PowerShell PSRemoting Pwnage

Scenario

You have obtained some level of admin creds, (local, domain or otherwise) to a windows server/domain, there is no RDP. There is however the WinRM service, PSRemoting to give it its other name, this allows an admin to create a remote PowerShell session to the server and run commands or scripts, very much like the ssh service used on Linux systems.
The admin level creds you have will allow you to connect to the remote server(s) via PSRemoting, and you will want to run hacker PowerShell tools in the remote session to further infiltrate the server or systems, however, given the lack of RDP and the locked down state of the network and services, you may struggle to get the likes of PowerSploit onto the remote system.

So for instance we might want to run Invoke-Mimikatz on the remote server to extract clear text credentials stored on the server. Lets explore PSRemoting in a liitle more depth.

Continue reading

HTTP Security Headers Script

I wrote this little PowerShell script to quickly test for HTTP Security Headers.

It still needs improvements, but it’s mostly there.

Hope you find it useful, if you find any issues, please let me know via Github and I’ll try to fix them ASAP

https://github.com/davehardy20/PowerShell-Scripts/blob/master/Get-HttpSecHead.ps1

[Edit]

I’ve added logging functionality to write all of the script output to a file.

Capture

Capture1

 

Also forgot to mention this script requires PowerShell 3.0.