1950a169e3
+Version check fix
...
Changed version check to be of type "System.Version". This fixes:
https://github.com/PowerShellMafia/PowerSploit/issues/163
2017-08-09 21:15:34 +01:00
41cad0ee9f
Fix for edge case where System.Core is not loaded
...
Make sure System.Core is loaded before creating an AES object. https://github.com/PowerShellMafia/PowerSploit/issues/247
2017-07-18 13:08:31 +01:00
e47c52a090
+ PSv2 Compatibility
...
Fix for unable to index into object of type System.Diagnostic.Process on PSv2.
2017-07-17 21:32:22 +01:00
b895866c3b
+ Invalid Cast Fix
...
This is a fix for https://github.com/PowerShellMafia/PowerSploit/issues/151
2017-07-17 21:26:04 +01:00
bd6fe64316
Cast DllCharacteristics to [Int]
...
Fix for System.InvalidCastException:
https://github.com/PowerShellMafia/PowerSploit/issues/152
2017-02-13 22:41:26 +00:00
215ec25da0
Bug fixes in Get-GPPPassword
2017-01-09 18:11:15 -05:00
5500a7e131
Fix for issue #170
...
Added -SearchForest to search all reachable domain trust \SYSVOL\'s
Each password is now output as a separate object.
2017-01-07 20:32:14 -05:00
0939af5bb2
fixed little-endian encoding
2016-12-12 13:17:22 -05:00
aa528b98c7
merge resolution
2016-12-01 21:40:05 -05:00
de955ef270
Added Get-GPPAutologon.ps1
2016-11-21 20:16:02 +01:00
926979ad1a
Updated to 2.1 20161029 OJ Edition
...
Address issue #190
2016-11-10 15:46:30 -08:00
869badc7f1
Merge pull request #168 from linuz/master
...
Added ability to specify domain controller to search (-Server parameter)
2016-07-19 12:55:22 -07:00
87630cac63
Added default value to parameter
...
Added default value to parameter and got rid of value check later in the code.
Added validation of -Server value to ensure it is not $Null or an empty string
2016-07-19 10:36:59 -05:00
66c93f9317
Updated Invoke-Mimikatz to "2.1 alpha 20160711 (oe.eo) edition"
2016-07-15 14:28:55 -07:00
fee3b4c642
#147 Bugfix: Invoke-Mimikatz
...
Invoke-Mimikatz was not not handling functions exported by ordinal.
Thank you @gentilkiwi for the suggested fix!
2016-07-15 14:28:55 -07:00
548b8864cf
Added ability to specify domain controller to search (-Server parameter)
...
Added the ability for users to specify the domain controller that is searched, using the -Server parameter. The -Server parameter is optional and defaults to the user's current domain if not specified.
2016-06-30 08:46:08 -05:00
6b0ada999a
Fixed FreeLibrary function signature #146
...
The parameter type and return types were accidentally transposed. Thanks
@rojaster for pointing this out.
2016-05-29 07:54:50 -07:00
debe4a565e
Added Get-MicrophoneAudio.ps1 and associated Pester tests
2016-05-12 10:58:27 -04:00
be2a8ecf15
Get-TimedScreenshot enhancement. Issue #114
...
Get-TimedScreenshot now captures the entire screen. The screen
resolution is obtained via WMI. If for some reason that fails, it will
fall back to the old, less ideal method.
2016-03-10 18:00:43 -08:00
f305e31cf5
Bugfix: Invoke-TokenManipulation. Issue #112
...
Fixed the PSv4 dependency for obtaining process ownership information.
Thanks to @mmashwani for suggesting the WMI solution.
2016-03-10 16:48:37 -08:00
cde9447c5f
Merge pull request #107 from secabstraction/dev
...
new Get-Keystrokes
2016-01-14 12:37:52 -08:00
4ffd3084e4
Fixed Pester/PassThru
2016-01-13 22:20:05 -06:00
414daa60b8
Fixed Pester/PassThru
2016-01-13 22:19:06 -06:00
759bd481ae
Fixed Pester/PassThru
2016-01-13 21:02:50 -06:00
96ad796da8
Don't search for SYSTEM token by using hard coded English name for SYSTEM account. Translate SYSTEM SID to NTAccount to maintain compatibility across languages.
2016-01-13 04:52:42 -05:00
d133db696a
Update Get-Keystrokes.ps1
2016-01-11 09:09:48 -06:00
f66e219bd6
new Get-Keystrokes
2016-01-09 17:50:58 -06:00
9f183e3651
Set all module versions to 3.0
...
Also cleaned up some module manifest cruft.
2015-12-18 16:28:03 -08:00
c2a70924e1
Removed all version numbers from scripts
...
Scripts in a module should not be individually versioned. Only the
module should be versioned.
