Thursday, March 22, 2012

Find Processes Running as a Domain Admin

You'll need a user account that's admin on all the local machines to run this one.

Searches all running processes on all computers reported from net view for a username that matches one from the file names.txt (you make that yourself). I suppose this could be augmented with another script to dump the net localgroup administrators /domain and parse that out into the names.txt file. I'll leave that as an exercise to the reader.

Useful for finding a token to steal or maybe a process to inject into.

-=The Script=-

@echo off
echo Enter Username
set /p user=
echo Enter Password
set /p password=
net view >> comp.txt
Echo Parsing Results...
for /f "tokens=1" %%i in (comp.txt) do echo %%i >> comp2.txt
for /f "delims=\" %%i in (comp2.txt) do echo %%i >> ips.txt
del /f /q comp.txt
del /f /q comp2.txt
FOR /F %%i in (ips.txt) DO @echo [+] %%i && @tasklist /V /S %%i /U %user% /P %password% 2>NUL > output.txt && FOR /F %%n in (names.txt) DO @type output.txt | findstr %%n > NUL && echo [!] %%n was found running a process on %%i && pause

No comments:

Post a Comment

All comments moderated.
Comments like "sweet dude" or "this is awesome" or "thanks" will be denied,
if you've got something genuinely interesting to say, say it. Other than that just sit back and bask in the glory.