aboutsummaryrefslogtreecommitdiff
path: root/Recon/PowerView.ps1
diff options
context:
space:
mode:
authorHarmj0y <will@harmj0y.net>2016-04-24 10:56:07 -0400
committerHarmj0y <will@harmj0y.net>2016-04-24 10:56:07 -0400
commit4cedfa1c308a1bc37530725734290d506c0170dd (patch)
treeb372ba39495661ef16bdcbc1110941c46a1bae06 /Recon/PowerView.ps1
parentc52f9d712c7842f0318c821552501e9fde39740f (diff)
downloadPowerSploit-4cedfa1c308a1bc37530725734290d506c0170dd.tar.gz
PowerSploit-4cedfa1c308a1bc37530725734290d506c0170dd.zip
added Request-SPNTicket to request kerberos tickets for specified SPNs
Diffstat (limited to 'Recon/PowerView.ps1')
-rw-r--r--Recon/PowerView.ps148
1 files changed, 48 insertions, 0 deletions
diff --git a/Recon/PowerView.ps1 b/Recon/PowerView.ps1
index 4c64e80..dd63509 100644
--- a/Recon/PowerView.ps1
+++ b/Recon/PowerView.ps1
@@ -1262,6 +1262,54 @@ filter Get-Proxy {
}
+function Request-SPNTicket {
+<#
+ .SYNOPSIS
+
+ Request the kerberos ticket for a specified service principal name (SPN).
+
+ .PARAMETER SPN
+
+ The service principal name to request the ticket for. Required.
+
+ .EXAMPLE
+
+ PS C:\> Request-SPNTicket -SPN "HTTP/web.testlab.local"
+
+ Request a kerberos service ticket for the specified SPN.
+
+ .EXAMPLE
+
+ PS C:\> "HTTP/web1.testlab.local","HTTP/web2.testlab.local" | Request-SPNTicket
+
+ Request kerberos service tickets for all SPNs passed on the pipeline.
+
+ .EXAMPLE
+
+ PS C:\> Get-NetUser -SPN | Request-SPNTicket
+
+ Request kerberos service tickets for all users with non-null SPNs.
+#>
+
+ [CmdletBinding()]
+ Param (
+ [Parameter(Mandatory=$True, ValueFromPipelineByPropertyName = $True)]
+ [Alias('ServicePrincipalName')]
+ [String[]]
+ $SPN
+ )
+
+ begin {
+ Add-Type -AssemblyName System.IdentityModel
+ }
+
+ process {
+ Write-Verbose "Requesting ticket for: $SPN"
+ New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList $SPN
+ }
+}
+
+
function Get-PathAcl {
<#
.SYNOPSIS
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-25 16:46:28 +0000