2015-12-16 17:08:57 -08:00
fef09e6cc1
Merge pull request #91 from FixTheExchange/patch-1
...
Update Invoke-TokenManipulation.ps1 to address Win 10 incompatibility
2015-12-15 12:23:12 -08:00
e144be7f29
Invoke-Mimkatz: Incorporated latest 2.0 alpha build
...
Updated embedded powerkatz.dll to the latest version of mimikatz -
[Commit
1b13057](1b130574ed#94 .
2015-12-14 20:21:43 -08:00
00af1656b2
Bugfix #93
...
Removed the "EndAddress" parameter set since it was never used. This
should resolve any parameter set confusion.
2015-12-14 17:26:33 -08:00
ce3b21685a
Bugfix #92 : perform OS check when importing NtCreateThreadEx
2015-12-14 16:40:09 -08:00
93a71b037c
Adding PollingInterval param to Get-Keystrokes
...
Incorporates idea from @obscuresec in issue #50 .
2015-12-14 09:11:05 -08:00
12ce71b9f4
Normalizing all files to ascii encoding
2015-11-04 13:48:27 -05:00
2dd1f5920d
Revert "Normalizing all files to ascii encoding"
...
This reverts commit 5a812ce823
2015-11-04 13:41:36 -05:00
5a812ce823
Normalizing all files to ascii encoding
2015-11-04 13:40:02 -05:00
e179b2e932
Update Invoke-TokenManipulation.ps1
...
Removed 2 unnecessary lines.
2015-10-30 12:48:05 -05:00
17dd6835b9
Update Invoke-TokenManipulation.ps1
...
Windows 10 breaks the current version of Invoke-TokenManipulation.ps1 because wininit is now a protected processes. Rather than hardcoding to a specific process to obtain a SYSTEM token, it's better to enumerate all processes running as SYSTEM and find one that works. I have updated the script to version 1.12 and added logic on lines 1689-1696 to make sure it can successfully grab a SYSTEM token necessary to function.
2015-10-30 11:38:57 -05:00
9f78286ea7
Merge pull request #77 from clymb3r/master
...
Fix for multi-processor systems
2015-09-30 22:07:56 -07:00
235af294ae
Fix for multi-processor systems
...
Fix processor architecture detection for multi-processor systems.
2015-09-30 21:32:04 -07:00
c29f9b4743
Cleaned up Remove-VSC and New-VSC
...
- Changed Remove-VSC to have a single mandatory parameter (DevicePath)
- Updated New-VSC to check initial state of the VSS Service and return
VSS to its inital state after execution
2015-07-08 22:27:12 -04:00
25934d4719
Added New-VolumeShadowCopy and Remove-VolumeShadowCopy Cmdlets
2015-07-08 16:57:31 -04:00
0045054ab0
Fix for headings in wrong order
...
The column headings in the log file are out of order, e.g.
```
"TypedKey","Time","WindowTitle"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:28"
"Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:38"
```
The "WindowTitle" should be the first column heading like this,
```
"WindowTitle","TypedKey","Time"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:28"
"Document1 - Word","[Shift][Shift]","01-05-2015:20:53:29:31"
"Document1 - Word","[Shift]","01-05-2015:20:53:29:38"
```
2015-05-10 21:32:14 +02:00
2e7dc43edb
Update to latest Mimikatz, add sanity checks
...
Updated to the latest Mimikatz build. Added sanity checks to ensure that
32bit PowerShell isn't being run on a 64bit OS which will cause Mimikatz
to fail.
2015-02-16 23:16:31 -08:00
4daac216c8
Merge pull request #56 from clymb3r/master
...
Added -PassThru to Invoke-TokenManipulation
2014-10-01 20:49:35 -04:00
ba02a11687
Added -PassThru to Invoke-TokenManipulation
...
Thanks to Run Mariboe for the contribution to Invoke-TokenManipulation
adding the -PassThru flag for newly created processes. Version increased
to 1.11.
2014-09-28 19:29:44 -07:00
8c2411ccf3
Get-VaultCredential now takes the singular form.
2014-06-30 15:20:48 -04:00
3444a0700e
Updated Get-VaultCredentials - Package SID
...
Package SIDs are now displayed for Win8 apps. Both the package SID and
secret key are requirements for authenticating to Win8 app servers.
2014-05-31 21:22:22 -04:00
890247deec
Issue #43 - Adding Get-VaultCredentials
...
Displays Windows vault credential objects including cleartext web
credentials.
2014-05-30 21:22:31 -04:00
b33f
HarmJ0y
Oddvar Moe
Matt Graeber
Dennis Maldonado
sixdub
Matt Graeber
Jesse Davis
mmashwani
Jesse Davis
Matt Graeber
PowerShellMafia
FixTheExchange
clymb3r
Jared Atkinson
Jonathan