c2a70924e1
Removed all version numbers from scripts
...
Scripts in a module should not be individually versioned. Only the
module should be versioned.
2015-12-16 17:08:57 -08:00
b01a8127bc
Added volume shadow copy functions to README.md
2015-12-16 16:52:53 -08:00
70f25c90e2
Update README.md
2015-12-16 15:24:18 -08:00
1cdad586c8
Added a slight delay to Invoke-DllInjection validation
...
In some cases, the loaded module would show up as loaded after the check
occurred.
2015-12-16 14:48:09 -08:00
f5d9b25275
Invoke-DllInjection detects OS arch on all OSes
...
This fix addresses issue #99 . While I'm not the biggest fan of
performing tests based on environment variables, I felt that making
additional Win32 API calls would have been overkill.
2015-12-16 14:31:03 -08:00
ef37a138b8
Fixed Add-Persistence. Issue #98
2015-12-16 13:36:22 -08:00
9a2dfad3de
Fixed mangled decrypted script output
...
Addresses issue #80 . This was a tricky fix because the script should
ideally handle Unicode and Ascii encoded scripts. I haven't tested
scripts with international characters but I would imagine those script
would get mangled since the decrypted output is ultimately normalized to
ascii.
2015-12-16 10:15:14 -08:00
fdcdeab702
Fixed Invoke-WmiCommand credential popup issue
...
Easy fix to issue #97
2015-12-16 08:50:34 -08:00
fef09e6cc1
Merge pull request #91 from FixTheExchange/patch-1
...
Update Invoke-TokenManipulation.ps1 to address Win 10 incompatibility
2015-12-15 12:23:12 -08:00
f70c63f9d5
Invoke-WmiCommand is now PSv2 compatible
...
This bug fix addresses issue #96 . As much as a hate dropping files to
disk, this was the easiest way to preserve objects in PSv2+. If someone
want to implement the [de]serialization themselves and keep everything
in memory, please submit a PR.
2015-12-15 11:55:47 -08:00
f6e032c3b1
Invoke-WmiCommand now obtains full powershell path
...
Addresses issue #95 .
2015-12-15 09:10:35 -08:00
924103aa01
Invoke-DllInjection Pester test improvement
...
The test dll I now use is advpack.dll since that is present in all
versions of windows.
2015-12-14 20:43:51 -08:00
e144be7f29
Invoke-Mimkatz: Incorporated latest 2.0 alpha build
...
Updated embedded powerkatz.dll to the latest version of mimikatz -
[Commit
1b13057](1b130574ed#94 .
2015-12-14 20:21:43 -08:00
55fabd7e2e
Removed commented blocks.
2015-12-14 22:00:21 -05:00
dae9d91fdb
Merge branch 'dev' of https://github.com/PowerShellMafia/PowerSploit into dev
2015-12-14 21:54:11 -05:00
0181ff0c09
Removed C# enum for Test-ServiceDaclPermission
2015-12-14 21:53:42 -05:00
00af1656b2
Bugfix #93
...
Removed the "EndAddress" parameter set since it was never used. This
should resolve any parameter set confusion.
2015-12-14 17:26:33 -08:00
ce3b21685a
Bugfix #92 : perform OS check when importing NtCreateThreadEx
2015-12-14 16:40:09 -08:00
9ffc26af70
Added admin rights check for existing Privesc Pester tests
2015-12-14 19:33:15 -05:00
5690b09027
Get-NetDomain now not called if -ComputerName or -ComputerFile are passed for meta functions, in order to prevent failure when running on a non-domain joined machine
...
took out FQDN Pester tests from Recon.tests.ps1 that used $env:userdnsdomain
2015-12-14 19:01:10 -05:00
e2993b63aa
Modified Tests/Privesc.tests.ps1 to ensure file artifacts are not left on disk.
2015-12-14 18:19:17 -05:00
a235313996
Modified Tests/Recon.tests.ps1 to ensure file artifacts are not left on disk.
2015-12-14 17:34:12 -05:00
7f6d3a4565
Fix Invoke-Shellcode OS architecture detection
...
Fixes issue #70
2015-12-14 11:02:14 -08:00
93a71b037c
Adding PollingInterval param to Get-Keystrokes
...
Incorporates idea from @obscuresec in issue #50 .
