Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
199 Commits 2 Branches 2 Tags 16 MiB
Commit Graph

199 Commits

Author SHA1 Message Date
mattifestation bbd382e52a #31 Persistence module function nouns are now singular 
The function names New-UserPersistenceOption and
New-ElevatedPersistenceOptionNew-ElevatedPersistenceOption now conform
to PowerShell naming best practices.
 2014-02-23 10:35:55 -05:00
Matt Graeber 28790b5a08 Merge pull request #32 from obscuresec/master 
Minor fixes for compatibility between versions
 2014-02-21 23:26:21 -05:00
Chris Campbell 3047ccfe32 Update Get-GPPPassword.ps1 2014-02-21 22:37:23 -05:00
Chris Campbell 7ee66855f3 Update Get-GPPPassword.ps1 2014-02-21 22:34:11 -05:00
Chris Campbell 22572d6e7d Changed the direction of XML parsing 
Used Select-XML to ensure compatibility with v2
 2014-02-21 22:33:27 -05:00
Chris Campbell 770fe8ff10 Update Get-GPPPassword.ps1 
Iterate version.
 2014-02-21 15:26:49 -05:00
Chris Campbell 313d80373c Update Get-GPPPassword.ps1 2014-02-21 15:19:55 -05:00
Chris Campbell 261aaf6302 Update Get-GPPPassword.ps1 
Bug fix of variables.
 2014-02-21 15:09:43 -05:00
mattifestation 24fc1b6b6c Major Revision of Get-GPPPasswords 
Thanks @obscuresec!
 2014-02-21 05:59:58 -05:00
mattifestation 22f0c1b13a Changed Inject-LogonCredentials name to Invoke-CredentialInjection 2014-02-12 19:44:12 -05:00
Matt Graeber 331d54eeaf Merge pull request #28 from clymb3r/master 
Inject-LogonCredentials has been renamed to Invoke-CredentialInjection.
 2014-02-12 19:40:32 -05:00
clymb3r b684da050a Inject-LogonCredentials has been renamed to Invoke-CredentialInjection. 
Added a check to ensure the script isn't being run from Session0 with
the "NewWinLogon" flag. This flag does not work in Session0 because
winlogon.exe tries to load stuff from user32.dll which requires a
desktop is present. This is not possible in Session0 because there is no
desktop/GUI, so it causes winlogon to load and then immediately close
with error code c0000142 indicating a DLL failed to initialize. There is
no way to fix this that I know of, if you need to run the script from
Session0 use the "ExistingWinLogon" flag.
 2014-02-12 13:52:41 -08:00
mattifestation 92fcfdc384 Add Get-Entropy 2014-02-03 18:37:36 -05:00
mattifestation c5168cdba6 Removed mimikatz. 
This doesn't need to reside in PowerSploit. Those that are truly
paranoid should validate that the embedded executable in
Invoke-Mimikatz.ps1 is indeed mimikatz.

