Comments (7)
So the functions that utilize API calls (Get-NetShare, Get-NetSession, Get-NetLoggedOn) and the meta functions that wrap them (ShareFinder, FileFinder, UserHunter, etc.) don't accept additional credentials from what I can tell. For example, the NetShareEnum function used by Share/FileFinder.
WMI or WinRM based methods will accept a -Credential option, but those are fewer in PowerView (Get-NetProcess/Invoke-ProcessHunter already accept alternate credentials, I suppose Get-LastLoggedOn could be amended but we rarely really use that function). The other part of FileFinder, the wrapped Get-ChildItem call, doesn't accept alternative credentials either. One option might be to create ps drives for each share we're examining, but repeated modifications to the pivot host tend to make us uncomfortable.
Instead, I recommend using @sixdub's runas /netonly method described here. This will allow you to execute prompts with different credentials, even if you're on a non-domain joined system.
from powertools.
I do understand the limitations, but the runas /netonly might fulfill my needs.
Maybe except when we don't have cleartext creds but only hashes: in that case I already tried to load a cmd with the mimikatz /pth
module, unsuccessfully.
from powertools.
You do need to be local administrator on the machine to utilize Mimikatz' PTH functionality, I believe.
I checked into PSDrive a bit, and there's apparently a bug in PowerShell version 2.0 when using specified credentials to map a PSDrive. A workaround from that post (if you choose to use it) would be to do something like:
$net = new-object -ComObject WScript.Network
$net.MapNetworkDrive("u:", "\server\share", $false, "domain\user", "password")
And then run Invoke-SearchFiles on the local drive path. Since we definitely don't want mass numbers of drive mountings by default in the script, we'll likely leave it in its current state.
from powertools.
Thank you for that insight.
ps: I was local admin while using mimikatz' pth feature, I don't know why it failed.
from powertools.
UAC?
from powertools.
Obviously granted, as it was on my own laptop.
from powertools.
The version_2.0 branch just got a commit to support this. Find-InterestingFile and Invoke-FileFinder both now support a -Credential option. I wasn't able to test in the field (just in a lab), so let me know if this works and I'll re-close the issue.
from powertools.
Related Issues (20)
- Typo Line 38 ReflectivePick.cpp HOT 1
- Invoke-StealthUserHunter Get-NetFileServers grabs ALL Users HOT 1
- Get-NetGroup fails with Large > 1500 members HOT 6
- StealthUserHunter redundant WINDOWS4.dev.testlab.local HOT 1
- Get-Proxy settings HOT 7
- Get-OUs HOT 4
- Get-DFSShares HOT 12
- Invoke-FindTrustUser* filter users on *@domain.com ? HOT 4
- Get-UnattendedInstallFiles looking for incorrect filename HOT 2
- Get-GptTmpl non domain joined User/PC HOT 2
- PageSize set in individual functions HOT 2
- PowerUp WebConfig Misparsed HOT 5
- Powershell signing HOT 4
- PowerView:Invoke-MapDomainTrust Exception
- Errors when Importing into Powershell HOT 2
- Wik-Readme.md PowerView 2.0 bad cmdlet name
- Error 0x80070005 in Invoke_WMI HOT 1
- Get-NetUser | select cn not working HOT 2
- Issue on startup
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from powertools.