CyberArk Cred Automation

-
Today we are back in the lab and working on a "Credential Grab". The PowerShell module once again brought to you by PSPete. (Full Screen to view - sorry)

The script itself is pretty basic but can save you a bit of time each day.

1.) Prompts for the account password you wish to "grab"
2.) Ask for Server you'd like to connect to:
3.) Using Pete's module it reaches out using CyberArk's RESTAPI:
4.) Connects to desired safe grabs password:
5.) Password is copied to your clipboard:
6.) RPD session is opened:
7.) Simply Paste your password and you're logged in:
https://lnkd.in/e_rms2D

 Module installation

 Copy the CredentialRetriever folder to your "Powershell Modules" directory.
Get-Module -ListAvailable CredentialRetriever

 Import the module:
Import-Module CredentialRetriever

Now that we have the module installed we can start our custom script found here. (work in progress)

 The script itself is pretty basic. Launching the script will prompt you to enter the account you wish to 'grab' the password for. Next, it asks for a server to connect to. The script uses Pete's module to reach out using CyberArk's RESTAPI connects to the desired safe grabs the password, copies the password to your clipboard and launches an RDP window.   Let's see it in action. (click on video / Full screen to see)









Comments

Post a Comment

Popular posts from this blog

Recon Automation with Sub Num Num

-
Image
I'd like to start things off with I am NOT a coder...  .. but I wrote a very simple script to help automate some of my Recon for Sub-domains. Doing this manually is a huge under taking and of course time consuming. This is just the beginning of the horribly named script "Sub Num Num" But what's it do? This script reaches out to cert.sh and certspotter checking for valid sub-domains - next it runs a quick  probe on (80,443) We are then left with valid targets to begin a deeper dive.(Directory brute forcing etc..) You can access the current code here..  https://github.com/atomixgray/subnumnum Installation  (note GoLang is needed for the httprobe) If you have git installed 1.) sudo git clone https://github.com/atomixgray/subnumnum.git 2.) chmod +x subnumnum.sh Lets do a quick hunt on gemini.yahoo.com (There is currently a public bounty on this Sub) Comments and suggestions are more than welcome!
Read more

Anomali STAXX and Hail a Taxii

-
Image
Today we are going to add a new feed to our Anomali Threat Server.   Called Hail a Taxii Anomali makes this process extremely easy. Login to your Anomali STAXX server Then click the setting tab in the upper right corner. This will bring you to the site where you can add your new Feed. As you can see I already have 3 feeds added - the default Limo, Alien Vault OTX, and IBM X-Force. Click on Add Site in the upper right. The Add New Site Window is launched. For the Description I've added "Hail A TAXII" and the Discovery location is simply the poll location for Hail A TAXII   "http://hailataxii.com/taxii-discovery-service"  Username: guest  Password: ***** Click on Add Site / Discover (depending on the version you're running) Once the Discover process is complete your left with several new Feeds to add to your arsenal I've enabled all the above Feeds and ran a quick Poll. As you can see below we have started to collect Intel "data&q
Read more

CyberArk Automation

-
Image
Tonight we are working on some CyberArk automation inside of VsCode.   The building and provisioning of safes can become cumbersome when you're enrolling several hundred users a week. With the help of an amazing PowerShell module by PSPETE  we can make quick work of this. Revision 1.0 of this script will do the following. 1.) Create Users Safe 2.) Add users network account to safe with customizable permissions 3.) Add a local CyberArk support account group with customizable permissions 4.) Add Vault Admin group for more support options with customizable permissions 5.) Add Users (new) Privileged account into their newly created safe. 6.) Run a Reconcile on the account to bring into CyberArk management. .   I will upload everything to  https://github.com/atomixgray/cyberark/  after a little more testing. Revision 2.0 will include an option for bulk uploading users via a CSV file.
Read more