.' \ \ \ \ `.
/ \ \ \ \ '.
/\ | | | | \
| \ | | | | \
| / _|__|____|__|__ \
| / / \ |
|/ | <(=)> <(=)> ' |
| | _| | |
| (|) | /\ | |
' ' | \____ / ]
' '\ \_____/ .| '
'__,' \_________.' |_/
|____________\ ,.
,. /\ \
.` || \
.` ----\ \
/ <== |, \
/ <== | \_\
' ---/ |
`._ /| \____/
/ `-,./ | '
/ / | |
(______`'._|_________________|
Commander Keen is a Powerfull Remote Code & Commands execution built in powershell in order to perform AgentLess automated incident reponse actions
- Created By Tom Goldberg
- Version 1.0
- LockRemoteMachine : Locks the target machine
- GetProcessList : Retrieves a list of the current running processes on the target machin
- GetUsersList : Retrieves a list of the current logged in users to the target machine
- make sure that you hve the latest Powershell version installed
- GIT clone the project.
- On the target machine , open Powershell and performthe following command ( To harden security , you can use remoteSigned instead of Bypass but you will have to sign the scripts yourself) :
Enable-PSRemoting
Set-ExecutionPolicy Bypass
- Check your Trusted Hosts file by Executing the following Powershell command:
get-item wsman:\localhost\Client\TrustedHosts
- If Your desired machines are not listed there , add them by executing ( After the -value ,put you network range) :
set-item wsman:\localhost\Client\TrustedHosts -value 10.8.*
- -username : A useranme with the appropriate permissions
- -password : Password that matches this user
- -action : The desirred action (the options are dexcribed in the 'Supported functionalities' section
- -ip : The target machine's IP address.
cd /CommanderKeen
powershell ./Dispatcher.ps1 -username some_user -password some_pass -action GetUsersList -ip 10.8.4.4