Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
318 Commits 2 Branches 2 Tags 16 MiB
Commit Graph

318 Commits

Author SHA1 Message Date
clymb3r 1503375bfb Adding Inject-LogonCredentials 2013-11-17 21:13:15 -08:00
mattifestation 237d362acf Normalized all scripts to ASCII encoding 2013-11-13 21:01:02 -05:00
mattifestation 306a84fe81 Get-ILDisassembly now accepts ConstructorInfo objects 2013-11-07 08:04:16 -05:00
mattifestation 5b4b9924d5 Get-ILDisassembly now displays metadata tokens. 
* Having metadata tokens displayed in output helps with reverse
engineering because you can pass metadata tokens to
System.Reflection.Module.ResolveMember and then easily interact with the
member in question.
* I also fixed a bug when displaying integer constants. I wasn't doing
an endian swap.
 2013-11-07 07:28:53 -05:00
Matt Graeber 20f0a5cd96 Merge pull request #19 from clymb3r/master 
Updated Invoke-TokenManipulation help
 2013-11-04 13:56:47 -08:00
clymb3r 5af0589e8f Updated Invoke-TokenManipulation help 2013-11-04 08:19:28 -08:00
mattifestation 22f232920b Added Invoke-TokenManipulation to README.md 2013-11-04 05:51:33 -05:00
Matt Graeber 8af97c6e24 Merge pull request #18 from clymb3r/master 
Adding Invoke-TokenManipulation
 2013-11-04 02:43:54 -08:00
clymb3r 7a6e8a0f20 Adding Invoke-TokenManipulation 2013-11-03 22:54:36 -08:00
webstersprodigy c4cd73a9cf Fix for hostfiles option in powershell 2 2013-11-03 22:48:50 -08:00
mattifestation a40e79da93 Updated usage tip 2013-11-03 22:48:50 -08:00
mattifestation 1e4dc7b49f Added a usage tip 
Added a one-liner for PSv3 that will remove the annoying warnings that
are displayed when importing scripts downloaded from the Internet.
 2013-11-03 22:48:50 -08:00
mattifestation 05cbdab96e Slight clarification to license statement 2013-11-03 22:48:49 -08:00
mattifestation 8c13faaf51 Modified license verbiage 2013-11-03 22:48:49 -08:00
mattifestation cf64b10d5c Added exfil script synopses to README.md 
Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the
readme.
 2013-11-03 22:48:48 -08:00
mattifestation 70e5b8375b Fixed minor logic bug in C type undecorated symbols 2013-11-03 22:48:48 -08:00
mattifestation 9fbb4ec3c3 Added Get-LibSymbols 
Get-LibSymbols parses Microsoft .lib files and displays decorated and
undecorated symbols.
 2013-11-03 22:48:47 -08:00
Matt Graeber 404d2480ba Merge pull request #17 from webstersprodigy/portscan-hostlist-fix 
Fix for hostfiles option in powershell 2
 2013-10-23 01:44:06 -07:00
webstersprodigy 54971370cf Fix for hostfiles option in powershell 2 2013-10-22 21:04:24 -07:00
mattifestation 737fd832e0 Updated usage tip 2013-10-05 08:39:25 -04:00
mattifestation babad35dae Added a usage tip 
Added a one-liner for PSv3 that will remove the annoying warnings that
are displayed when importing scripts downloaded from the Internet.
 2013-10-05 08:35:48 -04:00
mattifestation a6c0c940bf Slight clarification to license statement 2013-10-05 08:21:07 -04:00
Matt Graeber 50c6fad88e Merge pull request #16 from clymb3r/master 
Switching to ANSI from UTF8 encoding
 2013-10-05 04:28:24 -07:00
clymb3r d269eec01d Switching to ANSI from UTF8 encoding 
Scripts now work in 2008r2. I thought I tested before uploading but
something broke somehow... Now the scripts work in 2008r2 and win8+
 2013-10-01 21:25:36 -07:00
mattifestation 511b682620 Modified license verbiage 2013-10-01 17:47:28 -04:00
mattifestation 70a3a43f24 Added exfil script synopses to README.md 
Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the
readme.
 2013-10-01 17:41:54 -04:00
Matt Graeber 6ad050fe7a Merge pull request #15 from clymb3r/master 
Adding GitIgnore, adding Invoke-NinjaCopy and Invoke-Mimikatz
 2013-10-01 14:29:34 -07:00
clymb3r 59cd183607 Adding Invoke-Mimikatz and Invoke-Ninjacopy 2013-10-01 09:47:05 -07:00
clymb3r b17272eb98 Adding gitignore file 
Don't want gigantic ipch files from visual studio (among other useless
files) to be uploaded.