This was causing AV to flag upon downloading PowerSploit.
 2014-02-03 17:13:41 -05:00
Matt Graeber d9ca5357e4 Merge pull request #26 from obscuresec/master 
Update Invoke-ReverseDnsLookup.ps1
 2014-01-30 14:38:50 -08:00
Chris Campbell 14780a5678 Update Invoke-ReverseDnsLookup.ps1 
Added pipeline support and verbose statement.
 2014-01-30 17:13:25 -05:00
mattifestation 7c51e9331b Generate a non-terminating error if there's a binding/framework version mismatch 
The user should at least be made aware if they're using an unsupported
framework library version.
 2014-01-25 11:48:53 -05:00
mattifestation 22cbc47642 Upgraded Capstone framework libs to 2.0 
These are the compiled libs straight from
http://www.capstone-engine.org/download.html
 2014-01-25 11:47:09 -05:00
mattifestation 7f0267db7c Disable non-standard cmdlet verb checking 2014-01-25 11:45:59 -05:00
mattifestation 3d564121d7 Capstone.dll returns the correct number of operands now. 2014-01-19 18:53:17 -05:00
mattifestation 5fede76351 Capstone module now incorporates framework 2.0RC1 
* I also moved the contents of Get-CSDisassembly.ps1 into Capstone.psm1
 2014-01-19 13:56:48 -05:00
Matt Graeber 4f5faf672f Merge pull request #25 from clymb3r/master 
Bug fixes for Invoke-TokenManipulation
 2014-01-11 15:02:48 -08:00
clymb3r bb41ab98ca Bug fixes for Invoke-TokenManipulation 
Processes could not be started when the script was being run from
Session 0. The fix is to use the CreateProcessAsUserW function when
running in Session 0. This API requires SeAssignPrimaryTokenPrivilege
priviege, so for non-session0 calls I still use CreateProcessWithTokenW
which does not require special privileges.
 2014-01-10 21:41:44 -08:00
mattifestation 5bca2c3087 Updated usage documentation 2014-01-04 07:54:06 -05:00
mattifestation c3cea2fb61 Updated C# Capstone binding to latest version 2014-01-04 07:53:49 -05:00
mattifestation 9f41edcf82 Fixes #23 - $Password was not being cleared 2014-01-01 13:10:06 -05:00
mattifestation 206fb70a0c Adding 64-bit lib file 2013-12-26 19:35:32 -05:00
mattifestation 7009f92ef3 Major update to Capstone disassembly module 
* Refactor of C# capstone binding
* Now compatible in 32 and 64-bit PowerShell
 2013-12-26 19:30:41 -05:00
mattifestation 7157507d99 Added Capstone Engine PowerShell binding 
Consider this to be an alpha release until the C# binding is published.
 2013-12-22 12:46:39 -05:00
mattifestation 46baff5ef2 Added Inject-LogonCredentials to README 2013-11-18 06:30:19 -05:00
Matt Graeber 7de1dd6df7 Merge pull request #21 from clymb3r/master 
Adding Inject-LogonCredentials
 2013-11-18 03:26:55 -08:00
clymb3r 1503375bfb Adding Inject-LogonCredentials 2013-11-17 21:13:15 -08:00
mattifestation 237d362acf Normalized all scripts to ASCII encoding 2013-11-13 21:01:02 -05:00
mattifestation 306a84fe81 Get-ILDisassembly now accepts ConstructorInfo objects 2013-11-07 08:04:16 -05:00
mattifestation 5b4b9924d5 Get-ILDisassembly now displays metadata tokens. 
* Having metadata tokens displayed in output helps with reverse
engineering because you can pass metadata tokens to
System.Reflection.Module.ResolveMember and then easily interact with the
member in question.
* I also fixed a bug when displaying integer constants. I wasn't doing
an endian swap.
 2013-11-07 07:28:53 -05:00
Matt Graeber 20f0a5cd96 Merge pull request #19 from clymb3r/master 
Updated Invoke-TokenManipulation help
 2013-11-04 13:56:47 -08:00
clymb3r 5af0589e8f Updated Invoke-TokenManipulation help 2013-11-04 08:19:28 -08:00
mattifestation 22f232920b Added Invoke-TokenManipulation to README.md 2013-11-04 05:51:33 -05:00
Matt Graeber 8af97c6e24 Merge pull request #18 from clymb3r/master 
Adding Invoke-TokenManipulation
 2013-11-04 02:43:54 -08:00
clymb3r 7a6e8a0f20 Adding Invoke-TokenManipulation 2013-11-03 22:54:36 -08:00
webstersprodigy c4cd73a9cf Fix for hostfiles option in powershell 2 2013-11-03 22:48:50 -08:00
mattifestation a40e79da93 Updated usage tip 2013-11-03 22:48:50 -08:00
mattifestation 1e4dc7b49f Added a usage tip 
Added a one-liner for PSv3 that will remove the annoying warnings that
are displayed when importing scripts downloaded from the Internet.
 2013-11-03 22:48:50 -08:00
mattifestation 05cbdab96e Slight clarification to license statement 2013-11-03 22:48:49 -08:00
mattifestation 8c13faaf51 Modified license verbiage 2013-11-03 22:48:49 -08:00
mattifestation cf64b10d5c Added exfil script synopses to README.md 
Descriptions for Invoke-NinjaCopy and Invoke-Mimikatz were added to the
readme.
 2013-11-03 22:48:48 -08:00
mattifestation 70e5b8375b Fixed minor logic bug in C type undecorated symbols 2013-11-03 22:48:48 -08:00
mattifestation 9fbb4ec3c3 Added Get-LibSymbols 
Get-LibSymbols parses Microsoft .lib files and displays decorated and
undecorated symbols.
 2013-11-03 22:48:47 -08:00
Matt Graeber 404d2480ba Merge pull request #17 from webstersprodigy/portscan-hostlist-fix 
Fix for hostfiles option in powershell 2
 2013-10-23 01:44:06 -07:00
webstersprodigy 54971370cf Fix for hostfiles option in powershell 2 2013-10-22 21:04:24 -07:00