• Stars
    star
    130
  • Rank 277,575 (Top 6 %)
  • Language
    PowerShell
  • License
    MIT License
  • Created over 5 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Powershell script to extract information from boot PXE

PowerPXE

PowerPXE is a PowerShell script that extracts interesting data from insecure PXE boot.

The associated article was published in MISC nĀ° 103 (in french).

Quick Usage

Open an elevated PowerShell prompt :

Import-Module PowerPxe
Get-PXEcreds -InterfaceAlias Ethernet

The ouput should be :

    >> Get a valid IP adress
    >>> >>> DHCP proposal IP address: 192.168.22.101
    >>> >>> DHCP Validation: DHCPACK
    >>> >>> IP address configured: 192.168.22.101
    >> Request BCD File path
    >>> >>> BCD File path:  \Tmp\x86x64{5AF4E332-C90A-4015-9BA2-F8A7C9FF04E6}.bcd
    >>> >>> TFTP IP Address:  192.168.22.3
    >> Launch TFTP download
    >>>> Transfer succeeded.
    >> Parse the BCD file: conf.bcd
    >>>> Identify wim file : \Boot\x86\Images\LiteTouchPE_x86.wim
    >>>> Identify wim file : \Boot\x64\Images\LiteTouchPE_x64.wim
    >> Launch TFTP download
    >>>> Transfer succeeded.
    >> Open LiteTouchPE_x86.wim
    >>>> Finding Bootstrap.ini
    >>>> >>>> DeployRoot = \\LAB-MDT\DeploymentShare$
    >>>> >>>> UserID = MdtService
    >>>> >>>> UserDomain = lab.fr
    >>>> >>>> UserPassword = Somepass1
    >> Launch TFTP download
    >>>> Transfer succeeded.
    >> Open LiteTouchPE_x64.wim
    >>>> Finding Bootstrap.ini
    >>>> >>>> DeployRoot = \\LAB-MDT\DeploymentShare$
    >>>> >>>> UserID = MdtService
    >>>> >>>> UserDomain = lab.fr
    >>>> >>>> UserPassword = Somepass1

Lab deployement

In order to test this module, the framework AutomatedLab was used to automatically deploy a lab with Microsoft Deployment Toolkit (MDT) installed. The deployement script is present inside the "Labs" directory.

Credits

I'd like to thank the following people for their work :

More Repositories

1

EDRSandblast

C
1,441
star
2

abaddon

Python
333
star
3

hadoop-attack-library

A collection of pentest tools and resources targeting Hadoop environments
Python
254
star
4

dyode

A low-cost, DIY data diode for ICS
Python
176
star
5

wavecrack

Wavestone's web interface for password cracking with hashcat
Python
164
star
6

AD-security-workshop

Resources for our Active Directory security workshops
139
star
7

DEFCON-CICD-pipelines-workshop

HCL
92
star
8

Invoke-CleverSpray

Password Spraying Script detecting current and previous passwords of Active Directory User
PowerShell
63
star
9

opcua-scan

Tooling for discovery & information gathering from OPC-UA servers
Python
17
star
10

1-2-3-Cyber

17
star
11

mainframe-attack-library

Collection of scripts to p*wn mainframes
Python
14
star
12

s7-get

Tools to interact with Siemens PLCs
Python
11
star
13

fun-with-modbus-0x5a

Material from ICS Village talk at DEFCON 25
Ruby
10
star
14

bhasia23-opcuhack

Slides & content for our Arsenal lab session at BlackHat Asia 2023
10
star
15

plc-code-security

Experiments with the Top 20 Secure PLC Coding Practices
7
star
16

MISC-AD-trusts-relationships

Lab files & scripts for our articles in MISC regarding Active Directory trusts relationships
PowerShell
7
star
17

bheu22-capture-the-train

Slides and code snippets for the Arsenal demo lab session at BlackHat Europe 2022
6
star
18

Malware-Development-On-Secured-Environment

C
4
star
19

dc32-securing-ics-101

3
star
20

jumping-from-cloud-to-on-premises-and-the-other-way-around

2
star
21

dc32-hack-the-connected-plant

Slides from our workshop at DEFCON 32 on "Hacking the connected plant"
2
star