Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
255 Commits 2 Branches 2 Tags 16 MiB
Commit Graph

255 Commits

Author SHA1 Message Date
mattifestation 8c13faaf51 Modified license verbiage 2013-11-03 22:48:49 -08:00
mattifestation cf64b10d5c Added exfil script synopses to README.md 
Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the
readme.
 2013-11-03 22:48:48 -08:00
mattifestation 70e5b8375b Fixed minor logic bug in C type undecorated symbols 2013-11-03 22:48:48 -08:00
mattifestation 9fbb4ec3c3 Added Get-LibSymbols 
Get-LibSymbols parses Microsoft .lib files and displays decorated and
undecorated symbols.
 2013-11-03 22:48:47 -08:00
Matt Graeber 404d2480ba Merge pull request #17 from webstersprodigy/portscan-hostlist-fix 
Fix for hostfiles option in powershell 2
 2013-10-23 01:44:06 -07:00
webstersprodigy 54971370cf Fix for hostfiles option in powershell 2 2013-10-22 21:04:24 -07:00
mattifestation 737fd832e0 Updated usage tip 2013-10-05 08:39:25 -04:00
mattifestation babad35dae Added a usage tip 
Added a one-liner for PSv3 that will remove the annoying warnings that
are displayed when importing scripts downloaded from the Internet.
 2013-10-05 08:35:48 -04:00
mattifestation a6c0c940bf Slight clarification to license statement 2013-10-05 08:21:07 -04:00
Matt Graeber 50c6fad88e Merge pull request #16 from clymb3r/master 
Switching to ANSI from UTF8 encoding
 2013-10-05 04:28:24 -07:00
clymb3r d269eec01d Switching to ANSI from UTF8 encoding 
Scripts now work in 2008r2. I thought I tested before uploading but
something broke somehow... Now the scripts work in 2008r2 and win8+
 2013-10-01 21:25:36 -07:00
mattifestation 511b682620 Modified license verbiage 2013-10-01 17:47:28 -04:00
mattifestation 70a3a43f24 Added exfil script synopses to README.md 
Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the
readme.
 2013-10-01 17:41:54 -04:00
Matt Graeber 6ad050fe7a Merge pull request #15 from clymb3r/master 
Adding GitIgnore, adding Invoke-NinjaCopy and Invoke-Mimikatz
 2013-10-01 14:29:34 -07:00
clymb3r 59cd183607 Adding Invoke-Mimikatz and Invoke-Ninjacopy 2013-10-01 09:47:05 -07:00
clymb3r b17272eb98 Adding gitignore file 
Don't want gigantic ipch files from visual studio (among other useless
files) to be uploaded.
 2013-10-01 09:46:42 -07:00
Matt Graeber 23850a6337 Merge pull request #14 from clymb3r/master 
Fixes for Windows 8.1/.NET 4.5
 2013-10-01 03:12:54 -07:00
clymb3r 1291abdae3 Fixes for Windows 8.1/.NET 4.5 
.NET 4.5 introduced breaking changes in the way Marshalling works. Added
a fix so ReflectivePEInjection works with Windows 8.1/.NET4.5.
 2013-09-30 22:32:57 -07:00
mattifestation ec39ee2113 Fixed minor logic bug in C type undecorated symbols 2013-09-30 06:43:03 -04:00
mattifestation e62121ea27 Added Get-LibSymbols 
Get-LibSymbols parses Microsoft .lib files and displays decorated and
undecorated symbols.
 2013-09-29 17:12:16 -04:00
Matt Graeber 65cd074eaf Merge pull request #13 from clymb3r/master 
Call to DllMain when unloading reflective DLL
 2013-09-04 04:54:15 -07:00
clymb3r 5e1f6ac29a Call to DllMain when unloading reflective DLL 
Prior to this fix, DllMain with the ProessDetach flag was not called
when unloading the reflectively loaded DLL. This was causing very weird
crashes in the Invoke-NinjaCopy script which is built on this script.
This should fix the crash.
 2013-09-03 20:10:18 -07:00
mattifestation 6807da424f Added ProcessModuleTrace cmdlets 
Added *-ProcessModuleTrace cmdlets to trace details when modules are
loaded into a process. These can be useful for malware analysis.
 2013-08-29 19:56:01 +00:00
Matt Graeber fcdd3ad642 Explicitly casting types as [Type] 
The latest version of .NET added generics to many of the InteropService
methods. Therefore, all of my uses of types need to be explicitly cast
with [Type].
 2013-08-17 17:55:31 -04:00
Matt Graeber 7f0be861f2 Added ps1xml file for Get-ILDisassembly 
Output from Get-ILDisassembly is slightly cleaner.
