Added Invoke-AgentSmith function

Added the Invoke-AgentSmith function for exceeding the MachineAccountQuota limit through transitive accounts.
author: Kevin Robertson <Kevin-Robertson@users.noreply.github.com> 2019-08-29 10:59:08 -0400
committer: Kevin Robertson <Kevin-Robertson@users.noreply.github.com> 2019-08-29 10:59:08 -0400
commit: 9b54aec728fa2511b22f574d0fe568fc9f082940 (patch)
tree: 85a79ab60a036a398192fec2376bbe3172819f11 /README.md
parent: 3140921747b621bc923302d12734e225abae1822 (diff)
download: Powermad-9b54aec728fa2511b22f574d0fe568fc9f082940.tar.gz
Powermad-9b54aec728fa2511b22f574d0fe568fc9f082940.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/README.md b/README.md
index 3632ad0..e5fdb97 100644
--- a/README.md
+++ b/README.md
@@ -118,6 +118,12 @@ Here is a list of some of the usual write access enabled attributes:
 * Use the modified account with runas /netonly  
 `runas /netonly /user:domain\test powershell` 
 
+### Invoke-AgentSmith
+
+This function leverages New-MachineAccount to recursively create as as many machine accounts as possible from a single unprivileged account through MachineAccountQuota. See the following blog post for details:  
+
+* https://blog.netspi.com/machineaccountquota-transitive-quota 
+
 ## DNS Functions
 
 By default, authenticated users have the 'Create all child objects' permission on the Active Directory-Integrated DNS (ADIDNS) zone. Most records that do not currently exist in an AD zone can be added/deleted.
author	Kevin Robertson <Kevin-Robertson@users.noreply.github.com>	2019-08-29 10:59:08 -0400
committer	Kevin Robertson <Kevin-Robertson@users.noreply.github.com>	2019-08-29 10:59:08 -0400
commit	9b54aec728fa2511b22f574d0fe568fc9f082940 (patch)
tree	85a79ab60a036a398192fec2376bbe3172819f11 /README.md
parent	3140921747b621bc923302d12734e225abae1822 (diff)
download	Powermad-9b54aec728fa2511b22f574d0fe568fc9f082940.tar.gz Powermad-9b54aec728fa2511b22f574d0fe568fc9f082940.zip