mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-11-21 18:11:37 +01:00
Added a doc
This commit is contained in:
parent
cce7499ad3
commit
a597c07270
21
red-teaming/Dealing with LAPS using PowerView 3.0+.md
Normal file
21
red-teaming/Dealing with LAPS using PowerView 3.0+.md
Normal file
@ -0,0 +1,21 @@
|
||||
### Dealing with LAPS using PowerView 3.0+
|
||||
|
||||
**Finds all LAPS-enabled machines**
|
||||
|
||||
```
|
||||
Get-DomainComputer -LDAPFilter '(ms-Mcs-AdmPwdExpirationtime=*)'
|
||||
```
|
||||
|
||||
|
||||
**Enumerates all users/groups who can view LAPS password on specified `LAPSCLIENT.test.local` machine**
|
||||
|
||||
```
|
||||
Get-DomainComputer LAPSCLIENT.test.local |
|
||||
Select-Object -ExpandProperty distinguishedname |
|
||||
ForEach-Object { $_.substring($_.indexof('OU')) } | ForEach-Object {
|
||||
Get-DomainObjectAcl -ResolveGUIDs $_.ObjectDN
|
||||
} | Where-Object {
|
||||
($_.ObjectAceType -like 'ms-Mcs-AdmPwd') -and
|
||||
($_.ActiveDirectoryRights -match 'ReadProperty')
|
||||
} | Select-Object -ExpandProperty SecurityIdentifier | Get-DomainObject
|
||||
```
|
Loading…
Reference in New Issue
Block a user