Just Enough Administration (JEA)

Just Enough Administration, or JEA. It allows administrators to limit the commands that specific users can run

Link: https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/jea/overview?view=powershell-7.1

Part of the JEA platform Administrators can:

  • Limit what users can do by specifying which cmdlets, functions, and external commands they can run

What we can do

To view what commands we can run in JEA session run:

[10.10.10.210]: PS>Get-Command 

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Function        Clear-Host
Function        Exit-PSSession
Function        Get-Command
Function        Get-FormatData
Function        Get-Help
Function        Measure-Object
Function        Out-Default
Function        Select-Object

We might also be able to access environment variables:

Breakout

Define function

We might not be able to run a command directly, but we can try and create a function and run the command inside

Other way to do the same is to use the & operator with script block

Reverse Shell

We can use Nishang to get a revers shell

From the nishang project grab Invoke-PowerShellTcpOneLine.ps1 from the Shells directory, and remove all the lines but the one, uncomment it, and update the IP / port.

Encode the powershell

And run on the host:

Open NC and grab shell, This shell has FullLanguage mode:

PreviousDocker escapeNextPresistance

Last updated

Was this helpful?