-
Notifications
You must be signed in to change notification settings - Fork 91
/
Invoke-UseCreds.ps1
168 lines (115 loc) · 4.35 KB
/
Invoke-UseCreds.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
<#
.SYNOPSIS
This cmdlet is for easily using credentials to execute a program. PowerShell can be a lot of typing. Especially when you dont' have a shell that allows autocompletion. This is a huge time saver. This function DOES NOT accept command line arguments. It only executes an application.
.PARAMETER Username
Enter a string containing the domain or workgroup of the user and the username or in some cases just the username.
.PARAMETER Passwd
Enter the string value of the users password
.PARAMETER FilePath
Defines the location of the application that should execute as the user. Enter a string consisting of the absolute or relative path to the executable
.PARAMETER ComputerName
Define a single or multiple FQDN's or hostnames. The local file you specify will be executed on the remote devices you specify
.DESCRIPTION
This function is used to execute an application as another user. This DOES NOT accept command line arugments. This only executes an application.
.EXAMPLE
Invoke-UseCreds -Username 'OsbornePro\tobor' -Passwd 'P@ssw0rd1!' -FilePath 'C:\Windows\System32\spool\drivers\color\msf.exe'
# This command executes a msfvenom payload as the user tobor
.NOTES
Author: Robert H. Osborne
Alias: tobor
Contact: [email protected]
.LINK
https://osbornepro.com
https://writeups.osbornepro.com
https://btpssecpack.osbornepro.com
https://github.com/tobor88
https://gitlab.com/tobor88
https://www.powershellgallery.com/profiles/tobor
https://www.linkedin.com/in/roberthosborne/
https://www.credly.com/users/roberthosborne/badges
https://www.hackthebox.eu/profile/52286
.INPUTS
[System.String]
.OUTPUTS
None
#>
Function Invoke-UseCreds {
[CmdletBinding(DefaultParameterSetName='Local')]
param(
[Parameter(
Mandatory=$True,
Position=0,
ValueFromPipeline=$False,
HelpMessage="Enter the username: ")]
[String]$Username,
[Parameter(
Mandatory=$True,
Position=1,
ValueFromPipeline=$False,
HelpMessage="Enter the password: ")]
[String]$Passwd,
[Parameter(
Mandatory=$True,
Position=2,
ValueFromPipeline=$False,
HelpMessage="Define the path to the executable you want run as this user: ")]
[String]$FilePath,
[Parameter(
ParameterSetName='Remote',
Mandatory=$False,
ValueFromPipeline=$False)] # End Parameter
[String[]]$ComputerName,
[Parameter(
ParameterSetName='Remote',
Mandatory=$False)] # End Parameter
[Switch][Bool]$UseSSL) # End param
BEGIN
{
Write-Verbose "[*] Building authenticated credential..."
$Passw = ConvertTo-SecureString -String $Passwd -AsPlainText -Force
$Cred = New-Object -TypeName System.Management.Automation.PSCredential($Username, $Passw)
} # End BEGIN
PROCESS
{
Switch ($PSCmdlet.ParameterSetName)
{
'Local' {
Write-Verbose "Executing $FilePath"
If (Test-Path -Path $FilePath)
{
Try
{
Start-Process -FilePath $FilePath -Credential $Cred
} # End Try
Catch [System.Security.Authentication.AuthenticationException]
{
Throw "The credentials you entered were incorrect"
} # End Catch
Catch
{
$Error[0]
} # End Catch
} # End If
Else
{
Throw "$FilePath could not be found at that location"
} # End Else
} # End Local Switch
'Remote' {
$Bool = $False
If ($UseSSL.IsPresent)
{
$Bool = $True
} # End If
ForEach ($C in $ComputerName)
{
Invoke-Command -HideComputerName $C -UseSSL:$Bool -FilePath $FilePath
} # End ForEach
} # End Remote Switch
} # End Switch
} # End PROCESS
END
{
Write-Output "[*] Program has been executed: $FilePath"
} # End END
} # End Function Invoke-UseCreds