2343f43e7c
Added reference to function to powersploit.psd1 and recon.psd1
2015-12-29 13:37:40 +00:00
841150e1c6
Added Find-ManagedSecurityGroups
2015-12-28 17:54:47 +00:00
9e771d15bf
Merge pull request #102 from PowerShellMafia/dev
...
Merge 3.0 release changes
2015-12-18 16:33:59 -08:00
9f183e3651
Set all module versions to 3.0
...
Also cleaned up some module manifest cruft.
2015-12-18 16:28:03 -08:00
29ae830b73
Improved root module manifest for PS Gallery
2015-12-18 16:17:16 -08:00
26e0b29e67
Added manifest info for the PowerShell Gallery
2015-12-18 14:24:11 -08:00
2a8da712b6
Updated .psproj to reflect additions/removals
2015-12-18 11:43:40 -08:00
52c46b1d3a
Revert "Invoke-ReflectivePEInjection test harnesses updated"
...
This reverts commit 98ebc1b0b8
2015-12-17 20:30:04 -08:00
98ebc1b0b8
Invoke-ReflectivePEInjection test harnesses updated
...
Affected test harness PEs were updated to work in XP. Addresses issue
#100
2015-12-17 18:50:15 -08:00
55098d59e9
Removed version numbers from scripts
...
A module should maintain a version number not the individual scripts.
2015-12-16 17:08:58 -08:00
c2a70924e1
Removed all version numbers from scripts
...
Scripts in a module should not be individually versioned. Only the
module should be versioned.
2015-12-16 17:08:57 -08:00
b01a8127bc
Added volume shadow copy functions to README.md
2015-12-16 16:52:53 -08:00
70f25c90e2
Update README.md
2015-12-16 15:24:18 -08:00
1cdad586c8
Added a slight delay to Invoke-DllInjection validation
...
In some cases, the loaded module would show up as loaded after the check
occurred.
2015-12-16 14:48:09 -08:00
f5d9b25275
Invoke-DllInjection detects OS arch on all OSes
...
This fix addresses issue #99 . While I'm not the biggest fan of
performing tests based on environment variables, I felt that making
additional Win32 API calls would have been overkill.
2015-12-16 14:31:03 -08:00
ef37a138b8
Fixed Add-Persistence. Issue #98
2015-12-16 13:36:22 -08:00
9a2dfad3de
Fixed mangled decrypted script output
...
Addresses issue #80 . This was a tricky fix because the script should
ideally handle Unicode and Ascii encoded scripts. I haven't tested
scripts with international characters but I would imagine those script
would get mangled since the decrypted output is ultimately normalized to
ascii.
2015-12-16 10:15:14 -08:00
fdcdeab702
Fixed Invoke-WmiCommand credential popup issue
...
Easy fix to issue #97
2015-12-16 08:50:34 -08:00
fef09e6cc1
Merge pull request #91 from FixTheExchange/patch-1
...
Update Invoke-TokenManipulation.ps1 to address Win 10 incompatibility
2015-12-15 12:23:12 -08:00
f70c63f9d5
Invoke-WmiCommand is now PSv2 compatible
...
This bug fix addresses issue #96 . As much as a hate dropping files to
disk, this was the easiest way to preserve objects in PSv2+. If someone
want to implement the [de]serialization themselves and keep everything
in memory, please submit a PR.
2015-12-15 11:55:47 -08:00
f6e032c3b1
Invoke-WmiCommand now obtains full powershell path
...
Addresses issue #95 .
2015-12-15 09:10:35 -08:00
924103aa01
Invoke-DllInjection Pester test improvement
...
The test dll I now use is advpack.dll since that is present in all
versions of windows.
2015-12-14 20:43:51 -08:00
e144be7f29
Invoke-Mimkatz: Incorporated latest 2.0 alpha build
...
Updated embedded powerkatz.dll to the latest version of mimikatz -
[Commit
1b13057](1b130574ed#94 .
2015-12-14 20:21:43 -08:00
55fabd7e2e
Removed commented blocks.
