Setting up Powershell in Windows used to be a pain. Now with cross compatibility it is easy.
Debian 9
https://github.com/PowerShell/PowerShell/releases/download/v6.2.2/powershell_6.2.2-1.debian.9_amd64.deb
Kali
https://github.com/PowerShell/PowerShell/releases/download/v6.2.2/powershell_6.2.2-1.ubuntu.16.04_amd64.deb
dpkg -i filename....
to execute type: pwsh
WE should get a prompt.
Next clone in powersploit. -
git clone https://github.com/PowerShellMafia/PowerSploit.git
Import-Module ./PowerSploit.psd1
Get-Command -Module PowerSploit
Next we import Powerview
cd Recon
Import-Module ./Recon.psd1
Output should look like this...
PS /opt/windows/powershell/powershploit/Recon> Get-Command -Module Recon
CommandType Name Version Source
----------- ---- ------- ------
Function Add-NetGroupUser 0.0 Recon
Function Add-NetUser 0.0 Recon
Function Add-ObjectAcl 0.0 Recon
Function ConvertFrom-UACValue 0.0 Recon
Function Find-ComputerField 0.0 Recon
Function Find-ForeignGroup 0.0 Recon
Function Find-ForeignUser 0.0 Recon
Function Find-GPOComputerAdmin 0.0 Recon
Function Find-GPOLocation 0.0 Recon
Function Find-InterestingFile 0.0 Recon
Function Find-LocalAdminAccess 0.0 Recon
Function Find-ManagedSecurityGroups 0.0 Recon
Function Get-ADObject 0.0 Recon
Function Get-ComputerDetails 0.0 Recon
Function Get-ComputerProperty 0.0 Recon
Function Get-DFSshare 0.0 Recon
Function Get-DomainPolicy 0.0 Recon
Function Get-DomainSID 0.0 Recon
Function Get-ExploitableSystem 0.0 Recon
Function Get-HttpStatus 0.0 Recon
Function Get-NetComputer 0.0 Recon
Function Get-NetDomainTrust 0.0 Recon
Function Get-NetFileServer 0.0 Recon
Function Get-NetForestTrust 0.0 Recon
Function Get-NetGPO 0.0 Recon
Function Get-NetGPOGroup 0.0 Recon
Function Get-NetGroup 0.0 Recon
Function Get-NetGroupMember 0.0 Recon
Function Get-NetLocalGroup 0.0 Recon
Function Get-NetOU 0.0 Recon
Function Get-NetSite 0.0 Recon
Function Get-NetSubnet 0.0 Recon
Function Get-NetUser 0.0 Recon
Function Get-ObjectAcl 0.0 Recon
Function Get-PathAcl 0.0 Recon
Function Get-UserProperty 0.0 Recon
Function Invoke-ACLScanner 0.0 Recon
Function Invoke-DowngradeAccount 0.0 Recon
Function Invoke-EnumerateLocalAdmin 0.0 Recon
Function Invoke-EventHunter 0.0 Recon
Function Invoke-FileFinder 0.0 Recon
Function Invoke-MapDomainTrust 0.0 Recon
Function Invoke-Portscan 0.0 Recon
Function Invoke-ProcessHunter 0.0 Recon
Function Invoke-ReverseDnsLookup 0.0 Recon
Function Invoke-ShareFinder 0.0 Recon
Function Invoke-UserHunter 0.0 Recon
Function New-GPOImmediateTask 0.0 Recon
Function Request-SPNTicket 0.0 Recon
Function Set-ADObject 0.0 Recon
Filter Convert-ADName 0.0 Recon
Filter Convert-NameToSid 0.0 Recon
Filter Convert-SidToName 0.0 Recon
Filter Export-PowerViewCSV 0.0 Recon
Filter Find-UserField 0.0 Recon
Filter Get-CachedRDPConnection 0.0 Recon
Filter Get-DNSRecord 0.0 Recon
Filter Get-DNSZone 0.0 Recon
Filter Get-GUIDMap 0.0 Recon
Filter Get-IPAddress 0.0 Recon
Filter Get-LastLoggedOn 0.0 Recon
Filter Get-LoggedOnLocal 0.0 Recon
Filter Get-NetDomain 0.0 Recon
Filter Get-NetDomainController 0.0 Recon
Filter Get-NetForest 0.0 Recon
Filter Get-NetForestCatalog 0.0 Recon
Filter Get-NetForestDomain 0.0 Recon
Filter Get-NetLoggedon 0.0 Recon
Filter Get-NetProcess 0.0 Recon
Filter Get-NetRDPSession 0.0 Recon
Filter Get-NetSession 0.0 Recon
Filter Get-NetShare 0.0 Recon
Filter Get-Proxy 0.0 Recon
Filter Get-RegistryMountedDrive 0.0 Recon
Filter Get-SiteName 0.0 Recon
Filter Get-UserEvent 0.0 Recon
Filter Invoke-CheckLocalAdminAccess 0.0 Recon
Debian 9
https://github.com/PowerShell/PowerShell/releases/download/v6.2.2/powershell_6.2.2-1.debian.9_amd64.deb
Kali
https://github.com/PowerShell/PowerShell/releases/download/v6.2.2/powershell_6.2.2-1.ubuntu.16.04_amd64.deb
dpkg -i filename....
to execute type: pwsh
WE should get a prompt.
