Updated Inject-Shellcode. If running a 32-bit Metasploit payload from
64-bit PowerShell, it will prompt the user to execute the payload from
32-bit PowerShell. This fix was in response to Chris Gate's feature
request:
http://carnal0wnage.attackresearch.com/2012/05/powershell-shellcode-metasploit-x64.html
Note, there are some side effects:
1) It takes about one minute to initialize and execute the payload in
the 32-bit process. This is because the execution essentially emulates
copying and pasting its contents into the child process.
2) You will see some output artifacts of the script running in the child
PowerShell process.
I couldn't think of a good way to rectify these problems without
dropping the contents of the script to disk, which would not be
desireable.
New Features/Changes:
- Dramatically simplified parameters. Removed redundancies and named
parameter sets more appropriately
- Added 'Shellcode' parameter. Now, you can optionally specify shellcode
as a byte array rather than having to copy and paste shellcode into the
$Shellcode32 and/or $Shellcode64 variables
- Added 'Payload' parameter. Naming is now consistant with Metasploit
payloads. Currently, only 'windows/meterpreter/reverse_http' and
'windows/meterpreter/reverse_https' payloads are supported.
- Inject-Shellcode will now prompt the user to continue the 'dangerous'
action unless the -Force switch is provided. Hopefully, this will
prevent some people from carrying out stupid/regrettable actions.
- Added the 'ListMetasploitPayloads' switch to display the Metasploit
payloads supported by Inject-Shellcode
Bug fixes/Miscellaneous:
- Added UserAgent parameter to help documentation
- Code is much more readable now
- Changed internal helper functions to 'local' scope
- Now using proper error handling versus Write-Warning statements
- Added a subtle warning to the built-in shellcode...
bitform