2015-12-14 22:00:21 -05:00
dae9d91fdb
Merge branch 'dev' of https://github.com/PowerShellMafia/PowerSploit into dev
2015-12-14 21:54:11 -05:00
0181ff0c09
Removed C# enum for Test-ServiceDaclPermission
2015-12-14 21:53:42 -05:00
00af1656b2
Bugfix #93
...
Removed the "EndAddress" parameter set since it was never used. This
should resolve any parameter set confusion.
2015-12-14 17:26:33 -08:00
ce3b21685a
Bugfix #92 : perform OS check when importing NtCreateThreadEx
2015-12-14 16:40:09 -08:00
9ffc26af70
Added admin rights check for existing Privesc Pester tests
2015-12-14 19:33:15 -05:00
5690b09027
Get-NetDomain now not called if -ComputerName or -ComputerFile are passed for meta functions, in order to prevent failure when running on a non-domain joined machine
...
took out FQDN Pester tests from Recon.tests.ps1 that used $env:userdnsdomain
2015-12-14 19:01:10 -05:00
e2993b63aa
Modified Tests/Privesc.tests.ps1 to ensure file artifacts are not left on disk.
2015-12-14 18:19:17 -05:00
a235313996
Modified Tests/Recon.tests.ps1 to ensure file artifacts are not left on disk.
2015-12-14 17:34:12 -05:00
7f6d3a4565
Fix Invoke-Shellcode OS architecture detection
...
Fixes issue #70
2015-12-14 11:02:14 -08:00
93a71b037c
Adding PollingInterval param to Get-Keystrokes
...
Incorporates idea from @obscuresec in issue #50 .
2015-12-14 09:11:05 -08:00
a336562b70
Added Invoke-DowngradeAccount to set an account to use reversible encryption.
2015-12-11 14:58:07 -05:00
a0b95c36b4
Domain local group query fix.
...
Added ConvertFrom-UACValue to convert binary UAC values to human readable format.
Corrected logic in Set-ADObject.
2015-12-11 10:21:39 -05:00
e44df184a8
Start of Recon/PowerView Pester tests
2015-12-03 21:57:41 -05:00
c143dc6885
Privesc/PowerUp Pester tests
2015-12-03 21:57:26 -05:00
8ab8c49a0d
Added ./Privesc/ folder that integrates PowerUp.ps1
...
Updated README.md's
2015-12-03 21:56:08 -05:00
5fb690518d
Integration of PowerView into ./Recon/
2015-12-03 21:50:45 -05:00
729e9ca267
Removing Invoke-ShellcodeMSIL from psproj file
2015-11-09 10:58:52 -08:00
62bb142a68
Excluding the Tests folder from being loaded as a module
2015-11-09 10:57:19 -08:00
c03965c8f9
Adding Pester tests for CodeExecution module
2015-11-09 10:56:34 -08:00
a78b40429e
Revert "Excluding the Tests folder from being loaded as a module"
...
This reverts commit a0ab599810
2015-11-09 10:52:41 -08:00
a0ab599810
Excluding the Tests folder from being loaded as a module
2015-11-09 10:52:23 -08:00
aae81ddfe5
Adding -DoNotZeroMZ for testing
2015-11-07 20:26:08 -08:00
992f980022
Removed extraneous parameters
...
Removed extraneous parameters
Removed the following extraneous parameters:
-PEPath
-PEUrl
The functionality they provided can be easily replicated in code outside
of Invoke-ReflectivePEInjection. i.e. it should be up to the user how
they might want to download a PE before loading it. That should not be
dictated by Invoke-ReflectivePEInjection.
2015-11-07 20:00:22 -08:00
b8e831e4f9
Revert "Removed extraneous parameters"
...
This reverts commit 0eb520e31f
2015-11-07 19:50:05 -08:00
0eb520e31f
Removed extraneous parameters
...
Removed the following extraneous parameters:
-PEPath
-PEUrl
-ComputerName
The functionality they provided can be easily replicated in code outside
of Invoke-ReflectivePEInjection. i.e. it should be up to the user how
they might want to download a PE before loading it. That should not be
dictated by Invoke-ReflectivePEInjection.
2015-11-07 20:25:29 -05:00
17bfa4e276
Fixed a casting bug
2015-11-06 13:31:58 -05:00
Stuart Morgan
PowerShellMafia
Matt Graeber
Harmj0y