Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add ability to dcsync & hashdump via Powershell #284
This PR makes use of the fact that DCSync functionality is exposed via Kiwi, and from this it is possible to enumerate all users in the domain and dump each user's hash one by one. This means that it's possible to remotely dump all the hashes in a target DC using DCsync instead of having to get onto the DC and use the typical methods.
This code has a few extension functions built into the runner, and also has some baked-in powershell functions that are available in every powershell runner session in the host.
I've also added a powershell version of the build command that lets us generate the source to the powershell assembly wiring from PSH as well as Python.
I haven't exposed this feature in any other way just yet, for $REASONS. I will consider other options at some point, but for now this should be useful. Here's a demo of it running on a domain-joined machine that isn't a DC.
The addition of the following built-in functions should make interacting with the functionality much easier:
This rework has juggled with how
I've commented out the support for
May 17, 2018
1 check passed
added a commit
this pull request
May 17, 2018
Well, I found a post-landing beug in the light of the morning (Windows 10 latest) with metasploit-framework head.
It's not in framework yet as a gem bump, so not a big deal. Taking a look to see what needs to be done to fix it up.