 2013-08-17 17:39:04 -04:00
Matt Graeber 9bb31fc9b9 Removing Get-PEArchitecture 
This functionality is present and maintained in Get-PEHeader.
 2013-08-17 17:16:38 -04:00
Matt Graeber 05d335512a Get-Keystrokes now accepts relative paths 2013-08-17 16:56:11 -04:00
Matt Graeber d67e71bf2d Out-Minidump now provides descriptive output 
Out-Minidump now outputs a FileInfo object (i.e. the same output as
Get-ChildItem) upon successfully creating a dump file.
 2013-08-17 16:39:20 -04:00
Matt Graeber ba33613413 Added additional error handling to Get-GPPPassword 2013-08-17 16:31:48 -04:00
Matt Graeber 66face4488 Merge pull request #11 from hajdbo/patch-1 
added ErrorAction SilentlyContinue to Get-ChildItem
 2013-08-17 17:04:15 -07:00
Matt Graeber 9577a4e2c2 Compiler parameters were not applied to Add-Type 
The compiler parameters were not being applied to Add-Type in
Get-PEHeader. Derp.
This led to unexpected errors when Visual Studio environment variables
were defined.
 2013-08-16 06:28:47 -04:00
hajdbo c623814116 added ErrorAction SilentlyContinue to Get-ChildItem 
Sometimes you will have a denied access to a directory.
"ErrorAction SilentlyContinue" will continue searching recursively in \SYSVOL even when it encounters a directory where access is denied.
 2013-08-12 12:04:38 +02:00
Matt Graeber 98be62a03a Get-PEHeader can now return raw section data 2013-07-28 16:04:07 -04:00
Matt Graeber 4eca7b0126 Latest version of .NET Framework broke Get-PEHeader 
To fix this, I needed to explicitly cast types in the SizeOf and
PtrToStructure methods.
 2013-07-28 14:32:40 -04:00
Matt Graeber 05c5832458 Latest version of .NET Framework broke Get-PEB 
To fix this, I needed to explicitly cast types in the SizeOf and
PtrToStructure methods.
 2013-07-11 18:20:05 -04:00
Matt Graeber 55a6dbd019 Added Get-ObjDump 
Get-ObjDump parses and return information about one or more Windows
object files. It is similar to dumpbin but it returns objects!
 2013-07-09 20:17:01 -04:00
Matt Graeber 030fc3b43b Merge pull request #10 from mattifestation/webstersprodigy-Portscan 
Webstersprodigy portscan
 2013-07-06 10:41:52 -07:00
Matt Graeber b507290d78 Added Invoke-Portscan to README 2013-07-06 13:38:35 -04:00
Matt Graeber 49b9523c10 Merge branch 'Portscan' of https://github.com/webstersprodigy/PowerSploit into webstersprodigy-Portscan 
Conflicts:
	Recon/Recon.psd1
 2013-07-06 13:34:12 -04:00
Matt Graeber 298561f26b Forgot to add CodeIntegrityInformation to help 2013-07-04 14:59:24 -04:00
Matt Graeber 2a45cfbd1e Get-NtSystemInformation can now query UMCI info 
Get-NtSystemInformation now returns SystemCodeIntegrityInformation -
i.e. user-mode code integrity settings. This required reverse
engineering a dll that is only present on Windows 8 ARM devices.
 2013-07-04 13:01:47 -04:00
Matt Graeber 9de59e9e3f Merge pull request #9 from obscuresec/master 
Bug fix for error handling
 2013-07-04 05:50:31 -07:00
Chris Campbell 2f28a29074 Update Get-TimedScreenshot.ps1 
Fix error handling and various style problems
 2013-07-03 22:15:05 -04:00
Chris Campbell 321e53ee23 Fix improper use of $Error[0] 2013-07-03 21:42:34 -04:00
Matt Graeber 29329e1707 Merge pull request #8 from obscuresec/master 
Add checks to terminate script if not running in proper environment.
 2013-07-03 17:44:35 -07:00
Chris Campbell eb85e1ce9d Terminating Errors Added 
Added checks to ensure that the script is being ran on a domain-joined machine and with a domain account.
 2013-07-03 20:31:53 -04:00
Matt Graeber 371c65c9a7 Updated Get-GPPPassword 2013-07-03 05:46:44 -04:00
Matt Graeber 717950d00c Added Get-Keystrokes 
Get-Keystrokes is a PowerShell keylogger
 2013-06-30 11:15:02 -04:00
Rich Lundeen 98510d8097 IPv6 support in hosts param 2013-06-25 22:07:36 -07:00
Rich Lundeen 05ab35a3af fixing EOL spaces (again, sorry) 2013-06-18 15:15:40 -07:00