Comments (9)
Excellent blog posts mate. Thank you for awesome contributions.
from winpwn.
Hey,
The parameters are correct if you want to use Domainreconmodules.
DomainReconmodules will most likely run a very long time with theese parameters depending on the domain size, especially the search for network shares takes much time here. Take a look at the code, the WinPwn
function calls the Domainreconmodules
function and Domainreconmodules
calls different sub-functions like generaldomaininfo
, shareenumeration
, powerSQL
, printercheck
and so on with the corresponding parameters:
So you could also use them as standalone functions depending on what you want to do:
powerSQL -noninteractive
- PowerUPSQL Checks
snaffler -noninteractive -consoleoutput
- snaffler without questions and with consoleoutput
generaldomaininfo -noninteractive -consoleoutput
- All those text file information which is normally generated in the Domainrecon Folder
Your error messages look like some of the scripts used by Domainreconmodules
have problems in your environment, but i didnĀ“t see theese messages so far anywhere. DidnĀ“t use the Offline version in combination with PowerShdll
so till now.
You could try all the subfunctions of generaldomainInfo
and tell me which one of it has this problem.
Greetings
from winpwn.
Ah excellent will definitely give it a try and let you know which parameters could potentially present issues. Thanks again for your great help.
Yes I thought you would be interested in knowing the pre-conditions on how WinPwn is being used i am engaged in a locked down environment at the moment so was interested in seeing how WinPwn would behave.
Cheers
from winpwn.
Ok buddy,
Seems that Powershdll doesn't handle the console output properly so you actually need to push all the WInPwn output to a file and only then can i go through the findings
`PS H:\Desktop2019>WinPwn -noninteractive -consoleoutput -Privesc >WinPwn_Privesc_output.txt`
otherwise i get this below
PS H:\Desktop2019>WinPwn -noninteractive -Privesc
A positional parameter cannot be found that accepts argument 'proxy.redacted.local:80'.
PS H:\Desktop2019>WinPwn -noninteractive -consoleoutput -Privesc
Cannot find drive. A drive with the name 'blahblahblah' does not exist.
Will continue to test on target while i can and update.
Cheers
from winpwn.
I am interested in how WinPwn
is used and i am interested in how it behaves in different situations, this could also happen to me sometime. I just tried to replicate this using PowerShdll
but i canĀ“t even load WinPwn
in its runspace. You could also try other open source alternatives like MsBuildshell, just replace the AMSI Bypass Namespace and Class name with random names. There are several projects like PowerLessShell
, nopowershell
Stracciatella
and more. You will get the output from other tools including error messages in the MsBuildShell.
from winpwn.
Awesome thanks mate. Definitely will try the alternatives. Just as a heads up and interesting thing to note, i also used PowerSharpPack and found that the PowerSharpPack.ps1 gets flagged by AMSI but lets all the other binaries through LOL.
from winpwn.
Thats because i didnĀ“t change the AMSITrigger there so far, itĀ“s explained in one of my blog posts here:
https://s3cur3th1ssh1t.github.io/Bypass_AMSI_by_manual_modification/
I switched all scripts to gzip compression yesterday so at this time they are not flagged but they will get flagged in the near future again ;-)
from winpwn.
Tried out MSBuildSell and it works great on my lab test machine, but as soon as i attempt to run it on my target for some reason there seems to be build errors occuring. Mind you i am launching this via PowerShdll. So tomorrow will test out by launching commands from a batch script and see if that works. Will keep you posted
from winpwn.
If you encounter new behaviours feel free to reopen.
from winpwn.
Related Issues (20)
- Error when search for potential vulnerable web apps HOT 2
- Add new topic - cloud HOT 1
- Network Proxy not detecting accurately HOT 3
- Suggest rename of Module HOT 2
- Obfuscated AzureAD HOT 4
- Add Bloodhound multi-domain compatibility HOT 3
- in cobalt strike !!! HOT 4
- WinPwn not downloading anything if webserver uses TLS 1.2! HOT 2
- Getting some errors!! HOT 2
- I am unable to get NTLM Hashes using Inveigh using WinPwn but Invoke-Inveigh works just fine. HOT 3
- WinPwn launching problem HOT 2
- While performing Situational Analysis for Domain I get this errors HOT 3
- Unable to find EmptyPasswords.txt in Exploitation Folder HOT 3
- Unable to simulate Password Spraying attack as no text file is created under Exploitation folder HOT 3
- I am unable to get NTLM Hashes using Inveigh using WinPwn HOT 5
- mimikatz update request HOT 2
- Just like Mimikatz Obfuscated with the freedom to run custom commands, can we have the same feature for Rubeus as well! HOT 5
- Using Invoke-SharpCradle and point it to load Rubeus.exe into memory HOT 4
- How can I pass parameters to mimiload command? HOT 1
- Logic errorļ¼ HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winpwn.