|
1 | 1 | import React from 'react'; |
2 | | -import { Typography, Divider } from 'antd'; |
| 2 | +import { Typography, Divider, Button, message } from 'antd'; |
| 3 | +import SyntaxHighlighter from 'react-syntax-highlighter'; |
| 4 | +import { vs2015 } from 'react-syntax-highlighter/dist/esm/styles/hljs'; |
| 5 | +import Clipboard from 'react-clipboard.js'; |
3 | 6 | import QueueAnim from 'rc-queue-anim'; |
| 7 | +import { CopyOutlined } from '@ant-design/icons'; |
4 | 8 |
|
5 | 9 | const { Title, Paragraph, Text } = Typography; |
6 | 10 |
|
7 | 11 | export default function PowershellCommands () { |
| 12 | + const successInfoReverseShell = () => { |
| 13 | + message.success( 'The script has been copied successfully !' ); |
| 14 | + }; |
8 | 15 | const local_sys_enum = [ |
9 | 16 | { title: 'systeminfo' }, |
10 | 17 | { title: 'Get-WmiObject Win32_ComputerSystem' }, |
@@ -60,6 +67,81 @@ export default function PowershellCommands () { |
60 | 67 | const local_recon_ldifde = `ldifde -d "OU=THING,DC=CHANGE,DC=ME" -p subtree -f dump.ldf` |
61 | 68 | const local_recon_csvde = `csvde -d "OU=THING,DC=CHANGE,DC=ME" -p subtree -f dump.csv` |
62 | 69 |
|
| 70 | + // Enumerate Domain Users |
| 71 | + const domain_user_enum = `$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() |
| 72 | +$PDC = ($domainObj.PdcRoleOwner).Name |
| 73 | +$SearchString = "LDAP://" |
| 74 | +$SearchString += $PDC + "/" |
| 75 | +$DistinguishedName = "DC=$($domainObj.Name.Replace('.', ',DC='))" |
| 76 | +$SearchString += $DistinguishedName |
| 77 | +$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString) |
| 78 | +$objDomain = New-Object System.DirectoryServices.DirectoryEntry |
| 79 | +$Searcher.SearchRoot = $objDomain |
| 80 | +$Searcher.filter="samAccountType=805306368" |
| 81 | +
|
| 82 | +# To search for specific user, uncomment below |
| 83 | +# $Searcher.filter="name=[user_name]" |
| 84 | +
|
| 85 | +$Searcher.FindAll() |
| 86 | +Foreach($obj in $Result) |
| 87 | +{ |
| 88 | + Foreach($prop in $obj.Properties) |
| 89 | + { |
| 90 | + $prop |
| 91 | + } |
| 92 | + Write-Host "------------------------" |
| 93 | +}`; |
| 94 | + const enum_domain_groups = `$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() |
| 95 | +$PDC = ($domainObj.PdcRoleOwner).Name |
| 96 | +$SearchString = "LDAP://" |
| 97 | +$SearchString += $PDC + "/" |
| 98 | +$DistinguishedName = "DC=$($domainObj.Name.Replace('.', ',DC='))" |
| 99 | +$SearchString += $DistinguishedName |
| 100 | +$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString) |
| 101 | +$objDomain = New-Object System.DirectoryServices.DirectoryEntry |
| 102 | +$Searcher.SearchRoot = $objDomain |
| 103 | +$Searcher.filter="(objectClass=Group)" |
| 104 | +$Result = $Searcher.FindAll() |
| 105 | +Foreach($obj in $Result) |
| 106 | +{ |
| 107 | + $obj.Properties.name |
| 108 | +}`; |
| 109 | + const enum_members_domain_group = `$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() |
| 110 | +$PDC = ($domainObj.PdcRoleOwner).Name |
| 111 | +$SearchString = "LDAP://" |
| 112 | +$SearchString += $PDC + "/" |
| 113 | +$DistinguishedName = "DC=$($domainObj.Name.Replace('.', ',DC='))" |
| 114 | +$SearchString += $DistinguishedName |
| 115 | +$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString) |
| 116 | +$objDomain = New-Object System.DirectoryServices.DirectoryEntry |
| 117 | +$Searcher.SearchRoot = $objDomain |
| 118 | +
|
| 119 | +# change "Secret_Group" to correct group name |
| 120 | +$Searcher.filter="(name=Secret_Group)" |
| 121 | +$Result = $Searcher.FindAll() |
| 122 | +Foreach($obj in $Result) |
| 123 | +{ |
| 124 | + $obj.Properties.member |
| 125 | +}` |
| 126 | + const detect_spn = `$domainObj = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() |
