From 0aaa23cd8656f0b92f2fac3cd8e6be68eed7d809 Mon Sep 17 00:00:00 2001 From: HarmJ0y Date: Mon, 12 Dec 2016 21:05:08 -0500 Subject: first take at platyPS doc generation --- docs/Recon/Test-AdminAccess.md | 101 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100755 docs/Recon/Test-AdminAccess.md (limited to 'docs/Recon/Test-AdminAccess.md') diff --git a/docs/Recon/Test-AdminAccess.md b/docs/Recon/Test-AdminAccess.md new file mode 100755 index 0000000..84eab4e --- /dev/null +++ b/docs/Recon/Test-AdminAccess.md @@ -0,0 +1,101 @@ +# Test-AdminAccess + +## SYNOPSIS +Tests if the current user has administrative access to the local (or a remote) machine. + +Idea stolen from the local_admin_search_enum post module in Metasploit written by: + 'Brandon McCann "zeknox" \' + 'Thomas McCarthy "smilingraccoon" \' + 'Royce Davis "r3dy" \' + +Author: Will Schroeder (@harmj0y) +License: BSD 3-Clause +Required Dependencies: PSReflect, Invoke-UserImpersonation, Invoke-RevertToSelf + +## SYNTAX + +``` +Test-AdminAccess [[-ComputerName] ] [-Credential ] +``` + +## DESCRIPTION +This function will use the OpenSCManagerW Win32API call to establish +a handle to the remote host. +If this succeeds, the current user context +has local administrator acess to the target. + +## EXAMPLES + +### -------------------------- EXAMPLE 1 -------------------------- +``` +Test-AdminAccess -ComputerName sqlserver +``` + +Returns results indicating whether the current user has admin access to the 'sqlserver' host. + +### -------------------------- EXAMPLE 2 -------------------------- +``` +Get-DomainComputer | Test-AdminAccess +``` + +Returns what machines in the domain the current user has access to. + +### -------------------------- EXAMPLE 3 -------------------------- +``` +$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force +``` + +$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\dfm.a', $SecPassword) +Test-AdminAccess -ComputerName sqlserver -Credential $Cred + +## PARAMETERS + +### -ComputerName +Specifies the hostname to check for local admin access (also accepts IP addresses). +Defaults to 'localhost'. + +```yaml +Type: String[] +Parameter Sets: (All) +Aliases: HostName, dnshostname, name + +Required: False +Position: 1 +Default value: Localhost +Accept pipeline input: True (ByPropertyName, ByValue) +Accept wildcard characters: False +``` + +### -Credential +A \[Management.Automation.PSCredential\] object of alternate credentials +for connection to the remote system using Invoke-UserImpersonation. + +```yaml +Type: PSCredential +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: [Management.Automation.PSCredential]::Empty +Accept pipeline input: False +Accept wildcard characters: False +``` + +## INPUTS + +## OUTPUTS + +### PowerView.AdminAccess + +A PSCustomObject containing the ComputerName and 'IsAdmin' set to whether +the current user has local admin rights, along with the ComputerName added. + +## NOTES + +## RELATED LINKS + +[https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/local_admin_search_enum.rb +http://www.powershellmagazine.com/2014/09/25/easily-defining-enums-structs-and-win32-functions-in-memory/](https://github.com/rapid7/metasploit-framework/blob/master/modules/post/windows/gather/local_admin_search_enum.rb +http://www.powershellmagazine.com/2014/09/25/easily-defining-enums-structs-and-win32-functions-in-memory/) + -- cgit v1.2.3