerView C:\AD\PowerView> ..\Powerview.ps1 C:\AD\PowerView> Get-NetDomain
C:\Users\Windows-Machine> cd C:\AD\Pentesting\ADModule-master
C:\AD\Pentesting\ADModule-master> .\Microsoft.ActiveDirectory.Management.dll 
C:\AD\Pentesting\ADModule-master> .\ActiveDirectory\ActiveDirectory.psd1 
C:\AD\Pentesting\ADModule-master> Get-ADDomain 
C:\AD\Pentesting\ADModule-master> Get-NetDomain -Domain moneycorp.local 
C:\AD\Pentesting\ADModule-master> Get-ADDomain -Identity corp.local
Get Domain SID for current domain C:\AD\Pentesting\ADModule-master> Get-DomainSID C:\AD\Pentesting\ADModule-master> (Get-ADDomain).DomainSID
Get Domain Policy for the current domain C:\AD\PowerView> Get-DomainPolicy

Get domain policy for another domain *Domain Password Policy

C:\AD\PowerView> (Get-DomainPolicy)."system access"
Domain Kerberos Policy C:\AD\PowerView> (Get-DomainPolicy)."Kerberos Policy"
C:\AD\Pentesting\ADModule-master> Get-NetDomainController C:\AD\Pentesting\ADModule-master> Get-ADDomainController C:\AD\Pentesting\ADModule-master> Get-ADDomainController -Domain corp2.local

Get List of Users in Current Domain

C:\AD\Pentesting\ADModule-master> Get-NetUser C:\AD\Pentesting\ADModule-master> Get-NetUser -Username student1 C:\AD\Pentesting\ADModule-master> Get-ADUser -Filter * -Properties * C:\AD\Pentesting\ADModule-master> Get-ADUser -Identity student1 -Properties* C:\AD\Pentesting\ADModule-master> Get-NetUser | select cn C:\AD\Pentesting\ADModule-master> Get-NetUser | select Name

Get list of all properties for users in the current domain

C:\AD\Pentesting\ADModule-master> Get-UserProperty C:\AD\Pentesting\ADModule-master> Get-UserProperty -Properties pwdlastset C:\AD\Pentesting\ADModule-master> Get-ADUser -Filter * -Properties * | select -First 1 | Get-Member - MemberType *Property | select Name C:\AD\Pentesting\ADModule-master> Get-ADUser -Filter * -Properties * | select name,@{expression={[dateime]::fromFileTime($_.pwdlastset)]}

Additional Resources:

https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1

https://docs.microsoft.com/en-us/powershell/module/activedirectory/?view=windowsserver2022-ps

The Purple-Teaming is a github repository by MirHassanRiaz


文章来源: https://reconshell.com/active-directory-purple-teaming/
如有侵权请联系:admin#unsafe.sh