| 127 | +$PDC = ($domainObj.PdcRoleOwner).Name |
| 128 | +$SearchString = "LDAP://" |
| 129 | +$SearchString += $PDC + "/" |
| 130 | +$DistinguishedName = "DC=$($domainObj.Name.Replace('.', ',DC='))" |
| 131 | +$SearchString += $DistinguishedName |
| 132 | +$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]$SearchString) |
| 133 | +$objDomain = New-Object System.DirectoryServices.DirectoryEntry |
| 134 | +$Searcher.SearchRoot = $objDomain |
| 135 | +$Searcher.filter="serviceprincipalname=*http*" # change name as needed |
| 136 | +$Result = $Searcher.FindAll() |
| 137 | +Foreach($obj in $Result) |
| 138 | +{ |
| 139 | + Foreach($prop in $obj.Properties) |
| 140 | + { |
| 141 | + $prop |
| 142 | + } |
| 143 | +}`; |
| 144 | + |
63 | 145 | return ( |
64 | 146 | <QueueAnim delay={300} duration={1500}> |
65 | 147 | <Title level={2} style={{ fontWeight: 'bold', margin: 15 }}> |
@@ -233,6 +315,76 @@ export default function PowershellCommands () { |
233 | 315 | <Paragraph> |
234 | 316 | <pre><Text copyable>{local_recon_csvde}</Text></pre> |
235 | 317 | </Paragraph> |
| 318 | + |
| 319 | + <Divider orientation='center'>Active Directory scripts</Divider> |
| 320 | + <Text strong mark style={{ marginBottom: 5 }}>Enumerate Domain Users</Text> |
| 321 | + <div> |
| 322 | + <SyntaxHighlighter language='powershell' style={vs2015} showLineNumbers={true}> |
| 323 | + {domain_user_enum} |
| 324 | + </SyntaxHighlighter> |
| 325 | + <Clipboard component='a' data-clipboard-text={domain_user_enum}> |
| 326 | + <Button |
| 327 | + type='default' |
| 328 | + block |
| 329 | + style={{ marginBottom: 10, }} |
| 330 | + onClick={successInfoReverseShell} |
| 331 | + > |
| 332 | + <CopyOutlined /> |
| 333 | + Copy |
| 334 | + </Button> |
| 335 | + </Clipboard> |
| 336 | + </div> |
| 337 | + <Text strong mark style={{ marginBottom: 5 }}>Enumerate Domain Groups</Text> |
| 338 | + <div> |
| 339 | + <SyntaxHighlighter language='powershell' style={vs2015} showLineNumbers={true}> |
| 340 | + {enum_domain_groups} |
| 341 | + </SyntaxHighlighter> |
| 342 | + <Clipboard component='a' data-clipboard-text={enum_domain_groups}> |
| 343 | + <Button |
| 344 | + type='default' |
| 345 | + block |
| 346 | + style={{ marginBottom: 10, }} |
| 347 | + onClick={successInfoReverseShell} |
| 348 | + > |
| 349 | + <CopyOutlined /> |
| 350 | + Copy |
| 351 | + </Button> |
| 352 | + </Clipboard> |
| 353 | + </div> |
| 354 | + <Text strong mark style={{ marginBottom: 5 }}>Enumerate Members of a Group</Text> |
| 355 | + <div> |
| 356 | + <SyntaxHighlighter language='powershell' style={vs2015} showLineNumbers={true}> |
| 357 | + {enum_members_domain_group} |
| 358 | + </SyntaxHighlighter> |
| 359 | + <Clipboard component='a' data-clipboard-text={enum_members_domain_group}> |
| 360 | + <Button |
| 361 | + type='default' |
| 362 | + block |
| 363 | + style={{ marginBottom: 10, }} |
| 364 | + onClick={successInfoReverseShell} |
| 365 | + > |
| 366 | + <CopyOutlined /> |
| 367 | + Copy |
| 368 | + </Button> |
| 369 | + </Clipboard> |
| 370 | + </div> |
| 371 | + <Text strong mark style={{ marginBottom: 5 }}>Detect Service Principal Names</Text> |
| 372 | + <div> |
| 373 | + <SyntaxHighlighter language='powershell' style={vs2015} showLineNumbers={true}> |
| 374 | + {detect_spn} |
| 375 | + </SyntaxHighlighter> |
| 376 | + <Clipboard component='a' data-clipboard-text={detect_spn}> |
| 377 | + <Button |
| 378 | + type='default' |
| 379 | + block |
| 380 | + style={{ marginBottom: 10, }} |
| 381 | + onClick={successInfoReverseShell} |
| 382 | + > |
| 383 | + <CopyOutlined /> |
| 384 | + Copy |
| 385 | + </Button> |
| 386 | + </Clipboard> |
| 387 | + </div> |
236 | 388 | </div> |
237 | 389 | </QueueAnim> |
238 | 390 | ); |
|
0 commit comments