6e56d40662
Update to latest Mimikatz (crash fix on Win7/8)
...
The latest version of Mimikatz fixes a crash that happens on Windows7/8
(and server versions) after installing the latest Windows updates.
2014-05-20 09:34:09 -07:00
794f55a82b
Updated to latest Mimikatz
...
Latest version of Mimikatz now natively supports being reflectively
loaded by Invoke-ReflectivePEInjection, updating the script to take
advantage of this new version.
2014-05-04 18:49:37 -07:00
b783b459c1
Merge branch 'master' of https://github.com/mattifestation/PowerSploit
...
Conflicts:
Recon/Get-ComputerDetails.ps1
Recon/Recon.psd1
2014-04-16 21:02:50 -07:00
47b90647c1
Updating Invoke-Mimikatz to Mimikatz 2.0 alpha
2014-04-16 20:47:14 -07:00
946328cf9e
Missing File Names
...
Added printers.xml and drives.xml to the search.
2014-03-21 13:22:33 -04:00
1798918edf
Bug fix of from v3 XML expanding to $Count
...
This bug fix was from @jakxx
2014-03-05 00:40:02 -05:00
49c9f04533
Update to version 2.4.0 from @jakxx
...
Removed unnecessary comment, merged update with printers.xml and drives.xml from @jackxx
2014-03-05 00:32:40 -05:00
b450a70dbf
Added Get-VolumeShadowCopy and Mount-VolumeShadowCopy
2014-03-01 18:26:31 -05:00
3047ccfe32
Update Get-GPPPassword.ps1
2014-02-21 22:37:23 -05:00
7ee66855f3
Update Get-GPPPassword.ps1
2014-02-21 22:34:11 -05:00
22572d6e7d
Changed the direction of XML parsing
...
Used Select-XML to ensure compatibility with v2
2014-02-21 22:33:27 -05:00
770fe8ff10
Update Get-GPPPassword.ps1
...
Iterate version.
2014-02-21 15:26:49 -05:00
313d80373c
Update Get-GPPPassword.ps1
2014-02-21 15:19:55 -05:00
261aaf6302
Update Get-GPPPassword.ps1
...
Bug fix of variables.
2014-02-21 15:09:43 -05:00
24fc1b6b6c
Major Revision of Get-GPPPasswords
...
Thanks @obscuresec!
2014-02-21 05:59:58 -05:00
331d54eeaf
Merge pull request #28 from clymb3r/master
...
Inject-LogonCredentials has been renamed to Invoke-CredentialInjection.
2014-02-12 19:40:32 -05:00
b684da050a
Inject-LogonCredentials has been renamed to Invoke-CredentialInjection.
...
Added a check to ensure the script isn't being run from Session0 with
the "NewWinLogon" flag. This flag does not work in Session0 because
winlogon.exe tries to load stuff from user32.dll which requires a
desktop is present. This is not possible in Session0 because there is no
desktop/GUI, so it causes winlogon to load and then immediately close
with error code c0000142 indicating a DLL failed to initialize. There is
no way to fix this that I know of, if you need to run the script from
Session0 use the "ExistingWinLogon" flag.
2014-02-12 13:52:41 -08:00
c5168cdba6
Removed mimikatz.
...
This doesn't need to reside in PowerSploit. Those that are truly
paranoid should validate that the embedded executable in
Invoke-Mimikatz.ps1 is indeed mimikatz.
This was causing AV to flag upon downloading PowerSploit.
2014-02-03 17:13:41 -05:00
4f5faf672f
Merge pull request #25 from clymb3r/master
...
Bug fixes for Invoke-TokenManipulation
2014-01-11 15:02:48 -08:00
bb41ab98ca
Bug fixes for Invoke-TokenManipulation
...
Processes could not be started when the script was being run from
Session 0. The fix is to use the CreateProcessAsUserW function when
running in Session 0. This API requires SeAssignPrimaryTokenPrivilege
priviege, so for non-session0 calls I still use CreateProcessWithTokenW
which does not require special privileges.
2014-01-10 21:41:44 -08:00
9f41edcf82
Fixes #23 - $Password was not being cleared
2014-01-01 13:10:06 -05:00
7de1dd6df7
Merge pull request #21 from clymb3r/master
...
Adding Inject-LogonCredentials
2013-11-18 03:26:55 -08:00
1503375bfb
Adding Inject-LogonCredentials
2013-11-17 21:13:15 -08:00
237d362acf
Normalized all scripts to ASCII encoding
2013-11-13 21:01:02 -05:00
5af0589e8f
Updated Invoke-TokenManipulation help
2013-11-04 08:19:28 -08:00
7a6e8a0f20
Adding Invoke-TokenManipulation
2013-11-03 22:54:36 -08:00
d269eec01d
Switching to ANSI from UTF8 encoding
...
Scripts now work in 2008r2. I thought I tested before uploading but
something broke somehow... Now the scripts work in 2008r2 and win8+
2013-10-01 21:25:36 -07:00
59cd183607
Adding Invoke-Mimikatz and Invoke-Ninjacopy
2013-10-01 09:47:05 -07:00
05d335512a
Get-Keystrokes now accepts relative paths
2013-08-17 16:56:11 -04:00
d67e71bf2d
Out-Minidump now provides descriptive output
...
Out-Minidump now outputs a FileInfo object (i.e. the same output as
Get-ChildItem) upon successfully creating a dump file.
2013-08-17 16:39:20 -04:00
ba33613413
Added additional error handling to Get-GPPPassword
2013-08-17 16:31:48 -04:00
c623814116
added ErrorAction SilentlyContinue to Get-ChildItem
...
Sometimes you will have a denied access to a directory.
"ErrorAction SilentlyContinue" will continue searching recursively in \SYSVOL even when it encounters a directory where access is denied.
2013-08-12 12:04:38 +02:00
2f28a29074
Update Get-TimedScreenshot.ps1
...
Fix error handling and various style problems
2013-07-03 22:15:05 -04:00
321e53ee23
Fix improper use of $Error[0]
2013-07-03 21:42:34 -04:00
eb85e1ce9d
Terminating Errors Added
...
Added checks to ensure that the script is being ran on a domain-joined machine and with a domain account.
2013-07-03 20:31:53 -04:00
371c65c9a7
Updated Get-GPPPassword
2013-07-03 05:46:44 -04:00
717950d00c
Added Get-Keystrokes
...
Get-Keystrokes is a PowerShell keylogger
2013-06-30 11:15:02 -04:00
218f0cb24b
"Best practice" improvements to Out-Minidump
2013-05-18 09:46:00 -04:00
af04f7e528
Added Out-Minidump
...
Out-Minidump writes a process dump file with all process memory to disk.
This is similar to running procdump.exe with the '-ma' switch.
2013-05-15 20:54:16 -04:00
40eb187bca
Consistency improvements in comment-based help
2013-01-21 08:33:51 -05:00
b3bbe03e93
Added 'Exfiltration' Module
2013-01-20 21:32:41 -05:00
clymb3r
Chris Campbell
mattifestation
hajdbo
bitform