2015-12-14 09:11:05 -08:00
a336562b70
Added Invoke-DowngradeAccount to set an account to use reversible encryption.
2015-12-11 14:58:07 -05:00
a0b95c36b4
Domain local group query fix.
...
Added ConvertFrom-UACValue to convert binary UAC values to human readable format.
Corrected logic in Set-ADObject.
2015-12-11 10:21:39 -05:00
e44df184a8
Start of Recon/PowerView Pester tests
2015-12-03 21:57:41 -05:00
c143dc6885
Privesc/PowerUp Pester tests
2015-12-03 21:57:26 -05:00
8ab8c49a0d
Added ./Privesc/ folder that integrates PowerUp.ps1
...
Updated README.md's
2015-12-03 21:56:08 -05:00
5fb690518d
Integration of PowerView into ./Recon/
2015-12-03 21:50:45 -05:00
729e9ca267
Removing Invoke-ShellcodeMSIL from psproj file
2015-11-09 10:58:52 -08:00
62bb142a68
Excluding the Tests folder from being loaded as a module
2015-11-09 10:57:19 -08:00
c03965c8f9
Adding Pester tests for CodeExecution module
2015-11-09 10:56:34 -08:00
a78b40429e
Revert "Excluding the Tests folder from being loaded as a module"
...
This reverts commit a0ab599810
2015-11-09 10:52:41 -08:00
a0ab599810
Excluding the Tests folder from being loaded as a module
2015-11-09 10:52:23 -08:00
aae81ddfe5
Adding -DoNotZeroMZ for testing
2015-11-07 20:26:08 -08:00
992f980022
Removed extraneous parameters
...
Removed extraneous parameters
Removed the following extraneous parameters:
-PEPath
-PEUrl
The functionality they provided can be easily replicated in code outside
of Invoke-ReflectivePEInjection. i.e. it should be up to the user how
they might want to download a PE before loading it. That should not be
dictated by Invoke-ReflectivePEInjection.
2015-11-07 20:00:22 -08:00
b8e831e4f9
Revert "Removed extraneous parameters"
...
This reverts commit 0eb520e31f
2015-11-07 19:50:05 -08:00
0eb520e31f
Removed extraneous parameters
...
Removed the following extraneous parameters:
-PEPath
-PEUrl
-ComputerName
The functionality they provided can be easily replicated in code outside
of Invoke-ReflectivePEInjection. i.e. it should be up to the user how
they might want to download a PE before loading it. That should not be
dictated by Invoke-ReflectivePEInjection.
2015-11-07 20:25:29 -05:00
17bfa4e276
Fixed a casting bug
2015-11-06 13:31:58 -05:00
18b7a10f89
Removing Invoke-ShellcodeMSIL
...
This was only ever intended to be a PoC. I'll bring this back if
requested but it exhibits duplicate functionality.
2015-11-05 13:26:05 -05:00
641eff706e
Test: Ensure all scripts are not LE Unicode encoded
2015-11-05 10:36:17 -05:00
d1145e0540
Re-import Invoke-Shellcode.ps1
2015-11-05 10:34:26 -05:00
81b57738ab
Adding Visual Studio 2015 project file
...
Those who wish to load this project into VS 2015 with Adam Driscoll's
PowerShell VS extension may now do so.
2015-11-05 10:33:53 -05:00
5065810c07
Removing Metasploit integration from Invoke-Shellcode
...
This should have only ever been a shellcode runner. Those wishing to
integrate this with Metasploit should generate a shellcode payload with
msfvenom.
2015-11-05 10:31:40 -05:00
d0fff7b637
Migrating everything back to Invoke-Shellcode.ps1. I'm done making my point now. :P
2015-11-04 14:56:46 -05:00
12ce71b9f4
Normalizing all files to ascii encoding
2015-11-04 13:48:27 -05:00
2dd1f5920d
Revert "Normalizing all files to ascii encoding"
...
This reverts commit 5a812ce823
2015-11-04 13:41:36 -05:00
5a812ce823
Normalizing all files to ascii encoding
2015-11-04 13:40:02 -05:00
e179b2e932
Update Invoke-TokenManipulation.ps1
...
Removed 2 unnecessary lines.
2015-10-30 12:48:05 -05:00
Matt Graeber
PowerShellMafia
Harmj0y
FixTheExchange