NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard
verified publisher icon Pennyw0rth

Add new SMB module to get the PowerShell history on all the users

Open 357384n opened this issue 1 year ago • 1 comments

Hey,

I've added a pretty basic module to get the Powershell History of all the users on specified targets. Once get it the module will check some keywords that could contain credentials and display them. You also can export the entire Powershell History with the following option: -o export=enable. If you do that a file like {IP}.powershell_history.txt will be writen in your current path.

Running the module: image

By default the export option is disable but can be very interesting during a pentest so if you want to manually analyze them juste do like below:

image

357384n avatar Jun 11 '24 06:06 357384n

Thanks for the PR!

NeffIsBack avatar Jun 11 '24 11:06 NeffIsBack

@357384n do you have a twitter handle i could mention in a post?

NeffIsBack avatar Sep 21 '24 13:09 NeffIsBack

@357384n do you have a twitter handle i could mention in a post?

Hey @NeffIsBack, I don't sorry, hope it can be usefull for others during some pentest :)

357384n avatar Sep 23 '24 06:09 357384n

@357384n do you have a twitter handle i could mention in a post?

Hey @NeffIsBack, I don't sorry, hope it can be usefull for others during some pentest :)

No problem, i will mention your name anyway :) I definitely think it will! It's a great addition, thanks again for the contribution.

NeffIsBack avatar Sep 24 '24 22:09 NeffIsBack

Hey guys! I watched this module and realized that it is doing a powershell command execution. It doesn't matter in most env's but wouldn't it be better to crawl directories and files via simple smb commands ?

Otherwise we should definitely set the opsec attribute to false (for what it's worth).

Great module anyway!!

Dfte avatar Oct 11 '24 12:10 Dfte

See https://github.com/Pennyw0rth/NetExec/pull/444

Dfte avatar Oct 11 '24 15:10 Dfte