dievus/PowerShellForPentesters dievus/PowerShellForPentesters

  • Stars
    star
    400
  • Rank 107,843 (Top 3 %)
  • Language
    PowerShell
  • Created about 3 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
dievus/PowerShellForPentesters
github

dievus

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Course repository for PowerShell for Pentesters Course

PowerShellForPentesters

MayorSec ko-fi

Playlist Link - https://youtube.com/playlist?list=PLJQHPJLj_SQatUsJy3O4k-VQlllquDmDr

PowerShell for Pentesters is a basic introduction to using PowerShell on internal penetration tests. This course is essentially the PowerShell module from my popular Movement, Pivoting, and Persistence course on TCM Academy and Udemy. In the course we will cover:

  • User, group, and workstation enumeration
  • Domain enumeration
  • Downloading with PowerShell
  • Group Policy Enumeration
  • ACL Enumeration
  • PowerShell Remoting
  • PowerView and other popular offensive PowerShell scripts
  • Mimikatz exploitation

Scripts are provided for easy installation of Active Directory functionality, however no instruction will be given on installing virtual machines in video. A lab guide provided in this repo will outline the basics for installing your network on Virtualbox. The process is similar on VMWare Workstation and Workstation Pro.

You will need Hashcat for the course, which is accessible at https://hashcat.net/hashcat/. You can also access Hashcat through Kali Linux if you have it installed. A course wordlist is included in the repo which contains user passwords when necessary, and will not require a GPU to crack.

ADGenerator

This script will auto-generate the required users, groups, and permissions necessary for my Powershell for Pentesters course.

Instructions

In order to generate a functional domain controller and active directory, the listed PowerShell scripts need to be executed in the following order:

  • Invoke-ForestDeploy.ps1

. .\Invoke-ForestDeploy.ps1

Invoke-ForestDeploy -DomainName <domain name>

This will install the Windows Active Directory Domain Services toolset and generate the actual domain. Follow the instructions on screen, making note of the domain name used as this will be needed later.

  • Invoke-ADGenerator.ps1

. .\Invoke-ADGenerator.ps1

Invoke-ADGenerator -DomainName <domainname>

This will generate the appropriate users, groups, permissions, configurations, and misconfigurations needed for the actual course.

  • NameGen.ps1

. .\NameGen.ps1

executeScript -ComputerName Workstation-01

This is ran on the Workstation-01 machine created to appropriately name the workstation in the domain. Ensure that you use -ComputerName flag and specify Workstation-01.

More Repositories

1

Oh365UserFinder

Python3 o365 User Enumeration Tool
Python
459
star
2

threader3000

Multi-threaded Python Port Scanner with Nmap Integration
Python
281
star
3

lnkbomb

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.
Python
248
star
4

msLDAPDump

LDAP enumeration tool implemented in Python3
Python
174
star
5

ADGenerator

Active Directory Generator files for Movement, Pivoting, and Persistence for Pentesters and Ethical Hackers.
PowerShell
172
star
6

msdorkdump

Google Dork File Finder
Python
162
star
7

printspoofer

155
star
8

msImpersonate

msImpersonate - User account impersonation written in pure Python3
Python
105
star
9

geeMailUserFinder

Python Gmail User Enumeration Tool
Python
96
star
10

msdnsscan

MayorSec DNS Enumeration Tool
Python
70
star
11

GatekeeperLite

Lite version of my Gatekeeper backdoor for public use.
Python
55
star
12

Python3-C2-Course-Code-Modules

Modules for my C2 course students to use for their own projects.
Python
54
star
13

PowerShellRunner

PowerShell runner for executing malicious payloads in order to bypass Windows Defender.
PowerShell
34
star
14

Firefox-Dumper

Tool to transfer credential files from Firefox to your local machine to decrypt offline.
Python
23
star
15

PythonCreateYourOwnSeries

Files for my Python3 Create Your Own Tool Series
Python
22
star
16

MayorbotC2

My attempt at weaponizing Discord.
Python
19
star
17

BlackLister

Blacklist generator for password filters
Python
10
star
18

msToolSet-Docker

Dockerized version of my most used tools.
Python
10
star
19

helper

PowerShell
10
star
20

bufferoverflow

Repository of Ruby related buffer overflow boilerplates
Python
9
star
21

MayorSecPasswordGenerator

Simple Python tool that generates a pseudo-random password with numbers, letters, and special characters in accordance with password policy best practices.
Python
7
star
22

toolsdirectory

PowerShell
7
star
23

CVE-2021-37832

CVE-2021-37832 - Hotel Druid 3.0.2 SQL Injection Vulnerability - 9.8 CVSS 3.1
6
star
24

CVE-2020-28351

CVE-2020-28351 - Reflected Cross-Site Scripting attack in ShoreTel version 19.46.1802.0.
5
star
25

CVE-2021-37833

CVE 2021-37833 Hotel Druid 3.0.2 Reflected Cross Site Scripting
4
star
26

reverse-shells

3
star
27

Wordlists

3
star
28

mayorscan

Mayor's Toolkit
Shell
3
star
29

MayorSecWorkoutTracker

MayorSec Workout Tracker
Python
3
star
30

Project_Plus

HTML
2
star
31

PythonBOF

Python
2
star
32

msesxicontroller

Python ESXi CLI Controller
Python
2
star
33

pingsweep

The first tool I wrote when I started Pentesting.
Shell
2
star
34

MayorSec-SecuroText3000

SecuroText3000 will take unencrypted text files and encrypt the content utilizing a highly modified Vigenere cipher key. The increased key deviates from the typical alphabetical system, which increases the difficulty in cracking when the full key is not known.
Python
2
star
35

dievus

Config files for my GitHub profile.
1
star
36

skidnomore3000

Shell
1
star