This is a short post about a cool PowerShell script – PivotAll that can help us a lot post exploitation. Why PowerShell? It is because, this shell and scripting language is already present on most modern Windows operating systems.
What is PivotAll?
PivotAll is an open source, comprehensive pivoting framework in PowerShell, that includes a few functionalities from PowerSploit and Veil PowerView. It’s current functions are:
- Invoke-SchtasksMimikatz: This module schedules a task on a remote host to create a dump file of the LSASS process. It then copies the dump file to the local machine and runs the Invoke-Mimikatz module against it.
C:\PS> Invoke-SchtasksMimikatz -ComputerName 192.168.0.1 -Domain TestDomain -User AdminUser -Pass AdminPassword
- Invoke-Mimikatz: This script leverages Mimikatz 2.0 and Invoke-ReflectivePEInjection to reflectively load Mimikatz completely in memory. This allows you to dump credentials without ever writing the Mimikatz binary to disk. This script should be able to dump credentials from any version of Windows through Windows 8.1 that has PowerShell v2 or higher installed.
C:\PS> Invoke-Mimikatz -DumpCerts
- Invoke-DomainPasswordSpray: This module performs a password spray attack against users of a domain. By default it will automatically generate the userlist from the domain.
C:\PS> Invoke-DomainPasswordSpray -Domain TestDomain -Password RandomPassword
Get PivotAll.ps1 here.