 2013-10-01 09:46:42 -07:00
Matt Graeber 23850a6337 Merge pull request #14 from clymb3r/master 
Fixes for Windows 8.1/.NET 4.5
 2013-10-01 03:12:54 -07:00
clymb3r 1291abdae3 Fixes for Windows 8.1/.NET 4.5 
.NET 4.5 introduced breaking changes in the way Marshalling works. Added
a fix so ReflectivePEInjection works with Windows 8.1/.NET4.5.
 2013-09-30 22:32:57 -07:00
mattifestation ec39ee2113 Fixed minor logic bug in C type undecorated symbols 2013-09-30 06:43:03 -04:00
mattifestation e62121ea27 Added Get-LibSymbols 
Get-LibSymbols parses Microsoft .lib files and displays decorated and
undecorated symbols.
 2013-09-29 17:12:16 -04:00
Matt Graeber 65cd074eaf Merge pull request #13 from clymb3r/master 
Call to DllMain when unloading reflective DLL
 2013-09-04 04:54:15 -07:00
clymb3r 5e1f6ac29a Call to DllMain when unloading reflective DLL 
Prior to this fix, DllMain with the ProessDetach flag was not called
when unloading the reflectively loaded DLL. This was causing very weird
crashes in the Invoke-NinjaCopy script which is built on this script.
This should fix the crash.
 2013-09-03 20:10:18 -07:00
mattifestation 6807da424f Added ProcessModuleTrace cmdlets 
Added *-ProcessModuleTrace cmdlets to trace details when modules are
loaded into a process. These can be useful for malware analysis.
 2013-08-29 19:56:01 +00:00
Matt Graeber fcdd3ad642 Explicitly casting types as [Type] 
The latest version of .NET added generics to many of the InteropService
methods. Therefore, all of my uses of types need to be explicitly cast
with [Type].
 2013-08-17 17:55:31 -04:00
Matt Graeber 7f0be861f2 Added ps1xml file for Get-ILDisassembly 
Output from Get-ILDisassembly is slightly cleaner.
 2013-08-17 17:39:04 -04:00
Matt Graeber 9bb31fc9b9 Removing Get-PEArchitecture 
This functionality is present and maintained in Get-PEHeader.
 2013-08-17 17:16:38 -04:00
Matt Graeber 05d335512a Get-Keystrokes now accepts relative paths 2013-08-17 16:56:11 -04:00
Matt Graeber d67e71bf2d Out-Minidump now provides descriptive output 
Out-Minidump now outputs a FileInfo object (i.e. the same output as
Get-ChildItem) upon successfully creating a dump file.
 2013-08-17 16:39:20 -04:00
Matt Graeber ba33613413 Added additional error handling to Get-GPPPassword 2013-08-17 16:31:48 -04:00
Matt Graeber 66face4488 Merge pull request #11 from hajdbo/patch-1 
added ErrorAction SilentlyContinue to Get-ChildItem
 2013-08-17 17:04:15 -07:00
Matt Graeber 9577a4e2c2 Compiler parameters were not applied to Add-Type 
The compiler parameters were not being applied to Add-Type in
Get-PEHeader. Derp.
This led to unexpected errors when Visual Studio environment variables
were defined.
 2013-08-16 06:28:47 -04:00
hajdbo c623814116 added ErrorAction SilentlyContinue to Get-ChildItem 
Sometimes you will have a denied access to a directory.
"ErrorAction SilentlyContinue" will continue searching recursively in \SYSVOL even when it encounters a directory where access is denied.
 2013-08-12 12:04:38 +02:00
Matt Graeber 98be62a03a Get-PEHeader can now return raw section data 2013-07-28 16:04:07 -04:00
Matt Graeber 4eca7b0126 Latest version of .NET Framework broke Get-PEHeader 
To fix this, I needed to explicitly cast types in the SizeOf and
PtrToStructure methods.
 2013-07-28 14:32:40 -04:00
Matt Graeber 05c5832458 Latest version of .NET Framework broke Get-PEB 
To fix this, I needed to explicitly cast types in the SizeOf and
PtrToStructure methods.
 2013-07-11 18:20:05 -04:00
Matt Graeber 55a6dbd019 Added Get-ObjDump 
Get-ObjDump parses and return information about one or more Windows
object files. It is similar to dumpbin but it returns objects!
 2013-07-09 20:17:01 -04:00
Matt Graeber 030fc3b43b Merge pull request #10 from mattifestation/webstersprodigy-Portscan 
Webstersprodigy portscan
 2013-07-06 10:41:52 -07:00