Next clone in powersploit. -
git clone https://github.com/PowerShellMafia/PowerSploit.git
Import-Module ./PowerSploit.psd1
Get-Command -Module PowerSploit
Next we import Powerview
cd Recon
Import-Module ./Recon.psd1
Output should look like this...
PS /opt/windows/powershell/powershploit/Recon> Get-Command -Module Recon
CommandType Name Version Source
----------- ---- ------- ------
Function Add-NetGroupUser 0.0 Recon
Function Add-NetUser 0.0 Recon
Function Add-ObjectAcl 0.0 Recon
Function ConvertFrom-UACValue 0.0 Recon
Function Find-ComputerField 0.0 Recon
Function Find-ForeignGroup 0.0 Recon
Function Find-ForeignUser 0.0 Recon
Function Find-GPOComputerAdmin 0.0 Recon
Function Find-GPOLocation 0.0 Recon
Function Find-InterestingFile 0.0 Recon
Function Find-LocalAdminAccess 0.0 Recon
Function Find-ManagedSecurityGroups 0.0 Recon
Function Get-ADObject 0.0 Recon
Function Get-ComputerDetails 0.0 Recon
Function Get-ComputerProperty 0.0 Recon
Function Get-DFSshare 0.0 Recon
Function Get-DomainPolicy 0.0 Recon
Function Get-DomainSID 0.0 Recon
Function Get-ExploitableSystem 0.0 Recon
Function Get-HttpStatus 0.0 Recon
Function Get-NetComputer 0.0 Recon
Function Get-NetDomainTrust 0.0 Recon
Function Get-NetFileServer 0.0 Recon
Function Get-NetForestTrust 0.0 Recon
Function Get-NetGPO 0.0 Recon
Function Get-NetGPOGroup 0.0 Recon
Function Get-NetGroup 0.0 Recon
Function Get-NetGroupMember 0.0 Recon
Function Get-NetLocalGroup 0.0 Recon
Function Get-NetOU 0.0 Recon
Function Get-NetSite 0.0 Recon
Function Get-NetSubnet 0.0 Recon
Function Get-NetUser 0.0 Recon
Function Get-ObjectAcl 0.0 Recon
Function Get-PathAcl 0.0 Recon
Function Get-UserProperty 0.0 Recon
Function Invoke-ACLScanner 0.0 Recon
Function Invoke-DowngradeAccount 0.0 Recon
Function Invoke-EnumerateLocalAdmin 0.0 Recon
Function Invoke-EventHunter 0.0 Recon
Function Invoke-FileFinder 0.0 Recon
Function Invoke-MapDomainTrust 0.0 Recon
Function Invoke-Portscan 0.0 Recon
Function Invoke-ProcessHunter 0.0 Recon
Function Invoke-ReverseDnsLookup 0.0 Recon
Function Invoke-ShareFinder 0.0 Recon
Function Invoke-UserHunter 0.0 Recon
Function New-GPOImmediateTask 0.0 Recon
Function Request-SPNTicket 0.0 Recon
Function Set-ADObject 0.0 Recon
Filter Convert-ADName 0.0 Recon
Filter Convert-NameToSid 0.0 Recon
Filter Convert-SidToName 0.0 Recon
Filter Export-PowerViewCSV 0.0 Recon
Filter Find-UserField 0.0 Recon
Filter Get-CachedRDPConnection 0.0 Recon
Filter Get-DNSRecord 0.0 Recon
Filter Get-DNSZone 0.0 Recon
Filter Get-GUIDMap 0.0 Recon
Filter Get-IPAddress 0.0 Recon
Filter Get-LastLoggedOn 0.0 Recon
Filter Get-LoggedOnLocal 0.0 Recon
Filter Get-NetDomain 0.0 Recon
Filter Get-NetDomainController 0.0 Recon
Filter Get-NetForest 0.0 Recon
Filter Get-NetForestCatalog 0.0 Recon
Filter Get-NetForestDomain 0.0 Recon
Filter Get-NetLoggedon 0.0 Recon
Filter Get-NetProcess 0.0 Recon
Filter Get-NetRDPSession 0.0 Recon
Filter Get-NetSession 0.0 Recon
Filter Get-NetShare 0.0 Recon
Filter Get-Proxy 0.0 Recon
Filter Get-RegistryMountedDrive 0.0 Recon
Filter Get-SiteName 0.0 Recon
Filter Get-UserEvent 0.0 Recon
Filter Invoke-CheckLocalAdminAccess 0.0 Recon
Thank you very Much for your valuable information, please keep posting
ReplyDeleteDevOps Training in Bangalore | Certification | Online Training Course institute | DevOps Training in Hyderabad | Certification | Online Training Course institute | DevOps Training in Coimbatore | Certification | Online Training Course institute | DevOps Online Training | Certification | Devops Training Online