- Added flag to test creds against MSSQL DBs (resolves#66)
- Added flags to enable/disable xp_cmdshell on MSSQL DBs
- Added flag to execute commands through xp_cmdshell on MSSQL DBs
- Added flag to enumerate MSSQL DB instances
- Targets are now accepted with arguments instead of a comma
seperated list (resolves#71)
- Added flag to test creds against MSSQL DBs (resolves#66)
- Added flags to enable/disable xp_cmdshell on MSSQL DBs
- Added flag to execute commands through xp_cmdshell on MSSQL DBs
-
- Targets are now accepted with arguments instead of a comma
seperated list (resolves#71)
smbexec as the execution method, so for now it's forced to that
Fixed a bug where forcing Powershell code to run in a 32bit process
would cause a rpc_access_denied error message
Made Mimikatz parser output more consistent
Made wmiexec and smbexec output more consistent
Recap on changes:
Complete refactor, script broken up to make it readable
Kerberos support (!!!! sweeeeet !!!!)
Logging has been overhauled (everything sent to stdout gets logged)
Added a noOutput attr on all three excution methods
Exposed a --no-output option for moar stealth when executing commands
Exposed a --lsa option to dump LSA secrets
Exposed the -history and -pwdLastSet options from secretdump
Fixed passpoldumper
Fixed the NTDS.dit dumper
HTTP/HTTPS server now removes powershell script comments
HTTP/HTTPS server randomizes powershell function names to bypass AV on
windows 10
--session and --luser output has been made decent (resolves#42)
Moar code style changes and bugfixes
TODO:
hook back up ninja and vss NTDS.dit dumping methods
Allow all three execution methods to utilize the smbserver as fallback
to retrieve command output
expose some options to control remote services
byt3bl33d3r
byt3bl33d3r
maaaaz