PsMapExec: assess and compromise an Active Directory environment

by ddos · August 27, 2024

PsMapExec

A PowerShell tool heavily inspired by the popular tool CrackMapExec / NetExec. PsMapExec aims to bring the function and feel of these tools to PowerShell with its own arsenal of improvements.

PsMapExec is used as a post-exploitation tool to assess and compromise an Active Directory environment.

What methods does it support

Currently supported methods (Protocols)

Method	Description
IPMI	Dump IPMI hashes
Kerberoast	Kerberoast accounts
MSSQL	Check access, run commands
RDP	Check access
SMB	Check access, run commands
GenRelayList	Check SMB signing status
Spray	Spray passwords and hashes
SessionHunter	Check access, run commands
VNC	Check no auth access
WinRM	Check access, run commands
WMI	Check access, run commands

Supported Modules

Module	Description
Amnesiac	Executes Amnesiac C2 payloads
ConsoleHistory	Dumps PowerShell console history
Files	Lists files in common directories for each user
FileZilla	Dumps Filezilla credentials
KerbDump	Dumps Kerberos tickets
eKeys	Dumps encryption keys from memory (Mimikatz)
LogonPasswords	Dumps logon passwords from memory (Mimikatz)
LSA	Dumps LSA (Mimikatz)
NTDS	Executes DCsync on the remote system
Notepad	Dumps notepad backup files
NTLM	Grabs a NTLM hash for each user logon session
SAM	Dumps SAM hashes
SCCM	Dumps local NAA credentials and task sequences
SessionExec	Executes commands under each user logon session
SessionRelay	Relay NTLM hashes under each user logon session
TGTDeleg	Grab a fresh TGT under each user logon session
VNC	Dumps VNC credentials
Wi-Fi	Dumps Wi-Fi credentials
WinSCP	Dumps WinSCP credentials

Install & Use

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal