Pentesting with PowerShell by Rajganesh Pandurangan
Rajganesh Pandurangan, an experienced security consultant, discusses the use of PowerShell for pentesting and security assessments. The content covers PowerShell basics, tools required, a web application exploitation distro, and a pentesting methodology. It also includes information on Rajganesh's background, expertise, and useful resources in the field of cybersecurity.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
Presentation Transcript
Pentesting with Powershell by Rajganesh Pandurangan
Rajganesh (Raj) Pandurangan - OSCP, CISSP, CEH, QSA, PA- QSA MCSD.NET Email: prajganesh@gmail.com Senior Managing Consultant at U.S.Bank 16 years of security consulting experience Results-driven success across a multitude of Fortune 100 companies Consulting Services Web Application security assessment. Mobile security assessment. Network penetration testing. Wireless security testing. Security code review. Payment Card Industry Assessment Security GAP assessment. Implementing effective security solutions and strategies
Web Applications and Exploitation Distro (WAED) Site: http://www.waed.info Features: WAED is based on Debian 8.0 distribution. Use Docker to provide sandboxed environment Pre-installed web application testing tools 13 pre-installed vulnerable web application Each application can be started separately DEMO
What is Powershell Microsoft attempt to make admins use command line Task automation and configuration management framework Command line shell and scripting language Built on .NET framework Provides full access to WMI and COM Perform administrative tasks on local and remote windows systems Great for log parsing and WMI queries Available by default on Windows 7 and up
Contd.. Security Lot of work in DFIR -http://www.invoke-ir.com DLL injection WMI Abuse Hard to protect against attacks
Host Machine (Mac) Kali Linux External Testing External PFSENSE -port 80, 443 (Firewall, IDS, IPS, DNS,DHCP) 192.168.15.100 DHCP https://www.youtube.com/playlist?list=PLE726R7YUJTePGvo 0Zga2juUBxxFTH4Bk DMZ Windows 2012 Domain Controller, DNS 192.168.15.248 https://www.youtube.com/watch?v=50VhoeG_6rY http://www.rebeladmin.com/2014/07/step-by-step-guide-to- setup-active-directory-on-windows-server-2012/ Internal Kali Linux Internal Testing 192.168.15.249 Debian - WAED Windows 7 192.168.15.125 Windows 10 192.168.15.135 Windows 8 https://www.youtube.com/watch?v=w1QPijf4Wa0 https://www.youtube.com/watch?v=9Rs4RSfTgL0
Tools Required for Offensive Powershell Nishang - https://github.com/samratashok/nishang Powersploit - https://github.com/PowerShellMafia/PowerSploit Empire - https://github.com/PowerShellEmpire/Empire Posh-SecMod -https://github.com/darkoperator/Posh-SecMod PSAttack - https://github.com/jaredhaight/PSAttack PowerUPSQL - http://seclist.us/powerupsql-a-powershell-toolkit-for- attacking-sql-server.html
Few Important Scripts Import-module Port-Scan out-csv, out-excel Get-help Get-NetComputer Get-NetDomainController Get-Netuser, Get-Netuser -user pentest3 Get-NetLocalGroup Invoke-filefinder Find-LocalAdminAccess Invoke-UserHunter Get-ServiceUnquoted Invoke-TokenManipulation -enumerate Invoke-TokenManipulation -createprocess "cmd.exe" -username "NT AUTHORITY\SYSTEM (ls hklm:\security) Get-PassHashes Invoke-Mimikatz Invoke-AllChecks Get-GPPPassword Invoke-CredentialsPhish
Powershell Empire http://www.powershellempire.com Powerful post exploitation framework built on PowerShell Integrates tools from Powersploit Easily Extensible
