search

Just Enough Administration (JEA)

Just Enough Administration, or JEA. It allows administrators to limit the commands that specific users can run

Link: https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.1arrow-up-right

Part of the JEA platform Administrators can:

  • Limit what users can do by specifying which cmdlets, functions, and external commands they can run

hashtag
What we can do

To view what commands we can run in JEA session run:

[10.10.10.210]: PS>Get-Command 

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Function        Clear-Host
Function        Exit-PSSession
Function        Get-Command
Function        Get-FormatData
Function        Get-Help
Function        Measure-Object
Function        Out-Default
Function        Select-Object

We might also be able to access environment variables:

hashtag
Breakout

hashtag
Define function

We might not be able to run a command directly, but we can try and create a function and run the command inside

Other way to do the same is to use the & operator with script block

hashtag
Reverse Shell

We can use Nishang to get a revers shell

From the nishang project grab Invoke-PowerShellTcpOneLine.ps1 from the Shells directory, and remove all the lines but the one, uncomment it, and update the IP / port.

Encode the powershell

And run on the host:

Open NC and grab shell, This shell has FullLanguage mode:

PreviousDocker escapeNextPresistance

Last updated