forked from giMini/PowerMemory
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathPowerMemory.ps1
123 lines (100 loc) · 4.67 KB
/
PowerMemory.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#requires -version 2
<#
.SYNOPSIS
PowerMemory launcher
.NOTES
Version: 1.4.1
Author: Pierre-Alexandre Braeken
#>
Param
(
[Parameter(Position = 0)]
[String]
$relaunched = 0
)
#---------------------------------------------------------[Initialisations]--------------------------------------------------------
Set-StrictMode -version 2
$scriptPath = split-path -parent $MyInvocation.MyCommand.Definition
$vipFunctions = "$scriptPath\RWMC\utilities\VIP.ps1"
#----------------------------------------------------------[Declarations]----------------------------------------------------------
#-----------------------------------------------------------[Functions]------------------------------------------------------------
. $vipFunctions
function Stop-Script () {
"Script terminating..."
Write-Output "================================================================================================"
Exit
}
#----------------------------------------------------------[Execution]----------------------------------------------------------
cls
Write-Output "================================================================================================"
White-Rabbit
$assessmentType = Read-Host 'What do you want assess?
1) Reveal memory passwords
2) Local escalation attempt
3) Get McAfee passwords :-)
4) Active Directory assessment
5) Scan services network
6) Get all the Ticket (to be cracked with kerberoast)
7) Fun with Winmine
8) Local passwords hashes
0) Exit
Enter menu number and press <ENTER>'
switch ($assessmentType){
"1" {$assessmentType = 1}
"2" {$assessmentType = 2}
"3" {$assessmentType = 3}
"4" {$assessmentType = 4}
"5" {$assessmentType = 5}
"6" {$assessmentType = 6}
"7" {$assessmentType = 7}
"8" {$assessmentType = 8}
"0" {Stop-Script}
default {Write-Output "The option could not be determined... Exiting...";Stop-Script}
}
if($assessmentType -eq 1) {
$scriptPath = Split-Path $MyInvocation.InvocationName
$RWMC = $scriptPath + "\RWMC\White-Rabbit.ps1 0"
$ArgumentList = 'Start-Process -FilePath powershell.exe -ArgumentList \"-ExecutionPolicy Bypass -File "{0}"\" ' -f $RWMC;
Start-Process -FilePath powershell.exe -ArgumentList $ArgumentList -Wait -NoNewWindow;
}
if($assessmentType -eq 2) {
$scriptPath = Split-Path $MyInvocation.InvocationName
$RWMC = $scriptPath + "\EYLR\Power-Escalate.ps1"
$ArgumentList = 'Start-Process -FilePath powershell.exe -ArgumentList \"-ExecutionPolicy Bypass -File "{0}"\" ' -f $RWMC;
Start-Process -FilePath powershell.exe -ArgumentList $ArgumentList -Wait -NoNewWindow;
}
if($assessmentType -eq 3) {
$scriptPath = Split-Path $MyInvocation.InvocationName
$RWMC = $scriptPath + "\EYLR\Get-MacAfee.ps1"
$ArgumentList = 'Start-Process -FilePath powershell.exe -ArgumentList \"-ExecutionPolicy Bypass -File "{0}"\" ' -f $RWMC;
Start-Process -FilePath powershell.exe -ArgumentList $ArgumentList -Wait -NoNewWindow;
}
if($assessmentType -eq 4) {
$scriptPath = Split-Path $MyInvocation.InvocationName
$RWMC = $scriptPath + "\RECON\Get-ActiveDirectoryInfo.ps1"
$ArgumentList = 'Start-Process -FilePath powershell.exe -ArgumentList \"-ExecutionPolicy Bypass -File "{0}"\" ' -f $RWMC;
Start-Process -FilePath powershell.exe -ArgumentList $ArgumentList -Wait -NoNewWindow;
}
if($assessmentType -eq 5) {
$scriptPath = Split-Path $MyInvocation.InvocationName
$RWMC = $scriptPath + "\RECON\Scan-SPN.ps1"
$ArgumentList = 'Start-Process -FilePath powershell.exe -ArgumentList \"-ExecutionPolicy Bypass -File "{0}"\" ' -f $RWMC;
Start-Process -FilePath powershell.exe -ArgumentList $ArgumentList -Wait -NoNewWindow;
}
if($assessmentType -eq 6) {
$scriptPath = Split-Path $MyInvocation.InvocationName
$RWMC = $scriptPath + "\RECON\Create-TGSInMemory.ps1"
$ArgumentList = 'Start-Process -FilePath powershell.exe -ArgumentList \"-ExecutionPolicy Bypass -File "{0}"\" ' -f $RWMC;
Start-Process -FilePath powershell.exe -ArgumentList $ArgumentList -Wait -NoNewWindow;
}
if($assessmentType -eq 7) {
$scriptPath = Split-Path $MyInvocation.InvocationName
$RWMC = $scriptPath + "\GAME\Demine-TheField.ps1"
$ArgumentList = 'Start-Process -FilePath powershell.exe -ArgumentList \"-ExecutionPolicy Bypass -File "{0}"\" ' -f $RWMC;
Start-Process -FilePath powershell.exe -ArgumentList $ArgumentList -Wait -NoNewWindow;
}
if($assessmentType -eq 8) {
$scriptPath = Split-Path $MyInvocation.InvocationName
$RWMC = $scriptPath + "\RWMC\local\Dump-Hashes.ps1"
. $RWMC
}