PsMapExec: assess and compromise an Active Directory environment

PsMapExec: assess and compromise an Active Directory environment

PsMapExec

A PowerShell tool heavily inspired by the popular tool CrackMapExec / NetExec. PsMapExec aims to bring the function and feel of these tools to PowerShell with its own arsenal of improvements.

PsMapExec is used as a post-exploitation tool to assess and compromise an Active Directory environment.

What methods does it support

Currently supported methods (Protocols)

Method Description
IPMI Dump IPMI hashes
Kerberoast Kerberoast accounts
MSSQL Check access, run commands
RDP Check access
SMB Check access, run commands
GenRelayList Check SMB signing status
Spray Spray passwords and hashes
SessionHunter Check access, run commands
VNC Check no auth access
WinRM Check access, run commands
WMI Check access, run commands

Supported Modules

Module Description
Amnesiac Executes Amnesiac C2 payloads
ConsoleHistory Dumps PowerShell console history
Files Lists files in common directories for each user
FileZilla Dumps Filezilla credentials
KerbDump Dumps Kerberos tickets
eKeys Dumps encryption keys from memory (Mimikatz)
LogonPasswords Dumps logon passwords from memory (Mimikatz)
LSA Dumps LSA (Mimikatz)
NTDS Executes DCsync on the remote system
Notepad Dumps notepad backup files
NTLM Grabs a NTLM hash for each user logon session
SAM Dumps SAM hashes
SCCM Dumps local NAA credentials and task sequences
SessionExec Executes commands under each user logon session
SessionRelay Relay NTLM hashes under each user logon session
TGTDeleg Grab a fresh TGT under each user logon session
VNC Dumps VNC credentials
Wi-Fi Dumps Wi-Fi credentials
WinSCP Dumps WinSCP credentials

Install & Use